Patchwork [1/1] gnu: weex: Fix CVE-2005-3150.

login
register
mail settings
Submitter Leo Famulari
Date Nov. 5, 2016, 5:45 a.m.
Message ID <665ebef4734c7a27067a5f3cdad30e65b562f4f7.1478324741.git.leo@famulari.name>
Download mbox | patch
Permalink /patch/17214/
State New
Headers show

Comments

Leo Famulari - Nov. 5, 2016, 5:45 a.m.
* gnu/packages/patches/weex-CVE-2005-3150.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/ftp.scm (weex)[source]: Use it.
---
 gnu/local.mk                                  |  1 +
 gnu/packages/ftp.scm                          |  3 ++-
 gnu/packages/patches/weex-CVE-2005-3150.patch | 32 +++++++++++++++++++++++++++
 3 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/weex-CVE-2005-3150.patch
Marius Bakke - Nov. 5, 2016, 10:53 a.m.
Leo Famulari <leo@famulari.name> writes:

> * gnu/packages/patches/weex-CVE-2005-3150.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/ftp.scm (weex)[source]: Use it.

Wow, an 11 year-old CVE. There is a 2.8.0 release of weex from last year
on http://weex.sf.net, is that still affected? We have 2.6.15.
Leo Famulari - Nov. 5, 2016, 5:53 p.m.
On Sat, Nov 05, 2016 at 10:53:57AM +0000, Marius Bakke wrote:
> Leo Famulari <leo@famulari.name> writes:
> 
> > * gnu/packages/patches/weex-CVE-2005-3150.patch: New file.
> > * gnu/local.mk (dist_patch_DATA): Add it.
> > * gnu/packages/ftp.scm (weex)[source]: Use it.
> 
> Wow, an 11 year-old CVE. There is a 2.8.0 release of weex from last year
> on http://weex.sf.net, is that still affected? We have 2.6.15.

And a 2.8.2 release! Updating is a better idea; I didn't realize it was
an option. Done as 2d125a9b21306919e6123f76c0970988b14dadcf

If your to-do list needs more entries, you can try increasing the values
of 'past-years' and 'past-ttls' in (guix cve).

Patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 49b6721..c4c0e8d 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -893,6 +893,7 @@  dist_patch_DATA =						\
   %D%/packages/patches/vtk-mesa-10.patch			\
   %D%/packages/patches/weechat-python.patch			\
   %D%/packages/patches/weex-vacopy.patch			\
+  %D%/packages/patches/weex-CVE-2005-3150.patch			\
   %D%/packages/patches/wicd-bitrate-none-fix.patch		\
   %D%/packages/patches/wicd-get-selected-profile-fix.patch	\
   %D%/packages/patches/wicd-urwid-1.3.patch			\
diff --git a/gnu/packages/ftp.scm b/gnu/packages/ftp.scm
index a112655..149ebe2 100644
--- a/gnu/packages/ftp.scm
+++ b/gnu/packages/ftp.scm
@@ -136,7 +136,8 @@  FTP browser, as well as non-interactive commands such as 'ncftpput' and
         (sha256
           (base32
             "0f5cj5p852wkm24mzy2sxgxyahv2p9rk4wlq21j310pi7wlhgwyl"))
-        (patches (search-patches "weex-vacopy.patch"))))
+        (patches (search-patches "weex-vacopy.patch"
+                                 "weex-CVE-2005-3150.patch"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/patches/weex-CVE-2005-3150.patch b/gnu/packages/patches/weex-CVE-2005-3150.patch
new file mode 100644
index 0000000..246161f
--- /dev/null
+++ b/gnu/packages/patches/weex-CVE-2005-3150.patch
@@ -0,0 +1,32 @@ 
+From: Leo Famulari <leo@famulari.name>
+Date: Sat, 5 Nov 2016 01:35:50 -0400
+Subject: Fix CVE-2005-3150 (remotely exploitable format string bug).
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3150
+
+Fix copied from Gentoo and FreeBSD:
+
+https://bugs.gentoo.org/show_bug.cgi?id=107849
+https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=86833
+https://svnweb.freebsd.org/ports/head/ftp/weex/files/patch-src__log.c?revision=143994&view=markup
+
+---
+ src/log.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/log.c b/src/log.c
+index 5c06339..4174ee0 100644
+--- a/src/log.c
++++ b/src/log.c
+@@ -183,7 +183,7 @@ void log_flush(void)
+ 
+ 	fp=log_open();
+ 	for(i=0;i<max_log;i++){
+-		fprintf(fp,log_str[i]);
++		fprintf(fp,"%s",log_str[i]);
+ 		free(log_str[i]);
+ 	}
+ 	free(log_str);
+-- 
+2.10.2
+