From: brendan.tildesley@openmailbox.org
To: 29413@debbugs.gnu.org
Subject: [bug#29413] Add inputs for pcmanfm and a CVE-2017-8934 patch
Date: Thu, 23 Nov 2017 16:32:19 -0000 [thread overview]
Message-ID: <20171123163219.738504E00B2@mta-1.openmailbox.og> (raw)
[-- Attachment #1: Type: text/plain, Size: 191 bytes --]
I found that there is a CVE patch for pcmanfm in Arch, so I added it after my inputs patch. I don't know what the code does or if it's needed so only add it if you can judge it is reasonable.
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-gnu-pcmanfm-Add-missing-inputs.-Remove-comment.patch --]
[-- Type: text/x-patch, Size: 1972 bytes --]
From 8373ad3d6c23fbff27b4ddf9b5d81f3228ff8654 Mon Sep 17 00:00:00 2001
From: Brendan Tildesley <brendan.tildesley@openmailbox.org>
Date: Fri, 24 Nov 2017 02:22:53 +1100
Subject: [PATCH 1/2] gnu: pcmanfm: Add missing inputs. Remove comment.
* gnu/packages/lxde.scm
[inputs]: Add gvfs, for trash and mounting support.
[propagated-inputs]: Add lxmenu-data, for "Open With..." Applications list.
Remove comment suggesting to use --sysconfdir. Inspection of the configure
script shows that <output>/etc is used for configuration by default anyway,
so such a flag is not needed.
---
gnu/packages/lxde.scm | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/lxde.scm b/gnu/packages/lxde.scm
index bf70bd601..0a9568875 100644
--- a/gnu/packages/lxde.scm
+++ b/gnu/packages/lxde.scm
@@ -3,6 +3,7 @@
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
+;;; Copyright © 2017 Brendan Tildesley <brendan.tildesley@openmailbox.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -218,14 +219,14 @@ speed up the access to freedesktop.org defined application menus.")
(base32
"0rxdh0dfzc84l85c54blq42gczygq8adhr3l9hqzy1dp530cm1hc"))))
(build-system gnu-build-system)
- ;; (#:configure-flags '("--sysconfdir=/etc")) suggested in README.
(inputs `(("gtk+" ,gtk+-2)
- ;; TODO: add ("gvfs" ,gvfs).
+ ("gvfs" ,gvfs)
("libfm" ,libfm)
("libx11" ,libx11)))
(native-inputs `(("intltool" ,intltool)
("libtool" ,libtool)
("pkg-config" ,pkg-config)))
+ (propagated-inputs `(("lxmenu-data" ,lxmenu-data)))
(synopsis "LXDE file manager")
(description "PCMan is a lightweight GTK+ based file manager, compliant
with freedesktop.org standard.")
--
2.15.0
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #3: 0002-gnu-pcmanfm-Fix-CVE-2017-8934.patch --]
[-- Type: text/x-patch, Size: 4050 bytes --]
From fe1e4cf4c88395cef87a0263acf587672b3132ac Mon Sep 17 00:00:00 2001
From: Brendan Tildesley <brendan.tildesley@openmailbox.org>
Date: Fri, 24 Nov 2017 02:57:00 +1100
Subject: [PATCH 2/2] gnu: pcmanfm: Fix CVE-2017-8934.
* gnu/packages/patches/pcmanfm-CVE-2017-8934.patch: New file. This patch was
imported from Archlinux.
* gnu/local.mk (dis_patch_DATA): Add it.
* gnu/packages/lxde.scm[source]: Use it.
---
gnu/local.mk | 1 +
gnu/packages/lxde.scm | 1 +
gnu/packages/patches/pcmanfm-CVE-2017-8934.patch | 56 ++++++++++++++++++++++++
3 files changed, 58 insertions(+)
create mode 100644 gnu/packages/patches/pcmanfm-CVE-2017-8934.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 0993c4587..e8ad12295 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -945,6 +945,7 @@ dist_patch_DATA = \
%D%/packages/patches/patchelf-rework-for-arm.patch \
%D%/packages/patches/patchutils-xfail-gendiff-tests.patch \
%D%/packages/patches/patch-hurd-path-max.patch \
+ %D%/packages/patches/pcmanfm-CVE-2017-8934.patch \
%D%/packages/patches/pcre-CVE-2017-7186.patch \
%D%/packages/patches/pcre2-CVE-2017-7186.patch \
%D%/packages/patches/pcre2-CVE-2017-8786.patch \
diff --git a/gnu/packages/lxde.scm b/gnu/packages/lxde.scm
index 0a9568875..67cf43206 100644
--- a/gnu/packages/lxde.scm
+++ b/gnu/packages/lxde.scm
@@ -215,6 +215,7 @@ speed up the access to freedesktop.org defined application menus.")
(uri (string-append "mirror://sourceforge/" name "/"
"PCManFM%20%2B%20Libfm%20%28tarball%20release"
"%29/PCManFM/" name "-" version ".tar.xz"))
+ (patches (search-patches "pcmanfm-CVE-2017-8934.patch"))
(sha256
(base32
"0rxdh0dfzc84l85c54blq42gczygq8adhr3l9hqzy1dp530cm1hc"))))
diff --git a/gnu/packages/patches/pcmanfm-CVE-2017-8934.patch b/gnu/packages/patches/pcmanfm-CVE-2017-8934.patch
new file mode 100644
index 000000000..489d22c83
--- /dev/null
+++ b/gnu/packages/patches/pcmanfm-CVE-2017-8934.patch
@@ -0,0 +1,56 @@
+From bc8c3d871e9ecc67c47ff002b68cf049793faf08 Mon Sep 17 00:00:00 2001
+From: Andriy Grytsenko <andrej@rep.kiev.ua>
+Date: Sun, 14 May 2017 21:35:40 +0300
+Subject: [PATCH] Fix potential access violation, use runtime user dir instead
+ of tmp dir.
+
+---
+ NEWS | 4 ++++
+ src/single-inst.c | 7 ++++++-
+ 2 files changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/NEWS b/NEWS
+index 8c2049a..876f7f3 100644
+--- a/NEWS
++++ b/NEWS
+@@ -1,3 +1,7 @@
++* Fixed potential access violation, use runtime user dir instead of tmp dir
++ for single instance socket.
++
++
+ Changes on 1.2.5 since 1.2.4:
+
+ * Removed options to Cut, Remove and Rename from context menu on mounted
+diff --git a/src/single-inst.c b/src/single-inst.c
+index 62c37b3..aaf84ab 100644
+--- a/src/single-inst.c
++++ b/src/single-inst.c
+@@ -2,7 +2,7 @@
+ * single-inst.c: simple IPC mechanism for single instance app
+ *
+ * Copyright 2010 Hong Jen Yee (PCMan) <pcman.tw@gmail.com>
+- * Copyright 2012 Andriy Grytsenko (LStranger) <andrej@rep.kiev.ua>
++ * Copyright 2012-2017 Andriy Grytsenko (LStranger) <andrej@rep.kiev.ua>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+@@ -404,11 +404,16 @@ static void get_socket_name(SingleInstData* data, char* buf, int len)
+ }
+ else
+ dpynum = 0;
++#if GLIB_CHECK_VERSION(2, 28, 0)
++ g_snprintf(buf, len, "%s/%s-socket-%s-%d", g_get_user_runtime_dir(),
++ data->prog_name, host ? host : "", dpynum);
++#else
+ g_snprintf(buf, len, "%s/.%s-socket-%s-%d-%s",
+ g_get_tmp_dir(),
+ data->prog_name,
+ host ? host : "",
+ dpynum,
+ g_get_user_name());
++#endif
+ }
+
+--
+2.1.4
+
--
2.15.0
next reply other threads:[~2017-11-23 16:33 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-23 16:32 brendan.tildesley [this message]
2017-11-23 21:56 ` bug#29413: Add inputs for pcmanfm and a CVE-2017-8934 patch Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171123163219.738504E00B2@mta-1.openmailbox.og \
--to=brendan.tildesley@openmailbox.org \
--cc=29413@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.