summaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2017-04-25 14:27:03 -0400
committerLeo Famulari <leo@famulari.name>2017-04-25 14:27:03 -0400
commit39d2d9a7abdde28830c39c1128986cad539c081d (patch)
tree980846ee567066b80e259e35bd1f39c388db583c /gnu/packages/patches
parent803067939718be1c17a40fa33a75eb65a3cece2f (diff)
parent31c374e0816fc183e177d93257f90b3c02d517af (diff)
Merge branch 'master' into staging
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/libcroco-CVE-2017-7960.patch66
-rw-r--r--gnu/packages/patches/libcroco-CVE-2017-7961.patch50
-rw-r--r--gnu/packages/patches/wmfire-update-for-new-gdk-versions.patch144
3 files changed, 260 insertions, 0 deletions
diff --git a/gnu/packages/patches/libcroco-CVE-2017-7960.patch b/gnu/packages/patches/libcroco-CVE-2017-7960.patch
new file mode 100644
index 0000000000..0319c7389f
--- /dev/null
+++ b/gnu/packages/patches/libcroco-CVE-2017-7960.patch
@@ -0,0 +1,66 @@
+Fix CVE-2017-7960:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7960
+
+Patch copied from upstream source repository:
+
+https://git.gnome.org/browse/libcroco/commit/?id=898e3a8c8c0314d2e6b106809a8e3e93cf9d4394
+
+From 898e3a8c8c0314d2e6b106809a8e3e93cf9d4394 Mon Sep 17 00:00:00 2001
+From: Ignacio Casal Quinteiro <qignacio@amazon.com>
+Date: Sun, 16 Apr 2017 13:13:43 +0200
+Subject: input: check end of input before reading a byte
+
+When reading bytes we weren't check that the index wasn't
+out of bound and this could produce an invalid read which
+could deal to a security bug.
+---
+ src/cr-input.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/src/cr-input.c b/src/cr-input.c
+index 49000b1..3b63a88 100644
+--- a/src/cr-input.c
++++ b/src/cr-input.c
+@@ -256,7 +256,7 @@ cr_input_new_from_uri (const gchar * a_file_uri, enum CREncoding a_enc)
+ *we should free buf here because it's own by CRInput.
+ *(see the last parameter of cr_input_new_from_buf().
+ */
+- buf = NULL ;
++ buf = NULL;
+ }
+
+ cleanup:
+@@ -404,6 +404,8 @@ cr_input_get_nb_bytes_left (CRInput const * a_this)
+ enum CRStatus
+ cr_input_read_byte (CRInput * a_this, guchar * a_byte)
+ {
++ gulong nb_bytes_left = 0;
++
+ g_return_val_if_fail (a_this && PRIVATE (a_this)
+ && a_byte, CR_BAD_PARAM_ERROR);
+
+@@ -413,6 +415,12 @@ cr_input_read_byte (CRInput * a_this, guchar * a_byte)
+ if (PRIVATE (a_this)->end_of_input == TRUE)
+ return CR_END_OF_INPUT_ERROR;
+
++ nb_bytes_left = cr_input_get_nb_bytes_left (a_this);
++
++ if (nb_bytes_left < 1) {
++ return CR_END_OF_INPUT_ERROR;
++ }
++
+ *a_byte = PRIVATE (a_this)->in_buf[PRIVATE (a_this)->next_byte_index];
+
+ if (PRIVATE (a_this)->nb_bytes -
+@@ -477,7 +485,6 @@ cr_input_read_char (CRInput * a_this, guint32 * a_char)
+ if (*a_char == '\n') {
+ PRIVATE (a_this)->end_of_line = TRUE;
+ }
+-
+ }
+
+ return status;
+--
+cgit v0.12
+
diff --git a/gnu/packages/patches/libcroco-CVE-2017-7961.patch b/gnu/packages/patches/libcroco-CVE-2017-7961.patch
new file mode 100644
index 0000000000..675dbe4f08
--- /dev/null
+++ b/gnu/packages/patches/libcroco-CVE-2017-7961.patch
@@ -0,0 +1,50 @@
+Fix CVE-2017-7961:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7961
+
+Patch copied from upstream source repository:
+
+https://git.gnome.org/browse/libcroco/commit/?id=9ad72875e9f08e4c519ef63d44cdbd94aa9504f7
+
+From 9ad72875e9f08e4c519ef63d44cdbd94aa9504f7 Mon Sep 17 00:00:00 2001
+From: Ignacio Casal Quinteiro <qignacio@amazon.com>
+Date: Sun, 16 Apr 2017 13:56:09 +0200
+Subject: tknzr: support only max long rgb values
+
+This fixes a possible out of bound when reading rgbs which
+are longer than the support MAXLONG
+---
+ src/cr-tknzr.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/cr-tknzr.c b/src/cr-tknzr.c
+index 1a7cfeb..1548c35 100644
+--- a/src/cr-tknzr.c
++++ b/src/cr-tknzr.c
+@@ -1279,6 +1279,11 @@ cr_tknzr_parse_rgb (CRTknzr * a_this, CRRgb ** a_rgb)
+ status = cr_tknzr_parse_num (a_this, &num);
+ ENSURE_PARSING_COND ((status == CR_OK) && (num != NULL));
+
++ if (num->val > G_MAXLONG) {
++ status = CR_PARSING_ERROR;
++ goto error;
++ }
++
+ red = num->val;
+ cr_num_destroy (num);
+ num = NULL;
+@@ -1298,6 +1303,11 @@ cr_tknzr_parse_rgb (CRTknzr * a_this, CRRgb ** a_rgb)
+ status = cr_tknzr_parse_num (a_this, &num);
+ ENSURE_PARSING_COND ((status == CR_OK) && (num != NULL));
+
++ if (num->val > G_MAXLONG) {
++ status = CR_PARSING_ERROR;
++ goto error;
++ }
++
+ PEEK_BYTE (a_this, 1, &next_bytes[0]);
+ if (next_bytes[0] == '%') {
+ SKIP_CHARS (a_this, 1);
+--
+cgit v0.12
+
diff --git a/gnu/packages/patches/wmfire-update-for-new-gdk-versions.patch b/gnu/packages/patches/wmfire-update-for-new-gdk-versions.patch
new file mode 100644
index 0000000000..51d6c3e791
--- /dev/null
+++ b/gnu/packages/patches/wmfire-update-for-new-gdk-versions.patch
@@ -0,0 +1,144 @@
+This patch comes from Debian and was modified by Kei Kebreau <kei@openmailbox.org>.
+Link: https://anonscm.debian.org/cgit/pkg-wmaker/wmfire.git/plain/debian/patches/gdk_updates.patch?h=debian/1.2.4-2&id=a272234fc5eecdbfc469adb12133196bc62f3059
+
+Description: Update for newer versions of GDK.
+ In particular, the icon window was not receiving enter and leave events from
+ the pointer. To fix this, we get rid of the second GdkWindow iconwin entirely
+ and set win to be its own icon.
+ .
+ This also removes the need for the "broken window manager" fix, so we remove it
+ and all references to it.
+Author: Doug Torrance <dtorrance@piedmont.edu>
+
+diff -ur wmfire-1.2.4.old/src/wmfire.c wmfire-1.2.4/src/wmfire.c
+--- wmfire-1.2.4.old/src/wmfire.c 2017-04-23 14:26:58.449487117 -0400
++++ wmfire-1.2.4/src/wmfire.c 2017-04-23 14:32:10.785238671 -0400
+@@ -77,7 +77,6 @@
+ typedef struct {
+ Display *display; /* X11 display */
+ GdkWindow *win; /* Main window */
+- GdkWindow *iconwin; /* Icon window */
+ GdkGC *gc; /* Drawing GC */
+ GdkPixmap *pixmap; /* Main pixmap */
+ GdkBitmap *mask; /* Dockapp mask */
+@@ -141,7 +140,6 @@
+ int cmap = 0;
+ int lock = 0;
+ int proximity = 0;
+-int broken_wm = 0;
+
+ /******************************************/
+ /* Main */
+@@ -262,12 +260,8 @@
+ usleep(REFRESH);
+
+ /* Draw the rgb buffer to screen */
+- if (!broken_wm)
+- gdk_draw_rgb_image(bm.iconwin, bm.gc, 4, 4, XMAX, YMAX, GDK_RGB_DITHER_NONE, bm.rgb, XMAX * 3);
+- else
+- gdk_draw_rgb_image(bm.win, bm.gc, 4, 4, XMAX, YMAX, GDK_RGB_DITHER_NONE, bm.rgb, XMAX * 3);
++ gdk_draw_rgb_image(bm.win, bm.gc, 4, 4, XMAX, YMAX, GDK_RGB_DITHER_NONE, bm.rgb, XMAX * 3);
+ }
+-
+ return 0;
+ }
+
+@@ -556,9 +550,7 @@
+ #define MASK GDK_BUTTON_PRESS_MASK | GDK_ENTER_NOTIFY_MASK | GDK_LEAVE_NOTIFY_MASK | GDK_POINTER_MOTION_HINT_MASK
+
+ GdkWindowAttr attr;
+- GdkWindowAttr attri;
+ Window win;
+- Window iconwin;
+
+ GdkPixmap *icon;
+
+@@ -578,10 +570,6 @@
+ attr.wmclass_class = "wmfire";
+ attr.window_type = GDK_WINDOW_TOPLEVEL;
+
+- /* Make a copy for the iconwin - parameters are the same */
+- memcpy(&attri, &attr, sizeof (GdkWindowAttr));
+- attri.window_type = GDK_WINDOW_CHILD;
+-
+ sizehints.flags = USSize;
+ sizehints.width = 64;
+ sizehints.height = 64;
+@@ -592,18 +580,11 @@
+ exit(1);
+ }
+
+- bm.iconwin = gdk_window_new(bm.win, &attri, GDK_WA_TITLE | GDK_WA_WMCLASS);
+- if (!bm.iconwin) {
+- fprintf(stderr, "FATAL: Cannot make icon window\n");
+- exit(1);
+- }
+-
+ win = GDK_WINDOW_XWINDOW(bm.win);
+- iconwin = GDK_WINDOW_XWINDOW(bm.iconwin);
+ XSetWMNormalHints(GDK_WINDOW_XDISPLAY(bm.win), win, &sizehints);
+
+ wmhints.initial_state = WithdrawnState;
+- wmhints.icon_window = iconwin;
++ wmhints.icon_window = win;
+ wmhints.icon_x = 0;
+ wmhints.icon_y = 0;
+ wmhints.window_group = win;
+@@ -613,10 +594,8 @@
+
+ bm.pixmap = gdk_pixmap_create_from_xpm_d(bm.win, &(bm.mask), NULL, master_xpm);
+ gdk_window_shape_combine_mask(bm.win, bm.mask, 0, 0);
+- gdk_window_shape_combine_mask(bm.iconwin, bm.mask, 0, 0);
+
+ gdk_window_set_back_pixmap(bm.win, bm.pixmap, False);
+- gdk_window_set_back_pixmap(bm.iconwin, bm.pixmap, False);
+
+ #if 0
+ gdk_window_set_type_hint(bm.win, GDK_WINDOW_TYPE_HINT_DOCK);
+@@ -626,7 +605,6 @@
+ #endif
+
+ icon = gdk_pixmap_create_from_xpm_d(bm.win, NULL, NULL, icon_xpm);
+- gdk_window_set_icon(bm.win, bm.iconwin, icon, NULL);
+
+ gdk_window_show(bm.win);
+
+@@ -721,9 +699,6 @@
+ case 'l':
+ lock = 1;
+ break;
+- case 'b':
+- broken_wm = 1;
+- break;
+ case 'h':
+ default:
+ do_help();
+@@ -766,6 +741,5 @@
+ for (i = 0; i < NFLAMES; i++)
+ fprintf(stderr, "%d:%s ", i + 1, fire[i].text);
+ fprintf(stderr, "\n\t-l\t\t\tlock flame colour and monitor\n");
+- fprintf(stderr, "\t-b\t\t\tactivate broken window manager fix\n");
+ fprintf(stderr, "\t-h\t\t\tprints this help\n");
+ }
+Only in wmfire-1.2.4/src: wmfire.c~
+diff -ur wmfire-1.2.4.old/wmfire.1 wmfire-1.2.4/wmfire.1
+--- wmfire-1.2.4.old/wmfire.1 2017-04-23 14:26:58.449487117 -0400
++++ wmfire-1.2.4/wmfire.1 2017-04-23 14:41:20.697186114 -0400
+@@ -8,7 +8,6 @@
+
+ .SH SYNOPSIS
+ .B wmfire
+-[-b]
+ [-c CPU]
+ [-f COLOUR]
+ [-F FILE]
+@@ -54,9 +53,6 @@
+
+ .SH OPTIONS
+ .TP
+-.B -b
+-Activate broken window manager fix (if grey box diplayed)
+-.TP
+ .B -c [0..3]
+ .br
+ Monitor SMP CPU number X