summary refs log tree commit diff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/clementine-remove-crypto++-dependency.patch19
-rw-r--r--gnu/packages/patches/emacs-browse-at-remote-cgit-gnu.patch59
-rw-r--r--gnu/packages/patches/java-xerces-bootclasspath.patch38
-rw-r--r--gnu/packages/patches/java-xerces-build_dont_unzip.patch44
-rw-r--r--gnu/packages/patches/java-xerces-xjavac_taskdef.patch45
-rw-r--r--gnu/packages/patches/libtasn1-CVE-2018-6003.patch73
-rw-r--r--gnu/packages/patches/libtiff-CVE-2017-18013.patch45
-rw-r--r--gnu/packages/patches/libtiff-CVE-2017-9935.patch162
-rw-r--r--gnu/packages/patches/zziplib-CVE-2017-5974.patch28
-rw-r--r--gnu/packages/patches/zziplib-CVE-2017-5975.patch32
-rw-r--r--gnu/packages/patches/zziplib-CVE-2017-5976.patch61
-rw-r--r--gnu/packages/patches/zziplib-CVE-2017-5978.patch37
-rw-r--r--gnu/packages/patches/zziplib-CVE-2017-5979.patch19
-rw-r--r--gnu/packages/patches/zziplib-CVE-2017-5981.patch19
14 files changed, 485 insertions, 196 deletions
diff --git a/gnu/packages/patches/clementine-remove-crypto++-dependency.patch b/gnu/packages/patches/clementine-remove-crypto++-dependency.patch
new file mode 100644
index 0000000000..e7cf80ddee
--- /dev/null
+++ b/gnu/packages/patches/clementine-remove-crypto++-dependency.patch
@@ -0,0 +1,19 @@
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 3202b8b..473ecb9 100755
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -279,14 +279,6 @@ optional_component(LIBPULSE ON "Pulse audio integration"
+ 
+ optional_component(VISUALISATIONS ON "Visualisations")
+ 
+-if(NOT HAVE_SPOTIFY_BLOB AND NOT CRYPTOPP_FOUND)
+-  message(FATAL_ERROR "Either crypto++ must be available or the non-GPL Spotify "
+-          "code must be compiled in")
+-elseif(CRYPTOPP_FOUND)
+-  set(HAVE_CRYPTOPP ON)
+-  set(HAVE_SPOTIFY_DOWNLOADER ON)
+-endif()
+-
+ # Find DBus if it's enabled
+ if (HAVE_DBUS)
+   find_package(Qt5 COMPONENTS DBus)
diff --git a/gnu/packages/patches/emacs-browse-at-remote-cgit-gnu.patch b/gnu/packages/patches/emacs-browse-at-remote-cgit-gnu.patch
new file mode 100644
index 0000000000..b90017fdb4
--- /dev/null
+++ b/gnu/packages/patches/emacs-browse-at-remote-cgit-gnu.patch
@@ -0,0 +1,59 @@
+Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com>
+
+This patch adds a support for Git repositories hosted on git.savannah.gnu.org.
+
+Upstream bug URL:
+
+https://github.com/rmuslimov/browse-at-remote/pull/46
+
+From cd2ccdaef8b1d97337d790175f71cc3dbcfcff64 Mon Sep 17 00:00:00 2001
+From: Oleg Pykhalov <go.wigust@gmail.com>
+Date: Fri, 26 Jan 2018 00:05:30 +0300
+Subject: [PATCH] Add support for repositories that are hosted on gnu cgit
+
+---
+ browse-at-remote.el | 21 ++++++++++++++++++++-
+ 1 file changed, 20 insertions(+), 1 deletion(-)
+
+diff --git a/browse-at-remote.el b/browse-at-remote.el
+index 66967b3..e210d18 100644
+--- a/browse-at-remote.el
++++ b/browse-at-remote.el
+@@ -44,7 +44,8 @@
+ (defcustom browse-at-remote-remote-type-domains
+   '(("bitbucket.org" ."bitbucket")
+     ("github.com" . "github")
+-    ("gitlab.com" . "gitlab"))
++    ("gitlab.com" . "gitlab")
++    ("git.savannah.gnu.org" . "gnu"))
+   "Alist of domain patterns to remote types."
+ 
+   :type '(alist :key-type (string :tag "Domain")
+@@ -199,6 +200,24 @@ If HEAD is detached, return nil."
+     (if (fboundp formatter)
+         formatter nil)))
+ 
++(defun browse-at-remote-gnu-format-url (repo-url)
++  "Get a gnu formatted URL."
++  (replace-regexp-in-string
++   (concat "https://" (car (rassoc "gnu" browse-at-remote-remote-type-domains))
++           "/\\(git\\).*\\'")
++   "cgit" repo-url nil nil 1))
++
++(defun browse-at-remote--format-region-url-as-gnu (repo-url location filename &optional linestart lineend)
++  "URL formatter for gnu."
++  (let ((repo-url (browse-at-remote-gnu-format-url repo-url)))
++    (cond
++     (linestart (format "%s.git/tree/%s?h=%s#n%d" repo-url filename location linestart))
++     (t (format "%s.git/tree/%s?h=%s" repo-url filename location)))))
++
++(defun browse-at-remote--format-commit-url-as-gnu (repo-url commithash)
++  "Commit URL formatted for gnu"
++  (format "%s.git/commit/?id=%s" (browse-at-remote-gnu-format-url repo-url) commithash))
++
+ (defun browse-at-remote--format-region-url-as-github (repo-url location filename &optional linestart lineend)
+   "URL formatted for github."
+   (cond
+-- 
+2.15.1
+
diff --git a/gnu/packages/patches/java-xerces-bootclasspath.patch b/gnu/packages/patches/java-xerces-bootclasspath.patch
new file mode 100644
index 0000000000..efaa548a62
--- /dev/null
+++ b/gnu/packages/patches/java-xerces-bootclasspath.patch
@@ -0,0 +1,38 @@
+Based on https://anonscm.debian.org/viewvc/pkg-java/trunk/libxerces2-java/debian/patches/03_bootclasspath.patch?revision=14509, adopted for guix
+
+--- xerces-2_11_0/build.xml.orig	2010-11-26 21:42:11.000000000 +0100
++++ xerces-2_11_0/build.xml	2017-03-28 14:04:41.946606996 +0200
+@@ -290,13 +290,14 @@
+            destdir="${build.dest}"

+            source="${javac.source}"

+            target="${javac.target}"

+-           classpath="${build.dir}/classes:${tools.dir}/${jar.apis}:${tools.dir}/${jar.resolver}:${tools.dir}/${jar.serializer}"

++           classpath="${build.dir}/classes:${jar.jaxp}:${jar.apis-ext}:${jar.resolver}"

+            debug="${debug}" nowarn="true"

+            debuglevel="${debuglevel}"

+            deprecation="${deprecation}"

+            optimize="${optimize}"

+            includeAntRuntime="false"

+-           includeJavaRuntime="false"

++           includeJavaRuntime="true"

++           bootclasspath="${jar.jaxp}:${jar.apis-ext}:${jar.resolver}"

+            excludes="org/xml/sax/** 

+                 javax/xml/**

+                 org/w3c/dom/*

+@@ -1451,13 +1452,14 @@
+                destdir="${build.dest}"

+                source="${javac.source}"

+                target="${javac.target}"

+-               classpath="${build.dir}/classes:${tools.dir}/${jar.apis}:${tools.dir}/${jar.resolver}:${tools.dir}/${jar.serializer}"

++               classpath="${build.dir}/classes:${jar.jaxp}:${jar.apis-ext}:${jar.resolver}"

+                debug="${debug}"

+                debuglevel="${debuglevel}"

+                deprecation="${deprecation}"

+                optimize="${optimize}"

+                includeAntRuntime="false"

+-               includeJavaRuntime="false"

++               includeJavaRuntime="true"

++               bootclasspath="${jar.jaxp}:${jar.apis-ext}:${jar.resolver}"

+                excludes="org/xml/sax/** 

+                     javax/xml/**

+                     org/w3c/dom/*

diff --git a/gnu/packages/patches/java-xerces-build_dont_unzip.patch b/gnu/packages/patches/java-xerces-build_dont_unzip.patch
new file mode 100644
index 0000000000..2ff5628865
--- /dev/null
+++ b/gnu/packages/patches/java-xerces-build_dont_unzip.patch
@@ -0,0 +1,44 @@
+Don't unzip the sources which were bundled originally. Guix strips them from
+the source and uses pre-build packages.
+
+Taken from https://anonscm.debian.org/viewvc/pkg-java/trunk/libxerces2-java/debian/patches/02_build_dont_unzip.patch?revision=14507
+
+Index: b/build.xml
+===================================================================
+--- a/build.xml
++++ b/build.xml
+@@ -247,7 +247,7 @@
+     <copy file="${src.dir}/org/apache/xerces/impl/xpath/regex/message.properties"

+       tofile="${build.src}/org/apache/xerces/impl/xpath/regex/message_en.properties"/>

+ 

+-    <!-- now deal with API's:  -->

++    <!-- not needed for Debian

+     <unzip src="${src.apis.zip}" dest="${build.src}">

+         <patternset

+             includes="org/xml/sax/** 

+@@ -270,6 +270,7 @@
+                 org/w3c/dom/xpath/**"

+         />

+     </unzip>

++    -->

+     

+     <!-- substitute tokens as needed -->

+     <replace file="${build.dir}/src/org/apache/xerces/impl/Version.java" 

+@@ -1232,7 +1233,7 @@
+     <replace file="${build.dir}/src/org/apache/xerces/parsers/AbstractSAXParser.java"

+              token="return (fConfiguration instanceof XML11Configurable);" value="return false;"/>

+  

+-    <!-- now deal with API's:  -->

++    <!-- not needed for Debian

+     <unzip src="${src.apis.zip}" dest="${build.src}">

+         <patternset

+             includes="org/xml/sax/** 

+@@ -1255,7 +1256,7 @@
+                 org/w3c/dom/xpath/**"

+         />

+     </unzip>

+-

++    -->

+ 

+     <!-- substitute tokens as needed -->

+     <replace file="${build.dir}/src/org/apache/xerces/impl/Version.java" 

diff --git a/gnu/packages/patches/java-xerces-xjavac_taskdef.patch b/gnu/packages/patches/java-xerces-xjavac_taskdef.patch
new file mode 100644
index 0000000000..4f5d008c28
--- /dev/null
+++ b/gnu/packages/patches/java-xerces-xjavac_taskdef.patch
@@ -0,0 +1,45 @@
+This patch eliminates the need for providing "xjavac", which saves building a
+package for the unmaintained "xerces-tools".
+
+Taken from https://anonscm.debian.org/viewvc/pkg-java/trunk/libxerces2-java/debian/patches/01_xjavac_taskdef.patch?revision=14507
+
+Index: b/build.xml
+===================================================================
+--- a/build.xml
++++ b/build.xml
+@@ -39,7 +39,7 @@
+   <property name="tools.dir" value="./tools"/>

+ 

+   <!-- enable compilation under JDK 1.4 and above -->

+-  <taskdef name="xjavac" classname="org.apache.xerces.util.XJavac">

++  <taskdef name="xjavac" classname="org.apache.tools.ant.taskdefs.Javac">

+     <classpath>

+       <pathelement location="${tools.dir}/bin/xjavac.jar"/>

+     </classpath>

+@@ -291,7 +291,7 @@
+            source="${javac.source}"

+            target="${javac.target}"

+            classpath="${build.dir}/classes:${tools.dir}/${jar.apis}:${tools.dir}/${jar.resolver}:${tools.dir}/${jar.serializer}"

+-           debug="${debug}"

++           debug="${debug}" nowarn="true"

+            debuglevel="${debuglevel}"

+            deprecation="${deprecation}"

+            optimize="${optimize}"

+@@ -359,7 +359,7 @@
+            source="${javac.source}"

+            target="${javac.target}"

+            classpath="${build.dir}/classes:${tools.dir}/${jar.apis}"

+-           debug="${debug}"

++           debug="${debug}" nowarn="true"

+            debuglevel="${debuglevel}"

+            includeAntRuntime="false"

+            includeJavaRuntime="true"/>

+@@ -379,7 +379,7 @@
+            source="${javac.source}"

+            target="${javac.target}"

+            classpath="${tools.dir}/${jar.apis}:${build.dir}/classes:./tools/junit.jar"

+-           debug="${debug}"

++           debug="${debug}" nowarn="true"

+            debuglevel="${debuglevel}"

+            includeAntRuntime="false"

+            includeJavaRuntime="true"/>

diff --git a/gnu/packages/patches/libtasn1-CVE-2018-6003.patch b/gnu/packages/patches/libtasn1-CVE-2018-6003.patch
new file mode 100644
index 0000000000..3e6140518d
--- /dev/null
+++ b/gnu/packages/patches/libtasn1-CVE-2018-6003.patch
@@ -0,0 +1,73 @@
+Fix CVE-2018-6003:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6003
+https://lists.gnu.org/archive/html/help-libtasn1/2018-01/msg00000.html
+
+Patch copied from upstream source repository:
+
+https://gitlab.com/gnutls/libtasn1/commit/c593ae84cfcde8fea45787e53950e0ac71e9ca97
+
+From c593ae84cfcde8fea45787e53950e0ac71e9ca97 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Thu, 4 Jan 2018 10:52:05 +0100
+Subject: [PATCH] _asn1_decode_simple_ber: restrict the levels of recursion to 3
+
+On indefinite string decoding, setting a maximum level of recursions
+protects the BER decoder from a stack exhaustion due to large amounts
+of recursion.
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+---
+ lib/decoding.c | 21 +++++++++++++++++++--
+ 1 file changed, 19 insertions(+), 2 deletions(-)
+
+diff --git a/lib/decoding.c b/lib/decoding.c
+index 2240b09..0ee35d3 100644
+--- a/lib/decoding.c
++++ b/lib/decoding.c
+@@ -45,6 +45,13 @@
+ 
+ #define DECODE_FLAG_HAVE_TAG 1
+ #define DECODE_FLAG_INDEFINITE (1<<1)
++/* On indefinite string decoding, allow this maximum levels
++ * of recursion. Allowing infinite recursion, makes the BER
++ * decoder susceptible to stack exhaustion due to that recursion.
++ */
++#define DECODE_FLAG_LEVEL1 (1<<2)
++#define DECODE_FLAG_LEVEL2 (1<<3)
++#define DECODE_FLAG_LEVEL3 (1<<4)
+ 
+ #define DECR_LEN(l, s) do { \
+ 	  l -= s; \
+@@ -2216,7 +2223,8 @@ _asn1_decode_simple_ber (unsigned int etype, const unsigned char *der,
+     }
+ 
+   /* indefinite constructed */
+-  if (((dflags & DECODE_FLAG_INDEFINITE) || class == ASN1_CLASS_STRUCTURED) && ETYPE_IS_STRING(etype))
++  if ((((dflags & DECODE_FLAG_INDEFINITE) || class == ASN1_CLASS_STRUCTURED) && ETYPE_IS_STRING(etype)) &&
++      !(dflags & DECODE_FLAG_LEVEL3))
+     {
+       len_len = 1;
+ 
+@@ -2236,8 +2244,17 @@ _asn1_decode_simple_ber (unsigned int etype, const unsigned char *der,
+       do
+         {
+           unsigned tmp_len;
++          unsigned flags = DECODE_FLAG_HAVE_TAG;
++
++          if (dflags & DECODE_FLAG_LEVEL1)
++                flags |= DECODE_FLAG_LEVEL2;
++          else if (dflags & DECODE_FLAG_LEVEL2)
++		flags |= DECODE_FLAG_LEVEL3;
++	  else
++		flags |= DECODE_FLAG_LEVEL1;
+ 
+-          result = asn1_decode_simple_ber(etype, p, der_len, &out, &out_len, &tmp_len);
++          result = _asn1_decode_simple_ber(etype, p, der_len, &out, &out_len, &tmp_len,
++                                           flags);
+           if (result != ASN1_SUCCESS)
+             {
+               warn();
+--
+libgit2 0.26.0
+
diff --git a/gnu/packages/patches/libtiff-CVE-2017-18013.patch b/gnu/packages/patches/libtiff-CVE-2017-18013.patch
new file mode 100644
index 0000000000..ba03c83847
--- /dev/null
+++ b/gnu/packages/patches/libtiff-CVE-2017-18013.patch
@@ -0,0 +1,45 @@
+Fix CVE-2017-18013:
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2770
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18013
+
+Patch copied from upstream source repository:
+
+https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01
+
+From c6f41df7b581402dfba3c19a1e3df4454c551a01 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sun, 31 Dec 2017 15:09:41 +0100
+Subject: [PATCH] libtiff/tif_print.c: TIFFPrintDirectory(): fix null pointer
+ dereference on corrupted file. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2770
+
+---
+ libtiff/tif_print.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c
+index 9959d353..8deceb2b 100644
+--- a/libtiff/tif_print.c
++++ b/libtiff/tif_print.c
+@@ -665,13 +665,13 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags)
+ #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
+ 			fprintf(fd, "    %3lu: [%8I64u, %8I64u]\n",
+ 			    (unsigned long) s,
+-			    (unsigned __int64) td->td_stripoffset[s],
+-			    (unsigned __int64) td->td_stripbytecount[s]);
++			    td->td_stripoffset ? (unsigned __int64) td->td_stripoffset[s] : 0,
++			    td->td_stripbytecount ? (unsigned __int64) td->td_stripbytecount[s] : 0);
+ #else
+ 			fprintf(fd, "    %3lu: [%8llu, %8llu]\n",
+ 			    (unsigned long) s,
+-			    (unsigned long long) td->td_stripoffset[s],
+-			    (unsigned long long) td->td_stripbytecount[s]);
++			    td->td_stripoffset ? (unsigned long long) td->td_stripoffset[s] : 0,
++			    td->td_stripbytecount ? (unsigned long long) td->td_stripbytecount[s] : 0);
+ #endif
+ 	}
+ }
+-- 
+2.16.1
+
diff --git a/gnu/packages/patches/libtiff-CVE-2017-9935.patch b/gnu/packages/patches/libtiff-CVE-2017-9935.patch
new file mode 100644
index 0000000000..5685d81f68
--- /dev/null
+++ b/gnu/packages/patches/libtiff-CVE-2017-9935.patch
@@ -0,0 +1,162 @@
+Fix CVE-2017-9935
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935
+http://bugzilla.maptools.org/show_bug.cgi?id=2704
+
+Patch copied from upstream source repository:
+
+https://gitlab.com/libtiff/libtiff/commit/3dd8f6a357981a4090f126ab9025056c938b6940
+
+From 3dd8f6a357981a4090f126ab9025056c938b6940 Mon Sep 17 00:00:00 2001
+From: Brian May <brian@linuxpenguins.xyz>
+Date: Thu, 7 Dec 2017 07:46:47 +1100
+Subject: [PATCH] tiff2pdf: Fix CVE-2017-9935
+
+Fix for http://bugzilla.maptools.org/show_bug.cgi?id=2704
+
+This vulnerability - at least for the supplied test case - is because we
+assume that a tiff will only have one transfer function that is the same
+for all pages. This is not required by the TIFF standards.
+
+We than read the transfer function for every page.  Depending on the
+transfer function, we allocate either 2 or 4 bytes to the XREF buffer.
+We allocate this memory after we read in the transfer function for the
+page.
+
+For the first exploit - POC1, this file has 3 pages. For the first page
+we allocate 2 extra extra XREF entries. Then for the next page 2 more
+entries. Then for the last page the transfer function changes and we
+allocate 4 more entries.
+
+When we read the file into memory, we assume we have 4 bytes extra for
+each and every page (as per the last transfer function we read). Which
+is not correct, we only have 2 bytes extra for the first 2 pages. As a
+result, we end up writing past the end of the buffer.
+
+There are also some related issues that this also fixes. For example,
+TIFFGetField can return uninitalized pointer values, and the logic to
+detect a N=3 vs N=1 transfer function seemed rather strange.
+
+It is also strange that we declare the transfer functions to be of type
+float, when the standard says they are unsigned 16 bit values. This is
+fixed in another patch.
+
+This patch will check to ensure that the N value for every transfer
+function is the same for every page. If this changes, we abort with an
+error. In theory, we should perhaps check that the transfer function
+itself is identical for every page, however we don't do that due to the
+confusion of the type of the data in the transfer function.
+---
+ libtiff/tif_dir.c |  3 +++
+ tools/tiff2pdf.c  | 65 +++++++++++++++++++++++++++++++++++++------------------
+ 2 files changed, 47 insertions(+), 21 deletions(-)
+
+diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
+index 2ccaf448..cbf2b693 100644
+--- a/libtiff/tif_dir.c
++++ b/libtiff/tif_dir.c
+@@ -1065,6 +1065,9 @@ _TIFFVGetField(TIFF* tif, uint32 tag, va_list ap)
+ 			if (td->td_samplesperpixel - td->td_extrasamples > 1) {
+ 				*va_arg(ap, uint16**) = td->td_transferfunction[1];
+ 				*va_arg(ap, uint16**) = td->td_transferfunction[2];
++			} else {
++				*va_arg(ap, uint16**) = NULL;
++				*va_arg(ap, uint16**) = NULL;
+ 			}
+ 			break;
+ 		case TIFFTAG_REFERENCEBLACKWHITE:
+diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c
+index d1a9b095..c3ec0746 100644
+--- a/tools/tiff2pdf.c
++++ b/tools/tiff2pdf.c
+@@ -1047,6 +1047,8 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){
+ 	uint16 pagen=0;
+ 	uint16 paged=0;
+ 	uint16 xuint16=0;
++	uint16 tiff_transferfunctioncount=0;
++	float* tiff_transferfunction[3];
+ 
+ 	directorycount=TIFFNumberOfDirectories(input);
+ 	t2p->tiff_pages = (T2P_PAGE*) _TIFFmalloc(TIFFSafeMultiply(tmsize_t,directorycount,sizeof(T2P_PAGE)));
+@@ -1147,26 +1149,48 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){
+                 }
+ #endif
+ 		if (TIFFGetField(input, TIFFTAG_TRANSFERFUNCTION,
+-                                 &(t2p->tiff_transferfunction[0]),
+-                                 &(t2p->tiff_transferfunction[1]),
+-                                 &(t2p->tiff_transferfunction[2]))) {
+-			if((t2p->tiff_transferfunction[1] != (float*) NULL) &&
+-                           (t2p->tiff_transferfunction[2] != (float*) NULL) &&
+-                           (t2p->tiff_transferfunction[1] !=
+-                            t2p->tiff_transferfunction[0])) {
+-				t2p->tiff_transferfunctioncount = 3;
+-				t2p->tiff_pages[i].page_extra += 4;
+-				t2p->pdf_xrefcount += 4;
+-			} else {
+-				t2p->tiff_transferfunctioncount = 1;
+-				t2p->tiff_pages[i].page_extra += 2;
+-				t2p->pdf_xrefcount += 2;
+-			}
+-			if(t2p->pdf_minorversion < 2)
+-				t2p->pdf_minorversion = 2;
++                                 &(tiff_transferfunction[0]),
++                                 &(tiff_transferfunction[1]),
++                                 &(tiff_transferfunction[2]))) {
++
++                        if((tiff_transferfunction[1] != (float*) NULL) &&
++                           (tiff_transferfunction[2] != (float*) NULL)
++                          ) {
++                            tiff_transferfunctioncount=3;
++                        } else {
++                            tiff_transferfunctioncount=1;
++                        }
+                 } else {
+-			t2p->tiff_transferfunctioncount=0;
++			tiff_transferfunctioncount=0;
+ 		}
++
++                if (i > 0){
++                    if (tiff_transferfunctioncount != t2p->tiff_transferfunctioncount){
++                        TIFFError(
++                            TIFF2PDF_MODULE,
++                            "Different transfer function on page %d",
++                            i);
++                        t2p->t2p_error = T2P_ERR_ERROR;
++                        return;
++                    }
++                }
++
++                t2p->tiff_transferfunctioncount = tiff_transferfunctioncount;
++                t2p->tiff_transferfunction[0] = tiff_transferfunction[0];
++                t2p->tiff_transferfunction[1] = tiff_transferfunction[1];
++                t2p->tiff_transferfunction[2] = tiff_transferfunction[2];
++                if(tiff_transferfunctioncount == 3){
++                        t2p->tiff_pages[i].page_extra += 4;
++                        t2p->pdf_xrefcount += 4;
++                        if(t2p->pdf_minorversion < 2)
++                                t2p->pdf_minorversion = 2;
++                } else if (tiff_transferfunctioncount == 1){
++                        t2p->tiff_pages[i].page_extra += 2;
++                        t2p->pdf_xrefcount += 2;
++                        if(t2p->pdf_minorversion < 2)
++                                t2p->pdf_minorversion = 2;
++                }
++
+ 		if( TIFFGetField(
+ 			input, 
+ 			TIFFTAG_ICCPROFILE, 
+@@ -1828,9 +1852,8 @@ void t2p_read_tiff_data(T2P* t2p, TIFF* input){
+ 			 &(t2p->tiff_transferfunction[1]),
+ 			 &(t2p->tiff_transferfunction[2]))) {
+ 		if((t2p->tiff_transferfunction[1] != (float*) NULL) &&
+-                   (t2p->tiff_transferfunction[2] != (float*) NULL) &&
+-                   (t2p->tiff_transferfunction[1] !=
+-                    t2p->tiff_transferfunction[0])) {
++                   (t2p->tiff_transferfunction[2] != (float*) NULL)
++                  ) {
+ 			t2p->tiff_transferfunctioncount=3;
+ 		} else {
+ 			t2p->tiff_transferfunctioncount=1;
+-- 
+2.16.1
+
diff --git a/gnu/packages/patches/zziplib-CVE-2017-5974.patch b/gnu/packages/patches/zziplib-CVE-2017-5974.patch
deleted file mode 100644
index 9ae02103e7..0000000000
--- a/gnu/packages/patches/zziplib-CVE-2017-5974.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-Fix CVE-2017-5974:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5974
-
-Patch copied from Debian.
-
-Index: zziplib-0.13.62/zzip/memdisk.c
-===================================================================
---- zziplib-0.13.62.orig/zzip/memdisk.c
-+++ zziplib-0.13.62/zzip/memdisk.c
-@@ -216,12 +216,12 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
-         /* override sizes/offsets with zip64 values for largefile support */
-         zzip_extra_zip64 *block = (zzip_extra_zip64 *)
-             zzip_mem_entry_extra_block(item, ZZIP_EXTRA_zip64);
--        if (block)
-+        if (block && ZZIP_GET16(block->z_datasize) >= (8 + 8 + 8 + 4))
-         {
--            item->zz_usize = __zzip_get64(block->z_usize);
--            item->zz_csize = __zzip_get64(block->z_csize);
--            item->zz_offset = __zzip_get64(block->z_offset);
--            item->zz_diskstart = __zzip_get32(block->z_diskstart);
-+            item->zz_usize = ZZIP_GET64(block->z_usize);
-+            item->zz_csize = ZZIP_GET64(block->z_csize);
-+            item->zz_offset = ZZIP_GET64(block->z_offset);
-+            item->zz_diskstart = ZZIP_GET32(block->z_diskstart);
-         }
-     }
-     /* NOTE:
diff --git a/gnu/packages/patches/zziplib-CVE-2017-5975.patch b/gnu/packages/patches/zziplib-CVE-2017-5975.patch
deleted file mode 100644
index fad174b056..0000000000
--- a/gnu/packages/patches/zziplib-CVE-2017-5975.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-Fix CVE-2017-5975:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5975
-
-Patch copied from Debian.
-
-Index: zziplib-0.13.62/zzip/memdisk.c
-===================================================================
---- zziplib-0.13.62.orig/zzip/memdisk.c
-+++ zziplib-0.13.62/zzip/memdisk.c
-@@ -173,6 +173,8 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
-         return 0;               /* errno=ENOMEM; */
-     ___ struct zzip_file_header *header =
-         zzip_disk_entry_to_file_header(disk, entry);
-+    if (!header)
-+	{ free(item); return 0; }
-     /*  there is a number of duplicated information in the file header
-      *  or the disk entry block. Theoretically some part may be missing
-      *  that exists in the other, ... but we will prefer the disk entry.
-Index: zziplib-0.13.62/zzip/mmapped.c
-===================================================================
---- zziplib-0.13.62.orig/zzip/mmapped.c
-+++ zziplib-0.13.62/zzip/mmapped.c
-@@ -289,6 +289,8 @@ zzip_disk_entry_to_file_header(ZZIP_DISK
-         (disk->buffer + zzip_disk_entry_fileoffset(entry));
-     if (disk->buffer > file_header || file_header >= disk->endbuf)
-         return 0;
-+    if (ZZIP_GET32(file_header) != ZZIP_FILE_HEADER_MAGIC)
-+        return 0;
-     return (struct zzip_file_header *) file_header;
- }
- 
diff --git a/gnu/packages/patches/zziplib-CVE-2017-5976.patch b/gnu/packages/patches/zziplib-CVE-2017-5976.patch
deleted file mode 100644
index 17fc30e302..0000000000
--- a/gnu/packages/patches/zziplib-CVE-2017-5976.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-Fix CVE-2017-5976:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5976
-
-Patch copied from Debian.
-
-Index: zziplib-0.13.62/zzip/memdisk.c
-===================================================================
---- zziplib-0.13.62.orig/zzip/memdisk.c
-+++ zziplib-0.13.62/zzip/memdisk.c
-@@ -201,6 +201,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
-         {
-             void *mem = malloc(ext1 + 2);
-             item->zz_ext[1] = mem;
-+	    item->zz_extlen[1] = ext1 + 2;
-             memcpy(mem, ptr1, ext1);
-             ((char *) (mem))[ext1 + 0] = 0;
-             ((char *) (mem))[ext1 + 1] = 0;
-@@ -209,6 +210,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
-         {
-             void *mem = malloc(ext2 + 2);
-             item->zz_ext[2] = mem;
-+	    item->zz_extlen[2] = ext2 + 2;
-             memcpy(mem, ptr2, ext2);
-             ((char *) (mem))[ext2 + 0] = 0;
-             ((char *) (mem))[ext2 + 1] = 0;
-@@ -245,8 +247,10 @@ zzip_mem_entry_extra_block(ZZIP_MEM_ENTR
-     while (1)
-     {
-         ZZIP_EXTRA_BLOCK *ext = entry->zz_ext[i];
--        if (ext)
-+        if (ext && (entry->zz_extlen[i] >= zzip_extra_block_headerlength))
-         {
-+	    char *endblock = (char *)ext + entry->zz_extlen[i];
-+
-             while (*(short *) (ext->z_datatype))
-             {
-                 if (datatype == zzip_extra_block_get_datatype(ext))
-@@ -257,6 +261,10 @@ zzip_mem_entry_extra_block(ZZIP_MEM_ENTR
-                 e += zzip_extra_block_headerlength;
-                 e += zzip_extra_block_get_datasize(ext);
-                 ext = (void *) e;
-+		if (e >= endblock)
-+		{
-+		    break;
-+		}
-                 ____;
-             }
-         }
-Index: zziplib-0.13.62/zzip/memdisk.h
-===================================================================
---- zziplib-0.13.62.orig/zzip/memdisk.h
-+++ zziplib-0.13.62/zzip/memdisk.h
-@@ -66,6 +66,7 @@ struct _zzip_mem_entry {
-     int              zz_filetype;  /* (from "z_filetype") */
-     char*            zz_comment;   /* zero-terminated (from "comment") */
-     ZZIP_EXTRA_BLOCK* zz_ext[3];   /* terminated by null in z_datatype */
-+    int              zz_extlen[3]; /* length of zz_ext[i] in bytes */
- };                                 /* the extra blocks are NOT converted */
- 
- #define _zzip_mem_disk_findfirst(_d_) ((_d_)->list)
diff --git a/gnu/packages/patches/zziplib-CVE-2017-5978.patch b/gnu/packages/patches/zziplib-CVE-2017-5978.patch
deleted file mode 100644
index 452b14f804..0000000000
--- a/gnu/packages/patches/zziplib-CVE-2017-5978.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Fix CVE-2017-5978:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5978
-
-Patch copied from Debian.
-
-Index: zziplib-0.13.62/zzip/memdisk.c
-===================================================================
---- zziplib-0.13.62.orig/zzip/memdisk.c
-+++ zziplib-0.13.62/zzip/memdisk.c
-@@ -180,7 +180,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
-      *  that exists in the other, ... but we will prefer the disk entry.
-      */
-     item->zz_comment = zzip_disk_entry_strdup_comment(disk, entry);
--    item->zz_name = zzip_disk_entry_strdup_name(disk, entry);
-+    item->zz_name = zzip_disk_entry_strdup_name(disk, entry) ?: strdup("");
-     item->zz_data = zzip_file_header_to_data(header);
-     item->zz_flags = zzip_disk_entry_get_flags(entry);
-     item->zz_compr = zzip_disk_entry_get_compr(entry);
-@@ -197,7 +197,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
-         int /*            */ ext2 = zzip_file_header_get_extras(header);
-         char *_zzip_restrict ptr2 = zzip_file_header_to_extras(header);
- 
--        if (ext1)
-+        if (ext1 && ((ptr1 + ext1) < disk->endbuf))
-         {
-             void *mem = malloc(ext1 + 2);
-             item->zz_ext[1] = mem;
-@@ -206,7 +206,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
-             ((char *) (mem))[ext1 + 0] = 0;
-             ((char *) (mem))[ext1 + 1] = 0;
-         }
--        if (ext2)
-+        if (ext2 && ((ptr2 + ext2) < disk->endbuf))
-         {
-             void *mem = malloc(ext2 + 2);
-             item->zz_ext[2] = mem;
diff --git a/gnu/packages/patches/zziplib-CVE-2017-5979.patch b/gnu/packages/patches/zziplib-CVE-2017-5979.patch
deleted file mode 100644
index b38f50b172..0000000000
--- a/gnu/packages/patches/zziplib-CVE-2017-5979.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-Fix CVE-2017-5979:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5979
-
-Patch copied from Debian.
-
-Index: zziplib-0.13.62/zzip/fseeko.c
-===================================================================
---- zziplib-0.13.62.orig/zzip/fseeko.c
-+++ zziplib-0.13.62/zzip/fseeko.c
-@@ -255,7 +255,7 @@ zzip_entry_findfirst(FILE * disk)
-         return 0;
-     /* we read out chunks of 8 KiB in the hope to match disk granularity */
-     ___ zzip_off_t pagesize = PAGESIZE; /* getpagesize() */
--    ___ ZZIP_ENTRY *entry = malloc(sizeof(*entry));
-+    ___ ZZIP_ENTRY *entry = calloc(1, sizeof(*entry));
-     if (! entry)
-         return 0;
-     ___ unsigned char *buffer = malloc(pagesize);
diff --git a/gnu/packages/patches/zziplib-CVE-2017-5981.patch b/gnu/packages/patches/zziplib-CVE-2017-5981.patch
deleted file mode 100644
index ed82cb3b91..0000000000
--- a/gnu/packages/patches/zziplib-CVE-2017-5981.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-Fix CVE-2017-5981:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5981
-
-Patch copied from Debian.
-Index: zziplib-0.13.62/zzip/fseeko.c
-===================================================================
---- zziplib-0.13.62.orig/zzip/fseeko.c
-+++ zziplib-0.13.62/zzip/fseeko.c
-@@ -311,7 +311,8 @@ zzip_entry_findfirst(FILE * disk)
-             } else
-                 continue;
- 
--            assert(0 <= root && root < mapsize);
-+	    if (root < 0 || root >= mapsize)
-+	        goto error;
-             if (fseeko(disk, root, SEEK_SET) == -1)
-                 goto error;
-             if (fread(disk_(entry), 1, sizeof(*disk_(entry)), disk)