diff options
author | Mark H Weaver <mhw@netris.org> | 2015-10-07 22:50:46 -0400 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2015-10-07 22:54:09 -0400 |
commit | a606ed89d4e3737beec2f3392bedba61904778f4 (patch) | |
tree | 9758b9891b983910c84ae69e1b7e993672a6c23a /gnu/packages/patches | |
parent | 2ab5e39d22dd9698c33a7a6ed8d5266f596f68e0 (diff) | |
download | gnu-guix-a606ed89d4e3737beec2f3392bedba61904778f4.tar gnu-guix-a606ed89d4e3737beec2f3392bedba61904778f4.tar.gz |
gnu: webkitgtk-2.4: Fix potential code execution vulnerability.
* gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/webkit.scm (webkitgtk-2.4)[source]: Add patch.
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch b/gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch new file mode 100644 index 0000000000..671b5fb910 --- /dev/null +++ b/gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch @@ -0,0 +1,17 @@ +Copied from Fedora. + +https://bugzilla.redhat.com/show_bug.cgi?id=1189303 +http://pkgs.fedoraproject.org/cgit/webkitgtk.git/commit/?id=e689e45d0cc2c50484e69d20371ba607af7326f3 + +diff -up webkitgtk-2.4.9/Source/WebCore/platform/sql/SQLiteStatement.cpp.sql_initialize_string webkitgtk-2.4.9/Source/WebCore/platform/sql/SQLiteStatement.cpp +--- webkitgtk-2.4.9/Source/WebCore/platform/sql/SQLiteStatement.cpp.sql_initialize_string 2015-09-14 09:25:43.004200172 +0200 ++++ webkitgtk-2.4.9/Source/WebCore/platform/sql/SQLiteStatement.cpp 2015-09-14 09:25:57.852082368 +0200 +@@ -71,7 +71,7 @@ int SQLiteStatement::prepare() + // this lets SQLite avoid an extra string copy. + size_t lengthIncludingNullCharacter = query.length() + 1; + +- const char* tail; ++ const char* tail = nullptr; + int error = sqlite3_prepare_v2(m_database.sqlite3Handle(), query.data(), lengthIncludingNullCharacter, &m_statement, &tail); + + if (error != SQLITE_OK) |