diff options
Diffstat (limited to 'gnu/packages/patches')
| -rw-r--r-- | gnu/packages/patches/coreutils-fix-cross-compilation.patch | 15 | ||||
| -rw-r--r-- | gnu/packages/patches/flex-CVE-2016-6354.patch | 30 | ||||
| -rw-r--r-- | gnu/packages/patches/gcc-5-source-date-epoch-1.patch | 190 | ||||
| -rw-r--r-- | gnu/packages/patches/gcc-5-source-date-epoch-2.patch | 353 | ||||
| -rw-r--r-- | gnu/packages/patches/gcc-libiberty-printf-decl.patch | 28 | ||||
| -rw-r--r-- | gnu/packages/patches/gd-CVE-2016-7568.patch | 44 | ||||
| -rw-r--r-- | gnu/packages/patches/gd-CVE-2016-8670.patch | 38 | ||||
| -rw-r--r-- | gnu/packages/patches/libarchive-7zip-heap-overflow.patch | 77 | ||||
| -rw-r--r-- | gnu/packages/patches/libarchive-fix-filesystem-attacks.patch | 445 | ||||
| -rw-r--r-- | gnu/packages/patches/libarchive-fix-symlink-check.patch | 60 | ||||
| -rw-r--r-- | gnu/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch | 44 | ||||
| -rw-r--r-- | gnu/packages/patches/pcre-CVE-2016-3191.patch | 151 | ||||
| -rw-r--r-- | gnu/packages/patches/sed-hurd-path-max.patch | 34 | ||||
| -rw-r--r-- | gnu/packages/patches/tar-CVE-2016-6321.patch | 51 |
14 files changed, 637 insertions, 923 deletions
diff --git a/gnu/packages/patches/coreutils-fix-cross-compilation.patch b/gnu/packages/patches/coreutils-fix-cross-compilation.patch new file mode 100644 index 0000000000..3f0d35c33e --- /dev/null +++ b/gnu/packages/patches/coreutils-fix-cross-compilation.patch @@ -0,0 +1,15 @@ +Coreutils fails to cross compile for other platforms because cu_install_program +is not being evaluated properly. This patch fixes it. +See <https://lists.gnu.org/archive/html/coreutils/2017-01/msg00039.html> +--- a/Makefile.in ++++ b/Makefile.in +@@ -5023,7 +5023,7 @@ pr = progs-readme + @CROSS_COMPILING_FALSE@cu_install_program = src/ginstall + + # Use the just-built 'ginstall', when not cross-compiling. +-@CROSS_COMPILING_TRUE@cu_install_program = @INSTALL_PROGRAM@ ++@CROSS_COMPILING_TRUE@cu_install_program := @INSTALL@ + info_TEXINFOS = doc/coreutils.texi + doc_coreutils_TEXINFOS = \ + doc/perm.texi \ + diff --git a/gnu/packages/patches/flex-CVE-2016-6354.patch b/gnu/packages/patches/flex-CVE-2016-6354.patch deleted file mode 100644 index 1f3cb028d4..0000000000 --- a/gnu/packages/patches/flex-CVE-2016-6354.patch +++ /dev/null @@ -1,30 +0,0 @@ -Fix CVE-2016-6354 (Buffer overflow in generated code (yy_get_next_buffer). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6354 -https://security-tracker.debian.org/tracker/CVE-2016-6354 - -Patch copied from upstream source repository: -https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466 - -From a5cbe929ac3255d371e698f62dc256afe7006466 Mon Sep 17 00:00:00 2001 -From: Will Estes <westes575@gmail.com> -Date: Sat, 27 Feb 2016 11:56:05 -0500 -Subject: [PATCH] Fixed incorrect integer type - ---- - src/flex.skl | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/flex.skl b/src/flex.skl -index 36a526a..64f853d 100644 ---- a/src/flex.skl -+++ b/src/flex.skl -@@ -1703,7 +1703,7 @@ int yyFlexLexer::yy_get_next_buffer() - - else - { -- yy_size_t num_to_read = -+ int num_to_read = - YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; - - while ( num_to_read <= 0 ) diff --git a/gnu/packages/patches/gcc-5-source-date-epoch-1.patch b/gnu/packages/patches/gcc-5-source-date-epoch-1.patch new file mode 100644 index 0000000000..8c94a026b3 --- /dev/null +++ b/gnu/packages/patches/gcc-5-source-date-epoch-1.patch @@ -0,0 +1,190 @@ +Make GCC respect SOURCE_DATE_EPOCH in __DATE__ and __TIME__ macros. + +Patch adapted from upstream source repository: + +https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=e3e8c48c4a494d9da741c1c8ea6c4c0b7c4ff934 + +From e3e8c48c4a494d9da741c1c8ea6c4c0b7c4ff934 Mon Sep 17 00:00:00 2001 +From: doko <doko@138bc75d-0d04-0410-961f-82ee72b054a4> +Date: Thu, 28 Apr 2016 09:12:05 +0000 +Subject: [PATCH] gcc/c-family/ChangeLog: + +diff --git a/gcc/c-family/c-common.c b/gcc/c-family/c-common.c +index 1bf5d080034..6f0898a38d7 100644 +--- a/gcc/c-family/c-common.c ++++ b/gcc/c-family/c-common.c +@@ -12318,4 +12318,37 @@ pointer_to_zero_sized_aggr_p (tree t) + return (TYPE_SIZE (t) && integer_zerop (TYPE_SIZE (t))); + } + ++/* Read SOURCE_DATE_EPOCH from environment to have a deterministic ++ timestamp to replace embedded current dates to get reproducible ++ results. Returns -1 if SOURCE_DATE_EPOCH is not defined. */ ++time_t ++get_source_date_epoch () ++{ ++ char *source_date_epoch; ++ long long epoch; ++ char *endptr; ++ ++ source_date_epoch = getenv ("SOURCE_DATE_EPOCH"); ++ if (!source_date_epoch) ++ return (time_t) -1; ++ ++ errno = 0; ++ epoch = strtoll (source_date_epoch, &endptr, 10); ++ if ((errno == ERANGE && (epoch == LLONG_MAX || epoch == LLONG_MIN)) ++ || (errno != 0 && epoch == 0)) ++ fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: " ++ "strtoll: %s\n", xstrerror(errno)); ++ if (endptr == source_date_epoch) ++ fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: " ++ "no digits were found: %s\n", endptr); ++ if (*endptr != '\0') ++ fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: " ++ "trailing garbage: %s\n", endptr); ++ if (epoch < 0) ++ fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: " ++ "value must be nonnegative: %lld \n", epoch); ++ ++ return (time_t) epoch; ++} ++ + #include "gt-c-family-c-common.h" +diff --git a/gcc/c-family/c-common.h b/gcc/c-family/c-common.h +index fdb227f85c3..ba0a5d7df50 100644 +--- a/gcc/c-family/c-common.h ++++ b/gcc/c-family/c-common.h +@@ -1437,4 +1437,10 @@ extern bool contains_cilk_spawn_stmt (tree); + extern tree cilk_for_number_of_iterations (tree); + extern bool check_no_cilk (tree, const char *, const char *, + location_t loc = UNKNOWN_LOCATION); ++ ++/* Read SOURCE_DATE_EPOCH from environment to have a deterministic ++ timestamp to replace embedded current dates to get reproducible ++ results. Returns -1 if SOURCE_DATE_EPOCH is not defined. */ ++extern time_t get_source_date_epoch (void); ++ + #endif /* ! GCC_C_COMMON_H */ +diff --git a/gcc/c-family/c-lex.c b/gcc/c-family/c-lex.c +index bb55be8063e..e68471b9d2b 100644 +--- a/gcc/c-family/c-lex.c ++++ b/gcc/c-family/c-lex.c +@@ -402,6 +402,9 @@ c_lex_with_flags (tree *value, location_t *loc, unsigned char *cpp_flags, + enum cpp_ttype type; + unsigned char add_flags = 0; + enum overflow_type overflow = OT_NONE; ++ time_t source_date_epoch = get_source_date_epoch (); ++ ++ cpp_init_source_date_epoch (parse_in, source_date_epoch); + + timevar_push (TV_CPP); + retry: +diff --git a/gcc/doc/cppenv.texi b/gcc/doc/cppenv.texi +index 100811dc637..3b5317beb53 100644 +--- a/gcc/doc/cppenv.texi ++++ b/gcc/doc/cppenv.texi +@@ -79,4 +79,21 @@ main input file is omitted. + @ifclear cppmanual + @xref{Preprocessor Options}. + @end ifclear ++ ++@item SOURCE_DATE_EPOCH ++ ++If this variable is set, its value specifies a UNIX timestamp to be ++used in replacement of the current date and time in the @code{__DATE__} ++and @code{__TIME__} macros, so that the embedded timestamps become ++reproducible. ++ ++The value of @env{SOURCE_DATE_EPOCH} must be a UNIX timestamp, ++defined as the number of seconds (excluding leap seconds) since ++01 Jan 1970 00:00:00 represented in ASCII, identical to the output of ++@samp{@command{date +%s}}. ++ ++The value should be a known timestamp such as the last modification ++time of the source or package and it should be set by the build ++process. ++ + @end vtable +diff --git a/libcpp/include/cpplib.h b/libcpp/include/cpplib.h +index 1b731d1a3ad..7a5481219be 100644 +--- a/libcpp/include/cpplib.h ++++ b/libcpp/include/cpplib.h +@@ -775,6 +775,9 @@ extern void cpp_init_special_builtins (cpp_reader *); + /* Set up built-ins like __FILE__. */ + extern void cpp_init_builtins (cpp_reader *, int); + ++/* Initialize the source_date_epoch value. */ ++extern void cpp_init_source_date_epoch (cpp_reader *, time_t); ++ + /* This is called after options have been parsed, and partially + processed. */ + extern void cpp_post_options (cpp_reader *); +diff --git a/libcpp/init.c b/libcpp/init.c +index 45a4d13ffa3..a8d00f4628b 100644 +--- a/libcpp/init.c ++++ b/libcpp/init.c +@@ -530,6 +530,13 @@ cpp_init_builtins (cpp_reader *pfile, int hosted) + _cpp_define_builtin (pfile, "__OBJC__ 1"); + } + ++/* Initialize the source_date_epoch value. */ ++void ++cpp_init_source_date_epoch (cpp_reader *pfile, time_t source_date_epoch) ++{ ++ pfile->source_date_epoch = source_date_epoch; ++} ++ + /* Sanity-checks are dependent on command-line options, so it is + called as a subroutine of cpp_read_main_file (). */ + #if ENABLE_CHECKING +diff --git a/libcpp/internal.h b/libcpp/internal.h +index c2d08168945..8507eba1747 100644 +--- a/libcpp/internal.h ++++ b/libcpp/internal.h +@@ -502,6 +502,10 @@ struct cpp_reader + const unsigned char *date; + const unsigned char *time; + ++ /* Externally set timestamp to replace current date and time useful for ++ reproducibility. */ ++ time_t source_date_epoch; ++ + /* EOF token, and a token forcing paste avoidance. */ + cpp_token avoid_paste; + cpp_token eof; +diff --git a/libcpp/macro.c b/libcpp/macro.c +index eb32a6f8c98..3f3b278e97d 100644 +--- a/libcpp/macro.c ++++ b/libcpp/macro.c +@@ -350,13 +350,20 @@ _cpp_builtin_macro_text (cpp_reader *pfile, cpp_hashnode *node) + time_t tt; + struct tm *tb = NULL; + +- /* (time_t) -1 is a legitimate value for "number of seconds +- since the Epoch", so we have to do a little dance to +- distinguish that from a genuine error. */ +- errno = 0; +- tt = time(NULL); +- if (tt != (time_t)-1 || errno == 0) +- tb = localtime (&tt); ++ /* Set a reproducible timestamp for __DATE__ and __TIME__ macro ++ usage if SOURCE_DATE_EPOCH is defined. */ ++ if (pfile->source_date_epoch != (time_t) -1) ++ tb = gmtime (&pfile->source_date_epoch); ++ else ++ { ++ /* (time_t) -1 is a legitimate value for "number of seconds ++ since the Epoch", so we have to do a little dance to ++ distinguish that from a genuine error. */ ++ errno = 0; ++ tt = time (NULL); ++ if (tt != (time_t)-1 || errno == 0) ++ tb = localtime (&tt); ++ } + + if (tb) + { +-- +2.11.0 + diff --git a/gnu/packages/patches/gcc-5-source-date-epoch-2.patch b/gnu/packages/patches/gcc-5-source-date-epoch-2.patch new file mode 100644 index 0000000000..ed2580679a --- /dev/null +++ b/gnu/packages/patches/gcc-5-source-date-epoch-2.patch @@ -0,0 +1,353 @@ +Continuation of the SOURCE_DATE_EPOCH patch. + +Patch adapted from upstream source repository: + +https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=dfa5c0d3f3e23e4fdb14857a42de376d9ff8601c + +From dfa5c0d3f3e23e4fdb14857a42de376d9ff8601c Mon Sep 17 00:00:00 2001 +From: doko <doko@138bc75d-0d04-0410-961f-82ee72b054a4> +Date: Wed, 1 Jun 2016 16:42:41 +0000 +Subject: [PATCH] gcc/c-family/ChangeLog: + +diff --git a/gcc/c-family/c-common.c b/gcc/c-family/c-common.c +index 6f0898a38d7..efbc78ef218 100644 +--- a/gcc/c-family/c-common.c ++++ b/gcc/c-family/c-common.c +@@ -12321,8 +12321,9 @@ pointer_to_zero_sized_aggr_p (tree t) + /* Read SOURCE_DATE_EPOCH from environment to have a deterministic + timestamp to replace embedded current dates to get reproducible + results. Returns -1 if SOURCE_DATE_EPOCH is not defined. */ ++ + time_t +-get_source_date_epoch () ++cb_get_source_date_epoch (cpp_reader *pfile ATTRIBUTE_UNUSED) + { + char *source_date_epoch; + long long epoch; +@@ -12334,19 +12335,14 @@ get_source_date_epoch () + + errno = 0; + epoch = strtoll (source_date_epoch, &endptr, 10); +- if ((errno == ERANGE && (epoch == LLONG_MAX || epoch == LLONG_MIN)) +- || (errno != 0 && epoch == 0)) +- fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: " +- "strtoll: %s\n", xstrerror(errno)); +- if (endptr == source_date_epoch) +- fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: " +- "no digits were found: %s\n", endptr); +- if (*endptr != '\0') +- fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: " +- "trailing garbage: %s\n", endptr); +- if (epoch < 0) +- fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: " +- "value must be nonnegative: %lld \n", epoch); ++ if (errno != 0 || endptr == source_date_epoch || *endptr != '\0' ++ || epoch < 0 || epoch > MAX_SOURCE_DATE_EPOCH) ++ { ++ error_at (input_location, "environment variable SOURCE_DATE_EPOCH must " ++ "expand to a non-negative integer less than or equal to %wd", ++ MAX_SOURCE_DATE_EPOCH); ++ return (time_t) -1; ++ } + + return (time_t) epoch; + } +diff --git a/gcc/c-family/c-common.h b/gcc/c-family/c-common.h +index ba0a5d7df50..977ae9df5ea 100644 +--- a/gcc/c-family/c-common.h ++++ b/gcc/c-family/c-common.h +@@ -1063,6 +1063,16 @@ extern vec<tree, va_gc> *make_tree_vector_copy (const vec<tree, va_gc> *); + c_register_builtin_type. */ + extern GTY(()) tree registered_builtin_types; + ++/* Read SOURCE_DATE_EPOCH from environment to have a deterministic ++ timestamp to replace embedded current dates to get reproducible ++ results. Returns -1 if SOURCE_DATE_EPOCH is not defined. */ ++extern time_t cb_get_source_date_epoch (cpp_reader *pfile); ++ ++/* The value (as a unix timestamp) corresponds to date ++ "Dec 31 9999 23:59:59 UTC", which is the latest date that __DATE__ and ++ __TIME__ can store. */ ++#define MAX_SOURCE_DATE_EPOCH HOST_WIDE_INT_C (253402300799) ++ + /* In c-gimplify.c */ + extern void c_genericize (tree); + extern int c_gimplify_expr (tree *, gimple_seq *, gimple_seq *); +@@ -1438,9 +1448,4 @@ extern tree cilk_for_number_of_iterations (tree); + extern bool check_no_cilk (tree, const char *, const char *, + location_t loc = UNKNOWN_LOCATION); + +-/* Read SOURCE_DATE_EPOCH from environment to have a deterministic +- timestamp to replace embedded current dates to get reproducible +- results. Returns -1 if SOURCE_DATE_EPOCH is not defined. */ +-extern time_t get_source_date_epoch (void); +- + #endif /* ! GCC_C_COMMON_H */ +diff --git a/gcc/c-family/c-lex.c b/gcc/c-family/c-lex.c +index e68471b9d2b..3f78073f640 100644 +--- a/gcc/c-family/c-lex.c ++++ b/gcc/c-family/c-lex.c +@@ -97,6 +97,7 @@ init_c_lex (void) + cb->valid_pch = c_common_valid_pch; + cb->read_pch = c_common_read_pch; + cb->has_attribute = c_common_has_attribute; ++ cb->get_source_date_epoch = cb_get_source_date_epoch; + + /* Set the debug callbacks if we can use them. */ + if ((debug_info_level == DINFO_LEVEL_VERBOSE +@@ -402,9 +403,6 @@ c_lex_with_flags (tree *value, location_t *loc, unsigned char *cpp_flags, + enum cpp_ttype type; + unsigned char add_flags = 0; + enum overflow_type overflow = OT_NONE; +- time_t source_date_epoch = get_source_date_epoch (); +- +- cpp_init_source_date_epoch (parse_in, source_date_epoch); + + timevar_push (TV_CPP); + retry: +diff --git a/gcc/doc/cppenv.texi b/gcc/doc/cppenv.texi +index 3b5317beb53..7b4cf6adc11 100644 +--- a/gcc/doc/cppenv.texi ++++ b/gcc/doc/cppenv.texi +@@ -81,7 +81,6 @@ main input file is omitted. + @end ifclear + + @item SOURCE_DATE_EPOCH +- + If this variable is set, its value specifies a UNIX timestamp to be + used in replacement of the current date and time in the @code{__DATE__} + and @code{__TIME__} macros, so that the embedded timestamps become +@@ -89,8 +88,9 @@ reproducible. + + The value of @env{SOURCE_DATE_EPOCH} must be a UNIX timestamp, + defined as the number of seconds (excluding leap seconds) since +-01 Jan 1970 00:00:00 represented in ASCII, identical to the output of +-@samp{@command{date +%s}}. ++01 Jan 1970 00:00:00 represented in ASCII; identical to the output of ++@samp{@command{date +%s}} on GNU/Linux and other systems that support the ++@code{%s} extension in the @code{date} command. + + The value should be a known timestamp such as the last modification + time of the source or package and it should be set by the build +diff --git a/gcc/gcc.c b/gcc/gcc.c +index d956c36b151..2709f295734 100644 +--- a/gcc/gcc.c ++++ b/gcc/gcc.c +@@ -3328,6 +3328,29 @@ save_switch (const char *opt, size_t n_args, const char *const *args, + n_switches++; + } + ++/* Set the SOURCE_DATE_EPOCH environment variable to the current time if it is ++ not set already. */ ++ ++static void ++set_source_date_epoch_envvar () ++{ ++ /* Array size is 21 = ceil(log_10(2^64)) + 1 to hold string representations ++ of 64 bit integers. */ ++ char source_date_epoch[21]; ++ time_t tt; ++ ++ errno = 0; ++ tt = time (NULL); ++ if (tt < (time_t) 0 || errno != 0) ++ tt = (time_t) 0; ++ ++ snprintf (source_date_epoch, 21, "%llu", (unsigned long long) tt); ++ /* Using setenv instead of xputenv because we want the variable to remain ++ after finalizing so that it's still set in the second run when using ++ -fcompare-debug. */ ++ setenv ("SOURCE_DATE_EPOCH", source_date_epoch, 0); ++} ++ + /* Handle an option DECODED that is unknown to the option-processing + machinery. */ + +@@ -3628,6 +3651,7 @@ driver_handle_option (struct gcc_options *opts, + else + compare_debug_opt = arg; + save_switch (compare_debug_replacement_opt, 0, NULL, validated, true); ++ set_source_date_epoch_envvar (); + return true; + + case OPT_fdiagnostics_color_: +diff --git a/gcc/testsuite/gcc.dg/cpp/source_date_epoch-1.c b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-1.c +new file mode 100644 +index 00000000000..f6aa1a360ff +--- /dev/null ++++ b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-1.c +@@ -0,0 +1,11 @@ ++/* { dg-do run } */ ++/* { dg-set-compiler-env-var SOURCE_DATE_EPOCH "630333296" } */ ++ ++int ++main(void) ++{ ++ __builtin_printf ("%s %s\n", __DATE__, __TIME__); ++ return 0; ++} ++ ++/* { dg-output "^Dec 22 1989 12:34:56\n$" } */ +diff --git a/gcc/testsuite/gcc.dg/cpp/source_date_epoch-2.c b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-2.c +new file mode 100644 +index 00000000000..ae18362ae87 +--- /dev/null ++++ b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-2.c +@@ -0,0 +1,12 @@ ++/* { dg-do compile } */ ++/* { dg-set-compiler-env-var SOURCE_DATE_EPOCH "AAA" } */ ++ ++/* Make sure that SOURCE_DATE_EPOCH is only parsed once */ ++ ++int ++main(void) ++{ ++ __builtin_printf ("%s %s\n", __DATE__, __TIME__); /* { dg-error "SOURCE_DATE_EPOCH must expand" } */ ++ __builtin_printf ("%s %s\n", __DATE__, __TIME__); ++ return 0; ++} +diff --git a/gcc/testsuite/lib/gcc-dg.exp b/gcc/testsuite/lib/gcc-dg.exp +index 4fa433d9954..7656b2254a1 100644 +--- a/gcc/testsuite/lib/gcc-dg.exp ++++ b/gcc/testsuite/lib/gcc-dg.exp +@@ -324,6 +324,38 @@ proc restore-target-env-var { } { + } + } + ++proc dg-set-compiler-env-var { args } { ++ global set_compiler_env_var ++ global saved_compiler_env_var ++ if { [llength $args] != 3 } { ++ error "dg-set-compiler-env-var: need two arguments" ++ return ++ } ++ set var [lindex $args 1] ++ set value [lindex $args 2] ++ if [info exists ::env($var)] { ++ lappend saved_compiler_env_var [list $var 1 $::env($var)] ++ } else { ++ lappend saved_compiler_env_var [list $var 0] ++ } ++ setenv $var $value ++ lappend set_compiler_env_var [list $var $value] ++} ++ ++proc restore-compiler-env-var { } { ++ global saved_compiler_env_var ++ for { set env_vari [llength $saved_compiler_env_var] } { ++ [incr env_vari -1] >= 0 } {} { ++ set env_var [lindex $saved_compiler_env_var $env_vari] ++ set var [lindex $env_var 0] ++ if [lindex $env_var 1] { ++ setenv $var [lindex $env_var 2] ++ } else { ++ unsetenv $var ++ } ++ } ++} ++ + # Utility routines. + + # +@@ -785,6 +817,11 @@ if { [info procs saved-dg-test] == [list] } { + if [info exists set_target_env_var] { + unset set_target_env_var + } ++ if [info exists set_compiler_env_var] { ++ restore-compiler-env-var ++ unset set_compiler_env_var ++ unset saved_compiler_env_var ++ } + unset_timeout_vars + if [info exists compiler_conditional_xfail_data] { + unset compiler_conditional_xfail_data +diff --git a/libcpp/include/cpplib.h b/libcpp/include/cpplib.h +index 7a5481219be..867aeebc39f 100644 +--- a/libcpp/include/cpplib.h ++++ b/libcpp/include/cpplib.h +@@ -585,6 +585,9 @@ struct cpp_callbacks + + /* Callback that can change a user builtin into normal macro. */ + bool (*user_builtin_macro) (cpp_reader *, cpp_hashnode *); ++ ++ /* Callback to parse SOURCE_DATE_EPOCH from environment. */ ++ time_t (*get_source_date_epoch) (cpp_reader *); + }; + + #ifdef VMS +@@ -775,9 +778,6 @@ extern void cpp_init_special_builtins (cpp_reader *); + /* Set up built-ins like __FILE__. */ + extern void cpp_init_builtins (cpp_reader *, int); + +-/* Initialize the source_date_epoch value. */ +-extern void cpp_init_source_date_epoch (cpp_reader *, time_t); +- + /* This is called after options have been parsed, and partially + processed. */ + extern void cpp_post_options (cpp_reader *); +diff --git a/libcpp/init.c b/libcpp/init.c +index a8d00f4628b..61c9bbbf945 100644 +--- a/libcpp/init.c ++++ b/libcpp/init.c +@@ -254,6 +254,9 @@ cpp_create_reader (enum c_lang lang, cpp_hash_table *table, + /* Do not force token locations by default. */ + pfile->forced_token_location_p = NULL; + ++ /* Initialize source_date_epoch to -2 (not yet set). */ ++ pfile->source_date_epoch = (time_t) -2; ++ + /* The expression parser stack. */ + _cpp_expand_op_stack (pfile); + +@@ -530,13 +533,6 @@ cpp_init_builtins (cpp_reader *pfile, int hosted) + _cpp_define_builtin (pfile, "__OBJC__ 1"); + } + +-/* Initialize the source_date_epoch value. */ +-void +-cpp_init_source_date_epoch (cpp_reader *pfile, time_t source_date_epoch) +-{ +- pfile->source_date_epoch = source_date_epoch; +-} +- + /* Sanity-checks are dependent on command-line options, so it is + called as a subroutine of cpp_read_main_file (). */ + #if ENABLE_CHECKING +diff --git a/libcpp/internal.h b/libcpp/internal.h +index 8507eba1747..226ae328e76 100644 +--- a/libcpp/internal.h ++++ b/libcpp/internal.h +@@ -503,7 +503,8 @@ struct cpp_reader + const unsigned char *time; + + /* Externally set timestamp to replace current date and time useful for +- reproducibility. */ ++ reproducibility. It should be initialized to -2 (not yet set) and ++ set to -1 to disable it or to a non-negative value to enable it. */ + time_t source_date_epoch; + + /* EOF token, and a token forcing paste avoidance. */ +diff --git a/libcpp/macro.c b/libcpp/macro.c +index 3f3b278e97d..756c7c6e0c6 100644 +--- a/libcpp/macro.c ++++ b/libcpp/macro.c +@@ -351,9 +351,13 @@ _cpp_builtin_macro_text (cpp_reader *pfile, cpp_hashnode *node) + struct tm *tb = NULL; + + /* Set a reproducible timestamp for __DATE__ and __TIME__ macro +- usage if SOURCE_DATE_EPOCH is defined. */ +- if (pfile->source_date_epoch != (time_t) -1) +- tb = gmtime (&pfile->source_date_epoch); ++ if SOURCE_DATE_EPOCH is defined. */ ++ if (pfile->source_date_epoch == (time_t) -2 ++ && pfile->cb.get_source_date_epoch != NULL) ++ pfile->source_date_epoch = pfile->cb.get_source_date_epoch (pfile); ++ ++ if (pfile->source_date_epoch >= (time_t) 0) ++ tb = gmtime (&pfile->source_date_epoch); + else + { + /* (time_t) -1 is a legitimate value for "number of seconds +-- +2.11.0 + diff --git a/gnu/packages/patches/gcc-libiberty-printf-decl.patch b/gnu/packages/patches/gcc-libiberty-printf-decl.patch new file mode 100644 index 0000000000..a612c9e00e --- /dev/null +++ b/gnu/packages/patches/gcc-libiberty-printf-decl.patch @@ -0,0 +1,28 @@ +This patch makes the exeception specifier of libiberty's 'asprintf' +and 'vasprintf' declarations match those of glibc to work around the +problem described at <https://gcc.gnu.org/ml/gcc-help/2016-04/msg00039.html>. + +The problem in part stems from the fact that libiberty is configured +without _GNU_SOURCE (thus, it sets HAVE_DECL_ASPRINTF to 0), whereas libcc1 +is configured and built with _GNU_SOURCE, hence the conflicting declarations. + +--- gcc-5.3.0/include/libiberty.h 2016-04-23 22:45:46.262709079 +0200 ++++ gcc-5.3.0/include/libiberty.h 2016-04-23 22:45:37.110635439 +0200 +@@ -625,7 +625,7 @@ extern int pwait (int, int *, int); + /* Like sprintf but provides a pointer to malloc'd storage, which must + be freed by the caller. */ + +-extern int asprintf (char **, const char *, ...) ATTRIBUTE_PRINTF_2; ++extern int asprintf (char **, const char *, ...) __THROWNL ATTRIBUTE_PRINTF_2; + #endif + + /* Like asprintf but allocates memory without fail. This works like +@@ -637,7 +637,7 @@ extern char *xasprintf (const char *, .. + /* Like vsprintf but provides a pointer to malloc'd storage, which + must be freed by the caller. */ + +-extern int vasprintf (char **, const char *, va_list) ATTRIBUTE_PRINTF(2,0); ++extern int vasprintf (char **, const char *, va_list) __THROWNL ATTRIBUTE_PRINTF(2,0); + #endif + + /* Like vasprintf but allocates memory without fail. This works like diff --git a/gnu/packages/patches/gd-CVE-2016-7568.patch b/gnu/packages/patches/gd-CVE-2016-7568.patch deleted file mode 100644 index 6a1a63296c..0000000000 --- a/gnu/packages/patches/gd-CVE-2016-7568.patch +++ /dev/null @@ -1,44 +0,0 @@ -Fix CVE-2016-7568 (integer overflow in gdImageWebpCtx()): - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7568 - -Patch copied from upstream source repository: - -https://github.com/libgd/libgd/commit/2806adfdc27a94d333199345394d7c302952b95f - -From 2806adfdc27a94d333199345394d7c302952b95f Mon Sep 17 00:00:00 2001 -From: trylab <trylab@users.noreply.github.com> -Date: Tue, 6 Sep 2016 18:35:32 +0800 -Subject: [PATCH] Fix integer overflow in gdImageWebpCtx - -Integer overflow can be happened in expression gdImageSX(im) * 4 * -gdImageSY(im). It could lead to heap buffer overflow in the following -code. This issue has been reported to the PHP Bug Tracking System. The -proof-of-concept file will be supplied some days later. This issue was -discovered by Ke Liu of Tencent's Xuanwu LAB. ---- - src/gd_webp.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/src/gd_webp.c b/src/gd_webp.c -index 8eb4dee..9886399 100644 ---- a/src/gd_webp.c -+++ b/src/gd_webp.c -@@ -199,6 +199,14 @@ BGD_DECLARE(void) gdImageWebpCtx (gdImagePtr im, gdIOCtx * outfile, int quality) - quality = 80; - } - -+ if (overflow2(gdImageSX(im), 4)) { -+ return; -+ } -+ -+ if (overflow2(gdImageSX(im) * 4, gdImageSY(im))) { -+ return; -+ } -+ - argb = (uint8_t *)gdMalloc(gdImageSX(im) * 4 * gdImageSY(im)); - if (!argb) { - return; --- -2.10.0 - diff --git a/gnu/packages/patches/gd-CVE-2016-8670.patch b/gnu/packages/patches/gd-CVE-2016-8670.patch deleted file mode 100644 index 39ee99ac31..0000000000 --- a/gnu/packages/patches/gd-CVE-2016-8670.patch +++ /dev/null @@ -1,38 +0,0 @@ -Fix CVE-2016-8670 (buffer overflow in dynamicGetbuf()): - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8670 -http://seclists.org/oss-sec/2016/q4/138 - -Patch copied from upstream source repository: - -https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9 - -From 53110871935244816bbb9d131da0bccff734bfe9 Mon Sep 17 00:00:00 2001 -From: "Christoph M. Becker" <cmbecker69@gmx.de> -Date: Wed, 12 Oct 2016 11:15:32 +0200 -Subject: [PATCH] Avoid potentially dangerous signed to unsigned conversion - -We make sure to never pass a negative `rlen` as size to memcpy(). See -also <https://bugs.php.net/bug.php?id=73280>. - -Patch provided by Emmanuel Law. ---- - src/gd_io_dp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/gd_io_dp.c b/src/gd_io_dp.c -index 135eda3..228bfa5 100644 ---- a/src/gd_io_dp.c -+++ b/src/gd_io_dp.c -@@ -276,7 +276,7 @@ static int dynamicGetbuf(gdIOCtxPtr ctx, void *buf, int len) - if(remain >= len) { - rlen = len; - } else { -- if(remain == 0) { -+ if(remain <= 0) { - /* 2.0.34: EOF is incorrect. We use 0 for - * errors and EOF, just like fileGetbuf, - * which is a simple fread() wrapper. --- -2.10.1 - diff --git a/gnu/packages/patches/libarchive-7zip-heap-overflow.patch b/gnu/packages/patches/libarchive-7zip-heap-overflow.patch deleted file mode 100644 index bef628f0a8..0000000000 --- a/gnu/packages/patches/libarchive-7zip-heap-overflow.patch +++ /dev/null @@ -1,77 +0,0 @@ -Fix buffer overflow reading 7Zip files: - -https://github.com/libarchive/libarchive/issues/761 - -Patch copied from upstream repository: - -https://github.com/libarchive/libarchive/commit/7f17c791dcfd8c0416e2cd2485b19410e47ef126 - -From 7f17c791dcfd8c0416e2cd2485b19410e47ef126 Mon Sep 17 00:00:00 2001 -From: Tim Kientzle <kientzle@acm.org> -Date: Sun, 18 Sep 2016 18:14:58 -0700 -Subject: [PATCH] Issue 761: Heap overflow reading corrupted 7Zip files - -The sample file that demonstrated this had multiple 'EmptyStream' -attributes. The first one ended up being used to calculate -certain statistics, then was overwritten by the second which -was incompatible with those statistics. - -The fix here is to reject any header with multiple EmptyStream -attributes. While here, also reject headers with multiple -EmptyFile, AntiFile, Name, or Attributes markers. ---- - libarchive/archive_read_support_format_7zip.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/libarchive/archive_read_support_format_7zip.c b/libarchive/archive_read_support_format_7zip.c -index 1dfe52b..c0a536c 100644 ---- a/libarchive/archive_read_support_format_7zip.c -+++ b/libarchive/archive_read_support_format_7zip.c -@@ -2431,6 +2431,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h, - - switch (type) { - case kEmptyStream: -+ if (h->emptyStreamBools != NULL) -+ return (-1); - h->emptyStreamBools = calloc((size_t)zip->numFiles, - sizeof(*h->emptyStreamBools)); - if (h->emptyStreamBools == NULL) -@@ -2451,6 +2453,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h, - return (-1); - break; - } -+ if (h->emptyFileBools != NULL) -+ return (-1); - h->emptyFileBools = calloc(empty_streams, - sizeof(*h->emptyFileBools)); - if (h->emptyFileBools == NULL) -@@ -2465,6 +2469,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h, - return (-1); - break; - } -+ if (h->antiBools != NULL) -+ return (-1); - h->antiBools = calloc(empty_streams, - sizeof(*h->antiBools)); - if (h->antiBools == NULL) -@@ -2491,6 +2497,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h, - if ((ll & 1) || ll < zip->numFiles * 4) - return (-1); - -+ if (zip->entry_names != NULL) -+ return (-1); - zip->entry_names = malloc(ll); - if (zip->entry_names == NULL) - return (-1); -@@ -2543,6 +2551,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h, - if ((p = header_bytes(a, 2)) == NULL) - return (-1); - allAreDefined = *p; -+ if (h->attrBools != NULL) -+ return (-1); - h->attrBools = calloc((size_t)zip->numFiles, - sizeof(*h->attrBools)); - if (h->attrBools == NULL) --- -2.10.0 - diff --git a/gnu/packages/patches/libarchive-fix-filesystem-attacks.patch b/gnu/packages/patches/libarchive-fix-filesystem-attacks.patch deleted file mode 100644 index bce63d5e4e..0000000000 --- a/gnu/packages/patches/libarchive-fix-filesystem-attacks.patch +++ /dev/null @@ -1,445 +0,0 @@ -This patch fixes two bugs that allow attackers to overwrite or change -the permissions of arbitrary files: - -https://github.com/libarchive/libarchive/issues/745 -https://github.com/libarchive/libarchive/issues/746 - -Patch copied from upstream repository: - -https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9 - -From dfd6b54ce33960e420fb206d8872fb759b577ad9 Mon Sep 17 00:00:00 2001 -From: Tim Kientzle <kientzle@acm.org> -Date: Sun, 11 Sep 2016 13:21:57 -0700 -Subject: [PATCH] Fixes for Issue #745 and Issue #746 from Doran Moppert. - ---- - libarchive/archive_write_disk_posix.c | 294 ++++++++++++++++++++++++++-------- - 1 file changed, 227 insertions(+), 67 deletions(-) - -diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c -index 8f0421e..abe1a86 100644 ---- a/libarchive/archive_write_disk_posix.c -+++ b/libarchive/archive_write_disk_posix.c -@@ -326,12 +326,14 @@ struct archive_write_disk { - - #define HFS_BLOCKS(s) ((s) >> 12) - -+static int check_symlinks_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags); - static int check_symlinks(struct archive_write_disk *); - static int create_filesystem_object(struct archive_write_disk *); - static struct fixup_entry *current_fixup(struct archive_write_disk *, const char *pathname); - #if defined(HAVE_FCHDIR) && defined(PATH_MAX) - static void edit_deep_directories(struct archive_write_disk *ad); - #endif -+static int cleanup_pathname_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags); - static int cleanup_pathname(struct archive_write_disk *); - static int create_dir(struct archive_write_disk *, char *); - static int create_parent_dir(struct archive_write_disk *, char *); -@@ -2014,6 +2016,10 @@ create_filesystem_object(struct archive_write_disk *a) - const char *linkname; - mode_t final_mode, mode; - int r; -+ /* these for check_symlinks_fsobj */ -+ char *linkname_copy; /* non-const copy of linkname */ -+ struct archive_string error_string; -+ int error_number; - - /* We identify hard/symlinks according to the link names. */ - /* Since link(2) and symlink(2) don't handle modes, we're done here. */ -@@ -2022,6 +2028,27 @@ create_filesystem_object(struct archive_write_disk *a) - #if !HAVE_LINK - return (EPERM); - #else -+ archive_string_init(&error_string); -+ linkname_copy = strdup(linkname); -+ if (linkname_copy == NULL) { -+ return (EPERM); -+ } -+ /* TODO: consider using the cleaned-up path as the link target? */ -+ r = cleanup_pathname_fsobj(linkname_copy, &error_number, &error_string, a->flags); -+ if (r != ARCHIVE_OK) { -+ archive_set_error(&a->archive, error_number, "%s", error_string.s); -+ free(linkname_copy); -+ /* EPERM is more appropriate than error_number for our callers */ -+ return (EPERM); -+ } -+ r = check_symlinks_fsobj(linkname_copy, &error_number, &error_string, a->flags); -+ if (r != ARCHIVE_OK) { -+ archive_set_error(&a->archive, error_number, "%s", error_string.s); -+ free(linkname_copy); -+ /* EPERM is more appropriate than error_number for our callers */ -+ return (EPERM); -+ } -+ free(linkname_copy); - r = link(linkname, a->name) ? errno : 0; - /* - * New cpio and pax formats allow hardlink entries -@@ -2362,115 +2389,228 @@ current_fixup(struct archive_write_disk *a, const char *pathname) - * recent paths. - */ - /* TODO: Extend this to support symlinks on Windows Vista and later. */ -+ -+/* -+ * Checks the given path to see if any elements along it are symlinks. Returns -+ * ARCHIVE_OK if there are none, otherwise puts an error in errmsg. -+ */ - static int --check_symlinks(struct archive_write_disk *a) -+check_symlinks_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags) - { - #if !defined(HAVE_LSTAT) - /* Platform doesn't have lstat, so we can't look for symlinks. */ - (void)a; /* UNUSED */ -+ (void)path; /* UNUSED */ -+ (void)error_number; /* UNUSED */ -+ (void)error_string; /* UNUSED */ -+ (void)flags; /* UNUSED */ - return (ARCHIVE_OK); - #else -- char *pn; -+ int res = ARCHIVE_OK; -+ char *tail; -+ char *head; -+ int last; - char c; - int r; - struct stat st; -+ int restore_pwd; -+ -+ /* Nothing to do here if name is empty */ -+ if(path[0] == '\0') -+ return (ARCHIVE_OK); - - /* - * Guard against symlink tricks. Reject any archive entry whose - * destination would be altered by a symlink. -+ * -+ * Walk the filename in chunks separated by '/'. For each segment: -+ * - if it doesn't exist, continue -+ * - if it's symlink, abort or remove it -+ * - if it's a directory and it's not the last chunk, cd into it -+ * As we go: -+ * head points to the current (relative) path -+ * tail points to the temporary \0 terminating the segment we're currently examining -+ * c holds what used to be in *tail -+ * last is 1 if this is the last tail - */ -- /* Whatever we checked last time doesn't need to be re-checked. */ -- pn = a->name; -- if (archive_strlen(&(a->path_safe)) > 0) { -- char *p = a->path_safe.s; -- while ((*pn != '\0') && (*p == *pn)) -- ++p, ++pn; -- } -+ restore_pwd = open(".", O_RDONLY | O_BINARY | O_CLOEXEC); -+ __archive_ensure_cloexec_flag(restore_pwd); -+ if (restore_pwd < 0) -+ return (ARCHIVE_FATAL); -+ head = path; -+ tail = path; -+ last = 0; -+ /* TODO: reintroduce a safe cache here? */ - /* Skip the root directory if the path is absolute. */ -- if(pn == a->name && pn[0] == '/') -- ++pn; -- c = pn[0]; -- /* Keep going until we've checked the entire name. */ -- while (pn[0] != '\0' && (pn[0] != '/' || pn[1] != '\0')) { -+ if(tail == path && tail[0] == '/') -+ ++tail; -+ /* Keep going until we've checked the entire name. -+ * head, tail, path all alias the same string, which is -+ * temporarily zeroed at tail, so be careful restoring the -+ * stashed (c=tail[0]) for error messages. -+ * Exiting the loop with break is okay; continue is not. -+ */ -+ while (!last) { -+ /* Skip the separator we just consumed, plus any adjacent ones */ -+ while (*tail == '/') -+ ++tail; - /* Skip the next path element. */ -- while (*pn != '\0' && *pn != '/') -- ++pn; -- c = pn[0]; -- pn[0] = '\0'; -+ while (*tail != '\0' && *tail != '/') -+ ++tail; -+ /* is this the last path component? */ -+ last = (tail[0] == '\0') || (tail[0] == '/' && tail[1] == '\0'); -+ /* temporarily truncate the string here */ -+ c = tail[0]; -+ tail[0] = '\0'; - /* Check that we haven't hit a symlink. */ -- r = lstat(a->name, &st); -+ r = lstat(head, &st); - if (r != 0) { -+ tail[0] = c; - /* We've hit a dir that doesn't exist; stop now. */ - if (errno == ENOENT) { - break; - } else { -- /* Note: This effectively disables deep directory -+ /* Treat any other error as fatal - best to be paranoid here -+ * Note: This effectively disables deep directory - * support when security checks are enabled. - * Otherwise, very long pathnames that trigger - * an error here could evade the sandbox. - * TODO: We could do better, but it would probably - * require merging the symlink checks with the - * deep-directory editing. */ -- return (ARCHIVE_FAILED); -+ if (error_number) *error_number = errno; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Could not stat %s", -+ path); -+ res = ARCHIVE_FAILED; -+ break; -+ } -+ } else if (S_ISDIR(st.st_mode)) { -+ if (!last) { -+ if (chdir(head) != 0) { -+ tail[0] = c; -+ if (error_number) *error_number = errno; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Could not chdir %s", -+ path); -+ res = (ARCHIVE_FATAL); -+ break; -+ } -+ /* Our view is now from inside this dir: */ -+ head = tail + 1; - } - } else if (S_ISLNK(st.st_mode)) { -- if (c == '\0') { -+ if (last) { - /* - * Last element is symlink; remove it - * so we can overwrite it with the - * item being extracted. - */ -- if (unlink(a->name)) { -- archive_set_error(&a->archive, errno, -- "Could not remove symlink %s", -- a->name); -- pn[0] = c; -- return (ARCHIVE_FAILED); -+ if (unlink(head)) { -+ tail[0] = c; -+ if (error_number) *error_number = errno; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Could not remove symlink %s", -+ path); -+ res = ARCHIVE_FAILED; -+ break; - } -- a->pst = NULL; - /* - * Even if we did remove it, a warning - * is in order. The warning is silly, - * though, if we're just replacing one - * symlink with another symlink. - */ -- if (!S_ISLNK(a->mode)) { -- archive_set_error(&a->archive, 0, -- "Removing symlink %s", -- a->name); -+ tail[0] = c; -+ /* FIXME: not sure how important this is to restore -+ if (!S_ISLNK(path)) { -+ if (error_number) *error_number = 0; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Removing symlink %s", -+ path); - } -+ */ - /* Symlink gone. No more problem! */ -- pn[0] = c; -- return (0); -- } else if (a->flags & ARCHIVE_EXTRACT_UNLINK) { -+ res = ARCHIVE_OK; -+ break; -+ } else if (flags & ARCHIVE_EXTRACT_UNLINK) { - /* User asked us to remove problems. */ -- if (unlink(a->name) != 0) { -- archive_set_error(&a->archive, 0, -- "Cannot remove intervening symlink %s", -- a->name); -- pn[0] = c; -- return (ARCHIVE_FAILED); -+ if (unlink(head) != 0) { -+ tail[0] = c; -+ if (error_number) *error_number = 0; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Cannot remove intervening symlink %s", -+ path); -+ res = ARCHIVE_FAILED; -+ break; - } -- a->pst = NULL; -+ tail[0] = c; - } else { -- archive_set_error(&a->archive, 0, -- "Cannot extract through symlink %s", -- a->name); -- pn[0] = c; -- return (ARCHIVE_FAILED); -+ tail[0] = c; -+ if (error_number) *error_number = 0; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Cannot extract through symlink %s", -+ path); -+ res = ARCHIVE_FAILED; -+ break; - } - } -- pn[0] = c; -- if (pn[0] != '\0') -- pn++; /* Advance to the next segment. */ -+ /* be sure to always maintain this */ -+ tail[0] = c; -+ if (tail[0] != '\0') -+ tail++; /* Advance to the next segment. */ - } -- pn[0] = c; -- /* We've checked and/or cleaned the whole path, so remember it. */ -- archive_strcpy(&a->path_safe, a->name); -- return (ARCHIVE_OK); -+ /* Catches loop exits via break */ -+ tail[0] = c; -+#ifdef HAVE_FCHDIR -+ /* If we changed directory above, restore it here. */ -+ if (restore_pwd >= 0) { -+ r = fchdir(restore_pwd); -+ if (r != 0) { -+ if(error_number) *error_number = errno; -+ if(error_string) -+ archive_string_sprintf(error_string, -+ "chdir() failure"); -+ } -+ close(restore_pwd); -+ restore_pwd = -1; -+ if (r != 0) { -+ res = (ARCHIVE_FATAL); -+ } -+ } -+#endif -+ /* TODO: reintroduce a safe cache here? */ -+ return res; - #endif - } - -+/* -+ * Check a->name for symlinks, returning ARCHIVE_OK if its clean, otherwise -+ * calls archive_set_error and returns ARCHIVE_{FATAL,FAILED} -+ */ -+static int -+check_symlinks(struct archive_write_disk *a) -+{ -+ struct archive_string error_string; -+ int error_number; -+ int rc; -+ archive_string_init(&error_string); -+ rc = check_symlinks_fsobj(a->name, &error_number, &error_string, a->flags); -+ if (rc != ARCHIVE_OK) { -+ archive_set_error(&a->archive, error_number, "%s", error_string.s); -+ } -+ archive_string_free(&error_string); -+ a->pst = NULL; /* to be safe */ -+ return rc; -+} -+ -+ - #if defined(__CYGWIN__) - /* - * 1. Convert a path separator from '\' to '/' . -@@ -2544,15 +2684,17 @@ cleanup_pathname_win(struct archive_write_disk *a) - * is set) if the path is absolute. - */ - static int --cleanup_pathname(struct archive_write_disk *a) -+cleanup_pathname_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags) - { - char *dest, *src; - char separator = '\0'; - -- dest = src = a->name; -+ dest = src = path; - if (*src == '\0') { -- archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, -- "Invalid empty pathname"); -+ if (error_number) *error_number = ARCHIVE_ERRNO_MISC; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Invalid empty pathname"); - return (ARCHIVE_FAILED); - } - -@@ -2561,9 +2703,11 @@ cleanup_pathname(struct archive_write_disk *a) - #endif - /* Skip leading '/'. */ - if (*src == '/') { -- if (a->flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) { -- archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, -- "Path is absolute"); -+ if (flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) { -+ if (error_number) *error_number = ARCHIVE_ERRNO_MISC; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Path is absolute"); - return (ARCHIVE_FAILED); - } - -@@ -2590,10 +2734,11 @@ cleanup_pathname(struct archive_write_disk *a) - } else if (src[1] == '.') { - if (src[2] == '/' || src[2] == '\0') { - /* Conditionally warn about '..' */ -- if (a->flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) { -- archive_set_error(&a->archive, -- ARCHIVE_ERRNO_MISC, -- "Path contains '..'"); -+ if (flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) { -+ if (error_number) *error_number = ARCHIVE_ERRNO_MISC; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Path contains '..'"); - return (ARCHIVE_FAILED); - } - } -@@ -2624,7 +2769,7 @@ cleanup_pathname(struct archive_write_disk *a) - * We've just copied zero or more path elements, not including the - * final '/'. - */ -- if (dest == a->name) { -+ if (dest == path) { - /* - * Nothing got copied. The path must have been something - * like '.' or '/' or './' or '/././././/./'. -@@ -2639,6 +2784,21 @@ cleanup_pathname(struct archive_write_disk *a) - return (ARCHIVE_OK); - } - -+static int -+cleanup_pathname(struct archive_write_disk *a) -+{ -+ struct archive_string error_string; -+ int error_number; -+ int rc; -+ archive_string_init(&error_string); -+ rc = cleanup_pathname_fsobj(a->name, &error_number, &error_string, a->flags); -+ if (rc != ARCHIVE_OK) { -+ archive_set_error(&a->archive, error_number, "%s", error_string.s); -+ } -+ archive_string_free(&error_string); -+ return rc; -+} -+ - /* - * Create the parent directory of the specified path, assuming path - * is already in mutable storage. diff --git a/gnu/packages/patches/libarchive-fix-symlink-check.patch b/gnu/packages/patches/libarchive-fix-symlink-check.patch deleted file mode 100644 index f042c31a84..0000000000 --- a/gnu/packages/patches/libarchive-fix-symlink-check.patch +++ /dev/null @@ -1,60 +0,0 @@ -Make sure to check for symlinks even if the pathname is very long: - -https://github.com/libarchive/libarchive/issues/744 - -Patch copied from upstream repository: - -https://github.com/libarchive/libarchive/commit/1fa9c7bf90f0862036a99896b0501c381584451a - -From 1fa9c7bf90f0862036a99896b0501c381584451a Mon Sep 17 00:00:00 2001 -From: Tim Kientzle <kientzle@acm.org> -Date: Sun, 21 Aug 2016 17:11:45 -0700 -Subject: [PATCH] Issue #744 (part of Issue #743): Enforce sandbox with very - long pathnames - -Because check_symlinks is handled separately from the deep-directory -support, very long pathnames cause problems. Previously, the code -ignored most failures to lstat() a path component. In particular, -this led to check_symlinks always passing for very long paths, which -in turn provides a way to evade the symlink checks in the sandboxing -code. - -We now fail on unrecognized lstat() failures, which plugs this -hole at the cost of disabling deep directory support when the -user requests sandboxing. - -TODO: This probably cannot be completely fixed without -entirely reimplementing the deep directory support to -integrate the symlink checks. I want to reimplement the -deep directory hanlding someday anyway; openat() and -related system calls now provide a much cleaner way to -handle deep directories than the chdir approach used by this -code. ---- - libarchive/archive_write_disk_posix.c | 12 +++++++++++- - 1 file changed, 11 insertions(+), 1 deletion(-) - -diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c -index 39ee3b6..8f0421e 100644 ---- a/libarchive/archive_write_disk_posix.c -+++ b/libarchive/archive_write_disk_posix.c -@@ -2401,8 +2401,18 @@ check_symlinks(struct archive_write_disk *a) - r = lstat(a->name, &st); - if (r != 0) { - /* We've hit a dir that doesn't exist; stop now. */ -- if (errno == ENOENT) -+ if (errno == ENOENT) { - break; -+ } else { -+ /* Note: This effectively disables deep directory -+ * support when security checks are enabled. -+ * Otherwise, very long pathnames that trigger -+ * an error here could evade the sandbox. -+ * TODO: We could do better, but it would probably -+ * require merging the symlink checks with the -+ * deep-directory editing. */ -+ return (ARCHIVE_FAILED); -+ } - } else if (S_ISLNK(st.st_mode)) { - if (c == '\0') { - /* diff --git a/gnu/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch b/gnu/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch deleted file mode 100644 index 0e70ac90ce..0000000000 --- a/gnu/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch +++ /dev/null @@ -1,44 +0,0 @@ -Fixes this buffer overflow: -https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a - -Patch copied from upstream source repository: -https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a - -From e37b620fe8f14535d737e89a4dcabaed4517bf1a Mon Sep 17 00:00:00 2001 -From: Tim Kientzle <kientzle@acm.org> -Date: Sun, 21 Aug 2016 10:51:43 -0700 -Subject: [PATCH] Issue #767: Buffer overflow printing a filename - -The safe_fprintf function attempts to ensure clean output for an -arbitrary sequence of bytes by doing a trial conversion of the -multibyte characters to wide characters -- if the resulting wide -character is printable then we pass through the corresponding bytes -unaltered, otherwise, we convert them to C-style ASCII escapes. - -The stack trace in Issue #767 suggest that the 20-byte buffer -was getting overflowed trying to format a non-printable multibyte -character. This should only happen if there is a valid multibyte -character of more than 5 bytes that was unprintable. (Each byte -would get expanded to a four-charcter octal-style escape of the form -"\123" resulting in >20 characters for the >5 byte multibyte character.) - -I've not been able to reproduce this, but have expanded the conversion -buffer to 128 bytes on the belief that no multibyte character set -has a single character of more than 32 bytes. ---- - tar/util.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tar/util.c b/tar/util.c -index 9ff22f2..2b4aebe 100644 ---- a/tar/util.c -+++ b/tar/util.c -@@ -182,7 +182,7 @@ safe_fprintf(FILE *f, const char *fmt, ...) - } - - /* If our output buffer is full, dump it and keep going. */ -- if (i > (sizeof(outbuff) - 20)) { -+ if (i > (sizeof(outbuff) - 128)) { - outbuff[i] = '\0'; - fprintf(f, "%s", outbuff); - i = 0; diff --git a/gnu/packages/patches/pcre-CVE-2016-3191.patch b/gnu/packages/patches/pcre-CVE-2016-3191.patch deleted file mode 100644 index 89cce2a36f..0000000000 --- a/gnu/packages/patches/pcre-CVE-2016-3191.patch +++ /dev/null @@ -1,151 +0,0 @@ -Fix for CVE-2016-3191. -See <https://bugzilla.redhat.com/show_bug.cgi?id=1311503>. -This is svn r1631 at <svn://vcs.exim.org/pcre/code>. - -Index: trunk/testdata/testoutput11-16 -=================================================================== ---- trunk/testdata/testoutput11-16 (revision 1630) -+++ trunk/testdata/testoutput11-16 (revision 1631) -@@ -765,4 +765,7 @@ - 25 End - ------------------------------------------------------------------ - -+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/ -+Failed: regular expression is too complicated at offset 490 -+ - /-- End of testinput11 --/ -Index: trunk/testdata/testinput11 -=================================================================== ---- trunk/testdata/testinput11 (revision 1630) -+++ trunk/testdata/testinput11 (revision 1631) -@@ -138,4 +138,6 @@ - - /.((?2)(?R)\1)()/B - -+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/ -+ - /-- End of testinput11 --/ -Index: trunk/testdata/testoutput11-8 -=================================================================== ---- trunk/testdata/testoutput11-8 (revision 1630) -+++ trunk/testdata/testoutput11-8 (revision 1631) -@@ -765,4 +765,7 @@ - 38 End - ------------------------------------------------------------------ - -+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/ -+Failed: missing ) at offset 509 -+ - /-- End of testinput11 --/ -Index: trunk/testdata/testoutput11-32 -=================================================================== ---- trunk/testdata/testoutput11-32 (revision 1630) -+++ trunk/testdata/testoutput11-32 (revision 1631) -@@ -765,4 +765,7 @@ - 25 End - ------------------------------------------------------------------ - -+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/ -+Failed: missing ) at offset 509 -+ - /-- End of testinput11 --/ -Index: trunk/pcre_internal.h -=================================================================== ---- trunk/pcre_internal.h (revision 1630) -+++ trunk/pcre_internal.h (revision 1631) -@@ -7,7 +7,7 @@ - and semantics are as close as possible to those of the Perl 5 language. - - Written by Philip Hazel -- Copyright (c) 1997-2014 University of Cambridge -+ Copyright (c) 1997-2016 University of Cambridge - - ----------------------------------------------------------------------------- - Redistribution and use in source and binary forms, with or without -@@ -2289,7 +2289,7 @@ - ERR50, ERR51, ERR52, ERR53, ERR54, ERR55, ERR56, ERR57, ERR58, ERR59, - ERR60, ERR61, ERR62, ERR63, ERR64, ERR65, ERR66, ERR67, ERR68, ERR69, - ERR70, ERR71, ERR72, ERR73, ERR74, ERR75, ERR76, ERR77, ERR78, ERR79, -- ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERRCOUNT }; -+ ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERR87, ERRCOUNT }; - - /* JIT compiling modes. The function list is indexed by them. */ - -Index: trunk/pcre_compile.c -=================================================================== ---- trunk/pcre_compile.c (revision 1630) -+++ trunk/pcre_compile.c (revision 1631) -@@ -6,7 +6,7 @@ - and semantics are as close as possible to those of the Perl 5 language. - - Written by Philip Hazel -- Copyright (c) 1997-2014 University of Cambridge -+ Copyright (c) 1997-2016 University of Cambridge - - ----------------------------------------------------------------------------- - Redistribution and use in source and binary forms, with or without -@@ -560,6 +560,7 @@ - /* 85 */ - "parentheses are too deeply nested (stack check)\0" - "digits missing in \\x{} or \\o{}\0" -+ "regular expression is too complicated\0" - ; - - /* Table to identify digits and hex digits. This is used when compiling -@@ -4591,7 +4592,8 @@ - if (code > cd->start_workspace + cd->workspace_size - - WORK_SIZE_SAFETY_MARGIN) /* Check for overrun */ - { -- *errorcodeptr = ERR52; -+ *errorcodeptr = (code >= cd->start_workspace + cd->workspace_size)? -+ ERR52 : ERR87; - goto FAILED; - } - -@@ -6626,8 +6628,21 @@ - cd->had_accept = TRUE; - for (oc = cd->open_caps; oc != NULL; oc = oc->next) - { -- *code++ = OP_CLOSE; -- PUT2INC(code, 0, oc->number); -+ if (lengthptr != NULL) -+ { -+#ifdef COMPILE_PCRE8 -+ *lengthptr += 1 + IMM2_SIZE; -+#elif defined COMPILE_PCRE16 -+ *lengthptr += 2 + IMM2_SIZE; -+#elif defined COMPILE_PCRE32 -+ *lengthptr += 4 + IMM2_SIZE; -+#endif -+ } -+ else -+ { -+ *code++ = OP_CLOSE; -+ PUT2INC(code, 0, oc->number); -+ } - } - setverb = *code++ = - (cd->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT; -Index: trunk/pcreposix.c -=================================================================== ---- trunk/pcreposix.c (revision 1630) -+++ trunk/pcreposix.c (revision 1631) -@@ -6,7 +6,7 @@ - and semantics are as close as possible to those of the Perl 5 language. - - Written by Philip Hazel -- Copyright (c) 1997-2014 University of Cambridge -+ Copyright (c) 1997-2016 University of Cambridge - - ----------------------------------------------------------------------------- - Redistribution and use in source and binary forms, with or without -@@ -173,7 +173,8 @@ - REG_BADPAT, /* group name must start with a non-digit */ - /* 85 */ - REG_BADPAT, /* parentheses too deeply nested (stack check) */ -- REG_BADPAT /* missing digits in \x{} or \o{} */ -+ REG_BADPAT, /* missing digits in \x{} or \o{} */ -+ REG_BADPAT /* pattern too complicated */ - }; - - /* Table of texts corresponding to POSIX error codes */ diff --git a/gnu/packages/patches/sed-hurd-path-max.patch b/gnu/packages/patches/sed-hurd-path-max.patch deleted file mode 100644 index 5226cba4cb..0000000000 --- a/gnu/packages/patches/sed-hurd-path-max.patch +++ /dev/null @@ -1,34 +0,0 @@ -7bb8d35d0330161a5af5341471d0c183a067e8c2 -Author: Jose E. Marchesi <jemarch@gnu.org> -Date: Sun Oct 6 14:43:38 2013 +0200 - - Set PATH_MAX to some constant in case it is not defined in system - headers. - - 2013-10-06 Jose E. Marchesi <jemarch@gnu.org> - - * basicdefs.h (PATH_MAX): Defined to some constant in case it is - not defined by system headers. - * sed/utils.c: Do not include pathmax.h anymore. - * bootstrap.conf (gnulib_modules): Do not use the gnulib module - pathmax. - -diff --git a/basicdefs.h b/basicdefs.h -index 0d28a97..09f5beb 100644 ---- a/basicdefs.h -+++ b/basicdefs.h -@@ -40,6 +41,13 @@ typedef unsigned long countT; - #define obstack_chunk_alloc ck_malloc - #define obstack_chunk_free free - -+/* MAX_PATH is not defined in some platforms, most notably GNU/Hurd. -+ In that case we define it here to some constant. Note however that -+ this relies in the fact that sed does reallocation if a buffer -+ needs to be larger than PATH_MAX. */ -+#ifndef PATH_MAX -+# define PATH_MAX 200 -+#endif - - /* handle misdesigned <ctype.h> macros (snarfed from lib/regex.c) */ - /* Jim Meyering writes: - diff --git a/gnu/packages/patches/tar-CVE-2016-6321.patch b/gnu/packages/patches/tar-CVE-2016-6321.patch new file mode 100644 index 0000000000..b79be9bc94 --- /dev/null +++ b/gnu/packages/patches/tar-CVE-2016-6321.patch @@ -0,0 +1,51 @@ +Fix CVE-2016-6321: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321 +https://security-tracker.debian.org/tracker/CVE-2016-6321 + +Patch adapted from upstream source repository (the changes to 'NEWS' +don't apply to the Tar 1.29 release tarball). + +http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d + +From 7340f67b9860ea0531c1450e5aa261c50f67165d Mon Sep 17 00:00:00 2001 +From: Paul Eggert <eggert@Penguin.CS.UCLA.EDU> +Date: Sat, 29 Oct 2016 21:04:40 -0700 +Subject: [PATCH] When extracting, skip ".." members + +* NEWS: Document this. +* src/extract.c (extract_archive): Skip members whose names +contain "..". +--- + NEWS | 8 +++++++- + src/extract.c | 8 ++++++++ + 2 files changed, 15 insertions(+), 1 deletion(-) + +diff --git a/src/extract.c b/src/extract.c +index f982433..7904148 100644 +--- a/src/extract.c ++++ b/src/extract.c +@@ -1629,12 +1629,20 @@ extract_archive (void) + { + char typeflag; + tar_extractor_t fun; ++ bool skip_dotdot_name; + + fatal_exit_hook = extract_finish; + + set_next_block_after (current_header); + ++ skip_dotdot_name = (!absolute_names_option ++ && contains_dot_dot (current_stat_info.orig_file_name)); ++ if (skip_dotdot_name) ++ ERROR ((0, 0, _("%s: Member name contains '..'"), ++ quotearg_colon (current_stat_info.orig_file_name))); ++ + if (!current_stat_info.file_name[0] ++ || skip_dotdot_name + || (interactive_option + && !confirm ("extract", current_stat_info.file_name))) + { +-- +2.11.0 + |