aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/freeimage-CVE-2015-0852.patch129
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2015-6581.patch47
-rw-r--r--gnu/packages/patches/openjpeg-use-after-free-fix.patch48
-rw-r--r--gnu/packages/patches/qt4-tests.patch22
-rw-r--r--gnu/packages/patches/qt5-runpath.patch27
-rw-r--r--gnu/packages/patches/valgrind-enable-arm.patch15
-rw-r--r--gnu/packages/patches/valgrind-glibc-2.22.patch39
-rw-r--r--gnu/packages/patches/valgrind-linux-libre-4.x.patch18
-rw-r--r--gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch17
9 files changed, 256 insertions, 106 deletions
diff --git a/gnu/packages/patches/freeimage-CVE-2015-0852.patch b/gnu/packages/patches/freeimage-CVE-2015-0852.patch
new file mode 100644
index 0000000000..34d538e925
--- /dev/null
+++ b/gnu/packages/patches/freeimage-CVE-2015-0852.patch
@@ -0,0 +1,129 @@
+Copied from Debian.
+
+Description: fix integer overflow
+Origin: upstream
+ http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginPCX.cpp?view=patch&r1=1.17&r2=1.18&pathrev=MAIN
+ http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginPCX.cpp?view=patch&r1=1.18&r2=1.19&pathrev=MAIN
+Bug-Debian: https://bugs.debian.org/797165
+Last-Update: 2015-09-14
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: freeimage/Source/FreeImage/PluginPCX.cpp
+===================================================================
+--- freeimage.orig/Source/FreeImage/PluginPCX.cpp
++++ freeimage/Source/FreeImage/PluginPCX.cpp
+@@ -347,12 +347,14 @@ Load(FreeImageIO *io, fi_handle handle,
+
+ try {
+ // check PCX identifier
+-
+- long start_pos = io->tell_proc(handle);
+- BOOL validated = pcx_validate(io, handle);
+- io->seek_proc(handle, start_pos, SEEK_SET);
+- if(!validated) {
+- throw FI_MSG_ERROR_MAGIC_NUMBER;
++ // (note: should have been already validated using FreeImage_GetFileType but check again)
++ {
++ long start_pos = io->tell_proc(handle);
++ BOOL validated = pcx_validate(io, handle);
++ io->seek_proc(handle, start_pos, SEEK_SET);
++ if(!validated) {
++ throw FI_MSG_ERROR_MAGIC_NUMBER;
++ }
+ }
+
+ // process the header
+@@ -366,20 +368,38 @@ Load(FreeImageIO *io, fi_handle handle,
+ SwapHeader(&header);
+ #endif
+
+- // allocate a new DIB
++ // process the window
++ const WORD *window = header.window; // left, upper, right,lower pixel coord.
++ const int left = window[0];
++ const int top = window[1];
++ const int right = window[2];
++ const int bottom = window[3];
+
+- unsigned width = header.window[2] - header.window[0] + 1;
+- unsigned height = header.window[3] - header.window[1] + 1;
+- unsigned bitcount = header.bpp * header.planes;
+-
+- if (bitcount == 24) {
+- dib = FreeImage_AllocateHeader(header_only, width, height, bitcount, FI_RGBA_RED_MASK, FI_RGBA_GREEN_MASK, FI_RGBA_BLUE_MASK);
+- } else {
+- dib = FreeImage_AllocateHeader(header_only, width, height, bitcount);
++ // check image size
++ if((left >= right) || (top >= bottom)) {
++ throw FI_MSG_ERROR_PARSING;
+ }
+
+- // if the dib couldn't be allocated, throw an error
++ const unsigned width = right - left + 1;
++ const unsigned height = bottom - top + 1;
++ const unsigned bitcount = header.bpp * header.planes;
++
++ // allocate a new DIB
++ switch(bitcount) {
++ case 1:
++ case 4:
++ case 8:
++ dib = FreeImage_AllocateHeader(header_only, width, height, bitcount);
++ break;
++ case 24:
++ dib = FreeImage_AllocateHeader(header_only, width, height, bitcount, FI_RGBA_RED_MASK, FI_RGBA_GREEN_MASK, FI_RGBA_BLUE_MASK);
++ break;
++ default:
++ throw FI_MSG_ERROR_DIB_MEMORY;
++ break;
++ }
+
++ // if the dib couldn't be allocated, throw an error
+ if (!dib) {
+ throw FI_MSG_ERROR_DIB_MEMORY;
+ }
+@@ -426,19 +446,23 @@ Load(FreeImageIO *io, fi_handle handle,
+
+ if (palette_id == 0x0C) {
+ BYTE *cmap = (BYTE*)malloc(768 * sizeof(BYTE));
+- io->read_proc(cmap, 768, 1, handle);
+
+- pal = FreeImage_GetPalette(dib);
+- BYTE *pColormap = &cmap[0];
++ if(cmap) {
++ io->read_proc(cmap, 768, 1, handle);
+
+- for(int i = 0; i < 256; i++) {
+- pal[i].rgbRed = pColormap[0];
+- pal[i].rgbGreen = pColormap[1];
+- pal[i].rgbBlue = pColormap[2];
+- pColormap += 3;
++ pal = FreeImage_GetPalette(dib);
++ BYTE *pColormap = &cmap[0];
++
++ for(int i = 0; i < 256; i++) {
++ pal[i].rgbRed = pColormap[0];
++ pal[i].rgbGreen = pColormap[1];
++ pal[i].rgbBlue = pColormap[2];
++ pColormap += 3;
++ }
++
++ free(cmap);
+ }
+
+- free(cmap);
+ }
+
+ // wrong palette ID, perhaps a gray scale is needed ?
+@@ -466,9 +490,9 @@ Load(FreeImageIO *io, fi_handle handle,
+ // calculate the line length for the PCX and the DIB
+
+ // length of raster line in bytes
+- unsigned linelength = header.bytes_per_line * header.planes;
++ const unsigned linelength = header.bytes_per_line * header.planes;
+ // length of DIB line (rounded to DWORD) in bytes
+- unsigned pitch = FreeImage_GetPitch(dib);
++ const unsigned pitch = FreeImage_GetPitch(dib);
+
+ // run-length encoding ?
+
diff --git a/gnu/packages/patches/openjpeg-CVE-2015-6581.patch b/gnu/packages/patches/openjpeg-CVE-2015-6581.patch
new file mode 100644
index 0000000000..7ce03501f4
--- /dev/null
+++ b/gnu/packages/patches/openjpeg-CVE-2015-6581.patch
@@ -0,0 +1,47 @@
+From 0fa5a17c98c4b8f9ee2286f4f0a50cf52a5fccb0 Mon Sep 17 00:00:00 2001
+From: Matthieu Darbois <mayeut@users.noreply.github.com>
+Date: Tue, 19 May 2015 21:57:27 +0000
+Subject: [PATCH] [trunk] Correct potential double free on malloc failure in
+ opj_j2k_copy_default_tcp_and_create_tcp (fixes issue 492)
+
+---
+ src/lib/openjp2/j2k.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
+index 8c62a39..cbdd368 100644
+--- a/src/lib/openjp2/j2k.c
++++ b/src/lib/openjp2/j2k.c
+@@ -7365,6 +7365,12 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd ( opj_j2k_t * p_j2
+ l_tcp->cod = 0;
+ l_tcp->ppt = 0;
+ l_tcp->ppt_data = 00;
++ /* Remove memory not owned by this tile in case of early error return. */
++ l_tcp->m_mct_decoding_matrix = 00;
++ l_tcp->m_nb_max_mct_records = 0;
++ l_tcp->m_mct_records = 00;
++ l_tcp->m_nb_max_mcc_records = 0;
++ l_tcp->m_mcc_records = 00;
+ /* Reconnect the tile-compo coding parameters pointer to the current tile coding parameters*/
+ l_tcp->tccps = l_current_tccp;
+
+@@ -7402,6 +7408,8 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd ( opj_j2k_t * p_j2
+
+ ++l_src_mct_rec;
+ ++l_dest_mct_rec;
++ /* Update with each pass to free exactly what has been allocated on early return. */
++ l_tcp->m_nb_max_mct_records += 1;
+ }
+
+ /* Get the mcc_record of the dflt_tile_cp and copy them into the current tile cp*/
+@@ -7411,6 +7419,7 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd ( opj_j2k_t * p_j2
+ return OPJ_FALSE;
+ }
+ memcpy(l_tcp->m_mcc_records,l_default_tcp->m_mcc_records,l_mcc_records_size);
++ l_tcp->m_nb_max_mcc_records = l_default_tcp->m_nb_max_mcc_records;
+
+ /* Copy the mcc record data from dflt_tile_cp to the current tile*/
+ l_src_mcc_rec = l_default_tcp->m_mcc_records;
+--
+2.5.0
+
diff --git a/gnu/packages/patches/openjpeg-use-after-free-fix.patch b/gnu/packages/patches/openjpeg-use-after-free-fix.patch
new file mode 100644
index 0000000000..1a9cb1ae1d
--- /dev/null
+++ b/gnu/packages/patches/openjpeg-use-after-free-fix.patch
@@ -0,0 +1,48 @@
+From 940100c28ae28931722290794889cf84a92c5f6f Mon Sep 17 00:00:00 2001
+From: mayeut <mayeut@users.noreply.github.com>
+Date: Sun, 6 Sep 2015 17:24:03 +0200
+Subject: [PATCH] Fix potential use-after-free in opj_j2k_write_mco function
+
+Fixes #563
+---
+ src/lib/openjp2/j2k.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
+index 19a48f5..d487d89 100644
+--- a/src/lib/openjp2/j2k.c
++++ b/src/lib/openjp2/j2k.c
+@@ -5559,8 +5559,7 @@ static OPJ_BOOL opj_j2k_write_mco( opj_j2k_t *p_j2k,
+ assert(p_stream != 00);
+
+ l_tcp =&(p_j2k->m_cp.tcps[p_j2k->m_current_tile_number]);
+- l_current_data = p_j2k->m_specific_param.m_encoder.m_header_tile_data;
+-
++
+ l_mco_size = 5 + l_tcp->m_nb_mcc_records;
+ if (l_mco_size > p_j2k->m_specific_param.m_encoder.m_header_tile_data_size) {
+
+@@ -5575,6 +5574,8 @@ static OPJ_BOOL opj_j2k_write_mco( opj_j2k_t *p_j2k,
+ p_j2k->m_specific_param.m_encoder.m_header_tile_data = new_header_tile_data;
+ p_j2k->m_specific_param.m_encoder.m_header_tile_data_size = l_mco_size;
+ }
++ l_current_data = p_j2k->m_specific_param.m_encoder.m_header_tile_data;
++
+
+ opj_write_bytes(l_current_data,J2K_MS_MCO,2); /* MCO */
+ l_current_data += 2;
+@@ -5586,10 +5587,9 @@ static OPJ_BOOL opj_j2k_write_mco( opj_j2k_t *p_j2k,
+ ++l_current_data;
+
+ l_mcc_record = l_tcp->m_mcc_records;
+- for (i=0;i<l_tcp->m_nb_mcc_records;++i) {
++ for (i=0;i<l_tcp->m_nb_mcc_records;++i) {
+ opj_write_bytes(l_current_data,l_mcc_record->m_index,1);/* Imco -> use the mcc indicated by 1*/
+ ++l_current_data;
+-
+ ++l_mcc_record;
+ }
+
+--
+2.5.0
+
diff --git a/gnu/packages/patches/qt4-tests.patch b/gnu/packages/patches/qt4-tests.patch
deleted file mode 100644
index eb499ec76a..0000000000
--- a/gnu/packages/patches/qt4-tests.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-Drop tests requiring a running X server, but not starting any.
-
-diff -ru qt-everywhere-opensource-src-4.8.5.orig/src/3rdparty/webkit/Source/WebKit/qt/tests/tests.pro qt-everywhere-opensource-src-4.8.5/src/3rdparty/webkit/Source/WebKit/qt/tests/tests.pro
---- qt-everywhere-opensource-src-4.8.5.orig/src/3rdparty/webkit/Source/WebKit/qt/tests/tests.pro 2013-10-12 13:15:47.000000000 +0200
-+++ qt-everywhere-opensource-src-4.8.5/src/3rdparty/webkit/Source/WebKit/qt/tests/tests.pro 2013-10-12 13:20:15.000000000 +0200
-@@ -1,15 +1,4 @@
-
- TEMPLATE = subdirs
--SUBDIRS = qwebframe qwebpage qwebelement qgraphicswebview qwebhistoryinterface qwebview qwebhistory qwebinspector hybridPixmap
-+SUBDIRS =
-
--linux-* {
-- # This test bypasses the library and links the tested code's object itself.
-- # This stresses the build system in some corners so we only run it on linux.
-- SUBDIRS += MIMESniffing
--}
--
--contains(QT_CONFIG, declarative): SUBDIRS += qdeclarativewebview
--SUBDIRS += benchmarks/painting benchmarks/loading
--contains(DEFINES, ENABLE_WEBGL=1) {
-- SUBDIRS += benchmarks/webgl
--}
diff --git a/gnu/packages/patches/qt5-runpath.patch b/gnu/packages/patches/qt5-runpath.patch
deleted file mode 100644
index d045d39aaa..0000000000
--- a/gnu/packages/patches/qt5-runpath.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-Allow the use of DT_RUNPATH. This fixes a bug whereby libQt5WebEngineCore.so
-ends up having an empty RUNPATH.
-
-
-diff -u -r qt-everywhere-opensource-src-5.5.0.orig/qtwebengine/src/3rdparty/chromium/build/common.gypi qt-everywhere-opensource-src-5.5.0/qtwebengine/src/3rdparty/chromium/build/common.gypi
---- qt-everywhere-opensource-src-5.5.0.orig/qtwebengine/src/3rdparty/chromium/build/common.gypi 2015-06-29 22:09:36.000000000 +0200
-+++ qt-everywhere-opensource-src-5.5.0/qtwebengine/src/3rdparty/chromium/build/common.gypi 2015-07-25 15:32:57.999411191 +0200
-@@ -4448,19 +4448,6 @@
- '-B<!(cd <(DEPTH) && pwd -P)/<(binutils_dir)',
- ],
- }],
-- # Some binutils 2.23 releases may or may not have new dtags enabled,
-- # but they are all compatible with --disable-new-dtags,
-- # because the new dynamic tags are not created by default.
-- ['binutils_version>=223', {
-- # Newer binutils don't set DT_RPATH unless you disable "new" dtags
-- # and the new DT_RUNPATH doesn't work without --no-as-needed flag.
-- # FIXME(mithro): Figure out the --as-needed/--no-as-needed flags
-- # inside this file to allow usage of --no-as-needed and removal of
-- # this flag.
-- 'ldflags': [
-- '-Wl,--disable-new-dtags',
-- ],
-- }],
- ['gcc_version>=47 and clang==0', {
- 'target_conditions': [
- ['_toolset=="target"', {
diff --git a/gnu/packages/patches/valgrind-enable-arm.patch b/gnu/packages/patches/valgrind-enable-arm.patch
new file mode 100644
index 0000000000..663e68463c
--- /dev/null
+++ b/gnu/packages/patches/valgrind-enable-arm.patch
@@ -0,0 +1,15 @@
+Accept "arm" instead of "armv7" in configure, see
+ http://valgrind.10908.n7.nabble.com/building-for-arm-td39382.html .
+
+diff -u -r valgrind-3.11.0.orig/configure valgrind-3.11.0/configure
+--- valgrind-3.11.0.orig/configure 2015-10-02 20:37:41.915721386 +0200
++++ valgrind-3.11.0/configure 2015-10-02 20:37:54.886746395 +0200
+@@ -5607,7 +5607,7 @@
+ ARCH_MAX="s390x"
+ ;;
+
+- armv7*)
++ arm*)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok (${host_cpu})" >&5
+ $as_echo "ok (${host_cpu})" >&6; }
+ ARCH_MAX="arm"
diff --git a/gnu/packages/patches/valgrind-glibc-2.22.patch b/gnu/packages/patches/valgrind-glibc-2.22.patch
deleted file mode 100644
index 36c4916cc6..0000000000
--- a/gnu/packages/patches/valgrind-glibc-2.22.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-Submitted By: Pierre Labastie <pierre at linuxfromscratch dot org>
-Date: 2015-02-22
-Initial Package Version: 3.10.1
-Upstream Status: Unknown
-Origin: Self
-Description: Allows Valgrind to build with glibc-2.21
-
-Later modified to support glibc-2.22 as well.
-
-diff -Naur valgrind-3.10.1.old/configure valgrind-3.10.1.new/configure
---- valgrind-3.10.1.old/configure 2014-11-25 20:42:25.000000000 +0100
-+++ valgrind-3.10.1.new/configure 2015-02-22 10:46:06.607826488 +0100
-@@ -6842,6 +6842,26 @@
- DEFAULT_SUPP="glibc-2.34567-NPTL-helgrind.supp ${DEFAULT_SUPP}"
- DEFAULT_SUPP="glibc-2.X-drd.supp ${DEFAULT_SUPP}"
- ;;
-+ 2.21)
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: 2.21 family" >&5
-+$as_echo "2.21 family" >&6; }
-+
-+$as_echo "#define GLIBC_2_21 1" >>confdefs.h
-+
-+ DEFAULT_SUPP="glibc-2.X.supp ${DEFAULT_SUPP}"
-+ DEFAULT_SUPP="glibc-2.34567-NPTL-helgrind.supp ${DEFAULT_SUPP}"
-+ DEFAULT_SUPP="glibc-2.X-drd.supp ${DEFAULT_SUPP}"
-+ ;;
-+ 2.22)
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: 2.22 family" >&5
-+$as_echo "2.22 family" >&6; }
-+
-+$as_echo "#define GLIBC_2_22 1" >>confdefs.h
-+
-+ DEFAULT_SUPP="glibc-2.X.supp ${DEFAULT_SUPP}"
-+ DEFAULT_SUPP="glibc-2.34567-NPTL-helgrind.supp ${DEFAULT_SUPP}"
-+ DEFAULT_SUPP="glibc-2.X-drd.supp ${DEFAULT_SUPP}"
-+ ;;
- darwin)
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: Darwin" >&5
- $as_echo "Darwin" >&6; }
diff --git a/gnu/packages/patches/valgrind-linux-libre-4.x.patch b/gnu/packages/patches/valgrind-linux-libre-4.x.patch
deleted file mode 100644
index 79166619c7..0000000000
--- a/gnu/packages/patches/valgrind-linux-libre-4.x.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Modify valgrind's configure script to accept linux-libre-4.x as being in the
-same family as 3.x.
-
---- valgrind-3.10.1/configure 2015-09-15 18:02:20.710262686 -0400
-+++ valgrind-3.10.1/configure 2015-09-15 18:02:59.831829731 -0400
-@@ -5553,9 +5553,9 @@
- kernel=`uname -r`
-
- case "${kernel}" in
-- 2.6.*|3.*)
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: 2.6.x/3.x family (${kernel})" >&5
--$as_echo "2.6.x/3.x family (${kernel})" >&6; }
-+ 2.6.*|3.*|4.*)
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: 2.6.x/3.x/4.x family (${kernel})" >&5
-+$as_echo "2.6.x/3.x/4.x family (${kernel})" >&6; }
-
- $as_echo "#define KERNEL_2_6 1" >>confdefs.h
-
diff --git a/gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch b/gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch
new file mode 100644
index 0000000000..671b5fb910
--- /dev/null
+++ b/gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch
@@ -0,0 +1,17 @@
+Copied from Fedora.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1189303
+http://pkgs.fedoraproject.org/cgit/webkitgtk.git/commit/?id=e689e45d0cc2c50484e69d20371ba607af7326f3
+
+diff -up webkitgtk-2.4.9/Source/WebCore/platform/sql/SQLiteStatement.cpp.sql_initialize_string webkitgtk-2.4.9/Source/WebCore/platform/sql/SQLiteStatement.cpp
+--- webkitgtk-2.4.9/Source/WebCore/platform/sql/SQLiteStatement.cpp.sql_initialize_string 2015-09-14 09:25:43.004200172 +0200
++++ webkitgtk-2.4.9/Source/WebCore/platform/sql/SQLiteStatement.cpp 2015-09-14 09:25:57.852082368 +0200
+@@ -71,7 +71,7 @@ int SQLiteStatement::prepare()
+ // this lets SQLite avoid an extra string copy.
+ size_t lengthIncludingNullCharacter = query.length() + 1;
+
+- const char* tail;
++ const char* tail = nullptr;
+ int error = sqlite3_prepare_v2(m_database.sqlite3Handle(), query.data(), lengthIncludingNullCharacter, &m_statement, &tail);
+
+ if (error != SQLITE_OK)