M gnu-system.am => gnu-system.am +1 -0
@@ 398,6 398,7 @@ dist_patch_DATA = \
gnu/packages/patches/gobject-introspection-absolute-shlib-path.patch \
gnu/packages/patches/gobject-introspection-cc.patch \
gnu/packages/patches/gobject-introspection-girepository.patch \
+ gnu/packages/patches/grep-CVE-2015-1345.patch \
gnu/packages/patches/grub-gets-undeclared.patch \
gnu/packages/patches/gstreamer-0.10-bison3.patch \
gnu/packages/patches/gstreamer-0.10-silly-test.patch \
M gnu/packages/base.scm => gnu/packages/base.scm +2 -1
@@ 73,7 73,8 @@ command-line arguments, multiple languages, and so on.")
version ".tar.xz"))
(sha256
(base32
- "1pp5n15qwxrw1pibwjhhgsibyv5cafhamf8lwzjygs6y00fa2i2j"))))
+ "1pp5n15qwxrw1pibwjhhgsibyv5cafhamf8lwzjygs6y00fa2i2j"))
+ (patches (list (search-patch "grep-CVE-2015-1345.patch")))))
(build-system gnu-build-system)
(synopsis "Print lines matching a pattern")
(description
A gnu/packages/patches/grep-CVE-2015-1345.patch => gnu/packages/patches/grep-CVE-2015-1345.patch +17 -0
@@ 0,0 1,17 @@
+Fix CVE-2015-1345. From upstream commit
+83a95bd8c8561875b948cadd417c653dbe7ef2e2
+by Yuliy Pisetsky <ypisetsky@fb.com>.
+
+diff --git a/src/kwset.c b/src/kwset.c
+index 4003c8d..376f7c3 100644
+--- a/src/kwset.c
++++ b/src/kwset.c
+@@ -643,6 +643,8 @@ bmexec_trans (kwset_t kwset, char const *text, size_t size)
+ if (! tp)
+ return -1;
+ tp++;
++ if (ep <= tp)
++ break;
+ }
+ }
+ }