summary refs log tree commit diff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/freeimage-CVE-2015-0852.patch129
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2015-6581.patch47
-rw-r--r--gnu/packages/patches/openjpeg-use-after-free-fix.patch48
-rw-r--r--gnu/packages/patches/qt4-tests.patch22
-rw-r--r--gnu/packages/patches/qt5-runpath.patch27
-rw-r--r--gnu/packages/patches/valgrind-enable-arm.patch15
-rw-r--r--gnu/packages/patches/valgrind-glibc-2.22.patch39
-rw-r--r--gnu/packages/patches/valgrind-linux-libre-4.x.patch18
-rw-r--r--gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch17
9 files changed, 256 insertions, 106 deletions
diff --git a/gnu/packages/patches/freeimage-CVE-2015-0852.patch b/gnu/packages/patches/freeimage-CVE-2015-0852.patch
new file mode 100644
index 0000000000..34d538e925
--- /dev/null
+++ b/gnu/packages/patches/freeimage-CVE-2015-0852.patch
@@ -0,0 +1,129 @@
+Copied from Debian.
+
+Description: fix integer overflow
+Origin: upstream
+ http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginPCX.cpp?view=patch&r1=1.17&r2=1.18&pathrev=MAIN
+ http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginPCX.cpp?view=patch&r1=1.18&r2=1.19&pathrev=MAIN
+Bug-Debian: https://bugs.debian.org/797165
+Last-Update: 2015-09-14
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: freeimage/Source/FreeImage/PluginPCX.cpp
+===================================================================
+--- freeimage.orig/Source/FreeImage/PluginPCX.cpp
++++ freeimage/Source/FreeImage/PluginPCX.cpp
+@@ -347,12 +347,14 @@ Load(FreeImageIO *io, fi_handle handle,
+ 
+ 	try {
+ 		// check PCX identifier
+-
+-		long start_pos = io->tell_proc(handle);
+-		BOOL validated = pcx_validate(io, handle);		
+-		io->seek_proc(handle, start_pos, SEEK_SET);
+-		if(!validated) {
+-			throw FI_MSG_ERROR_MAGIC_NUMBER;
++		// (note: should have been already validated using FreeImage_GetFileType but check again)
++		{
++			long start_pos = io->tell_proc(handle);
++			BOOL validated = pcx_validate(io, handle);
++			io->seek_proc(handle, start_pos, SEEK_SET);
++			if(!validated) {
++				throw FI_MSG_ERROR_MAGIC_NUMBER;
++			}
+ 		}
+ 
+ 		// process the header
+@@ -366,20 +368,38 @@ Load(FreeImageIO *io, fi_handle handle,
+ 		SwapHeader(&header);
+ #endif
+ 
+-		// allocate a new DIB
++		// process the window
++		const WORD *window = header.window;	// left, upper, right,lower pixel coord.
++		const int left		= window[0];
++		const int top		= window[1];
++		const int right		= window[2];
++		const int bottom	= window[3];
+ 
+-		unsigned width = header.window[2] - header.window[0] + 1;
+-		unsigned height = header.window[3] - header.window[1] + 1;
+-		unsigned bitcount = header.bpp * header.planes;
+-
+-		if (bitcount == 24) {
+-			dib = FreeImage_AllocateHeader(header_only, width, height, bitcount, FI_RGBA_RED_MASK, FI_RGBA_GREEN_MASK, FI_RGBA_BLUE_MASK);
+-		} else {
+-			dib = FreeImage_AllocateHeader(header_only, width, height, bitcount);			
++		// check image size
++		if((left >= right) || (top >= bottom)) {
++			throw FI_MSG_ERROR_PARSING;
+ 		}
+ 
+-		// if the dib couldn't be allocated, throw an error
++		const unsigned width = right - left + 1;
++		const unsigned height = bottom - top + 1;
++		const unsigned bitcount = header.bpp * header.planes;
++
++		// allocate a new DIB
++		switch(bitcount) {
++			case 1:
++			case 4:
++			case 8:
++				dib = FreeImage_AllocateHeader(header_only, width, height, bitcount);
++				break;
++			case 24:
++				dib = FreeImage_AllocateHeader(header_only, width, height, bitcount, FI_RGBA_RED_MASK, FI_RGBA_GREEN_MASK, FI_RGBA_BLUE_MASK);
++				break;
++			default:
++				throw FI_MSG_ERROR_DIB_MEMORY;
++				break;
++		}
+ 
++		// if the dib couldn't be allocated, throw an error
+ 		if (!dib) {
+ 			throw FI_MSG_ERROR_DIB_MEMORY;
+ 		}
+@@ -426,19 +446,23 @@ Load(FreeImageIO *io, fi_handle handle,
+ 
+ 				if (palette_id == 0x0C) {
+ 					BYTE *cmap = (BYTE*)malloc(768 * sizeof(BYTE));
+-					io->read_proc(cmap, 768, 1, handle);
+ 
+-					pal = FreeImage_GetPalette(dib);
+-					BYTE *pColormap = &cmap[0];
++					if(cmap) {
++						io->read_proc(cmap, 768, 1, handle);
+ 
+-					for(int i = 0; i < 256; i++) {
+-						pal[i].rgbRed   = pColormap[0];
+-						pal[i].rgbGreen = pColormap[1];
+-						pal[i].rgbBlue  = pColormap[2];
+-						pColormap += 3;
++						pal = FreeImage_GetPalette(dib);
++						BYTE *pColormap = &cmap[0];
++
++						for(int i = 0; i < 256; i++) {
++							pal[i].rgbRed   = pColormap[0];
++							pal[i].rgbGreen = pColormap[1];
++							pal[i].rgbBlue  = pColormap[2];
++							pColormap += 3;
++						}
++
++						free(cmap);
+ 					}
+ 
+-					free(cmap);
+ 				}
+ 
+ 				// wrong palette ID, perhaps a gray scale is needed ?
+@@ -466,9 +490,9 @@ Load(FreeImageIO *io, fi_handle handle,
+ 		// calculate the line length for the PCX and the DIB
+ 
+ 		// length of raster line in bytes
+-		unsigned linelength = header.bytes_per_line * header.planes;
++		const unsigned linelength = header.bytes_per_line * header.planes;
+ 		// length of DIB line (rounded to DWORD) in bytes
+-		unsigned pitch = FreeImage_GetPitch(dib);
++		const unsigned pitch = FreeImage_GetPitch(dib);
+ 
+ 		// run-length encoding ?
+ 
diff --git a/gnu/packages/patches/openjpeg-CVE-2015-6581.patch b/gnu/packages/patches/openjpeg-CVE-2015-6581.patch
new file mode 100644
index 0000000000..7ce03501f4
--- /dev/null
+++ b/gnu/packages/patches/openjpeg-CVE-2015-6581.patch
@@ -0,0 +1,47 @@
+From 0fa5a17c98c4b8f9ee2286f4f0a50cf52a5fccb0 Mon Sep 17 00:00:00 2001
+From: Matthieu Darbois <mayeut@users.noreply.github.com>
+Date: Tue, 19 May 2015 21:57:27 +0000
+Subject: [PATCH] [trunk] Correct potential double free on malloc failure in
+ opj_j2k_copy_default_tcp_and_create_tcp (fixes issue 492)
+
+---
+ src/lib/openjp2/j2k.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
+index 8c62a39..cbdd368 100644
+--- a/src/lib/openjp2/j2k.c
++++ b/src/lib/openjp2/j2k.c
+@@ -7365,6 +7365,12 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd (       opj_j2k_t * p_j2
+                 l_tcp->cod = 0;
+                 l_tcp->ppt = 0;
+                 l_tcp->ppt_data = 00;
++                /* Remove memory not owned by this tile in case of early error return. */
++                l_tcp->m_mct_decoding_matrix = 00;
++                l_tcp->m_nb_max_mct_records = 0;
++                l_tcp->m_mct_records = 00;
++                l_tcp->m_nb_max_mcc_records = 0;
++                l_tcp->m_mcc_records = 00;
+                 /* Reconnect the tile-compo coding parameters pointer to the current tile coding parameters*/
+                 l_tcp->tccps = l_current_tccp;
+ 
+@@ -7402,6 +7408,8 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd (       opj_j2k_t * p_j2
+ 
+                         ++l_src_mct_rec;
+                         ++l_dest_mct_rec;
++                        /* Update with each pass to free exactly what has been allocated on early return. */
++                        l_tcp->m_nb_max_mct_records += 1;
+                 }
+ 
+                 /* Get the mcc_record of the dflt_tile_cp and copy them into the current tile cp*/
+@@ -7411,6 +7419,7 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd (       opj_j2k_t * p_j2
+                         return OPJ_FALSE;
+                 }
+                 memcpy(l_tcp->m_mcc_records,l_default_tcp->m_mcc_records,l_mcc_records_size);
++                l_tcp->m_nb_max_mcc_records = l_default_tcp->m_nb_max_mcc_records;
+ 
+                 /* Copy the mcc record data from dflt_tile_cp to the current tile*/
+                 l_src_mcc_rec = l_default_tcp->m_mcc_records;
+-- 
+2.5.0
+
diff --git a/gnu/packages/patches/openjpeg-use-after-free-fix.patch b/gnu/packages/patches/openjpeg-use-after-free-fix.patch
new file mode 100644
index 0000000000..1a9cb1ae1d
--- /dev/null
+++ b/gnu/packages/patches/openjpeg-use-after-free-fix.patch
@@ -0,0 +1,48 @@
+From 940100c28ae28931722290794889cf84a92c5f6f Mon Sep 17 00:00:00 2001
+From: mayeut <mayeut@users.noreply.github.com>
+Date: Sun, 6 Sep 2015 17:24:03 +0200
+Subject: [PATCH] Fix potential use-after-free in opj_j2k_write_mco function
+
+Fixes #563
+---
+ src/lib/openjp2/j2k.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
+index 19a48f5..d487d89 100644
+--- a/src/lib/openjp2/j2k.c
++++ b/src/lib/openjp2/j2k.c
+@@ -5559,8 +5559,7 @@ static OPJ_BOOL opj_j2k_write_mco(     opj_j2k_t *p_j2k,
+         assert(p_stream != 00);
+ 
+         l_tcp =&(p_j2k->m_cp.tcps[p_j2k->m_current_tile_number]);
+-        l_current_data = p_j2k->m_specific_param.m_encoder.m_header_tile_data;
+-
++	
+         l_mco_size = 5 + l_tcp->m_nb_mcc_records;
+         if (l_mco_size > p_j2k->m_specific_param.m_encoder.m_header_tile_data_size) {
+ 
+@@ -5575,6 +5574,8 @@ static OPJ_BOOL opj_j2k_write_mco(     opj_j2k_t *p_j2k,
+                 p_j2k->m_specific_param.m_encoder.m_header_tile_data = new_header_tile_data;
+                 p_j2k->m_specific_param.m_encoder.m_header_tile_data_size = l_mco_size;
+         }
++        l_current_data = p_j2k->m_specific_param.m_encoder.m_header_tile_data;
++
+ 
+         opj_write_bytes(l_current_data,J2K_MS_MCO,2);                   /* MCO */
+         l_current_data += 2;
+@@ -5586,10 +5587,9 @@ static OPJ_BOOL opj_j2k_write_mco(     opj_j2k_t *p_j2k,
+         ++l_current_data;
+ 
+         l_mcc_record = l_tcp->m_mcc_records;
+-        for     (i=0;i<l_tcp->m_nb_mcc_records;++i) {
++        for (i=0;i<l_tcp->m_nb_mcc_records;++i) {
+                 opj_write_bytes(l_current_data,l_mcc_record->m_index,1);/* Imco -> use the mcc indicated by 1*/
+                 ++l_current_data;
+-
+                 ++l_mcc_record;
+         }
+ 
+-- 
+2.5.0
+
diff --git a/gnu/packages/patches/qt4-tests.patch b/gnu/packages/patches/qt4-tests.patch
deleted file mode 100644
index eb499ec76a..0000000000
--- a/gnu/packages/patches/qt4-tests.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-Drop tests requiring a running X server, but not starting any.
-
-diff -ru qt-everywhere-opensource-src-4.8.5.orig/src/3rdparty/webkit/Source/WebKit/qt/tests/tests.pro qt-everywhere-opensource-src-4.8.5/src/3rdparty/webkit/Source/WebKit/qt/tests/tests.pro
---- qt-everywhere-opensource-src-4.8.5.orig/src/3rdparty/webkit/Source/WebKit/qt/tests/tests.pro	2013-10-12 13:15:47.000000000 +0200
-+++ qt-everywhere-opensource-src-4.8.5/src/3rdparty/webkit/Source/WebKit/qt/tests/tests.pro	2013-10-12 13:20:15.000000000 +0200
-@@ -1,15 +1,4 @@
- 
- TEMPLATE = subdirs
--SUBDIRS = qwebframe qwebpage qwebelement qgraphicswebview qwebhistoryinterface qwebview qwebhistory qwebinspector hybridPixmap
-+SUBDIRS =
- 
--linux-* {
--    # This test bypasses the library and links the tested code's object itself.
--    # This stresses the build system in some corners so we only run it on linux.
--    SUBDIRS += MIMESniffing
--}
--
--contains(QT_CONFIG, declarative): SUBDIRS += qdeclarativewebview
--SUBDIRS += benchmarks/painting benchmarks/loading
--contains(DEFINES, ENABLE_WEBGL=1) {
--    SUBDIRS += benchmarks/webgl
--}
diff --git a/gnu/packages/patches/qt5-runpath.patch b/gnu/packages/patches/qt5-runpath.patch
deleted file mode 100644
index d045d39aaa..0000000000
--- a/gnu/packages/patches/qt5-runpath.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-Allow the use of DT_RUNPATH.  This fixes a bug whereby libQt5WebEngineCore.so
-ends up having an empty RUNPATH.
-
-
-diff -u -r qt-everywhere-opensource-src-5.5.0.orig/qtwebengine/src/3rdparty/chromium/build/common.gypi qt-everywhere-opensource-src-5.5.0/qtwebengine/src/3rdparty/chromium/build/common.gypi
---- qt-everywhere-opensource-src-5.5.0.orig/qtwebengine/src/3rdparty/chromium/build/common.gypi	2015-06-29 22:09:36.000000000 +0200
-+++ qt-everywhere-opensource-src-5.5.0/qtwebengine/src/3rdparty/chromium/build/common.gypi	2015-07-25 15:32:57.999411191 +0200
-@@ -4448,19 +4448,6 @@
-               '-B<!(cd <(DEPTH) && pwd -P)/<(binutils_dir)',
-             ],
-           }],
--          # Some binutils 2.23 releases may or may not have new dtags enabled,
--          # but they are all compatible with --disable-new-dtags,
--          # because the new dynamic tags are not created by default.
--          ['binutils_version>=223', {
--            # Newer binutils don't set DT_RPATH unless you disable "new" dtags
--            # and the new DT_RUNPATH doesn't work without --no-as-needed flag.
--            # FIXME(mithro): Figure out the --as-needed/--no-as-needed flags
--            # inside this file to allow usage of --no-as-needed and removal of
--            # this flag.
--            'ldflags': [
--              '-Wl,--disable-new-dtags',
--            ],
--          }],
-           ['gcc_version>=47 and clang==0', {
-             'target_conditions': [
-               ['_toolset=="target"', {
diff --git a/gnu/packages/patches/valgrind-enable-arm.patch b/gnu/packages/patches/valgrind-enable-arm.patch
new file mode 100644
index 0000000000..663e68463c
--- /dev/null
+++ b/gnu/packages/patches/valgrind-enable-arm.patch
@@ -0,0 +1,15 @@
+Accept "arm" instead of "armv7" in configure, see
+   http://valgrind.10908.n7.nabble.com/building-for-arm-td39382.html .
+
+diff -u -r valgrind-3.11.0.orig/configure valgrind-3.11.0/configure
+--- valgrind-3.11.0.orig/configure	2015-10-02 20:37:41.915721386 +0200
++++ valgrind-3.11.0/configure	2015-10-02 20:37:54.886746395 +0200
+@@ -5607,7 +5607,7 @@
+         ARCH_MAX="s390x"
+         ;;
+ 
+-     armv7*)
++     arm*)
+ 	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: ok (${host_cpu})" >&5
+ $as_echo "ok (${host_cpu})" >&6; }
+ 	ARCH_MAX="arm"
diff --git a/gnu/packages/patches/valgrind-glibc-2.22.patch b/gnu/packages/patches/valgrind-glibc-2.22.patch
deleted file mode 100644
index 36c4916cc6..0000000000
--- a/gnu/packages/patches/valgrind-glibc-2.22.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-Submitted By: Pierre Labastie <pierre at linuxfromscratch dot org>
-Date: 2015-02-22
-Initial Package Version: 3.10.1
-Upstream Status: Unknown
-Origin: Self
-Description: Allows Valgrind to build with glibc-2.21
-
-Later modified to support glibc-2.22 as well.
-
-diff -Naur valgrind-3.10.1.old/configure valgrind-3.10.1.new/configure
---- valgrind-3.10.1.old/configure	2014-11-25 20:42:25.000000000 +0100
-+++ valgrind-3.10.1.new/configure	2015-02-22 10:46:06.607826488 +0100
-@@ -6842,6 +6842,26 @@
- 	DEFAULT_SUPP="glibc-2.34567-NPTL-helgrind.supp ${DEFAULT_SUPP}"
- 	DEFAULT_SUPP="glibc-2.X-drd.supp ${DEFAULT_SUPP}"
- 	;;
-+     2.21)
-+	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: 2.21 family" >&5
-+$as_echo "2.21 family" >&6; }
-+
-+$as_echo "#define GLIBC_2_21 1" >>confdefs.h
-+
-+	DEFAULT_SUPP="glibc-2.X.supp ${DEFAULT_SUPP}"
-+	DEFAULT_SUPP="glibc-2.34567-NPTL-helgrind.supp ${DEFAULT_SUPP}"
-+	DEFAULT_SUPP="glibc-2.X-drd.supp ${DEFAULT_SUPP}"
-+	;;
-+     2.22)
-+	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: 2.22 family" >&5
-+$as_echo "2.22 family" >&6; }
-+
-+$as_echo "#define GLIBC_2_22 1" >>confdefs.h
-+
-+	DEFAULT_SUPP="glibc-2.X.supp ${DEFAULT_SUPP}"
-+	DEFAULT_SUPP="glibc-2.34567-NPTL-helgrind.supp ${DEFAULT_SUPP}"
-+	DEFAULT_SUPP="glibc-2.X-drd.supp ${DEFAULT_SUPP}"
-+	;;
-      darwin)
- 	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: Darwin" >&5
- $as_echo "Darwin" >&6; }
diff --git a/gnu/packages/patches/valgrind-linux-libre-4.x.patch b/gnu/packages/patches/valgrind-linux-libre-4.x.patch
deleted file mode 100644
index 79166619c7..0000000000
--- a/gnu/packages/patches/valgrind-linux-libre-4.x.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Modify valgrind's configure script to accept linux-libre-4.x as being in the
-same family as 3.x.
-
---- valgrind-3.10.1/configure	2015-09-15 18:02:20.710262686 -0400
-+++ valgrind-3.10.1/configure	2015-09-15 18:02:59.831829731 -0400
-@@ -5553,9 +5553,9 @@
-         kernel=`uname -r`
- 
-         case "${kernel}" in
--             2.6.*|3.*)
--        	    { $as_echo "$as_me:${as_lineno-$LINENO}: result: 2.6.x/3.x family (${kernel})" >&5
--$as_echo "2.6.x/3.x family (${kernel})" >&6; }
-+             2.6.*|3.*|4.*)
-+        	    { $as_echo "$as_me:${as_lineno-$LINENO}: result: 2.6.x/3.x/4.x family (${kernel})" >&5
-+$as_echo "2.6.x/3.x/4.x family (${kernel})" >&6; }
- 
- $as_echo "#define KERNEL_2_6 1" >>confdefs.h
- 
diff --git a/gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch b/gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch
new file mode 100644
index 0000000000..671b5fb910
--- /dev/null
+++ b/gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch
@@ -0,0 +1,17 @@
+Copied from Fedora.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1189303
+http://pkgs.fedoraproject.org/cgit/webkitgtk.git/commit/?id=e689e45d0cc2c50484e69d20371ba607af7326f3
+
+diff -up webkitgtk-2.4.9/Source/WebCore/platform/sql/SQLiteStatement.cpp.sql_initialize_string webkitgtk-2.4.9/Source/WebCore/platform/sql/SQLiteStatement.cpp
+--- webkitgtk-2.4.9/Source/WebCore/platform/sql/SQLiteStatement.cpp.sql_initialize_string	2015-09-14 09:25:43.004200172 +0200
++++ webkitgtk-2.4.9/Source/WebCore/platform/sql/SQLiteStatement.cpp	2015-09-14 09:25:57.852082368 +0200
+@@ -71,7 +71,7 @@ int SQLiteStatement::prepare()
+     // this lets SQLite avoid an extra string copy.
+     size_t lengthIncludingNullCharacter = query.length() + 1;
+ 
+-    const char* tail;
++    const char* tail = nullptr;
+     int error = sqlite3_prepare_v2(m_database.sqlite3Handle(), query.data(), lengthIncludingNullCharacter, &m_statement, &tail);
+ 
+     if (error != SQLITE_OK)