summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2017-12-20 19:53:40 -0500
committerLeo Famulari <leo@famulari.name>2017-12-21 14:17:35 -0500
commit9c3ad422d0f4f2e552dcb73aae98c7db1fc2e584 (patch)
tree70eb99c103c52a7913708f0746b068210d4c62ed
parent5dc0e0b055ce2ab12c40066cee34511cd7a5cf03 (diff)
gnu: libgxps: Fix CVE-2017-11590.
* gnu/packages/patches/libgxps-CVE-2017-11590.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/gnome.scm (libgxps)[source]: Use it.
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/gnome.scm1
-rw-r--r--gnu/packages/patches/libgxps-CVE-2017-11590.patch48
3 files changed, 50 insertions, 0 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 20b3c3e366..ea9c42449a 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -810,6 +810,7 @@ dist_patch_DATA = \
%D%/packages/patches/libgit2-0.25.1-mtime-0.patch \
%D%/packages/patches/libgdata-fix-tests.patch \
%D%/packages/patches/libgdata-glib-duplicate-tests.patch \
+ %D%/packages/patches/libgxps-CVE-2017-11590.patch \
%D%/packages/patches/libffi-3.2.1-complex-alpha.patch \
%D%/packages/patches/libjxr-fix-function-signature.patch \
%D%/packages/patches/libjxr-fix-typos.patch \
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 7b93ddd14e..b7f57b030e 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -395,6 +395,7 @@ access the common Google services, and has full asynchronous support.")
(uri (string-append "mirror://gnome/sources/" name "/"
(version-major+minor version) "/"
name "-" version ".tar.xz"))
+ (patches (search-patches "libgxps-CVE-2017-11590.patch"))
(sha256
(base32
"184r06s8g20cfigg7m169n42jjsc9wmzzlycr4g1fxxhr72r8x9y"))))
diff --git a/gnu/packages/patches/libgxps-CVE-2017-11590.patch b/gnu/packages/patches/libgxps-CVE-2017-11590.patch
new file mode 100644
index 0000000000..9caa79b6f0
--- /dev/null
+++ b/gnu/packages/patches/libgxps-CVE-2017-11590.patch
@@ -0,0 +1,48 @@
+Fix CVE-2017-11590:
+
+https://bugzilla.gnome.org/show_bug.cgi?id=785479
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11590
+
+Patch copied from upstream source repository:
+
+https://git.gnome.org/browse/libgxps/commit/?id=9d5d292055250ed298f3b89dc332d6db4003a031
+
+From 9d5d292055250ed298f3b89dc332d6db4003a031 Mon Sep 17 00:00:00 2001
+From: Marek Kasik <mkasik@redhat.com>
+Date: Wed, 26 Jul 2017 16:23:37 +0200
+Subject: archive: Check for pathname being NULL before dereferencing
+
+Check whether "archive_entry_pathname ()" returns a non-NULL pathname
+before using it to avoid a NULL pointer being dereferenced.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=785479
+---
+ libgxps/gxps-archive.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/libgxps/gxps-archive.c b/libgxps/gxps-archive.c
+index acf8d7d..e763773 100644
+--- a/libgxps/gxps-archive.c
++++ b/libgxps/gxps-archive.c
+@@ -257,6 +257,7 @@ gxps_archive_initable_init (GInitable *initable,
+ GXPSArchive *archive;
+ ZipArchive *zip;
+ struct archive_entry *entry;
++ const gchar *pathname;
+
+ archive = GXPS_ARCHIVE (initable);
+
+@@ -281,7 +282,9 @@ gxps_archive_initable_init (GInitable *initable,
+
+ while (gxps_zip_archive_iter_next (zip, &entry)) {
+ /* FIXME: We can ignore directories here */
+- g_hash_table_add (archive->entries, g_strdup (archive_entry_pathname (entry)));
++ pathname = archive_entry_pathname (entry);
++ if (pathname != NULL)
++ g_hash_table_add (archive->entries, g_strdup (pathname));
+ archive_read_data_skip (zip->archive);
+ }
+
+--
+cgit v0.12
+