gnu: graphicsmagick: Fix CVE-2016-5118.
* gnu/packages/patches/graphicsmagick-CVE-2016-5118.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/imagemagick.scm (graphicsmagick): Use it.
This commit is contained in:
parent
b3d20b8280
commit
d8862778c1
|
@ -518,6 +518,7 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \
|
||||
%D%/packages/patches/gobject-introspection-cc.patch \
|
||||
%D%/packages/patches/gobject-introspection-girepository.patch \
|
||||
%D%/packages/patches/graphicsmagick-CVE-2016-5118.patch \
|
||||
%D%/packages/patches/grep-timing-sensitive-test.patch \
|
||||
%D%/packages/patches/grub-CVE-2015-8370.patch \
|
||||
%D%/packages/patches/grub-gets-undeclared.patch \
|
||||
|
|
|
@ -160,6 +160,7 @@ script.")
|
|||
(uri (string-append "ftp://ftp.graphicsmagick.org/pub/"
|
||||
"GraphicsMagick/" (version-major+minor version)
|
||||
"/GraphicsMagick-" version ".tar.xz"))
|
||||
(patches (search-patches "graphicsmagick-CVE-2016-5118.patch"))
|
||||
(sha256
|
||||
(base32
|
||||
"03g6l2h8cmf231y1vma0z7x85070jm1ysgs9ppqcd3jj56jka9gx"))))
|
||||
|
|
|
@ -0,0 +1,19 @@
|
|||
Fix CVE-2016-5118 (popen() shell vulnerability via filename).
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5118
|
||||
|
||||
Upstream patch copied from the bug announcement:
|
||||
http://seclists.org/oss-sec/2016/q2/432
|
||||
https://marc.info/?l=oss-security&m=146455222600609&w=2
|
||||
|
||||
diff -r 33200fc645f6 magick/blob.c
|
||||
--- a/magick/blob.c Sat Nov 07 14:49:16 2015 -0600
|
||||
+++ b/magick/blob.c Sun May 29 14:12:57 2016 -0500
|
||||
@@ -68,6 +68,7 @@
|
||||
*/
|
||||
#define DefaultBlobQuantum 65541
|
||||
|
||||
+#undef HAVE_POPEN
|
||||
|
||||
/*
|
||||
Enum declarations.
|
Loading…
Reference in New Issue