diff options
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/a2ps-CVE-2015-8107.patch | 80 | ||||
-rw-r--r-- | gnu/packages/patches/clx-remove-demo.patch | 27 | ||||
-rw-r--r-- | gnu/packages/patches/csvkit-fix-tests.patch | 45 | ||||
-rw-r--r-- | gnu/packages/patches/cvs-CVE-2017-12836.patch (renamed from gnu/packages/patches/cvs-2017-12836.patch) | 0 | ||||
-rw-r--r-- | gnu/packages/patches/expat-CVE-2018-20843.patch | 21 | ||||
-rw-r--r-- | gnu/packages/patches/grub-binutils-compat.patch | 53 | ||||
-rw-r--r-- | gnu/packages/patches/grub-check-error-efibootmgr.patch | 197 | ||||
-rw-r--r-- | gnu/packages/patches/grub-efi-fat-serial-number.patch | 17 | ||||
-rw-r--r-- | gnu/packages/patches/libexif-CVE-2018-20030.patch | 120 | ||||
-rw-r--r-- | gnu/packages/patches/plib-CVE-2011-4620.patch | 13 | ||||
-rw-r--r-- | gnu/packages/patches/plib-CVE-2012-4552.patch | 57 | ||||
-rw-r--r-- | gnu/packages/patches/python-slugify-depend-on-unidecode.patch | 22 |
12 files changed, 367 insertions, 285 deletions
diff --git a/gnu/packages/patches/a2ps-CVE-2015-8107.patch b/gnu/packages/patches/a2ps-CVE-2015-8107.patch new file mode 100644 index 0000000000..5ea35d45da --- /dev/null +++ b/gnu/packages/patches/a2ps-CVE-2015-8107.patch @@ -0,0 +1,80 @@ +https://sources.debian.org/data/main/a/a2ps/1:4.14-2/debian/patches/fix-format-security.diff + +Index: b/lib/psgen.c +=================================================================== +--- a/lib/psgen.c ++++ b/lib/psgen.c +@@ -232,7 +232,7 @@ + default: + *buf = '\0'; + ps_escape_char (job, cp[i], buf); +- output (jdiv, (char *) buf); ++ output (jdiv, "%s", (char *) buf); + break; + } + } +Index: b/lib/output.c +=================================================================== +--- a/lib/output.c ++++ b/lib/output.c +@@ -525,7 +525,7 @@ + expand_user_string (job, FIRST_FILE (job), + (const uchar *) "Expand: requirement", + (const uchar *) token)); +- output (dest, expansion); ++ output (dest, "%s", expansion); + continue; + } + +Index: b/lib/parseppd.y +=================================================================== +--- a/lib/parseppd.y ++++ b/lib/parseppd.y +@@ -154,7 +154,7 @@ + void + yyerror (const char *msg) + { +- error_at_line (1, 0, ppdfilename, ppdlineno, msg); ++ error_at_line (1, 0, ppdfilename, ppdlineno, "%s", msg); + } + + /* +Index: b/src/parsessh.y +=================================================================== +--- a/src/parsessh.y ++++ b/src/parsessh.y +@@ -740,7 +740,7 @@ + void + yyerror (const char *msg) + { +- error_at_line (1, 0, sshfilename, sshlineno, msg); ++ error_at_line (1, 0, sshfilename, sshlineno, "%s", msg); + } + + /* +Index: b/lib/parseppd.c +=================================================================== +--- a/lib/parseppd.c ++++ b/lib/parseppd.c +@@ -1707,7 +1707,7 @@ + void + yyerror (const char *msg) + { +- error_at_line (1, 0, ppdfilename, ppdlineno, msg); ++ error_at_line (1, 0, ppdfilename, ppdlineno, "%s", msg); + } + + /* +Index: b/src/parsessh.c +=================================================================== +--- a/src/parsessh.c ++++ b/src/parsessh.c +@@ -2639,7 +2639,7 @@ + void + yyerror (const char *msg) + { +- error_at_line (1, 0, sshfilename, sshlineno, msg); ++ error_at_line (1, 0, sshfilename, sshlineno, "%s", msg); + } + + /* diff --git a/gnu/packages/patches/clx-remove-demo.patch b/gnu/packages/patches/clx-remove-demo.patch deleted file mode 100644 index c5fffea0d0..0000000000 --- a/gnu/packages/patches/clx-remove-demo.patch +++ /dev/null @@ -1,27 +0,0 @@ ---- a/clx.asd 2016-02-16 00:06:48.161596976 -0500 -+++ b/clx.asd 2016-02-16 00:06:54.793774658 -0500 -@@ -79,24 +79,6 @@ - (:file "xtest") - (:file "screensaver") - (:file "xinerama"))) -- (:module demo -- :default-component-class example-source-file -- :components -- ((:file "bezier") -- ;; KLUDGE: this requires "bezier" for proper operation, -- ;; but we don't declare that dependency here, because -- ;; asdf doesn't load example files anyway. -- (:file "beziertest") -- (:file "clclock") -- (:file "clipboard") -- (:file "clx-demos") -- (:file "gl-test") -- ;; FIXME: compiling this generates 30-odd spurious code -- ;; deletion notes. Find out why, and either fix or -- ;; workaround the problem. -- (:file "mandel") -- (:file "menu") -- (:file "zoid"))) - (:module test - :default-component-class example-source-file - :components diff --git a/gnu/packages/patches/csvkit-fix-tests.patch b/gnu/packages/patches/csvkit-fix-tests.patch new file mode 100644 index 0000000000..cb9ec39cb0 --- /dev/null +++ b/gnu/packages/patches/csvkit-fix-tests.patch @@ -0,0 +1,45 @@ +diff --git a/tests/test_utilities/test_csvsql.py b/tests/test_utilities/test_csvsql.py +index e6ec4af..4f47980 100644 +--- a/tests/test_utilities/test_csvsql.py ++++ b/tests/test_utilities/test_csvsql.py +@@ -197,7 +197,7 @@ class TestCSVSQL(CSVKitTestCase, EmptyFileTests): + utility.run() + output = output_file.getvalue() + output_file.close() +- self.assertEqual(output, 'a,b,c\n1,2,3\n0,5,6\n') ++ self.assertEqual(output, 'a,b,c\n1,2.0,3.0\n0,5.0,6.0\n') + + def test_no_prefix_unique_constraint(self): + self.get_output(['--db', 'sqlite:///' + self.db_file, '--insert', 'examples/dummy.csv', '--unique-constraint', 'a']) +diff --git a/tests/test_utilities/test_sql2csv.py b/tests/test_utilities/test_sql2csv.py +index a0c3d3e..babcfd6 100644 +--- a/tests/test_utilities/test_sql2csv.py ++++ b/tests/test_utilities/test_sql2csv.py +@@ -121,23 +121,23 @@ class TestSQL2CSV(CSVKitTestCase, EmptyFileTests): + input_file.close() + + def test_unicode(self): +- expected = self.csvsql('examples/test_utf8.csv') ++ self.csvsql('examples/test_utf8.csv') + csv = self.get_output(['--db', 'sqlite:///' + self.db_file, '--query', 'select * from foo']) +- self.assertEqual(csv.strip(), expected) ++ self.assertEqual(csv.strip(), 'foo,bar,baz\n1.0,2.0,3\n4.0,5.0,ʤ') + + def test_no_header_row(self): + self.csvsql('examples/dummy.csv') + csv = self.get_output(['--db', 'sqlite:///' + self.db_file, '--no-header-row', '--query', 'select * from foo']) + + self.assertTrue('a,b,c' not in csv) +- self.assertTrue('1,2,3' in csv) ++ self.assertTrue('1,2.0,3.0' in csv) + + def test_linenumbers(self): + self.csvsql('examples/dummy.csv') + csv = self.get_output(['--db', 'sqlite:///' + self.db_file, '--linenumbers', '--query', 'select * from foo']) + + self.assertTrue('line_number,a,b,c' in csv) +- self.assertTrue('1,1,2,3' in csv) ++ self.assertTrue('1,1,2.0,3.0' in csv) + + def test_wildcard_on_sqlite(self): + self.csvsql('examples/iris.csv') diff --git a/gnu/packages/patches/cvs-2017-12836.patch b/gnu/packages/patches/cvs-CVE-2017-12836.patch index 507ab0f7d0..507ab0f7d0 100644 --- a/gnu/packages/patches/cvs-2017-12836.patch +++ b/gnu/packages/patches/cvs-CVE-2017-12836.patch diff --git a/gnu/packages/patches/expat-CVE-2018-20843.patch b/gnu/packages/patches/expat-CVE-2018-20843.patch new file mode 100644 index 0000000000..216fbe9667 --- /dev/null +++ b/gnu/packages/patches/expat-CVE-2018-20843.patch @@ -0,0 +1,21 @@ +Fix extraction of namespace prefix from XML name. +Fixes CVE-2018-20843 + +This patch comes from upstream commit 11f8838bf99ea0a6f0b76f9760c43704d00c4ff6 +https://github.com/libexpat/libexpat/commit/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6 + +CVE is https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843 + +diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c +index 30d55c5..737d7cd 100644 +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -6071,7 +6071,7 @@ setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE *elementType) + else + poolDiscard(&dtd->pool); + elementType->prefix = prefix; +- ++ break; + } + } + return 1; diff --git a/gnu/packages/patches/grub-binutils-compat.patch b/gnu/packages/patches/grub-binutils-compat.patch deleted file mode 100644 index 2107869314..0000000000 --- a/gnu/packages/patches/grub-binutils-compat.patch +++ /dev/null @@ -1,53 +0,0 @@ -Fix a relocation issue that shows up with recent binutils. - -Patch taken from upstream: -https://git.sv.gnu.org/cgit/grub.git/commit/?id=842c390469e2c2e10b5aa36700324cd3bde25875 - -diff --git a/grub-core/efiemu/i386/loadcore64.c b/grub-core/efiemu/i386/loadcore64.c -index e49d0b6..18facf4 100644 ---- a/grub-core/efiemu/i386/loadcore64.c -+++ b/grub-core/efiemu/i386/loadcore64.c -@@ -98,6 +98,7 @@ grub_arch_efiemu_relocate_symbols64 (grub_efiemu_segment_t segs, - break; - - case R_X86_64_PC32: -+ case R_X86_64_PLT32: - err = grub_efiemu_write_value (addr, - *addr32 + rel->r_addend - + sym.off -diff --git a/grub-core/kern/x86_64/dl.c b/grub-core/kern/x86_64/dl.c -index 4406906..3a73e6e 100644 ---- a/grub-core/kern/x86_64/dl.c -+++ b/grub-core/kern/x86_64/dl.c -@@ -70,6 +70,7 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, - break; - - case R_X86_64_PC32: -+ case R_X86_64_PLT32: - { - grub_int64_t value; - value = ((grub_int32_t) *addr32) + rel->r_addend + sym->st_value - -diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c -index a2bb054..39d7efb 100644 ---- a/util/grub-mkimagexx.c -+++ b/util/grub-mkimagexx.c -@@ -841,6 +841,7 @@ SUFFIX (relocate_addresses) (Elf_Ehdr *e, Elf_Shdr *sections, - break; - - case R_X86_64_PC32: -+ case R_X86_64_PLT32: - { - grub_uint32_t *t32 = (grub_uint32_t *) target; - *t32 = grub_host_to_target64 (grub_target_to_host32 (*t32) -diff --git a/util/grub-module-verifier.c b/util/grub-module-verifier.c -index 9179285..a79271f 100644 ---- a/util/grub-module-verifier.c -+++ b/util/grub-module-verifier.c -@@ -19,6 +19,7 @@ struct grub_module_verifier_arch archs[] = { - -1 - }, (int[]){ - R_X86_64_PC32, -+ R_X86_64_PLT32, - -1 - } - }, diff --git a/gnu/packages/patches/grub-check-error-efibootmgr.patch b/gnu/packages/patches/grub-check-error-efibootmgr.patch deleted file mode 100644 index efeb20f213..0000000000 --- a/gnu/packages/patches/grub-check-error-efibootmgr.patch +++ /dev/null @@ -1,197 +0,0 @@ -Without this patch, GRUB may proceed to wipe all firmware boot entries -and report a successful installation, even if efibootmgr hit an error. - -Origin URL: -https://git.sv.gnu.org/cgit/grub.git/commit/?id=6400613ad0b463abc93362086a491cd2a5e99b0d - -From 6400613ad0b463abc93362086a491cd2a5e99b0d Mon Sep 17 00:00:00 2001 -From: Steve McIntyre <steve@einval.com> -Date: Wed, 31 Jan 2018 21:49:36 +0000 -Subject: Make grub-install check for errors from efibootmgr - -Code is currently ignoring errors from efibootmgr, giving users -clearly bogus output like: - - Setting up grub-efi-amd64 (2.02~beta3-4) ... - Installing for x86_64-efi platform. - Could not delete variable: No space left on device - Could not prepare Boot variable: No space left on device - Installation finished. No error reported. - -and then potentially unbootable systems. If efibootmgr fails, grub-install -should know that and report it! - -We've been using similar patch in Debian now for some time, with no ill effects. - -diff --git a/grub-core/osdep/unix/platform.c b/grub-core/osdep/unix/platform.c -index a3fcfca..ca448bc 100644 ---- a/grub-core/osdep/unix/platform.c -+++ b/grub-core/osdep/unix/platform.c -@@ -78,19 +78,20 @@ get_ofpathname (const char *dev) - dev); - } - --static void -+static int - grub_install_remove_efi_entries_by_distributor (const char *efi_distributor) - { - int fd; - pid_t pid = grub_util_exec_pipe ((const char * []){ "efibootmgr", NULL }, &fd); - char *line = NULL; - size_t len = 0; -+ int rc; - - if (!pid) - { - grub_util_warn (_("Unable to open stream from %s: %s"), - "efibootmgr", strerror (errno)); -- return; -+ return errno; - } - - FILE *fp = fdopen (fd, "r"); -@@ -98,7 +99,7 @@ grub_install_remove_efi_entries_by_distributor (const char *efi_distributor) - { - grub_util_warn (_("Unable to open stream from %s: %s"), - "efibootmgr", strerror (errno)); -- return; -+ return errno; - } - - line = xmalloc (80); -@@ -119,23 +120,25 @@ grub_install_remove_efi_entries_by_distributor (const char *efi_distributor) - bootnum = line + sizeof ("Boot") - 1; - bootnum[4] = '\0'; - if (!verbosity) -- grub_util_exec ((const char * []){ "efibootmgr", "-q", -+ rc = grub_util_exec ((const char * []){ "efibootmgr", "-q", - "-b", bootnum, "-B", NULL }); - else -- grub_util_exec ((const char * []){ "efibootmgr", -+ rc = grub_util_exec ((const char * []){ "efibootmgr", - "-b", bootnum, "-B", NULL }); - } - - free (line); -+ return rc; - } - --void -+int - grub_install_register_efi (grub_device_t efidir_grub_dev, - const char *efifile_path, - const char *efi_distributor) - { - const char * efidir_disk; - int efidir_part; -+ int ret; - efidir_disk = grub_util_biosdisk_get_osdev (efidir_grub_dev->disk); - efidir_part = efidir_grub_dev->disk->partition ? efidir_grub_dev->disk->partition->number + 1 : 1; - -@@ -151,23 +154,26 @@ grub_install_register_efi (grub_device_t efidir_grub_dev, - grub_util_exec ((const char * []){ "modprobe", "-q", "efivars", NULL }); - #endif - /* Delete old entries from the same distributor. */ -- grub_install_remove_efi_entries_by_distributor (efi_distributor); -+ ret = grub_install_remove_efi_entries_by_distributor (efi_distributor); -+ if (ret) -+ return ret; - - char *efidir_part_str = xasprintf ("%d", efidir_part); - - if (!verbosity) -- grub_util_exec ((const char * []){ "efibootmgr", "-q", -+ ret = grub_util_exec ((const char * []){ "efibootmgr", "-q", - "-c", "-d", efidir_disk, - "-p", efidir_part_str, "-w", - "-L", efi_distributor, "-l", - efifile_path, NULL }); - else -- grub_util_exec ((const char * []){ "efibootmgr", -+ ret = grub_util_exec ((const char * []){ "efibootmgr", - "-c", "-d", efidir_disk, - "-p", efidir_part_str, "-w", - "-L", efi_distributor, "-l", - efifile_path, NULL }); - free (efidir_part_str); -+ return ret; - } - - void -diff --git a/include/grub/util/install.h b/include/grub/util/install.h -index 5910b0c..0dba8b6 100644 ---- a/include/grub/util/install.h -+++ b/include/grub/util/install.h -@@ -210,7 +210,7 @@ grub_install_create_envblk_file (const char *name); - const char * - grub_install_get_default_x86_platform (void); - --void -+int - grub_install_register_efi (grub_device_t efidir_grub_dev, - const char *efifile_path, - const char *efi_distributor); -diff --git a/util/grub-install.c b/util/grub-install.c -index 5e4cdfd..690f180 100644 ---- a/util/grub-install.c -+++ b/util/grub-install.c -@@ -1848,9 +1848,13 @@ main (int argc, char *argv[]) - if (!removable && update_nvram) - { - /* Try to make this image bootable using the EFI Boot Manager, if available. */ -- grub_install_register_efi (efidir_grub_dev, -- "\\System\\Library\\CoreServices", -- efi_distributor); -+ int ret; -+ ret = grub_install_register_efi (efidir_grub_dev, -+ "\\System\\Library\\CoreServices", -+ efi_distributor); -+ if (ret) -+ grub_util_error (_("efibootmgr failed to register the boot entry: %s"), -+ strerror (ret)); - } - - grub_device_close (ins_dev); -@@ -1871,6 +1875,7 @@ main (int argc, char *argv[]) - { - char * efifile_path; - char * part; -+ int ret; - - /* Try to make this image bootable using the EFI Boot Manager, if available. */ - if (!efi_distributor || efi_distributor[0] == '\0') -@@ -1887,7 +1892,10 @@ main (int argc, char *argv[]) - efidir_grub_dev->disk->name, - (part ? ",": ""), (part ? : "")); - grub_free (part); -- grub_install_register_efi (efidir_grub_dev, -- efifile_path, efi_distributor); -+ ret = grub_install_register_efi (efidir_grub_dev, -+ efifile_path, efi_distributor); -+ if (ret) -+ grub_util_error (_("efibootmgr failed to register the boot entry: %s"), -+ strerror (ret)); - } - break; - - -Below is a followup to the patch above: the uninitialized variable could lead -‘grub-install’ to error out when it shouldn’t (seen on an AArch64 box where -‘grub_install_remove_efi_entries_by_distributor’ didn't have any entry to -remove): - - grub-install: error: efibootmgr failed to register the boot entry: Unknown error 65535. - -See <http://lists.gnu.org/archive/html/bug-grub/2018-10/msg00006.html>. - ---- grub-2.02/grub-core/osdep/unix/platform.c 2018-10-17 22:21:53.015284846 +0200 -+++ grub-2.02/grub-core/osdep/unix/platform.c 2018-10-17 22:21:55.595271222 +0200 -@@ -85,7 +85,7 @@ grub_install_remove_efi_entries_by_distr - pid_t pid = grub_util_exec_pipe ((const char * []){ "efibootmgr", NULL }, &fd); - char *line = NULL; - size_t len = 0; -- int rc; -+ int rc = 0; - - if (!pid) - { diff --git a/gnu/packages/patches/grub-efi-fat-serial-number.patch b/gnu/packages/patches/grub-efi-fat-serial-number.patch index ad92f9bc9e..aec37d68e2 100644 --- a/gnu/packages/patches/grub-efi-fat-serial-number.patch +++ b/gnu/packages/patches/grub-efi-fat-serial-number.patch @@ -4,22 +4,23 @@ serial number (instead of the randomly chosen one) to create EFI images (the 'efi.img' file) that are reproducible bit-for-bit. Patch by Ludovic Courtès <ludo@gnu.org>. +Mangled (for GRUB 2.04) by Tobias Geerinckx-Rice <me@tobias.gr>. ---- grub-2.02/util/grub-mkrescue.c 2019-04-20 19:15:26.180242812 +0200 -+++ grub-2.02/util/grub-mkrescue.c 2019-04-20 21:56:34.672370849 +0200 -@@ -788,8 +788,15 @@ main (int argc, char *argv[]) +--- grub-2.04/util/grub-mkrescue.c 2019-05-20 13:01:11.000000000 +0200 ++++ grub-2.04/util/grub-mkrescue.c 2019-07-08 23:57:36.912104652 +0200 +@@ -809,8 +809,15 @@ + free (efidir_efi_boot); efiimgfat = grub_util_path_concat (2, iso9660_dir, "efi.img"); - int rv; - rv = grub_util_exec ((const char * []) { "mformat", "-C", "-f", "2880", "-L", "16", "-i", - efiimgfat, "::", NULL }); + + const char *fat_serial_number = getenv ("GRUB_FAT_SERIAL_NUMBER"); + const char *mformat_args[] = -+ { "mformat", "-C", "-f", "2880", "-L", "16", -+ fat_serial_number != NULL ? "-N" : "-C", -+ fat_serial_number != NULL ? fat_serial_number : "-C", -+ "-i", efiimgfat, "::", NULL }; ++ { "mformat", "-C", "-f", "2880", "-L", "16", ++ fat_serial_number != NULL ? "-N" : "-C", ++ fat_serial_number != NULL ? fat_serial_number : "-C", ++ "-i", efiimgfat, "::", NULL }; + + rv = grub_util_exec (mformat_args); if (rv != 0) diff --git a/gnu/packages/patches/libexif-CVE-2018-20030.patch b/gnu/packages/patches/libexif-CVE-2018-20030.patch new file mode 100644 index 0000000000..57e4746b58 --- /dev/null +++ b/gnu/packages/patches/libexif-CVE-2018-20030.patch @@ -0,0 +1,120 @@ +https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89.patch + +NEWS section was removed +'12' -> '30' on line 79 + +From 6aa11df549114ebda520dde4cdaea2f9357b2c89 Mon Sep 17 00:00:00 2001 +From: Dan Fandrich <dan@coneharvesters.com> +Date: Fri, 12 Oct 2018 16:01:45 +0200 +Subject: [PATCH] Improve deep recursion detection in + exif_data_load_data_content. + +The existing detection was still vulnerable to pathological cases +causing DoS by wasting CPU. The new algorithm takes the number of tags +into account to make it harder to abuse by cases using shallow recursion +but with a very large number of tags. This improves on commit 5d28011c +which wasn't sufficient to counter this kind of case. + +The limitation in the previous fix was discovered by Laurent Delosieres, +Secunia Research at Flexera (Secunia Advisory SA84652) and is assigned +the identifier CVE-2018-20030. +--- + NEWS | 1 + + libexif/exif-data.c | 45 +++++++++++++++++++++++++++++++++++++-------- + 2 files changed, 38 insertions(+), 8 deletions(-) + +diff --git a/libexif/exif-data.c b/libexif/exif-data.c +index e35403d..a6f9c94 100644 +--- a/libexif/exif-data.c ++++ b/libexif/exif-data.c +@@ -35,6 +35,7 @@ + #include <libexif/olympus/exif-mnote-data-olympus.h> + #include <libexif/pentax/exif-mnote-data-pentax.h> + ++#include <math.h> + #include <stdlib.h> + #include <stdio.h> + #include <string.h> +@@ -350,6 +351,20 @@ if (data->ifd[(i)]->count) { \ + break; \ + } + ++/*! Calculate the recursion cost added by one level of IFD loading. ++ * ++ * The work performed is related to the cost in the exponential relation ++ * work=1.1**cost ++ */ ++static unsigned int ++level_cost(unsigned int n) ++{ ++ static const double log_1_1 = 0.09531017980432493; ++ ++ /* Adding 0.1 protects against the case where n==1 */ ++ return ceil(log(n + 0.1)/log_1_1); ++} ++ + /*! Load data for an IFD. + * + * \param[in,out] data #ExifData +@@ -357,13 +372,13 @@ if (data->ifd[(i)]->count) { \ + * \param[in] d pointer to buffer containing raw IFD data + * \param[in] ds size of raw data in buffer at \c d + * \param[in] offset offset into buffer at \c d at which IFD starts +- * \param[in] recursion_depth number of times this function has been +- * recursively called without returning ++ * \param[in] recursion_cost factor indicating how expensive this recursive ++ * call could be + */ + static void + exif_data_load_data_content (ExifData *data, ExifIfd ifd, + const unsigned char *d, +- unsigned int ds, unsigned int offset, unsigned int recursion_depth) ++ unsigned int ds, unsigned int offset, unsigned int recursion_cost) + { + ExifLong o, thumbnail_offset = 0, thumbnail_length = 0; + ExifShort n; +@@ -378,9 +393,20 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd, + if ((((int)ifd) < 0) || ( ((int)ifd) >= EXIF_IFD_COUNT)) + return; + +- if (recursion_depth > 30) { ++ if (recursion_cost > 170) { ++ /* ++ * recursion_cost is a logarithmic-scale indicator of how expensive this ++ * recursive call might end up being. It is an indicator of the depth of ++ * recursion as well as the potential for worst-case future recursive ++ * calls. Since it's difficult to tell ahead of time how often recursion ++ * will occur, this assumes the worst by assuming every tag could end up ++ * causing recursion. ++ * The value of 170 was chosen to limit typical EXIF structures to a ++ * recursive depth of about 6, but pathological ones (those with very ++ * many tags) to only 2. ++ */ + exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData", +- "Deep recursion detected!"); ++ "Deep/expensive recursion detected!"); + return; + } + +@@ -422,15 +448,18 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd, + switch (tag) { + case EXIF_TAG_EXIF_IFD_POINTER: + CHECK_REC (EXIF_IFD_EXIF); +- exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o, recursion_depth + 1); ++ exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o, ++ recursion_cost + level_cost(n)); + break; + case EXIF_TAG_GPS_INFO_IFD_POINTER: + CHECK_REC (EXIF_IFD_GPS); +- exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o, recursion_depth + 1); ++ exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o, ++ recursion_cost + level_cost(n)); + break; + case EXIF_TAG_INTEROPERABILITY_IFD_POINTER: + CHECK_REC (EXIF_IFD_INTEROPERABILITY); +- exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o, recursion_depth + 1); ++ exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o, ++ recursion_cost + level_cost(n)); + break; + case EXIF_TAG_JPEG_INTERCHANGE_FORMAT: + thumbnail_offset = o; diff --git a/gnu/packages/patches/plib-CVE-2011-4620.patch b/gnu/packages/patches/plib-CVE-2011-4620.patch new file mode 100644 index 0000000000..c5a03bd0ca --- /dev/null +++ b/gnu/packages/patches/plib-CVE-2011-4620.patch @@ -0,0 +1,13 @@ +https://sources.debian.org/data/main/p/plib/1.8.5-8/debian/patches/04_CVE-2011-4620.diff + +--- a/src/util/ulError.cxx ++++ b/src/util/ulError.cxx +@@ -39,7 +39,7 @@ + { + va_list argp; + va_start ( argp, fmt ) ; +- vsprintf ( _ulErrorBuffer, fmt, argp ) ; ++ vsnprintf ( _ulErrorBuffer, sizeof(_ulErrorBuffer), fmt, argp ) ; + va_end ( argp ) ; + + if ( _ulErrorCB ) diff --git a/gnu/packages/patches/plib-CVE-2012-4552.patch b/gnu/packages/patches/plib-CVE-2012-4552.patch new file mode 100644 index 0000000000..7b697855d6 --- /dev/null +++ b/gnu/packages/patches/plib-CVE-2012-4552.patch @@ -0,0 +1,57 @@ +https://sources.debian.org/data/main/p/plib/1.8.5-8/debian/patches/05_CVE-2012-4552.diff + +diff -up plib-1.8.5/src/ssg/ssgParser.cxx~ plib-1.8.5/src/ssg/ssgParser.cxx +--- plib-1.8.5/src/ssg/ssgParser.cxx~ 2008-03-11 03:06:23.000000000 +0100 ++++ plib-1.8.5/src/ssg/ssgParser.cxx 2012-11-01 15:33:12.424483374 +0100 +@@ -57,18 +57,16 @@ void _ssgParser::error( const char *form + char msgbuff[ 255 ]; + va_list argp; + +- char* msgptr = msgbuff; +- if (linenum) +- { +- msgptr += sprintf ( msgptr,"%s, line %d: ", +- path, linenum ); +- } +- + va_start( argp, format ); +- vsprintf( msgptr, format, argp ); ++ vsnprintf( msgbuff, sizeof(msgbuff), format, argp ); + va_end( argp ); + +- ulSetError ( UL_WARNING, "%s", msgbuff ) ; ++ if (linenum) ++ { ++ ulSetError ( UL_WARNING, "%s, line %d: %s", path, linenum, msgbuff ) ; ++ } else { ++ ulSetError ( UL_WARNING, "%s", msgbuff ) ; ++ } + } + + +@@ -78,18 +76,16 @@ void _ssgParser::message( const char *fo + char msgbuff[ 255 ]; + va_list argp; + +- char* msgptr = msgbuff; +- if (linenum) +- { +- msgptr += sprintf ( msgptr,"%s, line %d: ", +- path, linenum ); +- } +- + va_start( argp, format ); +- vsprintf( msgptr, format, argp ); ++ vsnprintf( msgbuff, sizeof(msgbuff), format, argp ); + va_end( argp ); + +- ulSetError ( UL_DEBUG, "%s", msgbuff ) ; ++ if (linenum) ++ { ++ ulSetError ( UL_DEBUG, "%s, line %d: %s", path, linenum, msgbuff ) ; ++ } else { ++ ulSetError ( UL_DEBUG, "%s", msgbuff ) ; ++ } + } + + // Opens the file and does a few internal calculations based on the spec. diff --git a/gnu/packages/patches/python-slugify-depend-on-unidecode.patch b/gnu/packages/patches/python-slugify-depend-on-unidecode.patch new file mode 100644 index 0000000000..6038f432f1 --- /dev/null +++ b/gnu/packages/patches/python-slugify-depend-on-unidecode.patch @@ -0,0 +1,22 @@ +diff --git a/setup.py b/setup.py +index 4800173..6bdd77f 100755 +--- a/setup.py ++++ b/setup.py +@@ -14,8 +14,7 @@ url = 'https://github.com/un33k/python-slugify' + author = 'Val Neekman' + author_email = 'info@neekware.com' + license = 'MIT' +-install_requires = ['text-unidecode==1.2'] +-extras_require = {'unidecode': ['Unidecode==1.0.23']} ++install_requires = ['Unidecode'] + + classifiers = [ + 'Development Status :: 5 - Production/Stable', +@@ -67,7 +66,6 @@ setup( + author_email=author_email, + packages=find_packages(exclude=EXCLUDE_FROM_PACKAGES), + install_requires=install_requires, +- extras_require=extras_require, + classifiers=classifiers, + entry_points={'console_scripts': ['slugify=slugify.slugify:main']}, + ) |