From 0fd8013fcaafa9f53c7e304b2573c0314471df89 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Fri, 30 Jun 2017 22:45:01 +0200 Subject: gnu: guile-rsvg: Update to commit 05c6a2fd. * gnu/packages/gtk.scm (guile-rsvg): Update to commit 05c6a2fd. [source](url): Change to gitlab.com. (snippet): Use @GUILE_EFFECTIVE_VERSION@ instead of "2.0". * gnu/packages/patches/guile-rsvg-pkgconfig.patch: Use "$GUILE_EFFECTIVE_VERSION" instead of "2.0". --- gnu/packages/patches/guile-rsvg-pkgconfig.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/guile-rsvg-pkgconfig.patch b/gnu/packages/patches/guile-rsvg-pkgconfig.patch index 2272b4e1cd..51483a3472 100644 --- a/gnu/packages/patches/guile-rsvg-pkgconfig.patch +++ b/gnu/packages/patches/guile-rsvg-pkgconfig.patch @@ -9,7 +9,7 @@ and LDFLAGS for Guile would not be captured. +dnl The above macro fails to set the 'GUILE_CFLAGS' and 'GUILE_LIBS' +dnl substitution variables, hence this line. -+PKG_CHECK_MODULES(GUILE, guile-2.0) ++PKG_CHECK_MODULES(GUILE, guile-$GUILE_EFFECTIVE_VERSION) + PKG_CHECK_MODULES(GUILE_CAIRO, guile-cairo >= 1.4.0) AC_SUBST(GUILE_CAIRO_LIBS) -- cgit v1.2.3 From 6b820ef15d532a3d0016be657a99d88377c7e03c Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sat, 1 Jul 2017 16:02:45 -0400 Subject: Revert "gnu: guile-rsvg: Update to commit 05c6a2fd." This reverts commit 0fd8013fcaafa9f53c7e304b2573c0314471df89. --- gnu/packages/gtk.scm | 78 ++++++++++++------------- gnu/packages/patches/guile-rsvg-pkgconfig.patch | 2 +- 2 files changed, 37 insertions(+), 43 deletions(-) (limited to 'gnu/packages/patches') diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm index a02e885f56..bb80ef6418 100644 --- a/gnu/packages/gtk.scm +++ b/gnu/packages/gtk.scm @@ -813,49 +813,43 @@ exceptions, macros, and a dynamic programming environment.") (license license:lgpl3+))) (define-public guile-rsvg - ;; Use a recent snapshot that supports Guile 2.2 and beyond. - (let ((commit "05c6a2fd67e4fea1a7c3ff776729dc931bae6678") - (revision "0")) - (package - (name "guile-rsvg") - (version (string-append "2.18.1-" revision "." - (string-take commit 7))) - (source (origin - (method url-fetch) - (uri (string-append "https://gitlab.com/wingo/guile-rsvg/" - "repository/archive.tar.gz?ref=" - commit)) - (sha256 - (base32 - "0vdzjx8l5nc4y2xjqs0g1rqn1zrwfsm30brh5gz00r1x41a2pvv2")) - (patches (search-patches "guile-rsvg-pkgconfig.patch")) - (modules '((guix build utils))) - (snippet - '(substitute* (find-files "." "Makefile\\.am") - (("/share/guile/site") - "/share/guile/site/@GUILE_EFFECTIVE_VERSION@"))) - (file-name (string-append name "-" version ".tar.gz")))) - (build-system gnu-build-system) - (arguments - `(#:phases (modify-phases %standard-phases - (add-before 'configure 'bootstrap - (lambda _ - (zero? (system* "autoreconf" "-vfi"))))))) - (native-inputs `(("pkg-config" ,pkg-config) - ("autoconf" ,autoconf) - ("automake" ,automake) - ("libtool" ,libtool) - ("texinfo" ,texinfo))) - (inputs `(("guile" ,guile-2.0) - ("librsvg" ,librsvg) - ("guile-lib" ,guile2.0-lib))) ;for (unit-test) - (propagated-inputs `(("guile-cairo" ,guile-cairo))) - (synopsis "Render SVG images using Cairo from Guile") - (description - "Guile-RSVG wraps the RSVG library for Guile, allowing you to render SVG + (package + (name "guile-rsvg") + (version "2.18.1") + (source (origin + (method url-fetch) + (uri (string-append "http://wingolog.org/pub/guile-rsvg/" + name "-" version ".tar.gz")) + (sha256 + (base32 + "136f236iw3yrrz6pkkp1ma9c5mrs5icqha6pnawinqpk892r3jh7")) + (patches (search-patches "guile-rsvg-pkgconfig.patch")) + (modules '((guix build utils))) + (snippet + '(substitute* (find-files "." "Makefile\\.am") + (("/share/guile/site") + "/share/guile/site/2.0"))))) + (build-system gnu-build-system) + (arguments + `(#:phases (modify-phases %standard-phases + (add-before 'configure 'bootstrap + (lambda _ + (zero? (system* "autoreconf" "-vfi"))))))) + (native-inputs `(("pkg-config" ,pkg-config) + ("autoconf" ,autoconf) + ("automake" ,automake) + ("libtool" ,libtool) + ("texinfo" ,texinfo))) + (inputs `(("guile" ,guile-2.0) + ("librsvg" ,librsvg) + ("guile-lib" ,guile2.0-lib))) ;for (unit-test) + (propagated-inputs `(("guile-cairo" ,guile-cairo))) + (synopsis "Render SVG images using Cairo from Guile") + (description + "Guile-RSVG wraps the RSVG library for Guile, allowing you to render SVG images onto Cairo surfaces.") - (home-page "http://wingolog.org/projects/guile-rsvg/") - (license license:lgpl2.1+)))) + (home-page "http://wingolog.org/projects/guile-rsvg/") + (license license:lgpl2.1+))) (define-public guile-present (package diff --git a/gnu/packages/patches/guile-rsvg-pkgconfig.patch b/gnu/packages/patches/guile-rsvg-pkgconfig.patch index 51483a3472..2272b4e1cd 100644 --- a/gnu/packages/patches/guile-rsvg-pkgconfig.patch +++ b/gnu/packages/patches/guile-rsvg-pkgconfig.patch @@ -9,7 +9,7 @@ and LDFLAGS for Guile would not be captured. +dnl The above macro fails to set the 'GUILE_CFLAGS' and 'GUILE_LIBS' +dnl substitution variables, hence this line. -+PKG_CHECK_MODULES(GUILE, guile-$GUILE_EFFECTIVE_VERSION) ++PKG_CHECK_MODULES(GUILE, guile-2.0) + PKG_CHECK_MODULES(GUILE_CAIRO, guile-cairo >= 1.4.0) AC_SUBST(GUILE_CAIRO_LIBS) -- cgit v1.2.3 From 1b0f266e40aead09be95a984bd9c6cec3dff397e Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Sun, 2 Jul 2017 22:45:33 +0200 Subject: gnu: Switch guile-cairo and dependents to Guile 2.2 again. Fixes . Reported by Leo Famulari . This reinstates the following commits: e3ddb1e83 * gnu: guile-cairo: Switch to Guile 2.2. ae5c6ef39 * gnu: guile-gnome: Update to 2.16.5. 0fd8013fc * gnu: guile-rsvg: Update to commit 05c6a2fd. 66b9183c4 * gnu: guile-lib: Switch to Guile 2.2. and adds the following changes: * gnu/bootloader/grub.scm (svg->png): Add 'package->derivation' call for GUILE-2.2. Pass #:guile-for-build to 'gexp->derivation'. * gnu/build/svg.scm (svg->png): Add 'em' and 'ex' to the 'let-values' form to account for all the values returned by 'rsvg-handle-get-dimensions', which Guile 2.2 does not truncate. --- gnu/bootloader/grub.scm | 35 +++++---- gnu/build/svg.scm | 4 +- gnu/packages/gtk.scm | 94 ++++++++++++++----------- gnu/packages/guile.scm | 9 ++- gnu/packages/patches/guile-rsvg-pkgconfig.patch | 2 +- gnu/packages/plotutils.scm | 4 +- gnu/packages/skribilo.scm | 2 +- 7 files changed, 83 insertions(+), 67 deletions(-) (limited to 'gnu/packages/patches') diff --git a/gnu/bootloader/grub.scm b/gnu/bootloader/grub.scm index f1cc3324db..880491c983 100644 --- a/gnu/bootloader/grub.scm +++ b/gnu/bootloader/grub.scm @@ -34,6 +34,7 @@ #:autoload (gnu packages bootloaders) (grub) #:autoload (gnu packages compression) (gzip) #:autoload (gnu packages gtk) (guile-cairo guile-rsvg) + #:autoload (gnu packages guile) (guile-2.2) #:use-module (ice-9 match) #:use-module (ice-9 regex) #:use-module (srfi srfi-1) @@ -118,21 +119,25 @@ otherwise." (define* (svg->png svg #:key width height) "Build a PNG of HEIGHT x WIDTH from SVG." - (gexp->derivation "grub-image.png" - (with-imported-modules '((gnu build svg)) - #~(begin - ;; We need these two libraries. - (add-to-load-path (string-append #+guile-rsvg - "/share/guile/site/" - (effective-version))) - (add-to-load-path (string-append #+guile-cairo - "/share/guile/site/" - (effective-version))) - - (use-modules (gnu build svg)) - (svg->png #+svg #$output - #:width #$width - #:height #$height))))) + ;; Note: Guile-RSVG & co. are now built for Guile 2.2, so we use 2.2 here. + ;; TODO: Remove #:guile-for-build when 2.2 has become the default. + (mlet %store-monad ((guile (package->derivation guile-2.2 #:graft? #f))) + (gexp->derivation "grub-image.png" + (with-imported-modules '((gnu build svg)) + #~(begin + ;; We need these two libraries. + (add-to-load-path (string-append #+guile-rsvg + "/share/guile/site/" + (effective-version))) + (add-to-load-path (string-append #+guile-cairo + "/share/guile/site/" + (effective-version))) + + (use-modules (gnu build svg)) + (svg->png #+svg #$output + #:width #$width + #:height #$height))) + #:guile-for-build guile))) (define* (grub-background-image config #:key (width 1024) (height 768)) "Return the GRUB background image defined in CONFIG with a ratio of diff --git a/gnu/build/svg.scm b/gnu/build/svg.scm index f7e92a1a19..b5474ec4a0 100644 --- a/gnu/build/svg.scm +++ b/gnu/build/svg.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2016 Ludovic Courtès +;;; Copyright © 2016, 2017 Ludovic Courtès ;;; Copyright © 2015 Andy Wingo ;;; ;;; This file is part of GNU Guix. @@ -50,7 +50,7 @@ dimensions of IN-SVG." (define svg (rsvg-handle-new-from-file in-svg)) - (let-values (((origin-width origin-height) + (let-values (((origin-width origin-height em ex) (rsvg-handle-get-dimensions svg))) (let* ((surf (cairo-image-surface-create 'argb32 origin-width origin-height)) diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm index 1d9ee15246..d5b472049d 100644 --- a/gnu/packages/gtk.scm +++ b/gnu/packages/gtk.scm @@ -795,7 +795,7 @@ application suites.") (inputs `(("guile-lib" ,guile-lib) ("expat" ,expat) - ("guile" ,guile-2.0))) + ("guile" ,guile-2.2))) (propagated-inputs ;; The .pc file refers to 'cairo'. `(("cairo" ,cairo))) @@ -813,43 +813,49 @@ exceptions, macros, and a dynamic programming environment.") (license license:lgpl3+))) (define-public guile-rsvg - (package - (name "guile-rsvg") - (version "2.18.1") - (source (origin - (method url-fetch) - (uri (string-append "http://wingolog.org/pub/guile-rsvg/" - name "-" version ".tar.gz")) - (sha256 - (base32 - "136f236iw3yrrz6pkkp1ma9c5mrs5icqha6pnawinqpk892r3jh7")) - (patches (search-patches "guile-rsvg-pkgconfig.patch")) - (modules '((guix build utils))) - (snippet - '(substitute* (find-files "." "Makefile\\.am") - (("/share/guile/site") - "/share/guile/site/2.0"))))) - (build-system gnu-build-system) - (arguments - `(#:phases (modify-phases %standard-phases - (add-before 'configure 'bootstrap - (lambda _ - (zero? (system* "autoreconf" "-vfi"))))))) - (native-inputs `(("pkg-config" ,pkg-config) - ("autoconf" ,autoconf) - ("automake" ,automake) - ("libtool" ,libtool) - ("texinfo" ,texinfo))) - (inputs `(("guile" ,guile-2.0) - ("librsvg" ,librsvg) - ("guile-lib" ,guile-lib))) ;for (unit-test) - (propagated-inputs `(("guile-cairo" ,guile-cairo))) - (synopsis "Render SVG images using Cairo from Guile") - (description - "Guile-RSVG wraps the RSVG library for Guile, allowing you to render SVG + ;; Use a recent snapshot that supports Guile 2.2 and beyond. + (let ((commit "05c6a2fd67e4fea1a7c3ff776729dc931bae6678") + (revision "0")) + (package + (name "guile-rsvg") + (version (string-append "2.18.1-" revision "." + (string-take commit 7))) + (source (origin + (method url-fetch) + (uri (string-append "https://gitlab.com/wingo/guile-rsvg/" + "repository/archive.tar.gz?ref=" + commit)) + (sha256 + (base32 + "0vdzjx8l5nc4y2xjqs0g1rqn1zrwfsm30brh5gz00r1x41a2pvv2")) + (patches (search-patches "guile-rsvg-pkgconfig.patch")) + (modules '((guix build utils))) + (snippet + '(substitute* (find-files "." "Makefile\\.am") + (("/share/guile/site") + "/share/guile/site/@GUILE_EFFECTIVE_VERSION@"))) + (file-name (string-append name "-" version ".tar.gz")))) + (build-system gnu-build-system) + (arguments + `(#:phases (modify-phases %standard-phases + (add-before 'configure 'bootstrap + (lambda _ + (zero? (system* "autoreconf" "-vfi"))))))) + (native-inputs `(("pkg-config" ,pkg-config) + ("autoconf" ,autoconf) + ("automake" ,automake) + ("libtool" ,libtool) + ("texinfo" ,texinfo))) + (inputs `(("guile" ,guile-2.2) + ("librsvg" ,librsvg) + ("guile-lib" ,guile-lib))) ;for (unit-test) + (propagated-inputs `(("guile-cairo" ,guile-cairo))) + (synopsis "Render SVG images using Cairo from Guile") + (description + "Guile-RSVG wraps the RSVG library for Guile, allowing you to render SVG images onto Cairo surfaces.") - (home-page "http://wingolog.org/projects/guile-rsvg/") - (license license:lgpl2.1+))) + (home-page "http://wingolog.org/projects/guile-rsvg/") + (license license:lgpl2.1+)))) (define-public guile-present (package @@ -883,7 +889,7 @@ images onto Cairo surfaces.") out "/share/guile/site/2.0 "))))) %standard-phases))) (native-inputs `(("pkg-config" ,pkg-config))) - (inputs `(("guile" ,guile-2.0))) + (inputs `(("guile" ,guile-2.2))) (propagated-inputs ;; These are used by the (present …) modules. `(("guile-lib" ,guile-lib) @@ -902,7 +908,7 @@ documents.") (define-public guile-gnome (package (name "guile-gnome") - (version "2.16.4") + (version "2.16.5") (source (origin (method url-fetch) (uri @@ -911,7 +917,7 @@ documents.") version ".tar.gz")) (sha256 (base32 - "1hqnqbb2lmr3hgbcv9kds1himn3av6h0lkk0zll8agcrsn7d9axd")))) + "1gnf3j96nip5kl99a268i0dy1hj7s1cfs66sps3zwysnkd7qr399")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config) @@ -930,7 +936,7 @@ documents.") ("pango" ,pango) ("libffi" ,libffi) ("glib" ,glib))) - (inputs `(("guile" ,guile-2.0))) + (inputs `(("guile" ,guile-2.2))) (propagated-inputs `(("guile-cairo" ,guile-cairo) ("g-wrap" ,g-wrap) @@ -943,7 +949,7 @@ documents.") (let ((out (assoc-ref outputs "out"))) (substitute* (find-files "." "^Makefile.in$") (("guilesite :=.*guile/site" all) - (string-append all "/2.0"))) + (string-append all "/@GUILE_EFFECTIVE_VERSION@"))) #t)))))) (outputs '("out" "debug")) (synopsis "Guile interface for GTK+ programming for GNOME") @@ -951,7 +957,9 @@ documents.") "Includes guile-clutter, guile-gnome-gstreamer, guile-gnome-platform (GNOME developer libraries), and guile-gtksourceview.") (home-page "https://www.gnu.org/software/guile-gnome/") - (license license:gpl2+))) + (license license:gpl2+) + (properties '((upstream-name . "guile-gnome-platform") + (ftp-directory . "/gnu/guile-gnome/guile-gnome-platform"))))) ;;; ;;; C++ bindings. diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm index 7f6d15515c..6bff343429 100644 --- a/gnu/packages/guile.scm +++ b/gnu/packages/guile.scm @@ -624,7 +624,7 @@ format is also supported.") ("gettext" ,gettext-minimal) ("pkg-config" ,pkg-config))) (inputs `(("guile" ,guile-2.0) ("which" ,which))) - (propagated-inputs `(("guile-lib" ,guile-lib))) + (propagated-inputs `(("guile-lib" ,guile2.0-lib))) (home-page "https://github.com/artyom-poptsov/guile-ics") (synopsis "Guile parser library for the iCalendar format") (description @@ -661,7 +661,7 @@ The library is shipped with documentation in Info format and usage examples.") $(libdir)/guile/@GUILE_EFFECTIVE_VERSION@/site-ccache\n")) #t))))) (native-inputs `(("pkg-config" ,pkg-config))) - (inputs `(("guile" ,guile-2.0))) + (inputs `(("guile" ,guile-2.2))) (home-page "http://www.nongnu.org/guile-lib/") (synopsis "Collection of useful Guile Scheme modules") (description @@ -675,8 +675,11 @@ for Guile\".") ;; details. (license license:gpl3+))) +(define-public guile2.0-lib + (package-for-guile-2.0 guile-lib)) + (define-public guile2.2-lib - (package-for-guile-2.2 guile-lib)) + (deprecated-package "guile2.2-lib" guile-lib)) (define-public guile-json (package diff --git a/gnu/packages/patches/guile-rsvg-pkgconfig.patch b/gnu/packages/patches/guile-rsvg-pkgconfig.patch index 2272b4e1cd..51483a3472 100644 --- a/gnu/packages/patches/guile-rsvg-pkgconfig.patch +++ b/gnu/packages/patches/guile-rsvg-pkgconfig.patch @@ -9,7 +9,7 @@ and LDFLAGS for Guile would not be captured. +dnl The above macro fails to set the 'GUILE_CFLAGS' and 'GUILE_LIBS' +dnl substitution variables, hence this line. -+PKG_CHECK_MODULES(GUILE, guile-2.0) ++PKG_CHECK_MODULES(GUILE, guile-$GUILE_EFFECTIVE_VERSION) + PKG_CHECK_MODULES(GUILE_CAIRO, guile-cairo >= 1.4.0) AC_SUBST(GUILE_CAIRO_LIBS) diff --git a/gnu/packages/plotutils.scm b/gnu/packages/plotutils.scm index f94d56992e..482ae1b862 100644 --- a/gnu/packages/plotutils.scm +++ b/gnu/packages/plotutils.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès +;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès ;;; Copyright © 2015 Eric Bavier ;;; Copyright © 2016, 2017 Nicolas Goaziou ;;; @@ -100,7 +100,7 @@ scientific data.") "godir = $(moddir)\n")))))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) - (inputs `(("guile" ,guile-2.0))) + (inputs `(("guile" ,guile-2.2))) (propagated-inputs `(("guile-cairo" ,guile-cairo))) (home-page "http://wingolog.org/software/guile-charting/") (synopsis "Create charts and graphs in Guile") diff --git a/gnu/packages/skribilo.scm b/gnu/packages/skribilo.scm index 78b4806c8c..458d91e569 100644 --- a/gnu/packages/skribilo.scm +++ b/gnu/packages/skribilo.scm @@ -74,7 +74,7 @@ ;; The 'skribilo' command needs them, and for people using Skribilo as a ;; library, these inputs are needed as well. (propagated-inputs `(("guile-reader" ,guile2.0-reader) - ("guile-lib" ,guile-lib))) + ("guile-lib" ,guile2.0-lib))) (home-page "http://www.nongnu.org/skribilo/") (synopsis "Document production tool written in Guile Scheme") -- cgit v1.2.3 From 85c774808fc13a0adc603784b2358a7c285c4822 Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Fri, 30 Jun 2017 17:36:35 -0400 Subject: gnu: gcr: Enable working tests. * gnu/packages/patches/gcr-disable-failing-tests.patch, gnu/packages/patches/gcr-fix-collection-tests-to-work-with-gpg-21.patch: New files. * gnu/local.mk (dist_patch_DATA): Add patches. * gnu/packages/gnome.scm (gcr)[source]: Use patches. [arguments]: Enable tests. --- gnu/local.mk | 2 + gnu/packages/gnome.scm | 9 +- .../patches/gcr-disable-failing-tests.patch | 127 +++++++++++++++++++++ ...-fix-collection-tests-to-work-with-gpg-21.patch | 31 +++++ 4 files changed, 165 insertions(+), 4 deletions(-) create mode 100644 gnu/packages/patches/gcr-disable-failing-tests.patch create mode 100644 gnu/packages/patches/gcr-fix-collection-tests-to-work-with-gpg-21.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 83b0196055..22df8dfdda 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -614,6 +614,8 @@ dist_patch_DATA = \ %D%/packages/patches/gcc-5-source-date-epoch-2.patch \ %D%/packages/patches/gcc-6-arm-none-eabi-multilib.patch \ %D%/packages/patches/gcc-6-cross-environment-variables.patch \ + %D%/packages/patches/gcr-disable-failing-tests.patch \ + %D%/packages/patches/gcr-fix-collection-tests-to-work-with-gpg-21.patch \ %D%/packages/patches/gdk-pixbuf-list-dir.patch \ %D%/packages/patches/gd-fix-gd2-read-test.patch \ %D%/packages/patches/gd-fix-tests-on-i686.patch \ diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index e6072e033a..3491f4be1c 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -470,12 +470,13 @@ and keep up to date translations of documentation.") name "-" version ".tar.xz")) (sha256 (base32 - "0ydk9dzxx6snxza7j5ps8x932hbr3x1b8hhcaqjq4w4admi2qmwh")))) + "0ydk9dzxx6snxza7j5ps8x932hbr3x1b8hhcaqjq4w4admi2qmwh")) + (patches + (search-patches "gcr-disable-failing-tests.patch" + "gcr-fix-collection-tests-to-work-with-gpg-21.patch")))) (build-system gnu-build-system) (arguments - '(#:tests? #f ;25 of 598 tests fail because /var/lib/dbus/machine-id does - ;not exist - #:phases (modify-phases %standard-phases + '(#:phases (modify-phases %standard-phases (add-before 'check 'pre-check (lambda* (#:key inputs #:allow-other-keys) diff --git a/gnu/packages/patches/gcr-disable-failing-tests.patch b/gnu/packages/patches/gcr-disable-failing-tests.patch new file mode 100644 index 0000000000..661fc1e7de --- /dev/null +++ b/gnu/packages/patches/gcr-disable-failing-tests.patch @@ -0,0 +1,127 @@ +This patch removes a group of tests that fail because /var/lib/dbus/machine-id +is not present in the build environment. + +diff -ur gcr-3.20.0.old/Makefile.in gcr-3.20.0/Makefile.in +--- gcr-3.20.0.old/Makefile.in 2017-06-29 14:26:33.794837648 -0400 ++++ gcr-3.20.0/Makefile.in 2017-06-29 14:26:54.023532689 -0400 +@@ -482,8 +482,7 @@ + test-openssh$(EXEEXT) test-secure-memory$(EXEEXT) \ + test-trust$(EXEEXT) test-parser$(EXEEXT) test-record$(EXEEXT) \ + test-memory-icon$(EXEEXT) test-gnupg-key$(EXEEXT) \ +- test-gnupg-collection$(EXEEXT) test-gnupg-process$(EXEEXT) \ +- test-system-prompt$(EXEEXT) ++ test-gnupg-collection$(EXEEXT) test-gnupg-process$(EXEEXT) + @WITH_GTK_TRUE@am__EXEEXT_4 = frob-certificate$(EXEEXT) \ + @WITH_GTK_TRUE@ frob-combo-selector$(EXEEXT) \ + @WITH_GTK_TRUE@ frob-gnupg-selector$(EXEEXT) \ +@@ -882,14 +881,6 @@ + am_test_symkey_OBJECTS = egg/test-symkey.$(OBJEXT) + test_symkey_OBJECTS = $(am_test_symkey_OBJECTS) + test_symkey_DEPENDENCIES = $(am__DEPENDENCIES_4) +-am_test_system_prompt_OBJECTS = \ +- gcr/test_system_prompt-test-system-prompt.$(OBJEXT) +-test_system_prompt_OBJECTS = $(am_test_system_prompt_OBJECTS) +-test_system_prompt_DEPENDENCIES = $(am__DEPENDENCIES_3) +-test_system_prompt_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ +- $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ +- $(test_system_prompt_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ + am_test_trust_OBJECTS = gcr/test_trust-test-trust.$(OBJEXT) + test_trust_OBJECTS = $(am_test_trust_OBJECTS) + test_trust_DEPENDENCIES = $(am__DEPENDENCIES_3) +@@ -974,8 +965,7 @@ + $(test_secret_exchange_SOURCES) $(test_secure_memory_SOURCES) \ + $(test_simple_certificate_SOURCES) \ + $(test_subject_public_key_SOURCES) $(test_symkey_SOURCES) \ +- $(test_system_prompt_SOURCES) $(test_trust_SOURCES) \ +- $(test_util_SOURCES) ++ $(test_trust_SOURCES) $(test_util_SOURCES) + DIST_SOURCES = $(libegg_asn1x_la_SOURCES) $(libegg_hex_la_SOURCES) \ + $(libegg_secmem_la_SOURCES) $(libegg_test_la_SOURCES) \ + $(libegg_la_SOURCES) $(libgck_@GCK_MAJOR@_la_SOURCES) \ +@@ -1016,8 +1006,7 @@ + $(test_secret_exchange_SOURCES) $(test_secure_memory_SOURCES) \ + $(test_simple_certificate_SOURCES) \ + $(test_subject_public_key_SOURCES) $(test_symkey_SOURCES) \ +- $(test_system_prompt_SOURCES) $(test_trust_SOURCES) \ +- $(test_util_SOURCES) ++ $(test_trust_SOURCES) $(test_util_SOURCES) + RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ + ctags-recursive dvi-recursive html-recursive info-recursive \ + install-data-recursive install-dvi-recursive \ +@@ -2117,8 +2106,7 @@ + test-memory-icon \ + test-gnupg-key \ + test-gnupg-collection \ +- test-gnupg-process \ +- test-system-prompt ++ test-gnupg-process + + test_certificate_SOURCES = gcr/test-certificate.c + test_certificate_CFLAGS = $(gcr_CFLAGS) +@@ -2171,9 +2159,6 @@ + test_subject_public_key_SOURCES = gcr/test-subject-public-key.c + test_subject_public_key_CFLAGS = $(gcr_CFLAGS) + test_subject_public_key_LDADD = $(gcr_LIBS) +-test_system_prompt_SOURCES = gcr/test-system-prompt.c +-test_system_prompt_CFLAGS = $(gcr_CFLAGS) +-test_system_prompt_LDADD = $(gcr_LIBS) + test_trust_SOURCES = gcr/test-trust.c + test_trust_CFLAGS = $(gcr_CFLAGS) + test_trust_LDADD = $(gcr_LIBS) +@@ -3283,12 +3268,7 @@ + test-symkey$(EXEEXT): $(test_symkey_OBJECTS) $(test_symkey_DEPENDENCIES) $(EXTRA_test_symkey_DEPENDENCIES) + @rm -f test-symkey$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_symkey_OBJECTS) $(test_symkey_LDADD) $(LIBS) +-gcr/test_system_prompt-test-system-prompt.$(OBJEXT): \ +- gcr/$(am__dirstamp) gcr/$(DEPDIR)/$(am__dirstamp) + +-test-system-prompt$(EXEEXT): $(test_system_prompt_OBJECTS) $(test_system_prompt_DEPENDENCIES) $(EXTRA_test_system_prompt_DEPENDENCIES) +- @rm -f test-system-prompt$(EXEEXT) +- $(AM_V_CCLD)$(test_system_prompt_LINK) $(test_system_prompt_OBJECTS) $(test_system_prompt_LDADD) $(LIBS) + gcr/test_trust-test-trust.$(OBJEXT): gcr/$(am__dirstamp) \ + gcr/$(DEPDIR)/$(am__dirstamp) + +@@ -3446,7 +3426,6 @@ + @AMDEP_TRUE@@am__include@ @am__quote@gcr/$(DEPDIR)/test_secure_memory-test-secure-memory.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@gcr/$(DEPDIR)/test_simple_certificate-test-simple-certificate.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@gcr/$(DEPDIR)/test_subject_public_key-test-subject-public-key.Po@am__quote@ +-@AMDEP_TRUE@@am__include@ @am__quote@gcr/$(DEPDIR)/test_system_prompt-test-system-prompt.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@gcr/$(DEPDIR)/test_trust-test-trust.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@gcr/$(DEPDIR)/test_util-test-util.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@ui/$(DEPDIR)/frob_certificate-frob-certificate.Po@am__quote@ +@@ -4968,20 +4947,6 @@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ + @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_subject_public_key_CFLAGS) $(CFLAGS) -c -o gcr/test_subject_public_key-test-subject-public-key.obj `if test -f 'gcr/test-subject-public-key.c'; then $(CYGPATH_W) 'gcr/test-subject-public-key.c'; else $(CYGPATH_W) '$(srcdir)/gcr/test-subject-public-key.c'; fi` + +-gcr/test_system_prompt-test-system-prompt.o: gcr/test-system-prompt.c +-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_system_prompt_CFLAGS) $(CFLAGS) -MT gcr/test_system_prompt-test-system-prompt.o -MD -MP -MF gcr/$(DEPDIR)/test_system_prompt-test-system-prompt.Tpo -c -o gcr/test_system_prompt-test-system-prompt.o `test -f 'gcr/test-system-prompt.c' || echo '$(srcdir)/'`gcr/test-system-prompt.c +-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) gcr/$(DEPDIR)/test_system_prompt-test-system-prompt.Tpo gcr/$(DEPDIR)/test_system_prompt-test-system-prompt.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='gcr/test-system-prompt.c' object='gcr/test_system_prompt-test-system-prompt.o' libtool=no @AMDEPBACKSLASH@ +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_system_prompt_CFLAGS) $(CFLAGS) -c -o gcr/test_system_prompt-test-system-prompt.o `test -f 'gcr/test-system-prompt.c' || echo '$(srcdir)/'`gcr/test-system-prompt.c +- +-gcr/test_system_prompt-test-system-prompt.obj: gcr/test-system-prompt.c +-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_system_prompt_CFLAGS) $(CFLAGS) -MT gcr/test_system_prompt-test-system-prompt.obj -MD -MP -MF gcr/$(DEPDIR)/test_system_prompt-test-system-prompt.Tpo -c -o gcr/test_system_prompt-test-system-prompt.obj `if test -f 'gcr/test-system-prompt.c'; then $(CYGPATH_W) 'gcr/test-system-prompt.c'; else $(CYGPATH_W) '$(srcdir)/gcr/test-system-prompt.c'; fi` +-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) gcr/$(DEPDIR)/test_system_prompt-test-system-prompt.Tpo gcr/$(DEPDIR)/test_system_prompt-test-system-prompt.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='gcr/test-system-prompt.c' object='gcr/test_system_prompt-test-system-prompt.obj' libtool=no @AMDEPBACKSLASH@ +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_system_prompt_CFLAGS) $(CFLAGS) -c -o gcr/test_system_prompt-test-system-prompt.obj `if test -f 'gcr/test-system-prompt.c'; then $(CYGPATH_W) 'gcr/test-system-prompt.c'; else $(CYGPATH_W) '$(srcdir)/gcr/test-system-prompt.c'; fi` +- + gcr/test_trust-test-trust.o: gcr/test-trust.c + @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_trust_CFLAGS) $(CFLAGS) -MT gcr/test_trust-test-trust.o -MD -MP -MF gcr/$(DEPDIR)/test_trust-test-trust.Tpo -c -o gcr/test_trust-test-trust.o `test -f 'gcr/test-trust.c' || echo '$(srcdir)/'`gcr/test-trust.c + @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) gcr/$(DEPDIR)/test_trust-test-trust.Tpo gcr/$(DEPDIR)/test_trust-test-trust.Po +@@ -5808,13 +5773,6 @@ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ +- "$$tst" $(AM_TESTS_FD_REDIRECT) +-test-system-prompt.log: test-system-prompt$(EXEEXT) +- @p='test-system-prompt$(EXEEXT)'; \ +- b='test-system-prompt'; \ +- $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ +- --log-file $$b.log --trs-file $$b.trs \ +- $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) + .test.log: + @p='$<'; \ diff --git a/gnu/packages/patches/gcr-fix-collection-tests-to-work-with-gpg-21.patch b/gnu/packages/patches/gcr-fix-collection-tests-to-work-with-gpg-21.patch new file mode 100644 index 0000000000..86a8ed1691 --- /dev/null +++ b/gnu/packages/patches/gcr-fix-collection-tests-to-work-with-gpg-21.patch @@ -0,0 +1,31 @@ +This patch comes from Debian. + +https://bugzilla.gnome.org/show_bug.cgi?id=771052 +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835737 + +--- gcr-3.20.0.old/gcr/test-gnupg-collection.c 2017-06-29 14:26:33.810838197 -0400 ++++ gcr-3.20.0/gcr/test-gnupg-collection.c 2017-06-30 17:25:09.149383067 -0400 +@@ -115,6 +115,14 @@ + + g_object_unref (test->collection); + ++ /* remove potential gpg 2.1 extras, ignore any errors. */ ++ cmd = g_strdup_printf ("rm -rf %s/*.d", test->directory); ++ system(cmd); ++ g_free(cmd); ++ cmd = g_strdup_printf ("rm -f %s/.gpg-v21-migrated", test->directory); ++ system(cmd); ++ g_free(cmd); ++ + cmd = g_strdup_printf ("rm -f %s/*", test->directory); + g_spawn_check_exit_status (system (cmd), &error); + g_assert_no_error (error); +@@ -202,7 +210,7 @@ + GcrGnupgKey *key; + + _gcr_gnupg_collection_load_async (test->collection, NULL, on_async_ready, test); +- egg_test_wait_until (500); ++ egg_test_wait_until (2500); + g_assert (test->result); + _gcr_gnupg_collection_load_finish (test->collection, test->result, &error); + g_assert_no_error (error); -- cgit v1.2.3 From 910f1709a8dd1a05d759c60fa35306137b98db10 Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Mon, 3 Jul 2017 18:20:10 -0400 Subject: gnu: gcr: Correct patch. * gnu/packages/patches/gcr-disable-failing-tests.patch: Correct erroneously committed file. This is a follow-up to commit 85c774808fc13a0adc603784b2358a7c285c4822. --- .../patches/gcr-disable-failing-tests.patch | 73 +++++++++++----------- 1 file changed, 36 insertions(+), 37 deletions(-) (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/gcr-disable-failing-tests.patch b/gnu/packages/patches/gcr-disable-failing-tests.patch index 661fc1e7de..862c51faf0 100644 --- a/gnu/packages/patches/gcr-disable-failing-tests.patch +++ b/gnu/packages/patches/gcr-disable-failing-tests.patch @@ -1,13 +1,12 @@ This patch removes a group of tests that fail because /var/lib/dbus/machine-id is not present in the build environment. -diff -ur gcr-3.20.0.old/Makefile.in gcr-3.20.0/Makefile.in ---- gcr-3.20.0.old/Makefile.in 2017-06-29 14:26:33.794837648 -0400 -+++ gcr-3.20.0/Makefile.in 2017-06-29 14:26:54.023532689 -0400 +--- gcr-3.20.0.old/Makefile.in 2017-07-03 18:05:10.742595317 -0400 ++++ gcr-3.20.0/Makefile.in 2017-07-03 18:08:26.379565428 -0400 @@ -482,8 +482,7 @@ - test-openssh$(EXEEXT) test-secure-memory$(EXEEXT) \ - test-trust$(EXEEXT) test-parser$(EXEEXT) test-record$(EXEEXT) \ - test-memory-icon$(EXEEXT) test-gnupg-key$(EXEEXT) \ + test-openssh$(EXEEXT) test-secure-memory$(EXEEXT) \ + test-trust$(EXEEXT) test-parser$(EXEEXT) test-record$(EXEEXT) \ + test-memory-icon$(EXEEXT) test-gnupg-key$(EXEEXT) \ - test-gnupg-collection$(EXEEXT) test-gnupg-process$(EXEEXT) \ - test-system-prompt$(EXEEXT) + test-gnupg-collection$(EXEEXT) test-gnupg-process$(EXEEXT) @@ -30,33 +29,33 @@ diff -ur gcr-3.20.0.old/Makefile.in gcr-3.20.0/Makefile.in test_trust_OBJECTS = $(am_test_trust_OBJECTS) test_trust_DEPENDENCIES = $(am__DEPENDENCIES_3) @@ -974,8 +965,7 @@ - $(test_secret_exchange_SOURCES) $(test_secure_memory_SOURCES) \ - $(test_simple_certificate_SOURCES) \ - $(test_subject_public_key_SOURCES) $(test_symkey_SOURCES) \ + $(test_secret_exchange_SOURCES) $(test_secure_memory_SOURCES) \ + $(test_simple_certificate_SOURCES) \ + $(test_subject_public_key_SOURCES) $(test_symkey_SOURCES) \ - $(test_system_prompt_SOURCES) $(test_trust_SOURCES) \ - $(test_util_SOURCES) + $(test_trust_SOURCES) $(test_util_SOURCES) DIST_SOURCES = $(libegg_asn1x_la_SOURCES) $(libegg_hex_la_SOURCES) \ - $(libegg_secmem_la_SOURCES) $(libegg_test_la_SOURCES) \ - $(libegg_la_SOURCES) $(libgck_@GCK_MAJOR@_la_SOURCES) \ + $(libegg_secmem_la_SOURCES) $(libegg_test_la_SOURCES) \ + $(libegg_la_SOURCES) $(libgck_@GCK_MAJOR@_la_SOURCES) \ @@ -1016,8 +1006,7 @@ - $(test_secret_exchange_SOURCES) $(test_secure_memory_SOURCES) \ - $(test_simple_certificate_SOURCES) \ - $(test_subject_public_key_SOURCES) $(test_symkey_SOURCES) \ + $(test_secret_exchange_SOURCES) $(test_secure_memory_SOURCES) \ + $(test_simple_certificate_SOURCES) \ + $(test_subject_public_key_SOURCES) $(test_symkey_SOURCES) \ - $(test_system_prompt_SOURCES) $(test_trust_SOURCES) \ - $(test_util_SOURCES) + $(test_trust_SOURCES) $(test_util_SOURCES) RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ - ctags-recursive dvi-recursive html-recursive info-recursive \ - install-data-recursive install-dvi-recursive \ + ctags-recursive dvi-recursive html-recursive info-recursive \ + install-data-recursive install-dvi-recursive \ @@ -2117,8 +2106,7 @@ - test-memory-icon \ - test-gnupg-key \ - test-gnupg-collection \ + test-memory-icon \ + test-gnupg-key \ + test-gnupg-collection \ - test-gnupg-process \ - test-system-prompt + test-gnupg-process - + test_certificate_SOURCES = gcr/test-certificate.c test_certificate_CFLAGS = $(gcr_CFLAGS) @@ -2171,9 +2159,6 @@ @@ -69,20 +68,20 @@ diff -ur gcr-3.20.0.old/Makefile.in gcr-3.20.0/Makefile.in test_trust_SOURCES = gcr/test-trust.c test_trust_CFLAGS = $(gcr_CFLAGS) test_trust_LDADD = $(gcr_LIBS) -@@ -3283,12 +3268,7 @@ - test-symkey$(EXEEXT): $(test_symkey_OBJECTS) $(test_symkey_DEPENDENCIES) $(EXTRA_test_symkey_DEPENDENCIES) - @rm -f test-symkey$(EXEEXT) - $(AM_V_CCLD)$(LINK) $(test_symkey_OBJECTS) $(test_symkey_LDADD) $(LIBS) +@@ -3283,12 +3268,6 @@ + test-symkey$(EXEEXT): $(test_symkey_OBJECTS) $(test_symkey_DEPENDENCIES) $(EXTRA_test_symkey_DEPENDENCIES) + @rm -f test-symkey$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_symkey_OBJECTS) $(test_symkey_LDADD) $(LIBS) -gcr/test_system_prompt-test-system-prompt.$(OBJEXT): \ - gcr/$(am__dirstamp) gcr/$(DEPDIR)/$(am__dirstamp) - --test-system-prompt$(EXEEXT): $(test_system_prompt_OBJECTS) $(test_system_prompt_DEPENDENCIES) $(EXTRA_test_system_prompt_DEPENDENCIES) +- +-test-system-prompt$(EXEEXT): $(test_system_prompt_OBJECTS) $(test_system_prompt_DEPENDENCIES) $(EXTRA_test_system_prompt_DEPENDENCIES) - @rm -f test-system-prompt$(EXEEXT) - $(AM_V_CCLD)$(test_system_prompt_LINK) $(test_system_prompt_OBJECTS) $(test_system_prompt_LDADD) $(LIBS) gcr/test_trust-test-trust.$(OBJEXT): gcr/$(am__dirstamp) \ - gcr/$(DEPDIR)/$(am__dirstamp) - -@@ -3446,7 +3426,6 @@ + gcr/$(DEPDIR)/$(am__dirstamp) + +@@ -3446,7 +3425,6 @@ @AMDEP_TRUE@@am__include@ @am__quote@gcr/$(DEPDIR)/test_secure_memory-test-secure-memory.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@gcr/$(DEPDIR)/test_simple_certificate-test-simple-certificate.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@gcr/$(DEPDIR)/test_subject_public_key-test-subject-public-key.Po@am__quote@ @@ -90,10 +89,10 @@ diff -ur gcr-3.20.0.old/Makefile.in gcr-3.20.0/Makefile.in @AMDEP_TRUE@@am__include@ @am__quote@gcr/$(DEPDIR)/test_trust-test-trust.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@gcr/$(DEPDIR)/test_util-test-util.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@ui/$(DEPDIR)/frob_certificate-frob-certificate.Po@am__quote@ -@@ -4968,20 +4947,6 @@ +@@ -4968,20 +4946,6 @@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_subject_public_key_CFLAGS) $(CFLAGS) -c -o gcr/test_subject_public_key-test-subject-public-key.obj `if test -f 'gcr/test-subject-public-key.c'; then $(CYGPATH_W) 'gcr/test-subject-public-key.c'; else $(CYGPATH_W) '$(srcdir)/gcr/test-subject-public-key.c'; fi` - + -gcr/test_system_prompt-test-system-prompt.o: gcr/test-system-prompt.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_system_prompt_CFLAGS) $(CFLAGS) -MT gcr/test_system_prompt-test-system-prompt.o -MD -MP -MF gcr/$(DEPDIR)/test_system_prompt-test-system-prompt.Tpo -c -o gcr/test_system_prompt-test-system-prompt.o `test -f 'gcr/test-system-prompt.c' || echo '$(srcdir)/'`gcr/test-system-prompt.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) gcr/$(DEPDIR)/test_system_prompt-test-system-prompt.Tpo gcr/$(DEPDIR)/test_system_prompt-test-system-prompt.Po @@ -111,10 +110,10 @@ diff -ur gcr-3.20.0.old/Makefile.in gcr-3.20.0/Makefile.in gcr/test_trust-test-trust.o: gcr/test-trust.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_trust_CFLAGS) $(CFLAGS) -MT gcr/test_trust-test-trust.o -MD -MP -MF gcr/$(DEPDIR)/test_trust-test-trust.Tpo -c -o gcr/test_trust-test-trust.o `test -f 'gcr/test-trust.c' || echo '$(srcdir)/'`gcr/test-trust.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) gcr/$(DEPDIR)/test_trust-test-trust.Tpo gcr/$(DEPDIR)/test_trust-test-trust.Po -@@ -5808,13 +5773,6 @@ - $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ - --log-file $$b.log --trs-file $$b.trs \ - $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ +@@ -5808,13 +5772,6 @@ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ - "$$tst" $(AM_TESTS_FD_REDIRECT) -test-system-prompt.log: test-system-prompt$(EXEEXT) - @p='test-system-prompt$(EXEEXT)'; \ @@ -122,6 +121,6 @@ diff -ur gcr-3.20.0.old/Makefile.in gcr-3.20.0/Makefile.in - $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ - --log-file $$b.log --trs-file $$b.trs \ - $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ - "$$tst" $(AM_TESTS_FD_REDIRECT) + "$$tst" $(AM_TESTS_FD_REDIRECT) .test.log: - @p='$<'; \ + @p='$<'; \ -- cgit v1.2.3 From 96bbc41f8be5e6bb8483f5ce596db47be271e9e8 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sat, 1 Jul 2017 21:14:30 +0200 Subject: gnu: python-pyopenssl: Update to 17.1.0. * gnu/packages/python.scm (python-pyopenssl, python2-pyopenssl): Update to 17.1.0. [source]: Remove patch. [native-inputs]: Add PYTHON-PRETEND. [arguments]<#:phases>: Disable the network test here instead of via a patch. Also disable one new test. * gnu/packages/patches/python-pyopenssl-skip-network-test.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - .../python-pyopenssl-skip-network-test.patch | 43 ---------------------- gnu/packages/python.scm | 19 +++++++--- 3 files changed, 13 insertions(+), 50 deletions(-) delete mode 100644 gnu/packages/patches/python-pyopenssl-skip-network-test.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 22df8dfdda..3b68a4d48c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -952,7 +952,6 @@ dist_patch_DATA = \ %D%/packages/patches/python-paste-remove-timing-test.patch \ %D%/packages/patches/python-pillow-freetype-2.7-test-failure.patch \ %D%/packages/patches/python-pygit2-disable-network-tests.patch \ - %D%/packages/patches/python-pyopenssl-skip-network-test.patch \ %D%/packages/patches/python-pycrypto-CVE-2013-7459.patch \ %D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \ %D%/packages/patches/python-pygpgme-fix-pinentry-tests.patch \ diff --git a/gnu/packages/patches/python-pyopenssl-skip-network-test.patch b/gnu/packages/patches/python-pyopenssl-skip-network-test.patch deleted file mode 100644 index 1ac7324c8b..0000000000 --- a/gnu/packages/patches/python-pyopenssl-skip-network-test.patch +++ /dev/null @@ -1,43 +0,0 @@ -This test tries connecting to an external server which is not supported -in the build environment. See discussion at: - -https://lists.gnu.org/archive/html/guix-devel/2016-12/msg00650.html - -diff --git a/tests/test_ssl.py b/tests/test_ssl.py -index ee849fd..60048b8 100644 ---- a/tests/test_ssl.py -+++ b/tests/test_ssl.py -@@ -1113,33 +1113,6 @@ class TestContext(object): - reason="set_default_verify_paths appears not to work on Windows. " - "See LP#404343 and LP#404344." - ) -- def test_set_default_verify_paths(self): -- """ -- `Context.set_default_verify_paths` causes the platform-specific CA -- certificate locations to be used for verification purposes. -- """ -- # Testing this requires a server with a certificate signed by one -- # of the CAs in the platform CA location. Getting one of those -- # costs money. Fortunately (or unfortunately, depending on your -- # perspective), it's easy to think of a public server on the -- # internet which has such a certificate. Connecting to the network -- # in a unit test is bad, but it's the only way I can think of to -- # really test this. -exarkun -- -- # Arg, verisign.com doesn't speak anything newer than TLS 1.0 -- context = Context(SSLv23_METHOD) -- context.set_default_verify_paths() -- context.set_verify( -- VERIFY_PEER, -- lambda conn, cert, errno, depth, preverify_ok: preverify_ok) -- -- client = socket() -- client.connect(("encrypted.google.com", 443)) -- clientSSL = Connection(context, client) -- clientSSL.set_connect_state() -- clientSSL.do_handshake() -- clientSSL.send(b"GET / HTTP/1.0\r\n\r\n") -- assert clientSSL.recv(1024) - - def test_add_extra_chain_cert_invalid_cert(self): - """ diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 5ddb82ed47..f34f2d39f6 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -7459,16 +7459,14 @@ message digests and key derivation functions.") (define-public python-pyopenssl (package (name "python-pyopenssl") - (version "17.0.0") + (version "17.1.0") (source (origin (method url-fetch) (uri (pypi-uri "pyOpenSSL" version)) (sha256 (base32 - "1pdg1gpmkzj8yasg6cmkhcivxcdp4c12nif88y4qvsxq5ffzxas8")) - (patches - (search-patches "python-pyopenssl-skip-network-test.patch")))) + "0qwmqhfsq84ydir9dz273ypmlcvs7v71m1jns0sd4k0h6lfsa82s")))) (build-system python-build-system) (arguments '(#:phases @@ -7477,14 +7475,23 @@ message digests and key derivation functions.") (add-after 'install 'check (lambda* (#:key inputs outputs #:allow-other-keys) (add-installed-pythonpath inputs outputs) - (zero? (system* "py.test" "-v"))))))) + (zero? (system* "py.test" "-v" "-k" + (string-append + ;; This test tries to look up certificates from + ;; the compiled-in default path in OpenSSL, which + ;; does not exist in the build environment. + "not test_fallback_default_verify_paths " + ;; This test attempts to make a connection to + ;; an external web service. + "and not test_set_default_verify_paths")))))))) (propagated-inputs `(("python-cryptography" ,python-cryptography) ("python-six" ,python-six))) (inputs `(("openssl" ,openssl))) (native-inputs - `(("python-pytest" ,python-pytest-3.0))) + `(("python-pretend" ,python-pretend) + ("python-pytest" ,python-pytest-3.0))) (home-page "https://github.com/pyca/pyopenssl") (synopsis "Python wrapper module around the OpenSSL library") (description -- cgit v1.2.3 From 0545e43a91c884f8dac07abad5a267e362b56d89 Mon Sep 17 00:00:00 2001 From: Arun Isaac Date: Mon, 3 Jul 2017 18:11:49 +0530 Subject: gnu: gajim: Update to 0.16.8. * gnu/packages/messaging.scm (gajim): Update to 0.16.8. [source]: Remove patch. * gnu/packages/patches/gajim-CVE-2016-10376.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/messaging.scm | 6 +-- gnu/packages/patches/gajim-CVE-2016-10376.patch | 57 ------------------------- 3 files changed, 2 insertions(+), 62 deletions(-) delete mode 100644 gnu/packages/patches/gajim-CVE-2016-10376.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index f9f18ec308..ecd80acda5 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -601,7 +601,6 @@ dist_patch_DATA = \ %D%/packages/patches/freetype-CVE-2017-8105.patch \ %D%/packages/patches/freetype-CVE-2017-8287.patch \ %D%/packages/patches/fuse-overlapping-headers.patch \ - %D%/packages/patches/gajim-CVE-2016-10376.patch \ %D%/packages/patches/gawk-shell.patch \ %D%/packages/patches/gcc-arm-bug-71399.patch \ %D%/packages/patches/gcc-arm-link-spec-fix.patch \ diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm index aefd24b849..827e9edee9 100644 --- a/gnu/packages/messaging.scm +++ b/gnu/packages/messaging.scm @@ -487,17 +487,15 @@ was initially a fork of xmpppy, but uses non-blocking sockets.") (define-public gajim (package (name "gajim") - (version "0.16.7") + (version "0.16.8") (source (origin (method url-fetch) (uri (string-append "https://gajim.org/downloads/" (version-major+minor version) "/gajim-" version ".tar.bz2")) - (patches - (search-patches "gajim-CVE-2016-10376.patch")) (sha256 (base32 - "13sxz0hpvyj2yvcbsfqq9yn0hp1d1zsxsj40r0v16jlibha5da9n")))) + "0ckakdjg30fsyjsgyy2573x9nmjivdg76y049l86wns5axw8im26")))) (build-system gnu-build-system) (arguments `(#:phases diff --git a/gnu/packages/patches/gajim-CVE-2016-10376.patch b/gnu/packages/patches/gajim-CVE-2016-10376.patch deleted file mode 100644 index 591dd1af21..0000000000 --- a/gnu/packages/patches/gajim-CVE-2016-10376.patch +++ /dev/null @@ -1,57 +0,0 @@ -Fix CVE-2016-10376. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10376 -http://seclists.org/oss-sec/2017/q2/341 -https://dev.gajim.org/gajim/gajim/issues/8378 - -Patch copied from upstream source repository: - -https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc - -(adapted for context in config.py) - -From cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc Mon Sep 17 00:00:00 2001 -From: Philipp Hörist -Date: Fri, 26 May 2017 23:10:05 +0200 -Subject: [PATCH] Add config option to activate XEP-0146 commands - -Some of the Commands have security implications, thats why we disable them per default -Fixes #8378 ---- - src/common/commands.py | 7 ++++--- - src/common/config.py | 1 + - 2 files changed, 5 insertions(+), 3 deletions(-) - -diff --git a/src/common/commands.py b/src/common/commands.py -index 19d8c13..0eeb57c 100644 ---- a/src/common/commands.py -+++ b/src/common/commands.py -@@ -345,9 +345,10 @@ class ConnectionCommands: - def __init__(self): - # a list of all commands exposed: node -> command class - self.__commands = {} -- for cmdobj in (ChangeStatusCommand, ForwardMessagesCommand, -- LeaveGroupchatsCommand, FwdMsgThenDisconnectCommand): -- self.__commands[cmdobj.commandnode] = cmdobj -+ if gajim.config.get('remote_commands'): -+ for cmdobj in (ChangeStatusCommand, ForwardMessagesCommand, -+ LeaveGroupchatsCommand, FwdMsgThenDisconnectCommand): -+ self.__commands[cmdobj.commandnode] = cmdobj - - # a list of sessions; keys are tuples (jid, sessionid, node) - self.__sessions = {} -diff --git a/src/common/config.py b/src/common/config.py -index cde1f81..fe25455 100644 ---- a/src/common/config.py -+++ b/src/common/config.py -@@ -314,6 +314,7 @@ class Config: - 'ignore_incoming_attention': [opt_bool, False, _('If True, Gajim will ignore incoming attention requestd ("wizz").')], - 'remember_opened_chat_controls': [ opt_bool, True, _('If enabled, Gajim will reopen chat windows that were opened last time Gajim was closed.')], - 'positive_184_ack': [ opt_bool, False, _('If enabled, Gajim will show an icon to show that sent message has been received by your contact')], -+ 'remote_commands': [opt_bool, False, _('If True, Gajim will execute XEP-0146 Commands.')], - }, {}) - - __options_per_key = { --- -libgit2 0.24.0 - -- cgit v1.2.3 From ce7e361fa30d3dbe5c1da35f52dade2eb829aed7 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Tue, 4 Jul 2017 15:21:33 +0300 Subject: gnu: gemma: Fix building on non-Intel architectures. * gnu/packages/patches/gemma-intel-compat.patch: New file. * gnu/packages/bioinformatics.scm (gemma)[source]: Add patch. [arguments]: Add NO_INTEL_COMPAT flag on non-Intel architectures. * gnu/local.mk (dist_patch_DATA): Register patch. --- gnu/local.mk | 1 + gnu/packages/bioinformatics.scm | 19 +++++++----- gnu/packages/patches/gemma-intel-compat.patch | 44 +++++++++++++++++++++++++++ 3 files changed, 56 insertions(+), 8 deletions(-) create mode 100644 gnu/packages/patches/gemma-intel-compat.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index ecd80acda5..8dbce7c052 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -622,6 +622,7 @@ dist_patch_DATA = \ %D%/packages/patches/gd-freetype-test-failure.patch \ %D%/packages/patches/gd-php-73968-Fix-109-XBM-reading.patch \ %D%/packages/patches/gegl-CVE-2012-4433.patch \ + %D%/packages/patches/gemma-intel-compat.patch \ %D%/packages/patches/geoclue-config.patch \ %D%/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch \ %D%/packages/patches/ghostscript-CVE-2013-5653.patch \ diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm index 0ff0bbb9e3..55c2975a1e 100644 --- a/gnu/packages/bioinformatics.scm +++ b/gnu/packages/bioinformatics.scm @@ -4,7 +4,7 @@ ;;; Copyright © 2015, 2016 Pjotr Prins ;;; Copyright © 2015 Andreas Enge ;;; Copyright © 2016 Roel Janssen -;;; Copyright © 2016 Efraim Flashner +;;; Copyright © 2016, 2017 Efraim Flashner ;;; Copyright © 2016 Marius Bakke ;;; Copyright © 2016 Raoul Bonnal ;;; @@ -99,7 +99,7 @@ #:use-module (gnu packages xml) #:use-module (gnu packages xorg) #:use-module (srfi srfi-1) - #:use-module (srfi srfi-26)) + #:use-module (ice-9 match)) (define-public r-ape (package @@ -2719,7 +2719,8 @@ comment or quality sections.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "055ynn16gd12pf78n4vr2a9jlwsbwzajpdnf2y2yilg1krfff222")))) + "055ynn16gd12pf78n4vr2a9jlwsbwzajpdnf2y2yilg1krfff222")) + (patches (search-patches "gemma-intel-compat.patch")))) (inputs `(("gsl" ,gsl) ("lapack" ,lapack) @@ -2727,11 +2728,13 @@ comment or quality sections.") (build-system gnu-build-system) (arguments `(#:make-flags - '(,@(if (any (cute string-prefix? <> (or (%current-system) - (%current-target-system))) - '("x86_64" "mips64el" "aarch64")) - '("FORCE_DYNAMIC=1") ; use shared libs - '("FORCE_DYNAMIC=1" "FORCE_32BIT=1"))) + '(,@(match (%current-system) + ("x86_64-linux" + '("FORCE_DYNAMIC=1")) + ("i686-linux" + '("FORCE_DYNAMIC=1" "FORCE_32BIT=1")) + (_ + '("FORCE_DYNAMIC=1" "NO_INTEL_COMPAT=1")))) #:phases (modify-phases %standard-phases (delete 'configure) diff --git a/gnu/packages/patches/gemma-intel-compat.patch b/gnu/packages/patches/gemma-intel-compat.patch new file mode 100644 index 0000000000..f12ec56d9b --- /dev/null +++ b/gnu/packages/patches/gemma-intel-compat.patch @@ -0,0 +1,44 @@ +From da1ed24209121f7b0f03f360b1029d7125a38e70 Mon Sep 17 00:00:00 2001 +From: Efraim Flashner +Date: Tue, 4 Jul 2017 12:44:53 +0300 +Subject: [PATCH] Add NO_INTEL_COMPAT flag to Makefile. + +see also: https://github.com/xiangzhou/GEMMA/pull/47 + +--- + Makefile | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/Makefile b/Makefile +index 5bb8748..712b1ad 100644 +--- a/Makefile ++++ b/Makefile +@@ -11,6 +11,7 @@ + SYS = LNX + # Leave blank after "=" to disable; put "= 1" to enable + WITH_LAPACK = 1 ++NO_INTEL_COMPAT = + FORCE_32BIT = + FORCE_DYNAMIC = + DIST_NAME = gemma-0.96 +@@ -64,10 +65,13 @@ endif + HDR += $(SRC_DIR)/lapack.h + endif + +-ifdef FORCE_32BIT +- CPPFLAGS += -m32 +-else +- CPPFLAGS += -m64 ++ifdef NO_INTEL_COMPAT ++ else ++ ifdef FORCE_32BIT ++ CPPFLAGS += -m32 ++ else ++ CPPFLAGS += -m64 ++ endif + endif + + ifdef FORCE_DYNAMIC +-- +2.13.2 + -- cgit v1.2.3 From ab104672e15572ff5586ea607b1762e5dc35b2aa Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Thu, 6 Jul 2017 15:28:07 -0400 Subject: gnu: xorg-server: Fix CVE-2017-{10971,10972}. * gnu/packages/patches/xorg-server-CVE-2017-10971.patch, gnu/packages/patches/xorg-server-CVE-2017-10972.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/xorg.scm (xorg-server)[source]: Use them. Signed-off-by: Leo Famulari --- gnu/local.mk | 2 + .../patches/xorg-server-CVE-2017-10971.patch | 153 +++++++++++++++++++++ .../patches/xorg-server-CVE-2017-10972.patch | 35 +++++ gnu/packages/xorg.scm | 5 +- 4 files changed, 194 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/xorg-server-CVE-2017-10971.patch create mode 100644 gnu/packages/patches/xorg-server-CVE-2017-10972.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 8dbce7c052..bccdd166f8 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1081,6 +1081,8 @@ dist_patch_DATA = \ %D%/packages/patches/xinetd-fix-fd-leak.patch \ %D%/packages/patches/xinetd-CVE-2013-4342.patch \ %D%/packages/patches/xmodmap-asprintf.patch \ + %D%/packages/patches/xorg-server-CVE-2017-10971.patch \ + %D%/packages/patches/xorg-server-CVE-2017-10972.patch \ %D%/packages/patches/libyaml-CVE-2014-9130.patch \ %D%/packages/patches/zathura-plugindir-environment-variable.patch \ %D%/packages/patches/zziplib-CVE-2017-5974.patch \ diff --git a/gnu/packages/patches/xorg-server-CVE-2017-10971.patch b/gnu/packages/patches/xorg-server-CVE-2017-10971.patch new file mode 100644 index 0000000000..2696033e58 --- /dev/null +++ b/gnu/packages/patches/xorg-server-CVE-2017-10971.patch @@ -0,0 +1,153 @@ +From 215f894965df5fb0bb45b107d84524e700d2073c Mon Sep 17 00:00:00 2001 +From: Michal Srb +Date: Wed, 24 May 2017 15:54:40 +0300 +Subject: dix: Disallow GenericEvent in SendEvent request. + +The SendEvent request holds xEvent which is exactly 32 bytes long, no more, +no less. Both ProcSendEvent and SProcSendEvent verify that the received data +exactly match the request size. However nothing stops the client from passing +in event with xEvent::type = GenericEvent and any value of +xGenericEvent::length. + +In the case of ProcSendEvent, the event will be eventually passed to +WriteEventsToClient which will see that it is Generic event and copy the +arbitrary length from the receive buffer (and possibly past it) and send it to +the other client. This allows clients to copy unitialized heap memory out of X +server or to crash it. + +In case of SProcSendEvent, it will attempt to swap the incoming event by +calling a swapping function from the EventSwapVector array. The swapped event +is written to target buffer, which in this case is local xEvent variable. The +xEvent variable is 32 bytes long, but the swapping functions for GenericEvents +expect that the target buffer has size matching the size of the source +GenericEvent. This allows clients to cause stack buffer overflows. + +Signed-off-by: Michal Srb +Reviewed-by: Peter Hutterer +Signed-off-by: Peter Hutterer + +diff --git a/dix/events.c b/dix/events.c +index 3e3a01e..d3a33ea 100644 +--- a/dix/events.c ++++ b/dix/events.c +@@ -5366,6 +5366,12 @@ ProcSendEvent(ClientPtr client) + client->errorValue = stuff->event.u.u.type; + return BadValue; + } ++ /* Generic events can have variable size, but SendEvent request holds ++ exactly 32B of event data. */ ++ if (stuff->event.u.u.type == GenericEvent) { ++ client->errorValue = stuff->event.u.u.type; ++ return BadValue; ++ } + if (stuff->event.u.u.type == ClientMessage && + stuff->event.u.u.detail != 8 && + stuff->event.u.u.detail != 16 && stuff->event.u.u.detail != 32) { +diff --git a/dix/swapreq.c b/dix/swapreq.c +index 719e9b8..6785059 100644 +--- a/dix/swapreq.c ++++ b/dix/swapreq.c +@@ -292,6 +292,13 @@ SProcSendEvent(ClientPtr client) + swapl(&stuff->destination); + swapl(&stuff->eventMask); + ++ /* Generic events can have variable size, but SendEvent request holds ++ exactly 32B of event data. */ ++ if (stuff->event.u.u.type == GenericEvent) { ++ client->errorValue = stuff->event.u.u.type; ++ return BadValue; ++ } ++ + /* Swap event */ + proc = EventSwapVector[stuff->event.u.u.type & 0177]; + if (!proc || proc == NotImplemented) /* no swapping proc; invalid event type? */ +-- +cgit v0.10.2 + +From 8caed4df36b1f802b4992edcfd282cbeeec35d9d Mon Sep 17 00:00:00 2001 +From: Michal Srb +Date: Wed, 24 May 2017 15:54:41 +0300 +Subject: Xi: Verify all events in ProcXSendExtensionEvent. + +The requirement is that events have type in range +EXTENSION_EVENT_BASE..lastEvent, but it was tested +only for first event of all. + +Signed-off-by: Michal Srb +Reviewed-by: Peter Hutterer +Signed-off-by: Peter Hutterer + +diff --git a/Xi/sendexev.c b/Xi/sendexev.c +index 1cf118a..5e63bfc 100644 +--- a/Xi/sendexev.c ++++ b/Xi/sendexev.c +@@ -117,7 +117,7 @@ SProcXSendExtensionEvent(ClientPtr client) + int + ProcXSendExtensionEvent(ClientPtr client) + { +- int ret; ++ int ret, i; + DeviceIntPtr dev; + xEvent *first; + XEventClass *list; +@@ -141,10 +141,12 @@ ProcXSendExtensionEvent(ClientPtr client) + /* The client's event type must be one defined by an extension. */ + + first = ((xEvent *) &stuff[1]); +- if (!((EXTENSION_EVENT_BASE <= first->u.u.type) && +- (first->u.u.type < lastEvent))) { +- client->errorValue = first->u.u.type; +- return BadValue; ++ for (i = 0; i < stuff->num_events; i++) { ++ if (!((EXTENSION_EVENT_BASE <= first[i].u.u.type) && ++ (first[i].u.u.type < lastEvent))) { ++ client->errorValue = first[i].u.u.type; ++ return BadValue; ++ } + } + + list = (XEventClass *) (first + stuff->num_events); +-- +cgit v0.10.2 + +From ba336b24052122b136486961c82deac76bbde455 Mon Sep 17 00:00:00 2001 +From: Michal Srb +Date: Wed, 24 May 2017 15:54:42 +0300 +Subject: Xi: Do not try to swap GenericEvent. + +The SProcXSendExtensionEvent must not attempt to swap GenericEvent because +it is assuming that the event has fixed size and gives the swapping function +xEvent-sized buffer. + +A GenericEvent would be later rejected by ProcXSendExtensionEvent anyway. + +Signed-off-by: Michal Srb +Reviewed-by: Peter Hutterer +Signed-off-by: Peter Hutterer + +diff --git a/Xi/sendexev.c b/Xi/sendexev.c +index 5e63bfc..5c2e0fc 100644 +--- a/Xi/sendexev.c ++++ b/Xi/sendexev.c +@@ -95,9 +95,17 @@ SProcXSendExtensionEvent(ClientPtr client) + + eventP = (xEvent *) &stuff[1]; + for (i = 0; i < stuff->num_events; i++, eventP++) { ++ if (eventP->u.u.type == GenericEvent) { ++ client->errorValue = eventP->u.u.type; ++ return BadValue; ++ } ++ + proc = EventSwapVector[eventP->u.u.type & 0177]; +- if (proc == NotImplemented) /* no swapping proc; invalid event type? */ ++ /* no swapping proc; invalid event type? */ ++ if (proc == NotImplemented) { ++ client->errorValue = eventP->u.u.type; + return BadValue; ++ } + (*proc) (eventP, &eventT); + *eventP = eventT; + } +-- +cgit v0.10.2 + diff --git a/gnu/packages/patches/xorg-server-CVE-2017-10972.patch b/gnu/packages/patches/xorg-server-CVE-2017-10972.patch new file mode 100644 index 0000000000..f24e9c0ae6 --- /dev/null +++ b/gnu/packages/patches/xorg-server-CVE-2017-10972.patch @@ -0,0 +1,35 @@ +From 05442de962d3dc624f79fc1a00eca3ffc5489ced Mon Sep 17 00:00:00 2001 +From: Michal Srb +Date: Wed, 24 May 2017 15:54:39 +0300 +Subject: Xi: Zero target buffer in SProcXSendExtensionEvent. + +Make sure that the xEvent eventT is initialized with zeros, the same way as +in SProcSendEvent. + +Some event swapping functions do not overwrite all 32 bytes of xEvent +structure, for example XSecurityAuthorizationRevoked. Two cooperating +clients, one swapped and the other not, can send +XSecurityAuthorizationRevoked event to each other to retrieve old stack data +from X server. This can be potentialy misused to go around ASLR or +stack-protector. + +Signed-off-by: Michal Srb +Reviewed-by: Peter Hutterer +Signed-off-by: Peter Hutterer + +diff --git a/Xi/sendexev.c b/Xi/sendexev.c +index 11d8202..1cf118a 100644 +--- a/Xi/sendexev.c ++++ b/Xi/sendexev.c +@@ -78,7 +78,7 @@ SProcXSendExtensionEvent(ClientPtr client) + { + CARD32 *p; + int i; +- xEvent eventT; ++ xEvent eventT = { .u.u.type = 0 }; + xEvent *eventP; + EventSwapPtr proc; + +-- +cgit v0.10.2 + diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm index 7b1d00f477..6adf2e2fc0 100644 --- a/gnu/packages/xorg.scm +++ b/gnu/packages/xorg.scm @@ -5000,7 +5000,10 @@ over Xlib, including: name "-" version ".tar.bz2")) (sha256 (base32 - "162s1v901djr57gxmmk4airk8hiwcz79dqyz72972x1lw1k82yk7")))) + "162s1v901djr57gxmmk4airk8hiwcz79dqyz72972x1lw1k82yk7")) + (patches + (search-patches "xorg-server-CVE-2017-10971.patch" + "xorg-server-CVE-2017-10972.patch")))) (build-system gnu-build-system) (propagated-inputs `(("dri2proto" ,dri2proto) -- cgit v1.2.3 From dab536fe1ae5a8775a2b50fa50556445b6ac7818 Mon Sep 17 00:00:00 2001 From: Alex Vong Date: Thu, 6 Jul 2017 23:55:01 -0400 Subject: gnu: libtiff: Fix CVE-2017-{9936,10688}. * gnu/packages/patches/libtiff-CVE-2017-9936.patch, gnu/packages/patches/libtiff-CVE-2017-10688.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/image.scm (libtiff-4.0.8)[source]: Use them. Signed-off-by: Leo Famulari --- gnu/local.mk | 2 + gnu/packages/image.scm | 4 +- gnu/packages/patches/libtiff-CVE-2016-10688.patch | 92 +++++++++++++++++++++++ gnu/packages/patches/libtiff-CVE-2017-9936.patch | 47 ++++++++++++ 4 files changed, 144 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/libtiff-CVE-2016-10688.patch create mode 100644 gnu/packages/patches/libtiff-CVE-2017-9936.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index bccdd166f8..6f6db6d0ad 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -765,7 +765,9 @@ dist_patch_DATA = \ %D%/packages/patches/libtiff-CVE-2016-10092.patch \ %D%/packages/patches/libtiff-CVE-2016-10093.patch \ %D%/packages/patches/libtiff-CVE-2016-10094.patch \ + %D%/packages/patches/libtiff-CVE-2016-10688.patch \ %D%/packages/patches/libtiff-CVE-2017-5225.patch \ + %D%/packages/patches/libtiff-CVE-2017-9936.patch \ %D%/packages/patches/libtiff-assertion-failure.patch \ %D%/packages/patches/libtiff-divide-by-zero-ojpeg.patch \ %D%/packages/patches/libtiff-divide-by-zero-tiffcp.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 8a03cbc3c7..fe9d2d5b13 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -391,7 +391,9 @@ collection of tools for doing simple manipulations of TIFF images.") (method url-fetch) (uri (string-append "ftp://download.osgeo.org/libtiff/tiff-" version ".tar.gz")) - (patches (search-patches "libtiff-tiffgetfield-bugs.patch")) + (patches (search-patches "libtiff-tiffgetfield-bugs.patch" + "libtiff-CVE-2016-10688.patch" + "libtiff-CVE-2017-9936.patch")) (sha256 (base32 "0419mh6kkhz5fkyl77gv0in8x4d2jpdpfs147y8mj86rrjlabmsr")))))) diff --git a/gnu/packages/patches/libtiff-CVE-2016-10688.patch b/gnu/packages/patches/libtiff-CVE-2016-10688.patch new file mode 100644 index 0000000000..1630274c61 --- /dev/null +++ b/gnu/packages/patches/libtiff-CVE-2016-10688.patch @@ -0,0 +1,92 @@ +Fix CVE-2017-10688: + +http://bugzilla.maptools.org/show_bug.cgi?id=2712 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10688 +https://security-tracker.debian.org/tracker/CVE-2017-10688 + +Patch lifted from upstream source repository (the changes to 'ChangeLog' +don't apply to the libtiff 4.0.8 release tarball). + +3rd party Git reference: + +https://github.com/vadz/libtiff/commit/6173a57d39e04d68b139f8c1aa499a24dbe74ba1 + +2017-06-30 Even Rouault + + * libtiff/tif_dirwrite.c: in TIFFWriteDirectoryTagCheckedXXXX() + functions associated with LONG8/SLONG8 data type, replace assertion +that + the file is BigTIFF, by a non-fatal error. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2712 + Reported by team OWL337 + + + +/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog +new revision: 1.1259; previous revision: 1.1258 +/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirwrite.c,v <-- +libtiff/tif_dirwrite.c +new revision: 1.86; previous revision: 1.85 + +Index: libtiff/libtiff/tif_dirwrite.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirwrite.c,v +retrieving revision 1.85 +retrieving revision 1.86 +diff -u -r1.85 -r1.86 +--- libtiff/libtiff/tif_dirwrite.c 11 Jan 2017 16:09:02 -0000 1.85 ++++ libtiff/libtiff/tif_dirwrite.c 30 Jun 2017 17:29:44 -0000 1.86 +@@ -1,4 +1,4 @@ +-/* $Id: tif_dirwrite.c,v 1.85 2017-01-11 16:09:02 erouault Exp $ */ ++/* $Id: tif_dirwrite.c,v 1.86 2017-06-30 17:29:44 erouault Exp $ */ + + /* + * Copyright (c) 1988-1997 Sam Leffler +@@ -2111,7 +2111,10 @@ + { + uint64 m; + assert(sizeof(uint64)==8); +- assert(tif->tif_flags&TIFF_BIGTIFF); ++ if( !(tif->tif_flags&TIFF_BIGTIFF) ) { ++ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","LONG8 not allowed for ClassicTIFF"); ++ return(0); ++ } + m=value; + if (tif->tif_flags&TIFF_SWAB) + TIFFSwabLong8(&m); +@@ -2124,7 +2127,10 @@ + { + assert(count<0x20000000); + assert(sizeof(uint64)==8); +- assert(tif->tif_flags&TIFF_BIGTIFF); ++ if( !(tif->tif_flags&TIFF_BIGTIFF) ) { ++ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","LONG8 not allowed for ClassicTIFF"); ++ return(0); ++ } + if (tif->tif_flags&TIFF_SWAB) + TIFFSwabArrayOfLong8(value,count); + return(TIFFWriteDirectoryTagData(tif,ndir,dir,tag,TIFF_LONG8,count,count*8,value)); +@@ -2136,7 +2142,10 @@ + { + int64 m; + assert(sizeof(int64)==8); +- assert(tif->tif_flags&TIFF_BIGTIFF); ++ if( !(tif->tif_flags&TIFF_BIGTIFF) ) { ++ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","SLONG8 not allowed for ClassicTIFF"); ++ return(0); ++ } + m=value; + if (tif->tif_flags&TIFF_SWAB) + TIFFSwabLong8((uint64*)(&m)); +@@ -2149,7 +2158,10 @@ + { + assert(count<0x20000000); + assert(sizeof(int64)==8); +- assert(tif->tif_flags&TIFF_BIGTIFF); ++ if( !(tif->tif_flags&TIFF_BIGTIFF) ) { ++ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","SLONG8 not allowed for ClassicTIFF"); ++ return(0); ++ } + if (tif->tif_flags&TIFF_SWAB) + TIFFSwabArrayOfLong8((uint64*)value,count); + return(TIFFWriteDirectoryTagData(tif,ndir,dir,tag,TIFF_SLONG8,count,count*8,value)); diff --git a/gnu/packages/patches/libtiff-CVE-2017-9936.patch b/gnu/packages/patches/libtiff-CVE-2017-9936.patch new file mode 100644 index 0000000000..fbdbcd0f0b --- /dev/null +++ b/gnu/packages/patches/libtiff-CVE-2017-9936.patch @@ -0,0 +1,47 @@ +Fix CVE-2017-9936: + +http://bugzilla.maptools.org/show_bug.cgi?id=2706 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9936 +https://security-tracker.debian.org/tracker/CVE-2017-9936 + +Patch lifted from upstream source repository (the changes to 'ChangeLog' +don't apply to the libtiff 4.0.8 release tarball). + +3rd party Git reference: + +https://github.com/vadz/libtiff/commit/fe8d7165956b88df4837034a9161dc5fd20cf67a + +2017-06-26 Even Rouault + + * libtiff/tif_jbig.c: fix memory leak in error code path of +JBIGDecode() + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2706 + Reported by team OWL337 + +/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog +new revision: 1.1254; previous revision: 1.1253 +/cvs/maptools/cvsroot/libtiff/libtiff/tif_jbig.c,v <-- libtiff/tif_jbig.c +new revision: 1.16; previous revision: 1.15 + +Index: libtiff/libtiff/tif_jbig.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_jbig.c,v +retrieving revision 1.15 +retrieving revision 1.16 +diff -u -r1.15 -r1.16 +--- libtiff/libtiff/tif_jbig.c 10 Mar 2010 18:56:48 -0000 1.15 ++++ libtiff/libtiff/tif_jbig.c 26 Jun 2017 15:20:00 -0000 1.16 +@@ -1,4 +1,4 @@ +-/* $Id: tif_jbig.c,v 1.15 2010-03-10 18:56:48 bfriesen Exp $ */ ++/* $Id: tif_jbig.c,v 1.16 2017-06-26 15:20:00 erouault Exp $ */ + + /* + * Copyright (c) 1988-1997 Sam Leffler +@@ -94,6 +94,7 @@ + jbg_strerror(decodeStatus) + #endif + ); ++ jbg_dec_free(&decoder); + return 0; + } + -- cgit v1.2.3 From d28f90bed95e63f7c066e242549aa25a09276750 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Fri, 7 Jul 2017 18:28:45 +0200 Subject: gnu: python-pyopenssl: Fix test failure on 32-bit platforms. * gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/python.scm (python-pyopenssl)[source]: Use it. --- gnu/local.mk | 1 + .../python-pyopenssl-17.1.0-test-overflow.patch | 36 ++++++++++++++++++++++ gnu/packages/python.scm | 2 ++ 3 files changed, 39 insertions(+) create mode 100644 gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 6f6db6d0ad..8e4af46428 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -958,6 +958,7 @@ dist_patch_DATA = \ %D%/packages/patches/python-pycrypto-CVE-2013-7459.patch \ %D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \ %D%/packages/patches/python-pygpgme-fix-pinentry-tests.patch \ + %D%/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch \ %D%/packages/patches/python2-subprocess32-disable-input-test.patch \ %D%/packages/patches/qemu-CVE-2017-7493.patch \ %D%/packages/patches/qemu-CVE-2017-8112.patch \ diff --git a/gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch b/gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch new file mode 100644 index 0000000000..06b2f4fe03 --- /dev/null +++ b/gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch @@ -0,0 +1,36 @@ +Resolves a test failure on 32-bit platforms. + +https://github.com/pyca/pyopenssl/issues/657 + +Patch copied from upstream source repository: + +https://github.com/pyca/pyopenssl/commit/ecc0325479c0d5c5f2ca88b4550e87cdb59d6c95 + +From ecc0325479c0d5c5f2ca88b4550e87cdb59d6c95 Mon Sep 17 00:00:00 2001 +From: Alex Gaynor +Date: Thu, 6 Jul 2017 22:14:44 -0400 +Subject: [PATCH] Fixed #657 -- handle OverflowErrors on large allocation + requests + +--- + tests/test_rand.py | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/tests/test_rand.py b/tests/test_rand.py +index bdd3af08..6adf72a1 100644 +--- a/tests/test_rand.py ++++ b/tests/test_rand.py +@@ -32,10 +32,10 @@ def test_bytes_wrong_args(self, args): + + def test_insufficient_memory(self): + """ +- `OpenSSL.rand.bytes` raises `MemoryError` if more bytes are requested +- than will fit in memory. ++ `OpenSSL.rand.bytes` raises `MemoryError` or `OverflowError` if more ++ bytes are requested than will fit in memory. + """ +- with pytest.raises(MemoryError): ++ with pytest.raises((MemoryError, OverflowError)): + rand.bytes(sys.maxsize) + + def test_bytes(self): diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 2a7b517e22..d110a1cb32 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -7464,6 +7464,8 @@ message digests and key derivation functions.") (origin (method url-fetch) (uri (pypi-uri "pyOpenSSL" version)) + (patches + (search-patches "python-pyopenssl-17.1.0-test-overflow.patch")) (sha256 (base32 "0qwmqhfsq84ydir9dz273ypmlcvs7v71m1jns0sd4k0h6lfsa82s")))) -- cgit v1.2.3 From 4732e6ee84fea4e58b8a62cad054b10966f4f6e6 Mon Sep 17 00:00:00 2001 From: Ben Woodcroft Date: Mon, 3 Jul 2017 23:00:14 +1000 Subject: gnu: blast+: Update to 2.6.0. * gnu/packages/bioinformatics.scm (blast+): Update to 2.6.0. [origin]: Remove bundled pcre. Add patch. [arguments]: Replace paths in run_with_lock.c. Configure with pcre. [inputs]: Add pcre, perl, python. * gnu/packages/patches/blast+-fix-makefile.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/bioinformatics.scm | 25 ++++++++++++++++--------- gnu/packages/patches/blast+-fix-makefile.patch | 15 +++++++++++++++ 3 files changed, 32 insertions(+), 9 deletions(-) create mode 100644 gnu/packages/patches/blast+-fix-makefile.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 8e4af46428..1bcd790f26 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -522,6 +522,7 @@ dist_patch_DATA = \ %D%/packages/patches/binutils-ld-new-dtags.patch \ %D%/packages/patches/binutils-loongson-workaround.patch \ %D%/packages/patches/binutils-mips-bash-bug.patch \ + %D%/packages/patches/blast+-fix-makefile.patch \ %D%/packages/patches/byobu-writable-status.patch \ %D%/packages/patches/cairo-CVE-2016-9082.patch \ %D%/packages/patches/calibre-drop-unrar.patch \ diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm index 1dc5ffac3c..55c2975a1e 100644 --- a/gnu/packages/bioinformatics.scm +++ b/gnu/packages/bioinformatics.scm @@ -956,7 +956,7 @@ package provides command line tools using the Bio++ library.") (define-public blast+ (package (name "blast+") - (version "2.4.0") + (version "2.6.0") (source (origin (method url-fetch) (uri (string-append @@ -964,13 +964,15 @@ package provides command line tools using the Bio++ library.") version "/ncbi-blast-" version "+-src.tar.gz")) (sha256 (base32 - "14n9jik6vhiwjd3m7bach4xj1pzfn0szbsbyfxybd9l9cc43b6mb")) + "15n937pw5aqmyfjb6l387d18grqbb96l63d5xj4l7yyh0zbf2405")) + (patches (search-patches "blast+-fix-makefile.patch")) (modules '((guix build utils))) (snippet '(begin - ;; Remove bundled bzip2 and zlib + ;; Remove bundled bzip2, zlib and pcre. (delete-file-recursively "c++/src/util/compress/bzip2") (delete-file-recursively "c++/src/util/compress/zlib") + (delete-file-recursively "c++/src/util/regexp") (substitute* "c++/src/util/compress/Makefile.in" (("bzip2 zlib api") "api")) ;; Remove useless msbuild directory @@ -979,9 +981,8 @@ package provides command line tools using the Bio++ library.") #t)))) (build-system gnu-build-system) (arguments - `(;; There are three(!) tests for this massive library, and all fail with + `(;; There are two(!) tests for this massive library, and both fail with ;; "unparsable timing stats". - ;; ERR [127] -- [util/regexp] test_pcre.sh (unparsable timing stats) ;; ERR [127] -- [serial/datatool] datatool.sh (unparsable timing stats) ;; ERR [127] -- [serial/datatool] datatool_xml.sh (unparsable timing stats) #:tests? #f @@ -1014,6 +1015,7 @@ package provides command line tools using the Bio++ library.") ;; Rewrite hardcoded paths to various tools (substitute* (append '("src/build-system/configure.ac" "src/build-system/configure" + "src/build-system/helpers/run_with_lock.c" "scripts/common/impl/if_diff.sh" "scripts/common/impl/run_with_lock.sh" "src/build-system/Makefile.configurables.real" @@ -1062,17 +1064,22 @@ package provides command line tools using the Bio++ library.") (assoc-ref inputs "bzip2")) (string-append "--with-z=" (assoc-ref inputs "zlib")) + (string-append "--with-pcre=" + (assoc-ref inputs "pcre")) ;; Each library is built twice by default, once ;; with "-static" in its name, and again ;; without. "--without-static" "--with-dll")))))))) - (outputs '("out" ; 19 MB - "lib" ; 203 MB - "include")) ; 32 MB + (outputs '("out" ; 21 MB + "lib" ; 226 MB + "include")) ; 33 MB (inputs `(("bzip2" ,bzip2) - ("zlib" ,zlib))) + ("zlib" ,zlib) + ("pcre" ,pcre) + ("perl" ,perl) + ("python" ,python-wrapper))) (native-inputs `(("cpio" ,cpio))) (home-page "http://blast.ncbi.nlm.nih.gov") diff --git a/gnu/packages/patches/blast+-fix-makefile.patch b/gnu/packages/patches/blast+-fix-makefile.patch new file mode 100644 index 0000000000..bfa46a7e51 --- /dev/null +++ b/gnu/packages/patches/blast+-fix-makefile.patch @@ -0,0 +1,15 @@ +Without this patch, the 'make install' attempts to 'install' a directory, which causes an error. + +diff --git a/c++/src/build-system/Makefile.in.top b/c++/src/build-system/Makefile.in.top +index 1abe44f..d6000b3 100644 +--- a/c++/src/build-system/Makefile.in.top ++++ b/c++/src/build-system/Makefile.in.top +@@ -51,7 +51,7 @@ install-toolkit: + done + cd $(includedir0) && find * -name CVS -prune -o -print |\ + cpio -pd $(pincludedir) +- $(INSTALL) -m 644 $(incdir)/* $(pincludedir) ++ cp -R $(incdir)/* $(pincludedir) + ## set up appropriate build and status directories somewhere under $(libdir)? + + install-gbench: -- cgit v1.2.3 From b3cc304b3050e89858c88947fbd7d76c108b5d67 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sun, 9 Jul 2017 02:11:33 -0400 Subject: gnu: poppler: Use an ABI-compatible replacement to fix CVE-2017-9776. This is a followup to commit 95bbaa02aa63bc5eae36f686f1ed9915663aa4cf. See for more information. Poppler 0.56.0's ABI is not compatible with Poppler 0.52.0, so it's not possible to graft the newer version in place of the older one. This change leaves CVE-2017-9775 unfixed for now. * gnu/packages/patches/poppler-CVE-2017-9776.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/pdf.scm (poppler-0.56.0): Replace with ... (poppler/fixed): ... new variable. (poppler)[replacement]: Replaced with poppler/fixed. --- gnu/local.mk | 1 + gnu/packages/patches/poppler-CVE-2017-9776.patch | 34 ++++++++++++++++++++++++ gnu/packages/pdf.scm | 13 +++------ 3 files changed, 39 insertions(+), 9 deletions(-) create mode 100644 gnu/packages/patches/poppler-CVE-2017-9776.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 1bcd790f26..20c78af072 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -913,6 +913,7 @@ dist_patch_DATA = \ %D%/packages/patches/plotutils-libpng-jmpbuf.patch \ %D%/packages/patches/polkit-drop-test.patch \ %D%/packages/patches/policycoreutils-make-sepolicy-use-python3.patch \ + %D%/packages/patches/poppler-CVE-2017-9776.patch \ %D%/packages/patches/portaudio-audacity-compat.patch \ %D%/packages/patches/portmidi-modular-build.patch \ %D%/packages/patches/procmail-ambiguous-getline-debian.patch \ diff --git a/gnu/packages/patches/poppler-CVE-2017-9776.patch b/gnu/packages/patches/poppler-CVE-2017-9776.patch new file mode 100644 index 0000000000..17a2807171 --- /dev/null +++ b/gnu/packages/patches/poppler-CVE-2017-9776.patch @@ -0,0 +1,34 @@ +Fix CVE-2017-9776: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776 +https://bugs.freedesktop.org/show_bug.cgi?id=101541 + +Patch copied from upstream source repository: + +https://cgit.freedesktop.org/poppler/poppler/commit/?id=a3a98a6d83dfbf49f565f5aa2d7c07153a7f62fc + +From 55db66c69fd56826b8523710046deab1a8d14ba2 Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Wed, 21 Jun 2017 00:55:20 +0200 +Subject: [PATCH] Fix crash in malformed documents + +--- + poppler/JBIG2Stream.cc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc +index 48535883..d89108c8 100644 +--- a/poppler/JBIG2Stream.cc ++++ b/poppler/JBIG2Stream.cc +@@ -896,7 +896,7 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y, + oneByte = x0 == ((x1 - 1) & ~7); + + for (yy = y0; yy < y1; ++yy) { +- if (unlikely(y + yy) >= h) ++ if (unlikely((y + yy >= h) || (y + yy < 0))) + continue; + + // one byte per line -- need to mask both left and right side +-- +2.13.2 + diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index dce02a7b57..ffd7634eab 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -76,7 +76,7 @@ (define-public poppler (package (name "poppler") - (replacement poppler-0.56.0) + (replacement poppler/fixed) (version "0.52.0") (source (origin (method url-fetch) @@ -130,17 +130,12 @@ (license license:gpl2+) (home-page "https://poppler.freedesktop.org/"))) -(define poppler-0.56.0 +(define poppler/fixed (package (inherit poppler) - (version "0.56.0") (source (origin - (method url-fetch) - (uri (string-append "https://poppler.freedesktop.org/poppler-" - version ".tar.xz")) - (sha256 - (base32 - "0wviayidfv2ix2ql0d4nl9r1ia6qi5kc1nybd9vjx27dk7gvm7c6")))))) + (inherit (package-source poppler)) + (patches (search-patches "poppler-CVE-2017-9776.patch")))))) (define-public poppler-qt4 (package/inherit poppler -- cgit v1.2.3 From b81dd94a790636fea9ac59ad1c63d78420fad54a Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Sun, 9 Jul 2017 16:20:38 +0200 Subject: gnu: dblatex: Use texlive-union. * gnu/packages/patches/dblatex-remove-multirow.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/docbook.scm (dblatex)[source]: Use patch. [inputs]: Replace "texlive" with a texlive-union. --- gnu/local.mk | 1 + gnu/packages/docbook.scm | 34 ++++++++++++++++++++-- gnu/packages/patches/dblatex-remove-multirow.patch | 30 +++++++++++++++++++ 3 files changed, 63 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/dblatex-remove-multirow.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 20c78af072..32b62196e7 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -559,6 +559,7 @@ dist_patch_DATA = \ %D%/packages/patches/clucene-contribs-lib.patch \ %D%/packages/patches/cursynth-wave-rand.patch \ %D%/packages/patches/cyrus-sasl-CVE-2013-4122.patch \ + %D%/packages/patches/dblatex-remove-multirow.patch \ %D%/packages/patches/dbus-helper-search-path.patch \ %D%/packages/patches/dfu-programmer-fix-libusb.patch \ %D%/packages/patches/diffutils-gets-undeclared.patch \ diff --git a/gnu/packages/docbook.scm b/gnu/packages/docbook.scm index 7a309b0bc9..189ece01ab 100644 --- a/gnu/packages/docbook.scm +++ b/gnu/packages/docbook.scm @@ -180,11 +180,41 @@ by no means limited to these applications.) This package provides XML DTDs.") version ".tar.bz2")) (sha256 (base32 - "0pdizc5rjywwzxa1qqhdmba5zr35pbmdwbysalsid7xw87w3kq06")))) + "0pdizc5rjywwzxa1qqhdmba5zr35pbmdwbysalsid7xw87w3kq06")) + (patches (search-patches "dblatex-remove-multirow.patch")))) (build-system python-build-system) ;; TODO: Add xfig/transfig for fig2dev utility (inputs - `(("texlive" ,texlive) + `(("texlive" ,(texlive-union (list texlive-latex-amsfonts + texlive-latex-anysize + texlive-latex-appendix + texlive-latex-changebar + texlive-latex-colortbl + texlive-latex-eepic + texlive-latex-eso-pic + texlive-latex-fancybox + texlive-latex-fancyhdr + texlive-latex-fancyvrb + texlive-latex-float + texlive-latex-footmisc + texlive-latex-hyperref + texlive-latex-jknapltx + texlive-latex-listings + texlive-latex-multirow + texlive-latex-oberdiek + texlive-latex-overpic + texlive-latex-pdfpages + texlive-latex-subfigure + texlive-latex-titlesec + texlive-latex-url + texlive-latex-wasysym + + texlive-fonts-amsfonts + texlive-fonts-ec + texlive-fonts-rsfs + texlive-fonts-stmaryrd + + texlive-generic-ifxetex))) ("imagemagick" ,imagemagick) ;for convert ("inkscape" ,inkscape) ;for svg conversion ("docbook" ,docbook-xml) diff --git a/gnu/packages/patches/dblatex-remove-multirow.patch b/gnu/packages/patches/dblatex-remove-multirow.patch new file mode 100644 index 0000000000..62d1c64e08 --- /dev/null +++ b/gnu/packages/patches/dblatex-remove-multirow.patch @@ -0,0 +1,30 @@ +This patch is needed to fix dblatex with newer versions of TeX Live. +It was taken from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840189 + +--- a/latex/style/dbk_table.sty Sun Oct 02 23:21:03 2016 +0200 ++++ b/latex/style/dbk_table.sty Mon Oct 10 21:31:00 2016 +0200 +@@ -9,7 +9,6 @@ + \usepackage{longtable} + \usepackage{lscape} + \usepackage{colortbl} +-\usepackage{multirow} + \usepackage{calc} + \usepackage{hhline} + +@@ -21,16 +20,6 @@ + \expandafter[\expandafter3\expandafter]\expandafter{% + \multicolumn{#1}{#2}{#3}} + +-% Make \@xmultirow long +-\expandafter\long\expandafter\def% +-\expandafter\@xmultirow% +-\expandafter#\expandafter1% +-\expandafter[\expandafter#\expandafter2\expandafter]% +-\expandafter#\expandafter3% +-\expandafter[\expandafter#\expandafter4\expandafter]% +-\expandafter#\expandafter5% +-\expandafter{\@xmultirow{#1}[#2]{#3}[#4]{#5}} +- + % For the newtbl code + \newdimen\newtblstarfactor% + \newdimen\newtblsparewidth% -- cgit v1.2.3 From ef019092b98e1337acac51525e8e4e092267f69c Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Sun, 9 Jul 2017 18:01:02 -0400 Subject: gnu: poppler: Fix null pointer dereferences. * gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/pdf.scm (poppler/fixed)[source]: Add the patch. --- gnu/local.mk | 1 + .../poppler-fix-crash-with-broken-documents.patch | 61 ++++++++++++++++++++++ gnu/packages/pdf.scm | 3 +- 3 files changed, 64 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 32b62196e7..d792ff701a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -915,6 +915,7 @@ dist_patch_DATA = \ %D%/packages/patches/polkit-drop-test.patch \ %D%/packages/patches/policycoreutils-make-sepolicy-use-python3.patch \ %D%/packages/patches/poppler-CVE-2017-9776.patch \ + %D%/packages/patches/poppler-fix-crash-with-broken-documents.patch \ %D%/packages/patches/portaudio-audacity-compat.patch \ %D%/packages/patches/portmidi-modular-build.patch \ %D%/packages/patches/procmail-ambiguous-getline-debian.patch \ diff --git a/gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch b/gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch new file mode 100644 index 0000000000..353a16e322 --- /dev/null +++ b/gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch @@ -0,0 +1,61 @@ +Copied from: + + https://cgit.freedesktop.org/poppler/poppler/patch/?id=5c9b08a875b07853be6c44e43ff5f7f059df666a + +From 5c9b08a875b07853be6c44e43ff5f7f059df666a Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Sat, 27 May 2017 00:09:17 +0200 +Subject: pdfunite: Fix crash with broken documents + +Sometimes we can't parse pages so check before accessing them + +Thanks to Jiaqi Peng for the report + +Fixes bugs #101153 and #101149 + +diff --git a/utils/pdfunite.cc b/utils/pdfunite.cc +index dfe48bf..c32e201 100644 +--- a/utils/pdfunite.cc ++++ b/utils/pdfunite.cc +@@ -7,7 +7,7 @@ + // Copyright (C) 2011-2015, 2017 Thomas Freitag + // Copyright (C) 2012 Arseny Solokha + // Copyright (C) 2012 Fabio D'Urso +-// Copyright (C) 2012, 2014 Albert Astals Cid ++// Copyright (C) 2012, 2014, 2017 Albert Astals Cid + // Copyright (C) 2013 Adrian Johnson + // Copyright (C) 2013 Hib Eris + // Copyright (C) 2015 Arthur Stavisky +@@ -268,15 +268,15 @@ int main (int argc, char *argv[]) + catDict->lookup("OutputIntents", &intents); + catDict->lookupNF("AcroForm", &afObj); + Ref *refPage = docs[0]->getCatalog()->getPageRef(1); +- if (!afObj.isNull()) { ++ if (!afObj.isNull() && refPage) { + docs[0]->markAcroForm(&afObj, yRef, countRef, 0, refPage->num, refPage->num); + } + catDict->lookupNF("OCProperties", &ocObj); +- if (!ocObj.isNull() && ocObj.isDict()) { ++ if (!ocObj.isNull() && ocObj.isDict() && refPage) { + docs[0]->markPageObjects(ocObj.getDict(), yRef, countRef, 0, refPage->num, refPage->num); + } + catDict->lookup("Names", &names); +- if (!names.isNull() && names.isDict()) { ++ if (!names.isNull() && names.isDict() && refPage) { + docs[0]->markPageObjects(names.getDict(), yRef, countRef, 0, refPage->num, refPage->num); + } + if (intents.isArray() && intents.arrayGetLength() > 0) { +@@ -353,6 +353,10 @@ int main (int argc, char *argv[]) + + for (i = 0; i < (int) docs.size(); i++) { + for (j = 1; j <= docs[i]->getNumPages(); j++) { ++ if (!docs[i]->getCatalog()->getPage(j)) { ++ continue; ++ } ++ + PDFRectangle *cropBox = NULL; + if (docs[i]->getCatalog()->getPage(j)->isCropped()) + cropBox = docs[i]->getCatalog()->getPage(j)->getCropBox(); +-- +cgit v0.10.2 + diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index ffd7634eab..7b76955e23 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -135,7 +135,8 @@ (source (origin (inherit (package-source poppler)) - (patches (search-patches "poppler-CVE-2017-9776.patch")))))) + (patches (search-patches "poppler-fix-crash-with-broken-documents.patch" + "poppler-CVE-2017-9776.patch")))))) (define-public poppler-qt4 (package/inherit poppler -- cgit v1.2.3 From 625e7cd654418aa8c5af9f49189d67b9d550b8ea Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sat, 8 Jul 2017 11:00:47 -0400 Subject: gnu: ncurses: Fix CVE-2017-10684 and CVE-2017-10685. * gnu/packages/patches/ncurses-CVE-2017-10684-10685.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/ncurses.scm (ncurses)[replacement]: New field. (ncurses/fixed): New variable. --- gnu/local.mk | 1 + gnu/packages/ncurses.scm | 14 +- .../patches/ncurses-CVE-2017-10684-10685.patch | 200 +++++++++++++++++++++ 3 files changed, 214 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/ncurses-CVE-2017-10684-10685.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index d792ff701a..e405372699 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -845,6 +845,7 @@ dist_patch_DATA = \ %D%/packages/patches/mupen64plus-ui-console-notice.patch \ %D%/packages/patches/musl-CVE-2016-8859.patch \ %D%/packages/patches/mutt-store-references.patch \ + %D%/packages/patches/ncurses-CVE-2017-10684-10685.patch \ %D%/packages/patches/net-tools-bitrot.patch \ %D%/packages/patches/netcdf-date-time.patch \ %D%/packages/patches/netcdf-tst_h_par.patch \ diff --git a/gnu/packages/ncurses.scm b/gnu/packages/ncurses.scm index 44a79e7186..0b23baf129 100644 --- a/gnu/packages/ncurses.scm +++ b/gnu/packages/ncurses.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès ;;; Copyright © 2014, 2016 Mark H Weaver -;;; Copyright © 2015 Leo Famulari +;;; Copyright © 2015, 2017 Leo Famulari ;;; Copyright © 2016 ng0 ;;; Copyright © 2016 Efraim Flashner ;;; Copyright © 2016 Jan Nieuwenhuizen @@ -37,6 +37,7 @@ (define-public ncurses (package (name "ncurses") + (replacement ncurses/fixed) (version "6.0") (source (origin (method url-fetch) @@ -188,6 +189,17 @@ ncursesw library provides wide character support.") (license x11) (home-page "https://www.gnu.org/software/ncurses/"))) +(define ncurses/fixed + (package + (inherit ncurses) + (source + (origin + (inherit (package-source ncurses)) + (patches + (append + (origin-patches (package-source ncurses)) + (search-patches "ncurses-CVE-2017-10684-10685.patch"))))))) + (define-public dialog (package (name "dialog") diff --git a/gnu/packages/patches/ncurses-CVE-2017-10684-10685.patch b/gnu/packages/patches/ncurses-CVE-2017-10684-10685.patch new file mode 100644 index 0000000000..1f1b26801d --- /dev/null +++ b/gnu/packages/patches/ncurses-CVE-2017-10684-10685.patch @@ -0,0 +1,200 @@ +Fix CVE-2017-10684 and CVE-2017-10685: + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685 + +Bug reports included proof of concept reproducer inputs: + +https://bugzilla.redhat.com/show_bug.cgi?id=1464684 +https://bugzilla.redhat.com/show_bug.cgi?id=1464685 +https://bugzilla.redhat.com/show_bug.cgi?id=1464686 +https://bugzilla.redhat.com/show_bug.cgi?id=1464687 +https://bugzilla.redhat.com/show_bug.cgi?id=1464688 +https://bugzilla.redhat.com/show_bug.cgi?id=1464691 +https://bugzilla.redhat.com/show_bug.cgi?id=1464692 + +Patches copied from ncurses patch release 20170701: + +ftp://invisible-island.net/ncurses/6.0/ncurses-6.0-20170701.patch.gz + +Excerpt from patch release announcement: + + + add/improve checks in tic's parser to address invalid input + (Redhat #1464684, #1464685, #1464686, #1464691). + + alloc_entry.c, add a check for a null-pointer. + + parse_entry.c, add several checks for valid pointers as well as + one check to ensure that a single character on a line is not + treated as the 2-character termcap short-name. + + the fixes for Redhat #1464685 obscured a problem subsequently + reported in Redhat #1464687; the given test-case was no longer + reproducible. Testing without the fixes for the earlier reports + showed a problem with buffer overflow in dump_entry.c, which is + addressed by reducing the use of a fixed-size buffer. + +https://lists.gnu.org/archive/html/bug-ncurses/2017-07/msg00001.html + +--- ncurses-6.0-20170624+/ncurses/tinfo/alloc_entry.c 2017-04-09 23:33:51.000000000 +0000 ++++ ncurses-6.0-20170701/ncurses/tinfo/alloc_entry.c 2017-06-27 23:48:55.000000000 +0000 +@@ -96,7 +96,11 @@ + { + char *result = 0; + size_t old_next_free = next_free; +- size_t len = strlen(string) + 1; ++ size_t len; ++ ++ if (string == 0) ++ return _nc_save_str(""); ++ len = strlen(string) + 1; + + if (len == 1 && next_free != 0) { + /* +--- ncurses-6.0-20170624+/ncurses/tinfo/parse_entry.c 2017-06-24 22:59:46.000000000 +0000 ++++ ncurses-6.0-20170701/ncurses/tinfo/parse_entry.c 2017-06-28 00:53:12.000000000 +0000 +@@ -236,13 +236,14 @@ + * implemented it. Note that the resulting terminal type was never the + * 2-character name, but was instead the first alias after that. + */ ++#define ok_TC2(s) (isgraph(UChar(s)) && (s) != '|') + ptr = _nc_curr_token.tk_name; + if (_nc_syntax == SYN_TERMCAP + #if NCURSES_XNAMES + && !_nc_user_definable + #endif + ) { +- if (ptr[2] == '|') { ++ if (ok_TC2(ptr[0]) && ok_TC2(ptr[1]) && (ptr[2] == '|')) { + ptr += 3; + _nc_curr_token.tk_name[2] = '\0'; + } +@@ -284,9 +285,11 @@ + if (is_use || is_tc) { + entryp->uses[entryp->nuses].name = _nc_save_str(_nc_curr_token.tk_valstring); + entryp->uses[entryp->nuses].line = _nc_curr_line; +- entryp->nuses++; +- if (entryp->nuses > 1 && is_tc) { +- BAD_TC_USAGE ++ if (VALID_STRING(entryp->uses[entryp->nuses].name)) { ++ entryp->nuses++; ++ if (entryp->nuses > 1 && is_tc) { ++ BAD_TC_USAGE ++ } + } + } else { + /* normal token lookup */ +@@ -588,7 +591,7 @@ + static void + append_acs(string_desc * dst, int code, char *src) + { +- if (src != 0 && strlen(src) == 1) { ++ if (VALID_STRING(src) && strlen(src) == 1) { + append_acs0(dst, code, *src); + } + } +@@ -849,15 +852,14 @@ + } + + if (tp->Strings[to_ptr->nte_index]) { ++ const char *s = tp->Strings[from_ptr->nte_index]; ++ const char *t = tp->Strings[to_ptr->nte_index]; + /* There's no point in warning about it if it's the same + * string; that's just an inefficiency. + */ +- if (strcmp( +- tp->Strings[from_ptr->nte_index], +- tp->Strings[to_ptr->nte_index]) != 0) ++ if (VALID_STRING(s) && VALID_STRING(t) && strcmp(s, t) != 0) + _nc_warning("%s (%s) already has an explicit value %s, ignoring ko", +- ap->to, ap->from, +- _nc_visbuf(tp->Strings[to_ptr->nte_index])); ++ ap->to, ap->from, t); + continue; + } + +--- ncurses-6.0-20170624+/progs/dump_entry.c 2017-06-23 22:47:43.000000000 +0000 ++++ ncurses-6.0-20170701/progs/dump_entry.c 2017-07-01 11:27:29.000000000 +0000 +@@ -841,9 +841,10 @@ + PredIdx num_strings = 0; + bool outcount = 0; + +-#define WRAP_CONCAT \ +- wrap_concat(buffer); \ +- outcount = TRUE ++#define WRAP_CONCAT1(s) wrap_concat(s); outcount = TRUE ++#define WRAP_CONCAT2(a,b) wrap_concat(a); WRAP_CONCAT1(b) ++#define WRAP_CONCAT3(a,b,c) wrap_concat(a); WRAP_CONCAT2(b,c) ++#define WRAP_CONCAT WRAP_CONCAT1(buffer) + + len = 12; /* terminfo file-header */ + +@@ -1007,9 +1008,9 @@ + set_attributes = save_sgr; + + trimmed_sgr0 = _nc_trim_sgr0(tterm); +- if (strcmp(capability, trimmed_sgr0)) ++ if (strcmp(capability, trimmed_sgr0)) { + capability = trimmed_sgr0; +- else { ++ } else { + if (trimmed_sgr0 != exit_attribute_mode) + free(trimmed_sgr0); + } +@@ -1046,13 +1047,21 @@ + _nc_SPRINTF(buffer, _nc_SLIMIT(sizeof(buffer)) + "%s=!!! %s WILL NOT CONVERT !!!", + name, srccap); ++ WRAP_CONCAT; + } else if (suppress_untranslatable) { + continue; + } else { + char *s = srccap, *d = buffer; +- _nc_SPRINTF(d, _nc_SLIMIT(sizeof(buffer)) "..%s=", name); +- d += strlen(d); ++ WRAP_CONCAT3("..", name, "="); + while ((*d = *s++) != 0) { ++ if ((d - buffer - 1) >= (int) sizeof(buffer)) { ++ fprintf(stderr, ++ "%s: value for %s is too long\n", ++ _nc_progname, ++ name); ++ *d = '\0'; ++ break; ++ } + if (*d == ':') { + *d++ = '\\'; + *d = ':'; +@@ -1061,13 +1070,12 @@ + } + d++; + } ++ WRAP_CONCAT; + } + } else { +- _nc_SPRINTF(buffer, _nc_SLIMIT(sizeof(buffer)) +- "%s=%s", name, cv); ++ WRAP_CONCAT3(name, "=", cv); + } + len += (int) strlen(capability) + 1; +- WRAP_CONCAT; + } else { + char *src = _nc_tic_expand(capability, + outform == F_TERMINFO, numbers); +@@ -1083,8 +1091,7 @@ + strcpy_DYN(&tmpbuf, src); + } + len += (int) strlen(capability) + 1; +- wrap_concat(tmpbuf.text); +- outcount = TRUE; ++ WRAP_CONCAT1(tmpbuf.text); + } + } + /* e.g., trimmed_sgr0 */ +@@ -1526,7 +1533,8 @@ + } + if (len > critlen) { + (void) fprintf(stderr, +- "warning: %s entry is %d bytes long\n", ++ "%s: %s entry is %d bytes long\n", ++ _nc_progname, + _nc_first_name(tterm->term_names), + len); + SHOW_WHY("# WARNING: this entry, %d bytes long, may core-dump %s libraries!\n", -- cgit v1.2.3 From 61adfb00b11cc16a70e60f19fd8e0a838a3ef608 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 7 Jul 2017 00:31:08 -0400 Subject: gnu: libtiff: Fix two integer overflows. * gnu/packages/patches/libtiff-tiffycbcrtorgb-integer-overflow.patch, gnu/packages/patches/libtiff-tiffycbcrtorgbinit-integer-overflow.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/image.scm (libtiff-4.0.8)[source]: Use them. --- gnu/local.mk | 2 + gnu/packages/image.scm | 4 +- .../libtiff-tiffycbcrtorgb-integer-overflow.patch | 57 ++++++++++++++++++++++ ...btiff-tiffycbcrtorgbinit-integer-overflow.patch | 43 ++++++++++++++++ 4 files changed, 105 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/libtiff-tiffycbcrtorgb-integer-overflow.patch create mode 100644 gnu/packages/patches/libtiff-tiffycbcrtorgbinit-integer-overflow.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index e405372699..781c28accb 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -783,6 +783,8 @@ dist_patch_DATA = \ %D%/packages/patches/libtiff-null-dereference.patch \ %D%/packages/patches/libtiff-tiffcp-underflow.patch \ %D%/packages/patches/libtiff-tiffgetfield-bugs.patch \ + %D%/packages/patches/libtiff-tiffycbcrtorgb-integer-overflow.patch \ + %D%/packages/patches/libtiff-tiffycbcrtorgbinit-integer-overflow.patch \ %D%/packages/patches/libtirpc-CVE-2017-8779.patch \ %D%/packages/patches/libtorrent-rasterbar-boost-compat.patch \ %D%/packages/patches/libtool-skip-tests2.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index a9e005768f..139be62819 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -393,7 +393,9 @@ collection of tools for doing simple manipulations of TIFF images.") version ".tar.gz")) (patches (search-patches "libtiff-tiffgetfield-bugs.patch" "libtiff-CVE-2016-10688.patch" - "libtiff-CVE-2017-9936.patch")) + "libtiff-CVE-2017-9936.patch" + "libtiff-tiffycbcrtorgb-integer-overflow.patch" + "libtiff-tiffycbcrtorgbinit-integer-overflow.patch")) (sha256 (base32 "0419mh6kkhz5fkyl77gv0in8x4d2jpdpfs147y8mj86rrjlabmsr")))))) diff --git a/gnu/packages/patches/libtiff-tiffycbcrtorgb-integer-overflow.patch b/gnu/packages/patches/libtiff-tiffycbcrtorgb-integer-overflow.patch new file mode 100644 index 0000000000..060740d953 --- /dev/null +++ b/gnu/packages/patches/libtiff-tiffycbcrtorgb-integer-overflow.patch @@ -0,0 +1,57 @@ +Fix an integer overflow TIFFYCbCrtoRGB(): + +https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1844 + +3rd party Git reference: + +https://github.com/vadz/libtiff/commit/02669064e927074819ce1ed39aba0fccaa167717 + +2017-05-29 Even Rouault + + * libtiff/tif_color.c: TIFFYCbCrToRGBInit(): stricter clamping to avoid + int32 overflow in TIFFYCbCrtoRGB(). + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1844 + Credit to OSS Fuzz + + +/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog +new revision: 1.1241; previous revision: 1.1240 +/cvs/maptools/cvsroot/libtiff/libtiff/tif_color.c,v <-- libtiff/tif_color.c +new revision: 1.24; previous revision: 1.23 + +Index: libtiff/libtiff/tif_color.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_color.c,v +retrieving revision 1.23 +retrieving revision 1.24 +diff -u -r1.23 -r1.24 +--- libtiff/libtiff/tif_color.c 13 May 2017 18:17:34 -0000 1.23 ++++ libtiff/libtiff/tif_color.c 29 May 2017 10:12:54 -0000 1.24 +@@ -1,4 +1,4 @@ +-/* $Id: tif_color.c,v 1.23 2017-05-13 18:17:34 erouault Exp $ */ ++/* $Id: tif_color.c,v 1.24 2017-05-29 10:12:54 erouault Exp $ */ + + /* + * Copyright (c) 1988-1997 Sam Leffler +@@ -275,10 +275,10 @@ + for (i = 0, x = -128; i < 256; i++, x++) { + int32 Cr = (int32)CLAMPw(Code2V(x, refBlackWhite[4] - 128.0F, + refBlackWhite[5] - 128.0F, 127), +- -128.0F * 64, 128.0F * 64); ++ -128.0F * 32, 128.0F * 32); + int32 Cb = (int32)CLAMPw(Code2V(x, refBlackWhite[2] - 128.0F, + refBlackWhite[3] - 128.0F, 127), +- -128.0F * 64, 128.0F * 64); ++ -128.0F * 32, 128.0F * 32); + + ycbcr->Cr_r_tab[i] = (int32)((D1*Cr + ONE_HALF)>>SHIFT); + ycbcr->Cb_b_tab[i] = (int32)((D3*Cb + ONE_HALF)>>SHIFT); +@@ -286,7 +286,7 @@ + ycbcr->Cb_g_tab[i] = D4*Cb + ONE_HALF; + ycbcr->Y_tab[i] = + (int32)CLAMPw(Code2V(x + 128, refBlackWhite[0], refBlackWhite[1], 255), +- -128.0F * 64, 128.0F * 64); ++ -128.0F * 32, 128.0F * 32); + } + } + diff --git a/gnu/packages/patches/libtiff-tiffycbcrtorgbinit-integer-overflow.patch b/gnu/packages/patches/libtiff-tiffycbcrtorgbinit-integer-overflow.patch new file mode 100644 index 0000000000..a990641a49 --- /dev/null +++ b/gnu/packages/patches/libtiff-tiffycbcrtorgbinit-integer-overflow.patch @@ -0,0 +1,43 @@ +Fix an integer overflow in initYCbCrConversion(): + +https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1907 + +3rd party Git reference + +https://github.com/vadz/libtiff/commit/468988860e0dae62ebbf991627c74bcbb4bd256f + + * libtiff/tif_getimage.c: initYCbCrConversion(): stricter validation for + refBlackWhite coefficients values. To avoid invalid float->int32 conversion + (when refBlackWhite[0] == 2147483648.f) + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1907 + Credit to OSS Fuzz + + +/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog +new revision: 1.1243; previous revision: 1.1242 +/cvs/maptools/cvsroot/libtiff/libtiff/tif_getimage.c,v <-- libtiff/tif_getimage.c +new revision: 1.107; previous revision: 1.106 + +Index: libtiff/libtiff/tif_getimage.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_getimage.c,v +retrieving revision 1.106 +retrieving revision 1.107 +diff -u -r1.106 -r1.107 +--- libtiff/libtiff/tif_getimage.c 20 May 2017 11:29:02 -0000 1.106 ++++ libtiff/libtiff/tif_getimage.c 29 May 2017 11:29:06 -0000 1.107 +@@ -1,4 +1,4 @@ +-/* $Id: tif_getimage.c,v 1.106 2017-05-20 11:29:02 erouault Exp $ */ ++/* $Id: tif_getimage.c,v 1.107 2017-05-29 11:29:06 erouault Exp $ */ + + /* + * Copyright (c) 1991-1997 Sam Leffler +@@ -2241,7 +2241,7 @@ + + static int isInRefBlackWhiteRange(float f) + { +- return f >= (float)(-0x7FFFFFFF + 128) && f <= (float)0x7FFFFFFF; ++ return f > (float)(-0x7FFFFFFF + 128) && f < (float)0x7FFFFFFF; + } + + static int -- cgit v1.2.3