From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: [PATCH 1/1] gnu: weex: Fix CVE-2005-3150. Date: Sat, 5 Nov 2016 01:45:48 -0400 Message-ID: <665ebef4734c7a27067a5f3cdad30e65b562f4f7.1478324741.git.leo@famulari.name> Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:33187) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1c2to6-00045i-8X for guix-devel@gnu.org; Sat, 05 Nov 2016 01:46:23 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1c2to2-0000NN-Gu for guix-devel@gnu.org; Sat, 05 Nov 2016 01:46:22 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:45018) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1c2to2-0000Hr-6n for guix-devel@gnu.org; Sat, 05 Nov 2016 01:46:18 -0400 Received: from localhost.localdomain (c-73-188-17-148.hsd1.pa.comcast.net [73.188.17.148]) by mail.messagingengine.com (Postfix) with ESMTPA id 4A646CC026 for ; Sat, 5 Nov 2016 01:46:13 -0400 (EDT) List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org * gnu/packages/patches/weex-CVE-2005-3150.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/ftp.scm (weex)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/ftp.scm | 3 ++- gnu/packages/patches/weex-CVE-2005-3150.patch | 32 +++++++++++++++++++++++++++ 3 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/weex-CVE-2005-3150.patch diff --git a/gnu/local.mk b/gnu/local.mk index 49b6721..c4c0e8d 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -893,6 +893,7 @@ dist_patch_DATA = \ %D%/packages/patches/vtk-mesa-10.patch \ %D%/packages/patches/weechat-python.patch \ %D%/packages/patches/weex-vacopy.patch \ + %D%/packages/patches/weex-CVE-2005-3150.patch \ %D%/packages/patches/wicd-bitrate-none-fix.patch \ %D%/packages/patches/wicd-get-selected-profile-fix.patch \ %D%/packages/patches/wicd-urwid-1.3.patch \ diff --git a/gnu/packages/ftp.scm b/gnu/packages/ftp.scm index a112655..149ebe2 100644 --- a/gnu/packages/ftp.scm +++ b/gnu/packages/ftp.scm @@ -136,7 +136,8 @@ FTP browser, as well as non-interactive commands such as 'ncftpput' and (sha256 (base32 "0f5cj5p852wkm24mzy2sxgxyahv2p9rk4wlq21j310pi7wlhgwyl")) - (patches (search-patches "weex-vacopy.patch")))) + (patches (search-patches "weex-vacopy.patch" + "weex-CVE-2005-3150.patch")))) (build-system gnu-build-system) (arguments `(#:phases diff --git a/gnu/packages/patches/weex-CVE-2005-3150.patch b/gnu/packages/patches/weex-CVE-2005-3150.patch new file mode 100644 index 0000000..246161f --- /dev/null +++ b/gnu/packages/patches/weex-CVE-2005-3150.patch @@ -0,0 +1,32 @@ +From: Leo Famulari +Date: Sat, 5 Nov 2016 01:35:50 -0400 +Subject: Fix CVE-2005-3150 (remotely exploitable format string bug). + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3150 + +Fix copied from Gentoo and FreeBSD: + +https://bugs.gentoo.org/show_bug.cgi?id=107849 +https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=86833 +https://svnweb.freebsd.org/ports/head/ftp/weex/files/patch-src__log.c?revision=143994&view=markup + +--- + src/log.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/log.c b/src/log.c +index 5c06339..4174ee0 100644 +--- a/src/log.c ++++ b/src/log.c +@@ -183,7 +183,7 @@ void log_flush(void) + + fp=log_open(); + for(i=0;i