nixo
/
guix-devel
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

gnu: Delete unused patches. 

* gnu/packages/patches/icu4c-CVE-2014-6585.patch,
gnu/packages/patches/icu4c-CVE-2015-1270.patch,
gnu/packages/patches/icu4c-CVE-2015-4760.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
This commit is contained in:
Leo Famulari 2017-04-19 19:10:53 -04:00
parent e1444afa2d
commit 90d118cab6
No known key found for this signature in database
GPG Key ID: 2646FA30BACA7F08
4 changed files with 0 additions and 228 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
gnu/local.mk
View File

@ -657,9 +657,6 @@ dist_patch_DATA = \
%D%/packages/patches/hypre-ldflags.patch \
%D%/packages/patches/icecat-avoid-bundled-libraries.patch \
%D%/packages/patches/icecat-binutils.patch \
%D%/packages/patches/icu4c-CVE-2014-6585.patch \
%D%/packages/patches/icu4c-CVE-2015-1270.patch \
%D%/packages/patches/icu4c-CVE-2015-4760.patch \
%D%/packages/patches/icu4c-reset-keyword-list-iterator.patch \
%D%/packages/patches/id3lib-CVE-2007-4460.patch \
%D%/packages/patches/ilmbase-fix-tests.patch \

21
gnu/packages/patches/icu4c-CVE-2014-6585.patch
View File

@ -1,21 +0,0 @@
Copied from Debian.
description: out-of-bounds read
origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6585
--- a/source/layout/LETableReference.h
+++ b/source/layout/LETableReference.h
@@ -322,7 +322,12 @@ LE_TRACE_TR("INFO: new RTAO")
}
const T& operator()(le_uint32 i, LEErrorCode &success) const {
- return *getAlias(i,success);
+ const T *ret = getAlias(i,success);
+ if (LE_FAILURE(success) || ret==NULL) {
+ return *(new T());
+ } else {
+ return *ret;
+ }
}
size_t getOffsetFor(le_uint32 i, LEErrorCode &success) const {

15
gnu/packages/patches/icu4c-CVE-2015-1270.patch
View File

@ -1,15 +0,0 @@
Copied from Debian.
diff --git a/source/common/ucnv_io.cpp b/source/common/ucnv_io.cpp
index 5dd35d8..4424664 100644
--- a/source/common/ucnv_io.cpp
+++ b/source/common/ucnv_io.cpp
@@ -744,7 +744,7 @@ ucnv_io_getConverterName(const char *alias, UBool *containsOption, UErrorCode *p
* the name begins with 'x-'. If it does, strip it off and try
* again. This behaviour is similar to how ICU4J does it.
*/
- if (aliasTmp[0] == 'x' || aliasTmp[1] == '-') {
+ if (aliasTmp[0] == 'x' && aliasTmp[1] == '-') {
aliasTmp = aliasTmp+2;
} else {
break;

189
gnu/packages/patches/icu4c-CVE-2015-4760.patch
View File

@ -1,189 +0,0 @@
Copied from Debian.
Description: missing boundary checks in layout engine
It was discovered that ICU Layout Engine was missing multiple boundary checks.
These could lead to buffer overflows and memory corruption. A specially
crafted file could cause an application using ICU to parse untrusted font
files to crash and, possibly, execute arbitrary code.
Author: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Origin: upstream, http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/3f9845510b47
Reviewed-By: srl, bae, mschoene
Forwarded: not-needed
Last-Update: 2015-07-30
---
--- icu-52.1.orig/source/layout/ContextualGlyphInsertionProc2.cpp
+++ icu-52.1/source/layout/ContextualGlyphInsertionProc2.cpp
@@ -82,6 +82,10 @@ le_uint16 ContextualGlyphInsertionProces
le_int16 markIndex = SWAPW(entry->markedInsertionListIndex);
if (markIndex > 0) {
+ if (markGlyph < 0 || markGlyph >= glyphStorage.getGlyphCount()) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ return 0;
+ }
le_int16 count = (flags & cgiMarkedInsertCountMask) >> 5;
le_bool isKashidaLike = (flags & cgiMarkedIsKashidaLike);
le_bool isBefore = (flags & cgiMarkInsertBefore);
@@ -90,6 +94,10 @@ le_uint16 ContextualGlyphInsertionProces
le_int16 currIndex = SWAPW(entry->currentInsertionListIndex);
if (currIndex > 0) {
+ if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ return 0;
+ }
le_int16 count = flags & cgiCurrentInsertCountMask;
le_bool isKashidaLike = (flags & cgiCurrentIsKashidaLike);
le_bool isBefore = (flags & cgiCurrentInsertBefore);
--- icu-52.1.orig/source/layout/ContextualGlyphSubstProc.cpp
+++ icu-52.1/source/layout/ContextualGlyphSubstProc.cpp
@@ -51,6 +51,10 @@ ByteOffset ContextualGlyphSubstitutionPr
WordOffset currOffset = SWAPW(entry->currOffset);
if (markOffset != 0 && LE_SUCCESS(success)) {
+ if (markGlyph < 0 || markGlyph >= glyphStorage.getGlyphCount()) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ return 0;
+ }
LEGlyphID mGlyph = glyphStorage[markGlyph];
TTGlyphID newGlyph = SWAPW(int16Table.getObject(markOffset + LE_GET_GLYPH(mGlyph), success)); // whew.
@@ -58,6 +62,10 @@ ByteOffset ContextualGlyphSubstitutionPr
}
if (currOffset != 0) {
+ if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ return 0;
+ }
LEGlyphID thisGlyph = glyphStorage[currGlyph];
TTGlyphID newGlyph = SWAPW(int16Table.getObject(currOffset + LE_GET_GLYPH(thisGlyph), success)); // whew.
--- icu-52.1.orig/source/layout/ContextualGlyphSubstProc2.cpp
+++ icu-52.1/source/layout/ContextualGlyphSubstProc2.cpp
@@ -45,17 +45,25 @@ le_uint16 ContextualGlyphSubstitutionPro
if(LE_FAILURE(success)) return 0;
le_uint16 newState = SWAPW(entry->newStateIndex);
le_uint16 flags = SWAPW(entry->flags);
- le_int16 markIndex = SWAPW(entry->markIndex);
- le_int16 currIndex = SWAPW(entry->currIndex);
+ le_uint16 markIndex = SWAPW(entry->markIndex);
+ le_uint16 currIndex = SWAPW(entry->currIndex);
- if (markIndex != -1) {
+ if (markIndex != 0x0FFFF) {
+ if (markGlyph < 0 || markGlyph >= glyphStorage.getGlyphCount()) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ return 0;
+ }
le_uint32 offset = SWAPL(perGlyphTable(markIndex, success));
LEGlyphID mGlyph = glyphStorage[markGlyph];
TTGlyphID newGlyph = lookup(offset, mGlyph, success);
glyphStorage[markGlyph] = LE_SET_GLYPH(mGlyph, newGlyph);
}
- if (currIndex != -1) {
+ if (currIndex != 0x0FFFF) {
+ if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ return 0;
+ }
le_uint32 offset = SWAPL(perGlyphTable(currIndex, success));
LEGlyphID thisGlyph = glyphStorage[currGlyph];
TTGlyphID newGlyph = lookup(offset, thisGlyph, success);
--- icu-52.1.orig/source/layout/IndicRearrangementProcessor.cpp
+++ icu-52.1/source/layout/IndicRearrangementProcessor.cpp
@@ -45,6 +45,11 @@ ByteOffset IndicRearrangementProcessor::
ByteOffset newState = SWAPW(entry->newStateOffset);
IndicRearrangementFlags flags = (IndicRearrangementFlags) SWAPW(entry->flags);
+ if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ return 0;
+ }
+
if (flags & irfMarkFirst) {
firstGlyph = currGlyph;
}
--- icu-52.1.orig/source/layout/IndicRearrangementProcessor2.cpp
+++ icu-52.1/source/layout/IndicRearrangementProcessor2.cpp
@@ -43,6 +43,11 @@ le_uint16 IndicRearrangementProcessor2::
le_uint16 newState = SWAPW(entry->newStateIndex); // index to the new state
IndicRearrangementFlags flags = (IndicRearrangementFlags) SWAPW(entry->flags);
+ if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ return 0;
+ }
+
if (flags & irfMarkFirst) {
firstGlyph = currGlyph;
}
--- icu-52.1.orig/source/layout/LigatureSubstProc.cpp
+++ icu-52.1/source/layout/LigatureSubstProc.cpp
@@ -48,7 +48,7 @@ ByteOffset LigatureSubstitutionProcessor
const LigatureSubstitutionStateEntry *entry = entryTable.getAlias(index, success);
ByteOffset newState = SWAPW(entry->newStateOffset);
- le_int16 flags = SWAPW(entry->flags);
+ le_uint16 flags = SWAPW(entry->flags);
if (flags & lsfSetComponent) {
if (++m >= nComponents) {
--- icu-52.1.orig/source/layout/StateTableProcessor.cpp
+++ icu-52.1/source/layout/StateTableProcessor.cpp
@@ -60,6 +60,7 @@ void StateTableProcessor::process(LEGlyp
if (currGlyph == glyphCount) {
// XXX: How do we handle EOT vs. EOL?
classCode = classCodeEOT;
+ break;
} else {
TTGlyphID glyphCode = (TTGlyphID) LE_GET_GLYPH(glyphStorage[currGlyph]);
--- icu-52.1.orig/source/layout/StateTableProcessor2.cpp
+++ icu-52.1/source/layout/StateTableProcessor2.cpp
@@ -78,6 +78,7 @@ void StateTableProcessor2::process(LEGly
if (currGlyph == glyphCount || currGlyph == -1) {
// XXX: How do we handle EOT vs. EOL?
classCode = classCodeEOT;
+ break;
} else {
LEGlyphID gid = glyphStorage[currGlyph];
TTGlyphID glyphCode = (TTGlyphID) LE_GET_GLYPH(gid);
@@ -109,6 +110,7 @@ void StateTableProcessor2::process(LEGly
if (currGlyph == glyphCount || currGlyph == -1) {
// XXX: How do we handle EOT vs. EOL?
classCode = classCodeEOT;
+ break;
} else {
LEGlyphID gid = glyphStorage[currGlyph];
TTGlyphID glyphCode = (TTGlyphID) LE_GET_GLYPH(gid);
@@ -146,6 +148,7 @@ void StateTableProcessor2::process(LEGly
if (currGlyph == glyphCount || currGlyph == -1) {
// XXX: How do we handle EOT vs. EOL?
classCode = classCodeEOT;
+ break;
} else if(currGlyph > glyphCount) {
// note if > glyphCount, we've run off the end (bad font)
currGlyph = glyphCount;
@@ -186,6 +189,7 @@ void StateTableProcessor2::process(LEGly
if (currGlyph == glyphCount || currGlyph == -1) {
// XXX: How do we handle EOT vs. EOL?
classCode = classCodeEOT;
+ break;
} else {
TTGlyphID glyphCode = (TTGlyphID) LE_GET_GLYPH(glyphStorage[currGlyph]);
if (glyphCode == 0xFFFF) {
--- icu-52.1.orig/source/layout/StateTables.h
+++ icu-52.1/source/layout/StateTables.h
@@ -101,7 +101,7 @@ typedef le_uint8 EntryTableIndex;
struct StateEntry
{
ByteOffset newStateOffset;
- le_int16 flags;
+ le_uint16 flags;
};
typedef le_uint16 EntryTableIndex2;