From 15e57f576291d9233ab25e1614c6218579db170a Mon Sep 17 00:00:00 2001 From: Hartmut Goebel Date: Tue, 18 Oct 2016 00:11:05 +0200 Subject: gnu: python-2.7: Add all guix prefixes in PYTHONPATH to site-prefixes. * gnu/packages/patches/python-2.7-site-prefixes.patch: New file. * gnu/packages/python.scm (python-2)[source]: Use it. * gnu/local.mk (dist_patch_DATA): Add patch. --- .../patches/python-2.7-site-prefixes.patch | 26 ++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 gnu/packages/patches/python-2.7-site-prefixes.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/python-2.7-site-prefixes.patch b/gnu/packages/patches/python-2.7-site-prefixes.patch new file mode 100644 index 0000000000..9e3066508f --- /dev/null +++ b/gnu/packages/patches/python-2.7-site-prefixes.patch @@ -0,0 +1,26 @@ +Add all /gnu/store/ prefixes found in PYTHONPATH to the prefixes where +site-packages (and .pth files) are searched. + +*** Python-2.7.11/Lib/site.py.orig 2016-10-17 23:27:23.746149690 +0200 +--- Python-2.7.11/Lib/site.py 2016-10-17 23:44:51.930871644 +0200 +*************** +*** 65,70 **** +--- 65,82 ---- + + # Prefixes for site-packages; add additional prefixes like /usr/local here + PREFIXES = [sys.prefix, sys.exec_prefix] ++ # Guix: Add all /gnu/store-paths in PYTHONPATH--these are all ++ # "prefixes". This is required to search .pth files in all python ++ # packages contained in /gnu/store which is required to make ++ # .pth-defined namespace packages work. ++ # This is necessary if the packages are not merged into a single ++ # `site-packages` directory (like when using `guix environment`) but ++ # listed in PYTHONPATH (like when running `guix build`). ++ for p in sys.path: ++ if p.startswith('/gnu/store/'): ++ PREFIXES.append(p[:p.find('/', 44)]) # find first pathsep after hash ++ del p ++ + # Enable per user site-packages directory + # set it to False to disable the feature or True to force the feature + ENABLE_USER_SITE = None -- cgit v1.2.3 From 66b1bac355dbe57625891e08c82056b567e42e65 Mon Sep 17 00:00:00 2001 From: Ben J Woodcroft Date: Sat, 19 Nov 2016 07:35:21 +1000 Subject: gnu: ruby: Update to 2.3.2. * gnu/packages/ruby.scm (ruby): Update to 2.3.2. [replacement]: Remove field. [origin]: Remove patch. * gnu/packages/patches/ruby-symlinkfix.patch: Remove file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/patches/ruby-symlinkfix.patch | 53 ------------------------------ gnu/packages/ruby.scm | 5 ++- 3 files changed, 2 insertions(+), 57 deletions(-) delete mode 100644 gnu/packages/patches/ruby-symlinkfix.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 08f99c4836..9a455e5ede 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -834,7 +834,6 @@ dist_patch_DATA = \ %D%/packages/patches/ruby-concurrent-ignore-broken-test.patch \ %D%/packages/patches/ruby-puma-ignore-broken-test.patch \ %D%/packages/patches/ruby-rack-ignore-failing-test.patch \ - %D%/packages/patches/ruby-symlinkfix.patch \ %D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\ %D%/packages/patches/ruby-yard-fix-skip-of-markdown-tests.patch \ %D%/packages/patches/sed-hurd-path-max.patch \ diff --git a/gnu/packages/patches/ruby-symlinkfix.patch b/gnu/packages/patches/ruby-symlinkfix.patch deleted file mode 100644 index 16beecc97a..0000000000 --- a/gnu/packages/patches/ruby-symlinkfix.patch +++ /dev/null @@ -1,53 +0,0 @@ -Fix symlinks to '..' to fix rubygems improperly expanding symlinked -paths. Without this fix, some gems fail to install. This patch is applied in -rubygems 2.5.2, but ruby version 2.3.1 bundles an older version of rubygems -(2.5.1). - ---- a/lib/rubygems/package.rb -+++ b/lib/rubygems/package.rb -@@ -383,7 +383,7 @@ def extract_tar_gz io, destination_dir, pattern = "*" # :nodoc: - FileUtils.chmod entry.header.mode, destination - end if entry.file? - -- File.symlink(install_location(entry.header.linkname, destination_dir), destination) if entry.symlink? -+ File.symlink(entry.header.linkname, destination) if entry.symlink? - - verbose destination - end -diff --git a/test/rubygems/test_gem_package.rb b/test/rubygems/test_gem_package.rb -index 7848bc2..f287bd3 100644 ---- a/test/rubygems/test_gem_package.rb -+++ b/test/rubygems/test_gem_package.rb -@@ -428,19 +428,25 @@ def test_extract_tar_gz_absolute - "#{@destination} is not allowed", e.message) - end - -- def test_extract_tar_gz_symlink_absolute -+ def test_extract_tar_gz_symlink_relative_path -+ skip 'symlink not supported' if Gem.win_platform? -+ - package = Gem::Package.new @gem - - tgz_io = util_tar_gz do |tar| -- tar.add_symlink 'code.rb', '/absolute.rb', 0644 -+ tar.add_file 'relative.rb', 0644 do |io| io.write 'hi' end -+ tar.mkdir 'lib', 0755 -+ tar.add_symlink 'lib/foo.rb', '../relative.rb', 0644 - end - -- e = assert_raises Gem::Package::PathError do -- package.extract_tar_gz tgz_io, @destination -- end -+ package.extract_tar_gz tgz_io, @destination - -- assert_equal("installing into parent path /absolute.rb of " + -- "#{@destination} is not allowed", e.message) -+ extracted = File.join @destination, 'lib/foo.rb' -+ assert_path_exists extracted -+ assert_equal '../relative.rb', -+ File.readlink(extracted) -+ assert_equal 'hi', -+ File.read(extracted) - end - - def test_extract_tar_gz_directory diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm index 42beda3d44..0f9b0d29ba 100644 --- a/gnu/packages/ruby.scm +++ b/gnu/packages/ruby.scm @@ -47,7 +47,7 @@ (define-public ruby (package (name "ruby") - (version "2.3.1") + (version "2.3.2") (source (origin (method url-fetch) @@ -56,9 +56,8 @@ "/ruby-" version ".tar.xz")) (sha256 (base32 - "0f3395q7pd2hrl2gv26bib80038sjawxgmhl9zn22fjs9m9va9b7")) + "031g76zxb2wp6988dmrpbqd98i17xi6l8q1115h83r2w0h8z6y2w")) (modules '((guix build utils))) - (patches (search-patches "ruby-symlinkfix.patch")) (snippet `(begin ;; Remove bundled libffi (delete-file-recursively "ext/fiddle/libffi-3.2.1") -- cgit v1.2.3 From 0bd1097c50950d47954b4dc136654dfbde45d5b1 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Wed, 23 Nov 2016 00:14:29 -0500 Subject: gnu: libtiff: Update to 4.0.7. * gnu/packages/image.scm (libtiff): Update to 4.0.7. [source]: Update URL and remove obsolete patches. [home-page]: Update URL. [native-inputs]: Add gcc-5. (libtiff-4.0.7): Delete variable. * gnu/packages/patches/libtiff-CVE-2015-8665+CVE-2015-8683.patch, gnu/packages/patches/libtiff-CVE-2016-3623.patch, gnu/packages/patches/libtiff-CVE-2016-3945.patch, gnu/packages/patches/libtiff-CVE-2016-3990.patch, gnu/packages/patches/libtiff-CVE-2016-3991.patch, gnu/packages/patches/libtiff-CVE-2016-5314.patch, gnu/packages/patches/libtiff-CVE-2016-5321.patch, gnu/packages/patches/libtiff-CVE-2016-5323.patch, gnu/packages/patches/libtiff-oob-accesses-in-decode.patch, gnu/packages/patches/libtiff-oob-write-in-nextdecode.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. --- gnu/local.mk | 10 -- gnu/packages/image.scm | 43 ++---- .../libtiff-CVE-2015-8665+CVE-2015-8683.patch | 107 ------------- gnu/packages/patches/libtiff-CVE-2016-3623.patch | 30 ---- gnu/packages/patches/libtiff-CVE-2016-3945.patch | 94 ----------- gnu/packages/patches/libtiff-CVE-2016-3990.patch | 31 ---- gnu/packages/patches/libtiff-CVE-2016-3991.patch | 123 --------------- gnu/packages/patches/libtiff-CVE-2016-5314.patch | 45 ------ gnu/packages/patches/libtiff-CVE-2016-5321.patch | 25 --- gnu/packages/patches/libtiff-CVE-2016-5323.patch | 88 ----------- .../patches/libtiff-oob-accesses-in-decode.patch | 171 --------------------- .../patches/libtiff-oob-write-in-nextdecode.patch | 49 ------ 12 files changed, 12 insertions(+), 804 deletions(-) delete mode 100644 gnu/packages/patches/libtiff-CVE-2015-8665+CVE-2015-8683.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2016-3623.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2016-3945.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2016-3990.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2016-3991.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2016-5314.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2016-5321.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2016-5323.patch delete mode 100644 gnu/packages/patches/libtiff-oob-accesses-in-decode.patch delete mode 100644 gnu/packages/patches/libtiff-oob-write-in-nextdecode.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index a0269ab56d..0d274d39e5 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -664,16 +664,6 @@ dist_patch_DATA = \ %D%/packages/patches/libssh-0.6.5-CVE-2016-0739.patch \ %D%/packages/patches/libtar-CVE-2013-4420.patch \ %D%/packages/patches/libtheora-config-guess.patch \ - %D%/packages/patches/libtiff-CVE-2015-8665+CVE-2015-8683.patch \ - %D%/packages/patches/libtiff-CVE-2016-3623.patch \ - %D%/packages/patches/libtiff-CVE-2016-3945.patch \ - %D%/packages/patches/libtiff-CVE-2016-3990.patch \ - %D%/packages/patches/libtiff-CVE-2016-3991.patch \ - %D%/packages/patches/libtiff-CVE-2016-5314.patch \ - %D%/packages/patches/libtiff-CVE-2016-5321.patch \ - %D%/packages/patches/libtiff-CVE-2016-5323.patch \ - %D%/packages/patches/libtiff-oob-accesses-in-decode.patch \ - %D%/packages/patches/libtiff-oob-write-in-nextdecode.patch \ %D%/packages/patches/libtool-skip-tests2.patch \ %D%/packages/patches/libunwind-CVE-2015-3239.patch \ %D%/packages/patches/libupnp-CVE-2016-6255.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 526c87cf86..611ac71572 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -36,6 +36,8 @@ #:use-module (gnu packages compression) #:use-module (gnu packages documentation) #:use-module (gnu packages fontutils) + ;; To provide gcc@5 and gcc@6, to work around . + #:use-module (gnu packages gcc) #:use-module (gnu packages gettext) #:use-module (gnu packages ghostscript) #:use-module (gnu packages gl) @@ -243,25 +245,14 @@ extracting icontainer icon files.") (define-public libtiff (package (name "libtiff") - (replacement libtiff-4.0.7) - (version "4.0.6") + (version "4.0.7") (source (origin (method url-fetch) - (uri (string-append "ftp://ftp.remotesensing.org/pub/libtiff/tiff-" - version ".tar.gz")) - (sha256 (base32 - "136nf1rj9dp5jgv1p7z4dk0xy3wki1w0vfjbk82f645m0w4samsd")) - (patches (search-patches - "libtiff-oob-accesses-in-decode.patch" - "libtiff-oob-write-in-nextdecode.patch" - "libtiff-CVE-2015-8665+CVE-2015-8683.patch" - "libtiff-CVE-2016-3623.patch" - "libtiff-CVE-2016-3945.patch" - "libtiff-CVE-2016-3990.patch" - "libtiff-CVE-2016-3991.patch" - "libtiff-CVE-2016-5314.patch" - "libtiff-CVE-2016-5321.patch" - "libtiff-CVE-2016-5323.patch")))) + (uri (string-append "ftp://download.osgeo.org/libtiff/tiff-" + version ".tar.gz")) + (sha256 + (base32 + "06ghqhr4db1ssq0acyyz49gr8k41gzw6pqb6mbn5r7jqp77s4hwz")))) (build-system gnu-build-system) (outputs '("out" "doc")) ;1.3 MiB of HTML documentation @@ -271,6 +262,9 @@ extracting icontainer icon files.") (assoc-ref %outputs "doc") "/share/doc/" ,name "-" ,version)))) + ;; Build with a patched GCC to work around . + (native-inputs + `(("gcc@5" ,gcc-5))) (inputs `(("zlib" ,zlib) ("libjpeg" ,libjpeg))) (synopsis "Library for handling TIFF files") @@ -281,20 +275,7 @@ Included are a library, libtiff, for reading and writing TIFF and a small collection of tools for doing simple manipulations of TIFF images.") (license (license:non-copyleft "file://COPYRIGHT" "See COPYRIGHT in the distribution.")) - (home-page "http://www.remotesensing.org/libtiff/"))) - -(define libtiff-4.0.7 - (package - (inherit libtiff) - (version "4.0.7") - (source (origin - (method url-fetch) - (uri (string-append "ftp://download.osgeo.org/libtiff/tiff-" - version ".tar.gz")) - (sha256 - (base32 - "06ghqhr4db1ssq0acyyz49gr8k41gzw6pqb6mbn5r7jqp77s4hwz")))) - (home-page "http://www.simplesystems.org/libtiff/"))) + (home-page "http://www.simplesystems.org/libtiff/"))) (define-public libwmf (package diff --git a/gnu/packages/patches/libtiff-CVE-2015-8665+CVE-2015-8683.patch b/gnu/packages/patches/libtiff-CVE-2015-8665+CVE-2015-8683.patch deleted file mode 100644 index 811516dbe9..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2015-8665+CVE-2015-8683.patch +++ /dev/null @@ -1,107 +0,0 @@ -2015-12-26 Even Rouault - - * libtiff/tif_getimage.c: fix out-of-bound reads in TIFFRGBAImage - interface in case of unsupported values of SamplesPerPixel/ExtraSamples - for LogLUV / CIELab. Add explicit call to TIFFRGBAImageOK() in - TIFFRGBAImageBegin(). Fix CVE-2015-8665 reported by limingxing and - CVE-2015-8683 reported by zzf of Alibaba. - -diff -u -r1.93 -r1.94 ---- libtiff/libtiff/tif_getimage.c 22 Nov 2015 15:31:03 -0000 1.93 -+++ libtiff/libtiff/tif_getimage.c 26 Dec 2015 17:32:03 -0000 1.94 -@@ -182,20 +182,22 @@ - "Planarconfiguration", td->td_planarconfig); - return (0); - } -- if( td->td_samplesperpixel != 3 ) -+ if( td->td_samplesperpixel != 3 || colorchannels != 3 ) - { - sprintf(emsg, -- "Sorry, can not handle image with %s=%d", -- "Samples/pixel", td->td_samplesperpixel); -+ "Sorry, can not handle image with %s=%d, %s=%d", -+ "Samples/pixel", td->td_samplesperpixel, -+ "colorchannels", colorchannels); - return 0; - } - break; - case PHOTOMETRIC_CIELAB: -- if( td->td_samplesperpixel != 3 || td->td_bitspersample != 8 ) -+ if( td->td_samplesperpixel != 3 || colorchannels != 3 || td->td_bitspersample != 8 ) - { - sprintf(emsg, -- "Sorry, can not handle image with %s=%d and %s=%d", -+ "Sorry, can not handle image with %s=%d, %s=%d and %s=%d", - "Samples/pixel", td->td_samplesperpixel, -+ "colorchannels", colorchannels, - "Bits/sample", td->td_bitspersample); - return 0; - } -@@ -255,6 +257,9 @@ - int colorchannels; - uint16 *red_orig, *green_orig, *blue_orig; - int n_color; -+ -+ if( !TIFFRGBAImageOK(tif, emsg) ) -+ return 0; - - /* Initialize to normal values */ - img->row_offset = 0; -@@ -2509,29 +2514,33 @@ - case PHOTOMETRIC_RGB: - switch (img->bitspersample) { - case 8: -- if (img->alpha == EXTRASAMPLE_ASSOCALPHA) -+ if (img->alpha == EXTRASAMPLE_ASSOCALPHA && -+ img->samplesperpixel >= 4) - img->put.contig = putRGBAAcontig8bittile; -- else if (img->alpha == EXTRASAMPLE_UNASSALPHA) -+ else if (img->alpha == EXTRASAMPLE_UNASSALPHA && -+ img->samplesperpixel >= 4) - { - if (BuildMapUaToAa(img)) - img->put.contig = putRGBUAcontig8bittile; - } -- else -+ else if( img->samplesperpixel >= 3 ) - img->put.contig = putRGBcontig8bittile; - break; - case 16: -- if (img->alpha == EXTRASAMPLE_ASSOCALPHA) -+ if (img->alpha == EXTRASAMPLE_ASSOCALPHA && -+ img->samplesperpixel >=4 ) - { - if (BuildMapBitdepth16To8(img)) - img->put.contig = putRGBAAcontig16bittile; - } -- else if (img->alpha == EXTRASAMPLE_UNASSALPHA) -+ else if (img->alpha == EXTRASAMPLE_UNASSALPHA && -+ img->samplesperpixel >=4 ) - { - if (BuildMapBitdepth16To8(img) && - BuildMapUaToAa(img)) - img->put.contig = putRGBUAcontig16bittile; - } -- else -+ else if( img->samplesperpixel >=3 ) - { - if (BuildMapBitdepth16To8(img)) - img->put.contig = putRGBcontig16bittile; -@@ -2540,7 +2549,7 @@ - } - break; - case PHOTOMETRIC_SEPARATED: -- if (buildMap(img)) { -+ if (img->samplesperpixel >=4 && buildMap(img)) { - if (img->bitspersample == 8) { - if (!img->Map) - img->put.contig = putRGBcontig8bitCMYKtile; -@@ -2636,7 +2645,7 @@ - } - break; - case PHOTOMETRIC_CIELAB: -- if (buildMap(img)) { -+ if (img->samplesperpixel == 3 && buildMap(img)) { - if (img->bitspersample == 8) - img->put.contig = initCIELabConversion(img); - break; diff --git a/gnu/packages/patches/libtiff-CVE-2016-3623.patch b/gnu/packages/patches/libtiff-CVE-2016-3623.patch deleted file mode 100644 index 08705861e3..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-3623.patch +++ /dev/null @@ -1,30 +0,0 @@ -Fix CVE-2016-3623. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3623 -http://bugzilla.maptools.org/show_bug.cgi?id=2569 - -Patch extracted from upstream CVS repo with: -$ cvs diff -u -r1.16 -r1.17 tools/rgb2ycbcr.c - -Index: tools/rgb2ycbcr.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/rgb2ycbcr.c,v -retrieving revision 1.16 -retrieving revision 1.17 -diff -u -r1.16 -r1.17 ---- libtiff/tools/rgb2ycbcr.c 21 Jun 2015 01:09:10 -0000 1.16 -+++ libtiff/tools/rgb2ycbcr.c 15 Aug 2016 21:26:56 -0000 1.17 -@@ -95,9 +95,13 @@ - break; - case 'h': - horizSubSampling = atoi(optarg); -+ if( horizSubSampling != 1 && horizSubSampling != 2 && horizSubSampling != 4 ) -+ usage(-1); - break; - case 'v': - vertSubSampling = atoi(optarg); -+ if( vertSubSampling != 1 && vertSubSampling != 2 && vertSubSampling != 4 ) -+ usage(-1); - break; - case 'r': - rowsperstrip = atoi(optarg); diff --git a/gnu/packages/patches/libtiff-CVE-2016-3945.patch b/gnu/packages/patches/libtiff-CVE-2016-3945.patch deleted file mode 100644 index 8ec62bab99..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-3945.patch +++ /dev/null @@ -1,94 +0,0 @@ -Fix CVE-2016-3945 (integer overflow in size of allocated -buffer, when -b mode is enabled, that could result in out-of-bounds -write). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3945 -http://bugzilla.maptools.org/show_bug.cgi?id=2545 - -Patch extracted from upstream CVS repo with: -$ cvs diff -u -r1.21 -r1.22 tools/tiff2rgba.c - -Index: tools/tiff2rgba.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2rgba.c,v -retrieving revision 1.21 -retrieving revision 1.22 -diff -u -r1.21 -r1.22 ---- libtiff/tools/tiff2rgba.c 21 Jun 2015 01:09:10 -0000 1.21 -+++ libtiff/tools/tiff2rgba.c 15 Aug 2016 20:06:41 -0000 1.22 -@@ -147,6 +147,7 @@ - uint32 row, col; - uint32 *wrk_line; - int ok = 1; -+ uint32 rastersize, wrk_linesize; - - TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width); - TIFFGetField(in, TIFFTAG_IMAGELENGTH, &height); -@@ -163,7 +164,13 @@ - /* - * Allocate tile buffer - */ -- raster = (uint32*)_TIFFmalloc(tile_width * tile_height * sizeof (uint32)); -+ rastersize = tile_width * tile_height * sizeof (uint32); -+ if (tile_width != (rastersize / tile_height) / sizeof( uint32)) -+ { -+ TIFFError(TIFFFileName(in), "Integer overflow when calculating raster buffer"); -+ exit(-1); -+ } -+ raster = (uint32*)_TIFFmalloc(rastersize); - if (raster == 0) { - TIFFError(TIFFFileName(in), "No space for raster buffer"); - return (0); -@@ -173,7 +180,13 @@ - * Allocate a scanline buffer for swapping during the vertical - * mirroring pass. - */ -- wrk_line = (uint32*)_TIFFmalloc(tile_width * sizeof (uint32)); -+ wrk_linesize = tile_width * sizeof (uint32); -+ if (tile_width != wrk_linesize / sizeof (uint32)) -+ { -+ TIFFError(TIFFFileName(in), "Integer overflow when calculating wrk_line buffer"); -+ exit(-1); -+ } -+ wrk_line = (uint32*)_TIFFmalloc(wrk_linesize); - if (!wrk_line) { - TIFFError(TIFFFileName(in), "No space for raster scanline buffer"); - ok = 0; -@@ -249,6 +262,7 @@ - uint32 row; - uint32 *wrk_line; - int ok = 1; -+ uint32 rastersize, wrk_linesize; - - TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width); - TIFFGetField(in, TIFFTAG_IMAGELENGTH, &height); -@@ -263,7 +277,13 @@ - /* - * Allocate strip buffer - */ -- raster = (uint32*)_TIFFmalloc(width * rowsperstrip * sizeof (uint32)); -+ rastersize = width * rowsperstrip * sizeof (uint32); -+ if (width != (rastersize / rowsperstrip) / sizeof( uint32)) -+ { -+ TIFFError(TIFFFileName(in), "Integer overflow when calculating raster buffer"); -+ exit(-1); -+ } -+ raster = (uint32*)_TIFFmalloc(rastersize); - if (raster == 0) { - TIFFError(TIFFFileName(in), "No space for raster buffer"); - return (0); -@@ -273,7 +293,13 @@ - * Allocate a scanline buffer for swapping during the vertical - * mirroring pass. - */ -- wrk_line = (uint32*)_TIFFmalloc(width * sizeof (uint32)); -+ wrk_linesize = width * sizeof (uint32); -+ if (width != wrk_linesize / sizeof (uint32)) -+ { -+ TIFFError(TIFFFileName(in), "Integer overflow when calculating wrk_line buffer"); -+ exit(-1); -+ } -+ wrk_line = (uint32*)_TIFFmalloc(wrk_linesize); - if (!wrk_line) { - TIFFError(TIFFFileName(in), "No space for raster scanline buffer"); - ok = 0; diff --git a/gnu/packages/patches/libtiff-CVE-2016-3990.patch b/gnu/packages/patches/libtiff-CVE-2016-3990.patch deleted file mode 100644 index 7641c3073b..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-3990.patch +++ /dev/null @@ -1,31 +0,0 @@ -Fix CVE-2016-3990 (write buffer overflow in PixarLogEncode if more input -samples are provided than expected by PixarLogSetupEncode). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3990 -http://bugzilla.maptools.org/show_bug.cgi?id=2544 - -Patch extracted from upstream CVS repo with: -$ cvs diff -u -r1.45 -r1.46 libtiff/tif_pixarlog.c - -Index: libtiff/tif_pixarlog.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_pixarlog.c,v -retrieving revision 1.45 -retrieving revision 1.46 -diff -u -r1.45 -r1.46 ---- libtiff/libtiff/tif_pixarlog.c 28 Jun 2016 15:37:33 -0000 1.45 -+++ libtiff/libtiff/tif_pixarlog.c 15 Aug 2016 20:49:48 -0000 1.46 -@@ -1141,6 +1141,13 @@ - } - - llen = sp->stride * td->td_imagewidth; -+ /* Check against the number of elements (of size uint16) of sp->tbuf */ -+ if( n > td->td_rowsperstrip * llen ) -+ { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Too many input bytes provided"); -+ return 0; -+ } - - for (i = 0, up = sp->tbuf; i < n; i += llen, up += llen) { - switch (sp->user_datafmt) { diff --git a/gnu/packages/patches/libtiff-CVE-2016-3991.patch b/gnu/packages/patches/libtiff-CVE-2016-3991.patch deleted file mode 100644 index cb05f0007f..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-3991.patch +++ /dev/null @@ -1,123 +0,0 @@ -Fix CVE-2016-3991 (out-of-bounds write in loadImage()). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3991 -http://bugzilla.maptools.org/show_bug.cgi?id=2543 - -Patch extracted from upstream CVS repo with: -$ cvs diff -u -r1.37 -r1.38 tools/tiffcrop.c - -Index: tools/tiffcrop.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v -retrieving revision 1.37 -retrieving revision 1.38 -diff -u -r1.37 -r1.38 ---- libtiff/tools/tiffcrop.c 11 Jul 2016 21:38:31 -0000 1.37 -+++ libtiff/tools/tiffcrop.c 15 Aug 2016 21:05:40 -0000 1.38 -@@ -798,6 +798,11 @@ - } - - tile_buffsize = tilesize; -+ if (tilesize == 0 || tile_rowsize == 0) -+ { -+ TIFFError("readContigTilesIntoBuffer", "Tile size or tile rowsize is zero"); -+ exit(-1); -+ } - - if (tilesize < (tsize_t)(tl * tile_rowsize)) - { -@@ -807,7 +812,12 @@ - tilesize, tl * tile_rowsize); - #endif - tile_buffsize = tl * tile_rowsize; -- } -+ if (tl != (tile_buffsize / tile_rowsize)) -+ { -+ TIFFError("readContigTilesIntoBuffer", "Integer overflow when calculating buffer size."); -+ exit(-1); -+ } -+ } - - tilebuf = _TIFFmalloc(tile_buffsize); - if (tilebuf == 0) -@@ -1210,6 +1220,12 @@ - !TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps) ) - return 1; - -+ if (tilesize == 0 || tile_rowsize == 0 || tl == 0 || tw == 0) -+ { -+ TIFFError("writeBufferToContigTiles", "Tile size, tile row size, tile width, or tile length is zero"); -+ exit(-1); -+ } -+ - tile_buffsize = tilesize; - if (tilesize < (tsize_t)(tl * tile_rowsize)) - { -@@ -1219,6 +1235,11 @@ - tilesize, tl * tile_rowsize); - #endif - tile_buffsize = tl * tile_rowsize; -+ if (tl != tile_buffsize / tile_rowsize) -+ { -+ TIFFError("writeBufferToContigTiles", "Integer overflow when calculating buffer size"); -+ exit(-1); -+ } - } - - tilebuf = _TIFFmalloc(tile_buffsize); -@@ -5945,12 +5966,27 @@ - TIFFGetField(in, TIFFTAG_TILELENGTH, &tl); - - tile_rowsize = TIFFTileRowSize(in); -+ if (ntiles == 0 || tlsize == 0 || tile_rowsize == 0) -+ { -+ TIFFError("loadImage", "File appears to be tiled, but the number of tiles, tile size, or tile rowsize is zero."); -+ exit(-1); -+ } - buffsize = tlsize * ntiles; -+ if (tlsize != (buffsize / ntiles)) -+ { -+ TIFFError("loadImage", "Integer overflow when calculating buffer size"); -+ exit(-1); -+ } - -- - if (buffsize < (uint32)(ntiles * tl * tile_rowsize)) - { - buffsize = ntiles * tl * tile_rowsize; -+ if (ntiles != (buffsize / tl / tile_rowsize)) -+ { -+ TIFFError("loadImage", "Integer overflow when calculating buffer size"); -+ exit(-1); -+ } -+ - #ifdef DEBUG2 - TIFFError("loadImage", - "Tilesize %u is too small, using ntiles * tilelength * tilerowsize %lu", -@@ -5969,8 +6005,25 @@ - TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rowsperstrip); - stsize = TIFFStripSize(in); - nstrips = TIFFNumberOfStrips(in); -+ if (nstrips == 0 || stsize == 0) -+ { -+ TIFFError("loadImage", "File appears to be striped, but the number of stipes or stripe size is zero."); -+ exit(-1); -+ } -+ - buffsize = stsize * nstrips; -- -+ if (stsize != (buffsize / nstrips)) -+ { -+ TIFFError("loadImage", "Integer overflow when calculating buffer size"); -+ exit(-1); -+ } -+ uint32 buffsize_check; -+ buffsize_check = ((length * width * spp * bps) + 7); -+ if (length != ((buffsize_check - 7) / width / spp / bps)) -+ { -+ TIFFError("loadImage", "Integer overflow detected."); -+ exit(-1); -+ } - if (buffsize < (uint32) (((length * width * spp * bps) + 7) / 8)) - { - buffsize = ((length * width * spp * bps) + 7) / 8; diff --git a/gnu/packages/patches/libtiff-CVE-2016-5314.patch b/gnu/packages/patches/libtiff-CVE-2016-5314.patch deleted file mode 100644 index e5380f8639..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-5314.patch +++ /dev/null @@ -1,45 +0,0 @@ -Fix CVE-2016-5314. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5314 -bugzilla.maptools.org/show_bug.cgi?id=2554 - -Patch extracted from upstream CVS repo with: -$ cvs diff -u -r1.43 -r1.44 libtiff/tif_pixarlog.c - -Index: libtiff/tif_pixarlog.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_pixarlog.c,v -retrieving revision 1.43 -retrieving revision 1.44 -diff -u -r1.43 -r1.44 ---- libtiff/libtiff/tif_pixarlog.c 27 Dec 2015 20:14:11 -0000 1.43 -+++ libtiff/libtiff/tif_pixarlog.c 28 Jun 2016 15:12:19 -0000 1.44 -@@ -459,6 +459,7 @@ - typedef struct { - TIFFPredictorState predict; - z_stream stream; -+ tmsize_t tbuf_size; /* only set/used on reading for now */ - uint16 *tbuf; - uint16 stride; - int state; -@@ -694,6 +695,7 @@ - sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size); - if (sp->tbuf == NULL) - return (0); -+ sp->tbuf_size = tbuf_size; - if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN) - sp->user_datafmt = PixarLogGuessDataFmt(td); - if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN) { -@@ -783,6 +785,12 @@ - TIFFErrorExt(tif->tif_clientdata, module, "ZLib cannot deal with buffers this size"); - return (0); - } -+ /* Check that we will not fill more than what was allocated */ -+ if (sp->stream.avail_out > sp->tbuf_size) -+ { -+ TIFFErrorExt(tif->tif_clientdata, module, "sp->stream.avail_out > sp->tbuf_size"); -+ return (0); -+ } - do { - int state = inflate(&sp->stream, Z_PARTIAL_FLUSH); - if (state == Z_STREAM_END) { diff --git a/gnu/packages/patches/libtiff-CVE-2016-5321.patch b/gnu/packages/patches/libtiff-CVE-2016-5321.patch deleted file mode 100644 index 2afca18e1d..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-5321.patch +++ /dev/null @@ -1,25 +0,0 @@ -Fix CVE-2016-5321. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5321 -http://bugzilla.maptools.org/show_bug.cgi?id=2558 - -Patch extracted from upstream CVS repo with: -$ cvs diff -u -r1.35 -r1.36 tools/tiffcrop.c - -Index: tools/tiffcrop.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v -retrieving revision 1.35 -retrieving revision 1.36 -diff -u -r1.35 -r1.36 ---- libtiff/tools/tiffcrop.c 19 Aug 2015 02:31:04 -0000 1.35 -+++ libtiff/tools/tiffcrop.c 11 Jul 2016 21:26:03 -0000 1.36 -@@ -989,7 +989,7 @@ - nrow = (row + tl > imagelength) ? imagelength - row : tl; - for (col = 0; col < imagewidth; col += tw) - { -- for (s = 0; s < spp; s++) -+ for (s = 0; s < spp && s < MAX_SAMPLES; s++) - { /* Read each plane of a tile set into srcbuffs[s] */ - tbytes = TIFFReadTile(in, srcbuffs[s], col, row, 0, s); - if (tbytes < 0 && !ignore) diff --git a/gnu/packages/patches/libtiff-CVE-2016-5323.patch b/gnu/packages/patches/libtiff-CVE-2016-5323.patch deleted file mode 100644 index 8b2a043d29..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-5323.patch +++ /dev/null @@ -1,88 +0,0 @@ -Fix CVE-2016-5323. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5323 -http://bugzilla.maptools.org/show_bug.cgi?id=2559 - -Patch extracted from upstream CVS repo with: -$ cvs diff -u -r1.36 -r1.37 tools/tiffcrop.c - -Index: tools/tiffcrop.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v -retrieving revision 1.36 -retrieving revision 1.37 -diff -u -r1.36 -r1.37 ---- libtiff/tools/tiffcrop.c 11 Jul 2016 21:26:03 -0000 1.36 -+++ libtiff/tools/tiffcrop.c 11 Jul 2016 21:38:31 -0000 1.37 -@@ -3738,7 +3738,7 @@ - - matchbits = maskbits << (8 - src_bit - bps); - /* load up next sample from each plane */ -- for (s = 0; s < spp; s++) -+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) - { - src = in[s] + src_offset + src_byte; - buff1 = ((*src) & matchbits) << (src_bit); -@@ -3837,7 +3837,7 @@ - src_bit = bit_offset % 8; - - matchbits = maskbits << (16 - src_bit - bps); -- for (s = 0; s < spp; s++) -+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) - { - src = in[s] + src_offset + src_byte; - if (little_endian) -@@ -3947,7 +3947,7 @@ - src_bit = bit_offset % 8; - - matchbits = maskbits << (32 - src_bit - bps); -- for (s = 0; s < spp; s++) -+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) - { - src = in[s] + src_offset + src_byte; - if (little_endian) -@@ -4073,7 +4073,7 @@ - src_bit = bit_offset % 8; - - matchbits = maskbits << (64 - src_bit - bps); -- for (s = 0; s < spp; s++) -+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) - { - src = in[s] + src_offset + src_byte; - if (little_endian) -@@ -4263,7 +4263,7 @@ - - matchbits = maskbits << (8 - src_bit - bps); - /* load up next sample from each plane */ -- for (s = 0; s < spp; s++) -+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) - { - src = in[s] + src_offset + src_byte; - buff1 = ((*src) & matchbits) << (src_bit); -@@ -4362,7 +4362,7 @@ - src_bit = bit_offset % 8; - - matchbits = maskbits << (16 - src_bit - bps); -- for (s = 0; s < spp; s++) -+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) - { - src = in[s] + src_offset + src_byte; - if (little_endian) -@@ -4471,7 +4471,7 @@ - src_bit = bit_offset % 8; - - matchbits = maskbits << (32 - src_bit - bps); -- for (s = 0; s < spp; s++) -+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) - { - src = in[s] + src_offset + src_byte; - if (little_endian) -@@ -4597,7 +4597,7 @@ - src_bit = bit_offset % 8; - - matchbits = maskbits << (64 - src_bit - bps); -- for (s = 0; s < spp; s++) -+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) - { - src = in[s] + src_offset + src_byte; - if (little_endian) diff --git a/gnu/packages/patches/libtiff-oob-accesses-in-decode.patch b/gnu/packages/patches/libtiff-oob-accesses-in-decode.patch deleted file mode 100644 index 3fea745056..0000000000 --- a/gnu/packages/patches/libtiff-oob-accesses-in-decode.patch +++ /dev/null @@ -1,171 +0,0 @@ -2015-12-27 Even Rouault - - * libtiff/tif_luv.c: fix potential out-of-bound writes in decode - functions in non debug builds by replacing assert()s by regular if - checks (bugzilla #2522). - Fix potential out-of-bound reads in case of short input data. - -diff -u -r1.40 -r1.41 ---- libtiff/libtiff/tif_luv.c 21 Jun 2015 01:09:09 -0000 1.40 -+++ libtiff/libtiff/tif_luv.c 27 Dec 2015 16:25:11 -0000 1.41 -@@ -1,4 +1,4 @@ --/* $Id: tif_luv.c,v 1.40 2015-06-21 01:09:09 bfriesen Exp $ */ -+/* $Id: tif_luv.c,v 1.41 2015-12-27 16:25:11 erouault Exp $ */ - - /* - * Copyright (c) 1997 Greg Ward Larson -@@ -202,7 +202,11 @@ - if (sp->user_datafmt == SGILOGDATAFMT_16BIT) - tp = (int16*) op; - else { -- assert(sp->tbuflen >= npixels); -+ if(sp->tbuflen < npixels) { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Translation buffer too short"); -+ return (0); -+ } - tp = (int16*) sp->tbuf; - } - _TIFFmemset((void*) tp, 0, npixels*sizeof (tp[0])); -@@ -211,9 +215,11 @@ - cc = tif->tif_rawcc; - /* get each byte string */ - for (shft = 2*8; (shft -= 8) >= 0; ) { -- for (i = 0; i < npixels && cc > 0; ) -+ for (i = 0; i < npixels && cc > 0; ) { - if (*bp >= 128) { /* run */ -- rc = *bp++ + (2-128); /* TODO: potential input buffer overrun when decoding corrupt or truncated data */ -+ if( cc < 2 ) -+ break; -+ rc = *bp++ + (2-128); - b = (int16)(*bp++ << shft); - cc -= 2; - while (rc-- && i < npixels) -@@ -223,6 +229,7 @@ - while (--cc && rc-- && i < npixels) - tp[i++] |= (int16)*bp++ << shft; - } -+ } - if (i != npixels) { - #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) - TIFFErrorExt(tif->tif_clientdata, module, -@@ -268,13 +275,17 @@ - if (sp->user_datafmt == SGILOGDATAFMT_RAW) - tp = (uint32 *)op; - else { -- assert(sp->tbuflen >= npixels); -+ if(sp->tbuflen < npixels) { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Translation buffer too short"); -+ return (0); -+ } - tp = (uint32 *) sp->tbuf; - } - /* copy to array of uint32 */ - bp = (unsigned char*) tif->tif_rawcp; - cc = tif->tif_rawcc; -- for (i = 0; i < npixels && cc > 0; i++) { -+ for (i = 0; i < npixels && cc >= 3; i++) { - tp[i] = bp[0] << 16 | bp[1] << 8 | bp[2]; - bp += 3; - cc -= 3; -@@ -325,7 +336,11 @@ - if (sp->user_datafmt == SGILOGDATAFMT_RAW) - tp = (uint32*) op; - else { -- assert(sp->tbuflen >= npixels); -+ if(sp->tbuflen < npixels) { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Translation buffer too short"); -+ return (0); -+ } - tp = (uint32*) sp->tbuf; - } - _TIFFmemset((void*) tp, 0, npixels*sizeof (tp[0])); -@@ -334,11 +349,13 @@ - cc = tif->tif_rawcc; - /* get each byte string */ - for (shft = 4*8; (shft -= 8) >= 0; ) { -- for (i = 0; i < npixels && cc > 0; ) -+ for (i = 0; i < npixels && cc > 0; ) { - if (*bp >= 128) { /* run */ -+ if( cc < 2 ) -+ break; - rc = *bp++ + (2-128); - b = (uint32)*bp++ << shft; -- cc -= 2; /* TODO: potential input buffer overrun when decoding corrupt or truncated data */ -+ cc -= 2; - while (rc-- && i < npixels) - tp[i++] |= b; - } else { /* non-run */ -@@ -346,6 +363,7 @@ - while (--cc && rc-- && i < npixels) - tp[i++] |= (uint32)*bp++ << shft; - } -+ } - if (i != npixels) { - #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) - TIFFErrorExt(tif->tif_clientdata, module, -@@ -413,6 +431,7 @@ - static int - LogL16Encode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) - { -+ static const char module[] = "LogL16Encode"; - LogLuvState* sp = EncoderState(tif); - int shft; - tmsize_t i; -@@ -433,7 +452,11 @@ - tp = (int16*) bp; - else { - tp = (int16*) sp->tbuf; -- assert(sp->tbuflen >= npixels); -+ if(sp->tbuflen < npixels) { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Translation buffer too short"); -+ return (0); -+ } - (*sp->tfunc)(sp, bp, npixels); - } - /* compress each byte string */ -@@ -506,6 +529,7 @@ - static int - LogLuvEncode24(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) - { -+ static const char module[] = "LogLuvEncode24"; - LogLuvState* sp = EncoderState(tif); - tmsize_t i; - tmsize_t npixels; -@@ -521,7 +545,11 @@ - tp = (uint32*) bp; - else { - tp = (uint32*) sp->tbuf; -- assert(sp->tbuflen >= npixels); -+ if(sp->tbuflen < npixels) { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Translation buffer too short"); -+ return (0); -+ } - (*sp->tfunc)(sp, bp, npixels); - } - /* write out encoded pixels */ -@@ -553,6 +581,7 @@ - static int - LogLuvEncode32(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) - { -+ static const char module[] = "LogLuvEncode32"; - LogLuvState* sp = EncoderState(tif); - int shft; - tmsize_t i; -@@ -574,7 +603,11 @@ - tp = (uint32*) bp; - else { - tp = (uint32*) sp->tbuf; -- assert(sp->tbuflen >= npixels); -+ if(sp->tbuflen < npixels) { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Translation buffer too short"); -+ return (0); -+ } - (*sp->tfunc)(sp, bp, npixels); - } - /* compress each byte string */ diff --git a/gnu/packages/patches/libtiff-oob-write-in-nextdecode.patch b/gnu/packages/patches/libtiff-oob-write-in-nextdecode.patch deleted file mode 100644 index 50657b667c..0000000000 --- a/gnu/packages/patches/libtiff-oob-write-in-nextdecode.patch +++ /dev/null @@ -1,49 +0,0 @@ -2015-12-27 Even Rouault - - * libtiff/tif_next.c: fix potential out-of-bound write in NeXTDecode() - triggered by http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif - (bugzilla #2508) - -diff -u -r1.16 -r1.18 ---- libtiff/libtiff/tif_next.c 29 Dec 2014 12:09:11 -0000 1.16 -+++ libtiff/libtiff/tif_next.c 27 Dec 2015 17:14:52 -0000 1.18 -@@ -1,4 +1,4 @@ --/* $Id: tif_next.c,v 1.16 2014-12-29 12:09:11 erouault Exp $ */ -+/* $Id: tif_next.c,v 1.18 2015-12-27 17:14:52 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -37,7 +37,7 @@ - case 0: op[0] = (unsigned char) ((v) << 6); break; \ - case 1: op[0] |= (v) << 4; break; \ - case 2: op[0] |= (v) << 2; break; \ -- case 3: *op++ |= (v); break; \ -+ case 3: *op++ |= (v); op_offset++; break; \ - } \ - } - -@@ -103,6 +103,7 @@ - } - default: { - uint32 npixels = 0, grey; -+ tmsize_t op_offset = 0; - uint32 imagewidth = tif->tif_dir.td_imagewidth; - if( isTiled(tif) ) - imagewidth = tif->tif_dir.td_tilewidth; -@@ -122,10 +123,15 @@ - * bounds, potentially resulting in a security - * issue. - */ -- while (n-- > 0 && npixels < imagewidth) -+ while (n-- > 0 && npixels < imagewidth && op_offset < scanline) - SETPIXEL(op, grey); - if (npixels >= imagewidth) - break; -+ if (op_offset >= scanline ) { -+ TIFFErrorExt(tif->tif_clientdata, module, "Invalid data for scanline %ld", -+ (long) tif->tif_row); -+ return (0); -+ } - if (cc == 0) - goto bad; - n = *bp++, cc--; -- cgit v1.2.3 From dbf8f84f15fb80fa41caeed073460853083e48d3 Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Fri, 25 Nov 2016 22:29:41 +0100 Subject: gnu: gcj: Fix build on armhf. * gnu/packages/patches/gcj-arm-mode.patch: New file. * gnu/local.mk (dist_patch_DATA): Add patch. * gnu/packages/gcc.scm (gcj): Add patch. [arguments]: Delete failing tests. --- gnu/local.mk | 1 + gnu/packages/gcc.scm | 14 +++++++++++++ gnu/packages/patches/gcj-arm-mode.patch | 36 +++++++++++++++++++++++++++++++++ 3 files changed, 51 insertions(+) create mode 100644 gnu/packages/patches/gcj-arm-mode.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 5a9001b6d4..5ab9c3b036 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -554,6 +554,7 @@ dist_patch_DATA = \ %D%/packages/patches/gcc-5.0-libvtv-runpath.patch \ %D%/packages/patches/gcc-6-arm-none-eabi-multilib.patch \ %D%/packages/patches/gcc-6-cross-environment-variables.patch \ + %D%/packages/patches/gcj-arm-mode.patch \ %D%/packages/patches/gd-CVE-2016-7568.patch \ %D%/packages/patches/gd-CVE-2016-8670.patch \ %D%/packages/patches/gd-fix-chunk-size-on-boundaries.patch \ diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm index c26cc4f497..ead270a3b5 100644 --- a/gnu/packages/gcc.scm +++ b/gnu/packages/gcc.scm @@ -521,6 +521,16 @@ as the 'native-search-paths' field." (define-public gcj (package (inherit gcc) (name "gcj") + (version (package-version gcc)) + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnu/gcc/gcc-" + version "/gcc-" version ".tar.bz2")) + (sha256 + (base32 + "0zmnm00d2a1hsd41g34bhvxzvxisa2l584q3p447bd91lfjv4ci3")) + (patches (cons (search-patch "gcj-arm-mode.diff") + (origin-patches (package-source gcc)))))) (inputs `(("fastjar" ,fastjar) ("perl" ,perl) @@ -568,6 +578,10 @@ as the 'native-search-paths' field." 'unpack 'patch-testsuite ;; dejagnu-1.6 removes the 'absolute' command (lambda _ + ;; This test fails on armhf. It seems harmless enough to disable it. + (for-each delete-file '("libjava/testsuite/libjava.lang/Throw_2.java" + "libjava/testsuite/libjava.lang/Throw_2.out" + "libjava/testsuite/libjava.lang/Throw_2.jar")) (substitute* "libjava/testsuite/lib/libjava.exp" (("absolute") "file normalize")) #t)) diff --git a/gnu/packages/patches/gcj-arm-mode.patch b/gnu/packages/patches/gcj-arm-mode.patch new file mode 100644 index 0000000000..16fdb5ecac --- /dev/null +++ b/gnu/packages/patches/gcj-arm-mode.patch @@ -0,0 +1,36 @@ +Taken from +https://sources.debian.net/data/main/g/gcc-4.9/4.9.2-10/debian/patches/gcj-arm-mode.diff + +# DP: For armhf, force arm mode instead of thumb mode + +--- a/src/libjava/configure.host ++++ b/src/libjava/configure.host +@@ -66,6 +66,9 @@ + ;; + esac + ++# on armhf force arm mode ++libgcj_flags="${libgcj_flags} -marm" ++ + AM_RUNTESTFLAGS= + + # Set any host dependent compiler flags. +--- a/src/gcc/java/lang-specs.h ++++ b/src/gcc/java/lang-specs.h +@@ -47,7 +47,7 @@ + %{.class|.zip|.jar|!fsyntax-only:jc1 \ + %{.java|fsaw-java-file:%U.jar -fsource-filename=%i % Date: Sun, 27 Nov 2016 18:59:54 +0100 Subject: gnu: gcj: Correct paths in ARM patch. * gnu/packages/patches/gcj-arm-mode.patch: Strip directories. --- gnu/packages/patches/gcj-arm-mode.patch | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/gcj-arm-mode.patch b/gnu/packages/patches/gcj-arm-mode.patch index 16fdb5ecac..a3f999f7e9 100644 --- a/gnu/packages/patches/gcj-arm-mode.patch +++ b/gnu/packages/patches/gcj-arm-mode.patch @@ -3,8 +3,8 @@ https://sources.debian.net/data/main/g/gcc-4.9/4.9.2-10/debian/patches/gcj-arm-m # DP: For armhf, force arm mode instead of thumb mode ---- a/src/libjava/configure.host -+++ b/src/libjava/configure.host +--- a/libjava/configure.host ++++ b/libjava/configure.host @@ -66,6 +66,9 @@ ;; esac @@ -15,8 +15,8 @@ https://sources.debian.net/data/main/g/gcc-4.9/4.9.2-10/debian/patches/gcj-arm-m AM_RUNTESTFLAGS= # Set any host dependent compiler flags. ---- a/src/gcc/java/lang-specs.h -+++ b/src/gcc/java/lang-specs.h +--- a/gcc/java/lang-specs.h ++++ b/gcc/java/lang-specs.h @@ -47,7 +47,7 @@ %{.class|.zip|.jar|!fsyntax-only:jc1 \ %{.java|fsaw-java-file:%U.jar -fsource-filename=%i % Date: Sun, 27 Nov 2016 00:19:21 -0500 Subject: gnu: python-rarfile: Update to 2.8. * gnu/packages/python.scm (python-rarfile, python2-rarfile): Update to 2.8. [source]: Remove obsolete patch. * gnu/packages/patches/python-rarfile-fix-tests.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/patches/python-rarfile-fix-tests.patch | 14 -------------- gnu/packages/python.scm | 6 ++---- 3 files changed, 2 insertions(+), 19 deletions(-) delete mode 100644 gnu/packages/patches/python-rarfile-fix-tests.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 5ab9c3b036..c50ef254e0 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -827,7 +827,6 @@ dist_patch_DATA = \ %D%/packages/patches/python-file-double-encoding-bug.patch \ %D%/packages/patches/python-fix-tests.patch \ %D%/packages/patches/python-parse-too-many-fields.patch \ - %D%/packages/patches/python-rarfile-fix-tests.patch \ %D%/packages/patches/python2-rdflib-drop-sparqlwrapper.patch \ %D%/packages/patches/python-statsmodels-fix-tests.patch \ %D%/packages/patches/python-configobj-setuptools.patch \ diff --git a/gnu/packages/patches/python-rarfile-fix-tests.patch b/gnu/packages/patches/python-rarfile-fix-tests.patch deleted file mode 100644 index 8ae8894009..0000000000 --- a/gnu/packages/patches/python-rarfile-fix-tests.patch +++ /dev/null @@ -1,14 +0,0 @@ -There is no test.sh, but there are test1.sh and test2.sh. - -diff --git a/test/Makefile b/test/Makefile -index 027bc5f..5383db3 100644 ---- a/test/Makefile -+++ b/test/Makefile -@@ -1,5 +1,6 @@ - test: -- ./test.sh -+ ./test1.sh -+ ./test2.sh - - clean: - rm -rf __pycache__ diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 5c27b90402..e3cde11ab4 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -9816,15 +9816,13 @@ module, adding support for Unicode strings.") (define-public python-rarfile (package (name "python-rarfile") - (version "2.7") + (version "2.8") (source (origin (method url-fetch) (uri (pypi-uri "rarfile" version)) (sha256 (base32 - "0d8n1dlpiz7av8dmbp0vclrwl9cnxizr4f2c9xvj1h5nvn480527")) - ;; https://github.com/markokr/rarfile/pull/17/ - (patches (search-patches "python-rarfile-fix-tests.patch")))) + "0qfad483kcbga0bn4qmcz953xjk16r52fahiy46zzn56v80y89ra")))) (build-system python-build-system) (arguments '(#:phases -- cgit v1.2.3 From c51d926c740f98883ce3332852e826f57fdf4566 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Mon, 28 Nov 2016 19:25:21 +0200 Subject: gnu: cairo: Fix CVE-2016-9082. * gnu/packages/gtk.scm (cairo)[replacement]: New field. (cairo/fixed): New variable. (cairo-xcb)[source]: Use patch. [replacement]: New field, set false. * gnu/packages/pdf.scm (poppler)[inputs]: Custom cairo should be replaced by a new custom patched cairo. * gnu/packages/patches/cairo-CVE-2016-9082.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/gtk.scm | 12 +++ gnu/packages/patches/cairo-CVE-2016-9082.patch | 122 +++++++++++++++++++++++++ gnu/packages/pdf.scm | 11 +++ 4 files changed, 146 insertions(+) create mode 100644 gnu/packages/patches/cairo-CVE-2016-9082.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 49609cd68f..9d0e4c5094 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -489,6 +489,7 @@ dist_patch_DATA = \ %D%/packages/patches/binutils-loongson-workaround.patch \ %D%/packages/patches/binutils-mips-bash-bug.patch \ %D%/packages/patches/byobu-writable-status.patch \ + %D%/packages/patches/cairo-CVE-2016-9082.patch \ %D%/packages/patches/calibre-drop-unrar.patch \ %D%/packages/patches/calibre-no-updates-dialog.patch \ %D%/packages/patches/cdparanoia-fpic.patch \ diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm index 17bd9c9b00..8a258b54cc 100644 --- a/gnu/packages/gtk.scm +++ b/gnu/packages/gtk.scm @@ -100,6 +100,7 @@ tools have full access to view and control running applications.") (define-public cairo (package (name "cairo") + (replacement cairo/fixed) (version "1.14.6") (source (origin (method url-fetch) @@ -153,6 +154,10 @@ affine transformation (scale, rotation, shear, etc.).") (package (inherit cairo) (name "cairo-xcb") + (source (origin + (inherit (package-source cairo)) + (patches (search-patches "cairo-CVE-2016-9082.patch")))) + (replacement #f) (inputs `(("mesa" ,mesa) ,@(package-inputs cairo))) @@ -162,6 +167,13 @@ affine transformation (scale, rotation, shear, etc.).") '("--enable-xlib-xcb" "--enable-gl" "--enable-egl"))) (synopsis "2D graphics library (with X11 support)"))) +(define cairo/fixed + (package + (inherit cairo) + (source (origin + (inherit (package-source cairo)) + (patches (search-patches "cairo-CVE-2016-9082.patch")))))) + (define-public harfbuzz (package (name "harfbuzz") diff --git a/gnu/packages/patches/cairo-CVE-2016-9082.patch b/gnu/packages/patches/cairo-CVE-2016-9082.patch new file mode 100644 index 0000000000..ad83404194 --- /dev/null +++ b/gnu/packages/patches/cairo-CVE-2016-9082.patch @@ -0,0 +1,122 @@ +From: Adrian Johnson +Date: Thu, 20 Oct 2016 21:12:30 +1030 +Subject: [PATCH] image: prevent invalid ptr access for > 4GB images + +Image data is often accessed using: + + image->data + y * image->stride + +On 64-bit achitectures if the image data is > 4GB, this computation +will overflow since both y and stride are 32-bit types. + +bug report: https://bugs.freedesktop.org/show_bug.cgi?id=98165 +patch: https://bugs.freedesktop.org/attachment.cgi?id=127421 +--- + boilerplate/cairo-boilerplate.c | 4 +++- + src/cairo-image-compositor.c | 4 ++-- + src/cairo-image-surface-private.h | 2 +- + src/cairo-mesh-pattern-rasterizer.c | 2 +- + src/cairo-png.c | 2 +- + src/cairo-script-surface.c | 3 ++- + 6 files changed, 10 insertions(+), 7 deletions(-) + +diff --git a/boilerplate/cairo-boilerplate.c b/boilerplate/cairo-boilerplate.c +index 7fdbf79..4804dea 100644 +--- a/boilerplate/cairo-boilerplate.c ++++ b/boilerplate/cairo-boilerplate.c +@@ -42,6 +42,7 @@ + #undef CAIRO_VERSION_H + #include "../cairo-version.h" + ++#include + #include + #include + #include +@@ -976,7 +977,8 @@ cairo_surface_t * + cairo_boilerplate_image_surface_create_from_ppm_stream (FILE *file) + { + char format; +- int width, height, stride; ++ int width, height; ++ ptrdiff_t stride; + int x, y; + unsigned char *data; + cairo_surface_t *image = NULL; +diff --git a/src/cairo-image-compositor.c b/src/cairo-image-compositor.c +index 48072f8..3ca0006 100644 +--- a/src/cairo-image-compositor.c ++++ b/src/cairo-image-compositor.c +@@ -1575,7 +1575,7 @@ typedef struct _cairo_image_span_renderer { + pixman_image_t *src, *mask; + union { + struct fill { +- int stride; ++ ptrdiff_t stride; + uint8_t *data; + uint32_t pixel; + } fill; +@@ -1594,7 +1594,7 @@ typedef struct _cairo_image_span_renderer { + struct finish { + cairo_rectangle_int_t extents; + int src_x, src_y; +- int stride; ++ ptrdiff_t stride; + uint8_t *data; + } mask; + } u; +diff --git a/src/cairo-image-surface-private.h b/src/cairo-image-surface-private.h +index 8ca694c..7e78d61 100644 +--- a/src/cairo-image-surface-private.h ++++ b/src/cairo-image-surface-private.h +@@ -71,7 +71,7 @@ struct _cairo_image_surface { + + int width; + int height; +- int stride; ++ ptrdiff_t stride; + int depth; + + unsigned owns_data : 1; +diff --git a/src/cairo-mesh-pattern-rasterizer.c b/src/cairo-mesh-pattern-rasterizer.c +index 1b63ca8..e7f0db6 100644 +--- a/src/cairo-mesh-pattern-rasterizer.c ++++ b/src/cairo-mesh-pattern-rasterizer.c +@@ -470,7 +470,7 @@ draw_pixel (unsigned char *data, int width, int height, int stride, + tg += tg >> 16; + tb += tb >> 16; + +- *((uint32_t*) (data + y*stride + 4*x)) = ((ta << 16) & 0xff000000) | ++ *((uint32_t*) (data + y*(ptrdiff_t)stride + 4*x)) = ((ta << 16) & 0xff000000) | + ((tr >> 8) & 0xff0000) | ((tg >> 16) & 0xff00) | (tb >> 24); + } + } +diff --git a/src/cairo-png.c b/src/cairo-png.c +index 562b743..aa8c227 100644 +--- a/src/cairo-png.c ++++ b/src/cairo-png.c +@@ -673,7 +673,7 @@ read_png (struct png_read_closure_t *png_closure) + } + + for (i = 0; i < png_height; i++) +- row_pointers[i] = &data[i * stride]; ++ row_pointers[i] = &data[i * (ptrdiff_t)stride]; + + png_read_image (png, row_pointers); + png_read_end (png, info); +diff --git a/src/cairo-script-surface.c b/src/cairo-script-surface.c +index ea0117d..91e4baa 100644 +--- a/src/cairo-script-surface.c ++++ b/src/cairo-script-surface.c +@@ -1202,7 +1202,8 @@ static cairo_status_t + _write_image_surface (cairo_output_stream_t *output, + const cairo_image_surface_t *image) + { +- int stride, row, width; ++ int row, width; ++ ptrdiff_t stride; + uint8_t row_stack[CAIRO_STACK_BUFFER_SIZE]; + uint8_t *rowdata; + uint8_t *data; +-- +2.1.4 + diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index 39f4d021de..6442f08af9 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -95,6 +95,17 @@ ;; To build poppler-glib (as needed by Evince), we need Cairo and ;; GLib. But of course, that Cairo must not depend on Poppler. ("cairo" ,(package (inherit cairo) + (replacement + (package + (inherit cairo) + (replacement #f) + (source + (origin + (inherit (package-source cairo)) + (patches (search-patches + "cairo-CVE-2016-9082.patch")))) + (inputs (alist-delete "poppler" + (package-inputs cairo))))) (inputs (alist-delete "poppler" (package-inputs cairo))))) ("glib" ,glib))) -- cgit v1.2.3 From 161fb9be8edf37cf52c3d223214d81e4cbb7a787 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Thu, 1 Dec 2016 10:47:29 +0200 Subject: gnu: nasm: Switch patch to phase. * gnu/packages/assembly.scm (nasm)[source]: Remove patch. [arguments]: Disable ps and pdf doc outputs in new phase. * gnu/packages/patches/nasm-no-ps-pdf.patch: Remove file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/assembly.scm | 20 ++++++++++++++------ gnu/packages/patches/nasm-no-ps-pdf.patch | 20 -------------------- 3 files changed, 14 insertions(+), 27 deletions(-) delete mode 100644 gnu/packages/patches/nasm-no-ps-pdf.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 219d82aa47..0f70a083b2 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -748,7 +748,6 @@ dist_patch_DATA = \ %D%/packages/patches/mupen64plus-ui-console-notice.patch \ %D%/packages/patches/musl-CVE-2016-8859.patch \ %D%/packages/patches/mutt-store-references.patch \ - %D%/packages/patches/nasm-no-ps-pdf.patch \ %D%/packages/patches/net-tools-bitrot.patch \ %D%/packages/patches/netcdf-config-date.patch \ %D%/packages/patches/netsurf-about.patch \ diff --git a/gnu/packages/assembly.scm b/gnu/packages/assembly.scm index a6e4abb70e..dd675ed019 100644 --- a/gnu/packages/assembly.scm +++ b/gnu/packages/assembly.scm @@ -41,17 +41,25 @@ version "/" name "-" version ".tar.xz")) (sha256 (base32 - "12bl6vc5sjp9nnhf0iwy6l27vq783y0rxrjpp8sy84h5cb7a3fwx")) - (patches (search-patches "nasm-no-ps-pdf.patch")))) + "12bl6vc5sjp9nnhf0iwy6l27vq783y0rxrjpp8sy84h5cb7a3fwx")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl) ;for doc and test target ("texinfo" ,texinfo))) (arguments `(#:test-target "test" - #:phases (modify-phases %standard-phases - (add-after 'install 'install-info - (lambda _ - (zero? (system* "make" "install_doc"))))))) + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'dont-build-ps-pdf-outputs + (lambda _ + (substitute* "doc/Makefile.in" + (("info html nasmdoc.txt nasmdoc.ps nasmdoc.pdf") + "info html nasmdoc.txt") + (("nasmdoc.ps nasmdoc.pdf nasmdoc.txt \\$\\(INSTALLROOT\\)\\$\\(docdir\\)") + "nasmdoc.txt $(INSTALLROOT)$(docdir)")) + #t)) + (add-after 'install 'install-info + (lambda _ + (zero? (system* "make" "install_doc"))))))) (home-page "http://www.nasm.us/") (synopsis "80x86 and x86-64 assembler") (description diff --git a/gnu/packages/patches/nasm-no-ps-pdf.patch b/gnu/packages/patches/nasm-no-ps-pdf.patch deleted file mode 100644 index b03b57a6ed..0000000000 --- a/gnu/packages/patches/nasm-no-ps-pdf.patch +++ /dev/null @@ -1,20 +0,0 @@ -Avoid building PS and PDF docs, which do not build bit-reproducible. NASM -already installs doc in info and html. - ---- nasm-2.12.01/doc/Makefile.in.orig 2016-06-21 18:02:59.483484829 +0200 -+++ nasm-2.12.01/doc/Makefile.in 2016-06-21 18:03:46.700151410 +0200 -@@ -27,7 +27,7 @@ - PS2PDF = @PS2PDF@ # Part of GhostScript - - SRCS = nasmdoc.src inslist.src changes.src --OUT = info html nasmdoc.txt nasmdoc.ps nasmdoc.pdf -+OUT = info html nasmdoc.txt - - # exports - export srcdir -@@ -100,4 +100,4 @@ - $(INSTALL_DATA) info/* $(INSTALLROOT)$(infodir) - mkdir -p $(INSTALLROOT)$(docdir)/html - $(INSTALL_DATA) html/* $(INSTALLROOT)$(docdir)/html -- $(INSTALL_DATA) nasmdoc.ps nasmdoc.pdf nasmdoc.txt $(INSTALLROOT)$(docdir) -+ $(INSTALL_DATA) nasmdoc.txt $(INSTALLROOT)$(docdir) -- cgit v1.2.3 From 1742132fb1bed2b9b97d4f25a3819a243845ce3a Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Thu, 1 Dec 2016 12:53:30 +0200 Subject: gnu: gst-plugins-good: Update to 1.10.2. * gnu/packages/gstreamer.scm (gst-plugins-good): Update to 1.10.2. [source]: Remove patches. * gnu/packages/patches/gst-plugins-good-fix-crashes.patch, gnu/packages/patches/gst-plugins-good-fix-invalid-read.patch, gnu/packages/patches/gst-plugins-good-fix-signedness.patch, gnu/packages/patches/gst-plugins-good-flic-bounds-check.patch: Remove files. * gnu/local.mk (dist_patch_DATA): Remove them. --- gnu/local.mk | 4 - gnu/packages/gstreamer.scm | 8 +- .../patches/gst-plugins-good-fix-crashes.patch | 1047 -------------------- .../gst-plugins-good-fix-invalid-read.patch | 37 - .../patches/gst-plugins-good-fix-signedness.patch | 58 -- .../gst-plugins-good-flic-bounds-check.patch | 319 ------ 6 files changed, 2 insertions(+), 1471 deletions(-) delete mode 100644 gnu/packages/patches/gst-plugins-good-fix-crashes.patch delete mode 100644 gnu/packages/patches/gst-plugins-good-fix-invalid-read.patch delete mode 100644 gnu/packages/patches/gst-plugins-good-fix-signedness.patch delete mode 100644 gnu/packages/patches/gst-plugins-good-flic-bounds-check.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 0f70a083b2..0d019f73db 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -593,10 +593,6 @@ dist_patch_DATA = \ %D%/packages/patches/grub-gets-undeclared.patch \ %D%/packages/patches/grub-freetype.patch \ %D%/packages/patches/gsl-test-i686.patch \ - %D%/packages/patches/gst-plugins-good-fix-crashes.patch \ - %D%/packages/patches/gst-plugins-good-fix-invalid-read.patch \ - %D%/packages/patches/gst-plugins-good-fix-signedness.patch \ - %D%/packages/patches/gst-plugins-good-flic-bounds-check.patch \ %D%/packages/patches/guile-1.8-cpp-4.5.patch \ %D%/packages/patches/guile-arm-fixes.patch \ %D%/packages/patches/guile-default-utf8.patch \ diff --git a/gnu/packages/gstreamer.scm b/gnu/packages/gstreamer.scm index 2b6f0e246a..faccf44956 100644 --- a/gnu/packages/gstreamer.scm +++ b/gnu/packages/gstreamer.scm @@ -201,20 +201,16 @@ for the GStreamer multimedia library.") (define-public gst-plugins-good (package (name "gst-plugins-good") - (version "1.10.1") + (version "1.10.2") (source (origin (method url-fetch) (uri (string-append "https://gstreamer.freedesktop.org/src/" name "/" name "-" version ".tar.xz")) - (patches (search-patches "gst-plugins-good-flic-bounds-check.patch" - "gst-plugins-good-fix-signedness.patch" - "gst-plugins-good-fix-invalid-read.patch" - "gst-plugins-good-fix-crashes.patch")) (sha256 (base32 - "1hkcap9l2603266gyi6jgvx7frbvfmb7xhfhjizbczy1wykjwr57")))) + "04rksbhjj2yz32g523cfabwqn2s3byd94dpbxghxr0p9ridk53qr")))) (build-system gnu-build-system) (inputs `(("aalib" ,aalib) diff --git a/gnu/packages/patches/gst-plugins-good-fix-crashes.patch b/gnu/packages/patches/gst-plugins-good-fix-crashes.patch deleted file mode 100644 index c36a595608..0000000000 --- a/gnu/packages/patches/gst-plugins-good-fix-crashes.patch +++ /dev/null @@ -1,1047 +0,0 @@ -Fixes upstream bug #774859 (flic decoder: Invalid memory read in -flx_decode_chunks): - -https://bugzilla.gnome.org/show_bug.cgi?id=774859 - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=be670f0daf67304fb92c76aa09c30cae0bfd1fe4 - -From be670f0daf67304fb92c76aa09c30cae0bfd1fe4 Mon Sep 17 00:00:00 2001 -From: Matthew Waters -Date: Wed, 23 Nov 2016 07:09:06 +1100 -Subject: [PATCH] flxdec: rewrite logic based on GstByteReader/Writer - -Solves overreading/writing the given arrays and will error out if the -streams asks to do that. - -Also does more error checking that the stream is valid and won't -overrun any allocated arrays. Also mitigate integer overflow errors -calculating allocation sizes. - -https://bugzilla.gnome.org/show_bug.cgi?id=774859 ---- - gst/flx/flx_color.c | 1 - - gst/flx/flx_fmt.h | 72 ------- - gst/flx/gstflxdec.c | 610 ++++++++++++++++++++++++++++++++++++---------------- - gst/flx/gstflxdec.h | 4 +- - 4 files changed, 427 insertions(+), 260 deletions(-) - -diff --git a/gst/flx/flx_color.c b/gst/flx/flx_color.c -index 047bfdf..3a58135 100644 ---- a/gst/flx/flx_color.c -+++ b/gst/flx/flx_color.c -@@ -101,7 +101,6 @@ flx_set_palette_vector (FlxColorSpaceConverter * flxpal, guint start, guint num, - } else { - memcpy (&flxpal->palvec[start * 3], newpal, grab * 3); - } -- - } - - void -diff --git a/gst/flx/flx_fmt.h b/gst/flx/flx_fmt.h -index 9ab31ba..abff200 100644 ---- a/gst/flx/flx_fmt.h -+++ b/gst/flx/flx_fmt.h -@@ -123,78 +123,6 @@ typedef struct _FlxFrameType - } FlxFrameType; - #define FlxFrameTypeSize 10 - --#if G_BYTE_ORDER == G_BIG_ENDIAN --#define LE_TO_BE_16(i16) ((guint16) (((i16) << 8) | ((i16) >> 8))) --#define LE_TO_BE_32(i32) \ -- (((guint32) (LE_TO_BE_16((guint16) (i32))) << 16) | (LE_TO_BE_16((i32) >> 16))) -- --#define FLX_FRAME_TYPE_FIX_ENDIANNESS(frm_type_p) \ -- do { \ -- (frm_type_p)->chunks = LE_TO_BE_16((frm_type_p)->chunks); \ -- (frm_type_p)->delay = LE_TO_BE_16((frm_type_p)->delay); \ -- } while(0) -- --#define FLX_HUFFMAN_TABLE_FIX_ENDIANNESS(hffmn_table_p) \ -- do { \ -- (hffmn_table_p)->codelength = \ -- LE_TO_BE_16((hffmn_table_p)->codelength); \ -- (hffmn_table_p)->numcodes = LE_TO_BE_16((hffmn_table_p)->numcodes); \ -- } while(0) -- --#define FLX_SEGMENT_TABLE_FIX_ENDIANNESS(sgmnt_table_p) \ -- ((sgmnt_table_p)->segments = LE_TO_BE_16((sgmnt_table_p)->segments)) -- --#define FLX_PREFIX_CHUNK_FIX_ENDIANNESS(prfx_chnk_p) \ -- do { \ -- (prfx_chnk_p)->chunks = LE_TO_BE_16((prfx_chnk_p)->chunks); \ -- } while(0) -- --#define FLX_FRAME_CHUNK_FIX_ENDIANNESS(frm_chnk_p) \ -- do { \ -- (frm_chnk_p)->size = LE_TO_BE_32((frm_chnk_p)->size); \ -- (frm_chnk_p)->id = LE_TO_BE_16((frm_chnk_p)->id); \ -- } while(0) -- --#define FLX_HDR_FIX_ENDIANNESS(hdr_p) \ -- do { \ -- (hdr_p)->size = LE_TO_BE_32((hdr_p)->size); \ -- (hdr_p)->type = LE_TO_BE_16((hdr_p)->type); \ -- (hdr_p)->frames = LE_TO_BE_16((hdr_p)->frames); \ -- (hdr_p)->width = LE_TO_BE_16((hdr_p)->width); \ -- (hdr_p)->height = LE_TO_BE_16((hdr_p)->height); \ -- (hdr_p)->depth = LE_TO_BE_16((hdr_p)->depth); \ -- (hdr_p)->flags = LE_TO_BE_16((hdr_p)->flags); \ -- (hdr_p)->speed = LE_TO_BE_32((hdr_p)->speed); \ -- (hdr_p)->reserved1 = LE_TO_BE_16((hdr_p)->reserved1); \ -- (hdr_p)->created = LE_TO_BE_32((hdr_p)->created); \ -- (hdr_p)->creator = LE_TO_BE_32((hdr_p)->creator); \ -- (hdr_p)->updated = LE_TO_BE_32((hdr_p)->updated); \ -- (hdr_p)->updater = LE_TO_BE_32((hdr_p)->updater); \ -- (hdr_p)->aspect_dx = LE_TO_BE_16((hdr_p)->aspect_dx); \ -- (hdr_p)->aspect_dy = LE_TO_BE_16((hdr_p)->aspect_dy); \ -- (hdr_p)->ext_flags = LE_TO_BE_16((hdr_p)->ext_flags); \ -- (hdr_p)->keyframes = LE_TO_BE_16((hdr_p)->keyframes); \ -- (hdr_p)->totalframes = LE_TO_BE_16((hdr_p)->totalframes); \ -- (hdr_p)->req_memory = LE_TO_BE_32((hdr_p)->req_memory); \ -- (hdr_p)->max_regions = LE_TO_BE_16((hdr_p)->max_regions); \ -- (hdr_p)->transp_num = LE_TO_BE_16((hdr_p)->transp_num); \ -- (hdr_p)->oframe1 = LE_TO_BE_32((hdr_p)->oframe1); \ -- (hdr_p)->oframe2 = LE_TO_BE_32((hdr_p)->oframe2); \ -- } while(0) --#else -- --#define LE_TO_BE_16(i16) ((i16)) --#define LE_TO_BE_32(i32) ((i32)) -- --#define FLX_FRAME_TYPE_FIX_ENDIANNESS(frm_type_p) --#define FLX_HUFFMAN_TABLE_FIX_ENDIANNESS(hffmn_table_p) --#define FLX_SEGMENT_TABLE_FIX_ENDIANNESS(sgmnt_table_p) --#define FLX_PREFIX_CHUNK_FIX_ENDIANNESS(prfx_chnk_p) --#define FLX_FRAME_CHUNK_FIX_ENDIANNESS(frm_chnk_p) --#define FLX_HDR_FIX_ENDIANNESS(hdr_p) -- --#endif /* G_BYTE_ORDER == G_BIG_ENDIAN */ -- - G_END_DECLS - - #endif /* __GST_FLX_FMT_H__ */ -diff --git a/gst/flx/gstflxdec.c b/gst/flx/gstflxdec.c -index a237976..aa1bed5 100644 ---- a/gst/flx/gstflxdec.c -+++ b/gst/flx/gstflxdec.c -@@ -1,5 +1,6 @@ - /* GStreamer - * Copyright (C) <1999> Erik Walthinsen -+ * Copyright (C) <2016> Matthew Waters - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public -@@ -24,6 +25,7 @@ - /* - * http://www.coolutils.com/Formats/FLI - * http://woodshole.er.usgs.gov/operations/modeling/flc.html -+ * http://www.compuphase.com/flic.htm - */ - - #ifdef HAVE_CONFIG_H -@@ -73,10 +75,14 @@ static GstStateChangeReturn gst_flxdec_change_state (GstElement * element, - static gboolean gst_flxdec_src_query_handler (GstPad * pad, GstObject * parent, - GstQuery * query); - --static void flx_decode_color (GstFlxDec *, guchar *, guchar *, gint); --static gboolean flx_decode_brun (GstFlxDec *, guchar *, guchar *); --static gboolean flx_decode_delta_fli (GstFlxDec *, guchar *, guchar *); --static gboolean flx_decode_delta_flc (GstFlxDec *, guchar *, guchar *); -+static gboolean flx_decode_color (GstFlxDec * flxdec, GstByteReader * reader, -+ GstByteWriter * writer, gint scale); -+static gboolean flx_decode_brun (GstFlxDec * flxdec, -+ GstByteReader * reader, GstByteWriter * writer); -+static gboolean flx_decode_delta_fli (GstFlxDec * flxdec, -+ GstByteReader * reader, GstByteWriter * writer); -+static gboolean flx_decode_delta_flc (GstFlxDec * flxdec, -+ GstByteReader * reader, GstByteWriter * writer); - - #define rndalign(off) ((off) + ((off) & 1)) - -@@ -204,57 +210,59 @@ gst_flxdec_sink_event_handler (GstPad * pad, GstObject * parent, - } - - static gboolean --flx_decode_chunks (GstFlxDec * flxdec, gulong count, guchar * data, -- guchar * dest) -+flx_decode_chunks (GstFlxDec * flxdec, gulong n_chunks, GstByteReader * reader, -+ GstByteWriter * writer) - { -- FlxFrameChunk *hdr; - gboolean ret = TRUE; - -- g_return_val_if_fail (data != NULL, FALSE); -- -- while (count--) { -- hdr = (FlxFrameChunk *) data; -- FLX_FRAME_CHUNK_FIX_ENDIANNESS (hdr); -- data += FlxFrameChunkSize; -+ while (n_chunks--) { -+ GstByteReader chunk; -+ guint32 size; -+ guint16 type; -+ -+ if (!gst_byte_reader_get_uint32_le (reader, &size)) -+ goto parse_error; -+ if (!gst_byte_reader_get_uint16_le (reader, &type)) -+ goto parse_error; -+ GST_LOG_OBJECT (flxdec, "chunk has type 0x%02x size %d", type, size); -+ -+ if (!gst_byte_reader_get_sub_reader (reader, &chunk, -+ size - FlxFrameChunkSize)) { -+ GST_ERROR_OBJECT (flxdec, "Incorrect size in the chunk header"); -+ goto error; -+ } - -- switch (hdr->id) { -+ switch (type) { - case FLX_COLOR64: -- flx_decode_color (flxdec, data, dest, 2); -- data += rndalign (hdr->size) - FlxFrameChunkSize; -+ ret = flx_decode_color (flxdec, &chunk, writer, 2); - break; - - case FLX_COLOR256: -- flx_decode_color (flxdec, data, dest, 0); -- data += rndalign (hdr->size) - FlxFrameChunkSize; -+ ret = flx_decode_color (flxdec, &chunk, writer, 0); - break; - - case FLX_BRUN: -- ret = flx_decode_brun (flxdec, data, dest); -- data += rndalign (hdr->size) - FlxFrameChunkSize; -+ ret = flx_decode_brun (flxdec, &chunk, writer); - break; - - case FLX_LC: -- ret = flx_decode_delta_fli (flxdec, data, dest); -- data += rndalign (hdr->size) - FlxFrameChunkSize; -+ ret = flx_decode_delta_fli (flxdec, &chunk, writer); - break; - - case FLX_SS2: -- ret = flx_decode_delta_flc (flxdec, data, dest); -- data += rndalign (hdr->size) - FlxFrameChunkSize; -+ ret = flx_decode_delta_flc (flxdec, &chunk, writer); - break; - - case FLX_BLACK: -- memset (dest, 0, flxdec->size); -+ ret = gst_byte_writer_fill (writer, 0, flxdec->size); - break; - - case FLX_MINI: -- data += rndalign (hdr->size) - FlxFrameChunkSize; - break; - - default: -- GST_WARNING ("Unimplented chunk type: 0x%02x size: %d - skipping", -- hdr->id, hdr->size); -- data += rndalign (hdr->size) - FlxFrameChunkSize; -+ GST_WARNING ("Unimplemented chunk type: 0x%02x size: %d - skipping", -+ type, size); - break; - } - -@@ -263,43 +271,60 @@ flx_decode_chunks (GstFlxDec * flxdec, gulong count, guchar * data, - } - - return ret; -+ -+parse_error: -+ GST_ERROR_OBJECT (flxdec, "Failed to decode chunk"); -+error: -+ return FALSE; - } - - --static void --flx_decode_color (GstFlxDec * flxdec, guchar * data, guchar * dest, gint scale) -+static gboolean -+flx_decode_color (GstFlxDec * flxdec, GstByteReader * reader, -+ GstByteWriter * writer, gint scale) - { -- guint packs, count, indx; -+ guint8 count, indx; -+ guint16 packs; - -- g_return_if_fail (flxdec != NULL); -- -- packs = (data[0] + (data[1] << 8)); -- -- data += 2; -+ if (!gst_byte_reader_get_uint16_le (reader, &packs)) -+ goto error; - indx = 0; - -- GST_LOG ("GstFlxDec: cmap packs: %d", packs); -+ GST_LOG ("GstFlxDec: cmap packs: %d", (guint) packs); - while (packs--) { -+ const guint8 *data; -+ guint16 actual_count; -+ - /* color map index + skip count */ -- indx += *data++; -+ if (!gst_byte_reader_get_uint8 (reader, &indx)) -+ goto error; - - /* number of rgb triplets */ -- count = *data++ & 0xff; -- if (count == 0) -- count = 256; -+ if (!gst_byte_reader_get_uint8 (reader, &count)) -+ goto error; - -- GST_LOG ("GstFlxDec: cmap count: %d (indx: %d)", count, indx); -- flx_set_palette_vector (flxdec->converter, indx, count, data, scale); -+ actual_count = count == 0 ? 256 : count; - -- data += (count * 3); -+ if (!gst_byte_reader_get_data (reader, count * 3, &data)) -+ goto error; -+ -+ GST_LOG_OBJECT (flxdec, "cmap count: %d (indx: %d)", actual_count, indx); -+ flx_set_palette_vector (flxdec->converter, indx, actual_count, -+ (guchar *) data, scale); - } -+ -+ return TRUE; -+ -+error: -+ GST_ERROR_OBJECT (flxdec, "Error decoding color palette"); -+ return FALSE; - } - - static gboolean --flx_decode_brun (GstFlxDec * flxdec, guchar * data, guchar * dest) -+flx_decode_brun (GstFlxDec * flxdec, GstByteReader * reader, -+ GstByteWriter * writer) - { -- gulong count, lines, row; -- guchar x; -+ gulong lines, row; - - g_return_val_if_fail (flxdec != NULL, FALSE); - -@@ -310,82 +335,125 @@ flx_decode_brun (GstFlxDec * flxdec, guchar * data, guchar * dest) - * contain more then 255 RLE packets. we use the frame - * width instead. - */ -- data++; -+ if (!gst_byte_reader_skip (reader, 1)) -+ goto error; - - row = flxdec->hdr.width; - while (row) { -- count = *data++; -+ gint8 count; -+ -+ if (!gst_byte_reader_get_int8 (reader, &count)) -+ goto error; -+ -+ if (count <= 0) { -+ const guint8 *data; - -- if (count > 0x7f) { - /* literal run */ -- count = 0x100 - count; -- if ((glong) row - (glong) count < 0) { -- GST_ERROR_OBJECT (flxdec, "Invalid BRUN packet detected."); -+ count = ABS (count); -+ -+ GST_LOG_OBJECT (flxdec, "have literal run of size %d", count); -+ -+ if (count > row) { -+ GST_ERROR_OBJECT (flxdec, "Invalid BRUN line detected. " -+ "bytes to write exceeds the end of the row"); - return FALSE; - } - row -= count; - -- while (count--) -- *dest++ = *data++; -- -+ if (!gst_byte_reader_get_data (reader, count, &data)) -+ goto error; -+ if (!gst_byte_writer_put_data (writer, data, count)) -+ goto error; - } else { -- if ((glong) row - (glong) count < 0) { -- GST_ERROR_OBJECT (flxdec, "Invalid BRUN packet detected."); -+ guint8 x; -+ -+ GST_LOG_OBJECT (flxdec, "have replicate run of size %d", count); -+ -+ if (count > row) { -+ GST_ERROR_OBJECT (flxdec, "Invalid BRUN packet detected." -+ "bytes to write exceeds the end of the row"); - return FALSE; - } - - /* replicate run */ - row -= count; -- x = *data++; - -- while (count--) -- *dest++ = x; -+ if (!gst_byte_reader_get_uint8 (reader, &x)) -+ goto error; -+ if (!gst_byte_writer_fill (writer, x, count)) -+ goto error; - } - } - } - - return TRUE; -+ -+error: -+ GST_ERROR_OBJECT (flxdec, "Failed to decode BRUN packet"); -+ return FALSE; - } - - static gboolean --flx_decode_delta_fli (GstFlxDec * flxdec, guchar * data, guchar * dest) -+flx_decode_delta_fli (GstFlxDec * flxdec, GstByteReader * reader, -+ GstByteWriter * writer) - { -- gulong count, packets, lines, start_line; -- guchar *start_p, x; -+ guint16 start_line, lines; -+ guint line_start_i; - - g_return_val_if_fail (flxdec != NULL, FALSE); - g_return_val_if_fail (flxdec->delta_data != NULL, FALSE); - - /* use last frame for delta */ -- memcpy (dest, flxdec->delta_data, flxdec->size); -+ if (!gst_byte_writer_put_data (writer, flxdec->delta_data, flxdec->size)) -+ goto error; -+ -+ if (!gst_byte_reader_get_uint16_le (reader, &start_line)) -+ goto error; -+ if (!gst_byte_reader_get_uint16_le (reader, &lines)) -+ goto error; -+ GST_LOG_OBJECT (flxdec, "height %d start line %d line count %d", -+ flxdec->hdr.height, start_line, lines); - -- start_line = (data[0] + (data[1] << 8)); -- lines = (data[2] + (data[3] << 8)); - if (start_line + lines > flxdec->hdr.height) { - GST_ERROR_OBJECT (flxdec, "Invalid FLI packet detected. too many lines."); - return FALSE; - } -- data += 4; - -- /* start position of delta */ -- dest += (flxdec->hdr.width * start_line); -- start_p = dest; -+ line_start_i = flxdec->hdr.width * start_line; -+ if (!gst_byte_writer_set_pos (writer, line_start_i)) -+ goto error; - - while (lines--) { -+ guint8 packets; -+ - /* packet count */ -- packets = *data++; -+ if (!gst_byte_reader_get_uint8 (reader, &packets)) -+ goto error; -+ GST_LOG_OBJECT (flxdec, "have %d packets", packets); - - while (packets--) { - /* skip count */ -- guchar skip = *data++; -- dest += skip; -+ guint8 skip; -+ gint8 count; -+ if (!gst_byte_reader_get_uint8 (reader, &skip)) -+ goto error; -+ -+ /* skip bytes */ -+ if (!gst_byte_writer_set_pos (writer, -+ gst_byte_writer_get_pos (writer) + skip)) -+ goto error; - - /* RLE count */ -- count = *data++; -+ if (!gst_byte_reader_get_int8 (reader, &count)) -+ goto error; -+ -+ if (count < 0) { -+ guint8 x; - -- if (count > 0x7f) { - /* literal run */ -- count = 0x100 - count; -+ count = ABS (count); -+ GST_LOG_OBJECT (flxdec, "have literal run of size %d at offset %d", -+ count, skip); - - if (skip + count > flxdec->hdr.width) { - GST_ERROR_OBJECT (flxdec, "Invalid FLI packet detected. " -@@ -393,11 +461,16 @@ flx_decode_delta_fli (GstFlxDec * flxdec, guchar * data, guchar * dest) - return FALSE; - } - -- x = *data++; -- while (count--) -- *dest++ = x; -- -+ if (!gst_byte_reader_get_uint8 (reader, &x)) -+ goto error; -+ if (!gst_byte_writer_fill (writer, x, count)) -+ goto error; - } else { -+ const guint8 *data; -+ -+ GST_LOG_OBJECT (flxdec, "have replicate run of size %d at offset %d", -+ count, skip); -+ - if (skip + count > flxdec->hdr.width) { - GST_ERROR_OBJECT (flxdec, "Invalid FLI packet detected. " - "line too long."); -@@ -405,45 +478,60 @@ flx_decode_delta_fli (GstFlxDec * flxdec, guchar * data, guchar * dest) - } - - /* replicate run */ -- while (count--) -- *dest++ = *data++; -+ if (!gst_byte_reader_get_data (reader, count, &data)) -+ goto error; -+ if (!gst_byte_writer_put_data (writer, data, count)) -+ goto error; - } - } -- start_p += flxdec->hdr.width; -- dest = start_p; -+ line_start_i += flxdec->hdr.width; -+ if (!gst_byte_writer_set_pos (writer, line_start_i)) -+ goto error; - } - - return TRUE; -+ -+error: -+ GST_ERROR_OBJECT (flxdec, "Failed to decode FLI packet"); -+ return FALSE; - } - - static gboolean --flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest) -+flx_decode_delta_flc (GstFlxDec * flxdec, GstByteReader * reader, -+ GstByteWriter * writer) - { -- gulong count, lines, start_l, opcode; -- guchar *start_p; -+ guint16 lines, start_l; - - g_return_val_if_fail (flxdec != NULL, FALSE); - g_return_val_if_fail (flxdec->delta_data != NULL, FALSE); - - /* use last frame for delta */ -- memcpy (dest, flxdec->delta_data, flxdec->size); -+ if (!gst_byte_writer_put_data (writer, flxdec->delta_data, flxdec->size)) -+ goto error; -+ if (!gst_byte_reader_get_uint16_le (reader, &lines)) -+ goto error; - -- lines = (data[0] + (data[1] << 8)); - if (lines > flxdec->hdr.height) { - GST_ERROR_OBJECT (flxdec, "Invalid FLC packet detected. too many lines."); - return FALSE; - } -- data += 2; - -- start_p = dest; - start_l = lines; - - while (lines) { -- dest = start_p + (flxdec->hdr.width * (start_l - lines)); -+ guint16 opcode; -+ -+ if (!gst_byte_writer_set_pos (writer, -+ flxdec->hdr.width * (start_l - lines))) -+ goto error; - - /* process opcode(s) */ -- while ((opcode = (data[0] + (data[1] << 8))) & 0xc000) { -- data += 2; -+ while (TRUE) { -+ if (!gst_byte_reader_get_uint16_le (reader, &opcode)) -+ goto error; -+ if ((opcode & 0xc000) == 0) -+ break; -+ - if ((opcode & 0xc000) == 0xc000) { - /* line skip count */ - gulong skip = (0x10000 - opcode); -@@ -453,27 +541,44 @@ flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest) - return FALSE; - } - start_l += skip; -- dest += flxdec->hdr.width * skip; -+ if (!gst_byte_writer_set_pos (writer, -+ gst_byte_writer_get_pos (writer) + flxdec->hdr.width * skip)) -+ goto error; - } else { - /* last pixel */ -- dest += flxdec->hdr.width; -- *dest++ = (opcode & 0xff); -+ if (!gst_byte_writer_set_pos (writer, -+ gst_byte_writer_get_pos (writer) + flxdec->hdr.width)) -+ goto error; -+ if (!gst_byte_writer_put_uint8 (writer, opcode & 0xff)) -+ goto error; - } - } -- data += 2; - - /* last opcode is the packet count */ -+ GST_LOG_OBJECT (flxdec, "have %d packets", opcode); - while (opcode--) { - /* skip count */ -- guchar skip = *data++; -- dest += skip; -+ guint8 skip; -+ gint8 count; -+ -+ if (!gst_byte_reader_get_uint8 (reader, &skip)) -+ goto error; -+ if (!gst_byte_writer_set_pos (writer, -+ gst_byte_writer_get_pos (writer) + skip)) -+ goto error; - - /* RLE count */ -- count = *data++; -+ if (!gst_byte_reader_get_int8 (reader, &count)) -+ goto error; -+ -+ if (count < 0) { -+ guint16 x; - -- if (count > 0x7f) { - /* replicate word run */ -- count = 0x100 - count; -+ count = ABS (count); -+ -+ GST_LOG_OBJECT (flxdec, "have replicate run of size %d at offset %d", -+ count, skip); - - if (skip + count > flxdec->hdr.width) { - GST_ERROR_OBJECT (flxdec, "Invalid FLC packet detected. " -@@ -481,22 +586,31 @@ flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest) - return FALSE; - } - -+ if (!gst_byte_reader_get_uint16_le (reader, &x)) -+ goto error; -+ - while (count--) { -- *dest++ = data[0]; -- *dest++ = data[1]; -+ if (!gst_byte_writer_put_uint16_le (writer, x)) { -+ goto error; -+ } - } -- data += 2; - } else { -+ GST_LOG_OBJECT (flxdec, "have literal run of size %d at offset %d", -+ count, skip); -+ - if (skip + count > flxdec->hdr.width) { - GST_ERROR_OBJECT (flxdec, "Invalid FLC packet detected. " - "line too long."); - return FALSE; - } - -- /* literal word run */ - while (count--) { -- *dest++ = *data++; -- *dest++ = *data++; -+ guint16 x; -+ -+ if (!gst_byte_reader_get_uint16_le (reader, &x)) -+ goto error; -+ if (!gst_byte_writer_put_uint16_le (writer, x)) -+ goto error; - } - } - } -@@ -504,13 +618,91 @@ flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest) - } - - return TRUE; -+ -+error: -+ GST_ERROR_OBJECT (flxdec, "Failed to decode FLI packet"); -+ return FALSE; -+} -+ -+static gboolean -+_read_flx_header (GstFlxDec * flxdec, GstByteReader * reader, FlxHeader * flxh) -+{ -+ memset (flxh, 0, sizeof (*flxh)); -+ -+ if (!gst_byte_reader_get_uint32_le (reader, &flxh->size)) -+ goto error; -+ if (flxh->size < FlxHeaderSize) { -+ GST_ERROR_OBJECT (flxdec, "Invalid file size in the header"); -+ return FALSE; -+ } -+ -+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->type)) -+ goto error; -+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->frames)) -+ goto error; -+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->width)) -+ goto error; -+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->height)) -+ goto error; -+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->depth)) -+ goto error; -+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->flags)) -+ goto error; -+ if (!gst_byte_reader_get_uint32_le (reader, &flxh->speed)) -+ goto error; -+ if (!gst_byte_reader_skip (reader, 2)) /* reserved */ -+ goto error; -+ /* FLC */ -+ if (!gst_byte_reader_get_uint32_le (reader, &flxh->created)) -+ goto error; -+ if (!gst_byte_reader_get_uint32_le (reader, &flxh->creator)) -+ goto error; -+ if (!gst_byte_reader_get_uint32_le (reader, &flxh->updated)) -+ goto error; -+ if (!gst_byte_reader_get_uint32_le (reader, &flxh->updater)) -+ goto error; -+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->aspect_dx)) -+ goto error; -+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->aspect_dy)) -+ goto error; -+ /* EGI */ -+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->ext_flags)) -+ goto error; -+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->keyframes)) -+ goto error; -+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->totalframes)) -+ goto error; -+ if (!gst_byte_reader_get_uint32_le (reader, &flxh->req_memory)) -+ goto error; -+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->max_regions)) -+ goto error; -+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->transp_num)) -+ goto error; -+ if (!gst_byte_reader_skip (reader, 24)) /* reserved */ -+ goto error; -+ /* FLC */ -+ if (!gst_byte_reader_get_uint32_le (reader, &flxh->oframe1)) -+ goto error; -+ if (!gst_byte_reader_get_uint32_le (reader, &flxh->oframe2)) -+ goto error; -+ if (!gst_byte_reader_skip (reader, 40)) /* reserved */ -+ goto error; -+ -+ return TRUE; -+ -+error: -+ GST_ERROR_OBJECT (flxdec, "Error reading file header"); -+ return FALSE; - } - - static GstFlowReturn - gst_flxdec_chain (GstPad * pad, GstObject * parent, GstBuffer * buf) - { -+ GstByteReader reader; -+ GstBuffer *input; -+ GstMapInfo map_info; - GstCaps *caps; -- guint avail; -+ guint available; - GstFlowReturn res = GST_FLOW_OK; - - GstFlxDec *flxdec; -@@ -521,31 +713,50 @@ gst_flxdec_chain (GstPad * pad, GstObject * parent, GstBuffer * buf) - g_return_val_if_fail (flxdec != NULL, GST_FLOW_ERROR); - - gst_adapter_push (flxdec->adapter, buf); -- avail = gst_adapter_available (flxdec->adapter); -+ available = gst_adapter_available (flxdec->adapter); -+ input = gst_adapter_get_buffer (flxdec->adapter, available); -+ if (!gst_buffer_map (input, &map_info, GST_MAP_READ)) { -+ GST_ELEMENT_ERROR (flxdec, STREAM, DECODE, -+ ("%s", "Failed to map buffer"), (NULL)); -+ goto error; -+ } -+ gst_byte_reader_init (&reader, map_info.data, map_info.size); - - if (flxdec->state == GST_FLXDEC_READ_HEADER) { -- if (avail >= FlxHeaderSize) { -- const guint8 *data = gst_adapter_map (flxdec->adapter, FlxHeaderSize); -+ if (available >= FlxHeaderSize) { -+ GstByteReader header; - GstCaps *templ; - -- memcpy ((gchar *) & flxdec->hdr, data, FlxHeaderSize); -- FLX_HDR_FIX_ENDIANNESS (&(flxdec->hdr)); -- gst_adapter_unmap (flxdec->adapter); -+ if (!gst_byte_reader_get_sub_reader (&reader, &header, FlxHeaderSize)) { -+ GST_ELEMENT_ERROR (flxdec, STREAM, DECODE, -+ ("%s", "Could not read header"), (NULL)); -+ goto unmap_input_error; -+ } - gst_adapter_flush (flxdec->adapter, FlxHeaderSize); -+ available -= FlxHeaderSize; -+ -+ if (!_read_flx_header (flxdec, &header, &flxdec->hdr)) { -+ GST_ELEMENT_ERROR (flxdec, STREAM, DECODE, -+ ("%s", "Failed to parse header"), (NULL)); -+ goto unmap_input_error; -+ } - - flxh = &flxdec->hdr; - - /* check header */ - if (flxh->type != FLX_MAGICHDR_FLI && -- flxh->type != FLX_MAGICHDR_FLC && flxh->type != FLX_MAGICHDR_FLX) -- goto wrong_type; -+ flxh->type != FLX_MAGICHDR_FLC && flxh->type != FLX_MAGICHDR_FLX) { -+ GST_ELEMENT_ERROR (flxdec, STREAM, WRONG_TYPE, (NULL), -+ ("not a flx file (type %x)", flxh->type)); -+ goto unmap_input_error; -+ } - -- GST_LOG ("size : %d", flxh->size); -- GST_LOG ("frames : %d", flxh->frames); -- GST_LOG ("width : %d", flxh->width); -- GST_LOG ("height : %d", flxh->height); -- GST_LOG ("depth : %d", flxh->depth); -- GST_LOG ("speed : %d", flxh->speed); -+ GST_INFO_OBJECT (flxdec, "size : %d", flxh->size); -+ GST_INFO_OBJECT (flxdec, "frames : %d", flxh->frames); -+ GST_INFO_OBJECT (flxdec, "width : %d", flxh->width); -+ GST_INFO_OBJECT (flxdec, "height : %d", flxh->height); -+ GST_INFO_OBJECT (flxdec, "depth : %d", flxh->depth); -+ GST_INFO_OBJECT (flxdec, "speed : %d", flxh->speed); - - flxdec->next_time = 0; - -@@ -573,18 +784,32 @@ gst_flxdec_chain (GstPad * pad, GstObject * parent, GstBuffer * buf) - gst_pad_set_caps (flxdec->srcpad, caps); - gst_caps_unref (caps); - -- if (flxh->depth <= 8) -- flxdec->converter = -- flx_colorspace_converter_new (flxh->width, flxh->height); -+ /* zero means 8 */ -+ if (flxh->depth == 0) -+ flxh->depth = 8; -+ -+ if (flxh->depth != 8) { -+ GST_ELEMENT_ERROR (flxdec, STREAM, WRONG_TYPE, -+ ("%s", "Don't know how to decode non 8 bit depth streams"), (NULL)); -+ goto unmap_input_error; -+ } -+ -+ flxdec->converter = -+ flx_colorspace_converter_new (flxh->width, flxh->height); - - if (flxh->type == FLX_MAGICHDR_FLC || flxh->type == FLX_MAGICHDR_FLX) { -- GST_LOG ("(FLC) aspect_dx : %d", flxh->aspect_dx); -- GST_LOG ("(FLC) aspect_dy : %d", flxh->aspect_dy); -- GST_LOG ("(FLC) oframe1 : 0x%08x", flxh->oframe1); -- GST_LOG ("(FLC) oframe2 : 0x%08x", flxh->oframe2); -+ GST_INFO_OBJECT (flxdec, "(FLC) aspect_dx : %d", flxh->aspect_dx); -+ GST_INFO_OBJECT (flxdec, "(FLC) aspect_dy : %d", flxh->aspect_dy); -+ GST_INFO_OBJECT (flxdec, "(FLC) oframe1 : 0x%08x", flxh->oframe1); -+ GST_INFO_OBJECT (flxdec, "(FLC) oframe2 : 0x%08x", flxh->oframe2); - } - - flxdec->size = ((guint) flxh->width * (guint) flxh->height); -+ if (flxdec->size >= G_MAXSIZE / 4) { -+ GST_ELEMENT_ERROR (flxdec, STREAM, DECODE, -+ ("%s", "Cannot allocate required memory"), (NULL)); -+ goto unmap_input_error; -+ } - - /* create delta and output frame */ - flxdec->frame_data = g_malloc (flxdec->size); -@@ -596,55 +821,66 @@ gst_flxdec_chain (GstPad * pad, GstObject * parent, GstBuffer * buf) - GstBuffer *out; - - /* while we have enough data in the adapter */ -- while (avail >= FlxFrameChunkSize && res == GST_FLOW_OK) { -- FlxFrameChunk flxfh; -- guchar *chunk; -- const guint8 *data; -- GstMapInfo map; -- -- chunk = NULL; -- data = gst_adapter_map (flxdec->adapter, FlxFrameChunkSize); -- memcpy (&flxfh, data, FlxFrameChunkSize); -- FLX_FRAME_CHUNK_FIX_ENDIANNESS (&flxfh); -- gst_adapter_unmap (flxdec->adapter); -- -- switch (flxfh.id) { -- case FLX_FRAME_TYPE: -- /* check if we have the complete frame */ -- if (avail < flxfh.size) -- goto need_more_data; -- -- /* flush header */ -- gst_adapter_flush (flxdec->adapter, FlxFrameChunkSize); -- -- chunk = gst_adapter_take (flxdec->adapter, -- flxfh.size - FlxFrameChunkSize); -- FLX_FRAME_TYPE_FIX_ENDIANNESS ((FlxFrameType *) chunk); -- if (((FlxFrameType *) chunk)->chunks == 0) -- break; -+ while (available >= FlxFrameChunkSize && res == GST_FLOW_OK) { -+ guint32 size; -+ guint16 type; - -- /* create 32 bits output frame */ --// res = gst_pad_alloc_buffer_and_set_caps (flxdec->srcpad, --// GST_BUFFER_OFFSET_NONE, --// flxdec->size * 4, GST_PAD_CAPS (flxdec->srcpad), &out); --// if (res != GST_FLOW_OK) --// break; -+ if (!gst_byte_reader_get_uint32_le (&reader, &size)) -+ goto parse_error; -+ if (available < size) -+ goto need_more_data; - -- out = gst_buffer_new_and_alloc (flxdec->size * 4); -+ available -= size; -+ gst_adapter_flush (flxdec->adapter, size); -+ -+ if (!gst_byte_reader_get_uint16_le (&reader, &type)) -+ goto parse_error; -+ -+ switch (type) { -+ case FLX_FRAME_TYPE:{ -+ GstByteReader chunks; -+ GstByteWriter writer; -+ guint16 n_chunks; -+ GstMapInfo map; -+ -+ GST_LOG_OBJECT (flxdec, "Have frame type 0x%02x of size %d", type, -+ size); -+ -+ if (!gst_byte_reader_get_sub_reader (&reader, &chunks, -+ size - FlxFrameChunkSize)) -+ goto parse_error; -+ -+ if (!gst_byte_reader_get_uint16_le (&chunks, &n_chunks)) -+ goto parse_error; -+ GST_LOG_OBJECT (flxdec, "Have %d chunks", n_chunks); -+ -+ if (n_chunks == 0) -+ break; -+ if (!gst_byte_reader_skip (&chunks, 8)) /* reserved */ -+ goto parse_error; -+ -+ gst_byte_writer_init_with_data (&writer, flxdec->frame_data, -+ flxdec->size, TRUE); - - /* decode chunks */ -- if (!flx_decode_chunks (flxdec, -- ((FlxFrameType *) chunk)->chunks, -- chunk + FlxFrameTypeSize, flxdec->frame_data)) { -+ if (!flx_decode_chunks (flxdec, n_chunks, &chunks, &writer)) { - GST_ELEMENT_ERROR (flxdec, STREAM, DECODE, - ("%s", "Could not decode chunk"), NULL); -- return GST_FLOW_ERROR; -+ goto unmap_input_error; - } -+ gst_byte_writer_reset (&writer); - - /* save copy of the current frame for possible delta. */ - memcpy (flxdec->delta_data, flxdec->frame_data, flxdec->size); - -- gst_buffer_map (out, &map, GST_MAP_WRITE); -+ out = gst_buffer_new_and_alloc (flxdec->size * 4); -+ if (!gst_buffer_map (out, &map, GST_MAP_WRITE)) { -+ GST_ELEMENT_ERROR (flxdec, STREAM, DECODE, -+ ("%s", "Could not map output buffer"), NULL); -+ gst_buffer_unref (out); -+ goto unmap_input_error; -+ } -+ - /* convert current frame. */ - flx_colorspace_convert (flxdec->converter, flxdec->frame_data, - map.data); -@@ -655,30 +891,32 @@ gst_flxdec_chain (GstPad * pad, GstObject * parent, GstBuffer * buf) - - res = gst_pad_push (flxdec->srcpad, out); - break; -+ } - default: -- /* check if we have the complete frame */ -- if (avail < flxfh.size) -- goto need_more_data; -- -- gst_adapter_flush (flxdec->adapter, flxfh.size); -+ GST_DEBUG_OBJECT (flxdec, "Unknown frame type 0x%02x, skipping %d", -+ type, size); -+ if (!gst_byte_reader_skip (&reader, size - FlxFrameChunkSize)) -+ goto parse_error; - break; - } -- -- g_free (chunk); -- -- avail = gst_adapter_available (flxdec->adapter); - } - } -+ -+ gst_buffer_unmap (input, &map_info); -+ gst_buffer_unref (input); -+ - need_more_data: - return res; - - /* ERRORS */ --wrong_type: -- { -- GST_ELEMENT_ERROR (flxdec, STREAM, WRONG_TYPE, (NULL), -- ("not a flx file (type %x)", flxh->type)); -- return GST_FLOW_ERROR; -- } -+parse_error: -+ GST_ELEMENT_ERROR (flxdec, STREAM, DECODE, -+ ("%s", "Failed to parse stream"), (NULL)); -+unmap_input_error: -+ gst_buffer_unmap (input, &map_info); -+ gst_buffer_unref (input); -+error: -+ return GST_FLOW_ERROR; - } - - static GstStateChangeReturn -diff --git a/gst/flx/gstflxdec.h b/gst/flx/gstflxdec.h -index 3f9a0aa..4fd8dfd 100644 ---- a/gst/flx/gstflxdec.h -+++ b/gst/flx/gstflxdec.h -@@ -23,6 +23,8 @@ - #include - - #include -+#include -+#include - #include "flx_color.h" - - G_BEGIN_DECLS -@@ -45,7 +47,7 @@ struct _GstFlxDec { - - guint8 *delta_data, *frame_data; - GstAdapter *adapter; -- gulong size; -+ gsize size; - GstFlxDecState state; - gint64 frame_time; - gint64 next_time; --- -2.10.2 - diff --git a/gnu/packages/patches/gst-plugins-good-fix-invalid-read.patch b/gnu/packages/patches/gst-plugins-good-fix-invalid-read.patch deleted file mode 100644 index 1daaa2ae15..0000000000 --- a/gnu/packages/patches/gst-plugins-good-fix-invalid-read.patch +++ /dev/null @@ -1,37 +0,0 @@ -Fixes upstream bug #774897 (flxdec: Unreferences itself one time too many on -invalid files): - -https://bugzilla.gnome.org/show_bug.cgi?id=774897 - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=b31c504645a814c59d91d49e4fe218acaf93f4ca - -From b31c504645a814c59d91d49e4fe218acaf93f4ca Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= -Date: Wed, 23 Nov 2016 11:20:49 +0200 -Subject: [PATCH] flxdec: Don't unref() parent in the chain function - -We don't own the reference here, it is owned by the caller and given to -us for the scope of this function. Leftover mistake from 0.10 porting. - -https://bugzilla.gnome.org/show_bug.cgi?id=774897 ---- - gst/flx/gstflxdec.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/gst/flx/gstflxdec.c b/gst/flx/gstflxdec.c -index e675c99..a237976 100644 ---- a/gst/flx/gstflxdec.c -+++ b/gst/flx/gstflxdec.c -@@ -677,7 +677,6 @@ wrong_type: - { - GST_ELEMENT_ERROR (flxdec, STREAM, WRONG_TYPE, (NULL), - ("not a flx file (type %x)", flxh->type)); -- gst_object_unref (flxdec); - return GST_FLOW_ERROR; - } - } --- -2.10.2 - diff --git a/gnu/packages/patches/gst-plugins-good-fix-signedness.patch b/gnu/packages/patches/gst-plugins-good-fix-signedness.patch deleted file mode 100644 index a3e20e19dd..0000000000 --- a/gnu/packages/patches/gst-plugins-good-fix-signedness.patch +++ /dev/null @@ -1,58 +0,0 @@ -This is a followup fix for upstream bug #774834 (flic decoder: Buffer overflow -in flx_decode_delta_fli): - -https://bugzilla.gnome.org/show_bug.cgi?id=774834#c2 - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=1ab2b26193861b124426e2f8eb62b75b59ec5488 - -From 1ab2b26193861b124426e2f8eb62b75b59ec5488 Mon Sep 17 00:00:00 2001 -From: Matthew Waters -Date: Tue, 22 Nov 2016 23:46:00 +1100 -Subject: [PATCH] flxdec: fix some warnings comparing unsigned < 0 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -bf43f44fcfada5ec4a3ce60cb374340486fe9fac was comparing an unsigned -expression to be < 0 which was always false. - -gstflxdec.c: In function ‘flx_decode_brun’: -gstflxdec.c:322:33: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits] - if ((glong) row - count < 0) { - ^ -gstflxdec.c:332:33: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits] - if ((glong) row - count < 0) { - ^ - -https://bugzilla.gnome.org/show_bug.cgi?id=774834 ---- - gst/flx/gstflxdec.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/gst/flx/gstflxdec.c b/gst/flx/gstflxdec.c -index d51a8e6..e675c99 100644 ---- a/gst/flx/gstflxdec.c -+++ b/gst/flx/gstflxdec.c -@@ -319,7 +319,7 @@ flx_decode_brun (GstFlxDec * flxdec, guchar * data, guchar * dest) - if (count > 0x7f) { - /* literal run */ - count = 0x100 - count; -- if ((glong) row - count < 0) { -+ if ((glong) row - (glong) count < 0) { - GST_ERROR_OBJECT (flxdec, "Invalid BRUN packet detected."); - return FALSE; - } -@@ -329,7 +329,7 @@ flx_decode_brun (GstFlxDec * flxdec, guchar * data, guchar * dest) - *dest++ = *data++; - - } else { -- if ((glong) row - count < 0) { -+ if ((glong) row - (glong) count < 0) { - GST_ERROR_OBJECT (flxdec, "Invalid BRUN packet detected."); - return FALSE; - } --- -2.10.2 - diff --git a/gnu/packages/patches/gst-plugins-good-flic-bounds-check.patch b/gnu/packages/patches/gst-plugins-good-flic-bounds-check.patch deleted file mode 100644 index f77dca2cd6..0000000000 --- a/gnu/packages/patches/gst-plugins-good-flic-bounds-check.patch +++ /dev/null @@ -1,319 +0,0 @@ -Fix CVE-2016-{9634,9635,9636}. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9634 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9635 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9636 - -This fixes upstream bug #774834 (flic decoder: Buffer overflow in -flx_decode_delta_fli): - -https://bugzilla.gnome.org/show_bug.cgi?id=774834 - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=2e203a79b7d9af4029307c1a845b3c148d5f5e62 - -From 2e203a79b7d9af4029307c1a845b3c148d5f5e62 Mon Sep 17 00:00:00 2001 -From: Matthew Waters -Date: Tue, 22 Nov 2016 19:05:00 +1100 -Subject: [PATCH] flxdec: add some write bounds checking - -Without checking the bounds of the frame we are writing into, we can -write off the end of the destination buffer. - -https://scarybeastsecurity.blogspot.dk/2016/11/0day-exploit-advancing-exploitation.html - -https://bugzilla.gnome.org/show_bug.cgi?id=774834 ---- - gst/flx/gstflxdec.c | 116 +++++++++++++++++++++++++++++++++++++++++----------- - 1 file changed, 91 insertions(+), 25 deletions(-) - -diff --git a/gst/flx/gstflxdec.c b/gst/flx/gstflxdec.c -index 604be2f..d51a8e6 100644 ---- a/gst/flx/gstflxdec.c -+++ b/gst/flx/gstflxdec.c -@@ -74,9 +74,9 @@ static gboolean gst_flxdec_src_query_handler (GstPad * pad, GstObject * parent, - GstQuery * query); - - static void flx_decode_color (GstFlxDec *, guchar *, guchar *, gint); --static void flx_decode_brun (GstFlxDec *, guchar *, guchar *); --static void flx_decode_delta_fli (GstFlxDec *, guchar *, guchar *); --static void flx_decode_delta_flc (GstFlxDec *, guchar *, guchar *); -+static gboolean flx_decode_brun (GstFlxDec *, guchar *, guchar *); -+static gboolean flx_decode_delta_fli (GstFlxDec *, guchar *, guchar *); -+static gboolean flx_decode_delta_flc (GstFlxDec *, guchar *, guchar *); - - #define rndalign(off) ((off) + ((off) & 1)) - -@@ -203,13 +203,14 @@ gst_flxdec_sink_event_handler (GstPad * pad, GstObject * parent, - return ret; - } - --static void -+static gboolean - flx_decode_chunks (GstFlxDec * flxdec, gulong count, guchar * data, - guchar * dest) - { - FlxFrameChunk *hdr; -+ gboolean ret = TRUE; - -- g_return_if_fail (data != NULL); -+ g_return_val_if_fail (data != NULL, FALSE); - - while (count--) { - hdr = (FlxFrameChunk *) data; -@@ -228,17 +229,17 @@ flx_decode_chunks (GstFlxDec * flxdec, gulong count, guchar * data, - break; - - case FLX_BRUN: -- flx_decode_brun (flxdec, data, dest); -+ ret = flx_decode_brun (flxdec, data, dest); - data += rndalign (hdr->size) - FlxFrameChunkSize; - break; - - case FLX_LC: -- flx_decode_delta_fli (flxdec, data, dest); -+ ret = flx_decode_delta_fli (flxdec, data, dest); - data += rndalign (hdr->size) - FlxFrameChunkSize; - break; - - case FLX_SS2: -- flx_decode_delta_flc (flxdec, data, dest); -+ ret = flx_decode_delta_flc (flxdec, data, dest); - data += rndalign (hdr->size) - FlxFrameChunkSize; - break; - -@@ -256,7 +257,12 @@ flx_decode_chunks (GstFlxDec * flxdec, gulong count, guchar * data, - data += rndalign (hdr->size) - FlxFrameChunkSize; - break; - } -+ -+ if (!ret) -+ break; - } -+ -+ return ret; - } - - -@@ -289,13 +295,13 @@ flx_decode_color (GstFlxDec * flxdec, guchar * data, guchar * dest, gint scale) - } - } - --static void -+static gboolean - flx_decode_brun (GstFlxDec * flxdec, guchar * data, guchar * dest) - { - gulong count, lines, row; - guchar x; - -- g_return_if_fail (flxdec != NULL); -+ g_return_val_if_fail (flxdec != NULL, FALSE); - - lines = flxdec->hdr.height; - while (lines--) { -@@ -313,12 +319,21 @@ flx_decode_brun (GstFlxDec * flxdec, guchar * data, guchar * dest) - if (count > 0x7f) { - /* literal run */ - count = 0x100 - count; -+ if ((glong) row - count < 0) { -+ GST_ERROR_OBJECT (flxdec, "Invalid BRUN packet detected."); -+ return FALSE; -+ } - row -= count; - - while (count--) - *dest++ = *data++; - - } else { -+ if ((glong) row - count < 0) { -+ GST_ERROR_OBJECT (flxdec, "Invalid BRUN packet detected."); -+ return FALSE; -+ } -+ - /* replicate run */ - row -= count; - x = *data++; -@@ -328,22 +343,28 @@ flx_decode_brun (GstFlxDec * flxdec, guchar * data, guchar * dest) - } - } - } -+ -+ return TRUE; - } - --static void -+static gboolean - flx_decode_delta_fli (GstFlxDec * flxdec, guchar * data, guchar * dest) - { - gulong count, packets, lines, start_line; - guchar *start_p, x; - -- g_return_if_fail (flxdec != NULL); -- g_return_if_fail (flxdec->delta_data != NULL); -+ g_return_val_if_fail (flxdec != NULL, FALSE); -+ g_return_val_if_fail (flxdec->delta_data != NULL, FALSE); - - /* use last frame for delta */ - memcpy (dest, flxdec->delta_data, flxdec->size); - - start_line = (data[0] + (data[1] << 8)); - lines = (data[2] + (data[3] << 8)); -+ if (start_line + lines > flxdec->hdr.height) { -+ GST_ERROR_OBJECT (flxdec, "Invalid FLI packet detected. too many lines."); -+ return FALSE; -+ } - data += 4; - - /* start position of delta */ -@@ -356,7 +377,8 @@ flx_decode_delta_fli (GstFlxDec * flxdec, guchar * data, guchar * dest) - - while (packets--) { - /* skip count */ -- dest += *data++; -+ guchar skip = *data++; -+ dest += skip; - - /* RLE count */ - count = *data++; -@@ -364,12 +386,24 @@ flx_decode_delta_fli (GstFlxDec * flxdec, guchar * data, guchar * dest) - if (count > 0x7f) { - /* literal run */ - count = 0x100 - count; -- x = *data++; - -+ if (skip + count > flxdec->hdr.width) { -+ GST_ERROR_OBJECT (flxdec, "Invalid FLI packet detected. " -+ "line too long."); -+ return FALSE; -+ } -+ -+ x = *data++; - while (count--) - *dest++ = x; - - } else { -+ if (skip + count > flxdec->hdr.width) { -+ GST_ERROR_OBJECT (flxdec, "Invalid FLI packet detected. " -+ "line too long."); -+ return FALSE; -+ } -+ - /* replicate run */ - while (count--) - *dest++ = *data++; -@@ -378,21 +412,27 @@ flx_decode_delta_fli (GstFlxDec * flxdec, guchar * data, guchar * dest) - start_p += flxdec->hdr.width; - dest = start_p; - } -+ -+ return TRUE; - } - --static void -+static gboolean - flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest) - { - gulong count, lines, start_l, opcode; - guchar *start_p; - -- g_return_if_fail (flxdec != NULL); -- g_return_if_fail (flxdec->delta_data != NULL); -+ g_return_val_if_fail (flxdec != NULL, FALSE); -+ g_return_val_if_fail (flxdec->delta_data != NULL, FALSE); - - /* use last frame for delta */ - memcpy (dest, flxdec->delta_data, flxdec->size); - - lines = (data[0] + (data[1] << 8)); -+ if (lines > flxdec->hdr.height) { -+ GST_ERROR_OBJECT (flxdec, "Invalid FLC packet detected. too many lines."); -+ return FALSE; -+ } - data += 2; - - start_p = dest; -@@ -405,9 +445,15 @@ flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest) - while ((opcode = (data[0] + (data[1] << 8))) & 0xc000) { - data += 2; - if ((opcode & 0xc000) == 0xc000) { -- /* skip count */ -- start_l += (0x10000 - opcode); -- dest += flxdec->hdr.width * (0x10000 - opcode); -+ /* line skip count */ -+ gulong skip = (0x10000 - opcode); -+ if (skip > flxdec->hdr.height) { -+ GST_ERROR_OBJECT (flxdec, "Invalid FLC packet detected. " -+ "skip line count too big."); -+ return FALSE; -+ } -+ start_l += skip; -+ dest += flxdec->hdr.width * skip; - } else { - /* last pixel */ - dest += flxdec->hdr.width; -@@ -419,7 +465,8 @@ flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest) - /* last opcode is the packet count */ - while (opcode--) { - /* skip count */ -- dest += *data++; -+ guchar skip = *data++; -+ dest += skip; - - /* RLE count */ - count = *data++; -@@ -427,12 +474,25 @@ flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest) - if (count > 0x7f) { - /* replicate word run */ - count = 0x100 - count; -+ -+ if (skip + count > flxdec->hdr.width) { -+ GST_ERROR_OBJECT (flxdec, "Invalid FLC packet detected. " -+ "line too long."); -+ return FALSE; -+ } -+ - while (count--) { - *dest++ = data[0]; - *dest++ = data[1]; - } - data += 2; - } else { -+ if (skip + count > flxdec->hdr.width) { -+ GST_ERROR_OBJECT (flxdec, "Invalid FLC packet detected. " -+ "line too long."); -+ return FALSE; -+ } -+ - /* literal word run */ - while (count--) { - *dest++ = *data++; -@@ -442,6 +502,8 @@ flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest) - } - lines--; - } -+ -+ return TRUE; - } - - static GstFlowReturn -@@ -571,9 +633,13 @@ gst_flxdec_chain (GstPad * pad, GstObject * parent, GstBuffer * buf) - out = gst_buffer_new_and_alloc (flxdec->size * 4); - - /* decode chunks */ -- flx_decode_chunks (flxdec, -- ((FlxFrameType *) chunk)->chunks, -- chunk + FlxFrameTypeSize, flxdec->frame_data); -+ if (!flx_decode_chunks (flxdec, -+ ((FlxFrameType *) chunk)->chunks, -+ chunk + FlxFrameTypeSize, flxdec->frame_data)) { -+ GST_ELEMENT_ERROR (flxdec, STREAM, DECODE, -+ ("%s", "Could not decode chunk"), NULL); -+ return GST_FLOW_ERROR; -+ } - - /* save copy of the current frame for possible delta. */ - memcpy (flxdec->delta_data, flxdec->frame_data, flxdec->size); --- -2.10.2 - -- cgit v1.2.3 From a4b0bfb1952a33b04cf2f2282633e7b342c16fb8 Mon Sep 17 00:00:00 2001 From: Eric Bavier Date: Wed, 30 Nov 2016 21:26:01 -0600 Subject: gnu: netcdf: Upgrade to 4.4.1.1. * gnu/packages/maths.scm (netcdf, netcdf-parallel-openmpi): Upgrade to 4.4.1.1. [source]: Adjust patch name, add netcdf-tst_h_par.patch * gnu/packages/patches/netcdf-config.date.patch: Rename to... * gnu/packages/patches/netcdf-date-time.patch: ...this. Adjust for latest source. * gnu/packages/patches/netcdf-tst_h_par.patch: New patch. * gnu/local.mk (dist_patch_DATA): Adjust patches. --- gnu/local.mk | 3 +- gnu/packages/maths.scm | 7 ++-- gnu/packages/patches/netcdf-config-date.patch | 47 --------------------------- gnu/packages/patches/netcdf-date-time.patch | 11 +++++++ gnu/packages/patches/netcdf-tst_h_par.patch | 21 ++++++++++++ 5 files changed, 38 insertions(+), 51 deletions(-) delete mode 100644 gnu/packages/patches/netcdf-config-date.patch create mode 100644 gnu/packages/patches/netcdf-date-time.patch create mode 100644 gnu/packages/patches/netcdf-tst_h_par.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 0d019f73db..6f128ed913 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -745,7 +745,8 @@ dist_patch_DATA = \ %D%/packages/patches/musl-CVE-2016-8859.patch \ %D%/packages/patches/mutt-store-references.patch \ %D%/packages/patches/net-tools-bitrot.patch \ - %D%/packages/patches/netcdf-config-date.patch \ + %D%/packages/patches/netcdf-date-time.patch \ + %D%/packages/patches/netcdf-tst_h_par.patch \ %D%/packages/patches/netsurf-about.patch \ %D%/packages/patches/ngircd-handle-zombies.patch \ %D%/packages/patches/ngircd-no-dns-in-tests.patch \ diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm index 0ee573527a..fc98eae4f7 100644 --- a/gnu/packages/maths.scm +++ b/gnu/packages/maths.scm @@ -714,7 +714,7 @@ HDF5 file is encoded according to the HDF File Format Specification.") (define-public netcdf (package (name "netcdf") - (version "4.4.0") + (version "4.4.1.1") (source (origin (method url-fetch) @@ -722,8 +722,9 @@ HDF5 file is encoded according to the HDF File Format Specification.") "netcdf-" version ".tar.gz")) (sha256 (base32 - "0y6gdcplarwqqnrav2xg1xd6ih732rzzbmdw78v3rl5b8mwcnh0d")) - (patches (list (search-patch "netcdf-config-date.patch"))))) + "1blc7ik5yin7i0ls2kag0a9xjk12m0dzx6v1x88az3ras3scci2d")) + (patches (search-patches "netcdf-date-time.patch" + "netcdf-tst_h_par.patch")))) (build-system gnu-build-system) (native-inputs `(("m4" ,m4) diff --git a/gnu/packages/patches/netcdf-config-date.patch b/gnu/packages/patches/netcdf-config-date.patch deleted file mode 100644 index 5054612e95..0000000000 --- a/gnu/packages/patches/netcdf-config-date.patch +++ /dev/null @@ -1,47 +0,0 @@ -Honor SOURCE_DATE_EPOCH when exporting configuration date. -Autoconf-level patch submitted upstream on Fri Apr 15 23:07:42 UTC 2016 - ---- a/configure -+++ b/configure -@@ -2866,7 +2866,17 @@ - - - # Configuration Date -- CONFIG_DATE="`date`" -+ CONFIG_DATE="`date -u`" -+if test -n "$SOURCE_DATE_EPOCH"; then -+ CONFIG_DATE=`date -u -d "@$SOURCE_DATE_EPOCH" 2>/dev/null \ -+ || date -u -r "$SOURCE_DATE_EPOCH" 2>/dev/null` -+ if test -z "$CONFIG_DATE"; then -+ as_fn_error $? "malformed SOURCE_DATE_EPOCH" "$LINENO" 5 -+ fi -+fi -+cat >>confdefs.h <<_ACEOF -+#define CONFIG_DATE "$CONFIG_DATE" -+_ACEOF - - # Find out about the host we're building on. - ac_aux_dir= ---- a/libdispatch/derror.c -+++ b/libdispatch/derror.c -@@ -13,7 +13,7 @@ - #endif - - /* Tell the user the version of netCDF. */ --static const char nc_libvers[] = PACKAGE_VERSION " of "__DATE__" "__TIME__" $"; -+static const char nc_libvers[] = PACKAGE_VERSION " of "CONFIG_DATE" $"; - - /** - \defgroup lib_version Library Version ---- a/config.h.in -+++ b/config.h.in -@@ -393,6 +393,9 @@ - /* Define to the version of this package. */ - #undef PACKAGE_VERSION - -+/* Define to the configuration date */ -+#undef CONFIG_DATE -+ - /* The size of `double', as computed by sizeof. */ - #undef SIZEOF_DOUBLE - diff --git a/gnu/packages/patches/netcdf-date-time.patch b/gnu/packages/patches/netcdf-date-time.patch new file mode 100644 index 0000000000..a4e7925aa1 --- /dev/null +++ b/gnu/packages/patches/netcdf-date-time.patch @@ -0,0 +1,11 @@ +--- a/libdispatch/derror.c ++++ b/libdispatch/derror.c +@@ -13,7 +13,7 @@ + #endif + + /* Tell the user the version of netCDF. */ +-static const char nc_libvers[] = PACKAGE_VERSION " of "__DATE__" "__TIME__" $"; ++static const char nc_libvers[] = PACKAGE_VERSION" $"; + + /** + \defgroup lib_version Library Version diff --git a/gnu/packages/patches/netcdf-tst_h_par.patch b/gnu/packages/patches/netcdf-tst_h_par.patch new file mode 100644 index 0000000000..ac14a4c0a2 --- /dev/null +++ b/gnu/packages/patches/netcdf-tst_h_par.patch @@ -0,0 +1,21 @@ +From a83702834938b23cc2e843589aa223e2024a7e6f Mon Sep 17 00:00:00 2001 +From: Orion Poplawski +Date: Tue, 29 Nov 2016 11:48:01 -0700 +Subject: [PATCH] Add missing #include "err_macros.h" to tst_h_par.c + +--- + h5_test/tst_h_par.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/h5_test/tst_h_par.c b/h5_test/tst_h_par.c +index c3da7f4..a419d55 100644 +--- a/h5_test/tst_h_par.c ++++ b/h5_test/tst_h_par.c +@@ -11,6 +11,7 @@ + $Id: tst_h_par.c,v 1.15 2010/05/25 13:53:04 ed Exp $ + */ + #include ++#include "err_macros.h" + #include + + /* Defining USE_MPE causes the MPE trace library to be used (and you -- cgit v1.2.3 From 0e988a8483de93a5f3f2e09193cadf285f37dea1 Mon Sep 17 00:00:00 2001 From: Eric Bavier Date: Fri, 15 Jul 2016 20:24:25 -0500 Subject: gnu: vtk: Upgrade to 7.1.0. * gnu/packages/vtk.scm (vtk): Upgrade to 7.1.0. [source]: Remove patches. Use version-major+minor. * gnu/packages/patches/vtk-mesa-10.patch: Delete patch. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/patches/vtk-mesa-10.patch | 36 ---------------------------------- gnu/packages/vtk.scm | 9 ++++----- 3 files changed, 4 insertions(+), 42 deletions(-) delete mode 100644 gnu/packages/patches/vtk-mesa-10.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 6f128ed913..f6f2db6df9 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -912,7 +912,6 @@ dist_patch_DATA = \ %D%/packages/patches/vpnc-script.patch \ %D%/packages/patches/vte-CVE-2012-2738-pt1.patch \ %D%/packages/patches/vte-CVE-2012-2738-pt2.patch \ - %D%/packages/patches/vtk-mesa-10.patch \ %D%/packages/patches/weechat-python.patch \ %D%/packages/patches/wicd-bitrate-none-fix.patch \ %D%/packages/patches/wicd-get-selected-profile-fix.patch \ diff --git a/gnu/packages/patches/vtk-mesa-10.patch b/gnu/packages/patches/vtk-mesa-10.patch deleted file mode 100644 index bc60af68c4..0000000000 --- a/gnu/packages/patches/vtk-mesa-10.patch +++ /dev/null @@ -1,36 +0,0 @@ -Fix build against new mesa. See: - - https://bugs.freedesktop.org/show_bug.cgi?id=83631 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765938 - -Description: fixes FTBFS against new libjpeg-turbo -Author: Ondřej Surý -Bug-Debian: https://bugs.debian.org/765938 -Reviewed-By: Anton Gladky -Last-Update: 2014-10-22 - -Index: vtk6-6.1.0+dfsg2/Rendering/OpenGL/vtkOpenGL.h -=================================================================== ---- vtk6-6.1.0+dfsg2.orig/Rendering/OpenGL/vtkOpenGL.h -+++ vtk6-6.1.0+dfsg2/Rendering/OpenGL/vtkOpenGL.h -@@ -20,6 +20,7 @@ - - // To prevent gl.h to include glext.h provided by the system - #define GL_GLEXT_LEGACY -+#define GLX_GLEXT_LEGACY - #if defined(__APPLE__) && (defined(VTK_USE_CARBON) || defined(VTK_USE_COCOA)) - # include // Include OpenGL API. - #else -Index: vtk6-6.1.0+dfsg2/Rendering/OpenGL/vtkXOpenGLRenderWindow.cxx -=================================================================== ---- vtk6-6.1.0+dfsg2.orig/Rendering/OpenGL/vtkXOpenGLRenderWindow.cxx -+++ vtk6-6.1.0+dfsg2/Rendering/OpenGL/vtkXOpenGLRenderWindow.cxx -@@ -27,7 +27,7 @@ - - // define GLX_GLXEXT_LEGACY to prevent glx.h to include glxext.h provided by - // the system --//#define GLX_GLXEXT_LEGACY -+#define GLX_GLXEXT_LEGACY - #include "GL/glx.h" - - #include "vtkgl.h" diff --git a/gnu/packages/vtk.scm b/gnu/packages/vtk.scm index 13ce2e2ac0..eef982a8b3 100644 --- a/gnu/packages/vtk.scm +++ b/gnu/packages/vtk.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2014 Ludovic Courtès ;;; Copyright © 2014 Mark H Weaver +;;; Copyright © 2016 Eric Bavier ;;; ;;; This file is part of GNU Guix. ;;; @@ -29,17 +30,15 @@ (define-public vtk (package (name "vtk") - (version "6.1.0") + (version "7.1.0") (source (origin (method url-fetch) (uri (string-append "http://www.vtk.org/files/release/" - (substring version 0 - (string-rindex version #\.)) + (version-major+minor version) "/VTK-" version ".tar.gz")) (sha256 (base32 - "0d7shccdkyj4mbh2riilslgx3gd28in4c7xpm0lxa1ln8w5g2zdx")) - (patches (search-patches "vtk-mesa-10.patch")))) + "0yj96z58haan77gzilnqp7xpf8hg5jk11a3jx55p2ksd400s0gjz")))) (build-system cmake-build-system) (arguments ;; Build without '-g' to save space. -- cgit v1.2.3 From ab519cfa3db289303eb2e640d959340b3f66e738 Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Wed, 30 Nov 2016 17:04:34 +0100 Subject: gnu: Add fcgi. * gnu/packages/patches/fcgi-2.4.0-gcc44-fixes.patch: New file. * gnu/packages/patches/fcgi-2.4.0-poll.patch: New file. * gnu/local.mk (dist_patch_DATA): Register patches. * gnu/packages/web.scm (fcgi): New variable. --- gnu/local.mk | 2 + gnu/packages/patches/fcgi-2.4.0-gcc44-fixes.patch | 14 ++++ gnu/packages/patches/fcgi-2.4.0-poll.patch | 89 +++++++++++++++++++++++ gnu/packages/web.scm | 25 +++++++ 4 files changed, 130 insertions(+) create mode 100644 gnu/packages/patches/fcgi-2.4.0-gcc44-fixes.patch create mode 100644 gnu/packages/patches/fcgi-2.4.0-poll.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index f6f2db6df9..2fc4b6cf5b 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -540,6 +540,8 @@ dist_patch_DATA = \ %D%/packages/patches/fasthenry-spUtils.patch \ %D%/packages/patches/fasthenry-spSolve.patch \ %D%/packages/patches/fasthenry-spFactor.patch \ + %D%/packages/patches/fcgi-2.4.0-gcc44-fixes.patch \ + %D%/packages/patches/fcgi-2.4.0-poll.patch \ %D%/packages/patches/findutils-localstatedir.patch \ %D%/packages/patches/findutils-test-xargs.patch \ %D%/packages/patches/flex-CVE-2016-6354.patch \ diff --git a/gnu/packages/patches/fcgi-2.4.0-gcc44-fixes.patch b/gnu/packages/patches/fcgi-2.4.0-gcc44-fixes.patch new file mode 100644 index 0000000000..0f921b120b --- /dev/null +++ b/gnu/packages/patches/fcgi-2.4.0-gcc44-fixes.patch @@ -0,0 +1,14 @@ +Taken from http://pkgs.fedoraproject.org/cgit/rpms/fcgi.git/plain/fcgi-2.4.0-gcc44_fixes.patch. +Fixes compilation with GCC 4.4 and later. + +diff -up fcgi-2.4.0/libfcgi/fcgio.cpp.gcc44_fixes fcgi-2.4.0/libfcgi/fcgio.cpp +--- fcgi-2.4.0/libfcgi/fcgio.cpp.gcc44_fixes 2002-02-24 21:12:22.000000000 +0100 ++++ fcgi-2.4.0/libfcgi/fcgio.cpp 2009-02-15 11:35:18.000000000 +0100 +@@ -23,6 +23,7 @@ + #endif + + #include ++#include + #include "fcgio.h" + + using std::streambuf; diff --git a/gnu/packages/patches/fcgi-2.4.0-poll.patch b/gnu/packages/patches/fcgi-2.4.0-poll.patch new file mode 100644 index 0000000000..73be6a0a08 --- /dev/null +++ b/gnu/packages/patches/fcgi-2.4.0-poll.patch @@ -0,0 +1,89 @@ +Taken from http://pkgs.fedoraproject.org/cgit/rpms/fcgi.git/plain/fcgi-2.4.0-poll.patch +Fixes CVE-2012-6687. + +Author: Anton Kortunov +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libfcgi/+bug/933417 +Description: use poll in os_unix.c instead of select to avoid problem with > 1024 connections +Forwarded: yes, fastcgi-developers@mailman.fastcgi.com + +diff --git a/libfcgi/os_unix.c b/libfcgi/os_unix.c +index 73e6a7f..af35aee 100755 +--- a/libfcgi/os_unix.c ++++ b/libfcgi/os_unix.c +@@ -42,6 +42,7 @@ static const char rcsid[] = "$Id: os_unix.c,v 1.37 2002/03/05 19:14:49 robs Exp + #include + #include + #include ++#include + + #ifdef HAVE_NETDB_H + #include +@@ -103,6 +104,9 @@ static int volatile maxFd = -1; + static int shutdownPending = FALSE; + static int shutdownNow = FALSE; + ++static int libfcgiOsClosePollTimeout = 2000; ++static int libfcgiIsAfUnixKeeperPollTimeout = 2000; ++ + void OS_ShutdownPending() + { + shutdownPending = TRUE; +@@ -168,6 +172,16 @@ int OS_LibInit(int stdioFds[3]) + if(libInitialized) + return 0; + ++ char *libfcgiOsClosePollTimeoutStr = getenv( "LIBFCGI_OS_CLOSE_POLL_TIMEOUT" ); ++ if(libfcgiOsClosePollTimeoutStr) { ++ libfcgiOsClosePollTimeout = atoi(libfcgiOsClosePollTimeoutStr); ++ } ++ ++ char *libfcgiIsAfUnixKeeperPollTimeoutStr = getenv( "LIBFCGI_IS_AF_UNIX_KEEPER_POLL_TIMEOUT" ); ++ if(libfcgiIsAfUnixKeeperPollTimeoutStr) { ++ libfcgiIsAfUnixKeeperPollTimeout = atoi(libfcgiIsAfUnixKeeperPollTimeoutStr); ++ } ++ + asyncIoTable = (AioInfo *)malloc(asyncIoTableSize * sizeof(AioInfo)); + if(asyncIoTable == NULL) { + errno = ENOMEM; +@@ -755,19 +769,16 @@ int OS_Close(int fd) + + if (shutdown(fd, 1) == 0) + { +- struct timeval tv; +- fd_set rfds; ++ struct pollfd pfd; + int rv; + char trash[1024]; + +- FD_ZERO(&rfds); ++ pfd.fd = fd; ++ pfd.events = POLLIN; + + do + { +- FD_SET(fd, &rfds); +- tv.tv_sec = 2; +- tv.tv_usec = 0; +- rv = select(fd + 1, &rfds, NULL, NULL, &tv); ++ rv = poll(&pfd, 1, libfcgiOsClosePollTimeout); + } + while (rv > 0 && read(fd, trash, sizeof(trash)) > 0); + } +@@ -1116,13 +1127,11 @@ static int is_reasonable_accept_errno (const int error) + */ + static int is_af_unix_keeper(const int fd) + { +- struct timeval tval = { READABLE_UNIX_FD_DROP_DEAD_TIMEVAL }; +- fd_set read_fds; +- +- FD_ZERO(&read_fds); +- FD_SET(fd, &read_fds); ++ struct pollfd pfd; ++ pfd.fd = fd; ++ pfd.events = POLLIN; + +- return select(fd + 1, &read_fds, NULL, NULL, &tval) >= 0 && FD_ISSET(fd, &read_fds); ++ return poll(&pfd, 1, libfcgiIsAfUnixKeeperPollTimeout) >= 0 && (pfd.revents & POLLIN); + } + + /* diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index 593b0ab41a..7c869c0b11 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -201,6 +201,31 @@ and as a proxy to reduce the load on back-end HTTP or mail servers.") ;; except for two source files which are bsd-4 licensed. (license (list l:bsd-2 l:expat l:bsd-3 l:bsd-4)))) +(define-public fcgi + (package + (name "fcgi") + (version "2.4.0") + (source + (origin + (method url-fetch) + ;; Upstream has disappeared + (uri (string-append "https://sources.archlinux.org/other/packages/fcgi/" + "fcgi-" version ".tar.gz")) + (sha256 + (base32 + "1f857wnl1d6jfrgfgfpz3zdaj8fch3vr13mnpcpvy8bang34bz36")) + (patches (search-patches "fcgi-2.4.0-poll.patch" + "fcgi-2.4.0-gcc44-fixes.patch")))) + (build-system gnu-build-system) + (home-page "http://www.fastcgi.com") + (synopsis "Language-independent, high-performant extension to CGI") + (description "FastCGI is a language independent, scalable extension to CGI +that provides high performance without the limitations of server specific +APIs.") + ;; This package is released under the Open Market License, a variant of + ;; the Expat license, incompatible with the GPL. + (license (l:non-copyleft "file://LICENSE.TERMS")))) + (define-public starman (package (name "starman") -- cgit v1.2.3 From 5bdec7d634ce0058801cd212e9e4ea56e914ca0c Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Sat, 3 Dec 2016 12:19:17 -0500 Subject: gnu: icecat: Update to 45.5.1-gnu1. * gnu/packages/gnuzilla.scm (icecat): Update to 45.5.1-gnu1. [source]: Remove temporary URI for 45.3 beta. Fix URI computation. Remove outdated patches. Add more cherry-picked bug fixes from upstream mozilla-esr45. Use 'list' instead of quasiquote in 'patches' field. --- gnu/local.mk | 1 - gnu/packages/gnuzilla.scm | 106 +-- gnu/packages/patches/icecat-CVE-2016-9064.patch | 996 ------------------------ 3 files changed, 32 insertions(+), 1071 deletions(-) delete mode 100644 gnu/packages/patches/icecat-CVE-2016-9064.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 2fc4b6cf5b..e5755ec968 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -628,7 +628,6 @@ dist_patch_DATA = \ %D%/packages/patches/hypre-ldflags.patch \ %D%/packages/patches/icecat-avoid-bundled-libraries.patch \ %D%/packages/patches/icecat-binutils.patch \ - %D%/packages/patches/icecat-CVE-2016-9064.patch \ %D%/packages/patches/icu4c-CVE-2014-6585.patch \ %D%/packages/patches/icu4c-CVE-2015-1270.patch \ %D%/packages/patches/icu4c-CVE-2015-4760.patch \ diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index 3342a39122..f63e950f29 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -303,82 +303,41 @@ standards.") (define-public icecat (package (name "icecat") - (version "45.3.0-gnu1-beta") + (version "45.5.1-gnu1") (source (origin (method url-fetch) - (uri (list (string-append "mirror://gnu/gnuzilla/" version "/" - name "-" version ".tar.bz2") - ;; XXX Temporary URI for 45.3 beta release. - ;; Remove when no longer needed. - (string-append "http://jenkins.trisquel.info/icecat/binaries/" - "icecat-45.3.0-gnu1.tar.bz2"))) + (uri (string-append "mirror://gnu/gnuzilla/" + (first (string-split version #\-)) + "/" name "-" version ".tar.bz2")) (sha256 (base32 - "1hk5lwaqm8nkfm43sq521mzyrx0x3iiwvlcy62m7cq7grz9wixp6")) + "1sbfgsibmb8wfmb2g40gmqwq3nikmrgzksf51ydrz7gnafyfaqw1")) (patches - `(,(search-patch "icecat-avoid-bundled-libraries.patch") - ,(search-patch "icecat-binutils.patch") - ,(mozilla-patch "icecat-CVE-2016-5250.patch" "6711ccb0184e" "1p0s91rw1j7ib6hy9gh5p0l33rja32rfgygh29jw4wq1hxfql8rk") - ,(mozilla-patch "icecat-CVE-2016-5257-pt1.patch" "b08f28db372e" "0fmifimavawbff700rzjibsnr16am6902gp965scvi1iy78754ia") - ,(mozilla-patch "icecat-CVE-2016-5257-pt2.patch" "a49fd7eb57ba" "1dyh0pjdmf64sjbj1x0mdjwfispacx9yny1kx9nzpf85myryr640") - ,(mozilla-patch "icecat-CVE-2016-5257-pt3.patch" "9707c3423a1e" "12nn8av0akza4ml1is9mfy8f7368mrkxsl32ly97r4irzh0iryh1") - ,(mozilla-patch "icecat-CVE-2016-5257-pt4.patch" "9d632865560a" "1msp1wqv0c317wqkm82hd9ajbg4a5mcr8pld5j8cx37ccv7f21g3") - ,(mozilla-patch "icecat-CVE-2016-5257-pt5.patch" "90697781ec9f" "1h6gcrw5ykf7r59phxqkhpfs7jsgzqn509qm43sj7mbpcvqvk5mg") - ,(mozilla-patch "icecat-CVE-2016-5257-pt6.patch" "dd9eb81853b9" "1lyqnn40sayziych8gqd5aj7il3zajf318y8ddj8dzz3c8id5dzc") - ,(mozilla-patch "icecat-CVE-2016-5257-pt7.patch" "d91fc76079e0" "022lhixa8dxa6ny9a4bh2di282i0lhyq0glqr9n4q3r8msfmf0ba") - ,(mozilla-patch "icecat-CVE-2016-5257-pt8.patch" "3e37ba5e0867" "1w8lncxaayq4xndhyp1hwlv00zggbayljq6rlypb8kdwgzfpi77w") - ,(mozilla-patch "icecat-CVE-2016-5257-pt9.patch" "3c4958a98908" "16bc6ai5qddnpm3yw24lry5s7i05xs0ycixzxiir4wmcgwcaayiy") - ,(mozilla-patch "icecat-CVE-2016-5261.patch" "bc2f5467b33d" "0i4b8ydmqg4blx541f56g9qrlm7gp6ih4cs7ixbds724cwk83b9f") - ,(mozilla-patch "icecat-CVE-2016-5270.patch" "7cd50d56bb61" "15nbp5axr59mczxgf37nli37jbw0jdknmxz7z71772pzjd2z07r9") - ,(mozilla-patch "icecat-CVE-2016-5272.patch" "6e43a01fee3c" "025xp1wdnz1gc5l2rsgbrwsh1pbysjiyfgz0g6rvr390r7ag1n74") - ,(mozilla-patch "icecat-CVE-2016-5274.patch" "10c9453407de" "1wqh6hj0dpa7r3hhlyrflcv3r3cg0xq4rb0zvhysi6l7lwb8q51r") - ,(mozilla-patch "icecat-CVE-2016-5276.patch" "fc818ab03f15" "1q64ipl172dcmyy9p8p3l3ljpdh1q1jg48lai0qn2xgknl7sdpks") - ,(mozilla-patch "icecat-CVE-2016-5277.patch" "7b668c5cec92" "1qmchn6qifgjakzac6i4hgnivy062pzgz9p1l11c1m3an1rh0isg") - ,(mozilla-patch "icecat-CVE-2016-5278.patch" "fd5052e343df" "1nzmzlnsz61w9aw4mjvgmlkz88aqv1w858rr0mbv07hwyrljfi84") - ,(mozilla-patch "icecat-CVE-2016-5280.patch" "30673bc9730b" "1qz1684v1rp86ngadcaqd68iqf472flnrnk971ryg4fbsyy8g1za") - ,(mozilla-patch "icecat-CVE-2016-5281-pt1.patch" "61405f1fd1df" "1fgmq67arwsl1nrl133fcb5cz6jbbcfjvbv8cd8cadhapin971a7") - ,(mozilla-patch "icecat-CVE-2016-5281-pt2.patch" "7776b6ec7b92" "1f7k8f4lk7nyghwajsxf6nb7yvzsaw3jwpa3316znsva12m548mn") - ,(mozilla-patch "icecat-CVE-2016-5284-pt1.patch" "55e768767416" "1gg7m12njbkn1jqf2gp2y7zd9ik3xhqkjb7znczna4l438h7ki83") - ,(mozilla-patch "icecat-CVE-2016-5284-pt2.patch" "3c42249975a5" "0gnanndkmhsp49rldv4kh0smkdcs7616v46hn567kfw8yfwqvnli") - ,(mozilla-patch "icecat-CVE-2016-5284-pt3.patch" "126e5d574811" "13gr08bzqy23adz0ciihb7cy9wdnkcn71i77a3y5b5apm6k54mwi") - ,(mozilla-patch "icecat-CVE-2016-5284-pt4.patch" "7b8bd7aae1a8" "0mq5gpq6ni8czfcs1rif4is0igh0054aw41ga0jqkq58g7lavkrf") - ,(mozilla-patch "icecat-CVE-2016-5284-pt5.patch" "0799490f4e6f" "1ypv6i48nabbhcqbach8fbgz9bmnhm7q5z9dnfid44z8g54l3f33") - ,(mozilla-patch "icecat-CVE-2016-5284-pt6.patch" "fc990e4ae8bc" "1s2cj505ajwwiy4xvn5zlmyzqpgahxmqqvis0a6xm6mjbjh02gm4") - ,(mozilla-patch "icecat-bug-1251088.patch" "5ffa912ed83e" "0v5lpv3c89c2d4y5acn0kyijv096axdnrvaj5ya5yypzfcaqxv24") - ,(mozilla-patch "icecat-CVE-2016-5290-pt1.patch" "d4b5b8f3e373" "0w8cxn6ryhgxryy8k8i06yw4mknv509ns9ff1avd0hmgxa83mcdp") - ,(mozilla-patch "icecat-CVE-2016-5290-pt2.patch" "adce603ae36d" "0mgs85cwx61bk17r7npl311l4m8yn4667wyhgjmm2ajiys6nn0yl") - ,(mozilla-patch "icecat-CVE-2016-5290-pt3.patch" "97268426bb6f" "1z7hg796cgag025gm9pp2szz7w870s7naagdri1dlsilj797v8hr") - ,(mozilla-patch "icecat-CVE-2016-5290-pt4.patch" "fc055950b6b8" "05iml5k3rzc653jk4imd111sh18625jxfxkcj12kjdihl0gdr4x4") - ,(mozilla-patch "icecat-CVE-2016-5290-pt5.patch" "6f845c23565b" "01dlbnmpsnwr448fajs276y62gl03r74k1hxnwsg6ihwhnfdvn5a") - ,(mozilla-patch "icecat-CVE-2016-5290-pt6.patch" "e5d51ca7a3c0" "0hshcz24hc6pkz5pcqxhajm17ibwrlfn1s00frfnpjjy56vacfz0") - ,(mozilla-patch "icecat-CVE-2016-5290-pt7.patch" "61d1463acd04" "1iig4a79dxmfcr6w82mdhyl88wy7d36g5n4p24632kbabgl9j9sz") - ,(mozilla-patch "icecat-CVE-2016-5290-pt8.patch" "8e0bab4216de" "1knq8h5ni8crfndi3p78b2pyj5lzchqw67vk0yx061r76mq4wp4r") - ,(mozilla-patch "icecat-CVE-2016-5290-pt9.patch" "bb10104dc89e" "1flvagckrzfk7hs2xzb5j3s5i0ck57ygyskh5494xmpa2a1nnsqj") - ,(mozilla-patch "icecat-CVE-2016-5290-pt10.patch" "7006b275b829" "0sqagm247wx94mf51fyhdkn0vf1a1qy9i829shjnhssd79srxmnn") - ,(mozilla-patch "icecat-CVE-2016-5290-pt11.patch" "32ce7be98543" "1y2r9i4p1qpqi75mlwmibr51whz5h1vj28c6mh6ik57dxkqxbclb") - ,(mozilla-patch "icecat-CVE-2016-5291.patch" "3ff0c89f3b26" "1prn74aglshaj27jfrpd2s2i4slpljw4rbzjxc1qgwjvkq4m6j6f") - ,(mozilla-patch "icecat-CVE-2016-5297.patch" "46b07bdbf8b2" "1n8y1c5l0ms81dra7jsx8mp633ak5qvx105drvlg9hn3m0fwv1lj") - ,(search-patch "icecat-CVE-2016-9064.patch") ; adapted for icecat based on: - ; "00c2b7baaa0b" "0y02yb7r62656nq9dji9dnwils2lxqasjz5byv62j1xa87r7f9hp" - ,(mozilla-patch "icecat-CVE-2016-9066.patch" "576f1725a57e" "1lic9d3r8r1vcniw1g3ca71390lw3dmwjsw55dp6z96hyjbcq3fd") - ,(mozilla-patch "icecat-CVE-2016-9079.patch" "e6eb0a3a3c76" "1gfcl58cm255sn3f5fwfhw21c2msbghg9i1b3nc9pp4gafaj2p9i") - ,(mozilla-patch "icecat-bug-1212939.patch" "4a0e851f83e4" "182vx1qxrr7r2175jjf0bcixwwm1khdj4sq0c8wnsyry7p9waq5q") - ,(mozilla-patch "icecat-bug-1168743.patch" "a1e06af61ab3" "07llk1ba6axjasiv30vicz96k55ff4mybxy21vjxk6j0asgyjz23") - ,(mozilla-patch "icecat-bug-1287176.patch" "0569d5dce9db" "1d41sqbq6jc3af73dz9w19win7v7c12kw1mp7j7b1gkadq46c4y7") - ,(mozilla-patch "icecat-bug-1263665.patch" "a79cafee93f4" "0bn7hpm8mh8qmkpz5wiridr792irrs5sjxyvryazy2i0p4pjh62p") - ,(mozilla-patch "icecat-bug-1304962.patch" "f61049d5f373" "04d1na31qqq7yq4jjvhq6vzqq3f23rwac8c6fw4h5fx1pdb3l997") - ,(mozilla-patch "icecat-bug-1314574.patch" "46b2558ca469" "00q8676xg4wb7p371wgi04nl05j7idkb2kna9a0l08k6lks9wdhh") - ,(mozilla-patch "icecat-bug-1301381.patch" "2e5438a92617" "0pyjbzyy04759ldpcar8q8cccv67j1jkxsg46rkq7a3rbhmwmw4p") - ,(mozilla-patch "icecat-bug-1317409.patch" "7391f60fb790" "1hydggpmmm2cs9lb15micnkxn4wl4cda9g74hkn3zmks805vjz3h") - ,(mozilla-patch "icecat-bug-1309834.patch" "744e01001e6e" "0z2fq765kap3ll9as5rvjpnbj3pw26074alw7df0zi215qz47nxr") - ,(mozilla-patch "icecat-bug-1317936-pt1.patch" "8ae673f34a5b" "1rlbihckl9afa0y91lqs7gpnv6a7zxzrmxjv95y3yrl03kibqp76") - ,(mozilla-patch "icecat-bug-1317936-pt2.patch" "409c23c144fe" "05kgs16y8s5pxmg2dxp93247zagnj6zgj3209qpm5hz3an7gr13h") - ,(mozilla-patch "icecat-bug-1319122.patch" "994d9bd0e28d" "007wifyx3b2ln4fwv1i8n24yz5ngjf4mkzd7sqr5bpd3q88ff293") - ,(mozilla-patch "icecat-bug-1312609.patch" "0fc43af8982e" "0pc8q9knzq2knj723mwkay1lnzbzysb07ygxnc16mcb6f7vl2mw8") - ,(mozilla-patch "icecat-bug-1319524.patch" "19f9a4643d77" "0w5yxj1l0hvs66q9agjp4m5sfby7fj05lx33gaqf899bw4hn4vcf") - ,(mozilla-patch "icecat-bug-1312548.patch" "c58442c414f5" "1z1w1v8xagkhrwgp51ij1k2gx0ripslia09vm78812n7gcwddaas") - ,(mozilla-patch "icecat-bug-1314442.patch" "5054047b7328" "0xlw8irymfp3bcaa5jpf7clf7bq6qxp3i8zapp8jya8lzr1nf868"))) + (list + (search-patch "icecat-avoid-bundled-libraries.patch") + (search-patch "icecat-binutils.patch") + (mozilla-patch "icecat-bug-1301381.patch" "2e5438a92617" "0pyjbzyy04759ldpcar8q8cccv67j1jkxsg46rkq7a3rbhmwmw4p") + (mozilla-patch "icecat-bug-1317409.patch" "7391f60fb790" "1hydggpmmm2cs9lb15micnkxn4wl4cda9g74hkn3zmks805vjz3h") + (mozilla-patch "icecat-bug-1309834.patch" "744e01001e6e" "0z2fq765kap3ll9as5rvjpnbj3pw26074alw7df0zi215qz47nxr") + (mozilla-patch "icecat-bug-1317936-pt1.patch" "8ae673f34a5b" "1rlbihckl9afa0y91lqs7gpnv6a7zxzrmxjv95y3yrl03kibqp76") + (mozilla-patch "icecat-bug-1317936-pt2.patch" "409c23c144fe" "05kgs16y8s5pxmg2dxp93247zagnj6zgj3209qpm5hz3an7gr13h") + (mozilla-patch "icecat-bug-1319122.patch" "994d9bd0e28d" "007wifyx3b2ln4fwv1i8n24yz5ngjf4mkzd7sqr5bpd3q88ff293") + (mozilla-patch "icecat-bug-1312609.patch" "0fc43af8982e" "0pc8q9knzq2knj723mwkay1lnzbzysb07ygxnc16mcb6f7vl2mw8") + (mozilla-patch "icecat-bug-1319524.patch" "19f9a4643d77" "0w5yxj1l0hvs66q9agjp4m5sfby7fj05lx33gaqf899bw4hn4vcf") + (mozilla-patch "icecat-bug-1312548.patch" "c58442c414f5" "1z1w1v8xagkhrwgp51ij1k2gx0ripslia09vm78812n7gcwddaas") + (mozilla-patch "icecat-bug-1314442.patch" "5054047b7328" "0xlw8irymfp3bcaa5jpf7clf7bq6qxp3i8zapp8jya8lzr1nf868") + (mozilla-patch "icecat-bug-881832-pt1.patch" "1123263318a3" "1qkxwva3zrcs1zhga8ncmndq03988dx75i896g53gbvpskj06915") + (mozilla-patch "icecat-bug-881832-pt2.patch" "dc87c0a39adf" "01rapf14f3r2wk0cjd16dn1rll4ipgs33cnjmjck48nvk67ikz6h") + (mozilla-patch "icecat-bug-881832-pt3.patch" "f20e5f488368" "15ql9ywifb3gm2g1057k63f821dbs3wqsh3zhndprzf3dn6aha4i") + (mozilla-patch "icecat-bug-881832-pt4.patch" "7950c4d5bd7c" "0jhkg5hq5yfy7rh21k1mpbsbr81ql85aazym30zy3n2cf28xxhd7") + (mozilla-patch "icecat-bug-881832-pt5.patch" "972734ec21b6" "073i4v1f1ydy49i57pvzscz95sjr5bbk9s5sajxvmmcsmwhpjdfy") + (mozilla-patch "icecat-bug-1293985-pt1.patch" "aebd3687e05e" "1qz6hdgflcrqyg7fv66cbg23v4b7q5bc2yxzrgjxs4j1d7jy1s0s") + (mozilla-patch "icecat-bug-1293985-pt2.patch" "63d8e5cd27cb" "11fsgyngy7v59ma30xdbmycwf4izwikzvaljngm3ks4534inpl4a") + (mozilla-patch "icecat-bug-1279202.patch" "e560997291af" "1hn35slasfcj3ryka4fsarx4l9r99z0iwj67fmbv6zxz4z133kks") + (mozilla-patch "icecat-bug-1320039.patch" "21c615b65048" "0ibgsxa36x9ajn2jqbhxxvrfvj6x6iyspsmzzn4brdz11n93skhr") + (mozilla-patch "icecat-bug-1320057.patch" "c15e5afc0430" "17gj32agqs94548z8lvz0l6zz3kbwajn8as0y4iw5nb6jsll4c66") + (mozilla-patch "icecat-bug-1163212.patch" "46163fb1cb34" "1yikayczfgfla3aka0159apq3149d52sgvlca0sivx4myd0lvjm7"))) (modules '((guix build utils))) (snippet '(begin @@ -422,7 +381,7 @@ standards.") "db/sqlite3")) ;; Delete .pyc files, typically present in icecat source tarballs (for-each delete-file (find-files "." "\\.pyc$")) - ;; Delete obj-* directories, found in icecat-45.3.0-gnu1-beta + ;; Delete obj-* directories, sometimes present in icecat tarballs (for-each delete-file-recursively (scandir "." (lambda (name) (string-prefix? "obj-" name)))) @@ -502,9 +461,8 @@ standards.") "--disable-debug" "--disable-debug-symbols" - ;; Temporary hack to work around missing - ;; "unofficial" branding in - ;; icecat-45.3.0-gnu1-beta. + ;; Hack to work around missing + ;; "unofficial" branding in icecat. "--enable-official-branding" ;; Avoid bundled libraries. diff --git a/gnu/packages/patches/icecat-CVE-2016-9064.patch b/gnu/packages/patches/icecat-CVE-2016-9064.patch deleted file mode 100644 index a5393815e0..0000000000 --- a/gnu/packages/patches/icecat-CVE-2016-9064.patch +++ /dev/null @@ -1,996 +0,0 @@ -Copied from - -but with one hunk omitted: the git binary patch for -toolkit/mozapps/extensions/test/addons/test_update_multi2/addon.xpi -which is not present in the IceCat sources. - -# HG changeset patch -# User Andrew Swan -# Date 1474063218 25200 -# Node ID 00c2b7baaa0b4bfb7d5f1aac31c094ea6b255e1f -# Parent 46b07bdbf8b20cf3fdc28104add57ff58a55832b -Bug 1303418 - Don't allow upgrades that change the addon ID. r=mossop, a=lizzard - -MozReview-Commit-ID: JHINo8ShmeI - -diff --git a/toolkit/mozapps/extensions/AddonManager.jsm b/toolkit/mozapps/extensions/AddonManager.jsm ---- a/toolkit/mozapps/extensions/AddonManager.jsm -+++ b/toolkit/mozapps/extensions/AddonManager.jsm -@@ -2956,16 +2956,18 @@ this.AddonManager = { - // The downloaded file seems to be corrupted in some way. - ERROR_CORRUPT_FILE: -3, - // An error occured trying to write to the filesystem. - ERROR_FILE_ACCESS: -4, - // The add-on must be signed and isn't. - ERROR_SIGNEDSTATE_REQUIRED: -5, - // The downloaded add-on had a different type than expected. - ERROR_UNEXPECTED_ADDON_TYPE: -6, -+ // The addon did not have the expected ID -+ ERROR_INCORRECT_ID: -7, - - // These must be kept in sync with AddonUpdateChecker. - // No error was encountered. - UPDATE_STATUS_NO_ERROR: 0, - // The update check timed out - UPDATE_STATUS_TIMEOUT: -1, - // There was an error while downloading the update information. - UPDATE_STATUS_DOWNLOAD_ERROR: -2, -diff --git a/toolkit/mozapps/extensions/internal/XPIProvider.jsm b/toolkit/mozapps/extensions/internal/XPIProvider.jsm ---- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm -+++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm -@@ -5473,16 +5473,37 @@ AddonInstall.prototype = { - // loadManifestFromZipReader performs the certificate verification for us - this.addon = yield loadManifestFromZipReader(zipreader, this.installLocation); - } - catch (e) { - zipreader.close(); - return Promise.reject([AddonManager.ERROR_CORRUPT_FILE, e]); - } - -+ if (this.existingAddon) { -+ // Check various conditions related to upgrades -+ if (this.addon.id != this.existingAddon.id) { -+ zipreader.close(); -+ return Promise.reject([AddonManager.ERROR_INCORRECT_ID, -+ `Refusing to upgrade addon ${this.existingAddon.id} to different ID ${this.addon.id}`]); -+ } -+ -+ if (this.addon.type == "multipackage") { -+ zipreader.close(); -+ return Promise.reject([AddonManager.ERROR_UNEXPECTED_ADDON_TYPE, -+ `Refusing to upgrade addon ${this.existingAddon.id} to a multi-package xpi`]); -+ } -+ -+ if (this.existingAddon.type == "webextension" && this.addon.type != "webextension") { -+ zipreader.close(); -+ return Promise.reject([AddonManager.ERROR_UNEXPECTED_ADDON_TYPE, -+ "Webextensions may not be updated to other extension types"]); -+ } -+ } -+ - if (mustSign(this.addon.type)) { - if (this.addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) { - // This add-on isn't properly signed by a signature that chains to the - // trusted root. - let state = this.addon.signedState; - this.addon = null; - zipreader.close(); - -@@ -5510,23 +5531,16 @@ AddonInstall.prototype = { - } else { - zipreader.close(); - return Promise.reject([AddonManager.ERROR_CORRUPT_FILE, - "XPI is incorrectly signed"]); - } - } - } - -- if (this.existingAddon && this.existingAddon.type == "webextension" && -- this.addon.type != "webextension") { -- zipreader.close(); -- return Promise.reject([AddonManager.ERROR_UNEXPECTED_ADDON_TYPE, -- "WebExtensions may not be upated to other extension types"]); -- } -- - if (this.addon.type == "multipackage") - return this._loadMultipackageManifests(zipreader); - - zipreader.close(); - - this.updateAddonURIs(); - - this.addon._install = this; -@@ -5791,16 +5805,17 @@ AddonInstall.prototype = { - else { - // TODO Should we send some event here (bug 557716)? - this.state = AddonManager.STATE_CHECKING; - new UpdateChecker(this.addon, { - onUpdateFinished: aAddon => this.downloadCompleted(), - }, AddonManager.UPDATE_WHEN_ADDON_INSTALLED); - } - }, ([error, message]) => { -+ this.removeTemporaryFile(); - this.downloadFailed(error, message); - }); - } - else { - if (aRequest instanceof Ci.nsIHttpChannel) - this.downloadFailed(AddonManager.ERROR_NETWORK_FAILURE, - aRequest.responseStatus + " " + - aRequest.responseStatusText); -diff --git a/toolkit/mozapps/extensions/test/addons/test_update_multi1/bootstrap.js b/toolkit/mozapps/extensions/test/addons/test_update_multi1/bootstrap.js -new file mode 100644 ---- /dev/null -+++ b/toolkit/mozapps/extensions/test/addons/test_update_multi1/bootstrap.js -@@ -0,0 +1,5 @@ -+ -+function install(data, reason) {} -+function startup(data, reason) {} -+function shutdown(data, reason) {} -+function uninstall(data, reason) {} -diff --git a/toolkit/mozapps/extensions/test/addons/test_update_multi1/install.rdf b/toolkit/mozapps/extensions/test/addons/test_update_multi1/install.rdf -new file mode 100644 ---- /dev/null -+++ b/toolkit/mozapps/extensions/test/addons/test_update_multi1/install.rdf -@@ -0,0 +1,16 @@ -+ -+ -+ -+ updatemulti@tests.mozilla.org -+ 1.0 -+ http://localhost:4444/data/test_update_multi.rdf -+ true -+ Test Addon 1 -+ -+ xpcshell@tests.mozilla.org -+ 1 -+ 1 -+ -+ -+ -diff --git a/toolkit/mozapps/extensions/test/addons/test_update_multi2/install.rdf b/toolkit/mozapps/extensions/test/addons/test_update_multi2/install.rdf -new file mode 100644 ---- /dev/null -+++ b/toolkit/mozapps/extensions/test/addons/test_update_multi2/install.rdf -@@ -0,0 +1,9 @@ -+ -+ -+ -+ updatemulti@tests.mozilla.org -+ 32 -+ 2.0 -+ -+ -diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid1/bootstrap.js b/toolkit/mozapps/extensions/test/addons/test_updateid1/bootstrap.js -new file mode 100644 ---- /dev/null -+++ b/toolkit/mozapps/extensions/test/addons/test_updateid1/bootstrap.js -@@ -0,0 +1,5 @@ -+ -+function install(data, reason) {} -+function startup(data, reason) {} -+function shutdown(data, reason) {} -+function uninstall(data, reason) {} -diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid1/install.rdf b/toolkit/mozapps/extensions/test/addons/test_updateid1/install.rdf -new file mode 100644 ---- /dev/null -+++ b/toolkit/mozapps/extensions/test/addons/test_updateid1/install.rdf -@@ -0,0 +1,16 @@ -+ -+ -+ -+ addon1@tests.mozilla.org -+ 1.0 -+ http://localhost:4444/data/test_updateid.rdf -+ true -+ Test Addon 1 -+ -+ xpcshell@tests.mozilla.org -+ 1 -+ 1 -+ -+ -+ -diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid2/bootstrap.js b/toolkit/mozapps/extensions/test/addons/test_updateid2/bootstrap.js -new file mode 100644 ---- /dev/null -+++ b/toolkit/mozapps/extensions/test/addons/test_updateid2/bootstrap.js -@@ -0,0 +1,5 @@ -+ -+function install(data, reason) {} -+function startup(data, reason) {} -+function shutdown(data, reason) {} -+function uninstall(data, reason) {} -diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid2/install.rdf b/toolkit/mozapps/extensions/test/addons/test_updateid2/install.rdf -new file mode 100644 ---- /dev/null -+++ b/toolkit/mozapps/extensions/test/addons/test_updateid2/install.rdf -@@ -0,0 +1,16 @@ -+ -+ -+ -+ addon1.changed@tests.mozilla.org -+ 2.0 -+ http://localhost:4444/data/test_updateid.rdf -+ true -+ Test Addon 1 -+ -+ xpcshell@tests.mozilla.org -+ 1 -+ 1 -+ -+ -+ -diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid2_2/install.rdf b/toolkit/mozapps/extensions/test/addons/test_updateid2_2/install.rdf -deleted file mode 100644 ---- a/toolkit/mozapps/extensions/test/addons/test_updateid2_2/install.rdf -+++ /dev/null -@@ -1,24 +0,0 @@ -- -- -- -- -- -- addon2@tests.mozilla.org -- 2.0 -- http://localhost:4444/data/test_updateid.rdf -- -- -- Test 2 -- Test Description -- -- -- -- xpcshell@tests.mozilla.org -- 1 -- 1 -- -- -- -- -- -diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid2_5/install.rdf b/toolkit/mozapps/extensions/test/addons/test_updateid2_5/install.rdf -deleted file mode 100644 ---- a/toolkit/mozapps/extensions/test/addons/test_updateid2_5/install.rdf -+++ /dev/null -@@ -1,24 +0,0 @@ -- -- -- -- -- -- addon2@tests.mozilla.org -- 5.0 -- http://localhost:4444/data/test_updateid.rdf -- -- -- Test 2 -- Test Description -- -- -- -- xpcshell@tests.mozilla.org -- 1 -- 1 -- -- -- -- -- -diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid3_3/bootstrap.js b/toolkit/mozapps/extensions/test/addons/test_updateid3_3/bootstrap.js -deleted file mode 100644 ---- a/toolkit/mozapps/extensions/test/addons/test_updateid3_3/bootstrap.js -+++ /dev/null -@@ -1,21 +0,0 @@ --Components.utils.import("resource://gre/modules/Services.jsm"); -- --function install(data, reason) { -- Services.prefs.setIntPref("bootstraptest.installed_version", 3); -- Services.prefs.setIntPref("bootstraptest.install_reason", reason); --} -- --function startup(data, reason) { -- Services.prefs.setIntPref("bootstraptest.active_version", 3); -- Services.prefs.setIntPref("bootstraptest.startup_reason", reason); --} -- --function shutdown(data, reason) { -- Services.prefs.setIntPref("bootstraptest.active_version", 0); -- Services.prefs.setIntPref("bootstraptest.shutdown_reason", reason); --} -- --function uninstall(data, reason) { -- Services.prefs.setIntPref("bootstraptest.installed_version", 0); -- Services.prefs.setIntPref("bootstraptest.uninstall_reason", reason); --} -diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid3_3/install.rdf b/toolkit/mozapps/extensions/test/addons/test_updateid3_3/install.rdf -deleted file mode 100644 ---- a/toolkit/mozapps/extensions/test/addons/test_updateid3_3/install.rdf -+++ /dev/null -@@ -1,25 +0,0 @@ -- -- -- -- -- -- addon3@tests.mozilla.org -- 3.0 -- http://localhost:4444/data/test_updateid.rdf -- true -- -- -- Test 3 -- Test Description -- -- -- -- xpcshell@tests.mozilla.org -- 1 -- 1 -- -- -- -- -- -diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid4_4/bootstrap.js b/toolkit/mozapps/extensions/test/addons/test_updateid4_4/bootstrap.js -deleted file mode 100644 ---- a/toolkit/mozapps/extensions/test/addons/test_updateid4_4/bootstrap.js -+++ /dev/null -@@ -1,21 +0,0 @@ --Components.utils.import("resource://gre/modules/Services.jsm"); -- --function install(data, reason) { -- Services.prefs.setIntPref("bootstraptest.installed_version", 4); -- Services.prefs.setIntPref("bootstraptest.install_reason", reason); --} -- --function startup(data, reason) { -- Services.prefs.setIntPref("bootstraptest.active_version", 4); -- Services.prefs.setIntPref("bootstraptest.startup_reason", reason); --} -- --function shutdown(data, reason) { -- Services.prefs.setIntPref("bootstraptest.active_version", 0); -- Services.prefs.setIntPref("bootstraptest.shutdown_reason", reason); --} -- --function uninstall(data, reason) { -- Services.prefs.setIntPref("bootstraptest.installed_version", 0); -- Services.prefs.setIntPref("bootstraptest.uninstall_reason", reason); --} -diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid4_4/install.rdf b/toolkit/mozapps/extensions/test/addons/test_updateid4_4/install.rdf -deleted file mode 100644 ---- a/toolkit/mozapps/extensions/test/addons/test_updateid4_4/install.rdf -+++ /dev/null -@@ -1,25 +0,0 @@ -- -- -- -- -- -- addon4@tests.mozilla.org -- 4.0 -- http://localhost:4444/data/test_updateid.rdf -- true -- -- -- Test 4 -- Test Description -- -- -- -- xpcshell@tests.mozilla.org -- 1 -- 1 -- -- -- -- -- -diff --git a/toolkit/mozapps/extensions/test/xpcshell/data/test_update_multi.rdf b/toolkit/mozapps/extensions/test/xpcshell/data/test_update_multi.rdf -new file mode 100644 ---- /dev/null -+++ b/toolkit/mozapps/extensions/test/xpcshell/data/test_update_multi.rdf -@@ -0,0 +1,26 @@ -+ -+ -+ -+ -+ -+ -+ -+
  • -+ -+ 2.0 -+ -+ -+ xpcshell@tests.mozilla.org -+ 1 -+ 1 -+ http://localhost:4444/addons/test_update_multi2.xpi -+ -+ -+ -+
    • -+     -+     -+     -+ -+     -diff --git a/toolkit/mozapps/extensions/test/xpcshell/data/test_updateid.rdf b/toolkit/mozapps/extensions/test/xpcshell/data/test_updateid.rdf ---- a/toolkit/mozapps/extensions/test/xpcshell/data/test_updateid.rdf -+++ b/toolkit/mozapps/extensions/test/xpcshell/data/test_updateid.rdf -@@ -9,77 +9,17 @@ -
  • - - 2.0 - - - xpcshell@tests.mozilla.org - 1 - 1 -- http://localhost:4444/addons/test_updateid2_2.xpi -- -- -- --
    • -- -- -- -- -- -- -- --
  • -- -- 3.0 -- -- -- xpcshell@tests.mozilla.org -- 1 -- 1 -- http://localhost:4444/addons/test_updateid3_3.xpi -- -- -- --
    • --     --     --     -- -- -- -- --
  • -- -- 4.0 -- -- -- xpcshell@tests.mozilla.org -- 1 -- 1 -- http://localhost:4444/addons/test_updateid4_4.xpi -- -- -- --
    • --     --     --     -- -- -- -- --
  • -- -- 5.0 -- -- -- xpcshell@tests.mozilla.org -- 1 -- 1 -- http://localhost:4444/addons/test_updateid2_5.xpi -+ http://localhost:4444/addons/test_updateid2.xpi - - - -
    • -     -     -     - -diff --git a/toolkit/mozapps/extensions/test/xpcshell/test_updateid.js b/toolkit/mozapps/extensions/test/xpcshell/test_updateid.js ---- a/toolkit/mozapps/extensions/test/xpcshell/test_updateid.js -+++ b/toolkit/mozapps/extensions/test/xpcshell/test_updateid.js -@@ -2,421 +2,85 @@ - * http://creativecommons.org/publicdomain/zero/1.0/ - */ - - // This verifies that updating an add-on to a new ID works - - // The test extension uses an insecure update url. - Services.prefs.setBoolPref("extensions.checkUpdateSecurity", false); - --Components.utils.import("resource://testing-common/httpd.js"); --var testserver; - const profileDir = gProfD.clone(); - profileDir.append("extensions"); - --function resetPrefs() { -- Services.prefs.setIntPref("bootstraptest.active_version", -1); -- Services.prefs.setIntPref("bootstraptest.installed_version", -1); -- Services.prefs.setIntPref("bootstraptest.startup_reason", -1); -- Services.prefs.setIntPref("bootstraptest.shutdown_reason", -1); -- Services.prefs.setIntPref("bootstraptest.install_reason", -1); -- Services.prefs.setIntPref("bootstraptest.uninstall_reason", -1); --} -- --function getActiveVersion() { -- return Services.prefs.getIntPref("bootstraptest.active_version"); --} -- --function getInstalledVersion() { -- return Services.prefs.getIntPref("bootstraptest.installed_version"); --} -- --function run_test() { -- createAppInfo("xpcshell@tests.mozilla.org", "XPCShell", "1", "1.9.2"); -- -- // Create and configure the HTTP server. -- testserver = new HttpServer(); -- testserver.registerDirectory("/data/", do_get_file("data")); -- testserver.registerDirectory("/addons/", do_get_file("addons")); -- testserver.start(4444); -- -- do_test_pending(); -- run_test_1(); --} -- --function end_test() { -- testserver.stop(do_test_finished); --} -- --function installUpdate(aInstall, aCallback) { -- aInstall.addListener({ -- onInstallEnded: function(aInstall) { -- // give the startup time to run -- do_execute_soon(function() { -- aCallback(aInstall); -- }); -- } -- }); -- -- aInstall.install(); --} -- --// Verify that an update to an add-on with a new ID uninstalls the old add-on --function run_test_1() { -- writeInstallRDFForExtension({ -- id: "addon1@tests.mozilla.org", -- version: "1.0", -- updateURL: "http://localhost:4444/data/test_updateid.rdf", -- targetApplications: [{ -- id: "xpcshell@tests.mozilla.org", -- minVersion: "1", -- maxVersion: "1" -- }], -- name: "Test Addon 1", -- }, profileDir); -- -- startupManager(); -- -- AddonManager.getAddonByID("addon1@tests.mozilla.org", function(a1) { -- do_check_neq(a1, null); -- do_check_eq(a1.version, "1.0"); -+function promiseInstallUpdate(install) { -+ return new Promise((resolve, reject) => { -+ install.addListener({ -+ onDownloadFailed: () => { -+ let err = new Error("download error"); -+ err.code = install.error; -+ reject(err); -+ }, -+ onInstallFailed: () => { -+ let err = new Error("install error"); -+ err.code = install.error; -+ reject(err); -+ }, -+ onInstallEnded: resolve, -+ }); - -- a1.findUpdates({ -- onUpdateAvailable: function(addon, install) { -- do_check_eq(install.name, addon.name); -- do_check_eq(install.version, "2.0"); -- do_check_eq(install.state, AddonManager.STATE_AVAILABLE); -- do_check_eq(install.existingAddon, a1); -- -- installUpdate(install, check_test_1); -- } -- }, AddonManager.UPDATE_WHEN_USER_REQUESTED); -- }); --} -- --function check_test_1(install) { -- AddonManager.getAddonByID("addon1@tests.mozilla.org", callback_soon(function(a1) { -- // Existing add-on should have a pending upgrade -- do_check_neq(a1.pendingUpgrade, null); -- do_check_eq(a1.pendingUpgrade.id, "addon2@tests.mozilla.org"); -- do_check_eq(a1.pendingUpgrade.install.existingAddon, a1); -- do_check_neq(a1.syncGUID); -- -- let a1SyncGUID = a1.syncGUID; -- -- restartManager(); -- -- AddonManager.getAddonsByIDs(["addon1@tests.mozilla.org", -- "addon2@tests.mozilla.org"], function([a1, a2]) { -- // Should have uninstalled the old and installed the new -- do_check_eq(a1, null); -- do_check_neq(a2, null); -- do_check_neq(a2.syncGUID, null); -- -- // The Sync GUID should change when the ID changes -- do_check_neq(a1SyncGUID, a2.syncGUID); -- -- a2.uninstall(); -- -- do_execute_soon(run_test_2); -- }); -- })); --} -- --// Test that when the new add-on already exists we just upgrade that --function run_test_2() { -- restartManager(); -- shutdownManager(); -- -- writeInstallRDFForExtension({ -- id: "addon1@tests.mozilla.org", -- version: "1.0", -- updateURL: "http://localhost:4444/data/test_updateid.rdf", -- targetApplications: [{ -- id: "xpcshell@tests.mozilla.org", -- minVersion: "1", -- maxVersion: "1" -- }], -- name: "Test Addon 1", -- }, profileDir); -- writeInstallRDFForExtension({ -- id: "addon2@tests.mozilla.org", -- version: "1.0", -- targetApplications: [{ -- id: "xpcshell@tests.mozilla.org", -- minVersion: "1", -- maxVersion: "1" -- }], -- name: "Test Addon 2", -- }, profileDir); -- -- startupManager(); -- -- AddonManager.getAddonByID("addon1@tests.mozilla.org", function(a1) { -- do_check_neq(a1, null); -- do_check_eq(a1.version, "1.0"); -- -- a1.findUpdates({ -- onUpdateAvailable: function(addon, install) { -- installUpdate(install, check_test_2); -- } -- }, AddonManager.UPDATE_WHEN_USER_REQUESTED); -+ install.install(); - }); - } - --function check_test_2(install) { -- AddonManager.getAddonsByIDs(["addon1@tests.mozilla.org", -- "addon2@tests.mozilla.org"], -- callback_soon(function([a1, a2]) { -- do_check_eq(a1.pendingUpgrade, null); -- // Existing add-on should have a pending upgrade -- do_check_neq(a2.pendingUpgrade, null); -- do_check_eq(a2.pendingUpgrade.id, "addon2@tests.mozilla.org"); -- do_check_eq(a2.pendingUpgrade.install.existingAddon, a2); -- -- restartManager(); -- -- AddonManager.getAddonsByIDs(["addon1@tests.mozilla.org", -- "addon2@tests.mozilla.org"], function([a1, a2]) { -- // Should have uninstalled the old and installed the new -- do_check_neq(a1, null); -- do_check_neq(a2, null); -- -- a1.uninstall(); -- a2.uninstall(); -- -- do_execute_soon(run_test_3); -- }); -- })); --} -- --// Test that we rollback correctly when removing the old add-on fails --function run_test_3() { -- restartManager(); -- shutdownManager(); -- -- // This test only works on Windows -- if (!("nsIWindowsRegKey" in AM_Ci)) { -- run_test_4(); -- return; -- } -- -- writeInstallRDFForExtension({ -- id: "addon1@tests.mozilla.org", -- version: "1.0", -- updateURL: "http://localhost:4444/data/test_updateid.rdf", -- targetApplications: [{ -- id: "xpcshell@tests.mozilla.org", -- minVersion: "1", -- maxVersion: "1" -- }], -- name: "Test Addon 1", -- }, profileDir); -- -- startupManager(); -+// Create and configure the HTTP server. -+let testserver = createHttpServer(4444); -+testserver.registerDirectory("/data/", do_get_file("data")); -+testserver.registerDirectory("/addons/", do_get_file("addons")); - -- AddonManager.getAddonByID("addon1@tests.mozilla.org", function(a1) { -- do_check_neq(a1, null); -- do_check_eq(a1.version, "1.0"); -- -- a1.findUpdates({ -- onUpdateAvailable: function(addon, install) { -- installUpdate(install, check_test_3); -- } -- }, AddonManager.UPDATE_WHEN_USER_REQUESTED); -- }); --} -- --function check_test_3(install) { -- AddonManager.getAddonByID("addon1@tests.mozilla.org", callback_soon(function(a1) { -- // Existing add-on should have a pending upgrade -- do_check_neq(a1.pendingUpgrade, null); -- do_check_eq(a1.pendingUpgrade.id, "addon2@tests.mozilla.org"); -- do_check_eq(a1.pendingUpgrade.install.existingAddon, a1); -- -- // Lock the old add-on open so it can't be uninstalled -- var file = profileDir.clone(); -- file.append("addon1@tests.mozilla.org"); -- if (!file.exists()) -- file.leafName += ".xpi"; -- else -- file.append("install.rdf"); -- -- var fstream = AM_Cc["@mozilla.org/network/file-output-stream;1"]. -- createInstance(AM_Ci.nsIFileOutputStream); -- fstream.init(file, FileUtils.MODE_APPEND | FileUtils.MODE_WRONLY, FileUtils.PERMS_FILE, 0); -- -- restartManager(); -- -- fstream.close(); -- -- AddonManager.getAddonsByIDs(["addon1@tests.mozilla.org", -- "addon2@tests.mozilla.org"], -- callback_soon(function([a1, a2]) { -- // Should not have installed the new add-on but it should still be -- // pending install -- do_check_neq(a1, null); -- do_check_eq(a2, null); -- -- restartManager(); -- -- AddonManager.getAddonsByIDs(["addon1@tests.mozilla.org", -- "addon2@tests.mozilla.org"], function([a1, a2]) { -- // Should have installed the new add-on -- do_check_eq(a1, null); -- do_check_neq(a2, null); -- -- a2.uninstall(); -- -- do_execute_soon(run_test_4); -- }); -- })); -- })); -+function run_test() { -+ createAppInfo("xpcshell@tests.mozilla.org", "XPCShell", "1", "1.9.2"); -+ startupManager(); -+ run_next_test(); - } - --// Tests that upgrading to a bootstrapped add-on works but requires a restart --function run_test_4() { -- restartManager(); -- shutdownManager(); -- -- writeInstallRDFForExtension({ -- id: "addon2@tests.mozilla.org", -- version: "2.0", -- updateURL: "http://localhost:4444/data/test_updateid.rdf", -- targetApplications: [{ -- id: "xpcshell@tests.mozilla.org", -- minVersion: "1", -- maxVersion: "1" -- }], -- name: "Test Addon 2", -- }, profileDir); -- -- startupManager(); -- -- resetPrefs(); -- -- AddonManager.getAddonByID("addon2@tests.mozilla.org", function(a2) { -- do_check_neq(a2, null); -- do_check_neq(a2.syncGUID, null); -- do_check_eq(a2.version, "2.0"); -- -- a2.findUpdates({ -- onUpdateAvailable: function(addon, install) { -- installUpdate(install, check_test_4); -- } -- }, AddonManager.UPDATE_WHEN_USER_REQUESTED); -- }); --} -- --function check_test_4() { -- AddonManager.getAddonsByIDs(["addon2@tests.mozilla.org", -- "addon3@tests.mozilla.org"], -- callback_soon(function([a2, a3]) { -- // Should still be pending install even though the new add-on is restartless -- do_check_neq(a2, null); -- do_check_eq(a3, null); -- -- do_check_neq(a2.pendingUpgrade, null); -- do_check_eq(a2.pendingUpgrade.id, "addon3@tests.mozilla.org"); -- -- do_check_eq(getInstalledVersion(), -1); -- do_check_eq(getActiveVersion(), -1); -- -- restartManager(); -- -- AddonManager.getAddonsByIDs(["addon2@tests.mozilla.org", -- "addon3@tests.mozilla.org"], function([a2, a3]) { -- // Should have updated -- do_check_eq(a2, null); -- do_check_neq(a3, null); -- -- do_check_eq(getInstalledVersion(), 3); -- do_check_eq(getActiveVersion(), 3); -- -- do_execute_soon(run_test_5); -- }); -- })); --} -- --// Tests that upgrading to another bootstrapped add-on works without a restart --function run_test_5() { -- AddonManager.getAddonByID("addon3@tests.mozilla.org", function(a3) { -- do_check_neq(a3, null); -- do_check_eq(a3.version, "3.0"); -+// Verify that an update to an add-on with a new ID fails -+add_task(function* test_update_new_id() { -+ yield promiseInstallAllFiles([do_get_addon("test_updateid1")]); - -- a3.findUpdates({ -- onUpdateAvailable: function(addon, install) { -- installUpdate(install, check_test_5); -- } -- }, AddonManager.UPDATE_WHEN_USER_REQUESTED); -- }); --} -- --function check_test_5() { -- AddonManager.getAddonsByIDs(["addon3@tests.mozilla.org", -- "addon4@tests.mozilla.org"], -- callback_soon(function([a3, a4]) { -- // Should have updated -- do_check_eq(a3, null); -- do_check_neq(a4, null); -- -- do_check_eq(getInstalledVersion(), 4); -- do_check_eq(getActiveVersion(), 4); -- -- restartManager(); -- -- AddonManager.getAddonsByIDs(["addon3@tests.mozilla.org", -- "addon4@tests.mozilla.org"], function([a3, a4]) { -- // Should still be gone -- do_check_eq(a3, null); -- do_check_neq(a4, null); -- -- do_check_eq(getInstalledVersion(), 4); -- do_check_eq(getActiveVersion(), 4); -- -- run_test_6(); -- }); -- })); --} -+ let addon = yield promiseAddonByID("addon1@tests.mozilla.org"); -+ do_check_neq(addon, null); -+ do_check_eq(addon.version, "1.0"); - --// Tests that upgrading to a non-bootstrapped add-on works but requires a restart --function run_test_6() { -- AddonManager.getAddonByID("addon4@tests.mozilla.org", function(a4) { -- do_check_neq(a4, null); -- do_check_eq(a4.version, "4.0"); -- -- a4.findUpdates({ -- onUpdateAvailable: function(addon, install) { -- installUpdate(install, check_test_6); -- } -- }, AddonManager.UPDATE_WHEN_USER_REQUESTED); -- }); --} -+ let update = yield promiseFindAddonUpdates(addon, AddonManager.UPDATE_WHEN_USER_REQUESTED); -+ let install = update.updateAvailable; -+ do_check_eq(install.name, addon.name); -+ do_check_eq(install.version, "2.0"); -+ do_check_eq(install.state, AddonManager.STATE_AVAILABLE); -+ do_check_eq(install.existingAddon, addon); - --function check_test_6() { -- AddonManager.getAddonsByIDs(["addon4@tests.mozilla.org", -- "addon2@tests.mozilla.org"], -- callback_soon(function([a4, a2]) { -- // Should still be pending install even though the old add-on is restartless -- do_check_neq(a4, null); -- do_check_eq(a2, null); -- -- do_check_neq(a4.pendingUpgrade, null); -- do_check_eq(a4.pendingUpgrade.id, "addon2@tests.mozilla.org"); -- -- do_check_eq(getInstalledVersion(), 4); -- do_check_eq(getActiveVersion(), 4); -+ yield Assert.rejects(promiseInstallUpdate(install), -+ function(err) { return err.code == AddonManager.ERROR_INCORRECT_ID }, -+ "Upgrade to a different ID fails"); - -- restartManager(); -+ addon.uninstall(); -+}); - -- AddonManager.getAddonsByIDs(["addon4@tests.mozilla.org", -- "addon2@tests.mozilla.org"], function([a4, a2]) { -- // Should have updated -- do_check_eq(a4, null); -- do_check_neq(a2, null); -+// Verify that an update to a multi-package xpi fails -+add_task(function* test_update_new_id() { -+ yield promiseInstallAllFiles([do_get_addon("test_update_multi1")]); - -- do_check_eq(getInstalledVersion(), 0); -- do_check_eq(getActiveVersion(), 0); -+ let addon = yield promiseAddonByID("updatemulti@tests.mozilla.org"); -+ do_check_neq(addon, null); -+ do_check_eq(addon.version, "1.0"); - -- end_test(); -- }); -- })); --} -+ let update = yield promiseFindAddonUpdates(addon, AddonManager.UPDATE_WHEN_USER_REQUESTED); -+ let install = update.updateAvailable; -+ do_check_eq(install.name, addon.name); -+ do_check_eq(install.version, "2.0"); -+ do_check_eq(install.state, AddonManager.STATE_AVAILABLE); -+ do_check_eq(install.existingAddon, addon); -+ -+ yield Assert.rejects(promiseInstallUpdate(install), -+ function(err) { return err.code == AddonManager.ERROR_UNEXPECTED_ADDON_TYPE }, -+ "Upgrade to a multipackage xpi fails"); -+ -+ addon.uninstall(); -+}); - -- cgit v1.2.3 From 76bbce6af2baed0c2fa7dddd43ecc2ffe6482c41 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sat, 3 Dec 2016 21:39:55 +0100 Subject: gnu: mupdf: Update to 1.10a. * gnu/packages/patches/mupdf-CVE-2016-6265.patch: Delete file. * gnu/packages/patches/mupdf-CVE-2016-6525.patch: Likewise. * gnu/packages/patches/mupdf-CVE-2016-7504.patch: Likewise. * gnu/packages/patches/mupdf-CVE-2016-7505.patch: Likewise. * gnu/packages/patches/mupdf-CVE-2016-7506.patch: Likewise. * gnu/packages/patches/mupdf-CVE-2016-7563.patch: Likewise. * gnu/packages/patches/mupdf-CVE-2016-7564.patch: Likewise. * gnu/packages/patches/mupdf-CVE-2016-8674.patch: Likewise. * gnu/packages/patches/mupdf-CVE-2016-9017.patch: Likewise. * gnu/packages/patches/mupdf-CVE-2016-9136.patch: Likewise. * gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch: Adjust to 1.10a. * gnu/local.mk (dist_patch_DATA): Remove deleted patches. * gnu/packages/pdf.scm (mupdf): Update to 1.10a. [source]: Remove patches. --- gnu/local.mk | 10 -- gnu/packages/patches/mupdf-CVE-2016-6265.patch | 30 ---- gnu/packages/patches/mupdf-CVE-2016-6525.patch | 21 --- gnu/packages/patches/mupdf-CVE-2016-7504.patch | 99 ------------- gnu/packages/patches/mupdf-CVE-2016-7505.patch | 32 ---- gnu/packages/patches/mupdf-CVE-2016-7506.patch | 42 ------ gnu/packages/patches/mupdf-CVE-2016-7563.patch | 37 ----- gnu/packages/patches/mupdf-CVE-2016-7564.patch | 34 ----- gnu/packages/patches/mupdf-CVE-2016-8674.patch | 165 --------------------- gnu/packages/patches/mupdf-CVE-2016-9017.patch | 46 ------ gnu/packages/patches/mupdf-CVE-2016-9136.patch | 32 ---- .../patches/mupdf-build-with-openjpeg-2.1.patch | 9 -- gnu/packages/pdf.scm | 16 +- 13 files changed, 3 insertions(+), 570 deletions(-) delete mode 100644 gnu/packages/patches/mupdf-CVE-2016-6265.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2016-6525.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2016-7504.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2016-7505.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2016-7506.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2016-7563.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2016-7564.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2016-8674.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2016-9017.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2016-9136.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index c635a4792c..30f7b59f12 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -719,16 +719,6 @@ dist_patch_DATA = \ %D%/packages/patches/module-init-tools-moduledir.patch \ %D%/packages/patches/mumps-build-parallelism.patch \ %D%/packages/patches/mupdf-build-with-openjpeg-2.1.patch \ - %D%/packages/patches/mupdf-CVE-2016-6265.patch \ - %D%/packages/patches/mupdf-CVE-2016-6525.patch \ - %D%/packages/patches/mupdf-CVE-2016-7504.patch \ - %D%/packages/patches/mupdf-CVE-2016-7505.patch \ - %D%/packages/patches/mupdf-CVE-2016-7506.patch \ - %D%/packages/patches/mupdf-CVE-2016-7563.patch \ - %D%/packages/patches/mupdf-CVE-2016-7564.patch \ - %D%/packages/patches/mupdf-CVE-2016-8674.patch \ - %D%/packages/patches/mupdf-CVE-2016-9017.patch \ - %D%/packages/patches/mupdf-CVE-2016-9136.patch \ %D%/packages/patches/mupen64plus-ui-console-notice.patch \ %D%/packages/patches/musl-CVE-2016-8859.patch \ %D%/packages/patches/mutt-store-references.patch \ diff --git a/gnu/packages/patches/mupdf-CVE-2016-6265.patch b/gnu/packages/patches/mupdf-CVE-2016-6265.patch deleted file mode 100644 index 58f5c3726c..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-6265.patch +++ /dev/null @@ -1,30 +0,0 @@ -Fix CVE-2016-6265 (use after free in pdf_load_xref()). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6265 -https://security-tracker.debian.org/tracker/CVE-2016-6265 - -Patch copied from upstream source repository: - -http://git.ghostscript.com/?p=mupdf.git;h=fa1936405b6a84e5c9bb440912c23d532772f958 - -diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c -index 576c315..3222599 100644 ---- a/source/pdf/pdf-xref.c -+++ b/source/pdf/pdf-xref.c -@@ -1184,8 +1184,14 @@ pdf_load_xref(fz_context *ctx, pdf_document *doc, pdf_lexbuf *buf) - fz_throw(ctx, FZ_ERROR_GENERIC, "object offset out of range: %d (%d 0 R)", (int)entry->ofs, i); - } - if (entry->type == 'o') -- if (entry->ofs <= 0 || entry->ofs >= xref_len || pdf_get_xref_entry(ctx, doc, entry->ofs)->type != 'n') -- fz_throw(ctx, FZ_ERROR_GENERIC, "invalid reference to an objstm that does not exist: %d (%d 0 R)", (int)entry->ofs, i); -+ { -+ /* Read this into a local variable here, because pdf_get_xref_entry -+ * may solidify the xref, hence invalidating "entry", meaning we -+ * need a stashed value for the throw. */ -+ fz_off_t ofs = entry->ofs; -+ if (ofs <= 0 || ofs >= xref_len || pdf_get_xref_entry(ctx, doc, ofs)->type != 'n') -+ fz_throw(ctx, FZ_ERROR_GENERIC, "invalid reference to an objstm that does not exist: %d (%d 0 R)", (int)ofs, i); -+ } - } - } - diff --git a/gnu/packages/patches/mupdf-CVE-2016-6525.patch b/gnu/packages/patches/mupdf-CVE-2016-6525.patch deleted file mode 100644 index 370af5ade6..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-6525.patch +++ /dev/null @@ -1,21 +0,0 @@ -Fix CVE-2016-6525 (heap overflow in pdf_load_mesh_params()). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6525 -https://security-tracker.debian.org/tracker/CVE-2016-6525 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e - -diff --git a/source/pdf/pdf-shade.c b/source/pdf/pdf-shade.c -index 7815b3c..6e25efa 100644 ---- a/source/pdf/pdf-shade.c -+++ b/source/pdf/pdf-shade.c -@@ -206,7 +206,7 @@ pdf_load_mesh_params(fz_context *ctx, pdf_document *doc, fz_shade *shade, pdf_ob - obj = pdf_dict_get(ctx, dict, PDF_NAME_Decode); - if (pdf_array_len(ctx, obj) >= 6) - { -- n = (pdf_array_len(ctx, obj) - 4) / 2; -+ n = fz_mini(FZ_MAX_COLORS, (pdf_array_len(ctx, obj) - 4) / 2); - shade->u.m.x0 = pdf_to_real(ctx, pdf_array_get(ctx, obj, 0)); - shade->u.m.x1 = pdf_to_real(ctx, pdf_array_get(ctx, obj, 1)); - shade->u.m.y0 = pdf_to_real(ctx, pdf_array_get(ctx, obj, 2)); diff --git a/gnu/packages/patches/mupdf-CVE-2016-7504.patch b/gnu/packages/patches/mupdf-CVE-2016-7504.patch deleted file mode 100644 index 4bbb4411c0..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-7504.patch +++ /dev/null @@ -1,99 +0,0 @@ -Fix CVE-2016-7504: -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7504 -http://bugs.ghostscript.com/show_bug.cgi?id=697142 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=5c337af4b3df80cf967e4f9f6a21522de84b392a - -From 5c337af4b3df80cf967e4f9f6a21522de84b392a Mon Sep 17 00:00:00 2001 -From: Tor Andersson -Date: Wed, 21 Sep 2016 16:01:08 +0200 -Subject: [PATCH] Fix bug 697142: Stale string pointer stored in regexp object. - -Make sure to make a copy of the source pattern string. -A case we missed when adding short and memory strings to the runtime. -The code assumed all strings passed to it were either literal or interned. ---- - jsgc.c | 4 +++- - jsi.h | 1 + - jsregexp.c | 2 +- - jsrun.c | 8 ++++++++ - jsvalue.h | 2 +- - 5 files changed, 14 insertions(+), 3 deletions(-) - -diff --git a/jsgc.c b/jsgc.c -index 9bd6482..4f7e7dc 100644 ---- a/thirdparty/mujs/jsgc.c -+++ b/thirdparty/mujs/jsgc.c -@@ -44,8 +44,10 @@ static void jsG_freeobject(js_State *J, js_Object *obj) - { - if (obj->head) - jsG_freeproperty(J, obj->head); -- if (obj->type == JS_CREGEXP) -+ if (obj->type == JS_CREGEXP) { -+ js_free(J, obj->u.r.source); - js_regfree(obj->u.r.prog); -+ } - if (obj->type == JS_CITERATOR) - jsG_freeiterator(J, obj->u.iter.head); - if (obj->type == JS_CUSERDATA && obj->u.user.finalize) -diff --git a/jsi.h b/jsi.h -index 7d9f7c7..e855045 100644 ---- a/thirdparty/mujs/jsi.h -+++ b/thirdparty/mujs/jsi.h -@@ -79,6 +79,7 @@ typedef unsigned short js_Instruction; - - /* String interning */ - -+char *js_strdup(js_State *J, const char *s); - const char *js_intern(js_State *J, const char *s); - void jsS_dumpstrings(js_State *J); - void jsS_freestrings(js_State *J); -diff --git a/jsregexp.c b/jsregexp.c -index 2a056b7..a2d5156 100644 ---- a/thirdparty/mujs/jsregexp.c -+++ b/thirdparty/mujs/jsregexp.c -@@ -21,7 +21,7 @@ void js_newregexp(js_State *J, const char *pattern, int flags) - js_syntaxerror(J, "regular expression: %s", error); - - obj->u.r.prog = prog; -- obj->u.r.source = pattern; -+ obj->u.r.source = js_strdup(J, pattern); - obj->u.r.flags = flags; - obj->u.r.last = 0; - js_pushobject(J, obj); -diff --git a/jsrun.c b/jsrun.c -index 2648c4c..ee80845 100644 ---- a/thirdparty/mujs/jsrun.c -+++ b/thirdparty/mujs/jsrun.c -@@ -45,6 +45,14 @@ void *js_realloc(js_State *J, void *ptr, int size) - return ptr; - } - -+char *js_strdup(js_State *J, const char *s) -+{ -+ int n = strlen(s) + 1; -+ char *p = js_malloc(J, n); -+ memcpy(p, s, n); -+ return p; -+} -+ - void js_free(js_State *J, void *ptr) - { - J->alloc(J->actx, ptr, 0); -diff --git a/jsvalue.h b/jsvalue.h -index 6cfbd89..8fb5016 100644 ---- a/thirdparty/mujs/jsvalue.h -+++ b/thirdparty/mujs/jsvalue.h -@@ -71,7 +71,7 @@ struct js_String - struct js_Regexp - { - void *prog; -- const char *source; -+ char *source; - unsigned short flags; - unsigned short last; - }; --- -2.10.2 - diff --git a/gnu/packages/patches/mupdf-CVE-2016-7505.patch b/gnu/packages/patches/mupdf-CVE-2016-7505.patch deleted file mode 100644 index 15e4f374d6..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-7505.patch +++ /dev/null @@ -1,32 +0,0 @@ -Fix CVE-2016-7505: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7505 -http://bugs.ghostscript.com/show_bug.cgi?id=697140 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=8c805b4eb19cf2af689c860b77e6111d2ee439d5 - -From 8c805b4eb19cf2af689c860b77e6111d2ee439d5 Mon Sep 17 00:00:00 2001 -From: Tor Andersson -Date: Wed, 21 Sep 2016 15:21:04 +0200 -Subject: [PATCH] Fix bug 697140: Overflow check in ascii division in strtod. - ---- - jsdtoa.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/jsdtoa.c b/jsdtoa.c -index 2e52368..920c1a7 100644 ---- a/thirdparty/mujs/jsdtoa.c -+++ b/thirdparty/mujs/jsdtoa.c -@@ -735,6 +735,7 @@ xx: - n -= c<= Ndig) break; /* abort if overflowing */ - } - *p = 0; - } --- -2.10.2 - diff --git a/gnu/packages/patches/mupdf-CVE-2016-7506.patch b/gnu/packages/patches/mupdf-CVE-2016-7506.patch deleted file mode 100644 index 733249acaa..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-7506.patch +++ /dev/null @@ -1,42 +0,0 @@ -Fix CVE-2016-7506: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7506 -http://bugs.ghostscript.com/show_bug.cgi?id=697141 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=5000749f5afe3b956fc916e407309de840997f4a - -From 5000749f5afe3b956fc916e407309de840997f4a Mon Sep 17 00:00:00 2001 -From: Tor Andersson -Date: Wed, 21 Sep 2016 16:02:11 +0200 -Subject: [PATCH] Fix bug 697141: buffer overrun in regexp string substitution. - -A '$' escape at the end of the string would read past the zero terminator -when looking for the escaped character. ---- - jsstring.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/jsstring.c b/jsstring.c -index 66f6a89..0209a8e 100644 ---- a/thirdparty/mujs/jsstring.c -+++ b/thirdparty/mujs/jsstring.c -@@ -421,6 +421,7 @@ loop: - while (*r) { - if (*r == '$') { - switch (*(++r)) { -+ case 0: --r; /* end of string; back up and fall through */ - case '$': js_putc(J, &sb, '$'); break; - case '`': js_putm(J, &sb, source, s); break; - case '\'': js_puts(J, &sb, s + n); break; -@@ -516,6 +517,7 @@ static void Sp_replace_string(js_State *J) - while (*r) { - if (*r == '$') { - switch (*(++r)) { -+ case 0: --r; /* end of string; back up and fall through */ - case '$': js_putc(J, &sb, '$'); break; - case '&': js_putm(J, &sb, s, s + n); break; - case '`': js_putm(J, &sb, source, s); break; --- -2.10.2 - diff --git a/gnu/packages/patches/mupdf-CVE-2016-7563.patch b/gnu/packages/patches/mupdf-CVE-2016-7563.patch deleted file mode 100644 index 288c9ab2df..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-7563.patch +++ /dev/null @@ -1,37 +0,0 @@ -Fix CVE-2016-7563: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7563 -http://bugs.ghostscript.com/show_bug.cgi?id=697136 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=f8234d830e17fc5e8fe09eb76d86dad3f6233c59 - -From f8234d830e17fc5e8fe09eb76d86dad3f6233c59 Mon Sep 17 00:00:00 2001 -From: Tor Andersson -Date: Tue, 20 Sep 2016 17:11:32 +0200 -Subject: [PATCH] Fix bug 697136. - -We were unconditionally reading the next character if we encountered -a '*' in a multi-line comment; possibly reading past the end of -the input. ---- - jslex.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/jslex.c b/jslex.c -index 7b80800..cbd0eeb 100644 ---- a/thirdparty/mujs/jslex.c -+++ b/thirdparty/mujs/jslex.c -@@ -225,7 +225,8 @@ static int lexcomment(js_State *J) - if (jsY_accept(J, '/')) - return 0; - } -- jsY_next(J); -+ else -+ jsY_next(J); - } - return -1; - } --- -2.10.2 - diff --git a/gnu/packages/patches/mupdf-CVE-2016-7564.patch b/gnu/packages/patches/mupdf-CVE-2016-7564.patch deleted file mode 100644 index c2ce33d1df..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-7564.patch +++ /dev/null @@ -1,34 +0,0 @@ -Fix CVE-2016-7564: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7564 -http://bugs.ghostscript.com/show_bug.cgi?id=697137 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=a3a4fe840b80706c706e86160352af5936f292d8 - -From a3a4fe840b80706c706e86160352af5936f292d8 Mon Sep 17 00:00:00 2001 -From: Tor Andersson -Date: Tue, 20 Sep 2016 17:19:06 +0200 -Subject: [PATCH] Fix bug 697137: off by one in string length calculation. - -We were not allocating space for the terminating zero byte. ---- - jsfunction.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/jsfunction.c b/jsfunction.c -index 8b5b18e..28f7aa7 100644 ---- a/thirdparty/mujs/jsfunction.c -+++ b/thirdparty/mujs/jsfunction.c -@@ -61,7 +61,7 @@ static void Fp_toString(js_State *J) - n += strlen(F->name); - for (i = 0; i < F->numparams; ++i) - n += strlen(F->vartab[i]) + 1; -- s = js_malloc(J, n); -+ s = js_malloc(J, n + 1); - strcpy(s, "function "); - strcat(s, F->name); - strcat(s, "("); --- -2.10.2 - diff --git a/gnu/packages/patches/mupdf-CVE-2016-8674.patch b/gnu/packages/patches/mupdf-CVE-2016-8674.patch deleted file mode 100644 index 2a35619761..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-8674.patch +++ /dev/null @@ -1,165 +0,0 @@ -Fix CVE-2016-8674 (use-after-free in pdf_to_num()). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8674 -https://security-tracker.debian.org/tracker/CVE-2016-8674 - -Patch adapted from upstream source repository: -http://git.ghostscript.com/?p=mupdf.git;h=1e03c06456d997435019fb3526fa2d4be7dbc6ec - -diff --git a/include/mupdf/pdf/document.h b/include/mupdf/pdf/document.h -index f8ef0cd..e8345b7 100644 ---- a/include/mupdf/pdf/document.h -+++ b/include/mupdf/pdf/document.h -@@ -258,6 +258,10 @@ struct pdf_document_s - fz_font **type3_fonts; - - pdf_resource_tables *resources; -+ -+ int orphans_max; -+ int orphans_count; -+ pdf_obj **orphans; - }; - - /* -diff --git a/include/mupdf/pdf/object.h b/include/mupdf/pdf/object.h -index 346a2f1..02d4119 100644 ---- a/include/mupdf/pdf/object.h -+++ b/include/mupdf/pdf/object.h -@@ -109,6 +109,7 @@ pdf_obj *pdf_dict_gets(fz_context *ctx, pdf_obj *dict, const char *key); - pdf_obj *pdf_dict_getsa(fz_context *ctx, pdf_obj *dict, const char *key, const char *abbrev); - void pdf_dict_put(fz_context *ctx, pdf_obj *dict, pdf_obj *key, pdf_obj *val); - void pdf_dict_put_drop(fz_context *ctx, pdf_obj *dict, pdf_obj *key, pdf_obj *val); -+void pdf_dict_get_put_drop(fz_context *ctx, pdf_obj *dict, pdf_obj *key, pdf_obj *val, pdf_obj **old_val); - void pdf_dict_puts(fz_context *ctx, pdf_obj *dict, const char *key, pdf_obj *val); - void pdf_dict_puts_drop(fz_context *ctx, pdf_obj *dict, const char *key, pdf_obj *val); - void pdf_dict_putp(fz_context *ctx, pdf_obj *dict, const char *path, pdf_obj *val); -diff --git a/source/pdf/pdf-object.c b/source/pdf/pdf-object.c -index f2e4551..a0d0d8e 100644 ---- a/source/pdf/pdf-object.c -+++ b/source/pdf/pdf-object.c -@@ -1240,9 +1240,13 @@ pdf_dict_geta(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *abbrev) - return pdf_dict_get(ctx, obj, abbrev); - } - --void --pdf_dict_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val) -+static void -+pdf_dict_get_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val, pdf_obj **old_val) - { -+ -+ if (old_val) -+ *old_val = NULL; -+ - RESOLVE(obj); - if (obj >= PDF_OBJ__LIMIT) - { -@@ -1282,7 +1286,10 @@ pdf_dict_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val) - { - pdf_obj *d = DICT(obj)->items[i].v; - DICT(obj)->items[i].v = pdf_keep_obj(ctx, val); -- pdf_drop_obj(ctx, d); -+ if (old_val) -+ *old_val = d; -+ else -+ pdf_drop_obj(ctx, d); - } - } - else -@@ -1305,10 +1312,27 @@ pdf_dict_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val) - } - - void -+pdf_dict_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val) -+{ -+ pdf_dict_get_put(ctx, obj, key, val, NULL); -+} -+ -+void - pdf_dict_put_drop(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val) - { - fz_try(ctx) -- pdf_dict_put(ctx, obj, key, val); -+ pdf_dict_get_put(ctx, obj, key, val, NULL); -+ fz_always(ctx) -+ pdf_drop_obj(ctx, val); -+ fz_catch(ctx) -+ fz_rethrow(ctx); -+} -+ -+void -+pdf_dict_get_put_drop(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val, pdf_obj **old_val) -+{ -+ fz_try(ctx) -+ pdf_dict_get_put(ctx, obj, key, val, old_val); - fz_always(ctx) - pdf_drop_obj(ctx, val); - fz_catch(ctx) -diff --git a/source/pdf/pdf-repair.c b/source/pdf/pdf-repair.c -index fdd4648..212c8b7 100644 ---- a/source/pdf/pdf-repair.c -+++ b/source/pdf/pdf-repair.c -@@ -259,6 +259,27 @@ pdf_repair_obj_stm(fz_context *ctx, pdf_document *doc, int num, int gen) - } - } - -+static void -+orphan_object(fz_context *ctx, pdf_document *doc, pdf_obj *obj) -+{ -+ if (doc->orphans_count == doc->orphans_max) -+ { -+ int new_max = (doc->orphans_max ? doc->orphans_max*2 : 32); -+ -+ fz_try(ctx) -+ { -+ doc->orphans = fz_resize_array(ctx, doc->orphans, new_max, sizeof(*doc->orphans)); -+ doc->orphans_max = new_max; -+ } -+ fz_catch(ctx) -+ { -+ pdf_drop_obj(ctx, obj); -+ fz_rethrow(ctx); -+ } -+ } -+ doc->orphans[doc->orphans_count++] = obj; -+} -+ - void - pdf_repair_xref(fz_context *ctx, pdf_document *doc) - { -@@ -520,12 +541,13 @@ pdf_repair_xref(fz_context *ctx, pdf_document *doc) - /* correct stream length for unencrypted documents */ - if (!encrypt && list[i].stm_len >= 0) - { -+ pdf_obj *old_obj = NULL; - dict = pdf_load_object(ctx, doc, list[i].num, list[i].gen); - - length = pdf_new_int(ctx, doc, list[i].stm_len); -- pdf_dict_put(ctx, dict, PDF_NAME_Length, length); -- pdf_drop_obj(ctx, length); -- -+ pdf_dict_get_put_drop(ctx, dict, PDF_NAME_Length, length, &old_obj); -+ if (old_obj) -+ orphan_object(ctx, doc, old_obj); - pdf_drop_obj(ctx, dict); - } - } -diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c -index 3de1cd2..6682741 100644 ---- a/source/pdf/pdf-xref.c -+++ b/source/pdf/pdf-xref.c -@@ -1626,6 +1626,12 @@ pdf_close_document(fz_context *ctx, pdf_document *doc) - - pdf_drop_resource_tables(ctx, doc); - -+ for (i = 0; i < doc->orphans_count; i++) -+ { -+ pdf_drop_obj(ctx, doc->orphans[i]); -+ } -+ fz_free(ctx, doc->orphans); -+ - fz_free(ctx, doc); - } - --- -2.10.1 - diff --git a/gnu/packages/patches/mupdf-CVE-2016-9017.patch b/gnu/packages/patches/mupdf-CVE-2016-9017.patch deleted file mode 100644 index 1e2b7c3258..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-9017.patch +++ /dev/null @@ -1,46 +0,0 @@ -Fix CVE-2016-9017: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9107 -http://bugs.ghostscript.com/show_bug.cgi?id=697171 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=a5c747f1d40e8d6659a37a8d25f13fb5acf8e767 - -From a5c747f1d40e8d6659a37a8d25f13fb5acf8e767 Mon Sep 17 00:00:00 2001 -From: Tor Andersson -Date: Tue, 25 Oct 2016 14:08:27 +0200 -Subject: [PATCH] Fix 697171: missed an operand in the bytecode debugger dump. - ---- - jscompile.h | 2 +- - jsdump.c | 1 + - 2 files changed, 2 insertions(+), 1 deletion(-) - -diff --git a/jscompile.h b/jscompile.h -index 802cc9e..3054d13 100644 ---- a/thirdparty/mujs/jscompile.h -+++ b/thirdparty/mujs/jscompile.h -@@ -21,7 +21,7 @@ enum js_OpCode - - OP_NEWARRAY, - OP_NEWOBJECT, -- OP_NEWREGEXP, -+ OP_NEWREGEXP, /* -S,opts- */ - - OP_UNDEF, - OP_NULL, -diff --git a/jsdump.c b/jsdump.c -index 1c51c29..37ad88c 100644 ---- a/thirdparty/mujs/jsdump.c -+++ b/thirdparty/mujs/jsdump.c -@@ -750,6 +750,7 @@ void jsC_dumpfunction(js_State *J, js_Function *F) - case OP_INITVAR: - case OP_DEFVAR: - case OP_GETVAR: -+ case OP_HASVAR: - case OP_SETVAR: - case OP_DELVAR: - case OP_GETPROP_S: --- -2.10.2 - diff --git a/gnu/packages/patches/mupdf-CVE-2016-9136.patch b/gnu/packages/patches/mupdf-CVE-2016-9136.patch deleted file mode 100644 index 1f68839a52..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-9136.patch +++ /dev/null @@ -1,32 +0,0 @@ -Fix CVE-2016-9136: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9136 -http://bugs.ghostscript.com/show_bug.cgi?id=697244 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=a0ceaf5050faf419401fe1b83acfa950ec8a8a89 -From a0ceaf5050faf419401fe1b83acfa950ec8a8a89 Mon Sep 17 00:00:00 2001 -From: Tor Andersson -Date: Mon, 31 Oct 2016 13:05:37 +0100 -Subject: [PATCH] Fix 697244: Check for incomplete escape sequence at end of - input. - ---- - jslex.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/jslex.c b/jslex.c -index cbd0eeb..aaafdac 100644 ---- a/thirdparty/mujs/jslex.c -+++ b/thirdparty/mujs/jslex.c -@@ -377,6 +377,7 @@ static int lexescape(js_State *J) - return 0; - - switch (J->lexchar) { -+ case 0: jsY_error(J, "unterminated escape sequence"); - case 'u': - jsY_next(J); - if (!jsY_ishex(J->lexchar)) return 1; else { x |= jsY_tohex(J->lexchar) << 12; jsY_next(J); } --- -2.10.2 - diff --git a/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch b/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch index cd8136b701..d97c1cb348 100644 --- a/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch +++ b/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch @@ -27,12 +27,3 @@ index 6b92e5c..72dea50 100644 #include static void fz_opj_error_callback(const char *msg, void *client_data) -@@ -117,7 +109,7 @@ fz_load_jpx(fz_context *ctx, unsigned char *data, int size, fz_colorspace *defcs - opj_stream_set_read_function(stream, fz_opj_stream_read); - opj_stream_set_skip_function(stream, fz_opj_stream_skip); - opj_stream_set_seek_function(stream, fz_opj_stream_seek); -- opj_stream_set_user_data(stream, &sb); -+ opj_stream_set_user_data(stream, &sb, NULL); - /* Set the length to avoid an assert */ - opj_stream_set_user_data_length(stream, size); - diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index d491642e49..3f329c5426 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -479,7 +479,7 @@ extracting content or merging files.") (define-public mupdf (package (name "mupdf") - (version "1.9a") + (version "1.10a") (source (origin (method url-fetch) @@ -487,18 +487,8 @@ extracting content or merging files.") name "-" version "-source.tar.gz")) (sha256 (base32 - "1k64pdapyj8a336jw3j61fhn0rp4q6az7d0dqp9r5n3d9rgwa5c0")) - (patches (search-patches "mupdf-build-with-openjpeg-2.1.patch" - "mupdf-CVE-2016-6265.patch" - "mupdf-CVE-2016-6525.patch" - "mupdf-CVE-2016-7504.patch" - "mupdf-CVE-2016-7505.patch" - "mupdf-CVE-2016-7506.patch" - "mupdf-CVE-2016-7563.patch" - "mupdf-CVE-2016-7564.patch" - "mupdf-CVE-2016-8674.patch" - "mupdf-CVE-2016-9017.patch" - "mupdf-CVE-2016-9136.patch")) + "0dm8wcs8i29aibzkqkrn8kcnk4q0kd1v66pg48h5c3qqp4v1zk5a")) + (patches (search-patches "mupdf-build-with-openjpeg-2.1.patch")) (modules '((guix build utils))) (snippet ;; Delete all the bundled libraries except for mujs, which is -- cgit v1.2.3 From 5a66e25ce631802b4a3fcc16fca20ae67e77c34e Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Sun, 4 Dec 2016 20:51:58 +0100 Subject: gnu: Add seq24. * gnu/packages/music.scm (seq24): New variable. * gnu/packages/patches/seq24-rename-mutex.patch: New file. * gnu/local.mk (dist_patch_DATA): Register patch. --- gnu/local.mk | 1 + gnu/packages/music.scm | 30 +++++++ gnu/packages/patches/seq24-rename-mutex.patch | 124 ++++++++++++++++++++++++++ 3 files changed, 155 insertions(+) create mode 100644 gnu/packages/patches/seq24-rename-mutex.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 96689a7d60..9f8325d833 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -854,6 +854,7 @@ dist_patch_DATA = \ %D%/packages/patches/scheme48-tests.patch \ %D%/packages/patches/scotch-test-threading.patch \ %D%/packages/patches/sdl-libx11-1.6.patch \ + %D%/packages/patches/seq24-rename-mutex.patch \ %D%/packages/patches/serf-comment-style-fix.patch \ %D%/packages/patches/serf-deflate-buckets-test-fix.patch \ %D%/packages/patches/slim-session.patch \ diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm index b3e66fff94..e1ab90b001 100644 --- a/gnu/packages/music.scm +++ b/gnu/packages/music.scm @@ -2598,6 +2598,36 @@ sequencer and LFO. It can hold any number of arpeggiator, sequencer, or LFO modules running in parallel.") (license license:gpl2+))) +(define-public seq24 + (package + (name "seq24") + (version "0.9.3") + (source (origin + (method url-fetch) + (uri (string-append "https://launchpad.net/seq24/trunk/" + version "/+download/seq24-" + version ".tar.bz2")) + (sha256 + (base32 + "12dphdhnvfk1k0vmagi1v2lhyxjyj1j3cz6ksjw0ydcvid1x8ap2")) + (patches (search-patches "seq24-rename-mutex.patch")))) + (build-system gnu-build-system) + (arguments + `(#:configure-flags + (list "CXXFLAGS=-std=gnu++11"))) + (inputs + `(("gtkmm" ,gtkmm-2) + ("alsa-lib" ,alsa-lib) + ("jack" ,jack-1) + ("lash" ,lash))) + (native-inputs + `(("pkg-config" ,pkg-config))) + (home-page "https://edge.launchpad.net/seq24/") + (synopsis "Real-time MIDI sequencer") + (description "Seq24 is a real-time MIDI sequencer. It was created to +provide a very simple interface for editing and playing MIDI loops.") + (license license:gpl2+))) + (define-public python-discogs-client (package (name "python-discogs-client") diff --git a/gnu/packages/patches/seq24-rename-mutex.patch b/gnu/packages/patches/seq24-rename-mutex.patch new file mode 100644 index 0000000000..ddc5910119 --- /dev/null +++ b/gnu/packages/patches/seq24-rename-mutex.patch @@ -0,0 +1,124 @@ +The custom mutex definition in Seq24 clashes with the mutex defined in gtkmm. +This patch renames the custom definition. + +See https://bugs.launchpad.net/seq24/+bug/1647614 for upstream bug report. + +diff --git a/src/midibus.h b/src/midibus.h +index 2cdf8e8..1bb02bd 100644 +--- a/src/midibus.h ++++ b/src/midibus.h +@@ -90,7 +90,7 @@ class midibus + + + /* locking */ +- mutex m_mutex; ++ seq24mutex m_mutex; + + /* mutex */ + void lock(); +@@ -208,7 +208,7 @@ class mastermidibus + sequence *m_seq; + + /* locking */ +- mutex m_mutex; ++ seq24mutex m_mutex; + + /* mutex */ + void lock(); +diff --git a/src/midibus_portmidi.h b/src/midibus_portmidi.h +index 0119e9c..8c6a27a 100644 +--- a/src/midibus_portmidi.h ++++ b/src/midibus_portmidi.h +@@ -65,7 +65,7 @@ class midibus + long m_lasttick; + + /* locking */ +- mutex m_mutex; ++ seq24mutex m_mutex; + + /* mutex */ + void lock(); +@@ -164,7 +164,7 @@ class mastermidibus + sequence *m_seq; + + /* locking */ +- mutex m_mutex; ++ seq24mutex m_mutex; + + /* mutex */ + void lock(); +diff --git a/src/mutex.cpp b/src/mutex.cpp +index b3f23fd..914114f 100644 +--- a/src/mutex.cpp ++++ b/src/mutex.cpp +@@ -20,23 +20,23 @@ + + #include "mutex.h" + +-const pthread_mutex_t mutex::recmutex = PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP; ++const pthread_mutex_t seq24mutex::recmutex = PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP; + const pthread_cond_t condition_var::cond = PTHREAD_COND_INITIALIZER; + +-mutex::mutex( ) ++seq24mutex::seq24mutex( ) + { + m_mutex_lock = recmutex; + } + + void +-mutex::lock( ) ++seq24mutex::lock( ) + { + pthread_mutex_lock( &m_mutex_lock ); + } + + + void +-mutex::unlock( ) ++seq24mutex::unlock( ) + { + pthread_mutex_unlock( &m_mutex_lock ); + } +diff --git a/src/mutex.h b/src/mutex.h +index 399f8a3..4f1b867 100644 +--- a/src/mutex.h ++++ b/src/mutex.h +@@ -24,7 +24,7 @@ + + #include + +-class mutex { ++class seq24mutex { + + private: + +@@ -37,14 +37,14 @@ protected: + + public: + +- mutex(); ++ seq24mutex(); + + void lock(); + void unlock(); + + }; + +-class condition_var : public mutex { ++class condition_var : public seq24mutex { + + private: + +diff --git a/src/sequence.h b/src/sequence.h +index 2943946..9da8700 100644 +--- a/src/sequence.h ++++ b/src/sequence.h +@@ -153,7 +153,7 @@ class sequence + long m_rec_vol; + + /* locking */ +- mutex m_mutex; ++ seq24mutex m_mutex; + + /* used to idenfity which events are ours in the out queue */ + //unsigned char m_tag; -- cgit v1.2.3 From 1ebe49f192d6c84bf55ac16188d7966f673f4388 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Tue, 6 Dec 2016 15:36:59 +0200 Subject: gnu: httpd: Add fix for CVE-2016-8740. * gnu/packages/web.scm (httpd)[source]: Add patch for CVE-2016-8740. * gnu/packages/patches/httpd-CVE-2016-8740.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/patches/httpd-CVE-2016-8740.patch | 36 ++++++++++++++++++++++++++ gnu/packages/web.scm | 4 ++- 3 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/httpd-CVE-2016-8740.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 9f8325d833..bc9b06da63 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -620,6 +620,7 @@ dist_patch_DATA = \ %D%/packages/patches/hdf-eos5-fortrantests.patch \ %D%/packages/patches/higan-remove-march-native-flag.patch \ %D%/packages/patches/hop-linker-flags.patch \ + %D%/packages/patches/httpd-CVE-2016-8740.patch \ %D%/packages/patches/hydra-disable-darcs-test.patch \ %D%/packages/patches/hypre-doc-tables.patch \ %D%/packages/patches/hypre-ldflags.patch \ diff --git a/gnu/packages/patches/httpd-CVE-2016-8740.patch b/gnu/packages/patches/httpd-CVE-2016-8740.patch new file mode 100644 index 0000000000..17ba323ccf --- /dev/null +++ b/gnu/packages/patches/httpd-CVE-2016-8740.patch @@ -0,0 +1,36 @@ +This patch applies against httpd-2.4.23 and shouldn't be needed in later releases +http://openwall.com/lists/oss-security/2016/12/05/17 +Index: modules/http2/h2_stream.c +=================================================================== +--- modules/http2/h2_stream.c (revision 1771866) ++++ modules/http2/h2_stream.c (working copy) +@@ -322,18 +322,18 @@ + HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE); + } + } +- } +- +- if (h2_stream_is_scheduled(stream)) { +- return h2_request_add_trailer(stream->request, stream->pool, +- name, nlen, value, vlen); +- } +- else { +- if (!input_open(stream)) { +- return APR_ECONNRESET; ++ ++ if (h2_stream_is_scheduled(stream)) { ++ return h2_request_add_trailer(stream->request, stream->pool, ++ name, nlen, value, vlen); + } +- return h2_request_add_header(stream->request, stream->pool, +- name, nlen, value, vlen); ++ else { ++ if (!input_open(stream)) { ++ return APR_ECONNRESET; ++ } ++ return h2_request_add_header(stream->request, stream->pool, ++ name, nlen, value, vlen); ++ } + } + } + diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index 697bab8e56..81676386a0 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -92,7 +92,9 @@ version ".tar.bz2")) (sha256 (base32 - "0n2yx3gjlpr4kgqx845fj6amnmg25r2l6a7rzab5hxnpmar985hc")))) + "0n2yx3gjlpr4kgqx845fj6amnmg25r2l6a7rzab5hxnpmar985hc")) + (patches (search-patches "httpd-CVE-2016-8740.patch")) + (patch-flags '("-p0")))) (build-system gnu-build-system) (native-inputs `(("pcre" ,pcre "bin"))) ;for 'pcre-config' (inputs `(("apr" ,apr) -- cgit v1.2.3 From cf0ef075c43437f183bc4cb390481e9c9b5a3399 Mon Sep 17 00:00:00 2001 From: Jan Nieuwenhuizen Date: Thu, 14 Apr 2016 07:35:40 +0200 Subject: gnu: Add mingw-w64. * gnu/packages/patches/gcc-4.9.3-mingw-gthr-default.patch, gnu/packages/patches/mingw-w64-5.0rc2-gcc-4.9.3.patch, gnu/packages/mingw.scm: New files. * gnu/local.mk (dist_patch_DATA): Add the patches. (GNU_SYSTEM_MODULES): Add mingw.scm. --- gnu/local.mk | 3 + gnu/packages/mingw.scm | 84 ++++++++ .../patches/gcc-4.9.3-mingw-gthr-default.patch | 11 ++ .../patches/mingw-w64-5.0rc2-gcc-4.9.3.patch | 218 +++++++++++++++++++++ 4 files changed, 316 insertions(+) create mode 100644 gnu/packages/mingw.scm create mode 100644 gnu/packages/patches/gcc-4.9.3-mingw-gthr-default.patch create mode 100644 gnu/packages/patches/mingw-w64-5.0rc2-gcc-4.9.3.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index bc9b06da63..3197cfb7bb 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -248,6 +248,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/mc.scm \ %D%/packages/mcrypt.scm \ %D%/packages/messaging.scm \ + %D%/packages/mingw.scm \ %D%/packages/mg.scm \ %D%/packages/microcom.scm \ %D%/packages/mit-krb5.scm \ @@ -554,6 +555,7 @@ dist_patch_DATA = \ %D%/packages/patches/gcc-cross-environment-variables.patch \ %D%/packages/patches/gcc-libvtv-runpath.patch \ %D%/packages/patches/gcc-strmov-store-file-names.patch \ + %D%/packages/patches/gcc-4.9.3-mingw-gthr-default.patch \ %D%/packages/patches/gcc-5.0-libvtv-runpath.patch \ %D%/packages/patches/gcc-6-arm-none-eabi-multilib.patch \ %D%/packages/patches/gcc-6-cross-environment-variables.patch \ @@ -725,6 +727,7 @@ dist_patch_DATA = \ %D%/packages/patches/mesa-wayland-egl-symbols-check-mips.patch \ %D%/packages/patches/metabat-remove-compilation-date.patch \ %D%/packages/patches/mhash-keygen-test-segfault.patch \ + %D%/packages/patches/mingw-w64-5.0rc2-gcc-4.9.3.patch \ %D%/packages/patches/mpc123-initialize-ao.patch \ %D%/packages/patches/mplayer2-theora-fix.patch \ %D%/packages/patches/module-init-tools-moduledir.patch \ diff --git a/gnu/packages/mingw.scm b/gnu/packages/mingw.scm new file mode 100644 index 0000000000..6a348da611 --- /dev/null +++ b/gnu/packages/mingw.scm @@ -0,0 +1,84 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2016 Jan Nieuwenhuizen +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages mingw) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (gnu packages) + #:use-module (gnu packages base) + #:use-module (gnu packages cross-base) + #:use-module (gnu packages gcc) + #:use-module (gnu packages compression) + #:use-module (gnu packages multiprecision) + #:use-module (guix build-system gnu) + #:use-module (guix packages) + #:use-module (guix download) + #:use-module (guix utils) + #:use-module (ice-9 match)) + +(define %mingw-triplet + "i686-w64-mingw32") + +(define-public mingw-w64 + (package + (name "mingw-w64") + (version "5.0-rc2") + (source (origin + (method url-fetch) + (uri (string-append + "https://sourceforge.net/projects/mingw-w64/files/mingw-w64/" + "mingw-w64-release/mingw-w64-v" version ".tar.bz2")) + (sha256 + (base32 "0imdary8j07if8ih73pfgxiclpf2ax8h3mz8mxln07i8sbbd30c9")) + (patches (search-patches "mingw-w64-5.0rc2-gcc-4.9.3.patch")))) + (native-inputs `(("xgcc-core" ,(cross-gcc %mingw-triplet)) + ("xbinutils" ,(cross-binutils %mingw-triplet)))) + (build-system gnu-build-system) + (search-paths + (list (search-path-specification + (variable "CROSS_C_INCLUDE_PATH") + (files '("include" "i686-w64-mingw32/include"))) + (search-path-specification + (variable "CROSS_LIBRARY_PATH") + (files + '("lib" "lib64" "i686-w64-mingw32/lib" "i686-w64-mingw32/lib64"))))) + (arguments + `(#:configure-flags '("--host=i686-w64-mingw32") + #:phases + (modify-phases %standard-phases + (add-before 'configure 'setenv + (lambda* (#:key inputs #:allow-other-keys) + (let ((xgcc-core (assoc-ref inputs "xgcc-core")) + (mingw-headers (string-append (getcwd) "/mingw-w64-headers"))) + (setenv "CPP" + (string-append xgcc-core "/bin/i686-w64-mingw32-cpp")) + (setenv "CROSS_C_INCLUDE_PATH" + (string-append + mingw-headers + ":" mingw-headers "/include" + ":" mingw-headers "/crt" + ":" mingw-headers "/defaults/include" + ":" mingw-headers "/direct-x/include")))))) + #:make-flags (list "DEFS=-DHAVE_CONFIG_H -D__MINGW_HAS_DXSDK=1") + #:tests? #f ; compiles and includes glibc headers + #:strip-binaries? #f)) + (home-page "http://mingw.org") + (synopsis "Minimalist GNU for Windows") + (description "MinGW provides a complete Open Source programming tool set +which is suitable for the development of native MS-Windows applications, and +which does not depend on any 3rd-party C-Runtime dlls.") + (license license:fdl1.3+))) diff --git a/gnu/packages/patches/gcc-4.9.3-mingw-gthr-default.patch b/gnu/packages/patches/gcc-4.9.3-mingw-gthr-default.patch new file mode 100644 index 0000000000..0ea008a7cb --- /dev/null +++ b/gnu/packages/patches/gcc-4.9.3-mingw-gthr-default.patch @@ -0,0 +1,11 @@ +--- a/libgcc/config/i386/gthr-win32.h 2016-03-30 07:45:33.388684463 +0200 ++++ b/libgcc/config/i386/gthr-win32.h 2016-03-30 15:51:24.123896436 +0200 +@@ -30,7 +30,7 @@ + + /* Make sure CONST_CAST2 (origin in system.h) is declared. */ + #ifndef CONST_CAST2 +-#define CONST_CAST2(TOTYPE,FROMTYPE,X) ((__extension__(union {FROMTYPE _q; TOTYPE _nq;})(X))._nq) ++#define CONST_CAST2(TOTYPE,FROMTYPE,X) ((TOTYPE)X) + #endif + + /* Windows32 threads specific definitions. The windows32 threading model diff --git a/gnu/packages/patches/mingw-w64-5.0rc2-gcc-4.9.3.patch b/gnu/packages/patches/mingw-w64-5.0rc2-gcc-4.9.3.patch new file mode 100644 index 0000000000..e8f841c4fd --- /dev/null +++ b/gnu/packages/patches/mingw-w64-5.0rc2-gcc-4.9.3.patch @@ -0,0 +1,218 @@ +This patch includes + + * mingw-w64-headers/include/winnt.h: compile fixes for1 gcc-4.9.3 + * mingw-w64-headers/crt/math.h: Likewise + * mingw-w64-headers/crt/float.h (FLT_EPSILON,DBL_EPSILON,LDBL_EPSILON): Add + symbols. + * mingw-w64-headers/crt/stat.h (S_ISLNK,S_ISSOCK,S_ISUID,S_ISGID,S_ISLINK): + Add symbols. + (lstat): Add function. + * mingw-w64-headers/crt/_mingw_stat64.h: Likewise + * mingw-w64-headers/crt/stdlib.h (realpath): Add function. + +Needed for building with gcc-4.9.3 and using with cross-libtool-2.4.6. + +Upstream status: not yet presented upstream. + +index 9c5cf87..74a8541 100644 +--- a/mingw-w64-crt/misc/dirname.c ++++ b/mingw-w64-crt/misc/dirname.c +@@ -29,6 +29,12 @@ + #define __cdecl /* this may not be defined. */ + #endif + ++char *__cdecl ++realpath(const char *name, char *resolved) ++{ ++ return resolved ? strcpy (resolved, name) : strdup (name); ++} ++ + char * __cdecl + dirname(char *path) + { +diff --git a/mingw-w64-headers/crt/_mingw_stat64.h b/mingw-w64-headers/crt/_mingw_stat64.h +index 17e754c..7d2339b 100644 +--- a/mingw-w64-headers/crt/_mingw_stat64.h ++++ b/mingw-w64-headers/crt/_mingw_stat64.h +@@ -2,13 +2,17 @@ + + #ifdef _USE_32BIT_TIME_T + #define _fstat32 _fstat ++#define _lstat32 _lstat + #define _stat32 _stat + #define _wstat32 _wstat + #define _fstat32i64 _fstati64 ++#define _lstat32i64 _lstati64 + #define _stat32i64 _stati64 + #define _wstat32i64 _wstati64 + #else + #define _fstat _fstat64i32 ++#define _lstat _lstat64i32 ++#define _lstati64 _lstat64 + #define _fstati64 _fstat64 + #define _stat _stat64i32 + #define _stati64 _stat64 +diff --git a/mingw-w64-headers/crt/float.h b/mingw-w64-headers/crt/float.h +index 5874f4e..bdf4ead 100644 +--- a/mingw-w64-headers/crt/float.h ++++ b/mingw-w64-headers/crt/float.h +@@ -22,6 +22,15 @@ + #if (__GNUC__ < 4) + #error Corrupt install of gcc-s internal headers, or search order was changed. + #else ++ ++ /* From gcc-4.9.3 float.h. */ ++ #undef FLT_EPSILON ++ #undef DBL_EPSILON ++ #undef LDBL_EPSILON ++ #define FLT_EPSILON __FLT_EPSILON__ ++ #define DBL_EPSILON __DBL_EPSILON__ ++ #define LDBL_EPSILON __LDBL_EPSILON__ ++ + /* #include_next */ + + /* Number of decimal digits, q, such that any floating-point number with q +diff --git a/mingw-w64-headers/crt/math.h b/mingw-w64-headers/crt/math.h +index 1e970f4..99a332f 100644 +--- a/mingw-w64-headers/crt/math.h ++++ b/mingw-w64-headers/crt/math.h +@@ -216,6 +216,7 @@ extern "C" { + #endif + } + ++#if 0 + __CRT_INLINE long double __cdecl fabsl (long double x) + { + #ifdef __arm__ +@@ -226,6 +227,7 @@ extern "C" { + return res; + #endif + } ++#endif + + __CRT_INLINE double __cdecl fabs (double x) + { +@@ -905,7 +907,7 @@ __mingw_choose_expr ( \ + /* 7.12.7.3 */ + extern double __cdecl hypot (double, double) __MINGW_ATTRIB_DEPRECATED_MSVC2005; /* in libmoldname.a */ + extern float __cdecl hypotf (float x, float y); +-#ifndef __CRT__NO_INLINE ++#if 0 //ndef __CRT__NO_INLINE + __CRT_INLINE float __cdecl hypotf (float x, float y) { return (float) hypot ((double)x, (double)y);} + #endif + extern long double __cdecl hypotl (long double, long double); +diff --git a/mingw-w64-headers/crt/stdlib.h b/mingw-w64-headers/crt/stdlib.h +index dfc5ae4..6f0fee3 100644 +--- a/mingw-w64-headers/crt/stdlib.h ++++ b/mingw-w64-headers/crt/stdlib.h +@@ -8,6 +8,7 @@ + + #include + #include ++#include + + #if defined (__USE_MINGW_ANSI_STDIO) && ((__USE_MINGW_ANSI_STDIO + 0) != 0) && !defined (__USE_MINGW_STRTOX) + #define __USE_MINGW_STRTOX 1 +@@ -676,6 +677,8 @@ unsigned long __cdecl _lrotr(unsigned long,int); + + #endif /* !__NO_ISOCEXT */ + ++char *__cdecl realpath (const char *name, char *resolved); ++ + #ifdef __cplusplus + } + #endif +diff --git a/mingw-w64-headers/crt/sys/stat.h b/mingw-w64-headers/crt/sys/stat.h +index ed60219..d88b4f1 100644 +--- a/mingw-w64-headers/crt/sys/stat.h ++++ b/mingw-w64-headers/crt/sys/stat.h +@@ -58,16 +58,21 @@ extern "C" { + #include <_mingw_stat64.h> + + #define _S_IFMT 0xF000 ++#define _S_IFLNK 0xA000 ++#define _S_IFSOCK 0xC000 + #define _S_IFDIR 0x4000 + #define _S_IFCHR 0x2000 + #define _S_IFIFO 0x1000 + #define _S_IFREG 0x8000 ++#define _S_ISUID 0x0400 ++#define _S_ISGID 0x0200 + #define _S_IREAD 0x0100 + #define _S_IWRITE 0x0080 + #define _S_IEXEC 0x0040 + + _CRTIMP int __cdecl _fstat32(int _FileDes,struct _stat32 *_Stat); + _CRTIMP int __cdecl _stat32(const char *_Name,struct _stat32 *_Stat); ++ static inline int __cdecl _lstat32(const char *_Name,struct _stat32 *_Stat) {return _stat32(_Name, _Stat);} + _CRTIMP int __cdecl _fstat64(int _FileDes,struct _stat64 *_Stat); + _CRTIMP int __cdecl _fstat32i64(int _FileDes,struct _stat32i64 *_Stat); + int __cdecl _fstat64i32(int _FileDes,struct _stat64i32 *_Stat); +@@ -97,6 +102,9 @@ extern "C" { + _CRTIMP int __cdecl _stat64(const char *_Name,struct _stat64 *_Stat); + _CRTIMP int __cdecl _stat32i64(const char *_Name,struct _stat32i64 *_Stat); + int __cdecl _stat64i32(const char *_Name,struct _stat64i32 *_Stat); ++ static inline int __cdecl _lstat64(const char *_Name,struct _stat64 *_Stat) {return _stat64(_Name, _Stat);} ++ static inline int __cdecl _lstat32i64(const char *_Name,struct _stat32i64 *_Stat) {return _stat32i64(_Name, _Stat);} ++ static inline int __cdecl _lstat64i32(const char *_Name,struct _stat64i32 *_Stat) {return _stat64i32(_Name, _Stat);} + #ifndef __CRT__NO_INLINE + __CRT_INLINE int __cdecl _stat64i32(const char *_Name,struct _stat64i32 *_Stat) + { +@@ -132,6 +140,8 @@ extern "C" { + #ifndef NO_OLDNAMES + #define _S_IFBLK 0x3000 /* Block: Is this ever set under w32? */ + ++#define S_IFLNK _S_IFLNK ++#define S_IFSOCK _S_IFSOCK + #define S_IFMT _S_IFMT + #define S_IFDIR _S_IFDIR + #define S_IFCHR _S_IFCHR +@@ -162,6 +172,11 @@ extern "C" { + #define S_IXOTH (S_IXGRP >> 3) + #define S_IRWXO (S_IRWXG >> 3) + ++#define S_ISUID _S_ISUID ++#define S_ISGID _S_ISGID ++ ++#define S_ISLNK(m) (((m) & S_IFMT) == S_IFLNK) ++#define S_ISSOCK(m) (((m) & S_IFMT) == S_IFSOCK) + #define S_ISDIR(m) (((m) & S_IFMT) == S_IFDIR) + #define S_ISFIFO(m) (((m) & S_IFMT) == S_IFIFO) + #define S_ISCHR(m) (((m) & S_IFMT) == S_IFCHR) +@@ -174,6 +189,7 @@ extern "C" { + int __cdecl stat(const char *_Filename,struct stat *_Stat); + int __cdecl fstat(int _Desc,struct stat *_Stat); + int __cdecl wstat(const wchar_t *_Filename,struct stat *_Stat); ++static inline int __cdecl lstat(const char *_Filename,struct stat *_Stat){return stat(_Filename, _Stat);} + + #ifndef __CRT__NO_INLINE + #ifdef _USE_32BIT_TIME_T +@@ -262,9 +278,11 @@ __CRT_INLINE int __cdecl + + #if defined(_FILE_OFFSET_BITS) && (_FILE_OFFSET_BITS == 64) + #ifdef _USE_32BIT_TIME_T ++#define lstat _lstat32i64 + #define stat _stat32i64 + #define fstat _fstat32i64 + #else ++#define lstat _lstat64 + #define stat _stat64 + #define fstat _fstat64 + #endif +diff --git a/mingw-w64-headers/include/winnt.h b/mingw-w64-headers/include/winnt.h +index 52af29b..8626396 100644 +--- a/mingw-w64-headers/include/winnt.h ++++ b/mingw-w64-headers/include/winnt.h +@@ -6895,7 +6895,12 @@ __buildmemorybarrier() + DWORD Reg : 3; + DWORD R : 1; + DWORD L : 1; ++/* C is used as a const specifier */ ++#define save_C C ++#undef C + DWORD C : 1; ++#define C save_C ++#undef save_C + DWORD StackAdjust : 10; + } DUMMYSTRUCTNAME; + } DUMMYUNIONNAME; -- cgit v1.2.3 From ae12d586275cdd96db23fb01bf840b2055b5b979 Mon Sep 17 00:00:00 2001 From: Jan Nieuwenhuizen Date: Tue, 12 Apr 2016 15:49:17 +0200 Subject: gnu: readline: support mingw. * gnu/packages/patches/readline-7.0-mingw.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. * gnu/packages/readline.scm (readline): Support MinGW. --- gnu/local.mk | 1 + gnu/packages/patches/readline-7.0-mingw.patch | 28 +++++++++++++++++++++++++++ gnu/packages/readline.scm | 14 +++++++++++++- 3 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/readline-7.0-mingw.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 3197cfb7bb..1f98513ca3 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -845,6 +845,7 @@ dist_patch_DATA = \ %D%/packages/patches/ratpoison-shell.patch \ %D%/packages/patches/readline-link-ncurses.patch \ %D%/packages/patches/readline-6.2-CVE-2014-2524.patch \ + %D%/packages/patches/readline-7.0-mingw.patch \ %D%/packages/patches/ripperx-missing-file.patch \ %D%/packages/patches/rpm-CVE-2014-8118.patch \ %D%/packages/patches/rsem-makefile.patch \ diff --git a/gnu/packages/patches/readline-7.0-mingw.patch b/gnu/packages/patches/readline-7.0-mingw.patch new file mode 100644 index 0000000000..1dc491d556 --- /dev/null +++ b/gnu/packages/patches/readline-7.0-mingw.patch @@ -0,0 +1,28 @@ +Configure checks for chown; add missing shields in code. + +Upstream status: not yet presented upstream. + +--- readline-7.0/histfile.c.orig 2016-12-06 20:04:10.058901731 +0100 ++++ readline-7.0/histfile.c 2016-12-06 20:05:09.220083801 +0100 +@@ -610,8 +610,10 @@ + user is running this, it's a no-op. If the shell is running after sudo + with a shared history file, we don't want to leave the history file + owned by root. */ ++#if HAVE_CHOWN + if (rv == 0 && exists) + r = chown (filename, finfo.st_uid, finfo.st_gid); ++#endif + + xfree (filename); + FREE (tempname); +@@ -757,8 +759,10 @@ + user is running this, it's a no-op. If the shell is running after sudo + with a shared history file, we don't want to leave the history file + owned by root. */ ++#if HAVE_CHOWN + if (rv == 0 && exists) + mode = chown (histname, finfo.st_uid, finfo.st_gid); ++#endif + + FREE (histname); + FREE (tempname); diff --git a/gnu/packages/readline.scm b/gnu/packages/readline.scm index 43817791b5..16a31afd73 100644 --- a/gnu/packages/readline.scm +++ b/gnu/packages/readline.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2012, 2013, 2014 Ludovic Courtès ;;; Copyright © 2016 Efraim Flashner +;;; Copyright © 2016 Jan Nieuwenhuizen ;;; ;;; This file is part of GNU Guix. ;;; @@ -24,7 +25,8 @@ #:use-module (gnu packages perl) #:use-module (guix packages) #:use-module (guix download) - #:use-module (guix build-system gnu)) + #:use-module (guix build-system gnu) + #:use-module (guix utils)) (define-public readline (let ((post-install-phase @@ -61,8 +63,18 @@ ;; cross-compiling, so provide the correct answer. ,@(if (%current-target-system) '("bash_cv_wcwidth_broken=no") + '()) + ;; MinGW: ncurses provides the termcap api. + ,@(if (target-mingw?) + '("bash_cv_termcap_lib=ncurses") '())) + ,@(if (target-mingw?) + ;; MinGW: termcap in ncurses + ;; some SIG_* #defined in _POSIX + '(#:make-flags '("TERMCAP_LIB=-lncurses" + "CPPFLAGS=-D_POSIX -D'chown(f,o,g)=0'")) + '()) #:phases (alist-cons-after 'install 'post-install ,post-install-phase -- cgit v1.2.3 From 57513498def74f8d95ef10df654d28e5a638a612 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Wed, 7 Dec 2016 18:51:27 -0500 Subject: gnu: tcsh: Fix out of bounds read. * gnu/packages/patches/tcsh-fix-out-of-bounds-read.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/shells.scm (tcsh)[replacement]: New field. (tcsh/fixed): New variable. --- gnu/local.mk | 1 + .../patches/tcsh-fix-out-of-bounds-read.patch | 31 ++++++++++++++++++++++ gnu/packages/shells.scm | 10 +++++++ 3 files changed, 42 insertions(+) create mode 100644 gnu/packages/patches/tcsh-fix-out-of-bounds-read.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 30a5c209fc..55dee48305 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -885,6 +885,7 @@ dist_patch_DATA = \ %D%/packages/patches/tclxml-3.2-install.patch \ %D%/packages/patches/tcsh-do-not-define-BSDWAIT.patch \ %D%/packages/patches/tcsh-fix-autotest.patch \ + %D%/packages/patches/tcsh-fix-out-of-bounds-read.patch \ %D%/packages/patches/teensy-loader-cli-help.patch \ %D%/packages/patches/texi2html-document-encoding.patch \ %D%/packages/patches/texi2html-i18n.patch \ diff --git a/gnu/packages/patches/tcsh-fix-out-of-bounds-read.patch b/gnu/packages/patches/tcsh-fix-out-of-bounds-read.patch new file mode 100644 index 0000000000..48c294f78e --- /dev/null +++ b/gnu/packages/patches/tcsh-fix-out-of-bounds-read.patch @@ -0,0 +1,31 @@ +Fix out-of-bounds read in c_substitute(): + +http://seclists.org/oss-sec/2016/q4/612 + +Patch copied from upstream source repository: + +https://github.com/tcsh-org/tcsh/commit/6a542dc4fb2ba26518a47e9b3a9bcd6a91b94596 + +From 6a542dc4fb2ba26518a47e9b3a9bcd6a91b94596 Mon Sep 17 00:00:00 2001 +From: christos +Date: Fri, 2 Dec 2016 16:59:28 +0000 +Subject: [PATCH] Fix out of bounds read (Brooks Davis) (reproduce by starting + tcsh and hitting tab at the prompt) + +--- + ed.chared.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ed.chared.c b/ed.chared.c +index 1277e53..310393e 100644 +--- ed.chared.c ++++ ed.chared.c +@@ -750,7 +750,7 @@ c_substitute(void) + /* + * If we found a history character, go expand it. + */ +- if (HIST != '\0' && *p == HIST) ++ if (p >= InputBuf && HIST != '\0' && *p == HIST) + nr_exp = c_excl(p); + else + nr_exp = 0; diff --git a/gnu/packages/shells.scm b/gnu/packages/shells.scm index f3350ef501..1931609753 100644 --- a/gnu/packages/shells.scm +++ b/gnu/packages/shells.scm @@ -174,6 +174,7 @@ has a small feature set similar to a traditional Bourne shell.") (define-public tcsh (package (name "tcsh") + (replacement tcsh/fixed) (version "6.18.01") (source (origin (method url-fetch) @@ -231,6 +232,15 @@ command-line editor, programmable word completion, spelling correction, a history mechanism, job control and a C-like syntax.") (license bsd-4))) +(define tcsh/fixed + (package + (inherit tcsh) + (name "tcsh") + (source (origin + (inherit (package-source tcsh)) + (patches (cons (search-patch "tcsh-fix-out-of-bounds-read.patch") + (origin-patches (package-source tcsh)))))))) + (define-public zsh (package (name "zsh") -- cgit v1.2.3 From 13b5f44b475aa385d580f7e19b907210bc1d6d99 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Fri, 9 Dec 2016 18:09:43 +0100 Subject: gnu: libepoxy: Add patch to avoid segfault when GL support is missing. * gnu/packages/patches/libepoxy-gl-null-checks.patch: New file. * gnu/packages/gl.scm (libepoxy)[source]: Add it. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/gl.scm | 3 +- gnu/packages/patches/libepoxy-gl-null-checks.patch | 54 ++++++++++++++++++++++ 3 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/libepoxy-gl-null-checks.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 30f7b59f12..9b78e0a742 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -656,6 +656,7 @@ dist_patch_DATA = \ %D%/packages/patches/libcanberra-sound-theme-freedesktop.patch \ %D%/packages/patches/libcmis-fix-test-onedrive.patch \ %D%/packages/patches/libdrm-symbol-check.patch \ + %D%/packages/patches/libepoxy-gl-null-checks.patch \ %D%/packages/patches/libevent-dns-tests.patch \ %D%/packages/patches/libextractor-ffmpeg-3.patch \ %D%/packages/patches/libjxr-fix-function-signature.patch \ diff --git a/gnu/packages/gl.scm b/gnu/packages/gl.scm index 18d5d8166a..0e9b5ddb5f 100644 --- a/gnu/packages/gl.scm +++ b/gnu/packages/gl.scm @@ -462,7 +462,8 @@ OpenGL graphics API.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "1d1brhwfmlzgnphmdwlvn5wbcrxsdyzf1qfcf8nb89xqzznxs037")))) + "1d1brhwfmlzgnphmdwlvn5wbcrxsdyzf1qfcf8nb89xqzznxs037")) + (patches (search-patches "libepoxy-gl-null-checks.patch")))) (arguments `(#:phases (modify-phases %standard-phases diff --git a/gnu/packages/patches/libepoxy-gl-null-checks.patch b/gnu/packages/patches/libepoxy-gl-null-checks.patch new file mode 100644 index 0000000000..bdc4b05989 --- /dev/null +++ b/gnu/packages/patches/libepoxy-gl-null-checks.patch @@ -0,0 +1,54 @@ +This patch from adds NULL +checks to avoid crashes when GL support is missing, as is the case when running +Xvfb. + +Upstream issue: . + +diff -ur libepoxy-1.3.1/src/dispatch_common.c libepoxy-1.3.1/src/dispatch_common.c +--- libepoxy-1.3.1/src/dispatch_common.c 2015-07-15 19:46:36.000000000 -0400 ++++ libepoxy-1.3.1/src/dispatch_common.c 2016-11-16 09:03:52.809066247 -0500 +@@ -348,6 +348,8 @@ + epoxy_extension_in_string(const char *extension_list, const char *ext) + { + const char *ptr = extension_list; ++ if (! ptr) return false; ++ if (! ext) return false; + int len = strlen(ext); + + /* Make sure that don't just find an extension with our name as a prefix. */ +@@ -380,6 +382,7 @@ + + for (i = 0; i < num_extensions; i++) { + const char *gl_ext = (const char *)glGetStringi(GL_EXTENSIONS, i); ++ if (! gl_ext) return false; + if (strcmp(ext, gl_ext) == 0) + return true; + } +diff -ur libepoxy-1.3.1/src/dispatch_egl.c libepoxy-1.3.1/src/dispatch_egl.c +--- libepoxy-1.3.1/src/dispatch_egl.c 2015-07-15 19:46:36.000000000 -0400 ++++ libepoxy-1.3.1/src/dispatch_egl.c 2016-11-16 08:40:34.069358709 -0500 +@@ -46,6 +46,7 @@ + int ret; + + version_string = eglQueryString(dpy, EGL_VERSION); ++ if (! version_string) return 0; + ret = sscanf(version_string, "%d.%d", &major, &minor); + assert(ret == 2); + return major * 10 + minor; +diff -ur libepoxy-1.3.1/src/dispatch_glx.c libepoxy-1.3.1/src/dispatch_glx.c +--- libepoxy-1.3.1/src/dispatch_glx.c 2015-07-15 19:46:36.000000000 -0400 ++++ libepoxy-1.3.1/src/dispatch_glx.c 2016-11-16 08:41:03.065730370 -0500 +@@ -57,11 +57,13 @@ + int ret; + + version_string = glXQueryServerString(dpy, screen, GLX_VERSION); ++ if (! version_string) return 0; + ret = sscanf(version_string, "%d.%d", &server_major, &server_minor); + assert(ret == 2); + server = server_major * 10 + server_minor; + + version_string = glXGetClientString(dpy, GLX_VERSION); ++ if (! version_string) return 0; + ret = sscanf(version_string, "%d.%d", &client_major, &client_minor); + assert(ret == 2); + client = client_major * 10 + client_minor; -- cgit v1.2.3 From a304b6c362dcfadfaa2cfe2a67f5e948f247fd51 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Sat, 10 Dec 2016 21:45:29 +0200 Subject: gnu: openjpeg: Add fixes for CVE-2016-{9850,9851}. * gnu/packages/image.scm (openjpeg)[replacement]: New field. (openjpeg/fixed): New variable, patch against CVE-2016-9850, CVE-2016-9851. * gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/image.scm | 13 ++ .../openjpeg-CVE-2016-9850-CVE-2016-9851.patch | 245 +++++++++++++++++++++ 3 files changed, 259 insertions(+) create mode 100644 gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 55dee48305..47c217bcc0 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -769,6 +769,7 @@ dist_patch_DATA = \ %D%/packages/patches/openjpeg-CVE-2015-6581.patch \ %D%/packages/patches/openjpeg-CVE-2016-5157.patch \ %D%/packages/patches/openjpeg-CVE-2016-7163.patch \ + %D%/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch \ %D%/packages/patches/openjpeg-use-after-free-fix.patch \ %D%/packages/patches/openocd-nrf52.patch \ %D%/packages/patches/openssh-memory-exhaustion.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 36c07cb9bc..b9669ce177 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -444,6 +444,7 @@ work.") (define-public openjpeg (package (name "openjpeg") + (replacement openjpeg/fixed) (version "2.1.1") (source (origin @@ -480,9 +481,21 @@ error-resilience, a Java-viewer for j2k-images, ...") (home-page "https://github.com/uclouvain/openjpeg") (license license:bsd-2))) +(define openjpeg/fixed + (package + (inherit openjpeg) + (source + (origin + (inherit (package-source openjpeg)) + (patches + (append + (origin-patches (package-source openjpeg)) + (search-patches "openjpeg-CVE-2016-9850-CVE-2016-9851.patch"))))))) + (define-public openjpeg-1 (package (inherit openjpeg) (name "openjpeg") + (replacement #f) (version "1.5.2") (source (origin diff --git a/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch b/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch new file mode 100644 index 0000000000..3f637fa88b --- /dev/null +++ b/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch @@ -0,0 +1,245 @@ +From cadff5fb6e73398de26a92e96d3d7cac893af255 Mon Sep 17 00:00:00 2001 +From: szukw000 +Date: Fri, 9 Dec 2016 08:29:55 +0100 +Subject: [PATCH] These changes repair bugs of #871 and #872 + +email from http://openwall.com/lists/oss-security/2016/12/09/4 +patch is against openjpeg-2.1.2, applies cleanly to 2.1.1. + +--- + src/bin/jp2/converttif.c | 107 +++++++++++++++++++++++++++++++---------------- + 1 file changed, 70 insertions(+), 37 deletions(-) + +diff --git a/src/bin/jp2/converttif.c b/src/bin/jp2/converttif.c +index 143d3be..c690f8b 100644 +--- a/src/bin/jp2/converttif.c ++++ b/src/bin/jp2/converttif.c +@@ -553,20 +553,18 @@ static void tif_32sto16u(const OPJ_INT32* pSrc, OPJ_UINT16* pDst, OPJ_SIZE_T len + + int imagetotif(opj_image_t * image, const char *outfile) + { +- int width, height; +- int bps,adjust, sgnd; +- int tiPhoto; ++ uint32 width, height, bps, tiPhoto; ++ int adjust, sgnd; + TIFF *tif; + tdata_t buf; +- tsize_t strip_size; ++ tmsize_t strip_size, rowStride; + OPJ_UINT32 i, numcomps; +- OPJ_SIZE_T rowStride; + OPJ_INT32* buffer32s = NULL; + OPJ_INT32 const* planes[4]; + convert_32s_PXCX cvtPxToCx = NULL; + convert_32sXXx_C1R cvt32sToTif = NULL; + +- bps = (int)image->comps[0].prec; ++ bps = (uint32)image->comps[0].prec; + planes[0] = image->comps[0].data; + + numcomps = image->numcomps; +@@ -674,13 +672,13 @@ int imagetotif(opj_image_t * image, const char *outfile) + break; + } + sgnd = (int)image->comps[0].sgnd; +- adjust = sgnd ? 1 << (image->comps[0].prec - 1) : 0; +- width = (int)image->comps[0].w; +- height = (int)image->comps[0].h; ++ adjust = sgnd ? (int)(1 << (image->comps[0].prec - 1)) : 0; ++ width = (uint32)image->comps[0].w; ++ height = (uint32)image->comps[0].h; + + TIFFSetField(tif, TIFFTAG_IMAGEWIDTH, width); + TIFFSetField(tif, TIFFTAG_IMAGELENGTH, height); +- TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, numcomps); ++ TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, (uint32)numcomps); + TIFFSetField(tif, TIFFTAG_BITSPERSAMPLE, bps); + TIFFSetField(tif, TIFFTAG_ORIENTATION, ORIENTATION_TOPLEFT); + TIFFSetField(tif, TIFFTAG_PLANARCONFIG, PLANARCONFIG_CONTIG); +@@ -688,8 +686,8 @@ int imagetotif(opj_image_t * image, const char *outfile) + TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, 1); + + strip_size = TIFFStripSize(tif); +- rowStride = ((OPJ_SIZE_T)width * numcomps * (OPJ_SIZE_T)bps + 7U) / 8U; +- if (rowStride != (OPJ_SIZE_T)strip_size) { ++ rowStride = (width * numcomps * bps + 7U) / 8U; ++ if (rowStride != strip_size) { + fprintf(stderr, "Invalid TIFF strip size\n"); + TIFFClose(tif); + return 1; +@@ -699,7 +697,7 @@ int imagetotif(opj_image_t * image, const char *outfile) + TIFFClose(tif); + return 1; + } +- buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)width * numcomps * sizeof(OPJ_INT32)); ++ buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(width * numcomps * sizeof(OPJ_INT32))); + if (buffer32s == NULL) { + _TIFFfree(buf); + TIFFClose(tif); +@@ -1211,20 +1209,19 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) + TIFF *tif; + tdata_t buf; + tstrip_t strip; +- tsize_t strip_size; ++ tmsize_t strip_size; + int j, currentPlane, numcomps = 0, w, h; + OPJ_COLOR_SPACE color_space = OPJ_CLRSPC_UNKNOWN; + opj_image_cmptparm_t cmptparm[4]; /* RGBA */ + opj_image_t *image = NULL; + int has_alpha = 0; +- unsigned short tiBps, tiPhoto, tiSf, tiSpp, tiPC; +- unsigned int tiWidth, tiHeight; ++ uint32 tiBps, tiPhoto, tiSf, tiSpp, tiPC, tiWidth, tiHeight; + OPJ_BOOL is_cinema = OPJ_IS_CINEMA(parameters->rsiz); + convert_XXx32s_C1R cvtTifTo32s = NULL; + convert_32s_CXPX cvtCxToPx = NULL; + OPJ_INT32* buffer32s = NULL; + OPJ_INT32* planes[4]; +- OPJ_SIZE_T rowStride; ++ tmsize_t rowStride; + + tif = TIFFOpen(filename, "r"); + +@@ -1243,22 +1240,35 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) + TIFFGetField(tif, TIFFTAG_SAMPLESPERPIXEL, &tiSpp); + TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &tiPhoto); + TIFFGetField(tif, TIFFTAG_PLANARCONFIG, &tiPC); +- w= (int)tiWidth; +- h= (int)tiHeight; +- +- if(tiBps > 16U) { +- fprintf(stderr,"tiftoimage: Bits=%d, Only 1 to 16 bits implemented\n",tiBps); +- fprintf(stderr,"\tAborting\n"); ++ ++ if(tiSpp == 0 || tiSpp > 4) { /* should be 1 ... 4 */ ++ fprintf(stderr,"tiftoimage: Bad value for samples per pixel == %hu.\n" ++ "\tAborting.\n", tiSpp); ++ TIFFClose(tif); ++ return NULL; ++ } ++ if(tiBps > 16U || tiBps == 0) { ++ fprintf(stderr,"tiftoimage: Bad values for Bits == %d.\n" ++ "\tMax. 16 Bits are allowed here.\n\tAborting.\n",tiBps); + TIFFClose(tif); + return NULL; + } + if(tiPhoto != PHOTOMETRIC_MINISBLACK && tiPhoto != PHOTOMETRIC_RGB) { +- fprintf(stderr,"tiftoimage: Bad color format %d.\n\tOnly RGB(A) and GRAY(A) has been implemented\n",(int) tiPhoto); ++ fprintf(stderr,"tiftoimage: Bad color format %d.\n" ++ "\tOnly RGB(A) and GRAY(A) has been implemented\n",(int) tiPhoto); + fprintf(stderr,"\tAborting\n"); + TIFFClose(tif); + return NULL; + } +- ++ if(tiWidth == 0 || tiHeight == 0) { ++ fprintf(stderr,"tiftoimage: Bad values for width(%u) " ++ "and/or height(%u)\n\tAborting.\n",tiWidth,tiHeight); ++ TIFFClose(tif); ++ return NULL; ++ } ++ w= (int)tiWidth; ++ h= (int)tiHeight; ++ + switch (tiBps) { + case 1: + case 2: +@@ -1312,7 +1322,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) + + TIFFGetFieldDefaulted(tif, TIFFTAG_EXTRASAMPLES, + &extrasamples, &sampleinfo); +- ++ + if(extrasamples >= 1) + { + switch(sampleinfo[0]) +@@ -1333,7 +1343,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) + else /* extrasamples == 0 */ + if(tiSpp == 4 || tiSpp == 2) has_alpha = 1; + } +- ++ + /* initialize image components */ + memset(&cmptparm[0], 0, 4 * sizeof(opj_image_cmptparm_t)); + +@@ -1346,7 +1356,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) + } else { + is_cinema = 0U; + } +- ++ + if(tiPhoto == PHOTOMETRIC_RGB) /* RGB(A) */ + { + numcomps = 3 + has_alpha; +@@ -1384,10 +1394,24 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) + image->x0 = (OPJ_UINT32)parameters->image_offset_x0; + image->y0 = (OPJ_UINT32)parameters->image_offset_y0; + image->x1 = !image->x0 ? (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1 : +- image->x0 + (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1; ++ image->x0 + (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1; ++ if(image->x1 <= image->x0) { ++ fprintf(stderr,"tiftoimage: Bad value for image->x1(%d) vs. " ++ "image->x0(%d)\n\tAborting.\n",image->x1,image->x0); ++ TIFFClose(tif); ++ opj_image_destroy(image); ++ return NULL; ++ } + image->y1 = !image->y0 ? (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1 : +- image->y0 + (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1; +- ++ image->y0 + (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1; ++ if(image->y1 <= image->y0) { ++ fprintf(stderr,"tiftoimage: Bad value for image->y1(%d) vs. " ++ "image->y0(%d)\n\tAborting.\n",image->y1,image->y0); ++ TIFFClose(tif); ++ opj_image_destroy(image); ++ return NULL; ++ } ++ + for(j = 0; j < numcomps; j++) + { + planes[j] = image->comps[j].data; +@@ -1395,15 +1419,15 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) + image->comps[numcomps - 1].alpha = (OPJ_UINT16)(1 - (numcomps & 1)); + + strip_size = TIFFStripSize(tif); +- ++ + buf = _TIFFmalloc(strip_size); + if (buf == NULL) { + TIFFClose(tif); + opj_image_destroy(image); + return NULL; + } +- rowStride = ((OPJ_SIZE_T)w * tiSpp * tiBps + 7U) / 8U; +- buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)w * tiSpp * sizeof(OPJ_INT32)); ++ rowStride = (w * tiSpp * tiBps + 7U) / 8U; ++ buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(w * tiSpp * sizeof(OPJ_INT32))); + if (buffer32s == NULL) { + _TIFFfree(buf); + TIFFClose(tif); +@@ -1421,11 +1445,20 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) + for(; (h > 0) && (strip < TIFFNumberOfStrips(tif)); strip++) + { + const OPJ_UINT8 *dat8; +- OPJ_SIZE_T ssize; ++ tmsize_t ssize; + +- ssize = (OPJ_SIZE_T)TIFFReadEncodedStrip(tif, strip, buf, strip_size); ++ ssize = TIFFReadEncodedStrip(tif, strip, buf, strip_size); ++ if(ssize < 1 || ssize > strip_size) { ++ fprintf(stderr,"tiftoimage: Bad value for ssize(%ld) " ++ "vs. strip_size(%ld).\n\tAborting.\n",ssize,strip_size); ++ _TIFFfree(buf); ++ _TIFFfree(buffer32s); ++ TIFFClose(tif); ++ opj_image_destroy(image); ++ return NULL; ++ } + dat8 = (const OPJ_UINT8*)buf; +- ++ + while (ssize >= rowStride) { + cvtTifTo32s(dat8, buffer32s, (OPJ_SIZE_T)w * tiSpp); + cvtCxToPx(buffer32s, planes, (OPJ_SIZE_T)w); -- cgit v1.2.3 From 67c539e21f75028f368edefdf3b1bb6a0b302640 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Sat, 10 Dec 2016 21:59:56 +0200 Subject: gnu: Remove unused patch. * gnu/packages/patches/openjpeg-CVE-2015-6581.patch: Remove file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/patches/openjpeg-CVE-2015-6581.patch | 47 ----------------------- 2 files changed, 48 deletions(-) delete mode 100644 gnu/packages/patches/openjpeg-CVE-2015-6581.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 47c217bcc0..98a7f65ca4 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -766,7 +766,6 @@ dist_patch_DATA = \ %D%/packages/patches/ola-readdir-r.patch \ %D%/packages/patches/onionshare-fix-install-paths.patch \ %D%/packages/patches/openexr-missing-samples.patch \ - %D%/packages/patches/openjpeg-CVE-2015-6581.patch \ %D%/packages/patches/openjpeg-CVE-2016-5157.patch \ %D%/packages/patches/openjpeg-CVE-2016-7163.patch \ %D%/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch \ diff --git a/gnu/packages/patches/openjpeg-CVE-2015-6581.patch b/gnu/packages/patches/openjpeg-CVE-2015-6581.patch deleted file mode 100644 index 7ce03501f4..0000000000 --- a/gnu/packages/patches/openjpeg-CVE-2015-6581.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 0fa5a17c98c4b8f9ee2286f4f0a50cf52a5fccb0 Mon Sep 17 00:00:00 2001 -From: Matthieu Darbois -Date: Tue, 19 May 2015 21:57:27 +0000 -Subject: [PATCH] [trunk] Correct potential double free on malloc failure in - opj_j2k_copy_default_tcp_and_create_tcp (fixes issue 492) - ---- - src/lib/openjp2/j2k.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c -index 8c62a39..cbdd368 100644 ---- a/src/lib/openjp2/j2k.c -+++ b/src/lib/openjp2/j2k.c -@@ -7365,6 +7365,12 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd ( opj_j2k_t * p_j2 - l_tcp->cod = 0; - l_tcp->ppt = 0; - l_tcp->ppt_data = 00; -+ /* Remove memory not owned by this tile in case of early error return. */ -+ l_tcp->m_mct_decoding_matrix = 00; -+ l_tcp->m_nb_max_mct_records = 0; -+ l_tcp->m_mct_records = 00; -+ l_tcp->m_nb_max_mcc_records = 0; -+ l_tcp->m_mcc_records = 00; - /* Reconnect the tile-compo coding parameters pointer to the current tile coding parameters*/ - l_tcp->tccps = l_current_tccp; - -@@ -7402,6 +7408,8 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd ( opj_j2k_t * p_j2 - - ++l_src_mct_rec; - ++l_dest_mct_rec; -+ /* Update with each pass to free exactly what has been allocated on early return. */ -+ l_tcp->m_nb_max_mct_records += 1; - } - - /* Get the mcc_record of the dflt_tile_cp and copy them into the current tile cp*/ -@@ -7411,6 +7419,7 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd ( opj_j2k_t * p_j2 - return OPJ_FALSE; - } - memcpy(l_tcp->m_mcc_records,l_default_tcp->m_mcc_records,l_mcc_records_size); -+ l_tcp->m_nb_max_mcc_records = l_default_tcp->m_nb_max_mcc_records; - - /* Copy the mcc record data from dflt_tile_cp to the current tile*/ - l_src_mcc_rec = l_default_tcp->m_mcc_records; --- -2.5.0 - -- cgit v1.2.3 From 32fd2600766d06724c6a7f6fb9b3d9029fbff911 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Mon, 12 Dec 2016 14:18:24 +0100 Subject: gnu: cssc: Update to 1.4.0. * gnu/packages/version-control.scm (cssc): Update to 1.4.0. [source]: Remove unneeded patches (i.e. all of them). * gnu/packages/patches/cssc-gets-undeclared.patch: Delete file. * gnu/packages/patches/cssc-missing-include.patch: Likewise. * gnu/local.mk (dist_patch_DATA): Remove deleted patches. --- gnu/local.mk | 2 -- gnu/packages/patches/cssc-gets-undeclared.patch | 17 ----------------- gnu/packages/patches/cssc-missing-include.patch | 12 ------------ gnu/packages/version-control.scm | 6 ++---- 4 files changed, 2 insertions(+), 35 deletions(-) delete mode 100644 gnu/packages/patches/cssc-gets-undeclared.patch delete mode 100644 gnu/packages/patches/cssc-missing-include.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index c6cb55b06f..fae868bfdb 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -508,8 +508,6 @@ dist_patch_DATA = \ %D%/packages/patches/crda-optional-gcrypt.patch \ %D%/packages/patches/crossmap-allow-system-pysam.patch \ %D%/packages/patches/csound-header-ordering.patch \ - %D%/packages/patches/cssc-gets-undeclared.patch \ - %D%/packages/patches/cssc-missing-include.patch \ %D%/packages/patches/clucene-contribs-lib.patch \ %D%/packages/patches/cursynth-wave-rand.patch \ %D%/packages/patches/cyrus-sasl-CVE-2013-4122.patch \ diff --git a/gnu/packages/patches/cssc-gets-undeclared.patch b/gnu/packages/patches/cssc-gets-undeclared.patch deleted file mode 100644 index 68c607cf58..0000000000 --- a/gnu/packages/patches/cssc-gets-undeclared.patch +++ /dev/null @@ -1,17 +0,0 @@ -CSSC uses a gets in a couple of places. For security reasons, modern gnulib -does not allow this. This patch allows it again. ---- CSSC-1.3.0/gl/lib/stdio.in.h 2010-05-15 00:15:35.000000000 +0200 -+++ CSSC-1.3.0/gl/lib/stdio.in.h 2014-02-03 21:27:10.000000000 +0100 -@@ -135,12 +135,6 @@ - "use gnulib module fflush for portable POSIX compliance"); - #endif - --/* It is very rare that the developer ever has full control of stdin, -- so any use of gets warrants an unconditional warning. Assume it is -- always declared, since it is required by C89. */ --#undef gets --_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead"); -- - #if @GNULIB_FOPEN@ - # if @REPLACE_FOPEN@ - # if !(defined __cplusplus && defined GNULIB_NAMESPACE) diff --git a/gnu/packages/patches/cssc-missing-include.patch b/gnu/packages/patches/cssc-missing-include.patch deleted file mode 100644 index 3cef9c15f1..0000000000 --- a/gnu/packages/patches/cssc-missing-include.patch +++ /dev/null @@ -1,12 +0,0 @@ -Added a missing include file (necessary for gid_t and others). -So far as I am aware, this has not been added upstream yet. ---- CSSC-1.3.0/src/file.h 2010-05-16 19:31:33.000000000 +0200 -+++ CSSC-1.3.0/src/file.h 2014-02-03 21:48:30.000000000 +0100 -@@ -30,6 +30,7 @@ - #ifndef CSSC__FILE_H__ - #define CSSC__FILE_H__ - -+#include - #include "filelock.h" - - enum create_mode { diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm index f6845fab04..7918b90ca6 100644 --- a/gnu/packages/version-control.scm +++ b/gnu/packages/version-control.scm @@ -889,16 +889,14 @@ large, complex patch files.") (define-public cssc (package (name "cssc") - (version "1.3.0") + (version "1.4.0") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/" name "/CSSC-" version ".tar.gz")) (sha256 (base32 - "0bkw6fjh20ppvn54smv05461lm1vcwvn02avx941c4acafmkl1cm")) - (patches (search-patches "cssc-gets-undeclared.patch" - "cssc-missing-include.patch")))) + "15191dh8hr46cvssmv4v52gymiiyk6ca9j1bfimlqakcqab6y51h")))) (build-system gnu-build-system) (arguments `(#:phases -- cgit v1.2.3 From e5a12fba82df0c05de15bbbdf5b011d178e087e4 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Tue, 13 Dec 2016 13:11:40 +0200 Subject: gnu: onionshare: Update to 0.9.2 (fixes CVE-2016-5026). * gnu/packages/tor.scm (onionshare): Update to 0.9.2. [source]: Remove patch. [arguments]: Update substitutions for new version. * gnu/packages/patches/onionshare-fix-install-paths.patch: Remove file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - .../patches/onionshare-fix-install-paths.patch | 39 ---------------------- gnu/packages/tor.scm | 38 +++++++++------------ 3 files changed, 15 insertions(+), 63 deletions(-) delete mode 100644 gnu/packages/patches/onionshare-fix-install-paths.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index fae868bfdb..a06f359435 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -743,7 +743,6 @@ dist_patch_DATA = \ %D%/packages/patches/ocaml-CVE-2015-8869.patch \ %D%/packages/patches/ocaml-findlib-make-install.patch \ %D%/packages/patches/ola-readdir-r.patch \ - %D%/packages/patches/onionshare-fix-install-paths.patch \ %D%/packages/patches/openexr-missing-samples.patch \ %D%/packages/patches/openjpeg-CVE-2016-5157.patch \ %D%/packages/patches/openjpeg-CVE-2016-7163.patch \ diff --git a/gnu/packages/patches/onionshare-fix-install-paths.patch b/gnu/packages/patches/onionshare-fix-install-paths.patch deleted file mode 100644 index 721b89f04b..0000000000 --- a/gnu/packages/patches/onionshare-fix-install-paths.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 7afdd3366711a0c508bfb9323af8f4268ab77c9b Mon Sep 17 00:00:00 2001 -From: Efraim Flashner -Date: Thu, 21 Jul 2016 13:22:45 +0300 -Subject: [PATCH] patch - ---- - setup.py | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/setup.py b/setup.py -index 8ae56fe..8b245c9 100644 ---- a/setup.py -+++ b/setup.py -@@ -91,15 +91,15 @@ setup( - include_package_data=True, - scripts=['install/scripts/onionshare', 'install/scripts/onionshare-gui'], - data_files=[ -- (os.path.join(sys.prefix, 'share/applications'), ['install/onionshare.desktop']), -- (os.path.join(sys.prefix, 'share/appdata'), ['install/onionshare.appdata.xml']), -- (os.path.join(sys.prefix, 'share/pixmaps'), ['install/onionshare80.xpm']), -- (os.path.join(sys.prefix, 'share/onionshare'), [ -+ ('share/applications', ['install/onionshare.desktop']), -+ ('share/appdata', ['install/onionshare.appdata.xml']), -+ ('share/pixmaps', ['install/onionshare80.xpm']), -+ ('share/onionshare', [ - 'resources/version.txt', - 'resources/wordlist.txt' - ]), -- (os.path.join(sys.prefix, 'share/onionshare/images'), images), -- (os.path.join(sys.prefix, 'share/onionshare/locale'), locale), -- (os.path.join(sys.prefix, 'share/onionshare/html'), html) -+ ('share/onionshare/images', images), -+ ('share/onionshare/locale', locale), -+ ('share/onionshare/html', html) - ] - ) --- -2.9.1 - diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm index 6d5994bf36..92644fed2e 100644 --- a/gnu/packages/tor.scm +++ b/gnu/packages/tor.scm @@ -138,7 +138,7 @@ networks.") (define-public onionshare (package (name "onionshare") - (version "0.9") + (version "0.9.2") (source (origin (method url-fetch) @@ -147,8 +147,7 @@ networks.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "0pc3xbq379415s0i0y6rz02hay20zbvgra1jmg4mgrl9vbdr8zmw")) - (patches (search-patches "onionshare-fix-install-paths.patch")))) + "02iv7dg15da57gy3zvfchnwwpr21n1gva7mqwpwr958ni2034smk")))) (build-system python-build-system) (arguments `(#:phases @@ -157,25 +156,17 @@ networks.") (lambda* (#:key outputs #:allow-other-keys) (let* ((out (assoc-ref outputs "out")) (onionshare (string-append out "/share/onionshare"))) - (substitute* - "install/pyinstaller.spec" - ;; inform onionshare where the 'resources' files are installed - (("../resources") onionshare)) - (substitute* - "onionshare/strings.py" + (substitute* "onionshare/strings.py" ;; correct the locale directory (("helpers.get_resource_path\\('locale'\\)") (string-append "'" onionshare "/locale'"))) - (substitute* - "onionshare/helpers.py" + (substitute* "onionshare/helpers.py" ;; correct the location of version.txt - (("/usr") out) (("get_resource_path\\('version.txt'\\)") (string-append "'" onionshare "/version.txt'")) (("get_resource_path\\('wordlist.txt'\\)") (string-append "'" onionshare "/wordlist.txt'"))) - (substitute* - "onionshare/web.py" + (substitute* "onionshare/web.py" ;; fix the location of the html files (("helpers.get_resource_path\\('html/denied.html'\\)") (string-append "'" onionshare "/html/denied.html'")) @@ -183,25 +174,26 @@ networks.") (string-append "'" onionshare "/html/404.html'")) (("helpers.get_resource_path\\('html/index.html'\\)") (string-append "'" onionshare "/html/index.html'"))) - (substitute* - "onionshare_gui/file_selection.py" + (substitute* "onionshare_gui/file_selection.py" + ;; fancy box image in the GUI (("helpers.get_resource_path\\('images/drop_files.png'\\)") (string-append "'" onionshare "/images/drop_files.png'"))) - (substitute* - "onionshare_gui/server_status.py" + (substitute* "onionshare_gui/server_status.py" (("helpers.get_resource_path\\('images/server_stopped.png'\\)") (string-append "'" onionshare "/images/server_stopped.png'")) (("helpers.get_resource_path\\('images/server_working.png'\\)") (string-append "'" onionshare "/images/server_working.png'")) (("helpers.get_resource_path\\('images/server_started.png'\\)") (string-append "'" onionshare "/images/server_started.png'"))) - (substitute* - "onionshare_gui/onionshare_gui.py" + (substitute* "onionshare_gui/onionshare_gui.py" + ;; for the icon on the GUI (("helpers.get_resource_path\\('images/logo.png'\\)") (string-append "'" onionshare "/images/logo.png'"))) - (substitute* - "install/onionshare.desktop" - (("/usr") out)) + (substitute* '("setup.py" "onionshare/helpers.py") + (("sys.prefix,") (string-append "'" out "',"))) + (substitute* "setup.py" + ;; for the nautilus plugin + (("/usr/share/nautilus") "share/nautilus")) #t))) (delete 'check) (add-before 'strip 'tests -- cgit v1.2.3 From f8faf537cae393b9d9bdb7fd476ad5f79dedaf91 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 16 Dec 2016 15:23:47 -0500 Subject: gnu: libupnp: Fix CVE-2016-8863. * gnu/packages/patches/libupnp-CVE-2016-8863.patch: New file. * gnu/local.mk (dist_patch_DATA): Use it. * gnu/packages/libupnp.scm (libupnp)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/libupnp.scm | 3 +- gnu/packages/patches/libupnp-CVE-2016-8863.patch | 72 ++++++++++++++++++++++++ 3 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/libupnp-CVE-2016-8863.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 694ce9495f..49fd2337cd 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -679,6 +679,7 @@ dist_patch_DATA = \ %D%/packages/patches/libtool-skip-tests2.patch \ %D%/packages/patches/libunwind-CVE-2015-3239.patch \ %D%/packages/patches/libupnp-CVE-2016-6255.patch \ + %D%/packages/patches/libupnp-CVE-2016-8863.patch \ %D%/packages/patches/libvpx-CVE-2016-2818.patch \ %D%/packages/patches/libwebp-CVE-2016-9085.patch \ %D%/packages/patches/libwmf-CAN-2004-0941.patch \ diff --git a/gnu/packages/libupnp.scm b/gnu/packages/libupnp.scm index b9209bf04b..ea4d1bd25e 100644 --- a/gnu/packages/libupnp.scm +++ b/gnu/packages/libupnp.scm @@ -32,7 +32,8 @@ (method url-fetch) (uri (string-append "mirror://sourceforge/pupnp/pupnp/libUPnP%20" version "/" name "-" version ".tar.bz2")) - (patches (search-patches "libupnp-CVE-2016-6255.patch")) + (patches (search-patches "libupnp-CVE-2016-6255.patch" + "libupnp-CVE-2016-8863.patch")) (sha256 (base32 "0qrsdsb1qm85hc4jy04qph895613d148f0x1mmk6z99y3q43fdgf")))) diff --git a/gnu/packages/patches/libupnp-CVE-2016-8863.patch b/gnu/packages/patches/libupnp-CVE-2016-8863.patch new file mode 100644 index 0000000000..9978b39487 --- /dev/null +++ b/gnu/packages/patches/libupnp-CVE-2016-8863.patch @@ -0,0 +1,72 @@ +Fix CVE-2016-8863: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8863 +https://sourceforge.net/p/pupnp/bugs/133/ + +Patch copied from upstream source repository: + +https://sourceforge.net/p/pupnp/code/ci/9c099c2923ab4d98530ab5204af1738be5bddba7/ + +From 9c099c2923ab4d98530ab5204af1738be5bddba7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= +Date: Thu, 8 Dec 2016 17:11:53 +0100 +Subject: [PATCH] Fix out-of-bound access in create_url_list() (CVE-2016-8863) + +If there is an invalid URL in URLS->buf after a valid one, uri_parse is +called with out pointing after the allocated memory. As uri_parse writes +to *out before returning an error the loop in create_url_list must be +stopped early to prevent an out-of-bound access + +Bug: https://sourceforge.net/p/pupnp/bugs/133/ +Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8863 +Bug-Debian: https://bugs.debian.org/842093 +Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=1388771 +(cherry picked from commit a0f6e719bc03c4d2fe6a4a42ef6b8761446f520b) +--- + upnp/src/gena/gena_device.c | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +diff --git a/upnp/src/gena/gena_device.c b/upnp/src/gena/gena_device.c +index fb04a29..245c56b 100644 +--- a/upnp/src/gena/gena_device.c ++++ b/upnp/src/gena/gena_device.c +@@ -1113,7 +1113,7 @@ static int create_url_list( + /*! [out] . */ + URL_list *out) + { +- size_t URLcount = 0; ++ size_t URLcount = 0, URLcount2 = 0; + size_t i; + int return_code = 0; + uri_type temp; +@@ -1155,16 +1155,23 @@ static int create_url_list( + } + memcpy( out->URLs, URLS->buff, URLS->size ); + out->URLs[URLS->size] = 0; +- URLcount = 0; + for( i = 0; i < URLS->size; i++ ) { + if( ( URLS->buff[i] == '<' ) && ( i + 1 < URLS->size ) ) { + if( ( ( return_code = + parse_uri( &out->URLs[i + 1], URLS->size - i + 1, +- &out->parsedURLs[URLcount] ) ) == ++ &out->parsedURLs[URLcount2] ) ) == + HTTP_SUCCESS ) +- && ( out->parsedURLs[URLcount].hostport.text.size != ++ && ( out->parsedURLs[URLcount2].hostport.text.size != + 0 ) ) { +- URLcount++; ++ URLcount2++; ++ if (URLcount2 >= URLcount) ++ /* ++ * break early here in case there is a bogus URL that ++ * was skipped above. This prevents to access ++ * out->parsedURLs[URLcount] which is beyond the ++ * allocation. ++ */ ++ break; + } else { + if( return_code == UPNP_E_OUTOF_MEMORY ) { + free( out->URLs ); +-- +2.11.0 + -- cgit v1.2.3 From 43686dcb2f99b2700255de7f4eedd608f6847078 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Mon, 19 Dec 2016 10:33:17 -0500 Subject: gnu: openssh: Update to 7.4p1. * gnu/packages/ssh.scm (openssh): Update to 7.4p1. [source]: Remove 'openssh-memory-exhaustion.patch'. * gnu/packages/patches/openssh-memory-exhaustion.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - .../patches/openssh-memory-exhaustion.patch | 39 ---------------------- gnu/packages/ssh.scm | 5 ++- 3 files changed, 2 insertions(+), 43 deletions(-) delete mode 100644 gnu/packages/patches/openssh-memory-exhaustion.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 49fd2337cd..c076ab969d 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -752,7 +752,6 @@ dist_patch_DATA = \ %D%/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch \ %D%/packages/patches/openjpeg-use-after-free-fix.patch \ %D%/packages/patches/openocd-nrf52.patch \ - %D%/packages/patches/openssh-memory-exhaustion.patch \ %D%/packages/patches/openssl-runpath.patch \ %D%/packages/patches/openssl-1.1.0-c-rehash-in.patch \ %D%/packages/patches/openssl-c-rehash-in.patch \ diff --git a/gnu/packages/patches/openssh-memory-exhaustion.patch b/gnu/packages/patches/openssh-memory-exhaustion.patch deleted file mode 100644 index 91fe294ca4..0000000000 --- a/gnu/packages/patches/openssh-memory-exhaustion.patch +++ /dev/null @@ -1,39 +0,0 @@ -Fix a memory exhaustion bug in the key exchange, whereby an unauthenticated user -could potentially consume 38400 MB of memory on the server: - -http://seclists.org/oss-sec/2016/q4/185 - -Patch adapted from upstream source repository: - -https://github.com/openssh/openssh-portable/commit/ec165c392ca54317dbe3064a8c200de6531e89ad - -From ec165c392ca54317dbe3064a8c200de6531e89ad Mon Sep 17 00:00:00 2001 -From: "markus@openbsd.org" -Date: Mon, 10 Oct 2016 19:28:48 +0000 -Subject: [PATCH] upstream commit - -Unregister the KEXINIT handler after message has been -received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause -allocation of up to 128MB -- until the connection is closed. Reported by -shilei-c at 360.cn - -Upstream-ID: 43649ae12a27ef94290db16d1a98294588b75c05 ---- - kex.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/kex.c b/kex.c -index 3f97f8c..6a94bc5 100644 ---- a/kex.c -+++ b/kex.c -@@ -481,6 +481,7 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt) - if (kex == NULL) - return SSH_ERR_INVALID_ARGUMENT; - -+ ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL); - ptr = sshpkt_ptr(ssh, &dlen); - if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0) - return r; --- -2.10.1 - diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm index ea5ec811d1..0fe6598bb2 100644 --- a/gnu/packages/ssh.scm +++ b/gnu/packages/ssh.scm @@ -112,7 +112,7 @@ a server that supports the SSH-2 protocol.") (define-public openssh (package (name "openssh") - (version "7.3p1") + (version "7.4p1") (source (origin (method url-fetch) (uri (let ((tail (string-append name "-" version ".tar.gz"))) @@ -122,9 +122,8 @@ a server that supports the SSH-2 protocol.") tail) (string-append "http://ftp2.fr.openbsd.org/pub/OpenBSD/OpenSSH/portable/" tail)))) - (patches (search-patches "openssh-memory-exhaustion.patch")) (sha256 (base32 - "1k5y1wi29d47cgizbryxrhc1fbjsba2x8l5mqfa9b9nadnd9iyrz")))) + "1l8r3x4fr2kb6xm95s7kjdif1wp6f94d4kljh4qjj9109shw87qv")))) (build-system gnu-build-system) (inputs `(("groff" ,groff) ("openssl" ,openssl) -- cgit v1.2.3 From 834d12226bed90800c0ee7886c0b90e65d070f97 Mon Sep 17 00:00:00 2001 From: Thomas Danckaert Date: Tue, 6 Dec 2016 14:55:39 +0100 Subject: gnu: kdbusaddons: Embed kinit store dir, avoid dependency cycles. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit kdbusaddons needs to know the location of the kdeinit5 executable, provided by kinit. kinit depends on kdbusaddons, so we add bootstrap versions of all packages in the dependency chain from kinit to kdbusaddons to avoid cyclic dependencies. * gnu/packages/kde-frameworks.scm (kinit-bootstrap, kdbusaddons-bootstrap): New variables. (kdbusaddons)[inputs]: Add kinit-bootstrap. [source,arguments]: Add patch and substitution to embed kinit-bootstrap's store directory in the code. * gnu/packages/patches/kdbusaddons-kinit-file-name.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 1 + gnu/packages/kde-frameworks.scm | 36 ++++++++++++++++++++-- .../patches/kdbusaddons-kinit-file-name.patch | 15 +++++++++ 3 files changed, 49 insertions(+), 3 deletions(-) create mode 100644 gnu/packages/patches/kdbusaddons-kinit-file-name.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index c076ab969d..3a56c840bc 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -639,6 +639,7 @@ dist_patch_DATA = \ %D%/packages/patches/isl-0.11.1-aarch64-support.patch \ %D%/packages/patches/jbig2dec-ignore-testtest.patch \ %D%/packages/patches/jq-CVE-2015-8863.patch \ + %D%/packages/patches/kdbusaddons-kinit-file-name.patch \ %D%/packages/patches/khmer-use-libraries.patch \ %D%/packages/patches/kmod-module-directory.patch \ %D%/packages/patches/kobodeluxe-paths.patch \ diff --git a/gnu/packages/kde-frameworks.scm b/gnu/packages/kde-frameworks.scm index 8b841330b8..94145fb95d 100644 --- a/gnu/packages/kde-frameworks.scm +++ b/gnu/packages/kde-frameworks.scm @@ -25,6 +25,7 @@ #:use-module ((guix licenses) #:prefix license:) #:use-module (guix packages) #:use-module (guix utils) + #:use-module (gnu packages) #:use-module (gnu packages acl) #:use-module (gnu packages admin) #:use-module (gnu packages attr) @@ -50,7 +51,8 @@ #:use-module (gnu packages version-control) #:use-module (gnu packages web) #:use-module (gnu packages xml) - #:use-module (gnu packages xorg)) + #:use-module (gnu packages xorg) + #:use-module (srfi srfi-1)) (define-public extra-cmake-modules (package @@ -516,7 +518,8 @@ many more.") name "-" version ".tar.xz")) (sha256 (base32 - "07mzb1xr8wyiid25p8kg6mjp6vq8ngvv1ikhq75zvd2cbax530c8")))) + "07mzb1xr8wyiid25p8kg6mjp6vq8ngvv1ikhq75zvd2cbax530c8")) + (patches (search-patches "kdbusaddons-kinit-file-name.patch")))) (build-system cmake-build-system) (native-inputs `(("extra-cmake-modules" ,extra-cmake-modules) @@ -524,10 +527,18 @@ many more.") ("qttools" ,qttools))) (inputs `(("qtbase" ,qtbase) - ("qtx11extras" ,qtx11extras))) + ("qtx11extras" ,qtx11extras) + ("kinit" ,kinit-bootstrap))) ;; kinit-bootstrap: kinit package which does not depend on kdbusaddons. (arguments `(#:phases (modify-phases %standard-phases + (add-before + 'configure 'patch-source + (lambda* (#:key inputs #:allow-other-keys) + ;; look for the kdeinit5 executable in kinit's store directory, + ;; instead of the current application's directory: + (substitute* "src/kdeinitinterface.cpp" + (("@SUBSTITUTEME@") (assoc-ref inputs "kinit"))))) (replace 'check (lambda _ (setenv "DBUS_FATAL_WARNINGS" "0") @@ -2866,3 +2877,22 @@ setUrl, setUserAgent and call.") script engines.") ;; dual licensed (license (list license:gpl2+ license:lgpl2.1+)))) + +;; This version of kdbusaddons does not use kinit as an input, and is used to +;; build kinit-bootstrap, as well as bootstrap versions of all kinit +;; dependencies which also rely on kdbusaddons. +(define kdbusaddons-bootstrap + (package + (inherit kdbusaddons) + (source (origin + (inherit (package-source kdbusaddons)) + (patches '()))) + (inputs (alist-delete "kinit" (package-inputs kdbusaddons))) + (arguments + (substitute-keyword-arguments (package-arguments kdbusaddons) + ((#:phases phases) + `(modify-phases ,phases + (delete 'patch-source))))))) + +(define kinit-bootstrap + ((package-input-rewriting `((,kdbusaddons . ,kdbusaddons-bootstrap))) kinit)) diff --git a/gnu/packages/patches/kdbusaddons-kinit-file-name.patch b/gnu/packages/patches/kdbusaddons-kinit-file-name.patch new file mode 100644 index 0000000000..ffed88e043 --- /dev/null +++ b/gnu/packages/patches/kdbusaddons-kinit-file-name.patch @@ -0,0 +1,15 @@ +Add placeholder for kinit's store file name. + +diff --git a/src/kdeinitinterface.cpp b/src/kdeinitinterface.cpp +index 22fa5e5..3d40937 100644 +--- a/src/kdeinitinterface.cpp ++++ b/src/kdeinitinterface.cpp +@@ -52,7 +52,7 @@ void KDEInitInterface::ensureKdeinitRunning() + // If not found in system paths, search other paths + if (srv.isEmpty()) { + const QStringList searchPaths = QStringList() +- << QCoreApplication::applicationDirPath() // then look where our application binary is located ++ << QString::fromUtf8("@SUBSTITUTEME@/bin") // using QStringLiteral would be more efficient, but breaks guix store reference detection. + << QLibraryInfo::location(QLibraryInfo::BinariesPath); // look where exec path is (can be set in qt.conf) + srv = QStandardPaths::findExecutable(QStringLiteral("kdeinit5"), searchPaths); + if (srv.isEmpty()) { -- cgit v1.2.3 From d229ba95024525a20a34106d875cde604c27817d Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Wed, 21 Dec 2016 21:28:15 +0200 Subject: gnu: qemu: Update to 2.8.0. * gnu/packages/qemu.scm (qemu): Update to 2.8.0. [source]: Remove patches. [arguments]: Set host_cc during 'configure. * gnu/packages/patches/qemu-CVE-2016-8576.patch, gnu/packages/patches/qemu-CVE-2016-8577.patch, gnu/packages/patches/qemu-CVE-2016-8577.patch: Remove files. * gnu/local.mk (dist_patch_DATA): Remove them. --- gnu/local.mk | 3 -- gnu/packages/patches/qemu-CVE-2016-8576.patch | 62 --------------------------- gnu/packages/patches/qemu-CVE-2016-8577.patch | 36 ---------------- gnu/packages/patches/qemu-CVE-2016-8578.patch | 27 ------------ gnu/packages/qemu.scm | 11 +++-- 5 files changed, 5 insertions(+), 134 deletions(-) delete mode 100644 gnu/packages/patches/qemu-CVE-2016-8576.patch delete mode 100644 gnu/packages/patches/qemu-CVE-2016-8577.patch delete mode 100644 gnu/packages/patches/qemu-CVE-2016-8578.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 3a56c840bc..f55d8e5e74 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -819,9 +819,6 @@ dist_patch_DATA = \ %D%/packages/patches/python-paste-remove-website-test.patch \ %D%/packages/patches/python-paste-remove-timing-test.patch \ %D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \ - %D%/packages/patches/qemu-CVE-2016-8576.patch \ - %D%/packages/patches/qemu-CVE-2016-8577.patch \ - %D%/packages/patches/qemu-CVE-2016-8578.patch \ %D%/packages/patches/qt4-ldflags.patch \ %D%/packages/patches/quickswitch-fix-dmenu-check.patch \ %D%/packages/patches/rapicorn-isnan.patch \ diff --git a/gnu/packages/patches/qemu-CVE-2016-8576.patch b/gnu/packages/patches/qemu-CVE-2016-8576.patch deleted file mode 100644 index 5031b59d81..0000000000 --- a/gnu/packages/patches/qemu-CVE-2016-8576.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 20009bdaf95d10bf748fa69b104672d3cfaceddf Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Fri, 7 Oct 2016 10:15:29 +0200 -Subject: [PATCH] xhci: limit the number of link trbs we are willing to process - -Signed-off-by: Gerd Hoffmann ---- - hw/usb/hcd-xhci.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c -index 726435c..ee4fa48 100644 ---- a/hw/usb/hcd-xhci.c -+++ b/hw/usb/hcd-xhci.c -@@ -54,6 +54,8 @@ - * to the specs when it gets them */ - #define ER_FULL_HACK - -+#define TRB_LINK_LIMIT 4 -+ - #define LEN_CAP 0x40 - #define LEN_OPER (0x400 + 0x10 * MAXPORTS) - #define LEN_RUNTIME ((MAXINTRS + 1) * 0x20) -@@ -1000,6 +1002,7 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb, - dma_addr_t *addr) - { - PCIDevice *pci_dev = PCI_DEVICE(xhci); -+ uint32_t link_cnt = 0; - - while (1) { - TRBType type; -@@ -1026,6 +1029,9 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb, - ring->dequeue += TRB_SIZE; - return type; - } else { -+ if (++link_cnt > TRB_LINK_LIMIT) { -+ return 0; -+ } - ring->dequeue = xhci_mask64(trb->parameter); - if (trb->control & TRB_LK_TC) { - ring->ccs = !ring->ccs; -@@ -1043,6 +1049,7 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring) - bool ccs = ring->ccs; - /* hack to bundle together the two/three TDs that make a setup transfer */ - bool control_td_set = 0; -+ uint32_t link_cnt = 0; - - while (1) { - TRBType type; -@@ -1058,6 +1065,9 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring) - type = TRB_TYPE(trb); - - if (type == TR_LINK) { -+ if (++link_cnt > TRB_LINK_LIMIT) { -+ return -length; -+ } - dequeue = xhci_mask64(trb.parameter); - if (trb.control & TRB_LK_TC) { - ccs = !ccs; --- -1.8.3.1 - diff --git a/gnu/packages/patches/qemu-CVE-2016-8577.patch b/gnu/packages/patches/qemu-CVE-2016-8577.patch deleted file mode 100644 index c4132d2fb1..0000000000 --- a/gnu/packages/patches/qemu-CVE-2016-8577.patch +++ /dev/null @@ -1,36 +0,0 @@ -Subject: [Qemu-devel] [PATCH] 9pfs: fix potential host memory leak in v9fs_read -From: Li Qiang - -In 9pfs read dispatch function, it doesn't free two QEMUIOVector -object thus causing potential memory leak. This patch avoid this. - -Signed-off-by: Li Qiang ---- - hw/9pfs/9p.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c -index 119ee58..543a791 100644 ---- a/hw/9pfs/9p.c -+++ b/hw/9pfs/9p.c -@@ -1826,14 +1826,15 @@ static void v9fs_read(void *opaque) - if (len < 0) { - /* IO error return the error */ - err = len; -- goto out; -+ goto out_free_iovec; - } - } while (count < max_count && len > 0); - err = pdu_marshal(pdu, offset, "d", count); - if (err < 0) { -- goto out; -+ goto out_free_iovec; - } - err += offset + count; -+out_free_iovec: - qemu_iovec_destroy(&qiov); - qemu_iovec_destroy(&qiov_full); - } else if (fidp->fid_type == P9_FID_XATTR) { --- -1.8.3.1 - diff --git a/gnu/packages/patches/qemu-CVE-2016-8578.patch b/gnu/packages/patches/qemu-CVE-2016-8578.patch deleted file mode 100644 index 92ba365727..0000000000 --- a/gnu/packages/patches/qemu-CVE-2016-8578.patch +++ /dev/null @@ -1,27 +0,0 @@ -From: Li Qiang - -In 9pfs function v9fs_iov_vunmarshal, it will not allocate space -for empty string. This will cause several NULL pointer dereference -issues. this patch fix this issue. - -Signed-off-by: Li Qiang ---- - fsdev/9p-iov-marshal.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/fsdev/9p-iov-marshal.c b/fsdev/9p-iov-marshal.c -index 663cad5..1d16f8d 100644 ---- a/fsdev/9p-iov-marshal.c -+++ b/fsdev/9p-iov-marshal.c -@@ -125,7 +125,7 @@ ssize_t v9fs_iov_vunmarshal(struct iovec *out_sg, int out_num, size_t offset, - str->data = g_malloc(str->size + 1); - copied = v9fs_unpack(str->data, out_sg, out_num, offset, - str->size); -- if (copied > 0) { -+ if (copied >= 0) { - str->data[str->size] = 0; - } else { - v9fs_string_free(str); --- -1.8.3.1 - diff --git a/gnu/packages/qemu.scm b/gnu/packages/qemu.scm index 805bb33b6b..4c47a09902 100644 --- a/gnu/packages/qemu.scm +++ b/gnu/packages/qemu.scm @@ -69,17 +69,14 @@ (define-public qemu (package (name "qemu") - (version "2.7.0") + (version "2.8.0") (source (origin (method url-fetch) (uri (string-append "http://wiki.qemu-project.org/download/qemu-" version ".tar.bz2")) (sha256 (base32 - "0lqyz01z90nvxpc3nx4djbci7hx62cwvs5zwd6phssds0sap6vij")) - (patches (search-patches "qemu-CVE-2016-8576.patch" - "qemu-CVE-2016-8577.patch" - "qemu-CVE-2016-8578.patch")))) + "0qjy3rcrn89n42y5iz60kgr0rrl29hpnj8mq2yvbc1wrcizmvzfs")))) (build-system gnu-build-system) (arguments '(;; Running tests in parallel can occasionally lead to failures, like: @@ -106,6 +103,8 @@ (apply system* `("./configure" ,(string-append "--cc=" (which "gcc")) + ;; Some architectures insist on using HOST_CC + ,(string-append "--host-cc=" (which "gcc")) "--disable-debug-info" ; save build space "--enable-virtfs" ; just to be sure ,(string-append "--prefix=" out) @@ -124,7 +123,7 @@ (add-before 'check 'make-gtester-verbose (lambda _ ;; Make GTester verbose to facilitate investigation upon failure. - (setenv "V" "1"))) + (setenv "V" "1") #t)) (add-before 'check 'disable-test-qga (lambda _ (substitute* "tests/Makefile.include" -- cgit v1.2.3 From 059b3aa9c335041d947cf2b765ab3dab811cfdc5 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Thu, 22 Dec 2016 14:56:48 +0100 Subject: gnu: gnupg: Fix build on 32-bit architectures. * gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/gnupg.scm (gnupg)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/gnupg.scm | 6 +++- .../gnupg-test-segfault-on-32bit-arch.patch | 40 ++++++++++++++++++++++ 3 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index f55d8e5e74..ee8f1e591f 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -588,6 +588,7 @@ dist_patch_DATA = \ %D%/packages/patches/gmp-faulty-test.patch \ %D%/packages/patches/gnome-tweak-tool-search-paths.patch \ %D%/packages/patches/gnucash-price-quotes-perl.patch \ + %D%/packages/patches/gnupg-test-segfault-on-32bit-arch.patch \ %D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \ %D%/packages/patches/gobject-introspection-cc.patch \ %D%/packages/patches/gobject-introspection-girepository.patch \ diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index 096fcb96f5..5d5a6cdff0 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -220,7 +220,11 @@ compatible to GNU Pth.") ".tar.bz2")) (sha256 (base32 - "1js308b46ifx1gim0c9nivr5yxhans7iq1yvkf7zl2928gdm9p65")))) + "1js308b46ifx1gim0c9nivr5yxhans7iq1yvkf7zl2928gdm9p65")) + (patches + ;; This fixes a test failure on 32bit. Remove for next version. + ;; https://lists.gnu.org/archive/html/guix-devel/2016-12/msg00869.html + (search-patches "gnupg-test-segfault-on-32bit-arch.patch")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) diff --git a/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch b/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch new file mode 100644 index 0000000000..79bb41caaa --- /dev/null +++ b/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch @@ -0,0 +1,40 @@ +This fixes a segfault on 32-bit architectures. Upstream discussion: + +https://lists.gnupg.org/pipermail/gnupg-devel/2016-December/032364.html + +Guix thread: https://lists.gnu.org/archive/html/guix-devel/2016-12/msg00631.html + +Patch copied from upstream source repository: + +https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=6e96cdd41a0e55b672309431062f37c4a4a9f485 + +From 6e96cdd41a0e55b672309431062f37c4a4a9f485 Mon Sep 17 00:00:00 2001 +From: Justus Winter +Date: Wed, 21 Dec 2016 16:14:45 +0100 +Subject: [PATCH] gpgscm: Guard use of union member. + +* tests/gpgscm/scheme.c (opexe_5): Check that we have a file port +before accessing filename. Fixes a crash on 32-bit architectures. + +Fixes-commit: e7429b1ced0c69fa7901f888f8dc25f00fc346a4 +Signed-off-by: Justus Winter +--- + tests/gpgscm/scheme.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c +index a5b7691..2844545 100644 +--- a/tests/gpgscm/scheme.c ++++ b/tests/gpgscm/scheme.c +@@ -4838,7 +4838,7 @@ static pointer opexe_5(scheme *sc, enum scheme_opcodes op) { + } else { + sc->nesting_stack[sc->file_i]++; + #if USE_TAGS && SHOW_ERROR_LINE +- { ++ if (sc->load_stack[sc->file_i].kind & port_file) { + const char *filename = + sc->load_stack[sc->file_i].rep.stdio.filename; + int lineno = +-- +2.8.0.rc3 + -- cgit v1.2.3 From 0c83c6bf2669367e81012391b5bc4ab0406ffbf3 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sat, 24 Dec 2016 19:09:03 -0500 Subject: gnu: libxml2: Fix CVE-2016-4658. * gnu/packages/xml.scm (libxml2)[replacement]: New field. (libxml2/fixed): New variable. * gnu/packages/patches/libxml2-CVE-2016-4658.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/patches/libxml2-CVE-2016-4658.patch | 257 +++++++++++++++++++++++ gnu/packages/xml.scm | 9 + 3 files changed, 267 insertions(+) create mode 100644 gnu/packages/patches/libxml2-CVE-2016-4658.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index ee8f1e591f..a1137cf36f 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -696,6 +696,7 @@ dist_patch_DATA = \ %D%/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch \ %D%/packages/patches/libwmf-CVE-2015-4695.patch \ %D%/packages/patches/libwmf-CVE-2015-4696.patch \ + %D%/packages/patches/libxml2-CVE-2016-4658.patch \ %D%/packages/patches/libxslt-generated-ids.patch \ %D%/packages/patches/libxslt-CVE-2016-4738.patch \ %D%/packages/patches/linux-pam-no-setfsuid.patch \ diff --git a/gnu/packages/patches/libxml2-CVE-2016-4658.patch b/gnu/packages/patches/libxml2-CVE-2016-4658.patch new file mode 100644 index 0000000000..a4e1f31fae --- /dev/null +++ b/gnu/packages/patches/libxml2-CVE-2016-4658.patch @@ -0,0 +1,257 @@ +Fix CVE-2016-4658: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658 + +Patch copied from upstream source repository: + +https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b + +From c1d1f7121194036608bf555f08d3062a36fd344b Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Tue, 28 Jun 2016 18:34:52 +0200 +Subject: [PATCH] Disallow namespace nodes in XPointer ranges + +Namespace nodes must be copied to avoid use-after-free errors. +But they don't necessarily have a physical representation in a +document, so simply disallow them in XPointer ranges. + +Found with afl-fuzz. + +Fixes CVE-2016-4658. +--- + xpointer.c | 149 +++++++++++++++++++++++-------------------------------------- + 1 file changed, 56 insertions(+), 93 deletions(-) + +diff --git a/xpointer.c b/xpointer.c +index a7b03fbd..694d120e 100644 +--- a/xpointer.c ++++ b/xpointer.c +@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) { + } + + /** ++ * xmlXPtrNewRangeInternal: ++ * @start: the starting node ++ * @startindex: the start index ++ * @end: the ending point ++ * @endindex: the ending index ++ * ++ * Internal function to create a new xmlXPathObjectPtr of type range ++ * ++ * Returns the newly created object. ++ */ ++static xmlXPathObjectPtr ++xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex, ++ xmlNodePtr end, int endindex) { ++ xmlXPathObjectPtr ret; ++ ++ /* ++ * Namespace nodes must be copied (see xmlXPathNodeSetDupNs). ++ * Disallow them for now. ++ */ ++ if ((start != NULL) && (start->type == XML_NAMESPACE_DECL)) ++ return(NULL); ++ if ((end != NULL) && (end->type == XML_NAMESPACE_DECL)) ++ return(NULL); ++ ++ ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); ++ if (ret == NULL) { ++ xmlXPtrErrMemory("allocating range"); ++ return(NULL); ++ } ++ memset(ret, 0, sizeof(xmlXPathObject)); ++ ret->type = XPATH_RANGE; ++ ret->user = start; ++ ret->index = startindex; ++ ret->user2 = end; ++ ret->index2 = endindex; ++ return(ret); ++} ++ ++/** + * xmlXPtrNewRange: + * @start: the starting node + * @startindex: the start index +@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex, + if (endindex < 0) + return(NULL); + +- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); +- if (ret == NULL) { +- xmlXPtrErrMemory("allocating range"); +- return(NULL); +- } +- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); +- ret->type = XPATH_RANGE; +- ret->user = start; +- ret->index = startindex; +- ret->user2 = end; +- ret->index2 = endindex; ++ ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex); + xmlXPtrRangeCheckOrder(ret); + return(ret); + } +@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) { + if (end->type != XPATH_POINT) + return(NULL); + +- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); +- if (ret == NULL) { +- xmlXPtrErrMemory("allocating range"); +- return(NULL); +- } +- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); +- ret->type = XPATH_RANGE; +- ret->user = start->user; +- ret->index = start->index; +- ret->user2 = end->user; +- ret->index2 = end->index; ++ ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user, ++ end->index); + xmlXPtrRangeCheckOrder(ret); + return(ret); + } +@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) { + if (start->type != XPATH_POINT) + return(NULL); + +- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); +- if (ret == NULL) { +- xmlXPtrErrMemory("allocating range"); +- return(NULL); +- } +- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); +- ret->type = XPATH_RANGE; +- ret->user = start->user; +- ret->index = start->index; +- ret->user2 = end; +- ret->index2 = -1; ++ ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1); + xmlXPtrRangeCheckOrder(ret); + return(ret); + } +@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) { + if (end->type != XPATH_POINT) + return(NULL); + +- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); +- if (ret == NULL) { +- xmlXPtrErrMemory("allocating range"); +- return(NULL); +- } +- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); +- ret->type = XPATH_RANGE; +- ret->user = start; +- ret->index = -1; +- ret->user2 = end->user; +- ret->index2 = end->index; ++ ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index); + xmlXPtrRangeCheckOrder(ret); + return(ret); + } +@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) { + if (end == NULL) + return(NULL); + +- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); +- if (ret == NULL) { +- xmlXPtrErrMemory("allocating range"); +- return(NULL); +- } +- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); +- ret->type = XPATH_RANGE; +- ret->user = start; +- ret->index = -1; +- ret->user2 = end; +- ret->index2 = -1; ++ ret = xmlXPtrNewRangeInternal(start, -1, end, -1); + xmlXPtrRangeCheckOrder(ret); + return(ret); + } +@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) { + if (start == NULL) + return(NULL); + +- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); +- if (ret == NULL) { +- xmlXPtrErrMemory("allocating range"); +- return(NULL); +- } +- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); +- ret->type = XPATH_RANGE; +- ret->user = start; +- ret->index = -1; +- ret->user2 = NULL; +- ret->index2 = -1; ++ ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1); + return(ret); + } + +@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) { + */ + xmlXPathObjectPtr + xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { ++ xmlNodePtr endNode; ++ int endIndex; + xmlXPathObjectPtr ret; + + if (start == NULL) +@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { + return(NULL); + switch (end->type) { + case XPATH_POINT: ++ endNode = end->user; ++ endIndex = end->index; ++ break; + case XPATH_RANGE: ++ endNode = end->user2; ++ endIndex = end->index2; + break; + case XPATH_NODESET: + /* +@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { + */ + if (end->nodesetval->nodeNr <= 0) + return(NULL); ++ endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1]; ++ endIndex = -1; + break; + default: + /* TODO */ + return(NULL); + } + +- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); +- if (ret == NULL) { +- xmlXPtrErrMemory("allocating range"); +- return(NULL); +- } +- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); +- ret->type = XPATH_RANGE; +- ret->user = start; +- ret->index = -1; +- switch (end->type) { +- case XPATH_POINT: +- ret->user2 = end->user; +- ret->index2 = end->index; +- break; +- case XPATH_RANGE: +- ret->user2 = end->user2; +- ret->index2 = end->index2; +- break; +- case XPATH_NODESET: { +- ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1]; +- ret->index2 = -1; +- break; +- } +- default: +- STRANGE +- return(NULL); +- } ++ ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex); + xmlXPtrRangeCheckOrder(ret); + return(ret); + } +-- +2.11.0 + diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index 594a1a471c..d821338b52 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -74,6 +74,7 @@ things the parser might find in the XML document (like start tags).") (define-public libxml2 (package (name "libxml2") + (replacement libxml2/fixed) (version "2.9.4") (source (origin (method url-fetch) @@ -101,6 +102,14 @@ things the parser might find in the XML document (like start tags).") project (but it is usable outside of the Gnome platform).") (license license:x11))) +(define libxml2/fixed + (package + (inherit libxml2) + (source + (origin + (inherit (package-source libxml2)) + (patches (search-patches "libxml2-CVE-2016-4658.patch")))))) + (define-public python-libxml2 (package (inherit libxml2) (name "python-libxml2") -- cgit v1.2.3 From 3a2bcac6bd5a372553079750717ed4e9e6a638f1 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sat, 24 Dec 2016 19:11:30 -0500 Subject: gnu: libxml2: Fix CVE-2016-5131. * gnu/packages/patches/libxml2-CVE-2016-5131.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/xml.scm (libxml2/fixed)[source]: Add it. --- gnu/local.mk | 1 + gnu/packages/patches/libxml2-CVE-2016-5131.patch | 218 +++++++++++++++++++++++ gnu/packages/xml.scm | 3 +- 3 files changed, 221 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/libxml2-CVE-2016-5131.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index a1137cf36f..106adb2351 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -697,6 +697,7 @@ dist_patch_DATA = \ %D%/packages/patches/libwmf-CVE-2015-4695.patch \ %D%/packages/patches/libwmf-CVE-2015-4696.patch \ %D%/packages/patches/libxml2-CVE-2016-4658.patch \ + %D%/packages/patches/libxml2-CVE-2016-5131.patch \ %D%/packages/patches/libxslt-generated-ids.patch \ %D%/packages/patches/libxslt-CVE-2016-4738.patch \ %D%/packages/patches/linux-pam-no-setfsuid.patch \ diff --git a/gnu/packages/patches/libxml2-CVE-2016-5131.patch b/gnu/packages/patches/libxml2-CVE-2016-5131.patch new file mode 100644 index 0000000000..38938c8e3e --- /dev/null +++ b/gnu/packages/patches/libxml2-CVE-2016-5131.patch @@ -0,0 +1,218 @@ +Fix CVE-2016-5131: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131 + +Patches copied from upstream source repository (the test suite fails +without the 2nd patch): + +https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e +https://git.gnome.org/browse/libxml2/commit/?id=a005199330b86dada19d162cae15ef9bdcb6baa8 + +From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Tue, 28 Jun 2016 14:22:23 +0200 +Subject: [PATCH] Fix XPointer paths beginning with range-to + +The old code would invoke the broken xmlXPtrRangeToFunction. range-to +isn't really a function but a special kind of location step. Remove +this function and always handle range-to in the XPath code. + +The old xmlXPtrRangeToFunction could also be abused to trigger a +use-after-free error with the potential for remote code execution. + +Found with afl-fuzz. + +Fixes CVE-2016-5131. +--- + result/XPath/xptr/vidbase | 13 ++++++++ + test/XPath/xptr/vidbase | 1 + + xpath.c | 7 ++++- + xpointer.c | 76 ++++------------------------------------------- + 4 files changed, 26 insertions(+), 71 deletions(-) + +diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase +index 8b9e92d6..f19193e7 100644 +--- a/result/XPath/xptr/vidbase ++++ b/result/XPath/xptr/vidbase +@@ -17,3 +17,16 @@ Object is a Location Set: + To node + ELEMENT p + ++ ++======================== ++Expression: xpointer(range-to(id('chapter2'))) ++Object is a Location Set: ++1 : Object is a range : ++ From node ++ / ++ To node ++ ELEMENT chapter ++ ATTRIBUTE id ++ TEXT ++ content=chapter2 ++ +diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase +index b1463830..884b1065 100644 +--- a/test/XPath/xptr/vidbase ++++ b/test/XPath/xptr/vidbase +@@ -1,2 +1,3 @@ + xpointer(id('chapter1')/p) + xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2])) ++xpointer(range-to(id('chapter2'))) +diff --git a/xpath.c b/xpath.c +index d992841e..5a01b1b3 100644 +--- a/xpath.c ++++ b/xpath.c +@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) { + lc = 1; + break; + } else if ((NXT(len) == '(')) { +- /* Note Type or Function */ ++ /* Node Type or Function */ + if (xmlXPathIsNodeType(name)) { + #ifdef DEBUG_STEP + xmlGenericError(xmlGenericErrorContext, + "PathExpr: Type search\n"); + #endif + lc = 1; ++#ifdef LIBXML_XPTR_ENABLED ++ } else if (ctxt->xptr && ++ xmlStrEqual(name, BAD_CAST "range-to")) { ++ lc = 1; ++#endif + } else { + #ifdef DEBUG_STEP + xmlGenericError(xmlGenericErrorContext, +diff --git a/xpointer.c b/xpointer.c +index 676c5105..d74174a3 100644 +--- a/xpointer.c ++++ b/xpointer.c +@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) { + ret->here = here; + ret->origin = origin; + +- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to", +- xmlXPtrRangeToFunction); + xmlXPathRegisterFunc(ret, (xmlChar *)"range", + xmlXPtrRangeFunction); + xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside", +@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) { + * @nargs: the number of args + * + * Implement the range-to() XPointer function ++ * ++ * Obsolete. range-to is not a real function but a special type of location ++ * step which is handled in xpath.c. + */ + void +-xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) { +- xmlXPathObjectPtr range; +- const xmlChar *cur; +- xmlXPathObjectPtr res, obj; +- xmlXPathObjectPtr tmp; +- xmlLocationSetPtr newset = NULL; +- xmlNodeSetPtr oldset; +- int i; +- +- if (ctxt == NULL) return; +- CHECK_ARITY(1); +- /* +- * Save the expression pointer since we will have to evaluate +- * it multiple times. Initialize the new set. +- */ +- CHECK_TYPE(XPATH_NODESET); +- obj = valuePop(ctxt); +- oldset = obj->nodesetval; +- ctxt->context->node = NULL; +- +- cur = ctxt->cur; +- newset = xmlXPtrLocationSetCreate(NULL); +- +- for (i = 0; i < oldset->nodeNr; i++) { +- ctxt->cur = cur; +- +- /* +- * Run the evaluation with a node list made of a single item +- * in the nodeset. +- */ +- ctxt->context->node = oldset->nodeTab[i]; +- tmp = xmlXPathNewNodeSet(ctxt->context->node); +- valuePush(ctxt, tmp); +- +- xmlXPathEvalExpr(ctxt); +- CHECK_ERROR; +- +- /* +- * The result of the evaluation need to be tested to +- * decided whether the filter succeeded or not +- */ +- res = valuePop(ctxt); +- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res); +- if (range != NULL) { +- xmlXPtrLocationSetAdd(newset, range); +- } +- +- /* +- * Cleanup +- */ +- if (res != NULL) +- xmlXPathFreeObject(res); +- if (ctxt->value == tmp) { +- res = valuePop(ctxt); +- xmlXPathFreeObject(res); +- } +- +- ctxt->context->node = NULL; +- } +- +- /* +- * The result is used as the new evaluation set. +- */ +- xmlXPathFreeObject(obj); +- ctxt->context->node = NULL; +- ctxt->context->contextSize = -1; +- ctxt->context->proximityPosition = -1; +- valuePush(ctxt, xmlXPtrWrapLocationSet(newset)); ++xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, ++ int nargs ATTRIBUTE_UNUSED) { ++ XP_ERROR(XPATH_EXPR_ERROR); + } + + /** +-- +2.11.0 + +From a005199330b86dada19d162cae15ef9bdcb6baa8 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Tue, 28 Jun 2016 14:19:58 +0200 +Subject: [PATCH] Fix comparison with root node in xmlXPathCmpNodes + +This change has already been made in xmlXPathCmpNodesExt but not in +xmlXPathCmpNodes. +--- + xpath.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/xpath.c b/xpath.c +index 751665b8..d992841e 100644 +--- a/xpath.c ++++ b/xpath.c +@@ -3342,13 +3342,13 @@ xmlXPathCmpNodes(xmlNodePtr node1, xmlNodePtr node2) { + * compute depth to root + */ + for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) { +- if (cur == node1) ++ if (cur->parent == node1) + return(1); + depth2++; + } + root = cur; + for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) { +- if (cur == node2) ++ if (cur->parent == node2) + return(-1); + depth1++; + } +-- +2.11.0 + diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index d821338b52..32b658489c 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -108,7 +108,8 @@ project (but it is usable outside of the Gnome platform).") (source (origin (inherit (package-source libxml2)) - (patches (search-patches "libxml2-CVE-2016-4658.patch")))))) + (patches (search-patches "libxml2-CVE-2016-4658.patch" + "libxml2-CVE-2016-5131.patch")))))) (define-public python-libxml2 (package (inherit libxml2) -- cgit v1.2.3 From 91426243f15696c38fbe84d3885a71f45911217f Mon Sep 17 00:00:00 2001 From: ng0 Date: Mon, 26 Dec 2016 20:53:40 +0000 Subject: gnu: awesome: Update to 4.0. * gnu/packages/wm.scm (awesome): Update to 4.0. [source]: Adjust URL. [inputs]: Add xcb-util-xrm and libxkbcommon. * gnu/packages/patches/awesome-reproducible-png.patch: Adjust patch. Signed-off-by: Leo Famulari --- gnu/packages/patches/awesome-reproducible-png.patch | 4 ++-- gnu/packages/wm.scm | 12 +++++++----- 2 files changed, 9 insertions(+), 7 deletions(-) (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/awesome-reproducible-png.patch b/gnu/packages/patches/awesome-reproducible-png.patch index 0fae65bc71..d8e92c70f9 100644 --- a/gnu/packages/patches/awesome-reproducible-png.patch +++ b/gnu/packages/patches/awesome-reproducible-png.patch @@ -7,8 +7,8 @@ See . set(ALL_ICONS ${ALL_ICONS} ${output}) add_custom_command( -- COMMAND ${CONVERT_EXECUTABLE} ${input} ${ARGN} ${output} -+ COMMAND ${CONVERT_EXECUTABLE} +set date:create +set date:modify -define png:exclude-chunk=time ${input} ${ARGN} ${output} +- COMMAND ${CONVERT_EXECUTABLE} ${input} -strip ${ARGN} ${output} ++ COMMAND ${CONVERT_EXECUTABLE} +set date:create +set date:modify -define png:exclude-chunk=time ${input} -strip ${ARGN} ${output} OUTPUT ${output} DEPENDS ${input} VERBATIM) diff --git a/gnu/packages/wm.scm b/gnu/packages/wm.scm index 46a8c3f873..6713560c5f 100644 --- a/gnu/packages/wm.scm +++ b/gnu/packages/wm.scm @@ -9,7 +9,7 @@ ;;; Copyright © 2016 Al McElrath ;;; Copyright © 2016 Carlo Zancanaro ;;; Copyright © 2016 Ludovic Courtès -;;; Copyright © 2016 ng0 +;;; Copyright © 2016 ng0 ;;; Copyright © 2016 doncatnip ;;; Copyright © 2016 Ivan Vilata i Balaguer ;;; @@ -497,15 +497,15 @@ experience.") (define-public awesome (package (name "awesome") - (version "3.5.9") + (version "4.0") (source (origin (method url-fetch) (uri (string-append - "https://awesome.naquadah.org/download/awesome-" - version ".tar.xz")) + "https://github.com/awesomeWM/awesome-releases/raw/" + "master/awesome-" version ".tar.xz")) (sha256 (base32 - "0kynair1ykr74b39a4gcm2y24viial64337cf26nhlc7azjbby67")) + "0czkcz67sab63gf5m2p2pgg05yinjx60hfb9rfyzdkkg28q9f02w")) (modules '((guix build utils) (srfi srfi-19))) (snippet @@ -538,6 +538,7 @@ experience.") ("libxcb" ,libxcb) ("libxcursor" ,libxcursor) ("libxdg-basedir" ,libxdg-basedir) + ("libxkbcommon" ,libxkbcommon) ("lua" ,lua) ("lua-lgi",lua-lgi) ("pango" ,pango) @@ -547,6 +548,7 @@ experience.") ("xcb-util-image" ,xcb-util-image) ("xcb-util-keysyms" ,xcb-util-keysyms) ("xcb-util-renderutil" ,xcb-util-renderutil) + ("xcb-util-xrm" ,xcb-util-xrm) ("xcb-util-wm" ,xcb-util-wm))) (arguments `(;; Let compression happen in our 'compress-documentation' phase so that -- cgit v1.2.3 From 322e724bfad9f82149c3f83416234ab19486a229 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Thu, 29 Dec 2016 13:01:55 -0500 Subject: gnu: libpng: Fix a null pointer dereference [fixes security issue]. * gnu/packages/patches/libpng-fix-null-ptr-dereference.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/image.scm (libpng)[replacement]: New field. (libpng/fixed): New variable. --- gnu/local.mk | 1 + gnu/packages/image.scm | 9 ++++++ .../patches/libpng-fix-null-ptr-dereference.patch | 36 ++++++++++++++++++++++ 3 files changed, 46 insertions(+) create mode 100644 gnu/packages/patches/libpng-fix-null-ptr-dereference.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 106adb2351..38c1b0b94e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -675,6 +675,7 @@ dist_patch_DATA = \ %D%/packages/patches/libmad-armv7-thumb-pt2.patch \ %D%/packages/patches/libmad-frame-length.patch \ %D%/packages/patches/libmad-mips-newgcc.patch \ + %D%/packages/patches/libpng-fix-null-ptr-dereference.patch \ %D%/packages/patches/libssh-0.6.5-CVE-2016-0739.patch \ %D%/packages/patches/libtar-CVE-2013-4420.patch \ %D%/packages/patches/libtheora-config-guess.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 1c500b3341..69eeaed58d 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -64,6 +64,7 @@ (define-public libpng (package (name "libpng") + (replacement libpng/fixed) (version "1.6.25") (source (origin (method url-fetch) @@ -88,6 +89,14 @@ library. It supports almost all PNG features and is extensible.") (license license:zlib) (home-page "http://www.libpng.org/pub/png/libpng.html"))) +(define libpng/fixed + (package + (inherit libpng) + (source + (origin + (inherit (package-source libpng)) + (patches (search-patches "libpng-fix-null-ptr-dereference.patch")))))) + (define-public libpng-1.2 (package (inherit libpng) diff --git a/gnu/packages/patches/libpng-fix-null-ptr-dereference.patch b/gnu/packages/patches/libpng-fix-null-ptr-dereference.patch new file mode 100644 index 0000000000..192459162b --- /dev/null +++ b/gnu/packages/patches/libpng-fix-null-ptr-dereference.patch @@ -0,0 +1,36 @@ +Fix a null pointer dereference in png_set_text_2(): + +http://seclists.org/oss-sec/2016/q4/777 + +Patch adapted from upstream source repository: + +https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb/ + +From 812768d7a9c973452222d454634496b25ed415eb Mon Sep 17 00:00:00 2001 +From: Glenn Randers-Pehrson +Date: Thu, 29 Dec 2016 07:51:33 -0600 +Subject: [PATCH] [libpng16] Fixed a potential null pointer dereference in + png_set_text_2() + +(bug report and patch by Patrick Keshishian). +--- + ANNOUNCE | 2 ++ + CHANGES | 2 ++ + png.c | 1 + + 3 files changed, 5 insertions(+) + +diff --git a/png.c b/png.c +index 8afc28fc2..2e05de159 100644 +--- a/png.c ++++ b/png.c +@@ -477,6 +477,7 @@ png_free_data(png_const_structrp png_ptr, png_inforp info_ptr, png_uint_32 mask, + png_free(png_ptr, info_ptr->text); + info_ptr->text = NULL; + info_ptr->num_text = 0; ++ info_ptr->max_text = 0; + } + } + #endif +-- +2.11.0 + -- cgit v1.2.3 From a29929b32caf9e437d18bdb0cd4d1b22bc096fed Mon Sep 17 00:00:00 2001 From: Ben Woodcroft Date: Fri, 30 Dec 2016 17:21:37 +1000 Subject: gnu: multiqc: Update to 0.9. Suggested by Raoul Bonnal . * gnu/packages/bioinformatics.scm (multiqc): Update to 0.9. [origin]: Add patch. * gnu/packages/patches/multiqc-fix-git-subprocess-error.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/bioinformatics.scm | 9 +++++++-- .../patches/multiqc-fix-git-subprocess-error.patch | 16 ++++++++++++++++ 3 files changed, 24 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/multiqc-fix-git-subprocess-error.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 38c1b0b94e..b7c182fbf6 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -730,6 +730,7 @@ dist_patch_DATA = \ %D%/packages/patches/mpc123-initialize-ao.patch \ %D%/packages/patches/mplayer2-theora-fix.patch \ %D%/packages/patches/module-init-tools-moduledir.patch \ + %D%/packages/patches/multiqc-fix-git-subprocess-error.patch \ %D%/packages/patches/mumps-build-parallelism.patch \ %D%/packages/patches/mupdf-build-with-openjpeg-2.1.patch \ %D%/packages/patches/mupen64plus-ui-console-notice.patch \ diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm index 07c4a0a1b7..54c8ce0f63 100644 --- a/gnu/packages/bioinformatics.scm +++ b/gnu/packages/bioinformatics.scm @@ -7855,15 +7855,20 @@ replacement for strverscmp.") (define-public multiqc (package (name "multiqc") - (version "0.6") + (version "0.9") (source (origin (method url-fetch) (uri (pypi-uri "multiqc" version)) (sha256 (base32 - "0avw11h63ldpxy5pizc3wl1wa01ha7q10wb240nggsjz3jaqvyiy")))) + "12gs1jw2jrxrij529rnl5kaqxfcqn15yzcsggxkfhdx634ml0cny")) + (patches (search-patches "multiqc-fix-git-subprocess-error.patch")))) (build-system python-build-system) + (arguments + ;; Tests are to be introduced in the next version, see + ;; https://github.com/ewels/MultiQC/issues/376 + `(#:tests? #f)) (propagated-inputs `(("python-jinja2" ,python-jinja2) ("python-simplejson" ,python-simplejson) diff --git a/gnu/packages/patches/multiqc-fix-git-subprocess-error.patch b/gnu/packages/patches/multiqc-fix-git-subprocess-error.patch new file mode 100644 index 0000000000..87be6142f4 --- /dev/null +++ b/gnu/packages/patches/multiqc-fix-git-subprocess-error.patch @@ -0,0 +1,16 @@ +Without this patch, the incorrect exception is caught when 'git' is not in +PATH. See https://github.com/ewels/MultiQC/pull/377. + +diff --git a/multiqc/utils/config.py b/multiqc/utils/config.py +index 01fa554..4a11793 100755 +--- a/multiqc/utils/config.py ++++ b/multiqc/utils/config.py +@@ -28,7 +28,7 @@ try: + git_hash = subprocess.check_output(['git', 'rev-parse', 'HEAD'], stderr=subprocess.STDOUT) + git_hash_short = git_hash[:7] + version = '{} ({})'.format(version, git_hash_short) +-except subprocess.CalledProcessError: ++except (subprocess.CalledProcessError, FileNotFoundError): + pass + os.chdir(cwd) + -- cgit v1.2.3 From 858b9afeaf1b41dc524b50c568dccb38c8ef4e73 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 30 Dec 2016 14:29:48 -0500 Subject: gnu: libpng: Mention CVE-2016-10087. * gnu/packages/patches/libpng-fix-null-ptr-dereference.patch: Rename to ... * gnu/packages/patches/libpng-CVE-2016-10087.patch: ... this. * gnu/local.mk (dist_patch_DATA): Adjust. * gnu/packages/image.scm (libpng/fixed)[source]: Use renamed patch. --- gnu/local.mk | 2 +- gnu/packages/image.scm | 2 +- gnu/packages/patches/libpng-CVE-2016-10087.patch | 37 ++++++++++++++++++++++ .../patches/libpng-fix-null-ptr-dereference.patch | 36 --------------------- 4 files changed, 39 insertions(+), 38 deletions(-) create mode 100644 gnu/packages/patches/libpng-CVE-2016-10087.patch delete mode 100644 gnu/packages/patches/libpng-fix-null-ptr-dereference.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index b7c182fbf6..69633131e6 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -675,7 +675,7 @@ dist_patch_DATA = \ %D%/packages/patches/libmad-armv7-thumb-pt2.patch \ %D%/packages/patches/libmad-frame-length.patch \ %D%/packages/patches/libmad-mips-newgcc.patch \ - %D%/packages/patches/libpng-fix-null-ptr-dereference.patch \ + %D%/packages/patches/libpng-CVE-2016-10087.patch \ %D%/packages/patches/libssh-0.6.5-CVE-2016-0739.patch \ %D%/packages/patches/libtar-CVE-2013-4420.patch \ %D%/packages/patches/libtheora-config-guess.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 687596f966..ab4d3b0e57 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -95,7 +95,7 @@ library. It supports almost all PNG features and is extensible.") (source (origin (inherit (package-source libpng)) - (patches (search-patches "libpng-fix-null-ptr-dereference.patch")))))) + (patches (search-patches "libpng-CVE-2016-10087.patch")))))) (define-public libpng-1.2 (package diff --git a/gnu/packages/patches/libpng-CVE-2016-10087.patch b/gnu/packages/patches/libpng-CVE-2016-10087.patch new file mode 100644 index 0000000000..8093b3e448 --- /dev/null +++ b/gnu/packages/patches/libpng-CVE-2016-10087.patch @@ -0,0 +1,37 @@ +Fix CVE-2016-10087, a null pointer dereference in png_set_text_2(): + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087 +http://seclists.org/oss-sec/2016/q4/777 + +Patch adapted from upstream source repository: + +https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb/ + +From 812768d7a9c973452222d454634496b25ed415eb Mon Sep 17 00:00:00 2001 +From: Glenn Randers-Pehrson +Date: Thu, 29 Dec 2016 07:51:33 -0600 +Subject: [PATCH] [libpng16] Fixed a potential null pointer dereference in + png_set_text_2() + +(bug report and patch by Patrick Keshishian). +--- + ANNOUNCE | 2 ++ + CHANGES | 2 ++ + png.c | 1 + + 3 files changed, 5 insertions(+) + +diff --git a/png.c b/png.c +index 8afc28fc2..2e05de159 100644 +--- a/png.c ++++ b/png.c +@@ -477,6 +477,7 @@ png_free_data(png_const_structrp png_ptr, png_inforp info_ptr, png_uint_32 mask, + png_free(png_ptr, info_ptr->text); + info_ptr->text = NULL; + info_ptr->num_text = 0; ++ info_ptr->max_text = 0; + } + } + #endif +-- +2.11.0 + diff --git a/gnu/packages/patches/libpng-fix-null-ptr-dereference.patch b/gnu/packages/patches/libpng-fix-null-ptr-dereference.patch deleted file mode 100644 index 192459162b..0000000000 --- a/gnu/packages/patches/libpng-fix-null-ptr-dereference.patch +++ /dev/null @@ -1,36 +0,0 @@ -Fix a null pointer dereference in png_set_text_2(): - -http://seclists.org/oss-sec/2016/q4/777 - -Patch adapted from upstream source repository: - -https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb/ - -From 812768d7a9c973452222d454634496b25ed415eb Mon Sep 17 00:00:00 2001 -From: Glenn Randers-Pehrson -Date: Thu, 29 Dec 2016 07:51:33 -0600 -Subject: [PATCH] [libpng16] Fixed a potential null pointer dereference in - png_set_text_2() - -(bug report and patch by Patrick Keshishian). ---- - ANNOUNCE | 2 ++ - CHANGES | 2 ++ - png.c | 1 + - 3 files changed, 5 insertions(+) - -diff --git a/png.c b/png.c -index 8afc28fc2..2e05de159 100644 ---- a/png.c -+++ b/png.c -@@ -477,6 +477,7 @@ png_free_data(png_const_structrp png_ptr, png_inforp info_ptr, png_uint_32 mask, - png_free(png_ptr, info_ptr->text); - info_ptr->text = NULL; - info_ptr->num_text = 0; -+ info_ptr->max_text = 0; - } - } - #endif --- -2.11.0 - -- cgit v1.2.3 From 25d84d3122b8de29a67d69e8ff5de6660b8d44c5 Mon Sep 17 00:00:00 2001 From: Ben Woodcroft Date: Sun, 1 Jan 2017 16:37:08 +1000 Subject: gnu: python-dendropy: Update to 4.2.0. * gnu/packages/bioinformatics.scm (python-dendropy): Update to 4.2.0. [source]: Remove patch. (python2-dendropy)[source]: Use the same source as python-dendropy. * gnu/packages/patches/python-dendropy-exclude-failing-tests.patch: Remove file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/bioinformatics.scm | 18 ++---------------- .../python-dendropy-exclude-failing-tests.patch | 21 --------------------- 3 files changed, 2 insertions(+), 38 deletions(-) delete mode 100644 gnu/packages/patches/python-dendropy-exclude-failing-tests.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 69633131e6..6ab1c1c488 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -814,7 +814,6 @@ dist_patch_DATA = \ %D%/packages/patches/python-3-search-paths.patch \ %D%/packages/patches/python-3.4-fix-tests.patch \ %D%/packages/patches/python-3.5-fix-tests.patch \ - %D%/packages/patches/python-dendropy-exclude-failing-tests.patch \ %D%/packages/patches/python-file-double-encoding-bug.patch \ %D%/packages/patches/python-fix-tests.patch \ %D%/packages/patches/python-parse-too-many-fields.patch \ diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm index b1d0c38a49..7a61de2eda 100644 --- a/gnu/packages/bioinformatics.scm +++ b/gnu/packages/bioinformatics.scm @@ -1930,19 +1930,14 @@ accessing bigWig files.") (define-public python-dendropy (package (name "python-dendropy") - (version "4.1.0") + (version "4.2.0") (source (origin (method url-fetch) (uri (pypi-uri "DendroPy" version)) (sha256 (base32 - "1jfz7gp18wph311w1yygbvjanb3n5mdqal439bb6myw41dwb5m63")) - ;; There are two known test failures that will be fixed in the next - ;; release after 4.1.0. - ;; https://github.com/jeetsukumaran/DendroPy/issues/48 - (patches (search-patches - "python-dendropy-exclude-failing-tests.patch")))) + "15c7s3d5gf19ljsxvq5advaa752wfi7pwrdjyhzmg85hccyvp47p")))) (build-system python-build-system) (home-page "http://packages.python.org/DendroPy/") (synopsis "Library for phylogenetics and phylogenetic computing") @@ -1957,15 +1952,6 @@ trees (phylogenies) and characters.") (let ((base (package-with-python2 (strip-python2-variant python-dendropy)))) (package (inherit base) - ;; Do not use same source as 'python-dendropy' because the patched - ;; failing tests do not occur on Python 2. - (source - (origin - (method url-fetch) - (uri (pypi-uri "DendroPy" (package-version base))) - (sha256 - (base32 - "1jfz7gp18wph311w1yygbvjanb3n5mdqal439bb6myw41dwb5m63")))) (arguments `(#:python ,python-2 #:phases diff --git a/gnu/packages/patches/python-dendropy-exclude-failing-tests.patch b/gnu/packages/patches/python-dendropy-exclude-failing-tests.patch deleted file mode 100644 index 288a58b06f..0000000000 --- a/gnu/packages/patches/python-dendropy-exclude-failing-tests.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff --git a/dendropy/test/test_phylogenetic_distance_matrix.py b/dendropy/test/test_phylogenetic_distance_matrix.py -index 10c05f5..a18ba52 100644 ---- a/dendropy/test/test_phylogenetic_distance_matrix.py -+++ b/dendropy/test/test_phylogenetic_distance_matrix.py -@@ -793,7 +793,7 @@ class PdmUpgmaTree(PdmTreeChecker, unittest.TestCase): - expected_tree=expected_tree) - - class NodeToNodeDistancesTest(unittest.TestCase): -- -+ @unittest.expectedFailure - def test_distances(self): - ## get distances from ape - # library(ape) -@@ -825,6 +825,7 @@ class NodeToNodeDistancesTest(unittest.TestCase): - e = reference_table[nd1.label, nd2.label] - self.assertAlmostEqual(d, e) - -+ @unittest.expectedFailure - def test_mrca(self): - test_runs = [ - "hiv1.newick", -- cgit v1.2.3 From 6a37872cd2c132371ef2cb5344e004c63fdeb927 Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Tue, 3 Jan 2017 08:11:15 -0500 Subject: gnu: chicken: Fix CVE-2016-{6830,6831}. * gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch: New file. * gnu/local.mk (dist_patch_DATA): Use it. * gnu/packages/scheme.scm (chicken)[source]: Use it. --- gnu/local.mk | 1 + .../chicken-CVE-2016-6830+CVE-2016-6831.patch | 81 ++++++++++++++++++++++ gnu/packages/scheme.scm | 4 +- 3 files changed, 85 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 6ab1c1c488..0c42f9f442 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -497,6 +497,7 @@ dist_patch_DATA = \ %D%/packages/patches/calibre-drop-unrar.patch \ %D%/packages/patches/calibre-no-updates-dialog.patch \ %D%/packages/patches/cdparanoia-fpic.patch \ + %D%/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch \ %D%/packages/patches/chmlib-inttypes.patch \ %D%/packages/patches/clang-libc-search-path.patch \ %D%/packages/patches/clang-3.8-libc-search-path.patch \ diff --git a/gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch b/gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch new file mode 100644 index 0000000000..59decde0e9 --- /dev/null +++ b/gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch @@ -0,0 +1,81 @@ +diff -ur a/irregex-core.scm b/irregex-core.scm +--- a/irregex-core.scm 2016-09-11 19:03:00.000000000 -0400 ++++ b/irregex-core.scm 2017-01-01 22:24:08.000000000 -0500 +@@ -30,6 +30,8 @@ + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + ;;;; History ++;; 0.9.6: 2016/12/05 - fixed exponential memory use of + in compilation ++;; of backtracking matcher. + ;; 0.9.5: 2016/09/10 - fixed a bug in irregex-fold handling of bow + ;; 0.9.4: 2015/12/14 - performance improvement for {n,m} matches + ;; 0.9.3: 2014/07/01 - R7RS library +@@ -3170,16 +3172,7 @@ + ((sre-empty? (sre-sequence (cdr sre))) + (error "invalid sre: empty *" sre)) + (else +- (letrec +- ((body +- (lp (sre-sequence (cdr sre)) +- n +- flags +- (lambda (cnk init src str i end matches fail) +- (body cnk init src str i end matches +- (lambda () +- (next cnk init src str i end matches fail) +- )))))) ++ (let ((body (rec (list '+ (sre-sequence (cdr sre)))))) + (lambda (cnk init src str i end matches fail) + (body cnk init src str i end matches + (lambda () +@@ -3204,10 +3197,21 @@ + (lambda () + (body cnk init src str i end matches fail)))))))) + ((+) +- (lp (sre-sequence (cdr sre)) +- n +- flags +- (rec (list '* (sre-sequence (cdr sre)))))) ++ (cond ++ ((sre-empty? (sre-sequence (cdr sre))) ++ (error "invalid sre: empty +" sre)) ++ (else ++ (letrec ++ ((body ++ (lp (sre-sequence (cdr sre)) ++ n ++ flags ++ (lambda (cnk init src str i end matches fail) ++ (body cnk init src str i end matches ++ (lambda () ++ (next cnk init src str i end matches fail) ++ )))))) ++ body)))) + ((=) + (rec `(** ,(cadr sre) ,(cadr sre) ,@(cddr sre)))) + ((>=) +diff -ur a/irregex-utils.scm b/irregex-utils.scm +--- a/irregex-utils.scm 2016-09-11 19:03:00.000000000 -0400 ++++ b/irregex-utils.scm 2017-01-01 22:25:25.000000000 -0500 +@@ -89,7 +89,7 @@ + (case (car x) + ((: seq) + (cond +- ((and (pair? (cddr x)) (pair? (cddr x)) (not (eq? x obj))) ++ ((and (pair? (cdr x)) (pair? (cddr x)) (not (eq? x obj))) + (display "(?:" out) (for-each lp (cdr x)) (display ")" out)) + (else (for-each lp (cdr x))))) + ((submatch) +diff -ur "a/manual-html/Unit irregex.html" "b/manual-html/Unit irregex.html" +--- "a/manual-html/Unit irregex.html" 2016-09-11 19:10:47.000000000 -0400 ++++ "b/manual-html/Unit irregex.html" 2017-01-01 22:26:05.000000000 -0500 +@@ -353,6 +353,6 @@ +

    Returns an optimized SRE matching any of the literal strings in the list, like Emacs' regexp-opt. Note this optimization doesn't help when irregex is able to build a DFA.

    + +
    sre->string
    (sre->string <sre>) procedure
    +-

    Convert an SRE to a POSIX-style regular expression string, if possible.

    ++

    Convert an SRE to a PCRE-style regular expression string, if possible.

    +
    +-

    Previous: Unit extras

    Next: Unit srfi-1

    +\ No newline at end of file ++

    Previous: Unit extras

    Next: Unit srfi-1

    diff --git a/gnu/packages/scheme.scm b/gnu/packages/scheme.scm index 08bb89cefb..2756805f3d 100644 --- a/gnu/packages/scheme.scm +++ b/gnu/packages/scheme.scm @@ -332,7 +332,9 @@ mashups, office (web agendas, mail clients, ...), etc.") "2016/09/12/chicken-" version ".tar.gz")) (sha256 (base32 - "1rwymbbmnwdyhdzilv9w75an989xw9kjf3x52iqdng3nphpflcga")))) + "1rwymbbmnwdyhdzilv9w75an989xw9kjf3x52iqdng3nphpflcga")) + (patches + (search-patches "chicken-CVE-2016-6830+CVE-2016-6831.patch")))) (build-system gnu-build-system) (arguments `(#:modules ((guix build gnu-build-system) -- cgit v1.2.3 From f3a53f3c8feedfad2a33462225dca8ea077b151b Mon Sep 17 00:00:00 2001 From: Alex Griffin Date: Tue, 3 Jan 2017 08:49:01 -0600 Subject: gnu: slock: Update to 1.4. * gnu/packages/suckless.scm (slock): Update to 1.4. [source] Remove CVE-2016-6866 patch (no longer needed). * gnu/packages/patches/slock-CVE-2016-6866.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. Signed-off-by: Leo Famulari --- gnu/local.mk | 1 - gnu/packages/patches/slock-CVE-2016-6866.patch | 51 -------------------------- gnu/packages/suckless.scm | 6 +-- 3 files changed, 3 insertions(+), 55 deletions(-) delete mode 100644 gnu/packages/patches/slock-CVE-2016-6866.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 0c42f9f442..f45030f840 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -851,7 +851,6 @@ dist_patch_DATA = \ %D%/packages/patches/slim-sigusr1.patch \ %D%/packages/patches/slim-reset.patch \ %D%/packages/patches/slim-login.patch \ - %D%/packages/patches/slock-CVE-2016-6866.patch \ %D%/packages/patches/slurm-configure-remove-nonfree-contribs.patch \ %D%/packages/patches/soprano-find-clucene.patch \ %D%/packages/patches/steghide-fixes.patch \ diff --git a/gnu/packages/patches/slock-CVE-2016-6866.patch b/gnu/packages/patches/slock-CVE-2016-6866.patch deleted file mode 100644 index 2f94b8c1a9..0000000000 --- a/gnu/packages/patches/slock-CVE-2016-6866.patch +++ /dev/null @@ -1,51 +0,0 @@ -Fix CVE-2016-6866. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6866 -https://security-tracker.debian.org/tracker/CVE-2016-6866 - -Copied from upstream source repository: -http://git.suckless.org/slock/commit/?id=d8bec0f6fdc8a246d78cb488a0068954b46fcb29 - -From d8bec0f6fdc8a246d78cb488a0068954b46fcb29 Mon Sep 17 00:00:00 2001 -From: Markus Teich -Date: Tue, 30 Aug 2016 22:59:06 +0000 -Subject: fix CVE-2016-6866 - ---- -diff --git a/slock.c b/slock.c -index 847b328..8ed59ca 100644 ---- a/slock.c -+++ b/slock.c -@@ -123,7 +123,7 @@ readpw(Display *dpy) - readpw(Display *dpy, const char *pws) - #endif - { -- char buf[32], passwd[256]; -+ char buf[32], passwd[256], *encrypted; - int num, screen; - unsigned int len, color; - KeySym ksym; -@@ -159,7 +159,11 @@ readpw(Display *dpy, const char *pws) - #ifdef HAVE_BSD_AUTH - running = !auth_userokay(getlogin(), NULL, "auth-slock", passwd); - #else -- running = !!strcmp(crypt(passwd, pws), pws); -+ errno = 0; -+ if (!(encrypted = crypt(passwd, pws))) -+ fprintf(stderr, "slock: crypt: %s\n", strerror(errno)); -+ else -+ running = !!strcmp(encrypted, pws); - #endif - if (running) { - XBell(dpy, 100); -@@ -312,6 +316,8 @@ main(int argc, char **argv) { - - #ifndef HAVE_BSD_AUTH - pws = getpw(); -+ if (strlen(pws) < 2) -+ die("slock: failed to get user password hash.\n"); - #endif - - if (!(dpy = XOpenDisplay(NULL))) --- -cgit v0.9.0.3-65-g4555 diff --git a/gnu/packages/suckless.scm b/gnu/packages/suckless.scm index 820d550d6e..a501bb5f2d 100644 --- a/gnu/packages/suckless.scm +++ b/gnu/packages/suckless.scm @@ -6,6 +6,7 @@ ;;; Copyright © 2015 Dmitry Bogatov ;;; Copyright © 2015 Leo Famulari ;;; Copyright © 2016 Eric Bavier +;;; Copyright © 2017 Alex Griffin ;;; ;;; This file is part of GNU Guix. ;;; @@ -106,15 +107,14 @@ numbers of user-defined menu items efficiently.") (define-public slock (package (name "slock") - (version "1.3") + (version "1.4") (source (origin (method url-fetch) (uri (string-append "http://dl.suckless.org/tools/slock-" version ".tar.gz")) - (patches (search-patches "slock-CVE-2016-6866.patch")) (sha256 (base32 - "065xa9hl7zn0lv2f7yjxphqsa35rg6dn9hv10gys0sh4ljpa7d5s")))) + "0sif752303dg33f14k6pgwq2jp1hjyhqv6x4sy3sj281qvdljf5m")))) (build-system gnu-build-system) (arguments '(#:tests? #f ; no tests -- cgit v1.2.3 From 324f4fc559b4cf9f7df0bc334ac8a0a4fa040c22 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Wed, 4 Jan 2017 02:37:51 -0500 Subject: gnu: mcrypt: Fix patches for CVE-2012-{4409,4527}. This fixes CVE-2012-{4409,4527}. This is a followup to commit fd1461879c63c608617d30524183a71370a7451c. * gnu/packages/patches/mcrypt-CVE-2012-4409.patch, gnu/packages/patches/mcrypt-CVE-2012-4527.patch: Apply the patches to the mcrypt source code. --- gnu/packages/patches/mcrypt-CVE-2012-4409.patch | 35 ++--- gnu/packages/patches/mcrypt-CVE-2012-4527.patch | 198 +++++++++++------------- 2 files changed, 104 insertions(+), 129 deletions(-) (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/mcrypt-CVE-2012-4409.patch b/gnu/packages/patches/mcrypt-CVE-2012-4409.patch index 60cf8e0430..3089f962f7 100644 --- a/gnu/packages/patches/mcrypt-CVE-2012-4409.patch +++ b/gnu/packages/patches/mcrypt-CVE-2012-4409.patch @@ -3,30 +3,17 @@ From: Tom Callaway Date: Fri, 7 Sep 2012 11:39:29 -0400 Subject: apply fix for CVE-2012-4409 (thanks to Raphael Geissert) ---- - mcrypt-CVE-2012-4409.patch | 12 ++++++++++++ - mcrypt.spec | 10 +++++++++- - 2 files changed, 21 insertions(+), 1 deletion(-) - create mode 100644 mcrypt-CVE-2012-4409.patch - -diff --git a/mcrypt-CVE-2012-4409.patch b/mcrypt-CVE-2012-4409.patch -new file mode 100644 -index 0000000..747f428 ---- /dev/null -+++ b/mcrypt-CVE-2012-4409.patch -@@ -0,0 +1,12 @@ -+diff -up mcrypt-2.6.8/src/extra.c.CVE-2012-4409 mcrypt-2.6.8/src/extra.c -+--- mcrypt-2.6.8/src/extra.c.CVE-2012-4409 2012-09-07 11:00:55.906870746 -0400 -++++ mcrypt-2.6.8/src/extra.c 2012-09-07 11:00:27.967858365 -0400 -+@@ -242,6 +242,8 @@ int check_file_head(FILE * fstream, char -+ if (m_getbit(0, sflag) != 0) { /* if the first bit is set */ -+ *salt_size = m_setbit(0, sflag, 0); -+ if (*salt_size > 0) { -++ if (*salt_size > sizeof(tmp_buf)) -++ err_quit(_("Salt is too long\n")); -+ fread(tmp_buf, 1, *salt_size, -+ fstream); -+ memmove(salt, tmp_buf, *salt_size); +--- mcrypt-2.6.8/src/extra.c.CVE-2012-4409 2012-09-07 11:00:55.906870746 -0400 ++++ mcrypt-2.6.8/src/extra.c 2012-09-07 11:00:27.967858365 -0400 +@@ -242,6 +242,8 @@ int check_file_head(FILE * fstream, char + if (m_getbit(0, sflag) != 0) { /* if the first bit is set */ + *salt_size = m_setbit(0, sflag, 0); + if (*salt_size > 0) { ++ if (*salt_size > sizeof(tmp_buf)) ++ err_quit(_("Salt is too long\n")); + fread(tmp_buf, 1, *salt_size, + fstream); + memmove(salt, tmp_buf, *salt_size); -- cgit v0.12 diff --git a/gnu/packages/patches/mcrypt-CVE-2012-4527.patch b/gnu/packages/patches/mcrypt-CVE-2012-4527.patch index d931dd174b..dfbf048583 100644 --- a/gnu/packages/patches/mcrypt-CVE-2012-4527.patch +++ b/gnu/packages/patches/mcrypt-CVE-2012-4527.patch @@ -3,109 +3,97 @@ From: Tom Callaway Date: Tue, 30 Oct 2012 15:39:24 -0400 Subject: apply workaround to CVE-2012-4527 ---- - mcrypt-CVE-2012-4527-80-width-patch | 91 +++++++++++++++++++++++++++++++++++++ - mcrypt.spec | 10 +++- - 2 files changed, 100 insertions(+), 1 deletion(-) - create mode 100644 mcrypt-CVE-2012-4527-80-width-patch - -diff --git a/mcrypt-CVE-2012-4527-80-width-patch b/mcrypt-CVE-2012-4527-80-width-patch -new file mode 100644 -index 0000000..0eb94d8 ---- /dev/null -+++ b/mcrypt-CVE-2012-4527-80-width-patch -@@ -0,0 +1,91 @@ -+--- mcrypt-2.6.8.orig/src/mcrypt.c -++++ mcrypt-2.6.8/src/mcrypt.c -+@@ -41,6 +41,8 @@ -+ # include -+ #endif -+ -++#define WIDTH 80 -++ -+ static char rcsid[] = -+ "$Id: mcrypt.c,v 1.2 2007/11/07 17:10:21 nmav Exp $"; -+ -+@@ -482,7 +484,7 @@ -+ #ifdef HAVE_STAT -+ if (stream_flag == FALSE) { -+ if (is_normal_file(file[i]) == FALSE) { -+- sprintf(tmperr, -++ snprintf(tmperr, WIDTH, -+ _ -+ ("%s: %s is not a regular file. Skipping...\n"), -+ program_name, file[i]); -+@@ -501,7 +503,7 @@ -+ dinfile = file[i]; -+ if ((isatty(fileno((FILE *) (stdin))) == 1) -+ && (stream_flag == TRUE) && (force == 0)) { /* not a tty */ -+- sprintf(tmperr, -++ snprintf(tmperr, WIDTH, -+ _ -+ ("%s: Encrypted data will not be read from a terminal.\n"), -+ program_name); -+@@ -520,7 +522,7 @@ -+ einfile = file[i]; -+ if ((isatty(fileno((FILE *) (stdout))) == 1) -+ && (stream_flag == TRUE) && (force == 0)) { /* not a tty */ -+- sprintf(tmperr, -++ snprintf(tmperr, WIDTH, -+ _ -+ ("%s: Encrypted data will not be written to a terminal.\n"), -+ program_name); -+@@ -544,7 +546,7 @@ -+ strcpy(outfile, einfile); -+ /* if file has already the .nc ignore it */ -+ if (strstr(outfile, ".nc") != NULL) { -+- sprintf(tmperr, -++ snprintf(tmperr, WIDTH, -+ _ -+ ("%s: file %s has the .nc suffix... skipping...\n"), -+ program_name, outfile); -+@@ -590,10 +592,10 @@ -+ -+ if (x == 0) { -+ if (stream_flag == FALSE) { -+- sprintf(tmperr, _("File %s was decrypted.\n"), dinfile); -++ snprintf(tmperr, WIDTH, _("File %s was decrypted.\n"), dinfile); -+ err_warn(tmperr); -+ } else { -+- sprintf(tmperr, _("Stdin was decrypted.\n")); -++ snprintf(tmperr, WIDTH, _("Stdin was decrypted.\n")); -+ err_warn(tmperr); -+ } -+ #ifdef HAVE_STAT -+@@ -610,7 +612,7 @@ -+ -+ } else { -+ if (stream_flag == FALSE) { -+- sprintf(tmperr, -++ snprintf(tmperr, WIDTH, -+ _ -+ ("File %s was NOT decrypted successfully.\n"), -+ dinfile); -+@@ -636,10 +638,10 @@ -+ -+ if (x == 0) { -+ if (stream_flag == FALSE) { -+- sprintf(tmperr, _("File %s was encrypted.\n"), einfile); -++ snprintf(tmperr, WIDTH, _("File %s was encrypted.\n"), einfile); -+ err_warn(tmperr); -+ } else { -+- sprintf(tmperr, _("Stdin was encrypted.\n")); -++ snprintf(tmperr, WIDTH, _("Stdin was encrypted.\n")); -+ err_warn(tmperr); -+ } -+ #ifdef HAVE_STAT -+@@ -655,7 +657,7 @@ -+ -+ } else { -+ if (stream_flag == FALSE) { -+- sprintf(tmperr, -++ snprintf(tmperr, WIDTH, -+ _ -+ ("File %s was NOT encrypted successfully.\n"), -+ einfile); --- -cgit v0.12 +--- mcrypt-2.6.8.orig/src/mcrypt.c ++++ mcrypt-2.6.8/src/mcrypt.c +@@ -41,6 +41,8 @@ + # include + #endif + ++#define WIDTH 80 ++ + static char rcsid[] = + "$Id: mcrypt.c,v 1.2 2007/11/07 17:10:21 nmav Exp $"; + +@@ -482,7 +484,7 @@ + #ifdef HAVE_STAT + if (stream_flag == FALSE) { + if (is_normal_file(file[i]) == FALSE) { +- sprintf(tmperr, ++ snprintf(tmperr, WIDTH, + _ + ("%s: %s is not a regular file. Skipping...\n"), + program_name, file[i]); +@@ -501,7 +503,7 @@ + dinfile = file[i]; + if ((isatty(fileno((FILE *) (stdin))) == 1) + && (stream_flag == TRUE) && (force == 0)) { /* not a tty */ +- sprintf(tmperr, ++ snprintf(tmperr, WIDTH, + _ + ("%s: Encrypted data will not be read from a terminal.\n"), + program_name); +@@ -520,7 +522,7 @@ + einfile = file[i]; + if ((isatty(fileno((FILE *) (stdout))) == 1) + && (stream_flag == TRUE) && (force == 0)) { /* not a tty */ +- sprintf(tmperr, ++ snprintf(tmperr, WIDTH, + _ + ("%s: Encrypted data will not be written to a terminal.\n"), + program_name); +@@ -544,7 +546,7 @@ + strcpy(outfile, einfile); + /* if file has already the .nc ignore it */ + if (strstr(outfile, ".nc") != NULL) { +- sprintf(tmperr, ++ snprintf(tmperr, WIDTH, + _ + ("%s: file %s has the .nc suffix... skipping...\n"), + program_name, outfile); +@@ -590,10 +592,10 @@ + + if (x == 0) { + if (stream_flag == FALSE) { +- sprintf(tmperr, _("File %s was decrypted.\n"), dinfile); ++ snprintf(tmperr, WIDTH, _("File %s was decrypted.\n"), dinfile); + err_warn(tmperr); + } else { +- sprintf(tmperr, _("Stdin was decrypted.\n")); ++ snprintf(tmperr, WIDTH, _("Stdin was decrypted.\n")); + err_warn(tmperr); + } + #ifdef HAVE_STAT +@@ -610,7 +612,7 @@ + + } else { + if (stream_flag == FALSE) { +- sprintf(tmperr, ++ snprintf(tmperr, WIDTH, + _ + ("File %s was NOT decrypted successfully.\n"), + dinfile); +@@ -636,10 +638,10 @@ + + if (x == 0) { + if (stream_flag == FALSE) { +- sprintf(tmperr, _("File %s was encrypted.\n"), einfile); ++ snprintf(tmperr, WIDTH, _("File %s was encrypted.\n"), einfile); + err_warn(tmperr); + } else { +- sprintf(tmperr, _("Stdin was encrypted.\n")); ++ snprintf(tmperr, WIDTH, _("Stdin was encrypted.\n")); + err_warn(tmperr); + } + #ifdef HAVE_STAT +@@ -655,7 +657,7 @@ + + } else { + if (stream_flag == FALSE) { +- sprintf(tmperr, ++ snprintf(tmperr, WIDTH, + _ + ("File %s was NOT encrypted successfully.\n"), + einfile); +- +git v0.12 -- cgit v1.2.3 From 8bd10c1082041ba2b7add31f34abcb2683f76315 Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Sat, 31 Dec 2016 17:44:22 +0100 Subject: gnu: ocaml: Add a .file directive to generated .s files. * gnu/packages/ocaml.scm (ocaml)[origin]: Add patch. * gnu/packages/patches/ocaml-Add-a-.file-directive.patch: New file. * gnu/local.mk (dist_patch_DATA): Add patch. Signed-off-by: David Craven --- gnu/local.mk | 1 + gnu/packages/ocaml.scm | 7 +- .../patches/ocaml-Add-a-.file-directive.patch | 96 ++++++++++++++++++++++ 3 files changed, 102 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/ocaml-Add-a-.file-directive.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 61e0fca3ba..860d16d910 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -752,6 +752,7 @@ dist_patch_DATA = \ %D%/packages/patches/nvi-dbpagesize-binpower.patch \ %D%/packages/patches/nvi-db4.patch \ %D%/packages/patches/ocaml-CVE-2015-8869.patch \ + %D%/packages/patches/ocaml-Add-a-.file-directive.patch \ %D%/packages/patches/ocaml-findlib-make-install.patch \ %D%/packages/patches/ola-readdir-r.patch \ %D%/packages/patches/openexr-missing-samples.patch \ diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm index 2dad042e72..ab70eb63de 100644 --- a/gnu/packages/ocaml.scm +++ b/gnu/packages/ocaml.scm @@ -6,7 +6,7 @@ ;;; Copyright © 2016 Eric Bavier ;;; Copyright © 2016 Jan Nieuwenhuizen ;;; Copyright © 2016 Efraim Flashner -;;; Copyright © 2016 Julien Lepiller +;;; Copyright © 2016, 2017 Julien Lepiller ;;; ;;; This file is part of GNU Guix. ;;; @@ -63,7 +63,10 @@ (sha256 (base32 "1qwwvy8nzd87hk8rd9sm667nppakiapnx4ypdwcrlnav2dz6kil3")) - (patches (search-patches "ocaml-CVE-2015-8869.patch")))) + (patches + (search-patches + "ocaml-CVE-2015-8869.patch" + "ocaml-Add-a-.file-directive.patch")))) (build-system gnu-build-system) (native-search-paths (list (search-path-specification diff --git a/gnu/packages/patches/ocaml-Add-a-.file-directive.patch b/gnu/packages/patches/ocaml-Add-a-.file-directive.patch new file mode 100644 index 0000000000..07842e9c32 --- /dev/null +++ b/gnu/packages/patches/ocaml-Add-a-.file-directive.patch @@ -0,0 +1,96 @@ +From: Stephane Glondu +Date: Sun, 16 Aug 2015 20:59:14 +0200 +Subject: Add a .file directive to generated .s files + +When no .file directive is given, the toolchain records the filename +of the .o file, which is sometimes random, making generated objects +non-deterministic. + +We use Location.input_name for adding .file directives to assembly +files. Note: when the file is preprocessed, this reference holds the +name of the temporary file. Hence, files compiled with -pp are still +not deterministic. + +Bug-Debian: https://bugs.debian.org/795784 +Bug-Debian: https://bugs.debian.org/796336 +--- + asmcomp/amd64/emit.mlp | 1 + + asmcomp/arm/emit.mlp | 1 + + asmcomp/arm64/emit.mlp | 1 + + asmcomp/i386/emit.mlp | 1 + + asmcomp/power/emit.mlp | 1 + + asmcomp/sparc/emit.mlp | 1 + + 6 files changed, 6 insertions(+) + +diff --git a/asmcomp/amd64/emit.mlp b/asmcomp/amd64/emit.mlp +index d56d0f5..4d7aa30 100644 +--- a/asmcomp/amd64/emit.mlp ++++ b/asmcomp/amd64/emit.mlp +@@ -794,6 +794,7 @@ let data l = + let begin_assembly() = + reset_debug_info(); (* PR#5603 *) + float_constants := []; ++ ` .file \"{emit_string (String.escaped !Location.input_name)}\"\n`; + if !Clflags.dlcode then begin + (* from amd64.S; could emit these constants on demand *) + if macosx then +diff --git a/asmcomp/arm/emit.mlp b/asmcomp/arm/emit.mlp +index 4948fb2..6f30fba 100644 +--- a/asmcomp/arm/emit.mlp ++++ b/asmcomp/arm/emit.mlp +@@ -892,6 +892,7 @@ let data l = + + let begin_assembly() = + reset_debug_info(); ++ ` .file \"{emit_string (String.escaped !Location.input_name)}\"\n`; + ` .syntax unified\n`; + begin match !arch with + | ARMv4 -> ` .arch armv4t\n` +diff --git a/asmcomp/arm64/emit.mlp b/asmcomp/arm64/emit.mlp +index 750c2b2..5afbb8a 100644 +--- a/asmcomp/arm64/emit.mlp ++++ b/asmcomp/arm64/emit.mlp +@@ -942,6 +942,7 @@ let data l = + + let begin_assembly() = + reset_debug_info(); ++ ` .file \"{emit_string (String.escaped !Location.input_name)}\"\n`; + let lbl_begin = Compilenv.make_symbol (Some "data_begin") in + ` .data\n`; + ` .globl {emit_symbol lbl_begin}\n`; +diff --git a/asmcomp/i386/emit.mlp b/asmcomp/i386/emit.mlp +index 98df5f9..531150f 100644 +--- a/asmcomp/i386/emit.mlp ++++ b/asmcomp/i386/emit.mlp +@@ -986,6 +986,7 @@ let data l = + let begin_assembly() = + reset_debug_info(); (* PR#5603 *) + float_constants := []; ++ ` .file \"{emit_string (String.escaped !Location.input_name)}\"\n`; + let lbl_begin = Compilenv.make_symbol (Some "data_begin") in + ` .data\n`; + ` .globl {emit_symbol lbl_begin}\n`; +diff --git a/asmcomp/power/emit.mlp b/asmcomp/power/emit.mlp +index 4344085..343132b 100644 +--- a/asmcomp/power/emit.mlp ++++ b/asmcomp/power/emit.mlp +@@ -887,6 +887,7 @@ let data l = + let begin_assembly() = + defined_functions := StringSet.empty; + external_functions := StringSet.empty; ++ ` .file \"{emit_string (String.escaped !Location.input_name)}\"\n`; + (* Emit the beginning of the segments *) + let lbl_begin = Compilenv.make_symbol (Some "data_begin") in + emit_string data_space; +diff --git a/asmcomp/sparc/emit.mlp b/asmcomp/sparc/emit.mlp +index 877a3d5..7b041e9 100644 +--- a/asmcomp/sparc/emit.mlp ++++ b/asmcomp/sparc/emit.mlp +@@ -727,6 +727,7 @@ let data l = + (* Beginning / end of an assembly file *) + + let begin_assembly() = ++ ` .file \"{emit_string (String.escaped !Location.input_name)}\"\n`; + let lbl_begin = Compilenv.make_symbol (Some "data_begin") in + ` .data\n`; + ` .global {emit_symbol lbl_begin}\n`; -- cgit v1.2.3 From a5b5bd1d18f32c29e704acae24c3e1945666afb9 Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Fri, 30 Dec 2016 11:17:17 +0100 Subject: gnu: Add ocaml-bisect. * gnu/packages/ocaml.scm (ocaml-bisect): New variable. * gnu/packages/patches/ocaml-bisect-fix-camlp4-in-another-directory.patch: New file. * gnu/local.mk (dist_patch_DATA): Add patch. Signed-off-by: David Craven --- gnu/local.mk | 1 + gnu/packages/ocaml.scm | 42 +++++++ ...ml-bisect-fix-camlp4-in-another-directory.patch | 125 +++++++++++++++++++++ 3 files changed, 168 insertions(+) create mode 100644 gnu/packages/patches/ocaml-bisect-fix-camlp4-in-another-directory.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 860d16d910..7e8b7c5033 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -751,6 +751,7 @@ dist_patch_DATA = \ %D%/packages/patches/nvi-assume-preserve-path.patch \ %D%/packages/patches/nvi-dbpagesize-binpower.patch \ %D%/packages/patches/nvi-db4.patch \ + %D%/packages/patches/ocaml-bisect-fix-camlp4-in-another-directory.patch \ %D%/packages/patches/ocaml-CVE-2015-8869.patch \ %D%/packages/patches/ocaml-Add-a-.file-directive.patch \ %D%/packages/patches/ocaml-findlib-make-install.patch \ diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm index 0a362b1f92..a1c7bc7155 100644 --- a/gnu/packages/ocaml.scm +++ b/gnu/packages/ocaml.scm @@ -960,3 +960,45 @@ full_split, cut, rcut, etc..") ;; the only mention of a license in this project is in its `opam' file ;; where it says `mit'. (license license:expat))) + + +(define-public ocaml-bisect + (package + (name "ocaml-bisect") + (version "1.3") + (source (origin + (method url-fetch) + (uri (ocaml-forge-uri "bisect" version 1051)) + (sha256 + (base32 + "0kcg2rh0qlkfpbv3nhcb75n62b04gbrz0zasq15ynln91zd5qrg0")) + (patches + (search-patches + "ocaml-bisect-fix-camlp4-in-another-directory.patch")))) + (build-system ocaml-build-system) + (native-inputs + `(("camlp4" ,camlp4) + ("libxml2" ,libxml2) + ("which" ,which))) + (propagated-inputs + `(("camlp4" ,camlp4))) + (arguments + `(#:test-target "tests" + #:make-flags + (list "all" (string-append "CAMLP4_LIBDIR=" + (assoc-ref %build-inputs "camlp4") + "/lib/ocaml/site-lib/camlp4")) + #:phases + (modify-phases %standard-phases + (replace 'configure + (lambda* (#:key outputs #:allow-other-keys) + (zero? (system* "./configure" "-prefix" + (assoc-ref outputs "out")))))))) + (home-page "http://bisect.x9c.fr") + (synopsis "Code coverage tool for the OCaml language") + (description "Bisect is a code coverage tool for the OCaml language. It is +a camlp4-based tool that allows to instrument your application before running +tests. After application execution, it is possible to generate a report in HTML +format that is the replica of the application source code annotated with code +coverage information.") + (license license:gpl3+))) diff --git a/gnu/packages/patches/ocaml-bisect-fix-camlp4-in-another-directory.patch b/gnu/packages/patches/ocaml-bisect-fix-camlp4-in-another-directory.patch new file mode 100644 index 0000000000..2056b42356 --- /dev/null +++ b/gnu/packages/patches/ocaml-bisect-fix-camlp4-in-another-directory.patch @@ -0,0 +1,125 @@ +From 26cac62fe0154cf65c06faaee10805531e9dade8 Mon Sep 17 00:00:00 2001 +From: Julien Lepiller +Date: Wed, 14 Dec 2016 14:14:59 +0100 +Subject: [PATCH] fix camlp4 in another directory + +--- + Makefile | 11 ++++++----- + configure | 13 ++++++++++++- + myocamlbuild.ml | 2 +- + 3 files changed, 19 insertions(+), 7 deletions(-) + +diff --git a/Makefile b/Makefile +index 4a8ce17..d94a6d5 100644 +--- a/Makefile ++++ b/Makefile +@@ -25,7 +25,7 @@ PATH_BUILD=$(PATH_BASE)/_build + PATH_OCAMLDOC=$(PATH_BASE)/ocamldoc + PATH_SRC=$(PATH_BASE)/src + PATH_TESTS=$(PATH_BASE)/tests +-PATH_INSTALL=$(PATH_OCAML_PREFIX)/lib/ocaml/bisect ++PATH_INSTALL=$(PREFIX)/lib/ocaml/bisect + + + # DEFINITIONS +@@ -33,7 +33,8 @@ PATH_INSTALL=$(PATH_OCAML_PREFIX)/lib/ocaml/bisect + PROJECT_NAME=bisect + OCAMLBUILD=$(PATH_OCAML_PREFIX)/bin/ocamlbuild + OCAMLBUILD_ENV=WARNINGS=$(WARNINGS) PATH_OCAML_PREFIX=$(PATH_OCAML_PREFIX) +-OCAMLBUILD_FLAGS=-classic-display -no-links ++CAMLP4_INCLUDE=$(shell test -z $(CAMLP4_LIBDIR) || echo "-cflags -I,$(CAMLP4_LIBDIR)") ++OCAMLBUILD_FLAGS=-classic-display -no-links $(CAMLP4_INCLUDE) + MODULES_ODOCL=$(PROJECT_NAME).odocl + MODULES_MLPACK=$(PROJECT_NAME).mlpack + MODULES_MLPACK_PP=$(PROJECT_NAME)_pp.mlpack +@@ -80,11 +81,11 @@ veryclean: clean + rm -f $(PATH_OCAMLDOC)/*.html $(PATH_OCAMLDOC)/*.css + + install: FORCE +- cp $(PATH_BUILD)/src/report/report.byte $(PATH_OCAML_PREFIX)/bin/bisect-report; \ ++ cp $(PATH_BUILD)/src/report/report.byte $(PREFIX)/bin/bisect-report; \ + if [ "$(PPX)" = "TRUE" ]; then \ +- cp $(PATH_BUILD)/src/syntax/bisect_ppx.byte $(PATH_OCAML_PREFIX)/bin; \ ++ cp $(PATH_BUILD)/src/syntax/bisect_ppx.byte $(PREFIX)/bin; \ + fi; \ +- (test -x $(PATH_OCAML_PREFIX)/bin/ocamlopt && cp $(PATH_BUILD)/src/report/report.native $(PATH_OCAML_PREFIX)/bin/bisect-report.opt || true); \ ++ (test -x $(PATH_OCAML_PREFIX)/bin/ocamlopt && cp $(PATH_BUILD)/src/report/report.native $(PREFIX)/bin/bisect-report.opt || true); \ + if [ -x "$(PATH_OCAMLFIND)" ]; then \ + $(PATH_OCAMLFIND) query $(PROJECT_NAME) && $(PATH_OCAMLFIND) remove $(PROJECT_NAME) || true; \ + $(PATH_OCAMLFIND) install $(PROJECT_NAME) META -optional \ +diff --git a/configure b/configure +index bb7ebf4..61a3095 100755 +--- a/configure ++++ b/configure +@@ -21,7 +21,9 @@ + # default values + ocamlbuild=`which ocamlbuild || echo '/usr/local/bin/ocamlbuild'` + bin_path=`dirname $ocamlbuild` ++prefix='' + ocaml_prefix=`dirname $bin_path` ++camlp4_prefix=`dirname $(dirname $(which camlp4of))` + ocamlfind=`which ocamlfind 2> /dev/null || echo ''` + native_dynlink='TRUE' + devel='FALSE' +@@ -32,8 +34,12 @@ ppx='FALSE' + while [ $# -gt 0 ] + do + case "$1" in ++ -prefix) ++ prefix="$2"; shift;; + -ocaml-prefix) + ocaml_prefix="$2"; shift;; ++ -camlp4-prefix) ++ camlp4_prefix="$2"; shift;; + -ocamlfind) + ocamlfind="$2"; shift;; + -no-native-dynlink) +@@ -45,7 +51,7 @@ do + -ppx) + ppx='TRUE';; + *) +- echo "usage: $0 [-ocaml-prefix ] [-ocamlfind ] [-no-native-dynlink] [-devel]"; ++ echo "usage: $0 [-prefix ] [-ocaml-prefix ] [-ocamlfind ] [-no-native-dynlink] [-devel]"; + exit 1;; + esac + shift +@@ -57,6 +63,9 @@ if [ "$no_camlp4" = "TRUE" -a "$ppx" = "FALSE" ]; then + exit 1 + fi + ++# prefix default value ++test -z $prefix && prefix=$ocaml_prefix ++ + # make options + make_quiet=`make -f - < Makefile.config + echo "PATH_OCAML_PREFIX=$ocaml_prefix" >> Makefile.config ++echo "PATH_CAMLP4_PREFIX=$camlp4_prefix" >> Makefile.config + echo "PATH_OCAMLFIND=$ocamlfind" >> Makefile.config + echo "NATIVE_DYNLINK=$native_dynlink" >> Makefile.config + echo "WARNINGS=$devel" >> Makefile.config + echo "NO_CAMLP4=$no_camlp4" >> Makefile.config + echo "PPX=$ppx" >> Makefile.config + echo "MAKE_QUIET=$make_quiet" >> Makefile.config ++echo "PREFIX=$prefix" >> Makefile.config + echo "" >> Makefile.config + echo 'Makefile.config successfully created' +diff --git a/myocamlbuild.ml b/myocamlbuild.ml +index 8aa25fd..09a7d48 100644 +--- a/myocamlbuild.ml ++++ b/myocamlbuild.ml +@@ -70,7 +70,7 @@ let () = + | After_rules -> + let camlp4of = + try +- let path_bin = Filename.concat (Sys.getenv "PATH_OCAML_PREFIX") "bin" in ++ let path_bin = Filename.concat (Sys.getenv "PATH_CAMLP4_PREFIX") "bin" in + Filename.concat path_bin "camlp4of" + with _ -> "camlp4of" in + flag ["ocaml"; "compile"; "pp_camlp4of"] (S[A"-pp"; A camlp4of]); +-- +2.7.4 + -- cgit v1.2.3 From 44c23cb8d800ed3480755347b2dfee6a3544d727 Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Fri, 30 Dec 2016 11:33:36 +0100 Subject: gnu: Add ocaml-bitstring. * gnu/packages/ocaml.scm (ocaml-bitstring): New variable. * gnu/packages/patches/ocaml-bitstring-fix-configure.patch: New file. * gnu/local.mk (dist_patch_DATA): New patch. Signed-off-by: David Craven --- gnu/local.mk | 1 + gnu/packages/ocaml.scm | 67 ++++++++++++++++++++++ .../patches/ocaml-bitstring-fix-configure.patch | 53 +++++++++++++++++ 3 files changed, 121 insertions(+) create mode 100644 gnu/packages/patches/ocaml-bitstring-fix-configure.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 7e8b7c5033..8feb139083 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -752,6 +752,7 @@ dist_patch_DATA = \ %D%/packages/patches/nvi-dbpagesize-binpower.patch \ %D%/packages/patches/nvi-db4.patch \ %D%/packages/patches/ocaml-bisect-fix-camlp4-in-another-directory.patch \ + %D%/packages/patches/ocaml-bitstring-fix-configure.patch \ %D%/packages/patches/ocaml-CVE-2015-8869.patch \ %D%/packages/patches/ocaml-Add-a-.file-directive.patch \ %D%/packages/patches/ocaml-findlib-make-install.patch \ diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm index a1c7bc7155..b999ee91e6 100644 --- a/gnu/packages/ocaml.scm +++ b/gnu/packages/ocaml.scm @@ -25,6 +25,7 @@ (define-module (gnu packages ocaml) #:use-module (gnu packages) + #:use-module (gnu packages autotools) #:use-module (gnu packages base) #:use-module (gnu packages compression) #:use-module (gnu packages curl) @@ -42,6 +43,7 @@ #:use-module (gnu packages python) #:use-module (gnu packages tex) #:use-module (gnu packages texinfo) + #:use-module (gnu packages time) #:use-module (gnu packages version-control) #:use-module (gnu packages xml) #:use-module (gnu packages xorg) @@ -1002,3 +1004,68 @@ tests. After application execution, it is possible to generate a report in HTML format that is the replica of the application source code annotated with code coverage information.") (license license:gpl3+))) + +(define-public ocaml-bitstring + (package + (name "ocaml-bitstring") + (version "2.1.0") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/xguerin/bitstring" + "/archive/v" version ".tar.gz")) + (sha256 + (base32 + "0miw4banfpmx4kxrckpqr57b1fcmsqdmspyjx6gqjd4kghm4l7xj")) + (patches (search-patches "ocaml-bitstring-fix-configure.patch")))) + (build-system ocaml-build-system) + (native-inputs + `(("camlp4" ,camlp4) + ("time" ,time) + ("autoconf" ,autoconf) + ("automake" ,automake) + ("bisect" ,ocaml-bisect))) + (propagated-inputs + `(("camlp4" ,camlp4))) + (arguments + `(#:configure-flags + (list "CAMLP4OF=camlp4of" "--enable-coverage") + #:make-flags + (list (string-append "BISECTLIB=" + (assoc-ref %build-inputs "bisect") + "/lib/ocaml/site-lib") + (string-append "OCAMLCFLAGS=-g -I " + (assoc-ref %build-inputs "camlp4") + "/lib/ocaml/site-lib/camlp4 -I " + "$(BISECTLIB)/bisect") + (string-append "OCAMLOPTFLAGS=-g -I " + (assoc-ref %build-inputs "camlp4") + "/lib/ocaml/site-lib/camlp4 -I " + "$(BISECTLIB)/bisect")) + #:phases + (modify-phases %standard-phases + (add-before 'configure 'fix-configure + (lambda* (#:key inputs #:allow-other-keys) + (substitute* "Makefile.in" + (("@abs_top_builddir@") + (string-append "@abs_top_builddir@:" (getenv "LIBRARY_PATH")))) + (substitute* "configure" + (("-/bin/sh") (string-append "-" (assoc-ref inputs "bash") + "/bin/sh"))))) + (add-after 'install 'link-lib + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (stubs (string-append out + "/lib/ocaml/site-lib/stubslibs")) + (lib (string-append out + "/lib/ocaml/site-lib/bitstring"))) + (mkdir-p stubs) + (symlink (string-append lib "/dllbitstring.so") + (string-append stubs "/dllbitstring.so")))))))) + (home-page "https://github.com/xguerin/bitstring") + (synopsis "Bitstrings and bitstring matching for OCaml") + (description "Adds Erlang-style bitstrings and matching over bitstrings as +a syntax extension and library for OCaml. You can use this module to both parse +and generate binary formats, files and protocols. Bitstring handling is added +as primitives to the language, making it exceptionally simple to use and very +powerful.") + (license license:isc))) diff --git a/gnu/packages/patches/ocaml-bitstring-fix-configure.patch b/gnu/packages/patches/ocaml-bitstring-fix-configure.patch new file mode 100644 index 0000000000..c358bf3d6b --- /dev/null +++ b/gnu/packages/patches/ocaml-bitstring-fix-configure.patch @@ -0,0 +1,53 @@ +From 0aaddfceeea3e89df196ab1846da54d09713a512 Mon Sep 17 00:00:00 2001 +From: Julien Lepiller +Date: Thu, 15 Dec 2016 21:17:31 +0100 +Subject: [PATCH] fix configure + +--- + Makefile.in | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/Makefile.in b/Makefile.in +index d040f4c..85e0b38 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -32,6 +32,7 @@ BISECT_REPORT = @BISECT_REPORT@ + BYTESWAP_H = @BYTESWAP_H@ + + OCAMLLIB = @OCAMLLIB@ ++BISECTLIB = $(shell if test -z $${BISECTLIB}; then echo $(OCAMLLIB); else echo $${BISECTLIB}; fi) + top_srcdir = @top_srcdir@ + + pkg_cil = @OCAML_PKG_cil@ +@@ -47,9 +48,9 @@ OCAMLOPTPACKAGES = $(OCAMLCPACKAGES) + OCAMLOPTLIBS = -linkpkg + + ifneq ($(enable_coverage),no) +-OCAMLCFLAGS += -I +bisect -pp 'camlp4o $(OCAMLLIB)/bisect/instrument.cma' ++OCAMLCFLAGS += -I +bisect -pp 'camlp4o $(BISECTLIB)/bisect/instrument.cma' + OCAMLCLIBS += -I +bisect bisect.cma +-OCAMLOPTFLAGS += -I +bisect -pp 'camlp4o $(OCAMLLIB)/bisect/instrument.cma' ++OCAMLOPTFLAGS += -I +bisect -pp 'camlp4o $(BISECTLIB)/bisect/instrument.cma' + OCAMLOPTLIBS += -I +bisect bisect.cmxa + endif + +@@ -110,7 +111,7 @@ bitstring_persistent.cmi: bitstring_persistent.mli + -I +camlp4 -pp camlp4of -c $< + + pa_bitstring.cmo: pa_bitstring.ml bitstring.cma bitstring_persistent.cma +- $(OCAMLFIND) ocamlc bitstring.cma -I +camlp4 dynlink.cma camlp4lib.cma \ ++ $(OCAMLFIND) ocamlc $(OCAMLCFLAGS) bitstring.cma -I +camlp4 dynlink.cma camlp4lib.cma \ + -pp camlp4of -c $< -o $@ + + bitstring-objinfo: bitstring_objinfo.cmo bitstring.cma bitstring_persistent.cma +@@ -133,7 +134,7 @@ byteswap.h: byteswap.in.h + ifeq ($(enable_coverage),no) + PP = -pp 'camlp4o bitstring.cma bitstring_persistent.cma pa_bitstring.cmo' + else +-PP = -pp 'camlp4o $(OCAMLLIB)/bisect/bisect.cma bitstring.cma bitstring_persistent.cma pa_bitstring.cmo' ++PP = -pp 'camlp4o $(BISECTLIB)/bisect/bisect.cma bitstring.cma bitstring_persistent.cma pa_bitstring.cmo' + endif + + check: test +-- +2.11.0 -- cgit v1.2.3 From 68f90673242777feea9537d6e506d97ea8506c45 Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Wed, 4 Jan 2017 16:38:57 +0100 Subject: gnu: inkscape: Update to 0.92.0. * gnu/packages/patches/inkscape-drop-wait-for-targets.patch: Remove it. * gnu/local.mk (dist_patch_DATA): Remove it. * gnu/packages/inkscape.scm (inkscape): Update to 0.92.0. [build-system]: Use "cmake-build-system". [native-inputs]: Add glib:bin. [arguments]: Remove obsolete arguments; disable tests. --- gnu/local.mk | 3 +- gnu/packages/inkscape.scm | 32 ++++------ .../patches/inkscape-drop-wait-for-targets.patch | 68 ---------------------- 3 files changed, 11 insertions(+), 92 deletions(-) delete mode 100644 gnu/packages/patches/inkscape-drop-wait-for-targets.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 8feb139083..4d321d1a59 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -7,7 +7,7 @@ # Copyright © 2016 Kei Kebreau # Copyright © 2016 Rene Saavedra # Copyright © 2016 Adonay "adfeno" Felipe Nogueira -# Copyright © 2016 Ricardo Wurmus +# Copyright © 2016, 2017 Ricardo Wurmus # Copyright © 2016 Ben Woodcroft # # This file is part of GNU Guix. @@ -638,7 +638,6 @@ dist_patch_DATA = \ %D%/packages/patches/icu4c-CVE-2015-4760.patch \ %D%/packages/patches/id3lib-CVE-2007-4460.patch \ %D%/packages/patches/ilmbase-fix-tests.patch \ - %D%/packages/patches/inkscape-drop-wait-for-targets.patch \ %D%/packages/patches/isl-0.11.1-aarch64-support.patch \ %D%/packages/patches/jbig2dec-ignore-testtest.patch \ %D%/packages/patches/jq-CVE-2015-8863.patch \ diff --git a/gnu/packages/inkscape.scm b/gnu/packages/inkscape.scm index d98a4cd7a9..e20ca666bd 100644 --- a/gnu/packages/inkscape.scm +++ b/gnu/packages/inkscape.scm @@ -23,7 +23,7 @@ #:use-module (guix packages) #:use-module (guix download) #:use-module (guix utils) - #:use-module (guix build-system gnu) + #:use-module (guix build-system cmake) #:use-module (gnu packages) #:use-module (gnu packages aspell) #:use-module (gnu packages bdw-gc) @@ -44,20 +44,16 @@ (define-public inkscape (package (name "inkscape") - (version "0.91") + (version "0.92.0") (source (origin (method url-fetch) - (uri (string-append "https://launchpad.net/inkscape/" - (version-major+minor version) ".x/" - version "/+download/inkscape-" - version ".tar.gz")) + (uri (string-append "https://media.inkscape.org/dl/" + "resources/file/" + "inkscape-" version ".tar.bz2")) (sha256 (base32 - "086v01jy896dj86bq7plrf6si4p6gh6ga2v5417llgmminycz8rc")) - (patch-flags '("-p0")) - (patches - (search-patches "inkscape-drop-wait-for-targets.patch")))) - (build-system gnu-build-system) + "0mmssxnxsvb3bpm7ck5pqvwyacrz1nkyacs571jx8j04l1cw3d5q")))) + (build-system cmake-build-system) (inputs `(("aspell" ,aspell) ("gtkmm" ,gtkmm-2) @@ -75,19 +71,11 @@ ("boost" ,boost))) (native-inputs `(("intltool" ,intltool) + ("glib" ,glib "bin") ("perl" ,perl) ("pkg-config" ,pkg-config))) - (arguments - `(;; Add '-std=c++11', required by recent versions of GLibmm & co. - ;; Use '-g0' to reduce disk usage during the build. - #:configure-flags '("CXXFLAGS=-g0 -O2 -fopenmp -std=c++11") - #:phases - (modify-phases %standard-phases - (add-after 'unpack 'fix-test-includes - (lambda _ - (substitute* "src/cxxtests.cpp" - (("\\.\\./\\.\\./src") "../src")) - #t))))) + ;; FIXME: tests require gmock + (arguments `(#:tests? #f)) (home-page "http://inkscape.org/") (synopsis "Vector graphics editor") (description "Inkscape is a vector graphics editor. What sets Inkscape diff --git a/gnu/packages/patches/inkscape-drop-wait-for-targets.patch b/gnu/packages/patches/inkscape-drop-wait-for-targets.patch deleted file mode 100644 index 3dbe6641e2..0000000000 --- a/gnu/packages/patches/inkscape-drop-wait-for-targets.patch +++ /dev/null @@ -1,68 +0,0 @@ -Copied from Fedora. - -http://pkgs.fedoraproject.org/cgit/rpms/inkscape.git/plain/inkscape-0.91-drop-wait-for-targets.patch?id=eb5340800b563d6b05aa5f11a2f24f2cc0d8c80e - -=== modified file 'src/ui/clipboard.cpp' ---- src/ui/clipboard.cpp 2016-04-02 15:15:43 +0000 -+++ src/ui/clipboard.cpp 2016-04-07 16:30:32 +0000 -@@ -146,8 +146,6 @@ - void _setClipboardColor(guint32); - void _userWarn(SPDesktop *, char const *); - -- void _inkscape_wait_for_targets(std::list &); -- - // private properites - SPDocument *_clipboardSPDoc; ///< Document that stores the clipboard until someone requests it - Inkscape::XML::Node *_defs; ///< Reference to the clipboard document's defs node -@@ -1302,9 +1300,7 @@ - */ - Glib::ustring ClipboardManagerImpl::_getBestTarget() - { -- // GTKmm's wait_for_targets() is broken, see the comment in _inkscape_wait_for_targets() -- std::list targets; // = _clipboard->wait_for_targets(); -- _inkscape_wait_for_targets(targets); -+ std::list targets = _clipboard->wait_for_targets(); - - // clipboard target debugging snippet - /* -@@ -1456,39 +1452,6 @@ - desktop->messageStack()->flash(Inkscape::WARNING_MESSAGE, msg); - } - -- --// GTKMM's clipboard::wait_for_targets is buggy and might return bogus, see --// --// https://bugs.launchpad.net/inkscape/+bug/296778 --// http://mail.gnome.org/archives/gtk-devel-list/2009-June/msg00062.html --// --// for details. Until this has been fixed upstream we will use our own implementation --// of this method, as copied from /gtkmm-2.16.0/gtk/gtkmm/clipboard.cc. --void ClipboardManagerImpl::_inkscape_wait_for_targets(std::list &listTargets) --{ -- //Get a newly-allocated array of atoms: -- GdkAtom* targets = NULL; -- gint n_targets = 0; -- gboolean test = gtk_clipboard_wait_for_targets( gtk_clipboard_get(GDK_SELECTION_CLIPBOARD), &targets, &n_targets ); -- if (!test || (targets == NULL)) { -- return; -- } -- -- //Add the targets to the C++ container: -- for (int i = 0; i < n_targets; i++) -- { -- //Convert the atom to a string: -- gchar* const atom_name = gdk_atom_name(targets[i]); -- -- Glib::ustring target; -- if (atom_name) { -- target = Glib::ScopedPtr(atom_name).get(); //This frees the gchar*. -- } -- -- listTargets.push_back(target); -- } --} -- - /* ####################################### - ClipboardManager class - ####################################### */ - -- cgit v1.2.3 From 5f0fabec54812e9ebd9a54b7c24b29899c765548 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sun, 1 Jan 2017 15:12:48 -0500 Subject: gnu: unrtf: Fix CVE-2016-10091. * gnu/packages/patches/unrtf-CVE-2016-10091.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/unrtf.scm (unrtf)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/patches/unrtf-CVE-2016-10091.patch | 189 ++++++++++++++++++++++++ gnu/packages/unrtf.scm | 2 + 3 files changed, 192 insertions(+) create mode 100644 gnu/packages/patches/unrtf-CVE-2016-10091.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 4d321d1a59..2e714ac28c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -881,6 +881,7 @@ dist_patch_DATA = \ %D%/packages/patches/tophat-build-with-later-seqan.patch \ %D%/packages/patches/totem-debug-format-fix.patch \ %D%/packages/patches/tuxpaint-stamps-path.patch \ + %D%/packages/patches/unrtf-CVE-2016-10091.patch \ %D%/packages/patches/unzip-CVE-2014-8139.patch \ %D%/packages/patches/unzip-CVE-2014-8140.patch \ %D%/packages/patches/unzip-CVE-2014-8141.patch \ diff --git a/gnu/packages/patches/unrtf-CVE-2016-10091.patch b/gnu/packages/patches/unrtf-CVE-2016-10091.patch new file mode 100644 index 0000000000..badd1b8ed6 --- /dev/null +++ b/gnu/packages/patches/unrtf-CVE-2016-10091.patch @@ -0,0 +1,189 @@ +Fix CVE-2016-10091 (stack-based buffer overflows in cmd_* functions): + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10091 +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849705 +http://seclists.org/oss-sec/2016/q4/787 + +Patch adapted from Debian: + +https://anonscm.debian.org/cgit/collab-maint/unrtf.git/commit/?h=jessie&id=7500a48fb0fbad3ab963fb17560b2f90a8a485c8 + +The Debian patch adapts this upstream commit so that it can be applied +to the 0.21.9 release tarball: + +http://hg.savannah.gnu.org/hgweb/unrtf/rev/3b16893a6406 + +From 7dd568ed8a6a5acb6c04f2b40f457d63a00435f3 Mon Sep 17 00:00:00 2001 +From: Willi Mann +Date: Sat, 31 Dec 2016 20:31:38 +0100 +Subject: [PATCH] Add patch from upstream to fix CVE-2016-10091 (buffer + overflow in various cmd_ functions) + +diff --git a/src/attr.c b/src/attr.c +index 02b5c81..e2951ea 100644 +--- a/src/attr.c ++++ b/src/attr.c +@@ -746,7 +746,7 @@ char * + assemble_string(char *string, int nr) + { + +- char *s, tmp[12];/* Number of characters that can be in int type (including '\0') - AF */ ++ char *s, tmp[20]; + int i = 0, j = 0; + + if (string == NULL) +@@ -762,7 +762,7 @@ assemble_string(char *string, int nr) + } + + if (string[i] != '\0') { +- sprintf(tmp, "%d", nr); ++ snprintf(tmp, 20, "%d", nr); + strcpy(&s[j], tmp); + j = j + strlen(tmp); + } +diff --git a/src/convert.c b/src/convert.c +index c76d7d6..8eacdcb 100644 +--- a/src/convert.c ++++ b/src/convert.c +@@ -472,7 +472,7 @@ static const int fcharsetparmtocp(int parm) + } + + // Translate code page to encoding name hopefully suitable as iconv input +-static char *cptoencoding(parm) ++static char *cptoencoding(int parm) + { + // Note that CP0 is supposed to mean current system default, which does + // not make any sense as a stored value, we don't handle it. +@@ -964,7 +964,7 @@ cmd_cf (Word *w, int align, char has_param, int num) + } + else + { +- sprintf(str,"#%02x%02x%02x", ++ snprintf(str, 40, "#%02x%02x%02x", + color_table[num].r, + color_table[num].g, + color_table[num].b); +@@ -993,7 +993,7 @@ cmd_cb (Word *w, int align, char has_param, int num) + } + else + { +- sprintf(str,"#%02x%02x%02x", ++ snprintf(str, 40, "#%02x%02x%02x", + color_table[num].r, + color_table[num].g, + color_table[num].b); +@@ -1018,7 +1018,7 @@ cmd_fs (Word *w, int align, char has_param, int points) { + /* Note, fs20 means 10pt */ + points /= 2; + +- sprintf(str,"%d",points); ++ snprintf(str, 20, "%d", points); + attr_push(ATTR_FONTSIZE,str); + + return FALSE; +@@ -1166,7 +1166,7 @@ cmd_f (Word *w, int align, char has_param, int num) + { + // TOBEDONE: WHAT'S THIS ??? + name = my_malloc(12); +- sprintf(name, "%d", num); ++ snprintf(name, 12, "%d", num); + } + + /* we are going to output entities, so should not output font */ +@@ -1218,7 +1218,7 @@ cmd_highlight (Word *w, int align, char has_param, int num) + } + else + { +- sprintf(str,"#%02x%02x%02x", ++ snprintf(str, 40, "#%02x%02x%02x", + color_table[num].r, + color_table[num].g, + color_table[num].b); +@@ -1373,9 +1373,9 @@ cmd_ftech (Word *w, int align, char has_param, int param) { + + static int + cmd_expand (Word *w, int align, char has_param, int param) { +- char str[10]; ++ char str[20]; + if (has_param) { +- sprintf(str, "%d", param/4); ++ snprintf(str, 20, "%d", param / 4); + if (!param) + attr_pop(ATTR_EXPAND); + else +@@ -1394,7 +1394,7 @@ cmd_expand (Word *w, int align, char has_param, int param) { + + static int + cmd_emboss (Word *w, int align, char has_param, int param) { +- char str[10]; ++ char str[20]; + if (has_param && !param) + #ifdef SUPPORT_UNNESTED + attr_find_pop(ATTR_EMBOSS); +@@ -1403,7 +1403,7 @@ cmd_emboss (Word *w, int align, char has_param, int param) { + #endif + else + { +- sprintf(str, "%d", param); ++ snprintf(str, 20, "%d", param); + attr_push(ATTR_EMBOSS, str); + } + return FALSE; +@@ -1419,12 +1419,12 @@ cmd_emboss (Word *w, int align, char has_param, int param) { + + static int + cmd_engrave (Word *w, int align, char has_param, int param) { +- char str[10]; ++ char str[20]; + if (has_param && !param) + attr_pop(ATTR_ENGRAVE); + else + { +- sprintf(str, "%d", param); ++ snprintf(str, 20, "%d", param); + attr_push(ATTR_ENGRAVE, str); + } + return FALSE; +@@ -1976,7 +1976,7 @@ static int cmd_u (Word *w, int align, char has_param, int param) { + + short done=0; + long unicode_number = (long) param; /* On 16bit architectures int is too small to store unicode characters. - AF */ +- char tmp[12]; /* Number of characters that can be in int type (including '\0'). If int size is greater than 4 bytes change this value. - AF */ ++ char tmp[20]; /* Number of characters that can be in int type (including '\0'). If int size is greater than 4 bytes change this value. - AF */ + const char *alias; + #define DEBUG 0 + #if DEBUG +@@ -2006,7 +2006,7 @@ static int cmd_u (Word *w, int align, char has_param, int param) { + /* RTF spec: Unicode values beyond 32767 are represented by negative numbers */ + unicode_number += 65536; + } +- sprintf(tmp, "%ld", unicode_number); ++ snprintf(tmp, 20, "%ld", unicode_number); + + if (safe_printf(1, op->unisymbol_print, tmp)) fprintf(stderr, TOO_MANY_ARGS, "unisymbol_print"); + done++; +diff --git a/src/output.c b/src/output.c +index 86d8b5c..4cdbfa6 100644 +--- a/src/output.c ++++ b/src/output.c +@@ -320,7 +320,7 @@ op_begin_std_fontsize (OutputPersonality *op, int size) + if (!found_std_expr) { + if (op->fontsize_begin) { + char expr[16]; +- sprintf (expr, "%d", size); ++ snprintf(expr, 16, "%d", size); + if (safe_printf (1, op->fontsize_begin, expr)) fprintf(stderr, TOO_MANY_ARGS, "fontsize_begin"); + } else { + /* If we cannot write out a change for the exact +@@ -440,7 +440,7 @@ op_end_std_fontsize (OutputPersonality *op, int size) + if (!found_std_expr) { + if (op->fontsize_end) { + char expr[16]; +- sprintf (expr, "%d", size); ++ snprintf(expr, 16, "%d", size); + if (safe_printf(1, op->fontsize_end, expr)) fprintf(stderr, TOO_MANY_ARGS, "fontsize_end"); + } else { + /* If we cannot write out a change for the exact +- +.11.0 + diff --git a/gnu/packages/unrtf.scm b/gnu/packages/unrtf.scm index 162dec7525..e11c9445ca 100644 --- a/gnu/packages/unrtf.scm +++ b/gnu/packages/unrtf.scm @@ -23,6 +23,7 @@ #:use-module (guix download) #:use-module (guix build-system gnu) #:use-module (guix gexp) + #:use-module (gnu packages) #:use-module (gnu packages autotools) #:use-module (gnu packages m4) #:use-module (gnu packages base)) @@ -35,6 +36,7 @@ (method url-fetch) (uri (string-append "mirror://gnu/unrtf/unrtf-" version ".tar.gz")) + (patches (search-patches "unrtf-CVE-2016-10091.patch")) (sha256 (base32 "1pcdzf2h1prn393dkvg93v80vh38q0v817xnbwrlwxbdz4k7i8r2")) -- cgit v1.2.3 From e50d5b8c9d948a2aa08c69aaa2e4a778387ed944 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 6 Jan 2017 03:14:17 -0500 Subject: gnu: khal: Disable failing tests. * gnu/packages/patches/khal-disable-failing-tests.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/calendar.scm (khal): Use it. --- gnu/local.mk | 1 + gnu/packages/calendar.scm | 1 + .../patches/khal-disable-failing-tests.patch | 33 ++++++++++++++++++++++ 3 files changed, 35 insertions(+) create mode 100644 gnu/packages/patches/khal-disable-failing-tests.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 2e714ac28c..2fbb01fb2e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -642,6 +642,7 @@ dist_patch_DATA = \ %D%/packages/patches/jbig2dec-ignore-testtest.patch \ %D%/packages/patches/jq-CVE-2015-8863.patch \ %D%/packages/patches/kdbusaddons-kinit-file-name.patch \ + %D%/packages/patches/khal-disable-failing-tests.patch \ %D%/packages/patches/khmer-use-libraries.patch \ %D%/packages/patches/kmod-module-directory.patch \ %D%/packages/patches/kobodeluxe-paths.patch \ diff --git a/gnu/packages/calendar.scm b/gnu/packages/calendar.scm index 447dcd698e..70bf8f9573 100644 --- a/gnu/packages/calendar.scm +++ b/gnu/packages/calendar.scm @@ -88,6 +88,7 @@ data units.") (source (origin (method url-fetch) (uri (pypi-uri "khal" version)) + (patches (search-patches "khal-disable-failing-tests.patch")) (sha256 (base32 "03vy4dp9n43w51mwqjjy08dr5nj7wxqnb085visz3j43vzm42p1f")))) diff --git a/gnu/packages/patches/khal-disable-failing-tests.patch b/gnu/packages/patches/khal-disable-failing-tests.patch new file mode 100644 index 0000000000..e2c65df8ce --- /dev/null +++ b/gnu/packages/patches/khal-disable-failing-tests.patch @@ -0,0 +1,33 @@ +Disable some tests that are known to fail: + +https://github.com/pimutils/khal/issues/546 +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844081 + +diff --git a/tests/khalendar_test.py b/tests/khalendar_test.py +index fd8dcc6..17732bf 100644 +--- a/tests/khalendar_test.py ++++ b/tests/khalendar_test.py +@@ -65,6 +65,7 @@ class TestCalendar(object): + else: + mtimes[cal] = mtime + ++ @pytest.mark.xfail + def test_db_needs_update(self, coll_vdirs): + coll, vdirs = coll_vdirs + +@@ -321,6 +322,7 @@ class TestDbCreation(object): + CalendarCollection(calendars, dbpath=dbpath, locale=aux.locale) + + ++@pytest.mark.xfail + def test_default_calendar(coll_vdirs): + """test if an update to the vdir is detected by the CalendarCollection""" + coll, vdirs = coll_vdirs +@@ -341,6 +343,7 @@ def test_default_calendar(coll_vdirs): + assert len(list(coll.get_events_on(today))) == 0 + + ++@pytest.mark.xfail + def test_only_update_old_event(coll_vdirs, monkeypatch): + coll, vdirs = coll_vdirs + -- cgit v1.2.3 From aa21c764d65068783ae31febee2a92eb3d138a24 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 6 Jan 2017 13:43:38 -0500 Subject: gnu: python-pycrypto: Fix CVE-2013-7459. * gnu/packages/patches/python-pycrypto-CVE-2013-7459.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/python.scm (python-pycrypto, python2-pycrypto)[source]: Use the patch. Use pypi-uri. --- gnu/local.mk | 1 + .../patches/python-pycrypto-CVE-2013-7459.patch | 97 ++++++++++++++++++++++ gnu/packages/python.scm | 12 ++- 3 files changed, 103 insertions(+), 7 deletions(-) create mode 100644 gnu/packages/patches/python-pycrypto-CVE-2013-7459.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 2fbb01fb2e..1889a0ecd6 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -827,6 +827,7 @@ dist_patch_DATA = \ %D%/packages/patches/python-configobj-setuptools.patch \ %D%/packages/patches/python-paste-remove-website-test.patch \ %D%/packages/patches/python-paste-remove-timing-test.patch \ + %D%/packages/patches/python-pycrypto-CVE-2013-7459.patch \ %D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \ %D%/packages/patches/qt4-ldflags.patch \ %D%/packages/patches/quickswitch-fix-dmenu-check.patch \ diff --git a/gnu/packages/patches/python-pycrypto-CVE-2013-7459.patch b/gnu/packages/patches/python-pycrypto-CVE-2013-7459.patch new file mode 100644 index 0000000000..3570b94e9b --- /dev/null +++ b/gnu/packages/patches/python-pycrypto-CVE-2013-7459.patch @@ -0,0 +1,97 @@ +Fix CVE-2013-7459: + +https://github.com/dlitz/pycrypto/issues/176 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7459 + +Copied from Debian: + +https://anonscm.debian.org/cgit/collab-maint/python-crypto.git/commit/?id=0de2243837ed369a086f15c50cca2be85bdfab9d + +Debian adapts this upstream commit: + +https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4 + +From 8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4 Mon Sep 17 00:00:00 2001 +From: Legrandin +Date: Sun, 22 Dec 2013 22:24:46 +0100 +Subject: [PATCH] Throw exception when IV is used with ECB or CTR + +The IV parameter is currently ignored when initializing +a cipher in ECB or CTR mode. + +For CTR mode, it is confusing: it takes some time to see +that a different parameter is needed (the counter). + +For ECB mode, it is outright dangerous. + +This patch forces an exception to be raised. +--- + lib/Crypto/SelfTest/Cipher/common.py | 31 +++++++++++++++++++++++-------- + src/block_template.c | 11 +++++++++++ + 2 files changed, 34 insertions(+), 8 deletions(-) + +--- a/lib/Crypto/SelfTest/Cipher/common.py ++++ b/lib/Crypto/SelfTest/Cipher/common.py +@@ -239,19 +239,34 @@ class RoundtripTest(unittest.TestCase): + return """%s .decrypt() output of .encrypt() should not be garbled""" % (self.module_name,) + + def runTest(self): +- for mode in (self.module.MODE_ECB, self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_OFB, self.module.MODE_OPENPGP): ++ ++ ## ECB mode ++ mode = self.module.MODE_ECB ++ encryption_cipher = self.module.new(a2b_hex(self.key), mode) ++ ciphertext = encryption_cipher.encrypt(self.plaintext) ++ decryption_cipher = self.module.new(a2b_hex(self.key), mode) ++ decrypted_plaintext = decryption_cipher.decrypt(ciphertext) ++ self.assertEqual(self.plaintext, decrypted_plaintext) ++ ++ ## OPENPGP mode ++ mode = self.module.MODE_OPENPGP ++ encryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv) ++ eiv_ciphertext = encryption_cipher.encrypt(self.plaintext) ++ eiv = eiv_ciphertext[:self.module.block_size+2] ++ ciphertext = eiv_ciphertext[self.module.block_size+2:] ++ decryption_cipher = self.module.new(a2b_hex(self.key), mode, eiv) ++ decrypted_plaintext = decryption_cipher.decrypt(ciphertext) ++ self.assertEqual(self.plaintext, decrypted_plaintext) ++ ++ ## All other non-AEAD modes (but CTR) ++ for mode in (self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_OFB): + encryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv) + ciphertext = encryption_cipher.encrypt(self.plaintext) +- +- if mode != self.module.MODE_OPENPGP: +- decryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv) +- else: +- eiv = ciphertext[:self.module.block_size+2] +- ciphertext = ciphertext[self.module.block_size+2:] +- decryption_cipher = self.module.new(a2b_hex(self.key), mode, eiv) ++ decryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv) + decrypted_plaintext = decryption_cipher.decrypt(ciphertext) + self.assertEqual(self.plaintext, decrypted_plaintext) + ++ + class PGPTest(unittest.TestCase): + def __init__(self, module, params): + unittest.TestCase.__init__(self) +--- a/src/block_template.c ++++ b/src/block_template.c +@@ -170,6 +170,17 @@ ALGnew(PyObject *self, PyObject *args, P + "Key cannot be the null string"); + return NULL; + } ++ if (IVlen != 0 && mode == MODE_ECB) ++ { ++ PyErr_Format(PyExc_ValueError, "ECB mode does not use IV"); ++ return NULL; ++ } ++ if (IVlen != 0 && mode == MODE_CTR) ++ { ++ PyErr_Format(PyExc_ValueError, ++ "CTR mode needs counter parameter, not IV"); ++ return NULL; ++ } + if (IVlen != BLOCK_SIZE && mode != MODE_ECB && mode != MODE_CTR) + { + PyErr_Format(PyExc_ValueError, diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 5faebae3d9..d8ca83d810 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -958,13 +958,11 @@ Python 3 support.") (define-public python2-setuptools (package-with-python2 python-setuptools)) -;;; Pycrypto is abandoned upstream [0] and contains at least one bug that can be -;;; exploited to achieve arbitrary code execution [1]. +;;; Pycrypto is abandoned upstream: ;;; -;;; TODO Remove this package from GNU Guix. +;;; https://github.com/dlitz/pycrypto/issues/173 ;;; -;;; [0] https://github.com/dlitz/pycrypto/issues/173 -;;; [1] https://github.com/dlitz/pycrypto/issues/176 +;;; TODO Remove this package from GNU Guix. (define-public python-pycrypto (package (name "python-pycrypto") @@ -972,8 +970,8 @@ Python 3 support.") (source (origin (method url-fetch) - (uri (string-append "https://pypi.python.org/packages/source/p/" - "pycrypto/pycrypto-" version ".tar.gz")) + (uri (pypi-uri "pycrypto" version)) + (patches (search-patches "python-pycrypto-CVE-2013-7459.patch")) (sha256 (base32 "0g0ayql5b9mkjam8hym6zyg6bv77lbh66rv1fyvgqb17kfc1xkpj")))) -- cgit v1.2.3