[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
branch master updated: gnu: Transmission: Fix CVE-2018-10756.
From: |
guix-commits |
Subject: |
branch master updated: gnu: Transmission: Fix CVE-2018-10756. |
Date: |
Thu, 28 May 2020 11:11:14 -0400 |
This is an automated email from the git hooks/post-receive script.
lfam pushed a commit to branch master
in repository guix.
The following commit(s) were added to refs/heads/master by this push:
new 0d79620 gnu: Transmission: Fix CVE-2018-10756.
0d79620 is described below
commit 0d796201db2188e0a3abb6522f65458720b46fa6
Author: Leo Famulari <leo@famulari.name>
AuthorDate: Thu May 28 10:40:34 2020 -0400
gnu: Transmission: Fix CVE-2018-10756.
* gnu/packages/patches/transmission-CVE-2018-10756.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/bittorrent.scm (transmission)[source]: Use it.
---
gnu/local.mk | 1 +
gnu/packages/bittorrent.scm | 1 +
.../patches/transmission-CVE-2018-10756.patch | 71 ++++++++++++++++++++++
3 files changed, 73 insertions(+)
diff --git a/gnu/local.mk b/gnu/local.mk
index 80cefe5..de51c21 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1531,6 +1531,7 @@ dist_patch_DATA =
\
%D%/packages/patches/tipp10-fix-compiling.patch \
%D%/packages/patches/tipp10-remove-license-code.patch \
%D%/packages/patches/tk-find-library.patch \
+ %D%/packages/patches/transmission-CVE-2018-10756.patch \
%D%/packages/patches/ttf2eot-cstddef.patch \
%D%/packages/patches/ttfautohint-source-date-epoch.patch \
%D%/packages/patches/tomb-fix-errors-on-open.patch \
diff --git a/gnu/packages/bittorrent.scm b/gnu/packages/bittorrent.scm
index 947537b..8b041cb 100644
--- a/gnu/packages/bittorrent.scm
+++ b/gnu/packages/bittorrent.scm
@@ -73,6 +73,7 @@
(uri (string-append
"https://github.com/transmission/transmission-releases/raw/"
"master/transmission-" version ".tar.xz"))
+ (patches (search-patches "transmission-CVE-2018-10756.patch"))
(sha256
(base32
"0zbbj7rlm6m7vb64x68a64cwmijhsrwx9l63hbwqs7zr9742qi1m"))))
diff --git a/gnu/packages/patches/transmission-CVE-2018-10756.patch
b/gnu/packages/patches/transmission-CVE-2018-10756.patch
new file mode 100644
index 0000000..f9bdcf6
--- /dev/null
+++ b/gnu/packages/patches/transmission-CVE-2018-10756.patch
@@ -0,0 +1,71 @@
+Fix CVE-2018-10756:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10756
+
+Patch copied from Fedora:
+
+https://src.fedoraproject.org/rpms/transmission/blob/master/f/2123adf8e5e1c2b48791f9d22fc8c747e974180e.patch
+
+--- a/libtransmission/variant.c 2018-05-01 12:21:08.000000000 -0500
++++ b/libtransmission/variant.c 2020-05-18 10:21:27.554214128 -0500
+@@ -820,7 +820,7 @@
+ struct SaveNode
+ {
+ const tr_variant * v;
+- tr_variant sorted;
++ tr_variant* sorted;
+ size_t childIndex;
+ bool isVisited;
+ };
+@@ -849,26 +849,33 @@
+
+ qsort (tmp, n, sizeof (struct KeyIndex), compareKeyIndex);
+
+- tr_variantInitDict (&node->sorted, n);
++ node->sorted = tr_new(tr_variant, 1);
++ tr_variantInitDict (node->sorted, n);
+ for (i=0; i<n; ++i)
+- node->sorted.val.l.vals[i] = *tmp[i].val;
++ node->sorted->val.l.vals[i] = *tmp[i].val;
+ node->sorted.val.l.count = n;
+
+ tr_free (tmp);
+
+- node->v = &node->sorted;
++ v = node->sorted;
+ }
+ else
+ {
+- node->v = v;
++ node->sorted = NULL;
+ }
++
++ node->v = v;
+ }
+
+ static void
+ nodeDestruct (struct SaveNode * node)
+ {
+- if (node->v == &node->sorted)
+- tr_free (node->sorted.val.l.vals);
++ //TR_ASSERT(node != NULL);
++ if (node->sorted != NULL)
++ {
++ tr_free(node->sorted->val.l.vals);
++ tr_free(node->sorted);
++ }
+ }
+
+ /**
+--- a/libtransmission/variant.c 2020-05-18 10:21:49.000000000 -0500
++++ b/libtransmission/variant.c 2020-05-18 10:24:34.673648865 -0500
+@@ -853,7 +853,7 @@
+ tr_variantInitDict (node->sorted, n);
+ for (i=0; i<n; ++i)
+ node->sorted->val.l.vals[i] = *tmp[i].val;
+- node->sorted.val.l.count = n;
++ node->sorted->val.l.count = n;
+
+ tr_free (tmp);
+
+
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- branch master updated: gnu: Transmission: Fix CVE-2018-10756.,
guix-commits <=