From 57c211cd714f5e82fcdfc8c8655deb6941cebe2c Mon Sep 17 00:00:00 2001 From: Eric Bavier Date: Sun, 12 Feb 2017 12:39:57 -0600 Subject: gnu: netsurf: Upgrade to 3.6. * gnu/packages/web.scm (netsurf): Upgrade to 3.6. [source]: 'https' -> 'http'. Remove modules, snippet, and patches. [home-page]: 'https' -> 'http'. [arguments]: Adjust source directories. * gnu/packages/patches/netsurf-about.patch: Delete patch. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - 1 file changed, 1 deletion(-) (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 0e8d901104..fcc7eb0094 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -771,7 +771,6 @@ dist_patch_DATA = \ %D%/packages/patches/net-tools-bitrot.patch \ %D%/packages/patches/netcdf-date-time.patch \ %D%/packages/patches/netcdf-tst_h_par.patch \ - %D%/packages/patches/netsurf-about.patch \ %D%/packages/patches/ngircd-handle-zombies.patch \ %D%/packages/patches/ngircd-no-dns-in-tests.patch \ %D%/packages/patches/ninja-tests.patch \ -- cgit v1.2.3 From 43bfbf137043c2e86ae907528ab830d66e86c642 Mon Sep 17 00:00:00 2001 From: Eric Bavier Date: Sat, 11 Feb 2017 21:23:52 -0600 Subject: gnu: Add hubbub. * gnu/packages/web.scm (hubbub): New variable. --- gnu/local.mk | 1 + gnu/packages/patches/hubbub-sort-entities.patch | 13 +++++++++++ gnu/packages/web.scm | 31 +++++++++++++++++++++++++ 3 files changed, 45 insertions(+) create mode 100644 gnu/packages/patches/hubbub-sort-entities.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index fcc7eb0094..20fe3a2f25 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -634,6 +634,7 @@ dist_patch_DATA = \ %D%/packages/patches/hdf-eos5-fortrantests.patch \ %D%/packages/patches/higan-remove-march-native-flag.patch \ %D%/packages/patches/hop-linker-flags.patch \ + %D%/packages/patches/hubbub-sort-entities.patch \ %D%/packages/patches/hydra-disable-darcs-test.patch \ %D%/packages/patches/hypre-doc-tables.patch \ %D%/packages/patches/hypre-ldflags.patch \ diff --git a/gnu/packages/patches/hubbub-sort-entities.patch b/gnu/packages/patches/hubbub-sort-entities.patch new file mode 100644 index 0000000000..012e3c3022 --- /dev/null +++ b/gnu/packages/patches/hubbub-sort-entities.patch @@ -0,0 +1,13 @@ +Traverse the entities hash's keys in sorted order to ensure reproducibility. + +--- libhubbub-0.3.3/build/make-entities.pl ++++ libhubbub-0.3.3/build/make-entities.pl +@@ -86,7 +86,7 @@ + + my $trie; + +-foreach my $key (keys %entities) { ++foreach my $key (sort keys %entities) { + $trie = insert_node($trie, $key, $entities{$key}); + } + diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index 37ea4e8f7d..5ace1ebe0b 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -3791,6 +3791,37 @@ libraries.") C. It is developed as part of the NetSurf project.") (license l:expat))) +(define-public hubbub + (package + (name "hubbub") + (version "0.3.3") + (source + (origin + (method url-fetch) + (uri (string-append "http://download.netsurf-browser.org/libs/releases/" + "lib" name "-" version "-src.tar.gz")) + (sha256 + (base32 + "101781iw32p47386fxqr01nrkywi12w17ajh02k2vlga4z8zyv86")) + (patches (search-patches "hubbub-sort-entities.patch")))) + (build-system gnu-build-system) + (native-inputs + `(("netsurf-buildsystem" ,netsurf-buildsystem) + ("pkg-config" ,pkg-config) + ("doxygen" ,doxygen) + ("json-c" ,json-c) + ("perl" ,perl))) + (propagated-inputs + `(("libparserutils" ,libparserutils))) ;for libhubbub.pc + (arguments netsurf-buildsystem-arguments) + (home-page "http://www.netsurf-browser.org/projects/hubbub/") + (synopsis "HTML5 compliant parsing library") + (description + "Hubbub is an HTML5 compliant parsing library, written in C, which can +parse both valid and invalid web content. It is developed as part of the +NetSurf project.") + (license l:expat))) + (define-public netsurf (package (name "netsurf") -- cgit v1.2.3 From 710806b57b07500e1060fd32c1719b8ce8efbbe7 Mon Sep 17 00:00:00 2001 From: Eric Bavier Date: Sun, 12 Feb 2017 12:52:21 -0600 Subject: gnu: netsurf: Use unbundled source. * gnu/packages/patches/netsurf-system-utf8proc.patch: New patch. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/web.scm (netsurf)[source]: Use it. Change to unbundled source tarball. [native-inputs]: Add netsurf-buildsystem, nsgenbind. Remove flex, bison. [inputs]: Add utf8proc, libcss, libdom, libnsbmp, libnsgif, libnspsl, libnsutils, libsvgtiny. Remove expat, gperf. [arguments]: Adjust #:make-flags for netsurf-buildsystem. Delete configure phase. Adjust source directories. --- gnu/local.mk | 1 + gnu/packages/patches/netsurf-system-utf8proc.patch | 64 ++++++++++++++++++++++ gnu/packages/web.scm | 54 +++++++++--------- 3 files changed, 93 insertions(+), 26 deletions(-) create mode 100644 gnu/packages/patches/netsurf-system-utf8proc.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 20fe3a2f25..0e79b6762f 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -772,6 +772,7 @@ dist_patch_DATA = \ %D%/packages/patches/net-tools-bitrot.patch \ %D%/packages/patches/netcdf-date-time.patch \ %D%/packages/patches/netcdf-tst_h_par.patch \ + %D%/packages/patches/netsurf-system-utf8proc.patch \ %D%/packages/patches/ngircd-handle-zombies.patch \ %D%/packages/patches/ngircd-no-dns-in-tests.patch \ %D%/packages/patches/ninja-tests.patch \ diff --git a/gnu/packages/patches/netsurf-system-utf8proc.patch b/gnu/packages/patches/netsurf-system-utf8proc.patch new file mode 100644 index 0000000000..254bf52c93 --- /dev/null +++ b/gnu/packages/patches/netsurf-system-utf8proc.patch @@ -0,0 +1,64 @@ +Use upstream utf8proc package, as suggested in +http://source.netsurf-browser.org/libutf8proc.git/commit/?id=770e329cceaf0620c7b482589a9b17ed1d19c16d + +Work around upstream's lack of a pkg-config file and update API. + +--- netsurf-3.6/Makefile ++++ netsurf-3.6/Makefile +@@ -527,10 +527,9 @@ + $(eval $(call pkg_config_find_and_add,libcss,CSS)) + $(eval $(call pkg_config_find_and_add,libdom,DOM)) + $(eval $(call pkg_config_find_and_add,libnsutils,nsutils)) +-$(eval $(call pkg_config_find_and_add,libutf8proc,utf8proc)) + + # Common libraries without pkg-config support +-LDFLAGS += -lz ++LDFLAGS += -lz -lutf8proc + + # Optional libraries with pkgconfig + +--- netsurf-3.6/utils/idna.c ++++ netsurf-3.6/utils/idna.c +@@ -26,7 +26,7 @@ + #include + #include + #include +-#include ++#include + + #include "utils/errors.h" + #include "utils/idna.h" +@@ -250,7 +250,7 @@ + return NSERROR_NOMEM; + } + +- nfc_size = utf8proc_normalise(nfc_label, nfc_size, ++ nfc_size = utf8proc_normalize_utf32(nfc_label, nfc_size, + UTF8PROC_STABLE | UTF8PROC_COMPOSE); + if (nfc_size < 0) { + return NSERROR_NOMEM; +@@ -565,7 +565,7 @@ + } + + /* Perform NFC normalisation */ +- ucs4_len = utf8proc_normalise(ucs4, u_ucs4_len, ++ ucs4_len = utf8proc_normalize_utf32(ucs4, u_ucs4_len, + UTF8PROC_STABLE | UTF8PROC_COMPOSE); + if (ucs4_len < 0) { + free(ucs4); +--- netsurf-3.6/test/Makefile ++++ netsurf-3.6/test/Makefile +@@ -112,11 +112,11 @@ + -D_XOPEN_SOURCE=600 \ + -Itest -Iinclude -Icontent/handlers -Ifrontends -I. -I.. \ + -Dnsgtk \ +- $(shell pkg-config --cflags libcurl libparserutils libwapcaplet libdom libnsutils libutf8proc libidn) \ ++ $(shell pkg-config --cflags libcurl libparserutils libwapcaplet libdom libnsutils libidn) \ + $(LIB_CFLAGS) \ + $(COV_CFLAGS) + +-TESTLDFLAGS := $(shell pkg-config --libs libcurl libparserutils libwapcaplet libdom libnsutils libutf8proc libidn) -lz \ ++TESTLDFLAGS := $(shell pkg-config --libs libcurl libparserutils libwapcaplet libdom libnsutils libidn) -lz -lutf8proc \ + $(LIB_LDFLAGS)\ + $(COV_LDFLAGS) + diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index 7d8cd29a58..1584b93beb 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -4071,32 +4071,41 @@ w3c webidl files and a binding configuration file.") (source (origin (method url-fetch) - (uri (string-append "http://download.netsurf-browser.org/" - "netsurf/releases/source-full/netsurf-all-" - version ".tar.gz")) + (uri (string-append "http://download.netsurf-browser.org/netsurf/" + "releases/source/netsurf-" version "-src.tar.gz")) (sha256 (base32 - "1cgq9n4nvkpih93sfpdadv3666ycsx9bnp8kwalbs8h232mr7ppx")))) + "174sjx0566agckwmlj4w2cip5qbxdiafyhlp185a1qprxx84pbjr")) + (patches (search-patches "netsurf-system-utf8proc.patch")))) (build-system glib-or-gtk-build-system) (native-inputs - `(("pkg-config" ,pkg-config) + `(("netsurf-buildsystem" ,netsurf-buildsystem) + ("nsgenbind" ,nsgenbind) ("perl" ,perl) ("perl-html-parser" ,perl-html-parser) - ("flex" ,flex) - ("bison" ,bison))) + ("pkg-config" ,pkg-config))) (inputs - `(("gtk+" ,gtk+-2) - ("gperf" ,gperf) - ("curl" ,curl) + `(("curl" ,curl) + ("gtk+" ,gtk+-2) ("openssl" ,openssl) + ("utf8proc" ,utf8proc) ("libpng" ,libpng) ("libjpeg" ,libjpeg) - ("expat" ,expat))) + ("libcss" ,libcss) + ("libdom" ,libdom) + ("libnsbmp" ,libnsbmp) + ("libnsgif" ,libnsgif) + ("libnspsl" ,libnspsl) + ("libnsutils" ,libnsutils) + ("libsvgtiny" ,libsvgtiny))) (arguments `(#:make-flags `("CC=gcc" "BUILD_CC=gcc" - ,(string-append "PREFIX=" %output)) - #:parallel-build? #f ;parallel builds not supported - #:tests? #f ;no way to easily run from release tarball + ,(string-append "PREFIX=" %output) + ,(string-append "NSSHARED=" + (assoc-ref %build-inputs + "netsurf-buildsystem") + "/share/netsurf-buildsystem")) + #:tests? #f #:modules ((ice-9 rdelim) (ice-9 match) (srfi srfi-1) @@ -4104,18 +4113,11 @@ w3c webidl files and a binding configuration file.") ,@%glib-or-gtk-build-system-modules) #:phases (modify-phases %standard-phases - (replace 'configure - (lambda _ - (call-with-output-file "netsurf/Makefile.config" - (lambda (port) - (format port "~ - NETSURF_GTK_RESOURCES := $(PREFIX)/share/netsurf/~@ - "))) - #t)) + (delete 'configure) (add-after 'build 'adjust-welcome (lambda _ ;; First, fix some unended tags and simple substitutions - (substitute* "netsurf/frontends/gtk/res/welcome.html" + (substitute* "frontends/gtk/res/welcome.html" (("<(img|input)([^>]*)>" _ tag contents) (string-append "<" tag contents " />")) (("Licence") "License") ;prefer GNU spelling @@ -4126,7 +4128,7 @@ w3c webidl files and a binding configuration file.") (("Google Search") "DuckDuckGo Search") (("name=\"btnG\"") "")) ;; Remove default links so it doesn't seem we're endorsing them - (with-atomic-file-replacement "netsurf/frontends/gtk/res/welcome.html" + (with-atomic-file-replacement "frontends/gtk/res/welcome.html" (lambda (in out) ;; Leave the DOCTYPE header as is (display (read-line in 'concat) out) @@ -4148,13 +4150,13 @@ w3c webidl files and a binding configuration file.") (desktop (string-append out "/share/applications/" "netsurf.desktop"))) (mkdir-p (dirname desktop)) - (copy-file "netsurf/frontends/gtk/res/netsurf-gtk.desktop" + (copy-file "frontends/gtk/res/netsurf-gtk.desktop" desktop) (substitute* desktop (("netsurf-gtk") (string-append out "/bin/netsurf")) (("netsurf.png") (string-append out "/share/netsurf/" "netsurf.xpm"))) - (install-file "netsurf/Docs/netsurf-gtk.1" + (install-file "Docs/netsurf-gtk.1" (string-append out "/share/man/man1/")) #t)))))) (home-page "http://www.netsurf-browser.org") -- cgit v1.2.3 From 4fc282b32a16946d423cdbbdd7ee94d025d3b9f5 Mon Sep 17 00:00:00 2001 From: Eric Bavier Date: Sun, 12 Feb 2017 19:51:43 -0600 Subject: gnu: netsurf: Enable tests. * gnu/packages/patches/netsurf-longer-test-timeout.patch, gnu/packages/patches/netsurf-y2038-tests.patch: New patches. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/web.scm (netsurf)[source]: Use them. [native-inputs]: Add libidn, check. [inputs]: Add miscfiles. [arguments]: Remove #:tests?, add #:test-target. Add 'patch-check phase. --- gnu/local.mk | 2 ++ .../patches/netsurf-longer-test-timeout.patch | 20 +++++++++++++++++ gnu/packages/patches/netsurf-y2038-tests.patch | 25 ++++++++++++++++++++++ gnu/packages/web.scm | 19 +++++++++++++--- 4 files changed, 63 insertions(+), 3 deletions(-) create mode 100644 gnu/packages/patches/netsurf-longer-test-timeout.patch create mode 100644 gnu/packages/patches/netsurf-y2038-tests.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 0e79b6762f..26f6bbf0d7 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -773,6 +773,8 @@ dist_patch_DATA = \ %D%/packages/patches/netcdf-date-time.patch \ %D%/packages/patches/netcdf-tst_h_par.patch \ %D%/packages/patches/netsurf-system-utf8proc.patch \ + %D%/packages/patches/netsurf-y2038-tests.patch \ + %D%/packages/patches/netsurf-longer-test-timeout.patch \ %D%/packages/patches/ngircd-handle-zombies.patch \ %D%/packages/patches/ngircd-no-dns-in-tests.patch \ %D%/packages/patches/ninja-tests.patch \ diff --git a/gnu/packages/patches/netsurf-longer-test-timeout.patch b/gnu/packages/patches/netsurf-longer-test-timeout.patch new file mode 100644 index 0000000000..4dd5a8539f --- /dev/null +++ b/gnu/packages/patches/netsurf-longer-test-timeout.patch @@ -0,0 +1,20 @@ +Increase the timeout on dictionary tests to accommodate slower machines. + +--- netsurf-3.6/test/hashtable.c ++++ netsurf-3.6/test/hashtable.c +@@ -286,6 +286,7 @@ + tcase_add_checked_fixture(tc_dict_s, + dicts_hashtable_create, + dict_hashtable_teardown); ++ tcase_set_timeout(tc_dict_s, 30); + + tcase_add_test(tc_dict_s, hashtable_dict_test); + +@@ -297,6 +298,7 @@ + tcase_add_checked_fixture(tc_dict_l, + dictl_hashtable_create, + dict_hashtable_teardown); ++ tcase_set_timeout(tc_dict_l, 30); + + tcase_add_test(tc_dict_l, hashtable_dict_test); + diff --git a/gnu/packages/patches/netsurf-y2038-tests.patch b/gnu/packages/patches/netsurf-y2038-tests.patch new file mode 100644 index 0000000000..407a5277c8 --- /dev/null +++ b/gnu/packages/patches/netsurf-y2038-tests.patch @@ -0,0 +1,25 @@ +These two test cases fail for us on i686. + +See https://en.wikipedia.org/wiki/Year_2038_problem + +--- netsurf-3.6/test/time.c ++++ netsurf-3.6/test/time.c +@@ -77,18 +77,10 @@ + .expected = "Tue, 12 Jun 2001 12:12:12 GMT" + }, + { +- .test = "Thu, 16 Jul 2207 12:45:12 GMT", +- .expected = "Thu, 16 Jul 2207 12:45:12 GMT" +- }, +- { + .test = "Thu, 16 Aug 2007 19:45:12 GMT", + .expected = "Thu, 16 Aug 2007 19:45:12 GMT" + }, + { +- .test = "Tue, 16 Sep 3456 00:45:12 GMT", +- .expected = "Tue, 16 Sep 3456 00:45:12 GMT" +- }, +- { + .test = "Sun, 16 Oct 1988 19:45:59 GMT", + .expected = "Sun, 16 Oct 1988 19:45:59 GMT" + }, diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index 1584b93beb..e50a3701fe 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -65,11 +65,13 @@ #:use-module (gnu packages gettext) #:use-module (gnu packages glib) #:use-module (gnu packages gnome) + #:use-module (gnu packages gnu-doc) #:use-module (gnu packages gnupg) #:use-module (gnu packages gperf) #:use-module (gnu packages gtk) #:use-module (gnu packages icu4c) #:use-module (gnu packages image) + #:use-module (gnu packages libidn) #:use-module (gnu packages lua) #:use-module (gnu packages ncurses) #:use-module (gnu packages base) @@ -4076,11 +4078,15 @@ w3c webidl files and a binding configuration file.") (sha256 (base32 "174sjx0566agckwmlj4w2cip5qbxdiafyhlp185a1qprxx84pbjr")) - (patches (search-patches "netsurf-system-utf8proc.patch")))) + (patches (search-patches "netsurf-system-utf8proc.patch" + "netsurf-y2038-tests.patch" + "netsurf-longer-test-timeout.patch")))) (build-system glib-or-gtk-build-system) (native-inputs `(("netsurf-buildsystem" ,netsurf-buildsystem) ("nsgenbind" ,nsgenbind) + ("libidn" ,libidn) ;only for tests + ("check" ,check) ("perl" ,perl) ("perl-html-parser" ,perl-html-parser) ("pkg-config" ,pkg-config))) @@ -4097,7 +4103,8 @@ w3c webidl files and a binding configuration file.") ("libnsgif" ,libnsgif) ("libnspsl" ,libnspsl) ("libnsutils" ,libnsutils) - ("libsvgtiny" ,libsvgtiny))) + ("libsvgtiny" ,libsvgtiny) + ("miscfiles" ,miscfiles))) (arguments `(#:make-flags `("CC=gcc" "BUILD_CC=gcc" ,(string-append "PREFIX=" %output) @@ -4105,7 +4112,7 @@ w3c webidl files and a binding configuration file.") (assoc-ref %build-inputs "netsurf-buildsystem") "/share/netsurf-buildsystem")) - #:tests? #f + #:test-target "test" #:modules ((ice-9 rdelim) (ice-9 match) (srfi srfi-1) @@ -4144,6 +4151,12 @@ w3c webidl files and a binding configuration file.") (x x))) out))) #t)) + (add-before 'check 'patch-check + (lambda* (#:key inputs #:allow-other-keys) + (substitute* '("test/bloom.c" "test/hashtable.c") + (("/usr/share/dict/words") + (string-append (assoc-ref inputs "miscfiles") "/share/web2"))) + #t)) (add-after 'install 'install-more (lambda* (#:key outputs #:allow-other-keys) (let* ((out (assoc-ref outputs "out")) -- cgit v1.2.3 From 1ae04e35111f1455134943ee098f39e55aebc3eb Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Mon, 13 Feb 2017 17:31:23 -0500 Subject: gnu: vim: Fix CVE-2017-5953. * gnu/packages/patches/vim-CVE-2017-5953.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/vim.scm (vim)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/patches/vim-CVE-2017-5953.patch | 24 ++++++++++++++++++++++++ gnu/packages/vim.scm | 1 + 3 files changed, 26 insertions(+) create mode 100644 gnu/packages/patches/vim-CVE-2017-5953.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 26f6bbf0d7..060de25357 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -954,6 +954,7 @@ dist_patch_DATA = \ %D%/packages/patches/util-linux-tests.patch \ %D%/packages/patches/upower-builddir.patch \ %D%/packages/patches/valgrind-enable-arm.patch \ + %D%/packages/patches/vim-CVE-2017-5953.patch \ %D%/packages/patches/vorbis-tools-CVE-2014-9638+CVE-2014-9639.patch \ %D%/packages/patches/vorbis-tools-CVE-2014-9640.patch \ %D%/packages/patches/vorbis-tools-CVE-2015-6749.patch \ diff --git a/gnu/packages/patches/vim-CVE-2017-5953.patch b/gnu/packages/patches/vim-CVE-2017-5953.patch new file mode 100644 index 0000000000..7b66f1bf16 --- /dev/null +++ b/gnu/packages/patches/vim-CVE-2017-5953.patch @@ -0,0 +1,24 @@ +Fix CVE-2017-5953: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5953 +https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY + +Patch adapted from upstream commit, correcting the transcription error +in the bounds check: + +https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d + +diff --git a/src/spellfile.c b/src/spellfile.c +index c7d87c6..8b1a3a6 100644 +--- a/src/spellfile.c ++++ b/src/spellfile.c +@@ -1595,6 +1595,9 @@ spell_read_tree( + len = get4c(fd); + if (len < 0) + return SP_TRUNCERROR; ++ if (len >= 0x3fffffff) ++ /* Invalid length, multiply with sizeof(int) would overflow. */ ++ return SP_FORMERROR; + if (len > 0) + { + /* Allocate the byte array. */ diff --git a/gnu/packages/vim.scm b/gnu/packages/vim.scm index f042aba931..cdb32ac7eb 100644 --- a/gnu/packages/vim.scm +++ b/gnu/packages/vim.scm @@ -63,6 +63,7 @@ (uri (string-append "https://github.com/vim/vim/archive/v" version ".tar.gz")) (file-name (string-append name "-" version ".tar.gz")) + (patches (search-patches "vim-CVE-2017-5953.patch")) (sha256 (base32 "04samk2bakyixbxyc3p0g6ypls45105sikibg0wc6lmak9bqjs85")))) -- cgit v1.2.3 From 945b6721ebe4ba61396d5e618a76ae3f0199271a Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sat, 18 Feb 2017 09:53:44 -0500 Subject: gnu: vdirsyncer: Don't fail the test suite when the build machine is slow. * gnu/packages/patches/vdirsyncer-test-suite-slow-machines.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/dav.scm (vdirsyncer)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/dav.scm | 5 ++- .../vdirsyncer-test-suite-slow-machines.patch | 42 ++++++++++++++++++++++ 3 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/vdirsyncer-test-suite-slow-machines.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 060de25357..ca415ec48f 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -954,6 +954,7 @@ dist_patch_DATA = \ %D%/packages/patches/util-linux-tests.patch \ %D%/packages/patches/upower-builddir.patch \ %D%/packages/patches/valgrind-enable-arm.patch \ + %D%/packages/patches/vdirsyncer-test-suite-slow-machines.patch \ %D%/packages/patches/vim-CVE-2017-5953.patch \ %D%/packages/patches/vorbis-tools-CVE-2014-9638+CVE-2014-9639.patch \ %D%/packages/patches/vorbis-tools-CVE-2014-9640.patch \ diff --git a/gnu/packages/dav.scm b/gnu/packages/dav.scm index dd03d8964b..908b336f8c 100644 --- a/gnu/packages/dav.scm +++ b/gnu/packages/dav.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2015, 2016 Leo Famulari +;;; Copyright © 2015, 2016, 2017 Leo Famulari ;;; ;;; This file is part of GNU Guix. ;;; @@ -21,6 +21,7 @@ #:use-module (guix download) #:use-module (guix licenses) #:use-module (guix packages) + #:use-module (gnu packages) #:use-module (gnu packages python)) (define-public radicale @@ -58,6 +59,8 @@ clients.") (source (origin (method url-fetch) (uri (pypi-uri name version)) + (patches + (search-patches "vdirsyncer-test-suite-slow-machines.patch")) (sha256 (base32 "044f01fjd8dpz4y9dm3qcc1a8cihcxxbr1sz6y6fkvglpb6k85y5")))) diff --git a/gnu/packages/patches/vdirsyncer-test-suite-slow-machines.patch b/gnu/packages/patches/vdirsyncer-test-suite-slow-machines.patch new file mode 100644 index 0000000000..03093e8330 --- /dev/null +++ b/gnu/packages/patches/vdirsyncer-test-suite-slow-machines.patch @@ -0,0 +1,42 @@ +Fix test failures caused by some build machines running more slowly than +expected, which manifest like this: + +------ +> raise FailedHealthCheck(message) +E hypothesis.errors.FailedHealthCheck: Data generation is extremely slow: Only produced 4 valid examples in 1.08 seconds (1 invalid ones and 0 exceeded maximum size). Try decreasing size of the data you're generating (with e.g.average_size or max_leaves parameters). +E See http://hypothesis.readthedocs.org/en/latest/healthchecks.html for more information about this. If you want to disable just this health check, add HealthCheck.too_slowto the suppress_health_check settings for this test. + +/gnu/store/b8d1r8bilvm3jkncgrpvmg3dni9cgcr1-python-hypothesis-3.1.0/lib/python3.5/site-packages/hypothesis/core.py:296: FailedHealthCheck +------ + +Patch copied from upstream source repository: + +https://github.com/pimutils/vdirsyncer/commit/10490a12f13f03495e0945eb9d45d7aed9ab0a6c + +From 10490a12f13f03495e0945eb9d45d7aed9ab0a6c Mon Sep 17 00:00:00 2001 +From: Markus Unterwaditzer +Date: Sat, 18 Feb 2017 15:45:06 +0100 +Subject: [PATCH] Unconditionally disable HealthCheck.too_slow + +--- + tests/conftest.py | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/tests/conftest.py b/tests/conftest.py +index e0a07d5..3afd7cd 100644 +--- a/tests/conftest.py ++++ b/tests/conftest.py +@@ -26,10 +26,12 @@ def benchmark(): + else: + del pytest_benchmark + ++ ++settings.suppress_health_check = [HealthCheck.too_slow] ++ + settings.register_profile("ci", settings( + max_examples=1000, + verbosity=Verbosity.verbose, +- suppress_health_check=[HealthCheck.too_slow] + )) + settings.register_profile("deterministic", settings( + derandomize=True, -- cgit v1.2.3 From 1c851cbe0c562894bd38c0f9f39d12be306b3e59 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Thu, 23 Feb 2017 14:35:00 -0500 Subject: gnu: shadow: Fix CVE-2017-2616. * gnu/packages/patches/shadow-CVE-2017-2616.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/admin.scm (shadow): Use it. --- gnu/local.mk | 1 + gnu/packages/admin.scm | 3 +- gnu/packages/patches/shadow-CVE-2017-2616.patch | 72 +++++++++++++++++++++++++ 3 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/shadow-CVE-2017-2616.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index ca415ec48f..2954549759 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -901,6 +901,7 @@ dist_patch_DATA = \ %D%/packages/patches/serf-comment-style-fix.patch \ %D%/packages/patches/serf-deflate-buckets-test-fix.patch \ %D%/packages/patches/shadow-4.4-su-snprintf-fix.patch \ + %D%/packages/patches/shadow-CVE-2017-2616.patch \ %D%/packages/patches/slim-session.patch \ %D%/packages/patches/slim-config.patch \ %D%/packages/patches/slim-sigusr1.patch \ diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index b2207a1205..d9c7ba3b73 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -276,7 +276,8 @@ client and server, a telnet client and server, and an rsh client and server.") (uri (string-append "https://github.com/shadow-maint/shadow/releases/" "download/" version "/shadow-" version ".tar.xz")) - (patches (search-patches "shadow-4.4-su-snprintf-fix.patch")) + (patches (search-patches "shadow-4.4-su-snprintf-fix.patch" + "shadow-CVE-2017-2616.patch")) (sha256 (base32 "0g7hf55ar2pafg5g3ldx0fwzjk36wf4xb21p4ndanbjm3c2a9ab1")))) diff --git a/gnu/packages/patches/shadow-CVE-2017-2616.patch b/gnu/packages/patches/shadow-CVE-2017-2616.patch new file mode 100644 index 0000000000..f88aac40bc --- /dev/null +++ b/gnu/packages/patches/shadow-CVE-2017-2616.patch @@ -0,0 +1,72 @@ +Fix CVE-2017-2616: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616 +http://seclists.org/oss-sec/2017/q1/490 +http://seclists.org/oss-sec/2017/q1/474 + +Patch copied from upstream source repository: + +https://github.com/shadow-maint/shadow/commit/08fd4b69e84364677a10e519ccb25b71710ee686 + +From 08fd4b69e84364677a10e519ccb25b71710ee686 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann +Date: Thu, 23 Feb 2017 09:47:29 -0600 +Subject: [PATCH] su: properly clear child PID + +If su is compiled with PAM support, it is possible for any local user +to send SIGKILL to other processes with root privileges. There are +only two conditions. First, the user must be able to perform su with +a successful login. This does NOT have to be the root user, even using +su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL +can only be sent to processes which were executed after the su process. +It is not possible to send SIGKILL to processes which were already +running. I consider this as a security vulnerability, because I was +able to write a proof of concept which unlocked a screen saver of +another user this way. +--- + src/su.c | 19 +++++++++++++++++-- + 1 file changed, 17 insertions(+), 2 deletions(-) + +diff --git a/src/su.c b/src/su.c +index f20d230..d86aa86 100644 +--- a/src/su.c ++++ b/src/su.c +@@ -379,11 +379,13 @@ static void prepare_pam_close_session (void) + /* wake child when resumed */ + kill (pid, SIGCONT); + stop = false; ++ } else { ++ pid_child = 0; + } + } while (!stop); + } + +- if (0 != caught) { ++ if (0 != caught && 0 != pid_child) { + (void) fputs ("\n", stderr); + (void) fputs (_("Session terminated, terminating shell..."), + stderr); +@@ -393,9 +395,22 @@ static void prepare_pam_close_session (void) + snprintf (wait_msg, sizeof wait_msg, _(" ...waiting for child to terminate.\n")); + + (void) signal (SIGALRM, kill_child); ++ (void) signal (SIGCHLD, catch_signals); + (void) alarm (2); + +- (void) wait (&status); ++ sigemptyset (&ourset); ++ if ((sigaddset (&ourset, SIGALRM) != 0) ++ || (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0)) { ++ fprintf (stderr, _("%s: signal masking malfunction\n"), Prog); ++ kill_child (0); ++ } else { ++ while (0 == waitpid (pid_child, &status, WNOHANG)) { ++ sigsuspend (&ourset); ++ } ++ pid_child = 0; ++ (void) sigprocmask (SIG_UNBLOCK, &ourset, NULL); ++ } ++ + (void) fputs (_(" ...terminated.\n"), stderr); + } + -- cgit v1.2.3 From 1d311009fe34a7b22814cc6a3386375ff9142d51 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Thu, 23 Feb 2017 14:49:47 -0500 Subject: gnu: util-linux: Fix CVE-2017-2616. * gnu/packages/patches/util-linux-CVE-2017-2616.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/linux.scm (util-linux)[replacement]: New field. (util-linux/fixed): New variable. --- gnu/local.mk | 1 + gnu/packages/linux.scm | 12 ++++ .../patches/util-linux-CVE-2017-2616.patch | 65 ++++++++++++++++++++++ 3 files changed, 78 insertions(+) create mode 100644 gnu/packages/patches/util-linux-CVE-2017-2616.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 2954549759..515b154b9a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -953,6 +953,7 @@ dist_patch_DATA = \ %D%/packages/patches/unzip-overflow-long-fsize.patch \ %D%/packages/patches/unzip-remove-build-date.patch \ %D%/packages/patches/util-linux-tests.patch \ + %D%/packages/patches/util-linux-CVE-2017-2616.patch \ %D%/packages/patches/upower-builddir.patch \ %D%/packages/patches/valgrind-enable-arm.patch \ %D%/packages/patches/vdirsyncer-test-suite-slow-machines.patch \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index a6c564b275..304c9f0512 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -495,6 +495,7 @@ providing the system administrator with some help in common tasks.") (define-public util-linux (package (name "util-linux") + (replacement util-linux/fixed) (version "2.28.1") (source (origin (method url-fetch) @@ -575,6 +576,17 @@ block devices, UUIDs, TTYs, and many other tools.") (license (list license:gpl3+ license:gpl2+ license:gpl2 license:lgpl2.0+ license:bsd-4 license:public-domain)))) +(define util-linux/fixed + (package + (inherit util-linux) + (source + (origin + (inherit (package-source util-linux)) + (patches + (append + (origin-patches (package-source util-linux)) + (search-patches "util-linux-CVE-2017-2616.patch"))))))) + (define-public procps (package (name "procps") diff --git a/gnu/packages/patches/util-linux-CVE-2017-2616.patch b/gnu/packages/patches/util-linux-CVE-2017-2616.patch new file mode 100644 index 0000000000..2c82fb06d2 --- /dev/null +++ b/gnu/packages/patches/util-linux-CVE-2017-2616.patch @@ -0,0 +1,65 @@ +Fix CVE-2017-2616: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616 +http://seclists.org/oss-sec/2017/q1/474 + +Patch copied from upstream source repository: + +https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=dffab154d29a288aa171ff50263ecc8f2e14a891 + +From b018571132cb8c9fece3d75ed240cc74cdb5f0f7 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Wed, 1 Feb 2017 11:58:09 +0100 +Subject: [PATCH] su: properly clear child PID +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Reported-by: Tobias Stöckmann +Signed-off-by: Karel Zak +--- + login-utils/su-common.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/login-utils/su-common.c b/login-utils/su-common.c +index 0ea4e40bd..b1720f037 100644 +--- a/login-utils/su-common.c ++++ b/login-utils/su-common.c +@@ -376,6 +376,9 @@ create_watching_parent (void) + } + else + status = WEXITSTATUS (status); ++ ++ /* child is gone, don't use the PID anymore */ ++ child = (pid_t) -1; + } + else if (caught_signal) + status = caught_signal + 128; +@@ -385,7 +388,7 @@ create_watching_parent (void) + else + status = 1; + +- if (caught_signal) ++ if (caught_signal && child != (pid_t)-1) + { + fprintf (stderr, _("\nSession terminated, killing shell...")); + kill (child, SIGTERM); +@@ -395,9 +398,12 @@ create_watching_parent (void) + + if (caught_signal) + { +- sleep (2); +- kill (child, SIGKILL); +- fprintf (stderr, _(" ...killed.\n")); ++ if (child != (pid_t)-1) ++ { ++ sleep (2); ++ kill (child, SIGKILL); ++ fprintf (stderr, _(" ...killed.\n")); ++ } + + /* Let's terminate itself with the received signal. + * +-- +2.11.1 + -- cgit v1.2.3 From b01a89854ba1bd22b94c2373662bc07d035be2c1 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sun, 26 Feb 2017 21:19:39 +0100 Subject: gnu: Remove unused patch. This is a followup to 6f9d5b2e8c861c3a1243937a26400f8394946346. * gnu/packages/patches/libssh-0.6.5-CVE-2016-0739.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - .../patches/libssh-0.6.5-CVE-2016-0739.patch | 77 ---------------------- 2 files changed, 78 deletions(-) delete mode 100644 gnu/packages/patches/libssh-0.6.5-CVE-2016-0739.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 515b154b9a..0538601734 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -692,7 +692,6 @@ dist_patch_DATA = \ %D%/packages/patches/libmad-frame-length.patch \ %D%/packages/patches/libmad-mips-newgcc.patch \ %D%/packages/patches/libpng-CVE-2016-10087.patch \ - %D%/packages/patches/libssh-0.6.5-CVE-2016-0739.patch \ %D%/packages/patches/libtar-CVE-2013-4420.patch \ %D%/packages/patches/libtheora-config-guess.patch \ %D%/packages/patches/libtiff-CVE-2016-10092.patch \ diff --git a/gnu/packages/patches/libssh-0.6.5-CVE-2016-0739.patch b/gnu/packages/patches/libssh-0.6.5-CVE-2016-0739.patch deleted file mode 100644 index a5fdd7ffff..0000000000 --- a/gnu/packages/patches/libssh-0.6.5-CVE-2016-0739.patch +++ /dev/null @@ -1,77 +0,0 @@ -Fix CVE-2016-0739 (Weak Diffie-Hellman secret generation in -dh_generate_x() and dh_generate_y()). - -"Due to a byte/bit confusion, the DH secret was too short. This file was -completely reworked and will be commited in a future version." -Source: -https://git.libssh.org/projects/libssh.git/commit/?id=f8d0026c65fc8a55748ae481758e2cf376c26c86 - -This patch was created by upstream for libssh-0.7.3, but applied without -modification to libssh-0.6.3 by Debian. In Guix, we apply it without -modification to libssh-0.6.5. - -References: -https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0739 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0739 -https://security-tracker.debian.org/tracker/CVE-2016-0739 - ---- - src/dh.c | 22 +++++++++++++++++----- - 1 file changed, 17 insertions(+), 5 deletions(-) - -diff --git a/src/dh.c b/src/dh.c -index e489a1d..d27b66e 100644 ---- a/src/dh.c -+++ b/src/dh.c -@@ -227,15 +227,21 @@ void ssh_crypto_finalize(void) { - } - - int dh_generate_x(ssh_session session) { -+ int keysize; -+ if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) { -+ keysize = 1023; -+ } else { -+ keysize = 2047; -+ } - session->next_crypto->x = bignum_new(); - if (session->next_crypto->x == NULL) { - return -1; - } - - #ifdef HAVE_LIBGCRYPT -- bignum_rand(session->next_crypto->x, 128); -+ bignum_rand(session->next_crypto->x, keysize); - #elif defined HAVE_LIBCRYPTO -- bignum_rand(session->next_crypto->x, 128, 0, -1); -+ bignum_rand(session->next_crypto->x, keysize, -1, 0); - #endif - - /* not harder than this */ -@@ -248,15 +254,21 @@ int dh_generate_x(ssh_session session) { - - /* used by server */ - int dh_generate_y(ssh_session session) { -- session->next_crypto->y = bignum_new(); -+ int keysize; -+ if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) { -+ keysize = 1023; -+ } else { -+ keysize = 2047; -+ } -+ session->next_crypto->y = bignum_new(); - if (session->next_crypto->y == NULL) { - return -1; - } - - #ifdef HAVE_LIBGCRYPT -- bignum_rand(session->next_crypto->y, 128); -+ bignum_rand(session->next_crypto->y, keysize); - #elif defined HAVE_LIBCRYPTO -- bignum_rand(session->next_crypto->y, 128, 0, -1); -+ bignum_rand(session->next_crypto->y, keysize, -1, 0); - #endif - - /* not harder than this */ --- -cgit v0.12 - -- cgit v1.2.3 From 1d8e7273578e95f6b5e4293ac34c4f6fe5d5c579 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sun, 26 Feb 2017 19:46:48 -0500 Subject: gnu: gst-plugins-base: Update to 1.10.4. * gnu/packages/gstreamer.scm (gst-plugins-base): Update to 1.10.4. [source]: Remove obsolete patch 'gst-plugins-base-fix-test-on-32bit.patch' * gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/gstreamer.scm | 10 ++++--- .../gst-plugins-base-fix-test-on-32bit.patch | 32 ---------------------- 3 files changed, 6 insertions(+), 37 deletions(-) delete mode 100644 gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 0538601734..b408cc29d9 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -605,7 +605,6 @@ dist_patch_DATA = \ %D%/packages/patches/grub-gets-undeclared.patch \ %D%/packages/patches/grub-freetype.patch \ %D%/packages/patches/gsl-test-i686.patch \ - %D%/packages/patches/gst-plugins-base-fix-test-on-32bit.patch \ %D%/packages/patches/guile-1.8-cpp-4.5.patch \ %D%/packages/patches/guile-arm-fixes.patch \ %D%/packages/patches/guile-default-utf8.patch \ diff --git a/gnu/packages/gstreamer.scm b/gnu/packages/gstreamer.scm index d81aad6f88..025f665782 100644 --- a/gnu/packages/gstreamer.scm +++ b/gnu/packages/gstreamer.scm @@ -146,7 +146,7 @@ This package provides the core library and elements.") (define-public gst-plugins-base (package (name "gst-plugins-base") - (version "1.10.3") + (version "1.10.4") (source (origin (method url-fetch) @@ -154,9 +154,11 @@ This package provides the core library and elements.") name "-" version ".tar.xz")) (sha256 (base32 - "040pifl4cgsqqz2si4s1y5khj3zwm39w21siagxwp805swbrcag6")) - (patches - (search-patches "gst-plugins-base-fix-test-on-32bit.patch")))) + "1dsyjf6rncsbg4rfj40cvf1wwpjj9h3j3c7bh4zp7jylnfv4blpn")) +; (patches +; (search-patches "gst-plugins-base-fix-test-on-32bit.patch")) + + )) (build-system gnu-build-system) (outputs '("out" "doc")) (propagated-inputs diff --git a/gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch b/gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch deleted file mode 100644 index 4c6c7ed06e..0000000000 --- a/gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch +++ /dev/null @@ -1,32 +0,0 @@ -This fixes a test failure on i686. - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=5e2e111627871c566ffc6607eda8f4ef4699d040 - -From 5e2e111627871c566ffc6607eda8f4ef4699d040 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= -Date: Thu, 2 Feb 2017 14:56:39 +0200 -Subject: [PATCH] multifdsink: Make sure to use a 64 bit integer for the - units-max property - ---- - tests/check/elements/multifdsink.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tests/check/elements/multifdsink.c b/tests/check/elements/multifdsink.c -index af138cc92..951b1b9fa 100644 ---- a/tests/check/elements/multifdsink.c -+++ b/tests/check/elements/multifdsink.c -@@ -869,7 +869,7 @@ GST_START_TEST (test_client_kick) - gint i, initial_buffers = 3, num_buffers = 0; - - sink = setup_multifdsink (); -- g_object_set (sink, "units-max", initial_buffers, NULL); -+ g_object_set (sink, "units-max", (gint64) initial_buffers, NULL); - - fail_if (pipe (pfd1) == -1); - fail_if (pipe (pfd2) == -1); --- -2.11.0 - -- cgit v1.2.3