From 561840b4aa91bf271acc13864f185586a5a01722 Mon Sep 17 00:00:00 2001 From: Manolis Ragkousis Date: Sat, 25 Apr 2015 18:18:53 +0300 Subject: gnu: acl: Fix i686-gnu build. * gnu/packages/patches/acl-hurd-path-max.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. --- gnu-system.am | 1 + 1 file changed, 1 insertion(+) (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index ab4308139d..6d0cb263c5 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -383,6 +383,7 @@ dist_patch_DATA = \ gnu/packages/patches/abiword-pass-no-undefined-to-linker.patch \ gnu/packages/patches/abiword-use-proper-png-api.patch \ gnu/packages/patches/abiword-wmf-version-lookup-fix.patch \ + gnu/packages/patches/acl-hurd-path-max.patch \ gnu/packages/patches/aegis-constness-error.patch \ gnu/packages/patches/aegis-perl-tempdir1.patch \ gnu/packages/patches/aegis-perl-tempdir2.patch \ -- cgit v1.2.3 From 21a8fe1bf520027f8e91be41985ea4c300eff554 Mon Sep 17 00:00:00 2001 From: Manolis Ragkousis Date: Sat, 27 Sep 2014 20:07:19 +0300 Subject: gnu: base: Add glibc-hurd and hurd-minimal. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/base.scm (glibc/hurd, glibc/hurd-headers): New variables. * gnu/packages/hurd.scm (hurd-minimal): New variable. * gnu/packages/patches/glibc-hurd-extern-inline.patch: New file. * gnu/packages/patches/libpthread-glibc-preparation.patch: New file. * gnu-system.am (dist_patch_DATA): Add them. Co-authored-by: Ludovic Courtès Co-authored-by: Mark H Weaver --- gnu-system.am | 1 + gnu/packages/base.scm | 110 ++++++++++++++++ gnu/packages/hurd.scm | 57 +++++++- .../patches/glibc-hurd-extern-inline.patch | 35 +++++ .../patches/libpthread-glibc-preparation.patch | 146 +++++++++++++++++++++ 5 files changed, 348 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/glibc-hurd-extern-inline.patch create mode 100644 gnu/packages/patches/libpthread-glibc-preparation.patch (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index 6d0cb263c5..974201b479 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -552,6 +552,7 @@ dist_patch_DATA = \ gnu/packages/patches/libwmf-CVE-2009-1364.patch \ gnu/packages/patches/libwmf-CVE-2015-0848+4588+4695+4696.patch \ gnu/packages/patches/lirc-localstatedir.patch \ + gnu/packages/patches/libpthread-glibc-preparation.patch \ gnu/packages/patches/lm-sensors-hwmon-attrs.patch \ gnu/packages/patches/lua-pkgconfig.patch \ gnu/packages/patches/lua51-liblua-so.patch \ diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index 00571a8318..f4efce224d 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -4,6 +4,7 @@ ;;; Copyright © 2012 Nikita Karetnikov ;;; Copyright © 2014, 2015 Mark H Weaver ;;; Copyright © 2014 Alex Kost +;;; Copyright © 2014, 2015 Manolis Fragkiskos Ragkousis ;;; ;;; This file is part of GNU Guix. ;;; @@ -33,11 +34,13 @@ #:use-module (gnu packages perl) #:use-module (gnu packages linux) #:use-module (gnu packages texinfo) + #:use-module (gnu packages hurd) #:use-module (gnu packages pkg-config) #:use-module (gnu packages gettext) #:use-module (guix utils) #:use-module (guix packages) #:use-module (guix download) + #:use-module (guix git-download) #:use-module (guix build-system gnu) #:use-module (guix build-system trivial)) @@ -706,6 +709,113 @@ variety of options. It is an alternative to the shell \"type\" built-in command.") (license gpl3+))) ; some files are under GPLv2+ +(define-public glibc/hurd + ;; The Hurd's libc variant. + (package (inherit glibc) + (name "glibc-hurd") + (version "2.18") + (source (origin + (method git-fetch) + (uri (git-reference + (url "git://git.sv.gnu.org/hurd/glibc") + (commit "cc94b3cfe65523f980359e5f0e93a26196bda1d3"))) + (sha256 + (base32 + "17gsh0kaz0zyvghjmx861mi2p65m9901lngi179x61zm6v2v3xc4")) + (file-name (string-append name "-" version)) + (patches (map search-patch + '("glibc-hurd-extern-inline.patch"))))) + + ;; Libc provides , which includes a bunch of Hurd and Mach headers, + ;; so both should be propagated. + (propagated-inputs `(("gnumach-headers" ,gnumach-headers) + ("hurd-headers" ,hurd-headers) + ("hurd-minimal" ,hurd-minimal))) + (native-inputs + `(,@(package-native-inputs glibc) + ("patch/libpthread-patch" ,(search-patch "libpthread-glibc-preparation.patch")) + ("mig" ,mig) + ("perl" ,perl) + ("libpthread" ,(origin + (method git-fetch) + (uri (git-reference + (url "git://git.sv.gnu.org/hurd/libpthread") + (commit "0ef7b75c4ba91b6660f0d3d8b51d14d25e3d5bfb"))) + (sha256 + (base32 + "031py18fls15z0wprni33mf762kg6fx8xqijppimhp83yp6ky3l3")) + (file-name "libpthread"))))) + + (arguments + (substitute-keyword-arguments (package-arguments glibc) + ((#:configure-flags original-configure-flags) + `(append (list "--host=i686-pc-gnu" + + ;; nscd fails to build for GNU/Hurd: + ;; . + ;; Disable it. + "--disable-nscd") + (filter (lambda (flag) + (not (or (string-prefix? "--with-headers=" flag) + (string-prefix? "--enable-kernel=" flag)))) + ;; Evaluate 'original-configure-flags' in a + ;; lexical environment that has a dummy + ;; "linux-headers" input, to prevent errors. + (let ((%build-inputs `(("linux-headers" . "@DUMMY@") + ,@%build-inputs))) + ,original-configure-flags)))) + ((#:phases phases) + `(alist-cons-after + 'unpack 'prepare-libpthread + (lambda* (#:key inputs #:allow-other-keys) + (copy-recursively (assoc-ref inputs "libpthread") "libpthread") + + (system* "patch" "--force" "-p1" "-i" + (assoc-ref inputs "patch/libpthread-patch")) + #t) + ,phases)))) + (synopsis "The GNU C Library (GNU Hurd variant)") + (supported-systems %hurd-systems))) + +(define-public glibc/hurd-headers + (package (inherit glibc/hurd) + (name "glibc-hurd-headers") + (outputs '("out")) + (propagated-inputs `(("gnumach-headers" ,gnumach-headers) + ("hurd-headers" ,hurd-headers))) + (arguments + (substitute-keyword-arguments (package-arguments glibc/hurd) + ;; We just pass the flags really needed to build the headers. + ((#:configure-flags _) + `(list "--enable-add-ons" + "--host=i686-pc-gnu" + "--enable-obsolete-rpc")) + ((#:phases _) + '(alist-replace + 'install + (lambda* (#:key outputs #:allow-other-keys) + (and (zero? (system* "make" "install-headers")) + + ;; Make an empty stubs.h to work around not being able to + ;; produce a valid stubs.h and causing the build to fail. See + ;; . + (let ((out (assoc-ref outputs "out"))) + (close-port + (open-output-file + (string-append out "/include/gnu/stubs.h")))))) + + ;; Nothing to build. + (alist-delete + 'build + + (alist-cons-before + 'configure 'pre-configure + (lambda _ + ;; Use the right 'pwd'. + (substitute* "configure" + (("/bin/pwd") "pwd"))) + %standard-phases)))))))) + (define-public tzdata (package (name "tzdata") diff --git a/gnu/packages/hurd.scm b/gnu/packages/hurd.scm index 660cd58c60..3867b4d7ec 100644 --- a/gnu/packages/hurd.scm +++ b/gnu/packages/hurd.scm @@ -20,11 +20,14 @@ #:use-module (guix licenses) #:use-module (guix download) #:use-module (guix packages) + #:use-module (gnu packages) #:use-module (guix build-system gnu) #:use-module (gnu packages flex) #:use-module (gnu packages bison) #:use-module (gnu packages perl) - #:use-module (gnu packages autotools)) + #:use-module (gnu packages autotools) + #:use-module (gnu packages base) + #:use-module (guix git-download)) (define-public gnumach-headers (package @@ -130,3 +133,55 @@ communication.") "This package provides C headers of the GNU Hurd, used to build the GNU C Library and other user programs.") (license gpl2+))) + +(define-public hurd-minimal + (package (inherit hurd-headers) + (name "hurd-minimal") + (inputs `(("glibc-hurd-headers" ,glibc/hurd-headers))) + (native-inputs + `(("autoconf" ,(autoconf-wrapper)) + ("mig" ,mig))) + + (arguments + `(#:phases (alist-replace + 'install + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + ;; We need to copy libihash.a to the output directory manually, + ;; since there is no target for that in the makefile. + (mkdir-p (string-append out "/include")) + (copy-file "libihash/ihash.h" + (string-append out "/include/ihash.h")) + (mkdir-p (string-append out "/lib")) + (copy-file "libihash/libihash.a" + (string-append out "/lib/libihash.a")) + #t)) + (alist-replace + 'build + (lambda _ + (zero? (system* "make" "-Clibihash" "libihash.a"))) + (alist-cons-before + 'configure 'bootstrap + (lambda _ + (zero? (system* "autoreconf" "-vfi"))) + %standard-phases))) + #:configure-flags '(;; Pretend we're on GNU/Hurd; 'configure' wants + ;; that. + "--host=i686-pc-gnu" + + ;; Reduce set of dependencies. + "--disable-ncursesw" + "--disable-test" + "--without-libbz2" + "--without-libz" + "--without-parted" + ;; Skip the clnt_create check because it expects + ;; a working glibc causing a circular dependency. + "ac_cv_search_clnt_create=no") + #:tests? #f)) + (home-page "http://www.gnu.org/software/hurd/hurd.html") + (synopsis "GNU Hurd libraries") + (description + "This package provides libihash, needed to build the GNU C +Library for GNU/Hurd.") + (license gpl2+))) diff --git a/gnu/packages/patches/glibc-hurd-extern-inline.patch b/gnu/packages/patches/glibc-hurd-extern-inline.patch new file mode 100644 index 0000000000..a609b1f54a --- /dev/null +++ b/gnu/packages/patches/glibc-hurd-extern-inline.patch @@ -0,0 +1,35 @@ +This changes the way _EXTERN_INLINE is defined so we can +avoid external definition errors. +https://lists.gnu.org/archive/html/bug-hurd/2014-04/msg00002.html + +diff --git a/signal/sigsetops.c b/signal/sigsetops.c +index 0317662..b92c296 100644 +--- a/signal/sigsetops.c ++++ b/signal/sigsetops.c +@@ -3,7 +3,9 @@ + + #include + +-#define _EXTERN_INLINE ++#ifndef _EXTERN_INLINE ++#define _EXTERN_INLINE __extern_inline ++#endif + #ifndef __USE_EXTERN_INLINES + # define __USE_EXTERN_INLINES 1 + #endif + +Link libmachuser and libhurduser automatically with libc, since they are +considered a standard part of the API in GNU-land. + +--- a/Makerules ++++ b/Makerules +@@ -978,6 +978,9 @@ + '$(libdir)/$(patsubst %,$(libtype.oS),$(libprefix)$(libc-name))'\ + ' AS_NEEDED (' $(rtlddir)/$(rtld-installed-name) ') )' \ + ) > $@.new ++ifeq ($(patsubst gnu%,,$(config-os)),) ++ echo 'INPUT ( AS_NEEDED ( -lmachuser -lhurduser ) )' >> $@.new ++endif + mv -f $@.new $@ + + endif \ No newline at end of file diff --git a/gnu/packages/patches/libpthread-glibc-preparation.patch b/gnu/packages/patches/libpthread-glibc-preparation.patch new file mode 100644 index 0000000000..a43245436c --- /dev/null +++ b/gnu/packages/patches/libpthread-glibc-preparation.patch @@ -0,0 +1,146 @@ +This patch helps to integrate the Hurd's libpthread as a libc add-on. + +It writes the configure file, removes an rpc call not yet +implemented on the version of gnumach we use and defines +a missing macro. + +diff --git a/libpthread/configure b/libpthread/configure +new file mode 100644 +index 0000000..2cdbc71 +--- /dev/null ++++ b/libpthread/configure +@@ -0,0 +1,2 @@ ++libc_add_on_canonical=libpthread ++libc_add_on_subdirs=. +-- +1.9.0 + +We are using a version of GNU Mach that lacks 'thread_terminate_release' +(not introduced yet). The 'thread_terminate' RPC call will be enough for +our needs. +See . + +diff --git a/libpthread/sysdeps/mach/pt-thread-terminate.c b/libpthread/sysdeps/mach/pt-thread-terminate.c +index 6672065..129a611 100644 +--- a/libpthread/sysdeps/mach/pt-thread-terminate.c ++++ b/libpthread/sysdeps/mach/pt-thread-terminate.c +@@ -70,9 +70,9 @@ __pthread_thread_terminate (struct __pthread *thread) + __mach_port_destroy (__mach_task_self (), wakeup_port); + + /* Terminate and release all that's left. */ +- err = __thread_terminate_release (kernel_thread, mach_task_self (), +- kernel_thread, reply_port, +- stackaddr, stacksize); ++ /* err = __thread_terminate_release (kernel_thread, mach_task_self (), */ ++ /* kernel_thread, reply_port, */ ++ /* stackaddr, stacksize); */ + + /* The kernel does not support it yet. Leak but at least terminate + correctly. */ +-- +1.9.2 + +The __PTHREAD_SPIN_LOCK_INITIALIZER definition is missing, so we +define it to __SPIN_LOCK_INITIALIZER which already exists. +See . + +diff --git a/libpthread/sysdeps/mach/bits/spin-lock.h b/libpthread/sysdeps/mach/bits/spin-lock.h +index 537dac9..fca0e5a 100644 +--- a/libpthread/sysdeps/mach/bits/spin-lock.h ++++ b/libpthread/sysdeps/mach/bits/spin-lock.h +@@ -30,7 +30,7 @@ typedef __spin_lock_t __pthread_spinlock_t; + + /* Initializer for a spin lock object. */ + #ifndef __PTHREAD_SPIN_LOCK_INITIALIZER +-#error __PTHREAD_SPIN_LOCK_INITIALIZER undefined: should be defined by . ++#define __PTHREAD_SPIN_LOCK_INITIALIZER __SPIN_LOCK_INITIALIZER + #endif + + __END_DECLS + +The version of the glibc we use doesn't include the shm-directory.c file and does +not yet support IS_IN. +See + +diff --git a/libpthread/Makefile b/libpthread/Makefile +index 2906788..b8dee58 100644 +--- a/libpthread/Makefile ++++ b/libpthread/Makefile +@@ -149,8 +149,6 @@ libpthread-routines := pt-attr pt-attr-destroy pt-attr-getdetachstate \ + sem-post sem-timedwait sem-trywait sem-unlink \ + sem-wait \ + \ +- shm-directory \ +- \ + cthreads-compat \ + $(SYSDEPS) + +-- +2.3.6 + +diff --git a/libpthread/pthread/pt-create.c b/libpthread/pthread/pt-create.c +index d88afae..84044dc 100644 +--- a/libpthread/pthread/pt-create.c ++++ b/libpthread/pthread/pt-create.c +@@ -28,7 +28,7 @@ + + #include + +-#if IS_IN (libpthread) ++#ifdef IS_IN_libpthread + # include + #endif + #ifdef HAVE_USELOCALE +@@ -50,7 +50,7 @@ entry_point (struct __pthread *self, void *(*start_routine)(void *), void *arg) + __resp = &self->res_state; + #endif + +-#if IS_IN (libpthread) ++#ifdef IS_IN_libpthread + /* Initialize pointers to locale data. */ + __ctype_init (); + #endif +diff --git a/libpthread/pthread/pt-initialize.c b/libpthread/pthread/pt-initialize.c +index 9e5404b..b9cacbd 100644 +--- a/libpthread/pthread/pt-initialize.c ++++ b/libpthread/pthread/pt-initialize.c +@@ -28,7 +28,7 @@ + + DEFINE_HOOK (__pthread_init, (void)); + +-#if IS_IN (libpthread) ++#ifdef IS_IN_libpthread + static const struct pthread_functions pthread_functions = + { + .ptr_pthread_attr_destroy = __pthread_attr_destroy, +@@ -81,7 +81,7 @@ static const struct pthread_functions pthread_functions = + void + ___pthread_init (void) + { +-#if IS_IN (libpthread) ++#ifdef IS_IN_libpthread + __libc_pthread_init(&pthread_functions); + #endif + RUN_HOOK (__pthread_init, ()); +diff --git a/libpthread/pthread/pt-internal.h b/libpthread/pthread/pt-internal.h +index 18b5b4c..8cdcfce 100644 +--- a/libpthread/pthread/pt-internal.h ++++ b/libpthread/pthread/pt-internal.h +@@ -35,7 +35,7 @@ + #include + #include + +-#if IS_IN (libpthread) ++#ifdef IS_IN_libpthread + # include + #endif + +@@ -60,7 +60,7 @@ enum pthread_state + # define PTHREAD_SYSDEP_MEMBERS + #endif + +-#if !(IS_IN (libpthread)) ++#ifndef IS_IN_libpthread + #ifdef ENABLE_TLS + /* Type of the TCB. */ + typedef struct -- cgit v1.2.3 From 45468e364987ba113fcef20e94d621b8dfc8f33f Mon Sep 17 00:00:00 2001 From: Andreas Enge Date: Fri, 4 Sep 2015 21:39:59 +0200 Subject: gnu: libtiff: Update to 4.0.5. * gnu/packages/patches/libtiff-CVE-2012-4564.patch, gnu/packages/patches/libtiff-CVE-2013-1960.patch, gnu/packages/patches/libtiff-CVE-2013-1961.patch, gnu/packages/patches/libtiff-CVE-2013-4231.patch, gnu/packages/patches/libtiff-CVE-2013-4232.patch, gnu/packages/patches/libtiff-CVE-2013-4243.patch, gnu/packages/patches/libtiff-CVE-2013-4244.patch, gnu/packages/patches/libtiff-CVE-2014-8127-pt1.patch, gnu/packages/patches/libtiff-CVE-2014-8127-pt2.patch, gnu/packages/patches/libtiff-CVE-2014-8127-pt3.patch, gnu/packages/patches/libtiff-CVE-2014-8127-pt4.patch, gnu/packages/patches/libtiff-CVE-2014-8128-pt1.patch, gnu/packages/patches/libtiff-CVE-2014-8128-pt2.patch, gnu/packages/patches/libtiff-CVE-2014-8128-pt3.patch, gnu/packages/patches/libtiff-CVE-2014-8128-pt4.patch, gnu/packages/patches/libtiff-CVE-2014-8128-pt5.patch, gnu/packages/patches/libtiff-CVE-2014-8129.patch, gnu/packages/patches/libtiff-CVE-2014-9330.patch, gnu/packages/patches/libtiff-CVE-2014-9655.patch: Delete files. * gnu-system.am (dist_patch_DATA): Unregister the patches. * gnu/packages/image.scm (libtiff): Update to 4.0.5 and drop the patches. --- gnu-system.am | 19 - gnu/packages/image.scm | 23 +- gnu/packages/patches/libtiff-CVE-2012-4564.patch | 33 - gnu/packages/patches/libtiff-CVE-2013-1960.patch | 148 ---- gnu/packages/patches/libtiff-CVE-2013-1961.patch | 770 --------------------- gnu/packages/patches/libtiff-CVE-2013-4231.patch | 19 - gnu/packages/patches/libtiff-CVE-2013-4232.patch | 20 - gnu/packages/patches/libtiff-CVE-2013-4243.patch | 39 -- gnu/packages/patches/libtiff-CVE-2013-4244.patch | 20 - .../patches/libtiff-CVE-2014-8127-pt1.patch | 30 - .../patches/libtiff-CVE-2014-8127-pt2.patch | 42 -- .../patches/libtiff-CVE-2014-8127-pt3.patch | 45 -- .../patches/libtiff-CVE-2014-8127-pt4.patch | 295 -------- .../patches/libtiff-CVE-2014-8128-pt1.patch | 32 - .../patches/libtiff-CVE-2014-8128-pt2.patch | 83 --- .../patches/libtiff-CVE-2014-8128-pt3.patch | 34 - .../patches/libtiff-CVE-2014-8128-pt4.patch | 77 --- .../patches/libtiff-CVE-2014-8128-pt5.patch | 16 - gnu/packages/patches/libtiff-CVE-2014-8129.patch | 45 -- gnu/packages/patches/libtiff-CVE-2014-9330.patch | 47 -- gnu/packages/patches/libtiff-CVE-2014-9655.patch | 88 --- 21 files changed, 2 insertions(+), 1923 deletions(-) delete mode 100644 gnu/packages/patches/libtiff-CVE-2012-4564.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2013-1960.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2013-1961.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2013-4231.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2013-4232.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2013-4243.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2013-4244.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2014-8127-pt1.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2014-8127-pt2.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2014-8127-pt3.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2014-8127-pt4.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2014-8128-pt1.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2014-8128-pt2.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2014-8128-pt3.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2014-8128-pt4.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2014-8128-pt5.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2014-8129.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2014-9330.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2014-9655.patch (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index 974201b479..72ec9fc666 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -527,25 +527,6 @@ dist_patch_DATA = \ gnu/packages/patches/libmad-frame-length.patch \ gnu/packages/patches/libmad-mips-newgcc.patch \ gnu/packages/patches/libtheora-config-guess.patch \ - gnu/packages/patches/libtiff-CVE-2012-4564.patch \ - gnu/packages/patches/libtiff-CVE-2013-1960.patch \ - gnu/packages/patches/libtiff-CVE-2013-1961.patch \ - gnu/packages/patches/libtiff-CVE-2013-4231.patch \ - gnu/packages/patches/libtiff-CVE-2013-4232.patch \ - gnu/packages/patches/libtiff-CVE-2013-4243.patch \ - gnu/packages/patches/libtiff-CVE-2013-4244.patch \ - gnu/packages/patches/libtiff-CVE-2014-8127-pt1.patch \ - gnu/packages/patches/libtiff-CVE-2014-8127-pt2.patch \ - gnu/packages/patches/libtiff-CVE-2014-8127-pt3.patch \ - gnu/packages/patches/libtiff-CVE-2014-8127-pt4.patch \ - gnu/packages/patches/libtiff-CVE-2014-8128-pt1.patch \ - gnu/packages/patches/libtiff-CVE-2014-8128-pt2.patch \ - gnu/packages/patches/libtiff-CVE-2014-8128-pt3.patch \ - gnu/packages/patches/libtiff-CVE-2014-8128-pt4.patch \ - gnu/packages/patches/libtiff-CVE-2014-8128-pt5.patch \ - gnu/packages/patches/libtiff-CVE-2014-8129.patch \ - gnu/packages/patches/libtiff-CVE-2014-9330.patch \ - gnu/packages/patches/libtiff-CVE-2014-9655.patch \ gnu/packages/patches/libtool-skip-tests2.patch \ gnu/packages/patches/libssh-CVE-2014-0017.patch \ gnu/packages/patches/libwmf-CVE-2006-3376.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 84f03967a7..d2de92586f 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -106,32 +106,13 @@ image files in PBMPLUS PPM/PGM, GIF, BMP, and Targa file formats.") (define-public libtiff (package (name "libtiff") - (version "4.0.3") + (version "4.0.5") (source (origin (method url-fetch) (uri (string-append "ftp://ftp.remotesensing.org/pub/libtiff/tiff-" version ".tar.gz")) (sha256 (base32 - "0wj8d1iwk9vnpax2h29xqc2hwknxg3s0ay2d5pxkg59ihbifn6pa")) - (patches (map search-patch '("libtiff-CVE-2012-4564.patch" - "libtiff-CVE-2013-1960.patch" - "libtiff-CVE-2013-1961.patch" - "libtiff-CVE-2013-4231.patch" - "libtiff-CVE-2013-4232.patch" - "libtiff-CVE-2013-4244.patch" - "libtiff-CVE-2013-4243.patch" - "libtiff-CVE-2014-9330.patch" - "libtiff-CVE-2014-8127-pt1.patch" - "libtiff-CVE-2014-8127-pt2.patch" - "libtiff-CVE-2014-8127-pt3.patch" - "libtiff-CVE-2014-8127-pt4.patch" - "libtiff-CVE-2014-8128-pt1.patch" - "libtiff-CVE-2014-8128-pt2.patch" - "libtiff-CVE-2014-8128-pt3.patch" - "libtiff-CVE-2014-8129.patch" - "libtiff-CVE-2014-9655.patch" - "libtiff-CVE-2014-8128-pt4.patch" - "libtiff-CVE-2014-8128-pt5.patch"))))) + "171hgy4mylwmvdm7gp6ffjva81m4j56v3fbqsbfl7avzxn1slpp2")))) (build-system gnu-build-system) (inputs `(("zlib" ,zlib) ("libjpeg-8" ,libjpeg-8))) diff --git a/gnu/packages/patches/libtiff-CVE-2012-4564.patch b/gnu/packages/patches/libtiff-CVE-2012-4564.patch deleted file mode 100644 index 472f9ca35f..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2012-4564.patch +++ /dev/null @@ -1,33 +0,0 @@ -Copied from Debian - -Index: tiff-4.0.3/tools/ppm2tiff.c -=================================================================== ---- tiff-4.0.3.orig/tools/ppm2tiff.c 2013-06-23 10:36:50.779629492 -0400 -+++ tiff-4.0.3/tools/ppm2tiff.c 2013-06-23 10:36:50.775629494 -0400 -@@ -89,6 +89,7 @@ - int c; - extern int optind; - extern char* optarg; -+ tmsize_t scanline_size; - - if (argc < 2) { - fprintf(stderr, "%s: Too few arguments\n", argv[0]); -@@ -237,8 +238,16 @@ - } - if (TIFFScanlineSize(out) > linebytes) - buf = (unsigned char *)_TIFFmalloc(linebytes); -- else -- buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out)); -+ else { -+ scanline_size = TIFFScanlineSize(out); -+ if (scanline_size != 0) -+ buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out)); -+ else { -+ fprintf(stderr, "%s: scanline size overflow\n",infile); -+ (void) TIFFClose(out); -+ exit(-2); -+ } -+ } - if (resolution > 0) { - TIFFSetField(out, TIFFTAG_XRESOLUTION, resolution); - TIFFSetField(out, TIFFTAG_YRESOLUTION, resolution); diff --git a/gnu/packages/patches/libtiff-CVE-2013-1960.patch b/gnu/packages/patches/libtiff-CVE-2013-1960.patch deleted file mode 100644 index 341063f25d..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2013-1960.patch +++ /dev/null @@ -1,148 +0,0 @@ -Copied from Debian - -Index: tiff-4.0.3/tools/tiff2pdf.c -=================================================================== ---- tiff-4.0.3.orig/tools/tiff2pdf.c 2013-06-23 10:36:50.979629486 -0400 -+++ tiff-4.0.3/tools/tiff2pdf.c 2013-06-23 10:36:50.975629486 -0400 -@@ -3341,33 +3341,56 @@ - uint32 height){ - - tsize_t i=0; -- uint16 ri =0; -- uint16 v_samp=1; -- uint16 h_samp=1; -- int j=0; -- -- i++; -- -- while(i<(*striplength)){ -+ -+ while (i < *striplength) { -+ tsize_t datalen; -+ uint16 ri; -+ uint16 v_samp; -+ uint16 h_samp; -+ int j; -+ int ncomp; -+ -+ /* marker header: one or more FFs */ -+ if (strip[i] != 0xff) -+ return(0); -+ i++; -+ while (i < *striplength && strip[i] == 0xff) -+ i++; -+ if (i >= *striplength) -+ return(0); -+ /* SOI is the only pre-SOS marker without a length word */ -+ if (strip[i] == 0xd8) -+ datalen = 0; -+ else { -+ if ((*striplength - i) <= 2) -+ return(0); -+ datalen = (strip[i+1] << 8) | strip[i+2]; -+ if (datalen < 2 || datalen >= (*striplength - i)) -+ return(0); -+ } - switch( strip[i] ){ -- case 0xd8: -- /* SOI - start of image */ -+ case 0xd8: /* SOI - start of image */ - _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), 2); - *bufferoffset+=2; -- i+=2; - break; -- case 0xc0: -- case 0xc1: -- case 0xc3: -- case 0xc9: -- case 0xca: -+ case 0xc0: /* SOF0 */ -+ case 0xc1: /* SOF1 */ -+ case 0xc3: /* SOF3 */ -+ case 0xc9: /* SOF9 */ -+ case 0xca: /* SOF10 */ - if(no==0){ -- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2); -- for(j=0;j>4) > h_samp) -- h_samp = (buffer[*bufferoffset+11+(2*j)]>>4); -- if( (buffer[*bufferoffset+11+(2*j)] & 0x0f) > v_samp) -- v_samp = (buffer[*bufferoffset+11+(2*j)] & 0x0f); -+ _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2); -+ ncomp = buffer[*bufferoffset+9]; -+ if (ncomp < 1 || ncomp > 4) -+ return(0); -+ v_samp=1; -+ h_samp=1; -+ for(j=0;j>4) > h_samp) -+ h_samp = (samp>>4); -+ if( (samp & 0x0f) > v_samp) -+ v_samp = (samp & 0x0f); - } - v_samp*=8; - h_samp*=8; -@@ -3381,45 +3404,43 @@ - (unsigned char) ((height>>8) & 0xff); - buffer[*bufferoffset+6]= - (unsigned char) (height & 0xff); -- *bufferoffset+=strip[i+2]+2; -- i+=strip[i+2]+2; -- -+ *bufferoffset+=datalen+2; -+ /* insert a DRI marker */ - buffer[(*bufferoffset)++]=0xff; - buffer[(*bufferoffset)++]=0xdd; - buffer[(*bufferoffset)++]=0x00; - buffer[(*bufferoffset)++]=0x04; - buffer[(*bufferoffset)++]=(ri >> 8) & 0xff; - buffer[(*bufferoffset)++]= ri & 0xff; -- } else { -- i+=strip[i+2]+2; - } - break; -- case 0xc4: -- case 0xdb: -- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2); -- *bufferoffset+=strip[i+2]+2; -- i+=strip[i+2]+2; -+ case 0xc4: /* DHT */ -+ case 0xdb: /* DQT */ -+ _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2); -+ *bufferoffset+=datalen+2; - break; -- case 0xda: -+ case 0xda: /* SOS */ - if(no==0){ -- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2); -- *bufferoffset+=strip[i+2]+2; -- i+=strip[i+2]+2; -+ _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2); -+ *bufferoffset+=datalen+2; - } else { - buffer[(*bufferoffset)++]=0xff; - buffer[(*bufferoffset)++]= - (unsigned char)(0xd0 | ((no-1)%8)); -- i+=strip[i+2]+2; - } -- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), (*striplength)-i-1); -- *bufferoffset+=(*striplength)-i-1; -+ i += datalen + 1; -+ /* copy remainder of strip */ -+ _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i]), *striplength - i); -+ *bufferoffset+= *striplength - i; - return(1); - default: -- i+=strip[i+2]+2; -+ /* ignore any other marker */ -+ break; - } -+ i += datalen + 1; - } -- - -+ /* failed to find SOS marker */ - return(0); - } - #endif diff --git a/gnu/packages/patches/libtiff-CVE-2013-1961.patch b/gnu/packages/patches/libtiff-CVE-2013-1961.patch deleted file mode 100644 index 9c2481ce83..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2013-1961.patch +++ /dev/null @@ -1,770 +0,0 @@ -Copied from Debian - -Index: tiff-4.0.3/contrib/dbs/xtiff/xtiff.c -=================================================================== ---- tiff-4.0.3.orig/contrib/dbs/xtiff/xtiff.c 2013-06-23 10:36:51.163629483 -0400 -+++ tiff-4.0.3/contrib/dbs/xtiff/xtiff.c 2013-06-23 10:36:51.147629484 -0400 -@@ -512,9 +512,9 @@ - Arg args[1]; - - if (tfMultiPage) -- sprintf(buffer, "%s - page %d", fileName, tfDirectory); -+ snprintf(buffer, sizeof(buffer), "%s - page %d", fileName, tfDirectory); - else -- strcpy(buffer, fileName); -+ snprintf(buffer, sizeof(buffer), "%s", fileName); - XtSetArg(args[0], XtNlabel, buffer); - XtSetValues(labelWidget, args, 1); - } -Index: tiff-4.0.3/libtiff/tif_dirinfo.c -=================================================================== ---- tiff-4.0.3.orig/libtiff/tif_dirinfo.c 2013-06-23 10:36:51.163629483 -0400 -+++ tiff-4.0.3/libtiff/tif_dirinfo.c 2013-06-23 10:36:51.147629484 -0400 -@@ -711,7 +711,7 @@ - * note that this name is a special sign to TIFFClose() and - * _TIFFSetupFields() to free the field - */ -- sprintf(fld->field_name, "Tag %d", (int) tag); -+ snprintf(fld->field_name, 32, "Tag %d", (int) tag); - - return fld; - } -Index: tiff-4.0.3/libtiff/tif_codec.c -=================================================================== ---- tiff-4.0.3.orig/libtiff/tif_codec.c 2013-06-23 10:36:51.163629483 -0400 -+++ tiff-4.0.3/libtiff/tif_codec.c 2013-06-23 10:36:51.151629482 -0400 -@@ -108,7 +108,8 @@ - const TIFFCodec* c = TIFFFindCODEC(tif->tif_dir.td_compression); - char compression_code[20]; - -- sprintf( compression_code, "%d", tif->tif_dir.td_compression ); -+ snprintf(compression_code, sizeof(compression_code), "%d", -+ tif->tif_dir.td_compression ); - TIFFErrorExt(tif->tif_clientdata, tif->tif_name, - "%s compression support is not configured", - c ? c->name : compression_code ); -Index: tiff-4.0.3/tools/tiffdither.c -=================================================================== ---- tiff-4.0.3.orig/tools/tiffdither.c 2013-06-23 10:36:51.163629483 -0400 -+++ tiff-4.0.3/tools/tiffdither.c 2013-06-23 10:36:51.151629482 -0400 -@@ -260,7 +260,7 @@ - TIFFSetField(out, TIFFTAG_FILLORDER, fillorder); - else - CopyField(TIFFTAG_FILLORDER, shortv); -- sprintf(thing, "Dithered B&W version of %s", argv[optind]); -+ snprintf(thing, sizeof(thing), "Dithered B&W version of %s", argv[optind]); - TIFFSetField(out, TIFFTAG_IMAGEDESCRIPTION, thing); - CopyField(TIFFTAG_PHOTOMETRIC, shortv); - CopyField(TIFFTAG_ORIENTATION, shortv); -Index: tiff-4.0.3/tools/rgb2ycbcr.c -=================================================================== ---- tiff-4.0.3.orig/tools/rgb2ycbcr.c 2013-06-23 10:36:51.163629483 -0400 -+++ tiff-4.0.3/tools/rgb2ycbcr.c 2013-06-23 10:36:51.151629482 -0400 -@@ -332,7 +332,8 @@ - TIFFSetField(out, TIFFTAG_PLANARCONFIG, PLANARCONFIG_CONTIG); - { char buf[2048]; - char *cp = strrchr(TIFFFileName(in), '/'); -- sprintf(buf, "YCbCr conversion of %s", cp ? cp+1 : TIFFFileName(in)); -+ snprintf(buf, sizeof(buf), "YCbCr conversion of %s", -+ cp ? cp+1 : TIFFFileName(in)); - TIFFSetField(out, TIFFTAG_IMAGEDESCRIPTION, buf); - } - TIFFSetField(out, TIFFTAG_SOFTWARE, TIFFGetVersion()); -Index: tiff-4.0.3/tools/tiff2pdf.c -=================================================================== ---- tiff-4.0.3.orig/tools/tiff2pdf.c 2013-06-23 10:36:51.163629483 -0400 -+++ tiff-4.0.3/tools/tiff2pdf.c 2013-06-23 10:36:51.151629482 -0400 -@@ -3630,7 +3630,9 @@ - char buffer[16]; - int buflen=0; - -- buflen=sprintf(buffer, "%%PDF-%u.%u ", t2p->pdf_majorversion&0xff, t2p->pdf_minorversion&0xff); -+ buflen = snprintf(buffer, sizeof(buffer), "%%PDF-%u.%u ", -+ t2p->pdf_majorversion&0xff, -+ t2p->pdf_minorversion&0xff); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t)"\n%\342\343\317\323\n", 7); - -@@ -3644,10 +3646,10 @@ - tsize_t t2p_write_pdf_obj_start(uint32 number, TIFF* output){ - - tsize_t written=0; -- char buffer[16]; -+ char buffer[32]; - int buflen=0; - -- buflen=sprintf(buffer, "%lu", (unsigned long)number); -+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)number); - written += t2pWriteFile(output, (tdata_t) buffer, buflen ); - written += t2pWriteFile(output, (tdata_t) " 0 obj\n", 7); - -@@ -3686,13 +3688,13 @@ - written += t2pWriteFile(output, (tdata_t) "/", 1); - for (i=0;i 0x7E){ -- sprintf(buffer, "#%.2X", name[i]); -+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); - buffer[sizeof(buffer) - 1] = '\0'; - written += t2pWriteFile(output, (tdata_t) buffer, 3); - nextchar=1; -@@ -3700,57 +3702,57 @@ - if (nextchar==0){ - switch (name[i]){ - case 0x23: -- sprintf(buffer, "#%.2X", name[i]); -+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); - buffer[sizeof(buffer) - 1] = '\0'; - written += t2pWriteFile(output, (tdata_t) buffer, 3); - break; - case 0x25: -- sprintf(buffer, "#%.2X", name[i]); -+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); - buffer[sizeof(buffer) - 1] = '\0'; - written += t2pWriteFile(output, (tdata_t) buffer, 3); - break; - case 0x28: -- sprintf(buffer, "#%.2X", name[i]); -+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); - buffer[sizeof(buffer) - 1] = '\0'; - written += t2pWriteFile(output, (tdata_t) buffer, 3); - break; - case 0x29: -- sprintf(buffer, "#%.2X", name[i]); -+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); - buffer[sizeof(buffer) - 1] = '\0'; - written += t2pWriteFile(output, (tdata_t) buffer, 3); - break; - case 0x2F: -- sprintf(buffer, "#%.2X", name[i]); -+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); - buffer[sizeof(buffer) - 1] = '\0'; - written += t2pWriteFile(output, (tdata_t) buffer, 3); - break; - case 0x3C: -- sprintf(buffer, "#%.2X", name[i]); -+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); - buffer[sizeof(buffer) - 1] = '\0'; - written += t2pWriteFile(output, (tdata_t) buffer, 3); - break; - case 0x3E: -- sprintf(buffer, "#%.2X", name[i]); -+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); - buffer[sizeof(buffer) - 1] = '\0'; - written += t2pWriteFile(output, (tdata_t) buffer, 3); - break; - case 0x5B: -- sprintf(buffer, "#%.2X", name[i]); -+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); - buffer[sizeof(buffer) - 1] = '\0'; - written += t2pWriteFile(output, (tdata_t) buffer, 3); - break; - case 0x5D: -- sprintf(buffer, "#%.2X", name[i]); -+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); - buffer[sizeof(buffer) - 1] = '\0'; - written += t2pWriteFile(output, (tdata_t) buffer, 3); - break; - case 0x7B: -- sprintf(buffer, "#%.2X", name[i]); -+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); - buffer[sizeof(buffer) - 1] = '\0'; - written += t2pWriteFile(output, (tdata_t) buffer, 3); - break; - case 0x7D: -- sprintf(buffer, "#%.2X", name[i]); -+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); - buffer[sizeof(buffer) - 1] = '\0'; - written += t2pWriteFile(output, (tdata_t) buffer, 3); - break; -@@ -3865,14 +3867,14 @@ - tsize_t t2p_write_pdf_stream_dict(tsize_t len, uint32 number, TIFF* output){ - - tsize_t written=0; -- char buffer[16]; -+ char buffer[32]; - int buflen=0; - - written += t2pWriteFile(output, (tdata_t) "/Length ", 8); - if(len!=0){ - written += t2p_write_pdf_stream_length(len, output); - } else { -- buflen=sprintf(buffer, "%lu", (unsigned long)number); -+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)number); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) " 0 R \n", 6); - } -@@ -3913,10 +3915,10 @@ - tsize_t t2p_write_pdf_stream_length(tsize_t len, TIFF* output){ - - tsize_t written=0; -- char buffer[16]; -+ char buffer[32]; - int buflen=0; - -- buflen=sprintf(buffer, "%lu", (unsigned long)len); -+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)len); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) "\n", 1); - -@@ -3930,7 +3932,7 @@ - tsize_t t2p_write_pdf_catalog(T2P* t2p, TIFF* output) - { - tsize_t written = 0; -- char buffer[16]; -+ char buffer[32]; - int buflen = 0; - - written += t2pWriteFile(output, -@@ -3969,7 +3971,6 @@ - written += t2p_write_pdf_string(t2p->pdf_datetime, output); - } - written += t2pWriteFile(output, (tdata_t) "\n/Producer ", 11); -- _TIFFmemset((tdata_t)buffer, 0x00, sizeof(buffer)); - snprintf(buffer, sizeof(buffer), "libtiff / tiff2pdf - %d", TIFFLIB_VERSION); - written += t2p_write_pdf_string(buffer, output); - written += t2pWriteFile(output, (tdata_t) "\n", 1); -@@ -4110,7 +4111,7 @@ - { - tsize_t written=0; - tdir_t i=0; -- char buffer[16]; -+ char buffer[32]; - int buflen=0; - - int page=0; -@@ -4118,7 +4119,7 @@ - (tdata_t) "<< \n/Type /Pages \n/Kids [ ", 26); - page = t2p->pdf_pages+1; - for (i=0;itiff_pagecount;i++){ -- buflen=sprintf(buffer, "%d", page); -+ buflen=snprintf(buffer, sizeof(buffer), "%d", page); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) " 0 R ", 5); - if ( ((i+1)%8)==0 ) { -@@ -4133,8 +4134,7 @@ - } - } - written += t2pWriteFile(output, (tdata_t) "] \n/Count ", 10); -- _TIFFmemset(buffer, 0x00, 16); -- buflen=sprintf(buffer, "%d", t2p->tiff_pagecount); -+ buflen=snprintf(buffer, sizeof(buffer), "%d", t2p->tiff_pagecount); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) " \n>> \n", 6); - -@@ -4149,28 +4149,28 @@ - - unsigned int i=0; - tsize_t written=0; -- char buffer[16]; -+ char buffer[256]; - int buflen=0; - - written += t2pWriteFile(output, (tdata_t) "<<\n/Type /Page \n/Parent ", 24); -- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_pages); -+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_pages); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) " 0 R \n", 6); - written += t2pWriteFile(output, (tdata_t) "/MediaBox [", 11); -- buflen=sprintf(buffer, "%.4f",t2p->pdf_mediabox.x1); -+ buflen=snprintf(buffer, sizeof(buffer), "%.4f",t2p->pdf_mediabox.x1); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) " ", 1); -- buflen=sprintf(buffer, "%.4f",t2p->pdf_mediabox.y1); -+ buflen=snprintf(buffer, sizeof(buffer), "%.4f",t2p->pdf_mediabox.y1); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) " ", 1); -- buflen=sprintf(buffer, "%.4f",t2p->pdf_mediabox.x2); -+ buflen=snprintf(buffer, sizeof(buffer), "%.4f",t2p->pdf_mediabox.x2); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) " ", 1); -- buflen=sprintf(buffer, "%.4f",t2p->pdf_mediabox.y2); -+ buflen=snprintf(buffer, sizeof(buffer), "%.4f",t2p->pdf_mediabox.y2); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) "] \n", 3); - written += t2pWriteFile(output, (tdata_t) "/Contents ", 10); -- buflen=sprintf(buffer, "%lu", (unsigned long)(object + 1)); -+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)(object + 1)); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) " 0 R \n", 6); - written += t2pWriteFile(output, (tdata_t) "/Resources << \n", 15); -@@ -4178,15 +4178,13 @@ - written += t2pWriteFile(output, (tdata_t) "/XObject <<\n", 12); - for(i=0;itiff_tiles[t2p->pdf_page].tiles_tilecount;i++){ - written += t2pWriteFile(output, (tdata_t) "/Im", 3); -- buflen = sprintf(buffer, "%u", t2p->pdf_page+1); -+ buflen = snprintf(buffer, sizeof(buffer), "%u", t2p->pdf_page+1); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) "_", 1); -- buflen = sprintf(buffer, "%u", i+1); -+ buflen = snprintf(buffer, sizeof(buffer), "%u", i+1); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) " ", 1); -- buflen = sprintf( -- buffer, -- "%lu", -+ buflen = snprintf(buffer, sizeof(buffer), "%lu", - (unsigned long)(object+3+(2*i)+t2p->tiff_pages[t2p->pdf_page].page_extra)); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) " 0 R ", 5); -@@ -4198,12 +4196,10 @@ - } else { - written += t2pWriteFile(output, (tdata_t) "/XObject <<\n", 12); - written += t2pWriteFile(output, (tdata_t) "/Im", 3); -- buflen = sprintf(buffer, "%u", t2p->pdf_page+1); -+ buflen = snprintf(buffer, sizeof(buffer), "%u", t2p->pdf_page+1); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) " ", 1); -- buflen = sprintf( -- buffer, -- "%lu", -+ buflen = snprintf(buffer, sizeof(buffer), "%lu", - (unsigned long)(object+3+(2*i)+t2p->tiff_pages[t2p->pdf_page].page_extra)); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) " 0 R ", 5); -@@ -4212,9 +4208,7 @@ - if(t2p->tiff_transferfunctioncount != 0) { - written += t2pWriteFile(output, (tdata_t) "/ExtGState <<", 13); - t2pWriteFile(output, (tdata_t) "/GS1 ", 5); -- buflen = sprintf( -- buffer, -- "%lu", -+ buflen = snprintf(buffer, sizeof(buffer), "%lu", - (unsigned long)(object + 3)); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) " 0 R ", 5); -@@ -4587,7 +4581,7 @@ - if(t2p->tiff_tiles[t2p->pdf_page].tiles_tilecount>0){ - for(i=0;itiff_tiles[t2p->pdf_page].tiles_tilecount; i++){ - box=t2p->tiff_tiles[t2p->pdf_page].tiles_tiles[i].tile_box; -- buflen=sprintf(buffer, -+ buflen=snprintf(buffer, sizeof(buffer), - "q %s %.4f %.4f %.4f %.4f %.4f %.4f cm /Im%d_%ld Do Q\n", - t2p->tiff_transferfunctioncount?"/GS1 gs ":"", - box.mat[0], -@@ -4602,7 +4596,7 @@ - } - } else { - box=t2p->pdf_imagebox; -- buflen=sprintf(buffer, -+ buflen=snprintf(buffer, sizeof(buffer), - "q %s %.4f %.4f %.4f %.4f %.4f %.4f cm /Im%d Do Q\n", - t2p->tiff_transferfunctioncount?"/GS1 gs ":"", - box.mat[0], -@@ -4627,59 +4621,48 @@ - TIFF* output){ - - tsize_t written=0; -- char buffer[16]; -+ char buffer[32]; - int buflen=0; - - written += t2p_write_pdf_stream_dict(0, t2p->pdf_xrefcount+1, output); - written += t2pWriteFile(output, - (tdata_t) "/Type /XObject \n/Subtype /Image \n/Name /Im", - 42); -- buflen=sprintf(buffer, "%u", t2p->pdf_page+1); -+ buflen=snprintf(buffer, sizeof(buffer), "%u", t2p->pdf_page+1); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - if(tile != 0){ - written += t2pWriteFile(output, (tdata_t) "_", 1); -- buflen=sprintf(buffer, "%lu", (unsigned long)tile); -+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)tile); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - } - written += t2pWriteFile(output, (tdata_t) "\n/Width ", 8); -- _TIFFmemset((tdata_t)buffer, 0x00, 16); - if(tile==0){ -- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->tiff_width); -+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->tiff_width); - } else { - if(t2p_tile_is_right_edge(t2p->tiff_tiles[t2p->pdf_page], tile-1)!=0){ -- buflen=sprintf( -- buffer, -- "%lu", -+ buflen=snprintf(buffer, sizeof(buffer), "%lu", - (unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_edgetilewidth); - } else { -- buflen=sprintf( -- buffer, -- "%lu", -+ buflen=snprintf(buffer, sizeof(buffer), "%lu", - (unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_tilewidth); - } - } - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) "\n/Height ", 9); -- _TIFFmemset((tdata_t)buffer, 0x00, 16); - if(tile==0){ -- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->tiff_length); -+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->tiff_length); - } else { - if(t2p_tile_is_bottom_edge(t2p->tiff_tiles[t2p->pdf_page], tile-1)!=0){ -- buflen=sprintf( -- buffer, -- "%lu", -+ buflen=snprintf(buffer, sizeof(buffer), "%lu", - (unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_edgetilelength); - } else { -- buflen=sprintf( -- buffer, -- "%lu", -+ buflen=snprintf(buffer, sizeof(buffer), "%lu", - (unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_tilelength); - } - } - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) "\n/BitsPerComponent ", 19); -- _TIFFmemset((tdata_t)buffer, 0x00, 16); -- buflen=sprintf(buffer, "%u", t2p->tiff_bitspersample); -+ buflen=snprintf(buffer, sizeof(buffer), "%u", t2p->tiff_bitspersample); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) "\n/ColorSpace ", 13); - written += t2p_write_pdf_xobject_cs(t2p, output); -@@ -4723,11 +4706,10 @@ - t2p->pdf_colorspace ^= T2P_CS_PALETTE; - written += t2p_write_pdf_xobject_cs(t2p, output); - t2p->pdf_colorspace |= T2P_CS_PALETTE; -- buflen=sprintf(buffer, "%u", (0x0001 << t2p->tiff_bitspersample)-1 ); -+ buflen=snprintf(buffer, sizeof(buffer), "%u", (0x0001 << t2p->tiff_bitspersample)-1 ); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) " ", 1); -- _TIFFmemset(buffer, 0x00, 16); -- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_palettecs ); -+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_palettecs ); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) " 0 R ]\n", 7); - return(written); -@@ -4761,10 +4743,10 @@ - X_W /= Y_W; - Z_W /= Y_W; - Y_W = 1.0F; -- buflen=sprintf(buffer, "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W); -+ buflen=snprintf(buffer, sizeof(buffer), "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) "/Range ", 7); -- buflen=sprintf(buffer, "[%d %d %d %d] \n", -+ buflen=snprintf(buffer, sizeof(buffer), "[%d %d %d %d] \n", - t2p->pdf_labrange[0], - t2p->pdf_labrange[1], - t2p->pdf_labrange[2], -@@ -4780,26 +4762,26 @@ - tsize_t t2p_write_pdf_transfer(T2P* t2p, TIFF* output){ - - tsize_t written=0; -- char buffer[16]; -+ char buffer[32]; - int buflen=0; - - written += t2pWriteFile(output, (tdata_t) "<< /Type /ExtGState \n/TR ", 25); - if(t2p->tiff_transferfunctioncount == 1){ -- buflen=sprintf(buffer, "%lu", -+ buflen=snprintf(buffer, sizeof(buffer), "%lu", - (unsigned long)(t2p->pdf_xrefcount + 1)); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) " 0 R ", 5); - } else { - written += t2pWriteFile(output, (tdata_t) "[ ", 2); -- buflen=sprintf(buffer, "%lu", -+ buflen=snprintf(buffer, sizeof(buffer), "%lu", - (unsigned long)(t2p->pdf_xrefcount + 1)); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) " 0 R ", 5); -- buflen=sprintf(buffer, "%lu", -+ buflen=snprintf(buffer, sizeof(buffer), "%lu", - (unsigned long)(t2p->pdf_xrefcount + 2)); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) " 0 R ", 5); -- buflen=sprintf(buffer, "%lu", -+ buflen=snprintf(buffer, sizeof(buffer), "%lu", - (unsigned long)(t2p->pdf_xrefcount + 3)); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) " 0 R ", 5); -@@ -4821,7 +4803,7 @@ - written += t2pWriteFile(output, (tdata_t) "/FunctionType 0 \n", 17); - written += t2pWriteFile(output, (tdata_t) "/Domain [0.0 1.0] \n", 19); - written += t2pWriteFile(output, (tdata_t) "/Range [0.0 1.0] \n", 18); -- buflen=sprintf(buffer, "/Size [%u] \n", (1<tiff_bitspersample)); -+ buflen=snprintf(buffer, sizeof(buffer), "/Size [%u] \n", (1<tiff_bitspersample)); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) "/BitsPerSample 16 \n", 19); - written += t2p_write_pdf_stream_dict(((tsize_t)1)<<(t2p->tiff_bitspersample+1), 0, output); -@@ -4848,7 +4830,7 @@ - tsize_t t2p_write_pdf_xobject_calcs(T2P* t2p, TIFF* output){ - - tsize_t written=0; -- char buffer[128]; -+ char buffer[256]; - int buflen=0; - - float X_W=0.0; -@@ -4916,16 +4898,16 @@ - written += t2pWriteFile(output, (tdata_t) "<< \n", 4); - if(t2p->pdf_colorspace & T2P_CS_CALGRAY){ - written += t2pWriteFile(output, (tdata_t) "/WhitePoint ", 12); -- buflen=sprintf(buffer, "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W); -+ buflen=snprintf(buffer, sizeof(buffer), "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) "/Gamma 2.2 \n", 12); - } - if(t2p->pdf_colorspace & T2P_CS_CALRGB){ - written += t2pWriteFile(output, (tdata_t) "/WhitePoint ", 12); -- buflen=sprintf(buffer, "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W); -+ buflen=snprintf(buffer, sizeof(buffer), "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) "/Matrix ", 8); -- buflen=sprintf(buffer, "[%.4f %.4f %.4f %.4f %.4f %.4f %.4f %.4f %.4f] \n", -+ buflen=snprintf(buffer, sizeof(buffer), "[%.4f %.4f %.4f %.4f %.4f %.4f %.4f %.4f %.4f] \n", - X_R, Y_R, Z_R, - X_G, Y_G, Z_G, - X_B, Y_B, Z_B); -@@ -4944,11 +4926,11 @@ - tsize_t t2p_write_pdf_xobject_icccs(T2P* t2p, TIFF* output){ - - tsize_t written=0; -- char buffer[16]; -+ char buffer[32]; - int buflen=0; - - written += t2pWriteFile(output, (tdata_t) "[/ICCBased ", 11); -- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_icccs); -+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_icccs); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) " 0 R] \n", 7); - -@@ -4958,11 +4940,11 @@ - tsize_t t2p_write_pdf_xobject_icccs_dict(T2P* t2p, TIFF* output){ - - tsize_t written=0; -- char buffer[16]; -+ char buffer[32]; - int buflen=0; - - written += t2pWriteFile(output, (tdata_t) "/N ", 3); -- buflen=sprintf(buffer, "%u \n", t2p->tiff_samplesperpixel); -+ buflen=snprintf(buffer, sizeof(buffer), "%u \n", t2p->tiff_samplesperpixel); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) "/Alternate ", 11); - t2p->pdf_colorspace ^= T2P_CS_ICCBASED; -@@ -5027,7 +5009,7 @@ - tsize_t t2p_write_pdf_xobject_stream_filter(ttile_t tile, T2P* t2p, TIFF* output){ - - tsize_t written=0; -- char buffer[16]; -+ char buffer[32]; - int buflen=0; - - if(t2p->pdf_compression==T2P_COMPRESS_NONE){ -@@ -5042,41 +5024,33 @@ - written += t2pWriteFile(output, (tdata_t) "<< /K -1 ", 9); - if(tile==0){ - written += t2pWriteFile(output, (tdata_t) "/Columns ", 9); -- buflen=sprintf(buffer, "%lu", -+ buflen=snprintf(buffer, sizeof(buffer), "%lu", - (unsigned long)t2p->tiff_width); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) " /Rows ", 7); -- buflen=sprintf(buffer, "%lu", -+ buflen=snprintf(buffer, sizeof(buffer), "%lu", - (unsigned long)t2p->tiff_length); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - } else { - if(t2p_tile_is_right_edge(t2p->tiff_tiles[t2p->pdf_page], tile-1)==0){ - written += t2pWriteFile(output, (tdata_t) "/Columns ", 9); -- buflen=sprintf( -- buffer, -- "%lu", -+ buflen=snprintf(buffer, sizeof(buffer), "%lu", - (unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_tilewidth); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - } else { - written += t2pWriteFile(output, (tdata_t) "/Columns ", 9); -- buflen=sprintf( -- buffer, -- "%lu", -+ buflen=snprintf(buffer, sizeof(buffer), "%lu", - (unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_edgetilewidth); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - } - if(t2p_tile_is_bottom_edge(t2p->tiff_tiles[t2p->pdf_page], tile-1)==0){ - written += t2pWriteFile(output, (tdata_t) " /Rows ", 7); -- buflen=sprintf( -- buffer, -- "%lu", -+ buflen=snprintf(buffer, sizeof(buffer), "%lu", - (unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_tilelength); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - } else { - written += t2pWriteFile(output, (tdata_t) " /Rows ", 7); -- buflen=sprintf( -- buffer, -- "%lu", -+ buflen=snprintf(buffer, sizeof(buffer), "%lu", - (unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_edgetilelength); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - } -@@ -5103,21 +5077,17 @@ - if(t2p->pdf_compressionquality%100){ - written += t2pWriteFile(output, (tdata_t) "/DecodeParms ", 13); - written += t2pWriteFile(output, (tdata_t) "<< /Predictor ", 14); -- _TIFFmemset(buffer, 0x00, 16); -- buflen=sprintf(buffer, "%u", t2p->pdf_compressionquality%100); -+ buflen=snprintf(buffer, sizeof(buffer), "%u", t2p->pdf_compressionquality%100); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) " /Columns ", 10); -- _TIFFmemset(buffer, 0x00, 16); -- buflen = sprintf(buffer, "%lu", -+ buflen = snprintf(buffer, sizeof(buffer), "%lu", - (unsigned long)t2p->tiff_width); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) " /Colors ", 9); -- _TIFFmemset(buffer, 0x00, 16); -- buflen=sprintf(buffer, "%u", t2p->tiff_samplesperpixel); -+ buflen=snprintf(buffer, sizeof(buffer), "%u", t2p->tiff_samplesperpixel); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) " /BitsPerComponent ", 19); -- _TIFFmemset(buffer, 0x00, 16); -- buflen=sprintf(buffer, "%u", t2p->tiff_bitspersample); -+ buflen=snprintf(buffer, sizeof(buffer), "%u", t2p->tiff_bitspersample); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) ">>\n", 3); - } -@@ -5137,16 +5107,16 @@ - tsize_t t2p_write_pdf_xreftable(T2P* t2p, TIFF* output){ - - tsize_t written=0; -- char buffer[21]; -+ char buffer[64]; - int buflen=0; - uint32 i=0; - - written += t2pWriteFile(output, (tdata_t) "xref\n0 ", 7); -- buflen=sprintf(buffer, "%lu", (unsigned long)(t2p->pdf_xrefcount + 1)); -+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)(t2p->pdf_xrefcount + 1)); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); - written += t2pWriteFile(output, (tdata_t) " \n0000000000 65535 f \n", 22); - for (i=0;ipdf_xrefcount;i++){ -- sprintf(buffer, "%.10lu 00000 n \n", -+ snprintf(buffer, sizeof(buffer), "%.10lu 00000 n \n", - (unsigned long)t2p->pdf_xrefoffsets[i]); - written += t2pWriteFile(output, (tdata_t) buffer, 20); - } -@@ -5170,17 +5140,14 @@ - snprintf(t2p->pdf_fileid + i, 9, "%.8X", rand()); - - written += t2pWriteFile(output, (tdata_t) "trailer\n<<\n/Size ", 17); -- buflen = sprintf(buffer, "%lu", (unsigned long)(t2p->pdf_xrefcount+1)); -+ buflen = snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)(t2p->pdf_xrefcount+1)); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); -- _TIFFmemset(buffer, 0x00, 32); - written += t2pWriteFile(output, (tdata_t) "\n/Root ", 7); -- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_catalog); -+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_catalog); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); -- _TIFFmemset(buffer, 0x00, 32); - written += t2pWriteFile(output, (tdata_t) " 0 R \n/Info ", 12); -- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_info); -+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_info); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); -- _TIFFmemset(buffer, 0x00, 32); - written += t2pWriteFile(output, (tdata_t) " 0 R \n/ID[<", 11); - written += t2pWriteFile(output, (tdata_t) t2p->pdf_fileid, - sizeof(t2p->pdf_fileid) - 1); -@@ -5188,9 +5155,8 @@ - written += t2pWriteFile(output, (tdata_t) t2p->pdf_fileid, - sizeof(t2p->pdf_fileid) - 1); - written += t2pWriteFile(output, (tdata_t) ">]\n>>\nstartxref\n", 16); -- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_startxref); -+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_startxref); - written += t2pWriteFile(output, (tdata_t) buffer, buflen); -- _TIFFmemset(buffer, 0x00, 32); - written += t2pWriteFile(output, (tdata_t) "\n%%EOF\n", 7); - - return(written); -Index: tiff-4.0.3/tools/tiff2ps.c -=================================================================== ---- tiff-4.0.3.orig/tools/tiff2ps.c 2013-06-23 10:36:51.163629483 -0400 -+++ tiff-4.0.3/tools/tiff2ps.c 2013-06-23 10:36:51.155629481 -0400 -@@ -1781,8 +1781,8 @@ - imageOp = "imagemask"; - - (void)strcpy(im_x, "0"); -- (void)sprintf(im_y, "%lu", (long) h); -- (void)sprintf(im_h, "%lu", (long) h); -+ (void)snprintf(im_y, sizeof(im_y), "%lu", (long) h); -+ (void)snprintf(im_h, sizeof(im_h), "%lu", (long) h); - tile_width = w; - tile_height = h; - if (TIFFIsTiled(tif)) { -@@ -1803,7 +1803,7 @@ - } - if (tile_height < h) { - fputs("/im_y 0 def\n", fd); -- (void)sprintf(im_y, "%lu im_y sub", (unsigned long) h); -+ (void)snprintf(im_y, sizeof(im_y), "%lu im_y sub", (unsigned long) h); - } - } else { - repeat_count = tf_numberstrips; -@@ -1815,7 +1815,7 @@ - fprintf(fd, "/im_h %lu def\n", - (unsigned long) tile_height); - (void)strcpy(im_h, "im_h"); -- (void)sprintf(im_y, "%lu im_y sub", (unsigned long) h); -+ (void)snprintf(im_y, sizeof(im_y), "%lu im_y sub", (unsigned long) h); - } - } - -Index: tiff-4.0.3/tools/tiffcrop.c -=================================================================== ---- tiff-4.0.3.orig/tools/tiffcrop.c 2013-06-23 10:36:51.163629483 -0400 -+++ tiff-4.0.3/tools/tiffcrop.c 2013-06-23 10:36:51.159629481 -0400 -@@ -2077,7 +2077,7 @@ - return 1; - } - -- sprintf (filenum, "-%03d%s", findex, export_ext); -+ snprintf(filenum, sizeof(filenum), "-%03d%s", findex, export_ext); - filenum[14] = '\0'; - strncat (exportname, filenum, 15); - } -@@ -2230,8 +2230,8 @@ - - /* dump.infilename is guaranteed to be NUL termimated and have 20 bytes - fewer than PATH_MAX */ -- memset (temp_filename, '\0', PATH_MAX + 1); -- sprintf (temp_filename, "%s-read-%03d.%s", dump.infilename, dump_images, -+ snprintf(temp_filename, sizeof(temp_filename), "%s-read-%03d.%s", -+ dump.infilename, dump_images, - (dump.format == DUMP_TEXT) ? "txt" : "raw"); - if ((dump.infile = fopen(temp_filename, dump.mode)) == NULL) - { -@@ -2249,8 +2249,8 @@ - - /* dump.outfilename is guaranteed to be NUL termimated and have 20 bytes - fewer than PATH_MAX */ -- memset (temp_filename, '\0', PATH_MAX + 1); -- sprintf (temp_filename, "%s-write-%03d.%s", dump.outfilename, dump_images, -+ snprintf(temp_filename, sizeof(temp_filename), "%s-write-%03d.%s", -+ dump.outfilename, dump_images, - (dump.format == DUMP_TEXT) ? "txt" : "raw"); - if ((dump.outfile = fopen(temp_filename, dump.mode)) == NULL) - { -Index: tiff-4.0.3/tools/tiff2bw.c -=================================================================== ---- tiff-4.0.3.orig/tools/tiff2bw.c 2013-06-23 10:36:51.163629483 -0400 -+++ tiff-4.0.3/tools/tiff2bw.c 2013-06-23 10:36:51.159629481 -0400 -@@ -205,7 +205,7 @@ - } - } - TIFFSetField(out, TIFFTAG_PHOTOMETRIC, PHOTOMETRIC_MINISBLACK); -- sprintf(thing, "B&W version of %s", argv[optind]); -+ snprintf(thing, sizeof(thing), "B&W version of %s", argv[optind]); - TIFFSetField(out, TIFFTAG_IMAGEDESCRIPTION, thing); - TIFFSetField(out, TIFFTAG_SOFTWARE, "tiff2bw"); - outbuf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out)); diff --git a/gnu/packages/patches/libtiff-CVE-2013-4231.patch b/gnu/packages/patches/libtiff-CVE-2013-4231.patch deleted file mode 100644 index c71f7dac2e..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2013-4231.patch +++ /dev/null @@ -1,19 +0,0 @@ -Copied from Debian - -Description: Buffer overflow in gif2tiff -Bug: http://bugzilla.maptools.org/show_bug.cgi?id=2450 -Bug-Debian: http://bugs.debian.org/719303 - -Index: tiff-4.0.3/tools/gif2tiff.c -=================================================================== ---- tiff-4.0.3.orig/tools/gif2tiff.c 2013-08-22 11:46:11.960846910 -0400 -+++ tiff-4.0.3/tools/gif2tiff.c 2013-08-22 11:46:11.956846910 -0400 -@@ -333,6 +333,8 @@ - int status = 1; - - datasize = getc(infile); -+ if (datasize > 12) -+ return 0; - clear = 1 << datasize; - eoi = clear + 1; - avail = clear + 2; diff --git a/gnu/packages/patches/libtiff-CVE-2013-4232.patch b/gnu/packages/patches/libtiff-CVE-2013-4232.patch deleted file mode 100644 index 3a92f61fef..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2013-4232.patch +++ /dev/null @@ -1,20 +0,0 @@ -Copied from Debian - -Description: use after free in tiff2pdf -Bug: http://bugzilla.maptools.org/show_bug.cgi?id=2449 -Bug-Debian: http://bugs.debian.org/719303 - -Index: tiff-4.0.3/tools/tiff2pdf.c -=================================================================== ---- tiff-4.0.3.orig/tools/tiff2pdf.c 2013-08-22 11:46:37.292847242 -0400 -+++ tiff-4.0.3/tools/tiff2pdf.c 2013-08-22 11:46:37.292847242 -0400 -@@ -2461,7 +2461,8 @@ - (unsigned long) t2p->tiff_datasize, - TIFFFileName(input)); - t2p->t2p_error = T2P_ERR_ERROR; -- _TIFFfree(buffer); -+ _TIFFfree(buffer); -+ return(0); - } else { - buffer=samplebuffer; - t2p->tiff_datasize *= t2p->tiff_samplesperpixel; diff --git a/gnu/packages/patches/libtiff-CVE-2013-4243.patch b/gnu/packages/patches/libtiff-CVE-2013-4243.patch deleted file mode 100644 index a10884cd89..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2013-4243.patch +++ /dev/null @@ -1,39 +0,0 @@ -Copied from Debian - -Index: tiff/tools/gif2tiff.c -=================================================================== ---- tiff.orig/tools/gif2tiff.c -+++ tiff/tools/gif2tiff.c -@@ -280,6 +280,10 @@ readgifimage(char* mode) - fprintf(stderr, "no colormap present for image\n"); - return (0); - } -+ if (width == 0 || height == 0) { -+ fprintf(stderr, "Invalid value of width or height\n"); -+ return(0); -+ } - if ((raster = (unsigned char*) _TIFFmalloc(width*height+EXTRAFUDGE)) == NULL) { - fprintf(stderr, "not enough memory for image\n"); - return (0); -@@ -404,6 +408,10 @@ process(register int code, unsigned char - fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear); - return 0; - } -+ if (*fill >= raster + width*height) { -+ fprintf(stderr, "raster full before eoi code\n"); -+ return 0; -+ } - *(*fill)++ = suffix[code]; - firstchar = oldcode = code; - return 1; -@@ -434,6 +442,10 @@ process(register int code, unsigned char - } - oldcode = incode; - do { -+ if (*fill >= raster + width*height) { -+ fprintf(stderr, "raster full before eoi code\n"); -+ return 0; -+ } - *(*fill)++ = *--stackp; - } while (stackp > stack); - return 1; diff --git a/gnu/packages/patches/libtiff-CVE-2013-4244.patch b/gnu/packages/patches/libtiff-CVE-2013-4244.patch deleted file mode 100644 index be9c65c311..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2013-4244.patch +++ /dev/null @@ -1,20 +0,0 @@ -Copied from Debian - -Description: OOB write in gif2tiff -Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=996468 - -Index: tiff-4.0.3/tools/gif2tiff.c -=================================================================== ---- tiff-4.0.3.orig/tools/gif2tiff.c 2013-08-24 11:17:13.546447901 -0400 -+++ tiff-4.0.3/tools/gif2tiff.c 2013-08-24 11:17:13.546447901 -0400 -@@ -400,6 +400,10 @@ - } - - if (oldcode == -1) { -+ if (code >= clear) { -+ fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear); -+ return 0; -+ } - *(*fill)++ = suffix[code]; - firstchar = oldcode = code; - return 1; diff --git a/gnu/packages/patches/libtiff-CVE-2014-8127-pt1.patch b/gnu/packages/patches/libtiff-CVE-2014-8127-pt1.patch deleted file mode 100644 index 7f70edb86f..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2014-8127-pt1.patch +++ /dev/null @@ -1,30 +0,0 @@ -Copied from Debian - -From 0782c759084daaf9e4de7ee6be7543081823455e Mon Sep 17 00:00:00 2001 -From: erouault -Date: Sun, 21 Dec 2014 20:58:29 +0000 -Subject: [PATCH] * tools/tiff2bw.c: when Photometric=RGB, the utility only - works if SamplesPerPixel = 3. Enforce that - http://bugzilla.maptools.org/show_bug.cgi?id=2485 (CVE-2014-8127) - ---- - ChangeLog | 6 ++++++ - tools/tiff2bw.c | 5 +++++ - 2 files changed, 11 insertions(+) - -diff --git a/tools/tiff2bw.c b/tools/tiff2bw.c -index 22467cd..94b8e31 100644 ---- a/tools/tiff2bw.c -+++ b/tools/tiff2bw.c -@@ -171,6 +171,11 @@ main(int argc, char* argv[]) - argv[optind], samplesperpixel); - return (-1); - } -+ if( photometric == PHOTOMETRIC_RGB && samplesperpixel != 3) { -+ fprintf(stderr, "%s: Bad samples/pixel %u for PHOTOMETRIC_RGB.\n", -+ argv[optind], samplesperpixel); -+ return (-1); -+ } - TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bitspersample); - if (bitspersample != 8) { - fprintf(stderr, diff --git a/gnu/packages/patches/libtiff-CVE-2014-8127-pt2.patch b/gnu/packages/patches/libtiff-CVE-2014-8127-pt2.patch deleted file mode 100644 index a177ebfa21..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2014-8127-pt2.patch +++ /dev/null @@ -1,42 +0,0 @@ -Copied from Debian - -From 3996fa0f84f4a8b7e65fe4b8f0681711022034ea Mon Sep 17 00:00:00 2001 -From: erouault -Date: Sun, 21 Dec 2014 20:04:31 +0000 -Subject: [PATCH] * tools/pal2rgb.c, tools/thumbnail.c: fix crash by disabling - TIFFTAG_INKNAMES copying. The right fix would be to properly copy it, but not - worth the burden for those esoteric utilities. - http://bugzilla.maptools.org/show_bug.cgi?id=2484 (CVE-2014-8127) - ---- - ChangeLog | 7 +++++++ - tools/pal2rgb.c | 2 +- - tools/thumbnail.c | 2 +- - 3 files changed, 9 insertions(+), 2 deletions(-) - -diff --git a/tools/pal2rgb.c b/tools/pal2rgb.c -index bfe7899..3fc3de3 100644 ---- a/tools/pal2rgb.c -+++ b/tools/pal2rgb.c -@@ -372,7 +372,7 @@ static struct cpTag { - { TIFFTAG_CLEANFAXDATA, 1, TIFF_SHORT }, - { TIFFTAG_CONSECUTIVEBADFAXLINES, 1, TIFF_LONG }, - { TIFFTAG_INKSET, 1, TIFF_SHORT }, -- { TIFFTAG_INKNAMES, 1, TIFF_ASCII }, -+ /*{ TIFFTAG_INKNAMES, 1, TIFF_ASCII },*/ /* Needs much more complicated logic. See tiffcp */ - { TIFFTAG_DOTRANGE, 2, TIFF_SHORT }, - { TIFFTAG_TARGETPRINTER, 1, TIFF_ASCII }, - { TIFFTAG_SAMPLEFORMAT, 1, TIFF_SHORT }, -diff --git a/tools/thumbnail.c b/tools/thumbnail.c -index c50bbff..73f9c34 100644 ---- a/tools/thumbnail.c -+++ b/tools/thumbnail.c -@@ -257,7 +257,7 @@ static struct cpTag { - { TIFFTAG_CLEANFAXDATA, 1, TIFF_SHORT }, - { TIFFTAG_CONSECUTIVEBADFAXLINES, 1, TIFF_LONG }, - { TIFFTAG_INKSET, 1, TIFF_SHORT }, -- { TIFFTAG_INKNAMES, 1, TIFF_ASCII }, -+ /*{ TIFFTAG_INKNAMES, 1, TIFF_ASCII },*/ /* Needs much more complicated logic. See tiffcp */ - { TIFFTAG_DOTRANGE, 2, TIFF_SHORT }, - { TIFFTAG_TARGETPRINTER, 1, TIFF_ASCII }, - { TIFFTAG_SAMPLEFORMAT, 1, TIFF_SHORT }, diff --git a/gnu/packages/patches/libtiff-CVE-2014-8127-pt3.patch b/gnu/packages/patches/libtiff-CVE-2014-8127-pt3.patch deleted file mode 100644 index b8a3703c4c..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2014-8127-pt3.patch +++ /dev/null @@ -1,45 +0,0 @@ -Copied from Debian - -From 1f7359b00663804d96c3a102bcb6ead9812c1509 Mon Sep 17 00:00:00 2001 -From: erouault -Date: Tue, 23 Dec 2014 10:15:35 +0000 -Subject: [PATCH] * libtiff/tif_read.c: fix several invalid comparisons of a - uint64 value with <= 0 by casting it to int64 first. This solves crashing bug - on corrupted images generated by afl. - ---- - ChangeLog | 6 ++++++ - libtiff/tif_read.c | 6 +++--- - 2 files changed, 9 insertions(+), 3 deletions(-) - -diff --git a/libtiff/tif_read.c b/libtiff/tif_read.c -index 2ba822a..dfc5b07 100644 ---- a/libtiff/tif_read.c -+++ b/libtiff/tif_read.c -@@ -458,7 +458,7 @@ TIFFReadRawStrip(TIFF* tif, uint32 strip, void* buf, tmsize_t size) - return ((tmsize_t)(-1)); - } - bytecount = td->td_stripbytecount[strip]; -- if (bytecount <= 0) { -+ if ((int64)bytecount <= 0) { - #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) - TIFFErrorExt(tif->tif_clientdata, module, - "%I64u: Invalid strip byte count, strip %lu", -@@ -498,7 +498,7 @@ TIFFFillStrip(TIFF* tif, uint32 strip) - if ((tif->tif_flags&TIFF_NOREADRAW)==0) - { - uint64 bytecount = td->td_stripbytecount[strip]; -- if (bytecount <= 0) { -+ if ((int64)bytecount <= 0) { - #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) - TIFFErrorExt(tif->tif_clientdata, module, - "Invalid strip byte count %I64u, strip %lu", -@@ -801,7 +801,7 @@ TIFFFillTile(TIFF* tif, uint32 tile) - if ((tif->tif_flags&TIFF_NOREADRAW)==0) - { - uint64 bytecount = td->td_stripbytecount[tile]; -- if (bytecount <= 0) { -+ if ((int64)bytecount <= 0) { - #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) - TIFFErrorExt(tif->tif_clientdata, module, - "%I64u: Invalid tile byte count, tile %lu", diff --git a/gnu/packages/patches/libtiff-CVE-2014-8127-pt4.patch b/gnu/packages/patches/libtiff-CVE-2014-8127-pt4.patch deleted file mode 100644 index 62d903c650..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2014-8127-pt4.patch +++ /dev/null @@ -1,295 +0,0 @@ -Copied from Debian - -From 662f74445b2fea2eeb759c6524661118aef567ca Mon Sep 17 00:00:00 2001 -From: erouault -Date: Sun, 21 Dec 2014 15:15:31 +0000 -Subject: [PATCH] Fix various crasher bugs on fuzzed images. * - libtiff/tif_dir.c: TIFFSetField(): refuse to set negative values for - TIFFTAG_XRESOLUTION and TIFFTAG_YRESOLUTION that cause asserts when writing - the directory * libtiff/tif_dirread.c: TIFFReadDirectory(): refuse to read - ColorMap or TransferFunction if BitsPerSample has not yet been read, - otherwise reading it later will cause user code to crash if BitsPerSample > 1 - * libtiff/tif_getimage.c: TIFFRGBAImageOK(): return FALSE if LOGLUV with - SamplesPerPixel != 3, or if CIELAB with SamplesPerPixel != 3 or BitsPerSample - != 8 * libtiff/tif_next.c: in the "run mode", use tilewidth for tiled images - instead of imagewidth to avoid crash * tools/bmp2tiff.c: fix crash due to int - overflow related to input BMP dimensions * tools/tiff2pdf.c: fix crash due to - invalid tile count (should likely be checked by libtiff too). Detect invalid - settings of BitsPerSample/SamplesPerPixel for CIELAB / ITULAB * - tools/tiffcrop.c: fix crash due to invalid TileWidth/TileHeight * - tools/tiffdump.c: fix crash due to overflow of entry count. - ---- - ChangeLog | 19 +++++++++++++++++++ - libtiff/tif_dir.c | 21 +++++++++++++++++++-- - libtiff/tif_dirread.c | 17 +++++++++++++++++ - libtiff/tif_getimage.c | 15 +++++++++++++++ - libtiff/tif_next.c | 2 ++ - tools/bmp2tiff.c | 15 +++++++++++++++ - tools/tiff2pdf.c | 41 +++++++++++++++++++++++++++++++++++++++++ - tools/tiffcrop.c | 7 ++++--- - tools/tiffdump.c | 9 ++++++--- - 9 files changed, 138 insertions(+), 8 deletions(-) - -diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c -index 98cf66d..ab43a28 100644 ---- a/libtiff/tif_dir.c -+++ b/libtiff/tif_dir.c -@@ -160,6 +160,7 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap) - TIFFDirectory* td = &tif->tif_dir; - int status = 1; - uint32 v32, i, v; -+ double dblval; - char* s; - const TIFFField *fip = TIFFFindField(tif, tag, TIFF_ANY); - uint32 standard_tag = tag; -@@ -284,10 +285,16 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap) - setDoubleArrayOneValue(&td->td_smaxsamplevalue, va_arg(ap, double), td->td_samplesperpixel); - break; - case TIFFTAG_XRESOLUTION: -- td->td_xresolution = (float) va_arg(ap, double); -+ dblval = va_arg(ap, double); -+ if( dblval < 0 ) -+ goto badvaluedouble; -+ td->td_xresolution = (float) dblval; - break; - case TIFFTAG_YRESOLUTION: -- td->td_yresolution = (float) va_arg(ap, double); -+ dblval = va_arg(ap, double); -+ if( dblval < 0 ) -+ goto badvaluedouble; -+ td->td_yresolution = (float) dblval; - break; - case TIFFTAG_PLANARCONFIG: - v = (uint16) va_arg(ap, uint16_vap); -@@ -694,6 +701,16 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap) - va_end(ap); - } - return (0); -+badvaluedouble: -+ { -+ const TIFFField* fip=TIFFFieldWithTag(tif,tag); -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "%s: Bad value %f for \"%s\" tag", -+ tif->tif_name, dblval, -+ fip ? fip->field_name : "Unknown"); -+ va_end(ap); -+ } -+ return (0); - } - - /* -diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c -index 391c823..f66c9a7 100644 ---- a/libtiff/tif_dirread.c -+++ b/libtiff/tif_dirread.c -@@ -3430,6 +3430,8 @@ TIFFReadDirectory(TIFF* tif) - const TIFFField* fip; - uint32 fii=FAILED_FII; - toff_t nextdiroff; -+ int bitspersample_read = FALSE; -+ - tif->tif_diroff=tif->tif_nextdiroff; - if (!TIFFCheckDirOffset(tif,tif->tif_nextdiroff)) - return 0; /* last offset or bad offset (IFD looping) */ -@@ -3706,6 +3708,8 @@ TIFFReadDirectory(TIFF* tif) - } - if (!TIFFSetField(tif,dp->tdir_tag,value)) - goto bad; -+ if( dp->tdir_tag == TIFFTAG_BITSPERSAMPLE ) -+ bitspersample_read = TRUE; - } - break; - case TIFFTAG_SMINSAMPLEVALUE: -@@ -3763,6 +3767,19 @@ TIFFReadDirectory(TIFF* tif) - uint32 countrequired; - uint32 incrementpersample; - uint16* value=NULL; -+ /* It would be dangerous to instanciate those tag values */ -+ /* since if td_bitspersample has not yet been read (due to */ -+ /* unordered tags), it could be read afterwards with a */ -+ /* values greater than the default one (1), which may cause */ -+ /* crashes in user code */ -+ if( !bitspersample_read ) -+ { -+ fip = TIFFFieldWithTag(tif,dp->tdir_tag); -+ TIFFWarningExt(tif->tif_clientdata,module, -+ "Ignoring %s since BitsPerSample tag not found", -+ fip ? fip->field_name : "unknown tagname"); -+ continue; -+ } - countpersample=(1L<tif_dir.td_bitspersample); - if ((dp->tdir_tag==TIFFTAG_TRANSFERFUNCTION)&&(dp->tdir_count==(uint64)countpersample)) - { -diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c -index 074d32a..396ad08 100644 ---- a/libtiff/tif_getimage.c -+++ b/libtiff/tif_getimage.c -@@ -182,8 +182,23 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024]) - "Planarconfiguration", td->td_planarconfig); - return (0); - } -+ if( td->td_samplesperpixel != 3 ) -+ { -+ sprintf(emsg, -+ "Sorry, can not handle image with %s=%d", -+ "Samples/pixel", td->td_samplesperpixel); -+ return 0; -+ } - break; - case PHOTOMETRIC_CIELAB: -+ if( td->td_samplesperpixel != 3 || td->td_bitspersample != 8 ) -+ { -+ sprintf(emsg, -+ "Sorry, can not handle image with %s=%d and %s=%d", -+ "Samples/pixel", td->td_samplesperpixel, -+ "Bits/sample", td->td_bitspersample); -+ return 0; -+ } - break; - default: - sprintf(emsg, "Sorry, can not handle image with %s=%d", -diff --git a/libtiff/tif_next.c b/libtiff/tif_next.c -index 55e2537..a53c716 100644 ---- a/libtiff/tif_next.c -+++ b/libtiff/tif_next.c -@@ -102,6 +102,8 @@ NeXTDecode(TIFF* tif, uint8* buf, tmsize_t occ, uint16 s) - default: { - uint32 npixels = 0, grey; - uint32 imagewidth = tif->tif_dir.td_imagewidth; -+ if( isTiled(tif) ) -+ imagewidth = tif->tif_dir.td_tilewidth; - - /* - * The scanline is composed of a sequence of constant -diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c -index dfda963..f202b41 100644 ---- a/tools/tiff2pdf.c -+++ b/tools/tiff2pdf.c -@@ -1167,6 +1167,15 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){ - if( (TIFFGetField(input, TIFFTAG_PLANARCONFIG, &xuint16) != 0) - && (xuint16 == PLANARCONFIG_SEPARATE ) ){ - TIFFGetField(input, TIFFTAG_SAMPLESPERPIXEL, &xuint16); -+ if( (t2p->tiff_tiles[i].tiles_tilecount % xuint16) != 0 ) -+ { -+ TIFFError( -+ TIFF2PDF_MODULE, -+ "Invalid tile count, %s", -+ TIFFFileName(input)); -+ t2p->t2p_error = T2P_ERR_ERROR; -+ return; -+ } - t2p->tiff_tiles[i].tiles_tilecount/= xuint16; - } - if( t2p->tiff_tiles[i].tiles_tilecount > 0){ -@@ -1552,6 +1561,22 @@ void t2p_read_tiff_data(T2P* t2p, TIFF* input){ - #endif - break; - case PHOTOMETRIC_CIELAB: -+ if( t2p->tiff_samplesperpixel != 3){ -+ TIFFError( -+ TIFF2PDF_MODULE, -+ "Unsupported samplesperpixel = %d for CIELAB", -+ t2p->tiff_samplesperpixel); -+ t2p->t2p_error = T2P_ERR_ERROR; -+ return; -+ } -+ if( t2p->tiff_bitspersample != 8){ -+ TIFFError( -+ TIFF2PDF_MODULE, -+ "Invalid bitspersample = %d for CIELAB", -+ t2p->tiff_bitspersample); -+ t2p->t2p_error = T2P_ERR_ERROR; -+ return; -+ } - t2p->pdf_labrange[0]= -127; - t2p->pdf_labrange[1]= 127; - t2p->pdf_labrange[2]= -127; -@@ -1567,6 +1592,22 @@ void t2p_read_tiff_data(T2P* t2p, TIFF* input){ - t2p->pdf_colorspace=T2P_CS_LAB; - break; - case PHOTOMETRIC_ITULAB: -+ if( t2p->tiff_samplesperpixel != 3){ -+ TIFFError( -+ TIFF2PDF_MODULE, -+ "Unsupported samplesperpixel = %d for ITULAB", -+ t2p->tiff_samplesperpixel); -+ t2p->t2p_error = T2P_ERR_ERROR; -+ return; -+ } -+ if( t2p->tiff_bitspersample != 8){ -+ TIFFError( -+ TIFF2PDF_MODULE, -+ "Invalid bitspersample = %d for ITULAB", -+ t2p->tiff_bitspersample); -+ t2p->t2p_error = T2P_ERR_ERROR; -+ return; -+ } - t2p->pdf_labrange[0]=-85; - t2p->pdf_labrange[1]=85; - t2p->pdf_labrange[2]=-75; -diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c -index f5530bb..4088463 100644 ---- a/tools/tiffcrop.c -+++ b/tools/tiffcrop.c -@@ -1205,9 +1205,10 @@ static int writeBufferToContigTiles (TIFF* out, uint8* buf, uint32 imagelength, - tsize_t tilesize = TIFFTileSize(out); - unsigned char *tilebuf = NULL; - -- TIFFGetField(out, TIFFTAG_TILELENGTH, &tl); -- TIFFGetField(out, TIFFTAG_TILEWIDTH, &tw); -- TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps); -+ if( !TIFFGetField(out, TIFFTAG_TILELENGTH, &tl) || -+ !TIFFGetField(out, TIFFTAG_TILEWIDTH, &tw) || -+ !TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps) ) -+ return 1; - - tile_buffsize = tilesize; - if (tilesize < (tsize_t)(tl * tile_rowsize)) -diff --git a/tools/tiffdump.c b/tools/tiffdump.c -index cf5d62f..8247765 100644 ---- a/tools/tiffdump.c -+++ b/tools/tiffdump.c -@@ -374,6 +374,8 @@ ReadDirectory(int fd, unsigned int ix, uint64 off) - void* datamem; - uint64 dataoffset; - int datatruncated; -+ int datasizeoverflow; -+ - tag = *(uint16*)dp; - if (swabflag) - TIFFSwabShort(&tag); -@@ -412,13 +414,14 @@ ReadDirectory(int fd, unsigned int ix, uint64 off) - else - typewidth = datawidth[type]; - datasize = count*typewidth; -+ datasizeoverflow = (typewidth > 0 && datasize / typewidth != count); - datafits = 1; - datamem = dp; - dataoffset = 0; - datatruncated = 0; - if (!bigtiff) - { -- if (datasize>4) -+ if (datasizeoverflow || datasize>4) - { - uint32 dataoffset32; - datafits = 0; -@@ -432,7 +435,7 @@ ReadDirectory(int fd, unsigned int ix, uint64 off) - } - else - { -- if (datasize>8) -+ if (datasizeoverflow || datasize>8) - { - datafits = 0; - datamem = NULL; -@@ -442,7 +445,7 @@ ReadDirectory(int fd, unsigned int ix, uint64 off) - } - dp += sizeof(uint64); - } -- if (datasize>0x10000) -+ if (datasizeoverflow || datasize>0x10000) - { - datatruncated = 1; - count = 0x10000/typewidth; diff --git a/gnu/packages/patches/libtiff-CVE-2014-8128-pt1.patch b/gnu/packages/patches/libtiff-CVE-2014-8128-pt1.patch deleted file mode 100644 index fda018b7bb..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2014-8128-pt1.patch +++ /dev/null @@ -1,32 +0,0 @@ -Copied from Debian - -From 3206e0c752a62da1ae606867113ed3bf9bf73306 Mon Sep 17 00:00:00 2001 -From: erouault -Date: Sun, 21 Dec 2014 19:53:59 +0000 -Subject: [PATCH] * tools/thumbnail.c: fix out-of-buffer write - http://bugzilla.maptools.org/show_bug.cgi?id=2489 (CVE-2014-8128) - ---- - ChangeLog | 5 +++++ - tools/thumbnail.c | 8 +++++++- - 2 files changed, 12 insertions(+), 1 deletion(-) - -diff --git a/tools/thumbnail.c b/tools/thumbnail.c -index fab63f6..c50bbff 100644 ---- a/tools/thumbnail.c -+++ b/tools/thumbnail.c -@@ -568,7 +568,13 @@ setImage1(const uint8* br, uint32 rw, uint32 rh) - err -= limit; - sy++; - if (err >= limit) -- rows[nrows++] = br + bpr*sy; -+ { -+ /* We should perhaps error loudly, but I can't make sense of that */ -+ /* code... */ -+ if( nrows == 256 ) -+ break; -+ rows[nrows++] = br + bpr*sy; -+ } - } - setrow(row, nrows, rows); - row += tnw; diff --git a/gnu/packages/patches/libtiff-CVE-2014-8128-pt2.patch b/gnu/packages/patches/libtiff-CVE-2014-8128-pt2.patch deleted file mode 100644 index 6f9ef85d14..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2014-8128-pt2.patch +++ /dev/null @@ -1,83 +0,0 @@ -Copied from Debian - -From 8b6e80fca434525497e5a31c3309a3bab5b3c1c8 Mon Sep 17 00:00:00 2001 -From: erouault -Date: Sun, 21 Dec 2014 18:52:42 +0000 -Subject: [PATCH] * tools/thumbnail.c, tools/tiffcmp.c: only read/write - TIFFTAG_GROUP3OPTIONS or TIFFTAG_GROUP4OPTIONS if compression is - COMPRESSION_CCITTFAX3 or COMPRESSION_CCITTFAX4 - http://bugzilla.maptools.org/show_bug.cgi?id=2493 (CVE-2014-8128) - ---- - ChangeLog | 7 +++++++ - tools/thumbnail.c | 21 ++++++++++++++++++++- - tools/tiffcmp.c | 17 +++++++++++++++-- - 3 files changed, 42 insertions(+), 3 deletions(-) - -diff --git a/tools/thumbnail.c b/tools/thumbnail.c -index a98a881..fab63f6 100644 ---- a/tools/thumbnail.c -+++ b/tools/thumbnail.c -@@ -274,7 +274,26 @@ cpTags(TIFF* in, TIFF* out) - { - struct cpTag *p; - for (p = tags; p < &tags[NTAGS]; p++) -- cpTag(in, out, p->tag, p->count, p->type); -+ { -+ /* Horrible: but TIFFGetField() expects 2 arguments to be passed */ -+ /* if we request a tag that is defined in a codec, but that codec */ -+ /* isn't used */ -+ if( p->tag == TIFFTAG_GROUP3OPTIONS ) -+ { -+ uint16 compression; -+ if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) || -+ compression != COMPRESSION_CCITTFAX3 ) -+ continue; -+ } -+ if( p->tag == TIFFTAG_GROUP4OPTIONS ) -+ { -+ uint16 compression; -+ if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) || -+ compression != COMPRESSION_CCITTFAX4 ) -+ continue; -+ } -+ cpTag(in, out, p->tag, p->count, p->type); -+ } - } - #undef NTAGS - -diff --git a/tools/tiffcmp.c b/tools/tiffcmp.c -index 508a461..d6392af 100644 ---- a/tools/tiffcmp.c -+++ b/tools/tiffcmp.c -@@ -260,6 +260,7 @@ tiffcmp(TIFF* tif1, TIFF* tif2) - static int - cmptags(TIFF* tif1, TIFF* tif2) - { -+ uint16 compression1, compression2; - CmpLongField(TIFFTAG_SUBFILETYPE, "SubFileType"); - CmpLongField(TIFFTAG_IMAGEWIDTH, "ImageWidth"); - CmpLongField(TIFFTAG_IMAGELENGTH, "ImageLength"); -@@ -276,8 +277,20 @@ cmptags(TIFF* tif1, TIFF* tif2) - CmpShortField(TIFFTAG_SAMPLEFORMAT, "SampleFormat"); - CmpFloatField(TIFFTAG_XRESOLUTION, "XResolution"); - CmpFloatField(TIFFTAG_YRESOLUTION, "YResolution"); -- CmpLongField(TIFFTAG_GROUP3OPTIONS, "Group3Options"); -- CmpLongField(TIFFTAG_GROUP4OPTIONS, "Group4Options"); -+ if( TIFFGetField(tif1, TIFFTAG_COMPRESSION, &compression1) && -+ compression1 == COMPRESSION_CCITTFAX3 && -+ TIFFGetField(tif2, TIFFTAG_COMPRESSION, &compression2) && -+ compression2 == COMPRESSION_CCITTFAX3 ) -+ { -+ CmpLongField(TIFFTAG_GROUP3OPTIONS, "Group3Options"); -+ } -+ if( TIFFGetField(tif1, TIFFTAG_COMPRESSION, &compression1) && -+ compression1 == COMPRESSION_CCITTFAX4 && -+ TIFFGetField(tif2, TIFFTAG_COMPRESSION, &compression2) && -+ compression2 == COMPRESSION_CCITTFAX4 ) -+ { -+ CmpLongField(TIFFTAG_GROUP4OPTIONS, "Group4Options"); -+ } - CmpShortField(TIFFTAG_RESOLUTIONUNIT, "ResolutionUnit"); - CmpShortField(TIFFTAG_PLANARCONFIG, "PlanarConfiguration"); - CmpLongField(TIFFTAG_ROWSPERSTRIP, "RowsPerStrip"); diff --git a/gnu/packages/patches/libtiff-CVE-2014-8128-pt3.patch b/gnu/packages/patches/libtiff-CVE-2014-8128-pt3.patch deleted file mode 100644 index 200af0ef8b..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2014-8128-pt3.patch +++ /dev/null @@ -1,34 +0,0 @@ -Copied from Debian - -From 266bc48054b018a2f1d74562aa48eb2f509436d5 Mon Sep 17 00:00:00 2001 -From: erouault -Date: Sun, 21 Dec 2014 17:36:36 +0000 -Subject: [PATCH] * tools/tiff2pdf.c: check return code of TIFFGetField() when - reading TIFFTAG_SAMPLESPERPIXEL - ---- - ChangeLog | 5 +++++ - tools/tiff2pdf.c | 10 +++++++++- - 2 files changed, 14 insertions(+), 1 deletion(-) - -Index: tiff-4.0.3/tools/tiff2pdf.c -=================================================================== ---- tiff-4.0.3.orig/tools/tiff2pdf.c -+++ tiff-4.0.3/tools/tiff2pdf.c -@@ -1164,7 +1164,15 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* - t2p->tiff_pages[i].page_tilecount; - if( (TIFFGetField(input, TIFFTAG_PLANARCONFIG, &xuint16) != 0) - && (xuint16 == PLANARCONFIG_SEPARATE ) ){ -- TIFFGetField(input, TIFFTAG_SAMPLESPERPIXEL, &xuint16); -+ if( !TIFFGetField(input, TIFFTAG_SAMPLESPERPIXEL, &xuint16) ) -+ { -+ TIFFError( -+ TIFF2PDF_MODULE, -+ "Missing SamplesPerPixel, %s", -+ TIFFFileName(input)); -+ t2p->t2p_error = T2P_ERR_ERROR; -+ return; -+ } - if( (t2p->tiff_tiles[i].tiles_tilecount % xuint16) != 0 ) - { - TIFFError( diff --git a/gnu/packages/patches/libtiff-CVE-2014-8128-pt4.patch b/gnu/packages/patches/libtiff-CVE-2014-8128-pt4.patch deleted file mode 100644 index fda4045504..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2014-8128-pt4.patch +++ /dev/null @@ -1,77 +0,0 @@ -Copied from Debian - -Picked from CVE: diff -u -r1.14 -r1.15 -http://bugzilla.maptools.org/show_bug.cgi?id=2501 - -Author: Even Rouault - ---- tiff-4.0.3.orig/tools/tiffdither.c -+++ tiff-4.0.3/tools/tiffdither.c -@@ -39,6 +39,7 @@ - #endif - - #include "tiffio.h" -+#include "tiffiop.h" - - #define streq(a,b) (strcmp(a,b) == 0) - #define strneq(a,b,n) (strncmp(a,b,n) == 0) -@@ -56,7 +57,7 @@ static void usage(void); - * Floyd-Steinberg error propragation with threshold. - * This code is stolen from tiffmedian. - */ --static void -+static int - fsdither(TIFF* in, TIFF* out) - { - unsigned char *outline, *inputline, *inptr; -@@ -68,14 +69,19 @@ fsdither(TIFF* in, TIFF* out) - int lastline, lastpixel; - int bit; - tsize_t outlinesize; -+ int errcode = 0; - - imax = imagelength - 1; - jmax = imagewidth - 1; - inputline = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(in)); -- thisline = (short *)_TIFFmalloc(imagewidth * sizeof (short)); -- nextline = (short *)_TIFFmalloc(imagewidth * sizeof (short)); -+ thisline = (short *)_TIFFmalloc(TIFFSafeMultiply(tmsize_t, imagewidth, sizeof (short))); -+ nextline = (short *)_TIFFmalloc(TIFFSafeMultiply(tmsize_t, imagewidth, sizeof (short))); - outlinesize = TIFFScanlineSize(out); - outline = (unsigned char *) _TIFFmalloc(outlinesize); -+ if (! (inputline && thisline && nextline && outline)) { -+ fprintf(stderr, "Out of memory.\n"); -+ goto skip_on_error; -+ } - - /* - * Get first line -@@ -93,7 +99,7 @@ fsdither(TIFF* in, TIFF* out) - nextline = tmpptr; - lastline = (i == imax); - if (TIFFReadScanline(in, inputline, i, 0) <= 0) -- break; -+ goto skip_on_error; - inptr = inputline; - nextptr = nextline; - for (j = 0; j < imagewidth; ++j) -@@ -131,13 +137,18 @@ fsdither(TIFF* in, TIFF* out) - } - } - if (TIFFWriteScanline(out, outline, i-1, 0) < 0) -- break; -+ goto skip_on_error; - } -+ goto exit_label; -+ - skip_on_error: -+ errcode = 1; -+ exit_label: - _TIFFfree(inputline); - _TIFFfree(thisline); - _TIFFfree(nextline); - _TIFFfree(outline); -+ return errcode; - } - - static uint16 compression = COMPRESSION_PACKBITS; diff --git a/gnu/packages/patches/libtiff-CVE-2014-8128-pt5.patch b/gnu/packages/patches/libtiff-CVE-2014-8128-pt5.patch deleted file mode 100644 index a555a18747..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2014-8128-pt5.patch +++ /dev/null @@ -1,16 +0,0 @@ -Copied from Debian - -Patches by Petr Gajdos (pgajdos@suse.cz) from -http://bugzilla.maptools.org/show_bug.cgi?id=2499 - ---- tiff-4.0.3.orig/libtiff/tif_dirinfo.c -+++ tiff-4.0.3/libtiff/tif_dirinfo.c -@@ -141,6 +141,8 @@ tiffFields[] = { - { TIFFTAG_FAXDCS, -1, -1, TIFF_ASCII, 0, TIFF_SETGET_ASCII, TIFF_SETGET_ASCII, FIELD_CUSTOM, TRUE, FALSE, "FaxDcs", NULL }, - { TIFFTAG_STONITS, 1, 1, TIFF_DOUBLE, 0, TIFF_SETGET_DOUBLE, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "StoNits", NULL }, - { TIFFTAG_INTEROPERABILITYIFD, 1, 1, TIFF_IFD8, 0, TIFF_SETGET_UNDEFINED, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "InteroperabilityIFDOffset", NULL }, -+ { TIFFTAG_CONSECUTIVEBADFAXLINES, 1, 1, TIFF_LONG, 0, TIFF_SETGET_UINT32, TIFF_SETGET_UINT32, FIELD_CUSTOM, TRUE, FALSE, "ConsecutiveBadFaxLines", NULL }, -+ { TIFFTAG_PREDICTOR, 1, 1, TIFF_SHORT, 0, TIFF_SETGET_UINT16, TIFF_SETGET_UINT16, FIELD_CUSTOM, FALSE, FALSE, "Predictor", NULL }, - /* begin DNG tags */ - { TIFFTAG_DNGVERSION, 4, 4, TIFF_BYTE, 0, TIFF_SETGET_C0_UINT8, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "DNGVersion", NULL }, - { TIFFTAG_DNGBACKWARDVERSION, 4, 4, TIFF_BYTE, 0, TIFF_SETGET_C0_UINT8, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "DNGBackwardVersion", NULL }, diff --git a/gnu/packages/patches/libtiff-CVE-2014-8129.patch b/gnu/packages/patches/libtiff-CVE-2014-8129.patch deleted file mode 100644 index 091ec8f573..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2014-8129.patch +++ /dev/null @@ -1,45 +0,0 @@ -Copied from Debian - -From cd82b5267ad4c10eb91e4ee8a716a81362cf851c Mon Sep 17 00:00:00 2001 -From: erouault -Date: Sun, 21 Dec 2014 18:07:48 +0000 -Subject: [PATCH] * libtiff/tif_next.c: check that BitsPerSample = 2. Fixes - http://bugzilla.maptools.org/show_bug.cgi?id=2487 (CVE-2014-8129) - ---- - ChangeLog | 5 +++++ - libtiff/tif_next.c | 17 +++++++++++++++++ - 2 files changed, 22 insertions(+) - -diff --git a/libtiff/tif_next.c b/libtiff/tif_next.c -index a53c716..d834196 100644 ---- a/libtiff/tif_next.c -+++ b/libtiff/tif_next.c -@@ -141,10 +141,27 @@ NeXTDecode(TIFF* tif, uint8* buf, tmsize_t occ, uint16 s) - return (0); - } - -+static int -+NeXTPreDecode(TIFF* tif, uint16 s) -+{ -+ static const char module[] = "NeXTPreDecode"; -+ TIFFDirectory *td = &tif->tif_dir; -+ (void)s; -+ -+ if( td->td_bitspersample != 2 ) -+ { -+ TIFFErrorExt(tif->tif_clientdata, module, "Unsupported BitsPerSample = %d", -+ td->td_bitspersample); -+ return (0); -+ } -+ return (1); -+} -+ - int - TIFFInitNeXT(TIFF* tif, int scheme) - { - (void) scheme; -+ tif->tif_predecode = NeXTPreDecode; - tif->tif_decoderow = NeXTDecode; - tif->tif_decodestrip = NeXTDecode; - tif->tif_decodetile = NeXTDecode; diff --git a/gnu/packages/patches/libtiff-CVE-2014-9330.patch b/gnu/packages/patches/libtiff-CVE-2014-9330.patch deleted file mode 100644 index c3c5fc0367..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2014-9330.patch +++ /dev/null @@ -1,47 +0,0 @@ -Copied from Debian - -Description: CVE-2014-9330 - Integer overflow in bmp2tiff -Origin: upstream, http://bugzilla.maptools.org/show_bug.cgi?id=2494 -Bug: http://bugzilla.maptools.org/show_bug.cgi?id=2494 -Bug-Debian: http://bugs.debian.org/773987 - -Index: tiff/tools/bmp2tiff.c -=================================================================== ---- tiff.orig/tools/bmp2tiff.c -+++ tiff/tools/bmp2tiff.c -@@ -1,4 +1,4 @@ --/* $Id: bmp2tiff.c,v 1.23 2010-03-10 18:56:49 bfriesen Exp $ -+/* $Id: bmp2tiff.c,v 1.24 2014-12-21 15:15:32 erouault Exp $ - * - * Project: libtiff tools - * Purpose: Convert Windows BMP files in TIFF. -@@ -403,6 +403,13 @@ main(int argc, char* argv[]) - - width = info_hdr.iWidth; - length = (info_hdr.iHeight > 0) ? info_hdr.iHeight : -info_hdr.iHeight; -+ if( width <= 0 || length <= 0 ) -+ { -+ TIFFError(infilename, -+ "Invalid dimensions of BMP file" ); -+ close(fd); -+ return -1; -+ } - - switch (info_hdr.iBitCount) - { -@@ -593,6 +600,14 @@ main(int argc, char* argv[]) - - compr_size = file_hdr.iSize - file_hdr.iOffBits; - uncompr_size = width * length; -+ /* Detect int overflow */ -+ if( uncompr_size / width != length ) -+ { -+ TIFFError(infilename, -+ "Invalid dimensions of BMP file" ); -+ close(fd); -+ return -1; -+ } - comprbuf = (unsigned char *) _TIFFmalloc( compr_size ); - if (!comprbuf) { - TIFFError(infilename, diff --git a/gnu/packages/patches/libtiff-CVE-2014-9655.patch b/gnu/packages/patches/libtiff-CVE-2014-9655.patch deleted file mode 100644 index 065804d03a..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2014-9655.patch +++ /dev/null @@ -1,88 +0,0 @@ -Copied from Debian - -From 40a5955cbf0df62b1f9e9bd7d9657b0070725d19 Mon Sep 17 00:00:00 2001 -From: erouault -Date: Mon, 29 Dec 2014 12:09:11 +0000 -Subject: [PATCH] * libtiff/tif_next.c: add new tests to check that we don't - read outside of the compressed input stream buffer. - -* libtiff/tif_getimage.c: in OJPEG case, fix checks on strile width/height ---- - ChangeLog | 9 +++++++++ - libtiff/tif_getimage.c | 12 +++++++----- - libtiff/tif_next.c | 4 +++- - 3 files changed, 19 insertions(+), 6 deletions(-) - -diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c -index a4f46d9..3ad8ee7 100644 ---- a/libtiff/tif_getimage.c -+++ b/libtiff/tif_getimage.c -@@ -1871,7 +1871,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr42tile) - - (void) y; - fromskew = (fromskew * 10) / 4; -- if ((h & 3) == 0 && (w & 1) == 0) { -+ if ((w & 3) == 0 && (h & 1) == 0) { - for (; h >= 2; h -= 2) { - x = w>>2; - do { -@@ -1948,7 +1948,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr41tile) - /* XXX adjust fromskew */ - do { - x = w>>2; -- do { -+ while(x>0) { - int32 Cb = pp[4]; - int32 Cr = pp[5]; - -@@ -1959,7 +1959,8 @@ DECLAREContigPutFunc(putcontig8bitYCbCr41tile) - - cp += 4; - pp += 6; -- } while (--x); -+ x--; -+ } - - if( (w&3) != 0 ) - { -@@ -2050,7 +2051,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr21tile) - fromskew = (fromskew * 4) / 2; - do { - x = w>>1; -- do { -+ while(x>0) { - int32 Cb = pp[2]; - int32 Cr = pp[3]; - -@@ -2059,7 +2060,8 @@ DECLAREContigPutFunc(putcontig8bitYCbCr21tile) - - cp += 2; - pp += 4; -- } while (--x); -+ x --; -+ } - - if( (w&1) != 0 ) - { -diff --git a/libtiff/tif_next.c b/libtiff/tif_next.c -index d834196..dd669cc 100644 ---- a/libtiff/tif_next.c -+++ b/libtiff/tif_next.c -@@ -71,7 +71,7 @@ NeXTDecode(TIFF* tif, uint8* buf, tmsize_t occ, uint16 s) - TIFFErrorExt(tif->tif_clientdata, module, "Fractional scanlines cannot be read"); - return (0); - } -- for (row = buf; occ > 0; occ -= scanline, row += scanline) { -+ for (row = buf; cc > 0 && occ > 0; occ -= scanline, row += scanline) { - n = *bp++, cc--; - switch (n) { - case LITERALROW: -@@ -90,6 +90,8 @@ NeXTDecode(TIFF* tif, uint8* buf, tmsize_t occ, uint16 s) - * The scanline has a literal span that begins at some - * offset. - */ -+ if( cc < 4 ) -+ goto bad; - off = (bp[0] * 256) + bp[1]; - n = (bp[2] * 256) + bp[3]; - if (cc < 4+n || off+n > scanline) -- cgit v1.2.3 From c5d8e688dc79f8ea2094adf04d2274332cf5cb6c Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 8 Sep 2015 15:53:05 +0200 Subject: gnu: glibc: Patch 'openat64', which was buggy on 32-bit platforms. * gnu/packages/patches/glibc-o-largefile.patch: New file. * gnu/packages/base.scm (glibc)[source]: Add it to 'patches'. * gnu-system.am (dist_patch_DATA): Add it. --- gnu-system.am | 1 + gnu/packages/base.scm | 4 +++- gnu/packages/patches/glibc-o-largefile.patch | 25 +++++++++++++++++++++++++ 3 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/glibc-o-largefile.patch (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index 72ec9fc666..e98ae208a4 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -473,6 +473,7 @@ dist_patch_DATA = \ gnu/packages/patches/glibc-bootstrap-system.patch \ gnu/packages/patches/glibc-ldd-x86_64.patch \ gnu/packages/patches/glibc-locales.patch \ + gnu/packages/patches/glibc-o-largefile.patch \ gnu/packages/patches/gmp-arm-asm-nothumb.patch \ gnu/packages/patches/gnutls-doc-fix.patch \ gnu/packages/patches/gobject-introspection-absolute-shlib-path.patch \ diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index 76fd1115eb..e2d4727c9c 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -471,7 +471,9 @@ store.") (("use_ldconfig=yes") "use_ldconfig=no"))) (modules '((guix build utils))) - (patches (list (search-patch "glibc-ldd-x86_64.patch"))))) + (patches (map search-patch + '("glibc-ldd-x86_64.patch" + "glibc-o-largefile.patch"))))) (build-system gnu-build-system) ;; Glibc's refers to , for instance, so glibc diff --git a/gnu/packages/patches/glibc-o-largefile.patch b/gnu/packages/patches/glibc-o-largefile.patch new file mode 100644 index 0000000000..2b0ae8c8bb --- /dev/null +++ b/gnu/packages/patches/glibc-o-largefile.patch @@ -0,0 +1,25 @@ +This fixes +whereby, on 32-bit platforms, libc 2.22 would fail to pass O_LARGEFILE +to 'openat'. This was caught by 'tests/sparse03.at' in the tar +test suite. + +commit eb32b0d40308166c4d8f6330cc2958cb1e545075 +Author: Andreas Schwab +Date: Mon Aug 10 14:12:47 2015 +0200 + + Readd O_LARGEFILE flag for openat64 (bug 18781) + +--- a/sysdeps/unix/sysv/linux/openat.c ++++ b/sysdeps/unix/sysv/linux/openat.c +@@ -68,6 +68,11 @@ __OPENAT (int fd, const char *file, int oflag, ...) + va_end (arg); + } + ++ /* We have to add the O_LARGEFILE flag for openat64. */ ++#ifdef MORE_OFLAGS ++ oflag |= MORE_OFLAGS; ++#endif ++ + return SYSCALL_CANCEL (openat, fd, file, oflag, mode); + } + libc_hidden_def (__OPENAT) -- cgit v1.2.3 From 784d6e9115990b9f44a19d1fbf6d1f84c3e1bfaa Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Wed, 9 Sep 2015 19:01:48 +0200 Subject: gnu: openssl: Remove run-time dependency on Perl. This shrinks the closure of OpenSSL from 154 MiB to 73 MiB. * gnu/packages/patches/openssl-c-rehash.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. * gnu/packages/tls.scm (openssl)[source]: Use it. [arguments]: Add 'remove-miscellany' phase. * gnu/packages/certs.scm (nss-certs)[native-inputs]: Add PERL. --- gnu-system.am | 1 + gnu/packages/certs.scm | 4 +++- gnu/packages/patches/openssl-c-rehash.patch | 17 +++++++++++++++++ gnu/packages/tls.scm | 15 +++++++++++++-- 4 files changed, 34 insertions(+), 3 deletions(-) create mode 100644 gnu/packages/patches/openssl-c-rehash.patch (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index e98ae208a4..749d744621 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -567,6 +567,7 @@ dist_patch_DATA = \ gnu/packages/patches/nvi-db4.patch \ gnu/packages/patches/openexr-missing-samples.patch \ gnu/packages/patches/openssl-runpath.patch \ + gnu/packages/patches/openssl-c-rehash.patch \ gnu/packages/patches/orpheus-cast-errors-and-includes.patch \ gnu/packages/patches/ots-no-include-missing-file.patch \ gnu/packages/patches/patchelf-page-size.patch \ diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm index 0f5a105755..dd7d339794 100644 --- a/gnu/packages/certs.scm +++ b/gnu/packages/certs.scm @@ -26,6 +26,7 @@ #:use-module (gnu packages) #:use-module (gnu packages gnuzilla) #:use-module (gnu packages python) + #:use-module (gnu packages perl) #:use-module (gnu packages tls)) (define certdata2pem @@ -76,7 +77,8 @@ (outputs '("out")) (native-inputs `(("certdata2pem" ,certdata2pem) - ("openssl" ,openssl))) + ("openssl" ,openssl) + ("perl" ,perl))) ;for OpenSSL's 'c_rehash' (inputs '()) (propagated-inputs '()) (arguments diff --git a/gnu/packages/patches/openssl-c-rehash.patch b/gnu/packages/patches/openssl-c-rehash.patch new file mode 100644 index 0000000000..f873a9af23 --- /dev/null +++ b/gnu/packages/patches/openssl-c-rehash.patch @@ -0,0 +1,17 @@ +This patch removes the explicit reference to the 'perl' binary, +such that OpenSSL does not retain a reference to Perl. + +The 'c_rehash' program is seldom used, but it is used nonetheless +to create symbolic links to certificates, for instance in the 'nss-certs' +package. + +--- openssl-1.0.2d/tools/c_rehash 2015-09-09 18:36:07.313316482 +0200 ++++ openssl-1.0.2d/tools/c_rehash 2015-09-09 18:36:28.965458458 +0200 +@@ -1,4 +1,6 @@ +-#!/usr/bin/perl ++eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}' ++ & eval 'exec perl -wS "$0" $argv:q' ++ if 0; + + # Perl c_rehash script, scan all files in a directory + # and add symbolic links to their hash values. diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index e7baa52ec5..8b607dff33 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -195,7 +195,9 @@ required structures.") (sha256 (base32 "1j58r7rdj9fz2lanir8ajbx4bspb5jnm5ikl6dq8lql5fx43c737")) - (patches (list (search-patch "openssl-runpath.patch"))))) + (patches (map search-patch + '("openssl-runpath.patch" + "openssl-c-rehash.patch"))))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) (arguments @@ -255,7 +257,16 @@ required structures.") (("/bin/sh") (string-append bash "/bin/bash")) (("/bin/rm") - "rm")))))))) + "rm"))))) + (add-after + 'install 'remove-miscellany + (lambda* (#:key outputs #:allow-other-keys) + ;; The 'misc' directory contains random undocumented shell and Perl + ;; scripts. Remove them to avoid retaining a reference on Perl. + (let ((out (assoc-ref outputs "out"))) + (delete-file-recursively (string-append out "/share/openssl-" + ,version "/misc")) + #t)))))) (native-search-paths ;; FIXME: These two variables must designate a single file or directory ;; and are not actually "search paths." In practice it works OK in user -- cgit v1.2.3 From c6a3635d54f9e02bda834082311f31f35da56277 Mon Sep 17 00:00:00 2001 From: Eric Bavier Date: Thu, 10 Sep 2015 03:40:34 -0500 Subject: gnu: perl: Fix autosplitting of 0-time source. * gnu/packages/patches/perl-autosplit-default-time.patch: New patch. * gnu/packages/perl.scm (perl): Use it. * gnu-system.am (dist_patch_DATA): Add it. --- gnu-system.am | 1 + gnu/packages/patches/perl-autosplit-default-time.patch | 15 +++++++++++++++ gnu/packages/perl.scm | 1 + 3 files changed, 17 insertions(+) create mode 100644 gnu/packages/patches/perl-autosplit-default-time.patch (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index 749d744621..40a5841717 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -574,6 +574,7 @@ dist_patch_DATA = \ gnu/packages/patches/patchelf-rework-for-arm.patch \ gnu/packages/patches/patchutils-xfail-gendiff-tests.patch \ gnu/packages/patches/patch-hurd-path-max.patch \ + gnu/packages/patches/perl-autosplit-default-time.patch \ gnu/packages/patches/perl-gd-options-passthrough-and-fontconfig.patch \ gnu/packages/patches/perl-module-pluggable-search.patch \ gnu/packages/patches/perl-net-amazon-s3-moose-warning.patch \ diff --git a/gnu/packages/patches/perl-autosplit-default-time.patch b/gnu/packages/patches/perl-autosplit-default-time.patch new file mode 100644 index 0000000000..e801ac9bfe --- /dev/null +++ b/gnu/packages/patches/perl-autosplit-default-time.patch @@ -0,0 +1,15 @@ +AutoSplit will fail to create an index for files whose modification time is 0 +because its default time for a non-existent index is 1. Set this default time +to -1 instead. + +--- perl-5.16.1/cpan/AutoLoader/lib/AutoSplit.pm.orig 2012-02-14 22:44:36.000000000 -0600 ++++ perl-5.16.1/cpan/AutoLoader/lib/AutoSplit.pm 2015-09-09 19:59:22.208708921 -0500 +@@ -361,7 +361,7 @@ + my($al_idx_file) = catfile($autodir, $modpname, $IndexFile); + + if ($check_mod_time){ +- my($al_ts_time) = (stat("$al_idx_file"))[9] || 1; ++ my($al_ts_time) = (stat("$al_idx_file"))[9] || -1; + if ($al_ts_time >= $pm_mod_time and + $al_ts_time >= $self_mod_time){ + print "AutoSplit skipped ($al_idx_file newer than $filename)\n" diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm index f784798bd3..d5015fd3ef 100644 --- a/gnu/packages/perl.scm +++ b/gnu/packages/perl.scm @@ -47,6 +47,7 @@ "15qxzba3a50c9nik5ydgyfp62x7h9vxxn12yd1jgl93hb1wj96km")) (patches (map search-patch '("perl-no-sys-dirs.patch" + "perl-autosplit-default-time.patch" "perl-module-pluggable-search.patch"))))) (build-system gnu-build-system) (arguments -- cgit v1.2.3 From 895067ff495a35768e1ba39e969eff3495b8cbc4 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Fri, 11 Sep 2015 23:15:11 +0200 Subject: gnu: coreutils: Skip racy 'tail' tests. This works around . * gnu/packages/patches/coreutils-racy-tail-test.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. * gnu/packages/base.scm (coreutils): Use it. --- gnu-system.am | 1 + gnu/packages/base.scm | 4 +++- gnu/packages/patches/coreutils-racy-tail-test.patch | 13 +++++++++++++ 3 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/coreutils-racy-tail-test.patch (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index 40a5841717..d3a9527939 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -415,6 +415,7 @@ dist_patch_DATA = \ gnu/packages/patches/clang-libc-search-path.patch \ gnu/packages/patches/clucene-pkgconfig.patch \ gnu/packages/patches/cmake-fix-tests.patch \ + gnu/packages/patches/coreutils-racy-tail-test.patch \ gnu/packages/patches/cpio-CVE-2014-9112-pt1.patch \ gnu/packages/patches/cpio-CVE-2014-9112-pt2.patch \ gnu/packages/patches/cpio-CVE-2014-9112-pt3.patch \ diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index e2d4727c9c..f60a6cfeef 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -248,7 +248,9 @@ used to apply commands with arbitrarily long arguments.") version ".tar.xz")) (sha256 (base32 - "0w11jw3fb5sslf0f72kxy7llxgk1ia3a6bcw0c9kmvxrlj355mx2")))) + "0w11jw3fb5sslf0f72kxy7llxgk1ia3a6bcw0c9kmvxrlj355mx2")) + (patches + (list (search-patch "coreutils-racy-tail-test.patch"))))) (build-system gnu-build-system) (inputs `(("acl" ,acl) ; TODO: add SELinux ("gmp" ,gmp) ;bignums in 'expr', yay! diff --git a/gnu/packages/patches/coreutils-racy-tail-test.patch b/gnu/packages/patches/coreutils-racy-tail-test.patch new file mode 100644 index 0000000000..91640513e4 --- /dev/null +++ b/gnu/packages/patches/coreutils-racy-tail-test.patch @@ -0,0 +1,13 @@ +Skip this test, which uncovers a race condition in how 'tail' handles +file deletion. See . + +--- a/tests/tail-2/assert.sh ++++ b/tests/tail-2/assert.sh +@@ -16,6 +16,7 @@ + # You should have received a copy of the GNU General Public License + # along with this program. If not, see . + ++exit 77 # see + + # This test fails with tail from textutils-2.0. + # It would get something like this: -- cgit v1.2.3 From 1d6c8db57cbcd26994e3c6f0b4662bd783166bbf Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Tue, 15 Sep 2015 18:18:46 -0400 Subject: gnu: valgrind: Adapt to glibc-2.22 and linux-libre-4.x. * gnu/packages/patches/valgrind-glibc-2.21.patch: Rename to ... gnu/packages/patches/valgrind-glibc-2.22.patch: ... this, and add a case for glibc-2.22. * gnu/packages/patches/valgrind-linux-libre-4.x.patch: New file. * gnu-system.am (dist_patch_DATA): Add the new file, and rename the other one. * gnu/packages/valgrind.scm (valgrind)[source]: Add new patch. --- gnu-system.am | 3 +- gnu/packages/patches/valgrind-glibc-2.21.patch | 26 --------------- gnu/packages/patches/valgrind-glibc-2.22.patch | 39 ++++++++++++++++++++++ .../patches/valgrind-linux-libre-4.x.patch | 18 ++++++++++ gnu/packages/valgrind.scm | 4 ++- 5 files changed, 62 insertions(+), 28 deletions(-) delete mode 100644 gnu/packages/patches/valgrind-glibc-2.21.patch create mode 100644 gnu/packages/patches/valgrind-glibc-2.22.patch create mode 100644 gnu/packages/patches/valgrind-linux-libre-4.x.patch (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index 2f31f6802a..5f8ce2fd2c 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -651,7 +651,8 @@ dist_patch_DATA = \ gnu/packages/patches/unzip-remove-build-date.patch \ gnu/packages/patches/util-linux-tests.patch \ gnu/packages/patches/upower-builddir.patch \ - gnu/packages/patches/valgrind-glibc-2.21.patch \ + gnu/packages/patches/valgrind-glibc-2.22.patch \ + gnu/packages/patches/valgrind-linux-libre-4.x.patch \ gnu/packages/patches/vpnc-script.patch \ gnu/packages/patches/vtk-mesa-10.patch \ gnu/packages/patches/w3m-fix-compile.patch \ diff --git a/gnu/packages/patches/valgrind-glibc-2.21.patch b/gnu/packages/patches/valgrind-glibc-2.21.patch deleted file mode 100644 index 70f809c43f..0000000000 --- a/gnu/packages/patches/valgrind-glibc-2.21.patch +++ /dev/null @@ -1,26 +0,0 @@ -Submitted By: Pierre Labastie -Date: 2015-02-22 -Initial Package Version: 3.10.1 -Upstream Status: Unknown -Origin: Self -Description: Allows Valgrind to build with glibc-2.21 -diff -Naur valgrind-3.10.1.old/configure valgrind-3.10.1.new/configure ---- valgrind-3.10.1.old/configure 2014-11-25 20:42:25.000000000 +0100 -+++ valgrind-3.10.1.new/configure 2015-02-22 10:46:06.607826488 +0100 -@@ -6842,6 +6842,16 @@ - DEFAULT_SUPP="glibc-2.34567-NPTL-helgrind.supp ${DEFAULT_SUPP}" - DEFAULT_SUPP="glibc-2.X-drd.supp ${DEFAULT_SUPP}" - ;; -+ 2.21) -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: 2.21 family" >&5 -+$as_echo "2.21 family" >&6; } -+ -+$as_echo "#define GLIBC_2_21 1" >>confdefs.h -+ -+ DEFAULT_SUPP="glibc-2.X.supp ${DEFAULT_SUPP}" -+ DEFAULT_SUPP="glibc-2.34567-NPTL-helgrind.supp ${DEFAULT_SUPP}" -+ DEFAULT_SUPP="glibc-2.X-drd.supp ${DEFAULT_SUPP}" -+ ;; - darwin) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: Darwin" >&5 - $as_echo "Darwin" >&6; } diff --git a/gnu/packages/patches/valgrind-glibc-2.22.patch b/gnu/packages/patches/valgrind-glibc-2.22.patch new file mode 100644 index 0000000000..36c4916cc6 --- /dev/null +++ b/gnu/packages/patches/valgrind-glibc-2.22.patch @@ -0,0 +1,39 @@ +Submitted By: Pierre Labastie +Date: 2015-02-22 +Initial Package Version: 3.10.1 +Upstream Status: Unknown +Origin: Self +Description: Allows Valgrind to build with glibc-2.21 + +Later modified to support glibc-2.22 as well. + +diff -Naur valgrind-3.10.1.old/configure valgrind-3.10.1.new/configure +--- valgrind-3.10.1.old/configure 2014-11-25 20:42:25.000000000 +0100 ++++ valgrind-3.10.1.new/configure 2015-02-22 10:46:06.607826488 +0100 +@@ -6842,6 +6842,26 @@ + DEFAULT_SUPP="glibc-2.34567-NPTL-helgrind.supp ${DEFAULT_SUPP}" + DEFAULT_SUPP="glibc-2.X-drd.supp ${DEFAULT_SUPP}" + ;; ++ 2.21) ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: 2.21 family" >&5 ++$as_echo "2.21 family" >&6; } ++ ++$as_echo "#define GLIBC_2_21 1" >>confdefs.h ++ ++ DEFAULT_SUPP="glibc-2.X.supp ${DEFAULT_SUPP}" ++ DEFAULT_SUPP="glibc-2.34567-NPTL-helgrind.supp ${DEFAULT_SUPP}" ++ DEFAULT_SUPP="glibc-2.X-drd.supp ${DEFAULT_SUPP}" ++ ;; ++ 2.22) ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: 2.22 family" >&5 ++$as_echo "2.22 family" >&6; } ++ ++$as_echo "#define GLIBC_2_22 1" >>confdefs.h ++ ++ DEFAULT_SUPP="glibc-2.X.supp ${DEFAULT_SUPP}" ++ DEFAULT_SUPP="glibc-2.34567-NPTL-helgrind.supp ${DEFAULT_SUPP}" ++ DEFAULT_SUPP="glibc-2.X-drd.supp ${DEFAULT_SUPP}" ++ ;; + darwin) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: Darwin" >&5 + $as_echo "Darwin" >&6; } diff --git a/gnu/packages/patches/valgrind-linux-libre-4.x.patch b/gnu/packages/patches/valgrind-linux-libre-4.x.patch new file mode 100644 index 0000000000..79166619c7 --- /dev/null +++ b/gnu/packages/patches/valgrind-linux-libre-4.x.patch @@ -0,0 +1,18 @@ +Modify valgrind's configure script to accept linux-libre-4.x as being in the +same family as 3.x. + +--- valgrind-3.10.1/configure 2015-09-15 18:02:20.710262686 -0400 ++++ valgrind-3.10.1/configure 2015-09-15 18:02:59.831829731 -0400 +@@ -5553,9 +5553,9 @@ + kernel=`uname -r` + + case "${kernel}" in +- 2.6.*|3.*) +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: 2.6.x/3.x family (${kernel})" >&5 +-$as_echo "2.6.x/3.x family (${kernel})" >&6; } ++ 2.6.*|3.*|4.*) ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: 2.6.x/3.x/4.x family (${kernel})" >&5 ++$as_echo "2.6.x/3.x/4.x family (${kernel})" >&6; } + + $as_echo "#define KERNEL_2_6 1" >>confdefs.h + diff --git a/gnu/packages/valgrind.scm b/gnu/packages/valgrind.scm index 5e5a1d9069..a4c75baed9 100644 --- a/gnu/packages/valgrind.scm +++ b/gnu/packages/valgrind.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2014 Ludovic Courtès ;;; Copyright © 2015 Andreas Enge +;;; Copyright © 2015 Mark H Weaver ;;; ;;; This file is part of GNU Guix. ;;; @@ -37,7 +38,8 @@ (sha256 (base32 "15xrzhfnwwn7n1sfbkwvdbvs6zk0zx718n6zd5i1nrnvdp13s9gs")) - (patches (list (search-patch "valgrind-glibc-2.21.patch"))))) + (patches (map search-patch '("valgrind-glibc-2.22.patch" + "valgrind-linux-libre-4.x.patch"))))) (build-system gnu-build-system) (arguments '(#:phases (alist-cons-after -- cgit v1.2.3 From 2ed74cea5c1a353e7634f7e1be8bcc27fcac6ede Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Wed, 16 Sep 2015 15:31:41 +0200 Subject: gnu: imagemagick: Update to 6.9.2-1. * gnu/packages/imagemagick.scm (imagemagick): Update to 6.9.2-1. [source]: Add imagemagick-test-segv.patch. [inputs]: Replace LIBJPEG-8 with LIBJPEG. --- gnu-system.am | 1 + gnu/packages/imagemagick.scm | 8 +++++--- gnu/packages/patches/imagemagick-test-segv.patch | 20 ++++++++++++++++++++ 3 files changed, 26 insertions(+), 3 deletions(-) create mode 100644 gnu/packages/patches/imagemagick-test-segv.patch (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index 5f8ce2fd2c..8fa25d2000 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -505,6 +505,7 @@ dist_patch_DATA = \ gnu/packages/patches/icecat-freetype-2.6.patch \ gnu/packages/patches/icecat-libvpx-1.4.patch \ gnu/packages/patches/icu4c-CVE-2015-4760.patch \ + gnu/packages/patches/imagemagick-test-segv.patch \ gnu/packages/patches/irrlicht-mesa-10.patch \ gnu/packages/patches/jbig2dec-ignore-testtest.patch \ gnu/packages/patches/julia-0.3.10-fix-empty-array.patch \ diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm index 4e49c60993..8e176845e1 100644 --- a/gnu/packages/imagemagick.scm +++ b/gnu/packages/imagemagick.scm @@ -23,6 +23,7 @@ #:use-module (guix build-system perl) #:use-module (guix download) #:use-module ((guix licenses) #:select (fsf-free)) + #:use-module (gnu packages) #:use-module (gnu packages algebra) #:use-module (gnu packages compression) #:use-module (gnu packages fontutils) @@ -37,14 +38,15 @@ (define-public imagemagick (package (name "imagemagick") - (version "6.9.1-3") + (version "6.9.2-1") (source (origin (method url-fetch) (uri (string-append "mirror://imagemagick/ImageMagick-" version ".tar.xz")) (sha256 (base32 - "18wbsjfccxlgsdsd6h9wvhcjrsglyi086jk4bk029ik07rh81laz")))) + "159afhqrj22jlz745ccbgnkdiwvn8pjcc96jic0iv9ms7gqxwln5")) + (patches (list (search-patch "imagemagick-test-segv.patch"))))) (build-system gnu-build-system) (arguments `(#:phases (modify-phases %standard-phases @@ -84,7 +86,7 @@ ("libxml2" ,libxml2) ("libtiff" ,libtiff) ("libpng" ,libpng) - ("libjpeg" ,libjpeg-8) + ("libjpeg" ,libjpeg) ("pango" ,pango) ("freetype" ,freetype) ("bzip2" ,bzip2) diff --git a/gnu/packages/patches/imagemagick-test-segv.patch b/gnu/packages/patches/imagemagick-test-segv.patch new file mode 100644 index 0000000000..6626e54828 --- /dev/null +++ b/gnu/packages/patches/imagemagick-test-segv.patch @@ -0,0 +1,20 @@ +This patch works around a segmentation fault in 'Magick++/tests/color' when +running 'Magick++/tests/tests.tap'. Here we get an exception early on, which +is supposedly harmless: + + Caught exception: color: UnableToOpenConfigureFile `colors.xml' @ warning/configure.c/GetConfigureOptions/706 + +However, when the stack unwinders run, 'UnregisterDOTImage' gets called even +though 'RegisterDOTImage' hadn't been called yet; thus, 'graphic_context' in +coders/dot.c is NULL, leading to the segfault. + +--- ImageMagick-6.9.2-1/coders/dot.c 2015-09-16 17:32:42.900323334 +0200 ++++ ImageMagick-6.9.2-1/coders/dot.c 2015-09-16 17:32:48.312367636 +0200 +@@ -240,6 +240,7 @@ ModuleExport void UnregisterDOTImage(voi + (void) UnregisterMagickInfo("GV"); + (void) UnregisterMagickInfo("DOT"); + #if defined(MAGICKCORE_GVC_DELEGATE) ++ if (graphic_context != NULL) + gvFreeContext(graphic_context); + #endif + } -- cgit v1.2.3 From 65d54af49f31a808a8481f34a95887eba4c8bb57 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Sat, 19 Sep 2015 21:35:18 -0400 Subject: gnu: icu4c: Add fixes for CVE-2014-6585 and CVE-2015-1270. * gnu/packages/patches/icu4c-CVE-2014-6585.patch, gnu/packages/patches/icu4c-CVE-2015-1270.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/icu4c.scm (icu4c)[source]: Add patches. --- gnu-system.am | 2 ++ gnu/packages/icu4c.scm | 4 +++- gnu/packages/patches/icu4c-CVE-2014-6585.patch | 21 +++++++++++++++++++++ gnu/packages/patches/icu4c-CVE-2015-1270.patch | 15 +++++++++++++++ 4 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/icu4c-CVE-2014-6585.patch create mode 100644 gnu/packages/patches/icu4c-CVE-2015-1270.patch (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index 8fa25d2000..9decf3eaf3 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -504,6 +504,8 @@ dist_patch_DATA = \ gnu/packages/patches/icecat-enable-acceleration-and-webgl.patch \ gnu/packages/patches/icecat-freetype-2.6.patch \ gnu/packages/patches/icecat-libvpx-1.4.patch \ + gnu/packages/patches/icu4c-CVE-2014-6585.patch \ + gnu/packages/patches/icu4c-CVE-2015-1270.patch \ gnu/packages/patches/icu4c-CVE-2015-4760.patch \ gnu/packages/patches/imagemagick-test-segv.patch \ gnu/packages/patches/irrlicht-mesa-10.patch \ diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm index 46e5d12049..d442b5e69a 100644 --- a/gnu/packages/icu4c.scm +++ b/gnu/packages/icu4c.scm @@ -38,7 +38,9 @@ "-src.tgz")) (sha256 (base32 "0ys5f5spizg45qlaa31j2lhgry0jka2gfha527n4ndfxxz5j4sz1")) - (patches (list (search-patch "icu4c-CVE-2015-4760.patch"))))) + (patches (map search-patch '("icu4c-CVE-2014-6585.patch" + "icu4c-CVE-2015-1270.patch" + "icu4c-CVE-2015-4760.patch"))))) (build-system gnu-build-system) (inputs `(("perl" ,perl))) diff --git a/gnu/packages/patches/icu4c-CVE-2014-6585.patch b/gnu/packages/patches/icu4c-CVE-2014-6585.patch new file mode 100644 index 0000000000..d21a0d0ba1 --- /dev/null +++ b/gnu/packages/patches/icu4c-CVE-2014-6585.patch @@ -0,0 +1,21 @@ +Copied from Debian. + +description: out-of-bounds read +origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6585 + +--- a/source/layout/LETableReference.h ++++ b/source/layout/LETableReference.h +@@ -322,7 +322,12 @@ LE_TRACE_TR("INFO: new RTAO") + } + + const T& operator()(le_uint32 i, LEErrorCode &success) const { +- return *getAlias(i,success); ++ const T *ret = getAlias(i,success); ++ if (LE_FAILURE(success) || ret==NULL) { ++ return *(new T()); ++ } else { ++ return *ret; ++ } + } + + size_t getOffsetFor(le_uint32 i, LEErrorCode &success) const { diff --git a/gnu/packages/patches/icu4c-CVE-2015-1270.patch b/gnu/packages/patches/icu4c-CVE-2015-1270.patch new file mode 100644 index 0000000000..2a7658d36e --- /dev/null +++ b/gnu/packages/patches/icu4c-CVE-2015-1270.patch @@ -0,0 +1,15 @@ +Copied from Debian. + +diff --git a/source/common/ucnv_io.cpp b/source/common/ucnv_io.cpp +index 5dd35d8..4424664 100644 +--- a/source/common/ucnv_io.cpp ++++ b/source/common/ucnv_io.cpp +@@ -744,7 +744,7 @@ ucnv_io_getConverterName(const char *alias, UBool *containsOption, UErrorCode *p + * the name begins with 'x-'. If it does, strip it off and try + * again. This behaviour is similar to how ICU4J does it. + */ +- if (aliasTmp[0] == 'x' || aliasTmp[1] == '-') { ++ if (aliasTmp[0] == 'x' && aliasTmp[1] == '-') { + aliasTmp = aliasTmp+2; + } else { + break; -- cgit v1.2.3 From 1def6f6b2c1d2dca6bff27235c15317f229746a9 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 21 Sep 2015 16:01:45 +0200 Subject: gnu: pixman: Work around pointer arithmetic bug. * gnu/packages/patches/pixman-pointer-arithmetic.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. * gnu/packages/xdisorg.scm (pixman)[source]: Use it. --- gnu-system.am | 1 + gnu/packages/patches/pixman-pointer-arithmetic.patch | 15 +++++++++++++++ gnu/packages/xdisorg.scm | 3 ++- 3 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/pixman-pointer-arithmetic.patch (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index 9decf3eaf3..8e50a71bb6 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -586,6 +586,7 @@ dist_patch_DATA = \ gnu/packages/patches/perl-tk-x11-discover.patch \ gnu/packages/patches/pidgin-add-search-path.patch \ gnu/packages/patches/pingus-sdl-libs-config.patch \ + gnu/packages/patches/pixman-pointer-arithmetic.patch \ gnu/packages/patches/plotutils-libpng-jmpbuf.patch \ gnu/packages/patches/polkit-drop-test.patch \ gnu/packages/patches/portaudio-audacity-compat.patch \ diff --git a/gnu/packages/patches/pixman-pointer-arithmetic.patch b/gnu/packages/patches/pixman-pointer-arithmetic.patch new file mode 100644 index 0000000000..d34e6632a0 --- /dev/null +++ b/gnu/packages/patches/pixman-pointer-arithmetic.patch @@ -0,0 +1,15 @@ +Fix whereby +an arithemitic overflow could occur while doing pointer arithmetic, +leading pixman to use an invalid address as the destination buffer. + +--- pixman-0.32.6/pixman/pixman-general.c 2015-09-21 15:14:34.695981325 +0200 ++++ pixman-0.32.6/pixman/pixman-general.c 2015-09-21 15:19:48.898355548 +0200 +@@ -144,8 +144,7 @@ general_composite_rect (pixman_implemen + mask_buffer = ALIGN (src_buffer + width * Bpp); + dest_buffer = ALIGN (mask_buffer + width * Bpp); + +- if (ALIGN (dest_buffer + width * Bpp) > +- scanline_buffer + sizeof (stack_scanline_buffer)) ++ if ((width + 1) * Bpp * 3 > sizeof (stack_scanline_buffer)) + { + scanline_buffer = pixman_malloc_ab_plus_c (width, Bpp * 3, 32 * 3); diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm index 9fd9f4a321..7aa82fe312 100644 --- a/gnu/packages/xdisorg.scm +++ b/gnu/packages/xdisorg.scm @@ -150,7 +150,8 @@ following the mouse.") ".tar.gz")) (sha256 (base32 - "0129g4zdrw5hif5783li7rzcr4vpbc2cfia91azxmsk0h0xx3zix")))) + "0129g4zdrw5hif5783li7rzcr4vpbc2cfia91azxmsk0h0xx3zix")) + (patches (list (search-patch "pixman-pointer-arithmetic.patch"))))) (build-system gnu-build-system) (inputs `(("libpng" ,libpng) -- cgit v1.2.3 From 20c6b9dae3838894582ecefc9005c75316ad2f70 Mon Sep 17 00:00:00 2001 From: Andreas Enge Date: Thu, 17 Sep 2015 21:07:22 +0200 Subject: gnu: Add bitcoin-core. * gnu/packages/finance.scm: New file. * gnu-system.am (GNU_SYSTEM_MODULES): Register it. --- gnu-system.am | 1 + gnu/packages/finance.scm | 82 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 83 insertions(+) create mode 100644 gnu/packages/finance.scm (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index 8e50a71bb6..bc108c85ad 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -101,6 +101,7 @@ GNU_SYSTEM_MODULES = \ gnu/packages/feh.scm \ gnu/packages/figlet.scm \ gnu/packages/file.scm \ + gnu/packages/finance.scm \ gnu/packages/firmware.scm \ gnu/packages/fish.scm \ gnu/packages/flashing-tools.scm \ diff --git a/gnu/packages/finance.scm b/gnu/packages/finance.scm new file mode 100644 index 0000000000..264cfbf7f3 --- /dev/null +++ b/gnu/packages/finance.scm @@ -0,0 +1,82 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2015 Andreas Enge +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages finance) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (guix packages) + #:use-module (guix download) + #:use-module (guix build utils) + #:use-module (guix build-system gnu) + #:use-module (gnu packages boost) + #:use-module (gnu packages databases) + #:use-module (gnu packages linux) + #:use-module (gnu packages pkg-config) + #:use-module (gnu packages protobuf) + #:use-module (gnu packages python) + #:use-module (gnu packages qt) + #:use-module (gnu packages tls) + #:use-module (gnu packages upnp)) + +(define-public bitcoin-core + (package + (name "bitcoin-core") + (version "0.11.0") + (source (origin + (method url-fetch) + (uri + (string-append "https://bitcoin.org/bin/bitcoin-core-" + version "/bitcoin-" + version ".tar.gz")) + (sha256 + (base32 + "17yh6lq13xzzi5v2i48qaxiqm40x3hrj4gwyamkib9yzmmb1gfji")))) + (build-system gnu-build-system) + (native-inputs + `(("pkg-config" ,pkg-config) + ("python" ,python-wrapper) ; for the tests + ("util-linux" ,util-linux))) ; provides the hexdump command for tests + (inputs + `(("bdb" ,bdb) + ("boost" ,boost) + ("miniupnpc" ,miniupnpc) + ("openssl" ,openssl) + ("protobuf" ,protobuf) + ("qt" ,qt))) + (arguments + `(#:configure-flags + (list + ;; We use a bdb version newer than 4.8. + "--with-incompatible-bdb" + ;; Boost is not found unless specified manually. + (string-append "--with-boost=" + (assoc-ref %build-inputs "boost"))) + #:phases + (modify-phases %standard-phases + (add-before 'check 'set-home + (lambda _ + (setenv "HOME" (getenv "TMPDIR"))))))) ; Tests write to $HOME. + (home-page "https://bitcoin.org/en/") + (synopsis "Bitcoin peer-to-peer client") + (description + "Bitcoin is a digital currency that enables instant payments to anyone +anywhere in the world. It uses peer-to-peer technology to operate without +central authority: managing transactions and issuing money are carried out +collectively by the network. Bitcoin Core is the reference implementation +of the bitcoin protocol. This package provides the Bitcoin Core command +line client and a client based on Qt.") + (license license:expat))) -- cgit v1.2.3