From 5d8549328483978bf04dd2c710ef6a06614d4776 Mon Sep 17 00:00:00 2001 From: Hartmut Goebel Date: Wed, 28 Sep 2016 13:18:19 +0200 Subject: gnu: Remove python-setuptools and python2-setuptools from inputs (part 1b) This patch contains the changes in all modules beside python.scm where removing setuptools from the inputs could be achieved by removing complete lines. * gnu/packages/admin.scm (graphios, thefuck): Remove all [inputs], [native-inputs] and [propagated-inputs] where python-setuptools or python2-setuptools are the sole entries. Remove python-setuptools and python2-setuptools listed on a line by its own from [inputs], [native-inputs] and [propagated-inputs]. * gnu/packages/backup.scm (rdiff-backup): Likewise. * gnu/packages/bioinformatics.scm (htseq, macs, python2-pbcore, rseqc, multiqc): Likewise. * gnu/packages/django.scm (python-django, python2-django, python-django-simple-math-captcha, python2-django-simple-math-captcha): Likewise. * gnu/packages/docker.scm (python-docker-py, docker-compose): Likewise. * gnu/packages/game-development.scm (python-pygame): Likewise. * gnu/packages/key-mon.scm (key-mon): Likewise. * gnu/packages/mail.scm (khard): Likewise. * gnu/packages/music.scm (beets, python2-pyechonest): Likewise. * gnu/packages/openstack.scm (python-bandit, python2-bandit, python-debtcollector, python2-debtcollector, python-mox3, python2-mox3, python-os-client-config, python2-os-client-config, python-oslo.config, python2-oslo.config, python-oslo.context, python2-oslo.context, python-oslo.i18n, python2-oslo.i18n, python-oslo.serialization, python2-oslo.serialization, python-oslosphinx, python2-oslosphinx, python-oslotest, python2-oslotest, python-oslo.utils, python2-oslo.utils, python-swiftclient, python2-swiftclient): Likewise. * gnu/packages/pdf.scm (pdfposter): Likewise. * gnu/packages/tls.scm (python-acme, python2-acme): Likewise. --- gnu/packages/pdf.scm | 2 -- 1 file changed, 2 deletions(-) (limited to 'gnu/packages/pdf.scm') diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index 9c6e9a967e..171f1990f7 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -874,8 +874,6 @@ python-pypdf2 instead.") (inputs ;; pdfposter 0.6.0 still uses the old pyPdf `(("python2-pypdf" ,python2-pypdf))) - (native-inputs - `(("python2-setuptools" ,python2-setuptools))) (home-page "https://pythonhosted.org/pdftools.pdfposter/") (synopsis "Scale and tile PDF images/pages to print on multiple pages") (description "@command{pdfposter} can be used to create a large poster by -- cgit v1.2.3 From d8013ee221bd599474340899ffb5974796091955 Mon Sep 17 00:00:00 2001 From: Hartmut Goebel Date: Wed, 28 Sep 2016 14:36:46 +0200 Subject: gnu: Remove needless inputs python-pip and python2-pip. This is installed together with Python 3 anyway and for our build of Python 2. * gnu/packages/python.scm (python2-fixtures): [inputs] remove "python-pip". * gnu/packages/pdf.scm (python2-reportlab): [native-inputs] remove "python2-pip". (python-reportlab)[properties]: remove "python2-variant". --- gnu/packages/pdf.scm | 8 ++------ gnu/packages/python.scm | 3 +-- 2 files changed, 3 insertions(+), 8 deletions(-) (limited to 'gnu/packages/pdf.scm') diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index 171f1990f7..e447ef1603 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -650,14 +650,10 @@ using a stylus.") (description "This is the ReportLab PDF Toolkit. It allows rapid creation of rich PDF documents, and also creation of charts in a variety of bitmap and vector formats.") - (license license:bsd-3) - (properties `((python2-variant . ,(delay python2-reportlab)))))) + (license license:bsd-3))) (define-public python2-reportlab - (package - (inherit (package-with-python2 - (strip-python2-variant python-reportlab))) - (native-inputs `(("python2-pip" ,python2-pip))))) + (package-with-python2 python-reportlab)) (define-public impressive (package diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 02e2900d2c..f103706533 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -2044,8 +2044,7 @@ and sensible default behaviors into your setuptools run.") `(("python-six" ,python-six) ("python-pbr-0.11" ,python-pbr-0.11))) (inputs - `(("python-pip" ,python-pip) - ;; Tests + `(;; Tests ("python-testtools" ,python-testtools))) (arguments '(#:tests? #f)) ; no setup.py test command -- cgit v1.2.3 From b41a05ce497d5ecc682cf46ce61aa2215193f9f6 Mon Sep 17 00:00:00 2001 From: Hartmut Goebel Date: Wed, 28 Sep 2016 15:23:10 +0200 Subject: gnu: Remove work-arounds for bug 20765 (ensure uncompressed eggs). Bug 20765 is solved since we build all Python packages using option "--single-version-externally-managed". * gnu/packages/bioinformatics.scm (pbtranscript-tofu): Remove configure-flags. (pepr): remove phase "disable-egg-generation". * gnu/packages/pdf.scm (reportlab): Remove configure-flags. * gnu/packages/python.scm (python-sphinx-rtd-theme, python2-elib.intl, python-pkgconfig, python-pytest-pep8, python-pytest-flakes): Remove configure-flags. (python-pillow) remove phase "disable-egg-generation". (python-libarchive-c) Remove patching setup.cfg. * gnu/packages/statistics.scm (python-patsy): remove phase "prevent-generation-of-egg-archive". * gnu/packages/tls.scm (python-acme): remove phase "disable-egg-compression". * gnu/packages/tor.scm (onionshare): Remove configure-flags. --- gnu/packages/bioinformatics.scm | 19 +---------------- gnu/packages/pdf.scm | 5 ----- gnu/packages/python.scm | 47 ++++------------------------------------- gnu/packages/statistics.scm | 8 +------ gnu/packages/tls.scm | 9 -------- gnu/packages/tor.scm | 6 +----- 6 files changed, 7 insertions(+), 87 deletions(-) (limited to 'gnu/packages/pdf.scm') diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm index 481a2a3bcb..9872933693 100644 --- a/gnu/packages/bioinformatics.scm +++ b/gnu/packages/bioinformatics.scm @@ -3563,11 +3563,6 @@ the phenotype as it models the data.") (build-system python-build-system) (arguments `(#:python ,python-2 - ;; With standard flags, the install phase attempts to create a zip'd - ;; egg file, and fails with an error: 'ZIP does not support timestamps - ;; before 1980' - #:configure-flags '("--single-version-externally-managed" - "--record=pbtranscript-tofu.txt") #:phases (modify-phases %standard-phases (add-after 'unpack 'enter-directory @@ -7576,19 +7571,7 @@ may optionally be provided to further inform the peak-calling process.") (build-system python-build-system) (arguments `(#:python ,python-2 ; python2 only - #:tests? #f ; no tests included - #:phases - (modify-phases %standard-phases - ;; When setuptools is used a ".egg" archive is generated and - ;; installed. This makes it hard to actually run PePr. This issue - ;; has been reported upstream: - ;; https://github.com/shawnzhangyx/PePr/issues/9 - (add-after 'unpack 'disable-egg-generation - (lambda _ - (substitute* "setup.py" - (("from setuptools import setup") - "from distutils.core import setup")) - #t))))) + #:tests? #f)) ; no tests included (propagated-inputs `(("python2-numpy" ,python2-numpy) ("python2-scipy" ,python2-scipy) diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index e447ef1603..b86f5efbfa 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -638,11 +638,6 @@ using a stylus.") (base32 "0rz2pg04wnzjjm2f5a8ik9v8s54mv4xrjhv5liqjijqv6awh12gl")))) (build-system python-build-system) - (arguments - ;; Prevent creation of the egg. Without this flag, various artifacts - ;; from the build inputs end up in the final python3 output. It also - ;; works around https://debbugs.gnu.org/cgi/bugreport.cgi?bug=20765 . - `(#:configure-flags '("--single-version-externally-managed" "--root=/"))) (propagated-inputs `(("python-pillow" ,python-pillow))) (home-page "http://www.reportlab.com") diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index f103706533..3fcd92dc83 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -2800,12 +2800,6 @@ sources.") (base32 "19nw3rn7awplcdrz63kg1njqwkbymfg9lwn7l2grhdyhyr2gaa8g")))) (build-system python-build-system) - (arguments - `(;; With standard flags, the install phase attempts to create a zip'd - ;; egg file, and fails with an error: 'ZIP does not support timestamps - ;; before 1980' - #:configure-flags '("--single-version-externally-managed" - "--record=sphinx-rtd-theme.txt"))) (inputs `(("python-docutils" ,python-docutils) ("python-sphinx" ,python-sphinx))) @@ -3988,12 +3982,7 @@ Python's distutils.") (arguments ;; incompatible with Python 3 (exception syntax) `(#:python ,python-2 - #:tests? #f - ;; With standard flags, the install phase attempts to create a zip'd - ;; egg file, and fails with an error: 'ZIP does not support timestamps - ;; before 1980' - #:configure-flags '("--single-version-externally-managed" - "--record=elib.txt"))) + #:tests? #f)) (home-page "https://github.com/dieterv/elib.intl") (synopsis "Enhanced internationalization for Python") (description @@ -4026,17 +4015,6 @@ services for your Python modules and applications.") ;; Note: setuptools used at runtime for pkg_resources (arguments `(#:phases (modify-phases %standard-phases - (add-before - 'install 'disable-egg-compression - (lambda _ - ;; Leave the .egg uncompressed since compressing it would - ;; prevent the GC from identifying run-time dependencies. - ;; See . - (let ((port (open-file "setup.cfg" "a"))) - (display "\n[easy_install]\nzip_ok = 0\n" - port) - (close-port port) - #t))) (add-after 'install 'check-installed (lambda _ @@ -6520,15 +6498,7 @@ a hash value.") (substitute* "libarchive/ffi.py" (("find_library\\('archive'\\)") (string-append "'" libarchive - "/lib/libarchive.so'")))) - - ;; Do not make a compressed egg (see - ;; ). - (let ((port (open-file "setup.cfg" "a"))) - (display "\n[easy_install]\nzip_ok = 0\n" - port) - (close-port port) - #t)))))) + "/lib/libarchive.so'"))))))))) (inputs `(("libarchive" ,libarchive))) (home-page "https://github.com/Changaco/python-libarchive-c") @@ -9454,9 +9424,6 @@ CloudFront content delivery network.") `(;; Tests fail with "ValueError: _type_ 'v' not supported" on Python 3, ;; and on Python 2 they need the dl module deprecated since Python 2.6. #:tests? #f - ;; Prevent creation of the egg. This works around - ;; https://debbugs.gnu.org/cgi/bugreport.cgi?bug=20765 . - #:configure-flags '("--single-version-externally-managed" "--root=/") ;; Hard-code the path to pkg-config. #:phases (modify-phases %standard-phases @@ -10979,10 +10946,7 @@ failures.") "06032agzhw1i9d9qlhfblnl3dw5hcyxhagn7b120zhrszbjzfbh3")))) (build-system python-build-system) (arguments - `(#:tests? #f ; Fails with recent pytest and pep8. See upstream issues #8 and #12. - ;; Prevent creation of the egg. This works around - ;; https://debbugs.gnu.org/cgi/bugreport.cgi?bug=20765 . - #:configure-flags '("--single-version-externally-managed" "--root=/"))) + `(#:tests? #f)) ; Fails with recent pytest and pep8. See upstream issues #8 and #12. (native-inputs `(("python-pytest" ,python-pytest))) (propagated-inputs @@ -11007,10 +10971,7 @@ failures.") "0flag3n33kbhyjrhzmq990rvg4yb8hhhl0i48q9hw0ll89jp28lw")))) (build-system python-build-system) (arguments - `(;; Prevent creation of the egg. This works around - ;; https://debbugs.gnu.org/cgi/bugreport.cgi?bug=20765 . - #:configure-flags '("--single-version-externally-managed" "--root=/") - #:phases + `(#:phases (modify-phases %standard-phases (delete 'check) (add-after 'install 'check diff --git a/gnu/packages/statistics.scm b/gnu/packages/statistics.scm index 950c3ec64f..cca08d26a8 100644 --- a/gnu/packages/statistics.scm +++ b/gnu/packages/statistics.scm @@ -1394,13 +1394,7 @@ and fast file reading.") (arguments `(#:phases (modify-phases %standard-phases - (replace 'check (lambda _ (zero? (system* "nosetests" "-v")))) - (add-after 'unpack 'prevent-generation-of-egg-archive - (lambda _ - (substitute* "setup.py" - (("from setuptools import setup") - "from distutils.core import setup")) - #t))))) + (replace 'check (lambda _ (zero? (system* "nosetests" "-v"))))))) (propagated-inputs `(("python-numpy" ,python-numpy) ("python-scipy" ,python-scipy) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 608fd6a080..607fa33b27 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -437,15 +437,6 @@ security, and applying best practice development processes.") (arguments `(#:phases (modify-phases %standard-phases - (add-before 'install 'disable-egg-compression - (lambda _ - ;; Do not compress the egg. - ;; See . - (let ((port (open-file "setup.cfg" "a"))) - (display "\n[easy_install]\nzip_ok = 0\n" - port) - (close-port port) - #t))) (add-after 'install 'docs (lambda* (#:key outputs #:allow-other-keys) (let* ((out (assoc-ref outputs "out")) diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm index e6fbf6e005..fe079fb104 100644 --- a/gnu/packages/tor.scm +++ b/gnu/packages/tor.scm @@ -208,11 +208,7 @@ networks.") ;; After all the patching we run the tests after installing. ;; This is also a known issue: ;; https://github.com/micahflee/onionshare/issues/284 - (lambda _ (zero? (system* "nosetests" "test"))))) - ;; can't compress the egg because it expects to find all the resources - ;; inside the egg as though it were a folder. - #:configure-flags '("--single-version-externally-managed" "--root=/") - )) + (lambda _ (zero? (system* "nosetests" "test"))))))) (native-inputs `(("python-nose" ,python-nose))) (inputs -- cgit v1.2.3 From c51d926c740f98883ce3332852e826f57fdf4566 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Mon, 28 Nov 2016 19:25:21 +0200 Subject: gnu: cairo: Fix CVE-2016-9082. * gnu/packages/gtk.scm (cairo)[replacement]: New field. (cairo/fixed): New variable. (cairo-xcb)[source]: Use patch. [replacement]: New field, set false. * gnu/packages/pdf.scm (poppler)[inputs]: Custom cairo should be replaced by a new custom patched cairo. * gnu/packages/patches/cairo-CVE-2016-9082.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/gtk.scm | 12 +++ gnu/packages/patches/cairo-CVE-2016-9082.patch | 122 +++++++++++++++++++++++++ gnu/packages/pdf.scm | 11 +++ 4 files changed, 146 insertions(+) create mode 100644 gnu/packages/patches/cairo-CVE-2016-9082.patch (limited to 'gnu/packages/pdf.scm') diff --git a/gnu/local.mk b/gnu/local.mk index 49609cd68f..9d0e4c5094 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -489,6 +489,7 @@ dist_patch_DATA = \ %D%/packages/patches/binutils-loongson-workaround.patch \ %D%/packages/patches/binutils-mips-bash-bug.patch \ %D%/packages/patches/byobu-writable-status.patch \ + %D%/packages/patches/cairo-CVE-2016-9082.patch \ %D%/packages/patches/calibre-drop-unrar.patch \ %D%/packages/patches/calibre-no-updates-dialog.patch \ %D%/packages/patches/cdparanoia-fpic.patch \ diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm index 17bd9c9b00..8a258b54cc 100644 --- a/gnu/packages/gtk.scm +++ b/gnu/packages/gtk.scm @@ -100,6 +100,7 @@ tools have full access to view and control running applications.") (define-public cairo (package (name "cairo") + (replacement cairo/fixed) (version "1.14.6") (source (origin (method url-fetch) @@ -153,6 +154,10 @@ affine transformation (scale, rotation, shear, etc.).") (package (inherit cairo) (name "cairo-xcb") + (source (origin + (inherit (package-source cairo)) + (patches (search-patches "cairo-CVE-2016-9082.patch")))) + (replacement #f) (inputs `(("mesa" ,mesa) ,@(package-inputs cairo))) @@ -162,6 +167,13 @@ affine transformation (scale, rotation, shear, etc.).") '("--enable-xlib-xcb" "--enable-gl" "--enable-egl"))) (synopsis "2D graphics library (with X11 support)"))) +(define cairo/fixed + (package + (inherit cairo) + (source (origin + (inherit (package-source cairo)) + (patches (search-patches "cairo-CVE-2016-9082.patch")))))) + (define-public harfbuzz (package (name "harfbuzz") diff --git a/gnu/packages/patches/cairo-CVE-2016-9082.patch b/gnu/packages/patches/cairo-CVE-2016-9082.patch new file mode 100644 index 0000000000..ad83404194 --- /dev/null +++ b/gnu/packages/patches/cairo-CVE-2016-9082.patch @@ -0,0 +1,122 @@ +From: Adrian Johnson +Date: Thu, 20 Oct 2016 21:12:30 +1030 +Subject: [PATCH] image: prevent invalid ptr access for > 4GB images + +Image data is often accessed using: + + image->data + y * image->stride + +On 64-bit achitectures if the image data is > 4GB, this computation +will overflow since both y and stride are 32-bit types. + +bug report: https://bugs.freedesktop.org/show_bug.cgi?id=98165 +patch: https://bugs.freedesktop.org/attachment.cgi?id=127421 +--- + boilerplate/cairo-boilerplate.c | 4 +++- + src/cairo-image-compositor.c | 4 ++-- + src/cairo-image-surface-private.h | 2 +- + src/cairo-mesh-pattern-rasterizer.c | 2 +- + src/cairo-png.c | 2 +- + src/cairo-script-surface.c | 3 ++- + 6 files changed, 10 insertions(+), 7 deletions(-) + +diff --git a/boilerplate/cairo-boilerplate.c b/boilerplate/cairo-boilerplate.c +index 7fdbf79..4804dea 100644 +--- a/boilerplate/cairo-boilerplate.c ++++ b/boilerplate/cairo-boilerplate.c +@@ -42,6 +42,7 @@ + #undef CAIRO_VERSION_H + #include "../cairo-version.h" + ++#include + #include + #include + #include +@@ -976,7 +977,8 @@ cairo_surface_t * + cairo_boilerplate_image_surface_create_from_ppm_stream (FILE *file) + { + char format; +- int width, height, stride; ++ int width, height; ++ ptrdiff_t stride; + int x, y; + unsigned char *data; + cairo_surface_t *image = NULL; +diff --git a/src/cairo-image-compositor.c b/src/cairo-image-compositor.c +index 48072f8..3ca0006 100644 +--- a/src/cairo-image-compositor.c ++++ b/src/cairo-image-compositor.c +@@ -1575,7 +1575,7 @@ typedef struct _cairo_image_span_renderer { + pixman_image_t *src, *mask; + union { + struct fill { +- int stride; ++ ptrdiff_t stride; + uint8_t *data; + uint32_t pixel; + } fill; +@@ -1594,7 +1594,7 @@ typedef struct _cairo_image_span_renderer { + struct finish { + cairo_rectangle_int_t extents; + int src_x, src_y; +- int stride; ++ ptrdiff_t stride; + uint8_t *data; + } mask; + } u; +diff --git a/src/cairo-image-surface-private.h b/src/cairo-image-surface-private.h +index 8ca694c..7e78d61 100644 +--- a/src/cairo-image-surface-private.h ++++ b/src/cairo-image-surface-private.h +@@ -71,7 +71,7 @@ struct _cairo_image_surface { + + int width; + int height; +- int stride; ++ ptrdiff_t stride; + int depth; + + unsigned owns_data : 1; +diff --git a/src/cairo-mesh-pattern-rasterizer.c b/src/cairo-mesh-pattern-rasterizer.c +index 1b63ca8..e7f0db6 100644 +--- a/src/cairo-mesh-pattern-rasterizer.c ++++ b/src/cairo-mesh-pattern-rasterizer.c +@@ -470,7 +470,7 @@ draw_pixel (unsigned char *data, int width, int height, int stride, + tg += tg >> 16; + tb += tb >> 16; + +- *((uint32_t*) (data + y*stride + 4*x)) = ((ta << 16) & 0xff000000) | ++ *((uint32_t*) (data + y*(ptrdiff_t)stride + 4*x)) = ((ta << 16) & 0xff000000) | + ((tr >> 8) & 0xff0000) | ((tg >> 16) & 0xff00) | (tb >> 24); + } + } +diff --git a/src/cairo-png.c b/src/cairo-png.c +index 562b743..aa8c227 100644 +--- a/src/cairo-png.c ++++ b/src/cairo-png.c +@@ -673,7 +673,7 @@ read_png (struct png_read_closure_t *png_closure) + } + + for (i = 0; i < png_height; i++) +- row_pointers[i] = &data[i * stride]; ++ row_pointers[i] = &data[i * (ptrdiff_t)stride]; + + png_read_image (png, row_pointers); + png_read_end (png, info); +diff --git a/src/cairo-script-surface.c b/src/cairo-script-surface.c +index ea0117d..91e4baa 100644 +--- a/src/cairo-script-surface.c ++++ b/src/cairo-script-surface.c +@@ -1202,7 +1202,8 @@ static cairo_status_t + _write_image_surface (cairo_output_stream_t *output, + const cairo_image_surface_t *image) + { +- int stride, row, width; ++ int row, width; ++ ptrdiff_t stride; + uint8_t row_stack[CAIRO_STACK_BUFFER_SIZE]; + uint8_t *rowdata; + uint8_t *data; +-- +2.1.4 + diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index 39f4d021de..6442f08af9 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -95,6 +95,17 @@ ;; To build poppler-glib (as needed by Evince), we need Cairo and ;; GLib. But of course, that Cairo must not depend on Poppler. ("cairo" ,(package (inherit cairo) + (replacement + (package + (inherit cairo) + (replacement #f) + (source + (origin + (inherit (package-source cairo)) + (patches (search-patches + "cairo-CVE-2016-9082.patch")))) + (inputs (alist-delete "poppler" + (package-inputs cairo))))) (inputs (alist-delete "poppler" (package-inputs cairo))))) ("glib" ,glib))) -- cgit v1.2.3 From bc118f1a0367036128a6acfdc9fe34c8554009ac Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Wed, 30 Nov 2016 18:31:37 +0100 Subject: gnu: cairo: Eliminate graft. * gnu/packages/gtk.scm (cairo)[replacement]: Remove field. [source]: Add patch from 'cairo/fixed'. (cairo-xcb)[source]: Inherit from cairo. [replacement]: Remove field. (cairo/fixed): Remove variable. * gnu/packages/pdf.scm (poppler)[inputs]: Remove cairo replacement. --- gnu/packages/gtk.scm | 15 ++------------- gnu/packages/pdf.scm | 11 ----------- 2 files changed, 2 insertions(+), 24 deletions(-) (limited to 'gnu/packages/pdf.scm') diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm index 224e33e711..b1a8e272db 100644 --- a/gnu/packages/gtk.scm +++ b/gnu/packages/gtk.scm @@ -100,7 +100,6 @@ tools have full access to view and control running applications.") (define-public cairo (package (name "cairo") - (replacement cairo/fixed) (version "1.14.6") (source (origin (method url-fetch) @@ -108,7 +107,8 @@ tools have full access to view and control running applications.") version ".tar.xz")) (sha256 (base32 - "0lmjlzmghmr27y615px9hkm552x7ap6pmq9mfbzr6smp8y2b6g31")))) + "0lmjlzmghmr27y615px9hkm552x7ap6pmq9mfbzr6smp8y2b6g31")) + (patches (search-patches "cairo-CVE-2016-9082.patch")))) (build-system gnu-build-system) (propagated-inputs `(("fontconfig" ,fontconfig) @@ -154,10 +154,6 @@ affine transformation (scale, rotation, shear, etc.).") (package (inherit cairo) (name "cairo-xcb") - (source (origin - (inherit (package-source cairo)) - (patches (search-patches "cairo-CVE-2016-9082.patch")))) - (replacement #f) (inputs `(("mesa" ,mesa) ,@(package-inputs cairo))) @@ -167,13 +163,6 @@ affine transformation (scale, rotation, shear, etc.).") '("--enable-xlib-xcb" "--enable-gl" "--enable-egl"))) (synopsis "2D graphics library (with X11 support)"))) -(define cairo/fixed - (package - (inherit cairo) - (source (origin - (inherit (package-source cairo)) - (patches (search-patches "cairo-CVE-2016-9082.patch")))))) - (define-public harfbuzz (package (name "harfbuzz") diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index b95fe5e0cf..d491642e49 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -95,17 +95,6 @@ ;; To build poppler-glib (as needed by Evince), we need Cairo and ;; GLib. But of course, that Cairo must not depend on Poppler. ("cairo" ,(package (inherit cairo) - (replacement - (package - (inherit cairo) - (replacement #f) - (source - (origin - (inherit (package-source cairo)) - (patches (search-patches - "cairo-CVE-2016-9082.patch")))) - (inputs (alist-delete "poppler" - (package-inputs cairo))))) (inputs (alist-delete "poppler" (package-inputs cairo))))) ("glib" ,glib))) -- cgit v1.2.3 From 76bbce6af2baed0c2fa7dddd43ecc2ffe6482c41 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sat, 3 Dec 2016 21:39:55 +0100 Subject: gnu: mupdf: Update to 1.10a. * gnu/packages/patches/mupdf-CVE-2016-6265.patch: Delete file. * gnu/packages/patches/mupdf-CVE-2016-6525.patch: Likewise. * gnu/packages/patches/mupdf-CVE-2016-7504.patch: Likewise. * gnu/packages/patches/mupdf-CVE-2016-7505.patch: Likewise. * gnu/packages/patches/mupdf-CVE-2016-7506.patch: Likewise. * gnu/packages/patches/mupdf-CVE-2016-7563.patch: Likewise. * gnu/packages/patches/mupdf-CVE-2016-7564.patch: Likewise. * gnu/packages/patches/mupdf-CVE-2016-8674.patch: Likewise. * gnu/packages/patches/mupdf-CVE-2016-9017.patch: Likewise. * gnu/packages/patches/mupdf-CVE-2016-9136.patch: Likewise. * gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch: Adjust to 1.10a. * gnu/local.mk (dist_patch_DATA): Remove deleted patches. * gnu/packages/pdf.scm (mupdf): Update to 1.10a. [source]: Remove patches. --- gnu/local.mk | 10 -- gnu/packages/patches/mupdf-CVE-2016-6265.patch | 30 ---- gnu/packages/patches/mupdf-CVE-2016-6525.patch | 21 --- gnu/packages/patches/mupdf-CVE-2016-7504.patch | 99 ------------- gnu/packages/patches/mupdf-CVE-2016-7505.patch | 32 ---- gnu/packages/patches/mupdf-CVE-2016-7506.patch | 42 ------ gnu/packages/patches/mupdf-CVE-2016-7563.patch | 37 ----- gnu/packages/patches/mupdf-CVE-2016-7564.patch | 34 ----- gnu/packages/patches/mupdf-CVE-2016-8674.patch | 165 --------------------- gnu/packages/patches/mupdf-CVE-2016-9017.patch | 46 ------ gnu/packages/patches/mupdf-CVE-2016-9136.patch | 32 ---- .../patches/mupdf-build-with-openjpeg-2.1.patch | 9 -- gnu/packages/pdf.scm | 16 +- 13 files changed, 3 insertions(+), 570 deletions(-) delete mode 100644 gnu/packages/patches/mupdf-CVE-2016-6265.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2016-6525.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2016-7504.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2016-7505.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2016-7506.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2016-7563.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2016-7564.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2016-8674.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2016-9017.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2016-9136.patch (limited to 'gnu/packages/pdf.scm') diff --git a/gnu/local.mk b/gnu/local.mk index c635a4792c..30f7b59f12 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -719,16 +719,6 @@ dist_patch_DATA = \ %D%/packages/patches/module-init-tools-moduledir.patch \ %D%/packages/patches/mumps-build-parallelism.patch \ %D%/packages/patches/mupdf-build-with-openjpeg-2.1.patch \ - %D%/packages/patches/mupdf-CVE-2016-6265.patch \ - %D%/packages/patches/mupdf-CVE-2016-6525.patch \ - %D%/packages/patches/mupdf-CVE-2016-7504.patch \ - %D%/packages/patches/mupdf-CVE-2016-7505.patch \ - %D%/packages/patches/mupdf-CVE-2016-7506.patch \ - %D%/packages/patches/mupdf-CVE-2016-7563.patch \ - %D%/packages/patches/mupdf-CVE-2016-7564.patch \ - %D%/packages/patches/mupdf-CVE-2016-8674.patch \ - %D%/packages/patches/mupdf-CVE-2016-9017.patch \ - %D%/packages/patches/mupdf-CVE-2016-9136.patch \ %D%/packages/patches/mupen64plus-ui-console-notice.patch \ %D%/packages/patches/musl-CVE-2016-8859.patch \ %D%/packages/patches/mutt-store-references.patch \ diff --git a/gnu/packages/patches/mupdf-CVE-2016-6265.patch b/gnu/packages/patches/mupdf-CVE-2016-6265.patch deleted file mode 100644 index 58f5c3726c..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-6265.patch +++ /dev/null @@ -1,30 +0,0 @@ -Fix CVE-2016-6265 (use after free in pdf_load_xref()). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6265 -https://security-tracker.debian.org/tracker/CVE-2016-6265 - -Patch copied from upstream source repository: - -http://git.ghostscript.com/?p=mupdf.git;h=fa1936405b6a84e5c9bb440912c23d532772f958 - -diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c -index 576c315..3222599 100644 ---- a/source/pdf/pdf-xref.c -+++ b/source/pdf/pdf-xref.c -@@ -1184,8 +1184,14 @@ pdf_load_xref(fz_context *ctx, pdf_document *doc, pdf_lexbuf *buf) - fz_throw(ctx, FZ_ERROR_GENERIC, "object offset out of range: %d (%d 0 R)", (int)entry->ofs, i); - } - if (entry->type == 'o') -- if (entry->ofs <= 0 || entry->ofs >= xref_len || pdf_get_xref_entry(ctx, doc, entry->ofs)->type != 'n') -- fz_throw(ctx, FZ_ERROR_GENERIC, "invalid reference to an objstm that does not exist: %d (%d 0 R)", (int)entry->ofs, i); -+ { -+ /* Read this into a local variable here, because pdf_get_xref_entry -+ * may solidify the xref, hence invalidating "entry", meaning we -+ * need a stashed value for the throw. */ -+ fz_off_t ofs = entry->ofs; -+ if (ofs <= 0 || ofs >= xref_len || pdf_get_xref_entry(ctx, doc, ofs)->type != 'n') -+ fz_throw(ctx, FZ_ERROR_GENERIC, "invalid reference to an objstm that does not exist: %d (%d 0 R)", (int)ofs, i); -+ } - } - } - diff --git a/gnu/packages/patches/mupdf-CVE-2016-6525.patch b/gnu/packages/patches/mupdf-CVE-2016-6525.patch deleted file mode 100644 index 370af5ade6..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-6525.patch +++ /dev/null @@ -1,21 +0,0 @@ -Fix CVE-2016-6525 (heap overflow in pdf_load_mesh_params()). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6525 -https://security-tracker.debian.org/tracker/CVE-2016-6525 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e - -diff --git a/source/pdf/pdf-shade.c b/source/pdf/pdf-shade.c -index 7815b3c..6e25efa 100644 ---- a/source/pdf/pdf-shade.c -+++ b/source/pdf/pdf-shade.c -@@ -206,7 +206,7 @@ pdf_load_mesh_params(fz_context *ctx, pdf_document *doc, fz_shade *shade, pdf_ob - obj = pdf_dict_get(ctx, dict, PDF_NAME_Decode); - if (pdf_array_len(ctx, obj) >= 6) - { -- n = (pdf_array_len(ctx, obj) - 4) / 2; -+ n = fz_mini(FZ_MAX_COLORS, (pdf_array_len(ctx, obj) - 4) / 2); - shade->u.m.x0 = pdf_to_real(ctx, pdf_array_get(ctx, obj, 0)); - shade->u.m.x1 = pdf_to_real(ctx, pdf_array_get(ctx, obj, 1)); - shade->u.m.y0 = pdf_to_real(ctx, pdf_array_get(ctx, obj, 2)); diff --git a/gnu/packages/patches/mupdf-CVE-2016-7504.patch b/gnu/packages/patches/mupdf-CVE-2016-7504.patch deleted file mode 100644 index 4bbb4411c0..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-7504.patch +++ /dev/null @@ -1,99 +0,0 @@ -Fix CVE-2016-7504: -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7504 -http://bugs.ghostscript.com/show_bug.cgi?id=697142 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=5c337af4b3df80cf967e4f9f6a21522de84b392a - -From 5c337af4b3df80cf967e4f9f6a21522de84b392a Mon Sep 17 00:00:00 2001 -From: Tor Andersson -Date: Wed, 21 Sep 2016 16:01:08 +0200 -Subject: [PATCH] Fix bug 697142: Stale string pointer stored in regexp object. - -Make sure to make a copy of the source pattern string. -A case we missed when adding short and memory strings to the runtime. -The code assumed all strings passed to it were either literal or interned. ---- - jsgc.c | 4 +++- - jsi.h | 1 + - jsregexp.c | 2 +- - jsrun.c | 8 ++++++++ - jsvalue.h | 2 +- - 5 files changed, 14 insertions(+), 3 deletions(-) - -diff --git a/jsgc.c b/jsgc.c -index 9bd6482..4f7e7dc 100644 ---- a/thirdparty/mujs/jsgc.c -+++ b/thirdparty/mujs/jsgc.c -@@ -44,8 +44,10 @@ static void jsG_freeobject(js_State *J, js_Object *obj) - { - if (obj->head) - jsG_freeproperty(J, obj->head); -- if (obj->type == JS_CREGEXP) -+ if (obj->type == JS_CREGEXP) { -+ js_free(J, obj->u.r.source); - js_regfree(obj->u.r.prog); -+ } - if (obj->type == JS_CITERATOR) - jsG_freeiterator(J, obj->u.iter.head); - if (obj->type == JS_CUSERDATA && obj->u.user.finalize) -diff --git a/jsi.h b/jsi.h -index 7d9f7c7..e855045 100644 ---- a/thirdparty/mujs/jsi.h -+++ b/thirdparty/mujs/jsi.h -@@ -79,6 +79,7 @@ typedef unsigned short js_Instruction; - - /* String interning */ - -+char *js_strdup(js_State *J, const char *s); - const char *js_intern(js_State *J, const char *s); - void jsS_dumpstrings(js_State *J); - void jsS_freestrings(js_State *J); -diff --git a/jsregexp.c b/jsregexp.c -index 2a056b7..a2d5156 100644 ---- a/thirdparty/mujs/jsregexp.c -+++ b/thirdparty/mujs/jsregexp.c -@@ -21,7 +21,7 @@ void js_newregexp(js_State *J, const char *pattern, int flags) - js_syntaxerror(J, "regular expression: %s", error); - - obj->u.r.prog = prog; -- obj->u.r.source = pattern; -+ obj->u.r.source = js_strdup(J, pattern); - obj->u.r.flags = flags; - obj->u.r.last = 0; - js_pushobject(J, obj); -diff --git a/jsrun.c b/jsrun.c -index 2648c4c..ee80845 100644 ---- a/thirdparty/mujs/jsrun.c -+++ b/thirdparty/mujs/jsrun.c -@@ -45,6 +45,14 @@ void *js_realloc(js_State *J, void *ptr, int size) - return ptr; - } - -+char *js_strdup(js_State *J, const char *s) -+{ -+ int n = strlen(s) + 1; -+ char *p = js_malloc(J, n); -+ memcpy(p, s, n); -+ return p; -+} -+ - void js_free(js_State *J, void *ptr) - { - J->alloc(J->actx, ptr, 0); -diff --git a/jsvalue.h b/jsvalue.h -index 6cfbd89..8fb5016 100644 ---- a/thirdparty/mujs/jsvalue.h -+++ b/thirdparty/mujs/jsvalue.h -@@ -71,7 +71,7 @@ struct js_String - struct js_Regexp - { - void *prog; -- const char *source; -+ char *source; - unsigned short flags; - unsigned short last; - }; --- -2.10.2 - diff --git a/gnu/packages/patches/mupdf-CVE-2016-7505.patch b/gnu/packages/patches/mupdf-CVE-2016-7505.patch deleted file mode 100644 index 15e4f374d6..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-7505.patch +++ /dev/null @@ -1,32 +0,0 @@ -Fix CVE-2016-7505: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7505 -http://bugs.ghostscript.com/show_bug.cgi?id=697140 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=8c805b4eb19cf2af689c860b77e6111d2ee439d5 - -From 8c805b4eb19cf2af689c860b77e6111d2ee439d5 Mon Sep 17 00:00:00 2001 -From: Tor Andersson -Date: Wed, 21 Sep 2016 15:21:04 +0200 -Subject: [PATCH] Fix bug 697140: Overflow check in ascii division in strtod. - ---- - jsdtoa.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/jsdtoa.c b/jsdtoa.c -index 2e52368..920c1a7 100644 ---- a/thirdparty/mujs/jsdtoa.c -+++ b/thirdparty/mujs/jsdtoa.c -@@ -735,6 +735,7 @@ xx: - n -= c<= Ndig) break; /* abort if overflowing */ - } - *p = 0; - } --- -2.10.2 - diff --git a/gnu/packages/patches/mupdf-CVE-2016-7506.patch b/gnu/packages/patches/mupdf-CVE-2016-7506.patch deleted file mode 100644 index 733249acaa..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-7506.patch +++ /dev/null @@ -1,42 +0,0 @@ -Fix CVE-2016-7506: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7506 -http://bugs.ghostscript.com/show_bug.cgi?id=697141 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=5000749f5afe3b956fc916e407309de840997f4a - -From 5000749f5afe3b956fc916e407309de840997f4a Mon Sep 17 00:00:00 2001 -From: Tor Andersson -Date: Wed, 21 Sep 2016 16:02:11 +0200 -Subject: [PATCH] Fix bug 697141: buffer overrun in regexp string substitution. - -A '$' escape at the end of the string would read past the zero terminator -when looking for the escaped character. ---- - jsstring.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/jsstring.c b/jsstring.c -index 66f6a89..0209a8e 100644 ---- a/thirdparty/mujs/jsstring.c -+++ b/thirdparty/mujs/jsstring.c -@@ -421,6 +421,7 @@ loop: - while (*r) { - if (*r == '$') { - switch (*(++r)) { -+ case 0: --r; /* end of string; back up and fall through */ - case '$': js_putc(J, &sb, '$'); break; - case '`': js_putm(J, &sb, source, s); break; - case '\'': js_puts(J, &sb, s + n); break; -@@ -516,6 +517,7 @@ static void Sp_replace_string(js_State *J) - while (*r) { - if (*r == '$') { - switch (*(++r)) { -+ case 0: --r; /* end of string; back up and fall through */ - case '$': js_putc(J, &sb, '$'); break; - case '&': js_putm(J, &sb, s, s + n); break; - case '`': js_putm(J, &sb, source, s); break; --- -2.10.2 - diff --git a/gnu/packages/patches/mupdf-CVE-2016-7563.patch b/gnu/packages/patches/mupdf-CVE-2016-7563.patch deleted file mode 100644 index 288c9ab2df..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-7563.patch +++ /dev/null @@ -1,37 +0,0 @@ -Fix CVE-2016-7563: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7563 -http://bugs.ghostscript.com/show_bug.cgi?id=697136 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=f8234d830e17fc5e8fe09eb76d86dad3f6233c59 - -From f8234d830e17fc5e8fe09eb76d86dad3f6233c59 Mon Sep 17 00:00:00 2001 -From: Tor Andersson -Date: Tue, 20 Sep 2016 17:11:32 +0200 -Subject: [PATCH] Fix bug 697136. - -We were unconditionally reading the next character if we encountered -a '*' in a multi-line comment; possibly reading past the end of -the input. ---- - jslex.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/jslex.c b/jslex.c -index 7b80800..cbd0eeb 100644 ---- a/thirdparty/mujs/jslex.c -+++ b/thirdparty/mujs/jslex.c -@@ -225,7 +225,8 @@ static int lexcomment(js_State *J) - if (jsY_accept(J, '/')) - return 0; - } -- jsY_next(J); -+ else -+ jsY_next(J); - } - return -1; - } --- -2.10.2 - diff --git a/gnu/packages/patches/mupdf-CVE-2016-7564.patch b/gnu/packages/patches/mupdf-CVE-2016-7564.patch deleted file mode 100644 index c2ce33d1df..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-7564.patch +++ /dev/null @@ -1,34 +0,0 @@ -Fix CVE-2016-7564: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7564 -http://bugs.ghostscript.com/show_bug.cgi?id=697137 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=a3a4fe840b80706c706e86160352af5936f292d8 - -From a3a4fe840b80706c706e86160352af5936f292d8 Mon Sep 17 00:00:00 2001 -From: Tor Andersson -Date: Tue, 20 Sep 2016 17:19:06 +0200 -Subject: [PATCH] Fix bug 697137: off by one in string length calculation. - -We were not allocating space for the terminating zero byte. ---- - jsfunction.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/jsfunction.c b/jsfunction.c -index 8b5b18e..28f7aa7 100644 ---- a/thirdparty/mujs/jsfunction.c -+++ b/thirdparty/mujs/jsfunction.c -@@ -61,7 +61,7 @@ static void Fp_toString(js_State *J) - n += strlen(F->name); - for (i = 0; i < F->numparams; ++i) - n += strlen(F->vartab[i]) + 1; -- s = js_malloc(J, n); -+ s = js_malloc(J, n + 1); - strcpy(s, "function "); - strcat(s, F->name); - strcat(s, "("); --- -2.10.2 - diff --git a/gnu/packages/patches/mupdf-CVE-2016-8674.patch b/gnu/packages/patches/mupdf-CVE-2016-8674.patch deleted file mode 100644 index 2a35619761..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-8674.patch +++ /dev/null @@ -1,165 +0,0 @@ -Fix CVE-2016-8674 (use-after-free in pdf_to_num()). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8674 -https://security-tracker.debian.org/tracker/CVE-2016-8674 - -Patch adapted from upstream source repository: -http://git.ghostscript.com/?p=mupdf.git;h=1e03c06456d997435019fb3526fa2d4be7dbc6ec - -diff --git a/include/mupdf/pdf/document.h b/include/mupdf/pdf/document.h -index f8ef0cd..e8345b7 100644 ---- a/include/mupdf/pdf/document.h -+++ b/include/mupdf/pdf/document.h -@@ -258,6 +258,10 @@ struct pdf_document_s - fz_font **type3_fonts; - - pdf_resource_tables *resources; -+ -+ int orphans_max; -+ int orphans_count; -+ pdf_obj **orphans; - }; - - /* -diff --git a/include/mupdf/pdf/object.h b/include/mupdf/pdf/object.h -index 346a2f1..02d4119 100644 ---- a/include/mupdf/pdf/object.h -+++ b/include/mupdf/pdf/object.h -@@ -109,6 +109,7 @@ pdf_obj *pdf_dict_gets(fz_context *ctx, pdf_obj *dict, const char *key); - pdf_obj *pdf_dict_getsa(fz_context *ctx, pdf_obj *dict, const char *key, const char *abbrev); - void pdf_dict_put(fz_context *ctx, pdf_obj *dict, pdf_obj *key, pdf_obj *val); - void pdf_dict_put_drop(fz_context *ctx, pdf_obj *dict, pdf_obj *key, pdf_obj *val); -+void pdf_dict_get_put_drop(fz_context *ctx, pdf_obj *dict, pdf_obj *key, pdf_obj *val, pdf_obj **old_val); - void pdf_dict_puts(fz_context *ctx, pdf_obj *dict, const char *key, pdf_obj *val); - void pdf_dict_puts_drop(fz_context *ctx, pdf_obj *dict, const char *key, pdf_obj *val); - void pdf_dict_putp(fz_context *ctx, pdf_obj *dict, const char *path, pdf_obj *val); -diff --git a/source/pdf/pdf-object.c b/source/pdf/pdf-object.c -index f2e4551..a0d0d8e 100644 ---- a/source/pdf/pdf-object.c -+++ b/source/pdf/pdf-object.c -@@ -1240,9 +1240,13 @@ pdf_dict_geta(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *abbrev) - return pdf_dict_get(ctx, obj, abbrev); - } - --void --pdf_dict_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val) -+static void -+pdf_dict_get_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val, pdf_obj **old_val) - { -+ -+ if (old_val) -+ *old_val = NULL; -+ - RESOLVE(obj); - if (obj >= PDF_OBJ__LIMIT) - { -@@ -1282,7 +1286,10 @@ pdf_dict_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val) - { - pdf_obj *d = DICT(obj)->items[i].v; - DICT(obj)->items[i].v = pdf_keep_obj(ctx, val); -- pdf_drop_obj(ctx, d); -+ if (old_val) -+ *old_val = d; -+ else -+ pdf_drop_obj(ctx, d); - } - } - else -@@ -1305,10 +1312,27 @@ pdf_dict_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val) - } - - void -+pdf_dict_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val) -+{ -+ pdf_dict_get_put(ctx, obj, key, val, NULL); -+} -+ -+void - pdf_dict_put_drop(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val) - { - fz_try(ctx) -- pdf_dict_put(ctx, obj, key, val); -+ pdf_dict_get_put(ctx, obj, key, val, NULL); -+ fz_always(ctx) -+ pdf_drop_obj(ctx, val); -+ fz_catch(ctx) -+ fz_rethrow(ctx); -+} -+ -+void -+pdf_dict_get_put_drop(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val, pdf_obj **old_val) -+{ -+ fz_try(ctx) -+ pdf_dict_get_put(ctx, obj, key, val, old_val); - fz_always(ctx) - pdf_drop_obj(ctx, val); - fz_catch(ctx) -diff --git a/source/pdf/pdf-repair.c b/source/pdf/pdf-repair.c -index fdd4648..212c8b7 100644 ---- a/source/pdf/pdf-repair.c -+++ b/source/pdf/pdf-repair.c -@@ -259,6 +259,27 @@ pdf_repair_obj_stm(fz_context *ctx, pdf_document *doc, int num, int gen) - } - } - -+static void -+orphan_object(fz_context *ctx, pdf_document *doc, pdf_obj *obj) -+{ -+ if (doc->orphans_count == doc->orphans_max) -+ { -+ int new_max = (doc->orphans_max ? doc->orphans_max*2 : 32); -+ -+ fz_try(ctx) -+ { -+ doc->orphans = fz_resize_array(ctx, doc->orphans, new_max, sizeof(*doc->orphans)); -+ doc->orphans_max = new_max; -+ } -+ fz_catch(ctx) -+ { -+ pdf_drop_obj(ctx, obj); -+ fz_rethrow(ctx); -+ } -+ } -+ doc->orphans[doc->orphans_count++] = obj; -+} -+ - void - pdf_repair_xref(fz_context *ctx, pdf_document *doc) - { -@@ -520,12 +541,13 @@ pdf_repair_xref(fz_context *ctx, pdf_document *doc) - /* correct stream length for unencrypted documents */ - if (!encrypt && list[i].stm_len >= 0) - { -+ pdf_obj *old_obj = NULL; - dict = pdf_load_object(ctx, doc, list[i].num, list[i].gen); - - length = pdf_new_int(ctx, doc, list[i].stm_len); -- pdf_dict_put(ctx, dict, PDF_NAME_Length, length); -- pdf_drop_obj(ctx, length); -- -+ pdf_dict_get_put_drop(ctx, dict, PDF_NAME_Length, length, &old_obj); -+ if (old_obj) -+ orphan_object(ctx, doc, old_obj); - pdf_drop_obj(ctx, dict); - } - } -diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c -index 3de1cd2..6682741 100644 ---- a/source/pdf/pdf-xref.c -+++ b/source/pdf/pdf-xref.c -@@ -1626,6 +1626,12 @@ pdf_close_document(fz_context *ctx, pdf_document *doc) - - pdf_drop_resource_tables(ctx, doc); - -+ for (i = 0; i < doc->orphans_count; i++) -+ { -+ pdf_drop_obj(ctx, doc->orphans[i]); -+ } -+ fz_free(ctx, doc->orphans); -+ - fz_free(ctx, doc); - } - --- -2.10.1 - diff --git a/gnu/packages/patches/mupdf-CVE-2016-9017.patch b/gnu/packages/patches/mupdf-CVE-2016-9017.patch deleted file mode 100644 index 1e2b7c3258..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-9017.patch +++ /dev/null @@ -1,46 +0,0 @@ -Fix CVE-2016-9017: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9107 -http://bugs.ghostscript.com/show_bug.cgi?id=697171 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=a5c747f1d40e8d6659a37a8d25f13fb5acf8e767 - -From a5c747f1d40e8d6659a37a8d25f13fb5acf8e767 Mon Sep 17 00:00:00 2001 -From: Tor Andersson -Date: Tue, 25 Oct 2016 14:08:27 +0200 -Subject: [PATCH] Fix 697171: missed an operand in the bytecode debugger dump. - ---- - jscompile.h | 2 +- - jsdump.c | 1 + - 2 files changed, 2 insertions(+), 1 deletion(-) - -diff --git a/jscompile.h b/jscompile.h -index 802cc9e..3054d13 100644 ---- a/thirdparty/mujs/jscompile.h -+++ b/thirdparty/mujs/jscompile.h -@@ -21,7 +21,7 @@ enum js_OpCode - - OP_NEWARRAY, - OP_NEWOBJECT, -- OP_NEWREGEXP, -+ OP_NEWREGEXP, /* -S,opts- */ - - OP_UNDEF, - OP_NULL, -diff --git a/jsdump.c b/jsdump.c -index 1c51c29..37ad88c 100644 ---- a/thirdparty/mujs/jsdump.c -+++ b/thirdparty/mujs/jsdump.c -@@ -750,6 +750,7 @@ void jsC_dumpfunction(js_State *J, js_Function *F) - case OP_INITVAR: - case OP_DEFVAR: - case OP_GETVAR: -+ case OP_HASVAR: - case OP_SETVAR: - case OP_DELVAR: - case OP_GETPROP_S: --- -2.10.2 - diff --git a/gnu/packages/patches/mupdf-CVE-2016-9136.patch b/gnu/packages/patches/mupdf-CVE-2016-9136.patch deleted file mode 100644 index 1f68839a52..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-9136.patch +++ /dev/null @@ -1,32 +0,0 @@ -Fix CVE-2016-9136: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9136 -http://bugs.ghostscript.com/show_bug.cgi?id=697244 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=a0ceaf5050faf419401fe1b83acfa950ec8a8a89 -From a0ceaf5050faf419401fe1b83acfa950ec8a8a89 Mon Sep 17 00:00:00 2001 -From: Tor Andersson -Date: Mon, 31 Oct 2016 13:05:37 +0100 -Subject: [PATCH] Fix 697244: Check for incomplete escape sequence at end of - input. - ---- - jslex.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/jslex.c b/jslex.c -index cbd0eeb..aaafdac 100644 ---- a/thirdparty/mujs/jslex.c -+++ b/thirdparty/mujs/jslex.c -@@ -377,6 +377,7 @@ static int lexescape(js_State *J) - return 0; - - switch (J->lexchar) { -+ case 0: jsY_error(J, "unterminated escape sequence"); - case 'u': - jsY_next(J); - if (!jsY_ishex(J->lexchar)) return 1; else { x |= jsY_tohex(J->lexchar) << 12; jsY_next(J); } --- -2.10.2 - diff --git a/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch b/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch index cd8136b701..d97c1cb348 100644 --- a/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch +++ b/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch @@ -27,12 +27,3 @@ index 6b92e5c..72dea50 100644 #include static void fz_opj_error_callback(const char *msg, void *client_data) -@@ -117,7 +109,7 @@ fz_load_jpx(fz_context *ctx, unsigned char *data, int size, fz_colorspace *defcs - opj_stream_set_read_function(stream, fz_opj_stream_read); - opj_stream_set_skip_function(stream, fz_opj_stream_skip); - opj_stream_set_seek_function(stream, fz_opj_stream_seek); -- opj_stream_set_user_data(stream, &sb); -+ opj_stream_set_user_data(stream, &sb, NULL); - /* Set the length to avoid an assert */ - opj_stream_set_user_data_length(stream, size); - diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index d491642e49..3f329c5426 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -479,7 +479,7 @@ extracting content or merging files.") (define-public mupdf (package (name "mupdf") - (version "1.9a") + (version "1.10a") (source (origin (method url-fetch) @@ -487,18 +487,8 @@ extracting content or merging files.") name "-" version "-source.tar.gz")) (sha256 (base32 - "1k64pdapyj8a336jw3j61fhn0rp4q6az7d0dqp9r5n3d9rgwa5c0")) - (patches (search-patches "mupdf-build-with-openjpeg-2.1.patch" - "mupdf-CVE-2016-6265.patch" - "mupdf-CVE-2016-6525.patch" - "mupdf-CVE-2016-7504.patch" - "mupdf-CVE-2016-7505.patch" - "mupdf-CVE-2016-7506.patch" - "mupdf-CVE-2016-7563.patch" - "mupdf-CVE-2016-7564.patch" - "mupdf-CVE-2016-8674.patch" - "mupdf-CVE-2016-9017.patch" - "mupdf-CVE-2016-9136.patch")) + "0dm8wcs8i29aibzkqkrn8kcnk4q0kd1v66pg48h5c3qqp4v1zk5a")) + (patches (search-patches "mupdf-build-with-openjpeg-2.1.patch")) (modules '((guix build utils))) (snippet ;; Delete all the bundled libraries except for mujs, which is -- cgit v1.2.3