diff options
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/patches/links-CVE-2017-11114.patch | 99 | ||||
-rw-r--r-- | gnu/packages/web-browsers.scm | 7 |
3 files changed, 3 insertions, 104 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 26d2369a5a..b810e7b02f 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -884,7 +884,6 @@ dist_patch_DATA = \ %D%/packages/patches/lierolibre-newer-libconfig.patch \ %D%/packages/patches/lierolibre-remove-arch-warning.patch \ %D%/packages/patches/lierolibre-try-building-other-arch.patch \ - %D%/packages/patches/links-CVE-2017-11114.patch \ %D%/packages/patches/linux-pam-no-setfsuid.patch \ %D%/packages/patches/lirc-localstatedir.patch \ %D%/packages/patches/llvm-3.5-fix-clang-build-with-gcc5.patch \ diff --git a/gnu/packages/patches/links-CVE-2017-11114.patch b/gnu/packages/patches/links-CVE-2017-11114.patch deleted file mode 100644 index c5ac9884b5..0000000000 --- a/gnu/packages/patches/links-CVE-2017-11114.patch +++ /dev/null @@ -1,99 +0,0 @@ -Fix CVE-2017-11114: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11114 -http://seclists.org/fulldisclosure/2017/Jul/76 - -Patch copied from Debian: - -https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870299#12 - -Origin: upstream, commit: fee5dca79a93a37024e494b985386a5fe60bc1b7 -Origin: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870299#12 -Author: Mikulas Patocka <mikulas@twibright.com> -Date: Wed Aug 2 20:13:29 2017 +0200 -Subject: Fix read out of memory in case of corrupted UTF-8 data - ---- - charsets.c | 37 +------------------------------------ - links.h | 9 ++++----- - 2 files changed, 5 insertions(+), 41 deletions(-) - -Index: links-2.14/charsets.c -=================================================================== ---- links-2.14.orig/charsets.c -+++ links-2.14/charsets.c -@@ -215,41 +215,6 @@ static struct conv_table *get_translatio - return utf_table; - } - --unsigned short int utf8_2_uni_table[0x200] = { -- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 128, 0, 0, 0, 192, 0, -- 0, 0, 256, 0, 0, 0, 320, 0, 0, 0, 384, 0, 0, 0, 448, 0, -- 0, 0, 512, 0, 0, 0, 576, 0, 0, 0, 640, 0, 0, 0, 704, 0, -- 0, 0, 768, 0, 0, 0, 832, 0, 0, 0, 896, 0, 0, 0, 960, 0, -- 0, 0, 1024, 0, 0, 0, 1088, 0, 0, 0, 1152, 0, 0, 0, 1216, 0, -- 0, 0, 1280, 0, 0, 0, 1344, 0, 0, 0, 1408, 0, 0, 0, 1472, 0, -- 0, 0, 1536, 0, 0, 0, 1600, 0, 0, 0, 1664, 0, 0, 0, 1728, 0, -- 0, 0, 1792, 0, 0, 0, 1856, 0, 0, 0, 1920, 0, 0, 0, 1984, 0, -- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, --}; -- - unsigned char utf_8_1[256] = { - 6, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, -@@ -269,7 +234,7 @@ unsigned char utf_8_1[256] = { - 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 6, 6, - }; - --static_const unsigned min_utf_8[9] = { -+static_const unsigned min_utf_8[8] = { - 0, 0x4000000, 0x200000, 0x10000, 0x800, 0x80, 0x100, 0x1, - }; - -Index: links-2.14/links.h -=================================================================== ---- links-2.14.orig/links.h -+++ links-2.14/links.h -@@ -3906,15 +3906,14 @@ unsigned char *cp_strchr(int charset, un - void init_charset(void); - - unsigned get_utf_8(unsigned char **p); --extern unsigned short int utf8_2_uni_table[0x200]; - #define GET_UTF_8(s, c) \ - do { \ - if ((unsigned char)(s)[0] < 0x80) \ - (c) = (s)++[0]; \ -- else if (((c) = utf8_2_uni_table[((unsigned char)(s)[0] << 2) + \ -- ((unsigned char)(s)[1] >> 6) - 0x200])) \ -- (c) += (unsigned char)(s)[1] & 0x3f, (s) += 2; \ -- else \ -+ else if ((unsigned char)(s)[0] >= 0xc2 && (unsigned char)(s)[0] < 0xe0 &&\ -+ ((unsigned char)(s)[1] & 0xc0) == 0x80) { \ -+ (c) = (unsigned char)(s)[0] * 0x40 + (unsigned char)(s)[1], (c) -= 0x3080, (s) += 2;\ -+ } else \ - (c) = get_utf_8(&(s)); \ - } while (0) - #define FWD_UTF_8(s) \ diff --git a/gnu/packages/web-browsers.scm b/gnu/packages/web-browsers.scm index ef39d71411..6c929d326d 100644 --- a/gnu/packages/web-browsers.scm +++ b/gnu/packages/web-browsers.scm @@ -79,15 +79,14 @@ older or slower computers and embedded systems.") (define-public links (package (name "links") - (version "2.14") + (version "2.15") (source (origin (method url-fetch) (uri (string-append "http://links.twibright.com/download/" name "-" version ".tar.bz2")) - (patches (search-patches "links-CVE-2017-11114.patch")) - (sha256 + (sha256 (base32 - "1f24y83wa1vzzjq5kp857gjqdpnmf8pb29yw7fam0m8wxxw0c3gp")))) + "1jp3xyvp87a188b4kg5ycqahrazj7928zncgsznzn54w8d5iqahy")))) (build-system gnu-build-system) (arguments `(#:phases |