gnu: fossil: Update to 2.4.
* gnu/packages/version-control.scm (fossil): Update to 2.4. [source]: Remove patch. * gnu/packages/patches/fossil-CVE-2017-17459.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it.
This commit is contained in:
parent
4ed41f472b
commit
7a66b68730
|
@ -640,7 +640,6 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/foomatic-filters-CVE-2015-8327.patch \
|
%D%/packages/patches/foomatic-filters-CVE-2015-8327.patch \
|
||||||
%D%/packages/patches/foomatic-filters-CVE-2015-8560.patch \
|
%D%/packages/patches/foomatic-filters-CVE-2015-8560.patch \
|
||||||
%D%/packages/patches/fontconfig-remove-debug-printf.patch \
|
%D%/packages/patches/fontconfig-remove-debug-printf.patch \
|
||||||
%D%/packages/patches/fossil-CVE-2017-17459.patch \
|
|
||||||
%D%/packages/patches/freeimage-CVE-2015-0852.patch \
|
%D%/packages/patches/freeimage-CVE-2015-0852.patch \
|
||||||
%D%/packages/patches/freeimage-CVE-2016-5684.patch \
|
%D%/packages/patches/freeimage-CVE-2016-5684.patch \
|
||||||
%D%/packages/patches/freeimage-fix-build-with-gcc-5.patch \
|
%D%/packages/patches/freeimage-fix-build-with-gcc-5.patch \
|
||||||
|
|
|
@ -1,57 +0,0 @@
|
||||||
Fix CVE-2017-17459:
|
|
||||||
|
|
||||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17459
|
|
||||||
|
|
||||||
Patch copied from upstream source repository:
|
|
||||||
|
|
||||||
https://www.fossil-scm.org/xfer/info/1f63db591c77108c
|
|
||||||
|
|
||||||
Index: src/http_transport.c
|
|
||||||
==================================================================
|
|
||||||
--- src/http_transport.c
|
|
||||||
+++ src/http_transport.c
|
|
||||||
@@ -73,10 +73,23 @@
|
|
||||||
if( resetFlag ){
|
|
||||||
transport.nSent = 0;
|
|
||||||
transport.nRcvd = 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+** Remove leading "-" characters from the input string.
|
|
||||||
+**
|
|
||||||
+** This prevents attacks that try to trick a victim into using
|
|
||||||
+** a ssh:// URI with a carefully crafted hostname of other
|
|
||||||
+** parameter that ends up being interpreted as a command-line
|
|
||||||
+** option by "ssh".
|
|
||||||
+*/
|
|
||||||
+static const char *stripLeadingMinus(const char *z){
|
|
||||||
+ while( z[0]=='-' ) z++;
|
|
||||||
+ return z;
|
|
||||||
+}
|
|
||||||
|
|
||||||
/*
|
|
||||||
** Default SSH command
|
|
||||||
*/
|
|
||||||
#ifdef _WIN32
|
|
||||||
@@ -116,17 +129,17 @@
|
|
||||||
}else{
|
|
||||||
zHost = mprintf("%s", pUrlData->name);
|
|
||||||
}
|
|
||||||
n = blob_size(&zCmd);
|
|
||||||
blob_append(&zCmd, " ", 1);
|
|
||||||
- shell_escape(&zCmd, zHost);
|
|
||||||
+ shell_escape(&zCmd, stripLeadingMinus(zHost));
|
|
||||||
blob_append(&zCmd, " ", 1);
|
|
||||||
shell_escape(&zCmd, mprintf("%s", pUrlData->fossil));
|
|
||||||
blob_append(&zCmd, " test-http", 10);
|
|
||||||
if( pUrlData->path && pUrlData->path[0] ){
|
|
||||||
blob_append(&zCmd, " ", 1);
|
|
||||||
- shell_escape(&zCmd, mprintf("%s", pUrlData->path));
|
|
||||||
+ shell_escape(&zCmd, mprintf("%s", stripLeadingMinus(pUrlData->path)));
|
|
||||||
}
|
|
||||||
if( g.fSshTrace ){
|
|
||||||
fossil_print("%s\n", blob_str(&zCmd)+n); /* Show tail of SSH command */
|
|
||||||
}
|
|
||||||
free(zHost);
|
|
||||||
|
|
|
@ -1491,7 +1491,7 @@ repository\" with git-annex.")
|
||||||
(define-public fossil
|
(define-public fossil
|
||||||
(package
|
(package
|
||||||
(name "fossil")
|
(name "fossil")
|
||||||
(version "2.2")
|
(version "2.4")
|
||||||
(source
|
(source
|
||||||
(origin
|
(origin
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
|
@ -1503,11 +1503,9 @@ repository\" with git-annex.")
|
||||||
(string-append
|
(string-append
|
||||||
"https://www.fossil-scm.org/index.html/uv/"
|
"https://www.fossil-scm.org/index.html/uv/"
|
||||||
"fossil-src-" version ".tar.gz")))
|
"fossil-src-" version ".tar.gz")))
|
||||||
(patches (search-patches "fossil-CVE-2017-17459.patch"))
|
|
||||||
(patch-flags '("-p0"))
|
|
||||||
(sha256
|
(sha256
|
||||||
(base32
|
(base32
|
||||||
"0wfgacfg29dkl0c3l1rp5ji0kraa64gcbg5lh8p4m7mqdqcq53wv"))))
|
"0add35lk2ac4qg29d7ygj7pskv8lfln33f3kgf6x3548msv9hd6j"))))
|
||||||
(build-system gnu-build-system)
|
(build-system gnu-build-system)
|
||||||
(native-inputs
|
(native-inputs
|
||||||
`(("tcl" ,tcl) ;for configuration only
|
`(("tcl" ,tcl) ;for configuration only
|
||||||
|
|
Loading…
Reference in New Issue