From dacd8cf2e8ac4adc25f6e2306a30849295dbb291 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Wed, 20 Dec 2017 20:06:14 -0500 Subject: gnu: links: Fix-CVE-2017-11114. * gnu/packages/patches/links-CVE-2017-11114.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/web-browsers.scm (links)[source]: Use it. --- gnu/packages/patches/links-CVE-2017-11114.patch | 99 +++++++++++++++++++++++++ 1 file changed, 99 insertions(+) create mode 100644 gnu/packages/patches/links-CVE-2017-11114.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/links-CVE-2017-11114.patch b/gnu/packages/patches/links-CVE-2017-11114.patch new file mode 100644 index 0000000000..c5ac9884b5 --- /dev/null +++ b/gnu/packages/patches/links-CVE-2017-11114.patch @@ -0,0 +1,99 @@ +Fix CVE-2017-11114: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11114 +http://seclists.org/fulldisclosure/2017/Jul/76 + +Patch copied from Debian: + +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870299#12 + +Origin: upstream, commit: fee5dca79a93a37024e494b985386a5fe60bc1b7 +Origin: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870299#12 +Author: Mikulas Patocka +Date: Wed Aug 2 20:13:29 2017 +0200 +Subject: Fix read out of memory in case of corrupted UTF-8 data + +--- + charsets.c | 37 +------------------------------------ + links.h | 9 ++++----- + 2 files changed, 5 insertions(+), 41 deletions(-) + +Index: links-2.14/charsets.c +=================================================================== +--- links-2.14.orig/charsets.c ++++ links-2.14/charsets.c +@@ -215,41 +215,6 @@ static struct conv_table *get_translatio + return utf_table; + } + +-unsigned short int utf8_2_uni_table[0x200] = { +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 128, 0, 0, 0, 192, 0, +- 0, 0, 256, 0, 0, 0, 320, 0, 0, 0, 384, 0, 0, 0, 448, 0, +- 0, 0, 512, 0, 0, 0, 576, 0, 0, 0, 640, 0, 0, 0, 704, 0, +- 0, 0, 768, 0, 0, 0, 832, 0, 0, 0, 896, 0, 0, 0, 960, 0, +- 0, 0, 1024, 0, 0, 0, 1088, 0, 0, 0, 1152, 0, 0, 0, 1216, 0, +- 0, 0, 1280, 0, 0, 0, 1344, 0, 0, 0, 1408, 0, 0, 0, 1472, 0, +- 0, 0, 1536, 0, 0, 0, 1600, 0, 0, 0, 1664, 0, 0, 0, 1728, 0, +- 0, 0, 1792, 0, 0, 0, 1856, 0, 0, 0, 1920, 0, 0, 0, 1984, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +-}; +- + unsigned char utf_8_1[256] = { + 6, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, + 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, +@@ -269,7 +234,7 @@ unsigned char utf_8_1[256] = { + 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 6, 6, + }; + +-static_const unsigned min_utf_8[9] = { ++static_const unsigned min_utf_8[8] = { + 0, 0x4000000, 0x200000, 0x10000, 0x800, 0x80, 0x100, 0x1, + }; + +Index: links-2.14/links.h +=================================================================== +--- links-2.14.orig/links.h ++++ links-2.14/links.h +@@ -3906,15 +3906,14 @@ unsigned char *cp_strchr(int charset, un + void init_charset(void); + + unsigned get_utf_8(unsigned char **p); +-extern unsigned short int utf8_2_uni_table[0x200]; + #define GET_UTF_8(s, c) \ + do { \ + if ((unsigned char)(s)[0] < 0x80) \ + (c) = (s)++[0]; \ +- else if (((c) = utf8_2_uni_table[((unsigned char)(s)[0] << 2) + \ +- ((unsigned char)(s)[1] >> 6) - 0x200])) \ +- (c) += (unsigned char)(s)[1] & 0x3f, (s) += 2; \ +- else \ ++ else if ((unsigned char)(s)[0] >= 0xc2 && (unsigned char)(s)[0] < 0xe0 &&\ ++ ((unsigned char)(s)[1] & 0xc0) == 0x80) { \ ++ (c) = (unsigned char)(s)[0] * 0x40 + (unsigned char)(s)[1], (c) -= 0x3080, (s) += 2;\ ++ } else \ + (c) = get_utf_8(&(s)); \ + } while (0) + #define FWD_UTF_8(s) \ -- cgit v1.2.3 From dab2542f845bf1b6b7761f1be6fc55b9259238fe Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Thu, 21 Dec 2017 01:53:48 -0500 Subject: gnu: mupdf: Update to 1.12.0 [fixes CVE-2017-15369]. * gnu/packages/pdf.scm (mupdf): Update to 1.12.0. [source]: Remove obsolete patches. [inputs]: Add freeglut. * gnu/packages/patches/mupdf-CVE-2017-14685.patch, gnu/packages/patches/mupdf-CVE-2017-14686.patch, gnu/packages/patches/mupdf-CVE-2017-14687.patch, gnu/packages/patches/mupdf-CVE-2017-15587.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. * gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch: Update and rename to... * gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch: ... new file. --- gnu/local.mk | 6 +- gnu/packages/patches/mupdf-CVE-2017-14685.patch | 34 ------ gnu/packages/patches/mupdf-CVE-2017-14686.patch | 34 ------ gnu/packages/patches/mupdf-CVE-2017-14687.patch | 130 --------------------- gnu/packages/patches/mupdf-CVE-2017-15587.patch | 25 ---- .../patches/mupdf-build-with-latest-openjpeg.patch | 27 +++++ .../patches/mupdf-build-with-openjpeg-2.1.patch | 27 ----- gnu/packages/pdf.scm | 13 +-- 8 files changed, 33 insertions(+), 263 deletions(-) delete mode 100644 gnu/packages/patches/mupdf-CVE-2017-14685.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2017-14686.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2017-14687.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2017-15587.patch create mode 100644 gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch delete mode 100644 gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index f583a61c66..8ffcc58005 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -897,11 +897,7 @@ dist_patch_DATA = \ %D%/packages/patches/mozjs38-tracelogger.patch \ %D%/packages/patches/mozjs38-version-detection.patch \ %D%/packages/patches/mumps-build-parallelism.patch \ - %D%/packages/patches/mupdf-build-with-openjpeg-2.1.patch \ - %D%/packages/patches/mupdf-CVE-2017-14685.patch \ - %D%/packages/patches/mupdf-CVE-2017-14686.patch \ - %D%/packages/patches/mupdf-CVE-2017-14687.patch \ - %D%/packages/patches/mupdf-CVE-2017-15587.patch \ + %D%/packages/patches/mupdf-build-with-latest-openjpeg.patch \ %D%/packages/patches/mupen64plus-ui-console-notice.patch \ %D%/packages/patches/mutt-store-references.patch \ %D%/packages/patches/ncurses-CVE-2017-10684-10685.patch \ diff --git a/gnu/packages/patches/mupdf-CVE-2017-14685.patch b/gnu/packages/patches/mupdf-CVE-2017-14685.patch deleted file mode 100644 index 3fcce5fedf..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2017-14685.patch +++ /dev/null @@ -1,34 +0,0 @@ -Fix CVE-2017-14685: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14685 - -Patch copied from upstream source repository: - -https://git.ghostscript.com/?p=mupdf.git;h=ab1a420613dec93c686acbee2c165274e922f82a - -From ab1a420613dec93c686acbee2c165274e922f82a Mon Sep 17 00:00:00 2001 -From: Tor Andersson -Date: Tue, 19 Sep 2017 15:23:04 +0200 -Subject: [PATCH] Fix 698539: Don't use xps font if it could not be loaded. - -xps_load_links_in_glyphs did not cope with font loading failures. ---- - source/xps/xps-link.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/source/xps/xps-link.c b/source/xps/xps-link.c -index c07e0d7..c26a8d9 100644 ---- a/source/xps/xps-link.c -+++ b/source/xps/xps-link.c -@@ -91,6 +91,8 @@ xps_load_links_in_glyphs(fz_context *ctx, xps_document *doc, const fz_matrix *ct - bidi_level = atoi(bidi_level_att); - - font = xps_lookup_font(ctx, doc, base_uri, font_uri_att, style_att); -+ if (!font) -+ return; - text = xps_parse_glyphs_imp(ctx, doc, &local_ctm, font, fz_atof(font_size_att), - fz_atof(origin_x_att), fz_atof(origin_y_att), - is_sideways, bidi_level, indices_att, unicode_att); --- -2.9.1 - diff --git a/gnu/packages/patches/mupdf-CVE-2017-14686.patch b/gnu/packages/patches/mupdf-CVE-2017-14686.patch deleted file mode 100644 index e462a6ffeb..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2017-14686.patch +++ /dev/null @@ -1,34 +0,0 @@ -Fix CVE-2017-14686: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14686 - -Patch copied from upstream source repository: - -https://git.ghostscript.com/?p=mupdf.git;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1 - -From 0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1 Mon Sep 17 00:00:00 2001 -From: Tor Andersson -Date: Tue, 19 Sep 2017 16:33:38 +0200 -Subject: [PATCH] Fix 698540: Check name, comment and meta size field signs. - ---- - source/fitz/unzip.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/source/fitz/unzip.c b/source/fitz/unzip.c -index f2d4f32..0bcce0f 100644 ---- a/source/fitz/unzip.c -+++ b/source/fitz/unzip.c -@@ -141,6 +141,9 @@ static void read_zip_dir_imp(fz_context *ctx, fz_zip_archive *zip, int start_off - (void) fz_read_int32_le(ctx, file); /* ext file atts */ - offset = fz_read_int32_le(ctx, file); - -+ if (namesize < 0 || metasize < 0 || commentsize < 0) -+ fz_throw(ctx, FZ_ERROR_GENERIC, "invalid size in zip entry"); -+ - name = fz_malloc(ctx, namesize + 1); - n = fz_read(ctx, file, (unsigned char*)name, namesize); - if (n < (size_t)namesize) --- -2.9.1 - diff --git a/gnu/packages/patches/mupdf-CVE-2017-14687.patch b/gnu/packages/patches/mupdf-CVE-2017-14687.patch deleted file mode 100644 index cdc41df813..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2017-14687.patch +++ /dev/null @@ -1,130 +0,0 @@ -Fix CVE-2017-14687: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14687 - -Patch copied from upstream source repository: - -https://git.ghostscript.com/?p=mupdf.git;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28 - -From 2b16dbd8f73269cb15ca61ece75cf8d2d196ed28 Mon Sep 17 00:00:00 2001 -From: Tor Andersson -Date: Tue, 19 Sep 2017 17:17:12 +0200 -Subject: [PATCH] Fix 698558: Handle non-tags in tag name comparisons. - -Use fz_xml_is_tag instead of fz_xml_tag && !strcmp idiom. ---- - source/html/css-apply.c | 2 +- - source/svg/svg-run.c | 2 +- - source/xps/xps-common.c | 6 +++--- - source/xps/xps-glyphs.c | 2 +- - source/xps/xps-path.c | 4 ++-- - source/xps/xps-resource.c | 2 +- - 6 files changed, 9 insertions(+), 9 deletions(-) - -diff --git a/source/html/css-apply.c b/source/html/css-apply.c -index de55490..6a91df0 100644 ---- a/source/html/css-apply.c -+++ b/source/html/css-apply.c -@@ -328,7 +328,7 @@ match_selector(fz_css_selector *sel, fz_xml *node) - - if (sel->name) - { -- if (strcmp(sel->name, fz_xml_tag(node))) -+ if (!fz_xml_is_tag(node, sel->name)) - return 0; - } - -diff --git a/source/svg/svg-run.c b/source/svg/svg-run.c -index f974c67..5302c64 100644 ---- a/source/svg/svg-run.c -+++ b/source/svg/svg-run.c -@@ -1044,7 +1044,7 @@ svg_run_use(fz_context *ctx, fz_device *dev, svg_document *doc, fz_xml *root, co - fz_xml *linked = fz_tree_lookup(ctx, doc->idmap, xlink_href_att + 1); - if (linked) - { -- if (!strcmp(fz_xml_tag(linked), "symbol")) -+ if (fz_xml_is_tag(linked, "symbol")) - svg_run_use_symbol(ctx, dev, doc, root, linked, &local_state); - else - svg_run_element(ctx, dev, doc, linked, &local_state); -diff --git a/source/xps/xps-common.c b/source/xps/xps-common.c -index cc7fed9..f2f9b93 100644 ---- a/source/xps/xps-common.c -+++ b/source/xps/xps-common.c -@@ -47,7 +47,7 @@ xps_parse_brush(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, const - else if (fz_xml_is_tag(node, "RadialGradientBrush")) - xps_parse_radial_gradient_brush(ctx, doc, ctm, area, base_uri, dict, node); - else -- fz_warn(ctx, "unknown brush tag: %s", fz_xml_tag(node)); -+ fz_warn(ctx, "unknown brush tag"); - } - - void -@@ -85,7 +85,7 @@ xps_begin_opacity(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, cons - if (opacity_att) - opacity = fz_atof(opacity_att); - -- if (opacity_mask_tag && !strcmp(fz_xml_tag(opacity_mask_tag), "SolidColorBrush")) -+ if (fz_xml_is_tag(opacity_mask_tag, "SolidColorBrush")) - { - char *scb_opacity_att = fz_xml_att(opacity_mask_tag, "Opacity"); - char *scb_color_att = fz_xml_att(opacity_mask_tag, "Color"); -@@ -129,7 +129,7 @@ xps_end_opacity(fz_context *ctx, xps_document *doc, char *base_uri, xps_resource - - if (opacity_mask_tag) - { -- if (strcmp(fz_xml_tag(opacity_mask_tag), "SolidColorBrush")) -+ if (!fz_xml_is_tag(opacity_mask_tag, "SolidColorBrush")) - fz_pop_clip(ctx, dev); - } - } -diff --git a/source/xps/xps-glyphs.c b/source/xps/xps-glyphs.c -index 29dc5b3..5b26d78 100644 ---- a/source/xps/xps-glyphs.c -+++ b/source/xps/xps-glyphs.c -@@ -592,7 +592,7 @@ xps_parse_glyphs(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, - - /* If it's a solid color brush fill/stroke do a simple fill */ - -- if (fill_tag && !strcmp(fz_xml_tag(fill_tag), "SolidColorBrush")) -+ if (fz_xml_is_tag(fill_tag, "SolidColorBrush")) - { - fill_opacity_att = fz_xml_att(fill_tag, "Opacity"); - fill_att = fz_xml_att(fill_tag, "Color"); -diff --git a/source/xps/xps-path.c b/source/xps/xps-path.c -index 6faeb0c..021d202 100644 ---- a/source/xps/xps-path.c -+++ b/source/xps/xps-path.c -@@ -879,14 +879,14 @@ xps_parse_path(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, char *b - if (!data_att && !data_tag) - return; - -- if (fill_tag && !strcmp(fz_xml_tag(fill_tag), "SolidColorBrush")) -+ if (fz_xml_is_tag(fill_tag, "SolidColorBrush")) - { - fill_opacity_att = fz_xml_att(fill_tag, "Opacity"); - fill_att = fz_xml_att(fill_tag, "Color"); - fill_tag = NULL; - } - -- if (stroke_tag && !strcmp(fz_xml_tag(stroke_tag), "SolidColorBrush")) -+ if (fz_xml_is_tag(stroke_tag, "SolidColorBrush")) - { - stroke_opacity_att = fz_xml_att(stroke_tag, "Opacity"); - stroke_att = fz_xml_att(stroke_tag, "Color"); -diff --git a/source/xps/xps-resource.c b/source/xps/xps-resource.c -index c2292e6..8e81ab8 100644 ---- a/source/xps/xps-resource.c -+++ b/source/xps/xps-resource.c -@@ -84,7 +84,7 @@ xps_parse_remote_resource_dictionary(fz_context *ctx, xps_document *doc, char *b - if (!xml) - return NULL; - -- if (strcmp(fz_xml_tag(xml), "ResourceDictionary")) -+ if (!fz_xml_is_tag(xml, "ResourceDictionary")) - { - fz_drop_xml(ctx, xml); - fz_throw(ctx, FZ_ERROR_GENERIC, "expected ResourceDictionary element"); --- -2.9.1 - diff --git a/gnu/packages/patches/mupdf-CVE-2017-15587.patch b/gnu/packages/patches/mupdf-CVE-2017-15587.patch deleted file mode 100644 index 7d24666756..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2017-15587.patch +++ /dev/null @@ -1,25 +0,0 @@ -Fix CVE-2017-15587. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15587 -https://nandynarwhals.org/CVE-2017-15587/ - -This patch is these two upstream commits squashed together: - - - -diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c -index 66bd0ed8..89499e61 100644 ---- a/source/pdf/pdf-xref.c -+++ b/source/pdf/pdf-xref.c -@@ -924,7 +924,7 @@ pdf_read_new_xref_section(fz_context *ctx, pdf_document *doc, fz_stream *stm, fz - pdf_xref_entry *table; - int i, n; - -- if (i0 < 0 || i1 < 0) -+ if (i0 < 0 || i1 < 0 || i0 > INT_MAX - i1) - fz_throw(ctx, FZ_ERROR_GENERIC, "negative xref stream entry index"); - //if (i0 + i1 > pdf_xref_len(ctx, doc)) - // fz_throw(ctx, FZ_ERROR_GENERIC, "xref stream has too many entries"); --- -2.15.0 - diff --git a/gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch b/gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch new file mode 100644 index 0000000000..d5c9c60242 --- /dev/null +++ b/gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch @@ -0,0 +1,27 @@ +Make it possible to build MuPDF with OpenJPEG 2.3, which is the latest +release series and contains many important bug fixes. + +Patch adapted from Debian: + +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745246 + +And related to this upstream commit: + +http://git.ghostscript.com/?p=mupdf.git;a=commit;h=f88bfe2e62dbadb96d4f52d7aa025f0a516078da + +diff --git a/source/fitz/load-jpx.c b/source/fitz/load-jpx.c +index 65699ba..ea84778 100644 +--- a/source/fitz/load-jpx.c ++++ b/source/fitz/load-jpx.c +@@ -445,11 +445,6 @@ fz_load_jpx_info(fz_context *ctx, const unsigned char *data, size_t size, int *w + + #else /* HAVE_LURATECH */ + +-#define OPJ_STATIC +-#define OPJ_HAVE_INTTYPES_H +-#if !defined(_MSC_VER) || _MSC_VER >= 1600 +-#define OPJ_HAVE_STDINT_H +-#endif + #define USE_JPIP + + #include diff --git a/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch b/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch deleted file mode 100644 index 0b5b735ff3..0000000000 --- a/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch +++ /dev/null @@ -1,27 +0,0 @@ -Make it possible to build MuPDF with OpenJPEG 2.1, which is the latest -release series and contains many important bug fixes. - -Patch adapted from Debian: - -https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745246 - -And related to this upstream commit: - -http://git.ghostscript.com/?p=mupdf.git;a=commit;h=f88bfe2e62dbadb96d4f52d7aa025f0a516078da - -diff --git a/source/fitz/load-jpx.c b/source/fitz/load-jpx.c -index 6b92e5c..72dea50 100644 ---- a/source/fitz/load-jpx.c -+++ b/source/fitz/load-jpx.c -@@ -444,11 +444,6 @@ - - #else /* HAVE_LURATECH */ - --#define OPJ_STATIC --#define OPJ_HAVE_INTTYPES_H --#if !defined(_WIN32) && !defined(_WIN64) --#define OPJ_HAVE_STDINT_H --#endif - #define USE_JPIP - - #include diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index 84b9261885..335d0b29dc 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -567,25 +567,22 @@ (define-public podofo (define-public mupdf (package (name "mupdf") - (version "1.11") + (version "1.12.0") (source (origin (method url-fetch) (uri (string-append "https://mupdf.com/downloads/archive/" - name "-" version "-source.tar.gz")) + name "-" version "-source.tar.xz")) + (patches (search-patches "mupdf-build-with-latest-openjpeg.patch")) (sha256 (base32 - "02phamcchgsmvjnb3ir7r5sssvx9fcrscn297z73b82n1jl79510")) - (patches (search-patches "mupdf-build-with-openjpeg-2.1.patch" - "mupdf-CVE-2017-14685.patch" - "mupdf-CVE-2017-14686.patch" - "mupdf-CVE-2017-14687.patch" - "mupdf-CVE-2017-15587.patch")) + "0b9j0gqbc3jhmx87r6idcsh8lnb30840c3hyx6dk2gdjqqh3hysp")) (modules '((guix build utils))) (snippet '(delete-file-recursively "thirdparty")))) (build-system gnu-build-system) (inputs `(("curl" ,curl) + ("freeglut" ,freeglut) ("freetype" ,freetype) ("harfbuzz" ,harfbuzz) ("jbig2dec" ,jbig2dec) -- cgit v1.2.3 From 417f3d494f6b7febd086ae064e67646b7faee9ff Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Thu, 21 Dec 2017 09:02:46 +0200 Subject: gnu: xboing: Fix CVE-2004-0149. * gnu/packages/patches/xboing-CVE-2004-0149: New file. * gnu/packages/games.scm (xboing)[source]: Add patch. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/games.scm | 3 +- gnu/packages/patches/xboing-CVE-2004-0149.patch | 134 ++++++++++++++++++++++++ 3 files changed, 137 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/xboing-CVE-2004-0149.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 8ffcc58005..88e3c770aa 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1141,6 +1141,7 @@ dist_patch_DATA = \ %D%/packages/patches/wpa-supplicant-fix-zeroed-keys.patch \ %D%/packages/patches/wpa-supplicant-fix-nonce-reuse.patch \ %D%/packages/patches/wpa-supplicant-krack-followups.patch \ + %D%/packages/patches/xboing-CVE-2004-0149.patch \ %D%/packages/patches/xcb-proto-python3-print.patch \ %D%/packages/patches/xcb-proto-python3-whitespace.patch \ %D%/packages/patches/xdotool-fix-makefile.patch \ diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm index cc21a63f53..c494d0beba 100644 --- a/gnu/packages/games.scm +++ b/gnu/packages/games.scm @@ -1071,7 +1071,8 @@ (define-public xboing (uri (string-append "http://www.techrescue.org/xboing/xboing" version ".tar.gz")) (sha256 - (base32 "16m2si8wmshxpifk861vhpqviqxgcg8bxj6wfw8hpnm4r2w9q0b7")))) + (base32 "16m2si8wmshxpifk861vhpqviqxgcg8bxj6wfw8hpnm4r2w9q0b7")) + (patches (search-patches "xboing-CVE-2004-0149.patch")))) (arguments `(#:tests? #f #:phases diff --git a/gnu/packages/patches/xboing-CVE-2004-0149.patch b/gnu/packages/patches/xboing-CVE-2004-0149.patch new file mode 100644 index 0000000000..b40146b434 --- /dev/null +++ b/gnu/packages/patches/xboing-CVE-2004-0149.patch @@ -0,0 +1,134 @@ +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0149 +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=174924 +--- + demo.c | 2 +- + editor.c | 12 ++++++------ + file.c | 2 +- + highscore.c | 6 +++--- + misc.c | 2 +- + preview.c | 2 +- + 6 files changed, 13 insertions(+), 13 deletions(-) + +diff --git a/demo.c b/demo.c +index 9084e70..f4fc2cd 100644 +--- a/demo.c ++++ b/demo.c +@@ -154,7 +154,7 @@ static void DoBlocks(display, window) + + /* Construct the demo level filename */ + if ((str = getenv("XBOING_LEVELS_DIR")) != NULL) +- sprintf(levelPath, "%s/demo.data", str); ++ snprintf(levelPath, sizeof(levelPath),"%s/demo.data", str); + else + sprintf(levelPath, "%s/demo.data", LEVEL_INSTALL_DIR); + +diff --git a/editor.c b/editor.c +index f2bb9ed..66d0679 100644 +--- a/editor.c ++++ b/editor.c +@@ -213,7 +213,7 @@ static void DoLoadLevel(display, window) + + /* Construct the Edit level filename */ + if ((str = getenv("XBOING_LEVELS_DIR")) != NULL) +- sprintf(levelPath, "%s/editor.data", str); ++ snprintf(levelPath,sizeof(levelPath)-1, "%s/editor.data", str); + else + sprintf(levelPath, "%s/editor.data", LEVEL_INSTALL_DIR); + +@@ -958,8 +958,8 @@ static void LoadALevel(display) + if ((num > 0) && (num <= MAX_NUM_LEVELS)) + { + /* Construct the Edit level filename */ +- if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL) +- sprintf(levelPath, "%s/level%02ld.data", str2, (u_long) num); ++ if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL) ++ snprintf(levelPath, sizeof(levelPath)-1,"%s/level%02ld.data", str2, (u_long) num); + else + sprintf(levelPath, "%s/level%02ld.data", + LEVEL_INSTALL_DIR, (u_long) num); +@@ -1017,9 +1017,9 @@ static void SaveALevel(display) + num = atoi(str); + if ((num > 0) && (num <= MAX_NUM_LEVELS)) + { +- /* Construct the Edit level filename */ +- if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL) +- sprintf(levelPath, "%s/level%02ld.data", str2, (u_long) num); ++ /* Construct the Edit level filename */ ++ if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL) ++ snprintf(levelPath, sizeof(levelPath)-1,"%s/level%02ld.data", str2, (u_long) num); + else + sprintf(levelPath, "%s/level%02ld.data", + LEVEL_INSTALL_DIR, (u_long) num); +diff --git a/file.c b/file.c +index 4c043cd..99a0854 100644 +--- a/file.c ++++ b/file.c +@@ -139,7 +139,7 @@ void SetupStage(display, window) + + /* Construct the level filename */ + if ((str = getenv("XBOING_LEVELS_DIR")) != NULL) +- sprintf(levelPath, "%s/level%02ld.data", str, newLevel); ++ snprintf(levelPath,sizeof(levelPath), "%s/level%02ld.data", str, newLevel); + else + sprintf(levelPath, "%s/level%02ld.data", LEVEL_INSTALL_DIR, newLevel); + +diff --git a/highscore.c b/highscore.c +index f0db3e9..792273e 100644 +--- a/highscore.c ++++ b/highscore.c +@@ -1023,7 +1023,7 @@ int ReadHighScoreTable(type) + { + /* Use the environment variable if it exists */ + if ((str = getenv("XBOING_SCORE_FILE")) != NULL) +- strcpy(filename, str); ++ strncpy(filename, str, sizeof(filename)-1); + else + strcpy(filename, HIGH_SCORE_FILE); + } +@@ -1095,7 +1095,7 @@ int WriteHighScoreTable(type) + { + /* Use the environment variable if it exists */ + if ((str = getenv("XBOING_SCORE_FILE")) != NULL) +- strcpy(filename, str); ++ strncpy(filename, str, sizeof(filename)-1); + else + strcpy(filename, HIGH_SCORE_FILE); + } +@@ -1218,7 +1218,7 @@ static int LockUnlock(cmd) + + /* Use the environment variable if it exists */ + if ((str = getenv("XBOING_SCORE_FILE")) != NULL) +- strcpy(filename, str); ++ strncpy(filename, str, sizeof(filename)-1); + else + strcpy(filename, HIGH_SCORE_FILE); + +diff --git a/misc.c b/misc.c +index f3ab37e..7f3ddce 100644 +--- a/misc.c ++++ b/misc.c +@@ -427,7 +427,7 @@ char *GetHomeDir() + */ + + if ((ptr = getenv("HOME")) != NULL) +- (void) strcpy(dest, ptr); ++ (void) strncpy(dest, ptr,sizeof(dest)-1); + else + { + /* HOME variable is not present so get USER var */ +diff --git a/preview.c b/preview.c +index 41c1187..687f566 100644 +--- a/preview.c ++++ b/preview.c +@@ -139,7 +139,7 @@ static void DoLoadLevel(display, window) + + /* Construct the Preview level filename */ + if ((str = getenv("XBOING_LEVELS_DIR")) != NULL) +- sprintf(levelPath, "%s/level%02d.data", str, lnum); ++ snprintf(levelPath, sizeof(levelPath)-1, "%s/level%02d.data", str, lnum); + else + sprintf(levelPath, "%s/level%02d.data", LEVEL_INSTALL_DIR, lnum); + +-- +2.15.1 + -- cgit v1.2.3 From ce16d312c6fc4d23dcf45b73709712b56d6d2174 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Thu, 21 Dec 2017 02:55:44 -0500 Subject: gnu: libexif: Fix CVE-2017-7544. * gnu/packages/patches/libexif-CVE-2017-7544.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/photo.scm (feh)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/patches/libexif-CVE-2017-7544.patch | 29 ++++++++++++++++++++++++ gnu/packages/photo.scm | 2 ++ 3 files changed, 32 insertions(+) create mode 100644 gnu/packages/patches/libexif-CVE-2017-7544.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 88e3c770aa..dcb08c1caa 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -805,6 +805,7 @@ dist_patch_DATA = \ %D%/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch \ %D%/packages/patches/libevent-2.1-dns-tests.patch \ %D%/packages/patches/libevent-2.1-skip-failing-test.patch \ + %D%/packages/patches/libexif-CVE-2017-7544.patch \ %D%/packages/patches/libgit2-0.25.1-mtime-0.patch \ %D%/packages/patches/libgdata-fix-tests.patch \ %D%/packages/patches/libgdata-glib-duplicate-tests.patch \ diff --git a/gnu/packages/patches/libexif-CVE-2017-7544.patch b/gnu/packages/patches/libexif-CVE-2017-7544.patch new file mode 100644 index 0000000000..c4ea373dc5 --- /dev/null +++ b/gnu/packages/patches/libexif-CVE-2017-7544.patch @@ -0,0 +1,29 @@ +Fix CVE-2017-7544: + +https://sourceforge.net/p/libexif/bugs/130/ +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7544 + +Patch copied from upstream bug tracker: + +https://sourceforge.net/p/libexif/bugs/130/#489a + +Index: libexif/exif-data.c +=================================================================== +RCS file: /cvsroot/libexif/libexif/libexif/exif-data.c,v +retrieving revision 1.131 +diff -u -r1.131 exif-data.c +--- a/libexif/exif-data.c 12 Jul 2012 17:28:26 -0000 1.131 ++++ b/libexif/exif-data.c 25 Jul 2017 21:34:06 -0000 +@@ -255,6 +255,12 @@ + exif_mnote_data_set_offset (data->priv->md, *ds - 6); + exif_mnote_data_save (data->priv->md, &e->data, &e->size); + e->components = e->size; ++ if (exif_format_get_size (e->format) != 1) { ++ /* e->format is taken from input code, ++ * but we need to make sure it is a 1 byte ++ * entity due to the multiplication below. */ ++ e->format = EXIF_FORMAT_UNDEFINED; ++ } + } + } + diff --git a/gnu/packages/photo.scm b/gnu/packages/photo.scm index 34a2180500..40f3a4e4c1 100644 --- a/gnu/packages/photo.scm +++ b/gnu/packages/photo.scm @@ -28,6 +28,7 @@ (define-module (gnu packages photo) #:use-module ((guix licenses) #:prefix license:) #:use-module (guix packages) #:use-module (guix utils) + #:use-module (gnu packages) #:use-module (gnu packages algebra) #:use-module (gnu packages autotools) #:use-module (gnu packages base) @@ -89,6 +90,7 @@ (define-public libexif (method url-fetch) (uri (string-append "mirror://sourceforge/libexif/libexif/" version "/libexif-" version ".tar.bz2")) + (patches (search-patches "libexif-CVE-2017-7544.patch")) (sha256 (base32 "06nlsibr3ylfwp28w8f5466l6drgrnydgxrm4jmxzrmk5svaxk8n")))) -- cgit v1.2.3 From 2a0e3d163581f053138508b0d40a28e07dc37923 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Wed, 20 Dec 2017 19:39:59 -0500 Subject: gnu: libarchive: Fix CVE-2017-14502. * gnu/packages/patches/libarchive-CVE-2017-14502.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/backup.scm (libarchive-3.3.2)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/backup.scm | 3 +- .../patches/libarchive-CVE-2017-14502.patch | 40 ++++++++++++++++++++++ 3 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/libarchive-CVE-2017-14502.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index dcb08c1caa..32f24ab3b1 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -791,6 +791,7 @@ dist_patch_DATA = \ %D%/packages/patches/liba52-set-soname.patch \ %D%/packages/patches/liba52-use-mtune-not-mcpu.patch \ %D%/packages/patches/libarchive-CVE-2017-14166.patch \ + %D%/packages/patches/libarchive-CVE-2017-14502.patch \ %D%/packages/patches/libbase-fix-includes.patch \ %D%/packages/patches/libbase-use-own-logging.patch \ %D%/packages/patches/libbonobo-activation-test-race.patch \ diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm index e634d6ab96..fab71d055a 100644 --- a/gnu/packages/backup.scm +++ b/gnu/packages/backup.scm @@ -253,7 +253,8 @@ (define libarchive-3.3.2 (method url-fetch) (uri (string-append "http://libarchive.org/downloads/libarchive-" version ".tar.gz")) - (patches (search-patches "libarchive-CVE-2017-14166.patch")) + (patches (search-patches "libarchive-CVE-2017-14166.patch" + "libarchive-CVE-2017-14502.patch")) (sha256 (base32 "1km0mzfl6in7l5vz9kl09a88ajx562rw93ng9h2jqavrailvsbgd")))))) diff --git a/gnu/packages/patches/libarchive-CVE-2017-14502.patch b/gnu/packages/patches/libarchive-CVE-2017-14502.patch new file mode 100644 index 0000000000..8e0508afb5 --- /dev/null +++ b/gnu/packages/patches/libarchive-CVE-2017-14502.patch @@ -0,0 +1,40 @@ +Fix CVE-2017-14502: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502 +https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=573 + +Patch copied from upstream source repository: + +https://github.com/libarchive/libarchive/commit/5562545b5562f6d12a4ef991fae158bf4ccf92b6 + +From 5562545b5562f6d12a4ef991fae158bf4ccf92b6 Mon Sep 17 00:00:00 2001 +From: Joerg Sonnenberger +Date: Sat, 9 Sep 2017 17:47:32 +0200 +Subject: [PATCH] Avoid a read off-by-one error for UTF16 names in RAR + archives. + +Reported-By: OSS-Fuzz issue 573 +--- + libarchive/archive_read_support_format_rar.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c +index cbb14c32..751de697 100644 +--- a/libarchive/archive_read_support_format_rar.c ++++ b/libarchive/archive_read_support_format_rar.c +@@ -1496,7 +1496,11 @@ read_header(struct archive_read *a, struct archive_entry *entry, + return (ARCHIVE_FATAL); + } + filename[filename_size++] = '\0'; +- filename[filename_size++] = '\0'; ++ /* ++ * Do not increment filename_size here as the computations below ++ * add the space for the terminating NUL explicitly. ++ */ ++ filename[filename_size] = '\0'; + + /* Decoded unicode form is UTF-16BE, so we have to update a string + * conversion object for it. */ +-- +2.15.1 + -- cgit v1.2.3 From 0c9c9526bb3fb665997b3b054f8b57ffdb559043 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Thu, 21 Dec 2017 02:12:55 -0500 Subject: gnu: libxslt: Fix CVE-2017-5029 and re-apply the fix for CVE-2016-4738. This is a followup to commit 2663c38826cd6c2ef0c5119f8072fac8e89b2e9b. * gnu/packages/xml.scm (libxslt)[replacement]: New field. (libxslt/fixed): New variable. * gnu/packages/patches/libxslt-CVE-2017-5029.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/patches/libxslt-CVE-2017-5029.patch | 82 ++++++++++++++++++++++++ gnu/packages/xml.scm | 15 ++++- 3 files changed, 97 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/libxslt-CVE-2017-5029.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 32f24ab3b1..20b3c3e366 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -851,6 +851,7 @@ dist_patch_DATA = \ %D%/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch \ %D%/packages/patches/libxslt-generated-ids.patch \ %D%/packages/patches/libxslt-CVE-2016-4738.patch \ + %D%/packages/patches/libxslt-CVE-2017-5029.patch \ %D%/packages/patches/libxt-guix-search-paths.patch \ %D%/packages/patches/lierolibre-check-unaligned-access.patch \ %D%/packages/patches/lierolibre-is-free-software.patch \ diff --git a/gnu/packages/patches/libxslt-CVE-2017-5029.patch b/gnu/packages/patches/libxslt-CVE-2017-5029.patch new file mode 100644 index 0000000000..cd86928b21 --- /dev/null +++ b/gnu/packages/patches/libxslt-CVE-2017-5029.patch @@ -0,0 +1,82 @@ +Fix CVE-2017-5029: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5029 + +Patch copied from upstream source repository: + +https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5 + +From 08ab2774b870de1c7b5a48693df75e8154addae5 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Thu, 12 Jan 2017 15:39:52 +0100 +Subject: [PATCH] Check for integer overflow in xsltAddTextString + +Limit buffer size in xsltAddTextString to INT_MAX. The issue can be +exploited to trigger an out of bounds write on 64-bit systems. + +Originally reported to Chromium: + +https://crbug.com/676623 +--- + libxslt/transform.c | 25 ++++++++++++++++++++++--- + libxslt/xsltInternals.h | 4 ++-- + 2 files changed, 24 insertions(+), 5 deletions(-) + +diff --git a/libxslt/transform.c b/libxslt/transform.c +index 519133fc..02bff34a 100644 +--- a/libxslt/transform.c ++++ b/libxslt/transform.c +@@ -813,13 +813,32 @@ xsltAddTextString(xsltTransformContextPtr ctxt, xmlNodePtr target, + return(target); + + if (ctxt->lasttext == target->content) { ++ int minSize; + +- if (ctxt->lasttuse + len >= ctxt->lasttsize) { ++ /* Check for integer overflow accounting for NUL terminator. */ ++ if (len >= INT_MAX - ctxt->lasttuse) { ++ xsltTransformError(ctxt, NULL, target, ++ "xsltCopyText: text allocation failed\n"); ++ return(NULL); ++ } ++ minSize = ctxt->lasttuse + len + 1; ++ ++ if (ctxt->lasttsize < minSize) { + xmlChar *newbuf; + int size; ++ int extra; ++ ++ /* Double buffer size but increase by at least 100 bytes. */ ++ extra = minSize < 100 ? 100 : minSize; ++ ++ /* Check for integer overflow. */ ++ if (extra > INT_MAX - ctxt->lasttsize) { ++ size = INT_MAX; ++ } ++ else { ++ size = ctxt->lasttsize + extra; ++ } + +- size = ctxt->lasttsize + len + 100; +- size *= 2; + newbuf = (xmlChar *) xmlRealloc(target->content,size); + if (newbuf == NULL) { + xsltTransformError(ctxt, NULL, target, +diff --git a/libxslt/xsltInternals.h b/libxslt/xsltInternals.h +index 060b1783..5ad17719 100644 +--- a/libxslt/xsltInternals.h ++++ b/libxslt/xsltInternals.h +@@ -1754,8 +1754,8 @@ struct _xsltTransformContext { + * Speed optimization when coalescing text nodes + */ + const xmlChar *lasttext; /* last text node content */ +- unsigned int lasttsize; /* last text node size */ +- unsigned int lasttuse; /* last text node use */ ++ int lasttsize; /* last text node size */ ++ int lasttuse; /* last text node use */ + /* + * Per Context Debugging + */ +-- +2.15.1 + diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index 4f75de344c..344d7c347f 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -188,12 +188,16 @@ (define-public python2-libxml2 (define-public libxslt (package (name "libxslt") + (replacement libxslt/fixed) (version "1.1.29") (source (origin (method url-fetch) (uri (string-append "ftp://xmlsoft.org/libxslt/libxslt-" version ".tar.gz")) - (patches (search-patches "libxslt-CVE-2016-4738.patch")) + ;; XXX Oops, the patches field is redefined below, which means the + ;; patch for CVE-2016-4738 was not used. Fixed in the definition of + ;; libxslt/fixed below. + ;(patches (search-patches "libxslt-CVE-2016-4738.patch")) (sha256 (base32 "1klh81xbm9ppzgqk339097i39b7fnpmlj8lzn8bpczl3aww6x5xm")) @@ -210,6 +214,15 @@ (define-public libxslt based on libxml for XML parsing, tree manipulation and XPath support.") (license license:x11))) +(define libxslt/fixed + (package + (inherit libxslt) + (source (origin + (inherit (package-source libxslt)) + (patches (search-patches "libxslt-CVE-2016-4738.patch" + "libxslt-CVE-2017-5029.patch" + "libxslt-generated-ids.patch")))))) + (define-public perl-graph-readwrite (package (name "perl-graph-readwrite") -- cgit v1.2.3