diff options
author | Mark H Weaver <mhw@netris.org> | 2018-01-19 23:59:20 -0500 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2018-01-19 23:59:20 -0500 |
commit | e074a655dd6497daafbd62737e3b63f3d5aa7985 (patch) | |
tree | 2b198ba5c664cdd58e155f3c0113d1cebde0fc91 /gnu/packages/patches | |
parent | 6d7b26a39faf42c37f15dc64a30a77e5e194ea23 (diff) | |
parent | ccb5cac17be98aaa9c3225605d6170c675d8e8e6 (diff) | |
download | guix-e074a655dd6497daafbd62737e3b63f3d5aa7985.tar.gz |
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/dtc-32-bits-check.patch | 134 | ||||
-rw-r--r-- | gnu/packages/patches/dtc-format-modifier.patch | 38 | ||||
-rw-r--r-- | gnu/packages/patches/emacs-json-reformat-fix-tests.patch | 32 | ||||
-rw-r--r-- | gnu/packages/patches/libexif-CVE-2016-6328.patch | 72 | ||||
-rw-r--r-- | gnu/packages/patches/lxterminal-CVE-2016-10369.patch | 37 | ||||
-rw-r--r-- | gnu/packages/patches/ninja-zero-mtime.patch | 19 | ||||
-rw-r--r-- | gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch | 45 | ||||
-rw-r--r-- | gnu/packages/patches/transmission-fix-dns-rebinding-vuln.patch | 302 | ||||
-rw-r--r-- | gnu/packages/patches/webkitgtk-mitigate-spectre.patch | 107 |
9 files changed, 406 insertions, 380 deletions
diff --git a/gnu/packages/patches/dtc-32-bits-check.patch b/gnu/packages/patches/dtc-32-bits-check.patch deleted file mode 100644 index cf15be3404..0000000000 --- a/gnu/packages/patches/dtc-32-bits-check.patch +++ /dev/null @@ -1,134 +0,0 @@ -This fixes tests on 32 bits platforms. Patch taken from upstream. - -commit f8872e29ce06d78d3db71b3ab26a7465fc8a9586 -Author: David Gibson <david@gibson.dropbear.id.au> -Date: Fri Oct 6 23:07:30 2017 +1100 - - tests: Avoid 64-bit arithmetic in assembler - - For testing we (ab)use the assembler to build us a sample dtb, independent - of the other tools (dtc and libfdt) that we're trying to test. In a few - places this uses 64-bit arithmetic to decompose 64-bit constants into - the individual bytes in the blob. - - Unfortunately, it seems that some builds of GNU as don't support >32 bit - arithmetic, though it's not entirely clear to me which do and which don't - (Fedora i386 does support 64-bit, Debian arm32 doesn't). - - Anyway, to be safe, this avoids 64-bit arithmetic in assembler at the cost - of some extra awkwardness because we have to define the values in 32-bit - halves. - - Signed-off-by: David Gibson <david@gibson.dropbear.id.au> - -diff --git a/tests/testdata.h b/tests/testdata.h -index 3588778..f6bbe1d 100644 ---- a/tests/testdata.h -+++ b/tests/testdata.h -@@ -4,15 +4,25 @@ - #define ASM_CONST_LL(x) (x##ULL) - #endif - --#define TEST_ADDR_1 ASM_CONST_LL(0xdeadbeef00000000) --#define TEST_SIZE_1 ASM_CONST_LL(0x100000) --#define TEST_ADDR_2 ASM_CONST_LL(123456789) --#define TEST_SIZE_2 ASM_CONST_LL(010000) -+#define TEST_ADDR_1H ASM_CONST_LL(0xdeadbeef) -+#define TEST_ADDR_1L ASM_CONST_LL(0x00000000) -+#define TEST_ADDR_1 ((TEST_ADDR_1H << 32) | TEST_ADDR_1L) -+#define TEST_SIZE_1H ASM_CONST_LL(0x00000000) -+#define TEST_SIZE_1L ASM_CONST_LL(0x00100000) -+#define TEST_SIZE_1 ((TEST_SIZE_1H << 32) | TEST_SIZE_1L) -+#define TEST_ADDR_2H ASM_CONST_LL(0) -+#define TEST_ADDR_2L ASM_CONST_LL(123456789) -+#define TEST_ADDR_2 ((TEST_ADDR_2H << 32) | TEST_ADDR_2L) -+#define TEST_SIZE_2H ASM_CONST_LL(0) -+#define TEST_SIZE_2L ASM_CONST_LL(010000) -+#define TEST_SIZE_2 ((TEST_SIZE_2H << 32) | TEST_SIZE_2L) - - #define TEST_VALUE_1 0xdeadbeef - #define TEST_VALUE_2 123456789 - --#define TEST_VALUE64_1 ASM_CONST_LL(0xdeadbeef01abcdef) -+#define TEST_VALUE64_1H ASM_CONST_LL(0xdeadbeef) -+#define TEST_VALUE64_1L ASM_CONST_LL(0x01abcdef) -+#define TEST_VALUE64_1 ((TEST_VALUE64_1H << 32) | TEST_VALUE64_1L) - - #define PHANDLE_1 0x2000 - #define PHANDLE_2 0x2001 -diff --git a/tests/trees.S b/tests/trees.S -index 9854d1d..9859914 100644 ---- a/tests/trees.S -+++ b/tests/trees.S -@@ -7,16 +7,6 @@ - .byte ((val) >> 8) & 0xff ; \ - .byte (val) & 0xff ; - --#define FDTQUAD(val) \ -- .byte ((val) >> 56) & 0xff ; \ -- .byte ((val) >> 48) & 0xff ; \ -- .byte ((val) >> 40) & 0xff ; \ -- .byte ((val) >> 32) & 0xff ; \ -- .byte ((val) >> 24) & 0xff ; \ -- .byte ((val) >> 16) & 0xff ; \ -- .byte ((val) >> 8) & 0xff ; \ -- .byte (val) & 0xff ; -- - #define TREE_HDR(tree) \ - .balign 8 ; \ - .globl _##tree ; \ -@@ -33,14 +23,16 @@ tree: \ - FDTLONG(tree##_strings_end - tree##_strings) ; \ - FDTLONG(tree##_struct_end - tree##_struct) ; - --#define RSVMAP_ENTRY(addr, len) \ -- FDTQUAD(addr) ; \ -- FDTQUAD(len) ; \ -+#define RSVMAP_ENTRY(addrh, addrl, lenh, lenl) \ -+ FDTLONG(addrh) ; \ -+ FDTLONG(addrl) ; \ -+ FDTLONG(lenh) ; \ -+ FDTLONG(lenl) - - #define EMPTY_RSVMAP(tree) \ - .balign 8 ; \ - tree##_rsvmap: ; \ -- RSVMAP_ENTRY(0, 0) \ -+ RSVMAP_ENTRY(0, 0, 0, 0) \ - tree##_rsvmap_end: ; - - #define PROPHDR(tree, name, len) \ -@@ -52,9 +44,10 @@ tree##_rsvmap_end: ; - PROPHDR(tree, name, 4) \ - FDTLONG(val) ; - --#define PROP_INT64(tree, name, val) \ -+#define PROP_INT64(tree, name, valh, vall) \ - PROPHDR(tree, name, 8) \ -- FDTQUAD(val) ; -+ FDTLONG(valh) ; \ -+ FDTLONG(vall) ; - - #define PROP_STR(tree, name, str) \ - PROPHDR(tree, name, 55f - 54f) \ -@@ -81,16 +74,16 @@ tree##_##name: ; \ - - .balign 8 - test_tree1_rsvmap: -- RSVMAP_ENTRY(TEST_ADDR_1, TEST_SIZE_1) -- RSVMAP_ENTRY(TEST_ADDR_2, TEST_SIZE_2) -- RSVMAP_ENTRY(0, 0) -+ RSVMAP_ENTRY(TEST_ADDR_1H, TEST_ADDR_1L, TEST_SIZE_1H, TEST_SIZE_1L) -+ RSVMAP_ENTRY(TEST_ADDR_2H, TEST_ADDR_2L, TEST_SIZE_2H, TEST_SIZE_2L) -+ RSVMAP_ENTRY(0, 0, 0, 0) - test_tree1_rsvmap_end: - - test_tree1_struct: - BEGIN_NODE("") - PROP_STR(test_tree1, compatible, "test_tree1") - PROP_INT(test_tree1, prop_int, TEST_VALUE_1) -- PROP_INT64(test_tree1, prop_int64, TEST_VALUE64_1) -+ PROP_INT64(test_tree1, prop_int64, TEST_VALUE64_1H, TEST_VALUE64_1L) - PROP_STR(test_tree1, prop_str, TEST_STRING_1) - PROP_INT(test_tree1, address_cells, 1) - PROP_INT(test_tree1, size_cells, 0) diff --git a/gnu/packages/patches/dtc-format-modifier.patch b/gnu/packages/patches/dtc-format-modifier.patch deleted file mode 100644 index c33d16857f..0000000000 --- a/gnu/packages/patches/dtc-format-modifier.patch +++ /dev/null @@ -1,38 +0,0 @@ -This fixes build on 32 bits platforms. This patch is taken from upstream. - -commit 497432fd2131967f349e69dc5d259072151cc4b4 -Author: Thierry Reding <treding@nvidia.com> -Date: Wed Sep 27 15:04:09 2017 +0200 - - checks: Use proper format modifier for size_t - - The size of size_t can vary between architectures, so using %ld isn't - going to work on 32-bit builds. Use the %zu modifier to make sure it is - always correct. - - Signed-off-by: Thierry Reding <treding@nvidia.com> - Acked-by: Rob Herring <robh@kernel.org> - Signed-off-by: David Gibson <david@gibson.dropbear.id.au> - -diff --git a/checks.c b/checks.c -index 902f2e3..08a3a29 100644 ---- a/checks.c -+++ b/checks.c -@@ -972,7 +972,7 @@ static void check_property_phandle_args(struct check *c, - int cell, cellsize = 0; - - if (prop->val.len % sizeof(cell_t)) { -- FAIL(c, dti, "property '%s' size (%d) is invalid, expected multiple of %ld in node %s", -+ FAIL(c, dti, "property '%s' size (%d) is invalid, expected multiple of %zu in node %s", - prop->name, prop->val.len, sizeof(cell_t), node->fullpath); - return; - } -@@ -1163,7 +1163,7 @@ static void check_interrupts_property(struct check *c, - return; - - if (irq_prop->val.len % sizeof(cell_t)) -- FAIL(c, dti, "property '%s' size (%d) is invalid, expected multiple of %ld in node %s", -+ FAIL(c, dti, "property '%s' size (%d) is invalid, expected multiple of %zu in node %s", - irq_prop->name, irq_prop->val.len, sizeof(cell_t), - node->fullpath); - diff --git a/gnu/packages/patches/emacs-json-reformat-fix-tests.patch b/gnu/packages/patches/emacs-json-reformat-fix-tests.patch new file mode 100644 index 0000000000..977e50fc68 --- /dev/null +++ b/gnu/packages/patches/emacs-json-reformat-fix-tests.patch @@ -0,0 +1,32 @@ +Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com> + +This patch fixes tests for Emacs 25. + +Upstream bug URL: + +https://github.com/gongo/json-reformat/issues/33 + +diff --git a/test/json-reformat-test.el b/test/json-reformat-test.el +index 7de3be1..b4a4dde 100644 +--- a/test/json-reformat-test.el ++++ b/test/json-reformat-test.el +@@ -58,7 +58,7 @@ + (ert-deftest json-reformat-test:string-to-string () + (should (string= "\"foobar\"" (json-reformat:string-to-string "foobar"))) + (should (string= "\"fo\\\"o\\nbar\"" (json-reformat:string-to-string "fo\"o\nbar"))) +- (should (string= "\"\\u2661\"" (json-reformat:string-to-string "\u2661"))) ++ (should (string= "\"♡\"" (json-reformat:string-to-string "\u2661"))) + + (should (string= "\"^(amq\\\\.gen.*|amq\\\\.default)$\"" (json-reformat:string-to-string "^(amq\\.gen.*|amq\\.default)$"))) + ) +@@ -148,6 +148,6 @@ bar\"" (json-reformat:string-to-string "fo\"o\nbar"))) + [{ foo : \"bar\" }, { \"foo\" : \"baz\" }]") ;; At 3 (line) + (json-reformat-region (point-min) (point-max))) + (should (string= +- "JSON parse error [Reason] Bad string format: \"doesn't start with '\\\"'!\" [Position] In buffer, line 3 (char 6)" ++ "JSON parse error [Reason] Bad string format: \"doesn't start with \`\\\"'!\" [Position] In buffer, line 3 (char 6)" + message-string)) + ))) +-- +2.15.1 + diff --git a/gnu/packages/patches/libexif-CVE-2016-6328.patch b/gnu/packages/patches/libexif-CVE-2016-6328.patch new file mode 100644 index 0000000000..67fee0f528 --- /dev/null +++ b/gnu/packages/patches/libexif-CVE-2016-6328.patch @@ -0,0 +1,72 @@ +Fix CVE-2016-6328: + +https://bugzilla.redhat.com/show_bug.cgi?id=1366239 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328 + +Patch copied from upstream source repository: + +https://github.com/libexif/libexif/commit/41bd04234b104312f54d25822f68738ba8d7133d + +From 41bd04234b104312f54d25822f68738ba8d7133d Mon Sep 17 00:00:00 2001 +From: Marcus Meissner <marcus@jet.franken.de> +Date: Tue, 25 Jul 2017 23:44:44 +0200 +Subject: [PATCH] fixes some (not all) buffer overreads during decoding pentax + makernote entries. + +This should fix: +https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328 +--- + libexif/pentax/mnote-pentax-entry.c | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c +index d03d159..ea0429a 100644 +--- a/libexif/pentax/mnote-pentax-entry.c ++++ b/libexif/pentax/mnote-pentax-entry.c +@@ -425,24 +425,34 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry, + case EXIF_FORMAT_SHORT: + { + const unsigned char *data = entry->data; +- size_t k, len = strlen(val); ++ size_t k, len = strlen(val), sizeleft; ++ ++ sizeleft = entry->size; + for(k=0; k<entry->components; k++) { ++ if (sizeleft < 2) ++ break; + vs = exif_get_short (data, entry->order); + snprintf (val+len, maxlen-len, "%i ", vs); + len = strlen(val); + data += 2; ++ sizeleft -= 2; + } + } + break; + case EXIF_FORMAT_LONG: + { + const unsigned char *data = entry->data; +- size_t k, len = strlen(val); ++ size_t k, len = strlen(val), sizeleft; ++ ++ sizeleft = entry->size; + for(k=0; k<entry->components; k++) { ++ if (sizeleft < 4) ++ break; + vl = exif_get_long (data, entry->order); + snprintf (val+len, maxlen-len, "%li", (long int) vl); + len = strlen(val); + data += 4; ++ sizeleft -= 4; + } + } + break; +@@ -455,5 +465,5 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry, + break; + } + +- return (val); ++ return val; + } +-- +2.16.0 + diff --git a/gnu/packages/patches/lxterminal-CVE-2016-10369.patch b/gnu/packages/patches/lxterminal-CVE-2016-10369.patch deleted file mode 100644 index 809eef08da..0000000000 --- a/gnu/packages/patches/lxterminal-CVE-2016-10369.patch +++ /dev/null @@ -1,37 +0,0 @@ -Fix CVE-2016-10369: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10369 - -Patch copied from upstream source repository: - -https://git.lxde.org/gitweb/?p=lxde/lxterminal.git;a=commit;h=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648 - -From f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648 Mon Sep 17 00:00:00 2001 -From: Yao Wei <mwei@lxde.org> -Date: Mon, 8 May 2017 00:47:55 +0800 -Subject: [PATCH] fix: use g_get_user_runtime_dir for socket directory - -This bug is pointed out by stackexchange user that putting socket file in -/tmp is a potential risk. Putting the socket dir in user directory could -mitigate the risk. ---- - src/unixsocket.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/unixsocket.c b/src/unixsocket.c -index 4c660ac..f88284c 100644 ---- a/src/unixsocket.c -+++ b/src/unixsocket.c -@@ -140,7 +140,8 @@ gboolean lxterminal_socket_initialize(LXTermWindow * lxtermwin, gint argc, gchar - * This function returns TRUE if this process should keep running and FALSE if it should exit. */ - - /* Formulate the path for the Unix domain socket. */ -- gchar * socket_path = g_strdup_printf("/tmp/.lxterminal-socket%s-%s", gdk_display_get_name(gdk_display_get_default()), g_get_user_name()); -+ gchar * socket_path = g_strdup_printf("%s/.lxterminal-socket-%s", g_get_user_runtime_dir(), gdk_display_get_name(gdk_display_get_default())); -+ printf("%s\n", socket_path); - - /* Create socket. */ - int fd = socket(PF_UNIX, SOCK_STREAM, 0); --- -2.1.4 - diff --git a/gnu/packages/patches/ninja-zero-mtime.patch b/gnu/packages/patches/ninja-zero-mtime.patch deleted file mode 100644 index c9b9e8d798..0000000000 --- a/gnu/packages/patches/ninja-zero-mtime.patch +++ /dev/null @@ -1,19 +0,0 @@ -Work around a design defect in Ninja whereby a zero mtime is used to -denote missing files (we happen to produce files that have a zero mtime -and yet really do exist.) - ---- ninja-1.5.3/src/disk_interface.cc 2014-11-24 18:37:47.000000000 +0100 -+++ ninja-1.5.3/src/disk_interface.cc 2015-07-18 23:20:38.572290139 +0200 -@@ -194,6 +194,12 @@ TimeStamp RealDiskInterface::Stat(const - } - return -1; - } -+ -+ if (st.st_mtime == 0) -+ // All the code assumes that mtime == 0 means "file missing". Here we -+ // know the file is not missing, so tweak the mtime. -+ st.st_mtime = 1; -+ - return st.st_mtime; - #endif - } diff --git a/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch b/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch deleted file mode 100644 index 4092261f75..0000000000 --- a/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 49d83e24a8e66977056fc9920812265c16806500 Mon Sep 17 00:00:00 2001 -From: carolili <carolili@iki.fi> -Date: Thu, 9 Feb 2017 19:24:49 +0000 -Subject: [PATCH] Removing contribs - ---- - configure.ac | 22 ---------------------- - 1 file changed, 22 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 1cf1051..5d76b44 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -435,28 +435,6 @@ dnl All slurm Makefiles: - - AC_CONFIG_FILES([Makefile - auxdir/Makefile -- contribs/Makefile -- contribs/cray/Makefile -- contribs/cray/csm/Makefile -- contribs/lua/Makefile -- contribs/mic/Makefile -- contribs/pam/Makefile -- contribs/pam_slurm_adopt/Makefile -- contribs/perlapi/Makefile -- contribs/perlapi/libslurm/Makefile -- contribs/perlapi/libslurm/perl/Makefile.PL -- contribs/perlapi/libslurmdb/Makefile -- contribs/perlapi/libslurmdb/perl/Makefile.PL -- contribs/seff/Makefile -- contribs/torque/Makefile -- contribs/openlava/Makefile -- contribs/phpext/Makefile -- contribs/phpext/slurm_php/config.m4 -- contribs/sgather/Makefile -- contribs/sgi/Makefile -- contribs/sjobexit/Makefile -- contribs/slurmdb-direct/Makefile -- contribs/pmi2/Makefile - doc/Makefile - doc/man/Makefile - doc/man/man1/Makefile --- -2.11.0 - diff --git a/gnu/packages/patches/transmission-fix-dns-rebinding-vuln.patch b/gnu/packages/patches/transmission-fix-dns-rebinding-vuln.patch new file mode 100644 index 0000000000..a3a0cf1608 --- /dev/null +++ b/gnu/packages/patches/transmission-fix-dns-rebinding-vuln.patch @@ -0,0 +1,302 @@ +Fix a weakness that allows remote code execution via the Transmission +RPC server using DNS rebinding: + +https://bugs.chromium.org/p/project-zero/issues/detail?id=1447 + +Patch adapted from Tavis Ormandy's patch on the Transmission master +branch to the Transmission 2.92 release by Leo Famulari +<leo@famulari.name>: + +https://github.com/transmission/transmission/pull/468/commits + +From fe2d3c6e75088f3d9b6040ce06da3d530358bc2f Mon Sep 17 00:00:00 2001 +From: Tavis Ormandy <taviso@google.com> +Date: Thu, 11 Jan 2018 10:00:41 -0800 +Subject: [PATCH] mitigate dns rebinding attacks against daemon + +--- + libtransmission/quark.c | 2 + + libtransmission/quark.h | 2 + + libtransmission/rpc-server.c | 116 +++++++++++++++++++++++++++++++++++++---- + libtransmission/rpc-server.h | 4 ++ + libtransmission/session.c | 2 + + libtransmission/transmission.h | 1 + + libtransmission/web.c | 3 ++ + 7 files changed, 121 insertions(+), 9 deletions(-) + +diff --git a/libtransmission/quark.c b/libtransmission/quark.c +index 30cc2bca4..b4fd7aabd 100644 +--- a/libtransmission/quark.c ++++ b/libtransmission/quark.c +@@ -289,6 +289,8 @@ static const struct tr_key_struct my_static[] = + { "rpc-authentication-required", 27 }, + { "rpc-bind-address", 16 }, + { "rpc-enabled", 11 }, ++ { "rpc-host-whitelist", 18 }, ++ { "rpc-host-whitelist-enabled", 26 }, + { "rpc-password", 12 }, + { "rpc-port", 8 }, + { "rpc-url", 7 }, +diff --git a/libtransmission/quark.h b/libtransmission/quark.h +index 7f5212733..17464be8f 100644 +--- a/libtransmission/quark.h ++++ b/libtransmission/quark.h +@@ -291,6 +291,8 @@ enum + TR_KEY_rpc_authentication_required, + TR_KEY_rpc_bind_address, + TR_KEY_rpc_enabled, ++ TR_KEY_rpc_host_whitelist, ++ TR_KEY_rpc_host_whitelist_enabled, + TR_KEY_rpc_password, + TR_KEY_rpc_port, + TR_KEY_rpc_url, +diff --git a/libtransmission/rpc-server.c b/libtransmission/rpc-server.c +index a3485f3fa..292cd5fce 100644 +--- a/libtransmission/rpc-server.c ++++ b/libtransmission/rpc-server.c +@@ -52,6 +52,7 @@ struct tr_rpc_server + bool isEnabled; + bool isPasswordEnabled; + bool isWhitelistEnabled; ++ bool isHostWhitelistEnabled; + tr_port port; + char * url; + struct in_addr bindAddress; +@@ -63,6 +64,7 @@ struct tr_rpc_server + char * password; + char * whitelistStr; + tr_list * whitelist; ++ tr_list * hostWhitelist; + + char * sessionId; + time_t sessionIdExpiresAt; +@@ -588,6 +590,49 @@ isAddressAllowed (const tr_rpc_server * server, const char * address) + return false; + } + ++static bool isHostnameAllowed(tr_rpc_server const* server, struct evhttp_request* req) ++{ ++ /* If password auth is enabled, any hostname is permitted. */ ++ if (server->isPasswordEnabled) ++ { ++ return true; ++ } ++ ++ char const* const host = evhttp_find_header(req->input_headers, "Host"); ++ ++ // If whitelist is disabled, no restrictions. ++ if (!server->isHostWhitelistEnabled) ++ return true; ++ ++ /* No host header, invalid request. */ ++ if (host == NULL) ++ { ++ return false; ++ } ++ ++ /* Host header might include the port. */ ++ char* const hostname = tr_strndup(host, strcspn(host, ":")); ++ ++ /* localhost or ipaddress is always acceptable. */ ++ if (strcmp(hostname, "localhost") == 0 || strcmp(hostname, "localhost.") == 0 || tr_addressIsIP(hostname)) ++ { ++ tr_free(hostname); ++ return true; ++ } ++ ++ /* Otherwise, hostname must be whitelisted. */ ++ for (tr_list* l = server->hostWhitelist; l != NULL; l = l->next) { ++ if (tr_wildmat(hostname, l->data)) ++ { ++ tr_free(hostname); ++ return true; ++ } ++ } ++ ++ tr_free(hostname); ++ return false; ++} ++ + static bool + test_session_id (struct tr_rpc_server * server, struct evhttp_request * req) + { +@@ -663,6 +708,23 @@ handle_request (struct evhttp_request * req, void * arg) + handle_upload (req, server); + } + #ifdef REQUIRE_SESSION_ID ++ else if (!isHostnameAllowed(server, req)) ++ { ++ char* tmp = tr_strdup_printf( ++ "<p>Transmission received your request, but the hostname was unrecognized.</p>" ++ "<p>To fix this, choose one of the following options:" ++ "<ul>" ++ "<li>Enable password authentication, then any hostname is allowed.</li>" ++ "<li>Add the hostname you want to use to the whitelist in settings.</li>" ++ "</ul></p>" ++ "<p>If you're editing settings.json, see the 'rpc-host-whitelist' and 'rpc-host-whitelist-enabled' entries.</p>" ++ "<p>This requirement has been added to help prevent " ++ "<a href=\"https://en.wikipedia.org/wiki/DNS_rebinding\">DNS Rebinding</a> " ++ "attacks.</p>"); ++ send_simple_response(req, 421, tmp); ++ tr_free(tmp); ++ } ++ + else if (!test_session_id (server, req)) + { + const char * sessionId = get_current_session_id (server); +@@ -674,7 +736,7 @@ handle_request (struct evhttp_request * req, void * arg) + "<li> When you get this 409 error message, resend your request with the updated header" + "</ol></p>" + "<p>This requirement has been added to help prevent " +- "<a href=\"http://en.wikipedia.org/wiki/Cross-site_request_forgery\">CSRF</a> " ++ "<a href=\"https://en.wikipedia.org/wiki/Cross-site_request_forgery\">CSRF</a> " + "attacks.</p>" + "<p><code>%s: %s</code></p>", + TR_RPC_SESSION_ID_HEADER, sessionId); +@@ -875,19 +937,14 @@ tr_rpcGetUrl (const tr_rpc_server * server) + return server->url ? server->url : ""; + } + +-void +-tr_rpcSetWhitelist (tr_rpc_server * server, const char * whitelistStr) ++static void ++tr_rpcSetList (char const* whitelistStr, tr_list** list) + { + void * tmp; + const char * walk; + +- /* keep the string */ +- tmp = server->whitelistStr; +- server->whitelistStr = tr_strdup (whitelistStr); +- tr_free (tmp); +- + /* clear out the old whitelist entries */ +- while ((tmp = tr_list_pop_front (&server->whitelist))) ++ while ((tmp = tr_list_pop_front (list)) != NULL) + tr_free (tmp); + + /* build the new whitelist entries */ +@@ -896,7 +953,7 @@ tr_rpcSetWhitelist (tr_rpc_server * server, const char * whitelistStr) + const char * delimiters = " ,;"; + const size_t len = strcspn (walk, delimiters); + char * token = tr_strndup (walk, len); +- tr_list_append (&server->whitelist, token); ++ tr_list_append (list, token); + if (strcspn (token, "+-") < len) + tr_logAddNamedInfo (MY_NAME, "Adding address to whitelist: %s (And it has a '+' or '-'! Are you using an old ACL by mistake?)", token); + else +@@ -909,6 +966,21 @@ tr_rpcSetWhitelist (tr_rpc_server * server, const char * whitelistStr) + } + } + ++void tr_rpcSetHostWhitelist(tr_rpc_server* server, char const* whitelistStr) ++{ ++ tr_rpcSetList(whitelistStr, &server->hostWhitelist); ++} ++ ++void tr_rpcSetWhitelist(tr_rpc_server* server, char const* whitelistStr) ++{ ++ /* keep the string */ ++ char* const tmp = server->whitelistStr; ++ server->whitelistStr = tr_strdup(whitelistStr); ++ tr_free(tmp); ++ ++ tr_rpcSetList(whitelistStr, &server->whitelist); ++} ++ + const char* + tr_rpcGetWhitelist (const tr_rpc_server * server) + { +@@ -930,6 +1002,11 @@ tr_rpcGetWhitelistEnabled (const tr_rpc_server * server) + return server->isWhitelistEnabled; + } + ++void tr_rpcSetHostWhitelistEnabled(tr_rpc_server* server, bool isEnabled) ++{ ++ server->isHostWhitelistEnabled = isEnabled; ++} ++ + /**** + ***** PASSWORD + ****/ +@@ -1063,6 +1140,28 @@ tr_rpcInit (tr_session * session, tr_variant * settings) + else + tr_rpcSetWhitelistEnabled (s, boolVal); + ++ key = TR_KEY_rpc_host_whitelist_enabled; ++ ++ if (!tr_variantDictFindBool(settings, key, &boolVal)) ++ { ++ missing_settings_key(key); ++ } ++ else ++ { ++ tr_rpcSetHostWhitelistEnabled(s, boolVal); ++ } ++ ++ key = TR_KEY_rpc_host_whitelist; ++ ++ if (!tr_variantDictFindStr(settings, key, &str, NULL) && str != NULL) ++ { ++ missing_settings_key(key); ++ } ++ else ++ { ++ tr_rpcSetHostWhitelist(s, str); ++ } ++ + key = TR_KEY_rpc_authentication_required; + if (!tr_variantDictFindBool (settings, key, &boolVal)) + missing_settings_key (key); +diff --git a/libtransmission/rpc-server.h b/libtransmission/rpc-server.h +index e0302c5ea..8c9e6b24e 100644 +--- a/libtransmission/rpc-server.h ++++ b/libtransmission/rpc-server.h +@@ -49,6 +49,10 @@ void tr_rpcSetWhitelist (tr_rpc_server * server, + + const char* tr_rpcGetWhitelist (const tr_rpc_server * server); + ++void tr_rpcSetHostWhitelistEnabled(tr_rpc_server* server, bool isEnabled); ++ ++void tr_rpcSetHostWhitelist(tr_rpc_server* server, char const* whitelist); ++ + void tr_rpcSetPassword (tr_rpc_server * server, + const char * password); + +diff --git a/libtransmission/session.c b/libtransmission/session.c +index 844cadba8..58b717913 100644 +--- a/libtransmission/session.c ++++ b/libtransmission/session.c +@@ -359,6 +359,8 @@ tr_sessionGetDefaultSettings (tr_variant * d) + tr_variantDictAddStr (d, TR_KEY_rpc_username, ""); + tr_variantDictAddStr (d, TR_KEY_rpc_whitelist, TR_DEFAULT_RPC_WHITELIST); + tr_variantDictAddBool (d, TR_KEY_rpc_whitelist_enabled, true); ++ tr_variantDictAddStr(d, TR_KEY_rpc_host_whitelist, TR_DEFAULT_RPC_HOST_WHITELIST); ++ tr_variantDictAddBool(d, TR_KEY_rpc_host_whitelist_enabled, true); + tr_variantDictAddInt (d, TR_KEY_rpc_port, atoi (TR_DEFAULT_RPC_PORT_STR)); + tr_variantDictAddStr (d, TR_KEY_rpc_url, TR_DEFAULT_RPC_URL_STR); + tr_variantDictAddBool (d, TR_KEY_scrape_paused_torrents_enabled, true); +diff --git a/libtransmission/transmission.h b/libtransmission/transmission.h +index 4f76adfd6..e213a8f4e 100644 +--- a/libtransmission/transmission.h ++++ b/libtransmission/transmission.h +@@ -123,6 +123,7 @@ const char* tr_getDefaultDownloadDir (void); + #define TR_DEFAULT_BIND_ADDRESS_IPV4 "0.0.0.0" + #define TR_DEFAULT_BIND_ADDRESS_IPV6 "::" + #define TR_DEFAULT_RPC_WHITELIST "127.0.0.1" ++#define TR_DEFAULT_RPC_HOST_WHITELIST "" + #define TR_DEFAULT_RPC_PORT_STR "9091" + #define TR_DEFAULT_RPC_URL_STR "/transmission/" + #define TR_DEFAULT_PEER_PORT_STR "51413" +diff --git a/libtransmission/web.c b/libtransmission/web.c +index ee495e9fc..c7f062730 100644 +--- a/libtransmission/web.c ++++ b/libtransmission/web.c +@@ -594,6 +594,7 @@ tr_webGetResponseStr (long code) + case 415: return "Unsupported Media Type"; + case 416: return "Requested Range Not Satisfiable"; + case 417: return "Expectation Failed"; ++ case 421: return "Misdirected Request"; + case 500: return "Internal Server Error"; + case 501: return "Not Implemented"; + case 502: return "Bad Gateway"; diff --git a/gnu/packages/patches/webkitgtk-mitigate-spectre.patch b/gnu/packages/patches/webkitgtk-mitigate-spectre.patch deleted file mode 100644 index 3d983ede66..0000000000 --- a/gnu/packages/patches/webkitgtk-mitigate-spectre.patch +++ /dev/null @@ -1,107 +0,0 @@ -Disable SharedArrayBuffers to mitigate Spectre. Based on: - - https://trac.webkit.org/changeset/226386/webkit - -Backported to webkitgtk-2.18.4 by Mark H Weaver <mhw@netris.org> - - ---- webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.h.orig 2017-12-19 02:23:07.000000000 -0500 -+++ webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.h 2018-01-06 19:28:55.985066986 -0500 -@@ -338,8 +338,10 @@ - WriteBarrier<Structure> m_moduleLoaderStructure; - WriteBarrier<JSArrayBufferPrototype> m_arrayBufferPrototype; - WriteBarrier<Structure> m_arrayBufferStructure; -+#if ENABLE(SHARED_ARRAY_BUFFER) - WriteBarrier<JSArrayBufferPrototype> m_sharedArrayBufferPrototype; - WriteBarrier<Structure> m_sharedArrayBufferStructure; -+#endif - - #define DEFINE_STORAGE_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \ - WriteBarrier<capitalName ## Prototype> m_ ## lowerName ## Prototype; \ -@@ -670,8 +672,13 @@ - switch (sharingMode) { - case ArrayBufferSharingMode::Default: - return m_arrayBufferPrototype.get(); -+#if ENABLE(SHARED_ARRAY_BUFFER) - case ArrayBufferSharingMode::Shared: - return m_sharedArrayBufferPrototype.get(); -+#else -+ default: -+ return m_arrayBufferPrototype.get(); -+#endif - } - } - Structure* arrayBufferStructure(ArrayBufferSharingMode sharingMode) const -@@ -679,8 +686,13 @@ - switch (sharingMode) { - case ArrayBufferSharingMode::Default: - return m_arrayBufferStructure.get(); -+#if ENABLE(SHARED_ARRAY_BUFFER) - case ArrayBufferSharingMode::Shared: - return m_sharedArrayBufferStructure.get(); -+#else -+ default: -+ return m_arrayBufferStructure.get(); -+#endif - } - RELEASE_ASSERT_NOT_REACHED(); - return nullptr; ---- webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.cpp.orig 2017-12-19 02:23:07.000000000 -0500 -+++ webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.cpp 2018-01-06 19:27:16.628574304 -0500 -@@ -574,8 +574,10 @@ - - m_arrayBufferPrototype.set(vm, this, JSArrayBufferPrototype::create(vm, this, JSArrayBufferPrototype::createStructure(vm, this, m_objectPrototype.get()), ArrayBufferSharingMode::Default)); - m_arrayBufferStructure.set(vm, this, JSArrayBuffer::createStructure(vm, this, m_arrayBufferPrototype.get())); -+#if ENABLE(SHARED_ARRAY_BUFFER) - m_sharedArrayBufferPrototype.set(vm, this, JSArrayBufferPrototype::create(vm, this, JSArrayBufferPrototype::createStructure(vm, this, m_objectPrototype.get()), ArrayBufferSharingMode::Shared)); - m_sharedArrayBufferStructure.set(vm, this, JSArrayBuffer::createStructure(vm, this, m_sharedArrayBufferPrototype.get())); -+#endif - - m_iteratorPrototype.set(vm, this, IteratorPrototype::create(vm, this, IteratorPrototype::createStructure(vm, this, m_objectPrototype.get()))); - m_generatorPrototype.set(vm, this, GeneratorPrototype::create(vm, this, GeneratorPrototype::createStructure(vm, this, m_iteratorPrototype.get()))); -@@ -620,10 +622,11 @@ - - JSArrayBufferConstructor* arrayBufferConstructor = JSArrayBufferConstructor::create(vm, JSArrayBufferConstructor::createStructure(vm, this, m_functionPrototype.get()), m_arrayBufferPrototype.get(), m_speciesGetterSetter.get(), ArrayBufferSharingMode::Default); - m_arrayBufferPrototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, arrayBufferConstructor, DontEnum); -+#if ENABLE(SHARED_ARRAY_BUFFER) - JSArrayBufferConstructor* sharedArrayBufferConstructor = nullptr; - sharedArrayBufferConstructor = JSArrayBufferConstructor::create(vm, JSArrayBufferConstructor::createStructure(vm, this, m_functionPrototype.get()), m_sharedArrayBufferPrototype.get(), m_speciesGetterSetter.get(), ArrayBufferSharingMode::Shared); - m_sharedArrayBufferPrototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, sharedArrayBufferConstructor, DontEnum); -- -+#endif - #define CREATE_CONSTRUCTOR_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \ - capitalName ## Constructor* lowerName ## Constructor = capitalName ## Constructor::create(vm, capitalName ## Constructor::createStructure(vm, this, m_functionPrototype.get()), m_ ## lowerName ## Prototype.get(), m_speciesGetterSetter.get()); \ - m_ ## lowerName ## Prototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, lowerName ## Constructor, DontEnum); \ -@@ -686,7 +689,9 @@ - putDirectWithoutTransition(vm, vm.propertyNames->builtinNames().ArrayPrivateName(), arrayConstructor, DontEnum | DontDelete | ReadOnly); - - putDirectWithoutTransition(vm, vm.propertyNames->ArrayBuffer, arrayBufferConstructor, DontEnum); -+#if ENABLE(SHARED_ARRAY_BUFFER) - putDirectWithoutTransition(vm, vm.propertyNames->SharedArrayBuffer, sharedArrayBufferConstructor, DontEnum); -+#endif - - #define PUT_CONSTRUCTOR_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \ - putDirectWithoutTransition(vm, vm.propertyNames-> jsName, lowerName ## Constructor, DontEnum); \ -@@ -1288,8 +1293,10 @@ - - visitor.append(thisObject->m_arrayBufferPrototype); - visitor.append(thisObject->m_arrayBufferStructure); -+#if ENABLE(SHARED_ARRAY_BUFFER) - visitor.append(thisObject->m_sharedArrayBufferPrototype); - visitor.append(thisObject->m_sharedArrayBufferStructure); -+#endif - - #define VISIT_SIMPLE_TYPE(CapitalName, lowerName, properName, instanceType, jsName, prototypeBase) \ - visitor.append(thisObject->m_ ## lowerName ## Prototype); \ ---- webkitgtk-2.18.4/Source/WTF/wtf/Platform.h.orig 2017-10-16 08:18:56.000000000 -0400 -+++ webkitgtk-2.18.4/Source/WTF/wtf/Platform.h 2018-01-06 19:29:52.897349199 -0500 -@@ -1190,6 +1190,9 @@ - #define HAVE_NS_ACTIVITY 1 - #endif - -+/* Disable SharedArrayBuffers until Spectre security concerns are mitigated. */ -+#define ENABLE_SHARED_ARRAY_BUFFER 0 -+ - #if (OS(DARWIN) && USE(CG)) || (USE(FREETYPE) && !PLATFORM(GTK)) || (PLATFORM(WIN) && (USE(CG) || USE(CAIRO))) - #undef ENABLE_OPENTYPE_MATH - #define ENABLE_OPENTYPE_MATH 1 |