[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
03/05: gnu: pcmanfm: Fix CVE-2017-8934.
From: |
Ludovic Courtès |
Subject: |
03/05: gnu: pcmanfm: Fix CVE-2017-8934. |
Date: |
Thu, 23 Nov 2017 17:19:51 -0500 (EST) |
civodul pushed a commit to branch master
in repository guix.
commit 327620dc7213362cf329a80992a873445bcb1624
Author: Brendan Tildesley <address@hidden>
Date: Fri Nov 24 02:57:00 2017 +1100
gnu: pcmanfm: Fix CVE-2017-8934.
* gnu/packages/patches/pcmanfm-CVE-2017-8934.patch: New file. This patch
was
imported from Arch Linux.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/lxde.scm (pcmanfm)[source]: Use it.
Signed-off-by: Ludovic Courtès <address@hidden>
---
gnu/local.mk | 1 +
gnu/packages/lxde.scm | 1 +
gnu/packages/patches/pcmanfm-CVE-2017-8934.patch | 56 ++++++++++++++++++++++++
3 files changed, 58 insertions(+)
diff --git a/gnu/local.mk b/gnu/local.mk
index 0993c45..e8ad122 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -945,6 +945,7 @@ dist_patch_DATA =
\
%D%/packages/patches/patchelf-rework-for-arm.patch \
%D%/packages/patches/patchutils-xfail-gendiff-tests.patch \
%D%/packages/patches/patch-hurd-path-max.patch \
+ %D%/packages/patches/pcmanfm-CVE-2017-8934.patch \
%D%/packages/patches/pcre-CVE-2017-7186.patch \
%D%/packages/patches/pcre2-CVE-2017-7186.patch \
%D%/packages/patches/pcre2-CVE-2017-8786.patch \
diff --git a/gnu/packages/lxde.scm b/gnu/packages/lxde.scm
index 44e5da4..7d0aaa6 100644
--- a/gnu/packages/lxde.scm
+++ b/gnu/packages/lxde.scm
@@ -215,6 +215,7 @@ speed up the access to freedesktop.org defined application
menus.")
(uri (string-append "mirror://sourceforge/" name "/"
"PCManFM%20%2B%20Libfm%20%28tarball%20release"
"%29/PCManFM/" name "-" version ".tar.xz"))
+ (patches (search-patches "pcmanfm-CVE-2017-8934.patch"))
(sha256
(base32
"0rxdh0dfzc84l85c54blq42gczygq8adhr3l9hqzy1dp530cm1hc"))))
diff --git a/gnu/packages/patches/pcmanfm-CVE-2017-8934.patch
b/gnu/packages/patches/pcmanfm-CVE-2017-8934.patch
new file mode 100644
index 0000000..489d22c
--- /dev/null
+++ b/gnu/packages/patches/pcmanfm-CVE-2017-8934.patch
@@ -0,0 +1,56 @@
+From bc8c3d871e9ecc67c47ff002b68cf049793faf08 Mon Sep 17 00:00:00 2001
+From: Andriy Grytsenko <address@hidden>
+Date: Sun, 14 May 2017 21:35:40 +0300
+Subject: [PATCH] Fix potential access violation, use runtime user dir instead
+ of tmp dir.
+
+---
+ NEWS | 4 ++++
+ src/single-inst.c | 7 ++++++-
+ 2 files changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/NEWS b/NEWS
+index 8c2049a..876f7f3 100644
+--- a/NEWS
++++ b/NEWS
+@@ -1,3 +1,7 @@
++* Fixed potential access violation, use runtime user dir instead of tmp dir
++ for single instance socket.
++
++
+ Changes on 1.2.5 since 1.2.4:
+
+ * Removed options to Cut, Remove and Rename from context menu on mounted
+diff --git a/src/single-inst.c b/src/single-inst.c
+index 62c37b3..aaf84ab 100644
+--- a/src/single-inst.c
++++ b/src/single-inst.c
+@@ -2,7 +2,7 @@
+ * single-inst.c: simple IPC mechanism for single instance app
+ *
+ * Copyright 2010 Hong Jen Yee (PCMan) <address@hidden>
+- * Copyright 2012 Andriy Grytsenko (LStranger) <address@hidden>
++ * Copyright 2012-2017 Andriy Grytsenko (LStranger) <address@hidden>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+@@ -404,11 +404,16 @@ static void get_socket_name(SingleInstData* data, char*
buf, int len)
+ }
+ else
+ dpynum = 0;
++#if GLIB_CHECK_VERSION(2, 28, 0)
++ g_snprintf(buf, len, "%s/%s-socket-%s-%d", g_get_user_runtime_dir(),
++ data->prog_name, host ? host : "", dpynum);
++#else
+ g_snprintf(buf, len, "%s/.%s-socket-%s-%d-%s",
+ g_get_tmp_dir(),
+ data->prog_name,
+ host ? host : "",
+ dpynum,
+ g_get_user_name());
++#endif
+ }
+
+--
+2.1.4
+