TakeV/guix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

gnu: Transmission: Fix CVE-2018-10756.

Browse source 
* gnu/packages/patches/transmission-CVE-2018-10756.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/bittorrent.scm (transmission)[source]: Use it.
This commit is contained in:
Leo Famulari 2020-05-28 10:40:34 -04:00
parent 8ccac2c974
commit 0d796201db
No known key found for this signature in database
GPG key ID: 2646FA30BACA7F08
3 changed files with 73 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
gnu/local.mk
View file

@ -1531,6 +1531,7 @@ dist_patch_DATA = \
%D%/packages/patches/tipp10-fix-compiling.patch \ %D%/packages/patches/tipp10-fix-compiling.patch \
%D%/packages/patches/tipp10-remove-license-code.patch \ %D%/packages/patches/tipp10-remove-license-code.patch \
%D%/packages/patches/tk-find-library.patch \ %D%/packages/patches/tk-find-library.patch \
%D%/packages/patches/transmission-CVE-2018-10756.patch \
%D%/packages/patches/ttf2eot-cstddef.patch \ %D%/packages/patches/ttf2eot-cstddef.patch \
%D%/packages/patches/ttfautohint-source-date-epoch.patch \ %D%/packages/patches/ttfautohint-source-date-epoch.patch \
%D%/packages/patches/tomb-fix-errors-on-open.patch \ %D%/packages/patches/tomb-fix-errors-on-open.patch \

1
gnu/packages/bittorrent.scm
View file

@ -73,6 +73,7 @@ (define-public transmission
(uri (string-append (uri (string-append
"https://github.com/transmission/transmission-releases/raw/" "https://github.com/transmission/transmission-releases/raw/"
"master/transmission-" version ".tar.xz")) "master/transmission-" version ".tar.xz"))
(patches (search-patches "transmission-CVE-2018-10756.patch"))
(sha256 (sha256
(base32 (base32
"0zbbj7rlm6m7vb64x68a64cwmijhsrwx9l63hbwqs7zr9742qi1m")))) "0zbbj7rlm6m7vb64x68a64cwmijhsrwx9l63hbwqs7zr9742qi1m"))))

71
gnu/packages/patches/transmission-CVE-2018-10756.patch Normal file
View file

@ -0,0 +1,71 @@
Fix CVE-2018-10756:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10756
Patch copied from Fedora:
https://src.fedoraproject.org/rpms/transmission/blob/master/f/2123adf8e5e1c2b48791f9d22fc8c747e974180e.patch
--- a/libtransmission/variant.c 2018-05-01 12:21:08.000000000 -0500
+++ b/libtransmission/variant.c 2020-05-18 10:21:27.554214128 -0500
@@ -820,7 +820,7 @@
struct SaveNode
{
const tr_variant * v;
- tr_variant sorted;
+ tr_variant* sorted;
size_t childIndex;
bool isVisited;
};
@@ -849,26 +849,33 @@
qsort (tmp, n, sizeof (struct KeyIndex), compareKeyIndex);
- tr_variantInitDict (&node->sorted, n);
+ node->sorted = tr_new(tr_variant, 1);
+ tr_variantInitDict (node->sorted, n);
for (i=0; i<n; ++i)
- node->sorted.val.l.vals[i] = *tmp[i].val;
+ node->sorted->val.l.vals[i] = *tmp[i].val;
node->sorted.val.l.count = n;
tr_free (tmp);
- node->v = &node->sorted;
+ v = node->sorted;
}
else
{
- node->v = v;
+ node->sorted = NULL;
}
+
+ node->v = v;
}
static void
nodeDestruct (struct SaveNode * node)
{
- if (node->v == &node->sorted)
- tr_free (node->sorted.val.l.vals);
+ //TR_ASSERT(node != NULL);
+ if (node->sorted != NULL)
+ {
+ tr_free(node->sorted->val.l.vals);
+ tr_free(node->sorted);
+ }
}
/**
--- a/libtransmission/variant.c 2020-05-18 10:21:49.000000000 -0500
+++ b/libtransmission/variant.c 2020-05-18 10:24:34.673648865 -0500
@@ -853,7 +853,7 @@
tr_variantInitDict (node->sorted, n);
for (i=0; i<n; ++i)
node->sorted->val.l.vals[i] = *tmp[i].val;
- node->sorted.val.l.count = n;
+ node->sorted->val.l.count = n;
tr_free (tmp);