From fc193b6518ad8df0cc92cb50b88217430dea47e3 Mon Sep 17 00:00:00 2001 From: Léo Le Bouter Date: Fri, 5 Mar 2021 23:31:15 +0100 Subject: gnu: cgal: Update to 5.2 [security fixes]. * gnu/packages/patches/cgal-security-pr-5371.patch: New patch. Downloaded from , with hunks on files matching pattern "*Convex_decomposition_3*" removed because they don't exist in cgal's released sources. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/graphics.scm (cgal): Update to 5.2. [source]: Apply patch. --- gnu/packages/patches/cgal-security-pr-5371.patch | 1611 ++++++++++++++++++++++ 1 file changed, 1611 insertions(+) create mode 100644 gnu/packages/patches/cgal-security-pr-5371.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/cgal-security-pr-5371.patch b/gnu/packages/patches/cgal-security-pr-5371.patch new file mode 100644 index 0000000000..dea53dceaf --- /dev/null +++ b/gnu/packages/patches/cgal-security-pr-5371.patch @@ -0,0 +1,1611 @@ +From 618b409b0fbcef7cb536a4134ae3a424ef5aae45 Mon Sep 17 00:00:00 2001 +From: Maxime Gimeno +Date: Mon, 18 Jan 2021 15:40:40 +0100 +Subject: [PATCH 1/8] Fix Nef_2 and Nef_S2 IO + +--- + Nef_2/include/CGAL/Nef_2/PM_io_parser.h | 74 ++++++++++++--- + Nef_2/include/CGAL/Nef_polyhedron_2.h | 2 + + Nef_S2/include/CGAL/Nef_S2/SM_io_parser.h | 106 ++++++++++++++++------ + 3 files changed, 142 insertions(+), 40 deletions(-) + +diff --git a/Nef_2/include/CGAL/Nef_2/PM_io_parser.h b/Nef_2/include/CGAL/Nef_2/PM_io_parser.h +index 85295f3d85a..9b84dd37fbe 100644 +--- a/Nef_2/include/CGAL/Nef_2/PM_io_parser.h ++++ b/Nef_2/include/CGAL/Nef_2/PM_io_parser.h +@@ -200,6 +200,11 @@ bool PM_io_parser::read_vertex(Vertex_handle v) + !(in >> p) || + !check_sep("}") ) return false; + ++ if(!(f >= 0 && ((iso && f < fn) || (!iso && f < en)))) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + if (iso) v->set_face(Face_of[f]); + else v->set_halfedge(Halfedge_of[f]); + mark(v) = m; point(v) = p; +@@ -229,10 +234,14 @@ bool PM_io_parser::read_hedge(Halfedge_handle e) + !(in >> f) || !check_sep(",") || + !(in >> m) || !check_sep("}") ) + return false; +- CGAL_assertion_msg +- (eo >= 0 || (std::size_t) eo < en || epr >= 0 || (std::size_t) epr < en || ene >= 0 || (std::size_t) ene < en || +- v >= 0 || (std::size_t) v < vn || f >= 0 || (std::size_t) f < fn , +- "wrong index in read_hedge"); ++ ++ if(!(eo >= 0 && (std::size_t) eo < en && epr >= 0 && (std::size_t) epr < en && ene >= 0 && (std::size_t) ene < en && ++ v >= 0 && (std::size_t) v < vn && f >= 0 && (std::size_t) f < fn )) ++ { ++ in.clear(std::ios_base::badbit); ++ std::cerr<<"wrong index in read_hedge"<opposite()]); +@@ -267,14 +276,32 @@ bool PM_io_parser::read_face(Face_handle f) + int n, ei, vi; Mark m; + if ( !(in >> n) || !check_sep("{") ) return false; + if ( !(in >> ei) || !check_sep(",") ) return false; +- if (ei >= 0) f->set_halfedge(Halfedge_of[ei]); ++ if (ei >= 0 && ei < en) ++ { ++ f->set_halfedge(Halfedge_of[ei]); ++ } ++ else ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + while (in >> ei) { + CGAL_assertion_msg(ei >= 0 && (std::size_t) ei < en, "wrong index in face cycle list."); ++ if (!(ei >= 0 && ei < en)) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + f->store_fc(Halfedge_of[ei]); + } in.clear(); + if (!check_sep(",")) { return false; } + while (in >> vi) { + CGAL_assertion_msg(vi >= 0 && (std::size_t) vi < vn, "wrong index in iso vertex list."); ++ if (!(vi >= 0 && vi < vn)) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + f->store_iv(Vertex_of[vi]); + } in.clear(); + if (!check_sep(",") || !(in >> m) || !check_sep("}") ) +@@ -313,13 +340,26 @@ template + void PM_io_parser::read() + { + if ( !check_sep("Plane_map_2") ) +- CGAL_error_msg("PM_io_parser::read: no embedded_PM header."); ++ { ++ std::cerr<<"PM_io_parser::read: no embedded_PM header."<> vn)) ) +- CGAL_error_msg("PM_io_parser::read: wrong node line."); ++ { ++ std::cerr<<"PM_io_parser::read: wrong node line."<> en) && (en%2==0)) ) +- CGAL_error_msg("PM_io_parser::read: wrong edge line."); ++ { ++ std::cerr<<"PM_io_parser::read: wrong edge line."<> fn)) ) +- CGAL_error_msg("PM_io_parser::read: wrong face line."); ++ { ++ std::cerr<<"PM_io_parser::read: wrong face line."<::read() + + for(i=0; i> + std::cerr << "Nef_polyhedron_2 input corrupted." << std::endl; + NP = Nef_polyhedron_2(); + } ++ if(!is) ++ return is; + typename Nef_polyhedron_2::Topological_explorer D(NP.explorer()); + D.check_integrity_and_topological_planarity(); + return is; +diff --git a/Nef_S2/include/CGAL/Nef_S2/SM_io_parser.h b/Nef_S2/include/CGAL/Nef_S2/SM_io_parser.h +index 7bddd3036d5..631c63dc5dc 100644 +--- a/Nef_S2/include/CGAL/Nef_S2/SM_io_parser.h ++++ b/Nef_S2/include/CGAL/Nef_S2/SM_io_parser.h +@@ -203,8 +203,14 @@ bool SM_io_parser::read_vertex(SVertex_handle v) + !(in >> p) || + !check_sep("}") ) return false; + +- if (iso) set_face(v,SFace_of[f]); +- else set_first_out_edge(v,Edge_of[f]); ++ if(f<0 || (iso && f > fn) || (!iso && f > en)) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } ++ ++ if (iso) this->set_face(v,SFace_of[f]); ++ else this->set_first_out_edge(v,Edge_of[f]); + v->mark() = m; v->point() = p; + return true; + } +@@ -235,17 +241,21 @@ bool SM_io_parser::read_edge(SHalfedge_handle e) + !(in >> m) || !check_sep(",") || + !(in >> k) || !check_sep("}") ) + return false; +- CGAL_assertion_msg ++ if (! + (eo >= 0 && eo < en && epr >= 0 && epr < en && ene >= 0 && ene < en && +- v >= 0 && v < vn && f >= 0 && f < fn , +- "wrong index in read_edge"); ++ v >= 0 && v < vn && f >= 0 && f < fn )) ++ { ++ std::cerr<<"wrong index in read_edge"<twin()]); +- set_prev(e,Edge_of[epr]); +- set_next(e,Edge_of[ene]); +- set_source(e,SVertex_of[v]); +- set_face(e,SFace_of[f]); ++ this->set_prev(e,Edge_of[epr]); ++ this->set_next(e,Edge_of[ene]); ++ this->set_source(e,SVertex_of[v]); ++ this->set_face(e,SFace_of[f]); + e->mark() = m; + e->circle() = k; + return true; +@@ -274,7 +284,7 @@ bool SM_io_parser::read_loop(SHalfloop_handle l) + CGAL_assertion_msg( + (lo >= 0 && lo < 2 && f >= 0 && f < fn),"wrong index in read_edge"); + +- set_face(l,SFace_of[f]); ++ this->set_face(l,SFace_of[f]); + l->mark() = m; + l->circle() = k; + return true; +@@ -303,21 +313,33 @@ bool SM_io_parser::read_face(SFace_handle f) + int n, ei, vi, li; Mark m; + if ( !(in >> n) || !check_sep("{") ) return false; + while (in >> ei) { +- CGAL_assertion_msg(ei >= 0 && ei < en, +- "wrong index in face cycle list."); +- store_sm_boundary_object(Edge_of[ei],f); ++ if(!(ei >= 0 && ei < en)) ++ { ++ std::cerr<<"wrong index in face cycle list."<store_sm_boundary_object(Edge_of[ei],f); + } in.clear(); + if (!check_sep(",")) { return false; } + while (in >> vi) { +- CGAL_assertion_msg(vi >= 0 && vi < vn, +- "wrong index in iso vertex list."); +- store_sm_boundary_object(SVertex_of[vi],f); ++ if(!(vi >= 0 && vi < vn)) ++ { ++ std::cerr<<"wrong index in iso vertex list."<store_sm_boundary_object(SVertex_of[vi],f); + } in.clear(); + if (!check_sep(",")) { return false; } + while (in >> li) { +- CGAL_assertion_msg(li >= 0 && li < 2, +- "wrong index in iso vertex list."); +- store_sm_boundary_object(Loop_of[li],f); ++ if(!(li >= 0 && li < 2)) ++ { ++ std::cerr<<"wrong index in iso vertex list."<store_sm_boundary_object(Loop_of[li],f); + } in.clear(); + if (!check_sep(",") || !(in >> m) || !check_sep("}") ) + return false; +@@ -357,16 +379,36 @@ void SM_io_parser::print() const + template + void SM_io_parser::read() + { ++ if ( !check_sep("Nef_polyhedron_S2") ) ++ { ++ std::cerr<<"Missing line in header"<> vn)) ) +- CGAL_error_msg("SM_io_parser::read: wrong vertex line."); ++ { ++ std::cerr<<"SM_io_parser::read: wrong vertex line."<> en) && (en%2==0)) ) +- CGAL_error_msg("SM_io_parser::read: wrong edge line."); ++ { ++ std::cerr<<"SM_io_parser::read: wrong edge line."<> ln)) ) +- CGAL_error_msg("SM_io_parser::read: wrong loop line."); ++ { ++ std::cerr<<"SM_io_parser::read: wrong loop line."<> fn)) ) +- CGAL_error_msg("SM_io_parser::read: wrong face line."); ++ { ++ std::cerr<<"SM_io_parser::read: wrong face line."<::read() + + for(i=0; i +Date: Tue, 19 Jan 2021 12:24:08 +0100 +Subject: [PATCH 2/8] Fix Nef_3 + +--- + Nef_3/include/CGAL/Nef_3/SNC_io_parser.h | 195 ++++++++++++++++++++++- + 1 file changed, 188 insertions(+), 7 deletions(-) + +diff --git a/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h b/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h +index 5eee7528ee7..04d9d0ac8e8 100644 +--- a/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h ++++ b/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h +@@ -1444,40 +1444,61 @@ void SNC_io_parser::read_items(int plus01) { + typename std::vector::iterator vi; + for(vi=Vertex_of.begin(); vi!=Vertex_of.end(); ++vi) { + if (!read_vertex(*vi)) +- CGAL_error_msg("SNC_io_parser::read: error in node line"); ++ { ++ std::cerr<<"SNC_io_parser::read: error in node line"<::iterator ei; + for(ei=Edge_of.begin(); ei!=Edge_of.end(); ++ei) { + if (!read_edge(*ei)) +- CGAL_error_msg("SNC_io_parser::read: error in edge line"); ++ { ++ std::cerr<<"SNC_io_parser::read: error in edge line"<::iterator vhf_iterator; + vhf_iterator fi; + for(fi=Halffacet_of.begin(); fi!=Halffacet_of.end(); ++fi) { + if (!read_facet(*fi)) +- CGAL_error_msg("SNC_io_parser::read: error in facet line"); ++ { ++ std::cerr<<"SNC_io_parser::read: error in facet line"<::iterator ci; + for(ci=Volume_of.begin()+plus01; ci!=Volume_of.end(); ++ci) { + if (!read_volume(*ci)) +- CGAL_error_msg("SNC_io_parser::read: error in volume line"); ++ { ++ std::cerr<<"SNC_io_parser::read: error in volume line"<::iterator sei; + for(sei=SEdge_of.begin(); sei!=SEdge_of.end(); ++sei) { + if (!read_sedge(*sei)) +- CGAL_error_msg("SNC_io_parser::read: error in sedge line"); ++ { ++ std::cerr<<"SNC_io_parser::read: error in sedge line"<::iterator sli; + for(sli=SLoop_of.begin(); sli!=SLoop_of.end(); ++sli) { + if (!read_sloop(*sli)) +- CGAL_error_msg("SNC_io_parser::read: error in sloop line"); ++ { ++ std::cerr<<"SNC_io_parser::read: error in sloop line"<::iterator sfi; + for(sfi=SFace_of.begin(); sfi!=SFace_of.end(); ++sfi) { + if (!read_sface(*sfi)) +- CGAL_error_msg("SNC_io_parser::read: error in sface line"); ++ { ++ std::cerr<<"SNC_io_parser::read: error in sface line"<sncp()); +@@ -1535,21 +1556,56 @@ read_vertex(Vertex_handle vh) { + vh->sncp() = this->sncp(); + + in >> index; ++ if(index >= int(en)) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + vh->svertices_begin() = (index >= 0 ? Edge_of[index] : this->svertices_end()); + in >> index; ++ if(index >= int(en)) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + vh->svertices_last() = index >= 0 ? Edge_of[index] : this->svertices_end(); + OK = OK && test_string(","); + in >> index; ++ if(index >= int(sen)) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + vh->shalfedges_begin() = index >= 0 ? SEdge_of[index] : this->shalfedges_end(); + in >> index; ++ if(index >= int(sen)) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + vh->shalfedges_last() = index >= 0 ? SEdge_of[index] : this->shalfedges_end(); + OK = OK && test_string(","); + in >> index; ++ if(index >= int(sfn)) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + vh->sfaces_begin() = index >= 0 ? SFace_of[index] : this->sfaces_end(); + in >> index; ++ if(index >= int(sfn)) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + vh->sfaces_last() = index >= 0 ? SFace_of[index] : this->sfaces_end(); + OK = OK && test_string(","); + in >> index; ++ if(index >= int(sln)) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + vh->shalfloop() = index >= 0 ? SLoop_of[index] : this->shalfloops_end(); + OK = OK && test_string("|"); + #ifdef CGAL_NEF_NATURAL_COORDINATE_INPUT +@@ -1604,17 +1660,37 @@ read_edge(Halfedge_handle eh) { + OK = OK && test_string("{"); + + in >> index; ++ if(index < 0 || index >= int(en)) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + eh->twin() = Edge_of[index]; + OK = OK && test_string(","); + in >> index; ++ if(index < 0 || index >= int(vn)) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + eh->center_vertex() = Vertex_of[index]; + OK = OK && test_string(","); + in >> index; + if(index == 0) { + in >> index; ++ if(index < 0 || index >= int(sen)) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + eh->out_sedge() = SEdge_of[index]; + } else { + in >> index; ++ if(index < 0 || index >= int(sfn)) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + eh->incident_sface() = SFace_of[index]; + } + OK = OK && test_string("|"); +@@ -1669,6 +1745,11 @@ read_facet(Halffacet_handle fh) { + OK = OK && test_string("{"); + + in >> index; ++ if(index < 0 || index >= int(fn)) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + fh->twin() = Halffacet_of[index]; + OK = OK && test_string(","); + +@@ -1676,6 +1757,11 @@ read_facet(Halffacet_handle fh) { + while(isdigit(cc)) { + in.putback(cc); + in >> index; ++ if(index < 0 || index >= int(sen)) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + fh->boundary_entry_objects().push_back(make_object(SEdge_of[index])); + in >> cc; + } +@@ -1684,11 +1770,21 @@ read_facet(Halffacet_handle fh) { + while(isdigit(cc)) { + in.putback(cc); + in >> index; ++ if(index < 0 || index >= int(sln)) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + fh->boundary_entry_objects().push_back(make_object(SLoop_of[index])); + in >> cc; + } + + in >> index; ++ if(index < 0 || index >= int(vn)) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + fh->incident_volume() = Volume_of[index+addInfiBox]; + OK = OK && test_string("|"); + #ifdef CGAL_NEF_NATURAL_COORDINATE_INPUT +@@ -1731,6 +1827,11 @@ read_volume(Volume_handle ch) { + while(isdigit(cc)) { + in.putback(cc); + in >> index; ++ if(index < 0 || index >= int(sfn)) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + ch->shell_entry_objects().push_back(make_object(SFace_of[index])); + in >> cc; + } +@@ -1781,27 +1882,67 @@ read_sedge(SHalfedge_handle seh) { + OK = OK && test_string("{"); + + in >> index; ++ if(index < 0 || index >= int(sen)) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + seh->twin() = SEdge_of[index]; + OK = OK && test_string(","); + in >> index; ++ if(index < 0 || index >= int(sen)) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + seh->sprev() = SEdge_of[index]; + OK = OK && test_string(","); + in >> index; ++ if(index < 0 || index >= int(sen)) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + seh->snext() = SEdge_of[index]; + OK = OK && test_string(","); + in >> index; ++ if(index < 0 || index >= int(en)) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + seh->source() = Edge_of[index]; + OK = OK && test_string(","); + in >> index; ++ if(index < 0 || index >= int(sfn)) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + seh->incident_sface() = SFace_of[index]; + OK = OK && test_string(","); + in >> index; ++ if(index < 0 || index >= int(sen)) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + seh->prev() = SEdge_of[index]; + OK = OK && test_string(","); + in >> index; ++ if(index < 0 || index >= int(sen)) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + seh->next() = SEdge_of[index]; + OK = OK && test_string(","); + in >> index; ++ if(index < 0 || index >= int(fn)) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + seh->facet() = Halffacet_of[index]; + OK = OK && test_string("|"); + #ifdef CGAL_NEF_NATURAL_COORDINATE_INPUT +@@ -1852,12 +1993,27 @@ read_sloop(SHalfloop_handle slh) { + OK = OK && test_string("{"); + + in >> index; ++ if(index < 0 || index >= sln) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + slh->twin() = SLoop_of[index]; + OK = OK && test_string(","); + in >> index; ++ if(index < 0 || index >= sfn) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + slh->incident_sface() = SFace_of[index]; + OK = OK && test_string(","); + in >> index; ++ if(index < 0 || index >= fn) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + slh->facet() = Halffacet_of[index]; + OK = OK && test_string("|"); + #ifdef CGAL_NEF_NATURAL_COORDINATE_INPUT +@@ -1904,6 +2060,11 @@ read_sface(SFace_handle sfh) { + OK = OK && test_string("{"); + + in >> index; ++ if(index < 0 || index >= vn) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + sfh->center_vertex() = Vertex_of[index]; + OK = OK && test_string(","); + +@@ -1913,6 +2074,11 @@ read_sface(SFace_handle sfh) { + in >> index; + // sfh->boundary_entry_objects().push_back(SEdge_of[index]); + SM_decorator SD(&*sfh->center_vertex()); ++ if(index < 0 || index >= sen) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + SD.link_as_face_cycle(SEdge_of[index],sfh); + in >> cc; + } +@@ -1921,6 +2087,11 @@ read_sface(SFace_handle sfh) { + while(isdigit(cc)) { + in.putback(cc); + in >> index; ++ if(index < 0 || index >= en) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + sfh->boundary_entry_objects().push_back(make_object(Edge_of[index])); + this->sncp()->store_sm_boundary_item(Edge_of[index], --(sfh->sface_cycles_end())); + in >> cc; +@@ -1930,12 +2101,22 @@ read_sface(SFace_handle sfh) { + while(isdigit(cc)) { + in.putback(cc); + in >> index; ++ if(index < 0 || index >= sln) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + sfh->boundary_entry_objects().push_back(make_object(SLoop_of[index])); + this->sncp()->store_sm_boundary_item(SLoop_of[index], --(sfh->sface_cycles_end())); + in >> cc; + } + + in >> index; ++ if(index < 0 || index >= vn) ++ { ++ in.clear(std::ios_base::badbit); ++ return false; ++ } + sfh->volume() = Volume_of[index+addInfiBox]; + OK = OK && test_string("}"); + in >> sfh->mark(); + +From 9e291e6bbfe23137fb2dd3a0f8d6461229ca2376 Mon Sep 17 00:00:00 2001 +From: Maxime Gimeno +Date: Tue, 19 Jan 2021 14:04:54 +0100 +Subject: [PATCH 3/8] replace cerr by CGAL_warning_msg + +--- + Nef_2/include/CGAL/Nef_2/PM_io_parser.h | 14 +++--- + Nef_3/include/CGAL/Nef_3/SNC_io_parser.h | 53 ++++++++++++++++------- + Nef_S2/include/CGAL/Nef_S2/SM_io_parser.h | 18 ++++---- + 3 files changed, 54 insertions(+), 31 deletions(-) + +diff --git a/Nef_2/include/CGAL/Nef_2/PM_io_parser.h b/Nef_2/include/CGAL/Nef_2/PM_io_parser.h +index 9b84dd37fbe..52bc830e115 100644 +--- a/Nef_2/include/CGAL/Nef_2/PM_io_parser.h ++++ b/Nef_2/include/CGAL/Nef_2/PM_io_parser.h +@@ -341,23 +341,23 @@ void PM_io_parser::read() + { + if ( !check_sep("Plane_map_2") ) + { +- std::cerr<<"PM_io_parser::read: no embedded_PM header."<> vn)) ) + { +- std::cerr<<"PM_io_parser::read: wrong node line."<> en) && (en%2==0)) ) + { +- std::cerr<<"PM_io_parser::read: wrong edge line."<> fn)) ) + { +- std::cerr<<"PM_io_parser::read: wrong face line."<::read() + for(i=0; i + void SNC_io_parser::read() + { + if ( !check_sep("Selective Nef Complex") ) +- CGAL_error_msg("SNC_io_parser::read: no SNC header."); ++ { ++ CGAL_warning_msg(false, "SNC_io_parser::read: no SNC header."); ++ returnl ++ } + std::string kernel_type; + in >> kernel_type; + CGAL_assertion(kernel_type == "standard" || kernel_type == "extended"); + if ( !(check_sep("vertices") && (in >> vn)) ) +- CGAL_error_msg("SNC_io_parser::read: wrong vertex line."); ++ { ++ CGAL_warning_msg(false, "SNC_io_parser::read: wrong vertex line."); ++ return; ++ } + if ( !(check_sep("halfedges") && (in >> en) && (en%2==0)) ) +- CGAL_error_msg("SNC_io_parser::read: wrong edge line."); ++ { ++ CGAL_warning_msg(false, "SNC_io_parser::read: wrong edge line."); ++ return; ++ } + if ( !(check_sep("facets") && (in >> fn) && (fn%2==0)) ) +- CGAL_error_msg("SNC_io_parser::read: wrong facet line."); ++ { ++ CGAL_warning_msg(false, "SNC_io_parser::read: wrong facet line."); ++ } + if ( !(check_sep("volumes") && (in >> cn)) ) +- CGAL_error_msg("SNC_io_parser::read: wrong volume line."); ++ { ++ CGAL_warning_msg(false, "SNC_io_parser::read: wrong volume line."); ++ return; ++ } + if ( !(check_sep("shalfedges") && (in >> sen)) ) +- CGAL_error_msg("SNC_io_parser::read: wrong sedge line."); ++ { ++ CGAL_warning_msg(false, "SNC_io_parser::read: wrong sedge line."); ++ return; ++ } + if ( !(check_sep("shalfloops") && (in >> sln)) ) +- CGAL_error_msg("SNC_io_parser::read: wrong sloop line."); ++ { ++ CGAL_warning_msg(false, "SNC_io_parser::read: wrong sloop line."); ++ return; ++ } + if ( !(check_sep("sfaces") && (in >> sfn)) ) +- CGAL_error_msg("SNC_io_parser::read: wrong sface line."); ++ { ++ CGAL_warning_msg(false, "SNC_io_parser::read: wrong sface line."); ++ return; ++ } + + addInfiBox = (kernel_type == "standard" && Infi_box::extended_kernel()); + +@@ -1445,7 +1468,7 @@ void SNC_io_parser::read_items(int plus01) { + for(vi=Vertex_of.begin(); vi!=Vertex_of.end(); ++vi) { + if (!read_vertex(*vi)) + { +- std::cerr<<"SNC_io_parser::read: error in node line"<::read_items(int plus01) { + for(ei=Edge_of.begin(); ei!=Edge_of.end(); ++ei) { + if (!read_edge(*ei)) + { +- std::cerr<<"SNC_io_parser::read: error in edge line"<::read_items(int plus01) { + for(fi=Halffacet_of.begin(); fi!=Halffacet_of.end(); ++fi) { + if (!read_facet(*fi)) + { +- std::cerr<<"SNC_io_parser::read: error in facet line"<::read_items(int plus01) { + for(ci=Volume_of.begin()+plus01; ci!=Volume_of.end(); ++ci) { + if (!read_volume(*ci)) + { +- std::cerr<<"SNC_io_parser::read: error in volume line"<::read_items(int plus01) { + for(sei=SEdge_of.begin(); sei!=SEdge_of.end(); ++sei) { + if (!read_sedge(*sei)) + { +- std::cerr<<"SNC_io_parser::read: error in sedge line"<::read_items(int plus01) { + for(sli=SLoop_of.begin(); sli!=SLoop_of.end(); ++sli) { + if (!read_sloop(*sli)) + { +- std::cerr<<"SNC_io_parser::read: error in sloop line"<::read_items(int plus01) { + for(sfi=SFace_of.begin(); sfi!=SFace_of.end(); ++sfi) { + if (!read_sface(*sfi)) + { +- std::cerr<<"SNC_io_parser::read: error in sface line"<::read() + { + if ( !check_sep("Nef_polyhedron_S2") ) + { +- std::cerr<<"Missing line in header"<> vn)) ) + { +- std::cerr<<"SM_io_parser::read: wrong vertex line."<> en) && (en%2==0)) ) + { +- std::cerr<<"SM_io_parser::read: wrong edge line."<> ln)) ) + { +- std::cerr<<"SM_io_parser::read: wrong loop line."<> fn)) ) + { +- std::cerr<<"SM_io_parser::read: wrong face line."<::read() + for(i=0; i::read() + for(i=0; i +Date: Wed, 20 Jan 2021 08:38:33 +0100 +Subject: [PATCH 4/8] Fix typo and use setstate + +--- + Nef_2/include/CGAL/Nef_2/PM_io_parser.h | 10 ++-- + Nef_3/include/CGAL/Nef_3/SNC_io_parser.h | 66 +++++++++++------------ + Nef_S2/include/CGAL/Nef_S2/SM_io_parser.h | 10 ++-- + 3 files changed, 43 insertions(+), 43 deletions(-) + +diff --git a/Nef_2/include/CGAL/Nef_2/PM_io_parser.h b/Nef_2/include/CGAL/Nef_2/PM_io_parser.h +index 52bc830e115..64a3e94916e 100644 +--- a/Nef_2/include/CGAL/Nef_2/PM_io_parser.h ++++ b/Nef_2/include/CGAL/Nef_2/PM_io_parser.h +@@ -202,7 +202,7 @@ bool PM_io_parser::read_vertex(Vertex_handle v) + + if(!(f >= 0 && ((iso && f < fn) || (!iso && f < en)))) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + if (iso) v->set_face(Face_of[f]); +@@ -238,7 +238,7 @@ bool PM_io_parser::read_hedge(Halfedge_handle e) + if(!(eo >= 0 && (std::size_t) eo < en && epr >= 0 && (std::size_t) epr < en && ene >= 0 && (std::size_t) ene < en && + v >= 0 && (std::size_t) v < vn && f >= 0 && (std::size_t) f < fn )) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + std::cerr<<"wrong index in read_hedge"<::read_face(Face_handle f) + } + else + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + while (in >> ei) { + CGAL_assertion_msg(ei >= 0 && (std::size_t) ei < en, "wrong index in face cycle list."); + if (!(ei >= 0 && ei < en)) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + f->store_fc(Halfedge_of[ei]); +@@ -299,7 +299,7 @@ bool PM_io_parser::read_face(Face_handle f) + CGAL_assertion_msg(vi >= 0 && (std::size_t) vi < vn, "wrong index in iso vertex list."); + if (!(vi >= 0 && vi < vn)) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + f->store_iv(Vertex_of[vi]); +diff --git a/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h b/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h +index 21c54dd4133..e5530445153 100644 +--- a/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h ++++ b/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h +@@ -1402,7 +1402,7 @@ void SNC_io_parser::read() + if ( !check_sep("Selective Nef Complex") ) + { + CGAL_warning_msg(false, "SNC_io_parser::read: no SNC header."); +- returnl ++ return; + } + std::string kernel_type; + in >> kernel_type; +@@ -1581,14 +1581,14 @@ read_vertex(Vertex_handle vh) { + in >> index; + if(index >= int(en)) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + vh->svertices_begin() = (index >= 0 ? Edge_of[index] : this->svertices_end()); + in >> index; + if(index >= int(en)) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + vh->svertices_last() = index >= 0 ? Edge_of[index] : this->svertices_end(); +@@ -1596,14 +1596,14 @@ read_vertex(Vertex_handle vh) { + in >> index; + if(index >= int(sen)) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + vh->shalfedges_begin() = index >= 0 ? SEdge_of[index] : this->shalfedges_end(); + in >> index; + if(index >= int(sen)) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + vh->shalfedges_last() = index >= 0 ? SEdge_of[index] : this->shalfedges_end(); +@@ -1611,14 +1611,14 @@ read_vertex(Vertex_handle vh) { + in >> index; + if(index >= int(sfn)) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + vh->sfaces_begin() = index >= 0 ? SFace_of[index] : this->sfaces_end(); + in >> index; + if(index >= int(sfn)) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + vh->sfaces_last() = index >= 0 ? SFace_of[index] : this->sfaces_end(); +@@ -1626,7 +1626,7 @@ read_vertex(Vertex_handle vh) { + in >> index; + if(index >= int(sln)) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + vh->shalfloop() = index >= 0 ? SLoop_of[index] : this->shalfloops_end(); +@@ -1685,7 +1685,7 @@ read_edge(Halfedge_handle eh) { + in >> index; + if(index < 0 || index >= int(en)) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + eh->twin() = Edge_of[index]; +@@ -1693,7 +1693,7 @@ read_edge(Halfedge_handle eh) { + in >> index; + if(index < 0 || index >= int(vn)) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + eh->center_vertex() = Vertex_of[index]; +@@ -1703,7 +1703,7 @@ read_edge(Halfedge_handle eh) { + in >> index; + if(index < 0 || index >= int(sen)) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + eh->out_sedge() = SEdge_of[index]; +@@ -1711,7 +1711,7 @@ read_edge(Halfedge_handle eh) { + in >> index; + if(index < 0 || index >= int(sfn)) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + eh->incident_sface() = SFace_of[index]; +@@ -1770,7 +1770,7 @@ read_facet(Halffacet_handle fh) { + in >> index; + if(index < 0 || index >= int(fn)) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + fh->twin() = Halffacet_of[index]; +@@ -1782,7 +1782,7 @@ read_facet(Halffacet_handle fh) { + in >> index; + if(index < 0 || index >= int(sen)) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + fh->boundary_entry_objects().push_back(make_object(SEdge_of[index])); +@@ -1795,7 +1795,7 @@ read_facet(Halffacet_handle fh) { + in >> index; + if(index < 0 || index >= int(sln)) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + fh->boundary_entry_objects().push_back(make_object(SLoop_of[index])); +@@ -1805,7 +1805,7 @@ read_facet(Halffacet_handle fh) { + in >> index; + if(index < 0 || index >= int(vn)) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + fh->incident_volume() = Volume_of[index+addInfiBox]; +@@ -1852,7 +1852,7 @@ read_volume(Volume_handle ch) { + in >> index; + if(index < 0 || index >= int(sfn)) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + ch->shell_entry_objects().push_back(make_object(SFace_of[index])); +@@ -1907,7 +1907,7 @@ read_sedge(SHalfedge_handle seh) { + in >> index; + if(index < 0 || index >= int(sen)) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + seh->twin() = SEdge_of[index]; +@@ -1915,7 +1915,7 @@ read_sedge(SHalfedge_handle seh) { + in >> index; + if(index < 0 || index >= int(sen)) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + seh->sprev() = SEdge_of[index]; +@@ -1923,7 +1923,7 @@ read_sedge(SHalfedge_handle seh) { + in >> index; + if(index < 0 || index >= int(sen)) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + seh->snext() = SEdge_of[index]; +@@ -1931,7 +1931,7 @@ read_sedge(SHalfedge_handle seh) { + in >> index; + if(index < 0 || index >= int(en)) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + seh->source() = Edge_of[index]; +@@ -1939,7 +1939,7 @@ read_sedge(SHalfedge_handle seh) { + in >> index; + if(index < 0 || index >= int(sfn)) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + seh->incident_sface() = SFace_of[index]; +@@ -1947,7 +1947,7 @@ read_sedge(SHalfedge_handle seh) { + in >> index; + if(index < 0 || index >= int(sen)) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + seh->prev() = SEdge_of[index]; +@@ -1955,7 +1955,7 @@ read_sedge(SHalfedge_handle seh) { + in >> index; + if(index < 0 || index >= int(sen)) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + seh->next() = SEdge_of[index]; +@@ -1963,7 +1963,7 @@ read_sedge(SHalfedge_handle seh) { + in >> index; + if(index < 0 || index >= int(fn)) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + seh->facet() = Halffacet_of[index]; +@@ -2018,7 +2018,7 @@ read_sloop(SHalfloop_handle slh) { + in >> index; + if(index < 0 || index >= sln) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + slh->twin() = SLoop_of[index]; +@@ -2026,7 +2026,7 @@ read_sloop(SHalfloop_handle slh) { + in >> index; + if(index < 0 || index >= sfn) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + slh->incident_sface() = SFace_of[index]; +@@ -2034,7 +2034,7 @@ read_sloop(SHalfloop_handle slh) { + in >> index; + if(index < 0 || index >= fn) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + slh->facet() = Halffacet_of[index]; +@@ -2085,7 +2085,7 @@ read_sface(SFace_handle sfh) { + in >> index; + if(index < 0 || index >= vn) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + sfh->center_vertex() = Vertex_of[index]; +@@ -2099,7 +2099,7 @@ read_sface(SFace_handle sfh) { + SM_decorator SD(&*sfh->center_vertex()); + if(index < 0 || index >= sen) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + SD.link_as_face_cycle(SEdge_of[index],sfh); +@@ -2112,7 +2112,7 @@ read_sface(SFace_handle sfh) { + in >> index; + if(index < 0 || index >= en) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + sfh->boundary_entry_objects().push_back(make_object(Edge_of[index])); +@@ -2126,7 +2126,7 @@ read_sface(SFace_handle sfh) { + in >> index; + if(index < 0 || index >= sln) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + sfh->boundary_entry_objects().push_back(make_object(SLoop_of[index])); +@@ -2137,7 +2137,7 @@ read_sface(SFace_handle sfh) { + in >> index; + if(index < 0 || index >= vn) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + sfh->volume() = Volume_of[index+addInfiBox]; +diff --git a/Nef_S2/include/CGAL/Nef_S2/SM_io_parser.h b/Nef_S2/include/CGAL/Nef_S2/SM_io_parser.h +index a9377719f93..d58126bac9c 100644 +--- a/Nef_S2/include/CGAL/Nef_S2/SM_io_parser.h ++++ b/Nef_S2/include/CGAL/Nef_S2/SM_io_parser.h +@@ -205,7 +205,7 @@ bool SM_io_parser::read_vertex(SVertex_handle v) + + if(f<0 || (iso && f > fn) || (!iso && f > en)) + { +- in.clear(std::ios_base::badbit); ++ in.setstate(std::ios_base::badbit); + return false; + } + +@@ -246,7 +246,7 @@ bool SM_io_parser::read_edge(SHalfedge_handle e) + v >= 0 && v < vn && f >= 0 && f < fn )) + { + std::cerr<<"wrong index in read_edge"<::read_face(SFace_handle f) + if(!(ei >= 0 && ei < en)) + { + std::cerr<<"wrong index in face cycle list."<store_sm_boundary_object(Edge_of[ei],f); +@@ -326,7 +326,7 @@ bool SM_io_parser::read_face(SFace_handle f) + if(!(vi >= 0 && vi < vn)) + { + std::cerr<<"wrong index in iso vertex list."<store_sm_boundary_object(SVertex_of[vi],f); +@@ -336,7 +336,7 @@ bool SM_io_parser::read_face(SFace_handle f) + if(!(li >= 0 && li < 2)) + { + std::cerr<<"wrong index in iso vertex list."<store_sm_boundary_object(Loop_of[li],f); + +From ffa019712b0ad3b20e3d02edad4d731fda04a2ef Mon Sep 17 00:00:00 2001 +From: Maxime Gimeno +Date: Mon, 25 Jan 2021 12:59:48 +0100 +Subject: [PATCH 5/8] First face may be -1, don't fail on it, just don't use it + +--- + Nef_2/include/CGAL/Nef_2/PM_io_parser.h | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +diff --git a/Nef_2/include/CGAL/Nef_2/PM_io_parser.h b/Nef_2/include/CGAL/Nef_2/PM_io_parser.h +index 64a3e94916e..d08b08180d6 100644 +--- a/Nef_2/include/CGAL/Nef_2/PM_io_parser.h ++++ b/Nef_2/include/CGAL/Nef_2/PM_io_parser.h +@@ -280,11 +280,7 @@ bool PM_io_parser::read_face(Face_handle f) + { + f->set_halfedge(Halfedge_of[ei]); + } +- else +- { +- in.setstate(std::ios_base::badbit); +- return false; +- } ++ + while (in >> ei) { + CGAL_assertion_msg(ei >= 0 && (std::size_t) ei < en, "wrong index in face cycle list."); + if (!(ei >= 0 && ei < en)) + +From d78842712cdfcbb3bdfc5f7cb252d3772fd6a16f Mon Sep 17 00:00:00 2001 +From: Maxime Gimeno +Date: Tue, 26 Jan 2021 09:55:20 +0100 +Subject: [PATCH 6/8] Fix conversion warnigns + +--- + Nef_2/include/CGAL/Nef_2/PM_io_parser.h | 8 ++++---- + Nef_3/include/CGAL/Nef_3/SNC_io_parser.h | 18 +++++++++--------- + 2 files changed, 13 insertions(+), 13 deletions(-) + +diff --git a/Nef_2/include/CGAL/Nef_2/PM_io_parser.h b/Nef_2/include/CGAL/Nef_2/PM_io_parser.h +index d08b08180d6..39b99b37d7c 100644 +--- a/Nef_2/include/CGAL/Nef_2/PM_io_parser.h ++++ b/Nef_2/include/CGAL/Nef_2/PM_io_parser.h +@@ -200,7 +200,7 @@ bool PM_io_parser::read_vertex(Vertex_handle v) + !(in >> p) || + !check_sep("}") ) return false; + +- if(!(f >= 0 && ((iso && f < fn) || (!iso && f < en)))) ++ if(!(f >= 0 && ((iso && (std::size_t)f < fn) || (!iso && (std::size_t)f < en)))) + { + in.setstate(std::ios_base::badbit); + return false; +@@ -276,14 +276,14 @@ bool PM_io_parser::read_face(Face_handle f) + int n, ei, vi; Mark m; + if ( !(in >> n) || !check_sep("{") ) return false; + if ( !(in >> ei) || !check_sep(",") ) return false; +- if (ei >= 0 && ei < en) ++ if (ei >= 0 && (std::size_t) ei < en) + { + f->set_halfedge(Halfedge_of[ei]); + } + + while (in >> ei) { + CGAL_assertion_msg(ei >= 0 && (std::size_t) ei < en, "wrong index in face cycle list."); +- if (!(ei >= 0 && ei < en)) ++ if (!(ei >= 0 && (std::size_t)ei < en)) + { + in.setstate(std::ios_base::badbit); + return false; +@@ -293,7 +293,7 @@ bool PM_io_parser::read_face(Face_handle f) + if (!check_sep(",")) { return false; } + while (in >> vi) { + CGAL_assertion_msg(vi >= 0 && (std::size_t) vi < vn, "wrong index in iso vertex list."); +- if (!(vi >= 0 && vi < vn)) ++ if (!(vi >= 0 && (std::size_t)vi < vn)) + { + in.setstate(std::ios_base::badbit); + return false; +diff --git a/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h b/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h +index e5530445153..1dde7f8d0b3 100644 +--- a/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h ++++ b/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h +@@ -1579,7 +1579,7 @@ read_vertex(Vertex_handle vh) { + vh->sncp() = this->sncp(); + + in >> index; +- if(index >= int(en)) ++ if(index >= (int)en) + { + in.setstate(std::ios_base::badbit); + return false; +@@ -2016,7 +2016,7 @@ read_sloop(SHalfloop_handle slh) { + OK = OK && test_string("{"); + + in >> index; +- if(index < 0 || index >= sln) ++ if(index < 0 || index >= (int)(sln)) + { + in.setstate(std::ios_base::badbit); + return false; +@@ -2024,7 +2024,7 @@ read_sloop(SHalfloop_handle slh) { + slh->twin() = SLoop_of[index]; + OK = OK && test_string(","); + in >> index; +- if(index < 0 || index >= sfn) ++ if(index < 0 || index >= (int)(sfn)) + { + in.setstate(std::ios_base::badbit); + return false; +@@ -2032,7 +2032,7 @@ read_sloop(SHalfloop_handle slh) { + slh->incident_sface() = SFace_of[index]; + OK = OK && test_string(","); + in >> index; +- if(index < 0 || index >= fn) ++ if(index < 0 || index >= (int)(fn)) + { + in.setstate(std::ios_base::badbit); + return false; +@@ -2083,7 +2083,7 @@ read_sface(SFace_handle sfh) { + OK = OK && test_string("{"); + + in >> index; +- if(index < 0 || index >= vn) ++ if(index < 0 || index >= (int)(sln)) + { + in.setstate(std::ios_base::badbit); + return false; +@@ -2097,7 +2097,7 @@ read_sface(SFace_handle sfh) { + in >> index; + // sfh->boundary_entry_objects().push_back(SEdge_of[index]); + SM_decorator SD(&*sfh->center_vertex()); +- if(index < 0 || index >= sen) ++ if(index < 0 || index >= (int)(sln)) + { + in.setstate(std::ios_base::badbit); + return false; +@@ -2110,7 +2110,7 @@ read_sface(SFace_handle sfh) { + while(isdigit(cc)) { + in.putback(cc); + in >> index; +- if(index < 0 || index >= en) ++ if(index < 0 || index >= (int)(sln)) + { + in.setstate(std::ios_base::badbit); + return false; +@@ -2124,7 +2124,7 @@ read_sface(SFace_handle sfh) { + while(isdigit(cc)) { + in.putback(cc); + in >> index; +- if(index < 0 || index >= sln) ++ if(index < 0 || index >= (int)(sln)) + { + in.setstate(std::ios_base::badbit); + return false; +@@ -2135,7 +2135,7 @@ read_sface(SFace_handle sfh) { + } + + in >> index; +- if(index < 0 || index >= vn) ++ if(index < 0 || index >= (int)(sln)) + { + in.setstate(std::ios_base::badbit); + return false; + +From 23cc6b0f4a2ac6061b01d86411d58b6da7ff5a34 Mon Sep 17 00:00:00 2001 +From: Maxime Gimeno +Date: Wed, 27 Jan 2021 10:04:45 +0100 +Subject: [PATCH 7/8] Fix read_sface + +--- + .../Convex_decomposition_3/check_decomposition.cpp | 2 ++ + Nef_3/include/CGAL/Nef_3/SNC_io_parser.h | 10 +++++----- + 2 files changed, 7 insertions(+), 5 deletions(-) + +diff --git a/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h b/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h +index 1dde7f8d0b3..a31a07c5d99 100644 +--- a/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h ++++ b/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h +@@ -1803,7 +1803,7 @@ read_facet(Halffacet_handle fh) { + } + + in >> index; +- if(index < 0 || index >= int(vn)) ++ if(index < 0 || index >= int(cn)) + { + in.setstate(std::ios_base::badbit); + return false; +@@ -2083,7 +2083,7 @@ read_sface(SFace_handle sfh) { + OK = OK && test_string("{"); + + in >> index; +- if(index < 0 || index >= (int)(sln)) ++ if(index < 0 || index >= (int)(vn)) + { + in.setstate(std::ios_base::badbit); + return false; +@@ -2097,7 +2097,7 @@ read_sface(SFace_handle sfh) { + in >> index; + // sfh->boundary_entry_objects().push_back(SEdge_of[index]); + SM_decorator SD(&*sfh->center_vertex()); +- if(index < 0 || index >= (int)(sln)) ++ if(index < 0 || index >= (int)(sen)) + { + in.setstate(std::ios_base::badbit); + return false; +@@ -2110,7 +2110,7 @@ read_sface(SFace_handle sfh) { + while(isdigit(cc)) { + in.putback(cc); + in >> index; +- if(index < 0 || index >= (int)(sln)) ++ if(index < 0 || index >= (int)(en)) + { + in.setstate(std::ios_base::badbit); + return false; +@@ -2135,7 +2135,7 @@ read_sface(SFace_handle sfh) { + } + + in >> index; +- if(index < 0 || index >= (int)(sln)) ++ if(index < 0 || index >= (int)(cn)) + { + in.setstate(std::ios_base::badbit); + return false; + -- cgit v1.2.3 From ae2231559c8d33c222aa9a3b8cdb6aa5d49c8931 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Fri, 5 Mar 2021 23:56:15 +0100 Subject: gnu: hplip: Update to 3.21.2. * gnu/packages/cups.scm (hplip): Update to 3.21.2. * gnu/packages/patches/hplip-remove-imageprocessor.patch: Adapt. --- gnu/packages/cups.scm | 6 ++-- .../patches/hplip-remove-imageprocessor.patch | 41 ++++++++++++++-------- 2 files changed, 30 insertions(+), 17 deletions(-) (limited to 'gnu/packages/patches') diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm index 51efee5157..e12c1a0689 100644 --- a/gnu/packages/cups.scm +++ b/gnu/packages/cups.scm @@ -5,7 +5,7 @@ ;;; Copyright © 2016 Danny Milosavljevic ;;; Copyright © 2017 Leo Famulari ;;; Copyright © 2017 Mark H Weaver -;;; Copyright © 2017–2020 Tobias Geerinckx-Rice +;;; Copyright © 2017–2021 Tobias Geerinckx-Rice ;;; Copyright © 2020 Marius Bakke ;;; ;;; This file is part of GNU Guix. @@ -484,14 +484,14 @@ should only be used as part of the Guix cups-pk-helper service.") (define-public hplip (package (name "hplip") - (version "3.20.11") + (version "3.21.2") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/hplip/hplip/" version "/hplip-" version ".tar.gz")) (sha256 (base32 - "04fvdyjyjbkviy3awgm7g43p3lrvrsmgaqz8bwra22g7v2rpa5hb")) + "0hbwx9d4c8177vi0gavz9pxi7rc97jciacndp90ms8327shj2121")) (modules '((guix build utils))) (patches (search-patches "hplip-remove-imageprocessor.patch")) (snippet diff --git a/gnu/packages/patches/hplip-remove-imageprocessor.patch b/gnu/packages/patches/hplip-remove-imageprocessor.patch index cde3ecba2d..c9d27a4d1d 100644 --- a/gnu/packages/patches/hplip-remove-imageprocessor.patch +++ b/gnu/packages/patches/hplip-remove-imageprocessor.patch @@ -1,4 +1,5 @@ -This patch is based heavily on the Debian patch. +This patch is based heavily on the Debian patch, but was updated to +apply to subsequent upstream changes not yet in Debian. https://salsa.debian.org/printing-team/hplip/raw/debian/3.18.10+dfsg0-1/debian/patches/0025-Remove-all-ImageProcessor-functionality-which-is-clo.patch @@ -175,55 +176,67 @@ index 5b282d8..0bacfaf 100644 #include #include -@@ -637,16 +636,10 @@ int HPCupsFilter::processRasterData(cups_raster_t *cups_raster) - +@@ -651,21 +650,8 @@ sprintf(hpPreProcessedRasterFile, "%s/hp_%s_cups_SwapedPagesXXXXXX",CUPS_TMP_DIR, m_JA.user_name); -- image_processor_t* imageProcessor = imageProcessorCreate(); - + +- image_processor_t* imageProcessor=NULL; +- IMAGE_PROCESSOR_ERROR result; +- //added if condition to check if pinter language is "ljzjstream" +- //If so, then bypass imageprocessing functions while running HPCUPS filter. +- if(strncmp(m_JA.printer_platform, "ljzjstream",10) == 0){ +- imageProcessor = imageProcessorCreate(); +- } while (cupsRasterReadHeader2(cups_raster, &cups_header)) { - -- IMAGE_PROCESSOR_ERROR result = imageProcessorStartPage(imageProcessor, &cups_header); +- if(strncmp(m_JA.printer_platform, "ljzjstream",10) == 0){ +- result = imageProcessorStartPage(imageProcessor, &cups_header); - if (result != IPE_SUCCESS){ - dbglog("DEBUG: imageProcessorStartPage failed result = %d\n", result); - } -- +- } current_page_number++; if (current_page_number == 1) { -@@ -745,12 +738,6 @@ int HPCupsFilter::processRasterData(cups_raster_t *cups_raster) +@@ -764,14 +750,6 @@ color_raster = rgbRaster; black_raster = kRaster; +- if(strncmp(m_JA.printer_platform, "ljzjstream",10) == 0) +- { - result = imageProcessorProcessLine(imageProcessor, m_pPrinterBuffer, cups_header.cupsBytesPerLine); - if (result != IPE_SUCCESS){ - dbglog("DEBUG: imageProcessorProcessLine failed result = %d\n", result); - } -- +- } - if ((y == 0) && !is_ljmono) { //For ljmono, make sure that first line is not a blankRaster line.Otherwise printer //may not skip blank lines before actual data -@@ -780,12 +767,6 @@ int HPCupsFilter::processRasterData(cups_raster_t *cups_raster) +@@ -801,14 +779,6 @@ } } // for() loop end +- if(strncmp(m_JA.printer_platform, "ljzjstream",10) == 0) +- { - result = imageProcessorEndPage(imageProcessor); - if (result != IPE_SUCCESS){ - dbglog("DEBUG: imageProcessorEndPage failed result = %d\n", result); - } -- +- } - m_Job.NewPage(); if (err != NO_ERROR) { break; -@@ -800,8 +781,6 @@ int HPCupsFilter::processRasterData(cups_raster_t *cups_raster) +@@ -823,11 +793,6 @@ rgbRaster = NULL; } +- +- if(strncmp(m_JA.printer_platform, "ljzjstream",10) == 0) +- { - imageProcessorDestroy(imageProcessor); -- +- } unlink(hpPreProcessedRasterFile); return ret_status; } -- cgit v1.2.3 From 090456dacb76160280a630d53f4f47b421281c66 Mon Sep 17 00:00:00 2001 From: Léo Le Bouter Date: Sat, 6 Mar 2021 04:47:10 +0100 Subject: gnu: ytnef: Fix CVE-2021-3403 and CVE-2021-3404. * gnu/packages/patches/ytnef-CVE-2021-3403.patch, gnu/packages/patches/ytnef-CVE-2021-3404.patch: New patches. * gnu/local.mk (dist_patch_DATA): Register them. * gnu/packages/mail.scm (ytnef): Apply them. --- gnu/local.mk | 2 ++ gnu/packages/mail.scm | 4 +++- gnu/packages/patches/ytnef-CVE-2021-3403.patch | 32 ++++++++++++++++++++++++++ gnu/packages/patches/ytnef-CVE-2021-3404.patch | 30 ++++++++++++++++++++++++ 4 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/ytnef-CVE-2021-3403.patch create mode 100644 gnu/packages/patches/ytnef-CVE-2021-3404.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 4900dabc36..fb3b395852 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1755,6 +1755,8 @@ dist_patch_DATA = \ %D%/packages/patches/xsane-support-ipv6.patch \ %D%/packages/patches/xsane-tighten-default-umask.patch \ %D%/packages/patches/yggdrasil-extra-config.patch \ + %D%/packages/patches/ytnef-CVE-2021-3403.patch \ + %D%/packages/patches/ytnef-CVE-2021-3404.patch \ %D%/packages/patches/zziplib-CVE-2018-16548.patch MISC_DISTRO_FILES = \ diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm index 0e0934a245..d90bfead72 100644 --- a/gnu/packages/mail.scm +++ b/gnu/packages/mail.scm @@ -3909,7 +3909,9 @@ It is a replacement for the @command{urlview} program.") (file-name (git-file-name name version)) (sha256 (base32 - "07h48s5qf08503pp9kafqbwipdqghiif22ghki7z8j67gyp04l6l")))) + "07h48s5qf08503pp9kafqbwipdqghiif22ghki7z8j67gyp04l6l")) + (patches (search-patches "ytnef-CVE-2021-3403.patch" + "ytnef-CVE-2021-3404.patch")))) (build-system gnu-build-system) (native-inputs `(("autoconf" ,autoconf) diff --git a/gnu/packages/patches/ytnef-CVE-2021-3403.patch b/gnu/packages/patches/ytnef-CVE-2021-3403.patch new file mode 100644 index 0000000000..4b1c9d659f --- /dev/null +++ b/gnu/packages/patches/ytnef-CVE-2021-3403.patch @@ -0,0 +1,32 @@ +From f2380a53fb84d370eaf6e6c3473062c54c57fac7 Mon Sep 17 00:00:00 2001 +From: Oliver Giles +Date: Mon, 1 Feb 2021 10:12:16 +1300 +Subject: [PATCH] Prevent potential double-free in TNEFSubjectHandler + +If TNEFSubjectHandler is called multiple times, but the last time +failed due to the PREALLOCCHECK, the subject.data member will be +a freed, but invalid pointer. To prevent a double-free next time +TNEFSubjectHandler is entered, set it to zero after freeing. + +Resolves: #85 +Reported-by: jasperla +--- + lib/ytnef.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/lib/ytnef.c b/lib/ytnef.c +index b148719..b06c807 100644 +--- a/lib/ytnef.c ++++ b/lib/ytnef.c +@@ -301,8 +301,10 @@ int TNEFFromHandler STD_ARGLIST { + } + // ----------------------------------------------------------------------------- + int TNEFSubjectHandler STD_ARGLIST { +- if (TNEF->subject.data) ++ if (TNEF->subject.data) { + free(TNEF->subject.data); ++ TNEF->subject.data = NULL; ++ } + + PREALLOCCHECK(size, 100); + TNEF->subject.data = calloc(size+1, sizeof(BYTE)); diff --git a/gnu/packages/patches/ytnef-CVE-2021-3404.patch b/gnu/packages/patches/ytnef-CVE-2021-3404.patch new file mode 100644 index 0000000000..e991d6aff1 --- /dev/null +++ b/gnu/packages/patches/ytnef-CVE-2021-3404.patch @@ -0,0 +1,30 @@ +From f9ff4a203b8c155d51a208cadadb62f224fba715 Mon Sep 17 00:00:00 2001 +From: Oliver Giles +Date: Mon, 1 Feb 2021 10:18:17 +1300 +Subject: [PATCH] Ensure the size of the version field is 4 bytes + +A corrupted version field size can cause TNEFVersion to access outside +of allocated memory. Check the version is the expected size and raise +an error if not. + +Resolves: #86 +Reported-by: jasperla +--- + lib/ytnef.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/lib/ytnef.c b/lib/ytnef.c +index b148719..ffede44 100644 +--- a/lib/ytnef.c ++++ b/lib/ytnef.c +@@ -335,6 +335,10 @@ int TNEFRendData STD_ARGLIST { + int TNEFVersion STD_ARGLIST { + WORD major; + WORD minor; ++ if (size != 2 * sizeof(WORD)) { ++ printf("Incorrect size of version field, suspected corruption\n"); ++ return -1; ++ } + minor = SwapWord((BYTE*)data, size); + major = SwapWord((BYTE*)data + 2, size - 2); + -- cgit v1.2.3 From a3084e1e06c30179bd75af2a0badd8a7ac0485f7 Mon Sep 17 00:00:00 2001 From: Leo Prikler Date: Mon, 15 Feb 2021 16:02:43 +0100 Subject: gnu: ppsspp: Update to 1.11.2. * gnu/packages/emulators.scm (ppsspp): Update to 1.11.2. [snippet]: Adapt to changes in source code. Unbundle miniupnp and MoltenVK. [arguments]<#:phases>: Add fix-unittest-build. Comment failing tests. * gnu/packages/patches/ppsspp-disable-upgrade-and-gold.patch: Adapt to source. --- gnu/packages/emulators.scm | 50 +++++---- .../patches/ppsspp-disable-upgrade-and-gold.patch | 113 +++++++++++---------- 2 files changed, 93 insertions(+), 70 deletions(-) (limited to 'gnu/packages/patches') diff --git a/gnu/packages/emulators.scm b/gnu/packages/emulators.scm index 532ca60602..a2e7b9970a 100644 --- a/gnu/packages/emulators.scm +++ b/gnu/packages/emulators.scm @@ -2094,7 +2094,7 @@ framework based on QEMU.") (define-public ppsspp (package (name "ppsspp") - (version "1.10.3") + (version "1.11.2") (source (origin (method git-fetch) @@ -2102,7 +2102,7 @@ framework based on QEMU.") (url "https://github.com/hrydgard/ppsspp") (commit (string-append "v" version)))) (sha256 - (base32 "0znxlbj6cfw7gn0naay0mzhc0k5saw8nrwpspcn7gap1023p06w2")) + (base32 "03nxarx0l1ndi9fffl1wjfwsg3pk2bwf72cwcfaski1sg3dxsv7h")) (file-name (git-file-name name version)) (patches (search-patches "ppsspp-disable-upgrade-and-gold.patch")) @@ -2113,16 +2113,16 @@ framework based on QEMU.") ;; There are still a number of external sources, that we don't ;; remove here. Some may be packaged, others are not. ;; First, we patch existing sources to include the right headers. - (substitute* (append (list "ext/native/thin3d/vulkan_utils.cpp" - "ext/native/thin3d/thin3d_vulkan.cpp") - (find-files "Common" ".*\\.(h|cpp)") + (substitute* (append (find-files "Common" ".*\\.(h|cpp)") (find-files "Core" ".*\\.(h|cpp)") (find-files "GPU" ".*\\.(h|cpp)") (find-files "SDL" ".*\\.(h|cpp)") (find-files "UI" ".*\\.(h|cpp)")) ;; These headers are all hard-coded in the original source. (("ext/cityhash/") "") - (("ext/glslang/") "") + (("ext/glslang/glslang/") "glslang/") + (("ext/glslang/") "glslang/") + (("ext/miniupnp/") "") (("ext/SPIRV-Cross/") "spirv_cross/") (("ext/vulkan/") "vulkan/") (("ext/xxhash.h") "xxhash.h") @@ -2145,7 +2145,12 @@ framework based on QEMU.") ;; Don't search for cityhash/xxhash, we already have them. (("add_library\\((city|xx)hash STATIC") "if()\nendif(") (("ext/xxhash\\.[ch]") "") - (("ext/native/ext/cityhash/.*\\.(cpp|h)") "") + (("ext/cityhash/.*\\.(cpp|h)") "") + (("if\\(USE_MINIUPNPC\\)" all) + (string-append all " +find_package(miniupnpc) +target_link_libraries(${CoreLibName} miniupnpc ${LDLIBS}) +elseif(FALSE)")) ;; Link all of spirv-cross. (("spirv-cross-glsl" all) (string-append all @@ -2158,12 +2163,12 @@ framework based on QEMU.") (("add_subdirectory\\(SPIRV-Cross-build\\)") "")) ;; Finally, we can delete the bundled sources. (for-each delete-file-recursively - '("ext/cmake" + '("MoltenVK" + "ext/cmake" "ext/glew" "ext/glslang" "ext/glslang-build" - "ext/native/ext/cityhash" - "ext/native/ext/libpng17" - "ext/native/ext/libzip" + "ext/miniupnp" "ext/miniupnp-build" + "ext/native" "ext/snappy" "ext/SPIRV-Cross" "ext/SPIRV-Cross-build" "ext/vulkan" @@ -2186,6 +2191,7 @@ framework based on QEMU.") ("libpng" ,libpng) ("libzip" ,libzip) ("mesa" ,mesa) + ("miniupnpc" ,miniupnpc) ("sdl2" ,sdl2) ("snappy" ,snappy) ("spirv-cross" ,spirv-cross) @@ -2196,24 +2202,24 @@ framework based on QEMU.") ;; TODO: unbundle armips. ("armips-source" ,(package-source armips)) ("lang" - ,(let ((commit "1c64b8fbd3cb6bd87935eb53f302f7de6f86e209")) + ,(let ((commit "6bd5b4bc983917ea8402f73c726b46e36f3de0b4")) (origin (method git-fetch) (uri (git-reference (url "https://github.com/hrydgard/ppsspp-lang") (commit commit))) (sha256 - (base32 "0rprn3yd8xfrvi0fm62sgpqa8n73jk7zmlscp8cp0h2fawqpiamd")) + (base32 "08npr3a4xskf85gnlxidl4ksc3rhc7m5rgnj7vsbjvhvw5ap02qx")) (file-name (git-file-name "ppsspp-lang" commit))))) ("tests" - ,(let ((commit "328b839c7243e7f733f9eae88d059485e3d808e7")) + ,(let ((commit "1047400eaec6bcbdb2a64d326375ef6a6617c4ac")) (origin (method git-fetch) (uri (git-reference (url "https://github.com/hrydgard/pspautotests") (commit commit))) (sha256 - (base32 "1gj1kr5ijxrqwvz7c41phskjr70ndp8iz0gr8c3xxsd8p9z5gdvm")) + (base32 "0nxv1lskcr8zbg6nrfai21mxsw0n5vaqhbsa41c3cxfyx5c4w2pg")) (file-name (git-file-name "pspautotests" commit))))))) (arguments `(#:out-of-source? #f @@ -2236,13 +2242,23 @@ framework based on QEMU.") (copy-recursively (assoc-ref inputs "lang") "assets/lang") #t)) + (add-after 'unpack 'fix-unittest-build + (lambda _ + (substitute* "CMakeLists.txt" + (("unittest/TestVertexJit.cpp" all) + (string-append all " unittest/TestShaderGenerators.cpp"))) + (substitute* "unittest/TestVertexJit.cpp" + (("#include \"unittest/UnitTest.h\"" all) + (string-append all "\n#include "))) + #t)) (replace 'check (lambda _ (for-each (lambda (t) (invoke "./unitTest" t)) '("Arm64Emitter" "ArmEmitter" "X64Emitter" "VertexJit" "Asin" - "SinCos" "VFPUSinCos" "MathUtil" "Parsers" "Jit" - "MatrixTranspose" "ParseLBN" "QuickTexHash" "CLZ" "MemMap")) + "SinCos" #|"VFPUSinCos" SIGSEGV|# "MathUtil" "Parsers" "Jit" + "MatrixTranspose" "ParseLBN" "QuickTexHash" "CLZ" + #|"ShaderGenerators"|#)) (invoke "python3" "test.py" "-g") #t)) (replace 'install diff --git a/gnu/packages/patches/ppsspp-disable-upgrade-and-gold.patch b/gnu/packages/patches/ppsspp-disable-upgrade-and-gold.patch index 9503ab6f31..760ab97568 100644 --- a/gnu/packages/patches/ppsspp-disable-upgrade-and-gold.patch +++ b/gnu/packages/patches/ppsspp-disable-upgrade-and-gold.patch @@ -1,28 +1,28 @@ -From 951f2269f67d618d376656db831796c119f4f6b3 Mon Sep 17 00:00:00 2001 +From 0c57874ebb5982154da127ae338f9190b1581804 Mon Sep 17 00:00:00 2001 From: Leo Prikler Date: Fri, 26 Jun 2020 18:20:04 +0200 Subject: [PATCH] ppsspp: disable upgrade and gold --- - Core/Config.cpp | 11 ------- + Core/Config.cpp | 11 ------ Core/Config.h | 2 -- Qt/QtMain.cpp | 6 ---- SDL/SDLMain.cpp | 6 ---- UI/DevScreens.cpp | 3 -- UI/GameSettingsScreen.cpp | 1 - - UI/MainScreen.cpp | 63 +------------------------------------ - UI/MiscScreens.cpp | 31 ++---------------- + UI/MainScreen.cpp | 70 +------------------------------------ + UI/MiscScreens.cpp | 31 ++-------------- UWP/PPSSPP_UWPMain.cpp | 6 ---- Windows/MainWindowMenu.cpp | 2 +- Windows/main.cpp | 6 ---- android/jni/app-android.cpp | 6 ---- - 12 files changed, 5 insertions(+), 138 deletions(-) + 12 files changed, 5 insertions(+), 145 deletions(-) diff --git a/Core/Config.cpp b/Core/Config.cpp -index 214aeb433..04e3b151d 100644 +index 1c53e8e57..2fa74a6b8 100644 --- a/Core/Config.cpp +++ b/Core/Config.cpp -@@ -428,7 +428,6 @@ static ConfigSetting generalSettings[] = { +@@ -439,7 +439,6 @@ static ConfigSetting generalSettings[] = { ConfigSetting("IgnoreBadMemAccess", &g_Config.bIgnoreBadMemAccess, true, true), ConfigSetting("CurrentDirectory", &g_Config.currentDirectory, ""), ConfigSetting("ShowDebuggerOnLoad", &g_Config.bShowDebuggerOnLoad, false), @@ -30,7 +30,7 @@ index 214aeb433..04e3b151d 100644 ConfigSetting("Language", &g_Config.sLanguageIni, &DefaultLangRegion), ConfigSetting("ForceLagSync2", &g_Config.bForceLagSync, false, true, true), ConfigSetting("DiscordPresence", &g_Config.bDiscordPresence, true, true, false), // Or maybe it makes sense to have it per-game? Race conditions abound... -@@ -1229,16 +1228,6 @@ void Config::Load(const char *iniFileName, const char *controllerIniFilename) { +@@ -1293,16 +1292,6 @@ void Config::Load(const char *iniFileName, const char *controllerIniFilename) { upgradeMessage = ""; } @@ -48,29 +48,29 @@ index 214aeb433..04e3b151d 100644 bSaveSettings = true; diff --git a/Core/Config.h b/Core/Config.h -index 084eacc94..e7134cab5 100644 +index 13bce8a36..70d6c8aaf 100644 --- a/Core/Config.h +++ b/Core/Config.h -@@ -99,7 +99,6 @@ struct Config { - bool bIgnoreBadMemAccess; +@@ -101,7 +101,6 @@ struct Config { + bool bFastMemory; int iCpuCore; - bool bCheckForNewVersion; bool bForceLagSync; bool bFuncReplacements; bool bHideSlowWarnings; -@@ -521,4 +520,3 @@ std::string CreateRandMAC(); +@@ -540,4 +539,3 @@ std::string CreateRandMAC(); // TODO: Find a better place for this. extern http::Downloader g_DownloadManager; extern Config g_Config; - diff --git a/Qt/QtMain.cpp b/Qt/QtMain.cpp -index 7713b6587..1d92d1175 100644 +index 5be0cefa0..b11cb1c64 100644 --- a/Qt/QtMain.cpp +++ b/Qt/QtMain.cpp -@@ -194,12 +194,6 @@ bool System_GetPropertyBool(SystemProperty prop) { - return true; +@@ -218,12 +218,6 @@ bool System_GetPropertyBool(SystemProperty prop) { case SYSPROP_HAS_FILE_BROWSER: + case SYSPROP_HAS_FOLDER_BROWSER: return true; - case SYSPROP_APP_GOLD: -#ifdef GOLD @@ -82,10 +82,10 @@ index 7713b6587..1d92d1175 100644 return false; } diff --git a/SDL/SDLMain.cpp b/SDL/SDLMain.cpp -index 52028d087..d8697d210 100644 +index 98b56fe91..6af0fcb1a 100644 --- a/SDL/SDLMain.cpp +++ b/SDL/SDLMain.cpp -@@ -356,12 +356,6 @@ bool System_GetPropertyBool(SystemProperty prop) { +@@ -380,12 +380,6 @@ bool System_GetPropertyBool(SystemProperty prop) { switch (prop) { case SYSPROP_HAS_BACK_BUTTON: return true; @@ -99,10 +99,10 @@ index 52028d087..d8697d210 100644 return false; } diff --git a/UI/DevScreens.cpp b/UI/DevScreens.cpp -index f146d099e..625ee124c 100644 +index 8daac5bc8..c0c09ce79 100644 --- a/UI/DevScreens.cpp +++ b/UI/DevScreens.cpp -@@ -603,9 +603,6 @@ void SystemInfoScreen::CreateViews() { +@@ -605,9 +605,6 @@ void SystemInfoScreen::CreateViews() { #ifdef _M_SSE buildConfig->Add(new InfoItem("_M_SSE", StringFromFormat("0x%x", _M_SSE))); #endif @@ -113,35 +113,35 @@ index f146d099e..625ee124c 100644 ViewGroup *cpuExtensionsScroll = new ScrollView(ORIENT_VERTICAL, new LinearLayoutParams(FILL_PARENT, FILL_PARENT)); cpuExtensionsScroll->SetTag("DevSystemInfoCPUExt"); diff --git a/UI/GameSettingsScreen.cpp b/UI/GameSettingsScreen.cpp -index 8202870c7..81112f822 100644 +index 2f1e157ee..38c586b06 100644 --- a/UI/GameSettingsScreen.cpp +++ b/UI/GameSettingsScreen.cpp -@@ -796,7 +796,6 @@ void GameSettingsScreen::CreateViews() { +@@ -914,7 +914,6 @@ void GameSettingsScreen::CreateViews() { + } } #endif - - systemSettings->Add(new CheckBox(&g_Config.bCheckForNewVersion, sy->T("VersionCheck", "Check for new versions of PPSSPP"))); const std::string bgPng = GetSysDirectory(DIRECTORY_SYSTEM) + "background.png"; const std::string bgJpg = GetSysDirectory(DIRECTORY_SYSTEM) + "background.jpg"; if (File::Exists(bgPng) || File::Exists(bgJpg)) { diff --git a/UI/MainScreen.cpp b/UI/MainScreen.cpp -index 43535913d..36834020d 100644 +index ca870ab8f..84cde88ac 100644 --- a/UI/MainScreen.cpp +++ b/UI/MainScreen.cpp -@@ -1054,11 +1054,7 @@ void MainScreen::CreateViews() { +@@ -1064,11 +1064,7 @@ void MainScreen::CreateViews() { sprintf(versionString, "%s", PPSSPP_GIT_VERSION); rightColumnItems->SetSpacing(0.0f); - LinearLayout *logos = new LinearLayout(ORIENT_HORIZONTAL); + AnchorLayout *logos = new AnchorLayout(new AnchorLayoutParams(FILL_PARENT, 60.0f, false)); - if (System_GetPropertyBool(SYSPROP_APP_GOLD)) { -- logos->Add(new ImageView(ImageID("I_ICONGOLD"), IS_DEFAULT, new AnchorLayoutParams(64, 64, 10, 10, NONE, NONE, false))); +- logos->Add(new ImageView(ImageID("I_ICONGOLD"), IS_DEFAULT, new AnchorLayoutParams(64, 64, 0, 0, NONE, NONE, false))); - } else { -- logos->Add(new ImageView(ImageID("I_ICON"), IS_DEFAULT, new AnchorLayoutParams(64, 64, 10, 10, NONE, NONE, false))); +- logos->Add(new ImageView(ImageID("I_ICON"), IS_DEFAULT, new AnchorLayoutParams(64, 64, 0, 0, NONE, NONE, false))); - } -+ logos->Add(new ImageView(ImageID("I_ICON"), IS_DEFAULT, new AnchorLayoutParams(64, 64, 10, 10, NONE, NONE, false))); - logos->Add(new ImageView(ImageID("I_LOGO"), IS_DEFAULT, new LinearLayoutParams(Margins(-12, 0, 0, 0)))); - rightColumnItems->Add(logos); - TextView *ver = rightColumnItems->Add(new TextView(versionString, new LinearLayoutParams(Margins(70, -6, 0, 0)))); -@@ -1070,11 +1066,6 @@ void MainScreen::CreateViews() { ++ logos->Add(new ImageView(ImageID("I_ICON"), IS_DEFAULT, new AnchorLayoutParams(64, 64, 0, 0, NONE, NONE, false))); + logos->Add(new ImageView(ImageID("I_LOGO"), IS_DEFAULT, new AnchorLayoutParams(180, 64, 64, -5.0f, NONE, NONE, false))); + + #if !defined(MOBILE_DEVICE) +@@ -1089,11 +1085,6 @@ void MainScreen::CreateViews() { rightColumnItems->Add(new Choice(mm->T("Game Settings", "Settings")))->OnClick.Handle(this, &MainScreen::OnGameSettings); rightColumnItems->Add(new Choice(mm->T("Credits")))->OnClick.Handle(this, &MainScreen::OnCredits); rightColumnItems->Add(new Choice(mm->T("www.ppsspp.org")))->OnClick.Handle(this, &MainScreen::OnPPSSPPOrg); @@ -153,7 +153,7 @@ index 43535913d..36834020d 100644 #if !PPSSPP_PLATFORM(UWP) // Having an exit button is against UWP guidelines. -@@ -1099,28 +1090,6 @@ void MainScreen::CreateViews() { +@@ -1118,32 +1109,6 @@ void MainScreen::CreateViews() { } else if (tabHolder_->GetVisibility() != V_GONE) { root_->SetDefaultFocusView(tabHolder_); } @@ -169,7 +169,11 @@ index 43535913d..36834020d 100644 - UI::Drawable solid(0xFFbd9939); - upgradeBar_->SetBG(solid); - upgradeBar_->Add(new TextView(u->T("New version of PPSSPP available") + std::string(": ") + g_Config.upgradeVersion, new LinearLayoutParams(1.0f, textMargins))); +-#if PPSSPP_PLATFORM(ANDROID) || PPSSPP_PLATFORM(WINDOWS) - upgradeBar_->Add(new Button(u->T("Download"), new LinearLayoutParams(buttonMargins)))->OnClick.Handle(this, &MainScreen::OnDownloadUpgrade); +-#else +- upgradeBar_->Add(new Button(u->T("Details"), new LinearLayoutParams(buttonMargins)))->OnClick.Handle(this, &MainScreen::OnDownloadUpgrade); +-#endif - upgradeBar_->Add(new Button(u->T("Dismiss"), new LinearLayoutParams(buttonMargins)))->OnClick.Handle(this, &MainScreen::OnDismissUpgrade); - - // Slip in under root_ @@ -182,7 +186,7 @@ index 43535913d..36834020d 100644 } UI::EventReturn MainScreen::OnAllowStorage(UI::EventParams &e) { -@@ -1128,27 +1097,6 @@ UI::EventReturn MainScreen::OnAllowStorage(UI::EventParams &e) { +@@ -1151,30 +1116,6 @@ UI::EventReturn MainScreen::OnAllowStorage(UI::EventParams &e) { return UI::EVENT_DONE; } @@ -194,9 +198,12 @@ index 43535913d..36834020d 100644 - } else { - LaunchBrowser("market://details?id=org.ppsspp.ppsspp"); - } +-#elif PPSSPP_PLATFORM(WINDOWS) +- LaunchBrowser("https://www.ppsspp.org/downloads.html"); -#else - // Go directly to ppsspp.org and let the user sort it out -- LaunchBrowser("https://www.ppsspp.org/downloads.html"); +- // (for details and in case downloads doesn't have their platform.) +- LaunchBrowser("https://www.ppsspp.org/"); -#endif - return UI::EVENT_DONE; -} @@ -210,7 +217,7 @@ index 43535913d..36834020d 100644 void MainScreen::sendMessage(const char *message, const char *value) { // Always call the base class method first to handle the most common messages. UIScreenWithBackground::sendMessage(message, value); -@@ -1319,15 +1267,6 @@ UI::EventReturn MainScreen::OnCredits(UI::EventParams &e) { +@@ -1390,15 +1331,6 @@ UI::EventReturn MainScreen::OnCredits(UI::EventParams &e) { return UI::EVENT_DONE; } @@ -227,10 +234,10 @@ index 43535913d..36834020d 100644 LaunchBrowser("https://www.ppsspp.org"); return UI::EVENT_DONE; diff --git a/UI/MiscScreens.cpp b/UI/MiscScreens.cpp -index a6542c65d..f5f101594 100644 +index a7284654b..2413d6c89 100644 --- a/UI/MiscScreens.cpp +++ b/UI/MiscScreens.cpp -@@ -498,11 +498,7 @@ void LogoScreen::render() { +@@ -539,11 +539,7 @@ void LogoScreen::render() { char temp[256]; // Manually formatting UTF-8 is fun. \xXX doesn't work everywhere. snprintf(temp, sizeof(temp), "%s Henrik Rydg%c%crd", cr->T("created", "Created by"), 0xC3, 0xA5); @@ -243,7 +250,7 @@ index a6542c65d..f5f101594 100644 dc.Draw()->DrawImage(ImageID("I_LOGO"), bounds.centerX() + 40, bounds.centerY() - 30, 1.5f, textColor, ALIGN_CENTER); //dc.Draw()->DrawTextShadow(UBUNTU48, "PPSSPP", xres / 2, yres / 2 - 30, textColor, ALIGN_CENTER); dc.SetFontScale(1.0f, 1.0f); -@@ -538,10 +534,6 @@ void CreditsScreen::CreateViews() { +@@ -579,10 +575,6 @@ void CreditsScreen::CreateViews() { // Really need to redo this whole layout with some linear layouts... int rightYOffset = 0; @@ -254,7 +261,7 @@ index a6542c65d..f5f101594 100644 root_->Add(new Button(cr->T("PPSSPP Forums"), new AnchorLayoutParams(260, 64, 10, NONE, NONE, 158, false)))->OnClick.Handle(this, &CreditsScreen::OnForums); root_->Add(new Button(cr->T("Discord"), new AnchorLayoutParams(260, 64, 10, NONE, NONE, 232, false)))->OnClick.Handle(this, &CreditsScreen::OnDiscord); root_->Add(new Button("www.ppsspp.org", new AnchorLayoutParams(260, 64, 10, NONE, NONE, 10, false)))->OnClick.Handle(this, &CreditsScreen::OnPPSSPPOrg); -@@ -550,20 +542,7 @@ void CreditsScreen::CreateViews() { +@@ -591,20 +583,7 @@ void CreditsScreen::CreateViews() { #if PPSSPP_PLATFORM(ANDROID) || PPSSPP_PLATFORM(IOS) root_->Add(new Button(cr->T("Share PPSSPP"), new AnchorLayoutParams(260, 64, NONE, NONE, 10, rightYOffset + 158, false)))->OnClick.Handle(this, &CreditsScreen::OnShare); #endif @@ -276,7 +283,7 @@ index a6542c65d..f5f101594 100644 } UI::EventReturn CreditsScreen::OnTwitter(UI::EventParams &e) { -@@ -747,11 +726,7 @@ void CreditsScreen::render() { +@@ -794,11 +773,7 @@ void CreditsScreen::render() { // TODO: This is kinda ugly, done on every frame... char temp[256]; @@ -290,10 +297,10 @@ index a6542c65d..f5f101594 100644 UIContext &dc = *screenManager()->getUIContext(); diff --git a/UWP/PPSSPP_UWPMain.cpp b/UWP/PPSSPP_UWPMain.cpp -index 24f3b964d..1d66ba7ee 100644 +index 0ba7fac4b..d1b687c47 100644 --- a/UWP/PPSSPP_UWPMain.cpp +++ b/UWP/PPSSPP_UWPMain.cpp -@@ -399,12 +399,6 @@ bool System_GetPropertyBool(SystemProperty prop) { +@@ -433,12 +433,6 @@ bool System_GetPropertyBool(SystemProperty prop) { return false; case SYSPROP_HAS_BACK_BUTTON: return true; @@ -307,10 +314,10 @@ index 24f3b964d..1d66ba7ee 100644 return false; } diff --git a/Windows/MainWindowMenu.cpp b/Windows/MainWindowMenu.cpp -index b5e1bb0eb..71b29b48a 100644 +index 979a60ecb..a57927544 100644 --- a/Windows/MainWindowMenu.cpp +++ b/Windows/MainWindowMenu.cpp -@@ -1377,7 +1377,7 @@ namespace MainWindow { +@@ -1393,7 +1393,7 @@ namespace MainWindow { { W32Util::CenterWindow(hDlg); HWND versionBox = GetDlgItem(hDlg, IDC_VERSION); @@ -320,10 +327,10 @@ index b5e1bb0eb..71b29b48a 100644 SetWindowText(versionBox, ConvertUTF8ToWString(windowText).c_str()); } diff --git a/Windows/main.cpp b/Windows/main.cpp -index 3795597e2..fd98d0453 100644 +index 4d948cfe5..e609cc1e0 100644 --- a/Windows/main.cpp +++ b/Windows/main.cpp -@@ -268,12 +268,6 @@ bool System_GetPropertyBool(SystemProperty prop) { +@@ -301,12 +301,6 @@ bool System_GetPropertyBool(SystemProperty prop) { return true; case SYSPROP_HAS_BACK_BUTTON: return true; @@ -337,13 +344,13 @@ index 3795597e2..fd98d0453 100644 return false; } diff --git a/android/jni/app-android.cpp b/android/jni/app-android.cpp -index 086371085..0a340c0ae 100644 +index 10fdf97e5..736b1fa66 100644 --- a/android/jni/app-android.cpp +++ b/android/jni/app-android.cpp -@@ -372,12 +372,6 @@ bool System_GetPropertyBool(SystemProperty prop) { - return true; - case SYSPROP_HAS_IMAGE_BROWSER: - return true; +@@ -437,12 +437,6 @@ bool System_GetPropertyBool(SystemProperty prop) { + case SYSPROP_HAS_FOLDER_BROWSER: + // Uses OPEN_DOCUMENT_TREE to let you select a folder. + return androidVersion >= 21; - case SYSPROP_APP_GOLD: -#ifdef GOLD - return true; @@ -354,5 +361,5 @@ index 086371085..0a340c0ae 100644 return false; } -- -2.26.2 +2.30.1 -- cgit v1.2.3 From fe830ffd8d761cee27edd069e3d99c1ab891cbf3 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Mon, 8 Mar 2021 15:48:08 +0200 Subject: gnu: libcaca: Patch for CVE-2021-3410. * gnu/packages/video.scm (libcaca)[source]: Add patches. * gnu/packages/patches/libcaca-CVE-2021-3410-pt1.patch, gnu/packages/patches/libcaca-CVE-2021-3410-pt2.patch: New files. * gnu/local.mk (dist_patch_DATA): Register them. --- gnu/local.mk | 2 + .../patches/libcaca-CVE-2021-3410-pt1.patch | 137 +++++++++++++++++++++ .../patches/libcaca-CVE-2021-3410-pt2.patch | 96 +++++++++++++++ gnu/packages/video.scm | 6 +- 4 files changed, 239 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/libcaca-CVE-2021-3410-pt1.patch create mode 100644 gnu/packages/patches/libcaca-CVE-2021-3410-pt2.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index fb3b395852..3a516d487f 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1266,6 +1266,8 @@ dist_patch_DATA = \ %D%/packages/patches/libbase-fix-includes.patch \ %D%/packages/patches/libbase-use-own-logging.patch \ %D%/packages/patches/libbonobo-activation-test-race.patch \ + %D%/packages/patches/libcaca-CVE-2021-3410-pt1.patch \ + %D%/packages/patches/libcaca-CVE-2021-3410-pt2.patch \ %D%/packages/patches/libcanberra-sound-theme-freedesktop.patch \ %D%/packages/patches/libcanberra-wayland-crash.patch \ %D%/packages/patches/libcyaml-libyaml-compat.patch \ diff --git a/gnu/packages/patches/libcaca-CVE-2021-3410-pt1.patch b/gnu/packages/patches/libcaca-CVE-2021-3410-pt1.patch new file mode 100644 index 0000000000..b23b01d33a --- /dev/null +++ b/gnu/packages/patches/libcaca-CVE-2021-3410-pt1.patch @@ -0,0 +1,137 @@ +https://github.com/cacalabs/libcaca/commit/46b4ea7cea72d6b3ffe65d33e604b1774dcc2bbd.patch + +From 46b4ea7cea72d6b3ffe65d33e604b1774dcc2bbd Mon Sep 17 00:00:00 2001 +From: Sam Hocevar +Date: Fri, 26 Feb 2021 10:55:38 +0100 +Subject: [PATCH] canvas: fix an integer overflow in caca_resize(). + +Fixes: #52 (CVE-2021-3410) +--- + caca/canvas.c | 13 +++++++++++-- + caca/codec/import.c | 1 + + caca/codec/text.c | 21 ++++++++++++++------- + 3 files changed, 26 insertions(+), 9 deletions(-) + +diff --git a/caca/canvas.c b/caca/canvas.c +index 3fdd37ae..d0715392 100644 +--- a/caca/canvas.c ++++ b/caca/canvas.c +@@ -45,6 +45,7 @@ static int caca_resize(caca_canvas_t *, int, int); + * + * If an error occurs, NULL is returned and \b errno is set accordingly: + * - \c EINVAL Specified width or height is invalid. ++ * - \c EOVERFLOW Specified width and height overflowed. + * - \c ENOMEM Not enough memory for the requested canvas size. + * + * \param width The desired canvas width +@@ -200,6 +201,7 @@ int caca_unmanage_canvas(caca_canvas_t *cv, int (*callback)(void *), void *p) + * + * If an error occurs, -1 is returned and \b errno is set accordingly: + * - \c EINVAL Specified width or height is invalid. ++ * - \c EOVERFLOW Specified width and height overflowed. + * - \c EBUSY The canvas is in use by a display driver and cannot be resized. + * - \c ENOMEM Not enough memory for the requested canvas size. If this + * happens, the canvas handle becomes invalid and should not be used. +@@ -363,7 +365,7 @@ int caca_rand(int min, int max) + + int caca_resize(caca_canvas_t *cv, int width, int height) + { +- int x, y, f, old_width, old_height, new_size, old_size; ++ int x, y, f, old_width, old_height, old_size; + + old_width = cv->width; + old_height = cv->height; +@@ -375,7 +377,14 @@ int caca_resize(caca_canvas_t *cv, int width, int height) + * dirty rectangle handling */ + cv->width = width; + cv->height = height; +- new_size = width * height; ++ int new_size = width * height; ++ ++ /* Check for overflow */ ++ if (new_size / width != height) ++ { ++ seterrno(EOVERFLOW); ++ return -1; ++ } + + /* If width or height is smaller (or both), we have the opportunity to + * reduce or even remove dirty rectangles */ +diff --git a/caca/codec/import.c b/caca/codec/import.c +index 8836fd08..2dafe3cf 100644 +--- a/caca/codec/import.c ++++ b/caca/codec/import.c +@@ -61,6 +61,7 @@ static ssize_t import_caca(caca_canvas_t *, void const *, size_t); + * + * If an error occurs, -1 is returned and \b errno is set accordingly: + * - \c ENOMEM Not enough memory to allocate canvas. ++ * - \c EOVERFLOW Importing data caused a value overflow. + * - \c EINVAL Invalid format requested. + * + * \param cv A libcaca canvas in which to import the file. +diff --git a/caca/codec/text.c b/caca/codec/text.c +index 358b7224..94a2a4d7 100644 +--- a/caca/codec/text.c ++++ b/caca/codec/text.c +@@ -46,7 +46,7 @@ ssize_t _import_text(caca_canvas_t *cv, void const *data, size_t size) + char const *text = (char const *)data; + unsigned int width = 0, height = 0, x = 0, y = 0, i; + +- caca_set_canvas_size(cv, width, height); ++ caca_set_canvas_size(cv, 0, 0); + + for(i = 0; i < size; i++) + { +@@ -70,15 +70,19 @@ ssize_t _import_text(caca_canvas_t *cv, void const *data, size_t size) + if(y >= height) + height = y + 1; + +- caca_set_canvas_size(cv, width, height); ++ if (caca_set_canvas_size(cv, width, height) < 0) ++ return -1; + } + + caca_put_char(cv, x, y, ch); + x++; + } + +- if(y > height) +- caca_set_canvas_size(cv, width, height = y); ++ if (y > height) ++ { ++ if (caca_set_canvas_size(cv, width, height = y) < 0) ++ return -1; ++ } + + return (ssize_t)size; + } +@@ -431,7 +435,8 @@ ssize_t _import_ansi(caca_canvas_t *cv, void const *data, size_t size, int utf8) + { + savedattr = caca_get_attr(cv, -1, -1); + caca_set_attr(cv, im.clearattr); +- caca_set_canvas_size(cv, width = x + wch, height); ++ if (caca_set_canvas_size(cv, width = x + wch, height) < 0) ++ return -1; + caca_set_attr(cv, savedattr); + } + else +@@ -448,7 +453,8 @@ ssize_t _import_ansi(caca_canvas_t *cv, void const *data, size_t size, int utf8) + caca_set_attr(cv, im.clearattr); + if(growy) + { +- caca_set_canvas_size(cv, width, height = y + 1); ++ if (caca_set_canvas_size(cv, width, height = y + 1) < 0) ++ return -1; + } + else + { +@@ -480,7 +486,8 @@ ssize_t _import_ansi(caca_canvas_t *cv, void const *data, size_t size, int utf8) + { + savedattr = caca_get_attr(cv, -1, -1); + caca_set_attr(cv, im.clearattr); +- caca_set_canvas_size(cv, width, height = y); ++ if (caca_set_canvas_size(cv, width, height = y)) ++ return -1; + caca_set_attr(cv, savedattr); + } + diff --git a/gnu/packages/patches/libcaca-CVE-2021-3410-pt2.patch b/gnu/packages/patches/libcaca-CVE-2021-3410-pt2.patch new file mode 100644 index 0000000000..e6fd506b37 --- /dev/null +++ b/gnu/packages/patches/libcaca-CVE-2021-3410-pt2.patch @@ -0,0 +1,96 @@ +https://github.com/cacalabs/libcaca/commit/e4968ba6e93e9fd35429eb16895c785c51072015.patch +Patch adjusted to remove the lines modifying caca/t/canvas.cpp. This file does not exist in the current release. + +From e4968ba6e93e9fd35429eb16895c785c51072015 Mon Sep 17 00:00:00 2001 +From: Sam Hocevar +Date: Fri, 26 Feb 2021 12:40:06 +0100 +Subject: [PATCH] Fix a problem in the caca_resize() overflow detection and add + several unit tests. + +--- + caca/canvas.c | 16 ++++++++-------- + caca/t/canvas.cpp | 18 +++++++++++++++--- + tools/makefont.c | 22 +++++++++++++++++++--- + 3 files changed, 42 insertions(+), 14 deletions(-) + +diff --git a/caca/canvas.c b/caca/canvas.c +index d0715392..08c628c9 100644 +--- a/caca/canvas.c ++++ b/caca/canvas.c +@@ -367,6 +367,14 @@ int caca_resize(caca_canvas_t *cv, int width, int height) + { + int x, y, f, old_width, old_height, old_size; + ++ /* Check for overflow */ ++ int new_size = width * height; ++ if (new_size < 0 || (width > 0 && new_size / width != height)) ++ { ++ seterrno(EOVERFLOW); ++ return -1; ++ } ++ + old_width = cv->width; + old_height = cv->height; + old_size = old_width * old_height; +@@ -377,14 +385,6 @@ int caca_resize(caca_canvas_t *cv, int width, int height) + * dirty rectangle handling */ + cv->width = width; + cv->height = height; +- int new_size = width * height; +- +- /* Check for overflow */ +- if (new_size / width != height) +- { +- seterrno(EOVERFLOW); +- return -1; +- } + + /* If width or height is smaller (or both), we have the opportunity to + * reduce or even remove dirty rectangles */ +diff --git a/tools/makefont.c b/tools/makefont.c +index 226c8838..66718605 100644 +--- a/tools/makefont.c ++++ b/tools/makefont.c +@@ -40,7 +40,8 @@ + * and the UTF-8 glyphs necessary for canvas rotation and mirroring. */ + static unsigned int const blocklist[] = + { +- 0x0000, 0x0080, /* Basic latin: A, B, C, a, b, c */ ++ 0x0020, 0x0080, /* Basic latin: A, B, C, a, b, c */ ++#if 0 + 0x0080, 0x0100, /* Latin-1 Supplement: Ä, Ç, å, ß */ + 0x0100, 0x0180, /* Latin Extended-A: Ā č Ō œ */ + 0x0180, 0x0250, /* Latin Extended-B: Ǝ Ƹ */ +@@ -63,6 +64,7 @@ static unsigned int const blocklist[] = + 0x30a0, 0x3100, /* Katakana: ロ ル */ + 0xff00, 0xfff0, /* Halfwidth and Fullwidth Forms: A, B, C, a, b, c */ + 0x10400, 0x10450, /* Deseret: 𐐒 𐐋 */ ++#endif + 0, 0 + }; + +@@ -317,8 +319,22 @@ int main(int argc, char *argv[]) + printf_unicode(>ab[n]); + + if(gtab[n].same_as == n) +- printf_hex(" */ %s\n", +- glyph_data + gtab[n].data_offset, gtab[n].data_size); ++ { ++ char const *lut = " .:nmW@"; ++ printf("\n"); ++ for (int y = 0; y < height; ++y) ++ { ++ for (int x = 0; x < gtab[n].data_width; ++x) ++ { ++ int val = glyph_data[gtab[n].data_offset + y * gtab[n].data_width + x]; ++ char ch = lut[val * val * 7 / 256 / 256]; ++ printf("%c%c", ch, ch); ++ } ++ printf("\n"); ++ } ++ //printf_hex(" */ %s\n", ++ // glyph_data + gtab[n].data_offset, gtab[n].data_size); ++ } + else + { + printf(" is "); diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm index a46a55e855..92ecfb99ff 100644 --- a/gnu/packages/video.scm +++ b/gnu/packages/video.scm @@ -3,7 +3,7 @@ ;;; Copyright © 2014, 2015, 2016 David Thompson ;;; Copyright © 2014, 2015, 2016, 2018, 2020 Mark H Weaver ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer -;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020 Efraim Flashner +;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020, 2021 Efraim Flashner ;;; Copyright © 2015 Andy Patterson ;;; Copyright © 2015, 2018, 2019, 2020 Ricardo Wurmus ;;; Copyright © 2015, 2016, 2017, 2018, 2019 Alex Vong @@ -1234,7 +1234,9 @@ ASS/SSA (Advanced Substation Alpha/SubStation Alpha) subtitle format.") version ".tar.gz")) (sha256 (base32 - "1x3j6yfyxl52adgnabycr0n38j9hx2j74la0hz0n8cnh9ry4d2qj")))) + "1x3j6yfyxl52adgnabycr0n38j9hx2j74la0hz0n8cnh9ry4d2qj")) + (patches (search-patches "libcaca-CVE-2021-3410-pt1.patch" + "libcaca-CVE-2021-3410-pt2.patch")))) (build-system gnu-build-system) (arguments '(#:configure-flags '("--disable-static"))) -- cgit v1.2.3 From 251b0f7a6fa550ef4e0975668d7ab8c4c7b214d3 Mon Sep 17 00:00:00 2001 From: Felix Gruber Date: Sun, 7 Mar 2021 15:32:33 +0100 Subject: gnu: vtk: Fix build failure. * gnu/packages/image-processing.scm (vtk): Fix build failure. [source]: Add patch to fix build failure with recent versions of freetype. * gnu/packages/patches/vtk-fix-freetypetools-build-failure.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. Signed-off-by: Efraim Flashner --- gnu/local.mk | 3 +- gnu/packages/image-processing.scm | 3 ++ .../vtk-fix-freetypetools-build-failure.patch | 36 ++++++++++++++++++++++ 3 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/vtk-fix-freetypetools-build-failure.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 3a516d487f..bcee06a97a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -31,7 +31,7 @@ # Copyright © 2020 R Veera Kumar # Copyright © 2020 Nicolò Balzarotti # Copyright © 2020 Michael Rohleder -# Copyright © 2020 Felix Gruber +# Copyright © 2020, 2021 Felix Gruber # Copyright © 2020 Ryan Prior # Copyright © 2020 Jan Wielkiewicz # Copyright © 2020 Brice Waegeneire @@ -1720,6 +1720,7 @@ dist_patch_DATA = \ %D%/packages/patches/vsearch-unbundle-cityhash.patch \ %D%/packages/patches/vte-CVE-2012-2738-pt1.patch \ %D%/packages/patches/vte-CVE-2012-2738-pt2.patch \ + %D%/packages/patches/vtk-fix-freetypetools-build-failure.patch \ %D%/packages/patches/warsow-qfusion-fix-bool-return-type.patch \ %D%/packages/patches/webkitgtk-share-store.patch \ %D%/packages/patches/webkitgtk-bind-all-fonts.patch \ diff --git a/gnu/packages/image-processing.scm b/gnu/packages/image-processing.scm index 5dfd18d1bd..6f4576b8b9 100644 --- a/gnu/packages/image-processing.scm +++ b/gnu/packages/image-processing.scm @@ -13,6 +13,7 @@ ;;; Copyright © 2020 Pierre Neidhardt ;;; Copyright © 2020 Brendan Tildesley ;;; Copyright © 2021 Oleh Malyi +;;; Copyright © 2021 Felix Gruber ;;; ;;; This file is part of GNU Guix. ;;; @@ -254,6 +255,8 @@ many popular formats.") (sha256 (base32 "1fspgp8k0myr6p2a6wkc21ldcswb4bvmb484m12mxgk1a9vxrhrl")) + (patches + (search-patches "vtk-fix-freetypetools-build-failure.patch")) (modules '((guix build utils))) (snippet '(begin diff --git a/gnu/packages/patches/vtk-fix-freetypetools-build-failure.patch b/gnu/packages/patches/vtk-fix-freetypetools-build-failure.patch new file mode 100644 index 0000000000..6988e65872 --- /dev/null +++ b/gnu/packages/patches/vtk-fix-freetypetools-build-failure.patch @@ -0,0 +1,36 @@ +This fixes a build failure in VTK when building against recent versions +of freetype. + + https://gitlab.kitware.com/vtk/vtk/-/merge_requests/7432 + +Patch by Ben Boeckel + +Subject: [PATCH] vtkFreeTypeTools: avoid using an internal macro + +This macro has been removed upstream as it was always intended to be +private. +--- + Rendering/FreeType/vtkFreeTypeTools.cxx | 7 ++----- + 1 file changed, 2 insertions(+), 5 deletions(-) + +diff --git a/Rendering/FreeType/vtkFreeTypeTools.cxx b/Rendering/FreeType/vtkFreeTypeTools.cxx +index c54289dc60..03b899c4da 100644 +--- a/Rendering/FreeType/vtkFreeTypeTools.cxx ++++ b/Rendering/FreeType/vtkFreeTypeTools.cxx +@@ -387,11 +387,8 @@ FTC_CMapCache* vtkFreeTypeTools::GetCMapCache() + } + + //---------------------------------------------------------------------------- +-FT_CALLBACK_DEF(FT_Error) +-vtkFreeTypeToolsFaceRequester(FTC_FaceID face_id, +- FT_Library lib, +- FT_Pointer request_data, +- FT_Face* face) ++static FT_Error vtkFreeTypeToolsFaceRequester( ++ FTC_FaceID face_id, FT_Library lib, FT_Pointer request_data, FT_Face* face) + { + #if VTK_FTFC_DEBUG_CD + printf("vtkFreeTypeToolsFaceRequester()\n"); +-- +2.30.1 + -- cgit v1.2.3 From b66fc0a64bbcf4c198c117f0eca1ee95661b5b4a Mon Sep 17 00:00:00 2001 From: Léo Le Bouter Date: Wed, 10 Mar 2021 09:50:14 +0100 Subject: gnu: bsdiff: Fix CVE-2014-9862. * gnu/packages/patches/bsdiff-CVE-2014-9862.patch: New patch. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/compression.scm (bsdiff): Apply it. --- gnu/local.mk | 1 + gnu/packages/compression.scm | 3 ++- gnu/packages/patches/bsdiff-CVE-2014-9862.patch | 15 +++++++++++++++ 3 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/bsdiff-CVE-2014-9862.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index bcee06a97a..dcee722e79 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -840,6 +840,7 @@ dist_patch_DATA = \ %D%/packages/patches/bazaar-CVE-2017-14176.patch \ %D%/packages/patches/bc-fix-cross-compilation.patch \ %D%/packages/patches/bear-disable-preinstall-tests.patch \ + %D%/packages/patches/bsdiff-CVE-2014-9862.patch \ %D%/packages/patches/bsd-games-2.17-64bit.patch \ %D%/packages/patches/bsd-games-add-configure-config.patch \ %D%/packages/patches/bsd-games-add-wrapper.patch \ diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index 32fd358ac8..fbe3b06347 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -963,7 +963,8 @@ tarballs.") (uri (string-append home-page name "-" version ".tar.gz")) (sha256 (base32 - "0j2zm3z271x5aw63mwhr3vymzn45p2vvrlrpm9cz2nywna41b0hq")))) + "0j2zm3z271x5aw63mwhr3vymzn45p2vvrlrpm9cz2nywna41b0hq")) + (patches (search-patches "bsdiff-CVE-2014-9862.patch")))) (build-system gnu-build-system) (arguments `(#:make-flags (list "INSTALL=install" diff --git a/gnu/packages/patches/bsdiff-CVE-2014-9862.patch b/gnu/packages/patches/bsdiff-CVE-2014-9862.patch new file mode 100644 index 0000000000..7aab818090 --- /dev/null +++ b/gnu/packages/patches/bsdiff-CVE-2014-9862.patch @@ -0,0 +1,15 @@ +diff --git a/bspatch.c b/bspatch.c +index 8d95633..ab77722 100644 +--- a/bspatch.c ++++ b/bspatch.c + +@@ -187,6 +187,10 @@ + }; + + /* Sanity-check */ ++ if ((ctrl[0] < 0) || (ctrl[1] < 0)) ++ errx(1,"Corrupt patch\n"); ++ ++ /* Sanity-check */ + if(newpos+ctrl[0]>newsize) + errx(1,"Corrupt patch\n"); -- cgit v1.2.3 From e6cd049e2f02811d1a6f264e4bc4e4143a272629 Mon Sep 17 00:00:00 2001 From: Simon South Date: Tue, 9 Mar 2021 09:03:43 -0500 Subject: gnu: sdcc: Update to 4.1.0. * gnu/packages/embedded.scm (sdcc): Update to 4.1.0. * gnu/packages/patches/sdcc-disable-non-free-code.patch: Update to match new version. Signed-off-by: Efraim Flashner --- gnu/packages/embedded.scm | 4 +- .../patches/sdcc-disable-non-free-code.patch | 257 ++++++++++----------- 2 files changed, 130 insertions(+), 131 deletions(-) (limited to 'gnu/packages/patches') diff --git a/gnu/packages/embedded.scm b/gnu/packages/embedded.scm index 51ee244f3c..413760ab72 100644 --- a/gnu/packages/embedded.scm +++ b/gnu/packages/embedded.scm @@ -1469,7 +1469,7 @@ and Zilog Z80 families, plus many of their variants.") (define-public sdcc (package (name "sdcc") - (version "4.0.0") + (version "4.1.0") (source (origin (method url-fetch) (uri (string-append @@ -1477,7 +1477,7 @@ and Zilog Z80 families, plus many of their variants.") "/" version "/sdcc-src-" version ".tar.bz2")) (sha256 (base32 - "042fxw5mnsfhpc0z9lxfsw88kdkm32pwrxacp88kj2n2dy0814a8")) + "0gskzli17ghnn5qllvn4d56qf9bvvclqjh63nnj63p52smvggvc1")) (modules '((guix build utils))) (snippet '(begin diff --git a/gnu/packages/patches/sdcc-disable-non-free-code.patch b/gnu/packages/patches/sdcc-disable-non-free-code.patch index ad9a3e7a9e..1c823c3c18 100644 --- a/gnu/packages/patches/sdcc-disable-non-free-code.patch +++ b/gnu/packages/patches/sdcc-disable-non-free-code.patch @@ -15,10 +15,10 @@ remove instructions that encourage the use of SDCC with non-free software. diff --git a/Makefile.common.in b/Makefile.common.in -index 412fd5a..81bbd61 100644 +index 926b761..0362fd5 100644 --- a/Makefile.common.in +++ b/Makefile.common.in -@@ -69,7 +69,6 @@ OPT_DISABLE_PACKIHX = @OPT_DISABLE_PACKIHX@ +@@ -71,7 +71,6 @@ OPT_DISABLE_PACKIHX = @OPT_DISABLE_PACKIHX@ OPT_DISABLE_SDBINUTILS = @OPT_DISABLE_SDBINUTILS@ OPT_DISABLE_SDCPP = @OPT_DISABLE_SDCPP@ OPT_DISABLE_UCSIM = @OPT_DISABLE_UCSIM@ @@ -27,7 +27,7 @@ index 412fd5a..81bbd61 100644 SLIB = $(top_builddir)/support/util diff --git a/Makefile.in b/Makefile.in -index f3b028d..cfdf06d 100644 +index 5485074..3071472 100644 --- a/Makefile.in +++ b/Makefile.in @@ -100,9 +100,6 @@ endif @@ -73,7 +73,7 @@ index f3b028d..cfdf06d 100644 # doc depends on latex and latex2html diff --git a/configure b/configure -index 43ccb6f..d345f54 100755 +index 4c2226b..b8a9251 100755 --- a/configure +++ b/configure @@ -632,7 +632,6 @@ LATEX @@ -84,7 +84,7 @@ index 43ccb6f..d345f54 100755 OPT_DISABLE_SDBINUTILS OPT_DISABLE_SDCDB OPT_DISABLE_SDCPP -@@ -659,10 +658,7 @@ OPT_DISABLE_R2K +@@ -661,10 +660,7 @@ OPT_DISABLE_R2K OPT_DISABLE_Z180 OPT_DISABLE_Z80 OPT_DISABLE_MCS51 @@ -95,7 +95,7 @@ index 43ccb6f..d345f54 100755 include_dir_suffix inclib_dir_suffix LIB_TYPE -@@ -780,7 +776,6 @@ enable_packihx +@@ -785,7 +781,6 @@ enable_packihx enable_sdcpp enable_sdcdb enable_sdbinutils @@ -103,7 +103,7 @@ index 43ccb6f..d345f54 100755 enable_doc enable_libgc ' -@@ -801,10 +796,7 @@ sdccconf_h_dir_separator +@@ -806,10 +801,7 @@ sdccconf_h_dir_separator LIB_TYPE inclib_dir_suffix include_dir_suffix @@ -114,7 +114,7 @@ index 43ccb6f..d345f54 100755 docdir' ac_subdirs_all='support/cpp support/packihx -@@ -812,9 +804,7 @@ sim/ucsim +@@ -817,9 +809,7 @@ sim/ucsim debugger/mcs51 support/sdbinutils device/lib/pic14 @@ -125,7 +125,7 @@ index 43ccb6f..d345f54 100755 # Initialize some variables set by options. ac_init_help= -@@ -1455,7 +1445,6 @@ Optional Features: +@@ -1473,7 +1463,6 @@ Optional Features: --disable-sdcpp Disables building sdcpp --disable-sdcdb Disables building sdcdb --disable-sdbinutils Disables configuring and building of sdbinutils @@ -133,7 +133,7 @@ index 43ccb6f..d345f54 100755 --enable-doc Enables building the documentation --enable-libgc Use the Bohem memory allocator. Lower runtime footprint. -@@ -1484,16 +1473,8 @@ Some influential environment variables: +@@ -1502,16 +1491,8 @@ Some influential environment variables: appended to datadir to define SDCC's include/lib directory include_dir_suffix appended to datadir to define SDCC's include directory @@ -150,7 +150,7 @@ index 43ccb6f..d345f54 100755 docdir documentation installation directory Use these variables to override the choices made by `configure' or to help -@@ -7134,19 +7115,6 @@ if test "${include_dir_suffix}" = ""; then +@@ -7156,19 +7137,6 @@ if test "${include_dir_suffix}" = ""; then include_dir_suffix="${inclib_dir_suffix}/include" fi @@ -170,7 +170,7 @@ index 43ccb6f..d345f54 100755 # lib_dir_suffix: # *nix default: "sdcc/lib" -@@ -7154,13 +7122,6 @@ if test "${lib_dir_suffix}" = ""; then +@@ -7176,13 +7144,6 @@ if test "${lib_dir_suffix}" = ""; then lib_dir_suffix="${inclib_dir_suffix}/lib" fi @@ -184,7 +184,7 @@ index 43ccb6f..d345f54 100755 # docdir: # *nix default: "${datadir}/sdcc/doc" -@@ -7327,24 +7288,6 @@ cat >>confdefs.h <<_ACEOF +@@ -7349,24 +7310,6 @@ cat >>confdefs.h <<_ACEOF #define INCLUDE_DIR_SUFFIX DIR_SEPARATOR_STRING "${norm_inc_dir_suffix}" _ACEOF @@ -209,7 +209,7 @@ index 43ccb6f..d345f54 100755 norm_lib_dir_suffix=${lib_dir_suffix} case ":$norm_lib_dir_suffix:" in -@@ -7364,24 +7307,6 @@ cat >>confdefs.h <<_ACEOF +@@ -7386,24 +7329,6 @@ cat >>confdefs.h <<_ACEOF #define LIB_DIR_SUFFIX DIR_SEPARATOR_STRING "${norm_lib_dir_suffix}" _ACEOF @@ -234,7 +234,7 @@ index 43ccb6f..d345f54 100755 # relative paths for _lcl_i in expanded_bindir:expanded_datadir:bin2data_dir; do -@@ -8439,28 +8364,6 @@ _ACEOF +@@ -8513,28 +8438,6 @@ _ACEOF @@ -263,7 +263,7 @@ index 43ccb6f..d345f54 100755 # Check whether --enable-doc was given. if test "${enable_doc+set}" = set; then : -@@ -8855,20 +8758,12 @@ if test $OPT_DISABLE_PIC14 = 0; then +@@ -8929,20 +8832,12 @@ if test $OPT_DISABLE_PIC14 = 0; then test $OPT_DISABLE_DEVICE_LIB = 0 && subdirs="$subdirs device/lib/pic14" @@ -283,8 +283,8 @@ index 43ccb6f..d345f54 100755 - fi - if test $OPT_DISABLE_Z80 = 0 || test $OPT_DISABLE_Z180 = 0 || test $OPT_DISABLE_R2K = 0 || test $OPT_DISABLE_R3KA = 0 || test $OPT_DISABLE_GBZ80 = 0 || test $OPT_DISABLE_TLCS90 = 0 || test $OPT_DISABLE_EZ80_Z80 = 0; then -@@ -8945,15 +8840,9 @@ fi + if test $OPT_DISABLE_Z80 = 0 || test $OPT_DISABLE_Z180 = 0 || test $OPT_DISABLE_R2K = 0 || test $OPT_DISABLE_R2KA = 0 || test $OPT_DISABLE_R3KA = 0 || test $OPT_DISABLE_GBZ80 = 0 || test $OPT_DISABLE_TLCS90 = 0 || test $OPT_DISABLE_EZ80_Z80 = 0 || test $OPT_DISABLE_Z80N = 0; then +@@ -9019,15 +8914,9 @@ fi test $OPT_DISABLE_DEVICE_LIB = 0 && ac_config_files="$ac_config_files device/lib/Makefile" @@ -300,7 +300,7 @@ index 43ccb6f..d345f54 100755 cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure -@@ -9692,7 +9581,6 @@ do +@@ -9768,7 +9657,6 @@ do "device/lib/pdk15-stack-auto/Makefile") CONFIG_FILES="$CONFIG_FILES device/lib/pdk15-stack-auto/Makefile" ;; "sdas/aspdk16/Makefile") CONFIG_FILES="$CONFIG_FILES sdas/aspdk16/Makefile" ;; "device/lib/Makefile") CONFIG_FILES="$CONFIG_FILES device/lib/Makefile" ;; @@ -308,7 +308,7 @@ index 43ccb6f..d345f54 100755 "main.mk") CONFIG_FILES="$CONFIG_FILES main.mk:main_in.mk" ;; "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; "device/include/Makefile") CONFIG_FILES="$CONFIG_FILES device/include/Makefile" ;; -@@ -9704,7 +9592,6 @@ do +@@ -9780,7 +9668,6 @@ do "support/regression/ports/host/spec.mk") CONFIG_FILES="$CONFIG_FILES support/regression/ports/host/spec.mk:support/regression/ports/host/spec.mk.in" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "Makefile.common") CONFIG_FILES="$CONFIG_FILES Makefile.common:Makefile.common.in" ;; @@ -316,7 +316,7 @@ index 43ccb6f..d345f54 100755 *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; esac -@@ -10513,54 +10400,6 @@ esac +@@ -10589,54 +10476,6 @@ esac incPath3=`echo "$incPath3" | sed 's,\\\\\\\\,\\\\,g'` @@ -371,7 +371,7 @@ index 43ccb6f..d345f54 100755 libPath1=`echo "/${prefix2data_dir}/${norm_lib_dir_suffix}" | sed 's,/\./,/,g'` case ":$libPath1:" in -@@ -10610,54 +10449,6 @@ esac +@@ -10686,54 +10525,6 @@ esac libPath3=`echo "$libPath3" | sed 's,\\\\\\\\,\\\\,g'` @@ -426,7 +426,7 @@ index 43ccb6f..d345f54 100755 { $as_echo "$as_me:${as_lineno-$LINENO}: result: sdcc ${VERSION} is now configured for -@@ -10694,7 +10485,6 @@ sdcc ${VERSION} is now configured for +@@ -10772,7 +10563,6 @@ sdcc ${VERSION} is now configured for pdk15 ${enable_pdk15_port} pdk16 ${enable_pdk16_port} @@ -434,7 +434,7 @@ index 43ccb6f..d345f54 100755 Disable packihx: ${OPT_DISABLE_PACKIHX} Disable ucsim: ${OPT_DISABLE_UCSIM} Disable device lib: ${OPT_DISABLE_DEVICE_LIB} -@@ -10709,9 +10499,6 @@ sdcc ${VERSION} is now configured for +@@ -10787,9 +10577,6 @@ sdcc ${VERSION} is now configured for include/library files: ${datadir}/${inclib_dir_suffix} include files: ${datadir}/${include_dir_suffix} library files: ${datadir}/${lib_dir_suffix} @@ -444,7 +444,7 @@ index 43ccb6f..d345f54 100755 documentation: ${docdir} prefix: ${prefix} -@@ -10723,15 +10510,9 @@ sdcc ${VERSION} is now configured for +@@ -10801,15 +10588,9 @@ sdcc ${VERSION} is now configured for include files: ${incPath1} path(argv[0])${incPath2} ${incPath3} @@ -460,7 +460,7 @@ index 43ccb6f..d345f54 100755 " >&5 $as_echo " sdcc ${VERSION} is now configured for -@@ -10769,7 +10550,6 @@ sdcc ${VERSION} is now configured for +@@ -10849,7 +10630,6 @@ sdcc ${VERSION} is now configured for pdk15 ${enable_pdk15_port} pdk16 ${enable_pdk16_port} @@ -468,7 +468,7 @@ index 43ccb6f..d345f54 100755 Disable packihx: ${OPT_DISABLE_PACKIHX} Disable ucsim: ${OPT_DISABLE_UCSIM} Disable device lib: ${OPT_DISABLE_DEVICE_LIB} -@@ -10784,9 +10564,6 @@ sdcc ${VERSION} is now configured for +@@ -10864,9 +10644,6 @@ sdcc ${VERSION} is now configured for include/library files: ${datadir}/${inclib_dir_suffix} include files: ${datadir}/${include_dir_suffix} library files: ${datadir}/${lib_dir_suffix} @@ -478,7 +478,7 @@ index 43ccb6f..d345f54 100755 documentation: ${docdir} prefix: ${prefix} -@@ -10798,14 +10575,8 @@ sdcc ${VERSION} is now configured for +@@ -10878,14 +10655,8 @@ sdcc ${VERSION} is now configured for include files: ${incPath1} path(argv[0])${incPath2} ${incPath3} @@ -494,10 +494,10 @@ index 43ccb6f..d345f54 100755 " >&6; } # End of configure/configure.in diff --git a/configure.ac b/configure.ac -index 2185793..76ab155 100644 +index 455fee1..48e0a20 100644 --- a/configure.ac +++ b/configure.ac -@@ -544,19 +544,6 @@ if test "${include_dir_suffix}" = ""; then +@@ -548,19 +548,6 @@ if test "${include_dir_suffix}" = ""; then include_dir_suffix="${inclib_dir_suffix}/include" fi @@ -517,7 +517,7 @@ index 2185793..76ab155 100644 # lib_dir_suffix: # *nix default: "sdcc/lib" AC_ARG_VAR([lib_dir_suffix], [appended to datadir to define SDCC's library root directory]) -@@ -564,13 +551,6 @@ if test "${lib_dir_suffix}" = ""; then +@@ -568,13 +555,6 @@ if test "${lib_dir_suffix}" = ""; then lib_dir_suffix="${inclib_dir_suffix}/lib" fi @@ -531,7 +531,7 @@ index 2185793..76ab155 100644 # docdir: # *nix default: "${datadir}/sdcc/doc" AC_ARG_VAR([docdir], [documentation installation directory]) -@@ -611,19 +591,11 @@ norm_inc_dir_suffix=${include_dir_suffix} +@@ -615,19 +595,11 @@ norm_inc_dir_suffix=${include_dir_suffix} adl_NORMALIZE_PATH([norm_inc_dir_suffix], [$sdccconf_h_dir_separator]) AC_DEFINE_UNQUOTED(INCLUDE_DIR_SUFFIX, DIR_SEPARATOR_STRING "${norm_inc_dir_suffix}", [XXX]) @@ -551,7 +551,7 @@ index 2185793..76ab155 100644 # relative paths adl_COMPUTE_RELATIVE_PATHS([expanded_bindir:expanded_datadir:bin2data_dir]) -@@ -797,7 +769,6 @@ AC_DO_DISABLER(packihx, PACKIHX, [Disables building packihx]) +@@ -803,7 +775,6 @@ AC_DO_DISABLER(packihx, PACKIHX, [Disables building packihx]) AC_DO_DISABLER(sdcpp, SDCPP, [Disables building sdcpp]) AC_DO_DISABLER(sdcdb, SDCDB, [Disables building sdcdb]) AC_DO_DISABLER(sdbinutils, SDBINUTILS, [Disables configuring and building of sdbinutils]) @@ -559,7 +559,7 @@ index 2185793..76ab155 100644 AC_DO_ENABLER(doc, DOC, [Enables building the documentation]) AC_CHECK_PROG([LYX], [lyx], [lyx], [:]) -@@ -868,16 +839,10 @@ if test $OPT_DISABLE_PIC14 = 0; then +@@ -874,16 +845,10 @@ if test $OPT_DISABLE_PIC14 = 0; then AC_CONFIG_FILES(src/pic14/Makefile) test $OPT_DISABLE_DEVICE_LIB = 0 && AC_CONFIG_SUBDIRS(device/lib/pic14) fi @@ -574,9 +574,9 @@ index 2185793..76ab155 100644 - test $OPT_DISABLE_DEVICE_LIB = 0 && AC_CONFIG_SUBDIRS(device/non-free/lib/pic16) -fi - if test $OPT_DISABLE_Z80 = 0 || test $OPT_DISABLE_Z180 = 0 || test $OPT_DISABLE_R2K = 0 || test $OPT_DISABLE_R3KA = 0 || test $OPT_DISABLE_GBZ80 = 0 || test $OPT_DISABLE_TLCS90 = 0 || test $OPT_DISABLE_EZ80_Z80 = 0; then + if test $OPT_DISABLE_Z80 = 0 || test $OPT_DISABLE_Z180 = 0 || test $OPT_DISABLE_R2K = 0 || test $OPT_DISABLE_R2KA = 0 || test $OPT_DISABLE_R3KA = 0 || test $OPT_DISABLE_GBZ80 = 0 || test $OPT_DISABLE_TLCS90 = 0 || test $OPT_DISABLE_EZ80_Z80 = 0 || test $OPT_DISABLE_Z80N = 0; then AC_CONFIG_FILES([src/z80/Makefile]) -@@ -939,7 +904,6 @@ fi +@@ -947,7 +912,6 @@ fi test $OPT_DISABLE_DEVICE_LIB = 0 && AC_CONFIG_FILES([device/lib/Makefile]) @@ -584,7 +584,7 @@ index 2185793..76ab155 100644 AC_CONFIG_FILES([main.mk:main_in.mk src/Makefile -@@ -953,9 +917,6 @@ support/regression/ports/host/spec.mk:support/regression/ports/host/spec.mk.in +@@ -961,9 +925,6 @@ support/regression/ports/host/spec.mk:support/regression/ports/host/spec.mk.in Makefile Makefile.common:Makefile.common.in ]) @@ -594,7 +594,7 @@ index 2185793..76ab155 100644 AC_OUTPUT # I found no better place -@@ -973,16 +934,10 @@ adl_NORMALIZE_PATH_MSG(/${prefix2bin_dir}, [binPath], [ +@@ -981,16 +942,10 @@ adl_NORMALIZE_PATH_MSG(/${prefix2bin_dir}, [binPath], [ adl_NORMALIZE_PATH_MSG(/${prefix2data_dir}/${norm_inc_dir_suffix}, [incPath1], [$dirch]) adl_NORMALIZE_PATH_MSG(/${bin2data_dir}/${norm_inc_dir_suffix}, [incPath2], [$dirch]) adl_NORMALIZE_PATH_MSG(${expanded_datadir}/${norm_inc_dir_suffix}, [incPath3], [$dirch]) @@ -611,7 +611,7 @@ index 2185793..76ab155 100644 AC_MSG_RESULT([ sdcc ${VERSION} is now configured for -@@ -1020,7 +975,6 @@ sdcc ${VERSION} is now configured for +@@ -1030,7 +985,6 @@ sdcc ${VERSION} is now configured for pdk15 ${enable_pdk15_port} pdk16 ${enable_pdk16_port} @@ -619,7 +619,7 @@ index 2185793..76ab155 100644 Disable packihx: ${OPT_DISABLE_PACKIHX} Disable ucsim: ${OPT_DISABLE_UCSIM} Disable device lib: ${OPT_DISABLE_DEVICE_LIB} -@@ -1035,9 +989,6 @@ sdcc ${VERSION} is now configured for +@@ -1045,9 +999,6 @@ sdcc ${VERSION} is now configured for include/library files: ${datadir}/${inclib_dir_suffix} include files: ${datadir}/${include_dir_suffix} library files: ${datadir}/${lib_dir_suffix} @@ -629,7 +629,7 @@ index 2185793..76ab155 100644 documentation: ${docdir} prefix: ${prefix} -@@ -1049,14 +1000,8 @@ sdcc ${VERSION} is now configured for +@@ -1059,14 +1010,8 @@ sdcc ${VERSION} is now configured for include files: ${incPath1} path(argv[[0]])${incPath2} ${incPath3} @@ -675,7 +675,7 @@ index 019fe0f..da3389d 100644 ############################################################ # Common actions diff --git a/device/lib/pic14/Makefile.in b/device/lib/pic14/Makefile.in -index 39b6cb0..ae3e37b 100644 +index 039c0cb..90510fd 100644 --- a/device/lib/pic14/Makefile.in +++ b/device/lib/pic14/Makefile.in @@ -335,13 +335,12 @@ GENERIC_SRC_DIR_ABS = $(abspath $(GENERIC_SRC_DIR)) @@ -704,7 +704,7 @@ index 39b6cb0..ae3e37b 100644 # extensions generated by the build process CLEAN_EXTENSIONS = .asm .lst .sym .d .p .g .v .adb diff --git a/device/lib/pic14/libc/Makefile.in b/device/lib/pic14/libc/Makefile.in -index 0efeeb0..d4dd8e6 100644 +index 1283cbb..70e82d0 100644 --- a/device/lib/pic14/libc/Makefile.in +++ b/device/lib/pic14/libc/Makefile.in @@ -878,13 +878,12 @@ GENERIC_SRC_DIR_ABS = $(abspath $(GENERIC_SRC_DIR)) @@ -733,7 +733,7 @@ index 0efeeb0..d4dd8e6 100644 # extensions generated by the build process CLEAN_EXTENSIONS = .asm .lst .sym .d .p .g .v .adb diff --git a/device/lib/pic14/libm/Makefile.in b/device/lib/pic14/libm/Makefile.in -index f0dc9ca..98ed2cf 100644 +index 409835d..e9fdef8 100644 --- a/device/lib/pic14/libm/Makefile.in +++ b/device/lib/pic14/libm/Makefile.in @@ -511,13 +511,12 @@ GENERIC_SRC_DIR_ABS = $(abspath $(GENERIC_SRC_DIR)) @@ -762,7 +762,7 @@ index f0dc9ca..98ed2cf 100644 # extensions generated by the build process CLEAN_EXTENSIONS = .asm .lst .sym .d .p .g .v .adb diff --git a/device/lib/pic14/libsdcc/enhanced-no-xinst/Makefile.in b/device/lib/pic14/libsdcc/enhanced-no-xinst/Makefile.in -index 098ec94..d1240ba 100644 +index c82f7ba..780fa77 100644 --- a/device/lib/pic14/libsdcc/enhanced-no-xinst/Makefile.in +++ b/device/lib/pic14/libsdcc/enhanced-no-xinst/Makefile.in @@ -518,13 +518,12 @@ GENERIC_SRC_DIR_ABS = $(abspath $(GENERIC_SRC_DIR)) @@ -791,7 +791,7 @@ index 098ec94..d1240ba 100644 # extensions generated by the build process CLEAN_EXTENSIONS = .asm .lst .sym .d .p .g .v .adb diff --git a/device/lib/pic14/libsdcc/enhanced/Makefile.in b/device/lib/pic14/libsdcc/enhanced/Makefile.in -index d2dba9c..0857601 100644 +index 33b8299..f4e0398 100644 --- a/device/lib/pic14/libsdcc/enhanced/Makefile.in +++ b/device/lib/pic14/libsdcc/enhanced/Makefile.in @@ -518,13 +518,12 @@ GENERIC_SRC_DIR_ABS = $(abspath $(GENERIC_SRC_DIR)) @@ -820,7 +820,7 @@ index d2dba9c..0857601 100644 # extensions generated by the build process CLEAN_EXTENSIONS = .asm .lst .sym .d .p .g .v .adb diff --git a/device/lib/pic14/libsdcc/regular/Makefile.in b/device/lib/pic14/libsdcc/regular/Makefile.in -index 3c9bccd..9430fb5 100644 +index 6586b7d..7010287 100644 --- a/device/lib/pic14/libsdcc/regular/Makefile.in +++ b/device/lib/pic14/libsdcc/regular/Makefile.in @@ -511,13 +511,12 @@ GENERIC_SRC_DIR_ABS = $(abspath $(GENERIC_SRC_DIR)) @@ -875,7 +875,7 @@ index 01ad950..62839b9 100644 clean-local: diff --git a/device/lib/pic16/Makefile.in b/device/lib/pic16/Makefile.in -index 15d2e1d..9664ad4 100644 +index e4e3abb..730066b 100644 --- a/device/lib/pic16/Makefile.in +++ b/device/lib/pic16/Makefile.in @@ -87,10 +87,7 @@ PRE_UNINSTALL = : @@ -915,7 +915,7 @@ index 15d2e1d..9664ad4 100644 all: config.h $(MAKE) $(AM_MAKEFLAGS) all-recursive diff --git a/device/lib/pic16/configure b/device/lib/pic16/configure -index c8f5b98..76f93a8 100755 +index ed8ad06..65baa93 100755 --- a/device/lib/pic16/configure +++ b/device/lib/pic16/configure @@ -3657,7 +3657,6 @@ fi @@ -942,7 +942,7 @@ index 3966c11..cdbffc7 100644 # Checks for header files. diff --git a/device/lib/pic16/debug/Makefile.in b/device/lib/pic16/debug/Makefile.in -index df593e3..8cb5137 100644 +index 8d5eb80..9dd8bb2 100644 --- a/device/lib/pic16/debug/Makefile.in +++ b/device/lib/pic16/debug/Makefile.in @@ -88,10 +88,7 @@ PRE_UNINSTALL = : @@ -982,7 +982,7 @@ index df593e3..8cb5137 100644 .SUFFIXES: diff --git a/device/lib/pic16/libc/Makefile.in b/device/lib/pic16/libc/Makefile.in -index 85bec90..c0ea488 100644 +index 659db72..cbb73bf 100644 --- a/device/lib/pic16/libc/Makefile.in +++ b/device/lib/pic16/libc/Makefile.in @@ -88,10 +88,7 @@ PRE_UNINSTALL = : @@ -1022,7 +1022,7 @@ index 85bec90..c0ea488 100644 .SUFFIXES: diff --git a/device/lib/pic16/libio/Makefile.in b/device/lib/pic16/libio/Makefile.in -index 06fff29..78fe388 100644 +index 128ffcc..b298c7c 100644 --- a/device/lib/pic16/libio/Makefile.in +++ b/device/lib/pic16/libio/Makefile.in @@ -481,10 +481,7 @@ POST_UNINSTALL = : @@ -1107,7 +1107,7 @@ index 211604e..e8896bf 100755 include \$(top_srcdir)/Makefile.common diff --git a/device/lib/pic16/libm/Makefile.in b/device/lib/pic16/libm/Makefile.in -index 6728a39..495459e 100644 +index af29662..05f1c24 100644 --- a/device/lib/pic16/libm/Makefile.in +++ b/device/lib/pic16/libm/Makefile.in @@ -88,10 +88,7 @@ PRE_UNINSTALL = : @@ -1147,7 +1147,7 @@ index 6728a39..495459e 100644 .SUFFIXES: diff --git a/device/lib/pic16/libsdcc/Makefile.in b/device/lib/pic16/libsdcc/Makefile.in -index 331aea0..63565be 100644 +index d384631..01129e3 100644 --- a/device/lib/pic16/libsdcc/Makefile.in +++ b/device/lib/pic16/libsdcc/Makefile.in @@ -88,10 +88,7 @@ PRE_UNINSTALL = : @@ -1187,7 +1187,7 @@ index 331aea0..63565be 100644 .SUFFIXES: diff --git a/device/lib/pic16/startup/Makefile.in b/device/lib/pic16/startup/Makefile.in -index 2e59220..b213866 100644 +index 6169096..0172a25 100644 --- a/device/lib/pic16/startup/Makefile.in +++ b/device/lib/pic16/startup/Makefile.in @@ -89,10 +89,7 @@ PRE_UNINSTALL = : @@ -1227,7 +1227,7 @@ index 2e59220..b213866 100644 .SUFFIXES: diff --git a/doc/INSTALL.txt b/doc/INSTALL.txt -index 76a6f42..0f92463 100644 +index d630b99..8cd747f 100644 --- a/doc/INSTALL.txt +++ b/doc/INSTALL.txt @@ -18,9 +18,7 @@ To install: @@ -1279,7 +1279,7 @@ index 88f8c98..a36db81 100644 See: diff --git a/doc/sdccman.lyx b/doc/sdccman.lyx -index d18a509..b95bf61 100644 +index c8f8e73..e4afb0c 100644 --- a/doc/sdccman.lyx +++ b/doc/sdccman.lyx @@ -1092,54 +1092,9 @@ A possible exception are pic device libraries and header files which are @@ -1340,7 +1340,7 @@ index d18a509..b95bf61 100644 \end_layout \begin_layout Itemize -@@ -2870,18 +2825,6 @@ include_dir_suffix environment variable, see table below +@@ -2890,18 +2845,6 @@ include_dir_suffix environment variable, see table below \end_inset @@ -1359,7 +1359,7 @@ index d18a509..b95bf61 100644 \begin_inset space ~ \end_inset -@@ -2894,22 +2837,6 @@ lib_dir_suffix environment variable, see table below +@@ -2914,22 +2857,6 @@ lib_dir_suffix environment variable, see table below \end_inset @@ -1382,7 +1382,7 @@ index d18a509..b95bf61 100644 \begin_inset space ~ \end_inset -@@ -3408,7 +3335,7 @@ These defaults are: +@@ -3428,7 +3355,7 @@ These defaults are: \begin_layout Standard \align center \begin_inset Tabular @@ -1391,7 +1391,7 @@ index d18a509..b95bf61 100644 -@@ -3692,68 +3619,6 @@ sdcc/include +@@ -3712,68 +3639,6 @@ sdcc/include include \end_layout @@ -1460,7 +1460,7 @@ index d18a509..b95bf61 100644 \end_inset -@@ -3764,7 +3629,7 @@ lib +@@ -3784,7 +3649,7 @@ lib \begin_layout Plain Layout \emph on @@ -1469,7 +1469,7 @@ index d18a509..b95bf61 100644 \end_layout \end_inset -@@ -3773,7 +3638,7 @@ NON_FREE_LIB_DIR_SUFFIX +@@ -3793,7 +3658,7 @@ NON_FREE_LIB_DIR_SUFFIX \begin_inset Text \begin_layout Plain Layout @@ -1478,7 +1478,7 @@ index d18a509..b95bf61 100644 \end_layout \end_inset -@@ -3782,7 +3647,7 @@ sdcc/non-free/lib +@@ -3802,7 +3667,7 @@ sdcc/non-free/lib \begin_inset Text \begin_layout Plain Layout @@ -1487,7 +1487,7 @@ index d18a509..b95bf61 100644 \end_layout \end_inset -@@ -4181,20 +4046,6 @@ include +@@ -4201,20 +4066,6 @@ include \end_inset @@ -1508,7 +1508,7 @@ index d18a509..b95bf61 100644 \backslash \begin_inset Newline newline -@@ -4209,20 +4060,6 @@ lib +@@ -4229,20 +4080,6 @@ lib \end_inset @@ -1529,7 +1529,7 @@ index d18a509..b95bf61 100644 \backslash \begin_inset Newline newline -@@ -4403,20 +4240,6 @@ include +@@ -4423,20 +4260,6 @@ include \end_inset @@ -1550,7 +1550,7 @@ index d18a509..b95bf61 100644 \backslash \begin_inset Newline newline -@@ -4431,20 +4254,6 @@ lib +@@ -4451,20 +4274,6 @@ lib \end_inset @@ -1571,7 +1571,7 @@ index d18a509..b95bf61 100644 \backslash \begin_inset Newline newline -@@ -4541,7 +4350,7 @@ Install paths +@@ -4561,7 +4370,7 @@ Install paths \begin_layout Standard \align center \begin_inset Tabular @@ -1580,7 +1580,7 @@ index d18a509..b95bf61 100644 -@@ -4697,64 +4506,6 @@ include +@@ -4717,64 +4526,6 @@ include \begin_inset Text @@ -1645,7 +1645,7 @@ index d18a509..b95bf61 100644 \begin_layout Plain Layout Library file** \end_layout -@@ -4804,64 +4555,6 @@ sdcc +@@ -4824,64 +4575,6 @@ sdcc lib \end_layout @@ -1710,7 +1710,7 @@ index d18a509..b95bf61 100644 \end_inset -@@ -5184,7 +4877,7 @@ $PATH +@@ -5204,7 +4897,7 @@ $PATH \begin_layout Standard \align center \begin_inset Tabular @@ -1719,7 +1719,7 @@ index d18a509..b95bf61 100644 -@@ -5462,203 +5155,13 @@ include +@@ -5482,203 +5175,13 @@ include @@ -1924,7 +1924,7 @@ index d18a509..b95bf61 100644 \end_inset -@@ -5674,21 +5177,13 @@ $DATADIR/ +@@ -5694,21 +5197,13 @@ $DATADIR/ \end_inset @@ -1947,7 +1947,7 @@ index d18a509..b95bf61 100644 \begin_inset Text \begin_layout Plain Layout -@@ -5696,7 +5191,7 @@ $INCLUDE_DIR_SUFFIX +@@ -5716,7 +5211,7 @@ $INCLUDE_DIR_SUFFIX \begin_inset Newline newline \end_inset @@ -1956,7 +1956,7 @@ index d18a509..b95bf61 100644 \end_layout \end_inset -@@ -5794,7 +5289,7 @@ model +@@ -5814,7 +5309,7 @@ model \begin_layout Standard \align center \begin_inset Tabular @@ -1965,7 +1965,7 @@ index d18a509..b95bf61 100644 -@@ -6074,7 +5569,7 @@ lib +@@ -6094,7 +5589,7 @@ lib @@ -1974,7 +1974,7 @@ index d18a509..b95bf61 100644 \begin_inset Text \begin_layout Plain Layout -@@ -6083,7 +5578,7 @@ lib +@@ -6103,7 +5598,7 @@ lib \end_inset @@ -1983,7 +1983,7 @@ index d18a509..b95bf61 100644 \begin_inset Text \begin_layout Plain Layout -@@ -6114,7 +5609,7 @@ $LIB_DIR_SUFFIX/ +@@ -6134,7 +5629,7 @@ $LIB_DIR_SUFFIX/ \end_inset @@ -1992,7 +1992,7 @@ index d18a509..b95bf61 100644 \begin_inset Text \begin_layout Plain Layout -@@ -6129,7 +5624,7 @@ lib/ +@@ -6149,7 +5644,7 @@ lib/ \end_inset @@ -2001,7 +2001,7 @@ index d18a509..b95bf61 100644 \begin_inset Text \begin_layout Plain Layout -@@ -6152,308 +5647,6 @@ lib +@@ -6172,308 +5667,6 @@ lib \end_layout @@ -2310,7 +2310,7 @@ index d18a509..b95bf61 100644 \end_inset -@@ -8717,14 +7910,6 @@ In /share/sdcc/include +@@ -8737,14 +7930,6 @@ In /share/sdcc/include the include files \end_layout @@ -2325,7 +2325,7 @@ index d18a509..b95bf61 100644 \begin_layout Standard In /share/sdcc/lib \end_layout -@@ -8733,14 +7918,6 @@ In /share/sdcc/lib +@@ -8753,14 +7938,6 @@ In /share/sdcc/lib the src and target subdirectories with the precompiled relocatables. \end_layout @@ -2340,7 +2340,7 @@ index d18a509..b95bf61 100644 \begin_layout Standard In /share/sdcc/doc \end_layout -@@ -15254,66 +14431,6 @@ splint +@@ -15274,66 +14451,6 @@ splint myprogram.c \end_layout @@ -2407,7 +2407,7 @@ index d18a509..b95bf61 100644 \begin_layout Subsection Linker Options \begin_inset Index idx -@@ -44656,66 +43773,9 @@ http://sourceforge.net/projects/gputils +@@ -44653,66 +43770,9 @@ http://sourceforge.net/projects/gputils Pic device specific header and c source files are automatically generated from MPLAB include files, which are published by Microchip with a special requirement that they are only to be used with authentic Microchip devices. @@ -2477,7 +2477,7 @@ index d18a509..b95bf61 100644 \begin_inset Newline newline \end_inset -@@ -44769,7 +43829,7 @@ Makefile +@@ -44766,7 +43826,7 @@ Makefile \begin_inset space ~ \end_inset @@ -2486,7 +2486,7 @@ index d18a509..b95bf61 100644 \begin_inset Newline newline \end_inset -@@ -44863,7 +43923,7 @@ Makefile +@@ -44860,7 +43920,7 @@ Makefile \begin_inset space ~ \end_inset @@ -2495,7 +2495,7 @@ index d18a509..b95bf61 100644 \begin_inset Newline newline \end_inset -@@ -45145,47 +44205,6 @@ status collapsed +@@ -45142,47 +44202,6 @@ status collapsed \begin_layout Plain Layout @@ -2543,7 +2543,7 @@ index d18a509..b95bf61 100644 \backslash / \end_layout -@@ -46058,47 +45077,6 @@ status collapsed +@@ -46055,47 +45074,6 @@ status collapsed -all-callee-saves \end_layout @@ -2591,7 +2591,7 @@ index d18a509..b95bf61 100644 \begin_layout Subsection Port Specific Options \begin_inset Index idx -@@ -47375,188 +46353,6 @@ Linker +@@ -47372,188 +46350,6 @@ Linker \end_inset @@ -2780,7 +2780,7 @@ index d18a509..b95bf61 100644 \end_layout \begin_layout Subsection -@@ -48252,66 +47048,9 @@ name "subsec:PIC16_Header-Files-and-Libraries" +@@ -48249,66 +47045,9 @@ name "subsec:PIC16_Header-Files-and-Libraries" Pic device specific header and c source files are automatically generated from MPLAB include files, which are published by Microchip with a special requirement that they are only to be used with authentic Microchip devices. @@ -2850,7 +2850,7 @@ index d18a509..b95bf61 100644 \end_layout \begin_layout Subsection -@@ -48557,195 +47296,6 @@ vfprintf.c +@@ -48554,195 +47293,6 @@ vfprintf.c should also work, but is untested. \end_layout @@ -3046,7 +3046,7 @@ index d18a509..b95bf61 100644 \begin_layout Subsection Memory Models \end_layout -@@ -73531,6 +72081,12 @@ This document was initially written by Sandeep Dutta and updated by SDCC +@@ -73528,6 +72078,12 @@ This document was initially written by Sandeep Dutta and updated by SDCC developers. \end_layout @@ -3060,10 +3060,10 @@ index d18a509..b95bf61 100644 All product names mentioned herein may be trademarks \begin_inset Index idx diff --git a/sdcc.spec b/sdcc.spec -index b8baa92..be90a84 100644 +index 3609ffe..4b4a5cb 100644 --- a/sdcc.spec +++ b/sdcc.spec -@@ -83,15 +83,15 @@ rm -rf $RPM_BUILD_ROOT +@@ -89,9 +89,7 @@ rm -rf $RPM_BUILD_ROOT %files common %defattr(-,root,root) /usr/share/sdcc/include @@ -3073,12 +3073,13 @@ index b8baa92..be90a84 100644 %files doc %defattr(-,root,root) - %doc %{_defaultdocdir} - +@@ -100,6 +98,8 @@ rm -rf $RPM_BUILD_ROOT %changelog + * Sat Feb 20 2021 - pkk AT spth.de + - version updated to 4.0.0 +* Tue Dec 08 2020 - simon AT simonsouth.net +- removed non-free include and lib directories - * Sat Jan 18 2029 - pkk AT spth.de + * Sat Jan 18 2020 - pkk AT spth.de - version updated to 4.0.0 * Fri Apr 05 2019 - krauseph AT informatik.uni-freiburg.de diff --git a/sdcc_vc.h.in b/sdcc_vc.h.in @@ -3095,10 +3096,10 @@ index 06d8cca..736c325 100644 #define BIN2DATA_DIR "\\.." #define PREFIX2BIN_DIR "\\bin" diff --git a/sdccconf_in.h b/sdccconf_in.h -index aeb2724..9c1df9d 100644 +index eb6f48b..9f5b003 100644 --- a/sdccconf_in.h +++ b/sdccconf_in.h -@@ -97,12 +97,6 @@ +@@ -100,12 +100,6 @@ /* XXX */ #undef LIB_DIR_SUFFIX @@ -3111,7 +3112,7 @@ index aeb2724..9c1df9d 100644 /* Define to 1 to disable the AVR port */ #undef OPT_DISABLE_AVR -@@ -127,9 +121,6 @@ +@@ -130,9 +124,6 @@ /* XXX */ #undef OPT_DISABLE_MCS51 @@ -3122,11 +3123,11 @@ index aeb2724..9c1df9d 100644 #undef OPT_DISABLE_PACKIHX diff --git a/src/SDCCglobl.h b/src/SDCCglobl.h -index b8d156b..db81fd7 100644 +index 9383f68..c2f0b42 100644 --- a/src/SDCCglobl.h +++ b/src/SDCCglobl.h @@ -288,7 +288,6 @@ struct options - int no_pack_iram; /* MCS51/DS390 - Deprecated: Tells the linker not to pack variables in internal ram */ + int stack_size; /* MCS51/DS390 - Tells the linker to allocate this space for stack */ int acall_ajmp; /* MCS51 - Use acall/ajmp instead of lcall/ljmp */ int no_ret_without_call; /* MCS51 - Do not use ret independent of acall/lcall */ - int use_non_free; /* Search / include non-free licensed libraries and header files */ @@ -3134,10 +3135,10 @@ index b8d156b..db81fd7 100644 int xstack_loc; /* initial location of external stack */ int stack_loc; /* initial value of internal stack pointer */ diff --git a/src/SDCCmain.c b/src/SDCCmain.c -index d4598a5..cd36f3d 100644 +index 2a7a711..f46370f 100644 --- a/src/SDCCmain.c +++ b/src/SDCCmain.c -@@ -142,7 +142,6 @@ char buffer[PATH_MAX * 2]; +@@ -151,7 +151,6 @@ char buffer[PATH_MAX * 2]; #define OPTION_DATA_SEG "--dataseg" #define OPTION_DOLLARS_IN_IDENT "--fdollars-in-identifiers" #define OPTION_SIGNED_CHAR "--fsigned-char" @@ -3145,7 +3146,7 @@ index d4598a5..cd36f3d 100644 #define OPTION_PEEP_RETURN "--peep-return" #define OPTION_NO_PEEP_RETURN "--no-peep-return" #define OPTION_NO_OPTSDCC_IN_ASM "--no-optsdcc-in-asm" -@@ -197,7 +196,6 @@ static const OPTION optionsTable[] = { +@@ -207,7 +206,6 @@ static const OPTION optionsTable[] = { {0, OPTION_STD_SDCC2X, NULL, "Use ISO C2X standard with SDCC extensions"}, {0, OPTION_DOLLARS_IN_IDENT, &options.dollars_in_ident, "Permit '$' as an identifier character"}, {0, OPTION_SIGNED_CHAR, &options.signed_char, "Make \"char\" signed by default"}, @@ -3153,7 +3154,7 @@ index d4598a5..cd36f3d 100644 {0, NULL, NULL, "Code generation options"}, {'m', NULL, NULL, "Set the port to use e.g. -mz80."}, -@@ -2084,10 +2082,6 @@ preProcess (char **envp) +@@ -2113,10 +2111,6 @@ preProcess (char **envp) else addSet (&preArgvSet, Safe_strdup ("-D__SDCC_CHAR_UNSIGNED")); @@ -3164,7 +3165,7 @@ index d4598a5..cd36f3d 100644 /* set the macro for large model */ switch (options.model) { -@@ -2301,12 +2295,6 @@ setIncludePath (void) +@@ -2336,12 +2330,6 @@ setIncludePath (void) * 6. - $SDCC_HOME/PREFIX2DATA_DIR/INCLUDE_DIR_SUFFIX * 7. - path(argv[0])/BIN2DATA_DIR/INCLUDE_DIR_SUFFIX * 8. - DATADIR/INCLUDE_DIR_SUFFIX (only on *nix) @@ -3177,8 +3178,8 @@ index d4598a5..cd36f3d 100644 */ if (!options.nostdinc) -@@ -2319,17 +2307,6 @@ setIncludePath (void) - includeDirsSet = processStrSet (includeDirsSet, NULL, port->target, NULL); +@@ -2357,17 +2345,6 @@ setIncludePath (void) + includeDirsSet = processStrSet (includeDirsSet, NULL, port->target, NULL); mergeSets (&includeDirsSet, tempSet); - if (options.use_non_free) @@ -3195,7 +3196,7 @@ index d4598a5..cd36f3d 100644 if ((p = getenv (SDCC_INCLUDE_NAME)) != NULL) { struct dbuf_s dbuf; -@@ -2354,9 +2331,6 @@ setLibPath (void) +@@ -2392,9 +2369,6 @@ setLibPath (void) * 3. - $SDCC_HOME/PREFIX2DATA_DIR/LIB_DIR_SUFFIX/ * 4. - path(argv[0])/BIN2DATA_DIR/LIB_DIR_SUFFIX/ * 5. - DATADIR/LIB_DIR_SUFFIX/ (only on *nix) @@ -3205,7 +3206,7 @@ index d4598a5..cd36f3d 100644 */ if (!options.nostdlib) -@@ -2373,13 +2347,6 @@ setLibPath (void) +@@ -2411,13 +2385,6 @@ setLibPath (void) dbuf_makePath (&dbuf, LIB_DIR_SUFFIX, port->general.get_model ? port->general.get_model () : targetname); libDirsSet = processStrSet (dataDirsSet, NULL, dbuf_c_str (&dbuf), NULL); @@ -3273,7 +3274,7 @@ index cdfbba0..5877f09 100644 extern pic16_options_t pic16_options; diff --git a/src/pic16/main.c b/src/pic16/main.c -index 61d9cfb..75d1182 100644 +index d416642..bfe514d 100644 --- a/src/pic16/main.c +++ b/src/pic16/main.c @@ -655,7 +655,6 @@ OPTION pic16_optionsTable[]= { @@ -3495,10 +3496,10 @@ index 6db417a..4b35225 100755 ); diff --git a/support/scripts/sdcc.nsi b/support/scripts/sdcc.nsi -index 68e9035..92e5784 100644 +index da63063..dae8d8d 100644 --- a/support/scripts/sdcc.nsi +++ b/support/scripts/sdcc.nsi -@@ -483,11 +483,6 @@ ${Section} "SDCC include files" SEC05 +@@ -479,11 +479,6 @@ ${Section} "SDCC include files" SEC05 SetOutPath "$INSTDIR\include" File "${DEV_ROOT}\include\*.h" @@ -3510,7 +3511,7 @@ index 68e9035..92e5784 100644 ${SectionEnd} ${Section} "SDCC DS390 library" SEC06 -@@ -585,18 +580,12 @@ ${Section} "SDCC PIC16 library" SEC21 +@@ -581,18 +576,12 @@ ${Section} "SDCC PIC16 library" SEC21 SetOutPath "$INSTDIR\lib\pic16" File "${DEV_ROOT}\lib\pic16\*.o" File "${DEV_ROOT}\lib\pic16\*.lib" @@ -3551,7 +3552,7 @@ index 68e9035..92e5784 100644 SetOutPath "$INSTDIR\lib\src\pic16\libio" File "${DEV_ROOT}\lib\src\pic16\libio\*.ignore" # File "${DEV_ROOT}\lib\src\pic16\libio\Makefile" -@@ -1074,13 +1055,9 @@ ${Section} Uninstall SECUNINSTALL +@@ -1105,13 +1086,9 @@ ${Section} Uninstall SECUNINSTALL Delete "$INSTDIR\lib\pic14\*.lib" @@ -3565,7 +3566,7 @@ index 68e9035..92e5784 100644 Delete "$INSTDIR\lib\hc08\*.lib" Delete "$INSTDIR\lib\s08\*.lib" -@@ -1144,9 +1121,7 @@ ${Section} Uninstall SECUNINSTALL +@@ -1182,9 +1159,7 @@ ${Section} Uninstall SECUNINSTALL Delete "$INSTDIR\include\pic14\*.h" Delete "$INSTDIR\include\pic14\*.txt" Delete "$INSTDIR\include\pic14\*.inc" @@ -3575,7 +3576,7 @@ index 68e9035..92e5784 100644 Delete "$INSTDIR\include\pic16\*.txt" Delete "$INSTDIR\include\mcs51\*.h" Delete "$INSTDIR\include\hc08\*.h" -@@ -1208,9 +1183,7 @@ ${Section} Uninstall SECUNINSTALL +@@ -1246,9 +1221,7 @@ ${Section} Uninstall SECUNINSTALL Delete "$INSTDIR\uninstall.exe" RMDir /r "$INSTDIR\lib\src\pic14" @@ -3585,9 +3586,9 @@ index 68e9035..92e5784 100644 RMDir "$INSTDIR\lib\src\small" RMDir "$INSTDIR\lib\src\medium" RMDir "$INSTDIR\lib\src\large" -@@ -1233,12 +1206,9 @@ ${Section} Uninstall SECUNINSTALL - RMDir "$INSTDIR\lib\src\pdk15" - RMDir "$INSTDIR\lib\src\pdk15-stack-auto" +@@ -1274,12 +1247,9 @@ ${Section} Uninstall SECUNINSTALL + RMDir "$INSTDIR\lib\src\tlcs90" + RMDir "$INSTDIR\lib\src\z80n" RMDir "$INSTDIR\lib\src" - RMDir "$INSTDIR\non-free\lib\src" @@ -3598,17 +3599,15 @@ index 68e9035..92e5784 100644 RMDir "$INSTDIR\lib\z80" RMDir "$INSTDIR\lib\z180" RMDir "$INSTDIR\lib\r2k" -@@ -1261,7 +1231,6 @@ ${Section} Uninstall SECUNINSTALL - RMDir "$INSTDIR\lib\pdk15" - RMDir "$INSTDIR\lib\pdk15-stack-auto" +@@ -1305,15 +1275,12 @@ ${Section} Uninstall SECUNINSTALL + RMDir "$INSTDIR\lib\tlcs90" + RMDir "$INSTDIR\lib\z80n" RMDir "$INSTDIR\lib" - RMDir "$INSTDIR\non-free\lib" RMDir "$INSTDIR\include\asm\z80" - RMDir "$INSTDIR\include\asm\z180" -@@ -1269,9 +1238,7 @@ ${Section} Uninstall SECUNINSTALL + RMDir "$INSTDIR\include\asm\r2k" RMDir "$INSTDIR\include\asm\r3ka" - RMDir "$INSTDIR\include\asm\ez80_z80" RMDir "$INSTDIR\include\asm\pic16" - RMDir "$INSTDIR\non-free\include\asm\pic16" RMDir "$INSTDIR\include\asm\pic14" @@ -3616,7 +3615,7 @@ index 68e9035..92e5784 100644 RMDir "$INSTDIR\include\asm\mcs51" RMDir "$INSTDIR\include\asm\gbz80" RMDir "$INSTDIR\include\asm\ds390" -@@ -1280,17 +1247,12 @@ ${Section} Uninstall SECUNINSTALL +@@ -1322,17 +1289,12 @@ ${Section} Uninstall SECUNINSTALL RMDir "$INSTDIR\include\asm" RMDir "$INSTDIR\include\z180" RMDir "$INSTDIR\include\pic14" -- cgit v1.2.3 From 70128b8afacf332b0aff69ebcad6868fd158e8ad Mon Sep 17 00:00:00 2001 From: Léo Le Bouter Date: Wed, 10 Mar 2021 11:49:35 +0100 Subject: gnu: cyrus-sasl: Fix CVE-2019-19906. * gnu/packages/patches/cyrus-sasl-CVE-2019-19906.patch: New patch. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/cyrus-sasl.scm (cyrus-sasl/fixed): New variable. Apply patch. (cyrus-sasl)[replacement]: Graft. --- gnu/local.mk | 1 + gnu/packages/cyrus-sasl.scm | 18 ++++++++++++++++ .../patches/cyrus-sasl-CVE-2019-19906.patch | 25 ++++++++++++++++++++++ 3 files changed, 44 insertions(+) create mode 100644 gnu/packages/patches/cyrus-sasl-CVE-2019-19906.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index dcee722e79..43ed97692e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -917,6 +917,7 @@ dist_patch_DATA = \ %D%/packages/patches/cursynth-wave-rand.patch \ %D%/packages/patches/cvs-CVE-2017-12836.patch \ %D%/packages/patches/cyrus-sasl-ac-try-run-fix.patch \ + %D%/packages/patches/cyrus-sasl-CVE-2019-19906.patch \ %D%/packages/patches/c++-gsl-find-system-gtest.patch \ %D%/packages/patches/date-output-pkg-config-files.patch \ %D%/packages/patches/datefudge-gettimeofday.patch \ diff --git a/gnu/packages/cyrus-sasl.scm b/gnu/packages/cyrus-sasl.scm index 3e65a1faf6..691349a38f 100644 --- a/gnu/packages/cyrus-sasl.scm +++ b/gnu/packages/cyrus-sasl.scm @@ -45,6 +45,7 @@ (sha256 (base32 "1m85zcpgfdhm43cavpdkhb1s2zq1b31472hq1w1gs3xh94anp1i6")) (patches (search-patches "cyrus-sasl-ac-try-run-fix.patch")))) + (replacement cyrus-sasl/fixed) (build-system gnu-build-system) (native-inputs `(("autoconf" ,autoconf) @@ -80,3 +81,20 @@ server writers.") (license (license:non-copyleft "file://COPYING" "See COPYING in the distribution.")) (home-page "https://cyrusimap.org/sasl/"))) + +(define-public cyrus-sasl/fixed + (package + (inherit cyrus-sasl) + (version "2.1.27") + (source (origin + (method url-fetch) + (uri (list (string-append + "https://cyrusimap.org/releases/cyrus-sasl-" + version ".tar.gz") + (string-append + "ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-" + version ".tar.gz"))) + (sha256 (base32 + "1m85zcpgfdhm43cavpdkhb1s2zq1b31472hq1w1gs3xh94anp1i6")) + (patches (search-patches "cyrus-sasl-ac-try-run-fix.patch" + "cyrus-sasl-CVE-2019-19906.patch")))))) diff --git a/gnu/packages/patches/cyrus-sasl-CVE-2019-19906.patch b/gnu/packages/patches/cyrus-sasl-CVE-2019-19906.patch new file mode 100644 index 0000000000..acdf682430 --- /dev/null +++ b/gnu/packages/patches/cyrus-sasl-CVE-2019-19906.patch @@ -0,0 +1,25 @@ +From dcc9f51cbd4ed622cfb0f9b1c141eb2ffe3b12f1 Mon Sep 17 00:00:00 2001 +From: Quanah Gibson-Mount +Date: Tue, 18 Feb 2020 19:05:12 +0000 +Subject: [PATCH] Fix #587 + +Off by one error in common.c, CVE-2019-19906. + +Thanks to Stephan Zeisberg for reporting +--- + lib/common.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/common.c b/lib/common.c +index bc3bf1df..9969d6aa 100644 +--- a/lib/common.c ++++ b/lib/common.c +@@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t *alloclen, + + if (add==NULL) add = "(null)"; + +- addlen=strlen(add); /* only compute once */ ++ addlen=strlen(add)+1; /* only compute once */ + if (_buf_alloc(out, alloclen, (*outlen)+addlen)!=SASL_OK) + return SASL_NOMEM; + -- cgit v1.2.3 From 38b0c64d7b3e4c6bfc1da9cd6b9a04d27972e90d Mon Sep 17 00:00:00 2001 From: Lars-Dominik Braun Date: Thu, 4 Mar 2021 12:00:47 +0100 Subject: gnu: python-shouldbe: Remove. Unmaintained upstream and its only dependent (python-gssapi) dropped it. * gnu/packages/patches/python-shouldbe-0.1.2-cpy3.8.patch: Remove. * gnu/local.mk: Drop patch file. * gnu/packages/python-xyz.scm (python-shouldbe): Remove. --- gnu/local.mk | 1 - .../patches/python-shouldbe-0.1.2-cpy3.8.patch | 82 ---------------------- gnu/packages/python-xyz.scm | 23 ------ 3 files changed, 106 deletions(-) delete mode 100644 gnu/packages/patches/python-shouldbe-0.1.2-cpy3.8.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 43ed97692e..667ec79048 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1560,7 +1560,6 @@ dist_patch_DATA = \ %D%/packages/patches/python2-pygobject-2-deprecation.patch \ %D%/packages/patches/python-pygpgme-fix-pinentry-tests.patch \ %D%/packages/patches/python-robotframework-source-date-epoch.patch \ - %D%/packages/patches/python-shouldbe-0.1.2-cpy3.8.patch \ %D%/packages/patches/python2-subprocess32-disable-input-test.patch \ %D%/packages/patches/python-unittest2-python3-compat.patch \ %D%/packages/patches/python-unittest2-remove-argparse.patch \ diff --git a/gnu/packages/patches/python-shouldbe-0.1.2-cpy3.8.patch b/gnu/packages/patches/python-shouldbe-0.1.2-cpy3.8.patch deleted file mode 100644 index f3b56e42d6..0000000000 --- a/gnu/packages/patches/python-shouldbe-0.1.2-cpy3.8.patch +++ /dev/null @@ -1,82 +0,0 @@ -Fix compatibility with Python 3.8. - -Upstream issue: https://github.com/DirectXMan12/should_be/pull/5 - -diff -x '*.pyc' -Naur shouldbe-0.1.2/should_be/core.py shouldbe-0.1.2.patched/should_be/core.py ---- shouldbe-0.1.2/should_be/core.py 2019-03-06 07:38:22.000000000 +0100 -+++ shouldbe-0.1.2.patched/should_be/core.py 2020-05-18 08:44:24.214664704 +0200 -@@ -103,7 +103,7 @@ - return resf - - --def buildCode(baseCode, argcount=None, kwonlyargcount=None, -+def buildCode(baseCode, argcount=None, posonlyargcount=None, kwonlyargcount=None, - nlocals=None, stacksize=None, flags=None, - code=None, consts=None, names=None, - varnames=None, filename=None, name=None, -@@ -121,6 +121,24 @@ - nlocals or baseCode.co_nlocals, - stacksize or baseCode.co_stacksize, - flags or baseCode.co_flags, -+ code or baseCode.co_code, -+ consts or baseCode.co_consts, -+ names or baseCode.co_names, -+ varnames or baseCode.co_varnames, -+ filename or baseCode.co_filename, -+ name or baseCode.co_name, -+ firstlineno or baseCode.co_firstlineno, -+ lnotab or baseCode.co_lnotab, -+ freevars or baseCode.co_freevars, -+ cellvars or baseCode.co_cellvars) -+ elif hasattr(baseCode, 'co_posonlyargcount'): -+ # Python 3.8 -+ resc = CodeType(argcount or baseCode.co_argcount, -+ posonlyargcount or baseCode.co_posonlyargcount, -+ kwonlyargcount or baseCode.co_kwonlyargcount, -+ nlocals or baseCode.co_nlocals, -+ stacksize or baseCode.co_stacksize, -+ flags or baseCode.co_flags, - code or baseCode.co_code, - consts or baseCode.co_consts, - names or baseCode.co_names, -diff -x '*.pyc' -Naur shouldbe-0.1.2/should_be/tests/test_container_mixin.py shouldbe-0.1.2.patched/should_be/tests/test_container_mixin.py ---- shouldbe-0.1.2/should_be/tests/test_container_mixin.py 2019-03-01 06:38:16.000000000 +0100 -+++ shouldbe-0.1.2.patched/should_be/tests/test_container_mixin.py 2020-05-18 09:00:51.372531064 +0200 -@@ -7,31 +7,31 @@ - self.lst = [1, 2, 3] - - def test_should_include_iter(self): -- err_msg = (r'[a-zA-Z0-9.]+ should have included \[.+?\]' -+ err_msg = (r'[a-zA-Z0-9.()]+ should have included \[.+?\]' - r', but did not have items .+') -- self.assertRaisesRegexp(AssertionError, err_msg, -+ self.assertRaisesRegex(AssertionError, err_msg, - self.lst.should_include, [4]) - - self.lst.should_include([1, 2, 3]) - - def test_should_include_item(self): -- err_msg = (r'[a-zA-Z0-9.]+ should have included .+?' -+ err_msg = (r'[a-zA-Z0-9.()]+ should have included .+?' - r', but did not') -- self.assertRaisesRegexp(AssertionError, err_msg, -+ self.assertRaisesRegex(AssertionError, err_msg, - self.lst.should_include, 4) - - self.lst.should_include(3) - - def test_shouldnt_include_iter(self): - err_msg = 'should not have included' -- self.assertRaisesRegexp(AssertionError, err_msg, -+ self.assertRaisesRegex(AssertionError, err_msg, - self.lst.shouldnt_include, [2, 3]) - - self.lst.shouldnt_include([4, 5]) - - def test_shouldnt_include_item(self): - err_msg = 'should not have included' -- self.assertRaisesRegexp(AssertionError, err_msg, -+ self.assertRaisesRegex(AssertionError, err_msg, - self.lst.shouldnt_include, 3) - - self.lst.shouldnt_include(4) diff --git a/gnu/packages/python-xyz.scm b/gnu/packages/python-xyz.scm index 585e0014b9..532f26ea8d 100644 --- a/gnu/packages/python-xyz.scm +++ b/gnu/packages/python-xyz.scm @@ -21556,29 +21556,6 @@ and cuts down boilerplate code when testing libraries for asyncio.") (description "This project allows Python code to extend built-in types.") (license (list license:gpl3+ license:expat)))) -(define-public python-shouldbe - (package - (name "python-shouldbe") - (version "0.1.2") - (source - (origin - (method url-fetch) - (uri (pypi-uri "shouldbe" version)) - (sha256 - (base32 - "16zbvjxf71dl4yfbgcr6idyim3mdrfvix1dv8b95p0s9z07372pj")) - (patches (search-patches "python-shouldbe-0.1.2-cpy3.8.patch")))) - (build-system python-build-system) - (propagated-inputs - `(("python-forbiddenfruit" ,python-forbiddenfruit))) - (native-inputs - `(("python-nose" ,python-nose))) - (home-page "https://github.com/directxman12/should_be") - (synopsis "Python Assertion Helpers inspired by Shouldly") - (description - "Python Assertion Helpers inspired by Shouldly.") - (license license:isc))) - (define-public python-k5test (package (name "python-k5test") -- cgit v1.2.3 From e5f89570c1d72c4b674fad6b6ad5591ead02d419 Mon Sep 17 00:00:00 2001 From: Léo Le Bouter Date: Wed, 10 Mar 2021 13:01:58 +0100 Subject: gnu: mongodb: Update to 3.4.24 [security fixes]. * gnu/packages/patches/mongodb-support-unknown-linux-distributions.patch: Remove patch. * gnu/local.mk (dist_patch_DATA): Ditto. * gnu/packages/databases.scm (mongodb): Update to 3.4.24. [source]: Drop patch. Update third_party libs folder names. --- gnu/local.mk | 1 - gnu/packages/databases.scm | 13 ++--- ...ngodb-support-unknown-linux-distributions.patch | 55 ---------------------- 3 files changed, 5 insertions(+), 64 deletions(-) delete mode 100644 gnu/packages/patches/mongodb-support-unknown-linux-distributions.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 667ec79048..39037d3499 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1372,7 +1372,6 @@ dist_patch_DATA = \ %D%/packages/patches/mpc123-initialize-ao.patch \ %D%/packages/patches/module-init-tools-moduledir.patch \ %D%/packages/patches/monero-use-system-miniupnpc.patch \ - %D%/packages/patches/mongodb-support-unknown-linux-distributions.patch \ %D%/packages/patches/mono-mdoc-timestamping.patch \ %D%/packages/patches/mozjs17-aarch64-support.patch \ %D%/packages/patches/mozjs24-aarch64-support.patch \ diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm index 8bb248fa1d..03d01b582a 100644 --- a/gnu/packages/databases.scm +++ b/gnu/packages/databases.scm @@ -664,27 +664,24 @@ replacement for the code@{python-memcached} library.") (define-public mongodb (package (name "mongodb") - (version "3.4.10") + (version "3.4.24") (source (origin (method url-fetch) (uri (string-append "https://github.com/mongodb/mongo/archive/r" version ".tar.gz")) (file-name (string-append name "-" version ".tar.gz")) (sha256 - (base32 "0676lvkljj7a5hdhv78dbykqnqrj9lbn9799mi84b8vbnzsq961r")) + (base32 "0y1669sqj8wyf0y0njhxs4qhn1qzjhrs2h2qllya5samxrlrjhkg")) (modules '((guix build utils))) (snippet '(begin (for-each (lambda (dir) (delete-file-recursively (string-append "src/third_party/" dir))) - '("pcre-8.41" "scons-2.5.0" "snappy-1.1.3" + '("pcre-8.42" "scons-2.5.0" "snappy-1.1.3" "valgrind-3.11.0" "wiredtiger" - "yaml-cpp-0.5.3" "zlib-1.2.8")) - #t)) - (patches - (list - (search-patch "mongodb-support-unknown-linux-distributions.patch"))))) + "yaml-cpp-0.6.2" "zlib-1.2.11")) + #t)))) (build-system scons-build-system) (inputs `(("openssl" ,openssl-1.0) diff --git a/gnu/packages/patches/mongodb-support-unknown-linux-distributions.patch b/gnu/packages/patches/mongodb-support-unknown-linux-distributions.patch deleted file mode 100644 index 6057ebeb08..0000000000 --- a/gnu/packages/patches/mongodb-support-unknown-linux-distributions.patch +++ /dev/null @@ -1,55 +0,0 @@ -From e724bb7018a482640c4f194f88b554af2c59d76e Mon Sep 17 00:00:00 2001 -From: Mark Benvenuto -Date: Wed, 20 Sep 2017 11:50:02 -0400 -Subject: [PATCH] SERVER-30857 Support unknown Linux distributions - ---- - src/mongo/rpc/metadata/client_metadata.cpp | 6 ------ - src/mongo/util/processinfo_linux.cpp | 9 ++++++--- - 2 files changed, 6 insertions(+), 9 deletions(-) - -diff --git a/src/mongo/rpc/metadata/client_metadata.cpp b/src/mongo/rpc/metadata/client_metadata.cpp -index 845a315dd74..a959a4e31e9 100644 ---- a/src/mongo/rpc/metadata/client_metadata.cpp -+++ b/src/mongo/rpc/metadata/client_metadata.cpp -@@ -302,9 +302,6 @@ void ClientMetadata::serializePrivate(StringData driverName, - StringData osArchitecture, - StringData osVersion, - BSONObjBuilder* builder) { -- invariant(!driverName.empty() && !driverVersion.empty() && !osType.empty() && !osName.empty() && -- !osArchitecture.empty() && !osVersion.empty()); -- - BSONObjBuilder metaObjBuilder(builder->subobjStart(kMetadataDocumentName)); - - { -@@ -347,9 +344,6 @@ Status ClientMetadata::serializePrivate(StringData driverName, - StringData osVersion, - StringData appName, - BSONObjBuilder* builder) { -- invariant(!driverName.empty() && !driverVersion.empty() && !osType.empty() && !osName.empty() && -- !osArchitecture.empty() && !osVersion.empty()); -- - if (appName.size() > kMaxApplicationNameByteLength) { - return Status(ErrorCodes::ClientMetadataAppNameTooLarge, - str::stream() << "The '" << kApplication << "." << kName -diff --git a/src/mongo/util/processinfo_linux.cpp b/src/mongo/util/processinfo_linux.cpp -index c3debf377bd..c2813b026b0 100644 ---- a/src/mongo/util/processinfo_linux.cpp -+++ b/src/mongo/util/processinfo_linux.cpp -@@ -376,10 +376,13 @@ class LinuxSysHelper { - if ((nl = name.find('\n', nl)) != string::npos) - // stop at first newline - name.erase(nl); -- // no standard format for name and version. use kernel version -- version = "Kernel "; -- version += LinuxSysHelper::readLineFromFile("/proc/sys/kernel/osrelease"); -+ } else { -+ name = "unknown"; - } -+ -+ // There is no standard format for name and version so use the kernel version. -+ version = "Kernel "; -+ version += LinuxSysHelper::readLineFromFile("/proc/sys/kernel/osrelease"); - } - - /** -- cgit v1.2.3 From c35f87bb1a300c6bde538eaa927a0f7311fb09a0 Mon Sep 17 00:00:00 2001 From: Léo Le Bouter Date: Thu, 11 Mar 2021 01:10:29 +0100 Subject: gnu: evolution-data-server: Fix CVE-2020-14928 and CVE-2020-16117. * gnu/packages/patches/evolution-data-server-CVE-2020-14928.patch, gnu/packages/patches/evolution-data-server-CVE-2020-16117.patch: New patches. * gnu/local.mk (dist_patch_DATA): Register them. * gnu/packages/gnome.scm (evolution-data-server): Apply them. --- gnu/local.mk | 2 + gnu/packages/gnome.scm | 4 +- .../evolution-data-server-CVE-2020-14928.patch | 115 +++++++++++++++++++++ .../evolution-data-server-CVE-2020-16117.patch | 28 +++++ 4 files changed, 148 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/evolution-data-server-CVE-2020-14928.patch create mode 100644 gnu/packages/patches/evolution-data-server-CVE-2020-16117.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 39037d3499..e24cee8ecf 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -973,6 +973,8 @@ dist_patch_DATA = \ %D%/packages/patches/erlang-man-path.patch \ %D%/packages/patches/eudev-rules-directory.patch \ %D%/packages/patches/evilwm-lost-focus-bug.patch \ + %D%/packages/patches/evolution-data-server-CVE-2020-14928.patch \ + %D%/packages/patches/evolution-data-server-CVE-2020-16117.patch \ %D%/packages/patches/evolution-data-server-locales.patch \ %D%/packages/patches/evolution-data-server-libical-compat.patch \ %D%/packages/patches/exercism-disable-self-update.patch \ diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index 5c6d247471..1db2de4751 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -7479,7 +7479,9 @@ Exchange, Last.fm, IMAP/SMTP, Jabber, SIP and Kerberos.") (version-major+minor version) "/" name "-" version ".tar.xz")) (patches (search-patches "evolution-data-server-locales.patch" - "evolution-data-server-libical-compat.patch")) + "evolution-data-server-libical-compat.patch" + "evolution-data-server-CVE-2020-14928.patch" + "evolution-data-server-CVE-2020-16117.patch")) (sha256 (base32 "16z85y6hhazcrp5ngw47w4x9r0j8zrj7awv5im58hhp0xs19zf1y")))) diff --git a/gnu/packages/patches/evolution-data-server-CVE-2020-14928.patch b/gnu/packages/patches/evolution-data-server-CVE-2020-14928.patch new file mode 100644 index 0000000000..421f292c9d --- /dev/null +++ b/gnu/packages/patches/evolution-data-server-CVE-2020-14928.patch @@ -0,0 +1,115 @@ +From ba82be72cfd427b5d72ff21f929b3a6d8529c4df Mon Sep 17 00:00:00 2001 +From: Milan Crha +Date: Mon, 22 Jun 2020 13:40:17 +0200 +Subject: [PATCH] I#226 - CVE-2020-14928: Response Injection via STARTTLS in + SMTP and POP3 + +Closes https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226 +--- + src/camel/camel-stream-buffer.c | 19 +++++++++++++++++++ + src/camel/camel-stream-buffer.h | 1 + + src/camel/providers/pop3/camel-pop3-store.c | 2 ++ + src/camel/providers/pop3/camel-pop3-stream.c | 11 +++++++++++ + src/camel/providers/pop3/camel-pop3-stream.h | 1 + + .../providers/smtp/camel-smtp-transport.c | 2 ++ + 6 files changed, 36 insertions(+) + +diff --git a/src/camel/camel-stream-buffer.c b/src/camel/camel-stream-buffer.c +index 3e2e0dd36..a6f605ae5 100644 +--- a/src/camel/camel-stream-buffer.c ++++ b/src/camel/camel-stream-buffer.c +@@ -518,3 +518,22 @@ camel_stream_buffer_read_line (CamelStreamBuffer *sbf, + + return g_strdup ((gchar *) sbf->priv->linebuf); + } ++ ++/** ++ * camel_stream_buffer_discard_cache: ++ * @sbf: a #CamelStreamBuffer ++ * ++ * Discards any cached data in the @sbf. The next read reads ++ * from the stream. ++ * ++ * Since: 3.38 ++ **/ ++void ++camel_stream_buffer_discard_cache (CamelStreamBuffer *sbf) ++{ ++ g_return_if_fail (CAMEL_IS_STREAM_BUFFER (sbf)); ++ ++ sbf->priv->ptr = sbf->priv->buf; ++ sbf->priv->end = sbf->priv->buf; ++ sbf->priv->ptr[0] = '\0'; ++} +diff --git a/src/camel/camel-stream-buffer.h b/src/camel/camel-stream-buffer.h +index ef92cfd8e..094e9926b 100644 +--- a/src/camel/camel-stream-buffer.h ++++ b/src/camel/camel-stream-buffer.h +@@ -93,6 +93,7 @@ gint camel_stream_buffer_gets (CamelStreamBuffer *sbf, + gchar * camel_stream_buffer_read_line (CamelStreamBuffer *sbf, + GCancellable *cancellable, + GError **error); ++void camel_stream_buffer_discard_cache (CamelStreamBuffer *sbf); + + G_END_DECLS + +diff --git a/src/camel/providers/pop3/camel-pop3-store.c b/src/camel/providers/pop3/camel-pop3-store.c +index 81c370f0a..5c9eb1eaa 100644 +--- a/src/camel/providers/pop3/camel-pop3-store.c ++++ b/src/camel/providers/pop3/camel-pop3-store.c +@@ -205,6 +205,8 @@ connect_to_server (CamelService *service, + + if (tls_stream != NULL) { + camel_stream_set_base_stream (stream, tls_stream); ++ /* Truncate any left cached input from the insecure part of the session */ ++ camel_pop3_stream_discard_cache (pop3_engine->stream); + g_object_unref (tls_stream); + } else { + g_prefix_error ( +diff --git a/src/camel/providers/pop3/camel-pop3-stream.c b/src/camel/providers/pop3/camel-pop3-stream.c +index 74bb11e61..c485b9bd6 100644 +--- a/src/camel/providers/pop3/camel-pop3-stream.c ++++ b/src/camel/providers/pop3/camel-pop3-stream.c +@@ -457,3 +457,14 @@ camel_pop3_stream_getd (CamelPOP3Stream *is, + + return 1; + } ++ ++void ++camel_pop3_stream_discard_cache (CamelPOP3Stream *is) ++{ ++ if (is) { ++ is->ptr = is->end = is->buf; ++ is->lineptr = is->linebuf; ++ is->lineend = is->linebuf + CAMEL_POP3_STREAM_LINE_SIZE; ++ is->ptr[0] = '\n'; ++ } ++} +diff --git a/src/camel/providers/pop3/camel-pop3-stream.h b/src/camel/providers/pop3/camel-pop3-stream.h +index bb6dbb903..128c8c45a 100644 +--- a/src/camel/providers/pop3/camel-pop3-stream.h ++++ b/src/camel/providers/pop3/camel-pop3-stream.h +@@ -87,6 +87,7 @@ gint camel_pop3_stream_getd (CamelPOP3Stream *is, + guint *len, + GCancellable *cancellable, + GError **error); ++void camel_pop3_stream_discard_cache (CamelPOP3Stream *is); + + G_END_DECLS + +diff --git a/src/camel/providers/smtp/camel-smtp-transport.c b/src/camel/providers/smtp/camel-smtp-transport.c +index 035baf367..1fc0f3206 100644 +--- a/src/camel/providers/smtp/camel-smtp-transport.c ++++ b/src/camel/providers/smtp/camel-smtp-transport.c +@@ -323,6 +323,8 @@ connect_to_server (CamelService *service, + + if (tls_stream != NULL) { + camel_stream_set_base_stream (stream, tls_stream); ++ /* Truncate any left cached input from the insecure part of the session */ ++ camel_stream_buffer_discard_cache (transport->istream); + g_object_unref (tls_stream); + } else { + g_prefix_error ( +-- +GitLab + diff --git a/gnu/packages/patches/evolution-data-server-CVE-2020-16117.patch b/gnu/packages/patches/evolution-data-server-CVE-2020-16117.patch new file mode 100644 index 0000000000..b2c0622a90 --- /dev/null +++ b/gnu/packages/patches/evolution-data-server-CVE-2020-16117.patch @@ -0,0 +1,28 @@ +From 2cc39592b532cf0dc994fd3694b8e6bf924c9ab5 Mon Sep 17 00:00:00 2001 +From: Milan Crha +Date: Mon, 10 Feb 2020 10:00:32 +0100 +Subject: [PATCH] I#189 - Crash on malformed server response with minimal + capabilities + +Closes https://gitlab.gnome.org/GNOME/evolution-data-server/issues/189 +--- + src/camel/providers/imapx/camel-imapx-server.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/camel/providers/imapx/camel-imapx-server.c b/src/camel/providers/imapx/camel-imapx-server.c +index 3c38fb1e9..3883321ec 100644 +--- a/src/camel/providers/imapx/camel-imapx-server.c ++++ b/src/camel/providers/imapx/camel-imapx-server.c +@@ -3045,7 +3045,8 @@ connected: + + /* See if we got new capabilities + * in the STARTTLS response. */ +- imapx_free_capability (is->priv->cinfo); ++ if (is->priv->cinfo) ++ imapx_free_capability (is->priv->cinfo); + is->priv->cinfo = NULL; + if (ic->status->condition == IMAPX_CAPABILITY) { + is->priv->cinfo = ic->status->u.cinfo; +-- +GitLab + -- cgit v1.2.3 From a2943e36c7c6309e955708552a72d532844576a8 Mon Sep 17 00:00:00 2001 From: Léo Le Bouter Date: Thu, 11 Mar 2021 01:18:35 +0100 Subject: gnu: evolution: Fix CVE-2020-11879. * gnu/packages/patches/evolution-CVE-2020-11879.patch: New patch. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/gnome.scm (evolution): Apply it. --- gnu/local.mk | 1 + gnu/packages/gnome.scm | 3 +- .../patches/evolution-CVE-2020-11879.patch | 122 +++++++++++++++++++++ 3 files changed, 125 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/evolution-CVE-2020-11879.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index e24cee8ecf..9e20260ec3 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -973,6 +973,7 @@ dist_patch_DATA = \ %D%/packages/patches/erlang-man-path.patch \ %D%/packages/patches/eudev-rules-directory.patch \ %D%/packages/patches/evilwm-lost-focus-bug.patch \ + %D%/packages/patches/evolution-CVE-2020-11879.patch \ %D%/packages/patches/evolution-data-server-CVE-2020-14928.patch \ %D%/packages/patches/evolution-data-server-CVE-2020-16117.patch \ %D%/packages/patches/evolution-data-server-locales.patch \ diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index 1db2de4751..5ee28eec03 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -10711,7 +10711,8 @@ generic enough to work for everyone.") "evolution-" version ".tar.xz")) (sha256 (base32 - "164vy8h432pjglafn8y2ms4gsvk3kbgc63h5qp0mk5dv4smsp29c")))) + "164vy8h432pjglafn8y2ms4gsvk3kbgc63h5qp0mk5dv4smsp29c")) + (patches (search-patches "evolution-CVE-2020-11879.patch")))) (build-system cmake-build-system) (arguments `(#:imported-modules (,@%cmake-build-system-modules diff --git a/gnu/packages/patches/evolution-CVE-2020-11879.patch b/gnu/packages/patches/evolution-CVE-2020-11879.patch new file mode 100644 index 0000000000..8c85895aab --- /dev/null +++ b/gnu/packages/patches/evolution-CVE-2020-11879.patch @@ -0,0 +1,122 @@ +From 6489f20d6905cc797e2b2581c415e558c457caa7 Mon Sep 17 00:00:00 2001 +From: Milan Crha +Date: Wed, 12 Feb 2020 18:59:52 +0100 +Subject: [PATCH] I#784 - Warn about and limit what can be attached using + mailto: URI + +Closes https://gitlab.gnome.org/GNOME/evolution/issues/784 +--- + src/composer/e-msg-composer.c | 58 +++++++++++++++++++++++++++++------ + src/e-util/e-system.error.xml | 7 ++++- + 2 files changed, 54 insertions(+), 11 deletions(-) + +diff --git a/src/composer/e-msg-composer.c b/src/composer/e-msg-composer.c +index e4c9ac095e..cd3168d882 100644 +--- a/src/composer/e-msg-composer.c ++++ b/src/composer/e-msg-composer.c +@@ -4761,7 +4761,8 @@ handle_mailto (EMsgComposer *composer, + gchar *header, *content, *buf; + gsize nread, nwritten; + const gchar *p; +- gint len, clen; ++ gint len, clen, has_attachments = 0; ++ gboolean has_blacklisted_attachment = FALSE; + + table = e_msg_composer_get_header_table (composer); + view = e_msg_composer_get_attachment_view (composer); +@@ -4844,22 +4845,36 @@ handle_mailto (EMsgComposer *composer, + } else if (!g_ascii_strcasecmp (header, "attach") || + !g_ascii_strcasecmp (header, "attachment")) { + EAttachment *attachment; ++ GFile *file; + + camel_url_decode (content); +- if (file_is_blacklisted (content)) +- e_alert_submit ( +- E_ALERT_SINK (e_msg_composer_get_editor (composer)), +- "mail:blacklisted-file", +- content, NULL); + if (g_ascii_strncasecmp (content, "file:", 5) == 0) + attachment = e_attachment_new_for_uri (content); + else + attachment = e_attachment_new_for_path (content); +- e_attachment_store_add_attachment (store, attachment); +- e_attachment_load_async ( +- attachment, (GAsyncReadyCallback) +- e_attachment_load_handle_error, composer); ++ file = e_attachment_ref_file (attachment); ++ if (!file || !g_file_peek_path (file) || ++ !g_file_test (g_file_peek_path (file), G_FILE_TEST_EXISTS) || ++ g_file_test (g_file_peek_path (file), G_FILE_TEST_IS_DIR)) { ++ /* Do nothing, simply ignore the attachment request */ ++ } else { ++ has_attachments++; ++ ++ if (file_is_blacklisted (content)) { ++ has_blacklisted_attachment = TRUE; ++ e_alert_submit ( ++ E_ALERT_SINK (e_msg_composer_get_editor (composer)), ++ "mail:blacklisted-file", ++ content, NULL); ++ } ++ ++ e_attachment_store_add_attachment (store, attachment); ++ e_attachment_load_async ( ++ attachment, (GAsyncReadyCallback) ++ e_attachment_load_handle_error, composer); ++ } + g_object_unref (attachment); ++ g_clear_object (&file); + } else if (!g_ascii_strcasecmp (header, "from")) { + /* Ignore */ + } else if (!g_ascii_strcasecmp (header, "reply-to")) { +@@ -4883,6 +4898,29 @@ handle_mailto (EMsgComposer *composer, + + g_free (buf); + ++ if (has_attachments && !has_blacklisted_attachment) { ++ const gchar *primary; ++ gchar *secondary; ++ ++ primary = g_dngettext (GETTEXT_PACKAGE, ++ "Review attachment before sending.", ++ "Review attachments before sending.", ++ has_attachments); ++ ++ secondary = g_strdup_printf (g_dngettext (GETTEXT_PACKAGE, ++ "There had been added %d attachment. Make sure it does not contain any sensitive information before sending the message.", ++ "There had been added %d attachments. Make sure they do not contain any sensitive information before sending the message.", ++ has_attachments), ++ has_attachments); ++ ++ e_alert_submit ( ++ E_ALERT_SINK (e_msg_composer_get_editor (composer)), ++ "system:generic-warning", ++ primary, secondary, NULL); ++ ++ g_free (secondary); ++ } ++ + merge_always_cc_and_bcc (table, to, &cc, &bcc); + + tov = destination_list_to_vector (to); +diff --git a/src/e-util/e-system.error.xml b/src/e-util/e-system.error.xml +index ddcf989fda..02facb7d26 100644 +--- a/src/e-util/e-system.error.xml ++++ b/src/e-util/e-system.error.xml +@@ -1,6 +1,11 @@ + + +- ++ ++ {0} ++ {1} ++ ++ ++ + {0} + {1} + +-- +GitLab + -- cgit v1.2.3 From e940f6d80193dd70ecd28b93e8d85042aa33a7c8 Mon Sep 17 00:00:00 2001 From: Léo Le Bouter Date: Thu, 11 Mar 2021 02:02:24 +0100 Subject: gnu: libcroco: Fix CVE-2020-12825. * gnu/packages/patches/libcroco-CVE-2020-12825.patch: New patch. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/gnome.scm (libcroco/fixed): New variable. Apply patch. (libcroco)[replacement]: Graft. --- gnu/local.mk | 1 + gnu/packages/gnome.scm | 16 ++ gnu/packages/patches/libcroco-CVE-2020-12825.patch | 187 +++++++++++++++++++++ 3 files changed, 204 insertions(+) create mode 100644 gnu/packages/patches/libcroco-CVE-2020-12825.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 9e20260ec3..eae602a01e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1275,6 +1275,7 @@ dist_patch_DATA = \ %D%/packages/patches/libcaca-CVE-2021-3410-pt2.patch \ %D%/packages/patches/libcanberra-sound-theme-freedesktop.patch \ %D%/packages/patches/libcanberra-wayland-crash.patch \ + %D%/packages/patches/libcroco-CVE-2020-12825.patch \ %D%/packages/patches/libcyaml-libyaml-compat.patch \ %D%/packages/patches/libexpected-nofetch.patch \ %D%/packages/patches/libgeotiff-adapt-test-script-for-proj-6.2.patch \ diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index 5ee28eec03..a0796b0115 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -3227,6 +3227,7 @@ the GNOME desktop environment.") (sha256 (base32 "1m110rbj5d2raxcdp4iz0qp172284945awrsbdlq99ksmqsc4zkn")))) + (replacement libcroco/fixed) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) @@ -3245,6 +3246,21 @@ XML/CSS rendering engine.") ;; LGPLv2.1-only. (license license:lgpl2.1))) +(define-public libcroco/fixed + (package + (inherit libcroco) + (name "libcroco") + (version "0.6.13") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnome/sources/" name "/" + (version-major+minor version) "/" + name "-" version ".tar.xz")) + (sha256 + (base32 + "1m110rbj5d2raxcdp4iz0qp172284945awrsbdlq99ksmqsc4zkn")) + (patches (search-patches "libcroco-CVE-2020-12825.patch")))))) + (define-public libgsf (package (name "libgsf") diff --git a/gnu/packages/patches/libcroco-CVE-2020-12825.patch b/gnu/packages/patches/libcroco-CVE-2020-12825.patch new file mode 100644 index 0000000000..35005a6a19 --- /dev/null +++ b/gnu/packages/patches/libcroco-CVE-2020-12825.patch @@ -0,0 +1,187 @@ +From 7b64eb285dd937b34df71c95188301be50dd1409 Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Wed, 12 Aug 2020 13:54:15 -0500 +Subject: [PATCH] libcroco: Limit recursion in block and any productions + (CVE-2020-12825) + +If we don't have any limits, we can recurse forever and overflow the +stack. + +This is per https://gitlab.gnome.org/Archive/libcroco/-/issues/8 + +https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1404 +--- + src/st/croco/cr-parser.c | 44 ++++++++++++++++++++++++++-------------- + 1 file changed, 29 insertions(+), 15 deletions(-) + +diff --git a/src/st/croco/cr-parser.c b/src/st/croco/cr-parser.c +index 07f4ed9e8b..8304b75614 100644 +--- a/src/cr-parser.c ++++ b/src/cr-parser.c +@@ -136,6 +136,8 @@ struct _CRParserPriv { + + #define CHARS_TAB_SIZE 12 + ++#define RECURSIVE_CALLERS_LIMIT 100 ++ + /** + * IS_NUM: + *@a_char: the char to test. +@@ -343,9 +345,11 @@ static enum CRStatus cr_parser_parse_selector_core (CRParser * a_this); + + static enum CRStatus cr_parser_parse_declaration_core (CRParser * a_this); + +-static enum CRStatus cr_parser_parse_any_core (CRParser * a_this); ++static enum CRStatus cr_parser_parse_any_core (CRParser * a_this, ++ guint n_calls); + +-static enum CRStatus cr_parser_parse_block_core (CRParser * a_this); ++static enum CRStatus cr_parser_parse_block_core (CRParser * a_this, ++ guint n_calls); + + static enum CRStatus cr_parser_parse_value_core (CRParser * a_this); + +@@ -783,7 +787,7 @@ cr_parser_parse_atrule_core (CRParser * a_this) + cr_parser_try_to_skip_spaces_and_comments (a_this); + + do { +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, 0); + } while (status == CR_OK); + + status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, +@@ -794,7 +798,7 @@ cr_parser_parse_atrule_core (CRParser * a_this) + cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, + token); + token = NULL; +- status = cr_parser_parse_block_core (a_this); ++ status = cr_parser_parse_block_core (a_this, 0); + CHECK_PARSING_STATUS (status, + FALSE); + goto done; +@@ -929,11 +933,11 @@ cr_parser_parse_selector_core (CRParser * a_this) + + RECORD_INITIAL_POS (a_this, &init_pos); + +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, 0); + CHECK_PARSING_STATUS (status, FALSE); + + do { +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, 0); + + } while (status == CR_OK); + +@@ -955,10 +959,12 @@ cr_parser_parse_selector_core (CRParser * a_this) + *in chapter 4.1 of the css2 spec. + *block ::= '{' S* [ any | block | ATKEYWORD S* | ';' ]* '}' S*; + *@param a_this the current instance of #CRParser. ++ *@param n_calls used to limit recursion depth + *FIXME: code this function. + */ + static enum CRStatus +-cr_parser_parse_block_core (CRParser * a_this) ++cr_parser_parse_block_core (CRParser * a_this, ++ guint n_calls) + { + CRToken *token = NULL; + CRInputPos init_pos; +@@ -966,6 +972,9 @@ cr_parser_parse_block_core (CRParser * a_this) + + g_return_val_if_fail (a_this && PRIVATE (a_this), CR_BAD_PARAM_ERROR); + ++ if (n_calls > RECURSIVE_CALLERS_LIMIT) ++ return CR_ERROR; ++ + RECORD_INITIAL_POS (a_this, &init_pos); + + status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, &token); +@@ -995,13 +1004,13 @@ cr_parser_parse_block_core (CRParser * a_this) + } else if (token->type == CBO_TK) { + cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token); + token = NULL; +- status = cr_parser_parse_block_core (a_this); ++ status = cr_parser_parse_block_core (a_this, n_calls + 1); + CHECK_PARSING_STATUS (status, FALSE); + goto parse_block_content; + } else { + cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token); + token = NULL; +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, n_calls + 1); + CHECK_PARSING_STATUS (status, FALSE); + goto parse_block_content; + } +@@ -1108,7 +1117,7 @@ cr_parser_parse_value_core (CRParser * a_this) + status = cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, + token); + token = NULL; +- status = cr_parser_parse_block_core (a_this); ++ status = cr_parser_parse_block_core (a_this, 0); + CHECK_PARSING_STATUS (status, FALSE); + ref++; + goto continue_parsing; +@@ -1122,7 +1131,7 @@ cr_parser_parse_value_core (CRParser * a_this) + status = cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, + token); + token = NULL; +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, 0); + if (status == CR_OK) { + ref++; + goto continue_parsing; +@@ -1161,10 +1170,12 @@ cr_parser_parse_value_core (CRParser * a_this) + * | FUNCTION | DASHMATCH | '(' any* ')' | '[' any* ']' ] S*; + * + *@param a_this the current instance of #CRParser. ++ *@param n_calls used to limit recursion depth + *@return CR_OK upon successfull completion, an error code otherwise. + */ + static enum CRStatus +-cr_parser_parse_any_core (CRParser * a_this) ++cr_parser_parse_any_core (CRParser * a_this, ++ guint n_calls) + { + CRToken *token1 = NULL, + *token2 = NULL; +@@ -1173,6 +1184,9 @@ cr_parser_parse_any_core (CRParser * a_this) + + g_return_val_if_fail (a_this, CR_BAD_PARAM_ERROR); + ++ if (n_calls > RECURSIVE_CALLERS_LIMIT) ++ return CR_ERROR; ++ + RECORD_INITIAL_POS (a_this, &init_pos); + + status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, &token1); +@@ -1211,7 +1225,7 @@ cr_parser_parse_any_core (CRParser * a_this) + *We consider parameter as being an "any*" production. + */ + do { +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, n_calls + 1); + } while (status == CR_OK); + + ENSURE_PARSING_COND (status == CR_PARSING_ERROR); +@@ -1236,7 +1250,7 @@ cr_parser_parse_any_core (CRParser * a_this) + } + + do { +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, n_calls + 1); + } while (status == CR_OK); + + ENSURE_PARSING_COND (status == CR_PARSING_ERROR); +@@ -1264,7 +1278,7 @@ cr_parser_parse_any_core (CRParser * a_this) + } + + do { +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, n_calls + 1); + } while (status == CR_OK); + + ENSURE_PARSING_COND (status == CR_PARSING_ERROR); +-- +GitLab + -- cgit v1.2.3 From 1acfda2f949fe61631c7602c865964453ece85e0 Mon Sep 17 00:00:00 2001 From: Léo Le Bouter Date: Thu, 11 Mar 2021 02:32:19 +0100 Subject: gnu: geary: Fix CVE-2020-24661. * gnu/packages/patches/geary-CVE-2020-24661.patch: New patch. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/gnome.scm (geary): Apply it. --- gnu/local.mk | 1 + gnu/packages/gnome.scm | 3 +- gnu/packages/patches/geary-CVE-2020-24661.patch | 133 ++++++++++++++++++++++++ 3 files changed, 136 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/geary-CVE-2020-24661.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index eae602a01e..a68981e48d 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1057,6 +1057,7 @@ dist_patch_DATA = \ %D%/packages/patches/gd-fix-tests-on-i686.patch \ %D%/packages/patches/gd-brect-bounds.patch \ %D%/packages/patches/gdm-default-session.patch \ + %D%/packages/patches/geary-CVE-2020-24661.patch \ %D%/packages/patches/genimage-signedness.patch \ %D%/packages/patches/geoclue-config.patch \ %D%/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch \ diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index 50edf9ebd9..d58aa9956b 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -11339,7 +11339,8 @@ these services on the Guix System.") (file-name (git-file-name name version)) (sha256 (base32 - "01cc921kyh3zxz07biqbdzkjgmdcc36kwjyajm4y382a75cl5zg7")))) + "01cc921kyh3zxz07biqbdzkjgmdcc36kwjyajm4y382a75cl5zg7")) + (patches (search-patches "geary-CVE-2020-24661.patch")))) (build-system meson-build-system) (arguments `(#:glib-or-gtk? #t diff --git a/gnu/packages/patches/geary-CVE-2020-24661.patch b/gnu/packages/patches/geary-CVE-2020-24661.patch new file mode 100644 index 0000000000..6cbc224786 --- /dev/null +++ b/gnu/packages/patches/geary-CVE-2020-24661.patch @@ -0,0 +1,133 @@ +From d4e86dc91e1d8a940dc40872fe94ef9ac0fed1b5 Mon Sep 17 00:00:00 2001 +From: Michael Gratton +Date: Tue, 25 Aug 2020 03:54:09 +0000 +Subject: [PATCH] Merge branch 'mjog/866-self-signed-certificates' into + 'mainline' + +Fix invalid certificate pinning when GCR support is unavailable + +Closes #866 + +See merge request GNOME/geary!529 + +(cherry picked from commit 423a55b00f1dc6bee9dc17e67c0aea6f42387a77) + +5088adfe Application.CertificateManager: Rename some methods for clarity +0d957559 Application.CertificateManager: Check locally pinned certs for equality +--- + .../application-certificate-manager.vala | 44 +++++++++---------- + 1 file changed, 22 insertions(+), 22 deletions(-) + +diff --git a/src/client/application/application-certificate-manager.vala b/src/client/application/application-certificate-manager.vala +index 4881d73c0..65f6af4fa 100644 +--- a/src/client/application/application-certificate-manager.vala ++++ b/src/client/application/application-certificate-manager.vala +@@ -381,8 +381,8 @@ private class Application.TlsDatabase : GLib.TlsDatabase { + GLib.TlsCertificateFlags ret = this.parent.verify_chain( + chain, purpose, identity, interaction, flags, cancellable + ); +- if (should_verify(ret, purpose, identity) && +- verify(chain, identity, cancellable)) { ++ if (check_pinned(ret, purpose, identity) && ++ is_pinned(chain, identity, cancellable)) { + ret = 0; + } + return ret; +@@ -399,16 +399,16 @@ private class Application.TlsDatabase : GLib.TlsDatabase { + GLib.TlsCertificateFlags ret = yield this.parent.verify_chain_async( + chain, purpose, identity, interaction, flags, cancellable + ); +- if (should_verify(ret, purpose, identity) && +- yield verify_async(chain, identity, cancellable)) { ++ if (check_pinned(ret, purpose, identity) && ++ yield is_pinned_async(chain, identity, cancellable)) { + ret = 0; + } + return ret; + } + +- private inline bool should_verify(GLib.TlsCertificateFlags parent_ret, +- string purpose, +- GLib.SocketConnectable? identity) { ++ private inline bool check_pinned(GLib.TlsCertificateFlags parent_ret, ++ string purpose, ++ GLib.SocketConnectable? identity) { + // If the parent didn't verify, check for a locally pinned + // cert if it looks like we should, but always reject revoked + // certs +@@ -420,22 +420,22 @@ private class Application.TlsDatabase : GLib.TlsDatabase { + ); + } + +- private bool verify(GLib.TlsCertificate chain, +- GLib.SocketConnectable identity, +- GLib.Cancellable? cancellable) ++ private bool is_pinned(GLib.TlsCertificate chain, ++ GLib.SocketConnectable identity, ++ GLib.Cancellable? cancellable) + throws GLib.Error { +- bool is_verified = false; ++ bool is_pinned = false; + string id = to_name(identity); + TrustContext? context = null; + lock (this.pinned_certs) { + context = this.pinned_certs.get(id); + if (context != null) { +- is_verified = true; ++ is_pinned = context.certificate.is_same(chain); + } else { + // Cert not found in memory, check with GCR if + // enabled. + if (this.use_gcr) { +- is_verified = gcr_trust_is_certificate_pinned( ++ is_pinned = gcr_trust_is_certificate_pinned( + new Gcr.SimpleCertificate(chain.certificate.data), + GLib.TlsDatabase.PURPOSE_AUTHENTICATE_SERVER, + id, +@@ -443,7 +443,7 @@ private class Application.TlsDatabase : GLib.TlsDatabase { + ); + } + +- if (!is_verified) { ++ if (!is_pinned) { + // Cert is not pinned in memory or in GCR, so look + // for it on disk. Do this even if GCR support is + // enabled, since if the cert was previously saved +@@ -453,7 +453,7 @@ private class Application.TlsDatabase : GLib.TlsDatabase { + this.store_dir, id, cancellable + ); + this.pinned_certs.set(id, context); +- is_verified = true; ++ is_pinned = context.certificate.is_same(chain); + } catch (GLib.IOError.NOT_FOUND err) { + // Cert was not found saved, so it not pinned + } catch (GLib.Error err) { +@@ -465,18 +465,18 @@ private class Application.TlsDatabase : GLib.TlsDatabase { + } + } + } +- return is_verified; ++ return is_pinned; + } + +- private async bool verify_async(GLib.TlsCertificate chain, +- GLib.SocketConnectable identity, +- GLib.Cancellable? cancellable) ++ private async bool is_pinned_async(GLib.TlsCertificate chain, ++ GLib.SocketConnectable identity, ++ GLib.Cancellable? cancellable) + throws GLib.Error { +- bool is_valid = false; ++ bool pinned = false; + yield Geary.Nonblocking.Concurrent.global.schedule_async(() => { +- is_valid = verify(chain, identity, cancellable); ++ pinned = is_pinned(chain, identity, cancellable); + }, cancellable); +- return is_valid; ++ return pinned; + } + + private TrustContext? lookup_id(string id) { +-- +GitLab + -- cgit v1.2.3 From 21b3b755151028647081fe96d2992b3743531d71 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Thu, 11 Mar 2021 05:34:28 -0500 Subject: gnu: glib: Fix CVE-2021-27218 and CVE-2021-27219. * gnu/packages/patches/glib-CVE-2021-27218.patch, gnu/packages/patches/glib-CVE-2021-27219-01.patch, gnu/packages/patches/glib-CVE-2021-27219-02.patch, gnu/packages/patches/glib-CVE-2021-27219-03.patch, gnu/packages/patches/glib-CVE-2021-27219-04.patch, gnu/packages/patches/glib-CVE-2021-27219-05.patch, gnu/packages/patches/glib-CVE-2021-27219-06.patch, gnu/packages/patches/glib-CVE-2021-27219-07.patch, gnu/packages/patches/glib-CVE-2021-27219-08.patch, gnu/packages/patches/glib-CVE-2021-27219-09.patch, gnu/packages/patches/glib-CVE-2021-27219-10.patch, gnu/packages/patches/glib-CVE-2021-27219-11.patch, gnu/packages/patches/glib-CVE-2021-27219-12.patch, gnu/packages/patches/glib-CVE-2021-27219-13.patch, gnu/packages/patches/glib-CVE-2021-27219-14.patch, gnu/packages/patches/glib-CVE-2021-27219-15.patch, gnu/packages/patches/glib-CVE-2021-27219-16.patch, gnu/packages/patches/glib-CVE-2021-27219-17.patch, gnu/packages/patches/glib-CVE-2021-27219-18.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/glib.scm (glib)[replacement]: New field. (glib/fixed): New variable. --- gnu/local.mk | 21 +- gnu/packages/glib.scm | 30 ++- gnu/packages/patches/glib-CVE-2021-27218.patch | 132 ++++++++++ gnu/packages/patches/glib-CVE-2021-27219-01.patch | 176 +++++++++++++ gnu/packages/patches/glib-CVE-2021-27219-02.patch | 264 +++++++++++++++++++ gnu/packages/patches/glib-CVE-2021-27219-03.patch | 136 ++++++++++ gnu/packages/patches/glib-CVE-2021-27219-04.patch | 308 ++++++++++++++++++++++ gnu/packages/patches/glib-CVE-2021-27219-05.patch | 47 ++++ gnu/packages/patches/glib-CVE-2021-27219-06.patch | 94 +++++++ gnu/packages/patches/glib-CVE-2021-27219-07.patch | 118 +++++++++ gnu/packages/patches/glib-CVE-2021-27219-08.patch | 94 +++++++ gnu/packages/patches/glib-CVE-2021-27219-09.patch | 98 +++++++ gnu/packages/patches/glib-CVE-2021-27219-10.patch | 52 ++++ gnu/packages/patches/glib-CVE-2021-27219-11.patch | 57 ++++ gnu/packages/patches/glib-CVE-2021-27219-12.patch | 30 +++ gnu/packages/patches/glib-CVE-2021-27219-13.patch | 32 +++ gnu/packages/patches/glib-CVE-2021-27219-14.patch | 32 +++ gnu/packages/patches/glib-CVE-2021-27219-15.patch | 95 +++++++ gnu/packages/patches/glib-CVE-2021-27219-16.patch | 43 +++ gnu/packages/patches/glib-CVE-2021-27219-17.patch | 37 +++ gnu/packages/patches/glib-CVE-2021-27219-18.patch | 232 ++++++++++++++++ 21 files changed, 2126 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/glib-CVE-2021-27218.patch create mode 100644 gnu/packages/patches/glib-CVE-2021-27219-01.patch create mode 100644 gnu/packages/patches/glib-CVE-2021-27219-02.patch create mode 100644 gnu/packages/patches/glib-CVE-2021-27219-03.patch create mode 100644 gnu/packages/patches/glib-CVE-2021-27219-04.patch create mode 100644 gnu/packages/patches/glib-CVE-2021-27219-05.patch create mode 100644 gnu/packages/patches/glib-CVE-2021-27219-06.patch create mode 100644 gnu/packages/patches/glib-CVE-2021-27219-07.patch create mode 100644 gnu/packages/patches/glib-CVE-2021-27219-08.patch create mode 100644 gnu/packages/patches/glib-CVE-2021-27219-09.patch create mode 100644 gnu/packages/patches/glib-CVE-2021-27219-10.patch create mode 100644 gnu/packages/patches/glib-CVE-2021-27219-11.patch create mode 100644 gnu/packages/patches/glib-CVE-2021-27219-12.patch create mode 100644 gnu/packages/patches/glib-CVE-2021-27219-13.patch create mode 100644 gnu/packages/patches/glib-CVE-2021-27219-14.patch create mode 100644 gnu/packages/patches/glib-CVE-2021-27219-15.patch create mode 100644 gnu/packages/patches/glib-CVE-2021-27219-16.patch create mode 100644 gnu/packages/patches/glib-CVE-2021-27219-17.patch create mode 100644 gnu/packages/patches/glib-CVE-2021-27219-18.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index a68981e48d..c2637926ee 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -2,7 +2,7 @@ # Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès # Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Andreas Enge # Copyright © 2016 Mathieu Lirzin -# Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Mark H Weaver +# Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Mark H Weaver # Copyright © 2016 Chris Marusich # Copyright © 2016, 2017, 2018 Kei Kebreau # Copyright © 2016, 2017 Rene Saavedra @@ -1076,6 +1076,25 @@ dist_patch_DATA = \ %D%/packages/patches/ghostscript-no-header-creationdate.patch \ %D%/packages/patches/glib-appinfo-watch.patch \ %D%/packages/patches/glib-tests-timer.patch \ + %D%/packages/patches/glib-CVE-2021-27218.patch \ + %D%/packages/patches/glib-CVE-2021-27219-01.patch \ + %D%/packages/patches/glib-CVE-2021-27219-02.patch \ + %D%/packages/patches/glib-CVE-2021-27219-03.patch \ + %D%/packages/patches/glib-CVE-2021-27219-04.patch \ + %D%/packages/patches/glib-CVE-2021-27219-05.patch \ + %D%/packages/patches/glib-CVE-2021-27219-06.patch \ + %D%/packages/patches/glib-CVE-2021-27219-07.patch \ + %D%/packages/patches/glib-CVE-2021-27219-08.patch \ + %D%/packages/patches/glib-CVE-2021-27219-09.patch \ + %D%/packages/patches/glib-CVE-2021-27219-10.patch \ + %D%/packages/patches/glib-CVE-2021-27219-11.patch \ + %D%/packages/patches/glib-CVE-2021-27219-12.patch \ + %D%/packages/patches/glib-CVE-2021-27219-13.patch \ + %D%/packages/patches/glib-CVE-2021-27219-14.patch \ + %D%/packages/patches/glib-CVE-2021-27219-15.patch \ + %D%/packages/patches/glib-CVE-2021-27219-16.patch \ + %D%/packages/patches/glib-CVE-2021-27219-17.patch \ + %D%/packages/patches/glib-CVE-2021-27219-18.patch \ %D%/packages/patches/glibc-CVE-2018-11236.patch \ %D%/packages/patches/glibc-CVE-2018-11237.patch \ %D%/packages/patches/glibc-CVE-2019-7309.patch \ diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm index 9cc2b1b69e..520b723722 100644 --- a/gnu/packages/glib.scm +++ b/gnu/packages/glib.scm @@ -2,7 +2,7 @@ ;;; Copyright © 2013, 2014, 2015, 2016, 2019, 2020 Ludovic Courtès ;;; Copyright © 2013, 2015 Andreas Enge ;;; Copyright © 2013 Nikita Karetnikov -;;; Copyright © 2014, 2015, 2016, 2017, 2018 Mark H Weaver +;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2021 Mark H Weaver ;;; Copyright © 2016, 2020 Efraim Flashner ;;; Copyright © 2016 Lukas Gradl ;;; Copyright © 2017, 2018, 2019 Ricardo Wurmus @@ -172,6 +172,7 @@ shared NFS home directories.") (package (name "glib") (version "2.62.6") + (replacement glib/fixed) (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" @@ -390,6 +391,33 @@ dynamic loading, and an object system.") (home-page "https://developer.gnome.org/glib/") (license license:lgpl2.1+))) +(define glib/fixed + (package + (inherit glib) + (source (origin + (inherit (package-source glib)) + (patches + (append (search-patches "glib-CVE-2021-27218.patch" + "glib-CVE-2021-27219-01.patch" + "glib-CVE-2021-27219-02.patch" + "glib-CVE-2021-27219-03.patch" + "glib-CVE-2021-27219-04.patch" + "glib-CVE-2021-27219-05.patch" + "glib-CVE-2021-27219-06.patch" + "glib-CVE-2021-27219-07.patch" + "glib-CVE-2021-27219-08.patch" + "glib-CVE-2021-27219-09.patch" + "glib-CVE-2021-27219-10.patch" + "glib-CVE-2021-27219-11.patch" + "glib-CVE-2021-27219-12.patch" + "glib-CVE-2021-27219-13.patch" + "glib-CVE-2021-27219-14.patch" + "glib-CVE-2021-27219-15.patch" + "glib-CVE-2021-27219-16.patch" + "glib-CVE-2021-27219-17.patch" + "glib-CVE-2021-27219-18.patch") + (origin-patches (package-source glib)))))))) + (define-public glib-with-documentation ;; glib's doc must be built in a separate package since it requires gtk-doc, ;; which in turn depends on glib. diff --git a/gnu/packages/patches/glib-CVE-2021-27218.patch b/gnu/packages/patches/glib-CVE-2021-27218.patch new file mode 100644 index 0000000000..00fa5ebf79 --- /dev/null +++ b/gnu/packages/patches/glib-CVE-2021-27218.patch @@ -0,0 +1,132 @@ +Backport of: + +From 0f384c88a241bbbd884487b1c40b7b75f1e638d3 Mon Sep 17 00:00:00 2001 +From: Krzesimir Nowak +Date: Wed, 10 Feb 2021 23:51:07 +0100 +Subject: [PATCH] gbytearray: Do not accept too large byte arrays + +GByteArray uses guint for storing the length of the byte array, but it +also has a constructor (g_byte_array_new_take) that takes length as a +gsize. gsize may be larger than guint (64 bits for gsize vs 32 bits +for guint). It is possible to call the function with a value greater +than G_MAXUINT, which will result in silent length truncation. This +may happen as a result of unreffing GBytes into GByteArray, so rather +be loud about it. + +(Test case tweaked by Philip Withnall.) + +(Backport 2.66: Add #include gstrfuncsprivate.h in the test case for +`g_memdup2()`.) +--- + glib/garray.c | 6 ++++++ + glib/gbytes.c | 4 ++++ + glib/tests/bytes.c | 35 ++++++++++++++++++++++++++++++++++- + 3 files changed, 44 insertions(+), 1 deletion(-) + +diff --git a/glib/garray.c b/glib/garray.c +index 942e74c9f..fb1a42aaf 100644 +--- a/glib/garray.c ++++ b/glib/garray.c +@@ -2013,6 +2013,10 @@ g_byte_array_new (void) + * Create byte array containing the data. The data will be owned by the array + * and will be freed with g_free(), i.e. it could be allocated using g_strdup(). + * ++ * Do not use it if @len is greater than %G_MAXUINT. #GByteArray ++ * stores the length of its data in #guint, which may be shorter than ++ * #gsize. ++ * + * Since: 2.32 + * + * Returns: (transfer full): a new #GByteArray +@@ -2024,6 +2028,8 @@ g_byte_array_new_take (guint8 *data, + GByteArray *array; + GRealArray *real; + ++ g_return_val_if_fail (len <= G_MAXUINT, NULL); ++ + array = g_byte_array_new (); + real = (GRealArray *)array; + g_assert (real->data == NULL); +diff --git a/glib/gbytes.c b/glib/gbytes.c +index 7b72886e5..d56abe6c3 100644 +--- a/glib/gbytes.c ++++ b/glib/gbytes.c +@@ -519,6 +519,10 @@ g_bytes_unref_to_data (GBytes *bytes, + * g_bytes_new(), g_bytes_new_take() or g_byte_array_free_to_bytes(). In all + * other cases the data is copied. + * ++ * Do not use it if @bytes contains more than %G_MAXUINT ++ * bytes. #GByteArray stores the length of its data in #guint, which ++ * may be shorter than #gsize, that @bytes is using. ++ * + * Returns: (transfer full): a new mutable #GByteArray containing the same byte data + * + * Since: 2.32 +diff --git a/glib/tests/bytes.c b/glib/tests/bytes.c +index 5ea5c2b35..15a6aaad6 100644 +--- a/glib/tests/bytes.c ++++ b/glib/tests/bytes.c +@@ -10,12 +10,12 @@ + */ + + #undef G_DISABLE_ASSERT +-#undef G_LOG_DOMAIN + + #include + #include + #include + #include "glib.h" ++#include "glib/gstrfuncsprivate.h" + + /* Keep in sync with glib/gbytes.c */ + struct _GBytes +@@ -333,6 +333,38 @@ test_to_array_transferred (void) + g_byte_array_unref (array); + } + ++static void ++test_to_array_transferred_oversize (void) ++{ ++ g_test_message ("g_bytes_unref_to_array() can only take GBytes up to " ++ "G_MAXUINT in length; test that longer ones are rejected"); ++ ++ if (sizeof (guint) >= sizeof (gsize)) ++ { ++ g_test_skip ("Skipping test as guint is not smaller than gsize"); ++ } ++ else if (g_test_undefined ()) ++ { ++ GByteArray *array = NULL; ++ GBytes *bytes = NULL; ++ gpointer data = g_memdup2 (NYAN, N_NYAN); ++ gsize len = ((gsize) G_MAXUINT) + 1; ++ ++ bytes = g_bytes_new_take (data, len); ++ g_test_expect_message (G_LOG_DOMAIN, G_LOG_LEVEL_CRITICAL, ++ "g_byte_array_new_take: assertion 'len <= G_MAXUINT' failed"); ++ array = g_bytes_unref_to_array (g_steal_pointer (&bytes)); ++ g_test_assert_expected_messages (); ++ g_assert_null (array); ++ ++ g_free (data); ++ } ++ else ++ { ++ g_test_skip ("Skipping test as testing undefined behaviour is disabled"); ++ } ++} ++ + static void + test_to_array_two_refs (void) + { +@@ -410,6 +442,7 @@ main (int argc, char *argv[]) + g_test_add_func ("/bytes/to-array/transfered", test_to_array_transferred); + g_test_add_func ("/bytes/to-array/two-refs", test_to_array_two_refs); + g_test_add_func ("/bytes/to-array/non-malloc", test_to_array_non_malloc); ++ g_test_add_func ("/bytes/to-array/transferred/oversize", test_to_array_transferred_oversize); + g_test_add_func ("/bytes/null", test_null); + + return g_test_run (); +-- +2.30.1 + diff --git a/gnu/packages/patches/glib-CVE-2021-27219-01.patch b/gnu/packages/patches/glib-CVE-2021-27219-01.patch new file mode 100644 index 0000000000..5db360d468 --- /dev/null +++ b/gnu/packages/patches/glib-CVE-2021-27219-01.patch @@ -0,0 +1,176 @@ +Backport of: + +From 5e5f75a77e399c638be66d74e5daa8caeb433e00 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 4 Feb 2021 13:30:52 +0000 +Subject: [PATCH 01/11] gstrfuncs: Add internal g_memdup2() function +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This will replace the existing `g_memdup()` function for use within +GLib. It has an unavoidable security flaw of taking its `byte_size` +argument as a `guint` rather than as a `gsize`. Most callers will +expect it to be a `gsize`, and may pass in large values which could +silently be truncated, resulting in an undersize allocation compared +to what the caller expects. + +This could lead to a classic buffer overflow vulnerability for many +callers of `g_memdup()`. + +`g_memdup2()`, in comparison, takes its `byte_size` as a `gsize`. + +Spotted by Kevin Backhouse of GHSL. + +In GLib 2.68, `g_memdup2()` will be a new public API. In this version +for backport to older stable releases, it’s a new `static inline` API +in a private header, so that use of `g_memdup()` within GLib can be +fixed without adding a new API in a stable release series. + +Signed-off-by: Philip Withnall +Helps: GHSL-2021-045 +Helps: #2319 +--- + docs/reference/glib/meson.build | 1 + + glib/gstrfuncsprivate.h | 55 +++++++++++++++++++++++++++++++++ + glib/meson.build | 1 + + glib/tests/strfuncs.c | 23 ++++++++++++++ + 4 files changed, 80 insertions(+) + create mode 100644 glib/gstrfuncsprivate.h + +diff --git a/docs/reference/glib/meson.build b/docs/reference/glib/meson.build +index bba7649f0..ee39f6d04 100644 +--- a/docs/reference/glib/meson.build ++++ b/docs/reference/glib/meson.build +@@ -22,6 +22,7 @@ if get_option('gtk_doc') + 'gprintfint.h', + 'gmirroringtable.h', + 'gscripttable.h', ++ 'gstrfuncsprivate.h', + 'glib-mirroring-tab', + 'gnulib', + 'pcre', +diff --git a/glib/gstrfuncsprivate.h b/glib/gstrfuncsprivate.h +new file mode 100644 +index 000000000..85c88328a +--- /dev/null ++++ b/glib/gstrfuncsprivate.h +@@ -0,0 +1,55 @@ ++/* GLIB - Library of useful routines for C programming ++ * Copyright (C) 1995-1997 Peter Mattis, Spencer Kimball and Josh MacDonald ++ * ++ * This library is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU Lesser General Public ++ * License as published by the Free Software Foundation; either ++ * version 2.1 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public ++ * License along with this library; if not, see . ++ */ ++ ++#include ++#include ++ ++/* ++ * g_memdup2: ++ * @mem: (nullable): the memory to copy. ++ * @byte_size: the number of bytes to copy. ++ * ++ * Allocates @byte_size bytes of memory, and copies @byte_size bytes into it ++ * from @mem. If @mem is %NULL it returns %NULL. ++ * ++ * This replaces g_memdup(), which was prone to integer overflows when ++ * converting the argument from a #gsize to a #guint. ++ * ++ * This static inline version is a backport of the new public API from ++ * GLib 2.68, kept internal to GLib for backport to older stable releases. ++ * See https://gitlab.gnome.org/GNOME/glib/-/issues/2319. ++ * ++ * Returns: (nullable): a pointer to the newly-allocated copy of the memory, ++ * or %NULL if @mem is %NULL. ++ * Since: 2.68 ++ */ ++static inline gpointer ++g_memdup2 (gconstpointer mem, ++ gsize byte_size) ++{ ++ gpointer new_mem; ++ ++ if (mem && byte_size != 0) ++ { ++ new_mem = g_malloc (byte_size); ++ memcpy (new_mem, mem, byte_size); ++ } ++ else ++ new_mem = NULL; ++ ++ return new_mem; ++} +diff --git a/glib/meson.build b/glib/meson.build +index aaf5f00f5..5a6eea397 100644 +--- a/glib/meson.build ++++ b/glib/meson.build +@@ -268,6 +268,7 @@ glib_sources = files( + 'gslist.c', + 'gstdio.c', + 'gstrfuncs.c', ++ 'gstrfuncsprivate.h', + 'gstring.c', + 'gstringchunk.c', + 'gtestutils.c', +diff --git a/glib/tests/strfuncs.c b/glib/tests/strfuncs.c +index e1f9619c7..d968afff9 100644 +--- a/glib/tests/strfuncs.c ++++ b/glib/tests/strfuncs.c +@@ -32,6 +32,8 @@ + #include + #include "glib.h" + ++#include "gstrfuncsprivate.h" ++ + #if defined (_MSC_VER) && (_MSC_VER <= 1800) + #define isnan(x) _isnan(x) + +@@ -219,6 +221,26 @@ test_memdup (void) + g_free (str_dup); + } + ++/* Testing g_memdup2() function with various positive and negative cases */ ++static void ++test_memdup2 (void) ++{ ++ gchar *str_dup = NULL; ++ const gchar *str = "The quick brown fox jumps over the lazy dog"; ++ ++ /* Testing negative cases */ ++ g_assert_null (g_memdup2 (NULL, 1024)); ++ g_assert_null (g_memdup2 (str, 0)); ++ g_assert_null (g_memdup2 (NULL, 0)); ++ ++ /* Testing normal usage cases */ ++ str_dup = g_memdup2 (str, strlen (str) + 1); ++ g_assert_nonnull (str_dup); ++ g_assert_cmpstr (str, ==, str_dup); ++ ++ g_free (str_dup); ++} ++ + /* Testing g_strpcpy() function with various positive and negative cases */ + static void + test_stpcpy (void) +@@ -2523,6 +2545,7 @@ main (int argc, + g_test_add_func ("/strfuncs/has-prefix", test_has_prefix); + g_test_add_func ("/strfuncs/has-suffix", test_has_suffix); + g_test_add_func ("/strfuncs/memdup", test_memdup); ++ g_test_add_func ("/strfuncs/memdup2", test_memdup2); + g_test_add_func ("/strfuncs/stpcpy", test_stpcpy); + g_test_add_func ("/strfuncs/str_match_string", test_str_match_string); + g_test_add_func ("/strfuncs/str_tokenize_and_fold", test_str_tokenize_and_fold); +-- +2.30.1 + diff --git a/gnu/packages/patches/glib-CVE-2021-27219-02.patch b/gnu/packages/patches/glib-CVE-2021-27219-02.patch new file mode 100644 index 0000000000..431959fa8f --- /dev/null +++ b/gnu/packages/patches/glib-CVE-2021-27219-02.patch @@ -0,0 +1,264 @@ +Backport of: + +From be8834340a2d928ece82025463ae23dee2c333d0 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 4 Feb 2021 13:37:56 +0000 +Subject: [PATCH 02/11] gio: Use g_memdup2() instead of g_memdup() in obvious + places +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Convert all the call sites which use `g_memdup()`’s length argument +trivially (for example, by passing a `sizeof()`), so that they use +`g_memdup2()` instead. + +In almost all of these cases the use of `g_memdup()` would not have +caused problems, but it will soon be deprecated, so best port away from +it. + +Signed-off-by: Philip Withnall +Helps: #2319 +--- + gio/gdbusconnection.c | 5 +++-- + gio/gdbusinterfaceskeleton.c | 3 ++- + gio/gfile.c | 7 ++++--- + gio/gsettingsschema.c | 5 +++-- + gio/gwin32registrykey.c | 8 +++++--- + gio/tests/async-close-output-stream.c | 6 ++++-- + gio/tests/gdbus-export.c | 5 +++-- + gio/win32/gwinhttpfile.c | 9 +++++---- + 8 files changed, 29 insertions(+), 19 deletions(-) + +diff --git a/gio/gdbusconnection.c b/gio/gdbusconnection.c +index f1f0921d4..d56453486 100644 +--- a/gio/gdbusconnection.c ++++ b/gio/gdbusconnection.c +@@ -110,6 +110,7 @@ + #include "gasyncinitable.h" + #include "giostream.h" + #include "gasyncresult.h" ++#include "gstrfuncsprivate.h" + #include "gtask.h" + #include "gmarshal-internal.h" + +@@ -3997,7 +3998,7 @@ _g_dbus_interface_vtable_copy (const GDBusInterfaceVTable *vtable) + /* Don't waste memory by copying padding - remember to update this + * when changing struct _GDBusInterfaceVTable in gdbusconnection.h + */ +- return g_memdup ((gconstpointer) vtable, 3 * sizeof (gpointer)); ++ return g_memdup2 ((gconstpointer) vtable, 3 * sizeof (gpointer)); + } + + static void +@@ -4014,7 +4015,7 @@ _g_dbus_subtree_vtable_copy (const GDBusSubtreeVTable *vtable) + /* Don't waste memory by copying padding - remember to update this + * when changing struct _GDBusSubtreeVTable in gdbusconnection.h + */ +- return g_memdup ((gconstpointer) vtable, 3 * sizeof (gpointer)); ++ return g_memdup2 ((gconstpointer) vtable, 3 * sizeof (gpointer)); + } + + static void +diff --git a/gio/gdbusinterfaceskeleton.c b/gio/gdbusinterfaceskeleton.c +index 4a06516c1..4a4b719a5 100644 +--- a/gio/gdbusinterfaceskeleton.c ++++ b/gio/gdbusinterfaceskeleton.c +@@ -28,6 +28,7 @@ + #include "gdbusmethodinvocation.h" + #include "gdbusconnection.h" + #include "gmarshal-internal.h" ++#include "gstrfuncsprivate.h" + #include "gtask.h" + #include "gioerror.h" + +@@ -701,7 +702,7 @@ add_connection_locked (GDBusInterfaceSkeleton *interface_, + * properly before building the hooked_vtable, so we create it + * once at the last minute. + */ +- interface_->priv->hooked_vtable = g_memdup (g_dbus_interface_skeleton_get_vtable (interface_), sizeof (GDBusInterfaceVTable)); ++ interface_->priv->hooked_vtable = g_memdup2 (g_dbus_interface_skeleton_get_vtable (interface_), sizeof (GDBusInterfaceVTable)); + interface_->priv->hooked_vtable->method_call = skeleton_intercept_handle_method_call; + } + +diff --git a/gio/gfile.c b/gio/gfile.c +index ba93f7c75..88b341e7d 100644 +--- a/gio/gfile.c ++++ b/gio/gfile.c +@@ -60,6 +60,7 @@ + #include "gasyncresult.h" + #include "gioerror.h" + #include "glibintl.h" ++#include "gstrfuncsprivate.h" + + + /** +@@ -7884,7 +7885,7 @@ measure_disk_usage_progress (gboolean reporting, + g_main_context_invoke_full (g_task_get_context (task), + g_task_get_priority (task), + measure_disk_usage_invoke_progress, +- g_memdup (&progress, sizeof progress), ++ g_memdup2 (&progress, sizeof progress), + g_free); + } + +@@ -7902,7 +7903,7 @@ measure_disk_usage_thread (GTask *task, + data->progress_callback ? measure_disk_usage_progress : NULL, task, + &result.disk_usage, &result.num_dirs, &result.num_files, + &error)) +- g_task_return_pointer (task, g_memdup (&result, sizeof result), g_free); ++ g_task_return_pointer (task, g_memdup2 (&result, sizeof result), g_free); + else + g_task_return_error (task, error); + } +@@ -7926,7 +7927,7 @@ g_file_real_measure_disk_usage_async (GFile *file, + + task = g_task_new (file, cancellable, callback, user_data); + g_task_set_source_tag (task, g_file_real_measure_disk_usage_async); +- g_task_set_task_data (task, g_memdup (&data, sizeof data), g_free); ++ g_task_set_task_data (task, g_memdup2 (&data, sizeof data), g_free); + g_task_set_priority (task, io_priority); + + g_task_run_in_thread (task, measure_disk_usage_thread); +diff --git a/gio/gsettingsschema.c b/gio/gsettingsschema.c +index 3a60b8c64..dded9b1ca 100644 +--- a/gio/gsettingsschema.c ++++ b/gio/gsettingsschema.c +@@ -20,6 +20,7 @@ + + #include "gsettingsschema-internal.h" + #include "gsettings.h" ++#include "gstrfuncsprivate.h" + + #include "gvdb/gvdb-reader.h" + #include "strinfo.c" +@@ -1058,9 +1059,9 @@ g_settings_schema_list_children (GSettingsSchema *schema) + + if (g_str_has_suffix (key, "/")) + { +- gint length = strlen (key); ++ gsize length = strlen (key); + +- strv[j] = g_memdup (key, length); ++ strv[j] = g_memdup2 (key, length); + strv[j][length - 1] = '\0'; + j++; + } +diff --git a/gio/gwin32registrykey.c b/gio/gwin32registrykey.c +index c19fede4e..619fd48af 100644 +--- a/gio/gwin32registrykey.c ++++ b/gio/gwin32registrykey.c +@@ -28,6 +28,8 @@ + #include + #include + ++#include "gstrfuncsprivate.h" ++ + #ifndef _WDMDDK_ + typedef enum _KEY_INFORMATION_CLASS { + KeyBasicInformation, +@@ -247,7 +249,7 @@ g_win32_registry_value_iter_copy (const GWin32RegistryValueIter *iter) + new_iter->value_name_size = iter->value_name_size; + + if (iter->value_data != NULL) +- new_iter->value_data = g_memdup (iter->value_data, iter->value_data_size); ++ new_iter->value_data = g_memdup2 (iter->value_data, iter->value_data_size); + + new_iter->value_data_size = iter->value_data_size; + +@@ -268,8 +270,8 @@ g_win32_registry_value_iter_copy (const GWin32RegistryValueIter *iter) + new_iter->value_data_expanded_charsize = iter->value_data_expanded_charsize; + + if (iter->value_data_expanded_u8 != NULL) +- new_iter->value_data_expanded_u8 = g_memdup (iter->value_data_expanded_u8, +- iter->value_data_expanded_charsize); ++ new_iter->value_data_expanded_u8 = g_memdup2 (iter->value_data_expanded_u8, ++ iter->value_data_expanded_charsize); + + new_iter->value_data_expanded_u8_size = iter->value_data_expanded_charsize; + +diff --git a/gio/tests/async-close-output-stream.c b/gio/tests/async-close-output-stream.c +index 5f6620275..d3f97a119 100644 +--- a/gio/tests/async-close-output-stream.c ++++ b/gio/tests/async-close-output-stream.c +@@ -24,6 +24,8 @@ + #include + #include + ++#include "gstrfuncsprivate.h" ++ + #define DATA_TO_WRITE "Hello world\n" + + typedef struct +@@ -147,9 +149,9 @@ prepare_data (SetupData *data, + + data->expected_size = g_memory_output_stream_get_data_size (G_MEMORY_OUTPUT_STREAM (data->data_stream)); + +- g_assert_cmpint (data->expected_size, >, 0); ++ g_assert_cmpuint (data->expected_size, >, 0); + +- data->expected_output = g_memdup (written, (guint)data->expected_size); ++ data->expected_output = g_memdup2 (written, data->expected_size); + + /* then recreate the streams and prepare them for the asynchronous close */ + destroy_streams (data); +diff --git a/gio/tests/gdbus-export.c b/gio/tests/gdbus-export.c +index 506c7458a..5513306f8 100644 +--- a/gio/tests/gdbus-export.c ++++ b/gio/tests/gdbus-export.c +@@ -23,6 +23,7 @@ + #include + + #include "gdbus-tests.h" ++#include "gstrfuncsprivate.h" + + /* all tests rely on a shared mainloop */ + static GMainLoop *loop = NULL; +@@ -671,7 +672,7 @@ subtree_introspect (GDBusConnection *connection, + g_assert_not_reached (); + } + +- return g_memdup (interfaces, 2 * sizeof (void *)); ++ return g_memdup2 (interfaces, 2 * sizeof (void *)); + } + + static const GDBusInterfaceVTable * +@@ -727,7 +728,7 @@ dynamic_subtree_introspect (GDBusConnection *connection, + { + const GDBusInterfaceInfo *interfaces[2] = { &dyna_interface_info, NULL }; + +- return g_memdup (interfaces, 2 * sizeof (void *)); ++ return g_memdup2 (interfaces, 2 * sizeof (void *)); + } + + static const GDBusInterfaceVTable * +diff --git a/gio/win32/gwinhttpfile.c b/gio/win32/gwinhttpfile.c +index cf5eed31d..040ee8564 100644 +--- a/gio/win32/gwinhttpfile.c ++++ b/gio/win32/gwinhttpfile.c +@@ -29,6 +29,7 @@ + #include "gio/gfile.h" + #include "gio/gfileattribute.h" + #include "gio/gfileinfo.h" ++#include "gstrfuncsprivate.h" + #include "gwinhttpfile.h" + #include "gwinhttpfileinputstream.h" + #include "gwinhttpfileoutputstream.h" +@@ -393,10 +394,10 @@ g_winhttp_file_resolve_relative_path (GFile *file, + child = g_object_new (G_TYPE_WINHTTP_FILE, NULL); + child->vfs = winhttp_file->vfs; + child->url = winhttp_file->url; +- child->url.lpszScheme = g_memdup (winhttp_file->url.lpszScheme, (winhttp_file->url.dwSchemeLength+1)*2); +- child->url.lpszHostName = g_memdup (winhttp_file->url.lpszHostName, (winhttp_file->url.dwHostNameLength+1)*2); +- child->url.lpszUserName = g_memdup (winhttp_file->url.lpszUserName, (winhttp_file->url.dwUserNameLength+1)*2); +- child->url.lpszPassword = g_memdup (winhttp_file->url.lpszPassword, (winhttp_file->url.dwPasswordLength+1)*2); ++ child->url.lpszScheme = g_memdup2 (winhttp_file->url.lpszScheme, (winhttp_file->url.dwSchemeLength+1)*2); ++ child->url.lpszHostName = g_memdup2 (winhttp_file->url.lpszHostName, (winhttp_file->url.dwHostNameLength+1)*2); ++ child->url.lpszUserName = g_memdup2 (winhttp_file->url.lpszUserName, (winhttp_file->url.dwUserNameLength+1)*2); ++ child->url.lpszPassword = g_memdup2 (winhttp_file->url.lpszPassword, (winhttp_file->url.dwPasswordLength+1)*2); + child->url.lpszUrlPath = wnew_path; + child->url.dwUrlPathLength = wcslen (wnew_path); + child->url.lpszExtraInfo = NULL; +-- +2.30.1 + diff --git a/gnu/packages/patches/glib-CVE-2021-27219-03.patch b/gnu/packages/patches/glib-CVE-2021-27219-03.patch new file mode 100644 index 0000000000..99e849c43c --- /dev/null +++ b/gnu/packages/patches/glib-CVE-2021-27219-03.patch @@ -0,0 +1,136 @@ +From 6110caea45b235420b98cd41d845cc92238f6781 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 4 Feb 2021 13:39:25 +0000 +Subject: [PATCH 03/11] gobject: Use g_memdup2() instead of g_memdup() in + obvious places +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Convert all the call sites which use `g_memdup()`’s length argument +trivially (for example, by passing a `sizeof()`), so that they use +`g_memdup2()` instead. + +In almost all of these cases the use of `g_memdup()` would not have +caused problems, but it will soon be deprecated, so best port away from +it. + +Signed-off-by: Philip Withnall +Helps: #2319 +--- + gobject/gsignal.c | 3 ++- + gobject/gtype.c | 9 +++++---- + gobject/gtypemodule.c | 3 ++- + gobject/tests/param.c | 4 +++- + 4 files changed, 12 insertions(+), 7 deletions(-) + +diff --git a/gobject/gsignal.c b/gobject/gsignal.c +index 77d8f211e..41c54ab57 100644 +--- a/gobject/gsignal.c ++++ b/gobject/gsignal.c +@@ -28,6 +28,7 @@ + #include + + #include "gsignal.h" ++#include "gstrfuncsprivate.h" + #include "gtype-private.h" + #include "gbsearcharray.h" + #include "gvaluecollector.h" +@@ -1730,7 +1731,7 @@ g_signal_newv (const gchar *signal_name, + node->single_va_closure_is_valid = FALSE; + node->flags = signal_flags & G_SIGNAL_FLAGS_MASK; + node->n_params = n_params; +- node->param_types = g_memdup (param_types, sizeof (GType) * n_params); ++ node->param_types = g_memdup2 (param_types, sizeof (GType) * n_params); + node->return_type = return_type; + node->class_closure_bsa = NULL; + if (accumulator) +diff --git a/gobject/gtype.c b/gobject/gtype.c +index 7d3789400..8441b90e9 100644 +--- a/gobject/gtype.c ++++ b/gobject/gtype.c +@@ -33,6 +33,7 @@ + + #include "glib-private.h" + #include "gconstructor.h" ++#include "gstrfuncsprivate.h" + + #ifdef G_OS_WIN32 + #include +@@ -1470,7 +1471,7 @@ type_add_interface_Wm (TypeNode *node, + iholder->next = iface_node_get_holders_L (iface); + iface_node_set_holders_W (iface, iholder); + iholder->instance_type = NODE_TYPE (node); +- iholder->info = info ? g_memdup (info, sizeof (*info)) : NULL; ++ iholder->info = info ? g_memdup2 (info, sizeof (*info)) : NULL; + iholder->plugin = plugin; + + /* create an iface entry for this type */ +@@ -1731,7 +1732,7 @@ type_iface_retrieve_holder_info_Wm (TypeNode *iface, + INVALID_RECURSION ("g_type_plugin_*", iholder->plugin, NODE_NAME (iface)); + + check_interface_info_I (iface, instance_type, &tmp_info); +- iholder->info = g_memdup (&tmp_info, sizeof (tmp_info)); ++ iholder->info = g_memdup2 (&tmp_info, sizeof (tmp_info)); + } + + return iholder; /* we don't modify write lock upon returning NULL */ +@@ -2016,10 +2017,10 @@ type_iface_vtable_base_init_Wm (TypeNode *iface, + IFaceEntry *pentry = type_lookup_iface_entry_L (pnode, iface); + + if (pentry) +- vtable = g_memdup (pentry->vtable, iface->data->iface.vtable_size); ++ vtable = g_memdup2 (pentry->vtable, iface->data->iface.vtable_size); + } + if (!vtable) +- vtable = g_memdup (iface->data->iface.dflt_vtable, iface->data->iface.vtable_size); ++ vtable = g_memdup2 (iface->data->iface.dflt_vtable, iface->data->iface.vtable_size); + entry->vtable = vtable; + vtable->g_type = NODE_TYPE (iface); + vtable->g_instance_type = NODE_TYPE (node); +diff --git a/gobject/gtypemodule.c b/gobject/gtypemodule.c +index 4ecaf8c88..20911fafd 100644 +--- a/gobject/gtypemodule.c ++++ b/gobject/gtypemodule.c +@@ -19,6 +19,7 @@ + + #include + ++#include "gstrfuncsprivate.h" + #include "gtypeplugin.h" + #include "gtypemodule.h" + +@@ -436,7 +437,7 @@ g_type_module_register_type (GTypeModule *module, + module_type_info->loaded = TRUE; + module_type_info->info = *type_info; + if (type_info->value_table) +- module_type_info->info.value_table = g_memdup (type_info->value_table, ++ module_type_info->info.value_table = g_memdup2 (type_info->value_table, + sizeof (GTypeValueTable)); + + return module_type_info->type; +diff --git a/gobject/tests/param.c b/gobject/tests/param.c +index 758289bf8..971cff162 100644 +--- a/gobject/tests/param.c ++++ b/gobject/tests/param.c +@@ -2,6 +2,8 @@ + #include + #include + ++#include "gstrfuncsprivate.h" ++ + static void + test_param_value (void) + { +@@ -851,7 +853,7 @@ main (int argc, char *argv[]) + test_path = g_strdup_printf ("/param/implement/subprocess/%d-%d-%d-%d", + data.change_this_flag, data.change_this_type, + data.use_this_flag, data.use_this_type); +- test_data = g_memdup (&data, sizeof (TestParamImplementData)); ++ test_data = g_memdup2 (&data, sizeof (TestParamImplementData)); + g_test_add_data_func_full (test_path, test_data, test_param_implement_child, g_free); + g_free (test_path); + } +-- +2.30.1 + diff --git a/gnu/packages/patches/glib-CVE-2021-27219-04.patch b/gnu/packages/patches/glib-CVE-2021-27219-04.patch new file mode 100644 index 0000000000..3ae01f34b1 --- /dev/null +++ b/gnu/packages/patches/glib-CVE-2021-27219-04.patch @@ -0,0 +1,308 @@ +Backport of: + +From 0736b7c1e7cf4232c5d7eb2b0fbfe9be81bd3baa Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 4 Feb 2021 13:41:21 +0000 +Subject: [PATCH 04/11] glib: Use g_memdup2() instead of g_memdup() in obvious + places +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Convert all the call sites which use `g_memdup()`’s length argument +trivially (for example, by passing a `sizeof()` or an existing `gsize` +variable), so that they use `g_memdup2()` instead. + +In almost all of these cases the use of `g_memdup()` would not have +caused problems, but it will soon be deprecated, so best port away from +it + +In particular, this fixes an overflow within `g_bytes_new()`, identified +as GHSL-2021-045 by GHSL team member Kevin Backhouse. + +Signed-off-by: Philip Withnall +Fixes: GHSL-2021-045 +Helps: #2319 +--- + glib/gbytes.c | 6 ++++-- + glib/gdir.c | 3 ++- + glib/ghash.c | 7 ++++--- + glib/giochannel.c | 3 ++- + glib/gslice.c | 3 ++- + glib/gtestutils.c | 3 ++- + glib/gvariant.c | 7 ++++--- + glib/gvarianttype.c | 3 ++- + glib/tests/array-test.c | 4 +++- + glib/tests/option-context.c | 6 ++++-- + 10 files changed, 29 insertions(+), 16 deletions(-) + +diff --git a/glib/gbytes.c b/glib/gbytes.c +index d56abe6c3..dee494820 100644 +--- a/glib/gbytes.c ++++ b/glib/gbytes.c +@@ -34,6 +34,8 @@ + + #include + ++#include "gstrfuncsprivate.h" ++ + /** + * GBytes: + * +@@ -95,7 +97,7 @@ g_bytes_new (gconstpointer data, + { + g_return_val_if_fail (data != NULL || size == 0, NULL); + +- return g_bytes_new_take (g_memdup (data, size), size); ++ return g_bytes_new_take (g_memdup2 (data, size), size); + } + + /** +@@ -499,7 +501,7 @@ g_bytes_unref_to_data (GBytes *bytes, + * Copy: Non g_malloc (or compatible) allocator, or static memory, + * so we have to copy, and then unref. + */ +- result = g_memdup (bytes->data, bytes->size); ++ result = g_memdup2 (bytes->data, bytes->size); + *size = bytes->size; + g_bytes_unref (bytes); + } +diff --git a/glib/gdir.c b/glib/gdir.c +index 6b85e99c8..6747a8c6f 100644 +--- a/glib/gdir.c ++++ b/glib/gdir.c +@@ -37,6 +37,7 @@ + #include "gconvert.h" + #include "gfileutils.h" + #include "gstrfuncs.h" ++#include "gstrfuncsprivate.h" + #include "gtestutils.h" + #include "glibintl.h" + +@@ -112,7 +113,7 @@ g_dir_open_with_errno (const gchar *path, + return NULL; + #endif + +- return g_memdup (&dir, sizeof dir); ++ return g_memdup2 (&dir, sizeof dir); + } + + /** +diff --git a/glib/ghash.c b/glib/ghash.c +index e61b03788..26f26062b 100644 +--- a/glib/ghash.c ++++ b/glib/ghash.c +@@ -34,6 +34,7 @@ + #include "gmacros.h" + #include "glib-private.h" + #include "gstrfuncs.h" ++#include "gstrfuncsprivate.h" + #include "gatomic.h" + #include "gtestutils.h" + #include "gslice.h" +@@ -964,7 +965,7 @@ g_hash_table_ensure_keyval_fits (GHashTable *hash_table, gpointer key, gpointer + if (hash_table->have_big_keys) + { + if (key != value) +- hash_table->values = g_memdup (hash_table->keys, sizeof (gpointer) * hash_table->size); ++ hash_table->values = g_memdup2 (hash_table->keys, sizeof (gpointer) * hash_table->size); + /* Keys and values are both big now, so no need for further checks */ + return; + } +@@ -972,7 +973,7 @@ g_hash_table_ensure_keyval_fits (GHashTable *hash_table, gpointer key, gpointer + { + if (key != value) + { +- hash_table->values = g_memdup (hash_table->keys, sizeof (guint) * hash_table->size); ++ hash_table->values = g_memdup2 (hash_table->keys, sizeof (guint) * hash_table->size); + is_a_set = FALSE; + } + } +@@ -1000,7 +1001,7 @@ g_hash_table_ensure_keyval_fits (GHashTable *hash_table, gpointer key, gpointer + + /* Just split if necessary */ + if (is_a_set && key != value) +- hash_table->values = g_memdup (hash_table->keys, sizeof (gpointer) * hash_table->size); ++ hash_table->values = g_memdup2 (hash_table->keys, sizeof (gpointer) * hash_table->size); + + #endif + } +diff --git a/glib/giochannel.c b/glib/giochannel.c +index 1956e9dc6..15927c391 100644 +--- a/glib/giochannel.c ++++ b/glib/giochannel.c +@@ -37,6 +37,7 @@ + #include "giochannel.h" + + #include "gstrfuncs.h" ++#include "gstrfuncsprivate.h" + #include "gtestutils.h" + #include "glibintl.h" + +@@ -892,7 +893,7 @@ g_io_channel_set_line_term (GIOChannel *channel, + length = strlen (line_term); + + g_free (channel->line_term); +- channel->line_term = line_term ? g_memdup (line_term, length) : NULL; ++ channel->line_term = line_term ? g_memdup2 (line_term, length) : NULL; + channel->line_term_len = length; + } + +diff --git a/glib/gslice.c b/glib/gslice.c +index 4c758c3be..bcdbb8853 100644 +--- a/glib/gslice.c ++++ b/glib/gslice.c +@@ -41,6 +41,7 @@ + #include "gmain.h" + #include "gmem.h" /* gslice.h */ + #include "gstrfuncs.h" ++#include "gstrfuncsprivate.h" + #include "gutils.h" + #include "gtrashstack.h" + #include "gtestutils.h" +@@ -350,7 +351,7 @@ g_slice_get_config_state (GSliceConfig ckey, + array[i++] = allocator->contention_counters[address]; + array[i++] = allocator_get_magazine_threshold (allocator, address); + *n_values = i; +- return g_memdup (array, sizeof (array[0]) * *n_values); ++ return g_memdup2 (array, sizeof (array[0]) * *n_values); + default: + return NULL; + } +diff --git a/glib/gtestutils.c b/glib/gtestutils.c +index dd789482f..5887ecc36 100644 +--- a/glib/gtestutils.c ++++ b/glib/gtestutils.c +@@ -49,6 +49,7 @@ + #include "gpattern.h" + #include "grand.h" + #include "gstrfuncs.h" ++#include "gstrfuncsprivate.h" + #include "gtimer.h" + #include "gslice.h" + #include "gspawn.h" +@@ -3798,7 +3799,7 @@ g_test_log_extract (GTestLogBuffer *tbuffer) + if (p <= tbuffer->data->str + mlength) + { + g_string_erase (tbuffer->data, 0, mlength); +- tbuffer->msgs = g_slist_prepend (tbuffer->msgs, g_memdup (&msg, sizeof (msg))); ++ tbuffer->msgs = g_slist_prepend (tbuffer->msgs, g_memdup2 (&msg, sizeof (msg))); + return TRUE; + } + +diff --git a/glib/gvariant.c b/glib/gvariant.c +index b61bf7278..d6f68a9ea 100644 +--- a/glib/gvariant.c ++++ b/glib/gvariant.c +@@ -33,6 +33,7 @@ + + #include + ++#include "gstrfuncsprivate.h" + + /** + * SECTION:gvariant +@@ -725,7 +726,7 @@ g_variant_new_variant (GVariant *value) + g_variant_ref_sink (value); + + return g_variant_new_from_children (G_VARIANT_TYPE_VARIANT, +- g_memdup (&value, sizeof value), ++ g_memdup2 (&value, sizeof value), + 1, g_variant_is_trusted (value)); + } + +@@ -1229,7 +1230,7 @@ g_variant_new_fixed_array (const GVariantType *element_type, + return NULL; + } + +- data = g_memdup (elements, n_elements * element_size); ++ data = g_memdup2 (elements, n_elements * element_size); + value = g_variant_new_from_data (array_type, data, + n_elements * element_size, + FALSE, g_free, data); +@@ -1908,7 +1909,7 @@ g_variant_dup_bytestring (GVariant *value, + if (length) + *length = size; + +- return g_memdup (original, size + 1); ++ return g_memdup2 (original, size + 1); + } + + /** +diff --git a/glib/gvarianttype.c b/glib/gvarianttype.c +index 1a228f73b..07659ff12 100644 +--- a/glib/gvarianttype.c ++++ b/glib/gvarianttype.c +@@ -28,6 +28,7 @@ + + #include + ++#include "gstrfuncsprivate.h" + + /** + * SECTION:gvarianttype +@@ -1181,7 +1182,7 @@ g_variant_type_new_tuple (const GVariantType * const *items, + g_assert (offset < sizeof buffer); + buffer[offset++] = ')'; + +- return (GVariantType *) g_memdup (buffer, offset); ++ return (GVariantType *) g_memdup2 (buffer, offset); + } + + /** +diff --git a/glib/tests/array-test.c b/glib/tests/array-test.c +index 3fcf1136a..11982f822 100644 +--- a/glib/tests/array-test.c ++++ b/glib/tests/array-test.c +@@ -29,6 +29,8 @@ + #include + #include "glib.h" + ++#include "gstrfuncsprivate.h" ++ + /* Test data to be passed to any function which calls g_array_new(), providing + * the parameters for that call. Most #GArray tests should be repeated for all + * possible values of #ArrayTestData. */ +@@ -1642,7 +1644,7 @@ byte_array_new_take (void) + GByteArray *gbarray; + guint8 *data; + +- data = g_memdup ("woooweeewow", 11); ++ data = g_memdup2 ("woooweeewow", 11); + gbarray = g_byte_array_new_take (data, 11); + g_assert (gbarray->data == data); + g_assert_cmpuint (gbarray->len, ==, 11); +diff --git a/glib/tests/option-context.c b/glib/tests/option-context.c +index 149d22353..88d2b80d1 100644 +--- a/glib/tests/option-context.c ++++ b/glib/tests/option-context.c +@@ -27,6 +27,8 @@ + #include + #include + ++#include "gstrfuncsprivate.h" ++ + static GOptionEntry main_entries[] = { + { "main-switch", 0, 0, + G_OPTION_ARG_NONE, NULL, +@@ -256,7 +258,7 @@ join_stringv (int argc, char **argv) + static char ** + copy_stringv (char **argv, int argc) + { +- return g_memdup (argv, sizeof (char *) * (argc + 1)); ++ return g_memdup2 (argv, sizeof (char *) * (argc + 1)); + } + + static void +@@ -2323,7 +2325,7 @@ test_group_parse (void) + g_option_context_add_group (context, group); + + argv = split_string ("program --test arg1 -f arg2 --group-test arg3 --frob arg4 -z arg5", &argc); +- orig_argv = g_memdup (argv, (argc + 1) * sizeof (char *)); ++ orig_argv = g_memdup2 (argv, (argc + 1) * sizeof (char *)); + + retval = g_option_context_parse (context, &argc, &argv, &error); + +-- +2.30.1 + diff --git a/gnu/packages/patches/glib-CVE-2021-27219-05.patch b/gnu/packages/patches/glib-CVE-2021-27219-05.patch new file mode 100644 index 0000000000..62bce1b188 --- /dev/null +++ b/gnu/packages/patches/glib-CVE-2021-27219-05.patch @@ -0,0 +1,47 @@ +From 0cbad673215ec8a049b7fe2ff44b0beed31b376e Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 4 Feb 2021 16:12:24 +0000 +Subject: [PATCH 05/11] gwinhttpfile: Avoid arithmetic overflow when + calculating a size +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The members of `URL_COMPONENTS` (`winhttp_file->url`) are `DWORD`s, i.e. +32-bit unsigned integers. Adding to and multiplying them may cause them +to overflow the unsigned integer bounds, even if the result is passed to +`g_memdup2()` which accepts a `gsize`. + +Cast the `URL_COMPONENTS` members to `gsize` first to ensure that the +arithmetic is done in terms of `gsize`s rather than unsigned integers. + +Spotted by Sebastian Dröge. + +Signed-off-by: Philip Withnall +Helps: #2319 +--- + gio/win32/gwinhttpfile.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/gio/win32/gwinhttpfile.c b/gio/win32/gwinhttpfile.c +index 040ee8564..246ec0578 100644 +--- a/gio/win32/gwinhttpfile.c ++++ b/gio/win32/gwinhttpfile.c +@@ -394,10 +394,10 @@ g_winhttp_file_resolve_relative_path (GFile *file, + child = g_object_new (G_TYPE_WINHTTP_FILE, NULL); + child->vfs = winhttp_file->vfs; + child->url = winhttp_file->url; +- child->url.lpszScheme = g_memdup2 (winhttp_file->url.lpszScheme, (winhttp_file->url.dwSchemeLength+1)*2); +- child->url.lpszHostName = g_memdup2 (winhttp_file->url.lpszHostName, (winhttp_file->url.dwHostNameLength+1)*2); +- child->url.lpszUserName = g_memdup2 (winhttp_file->url.lpszUserName, (winhttp_file->url.dwUserNameLength+1)*2); +- child->url.lpszPassword = g_memdup2 (winhttp_file->url.lpszPassword, (winhttp_file->url.dwPasswordLength+1)*2); ++ child->url.lpszScheme = g_memdup2 (winhttp_file->url.lpszScheme, ((gsize) winhttp_file->url.dwSchemeLength + 1) * 2); ++ child->url.lpszHostName = g_memdup2 (winhttp_file->url.lpszHostName, ((gsize) winhttp_file->url.dwHostNameLength + 1) * 2); ++ child->url.lpszUserName = g_memdup2 (winhttp_file->url.lpszUserName, ((gsize) winhttp_file->url.dwUserNameLength + 1) * 2); ++ child->url.lpszPassword = g_memdup2 (winhttp_file->url.lpszPassword, ((gsize) winhttp_file->url.dwPasswordLength + 1) * 2); + child->url.lpszUrlPath = wnew_path; + child->url.dwUrlPathLength = wcslen (wnew_path); + child->url.lpszExtraInfo = NULL; +-- +2.30.1 + diff --git a/gnu/packages/patches/glib-CVE-2021-27219-06.patch b/gnu/packages/patches/glib-CVE-2021-27219-06.patch new file mode 100644 index 0000000000..4e2435f5fd --- /dev/null +++ b/gnu/packages/patches/glib-CVE-2021-27219-06.patch @@ -0,0 +1,94 @@ +From f9ee2275cbc312c0b4cdbc338a4fbb76eb36fb9a Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 4 Feb 2021 13:49:00 +0000 +Subject: [PATCH 06/11] gdatainputstream: Handle stop_chars_len internally as + gsize + +Previously it was handled as a `gssize`, which meant that if the +`stop_chars` string was longer than `G_MAXSSIZE` there would be an +overflow. + +Signed-off-by: Philip Withnall +Helps: #2319 +--- + gio/gdatainputstream.c | 25 +++++++++++++++++-------- + 1 file changed, 17 insertions(+), 8 deletions(-) + +diff --git a/gio/gdatainputstream.c b/gio/gdatainputstream.c +index 2e7750cb5..2cdcbda19 100644 +--- a/gio/gdatainputstream.c ++++ b/gio/gdatainputstream.c +@@ -27,6 +27,7 @@ + #include "gioenumtypes.h" + #include "gioerror.h" + #include "glibintl.h" ++#include "gstrfuncsprivate.h" + + #include + +@@ -856,7 +857,7 @@ static gssize + scan_for_chars (GDataInputStream *stream, + gsize *checked_out, + const char *stop_chars, +- gssize stop_chars_len) ++ gsize stop_chars_len) + { + GBufferedInputStream *bstream; + const char *buffer; +@@ -952,7 +953,7 @@ typedef struct + gsize checked; + + gchar *stop_chars; +- gssize stop_chars_len; ++ gsize stop_chars_len; + gsize length; + } GDataInputStreamReadData; + +@@ -1078,12 +1079,17 @@ g_data_input_stream_read_async (GDataInputStream *stream, + { + GDataInputStreamReadData *data; + GTask *task; ++ gsize stop_chars_len_unsigned; + + data = g_slice_new0 (GDataInputStreamReadData); +- if (stop_chars_len == -1) +- stop_chars_len = strlen (stop_chars); +- data->stop_chars = g_memdup (stop_chars, stop_chars_len); +- data->stop_chars_len = stop_chars_len; ++ ++ if (stop_chars_len < 0) ++ stop_chars_len_unsigned = strlen (stop_chars); ++ else ++ stop_chars_len_unsigned = (gsize) stop_chars_len; ++ ++ data->stop_chars = g_memdup2 (stop_chars, stop_chars_len_unsigned); ++ data->stop_chars_len = stop_chars_len_unsigned; + data->last_saw_cr = FALSE; + + task = g_task_new (stream, cancellable, callback, user_data); +@@ -1338,17 +1344,20 @@ g_data_input_stream_read_upto (GDataInputStream *stream, + gssize found_pos; + gssize res; + char *data_until; ++ gsize stop_chars_len_unsigned; + + g_return_val_if_fail (G_IS_DATA_INPUT_STREAM (stream), NULL); + + if (stop_chars_len < 0) +- stop_chars_len = strlen (stop_chars); ++ stop_chars_len_unsigned = strlen (stop_chars); ++ else ++ stop_chars_len_unsigned = (gsize) stop_chars_len; + + bstream = G_BUFFERED_INPUT_STREAM (stream); + + checked = 0; + +- while ((found_pos = scan_for_chars (stream, &checked, stop_chars, stop_chars_len)) == -1) ++ while ((found_pos = scan_for_chars (stream, &checked, stop_chars, stop_chars_len_unsigned)) == -1) + { + if (g_buffered_input_stream_get_available (bstream) == + g_buffered_input_stream_get_buffer_size (bstream)) +-- +2.30.1 + diff --git a/gnu/packages/patches/glib-CVE-2021-27219-07.patch b/gnu/packages/patches/glib-CVE-2021-27219-07.patch new file mode 100644 index 0000000000..dad3d285f4 --- /dev/null +++ b/gnu/packages/patches/glib-CVE-2021-27219-07.patch @@ -0,0 +1,118 @@ +Backport of: + +From 2aaf593a9eb96d84fe3be740aca2810a97d95592 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 4 Feb 2021 13:50:37 +0000 +Subject: [PATCH 07/11] gwin32: Use gsize internally in g_wcsdup() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This allows it to handle strings up to length `G_MAXSIZE` — previously +it would overflow with such strings. + +Update the several copies of it identically. + +Signed-off-by: Philip Withnall +Helps: #2319 +--- + gio/gwin32appinfo.c | 33 ++++++++++++++++++++++++++------- + gio/gwin32registrykey.c | 34 ++++++++++++++++++++++++++-------- + 2 files changed, 52 insertions(+), 15 deletions(-) + +diff --git a/gio/gwin32appinfo.c b/gio/gwin32appinfo.c +index 9f335b370..dd7a96a4a 100644 +--- a/gio/gwin32appinfo.c ++++ b/gio/gwin32appinfo.c +@@ -464,15 +464,34 @@ static GWin32RegistryKey *applications_key; + /* Watch this key */ + static GWin32RegistryKey *classes_root_key; + ++static gsize ++g_utf16_len (const gunichar2 *str) ++{ ++ gsize result; ++ ++ for (result = 0; str[0] != 0; str++, result++) ++ ; ++ ++ return result; ++} ++ + static gunichar2 * +-g_wcsdup (const gunichar2 *str, gssize str_size) ++g_wcsdup (const gunichar2 *str, gssize str_len) + { +- if (str_size == -1) +- { +- str_size = wcslen (str) + 1; +- str_size *= sizeof (gunichar2); +- } +- return g_memdup (str, str_size); ++ gsize str_len_unsigned; ++ gsize str_size; ++ ++ g_return_val_if_fail (str != NULL, NULL); ++ ++ if (str_len < 0) ++ str_len_unsigned = g_utf16_len (str); ++ else ++ str_len_unsigned = (gsize) str_len; ++ ++ g_assert (str_len_unsigned <= G_MAXSIZE / sizeof (gunichar2) - 1); ++ str_size = (str_len_unsigned + 1) * sizeof (gunichar2); ++ ++ return g_memdup2 (str, str_size); + } + + #define URL_ASSOCIATIONS L"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\" +diff --git a/gio/gwin32registrykey.c b/gio/gwin32registrykey.c +index 619fd48af..fbd65311a 100644 +--- a/gio/gwin32registrykey.c ++++ b/gio/gwin32registrykey.c +@@ -127,16 +127,34 @@ typedef enum + G_WIN32_REGISTRY_UPDATED_PATH = 1, + } GWin32RegistryKeyUpdateFlag; + ++static gsize ++g_utf16_len (const gunichar2 *str) ++{ ++ gsize result; ++ ++ for (result = 0; str[0] != 0; str++, result++) ++ ; ++ ++ return result; ++} ++ + static gunichar2 * +-g_wcsdup (const gunichar2 *str, +- gssize str_size) ++g_wcsdup (const gunichar2 *str, gssize str_len) + { +- if (str_size == -1) +- { +- str_size = wcslen (str) + 1; +- str_size *= sizeof (gunichar2); +- } +- return g_memdup (str, str_size); ++ gsize str_len_unsigned; ++ gsize str_size; ++ ++ g_return_val_if_fail (str != NULL, NULL); ++ ++ if (str_len < 0) ++ str_len_unsigned = g_utf16_len (str); ++ else ++ str_len_unsigned = (gsize) str_len; ++ ++ g_assert (str_len_unsigned <= G_MAXSIZE / sizeof (gunichar2) - 1); ++ str_size = (str_len_unsigned + 1) * sizeof (gunichar2); ++ ++ return g_memdup2 (str, str_size); + } + + /** +-- +2.30.1 + diff --git a/gnu/packages/patches/glib-CVE-2021-27219-08.patch b/gnu/packages/patches/glib-CVE-2021-27219-08.patch new file mode 100644 index 0000000000..2c021ad317 --- /dev/null +++ b/gnu/packages/patches/glib-CVE-2021-27219-08.patch @@ -0,0 +1,94 @@ +From ba8ca443051f93a74c0d03d62e70402036f967a5 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 4 Feb 2021 13:58:32 +0000 +Subject: [PATCH 08/11] gkeyfilesettingsbackend: Handle long keys when + converting paths + +Previously, the code in `convert_path()` could not handle keys longer +than `G_MAXINT`, and would overflow if that was exceeded. + +Convert the code to use `gsize` and `g_memdup2()` throughout, and +change from identifying the position of the final slash in the string +using a signed offset `i`, to using a pointer to the character (and +`strrchr()`). This allows the slash to be at any position in a +`G_MAXSIZE`-long string, without sacrificing a bit of the offset for +indicating whether a slash was found. + +Signed-off-by: Philip Withnall +Helps: #2319 +--- + gio/gkeyfilesettingsbackend.c | 21 ++++++++++----------- + 1 file changed, 10 insertions(+), 11 deletions(-) + +diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c +index cd5765afd..25b057672 100644 +--- a/gio/gkeyfilesettingsbackend.c ++++ b/gio/gkeyfilesettingsbackend.c +@@ -33,6 +33,7 @@ + #include "gfilemonitor.h" + #include "gsimplepermission.h" + #include "gsettingsbackendinternal.h" ++#include "gstrfuncsprivate.h" + #include "giomodule-priv.h" + #include "gportalsupport.h" + +@@ -145,8 +146,8 @@ convert_path (GKeyfileSettingsBackend *kfsb, + gchar **group, + gchar **basename) + { +- gint key_len = strlen (key); +- gint i; ++ gsize key_len = strlen (key); ++ const gchar *last_slash; + + if (key_len < kfsb->prefix_len || + memcmp (key, kfsb->prefix, kfsb->prefix_len) != 0) +@@ -155,38 +156,36 @@ convert_path (GKeyfileSettingsBackend *kfsb, + key_len -= kfsb->prefix_len; + key += kfsb->prefix_len; + +- for (i = key_len; i >= 0; i--) +- if (key[i] == '/') +- break; ++ last_slash = strrchr (key, '/'); + + if (kfsb->root_group) + { + /* if a root_group was specified, make sure the user hasn't given + * a path that ghosts that group name + */ +- if (i == kfsb->root_group_len && memcmp (key, kfsb->root_group, i) == 0) ++ if (last_slash != NULL && (last_slash - key) == kfsb->root_group_len && memcmp (key, kfsb->root_group, last_slash - key) == 0) + return FALSE; + } + else + { + /* if no root_group was given, ensure that the user gave a path */ +- if (i == -1) ++ if (last_slash == NULL) + return FALSE; + } + + if (group) + { +- if (i >= 0) ++ if (last_slash != NULL) + { +- *group = g_memdup (key, i + 1); +- (*group)[i] = '\0'; ++ *group = g_memdup2 (key, (last_slash - key) + 1); ++ (*group)[(last_slash - key)] = '\0'; + } + else + *group = g_strdup (kfsb->root_group); + } + + if (basename) +- *basename = g_memdup (key + i + 1, key_len - i); ++ *basename = g_memdup2 (last_slash + 1, key_len - (last_slash - key)); + + return TRUE; + } +-- +2.30.1 + diff --git a/gnu/packages/patches/glib-CVE-2021-27219-09.patch b/gnu/packages/patches/glib-CVE-2021-27219-09.patch new file mode 100644 index 0000000000..4de0c1b349 --- /dev/null +++ b/gnu/packages/patches/glib-CVE-2021-27219-09.patch @@ -0,0 +1,98 @@ +From 65ec7f4d6e8832c481f6e00e2eb007b9a60024ce Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 4 Feb 2021 14:00:53 +0000 +Subject: [PATCH 09/11] gsocket: Use gsize to track native sockaddr's size +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Don’t use an `int`, that’s potentially too small. In practical terms, +this is not a problem, since no socket address is going to be that big. + +By making these changes we can use `g_memdup2()` without warnings, +though. Fewer warnings is good. + +Signed-off-by: Philip Withnall +Helps: #2319 +--- + gio/gsocket.c | 16 ++++++++++------ + 1 file changed, 10 insertions(+), 6 deletions(-) + +diff --git a/gio/gsocket.c b/gio/gsocket.c +index 66073af83..a3af149e8 100644 +--- a/gio/gsocket.c ++++ b/gio/gsocket.c +@@ -75,6 +75,7 @@ + #include "gcredentialsprivate.h" + #include "glibintl.h" + #include "gioprivate.h" ++#include "gstrfuncsprivate.h" + + #ifdef G_OS_WIN32 + /* For Windows XP runtime compatibility, but use the system's if_nametoindex() if available */ +@@ -174,7 +175,7 @@ static gboolean g_socket_datagram_based_condition_wait (GDatagramBased + GError **error); + + static GSocketAddress * +-cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len); ++cache_recv_address (GSocket *socket, struct sockaddr *native, size_t native_len); + + static gssize + g_socket_receive_message_with_timeout (GSocket *socket, +@@ -260,7 +261,7 @@ struct _GSocketPrivate + struct { + GSocketAddress *addr; + struct sockaddr *native; +- gint native_len; ++ gsize native_len; + guint64 last_used; + } recv_addr_cache[RECV_ADDR_CACHE_SIZE]; + }; +@@ -5211,14 +5212,14 @@ g_socket_send_messages_with_timeout (GSocket *socket, + } + + static GSocketAddress * +-cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len) ++cache_recv_address (GSocket *socket, struct sockaddr *native, size_t native_len) + { + GSocketAddress *saddr; + gint i; + guint64 oldest_time = G_MAXUINT64; + gint oldest_index = 0; + +- if (native_len <= 0) ++ if (native_len == 0) + return NULL; + + saddr = NULL; +@@ -5226,7 +5227,7 @@ cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len) + { + GSocketAddress *tmp = socket->priv->recv_addr_cache[i].addr; + gpointer tmp_native = socket->priv->recv_addr_cache[i].native; +- gint tmp_native_len = socket->priv->recv_addr_cache[i].native_len; ++ gsize tmp_native_len = socket->priv->recv_addr_cache[i].native_len; + + if (!tmp) + continue; +@@ -5256,7 +5257,7 @@ cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len) + g_free (socket->priv->recv_addr_cache[oldest_index].native); + } + +- socket->priv->recv_addr_cache[oldest_index].native = g_memdup (native, native_len); ++ socket->priv->recv_addr_cache[oldest_index].native = g_memdup2 (native, native_len); + socket->priv->recv_addr_cache[oldest_index].native_len = native_len; + socket->priv->recv_addr_cache[oldest_index].addr = g_object_ref (saddr); + socket->priv->recv_addr_cache[oldest_index].last_used = g_get_monotonic_time (); +@@ -5404,6 +5405,9 @@ g_socket_receive_message_with_timeout (GSocket *socket, + /* do it */ + while (1) + { ++ /* addrlen has to be of type int because that’s how WSARecvFrom() is defined */ ++ G_STATIC_ASSERT (sizeof addr <= G_MAXINT); ++ + addrlen = sizeof addr; + if (address) + result = WSARecvFrom (socket->priv->fd, +-- +2.30.1 + diff --git a/gnu/packages/patches/glib-CVE-2021-27219-10.patch b/gnu/packages/patches/glib-CVE-2021-27219-10.patch new file mode 100644 index 0000000000..36198b8eef --- /dev/null +++ b/gnu/packages/patches/glib-CVE-2021-27219-10.patch @@ -0,0 +1,52 @@ +From 777b95a88f006d39d9fe6d3321db17e7b0d4b9a4 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 4 Feb 2021 14:07:39 +0000 +Subject: [PATCH 10/11] gtlspassword: Forbid very long TLS passwords +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The public API `g_tls_password_set_value_full()` (and the vfunc it +invokes) can only accept a `gssize` length. Ensure that nul-terminated +strings passed to `g_tls_password_set_value()` can’t exceed that length. +Use `g_memdup2()` to avoid an overflow if they’re longer than +`G_MAXUINT` similarly. + +Signed-off-by: Philip Withnall +Helps: #2319 +--- + gio/gtlspassword.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/gio/gtlspassword.c b/gio/gtlspassword.c +index 1e437a7b6..dbcec41a8 100644 +--- a/gio/gtlspassword.c ++++ b/gio/gtlspassword.c +@@ -23,6 +23,7 @@ + #include "glibintl.h" + + #include "gioenumtypes.h" ++#include "gstrfuncsprivate.h" + #include "gtlspassword.h" + + #include +@@ -287,9 +288,14 @@ g_tls_password_set_value (GTlsPassword *password, + g_return_if_fail (G_IS_TLS_PASSWORD (password)); + + if (length < 0) +- length = strlen ((gchar *)value); ++ { ++ /* FIXME: g_tls_password_set_value_full() doesn’t support unsigned gsize */ ++ gsize length_unsigned = strlen ((gchar *) value); ++ g_return_if_fail (length_unsigned > G_MAXSSIZE); ++ length = (gssize) length_unsigned; ++ } + +- g_tls_password_set_value_full (password, g_memdup (value, length), length, g_free); ++ g_tls_password_set_value_full (password, g_memdup2 (value, (gsize) length), length, g_free); + } + + /** +-- +2.30.1 + diff --git a/gnu/packages/patches/glib-CVE-2021-27219-11.patch b/gnu/packages/patches/glib-CVE-2021-27219-11.patch new file mode 100644 index 0000000000..4413cb9827 --- /dev/null +++ b/gnu/packages/patches/glib-CVE-2021-27219-11.patch @@ -0,0 +1,57 @@ +From ecdf91400e9a538695a0895b95ad7e8abcdf1749 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 4 Feb 2021 14:09:40 +0000 +Subject: [PATCH 11/11] giochannel: Forbid very long line terminator strings +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The public API `GIOChannel.line_term_len` is only a `guint`. Ensure that +nul-terminated strings passed to `g_io_channel_set_line_term()` can’t +exceed that length. Use `g_memdup2()` to avoid a warning (`g_memdup()` +is due to be deprecated), but not to avoid a bug, since it’s also +limited to `G_MAXUINT`. + +Signed-off-by: Philip Withnall +Helps: #2319 +--- + glib/giochannel.c | 17 +++++++++++++---- + 1 file changed, 13 insertions(+), 4 deletions(-) + +diff --git a/glib/giochannel.c b/glib/giochannel.c +index 15927c391..66c6591f0 100644 +--- a/glib/giochannel.c ++++ b/glib/giochannel.c +@@ -884,16 +884,25 @@ g_io_channel_set_line_term (GIOChannel *channel, + const gchar *line_term, + gint length) + { ++ guint length_unsigned; ++ + g_return_if_fail (channel != NULL); + g_return_if_fail (line_term == NULL || length != 0); /* Disallow "" */ + + if (line_term == NULL) +- length = 0; +- else if (length < 0) +- length = strlen (line_term); ++ length_unsigned = 0; ++ else if (length >= 0) ++ length_unsigned = (guint) length; ++ else ++ { ++ /* FIXME: We’re constrained by line_term_len being a guint here */ ++ gsize length_size = strlen (line_term); ++ g_return_if_fail (length_size > G_MAXUINT); ++ length_unsigned = (guint) length_size; ++ } + + g_free (channel->line_term); +- channel->line_term = line_term ? g_memdup2 (line_term, length) : NULL; ++ channel->line_term = line_term ? g_memdup2 (line_term, length_unsigned) : NULL; + channel->line_term_len = length; + } + +-- +2.30.1 + diff --git a/gnu/packages/patches/glib-CVE-2021-27219-12.patch b/gnu/packages/patches/glib-CVE-2021-27219-12.patch new file mode 100644 index 0000000000..4fdbb81750 --- /dev/null +++ b/gnu/packages/patches/glib-CVE-2021-27219-12.patch @@ -0,0 +1,30 @@ +From f8273b9aded135fe07094faebd527e43851aaf6e Mon Sep 17 00:00:00 2001 +From: "Jan Alexander Steffens (heftig)" +Date: Sun, 7 Feb 2021 23:32:40 +0100 +Subject: [PATCH 1/5] giochannel: Fix length_size bounds check + +The inverted condition is an obvious error introduced by ecdf91400e9a. + +Fixes https://gitlab.gnome.org/GNOME/glib/-/issues/2323 + +(cherry picked from commit a149bf2f9030168051942124536e303af8ba6176) +--- + glib/giochannel.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/glib/giochannel.c b/glib/giochannel.c +index 66c6591f0..0d9d5f223 100644 +--- a/glib/giochannel.c ++++ b/glib/giochannel.c +@@ -897,7 +897,7 @@ g_io_channel_set_line_term (GIOChannel *channel, + { + /* FIXME: We’re constrained by line_term_len being a guint here */ + gsize length_size = strlen (line_term); +- g_return_if_fail (length_size > G_MAXUINT); ++ g_return_if_fail (length_size <= G_MAXUINT); + length_unsigned = (guint) length_size; + } + +-- +2.30.1 + diff --git a/gnu/packages/patches/glib-CVE-2021-27219-13.patch b/gnu/packages/patches/glib-CVE-2021-27219-13.patch new file mode 100644 index 0000000000..6a287cc3a2 --- /dev/null +++ b/gnu/packages/patches/glib-CVE-2021-27219-13.patch @@ -0,0 +1,32 @@ +From e069c50467712e6d607822afd6b6c15c2c343dff Mon Sep 17 00:00:00 2001 +From: Simon McVittie +Date: Mon, 8 Feb 2021 10:34:50 +0000 +Subject: [PATCH 2/5] giochannel: Don't store negative line_term_len in + GIOChannel struct + +Adding test coverage indicated that this was another bug in 0cc11f74. + +Fixes: 0cc11f74 "giochannel: Forbid very long line terminator strings" +Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/2323 +Signed-off-by: Simon McVittie +(cherry picked from commit 5dc8b0014c03e7491d93b90275ab442e888a9628) +--- + glib/giochannel.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/glib/giochannel.c b/glib/giochannel.c +index 0d9d5f223..4c39b9dc0 100644 +--- a/glib/giochannel.c ++++ b/glib/giochannel.c +@@ -903,7 +903,7 @@ g_io_channel_set_line_term (GIOChannel *channel, + + g_free (channel->line_term); + channel->line_term = line_term ? g_memdup2 (line_term, length_unsigned) : NULL; +- channel->line_term_len = length; ++ channel->line_term_len = length_unsigned; + } + + /** +-- +2.30.1 + diff --git a/gnu/packages/patches/glib-CVE-2021-27219-14.patch b/gnu/packages/patches/glib-CVE-2021-27219-14.patch new file mode 100644 index 0000000000..78de2846da --- /dev/null +++ b/gnu/packages/patches/glib-CVE-2021-27219-14.patch @@ -0,0 +1,32 @@ +From 4506d1859a863087598c8d122740bae25b65b099 Mon Sep 17 00:00:00 2001 +From: Simon McVittie +Date: Mon, 8 Feb 2021 10:04:48 +0000 +Subject: [PATCH 4/5] gtlspassword: Fix inverted assertion + +The intention here was to assert that the length of the password fits +in a gssize. Passwords more than half the size of virtual memory are +probably excessive. + +Fixes: a8b204ff "gtlspassword: Forbid very long TLS passwords" +Signed-off-by: Simon McVittie +(cherry picked from commit 61bb52ec42de1082bfb06ce1c737fc295bfe60b8) +--- + gio/gtlspassword.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gio/gtlspassword.c b/gio/gtlspassword.c +index dbcec41a8..bd86a6dfe 100644 +--- a/gio/gtlspassword.c ++++ b/gio/gtlspassword.c +@@ -291,7 +291,7 @@ g_tls_password_set_value (GTlsPassword *password, + { + /* FIXME: g_tls_password_set_value_full() doesn’t support unsigned gsize */ + gsize length_unsigned = strlen ((gchar *) value); +- g_return_if_fail (length_unsigned > G_MAXSSIZE); ++ g_return_if_fail (length_unsigned <= G_MAXSSIZE); + length = (gssize) length_unsigned; + } + +-- +2.30.1 + diff --git a/gnu/packages/patches/glib-CVE-2021-27219-15.patch b/gnu/packages/patches/glib-CVE-2021-27219-15.patch new file mode 100644 index 0000000000..37ef85b4fa --- /dev/null +++ b/gnu/packages/patches/glib-CVE-2021-27219-15.patch @@ -0,0 +1,95 @@ +From 3d1550354c3c6a8491c39881752d51cb7515f2c2 Mon Sep 17 00:00:00 2001 +From: Simon McVittie +Date: Mon, 8 Feb 2021 10:22:39 +0000 +Subject: [PATCH 5/5] tls-interaction: Add test coverage for various ways to + set the password + +Signed-off-by: Simon McVittie +(cherry picked from commit df4501316ca3903072400504a5ea76498db19538) +--- + gio/tests/tls-interaction.c | 55 +++++++++++++++++++++++++++++++++++++ + 1 file changed, 55 insertions(+) + +diff --git a/gio/tests/tls-interaction.c b/gio/tests/tls-interaction.c +index 4f0737d7e..5661e8e0d 100644 +--- a/gio/tests/tls-interaction.c ++++ b/gio/tests/tls-interaction.c +@@ -174,6 +174,38 @@ test_interaction_ask_password_finish_failure (GTlsInteraction *interaction, + } + + ++/* Return a copy of @str that is allocated in a silly way, to exercise ++ * custom free-functions. The returned pointer points to a copy of @str ++ * in a buffer of the form "BEFORE \0 str \0 AFTER". */ ++static guchar * ++special_dup (const char *str) ++{ ++ GString *buf = g_string_new ("BEFORE"); ++ guchar *ret; ++ ++ g_string_append_c (buf, '\0'); ++ g_string_append (buf, str); ++ g_string_append_c (buf, '\0'); ++ g_string_append (buf, "AFTER"); ++ ret = (guchar *) g_string_free (buf, FALSE); ++ return ret + strlen ("BEFORE") + 1; ++} ++ ++ ++/* Free a copy of @str that was made with special_dup(), after asserting ++ * that it has not been corrupted. */ ++static void ++special_free (gpointer p) ++{ ++ gchar *s = p; ++ gchar *buf = s - strlen ("BEFORE") - 1; ++ ++ g_assert_cmpstr (buf, ==, "BEFORE"); ++ g_assert_cmpstr (s + strlen (s) + 1, ==, "AFTER"); ++ g_free (buf); ++} ++ ++ + static GTlsInteractionResult + test_interaction_ask_password_sync_success (GTlsInteraction *interaction, + GTlsPassword *password, +@@ -181,6 +213,8 @@ test_interaction_ask_password_sync_success (GTlsInteraction *interaction, + GError **error) + { + TestInteraction *self; ++ const guchar *value; ++ gsize len; + + g_assert (TEST_IS_INTERACTION (interaction)); + self = TEST_INTERACTION (interaction); +@@ -192,6 +226,27 @@ test_interaction_ask_password_sync_success (GTlsInteraction *interaction, + g_assert (error != NULL); + g_assert (*error == NULL); + ++ /* Exercise different ways to set the value */ ++ g_tls_password_set_value (password, (const guchar *) "foo", 4); ++ len = 0; ++ value = g_tls_password_get_value (password, &len); ++ g_assert_cmpmem (value, len, "foo", 4); ++ ++ g_tls_password_set_value (password, (const guchar *) "bar", -1); ++ len = 0; ++ value = g_tls_password_get_value (password, &len); ++ g_assert_cmpmem (value, len, "bar", 3); ++ ++ g_tls_password_set_value_full (password, special_dup ("baa"), 4, special_free); ++ len = 0; ++ value = g_tls_password_get_value (password, &len); ++ g_assert_cmpmem (value, len, "baa", 4); ++ ++ g_tls_password_set_value_full (password, special_dup ("baz"), -1, special_free); ++ len = 0; ++ value = g_tls_password_get_value (password, &len); ++ g_assert_cmpmem (value, len, "baz", 3); ++ + /* Don't do this in real life. Include a null terminator for testing */ + g_tls_password_set_value (password, (const guchar *)"the password", 13); + return G_TLS_INTERACTION_HANDLED; +-- +2.30.1 + diff --git a/gnu/packages/patches/glib-CVE-2021-27219-16.patch b/gnu/packages/patches/glib-CVE-2021-27219-16.patch new file mode 100644 index 0000000000..43635e72ed --- /dev/null +++ b/gnu/packages/patches/glib-CVE-2021-27219-16.patch @@ -0,0 +1,43 @@ +From cb9ee701ef46c1819eed4e2a4dc181682bdfc176 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Wed, 10 Feb 2021 21:16:39 +0000 +Subject: [PATCH 1/3] gkeyfilesettingsbackend: Fix basename handling when group + is unset + +Fix an effective regression in commit +7781a9cbd2fd0aa84bee0f4eee88470640ff6706, which happens when +`convert_path()` is called with a `key` which contains no slashes. In +that case, the `key` is entirely the `basename`. + +Prior to commit 7781a9cb, the code worked through a fluke of `i == -1` +cancelling out with the various additions in the `g_memdup()` call, and +effectively resulting in `g_strdup (key)`. + +Spotted by Guido Berhoerster. + +Signed-off-by: Philip Withnall +--- + gio/gkeyfilesettingsbackend.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c +index 25b057672..861c3a661 100644 +--- a/gio/gkeyfilesettingsbackend.c ++++ b/gio/gkeyfilesettingsbackend.c +@@ -185,7 +185,12 @@ convert_path (GKeyfileSettingsBackend *kfsb, + } + + if (basename) +- *basename = g_memdup2 (last_slash + 1, key_len - (last_slash - key)); ++ { ++ if (last_slash != NULL) ++ *basename = g_memdup2 (last_slash + 1, key_len - (last_slash - key)); ++ else ++ *basename = g_strdup (key); ++ } + + return TRUE; + } +-- +2.30.1 + diff --git a/gnu/packages/patches/glib-CVE-2021-27219-17.patch b/gnu/packages/patches/glib-CVE-2021-27219-17.patch new file mode 100644 index 0000000000..3153979071 --- /dev/null +++ b/gnu/packages/patches/glib-CVE-2021-27219-17.patch @@ -0,0 +1,37 @@ +From 31e0d403ba635dbbacbfbff74295e5db02558d76 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Wed, 10 Feb 2021 21:19:30 +0000 +Subject: [PATCH 2/3] gkeyfilesettingsbackend: Disallow empty key or group + names + +These should never have been allowed; they will result in precondition +failures from the `GKeyFile` later on in the code. + +A test will be added for this shortly. + +Signed-off-by: Philip Withnall +--- + gio/gkeyfilesettingsbackend.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c +index 861c3a661..de216e615 100644 +--- a/gio/gkeyfilesettingsbackend.c ++++ b/gio/gkeyfilesettingsbackend.c +@@ -158,6 +158,13 @@ convert_path (GKeyfileSettingsBackend *kfsb, + + last_slash = strrchr (key, '/'); + ++ /* Disallow empty group names or key names */ ++ if (key_len == 0 || ++ (last_slash != NULL && ++ (*(last_slash + 1) == '\0' || ++ last_slash == key))) ++ return FALSE; ++ + if (kfsb->root_group) + { + /* if a root_group was specified, make sure the user hasn't given +-- +2.30.1 + diff --git a/gnu/packages/patches/glib-CVE-2021-27219-18.patch b/gnu/packages/patches/glib-CVE-2021-27219-18.patch new file mode 100644 index 0000000000..c18d44ddeb --- /dev/null +++ b/gnu/packages/patches/glib-CVE-2021-27219-18.patch @@ -0,0 +1,232 @@ +Backport of: + +From 221c26685354dea2b2732df94404e8e5e77a1591 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Wed, 10 Feb 2021 21:21:36 +0000 +Subject: [PATCH 3/3] tests: Add tests for key name handling in the keyfile + backend + +This tests the two recent commits. + +Signed-off-by: Philip Withnall +--- + gio/tests/gsettings.c | 171 +++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 170 insertions(+), 1 deletion(-) + +diff --git a/gio/tests/gsettings.c b/gio/tests/gsettings.c +index baadca8f5..afe594a23 100644 +--- a/gio/tests/gsettings.c ++++ b/gio/tests/gsettings.c +@@ -1,3 +1,4 @@ ++#include + #include + #include + #include +@@ -1740,6 +1741,14 @@ key_changed_cb (GSettings *settings, const gchar *key, gpointer data) + (*b) = TRUE; + } + ++typedef struct ++{ ++ const gchar *path; ++ const gchar *root_group; ++ const gchar *keyfile_group; ++ const gchar *root_path; ++} KeyfileTestData; ++ + /* + * Test that using a keyfile works + */ +@@ -1834,7 +1843,11 @@ test_keyfile (Fixture *fixture, + g_free (str); + + g_settings_set (settings, "farewell", "s", "cheerio"); +- ++ ++ /* Check that empty keys/groups are not allowed. */ ++ g_assert_false (g_settings_is_writable (settings, "")); ++ g_assert_false (g_settings_is_writable (settings, "/")); ++ + /* When executing as root, changing the mode of the keyfile will have + * no effect on the writability of the settings. + */ +@@ -1866,6 +1879,149 @@ test_keyfile (Fixture *fixture, + g_free (keyfile_path); + } + ++/* ++ * Test that using a keyfile works with a schema with no path set. ++ */ ++static void ++test_keyfile_no_path (Fixture *fixture, ++ gconstpointer user_data) ++{ ++ const KeyfileTestData *test_data = user_data; ++ GSettingsBackend *kf_backend; ++ GSettings *settings; ++ GKeyFile *keyfile; ++ gboolean writable; ++ gchar *key = NULL; ++ GError *error = NULL; ++ gchar *keyfile_path = NULL, *store_path = NULL; ++ ++ keyfile_path = g_build_filename (fixture->tmp_dir, "keyfile", NULL); ++ store_path = g_build_filename (keyfile_path, "gsettings.store", NULL); ++ kf_backend = g_keyfile_settings_backend_new (store_path, test_data->root_path, test_data->root_group); ++ settings = g_settings_new_with_backend_and_path ("org.gtk.test.no-path", kf_backend, test_data->path); ++ g_object_unref (kf_backend); ++ ++ g_settings_reset (settings, "test-boolean"); ++ g_assert_true (g_settings_get_boolean (settings, "test-boolean")); ++ ++ writable = g_settings_is_writable (settings, "test-boolean"); ++ g_assert_true (writable); ++ g_settings_set (settings, "test-boolean", "b", FALSE); ++ ++ g_assert_false (g_settings_get_boolean (settings, "test-boolean")); ++ ++ g_settings_delay (settings); ++ g_settings_set (settings, "test-boolean", "b", TRUE); ++ g_settings_apply (settings); ++ ++ keyfile = g_key_file_new (); ++ g_assert_true (g_key_file_load_from_file (keyfile, store_path, 0, NULL)); ++ ++ g_assert_true (g_key_file_get_boolean (keyfile, test_data->keyfile_group, "test-boolean", NULL)); ++ ++ g_key_file_free (keyfile); ++ ++ g_settings_reset (settings, "test-boolean"); ++ g_settings_apply (settings); ++ keyfile = g_key_file_new (); ++ g_assert_true (g_key_file_load_from_file (keyfile, store_path, 0, NULL)); ++ ++ g_assert_false (g_key_file_get_string (keyfile, test_data->keyfile_group, "test-boolean", &error)); ++ g_assert_error (error, G_KEY_FILE_ERROR, G_KEY_FILE_ERROR_KEY_NOT_FOUND); ++ g_clear_error (&error); ++ ++ /* Check that empty keys/groups are not allowed. */ ++ g_assert_false (g_settings_is_writable (settings, "")); ++ g_assert_false (g_settings_is_writable (settings, "/")); ++ ++ /* Keys which ghost the root group name are not allowed. This can only be ++ * tested when the path is `/` as otherwise it acts as a prefix and prevents ++ * any ghosting. */ ++ if (g_str_equal (test_data->path, "/")) ++ { ++ key = g_strdup_printf ("%s/%s", test_data->root_group, ""); ++ g_assert_false (g_settings_is_writable (settings, key)); ++ g_free (key); ++ ++ key = g_strdup_printf ("%s/%s", test_data->root_group, "/"); ++ g_assert_false (g_settings_is_writable (settings, key)); ++ g_free (key); ++ ++ key = g_strdup_printf ("%s/%s", test_data->root_group, "test-boolean"); ++ g_assert_false (g_settings_is_writable (settings, key)); ++ g_free (key); ++ } ++ ++ g_key_file_free (keyfile); ++ g_object_unref (settings); ++ ++ /* Clean up the temporary directory. */ ++ g_assert_cmpint (g_chmod (keyfile_path, 0777) == 0 ? 0 : errno, ==, 0); ++ g_assert_cmpint (g_remove (store_path) == 0 ? 0 : errno, ==, 0); ++ g_assert_cmpint (g_rmdir (keyfile_path) == 0 ? 0 : errno, ==, 0); ++ g_free (store_path); ++ g_free (keyfile_path); ++} ++ ++/* ++ * Test that a keyfile rejects writes to keys outside its root path. ++ */ ++static void ++test_keyfile_outside_root_path (Fixture *fixture, ++ gconstpointer user_data) ++{ ++ GSettingsBackend *kf_backend; ++ GSettings *settings; ++ gchar *keyfile_path = NULL, *store_path = NULL; ++ ++ keyfile_path = g_build_filename (fixture->tmp_dir, "keyfile", NULL); ++ store_path = g_build_filename (keyfile_path, "gsettings.store", NULL); ++ kf_backend = g_keyfile_settings_backend_new (store_path, "/tests/basic-types/", "root"); ++ settings = g_settings_new_with_backend_and_path ("org.gtk.test.no-path", kf_backend, "/tests/"); ++ g_object_unref (kf_backend); ++ ++ g_assert_false (g_settings_is_writable (settings, "test-boolean")); ++ ++ g_object_unref (settings); ++ ++ /* Clean up the temporary directory. The keyfile probably doesn’t exist, so ++ * don’t error on failure. */ ++ g_remove (store_path); ++ g_assert_cmpint (g_rmdir (keyfile_path) == 0 ? 0 : errno, ==, 0); ++ g_free (store_path); ++ g_free (keyfile_path); ++} ++ ++/* ++ * Test that a keyfile rejects writes to keys in the root if no root group is set. ++ */ ++static void ++test_keyfile_no_root_group (Fixture *fixture, ++ gconstpointer user_data) ++{ ++ GSettingsBackend *kf_backend; ++ GSettings *settings; ++ gchar *keyfile_path = NULL, *store_path = NULL; ++ ++ keyfile_path = g_build_filename (fixture->tmp_dir, "keyfile", NULL); ++ store_path = g_build_filename (keyfile_path, "gsettings.store", NULL); ++ kf_backend = g_keyfile_settings_backend_new (store_path, "/", NULL); ++ settings = g_settings_new_with_backend_and_path ("org.gtk.test.no-path", kf_backend, "/"); ++ g_object_unref (kf_backend); ++ ++ g_assert_false (g_settings_is_writable (settings, "test-boolean")); ++ g_assert_true (g_settings_is_writable (settings, "child/test-boolean")); ++ ++ g_object_unref (settings); ++ ++ /* Clean up the temporary directory. The keyfile probably doesn’t exist, so ++ * don’t error on failure. */ ++ g_remove (store_path); ++ g_assert_cmpint (g_rmdir (keyfile_path) == 0 ? 0 : errno, ==, 0); ++ g_free (store_path); ++ g_free (keyfile_path); ++} ++ + /* Test that getting child schemas works + */ + static void +@@ -2844,6 +3000,14 @@ main (int argc, char *argv[]) + gchar *override_text; + gchar *enums; + gint result; ++ const KeyfileTestData keyfile_test_data_explicit_path = { "/tests/", "root", "tests", "/" }; ++ const KeyfileTestData keyfile_test_data_empty_path = { "/", "root", "root", "/" }; ++ const KeyfileTestData keyfile_test_data_long_path = { ++ "/tests/path/is/very/long/and/this/makes/some/comparisons/take/a/different/branch/", ++ "root", ++ "tests/path/is/very/long/and/this/makes/some/comparisons/take/a/different/branch", ++ "/" ++ }; + + /* Meson build sets this */ + #ifdef TEST_LOCALE_PATH +@@ -2967,6 +3131,11 @@ main (int argc, char *argv[]) + } + + g_test_add ("/gsettings/keyfile", Fixture, NULL, setup, test_keyfile, teardown); ++ g_test_add ("/gsettings/keyfile/explicit-path", Fixture, &keyfile_test_data_explicit_path, setup, test_keyfile_no_path, teardown); ++ g_test_add ("/gsettings/keyfile/empty-path", Fixture, &keyfile_test_data_empty_path, setup, test_keyfile_no_path, teardown); ++ g_test_add ("/gsettings/keyfile/long-path", Fixture, &keyfile_test_data_long_path, setup, test_keyfile_no_path, teardown); ++ g_test_add ("/gsettings/keyfile/outside-root-path", Fixture, NULL, setup, test_keyfile_outside_root_path, teardown); ++ g_test_add ("/gsettings/keyfile/no-root-group", Fixture, NULL, setup, test_keyfile_no_root_group, teardown); + g_test_add_func ("/gsettings/child-schema", test_child_schema); + g_test_add_func ("/gsettings/strinfo", test_strinfo); + g_test_add_func ("/gsettings/enums", test_enums); +-- +2.30.1 + -- cgit v1.2.3 From feff80cec3c97a3df2c20d300be12d67f79d4f22 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Thu, 11 Mar 2021 15:13:55 +0200 Subject: Revert "gnu: mongodb: Update to 3.4.24 [security fixes]." This reverts commit e5f89570c1d72c4b674fad6b6ad5591ead02d419. After this version mongodb switched to the Server Side Public License (https://www.mongodb.com/licensing/server-side-public-license) which is not a FOSS license. --- gnu/local.mk | 1 + gnu/packages/databases.scm | 13 +++-- ...ngodb-support-unknown-linux-distributions.patch | 55 ++++++++++++++++++++++ 3 files changed, 64 insertions(+), 5 deletions(-) create mode 100644 gnu/packages/patches/mongodb-support-unknown-linux-distributions.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index c2637926ee..a39c5d8592 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1396,6 +1396,7 @@ dist_patch_DATA = \ %D%/packages/patches/mpc123-initialize-ao.patch \ %D%/packages/patches/module-init-tools-moduledir.patch \ %D%/packages/patches/monero-use-system-miniupnpc.patch \ + %D%/packages/patches/mongodb-support-unknown-linux-distributions.patch \ %D%/packages/patches/mono-mdoc-timestamping.patch \ %D%/packages/patches/mozjs17-aarch64-support.patch \ %D%/packages/patches/mozjs24-aarch64-support.patch \ diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm index 03d01b582a..8bb248fa1d 100644 --- a/gnu/packages/databases.scm +++ b/gnu/packages/databases.scm @@ -664,24 +664,27 @@ replacement for the code@{python-memcached} library.") (define-public mongodb (package (name "mongodb") - (version "3.4.24") + (version "3.4.10") (source (origin (method url-fetch) (uri (string-append "https://github.com/mongodb/mongo/archive/r" version ".tar.gz")) (file-name (string-append name "-" version ".tar.gz")) (sha256 - (base32 "0y1669sqj8wyf0y0njhxs4qhn1qzjhrs2h2qllya5samxrlrjhkg")) + (base32 "0676lvkljj7a5hdhv78dbykqnqrj9lbn9799mi84b8vbnzsq961r")) (modules '((guix build utils))) (snippet '(begin (for-each (lambda (dir) (delete-file-recursively (string-append "src/third_party/" dir))) - '("pcre-8.42" "scons-2.5.0" "snappy-1.1.3" + '("pcre-8.41" "scons-2.5.0" "snappy-1.1.3" "valgrind-3.11.0" "wiredtiger" - "yaml-cpp-0.6.2" "zlib-1.2.11")) - #t)))) + "yaml-cpp-0.5.3" "zlib-1.2.8")) + #t)) + (patches + (list + (search-patch "mongodb-support-unknown-linux-distributions.patch"))))) (build-system scons-build-system) (inputs `(("openssl" ,openssl-1.0) diff --git a/gnu/packages/patches/mongodb-support-unknown-linux-distributions.patch b/gnu/packages/patches/mongodb-support-unknown-linux-distributions.patch new file mode 100644 index 0000000000..6057ebeb08 --- /dev/null +++ b/gnu/packages/patches/mongodb-support-unknown-linux-distributions.patch @@ -0,0 +1,55 @@ +From e724bb7018a482640c4f194f88b554af2c59d76e Mon Sep 17 00:00:00 2001 +From: Mark Benvenuto +Date: Wed, 20 Sep 2017 11:50:02 -0400 +Subject: [PATCH] SERVER-30857 Support unknown Linux distributions + +--- + src/mongo/rpc/metadata/client_metadata.cpp | 6 ------ + src/mongo/util/processinfo_linux.cpp | 9 ++++++--- + 2 files changed, 6 insertions(+), 9 deletions(-) + +diff --git a/src/mongo/rpc/metadata/client_metadata.cpp b/src/mongo/rpc/metadata/client_metadata.cpp +index 845a315dd74..a959a4e31e9 100644 +--- a/src/mongo/rpc/metadata/client_metadata.cpp ++++ b/src/mongo/rpc/metadata/client_metadata.cpp +@@ -302,9 +302,6 @@ void ClientMetadata::serializePrivate(StringData driverName, + StringData osArchitecture, + StringData osVersion, + BSONObjBuilder* builder) { +- invariant(!driverName.empty() && !driverVersion.empty() && !osType.empty() && !osName.empty() && +- !osArchitecture.empty() && !osVersion.empty()); +- + BSONObjBuilder metaObjBuilder(builder->subobjStart(kMetadataDocumentName)); + + { +@@ -347,9 +344,6 @@ Status ClientMetadata::serializePrivate(StringData driverName, + StringData osVersion, + StringData appName, + BSONObjBuilder* builder) { +- invariant(!driverName.empty() && !driverVersion.empty() && !osType.empty() && !osName.empty() && +- !osArchitecture.empty() && !osVersion.empty()); +- + if (appName.size() > kMaxApplicationNameByteLength) { + return Status(ErrorCodes::ClientMetadataAppNameTooLarge, + str::stream() << "The '" << kApplication << "." << kName +diff --git a/src/mongo/util/processinfo_linux.cpp b/src/mongo/util/processinfo_linux.cpp +index c3debf377bd..c2813b026b0 100644 +--- a/src/mongo/util/processinfo_linux.cpp ++++ b/src/mongo/util/processinfo_linux.cpp +@@ -376,10 +376,13 @@ class LinuxSysHelper { + if ((nl = name.find('\n', nl)) != string::npos) + // stop at first newline + name.erase(nl); +- // no standard format for name and version. use kernel version +- version = "Kernel "; +- version += LinuxSysHelper::readLineFromFile("/proc/sys/kernel/osrelease"); ++ } else { ++ name = "unknown"; + } ++ ++ // There is no standard format for name and version so use the kernel version. ++ version = "Kernel "; ++ version += LinuxSysHelper::readLineFromFile("/proc/sys/kernel/osrelease"); + } + + /** -- cgit v1.2.3 From 2f9132e2e0b1e01398a01a32972e87f45ec2f7a6 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Thu, 11 Mar 2021 23:23:00 +0200 Subject: Revert "Revert "gnu: mongodb: Update to 3.4.24 [security fixes]."" This reverts commit feff80cec3c97a3df2c20d300be12d67f79d4f22. I was mistaken, there are still branches of mongodb which are still licensed under the AGPL3 --- gnu/local.mk | 1 - gnu/packages/databases.scm | 13 ++--- ...ngodb-support-unknown-linux-distributions.patch | 55 ---------------------- 3 files changed, 5 insertions(+), 64 deletions(-) delete mode 100644 gnu/packages/patches/mongodb-support-unknown-linux-distributions.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index a39c5d8592..c2637926ee 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1396,7 +1396,6 @@ dist_patch_DATA = \ %D%/packages/patches/mpc123-initialize-ao.patch \ %D%/packages/patches/module-init-tools-moduledir.patch \ %D%/packages/patches/monero-use-system-miniupnpc.patch \ - %D%/packages/patches/mongodb-support-unknown-linux-distributions.patch \ %D%/packages/patches/mono-mdoc-timestamping.patch \ %D%/packages/patches/mozjs17-aarch64-support.patch \ %D%/packages/patches/mozjs24-aarch64-support.patch \ diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm index 29270ce2be..aa64507b00 100644 --- a/gnu/packages/databases.scm +++ b/gnu/packages/databases.scm @@ -667,27 +667,24 @@ replacement for the code@{python-memcached} library.") (define-public mongodb (package (name "mongodb") - (version "3.4.10") + (version "3.4.24") (source (origin (method url-fetch) (uri (string-append "https://github.com/mongodb/mongo/archive/r" version ".tar.gz")) (file-name (string-append name "-" version ".tar.gz")) (sha256 - (base32 "0676lvkljj7a5hdhv78dbykqnqrj9lbn9799mi84b8vbnzsq961r")) + (base32 "0y1669sqj8wyf0y0njhxs4qhn1qzjhrs2h2qllya5samxrlrjhkg")) (modules '((guix build utils))) (snippet '(begin (for-each (lambda (dir) (delete-file-recursively (string-append "src/third_party/" dir))) - '("pcre-8.41" "scons-2.5.0" "snappy-1.1.3" + '("pcre-8.42" "scons-2.5.0" "snappy-1.1.3" "valgrind-3.11.0" "wiredtiger" - "yaml-cpp-0.5.3" "zlib-1.2.8")) - #t)) - (patches - (list - (search-patch "mongodb-support-unknown-linux-distributions.patch"))))) + "yaml-cpp-0.6.2" "zlib-1.2.11")) + #t)))) (build-system scons-build-system) (inputs `(("openssl" ,openssl-1.0) diff --git a/gnu/packages/patches/mongodb-support-unknown-linux-distributions.patch b/gnu/packages/patches/mongodb-support-unknown-linux-distributions.patch deleted file mode 100644 index 6057ebeb08..0000000000 --- a/gnu/packages/patches/mongodb-support-unknown-linux-distributions.patch +++ /dev/null @@ -1,55 +0,0 @@ -From e724bb7018a482640c4f194f88b554af2c59d76e Mon Sep 17 00:00:00 2001 -From: Mark Benvenuto -Date: Wed, 20 Sep 2017 11:50:02 -0400 -Subject: [PATCH] SERVER-30857 Support unknown Linux distributions - ---- - src/mongo/rpc/metadata/client_metadata.cpp | 6 ------ - src/mongo/util/processinfo_linux.cpp | 9 ++++++--- - 2 files changed, 6 insertions(+), 9 deletions(-) - -diff --git a/src/mongo/rpc/metadata/client_metadata.cpp b/src/mongo/rpc/metadata/client_metadata.cpp -index 845a315dd74..a959a4e31e9 100644 ---- a/src/mongo/rpc/metadata/client_metadata.cpp -+++ b/src/mongo/rpc/metadata/client_metadata.cpp -@@ -302,9 +302,6 @@ void ClientMetadata::serializePrivate(StringData driverName, - StringData osArchitecture, - StringData osVersion, - BSONObjBuilder* builder) { -- invariant(!driverName.empty() && !driverVersion.empty() && !osType.empty() && !osName.empty() && -- !osArchitecture.empty() && !osVersion.empty()); -- - BSONObjBuilder metaObjBuilder(builder->subobjStart(kMetadataDocumentName)); - - { -@@ -347,9 +344,6 @@ Status ClientMetadata::serializePrivate(StringData driverName, - StringData osVersion, - StringData appName, - BSONObjBuilder* builder) { -- invariant(!driverName.empty() && !driverVersion.empty() && !osType.empty() && !osName.empty() && -- !osArchitecture.empty() && !osVersion.empty()); -- - if (appName.size() > kMaxApplicationNameByteLength) { - return Status(ErrorCodes::ClientMetadataAppNameTooLarge, - str::stream() << "The '" << kApplication << "." << kName -diff --git a/src/mongo/util/processinfo_linux.cpp b/src/mongo/util/processinfo_linux.cpp -index c3debf377bd..c2813b026b0 100644 ---- a/src/mongo/util/processinfo_linux.cpp -+++ b/src/mongo/util/processinfo_linux.cpp -@@ -376,10 +376,13 @@ class LinuxSysHelper { - if ((nl = name.find('\n', nl)) != string::npos) - // stop at first newline - name.erase(nl); -- // no standard format for name and version. use kernel version -- version = "Kernel "; -- version += LinuxSysHelper::readLineFromFile("/proc/sys/kernel/osrelease"); -+ } else { -+ name = "unknown"; - } -+ -+ // There is no standard format for name and version so use the kernel version. -+ version = "Kernel "; -+ version += LinuxSysHelper::readLineFromFile("/proc/sys/kernel/osrelease"); - } - - /** -- cgit v1.2.3 From 5a06b83fc92710c5846a83bbf49f0ea84c8ecec2 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Fri, 12 Mar 2021 00:48:58 -0500 Subject: gnu: glib: Fix CVE-2021-28153. * gnu/packages/patches/glib-CVE-2021-28153.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/glib.scm (glib/fixed): Add the new patch. --- gnu/local.mk | 1 + gnu/packages/glib.scm | 3 +- gnu/packages/patches/glib-CVE-2021-28153.patch | 283 +++++++++++++++++++++++++ 3 files changed, 286 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/glib-CVE-2021-28153.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index c2637926ee..ce30d1db1c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1095,6 +1095,7 @@ dist_patch_DATA = \ %D%/packages/patches/glib-CVE-2021-27219-16.patch \ %D%/packages/patches/glib-CVE-2021-27219-17.patch \ %D%/packages/patches/glib-CVE-2021-27219-18.patch \ + %D%/packages/patches/glib-CVE-2021-28153.patch \ %D%/packages/patches/glibc-CVE-2018-11236.patch \ %D%/packages/patches/glibc-CVE-2018-11237.patch \ %D%/packages/patches/glibc-CVE-2019-7309.patch \ diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm index 520b723722..eaa319a2ff 100644 --- a/gnu/packages/glib.scm +++ b/gnu/packages/glib.scm @@ -415,7 +415,8 @@ dynamic loading, and an object system.") "glib-CVE-2021-27219-15.patch" "glib-CVE-2021-27219-16.patch" "glib-CVE-2021-27219-17.patch" - "glib-CVE-2021-27219-18.patch") + "glib-CVE-2021-27219-18.patch" + "glib-CVE-2021-28153.patch") (origin-patches (package-source glib)))))))) (define-public glib-with-documentation diff --git a/gnu/packages/patches/glib-CVE-2021-28153.patch b/gnu/packages/patches/glib-CVE-2021-28153.patch new file mode 100644 index 0000000000..54443186d9 --- /dev/null +++ b/gnu/packages/patches/glib-CVE-2021-28153.patch @@ -0,0 +1,283 @@ +Backport of: + +From 317b3b587058a05dca95d56dac26568c5b098d33 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Wed, 24 Feb 2021 17:35:40 +0000 +Subject: [PATCH] glocalfileoutputstream: Fix CREATE_REPLACE_DESTINATION + with symlinks +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The `G_FILE_CREATE_REPLACE_DESTINATION` flag is equivalent to unlinking +the destination file and re-creating it from scratch. That did +previously work, but in the process the code would call `open(O_CREAT)` +on the file. If the file was a dangling symlink, this would create the +destination file (empty). That’s not an intended side-effect, and has +security implications if the symlink is controlled by a lower-privileged +process. + +Fix that by not opening the destination file if it’s a symlink, and +adjusting the rest of the code to cope with + - the fact that `fd == -1` is not an error iff `is_symlink` is true, + - and that `original_stat` will contain the `lstat()` results for the + symlink now, rather than the `stat()` results for its target (again, + iff `is_symlink` is true). + +This means that the target of the dangling symlink is no longer created, +which was the bug. The symlink itself continues to be replaced (as +before) with the new file — this is the intended behaviour of +`g_file_replace()`. + +The behaviour for non-symlink cases, or cases where the symlink was not +dangling, should be unchanged. + +Includes a unit test. + +Signed-off-by: Philip Withnall + +Fixes: #2325 +--- + gio/glocalfileoutputstream.c | 70 ++++++++++++++++------- + gio/tests/file.c | 108 +++++++++++++++++++++++++++++++++++ + 2 files changed, 158 insertions(+), 20 deletions(-) + +diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c +index a3dd62172..553fcbbae 100644 +--- a/gio/glocalfileoutputstream.c ++++ b/gio/glocalfileoutputstream.c +@@ -874,16 +874,22 @@ handle_overwrite_open (const char *filename, + /* Could be a symlink, or it could be a regular ELOOP error, + * but then the next open will fail too. */ + is_symlink = TRUE; +- fd = g_open (filename, open_flags, mode); ++ if (!(flags & G_FILE_CREATE_REPLACE_DESTINATION)) ++ fd = g_open (filename, open_flags, mode); + } +-#else +- fd = g_open (filename, open_flags, mode); +- errsv = errno; ++#else /* if !O_NOFOLLOW */ + /* This is racy, but we do it as soon as possible to minimize the race */ + is_symlink = g_file_test (filename, G_FILE_TEST_IS_SYMLINK); ++ ++ if (!is_symlink || !(flags & G_FILE_CREATE_REPLACE_DESTINATION)) ++ { ++ fd = g_open (filename, open_flags, mode); ++ errsv = errno; ++ } + #endif + +- if (fd == -1) ++ if (fd == -1 && ++ (!is_symlink || !(flags & G_FILE_CREATE_REPLACE_DESTINATION))) + { + char *display_name = g_filename_display_name (filename); + g_set_error (error, G_IO_ERROR, +@@ -893,13 +899,25 @@ handle_overwrite_open (const char *filename, + g_free (display_name); + return -1; + } +- ++ ++ if (!is_symlink) ++ { + #ifdef G_OS_WIN32 +- res = GLIB_PRIVATE_CALL (g_win32_fstat) (fd, &original_stat); ++ res = GLIB_PRIVATE_CALL (g_win32_fstat) (fd, &original_stat); + #else +- res = fstat (fd, &original_stat); ++ res = fstat (fd, &original_stat); + #endif +- errsv = errno; ++ errsv = errno; ++ } ++ else ++ { ++#ifdef G_OS_WIN32 ++ res = GLIB_PRIVATE_CALL (g_win32_lstat_utf8) (filename, &original_stat); ++#else ++ res = g_lstat (filename, &original_stat); ++#endif ++ errsv = errno; ++ } + + if (res != 0) + { +@@ -916,16 +934,27 @@ handle_overwrite_open (const char *filename, + if (!S_ISREG (original_stat.st_mode)) + { + if (S_ISDIR (original_stat.st_mode)) +- g_set_error_literal (error, +- G_IO_ERROR, +- G_IO_ERROR_IS_DIRECTORY, +- _("Target file is a directory")); +- else +- g_set_error_literal (error, +- G_IO_ERROR, +- G_IO_ERROR_NOT_REGULAR_FILE, +- _("Target file is not a regular file")); +- goto err_out; ++ { ++ g_set_error_literal (error, ++ G_IO_ERROR, ++ G_IO_ERROR_IS_DIRECTORY, ++ _("Target file is a directory")); ++ goto err_out; ++ } ++ else if (!is_symlink || ++#ifdef S_ISLNK ++ !S_ISLNK (original_stat.st_mode) ++#else ++ FALSE ++#endif ++ ) ++ { ++ g_set_error_literal (error, ++ G_IO_ERROR, ++ G_IO_ERROR_NOT_REGULAR_FILE, ++ _("Target file is not a regular file")); ++ goto err_out; ++ } + } + + if (etag != NULL) +@@ -1006,7 +1035,8 @@ handle_overwrite_open (const char *filename, + } + } + +- g_close (fd, NULL); ++ if (fd >= 0) ++ g_close (fd, NULL); + *temp_filename = tmp_filename; + return tmpfd; + } +diff --git a/gio/tests/file.c b/gio/tests/file.c +index efb2eaadd..bc55f3af4 100644 +--- a/gio/tests/file.c ++++ b/gio/tests/file.c +@@ -804,6 +804,113 @@ test_replace_cancel (void) + g_object_unref (tmpdir); + } + ++static void ++test_replace_symlink (void) ++{ ++#ifdef G_OS_UNIX ++ gchar *tmpdir_path = NULL; ++ GFile *tmpdir = NULL, *source_file = NULL, *target_file = NULL; ++ GFileOutputStream *stream = NULL; ++ const gchar *new_contents = "this is a test message which should be written to source and not target"; ++ gsize n_written; ++ GFileEnumerator *enumerator = NULL; ++ GFileInfo *info = NULL; ++ gchar *contents = NULL; ++ gsize length = 0; ++ GError *local_error = NULL; ++ ++ g_test_bug ("https://gitlab.gnome.org/GNOME/glib/-/issues/2325"); ++ g_test_summary ("Test that G_FILE_CREATE_REPLACE_DESTINATION doesn’t follow symlinks"); ++ ++ /* Create a fresh, empty working directory. */ ++ tmpdir_path = g_dir_make_tmp ("g_file_replace_symlink_XXXXXX", &local_error); ++ g_assert_no_error (local_error); ++ tmpdir = g_file_new_for_path (tmpdir_path); ++ ++ g_test_message ("Using temporary directory %s", tmpdir_path); ++ g_free (tmpdir_path); ++ ++ /* Create symlink `source` which points to `target`. */ ++ source_file = g_file_get_child (tmpdir, "source"); ++ target_file = g_file_get_child (tmpdir, "target"); ++ g_file_make_symbolic_link (source_file, "target", NULL, &local_error); ++ g_assert_no_error (local_error); ++ ++ /* Ensure that `target` doesn’t exist */ ++ g_assert_false (g_file_query_exists (target_file, NULL)); ++ ++ /* Replace the `source` symlink with a regular file using ++ * %G_FILE_CREATE_REPLACE_DESTINATION, which should replace it *without* ++ * following the symlink */ ++ stream = g_file_replace (source_file, NULL, FALSE /* no backup */, ++ G_FILE_CREATE_REPLACE_DESTINATION, NULL, &local_error); ++ g_assert_no_error (local_error); ++ ++ g_output_stream_write_all (G_OUTPUT_STREAM (stream), new_contents, strlen (new_contents), ++ &n_written, NULL, &local_error); ++ g_assert_no_error (local_error); ++ g_assert_cmpint (n_written, ==, strlen (new_contents)); ++ ++ g_output_stream_close (G_OUTPUT_STREAM (stream), NULL, &local_error); ++ g_assert_no_error (local_error); ++ ++ g_clear_object (&stream); ++ ++ /* At this point, there should still only be one file: `source`. It should ++ * now be a regular file. `target` should not exist. */ ++ enumerator = g_file_enumerate_children (tmpdir, ++ G_FILE_ATTRIBUTE_STANDARD_NAME "," ++ G_FILE_ATTRIBUTE_STANDARD_TYPE, ++ G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS, NULL, &local_error); ++ g_assert_no_error (local_error); ++ ++ info = g_file_enumerator_next_file (enumerator, NULL, &local_error); ++ g_assert_no_error (local_error); ++ g_assert_nonnull (info); ++ ++ g_assert_cmpstr (g_file_info_get_name (info), ==, "source"); ++ g_assert_cmpint (g_file_info_get_file_type (info), ==, G_FILE_TYPE_REGULAR); ++ ++ g_clear_object (&info); ++ ++ info = g_file_enumerator_next_file (enumerator, NULL, &local_error); ++ g_assert_no_error (local_error); ++ g_assert_null (info); ++ ++ g_file_enumerator_close (enumerator, NULL, &local_error); ++ g_assert_no_error (local_error); ++ g_clear_object (&enumerator); ++ ++ /* Double-check that `target` doesn’t exist */ ++ g_assert_false (g_file_query_exists (target_file, NULL)); ++ ++ /* Check the content of `source`. */ ++ g_file_load_contents (source_file, ++ NULL, ++ &contents, ++ &length, ++ NULL, ++ &local_error); ++ g_assert_no_error (local_error); ++ g_assert_cmpstr (contents, ==, new_contents); ++ g_assert_cmpuint (length, ==, strlen (new_contents)); ++ g_free (contents); ++ ++ /* Tidy up. */ ++ g_file_delete (source_file, NULL, &local_error); ++ g_assert_no_error (local_error); ++ ++ g_file_delete (tmpdir, NULL, &local_error); ++ g_assert_no_error (local_error); ++ ++ g_clear_object (&target_file); ++ g_clear_object (&source_file); ++ g_clear_object (&tmpdir); ++#else /* if !G_OS_UNIX */ ++ g_test_skip ("Symlink replacement tests can only be run on Unix") ++#endif ++} ++ + static void + on_file_deleted (GObject *object, + GAsyncResult *result, +@@ -1754,6 +1861,7 @@ main (int argc, char *argv[]) + g_test_add_data_func ("/file/async-create-delete/4096", GINT_TO_POINTER (4096), test_create_delete); + g_test_add_func ("/file/replace-load", test_replace_load); + g_test_add_func ("/file/replace-cancel", test_replace_cancel); ++ g_test_add_func ("/file/replace-symlink", test_replace_symlink); + g_test_add_func ("/file/async-delete", test_async_delete); + #ifdef G_OS_UNIX + g_test_add_func ("/file/copy-preserve-mode", test_copy_preserve_mode); +-- +2.30.1 + -- cgit v1.2.3 From 453e101fc3f7dac9aabcd6122cf05fb7925103c7 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Fri, 12 Mar 2021 03:51:45 -0500 Subject: gnu: gdk-pixbuf: Fix CVE-2020-29385. * gnu/packages/patches/gdk-pixbuf-CVE-2020-29385.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/gtk.scm (gdk-pixbuf)[replacement]: New field. (gdk-pixbuf/fixed): New variable. (gdk-pixbuf+svg): Use package/inherit. --- gnu/local.mk | 1 + gnu/packages/gtk.scm | 14 +++++- .../patches/gdk-pixbuf-CVE-2020-29385.patch | 53 ++++++++++++++++++++++ 3 files changed, 66 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/gdk-pixbuf-CVE-2020-29385.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index ce30d1db1c..c0020fad41 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1056,6 +1056,7 @@ dist_patch_DATA = \ %D%/packages/patches/gdb-hurd.patch \ %D%/packages/patches/gd-fix-tests-on-i686.patch \ %D%/packages/patches/gd-brect-bounds.patch \ + %D%/packages/patches/gdk-pixbuf-CVE-2020-29385.patch \ %D%/packages/patches/gdm-default-session.patch \ %D%/packages/patches/geary-CVE-2020-24661.patch \ %D%/packages/patches/genimage-signedness.patch \ diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm index b9e81c9650..ee2c91264f 100644 --- a/gnu/packages/gtk.scm +++ b/gnu/packages/gtk.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013 Andreas Enge ;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès -;;; Copyright © 2014, 2015, 2017, 2018, 2019 Mark H Weaver +;;; Copyright © 2014, 2015, 2017, 2018, 2019, 2021 Mark H Weaver ;;; Copyright © 2014 Eric Bavier ;;; Copyright © 2015 Federico Beffa ;;; Copyright © 2015 Paul van der Walt @@ -557,6 +557,7 @@ highlighting and other features typical of a source code editor.") (package (name "gdk-pixbuf") (version "2.40.0") + (replacement gdk-pixbuf/fixed) (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -613,11 +614,20 @@ in the GNOME project.") (license license:lgpl2.0+) (home-page "https://developer.gnome.org/gdk-pixbuf/"))) +(define gdk-pixbuf/fixed + (package + (inherit gdk-pixbuf) + (source (origin + (inherit (package-source gdk-pixbuf)) + (patches + (append (search-patches "gdk-pixbuf-CVE-2020-29385.patch") + (origin-patches (package-source gdk-pixbuf)))))))) + ;; To build gdk-pixbuf with SVG support, we need librsvg, and librsvg depends ;; on gdk-pixbuf, so this new varibale. Also, librsvg adds 90MiB to the ;; closure size. (define-public gdk-pixbuf+svg - (package (inherit gdk-pixbuf) + (package/inherit gdk-pixbuf (name "gdk-pixbuf+svg") (inputs `(("librsvg" ,librsvg) diff --git a/gnu/packages/patches/gdk-pixbuf-CVE-2020-29385.patch b/gnu/packages/patches/gdk-pixbuf-CVE-2020-29385.patch new file mode 100644 index 0000000000..e6ac4de00b --- /dev/null +++ b/gnu/packages/patches/gdk-pixbuf-CVE-2020-29385.patch @@ -0,0 +1,53 @@ +Fix CVE-2020-29385. Note that we omit the binary test file +tests/test-images/fail/hang_114.gif from the following commit, to avoid +requiring 'git' to apply the patch. + + +From bdd3acbd48a575d418ba6bf1b32d7bda2fae1c81 Mon Sep 17 00:00:00 2001 +From: Robert Ancell +Date: Mon, 30 Nov 2020 12:26:12 +1300 +Subject: [PATCH] gif: Fix LZW decoder accepting invalid LZW code. + +The code value after a reset wasn't being validated, which means we would +accept invalid codes. This could cause an infinite loop in the decoder. + +Fixes CVE-2020-29385 + +Fixes https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/164 +--- + gdk-pixbuf/lzw.c | 13 +++++++------ + tests/test-images/fail/hang_114.gif | Bin 0 -> 5561 bytes + 2 files changed, 7 insertions(+), 6 deletions(-) + create mode 100644 tests/test-images/fail/hang_114.gif + +diff --git a/gdk-pixbuf/lzw.c b/gdk-pixbuf/lzw.c +index 9e052a6f7..105daf2b1 100644 +--- a/gdk-pixbuf/lzw.c ++++ b/gdk-pixbuf/lzw.c +@@ -195,19 +195,20 @@ lzw_decoder_feed (LZWDecoder *self, + if (self->last_code != self->clear_code && self->code_table_size < MAX_CODES) { + if (self->code < self->code_table_size) + add_code (self, self->code); +- else if (self->code == self->code_table_size) ++ else + add_code (self, self->last_code); +- else { +- /* Invalid code received - just stop here */ +- self->last_code = self->eoi_code; +- return output_length; +- } + + /* When table is full increase code size */ + if (self->code_table_size == (1 << self->code_size) && self->code_size < LZW_CODE_MAX) + self->code_size++; + } + ++ /* Invalid code received - just stop here */ ++ if (self->code >= self->code_table_size) { ++ self->last_code = self->eoi_code; ++ return output_length; ++ } ++ + /* Convert codeword into indexes */ + n_written += write_indexes (self, output + n_written, output_length - n_written); + } -- cgit v1.2.3 From bc16eacc99e801ac30cbe2aa649a2be3ca5c102a Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Fri, 12 Mar 2021 05:24:36 -0500 Subject: gnu: cairo: Fix CVE-2018-19876 and CVE-2020-35492. * gnu/packages/patches/cairo-CVE-2018-19876.patch, gnu/packages/patches/cairo-CVE-2020-35492.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/gtk.scm (cairo)[replacement]: New field. (cairo/fixed): New variable. (cairo-xcb): Use package/inherit. --- gnu/local.mk | 2 + gnu/packages/gtk.scm | 13 ++++++- gnu/packages/patches/cairo-CVE-2018-19876.patch | 37 +++++++++++++++++++ gnu/packages/patches/cairo-CVE-2020-35492.patch | 49 +++++++++++++++++++++++++ 4 files changed, 99 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/cairo-CVE-2018-19876.patch create mode 100644 gnu/packages/patches/cairo-CVE-2020-35492.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index c0020fad41..fd070d6791 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -871,6 +871,8 @@ dist_patch_DATA = \ %D%/packages/patches/blender-2.79-python-3.8-fix.patch \ %D%/packages/patches/bpftrace-disable-bfd-disasm.patch \ %D%/packages/patches/byobu-writable-status.patch \ + %D%/packages/patches/cairo-CVE-2018-19876.patch \ + %D%/packages/patches/cairo-CVE-2020-35492.patch \ %D%/packages/patches/calibre-no-updates-dialog.patch \ %D%/packages/patches/calibre-remove-test-sqlite.patch \ %D%/packages/patches/calibre-remove-test-unrar.patch \ diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm index ee2c91264f..9fc4967181 100644 --- a/gnu/packages/gtk.scm +++ b/gnu/packages/gtk.scm @@ -124,6 +124,7 @@ tools have full access to view and control running applications.") (package (name "cairo") (version "1.16.0") + (replacement cairo/fixed) (source (origin (method url-fetch) (uri (string-append "https://cairographics.org/releases/cairo-" @@ -174,6 +175,15 @@ affine transformation (scale, rotation, shear, etc.).") (license license:lgpl2.1) ; or Mozilla Public License 1.1 (home-page "https://cairographics.org/"))) +(define cairo/fixed + (package + (inherit cairo) + (source (origin + (inherit (package-source cairo)) + (patches (append (search-patches "cairo-CVE-2018-19876.patch" + "cairo-CVE-2020-35492.patch") + (origin-patches (package-source cairo)))))))) + (define-public cairo-sans-poppler ;; Variant used to break the dependency cycle between Poppler and Cairo. (package/inherit cairo @@ -181,8 +191,7 @@ affine transformation (scale, rotation, shear, etc.).") (properties `((hidden? . #t))))) (define-public cairo-xcb - (package - (inherit cairo) + (package/inherit cairo (name "cairo-xcb") (inputs `(("mesa" ,mesa) diff --git a/gnu/packages/patches/cairo-CVE-2018-19876.patch b/gnu/packages/patches/cairo-CVE-2018-19876.patch new file mode 100644 index 0000000000..c0fba2ecaa --- /dev/null +++ b/gnu/packages/patches/cairo-CVE-2018-19876.patch @@ -0,0 +1,37 @@ +Copied from Debian. + +From: Carlos Garcia Campos +Date: Mon, 19 Nov 2018 12:33:07 +0100 +Subject: ft: Use FT_Done_MM_Var instead of free when available in + cairo_ft_apply_variations + +Fixes a crash when using freetype >= 2.9 + +[This is considered to be security-sensitive because WebKitGTK+ sets its +own memory allocator, which is not compatible with system free(), making +this a remotely triggerable denial of service or memory corruption.] + +Origin: upstream, commit:90e85c2493fdfa3551f202ff10282463f1e36645 +Bug: https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5 +Bug-Debian: https://bugs.debian.org/916389 +Bug-CVE: CVE-2018-19876 +--- + src/cairo-ft-font.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c +index 325dd61..981973f 100644 +--- a/src/cairo-ft-font.c ++++ b/src/cairo-ft-font.c +@@ -2393,7 +2393,11 @@ skip: + done: + free (coords); + free (current_coords); ++#if HAVE_FT_DONE_MM_VAR ++ FT_Done_MM_Var (face->glyph->library, ft_mm_var); ++#else + free (ft_mm_var); ++#endif + } + } + diff --git a/gnu/packages/patches/cairo-CVE-2020-35492.patch b/gnu/packages/patches/cairo-CVE-2020-35492.patch new file mode 100644 index 0000000000..e8b90fa5c5 --- /dev/null +++ b/gnu/packages/patches/cairo-CVE-2020-35492.patch @@ -0,0 +1,49 @@ +Copied from Debian. + +From 03a820b173ed1fdef6ff14b4468f5dbc02ff59be Mon Sep 17 00:00:00 2001 +From: Heiko Lewin +Date: Tue, 15 Dec 2020 16:48:19 +0100 +Subject: [PATCH] Fix mask usage in image-compositor + +[trimmed test case, since not used in Debian build] + +--- + src/cairo-image-compositor.c | 8 ++-- + +--- cairo-1.16.0.orig/src/cairo-image-compositor.c ++++ cairo-1.16.0/src/cairo-image-compositor.c +@@ -2601,14 +2601,14 @@ _inplace_src_spans (void *abstract_rende + unsigned num_spans) + { + cairo_image_span_renderer_t *r = abstract_renderer; +- uint8_t *m; ++ uint8_t *m, *base = (uint8_t*)pixman_image_get_data(r->mask); + int x0; + + if (num_spans == 0) + return CAIRO_STATUS_SUCCESS; + + x0 = spans[0].x; +- m = r->_buf; ++ m = base; + do { + int len = spans[1].x - spans[0].x; + if (len >= r->u.composite.run_length && spans[0].coverage == 0xff) { +@@ -2646,7 +2646,7 @@ _inplace_src_spans (void *abstract_rende + spans[0].x, y, + spans[1].x - spans[0].x, h); + +- m = r->_buf; ++ m = base; + x0 = spans[1].x; + } else if (spans[0].coverage == 0x0) { + if (spans[0].x != x0) { +@@ -2675,7 +2675,7 @@ _inplace_src_spans (void *abstract_rende + #endif + } + +- m = r->_buf; ++ m = base; + x0 = spans[1].x; + } else { + *m++ = spans[0].coverage; -- cgit v1.2.3 From 825cc7e0d4bc7f052831f905a92945678441fb55 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Fri, 12 Mar 2021 05:36:54 -0500 Subject: gnu: gnome-shell: Fix CVE-2020-17489. * gnu/packages/patches/gnome-shell-CVE-2020-17489.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/gnome.scm (gnome-shell)[source]: Add patch. --- gnu/local.mk | 1 + gnu/packages/gnome.scm | 3 +- .../patches/gnome-shell-CVE-2020-17489.patch | 46 ++++++++++++++++++++++ 3 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/gnome-shell-CVE-2020-17489.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index fd070d6791..46f76c16cc 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1134,6 +1134,7 @@ dist_patch_DATA = \ %D%/packages/patches/gnash-fix-giflib-version.patch \ %D%/packages/patches/gnome-shell-theme.patch \ %D%/packages/patches/gnome-shell-disable-test.patch \ + %D%/packages/patches/gnome-shell-CVE-2020-17489.patch \ %D%/packages/patches/gnome-settings-daemon-gc.patch \ %D%/packages/patches/gnome-todo-delete-esource-duplicate.patch \ %D%/packages/patches/gnome-tweaks-search-paths.patch \ diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index f38401f726..d2881dbec6 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -8449,7 +8449,8 @@ properties, screen resolution, and other GNOME parameters.") (sha256 (base32 "0l3mdn7g2c22mdhrqkxvvc1pk2w0v32f2v4a6n1phvaalwcg75nj")) - (patches (search-patches "gnome-shell-theme.patch" + (patches (search-patches "gnome-shell-CVE-2020-17489.patch" + "gnome-shell-theme.patch" "gnome-shell-disable-test.patch")) (modules '((guix build utils))) (snippet diff --git a/gnu/packages/patches/gnome-shell-CVE-2020-17489.patch b/gnu/packages/patches/gnome-shell-CVE-2020-17489.patch new file mode 100644 index 0000000000..4b7748950e --- /dev/null +++ b/gnu/packages/patches/gnome-shell-CVE-2020-17489.patch @@ -0,0 +1,46 @@ +From 05b7aec747282f62212b605249d518280ff80059 Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Mon, 27 Jul 2020 10:58:22 -0400 +Subject: [PATCH] loginDialog: Reset auth prompt on vt switch before fade in + +At the moment, if a user switches to the login screen vt, +the login screen fades in whatever was on screen prior, and +then does a reset. + +It makes more sense to reset first, so we fade in what the +user is going to interact with instead of what they interacted +with before. + +Fixes: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997 +--- + js/gdm/loginDialog.js | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/js/gdm/loginDialog.js b/js/gdm/loginDialog.js +index c3f90dc58..6b35ebb16 100644 +--- a/js/gdm/loginDialog.js ++++ b/js/gdm/loginDialog.js +@@ -920,16 +920,15 @@ var LoginDialog = GObject.registerClass({ + if (this.opacity == 255 && this._authPrompt.verificationStatus == AuthPrompt.AuthPromptStatus.NOT_VERIFYING) + return; + ++ if (this._authPrompt.verificationStatus !== AuthPrompt.AuthPromptStatus.NOT_VERIFYING) ++ this._authPrompt.reset(); ++ + this._bindOpacity(); + this.ease({ + opacity: 255, + duration: _FADE_ANIMATION_TIME, + mode: Clutter.AnimationMode.EASE_OUT_QUAD, +- onComplete: () => { +- if (this._authPrompt.verificationStatus != AuthPrompt.AuthPromptStatus.NOT_VERIFYING) +- this._authPrompt.reset(); +- this._unbindOpacity(); +- } ++ onComplete: () => this._unbindOpacity(), + }); + } + +-- +2.30.1 + -- cgit v1.2.3 From 748e2ec07a4f484dd4416b4cac5c28b1b13c47ee Mon Sep 17 00:00:00 2001 From: Greg Hogan Date: Tue, 19 Jan 2021 12:51:36 +0000 Subject: gnu: Add aws-c-cal. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/c.scm (aws-c-cal): New variable. * gnu/packages/patches/aws-c-cal-cmake-prefix.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 1 + gnu/packages/c.scm | 30 +++++++++++++++++++++++ gnu/packages/patches/aws-c-cal-cmake-prefix.patch | 13 ++++++++++ 3 files changed, 44 insertions(+) create mode 100644 gnu/packages/patches/aws-c-cal-cmake-prefix.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 46f76c16cc..44c665d5b0 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -830,6 +830,7 @@ dist_patch_DATA = \ %D%/packages/patches/avahi-localstatedir.patch \ %D%/packages/patches/avidemux-install-to-lib.patch \ %D%/packages/patches/awesome-reproducible-png.patch \ + %D%/packages/patches/aws-c-cal-cmake-prefix.patch \ %D%/packages/patches/aws-c-event-stream-cmake-prefix.patch \ %D%/packages/patches/aws-checksums-cmake-prefix.patch \ %D%/packages/patches/azr3.patch \ diff --git a/gnu/packages/c.scm b/gnu/packages/c.scm index 1e338bd7bd..c83e6f36e3 100644 --- a/gnu/packages/c.scm +++ b/gnu/packages/c.scm @@ -52,6 +52,7 @@ #:use-module (gnu packages autotools) #:use-module (gnu packages gettext) #:use-module (gnu packages pkg-config) + #:use-module (gnu packages tls) #:use-module (gnu packages xml)) (define-public tcc @@ -619,3 +620,32 @@ event stream encoding, a binary format for bidirectional client-server communication.") (home-page "https://github.com/awslabs/aws-c-event-stream") (license license:asl2.0))) + +(define-public aws-c-cal + (package + (name "aws-c-cal") + (version "0.4.5") + (source (origin + (method git-fetch) + (uri (git-reference + (url (string-append "https://github.com/awslabs/" name)) + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "04acra1mnzw9q7jycs5966akfbgnx96hkrq90nq0dhw8pvarlyv6")) + (patches (search-patches "aws-c-cal-cmake-prefix.patch")))) + (build-system cmake-build-system) + (arguments + '(#:configure-flags + '("-DBUILD_SHARED_LIBS=ON"))) + (propagated-inputs + `(("aws-c-common" ,aws-c-common))) + (inputs + `(("openssl" ,openssl) + ("openssl:static" ,openssl "static"))) + (synopsis "Amazon Web Services Crypto Abstraction Layer") + (description "This library provides a C99 wrapper for hash, HMAC, and ECC +cryptographic primitives for the @acronym{AWS,Amazon Web Services} SDK.") + (home-page "https://github.com/awslabs/aws-c-cal") + (license license:asl2.0))) diff --git a/gnu/packages/patches/aws-c-cal-cmake-prefix.patch b/gnu/packages/patches/aws-c-cal-cmake-prefix.patch new file mode 100644 index 0000000000..1ee7aa851d --- /dev/null +++ b/gnu/packages/patches/aws-c-cal-cmake-prefix.patch @@ -0,0 +1,13 @@ +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -10,6 +10,10 @@ endif() + + option(BYO_CRYPTO "Set this if you want to provide your own cryptography implementation. This will cause the defaults to not be compiled." OFF) + ++if (DEFINED ENV{CMAKE_PREFIX_PATH}) ++ set(CMAKE_PREFIX_PATH $ENV{CMAKE_PREFIX_PATH}) ++endif() ++ + if (DEFINED CMAKE_PREFIX_PATH) + file(TO_CMAKE_PATH "${CMAKE_PREFIX_PATH}" CMAKE_PREFIX_PATH) + endif() -- cgit v1.2.3 From 8ea7b6f91e42133181dc7d48df3f92bfa4bb67c3 Mon Sep 17 00:00:00 2001 From: Greg Hogan Date: Tue, 19 Jan 2021 12:53:18 +0000 Subject: gnu: Add aws-c-io. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/c.scm (aws-c-io): New variable. * gnu/packages/patches/aws-c-io-cmake-prefix.patch, gnu/packages/patches/aws-c-io-disable-networking-tests.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 2 + gnu/packages/c.scm | 31 +++++++++ gnu/packages/patches/aws-c-io-cmake-prefix.patch | 13 ++++ .../aws-c-io-disable-networking-tests.patch | 81 ++++++++++++++++++++++ 4 files changed, 127 insertions(+) create mode 100644 gnu/packages/patches/aws-c-io-cmake-prefix.patch create mode 100644 gnu/packages/patches/aws-c-io-disable-networking-tests.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 44c665d5b0..e2bebb90d2 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -832,6 +832,8 @@ dist_patch_DATA = \ %D%/packages/patches/awesome-reproducible-png.patch \ %D%/packages/patches/aws-c-cal-cmake-prefix.patch \ %D%/packages/patches/aws-c-event-stream-cmake-prefix.patch \ + %D%/packages/patches/aws-c-io-cmake-prefix.patch \ + %D%/packages/patches/aws-c-io-disable-networking-tests.patch \ %D%/packages/patches/aws-checksums-cmake-prefix.patch \ %D%/packages/patches/azr3.patch \ %D%/packages/patches/bash-reproducible-linux-pgrp-pipe.patch \ diff --git a/gnu/packages/c.scm b/gnu/packages/c.scm index c83e6f36e3..74c4b673a7 100644 --- a/gnu/packages/c.scm +++ b/gnu/packages/c.scm @@ -621,6 +621,37 @@ communication.") (home-page "https://github.com/awslabs/aws-c-event-stream") (license license:asl2.0))) +(define-public aws-c-io + (package + (name "aws-c-io") + (version "0.9.2") + (source (origin + (method git-fetch) + (uri (git-reference + (url (string-append "https://github.com/awslabs/" name)) + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "1vwyf1pm0hhcypyjc9xh9x7y50ic79xlbck1yf9d9wz0bnh43p7v")) + (patches + (search-patches + "aws-c-io-cmake-prefix.patch" + "aws-c-io-disable-networking-tests.patch")))) + (build-system cmake-build-system) + (arguments + '(#:configure-flags + '("-DBUILD_SHARED_LIBS=ON"))) + (propagated-inputs + `(("aws-c-cal" ,aws-c-cal) + ("aws-c-common" ,aws-c-common) + ("s2n" ,s2n))) + (synopsis "Event driven framework for implementing application protocols") + (description "This library provides a C99 framework for constructing +event-driven, asynchronous network application protocols.") + (home-page "https://github.com/awslabs/aws-c-io") + (license license:asl2.0))) + (define-public aws-c-cal (package (name "aws-c-cal") diff --git a/gnu/packages/patches/aws-c-io-cmake-prefix.patch b/gnu/packages/patches/aws-c-io-cmake-prefix.patch new file mode 100644 index 0000000000..da3e4eb4a5 --- /dev/null +++ b/gnu/packages/patches/aws-c-io-cmake-prefix.patch @@ -0,0 +1,13 @@ +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -6,6 +6,10 @@ if (POLICY CMP0069) + cmake_policy(SET CMP0069 NEW) # Enable LTO/IPO if available in the compiler, see AwsCFlags + endif() + ++if (DEFINED ENV{CMAKE_PREFIX_PATH}) ++ set(CMAKE_PREFIX_PATH $ENV{CMAKE_PREFIX_PATH}) ++endif() ++ + if (DEFINED CMAKE_PREFIX_PATH) + file(TO_CMAKE_PATH "${CMAKE_PREFIX_PATH}" CMAKE_PREFIX_PATH) + endif() diff --git a/gnu/packages/patches/aws-c-io-disable-networking-tests.patch b/gnu/packages/patches/aws-c-io-disable-networking-tests.patch new file mode 100644 index 0000000000..09fe11310c --- /dev/null +++ b/gnu/packages/patches/aws-c-io-disable-networking-tests.patch @@ -0,0 +1,81 @@ +--- a/tests/CMakeLists.txt ++++ b/tests/CMakeLists.txt +@@ -52,8 +52,8 @@ add_test_case(local_socket_communication) + add_net_test_case(tcp_socket_communication) + add_net_test_case(udp_socket_communication) + add_test_case(udp_bind_connect_communication) +-add_net_test_case(connect_timeout) +-add_net_test_case(connect_timeout_cancelation) ++#add_net_test_case(connect_timeout) ++#add_net_test_case(connect_timeout_cancelation) + if (USE_VSOCK) + add_test_case(vsock_loopback_socket_communication) + endif () +@@ -64,7 +64,7 @@ add_test_case(incoming_tcp_sock_errors) + add_test_case(incoming_duplicate_tcp_bind_errors) + add_test_case(incoming_udp_sock_errors) + add_test_case(wrong_thread_read_write_fails) +-add_net_test_case(cleanup_before_connect_or_timeout_doesnt_explode) ++#add_net_test_case(cleanup_before_connect_or_timeout_doesnt_explode) + add_test_case(cleanup_in_accept_doesnt_explode) + add_test_case(cleanup_in_write_cb_doesnt_explode) + add_test_case(sock_write_cb_is_async) +@@ -81,21 +81,21 @@ add_test_case(channel_tasks_run) + add_test_case(channel_rejects_post_shutdown_tasks) + add_test_case(channel_cancels_pending_tasks) + add_test_case(channel_duplicate_shutdown) +-add_net_test_case(channel_connect_some_hosts_timeout) ++#add_net_test_case(channel_connect_some_hosts_timeout) + +-add_net_test_case(test_default_with_ipv6_lookup) ++#add_net_test_case(test_default_with_ipv6_lookup) + add_test_case(test_resolver_ipv6_address_lookup) +-add_net_test_case(test_default_with_multiple_lookups) ++#add_net_test_case(test_default_with_multiple_lookups) + add_test_case(test_resolver_ipv4_address_lookup) +-add_net_test_case(test_default_with_ipv4_only_lookup) ++#add_net_test_case(test_default_with_ipv4_only_lookup) + add_test_case(test_resolver_ttls) + add_test_case(test_resolver_connect_failure_recording) + add_test_case(test_resolver_ttl_refreshes_on_resolve) + + add_net_test_case(test_resolver_listener_create_destroy) +-add_net_test_case(test_resolver_add_listener_before_host) +-add_net_test_case(test_resolver_add_listener_after_host) +-add_net_test_case(test_resolver_add_multiple_listeners_fn) ++#add_net_test_case(test_resolver_add_listener_before_host) ++#add_net_test_case(test_resolver_add_listener_after_host) ++#add_net_test_case(test_resolver_add_multiple_listeners_fn) + add_net_test_case(test_resolver_listener_host_re_add_fn) + add_net_test_case(test_resolver_listener_multiple_results) + add_net_test_case(test_resolver_listener_address_expired_fn) +@@ -119,20 +119,20 @@ add_test_case(socket_handler_close) + if (NOT BYO_CRYPTO) + add_net_test_case(test_concurrent_cert_import) + add_test_case(tls_channel_echo_and_backpressure_test) +- add_net_test_case(tls_client_channel_negotiation_error_expired) +- add_net_test_case(tls_client_channel_negotiation_error_wrong_host) +- add_net_test_case(tls_client_channel_negotiation_error_self_signed) +- add_net_test_case(tls_client_channel_negotiation_error_untrusted_root) ++ #add_net_test_case(tls_client_channel_negotiation_error_expired) ++ #add_net_test_case(tls_client_channel_negotiation_error_wrong_host) ++ #add_net_test_case(tls_client_channel_negotiation_error_self_signed) ++ #add_net_test_case(tls_client_channel_negotiation_error_untrusted_root) + #track these down in s2n and find out why that aren't failing. + #add_net_test_case(tls_client_channel_negotiation_error_revoked) + #add_net_test_case(tls_client_channel_negotiation_error_pinning) +- add_net_test_case(tls_client_channel_negotiation_error_socket_closed) +- add_net_test_case(tls_client_channel_negotiation_success) +- add_net_test_case(tls_client_channel_negotiation_success_ecc256) +- add_net_test_case(tls_client_channel_negotiation_success_ecc384) ++ #add_net_test_case(tls_client_channel_negotiation_error_socket_closed) ++ #add_net_test_case(tls_client_channel_negotiation_success) ++ #add_net_test_case(tls_client_channel_negotiation_success_ecc256) ++ #add_net_test_case(tls_client_channel_negotiation_success_ecc384) + add_net_test_case(tls_server_multiple_connections) + add_net_test_case(tls_server_hangup_during_negotiation) +- add_net_test_case(tls_client_channel_no_verify) ++ #add_net_test_case(tls_client_channel_no_verify) + add_net_test_case(test_tls_negotiation_timeout) + add_net_test_case(tls_double_channel) + add_net_test_case(alpn_successfully_negotiates) -- cgit v1.2.3 From 74e2c0e00f58c8bf948f7dc7c5ae2876af910d5a Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Sat, 13 Mar 2021 03:41:14 -0500 Subject: gnu: gnutls: Fix CVE-2021-20231 and CVE-2021-20232. * gnu/packages/patches/gnutls-CVE-2021-20231.patch, gnu/packages/patches/gnutls-CVE-2021-20232.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/tls.scm (gnutls)[replacement]: New field. (gnutls/fixed): New variable. (guile2.2-gnutls): Use package/inherit. --- gnu/local.mk | 2 + gnu/packages/patches/gnutls-CVE-2021-20231.patch | 62 ++++++++++++++++++++++++ gnu/packages/patches/gnutls-CVE-2021-20232.patch | 60 +++++++++++++++++++++++ gnu/packages/tls.scm | 15 ++++-- 4 files changed, 136 insertions(+), 3 deletions(-) create mode 100644 gnu/packages/patches/gnutls-CVE-2021-20231.patch create mode 100644 gnu/packages/patches/gnutls-CVE-2021-20232.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index e2bebb90d2..551503e053 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1144,6 +1144,8 @@ dist_patch_DATA = \ %D%/packages/patches/gnupg-default-pinentry.patch \ %D%/packages/patches/gnutls-skip-trust-store-test.patch \ %D%/packages/patches/gnutls-cross.patch \ + %D%/packages/patches/gnutls-CVE-2021-20231.patch \ + %D%/packages/patches/gnutls-CVE-2021-20232.patch \ %D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \ %D%/packages/patches/gobject-introspection-cc.patch \ %D%/packages/patches/gobject-introspection-girepository.patch \ diff --git a/gnu/packages/patches/gnutls-CVE-2021-20231.patch b/gnu/packages/patches/gnutls-CVE-2021-20231.patch new file mode 100644 index 0000000000..5186522eee --- /dev/null +++ b/gnu/packages/patches/gnutls-CVE-2021-20231.patch @@ -0,0 +1,62 @@ +From 15beb4b193b2714d88107e7dffca781798684e7e Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Fri, 29 Jan 2021 14:06:05 +0100 +Subject: [PATCH 1/2] key_share: avoid use-after-free around realloc + +Signed-off-by: Daiki Ueno +--- + lib/ext/key_share.c | 12 +++++------- + 1 file changed, 5 insertions(+), 7 deletions(-) + +diff --git a/lib/ext/key_share.c b/lib/ext/key_share.c +index ab8abf8fe..a8c4bb5cf 100644 +--- a/lib/ext/key_share.c ++++ b/lib/ext/key_share.c +@@ -664,14 +664,14 @@ key_share_send_params(gnutls_session_t session, + { + unsigned i; + int ret; +- unsigned char *lengthp; +- unsigned int cur_length; + unsigned int generated = 0; + const gnutls_group_entry_st *group; + const version_entry_st *ver; + + /* this extension is only being sent on client side */ + if (session->security_parameters.entity == GNUTLS_CLIENT) { ++ unsigned int length_pos; ++ + ver = _gnutls_version_max(session); + if (unlikely(ver == NULL || ver->key_shares == 0)) + return 0; +@@ -679,16 +679,13 @@ key_share_send_params(gnutls_session_t session, + if (!have_creds_for_tls13(session)) + return 0; + +- /* write the total length later */ +- lengthp = &extdata->data[extdata->length]; ++ length_pos = extdata->length; + + ret = + _gnutls_buffer_append_prefix(extdata, 16, 0); + if (ret < 0) + return gnutls_assert_val(ret); + +- cur_length = extdata->length; +- + if (session->internals.hsk_flags & HSK_HRR_RECEIVED) { /* we know the group */ + group = get_group(session); + if (unlikely(group == NULL)) +@@ -736,7 +733,8 @@ key_share_send_params(gnutls_session_t session, + } + + /* copy actual length */ +- _gnutls_write_uint16(extdata->length - cur_length, lengthp); ++ _gnutls_write_uint16(extdata->length - length_pos - 2, ++ &extdata->data[length_pos]); + + } else { /* server */ + ver = get_version(session); +-- +2.30.2 + diff --git a/gnu/packages/patches/gnutls-CVE-2021-20232.patch b/gnu/packages/patches/gnutls-CVE-2021-20232.patch new file mode 100644 index 0000000000..dc3a0be690 --- /dev/null +++ b/gnu/packages/patches/gnutls-CVE-2021-20232.patch @@ -0,0 +1,60 @@ +From 75a937d97f4fefc6f9b08e3791f151445f551cb3 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Fri, 29 Jan 2021 14:06:23 +0100 +Subject: [PATCH 2/2] pre_shared_key: avoid use-after-free around realloc + +Signed-off-by: Daiki Ueno +--- + lib/ext/pre_shared_key.c | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c +index a042c6488..380bf39ed 100644 +--- a/lib/ext/pre_shared_key.c ++++ b/lib/ext/pre_shared_key.c +@@ -267,7 +267,7 @@ client_send_params(gnutls_session_t session, + size_t spos; + gnutls_datum_t username = {NULL, 0}; + gnutls_datum_t user_key = {NULL, 0}, rkey = {NULL, 0}; +- gnutls_datum_t client_hello; ++ unsigned client_hello_len; + unsigned next_idx; + const mac_entry_st *prf_res = NULL; + const mac_entry_st *prf_psk = NULL; +@@ -428,8 +428,7 @@ client_send_params(gnutls_session_t session, + assert(extdata->length >= sizeof(mbuffer_st)); + assert(ext_offset >= (ssize_t)sizeof(mbuffer_st)); + ext_offset -= sizeof(mbuffer_st); +- client_hello.data = extdata->data+sizeof(mbuffer_st); +- client_hello.size = extdata->length-sizeof(mbuffer_st); ++ client_hello_len = extdata->length-sizeof(mbuffer_st); + + next_idx = 0; + +@@ -440,6 +439,11 @@ client_send_params(gnutls_session_t session, + } + + if (prf_res && rkey.size > 0) { ++ gnutls_datum_t client_hello; ++ ++ client_hello.data = extdata->data+sizeof(mbuffer_st); ++ client_hello.size = client_hello_len; ++ + ret = compute_psk_binder(session, prf_res, + binders_len, binders_pos, + ext_offset, &rkey, &client_hello, 1, +@@ -474,6 +478,11 @@ client_send_params(gnutls_session_t session, + } + + if (prf_psk && user_key.size > 0 && info) { ++ gnutls_datum_t client_hello; ++ ++ client_hello.data = extdata->data+sizeof(mbuffer_st); ++ client_hello.size = client_hello_len; ++ + ret = compute_psk_binder(session, prf_psk, + binders_len, binders_pos, + ext_offset, &user_key, &client_hello, 0, +-- +2.30.2 + diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index e0741ad310..e8e1350e29 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2019, 2020 Ludovic Courtès -;;; Copyright © 2014, 2015, 2016, 2017, 2018 Mark H Weaver +;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2021 Mark H Weaver ;;; Copyright © 2014 Ian Denhardt ;;; Copyright © 2013, 2015 Andreas Enge ;;; Copyright © 2015 David Thompson @@ -165,6 +165,7 @@ living in the same process.") (package (name "gnutls") (version "3.6.15") + (replacement gnutls/fixed) (source (origin (method url-fetch) ;; Note: Releases are no longer on ftp.gnu.org since the @@ -256,6 +257,15 @@ required structures.") (properties '((ftp-server . "ftp.gnutls.org") (ftp-directory . "/gcrypt/gnutls"))))) +(define gnutls/fixed + (package + (inherit gnutls) + (source (origin + (inherit (package-source gnutls)) + (patches (append (search-patches "gnutls-CVE-2021-20231.patch" + "gnutls-CVE-2021-20232.patch") + (origin-patches (package-source gnutls)))))))) + (define-public gnutls/guile-2.0 ;; GnuTLS for Guile 2.0. (package/inherit gnutls @@ -274,8 +284,7 @@ required structures.") ,@(package-inputs gnutls))))) (define-public guile2.2-gnutls - (package - (inherit gnutls) + (package/inherit gnutls (name "guile2.2-gnutls") (inputs `(("guile" ,guile-2.2) ,@(alist-delete "guile" -- cgit v1.2.3 From 31d289a4759909d24dd309ac24d42902a8c20da0 Mon Sep 17 00:00:00 2001 From: Léo Le Bouter Date: Wed, 10 Mar 2021 08:29:53 +0100 Subject: gnu: unzip: Add patches from Fedora [security fixes]. Non-exhaustively fixes CVE-2016-9844, CVE-2018-1000035, CVE-2018-18384, and CVE-2019-13232. * gnu/packages/patches/unzip-COVSCAN-fix-unterminated-string.patch, gnu/packages/patches/unzip-CVE-2016-9844.patch, gnu/packages/patches/unzip-CVE-2018-1000035.patch, gnu/packages/patches/unzip-CVE-2018-18384.patch, gnu/packages/patches/unzip-case-insensitive.patch, gnu/packages/patches/unzip-alt-iconv-utf8-print.patch, gnu/packages/patches/unzip-alt-iconv-utf8.patch, gnu/packages/patches/unzip-close.patch, gnu/packages/patches/unzip-exec-shield.patch, gnu/packages/patches/unzip-fix-recmatch.patch, gnu/packages/patches/unzip-manpage-fix.patch, gnu/packages/patches/unzip-overflow.patch, gnu/packages/patches/unzip-symlink.patch, gnu/packages/patches/unzip-timestamp.patch, gnu/packages/patches/unzip-valgrind.patch, gnu/packages/patches/unzip-x-option.patch, gnu/packages/patches/unzip-zipbomb-manpage.patch, gnu/packages/patches/unzip-zipbomb-part1.patch, gnu/packages/patches/unzip-zipbomb-part2.patch, gnu/packages/patches/unzip-zipbomb-part3.patch: New patches. * gnu/local.mk (dist_patch_DATA): Register them. * gnu/packages/compression.scm (unzip/fixed): New variable. Apply patches. (unzip)[replacement]: Graft. --- gnu/local.mk | 20 + gnu/packages/compression.scm | 49 +++ .../unzip-COVSCAN-fix-unterminated-string.patch | 131 ++++++ gnu/packages/patches/unzip-CVE-2016-9844.patch | 39 ++ gnu/packages/patches/unzip-CVE-2018-1000035.patch | 34 ++ gnu/packages/patches/unzip-CVE-2018-18384.patch | 35 ++ .../patches/unzip-alt-iconv-utf8-print.patch | 381 ++++++++++++++++ gnu/packages/patches/unzip-alt-iconv-utf8.patch | 398 +++++++++++++++++ gnu/packages/patches/unzip-caseinsensitive.patch | 131 ++++++ gnu/packages/patches/unzip-close.patch | 176 ++++++++ gnu/packages/patches/unzip-exec-shield.patch | 10 + gnu/packages/patches/unzip-fix-recmatch.patch | 477 +++++++++++++++++++++ gnu/packages/patches/unzip-manpage-fix.patch | 11 + gnu/packages/patches/unzip-overflow.patch | 25 ++ gnu/packages/patches/unzip-symlink.patch | 17 + gnu/packages/patches/unzip-timestamp.patch | 41 ++ gnu/packages/patches/unzip-valgrind.patch | 26 ++ gnu/packages/patches/unzip-x-option.patch | 28 ++ gnu/packages/patches/unzip-zipbomb-manpage.patch | 25 ++ gnu/packages/patches/unzip-zipbomb-part1.patch | 25 ++ gnu/packages/patches/unzip-zipbomb-part2.patch | 349 +++++++++++++++ gnu/packages/patches/unzip-zipbomb-part3.patch | 112 +++++ 22 files changed, 2540 insertions(+) create mode 100644 gnu/packages/patches/unzip-COVSCAN-fix-unterminated-string.patch create mode 100644 gnu/packages/patches/unzip-CVE-2016-9844.patch create mode 100644 gnu/packages/patches/unzip-CVE-2018-1000035.patch create mode 100644 gnu/packages/patches/unzip-CVE-2018-18384.patch create mode 100644 gnu/packages/patches/unzip-alt-iconv-utf8-print.patch create mode 100644 gnu/packages/patches/unzip-alt-iconv-utf8.patch create mode 100644 gnu/packages/patches/unzip-caseinsensitive.patch create mode 100644 gnu/packages/patches/unzip-close.patch create mode 100644 gnu/packages/patches/unzip-exec-shield.patch create mode 100644 gnu/packages/patches/unzip-fix-recmatch.patch create mode 100644 gnu/packages/patches/unzip-manpage-fix.patch create mode 100644 gnu/packages/patches/unzip-overflow.patch create mode 100644 gnu/packages/patches/unzip-symlink.patch create mode 100644 gnu/packages/patches/unzip-timestamp.patch create mode 100644 gnu/packages/patches/unzip-valgrind.patch create mode 100644 gnu/packages/patches/unzip-x-option.patch create mode 100644 gnu/packages/patches/unzip-zipbomb-manpage.patch create mode 100644 gnu/packages/patches/unzip-zipbomb-part1.patch create mode 100644 gnu/packages/patches/unzip-zipbomb-part2.patch create mode 100644 gnu/packages/patches/unzip-zipbomb-part3.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 551503e053..6500f5bda2 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1740,6 +1740,26 @@ dist_patch_DATA = \ %D%/packages/patches/unzip-initialize-symlink-flag.patch \ %D%/packages/patches/unzip-overflow-long-fsize.patch \ %D%/packages/patches/unzip-remove-build-date.patch \ + %D%/packages/patches/unzip-case-insensitive.patch \ + %D%/packages/patches/unzip-COVSCAN-fix-unterminated-string.patch \ + %D%/packages/patches/unzip-CVE-2016-9844.patch \ + %D%/packages/patches/unzip-CVE-2018-1000035.patch \ + %D%/packages/patches/unzip-CVE-2018-18384.patch \ + %D%/packages/patches/unzip-alt-iconv-utf8-print.patch \ + %D%/packages/patches/unzip-alt-iconv-utf8.patch \ + %D%/packages/patches/unzip-close.patch \ + %D%/packages/patches/unzip-exec-shield.patch \ + %D%/packages/patches/unzip-fix-recmatch.patch \ + %D%/packages/patches/unzip-manpage-fix.patch \ + %D%/packages/patches/unzip-overflow.patch \ + %D%/packages/patches/unzip-symlink.patch \ + %D%/packages/patches/unzip-timestamp.patch \ + %D%/packages/patches/unzip-valgrind.patch \ + %D%/packages/patches/unzip-x-option.patch \ + %D%/packages/patches/unzip-zipbomb-manpage.patch \ + %D%/packages/patches/unzip-zipbomb-part1.patch \ + %D%/packages/patches/unzip-zipbomb-part2.patch \ + %D%/packages/patches/unzip-zipbomb-part3.patch \ %D%/packages/patches/ustr-fix-build-with-gcc-5.patch \ %D%/packages/patches/util-linux-tests.patch \ %D%/packages/patches/upower-builddir.patch \ diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index 99569f68c9..7a4f70f2b4 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -1594,6 +1594,7 @@ Compression ratios of 2:1 to 3:1 are common for text files.") "unzip-overflow-on-invalid-input.patch" "unzip-format-secure.patch" "unzip-overflow-long-fsize.patch")))) + (replacement unzip/fixed) (build-system gnu-build-system) ;; no inputs; bzip2 is not supported, since not compiled with BZ_NO_STDIO (arguments @@ -1629,6 +1630,54 @@ recreates the stored directory structure by default.") (license (license:non-copyleft "file://LICENSE" "See LICENSE in the distribution.")))) +(define-public unzip/fixed + (package + (inherit unzip) + (version "6.0") + (source + (origin + (method url-fetch) + (uri (string-append "mirror://sourceforge/infozip" + "/UnZip%206.x%20%28latest%29/UnZip%206.0/unzip60.tar.gz")) + (sha256 + (base32 + "0dxx11knh3nk95p2gg2ak777dd11pr7jx5das2g49l262scrcv83")) + (patches (search-patches "unzip-CVE-2014-8139.patch" + "unzip-CVE-2014-8140.patch" + "unzip-CVE-2014-8141.patch" + "unzip-CVE-2014-9636.patch" + "unzip-CVE-2015-7696.patch" + "unzip-CVE-2015-7697.patch" + "unzip-allow-greater-hostver-values.patch" + "unzip-initialize-symlink-flag.patch" + "unzip-remove-build-date.patch" + "unzip-attribs-overflow.patch" + "unzip-overflow-on-invalid-input.patch" + "unzip-format-secure.patch" + "unzip-overflow-long-fsize.patch" + + ;; From Fedora + "unzip-alt-iconv-utf8.patch" + "unzip-alt-iconv-utf8-print.patch" + "unzip-fix-recmatch.patch" + "unzip-caseinsensitive.patch" + "unzip-close.patch" + "unzip-COVSCAN-fix-unterminated-string.patch" + "unzip-CVE-2016-9844.patch" + "unzip-CVE-2018-1000035.patch" + "unzip-CVE-2018-18384.patch" + "unzip-exec-shield.patch" + "unzip-manpage-fix.patch" + "unzip-overflow.patch" + "unzip-timestamp.patch" + "unzip-valgrind.patch" + "unzip-x-option.patch" + ;; CVE-2019-13232 + "unzip-zipbomb-manpage.patch" + "unzip-zipbomb-part1.patch" + "unzip-zipbomb-part2.patch" + "unzip-zipbomb-part3.patch")))))) + (define-public ziptime (let ((commit "2a5bc9dfbf7c6a80e5f7cb4dd05b4036741478bc") (revision "0")) diff --git a/gnu/packages/patches/unzip-COVSCAN-fix-unterminated-string.patch b/gnu/packages/patches/unzip-COVSCAN-fix-unterminated-string.patch new file mode 100644 index 0000000000..717377119b --- /dev/null +++ b/gnu/packages/patches/unzip-COVSCAN-fix-unterminated-string.patch @@ -0,0 +1,131 @@ +From 06d1b08aef94984256cad3c5a54cedb10295681f Mon Sep 17 00:00:00 2001 +From: Jakub Martisko +Date: Thu, 8 Nov 2018 09:31:18 +0100 +Subject: [PATCH] Possible unterminated string fix + +--- + unix/unix.c | 4 +++- + unix/unxcfg.h | 2 +- + unzip.c | 12 ++++++++---- + zipinfo.c | 12 ++++++++---- + 4 files changed, 20 insertions(+), 10 deletions(-) + +diff --git a/unix/unix.c b/unix/unix.c +index 59b622d..cd57f80 100644 +--- a/unix/unix.c ++++ b/unix/unix.c +@@ -1945,7 +1945,9 @@ void init_conversion_charsets() + for(i = 0; i < sizeof(dos_charset_map)/sizeof(CHARSET_MAP); i++) + if(!strcasecmp(local_charset, dos_charset_map[i].local_charset)) { + strncpy(OEM_CP, dos_charset_map[i].archive_charset, +- sizeof(OEM_CP)); ++ MAX_CP_NAME - 1); ++ ++ OEM_CP[MAX_CP_NAME - 1] = '\0'; + break; + } + } +diff --git a/unix/unxcfg.h b/unix/unxcfg.h +index 8729de2..9ee8cfe 100644 +--- a/unix/unxcfg.h ++++ b/unix/unxcfg.h +@@ -228,7 +228,7 @@ typedef struct stat z_stat; + /* and notfirstcall are used by do_wild(). */ + + +-#define MAX_CP_NAME 25 ++#define MAX_CP_NAME 25 + 1 + + #ifdef SETLOCALE + # undef SETLOCALE +diff --git a/unzip.c b/unzip.c +index 2d94a38..a485f2b 100644 +--- a/unzip.c ++++ b/unzip.c +@@ -1561,7 +1561,8 @@ int uz_opts(__G__ pargc, pargv) + "error: a valid character encoding should follow the -I argument")); + return(PK_PARAM); + } +- strncpy(ISO_CP, s, sizeof(ISO_CP)); ++ strncpy(ISO_CP, s, MAX_CP_NAME - 1); ++ ISO_CP[MAX_CP_NAME - 1] = '\0'; + } else { /* -I charset */ + ++argv; + if(!(--argc > 0 && *argv != NULL && **argv != '-')) { +@@ -1570,7 +1571,8 @@ int uz_opts(__G__ pargc, pargv) + return(PK_PARAM); + } + s = *argv; +- strncpy(ISO_CP, s, sizeof(ISO_CP)); ++ strncpy(ISO_CP, s, MAX_CP_NAME - 1); ++ ISO_CP[MAX_CP_NAME - 1] = '\0'; + } + while(*(++s)); /* No params straight after charset name */ + } +@@ -1665,7 +1667,8 @@ int uz_opts(__G__ pargc, pargv) + "error: a valid character encoding should follow the -I argument")); + return(PK_PARAM); + } +- strncpy(OEM_CP, s, sizeof(OEM_CP)); ++ strncpy(OEM_CP, s, MAX_CP_NAME - 1); ++ OEM_CP[MAX_CP_NAME - 1] = '\0'; + } else { /* -O charset */ + ++argv; + if(!(--argc > 0 && *argv != NULL && **argv != '-')) { +@@ -1674,7 +1677,8 @@ int uz_opts(__G__ pargc, pargv) + return(PK_PARAM); + } + s = *argv; +- strncpy(OEM_CP, s, sizeof(OEM_CP)); ++ strncpy(OEM_CP, s, MAX_CP_NAME - 1); ++ OEM_CP[MAX_CP_NAME - 1] = '\0'; + } + while(*(++s)); /* No params straight after charset name */ + } +diff --git a/zipinfo.c b/zipinfo.c +index accca2a..cb7e08d 100644 +--- a/zipinfo.c ++++ b/zipinfo.c +@@ -519,7 +519,8 @@ int zi_opts(__G__ pargc, pargv) + "error: a valid character encoding should follow the -I argument")); + return(PK_PARAM); + } +- strncpy(ISO_CP, s, sizeof(ISO_CP)); ++ strncpy(ISO_CP, s, MAX_CP_NAME - 1); ++ ISO_CP[MAX_CP_NAME - 1] = '\0'; + } else { /* -I charset */ + ++argv; + if(!(--argc > 0 && *argv != NULL && **argv != '-')) { +@@ -528,7 +529,8 @@ int zi_opts(__G__ pargc, pargv) + return(PK_PARAM); + } + s = *argv; +- strncpy(ISO_CP, s, sizeof(ISO_CP)); ++ strncpy(ISO_CP, s, MAX_CP_NAME - 1); ++ ISO_CP[MAX_CP_NAME - 1] = '\0'; + } + while(*(++s)); /* No params straight after charset name */ + } +@@ -568,7 +570,8 @@ int zi_opts(__G__ pargc, pargv) + "error: a valid character encoding should follow the -I argument")); + return(PK_PARAM); + } +- strncpy(OEM_CP, s, sizeof(OEM_CP)); ++ strncpy(OEM_CP, s, MAX_CP_NAME - 1); ++ OEM_CP[MAX_CP_NAME - 1] = '\0'; + } else { /* -O charset */ + ++argv; + if(!(--argc > 0 && *argv != NULL && **argv != '-')) { +@@ -577,7 +580,8 @@ int zi_opts(__G__ pargc, pargv) + return(PK_PARAM); + } + s = *argv; +- strncpy(OEM_CP, s, sizeof(OEM_CP)); ++ strncpy(OEM_CP, s, MAX_CP_NAME - 1); ++ OEM_CP[MAX_CP_NAME - 1] = '\0'; + } + while(*(++s)); /* No params straight after charset name */ + } +-- +2.14.5 + diff --git a/gnu/packages/patches/unzip-CVE-2016-9844.patch b/gnu/packages/patches/unzip-CVE-2016-9844.patch new file mode 100644 index 0000000000..0e4a173397 --- /dev/null +++ b/gnu/packages/patches/unzip-CVE-2016-9844.patch @@ -0,0 +1,39 @@ +From 754137e70cf58a64ad524b704a86b651ba0cde07 Mon Sep 17 00:00:00 2001 +From: Petr Stodulka +Date: Wed, 14 Dec 2016 16:30:36 +0100 +Subject: [PATCH] Fix CVE-2016-9844 (rhbz#1404283) + +Fixes buffer overflow in zipinfo in similar way like fix for +CVE-2014-9913 provided by upstream. +--- + zipinfo.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/zipinfo.c b/zipinfo.c +index c03620e..accca2a 100644 +--- a/zipinfo.c ++++ b/zipinfo.c +@@ -1984,7 +1984,19 @@ static int zi_short(__G) /* return PK-type error code */ + ush dnum=(ush)((G.crec.general_purpose_bit_flag>>1) & 3); + methbuf[3] = dtype[dnum]; + } else if (methnum >= NUM_METHODS) { /* unknown */ +- sprintf(&methbuf[1], "%03u", G.crec.compression_method); ++ /* 2016-12-05 SMS. ++ * https://launchpad.net/bugs/1643750 ++ * Unexpectedly large compression methods overflow ++ * &methbuf[]. Use the old, three-digit decimal format ++ * for values which fit. Otherwise, sacrifice the "u", ++ * and use four-digit hexadecimal. ++ */ ++ if (G.crec.compression_method <= 999) { ++ sprintf( &methbuf[ 1], "%03u", G.crec.compression_method); ++ } else { ++ sprintf( &methbuf[ 0], "%04X", G.crec.compression_method); ++ } ++ + } + + for (k = 0; k < 15; ++k) +-- +2.5.5 + diff --git a/gnu/packages/patches/unzip-CVE-2018-1000035.patch b/gnu/packages/patches/unzip-CVE-2018-1000035.patch new file mode 100644 index 0000000000..8ca713865c --- /dev/null +++ b/gnu/packages/patches/unzip-CVE-2018-1000035.patch @@ -0,0 +1,34 @@ +--- a/fileio.c 2014-12-05 05:06:05 -0600 ++++ b/fileio.c 2017-11-14 01:06:28 -0600 +@@ -1,5 +1,5 @@ + /* +- Copyright (c) 1990-2009 Info-ZIP. All rights reserved. ++ Copyright (c) 1990-2017 Info-ZIP. All rights reserved. + + See the accompanying file LICENSE, version 2009-Jan-02 or later + (the contents of which are also included in unzip.h) for terms of use. +@@ -1582,6 +1582,8 @@ + int r = IZ_PW_ENTERED; + char *m; + char *prompt; ++ char *ep; ++ char *zp; + + #ifndef REENTRANT + /* tell picky compilers to shut up about "unused variable" warnings */ +@@ -1590,9 +1592,12 @@ + + if (*rcnt == 0) { /* First call for current entry */ + *rcnt = 2; +- if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) { +- sprintf(prompt, LoadFarString(PasswPrompt), +- FnFilter1(zfn), FnFilter2(efn)); ++ zp = FnFilter1( zfn); ++ ep = FnFilter2( efn); ++ prompt = (char *)malloc( /* Slightly too long (2* "%s"). */ ++ sizeof( PasswPrompt)+ strlen( zp)+ strlen( ep)); ++ if (prompt != (char *)NULL) { ++ sprintf(prompt, LoadFarString(PasswPrompt), zp, ep); + m = prompt; + } else + m = (char *)LoadFarString(PasswPrompt2); diff --git a/gnu/packages/patches/unzip-CVE-2018-18384.patch b/gnu/packages/patches/unzip-CVE-2018-18384.patch new file mode 100644 index 0000000000..54d4b8cb64 --- /dev/null +++ b/gnu/packages/patches/unzip-CVE-2018-18384.patch @@ -0,0 +1,35 @@ +--- unzip60/list.c ++++ unzip60/list.c +@@ -97,7 +97,7 @@ int list_files(__G) /* return PK-type + { + int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL; + #ifndef WINDLL +- char sgn, cfactorstr[13]; ++ char sgn, cfactorstr[1+10+1+1]; /* %NUL */ + int longhdr=(uO.vflag>1); + #endif + int date_format; +@@ -389,9 +389,9 @@ int list_files(__G) /* return PK-type + } + #else /* !WINDLL */ + if (cfactor == 100) +- sprintf(cfactorstr, LoadFarString(CompFactor100)); ++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100)); + else +- sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor); ++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor); + if (longhdr) + Info(slide, 0, ((char *)slide, LoadFarString(LongHdrStats), + FmZofft(G.crec.ucsize, "8", "u"), methbuf, +@@ -471,9 +471,9 @@ int list_files(__G) /* return PK-type + + #else /* !WINDLL */ + if (cfactor == 100) +- sprintf(cfactorstr, LoadFarString(CompFactor100)); ++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100)); + else +- sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor); ++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor); + if (longhdr) { + Info(slide, 0, ((char *)slide, LoadFarString(LongFileTrailer), + FmZofft(tot_ucsize, "8", "u"), FmZofft(tot_csize, "8", "u"), diff --git a/gnu/packages/patches/unzip-alt-iconv-utf8-print.patch b/gnu/packages/patches/unzip-alt-iconv-utf8-print.patch new file mode 100644 index 0000000000..0b0153ba54 --- /dev/null +++ b/gnu/packages/patches/unzip-alt-iconv-utf8-print.patch @@ -0,0 +1,381 @@ +From ca0212ba19b64488b9e8459a762c11ecd6e7d0bd Mon Sep 17 00:00:00 2001 +From: Petr Stodulka +Date: Tue, 24 Nov 2015 17:56:11 +0100 +Subject: [PATCH] print correctly non-ascii filenames + +--- + extract.c | 289 ++++++++++++++++++++++++++++++++++++++++++++++++-------------- + unzpriv.h | 7 ++ + 2 files changed, 233 insertions(+), 63 deletions(-) + +diff --git a/extract.c b/extract.c +index 0ee4e93..741b7e0 100644 +--- a/extract.c ++++ b/extract.c +@@ -2648,8 +2648,21 @@ static void set_deferred_symlink(__G__ slnk_entry) + } /* end function set_deferred_symlink() */ + #endif /* SYMLINKS */ + ++/* ++ * If Unicode is supported, assume we have what we need to do this ++ * check using wide characters, avoiding MBCS issues. ++ */ + +- ++#ifndef UZ_FNFILTER_REPLACECHAR ++ /* A convenient choice for the replacement of unprintable char codes is ++ * the "single char wildcard", as this character is quite unlikely to ++ * appear in filenames by itself. The following default definition ++ * sets the replacement char to a question mark as the most common ++ * "single char wildcard"; this setting should be overridden in the ++ * appropiate system-specific configuration header when needed. ++ */ ++# define UZ_FNFILTER_REPLACECHAR '?' ++#endif + + /*************************/ + /* Function fnfilter() */ /* here instead of in list.c for SFX */ +@@ -2661,48 +2674,168 @@ char *fnfilter(raw, space, size) /* convert name to safely printable form */ + extent size; + { + #ifndef NATIVE /* ASCII: filter ANSI escape codes, etc. */ +- ZCONST uch *r=(ZCONST uch *)raw; ++ ZCONST uch *r; // =(ZCONST uch *)raw; + uch *s=space; + uch *slim=NULL; + uch *se=NULL; + int have_overflow = FALSE; + +- if (size > 0) { +- slim = space + size +-#ifdef _MBCS +- - (MB_CUR_MAX - 1) +-#endif +- - 4; ++# if defined( UNICODE_SUPPORT) && defined( _MBCS) ++/* If Unicode support is enabled, and we have multi-byte characters, ++ * then do the isprint() checks by first converting to wide characters ++ * and checking those. This avoids our having to parse multi-byte ++ * characters for ourselves. After the wide-char replacements have been ++ * made, the wide string is converted back to the local character set. ++ */ ++ wchar_t *wstring; /* wchar_t version of raw */ ++ size_t wslen; /* length of wstring */ ++ wchar_t *wostring; /* wchar_t version of output string */ ++ size_t woslen; /* length of wostring */ ++ char *newraw; /* new raw */ ++ ++ /* 2012-11-06 SMS. ++ * Changed to check the value returned by mbstowcs(), and bypass the ++ * Unicode processing if it fails. This seems to fix a problem ++ * reported in the SourceForge forum, but it's not clear that we ++ * should be doing any Unicode processing without some evidence that ++ * the name actually is Unicode. (Check bit 11 in the flags before ++ * coming here?) ++ * http://sourceforge.net/p/infozip/bugs/40/ ++ */ ++ ++ if (MB_CUR_MAX <= 1) ++ { ++ /* There's no point to converting multi-byte chars if there are ++ * no multi-byte chars. ++ */ ++ wslen = (size_t)-1; + } +- while (*r) { +- if (size > 0 && s >= slim && se == NULL) { +- se = s; ++ else ++ { ++ /* Get Unicode wide character count (for storage allocation). */ ++ wslen = mbstowcs( NULL, raw, 0); ++ } ++ ++ if (wslen != (size_t)-1) ++ { ++ /* Apparently valid Unicode. Allocate wide-char storage. */ ++ wstring = (wchar_t *)malloc((wslen + 1) * sizeof(wchar_t)); ++ if (wstring == NULL) { ++ strcpy( (char *)space, raw); ++ return (char *)space; + } +-#ifdef QDOS +- if (qlflag & 2) { +- if (*r == '/' || *r == '.') { ++ wostring = (wchar_t *)malloc(2 * (wslen + 1) * sizeof(wchar_t)); ++ if (wostring == NULL) { ++ free(wstring); ++ strcpy( (char *)space, raw); ++ return (char *)space; ++ } ++ ++ /* Convert the multi-byte Unicode to wide chars. */ ++ wslen = mbstowcs(wstring, raw, wslen + 1); ++ ++ /* Filter the wide-character string. */ ++ fnfilterw( wstring, wostring, (2 * (wslen + 1) * sizeof(wchar_t))); ++ ++ /* Convert filtered wide chars back to multi-byte. */ ++ woslen = wcstombs( NULL, wostring, 0); ++ if ((newraw = malloc(woslen + 1)) == NULL) { ++ free(wstring); ++ free(wostring); ++ strcpy( (char *)space, raw); ++ return (char *)space; ++ } ++ woslen = wcstombs( newraw, wostring, (woslen * MB_CUR_MAX) + 1); ++ ++ if (size > 0) { ++ slim = space + size - 4; ++ } ++ r = (ZCONST uch *)newraw; ++ while (*r) { ++ if (size > 0 && s >= slim && se == NULL) { ++ se = s; ++ } ++# ifdef QDOS ++ if (qlflag & 2) { ++ if (*r == '/' || *r == '.') { ++ if (se != NULL && (s > (space + (size-3)))) { ++ have_overflow = TRUE; ++ break; ++ } ++ ++r; ++ *s++ = '_'; ++ continue; ++ } ++ } else ++# endif ++ { + if (se != NULL && (s > (space + (size-3)))) { + have_overflow = TRUE; + break; + } +- ++r; +- *s++ = '_'; +- continue; ++ *s++ = *r++; + } +- } else ++ } ++ if (have_overflow) { ++ strcpy((char *)se, "..."); ++ } else { ++ *s = '\0'; ++ } ++ ++ free(wstring); ++ free(wostring); ++ free(newraw); ++ } ++ else ++# endif /* defined( UNICODE_SUPPORT) && defined( _MBCS) */ ++ { ++ /* No Unicode support, or apparently invalid Unicode. */ ++ r = (ZCONST uch *)raw; ++ ++ if (size > 0) { ++ slim = space + size ++#ifdef _MBCS ++ - (MB_CUR_MAX - 1) ++#endif ++ - 4; ++ } ++ while (*r) { ++ if (size > 0 && s >= slim && se == NULL) { ++ se = s; ++ } ++#ifdef QDOS ++ if (qlflag & 2) { ++ if (*r == '/' || *r == '.') { ++ if (se != NULL && (s > (space + (size-3)))) { ++ have_overflow = TRUE; ++ break; ++ } ++ ++r; ++ *s++ = '_'; ++ continue; ++ } ++ } else + #endif + #ifdef HAVE_WORKING_ISPRINT +-# ifndef UZ_FNFILTER_REPLACECHAR +- /* A convenient choice for the replacement of unprintable char codes is +- * the "single char wildcard", as this character is quite unlikely to +- * appear in filenames by itself. The following default definition +- * sets the replacement char to a question mark as the most common +- * "single char wildcard"; this setting should be overridden in the +- * appropiate system-specific configuration header when needed. +- */ +-# define UZ_FNFILTER_REPLACECHAR '?' +-# endif +- if (!isprint(*r)) { ++ if (!isprint(*r)) { ++ if (*r < 32) { ++ /* ASCII control codes are escaped as "^{letter}". */ ++ if (se != NULL && (s > (space + (size-4)))) { ++ have_overflow = TRUE; ++ break; ++ } ++ *s++ = '^', *s++ = (uch)(64 + *r++); ++ } else { ++ /* Other unprintable codes are replaced by the ++ * placeholder character. */ ++ if (se != NULL && (s > (space + (size-3)))) { ++ have_overflow = TRUE; ++ break; ++ } ++ *s++ = UZ_FNFILTER_REPLACECHAR; ++ INCSTR(r); ++ } ++#else /* !HAVE_WORKING_ISPRINT */ + if (*r < 32) { + /* ASCII control codes are escaped as "^{letter}". */ + if (se != NULL && (s > (space + (size-4)))) { +@@ -2710,47 +2843,30 @@ char *fnfilter(raw, space, size) /* convert name to safely printable form */ + break; + } + *s++ = '^', *s++ = (uch)(64 + *r++); ++#endif /* ?HAVE_WORKING_ISPRINT */ + } else { +- /* Other unprintable codes are replaced by the +- * placeholder character. */ ++#ifdef _MBCS ++ unsigned i = CLEN(r); ++ if (se != NULL && (s > (space + (size-i-2)))) { ++ have_overflow = TRUE; ++ break; ++ } ++ for (; i > 0; i--) ++ *s++ = *r++; ++#else + if (se != NULL && (s > (space + (size-3)))) { + have_overflow = TRUE; + break; + } +- *s++ = UZ_FNFILTER_REPLACECHAR; +- INCSTR(r); +- } +-#else /* !HAVE_WORKING_ISPRINT */ +- if (*r < 32) { +- /* ASCII control codes are escaped as "^{letter}". */ +- if (se != NULL && (s > (space + (size-4)))) { +- have_overflow = TRUE; +- break; +- } +- *s++ = '^', *s++ = (uch)(64 + *r++); +-#endif /* ?HAVE_WORKING_ISPRINT */ +- } else { +-#ifdef _MBCS +- unsigned i = CLEN(r); +- if (se != NULL && (s > (space + (size-i-2)))) { +- have_overflow = TRUE; +- break; +- } +- for (; i > 0; i--) + *s++ = *r++; +-#else +- if (se != NULL && (s > (space + (size-3)))) { +- have_overflow = TRUE; +- break; +- } +- *s++ = *r++; + #endif +- } +- } +- if (have_overflow) { +- strcpy((char *)se, "..."); +- } else { +- *s = '\0'; ++ } ++ } ++ if (have_overflow) { ++ strcpy((char *)se, "..."); ++ } else { ++ *s = '\0'; ++ } + } + + #ifdef WINDLL +@@ -2772,6 +2888,53 @@ char *fnfilter(raw, space, size) /* convert name to safely printable form */ + } /* end function fnfilter() */ + + ++#if defined( UNICODE_SUPPORT) && defined( _MBCS) ++ ++/****************************/ ++/* Function fnfilter[w]() */ /* (Here instead of in list.c for SFX.) */ ++/****************************/ ++ ++/* fnfilterw() - Convert wide name to safely printable form. */ ++ ++/* fnfilterw() - Convert wide-character name to safely printable form. */ ++ ++wchar_t *fnfilterw( src, dst, siz) ++ ZCONST wchar_t *src; /* Pointer to source char (string). */ ++ wchar_t *dst; /* Pointer to destination char (string). */ ++ extent siz; /* Not used (!). */ ++{ ++ wchar_t *dsx = dst; ++ ++ /* Filter the wide chars. */ ++ while (*src) ++ { ++ if (iswprint( *src)) ++ { ++ /* Printable code. Copy it. */ ++ *dst++ = *src; ++ } ++ else ++ { ++ /* Unprintable code. Substitute something printable for it. */ ++ if (*src < 32) ++ { ++ /* Replace ASCII control code with "^{letter}". */ ++ *dst++ = (wchar_t)'^'; ++ *dst++ = (wchar_t)(64 + *src); ++ } ++ else ++ { ++ /* Replace other unprintable code with the placeholder. */ ++ *dst++ = (wchar_t)UZ_FNFILTER_REPLACECHAR; ++ } ++ } ++ src++; ++ } ++ *dst = (wchar_t)0; /* NUL-terminate the destination string. */ ++ return dsx; ++} /* fnfilterw(). */ ++ ++#endif /* defined( UNICODE_SUPPORT) && defined( _MBCS) */ + + + #ifdef SET_DIR_ATTRIB +diff --git a/unzpriv.h b/unzpriv.h +index 22d3923..e48a652 100644 +--- a/unzpriv.h ++++ b/unzpriv.h +@@ -1212,6 +1212,7 @@ + # ifdef UNICODE_WCHAR + # if !(defined(_WIN32_WCE) || defined(POCKET_UNZIP)) + # include ++# include + # endif + # endif + # ifndef _MBCS /* no need to include twice, see below */ +@@ -2410,6 +2411,12 @@ int memflush OF((__GPRO__ ZCONST uch *rawbuf, ulg size)); + char *fnfilter OF((ZCONST char *raw, uch *space, + extent size)); + ++# if defined( UNICODE_SUPPORT) && defined( _MBCS) ++wchar_t *fnfilterw OF((ZCONST wchar_t *src, wchar_t *dst, ++ extent siz)); ++#endif ++ ++ + /*--------------------------------------------------------------------------- + Decompression functions: + ---------------------------------------------------------------------------*/ +-- +2.4.3 + diff --git a/gnu/packages/patches/unzip-alt-iconv-utf8.patch b/gnu/packages/patches/unzip-alt-iconv-utf8.patch new file mode 100644 index 0000000000..b9e37774e2 --- /dev/null +++ b/gnu/packages/patches/unzip-alt-iconv-utf8.patch @@ -0,0 +1,398 @@ +From: Giovanni Scafora +Subject: unzip files encoded with non-latin, non-unicode file names +Last-Update: 2015-02-11 + +Updated 2015-02-11 by Marc Deslauriers +to fix buffer overflow in charset_to_intern() + +Index: unzip-6.0/unix/unix.c +=================================================================== +--- unzip-6.0.orig/unix/unix.c 2015-02-11 08:46:43.675324290 -0500 ++++ unzip-6.0/unix/unix.c 2015-02-11 09:18:04.902081319 -0500 +@@ -30,6 +30,9 @@ + #define UNZIP_INTERNAL + #include "unzip.h" + ++#include ++#include ++ + #ifdef SCO_XENIX + # define SYSNDIR + #else /* SCO Unix, AIX, DNIX, TI SysV, Coherent 4.x, ... */ +@@ -1874,3 +1877,102 @@ + } + } + #endif /* QLZIP */ ++ ++ ++typedef struct { ++ char *local_charset; ++ char *archive_charset; ++} CHARSET_MAP; ++ ++/* A mapping of local <-> archive charsets used by default to convert filenames ++ * of DOS/Windows Zip archives. Currently very basic. */ ++static CHARSET_MAP dos_charset_map[] = { ++ { "ANSI_X3.4-1968", "CP850" }, ++ { "ISO-8859-1", "CP850" }, ++ { "CP1252", "CP850" }, ++ { "UTF-8", "CP866" }, ++ { "KOI8-R", "CP866" }, ++ { "KOI8-U", "CP866" }, ++ { "ISO-8859-5", "CP866" } ++}; ++ ++char OEM_CP[MAX_CP_NAME] = ""; ++char ISO_CP[MAX_CP_NAME] = ""; ++ ++/* Try to guess the default value of OEM_CP based on the current locale. ++ * ISO_CP is left alone for now. */ ++void init_conversion_charsets() ++{ ++ const char *local_charset; ++ int i; ++ ++ /* Make a guess only if OEM_CP not already set. */ ++ if(*OEM_CP == '\0') { ++ local_charset = nl_langinfo(CODESET); ++ for(i = 0; i < sizeof(dos_charset_map)/sizeof(CHARSET_MAP); i++) ++ if(!strcasecmp(local_charset, dos_charset_map[i].local_charset)) { ++ strncpy(OEM_CP, dos_charset_map[i].archive_charset, ++ sizeof(OEM_CP)); ++ break; ++ } ++ } ++} ++ ++/* Convert a string from one encoding to the current locale using iconv(). ++ * Be as non-intrusive as possible. If error is encountered during covertion ++ * just leave the string intact. */ ++static void charset_to_intern(char *string, char *from_charset) ++{ ++ iconv_t cd; ++ char *s,*d, *buf; ++ size_t slen, dlen, buflen; ++ const char *local_charset; ++ ++ if(*from_charset == '\0') ++ return; ++ ++ buf = NULL; ++ local_charset = nl_langinfo(CODESET); ++ ++ if((cd = iconv_open(local_charset, from_charset)) == (iconv_t)-1) ++ return; ++ ++ slen = strlen(string); ++ s = string; ++ ++ /* Make sure OUTBUFSIZ + 1 never ends up smaller than FILNAMSIZ ++ * as this function also gets called with G.outbuf in fileio.c ++ */ ++ buflen = FILNAMSIZ; ++ if (OUTBUFSIZ + 1 < FILNAMSIZ) ++ { ++ buflen = OUTBUFSIZ + 1; ++ } ++ ++ d = buf = malloc(buflen); ++ if(!d) ++ goto cleanup; ++ ++ bzero(buf,buflen); ++ dlen = buflen - 1; ++ ++ if(iconv(cd, &s, &slen, &d, &dlen) == (size_t)-1) ++ goto cleanup; ++ strncpy(string, buf, buflen); ++ ++ cleanup: ++ free(buf); ++ iconv_close(cd); ++} ++ ++/* Convert a string from OEM_CP to the current locale charset. */ ++inline void oem_intern(char *string) ++{ ++ charset_to_intern(string, OEM_CP); ++} ++ ++/* Convert a string from ISO_CP to the current locale charset. */ ++inline void iso_intern(char *string) ++{ ++ charset_to_intern(string, ISO_CP); ++} +Index: unzip-6.0/unix/unxcfg.h +=================================================================== +--- unzip-6.0.orig/unix/unxcfg.h 2015-02-11 08:46:43.675324290 -0500 ++++ unzip-6.0/unix/unxcfg.h 2015-02-11 08:46:43.671324260 -0500 +@@ -228,4 +228,30 @@ + /* wild_dir, dirname, wildname, matchname[], dirnamelen, have_dirname, */ + /* and notfirstcall are used by do_wild(). */ + ++ ++#define MAX_CP_NAME 25 ++ ++#ifdef SETLOCALE ++# undef SETLOCALE ++#endif ++#define SETLOCALE(category, locale) setlocale(category, locale) ++#include ++ ++#ifdef _ISO_INTERN ++# undef _ISO_INTERN ++#endif ++#define _ISO_INTERN(str1) iso_intern(str1) ++ ++#ifdef _OEM_INTERN ++# undef _OEM_INTERN ++#endif ++#ifndef IZ_OEM2ISO_ARRAY ++# define IZ_OEM2ISO_ARRAY ++#endif ++#define _OEM_INTERN(str1) oem_intern(str1) ++ ++void iso_intern(char *); ++void oem_intern(char *); ++void init_conversion_charsets(void); ++ + #endif /* !__unxcfg_h */ +Index: unzip-6.0/unzip.c +=================================================================== +--- unzip-6.0.orig/unzip.c 2015-02-11 08:46:43.675324290 -0500 ++++ unzip-6.0/unzip.c 2015-02-11 08:46:43.675324290 -0500 +@@ -327,11 +327,21 @@ + -2 just filenames but allow -h/-t/-z -l long Unix \"ls -l\" format\n\ + -v verbose, multi-page format\n"; + ++#ifndef UNIX + static ZCONST char Far ZipInfoUsageLine3[] = "miscellaneous options:\n\ + -h print header line -t print totals for listed files or for all\n\ + -z print zipfile comment -T print file times in sortable decimal format\ + \n -C be case-insensitive %s\ + -x exclude filenames that follow from listing\n"; ++#else /* UNIX */ ++static ZCONST char Far ZipInfoUsageLine3[] = "miscellaneous options:\n\ ++ -h print header line -t print totals for listed files or for all\n\ ++ -z print zipfile comment %c-T%c print file times in sortable decimal format\ ++\n %c-C%c be case-insensitive %s\ ++ -x exclude filenames that follow from listing\n\ ++ -O CHARSET specify a character encoding for DOS, Windows and OS/2 archives\n\ ++ -I CHARSET specify a character encoding for UNIX and other archives\n"; ++#endif /* !UNIX */ + #ifdef MORE + static ZCONST char Far ZipInfoUsageLine4[] = + " -M page output through built-in \"more\"\n"; +@@ -664,6 +674,17 @@ + -U use escapes for all non-ASCII Unicode -UU ignore any Unicode fields\n\ + -C match filenames case-insensitively -L make (some) names \ + lowercase\n %-42s -V retain VMS version numbers\n%s"; ++#elif (defined UNIX) ++static ZCONST char Far UnzipUsageLine4[] = "\ ++modifiers:\n\ ++ -n never overwrite existing files -q quiet mode (-qq => quieter)\n\ ++ -o overwrite files WITHOUT prompting -a auto-convert any text files\n\ ++ -j junk paths (do not make directories) -aa treat ALL files as text\n\ ++ -U use escapes for all non-ASCII Unicode -UU ignore any Unicode fields\n\ ++ -C match filenames case-insensitively -L make (some) names \ ++lowercase\n %-42s -V retain VMS version numbers\n%s\ ++ -O CHARSET specify a character encoding for DOS, Windows and OS/2 archives\n\ ++ -I CHARSET specify a character encoding for UNIX and other archives\n\n"; + #else /* !VMS */ + static ZCONST char Far UnzipUsageLine4[] = "\ + modifiers:\n\ +@@ -802,6 +823,10 @@ + #endif /* UNICODE_SUPPORT */ + + ++#ifdef UNIX ++ init_conversion_charsets(); ++#endif ++ + #if (defined(__IBMC__) && defined(__DEBUG_ALLOC__)) + extern void DebugMalloc(void); + +@@ -1335,6 +1360,11 @@ + argc = *pargc; + argv = *pargv; + ++#ifdef UNIX ++ extern char OEM_CP[MAX_CP_NAME]; ++ extern char ISO_CP[MAX_CP_NAME]; ++#endif ++ + while (++argv, (--argc > 0 && *argv != NULL && **argv == '-')) { + s = *argv + 1; + while ((c = *s++) != 0) { /* "!= 0": prevent Turbo C warning */ +@@ -1516,6 +1546,35 @@ + } + break; + #endif /* MACOS */ ++#ifdef UNIX ++ case ('I'): ++ if (negative) { ++ Info(slide, 0x401, ((char *)slide, ++ "error: encodings can't be negated")); ++ return(PK_PARAM); ++ } else { ++ if(*s) { /* Handle the -Icharset case */ ++ /* Assume that charsets can't start with a dash to spot arguments misuse */ ++ if(*s == '-') { ++ Info(slide, 0x401, ((char *)slide, ++ "error: a valid character encoding should follow the -I argument")); ++ return(PK_PARAM); ++ } ++ strncpy(ISO_CP, s, sizeof(ISO_CP)); ++ } else { /* -I charset */ ++ ++argv; ++ if(!(--argc > 0 && *argv != NULL && **argv != '-')) { ++ Info(slide, 0x401, ((char *)slide, ++ "error: a valid character encoding should follow the -I argument")); ++ return(PK_PARAM); ++ } ++ s = *argv; ++ strncpy(ISO_CP, s, sizeof(ISO_CP)); ++ } ++ while(*(++s)); /* No params straight after charset name */ ++ } ++ break; ++#endif /* ?UNIX */ + case ('j'): /* junk pathnames/directory structure */ + if (negative) + uO.jflag = FALSE, negative = 0; +@@ -1591,6 +1650,35 @@ + } else + ++uO.overwrite_all; + break; ++#ifdef UNIX ++ case ('O'): ++ if (negative) { ++ Info(slide, 0x401, ((char *)slide, ++ "error: encodings can't be negated")); ++ return(PK_PARAM); ++ } else { ++ if(*s) { /* Handle the -Ocharset case */ ++ /* Assume that charsets can't start with a dash to spot arguments misuse */ ++ if(*s == '-') { ++ Info(slide, 0x401, ((char *)slide, ++ "error: a valid character encoding should follow the -I argument")); ++ return(PK_PARAM); ++ } ++ strncpy(OEM_CP, s, sizeof(OEM_CP)); ++ } else { /* -O charset */ ++ ++argv; ++ if(!(--argc > 0 && *argv != NULL && **argv != '-')) { ++ Info(slide, 0x401, ((char *)slide, ++ "error: a valid character encoding should follow the -O argument")); ++ return(PK_PARAM); ++ } ++ s = *argv; ++ strncpy(OEM_CP, s, sizeof(OEM_CP)); ++ } ++ while(*(++s)); /* No params straight after charset name */ ++ } ++ break; ++#endif /* ?UNIX */ + case ('p'): /* pipes: extract to stdout, no messages */ + if (negative) { + uO.cflag = FALSE; +Index: unzip-6.0/unzpriv.h +=================================================================== +--- unzip-6.0.orig/unzpriv.h 2015-02-11 08:46:43.675324290 -0500 ++++ unzip-6.0/unzpriv.h 2015-02-11 08:46:43.675324290 -0500 +@@ -3008,7 +3008,7 @@ + !(((islochdr) || (isuxatt)) && \ + ((hostver) == 25 || (hostver) == 26 || (hostver) == 40))) || \ + (hostnum) == FS_HPFS_ || \ +- ((hostnum) == FS_NTFS_ && (hostver) == 50)) { \ ++ ((hostnum) == FS_NTFS_ /* && (hostver) == 50 */ )) { \ + _OEM_INTERN((string)); \ + } else { \ + _ISO_INTERN((string)); \ +Index: unzip-6.0/zipinfo.c +=================================================================== +--- unzip-6.0.orig/zipinfo.c 2015-02-11 08:46:43.675324290 -0500 ++++ unzip-6.0/zipinfo.c 2015-02-11 08:46:43.675324290 -0500 +@@ -457,6 +457,10 @@ + int tflag_slm=TRUE, tflag_2v=FALSE; + int explicit_h=FALSE, explicit_t=FALSE; + ++#ifdef UNIX ++ extern char OEM_CP[MAX_CP_NAME]; ++ extern char ISO_CP[MAX_CP_NAME]; ++#endif + + #ifdef MACOS + uO.lflag = LFLAG; /* reset default on each call */ +@@ -501,6 +505,35 @@ + uO.lflag = 0; + } + break; ++#ifdef UNIX ++ case ('I'): ++ if (negative) { ++ Info(slide, 0x401, ((char *)slide, ++ "error: encodings can't be negated")); ++ return(PK_PARAM); ++ } else { ++ if(*s) { /* Handle the -Icharset case */ ++ /* Assume that charsets can't start with a dash to spot arguments misuse */ ++ if(*s == '-') { ++ Info(slide, 0x401, ((char *)slide, ++ "error: a valid character encoding should follow the -I argument")); ++ return(PK_PARAM); ++ } ++ strncpy(ISO_CP, s, sizeof(ISO_CP)); ++ } else { /* -I charset */ ++ ++argv; ++ if(!(--argc > 0 && *argv != NULL && **argv != '-')) { ++ Info(slide, 0x401, ((char *)slide, ++ "error: a valid character encoding should follow the -I argument")); ++ return(PK_PARAM); ++ } ++ s = *argv; ++ strncpy(ISO_CP, s, sizeof(ISO_CP)); ++ } ++ while(*(++s)); /* No params straight after charset name */ ++ } ++ break; ++#endif /* ?UNIX */ + case 'l': /* longer form of "ls -l" type listing */ + if (negative) + uO.lflag = -2, negative = 0; +@@ -521,6 +554,35 @@ + G.M_flag = TRUE; + break; + #endif ++#ifdef UNIX ++ case ('O'): ++ if (negative) { ++ Info(slide, 0x401, ((char *)slide, ++ "error: encodings can't be negated")); ++ return(PK_PARAM); ++ } else { ++ if(*s) { /* Handle the -Ocharset case */ ++ /* Assume that charsets can't start with a dash to spot arguments misuse */ ++ if(*s == '-') { ++ Info(slide, 0x401, ((char *)slide, ++ "error: a valid character encoding should follow the -I argument")); ++ return(PK_PARAM); ++ } ++ strncpy(OEM_CP, s, sizeof(OEM_CP)); ++ } else { /* -O charset */ ++ ++argv; ++ if(!(--argc > 0 && *argv != NULL && **argv != '-')) { ++ Info(slide, 0x401, ((char *)slide, ++ "error: a valid character encoding should follow the -O argument")); ++ return(PK_PARAM); ++ } ++ s = *argv; ++ strncpy(OEM_CP, s, sizeof(OEM_CP)); ++ } ++ while(*(++s)); /* No params straight after charset name */ ++ } ++ break; ++#endif /* ?UNIX */ + case 's': /* default: shorter "ls -l" type listing */ + if (negative) + uO.lflag = -2, negative = 0; diff --git a/gnu/packages/patches/unzip-caseinsensitive.patch b/gnu/packages/patches/unzip-caseinsensitive.patch new file mode 100644 index 0000000000..3cb68450b9 --- /dev/null +++ b/gnu/packages/patches/unzip-caseinsensitive.patch @@ -0,0 +1,131 @@ +diff --git a/match.c b/match.c +index 6cd656f..4e569f5 100644 +--- a/match.c ++++ b/match.c +@@ -190,10 +190,10 @@ char *___tmp_ptr; + + #endif + +-static int recmatch(p, s, cs) ++static int recmatch(p, s, ci) + ZCONST char *p; /* sh pattern to match */ + ZCONST char *s; /* string to match it to */ +-int cs; /* flag: force case-sensitive matching */ ++int ci; /* flag: force case-insensitive matching */ + /* Recursively compare the sh pattern p with the string s and return 1 if + they match, and 0 or 2 if they don't or if there is a syntax error in the + pattern. This routine recurses on itself no deeper than the number of +@@ -214,7 +214,7 @@ int cs; /* flag: force case-sensitive matching */ + if (CLEN(p) == 2) { + if (CLEN(s) == 2) { + return (*p == *s && *(p+1) == *(s+1)) ? +- recmatch(p + 2, s + 2, cs) : 0; ++ recmatch(p + 2, s + 2, ci) : 0; + } else { + return 0; + } +@@ -230,9 +230,9 @@ int cs; /* flag: force case-sensitive matching */ + /* '?' (or '%' or '#') matches any character (but not an empty string) */ + if (c == WILDCHR_SINGLE) { + if (wild_stop_at_dir) +- return (*s && *s != DIRSEP_CHR) ? recmatch(p, s + CLEN(s), cs) : 0; ++ return (*s && *s != DIRSEP_CHR) ? recmatch(p, s + CLEN(s), ci) : 0; + else +- return *s ? recmatch(p, s + CLEN(s), cs) : 0; ++ return *s ? recmatch(p, s + CLEN(s), ci) : 0; + } + + /* WILDCHR_MULTI ('*') matches any number of characters, including zero */ +@@ -253,14 +253,14 @@ int cs; /* flag: force case-sensitive matching */ + # endif /* ?AMIGA */ + /* Single WILDCHR_MULTI ('*'): this doesn't match slashes */ + for (; *s && *s != DIRSEP_CHR; INCSTR(s)) +- if ((c = recmatch(p, s, cs)) != 0) ++ if ((c = recmatch(p, s, ci)) != 0) + return c; + /* end of pattern: matched if at end of string, else continue */ + if (*p == 0) + return (*s == 0); + /* continue to match if at DIRSEP_CHR in pattern, else give up */ + return (*p == DIRSEP_CHR || (*p == '\\' && p[1] == DIRSEP_CHR)) +- ? recmatch(p, s, cs) : 2; ++ ? recmatch(p, s, ci) : 2; + } + /* Two consecutive WILDCHR_MULTI ("**"): this matches DIRSEP_CHR ('/') */ + p++; /* move p past the second WILDCHR_MULTI */ +@@ -308,17 +308,17 @@ int cs; /* flag: force case-sensitive matching */ + */ + if (q != srest) + return 0; +- return ((cs ? strcmp(p, q) : namecmp(p, q)) == 0); ++ return ((!ci ? strcmp(p, q) : namecmp(p, q)) == 0); + } + #else /* !_MBCS */ +- return ((cs ? strcmp(p, srest) : namecmp(p, srest)) == 0); ++ return ((!ci ? strcmp(p, srest) : namecmp(p, srest)) == 0); + #endif /* ?_MBCS */ + } + else + { + /* pattern contains more wildcards, continue with recursion... */ + for (; *s; INCSTR(s)) +- if ((c = recmatch(p, s, cs)) != 0) ++ if ((c = recmatch(p, s, ci)) != 0) + return c; + return 2; /* 2 means give up--shmatch will return false */ + } +@@ -353,17 +353,17 @@ int cs; /* flag: force case-sensitive matching */ + c = *(p-1); + else + { +- uch cc = (cs ? (uch)*s : case_map((uch)*s)); ++ uch cc = (!ci ? (uch)*s : to_up((uch)*s)); + uch uc = (uch) c; + if (*(p+1) != '-') + for (uc = uc ? uc : (uch)*p; uc <= (uch)*p; uc++) + /* compare range */ +- if ((cs ? uc : case_map(uc)) == cc) +- return r ? 0 : recmatch(q + CLEN(q), s + CLEN(s), cs); ++ if ((!ci ? uc : to_up(uc)) == cc) ++ return r ? 0 : recmatch(q + CLEN(q), s + CLEN(s), ci); + c = e = 0; /* clear range, escape flags */ + } + } +- return r ? recmatch(q + CLEN(q), s + CLEN(s), cs) : 0; ++ return r ? recmatch(q + CLEN(q), s + CLEN(s), ci) : 0; + /* bracket match failed */ + } + #endif /* !VMS */ +@@ -382,18 +382,18 @@ int cs; /* flag: force case-sensitive matching */ + { + /* Match "...]" with "]". Continue after "]" in both. */ + if ((*(p+ 2* CLEN( p)) == ']') && (*s == ']')) +- return recmatch( (p+ 3* CLEN( p)), (s+ CLEN( s)), cs); ++ return recmatch( (p+ 3* CLEN( p)), (s+ CLEN( s)), ci); + + /* Else, look for a reduced match in s, until "]" in or end of s. */ + for (; *s && (*s != ']'); INCSTR(s)) + if (*s == '.') + /* If reduced match, then continue after "..." in p, "." in s. */ +- if ((c = recmatch( (p+ CLEN( p)), s, cs)) != 0) ++ if ((c = recmatch( (p+ CLEN( p)), s, ci)) != 0) + return (int)c; + + /* Match "...]" with "]". Continue after "]" in both. */ + if ((*(p+ 2* CLEN( p)) == ']') && (*s == ']')) +- return recmatch( (p+ 3* CLEN( p)), (s+ CLEN( s)), cs); ++ return recmatch( (p+ 3* CLEN( p)), (s+ CLEN( s)), ci); + + /* No reduced match. Quit. */ + return 2; +@@ -402,8 +402,8 @@ int cs; /* flag: force case-sensitive matching */ + #endif /* def VMS */ + + /* Just a character--compare it */ +- return (cs ? c == *s : case_map((uch)c) == case_map((uch)*s)) ? +- recmatch(p, s + CLEN(s), cs) : 0; ++ return (!ci ? c == *s : to_up((uch)c) == to_up((uch)*s)) ? ++ recmatch(p, s + CLEN(s), ci) : 0; + } + + diff --git a/gnu/packages/patches/unzip-close.patch b/gnu/packages/patches/unzip-close.patch new file mode 100644 index 0000000000..9a238a9006 --- /dev/null +++ b/gnu/packages/patches/unzip-close.patch @@ -0,0 +1,176 @@ +diff -up unzip60/extract.c.close unzip60/extract.c +--- unzip60/extract.c.close 2009-03-14 02:32:52.000000000 +0100 ++++ unzip60/extract.c 2009-11-19 08:17:23.481263496 +0100 +@@ -1924,24 +1924,21 @@ static int extract_or_test_member(__G) + + #ifdef VMS /* VMS: required even for stdout! (final flush) */ + if (!uO.tflag) /* don't close NULL file */ +- close_outfile(__G); ++ error = close_outfile(__G); + #else + #ifdef DLL + if (!uO.tflag && (!uO.cflag || G.redirect_data)) { + if (G.redirect_data) + FINISH_REDIRECT(); + else +- close_outfile(__G); ++ error = close_outfile(__G); + } + #else + if (!uO.tflag && !uO.cflag) /* don't close NULL file or stdout */ +- close_outfile(__G); ++ error = close_outfile(__G); + #endif + #endif /* VMS */ + +- /* GRR: CONVERT close_outfile() TO NON-VOID: CHECK FOR ERRORS! */ +- +- + if (G.disk_full) { /* set by flush() */ + if (G.disk_full > 1) { + #if (defined(DELETE_IF_FULL) && defined(HAVE_UNLINK)) +diff -up unzip60/unix/unix.c.close unzip60/unix/unix.c +--- unzip60/unix/unix.c.close 2009-01-24 00:31:26.000000000 +0100 ++++ unzip60/unix/unix.c 2009-11-19 08:33:25.568389171 +0100 +@@ -1096,10 +1096,41 @@ static int get_extattribs(__G__ pzt, z_u + #ifndef MTS + + /****************************/ ++/* Function CloseError() */ ++/***************************/ ++ ++int CloseError(__G) ++ __GDEF ++{ ++ int errval = PK_OK; ++ ++ if (fclose(G.outfile) < 0) { ++ switch (errno) { ++ case ENOSPC: ++ /* Do we need this on fileio.c? */ ++ Info(slide, 0x4a1, ((char *)slide, "%s: write error (disk full?). Continue? (y/n/^C) ", ++ FnFilter1(G.filename))); ++ fgets(G.answerbuf, 9, stdin); ++ if (*G.answerbuf == 'y') /* stop writing to this file */ ++ G.disk_full = 1; /* pass to next */ ++ else ++ G.disk_full = 2; /* no: exit program */ ++ ++ errval = PK_DISK; ++ break; ++ ++ default: ++ errval = PK_WARN; ++ } ++ } ++ return errval; ++} /* End of CloseError() */ ++ ++/****************************/ + /* Function close_outfile() */ + /****************************/ + +-void close_outfile(__G) /* GRR: change to return PK-style warning level */ ++int close_outfile(__G) + __GDEF + { + union { +@@ -1108,6 +1139,7 @@ void close_outfile(__G) /* GRR: chang + } zt; + ulg z_uidgid[2]; + int have_uidgid_flg; ++ int errval = PK_OK; + + have_uidgid_flg = get_extattribs(__G__ &(zt.t3), z_uidgid); + +@@ -1141,16 +1173,16 @@ void close_outfile(__G) /* GRR: chang + Info(slide, 0x201, ((char *)slide, + "warning: symbolic link (%s) failed: mem alloc overflow\n", + FnFilter1(G.filename))); +- fclose(G.outfile); +- return; ++ errval = CloseError(G.outfile, G.filename); ++ return errval ? errval : PK_WARN; + } + + if ((slnk_entry = (slinkentry *)malloc(slnk_entrysize)) == NULL) { + Info(slide, 0x201, ((char *)slide, + "warning: symbolic link (%s) failed: no mem\n", + FnFilter1(G.filename))); +- fclose(G.outfile); +- return; ++ errval = CloseError(G.outfile, G.filename); ++ return errval ? errval : PK_WARN; + } + slnk_entry->next = NULL; + slnk_entry->targetlen = ucsize; +@@ -1174,10 +1206,10 @@ void close_outfile(__G) /* GRR: chang + "warning: symbolic link (%s) failed\n", + FnFilter1(G.filename))); + free(slnk_entry); +- fclose(G.outfile); +- return; ++ errval = CloseError(G.outfile, G.filename); ++ return errval ? errval : PK_WARN; + } +- fclose(G.outfile); /* close "link" file for good... */ ++ errval = CloseError(G.outfile, G.filename); /* close "link" file for good... */ + slnk_entry->target[ucsize] = '\0'; + if (QCOND2) + Info(slide, 0, ((char *)slide, "-> %s ", +@@ -1188,7 +1220,7 @@ void close_outfile(__G) /* GRR: chang + else + G.slink_head = slnk_entry; + G.slink_last = slnk_entry; +- return; ++ return errval; + } + #endif /* SYMLINKS */ + +@@ -1201,7 +1233,7 @@ void close_outfile(__G) /* GRR: chang + #endif + + #if (defined(NO_FCHOWN)) +- fclose(G.outfile); ++ errval = CloseError(G.outfile, G.filename); + #endif + + /* if -X option was specified and we have UID/GID info, restore it */ +@@ -1227,7 +1259,7 @@ void close_outfile(__G) /* GRR: chang + } + + #if (!defined(NO_FCHOWN) && defined(NO_FCHMOD)) +- fclose(G.outfile); ++ errval = CloseError(G.outfile, G.filename); + #endif + + #if (!defined(NO_FCHOWN) && !defined(NO_FCHMOD)) +@@ -1239,7 +1271,7 @@ void close_outfile(__G) /* GRR: chang + if (fchmod(fileno(G.outfile), filtattr(__G__ G.pInfo->file_attr))) + perror("fchmod (file attributes) error"); + +- fclose(G.outfile); ++ errval = CloseError(G.outfile, G.filename); + #endif /* !NO_FCHOWN && !NO_FCHMOD */ + + /* skip restoring time stamps on user's request */ +@@ -1267,6 +1299,7 @@ void close_outfile(__G) /* GRR: chang + #endif + #endif /* NO_FCHOWN || NO_FCHMOD */ + ++ return errval; + } /* end function close_outfile() */ + + #endif /* !MTS */ +diff -up unzip60/unzpriv.h.close unzip60/unzpriv.h +--- unzip60/unzpriv.h.close 2009-04-20 01:59:26.000000000 +0200 ++++ unzip60/unzpriv.h 2009-11-19 08:19:08.610388618 +0100 +@@ -2604,7 +2604,7 @@ char *GetLoadPath OF((__GPRO)); + int SetFileSize OF((FILE *file, zusz_t filesize)); /* local */ + #endif + #ifndef MTS /* macro in MTS */ +- void close_outfile OF((__GPRO)); /* local */ ++ int close_outfile OF((__GPRO)); /* local */ + #endif + #ifdef SET_SYMLINK_ATTRIBS + int set_symlnk_attribs OF((__GPRO__ slinkentry *slnk_entry)); /* local */ diff --git a/gnu/packages/patches/unzip-exec-shield.patch b/gnu/packages/patches/unzip-exec-shield.patch new file mode 100644 index 0000000000..74500aa5d4 --- /dev/null +++ b/gnu/packages/patches/unzip-exec-shield.patch @@ -0,0 +1,10 @@ +diff -up unzip60/crc_i386.S.exec-shield unzip60/crc_i386.S +--- unzip60/crc_i386.S.exec-shield 2007-01-07 06:02:58.000000000 +0100 ++++ unzip60/crc_i386.S 2009-11-18 11:16:39.630389312 +0100 +@@ -302,3 +302,6 @@ _crc32: /* ulg c + #endif /* i386 || _i386 || _I386 || __i386 */ + + #endif /* !USE_ZLIB && !CRC_TABLE_ONLY */ ++ ++.section .note.GNU-stack, "", @progbits ++.previous diff --git a/gnu/packages/patches/unzip-fix-recmatch.patch b/gnu/packages/patches/unzip-fix-recmatch.patch new file mode 100644 index 0000000000..2a8583c8ca --- /dev/null +++ b/gnu/packages/patches/unzip-fix-recmatch.patch @@ -0,0 +1,477 @@ +diff -up unzip60/match.c.recmatch unzip60/match.c +--- unzip60/match.c.recmatch 2005-08-14 13:00:36.000000000 -0400 ++++ unzip60/match.c 2013-05-28 10:29:57.949077543 -0400 +@@ -27,16 +27,14 @@ + + --------------------------------------------------------------------------- + +- Copyright on recmatch() from Zip's util.c (although recmatch() was almost +- certainly written by Mark Adler...ask me how I can tell :-) ): ++ Copyright on recmatch() from Zip's util.c ++ Copyright (c) 1990-2005 Info-ZIP. All rights reserved. + +- Copyright (C) 1990-1992 Mark Adler, Richard B. Wales, Jean-loup Gailly, +- Kai Uwe Rommel and Igor Mandrichenko. ++ See the accompanying file LICENSE, version 2004-May-22 or later ++ for terms of use. ++ If, for some reason, both of these files are missing, the Info-ZIP license ++ also may be found at: ftp://ftp.info-zip.org/pub/infozip/license.html + +- Permission is granted to any individual or institution to use, copy, +- or redistribute this software so long as all of the original files are +- included unmodified, that it is not sold for profit, and that this copy- +- right notice is retained. + + --------------------------------------------------------------------------- + +@@ -53,7 +51,7 @@ + + A set is composed of characters or ranges; a range looks like ``character + hyphen character'' (as in 0-9 or A-Z). [0-9a-zA-Z_] is the minimal set of +- characters allowed in the [..] pattern construct. Other characters are ++ characters ALlowed in the [..] pattern construct. Other characters are + allowed (i.e., 8-bit characters) if your system will support them. + + To suppress the special syntactic significance of any of ``[]*?!^-\'', in- +@@ -101,8 +99,32 @@ + # define WILDCHAR '?' + # define BEG_RANGE '[' + # define END_RANGE ']' ++# define WILDCHR_SINGLE '?' ++# define DIRSEP_CHR '/' ++# define WILDCHR_MULTI '*' + #endif + ++#ifdef WILD_STOP_AT_DIR ++ int wild_stop_at_dir = 1; /* default wildcards do not include / in matches */ ++#else ++ int wild_stop_at_dir = 0; /* default wildcards do include / in matches */ ++#endif ++ ++ ++ ++/* ++ * case mapping functions. case_map is used to ignore case in comparisons, ++ * to_up is used to force upper case even on Unix (for dosify option). ++ */ ++#ifdef USE_CASE_MAP ++# define case_map(c) upper[(c) & 0xff] ++# define to_up(c) upper[(c) & 0xff] ++#else ++# define case_map(c) (c) ++# define to_up(c) ((c) >= 'a' && (c) <= 'z' ? (c)-'a'+'A' : (c)) ++#endif /* USE_CASE_MAP */ ++ ++ + #if 0 /* GRR: add this to unzip.h someday... */ + #if !(defined(MSDOS) && defined(DOSWILD)) + #ifdef WILD_STOP_AT_DIR +@@ -114,8 +136,8 @@ int recmatch OF((ZCONST uch *pattern, ZC + int ignore_case __WDLPRO)); + #endif + #endif /* 0 */ +-static int recmatch OF((ZCONST uch *pattern, ZCONST uch *string, +- int ignore_case __WDLPRO)); ++static int recmatch OF((ZCONST char *, ZCONST char *, ++ int)); + static char *isshexp OF((ZCONST char *p)); + static int namecmp OF((ZCONST char *s1, ZCONST char *s2)); + +@@ -154,192 +176,240 @@ int match(string, pattern, ignore_case _ + } + dospattern[j-1] = '\0'; /* nuke the end "." */ + } +- j = recmatch((uch *)dospattern, (uch *)string, ignore_case __WDL); ++ j = recmatch(dospattern, string, ignore_case); + free(dospattern); + return j == 1; + } else + #endif /* MSDOS && DOSWILD */ +- return recmatch((uch *)pattern, (uch *)string, ignore_case __WDL) == 1; ++ return recmatch(pattern, string, ignore_case) == 1; + } + ++#ifdef _MBCS ++ ++char *___tmp_ptr; + ++#endif + +-static int recmatch(p, s, ic __WDL) +- ZCONST uch *p; /* sh pattern to match */ +- ZCONST uch *s; /* string to which to match it */ +- int ic; /* true for case insensitivity */ +- __WDLDEF /* directory sepchar for WildStopAtDir mode, or 0 */ ++static int recmatch(p, s, cs) ++ZCONST char *p; /* sh pattern to match */ ++ZCONST char *s; /* string to match it to */ ++int cs; /* flag: force case-sensitive matching */ + /* Recursively compare the sh pattern p with the string s and return 1 if +- * they match, and 0 or 2 if they don't or if there is a syntax error in the +- * pattern. This routine recurses on itself no more deeply than the number +- * of characters in the pattern. */ ++ they match, and 0 or 2 if they don't or if there is a syntax error in the ++ pattern. This routine recurses on itself no deeper than the number of ++ characters in the pattern. */ + { +- unsigned int c; /* pattern char or start of range in [-] loop */ ++ int c; /* pattern char or start of range in [-] loop */ ++ /* Get first character, the pattern for new recmatch calls follows */ ++ /* borrowed from Zip's global.c */ ++ int no_wild = 0; ++ int allow_regex=1; ++ /* This fix provided by akt@m5.dion.ne.jp for Japanese. ++ See 21 July 2006 mail. ++ It only applies when p is pointing to a doublebyte character and ++ things like / and wildcards are not doublebyte. This probably ++ should not be needed. */ + +- /* Get first character, the pattern for new recmatch calls follows */ +- c = *p; INCSTR(p); ++#ifdef _MBCS ++ if (CLEN(p) == 2) { ++ if (CLEN(s) == 2) { ++ return (*p == *s && *(p+1) == *(s+1)) ? ++ recmatch(p + 2, s + 2, cs) : 0; ++ } else { ++ return 0; ++ } ++ } ++#endif /* ?_MBCS */ + +- /* If that was the end of the pattern, match if string empty too */ +- if (c == 0) +- return *s == 0; ++ c = *POSTINCSTR(p); + +- /* '?' (or '%') matches any character (but not an empty string). */ +- if (c == WILDCHAR) +-#ifdef WILD_STOP_AT_DIR +- /* If uO.W_flag is non-zero, it won't match '/' */ +- return (*s && (!sepc || *s != (uch)sepc)) +- ? recmatch(p, s + CLEN(s), ic, sepc) : 0; +-#else +- return *s ? recmatch(p, s + CLEN(s), ic) : 0; +-#endif ++ /* If that was the end of the pattern, match if string empty too */ ++ if (c == 0) ++ return *s == 0; ++ ++ /* '?' (or '%' or '#') matches any character (but not an empty string) */ ++ if (c == WILDCHR_SINGLE) { ++ if (wild_stop_at_dir) ++ return (*s && *s != DIRSEP_CHR) ? recmatch(p, s + CLEN(s), cs) : 0; ++ else ++ return *s ? recmatch(p, s + CLEN(s), cs) : 0; ++ } + +- /* '*' matches any number of characters, including zero */ ++ /* WILDCHR_MULTI ('*') matches any number of characters, including zero */ + #ifdef AMIGA +- if (c == '#' && *p == '?') /* "#?" is Amiga-ese for "*" */ +- c = '*', p++; ++ if (!no_wild && c == '#' && *p == '?') /* "#?" is Amiga-ese for "*" */ ++ c = WILDCHR_MULTI, p++; + #endif /* AMIGA */ +- if (c == '*') { +-#ifdef WILD_STOP_AT_DIR +- if (sepc) { +- /* check for single "*" or double "**" */ +-# ifdef AMIGA +- if ((c = p[0]) == '#' && p[1] == '?') /* "#?" is Amiga-ese for "*" */ +- c = '*', p++; +- if (c != '*') { +-# else /* !AMIGA */ +- if (*p != '*') { +-# endif /* ?AMIGA */ +- /* single "*": this doesn't match the dirsep character */ +- for (; *s && *s != (uch)sepc; INCSTR(s)) +- if ((c = recmatch(p, s, ic, sepc)) != 0) +- return (int)c; +- /* end of pattern: matched if at end of string, else continue */ +- if (*p == '\0') +- return (*s == 0); +- /* continue to match if at sepc in pattern, else give up */ +- return (*p == (uch)sepc || (*p == '\\' && p[1] == (uch)sepc)) +- ? recmatch(p, s, ic, sepc) : 2; +- } +- /* "**": this matches slashes */ +- ++p; /* move p behind the second '*' */ +- /* and continue with the non-W_flag code variant */ +- } +-#endif /* WILD_STOP_AT_DIR */ ++ if (!no_wild && c == WILDCHR_MULTI) ++ { ++ if (wild_stop_at_dir) { ++ /* Check for an immediately following WILDCHR_MULTI */ ++# ifdef AMIGA ++ if ((c = p[0]) == '#' && p[1] == '?') /* "#?" is Amiga-ese for "*" */ ++ c = WILDCHR_MULTI, p++; ++ if (c != WILDCHR_MULTI) { ++# else /* !AMIGA */ ++ if (*p != WILDCHR_MULTI) { ++# endif /* ?AMIGA */ ++ /* Single WILDCHR_MULTI ('*'): this doesn't match slashes */ ++ for (; *s && *s != DIRSEP_CHR; INCSTR(s)) ++ if ((c = recmatch(p, s, cs)) != 0) ++ return c; ++ /* end of pattern: matched if at end of string, else continue */ + if (*p == 0) +- return 1; +- if (isshexp((ZCONST char *)p) == NULL) { +- /* Optimization for rest of pattern being a literal string: +- * If there are no other shell expression chars in the rest +- * of the pattern behind the multi-char wildcard, then just +- * compare the literal string tail. +- */ +- ZCONST uch *srest; +- +- srest = s + (strlen((ZCONST char *)s) - strlen((ZCONST char *)p)); +- if (srest - s < 0) +- /* remaining literal string from pattern is longer than rest +- * of test string, there can't be a match +- */ +- return 0; +- else +- /* compare the remaining literal pattern string with the last +- * bytes of the test string to check for a match +- */ ++ return (*s == 0); ++ /* continue to match if at DIRSEP_CHR in pattern, else give up */ ++ return (*p == DIRSEP_CHR || (*p == '\\' && p[1] == DIRSEP_CHR)) ++ ? recmatch(p, s, cs) : 2; ++ } ++ /* Two consecutive WILDCHR_MULTI ("**"): this matches DIRSEP_CHR ('/') */ ++ p++; /* move p past the second WILDCHR_MULTI */ ++ /* continue with the normal non-WILD_STOP_AT_DIR code */ ++ } /* wild_stop_at_dir */ ++ ++ /* Not wild_stop_at_dir */ ++ if (*p == 0) ++ return 1; ++ if (!isshexp((char *)p)) ++ { ++ /* optimization for rest of pattern being a literal string */ ++ ++ /* optimization to handle patterns like *.txt */ ++ /* if the first char in the pattern is '*' and there */ ++ /* are no other shell expression chars, i.e. a literal string */ ++ /* then just compare the literal string at the end */ ++ ++ ZCONST char *srest; ++ ++ srest = s + (strlen(s) - strlen(p)); ++ if (srest - s < 0) ++ /* remaining literal string from pattern is longer than rest of ++ test string, there can't be a match ++ */ ++ return 0; ++ else ++ /* compare the remaining literal pattern string with the last bytes ++ of the test string to check for a match */ + #ifdef _MBCS +- { +- ZCONST uch *q = s; ++ { ++ ZCONST char *q = s; + +- /* MBCS-aware code must not scan backwards into a string from +- * the end. +- * So, we have to move forward by character from our well-known +- * character position s in the test string until we have +- * advanced to the srest position. +- */ +- while (q < srest) +- INCSTR(q); +- /* In case the byte *srest is a trailing byte of a multibyte +- * character in the test string s, we have actually advanced +- * past the position (srest). +- * For this case, the match has failed! +- */ +- if (q != srest) +- return 0; +- return ((ic +- ? namecmp((ZCONST char *)p, (ZCONST char *)q) +- : strcmp((ZCONST char *)p, (ZCONST char *)q) +- ) == 0); +- } ++ /* MBCS-aware code must not scan backwards into a string from ++ * the end. ++ * So, we have to move forward by character from our well-known ++ * character position s in the test string until we have advanced ++ * to the srest position. ++ */ ++ while (q < srest) ++ INCSTR(q); ++ /* In case the byte *srest is a trailing byte of a multibyte ++ * character, we have actually advanced past the position (srest). ++ * For this case, the match has failed! ++ */ ++ if (q != srest) ++ return 0; ++ return ((cs ? strcmp(p, q) : namecmp(p, q)) == 0); ++ } + #else /* !_MBCS */ +- return ((ic +- ? namecmp((ZCONST char *)p, (ZCONST char *)srest) +- : strcmp((ZCONST char *)p, (ZCONST char *)srest) +- ) == 0); ++ return ((cs ? strcmp(p, srest) : namecmp(p, srest)) == 0); + #endif /* ?_MBCS */ +- } else { +- /* pattern contains more wildcards, continue with recursion... */ +- for (; *s; INCSTR(s)) +- if ((c = recmatch(p, s, ic __WDL)) != 0) +- return (int)c; +- return 2; /* 2 means give up--match will return false */ +- } + } +- +- /* Parse and process the list of characters and ranges in brackets */ +- if (c == BEG_RANGE) { +- int e; /* flag true if next char to be taken literally */ +- ZCONST uch *q; /* pointer to end of [-] group */ +- int r; /* flag true to match anything but the range */ +- +- if (*s == 0) /* need a character to match */ +- return 0; +- p += (r = (*p == '!' || *p == '^')); /* see if reverse */ +- for (q = p, e = 0; *q; INCSTR(q)) /* find closing bracket */ +- if (e) +- e = 0; +- else +- if (*q == '\\') /* GRR: change to ^ for MS-DOS, OS/2? */ +- e = 1; +- else if (*q == END_RANGE) +- break; +- if (*q != END_RANGE) /* nothing matches if bad syntax */ +- return 0; +- for (c = 0, e = (*p == '-'); p < q; INCSTR(p)) { +- /* go through the list */ +- if (!e && *p == '\\') /* set escape flag if \ */ +- e = 1; +- else if (!e && *p == '-') /* set start of range if - */ +- c = *(p-1); +- else { +- unsigned int cc = Case(*s); +- +- if (*(p+1) != '-') +- for (c = c ? c : *p; c <= *p; c++) /* compare range */ +- if ((unsigned)Case(c) == cc) /* typecast for MSC bug */ +- return r ? 0 : recmatch(q + 1, s + 1, ic __WDL); +- c = e = 0; /* clear range, escape flags */ +- } +- } +- return r ? recmatch(q + CLEN(q), s + CLEN(s), ic __WDL) : 0; +- /* bracket match failed */ ++ else ++ { ++ /* pattern contains more wildcards, continue with recursion... */ ++ for (; *s; INCSTR(s)) ++ if ((c = recmatch(p, s, cs)) != 0) ++ return c; ++ return 2; /* 2 means give up--shmatch will return false */ + } ++ } + +- /* if escape ('\\'), just compare next character */ +- if (c == '\\' && (c = *p++) == 0) /* if \ at end, then syntax error */ +- return 0; ++#ifndef VMS /* No bracket matching in VMS */ ++ /* Parse and process the list of characters and ranges in brackets */ ++ if (!no_wild && allow_regex && c == '[') ++ { ++ int e; /* flag true if next char to be taken literally */ ++ ZCONST char *q; /* pointer to end of [-] group */ ++ int r; /* flag true to match anything but the range */ ++ ++ if (*s == 0) /* need a character to match */ ++ return 0; ++ p += (r = (*p == '!' || *p == '^')); /* see if reverse */ ++ for (q = p, e = 0; *q; q++) /* find closing bracket */ ++ if (e) ++ e = 0; ++ else ++ if (*q == '\\') ++ e = 1; ++ else if (*q == ']') ++ break; ++ if (*q != ']') /* nothing matches if bad syntax */ ++ return 0; ++ for (c = 0, e = *p == '-'; p < q; p++) /* go through the list */ ++ { ++ if (e == 0 && *p == '\\') /* set escape flag if \ */ ++ e = 1; ++ else if (e == 0 && *p == '-') /* set start of range if - */ ++ c = *(p-1); ++ else ++ { ++ uch cc = (cs ? (uch)*s : case_map((uch)*s)); ++ uch uc = (uch) c; ++ if (*(p+1) != '-') ++ for (uc = uc ? uc : (uch)*p; uc <= (uch)*p; uc++) ++ /* compare range */ ++ if ((cs ? uc : case_map(uc)) == cc) ++ return r ? 0 : recmatch(q + CLEN(q), s + CLEN(s), cs); ++ c = e = 0; /* clear range, escape flags */ ++ } ++ } ++ return r ? recmatch(q + CLEN(q), s + CLEN(s), cs) : 0; ++ /* bracket match failed */ ++ } ++#endif /* !VMS */ + +- /* just a character--compare it */ +-#ifdef QDOS +- return QMatch(Case((uch)c), Case(*s)) ? +- recmatch(p, s + CLEN(s), ic __WDL) : 0; +-#else +- return Case((uch)c) == Case(*s) ? +- recmatch(p, s + CLEN(s), ic __WDL) : 0; +-#endif ++ /* If escape ('\'), just compare next character */ ++ if (!no_wild && c == '\\') ++ if ((c = *p++) == '\0') /* if \ at end, then syntax error */ ++ return 0; ++ ++#ifdef VMS ++ /* 2005-11-06 SMS. ++ Handle "..." wildcard in p with "." or "]" in s. ++ */ ++ if ((c == '.') && (*p == '.') && (*(p+ CLEN( p)) == '.') && ++ ((*s == '.') || (*s == ']'))) ++ { ++ /* Match "...]" with "]". Continue after "]" in both. */ ++ if ((*(p+ 2* CLEN( p)) == ']') && (*s == ']')) ++ return recmatch( (p+ 3* CLEN( p)), (s+ CLEN( s)), cs); ++ ++ /* Else, look for a reduced match in s, until "]" in or end of s. */ ++ for (; *s && (*s != ']'); INCSTR(s)) ++ if (*s == '.') ++ /* If reduced match, then continue after "..." in p, "." in s. */ ++ if ((c = recmatch( (p+ CLEN( p)), s, cs)) != 0) ++ return (int)c; ++ ++ /* Match "...]" with "]". Continue after "]" in both. */ ++ if ((*(p+ 2* CLEN( p)) == ']') && (*s == ']')) ++ return recmatch( (p+ 3* CLEN( p)), (s+ CLEN( s)), cs); ++ ++ /* No reduced match. Quit. */ ++ return 2; ++ } ++ ++#endif /* def VMS */ ++ ++ /* Just a character--compare it */ ++ return (cs ? c == *s : case_map((uch)c) == case_map((uch)*s)) ? ++ recmatch(p, s + CLEN(s), cs) : 0; ++} + +-} /* end function recmatch() */ + + + ++/*************************************************************************************************/ + static char *isshexp(p) + ZCONST char *p; + /* If p is a sh expression, a pointer to the first special character is diff --git a/gnu/packages/patches/unzip-manpage-fix.patch b/gnu/packages/patches/unzip-manpage-fix.patch new file mode 100644 index 0000000000..ec06516bbb --- /dev/null +++ b/gnu/packages/patches/unzip-manpage-fix.patch @@ -0,0 +1,11 @@ +--- unzip60/man/unzip.1 2011-01-11 11:59:59.000000000 +0000 ++++ unzip60/man/unzip_new 2011-02-05 18:45:55.000000000 +0000 +@@ -424,7 +424,7 @@ + .\" Amiga support possible eventually, but not yet + [MS-DOS, OS/2, NT] restore the volume label if the extraction medium is + removable (e.g., a diskette). Doubling the option (\fB\-$$\fP) allows fixed +-media (hard disks) to be labelled as well. By default, volume labels are ++media (hard disks) to be labeled as well. By default, volume labels are + ignored. + .IP \fB\-/\fP\ \fIextensions\fP + [Acorn only] overrides the extension list supplied by Unzip$Ext environment diff --git a/gnu/packages/patches/unzip-overflow.patch b/gnu/packages/patches/unzip-overflow.patch new file mode 100644 index 0000000000..228c28377f --- /dev/null +++ b/gnu/packages/patches/unzip-overflow.patch @@ -0,0 +1,25 @@ +diff --git a/extract.c b/extract.c +index a0a4929..9ef80b3 100644 +--- a/extract.c ++++ b/extract.c +@@ -2214,6 +2214,7 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata) + ulg eb_ucsize; + uch *eb_ucptr; + int r; ++ ush method; + + if (compr_offset < 4) /* field is not compressed: */ + return PK_OK; /* do nothing and signal OK */ +@@ -2223,6 +2224,12 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata) + eb_size <= (compr_offset + EB_CMPRHEADLEN))) + return IZ_EF_TRUNC; /* no compressed data! */ + ++ method = makeword(eb + (EB_HEADSIZE + compr_offset)); ++ if ((method == STORED) && (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize)) ++ return PK_ERR; /* compressed & uncompressed ++ * should match in STORED ++ * method */ ++ + if ( + #ifdef INT_16BIT + (((ulg)(extent)eb_ucsize) != eb_ucsize) || diff --git a/gnu/packages/patches/unzip-symlink.patch b/gnu/packages/patches/unzip-symlink.patch new file mode 100644 index 0000000000..d7eaf160b4 --- /dev/null +++ b/gnu/packages/patches/unzip-symlink.patch @@ -0,0 +1,17 @@ +diff --git a/process.c b/process.c +index 1e9a1e1..905732b 100644 +--- a/process.c ++++ b/process.c +@@ -1751,6 +1751,12 @@ int process_cdir_file_hdr(__G) /* return PK-type error code */ + = (G.crec.general_purpose_bit_flag & (1 << 11)) == (1 << 11); + #endif + ++#ifdef SYMLINKS ++ /* Initialize the symlink flag, may be set by the platform-specific ++ mapattr function. */ ++ G.pInfo->symlink = 0; ++#endif ++ + return PK_COOL; + + } /* end function process_cdir_file_hdr() */ diff --git a/gnu/packages/patches/unzip-timestamp.patch b/gnu/packages/patches/unzip-timestamp.patch new file mode 100644 index 0000000000..2aa9424eb8 --- /dev/null +++ b/gnu/packages/patches/unzip-timestamp.patch @@ -0,0 +1,41 @@ +From: "Steven M. Schweda" +Subject: Do not ignore extra fields containing Unix Timestamps +Bug-Debian: https://bugs.debian.org/842993 +X-Debian-version: 6.0-21 + +--- a/process.c ++++ b/process.c +@@ -2914,10 +2914,13 @@ + break; + + case EF_IZUNIX2: +- if (have_new_type_eb == 0) { +- flags &= ~0x0ff; /* ignore any previous IZUNIX field */ ++ if (have_new_type_eb == 0) { /* (< 1) */ + have_new_type_eb = 1; + } ++ if (have_new_type_eb <= 1) { ++ /* Ignore any prior (EF_IZUNIX/EF_PKUNIX) UID/GID. */ ++ flags &= 0x0ff; ++ } + #ifdef IZ_HAVE_UXUIDGID + if (have_new_type_eb > 1) + break; /* IZUNIX3 overrides IZUNIX2 e.f. block ! */ +@@ -2933,6 +2936,8 @@ + /* new 3rd generation Unix ef */ + have_new_type_eb = 2; + ++ /* Ignore any prior EF_IZUNIX/EF_PKUNIX/EF_IZUNIX2 UID/GID. */ ++ flags &= 0x0ff; + /* + Version 1 byte version of this extra field, currently 1 + UIDSize 1 byte Size of UID field +@@ -2953,8 +2958,6 @@ + uid_size = *((EB_HEADSIZE + 1) + ef_buf); + gid_size = *((EB_HEADSIZE + uid_size + 2) + ef_buf); + +- flags &= ~0x0ff; /* ignore any previous UNIX field */ +- + if ( read_ux3_value((EB_HEADSIZE + 2) + ef_buf, + uid_size, &z_uidgid[0]) + && diff --git a/gnu/packages/patches/unzip-valgrind.patch b/gnu/packages/patches/unzip-valgrind.patch new file mode 100644 index 0000000000..41a752023b --- /dev/null +++ b/gnu/packages/patches/unzip-valgrind.patch @@ -0,0 +1,26 @@ +diff --git a/fileio.c b/fileio.c +index ba0a1d0..03fc4be 100644 +--- a/fileio.c ++++ b/fileio.c +@@ -2006,6 +2006,7 @@ int do_string(__G__ length, option) /* return PK-type error code */ + unsigned comment_bytes_left; + unsigned int block_len; + int error=PK_OK; ++ unsigned int length2; + #ifdef AMIGA + char tmp_fnote[2 * AMIGA_FILENOTELEN]; /* extra room for squozen chars */ + #endif +@@ -2292,8 +2293,12 @@ int do_string(__G__ length, option) /* return PK-type error code */ + seek_zipf(__G__ G.cur_zipfile_bufstart - G.extra_bytes + + (G.inptr-G.inbuf) + length); + } else { +- if (readbuf(__G__ (char *)G.extra_field, length) == 0) ++ if ((length2 = readbuf(__G__ (char *)G.extra_field, length)) == 0) + return PK_EOF; ++ if(length2 < length) { ++ memset (__G__ (char *)G.extra_field+length2, 0 , length-length2); ++ length = length2; ++ } + /* Looks like here is where extra fields are read */ + getZip64Data(__G__ G.extra_field, length); + #ifdef UNICODE_SUPPORT diff --git a/gnu/packages/patches/unzip-x-option.patch b/gnu/packages/patches/unzip-x-option.patch new file mode 100644 index 0000000000..72c77aeb78 --- /dev/null +++ b/gnu/packages/patches/unzip-x-option.patch @@ -0,0 +1,28 @@ +--- ./process.c.orig 2009-03-06 02:25:10.000000000 +0100 ++++ ./process.c 2013-09-12 10:51:16.000000000 +0200 +@@ -2901,9 +2901,9 @@ + */ + + #ifdef IZ_HAVE_UXUIDGID +- if (eb_len >= EB_UX3_MINLEN +- && z_uidgid != NULL +- && (*((EB_HEADSIZE + 0) + ef_buf) == 1) ++ if ((eb_len >= EB_UX3_MINLEN) ++ && (z_uidgid != NULL) ++ && ((*((EB_HEADSIZE + 0) + ef_buf) == 1))) + /* only know about version 1 */ + { + uch uid_size; +@@ -2915,10 +2915,10 @@ + flags &= ~0x0ff; /* ignore any previous UNIX field */ + + if ( read_ux3_value((EB_HEADSIZE + 2) + ef_buf, +- uid_size, z_uidgid[0]) ++ uid_size, &z_uidgid[0]) + && + read_ux3_value((EB_HEADSIZE + uid_size + 3) + ef_buf, +- gid_size, z_uidgid[1]) ) ++ gid_size, &z_uidgid[1]) ) + { + flags |= EB_UX2_VALID; /* signal success */ + } diff --git a/gnu/packages/patches/unzip-zipbomb-manpage.patch b/gnu/packages/patches/unzip-zipbomb-manpage.patch new file mode 100644 index 0000000000..cdeeea5c93 --- /dev/null +++ b/gnu/packages/patches/unzip-zipbomb-manpage.patch @@ -0,0 +1,25 @@ +From 6fe72291a5563cdbcd2bdd87e36528537b7cdcfb Mon Sep 17 00:00:00 2001 +From: Jakub Martisko +Date: Mon, 18 Nov 2019 14:17:46 +0100 +Subject: [PATCH] update the man page + +--- + man/unzip.1 | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/man/unzip.1 b/man/unzip.1 +index 21816d1..4d66073 100644 +--- a/man/unzip.1 ++++ b/man/unzip.1 +@@ -850,6 +850,8 @@ the specified zipfiles were not found. + invalid options were specified on the command line. + .IP 11 + no matching files were found. ++.IP 12 ++invalid zip file with overlapped components (possible zip bomb). + .IP 50 + the disk is (or was) full during extraction. + .IP 51 +-- +2.23.0 + diff --git a/gnu/packages/patches/unzip-zipbomb-part1.patch b/gnu/packages/patches/unzip-zipbomb-part1.patch new file mode 100644 index 0000000000..35cf856522 --- /dev/null +++ b/gnu/packages/patches/unzip-zipbomb-part1.patch @@ -0,0 +1,25 @@ +From 41beb477c5744bc396fa1162ee0c14218ec12213 Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Mon, 27 May 2019 08:20:32 -0700 +Subject: [PATCH] Fix bug in undefer_input() that misplaced the input state. + +--- + fileio.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/fileio.c b/fileio.c +index c042987..bc00d74 100644 +--- a/fileio.c ++++ b/fileio.c +@@ -530,8 +530,10 @@ void undefer_input(__G) + * This condition was checked when G.incnt_leftover was set > 0 in + * defer_leftover_input(), and it is NOT allowed to touch G.csize + * before calling undefer_input() when (G.incnt_leftover > 0) +- * (single exception: see read_byte()'s "G.csize <= 0" handling) !! ++ * (single exception: see readbyte()'s "G.csize <= 0" handling) !! + */ ++ if (G.csize < 0L) ++ G.csize = 0L; + G.incnt = G.incnt_leftover + (int)G.csize; + G.inptr = G.inptr_leftover - (int)G.csize; + G.incnt_leftover = 0; diff --git a/gnu/packages/patches/unzip-zipbomb-part2.patch b/gnu/packages/patches/unzip-zipbomb-part2.patch new file mode 100644 index 0000000000..903c845763 --- /dev/null +++ b/gnu/packages/patches/unzip-zipbomb-part2.patch @@ -0,0 +1,349 @@ +From 47b3ceae397d21bf822bc2ac73052a4b1daf8e1c Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Tue, 11 Jun 2019 22:01:18 -0700 +Subject: [PATCH] Detect and reject a zip bomb using overlapped entries. + +This detects an invalid zip file that has at least one entry that +overlaps with another entry or with the central directory to the +end of the file. A Fifield zip bomb uses overlapped local entries +to vastly increase the potential inflation ratio. Such an invalid +zip file is rejected. + +See https://www.bamsoftware.com/hacks/zipbomb/ for David Fifield's +analysis, construction, and examples of such zip bombs. + +The detection maintains a list of covered spans of the zip files +so far, where the central directory to the end of the file and any +bytes preceding the first entry at zip file offset zero are +considered covered initially. Then as each entry is decompressed +or tested, it is considered covered. When a new entry is about to +be processed, its initial offset is checked to see if it is +contained by a covered span. If so, the zip file is rejected as +invalid. + +This commit depends on a preceding commit: "Fix bug in +undefer_input() that misplaced the input state." +--- + extract.c | 190 +++++++++++++++++++++++++++++++++++++++++++++++++++++- + globals.c | 1 + + globals.h | 3 + + process.c | 11 ++++ + unzip.h | 1 + + 5 files changed, 205 insertions(+), 1 deletion(-) + +diff --git a/extract.c b/extract.c +index 1acd769..0973a33 100644 +--- a/extract.c ++++ b/extract.c +@@ -319,6 +319,125 @@ static ZCONST char Far UnsupportedExtraField[] = + "\nerror: unsupported extra-field compression type (%u)--skipping\n"; + static ZCONST char Far BadExtraFieldCRC[] = + "error [%s]: bad extra-field CRC %08lx (should be %08lx)\n"; ++static ZCONST char Far NotEnoughMemCover[] = ++ "error: not enough memory for bomb detection\n"; ++static ZCONST char Far OverlappedComponents[] = ++ "error: invalid zip file with overlapped components (possible zip bomb)\n"; ++ ++ ++ ++ ++ ++/* A growable list of spans. */ ++typedef zoff_t bound_t; ++typedef struct { ++ bound_t beg; /* start of the span */ ++ bound_t end; /* one past the end of the span */ ++} span_t; ++typedef struct { ++ span_t *span; /* allocated, distinct, and sorted list of spans */ ++ size_t num; /* number of spans in the list */ ++ size_t max; /* allocated number of spans (num <= max) */ ++} cover_t; ++ ++/* ++ * Return the index of the first span in cover whose beg is greater than val. ++ * If there is no such span, then cover->num is returned. ++ */ ++static size_t cover_find(cover, val) ++ cover_t *cover; ++ bound_t val; ++{ ++ size_t lo = 0, hi = cover->num; ++ while (lo < hi) { ++ size_t mid = (lo + hi) >> 1; ++ if (val < cover->span[mid].beg) ++ hi = mid; ++ else ++ lo = mid + 1; ++ } ++ return hi; ++} ++ ++/* Return true if val lies within any one of the spans in cover. */ ++static int cover_within(cover, val) ++ cover_t *cover; ++ bound_t val; ++{ ++ size_t pos = cover_find(cover, val); ++ return pos > 0 && val < cover->span[pos - 1].end; ++} ++ ++/* ++ * Add a new span to the list, but only if the new span does not overlap any ++ * spans already in the list. The new span covers the values beg..end-1. beg ++ * must be less than end. ++ * ++ * Keep the list sorted and merge adjacent spans. Grow the allocated space for ++ * the list as needed. On success, 0 is returned. If the new span overlaps any ++ * existing spans, then 1 is returned and the new span is not added to the ++ * list. If the new span is invalid because beg is greater than or equal to ++ * end, then -1 is returned. If the list needs to be grown but the memory ++ * allocation fails, then -2 is returned. ++ */ ++static int cover_add(cover, beg, end) ++ cover_t *cover; ++ bound_t beg; ++ bound_t end; ++{ ++ size_t pos; ++ int prec, foll; ++ ++ if (beg >= end) ++ /* The new span is invalid. */ ++ return -1; ++ ++ /* Find where the new span should go, and make sure that it does not ++ overlap with any existing spans. */ ++ pos = cover_find(cover, beg); ++ if ((pos > 0 && beg < cover->span[pos - 1].end) || ++ (pos < cover->num && end > cover->span[pos].beg)) ++ return 1; ++ ++ /* Check for adjacencies. */ ++ prec = pos > 0 && beg == cover->span[pos - 1].end; ++ foll = pos < cover->num && end == cover->span[pos].beg; ++ if (prec && foll) { ++ /* The new span connects the preceding and following spans. Merge the ++ following span into the preceding span, and delete the following ++ span. */ ++ cover->span[pos - 1].end = cover->span[pos].end; ++ cover->num--; ++ memmove(cover->span + pos, cover->span + pos + 1, ++ (cover->num - pos) * sizeof(span_t)); ++ } ++ else if (prec) ++ /* The new span is adjacent only to the preceding span. Extend the end ++ of the preceding span. */ ++ cover->span[pos - 1].end = end; ++ else if (foll) ++ /* The new span is adjacent only to the following span. Extend the ++ beginning of the following span. */ ++ cover->span[pos].beg = beg; ++ else { ++ /* The new span has gaps between both the preceding and the following ++ spans. Assure that there is room and insert the span. */ ++ if (cover->num == cover->max) { ++ size_t max = cover->max == 0 ? 16 : cover->max << 1; ++ span_t *span = realloc(cover->span, max * sizeof(span_t)); ++ if (span == NULL) ++ return -2; ++ cover->span = span; ++ cover->max = max; ++ } ++ memmove(cover->span + pos + 1, cover->span + pos, ++ (cover->num - pos) * sizeof(span_t)); ++ cover->num++; ++ cover->span[pos].beg = beg; ++ cover->span[pos].end = end; ++ } ++ return 0; ++} + + + +@@ -374,6 +493,29 @@ int extract_or_test_files(__G) /* return PK-type error code */ + } + #endif /* !SFX || SFX_EXDIR */ + ++ /* One more: initialize cover structure for bomb detection. Start with a ++ span that covers the central directory though the end of the file. */ ++ if (G.cover == NULL) { ++ G.cover = malloc(sizeof(cover_t)); ++ if (G.cover == NULL) { ++ Info(slide, 0x401, ((char *)slide, ++ LoadFarString(NotEnoughMemCover))); ++ return PK_MEM; ++ } ++ ((cover_t *)G.cover)->span = NULL; ++ ((cover_t *)G.cover)->max = 0; ++ } ++ ((cover_t *)G.cover)->num = 0; ++ if ((G.extra_bytes != 0 && ++ cover_add((cover_t *)G.cover, 0, G.extra_bytes) != 0) || ++ cover_add((cover_t *)G.cover, ++ G.extra_bytes + G.ecrec.offset_start_central_directory, ++ G.ziplen) != 0) { ++ Info(slide, 0x401, ((char *)slide, ++ LoadFarString(NotEnoughMemCover))); ++ return PK_MEM; ++ } ++ + /*--------------------------------------------------------------------------- + The basic idea of this function is as follows. Since the central di- + rectory lies at the end of the zipfile and the member files lie at the +@@ -591,7 +733,8 @@ int extract_or_test_files(__G) /* return PK-type error code */ + if (error > error_in_archive) + error_in_archive = error; + /* ...and keep going (unless disk full or user break) */ +- if (G.disk_full > 1 || error_in_archive == IZ_CTRLC) { ++ if (G.disk_full > 1 || error_in_archive == IZ_CTRLC || ++ error == PK_BOMB) { + /* clear reached_end to signal premature stop ... */ + reached_end = FALSE; + /* ... and cancel scanning the central directory */ +@@ -1060,6 +1203,11 @@ static int extract_or_test_entrylist(__G__ numchunk, + + /* seek_zipf(__G__ pInfo->offset); */ + request = G.pInfo->offset + G.extra_bytes; ++ if (cover_within((cover_t *)G.cover, request)) { ++ Info(slide, 0x401, ((char *)slide, ++ LoadFarString(OverlappedComponents))); ++ return PK_BOMB; ++ } + inbuf_offset = request % INBUFSIZ; + bufstart = request - inbuf_offset; + +@@ -1591,6 +1739,18 @@ static int extract_or_test_entrylist(__G__ numchunk, + return IZ_CTRLC; /* cancel operation by user request */ + } + #endif ++ error = cover_add((cover_t *)G.cover, request, ++ G.cur_zipfile_bufstart + (G.inptr - G.inbuf)); ++ if (error < 0) { ++ Info(slide, 0x401, ((char *)slide, ++ LoadFarString(NotEnoughMemCover))); ++ return PK_MEM; ++ } ++ if (error != 0) { ++ Info(slide, 0x401, ((char *)slide, ++ LoadFarString(OverlappedComponents))); ++ return PK_BOMB; ++ } + #ifdef MACOS /* MacOS is no preemptive OS, thus call event-handling by hand */ + UserStop(); + #endif +@@ -1992,6 +2152,34 @@ static int extract_or_test_member(__G) /* return PK-type error code */ + } + + undefer_input(__G); ++ ++ if ((G.lrec.general_purpose_bit_flag & 8) != 0) { ++ /* skip over data descriptor (harder than it sounds, due to signature ++ * ambiguity) ++ */ ++# define SIG 0x08074b50 ++# define LOW 0xffffffff ++ uch buf[12]; ++ unsigned shy = 12 - readbuf((char *)buf, 12); ++ ulg crc = shy ? 0 : makelong(buf); ++ ulg clen = shy ? 0 : makelong(buf + 4); ++ ulg ulen = shy ? 0 : makelong(buf + 8); /* or high clen if ZIP64 */ ++ if (crc == SIG && /* if not SIG, no signature */ ++ (G.lrec.crc32 != SIG || /* if not SIG, have signature */ ++ (clen == SIG && /* if not SIG, no signature */ ++ ((G.lrec.csize & LOW) != SIG || /* if not SIG, have signature */ ++ (ulen == SIG && /* if not SIG, no signature */ ++ (G.zip64 ? G.lrec.csize >> 32 : G.lrec.ucsize) != SIG ++ /* if not SIG, have signature */ ++ ))))) ++ /* skip four more bytes to account for signature */ ++ shy += 4 - readbuf((char *)buf, 4); ++ if (G.zip64) ++ shy += 8 - readbuf((char *)buf, 8); /* skip eight more for ZIP64 */ ++ if (shy) ++ error = PK_ERR; ++ } ++ + return error; + + } /* end function extract_or_test_member() */ +diff --git a/globals.c b/globals.c +index fa8cca5..1e0f608 100644 +--- a/globals.c ++++ b/globals.c +@@ -181,6 +181,7 @@ Uz_Globs *globalsCtor() + # if (!defined(NO_TIMESTAMPS)) + uO.D_flag=1; /* default to '-D', no restoration of dir timestamps */ + # endif ++ G.cover = NULL; /* not allocated yet */ + #endif + + uO.lflag=(-1); +diff --git a/globals.h b/globals.h +index 11b7215..2bdcdeb 100644 +--- a/globals.h ++++ b/globals.h +@@ -260,12 +260,15 @@ typedef struct Globals { + ecdir_rec ecrec; /* used in unzip.c, extract.c */ + z_stat statbuf; /* used by main, mapname, check_for_newer */ + ++ int zip64; /* true if Zip64 info in extra field */ ++ + int mem_mode; + uch *outbufptr; /* extract.c static */ + ulg outsize; /* extract.c static */ + int reported_backslash; /* extract.c static */ + int disk_full; + int newfile; ++ void **cover; /* used in extract.c for bomb detection */ + + int didCRlast; /* fileio static */ + ulg numlines; /* fileio static: number of lines printed */ +diff --git a/process.c b/process.c +index 1e9a1e1..d2e4dc3 100644 +--- a/process.c ++++ b/process.c +@@ -637,6 +637,13 @@ void free_G_buffers(__G) /* releases all memory allocated in global vars */ + } + #endif + ++ /* Free the cover span list and the cover structure. */ ++ if (G.cover != NULL) { ++ free(*(G.cover)); ++ free(G.cover); ++ G.cover = NULL; ++ } ++ + } /* end function free_G_buffers() */ + + +@@ -1890,6 +1897,8 @@ int getZip64Data(__G__ ef_buf, ef_len) + #define Z64FLGS 0xffff + #define Z64FLGL 0xffffffff + ++ G.zip64 = FALSE; ++ + if (ef_len == 0 || ef_buf == NULL) + return PK_COOL; + +@@ -1927,6 +1936,8 @@ int getZip64Data(__G__ ef_buf, ef_len) + #if 0 + break; /* Expect only one EF_PKSZ64 block. */ + #endif /* 0 */ ++ ++ G.zip64 = TRUE; + } + + /* Skip this extra field block. */ +diff --git a/unzip.h b/unzip.h +index 5b2a326..ed24a5b 100644 +--- a/unzip.h ++++ b/unzip.h +@@ -645,6 +645,7 @@ typedef struct _Uzp_cdir_Rec { + #define PK_NOZIP 9 /* zipfile not found */ + #define PK_PARAM 10 /* bad or illegal parameters specified */ + #define PK_FIND 11 /* no files found */ ++#define PK_BOMB 12 /* likely zip bomb */ + #define PK_DISK 50 /* disk full */ + #define PK_EOF 51 /* unexpected EOF */ + diff --git a/gnu/packages/patches/unzip-zipbomb-part3.patch b/gnu/packages/patches/unzip-zipbomb-part3.patch new file mode 100644 index 0000000000..3b8d67b773 --- /dev/null +++ b/gnu/packages/patches/unzip-zipbomb-part3.patch @@ -0,0 +1,112 @@ +From 6d351831be705cc26d897db44f878a978f4138fc Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Thu, 25 Jul 2019 20:43:17 -0700 +Subject: [PATCH] Do not raise a zip bomb alert for a misplaced central + directory. + +There is a zip-like file in the Firefox distribution, omni.ja, +which is a zip container with the central directory placed at the +start of the file instead of after the local entries as required +by the zip standard. This commit marks the actual location of the +central directory, as well as the end of central directory records, +as disallowed locations. This now permits such containers to not +raise a zip bomb alert, where in fact there are no overlaps. +--- + extract.c | 25 +++++++++++++++++++------ + process.c | 6 ++++++ + unzpriv.h | 10 ++++++++++ + 3 files changed, 35 insertions(+), 6 deletions(-) + +diff --git a/extract.c b/extract.c +index 0973a33..1b73cb0 100644 +--- a/extract.c ++++ b/extract.c +@@ -493,8 +493,11 @@ int extract_or_test_files(__G) /* return PK-type error code */ + } + #endif /* !SFX || SFX_EXDIR */ + +- /* One more: initialize cover structure for bomb detection. Start with a +- span that covers the central directory though the end of the file. */ ++ /* One more: initialize cover structure for bomb detection. Start with ++ spans that cover any extra bytes at the start, the central directory, ++ the end of central directory record (including the Zip64 end of central ++ directory locator, if present), and the Zip64 end of central directory ++ record, if present. */ + if (G.cover == NULL) { + G.cover = malloc(sizeof(cover_t)); + if (G.cover == NULL) { +@@ -506,15 +509,25 @@ int extract_or_test_files(__G) /* return PK-type error code */ + ((cover_t *)G.cover)->max = 0; + } + ((cover_t *)G.cover)->num = 0; +- if ((G.extra_bytes != 0 && +- cover_add((cover_t *)G.cover, 0, G.extra_bytes) != 0) || +- cover_add((cover_t *)G.cover, ++ if (cover_add((cover_t *)G.cover, + G.extra_bytes + G.ecrec.offset_start_central_directory, +- G.ziplen) != 0) { ++ G.extra_bytes + G.ecrec.offset_start_central_directory + ++ G.ecrec.size_central_directory) != 0) { + Info(slide, 0x401, ((char *)slide, + LoadFarString(NotEnoughMemCover))); + return PK_MEM; + } ++ if ((G.extra_bytes != 0 && ++ cover_add((cover_t *)G.cover, 0, G.extra_bytes) != 0) || ++ (G.ecrec.have_ecr64 && ++ cover_add((cover_t *)G.cover, G.ecrec.ec64_start, ++ G.ecrec.ec64_end) != 0) || ++ cover_add((cover_t *)G.cover, G.ecrec.ec_start, ++ G.ecrec.ec_end) != 0) { ++ Info(slide, 0x401, ((char *)slide, ++ LoadFarString(OverlappedComponents))); ++ return PK_BOMB; ++ } + + /*--------------------------------------------------------------------------- + The basic idea of this function is as follows. Since the central di- +diff --git a/process.c b/process.c +index d2e4dc3..d75d405 100644 +--- a/process.c ++++ b/process.c +@@ -1408,6 +1408,10 @@ static int find_ecrec64(__G__ searchlen) /* return PK-class error */ + + /* Now, we are (almost) sure that we have a Zip64 archive. */ + G.ecrec.have_ecr64 = 1; ++ G.ecrec.ec_start -= ECLOC64_SIZE+4; ++ G.ecrec.ec64_start = ecrec64_start_offset; ++ G.ecrec.ec64_end = ecrec64_start_offset + ++ 12 + makeint64(&byterec[ECREC64_LENGTH]); + + /* Update the "end-of-central-dir offset" for later checks. */ + G.real_ecrec_offset = ecrec64_start_offset; +@@ -1542,6 +1546,8 @@ static int find_ecrec(__G__ searchlen) /* return PK-class error */ + makelong(&byterec[OFFSET_START_CENTRAL_DIRECTORY]); + G.ecrec.zipfile_comment_length = + makeword(&byterec[ZIPFILE_COMMENT_LENGTH]); ++ G.ecrec.ec_start = G.real_ecrec_offset; ++ G.ecrec.ec_end = G.ecrec.ec_start + 22 + G.ecrec.zipfile_comment_length; + + /* Now, we have to read the archive comment, BEFORE the file pointer + is moved away backwards to seek for a Zip64 ECLOC64 structure. +diff --git a/unzpriv.h b/unzpriv.h +index dc9eff5..297b3c7 100644 +--- a/unzpriv.h ++++ b/unzpriv.h +@@ -2185,6 +2185,16 @@ typedef struct VMStimbuf { + int have_ecr64; /* valid Zip64 ecdir-record exists */ + int is_zip64_archive; /* Zip64 ecdir-record is mandatory */ + ush zipfile_comment_length; ++ zusz_t ec_start, ec_end; /* offsets of start and end of the ++ end of central directory record, ++ including if present the Zip64 ++ end of central directory locator, ++ which immediately precedes the ++ end of central directory record */ ++ zusz_t ec64_start, ec64_end; /* if have_ecr64 is true, then these ++ are the offsets of the start and ++ end of the Zip64 end of central ++ directory record */ + } ecdir_rec; + + -- cgit v1.2.3 From cd73a812a39f64b6e326a8b598e8fb88ad0d65a4 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Sun, 14 Mar 2021 09:25:21 +0200 Subject: gnu: unzip: Rename patch. * gnu/packages/patches/unzip-case-insensitive.patch: Rename from unzip-caseinsensitive.patch. --- gnu/packages/patches/unzip-case-insensitive.patch | 131 ++++++++++++++++++++++ gnu/packages/patches/unzip-caseinsensitive.patch | 131 ---------------------- 2 files changed, 131 insertions(+), 131 deletions(-) create mode 100644 gnu/packages/patches/unzip-case-insensitive.patch delete mode 100644 gnu/packages/patches/unzip-caseinsensitive.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/unzip-case-insensitive.patch b/gnu/packages/patches/unzip-case-insensitive.patch new file mode 100644 index 0000000000..3cb68450b9 --- /dev/null +++ b/gnu/packages/patches/unzip-case-insensitive.patch @@ -0,0 +1,131 @@ +diff --git a/match.c b/match.c +index 6cd656f..4e569f5 100644 +--- a/match.c ++++ b/match.c +@@ -190,10 +190,10 @@ char *___tmp_ptr; + + #endif + +-static int recmatch(p, s, cs) ++static int recmatch(p, s, ci) + ZCONST char *p; /* sh pattern to match */ + ZCONST char *s; /* string to match it to */ +-int cs; /* flag: force case-sensitive matching */ ++int ci; /* flag: force case-insensitive matching */ + /* Recursively compare the sh pattern p with the string s and return 1 if + they match, and 0 or 2 if they don't or if there is a syntax error in the + pattern. This routine recurses on itself no deeper than the number of +@@ -214,7 +214,7 @@ int cs; /* flag: force case-sensitive matching */ + if (CLEN(p) == 2) { + if (CLEN(s) == 2) { + return (*p == *s && *(p+1) == *(s+1)) ? +- recmatch(p + 2, s + 2, cs) : 0; ++ recmatch(p + 2, s + 2, ci) : 0; + } else { + return 0; + } +@@ -230,9 +230,9 @@ int cs; /* flag: force case-sensitive matching */ + /* '?' (or '%' or '#') matches any character (but not an empty string) */ + if (c == WILDCHR_SINGLE) { + if (wild_stop_at_dir) +- return (*s && *s != DIRSEP_CHR) ? recmatch(p, s + CLEN(s), cs) : 0; ++ return (*s && *s != DIRSEP_CHR) ? recmatch(p, s + CLEN(s), ci) : 0; + else +- return *s ? recmatch(p, s + CLEN(s), cs) : 0; ++ return *s ? recmatch(p, s + CLEN(s), ci) : 0; + } + + /* WILDCHR_MULTI ('*') matches any number of characters, including zero */ +@@ -253,14 +253,14 @@ int cs; /* flag: force case-sensitive matching */ + # endif /* ?AMIGA */ + /* Single WILDCHR_MULTI ('*'): this doesn't match slashes */ + for (; *s && *s != DIRSEP_CHR; INCSTR(s)) +- if ((c = recmatch(p, s, cs)) != 0) ++ if ((c = recmatch(p, s, ci)) != 0) + return c; + /* end of pattern: matched if at end of string, else continue */ + if (*p == 0) + return (*s == 0); + /* continue to match if at DIRSEP_CHR in pattern, else give up */ + return (*p == DIRSEP_CHR || (*p == '\\' && p[1] == DIRSEP_CHR)) +- ? recmatch(p, s, cs) : 2; ++ ? recmatch(p, s, ci) : 2; + } + /* Two consecutive WILDCHR_MULTI ("**"): this matches DIRSEP_CHR ('/') */ + p++; /* move p past the second WILDCHR_MULTI */ +@@ -308,17 +308,17 @@ int cs; /* flag: force case-sensitive matching */ + */ + if (q != srest) + return 0; +- return ((cs ? strcmp(p, q) : namecmp(p, q)) == 0); ++ return ((!ci ? strcmp(p, q) : namecmp(p, q)) == 0); + } + #else /* !_MBCS */ +- return ((cs ? strcmp(p, srest) : namecmp(p, srest)) == 0); ++ return ((!ci ? strcmp(p, srest) : namecmp(p, srest)) == 0); + #endif /* ?_MBCS */ + } + else + { + /* pattern contains more wildcards, continue with recursion... */ + for (; *s; INCSTR(s)) +- if ((c = recmatch(p, s, cs)) != 0) ++ if ((c = recmatch(p, s, ci)) != 0) + return c; + return 2; /* 2 means give up--shmatch will return false */ + } +@@ -353,17 +353,17 @@ int cs; /* flag: force case-sensitive matching */ + c = *(p-1); + else + { +- uch cc = (cs ? (uch)*s : case_map((uch)*s)); ++ uch cc = (!ci ? (uch)*s : to_up((uch)*s)); + uch uc = (uch) c; + if (*(p+1) != '-') + for (uc = uc ? uc : (uch)*p; uc <= (uch)*p; uc++) + /* compare range */ +- if ((cs ? uc : case_map(uc)) == cc) +- return r ? 0 : recmatch(q + CLEN(q), s + CLEN(s), cs); ++ if ((!ci ? uc : to_up(uc)) == cc) ++ return r ? 0 : recmatch(q + CLEN(q), s + CLEN(s), ci); + c = e = 0; /* clear range, escape flags */ + } + } +- return r ? recmatch(q + CLEN(q), s + CLEN(s), cs) : 0; ++ return r ? recmatch(q + CLEN(q), s + CLEN(s), ci) : 0; + /* bracket match failed */ + } + #endif /* !VMS */ +@@ -382,18 +382,18 @@ int cs; /* flag: force case-sensitive matching */ + { + /* Match "...]" with "]". Continue after "]" in both. */ + if ((*(p+ 2* CLEN( p)) == ']') && (*s == ']')) +- return recmatch( (p+ 3* CLEN( p)), (s+ CLEN( s)), cs); ++ return recmatch( (p+ 3* CLEN( p)), (s+ CLEN( s)), ci); + + /* Else, look for a reduced match in s, until "]" in or end of s. */ + for (; *s && (*s != ']'); INCSTR(s)) + if (*s == '.') + /* If reduced match, then continue after "..." in p, "." in s. */ +- if ((c = recmatch( (p+ CLEN( p)), s, cs)) != 0) ++ if ((c = recmatch( (p+ CLEN( p)), s, ci)) != 0) + return (int)c; + + /* Match "...]" with "]". Continue after "]" in both. */ + if ((*(p+ 2* CLEN( p)) == ']') && (*s == ']')) +- return recmatch( (p+ 3* CLEN( p)), (s+ CLEN( s)), cs); ++ return recmatch( (p+ 3* CLEN( p)), (s+ CLEN( s)), ci); + + /* No reduced match. Quit. */ + return 2; +@@ -402,8 +402,8 @@ int cs; /* flag: force case-sensitive matching */ + #endif /* def VMS */ + + /* Just a character--compare it */ +- return (cs ? c == *s : case_map((uch)c) == case_map((uch)*s)) ? +- recmatch(p, s + CLEN(s), cs) : 0; ++ return (!ci ? c == *s : to_up((uch)c) == to_up((uch)*s)) ? ++ recmatch(p, s + CLEN(s), ci) : 0; + } + + diff --git a/gnu/packages/patches/unzip-caseinsensitive.patch b/gnu/packages/patches/unzip-caseinsensitive.patch deleted file mode 100644 index 3cb68450b9..0000000000 --- a/gnu/packages/patches/unzip-caseinsensitive.patch +++ /dev/null @@ -1,131 +0,0 @@ -diff --git a/match.c b/match.c -index 6cd656f..4e569f5 100644 ---- a/match.c -+++ b/match.c -@@ -190,10 +190,10 @@ char *___tmp_ptr; - - #endif - --static int recmatch(p, s, cs) -+static int recmatch(p, s, ci) - ZCONST char *p; /* sh pattern to match */ - ZCONST char *s; /* string to match it to */ --int cs; /* flag: force case-sensitive matching */ -+int ci; /* flag: force case-insensitive matching */ - /* Recursively compare the sh pattern p with the string s and return 1 if - they match, and 0 or 2 if they don't or if there is a syntax error in the - pattern. This routine recurses on itself no deeper than the number of -@@ -214,7 +214,7 @@ int cs; /* flag: force case-sensitive matching */ - if (CLEN(p) == 2) { - if (CLEN(s) == 2) { - return (*p == *s && *(p+1) == *(s+1)) ? -- recmatch(p + 2, s + 2, cs) : 0; -+ recmatch(p + 2, s + 2, ci) : 0; - } else { - return 0; - } -@@ -230,9 +230,9 @@ int cs; /* flag: force case-sensitive matching */ - /* '?' (or '%' or '#') matches any character (but not an empty string) */ - if (c == WILDCHR_SINGLE) { - if (wild_stop_at_dir) -- return (*s && *s != DIRSEP_CHR) ? recmatch(p, s + CLEN(s), cs) : 0; -+ return (*s && *s != DIRSEP_CHR) ? recmatch(p, s + CLEN(s), ci) : 0; - else -- return *s ? recmatch(p, s + CLEN(s), cs) : 0; -+ return *s ? recmatch(p, s + CLEN(s), ci) : 0; - } - - /* WILDCHR_MULTI ('*') matches any number of characters, including zero */ -@@ -253,14 +253,14 @@ int cs; /* flag: force case-sensitive matching */ - # endif /* ?AMIGA */ - /* Single WILDCHR_MULTI ('*'): this doesn't match slashes */ - for (; *s && *s != DIRSEP_CHR; INCSTR(s)) -- if ((c = recmatch(p, s, cs)) != 0) -+ if ((c = recmatch(p, s, ci)) != 0) - return c; - /* end of pattern: matched if at end of string, else continue */ - if (*p == 0) - return (*s == 0); - /* continue to match if at DIRSEP_CHR in pattern, else give up */ - return (*p == DIRSEP_CHR || (*p == '\\' && p[1] == DIRSEP_CHR)) -- ? recmatch(p, s, cs) : 2; -+ ? recmatch(p, s, ci) : 2; - } - /* Two consecutive WILDCHR_MULTI ("**"): this matches DIRSEP_CHR ('/') */ - p++; /* move p past the second WILDCHR_MULTI */ -@@ -308,17 +308,17 @@ int cs; /* flag: force case-sensitive matching */ - */ - if (q != srest) - return 0; -- return ((cs ? strcmp(p, q) : namecmp(p, q)) == 0); -+ return ((!ci ? strcmp(p, q) : namecmp(p, q)) == 0); - } - #else /* !_MBCS */ -- return ((cs ? strcmp(p, srest) : namecmp(p, srest)) == 0); -+ return ((!ci ? strcmp(p, srest) : namecmp(p, srest)) == 0); - #endif /* ?_MBCS */ - } - else - { - /* pattern contains more wildcards, continue with recursion... */ - for (; *s; INCSTR(s)) -- if ((c = recmatch(p, s, cs)) != 0) -+ if ((c = recmatch(p, s, ci)) != 0) - return c; - return 2; /* 2 means give up--shmatch will return false */ - } -@@ -353,17 +353,17 @@ int cs; /* flag: force case-sensitive matching */ - c = *(p-1); - else - { -- uch cc = (cs ? (uch)*s : case_map((uch)*s)); -+ uch cc = (!ci ? (uch)*s : to_up((uch)*s)); - uch uc = (uch) c; - if (*(p+1) != '-') - for (uc = uc ? uc : (uch)*p; uc <= (uch)*p; uc++) - /* compare range */ -- if ((cs ? uc : case_map(uc)) == cc) -- return r ? 0 : recmatch(q + CLEN(q), s + CLEN(s), cs); -+ if ((!ci ? uc : to_up(uc)) == cc) -+ return r ? 0 : recmatch(q + CLEN(q), s + CLEN(s), ci); - c = e = 0; /* clear range, escape flags */ - } - } -- return r ? recmatch(q + CLEN(q), s + CLEN(s), cs) : 0; -+ return r ? recmatch(q + CLEN(q), s + CLEN(s), ci) : 0; - /* bracket match failed */ - } - #endif /* !VMS */ -@@ -382,18 +382,18 @@ int cs; /* flag: force case-sensitive matching */ - { - /* Match "...]" with "]". Continue after "]" in both. */ - if ((*(p+ 2* CLEN( p)) == ']') && (*s == ']')) -- return recmatch( (p+ 3* CLEN( p)), (s+ CLEN( s)), cs); -+ return recmatch( (p+ 3* CLEN( p)), (s+ CLEN( s)), ci); - - /* Else, look for a reduced match in s, until "]" in or end of s. */ - for (; *s && (*s != ']'); INCSTR(s)) - if (*s == '.') - /* If reduced match, then continue after "..." in p, "." in s. */ -- if ((c = recmatch( (p+ CLEN( p)), s, cs)) != 0) -+ if ((c = recmatch( (p+ CLEN( p)), s, ci)) != 0) - return (int)c; - - /* Match "...]" with "]". Continue after "]" in both. */ - if ((*(p+ 2* CLEN( p)) == ']') && (*s == ']')) -- return recmatch( (p+ 3* CLEN( p)), (s+ CLEN( s)), cs); -+ return recmatch( (p+ 3* CLEN( p)), (s+ CLEN( s)), ci); - - /* No reduced match. Quit. */ - return 2; -@@ -402,8 +402,8 @@ int cs; /* flag: force case-sensitive matching */ - #endif /* def VMS */ - - /* Just a character--compare it */ -- return (cs ? c == *s : case_map((uch)c) == case_map((uch)*s)) ? -- recmatch(p, s + CLEN(s), cs) : 0; -+ return (!ci ? c == *s : to_up((uch)c) == to_up((uch)*s)) ? -+ recmatch(p, s + CLEN(s), ci) : 0; - } - - -- cgit v1.2.3 From 703843922aa32c833b1c0ea56ac7362230e60a3a Mon Sep 17 00:00:00 2001 From: Léo Le Bouter Date: Sun, 14 Mar 2021 09:09:45 +0100 Subject: gun: unzip/fixed: Fix tests on 32-bit systems. * gnu/packages/patches/unzip-32bit-zipbomb-fix.patch: New patch. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/compression.scm (unzip/fixed): Apply patch. --- gnu/local.mk | 1 + gnu/packages/compression.scm | 5 ++- gnu/packages/patches/unzip-32bit-zipbomb-fix.patch | 50 ++++++++++++++++++++++ 3 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/unzip-32bit-zipbomb-fix.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 6500f5bda2..25f8a7fde8 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1760,6 +1760,7 @@ dist_patch_DATA = \ %D%/packages/patches/unzip-zipbomb-part1.patch \ %D%/packages/patches/unzip-zipbomb-part2.patch \ %D%/packages/patches/unzip-zipbomb-part3.patch \ + %D%/packages/patches/unzip-32bit-zipbomb-fix.patch \ %D%/packages/patches/ustr-fix-build-with-gcc-5.patch \ %D%/packages/patches/util-linux-tests.patch \ %D%/packages/patches/upower-builddir.patch \ diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index 399e4451e7..123d408e96 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -1676,7 +1676,10 @@ recreates the stored directory structure by default.") "unzip-zipbomb-manpage.patch" "unzip-zipbomb-part1.patch" "unzip-zipbomb-part2.patch" - "unzip-zipbomb-part3.patch")))))) + "unzip-zipbomb-part3.patch" + + ;; https://github.com/madler/unzip/issues/2 + "unzip-32bit-zipbomb-fix.patch")))))) (define-public ziptime (let ((commit "2a5bc9dfbf7c6a80e5f7cb4dd05b4036741478bc") diff --git a/gnu/packages/patches/unzip-32bit-zipbomb-fix.patch b/gnu/packages/patches/unzip-32bit-zipbomb-fix.patch new file mode 100644 index 0000000000..ad6a157c56 --- /dev/null +++ b/gnu/packages/patches/unzip-32bit-zipbomb-fix.patch @@ -0,0 +1,50 @@ +From 13f0260beae851f7d5dd96e9ef757d8d6d7daac1 Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Sun, 9 Feb 2020 07:20:13 -0800 +Subject: [PATCH] Fix false overlapped components detection on 32-bit systems. + +32-bit systems with ZIP64_SUPPORT enabled could have different +size types for zoff_t and zusz_t. That resulted in bad parameter +passing to the bound tracking functions, itself due to the lack of +use of C function prototypes in unzip. This commit assures that +parameters are cast properly for those calls. + +This problem occurred only for ill-chosen make options, which give +a 32-bit zoff_t. A proper build will result in a zoff_t of 64 bits, +even on 32-bit systems. +--- + extract.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/extract.c b/extract.c +index 1b73cb0..d9866f9 100644 +--- a/extract.c ++++ b/extract.c +@@ -329,7 +329,7 @@ static ZCONST char Far OverlappedComponents[] = + + + /* A growable list of spans. */ +-typedef zoff_t bound_t; ++typedef zusz_t bound_t; + typedef struct { + bound_t beg; /* start of the span */ + bound_t end; /* one past the end of the span */ +@@ -518,7 +518,8 @@ int extract_or_test_files(__G) /* return PK-type error code */ + return PK_MEM; + } + if ((G.extra_bytes != 0 && +- cover_add((cover_t *)G.cover, 0, G.extra_bytes) != 0) || ++ cover_add((cover_t *)G.cover, ++ (bound_t)0, (bound_t)G.extra_bytes) != 0) || + (G.ecrec.have_ecr64 && + cover_add((cover_t *)G.cover, G.ecrec.ec64_start, + G.ecrec.ec64_end) != 0) || +@@ -1216,7 +1217,7 @@ static int extract_or_test_entrylist(__G__ numchunk, + + /* seek_zipf(__G__ pInfo->offset); */ + request = G.pInfo->offset + G.extra_bytes; +- if (cover_within((cover_t *)G.cover, request)) { ++ if (cover_within((cover_t *)G.cover, (bound_t)request)) { + Info(slide, 0x401, ((char *)slide, + LoadFarString(OverlappedComponents))); + return PK_BOMB; -- cgit v1.2.3 From d059485257bbe5b4f4d903b357ec99a3af2d4f39 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Sun, 14 Mar 2021 19:12:53 -0400 Subject: gnu: unzip: Remove redundant and unused "unzip-symlink.patch". This is a followup to commit 31d289a4759909d24dd309ac24d42902a8c20da0, which added, but did not use, "unzip-symlink.patch", which is redundant with the pre-existing "unzip-initialize-symlink-flag.patch". * gnu/packages/patches/unzip-symlink.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/patches/unzip-symlink.patch | 17 ----------------- 2 files changed, 18 deletions(-) delete mode 100644 gnu/packages/patches/unzip-symlink.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 25f8a7fde8..cf8849cf59 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1752,7 +1752,6 @@ dist_patch_DATA = \ %D%/packages/patches/unzip-fix-recmatch.patch \ %D%/packages/patches/unzip-manpage-fix.patch \ %D%/packages/patches/unzip-overflow.patch \ - %D%/packages/patches/unzip-symlink.patch \ %D%/packages/patches/unzip-timestamp.patch \ %D%/packages/patches/unzip-valgrind.patch \ %D%/packages/patches/unzip-x-option.patch \ diff --git a/gnu/packages/patches/unzip-symlink.patch b/gnu/packages/patches/unzip-symlink.patch deleted file mode 100644 index d7eaf160b4..0000000000 --- a/gnu/packages/patches/unzip-symlink.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff --git a/process.c b/process.c -index 1e9a1e1..905732b 100644 ---- a/process.c -+++ b/process.c -@@ -1751,6 +1751,12 @@ int process_cdir_file_hdr(__G) /* return PK-type error code */ - = (G.crec.general_purpose_bit_flag & (1 << 11)) == (1 << 11); - #endif - -+#ifdef SYMLINKS -+ /* Initialize the symlink flag, may be set by the platform-specific -+ mapattr function. */ -+ G.pInfo->symlink = 0; -+#endif -+ - return PK_COOL; - - } /* end function process_cdir_file_hdr() */ -- cgit v1.2.3 From d15fdb66f33b5abf5f719bc87c27c94c206fc542 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sat, 28 Nov 2020 00:33:13 -0500 Subject: gnu: qemu: Update to 5.2.0. * gnu/packages/virtualization.scm (qemu): Update to 5.2.0. [source]: Re-indent and break long lines, to appease 'guix lint'. [arguments]{disable-unusable-tests}: Adjust for the new Meson build system. Remove patching for a test workaround that has been resolved in 5.2.0. {patch-test-shebangs, patch-/bin/sh-references}: Combine into... {patch-embedded-shebangs}: ... this new phase. Patch the SHELL variable in the Makefile. {fix-optionrom-makefile}: New phase. {install-user-static}: Adjust as the binaries are now symbolic links pointing to their actual build path. [native-inputs]: Add ninja. * gnu/packages/patches/qemu-build-info-manual.patch: Update patch. Co-authored-by: Maxim Cournoyer Signed-off-by: Maxim Cournoyer --- gnu/packages/patches/qemu-build-info-manual.patch | 201 ++++++++++------------ gnu/packages/virtualization.scm | 51 +++--- 2 files changed, 120 insertions(+), 132 deletions(-) (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/qemu-build-info-manual.patch b/gnu/packages/patches/qemu-build-info-manual.patch index d57b26ea00..c837040d45 100644 --- a/gnu/packages/patches/qemu-build-info-manual.patch +++ b/gnu/packages/patches/qemu-build-info-manual.patch @@ -1,90 +1,29 @@ -From 07303a0a4daa83a0555ac4abad7a5d65584307ad Mon Sep 17 00:00:00 2001 +From 2793f47c066ed396b38893c10533202fceb1a05f Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Thu, 17 Sep 2020 13:28:19 -0400 -Subject: [PATCH] build: Build and install the info manual. +Subject: [PATCH] build: Build and install a Texinfo version of the manual. Take advantage of the Sphinx texinfo backend to generate a QEMU info -manual. The texinfo format allows for more structure and info readers +manual. The Texinfo format allows for more structure and info readers provide more advanced navigation capabilities compared to manpages readers. -* configure (infodir): Add the --infodir option, which allows +* configure (infodir): Add an --infodir option, which allows configuring the directory under which the info manuals are installed. -* docs/index.rst: Include the top level documents to prevent -warnings (treated as errors by sphinx-build). -* Makefile (sphinxdocs-info, $(MANUAL_BUILDDIR)/QEMU.texi)): New targets. -(info): Depend on sphinxdocs-info. -(install-doc): Install the info manual. +* docs/meson.build (texi, info): New targets. + +Signed-off-by: Maxim Cournoyer --- - Makefile | 13 +++++++++++-- - configure | 7 +++++++ - docs/index.rst | 2 ++ - 3 files changed, 20 insertions(+), 2 deletions(-) + configure | 7 ++++++- + docs/meson.build | 21 +++++++++++++++++++++ + meson.build | 2 ++ + 3 files changed, 29 insertions(+), 1 deletion(-) -diff --git a/Makefile b/Makefile -index 13dd708c..da78612d 100644 ---- a/Makefile -+++ b/Makefile -@@ -864,12 +864,14 @@ endef - # Note that we deliberately do not install the "devel" manual: it is - # for QEMU developers, and not interesting to our users. - .PHONY: install-sphinxdocs --install-sphinxdocs: sphinxdocs -+install-sphinxdocs: sphinxdocs sphinxdocs-info - $(call install-manual,interop) - $(call install-manual,specs) - $(call install-manual,system) - $(call install-manual,tools) - $(call install-manual,user) -+ $(INSTALL_DIR) "$(DESTDIR)$(infodir)" -+ $(INSTALL_DATA) $(MANUAL_BUILDDIR)/QEMU.info "$(DESTDIR)$(infodir)" - - install-doc: $(DOCS) install-sphinxdocs - $(INSTALL_DIR) "$(DESTDIR)$(qemu_docdir)" -@@ -1067,6 +1069,13 @@ sphinxdocs: $(MANUAL_BUILDDIR)/devel/index.html \ - $(MANUAL_BUILDDIR)/tools/index.html \ - $(MANUAL_BUILDDIR)/user/index.html - -+# Build the complete info manual. -+.PHONE: sphinxdocs-info -+sphinxdocs-info: $(MANUAL_BUILDDIR)/QEMU.info -+ -+$(MANUAL_BUILDDIR)/QEMU.texi: $(call manual-deps,*) $(wildcard $(SRC_PATH)/docs/*.rst) -+ $(call build-manual,,texinfo) -+ - # Canned command to build a single manual - # Arguments: $1 = manual name, $2 = Sphinx builder ('html' or 'man') - # Note the use of different doctree for each (manual, builder) tuple; -@@ -1126,7 +1135,7 @@ docs/interop/qemu-ga-qapi.texi: qga/qapi-generated/qga-qapi-doc.texi - @cp -p $< $@ - - html: docs/interop/qemu-qmp-ref.html docs/interop/qemu-ga-ref.html sphinxdocs --info: docs/interop/qemu-qmp-ref.info docs/interop/qemu-ga-ref.info -+info: docs/interop/qemu-qmp-ref.info docs/interop/qemu-ga-ref.info sphinxdocs-info - pdf: docs/interop/qemu-qmp-ref.pdf docs/interop/qemu-ga-ref.pdf - txt: docs/interop/qemu-qmp-ref.txt docs/interop/qemu-ga-ref.txt - diff --git a/configure b/configure -index 2acc4d14..3691bd2e 100755 +index 18c26e0389..d1ab2c19d1 100755 --- a/configure +++ b/configure -@@ -415,6 +415,7 @@ LDFLAGS_SHARED="-shared" - modules="no" - module_upgrades="no" - prefix="/usr/local" -+infodir="\${prefix}/share/info" - mandir="\${prefix}/share/man" - datadir="\${prefix}/share" - firmwarepath="\${prefix}/share/qemu-firmware" -@@ -987,6 +988,7 @@ if test "$mingw32" = "yes" ; then - LIBS="-liberty $LIBS" - fi - prefix="c:/Program Files/QEMU" -+ infodir="\${prefix}" - mandir="\${prefix}" - datadir="\${prefix}" - qemu_docdir="\${prefix}" -@@ -1087,6 +1089,8 @@ for opt do +@@ -948,6 +948,8 @@ for opt do static="yes" QEMU_PKG_CONFIG_FLAGS="--static $QEMU_PKG_CONFIG_FLAGS" ;; @@ -93,47 +32,89 @@ index 2acc4d14..3691bd2e 100755 --mandir=*) mandir="$optarg" ;; --bindir=*) bindir="$optarg" -@@ -1780,6 +1784,7 @@ Advanced options (experts only): +@@ -975,7 +977,7 @@ for opt do + --host=*|--build=*|\ + --disable-dependency-tracking|\ + --sbindir=*|--sharedstatedir=*|\ +- --oldincludedir=*|--datarootdir=*|--infodir=*|\ ++ --oldincludedir=*|--datarootdir=*|\ + --htmldir=*|--dvidir=*|--pdfdir=*|--psdir=*) + # These switches are silently ignored, for compatibility with + # autoconf-generated configure scripts. This allows QEMU's +@@ -1540,6 +1542,7 @@ includedir="${includedir:-$prefix/include}" + if test "$mingw32" = "yes" ; then + mandir="$prefix" + datadir="$prefix" ++ infodir="$prefix" + docdir="$prefix" + bindir="$prefix" + sysconfdir="$prefix" +@@ -1547,6 +1550,7 @@ if test "$mingw32" = "yes" ; then + else + mandir="${mandir:-$prefix/share/man}" + datadir="${datadir:-$prefix/share}" ++ infodir="${infodir:-$datadir/info}" + docdir="${docdir:-$prefix/share/doc}" + bindir="${bindir:-$prefix/bin}" + sysconfdir="${sysconfdir:-$prefix/etc}" +@@ -1683,6 +1687,7 @@ Advanced options (experts only): --smbd=SMBD use specified smbd [$smbd] --with-git=GIT use specified git [$git] --static enable static build [$static] + --infodir=PATH install info manual in PATH --mandir=PATH install man pages in PATH - --datadir=PATH install firmware in PATH$confsuffix - --docdir=PATH install documentation in PATH$confsuffix -@@ -6836,6 +6841,7 @@ echo "include directory $(eval echo $includedir)" - echo "config directory $(eval echo $sysconfdir)" - if test "$mingw32" = "no" ; then - echo "local state directory $(eval echo $local_statedir)" -+echo "Info manual directory $(eval echo $infodir)" - echo "Manual directory $(eval echo $mandir)" - echo "ELF interp prefix $interp_prefix" - else -@@ -7059,6 +7065,7 @@ echo "bindir=$bindir" >> $config_host_mak - echo "libdir=$libdir" >> $config_host_mak - echo "libexecdir=$libexecdir" >> $config_host_mak - echo "includedir=$includedir" >> $config_host_mak -+echo "infodir=$infodir" >> $config_host_mak - echo "mandir=$mandir" >> $config_host_mak - echo "sysconfdir=$sysconfdir" >> $config_host_mak - echo "qemu_confdir=$qemu_confdir" >> $config_host_mak -diff --git a/docs/index.rst b/docs/index.rst -index 763e3d04..4f155b51 100644 ---- a/docs/index.rst -+++ b/docs/index.rst -@@ -9,6 +9,7 @@ Welcome to QEMU's documentation! - .. toctree:: - :maxdepth: 2 - :caption: Contents: -+ :glob: + --datadir=PATH install firmware in PATH/$qemu_suffix + --localedir=PATH install translation in PATH/$qemu_suffix +diff --git a/docs/meson.build b/docs/meson.build +index ebd85d59f9..1243839461 100644 +--- a/docs/meson.build ++++ b/docs/meson.build +@@ -114,4 +114,25 @@ if build_docs + alias_target('sphinxdocs', sphinxdocs) + alias_target('html', sphinxdocs) + alias_target('man', sphinxmans) ++ ++ # Generate a Texinfo version of the QEMU manual. ++ makeinfo = find_program(['texi2any', 'makeinfo']) ++ if makeinfo.found() ++ sphinxtexi = custom_target( ++ 'QEMU manual generated texinfo source', ++ output: ['QEMU.texi', 'sphinxtexi.stamp'], ++ depfile: 'sphinxtexi.d', ++ command: [SPHINX_ARGS, '-Ddepfile=@DEPFILE@', ++ '-Ddepfile_stamp=@OUTPUT1@', '-b', 'texinfo', ++ meson.current_source_dir(), meson.current_build_dir()]) ++ sphinxinfo = custom_target( ++ 'QEMU info manual', ++ input: sphinxtexi, ++ output: 'QEMU.info', ++ install: true, ++ install_dir: get_option('infodir'), ++ command: [makeinfo, '@INPUT0@', '--output=@OUTPUT@']) ++ alias_target('texi', sphinxtexi) ++ alias_target('info', sphinxinfo) ++ endif + endif +diff --git a/meson.build b/meson.build +index e3386196ba..d64a125ad9 100644 +--- a/meson.build ++++ b/meson.build +@@ -32,6 +32,7 @@ endif + qemu_confdir = get_option('sysconfdir') / get_option('qemu_suffix') + qemu_datadir = get_option('datadir') / get_option('qemu_suffix') + qemu_docdir = get_option('docdir') / get_option('qemu_suffix') ++qemu_infodir = get_option('infodir') / get_option('qemu_suffix') + qemu_moddir = get_option('libdir') / get_option('qemu_suffix') - system/index - user/index -@@ -16,3 +17,4 @@ Welcome to QEMU's documentation! - interop/index - specs/index - devel/index -+ * + qemu_desktopdir = get_option('datadir') / 'applications' +@@ -1995,6 +1996,7 @@ else + summary_info += {'local state directory': 'queried at runtime'} + endif + summary_info += {'Doc directory': get_option('docdir')} ++summary_info += {'Info directory': get_option('infodir')} + summary_info += {'Build directory': meson.current_build_dir()} + summary_info += {'Source path': meson.current_source_dir()} + summary_info += {'GIT binary': config_host['GIT']} -- -2.28.0 +2.30.1 diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index 98aca1e301..0558861173 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -17,6 +17,7 @@ ;;; Copyright © 2020 Marius Bakke ;;; Copyright © 2020, 2021 Maxim Cournoyer ;;; Copyright © 2020 Brett Gilio +;;; Copyright © 2021 Leo Famulari ;;; ;;; This file is part of GNU Guix. ;;; @@ -80,6 +81,7 @@ #:use-module (gnu packages ncurses) #:use-module (gnu packages nettle) #:use-module (gnu packages networking) + #:use-module (gnu packages ninja) #:use-module (gnu packages onc-rpc) #:use-module (gnu packages package-management) #:use-module (gnu packages perl) @@ -135,7 +137,7 @@ (define-public qemu (package (name "qemu") - (version "5.1.0") + (version "5.2.0") (source (origin (method url-fetch) @@ -143,9 +145,9 @@ version ".tar.xz")) (sha256 (base32 - "1rd41wwlvp0vpialjp2czs6i3lsc338xc72l3zkbb7ixjfslw5y9")) - (patches (search-patches "qemu-build-info-manual.patch" - "qemu-CVE-2021-20203.patch")) + "1g0pvx4qbirpcn9mni704y03n3lvkmw2c0rbcwvydyr8ns4xh66b")) + (patches (search-patches "qemu-CVE-2021-20203.patch" + "qemu-build-info-manual.patch")) (modules '((guix build utils))) (snippet '(begin @@ -161,7 +163,7 @@ (("^([[:blank:]]*)target_ifreq_size[[:blank:]]=.*$" _ indent) (string-append indent "target_ifreq_size = " "thunk_type_size(ifreq_max_type, 0);"))))))) - (outputs '("out" "static" "doc")) ;4.7 MiB of HTML docs + (outputs '("out" "static" "doc")) ;5.3 MiB of HTML docs (build-system gnu-build-system) (arguments ;; FIXME: Disable tests on i686 to work around @@ -214,33 +216,37 @@ (string-append match "9"))))) (add-after 'unpack 'disable-unusable-tests (lambda _ - (substitute* "tests/Makefile.include" + (substitute* "tests/meson.build" ;; Comment out the test-qga test, which needs /sys and ;; fails within the build environment. - (("check-unit-.* tests/test-qga" all) + (("tests.*test-qga.*$" all) (string-append "# " all)) ;; Comment out the test-char test, which needs networking and ;; fails within the build environment. (("check-unit-.* tests/test-char" all) - (string-append "# " all))) - (substitute* "tests/qtest/Makefile.include" - ;; Disable the following test, which triggers a crash on some - ;; x86 CPUs (see https://issues.guix.info/43048 and - ;; https://bugs.launchpad.net/qemu/+bug/1896263). - (("check-qtest-i386-y \\+= bios-tables-test" all) (string-append "# " all))))) - (add-after 'unpack 'patch-test-shebangs - (lambda _ - (substitute* "tests/qemu-iotests/check" - (("#!/usr/bin/env python3") - (string-append "#!" (which "python3")))))) - (add-after 'patch-source-shebangs 'patch-/bin/sh-references + (add-after 'patch-source-shebangs 'patch-embedded-shebangs (lambda _ ;; Ensure the executables created by these source files reference ;; /bin/sh from the store so they work inside the build container. (substitute* '("block/cloop.c" "migration/exec.c" "net/tap.c" "tests/qtest/libqtest.c") - (("/bin/sh") (which "sh"))))) + (("/bin/sh") (which "sh"))) + (substitute* "Makefile" + (("SHELL = /usr/bin/env bash -o pipefail") + "SHELL = bash -o pipefail")) + (substitute* "tests/qemu-iotests/check" + (("#!/usr/bin/env python3") + (string-append "#!" (which "python3")))))) + (add-before 'configure 'fix-optionrom-makefile + (lambda _ + ;; Work around the inability of the rules defined in this + ;; Makefile to locate the firmware files (e.g.: No rule to make + ;; target 'multiboot.bin') by extending the VPATH. + (substitute* "pc-bios/optionrom/Makefile" + (("^VPATH = \\$\\(SRC_DIR\\)") + "VPATH = $(SRC_DIR):$(TOPSRC_DIR)/pc-bios")))) + ;; XXX ./configure is being re-run at beginning of build phase... (replace 'configure (lambda* (#:key inputs outputs configure-flags #:allow-other-keys) ;; The `configure' script doesn't understand some of the @@ -249,7 +255,7 @@ (setenv "SHELL" (which "bash")) ;; Ensure config.status gets the correct shebang off the bat. ;; The build system gets confused if we change it later and - ;; attempts to re-run the whole configury, and fails. + ;; attempts to re-run the whole configuration, and fails. (substitute* "configure" (("#!/bin/sh") (string-append "#!" (which "sh")))) @@ -288,7 +294,7 @@ (bin (string-append static "/bin"))) (with-directory-excursion "../user-static" (for-each (cut install-file <> bin) - (append-map (cut find-files <> "^qemu-") + (append-map (cut find-files <> "^qemu-" #:stat stat) (scandir "." (cut string-suffix? "-linux-user" <>)))))))) @@ -345,6 +351,7 @@ exec smbd $@"))) ("perl" ,perl) ("flex" ,flex) ("bison" ,bison) + ("ninja" ,ninja) ("pkg-config" ,pkg-config) ("python-wrapper" ,python-wrapper) ("python-sphinx" ,python-sphinx) -- cgit v1.2.3 From 109f58444beecd1b9b7c502f2a687a6b91c62dc0 Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Tue, 16 Mar 2021 12:03:12 -0400 Subject: gnu: mpg321: Fix CVE-2019-14247. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/patches/mpg321-CVE-2019-14247.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/mp3.scm (mpg321)[source]: Apply it. Signed-off-by: Léo Le Bouter Signed-off-by: Leo Famulari --- gnu/local.mk | 1 + gnu/packages/mp3.scm | 4 +++- gnu/packages/patches/mpg321-CVE-2019-14247.patch | 23 +++++++++++++++++++++++ 3 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/mpg321-CVE-2019-14247.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index cf8849cf59..abb1e2140d 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1404,6 +1404,7 @@ dist_patch_DATA = \ %D%/packages/patches/mit-krb5-hurd.patch \ %D%/packages/patches/mit-krb5-qualify-short-hostnames.patch \ %D%/packages/patches/mpc123-initialize-ao.patch \ + %D%/packages/patches/mpg321-CVE-2019-14247.patch \ %D%/packages/patches/module-init-tools-moduledir.patch \ %D%/packages/patches/monero-use-system-miniupnpc.patch \ %D%/packages/patches/mono-mdoc-timestamping.patch \ diff --git a/gnu/packages/mp3.scm b/gnu/packages/mp3.scm index 34390d3696..dba3e17558 100644 --- a/gnu/packages/mp3.scm +++ b/gnu/packages/mp3.scm @@ -408,7 +408,9 @@ command-line tool as well as a C library, libmpg123.") version "/mpg321-" version ".tar.gz")) (sha256 (base32 - "0ki8mh76bbmdh77qsiw682dvi8y468yhbdabqwg05igmwc1wqvq5")))) + "0ki8mh76bbmdh77qsiw682dvi8y468yhbdabqwg05igmwc1wqvq5")) + (patches + (search-patches "mpg321-CVE-2019-14247.patch")))) (build-system gnu-build-system) (arguments '(#:configure-flags '("--disable-alsa"))) (inputs diff --git a/gnu/packages/patches/mpg321-CVE-2019-14247.patch b/gnu/packages/patches/mpg321-CVE-2019-14247.patch new file mode 100644 index 0000000000..03afaccc67 --- /dev/null +++ b/gnu/packages/patches/mpg321-CVE-2019-14247.patch @@ -0,0 +1,23 @@ +This patch was downloaded from https://sourceforge.net/p/mpg321/bugs/51/ and +fixes CVE-2019-14247. + +Description: Handle illegal bitrate value +Author: Chrysostomos Nanakos +Bug-Debian: https://bugs.debian.org/870406 +Bug-Debian: https://bugs.debian.org/887057 + +--- mpg321-0.3.2.orig/mad.c ++++ mpg321-0.3.2/mad.c +@@ -574,6 +574,12 @@ void scan(void const *ptr, ssize_t len, + + if (!is_vbr) + { ++ if (header.bitrate <= 0) ++ { ++ fprintf(stderr, "Illegal bit allocation value\n"); ++ return; ++ } ++ + double time = (len * 8.0) / (header.bitrate); /* time in seconds */ + double timefrac = (double)time - ((long)(time)); + long nsamples = 32 * MAD_NSBSAMPLES(&header); /* samples per frame */ -- cgit v1.2.3 From 1155a88308df7649fe74bd5bb8279a4d103ce386 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Fri, 19 Mar 2021 00:13:42 +0100 Subject: gnu: ungoogled-chromium: Update to 89.0.4389.90-1. * gnu/packages/patches/ungoogled-chromium-system-opus.patch: New file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/chromium.scm (%preserved-third-party-files): Adjust for 89. (%chromium-version): Remove variable. (%ungoogled-revision): Set to 89.0.4389.90-1. (%ungoogled-origin): Conditionally set file name based on commit/tag. (%guix-patches): Add the new file. (libvpx/chromium): Update to 1.9.0-104-gb5d77a48d. (ungoogled-chromium)[version]: Use %UNGOOGLED-REVISION. [source]: Update hash. [arguments]: Adjust #:configure-flags for build system changes. Don't build with external WebRTC SSL library. Remove obsolete substitution. [inputs]: Remove OPENSSL. Change from PIPEWIRE to PIPEWIRE-0.3. --- gnu/local.mk | 1 + gnu/packages/chromium.scm | 64 +++++++++------------- .../patches/ungoogled-chromium-system-opus.patch | 27 +++++++++ 3 files changed, 55 insertions(+), 37 deletions(-) create mode 100644 gnu/packages/patches/ungoogled-chromium-system-opus.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 0422beac82..afd9c17f9c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1725,6 +1725,7 @@ dist_patch_DATA = \ %D%/packages/patches/udiskie-no-appindicator.patch \ %D%/packages/patches/ungoogled-chromium-extension-search-path.patch \ %D%/packages/patches/ungoogled-chromium-system-nspr.patch \ + %D%/packages/patches/ungoogled-chromium-system-opus.patch \ %D%/packages/patches/unison-fix-ocaml-4.08.patch \ %D%/packages/patches/unknown-horizons-python-3.8-distro.patch \ %D%/packages/patches/unzip-CVE-2014-8139.patch \ diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm index b81a773c3d..de7c887061 100644 --- a/gnu/packages/chromium.scm +++ b/gnu/packages/chromium.scm @@ -65,7 +65,6 @@ #:use-module (gnu packages regex) #:use-module (gnu packages serialization) #:use-module (gnu packages speech) - #:use-module (gnu packages tls) #:use-module (gnu packages valgrind) #:use-module (gnu packages vulkan) #:use-module (gnu packages video) @@ -96,7 +95,6 @@ "net/third_party/quiche" ;BSD-3 "net/third_party/uri_template" ;ASL2.0 "third_party/abseil-cpp" ;ASL2.0 - "third_party/adobe/flash/flapper_version.h" ;no license, trivial "third_party/angle" ;BSD-3 "third_party/angle/src/common/third_party/base" ;BSD-3 "third_party/angle/src/common/third_party/smhasher" ;Public domain @@ -105,10 +103,6 @@ "third_party/angle/src/third_party/libXNVCtrl" ;Expat "third_party/angle/src/third_party/trace_event" ;BSD-3 "third_party/angle/src/third_party/volk" ;Expat - "third_party/angle/third_party/vulkan-headers" ;ASL2.0 - "third_party/angle/third_party/vulkan-loader" ;ASL2.0 - "third_party/angle/third_party/vulkan-tools" ;ASL2.0 - "third_party/angle/third_party/vulkan-validation-layers" ;ASL2.0 "third_party/apple_apsl" ;APSL2.0 "third_party/axe-core" ;MPL2.0 "third_party/blink" ;BSD-3, LGPL2+ @@ -161,7 +155,6 @@ "third_party/emoji-segmenter" ;ASL2.0 "third_party/flatbuffers" ;ASL2.0 "third_party/fusejs" ;ASL2.0 - "third_party/glslang" ;BSD-3, Expat, ASL2.0 "third_party/google_input_tools" ;ASL2.0 "third_party/google_input_tools/third_party/closure_library" ;ASL2.0 "third_party/google_input_tools/third_party/closure_library/third_party/closure" ;Expat @@ -189,6 +182,8 @@ "third_party/libsrtp" ;BSD-3 "third_party/libsync" ;ASL2.0 "third_party/libudev" ;LGPL2.1+ + "third_party/liburlpattern" ;Expat + "third_party/libva_protected_content" ;Expat ;; FIXME: build/linux/unbundle/libvpx.gn does not work for all users. "third_party/libvpx" ;BSD-3 @@ -203,6 +198,7 @@ "third_party/markupsafe" ;BSD-3 "third_party/mesa_headers" ;Expat, SGI "third_party/metrics_proto" ;BSD-3 + "third_party/minigbm" ;BSD-3 "third_party/modp_b64" ;BSD-3 "third_party/nasm" ;BSD-2 "third_party/nearby" ;ASL2.0 @@ -220,7 +216,8 @@ "third_party/pdfium/third_party/skia_shared" ;BSD-3 "third_party/pdfium/third_party/freetype/include/pstables.h" ;FreeType "third_party/perfetto" ;ASL2.0 - "third_party/pffft" ;the "FFTPACK" license, similar to BSD-3 + "third_party/perfetto/protos/third_party/chromium" ;BSD-3 + "third_party/pffft" ;the "FFTPACK" license "third_party/ply" ;BSD-3 "third_party/polymer" ;BSD-3 "third_party/private_membership" ;ASL2.0 @@ -236,7 +233,6 @@ "third_party/s2cellid" ;ASL2.0 "third_party/schema_org" ;CC-BY-SA3.0 "third_party/securemessage" ;ASL2.0 - "third_party/shaka-player" ;ASL2.0 "third_party/shell-encryption" ;ASL2.0 "third_party/skia" ;BSD-3 "third_party/skia/include/third_party/skcms" ;BSD-3 @@ -244,8 +240,6 @@ "third_party/skia/third_party/vulkanmemoryallocator" ;BSD-3, Expat "third_party/smhasher" ;Expat, public domain "third_party/speech-dispatcher" ;GPL2+ - "third_party/spirv-headers" ;ASL2.0 - "third_party/SPIRV-Tools" ;ASL2.0 "third_party/sqlite" ;Public domain "third_party/swiftshader" ;ASL2.0 "third_party/swiftshader/third_party/astc-encoder" ;ASL2.0 @@ -258,6 +252,7 @@ "third_party/ukey2" ;ASL2.0 "third_party/usb_ids" ;BSD-3 "third_party/usrsctp" ;BSD-2 + "third_party/vulkan-deps" ;ASL2.0, BSD-3, Expat "third_party/vulkan_memory_allocator" ;Expat "third_party/wayland/protocol" ;Expat "third_party/wayland/stubs" ;BSD-3, Expat @@ -310,8 +305,7 @@ (string-append "ungoogled-chromium-" category "-" name)))) (sha256 (base32 hash)))) -(define %chromium-version "88.0.4324.182") -(define %ungoogled-revision "b98f2d51406c84a75df96f0da9dee3c0d790963d") +(define %ungoogled-revision "89.0.4389.90-1") (define %debian-revision "debian/84.0.4147.105-1") (define %debian-patches @@ -326,15 +320,20 @@ (uri (git-reference (url "https://github.com/Eloston/ungoogled-chromium") (commit %ungoogled-revision))) (file-name (git-file-name "ungoogled-chromium" - (string-take %ungoogled-revision 7))) + (if (= 40 (string-length %ungoogled-revision)) + (string-take %ungoogled-revision 7) + %ungoogled-revision))) (sha256 (base32 - "1c9y1dn9s06pskkjw2r8lsbplak8m2rwh4drixvjpif7b4cgdhay")))) + "0pr756d1b4wc67d61b21yszi7mx1hsjy14i44j0kvcwm05pgnf79")))) (define %guix-patches (list (local-file (assume-valid-file-name (search-patch "ungoogled-chromium-system-nspr.patch"))) + (local-file + (assume-valid-file-name + (search-patch "ungoogled-chromium-system-opus.patch"))) (local-file (assume-valid-file-name (search-patch "ungoogled-chromium-extension-search-path.patch"))))) @@ -418,7 +417,7 @@ (define libvpx/chromium (package (inherit libvpx) - (version "1.9.0-88-g12059d956") + (version "1.9.0-104-gb5d77a48d") (source (origin (inherit (package-source libvpx)) (uri (git-reference @@ -427,7 +426,7 @@ (file-name (git-file-name "libvpx" version)) (sha256 (base32 - "14knnvfaskfz97vs3lfqrdpcbcx22s6qp16213wdnvnsf4c1lx1b")))))) + "07nkpx8myw5nd4bkaj6l4wr5ipk2c6lg9cwirz0i5qbr659051rk")))))) ;; 'make-ld-wrapper' can only work with an 'ld' executable, so we need ;; this trick to make it wrap 'lld'. @@ -457,17 +456,17 @@ (define-public ungoogled-chromium (package (name "ungoogled-chromium") - (version (string-append %chromium-version "-0." - (string-take %ungoogled-revision 7))) + (version %ungoogled-revision) (synopsis "Graphical web browser") (source (origin (method url-fetch) (uri (string-append "https://commondatastorage.googleapis.com" "/chromium-browser-official/chromium-" - %chromium-version ".tar.xz")) + (string-drop-right %ungoogled-revision 2) + ".tar.xz")) (sha256 (base32 - "10av060ix6lgsvv99lyvyy03r0m3zwdg4hddbi6dycrdxk1iyh9h")) + "16i7bgk2jbcqs2p28nk5mlf0k6wah594pcsfm8b154nxbyf0iihi")) (modules '((guix build utils))) (snippet (force ungoogled-chromium-snippet)))) (build-system gnu-build-system) @@ -488,9 +487,6 @@ ;; Use the "official" release optimizations, as opposed to ;; a developer build. "is_official_build=true" - (string-append "max_jobs_per_link=" - ;; Respect the default cap of 8 jobs. - (number->string (min 8 (parallel-job-count)))) "clang_use_chrome_plugins=false" "chrome_pgo_phase=0" "use_sysroot=false" @@ -533,7 +529,6 @@ "use_system_zlib=true" "use_gnome_keyring=false" ;deprecated by libsecret - "use_openh264=true" "use_pulseaudio=true" "link_pulseaudio=true" "icu_use_data_file=false" @@ -548,6 +543,10 @@ '("use_vaapi=true") '()) + "media_use_ffmpeg=true" + "media_use_libvpx=true" + "media_use_openh264=true" + ;; Do not artifically restrict formats supported by system ffmpeg. "proprietary_codecs=true" "ffmpeg_branding=\"Chrome\"" @@ -556,17 +555,15 @@ "rtc_use_h264=true" "rtc_use_pipewire=true" "rtc_link_pipewire=true" + "rtc_pipewire_version=\"0.3\"" ;; Don't use bundled sources. "rtc_build_json=true" ;FIXME: libc++ std::string ABI difference "rtc_build_libevent=false" "rtc_build_libvpx=false" "rtc_build_opus=false" - "rtc_build_ssl=false" "rtc_build_libsrtp=true" ;FIXME: fails to find headers "rtc_build_usrsctp=true" ;TODO: package this - (string-append "rtc_ssl_root=\"" - (assoc-ref %build-inputs "openssl") - "/include/openssl\"")) + "rtc_build_ssl=true") ;XXX: the bundled BoringSSL is required? #:phases (modify-phases %standard-phases (add-after 'unpack 'patch-stuff @@ -604,12 +601,6 @@ (("third_party/icu/source/(common|i18n)/") "")) - ;; Fix faulty ICU call. Likely fixed in M89. - (substitute* - "third_party/blink/renderer/platform/wtf/text/text_codec_icu.cc" - (("ideographicSpaceCharacter") - "kIdeographicSpaceCharacter")) - ;; XXX: Should be unnecessary when use_system_lcms2=true. (substitute* "third_party/pdfium/core/fxcodec/icc/iccmodule.h" (("include \"third_party/lcms/include/lcms2\\.h\"") @@ -865,11 +856,10 @@ ("nss" ,nss) ("openh264" ,openh264) ("openjpeg" ,openjpeg) ;PDFium only - ("openssl" ,openssl) ("opus" ,opus+custom) ("pango" ,pango) ("pciutils" ,pciutils) - ("pipewire" ,pipewire) + ("pipewire" ,pipewire-0.3) ("pulseaudio" ,pulseaudio) ("snappy" ,snappy) ("speech-dispatcher" ,speech-dispatcher) diff --git a/gnu/packages/patches/ungoogled-chromium-system-opus.patch b/gnu/packages/patches/ungoogled-chromium-system-opus.patch new file mode 100644 index 0000000000..6f887a31a4 --- /dev/null +++ b/gnu/packages/patches/ungoogled-chromium-system-opus.patch @@ -0,0 +1,27 @@ +Add missing build dependency on Opus so that system headers are found. + +Taken from upstream: +https://chromium-review.googlesource.com/c/chromium/src/+/2644623 + +diff --git a/third_party/blink/renderer/modules/webcodecs/BUILD.gn b/third_party/blink/renderer/modules/webcodecs/BUILD.gn +--- a/third_party/blink/renderer/modules/webcodecs/BUILD.gn ++++ b/third_party/blink/renderer/modules/webcodecs/BUILD.gn +@@ -65,6 +65,7 @@ blink_modules_sources("webcodecs") { + "//media/mojo/clients", + "//media/mojo/mojom", + "//third_party/libyuv:libyuv", ++ "//third_party/opus", + ] + if (media_use_openh264) { + deps += [ "//third_party/openh264:encoder" ] +diff --git a/third_party/blink/renderer/modules/webcodecs/DEPS b/third_party/blink/renderer/modules/webcodecs/DEPS +--- a/third_party/blink/renderer/modules/webcodecs/DEPS ++++ b/third_party/blink/renderer/modules/webcodecs/DEPS +@@ -19,6 +19,7 @@ include_rules = [ + + "+third_party/libyuv", + "+third_party/openh264", ++ "+third_party/opus", + + "+ui/gfx/color_space.h", + "+ui/gfx/geometry/rect.h", -- cgit v1.2.3 From 572528e7ddcf6af213c78e70eb60953a82b96a96 Mon Sep 17 00:00:00 2001 From: Léo Le Bouter Date: Fri, 19 Mar 2021 11:56:38 +0100 Subject: gnu: busybox: Fix CVE-2021-28831. * gnu/packages/patches/busybox-CVE-2021-28831.patch: New patch. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/busybox.scm (busybox): Apply it. --- gnu/local.mk | 1 + gnu/packages/busybox.scm | 3 +- gnu/packages/patches/busybox-CVE-2021-28831.patch | 57 +++++++++++++++++++++++ 3 files changed, 60 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/busybox-CVE-2021-28831.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index afd9c17f9c..8325c071bd 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -872,6 +872,7 @@ dist_patch_DATA = \ %D%/packages/patches/blender-2.79-python-3.7-fix.patch \ %D%/packages/patches/blender-2.79-python-3.8-fix.patch \ %D%/packages/patches/bpftrace-disable-bfd-disasm.patch \ + %D%/packages/patches/busybox-CVE-2021-28831.patch \ %D%/packages/patches/byobu-writable-status.patch \ %D%/packages/patches/cairo-CVE-2018-19876.patch \ %D%/packages/patches/cairo-CVE-2020-35492.patch \ diff --git a/gnu/packages/busybox.scm b/gnu/packages/busybox.scm index 5af67e084d..17c90c3c65 100644 --- a/gnu/packages/busybox.scm +++ b/gnu/packages/busybox.scm @@ -41,7 +41,8 @@ version ".tar.bz2")) (sha256 (base32 - "1vhd59qmrdyrr1q7rvxmyl96z192mxl089hi87yl0hcp6fyw8mwx")))) + "1vhd59qmrdyrr1q7rvxmyl96z192mxl089hi87yl0hcp6fyw8mwx")) + (patches (search-patches "busybox-CVE-2021-28831.patch")))) (build-system gnu-build-system) (arguments '(#:phases diff --git a/gnu/packages/patches/busybox-CVE-2021-28831.patch b/gnu/packages/patches/busybox-CVE-2021-28831.patch new file mode 100644 index 0000000000..da3107fbb1 --- /dev/null +++ b/gnu/packages/patches/busybox-CVE-2021-28831.patch @@ -0,0 +1,57 @@ +From f25d254dfd4243698c31a4f3153d4ac72aa9e9bd Mon Sep 17 00:00:00 2001 +From: Samuel Sapalski +Date: Wed, 3 Mar 2021 16:31:22 +0100 +Subject: decompress_gunzip: Fix DoS if gzip is corrupt + +On certain corrupt gzip files, huft_build will set the error bit on +the result pointer. If afterwards abort_unzip is called huft_free +might run into a segmentation fault or an invalid pointer to +free(p). + +In order to mitigate this, we check in huft_free if the error bit +is set and clear it before the linked list is freed. + +Signed-off-by: Samuel Sapalski +Signed-off-by: Peter Kaestle +Signed-off-by: Denys Vlasenko +--- + archival/libarchive/decompress_gunzip.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c +index eb3b64930..e93cd5005 100644 +--- a/archival/libarchive/decompress_gunzip.c ++++ b/archival/libarchive/decompress_gunzip.c +@@ -220,10 +220,20 @@ static const uint8_t border[] ALIGN1 = { + * each table. + * t: table to free + */ ++#define BAD_HUFT(p) ((uintptr_t)(p) & 1) ++#define ERR_RET ((huft_t*)(uintptr_t)1) + static void huft_free(huft_t *p) + { + huft_t *q; + ++ /* ++ * If 'p' has the error bit set we have to clear it, otherwise we might run ++ * into a segmentation fault or an invalid pointer to free(p) ++ */ ++ if (BAD_HUFT(p)) { ++ p = (huft_t*)((uintptr_t)(p) ^ (uintptr_t)(ERR_RET)); ++ } ++ + /* Go through linked list, freeing from the malloced (t[-1]) address. */ + while (p) { + q = (--p)->v.t; +@@ -289,8 +299,6 @@ static unsigned fill_bitbuffer(STATE_PARAM unsigned bitbuffer, unsigned *current + * or a valid pointer to a Huffman table, ORed with 0x1 if incompete table + * is given: "fixed inflate" decoder feeds us such data. + */ +-#define BAD_HUFT(p) ((uintptr_t)(p) & 1) +-#define ERR_RET ((huft_t*)(uintptr_t)1) + static huft_t* huft_build(const unsigned *b, const unsigned n, + const unsigned s, const struct cp_ext *cp_ext, + unsigned *m) +-- +cgit v1.2.1 + -- cgit v1.2.3 From c4d616f7c665921e1329c75cd2d0cf05094b1306 Mon Sep 17 00:00:00 2001 From: Greg Hogan Date: Mon, 1 Feb 2021 14:01:11 +0000 Subject: gnu: abseil-cpp: Update to 20200923.3. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/cpp.scm (abseil-cpp): Update to 20200923.3. [arguments]: Enable external googletest. * gnu/packages/patches/abseil-cpp-fix.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 1 + gnu/packages/cpp.scm | 7 +++++-- gnu/packages/patches/abseil-cpp-fix.patch | 16 ++++++++++++++++ 3 files changed, 22 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/abseil-cpp-fix.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 8325c071bd..c4535daae9 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -786,6 +786,7 @@ dist_patch_DATA = \ %D%/packages/patches/abcl-fix-build-xml.patch \ %D%/packages/patches/ableton-link-system-libraries-debian.patch \ %D%/packages/patches/abiword-explictly-cast-bools.patch \ + %D%/packages/patches/abseil-cpp-fix.patch \ %D%/packages/patches/adb-add-libraries.patch \ %D%/packages/patches/aegis-constness-error.patch \ %D%/packages/patches/aegis-perl-tempdir1.patch \ diff --git a/gnu/packages/cpp.scm b/gnu/packages/cpp.scm index 02a82091b8..ba361ba5ca 100644 --- a/gnu/packages/cpp.scm +++ b/gnu/packages/cpp.scm @@ -678,7 +678,7 @@ point and then, after each tween step, plugging back the result.") (define-public abseil-cpp (package (name "abseil-cpp") - (version "20200225.2") + (version "20200923.3") (source (origin (method git-fetch) (uri (git-reference @@ -687,11 +687,14 @@ point and then, after each tween step, plugging back the result.") (file-name (git-file-name name version)) (sha256 (base32 - "0dwxg54pv6ihphbia0iw65r64whd7v8nm4wwhcz219642cgpv54y")))) + "1p4djhm1f011ficbjjxx3n8428p8481p20j4glpaawnpsi362hkl")) + ;; Remove after next googletest release and update. + (patches (search-patches "abseil-cpp-fix.patch")))) (build-system cmake-build-system) (arguments `(#:configure-flags (list "-DBUILD_SHARED_LIBS=ON" "-DABSL_RUN_TESTS=ON" + "-DABSL_USE_EXTERNAL_GOOGLETEST=ON" ;; Needed, else we get errors like: ;; ;; ld: CMakeFiles/absl_periodic_sampler_test.dir/internal/periodic_sampler_test.cc.o: diff --git a/gnu/packages/patches/abseil-cpp-fix.patch b/gnu/packages/patches/abseil-cpp-fix.patch new file mode 100644 index 0000000000..38971448f3 --- /dev/null +++ b/gnu/packages/patches/abseil-cpp-fix.patch @@ -0,0 +1,16 @@ +The GTEST_ALLOW_UNINSTANTIATED_PARAMTERIZED_TEST macro was added to googletest +in commit 0b024bd9 on master. It has been used in an abseil-cpp release before +a googletest release. + +--- a/absl/container/internal/unordered_map_modifiers_test.h ++++ b/absl/container/internal/unordered_map_modifiers_test.h +@@ -286,7 +286,9 @@ class UniquePtrModifiersTest : public ::testing::Test { + } + }; + ++#ifdef GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST + GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(UniquePtrModifiersTest); ++#endif + + TYPED_TEST_SUITE_P(UniquePtrModifiersTest); + -- cgit v1.2.3 From 6457985e39d794c0f44d953d475aa19c41025d00 Mon Sep 17 00:00:00 2001 From: Greg Hogan Date: Thu, 11 Mar 2021 20:53:15 +0000 Subject: gnu: abseil-cpp: Patch sterror_test. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/patches/abseil-cpp-fix-gtest.patch: Renamed file. * gnu/packages/patches/abseil-cpp-fix-strerror_test.patch: New file. * gnu/local.mk (dist_patch_DATA): Rename / add files. * gnu/packages/cpp.scm (abseil-cpp)[source]: Use files. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 3 +- gnu/packages/cpp.scm | 5 ++- gnu/packages/patches/abseil-cpp-fix-gtest.patch | 16 +++++++++ .../patches/abseil-cpp-fix-strerror_test.patch | 42 ++++++++++++++++++++++ gnu/packages/patches/abseil-cpp-fix.patch | 16 --------- 5 files changed, 64 insertions(+), 18 deletions(-) create mode 100644 gnu/packages/patches/abseil-cpp-fix-gtest.patch create mode 100644 gnu/packages/patches/abseil-cpp-fix-strerror_test.patch delete mode 100644 gnu/packages/patches/abseil-cpp-fix.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index c4535daae9..3d4147a879 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -786,7 +786,8 @@ dist_patch_DATA = \ %D%/packages/patches/abcl-fix-build-xml.patch \ %D%/packages/patches/ableton-link-system-libraries-debian.patch \ %D%/packages/patches/abiword-explictly-cast-bools.patch \ - %D%/packages/patches/abseil-cpp-fix.patch \ + %D%/packages/patches/abseil-cpp-fix-gtest.patch \ + %D%/packages/patches/abseil-cpp-fix-strerror_test.patch \ %D%/packages/patches/adb-add-libraries.patch \ %D%/packages/patches/aegis-constness-error.patch \ %D%/packages/patches/aegis-perl-tempdir1.patch \ diff --git a/gnu/packages/cpp.scm b/gnu/packages/cpp.scm index ba361ba5ca..2233d2e993 100644 --- a/gnu/packages/cpp.scm +++ b/gnu/packages/cpp.scm @@ -689,7 +689,10 @@ point and then, after each tween step, plugging back the result.") (base32 "1p4djhm1f011ficbjjxx3n8428p8481p20j4glpaawnpsi362hkl")) ;; Remove after next googletest release and update. - (patches (search-patches "abseil-cpp-fix.patch")))) + (patches + (search-patches + "abseil-cpp-fix-gtest.patch" + "abseil-cpp-fix-strerror_test.patch")))) (build-system cmake-build-system) (arguments `(#:configure-flags (list "-DBUILD_SHARED_LIBS=ON" diff --git a/gnu/packages/patches/abseil-cpp-fix-gtest.patch b/gnu/packages/patches/abseil-cpp-fix-gtest.patch new file mode 100644 index 0000000000..38971448f3 --- /dev/null +++ b/gnu/packages/patches/abseil-cpp-fix-gtest.patch @@ -0,0 +1,16 @@ +The GTEST_ALLOW_UNINSTANTIATED_PARAMTERIZED_TEST macro was added to googletest +in commit 0b024bd9 on master. It has been used in an abseil-cpp release before +a googletest release. + +--- a/absl/container/internal/unordered_map_modifiers_test.h ++++ b/absl/container/internal/unordered_map_modifiers_test.h +@@ -286,7 +286,9 @@ class UniquePtrModifiersTest : public ::testing::Test { + } + }; + ++#ifdef GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST + GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(UniquePtrModifiersTest); ++#endif + + TYPED_TEST_SUITE_P(UniquePtrModifiersTest); + diff --git a/gnu/packages/patches/abseil-cpp-fix-strerror_test.patch b/gnu/packages/patches/abseil-cpp-fix-strerror_test.patch new file mode 100644 index 0000000000..726149b015 --- /dev/null +++ b/gnu/packages/patches/abseil-cpp-fix-strerror_test.patch @@ -0,0 +1,42 @@ +From e2b1bab19a782cb62bb010d1c2925ab7314fb113 Mon Sep 17 00:00:00 2001 +diff --git a/absl/base/internal/strerror.cc b/absl/base/internal/strerror.cc +index d66ba120..0d6226fd 100644 +--- a/absl/base/internal/strerror.cc ++++ b/absl/base/internal/strerror.cc +@@ -51,7 +51,6 @@ const char* StrErrorAdaptor(int errnum, char* buf, size_t buflen) { + } + + std::string StrErrorInternal(int errnum) { +- absl::base_internal::ErrnoSaver errno_saver; + char buf[100]; + const char* str = StrErrorAdaptor(errnum, buf, sizeof buf); + if (*str == '\0') { +@@ -76,6 +75,7 @@ std::array* NewStrErrorTable() { + } // namespace + + std::string StrError(int errnum) { ++ absl::base_internal::ErrnoSaver errno_saver; + static const auto* table = NewStrErrorTable(); + if (errnum >= 0 && errnum < static_cast(table->size())) { + return (*table)[errnum]; +diff --git a/absl/base/internal/strerror_test.cc b/absl/base/internal/strerror_test.cc +index a53da97f..e32d5b5c 100644 +--- a/absl/base/internal/strerror_test.cc ++++ b/absl/base/internal/strerror_test.cc +@@ -62,12 +62,14 @@ TEST(StrErrorTest, MultipleThreads) { + ++counter; + errno = ERANGE; + const std::string value = absl::base_internal::StrError(i); ++ // EXPECT_* could change errno. Stash it first. ++ int check_err = errno; ++ EXPECT_THAT(check_err, Eq(ERANGE)); + // Only the GNU implementation is guaranteed to provide the + // string "Unknown error nnn". POSIX doesn't say anything. + if (!absl::StartsWith(value, "Unknown error ")) { +- EXPECT_THAT(absl::base_internal::StrError(i), Eq(expected_strings[i])); ++ EXPECT_THAT(value, Eq(expected_strings[i])); + } +- EXPECT_THAT(errno, Eq(ERANGE)); + } + }; + diff --git a/gnu/packages/patches/abseil-cpp-fix.patch b/gnu/packages/patches/abseil-cpp-fix.patch deleted file mode 100644 index 38971448f3..0000000000 --- a/gnu/packages/patches/abseil-cpp-fix.patch +++ /dev/null @@ -1,16 +0,0 @@ -The GTEST_ALLOW_UNINSTANTIATED_PARAMTERIZED_TEST macro was added to googletest -in commit 0b024bd9 on master. It has been used in an abseil-cpp release before -a googletest release. - ---- a/absl/container/internal/unordered_map_modifiers_test.h -+++ b/absl/container/internal/unordered_map_modifiers_test.h -@@ -286,7 +286,9 @@ class UniquePtrModifiersTest : public ::testing::Test { - } - }; - -+#ifdef GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST - GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(UniquePtrModifiersTest); -+#endif - - TYPED_TEST_SUITE_P(UniquePtrModifiersTest); - -- cgit v1.2.3 From f119612d6457f61ad8017a22f300d3cd55f13710 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Tue, 23 Mar 2021 13:05:39 +0100 Subject: gnu: cgal: Update to 5.2.1. * gnu/packages/graphics.scm (cgal): Update to 5.2.1. [source]: Remove patch. * gnu/packages/patches/cgal-security-pr-5371.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/graphics.scm | 6 +- gnu/packages/patches/cgal-security-pr-5371.patch | 1611 ---------------------- 3 files changed, 2 insertions(+), 1616 deletions(-) delete mode 100644 gnu/packages/patches/cgal-security-pr-5371.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 3d4147a879..5c5555069e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -887,7 +887,6 @@ dist_patch_DATA = \ %D%/packages/patches/cdparanoia-fpic.patch \ %D%/packages/patches/cdrtools-3.01-mkisofs-isoinfo.patch \ %D%/packages/patches/ceph-disable-cpu-optimizations.patch \ - %D%/packages/patches/cgal-security-pr-5371.patch \ %D%/packages/patches/chmlib-inttypes.patch \ %D%/packages/patches/cl-asdf-config-directories.patch \ %D%/packages/patches/clamav-config-llvm-libs.patch \ diff --git a/gnu/packages/graphics.scm b/gnu/packages/graphics.scm index db04b93f20..4a301d387a 100644 --- a/gnu/packages/graphics.scm +++ b/gnu/packages/graphics.scm @@ -718,7 +718,7 @@ more.") (define-public cgal (package (name "cgal") - (version "5.2") + (version "5.2.1") (source (origin (method url-fetch) (uri (string-append @@ -726,9 +726,7 @@ more.") "/CGAL-" version ".tar.xz")) (sha256 (base32 - "08sr2k2dm4zasfbvisqpvs6djqw3rywzwpzr701an870nvnqck3l")) - (patches (search-patches "cgal-security-pr-5371.patch")) - (patch-flags '("-p2")))) + "1rhrpjsp4081nn2q215h78kc4msrj0081zg65k1gfp5hl88bg03y")))) (build-system cmake-build-system) (arguments '(#:tests? #f)) ; no test target diff --git a/gnu/packages/patches/cgal-security-pr-5371.patch b/gnu/packages/patches/cgal-security-pr-5371.patch deleted file mode 100644 index dea53dceaf..0000000000 --- a/gnu/packages/patches/cgal-security-pr-5371.patch +++ /dev/null @@ -1,1611 +0,0 @@ -From 618b409b0fbcef7cb536a4134ae3a424ef5aae45 Mon Sep 17 00:00:00 2001 -From: Maxime Gimeno -Date: Mon, 18 Jan 2021 15:40:40 +0100 -Subject: [PATCH 1/8] Fix Nef_2 and Nef_S2 IO - ---- - Nef_2/include/CGAL/Nef_2/PM_io_parser.h | 74 ++++++++++++--- - Nef_2/include/CGAL/Nef_polyhedron_2.h | 2 + - Nef_S2/include/CGAL/Nef_S2/SM_io_parser.h | 106 ++++++++++++++++------ - 3 files changed, 142 insertions(+), 40 deletions(-) - -diff --git a/Nef_2/include/CGAL/Nef_2/PM_io_parser.h b/Nef_2/include/CGAL/Nef_2/PM_io_parser.h -index 85295f3d85a..9b84dd37fbe 100644 ---- a/Nef_2/include/CGAL/Nef_2/PM_io_parser.h -+++ b/Nef_2/include/CGAL/Nef_2/PM_io_parser.h -@@ -200,6 +200,11 @@ bool PM_io_parser::read_vertex(Vertex_handle v) - !(in >> p) || - !check_sep("}") ) return false; - -+ if(!(f >= 0 && ((iso && f < fn) || (!iso && f < en)))) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - if (iso) v->set_face(Face_of[f]); - else v->set_halfedge(Halfedge_of[f]); - mark(v) = m; point(v) = p; -@@ -229,10 +234,14 @@ bool PM_io_parser::read_hedge(Halfedge_handle e) - !(in >> f) || !check_sep(",") || - !(in >> m) || !check_sep("}") ) - return false; -- CGAL_assertion_msg -- (eo >= 0 || (std::size_t) eo < en || epr >= 0 || (std::size_t) epr < en || ene >= 0 || (std::size_t) ene < en || -- v >= 0 || (std::size_t) v < vn || f >= 0 || (std::size_t) f < fn , -- "wrong index in read_hedge"); -+ -+ if(!(eo >= 0 && (std::size_t) eo < en && epr >= 0 && (std::size_t) epr < en && ene >= 0 && (std::size_t) ene < en && -+ v >= 0 && (std::size_t) v < vn && f >= 0 && (std::size_t) f < fn )) -+ { -+ in.clear(std::ios_base::badbit); -+ std::cerr<<"wrong index in read_hedge"<opposite()]); -@@ -267,14 +276,32 @@ bool PM_io_parser::read_face(Face_handle f) - int n, ei, vi; Mark m; - if ( !(in >> n) || !check_sep("{") ) return false; - if ( !(in >> ei) || !check_sep(",") ) return false; -- if (ei >= 0) f->set_halfedge(Halfedge_of[ei]); -+ if (ei >= 0 && ei < en) -+ { -+ f->set_halfedge(Halfedge_of[ei]); -+ } -+ else -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - while (in >> ei) { - CGAL_assertion_msg(ei >= 0 && (std::size_t) ei < en, "wrong index in face cycle list."); -+ if (!(ei >= 0 && ei < en)) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - f->store_fc(Halfedge_of[ei]); - } in.clear(); - if (!check_sep(",")) { return false; } - while (in >> vi) { - CGAL_assertion_msg(vi >= 0 && (std::size_t) vi < vn, "wrong index in iso vertex list."); -+ if (!(vi >= 0 && vi < vn)) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - f->store_iv(Vertex_of[vi]); - } in.clear(); - if (!check_sep(",") || !(in >> m) || !check_sep("}") ) -@@ -313,13 +340,26 @@ template - void PM_io_parser::read() - { - if ( !check_sep("Plane_map_2") ) -- CGAL_error_msg("PM_io_parser::read: no embedded_PM header."); -+ { -+ std::cerr<<"PM_io_parser::read: no embedded_PM header."<> vn)) ) -- CGAL_error_msg("PM_io_parser::read: wrong node line."); -+ { -+ std::cerr<<"PM_io_parser::read: wrong node line."<> en) && (en%2==0)) ) -- CGAL_error_msg("PM_io_parser::read: wrong edge line."); -+ { -+ std::cerr<<"PM_io_parser::read: wrong edge line."<> fn)) ) -- CGAL_error_msg("PM_io_parser::read: wrong face line."); -+ { -+ std::cerr<<"PM_io_parser::read: wrong face line."<::read() - - for(i=0; i> - std::cerr << "Nef_polyhedron_2 input corrupted." << std::endl; - NP = Nef_polyhedron_2(); - } -+ if(!is) -+ return is; - typename Nef_polyhedron_2::Topological_explorer D(NP.explorer()); - D.check_integrity_and_topological_planarity(); - return is; -diff --git a/Nef_S2/include/CGAL/Nef_S2/SM_io_parser.h b/Nef_S2/include/CGAL/Nef_S2/SM_io_parser.h -index 7bddd3036d5..631c63dc5dc 100644 ---- a/Nef_S2/include/CGAL/Nef_S2/SM_io_parser.h -+++ b/Nef_S2/include/CGAL/Nef_S2/SM_io_parser.h -@@ -203,8 +203,14 @@ bool SM_io_parser::read_vertex(SVertex_handle v) - !(in >> p) || - !check_sep("}") ) return false; - -- if (iso) set_face(v,SFace_of[f]); -- else set_first_out_edge(v,Edge_of[f]); -+ if(f<0 || (iso && f > fn) || (!iso && f > en)) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } -+ -+ if (iso) this->set_face(v,SFace_of[f]); -+ else this->set_first_out_edge(v,Edge_of[f]); - v->mark() = m; v->point() = p; - return true; - } -@@ -235,17 +241,21 @@ bool SM_io_parser::read_edge(SHalfedge_handle e) - !(in >> m) || !check_sep(",") || - !(in >> k) || !check_sep("}") ) - return false; -- CGAL_assertion_msg -+ if (! - (eo >= 0 && eo < en && epr >= 0 && epr < en && ene >= 0 && ene < en && -- v >= 0 && v < vn && f >= 0 && f < fn , -- "wrong index in read_edge"); -+ v >= 0 && v < vn && f >= 0 && f < fn )) -+ { -+ std::cerr<<"wrong index in read_edge"<twin()]); -- set_prev(e,Edge_of[epr]); -- set_next(e,Edge_of[ene]); -- set_source(e,SVertex_of[v]); -- set_face(e,SFace_of[f]); -+ this->set_prev(e,Edge_of[epr]); -+ this->set_next(e,Edge_of[ene]); -+ this->set_source(e,SVertex_of[v]); -+ this->set_face(e,SFace_of[f]); - e->mark() = m; - e->circle() = k; - return true; -@@ -274,7 +284,7 @@ bool SM_io_parser::read_loop(SHalfloop_handle l) - CGAL_assertion_msg( - (lo >= 0 && lo < 2 && f >= 0 && f < fn),"wrong index in read_edge"); - -- set_face(l,SFace_of[f]); -+ this->set_face(l,SFace_of[f]); - l->mark() = m; - l->circle() = k; - return true; -@@ -303,21 +313,33 @@ bool SM_io_parser::read_face(SFace_handle f) - int n, ei, vi, li; Mark m; - if ( !(in >> n) || !check_sep("{") ) return false; - while (in >> ei) { -- CGAL_assertion_msg(ei >= 0 && ei < en, -- "wrong index in face cycle list."); -- store_sm_boundary_object(Edge_of[ei],f); -+ if(!(ei >= 0 && ei < en)) -+ { -+ std::cerr<<"wrong index in face cycle list."<store_sm_boundary_object(Edge_of[ei],f); - } in.clear(); - if (!check_sep(",")) { return false; } - while (in >> vi) { -- CGAL_assertion_msg(vi >= 0 && vi < vn, -- "wrong index in iso vertex list."); -- store_sm_boundary_object(SVertex_of[vi],f); -+ if(!(vi >= 0 && vi < vn)) -+ { -+ std::cerr<<"wrong index in iso vertex list."<store_sm_boundary_object(SVertex_of[vi],f); - } in.clear(); - if (!check_sep(",")) { return false; } - while (in >> li) { -- CGAL_assertion_msg(li >= 0 && li < 2, -- "wrong index in iso vertex list."); -- store_sm_boundary_object(Loop_of[li],f); -+ if(!(li >= 0 && li < 2)) -+ { -+ std::cerr<<"wrong index in iso vertex list."<store_sm_boundary_object(Loop_of[li],f); - } in.clear(); - if (!check_sep(",") || !(in >> m) || !check_sep("}") ) - return false; -@@ -357,16 +379,36 @@ void SM_io_parser::print() const - template - void SM_io_parser::read() - { -+ if ( !check_sep("Nef_polyhedron_S2") ) -+ { -+ std::cerr<<"Missing line in header"<> vn)) ) -- CGAL_error_msg("SM_io_parser::read: wrong vertex line."); -+ { -+ std::cerr<<"SM_io_parser::read: wrong vertex line."<> en) && (en%2==0)) ) -- CGAL_error_msg("SM_io_parser::read: wrong edge line."); -+ { -+ std::cerr<<"SM_io_parser::read: wrong edge line."<> ln)) ) -- CGAL_error_msg("SM_io_parser::read: wrong loop line."); -+ { -+ std::cerr<<"SM_io_parser::read: wrong loop line."<> fn)) ) -- CGAL_error_msg("SM_io_parser::read: wrong face line."); -+ { -+ std::cerr<<"SM_io_parser::read: wrong face line."<::read() - - for(i=0; i -Date: Tue, 19 Jan 2021 12:24:08 +0100 -Subject: [PATCH 2/8] Fix Nef_3 - ---- - Nef_3/include/CGAL/Nef_3/SNC_io_parser.h | 195 ++++++++++++++++++++++- - 1 file changed, 188 insertions(+), 7 deletions(-) - -diff --git a/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h b/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h -index 5eee7528ee7..04d9d0ac8e8 100644 ---- a/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h -+++ b/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h -@@ -1444,40 +1444,61 @@ void SNC_io_parser::read_items(int plus01) { - typename std::vector::iterator vi; - for(vi=Vertex_of.begin(); vi!=Vertex_of.end(); ++vi) { - if (!read_vertex(*vi)) -- CGAL_error_msg("SNC_io_parser::read: error in node line"); -+ { -+ std::cerr<<"SNC_io_parser::read: error in node line"<::iterator ei; - for(ei=Edge_of.begin(); ei!=Edge_of.end(); ++ei) { - if (!read_edge(*ei)) -- CGAL_error_msg("SNC_io_parser::read: error in edge line"); -+ { -+ std::cerr<<"SNC_io_parser::read: error in edge line"<::iterator vhf_iterator; - vhf_iterator fi; - for(fi=Halffacet_of.begin(); fi!=Halffacet_of.end(); ++fi) { - if (!read_facet(*fi)) -- CGAL_error_msg("SNC_io_parser::read: error in facet line"); -+ { -+ std::cerr<<"SNC_io_parser::read: error in facet line"<::iterator ci; - for(ci=Volume_of.begin()+plus01; ci!=Volume_of.end(); ++ci) { - if (!read_volume(*ci)) -- CGAL_error_msg("SNC_io_parser::read: error in volume line"); -+ { -+ std::cerr<<"SNC_io_parser::read: error in volume line"<::iterator sei; - for(sei=SEdge_of.begin(); sei!=SEdge_of.end(); ++sei) { - if (!read_sedge(*sei)) -- CGAL_error_msg("SNC_io_parser::read: error in sedge line"); -+ { -+ std::cerr<<"SNC_io_parser::read: error in sedge line"<::iterator sli; - for(sli=SLoop_of.begin(); sli!=SLoop_of.end(); ++sli) { - if (!read_sloop(*sli)) -- CGAL_error_msg("SNC_io_parser::read: error in sloop line"); -+ { -+ std::cerr<<"SNC_io_parser::read: error in sloop line"<::iterator sfi; - for(sfi=SFace_of.begin(); sfi!=SFace_of.end(); ++sfi) { - if (!read_sface(*sfi)) -- CGAL_error_msg("SNC_io_parser::read: error in sface line"); -+ { -+ std::cerr<<"SNC_io_parser::read: error in sface line"<sncp()); -@@ -1535,21 +1556,56 @@ read_vertex(Vertex_handle vh) { - vh->sncp() = this->sncp(); - - in >> index; -+ if(index >= int(en)) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - vh->svertices_begin() = (index >= 0 ? Edge_of[index] : this->svertices_end()); - in >> index; -+ if(index >= int(en)) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - vh->svertices_last() = index >= 0 ? Edge_of[index] : this->svertices_end(); - OK = OK && test_string(","); - in >> index; -+ if(index >= int(sen)) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - vh->shalfedges_begin() = index >= 0 ? SEdge_of[index] : this->shalfedges_end(); - in >> index; -+ if(index >= int(sen)) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - vh->shalfedges_last() = index >= 0 ? SEdge_of[index] : this->shalfedges_end(); - OK = OK && test_string(","); - in >> index; -+ if(index >= int(sfn)) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - vh->sfaces_begin() = index >= 0 ? SFace_of[index] : this->sfaces_end(); - in >> index; -+ if(index >= int(sfn)) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - vh->sfaces_last() = index >= 0 ? SFace_of[index] : this->sfaces_end(); - OK = OK && test_string(","); - in >> index; -+ if(index >= int(sln)) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - vh->shalfloop() = index >= 0 ? SLoop_of[index] : this->shalfloops_end(); - OK = OK && test_string("|"); - #ifdef CGAL_NEF_NATURAL_COORDINATE_INPUT -@@ -1604,17 +1660,37 @@ read_edge(Halfedge_handle eh) { - OK = OK && test_string("{"); - - in >> index; -+ if(index < 0 || index >= int(en)) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - eh->twin() = Edge_of[index]; - OK = OK && test_string(","); - in >> index; -+ if(index < 0 || index >= int(vn)) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - eh->center_vertex() = Vertex_of[index]; - OK = OK && test_string(","); - in >> index; - if(index == 0) { - in >> index; -+ if(index < 0 || index >= int(sen)) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - eh->out_sedge() = SEdge_of[index]; - } else { - in >> index; -+ if(index < 0 || index >= int(sfn)) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - eh->incident_sface() = SFace_of[index]; - } - OK = OK && test_string("|"); -@@ -1669,6 +1745,11 @@ read_facet(Halffacet_handle fh) { - OK = OK && test_string("{"); - - in >> index; -+ if(index < 0 || index >= int(fn)) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - fh->twin() = Halffacet_of[index]; - OK = OK && test_string(","); - -@@ -1676,6 +1757,11 @@ read_facet(Halffacet_handle fh) { - while(isdigit(cc)) { - in.putback(cc); - in >> index; -+ if(index < 0 || index >= int(sen)) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - fh->boundary_entry_objects().push_back(make_object(SEdge_of[index])); - in >> cc; - } -@@ -1684,11 +1770,21 @@ read_facet(Halffacet_handle fh) { - while(isdigit(cc)) { - in.putback(cc); - in >> index; -+ if(index < 0 || index >= int(sln)) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - fh->boundary_entry_objects().push_back(make_object(SLoop_of[index])); - in >> cc; - } - - in >> index; -+ if(index < 0 || index >= int(vn)) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - fh->incident_volume() = Volume_of[index+addInfiBox]; - OK = OK && test_string("|"); - #ifdef CGAL_NEF_NATURAL_COORDINATE_INPUT -@@ -1731,6 +1827,11 @@ read_volume(Volume_handle ch) { - while(isdigit(cc)) { - in.putback(cc); - in >> index; -+ if(index < 0 || index >= int(sfn)) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - ch->shell_entry_objects().push_back(make_object(SFace_of[index])); - in >> cc; - } -@@ -1781,27 +1882,67 @@ read_sedge(SHalfedge_handle seh) { - OK = OK && test_string("{"); - - in >> index; -+ if(index < 0 || index >= int(sen)) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - seh->twin() = SEdge_of[index]; - OK = OK && test_string(","); - in >> index; -+ if(index < 0 || index >= int(sen)) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - seh->sprev() = SEdge_of[index]; - OK = OK && test_string(","); - in >> index; -+ if(index < 0 || index >= int(sen)) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - seh->snext() = SEdge_of[index]; - OK = OK && test_string(","); - in >> index; -+ if(index < 0 || index >= int(en)) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - seh->source() = Edge_of[index]; - OK = OK && test_string(","); - in >> index; -+ if(index < 0 || index >= int(sfn)) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - seh->incident_sface() = SFace_of[index]; - OK = OK && test_string(","); - in >> index; -+ if(index < 0 || index >= int(sen)) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - seh->prev() = SEdge_of[index]; - OK = OK && test_string(","); - in >> index; -+ if(index < 0 || index >= int(sen)) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - seh->next() = SEdge_of[index]; - OK = OK && test_string(","); - in >> index; -+ if(index < 0 || index >= int(fn)) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - seh->facet() = Halffacet_of[index]; - OK = OK && test_string("|"); - #ifdef CGAL_NEF_NATURAL_COORDINATE_INPUT -@@ -1852,12 +1993,27 @@ read_sloop(SHalfloop_handle slh) { - OK = OK && test_string("{"); - - in >> index; -+ if(index < 0 || index >= sln) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - slh->twin() = SLoop_of[index]; - OK = OK && test_string(","); - in >> index; -+ if(index < 0 || index >= sfn) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - slh->incident_sface() = SFace_of[index]; - OK = OK && test_string(","); - in >> index; -+ if(index < 0 || index >= fn) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - slh->facet() = Halffacet_of[index]; - OK = OK && test_string("|"); - #ifdef CGAL_NEF_NATURAL_COORDINATE_INPUT -@@ -1904,6 +2060,11 @@ read_sface(SFace_handle sfh) { - OK = OK && test_string("{"); - - in >> index; -+ if(index < 0 || index >= vn) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - sfh->center_vertex() = Vertex_of[index]; - OK = OK && test_string(","); - -@@ -1913,6 +2074,11 @@ read_sface(SFace_handle sfh) { - in >> index; - // sfh->boundary_entry_objects().push_back(SEdge_of[index]); - SM_decorator SD(&*sfh->center_vertex()); -+ if(index < 0 || index >= sen) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - SD.link_as_face_cycle(SEdge_of[index],sfh); - in >> cc; - } -@@ -1921,6 +2087,11 @@ read_sface(SFace_handle sfh) { - while(isdigit(cc)) { - in.putback(cc); - in >> index; -+ if(index < 0 || index >= en) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - sfh->boundary_entry_objects().push_back(make_object(Edge_of[index])); - this->sncp()->store_sm_boundary_item(Edge_of[index], --(sfh->sface_cycles_end())); - in >> cc; -@@ -1930,12 +2101,22 @@ read_sface(SFace_handle sfh) { - while(isdigit(cc)) { - in.putback(cc); - in >> index; -+ if(index < 0 || index >= sln) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - sfh->boundary_entry_objects().push_back(make_object(SLoop_of[index])); - this->sncp()->store_sm_boundary_item(SLoop_of[index], --(sfh->sface_cycles_end())); - in >> cc; - } - - in >> index; -+ if(index < 0 || index >= vn) -+ { -+ in.clear(std::ios_base::badbit); -+ return false; -+ } - sfh->volume() = Volume_of[index+addInfiBox]; - OK = OK && test_string("}"); - in >> sfh->mark(); - -From 9e291e6bbfe23137fb2dd3a0f8d6461229ca2376 Mon Sep 17 00:00:00 2001 -From: Maxime Gimeno -Date: Tue, 19 Jan 2021 14:04:54 +0100 -Subject: [PATCH 3/8] replace cerr by CGAL_warning_msg - ---- - Nef_2/include/CGAL/Nef_2/PM_io_parser.h | 14 +++--- - Nef_3/include/CGAL/Nef_3/SNC_io_parser.h | 53 ++++++++++++++++------- - Nef_S2/include/CGAL/Nef_S2/SM_io_parser.h | 18 ++++---- - 3 files changed, 54 insertions(+), 31 deletions(-) - -diff --git a/Nef_2/include/CGAL/Nef_2/PM_io_parser.h b/Nef_2/include/CGAL/Nef_2/PM_io_parser.h -index 9b84dd37fbe..52bc830e115 100644 ---- a/Nef_2/include/CGAL/Nef_2/PM_io_parser.h -+++ b/Nef_2/include/CGAL/Nef_2/PM_io_parser.h -@@ -341,23 +341,23 @@ void PM_io_parser::read() - { - if ( !check_sep("Plane_map_2") ) - { -- std::cerr<<"PM_io_parser::read: no embedded_PM header."<> vn)) ) - { -- std::cerr<<"PM_io_parser::read: wrong node line."<> en) && (en%2==0)) ) - { -- std::cerr<<"PM_io_parser::read: wrong edge line."<> fn)) ) - { -- std::cerr<<"PM_io_parser::read: wrong face line."<::read() - for(i=0; i - void SNC_io_parser::read() - { - if ( !check_sep("Selective Nef Complex") ) -- CGAL_error_msg("SNC_io_parser::read: no SNC header."); -+ { -+ CGAL_warning_msg(false, "SNC_io_parser::read: no SNC header."); -+ returnl -+ } - std::string kernel_type; - in >> kernel_type; - CGAL_assertion(kernel_type == "standard" || kernel_type == "extended"); - if ( !(check_sep("vertices") && (in >> vn)) ) -- CGAL_error_msg("SNC_io_parser::read: wrong vertex line."); -+ { -+ CGAL_warning_msg(false, "SNC_io_parser::read: wrong vertex line."); -+ return; -+ } - if ( !(check_sep("halfedges") && (in >> en) && (en%2==0)) ) -- CGAL_error_msg("SNC_io_parser::read: wrong edge line."); -+ { -+ CGAL_warning_msg(false, "SNC_io_parser::read: wrong edge line."); -+ return; -+ } - if ( !(check_sep("facets") && (in >> fn) && (fn%2==0)) ) -- CGAL_error_msg("SNC_io_parser::read: wrong facet line."); -+ { -+ CGAL_warning_msg(false, "SNC_io_parser::read: wrong facet line."); -+ } - if ( !(check_sep("volumes") && (in >> cn)) ) -- CGAL_error_msg("SNC_io_parser::read: wrong volume line."); -+ { -+ CGAL_warning_msg(false, "SNC_io_parser::read: wrong volume line."); -+ return; -+ } - if ( !(check_sep("shalfedges") && (in >> sen)) ) -- CGAL_error_msg("SNC_io_parser::read: wrong sedge line."); -+ { -+ CGAL_warning_msg(false, "SNC_io_parser::read: wrong sedge line."); -+ return; -+ } - if ( !(check_sep("shalfloops") && (in >> sln)) ) -- CGAL_error_msg("SNC_io_parser::read: wrong sloop line."); -+ { -+ CGAL_warning_msg(false, "SNC_io_parser::read: wrong sloop line."); -+ return; -+ } - if ( !(check_sep("sfaces") && (in >> sfn)) ) -- CGAL_error_msg("SNC_io_parser::read: wrong sface line."); -+ { -+ CGAL_warning_msg(false, "SNC_io_parser::read: wrong sface line."); -+ return; -+ } - - addInfiBox = (kernel_type == "standard" && Infi_box::extended_kernel()); - -@@ -1445,7 +1468,7 @@ void SNC_io_parser::read_items(int plus01) { - for(vi=Vertex_of.begin(); vi!=Vertex_of.end(); ++vi) { - if (!read_vertex(*vi)) - { -- std::cerr<<"SNC_io_parser::read: error in node line"<::read_items(int plus01) { - for(ei=Edge_of.begin(); ei!=Edge_of.end(); ++ei) { - if (!read_edge(*ei)) - { -- std::cerr<<"SNC_io_parser::read: error in edge line"<::read_items(int plus01) { - for(fi=Halffacet_of.begin(); fi!=Halffacet_of.end(); ++fi) { - if (!read_facet(*fi)) - { -- std::cerr<<"SNC_io_parser::read: error in facet line"<::read_items(int plus01) { - for(ci=Volume_of.begin()+plus01; ci!=Volume_of.end(); ++ci) { - if (!read_volume(*ci)) - { -- std::cerr<<"SNC_io_parser::read: error in volume line"<::read_items(int plus01) { - for(sei=SEdge_of.begin(); sei!=SEdge_of.end(); ++sei) { - if (!read_sedge(*sei)) - { -- std::cerr<<"SNC_io_parser::read: error in sedge line"<::read_items(int plus01) { - for(sli=SLoop_of.begin(); sli!=SLoop_of.end(); ++sli) { - if (!read_sloop(*sli)) - { -- std::cerr<<"SNC_io_parser::read: error in sloop line"<::read_items(int plus01) { - for(sfi=SFace_of.begin(); sfi!=SFace_of.end(); ++sfi) { - if (!read_sface(*sfi)) - { -- std::cerr<<"SNC_io_parser::read: error in sface line"<::read() - { - if ( !check_sep("Nef_polyhedron_S2") ) - { -- std::cerr<<"Missing line in header"<> vn)) ) - { -- std::cerr<<"SM_io_parser::read: wrong vertex line."<> en) && (en%2==0)) ) - { -- std::cerr<<"SM_io_parser::read: wrong edge line."<> ln)) ) - { -- std::cerr<<"SM_io_parser::read: wrong loop line."<> fn)) ) - { -- std::cerr<<"SM_io_parser::read: wrong face line."<::read() - for(i=0; i::read() - for(i=0; i -Date: Wed, 20 Jan 2021 08:38:33 +0100 -Subject: [PATCH 4/8] Fix typo and use setstate - ---- - Nef_2/include/CGAL/Nef_2/PM_io_parser.h | 10 ++-- - Nef_3/include/CGAL/Nef_3/SNC_io_parser.h | 66 +++++++++++------------ - Nef_S2/include/CGAL/Nef_S2/SM_io_parser.h | 10 ++-- - 3 files changed, 43 insertions(+), 43 deletions(-) - -diff --git a/Nef_2/include/CGAL/Nef_2/PM_io_parser.h b/Nef_2/include/CGAL/Nef_2/PM_io_parser.h -index 52bc830e115..64a3e94916e 100644 ---- a/Nef_2/include/CGAL/Nef_2/PM_io_parser.h -+++ b/Nef_2/include/CGAL/Nef_2/PM_io_parser.h -@@ -202,7 +202,7 @@ bool PM_io_parser::read_vertex(Vertex_handle v) - - if(!(f >= 0 && ((iso && f < fn) || (!iso && f < en)))) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - if (iso) v->set_face(Face_of[f]); -@@ -238,7 +238,7 @@ bool PM_io_parser::read_hedge(Halfedge_handle e) - if(!(eo >= 0 && (std::size_t) eo < en && epr >= 0 && (std::size_t) epr < en && ene >= 0 && (std::size_t) ene < en && - v >= 0 && (std::size_t) v < vn && f >= 0 && (std::size_t) f < fn )) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - std::cerr<<"wrong index in read_hedge"<::read_face(Face_handle f) - } - else - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - while (in >> ei) { - CGAL_assertion_msg(ei >= 0 && (std::size_t) ei < en, "wrong index in face cycle list."); - if (!(ei >= 0 && ei < en)) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - f->store_fc(Halfedge_of[ei]); -@@ -299,7 +299,7 @@ bool PM_io_parser::read_face(Face_handle f) - CGAL_assertion_msg(vi >= 0 && (std::size_t) vi < vn, "wrong index in iso vertex list."); - if (!(vi >= 0 && vi < vn)) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - f->store_iv(Vertex_of[vi]); -diff --git a/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h b/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h -index 21c54dd4133..e5530445153 100644 ---- a/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h -+++ b/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h -@@ -1402,7 +1402,7 @@ void SNC_io_parser::read() - if ( !check_sep("Selective Nef Complex") ) - { - CGAL_warning_msg(false, "SNC_io_parser::read: no SNC header."); -- returnl -+ return; - } - std::string kernel_type; - in >> kernel_type; -@@ -1581,14 +1581,14 @@ read_vertex(Vertex_handle vh) { - in >> index; - if(index >= int(en)) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - vh->svertices_begin() = (index >= 0 ? Edge_of[index] : this->svertices_end()); - in >> index; - if(index >= int(en)) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - vh->svertices_last() = index >= 0 ? Edge_of[index] : this->svertices_end(); -@@ -1596,14 +1596,14 @@ read_vertex(Vertex_handle vh) { - in >> index; - if(index >= int(sen)) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - vh->shalfedges_begin() = index >= 0 ? SEdge_of[index] : this->shalfedges_end(); - in >> index; - if(index >= int(sen)) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - vh->shalfedges_last() = index >= 0 ? SEdge_of[index] : this->shalfedges_end(); -@@ -1611,14 +1611,14 @@ read_vertex(Vertex_handle vh) { - in >> index; - if(index >= int(sfn)) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - vh->sfaces_begin() = index >= 0 ? SFace_of[index] : this->sfaces_end(); - in >> index; - if(index >= int(sfn)) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - vh->sfaces_last() = index >= 0 ? SFace_of[index] : this->sfaces_end(); -@@ -1626,7 +1626,7 @@ read_vertex(Vertex_handle vh) { - in >> index; - if(index >= int(sln)) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - vh->shalfloop() = index >= 0 ? SLoop_of[index] : this->shalfloops_end(); -@@ -1685,7 +1685,7 @@ read_edge(Halfedge_handle eh) { - in >> index; - if(index < 0 || index >= int(en)) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - eh->twin() = Edge_of[index]; -@@ -1693,7 +1693,7 @@ read_edge(Halfedge_handle eh) { - in >> index; - if(index < 0 || index >= int(vn)) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - eh->center_vertex() = Vertex_of[index]; -@@ -1703,7 +1703,7 @@ read_edge(Halfedge_handle eh) { - in >> index; - if(index < 0 || index >= int(sen)) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - eh->out_sedge() = SEdge_of[index]; -@@ -1711,7 +1711,7 @@ read_edge(Halfedge_handle eh) { - in >> index; - if(index < 0 || index >= int(sfn)) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - eh->incident_sface() = SFace_of[index]; -@@ -1770,7 +1770,7 @@ read_facet(Halffacet_handle fh) { - in >> index; - if(index < 0 || index >= int(fn)) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - fh->twin() = Halffacet_of[index]; -@@ -1782,7 +1782,7 @@ read_facet(Halffacet_handle fh) { - in >> index; - if(index < 0 || index >= int(sen)) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - fh->boundary_entry_objects().push_back(make_object(SEdge_of[index])); -@@ -1795,7 +1795,7 @@ read_facet(Halffacet_handle fh) { - in >> index; - if(index < 0 || index >= int(sln)) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - fh->boundary_entry_objects().push_back(make_object(SLoop_of[index])); -@@ -1805,7 +1805,7 @@ read_facet(Halffacet_handle fh) { - in >> index; - if(index < 0 || index >= int(vn)) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - fh->incident_volume() = Volume_of[index+addInfiBox]; -@@ -1852,7 +1852,7 @@ read_volume(Volume_handle ch) { - in >> index; - if(index < 0 || index >= int(sfn)) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - ch->shell_entry_objects().push_back(make_object(SFace_of[index])); -@@ -1907,7 +1907,7 @@ read_sedge(SHalfedge_handle seh) { - in >> index; - if(index < 0 || index >= int(sen)) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - seh->twin() = SEdge_of[index]; -@@ -1915,7 +1915,7 @@ read_sedge(SHalfedge_handle seh) { - in >> index; - if(index < 0 || index >= int(sen)) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - seh->sprev() = SEdge_of[index]; -@@ -1923,7 +1923,7 @@ read_sedge(SHalfedge_handle seh) { - in >> index; - if(index < 0 || index >= int(sen)) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - seh->snext() = SEdge_of[index]; -@@ -1931,7 +1931,7 @@ read_sedge(SHalfedge_handle seh) { - in >> index; - if(index < 0 || index >= int(en)) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - seh->source() = Edge_of[index]; -@@ -1939,7 +1939,7 @@ read_sedge(SHalfedge_handle seh) { - in >> index; - if(index < 0 || index >= int(sfn)) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - seh->incident_sface() = SFace_of[index]; -@@ -1947,7 +1947,7 @@ read_sedge(SHalfedge_handle seh) { - in >> index; - if(index < 0 || index >= int(sen)) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - seh->prev() = SEdge_of[index]; -@@ -1955,7 +1955,7 @@ read_sedge(SHalfedge_handle seh) { - in >> index; - if(index < 0 || index >= int(sen)) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - seh->next() = SEdge_of[index]; -@@ -1963,7 +1963,7 @@ read_sedge(SHalfedge_handle seh) { - in >> index; - if(index < 0 || index >= int(fn)) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - seh->facet() = Halffacet_of[index]; -@@ -2018,7 +2018,7 @@ read_sloop(SHalfloop_handle slh) { - in >> index; - if(index < 0 || index >= sln) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - slh->twin() = SLoop_of[index]; -@@ -2026,7 +2026,7 @@ read_sloop(SHalfloop_handle slh) { - in >> index; - if(index < 0 || index >= sfn) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - slh->incident_sface() = SFace_of[index]; -@@ -2034,7 +2034,7 @@ read_sloop(SHalfloop_handle slh) { - in >> index; - if(index < 0 || index >= fn) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - slh->facet() = Halffacet_of[index]; -@@ -2085,7 +2085,7 @@ read_sface(SFace_handle sfh) { - in >> index; - if(index < 0 || index >= vn) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - sfh->center_vertex() = Vertex_of[index]; -@@ -2099,7 +2099,7 @@ read_sface(SFace_handle sfh) { - SM_decorator SD(&*sfh->center_vertex()); - if(index < 0 || index >= sen) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - SD.link_as_face_cycle(SEdge_of[index],sfh); -@@ -2112,7 +2112,7 @@ read_sface(SFace_handle sfh) { - in >> index; - if(index < 0 || index >= en) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - sfh->boundary_entry_objects().push_back(make_object(Edge_of[index])); -@@ -2126,7 +2126,7 @@ read_sface(SFace_handle sfh) { - in >> index; - if(index < 0 || index >= sln) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - sfh->boundary_entry_objects().push_back(make_object(SLoop_of[index])); -@@ -2137,7 +2137,7 @@ read_sface(SFace_handle sfh) { - in >> index; - if(index < 0 || index >= vn) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - sfh->volume() = Volume_of[index+addInfiBox]; -diff --git a/Nef_S2/include/CGAL/Nef_S2/SM_io_parser.h b/Nef_S2/include/CGAL/Nef_S2/SM_io_parser.h -index a9377719f93..d58126bac9c 100644 ---- a/Nef_S2/include/CGAL/Nef_S2/SM_io_parser.h -+++ b/Nef_S2/include/CGAL/Nef_S2/SM_io_parser.h -@@ -205,7 +205,7 @@ bool SM_io_parser::read_vertex(SVertex_handle v) - - if(f<0 || (iso && f > fn) || (!iso && f > en)) - { -- in.clear(std::ios_base::badbit); -+ in.setstate(std::ios_base::badbit); - return false; - } - -@@ -246,7 +246,7 @@ bool SM_io_parser::read_edge(SHalfedge_handle e) - v >= 0 && v < vn && f >= 0 && f < fn )) - { - std::cerr<<"wrong index in read_edge"<::read_face(SFace_handle f) - if(!(ei >= 0 && ei < en)) - { - std::cerr<<"wrong index in face cycle list."<store_sm_boundary_object(Edge_of[ei],f); -@@ -326,7 +326,7 @@ bool SM_io_parser::read_face(SFace_handle f) - if(!(vi >= 0 && vi < vn)) - { - std::cerr<<"wrong index in iso vertex list."<store_sm_boundary_object(SVertex_of[vi],f); -@@ -336,7 +336,7 @@ bool SM_io_parser::read_face(SFace_handle f) - if(!(li >= 0 && li < 2)) - { - std::cerr<<"wrong index in iso vertex list."<store_sm_boundary_object(Loop_of[li],f); - -From ffa019712b0ad3b20e3d02edad4d731fda04a2ef Mon Sep 17 00:00:00 2001 -From: Maxime Gimeno -Date: Mon, 25 Jan 2021 12:59:48 +0100 -Subject: [PATCH 5/8] First face may be -1, don't fail on it, just don't use it - ---- - Nef_2/include/CGAL/Nef_2/PM_io_parser.h | 6 +----- - 1 file changed, 1 insertion(+), 5 deletions(-) - -diff --git a/Nef_2/include/CGAL/Nef_2/PM_io_parser.h b/Nef_2/include/CGAL/Nef_2/PM_io_parser.h -index 64a3e94916e..d08b08180d6 100644 ---- a/Nef_2/include/CGAL/Nef_2/PM_io_parser.h -+++ b/Nef_2/include/CGAL/Nef_2/PM_io_parser.h -@@ -280,11 +280,7 @@ bool PM_io_parser::read_face(Face_handle f) - { - f->set_halfedge(Halfedge_of[ei]); - } -- else -- { -- in.setstate(std::ios_base::badbit); -- return false; -- } -+ - while (in >> ei) { - CGAL_assertion_msg(ei >= 0 && (std::size_t) ei < en, "wrong index in face cycle list."); - if (!(ei >= 0 && ei < en)) - -From d78842712cdfcbb3bdfc5f7cb252d3772fd6a16f Mon Sep 17 00:00:00 2001 -From: Maxime Gimeno -Date: Tue, 26 Jan 2021 09:55:20 +0100 -Subject: [PATCH 6/8] Fix conversion warnigns - ---- - Nef_2/include/CGAL/Nef_2/PM_io_parser.h | 8 ++++---- - Nef_3/include/CGAL/Nef_3/SNC_io_parser.h | 18 +++++++++--------- - 2 files changed, 13 insertions(+), 13 deletions(-) - -diff --git a/Nef_2/include/CGAL/Nef_2/PM_io_parser.h b/Nef_2/include/CGAL/Nef_2/PM_io_parser.h -index d08b08180d6..39b99b37d7c 100644 ---- a/Nef_2/include/CGAL/Nef_2/PM_io_parser.h -+++ b/Nef_2/include/CGAL/Nef_2/PM_io_parser.h -@@ -200,7 +200,7 @@ bool PM_io_parser::read_vertex(Vertex_handle v) - !(in >> p) || - !check_sep("}") ) return false; - -- if(!(f >= 0 && ((iso && f < fn) || (!iso && f < en)))) -+ if(!(f >= 0 && ((iso && (std::size_t)f < fn) || (!iso && (std::size_t)f < en)))) - { - in.setstate(std::ios_base::badbit); - return false; -@@ -276,14 +276,14 @@ bool PM_io_parser::read_face(Face_handle f) - int n, ei, vi; Mark m; - if ( !(in >> n) || !check_sep("{") ) return false; - if ( !(in >> ei) || !check_sep(",") ) return false; -- if (ei >= 0 && ei < en) -+ if (ei >= 0 && (std::size_t) ei < en) - { - f->set_halfedge(Halfedge_of[ei]); - } - - while (in >> ei) { - CGAL_assertion_msg(ei >= 0 && (std::size_t) ei < en, "wrong index in face cycle list."); -- if (!(ei >= 0 && ei < en)) -+ if (!(ei >= 0 && (std::size_t)ei < en)) - { - in.setstate(std::ios_base::badbit); - return false; -@@ -293,7 +293,7 @@ bool PM_io_parser::read_face(Face_handle f) - if (!check_sep(",")) { return false; } - while (in >> vi) { - CGAL_assertion_msg(vi >= 0 && (std::size_t) vi < vn, "wrong index in iso vertex list."); -- if (!(vi >= 0 && vi < vn)) -+ if (!(vi >= 0 && (std::size_t)vi < vn)) - { - in.setstate(std::ios_base::badbit); - return false; -diff --git a/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h b/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h -index e5530445153..1dde7f8d0b3 100644 ---- a/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h -+++ b/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h -@@ -1579,7 +1579,7 @@ read_vertex(Vertex_handle vh) { - vh->sncp() = this->sncp(); - - in >> index; -- if(index >= int(en)) -+ if(index >= (int)en) - { - in.setstate(std::ios_base::badbit); - return false; -@@ -2016,7 +2016,7 @@ read_sloop(SHalfloop_handle slh) { - OK = OK && test_string("{"); - - in >> index; -- if(index < 0 || index >= sln) -+ if(index < 0 || index >= (int)(sln)) - { - in.setstate(std::ios_base::badbit); - return false; -@@ -2024,7 +2024,7 @@ read_sloop(SHalfloop_handle slh) { - slh->twin() = SLoop_of[index]; - OK = OK && test_string(","); - in >> index; -- if(index < 0 || index >= sfn) -+ if(index < 0 || index >= (int)(sfn)) - { - in.setstate(std::ios_base::badbit); - return false; -@@ -2032,7 +2032,7 @@ read_sloop(SHalfloop_handle slh) { - slh->incident_sface() = SFace_of[index]; - OK = OK && test_string(","); - in >> index; -- if(index < 0 || index >= fn) -+ if(index < 0 || index >= (int)(fn)) - { - in.setstate(std::ios_base::badbit); - return false; -@@ -2083,7 +2083,7 @@ read_sface(SFace_handle sfh) { - OK = OK && test_string("{"); - - in >> index; -- if(index < 0 || index >= vn) -+ if(index < 0 || index >= (int)(sln)) - { - in.setstate(std::ios_base::badbit); - return false; -@@ -2097,7 +2097,7 @@ read_sface(SFace_handle sfh) { - in >> index; - // sfh->boundary_entry_objects().push_back(SEdge_of[index]); - SM_decorator SD(&*sfh->center_vertex()); -- if(index < 0 || index >= sen) -+ if(index < 0 || index >= (int)(sln)) - { - in.setstate(std::ios_base::badbit); - return false; -@@ -2110,7 +2110,7 @@ read_sface(SFace_handle sfh) { - while(isdigit(cc)) { - in.putback(cc); - in >> index; -- if(index < 0 || index >= en) -+ if(index < 0 || index >= (int)(sln)) - { - in.setstate(std::ios_base::badbit); - return false; -@@ -2124,7 +2124,7 @@ read_sface(SFace_handle sfh) { - while(isdigit(cc)) { - in.putback(cc); - in >> index; -- if(index < 0 || index >= sln) -+ if(index < 0 || index >= (int)(sln)) - { - in.setstate(std::ios_base::badbit); - return false; -@@ -2135,7 +2135,7 @@ read_sface(SFace_handle sfh) { - } - - in >> index; -- if(index < 0 || index >= vn) -+ if(index < 0 || index >= (int)(sln)) - { - in.setstate(std::ios_base::badbit); - return false; - -From 23cc6b0f4a2ac6061b01d86411d58b6da7ff5a34 Mon Sep 17 00:00:00 2001 -From: Maxime Gimeno -Date: Wed, 27 Jan 2021 10:04:45 +0100 -Subject: [PATCH 7/8] Fix read_sface - ---- - .../Convex_decomposition_3/check_decomposition.cpp | 2 ++ - Nef_3/include/CGAL/Nef_3/SNC_io_parser.h | 10 +++++----- - 2 files changed, 7 insertions(+), 5 deletions(-) - -diff --git a/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h b/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h -index 1dde7f8d0b3..a31a07c5d99 100644 ---- a/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h -+++ b/Nef_3/include/CGAL/Nef_3/SNC_io_parser.h -@@ -1803,7 +1803,7 @@ read_facet(Halffacet_handle fh) { - } - - in >> index; -- if(index < 0 || index >= int(vn)) -+ if(index < 0 || index >= int(cn)) - { - in.setstate(std::ios_base::badbit); - return false; -@@ -2083,7 +2083,7 @@ read_sface(SFace_handle sfh) { - OK = OK && test_string("{"); - - in >> index; -- if(index < 0 || index >= (int)(sln)) -+ if(index < 0 || index >= (int)(vn)) - { - in.setstate(std::ios_base::badbit); - return false; -@@ -2097,7 +2097,7 @@ read_sface(SFace_handle sfh) { - in >> index; - // sfh->boundary_entry_objects().push_back(SEdge_of[index]); - SM_decorator SD(&*sfh->center_vertex()); -- if(index < 0 || index >= (int)(sln)) -+ if(index < 0 || index >= (int)(sen)) - { - in.setstate(std::ios_base::badbit); - return false; -@@ -2110,7 +2110,7 @@ read_sface(SFace_handle sfh) { - while(isdigit(cc)) { - in.putback(cc); - in >> index; -- if(index < 0 || index >= (int)(sln)) -+ if(index < 0 || index >= (int)(en)) - { - in.setstate(std::ios_base::badbit); - return false; -@@ -2135,7 +2135,7 @@ read_sface(SFace_handle sfh) { - } - - in >> index; -- if(index < 0 || index >= (int)(sln)) -+ if(index < 0 || index >= (int)(cn)) - { - in.setstate(std::ios_base::badbit); - return false; - -- cgit v1.2.3 From 46cac065be7b457ea084633720eeb33c7d44222c Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Tue, 23 Mar 2021 14:12:29 +0100 Subject: gnu: efibootmgr: Update to 17. * gnu/packages/linux.scm (efibootmgr): Update to 17. [source]: Use GIT-FETCH and GIT-FILE-NAME. Add a patch to build against efivar@37. * gnu/packages/patches/efibootmgr-remove-extra-decl.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/linux.scm | 20 ++++++++-------- .../patches/efibootmgr-remove-extra-decl.patch | 27 ++++++++++++++++++++++ 3 files changed, 39 insertions(+), 9 deletions(-) create mode 100644 gnu/packages/patches/efibootmgr-remove-extra-decl.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 5c5555069e..f8991ff78a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -955,6 +955,7 @@ dist_patch_DATA = \ %D%/packages/patches/ecl-16-format-directive-limit.patch \ %D%/packages/patches/ecl-16-ignore-stderr-write-error.patch \ %D%/packages/patches/ecl-16-libffi.patch \ + %D%/packages/patches/efibootmgr-remove-extra-decl.patch \ %D%/packages/patches/eigen-remove-openmp-error-counting.patch \ %D%/packages/patches/eigen-stabilise-sparseqr-test.patch \ %D%/packages/patches/einstein-build.patch \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 0eaf014b5c..ac137f448d 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -6163,15 +6163,17 @@ interface to the variable facility of UEFI boot firmware.") (define-public efibootmgr (package (name "efibootmgr") - (version "16") - (source (origin - (method url-fetch) - (uri (string-append "https://github.com/rhinstaller/efibootmgr" - "/releases/download/" version "/efibootmgr" - "-" version ".tar.bz2")) - (sha256 - (base32 - "0pzn67vxxaf7jna4cd0i4kqm60h04kb21hckksv9z82q9gxra1wm")))) + (version "17") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/rhinstaller/efibootmgr") + (commit version))) + (file-name (git-file-name name version)) + (sha256 + (base32 "1niicijxg59rsmiw3rsjwy4bvi1n42dynvm01lnp9haixdzdpq03")) + (patches (search-patches "efibootmgr-remove-extra-decl.patch")))) (build-system gnu-build-system) (arguments `(#:tests? #f ;no tests diff --git a/gnu/packages/patches/efibootmgr-remove-extra-decl.patch b/gnu/packages/patches/efibootmgr-remove-extra-decl.patch new file mode 100644 index 0000000000..eb68108f88 --- /dev/null +++ b/gnu/packages/patches/efibootmgr-remove-extra-decl.patch @@ -0,0 +1,27 @@ +From 99b578501643377e0b1994b2a068b790d189d5ad Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 13 Jun 2018 09:41:01 -0400 +Subject: [PATCH] remove extra decl + +Signed-off-by: Peter Jones +--- + src/efibootmgr.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/src/efibootmgr.c b/src/efibootmgr.c +index de38f01..4e1a680 100644 +--- a/src/efibootmgr.c ++++ b/src/efibootmgr.c +@@ -1536,9 +1536,6 @@ parse_opts(int argc, char **argv) + "invalid numeric value %s\n", + optarg); + } +- /* XXX efivar-36 accidentally doesn't have a public +- * header for this */ +- extern int efi_set_verbose(int verbosity, FILE *errlog); + efi_set_verbose(opts.verbose - 2, stderr); + break; + case 'V': +-- +2.24.0 + -- cgit v1.2.3 From 6e98e9ca9237eb6a9830e9c65006a3ca534c94d0 Mon Sep 17 00:00:00 2001 From: Leo Le Bouter Date: Sat, 6 Feb 2021 20:02:31 +0100 Subject: gnu: glibc: Fix ldd path on powerpc*. This should avoid some problems, such as "not a dynamic executable" errors. * gnu/packages/patches/glibc-ldd-powerpc.patch: New patch. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/base.scm: (glibc)[native-inputs]: Add it. [arguments]: When building for powerpc* apply it. * gnu/packages/commencement.scm (glibc-final-with-bootstrap-bash, glibc-final)[native-inputs]: Add patch conditionally. This patch has been adjusted to apply to master. Signed-off-by: Chris Marusich Signed-off-by: Efraim Flashner --- gnu/local.mk | 1 + gnu/packages/base.scm | 16 +++++++++++++++- gnu/packages/commencement.scm | 10 +++++++++- gnu/packages/patches/glibc-ldd-powerpc.patch | 10 ++++++++++ 4 files changed, 35 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/glibc-ldd-powerpc.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 7891c58dfa..14d228cfa4 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1121,6 +1121,7 @@ dist_patch_DATA = \ %D%/packages/patches/glibc-hurd-mach-print.patch \ %D%/packages/patches/glibc-hurd-magic-pid.patch \ %D%/packages/patches/glibc-hurd-signal-sa-siginfo.patch \ + %D%/packages/patches/glibc-ldd-powerpc.patch \ %D%/packages/patches/glibc-ldd-x86_64.patch \ %D%/packages/patches/glibc-locales.patch \ %D%/packages/patches/glibc-locales-2.28.patch \ diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index 9aa69cfe77..7c5ac61f01 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -5,7 +5,7 @@ ;;; Copyright © 2014, 2015, 2016, 2018 Mark H Weaver ;;; Copyright © 2014 Alex Kost ;;; Copyright © 2014, 2015 Manolis Fragkiskos Ragkousis -;;; Copyright © 2016, 2017, 2019, 2020 Efraim Flashner +;;; Copyright © 2016, 2017, 2019, 2020, 2021 Efraim Flashner ;;; Copyright © 2016, 2020 Jan (janneke) Nieuwenhuizen ;;; Copyright © 2016, 2018 Alex Vong ;;; Copyright © 2017 Rene Saavedra @@ -15,6 +15,8 @@ ;;; Copyright © 2018 Tobias Geerinckx-Rice ;;; Copyright © 2018, 2019 Ricardo Wurmus ;;; Copyright © 2020 Vitaliy Shatrov +;;; Copyright © 2020 Chris Marusich +;;; Copyright © 2021 Leo Le Bouter ;;; ;;; This file is part of GNU Guix. ;;; @@ -890,6 +892,14 @@ the store.") files))) #t))) + ,@(if (target-powerpc?) + '((add-after 'unpack 'apply-patch + (lambda* (#:key inputs #:allow-other-keys) + (let ((patch (assoc-ref inputs + "powerpc64le-patch"))) + (invoke "patch" "--force" "-p1" + "-i" patch))))) + '()) ,@(if (hurd-target?) '((add-after 'install 'augment-libc.so (lambda* (#:key outputs #:allow-other-keys) @@ -911,6 +921,10 @@ the store.") ("gettext" ,gettext-minimal) ("python" ,python-minimal) + ,@(if (target-powerpc?) + `(("powerpc64le-patch" ,@(search-patches + "glibc-ldd-powerpc.patch"))) + '()) ,@(if (hurd-target?) `(("mig" ,mig) ("perl" ,perl)) diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm index 432910d7a3..93b0c50882 100644 --- a/gnu/packages/commencement.scm +++ b/gnu/packages/commencement.scm @@ -3313,7 +3313,11 @@ memoized as a function of '%current-system'." `(("bison" ,bison-boot0) ("texinfo" ,texinfo-boot0) ("perl" ,perl-boot0) - ("python" ,python-boot0))) + ("python" ,python-boot0) + ,@(if (target-powerpc?) + `(("powerpc64le-patch" ,@(search-patches + "glibc-ldd-powerpc.patch"))) + '()))) (inputs `( ;; The boot inputs. That includes the bootstrap libc. We don't want ;; it in $CPATH, hence the 'pre-configure' phase above. @@ -3464,6 +3468,10 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%" ;; This time we need 'msgfmt' to install all the libc.mo files. (native-inputs `(,@(package-native-inputs glibc-final-with-bootstrap-bash) + ,@(if (target-powerpc?) + `(("powerpc64le-patch" ,@(search-patches + "glibc-ldd-powerpc.patch"))) + '()) ("gettext" ,gettext-boot0))) (propagated-inputs diff --git a/gnu/packages/patches/glibc-ldd-powerpc.patch b/gnu/packages/patches/glibc-ldd-powerpc.patch new file mode 100644 index 0000000000..8e899ee99b --- /dev/null +++ b/gnu/packages/patches/glibc-ldd-powerpc.patch @@ -0,0 +1,10 @@ +diff -r -U3 a/sysdeps/unix/sysv/linux/powerpc/ldd-rewrite.sed b/sysdeps/unix/sysv/linux/powerpc/ldd-rewrite.sed +--- a/sysdeps/unix/sysv/linux/powerpc/ldd-rewrite.sed 1970-01-01 01:00:00.000000000 +0100 ++++ b/sysdeps/unix/sysv/linux/powerpc/ldd-rewrite.sed 2020-02-29 00:15:41.080000000 +0100 +@@ -11,5 +11,5 @@ + # this works for /lib64/ld64.so.x and /lib/ld.so.x as input + s_lib64_lib_ + s_64\.so_\.so_ +-s_^RTLDLIST=\(.*lib\)\(/[^/]*\)\(\.so\.[0-9.]*\)[[:blank:]]*$_RTLDLIST="\1\2\3 \164\264\3"_ ++s_^RTLDLIST=\(.*lib\)\(/[^/]*\)\(\.so\.[0-9.]*\)[[:blank:]]*$_RTLDLIST="\1\2\3 \1\264\3"_ + -- cgit v1.2.3