summary refs log tree commit diff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/a2ps-CVE-2015-8107.patch80
-rw-r--r--gnu/packages/patches/clx-remove-demo.patch27
-rw-r--r--gnu/packages/patches/csvkit-fix-tests.patch45
-rw-r--r--gnu/packages/patches/cvs-CVE-2017-12836.patch (renamed from gnu/packages/patches/cvs-2017-12836.patch)0
-rw-r--r--gnu/packages/patches/expat-CVE-2018-20843.patch21
-rw-r--r--gnu/packages/patches/grub-binutils-compat.patch53
-rw-r--r--gnu/packages/patches/grub-check-error-efibootmgr.patch197
-rw-r--r--gnu/packages/patches/grub-efi-fat-serial-number.patch17
-rw-r--r--gnu/packages/patches/libexif-CVE-2018-20030.patch120
-rw-r--r--gnu/packages/patches/plib-CVE-2011-4620.patch13
-rw-r--r--gnu/packages/patches/plib-CVE-2012-4552.patch57
-rw-r--r--gnu/packages/patches/python-slugify-depend-on-unidecode.patch22
12 files changed, 367 insertions, 285 deletions
diff --git a/gnu/packages/patches/a2ps-CVE-2015-8107.patch b/gnu/packages/patches/a2ps-CVE-2015-8107.patch
new file mode 100644
index 0000000000..5ea35d45da
--- /dev/null
+++ b/gnu/packages/patches/a2ps-CVE-2015-8107.patch
@@ -0,0 +1,80 @@
+https://sources.debian.org/data/main/a/a2ps/1:4.14-2/debian/patches/fix-format-security.diff
+
+Index: b/lib/psgen.c
+===================================================================
+--- a/lib/psgen.c
++++ b/lib/psgen.c
+@@ -232,7 +232,7 @@
+     default:
+       *buf = '\0';
+       ps_escape_char (job, cp[i], buf);
+-      output (jdiv, (char *) buf);
++      output (jdiv, "%s", (char *) buf);
+       break;
+     }
+   }
+Index: b/lib/output.c
+===================================================================
+--- a/lib/output.c
++++ b/lib/output.c
+@@ -525,7 +525,7 @@
+ 		     expand_user_string (job, FIRST_FILE (job),
+ 					 (const uchar *) "Expand: requirement",
+ 					 (const uchar *) token));
+-	output (dest, expansion);
++	output (dest, "%s", expansion);
+ 	continue;
+       }
+ 
+Index: b/lib/parseppd.y
+===================================================================
+--- a/lib/parseppd.y
++++ b/lib/parseppd.y
+@@ -154,7 +154,7 @@
+ void
+ yyerror (const char *msg)
+ {
+-  error_at_line (1, 0, ppdfilename, ppdlineno, msg);
++  error_at_line (1, 0, ppdfilename, ppdlineno, "%s", msg);
+ }
+ 
+ /*
+Index: b/src/parsessh.y
+===================================================================
+--- a/src/parsessh.y
++++ b/src/parsessh.y
+@@ -740,7 +740,7 @@
+ void
+ yyerror (const char *msg)
+ {
+-  error_at_line (1, 0, sshfilename, sshlineno, msg);
++  error_at_line (1, 0, sshfilename, sshlineno, "%s", msg);
+ }
+ 
+ /*
+Index: b/lib/parseppd.c
+===================================================================
+--- a/lib/parseppd.c
++++ b/lib/parseppd.c
+@@ -1707,7 +1707,7 @@
+ void
+ yyerror (const char *msg)
+ {
+-  error_at_line (1, 0, ppdfilename, ppdlineno, msg);
++  error_at_line (1, 0, ppdfilename, ppdlineno, "%s", msg);
+ }
+ 
+ /*
+Index: b/src/parsessh.c
+===================================================================
+--- a/src/parsessh.c
++++ b/src/parsessh.c
+@@ -2639,7 +2639,7 @@
+ void
+ yyerror (const char *msg)
+ {
+-  error_at_line (1, 0, sshfilename, sshlineno, msg);
++  error_at_line (1, 0, sshfilename, sshlineno, "%s", msg);
+ }
+ 
+ /*
diff --git a/gnu/packages/patches/clx-remove-demo.patch b/gnu/packages/patches/clx-remove-demo.patch
deleted file mode 100644
index c5fffea0d0..0000000000
--- a/gnu/packages/patches/clx-remove-demo.patch
+++ /dev/null
@@ -1,27 +0,0 @@
---- a/clx.asd	2016-02-16 00:06:48.161596976 -0500
-+++ b/clx.asd	2016-02-16 00:06:54.793774658 -0500
-@@ -79,24 +79,6 @@
-                (:file "xtest")
-                (:file "screensaver")
-                (:file "xinerama")))
--     (:module demo
--	      :default-component-class example-source-file
--	      :components
--	      ((:file "bezier")
--	       ;; KLUDGE: this requires "bezier" for proper operation,
--	       ;; but we don't declare that dependency here, because
--	       ;; asdf doesn't load example files anyway.
--	       (:file "beziertest")
--	       (:file "clclock")
--               (:file "clipboard")
--	       (:file "clx-demos")
--	       (:file "gl-test")
--	       ;; FIXME: compiling this generates 30-odd spurious code
--	       ;; deletion notes.  Find out why, and either fix or
--	       ;; workaround the problem.
--	       (:file "mandel")
--	       (:file "menu")
--	       (:file "zoid")))
-      (:module test
- 	      :default-component-class example-source-file
- 	      :components
diff --git a/gnu/packages/patches/csvkit-fix-tests.patch b/gnu/packages/patches/csvkit-fix-tests.patch
new file mode 100644
index 0000000000..cb9ec39cb0
--- /dev/null
+++ b/gnu/packages/patches/csvkit-fix-tests.patch
@@ -0,0 +1,45 @@
+diff --git a/tests/test_utilities/test_csvsql.py b/tests/test_utilities/test_csvsql.py
+index e6ec4af..4f47980 100644
+--- a/tests/test_utilities/test_csvsql.py
++++ b/tests/test_utilities/test_csvsql.py
+@@ -197,7 +197,7 @@ class TestCSVSQL(CSVKitTestCase, EmptyFileTests):
+         utility.run()
+         output = output_file.getvalue()
+         output_file.close()
+-        self.assertEqual(output, 'a,b,c\n1,2,3\n0,5,6\n')
++        self.assertEqual(output, 'a,b,c\n1,2.0,3.0\n0,5.0,6.0\n')
+
+     def test_no_prefix_unique_constraint(self):
+         self.get_output(['--db', 'sqlite:///' + self.db_file, '--insert', 'examples/dummy.csv', '--unique-constraint', 'a'])
+diff --git a/tests/test_utilities/test_sql2csv.py b/tests/test_utilities/test_sql2csv.py
+index a0c3d3e..babcfd6 100644
+--- a/tests/test_utilities/test_sql2csv.py
++++ b/tests/test_utilities/test_sql2csv.py
+@@ -121,23 +121,23 @@ class TestSQL2CSV(CSVKitTestCase, EmptyFileTests):
+         input_file.close()
+
+     def test_unicode(self):
+-        expected = self.csvsql('examples/test_utf8.csv')
++        self.csvsql('examples/test_utf8.csv')
+         csv = self.get_output(['--db', 'sqlite:///' + self.db_file, '--query', 'select * from foo'])
+-        self.assertEqual(csv.strip(), expected)
++        self.assertEqual(csv.strip(), 'foo,bar,baz\n1.0,2.0,3\n4.0,5.0,ʤ')
+
+     def test_no_header_row(self):
+         self.csvsql('examples/dummy.csv')
+         csv = self.get_output(['--db', 'sqlite:///' + self.db_file, '--no-header-row', '--query', 'select * from foo'])
+
+         self.assertTrue('a,b,c' not in csv)
+-        self.assertTrue('1,2,3' in csv)
++        self.assertTrue('1,2.0,3.0' in csv)
+
+     def test_linenumbers(self):
+         self.csvsql('examples/dummy.csv')
+         csv = self.get_output(['--db', 'sqlite:///' + self.db_file, '--linenumbers', '--query', 'select * from foo'])
+
+         self.assertTrue('line_number,a,b,c' in csv)
+-        self.assertTrue('1,1,2,3' in csv)
++        self.assertTrue('1,1,2.0,3.0' in csv)
+
+     def test_wildcard_on_sqlite(self):
+         self.csvsql('examples/iris.csv')
diff --git a/gnu/packages/patches/cvs-2017-12836.patch b/gnu/packages/patches/cvs-CVE-2017-12836.patch
index 507ab0f7d0..507ab0f7d0 100644
--- a/gnu/packages/patches/cvs-2017-12836.patch
+++ b/gnu/packages/patches/cvs-CVE-2017-12836.patch
diff --git a/gnu/packages/patches/expat-CVE-2018-20843.patch b/gnu/packages/patches/expat-CVE-2018-20843.patch
new file mode 100644
index 0000000000..216fbe9667
--- /dev/null
+++ b/gnu/packages/patches/expat-CVE-2018-20843.patch
@@ -0,0 +1,21 @@
+Fix extraction of namespace prefix from XML name.
+Fixes CVE-2018-20843
+
+This patch comes from upstream commit 11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
+https://github.com/libexpat/libexpat/commit/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
+
+CVE is https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843
+
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
+index 30d55c5..737d7cd 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -6071,7 +6071,7 @@ setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE *elementType)
+       else
+         poolDiscard(&dtd->pool);
+       elementType->prefix = prefix;
+-
++      break;
+     }
+   }
+   return 1;
diff --git a/gnu/packages/patches/grub-binutils-compat.patch b/gnu/packages/patches/grub-binutils-compat.patch
deleted file mode 100644
index 2107869314..0000000000
--- a/gnu/packages/patches/grub-binutils-compat.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-Fix a relocation issue that shows up with recent binutils.
-
-Patch taken from upstream:
-https://git.sv.gnu.org/cgit/grub.git/commit/?id=842c390469e2c2e10b5aa36700324cd3bde25875
-
-diff --git a/grub-core/efiemu/i386/loadcore64.c b/grub-core/efiemu/i386/loadcore64.c
-index e49d0b6..18facf4 100644
---- a/grub-core/efiemu/i386/loadcore64.c
-+++ b/grub-core/efiemu/i386/loadcore64.c
-@@ -98,6 +98,7 @@ grub_arch_efiemu_relocate_symbols64 (grub_efiemu_segment_t segs,
- 		    break;
- 
- 		  case R_X86_64_PC32:
-+		  case R_X86_64_PLT32:
- 		    err = grub_efiemu_write_value (addr,
- 						   *addr32 + rel->r_addend
- 						   + sym.off
-diff --git a/grub-core/kern/x86_64/dl.c b/grub-core/kern/x86_64/dl.c
-index 4406906..3a73e6e 100644
---- a/grub-core/kern/x86_64/dl.c
-+++ b/grub-core/kern/x86_64/dl.c
-@@ -70,6 +70,7 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr,
- 	  break;
- 
- 	case R_X86_64_PC32:
-+	case R_X86_64_PLT32:
- 	  {
- 	    grub_int64_t value;
- 	    value = ((grub_int32_t) *addr32) + rel->r_addend + sym->st_value -
-diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c
-index a2bb054..39d7efb 100644
---- a/util/grub-mkimagexx.c
-+++ b/util/grub-mkimagexx.c
-@@ -841,6 +841,7 @@ SUFFIX (relocate_addresses) (Elf_Ehdr *e, Elf_Shdr *sections,
- 		  break;
- 
- 		case R_X86_64_PC32:
-+		case R_X86_64_PLT32:
- 		  {
- 		    grub_uint32_t *t32 = (grub_uint32_t *) target;
- 		    *t32 = grub_host_to_target64 (grub_target_to_host32 (*t32)
-diff --git a/util/grub-module-verifier.c b/util/grub-module-verifier.c
-index 9179285..a79271f 100644
---- a/util/grub-module-verifier.c
-+++ b/util/grub-module-verifier.c
-@@ -19,6 +19,7 @@ struct grub_module_verifier_arch archs[] = {
-       -1
-     }, (int[]){
-       R_X86_64_PC32,
-+      R_X86_64_PLT32,
-       -1
-     }
-   },
diff --git a/gnu/packages/patches/grub-check-error-efibootmgr.patch b/gnu/packages/patches/grub-check-error-efibootmgr.patch
deleted file mode 100644
index efeb20f213..0000000000
--- a/gnu/packages/patches/grub-check-error-efibootmgr.patch
+++ /dev/null
@@ -1,197 +0,0 @@
-Without this patch, GRUB may proceed to wipe all firmware boot entries
-and report a successful installation, even if efibootmgr hit an error.
-
-Origin URL:
-https://git.sv.gnu.org/cgit/grub.git/commit/?id=6400613ad0b463abc93362086a491cd2a5e99b0d
-
-From 6400613ad0b463abc93362086a491cd2a5e99b0d Mon Sep 17 00:00:00 2001
-From: Steve McIntyre <steve@einval.com>
-Date: Wed, 31 Jan 2018 21:49:36 +0000
-Subject: Make grub-install check for errors from efibootmgr
-
-Code is currently ignoring errors from efibootmgr, giving users
-clearly bogus output like:
-
-        Setting up grub-efi-amd64 (2.02~beta3-4) ...
-        Installing for x86_64-efi platform.
-        Could not delete variable: No space left on device
-        Could not prepare Boot variable: No space left on device
-        Installation finished. No error reported.
-
-and then potentially unbootable systems. If efibootmgr fails, grub-install
-should know that and report it!
-
-We've been using similar patch in Debian now for some time, with no ill effects.
-
-diff --git a/grub-core/osdep/unix/platform.c b/grub-core/osdep/unix/platform.c
-index a3fcfca..ca448bc 100644
---- a/grub-core/osdep/unix/platform.c
-+++ b/grub-core/osdep/unix/platform.c
-@@ -78,19 +78,20 @@ get_ofpathname (const char *dev)
- 		   dev);
- }
- 
--static void
-+static int
- grub_install_remove_efi_entries_by_distributor (const char *efi_distributor)
- {
-   int fd;
-   pid_t pid = grub_util_exec_pipe ((const char * []){ "efibootmgr", NULL }, &fd);
-   char *line = NULL;
-   size_t len = 0;
-+  int rc;
- 
-   if (!pid)
-     {
-       grub_util_warn (_("Unable to open stream from %s: %s"),
- 		      "efibootmgr", strerror (errno));
--      return;
-+      return errno;
-     }
- 
-   FILE *fp = fdopen (fd, "r");
-@@ -98,7 +99,7 @@ grub_install_remove_efi_entries_by_distributor (const char *efi_distributor)
-     {
-       grub_util_warn (_("Unable to open stream from %s: %s"),
- 		      "efibootmgr", strerror (errno));
--      return;
-+      return errno;
-     }
- 
-   line = xmalloc (80);
-@@ -119,23 +120,25 @@ grub_install_remove_efi_entries_by_distributor (const char *efi_distributor)
-       bootnum = line + sizeof ("Boot") - 1;
-       bootnum[4] = '\0';
-       if (!verbosity)
--	grub_util_exec ((const char * []){ "efibootmgr", "-q",
-+	rc = grub_util_exec ((const char * []){ "efibootmgr", "-q",
- 	      "-b", bootnum,  "-B", NULL });
-       else
--	grub_util_exec ((const char * []){ "efibootmgr",
-+	rc = grub_util_exec ((const char * []){ "efibootmgr",
- 	      "-b", bootnum, "-B", NULL });
-     }
- 
-   free (line);
-+  return rc;
- }
- 
--void
-+int
- grub_install_register_efi (grub_device_t efidir_grub_dev,
- 			   const char *efifile_path,
- 			   const char *efi_distributor)
- {
-   const char * efidir_disk;
-   int efidir_part;
-+  int ret;
-   efidir_disk = grub_util_biosdisk_get_osdev (efidir_grub_dev->disk);
-   efidir_part = efidir_grub_dev->disk->partition ? efidir_grub_dev->disk->partition->number + 1 : 1;
- 
-@@ -151,23 +154,26 @@ grub_install_register_efi (grub_device_t efidir_grub_dev,
-   grub_util_exec ((const char * []){ "modprobe", "-q", "efivars", NULL });
- #endif
-   /* Delete old entries from the same distributor.  */
--  grub_install_remove_efi_entries_by_distributor (efi_distributor);
-+  ret = grub_install_remove_efi_entries_by_distributor (efi_distributor);
-+  if (ret)
-+    return ret;
- 
-   char *efidir_part_str = xasprintf ("%d", efidir_part);
- 
-   if (!verbosity)
--    grub_util_exec ((const char * []){ "efibootmgr", "-q",
-+    ret = grub_util_exec ((const char * []){ "efibootmgr", "-q",
- 	  "-c", "-d", efidir_disk,
- 	  "-p", efidir_part_str, "-w",
- 	  "-L", efi_distributor, "-l", 
- 	  efifile_path, NULL });
-   else
--    grub_util_exec ((const char * []){ "efibootmgr",
-+    ret = grub_util_exec ((const char * []){ "efibootmgr",
- 	  "-c", "-d", efidir_disk,
- 	  "-p", efidir_part_str, "-w",
- 	  "-L", efi_distributor, "-l", 
- 	  efifile_path, NULL });
-   free (efidir_part_str);
-+  return ret;
- }
- 
- void
-diff --git a/include/grub/util/install.h b/include/grub/util/install.h
-index 5910b0c..0dba8b6 100644
---- a/include/grub/util/install.h
-+++ b/include/grub/util/install.h
-@@ -210,7 +210,7 @@ grub_install_create_envblk_file (const char *name);
- const char *
- grub_install_get_default_x86_platform (void);
- 
--void
-+int
- grub_install_register_efi (grub_device_t efidir_grub_dev,
- 			   const char *efifile_path,
- 			   const char *efi_distributor);
-diff --git a/util/grub-install.c b/util/grub-install.c
-index 5e4cdfd..690f180 100644
---- a/util/grub-install.c
-+++ b/util/grub-install.c
-@@ -1848,9 +1848,13 @@ main (int argc, char *argv[])
- 	  if (!removable && update_nvram)
- 	    {
- 	      /* Try to make this image bootable using the EFI Boot Manager, if available.  */
--	      grub_install_register_efi (efidir_grub_dev,
--					 "\\System\\Library\\CoreServices",
--					 efi_distributor);
-+	      int ret;
-+	      ret = grub_install_register_efi (efidir_grub_dev,
-+					       "\\System\\Library\\CoreServices",
-+					       efi_distributor);
-+	      if (ret)
-+	        grub_util_error (_("efibootmgr failed to register the boot entry: %s"),
-+				 strerror (ret));
- 	    }
- 
- 	  grub_device_close (ins_dev);
-@@ -1871,6 +1875,7 @@ main (int argc, char *argv[])
- 	{
- 	  char * efifile_path;
- 	  char * part;
-+	  int ret;
- 
- 	  /* Try to make this image bootable using the EFI Boot Manager, if available.  */
- 	  if (!efi_distributor || efi_distributor[0] == '\0')
-@@ -1887,7 +1892,10 @@ main (int argc, char *argv[])
- 			  efidir_grub_dev->disk->name,
- 			  (part ? ",": ""), (part ? : ""));
- 	  grub_free (part);
--	  grub_install_register_efi (efidir_grub_dev,
--				     efifile_path, efi_distributor);
-+	  ret = grub_install_register_efi (efidir_grub_dev,
-+					   efifile_path, efi_distributor);
-+	  if (ret)
-+	    grub_util_error (_("efibootmgr failed to register the boot entry: %s"),
-+			     strerror (ret));
- 	}
-       break;
-
-
-Below is a followup to the patch above: the uninitialized variable could lead
-‘grub-install’ to error out when it shouldn’t (seen on an AArch64 box where
-‘grub_install_remove_efi_entries_by_distributor’ didn't have any entry to
-remove):
-
-  grub-install: error: efibootmgr failed to register the boot entry: Unknown error 65535.
-
-See <http://lists.gnu.org/archive/html/bug-grub/2018-10/msg00006.html>.
-
---- grub-2.02/grub-core/osdep/unix/platform.c	2018-10-17 22:21:53.015284846 +0200
-+++ grub-2.02/grub-core/osdep/unix/platform.c	2018-10-17 22:21:55.595271222 +0200
-@@ -85,7 +85,7 @@ grub_install_remove_efi_entries_by_distr
-   pid_t pid = grub_util_exec_pipe ((const char * []){ "efibootmgr", NULL }, &fd);
-   char *line = NULL;
-   size_t len = 0;
--  int rc;
-+  int rc = 0;
- 
-   if (!pid)
-     {
diff --git a/gnu/packages/patches/grub-efi-fat-serial-number.patch b/gnu/packages/patches/grub-efi-fat-serial-number.patch
index ad92f9bc9e..aec37d68e2 100644
--- a/gnu/packages/patches/grub-efi-fat-serial-number.patch
+++ b/gnu/packages/patches/grub-efi-fat-serial-number.patch
@@ -4,22 +4,23 @@ serial number (instead of the randomly chosen one) to create EFI
 images (the 'efi.img' file) that are reproducible bit-for-bit.
 
 Patch by Ludovic Courtès <ludo@gnu.org>.
+Mangled (for GRUB 2.04) by Tobias Geerinckx-Rice <me@tobias.gr>.
 
---- grub-2.02/util/grub-mkrescue.c	2019-04-20 19:15:26.180242812 +0200
-+++ grub-2.02/util/grub-mkrescue.c	2019-04-20 21:56:34.672370849 +0200
-@@ -788,8 +788,15 @@ main (int argc, char *argv[])
+--- grub-2.04/util/grub-mkrescue.c	2019-05-20 13:01:11.000000000 +0200
++++ grub-2.04/util/grub-mkrescue.c	2019-07-08 23:57:36.912104652 +0200
+@@ -809,8 +809,15 @@
+       free (efidir_efi_boot);
  
        efiimgfat = grub_util_path_concat (2, iso9660_dir, "efi.img");
-       int rv;
 -      rv = grub_util_exec ((const char * []) { "mformat", "-C", "-f", "2880", "-L", "16", "-i",
 -	    efiimgfat, "::", NULL });
 +
 +      const char *fat_serial_number = getenv ("GRUB_FAT_SERIAL_NUMBER");
 +      const char *mformat_args[] =
-+	{ "mformat", "-C", "-f", "2880", "-L", "16",
-+	  fat_serial_number != NULL ? "-N" : "-C",
-+	  fat_serial_number != NULL ? fat_serial_number : "-C",
-+	  "-i", efiimgfat, "::", NULL };
++       { "mformat", "-C", "-f", "2880", "-L", "16",
++         fat_serial_number != NULL ? "-N" : "-C",
++         fat_serial_number != NULL ? fat_serial_number : "-C",
++         "-i", efiimgfat, "::", NULL };
 +
 +      rv = grub_util_exec (mformat_args);
        if (rv != 0)
diff --git a/gnu/packages/patches/libexif-CVE-2018-20030.patch b/gnu/packages/patches/libexif-CVE-2018-20030.patch
new file mode 100644
index 0000000000..57e4746b58
--- /dev/null
+++ b/gnu/packages/patches/libexif-CVE-2018-20030.patch
@@ -0,0 +1,120 @@
+https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89.patch
+
+NEWS section was removed
+'12' -> '30' on line 79
+
+From 6aa11df549114ebda520dde4cdaea2f9357b2c89 Mon Sep 17 00:00:00 2001
+From: Dan Fandrich <dan@coneharvesters.com>
+Date: Fri, 12 Oct 2018 16:01:45 +0200
+Subject: [PATCH] Improve deep recursion detection in
+ exif_data_load_data_content.
+
+The existing detection was still vulnerable to pathological cases
+causing DoS by wasting CPU. The new algorithm takes the number of tags
+into account to make it harder to abuse by cases using shallow recursion
+but with a very large number of tags.  This improves on commit 5d28011c
+which wasn't sufficient to counter this kind of case.
+
+The limitation in the previous fix was discovered by Laurent Delosieres,
+Secunia Research at Flexera (Secunia Advisory SA84652) and is assigned
+the identifier CVE-2018-20030.
+---
+ NEWS                |  1 +
+ libexif/exif-data.c | 45 +++++++++++++++++++++++++++++++++++++--------
+ 2 files changed, 38 insertions(+), 8 deletions(-)
+
+diff --git a/libexif/exif-data.c b/libexif/exif-data.c
+index e35403d..a6f9c94 100644
+--- a/libexif/exif-data.c
++++ b/libexif/exif-data.c
+@@ -35,6 +35,7 @@
+ #include <libexif/olympus/exif-mnote-data-olympus.h>
+ #include <libexif/pentax/exif-mnote-data-pentax.h>
+ 
++#include <math.h>
+ #include <stdlib.h>
+ #include <stdio.h>
+ #include <string.h>
+@@ -350,6 +351,20 @@ if (data->ifd[(i)]->count) {				\
+ 	break;						\
+ }
+ 
++/*! Calculate the recursion cost added by one level of IFD loading.
++ *
++ * The work performed is related to the cost in the exponential relation
++ *   work=1.1**cost
++ */
++static unsigned int
++level_cost(unsigned int n)
++{
++    static const double log_1_1 = 0.09531017980432493;
++
++	/* Adding 0.1 protects against the case where n==1 */
++	return ceil(log(n + 0.1)/log_1_1);
++}
++
+ /*! Load data for an IFD.
+  *
+  * \param[in,out] data #ExifData
+@@ -357,13 +372,13 @@ if (data->ifd[(i)]->count) {				\
+  * \param[in] d pointer to buffer containing raw IFD data
+  * \param[in] ds size of raw data in buffer at \c d
+  * \param[in] offset offset into buffer at \c d at which IFD starts
+- * \param[in] recursion_depth number of times this function has been
+- * recursively called without returning
++ * \param[in] recursion_cost factor indicating how expensive this recursive
++ * call could be
+  */
+ static void
+ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
+ 			     const unsigned char *d,
+-			     unsigned int ds, unsigned int offset, unsigned int recursion_depth)
++			     unsigned int ds, unsigned int offset, unsigned int recursion_cost)
+ {
+ 	ExifLong o, thumbnail_offset = 0, thumbnail_length = 0;
+ 	ExifShort n;
+@@ -378,9 +393,20 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
+ 	if ((((int)ifd) < 0) || ( ((int)ifd) >= EXIF_IFD_COUNT))
+ 	  return;
+ 
+-	if (recursion_depth > 30) {
++	if (recursion_cost > 170) {
++		/*
++		 * recursion_cost is a logarithmic-scale indicator of how expensive this
++		 * recursive call might end up being. It is an indicator of the depth of
++		 * recursion as well as the potential for worst-case future recursive
++		 * calls. Since it's difficult to tell ahead of time how often recursion
++		 * will occur, this assumes the worst by assuming every tag could end up
++		 * causing recursion.
++		 * The value of 170 was chosen to limit typical EXIF structures to a
++		 * recursive depth of about 6, but pathological ones (those with very
++		 * many tags) to only 2.
++		 */
+ 		exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
+-			  "Deep recursion detected!");
++			  "Deep/expensive recursion detected!");
+ 		return;
+ 	}
+ 
+@@ -422,15 +448,18 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
+ 			switch (tag) {
+ 			case EXIF_TAG_EXIF_IFD_POINTER:
+ 				CHECK_REC (EXIF_IFD_EXIF);
+-				exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o, recursion_depth + 1);
++				exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o,
++					recursion_cost + level_cost(n));
+ 				break;
+ 			case EXIF_TAG_GPS_INFO_IFD_POINTER:
+ 				CHECK_REC (EXIF_IFD_GPS);
+-				exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o, recursion_depth + 1);
++				exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o,
++					recursion_cost + level_cost(n));
+ 				break;
+ 			case EXIF_TAG_INTEROPERABILITY_IFD_POINTER:
+ 				CHECK_REC (EXIF_IFD_INTEROPERABILITY);
+-				exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o, recursion_depth + 1);
++				exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o,
++					recursion_cost + level_cost(n));
+ 				break;
+ 			case EXIF_TAG_JPEG_INTERCHANGE_FORMAT:
+ 				thumbnail_offset = o;
diff --git a/gnu/packages/patches/plib-CVE-2011-4620.patch b/gnu/packages/patches/plib-CVE-2011-4620.patch
new file mode 100644
index 0000000000..c5a03bd0ca
--- /dev/null
+++ b/gnu/packages/patches/plib-CVE-2011-4620.patch
@@ -0,0 +1,13 @@
+https://sources.debian.org/data/main/p/plib/1.8.5-8/debian/patches/04_CVE-2011-4620.diff
+
+--- a/src/util/ulError.cxx
++++ b/src/util/ulError.cxx
+@@ -39,7 +39,7 @@
+ {
+   va_list argp;
+   va_start ( argp, fmt ) ;
+-  vsprintf ( _ulErrorBuffer, fmt, argp ) ;
++  vsnprintf ( _ulErrorBuffer, sizeof(_ulErrorBuffer), fmt, argp ) ;
+   va_end ( argp ) ;
+  
+   if ( _ulErrorCB )
diff --git a/gnu/packages/patches/plib-CVE-2012-4552.patch b/gnu/packages/patches/plib-CVE-2012-4552.patch
new file mode 100644
index 0000000000..7b697855d6
--- /dev/null
+++ b/gnu/packages/patches/plib-CVE-2012-4552.patch
@@ -0,0 +1,57 @@
+https://sources.debian.org/data/main/p/plib/1.8.5-8/debian/patches/05_CVE-2012-4552.diff
+
+diff -up plib-1.8.5/src/ssg/ssgParser.cxx~ plib-1.8.5/src/ssg/ssgParser.cxx
+--- plib-1.8.5/src/ssg/ssgParser.cxx~	2008-03-11 03:06:23.000000000 +0100
++++ plib-1.8.5/src/ssg/ssgParser.cxx	2012-11-01 15:33:12.424483374 +0100
+@@ -57,18 +57,16 @@ void _ssgParser::error( const char *form
+   char msgbuff[ 255 ];
+   va_list argp;
+ 
+-  char* msgptr = msgbuff;
+-  if (linenum)
+-  {
+-    msgptr += sprintf ( msgptr,"%s, line %d: ",
+-      path, linenum );
+-  }
+-
+   va_start( argp, format );
+-  vsprintf( msgptr, format, argp );
++  vsnprintf( msgbuff, sizeof(msgbuff), format, argp );
+   va_end( argp );
+ 
+-  ulSetError ( UL_WARNING, "%s", msgbuff ) ;
++  if (linenum)
++  {
++    ulSetError ( UL_WARNING, "%s, line %d: %s", path, linenum, msgbuff ) ;
++  } else {
++    ulSetError ( UL_WARNING, "%s", msgbuff ) ;
++  }
+ }
+ 
+ 
+@@ -78,18 +76,16 @@ void _ssgParser::message( const char *fo
+   char msgbuff[ 255 ];
+   va_list argp;
+ 
+-  char* msgptr = msgbuff;
+-  if (linenum)
+-  {
+-    msgptr += sprintf ( msgptr,"%s, line %d: ",
+-      path, linenum );
+-  }
+-
+   va_start( argp, format );
+-  vsprintf( msgptr, format, argp );
++  vsnprintf( msgbuff, sizeof(msgbuff), format, argp );
+   va_end( argp );
+ 
+-  ulSetError ( UL_DEBUG, "%s", msgbuff ) ;
++  if (linenum)
++  {
++    ulSetError ( UL_DEBUG, "%s, line %d: %s", path, linenum, msgbuff ) ;
++  } else {
++    ulSetError ( UL_DEBUG, "%s", msgbuff ) ;
++  }
+ }
+ 
+ // Opens the file and does a few internal calculations based on the spec.
diff --git a/gnu/packages/patches/python-slugify-depend-on-unidecode.patch b/gnu/packages/patches/python-slugify-depend-on-unidecode.patch
new file mode 100644
index 0000000000..6038f432f1
--- /dev/null
+++ b/gnu/packages/patches/python-slugify-depend-on-unidecode.patch
@@ -0,0 +1,22 @@
+diff --git a/setup.py b/setup.py
+index 4800173..6bdd77f 100755
+--- a/setup.py
++++ b/setup.py
+@@ -14,8 +14,7 @@ url = 'https://github.com/un33k/python-slugify'
+ author = 'Val Neekman'
+ author_email = 'info@neekware.com'
+ license = 'MIT'
+-install_requires = ['text-unidecode==1.2']
+-extras_require = {'unidecode': ['Unidecode==1.0.23']}
++install_requires = ['Unidecode']
+ 
+ classifiers = [
+     'Development Status :: 5 - Production/Stable',
+@@ -67,7 +66,6 @@ setup(
+     author_email=author_email,
+     packages=find_packages(exclude=EXCLUDE_FROM_PACKAGES),
+     install_requires=install_requires,
+-    extras_require=extras_require,
+     classifiers=classifiers,
+     entry_points={'console_scripts': ['slugify=slugify.slugify:main']},
+ )