aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2015-10-07 22:50:46 -0400
committerMark H Weaver <mhw@netris.org>2015-10-07 22:54:09 -0400
commita606ed89d4e3737beec2f3392bedba61904778f4 (patch)
tree9758b9891b983910c84ae69e1b7e993672a6c23a
parent2ab5e39d22dd9698c33a7a6ed8d5266f596f68e0 (diff)
downloadguix-a606ed89d4e3737beec2f3392bedba61904778f4.tar
guix-a606ed89d4e3737beec2f3392bedba61904778f4.tar.gz
gnu: webkitgtk-2.4: Fix potential code execution vulnerability.
* gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. * gnu/packages/webkit.scm (webkitgtk-2.4)[source]: Add patch.
-rw-r--r--gnu-system.am1
-rw-r--r--gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch17
-rw-r--r--gnu/packages/webkit.scm4
3 files changed, 21 insertions, 1 deletions
diff --git a/gnu-system.am b/gnu-system.am
index 35d2da4701..67879e9872 100644
--- a/gnu-system.am
+++ b/gnu-system.am
@@ -650,6 +650,7 @@ dist_patch_DATA = \
gnu/packages/patches/vpnc-script.patch \
gnu/packages/patches/vtk-mesa-10.patch \
gnu/packages/patches/w3m-fix-compile.patch \
+ gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch \
gnu/packages/patches/weex-vacopy.patch \
gnu/packages/patches/wicd-bitrate-none-fix.patch \
gnu/packages/patches/wicd-get-selected-profile-fix.patch \
diff --git a/gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch b/gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch
new file mode 100644
index 0000000000..671b5fb910
--- /dev/null
+++ b/gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch
@@ -0,0 +1,17 @@
+Copied from Fedora.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1189303
+http://pkgs.fedoraproject.org/cgit/webkitgtk.git/commit/?id=e689e45d0cc2c50484e69d20371ba607af7326f3
+
+diff -up webkitgtk-2.4.9/Source/WebCore/platform/sql/SQLiteStatement.cpp.sql_initialize_string webkitgtk-2.4.9/Source/WebCore/platform/sql/SQLiteStatement.cpp
+--- webkitgtk-2.4.9/Source/WebCore/platform/sql/SQLiteStatement.cpp.sql_initialize_string 2015-09-14 09:25:43.004200172 +0200
++++ webkitgtk-2.4.9/Source/WebCore/platform/sql/SQLiteStatement.cpp 2015-09-14 09:25:57.852082368 +0200
+@@ -71,7 +71,7 @@ int SQLiteStatement::prepare()
+ // this lets SQLite avoid an extra string copy.
+ size_t lengthIncludingNullCharacter = query.length() + 1;
+
+- const char* tail;
++ const char* tail = nullptr;
+ int error = sqlite3_prepare_v2(m_database.sqlite3Handle(), query.data(), lengthIncludingNullCharacter, &m_statement, &tail);
+
+ if (error != SQLITE_OK)
diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm
index 6be1f91807..bb041b1935 100644
--- a/gnu/packages/webkit.scm
+++ b/gnu/packages/webkit.scm
@@ -141,7 +141,9 @@ HTML/CSS applications to full-fledged web browsers.")
name "-" version ".tar.xz"))
(sha256
(base32
- "0r651ar3p0f8zwl7764kyimxk5hy88cwy116pv8cl5l8hbkjkpxg"))))
+ "0r651ar3p0f8zwl7764kyimxk5hy88cwy116pv8cl5l8hbkjkpxg"))
+ (patches
+ (list (search-patch "webkitgtk-2.4-sql-init-string.patch")))))
(build-system gnu-build-system)
(arguments
'(#:tests? #f ; no tests