diff options
Diffstat (limited to 'gnu/packages/patches')
69 files changed, 2878 insertions, 1419 deletions
diff --git a/gnu/packages/patches/coreutils-fix-cross-compilation.patch b/gnu/packages/patches/coreutils-fix-cross-compilation.patch new file mode 100644 index 0000000000..3f0d35c33e --- /dev/null +++ b/gnu/packages/patches/coreutils-fix-cross-compilation.patch @@ -0,0 +1,15 @@ +Coreutils fails to cross compile for other platforms because cu_install_program +is not being evaluated properly. This patch fixes it. +See <https://lists.gnu.org/archive/html/coreutils/2017-01/msg00039.html> +--- a/Makefile.in ++++ b/Makefile.in +@@ -5023,7 +5023,7 @@ pr = progs-readme + @CROSS_COMPILING_FALSE@cu_install_program = src/ginstall + + # Use the just-built 'ginstall', when not cross-compiling. +-@CROSS_COMPILING_TRUE@cu_install_program = @INSTALL_PROGRAM@ ++@CROSS_COMPILING_TRUE@cu_install_program := @INSTALL@ + info_TEXINFOS = doc/coreutils.texi + doc_coreutils_TEXINFOS = \ + doc/perm.texi \ + diff --git a/gnu/packages/patches/duplicity-piped-password.patch b/gnu/packages/patches/duplicity-piped-password.patch deleted file mode 100644 index db50f5df32..0000000000 --- a/gnu/packages/patches/duplicity-piped-password.patch +++ /dev/null @@ -1,20 +0,0 @@ -This test, on three occasions, is failing with the error: - - EOF: End Of File (EOF) in read_nonblocking(). Braindead platform. - ---- duplicity-0.6.24/testing/functional/test_final.py 2014-09-28 13:14:52.146001614 -0500 -+++ duplicity-0.6.24/testing/functional/test_final.py 2014-09-28 13:13:20.333546342 -0500 -@@ -156,13 +156,6 @@ - self.run_duplicity(options=["remove-older-than", "50000", "--force", self.backend_url]) - self.assertEqual(self.get_backend_files(), second_chain) - -- def test_piped_password(self): -- """Make sure that prompting for a password works""" -- self.set_environ("PASSPHRASE", None) -- self.backup("full", "testfiles/empty_dir", -- passphrase_input=[self.sign_passphrase, self.sign_passphrase]) -- self.restore(passphrase_input=[self.sign_passphrase]) -- - - class OldFilenamesFinalTest(FinalTest): - diff --git a/gnu/packages/patches/duplicity-test_selection-tmp.patch b/gnu/packages/patches/duplicity-test_selection-tmp.patch deleted file mode 100644 index 8f66be4dcc..0000000000 --- a/gnu/packages/patches/duplicity-test_selection-tmp.patch +++ /dev/null @@ -1,18 +0,0 @@ -Reported upstream at https://bugs.launchpad.net/duplicity/+bug/1375019 - ---- duplicity-0.6.24/testing/unit/test_selection.py 2014-05-09 08:27:40.000000000 -0500 -+++ duplicity-0.6.24/testing/unit/test_selection.py 2014-09-28 12:28:53.932324380 -0500 -@@ -431,10 +431,10 @@ - [(), ('1',), ('1', '1'), ('1', '2'), ('1', '3')]) - - self.root = Path("/") -- self.ParseTest([("--exclude", "/home/*"), -- ("--include", "/home"), -+ self.ParseTest([("--exclude", "/tmp/*"), -+ ("--include", "/tmp"), - ("--exclude", "/")], -- [(), ("home",)]) -+ [(), ("tmp",)]) - - if __name__ == "__main__": - unittest.main() diff --git a/gnu/packages/patches/flex-CVE-2016-6354.patch b/gnu/packages/patches/flex-CVE-2016-6354.patch deleted file mode 100644 index 1f3cb028d4..0000000000 --- a/gnu/packages/patches/flex-CVE-2016-6354.patch +++ /dev/null @@ -1,30 +0,0 @@ -Fix CVE-2016-6354 (Buffer overflow in generated code (yy_get_next_buffer). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6354 -https://security-tracker.debian.org/tracker/CVE-2016-6354 - -Patch copied from upstream source repository: -https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466 - -From a5cbe929ac3255d371e698f62dc256afe7006466 Mon Sep 17 00:00:00 2001 -From: Will Estes <westes575@gmail.com> -Date: Sat, 27 Feb 2016 11:56:05 -0500 -Subject: [PATCH] Fixed incorrect integer type - ---- - src/flex.skl | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/flex.skl b/src/flex.skl -index 36a526a..64f853d 100644 ---- a/src/flex.skl -+++ b/src/flex.skl -@@ -1703,7 +1703,7 @@ int yyFlexLexer::yy_get_next_buffer() - - else - { -- yy_size_t num_to_read = -+ int num_to_read = - YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; - - while ( num_to_read <= 0 ) diff --git a/gnu/packages/patches/gcc-5-source-date-epoch-1.patch b/gnu/packages/patches/gcc-5-source-date-epoch-1.patch new file mode 100644 index 0000000000..8c94a026b3 --- /dev/null +++ b/gnu/packages/patches/gcc-5-source-date-epoch-1.patch @@ -0,0 +1,190 @@ +Make GCC respect SOURCE_DATE_EPOCH in __DATE__ and __TIME__ macros. + +Patch adapted from upstream source repository: + +https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=e3e8c48c4a494d9da741c1c8ea6c4c0b7c4ff934 + +From e3e8c48c4a494d9da741c1c8ea6c4c0b7c4ff934 Mon Sep 17 00:00:00 2001 +From: doko <doko@138bc75d-0d04-0410-961f-82ee72b054a4> +Date: Thu, 28 Apr 2016 09:12:05 +0000 +Subject: [PATCH] gcc/c-family/ChangeLog: + +diff --git a/gcc/c-family/c-common.c b/gcc/c-family/c-common.c +index 1bf5d080034..6f0898a38d7 100644 +--- a/gcc/c-family/c-common.c ++++ b/gcc/c-family/c-common.c +@@ -12318,4 +12318,37 @@ pointer_to_zero_sized_aggr_p (tree t) + return (TYPE_SIZE (t) && integer_zerop (TYPE_SIZE (t))); + } + ++/* Read SOURCE_DATE_EPOCH from environment to have a deterministic ++ timestamp to replace embedded current dates to get reproducible ++ results. Returns -1 if SOURCE_DATE_EPOCH is not defined. */ ++time_t ++get_source_date_epoch () ++{ ++ char *source_date_epoch; ++ long long epoch; ++ char *endptr; ++ ++ source_date_epoch = getenv ("SOURCE_DATE_EPOCH"); ++ if (!source_date_epoch) ++ return (time_t) -1; ++ ++ errno = 0; ++ epoch = strtoll (source_date_epoch, &endptr, 10); ++ if ((errno == ERANGE && (epoch == LLONG_MAX || epoch == LLONG_MIN)) ++ || (errno != 0 && epoch == 0)) ++ fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: " ++ "strtoll: %s\n", xstrerror(errno)); ++ if (endptr == source_date_epoch) ++ fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: " ++ "no digits were found: %s\n", endptr); ++ if (*endptr != '\0') ++ fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: " ++ "trailing garbage: %s\n", endptr); ++ if (epoch < 0) ++ fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: " ++ "value must be nonnegative: %lld \n", epoch); ++ ++ return (time_t) epoch; ++} ++ + #include "gt-c-family-c-common.h" +diff --git a/gcc/c-family/c-common.h b/gcc/c-family/c-common.h +index fdb227f85c3..ba0a5d7df50 100644 +--- a/gcc/c-family/c-common.h ++++ b/gcc/c-family/c-common.h +@@ -1437,4 +1437,10 @@ extern bool contains_cilk_spawn_stmt (tree); + extern tree cilk_for_number_of_iterations (tree); + extern bool check_no_cilk (tree, const char *, const char *, + location_t loc = UNKNOWN_LOCATION); ++ ++/* Read SOURCE_DATE_EPOCH from environment to have a deterministic ++ timestamp to replace embedded current dates to get reproducible ++ results. Returns -1 if SOURCE_DATE_EPOCH is not defined. */ ++extern time_t get_source_date_epoch (void); ++ + #endif /* ! GCC_C_COMMON_H */ +diff --git a/gcc/c-family/c-lex.c b/gcc/c-family/c-lex.c +index bb55be8063e..e68471b9d2b 100644 +--- a/gcc/c-family/c-lex.c ++++ b/gcc/c-family/c-lex.c +@@ -402,6 +402,9 @@ c_lex_with_flags (tree *value, location_t *loc, unsigned char *cpp_flags, + enum cpp_ttype type; + unsigned char add_flags = 0; + enum overflow_type overflow = OT_NONE; ++ time_t source_date_epoch = get_source_date_epoch (); ++ ++ cpp_init_source_date_epoch (parse_in, source_date_epoch); + + timevar_push (TV_CPP); + retry: +diff --git a/gcc/doc/cppenv.texi b/gcc/doc/cppenv.texi +index 100811dc637..3b5317beb53 100644 +--- a/gcc/doc/cppenv.texi ++++ b/gcc/doc/cppenv.texi +@@ -79,4 +79,21 @@ main input file is omitted. + @ifclear cppmanual + @xref{Preprocessor Options}. + @end ifclear ++ ++@item SOURCE_DATE_EPOCH ++ ++If this variable is set, its value specifies a UNIX timestamp to be ++used in replacement of the current date and time in the @code{__DATE__} ++and @code{__TIME__} macros, so that the embedded timestamps become ++reproducible. ++ ++The value of @env{SOURCE_DATE_EPOCH} must be a UNIX timestamp, ++defined as the number of seconds (excluding leap seconds) since ++01 Jan 1970 00:00:00 represented in ASCII, identical to the output of ++@samp{@command{date +%s}}. ++ ++The value should be a known timestamp such as the last modification ++time of the source or package and it should be set by the build ++process. ++ + @end vtable +diff --git a/libcpp/include/cpplib.h b/libcpp/include/cpplib.h +index 1b731d1a3ad..7a5481219be 100644 +--- a/libcpp/include/cpplib.h ++++ b/libcpp/include/cpplib.h +@@ -775,6 +775,9 @@ extern void cpp_init_special_builtins (cpp_reader *); + /* Set up built-ins like __FILE__. */ + extern void cpp_init_builtins (cpp_reader *, int); + ++/* Initialize the source_date_epoch value. */ ++extern void cpp_init_source_date_epoch (cpp_reader *, time_t); ++ + /* This is called after options have been parsed, and partially + processed. */ + extern void cpp_post_options (cpp_reader *); +diff --git a/libcpp/init.c b/libcpp/init.c +index 45a4d13ffa3..a8d00f4628b 100644 +--- a/libcpp/init.c ++++ b/libcpp/init.c +@@ -530,6 +530,13 @@ cpp_init_builtins (cpp_reader *pfile, int hosted) + _cpp_define_builtin (pfile, "__OBJC__ 1"); + } + ++/* Initialize the source_date_epoch value. */ ++void ++cpp_init_source_date_epoch (cpp_reader *pfile, time_t source_date_epoch) ++{ ++ pfile->source_date_epoch = source_date_epoch; ++} ++ + /* Sanity-checks are dependent on command-line options, so it is + called as a subroutine of cpp_read_main_file (). */ + #if ENABLE_CHECKING +diff --git a/libcpp/internal.h b/libcpp/internal.h +index c2d08168945..8507eba1747 100644 +--- a/libcpp/internal.h ++++ b/libcpp/internal.h +@@ -502,6 +502,10 @@ struct cpp_reader + const unsigned char *date; + const unsigned char *time; + ++ /* Externally set timestamp to replace current date and time useful for ++ reproducibility. */ ++ time_t source_date_epoch; ++ + /* EOF token, and a token forcing paste avoidance. */ + cpp_token avoid_paste; + cpp_token eof; +diff --git a/libcpp/macro.c b/libcpp/macro.c +index eb32a6f8c98..3f3b278e97d 100644 +--- a/libcpp/macro.c ++++ b/libcpp/macro.c +@@ -350,13 +350,20 @@ _cpp_builtin_macro_text (cpp_reader *pfile, cpp_hashnode *node) + time_t tt; + struct tm *tb = NULL; + +- /* (time_t) -1 is a legitimate value for "number of seconds +- since the Epoch", so we have to do a little dance to +- distinguish that from a genuine error. */ +- errno = 0; +- tt = time(NULL); +- if (tt != (time_t)-1 || errno == 0) +- tb = localtime (&tt); ++ /* Set a reproducible timestamp for __DATE__ and __TIME__ macro ++ usage if SOURCE_DATE_EPOCH is defined. */ ++ if (pfile->source_date_epoch != (time_t) -1) ++ tb = gmtime (&pfile->source_date_epoch); ++ else ++ { ++ /* (time_t) -1 is a legitimate value for "number of seconds ++ since the Epoch", so we have to do a little dance to ++ distinguish that from a genuine error. */ ++ errno = 0; ++ tt = time (NULL); ++ if (tt != (time_t)-1 || errno == 0) ++ tb = localtime (&tt); ++ } + + if (tb) + { +-- +2.11.0 + diff --git a/gnu/packages/patches/gcc-5-source-date-epoch-2.patch b/gnu/packages/patches/gcc-5-source-date-epoch-2.patch new file mode 100644 index 0000000000..ed2580679a --- /dev/null +++ b/gnu/packages/patches/gcc-5-source-date-epoch-2.patch @@ -0,0 +1,353 @@ +Continuation of the SOURCE_DATE_EPOCH patch. + +Patch adapted from upstream source repository: + +https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=dfa5c0d3f3e23e4fdb14857a42de376d9ff8601c + +From dfa5c0d3f3e23e4fdb14857a42de376d9ff8601c Mon Sep 17 00:00:00 2001 +From: doko <doko@138bc75d-0d04-0410-961f-82ee72b054a4> +Date: Wed, 1 Jun 2016 16:42:41 +0000 +Subject: [PATCH] gcc/c-family/ChangeLog: + +diff --git a/gcc/c-family/c-common.c b/gcc/c-family/c-common.c +index 6f0898a38d7..efbc78ef218 100644 +--- a/gcc/c-family/c-common.c ++++ b/gcc/c-family/c-common.c +@@ -12321,8 +12321,9 @@ pointer_to_zero_sized_aggr_p (tree t) + /* Read SOURCE_DATE_EPOCH from environment to have a deterministic + timestamp to replace embedded current dates to get reproducible + results. Returns -1 if SOURCE_DATE_EPOCH is not defined. */ ++ + time_t +-get_source_date_epoch () ++cb_get_source_date_epoch (cpp_reader *pfile ATTRIBUTE_UNUSED) + { + char *source_date_epoch; + long long epoch; +@@ -12334,19 +12335,14 @@ get_source_date_epoch () + + errno = 0; + epoch = strtoll (source_date_epoch, &endptr, 10); +- if ((errno == ERANGE && (epoch == LLONG_MAX || epoch == LLONG_MIN)) +- || (errno != 0 && epoch == 0)) +- fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: " +- "strtoll: %s\n", xstrerror(errno)); +- if (endptr == source_date_epoch) +- fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: " +- "no digits were found: %s\n", endptr); +- if (*endptr != '\0') +- fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: " +- "trailing garbage: %s\n", endptr); +- if (epoch < 0) +- fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: " +- "value must be nonnegative: %lld \n", epoch); ++ if (errno != 0 || endptr == source_date_epoch || *endptr != '\0' ++ || epoch < 0 || epoch > MAX_SOURCE_DATE_EPOCH) ++ { ++ error_at (input_location, "environment variable SOURCE_DATE_EPOCH must " ++ "expand to a non-negative integer less than or equal to %wd", ++ MAX_SOURCE_DATE_EPOCH); ++ return (time_t) -1; ++ } + + return (time_t) epoch; + } +diff --git a/gcc/c-family/c-common.h b/gcc/c-family/c-common.h +index ba0a5d7df50..977ae9df5ea 100644 +--- a/gcc/c-family/c-common.h ++++ b/gcc/c-family/c-common.h +@@ -1063,6 +1063,16 @@ extern vec<tree, va_gc> *make_tree_vector_copy (const vec<tree, va_gc> *); + c_register_builtin_type. */ + extern GTY(()) tree registered_builtin_types; + ++/* Read SOURCE_DATE_EPOCH from environment to have a deterministic ++ timestamp to replace embedded current dates to get reproducible ++ results. Returns -1 if SOURCE_DATE_EPOCH is not defined. */ ++extern time_t cb_get_source_date_epoch (cpp_reader *pfile); ++ ++/* The value (as a unix timestamp) corresponds to date ++ "Dec 31 9999 23:59:59 UTC", which is the latest date that __DATE__ and ++ __TIME__ can store. */ ++#define MAX_SOURCE_DATE_EPOCH HOST_WIDE_INT_C (253402300799) ++ + /* In c-gimplify.c */ + extern void c_genericize (tree); + extern int c_gimplify_expr (tree *, gimple_seq *, gimple_seq *); +@@ -1438,9 +1448,4 @@ extern tree cilk_for_number_of_iterations (tree); + extern bool check_no_cilk (tree, const char *, const char *, + location_t loc = UNKNOWN_LOCATION); + +-/* Read SOURCE_DATE_EPOCH from environment to have a deterministic +- timestamp to replace embedded current dates to get reproducible +- results. Returns -1 if SOURCE_DATE_EPOCH is not defined. */ +-extern time_t get_source_date_epoch (void); +- + #endif /* ! GCC_C_COMMON_H */ +diff --git a/gcc/c-family/c-lex.c b/gcc/c-family/c-lex.c +index e68471b9d2b..3f78073f640 100644 +--- a/gcc/c-family/c-lex.c ++++ b/gcc/c-family/c-lex.c +@@ -97,6 +97,7 @@ init_c_lex (void) + cb->valid_pch = c_common_valid_pch; + cb->read_pch = c_common_read_pch; + cb->has_attribute = c_common_has_attribute; ++ cb->get_source_date_epoch = cb_get_source_date_epoch; + + /* Set the debug callbacks if we can use them. */ + if ((debug_info_level == DINFO_LEVEL_VERBOSE +@@ -402,9 +403,6 @@ c_lex_with_flags (tree *value, location_t *loc, unsigned char *cpp_flags, + enum cpp_ttype type; + unsigned char add_flags = 0; + enum overflow_type overflow = OT_NONE; +- time_t source_date_epoch = get_source_date_epoch (); +- +- cpp_init_source_date_epoch (parse_in, source_date_epoch); + + timevar_push (TV_CPP); + retry: +diff --git a/gcc/doc/cppenv.texi b/gcc/doc/cppenv.texi +index 3b5317beb53..7b4cf6adc11 100644 +--- a/gcc/doc/cppenv.texi ++++ b/gcc/doc/cppenv.texi +@@ -81,7 +81,6 @@ main input file is omitted. + @end ifclear + + @item SOURCE_DATE_EPOCH +- + If this variable is set, its value specifies a UNIX timestamp to be + used in replacement of the current date and time in the @code{__DATE__} + and @code{__TIME__} macros, so that the embedded timestamps become +@@ -89,8 +88,9 @@ reproducible. + + The value of @env{SOURCE_DATE_EPOCH} must be a UNIX timestamp, + defined as the number of seconds (excluding leap seconds) since +-01 Jan 1970 00:00:00 represented in ASCII, identical to the output of +-@samp{@command{date +%s}}. ++01 Jan 1970 00:00:00 represented in ASCII; identical to the output of ++@samp{@command{date +%s}} on GNU/Linux and other systems that support the ++@code{%s} extension in the @code{date} command. + + The value should be a known timestamp such as the last modification + time of the source or package and it should be set by the build +diff --git a/gcc/gcc.c b/gcc/gcc.c +index d956c36b151..2709f295734 100644 +--- a/gcc/gcc.c ++++ b/gcc/gcc.c +@@ -3328,6 +3328,29 @@ save_switch (const char *opt, size_t n_args, const char *const *args, + n_switches++; + } + ++/* Set the SOURCE_DATE_EPOCH environment variable to the current time if it is ++ not set already. */ ++ ++static void ++set_source_date_epoch_envvar () ++{ ++ /* Array size is 21 = ceil(log_10(2^64)) + 1 to hold string representations ++ of 64 bit integers. */ ++ char source_date_epoch[21]; ++ time_t tt; ++ ++ errno = 0; ++ tt = time (NULL); ++ if (tt < (time_t) 0 || errno != 0) ++ tt = (time_t) 0; ++ ++ snprintf (source_date_epoch, 21, "%llu", (unsigned long long) tt); ++ /* Using setenv instead of xputenv because we want the variable to remain ++ after finalizing so that it's still set in the second run when using ++ -fcompare-debug. */ ++ setenv ("SOURCE_DATE_EPOCH", source_date_epoch, 0); ++} ++ + /* Handle an option DECODED that is unknown to the option-processing + machinery. */ + +@@ -3628,6 +3651,7 @@ driver_handle_option (struct gcc_options *opts, + else + compare_debug_opt = arg; + save_switch (compare_debug_replacement_opt, 0, NULL, validated, true); ++ set_source_date_epoch_envvar (); + return true; + + case OPT_fdiagnostics_color_: +diff --git a/gcc/testsuite/gcc.dg/cpp/source_date_epoch-1.c b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-1.c +new file mode 100644 +index 00000000000..f6aa1a360ff +--- /dev/null ++++ b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-1.c +@@ -0,0 +1,11 @@ ++/* { dg-do run } */ ++/* { dg-set-compiler-env-var SOURCE_DATE_EPOCH "630333296" } */ ++ ++int ++main(void) ++{ ++ __builtin_printf ("%s %s\n", __DATE__, __TIME__); ++ return 0; ++} ++ ++/* { dg-output "^Dec 22 1989 12:34:56\n$" } */ +diff --git a/gcc/testsuite/gcc.dg/cpp/source_date_epoch-2.c b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-2.c +new file mode 100644 +index 00000000000..ae18362ae87 +--- /dev/null ++++ b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-2.c +@@ -0,0 +1,12 @@ ++/* { dg-do compile } */ ++/* { dg-set-compiler-env-var SOURCE_DATE_EPOCH "AAA" } */ ++ ++/* Make sure that SOURCE_DATE_EPOCH is only parsed once */ ++ ++int ++main(void) ++{ ++ __builtin_printf ("%s %s\n", __DATE__, __TIME__); /* { dg-error "SOURCE_DATE_EPOCH must expand" } */ ++ __builtin_printf ("%s %s\n", __DATE__, __TIME__); ++ return 0; ++} +diff --git a/gcc/testsuite/lib/gcc-dg.exp b/gcc/testsuite/lib/gcc-dg.exp +index 4fa433d9954..7656b2254a1 100644 +--- a/gcc/testsuite/lib/gcc-dg.exp ++++ b/gcc/testsuite/lib/gcc-dg.exp +@@ -324,6 +324,38 @@ proc restore-target-env-var { } { + } + } + ++proc dg-set-compiler-env-var { args } { ++ global set_compiler_env_var ++ global saved_compiler_env_var ++ if { [llength $args] != 3 } { ++ error "dg-set-compiler-env-var: need two arguments" ++ return ++ } ++ set var [lindex $args 1] ++ set value [lindex $args 2] ++ if [info exists ::env($var)] { ++ lappend saved_compiler_env_var [list $var 1 $::env($var)] ++ } else { ++ lappend saved_compiler_env_var [list $var 0] ++ } ++ setenv $var $value ++ lappend set_compiler_env_var [list $var $value] ++} ++ ++proc restore-compiler-env-var { } { ++ global saved_compiler_env_var ++ for { set env_vari [llength $saved_compiler_env_var] } { ++ [incr env_vari -1] >= 0 } {} { ++ set env_var [lindex $saved_compiler_env_var $env_vari] ++ set var [lindex $env_var 0] ++ if [lindex $env_var 1] { ++ setenv $var [lindex $env_var 2] ++ } else { ++ unsetenv $var ++ } ++ } ++} ++ + # Utility routines. + + # +@@ -785,6 +817,11 @@ if { [info procs saved-dg-test] == [list] } { + if [info exists set_target_env_var] { + unset set_target_env_var + } ++ if [info exists set_compiler_env_var] { ++ restore-compiler-env-var ++ unset set_compiler_env_var ++ unset saved_compiler_env_var ++ } + unset_timeout_vars + if [info exists compiler_conditional_xfail_data] { + unset compiler_conditional_xfail_data +diff --git a/libcpp/include/cpplib.h b/libcpp/include/cpplib.h +index 7a5481219be..867aeebc39f 100644 +--- a/libcpp/include/cpplib.h ++++ b/libcpp/include/cpplib.h +@@ -585,6 +585,9 @@ struct cpp_callbacks + + /* Callback that can change a user builtin into normal macro. */ + bool (*user_builtin_macro) (cpp_reader *, cpp_hashnode *); ++ ++ /* Callback to parse SOURCE_DATE_EPOCH from environment. */ ++ time_t (*get_source_date_epoch) (cpp_reader *); + }; + + #ifdef VMS +@@ -775,9 +778,6 @@ extern void cpp_init_special_builtins (cpp_reader *); + /* Set up built-ins like __FILE__. */ + extern void cpp_init_builtins (cpp_reader *, int); + +-/* Initialize the source_date_epoch value. */ +-extern void cpp_init_source_date_epoch (cpp_reader *, time_t); +- + /* This is called after options have been parsed, and partially + processed. */ + extern void cpp_post_options (cpp_reader *); +diff --git a/libcpp/init.c b/libcpp/init.c +index a8d00f4628b..61c9bbbf945 100644 +--- a/libcpp/init.c ++++ b/libcpp/init.c +@@ -254,6 +254,9 @@ cpp_create_reader (enum c_lang lang, cpp_hash_table *table, + /* Do not force token locations by default. */ + pfile->forced_token_location_p = NULL; + ++ /* Initialize source_date_epoch to -2 (not yet set). */ ++ pfile->source_date_epoch = (time_t) -2; ++ + /* The expression parser stack. */ + _cpp_expand_op_stack (pfile); + +@@ -530,13 +533,6 @@ cpp_init_builtins (cpp_reader *pfile, int hosted) + _cpp_define_builtin (pfile, "__OBJC__ 1"); + } + +-/* Initialize the source_date_epoch value. */ +-void +-cpp_init_source_date_epoch (cpp_reader *pfile, time_t source_date_epoch) +-{ +- pfile->source_date_epoch = source_date_epoch; +-} +- + /* Sanity-checks are dependent on command-line options, so it is + called as a subroutine of cpp_read_main_file (). */ + #if ENABLE_CHECKING +diff --git a/libcpp/internal.h b/libcpp/internal.h +index 8507eba1747..226ae328e76 100644 +--- a/libcpp/internal.h ++++ b/libcpp/internal.h +@@ -503,7 +503,8 @@ struct cpp_reader + const unsigned char *time; + + /* Externally set timestamp to replace current date and time useful for +- reproducibility. */ ++ reproducibility. It should be initialized to -2 (not yet set) and ++ set to -1 to disable it or to a non-negative value to enable it. */ + time_t source_date_epoch; + + /* EOF token, and a token forcing paste avoidance. */ +diff --git a/libcpp/macro.c b/libcpp/macro.c +index 3f3b278e97d..756c7c6e0c6 100644 +--- a/libcpp/macro.c ++++ b/libcpp/macro.c +@@ -351,9 +351,13 @@ _cpp_builtin_macro_text (cpp_reader *pfile, cpp_hashnode *node) + struct tm *tb = NULL; + + /* Set a reproducible timestamp for __DATE__ and __TIME__ macro +- usage if SOURCE_DATE_EPOCH is defined. */ +- if (pfile->source_date_epoch != (time_t) -1) +- tb = gmtime (&pfile->source_date_epoch); ++ if SOURCE_DATE_EPOCH is defined. */ ++ if (pfile->source_date_epoch == (time_t) -2 ++ && pfile->cb.get_source_date_epoch != NULL) ++ pfile->source_date_epoch = pfile->cb.get_source_date_epoch (pfile); ++ ++ if (pfile->source_date_epoch >= (time_t) 0) ++ tb = gmtime (&pfile->source_date_epoch); + else + { + /* (time_t) -1 is a legitimate value for "number of seconds +-- +2.11.0 + diff --git a/gnu/packages/patches/gcc-libiberty-printf-decl.patch b/gnu/packages/patches/gcc-libiberty-printf-decl.patch new file mode 100644 index 0000000000..a612c9e00e --- /dev/null +++ b/gnu/packages/patches/gcc-libiberty-printf-decl.patch @@ -0,0 +1,28 @@ +This patch makes the exeception specifier of libiberty's 'asprintf' +and 'vasprintf' declarations match those of glibc to work around the +problem described at <https://gcc.gnu.org/ml/gcc-help/2016-04/msg00039.html>. + +The problem in part stems from the fact that libiberty is configured +without _GNU_SOURCE (thus, it sets HAVE_DECL_ASPRINTF to 0), whereas libcc1 +is configured and built with _GNU_SOURCE, hence the conflicting declarations. + +--- gcc-5.3.0/include/libiberty.h 2016-04-23 22:45:46.262709079 +0200 ++++ gcc-5.3.0/include/libiberty.h 2016-04-23 22:45:37.110635439 +0200 +@@ -625,7 +625,7 @@ extern int pwait (int, int *, int); + /* Like sprintf but provides a pointer to malloc'd storage, which must + be freed by the caller. */ + +-extern int asprintf (char **, const char *, ...) ATTRIBUTE_PRINTF_2; ++extern int asprintf (char **, const char *, ...) __THROWNL ATTRIBUTE_PRINTF_2; + #endif + + /* Like asprintf but allocates memory without fail. This works like +@@ -637,7 +637,7 @@ extern char *xasprintf (const char *, .. + /* Like vsprintf but provides a pointer to malloc'd storage, which + must be freed by the caller. */ + +-extern int vasprintf (char **, const char *, va_list) ATTRIBUTE_PRINTF(2,0); ++extern int vasprintf (char **, const char *, va_list) __THROWNL ATTRIBUTE_PRINTF(2,0); + #endif + + /* Like vasprintf but allocates memory without fail. This works like diff --git a/gnu/packages/patches/gd-CVE-2016-7568.patch b/gnu/packages/patches/gd-CVE-2016-7568.patch deleted file mode 100644 index 6a1a63296c..0000000000 --- a/gnu/packages/patches/gd-CVE-2016-7568.patch +++ /dev/null @@ -1,44 +0,0 @@ -Fix CVE-2016-7568 (integer overflow in gdImageWebpCtx()): - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7568 - -Patch copied from upstream source repository: - -https://github.com/libgd/libgd/commit/2806adfdc27a94d333199345394d7c302952b95f - -From 2806adfdc27a94d333199345394d7c302952b95f Mon Sep 17 00:00:00 2001 -From: trylab <trylab@users.noreply.github.com> -Date: Tue, 6 Sep 2016 18:35:32 +0800 -Subject: [PATCH] Fix integer overflow in gdImageWebpCtx - -Integer overflow can be happened in expression gdImageSX(im) * 4 * -gdImageSY(im). It could lead to heap buffer overflow in the following -code. This issue has been reported to the PHP Bug Tracking System. The -proof-of-concept file will be supplied some days later. This issue was -discovered by Ke Liu of Tencent's Xuanwu LAB. ---- - src/gd_webp.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/src/gd_webp.c b/src/gd_webp.c -index 8eb4dee..9886399 100644 ---- a/src/gd_webp.c -+++ b/src/gd_webp.c -@@ -199,6 +199,14 @@ BGD_DECLARE(void) gdImageWebpCtx (gdImagePtr im, gdIOCtx * outfile, int quality) - quality = 80; - } - -+ if (overflow2(gdImageSX(im), 4)) { -+ return; -+ } -+ -+ if (overflow2(gdImageSX(im) * 4, gdImageSY(im))) { -+ return; -+ } -+ - argb = (uint8_t *)gdMalloc(gdImageSX(im) * 4 * gdImageSY(im)); - if (!argb) { - return; --- -2.10.0 - diff --git a/gnu/packages/patches/gd-CVE-2016-8670.patch b/gnu/packages/patches/gd-CVE-2016-8670.patch deleted file mode 100644 index 39ee99ac31..0000000000 --- a/gnu/packages/patches/gd-CVE-2016-8670.patch +++ /dev/null @@ -1,38 +0,0 @@ -Fix CVE-2016-8670 (buffer overflow in dynamicGetbuf()): - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8670 -http://seclists.org/oss-sec/2016/q4/138 - -Patch copied from upstream source repository: - -https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9 - -From 53110871935244816bbb9d131da0bccff734bfe9 Mon Sep 17 00:00:00 2001 -From: "Christoph M. Becker" <cmbecker69@gmx.de> -Date: Wed, 12 Oct 2016 11:15:32 +0200 -Subject: [PATCH] Avoid potentially dangerous signed to unsigned conversion - -We make sure to never pass a negative `rlen` as size to memcpy(). See -also <https://bugs.php.net/bug.php?id=73280>. - -Patch provided by Emmanuel Law. ---- - src/gd_io_dp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/gd_io_dp.c b/src/gd_io_dp.c -index 135eda3..228bfa5 100644 ---- a/src/gd_io_dp.c -+++ b/src/gd_io_dp.c -@@ -276,7 +276,7 @@ static int dynamicGetbuf(gdIOCtxPtr ctx, void *buf, int len) - if(remain >= len) { - rlen = len; - } else { -- if(remain == 0) { -+ if(remain <= 0) { - /* 2.0.34: EOF is incorrect. We use 0 for - * errors and EOF, just like fileGetbuf, - * which is a simple fread() wrapper. --- -2.10.1 - diff --git a/gnu/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch b/gnu/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch new file mode 100644 index 0000000000..40aae7a9d7 --- /dev/null +++ b/gnu/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch @@ -0,0 +1,27 @@ +Don’t add linker flags via ‘response files’ since ld-wrapper +doesn’t handle them. +See https://github.com/NixOS/nixpkgs/commit/a421e7bd4a28c69bded8b17888325e31554f61a1 +https://gcc.gnu.org/ml/gcc/2016-10/msg00151.html + +diff --git a/compiler/main/SysTools.hs.orig b/compiler/main/SysTools.hs +index 1ab5b13..99270fc 100644 +--- a/compiler/main/SysTools.hs.orig ++++ b/compiler/main/SysTools.hs +@@ -424,7 +424,7 @@ runCc dflags args = do + args1 = map Option (getOpts dflags opt_c) + args2 = args0 ++ args1 ++ args + mb_env <- getGccEnv args2 +- runSomethingResponseFile dflags cc_filter "C Compiler" p args2 mb_env ++ runSomethingFiltered dflags cc_filter "C Compiler" p args2 mb_env + where + -- discard some harmless warnings from gcc that we can't turn off + cc_filter = unlines . doFilter . lines +@@ -945,7 +945,7 @@ runLink dflags args = do + args1 = map Option (getOpts dflags opt_l) + args2 = args0 ++ linkargs ++ args1 ++ args + mb_env <- getGccEnv args2 +- runSomethingResponseFile dflags ld_filter "Linker" p args2 mb_env ++ runSomethingFiltered dflags ld_filter "Linker" p args2 mb_env + where + ld_filter = case (platformOS (targetPlatform dflags)) of + OSSolaris2 -> sunos_ld_filter diff --git a/gnu/packages/patches/glibc-bootstrap-system.patch b/gnu/packages/patches/glibc-bootstrap-system.patch index 7208cce3f4..6d09efed2c 100644 --- a/gnu/packages/patches/glibc-bootstrap-system.patch +++ b/gnu/packages/patches/glibc-bootstrap-system.patch @@ -3,6 +3,10 @@ and popen(3) need to be tweaked to use the right shell. For the bootstrap glibc, we just use whatever `sh' can be found in $PATH. The final glibc instead uses the hard-coded absolute file name of `bash'. +The second part that touches fcntl-linux.h reverts a change from glibc-2.25 +which would require the statically compiled glibc used in bootstrapping to +depend on the linux kernel headers. + --- a/sysdeps/posix/system.c +++ b/sysdeps/posix/system.c @@ -134,7 +134,7 @@ do_system (const char *line) @@ -26,3 +30,23 @@ instead uses the hard-coded absolute file name of `bash'. _IO__exit (127); } _IO_close (child_end); + +--- a/sysdeps/unix/sysv/linux/bits/fcntl-linux.h ++++ b/sysdeps/unix/sysv/linux/bits/fcntl-linux.h +@@ -318,7 +318,15 @@ struct f_owner_ex + + + /* Flags for fallocate. */ ++# define FALLOC_FL_KEEP_SIZE 1 /* Don't extend size of file ++ even if offset + len is ++ greater than file size. */ ++# define FALLOC_FL_PUNCH_HOLE 2 /* Create a hole in the file. */ ++# define FALLOC_FL_COLLAPSE_RANGE 8 /* Remove a range of a file ++ without leaving a ++ hole. */ ++# define FALLOC_FL_ZERO_RANGE 16 /* Convert a range of a ++ file to zeros. */ +-# include <linux/falloc.h> + + + /* File handle structure. */ diff --git a/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch b/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch deleted file mode 100644 index 79bb41caaa..0000000000 --- a/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch +++ /dev/null @@ -1,40 +0,0 @@ -This fixes a segfault on 32-bit architectures. Upstream discussion: - -https://lists.gnupg.org/pipermail/gnupg-devel/2016-December/032364.html - -Guix thread: https://lists.gnu.org/archive/html/guix-devel/2016-12/msg00631.html - -Patch copied from upstream source repository: - -https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=6e96cdd41a0e55b672309431062f37c4a4a9f485 - -From 6e96cdd41a0e55b672309431062f37c4a4a9f485 Mon Sep 17 00:00:00 2001 -From: Justus Winter <justus@g10code.com> -Date: Wed, 21 Dec 2016 16:14:45 +0100 -Subject: [PATCH] gpgscm: Guard use of union member. - -* tests/gpgscm/scheme.c (opexe_5): Check that we have a file port -before accessing filename. Fixes a crash on 32-bit architectures. - -Fixes-commit: e7429b1ced0c69fa7901f888f8dc25f00fc346a4 -Signed-off-by: Justus Winter <justus@g10code.com> ---- - tests/gpgscm/scheme.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c -index a5b7691..2844545 100644 ---- a/tests/gpgscm/scheme.c -+++ b/tests/gpgscm/scheme.c -@@ -4838,7 +4838,7 @@ static pointer opexe_5(scheme *sc, enum scheme_opcodes op) { - } else { - sc->nesting_stack[sc->file_i]++; - #if USE_TAGS && SHOW_ERROR_LINE -- { -+ if (sc->load_stack[sc->file_i].kind & port_file) { - const char *filename = - sc->load_stack[sc->file_i].rep.stdio.filename; - int lineno = --- -2.8.0.rc3 - diff --git a/gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch b/gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch new file mode 100644 index 0000000000..4c6c7ed06e --- /dev/null +++ b/gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch @@ -0,0 +1,32 @@ +This fixes a test failure on i686. + +Patch copied from upstream source repository: + +https://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=5e2e111627871c566ffc6607eda8f4ef4699d040 + +From 5e2e111627871c566ffc6607eda8f4ef4699d040 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> +Date: Thu, 2 Feb 2017 14:56:39 +0200 +Subject: [PATCH] multifdsink: Make sure to use a 64 bit integer for the + units-max property + +--- + tests/check/elements/multifdsink.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/check/elements/multifdsink.c b/tests/check/elements/multifdsink.c +index af138cc92..951b1b9fa 100644 +--- a/tests/check/elements/multifdsink.c ++++ b/tests/check/elements/multifdsink.c +@@ -869,7 +869,7 @@ GST_START_TEST (test_client_kick) + gint i, initial_buffers = 3, num_buffers = 0; + + sink = setup_multifdsink (); +- g_object_set (sink, "units-max", initial_buffers, NULL); ++ g_object_set (sink, "units-max", (gint64) initial_buffers, NULL); + + fail_if (pipe (pfd1) == -1); + fail_if (pipe (pfd2) == -1); +-- +2.11.0 + diff --git a/gnu/packages/patches/guile-repl-server-test.patch b/gnu/packages/patches/guile-repl-server-test.patch deleted file mode 100644 index 81e724ecc4..0000000000 --- a/gnu/packages/patches/guile-repl-server-test.patch +++ /dev/null @@ -1,48 +0,0 @@ -commit 8d6209ea56241bb1890c142539927c9ef3fb5a13 -Author: Ludovic Courtès <ludo@gnu.org> -Date: Fri Nov 4 22:44:32 2016 +0100 - - tests: Throw 'unresolved when the REPL server is too slow. - -commit 2fbde7f02adb8c6585e9baf6e293ee49cd23d4c4 -Author: Ludovic Courtès <ludo@gnu.org> -Date: Fri Nov 4 22:45:51 2016 +0100 - - tests: Avoid race condition in REPL server test. - -index ca389ba..4b5ec0c 100644 ---- a/test-suite/tests/00-repl-server.test -+++ b/test-suite/tests/00-repl-server.test -@@ -61,10 +61,11 @@ socket connected to that server." - (lambda () - (connect client-socket sockaddr)) - (lambda args -- (when (and (memv (system-error-errno args) -- (list ENOENT ECONNREFUSED)) -- (< tries 3)) -- (sleep 1) -+ (when (memv (system-error-errno args) -+ (list ENOENT ECONNREFUSED)) -+ (when (> tries 30) -+ (throw 'unresolved)) -+ (usleep 100) - (loop (+ tries 1)))))) - - (proc client-socket)) -@@ -104,8 +105,14 @@ reached." - "scheme@(repl-server)> $1 = 42\n" - (with-repl-server socket - (read-until-prompt socket %last-line-before-prompt) -- (display "(+ 40 2)\n(quit)\n" socket) -- (read-string socket))) -+ -+ ;; Wait until 'repl-reader' in boot-9 has written the prompt. -+ ;; Otherwise, if we write too quickly, 'repl-reader' checks for -+ ;; 'char-ready?' and doesn't print the prompt. -+ (match (select (list socket) '() (list socket) 3) -+ (((_) () ()) -+ (display "(+ 40 2)\n(quit)\n" socket) -+ (read-string socket))))) - - (pass-if "HTTP inter-protocol attack" ;CVE-2016-8606 - (with-repl-server socket diff --git a/gnu/packages/patches/httpd-CVE-2016-8740.patch b/gnu/packages/patches/httpd-CVE-2016-8740.patch deleted file mode 100644 index 17ba323ccf..0000000000 --- a/gnu/packages/patches/httpd-CVE-2016-8740.patch +++ /dev/null @@ -1,36 +0,0 @@ -This patch applies against httpd-2.4.23 and shouldn't be needed in later releases -http://openwall.com/lists/oss-security/2016/12/05/17 -Index: modules/http2/h2_stream.c -=================================================================== ---- modules/http2/h2_stream.c (revision 1771866) -+++ modules/http2/h2_stream.c (working copy) -@@ -322,18 +322,18 @@ - HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE); - } - } -- } -- -- if (h2_stream_is_scheduled(stream)) { -- return h2_request_add_trailer(stream->request, stream->pool, -- name, nlen, value, vlen); -- } -- else { -- if (!input_open(stream)) { -- return APR_ECONNRESET; -+ -+ if (h2_stream_is_scheduled(stream)) { -+ return h2_request_add_trailer(stream->request, stream->pool, -+ name, nlen, value, vlen); - } -- return h2_request_add_header(stream->request, stream->pool, -- name, nlen, value, vlen); -+ else { -+ if (!input_open(stream)) { -+ return APR_ECONNRESET; -+ } -+ return h2_request_add_header(stream->request, stream->pool, -+ name, nlen, value, vlen); -+ } - } - } - diff --git a/gnu/packages/patches/hubbub-sort-entities.patch b/gnu/packages/patches/hubbub-sort-entities.patch new file mode 100644 index 0000000000..012e3c3022 --- /dev/null +++ b/gnu/packages/patches/hubbub-sort-entities.patch @@ -0,0 +1,13 @@ +Traverse the entities hash's keys in sorted order to ensure reproducibility. + +--- libhubbub-0.3.3/build/make-entities.pl ++++ libhubbub-0.3.3/build/make-entities.pl +@@ -86,7 +86,7 @@ + + my $trie; + +-foreach my $key (keys %entities) { ++foreach my $key (sort keys %entities) { + $trie = insert_node($trie, $key, $entities{$key}); + } + diff --git a/gnu/packages/patches/khal-disable-failing-tests.patch b/gnu/packages/patches/khal-disable-failing-tests.patch deleted file mode 100644 index e2c65df8ce..0000000000 --- a/gnu/packages/patches/khal-disable-failing-tests.patch +++ /dev/null @@ -1,33 +0,0 @@ -Disable some tests that are known to fail: - -https://github.com/pimutils/khal/issues/546 -https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844081 - -diff --git a/tests/khalendar_test.py b/tests/khalendar_test.py -index fd8dcc6..17732bf 100644 ---- a/tests/khalendar_test.py -+++ b/tests/khalendar_test.py -@@ -65,6 +65,7 @@ class TestCalendar(object): - else: - mtimes[cal] = mtime - -+ @pytest.mark.xfail - def test_db_needs_update(self, coll_vdirs): - coll, vdirs = coll_vdirs - -@@ -321,6 +322,7 @@ class TestDbCreation(object): - CalendarCollection(calendars, dbpath=dbpath, locale=aux.locale) - - -+@pytest.mark.xfail - def test_default_calendar(coll_vdirs): - """test if an update to the vdir is detected by the CalendarCollection""" - coll, vdirs = coll_vdirs -@@ -341,6 +343,7 @@ def test_default_calendar(coll_vdirs): - assert len(list(coll.get_events_on(today))) == 0 - - -+@pytest.mark.xfail - def test_only_update_old_event(coll_vdirs, monkeypatch): - coll, vdirs = coll_vdirs - diff --git a/gnu/packages/patches/lcms-CVE-2016-10165.patch b/gnu/packages/patches/lcms-CVE-2016-10165.patch new file mode 100644 index 0000000000..fa4d75c9ee --- /dev/null +++ b/gnu/packages/patches/lcms-CVE-2016-10165.patch @@ -0,0 +1,36 @@ +Fix CVE-2016-10165, an out-of-bounds heap read in Type_MLU_Read(): + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10165 +http://seclists.org/oss-sec/2016/q3/288 +https://bugzilla.redhat.com/show_bug.cgi?id=1367357 +https://security-tracker.debian.org/tracker/CVE-2016-10165 + +Patch copied from upstream source repository: + +https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2 + +From 5ca71a7bc18b6897ab21d815d15e218e204581e2 Mon Sep 17 00:00:00 2001 +From: Marti <marti.maria@tktbrainpower.com> +Date: Mon, 15 Aug 2016 23:31:39 +0200 +Subject: [PATCH] Added an extra check to MLU bounds + +Thanks to Ibrahim el-sayed for spotting the bug +--- + src/cmstypes.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/cmstypes.c b/src/cmstypes.c +index cb61860..c7328b9 100644 +--- a/src/cmstypes.c ++++ b/src/cmstypes.c +@@ -1460,6 +1460,7 @@ void *Type_MLU_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU + + // Check for overflow + if (Offset < (SizeOfHeader + 8)) goto Error; ++ if ((Offset + Len) > SizeOfTag + 8) goto Error; + + // True begin of the string + BeginOfThisString = Offset - SizeOfHeader - 8; +-- +2.11.0 + diff --git a/gnu/packages/patches/ldc-1.1.0-disable-dmd-tests.patch b/gnu/packages/patches/ldc-1.1.0-disable-dmd-tests.patch new file mode 100644 index 0000000000..31eb44aefc --- /dev/null +++ b/gnu/packages/patches/ldc-1.1.0-disable-dmd-tests.patch @@ -0,0 +1,35 @@ +This patch deactivates some tests that fail when ldc is built with the command: + +./pre-inst-env guix environment guix --pure -- ./pre-inst-env guix build ldc@1.1.0-beta6 + +When the --keep-failed flag is added to the build command above, and the tests +run in the resulting /tmp/guix-build-ldc-1.1.0-beta6.drv-* directory, the tests +pass. + +by Frederick M. Muriithi <fredmanglis@gmail.com> + +diff --git a/d_do_test.d b/d_do_test.d +index aa67169..8173759 100755 +--- a/d_do_test.d ++++ b/d_do_test.d +@@ -645,8 +645,6 @@ int main(string[] args) + auto gdb_output = execute(fThisRun, command, true, result_path); + if (testArgs.gdbMatch !is null) + { +- enforce(match(gdb_output, regex(testArgs.gdbMatch)), +- "\nGDB regex: '"~testArgs.gdbMatch~"' didn't match output:\n----\n"~gdb_output~"\n----\n"); + } + } + } +diff --git a/runnable/gdb15729.sh b/runnable/gdb15729.sh +index 1d390e0..906b2b6 100755 +--- a/runnable/gdb15729.sh ++++ b/runnable/gdb15729.sh +@@ -21,7 +21,6 @@ if [ $OS == "linux" ]; then + echo RESULT= + p s.val + EOF +- gdb ${dir}${SEP}gdb15729 --batch -x ${dir}${SEP}gdb15729.gdb | grep 'RESULT=.*1234' || exit 1 + fi + + rm -f ${libname} ${dir}${SEP}{gdb15729${OBJ},gdb15729${EXE},gdb15729.gdb} diff --git a/gnu/packages/patches/ldc-1.1.0-disable-phobos-tests.patch b/gnu/packages/patches/ldc-1.1.0-disable-phobos-tests.patch new file mode 100644 index 0000000000..70dd419455 --- /dev/null +++ b/gnu/packages/patches/ldc-1.1.0-disable-phobos-tests.patch @@ -0,0 +1,414 @@ +This patch deactivates failing tests that depend on network connectivity +to pass in curl.d and socket.d +It deactivates tests in path.d that assume /root + +A thread was started on the ldc forum to pursue the possibility of a +version flag to deactivate tests conditionally. The thread is at +https://forum.dlang.org/post/zmdbdgnzrxyvtpqafvyg@forum.dlang.org + +by Frederick M. Muriithi <fredmanglis@gmail.com> + +diff --git a/std/datetime.d b/std/datetime.d +index 4d4afb1..2c91a44 100644 +--- a/std/datetime.d ++++ b/std/datetime.d +@@ -27306,8 +27306,8 @@ public: + // leaving it commented out until I can sort it out. + //assert(equal(tzNames, tzNames.uniq())); + +- foreach(tzName; tzNames) +- assertNotThrown!DateTimeException(testPZSuccess(tzName)); ++ //foreach(tzName; tzNames) ++ //assertNotThrown!DateTimeException(testPZSuccess(tzName)); + } + + +@@ -29178,8 +29178,8 @@ public: + + auto tzNames = getInstalledTZNames(); + +- foreach(tzName; tzNames) +- assertNotThrown!DateTimeException(testPTZSuccess(tzName)); ++ //foreach(tzName; tzNames) ++ //assertNotThrown!DateTimeException(testPTZSuccess(tzName)); + + // No timezone directories on Android, just a single tzdata file + version(Android) {} else +diff --git a/std/net/curl.d b/std/net/curl.d +index 9c6af66..5fccb38 100644 +--- a/std/net/curl.d ++++ b/std/net/curl.d +@@ -419,7 +419,7 @@ void download(Conn = AutoProtocol)(const(char)[] url, string saveToPath, Conn co + + unittest + { +- static import std.file; ++ /*static import std.file; + foreach (host; [testServer.addr, "http://"~testServer.addr]) + { + testServer.handle((s) { +@@ -430,7 +430,7 @@ unittest + scope (exit) std.file.remove(fn); + download(host, fn); + assert(std.file.readText(fn) == "Hello world"); +- } ++ }*/ + } + + /** Upload file from local files system using the HTTP or FTP protocol. +@@ -483,7 +483,7 @@ void upload(Conn = AutoProtocol)(string loadFromPath, const(char)[] url, Conn co + + unittest + { +- static import std.file; ++ /*static import std.file; + foreach (host; [testServer.addr, "http://"~testServer.addr]) + { + auto fn = std.file.deleteme; +@@ -496,7 +496,7 @@ unittest + s.send(httpOK()); + }); + upload(fn, host ~ "/path"); +- } ++ }*/ + } + + /** HTTP/FTP get content. +@@ -551,7 +551,7 @@ T[] get(Conn = AutoProtocol, T = char)(const(char)[] url, Conn conn = Conn()) + + unittest + { +- foreach (host; [testServer.addr, "http://"~testServer.addr]) ++ /*foreach (host; [testServer.addr, "http://"~testServer.addr]) + { + testServer.handle((s) { + assert(s.recvReq.hdrs.canFind("GET /path")); +@@ -559,7 +559,7 @@ unittest + }); + auto res = get(host ~ "/path"); + assert(res == "GETRESPONSE"); +- } ++ }*/ + } + + +@@ -598,7 +598,7 @@ if (is(T == char) || is(T == ubyte)) + + unittest + { +- foreach (host; [testServer.addr, "http://"~testServer.addr]) ++ /*foreach (host; [testServer.addr, "http://"~testServer.addr]) + { + testServer.handle((s) { + auto req = s.recvReq; +@@ -608,12 +608,12 @@ unittest + }); + auto res = post(host ~ "/path", "POSTBODY"); + assert(res == "POSTRESPONSE"); +- } ++ }*/ + } + + unittest + { +- auto data = new ubyte[](256); ++ /*auto data = new ubyte[](256); + foreach (i, ref ub; data) + ub = cast(ubyte)i; + +@@ -624,7 +624,7 @@ unittest + s.send(httpOK(cast(ubyte[])[17, 27, 35, 41])); + }); + auto res = post!ubyte(testServer.addr, data); +- assert(res == cast(ubyte[])[17, 27, 35, 41]); ++ assert(res == cast(ubyte[])[17, 27, 35, 41]);*/ + } + + +@@ -680,7 +680,7 @@ T[] put(Conn = AutoProtocol, T = char, PutUnit)(const(char)[] url, const(PutUnit + + unittest + { +- foreach (host; [testServer.addr, "http://"~testServer.addr]) ++ /*foreach (host; [testServer.addr, "http://"~testServer.addr]) + { + testServer.handle((s) { + auto req = s.recvReq; +@@ -690,7 +690,7 @@ unittest + }); + auto res = put(host ~ "/path", "PUTBODY"); + assert(res == "PUTRESPONSE"); +- } ++ }*/ + } + + +@@ -742,7 +742,7 @@ void del(Conn = AutoProtocol)(const(char)[] url, Conn conn = Conn()) + + unittest + { +- foreach (host; [testServer.addr, "http://"~testServer.addr]) ++ /*foreach (host; [testServer.addr, "http://"~testServer.addr]) + { + testServer.handle((s) { + auto req = s.recvReq; +@@ -750,7 +750,7 @@ unittest + s.send(httpOK()); + }); + del(host ~ "/path"); +- } ++ }*/ + } + + +@@ -796,13 +796,13 @@ T[] options(T = char, OptionsUnit)(const(char)[] url, + + unittest + { +- testServer.handle((s) { ++ /*testServer.handle((s) { + auto req = s.recvReq; + assert(req.hdrs.canFind("OPTIONS /path")); + s.send(httpOK("OPTIONSRESPONSE")); + }); + auto res = options(testServer.addr ~ "/path"); +- assert(res == "OPTIONSRESPONSE"); ++ assert(res == "OPTIONSRESPONSE");*/ + } + + +@@ -836,13 +836,13 @@ T[] trace(T = char)(const(char)[] url, HTTP conn = HTTP()) + + unittest + { +- testServer.handle((s) { ++ /*testServer.handle((s) { + auto req = s.recvReq; + assert(req.hdrs.canFind("TRACE /path")); + s.send(httpOK("TRACERESPONSE")); + }); + auto res = trace(testServer.addr ~ "/path"); +- assert(res == "TRACERESPONSE"); ++ assert(res == "TRACERESPONSE");*/ + } + + +@@ -875,13 +875,13 @@ T[] connect(T = char)(const(char)[] url, HTTP conn = HTTP()) + + unittest + { +- testServer.handle((s) { ++ /*testServer.handle((s) { + auto req = s.recvReq; + assert(req.hdrs.canFind("CONNECT /path")); + s.send(httpOK("CONNECTRESPONSE")); + }); + auto res = connect(testServer.addr ~ "/path"); +- assert(res == "CONNECTRESPONSE"); ++ assert(res == "CONNECTRESPONSE");*/ + } + + +@@ -919,14 +919,14 @@ T[] patch(T = char, PatchUnit)(const(char)[] url, const(PatchUnit)[] patchData, + + unittest + { +- testServer.handle((s) { ++ /*testServer.handle((s) { + auto req = s.recvReq; + assert(req.hdrs.canFind("PATCH /path")); + assert(req.bdy.canFind("PATCHBODY")); + s.send(httpOK("PATCHRESPONSE")); + }); + auto res = patch(testServer.addr ~ "/path", "PATCHBODY"); +- assert(res == "PATCHRESPONSE"); ++ assert(res == "PATCHRESPONSE");*/ + } + + +@@ -1031,19 +1031,19 @@ private auto _basicHTTP(T)(const(char)[] url, const(void)[] sendData, HTTP clien + + unittest + { +- testServer.handle((s) { ++ /*testServer.handle((s) { + auto req = s.recvReq; + assert(req.hdrs.canFind("GET /path")); + s.send(httpNotFound()); + }); + auto e = collectException!CurlException(get(testServer.addr ~ "/path")); +- assert(e.msg == "HTTP request returned status code 404 (Not Found)"); ++ assert(e.msg == "HTTP request returned status code 404 (Not Found)");*/ + } + + // Bugzilla 14760 - content length must be reset after post + unittest + { +- testServer.handle((s) { ++ /*testServer.handle((s) { + auto req = s.recvReq; + assert(req.hdrs.canFind("POST /")); + assert(req.bdy.canFind("POSTBODY")); +@@ -1061,7 +1061,7 @@ unittest + auto res = post(testServer.addr, "POSTBODY", http); + assert(res == "POSTRESPONSE"); + res = trace(testServer.addr, http); +- assert(res == "TRACERESPONSE"); ++ assert(res == "TRACERESPONSE");*/ + } + + /* +@@ -1265,14 +1265,14 @@ if (isCurlConn!Conn && isSomeChar!Char && isSomeChar!Terminator) + + unittest + { +- foreach (host; [testServer.addr, "http://"~testServer.addr]) ++ /*foreach (host; [testServer.addr, "http://"~testServer.addr]) + { + testServer.handle((s) { + auto req = s.recvReq; + s.send(httpOK("Line1\nLine2\nLine3")); + }); + assert(byLine(host).equal(["Line1", "Line2", "Line3"])); +- } ++ }*/ + } + + /** HTTP/FTP fetch content as a range of chunks. +@@ -1337,14 +1337,14 @@ auto byChunk(Conn = AutoProtocol) + + unittest + { +- foreach (host; [testServer.addr, "http://"~testServer.addr]) ++ /*foreach (host; [testServer.addr, "http://"~testServer.addr]) + { + testServer.handle((s) { + auto req = s.recvReq; + s.send(httpOK(cast(ubyte[])[0, 1, 2, 3, 4, 5])); + }); + assert(byChunk(host, 2).equal([[0, 1], [2, 3], [4, 5]])); +- } ++ }*/ + } + + private T[] _getForRange(T,Conn)(const(char)[] url, Conn conn) +@@ -1629,14 +1629,14 @@ auto byLineAsync(Conn = AutoProtocol, Terminator = char, Char = char) + + unittest + { +- foreach (host; [testServer.addr, "http://"~testServer.addr]) ++ /*foreach (host; [testServer.addr, "http://"~testServer.addr]) + { + testServer.handle((s) { + auto req = s.recvReq; + s.send(httpOK("Line1\nLine2\nLine3")); + }); + assert(byLineAsync(host).equal(["Line1", "Line2", "Line3"])); +- } ++ }*/ + } + + +@@ -1778,14 +1778,14 @@ auto byChunkAsync(Conn = AutoProtocol) + + unittest + { +- foreach (host; [testServer.addr, "http://"~testServer.addr]) ++ /*foreach (host; [testServer.addr, "http://"~testServer.addr]) + { + testServer.handle((s) { + auto req = s.recvReq; + s.send(httpOK(cast(ubyte[])[0, 1, 2, 3, 4, 5])); + }); + assert(byChunkAsync(host, 2).equal([[0, 1], [2, 3], [4, 5]])); +- } ++ }*/ + } + + +@@ -2041,7 +2041,7 @@ private mixin template Protocol() + + unittest + { +- testServer.handle((s) { ++ /*testServer.handle((s) { + auto req = s.recvReq; + assert(req.hdrs.canFind("GET /")); + assert(req.hdrs.canFind("Basic dXNlcjpwYXNz")); +@@ -2051,7 +2051,7 @@ private mixin template Protocol() + auto http = HTTP(testServer.addr); + http.onReceive = (ubyte[] data) { return data.length; }; + http.setAuthentication("user", "pass"); +- http.perform(); ++ http.perform();*/ + } + + /** +@@ -2959,7 +2959,7 @@ struct HTTP + + unittest + { +- testServer.handle((s) { ++ /*testServer.handle((s) { + auto req = s.recvReq!ubyte; + assert(req.hdrs.canFind("POST /path")); + assert(req.bdy.canFind(cast(ubyte[])[0, 1, 2, 3, 4])); +@@ -2975,7 +2975,7 @@ struct HTTP + ubyte[] res; + http.onReceive = (data) { res ~= data; return data.length; }; + http.perform(); +- assert(res == cast(ubyte[])[17, 27, 35, 41]); ++ assert(res == cast(ubyte[])[17, 27, 35, 41]);*/ + } + + /** +diff --git a/std/path.d b/std/path.d +index 60c844f..0598104 100644 +--- a/std/path.d ++++ b/std/path.d +@@ -3953,8 +3953,10 @@ unittest + } + else + { ++/* + assert(expandTilde("~root") == "/root", expandTilde("~root")); + assert(expandTilde("~root/") == "/root/", expandTilde("~root/")); ++*/ + } + assert(expandTilde("~Idontexist/hey") == "~Idontexist/hey"); + } +diff --git a/std/socket.d b/std/socket.d +index 7f5a3c3..e68b881 100644 +--- a/std/socket.d ++++ b/std/socket.d +@@ -481,15 +481,15 @@ unittest + { + softUnittest({ + Protocol proto = new Protocol; +- assert(proto.getProtocolByType(ProtocolType.TCP)); ++ //assert(proto.getProtocolByType(ProtocolType.TCP)); + //writeln("About protocol TCP:"); + //writefln("\tName: %s", proto.name); + // foreach(string s; proto.aliases) + // { + // writefln("\tAlias: %s", s); + // } +- assert(proto.name == "tcp"); +- assert(proto.aliases.length == 1 && proto.aliases[0] == "TCP"); ++ //assert(proto.name == "tcp"); ++ //assert(proto.aliases.length == 1 && proto.aliases[0] == "TCP"); + }); + } + +@@ -832,9 +832,9 @@ unittest + InternetHost ih = new InternetHost; + + ih.getHostByAddr(0x7F_00_00_01); +- assert(ih.addrList[0] == 0x7F_00_00_01); ++ //assert(ih.addrList[0] == 0x7F_00_00_01); + ih.getHostByAddr("127.0.0.1"); +- assert(ih.addrList[0] == 0x7F_00_00_01); ++ //assert(ih.addrList[0] == 0x7F_00_00_01); + + softUnittest({ + if (!ih.getHostByName("www.digitalmars.com")) diff --git a/gnu/packages/patches/libarchive-7zip-heap-overflow.patch b/gnu/packages/patches/libarchive-7zip-heap-overflow.patch deleted file mode 100644 index bef628f0a8..0000000000 --- a/gnu/packages/patches/libarchive-7zip-heap-overflow.patch +++ /dev/null @@ -1,77 +0,0 @@ -Fix buffer overflow reading 7Zip files: - -https://github.com/libarchive/libarchive/issues/761 - -Patch copied from upstream repository: - -https://github.com/libarchive/libarchive/commit/7f17c791dcfd8c0416e2cd2485b19410e47ef126 - -From 7f17c791dcfd8c0416e2cd2485b19410e47ef126 Mon Sep 17 00:00:00 2001 -From: Tim Kientzle <kientzle@acm.org> -Date: Sun, 18 Sep 2016 18:14:58 -0700 -Subject: [PATCH] Issue 761: Heap overflow reading corrupted 7Zip files - -The sample file that demonstrated this had multiple 'EmptyStream' -attributes. The first one ended up being used to calculate -certain statistics, then was overwritten by the second which -was incompatible with those statistics. - -The fix here is to reject any header with multiple EmptyStream -attributes. While here, also reject headers with multiple -EmptyFile, AntiFile, Name, or Attributes markers. ---- - libarchive/archive_read_support_format_7zip.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/libarchive/archive_read_support_format_7zip.c b/libarchive/archive_read_support_format_7zip.c -index 1dfe52b..c0a536c 100644 ---- a/libarchive/archive_read_support_format_7zip.c -+++ b/libarchive/archive_read_support_format_7zip.c -@@ -2431,6 +2431,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h, - - switch (type) { - case kEmptyStream: -+ if (h->emptyStreamBools != NULL) -+ return (-1); - h->emptyStreamBools = calloc((size_t)zip->numFiles, - sizeof(*h->emptyStreamBools)); - if (h->emptyStreamBools == NULL) -@@ -2451,6 +2453,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h, - return (-1); - break; - } -+ if (h->emptyFileBools != NULL) -+ return (-1); - h->emptyFileBools = calloc(empty_streams, - sizeof(*h->emptyFileBools)); - if (h->emptyFileBools == NULL) -@@ -2465,6 +2469,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h, - return (-1); - break; - } -+ if (h->antiBools != NULL) -+ return (-1); - h->antiBools = calloc(empty_streams, - sizeof(*h->antiBools)); - if (h->antiBools == NULL) -@@ -2491,6 +2497,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h, - if ((ll & 1) || ll < zip->numFiles * 4) - return (-1); - -+ if (zip->entry_names != NULL) -+ return (-1); - zip->entry_names = malloc(ll); - if (zip->entry_names == NULL) - return (-1); -@@ -2543,6 +2551,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h, - if ((p = header_bytes(a, 2)) == NULL) - return (-1); - allAreDefined = *p; -+ if (h->attrBools != NULL) -+ return (-1); - h->attrBools = calloc((size_t)zip->numFiles, - sizeof(*h->attrBools)); - if (h->attrBools == NULL) --- -2.10.0 - diff --git a/gnu/packages/patches/libarchive-fix-filesystem-attacks.patch b/gnu/packages/patches/libarchive-fix-filesystem-attacks.patch deleted file mode 100644 index bce63d5e4e..0000000000 --- a/gnu/packages/patches/libarchive-fix-filesystem-attacks.patch +++ /dev/null @@ -1,445 +0,0 @@ -This patch fixes two bugs that allow attackers to overwrite or change -the permissions of arbitrary files: - -https://github.com/libarchive/libarchive/issues/745 -https://github.com/libarchive/libarchive/issues/746 - -Patch copied from upstream repository: - -https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9 - -From dfd6b54ce33960e420fb206d8872fb759b577ad9 Mon Sep 17 00:00:00 2001 -From: Tim Kientzle <kientzle@acm.org> -Date: Sun, 11 Sep 2016 13:21:57 -0700 -Subject: [PATCH] Fixes for Issue #745 and Issue #746 from Doran Moppert. - ---- - libarchive/archive_write_disk_posix.c | 294 ++++++++++++++++++++++++++-------- - 1 file changed, 227 insertions(+), 67 deletions(-) - -diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c -index 8f0421e..abe1a86 100644 ---- a/libarchive/archive_write_disk_posix.c -+++ b/libarchive/archive_write_disk_posix.c -@@ -326,12 +326,14 @@ struct archive_write_disk { - - #define HFS_BLOCKS(s) ((s) >> 12) - -+static int check_symlinks_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags); - static int check_symlinks(struct archive_write_disk *); - static int create_filesystem_object(struct archive_write_disk *); - static struct fixup_entry *current_fixup(struct archive_write_disk *, const char *pathname); - #if defined(HAVE_FCHDIR) && defined(PATH_MAX) - static void edit_deep_directories(struct archive_write_disk *ad); - #endif -+static int cleanup_pathname_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags); - static int cleanup_pathname(struct archive_write_disk *); - static int create_dir(struct archive_write_disk *, char *); - static int create_parent_dir(struct archive_write_disk *, char *); -@@ -2014,6 +2016,10 @@ create_filesystem_object(struct archive_write_disk *a) - const char *linkname; - mode_t final_mode, mode; - int r; -+ /* these for check_symlinks_fsobj */ -+ char *linkname_copy; /* non-const copy of linkname */ -+ struct archive_string error_string; -+ int error_number; - - /* We identify hard/symlinks according to the link names. */ - /* Since link(2) and symlink(2) don't handle modes, we're done here. */ -@@ -2022,6 +2028,27 @@ create_filesystem_object(struct archive_write_disk *a) - #if !HAVE_LINK - return (EPERM); - #else -+ archive_string_init(&error_string); -+ linkname_copy = strdup(linkname); -+ if (linkname_copy == NULL) { -+ return (EPERM); -+ } -+ /* TODO: consider using the cleaned-up path as the link target? */ -+ r = cleanup_pathname_fsobj(linkname_copy, &error_number, &error_string, a->flags); -+ if (r != ARCHIVE_OK) { -+ archive_set_error(&a->archive, error_number, "%s", error_string.s); -+ free(linkname_copy); -+ /* EPERM is more appropriate than error_number for our callers */ -+ return (EPERM); -+ } -+ r = check_symlinks_fsobj(linkname_copy, &error_number, &error_string, a->flags); -+ if (r != ARCHIVE_OK) { -+ archive_set_error(&a->archive, error_number, "%s", error_string.s); -+ free(linkname_copy); -+ /* EPERM is more appropriate than error_number for our callers */ -+ return (EPERM); -+ } -+ free(linkname_copy); - r = link(linkname, a->name) ? errno : 0; - /* - * New cpio and pax formats allow hardlink entries -@@ -2362,115 +2389,228 @@ current_fixup(struct archive_write_disk *a, const char *pathname) - * recent paths. - */ - /* TODO: Extend this to support symlinks on Windows Vista and later. */ -+ -+/* -+ * Checks the given path to see if any elements along it are symlinks. Returns -+ * ARCHIVE_OK if there are none, otherwise puts an error in errmsg. -+ */ - static int --check_symlinks(struct archive_write_disk *a) -+check_symlinks_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags) - { - #if !defined(HAVE_LSTAT) - /* Platform doesn't have lstat, so we can't look for symlinks. */ - (void)a; /* UNUSED */ -+ (void)path; /* UNUSED */ -+ (void)error_number; /* UNUSED */ -+ (void)error_string; /* UNUSED */ -+ (void)flags; /* UNUSED */ - return (ARCHIVE_OK); - #else -- char *pn; -+ int res = ARCHIVE_OK; -+ char *tail; -+ char *head; -+ int last; - char c; - int r; - struct stat st; -+ int restore_pwd; -+ -+ /* Nothing to do here if name is empty */ -+ if(path[0] == '\0') -+ return (ARCHIVE_OK); - - /* - * Guard against symlink tricks. Reject any archive entry whose - * destination would be altered by a symlink. -+ * -+ * Walk the filename in chunks separated by '/'. For each segment: -+ * - if it doesn't exist, continue -+ * - if it's symlink, abort or remove it -+ * - if it's a directory and it's not the last chunk, cd into it -+ * As we go: -+ * head points to the current (relative) path -+ * tail points to the temporary \0 terminating the segment we're currently examining -+ * c holds what used to be in *tail -+ * last is 1 if this is the last tail - */ -- /* Whatever we checked last time doesn't need to be re-checked. */ -- pn = a->name; -- if (archive_strlen(&(a->path_safe)) > 0) { -- char *p = a->path_safe.s; -- while ((*pn != '\0') && (*p == *pn)) -- ++p, ++pn; -- } -+ restore_pwd = open(".", O_RDONLY | O_BINARY | O_CLOEXEC); -+ __archive_ensure_cloexec_flag(restore_pwd); -+ if (restore_pwd < 0) -+ return (ARCHIVE_FATAL); -+ head = path; -+ tail = path; -+ last = 0; -+ /* TODO: reintroduce a safe cache here? */ - /* Skip the root directory if the path is absolute. */ -- if(pn == a->name && pn[0] == '/') -- ++pn; -- c = pn[0]; -- /* Keep going until we've checked the entire name. */ -- while (pn[0] != '\0' && (pn[0] != '/' || pn[1] != '\0')) { -+ if(tail == path && tail[0] == '/') -+ ++tail; -+ /* Keep going until we've checked the entire name. -+ * head, tail, path all alias the same string, which is -+ * temporarily zeroed at tail, so be careful restoring the -+ * stashed (c=tail[0]) for error messages. -+ * Exiting the loop with break is okay; continue is not. -+ */ -+ while (!last) { -+ /* Skip the separator we just consumed, plus any adjacent ones */ -+ while (*tail == '/') -+ ++tail; - /* Skip the next path element. */ -- while (*pn != '\0' && *pn != '/') -- ++pn; -- c = pn[0]; -- pn[0] = '\0'; -+ while (*tail != '\0' && *tail != '/') -+ ++tail; -+ /* is this the last path component? */ -+ last = (tail[0] == '\0') || (tail[0] == '/' && tail[1] == '\0'); -+ /* temporarily truncate the string here */ -+ c = tail[0]; -+ tail[0] = '\0'; - /* Check that we haven't hit a symlink. */ -- r = lstat(a->name, &st); -+ r = lstat(head, &st); - if (r != 0) { -+ tail[0] = c; - /* We've hit a dir that doesn't exist; stop now. */ - if (errno == ENOENT) { - break; - } else { -- /* Note: This effectively disables deep directory -+ /* Treat any other error as fatal - best to be paranoid here -+ * Note: This effectively disables deep directory - * support when security checks are enabled. - * Otherwise, very long pathnames that trigger - * an error here could evade the sandbox. - * TODO: We could do better, but it would probably - * require merging the symlink checks with the - * deep-directory editing. */ -- return (ARCHIVE_FAILED); -+ if (error_number) *error_number = errno; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Could not stat %s", -+ path); -+ res = ARCHIVE_FAILED; -+ break; -+ } -+ } else if (S_ISDIR(st.st_mode)) { -+ if (!last) { -+ if (chdir(head) != 0) { -+ tail[0] = c; -+ if (error_number) *error_number = errno; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Could not chdir %s", -+ path); -+ res = (ARCHIVE_FATAL); -+ break; -+ } -+ /* Our view is now from inside this dir: */ -+ head = tail + 1; - } - } else if (S_ISLNK(st.st_mode)) { -- if (c == '\0') { -+ if (last) { - /* - * Last element is symlink; remove it - * so we can overwrite it with the - * item being extracted. - */ -- if (unlink(a->name)) { -- archive_set_error(&a->archive, errno, -- "Could not remove symlink %s", -- a->name); -- pn[0] = c; -- return (ARCHIVE_FAILED); -+ if (unlink(head)) { -+ tail[0] = c; -+ if (error_number) *error_number = errno; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Could not remove symlink %s", -+ path); -+ res = ARCHIVE_FAILED; -+ break; - } -- a->pst = NULL; - /* - * Even if we did remove it, a warning - * is in order. The warning is silly, - * though, if we're just replacing one - * symlink with another symlink. - */ -- if (!S_ISLNK(a->mode)) { -- archive_set_error(&a->archive, 0, -- "Removing symlink %s", -- a->name); -+ tail[0] = c; -+ /* FIXME: not sure how important this is to restore -+ if (!S_ISLNK(path)) { -+ if (error_number) *error_number = 0; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Removing symlink %s", -+ path); - } -+ */ - /* Symlink gone. No more problem! */ -- pn[0] = c; -- return (0); -- } else if (a->flags & ARCHIVE_EXTRACT_UNLINK) { -+ res = ARCHIVE_OK; -+ break; -+ } else if (flags & ARCHIVE_EXTRACT_UNLINK) { - /* User asked us to remove problems. */ -- if (unlink(a->name) != 0) { -- archive_set_error(&a->archive, 0, -- "Cannot remove intervening symlink %s", -- a->name); -- pn[0] = c; -- return (ARCHIVE_FAILED); -+ if (unlink(head) != 0) { -+ tail[0] = c; -+ if (error_number) *error_number = 0; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Cannot remove intervening symlink %s", -+ path); -+ res = ARCHIVE_FAILED; -+ break; - } -- a->pst = NULL; -+ tail[0] = c; - } else { -- archive_set_error(&a->archive, 0, -- "Cannot extract through symlink %s", -- a->name); -- pn[0] = c; -- return (ARCHIVE_FAILED); -+ tail[0] = c; -+ if (error_number) *error_number = 0; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Cannot extract through symlink %s", -+ path); -+ res = ARCHIVE_FAILED; -+ break; - } - } -- pn[0] = c; -- if (pn[0] != '\0') -- pn++; /* Advance to the next segment. */ -+ /* be sure to always maintain this */ -+ tail[0] = c; -+ if (tail[0] != '\0') -+ tail++; /* Advance to the next segment. */ - } -- pn[0] = c; -- /* We've checked and/or cleaned the whole path, so remember it. */ -- archive_strcpy(&a->path_safe, a->name); -- return (ARCHIVE_OK); -+ /* Catches loop exits via break */ -+ tail[0] = c; -+#ifdef HAVE_FCHDIR -+ /* If we changed directory above, restore it here. */ -+ if (restore_pwd >= 0) { -+ r = fchdir(restore_pwd); -+ if (r != 0) { -+ if(error_number) *error_number = errno; -+ if(error_string) -+ archive_string_sprintf(error_string, -+ "chdir() failure"); -+ } -+ close(restore_pwd); -+ restore_pwd = -1; -+ if (r != 0) { -+ res = (ARCHIVE_FATAL); -+ } -+ } -+#endif -+ /* TODO: reintroduce a safe cache here? */ -+ return res; - #endif - } - -+/* -+ * Check a->name for symlinks, returning ARCHIVE_OK if its clean, otherwise -+ * calls archive_set_error and returns ARCHIVE_{FATAL,FAILED} -+ */ -+static int -+check_symlinks(struct archive_write_disk *a) -+{ -+ struct archive_string error_string; -+ int error_number; -+ int rc; -+ archive_string_init(&error_string); -+ rc = check_symlinks_fsobj(a->name, &error_number, &error_string, a->flags); -+ if (rc != ARCHIVE_OK) { -+ archive_set_error(&a->archive, error_number, "%s", error_string.s); -+ } -+ archive_string_free(&error_string); -+ a->pst = NULL; /* to be safe */ -+ return rc; -+} -+ -+ - #if defined(__CYGWIN__) - /* - * 1. Convert a path separator from '\' to '/' . -@@ -2544,15 +2684,17 @@ cleanup_pathname_win(struct archive_write_disk *a) - * is set) if the path is absolute. - */ - static int --cleanup_pathname(struct archive_write_disk *a) -+cleanup_pathname_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags) - { - char *dest, *src; - char separator = '\0'; - -- dest = src = a->name; -+ dest = src = path; - if (*src == '\0') { -- archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, -- "Invalid empty pathname"); -+ if (error_number) *error_number = ARCHIVE_ERRNO_MISC; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Invalid empty pathname"); - return (ARCHIVE_FAILED); - } - -@@ -2561,9 +2703,11 @@ cleanup_pathname(struct archive_write_disk *a) - #endif - /* Skip leading '/'. */ - if (*src == '/') { -- if (a->flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) { -- archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, -- "Path is absolute"); -+ if (flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) { -+ if (error_number) *error_number = ARCHIVE_ERRNO_MISC; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Path is absolute"); - return (ARCHIVE_FAILED); - } - -@@ -2590,10 +2734,11 @@ cleanup_pathname(struct archive_write_disk *a) - } else if (src[1] == '.') { - if (src[2] == '/' || src[2] == '\0') { - /* Conditionally warn about '..' */ -- if (a->flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) { -- archive_set_error(&a->archive, -- ARCHIVE_ERRNO_MISC, -- "Path contains '..'"); -+ if (flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) { -+ if (error_number) *error_number = ARCHIVE_ERRNO_MISC; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Path contains '..'"); - return (ARCHIVE_FAILED); - } - } -@@ -2624,7 +2769,7 @@ cleanup_pathname(struct archive_write_disk *a) - * We've just copied zero or more path elements, not including the - * final '/'. - */ -- if (dest == a->name) { -+ if (dest == path) { - /* - * Nothing got copied. The path must have been something - * like '.' or '/' or './' or '/././././/./'. -@@ -2639,6 +2784,21 @@ cleanup_pathname(struct archive_write_disk *a) - return (ARCHIVE_OK); - } - -+static int -+cleanup_pathname(struct archive_write_disk *a) -+{ -+ struct archive_string error_string; -+ int error_number; -+ int rc; -+ archive_string_init(&error_string); -+ rc = cleanup_pathname_fsobj(a->name, &error_number, &error_string, a->flags); -+ if (rc != ARCHIVE_OK) { -+ archive_set_error(&a->archive, error_number, "%s", error_string.s); -+ } -+ archive_string_free(&error_string); -+ return rc; -+} -+ - /* - * Create the parent directory of the specified path, assuming path - * is already in mutable storage. diff --git a/gnu/packages/patches/libarchive-fix-symlink-check.patch b/gnu/packages/patches/libarchive-fix-symlink-check.patch deleted file mode 100644 index f042c31a84..0000000000 --- a/gnu/packages/patches/libarchive-fix-symlink-check.patch +++ /dev/null @@ -1,60 +0,0 @@ -Make sure to check for symlinks even if the pathname is very long: - -https://github.com/libarchive/libarchive/issues/744 - -Patch copied from upstream repository: - -https://github.com/libarchive/libarchive/commit/1fa9c7bf90f0862036a99896b0501c381584451a - -From 1fa9c7bf90f0862036a99896b0501c381584451a Mon Sep 17 00:00:00 2001 -From: Tim Kientzle <kientzle@acm.org> -Date: Sun, 21 Aug 2016 17:11:45 -0700 -Subject: [PATCH] Issue #744 (part of Issue #743): Enforce sandbox with very - long pathnames - -Because check_symlinks is handled separately from the deep-directory -support, very long pathnames cause problems. Previously, the code -ignored most failures to lstat() a path component. In particular, -this led to check_symlinks always passing for very long paths, which -in turn provides a way to evade the symlink checks in the sandboxing -code. - -We now fail on unrecognized lstat() failures, which plugs this -hole at the cost of disabling deep directory support when the -user requests sandboxing. - -TODO: This probably cannot be completely fixed without -entirely reimplementing the deep directory support to -integrate the symlink checks. I want to reimplement the -deep directory hanlding someday anyway; openat() and -related system calls now provide a much cleaner way to -handle deep directories than the chdir approach used by this -code. ---- - libarchive/archive_write_disk_posix.c | 12 +++++++++++- - 1 file changed, 11 insertions(+), 1 deletion(-) - -diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c -index 39ee3b6..8f0421e 100644 ---- a/libarchive/archive_write_disk_posix.c -+++ b/libarchive/archive_write_disk_posix.c -@@ -2401,8 +2401,18 @@ check_symlinks(struct archive_write_disk *a) - r = lstat(a->name, &st); - if (r != 0) { - /* We've hit a dir that doesn't exist; stop now. */ -- if (errno == ENOENT) -+ if (errno == ENOENT) { - break; -+ } else { -+ /* Note: This effectively disables deep directory -+ * support when security checks are enabled. -+ * Otherwise, very long pathnames that trigger -+ * an error here could evade the sandbox. -+ * TODO: We could do better, but it would probably -+ * require merging the symlink checks with the -+ * deep-directory editing. */ -+ return (ARCHIVE_FAILED); -+ } - } else if (S_ISLNK(st.st_mode)) { - if (c == '\0') { - /* diff --git a/gnu/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch b/gnu/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch deleted file mode 100644 index 0e70ac90ce..0000000000 --- a/gnu/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch +++ /dev/null @@ -1,44 +0,0 @@ -Fixes this buffer overflow: -https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a - -Patch copied from upstream source repository: -https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a - -From e37b620fe8f14535d737e89a4dcabaed4517bf1a Mon Sep 17 00:00:00 2001 -From: Tim Kientzle <kientzle@acm.org> -Date: Sun, 21 Aug 2016 10:51:43 -0700 -Subject: [PATCH] Issue #767: Buffer overflow printing a filename - -The safe_fprintf function attempts to ensure clean output for an -arbitrary sequence of bytes by doing a trial conversion of the -multibyte characters to wide characters -- if the resulting wide -character is printable then we pass through the corresponding bytes -unaltered, otherwise, we convert them to C-style ASCII escapes. - -The stack trace in Issue #767 suggest that the 20-byte buffer -was getting overflowed trying to format a non-printable multibyte -character. This should only happen if there is a valid multibyte -character of more than 5 bytes that was unprintable. (Each byte -would get expanded to a four-charcter octal-style escape of the form -"\123" resulting in >20 characters for the >5 byte multibyte character.) - -I've not been able to reproduce this, but have expanded the conversion -buffer to 128 bytes on the belief that no multibyte character set -has a single character of more than 32 bytes. ---- - tar/util.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tar/util.c b/tar/util.c -index 9ff22f2..2b4aebe 100644 ---- a/tar/util.c -+++ b/tar/util.c -@@ -182,7 +182,7 @@ safe_fprintf(FILE *f, const char *fmt, ...) - } - - /* If our output buffer is full, dump it and keep going. */ -- if (i > (sizeof(outbuff) - 20)) { -+ if (i > (sizeof(outbuff) - 128)) { - outbuff[i] = '\0'; - fprintf(f, "%s", outbuff); - i = 0; diff --git a/gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch b/gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch new file mode 100644 index 0000000000..bffe2c454c --- /dev/null +++ b/gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch @@ -0,0 +1,41 @@ +Fix CVE-2016-10195 (buffer overread in libevent's DNS code): + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10195 +https://github.com/libevent/libevent/issues/317 + +Patch copied from upstream source repository: + +https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d + +From 3c570970516f48da35f42fef98276531fcc0abaa Mon Sep 17 00:00:00 2001 +From: Azat Khuzhin <a3at.mail@gmail.com> +Date: Mon, 1 Feb 2016 17:32:09 +0300 +Subject: [PATCH] evdns: name_parse(): fix remote stack overread + +--- + evdns.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/evdns.c b/evdns.c +index 60b10485..137c24ea 100644 +--- a/evdns.c ++++ b/evdns.c +@@ -960,7 +960,6 @@ name_parse(u8 *packet, int length, int *idx, char *name_out, int name_out_len) { + + for (;;) { + u8 label_len; +- if (j >= length) return -1; + GET8(label_len); + if (!label_len) break; + if (label_len & 0xc0) { +@@ -981,6 +980,7 @@ name_parse(u8 *packet, int length, int *idx, char *name_out, int name_out_len) { + *cp++ = '.'; + } + if (cp + label_len >= end) return -1; ++ if (j + label_len > length) return -1; + memcpy(cp, packet + j, label_len); + cp += label_len; + j += label_len; +-- +2.11.0 + diff --git a/gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch b/gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch new file mode 100644 index 0000000000..03f96e938b --- /dev/null +++ b/gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch @@ -0,0 +1,41 @@ +Fix CVE-2016-10196 (buffer overflow in evutil): + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10196 +https://github.com/libevent/libevent/issues/318 + +Patch copied from upstream source repository: + +https://github.com/libevent/libevent/commit/329acc18a0768c21ba22522f01a5c7f46cacc4d5 + +From 28bdc2f3f62259d21ccaf7be2b60ef0a53e6f342 Mon Sep 17 00:00:00 2001 +From: Azat Khuzhin <a3at.mail@gmail.com> +Date: Sun, 31 Jan 2016 00:57:16 +0300 +Subject: [PATCH] evutil_parse_sockaddr_port(): fix buffer overflow + +--- + evutil.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/evutil.c b/evutil.c +index 33445170..e2dfe6e4 100644 +--- a/evutil.c ++++ b/evutil.c +@@ -1808,12 +1808,12 @@ evutil_parse_sockaddr_port(const char *ip_as_string, struct sockaddr *out, int * + + cp = strchr(ip_as_string, ':'); + if (*ip_as_string == '[') { +- int len; ++ size_t len; + if (!(cp = strchr(ip_as_string, ']'))) { + return -1; + } +- len = (int) ( cp-(ip_as_string + 1) ); +- if (len > (int)sizeof(buf)-1) { ++ len = ( cp-(ip_as_string + 1) ); ++ if (len > sizeof(buf)-1) { + return -1; + } + memcpy(buf, ip_as_string+1, len); +-- +2.11.0 + diff --git a/gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch b/gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch new file mode 100644 index 0000000000..c62a328627 --- /dev/null +++ b/gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch @@ -0,0 +1,39 @@ +Fix CVE-2016-10197 (out of bounds read on empty hostnames in evdns): + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10197 +https://github.com/libevent/libevent/issues/332 + +Patch copied from upstream source repository: + +https://github.com/libevent/libevent/commit/ec65c42052d95d2c23d1d837136d1cf1d9ecef9e + +From a0305cec166a5bc89f1eb362510cc4cd25ecc0bc Mon Sep 17 00:00:00 2001 +From: Azat Khuzhin <a3at.mail@gmail.com> +Date: Fri, 25 Mar 2016 00:33:47 +0300 +Subject: [PATCH] evdns: fix searching empty hostnames + +--- + evdns.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/evdns.c b/evdns.c +index 137c24ea..6191c677 100644 +--- a/evdns.c ++++ b/evdns.c +@@ -3122,9 +3122,12 @@ search_set_from_hostname(struct evdns_base *base) { + static char * + search_make_new(const struct search_state *const state, int n, const char *const base_name) { + const size_t base_len = strlen(base_name); +- const char need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1; ++ char need_to_append_dot; + struct search_domain *dom; + ++ if (!base_len) return NULL; ++ need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1; ++ + for (dom = state->head; dom; dom = dom->next) { + if (!n--) { + /* this is the postfix we want */ +-- +2.11.0 + diff --git a/gnu/packages/patches/libevent-2.1-dns-tests.patch b/gnu/packages/patches/libevent-2.1-dns-tests.patch new file mode 100644 index 0000000000..091752a49d --- /dev/null +++ b/gnu/packages/patches/libevent-2.1-dns-tests.patch @@ -0,0 +1,26 @@ +Disable tests that rely on usable DNS lookups, which aren't available +in build chroots. + +--- libevent-2.0.21-stable/test/regress_dns.c 2013-01-20 22:32:09.000000000 +0100 ++++ libevent-2.0.21-stable/test/regress_dns.c 2013-01-20 22:32:30.000000000 +0100 +@@ -2120,10 +2120,6 @@ + + struct testcase_t dns_testcases[] = { + DNS_LEGACY(server, TT_FORK|TT_NEED_BASE), +- DNS_LEGACY(gethostbyname, TT_FORK|TT_NEED_BASE|TT_NEED_DNS|TT_OFF_BY_DEFAULT), +- DNS_LEGACY(gethostbyname6, TT_FORK|TT_NEED_BASE|TT_NEED_DNS|TT_OFF_BY_DEFAULT), +- DNS_LEGACY(gethostbyaddr, TT_FORK|TT_NEED_BASE|TT_NEED_DNS|TT_OFF_BY_DEFAULT), +- { "resolve_reverse", dns_resolve_reverse, TT_FORK|TT_OFF_BY_DEFAULT, NULL, NULL }, + { "search_empty", dns_search_empty_test, TT_FORK|TT_NEED_BASE, &basic_setup, NULL }, + { "search", dns_search_test, TT_FORK|TT_NEED_BASE, &basic_setup, NULL }, + { "search_lower", dns_search_lower_test, TT_FORK|TT_NEED_BASE, &basic_setup, NULL }, +@@ -2163,9 +2159,6 @@ + + { "client_fail_requests", dns_client_fail_requests_test, + TT_FORK|TT_NEED_BASE, &basic_setup, NULL }, +- { "client_fail_requests_getaddrinfo", +- dns_client_fail_requests_getaddrinfo_test, +- TT_FORK|TT_NEED_BASE, &basic_setup, NULL }, + + END_OF_TESTCASES + }; diff --git a/gnu/packages/patches/libevent-2.1-skip-failing-test.patch b/gnu/packages/patches/libevent-2.1-skip-failing-test.patch new file mode 100644 index 0000000000..d9ea1d422d --- /dev/null +++ b/gnu/packages/patches/libevent-2.1-skip-failing-test.patch @@ -0,0 +1,24 @@ +These fail on 32-bit due to an overflow bug in the test program. + +See test/regress_util.c:1448. + +Upstream bug URL: + +https://github.com/libevent/libevent/issues/452 + +diff --git a/test/regress_util.c b/test/regress_util.c +index ef6a1487..4de501fc 100644 +--- a/test/regress_util.c ++++ b/test/regress_util.c +@@ -1413,9 +1413,9 @@ static struct date_rfc1123_case { + { 1323648000, "Mon, 12 Dec 2011 00:00:00 GMT"}, + #ifndef _WIN32 + /** In win32 case we have max "23:59:59 January 18, 2038, UTC" for time32 */ +- { 4294967296, "Sun, 07 Feb 2106 06:28:16 GMT"} /* 2^32 */, ++ //{ 4294967296, "Sun, 07 Feb 2106 06:28:16 GMT"} /* 2^32 */, + /** In win32 case we have max "23:59:59, December 31, 3000, UTC" for time64 */ +- {253402300799, "Fri, 31 Dec 9999 23:59:59 GMT"} /* long long future no one can imagine */, ++ //{253402300799, "Fri, 31 Dec 9999 23:59:59 GMT"} /* long long future no one can imagine */, + { 1456704000, "Mon, 29 Feb 2016 00:00:00 GMT"} /* leap year */, + #endif + { 1435708800, "Wed, 01 Jul 2015 00:00:00 GMT"} /* leap second */, diff --git a/gnu/packages/patches/libpng-CVE-2016-10087.patch b/gnu/packages/patches/libpng-CVE-2016-10087.patch deleted file mode 100644 index 8093b3e448..0000000000 --- a/gnu/packages/patches/libpng-CVE-2016-10087.patch +++ /dev/null @@ -1,37 +0,0 @@ -Fix CVE-2016-10087, a null pointer dereference in png_set_text_2(): - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087 -http://seclists.org/oss-sec/2016/q4/777 - -Patch adapted from upstream source repository: - -https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb/ - -From 812768d7a9c973452222d454634496b25ed415eb Mon Sep 17 00:00:00 2001 -From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net> -Date: Thu, 29 Dec 2016 07:51:33 -0600 -Subject: [PATCH] [libpng16] Fixed a potential null pointer dereference in - png_set_text_2() - -(bug report and patch by Patrick Keshishian). ---- - ANNOUNCE | 2 ++ - CHANGES | 2 ++ - png.c | 1 + - 3 files changed, 5 insertions(+) - -diff --git a/png.c b/png.c -index 8afc28fc2..2e05de159 100644 ---- a/png.c -+++ b/png.c -@@ -477,6 +477,7 @@ png_free_data(png_const_structrp png_ptr, png_inforp info_ptr, png_uint_32 mask, - png_free(png_ptr, info_ptr->text); - info_ptr->text = NULL; - info_ptr->num_text = 0; -+ info_ptr->max_text = 0; - } - } - #endif --- -2.11.0 - diff --git a/gnu/packages/patches/libtiff-CVE-2017-5225.patch b/gnu/packages/patches/libtiff-CVE-2017-5225.patch new file mode 100644 index 0000000000..3158b49360 --- /dev/null +++ b/gnu/packages/patches/libtiff-CVE-2017-5225.patch @@ -0,0 +1,86 @@ +Fix CVE-2017-5225 (Heap based buffer overflow in tools/tiffcp): + +http://bugzilla.maptools.org/show_bug.cgi?id=2656 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5225 +https://security-tracker.debian.org/tracker/CVE-2017-5225 + +2017-01-11 Even Rouault <even.rouault at spatialys.com> + + * tools/tiffcp.c: error out cleanly in cpContig2SeparateByRow and + cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based +overflow. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2656 and + http://bugzilla.maptools.org/show_bug.cgi?id=2657 + + +less C/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog +new revision: 1.1210; previous revision: 1.1209 +/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v <-- tools/tiffcp.c +new revision: 1.61; previous revision: 1.60 + +Index: libtiff/tools/tiffcp.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v +retrieving revision 1.60 +retrieving revision 1.61 +diff -u -r1.60 -r1.61 +--- libtiff/tools/tiffcp.c 3 Dec 2016 16:50:02 -0000 1.60 ++++ libtiff/tools/tiffcp.c 11 Jan 2017 19:26:14 -0000 1.61 +#@@ -1,4 +1,4 @@ +#-/* $Id: tiffcp.c,v 1.60 2016-12-03 16:50:02 erouault Exp $ */ +#+/* $Id: tiffcp.c,v 1.61 2017-01-11 19:26:14 erouault Exp $ */ +# +# /* +# * Copyright (c) 1988-1997 Sam Leffler +@@ -591,7 +591,7 @@ + static int + tiffcp(TIFF* in, TIFF* out) + { +- uint16 bitspersample, samplesperpixel = 1; ++ uint16 bitspersample = 1, samplesperpixel = 1; + uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK; + copyFunc cf; + uint32 width, length; +@@ -1067,6 +1067,16 @@ + register uint32 n; + uint32 row; + tsample_t s; ++ uint16 bps = 0; ++ ++ (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps); ++ if( bps != 8 ) ++ { ++ TIFFError(TIFFFileName(in), ++ "Error, can only handle BitsPerSample=8 in %s", ++ "cpContig2SeparateByRow"); ++ return 0; ++ } + + inbuf = _TIFFmalloc(scanlinesizein); + outbuf = _TIFFmalloc(scanlinesizeout); +@@ -1120,6 +1130,16 @@ + register uint32 n; + uint32 row; + tsample_t s; ++ uint16 bps = 0; ++ ++ (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps); ++ if( bps != 8 ) ++ { ++ TIFFError(TIFFFileName(in), ++ "Error, can only handle BitsPerSample=8 in %s", ++ "cpSeparate2ContigByRow"); ++ return 0; ++ } + + inbuf = _TIFFmalloc(scanlinesizein); + outbuf = _TIFFmalloc(scanlinesizeout); +@@ -1784,7 +1804,7 @@ + uint32 w, l, tw, tl; + int bychunk; + +- (void) TIFFGetField(in, TIFFTAG_PLANARCONFIG, &shortv); ++ (void) TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &shortv); + if (shortv != config && bitspersample != 8 && samplesperpixel > 1) { + fprintf(stderr, + "%s: Cannot handle different planar configuration w/ bits/sample != 8\n", diff --git a/gnu/packages/patches/libupnp-CVE-2016-6255.patch b/gnu/packages/patches/libupnp-CVE-2016-6255.patch deleted file mode 100644 index c9a3fa284c..0000000000 --- a/gnu/packages/patches/libupnp-CVE-2016-6255.patch +++ /dev/null @@ -1,50 +0,0 @@ -Fix CVE-2016-6255: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6255 -http://www.openwall.com/lists/oss-security/2016/07/18/13 - -Patch adapted from upstream commit: - -https://github.com/mrjimenez/pupnp/commit/d64d6a44906b5aa5306bdf1708531d698654dda5 - -The upstream change is simplified to unconditionally disable the HTTP -POST feature. - -From d64d6a44906b5aa5306bdf1708531d698654dda5 Mon Sep 17 00:00:00 2001 -From: Matthew Garrett <mjg59@srcf.ucam.org> -Date: Tue, 23 Feb 2016 13:53:20 -0800 -Subject: [PATCH] Don't allow unhandled POSTs to write to the filesystem by - default - -If there's no registered handler for a POST request, the default behaviour -is to write it to the filesystem. Several million deployed devices appear -to have this behaviour, making it possible to (at least) store arbitrary -data on them. Add a configure option that enables this behaviour, and change -the default to just drop POSTs that aren't directly handled. - -Signed-off-by: Marcelo Roberto Jimenez <mroberto@users.sourceforge.net> -(cherry picked from commit c91a8a3903367e1163765b73eb4d43be7d7927fa) ---- - configure.ac | 9 +++++++++ - upnp/inc/upnpconfig.h.in | 9 +++++++++ - upnp/src/genlib/net/http/webserver.c | 4 ++++ - 3 files changed, 22 insertions(+) - -diff --git a/upnp/src/genlib/net/http/webserver.c b/upnp/src/genlib/net/http/webserver.c -index 26bf0f7..7ae8c1e 100644 ---- a/upnp/src/genlib/net/http/webserver.c -+++ b/upnp/src/genlib/net/http/webserver.c -@@ -1367,9 +1367,13 @@ static int http_RecvPostMessage( - if (Fp == NULL) - return HTTP_INTERNAL_SERVER_ERROR; - } else { -+#if 0 - Fp = fopen(filename, "wb"); - if (Fp == NULL) - return HTTP_UNAUTHORIZED; -+#else -+ return HTTP_NOT_FOUND; -+#endif - } - parser->position = POS_ENTITY; - do { diff --git a/gnu/packages/patches/libupnp-CVE-2016-8863.patch b/gnu/packages/patches/libupnp-CVE-2016-8863.patch deleted file mode 100644 index 9978b39487..0000000000 --- a/gnu/packages/patches/libupnp-CVE-2016-8863.patch +++ /dev/null @@ -1,72 +0,0 @@ -Fix CVE-2016-8863: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8863 -https://sourceforge.net/p/pupnp/bugs/133/ - -Patch copied from upstream source repository: - -https://sourceforge.net/p/pupnp/code/ci/9c099c2923ab4d98530ab5204af1738be5bddba7/ - -From 9c099c2923ab4d98530ab5204af1738be5bddba7 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= <ukleinek@debian.org> -Date: Thu, 8 Dec 2016 17:11:53 +0100 -Subject: [PATCH] Fix out-of-bound access in create_url_list() (CVE-2016-8863) - -If there is an invalid URL in URLS->buf after a valid one, uri_parse is -called with out pointing after the allocated memory. As uri_parse writes -to *out before returning an error the loop in create_url_list must be -stopped early to prevent an out-of-bound access - -Bug: https://sourceforge.net/p/pupnp/bugs/133/ -Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8863 -Bug-Debian: https://bugs.debian.org/842093 -Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=1388771 -(cherry picked from commit a0f6e719bc03c4d2fe6a4a42ef6b8761446f520b) ---- - upnp/src/gena/gena_device.c | 17 ++++++++++++----- - 1 file changed, 12 insertions(+), 5 deletions(-) - -diff --git a/upnp/src/gena/gena_device.c b/upnp/src/gena/gena_device.c -index fb04a29..245c56b 100644 ---- a/upnp/src/gena/gena_device.c -+++ b/upnp/src/gena/gena_device.c -@@ -1113,7 +1113,7 @@ static int create_url_list( - /*! [out] . */ - URL_list *out) - { -- size_t URLcount = 0; -+ size_t URLcount = 0, URLcount2 = 0; - size_t i; - int return_code = 0; - uri_type temp; -@@ -1155,16 +1155,23 @@ static int create_url_list( - } - memcpy( out->URLs, URLS->buff, URLS->size ); - out->URLs[URLS->size] = 0; -- URLcount = 0; - for( i = 0; i < URLS->size; i++ ) { - if( ( URLS->buff[i] == '<' ) && ( i + 1 < URLS->size ) ) { - if( ( ( return_code = - parse_uri( &out->URLs[i + 1], URLS->size - i + 1, -- &out->parsedURLs[URLcount] ) ) == -+ &out->parsedURLs[URLcount2] ) ) == - HTTP_SUCCESS ) -- && ( out->parsedURLs[URLcount].hostport.text.size != -+ && ( out->parsedURLs[URLcount2].hostport.text.size != - 0 ) ) { -- URLcount++; -+ URLcount2++; -+ if (URLcount2 >= URLcount) -+ /* -+ * break early here in case there is a bogus URL that -+ * was skipped above. This prevents to access -+ * out->parsedURLs[URLcount] which is beyond the -+ * allocation. -+ */ -+ break; - } else { - if( return_code == UPNP_E_OUTOF_MEMORY ) { - free( out->URLs ); --- -2.11.0 - diff --git a/gnu/packages/patches/libvpx-CVE-2016-2818.patch b/gnu/packages/patches/libvpx-CVE-2016-2818.patch index 1fdf01cbca..bef3448b81 100644 --- a/gnu/packages/patches/libvpx-CVE-2016-2818.patch +++ b/gnu/packages/patches/libvpx-CVE-2016-2818.patch @@ -9,15 +9,15 @@ Patch contents copied from Mozilla esr45 changeset 312077:7ebfe49f001c --- libvpx-1.5.0/vp8/vp8_cx_iface.c.orig 2015-11-09 17:12:38.000000000 -0500 +++ libvpx-1.5.0/vp8/vp8_cx_iface.c 2016-06-08 08:48:46.037213092 -0400 -@@ -925,11 +925,19 @@ - { - res = image2yuvconfig(img, &sd); +@@ -860,11 +860,20 @@ + if (img != NULL) { + res = image2yuvconfig(img, &sd); -- if (vp8_receive_raw_frame(ctx->cpi, ctx->next_frame_flag | lib_flags, -- &sd, dst_time_stamp, dst_end_time_stamp)) -- { -- VP8_COMP *cpi = (VP8_COMP *)ctx->cpi; -- res = update_error_state(ctx, &cpi->common.error); +- if (vp8_receive_raw_frame(ctx->cpi, ctx->next_frame_flag | lib_flags, &sd, +- dst_time_stamp, dst_end_time_stamp)) { +- VP8_COMP *cpi = (VP8_COMP *)ctx->cpi; +- res = update_error_state(ctx, &cpi->common.error); +- } + if (sd.y_width != ctx->cfg.g_w || sd.y_height != ctx->cfg.g_h) { + /* from vp8_encoder.h for g_w/g_h: + "Note that the frames passed as input to the encoder must have this resolution" @@ -31,6 +31,7 @@ Patch contents copied from Mozilla esr45 changeset 312077:7ebfe49f001c + VP8_COMP *cpi = (VP8_COMP *)ctx->cpi; + res = update_error_state(ctx, &cpi->common.error); + } - } ++ } - /* reset for next frame */ + /* reset for next frame */ + ctx->next_frame_flag = 0; diff --git a/gnu/packages/patches/netsurf-about.patch b/gnu/packages/patches/netsurf-about.patch deleted file mode 100644 index 1fb8eae824..0000000000 --- a/gnu/packages/patches/netsurf-about.patch +++ /dev/null @@ -1,26 +0,0 @@ ---- netsurf-all-3.5/netsurf/gtk/about.c -+++ netsurf-all-3.5/netsurf/gtk/about.c -@@ -79,11 +79,11 @@ - switch (response_id) { - - case ABOUT_RESPONSE_ID_LICENCE: -- about_open("about:credits"); -+ about_open("about:licence"); - break; - - case ABOUT_RESPONSE_ID_CREDITS: -- about_open("about:licence"); -+ about_open("about:credits"); - break; - } - ---- netsurf-all-3.5/netsurf/desktop/version.c -+++ netsurf-all-3.5/netsurf/desktop/version.c -@@ -20,6 +20,6 @@ - - #include "desktop/version.h" - --const char * const netsurf_version = "3.5 (6th April 1016)"; -+const char * const netsurf_version = "3.5 (6th April 2016)"; - const int netsurf_version_major = 3; - const int netsurf_version_minor = 5; diff --git a/gnu/packages/patches/netsurf-longer-test-timeout.patch b/gnu/packages/patches/netsurf-longer-test-timeout.patch new file mode 100644 index 0000000000..4dd5a8539f --- /dev/null +++ b/gnu/packages/patches/netsurf-longer-test-timeout.patch @@ -0,0 +1,20 @@ +Increase the timeout on dictionary tests to accommodate slower machines. + +--- netsurf-3.6/test/hashtable.c ++++ netsurf-3.6/test/hashtable.c +@@ -286,6 +286,7 @@ + tcase_add_checked_fixture(tc_dict_s, + dicts_hashtable_create, + dict_hashtable_teardown); ++ tcase_set_timeout(tc_dict_s, 30); + + tcase_add_test(tc_dict_s, hashtable_dict_test); + +@@ -297,6 +298,7 @@ + tcase_add_checked_fixture(tc_dict_l, + dictl_hashtable_create, + dict_hashtable_teardown); ++ tcase_set_timeout(tc_dict_l, 30); + + tcase_add_test(tc_dict_l, hashtable_dict_test); + diff --git a/gnu/packages/patches/netsurf-system-utf8proc.patch b/gnu/packages/patches/netsurf-system-utf8proc.patch new file mode 100644 index 0000000000..254bf52c93 --- /dev/null +++ b/gnu/packages/patches/netsurf-system-utf8proc.patch @@ -0,0 +1,64 @@ +Use upstream utf8proc package, as suggested in +http://source.netsurf-browser.org/libutf8proc.git/commit/?id=770e329cceaf0620c7b482589a9b17ed1d19c16d + +Work around upstream's lack of a pkg-config file and update API. + +--- netsurf-3.6/Makefile ++++ netsurf-3.6/Makefile +@@ -527,10 +527,9 @@ + $(eval $(call pkg_config_find_and_add,libcss,CSS)) + $(eval $(call pkg_config_find_and_add,libdom,DOM)) + $(eval $(call pkg_config_find_and_add,libnsutils,nsutils)) +-$(eval $(call pkg_config_find_and_add,libutf8proc,utf8proc)) + + # Common libraries without pkg-config support +-LDFLAGS += -lz ++LDFLAGS += -lz -lutf8proc + + # Optional libraries with pkgconfig + +--- netsurf-3.6/utils/idna.c ++++ netsurf-3.6/utils/idna.c +@@ -26,7 +26,7 @@ + #include <stdint.h> + #include <stdlib.h> + #include <string.h> +-#include <libutf8proc/utf8proc.h> ++#include <utf8proc.h> + + #include "utils/errors.h" + #include "utils/idna.h" +@@ -250,7 +250,7 @@ + return NSERROR_NOMEM; + } + +- nfc_size = utf8proc_normalise(nfc_label, nfc_size, ++ nfc_size = utf8proc_normalize_utf32(nfc_label, nfc_size, + UTF8PROC_STABLE | UTF8PROC_COMPOSE); + if (nfc_size < 0) { + return NSERROR_NOMEM; +@@ -565,7 +565,7 @@ + } + + /* Perform NFC normalisation */ +- ucs4_len = utf8proc_normalise(ucs4, u_ucs4_len, ++ ucs4_len = utf8proc_normalize_utf32(ucs4, u_ucs4_len, + UTF8PROC_STABLE | UTF8PROC_COMPOSE); + if (ucs4_len < 0) { + free(ucs4); +--- netsurf-3.6/test/Makefile ++++ netsurf-3.6/test/Makefile +@@ -112,11 +112,11 @@ + -D_XOPEN_SOURCE=600 \ + -Itest -Iinclude -Icontent/handlers -Ifrontends -I. -I.. \ + -Dnsgtk \ +- $(shell pkg-config --cflags libcurl libparserutils libwapcaplet libdom libnsutils libutf8proc libidn) \ ++ $(shell pkg-config --cflags libcurl libparserutils libwapcaplet libdom libnsutils libidn) \ + $(LIB_CFLAGS) \ + $(COV_CFLAGS) + +-TESTLDFLAGS := $(shell pkg-config --libs libcurl libparserutils libwapcaplet libdom libnsutils libutf8proc libidn) -lz \ ++TESTLDFLAGS := $(shell pkg-config --libs libcurl libparserutils libwapcaplet libdom libnsutils libidn) -lz -lutf8proc \ + $(LIB_LDFLAGS)\ + $(COV_LDFLAGS) + diff --git a/gnu/packages/patches/netsurf-y2038-tests.patch b/gnu/packages/patches/netsurf-y2038-tests.patch new file mode 100644 index 0000000000..407a5277c8 --- /dev/null +++ b/gnu/packages/patches/netsurf-y2038-tests.patch @@ -0,0 +1,25 @@ +These two test cases fail for us on i686. + +See https://en.wikipedia.org/wiki/Year_2038_problem + +--- netsurf-3.6/test/time.c ++++ netsurf-3.6/test/time.c +@@ -77,18 +77,10 @@ + .expected = "Tue, 12 Jun 2001 12:12:12 GMT" + }, + { +- .test = "Thu, 16 Jul 2207 12:45:12 GMT", +- .expected = "Thu, 16 Jul 2207 12:45:12 GMT" +- }, +- { + .test = "Thu, 16 Aug 2007 19:45:12 GMT", + .expected = "Thu, 16 Aug 2007 19:45:12 GMT" + }, + { +- .test = "Tue, 16 Sep 3456 00:45:12 GMT", +- .expected = "Tue, 16 Sep 3456 00:45:12 GMT" +- }, +- { + .test = "Sun, 16 Oct 1988 19:45:59 GMT", + .expected = "Sun, 16 Oct 1988 19:45:59 GMT" + }, diff --git a/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch b/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch new file mode 100644 index 0000000000..83c9dbb3d4 --- /dev/null +++ b/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch @@ -0,0 +1,43 @@ +Fix CVE-2017-0358: +http://seclists.org/oss-sec/2017/q1/259 +This patch was copied from the above URL. + +diff --git a/src/lowntfs-3g.c b/src/lowntfs-3g.c +index 0bb38f9..c6d1dad 100644 +--- a/src/lowntfs-3g.c ++++ b/src/lowntfs-3g.c +@@ -3827,13 +3827,14 @@ static fuse_fstype load_fuse_module(void) + struct stat st; + pid_t pid; + const char *cmd = "/sbin/modprobe"; ++ char *env = (char*)NULL; + struct timespec req = { 0, 100000000 }; /* 100 msec */ + fuse_fstype fstype; + + if (!stat(cmd, &st) && !geteuid()) { + pid = fork(); + if (!pid) { +- execl(cmd, cmd, "fuse", NULL); ++ execle(cmd, cmd, "fuse", NULL, &env); + _exit(1); + } else if (pid != -1) + waitpid(pid, NULL, 0); +diff -ur ntfs-3g.old/src/ntfs-3g.c ntfs-3g/src/ntfs-3g.c +--- ntfs-3g.old/src/ntfs-3g.c 2017-02-09 15:01:04.074331542 -0500 ++++ ntfs-3g/src/ntfs-3g.c 2017-02-09 15:06:26.077252571 -0500 +@@ -3612,13 +3612,14 @@ + struct stat st; + pid_t pid; + const char *cmd = "/sbin/modprobe"; ++ char *env = (char*)NULL; + struct timespec req = { 0, 100000000 }; /* 100 msec */ + fuse_fstype fstype; + + if (!stat(cmd, &st) && !geteuid()) { + pid = fork(); + if (!pid) { +- execl(cmd, cmd, "fuse", NULL); ++ execle(cmd, cmd, "fuse", NULL, &env); + _exit(1); + } else if (pid != -1) + waitpid(pid, NULL, 0); diff --git a/gnu/packages/patches/omake-fix-non-determinism.patch b/gnu/packages/patches/omake-fix-non-determinism.patch new file mode 100644 index 0000000000..813ce3cd7d --- /dev/null +++ b/gnu/packages/patches/omake-fix-non-determinism.patch @@ -0,0 +1,41 @@ +From 2e7e254160506dc00f1beabf170512a8e932934b Mon Sep 17 00:00:00 2001 +From: Julien Lepiller <julien@lepiller.eu> +Date: Sat, 31 Dec 2016 15:43:38 +0100 +Subject: [PATCH] fix build date in binary + +--- + src/magic/omake_gen_magic.ml | 12 ++---------- + 1 file changed, 2 insertions(+), 10 deletions(-) + +diff --git a/src/magic/omake_gen_magic.ml b/src/magic/omake_gen_magic.ml +index b2419ba..fad52f5 100644 +--- a/src/magic/omake_gen_magic.ml ++++ b/src/magic/omake_gen_magic.ml +@@ -150,7 +150,7 @@ let ir_magic = "%s" + let obj_magic = "%s" + let lib_dir = "%s" + let version = "%s" +-let version_message = "OMake %s:\\n\\tbuild [%s %s %d %02d:%02d:%02d %d]\\n\\ton %s" ++let version_message = "OMake %s" + |} + default_save_interval + digest_len +@@ -160,15 +160,7 @@ let version_message = "OMake %s:\\n\\tbuild [%s %s %d %02d:%02d:%02d %d]\\n\\ton + (digest_files ".omo.magic" ".omo" omo_files) + (String.escaped libdir) + (String.escaped (shorten_version version)) +- (String.escaped version) +- [|"Sun"; "Mon"; "Tue"; "Wed"; "Thu"; "Fri"; "Sat"|].(tm.tm_wday) +- [|"Jan"; "Feb"; "Mar"; "Apr"; "May"; "Jun"; "Jul"; "Aug"; "Sep"; "Oct"; "Nov"; "Dec"|].(tm.tm_mon) +- tm.tm_mday +- tm.tm_hour +- tm.tm_min +- tm.tm_sec +- (tm.tm_year + 1900) +- (String.escaped (Unix.gethostname ())); ++ (String.escaped version); + List.iter + (fun (name,value) -> + Printf.fprintf buf "let %s = %S\n" name value +-- +2.11.0 diff --git a/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch b/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch new file mode 100644 index 0000000000..545b5d0a71 --- /dev/null +++ b/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch @@ -0,0 +1,233 @@ +Fix CVE-2016-9572 and CVE-2016-9573: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9572 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9573 +https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572 +https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9573 + +Patch copied from 3rd-party repository: + +https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d + +From 7b28bd2b723df6be09fe7791eba33147c1c47d0d Mon Sep 17 00:00:00 2001 +From: szukw000 <szukw000@arcor.de> +Date: Mon, 28 Nov 2016 21:57:20 +0100 +Subject: [PATCH] Changes for issues #863 and #862 + +--- + src/bin/jp2/convert.c | 59 +++++++++++++++++++++++++++++++++++++++----- + src/bin/jp2/convertbmp.c | 29 +++++++++++++++++++++- + src/bin/jp2/opj_decompress.c | 2 +- + src/lib/openjp2/j2k.c | 11 ++++++--- + 4 files changed, 90 insertions(+), 11 deletions(-) + +diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c +index deee4f6..6a3f65b 100644 +--- a/src/bin/jp2/convert.c ++++ b/src/bin/jp2/convert.c +@@ -906,7 +906,8 @@ int imagetotga(opj_image_t * image, const char *outfile) { + for (i = 0; i < image->numcomps-1; i++) { + if ((image->comps[0].dx != image->comps[i+1].dx) + ||(image->comps[0].dy != image->comps[i+1].dy) +- ||(image->comps[0].prec != image->comps[i+1].prec)) { ++ ||(image->comps[0].prec != image->comps[i+1].prec) ++ ||(image->comps[0].sgnd != image->comps[i+1].sgnd)) { + fclose(fdest); + fprintf(stderr, "Unable to create a tga file with such J2K image charateristics."); + return 1; +@@ -1743,7 +1744,7 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split) + int *red, *green, *blue, *alpha; + int wr, hr, max; + int i; +- unsigned int compno, ncomp; ++ unsigned int compno, ncomp, ui; + int adjustR, adjustG, adjustB, adjustA; + int fails, two, want_gray, has_alpha, triple; + int prec, v; +@@ -1768,6 +1769,27 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split) + + if(want_gray) ncomp = 1; + ++ for (ui = 1; ui < ncomp; ++ui) { ++ if (image->comps[0].dx != image->comps[ui].dx) { ++ break; ++ } ++ if (image->comps[0].dy != image->comps[ui].dy) { ++ break; ++ } ++ if (image->comps[0].prec != image->comps[ui].prec) { ++ break; ++ } ++ if (image->comps[0].sgnd != image->comps[ui].sgnd) { ++ break; ++ } ++ } ++ if (ui != ncomp) { ++ fprintf(stderr,"imagetopnm: All components\n shall have " ++ "the same subsampling, same bit depth, same sign.\n" ++ " Aborting\n"); ++ return 1; ++ } ++ + if ((force_split == 0) && + (ncomp == 2 /* GRAYA */ + || (ncomp > 2 /* RGB, RGBA */ +@@ -2126,7 +2148,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL + { + FILE *rawFile = NULL; + size_t res; +- unsigned int compno; ++ unsigned int compno, numcomps; + int w, h, fails; + int line, row, curr, mask; + int *ptr; +@@ -2139,6 +2161,31 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL + return 1; + } + ++ numcomps = image->numcomps; ++ ++ if (numcomps > 4) { ++ numcomps = 4; ++ } ++ for (compno = 1; compno < numcomps; ++compno) { ++ if (image->comps[0].dx != image->comps[compno].dx) { ++ break; ++ } ++ if (image->comps[0].dy != image->comps[compno].dy) { ++ break; ++ } ++ if (image->comps[0].prec != image->comps[compno].prec) { ++ break; ++ } ++ if (image->comps[0].sgnd != image->comps[compno].sgnd) { ++ break; ++ } ++ } ++ if (compno != numcomps) { ++ fprintf(stderr,"imagetoraw_common: All components shall have the same subsampling, same bit depth, same sign.\n"); ++ fprintf(stderr,"\tAborting\n"); ++ return 1; ++ } ++ + rawFile = fopen(outfile, "wb"); + if (!rawFile) { + fprintf(stderr, "Failed to open %s for writing !!\n", outfile); +@@ -2146,9 +2193,9 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL + } + + fails = 1; +- fprintf(stdout,"Raw image characteristics: %d components\n", image->numcomps); ++ fprintf(stdout,"Raw image characteristics: %d components\n", numcomps); + +- for(compno = 0; compno < image->numcomps; compno++) ++ for(compno = 0; compno < numcomps; compno++) + { + fprintf(stdout,"Component %u characteristics: %dx%dx%d %s\n", compno, image->comps[compno].w, + image->comps[compno].h, image->comps[compno].prec, image->comps[compno].sgnd==1 ? "signed": "unsigned"); +@@ -2238,7 +2285,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL + } + else if (image->comps[compno].prec <= 32) + { +- fprintf(stderr,"More than 16 bits per component no handled yet\n"); ++ fprintf(stderr,"More than 16 bits per component not handled yet\n"); + goto fin; + } + else +diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c +index ae83077..8017ba8 100644 +--- a/src/bin/jp2/convertbmp.c ++++ b/src/bin/jp2/convertbmp.c +@@ -806,8 +806,35 @@ int imagetobmp(opj_image_t * image, const char *outfile) { + FILE *fdest = NULL; + int adjustR, adjustG, adjustB; + ++ { ++ unsigned int ui, ncomp = image->numcomps; ++ ++ if (ncomp > 4) { /* RGBA in bmpmask32toimage */ ++ ncomp = 4; ++ } ++ for (ui = 1; ui < ncomp; ++ui) { ++ if (image->comps[0].dx != image->comps[ui].dx) { ++ break; ++ } ++ if (image->comps[0].dy != image->comps[ui].dy) { ++ break; ++ } ++ if (image->comps[0].prec != image->comps[ui].prec) { ++ break; ++ } ++ if (image->comps[0].sgnd != image->comps[ui].sgnd) { ++ break; ++ } ++ } ++ if (ui != ncomp) { ++ fprintf(stderr,"imagetobmp: All components shall have the same subsampling, same bit depth, same sign.\n"); ++ fprintf(stderr,"\tAborting\n"); ++ return 1; ++ } ++ ++ } + if (image->comps[0].prec < 8) { +- fprintf(stderr, "Unsupported number of components: %d\n", image->comps[0].prec); ++ fprintf(stderr, "imagetobmp: Unsupported precision: %d\n", image->comps[0].prec); + return 1; + } + if (image->numcomps >= 3 && image->comps[0].dx == image->comps[1].dx +diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c +index 83160c3..c30079b 100644 +--- a/src/bin/jp2/opj_decompress.c ++++ b/src/bin/jp2/opj_decompress.c +@@ -1607,7 +1607,7 @@ int main(int argc, char **argv) + if(dirptr->filename_buf) free(dirptr->filename_buf); + free(dirptr); + } +- if (numDecompressedImages) { ++ if (numDecompressedImages && !failed) { + fprintf(stdout, "decode time: %d ms\n", (int)( (tCumulative * 1000.0) / (OPJ_FLOAT64)numDecompressedImages)); + } + return failed ? EXIT_FAILURE : EXIT_SUCCESS; +diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c +index 66802bb..b6daa32 100644 +--- a/src/lib/openjp2/j2k.c ++++ b/src/lib/openjp2/j2k.c +@@ -2158,7 +2158,7 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k, + i, l_img_comp->dx, l_img_comp->dy); + return OPJ_FALSE; + } +- if( l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */ ++ if( l_img_comp->prec < 1 || l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */ + opj_event_msg(p_manager, EVT_ERROR, + "Invalid values for comp = %d : prec=%u (should be between 1 and 38 according to the JPEG2000 norm)\n", + i, l_img_comp->prec); +@@ -10029,7 +10029,11 @@ OPJ_BOOL opj_j2k_decode(opj_j2k_t * p_j2k, + /* Move data and copy one information from codec to output image*/ + for (compno = 0; compno < p_image->numcomps; compno++) { + p_image->comps[compno].resno_decoded = p_j2k->m_output_image->comps[compno].resno_decoded; +- p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data; ++ p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data; ++ ++ if(p_image->comps[compno].data == NULL) return OPJ_FALSE; ++ ++ p_j2k->m_output_image->comps[compno].data = NULL; + #if 0 + char fn[256]; + sprintf( fn, "/tmp/%d.raw", compno ); +@@ -10037,7 +10041,6 @@ OPJ_BOOL opj_j2k_decode(opj_j2k_t * p_j2k, + fwrite( p_image->comps[compno].data, sizeof(OPJ_INT32), p_image->comps[compno].w * p_image->comps[compno].h, debug ); + fclose( debug ); + #endif +- p_j2k->m_output_image->comps[compno].data = NULL; + } + + return OPJ_TRUE; +@@ -10131,6 +10134,8 @@ OPJ_BOOL opj_j2k_get_tile( opj_j2k_t *p_j2k, + + p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data; + ++ if (p_image->comps[compno].data == NULL) return OPJ_FALSE; ++ + p_j2k->m_output_image->comps[compno].data = NULL; + } + diff --git a/gnu/packages/patches/p7zip-CVE-2016-9296.patch b/gnu/packages/patches/p7zip-CVE-2016-9296.patch new file mode 100644 index 0000000000..3fa80377ad --- /dev/null +++ b/gnu/packages/patches/p7zip-CVE-2016-9296.patch @@ -0,0 +1,24 @@ +From: Robert Luberda <robert@debian.org> +Date: Sat, 19 Nov 2016 08:48:08 +0100 +Subject: Fix nullptr dereference (CVE-2016-9296) + +Patch taken from https://sourceforge.net/p/p7zip/bugs/185/ +This patch file taken from Debian's patch set for p7zip +--- + CPP/7zip/Archive/7z/7zIn.cpp | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/CPP/7zip/Archive/7z/7zIn.cpp b/CPP/7zip/Archive/7z/7zIn.cpp +index b0c6b98..7c6dde2 100644 +--- a/CPP/7zip/Archive/7z/7zIn.cpp ++++ b/CPP/7zip/Archive/7z/7zIn.cpp +@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedStreams( + if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i]) + ThrowIncorrect(); + } +- HeadersSize += folders.PackPositions[folders.NumPackStreams]; ++ if (folders.PackPositions) ++ HeadersSize += folders.PackPositions[folders.NumPackStreams]; + return S_OK; + } + diff --git a/gnu/packages/patches/pcre-CVE-2016-3191.patch b/gnu/packages/patches/pcre-CVE-2016-3191.patch deleted file mode 100644 index 89cce2a36f..0000000000 --- a/gnu/packages/patches/pcre-CVE-2016-3191.patch +++ /dev/null @@ -1,151 +0,0 @@ -Fix for CVE-2016-3191. -See <https://bugzilla.redhat.com/show_bug.cgi?id=1311503>. -This is svn r1631 at <svn://vcs.exim.org/pcre/code>. - -Index: trunk/testdata/testoutput11-16 -=================================================================== ---- trunk/testdata/testoutput11-16 (revision 1630) -+++ trunk/testdata/testoutput11-16 (revision 1631) -@@ -765,4 +765,7 @@ - 25 End - ------------------------------------------------------------------ - -+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/ -+Failed: regular expression is too complicated at offset 490 -+ - /-- End of testinput11 --/ -Index: trunk/testdata/testinput11 -=================================================================== ---- trunk/testdata/testinput11 (revision 1630) -+++ trunk/testdata/testinput11 (revision 1631) -@@ -138,4 +138,6 @@ - - /.((?2)(?R)\1)()/B - -+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/ -+ - /-- End of testinput11 --/ -Index: trunk/testdata/testoutput11-8 -=================================================================== ---- trunk/testdata/testoutput11-8 (revision 1630) -+++ trunk/testdata/testoutput11-8 (revision 1631) -@@ -765,4 +765,7 @@ - 38 End - ------------------------------------------------------------------ - -+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/ -+Failed: missing ) at offset 509 -+ - /-- End of testinput11 --/ -Index: trunk/testdata/testoutput11-32 -=================================================================== ---- trunk/testdata/testoutput11-32 (revision 1630) -+++ trunk/testdata/testoutput11-32 (revision 1631) -@@ -765,4 +765,7 @@ - 25 End - ------------------------------------------------------------------ - -+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/ -+Failed: missing ) at offset 509 -+ - /-- End of testinput11 --/ -Index: trunk/pcre_internal.h -=================================================================== ---- trunk/pcre_internal.h (revision 1630) -+++ trunk/pcre_internal.h (revision 1631) -@@ -7,7 +7,7 @@ - and semantics are as close as possible to those of the Perl 5 language. - - Written by Philip Hazel -- Copyright (c) 1997-2014 University of Cambridge -+ Copyright (c) 1997-2016 University of Cambridge - - ----------------------------------------------------------------------------- - Redistribution and use in source and binary forms, with or without -@@ -2289,7 +2289,7 @@ - ERR50, ERR51, ERR52, ERR53, ERR54, ERR55, ERR56, ERR57, ERR58, ERR59, - ERR60, ERR61, ERR62, ERR63, ERR64, ERR65, ERR66, ERR67, ERR68, ERR69, - ERR70, ERR71, ERR72, ERR73, ERR74, ERR75, ERR76, ERR77, ERR78, ERR79, -- ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERRCOUNT }; -+ ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERR87, ERRCOUNT }; - - /* JIT compiling modes. The function list is indexed by them. */ - -Index: trunk/pcre_compile.c -=================================================================== ---- trunk/pcre_compile.c (revision 1630) -+++ trunk/pcre_compile.c (revision 1631) -@@ -6,7 +6,7 @@ - and semantics are as close as possible to those of the Perl 5 language. - - Written by Philip Hazel -- Copyright (c) 1997-2014 University of Cambridge -+ Copyright (c) 1997-2016 University of Cambridge - - ----------------------------------------------------------------------------- - Redistribution and use in source and binary forms, with or without -@@ -560,6 +560,7 @@ - /* 85 */ - "parentheses are too deeply nested (stack check)\0" - "digits missing in \\x{} or \\o{}\0" -+ "regular expression is too complicated\0" - ; - - /* Table to identify digits and hex digits. This is used when compiling -@@ -4591,7 +4592,8 @@ - if (code > cd->start_workspace + cd->workspace_size - - WORK_SIZE_SAFETY_MARGIN) /* Check for overrun */ - { -- *errorcodeptr = ERR52; -+ *errorcodeptr = (code >= cd->start_workspace + cd->workspace_size)? -+ ERR52 : ERR87; - goto FAILED; - } - -@@ -6626,8 +6628,21 @@ - cd->had_accept = TRUE; - for (oc = cd->open_caps; oc != NULL; oc = oc->next) - { -- *code++ = OP_CLOSE; -- PUT2INC(code, 0, oc->number); -+ if (lengthptr != NULL) -+ { -+#ifdef COMPILE_PCRE8 -+ *lengthptr += 1 + IMM2_SIZE; -+#elif defined COMPILE_PCRE16 -+ *lengthptr += 2 + IMM2_SIZE; -+#elif defined COMPILE_PCRE32 -+ *lengthptr += 4 + IMM2_SIZE; -+#endif -+ } -+ else -+ { -+ *code++ = OP_CLOSE; -+ PUT2INC(code, 0, oc->number); -+ } - } - setverb = *code++ = - (cd->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT; -Index: trunk/pcreposix.c -=================================================================== ---- trunk/pcreposix.c (revision 1630) -+++ trunk/pcreposix.c (revision 1631) -@@ -6,7 +6,7 @@ - and semantics are as close as possible to those of the Perl 5 language. - - Written by Philip Hazel -- Copyright (c) 1997-2014 University of Cambridge -+ Copyright (c) 1997-2016 University of Cambridge - - ----------------------------------------------------------------------------- - Redistribution and use in source and binary forms, with or without -@@ -173,7 +173,8 @@ - REG_BADPAT, /* group name must start with a non-digit */ - /* 85 */ - REG_BADPAT, /* parentheses too deeply nested (stack check) */ -- REG_BADPAT /* missing digits in \x{} or \o{} */ -+ REG_BADPAT, /* missing digits in \x{} or \o{} */ -+ REG_BADPAT /* pattern too complicated */ - }; - - /* Table of texts corresponding to POSIX error codes */ diff --git a/gnu/packages/patches/qemu-CVE-2016-10155.patch b/gnu/packages/patches/qemu-CVE-2016-10155.patch new file mode 100644 index 0000000000..825edaa815 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2016-10155.patch @@ -0,0 +1,49 @@ +From eb7a20a3616085d46aa6b4b4224e15587ec67e6e Mon Sep 17 00:00:00 2001 +From: Li Qiang <liqiang6-s@360.cn> +Date: Mon, 28 Nov 2016 17:49:04 -0800 +Subject: [PATCH] watchdog: 6300esb: add exit function + +When the Intel 6300ESB watchdog is hot unplug. The timer allocated +in realize isn't freed thus leaking memory leak. This patch avoid +this through adding the exit function. + +http://git.qemu.org/?p=qemu.git;a=patch;h=eb7a20a3616085d46aa6b4b4224e15587ec67e6e +this patch is from qemu-git. + +Signed-off-by: Li Qiang <liqiang6-s@360.cn> +Message-Id: <583cde9c.3223ed0a.7f0c2.886e@mx.google.com> +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> +--- + hw/watchdog/wdt_i6300esb.c | 9 +++++++++ + 1 files changed, 9 insertions(+), 0 deletions(-) + +diff --git a/hw/watchdog/wdt_i6300esb.c b/hw/watchdog/wdt_i6300esb.c +index a83d951..49b3cd1 100644 +--- a/hw/watchdog/wdt_i6300esb.c ++++ b/hw/watchdog/wdt_i6300esb.c +@@ -428,6 +428,14 @@ static void i6300esb_realize(PCIDevice *dev, Error **errp) + /* qemu_register_coalesced_mmio (addr, 0x10); ? */ + } + ++static void i6300esb_exit(PCIDevice *dev) ++{ ++ I6300State *d = WATCHDOG_I6300ESB_DEVICE(dev); ++ ++ timer_del(d->timer); ++ timer_free(d->timer); ++} ++ + static WatchdogTimerModel model = { + .wdt_name = "i6300esb", + .wdt_description = "Intel 6300ESB", +@@ -441,6 +449,7 @@ static void i6300esb_class_init(ObjectClass *klass, void *data) + k->config_read = i6300esb_config_read; + k->config_write = i6300esb_config_write; + k->realize = i6300esb_realize; ++ k->exit = i6300esb_exit; + k->vendor_id = PCI_VENDOR_ID_INTEL; + k->device_id = PCI_DEVICE_ID_INTEL_ESB_9; + k->class_id = PCI_CLASS_SYSTEM_OTHER; +-- +1.7.0.4 + diff --git a/gnu/packages/patches/qemu-CVE-2017-2615.patch b/gnu/packages/patches/qemu-CVE-2017-2615.patch new file mode 100644 index 0000000000..ede1f8c89d --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-2615.patch @@ -0,0 +1,52 @@ +http://git.qemu.org/?p=qemu.git;a=patch;h=62d4c6bd5263bb8413a06c80144fc678df6dfb64 +this patch is from qemu-git. + + +From 62d4c6bd5263bb8413a06c80144fc678df6dfb64 Mon Sep 17 00:00:00 2001 +From: Li Qiang <liqiang6-s@360.cn> +Date: Wed, 1 Feb 2017 09:35:01 +0100 +Subject: [PATCH] cirrus: fix oob access issue (CVE-2017-2615) + +When doing bitblt copy in backward mode, we should minus the +blt width first just like the adding in the forward mode. This +can avoid the oob access of the front of vga's vram. + +Signed-off-by: Li Qiang <liqiang6-s@360.cn> + +{ kraxel: with backward blits (negative pitch) addr is the topmost + address, so check it as-is against vram size ] + +Cc: qemu-stable@nongnu.org +Cc: P J P <ppandit@redhat.com> +Cc: Laszlo Ersek <lersek@redhat.com> +Cc: Paolo Bonzini <pbonzini@redhat.com> +Cc: Wolfgang Bumiller <w.bumiller@proxmox.com> +Fixes: d3532a0db02296e687711b8cdc7791924efccea0 (CVE-2014-8106) +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> +Message-id: 1485938101-26602-1-git-send-email-kraxel@redhat.com +Reviewed-by: Laszlo Ersek <lersek@redhat.com> +--- + hw/display/cirrus_vga.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c +index 7db6409dc5..16f27e8ac5 100644 +--- a/hw/display/cirrus_vga.c ++++ b/hw/display/cirrus_vga.c +@@ -274,10 +274,9 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s, + { + if (pitch < 0) { + int64_t min = addr +- + ((int64_t)s->cirrus_blt_height-1) * pitch; +- int32_t max = addr +- + s->cirrus_blt_width; +- if (min < 0 || max > s->vga.vram_size) { ++ + ((int64_t)s->cirrus_blt_height - 1) * pitch ++ - s->cirrus_blt_width; ++ if (min < -1 || addr >= s->vga.vram_size) { + return true; + } + } else { +-- +2.11.0 + diff --git a/gnu/packages/patches/qemu-CVE-2017-5525.patch b/gnu/packages/patches/qemu-CVE-2017-5525.patch new file mode 100644 index 0000000000..d0c0c82a4a --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-5525.patch @@ -0,0 +1,55 @@ +From 12351a91da97b414eec8cdb09f1d9f41e535a401 Mon Sep 17 00:00:00 2001 +From: Li Qiang <liqiang6-s@360.cn> +Date: Wed, 14 Dec 2016 18:30:21 -0800 +Subject: [PATCH] audio: ac97: add exit function +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +http://git.qemu.org/?p=qemu.git;a=patch;h=12351a91da97b414eec8cdb09f1d9f41e535a401 +this patch is from qemu-git + +Currently the ac97 device emulation doesn't have a exit function, +hot unplug this device will leak some memory. Add a exit function to +avoid this. + +Signed-off-by: Li Qiang <liqiang6-s@360.cn> +Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> +Message-id: 58520052.4825ed0a.27a71.6cae@mx.google.com +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> +--- + hw/audio/ac97.c | 11 +++++++++++ + 1 files changed, 11 insertions(+), 0 deletions(-) + +diff --git a/hw/audio/ac97.c b/hw/audio/ac97.c +index cbd959e..c306575 100644 +--- a/hw/audio/ac97.c ++++ b/hw/audio/ac97.c +@@ -1387,6 +1387,16 @@ static void ac97_realize(PCIDevice *dev, Error **errp) + ac97_on_reset (&s->dev.qdev); + } + ++static void ac97_exit(PCIDevice *dev) ++{ ++ AC97LinkState *s = DO_UPCAST(AC97LinkState, dev, dev); ++ ++ AUD_close_in(&s->card, s->voice_pi); ++ AUD_close_out(&s->card, s->voice_po); ++ AUD_close_in(&s->card, s->voice_mc); ++ AUD_remove_card(&s->card); ++} ++ + static int ac97_init (PCIBus *bus) + { + pci_create_simple (bus, -1, "AC97"); +@@ -1404,6 +1414,7 @@ static void ac97_class_init (ObjectClass *klass, void *data) + PCIDeviceClass *k = PCI_DEVICE_CLASS (klass); + + k->realize = ac97_realize; ++ k->exit = ac97_exit; + k->vendor_id = PCI_VENDOR_ID_INTEL; + k->device_id = PCI_DEVICE_ID_INTEL_82801AA_5; + k->revision = 0x01; +-- +1.7.0.4 + diff --git a/gnu/packages/patches/qemu-CVE-2017-5526.patch b/gnu/packages/patches/qemu-CVE-2017-5526.patch new file mode 100644 index 0000000000..5a6d796458 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-5526.patch @@ -0,0 +1,58 @@ +From 069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da Mon Sep 17 00:00:00 2001 +From: Li Qiang <liqiang6-s@360.cn> +Date: Wed, 14 Dec 2016 18:32:22 -0800 +Subject: [PATCH] audio: es1370: add exit function +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +http://git.qemu.org/?p=qemu.git;a=patch;h=069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da +this patch is from qemu-git. + +Currently the es1370 device emulation doesn't have a exit function, +hot unplug this device will leak some memory. Add a exit function to +avoid this. + +Signed-off-by: Li Qiang <liqiang6-s@360.cn> +Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> +Message-id: 585200c9.a968ca0a.1ab80.4c98@mx.google.com +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> +--- + hw/audio/es1370.c | 14 ++++++++++++++ + 1 files changed, 14 insertions(+), 0 deletions(-) + +diff --git a/hw/audio/es1370.c b/hw/audio/es1370.c +index 8449b5f..883ec69 100644 +--- a/hw/audio/es1370.c ++++ b/hw/audio/es1370.c +@@ -1041,6 +1041,19 @@ static void es1370_realize(PCIDevice *dev, Error **errp) + es1370_reset (s); + } + ++static void es1370_exit(PCIDevice *dev) ++{ ++ ES1370State *s = ES1370(dev); ++ int i; ++ ++ for (i = 0; i < 2; ++i) { ++ AUD_close_out(&s->card, s->dac_voice[i]); ++ } ++ ++ AUD_close_in(&s->card, s->adc_voice); ++ AUD_remove_card(&s->card); ++} ++ + static int es1370_init (PCIBus *bus) + { + pci_create_simple (bus, -1, TYPE_ES1370); +@@ -1053,6 +1066,7 @@ static void es1370_class_init (ObjectClass *klass, void *data) + PCIDeviceClass *k = PCI_DEVICE_CLASS (klass); + + k->realize = es1370_realize; ++ k->exit = es1370_exit; + k->vendor_id = PCI_VENDOR_ID_ENSONIQ; + k->device_id = PCI_DEVICE_ID_ENSONIQ_ES1370; + k->class_id = PCI_CLASS_MULTIMEDIA_AUDIO; +-- +1.7.0.4 + diff --git a/gnu/packages/patches/qemu-CVE-2017-5552.patch b/gnu/packages/patches/qemu-CVE-2017-5552.patch new file mode 100644 index 0000000000..50911f4f36 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-5552.patch @@ -0,0 +1,44 @@ +From 33243031dad02d161225ba99d782616da133f689 Mon Sep 17 00:00:00 2001 +From: Li Qiang <liq3ea@gmail.com> +Date: Thu, 29 Dec 2016 03:11:26 -0500 +Subject: [PATCH] virtio-gpu-3d: fix memory leak in resource attach backing +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +If the virgl_renderer_resource_attach_iov function fails the +'res_iovs' will be leaked. Add check of the return value to +free the 'res_iovs' when failing. + +http://git.qemu.org/?p=qemu.git;a=patch;h=33243031dad02d161225ba99d782616da133f689 +this patch is from qemu-git. + +Signed-off-by: Li Qiang <liq3ea@gmail.com> +Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> +Message-id: 1482999086-59795-1-git-send-email-liq3ea@gmail.com +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> +--- + hw/display/virtio-gpu-3d.c | 7 +++++-- + 1 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c +index e29f099..b13ced3 100644 +--- a/hw/display/virtio-gpu-3d.c ++++ b/hw/display/virtio-gpu-3d.c +@@ -291,8 +291,11 @@ static void virgl_resource_attach_backing(VirtIOGPU *g, + return; + } + +- virgl_renderer_resource_attach_iov(att_rb.resource_id, +- res_iovs, att_rb.nr_entries); ++ ret = virgl_renderer_resource_attach_iov(att_rb.resource_id, ++ res_iovs, att_rb.nr_entries); ++ ++ if (ret != 0) ++ virtio_gpu_cleanup_mapping_iov(res_iovs, att_rb.nr_entries); + } + + static void virgl_resource_detach_backing(VirtIOGPU *g, +-- +1.7.0.4 + diff --git a/gnu/packages/patches/qemu-CVE-2017-5578.patch b/gnu/packages/patches/qemu-CVE-2017-5578.patch new file mode 100644 index 0000000000..05655bcd98 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-5578.patch @@ -0,0 +1,39 @@ +http://git.qemu.org/?p=qemu.git;a=patch;h=204f01b30975923c64006f8067f0937b91eea68b +this patch is from qemu-git. + + +From 204f01b30975923c64006f8067f0937b91eea68b Mon Sep 17 00:00:00 2001 +From: Li Qiang <liq3ea@gmail.com> +Date: Thu, 29 Dec 2016 04:28:41 -0500 +Subject: [PATCH] virtio-gpu: fix memory leak in resource attach backing + +In the resource attach backing function, everytime it will +allocate 'res->iov' thus can leading a memory leak. This +patch avoid this. + +Signed-off-by: Li Qiang <liq3ea@gmail.com> +Message-id: 1483003721-65360-1-git-send-email-liq3ea@gmail.com +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> +--- + hw/display/virtio-gpu.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c +index 6a26258cac..ca88cf478d 100644 +--- a/hw/display/virtio-gpu.c ++++ b/hw/display/virtio-gpu.c +@@ -714,6 +714,11 @@ virtio_gpu_resource_attach_backing(VirtIOGPU *g, + return; + } + ++ if (res->iov) { ++ cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; ++ return; ++ } ++ + ret = virtio_gpu_create_mapping_iov(&ab, cmd, &res->addrs, &res->iov); + if (ret != 0) { + cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; +-- +2.11.0 + diff --git a/gnu/packages/patches/qemu-CVE-2017-5579.patch b/gnu/packages/patches/qemu-CVE-2017-5579.patch new file mode 100644 index 0000000000..7630012d54 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-5579.patch @@ -0,0 +1,44 @@ +http://git.qemu.org/?p=qemu.git;a=patch;h=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b +this patch is from qemu-git. + + +From 8409dc884a201bf74b30a9d232b6bbdd00cb7e2b Mon Sep 17 00:00:00 2001 +From: Li Qiang <liqiang6-s@360.cn> +Date: Wed, 4 Jan 2017 00:43:16 -0800 +Subject: [PATCH] serial: fix memory leak in serial exit + +The serial_exit_core function doesn't free some resources. +This can lead memory leak when hotplug and unplug. This +patch avoid this. + +Signed-off-by: Li Qiang <liqiang6-s@360.cn> +Message-Id: <586cb5ab.f31d9d0a.38ac3.acf2@mx.google.com> +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> +--- + hw/char/serial.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/hw/char/serial.c b/hw/char/serial.c +index ffbacd8227..67b18eda12 100644 +--- a/hw/char/serial.c ++++ b/hw/char/serial.c +@@ -906,6 +906,16 @@ void serial_realize_core(SerialState *s, Error **errp) + void serial_exit_core(SerialState *s) + { + qemu_chr_fe_deinit(&s->chr); ++ ++ timer_del(s->modem_status_poll); ++ timer_free(s->modem_status_poll); ++ ++ timer_del(s->fifo_timeout_timer); ++ timer_free(s->fifo_timeout_timer); ++ ++ fifo8_destroy(&s->recv_fifo); ++ fifo8_destroy(&s->xmit_fifo); ++ + qemu_unregister_reset(serial_reset, s); + } + +-- +2.11.0 + diff --git a/gnu/packages/patches/qemu-CVE-2017-5667.patch b/gnu/packages/patches/qemu-CVE-2017-5667.patch new file mode 100644 index 0000000000..5adea0d278 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-5667.patch @@ -0,0 +1,46 @@ +Fix CVE-2017-5667 (sdhci OOB access during multi block SDMA transfer): + +http://seclists.org/oss-sec/2017/q1/243 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5667 + +Patch copied from upstream source repository: + +http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=42922105beb14c2fc58185ea022b9f72fb5465e9 + +From 42922105beb14c2fc58185ea022b9f72fb5465e9 Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit <pjp@fedoraproject.org> +Date: Tue, 7 Feb 2017 18:29:59 +0000 +Subject: [PATCH] sd: sdhci: check data length during dma_memory_read + +While doing multi block SDMA transfer in routine +'sdhci_sdma_transfer_multi_blocks', the 's->fifo_buffer' starting +index 'begin' and data length 's->data_count' could end up to be same. +This could lead to an OOB access issue. Correct transfer data length +to avoid it. + +Cc: qemu-stable@nongnu.org +Reported-by: Jiang Xin <jiangxin1@huawei.com> +Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> +Reviewed-by: Peter Maydell <peter.maydell@linaro.org> +Message-id: 20170130064736.9236-1-ppandit@redhat.com +Signed-off-by: Peter Maydell <peter.maydell@linaro.org> +--- + hw/sd/sdhci.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c +index 01fbf228be..5bd5ab6319 100644 +--- a/hw/sd/sdhci.c ++++ b/hw/sd/sdhci.c +@@ -536,7 +536,7 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s) + boundary_count -= block_size - begin; + } + dma_memory_read(&address_space_memory, s->sdmasysad, +- &s->fifo_buffer[begin], s->data_count); ++ &s->fifo_buffer[begin], s->data_count - begin); + s->sdmasysad += s->data_count - begin; + if (s->data_count == block_size) { + for (n = 0; n < block_size; n++) { +-- +2.11.1 + diff --git a/gnu/packages/patches/qemu-CVE-2017-5856.patch b/gnu/packages/patches/qemu-CVE-2017-5856.patch new file mode 100644 index 0000000000..bee0824c0a --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-5856.patch @@ -0,0 +1,68 @@ +http://git.qemu.org/?p=qemu.git;a=patch;h=765a707000e838c30b18d712fe6cb3dd8e0435f3 +this patch is from qemu-git. + + +From 765a707000e838c30b18d712fe6cb3dd8e0435f3 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini <pbonzini@redhat.com> +Date: Mon, 2 Jan 2017 11:03:33 +0100 +Subject: [PATCH] megasas: fix guest-triggered memory leak + +If the guest sets the sglist size to a value >=2GB, megasas_handle_dcmd +will return MFI_STAT_MEMORY_NOT_AVAILABLE without freeing the memory. +Avoid this by returning only the status from map_dcmd, and loading +cmd->iov_size in the caller. + +Reported-by: Li Qiang <liqiang6-s@360.cn> +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> +--- + hw/scsi/megasas.c | 11 ++++++----- + 1 files changed, 6 insertions(+), 5 deletions(-) + +diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c +index 67fc1e7..6233865 100644 +--- a/hw/scsi/megasas.c ++++ b/hw/scsi/megasas.c +@@ -683,14 +683,14 @@ static int megasas_map_dcmd(MegasasState *s, MegasasCmd *cmd) + trace_megasas_dcmd_invalid_sge(cmd->index, + cmd->frame->header.sge_count); + cmd->iov_size = 0; +- return -1; ++ return -EINVAL; + } + iov_pa = megasas_sgl_get_addr(cmd, &cmd->frame->dcmd.sgl); + iov_size = megasas_sgl_get_len(cmd, &cmd->frame->dcmd.sgl); + pci_dma_sglist_init(&cmd->qsg, PCI_DEVICE(s), 1); + qemu_sglist_add(&cmd->qsg, iov_pa, iov_size); + cmd->iov_size = iov_size; +- return cmd->iov_size; ++ return 0; + } + + static void megasas_finish_dcmd(MegasasCmd *cmd, uint32_t iov_size) +@@ -1559,19 +1559,20 @@ static const struct dcmd_cmd_tbl_t { + + static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd) + { +- int opcode, len; ++ int opcode; + int retval = 0; ++ size_t len; + const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl; + + opcode = le32_to_cpu(cmd->frame->dcmd.opcode); + trace_megasas_handle_dcmd(cmd->index, opcode); +- len = megasas_map_dcmd(s, cmd); +- if (len < 0) { ++ if (megasas_map_dcmd(s, cmd) < 0) { + return MFI_STAT_MEMORY_NOT_AVAILABLE; + } + while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) { + cmdptr++; + } ++ len = cmd->iov_size; + if (cmdptr->opcode == -1) { + trace_megasas_dcmd_unhandled(cmd->index, opcode, len); + retval = megasas_dcmd_dummy(s, cmd); +-- +1.7.0.4 + diff --git a/gnu/packages/patches/qemu-CVE-2017-5898.patch b/gnu/packages/patches/qemu-CVE-2017-5898.patch new file mode 100644 index 0000000000..5a94bb1ae4 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-5898.patch @@ -0,0 +1,44 @@ +Fix CVE-2017-5898 (integer overflow in emulated_apdu_from_guest): + +http://seclists.org/oss-sec/2017/q1/328 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5898 + +Patch copied from upstream source repository: + +http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=c7dfbf322595ded4e70b626bf83158a9f3807c6a + +From c7dfbf322595ded4e70b626bf83158a9f3807c6a Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit <pjp@fedoraproject.org> +Date: Fri, 3 Feb 2017 00:52:28 +0530 +Subject: [PATCH] usb: ccid: check ccid apdu length + +CCID device emulator uses Application Protocol Data Units(APDU) +to exchange command and responses to and from the host. +The length in these units couldn't be greater than 65536. Add +check to ensure the same. It'd also avoid potential integer +overflow in emulated_apdu_from_guest. + +Reported-by: Li Qiang <liqiang6-s@360.cn> +Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> +Message-id: 20170202192228.10847-1-ppandit@redhat.com +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> +--- + hw/usb/dev-smartcard-reader.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c +index 89e11b68c4..1325ea1659 100644 +--- a/hw/usb/dev-smartcard-reader.c ++++ b/hw/usb/dev-smartcard-reader.c +@@ -967,7 +967,7 @@ static void ccid_on_apdu_from_guest(USBCCIDState *s, CCID_XferBlock *recv) + DPRINTF(s, 1, "%s: seq %d, len %d\n", __func__, + recv->hdr.bSeq, len); + ccid_add_pending_answer(s, (CCID_Header *)recv); +- if (s->card) { ++ if (s->card && len <= BULK_OUT_DATA_SIZE) { + ccid_card_apdu_from_guest(s->card, recv->abData, len); + } else { + DPRINTF(s, D_WARN, "warning: discarded apdu\n"); +-- +2.11.1 + diff --git a/gnu/packages/patches/qemu-CVE-2017-5931.patch b/gnu/packages/patches/qemu-CVE-2017-5931.patch new file mode 100644 index 0000000000..08910e5fac --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-5931.patch @@ -0,0 +1,55 @@ +Fix CVE-2017-5931 (integer overflow in handling virtio-crypto requests): + +http://seclists.org/oss-sec/2017/q1/337 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5931 + +Patch copied from upstream source repository: + +http://git.qemu-project.org/?p=qemu.git;a=commit;h=a08aaff811fb194950f79711d2afe5a892ae03a4 + +From a08aaff811fb194950f79711d2afe5a892ae03a4 Mon Sep 17 00:00:00 2001 +From: Gonglei <arei.gonglei@huawei.com> +Date: Tue, 3 Jan 2017 14:50:03 +0800 +Subject: [PATCH] virtio-crypto: fix possible integer and heap overflow + +Because the 'size_t' type is 4 bytes in 32-bit platform, which +is the same with 'int'. It's easy to make 'max_len' to zero when +integer overflow and then cause heap overflow if 'max_len' is zero. + +Using uint_64 instead of size_t to avoid the integer overflow. + +Cc: qemu-stable@nongnu.org +Reported-by: Li Qiang <liqiang6-s@360.cn> +Signed-off-by: Gonglei <arei.gonglei@huawei.com> +Tested-by: Li Qiang <liqiang6-s@360.cn> +Reviewed-by: Michael S. Tsirkin <mst@redhat.com> +Signed-off-by: Michael S. Tsirkin <mst@redhat.com> +--- + hw/virtio/virtio-crypto.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c +index 2f2467e859..c23e1ad458 100644 +--- a/hw/virtio/virtio-crypto.c ++++ b/hw/virtio/virtio-crypto.c +@@ -416,7 +416,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev, + uint32_t hash_start_src_offset = 0, len_to_hash = 0; + uint32_t cipher_start_src_offset = 0, len_to_cipher = 0; + +- size_t max_len, curr_size = 0; ++ uint64_t max_len, curr_size = 0; + size_t s; + + /* Plain cipher */ +@@ -441,7 +441,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev, + return NULL; + } + +- max_len = iv_len + aad_len + src_len + dst_len + hash_result_len; ++ max_len = (uint64_t)iv_len + aad_len + src_len + dst_len + hash_result_len; + if (unlikely(max_len > vcrypto->conf.max_size)) { + virtio_error(vdev, "virtio-crypto too big length"); + return NULL; +-- +2.11.1 + diff --git a/gnu/packages/patches/screen-CVE-2017-5618.patch b/gnu/packages/patches/screen-CVE-2017-5618.patch new file mode 100644 index 0000000000..1b95e428c8 --- /dev/null +++ b/gnu/packages/patches/screen-CVE-2017-5618.patch @@ -0,0 +1,40 @@ +Fixes CVE-2017-5618 (privilege escalation via opening the logfile when +screen is installed setuid root): + +https://savannah.gnu.org/bugs/?50142 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5618 + +This patch reverts the upstream commit that introduced the bug: + +https://git.savannah.gnu.org/cgit/screen.git/commit/?id=5460f5d28c01a9a58e021eb1dffef2965e629d58 + +From f55b0cc29a0ac2a1c54e8a5e886b7393edd4a76c Mon Sep 17 00:00:00 2001 +From: Leo Famulari <leo@famulari.name> +Date: Sat, 11 Feb 2017 22:40:24 -0500 +Subject: [PATCH] Revert "adding permissions check for the logfile name" + +This reverts commit 5460f5d28c01a9a58e021eb1dffef2965e629d58. +--- + src/screen.c | 6 ------ + 1 file changed, 6 deletions(-) + +diff --git a/src/screen.c b/src/screen.c +index 64650e9..283c305 100644 +--- a/src/screen.c ++++ b/src/screen.c +@@ -673,12 +673,6 @@ int main(int ac, char** av) + Panic(0, "-L: logfile name can not start with \"-\" symbol"); + if (strlen(screenlogfile) > PATH_MAX) + Panic(0, "-L: logfile name too long. (max. %d char)", PATH_MAX); +- +- FILE *w_check; +- if ((w_check = fopen(screenlogfile, "w")) == NULL) +- Panic(0, "-L: logfile name access problem"); +- else +- fclose(w_check); + } + nwin_options.Lflag = 1; + break; +-- +2.11.1 + diff --git a/gnu/packages/patches/sed-hurd-path-max.patch b/gnu/packages/patches/sed-hurd-path-max.patch deleted file mode 100644 index 5226cba4cb..0000000000 --- a/gnu/packages/patches/sed-hurd-path-max.patch +++ /dev/null @@ -1,34 +0,0 @@ -7bb8d35d0330161a5af5341471d0c183a067e8c2 -Author: Jose E. Marchesi <jemarch@gnu.org> -Date: Sun Oct 6 14:43:38 2013 +0200 - - Set PATH_MAX to some constant in case it is not defined in system - headers. - - 2013-10-06 Jose E. Marchesi <jemarch@gnu.org> - - * basicdefs.h (PATH_MAX): Defined to some constant in case it is - not defined by system headers. - * sed/utils.c: Do not include pathmax.h anymore. - * bootstrap.conf (gnulib_modules): Do not use the gnulib module - pathmax. - -diff --git a/basicdefs.h b/basicdefs.h -index 0d28a97..09f5beb 100644 ---- a/basicdefs.h -+++ b/basicdefs.h -@@ -40,6 +41,13 @@ typedef unsigned long countT; - #define obstack_chunk_alloc ck_malloc - #define obstack_chunk_free free - -+/* MAX_PATH is not defined in some platforms, most notably GNU/Hurd. -+ In that case we define it here to some constant. Note however that -+ this relies in the fact that sed does reallocation if a buffer -+ needs to be larger than PATH_MAX. */ -+#ifndef PATH_MAX -+# define PATH_MAX 200 -+#endif - - /* handle misdesigned <ctype.h> macros (snarfed from lib/regex.c) */ - /* Jim Meyering writes: - diff --git a/gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch b/gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch new file mode 100644 index 0000000000..3f357c4924 --- /dev/null +++ b/gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch @@ -0,0 +1,31 @@ +Patch copied from upstream source repository: + +https://github.com/shadow-maint/shadow/commit/67d2bb6e0a5ac124ce1f026dd5723217b1493194 + +From 67d2bb6e0a5ac124ce1f026dd5723217b1493194 Mon Sep 17 00:00:00 2001 +From: Serge Hallyn <serge@hallyn.com> +Date: Sun, 18 Sep 2016 21:31:18 -0500 +Subject: [PATCH] su.c: fix missing length argument to snprintf + +--- + src/su.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/su.c b/src/su.c +index 0c50a9456afd..93ffd2fbe2b4 100644 +--- a/src/su.c ++++ b/src/su.c +@@ -373,8 +373,8 @@ static void prepare_pam_close_session (void) + stderr); + (void) kill (-pid_child, caught); + +- snprintf (kill_msg, _(" ...killed.\n")); +- snprintf (wait_msg, _(" ...waiting for child to terminate.\n")); ++ snprintf (kill_msg, 256, _(" ...killed.\n")); ++ snprintf (wait_msg, 256, _(" ...waiting for child to terminate.\n")); + + (void) signal (SIGALRM, kill_child); + (void) alarm (2); +-- +2.11.0.rc2 + diff --git a/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch b/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch index b63d5bb018..4092261f75 100644 --- a/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch +++ b/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch @@ -1,19 +1,19 @@ -From 53eda9102b969a4be2882cea4befee03591a7436 Mon Sep 17 00:00:00 2001 -From: Pjotr Prins <pjotr.public01@thebird.nl> -Date: Fri, 12 Feb 2016 12:43:33 +0100 -Subject: [PATCH] Remove contribs +From 49d83e24a8e66977056fc9920812265c16806500 Mon Sep 17 00:00:00 2001 +From: carolili <carolili@iki.fi> +Date: Thu, 9 Feb 2017 19:24:49 +0000 +Subject: [PATCH] Removing contribs --- - configure.ac | 20 -------------------- - 1 file changed, 20 deletions(-) + configure.ac | 22 ---------------------- + 1 file changed, 22 deletions(-) diff --git a/configure.ac b/configure.ac -index fedf354..e010732 100644 +index 1cf1051..5d76b44 100644 --- a/configure.ac +++ b/configure.ac -@@ -438,26 +438,6 @@ dnl All slurm Makefiles: +@@ -435,28 +435,6 @@ dnl All slurm Makefiles: + AC_CONFIG_FILES([Makefile - config.xml auxdir/Makefile - contribs/Makefile - contribs/cray/Makefile @@ -27,7 +27,9 @@ index fedf354..e010732 100644 - contribs/perlapi/libslurm/perl/Makefile.PL - contribs/perlapi/libslurmdb/Makefile - contribs/perlapi/libslurmdb/perl/Makefile.PL +- contribs/seff/Makefile - contribs/torque/Makefile +- contribs/openlava/Makefile - contribs/phpext/Makefile - contribs/phpext/slurm_php/config.m4 - contribs/sgather/Makefile @@ -39,5 +41,5 @@ index fedf354..e010732 100644 doc/man/Makefile doc/man/man1/Makefile -- -2.1.4 +2.11.0 diff --git a/gnu/packages/patches/spice-CVE-2016-9577.patch b/gnu/packages/patches/spice-CVE-2016-9577.patch new file mode 100644 index 0000000000..a2cb558cd3 --- /dev/null +++ b/gnu/packages/patches/spice-CVE-2016-9577.patch @@ -0,0 +1,33 @@ +Prevent buffer overflow when reading large messages. + +https://bugzilla.redhat.com/show_bug.cgi?id=1401603 +https://access.redhat.com/security/cve/CVE-2016-9577 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9577 +https://security-tracker.debian.org/tracker/CVE-2016-9577 + +Patch copied from upstream source repository: + +https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=5f96b596353d73bdf4bb3cd2de61e48a7fd5b4c3 + +From 5f96b596353d73bdf4bb3cd2de61e48a7fd5b4c3 Mon Sep 17 00:00:00 2001 +From: Frediano Ziglio <fziglio@redhat.com> +Date: Tue, 29 Nov 2016 16:46:56 +0000 +Subject: main-channel: Prevent overflow reading messages from client + +diff --git a/server/main_channel.c b/server/main_channel.c +index 0ecc9df..1fc3915 100644 +--- a/server/main_channel.c ++++ b/server/main_channel.c +@@ -1026,6 +1026,9 @@ static uint8_t *main_channel_alloc_msg_rcv_buf(RedChannelClient *rcc, + + if (type == SPICE_MSGC_MAIN_AGENT_DATA) { + return reds_get_agent_data_buffer(mcc, size); ++ } else if (size > sizeof(main_chan->recv_buf)) { ++ /* message too large, caller will log a message and close the connection */ ++ return NULL; + } else { + return main_chan->recv_buf; + } +-- +cgit v0.10.2 + diff --git a/gnu/packages/patches/spice-CVE-2016-9578-1.patch b/gnu/packages/patches/spice-CVE-2016-9578-1.patch new file mode 100644 index 0000000000..f86cdb4eb1 --- /dev/null +++ b/gnu/packages/patches/spice-CVE-2016-9578-1.patch @@ -0,0 +1,33 @@ +Prevent possible DoS during protocol handshake. + +https://bugzilla.redhat.com/show_bug.cgi?id=1399566 +https://access.redhat.com/security/cve/CVE-2016-9578 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9578 +https://security-tracker.debian.org/tracker/CVE-2016-9578 + +Patch copied from upstream source repository: + +https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=f66dc643635518e53dfbe5262f814a64eec54e4a + +From 1c6517973095a67c8cb57f3550fc1298404ab556 Mon Sep 17 00:00:00 2001 +From: Frediano Ziglio <fziglio@redhat.com> +Date: Tue, 13 Dec 2016 14:39:48 +0000 +Subject: Prevent possible DoS attempts during protocol handshake + +diff --git a/server/reds.c b/server/reds.c +index f40b65c..86a33d5 100644 +--- a/server/reds.c ++++ b/server/reds.c +@@ -2202,7 +2202,8 @@ static void reds_handle_read_header_done(void *opaque) + + reds->peer_minor_version = header->minor_version; + +- if (header->size < sizeof(SpiceLinkMess)) { ++ /* the check for 4096 is to avoid clients to cause arbitrary big memory allocations */ ++ if (header->size < sizeof(SpiceLinkMess) || header->size > 4096) { + reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA); + spice_warning("bad size %u", header->size); + reds_link_free(link); +-- +cgit v0.10.2 + diff --git a/gnu/packages/patches/spice-CVE-2016-9578-2.patch b/gnu/packages/patches/spice-CVE-2016-9578-2.patch new file mode 100644 index 0000000000..76f7ec7ffb --- /dev/null +++ b/gnu/packages/patches/spice-CVE-2016-9578-2.patch @@ -0,0 +1,38 @@ +Fixes a potential buffer overflow in the protocol handling. + +https://bugzilla.redhat.com/show_bug.cgi?id=1399566 +https://access.redhat.com/security/cve/CVE-2016-9578 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9578 +https://security-tracker.debian.org/tracker/CVE-2016-9578 + +Patch copied from upstream source repository: + +https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=f66dc643635518e53dfbe5262f814a64eec54e4a + +From f66dc643635518e53dfbe5262f814a64eec54e4a Mon Sep 17 00:00:00 2001 +From: Frediano Ziglio <fziglio@redhat.com> +Date: Tue, 13 Dec 2016 14:40:10 +0000 +Subject: Prevent integer overflows in capability checks + +diff --git a/server/reds.c b/server/reds.c +index 86a33d5..9150454 100644 +--- a/server/reds.c ++++ b/server/reds.c +@@ -2110,6 +2110,14 @@ static void reds_handle_read_link_done(void *opaque) + link_mess->num_channel_caps = GUINT32_FROM_LE(link_mess->num_channel_caps); + link_mess->num_common_caps = GUINT32_FROM_LE(link_mess->num_common_caps); + ++ /* Prevent DoS. Currently we defined only 13 capabilities, ++ * I expect 1024 to be valid for quite a lot time */ ++ if (link_mess->num_channel_caps > 1024 || link_mess->num_common_caps > 1024) { ++ reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA); ++ reds_link_free(link); ++ return; ++ } ++ + num_caps = link_mess->num_common_caps + link_mess->num_channel_caps; + caps = (uint32_t *)((uint8_t *)link_mess + link_mess->caps_offset); + +-- +cgit v0.10.2 + diff --git a/gnu/packages/patches/tar-CVE-2016-6321.patch b/gnu/packages/patches/tar-CVE-2016-6321.patch new file mode 100644 index 0000000000..b79be9bc94 --- /dev/null +++ b/gnu/packages/patches/tar-CVE-2016-6321.patch @@ -0,0 +1,51 @@ +Fix CVE-2016-6321: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321 +https://security-tracker.debian.org/tracker/CVE-2016-6321 + +Patch adapted from upstream source repository (the changes to 'NEWS' +don't apply to the Tar 1.29 release tarball). + +http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d + +From 7340f67b9860ea0531c1450e5aa261c50f67165d Mon Sep 17 00:00:00 2001 +From: Paul Eggert <eggert@Penguin.CS.UCLA.EDU> +Date: Sat, 29 Oct 2016 21:04:40 -0700 +Subject: [PATCH] When extracting, skip ".." members + +* NEWS: Document this. +* src/extract.c (extract_archive): Skip members whose names +contain "..". +--- + NEWS | 8 +++++++- + src/extract.c | 8 ++++++++ + 2 files changed, 15 insertions(+), 1 deletion(-) + +diff --git a/src/extract.c b/src/extract.c +index f982433..7904148 100644 +--- a/src/extract.c ++++ b/src/extract.c +@@ -1629,12 +1629,20 @@ extract_archive (void) + { + char typeflag; + tar_extractor_t fun; ++ bool skip_dotdot_name; + + fatal_exit_hook = extract_finish; + + set_next_block_after (current_header); + ++ skip_dotdot_name = (!absolute_names_option ++ && contains_dot_dot (current_stat_info.orig_file_name)); ++ if (skip_dotdot_name) ++ ERROR ((0, 0, _("%s: Member name contains '..'"), ++ quotearg_colon (current_stat_info.orig_file_name))); ++ + if (!current_stat_info.file_name[0] ++ || skip_dotdot_name + || (interactive_option + && !confirm ("extract", current_stat_info.file_name))) + { +-- +2.11.0 + diff --git a/gnu/packages/patches/vdirsyncer-test-suite-slow-machines.patch b/gnu/packages/patches/vdirsyncer-test-suite-slow-machines.patch new file mode 100644 index 0000000000..03093e8330 --- /dev/null +++ b/gnu/packages/patches/vdirsyncer-test-suite-slow-machines.patch @@ -0,0 +1,42 @@ +Fix test failures caused by some build machines running more slowly than +expected, which manifest like this: + +------ +> raise FailedHealthCheck(message) +E hypothesis.errors.FailedHealthCheck: Data generation is extremely slow: Only produced 4 valid examples in 1.08 seconds (1 invalid ones and 0 exceeded maximum size). Try decreasing size of the data you're generating (with e.g.average_size or max_leaves parameters). +E See http://hypothesis.readthedocs.org/en/latest/healthchecks.html for more information about this. If you want to disable just this health check, add HealthCheck.too_slowto the suppress_health_check settings for this test. + +/gnu/store/b8d1r8bilvm3jkncgrpvmg3dni9cgcr1-python-hypothesis-3.1.0/lib/python3.5/site-packages/hypothesis/core.py:296: FailedHealthCheck +------ + +Patch copied from upstream source repository: + +https://github.com/pimutils/vdirsyncer/commit/10490a12f13f03495e0945eb9d45d7aed9ab0a6c + +From 10490a12f13f03495e0945eb9d45d7aed9ab0a6c Mon Sep 17 00:00:00 2001 +From: Markus Unterwaditzer <markus@unterwaditzer.net> +Date: Sat, 18 Feb 2017 15:45:06 +0100 +Subject: [PATCH] Unconditionally disable HealthCheck.too_slow + +--- + tests/conftest.py | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/tests/conftest.py b/tests/conftest.py +index e0a07d5..3afd7cd 100644 +--- a/tests/conftest.py ++++ b/tests/conftest.py +@@ -26,10 +26,12 @@ def benchmark(): + else: + del pytest_benchmark + ++ ++settings.suppress_health_check = [HealthCheck.too_slow] ++ + settings.register_profile("ci", settings( + max_examples=1000, + verbosity=Verbosity.verbose, +- suppress_health_check=[HealthCheck.too_slow] + )) + settings.register_profile("deterministic", settings( + derandomize=True, diff --git a/gnu/packages/patches/vim-CVE-2017-5953.patch b/gnu/packages/patches/vim-CVE-2017-5953.patch new file mode 100644 index 0000000000..7b66f1bf16 --- /dev/null +++ b/gnu/packages/patches/vim-CVE-2017-5953.patch @@ -0,0 +1,24 @@ +Fix CVE-2017-5953: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5953 +https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY + +Patch adapted from upstream commit, correcting the transcription error +in the bounds check: + +https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d + +diff --git a/src/spellfile.c b/src/spellfile.c +index c7d87c6..8b1a3a6 100644 +--- a/src/spellfile.c ++++ b/src/spellfile.c +@@ -1595,6 +1595,9 @@ spell_read_tree( + len = get4c(fd); + if (len < 0) + return SP_TRUNCERROR; ++ if (len >= 0x3fffffff) ++ /* Invalid length, multiply with sizeof(int) would overflow. */ ++ return SP_FORMERROR; + if (len > 0) + { + /* Allocate the byte array. */ diff --git a/gnu/packages/patches/vsearch-unbundle-cityhash.patch b/gnu/packages/patches/vsearch-unbundle-cityhash.patch new file mode 100644 index 0000000000..b1ecb1f063 --- /dev/null +++ b/gnu/packages/patches/vsearch-unbundle-cityhash.patch @@ -0,0 +1,73 @@ +diff --git a/src/Makefile.am b/src/Makefile.am +index e56a8a2..4adcc48 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -3,7 +3,7 @@ bin_PROGRAMS = $(top_builddir)/bin/vsearch + if TARGET_PPC + AM_CXXFLAGS=-Wall -Wsign-compare -O3 -g -mcpu=power8 + else +-AM_CXXFLAGS=-Wall -Wsign-compare -O3 -g ++AM_CXXFLAGS=-Wall -Wsign-compare -O3 -g -lcityhash + endif + + AM_CFLAGS=$(AM_CXXFLAGS) +@@ -18,8 +18,6 @@ allpairs.h \ + arch.h \ + bitmap.h \ + chimera.h \ +-city.h \ +-citycrc.h \ + cluster.h \ + cpu.h \ + db.h \ +@@ -59,31 +57,26 @@ xstring.h + + if TARGET_PPC + libcpu_a_SOURCES = cpu.cc $(VSEARCHHEADERS) +-noinst_LIBRARIES = libcpu.a libcityhash.a ++noinst_LIBRARIES = libcpu.a + else + libcpu_sse2_a_SOURCES = cpu.cc $(VSEARCHHEADERS) + libcpu_sse2_a_CXXFLAGS = $(AM_CXXFLAGS) -msse2 + libcpu_ssse3_a_SOURCES = cpu.cc $(VSEARCHHEADERS) + libcpu_ssse3_a_CXXFLAGS = $(AM_CXXFLAGS) -mssse3 -DSSSE3 +-noinst_LIBRARIES = libcpu_sse2.a libcpu_ssse3.a libcityhash.a ++noinst_LIBRARIES = libcpu_sse2.a libcpu_ssse3.a + endif + +-libcityhash_a_SOURCES = city.cc city.h +- + if TARGET_WIN + +-libcityhash_a_CXXFLAGS = -Wall -Wno-sign-compare -O3 -g -D_MSC_VER +-__top_builddir__bin_vsearch_LDFLAGS = -static +-__top_builddir__bin_vsearch_LDADD = libregex.a libcityhash.a libcpu_ssse3.a libcpu_sse2.a ++__top_builddir__bin_vsearch_LDFLAGS = -static -lcityhash ++__top_builddir__bin_vsearch_LDADD = libregex.a libcpu_ssse3.a libcpu_sse2.a + + else + +-libcityhash_a_CXXFLAGS = -Wall -Wno-sign-compare -O3 -g +- + if TARGET_PPC +-__top_builddir__bin_vsearch_LDADD = libcityhash.a libcpu.a ++__top_builddir__bin_vsearch_LDADD = libcpu.a + else +-__top_builddir__bin_vsearch_LDADD = libcityhash.a libcpu_ssse3.a libcpu_sse2.a ++__top_builddir__bin_vsearch_LDADD = libcpu_ssse3.a libcpu_sse2.a + endif + + endif +diff --git a/src/vsearch.h b/src/vsearch.h +index f2c244b..5f51bbe 100644 +--- a/src/vsearch.h ++++ b/src/vsearch.h +@@ -148,7 +148,7 @@ + #include <bzlib.h> + #endif + +-#include "city.h" ++#include <city.h> + #include "md5.h" + #include "sha1.h" + diff --git a/gnu/packages/patches/xf86-video-glint-remove-mibstore.patch b/gnu/packages/patches/xf86-video-glint-remove-mibstore.patch deleted file mode 100644 index 969ed7e41e..0000000000 --- a/gnu/packages/patches/xf86-video-glint-remove-mibstore.patch +++ /dev/null @@ -1,24 +0,0 @@ -Removes references to mibstore.h and miInitializeBackingStore, which -have been removed from xorg-server. Zack Rusin <zackr@vmware.com> -wrote: "It was a noop for at least 5 years and it has been removed." -See: http://patches.openembedded.org/patch/46133/ - ---- xf86-video-glint-1.2.8/src/glint_driver.c.~1~ 2012-07-15 22:50:47.000000000 -0400 -+++ xf86-video-glint-1.2.8/src/glint_driver.c 2014-12-19 00:42:39.162714279 -0500 -@@ -52,8 +52,6 @@ - #include "compiler.h" - #include "mipointer.h" - --#include "mibstore.h" -- - #include "pm3_regs.h" - #include "glint_regs.h" - #include "IBM.h" -@@ -2904,7 +2902,6 @@ - } - } - -- miInitializeBackingStore(pScreen); - xf86SetBackingStore(pScreen); - xf86SetSilkenMouse(pScreen); - diff --git a/gnu/packages/patches/xf86-video-nv-remove-mibstore.patch b/gnu/packages/patches/xf86-video-nv-remove-mibstore.patch deleted file mode 100644 index 48588ed0e4..0000000000 --- a/gnu/packages/patches/xf86-video-nv-remove-mibstore.patch +++ /dev/null @@ -1,72 +0,0 @@ -Removes references to mibstore.h and miInitializeBackingStore, which -have been removed from xorg-server. Zack Rusin <zackr@vmware.com> -wrote: "It was a noop for at least 5 years and it has been removed." -See: http://patches.openembedded.org/patch/46133/ - -diff -ru xf86-video-nv-2.1.20.orig/src/g80_driver.c xf86-video-nv-2.1.20/src/g80_driver.c ---- xf86-video-nv-2.1.20.orig/src/g80_driver.c 2012-07-17 02:47:02.000000000 -0400 -+++ xf86-video-nv-2.1.20/src/g80_driver.c 2014-12-17 10:11:42.197579082 -0500 -@@ -34,7 +34,6 @@ - #include <xf86Resources.h> - #endif - #include <mipointer.h> --#include <mibstore.h> - #include <micmap.h> - #include <xf86cmap.h> - #include <fb.h> -@@ -833,7 +832,6 @@ - } - } - -- miInitializeBackingStore(pScreen); - xf86SetBackingStore(pScreen); - xf86SetSilkenMouse(pScreen); - -diff -ru xf86-video-nv-2.1.20.orig/src/nv_driver.c xf86-video-nv-2.1.20/src/nv_driver.c ---- xf86-video-nv-2.1.20.orig/src/nv_driver.c 2012-07-17 02:47:02.000000000 -0400 -+++ xf86-video-nv-2.1.20/src/nv_driver.c 2014-12-17 10:11:39.037563413 -0500 -@@ -2550,7 +2550,6 @@ - if (!pNv->NoAccel) - NVAccelInit(pScreen); - -- miInitializeBackingStore(pScreen); - xf86SetBackingStore(pScreen); - xf86SetSilkenMouse(pScreen); - -diff -ru xf86-video-nv-2.1.20.orig/src/nv_include.h xf86-video-nv-2.1.20/src/nv_include.h ---- xf86-video-nv-2.1.20.orig/src/nv_include.h 2012-07-17 02:48:19.000000000 -0400 -+++ xf86-video-nv-2.1.20/src/nv_include.h 2014-12-17 10:11:22.089479372 -0500 -@@ -24,9 +24,6 @@ - /* All drivers initialising the SW cursor need this */ - #include "mipointer.h" - --/* All drivers implementing backing store need this */ --#include "mibstore.h" -- - #include "micmap.h" - - #include "xf86DDC.h" -diff -ru xf86-video-nv-2.1.20.orig/src/riva_driver.c xf86-video-nv-2.1.20/src/riva_driver.c ---- xf86-video-nv-2.1.20.orig/src/riva_driver.c 2012-07-17 02:47:02.000000000 -0400 -+++ xf86-video-nv-2.1.20/src/riva_driver.c 2014-12-17 10:11:31.101524060 -0500 -@@ -1168,7 +1168,6 @@ - if (!pRiva->NoAccel) - RivaAccelInit(pScreen); - -- miInitializeBackingStore(pScreen); - xf86SetBackingStore(pScreen); - xf86SetSilkenMouse(pScreen); - -diff -ru xf86-video-nv-2.1.20.orig/src/riva_include.h xf86-video-nv-2.1.20/src/riva_include.h ---- xf86-video-nv-2.1.20.orig/src/riva_include.h 2012-07-17 02:48:45.000000000 -0400 -+++ xf86-video-nv-2.1.20/src/riva_include.h 2014-12-17 10:11:12.229430478 -0500 -@@ -22,9 +22,6 @@ - /* All drivers initialising the SW cursor need this */ - #include "mipointer.h" - --/* All drivers implementing backing store need this */ --#include "mibstore.h" -- - #include "micmap.h" - - #include "xf86DDC.h" diff --git a/gnu/packages/patches/xinetd-CVE-2013-4342.patch b/gnu/packages/patches/xinetd-CVE-2013-4342.patch new file mode 100644 index 0000000000..ad57bc7b0e --- /dev/null +++ b/gnu/packages/patches/xinetd-CVE-2013-4342.patch @@ -0,0 +1,36 @@ +Fix CVE-2013-4342: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4342 +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678 + +Patch copied from upstream source repository: + +https://github.com/xinetd-org/xinetd/commit/91e2401a219121eae15244a6b25d2e79c1af5864 + +From 91e2401a219121eae15244a6b25d2e79c1af5864 Mon Sep 17 00:00:00 2001 +From: Thomas Swan <thomas.swan@gmail.com> +Date: Wed, 2 Oct 2013 23:17:17 -0500 +Subject: [PATCH] CVE-2013-4342: xinetd: ignores user and group directives for + TCPMUX services + +Originally reported to Debian in 2005 <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678> and rediscovered <https://bugzilla.redhat.com/show_bug.cgi?id=1006100>, xinetd would execute TCPMUX services without dropping privilege to match the service configuration allowing the service to run with same privilege as the xinetd process (root). +--- + xinetd/builtins.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/xinetd/builtins.c b/xinetd/builtins.c +index 3b85579..34a5bac 100644 +--- a/xinetd/builtins.c ++++ b/xinetd/builtins.c +@@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp ) + if( SC_IS_INTERNAL( scp ) ) { + SC_INTERNAL(scp, nserp); + } else { +- exec_server(nserp); ++ child_process(nserp); + } + } + +-- +2.7.4 + diff --git a/gnu/packages/patches/xinetd-fix-fd-leak.patch b/gnu/packages/patches/xinetd-fix-fd-leak.patch new file mode 100644 index 0000000000..77e4600185 --- /dev/null +++ b/gnu/packages/patches/xinetd-fix-fd-leak.patch @@ -0,0 +1,26 @@ +Fix a file descriptor leak: + +https://github.com/xinetd-org/xinetd/issues/23 + +Patch copied from Debian: + +https://anonscm.debian.org/cgit/collab-maint/xinetd.git/tree/debian/patches/000012-fix_fd_leak + +Patch sent upstream at https://github.com/xinetd-org/xinetd/pull/26. + +diff --git a/xinetd/xgetloadavg.c b/xinetd/xgetloadavg.c +index 5a26214..fe0f872 100644 +--- a/xinetd/xgetloadavg.c ++++ b/xinetd/xgetloadavg.c +@@ -34,7 +34,7 @@ double xgetloadavg(void) + + if( fscanf(fd, "%lf", &ret) != 1 ) { + perror("fscanf"); +- return -1; ++ ret = -1; + } + + fclose(fd); +-- +2.7.4 + |