[arch-commits] Commit in java8-openjfx/trunk (4 files)
Frederik Schwan
freswa at gemini.archlinux.org
Wed Feb 16 23:17:34 UTC 2022
Date: Wednesday, February 16, 2022 @ 23:17:33
Author: freswa
Revision: 437537
incorporate changes sugested by @loqs
* add fix for CVE 2021-3517
* add fix for CVE 2021-3522
* improve compile flag patching
* disable lto for webkit build
* use g++14 for webkit build
* disable compilation of JFR which isn't available in OpenJDK
* remove python2 dep
Added:
java8-openjfx/trunk/java8-openjfx-CVE-2021-3517-fix.patch
java8-openjfx/trunk/java8-openjfx-CVE-2021-3522-fix.patch
java8-openjfx/trunk/java8-openjfx-no-sys-sysctl.patch
Modified:
java8-openjfx/trunk/PKGBUILD
---------------------------------------+
PKGBUILD | 19 +++++++++---
java8-openjfx-CVE-2021-3517-fix.patch | 49 ++++++++++++++++++++++++++++++++
java8-openjfx-CVE-2021-3522-fix.patch | 31 ++++++++++++++++++++
java8-openjfx-no-sys-sysctl.patch | 12 +++++++
4 files changed, 106 insertions(+), 5 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2022-02-16 20:38:50 UTC (rev 437536)
+++ PKGBUILD 2022-02-16 23:17:33 UTC (rev 437537)
@@ -42,17 +42,23 @@
webkit2gtk
)
source=(
- https://hg.openjdk.java.net/openjfx/8u/rt/archive/${pkgver//./}-ga.tar.bz2
+ https://hg.openjdk.java.net/openjfx/8u-dev/rt/archive/${pkgver//./}-ga.tar.bz2
gradle.properties
https://services.gradle.org/distributions/gradle-4.8-bin.zip
java8-openjfx-flags.patch
java8-openjfx-no-xlocale.patch
+ java8-openjfx-no-sys-sysctl.patch
+ java8-openjfx-CVE-2021-3517-fix.patch::https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2.patch
+ java8-openjfx-CVE-2021-3522-fix.patch::https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/8a88e5c1db05ebadfd4569955f6f47c23cdca3c4.patch
)
sha256sums=('12b0538d04c4bd451e4692ee06357ac36233ff4ec2af9fa3b9bbdbab48c3f2fc'
- '75335ac8ccae143ab4dbb81fc32c70d34d95baa360388f55bf2d237e8821ad97'
+ 'd1c2255893e5ec6268d7c92bb6539cde629d325872f26cffb5f1f616c9d5f30d'
'f3e29692a8faa94eb0b02ebf36fa263a642b3ae8694ef806c45c345b8683f1ba'
- '867badaca506f130f918bdc620ae7ae5be8b176fcdfc91fef551b636d6390b19'
- 'b21f6b254acc7aa2124521b6521d3bdfdfcfd9b062624a84ef73608120957d0d')
+ 'ea252a3b1305705c5ce10e42e64a46f7beb1008a20dcd132a798fec16e2cd958'
+ 'b21f6b254acc7aa2124521b6521d3bdfdfcfd9b062624a84ef73608120957d0d'
+ 'cd1a2bd60f636662e4f3334217b3e14f1d51cf30b77b9ca3eff8d030312fd26a'
+ '4db6e995d46f5ab29c4169dab5dbbe367ebd01dee66ef1750abe5cf0c8364d42'
+ '3487eb180fff9866c8b8b08be45f13fa9e8edd04e5719bc867e59b09b81954b4')
prepare() {
cd rt-${pkgver//./}-ga
@@ -60,6 +66,10 @@
ln -sf ../gradle.properties .
patch -Np1 -i ../java8-openjfx-flags.patch
patch -Np1 -i ../java8-openjfx-no-xlocale.patch
+ patch -Np1 -i ../java8-openjfx-no-sys-sysctl.patch
+ # loose match the following patch due to whitespace differences
+ patch -Np1 -l -i "$srcdir"/java8-openjfx-CVE-2021-3517-fix.patch -d modules/web/src/main/native/Source/ThirdParty/libxml/src
+ patch -Np1 -i "$srcdir"/java8-openjfx-CVE-2021-3522-fix.patch -d modules/media/src/main/native/gstreamer/gstreamer-lite/gst-plugins-base
}
build() {
@@ -87,7 +97,6 @@
libx11
libxtst
pango
- python2
qt5-base
ruby
unzip
Added: java8-openjfx-CVE-2021-3517-fix.patch
===================================================================
--- java8-openjfx-CVE-2021-3517-fix.patch (rev 0)
+++ java8-openjfx-CVE-2021-3517-fix.patch 2022-02-16 23:17:33 UTC (rev 437537)
@@ -0,0 +1,49 @@
+From bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2 Mon Sep 17 00:00:00 2001
+From: Joel Hockey <joel.hockey at gmail.com>
+Date: Sun, 16 Aug 2020 17:19:35 -0700
+Subject: [PATCH] Validate UTF8 in xmlEncodeEntities
+
+Code is currently assuming UTF-8 without validating. Truncated UTF-8
+input can cause out-of-bounds array access.
+
+Adds further checks to partial fix in 50f06b3e.
+
+Fixes #178
+---
+ entities.c | 16 +++++++++++++++-
+ 1 file changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/entities.c b/entities.c
+index 37b99a56..1a8f86f0 100644
+--- a/entities.c
++++ b/entities.c
+@@ -704,11 +704,25 @@ xmlEncodeEntitiesInternal(xmlDocPtr doc, const xmlChar *input, int attr) {
+ } else {
+ /*
+ * We assume we have UTF-8 input.
++ * It must match either:
++ * 110xxxxx 10xxxxxx
++ * 1110xxxx 10xxxxxx 10xxxxxx
++ * 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx
++ * That is:
++ * cur[0] is 11xxxxxx
++ * cur[1] is 10xxxxxx
++ * cur[2] is 10xxxxxx if cur[0] is 111xxxxx
++ * cur[3] is 10xxxxxx if cur[0] is 1111xxxx
++ * cur[0] is not 11111xxx
+ */
+ char buf[11], *ptr;
+ int val = 0, l = 1;
+
+- if (*cur < 0xC0) {
++ if (((cur[0] & 0xC0) != 0xC0) ||
++ ((cur[1] & 0xC0) != 0x80) ||
++ (((cur[0] & 0xE0) == 0xE0) && ((cur[2] & 0xC0) != 0x80)) ||
++ (((cur[0] & 0xF0) == 0xF0) && ((cur[3] & 0xC0) != 0x80)) ||
++ (((cur[0] & 0xF8) == 0xF8))) {
+ xmlEntitiesErr(XML_CHECK_NOT_UTF8,
+ "xmlEncodeEntities: input not UTF-8");
+ if (doc != NULL)
+--
+GitLab
+
Added: java8-openjfx-CVE-2021-3522-fix.patch
===================================================================
--- java8-openjfx-CVE-2021-3522-fix.patch (rev 0)
+++ java8-openjfx-CVE-2021-3522-fix.patch 2022-02-16 23:17:33 UTC (rev 437537)
@@ -0,0 +1,31 @@
+From 8a88e5c1db05ebadfd4569955f6f47c23cdca3c4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim-Philipp=20M=C3=BCller?= <tim at centricular.com>
+Date: Wed, 3 Mar 2021 01:08:25 +0000
+Subject: [PATCH] tag: id3v2: fix frame size check and potential invalid reads
+
+Check the right variable when checking if there's
+enough data left to read the frame size.
+
+Closes https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/issues/876
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/merge_requests/1066>
+---
+ gst-libs/gst/tag/id3v2frames.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gst-libs/gst/tag/id3v2frames.c b/gst-libs/gst/tag/id3v2frames.c
+index 8e9f78254..f39659bf7 100644
+--- a/gst-libs/gst/tag/id3v2frames.c
++++ b/gst-libs/gst/tag/id3v2frames.c
+@@ -109,7 +109,7 @@ id3v2_parse_frame (ID3TagsWorking * work)
+
+ if (work->frame_flags & (ID3V2_FRAME_FORMAT_COMPRESSION |
+ ID3V2_FRAME_FORMAT_DATA_LENGTH_INDICATOR)) {
+- if (work->hdr.frame_data_size <= 4)
++ if (frame_data_size <= 4)
+ return FALSE;
+ if (ID3V2_VER_MAJOR (work->hdr.version) == 3) {
+ work->parse_size = GST_READ_UINT32_BE (frame_data);
+--
+GitLab
+
Added: java8-openjfx-no-sys-sysctl.patch
===================================================================
--- java8-openjfx-no-sys-sysctl.patch (rev 0)
+++ java8-openjfx-no-sys-sysctl.patch 2022-02-16 23:17:33 UTC (rev 437537)
@@ -0,0 +1,12 @@
+diff --git a/modules/fxpackager/src/main/native/library/common/PosixPlatform.cpp b/modules/fxpackager/src/main/native/library/common/PosixPlatform.cpp
+index 40f83f25..df39a3c7 100644
+--- a/modules/fxpackager/src/main/native/library/common/PosixPlatform.cpp
++++ b/modules/fxpackager/src/main/native/library/common/PosixPlatform.cpp
+@@ -43,7 +43,6 @@
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <unistd.h>
+-#include <sys/sysctl.h>
+ #include <iostream>
+ #include <dlfcn.h>
+ #include <signal.h>
More information about the arch-commits
mailing list