~ruther/guix-local: gnu: rpm: Update to 4.13.0.1.

3 files changed, 4 insertions(+), 30 deletions(-)

M gnu/local.mk
M gnu/packages/package-management.scm
D gnu/packages/patches/rpm-CVE-2014-8118.patch

M gnu/local.mk => gnu/local.mk +0 -1

@@ 1011,7 1011,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/reptyr-fix-gcc-7.patch			\
   %D%/packages/patches/ripperx-missing-file.patch		\
   %D%/packages/patches/rpcbind-CVE-2017-8779.patch		\
-  %D%/packages/patches/rpm-CVE-2014-8118.patch			\
   %D%/packages/patches/rsem-makefile.patch			\
   %D%/packages/patches/ruby-concurrent-ignore-broken-test.patch	\
   %D%/packages/patches/ruby-concurrent-test-arm.patch		\

M gnu/packages/package-management.scm => gnu/packages/package-management.scm +4 -4

@@ 411,15 411,15 @@ symlinks to the files in a common directory such as /usr/local.")
 (define-public rpm
   (package
     (name "rpm")
-    (version "4.12.0.1")
+    (version "4.13.0.1")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://rpm.org/releases/rpm-4.12.x/rpm-"
+              (uri (string-append "http://ftp.rpm.org/releases/rpm-"
+                                  (version-major+minor version) ".x/rpm-"
                                   version ".tar.bz2"))
               (sha256
                (base32
-                "0a82ym8phx7g0f3k6smvxnvzh7yv857l42xafk49689kzhld5pbp"))
-              (patches (search-patches "rpm-CVE-2014-8118.patch"))))
+                "03cvbwbfrhm0fa02j7828k1qp05hf2m0fradwcf2nqhrsjkppz17"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags '("--with-external-db"   ;use the system's bdb

D gnu/packages/patches/rpm-CVE-2014-8118.patch => gnu/packages/patches/rpm-CVE-2014-8118.patch +0 -25

@@ 1,25 0,0 @@
-Fix CVE-2014-8118 (integer overflow allowing arbitrary remote code
-execution via crafted CPIO header).
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8118
-
-Source:
-https://bugzilla.redhat.com/attachment.cgi?id=962159&action=diff
-
-Adopted by Debian:
-http://anonscm.debian.org/cgit/collab-maint/rpm.git/plain/debian/patches/CVE-2014-8118.patch
-
-diff --git a/lib/cpio.c b/lib/cpio.c
-index 253ff0f..600633a 100644
---- a/lib/cpio.c
-+++ b/lib/cpio.c
-@@ -399,6 +399,9 @@ int rpmcpioHeaderRead(rpmcpio_t cpio, char ** path, int * fx)
- 
-     GET_NUM_FIELD(hdr.filesize, fsize);
-     GET_NUM_FIELD(hdr.namesize, nameSize);
-+    if (nameSize <= 0 || nameSize > 4096) {
-+        return RPMERR_BAD_HEADER;
-+    }
- 
-     char name[nameSize + 1];
-     read = Fread(name, nameSize, 1, cpio->fd);