From 974ee2c152016406a5c44d8061b46bb7e30d3ca6 Mon Sep 17 00:00:00 2001 From: Troy Sankey Date: Sun, 14 Aug 2016 13:38:20 -0400 Subject: gnu: Add python-freezegun. * gnu/packages/python.scm (python-freezegun, python2-freezegun): New variables. Signed-off-by: Leo Famulari --- gnu/packages/python.scm | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 77bb8a4fa5..9ef588a1b6 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -10224,3 +10224,43 @@ List. Forked from and using the same API as the publicsuffix package.") (native-inputs `(("python2-setuptools" ,python2-setuptools) ,@(package-native-inputs base)))))) + +(define-public python-freezegun + (package + (name "python-freezegun") + (version "0.3.7") + (source + (origin + (method url-fetch) + (uri (pypi-uri "freezegun" version)) + (sha256 + (base32 + "14l19x06v5jkq4rdwbmfyw4x9lrjb2300afrk21r1ash7y1y9a0w")))) + (build-system python-build-system) + (native-inputs + `(("python-mock" ,python-mock) + ("python-nose" ,python-nose) + ("python-coverage" ,python-coverage) + ("python-dateutil-2" ,python-dateutil-2))) + (inputs + `(("python-six" ,python-six))) + (arguments + `(#:phases (modify-phases %standard-phases + ;; The tests are normally executed via `make test`, but the PyPi + ;; package does not include the Makefile. + (replace 'check + (lambda _ + (zero? (system* "nosetests" "./tests/"))))))) + (home-page "https://github.com/spulec/freezegun") + (synopsis "Test utility for mocking the datetime module") + (description + "FreezeGun is a library that allows your python tests to travel through +time by mocking the datetime module.") + (license license:asl2.0))) + +(define-public python2-freezegun + (let ((base (package-with-python2 (strip-python2-variant python-freezegun)))) + (package (inherit base) + (native-inputs + `(("python2-setuptools" ,python2-setuptools) + ,@(package-native-inputs base)))))) -- cgit 1.4.1 From f2f5335393d6d839058485f727e72d77cbf5f5ae Mon Sep 17 00:00:00 2001 From: Troy Sankey Date: Sun, 28 Aug 2016 20:35:20 -0400 Subject: gnu: python-icalendar: Update to 3.10. * gnu/packages/python.scm (python-icalendar): Update to 3.10. Signed-off-by: Leo Famulari --- gnu/packages/python.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 9ef588a1b6..09fe6273a3 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -7222,13 +7222,13 @@ processes across test runs.") (define-public python-icalendar (package (name "python-icalendar") - (version "3.9.1") + (version "3.10") (source (origin (method url-fetch) (uri (pypi-uri "icalendar" version)) (sha256 (base32 - "0fhrczdj3jxy5bvswphp3vys7vwv5c9bpwg7asykqwa3z6253q6q")))) + "01amnk3621s7fagfla86npd25knbqirchg7h1jpqxqp103d02bs7")))) (build-system python-build-system) (propagated-inputs `(("python-dateutil-2" ,python-dateutil-2) -- cgit 1.4.1 From bc8273d0c26e57d9039c763a7b883474be3026ed Mon Sep 17 00:00:00 2001 From: Troy Sankey Date: Sun, 14 Aug 2016 13:38:33 -0400 Subject: gnu: khal: Update to 0.8.3. * gnu/packages/calendar.scm (khal): Update to 0.8.3. [source]: Remove snippet. [arguments]: Remove 'disable-tests' phase. [native-inputs]: Add python-pytest-cov and python-freezegun. Signed-off-by: Leo Famulari --- gnu/packages/calendar.scm | 33 +++++---------------------------- 1 file changed, 5 insertions(+), 28 deletions(-) diff --git a/gnu/packages/calendar.scm b/gnu/packages/calendar.scm index 3b5aba72c8..7f3d05d08e 100644 --- a/gnu/packages/calendar.scm +++ b/gnu/packages/calendar.scm @@ -3,6 +3,7 @@ ;;; Copyright © 2015, 2016 Leo Famulari ;;; Copyright © 2016 Kei Kebreau ;;; Copyright © 2016 Efraim Flashner +;;; Copyright © 2016 Troy Sankey ;;; ;;; This file is part of GNU Guix. ;;; @@ -80,42 +81,16 @@ data units.") (define-public khal (package (name "khal") - (version "0.7.0") + (version "0.8.3") (source (origin (method url-fetch) (uri (pypi-uri "khal" version)) (sha256 (base32 - "00llxj7cv31mjsx0j6zxmyi9s1q20yvfkn025xcy8cv1ylfwic66")) - (modules '((guix build utils))) - ;; Patch broken path in 'doc' Makefile. - ;; Patch sent upstream: https://github.com/geier/khal/pull/307 - (snippet - '(substitute* "doc/source/Makefile" - (("../../../khal/khal/settings/khal.spec") - "../../khal/settings/khal.spec" ))))) + "1qryqs5d8jsl7j22pjjfkfdi4m8m3nn3n44b890pq85xkw599ihy")))) (build-system python-build-system) (arguments `(#:phases (modify-phases %standard-phases - (add-after 'unpack 'disable-tests - (lambda _ - ;; Bug reported for test_only_update_old_event: - ;; https://github.com/geier/khal/issues/309 - (substitute* "tests/khalendar_test.py" - (("test_only_update_old_event") - "disabled_only_update_old_event")) - - ;; Bug reported for test_dt_two_tz: - ;; https://github.com/pimutils/khal/issues/382 - (substitute* "tests/event_test.py" - (("test_dt_two_tz") - "disabled_dt_two_tz")) - ;; Another timezone / DST issue: - ;; https://github.com/pimutils/khal/issues/146 - (substitute* "tests/event_test.py" - (("test_raw_dt") - "disabled_raw_dt")))) - ;; Building the manpage requires khal to be installed. (add-after 'install 'manpage (lambda* (#:key outputs #:allow-other-keys) @@ -136,9 +111,11 @@ data units.") (zero? (system* "py.test" "tests"))))))) (native-inputs `(("python-pytest" ,python-pytest) + ("python-pytest-cov" ,python-pytest-cov) ("python-setuptools-scm" ,python-setuptools-scm) ;; Required for tests ("tzdata" ,tzdata) + ("python-freezegun" ,python-freezegun) ;; Required to build manpage ("python-sphinxcontrib-newsfeed" ,python-sphinxcontrib-newsfeed) ("python-sphinx" ,python-sphinx))) -- cgit 1.4.1 From 9c85fea912df843cf223cf14e765a553043c354a Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Mon, 29 Aug 2016 19:08:20 -0400 Subject: gnu: imagemagick: Update to 6.9.5-8. * gnu/packages/imagemagick.scm (imagemagick): Update to 6.9.5-8. --- gnu/packages/imagemagick.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm index a554b73a4e..f824abf3f4 100644 --- a/gnu/packages/imagemagick.scm +++ b/gnu/packages/imagemagick.scm @@ -41,14 +41,14 @@ (define-public imagemagick (package (name "imagemagick") - (version "6.9.5-7") + (version "6.9.5-8") (source (origin (method url-fetch) (uri (string-append "mirror://imagemagick/ImageMagick-" version ".tar.xz")) (sha256 (base32 - "00arcvyhsy9i5gp3b0lhfvs04qwhxpmq0bfsv4ipllinb6mjgxf5")))) + "0ds21sk1pczf2cwi62rqp6b8x2m24sb6xn82ivzh13m42phzigav")))) (build-system gnu-build-system) (arguments `(#:configure-flags '("--with-frozenpaths" "--without-gcc-arch") -- cgit 1.4.1 From ed5940b6172bbdf5b4787183b19623219f6c7347 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Tue, 23 Aug 2016 15:34:16 -0400 Subject: gnu: libtiff: Fix CVE-2016-{3623,3945,3990,3991,5321,5323}. * gnu/packages/image.scm (libtiff)[replacement]: New field. (libtiff/fixed): New variable. * gnu/packages/patches/libtiff-CVE-2016-3623.patch, gnu/packages/patches/libtiff-CVE-2016-3945.patch, gnu/packages/patches/libtiff-CVE-2016-3990.patch, gnu/packages/patches/libtiff-CVE-2016-3991.patch, gnu/packages/patches/libtiff-CVE-2016-5321.patch, gnu/packages/patches/libtiff-CVE-2016-5323.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. --- gnu/local.mk | 6 ++ gnu/packages/image.scm | 17 ++++ gnu/packages/patches/libtiff-CVE-2016-3623.patch | 30 ++++++ gnu/packages/patches/libtiff-CVE-2016-3945.patch | 94 +++++++++++++++++ gnu/packages/patches/libtiff-CVE-2016-3990.patch | 31 ++++++ gnu/packages/patches/libtiff-CVE-2016-3991.patch | 123 +++++++++++++++++++++++ gnu/packages/patches/libtiff-CVE-2016-5321.patch | 25 +++++ gnu/packages/patches/libtiff-CVE-2016-5323.patch | 88 ++++++++++++++++ 8 files changed, 414 insertions(+) create mode 100644 gnu/packages/patches/libtiff-CVE-2016-3623.patch create mode 100644 gnu/packages/patches/libtiff-CVE-2016-3945.patch create mode 100644 gnu/packages/patches/libtiff-CVE-2016-3990.patch create mode 100644 gnu/packages/patches/libtiff-CVE-2016-3991.patch create mode 100644 gnu/packages/patches/libtiff-CVE-2016-5321.patch create mode 100644 gnu/packages/patches/libtiff-CVE-2016-5323.patch diff --git a/gnu/local.mk b/gnu/local.mk index 7ce8ad0db1..5809ba8e50 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -626,6 +626,12 @@ dist_patch_DATA = \ %D%/packages/patches/libtar-CVE-2013-4420.patch \ %D%/packages/patches/libtheora-config-guess.patch \ %D%/packages/patches/libtiff-CVE-2015-8665+CVE-2015-8683.patch \ + %D%/packages/patches/libtiff-CVE-2016-3623.patch \ + %D%/packages/patches/libtiff-CVE-2016-3945.patch \ + %D%/packages/patches/libtiff-CVE-2016-3990.patch \ + %D%/packages/patches/libtiff-CVE-2016-3991.patch \ + %D%/packages/patches/libtiff-CVE-2016-5321.patch \ + %D%/packages/patches/libtiff-CVE-2016-5323.patch \ %D%/packages/patches/libtiff-oob-accesses-in-decode.patch \ %D%/packages/patches/libtiff-oob-write-in-nextdecode.patch \ %D%/packages/patches/libtool-skip-tests2.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 7d72492b1a..72a3204ae6 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -150,6 +150,7 @@ maximum quality factor.") (define-public libtiff (package (name "libtiff") + (replacement libtiff/fixed) (version "4.0.6") (source (origin (method url-fetch) @@ -182,6 +183,22 @@ collection of tools for doing simple manipulations of TIFF images.") "See COPYRIGHT in the distribution.")) (home-page "http://www.remotesensing.org/libtiff/"))) +(define libtiff/fixed + (package + (inherit libtiff) + (source (origin + (inherit (package-source libtiff)) + (patches (search-patches + "libtiff-oob-accesses-in-decode.patch" + "libtiff-oob-write-in-nextdecode.patch" + "libtiff-CVE-2015-8665+CVE-2015-8683.patch" + "libtiff-CVE-2016-3623.patch" + "libtiff-CVE-2016-3945.patch" + "libtiff-CVE-2016-3990.patch" + "libtiff-CVE-2016-3991.patch" + "libtiff-CVE-2016-5321.patch" + "libtiff-CVE-2016-5323.patch")))))) + (define-public libwmf (package (name "libwmf") diff --git a/gnu/packages/patches/libtiff-CVE-2016-3623.patch b/gnu/packages/patches/libtiff-CVE-2016-3623.patch new file mode 100644 index 0000000000..08705861e3 --- /dev/null +++ b/gnu/packages/patches/libtiff-CVE-2016-3623.patch @@ -0,0 +1,30 @@ +Fix CVE-2016-3623. + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3623 +http://bugzilla.maptools.org/show_bug.cgi?id=2569 + +Patch extracted from upstream CVS repo with: +$ cvs diff -u -r1.16 -r1.17 tools/rgb2ycbcr.c + +Index: tools/rgb2ycbcr.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/tools/rgb2ycbcr.c,v +retrieving revision 1.16 +retrieving revision 1.17 +diff -u -r1.16 -r1.17 +--- libtiff/tools/rgb2ycbcr.c 21 Jun 2015 01:09:10 -0000 1.16 ++++ libtiff/tools/rgb2ycbcr.c 15 Aug 2016 21:26:56 -0000 1.17 +@@ -95,9 +95,13 @@ + break; + case 'h': + horizSubSampling = atoi(optarg); ++ if( horizSubSampling != 1 && horizSubSampling != 2 && horizSubSampling != 4 ) ++ usage(-1); + break; + case 'v': + vertSubSampling = atoi(optarg); ++ if( vertSubSampling != 1 && vertSubSampling != 2 && vertSubSampling != 4 ) ++ usage(-1); + break; + case 'r': + rowsperstrip = atoi(optarg); diff --git a/gnu/packages/patches/libtiff-CVE-2016-3945.patch b/gnu/packages/patches/libtiff-CVE-2016-3945.patch new file mode 100644 index 0000000000..8ec62bab99 --- /dev/null +++ b/gnu/packages/patches/libtiff-CVE-2016-3945.patch @@ -0,0 +1,94 @@ +Fix CVE-2016-3945 (integer overflow in size of allocated +buffer, when -b mode is enabled, that could result in out-of-bounds +write). + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3945 +http://bugzilla.maptools.org/show_bug.cgi?id=2545 + +Patch extracted from upstream CVS repo with: +$ cvs diff -u -r1.21 -r1.22 tools/tiff2rgba.c + +Index: tools/tiff2rgba.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2rgba.c,v +retrieving revision 1.21 +retrieving revision 1.22 +diff -u -r1.21 -r1.22 +--- libtiff/tools/tiff2rgba.c 21 Jun 2015 01:09:10 -0000 1.21 ++++ libtiff/tools/tiff2rgba.c 15 Aug 2016 20:06:41 -0000 1.22 +@@ -147,6 +147,7 @@ + uint32 row, col; + uint32 *wrk_line; + int ok = 1; ++ uint32 rastersize, wrk_linesize; + + TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width); + TIFFGetField(in, TIFFTAG_IMAGELENGTH, &height); +@@ -163,7 +164,13 @@ + /* + * Allocate tile buffer + */ +- raster = (uint32*)_TIFFmalloc(tile_width * tile_height * sizeof (uint32)); ++ rastersize = tile_width * tile_height * sizeof (uint32); ++ if (tile_width != (rastersize / tile_height) / sizeof( uint32)) ++ { ++ TIFFError(TIFFFileName(in), "Integer overflow when calculating raster buffer"); ++ exit(-1); ++ } ++ raster = (uint32*)_TIFFmalloc(rastersize); + if (raster == 0) { + TIFFError(TIFFFileName(in), "No space for raster buffer"); + return (0); +@@ -173,7 +180,13 @@ + * Allocate a scanline buffer for swapping during the vertical + * mirroring pass. + */ +- wrk_line = (uint32*)_TIFFmalloc(tile_width * sizeof (uint32)); ++ wrk_linesize = tile_width * sizeof (uint32); ++ if (tile_width != wrk_linesize / sizeof (uint32)) ++ { ++ TIFFError(TIFFFileName(in), "Integer overflow when calculating wrk_line buffer"); ++ exit(-1); ++ } ++ wrk_line = (uint32*)_TIFFmalloc(wrk_linesize); + if (!wrk_line) { + TIFFError(TIFFFileName(in), "No space for raster scanline buffer"); + ok = 0; +@@ -249,6 +262,7 @@ + uint32 row; + uint32 *wrk_line; + int ok = 1; ++ uint32 rastersize, wrk_linesize; + + TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width); + TIFFGetField(in, TIFFTAG_IMAGELENGTH, &height); +@@ -263,7 +277,13 @@ + /* + * Allocate strip buffer + */ +- raster = (uint32*)_TIFFmalloc(width * rowsperstrip * sizeof (uint32)); ++ rastersize = width * rowsperstrip * sizeof (uint32); ++ if (width != (rastersize / rowsperstrip) / sizeof( uint32)) ++ { ++ TIFFError(TIFFFileName(in), "Integer overflow when calculating raster buffer"); ++ exit(-1); ++ } ++ raster = (uint32*)_TIFFmalloc(rastersize); + if (raster == 0) { + TIFFError(TIFFFileName(in), "No space for raster buffer"); + return (0); +@@ -273,7 +293,13 @@ + * Allocate a scanline buffer for swapping during the vertical + * mirroring pass. + */ +- wrk_line = (uint32*)_TIFFmalloc(width * sizeof (uint32)); ++ wrk_linesize = width * sizeof (uint32); ++ if (width != wrk_linesize / sizeof (uint32)) ++ { ++ TIFFError(TIFFFileName(in), "Integer overflow when calculating wrk_line buffer"); ++ exit(-1); ++ } ++ wrk_line = (uint32*)_TIFFmalloc(wrk_linesize); + if (!wrk_line) { + TIFFError(TIFFFileName(in), "No space for raster scanline buffer"); + ok = 0; diff --git a/gnu/packages/patches/libtiff-CVE-2016-3990.patch b/gnu/packages/patches/libtiff-CVE-2016-3990.patch new file mode 100644 index 0000000000..7641c3073b --- /dev/null +++ b/gnu/packages/patches/libtiff-CVE-2016-3990.patch @@ -0,0 +1,31 @@ +Fix CVE-2016-3990 (write buffer overflow in PixarLogEncode if more input +samples are provided than expected by PixarLogSetupEncode). + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3990 +http://bugzilla.maptools.org/show_bug.cgi?id=2544 + +Patch extracted from upstream CVS repo with: +$ cvs diff -u -r1.45 -r1.46 libtiff/tif_pixarlog.c + +Index: libtiff/tif_pixarlog.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_pixarlog.c,v +retrieving revision 1.45 +retrieving revision 1.46 +diff -u -r1.45 -r1.46 +--- libtiff/libtiff/tif_pixarlog.c 28 Jun 2016 15:37:33 -0000 1.45 ++++ libtiff/libtiff/tif_pixarlog.c 15 Aug 2016 20:49:48 -0000 1.46 +@@ -1141,6 +1141,13 @@ + } + + llen = sp->stride * td->td_imagewidth; ++ /* Check against the number of elements (of size uint16) of sp->tbuf */ ++ if( n > td->td_rowsperstrip * llen ) ++ { ++ TIFFErrorExt(tif->tif_clientdata, module, ++ "Too many input bytes provided"); ++ return 0; ++ } + + for (i = 0, up = sp->tbuf; i < n; i += llen, up += llen) { + switch (sp->user_datafmt) { diff --git a/gnu/packages/patches/libtiff-CVE-2016-3991.patch b/gnu/packages/patches/libtiff-CVE-2016-3991.patch new file mode 100644 index 0000000000..cb05f0007f --- /dev/null +++ b/gnu/packages/patches/libtiff-CVE-2016-3991.patch @@ -0,0 +1,123 @@ +Fix CVE-2016-3991 (out-of-bounds write in loadImage()). + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3991 +http://bugzilla.maptools.org/show_bug.cgi?id=2543 + +Patch extracted from upstream CVS repo with: +$ cvs diff -u -r1.37 -r1.38 tools/tiffcrop.c + +Index: tools/tiffcrop.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v +retrieving revision 1.37 +retrieving revision 1.38 +diff -u -r1.37 -r1.38 +--- libtiff/tools/tiffcrop.c 11 Jul 2016 21:38:31 -0000 1.37 ++++ libtiff/tools/tiffcrop.c 15 Aug 2016 21:05:40 -0000 1.38 +@@ -798,6 +798,11 @@ + } + + tile_buffsize = tilesize; ++ if (tilesize == 0 || tile_rowsize == 0) ++ { ++ TIFFError("readContigTilesIntoBuffer", "Tile size or tile rowsize is zero"); ++ exit(-1); ++ } + + if (tilesize < (tsize_t)(tl * tile_rowsize)) + { +@@ -807,7 +812,12 @@ + tilesize, tl * tile_rowsize); + #endif + tile_buffsize = tl * tile_rowsize; +- } ++ if (tl != (tile_buffsize / tile_rowsize)) ++ { ++ TIFFError("readContigTilesIntoBuffer", "Integer overflow when calculating buffer size."); ++ exit(-1); ++ } ++ } + + tilebuf = _TIFFmalloc(tile_buffsize); + if (tilebuf == 0) +@@ -1210,6 +1220,12 @@ + !TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps) ) + return 1; + ++ if (tilesize == 0 || tile_rowsize == 0 || tl == 0 || tw == 0) ++ { ++ TIFFError("writeBufferToContigTiles", "Tile size, tile row size, tile width, or tile length is zero"); ++ exit(-1); ++ } ++ + tile_buffsize = tilesize; + if (tilesize < (tsize_t)(tl * tile_rowsize)) + { +@@ -1219,6 +1235,11 @@ + tilesize, tl * tile_rowsize); + #endif + tile_buffsize = tl * tile_rowsize; ++ if (tl != tile_buffsize / tile_rowsize) ++ { ++ TIFFError("writeBufferToContigTiles", "Integer overflow when calculating buffer size"); ++ exit(-1); ++ } + } + + tilebuf = _TIFFmalloc(tile_buffsize); +@@ -5945,12 +5966,27 @@ + TIFFGetField(in, TIFFTAG_TILELENGTH, &tl); + + tile_rowsize = TIFFTileRowSize(in); ++ if (ntiles == 0 || tlsize == 0 || tile_rowsize == 0) ++ { ++ TIFFError("loadImage", "File appears to be tiled, but the number of tiles, tile size, or tile rowsize is zero."); ++ exit(-1); ++ } + buffsize = tlsize * ntiles; ++ if (tlsize != (buffsize / ntiles)) ++ { ++ TIFFError("loadImage", "Integer overflow when calculating buffer size"); ++ exit(-1); ++ } + +- + if (buffsize < (uint32)(ntiles * tl * tile_rowsize)) + { + buffsize = ntiles * tl * tile_rowsize; ++ if (ntiles != (buffsize / tl / tile_rowsize)) ++ { ++ TIFFError("loadImage", "Integer overflow when calculating buffer size"); ++ exit(-1); ++ } ++ + #ifdef DEBUG2 + TIFFError("loadImage", + "Tilesize %u is too small, using ntiles * tilelength * tilerowsize %lu", +@@ -5969,8 +6005,25 @@ + TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rowsperstrip); + stsize = TIFFStripSize(in); + nstrips = TIFFNumberOfStrips(in); ++ if (nstrips == 0 || stsize == 0) ++ { ++ TIFFError("loadImage", "File appears to be striped, but the number of stipes or stripe size is zero."); ++ exit(-1); ++ } ++ + buffsize = stsize * nstrips; +- ++ if (stsize != (buffsize / nstrips)) ++ { ++ TIFFError("loadImage", "Integer overflow when calculating buffer size"); ++ exit(-1); ++ } ++ uint32 buffsize_check; ++ buffsize_check = ((length * width * spp * bps) + 7); ++ if (length != ((buffsize_check - 7) / width / spp / bps)) ++ { ++ TIFFError("loadImage", "Integer overflow detected."); ++ exit(-1); ++ } + if (buffsize < (uint32) (((length * width * spp * bps) + 7) / 8)) + { + buffsize = ((length * width * spp * bps) + 7) / 8; diff --git a/gnu/packages/patches/libtiff-CVE-2016-5321.patch b/gnu/packages/patches/libtiff-CVE-2016-5321.patch new file mode 100644 index 0000000000..2afca18e1d --- /dev/null +++ b/gnu/packages/patches/libtiff-CVE-2016-5321.patch @@ -0,0 +1,25 @@ +Fix CVE-2016-5321. + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5321 +http://bugzilla.maptools.org/show_bug.cgi?id=2558 + +Patch extracted from upstream CVS repo with: +$ cvs diff -u -r1.35 -r1.36 tools/tiffcrop.c + +Index: tools/tiffcrop.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v +retrieving revision 1.35 +retrieving revision 1.36 +diff -u -r1.35 -r1.36 +--- libtiff/tools/tiffcrop.c 19 Aug 2015 02:31:04 -0000 1.35 ++++ libtiff/tools/tiffcrop.c 11 Jul 2016 21:26:03 -0000 1.36 +@@ -989,7 +989,7 @@ + nrow = (row + tl > imagelength) ? imagelength - row : tl; + for (col = 0; col < imagewidth; col += tw) + { +- for (s = 0; s < spp; s++) ++ for (s = 0; s < spp && s < MAX_SAMPLES; s++) + { /* Read each plane of a tile set into srcbuffs[s] */ + tbytes = TIFFReadTile(in, srcbuffs[s], col, row, 0, s); + if (tbytes < 0 && !ignore) diff --git a/gnu/packages/patches/libtiff-CVE-2016-5323.patch b/gnu/packages/patches/libtiff-CVE-2016-5323.patch new file mode 100644 index 0000000000..8b2a043d29 --- /dev/null +++ b/gnu/packages/patches/libtiff-CVE-2016-5323.patch @@ -0,0 +1,88 @@ +Fix CVE-2016-5323. + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5323 +http://bugzilla.maptools.org/show_bug.cgi?id=2559 + +Patch extracted from upstream CVS repo with: +$ cvs diff -u -r1.36 -r1.37 tools/tiffcrop.c + +Index: tools/tiffcrop.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v +retrieving revision 1.36 +retrieving revision 1.37 +diff -u -r1.36 -r1.37 +--- libtiff/tools/tiffcrop.c 11 Jul 2016 21:26:03 -0000 1.36 ++++ libtiff/tools/tiffcrop.c 11 Jul 2016 21:38:31 -0000 1.37 +@@ -3738,7 +3738,7 @@ + + matchbits = maskbits << (8 - src_bit - bps); + /* load up next sample from each plane */ +- for (s = 0; s < spp; s++) ++ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) + { + src = in[s] + src_offset + src_byte; + buff1 = ((*src) & matchbits) << (src_bit); +@@ -3837,7 +3837,7 @@ + src_bit = bit_offset % 8; + + matchbits = maskbits << (16 - src_bit - bps); +- for (s = 0; s < spp; s++) ++ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) + { + src = in[s] + src_offset + src_byte; + if (little_endian) +@@ -3947,7 +3947,7 @@ + src_bit = bit_offset % 8; + + matchbits = maskbits << (32 - src_bit - bps); +- for (s = 0; s < spp; s++) ++ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) + { + src = in[s] + src_offset + src_byte; + if (little_endian) +@@ -4073,7 +4073,7 @@ + src_bit = bit_offset % 8; + + matchbits = maskbits << (64 - src_bit - bps); +- for (s = 0; s < spp; s++) ++ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) + { + src = in[s] + src_offset + src_byte; + if (little_endian) +@@ -4263,7 +4263,7 @@ + + matchbits = maskbits << (8 - src_bit - bps); + /* load up next sample from each plane */ +- for (s = 0; s < spp; s++) ++ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) + { + src = in[s] + src_offset + src_byte; + buff1 = ((*src) & matchbits) << (src_bit); +@@ -4362,7 +4362,7 @@ + src_bit = bit_offset % 8; + + matchbits = maskbits << (16 - src_bit - bps); +- for (s = 0; s < spp; s++) ++ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) + { + src = in[s] + src_offset + src_byte; + if (little_endian) +@@ -4471,7 +4471,7 @@ + src_bit = bit_offset % 8; + + matchbits = maskbits << (32 - src_bit - bps); +- for (s = 0; s < spp; s++) ++ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) + { + src = in[s] + src_offset + src_byte; + if (little_endian) +@@ -4597,7 +4597,7 @@ + src_bit = bit_offset % 8; + + matchbits = maskbits << (64 - src_bit - bps); +- for (s = 0; s < spp; s++) ++ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) + { + src = in[s] + src_offset + src_byte; + if (little_endian) -- cgit 1.4.1 From edf0a458469574280557420509a0ff2d886bcdf3 Mon Sep 17 00:00:00 2001 From: Ben Woodcroft Date: Wed, 10 Aug 2016 12:23:59 +1000 Subject: guix: ruby-build-system: Build compiled gems reproducibly. * guix/build/ruby-build-system.scm (log-file-deletion): New procedure. (install): Remove files containing non-reproducible elements. Print when each file is deleted. --- guix/build/ruby-build-system.scm | 38 ++++++++++++++++++++++++++++++++------ 1 file changed, 32 insertions(+), 6 deletions(-) diff --git a/guix/build/ruby-build-system.scm b/guix/build/ruby-build-system.scm index 79ac380cb8..95793f77b8 100644 --- a/guix/build/ruby-build-system.scm +++ b/guix/build/ruby-build-system.scm @@ -120,18 +120,44 @@ GEM-FLAGS are passed to the 'gem' invokation, if present." 1)) (out (assoc-ref outputs "out")) (gem-home (string-append out "/lib/ruby/gems/" ruby-version ".0")) - (gem-name (first-matching-file "\\.gem$"))) + (gem-file (first-matching-file "\\.gem$")) + (gem-file-basename (basename gem-file)) + (gem-name (substring gem-file-basename + 0 + (- (string-length gem-file-basename) 4))) + (gem-directory (string-append gem-home "/gems/" gem-name))) (setenv "GEM_HOME" gem-home) (mkdir-p gem-home) - (and (apply system* "gem" "install" gem-name + (and (apply system* "gem" "install" gem-file "--local" "--ignore-dependencies" ;; Executables should go into /bin, not /lib/ruby/gems. "--bindir" (string-append out "/bin") gem-flags) - ;; Remove the cached gem file as this is unnecessary and contains - ;; timestamped files rendering builds not reproducible. - (begin (delete-file (string-append gem-home "/cache/" gem-name)) - #t)))) + (begin + ;; Remove the cached gem file as this is unnecessary and contains + ;; timestamped files rendering builds not reproducible. + (let ((cached-gem (string-append gem-home "/cache/" gem-file))) + (log-file-deletion cached-gem) + (delete-file cached-gem)) + ;; For gems with native extensions, several Makefile-related files + ;; are created that contain timestamps or other elements making + ;; them not reproducible. They are unnecessary so we remove them. + (if (file-exists? (string-append gem-directory "/ext")) + (begin + (for-each (lambda (file) + (log-file-deletion file) + (delete-file file)) + (append + (find-files (string-append gem-home "/doc") + "page-Makefile.ri") + (find-files (string-append gem-home "/extensions") + "gem_make.out") + (find-files (string-append gem-directory "/ext") + "Makefile"))))) + #t)))) + +(define (log-file-deletion file) + (display (string-append "deleting '" file "' for reproducibility\n"))) (define %standard-phases (modify-phases gnu:%standard-phases -- cgit 1.4.1 From 75160d4b9d5735ce3594c30f430fab6c9edbc284 Mon Sep 17 00:00:00 2001 From: Ben Woodcroft Date: Mon, 25 Jul 2016 21:53:35 +1000 Subject: guix: ruby-build-system: Add replace-git-ls-files. * guix/build/ruby-build-system.scm (replace-git-ls-files): New variable. (%standard-phases): Add it. --- guix/build/ruby-build-system.scm | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/guix/build/ruby-build-system.scm b/guix/build/ruby-build-system.scm index 95793f77b8..c2d2766279 100644 --- a/guix/build/ruby-build-system.scm +++ b/guix/build/ruby-build-system.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2015 David Thompson ;;; Copyright © 2015 Pjotr Prins -;;; Copyright © 2015 Ben Woodcroft +;;; Copyright © 2015, 2016 Ben Woodcroft ;;; ;;; This file is part of GNU Guix. ;;; @@ -69,6 +69,16 @@ directory." (define (first-gemspec) (first-matching-file "\\.gemspec$")) +(define* (replace-git-ls-files #:key source #:allow-other-keys) + "Many gemspec files downloaded from outside rubygems.org use `git ls-files` +to list of the files to be included in the built gem. However, since this +operation is not deterministic, we replace it with `find`." + (when (not (gem-archive? source)) + (let ((gemspec (first-gemspec))) + (substitute* gemspec + (("`git ls-files`") "`find . -type f |sort`")))) + #t) + (define* (extract-gemspec #:key source #:allow-other-keys) "Remove the original gemspec, if present, and replace it with a new one. This avoids issues with upstream gemspecs requiring tools such as git to @@ -162,11 +172,12 @@ GEM-FLAGS are passed to the 'gem' invokation, if present." (define %standard-phases (modify-phases gnu:%standard-phases (delete 'configure) + (replace 'unpack unpack) (add-before 'build 'extract-gemspec extract-gemspec) + (add-after 'extract-gemspec 'replace-git-ls-files replace-git-ls-files) (replace 'build build) - (replace 'unpack unpack) - (replace 'install install) - (replace 'check check))) + (replace 'check check) + (replace 'install install))) (define* (ruby-build #:key inputs (phases %standard-phases) #:allow-other-keys #:rest args) -- cgit 1.4.1 From 520e89eb238aa814f08d6e5cd579be068aa7f302 Mon Sep 17 00:00:00 2001 From: Ben Woodcroft Date: Sun, 24 Jul 2016 10:21:21 +1000 Subject: gnu: ruby-concurrent: Adjust for 'replace-git-ls-files'. * gnu/packages/ruby.scm (ruby-concurrent)[arguments]: Adjust for new build phase 'replace-git-ls-files'. --- gnu/packages/ruby.scm | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm index 52cdef1066..46588dd002 100644 --- a/gnu/packages/ruby.scm +++ b/gnu/packages/ruby.scm @@ -4120,21 +4120,18 @@ call.") `(#:test-target "spec" #:phases (modify-phases %standard-phases - (add-before 'build 'remove-git-lsfiles-and-extra-gemspecs - (lambda _ - (for-each (lambda (file) - (substitute* file - (("git ls-files") "find * |sort"))) - (list "concurrent-ruby.gemspec" - "support/file_map.rb")) - #t)) - (add-before 'build 'remove-extra-gemspecs + (add-before 'replace-git-ls-files 'remove-extra-gemspecs (lambda _ ;; Delete extra gemspec files so 'first-gemspec' chooses the ;; correct one. (delete-file "concurrent-ruby-edge.gemspec") (delete-file "concurrent-ruby-ext.gemspec") #t)) + (add-before 'build 'replace-git-ls-files2 + (lambda _ + (substitute* "support/file_map.rb" + (("git ls-files") "find * |sort")) + #t)) (add-before 'check 'rake-compile ;; Fix the test error described at ;; https://github.com/ruby-concurrency/concurrent-ruby/pull/408 -- cgit 1.4.1 From caa9bc7dc5824e587a588aa698e473e217c7c468 Mon Sep 17 00:00:00 2001 From: Ben Woodcroft Date: Tue, 30 Aug 2016 10:46:30 +1000 Subject: gnu: diamond: Update to 0.8.20. * gnu/packages/bioinformatics.scm (diamond): Update to 0.8.20. --- gnu/packages/bioinformatics.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm index 2bd71c858b..ed20b562e5 100644 --- a/gnu/packages/bioinformatics.scm +++ b/gnu/packages/bioinformatics.scm @@ -1903,7 +1903,7 @@ identify enrichments with functional annotations of the genome.") (define-public diamond (package (name "diamond") - (version "0.8.18") + (version "0.8.20") (source (origin (method url-fetch) (uri (string-append @@ -1912,7 +1912,7 @@ identify enrichments with functional annotations of the genome.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "1r8klhbzn5cfzg9g69dd0sk4c0bd8cg1g5id8blsqi273bymm4jl")))) + "16bhwpxqzq2nfkh9522rwcc1p97ygszjmhphz69x2jk501jf9wkg")))) (build-system cmake-build-system) (arguments '(#:tests? #f ; no "check" target -- cgit 1.4.1 From 4e9d5055fbf88ae43a7db7e901359e895fa729e8 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Mon, 29 Aug 2016 20:53:57 -0400 Subject: gnu: libtiff: Fix CVE-2016-5314. * gnu/packages/patches/libtiff-CVE-2016-5314.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/image.scm (libtiff/fixed): Use it. --- gnu/local.mk | 1 + gnu/packages/image.scm | 1 + gnu/packages/patches/libtiff-CVE-2016-5314.patch | 45 ++++++++++++++++++++++++ 3 files changed, 47 insertions(+) create mode 100644 gnu/packages/patches/libtiff-CVE-2016-5314.patch diff --git a/gnu/local.mk b/gnu/local.mk index 5809ba8e50..d75ab54453 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -630,6 +630,7 @@ dist_patch_DATA = \ %D%/packages/patches/libtiff-CVE-2016-3945.patch \ %D%/packages/patches/libtiff-CVE-2016-3990.patch \ %D%/packages/patches/libtiff-CVE-2016-3991.patch \ + %D%/packages/patches/libtiff-CVE-2016-5314.patch \ %D%/packages/patches/libtiff-CVE-2016-5321.patch \ %D%/packages/patches/libtiff-CVE-2016-5323.patch \ %D%/packages/patches/libtiff-oob-accesses-in-decode.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 72a3204ae6..4fdc4ae252 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -196,6 +196,7 @@ collection of tools for doing simple manipulations of TIFF images.") "libtiff-CVE-2016-3945.patch" "libtiff-CVE-2016-3990.patch" "libtiff-CVE-2016-3991.patch" + "libtiff-CVE-2016-5314.patch" "libtiff-CVE-2016-5321.patch" "libtiff-CVE-2016-5323.patch")))))) diff --git a/gnu/packages/patches/libtiff-CVE-2016-5314.patch b/gnu/packages/patches/libtiff-CVE-2016-5314.patch new file mode 100644 index 0000000000..e5380f8639 --- /dev/null +++ b/gnu/packages/patches/libtiff-CVE-2016-5314.patch @@ -0,0 +1,45 @@ +Fix CVE-2016-5314. + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5314 +bugzilla.maptools.org/show_bug.cgi?id=2554 + +Patch extracted from upstream CVS repo with: +$ cvs diff -u -r1.43 -r1.44 libtiff/tif_pixarlog.c + +Index: libtiff/tif_pixarlog.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_pixarlog.c,v +retrieving revision 1.43 +retrieving revision 1.44 +diff -u -r1.43 -r1.44 +--- libtiff/libtiff/tif_pixarlog.c 27 Dec 2015 20:14:11 -0000 1.43 ++++ libtiff/libtiff/tif_pixarlog.c 28 Jun 2016 15:12:19 -0000 1.44 +@@ -459,6 +459,7 @@ + typedef struct { + TIFFPredictorState predict; + z_stream stream; ++ tmsize_t tbuf_size; /* only set/used on reading for now */ + uint16 *tbuf; + uint16 stride; + int state; +@@ -694,6 +695,7 @@ + sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size); + if (sp->tbuf == NULL) + return (0); ++ sp->tbuf_size = tbuf_size; + if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN) + sp->user_datafmt = PixarLogGuessDataFmt(td); + if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN) { +@@ -783,6 +785,12 @@ + TIFFErrorExt(tif->tif_clientdata, module, "ZLib cannot deal with buffers this size"); + return (0); + } ++ /* Check that we will not fill more than what was allocated */ ++ if (sp->stream.avail_out > sp->tbuf_size) ++ { ++ TIFFErrorExt(tif->tif_clientdata, module, "sp->stream.avail_out > sp->tbuf_size"); ++ return (0); ++ } + do { + int state = inflate(&sp->stream, Z_PARTIAL_FLUSH); + if (state == Z_STREAM_END) { -- cgit 1.4.1