summary refs log tree commit diff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2018-01-23 17:01:07 -0500
committerMark H Weaver <mhw@netris.org>2018-01-23 17:01:07 -0500
commita102d359a68ce7219a1880e47dd6f9332cbbce3a (patch)
treed879e718f08d776ad84c456c91a349e59941d1f2 /gnu/packages/patches
parent07b8ea841e1e2eda5b367f35cf68d23d0520cc4d (diff)
parentf3a13a21e50fa3751fc39e5768ea6843bfc19df2 (diff)
downloadguix-a102d359a68ce7219a1880e47dd6f9332cbbce3a.tar.gz
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/libsndfile-CVE-2017-12562.patch97
-rw-r--r--gnu/packages/patches/rct-add-missing-headers.patch43
-rw-r--r--gnu/packages/patches/rtags-separate-rct.patch72
3 files changed, 212 insertions, 0 deletions
diff --git a/gnu/packages/patches/libsndfile-CVE-2017-12562.patch b/gnu/packages/patches/libsndfile-CVE-2017-12562.patch
new file mode 100644
index 0000000000..58cb242b10
--- /dev/null
+++ b/gnu/packages/patches/libsndfile-CVE-2017-12562.patch
@@ -0,0 +1,97 @@
+Fix CVE-2017-12562:
+
+https://github.com/erikd/libsndfile/issues/292
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12562
+
+Patch copied from upstream source repository:
+
+https://github.com/erikd/libsndfile/commit/cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8
+
+From cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=B6rn=20Heusipp?= <osmanx@problemloesungsmaschine.de>
+Date: Wed, 14 Jun 2017 12:25:40 +0200
+Subject: [PATCH] src/common.c: Fix heap buffer overflows when writing strings
+ in binheader
+
+Fixes the following problems:
+ 1. Case 's' only enlarges the buffer by 16 bytes instead of size bytes.
+ 2. psf_binheader_writef() enlarges the header buffer (if needed) prior to the
+    big switch statement by an amount (16 bytes) which is enough for all cases
+    where only a single value gets added. Cases 's', 'S', 'p' however
+    additionally write an arbitrary length block of data and again enlarge the
+    buffer to the required amount. However, the required space calculation does
+    not take into account the size of the length field which gets output before
+    the data.
+ 3. Buffer size requirement calculation in case 'S' does not account for the
+    padding byte ("size += (size & 1) ;" happens after the calculation which
+    uses "size").
+ 4. Case 'S' can overrun the header buffer by 1 byte when no padding is
+    involved
+    ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ;" while
+    the buffer is only guaranteed to have "size" space available).
+ 5. "psf->header.ptr [psf->header.indx] = 0 ;" in case 'S' always writes 1 byte
+    beyond the space which is guaranteed to be allocated in the header buffer.
+ 6. Case 's' can overrun the provided source string by 1 byte if padding is
+    involved ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;"
+    where "size" is "strlen (strptr) + 1" (which includes the 0 terminator,
+    plus optionally another 1 which is padding and not guaranteed to be
+    readable via the source string pointer).
+
+Closes: https://github.com/erikd/libsndfile/issues/292
+---
+ src/common.c | 15 +++++++--------
+ 1 file changed, 7 insertions(+), 8 deletions(-)
+
+diff --git a/src/common.c b/src/common.c
+index 1a6204ca..6b2a2ee9 100644
+--- a/src/common.c
++++ b/src/common.c
+@@ -681,16 +681,16 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...)
+ 					/* Write a C string (guaranteed to have a zero terminator). */
+ 					strptr = va_arg (argptr, char *) ;
+ 					size = strlen (strptr) + 1 ;
+-					size += (size & 1) ;
+ 
+-					if (psf->header.indx + (sf_count_t) size >= psf->header.len && psf_bump_header_allocation (psf, 16))
++					if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1)))
+ 						return count ;
+ 
+ 					if (psf->rwf_endian == SF_ENDIAN_BIG)
+-						header_put_be_int (psf, size) ;
++						header_put_be_int (psf, size + (size & 1)) ;
+ 					else
+-						header_put_le_int (psf, size) ;
++						header_put_le_int (psf, size + (size & 1)) ;
+ 					memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;
++					size += (size & 1) ;
+ 					psf->header.indx += size ;
+ 					psf->header.ptr [psf->header.indx - 1] = 0 ;
+ 					count += 4 + size ;
+@@ -703,16 +703,15 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...)
+ 					*/
+ 					strptr = va_arg (argptr, char *) ;
+ 					size = strlen (strptr) ;
+-					if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size))
++					if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1)))
+ 						return count ;
+ 					if (psf->rwf_endian == SF_ENDIAN_BIG)
+ 						header_put_be_int (psf, size) ;
+ 					else
+ 						header_put_le_int (psf, size) ;
+-					memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ;
++					memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + (size & 1)) ;
+ 					size += (size & 1) ;
+ 					psf->header.indx += size ;
+-					psf->header.ptr [psf->header.indx] = 0 ;
+ 					count += 4 + size ;
+ 					break ;
+ 
+@@ -724,7 +723,7 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...)
+ 					size = (size & 1) ? size : size + 1 ;
+ 					size = (size > 254) ? 254 : size ;
+ 
+-					if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size))
++					if (psf->header.indx + 1 + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, 1 + size))
+ 						return count ;
+ 
+ 					header_put_byte (psf, size) ;
diff --git a/gnu/packages/patches/rct-add-missing-headers.patch b/gnu/packages/patches/rct-add-missing-headers.patch
new file mode 100644
index 0000000000..4d133aa249
--- /dev/null
+++ b/gnu/packages/patches/rct-add-missing-headers.patch
@@ -0,0 +1,43 @@
+From: fis <ybbs.daans@hotmail.com>
+Date: Sat, 20 Jan 2018 07:42:38 +0800
+Subject: [PATCH] rct.cmake: Add missing headers.
+
+---
+ rct.cmake | 20 ++++++++++++++++++++
+ 1 file changed, 20 insertions(+)
+
+diff --git a/rct.cmake b/rct.cmake
+index 323e7b9..3e0ac6b 100644
+--- a/rct.cmake
++++ b/rct.cmake
+@@ -339,7 +339,27 @@ if (NOT RCT_NO_INSTALL)
+     rct/Timer.h
+     rct/Value.h
+     rct/WriteLocker.h
++    rct/CpuUsage.h
++    rct/DataFile.h
++    rct/Date.h
++    rct/EmbeddedLinkedList.h
++    rct/FinishMessage.h
++    rct/Flags.h
++    rct/Hash.h
++    rct/LinkedList.h
++    rct/Map.h
++    rct/MemoryMappedFile.h
++    rct/OnDestruction.h
++    rct/QuitMessage.h
++    rct/ResponseMessage.h
++    rct/ScriptEngine.h
++    rct/StackBuffer.h
++    rct/WindowsUnicodeConversion.h
+     DESTINATION include/rct)
+
++  install(FILES
++    json/json.hpp
++    DESTINATION include/rct/json)
++
+   install(EXPORT "rct" DESTINATION lib/cmake)
+ endif ()
+--
+2.13.6
+
diff --git a/gnu/packages/patches/rtags-separate-rct.patch b/gnu/packages/patches/rtags-separate-rct.patch
new file mode 100644
index 0000000000..533e28b02e
--- /dev/null
+++ b/gnu/packages/patches/rtags-separate-rct.patch
@@ -0,0 +1,72 @@
+Unbundle RCT and use our own copy.
+
+--- rtags-2.16/src/CMakeLists.txt	2018-01-23 10:36:17.645855140 +0100
++++ rtags-2.16/src/CMakeLists.txt	2018-01-23 10:38:14.605234740 +0100
+@@ -105,12 +105,6 @@ if (LUA_ENABLED)
+         CMAKE_ARGS -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=0 -DCMAKE_GENERATOR=${CMAKE_GENERATOR})
+ endif ()
+ 
+-set(RCT_RTTI_ENABLED 1)
+-set(RCT_NO_INSTALL 1)
+-set(RCT_NO_LIBRARY 1)
+-# Everyting which as been set either in rct/rct.cmake or rct/compiler.cmake
+-# doesn't need to be set in this file again.
+-include(rct/rct.cmake)
+ 
+ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wstrict-aliasing=2 -Wcast-qual -fPIC")
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wstrict-aliasing=2 -Wcast-qual -fPIC")
+@@ -128,8 +122,7 @@ add_definitions(
+     "-DRTAGS_SOURCE_DIR=${CMAKE_CURRENT_SOURCE_DIR}"
+     "-DCLANG_LIBDIR=${LIBCLANG_LIBDIR}"
+     "-DCLANG_VERSION=${LIBCLANG_VERSION_STRING}"
+-    "-DOS_${CMAKE_SYSTEM_NAME}"
+-    ${RCT_DEFINITIONS})
++    "-DOS_${CMAKE_SYSTEM_NAME}")
+ 
+ if (CMAKE_SYSTEM_NAME MATCHES "FreeBSD")
+     add_definitions(-D__LONG_LONG_SUPPORTED)
+@@ -172,8 +165,7 @@ set(RTAGS_SOURCES
+     Symbol.cpp
+     SymbolInfoJob.cpp
+     Token.cpp
+-    TokensJob.cpp
+-    ${RCT_SOURCES})
++    TokensJob.cpp)
+ 
+ if (LUA_ENABLED)
+     list(APPEND RTAGS_SOURCES AST.cpp)
+@@ -195,10 +187,10 @@ endif ()
+ 
+ include_directories(
+     ${CMAKE_CURRENT_LIST_DIR}
+-    ${RCT_INCLUDE_DIRS}
+     ${CMAKE_CURRENT_LIST_DIR}/selene/include
+     ${CMAKE_CURRENT_BINARY_DIR}/lua-prefix/src/lua-build
+-    ${CMAKE_CURRENT_LIST_DIR}/lua/src)
++    ${CMAKE_CURRENT_LIST_DIR}/lua/src
++    ${CMAKE_CURRENT_BINARY_DIR}/include)
+ 
+ if (CMAKE_SYSTEM_NAME MATCHES "Darwin")
+     set(START_GROUP "")
+@@ -223,17 +215,17 @@ else ()
+ endif()
+ 
+ # RCT_LIBRARIES and stdc++ library must be at the end
+-set(RTAGS_LIBRARIES ${RTAGS_LIBRARIES} -lstdc++ ${RCT_LIBRARIES})
++set(RTAGS_LIBRARIES ${RTAGS_LIBRARIES} -lstdc++)
+ add_executable(rc rc.cpp)
+-target_link_libraries(rc ${RTAGS_LIBRARIES})
++target_link_libraries(rc ${RTAGS_LIBRARIES} rct)
+ 
+ add_executable(rdm rdm.cpp)
+-target_link_libraries(rdm ${RTAGS_LIBRARIES})
++target_link_libraries(rdm ${RTAGS_LIBRARIES} rct)
+ 
+ set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${PROJECT_BINARY_DIR}/bin)
+ 
+ add_executable(rp rp.cpp)
+-target_link_libraries(rp ${RTAGS_LIBRARIES})
++target_link_libraries(rp ${RTAGS_LIBRARIES} rct)
+ 
+ if (CYGWIN)
+     EnsureLibraries(rdm rct)