[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/15: gnu: file: Update to 5.38.
|
From: |
guix-commits |
|
Subject: |
02/15: gnu: file: Update to 5.38. |
|
Date: |
Tue, 14 Jan 2020 12:37:09 -0500 (EST) |
mbakke pushed a commit to branch core-updates
in repository guix.
commit 488c30437ca12ea6bf487180c1d28df381413e98
Author: Marius Bakke <address@hidden>
AuthorDate: Tue Jan 14 17:59:20 2020 +0100
gnu: file: Update to 5.38.
* gnu/packages/patches/file-CVE-2019-18218.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/file.scm (file): Update to 5.38.
[source](patches): Remove.
---
gnu/local.mk | 1 -
gnu/packages/file.scm | 5 +--
gnu/packages/patches/file-CVE-2019-18218.patch | 55 --------------------------
3 files changed, 2 insertions(+), 59 deletions(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index 0ba01ef..4677c42 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -852,7 +852,6 @@ dist_patch_DATA =
\
%D%/packages/patches/fbreader-curl-7.62.patch \
%D%/packages/patches/fifo-map-fix-flags-for-gcc.patch \
%D%/packages/patches/fifo-map-remove-catch.hpp.patch \
- %D%/packages/patches/file-CVE-2019-18218.patch \
%D%/packages/patches/findutils-localstatedir.patch \
%D%/packages/patches/findutils-test-rwlock-threads.patch \
%D%/packages/patches/flann-cmake-3.11.patch \
diff --git a/gnu/packages/file.scm b/gnu/packages/file.scm
index cf77029..bac951f 100644
--- a/gnu/packages/file.scm
+++ b/gnu/packages/file.scm
@@ -30,15 +30,14 @@
(define-public file
(package
(name "file")
- (version "5.37")
+ (version "5.38")
(source (origin
(method url-fetch)
(uri (string-append "ftp://ftp.astron.com/pub/file/file-";
version ".tar.gz"))
- (patches (search-patches "file-CVE-2019-18218.patch"))
(sha256
(base32
- "0zz0p9bqnswfx0c16j8k62ivjq1m16x10xqv4hy9lcyxyxkkkhg9"))))
+ "0d7s376b4xqymnrsjxi3nsv3f5v89pzfspzml2pcajdk5by2yg2r"))))
(build-system gnu-build-system)
;; When cross-compiling, this package depends upon a native install of
diff --git a/gnu/packages/patches/file-CVE-2019-18218.patch
b/gnu/packages/patches/file-CVE-2019-18218.patch
deleted file mode 100644
index 2106982..0000000
--- a/gnu/packages/patches/file-CVE-2019-18218.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-Fix CVE-2019-18218:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18218
-
-Patch copied from upstream source repository:
-
-https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84
-
-From 46a8443f76cec4b41ec736eca396984c74664f84 Mon Sep 17 00:00:00 2001
-From: Christos Zoulas <address@hidden>
-Date: Mon, 26 Aug 2019 14:31:39 +0000
-Subject: [PATCH] Limit the number of elements in a vector (found by oss-fuzz)
-
----
- src/cdf.c | 9 ++++-----
- src/cdf.h | 1 +
- 2 files changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/src/cdf.c b/src/cdf.c
-index 9d6396742..bb81d6374 100644
---- a/src/cdf.c
-+++ b/src/cdf.c
-@@ -1027,8 +1027,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const
cdf_header_t *h,
- goto out;
- }
- nelements = CDF_GETUINT32(q, 1);
-- if (nelements == 0) {
-- DPRINTF(("CDF_VECTOR with nelements == 0\n"));
-+ if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) {
-+ DPRINTF(("CDF_VECTOR with nelements == %"
-+ SIZE_T_FORMAT "u\n", nelements));
- goto out;
- }
- slen = 2;
-@@ -1070,8 +1071,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const
cdf_header_t *h,
- goto out;
- inp += nelem;
- }
-- DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
-- nelements));
- for (j = 0; j < nelements && i < sh.sh_properties;
- j++, i++)
- {
-diff --git a/src/cdf.h b/src/cdf.h
-index 2f7e554b7..05056668f 100644
---- a/src/cdf.h
-+++ b/src/cdf.h
-@@ -48,6 +48,7 @@
- typedef int32_t cdf_secid_t;
-
- #define CDF_LOOP_LIMIT 10000
-+#define CDF_ELEMENT_LIMIT 100000
-
- #define CDF_SECID_NULL 0
- #define CDF_SECID_FREE -1
- branch core-updates updated (0bcc1b1 -> ec836b4), guix-commits, 2020/01/14
- 03/15: gnu: OpenSSL: Remove duplicate #:disallowed-references., guix-commits, 2020/01/14
- 05/15: gnu: grep: Update to 3.4., guix-commits, 2020/01/14
- 01/15: gnu: findutils: Fix bootstrap on aarch64-linux and armhf-linux., guix-commits, 2020/01/14
- 02/15: gnu: file: Update to 5.38.,
guix-commits <=
- 06/15: gnu: guile: Apply Shepherd fix to the default Guile., guix-commits, 2020/01/14
- 04/15: gnu: OpenSSL: Enable parallel build., guix-commits, 2020/01/14
- 12/15: gnu: libuv: Update to 1.34.1., guix-commits, 2020/01/14
- 08/15: gnu: python-boot0: Update to 3.5.9., guix-commits, 2020/01/14
- 09/15: gnu: acl: Do not build the static library., guix-commits, 2020/01/14
- 10/15: gnu: libev: Update to 4.31., guix-commits, 2020/01/14
- 13/15: gnu: libuv: Do not build the static library., guix-commits, 2020/01/14
- 07/15: gnu: python-boot0: Do not inherit source snippet from python., guix-commits, 2020/01/14
- 11/15: gnu: libev: Do not build the static library., guix-commits, 2020/01/14
- 14/15: gnu: python2: Update to 2.7.17., guix-commits, 2020/01/14