[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/01: gnu: rpm: Update to 4.13.0.1.
|
From: |
Eric Bavier |
|
Subject: |
01/01: gnu: rpm: Update to 4.13.0.1. |
|
Date: |
Thu, 17 Aug 2017 22:57:13 -0400 (EDT) |
bavier pushed a commit to branch master
in repository guix.
commit 623cc34cd203c2299a33fb788551f9136f5e8325
Author: Eric Bavier <address@hidden>
Date: Thu Aug 17 21:34:37 2017 -0500
gnu: rpm: Update to 4.13.0.1.
* gnu/packages/package-management.scm (rpm): Update to 4.13.0.1
[source]: Remove patch. Use 'version-major+minor' for url.
* gnu/packages/patches/rpm-CVE-2014-8118.patch: Delete patch.
* gnu/local.mk (dist_patch_DATA): Remove it.
---
gnu/local.mk | 1 -
gnu/packages/package-management.scm | 8 ++++----
gnu/packages/patches/rpm-CVE-2014-8118.patch | 25 -------------------------
3 files changed, 4 insertions(+), 30 deletions(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index 63300e3..b4acd0c 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1011,7 +1011,6 @@ dist_patch_DATA =
\
%D%/packages/patches/reptyr-fix-gcc-7.patch \
%D%/packages/patches/ripperx-missing-file.patch \
%D%/packages/patches/rpcbind-CVE-2017-8779.patch \
- %D%/packages/patches/rpm-CVE-2014-8118.patch \
%D%/packages/patches/rsem-makefile.patch \
%D%/packages/patches/ruby-concurrent-ignore-broken-test.patch \
%D%/packages/patches/ruby-concurrent-test-arm.patch \
diff --git a/gnu/packages/package-management.scm
b/gnu/packages/package-management.scm
index 1f65e21..4fd1378 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -411,15 +411,15 @@ symlinks to the files in a common directory such as
/usr/local.")
(define-public rpm
(package
(name "rpm")
- (version "4.12.0.1")
+ (version "4.13.0.1")
(source (origin
(method url-fetch)
- (uri (string-append "http://rpm.org/releases/rpm-4.12.x/rpm-";
+ (uri (string-append "http://ftp.rpm.org/releases/rpm-";
+ (version-major+minor version) ".x/rpm-"
version ".tar.bz2"))
(sha256
(base32
- "0a82ym8phx7g0f3k6smvxnvzh7yv857l42xafk49689kzhld5pbp"))
- (patches (search-patches "rpm-CVE-2014-8118.patch"))))
+ "03cvbwbfrhm0fa02j7828k1qp05hf2m0fradwcf2nqhrsjkppz17"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags '("--with-external-db" ;use the system's bdb
diff --git a/gnu/packages/patches/rpm-CVE-2014-8118.patch
b/gnu/packages/patches/rpm-CVE-2014-8118.patch
deleted file mode 100644
index 5fdb0f0..0000000
--- a/gnu/packages/patches/rpm-CVE-2014-8118.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-Fix CVE-2014-8118 (integer overflow allowing arbitrary remote code
-execution via crafted CPIO header).
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8118
-
-Source:
-https://bugzilla.redhat.com/attachment.cgi?id=962159&action=diff
-
-Adopted by Debian:
-http://anonscm.debian.org/cgit/collab-maint/rpm.git/plain/debian/patches/CVE-2014-8118.patch
-
-diff --git a/lib/cpio.c b/lib/cpio.c
-index 253ff0f..600633a 100644
---- a/lib/cpio.c
-+++ b/lib/cpio.c
-@@ -399,6 +399,9 @@ int rpmcpioHeaderRead(rpmcpio_t cpio, char ** path, int *
fx)
-
- GET_NUM_FIELD(hdr.filesize, fsize);
- GET_NUM_FIELD(hdr.namesize, nameSize);
-+ if (nameSize <= 0 || nameSize > 4096) {
-+ return RPMERR_BAD_HEADER;
-+ }
-
- char name[nameSize + 1];
- read = Fread(name, nameSize, 1, cpio->fd);