[arch-commits] Commit in java8-openjfx/trunk (4 files)

Frederik Schwan via arch-commits Wed, 16 Feb 2022 15:17:48 -0800

    Date: Wednesday, February 16, 2022 @ 23:17:33
  Author: freswa
Revision: 437537


incorporate changes sugested by @loqs

* add fix for CVE 2021-3517
* add fix for CVE 2021-3522
* improve compile flag patching
  * disable lto for webkit build
  * use g++14 for webkit build
  * disable compilation of JFR which isn't available in OpenJDK
* remove python2 dep

Added:
  java8-openjfx/trunk/java8-openjfx-CVE-2021-3517-fix.patch
  java8-openjfx/trunk/java8-openjfx-CVE-2021-3522-fix.patch
  java8-openjfx/trunk/java8-openjfx-no-sys-sysctl.patch
Modified:
  java8-openjfx/trunk/PKGBUILD

---------------------------------------+
 PKGBUILD                              |   19 +++++++++---
 java8-openjfx-CVE-2021-3517-fix.patch |   49 ++++++++++++++++++++++++++++++++
 java8-openjfx-CVE-2021-3522-fix.patch |   31 ++++++++++++++++++++
 java8-openjfx-no-sys-sysctl.patch     |   12 +++++++
 4 files changed, 106 insertions(+), 5 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD    2022-02-16 20:38:50 UTC (rev 437536)
+++ PKGBUILD    2022-02-16 23:17:33 UTC (rev 437537)
@@ -42,17 +42,23 @@
   webkit2gtk
 )
 source=(
-  https://hg.openjdk.java.net/openjfx/8u/rt/archive/${pkgver//./}-ga.tar.bz2
+  
https://hg.openjdk.java.net/openjfx/8u-dev/rt/archive/${pkgver//./}-ga.tar.bz2
   gradle.properties
   https://services.gradle.org/distributions/gradle-4.8-bin.zip
   java8-openjfx-flags.patch
   java8-openjfx-no-xlocale.patch
+  java8-openjfx-no-sys-sysctl.patch
+  
java8-openjfx-CVE-2021-3517-fix.patch::https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2.patch
+  
java8-openjfx-CVE-2021-3522-fix.patch::https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/8a88e5c1db05ebadfd4569955f6f47c23cdca3c4.patch
 )
 sha256sums=('12b0538d04c4bd451e4692ee06357ac36233ff4ec2af9fa3b9bbdbab48c3f2fc'
-            '75335ac8ccae143ab4dbb81fc32c70d34d95baa360388f55bf2d237e8821ad97'
+            'd1c2255893e5ec6268d7c92bb6539cde629d325872f26cffb5f1f616c9d5f30d'
             'f3e29692a8faa94eb0b02ebf36fa263a642b3ae8694ef806c45c345b8683f1ba'
-            '867badaca506f130f918bdc620ae7ae5be8b176fcdfc91fef551b636d6390b19'
-            'b21f6b254acc7aa2124521b6521d3bdfdfcfd9b062624a84ef73608120957d0d')
+            'ea252a3b1305705c5ce10e42e64a46f7beb1008a20dcd132a798fec16e2cd958'
+            'b21f6b254acc7aa2124521b6521d3bdfdfcfd9b062624a84ef73608120957d0d'
+            'cd1a2bd60f636662e4f3334217b3e14f1d51cf30b77b9ca3eff8d030312fd26a'
+            '4db6e995d46f5ab29c4169dab5dbbe367ebd01dee66ef1750abe5cf0c8364d42'
+            '3487eb180fff9866c8b8b08be45f13fa9e8edd04e5719bc867e59b09b81954b4')
 
 prepare() {
   cd rt-${pkgver//./}-ga
@@ -60,6 +66,10 @@
   ln -sf ../gradle.properties .
   patch -Np1 -i ../java8-openjfx-flags.patch
   patch -Np1 -i ../java8-openjfx-no-xlocale.patch
+  patch -Np1 -i ../java8-openjfx-no-sys-sysctl.patch
+  # loose match the following patch due to whitespace differences
+  patch -Np1 -l -i "$srcdir"/java8-openjfx-CVE-2021-3517-fix.patch -d 
modules/web/src/main/native/Source/ThirdParty/libxml/src
+  patch -Np1 -i "$srcdir"/java8-openjfx-CVE-2021-3522-fix.patch -d 
modules/media/src/main/native/gstreamer/gstreamer-lite/gst-plugins-base
 }
 
 build() {
@@ -87,7 +97,6 @@
     libx11
     libxtst
     pango
-    python2
     qt5-base
     ruby
     unzip

Added: java8-openjfx-CVE-2021-3517-fix.patch
===================================================================
--- java8-openjfx-CVE-2021-3517-fix.patch                               (rev 0)
+++ java8-openjfx-CVE-2021-3517-fix.patch       2022-02-16 23:17:33 UTC (rev 
437537)
@@ -0,0 +1,49 @@
+From bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2 Mon Sep 17 00:00:00 2001
+From: Joel Hockey <[email protected]>
+Date: Sun, 16 Aug 2020 17:19:35 -0700
+Subject: [PATCH] Validate UTF8 in xmlEncodeEntities
+
+Code is currently assuming UTF-8 without validating. Truncated UTF-8
+input can cause out-of-bounds array access.
+
+Adds further checks to partial fix in 50f06b3e.
+
+Fixes #178
+---
+ entities.c | 16 +++++++++++++++-
+ 1 file changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/entities.c b/entities.c
+index 37b99a56..1a8f86f0 100644
+--- a/entities.c
++++ b/entities.c
+@@ -704,11 +704,25 @@ xmlEncodeEntitiesInternal(xmlDocPtr doc, const xmlChar 
*input, int attr) {
+           } else {
+               /*
+                * We assume we have UTF-8 input.
++               * It must match either:
++               *   110xxxxx 10xxxxxx
++               *   1110xxxx 10xxxxxx 10xxxxxx
++               *   11110xxx 10xxxxxx 10xxxxxx 10xxxxxx
++               * That is:
++               *   cur[0] is 11xxxxxx
++               *   cur[1] is 10xxxxxx
++               *   cur[2] is 10xxxxxx if cur[0] is 111xxxxx
++               *   cur[3] is 10xxxxxx if cur[0] is 1111xxxx
++               *   cur[0] is not 11111xxx
+                */
+               char buf[11], *ptr;
+               int val = 0, l = 1;
+ 
+-              if (*cur < 0xC0) {
++              if (((cur[0] & 0xC0) != 0xC0) ||
++                  ((cur[1] & 0xC0) != 0x80) ||
++                  (((cur[0] & 0xE0) == 0xE0) && ((cur[2] & 0xC0) != 0x80)) ||
++                  (((cur[0] & 0xF0) == 0xF0) && ((cur[3] & 0xC0) != 0x80)) ||
++                  (((cur[0] & 0xF8) == 0xF8))) {
+                   xmlEntitiesErr(XML_CHECK_NOT_UTF8,
+                           "xmlEncodeEntities: input not UTF-8");
+                   if (doc != NULL)
+-- 
+GitLab
+

Added: java8-openjfx-CVE-2021-3522-fix.patch
===================================================================
--- java8-openjfx-CVE-2021-3522-fix.patch                               (rev 0)
+++ java8-openjfx-CVE-2021-3522-fix.patch       2022-02-16 23:17:33 UTC (rev 
437537)
@@ -0,0 +1,31 @@
+From 8a88e5c1db05ebadfd4569955f6f47c23cdca3c4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim-Philipp=20M=C3=BCller?= <[email protected]>
+Date: Wed, 3 Mar 2021 01:08:25 +0000
+Subject: [PATCH] tag: id3v2: fix frame size check and potential invalid reads
+
+Check the right variable when checking if there's
+enough data left to read the frame size.
+
+Closes https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/issues/876
+
+Part-of: 
<https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/merge_requests/1066>
+---
+ gst-libs/gst/tag/id3v2frames.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gst-libs/gst/tag/id3v2frames.c b/gst-libs/gst/tag/id3v2frames.c
+index 8e9f78254..f39659bf7 100644
+--- a/gst-libs/gst/tag/id3v2frames.c
++++ b/gst-libs/gst/tag/id3v2frames.c
+@@ -109,7 +109,7 @@ id3v2_parse_frame (ID3TagsWorking * work)
+ 
+   if (work->frame_flags & (ID3V2_FRAME_FORMAT_COMPRESSION |
+           ID3V2_FRAME_FORMAT_DATA_LENGTH_INDICATOR)) {
+-    if (work->hdr.frame_data_size <= 4)
++    if (frame_data_size <= 4)
+       return FALSE;
+     if (ID3V2_VER_MAJOR (work->hdr.version) == 3) {
+       work->parse_size = GST_READ_UINT32_BE (frame_data);
+-- 
+GitLab
+

Added: java8-openjfx-no-sys-sysctl.patch
===================================================================
--- java8-openjfx-no-sys-sysctl.patch                           (rev 0)
+++ java8-openjfx-no-sys-sysctl.patch   2022-02-16 23:17:33 UTC (rev 437537)
@@ -0,0 +1,12 @@
+diff --git 
a/modules/fxpackager/src/main/native/library/common/PosixPlatform.cpp 
b/modules/fxpackager/src/main/native/library/common/PosixPlatform.cpp
+index 40f83f25..df39a3c7 100644
+--- a/modules/fxpackager/src/main/native/library/common/PosixPlatform.cpp
++++ b/modules/fxpackager/src/main/native/library/common/PosixPlatform.cpp
+@@ -43,7 +43,6 @@
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <unistd.h>
+-#include <sys/sysctl.h>
+ #include <iostream>
+ #include <dlfcn.h>
+ #include <signal.h>

[arch-commits] Commit in java8-openjfx/trunk (4 files)

Reply via email to