Merge branch 'master' into core-updates

5 files changed, 233 insertions, 195 deletions

diff --git a/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch b/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch
deleted file mode 100644
index 79bb41caaa..0000000000
--- a/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-This fixes a segfault on 32-bit architectures. Upstream discussion:
-
-https://lists.gnupg.org/pipermail/gnupg-devel/2016-December/032364.html
-
-Guix thread: https://lists.gnu.org/archive/html/guix-devel/2016-12/msg00631.html
-
-Patch copied from upstream source repository:
-
-https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=6e96cdd41a0e55b672309431062f37c4a4a9f485
-
-From 6e96cdd41a0e55b672309431062f37c4a4a9f485 Mon Sep 17 00:00:00 2001
-From: Justus Winter <justus@g10code.com>
-Date: Wed, 21 Dec 2016 16:14:45 +0100
-Subject: [PATCH] gpgscm: Guard use of union member.
-
-* tests/gpgscm/scheme.c (opexe_5): Check that we have a file port
-before accessing filename.  Fixes a crash on 32-bit architectures.
-
-Fixes-commit: e7429b1ced0c69fa7901f888f8dc25f00fc346a4
-Signed-off-by: Justus Winter <justus@g10code.com>
----
- tests/gpgscm/scheme.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c
-index a5b7691..2844545 100644
---- a/tests/gpgscm/scheme.c
-+++ b/tests/gpgscm/scheme.c
-@@ -4838,7 +4838,7 @@ static pointer opexe_5(scheme *sc, enum scheme_opcodes op) {
-                } else {
-                     sc->nesting_stack[sc->file_i]++;
- #if USE_TAGS && SHOW_ERROR_LINE
--		    {
-+		    if (sc->load_stack[sc->file_i].kind & port_file) {
- 		      const char *filename =
- 			sc->load_stack[sc->file_i].rep.stdio.filename;
- 		      int lineno =
--- 
-2.8.0.rc3
-
diff --git a/gnu/packages/patches/khal-disable-failing-tests.patch b/gnu/packages/patches/khal-disable-failing-tests.patch
deleted file mode 100644
index e2c65df8ce..0000000000
--- a/gnu/packages/patches/khal-disable-failing-tests.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-Disable some tests that are known to fail:
-
-https://github.com/pimutils/khal/issues/546
-https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844081
-
-diff --git a/tests/khalendar_test.py b/tests/khalendar_test.py
-index fd8dcc6..17732bf 100644
---- a/tests/khalendar_test.py
-+++ b/tests/khalendar_test.py
-@@ -65,6 +65,7 @@ class TestCalendar(object):
-                 else:
-                     mtimes[cal] = mtime
- 
-+    @pytest.mark.xfail
-     def test_db_needs_update(self, coll_vdirs):
-         coll, vdirs = coll_vdirs
- 
-@@ -321,6 +322,7 @@ class TestDbCreation(object):
-             CalendarCollection(calendars, dbpath=dbpath, locale=aux.locale)
- 
- 
-+@pytest.mark.xfail
- def test_default_calendar(coll_vdirs):
-     """test if an update to the vdir is detected by the CalendarCollection"""
-     coll, vdirs = coll_vdirs
-@@ -341,6 +343,7 @@ def test_default_calendar(coll_vdirs):
-     assert len(list(coll.get_events_on(today))) == 0
- 
- 
-+@pytest.mark.xfail
- def test_only_update_old_event(coll_vdirs, monkeypatch):
-     coll, vdirs = coll_vdirs
- 
diff --git a/gnu/packages/patches/libupnp-CVE-2016-6255.patch b/gnu/packages/patches/libupnp-CVE-2016-6255.patch
deleted file mode 100644
index c9a3fa284c..0000000000
--- a/gnu/packages/patches/libupnp-CVE-2016-6255.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-Fix CVE-2016-6255:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6255
-http://www.openwall.com/lists/oss-security/2016/07/18/13
-
-Patch adapted from upstream commit:
-
-https://github.com/mrjimenez/pupnp/commit/d64d6a44906b5aa5306bdf1708531d698654dda5
-
-The upstream change is simplified to unconditionally disable the HTTP
-POST feature.
-
-From d64d6a44906b5aa5306bdf1708531d698654dda5 Mon Sep 17 00:00:00 2001
-From: Matthew Garrett <mjg59@srcf.ucam.org>
-Date: Tue, 23 Feb 2016 13:53:20 -0800
-Subject: [PATCH] Don't allow unhandled POSTs to write to the filesystem by
- default
-
-If there's no registered handler for a POST request, the default behaviour
-is to write it to the filesystem. Several million deployed devices appear
-to have this behaviour, making it possible to (at least) store arbitrary
-data on them. Add a configure option that enables this behaviour, and change
-the default to just drop POSTs that aren't directly handled.
-
-Signed-off-by: Marcelo Roberto Jimenez <mroberto@users.sourceforge.net>
-(cherry picked from commit c91a8a3903367e1163765b73eb4d43be7d7927fa)
----
- configure.ac                         | 9 +++++++++
- upnp/inc/upnpconfig.h.in             | 9 +++++++++
- upnp/src/genlib/net/http/webserver.c | 4 ++++
- 3 files changed, 22 insertions(+)
-
-diff --git a/upnp/src/genlib/net/http/webserver.c b/upnp/src/genlib/net/http/webserver.c
-index 26bf0f7..7ae8c1e 100644
---- a/upnp/src/genlib/net/http/webserver.c
-+++ b/upnp/src/genlib/net/http/webserver.c
-@@ -1367,9 +1367,13 @@ static int http_RecvPostMessage(
- 		if (Fp == NULL)
- 			return HTTP_INTERNAL_SERVER_ERROR;
- 	} else {
-+#if 0
- 		Fp = fopen(filename, "wb");
- 		if (Fp == NULL)
- 			return HTTP_UNAUTHORIZED;
-+#else
-+		return HTTP_NOT_FOUND;
-+#endif
- 	}
- 	parser->position = POS_ENTITY;
- 	do {
diff --git a/gnu/packages/patches/libupnp-CVE-2016-8863.patch b/gnu/packages/patches/libupnp-CVE-2016-8863.patch
deleted file mode 100644
index 9978b39487..0000000000
--- a/gnu/packages/patches/libupnp-CVE-2016-8863.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-Fix CVE-2016-8863:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8863
-https://sourceforge.net/p/pupnp/bugs/133/
-
-Patch copied from upstream source repository:
-
-https://sourceforge.net/p/pupnp/code/ci/9c099c2923ab4d98530ab5204af1738be5bddba7/
-
-From 9c099c2923ab4d98530ab5204af1738be5bddba7 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= <ukleinek@debian.org>
-Date: Thu, 8 Dec 2016 17:11:53 +0100
-Subject: [PATCH] Fix out-of-bound access in create_url_list() (CVE-2016-8863)
-
-If there is an invalid URL in URLS->buf after a valid one, uri_parse is
-called with out pointing after the allocated memory. As uri_parse writes
-to *out before returning an error the loop in create_url_list must be
-stopped early to prevent an out-of-bound access
-
-Bug: https://sourceforge.net/p/pupnp/bugs/133/
-Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8863
-Bug-Debian: https://bugs.debian.org/842093
-Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=1388771
-(cherry picked from commit a0f6e719bc03c4d2fe6a4a42ef6b8761446f520b)
----
- upnp/src/gena/gena_device.c | 17 ++++++++++++-----
- 1 file changed, 12 insertions(+), 5 deletions(-)
-
-diff --git a/upnp/src/gena/gena_device.c b/upnp/src/gena/gena_device.c
-index fb04a29..245c56b 100644
---- a/upnp/src/gena/gena_device.c
-+++ b/upnp/src/gena/gena_device.c
-@@ -1113,7 +1113,7 @@ static int create_url_list(
- 	/*! [out] . */
- 	URL_list *out)
- {
--    size_t URLcount = 0;
-+    size_t URLcount = 0, URLcount2 = 0;
-     size_t i;
-     int return_code = 0;
-     uri_type temp;
-@@ -1155,16 +1155,23 @@ static int create_url_list(
-         }
-         memcpy( out->URLs, URLS->buff, URLS->size );
-         out->URLs[URLS->size] = 0;
--        URLcount = 0;
-         for( i = 0; i < URLS->size; i++ ) {
-             if( ( URLS->buff[i] == '<' ) && ( i + 1 < URLS->size ) ) {
-                 if( ( ( return_code =
-                         parse_uri( &out->URLs[i + 1], URLS->size - i + 1,
--                                   &out->parsedURLs[URLcount] ) ) ==
-+                                   &out->parsedURLs[URLcount2] ) ) ==
-                       HTTP_SUCCESS )
--                    && ( out->parsedURLs[URLcount].hostport.text.size !=
-+                    && ( out->parsedURLs[URLcount2].hostport.text.size !=
-                          0 ) ) {
--                    URLcount++;
-+                    URLcount2++;
-+                    if (URLcount2 >= URLcount)
-+                        /*
-+                         * break early here in case there is a bogus URL that
-+                         * was skipped above. This prevents to access
-+                         * out->parsedURLs[URLcount] which is beyond the
-+                         * allocation.
-+                         */
-+                        break;
-                 } else {
-                     if( return_code == UPNP_E_OUTOF_MEMORY ) {
-                         free( out->URLs );
--- 
-2.11.0
-
diff --git a/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch b/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch
new file mode 100644
index 0000000000..545b5d0a71
--- /dev/null
+++ b/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch
@@ -0,0 +1,233 @@
+Fix CVE-2016-9572 and CVE-2016-9573:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9572
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9573
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9573
+
+Patch copied from 3rd-party repository:
+
+https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d
+
+From 7b28bd2b723df6be09fe7791eba33147c1c47d0d Mon Sep 17 00:00:00 2001
+From: szukw000 <szukw000@arcor.de>
+Date: Mon, 28 Nov 2016 21:57:20 +0100
+Subject: [PATCH] Changes for issues #863 and #862
+
+---
+ src/bin/jp2/convert.c        | 59 +++++++++++++++++++++++++++++++++++++++-----
+ src/bin/jp2/convertbmp.c     | 29 +++++++++++++++++++++-
+ src/bin/jp2/opj_decompress.c |  2 +-
+ src/lib/openjp2/j2k.c        | 11 ++++++---
+ 4 files changed, 90 insertions(+), 11 deletions(-)
+
+diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c
+index deee4f6..6a3f65b 100644
+--- a/src/bin/jp2/convert.c
++++ b/src/bin/jp2/convert.c
+@@ -906,7 +906,8 @@ int imagetotga(opj_image_t * image, const char *outfile) {
+     for (i = 0; i < image->numcomps-1; i++)	{
+         if ((image->comps[0].dx != image->comps[i+1].dx)
+                 ||(image->comps[0].dy != image->comps[i+1].dy)
+-                ||(image->comps[0].prec != image->comps[i+1].prec))	{
++                ||(image->comps[0].prec != image->comps[i+1].prec)
++				||(image->comps[0].sgnd != image->comps[i+1].sgnd))	{
+             fclose(fdest);
+             fprintf(stderr, "Unable to create a tga file with such J2K image charateristics.");
+             return 1;
+@@ -1743,7 +1744,7 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split)
+     int *red, *green, *blue, *alpha;
+     int wr, hr, max;
+     int i;
+-    unsigned int compno, ncomp;
++    unsigned int compno, ncomp, ui;
+     int adjustR, adjustG, adjustB, adjustA;
+     int fails, two, want_gray, has_alpha, triple;
+     int prec, v;
+@@ -1768,6 +1769,27 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split)
+ 
+     if(want_gray) ncomp = 1;
+ 
++    for (ui = 1; ui < ncomp; ++ui) {
++        if (image->comps[0].dx != image->comps[ui].dx) {
++            break;
++        }
++        if (image->comps[0].dy != image->comps[ui].dy) {
++            break;
++        }
++        if (image->comps[0].prec != image->comps[ui].prec) {
++            break;
++        }
++        if (image->comps[0].sgnd != image->comps[ui].sgnd) {
++            break;
++        }
++    }
++    if (ui != ncomp) {
++        fprintf(stderr,"imagetopnm: All components\n    shall have "
++         "the same subsampling, same bit depth, same sign.\n"
++         "    Aborting\n");
++        return 1;
++    }
++
+     if ((force_split == 0) &&
+ 				(ncomp == 2 /* GRAYA */
+             || (ncomp > 2 /* RGB, RGBA */
+@@ -2126,7 +2148,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
+ {
+     FILE *rawFile = NULL;
+     size_t res;
+-    unsigned int compno;
++    unsigned int compno, numcomps;
+     int w, h, fails;
+     int line, row, curr, mask;
+     int *ptr;
+@@ -2139,6 +2161,31 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
+         return 1;
+     }
+ 
++    numcomps = image->numcomps;
++
++    if (numcomps > 4) {
++        numcomps = 4;
++    }
++    for (compno = 1; compno < numcomps; ++compno) {
++        if (image->comps[0].dx != image->comps[compno].dx) {
++            break;
++        }
++        if (image->comps[0].dy != image->comps[compno].dy) {
++            break;
++        }
++        if (image->comps[0].prec != image->comps[compno].prec) {
++            break;
++        }
++        if (image->comps[0].sgnd != image->comps[compno].sgnd) {
++            break;
++        }
++    }
++    if (compno != numcomps) {
++        fprintf(stderr,"imagetoraw_common: All components shall have the same subsampling, same bit depth, same sign.\n");
++        fprintf(stderr,"\tAborting\n");
++        return 1;
++    }
++
+     rawFile = fopen(outfile, "wb");
+     if (!rawFile) {
+         fprintf(stderr, "Failed to open %s for writing !!\n", outfile);
+@@ -2146,9 +2193,9 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
+     }
+ 
+     fails = 1;
+-    fprintf(stdout,"Raw image characteristics: %d components\n", image->numcomps);
++    fprintf(stdout,"Raw image characteristics: %d components\n", numcomps);
+ 
+-    for(compno = 0; compno < image->numcomps; compno++)
++    for(compno = 0; compno < numcomps; compno++)
+     {
+         fprintf(stdout,"Component %u characteristics: %dx%dx%d %s\n", compno, image->comps[compno].w,
+                 image->comps[compno].h, image->comps[compno].prec, image->comps[compno].sgnd==1 ? "signed": "unsigned");
+@@ -2238,7 +2285,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
+         }
+         else if (image->comps[compno].prec <= 32)
+         {
+-            fprintf(stderr,"More than 16 bits per component no handled yet\n");
++            fprintf(stderr,"More than 16 bits per component not handled yet\n");
+             goto fin;
+         }
+         else
+diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c
+index ae83077..8017ba8 100644
+--- a/src/bin/jp2/convertbmp.c
++++ b/src/bin/jp2/convertbmp.c
+@@ -806,8 +806,35 @@ int imagetobmp(opj_image_t * image, const char *outfile) {
+     FILE *fdest = NULL;
+     int adjustR, adjustG, adjustB;
+ 
++   {
++    unsigned int ui, ncomp = image->numcomps;
++
++    if (ncomp > 4) { /* RGBA in bmpmask32toimage */
++        ncomp = 4;
++    }
++    for (ui = 1; ui < ncomp; ++ui) {
++        if (image->comps[0].dx != image->comps[ui].dx) {
++            break;
++        }
++        if (image->comps[0].dy != image->comps[ui].dy) {
++            break;
++        }
++        if (image->comps[0].prec != image->comps[ui].prec) {
++            break;
++        }
++        if (image->comps[0].sgnd != image->comps[ui].sgnd) {
++            break;
++        }
++    }
++    if (ui != ncomp) {
++        fprintf(stderr,"imagetobmp: All components shall have the same subsampling, same bit depth, same sign.\n");
++        fprintf(stderr,"\tAborting\n");
++        return 1;
++    }
++
++   }
+     if (image->comps[0].prec < 8) {
+-        fprintf(stderr, "Unsupported number of components: %d\n", image->comps[0].prec);
++        fprintf(stderr, "imagetobmp: Unsupported precision: %d\n", image->comps[0].prec);
+         return 1;
+     }
+     if (image->numcomps >= 3 && image->comps[0].dx == image->comps[1].dx
+diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c
+index 83160c3..c30079b 100644
+--- a/src/bin/jp2/opj_decompress.c
++++ b/src/bin/jp2/opj_decompress.c
+@@ -1607,7 +1607,7 @@ int main(int argc, char **argv)
+ 		if(dirptr->filename_buf) free(dirptr->filename_buf);
+ 		free(dirptr);
+ 	}
+-	if (numDecompressedImages) {
++	if (numDecompressedImages && !failed) {
+ 		fprintf(stdout, "decode time: %d ms\n", (int)( (tCumulative * 1000.0) / (OPJ_FLOAT64)numDecompressedImages));
+ 	}
+ 	return failed ? EXIT_FAILURE : EXIT_SUCCESS;
+diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
+index 66802bb..b6daa32 100644
+--- a/src/lib/openjp2/j2k.c
++++ b/src/lib/openjp2/j2k.c
+@@ -2158,7 +2158,7 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
+                                   i, l_img_comp->dx, l_img_comp->dy);
+                     return OPJ_FALSE;
+                 }
+-                if( l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */
++                if( l_img_comp->prec < 1 || l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */
+                     opj_event_msg(p_manager, EVT_ERROR,
+                                   "Invalid values for comp = %d : prec=%u (should be between 1 and 38 according to the JPEG2000 norm)\n",
+                                   i, l_img_comp->prec);
+@@ -10029,7 +10029,11 @@ OPJ_BOOL opj_j2k_decode(opj_j2k_t * p_j2k,
+         /* Move data and copy one information from codec to output image*/
+         for (compno = 0; compno < p_image->numcomps; compno++) {
+                 p_image->comps[compno].resno_decoded = p_j2k->m_output_image->comps[compno].resno_decoded;
+-                p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data;
++		p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data;
++
++		if(p_image->comps[compno].data == NULL) return OPJ_FALSE;
++
++                p_j2k->m_output_image->comps[compno].data = NULL;
+ #if 0
+                 char fn[256];
+                 sprintf( fn, "/tmp/%d.raw", compno );
+@@ -10037,7 +10041,6 @@ OPJ_BOOL opj_j2k_decode(opj_j2k_t * p_j2k,
+                 fwrite( p_image->comps[compno].data, sizeof(OPJ_INT32), p_image->comps[compno].w * p_image->comps[compno].h, debug );
+                 fclose( debug );
+ #endif
+-                p_j2k->m_output_image->comps[compno].data = NULL;
+         }
+ 
+         return OPJ_TRUE;
+@@ -10131,6 +10134,8 @@ OPJ_BOOL opj_j2k_get_tile(      opj_j2k_t *p_j2k,
+ 
+                 p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data;
+ 
++				if (p_image->comps[compno].data == NULL) return OPJ_FALSE;
++
+                 p_j2k->m_output_image->comps[compno].data = NULL;
+         }
+