[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/01: gnu: libunwind: Add fix for CVE-2015-3239.
From: |
Mark H. Weaver |
Subject: |
01/01: gnu: libunwind: Add fix for CVE-2015-3239. |
Date: |
Thu, 08 Oct 2015 14:56:11 +0000 |
mhw pushed a commit to branch master
in repository guix.
commit b5881775ac2db345bf5826d6351366346ff03275
Author: Mark H Weaver <address@hidden>
Date: Thu Oct 8 10:55:04 2015 -0400
gnu: libunwind: Add fix for CVE-2015-3239.
* gnu/packages/patches/libunwind-CVE-2015-3239.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/libunwind.scm (libunwind)[source]: Add patch.
---
gnu-system.am | 1 +
gnu/packages/libunwind.scm | 5 ++++-
gnu/packages/patches/libunwind-CVE-2015-3239.patch | 17 +++++++++++++++++
3 files changed, 22 insertions(+), 1 deletions(-)
diff --git a/gnu-system.am b/gnu-system.am
index 9ebaf52..c2dc323 100644
--- a/gnu-system.am
+++ b/gnu-system.am
@@ -536,6 +536,7 @@ dist_patch_DATA =
\
gnu/packages/patches/libtheora-config-guess.patch \
gnu/packages/patches/libtool-skip-tests2.patch \
gnu/packages/patches/libssh-CVE-2014-0017.patch \
+ gnu/packages/patches/libunwind-CVE-2015-3239.patch \
gnu/packages/patches/libwmf-CAN-2004-0941.patch \
gnu/packages/patches/libwmf-CVE-2006-3376.patch \
gnu/packages/patches/libwmf-CVE-2007-0455.patch \
diff --git a/gnu/packages/libunwind.scm b/gnu/packages/libunwind.scm
index 5e813e5..ab34962 100644
--- a/gnu/packages/libunwind.scm
+++ b/gnu/packages/libunwind.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014 Ludovic Courtès <address@hidden>
+;;; Copyright © 2015 Mark H Weaver <address@hidden>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -18,6 +19,7 @@
(define-module (gnu packages libunwind)
#:use-module (guix packages)
+ #:use-module (gnu packages)
#:use-module (guix download)
#:use-module (guix build-system gnu)
#:use-module (guix licenses))
@@ -32,7 +34,8 @@
version ".tar.gz"))
(sha256
(base32
- "16nhx2pahh9d62mvszc88q226q5lwjankij276fxwrm8wb50zzlx"))))
+ "16nhx2pahh9d62mvszc88q226q5lwjankij276fxwrm8wb50zzlx"))
+ (patches (list (search-patch "libunwind-CVE-2015-3239.patch")))))
(build-system gnu-build-system)
(arguments
;; FIXME: As of glibc 2.17, we get 3 out of 34 test failures.
diff --git a/gnu/packages/patches/libunwind-CVE-2015-3239.patch
b/gnu/packages/patches/libunwind-CVE-2015-3239.patch
new file mode 100644
index 0000000..3f11ac7
--- /dev/null
+++ b/gnu/packages/patches/libunwind-CVE-2015-3239.patch
@@ -0,0 +1,17 @@
+Copied from Fedora.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1232265
+http://pkgs.fedoraproject.org/cgit/libunwind.git/tree/libunwind-1.1-fix-CVE-2015-3239.patch
+
+diff -up libunwind-1.1/include/dwarf_i.h.CVE20153239
libunwind-1.1/include/dwarf_i.h
+--- libunwind-1.1/include/dwarf_i.h.CVE20153239 2015-07-10
13:38:36.404996748 -0400
++++ libunwind-1.1/include/dwarf_i.h 2015-07-10 13:39:25.050707613 -0400
+@@ -20,7 +20,7 @@
+ extern const uint8_t dwarf_to_unw_regnum_map[DWARF_REGNUM_MAP_LENGTH];
+ /* REG is evaluated multiple times; it better be side-effects free! */
+ # define dwarf_to_unw_regnum(reg) \
+- (((reg) <= DWARF_REGNUM_MAP_LENGTH) ? dwarf_to_unw_regnum_map[reg] : 0)
++ (((reg) < DWARF_REGNUM_MAP_LENGTH) ? dwarf_to_unw_regnum_map[reg] : 0)
+ #endif
+
+ #ifdef UNW_LOCAL_ONLY