gnu: grep: Apply fix for CVE-2015-1345.

* gnu/packages/patches/grep-CVE-2015-1345.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. * gnu/packages/base.scm (grep): Add patch.
2015-02-26 04:26:16 -05:00 · 2015-02-26 04:26:16 -05:00 · a068dba78b
parent 8a00b93027
commit a068dba78b
3 changed files with 20 additions and 1 deletions
--- a/gnu-system.am
+++ b/gnu-system.am
@ -398,6 +398,7 @@ dist_patch_DATA =						\
  gnu/packages/patches/gobject-introspection-absolute-shlib-path.patch \
  gnu/packages/patches/gobject-introspection-cc.patch		\
  gnu/packages/patches/gobject-introspection-girepository.patch	\
+  gnu/packages/patches/grep-CVE-2015-1345.patch			\
  gnu/packages/patches/grub-gets-undeclared.patch		\
  gnu/packages/patches/gstreamer-0.10-bison3.patch		\
  gnu/packages/patches/gstreamer-0.10-silly-test.patch		\
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@ -73,7 +73,8 @@ command-line arguments, multiple languages, and so on.")
                                version ".tar.xz"))
            (sha256
             (base32
-              "1pp5n15qwxrw1pibwjhhgsibyv5cafhamf8lwzjygs6y00fa2i2j"))))
+              "1pp5n15qwxrw1pibwjhhgsibyv5cafhamf8lwzjygs6y00fa2i2j"))
+            (patches (list (search-patch "grep-CVE-2015-1345.patch")))))
   (build-system gnu-build-system)
   (synopsis "Print lines matching a pattern")
   (description
--- a/gnu/packages/patches/grep-CVE-2015-1345.patch
+++ b/gnu/packages/patches/grep-CVE-2015-1345.patch
@ -0,0 +1,17 @@
+Fix CVE-2015-1345.  From upstream commit
+83a95bd8c8561875b948cadd417c653dbe7ef2e2
+by Yuliy Pisetsky <ypisetsky@fb.com>.
+
+diff --git a/src/kwset.c b/src/kwset.c
+index 4003c8d..376f7c3 100644
+--- a/src/kwset.c
+++ b/src/kwset.c
+@@ -643,6 +643,8 @@ bmexec_trans (kwset_t kwset, char const *text, size_t size)
+                     if (! tp)
+                       return -1;
+                     tp++;
+                    if (ep <= tp)
+                      break;
+                   }
+               }
+           }