diff options
author | Marius Bakke <mbakke@fastmail.com> | 2017-10-24 22:00:23 +0200 |
---|---|---|
committer | Marius Bakke <mbakke@fastmail.com> | 2017-10-24 22:00:23 +0200 |
commit | ca4fd41de892c7055ce140863382c332441b15d3 (patch) | |
tree | 39872899c5bc649e11172dccb2f262a56f234661 /gnu/packages/patches | |
parent | 7276eca4dcbe513922d5a778ee5fc8f2b2649642 (diff) | |
parent | 648c896ad3b198a1742c1ee8f66a1922aa98c1d8 (diff) | |
download | guix-ca4fd41de892c7055ce140863382c332441b15d3.tar guix-ca4fd41de892c7055ce140863382c332441b15d3.tar.gz |
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/glibc-CVE-2017-15670-15671.patch | 27 | ||||
-rw-r--r-- | gnu/packages/patches/icu4c-CVE-2017-14952.patch | 18 | ||||
-rw-r--r-- | gnu/packages/patches/mupdf-CVE-2017-14685.patch | 34 | ||||
-rw-r--r-- | gnu/packages/patches/mupdf-CVE-2017-14686.patch | 34 | ||||
-rw-r--r-- | gnu/packages/patches/mupdf-CVE-2017-14687.patch | 130 |
5 files changed, 243 insertions, 0 deletions
diff --git a/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch b/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch new file mode 100644 index 0000000000..76d688c517 --- /dev/null +++ b/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch @@ -0,0 +1,27 @@ +Fix CVE-2017-15670: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15670 +https://sourceware.org/bugzilla/show_bug.cgi?id=22320 +https://bugzilla.redhat.com/show_bug.cgi?id=1504804 + +And CVE-2017-15671: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671 +https://sourceware.org/bugzilla/show_bug.cgi?id=22325 +https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15671 + +Copied from upstream: +<https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=2d1bd71ec70a31b01d01b734faa66bb1ed28961f> + +diff --git a/posix/glob.c b/posix/glob.c +--- a/posix/glob.c ++++ b/posix/glob.c +@@ -843,7 +843,7 @@ + *p = '\0'; + } + else +- *((char *) mempcpy (newp, dirname + 1, end_name - dirname)) ++ *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1)) + = '\0'; + user_name = newp; + } diff --git a/gnu/packages/patches/icu4c-CVE-2017-14952.patch b/gnu/packages/patches/icu4c-CVE-2017-14952.patch new file mode 100644 index 0000000000..564f69d01d --- /dev/null +++ b/gnu/packages/patches/icu4c-CVE-2017-14952.patch @@ -0,0 +1,18 @@ +Fix CVE-2017-14952: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14952 + +Patch copied from upstream source repository: + +http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp#file0 + +Index: trunk/icu4c/source/i18n/zonemeta.cpp +=================================================================== +--- icu/source/i18n/zonemeta.cpp (revision 40283) ++++ icu/source/i18n/zonemeta.cpp (revision 40324) +@@ -691,5 +691,4 @@ + if (U_FAILURE(status)) { + delete mzMappings; +- deleteOlsonToMetaMappingEntry(entry); + uprv_free(entry); + break; diff --git a/gnu/packages/patches/mupdf-CVE-2017-14685.patch b/gnu/packages/patches/mupdf-CVE-2017-14685.patch new file mode 100644 index 0000000000..3fcce5fedf --- /dev/null +++ b/gnu/packages/patches/mupdf-CVE-2017-14685.patch @@ -0,0 +1,34 @@ +Fix CVE-2017-14685: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14685 + +Patch copied from upstream source repository: + +https://git.ghostscript.com/?p=mupdf.git;h=ab1a420613dec93c686acbee2c165274e922f82a + +From ab1a420613dec93c686acbee2c165274e922f82a Mon Sep 17 00:00:00 2001 +From: Tor Andersson <tor.andersson@artifex.com> +Date: Tue, 19 Sep 2017 15:23:04 +0200 +Subject: [PATCH] Fix 698539: Don't use xps font if it could not be loaded. + +xps_load_links_in_glyphs did not cope with font loading failures. +--- + source/xps/xps-link.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/source/xps/xps-link.c b/source/xps/xps-link.c +index c07e0d7..c26a8d9 100644 +--- a/source/xps/xps-link.c ++++ b/source/xps/xps-link.c +@@ -91,6 +91,8 @@ xps_load_links_in_glyphs(fz_context *ctx, xps_document *doc, const fz_matrix *ct + bidi_level = atoi(bidi_level_att); + + font = xps_lookup_font(ctx, doc, base_uri, font_uri_att, style_att); ++ if (!font) ++ return; + text = xps_parse_glyphs_imp(ctx, doc, &local_ctm, font, fz_atof(font_size_att), + fz_atof(origin_x_att), fz_atof(origin_y_att), + is_sideways, bidi_level, indices_att, unicode_att); +-- +2.9.1 + diff --git a/gnu/packages/patches/mupdf-CVE-2017-14686.patch b/gnu/packages/patches/mupdf-CVE-2017-14686.patch new file mode 100644 index 0000000000..e462a6ffeb --- /dev/null +++ b/gnu/packages/patches/mupdf-CVE-2017-14686.patch @@ -0,0 +1,34 @@ +Fix CVE-2017-14686: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14686 + +Patch copied from upstream source repository: + +https://git.ghostscript.com/?p=mupdf.git;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1 + +From 0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1 Mon Sep 17 00:00:00 2001 +From: Tor Andersson <tor.andersson@artifex.com> +Date: Tue, 19 Sep 2017 16:33:38 +0200 +Subject: [PATCH] Fix 698540: Check name, comment and meta size field signs. + +--- + source/fitz/unzip.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/source/fitz/unzip.c b/source/fitz/unzip.c +index f2d4f32..0bcce0f 100644 +--- a/source/fitz/unzip.c ++++ b/source/fitz/unzip.c +@@ -141,6 +141,9 @@ static void read_zip_dir_imp(fz_context *ctx, fz_zip_archive *zip, int start_off + (void) fz_read_int32_le(ctx, file); /* ext file atts */ + offset = fz_read_int32_le(ctx, file); + ++ if (namesize < 0 || metasize < 0 || commentsize < 0) ++ fz_throw(ctx, FZ_ERROR_GENERIC, "invalid size in zip entry"); ++ + name = fz_malloc(ctx, namesize + 1); + n = fz_read(ctx, file, (unsigned char*)name, namesize); + if (n < (size_t)namesize) +-- +2.9.1 + diff --git a/gnu/packages/patches/mupdf-CVE-2017-14687.patch b/gnu/packages/patches/mupdf-CVE-2017-14687.patch new file mode 100644 index 0000000000..cdc41df813 --- /dev/null +++ b/gnu/packages/patches/mupdf-CVE-2017-14687.patch @@ -0,0 +1,130 @@ +Fix CVE-2017-14687: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14687 + +Patch copied from upstream source repository: + +https://git.ghostscript.com/?p=mupdf.git;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28 + +From 2b16dbd8f73269cb15ca61ece75cf8d2d196ed28 Mon Sep 17 00:00:00 2001 +From: Tor Andersson <tor.andersson@artifex.com> +Date: Tue, 19 Sep 2017 17:17:12 +0200 +Subject: [PATCH] Fix 698558: Handle non-tags in tag name comparisons. + +Use fz_xml_is_tag instead of fz_xml_tag && !strcmp idiom. +--- + source/html/css-apply.c | 2 +- + source/svg/svg-run.c | 2 +- + source/xps/xps-common.c | 6 +++--- + source/xps/xps-glyphs.c | 2 +- + source/xps/xps-path.c | 4 ++-- + source/xps/xps-resource.c | 2 +- + 6 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/source/html/css-apply.c b/source/html/css-apply.c +index de55490..6a91df0 100644 +--- a/source/html/css-apply.c ++++ b/source/html/css-apply.c +@@ -328,7 +328,7 @@ match_selector(fz_css_selector *sel, fz_xml *node) + + if (sel->name) + { +- if (strcmp(sel->name, fz_xml_tag(node))) ++ if (!fz_xml_is_tag(node, sel->name)) + return 0; + } + +diff --git a/source/svg/svg-run.c b/source/svg/svg-run.c +index f974c67..5302c64 100644 +--- a/source/svg/svg-run.c ++++ b/source/svg/svg-run.c +@@ -1044,7 +1044,7 @@ svg_run_use(fz_context *ctx, fz_device *dev, svg_document *doc, fz_xml *root, co + fz_xml *linked = fz_tree_lookup(ctx, doc->idmap, xlink_href_att + 1); + if (linked) + { +- if (!strcmp(fz_xml_tag(linked), "symbol")) ++ if (fz_xml_is_tag(linked, "symbol")) + svg_run_use_symbol(ctx, dev, doc, root, linked, &local_state); + else + svg_run_element(ctx, dev, doc, linked, &local_state); +diff --git a/source/xps/xps-common.c b/source/xps/xps-common.c +index cc7fed9..f2f9b93 100644 +--- a/source/xps/xps-common.c ++++ b/source/xps/xps-common.c +@@ -47,7 +47,7 @@ xps_parse_brush(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, const + else if (fz_xml_is_tag(node, "RadialGradientBrush")) + xps_parse_radial_gradient_brush(ctx, doc, ctm, area, base_uri, dict, node); + else +- fz_warn(ctx, "unknown brush tag: %s", fz_xml_tag(node)); ++ fz_warn(ctx, "unknown brush tag"); + } + + void +@@ -85,7 +85,7 @@ xps_begin_opacity(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, cons + if (opacity_att) + opacity = fz_atof(opacity_att); + +- if (opacity_mask_tag && !strcmp(fz_xml_tag(opacity_mask_tag), "SolidColorBrush")) ++ if (fz_xml_is_tag(opacity_mask_tag, "SolidColorBrush")) + { + char *scb_opacity_att = fz_xml_att(opacity_mask_tag, "Opacity"); + char *scb_color_att = fz_xml_att(opacity_mask_tag, "Color"); +@@ -129,7 +129,7 @@ xps_end_opacity(fz_context *ctx, xps_document *doc, char *base_uri, xps_resource + + if (opacity_mask_tag) + { +- if (strcmp(fz_xml_tag(opacity_mask_tag), "SolidColorBrush")) ++ if (!fz_xml_is_tag(opacity_mask_tag, "SolidColorBrush")) + fz_pop_clip(ctx, dev); + } + } +diff --git a/source/xps/xps-glyphs.c b/source/xps/xps-glyphs.c +index 29dc5b3..5b26d78 100644 +--- a/source/xps/xps-glyphs.c ++++ b/source/xps/xps-glyphs.c +@@ -592,7 +592,7 @@ xps_parse_glyphs(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, + + /* If it's a solid color brush fill/stroke do a simple fill */ + +- if (fill_tag && !strcmp(fz_xml_tag(fill_tag), "SolidColorBrush")) ++ if (fz_xml_is_tag(fill_tag, "SolidColorBrush")) + { + fill_opacity_att = fz_xml_att(fill_tag, "Opacity"); + fill_att = fz_xml_att(fill_tag, "Color"); +diff --git a/source/xps/xps-path.c b/source/xps/xps-path.c +index 6faeb0c..021d202 100644 +--- a/source/xps/xps-path.c ++++ b/source/xps/xps-path.c +@@ -879,14 +879,14 @@ xps_parse_path(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, char *b + if (!data_att && !data_tag) + return; + +- if (fill_tag && !strcmp(fz_xml_tag(fill_tag), "SolidColorBrush")) ++ if (fz_xml_is_tag(fill_tag, "SolidColorBrush")) + { + fill_opacity_att = fz_xml_att(fill_tag, "Opacity"); + fill_att = fz_xml_att(fill_tag, "Color"); + fill_tag = NULL; + } + +- if (stroke_tag && !strcmp(fz_xml_tag(stroke_tag), "SolidColorBrush")) ++ if (fz_xml_is_tag(stroke_tag, "SolidColorBrush")) + { + stroke_opacity_att = fz_xml_att(stroke_tag, "Opacity"); + stroke_att = fz_xml_att(stroke_tag, "Color"); +diff --git a/source/xps/xps-resource.c b/source/xps/xps-resource.c +index c2292e6..8e81ab8 100644 +--- a/source/xps/xps-resource.c ++++ b/source/xps/xps-resource.c +@@ -84,7 +84,7 @@ xps_parse_remote_resource_dictionary(fz_context *ctx, xps_document *doc, char *b + if (!xml) + return NULL; + +- if (strcmp(fz_xml_tag(xml), "ResourceDictionary")) ++ if (!fz_xml_is_tag(xml, "ResourceDictionary")) + { + fz_drop_xml(ctx, xml); + fz_throw(ctx, FZ_ERROR_GENERIC, "expected ResourceDictionary element"); +-- +2.9.1 + |