[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/01: gnu: links: Fix-CVE-2017-11114.
|
From: |
Leo Famulari |
|
Subject: |
01/01: gnu: links: Fix-CVE-2017-11114. |
|
Date: |
Wed, 20 Dec 2017 20:09:30 -0500 (EST) |
lfam pushed a commit to branch master
in repository guix.
commit dacd8cf2e8ac4adc25f6e2306a30849295dbb291
Author: Leo Famulari <address@hidden>
Date: Wed Dec 20 20:06:14 2017 -0500
gnu: links: Fix-CVE-2017-11114.
* gnu/packages/patches/links-CVE-2017-11114.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/web-browsers.scm (links)[source]: Use it.
---
gnu/local.mk | 1 +
gnu/packages/patches/links-CVE-2017-11114.patch | 99 +++++++++++++++++++++++++
gnu/packages/web-browsers.scm | 1 +
3 files changed, 101 insertions(+)
diff --git a/gnu/local.mk b/gnu/local.mk
index efb91fd..f583a61 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -855,6 +855,7 @@ dist_patch_DATA =
\
%D%/packages/patches/lierolibre-newer-libconfig.patch \
%D%/packages/patches/lierolibre-remove-arch-warning.patch \
%D%/packages/patches/lierolibre-try-building-other-arch.patch \
+ %D%/packages/patches/links-CVE-2017-11114.patch \
%D%/packages/patches/linux-pam-no-setfsuid.patch \
%D%/packages/patches/lirc-localstatedir.patch \
%D%/packages/patches/llvm-3.5-fix-clang-build-with-gcc5.patch \
diff --git a/gnu/packages/patches/links-CVE-2017-11114.patch
b/gnu/packages/patches/links-CVE-2017-11114.patch
new file mode 100644
index 0000000..c5ac988
--- /dev/null
+++ b/gnu/packages/patches/links-CVE-2017-11114.patch
@@ -0,0 +1,99 @@
+Fix CVE-2017-11114:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11114
+http://seclists.org/fulldisclosure/2017/Jul/76
+
+Patch copied from Debian:
+
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870299#12
+
+Origin: upstream, commit: fee5dca79a93a37024e494b985386a5fe60bc1b7
+Origin: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870299#12
+Author: Mikulas Patocka <address@hidden>
+Date: Wed Aug 2 20:13:29 2017 +0200
+Subject: Fix read out of memory in case of corrupted UTF-8 data
+
+---
+ charsets.c | 37 +------------------------------------
+ links.h | 9 ++++-----
+ 2 files changed, 5 insertions(+), 41 deletions(-)
+
+Index: links-2.14/charsets.c
+===================================================================
+--- links-2.14.orig/charsets.c
++++ links-2.14/charsets.c
+@@ -215,41 +215,6 @@ static struct conv_table *get_translatio
+ return utf_table;
+ }
+
+-unsigned short int utf8_2_uni_table[0x200] = {
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 128, 0, 0, 0, 192, 0,
+- 0, 0, 256, 0, 0, 0, 320, 0, 0, 0, 384, 0, 0, 0, 448, 0,
+- 0, 0, 512, 0, 0, 0, 576, 0, 0, 0, 640, 0, 0, 0, 704, 0,
+- 0, 0, 768, 0, 0, 0, 832, 0, 0, 0, 896, 0, 0, 0, 960, 0,
+- 0, 0, 1024, 0, 0, 0, 1088, 0, 0, 0, 1152, 0, 0, 0, 1216, 0,
+- 0, 0, 1280, 0, 0, 0, 1344, 0, 0, 0, 1408, 0, 0, 0, 1472, 0,
+- 0, 0, 1536, 0, 0, 0, 1600, 0, 0, 0, 1664, 0, 0, 0, 1728, 0,
+- 0, 0, 1792, 0, 0, 0, 1856, 0, 0, 0, 1920, 0, 0, 0, 1984, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+-};
+-
+ unsigned char utf_8_1[256] = {
+ 6, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
+ 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
+@@ -269,7 +234,7 @@ unsigned char utf_8_1[256] = {
+ 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 6, 6,
+ };
+
+-static_const unsigned min_utf_8[9] = {
++static_const unsigned min_utf_8[8] = {
+ 0, 0x4000000, 0x200000, 0x10000, 0x800, 0x80, 0x100, 0x1,
+ };
+
+Index: links-2.14/links.h
+===================================================================
+--- links-2.14.orig/links.h
++++ links-2.14/links.h
+@@ -3906,15 +3906,14 @@ unsigned char *cp_strchr(int charset, un
+ void init_charset(void);
+
+ unsigned get_utf_8(unsigned char **p);
+-extern unsigned short int utf8_2_uni_table[0x200];
+ #define GET_UTF_8(s, c)
\
+ do { \
+ if ((unsigned char)(s)[0] < 0x80) \
+ (c) = (s)++[0]; \
+- else if (((c) = utf8_2_uni_table[((unsigned char)(s)[0] << 2) + \
+- ((unsigned char)(s)[1] >> 6) - 0x200])) \
+- (c) += (unsigned char)(s)[1] & 0x3f, (s) += 2; \
+- else \
++ else if ((unsigned char)(s)[0] >= 0xc2 && (unsigned char)(s)[0] < 0xe0
&&\
++ ((unsigned char)(s)[1] & 0xc0) == 0x80) { \
++ (c) = (unsigned char)(s)[0] * 0x40 + (unsigned char)(s)[1], (c)
-= 0x3080, (s) += 2;\
++ } else \
+ (c) = get_utf_8(&(s)); \
+ } while (0)
+ #define FWD_UTF_8(s) \
diff --git a/gnu/packages/web-browsers.scm b/gnu/packages/web-browsers.scm
index 385147c..95d2878 100644
--- a/gnu/packages/web-browsers.scm
+++ b/gnu/packages/web-browsers.scm
@@ -83,6 +83,7 @@ older or slower computers and embedded systems.")
(method url-fetch)
(uri (string-append "http://links.twibright.com/download/";
name "-" version ".tar.bz2"))
+ (patches (search-patches "links-CVE-2017-11114.patch"))
(sha256
(base32
"1f24y83wa1vzzjq5kp857gjqdpnmf8pb29yw7fam0m8wxxw0c3gp"))))