From b927058237a36b3bd870cff50a4107bfd4a39e41 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Fri, 2 Oct 2015 12:30:41 -0400 Subject: gnu: openjpeg-2.x: Add fix for use-after-free in opj_j2k_write_mco. * gnu/packages/patches/openjpeg-use-after-free-fix.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. * gnu/packages/image.scm (openjpeg, openjpeg-2.0)[source]: Add patch. [home-page]: Update. --- gnu-system.am | 1 + 1 file changed, 1 insertion(+) (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index 98634a0c2b..17012af51b 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -571,6 +571,7 @@ dist_patch_DATA = \ gnu/packages/patches/nvi-dbpagesize-binpower.patch \ gnu/packages/patches/nvi-db4.patch \ gnu/packages/patches/openexr-missing-samples.patch \ + gnu/packages/patches/openjpeg-use-after-free-fix.patch \ gnu/packages/patches/openssl-runpath.patch \ gnu/packages/patches/openssl-c-rehash.patch \ gnu/packages/patches/orpheus-cast-errors-and-includes.patch \ -- cgit v1.2.3 From 93bd4a37eedb475ec0e6015be8f78fc074a7f389 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Fri, 2 Oct 2015 12:52:00 -0400 Subject: gnu: freeimage: Add fix for CVE-2015-0852. * gnu/packages/patches/freeimage-CVE-2015-0852.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. * gnu/packages/image.scm (freeimage)[source]: Add patch. --- gnu-system.am | 1 + gnu/packages/image.scm | 3 +- gnu/packages/patches/freeimage-CVE-2015-0852.patch | 129 +++++++++++++++++++++ 3 files changed, 132 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/freeimage-CVE-2015-0852.patch (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index 17012af51b..2964367192 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -452,6 +452,7 @@ dist_patch_DATA = \ gnu/packages/patches/flex-bison-tests.patch \ gnu/packages/patches/flint-ldconfig.patch \ gnu/packages/patches/fltk-shared-lib-defines.patch \ + gnu/packages/patches/freeimage-CVE-2015-0852.patch \ gnu/packages/patches/fuse-CVE-2015-3202.patch \ gnu/packages/patches/gawk-shell.patch \ gnu/packages/patches/gcc-arm-link-spec-fix.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 456f42f497..26f1be9a2f 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -469,7 +469,8 @@ supplies a generic doubly-linked list and some string functions.") ".zip")) (sha256 (base32 - "12bz57asdcfsz3zr9i9nska0fb6h3z2aizy412qjqkixkginbz7v")))) + "12bz57asdcfsz3zr9i9nska0fb6h3z2aizy412qjqkixkginbz7v")) + (patches (list (search-patch "freeimage-CVE-2015-0852.patch"))))) (build-system gnu-build-system) (arguments '(#:phases (alist-delete diff --git a/gnu/packages/patches/freeimage-CVE-2015-0852.patch b/gnu/packages/patches/freeimage-CVE-2015-0852.patch new file mode 100644 index 0000000000..34d538e925 --- /dev/null +++ b/gnu/packages/patches/freeimage-CVE-2015-0852.patch @@ -0,0 +1,129 @@ +Copied from Debian. + +Description: fix integer overflow +Origin: upstream + http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginPCX.cpp?view=patch&r1=1.17&r2=1.18&pathrev=MAIN + http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginPCX.cpp?view=patch&r1=1.18&r2=1.19&pathrev=MAIN +Bug-Debian: https://bugs.debian.org/797165 +Last-Update: 2015-09-14 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: freeimage/Source/FreeImage/PluginPCX.cpp +=================================================================== +--- freeimage.orig/Source/FreeImage/PluginPCX.cpp ++++ freeimage/Source/FreeImage/PluginPCX.cpp +@@ -347,12 +347,14 @@ Load(FreeImageIO *io, fi_handle handle, + + try { + // check PCX identifier +- +- long start_pos = io->tell_proc(handle); +- BOOL validated = pcx_validate(io, handle); +- io->seek_proc(handle, start_pos, SEEK_SET); +- if(!validated) { +- throw FI_MSG_ERROR_MAGIC_NUMBER; ++ // (note: should have been already validated using FreeImage_GetFileType but check again) ++ { ++ long start_pos = io->tell_proc(handle); ++ BOOL validated = pcx_validate(io, handle); ++ io->seek_proc(handle, start_pos, SEEK_SET); ++ if(!validated) { ++ throw FI_MSG_ERROR_MAGIC_NUMBER; ++ } + } + + // process the header +@@ -366,20 +368,38 @@ Load(FreeImageIO *io, fi_handle handle, + SwapHeader(&header); + #endif + +- // allocate a new DIB ++ // process the window ++ const WORD *window = header.window; // left, upper, right,lower pixel coord. ++ const int left = window[0]; ++ const int top = window[1]; ++ const int right = window[2]; ++ const int bottom = window[3]; + +- unsigned width = header.window[2] - header.window[0] + 1; +- unsigned height = header.window[3] - header.window[1] + 1; +- unsigned bitcount = header.bpp * header.planes; +- +- if (bitcount == 24) { +- dib = FreeImage_AllocateHeader(header_only, width, height, bitcount, FI_RGBA_RED_MASK, FI_RGBA_GREEN_MASK, FI_RGBA_BLUE_MASK); +- } else { +- dib = FreeImage_AllocateHeader(header_only, width, height, bitcount); ++ // check image size ++ if((left >= right) || (top >= bottom)) { ++ throw FI_MSG_ERROR_PARSING; + } + +- // if the dib couldn't be allocated, throw an error ++ const unsigned width = right - left + 1; ++ const unsigned height = bottom - top + 1; ++ const unsigned bitcount = header.bpp * header.planes; ++ ++ // allocate a new DIB ++ switch(bitcount) { ++ case 1: ++ case 4: ++ case 8: ++ dib = FreeImage_AllocateHeader(header_only, width, height, bitcount); ++ break; ++ case 24: ++ dib = FreeImage_AllocateHeader(header_only, width, height, bitcount, FI_RGBA_RED_MASK, FI_RGBA_GREEN_MASK, FI_RGBA_BLUE_MASK); ++ break; ++ default: ++ throw FI_MSG_ERROR_DIB_MEMORY; ++ break; ++ } + ++ // if the dib couldn't be allocated, throw an error + if (!dib) { + throw FI_MSG_ERROR_DIB_MEMORY; + } +@@ -426,19 +446,23 @@ Load(FreeImageIO *io, fi_handle handle, + + if (palette_id == 0x0C) { + BYTE *cmap = (BYTE*)malloc(768 * sizeof(BYTE)); +- io->read_proc(cmap, 768, 1, handle); + +- pal = FreeImage_GetPalette(dib); +- BYTE *pColormap = &cmap[0]; ++ if(cmap) { ++ io->read_proc(cmap, 768, 1, handle); + +- for(int i = 0; i < 256; i++) { +- pal[i].rgbRed = pColormap[0]; +- pal[i].rgbGreen = pColormap[1]; +- pal[i].rgbBlue = pColormap[2]; +- pColormap += 3; ++ pal = FreeImage_GetPalette(dib); ++ BYTE *pColormap = &cmap[0]; ++ ++ for(int i = 0; i < 256; i++) { ++ pal[i].rgbRed = pColormap[0]; ++ pal[i].rgbGreen = pColormap[1]; ++ pal[i].rgbBlue = pColormap[2]; ++ pColormap += 3; ++ } ++ ++ free(cmap); + } + +- free(cmap); + } + + // wrong palette ID, perhaps a gray scale is needed ? +@@ -466,9 +490,9 @@ Load(FreeImageIO *io, fi_handle handle, + // calculate the line length for the PCX and the DIB + + // length of raster line in bytes +- unsigned linelength = header.bytes_per_line * header.planes; ++ const unsigned linelength = header.bytes_per_line * header.planes; + // length of DIB line (rounded to DWORD) in bytes +- unsigned pitch = FreeImage_GetPitch(dib); ++ const unsigned pitch = FreeImage_GetPitch(dib); + + // run-length encoding ? + -- cgit v1.2.3 From 2f8fee0623e88d3ba17d7cc41510afb3871cf9b7 Mon Sep 17 00:00:00 2001 From: Andreas Enge Date: Fri, 2 Oct 2015 20:26:45 +0200 Subject: gnu: valgrind: Update to 3.11.0. * gnu/packages/valgrind.scm (valgrind): Update to 3.11.0. [source]: Remove the patches * gnu/packages/patches/valgrind-glibc-2.22.patch, gnu/packages/patches/valgrind-linux-libre-4.x.patch: Delete files. * gnu-system.am (dist_patch_DATA): Unregister the patches. --- gnu-system.am | 2 -- gnu/packages/patches/valgrind-glibc-2.22.patch | 39 ---------------------- .../patches/valgrind-linux-libre-4.x.patch | 18 ---------- gnu/packages/valgrind.scm | 6 ++-- 4 files changed, 2 insertions(+), 63 deletions(-) delete mode 100644 gnu/packages/patches/valgrind-glibc-2.22.patch delete mode 100644 gnu/packages/patches/valgrind-linux-libre-4.x.patch (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index 2964367192..c9a4d32475 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -647,8 +647,6 @@ dist_patch_DATA = \ gnu/packages/patches/unzip-remove-build-date.patch \ gnu/packages/patches/util-linux-tests.patch \ gnu/packages/patches/upower-builddir.patch \ - gnu/packages/patches/valgrind-glibc-2.22.patch \ - gnu/packages/patches/valgrind-linux-libre-4.x.patch \ gnu/packages/patches/vpnc-script.patch \ gnu/packages/patches/vtk-mesa-10.patch \ gnu/packages/patches/w3m-fix-compile.patch \ diff --git a/gnu/packages/patches/valgrind-glibc-2.22.patch b/gnu/packages/patches/valgrind-glibc-2.22.patch deleted file mode 100644 index 36c4916cc6..0000000000 --- a/gnu/packages/patches/valgrind-glibc-2.22.patch +++ /dev/null @@ -1,39 +0,0 @@ -Submitted By: Pierre Labastie -Date: 2015-02-22 -Initial Package Version: 3.10.1 -Upstream Status: Unknown -Origin: Self -Description: Allows Valgrind to build with glibc-2.21 - -Later modified to support glibc-2.22 as well. - -diff -Naur valgrind-3.10.1.old/configure valgrind-3.10.1.new/configure ---- valgrind-3.10.1.old/configure 2014-11-25 20:42:25.000000000 +0100 -+++ valgrind-3.10.1.new/configure 2015-02-22 10:46:06.607826488 +0100 -@@ -6842,6 +6842,26 @@ - DEFAULT_SUPP="glibc-2.34567-NPTL-helgrind.supp ${DEFAULT_SUPP}" - DEFAULT_SUPP="glibc-2.X-drd.supp ${DEFAULT_SUPP}" - ;; -+ 2.21) -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: 2.21 family" >&5 -+$as_echo "2.21 family" >&6; } -+ -+$as_echo "#define GLIBC_2_21 1" >>confdefs.h -+ -+ DEFAULT_SUPP="glibc-2.X.supp ${DEFAULT_SUPP}" -+ DEFAULT_SUPP="glibc-2.34567-NPTL-helgrind.supp ${DEFAULT_SUPP}" -+ DEFAULT_SUPP="glibc-2.X-drd.supp ${DEFAULT_SUPP}" -+ ;; -+ 2.22) -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: 2.22 family" >&5 -+$as_echo "2.22 family" >&6; } -+ -+$as_echo "#define GLIBC_2_22 1" >>confdefs.h -+ -+ DEFAULT_SUPP="glibc-2.X.supp ${DEFAULT_SUPP}" -+ DEFAULT_SUPP="glibc-2.34567-NPTL-helgrind.supp ${DEFAULT_SUPP}" -+ DEFAULT_SUPP="glibc-2.X-drd.supp ${DEFAULT_SUPP}" -+ ;; - darwin) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: Darwin" >&5 - $as_echo "Darwin" >&6; } diff --git a/gnu/packages/patches/valgrind-linux-libre-4.x.patch b/gnu/packages/patches/valgrind-linux-libre-4.x.patch deleted file mode 100644 index 79166619c7..0000000000 --- a/gnu/packages/patches/valgrind-linux-libre-4.x.patch +++ /dev/null @@ -1,18 +0,0 @@ -Modify valgrind's configure script to accept linux-libre-4.x as being in the -same family as 3.x. - ---- valgrind-3.10.1/configure 2015-09-15 18:02:20.710262686 -0400 -+++ valgrind-3.10.1/configure 2015-09-15 18:02:59.831829731 -0400 -@@ -5553,9 +5553,9 @@ - kernel=`uname -r` - - case "${kernel}" in -- 2.6.*|3.*) -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: 2.6.x/3.x family (${kernel})" >&5 --$as_echo "2.6.x/3.x family (${kernel})" >&6; } -+ 2.6.*|3.*|4.*) -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: 2.6.x/3.x/4.x family (${kernel})" >&5 -+$as_echo "2.6.x/3.x/4.x family (${kernel})" >&6; } - - $as_echo "#define KERNEL_2_6 1" >>confdefs.h - diff --git a/gnu/packages/valgrind.scm b/gnu/packages/valgrind.scm index a4c75baed9..f300d93271 100644 --- a/gnu/packages/valgrind.scm +++ b/gnu/packages/valgrind.scm @@ -30,16 +30,14 @@ (define-public valgrind (package (name "valgrind") - (version "3.10.1") + (version "3.11.0") (source (origin (method url-fetch) (uri (string-append "http://valgrind.org/downloads/valgrind-" version ".tar.bz2")) (sha256 (base32 - "15xrzhfnwwn7n1sfbkwvdbvs6zk0zx718n6zd5i1nrnvdp13s9gs")) - (patches (map search-patch '("valgrind-glibc-2.22.patch" - "valgrind-linux-libre-4.x.patch"))))) + "0hiv871b9bk689mv42mkhp76za78l5773glszfkdbpf1m1qn4fbc")))) (build-system gnu-build-system) (arguments '(#:phases (alist-cons-after -- cgit v1.2.3 From 5768893ad108d53844a525d20a40a39a9006762b Mon Sep 17 00:00:00 2001 From: Andreas Enge Date: Fri, 2 Oct 2015 20:59:20 +0200 Subject: gnu: valgrind: Enable the arm architecture during configuration. * gnu/packages/patches/valgrind-enable-arm.patch: New file. * gnu/packages/valgrind.scm (valgrind)[source]: Add patch. * gnu-system.am (dist_patch_DATA): Enable patch. --- gnu-system.am | 1 + gnu/packages/patches/valgrind-enable-arm.patch | 15 +++++++++++++++ gnu/packages/valgrind.scm | 3 ++- 3 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/valgrind-enable-arm.patch (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index c9a4d32475..0afe345809 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -647,6 +647,7 @@ dist_patch_DATA = \ gnu/packages/patches/unzip-remove-build-date.patch \ gnu/packages/patches/util-linux-tests.patch \ gnu/packages/patches/upower-builddir.patch \ + gnu/packages/patches/valgrind-enable-arm.patch \ gnu/packages/patches/vpnc-script.patch \ gnu/packages/patches/vtk-mesa-10.patch \ gnu/packages/patches/w3m-fix-compile.patch \ diff --git a/gnu/packages/patches/valgrind-enable-arm.patch b/gnu/packages/patches/valgrind-enable-arm.patch new file mode 100644 index 0000000000..663e68463c --- /dev/null +++ b/gnu/packages/patches/valgrind-enable-arm.patch @@ -0,0 +1,15 @@ +Accept "arm" instead of "armv7" in configure, see + http://valgrind.10908.n7.nabble.com/building-for-arm-td39382.html . + +diff -u -r valgrind-3.11.0.orig/configure valgrind-3.11.0/configure +--- valgrind-3.11.0.orig/configure 2015-10-02 20:37:41.915721386 +0200 ++++ valgrind-3.11.0/configure 2015-10-02 20:37:54.886746395 +0200 +@@ -5607,7 +5607,7 @@ + ARCH_MAX="s390x" + ;; + +- armv7*) ++ arm*) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok (${host_cpu})" >&5 + $as_echo "ok (${host_cpu})" >&6; } + ARCH_MAX="arm" diff --git a/gnu/packages/valgrind.scm b/gnu/packages/valgrind.scm index f300d93271..5cfbe6d554 100644 --- a/gnu/packages/valgrind.scm +++ b/gnu/packages/valgrind.scm @@ -37,7 +37,8 @@ version ".tar.bz2")) (sha256 (base32 - "0hiv871b9bk689mv42mkhp76za78l5773glszfkdbpf1m1qn4fbc")))) + "0hiv871b9bk689mv42mkhp76za78l5773glszfkdbpf1m1qn4fbc")) + (patches (map search-patch '("valgrind-enable-arm.patch"))))) (build-system gnu-build-system) (arguments '(#:phases (alist-cons-after -- cgit v1.2.3 From 7431edea5b6eb4d1c67ddf9971efdfdbc65fc349 Mon Sep 17 00:00:00 2001 From: Andreas Enge Date: Sun, 4 Oct 2015 00:51:21 +0200 Subject: gnu: qt-4: Disable webkit build. * gnu/packages/qt.scm (qt-4)[source]: Add snippet to remove the webkit code and drop one patch used previously for webkit. [arguments]: Add configure flag to disable building the webkit module. * gnu/packages/patches/qt4-tests.patch: Delete file. * gnu-system.am (dist_patch_DATA): Unregister patch. Partially fixes . --- gnu-system.am | 1 - gnu/packages/patches/qt4-tests.patch | 22 ---------------------- gnu/packages/qt.scm | 9 ++++++++- 3 files changed, 8 insertions(+), 24 deletions(-) delete mode 100644 gnu/packages/patches/qt4-tests.patch (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index 0afe345809..8eb268f752 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -611,7 +611,6 @@ dist_patch_DATA = \ gnu/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \ gnu/packages/patches/qemu-CVE-2015-6855.patch \ gnu/packages/patches/qt4-ldflags.patch \ - gnu/packages/patches/qt4-tests.patch \ gnu/packages/patches/qt5-runpath.patch \ gnu/packages/patches/ratpoison-shell.patch \ gnu/packages/patches/readline-link-ncurses.patch \ diff --git a/gnu/packages/patches/qt4-tests.patch b/gnu/packages/patches/qt4-tests.patch deleted file mode 100644 index eb499ec76a..0000000000 --- a/gnu/packages/patches/qt4-tests.patch +++ /dev/null @@ -1,22 +0,0 @@ -Drop tests requiring a running X server, but not starting any. - -diff -ru qt-everywhere-opensource-src-4.8.5.orig/src/3rdparty/webkit/Source/WebKit/qt/tests/tests.pro qt-everywhere-opensource-src-4.8.5/src/3rdparty/webkit/Source/WebKit/qt/tests/tests.pro ---- qt-everywhere-opensource-src-4.8.5.orig/src/3rdparty/webkit/Source/WebKit/qt/tests/tests.pro 2013-10-12 13:15:47.000000000 +0200 -+++ qt-everywhere-opensource-src-4.8.5/src/3rdparty/webkit/Source/WebKit/qt/tests/tests.pro 2013-10-12 13:20:15.000000000 +0200 -@@ -1,15 +1,4 @@ - - TEMPLATE = subdirs --SUBDIRS = qwebframe qwebpage qwebelement qgraphicswebview qwebhistoryinterface qwebview qwebhistory qwebinspector hybridPixmap -+SUBDIRS = - --linux-* { -- # This test bypasses the library and links the tested code's object itself. -- # This stresses the build system in some corners so we only run it on linux. -- SUBDIRS += MIMESniffing --} -- --contains(QT_CONFIG, declarative): SUBDIRS += qdeclarativewebview --SUBDIRS += benchmarks/painting benchmarks/loading --contains(DEFINES, ENABLE_WEBGL=1) { -- SUBDIRS += benchmarks/webgl --} diff --git a/gnu/packages/qt.scm b/gnu/packages/qt.scm index ce5ab656a5..c2c3f9abcd 100644 --- a/gnu/packages/qt.scm +++ b/gnu/packages/qt.scm @@ -243,7 +243,11 @@ developers using C++ or QML, a CSS & JavaScript like language.") (base32 "183fca7n7439nlhxyg1z7aky0izgbyll3iwakw4gwivy16aj5272")) (patches (map search-patch - '("qt4-ldflags.patch" "qt4-tests.patch"))))) + '("qt4-ldflags.patch"))) + (modules '((guix build utils))) + (snippet + ;; Remove webkit module, which is not built. + '(delete-file-recursively "src/3rdparty/webkit")))) (inputs `(,@(alist-delete "harfbuzz" (alist-delete "libjpeg" (package-inputs qt))) ("libjepg" ,libjpeg-8) @@ -288,6 +292,9 @@ developers using C++ or QML, a CSS & JavaScript like language.") "-confirm-license" ;; explicitly link with dbus instead of dlopening it "-dbus-linked" + ;; Skip the webkit module; it fails to build on armhf + ;; and, apart from that, may pose security risks. + "-no-webkit" ;; drop special machine instructions not supported ;; on all instances of the target ,@(if (string-prefix? "x86_64" -- cgit v1.2.3 From 14bcc1e1cd85d38db59b6b6089d63d429fb76b57 Mon Sep 17 00:00:00 2001 From: Andreas Enge Date: Sun, 4 Oct 2015 12:56:45 +0200 Subject: gnu: qt: Remove the sources of qtwebengine. * gnu/packages/qt.scm (qt)[source]: Add snippet to remove the qtwebengine code, which was already not built anymore, and drop one patch used previously only for qtwebengine. [arguments]: Drop the configuration flag "-skip qtwebengine", since deleted modules cannot be skipped. * gnu/packages/patches/qt5-runpath.patch: Delete file. * gnu-system.am (dist_patch_DATA): Unregister patch. Partially fixes . --- gnu-system.am | 1 - gnu/packages/patches/qt5-runpath.patch | 27 --------------------------- gnu/packages/qt.scm | 27 ++++++++++----------------- 3 files changed, 10 insertions(+), 45 deletions(-) delete mode 100644 gnu/packages/patches/qt5-runpath.patch (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index 8eb268f752..577c6e8c07 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -611,7 +611,6 @@ dist_patch_DATA = \ gnu/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \ gnu/packages/patches/qemu-CVE-2015-6855.patch \ gnu/packages/patches/qt4-ldflags.patch \ - gnu/packages/patches/qt5-runpath.patch \ gnu/packages/patches/ratpoison-shell.patch \ gnu/packages/patches/readline-link-ncurses.patch \ gnu/packages/patches/ripperx-missing-file.patch \ diff --git a/gnu/packages/patches/qt5-runpath.patch b/gnu/packages/patches/qt5-runpath.patch deleted file mode 100644 index d045d39aaa..0000000000 --- a/gnu/packages/patches/qt5-runpath.patch +++ /dev/null @@ -1,27 +0,0 @@ -Allow the use of DT_RUNPATH. This fixes a bug whereby libQt5WebEngineCore.so -ends up having an empty RUNPATH. - - -diff -u -r qt-everywhere-opensource-src-5.5.0.orig/qtwebengine/src/3rdparty/chromium/build/common.gypi qt-everywhere-opensource-src-5.5.0/qtwebengine/src/3rdparty/chromium/build/common.gypi ---- qt-everywhere-opensource-src-5.5.0.orig/qtwebengine/src/3rdparty/chromium/build/common.gypi 2015-06-29 22:09:36.000000000 +0200 -+++ qt-everywhere-opensource-src-5.5.0/qtwebengine/src/3rdparty/chromium/build/common.gypi 2015-07-25 15:32:57.999411191 +0200 -@@ -4448,19 +4448,6 @@ - '-B=223', { -- # Newer binutils don't set DT_RPATH unless you disable "new" dtags -- # and the new DT_RUNPATH doesn't work without --no-as-needed flag. -- # FIXME(mithro): Figure out the --as-needed/--no-as-needed flags -- # inside this file to allow usage of --no-as-needed and removal of -- # this flag. -- 'ldflags': [ -- '-Wl,--disable-new-dtags', -- ], -- }], - ['gcc_version>=47 and clang==0', { - 'target_conditions': [ - ['_toolset=="target"', { diff --git a/gnu/packages/qt.scm b/gnu/packages/qt.scm index c2c3f9abcd..398e42c543 100644 --- a/gnu/packages/qt.scm +++ b/gnu/packages/qt.scm @@ -108,7 +108,16 @@ X11 (yet).") (sha256 (base32 "1by2l8wxbqwvs7anb5ggmqhn2cfmhyw3a23bp1yyd240rdpa38ky")) - (patches (list (search-patch "qt5-runpath.patch"))))) + (modules '((guix build utils))) + (snippet + ;; Remove qtwebengine, which relies on a bundled copy of + ;; chromium. Not only does it fail compilation in qt 5.5: + ;; 3rdparty/chromium/ui/gfx/codec/jpeg_codec.cc:362:10: + ;; error: cannot convert ‘bool’ to ‘boolean’ in return + ;; it might also pose security problems. + ;; Alternatively, we could use the "-skip qtwebengine" + ;; configuration option. + '(delete-file-recursively "qtwebengine")))) (build-system gnu-build-system) (propagated-inputs `(("mesa" ,mesa))) @@ -158,8 +167,6 @@ X11 (yet).") `(("bison" ,bison) ("flex" ,flex) ("gperf" ,gperf) - ;; Ninja is only needed for the disabled qtwebengine -;; ("ninja" ,ninja) ("perl" ,perl) ("pkg-config" ,pkg-config) ("python" ,python-2) @@ -175,14 +182,6 @@ X11 (yet).") (("/bin/pwd") (which "pwd"))) (substitute* "qtbase/src/corelib/global/global.pri" (("/bin/ls") (which "ls"))) - ;; commented out since qtwebengine is not built, but left in - ;; for reference -;; (substitute* "qtwebengine/src/3rdparty/chromium/build/common.gypi" -;; (("/bin/echo") (which "echo"))) -;; (substitute* "qtwebengine/src/3rdparty/chromium/third_party/\ -;; WebKit/Source/build/scripts/scripts.gypi" -;; (("/usr/bin/gcc") (which "gcc"))) -;; (setenv "NINJA_PATH" (which "ninja")) ;; do not pass "--enable-fast-install", which makes the ;; configure process fail (zero? (system* @@ -196,12 +195,6 @@ X11 (yet).") "-openssl-linked" ;; explicitly link with dbus instead of dlopening it "-dbus-linked" - ;; drop chromium module (qtwebengine); it fails - ;; compilation in qt 5.5: - ;; 3rdparty/chromium/ui/gfx/codec/jpeg_codec.cc:362:10: - ;; error: cannot convert ‘bool’ to ‘boolean’ in return - ;; and might pose security problems. - "-skip" "qtwebengine" ;; drop special machine instructions not supported ;; on all instances of the target ,@(if (string-prefix? "x86_64" -- cgit v1.2.3 From 7ab73c4addad7cf5358b988943871ea85192f692 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Wed, 7 Oct 2015 22:17:12 -0400 Subject: gnu: openjpeg-2.x: Add fix for CVE-2015-6581. * gnu/packages/patches/openjpeg-CVE-2015-6581.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. * gnu/packages/image.scm (openjpeg, openjpeg-2.0)[source]: Add patch. --- gnu-system.am | 1 + gnu/packages/image.scm | 6 ++- gnu/packages/patches/openjpeg-CVE-2015-6581.patch | 47 +++++++++++++++++++++++ 3 files changed, 52 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/openjpeg-CVE-2015-6581.patch (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index 577c6e8c07..35d2da4701 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -572,6 +572,7 @@ dist_patch_DATA = \ gnu/packages/patches/nvi-dbpagesize-binpower.patch \ gnu/packages/patches/nvi-db4.patch \ gnu/packages/patches/openexr-missing-samples.patch \ + gnu/packages/patches/openjpeg-CVE-2015-6581.patch \ gnu/packages/patches/openjpeg-use-after-free-fix.patch \ gnu/packages/patches/openssl-runpath.patch \ gnu/packages/patches/openssl-c-rehash.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 26f1be9a2f..23ad59ce9a 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -272,7 +272,8 @@ work.") version ".tar.gz")) (sha256 (base32 "00zzm303zvv4ijzancrsb1cqbph3pgz0nky92k9qx3fq9y0vnchj")) - (patches (list (search-patch "openjpeg-use-after-free-fix.patch"))))) + (patches (map search-patch '("openjpeg-use-after-free-fix.patch" + "openjpeg-CVE-2015-6581.patch"))))) (build-system cmake-build-system) (arguments ;; Trying to run `$ make check' results in a no rule fault. @@ -308,7 +309,8 @@ error-resilience, a Java-viewer for j2k-images, ...") version ".tar.gz")) (sha256 (base32 "1c2xc3nl2mg511b63rk7hrckmy14681p1m44mzw3n1fyqnjm0b0z")) - (patches (list (search-patch "openjpeg-use-after-free-fix.patch"))))))) + (patches (map search-patch '("openjpeg-use-after-free-fix.patch" + "openjpeg-CVE-2015-6581.patch"))))))) (define-public openjpeg-1 (package (inherit openjpeg) diff --git a/gnu/packages/patches/openjpeg-CVE-2015-6581.patch b/gnu/packages/patches/openjpeg-CVE-2015-6581.patch new file mode 100644 index 0000000000..7ce03501f4 --- /dev/null +++ b/gnu/packages/patches/openjpeg-CVE-2015-6581.patch @@ -0,0 +1,47 @@ +From 0fa5a17c98c4b8f9ee2286f4f0a50cf52a5fccb0 Mon Sep 17 00:00:00 2001 +From: Matthieu Darbois +Date: Tue, 19 May 2015 21:57:27 +0000 +Subject: [PATCH] [trunk] Correct potential double free on malloc failure in + opj_j2k_copy_default_tcp_and_create_tcp (fixes issue 492) + +--- + src/lib/openjp2/j2k.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c +index 8c62a39..cbdd368 100644 +--- a/src/lib/openjp2/j2k.c ++++ b/src/lib/openjp2/j2k.c +@@ -7365,6 +7365,12 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd ( opj_j2k_t * p_j2 + l_tcp->cod = 0; + l_tcp->ppt = 0; + l_tcp->ppt_data = 00; ++ /* Remove memory not owned by this tile in case of early error return. */ ++ l_tcp->m_mct_decoding_matrix = 00; ++ l_tcp->m_nb_max_mct_records = 0; ++ l_tcp->m_mct_records = 00; ++ l_tcp->m_nb_max_mcc_records = 0; ++ l_tcp->m_mcc_records = 00; + /* Reconnect the tile-compo coding parameters pointer to the current tile coding parameters*/ + l_tcp->tccps = l_current_tccp; + +@@ -7402,6 +7408,8 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd ( opj_j2k_t * p_j2 + + ++l_src_mct_rec; + ++l_dest_mct_rec; ++ /* Update with each pass to free exactly what has been allocated on early return. */ ++ l_tcp->m_nb_max_mct_records += 1; + } + + /* Get the mcc_record of the dflt_tile_cp and copy them into the current tile cp*/ +@@ -7411,6 +7419,7 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd ( opj_j2k_t * p_j2 + return OPJ_FALSE; + } + memcpy(l_tcp->m_mcc_records,l_default_tcp->m_mcc_records,l_mcc_records_size); ++ l_tcp->m_nb_max_mcc_records = l_default_tcp->m_nb_max_mcc_records; + + /* Copy the mcc record data from dflt_tile_cp to the current tile*/ + l_src_mcc_rec = l_default_tcp->m_mcc_records; +-- +2.5.0 + -- cgit v1.2.3 From a606ed89d4e3737beec2f3392bedba61904778f4 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Wed, 7 Oct 2015 22:50:46 -0400 Subject: gnu: webkitgtk-2.4: Fix potential code execution vulnerability. * gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. * gnu/packages/webkit.scm (webkitgtk-2.4)[source]: Add patch. --- gnu-system.am | 1 + .../patches/webkitgtk-2.4-sql-init-string.patch | 17 +++++++++++++++++ gnu/packages/webkit.scm | 4 +++- 3 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index 35d2da4701..67879e9872 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -650,6 +650,7 @@ dist_patch_DATA = \ gnu/packages/patches/vpnc-script.patch \ gnu/packages/patches/vtk-mesa-10.patch \ gnu/packages/patches/w3m-fix-compile.patch \ + gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch \ gnu/packages/patches/weex-vacopy.patch \ gnu/packages/patches/wicd-bitrate-none-fix.patch \ gnu/packages/patches/wicd-get-selected-profile-fix.patch \ diff --git a/gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch b/gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch new file mode 100644 index 0000000000..671b5fb910 --- /dev/null +++ b/gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch @@ -0,0 +1,17 @@ +Copied from Fedora. + +https://bugzilla.redhat.com/show_bug.cgi?id=1189303 +http://pkgs.fedoraproject.org/cgit/webkitgtk.git/commit/?id=e689e45d0cc2c50484e69d20371ba607af7326f3 + +diff -up webkitgtk-2.4.9/Source/WebCore/platform/sql/SQLiteStatement.cpp.sql_initialize_string webkitgtk-2.4.9/Source/WebCore/platform/sql/SQLiteStatement.cpp +--- webkitgtk-2.4.9/Source/WebCore/platform/sql/SQLiteStatement.cpp.sql_initialize_string 2015-09-14 09:25:43.004200172 +0200 ++++ webkitgtk-2.4.9/Source/WebCore/platform/sql/SQLiteStatement.cpp 2015-09-14 09:25:57.852082368 +0200 +@@ -71,7 +71,7 @@ int SQLiteStatement::prepare() + // this lets SQLite avoid an extra string copy. + size_t lengthIncludingNullCharacter = query.length() + 1; + +- const char* tail; ++ const char* tail = nullptr; + int error = sqlite3_prepare_v2(m_database.sqlite3Handle(), query.data(), lengthIncludingNullCharacter, &m_statement, &tail); + + if (error != SQLITE_OK) diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm index 6be1f91807..bb041b1935 100644 --- a/gnu/packages/webkit.scm +++ b/gnu/packages/webkit.scm @@ -141,7 +141,9 @@ HTML/CSS applications to full-fledged web browsers.") name "-" version ".tar.xz")) (sha256 (base32 - "0r651ar3p0f8zwl7764kyimxk5hy88cwy116pv8cl5l8hbkjkpxg")))) + "0r651ar3p0f8zwl7764kyimxk5hy88cwy116pv8cl5l8hbkjkpxg")) + (patches + (list (search-patch "webkitgtk-2.4-sql-init-string.patch"))))) (build-system gnu-build-system) (arguments '(#:tests? #f ; no tests -- cgit v1.2.3