Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 131ff6dd9c8d
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 808d3c6d1238
Choose a head ref
  • 19 commits
  • 24 files changed
  • 13 contributors

Commits on Nov 20, 2019

  1. qt512.qtbase: add patch for CVE-2019-18281

    @KamilaBorowska
    KamilaBorowska committed Nov 20, 2019

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    rnhmjoj Michele Guerini Rocco
    GPG key ID: BFBAF4C975F76450
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    30fc722 View commit details

Commits on Nov 21, 2019

  1. musl: 1.1.2x -> 1.1.24 

    https://www.openwall.com/lists/musl/2019/10/13/5

Apparently 1.1.23 never made it to nixpkgs proper (?!), see:
https://git.musl-libc.org/cgit/musl/commit/?id=b07d45eb01e900f0176894fdedab62285f5cb8be

(sorry I apparently dropped the ball here)

(cherry picked from commit 1263a71)
    @dtzWill @fpletz
    dtzWill authored and fpletz committed Nov 21, 2019

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    rnhmjoj Michele Guerini Rocco
    GPG key ID: BFBAF4C975F76450
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    30843ef View commit details

Commits on Nov 23, 2019

  1. lua-5.3: add patch for CVE-2019-6706 

    Fixes #54799
    Christian Kauhaus committed Nov 23, 2019
    Copy the full SHA
    ea61d48 View commit details

  2. Merge pull request #73978 from ckauhaus/lua-5.3-CVE-2019-6706-r19.09 

    [19.09] lua-5.3: add patch for CVE-2019-6706
    @adisbladis
    adisbladis authored Nov 23, 2019
    Copy the full SHA
    85ee427 View commit details

Commits on Nov 24, 2019

  1. aspell: add patch for CVE-2019-17544 

     (#73999)
    @risicle @c0bw3b
    risicle authored and c0bw3b committed Nov 24, 2019
    Copy the full SHA
    7aa75e5 View commit details

  2. fribidi: add patch for CVE-2019-18397 (#73707) 

    (adjusted cherry-pick from 55b583d)
    @risicle @c0bw3b
    risicle authored and c0bw3b committed Nov 24, 2019
    Copy the full SHA
    a8b7f4b View commit details

Commits on Nov 25, 2019

  1. systemd: v243 -> v243.3 

    (cherry picked from commit d5914d7)
    @andir @lheckemann
    andir authored and lheckemann committed Nov 25, 2019
    Copy the full SHA
    ed967de View commit details

Commits on Nov 27, 2019

  1. apple_sdk: broken link update (#73984) 

    (cherry picked from commit 7233afc)
    @dredozubov @veprbl
    dredozubov authored and veprbl committed Nov 27, 2019
    Copy the full SHA
    7ff5bca View commit details

Commits on Nov 28, 2019

  1. Merge pull request #73805 from xfix/qtbase-cve 

    [r19.09] qt512.qtbase: add patch for CVE-2019-18281
    @globin
    globin authored Nov 28, 2019
    Copy the full SHA
    00c2b2c View commit details

Commits on Dec 1, 2019

  1. Merge release-19.09 into staging-19.09

    @FRidh
    FRidh committed Dec 1, 2019
    Copy the full SHA
    de33cdf View commit details

  2. ghostscript: add patches for CVE-2019-3835 

    context-adjusted patches cribbed from debian's 9.26a~dfsg-0+deb9u6, also
requiring further adjustment of patch for CVE-2019-10216
    @risicle @FRidh
    risicle authored and FRidh committed Dec 1, 2019

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    59ea6fc View commit details

  3. ghostscript: add patches for CVE-2019-3838 

    again, context-adjusted patches cribbed from debian's 9.26a~dfsg-0+deb9u6
    @risicle @FRidh
    risicle authored and FRidh committed Dec 1, 2019
    Copy the full SHA
    4e28989 View commit details

  4. ghostscript: add patch for CVE-2019-14869 

    again, context-adjusted patch cribbed from debian's 9.26a~dfsg-0+deb9u6
    @risicle @FRidh
    risicle authored and FRidh committed Dec 1, 2019
    Copy the full SHA
    0fba5b9 View commit details

Commits on Dec 4, 2019

  1. [19.09] djvulibre: patching multiple CVEs 

    Addresses:

NixOS/nixpkgs#73624
NixOS/nixpkgs#70086
(cherry picked from commit be7e51a)
    @d-goldin
    d-goldin authored and Christian Kauhaus committed Dec 4, 2019
    Copy the full SHA
    5bf1d43 View commit details

  2. Merge pull request #74876 from d-goldin/djvulibre_sec_patches_1909 

    Closes #74876
    Christian Kauhaus committed Dec 4, 2019
    Copy the full SHA
    02fc78a View commit details

  3. Merge branch 'release-19.09' into staging-19.09

    Christian Kauhaus committed Dec 4, 2019
    Copy the full SHA
    0a606ed View commit details

Commits on Dec 7, 2019

  1. gnuplot_qt: Use qt mkDerivation 

    Fixes this error:

gnuplot> plot [-5:5] sin(x)
qt.qpa.plugin: Could not find the Qt platform plugin "xcb" in ""
This application failed to start because no Qt platform plugin could
be initialized. Reinstalling the application may fix this problem.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
(cherry picked from commit c55f484)
    @andersk @worldofpeace
    andersk authored and worldofpeace committed Dec 7, 2019
    Copy the full SHA
    41896c8 View commit details

  2. Merge pull request #73758 from d-goldin/backport_musl_bump 

    [r19.09] musl: 1.1.2x -> 1.1.24 (security)
    @fpletz
    fpletz authored Dec 7, 2019
    Copy the full SHA
    7823b4a View commit details

  3. Merge branch 'staging-19.09' into release-19.09

    @vcunat
    vcunat committed Dec 7, 2019
    Copy the full SHA
    808d3c6 View commit details
72 changes: 72 additions & 0 deletions pkgs/applications/misc/djvulibre/CVE-2019-15142.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
commit 970fb11a296b5bbdc5e8425851253d2c5913c45e
Author: Leon Bottou <leon@bottou.org>
Date: Tue Mar 26 20:36:31 2019 -0400

Fix bug#296

diff --git a/libdjvu/DjVmDir.cpp b/libdjvu/DjVmDir.cpp
index a6a39e0..0a0fac6 100644
--- a/libdjvu/DjVmDir.cpp
+++ b/libdjvu/DjVmDir.cpp
@@ -299,42 +299,44 @@ DjVmDir::decode(const GP<ByteStream> &gstr)
memcpy((char*) strings+strings_size, buffer, length);
}
DEBUG_MSG("size of decompressed names block=" << strings.size() << "\n");
- if (strings[strings.size()-1] != 0)
- {
- int strings_size=strings.size();
- strings.resize(strings_size+1);
- strings[strings_size] = 0;
- }
+ int strings_size=strings.size();
+ strings.resize(strings_size+3);
+ memset((char*) strings+strings_size, 0, 4);

- // Copy names into the files
+ // Copy names into the files
const char * ptr=strings;
for(pos=files_list;pos;++pos)
{
GP<File> file=files_list[pos];
-
+ if (ptr >= (const char*)strings + strings_size)
+ G_THROW( "DjVu document is corrupted (DjVmDir)" );
file->id=ptr;
ptr+=file->id.length()+1;
if (file->flags & File::HAS_NAME)
{
- file->name=ptr;
- ptr+=file->name.length()+1;
- } else
+ file->name=ptr;
+ ptr+=file->name.length()+1;
+ }
+ else
{
file->name=file->id;
}
if (file->flags & File::HAS_TITLE)
{
- file->title=ptr;
- ptr+=file->title.length()+1;
- } else
- file->title=file->id;
- /* msr debug: multipage file, file->title is null.
+ file->title=ptr;
+ ptr+=file->title.length()+1;
+ }
+ else
+ {
+ file->title=file->id;
+ }
+ /* msr debug: multipage file, file->title is null.
DEBUG_MSG(file->name << ", " << file->id << ", " << file->title << ", " <<
file->offset << ", " << file->size << ", " <<
file->is_page() << "\n"); */
}

- // Check that there is only one file with SHARED_ANNO flag on
+ // Check that there is only one file with SHARED_ANNO flag on
int shared_anno_cnt=0;
for(pos=files_list;pos;++pos)
{
39 changes: 39 additions & 0 deletions pkgs/applications/misc/djvulibre/CVE-2019-15143.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
commit b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f
Author: Leon Bottou <leon@bottou.org>
Date: Tue Mar 26 20:45:46 2019 -0400

fix for bug #297

diff --git a/libdjvu/DjVmDir.cpp b/libdjvu/DjVmDir.cpp
index 0a0fac6..5a49015 100644
--- a/libdjvu/DjVmDir.cpp
+++ b/libdjvu/DjVmDir.cpp
@@ -309,7 +309,7 @@ DjVmDir::decode(const GP<ByteStream> &gstr)
{
GP<File> file=files_list[pos];
if (ptr >= (const char*)strings + strings_size)
- G_THROW( "DjVu document is corrupted (DjVmDir)" );
+ G_THROW( ByteStream::EndOfFile );
file->id=ptr;
ptr+=file->id.length()+1;
if (file->flags & File::HAS_NAME)
diff --git a/libdjvu/GBitmap.cpp b/libdjvu/GBitmap.cpp
index 0e487f0..c2fdbe4 100644
--- a/libdjvu/GBitmap.cpp
+++ b/libdjvu/GBitmap.cpp
@@ -890,11 +890,13 @@ GBitmap::read_rle_raw(ByteStream &bs)
int c = 0;
while (n >= 0)
{
- bs.read(&h, 1);
+ if (bs.read(&h, 1) <= 0)
+ G_THROW( ByteStream::EndOfFile );
int x = h;
if (x >= (int)RUNOVERFLOWVALUE)
{
- bs.read(&h, 1);
+ if (bs.read(&h, 1) <= 0)
+ G_THROW( ByteStream::EndOfFile );
x = h + ((x - (int)RUNOVERFLOWVALUE) << 8);
}
if (c+x > ncolumns)
111 changes: 111 additions & 0 deletions pkgs/applications/misc/djvulibre/CVE-2019-15144.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,111 @@
commit e15d51510048927f172f1bf1f27ede65907d940d
Author: Leon Bottou <leon@bottou.org>
Date: Mon Apr 8 22:25:55 2019 -0400

bug 299 fixed

diff --git a/libdjvu/GContainer.h b/libdjvu/GContainer.h
index 96b067c..0140211 100644
--- a/libdjvu/GContainer.h
+++ b/libdjvu/GContainer.h
@@ -550,52 +550,61 @@ public:
template <class TYPE> void
GArrayTemplate<TYPE>::sort(int lo, int hi)
{
- if (hi <= lo)
- return;
- if (hi > hibound || lo<lobound)
- G_THROW( ERR_MSG("GContainer.illegal_subscript") );
TYPE *data = (TYPE*)(*this);
- // Test for insertion sort
- if (hi <= lo + 50)
+ while(true)
{
- for (int i=lo+1; i<=hi; i++)
+ if (hi <= lo)
+ return;
+ if (hi > hibound || lo<lobound)
+ G_THROW( ERR_MSG("GContainer.illegal_subscript") );
+ // Test for insertion sort
+ if (hi <= lo + 50)
{
- int j = i;
- TYPE tmp = data[i];
- while ((--j>=lo) && !(data[j]<=tmp))
- data[j+1] = data[j];
- data[j+1] = tmp;
+ for (int i=lo+1; i<=hi; i++)
+ {
+ int j = i;
+ TYPE tmp = data[i];
+ while ((--j>=lo) && !(data[j]<=tmp))
+ data[j+1] = data[j];
+ data[j+1] = tmp;
+ }
+ return;
}
- return;
- }
- // -- determine suitable quick-sort pivot
- TYPE tmp = data[lo];
- TYPE pivot = data[(lo+hi)/2];
- if (pivot <= tmp)
- { tmp = pivot; pivot=data[lo]; }
- if (data[hi] <= tmp)
- { pivot = tmp; }
- else if (data[hi] <= pivot)
- { pivot = data[hi]; }
- // -- partition set
- int h = hi;
- int l = lo;
- while (l < h)
- {
- while (! (pivot <= data[l])) l++;
- while (! (data[h] <= pivot)) h--;
- if (l < h)
+ // -- determine median-of-three pivot
+ TYPE tmp = data[lo];
+ TYPE pivot = data[(lo+hi)/2];
+ if (pivot <= tmp)
+ { tmp = pivot; pivot=data[lo]; }
+ if (data[hi] <= tmp)
+ { pivot = tmp; }
+ else if (data[hi] <= pivot)
+ { pivot = data[hi]; }
+ // -- partition set
+ int h = hi;
+ int l = lo;
+ while (l < h)
{
- tmp = data[l];
- data[l] = data[h];
- data[h] = tmp;
- l = l+1;
- h = h-1;
+ while (! (pivot <= data[l])) l++;
+ while (! (data[h] <= pivot)) h--;
+ if (l < h)
+ {
+ tmp = data[l];
+ data[l] = data[h];
+ data[h] = tmp;
+ l = l+1;
+ h = h-1;
+ }
+ }
+ // -- recurse, small partition first
+ // tail-recursion elimination
+ if (h - lo <= hi - l) {
+ sort(lo,h);
+ lo = l; // sort(l,hi)
+ } else {
+ sort(l,hi);
+ hi = h; // sort(lo,h)
}
}
- // -- recursively restart
- sort(lo, h);
- sort(l, hi);
}

template<class TYPE> inline TYPE&
28 changes: 28 additions & 0 deletions pkgs/applications/misc/djvulibre/CVE-2019-15145.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
commit 9658b01431cd7ff6344d7787f855179e73fe81a7
Author: Leon Bottou <leon@bottou.org>
Date: Mon Apr 8 22:55:38 2019 -0400

fix bug #298

diff --git a/libdjvu/GBitmap.h b/libdjvu/GBitmap.h
index e8e0c9b..ca89a19 100644
--- a/libdjvu/GBitmap.h
+++ b/libdjvu/GBitmap.h
@@ -566,7 +566,7 @@ GBitmap::operator[](int row)
{
if (!bytes)
uncompress();
- if (row<0 || row>=nrows) {
+ if (row<0 || row>=nrows || !bytes) {
#ifndef NDEBUG
if (zerosize < bytes_per_row + border)
G_THROW( ERR_MSG("GBitmap.zero_small") );
@@ -581,7 +581,7 @@ GBitmap::operator[](int row) const
{
if (!bytes)
((GBitmap*)this)->uncompress();
- if (row<0 || row>=nrows) {
+ if (row<0 || row>=nrows || !bytes) {
#ifndef NDEBUG
if (zerosize < bytes_per_row + border)
G_THROW( ERR_MSG("GBitmap.zero_small") );
32 changes: 32 additions & 0 deletions pkgs/applications/misc/djvulibre/CVE-2019-18804.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
commit c8bec6549c10ffaa2f2fbad8bbc629efdf0dd125
Author: Leon Bottou <leon@bottou.org>
Date: Thu Oct 17 22:20:31 2019 -0400

Fixed bug 309

diff --git a/libdjvu/IW44EncodeCodec.cpp b/libdjvu/IW44EncodeCodec.cpp
index 00752a0..f81eaeb 100644
--- a/libdjvu/IW44EncodeCodec.cpp
+++ b/libdjvu/IW44EncodeCodec.cpp
@@ -405,7 +405,7 @@ filter_fv(short *p, int w, int h, int rowsize, int scale)
int y = 0;
int s = scale*rowsize;
int s3 = s+s+s;
- h = ((h-1)/scale)+1;
+ h = (h>0) ? ((h-1)/scale)+1 : 0;
y += 1;
p += s;
while (y-3 < h)
diff --git a/tools/ddjvu.cpp b/tools/ddjvu.cpp
index 6d0df3b..7109952 100644
--- a/tools/ddjvu.cpp
+++ b/tools/ddjvu.cpp
@@ -279,7 +279,7 @@ render(ddjvu_page_t *page, int pageno)
prect.h = (ih * 100) / dpi;
}
/* Process aspect ratio */
- if (flag_aspect <= 0)
+ if (flag_aspect <= 0 && iw>0 && ih>0)
{
double dw = (double)iw / prect.w;
double dh = (double)ih / prect.h;
11 changes: 11 additions & 0 deletions pkgs/applications/misc/djvulibre/default.nix
View file
Original file line number Diff line number Diff line change
@@ -12,6 +12,17 @@ stdenv.mkDerivation rec {

buildInputs = [ libjpeg libtiff librsvg libiconv ];

patches = [
./CVE-2019-18804.patch
# This one is needed to make the following
# two CVE patches apply cleanly
./fix_hongfuzz_crash.patch
./CVE-2019-15142.patch
./CVE-2019-15143.patch
./CVE-2019-15144.patch
./CVE-2019-15145.patch
];

meta = with stdenv.lib; {
description = "A library and viewer for the DJVU file format for scanned images";
homepage = http://djvu.sourceforge.net;
51 changes: 51 additions & 0 deletions pkgs/applications/misc/djvulibre/fix_hongfuzz_crash.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
commit 89d71b01d606e57ecec2c2930c145bb20ba5bbe3
Author: Leon Bottou <leon@bottou.org>
Date: Fri Jul 13 08:46:22 2018 -0400

fix hongfuzz crash.

diff --git a/libdjvu/DjVmDir.cpp b/libdjvu/DjVmDir.cpp
index d322323..a6a39e0 100644
--- a/libdjvu/DjVmDir.cpp
+++ b/libdjvu/DjVmDir.cpp
@@ -299,7 +299,13 @@ DjVmDir::decode(const GP<ByteStream> &gstr)
memcpy((char*) strings+strings_size, buffer, length);
}
DEBUG_MSG("size of decompressed names block=" << strings.size() << "\n");
-
+ if (strings[strings.size()-1] != 0)
+ {
+ int strings_size=strings.size();
+ strings.resize(strings_size+1);
+ strings[strings_size] = 0;
+ }
+
// Copy names into the files
const char * ptr=strings;
for(pos=files_list;pos;++pos)
diff --git a/libdjvu/miniexp.cpp b/libdjvu/miniexp.cpp
index 6a5cd90..828addc 100644
--- a/libdjvu/miniexp.cpp
+++ b/libdjvu/miniexp.cpp
@@ -1065,7 +1065,7 @@ print_c_string(const char *s, char *d, int flags, size_t len)
c = (unsigned char)(*s++);
if (char_quoted(c, flags))
{
- char buffer[10];
+ char buffer[16]; /* 10+1 */
static const char *tr1 = "\"\\tnrbf";
static const char *tr2 = "\"\\\t\n\r\b\f";
buffer[0] = buffer[1] = 0;
diff --git a/tools/csepdjvu.cpp b/tools/csepdjvu.cpp
index 7ed13ad..fab9472 100644
--- a/tools/csepdjvu.cpp
+++ b/tools/csepdjvu.cpp
@@ -1834,7 +1834,7 @@ main(int argc, const char **argv)
ByteStream::create(GURL::Filename::UTF8(arg),"rb");
BufferByteStream ibs(*fbs);
do {
- char pagename[16];
+ char pagename[20];
sprintf(pagename, "p%04d.djvu", ++pageno);
if (opts.verbose > 1)
DjVuPrintErrorUTF8("%s","--------------------\n");
13 changes: 11 additions & 2 deletions pkgs/development/interpreters/lua-5/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# similar to interpreters/python/default.nix
{ stdenv, lib, callPackage, fetchurl }:
{ stdenv, lib, callPackage, fetchurl, fetchpatch }:
let
dsoPatch51 = fetchurl {
url = "https://projects.archlinux.org/svntogit/packages.git/plain/trunk/lua-arch.patch?h=packages/lua51";
@@ -13,12 +13,21 @@ let
name = "lua-arch.patch";
};

CVE_2019_6706 = fetchpatch {
url = "https://gitlab.alpinelinux.org/alpine/aports/raw/7ad58d2fec12ba6086e2774460d4bfe9e91471a9/main/lua5.3/CVE-2019-6706-use-after-free-lua_upvaluejoin.patch";
sha256 = "11pqpwiydaw2nyjj30rn3k61apy6c4f4f5ahnnk69a9mmxig1nnc";
name = "CVE-2019-6706.patch";
};

in rec {

lua5_3 = callPackage ./interpreter.nix {
sourceVersion = { major = "5"; minor = "3"; patch = "5"; };
hash = "0c2eed3f960446e1a3e4b9a1ca2f3ff893b6ce41942cf54d5dd59ab4b3b058ac";
patches = lib.optionals stdenv.isDarwin [ ./5.2.darwin.patch ] ;
patches =
lib.optionals stdenv.isDarwin [ ./5.2.darwin.patch ] ++ [
CVE_2019_6706
];
postConfigure = lib.optionalString (!stdenv.isDarwin) ''
cat ${./lua-5.3-dso.make} >> src/Makefile
sed -e 's/ALL_T *= */& $(LUA_SO)/' -i src/Makefile
5 changes: 5 additions & 0 deletions pkgs/development/libraries/aspell/default.nix
View file
Original file line number Diff line number Diff line change
@@ -28,6 +28,11 @@ stdenv.mkDerivation rec {
url = "https://github.com/GNUAspell/aspell/commit/8089fa02122fed0a.diff";
sha256 = "1b3p1zy2lqr2fknddckm58hyk95hw4scf6hzjny1v9iaic2p37ix";
})
(fetchpatch {
name = "CVE-2019-17544.patch";
url = "https://github.com/GNUAspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e.patch";
sha256 = "0k5dnh8gcb7chnyx7jgkksqmz2hm05hmrvcd0znsfib975pvp4rg";
})
] ++ stdenv.lib.optional searchNixProfiles ./data-dirs-from-nix-profiles.patch;

postPatch = ''
Loading