-
-
Notifications
You must be signed in to change notification settings - Fork 12.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch release-19.03 into staging-19.03
- Loading branch information
Showing
45 changed files
with
404 additions
and
168 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
95 changes: 95 additions & 0 deletions
95
pkgs/applications/misc/k2pdfopt/leptonica-CVE-2018-3836.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,95 @@ | ||
--- a/src/allheaders.h | ||
+++ b/src/allheaders.h | ||
@@ -2600,6 +2600,7 @@ | ||
LEPT_DLL extern char * stringReverse ( const char *src ); | ||
LEPT_DLL extern char * strtokSafe ( char *cstr, const char *seps, char **psaveptr ); | ||
LEPT_DLL extern l_int32 stringSplitOnToken ( char *cstr, const char *seps, char **phead, char **ptail ); | ||
+LEPT_DLL extern l_int32 stringCheckForChars ( const char *src, const char *chars, l_int32 *pfound ); | ||
LEPT_DLL extern char * stringRemoveChars ( const char *src, const char *remchars ); | ||
LEPT_DLL extern l_int32 stringFindSubstr ( const char *src, const char *sub, l_int32 *ploc ); | ||
LEPT_DLL extern char * stringReplaceSubstr ( const char *src, const char *sub1, const char *sub2, l_int32 *pfound, l_int32 *ploc ); | ||
--- a/src/gplot.c | ||
+++ b/src/gplot.c | ||
@@ -141,9 +141,10 @@ | ||
const char *xlabel, | ||
const char *ylabel) | ||
{ | ||
-char *newroot; | ||
-char buf[L_BUF_SIZE]; | ||
-GPLOT *gplot; | ||
+char *newroot; | ||
+char buf[L_BUF_SIZE]; | ||
+l_int32 badchar; | ||
+GPLOT *gplot; | ||
|
||
PROCNAME("gplotCreate"); | ||
|
||
@@ -152,6 +153,9 @@ | ||
if (outformat != GPLOT_PNG && outformat != GPLOT_PS && | ||
outformat != GPLOT_EPS && outformat != GPLOT_LATEX) | ||
return (GPLOT *)ERROR_PTR("outformat invalid", procName, NULL); | ||
+ stringCheckForChars(rootname, "`;&|><\"?*", &badchar); | ||
+ if (badchar) /* danger of command injection */ | ||
+ return (GPLOT *)ERROR_PTR("invalid rootname", procName, NULL); | ||
|
||
if ((gplot = (GPLOT *)LEPT_CALLOC(1, sizeof(GPLOT))) == NULL) | ||
return (GPLOT *)ERROR_PTR("gplot not made", procName, NULL); | ||
--- a/src/utils2.c | ||
+++ b/src/utils2.c | ||
@@ -42,6 +42,7 @@ | ||
* l_int32 stringSplitOnToken() | ||
* | ||
* Find and replace string and array procs | ||
+ * l_int32 stringCheckForChars() | ||
* char *stringRemoveChars() | ||
* l_int32 stringFindSubstr() | ||
* char *stringReplaceSubstr() | ||
@@ -701,6 +702,48 @@ | ||
/*--------------------------------------------------------------------* | ||
* Find and replace procs * | ||
*--------------------------------------------------------------------*/ | ||
+/*! | ||
+ * \brief stringCheckForChars() | ||
+ * | ||
+ * \param[in] src input string; can be of zero length | ||
+ * \param[in] chars string of chars to be searched for in %src | ||
+ * \param[out] pfound 1 if any characters are found; 0 otherwise | ||
+ * \return 0 if OK, 1 on error | ||
+ * | ||
+ * <pre> | ||
+ * Notes: | ||
+ * (1) This can be used to sanitize an operation by checking for | ||
+ * special characters that don't belong in a string. | ||
+ * </pre> | ||
+ */ | ||
+l_int32 | ||
+stringCheckForChars(const char *src, | ||
+ const char *chars, | ||
+ l_int32 *pfound) | ||
+{ | ||
+char ch; | ||
+l_int32 i, n; | ||
+ | ||
+ PROCNAME("stringCheckForChars"); | ||
+ | ||
+ if (!pfound) | ||
+ return ERROR_INT("&found not defined", procName, 1); | ||
+ *pfound = FALSE; | ||
+ if (!src || !chars) | ||
+ return ERROR_INT("src and chars not both defined", procName, 1); | ||
+ | ||
+ n = strlen(src); | ||
+ for (i = 0; i < n; i++) { | ||
+ ch = src[i]; | ||
+ if (strchr(chars, ch)) { | ||
+ *pfound = TRUE; | ||
+ break; | ||
+ } | ||
+ } | ||
+ return 0; | ||
+} | ||
+ | ||
+ | ||
/*! | ||
* \brief stringRemoveChars() | ||
* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
18 changes: 9 additions & 9 deletions
18
pkgs/applications/networking/browsers/chromium/upstream-info.nix
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,18 +1,18 @@ | ||
# This file is autogenerated from update.sh in the same directory. | ||
{ | ||
beta = { | ||
sha256 = "0vsvjhmrc2p8mf4rfp9bf9y4nqkbbi5v8008cdvr6c14zq35w7hy"; | ||
sha256bin64 = "1zzmk08y2rhirm297a91bvq5q30vvxll8fzfp7z5cpqb6az80y2h"; | ||
version = "74.0.3729.108"; | ||
sha256 = "01sw6ql4fr1zwbw4l4c3xgmd3jqil9lgmpmlhfyj9ga4kp2qlnim"; | ||
sha256bin64 = "0xwxb54l1ylrckxd36pkzcla34d5hbnhxz3gkrv4id530l6ms6jh"; | ||
version = "75.0.3770.27"; | ||
}; | ||
dev = { | ||
sha256 = "1wrg4r2q043i8i4vq9zn69yvnzjxzmxyn21k367909kci83hhi44"; | ||
sha256bin64 = "1jv9wi4nddijjp9y0r77rxciqsd1rkd87ipvagyq5nzpxr6wdzsa"; | ||
version = "75.0.3766.2"; | ||
sha256 = "0fq8sjyscz998ha4wnn4npr3bb4jslcjc1i7xgwz6bh4yhi1az4f"; | ||
sha256bin64 = "1yb6ff6bg662klki7dcrdaysmsnqrnlp8syxcvwl2rysswll3wyl"; | ||
version = "76.0.3788.1"; | ||
}; | ||
stable = { | ||
sha256 = "0vsvjhmrc2p8mf4rfp9bf9y4nqkbbi5v8008cdvr6c14zq35w7hy"; | ||
sha256bin64 = "0zs3khzszppmjf5s4rs6fbmhgc9y0abj4q4q8j3hn6nisddi9q9c"; | ||
version = "74.0.3729.108"; | ||
sha256 = "01ifjsss3nqr15xx2iqsiqgjq1xc07j7ljnapsb484m7dcfk3gnw"; | ||
sha256bin64 = "0zkv4x4vbra476c6wy4igp6k80r9ssb9632wsyrzjni9w3zk9qvy"; | ||
version = "74.0.3729.157"; | ||
}; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.