summaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/ghostscript-CVE-2020-15900.patch36
-rw-r--r--gnu/packages/patches/ghostscript-freetype-compat.patch35
-rw-r--r--gnu/packages/patches/libssh2-CVE-2019-17498.patch126
-rw-r--r--gnu/packages/patches/python-CVE-2020-26116.patch47
-rw-r--r--gnu/packages/patches/qtbase-fix-krita-deadlock.patch110
-rw-r--r--gnu/packages/patches/sbc-fix-build-non-x86.patch17
-rw-r--r--gnu/packages/patches/vlc-qt-5.15.patch56
7 files changed, 317 insertions, 110 deletions
diff --git a/gnu/packages/patches/ghostscript-CVE-2020-15900.patch b/gnu/packages/patches/ghostscript-CVE-2020-15900.patch
new file mode 100644
index 0000000000..b6658d7c7f
--- /dev/null
+++ b/gnu/packages/patches/ghostscript-CVE-2020-15900.patch
@@ -0,0 +1,36 @@
+Fix CVE-2020-15900.
+
+https://cve.circl.lu/cve/CVE-2020-15900
+https://artifex.com/security-advisories/CVE-2020-15900
+
+Taken from upstream:
+https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b
+
+diff --git a/psi/zstring.c b/psi/zstring.c
+--- a/psi/zstring.c
++++ b/psi/zstring.c
+@@ -142,13 +142,18 @@ search_impl(i_ctx_t *i_ctx_p, bool forward)
+ return 0;
+ found:
+ op->tas.type_attrs = op1->tas.type_attrs;
+- op->value.bytes = ptr;
+- r_set_size(op, size);
++ op->value.bytes = ptr; /* match */
++ op->tas.rsize = size; /* match */
+ push(2);
+- op[-1] = *op1;
+- r_set_size(op - 1, ptr - op[-1].value.bytes);
+- op1->value.bytes = ptr + size;
+- r_set_size(op1, count + (!forward ? (size - 1) : 0));
++ op[-1] = *op1; /* pre */
++ op[-3].value.bytes = ptr + size; /* post */
++ if (forward) {
++ op[-1].tas.rsize = ptr - op[-1].value.bytes; /* pre */
++ op[-3].tas.rsize = count; /* post */
++ } else {
++ op[-1].tas.rsize = count; /* pre */
++ op[-3].tas.rsize -= count + size; /* post */
++ }
+ make_true(op);
+ return 0;
+ }
diff --git a/gnu/packages/patches/ghostscript-freetype-compat.patch b/gnu/packages/patches/ghostscript-freetype-compat.patch
new file mode 100644
index 0000000000..cc225b5ad6
--- /dev/null
+++ b/gnu/packages/patches/ghostscript-freetype-compat.patch
@@ -0,0 +1,35 @@
+Fix build with FreeType 2.10.3 and newer.
+
+Taken from upstream:
+https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=41ef9a0bc36b9db7115fbe9623f989bfb47bbade
+
+diff --git a/base/fapi_ft.c b/base/fapi_ft.c
+--- a/base/fapi_ft.c
++++ b/base/fapi_ft.c
+@@ -125,7 +125,7 @@ static void
+ delete_inc_int_info(gs_fapi_server * a_server,
+ FT_IncrementalRec * a_inc_int_info);
+
+-FT_CALLBACK_DEF(void *)
++static void *
+ FF_alloc(FT_Memory memory, long size)
+ {
+ gs_memory_t *mem = (gs_memory_t *) memory->user;
+@@ -133,7 +133,7 @@ FF_alloc(FT_Memory memory, long size)
+ return (gs_malloc(mem, size, 1, "FF_alloc"));
+ }
+
+-FT_CALLBACK_DEF(void *)
++static void *
+ FF_realloc(FT_Memory memory, long cur_size, long new_size, void *block)
+ {
+ gs_memory_t *mem = (gs_memory_t *) memory->user;
+@@ -153,7 +153,7 @@ FT_CALLBACK_DEF(void *)
+ return (tmp);
+ }
+
+-FT_CALLBACK_DEF(void)
++static void
+ FF_free(FT_Memory memory, void *block)
+ {
+ gs_memory_t *mem = (gs_memory_t *) memory->user;
diff --git a/gnu/packages/patches/libssh2-CVE-2019-17498.patch b/gnu/packages/patches/libssh2-CVE-2019-17498.patch
new file mode 100644
index 0000000000..6f69e562e2
--- /dev/null
+++ b/gnu/packages/patches/libssh2-CVE-2019-17498.patch
@@ -0,0 +1,126 @@
+https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c.patch
+
+From dedcbd106f8e52d5586b0205bc7677e4c9868f9c Mon Sep 17 00:00:00 2001
+From: Will Cosgrove <will@panic.com>
+Date: Fri, 30 Aug 2019 09:57:38 -0700
+Subject: [PATCH] packet.c: improve message parsing (#402)
+
+* packet.c: improve parsing of packets
+
+file: packet.c
+
+notes:
+Use _libssh2_get_string API in SSH_MSG_DEBUG/SSH_MSG_DISCONNECT. Additional uint32 bounds check in SSH_MSG_GLOBAL_REQUEST.
+---
+ src/packet.c | 68 ++++++++++++++++++++++------------------------------
+ 1 file changed, 29 insertions(+), 39 deletions(-)
+
+diff --git a/src/packet.c b/src/packet.c
+index 38ab62944..2e01bfc5d 100644
+--- a/src/packet.c
++++ b/src/packet.c
+@@ -419,8 +419,8 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
+ size_t datalen, int macstate)
+ {
+ int rc = 0;
+- char *message = NULL;
+- char *language = NULL;
++ unsigned char *message = NULL;
++ unsigned char *language = NULL;
+ size_t message_len = 0;
+ size_t language_len = 0;
+ LIBSSH2_CHANNEL *channelp = NULL;
+@@ -472,33 +472,23 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
+
+ case SSH_MSG_DISCONNECT:
+ if(datalen >= 5) {
+- size_t reason = _libssh2_ntohu32(data + 1);
++ uint32_t reason = 0;
++ struct string_buf buf;
++ buf.data = (unsigned char *)data;
++ buf.dataptr = buf.data;
++ buf.len = datalen;
++ buf.dataptr++; /* advance past type */
+
+- if(datalen >= 9) {
+- message_len = _libssh2_ntohu32(data + 5);
++ _libssh2_get_u32(&buf, &reason);
++ _libssh2_get_string(&buf, &message, &message_len);
++ _libssh2_get_string(&buf, &language, &language_len);
+
+- if(message_len < datalen-13) {
+- /* 9 = packet_type(1) + reason(4) + message_len(4) */
+- message = (char *) data + 9;
+-
+- language_len =
+- _libssh2_ntohu32(data + 9 + message_len);
+- language = (char *) data + 9 + message_len + 4;
+-
+- if(language_len > (datalen-13-message_len)) {
+- /* bad input, clear info */
+- language = message = NULL;
+- language_len = message_len = 0;
+- }
+- }
+- else
+- /* bad size, clear it */
+- message_len = 0;
+- }
+ if(session->ssh_msg_disconnect) {
+- LIBSSH2_DISCONNECT(session, reason, message,
+- message_len, language, language_len);
++ LIBSSH2_DISCONNECT(session, reason, (const char *)message,
++ message_len, (const char *)language,
++ language_len);
+ }
++
+ _libssh2_debug(session, LIBSSH2_TRACE_TRANS,
+ "Disconnect(%d): %s(%s)", reason,
+ message, language);
+@@ -539,24 +529,24 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
+ int always_display = data[1];
+
+ if(datalen >= 6) {
+- message_len = _libssh2_ntohu32(data + 2);
+-
+- if(message_len <= (datalen - 10)) {
+- /* 6 = packet_type(1) + display(1) + message_len(4) */
+- message = (char *) data + 6;
+- language_len = _libssh2_ntohu32(data + 6 +
+- message_len);
+-
+- if(language_len <= (datalen - 10 - message_len))
+- language = (char *) data + 10 + message_len;
+- }
++ struct string_buf buf;
++ buf.data = (unsigned char *)data;
++ buf.dataptr = buf.data;
++ buf.len = datalen;
++ buf.dataptr += 2; /* advance past type & always display */
++
++ _libssh2_get_string(&buf, &message, &message_len);
++ _libssh2_get_string(&buf, &language, &language_len);
+ }
+
+ if(session->ssh_msg_debug) {
+- LIBSSH2_DEBUG(session, always_display, message,
+- message_len, language, language_len);
++ LIBSSH2_DEBUG(session, always_display,
++ (const char *)message,
++ message_len, (const char *)language,
++ language_len);
+ }
+ }
++
+ /*
+ * _libssh2_debug will actually truncate this for us so
+ * that it's not an inordinate about of data
+@@ -579,7 +569,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
+ uint32_t len = 0;
+ unsigned char want_reply = 0;
+ len = _libssh2_ntohu32(data + 1);
+- if(datalen >= (6 + len)) {
++ if((len <= (UINT_MAX - 6)) && (datalen >= (6 + len))) {
+ want_reply = data[5 + len];
+ _libssh2_debug(session,
+ LIBSSH2_TRACE_CONN,
diff --git a/gnu/packages/patches/python-CVE-2020-26116.patch b/gnu/packages/patches/python-CVE-2020-26116.patch
new file mode 100644
index 0000000000..dc0571e964
--- /dev/null
+++ b/gnu/packages/patches/python-CVE-2020-26116.patch
@@ -0,0 +1,47 @@
+Fix CVE-2020-26116:
+
+https://cve.circl.lu/cve/CVE-2020-26116
+https://bugs.python.org/issue39603
+
+Taken from upstream (sans test and NEWS update):
+https://github.com/python/cpython/commit/668d321476d974c4f51476b33aaca870272523bf
+
+diff --git a/Lib/http/client.py b/Lib/http/client.py
+--- a/Lib/http/client.py
++++ b/Lib/http/client.py
+@@ -147,6 +147,10 @@
+ # _is_allowed_url_pchars_re = re.compile(r"^[/!$&'()*+,;=:@%a-zA-Z0-9._~-]+$")
+ # We are more lenient for assumed real world compatibility purposes.
+
++# These characters are not allowed within HTTP method names
++# to prevent http header injection.
++_contains_disallowed_method_pchar_re = re.compile('[\x00-\x1f]')
++
+ # We always set the Content-Length header for these methods because some
+ # servers will otherwise respond with a 411
+ _METHODS_EXPECTING_BODY = {'PATCH', 'POST', 'PUT'}
+@@ -1087,6 +1091,8 @@ def putrequest(self, method, url, skip_host=False,
+ else:
+ raise CannotSendRequest(self.__state)
+
++ self._validate_method(method)
++
+ # Save the method for use later in the response phase
+ self._method = method
+
+@@ -1177,6 +1183,15 @@ def _encode_request(self, request):
+ # ASCII also helps prevent CVE-2019-9740.
+ return request.encode('ascii')
+
++ def _validate_method(self, method):
++ """Validate a method name for putrequest."""
++ # prevent http header injection
++ match = _contains_disallowed_method_pchar_re.search(method)
++ if match:
++ raise ValueError(
++ f"method can't contain control characters. {method!r} "
++ f"(found at least {match.group()!r})")
++
+ def _validate_path(self, url):
+ """Validate a url for putrequest."""
+ # Prevent CVE-2019-9740.
diff --git a/gnu/packages/patches/qtbase-fix-krita-deadlock.patch b/gnu/packages/patches/qtbase-fix-krita-deadlock.patch
deleted file mode 100644
index d3554be3c9..0000000000
--- a/gnu/packages/patches/qtbase-fix-krita-deadlock.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-Fix a deadlock in Krita:
-
-https://bugreports.qt.io/browse/QTBUG-83207
-
-Patch copied from Qt bug tracker:
-
-https://codereview.qt-project.org/c/qt/qtbase/+/296034
-
-From 276fa8383a7535765be7182883ef4aade17ce013 Mon Sep 17 00:00:00 2001
-From: Thiago Macieira <thiago.macieira@intel.com>
-Date: Thu, 02 Apr 2020 12:08:41 -0300
-Subject: [PATCH] QLibrary: fix deadlock caused by fix to QTBUG-39642
-
-Commit ae6f73e8566fa76470937aca737141183929a5ec inserted a mutex around
-the entire load_sys(). We had reasoed that deadlocks would only occur if
-the object creation in instance() recursed into its own instance(),
-which was already a bug. But we had forgotten that dlopen()/
-LoadLibrary() executes initialization code from the module being loaded,
-which could cause a recursion back into the same QPluginLoader or
-QLibrary object. This recursion is benign because the module *is* loaded
-and dlopen()/LoadLibrary() returns the same handle.
-
-[ChangeLog][QtCore][QLibrary and QPluginLoader] Fixed a deadlock that
-would happen if the plugin or library being loaded has load-time
-initialization code (C++ global variables) that recursed back into the
-same QLibrary or QPluginLoader object.
-
-PS: QLibraryPrivate::loadPlugin() updates pluginState outside a mutex
-lock, so pluginState should be made an atomic variable. Once that is
-done, we'll only need locking the mutex to update errorString (no
-locking before loading).
-
-Fixes: QTBUG-83207
-Task-number: QTBUG-39642
-Change-Id: Ibdc95e9af7bd456a94ecfffd160209304e5ab2eb
-Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
-Reviewed-by: David Faure <david.faure@kdab.com>
----
-
-diff --git a/src/corelib/plugin/qlibrary.cpp b/src/corelib/plugin/qlibrary.cpp
-index ddb053c..be9d92b 100644
---- a/src/corelib/plugin/qlibrary.cpp
-+++ b/src/corelib/plugin/qlibrary.cpp
-@@ -576,9 +576,7 @@
-
- Q_TRACE(QLibraryPrivate_load_entry, fileName);
-
-- mutex.lock();
- bool ret = load_sys();
-- mutex.unlock();
- if (qt_debug_component()) {
- if (ret) {
- qDebug() << "loaded library" << fileName;
-diff --git a/src/corelib/plugin/qlibrary_unix.cpp b/src/corelib/plugin/qlibrary_unix.cpp
-index 017aa97..a5c72f8 100644
---- a/src/corelib/plugin/qlibrary_unix.cpp
-+++ b/src/corelib/plugin/qlibrary_unix.cpp
-@@ -123,6 +123,7 @@
-
- bool QLibraryPrivate::load_sys()
- {
-+ QMutexLocker locker(&mutex);
- QString attempt;
- QFileSystemEntry fsEntry(fileName);
-
-@@ -213,6 +214,7 @@
- }
- #endif
-
-+ locker.unlock();
- bool retry = true;
- Handle hnd = nullptr;
- for (int prefix = 0; retry && !hnd && prefix < prefixes.size(); prefix++) {
-@@ -273,6 +275,8 @@
- }
- }
- #endif
-+
-+ locker.relock();
- if (!hnd) {
- errorString = QLibrary::tr("Cannot load library %1: %2").arg(fileName, qdlerror());
- }
-diff --git a/src/corelib/plugin/qlibrary_win.cpp b/src/corelib/plugin/qlibrary_win.cpp
-index 000bf76..ef58724 100644
---- a/src/corelib/plugin/qlibrary_win.cpp
-+++ b/src/corelib/plugin/qlibrary_win.cpp
-@@ -78,6 +78,7 @@
- // fileName
- //
- // NB If it's a plugin we do not ever try the ".dll" extension
-+ QMutexLocker locker(&mutex);
- QStringList attempts;
-
- if (pluginState != IsAPlugin)
-@@ -95,6 +96,7 @@
- attempts.prepend(QDir::rootPath() + fileName);
- #endif
-
-+ locker.unlock();
- Handle hnd = nullptr;
- for (const QString &attempt : qAsConst(attempts)) {
- #ifndef Q_OS_WINRT
-@@ -115,6 +117,7 @@
- #ifndef Q_OS_WINRT
- SetErrorMode(oldmode);
- #endif
-+ locker.relock();
- if (!hnd) {
- errorString = QLibrary::tr("Cannot load library %1: %2").arg(
- QDir::toNativeSeparators(fileName), qt_error_string());
diff --git a/gnu/packages/patches/sbc-fix-build-non-x86.patch b/gnu/packages/patches/sbc-fix-build-non-x86.patch
new file mode 100644
index 0000000000..56ea916d42
--- /dev/null
+++ b/gnu/packages/patches/sbc-fix-build-non-x86.patch
@@ -0,0 +1,17 @@
+Don't refer to x86-specific function on other architectures to avoid linker error.
+
+Submitted upstream at <https://marc.info/?l=linux-bluetooth&m=160857625608440&w=2>
+
+diff --git a/sbc/sbc_primitives.c b/sbc/sbc_primitives.c
+--- a/sbc/sbc_primitives.c
++++ b/sbc/sbc_primitives.c
+@@ -593,7 +593,9 @@ static int sbc_calc_scalefactors_j(
+
+ static void sbc_init_primitives_x86(struct sbc_encoder_state *state)
+ {
++#if defined(__x86_64__) || defined(__i386__)
+ __builtin_cpu_init();
++#endif
+
+ #ifdef SBC_BUILD_WITH_MMX_SUPPORT
+ if (__builtin_cpu_supports("mmx"))
diff --git a/gnu/packages/patches/vlc-qt-5.15.patch b/gnu/packages/patches/vlc-qt-5.15.patch
new file mode 100644
index 0000000000..e986a99861
--- /dev/null
+++ b/gnu/packages/patches/vlc-qt-5.15.patch
@@ -0,0 +1,56 @@
+Fix build of VLC with Qt 5.15. Otherwise it fails like this:
+
+------
+In file included from gui/qt/util/timetooltip.moc.cpp:10:0:
+gui/qt/util/timetooltip.hpp:49:18: error: field ‘mPainterPath’ has incomplete type ‘QPainterPath’
+ QPainterPath mPainterPath;
+ ^~~~~~~~~~~~
+In file included from /gnu/store/jsxxnsdvij5mrrv6c0kj0261k0f44xlz-qtbase-5.15.2/include/qt5/QtGui/qbrush.h:49:0,
+ from /gnu/store/jsxxnsdvij5mrrv6c0kj0261k0f44xlz-qtbase-5.15.2/include/qt5/QtGui/qpalette.h:46,
+ from /gnu/store/jsxxnsdvij5mrrv6c0kj0261k0f44xlz-qtbase-5.15.2/include/qt5/QtWidgets/qwidget.h:48,
+ from /gnu/store/jsxxnsdvij5mrrv6c0kj0261k0f44xlz-qtbase-5.15.2/include/qt5/QtWidgets/QWidget:1,
+ from gui/qt/util/timetooltip.hpp:27,
+ from gui/qt/util/timetooltip.moc.cpp:10:
+/gnu/store/jsxxnsdvij5mrrv6c0kj0261k0f44xlz-qtbase-5.15.2/include/qt5/QtGui/qmatrix.h:54:7: note: forward declaration of ‘class QPainterPath’
+ class QPainterPath;
+ ^~~~~~~~~~~~
+make[4]: *** [Makefile:25852: gui/qt/util/libqt_plugin_la-timetooltip.moc.lo] Error 1
+------
+
+diff --git a/modules/gui/qt/components/playlist/views.cpp b/modules/gui/qt/components/playlist/views.cpp
+index 24db9d9..73c1779 100644
+--- a/modules/gui/qt/components/playlist/views.cpp
++++ b/modules/gui/qt/components/playlist/views.cpp
+@@ -27,6 +27,7 @@
+ #include "input_manager.hpp" /* THEMIM */
+
+ #include <QPainter>
++#include <QPainterPath>
+ #include <QRect>
+ #include <QStyleOptionViewItem>
+ #include <QFontMetrics>
+diff --git a/modules/gui/qt/dialogs/plugins.cpp b/modules/gui/qt/dialogs/plugins.cpp
+index d233382..69728eb 100644
+--- a/modules/gui/qt/dialogs/plugins.cpp
++++ b/modules/gui/qt/dialogs/plugins.cpp
+@@ -53,6 +53,7 @@
+ #include <QListView>
+ #include <QListWidget>
+ #include <QPainter>
++#include <QPainterPath>
+ #include <QStyleOptionViewItem>
+ #include <QKeyEvent>
+ #include <QPushButton>
+diff --git a/modules/gui/qt/util/timetooltip.hpp b/modules/gui/qt/util/timetooltip.hpp
+index 6a1329e..9f50b18 100644
+--- a/modules/gui/qt/util/timetooltip.hpp
++++ b/modules/gui/qt/util/timetooltip.hpp
+@@ -25,6 +25,7 @@
+ #include "qt.hpp"
+
+ #include <QWidget>
++#include <QPainterPath>
+
+ class TimeTooltip : public QWidget
+ {
+
generated by cgit v1.2.3 (git 2.46.2) at 2024-11-18 02:07:09 +0000