diff options
author | Mark H Weaver <mhw@netris.org> | 2015-07-20 23:32:30 -0400 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2015-07-20 23:33:41 -0400 |
commit | 4d85391059604959a010c39953bea5c62f52dc90 (patch) | |
tree | fcf1ca4bafe4f5cf8dd351b85637f51348602397 /gnu/packages | |
parent | 247cdf53dff1fdb9ccafb5f0b4139c73bac6d9b0 (diff) | |
download | guix-4d85391059604959a010c39953bea5c62f52dc90.tar.gz |
gnu: tidy: Add fixes for CVE-2015-5522 and CVE-2015-5523.
* gnu/packages/patches/tidy-CVE-2015-5522+5523.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. * gnu/packages/web.scm (tidy)[source]: Add patch.
Diffstat (limited to 'gnu/packages')
-rw-r--r-- | gnu/packages/patches/tidy-CVE-2015-5522+5523.patch | 36 | ||||
-rw-r--r-- | gnu/packages/web.scm | 3 |
2 files changed, 38 insertions, 1 deletions
diff --git a/gnu/packages/patches/tidy-CVE-2015-5522+5523.patch b/gnu/packages/patches/tidy-CVE-2015-5522+5523.patch new file mode 100644 index 0000000000..7afb58aa14 --- /dev/null +++ b/gnu/packages/patches/tidy-CVE-2015-5522+5523.patch @@ -0,0 +1,36 @@ +Copied from Debian. + +From c18f27a58792f7fbd0b30a0ff50d6b40a82f940d Mon Sep 17 00:00:00 2001 +From: Geoff McLane <ubuntu@geoffair.info> +Date: Wed, 3 Jun 2015 20:26:03 +0200 +Subject: [PATCH] Issue #217 - avoid len going negative, ever... + +--- + src/lexer.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/src/lexer.c b/src/lexer.c +index 376a3d8..664f806 100644 +--- a/src/lexer.c ++++ b/src/lexer.c +@@ -3739,16 +3740,17 @@ static tmbstr ParseValue( TidyDocImpl* doc, ctmbstr name, + /* and prompts attributes unless --literal-attributes is set to yes */ + /* #994841 - Whitespace is removed from value attributes */ + +- if (munge && ++ /* Issue #217 - Also only if/while (len > 0) - MUST NEVER GO NEGATIVE! */ ++ if ((len > 0) && munge && + TY_(tmbstrcasecmp)(name, "alt") && + TY_(tmbstrcasecmp)(name, "title") && + TY_(tmbstrcasecmp)(name, "value") && + TY_(tmbstrcasecmp)(name, "prompt")) + { +- while (TY_(IsWhite)(lexer->lexbuf[start+len-1])) ++ while (TY_(IsWhite)(lexer->lexbuf[start+len-1]) && (len > 0)) + --len; + +- while (TY_(IsWhite)(lexer->lexbuf[start]) && start < len) ++ while (TY_(IsWhite)(lexer->lexbuf[start]) && (start < len) && (len > 0)) + { + ++start; + --len; diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index 4123c0a930..df0d9c4d68 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -381,7 +381,8 @@ UTS#46.") (revision "2009-12-23"))) (sha256 (base32 - "14dsnmirjcrvwsffqp3as70qr6bbfaig2fv3zvs5g7005jrsbvpb")))) + "14dsnmirjcrvwsffqp3as70qr6bbfaig2fv3zvs5g7005jrsbvpb")) + (patches (list (search-patch "tidy-CVE-2015-5522+5523.patch"))))) (build-system gnu-build-system) (arguments '(#:phases (alist-cons-after |