From a606ed89d4e3737beec2f3392bedba61904778f4 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Wed, 7 Oct 2015 22:50:46 -0400 Subject: gnu: webkitgtk-2.4: Fix potential code execution vulnerability. * gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. * gnu/packages/webkit.scm (webkitgtk-2.4)[source]: Add patch. --- gnu-system.am | 1 + .../patches/webkitgtk-2.4-sql-init-string.patch | 17 +++++++++++++++++ gnu/packages/webkit.scm | 4 +++- 3 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch diff --git a/gnu-system.am b/gnu-system.am index 35d2da4701..67879e9872 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -650,6 +650,7 @@ dist_patch_DATA = \ gnu/packages/patches/vpnc-script.patch \ gnu/packages/patches/vtk-mesa-10.patch \ gnu/packages/patches/w3m-fix-compile.patch \ + gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch \ gnu/packages/patches/weex-vacopy.patch \ gnu/packages/patches/wicd-bitrate-none-fix.patch \ gnu/packages/patches/wicd-get-selected-profile-fix.patch \ diff --git a/gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch b/gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch new file mode 100644 index 0000000000..671b5fb910 --- /dev/null +++ b/gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch @@ -0,0 +1,17 @@ +Copied from Fedora. + +https://bugzilla.redhat.com/show_bug.cgi?id=1189303 +http://pkgs.fedoraproject.org/cgit/webkitgtk.git/commit/?id=e689e45d0cc2c50484e69d20371ba607af7326f3 + +diff -up webkitgtk-2.4.9/Source/WebCore/platform/sql/SQLiteStatement.cpp.sql_initialize_string webkitgtk-2.4.9/Source/WebCore/platform/sql/SQLiteStatement.cpp +--- webkitgtk-2.4.9/Source/WebCore/platform/sql/SQLiteStatement.cpp.sql_initialize_string 2015-09-14 09:25:43.004200172 +0200 ++++ webkitgtk-2.4.9/Source/WebCore/platform/sql/SQLiteStatement.cpp 2015-09-14 09:25:57.852082368 +0200 +@@ -71,7 +71,7 @@ int SQLiteStatement::prepare() + // this lets SQLite avoid an extra string copy. + size_t lengthIncludingNullCharacter = query.length() + 1; + +- const char* tail; ++ const char* tail = nullptr; + int error = sqlite3_prepare_v2(m_database.sqlite3Handle(), query.data(), lengthIncludingNullCharacter, &m_statement, &tail); + + if (error != SQLITE_OK) diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm index 6be1f91807..bb041b1935 100644 --- a/gnu/packages/webkit.scm +++ b/gnu/packages/webkit.scm @@ -141,7 +141,9 @@ HTML/CSS applications to full-fledged web browsers.") name "-" version ".tar.xz")) (sha256 (base32 - "0r651ar3p0f8zwl7764kyimxk5hy88cwy116pv8cl5l8hbkjkpxg")))) + "0r651ar3p0f8zwl7764kyimxk5hy88cwy116pv8cl5l8hbkjkpxg")) + (patches + (list (search-patch "webkitgtk-2.4-sql-init-string.patch"))))) (build-system gnu-build-system) (arguments '(#:tests? #f ; no tests -- cgit v1.2.3