summary refs log tree commit diff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2017-02-10 17:40:25 +0100
committerLudovic Courtès <ludo@gnu.org>2017-02-10 17:40:25 +0100
commit768f0ac9dd9993827430d62d0f72a5020f476892 (patch)
tree600f7ca7cedb221147edfc92356e11bc6c56f311 /gnu/packages/patches
parent955ba55c6bf3a22264b56274ec22cad1551c1ce6 (diff)
parent49dbae548e92e0521ae125239282a04d8ea924cf (diff)
downloadguix-768f0ac9dd9993827430d62d0f72a5020f476892.tar.gz
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch32
-rw-r--r--gnu/packages/patches/libvpx-CVE-2016-2818.patch21
-rw-r--r--gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch42
-rw-r--r--gnu/packages/patches/p7zip-CVE-2016-9296.patch24
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-2615.patch52
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5578.patch39
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5579.patch44
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5856.patch68
-rw-r--r--gnu/packages/patches/vsearch-unbundle-cityhash.patch73
9 files changed, 385 insertions, 10 deletions
diff --git a/gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch b/gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch
new file mode 100644
index 0000000000..4c6c7ed06e
--- /dev/null
+++ b/gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch
@@ -0,0 +1,32 @@
+This fixes a test failure on i686.
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=5e2e111627871c566ffc6607eda8f4ef4699d040
+
+From 5e2e111627871c566ffc6607eda8f4ef4699d040 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Thu, 2 Feb 2017 14:56:39 +0200
+Subject: [PATCH] multifdsink: Make sure to use a 64 bit integer for the
+ units-max property
+
+---
+ tests/check/elements/multifdsink.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/check/elements/multifdsink.c b/tests/check/elements/multifdsink.c
+index af138cc92..951b1b9fa 100644
+--- a/tests/check/elements/multifdsink.c
++++ b/tests/check/elements/multifdsink.c
+@@ -869,7 +869,7 @@ GST_START_TEST (test_client_kick)
+   gint i, initial_buffers = 3, num_buffers = 0;
+ 
+   sink = setup_multifdsink ();
+-  g_object_set (sink, "units-max", initial_buffers, NULL);
++  g_object_set (sink, "units-max", (gint64) initial_buffers, NULL);
+ 
+   fail_if (pipe (pfd1) == -1);
+   fail_if (pipe (pfd2) == -1);
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/libvpx-CVE-2016-2818.patch b/gnu/packages/patches/libvpx-CVE-2016-2818.patch
index 1fdf01cbca..bef3448b81 100644
--- a/gnu/packages/patches/libvpx-CVE-2016-2818.patch
+++ b/gnu/packages/patches/libvpx-CVE-2016-2818.patch
@@ -9,15 +9,15 @@ Patch contents copied from Mozilla esr45 changeset 312077:7ebfe49f001c
 
 --- libvpx-1.5.0/vp8/vp8_cx_iface.c.orig	2015-11-09 17:12:38.000000000 -0500
 +++ libvpx-1.5.0/vp8/vp8_cx_iface.c	2016-06-08 08:48:46.037213092 -0400
-@@ -925,11 +925,19 @@
-         {
-             res = image2yuvconfig(img, &sd);
+@@ -860,11 +860,20 @@
+     if (img != NULL) {
+       res = image2yuvconfig(img, &sd);
  
--            if (vp8_receive_raw_frame(ctx->cpi, ctx->next_frame_flag | lib_flags,
--                                      &sd, dst_time_stamp, dst_end_time_stamp))
--            {
--                VP8_COMP *cpi = (VP8_COMP *)ctx->cpi;
--                res = update_error_state(ctx, &cpi->common.error);
+-      if (vp8_receive_raw_frame(ctx->cpi, ctx->next_frame_flag | lib_flags, &sd,
+-                                dst_time_stamp, dst_end_time_stamp)) {
+-        VP8_COMP *cpi = (VP8_COMP *)ctx->cpi;
+-        res = update_error_state(ctx, &cpi->common.error);
+-      }
 +            if (sd.y_width != ctx->cfg.g_w || sd.y_height != ctx->cfg.g_h) {
 +                /* from vp8_encoder.h for g_w/g_h:
 +                   "Note that the frames passed as input to the encoder must have this resolution"
@@ -31,6 +31,7 @@ Patch contents copied from Mozilla esr45 changeset 312077:7ebfe49f001c
 +                    VP8_COMP *cpi = (VP8_COMP *)ctx->cpi;
 +                    res = update_error_state(ctx, &cpi->common.error);
 +                }
-             }
++            }
  
-             /* reset for next frame */
+       /* reset for next frame */
+       ctx->next_frame_flag = 0;
diff --git a/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch b/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch
new file mode 100644
index 0000000000..6edd676e38
--- /dev/null
+++ b/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch
@@ -0,0 +1,42 @@
+Fix CVE-2017-0358:
+http://seclists.org/oss-sec/2017/q1/259
+This patch was copied from the above URL.
+
+diff -ur ntfs-3g.old/src/lowntfs-3g.c ntfs-3g/src/lowntfs-3g.c
+--- ntfs-3g.old/src/lowntfs-3g.c	2017-02-09 15:01:04.074331542 -0500
++++ ntfs-3g/src/lowntfs-3g.c	2017-02-09 15:06:35.757580937 -0500
+@@ -3827,13 +3827,14 @@
+	struct stat st;
+	pid_t pid;
+	const char *cmd = "/sbin/modprobe";
++	char *env = (char*)NULL;
+	struct timespec req = { 0, 100000000 };   /* 100 msec */
+	fuse_fstype fstype;
+        
+	if (!stat(cmd, &st) && !geteuid()) {
+		pid = fork();
+		if (!pid) {
+-			execl(cmd, cmd, "fuse", NULL);
++			execle(cmd, cmd, "fuse", NULL, &env);
+			_exit(1);
+		} else if (pid != -1)
+			waitpid(pid, NULL, 0);
+diff -ur ntfs-3g.old/src/ntfs-3g.c ntfs-3g/src/ntfs-3g.c
+--- ntfs-3g.old/src/ntfs-3g.c	2017-02-09 15:01:04.074331542 -0500
++++ ntfs-3g/src/ntfs-3g.c	2017-02-09 15:06:26.077252571 -0500
+@@ -3612,13 +3612,14 @@
+	struct stat st;
+	pid_t pid;
+	const char *cmd = "/sbin/modprobe";
++	char *env = (char*)NULL;
+	struct timespec req = { 0, 100000000 };   /* 100 msec */
+	fuse_fstype fstype;
+	
+	if (!stat(cmd, &st) && !geteuid()) {
+		pid = fork();
+		if (!pid) {
+-			execl(cmd, cmd, "fuse", NULL);
++			execle(cmd, cmd, "fuse", NULL, &env);
+			_exit(1);
+		} else if (pid != -1)
+			waitpid(pid, NULL, 0);
diff --git a/gnu/packages/patches/p7zip-CVE-2016-9296.patch b/gnu/packages/patches/p7zip-CVE-2016-9296.patch
new file mode 100644
index 0000000000..3fa80377ad
--- /dev/null
+++ b/gnu/packages/patches/p7zip-CVE-2016-9296.patch
@@ -0,0 +1,24 @@
+From: Robert Luberda <robert@debian.org>
+Date: Sat, 19 Nov 2016 08:48:08 +0100
+Subject: Fix nullptr dereference (CVE-2016-9296)
+
+Patch taken from https://sourceforge.net/p/p7zip/bugs/185/
+This patch file taken from Debian's patch set for p7zip
+---
+ CPP/7zip/Archive/7z/7zIn.cpp | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/CPP/7zip/Archive/7z/7zIn.cpp b/CPP/7zip/Archive/7z/7zIn.cpp
+index b0c6b98..7c6dde2 100644
+--- a/CPP/7zip/Archive/7z/7zIn.cpp
++++ b/CPP/7zip/Archive/7z/7zIn.cpp
+@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedStreams(
+       if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i])
+         ThrowIncorrect();
+   }
+-  HeadersSize += folders.PackPositions[folders.NumPackStreams];
++  if (folders.PackPositions)
++      HeadersSize += folders.PackPositions[folders.NumPackStreams];
+   return S_OK;
+ }
+ 
diff --git a/gnu/packages/patches/qemu-CVE-2017-2615.patch b/gnu/packages/patches/qemu-CVE-2017-2615.patch
new file mode 100644
index 0000000000..ede1f8c89d
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-2615.patch
@@ -0,0 +1,52 @@
+http://git.qemu.org/?p=qemu.git;a=patch;h=62d4c6bd5263bb8413a06c80144fc678df6dfb64
+this patch is from qemu-git.
+
+
+From 62d4c6bd5263bb8413a06c80144fc678df6dfb64 Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Wed, 1 Feb 2017 09:35:01 +0100
+Subject: [PATCH] cirrus: fix oob access issue (CVE-2017-2615)
+
+When doing bitblt copy in backward mode, we should minus the
+blt width first just like the adding in the forward mode. This
+can avoid the oob access of the front of vga's vram.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+
+{ kraxel: with backward blits (negative pitch) addr is the topmost
+          address, so check it as-is against vram size ]
+
+Cc: qemu-stable@nongnu.org
+Cc: P J P <ppandit@redhat.com>
+Cc: Laszlo Ersek <lersek@redhat.com>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Wolfgang Bumiller <w.bumiller@proxmox.com>
+Fixes: d3532a0db02296e687711b8cdc7791924efccea0 (CVE-2014-8106)
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Message-id: 1485938101-26602-1-git-send-email-kraxel@redhat.com
+Reviewed-by: Laszlo Ersek <lersek@redhat.com>
+---
+ hw/display/cirrus_vga.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
+index 7db6409dc5..16f27e8ac5 100644
+--- a/hw/display/cirrus_vga.c
++++ b/hw/display/cirrus_vga.c
+@@ -274,10 +274,9 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s,
+ {
+     if (pitch < 0) {
+         int64_t min = addr
+-            + ((int64_t)s->cirrus_blt_height-1) * pitch;
+-        int32_t max = addr
+-            + s->cirrus_blt_width;
+-        if (min < 0 || max > s->vga.vram_size) {
++            + ((int64_t)s->cirrus_blt_height - 1) * pitch
++            - s->cirrus_blt_width;
++        if (min < -1 || addr >= s->vga.vram_size) {
+             return true;
+         }
+     } else {
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5578.patch b/gnu/packages/patches/qemu-CVE-2017-5578.patch
new file mode 100644
index 0000000000..05655bcd98
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5578.patch
@@ -0,0 +1,39 @@
+http://git.qemu.org/?p=qemu.git;a=patch;h=204f01b30975923c64006f8067f0937b91eea68b
+this patch is from qemu-git.
+
+
+From 204f01b30975923c64006f8067f0937b91eea68b Mon Sep 17 00:00:00 2001
+From: Li Qiang <liq3ea@gmail.com>
+Date: Thu, 29 Dec 2016 04:28:41 -0500
+Subject: [PATCH] virtio-gpu: fix memory leak in resource attach backing
+
+In the resource attach backing function, everytime it will
+allocate 'res->iov' thus can leading a memory leak. This
+patch avoid this.
+
+Signed-off-by: Li Qiang <liq3ea@gmail.com>
+Message-id: 1483003721-65360-1-git-send-email-liq3ea@gmail.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/display/virtio-gpu.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
+index 6a26258cac..ca88cf478d 100644
+--- a/hw/display/virtio-gpu.c
++++ b/hw/display/virtio-gpu.c
+@@ -714,6 +714,11 @@ virtio_gpu_resource_attach_backing(VirtIOGPU *g,
+         return;
+     }
+ 
++    if (res->iov) {
++        cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
++        return;
++    }
++
+     ret = virtio_gpu_create_mapping_iov(&ab, cmd, &res->addrs, &res->iov);
+     if (ret != 0) {
+         cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5579.patch b/gnu/packages/patches/qemu-CVE-2017-5579.patch
new file mode 100644
index 0000000000..7630012d54
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5579.patch
@@ -0,0 +1,44 @@
+http://git.qemu.org/?p=qemu.git;a=patch;h=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b
+this patch is from qemu-git.
+
+
+From 8409dc884a201bf74b30a9d232b6bbdd00cb7e2b Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Wed, 4 Jan 2017 00:43:16 -0800
+Subject: [PATCH] serial: fix memory leak in serial exit
+
+The serial_exit_core function doesn't free some resources.
+This can lead memory leak when hotplug and unplug. This
+patch avoid this.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+Message-Id: <586cb5ab.f31d9d0a.38ac3.acf2@mx.google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/char/serial.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/hw/char/serial.c b/hw/char/serial.c
+index ffbacd8227..67b18eda12 100644
+--- a/hw/char/serial.c
++++ b/hw/char/serial.c
+@@ -906,6 +906,16 @@ void serial_realize_core(SerialState *s, Error **errp)
+ void serial_exit_core(SerialState *s)
+ {
+     qemu_chr_fe_deinit(&s->chr);
++
++    timer_del(s->modem_status_poll);
++    timer_free(s->modem_status_poll);
++
++    timer_del(s->fifo_timeout_timer);
++    timer_free(s->fifo_timeout_timer);
++
++    fifo8_destroy(&s->recv_fifo);
++    fifo8_destroy(&s->xmit_fifo);
++
+     qemu_unregister_reset(serial_reset, s);
+ }
+ 
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5856.patch b/gnu/packages/patches/qemu-CVE-2017-5856.patch
new file mode 100644
index 0000000000..bee0824c0a
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5856.patch
@@ -0,0 +1,68 @@
+http://git.qemu.org/?p=qemu.git;a=patch;h=765a707000e838c30b18d712fe6cb3dd8e0435f3
+this patch is from qemu-git.
+
+
+From 765a707000e838c30b18d712fe6cb3dd8e0435f3 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Mon, 2 Jan 2017 11:03:33 +0100
+Subject: [PATCH] megasas: fix guest-triggered memory leak
+
+If the guest sets the sglist size to a value >=2GB, megasas_handle_dcmd
+will return MFI_STAT_MEMORY_NOT_AVAILABLE without freeing the memory.
+Avoid this by returning only the status from map_dcmd, and loading
+cmd->iov_size in the caller.
+
+Reported-by: Li Qiang <liqiang6-s@360.cn>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/scsi/megasas.c |   11 ++++++-----
+ 1 files changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
+index 67fc1e7..6233865 100644
+--- a/hw/scsi/megasas.c
++++ b/hw/scsi/megasas.c
+@@ -683,14 +683,14 @@ static int megasas_map_dcmd(MegasasState *s, MegasasCmd *cmd)
+         trace_megasas_dcmd_invalid_sge(cmd->index,
+                                        cmd->frame->header.sge_count);
+         cmd->iov_size = 0;
+-        return -1;
++        return -EINVAL;
+     }
+     iov_pa = megasas_sgl_get_addr(cmd, &cmd->frame->dcmd.sgl);
+     iov_size = megasas_sgl_get_len(cmd, &cmd->frame->dcmd.sgl);
+     pci_dma_sglist_init(&cmd->qsg, PCI_DEVICE(s), 1);
+     qemu_sglist_add(&cmd->qsg, iov_pa, iov_size);
+     cmd->iov_size = iov_size;
+-    return cmd->iov_size;
++    return 0;
+ }
+ 
+ static void megasas_finish_dcmd(MegasasCmd *cmd, uint32_t iov_size)
+@@ -1559,19 +1559,20 @@ static const struct dcmd_cmd_tbl_t {
+ 
+ static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
+ {
+-    int opcode, len;
++    int opcode;
+     int retval = 0;
++    size_t len;
+     const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
+ 
+     opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
+     trace_megasas_handle_dcmd(cmd->index, opcode);
+-    len = megasas_map_dcmd(s, cmd);
+-    if (len < 0) {
++    if (megasas_map_dcmd(s, cmd) < 0) {
+         return MFI_STAT_MEMORY_NOT_AVAILABLE;
+     }
+     while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
+         cmdptr++;
+     }
++    len = cmd->iov_size;
+     if (cmdptr->opcode == -1) {
+         trace_megasas_dcmd_unhandled(cmd->index, opcode, len);
+         retval = megasas_dcmd_dummy(s, cmd);
+-- 
+1.7.0.4
+
diff --git a/gnu/packages/patches/vsearch-unbundle-cityhash.patch b/gnu/packages/patches/vsearch-unbundle-cityhash.patch
new file mode 100644
index 0000000000..b1ecb1f063
--- /dev/null
+++ b/gnu/packages/patches/vsearch-unbundle-cityhash.patch
@@ -0,0 +1,73 @@
+diff --git a/src/Makefile.am b/src/Makefile.am
+index e56a8a2..4adcc48 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -3,7 +3,7 @@ bin_PROGRAMS = $(top_builddir)/bin/vsearch
+ if TARGET_PPC
+ AM_CXXFLAGS=-Wall -Wsign-compare -O3 -g -mcpu=power8
+ else
+-AM_CXXFLAGS=-Wall -Wsign-compare -O3 -g
++AM_CXXFLAGS=-Wall -Wsign-compare -O3 -g -lcityhash
+ endif
+ 
+ AM_CFLAGS=$(AM_CXXFLAGS)
+@@ -18,8 +18,6 @@ allpairs.h \
+ arch.h \
+ bitmap.h \
+ chimera.h \
+-city.h \
+-citycrc.h \
+ cluster.h \
+ cpu.h \
+ db.h \
+@@ -59,31 +57,26 @@ xstring.h
+ 
+ if TARGET_PPC
+ libcpu_a_SOURCES = cpu.cc $(VSEARCHHEADERS)
+-noinst_LIBRARIES = libcpu.a libcityhash.a
++noinst_LIBRARIES = libcpu.a
+ else
+ libcpu_sse2_a_SOURCES = cpu.cc $(VSEARCHHEADERS)
+ libcpu_sse2_a_CXXFLAGS = $(AM_CXXFLAGS) -msse2
+ libcpu_ssse3_a_SOURCES = cpu.cc $(VSEARCHHEADERS)
+ libcpu_ssse3_a_CXXFLAGS = $(AM_CXXFLAGS) -mssse3 -DSSSE3
+-noinst_LIBRARIES = libcpu_sse2.a libcpu_ssse3.a libcityhash.a
++noinst_LIBRARIES = libcpu_sse2.a libcpu_ssse3.a
+ endif
+ 
+-libcityhash_a_SOURCES = city.cc city.h
+-
+ if TARGET_WIN
+ 
+-libcityhash_a_CXXFLAGS = -Wall -Wno-sign-compare -O3 -g -D_MSC_VER
+-__top_builddir__bin_vsearch_LDFLAGS = -static
+-__top_builddir__bin_vsearch_LDADD = libregex.a libcityhash.a libcpu_ssse3.a libcpu_sse2.a
++__top_builddir__bin_vsearch_LDFLAGS = -static -lcityhash
++__top_builddir__bin_vsearch_LDADD = libregex.a libcpu_ssse3.a libcpu_sse2.a
+ 
+ else
+ 
+-libcityhash_a_CXXFLAGS = -Wall -Wno-sign-compare -O3 -g
+-
+ if TARGET_PPC
+-__top_builddir__bin_vsearch_LDADD = libcityhash.a libcpu.a
++__top_builddir__bin_vsearch_LDADD = libcpu.a
+ else
+-__top_builddir__bin_vsearch_LDADD = libcityhash.a libcpu_ssse3.a libcpu_sse2.a
++__top_builddir__bin_vsearch_LDADD = libcpu_ssse3.a libcpu_sse2.a
+ endif
+ 
+ endif
+diff --git a/src/vsearch.h b/src/vsearch.h
+index f2c244b..5f51bbe 100644
+--- a/src/vsearch.h
++++ b/src/vsearch.h
+@@ -148,7 +148,7 @@
+ #include <bzlib.h>
+ #endif
+ 
+-#include "city.h"
++#include <city.h>
+ #include "md5.h"
+ #include "sha1.h"
+