* [bug#29413] Add inputs for pcmanfm and a CVE-2017-8934 patch
@ 2017-11-23 16:32 brendan.tildesley
2017-11-23 21:56 ` bug#29413: " Ludovic Courtès
0 siblings, 1 reply; 2+ messages in thread
From: brendan.tildesley @ 2017-11-23 16:32 UTC (permalink / raw)
To: 29413
[-- Attachment #1: Type: text/plain, Size: 191 bytes --]
I found that there is a CVE patch for pcmanfm in Arch, so I added it after my inputs patch. I don't know what the code does or if it's needed so only add it if you can judge it is reasonable.
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-gnu-pcmanfm-Add-missing-inputs.-Remove-comment.patch --]
[-- Type: text/x-patch, Size: 1972 bytes --]
From 8373ad3d6c23fbff27b4ddf9b5d81f3228ff8654 Mon Sep 17 00:00:00 2001
From: Brendan Tildesley <brendan.tildesley@openmailbox.org>
Date: Fri, 24 Nov 2017 02:22:53 +1100
Subject: [PATCH 1/2] gnu: pcmanfm: Add missing inputs. Remove comment.
* gnu/packages/lxde.scm
[inputs]: Add gvfs, for trash and mounting support.
[propagated-inputs]: Add lxmenu-data, for "Open With..." Applications list.
Remove comment suggesting to use --sysconfdir. Inspection of the configure
script shows that <output>/etc is used for configuration by default anyway,
so such a flag is not needed.
---
gnu/packages/lxde.scm | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/lxde.scm b/gnu/packages/lxde.scm
index bf70bd601..0a9568875 100644
--- a/gnu/packages/lxde.scm
+++ b/gnu/packages/lxde.scm
@@ -3,6 +3,7 @@
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
+;;; Copyright © 2017 Brendan Tildesley <brendan.tildesley@openmailbox.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -218,14 +219,14 @@ speed up the access to freedesktop.org defined application menus.")
(base32
"0rxdh0dfzc84l85c54blq42gczygq8adhr3l9hqzy1dp530cm1hc"))))
(build-system gnu-build-system)
- ;; (#:configure-flags '("--sysconfdir=/etc")) suggested in README.
(inputs `(("gtk+" ,gtk+-2)
- ;; TODO: add ("gvfs" ,gvfs).
+ ("gvfs" ,gvfs)
("libfm" ,libfm)
("libx11" ,libx11)))
(native-inputs `(("intltool" ,intltool)
("libtool" ,libtool)
("pkg-config" ,pkg-config)))
+ (propagated-inputs `(("lxmenu-data" ,lxmenu-data)))
(synopsis "LXDE file manager")
(description "PCMan is a lightweight GTK+ based file manager, compliant
with freedesktop.org standard.")
--
2.15.0
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #3: 0002-gnu-pcmanfm-Fix-CVE-2017-8934.patch --]
[-- Type: text/x-patch, Size: 4050 bytes --]
From fe1e4cf4c88395cef87a0263acf587672b3132ac Mon Sep 17 00:00:00 2001
From: Brendan Tildesley <brendan.tildesley@openmailbox.org>
Date: Fri, 24 Nov 2017 02:57:00 +1100
Subject: [PATCH 2/2] gnu: pcmanfm: Fix CVE-2017-8934.
* gnu/packages/patches/pcmanfm-CVE-2017-8934.patch: New file. This patch was
imported from Archlinux.
* gnu/local.mk (dis_patch_DATA): Add it.
* gnu/packages/lxde.scm[source]: Use it.
---
gnu/local.mk | 1 +
gnu/packages/lxde.scm | 1 +
gnu/packages/patches/pcmanfm-CVE-2017-8934.patch | 56 ++++++++++++++++++++++++
3 files changed, 58 insertions(+)
create mode 100644 gnu/packages/patches/pcmanfm-CVE-2017-8934.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 0993c4587..e8ad12295 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -945,6 +945,7 @@ dist_patch_DATA = \
%D%/packages/patches/patchelf-rework-for-arm.patch \
%D%/packages/patches/patchutils-xfail-gendiff-tests.patch \
%D%/packages/patches/patch-hurd-path-max.patch \
+ %D%/packages/patches/pcmanfm-CVE-2017-8934.patch \
%D%/packages/patches/pcre-CVE-2017-7186.patch \
%D%/packages/patches/pcre2-CVE-2017-7186.patch \
%D%/packages/patches/pcre2-CVE-2017-8786.patch \
diff --git a/gnu/packages/lxde.scm b/gnu/packages/lxde.scm
index 0a9568875..67cf43206 100644
--- a/gnu/packages/lxde.scm
+++ b/gnu/packages/lxde.scm
@@ -215,6 +215,7 @@ speed up the access to freedesktop.org defined application menus.")
(uri (string-append "mirror://sourceforge/" name "/"
"PCManFM%20%2B%20Libfm%20%28tarball%20release"
"%29/PCManFM/" name "-" version ".tar.xz"))
+ (patches (search-patches "pcmanfm-CVE-2017-8934.patch"))
(sha256
(base32
"0rxdh0dfzc84l85c54blq42gczygq8adhr3l9hqzy1dp530cm1hc"))))
diff --git a/gnu/packages/patches/pcmanfm-CVE-2017-8934.patch b/gnu/packages/patches/pcmanfm-CVE-2017-8934.patch
new file mode 100644
index 000000000..489d22c83
--- /dev/null
+++ b/gnu/packages/patches/pcmanfm-CVE-2017-8934.patch
@@ -0,0 +1,56 @@
+From bc8c3d871e9ecc67c47ff002b68cf049793faf08 Mon Sep 17 00:00:00 2001
+From: Andriy Grytsenko <andrej@rep.kiev.ua>
+Date: Sun, 14 May 2017 21:35:40 +0300
+Subject: [PATCH] Fix potential access violation, use runtime user dir instead
+ of tmp dir.
+
+---
+ NEWS | 4 ++++
+ src/single-inst.c | 7 ++++++-
+ 2 files changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/NEWS b/NEWS
+index 8c2049a..876f7f3 100644
+--- a/NEWS
++++ b/NEWS
+@@ -1,3 +1,7 @@
++* Fixed potential access violation, use runtime user dir instead of tmp dir
++ for single instance socket.
++
++
+ Changes on 1.2.5 since 1.2.4:
+
+ * Removed options to Cut, Remove and Rename from context menu on mounted
+diff --git a/src/single-inst.c b/src/single-inst.c
+index 62c37b3..aaf84ab 100644
+--- a/src/single-inst.c
++++ b/src/single-inst.c
+@@ -2,7 +2,7 @@
+ * single-inst.c: simple IPC mechanism for single instance app
+ *
+ * Copyright 2010 Hong Jen Yee (PCMan) <pcman.tw@gmail.com>
+- * Copyright 2012 Andriy Grytsenko (LStranger) <andrej@rep.kiev.ua>
++ * Copyright 2012-2017 Andriy Grytsenko (LStranger) <andrej@rep.kiev.ua>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+@@ -404,11 +404,16 @@ static void get_socket_name(SingleInstData* data, char* buf, int len)
+ }
+ else
+ dpynum = 0;
++#if GLIB_CHECK_VERSION(2, 28, 0)
++ g_snprintf(buf, len, "%s/%s-socket-%s-%d", g_get_user_runtime_dir(),
++ data->prog_name, host ? host : "", dpynum);
++#else
+ g_snprintf(buf, len, "%s/.%s-socket-%s-%d-%s",
+ g_get_tmp_dir(),
+ data->prog_name,
+ host ? host : "",
+ dpynum,
+ g_get_user_name());
++#endif
+ }
+
+--
+2.1.4
+
--
2.15.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* bug#29413: Add inputs for pcmanfm and a CVE-2017-8934 patch
2017-11-23 16:32 [bug#29413] Add inputs for pcmanfm and a CVE-2017-8934 patch brendan.tildesley
@ 2017-11-23 21:56 ` Ludovic Courtès
0 siblings, 0 replies; 2+ messages in thread
From: Ludovic Courtès @ 2017-11-23 21:56 UTC (permalink / raw)
To: brendan.tildesley; +Cc: 29413-done
Hi Brendan,
brendan.tildesley@openmailbox.org skribis:
> From 8373ad3d6c23fbff27b4ddf9b5d81f3228ff8654 Mon Sep 17 00:00:00 2001
> From: Brendan Tildesley <brendan.tildesley@openmailbox.org>
> Date: Fri, 24 Nov 2017 02:22:53 +1100
> Subject: [PATCH 1/2] gnu: pcmanfm: Add missing inputs. Remove comment.
>
> * gnu/packages/lxde.scm
> [inputs]: Add gvfs, for trash and mounting support.
> [propagated-inputs]: Add lxmenu-data, for "Open With..." Applications list.
> Remove comment suggesting to use --sysconfdir. Inspection of the configure
> script shows that <output>/etc is used for configuration by default anyway,
> so such a flag is not needed.
I moved the explanations as comments in the code (next to the inputs),
adjusted the commit log for style, and committed.
> From fe1e4cf4c88395cef87a0263acf587672b3132ac Mon Sep 17 00:00:00 2001
> From: Brendan Tildesley <brendan.tildesley@openmailbox.org>
> Date: Fri, 24 Nov 2017 02:57:00 +1100
> Subject: [PATCH 2/2] gnu: pcmanfm: Fix CVE-2017-8934.
>
> * gnu/packages/patches/pcmanfm-CVE-2017-8934.patch: New file. This patch was
> imported from Archlinux.
> * gnu/local.mk (dis_patch_DATA): Add it.
> * gnu/packages/lxde.scm[source]: Use it.
Applied.
Thanks!
Ludo’.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-11-23 21:57 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-11-23 16:32 [bug#29413] Add inputs for pcmanfm and a CVE-2017-8934 patch brendan.tildesley
2017-11-23 21:56 ` bug#29413: " Ludovic Courtès
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.