From: Efraim Flashner <efraim@flashner.co.il>
To: 33767@debbugs.gnu.org
Subject: [bug#33767] file-CVE-2018-10360
Date: Sun, 16 Dec 2018 14:45:52 +0200 [thread overview]
Message-ID: <20181216124552.GF3468@macbook41> (raw)
[-- Attachment #1.1: Type: text/plain, Size: 294 bytes --]
I think I've done the patch correctly but I wanted feedback before
pushing it.
--
Efraim Flashner <efraim@flashner.co.il> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
[-- Attachment #1.2: 0001-gnu-file-Fix-CVE-2018-10360.patch --]
[-- Type: text/plain, Size: 4460 bytes --]
From 9045ab3a3be8dbcee8773649c129c73506c386ce Mon Sep 17 00:00:00 2001
From: Efraim Flashner <efraim@flashner.co.il>
Date: Sun, 16 Dec 2018 14:44:31 +0200
Subject: [PATCH] gnu: file: Fix CVE-2018-10360.
* gnu/packages/patches/file-CVE-2018-10360.patch: New file.
* gnu/packages/file.scm (file)[replacement]: New field.
(file/fixed): New variable.
* gnu/packages/commencement.scm (file-boot0): Use 'package/inherit' to
receive security fixes.
* gnu/local.mk (dist_patch_DATA): Register it.
---
gnu/local.mk | 1 +
gnu/packages/commencement.scm | 3 +--
gnu/packages/file.scm | 9 +++++++
.../patches/file-CVE-2018-10360.patch | 27 +++++++++++++++++++
4 files changed, 38 insertions(+), 2 deletions(-)
create mode 100644 gnu/packages/patches/file-CVE-2018-10360.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 0f34ec9a3..3ddebef2b 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -693,6 +693,7 @@ dist_patch_DATA = \
%D%/packages/patches/fcgi-2.4.0-poll.patch \
%D%/packages/patches/fifo-map-fix-flags-for-gcc.patch \
%D%/packages/patches/fifo-map-remove-catch.hpp.patch \
+ %D%/packages/patches/file-CVE-2018-10360.patch \
%D%/packages/patches/findutils-gnulib-libio.patch \
%D%/packages/patches/findutils-localstatedir.patch \
%D%/packages/patches/findutils-makedev.patch \
diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm
index 0aa65fe63..bd48eb7f8 100644
--- a/gnu/packages/commencement.scm
+++ b/gnu/packages/commencement.scm
@@ -126,8 +126,7 @@
(define file-boot0
(package-with-bootstrap-guile
- (package-with-explicit-inputs (package
- (inherit file)
+ (package-with-explicit-inputs (package/inherit file
(name "file-boot0"))
`(("make" ,gnu-make-boot0)
,@%bootstrap-inputs)
diff --git a/gnu/packages/file.scm b/gnu/packages/file.scm
index 78f0360c2..4518c8d3d 100644
--- a/gnu/packages/file.scm
+++ b/gnu/packages/file.scm
@@ -3,6 +3,7 @@
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -30,6 +31,7 @@
(package
(name "file")
(version "5.33")
+ (replacement file/fixed)
(source (origin
(method url-fetch)
(uri (string-append "ftp://ftp.astron.com/pub/file/file-"
@@ -51,3 +53,10 @@ extensions to tell you the type of a file, but looks at the actual contents
of the file. This package provides the libmagic library.")
(license bsd-2)
(home-page "https://www.darwinsys.com/file/")))
+
+(define file/fixed
+ (package
+ (inherit file)
+ (source
+ (origin (inherit (package-source file))
+ (patches (search-patches "file-CVE-2018-10360.patch"))))))
diff --git a/gnu/packages/patches/file-CVE-2018-10360.patch b/gnu/packages/patches/file-CVE-2018-10360.patch
new file mode 100644
index 000000000..9285611c0
--- /dev/null
+++ b/gnu/packages/patches/file-CVE-2018-10360.patch
@@ -0,0 +1,27 @@
+https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22.patch
+The leading part of the patch starting at line 27 was trimmed off.
+This patch should be OK to drop with file@5.35.
+
+From a642587a9c9e2dd7feacdf513c3643ce26ad3c22 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Sat, 9 Jun 2018 16:00:06 +0000
+Subject: [PATCH] Avoid reading past the end of buffer (Rui Reis)
+
+---
+ src/readelf.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/readelf.c b/src/readelf.c
+index 79c83f9f5..1f41b4611 100644
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -842,7 +842,8 @@ do_core_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type,
+
+ cname = (unsigned char *)
+ &nbuf[doff + prpsoffsets(i)];
+- for (cp = cname; *cp && isprint(*cp); cp++)
++ for (cp = cname; cp < nbuf + size && *cp
++ && isprint(*cp); cp++)
+ continue;
+ /*
+ * Linux apparently appends a space at the end
--
2.20.0
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next reply other threads:[~2018-12-16 12:47 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-16 12:45 Efraim Flashner [this message]
2018-12-24 9:17 ` bug#33767: file-CVE-2018-10360 Efraim Flashner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181216124552.GF3468@macbook41 \
--to=efraim@flashner.co.il \
--cc=33767@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.