From e411ce186021540770c389ec13b7b5b42252c4bb Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 29 Apr 2016 03:31:41 -0400 Subject: gnu: poppler: Fix CVE-2015-8868. * gnu/packages/pdf.scm (poppler)[replacement]: New field. (poppler/fixed): New variable. * gnu/packages/patches/poppler-CVE-2015-8868.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + 1 file changed, 1 insertion(+) (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 7556fa76e8..e45405fe0e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -681,6 +681,7 @@ dist_patch_DATA = \ gnu/packages/patches/plink-1.07-unclobber-i.patch \ gnu/packages/patches/plotutils-libpng-jmpbuf.patch \ gnu/packages/patches/polkit-drop-test.patch \ + gnu/packages/patches/poppler-CVE-2015-8868.patch \ gnu/packages/patches/portaudio-audacity-compat.patch \ gnu/packages/patches/procmail-ambiguous-getline-debian.patch \ gnu/packages/patches/pt-scotch-build-parallelism.patch \ -- cgit 1.4.1 From acb31b5dcd008ee7b34d83c8d2170dcdffb3199b Mon Sep 17 00:00:00 2001 From: Nicolas Goaziou Date: Sat, 30 Apr 2016 11:43:35 +0200 Subject: gnu: asymptote: Update to 2.37. * gnu/packages/plotutils.scm (asymptote): Update to 2.37. * gnu/packages/patches/asymptote-gsl2.patch: Remove file. * gnu/local.mk (dist_patch_DATA): Remove reference. --- gnu/local.mk | 1 - gnu/packages/patches/asymptote-gsl2.patch | 33 ------------------------------- gnu/packages/plotutils.scm | 26 ++++++++++++++---------- 3 files changed, 16 insertions(+), 44 deletions(-) delete mode 100644 gnu/packages/patches/asymptote-gsl2.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index e45405fe0e..702c9a602e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -415,7 +415,6 @@ dist_patch_DATA = \ gnu/packages/patches/alsa-lib-mips-atomic-fix.patch \ gnu/packages/patches/apr-skip-getservbyname-test.patch \ gnu/packages/patches/arb-ldconfig.patch \ - gnu/packages/patches/asymptote-gsl2.patch \ gnu/packages/patches/ath9k-htc-firmware-binutils.patch \ gnu/packages/patches/ath9k-htc-firmware-gcc.patch \ gnu/packages/patches/ath9k-htc-firmware-objcopy.patch \ diff --git a/gnu/packages/patches/asymptote-gsl2.patch b/gnu/packages/patches/asymptote-gsl2.patch deleted file mode 100644 index 4f73d16d7f..0000000000 --- a/gnu/packages/patches/asymptote-gsl2.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 71ff9e769ba5d9995b367201f0d41b7a8dedab9d Mon Sep 17 00:00:00 2001 -From: John Bowman -Date: Sat, 14 Nov 2015 01:25:56 -0700 -Subject: [PATCH] Support GSL 2.0. - ---- - gsl.cc | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/gsl.cc b/gsl.cc -index b500557..0f81dc6 100644 ---- a/gsl.cc -+++ b/gsl.cc -@@ -27,6 +27,7 @@ - #include - #include - #include -+#include - - #include "opsymbols.h" - -@@ -1088,7 +1089,11 @@ void gen_rungsl_venv(venv &ve) - addGSLDOUBLE2Func(SYM(F)); - addGSLDOUBLE2Func(SYM(E)); - addGSLDOUBLE3Func(SYM(P),SYM(phi),SYM(k),SYM(n)); -+#if GSL_MAJOR_VERSION >= 2 -+ addGSLDOUBLE2Func(SYM(D),SYM(phi),SYM(k)); -+#else - addGSLDOUBLE3Func(SYM(D),SYM(phi),SYM(k),SYM(n)); -+#endif - addGSLDOUBLE2Func(SYM(RC),SYM(x),SYM(y)); - addGSLDOUBLE3Func(SYM(RD),SYM(x),SYM(y),SYM(z)); - addGSLDOUBLE3Func(SYM(RF),SYM(x),SYM(y),SYM(z)); diff --git a/gnu/packages/plotutils.scm b/gnu/packages/plotutils.scm index 67f692daf5..3fdd539835 100644 --- a/gnu/packages/plotutils.scm +++ b/gnu/packages/plotutils.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès ;;; Copyright © 2015 Eric Bavier +;;; Copyright © 2016 Nicolas Goaziou ;;; ;;; This file is part of GNU Guix. ;;; @@ -171,15 +172,14 @@ colors, styles, options and details.") (define-public asymptote (package (name "asymptote") - (version "2.35") + (version "2.37") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/asymptote/" version "/asymptote-" version ".src.tgz")) (sha256 (base32 - "11f28vxw0ybhvl7vxmqcdwvw7y6gz55ykw9ybgzb2px6lsvgag7z")) - (patches (search-patches "asymptote-gsl2.patch")))) + "16nh02m52mk9a53i8wc6l9vg710gnzr3lfbypcbvamghvaj0458i")))) (build-system gnu-build-system) ;; Note: The 'asy' binary retains a reference to docdir for use with its ;; "help" command in interactive mode, so adding a "doc" output is not @@ -206,13 +206,19 @@ colors, styles, options and details.") (string-append "--with-context=" (assoc-ref %outputs "out") "/share/texmf/tex/context/third")) - #:phases (modify-phases %standard-phases - (add-before 'build 'patch-pdf-viewer - (lambda _ - ;; Default to a free pdf viewer - (substitute* "settings.cc" - (("defaultPDFViewer=\"acroread\"") - "defaultPDFViewer=\"gv\""))))))) + #:phases + (modify-phases %standard-phases + (add-before 'build 'patch-pdf-viewer + (lambda _ + ;; Default to a free pdf viewer + (substitute* "settings.cc" + (("defaultPDFViewer=\"acroread\"") + "defaultPDFViewer=\"gv\"")))) + (add-before 'check 'set-HOME + ;; Some tests require write access to $HOME, otherwise leading to + ;; "failed to create directory /homeless-shelter/.asy" error. + (lambda _ + (setenv "HOME" "/tmp")))))) (home-page "http://asymptote.sourceforge.net") (synopsis "Script-based vector graphics language") (description -- cgit 1.4.1 From aacb52fb0fe8ad48b923daa500f021dc99661fda Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Wed, 27 Apr 2016 21:20:07 +0200 Subject: gnu: Add portmidi. * gnu/packages/music.scm (portmidi): New variable. * gnu/packages/patches/portmidi-modular-build.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/music.scm | 30 ++ gnu/packages/patches/portmidi-modular-build.patch | 325 ++++++++++++++++++++++ 3 files changed, 356 insertions(+) create mode 100644 gnu/packages/patches/portmidi-modular-build.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 702c9a602e..7fefdf4349 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -682,6 +682,7 @@ dist_patch_DATA = \ gnu/packages/patches/polkit-drop-test.patch \ gnu/packages/patches/poppler-CVE-2015-8868.patch \ gnu/packages/patches/portaudio-audacity-compat.patch \ + gnu/packages/patches/portmidi-modular-build.patch \ gnu/packages/patches/procmail-ambiguous-getline-debian.patch \ gnu/packages/patches/pt-scotch-build-parallelism.patch \ gnu/packages/patches/pulseaudio-fix-mult-test.patch \ diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm index 95f52c5dd6..96495bf660 100644 --- a/gnu/packages/music.scm +++ b/gnu/packages/music.scm @@ -958,6 +958,36 @@ programming methods as well as for realizing complex systems for large-scale projects.") (license license:bsd-3))) +(define-public portmidi + (package + (name "portmidi") + (version "217") + (source (origin + (method url-fetch) + (uri (string-append "mirror://sourceforge/portmedia/portmidi/" + version "/portmidi-src-" version ".zip")) + (sha256 + (base32 + "03rfsk7z6rdahq2ihy5k13qjzgx757f75yqka88v3gc0pn9ais88")) + (patches (list (search-patch "portmidi-modular-build.patch"))))) + (build-system cmake-build-system) + (arguments + `(#:tests? #f ; tests cannot be linked + #:configure-flags + (list "-DPORTMIDI_ENABLE_JAVA=Off" + "-DCMAKE_BUILD_TYPE=Release" ; needed to have PMALSA set + "-DPORTMIDI_ENABLE_TEST=Off"))) ; tests fail linking + (inputs + `(("alsa-lib" ,alsa-lib))) + (native-inputs + `(("unzip" ,unzip))) + (home-page "http://portmedia.sourceforge.net/portmidi/") + (synopsis "Library for MIDI I/O") + (description + "PortMidi is a library supporting real-time input and output of MIDI data +using a system-independent interface.") + (license license:expat))) + (define-public frescobaldi (package (name "frescobaldi") diff --git a/gnu/packages/patches/portmidi-modular-build.patch b/gnu/packages/patches/portmidi-modular-build.patch new file mode 100644 index 0000000000..25e64ae317 --- /dev/null +++ b/gnu/packages/patches/portmidi-modular-build.patch @@ -0,0 +1,325 @@ +We took this patch from Gentoo to break apart the portmidi build, so that we +can disable the Java parts and cleanly disable the tests which fail to link +(possibly because they are linked before “-lportmidi” is available). The +patch was downloaded from here: + +https://gitweb.gentoo.org/repo/gentoo.git/plain/media-libs/portmidi/files/portmidi-217-cmake.patch?id=56bd759df1d0c750a065b8c845e93d5dfa6b549d + +--- portmidi/CMakeLists.txt ++++ portmidi/CMakeLists.txt +@@ -9,12 +9,11 @@ + set(CMAKE_BUILD_TYPE Release CACHE STRING + "Semicolon-separate list of supported configuration types") + # set default directories but don't override cached values... +- set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${CMAKE_CACHEFILE_DIR}/${CMAKE_BUILD_TYPE} ++ set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} + CACHE STRING "libraries go here") +- set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_CACHEFILE_DIR}/${CMAKE_BUILD_TYPE} ++ set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} + CACHE STRING "libraries go here") +- set(CMAKE_RUNTIME_OUTPUT_DIRECTORY +- ${CMAKE_CACHEFILE_DIR}/${CMAKE_BUILD_TYPE} ++ set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} + CACHE STRING "executables go here") + + else(UNIX) +@@ -68,10 +67,20 @@ + include_directories(pm_common porttime) + add_subdirectory(pm_common) + +-add_subdirectory(pm_test) ++option(PORTMIDI_ENABLE_JAVA "Enable Java bindings support" ON) ++option(PORTMIDI_ENABLE_STATIC "Build and install static libraries" OFF) ++option(PORTMIDI_ENABLE_TEST "Build test programs" ON) ++ ++if(PORTMIDI_ENABLE_TEST) ++ add_subdirectory(pm_test) ++endif(PORTMIDI_ENABLE_TEST) + + add_subdirectory(pm_dylib) + + # Cannot figure out how to make an xcode Java application with CMake +-add_subdirectory(pm_java) ++if(PORTMIDI_ENABLE_JAVA) ++ set(JAR_INSTALL_DIR share/java ++ CACHE STRING "Define directory name for jar installation") ++ add_subdirectory(pm_java) ++endif(PORTMIDI_ENABLE_JAVA) + +--- portmidi/pm_common/CMakeLists.txt ++++ portmidi/pm_common/CMakeLists.txt +@@ -44,9 +44,6 @@ + + # first include the appropriate system-dependent file: + if(UNIX) +- # add the -g switch for Linux and Mac OS X (not used in Win32) +- set (CMAKE_C_FLAGS_DEBUG "-g ${CMAKE_C_FLAGS_DEBUG}" +- CACHE STRING "enable extra checks for debugging" FORCE) + if(APPLE) + set(MACSRC pmmacosxcm pmmac readbinaryplist finddefault) + prepend_path(LIBSRC ../pm_mac/ ${MACSRC}) +@@ -62,19 +59,23 @@ + ${COREMIDI_LIB} ${CORESERVICES_LIB} + CACHE INTERNAL "") + +- set(JAVAVM_LIB "${FRAMEWORK_PATH}/JavaVM.framework") +- set(JAVA_INCLUDE_PATHS ${JAVAVM_LIB}/Headers) ++ if(PORTMIDI_ENABLE_JAVA) ++ set(JAVAVM_LIB "${FRAMEWORK_PATH}/JavaVM.framework") ++ set(JAVA_INCLUDE_PATHS ${JAVAVM_LIB}/Headers) ++ endif(PORTMIDI_ENABLE_JAVA) + message(STATUS "SYSROOT: " ${CMAKE_OSX_SYSROOT}) + else(APPLE) + # LINUX settings... +- include(FindJNI) +- message(STATUS "JAVA_JVM_LIB_PATH is " ${JAVA_JVM_LIB_PATH}) +- message(STATUS "JAVA_INCLUDE_PATH is " ${JAVA_INCLUDE_PATH}) +- message(STATUS "JAVA_INCLUDE_PATH2 is " ${JAVA_INCLUDE_PATH2}) +- message(STATUS "JAVA_JVM_LIBRARY is " ${JAVA_JVM_LIBRARY}) +- set(JAVA_INCLUDE_PATHS ${JAVA_INCLUDE_PATH} ${JAVA_INCLUDE_PATH2}) +- # libjvm.so is found relative to JAVA_INCLUDE_PATH: +- set(JAVAVM_LIB ${JAVA_JVM_LIBRARY}/libjvm.so) ++ if(PORTMIDI_ENABLE_JAVA) ++ include(FindJNI) ++ message(STATUS "JAVA_JVM_LIB_PATH is " ${JAVA_JVM_LIB_PATH}) ++ message(STATUS "JAVA_INCLUDE_PATH is " ${JAVA_INCLUDE_PATH}) ++ message(STATUS "JAVA_INCLUDE_PATH2 is " ${JAVA_INCLUDE_PATH2}) ++ message(STATUS "JAVA_JVM_LIBRARY is " ${JAVA_JVM_LIBRARY}) ++ set(JAVA_INCLUDE_PATHS ${JAVA_INCLUDE_PATH} ${JAVA_INCLUDE_PATH2}) ++ # libjvm.so is found relative to JAVA_INCLUDE_PATH: ++ set(JAVAVM_LIB ${JAVA_JVM_LIBRARY}/libjvm.so) ++ endif(PORTMIDI_ENABLE_JAVA) + + set(LINUXSRC pmlinuxalsa pmlinux finddefault) + prepend_path(LIBSRC ../pm_linux/ ${LINUXSRC}) +@@ -88,10 +89,12 @@ + # /MD is multithread DLL, /MT is multithread. Change to static: + include(../pm_win/static.cmake) + +- include(FindJNI) ++ if(PORTMIDI_ENABLE_JAVA) ++ include(FindJNI) + +- set(JAVA_INCLUDE_PATHS ${JAVA_INCLUDE_PATH} ${JAVA_INCLUDE_PATH2}) +- # message(STATUS "JAVA_INCLUDE_PATHS: " ${JAVA_INCLUDE_PATHS}) ++ set(JAVA_INCLUDE_PATHS ${JAVA_INCLUDE_PATH} ${JAVA_INCLUDE_PATH2}) ++ # message(STATUS "JAVA_INCLUDE_PATHS: " ${JAVA_INCLUDE_PATHS}) ++ endif(PORTMIDI_ENABLE_JAVA) + + set(WINSRC pmwin pmwinmm) + prepend_path(LIBSRC ../pm_win/ ${WINSRC}) +@@ -99,29 +102,43 @@ + set(PM_NEEDED_LIBS winmm.lib) + endif(WIN32) + endif(UNIX) +-set(JNI_EXTRA_LIBS ${PM_NEEDED_LIBS} ${JAVA_JVM_LIBRARY}) ++ ++if(PORTMIDI_ENABLE_JAVA) ++ set(JNI_EXTRA_LIBS ${PM_NEEDED_LIBS} ${JAVA_JVM_LIBRARY}) ++endif(PORTMIDI_ENABLE_JAVA) + + # this completes the list of library sources by adding shared code + list(APPEND LIBSRC pmutil portmidi) + + # now add the shared files to make the complete list of library sources +-add_library(portmidi-static ${LIBSRC}) +-set_target_properties(portmidi-static PROPERTIES OUTPUT_NAME "portmidi_s") +-target_link_libraries(portmidi-static ${PM_NEEDED_LIBS}) +- +-# define the jni library +-include_directories(${JAVA_INCLUDE_PATHS}) +- +-set(JNISRC ${LIBSRC} ../pm_java/pmjni/pmjni.c) +-add_library(pmjni SHARED ${JNISRC}) +-target_link_libraries(pmjni ${JNI_EXTRA_LIBS}) +-set_target_properties(pmjni PROPERTIES EXECUTABLE_EXTENSION "jnilib") ++if(PORTMIDI_ENABLE_STATIC) ++ add_library(portmidi-static ${LIBSRC}) ++ set_target_properties(portmidi-static PROPERTIES OUTPUT_NAME "portmidi") ++ target_link_libraries(portmidi-static ${PM_NEEDED_LIBS}) ++endif(PORTMIDI_ENABLE_STATIC) ++ ++if(PORTMIDI_ENABLE_JAVA) ++ # define the jni library ++ include_directories(${JAVA_INCLUDE_PATHS}) ++ ++ set(JNISRC ${LIBSRC} ../pm_java/pmjni/pmjni.c) ++ add_library(pmjni SHARED ${JNISRC}) ++ target_link_libraries(pmjni ${JNI_EXTRA_LIBS}) ++ set_target_properties(pmjni PROPERTIES EXECUTABLE_EXTENSION "jnilib") ++endif(PORTMIDI_ENABLE_JAVA) + + # install the libraries (Linux and Mac OS X command line) + if(UNIX) +- INSTALL(TARGETS portmidi-static pmjni +- LIBRARY DESTINATION /usr/local/lib +- ARCHIVE DESTINATION /usr/local/lib) ++ if(PORTMIDI_ENABLE_STATIC) ++ INSTALL(TARGETS portmidi-static ++ LIBRARY DESTINATION lib${LIB_SUFFIX} ++ ARCHIVE DESTINATION lib${LIB_SUFFIX}) ++ endif(PORTMIDI_ENABLE_STATIC) ++ if(PORTMIDI_ENABLE_JAVA) ++ INSTALL(TARGETS pmjni ++ LIBRARY DESTINATION lib${LIB_SUFFIX} ++ ARCHIVE DESTINATION lib${LIB_SUFFIX}) ++ endif(PORTMIDI_ENABLE_JAVA) + # .h files installed by pm_dylib/CMakeLists.txt, so don't need them here + # INSTALL(FILES portmidi.h ../porttime/porttime.h + # DESTINATION /usr/local/include) +--- portmidi/pm_dylib/CMakeLists.txt ++++ portmidi/pm_dylib/CMakeLists.txt +@@ -39,9 +39,6 @@ + + # first include the appropriate system-dependent file: + if(UNIX) +- # add the -g switch for Linux and Mac OS X (not used in Win32) +- set (CMAKE_C_FLAGS_DEBUG "-g ${CMAKE_C_FLAGS_DEBUG}" +- CACHE STRING "enable extra checks for debugging" FORCE) + if(APPLE) + set(MACSRC pmmacosxcm pmmac readbinaryplist finddefault) + prepend_path(LIBSRC ../pm_mac/ ${MACSRC}) +@@ -63,7 +60,8 @@ + message(STATUS "SYSROOT: " ${CMAKE_OSX_SYSROOT}) + else(APPLE) + # LINUX settings... +- include(FindJNI) ++ if(PORTMIDI_ENABLE_JAVA) ++ include(FindJNI) + # message(STATUS "JAVA_JVM_LIB_PATH is " ${JAVA_JVM_LIB_PATH}) + # message(STATUS "JAVA_INCLUDE_PATH is " ${JAVA_INCLUDE_PATH}) + # note: should use JAVA_JVM_LIB_PATH, but it is not set properly +@@ -75,11 +73,8 @@ + # JAVA_INCLUDE_PATH2; if no, then we need to make both JAVA_INCLUDE_PATH + # and JAVA_INCLUDE_PATH2 set by user (will need clear documentation + # because JAVA_INCLUDE_PATH2 is pretty obscure) +- set(JAVA_INCLUDE_PATH ${JAVA_INCLUDE_PATH-UNKNOWN} +- CACHE STRING "where to find Java SDK include directory") +- set(JAVA_INCLUDE_PATHS ${JAVA_INCLUDE_PATH} ${JAVA_INCLUDE_PATH}/linux) +- # libjvm.so is found relative to JAVA_INCLUDE_PATH: +- set(JAVAVM_LIB ${JAVA_INCLUDE_PATH}/../jre/lib/i386/client/libjvm.so) ++ set(JAVAVM_LIB ${JAVA_JVM_LIBRARY}) ++ endif(PORTMIDI_ENABLE_JAVA) + + set(LINUXSRC pmlinuxalsa pmlinux finddefault) + prepend_path(LIBSRC ../pm_linux/ ${LINUXSRC}) +@@ -91,13 +86,15 @@ + if(WIN32) + # /MDd is multithread debug DLL, /MTd is multithread debug + # /MD is multithread DLL, /MT is multithread +- +- include(FindJNI) +- # note: should use JAVA_JVM_LIB_PATH, but it is not set properly +- set(JAVAVM_LIB ${JAVA_INCLUDE_PATH}/../lib/jvm.lib) + +- set(JAVA_INCLUDE_PATHS ${JAVA_INCLUDE_PATH} ${JAVA_INCLUDE_PATH2}) +- # message(STATUS "JAVA_INCLUDE_PATHS: " ${JAVA_INCLUDE_PATHS}) ++ if(PORTMIDI_ENABLE_JAVA) ++ include(FindJNI) ++ # note: should use JAVA_JVM_LIB_PATH, but it is not set properly ++ set(JAVAVM_LIB ${JAVA_INCLUDE_PATH}/../lib/jvm.lib) ++ ++ set(JAVA_INCLUDE_PATHS ${JAVA_INCLUDE_PATH} ${JAVA_INCLUDE_PATH2}) ++ # message(STATUS "JAVA_INCLUDE_PATHS: " ${JAVA_INCLUDE_PATHS}) ++ endif(PORTMIDI_ENABLE_JAVA) + + set(WINSRC pmwin pmwinmm) + prepend_path(LIBSRC ../pm_win/ ${WINSRC}) +@@ -106,7 +103,10 @@ + # message(STATUS "JAVAVM_LIB: " ${JAVAVM_LIB}) + endif(WIN32) + endif(UNIX) ++ ++if(PORTMIDI_ENABLE_JAVA) + set(JNI_EXTRA_LIBS ${PM_NEEDED_LIBS} ${JAVAVM_LIB}) ++endif(PORTMIDI_ENABLE_JAVA) + + # this completes the list of library sources by adding shared code + set(SHARED_FILES pmutil portmidi) +@@ -120,8 +120,8 @@ + # install the libraries (Linux and Mac OS X command line) + if(UNIX) + INSTALL(TARGETS portmidi-dynamic +- LIBRARY DESTINATION /usr/local/lib +- ARCHIVE DESTINATION /usr/local/lib) ++ LIBRARY DESTINATION lib${LIB_SUFFIX} ++ ARCHIVE DESTINATION lib${LIB_SUFFIX}) + INSTALL(FILES ../pm_common/portmidi.h ../porttime/porttime.h +- DESTINATION /usr/local/include) ++ DESTINATION include) + endif(UNIX) +--- portmidi/pm_java/CMakeLists.txt ++++ portmidi/pm_java/CMakeLists.txt +@@ -5,43 +5,24 @@ + # java not dealt with in CMake -- see pm_mac/pm_mac.xcodeproj + else(APPLE) + # linux +- set(JPORTMIDICLASS JPortMidi.class JPortMidiException.class +- JPortMidiApi.class) +- set(PMDEFAULTSCLASS PmDefaultsFrame.class PmDefaults.class) +- prepend_path(JPORTMIDICLASS2 jportmidi/ ${JPORTMIDICLASS}) +- prepend_path(PMDEFAULTSCLASS2 pmdefaults/ ${PMDEFAULTSCLASS}) +- set(PMDEFAULTS_ALL_CLASSES ${JPORTMIDICLASS2} ${PMDEFAULTSCLASS2}) +- # message(STATUS "PMDEFAULTS_ALL_CLASSES is " ${PMDEFAULTS_ALL_CLASSES}) +- add_custom_command(OUTPUT pmdefaults/PmDefaultsFrame.class +- COMMAND javac -classpath . pmdefaults/PmDefaultsFrame.java +- MAIN_DEPENDENCY pmdefaults/PmDefaultsFrame.java +- DEPENDS pmdefaults/PmDefaults.java +- WORKING_DIRECTORY pm_java) +- add_custom_command(OUTPUT pmdefaults/PmDefaults.class +- COMMAND javac -classpath . pmdefaults/PmDefaults.java +- MAIN_DEPENDENCY pmdefaults/PmDefaults.java +- DEPENDS pmdefaults/PmDefaultsFrame.java +- WORKING_DIRECTORY pm_java) +- add_custom_command(OUTPUT ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/pmdefaults.jar +- COMMAND cp pmdefaults/portmusic_logo.png . +- COMMAND jar cmf pmdefaults/manifest.txt pmdefaults.jar +- pmdefaults/*.class portmusic_logo.png jportmidi/*.class +- COMMAND chmod +x pmdefaults/pmdefaults +- COMMAND cp pmdefaults/pmdefaults ${CMAKE_LIBRARY_OUTPUT_DIRECTORY} +- COMMAND mv pmdefaults.jar ${CMAKE_LIBRARY_OUTPUT_DIRECTORY} +- COMMAND rm portmusic_logo.png +- MAIN_DEPENDENCY pmdefaults/PmDefaults.class +- DEPENDS ${PMDEFAULTS_ALL_CLASSES} +- WORKING_DIRECTORY pm_java) +- add_custom_target(pmdefaults_target ALL +- DEPENDS ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/pmdefaults.jar) +- # message(STATUS "add_custom_target: pmdefaults.jar") ++ set(JAVA_CLASSES jportmidi pmdefaults) ++ add_custom_command(OUTPUT ${JAVA_CLASSES} ++ COMMAND javac -d ${CMAKE_CURRENT_BINARY_DIR} jportmidi/*.java pmdefaults/*.java ++ WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) ++ add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/pmdefaults.jar ++ DEPENDS ${JAVA_CLASSES} ++ COMMAND jar cmf pmdefaults/manifest.txt ${CMAKE_CURRENT_BINARY_DIR}/pmdefaults.jar ++ -C pmdefaults portmusic_logo.png -C ${CMAKE_CURRENT_BINARY_DIR} jportmidi ++ -C ${CMAKE_CURRENT_BINARY_DIR} pmdefaults ++ WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) ++ add_custom_target(pmdefaults.jar ALL ++ DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/pmdefaults.jar) + + # install the libraries (Linux only) +- INSTALL(FILES ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/pmdefaults.jar +- DESTINATION /usr/share/java) +- INSTALL(PROGRAMS ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/pmdefaults +- DESTINATION /usr/local/bin) ++ INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/pmdefaults.jar ++ DESTINATION ${JAR_INSTALL_DIR}) ++ INSTALL(PROGRAMS ${CMAKE_CURRENT_SOURCE_DIR}/pmdefaults/pmdefaults ++ DESTINATION bin) + endif(APPLE) + endif(UNIX) + # In windows, use pm_java/make.bat +--- portmidi/pm_test/CMakeLists.txt ++++ portmidi/pm_test/CMakeLists.txt +@@ -12,8 +12,8 @@ + + macro(make_a_test name) + add_executable(${name} ${name}.c) +- target_link_libraries(${name} portmidi-static ${PM_NEEDED_LIBS}) +- add_dependencies(${name} portmidi-static) ++ target_link_libraries(${name} portmidi ${PM_NEEDED_LIBS}) ++ add_dependencies(${name} portmidi) + endmacro(make_a_test) + + make_a_test(test) -- cgit 1.4.1 From 3854f3d7e4c6a23923c46806469678c63c392143 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 29 Apr 2016 20:55:19 -0400 Subject: gnu: ocaml: Fix CVE-2015-8869. * gnu/packages/patches/ocaml-CVE-2015-8869.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/ocaml.scm (ocaml): Use it. --- gnu/local.mk | 1 + gnu/packages/ocaml.scm | 3 +- gnu/packages/patches/ocaml-CVE-2015-8869.patch | 72 ++++++++++++++++++++++++++ 3 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/ocaml-CVE-2015-8869.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 7fefdf4349..a8d156dd89 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -642,6 +642,7 @@ dist_patch_DATA = \ gnu/packages/patches/nvi-assume-preserve-path.patch \ gnu/packages/patches/nvi-dbpagesize-binpower.patch \ gnu/packages/patches/nvi-db4.patch \ + gnu/packages/patches/ocaml-CVE-2015-8869.patch \ gnu/packages/patches/ocaml-findlib-make-install.patch \ gnu/packages/patches/openexr-missing-samples.patch \ gnu/packages/patches/openimageio-boost-1.60.patch \ diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm index 5d489532f7..434fb132bb 100644 --- a/gnu/packages/ocaml.scm +++ b/gnu/packages/ocaml.scm @@ -60,7 +60,8 @@ "/ocaml-" version ".tar.xz")) (sha256 (base32 - "1qwwvy8nzd87hk8rd9sm667nppakiapnx4ypdwcrlnav2dz6kil3")))) + "1qwwvy8nzd87hk8rd9sm667nppakiapnx4ypdwcrlnav2dz6kil3")) + (patches (search-patches "ocaml-CVE-2015-8869.patch")))) (build-system gnu-build-system) (native-search-paths (list (search-path-specification diff --git a/gnu/packages/patches/ocaml-CVE-2015-8869.patch b/gnu/packages/patches/ocaml-CVE-2015-8869.patch new file mode 100644 index 0000000000..0a4cb34d25 --- /dev/null +++ b/gnu/packages/patches/ocaml-CVE-2015-8869.patch @@ -0,0 +1,72 @@ +Adapted from upstream commit 659615c7b100a89eafe6253e7a5b9d84d0e8df74, +this patch omits the upstream changes to 'Changes' and 'VERSION'. + +http://seclists.org/oss-sec/2016/q2/170 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8869 +https://github.com/ocaml/ocaml/commit/659615c7b100a89eafe6253e7a5b9d84d0e8df74 +--- + byterun/alloc.c | 4 ++-- + byterun/intern.c | 2 +- + byterun/str.c | 4 ++-- + 3 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/byterun/alloc.c b/byterun/alloc.c +index 96a21bf..0db9947 100644 +--- a/byterun/alloc.c ++++ b/byterun/alloc.c +@@ -153,7 +153,7 @@ CAMLexport int caml_convert_flag_list(value list, int *flags) + /* [size] is a [value] representing number of words (fields) */ + CAMLprim value caml_alloc_dummy(value size) + { +- mlsize_t wosize = Int_val(size); ++ mlsize_t wosize = Long_val(size); + + if (wosize == 0) return Atom(0); + return caml_alloc (wosize, 0); +@@ -169,7 +169,7 @@ CAMLprim value caml_alloc_dummy_function(value size,value arity) + /* [size] is a [value] representing number of floats. */ + CAMLprim value caml_alloc_dummy_float (value size) + { +- mlsize_t wosize = Int_val(size) * Double_wosize; ++ mlsize_t wosize = Long_val(size) * Double_wosize; + + if (wosize == 0) return Atom(0); + return caml_alloc (wosize, 0); +diff --git a/byterun/intern.c b/byterun/intern.c +index 89d13d1..7b8d049 100644 +--- a/byterun/intern.c ++++ b/byterun/intern.c +@@ -291,7 +291,7 @@ static void intern_rec(value *dest) + case OFreshOID: + /* Refresh the object ID */ + /* but do not do it for predefined exception slots */ +- if (Int_val(Field((value)dest, 1)) >= 0) ++ if (Long_val(Field((value)dest, 1)) >= 0) + caml_set_oo_id((value)dest); + /* Pop item and iterate */ + sp--; +diff --git a/byterun/str.c b/byterun/str.c +index 5ad4e29..885772f 100644 +--- a/byterun/str.c ++++ b/byterun/str.c +@@ -266,7 +266,7 @@ CAMLprim value caml_string_greaterequal(value s1, value s2) + CAMLprim value caml_blit_string(value s1, value ofs1, value s2, value ofs2, + value n) + { +- memmove(&Byte(s2, Long_val(ofs2)), &Byte(s1, Long_val(ofs1)), Int_val(n)); ++ memmove(&Byte(s2, Long_val(ofs2)), &Byte(s1, Long_val(ofs1)), Long_val(n)); + return Val_unit; + } + +@@ -278,7 +278,7 @@ CAMLprim value caml_fill_string(value s, value offset, value len, value init) + + CAMLprim value caml_bitvect_test(value bv, value n) + { +- int pos = Int_val(n); ++ intnat pos = Long_val(n); + return Val_int(Byte_u(bv, pos >> 3) & (1 << (pos & 7))); + } + +-- +2.7.4 + -- cgit 1.4.1 From 4c6aa73b8f9a16130ae9546efd8fdcb99fc034d9 Mon Sep 17 00:00:00 2001 From: Roel Janssen Date: Wed, 27 Apr 2016 00:44:22 +0200 Subject: gnu: Add 4store. * gnu/packages/databases.scm (4store): New variable. * gnu/packages/patches/4store-fix-buildsystem.patch: New file. * gnu/local.mk (dist_patch_DATA): Add patch file entry. Signed-off-by: Leo Famulari --- gnu/local.mk | 1 + gnu/packages/databases.scm | 53 +++++++++++++++++++++ gnu/packages/patches/4store-fix-buildsystem.patch | 56 +++++++++++++++++++++++ 3 files changed, 110 insertions(+) create mode 100644 gnu/packages/patches/4store-fix-buildsystem.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index a8d156dd89..4a36bb5a36 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -403,6 +403,7 @@ GNU_SYSTEM_MODULES = \ patchdir = $(guilemoduledir)/gnu/packages/patches dist_patch_DATA = \ + gnu/packages/patches/4store-fix-buildsystem.patch \ gnu/packages/patches/abiword-explictly-cast-bools.patch \ gnu/packages/patches/abiword-wmf-version-lookup-fix.patch \ gnu/packages/patches/acl-hurd-path-max.patch \ diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm index 9aee7b796a..63ca754688 100644 --- a/gnu/packages/databases.scm +++ b/gnu/packages/databases.scm @@ -9,6 +9,7 @@ ;;; Copyright © 2015 Leo Famulari ;;; Copyright © 2016 Efraim Flashner ;;; Copyright © 2016 Nils Gillmann +;;; Copyright © 2016 Roel Janssen ;;; ;;; This file is part of GNU Guix. ;;; @@ -27,8 +28,12 @@ (define-module (gnu packages databases) #:use-module (gnu packages) + #:use-module (gnu packages autotools) + #:use-module (gnu packages avahi) #:use-module (gnu packages bash) #:use-module (gnu packages boost) + #:use-module (gnu packages gettext) + #:use-module (gnu packages glib) #:use-module (gnu packages perl) #:use-module (gnu packages language) #:use-module (gnu packages linux) @@ -40,9 +45,12 @@ #:use-module (gnu packages check) #:use-module (gnu packages algebra) #:use-module (gnu packages curl) + #:use-module (gnu packages cyrus-sasl) #:use-module (gnu packages gnupg) #:use-module (gnu packages python) #:use-module (gnu packages pcre) + #:use-module (gnu packages pkg-config) + #:use-module (gnu packages rdf) #:use-module (gnu packages xml) #:use-module (gnu packages bison) #:use-module (gnu packages jemalloc) @@ -58,6 +66,51 @@ #:use-module (srfi srfi-26) #:use-module (ice-9 match)) +(define-public 4store + (package + (name "4store") + (version "1.1.6") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/garlik/4store/archive/v" + version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 "004fmcf1w75zhc1x3zc6kc97j4jqn2v5nhk6yb3z3cpfrhzi9j50")) + (patches (list (search-patch "4store-fix-buildsystem.patch"))))) + (build-system gnu-build-system) + (native-inputs + `(("perl" ,perl) + ("python" ,python-2) + ("autoconf" ,autoconf) + ("automake" ,automake) + ("gettext" ,gnu-gettext) + ("libtool" ,libtool) + ("pkg-config" ,pkg-config))) + (inputs + `(("glib" ,glib) + ("rasqal" ,rasqal) + ("libxml2" ,libxml2) + ("raptor2" ,raptor2) + ("readline" ,readline) + ("avahi" ,avahi) + ("pcre" ,pcre) + ("cyrus-sasl" ,cyrus-sasl) + ("openssl" ,openssl) + ("util-linux" ,util-linux))) + (arguments + `(#:phases + (modify-phases %standard-phases + (add-before 'configure 'generate-configure + (lambda _ + (zero? (system* "./autogen.sh"))))))) + ;; http://www.4store.org has been down for a while now. + (home-page "https://github.com/garlik/4store") + (synopsis "Clustered RDF storage and query engine") + (description "4store is a RDF/SPARQL store written in C, supporting +either single machines or networked clusters.") + (license gpl3+))) + (define-public gdbm (package (name "gdbm") diff --git a/gnu/packages/patches/4store-fix-buildsystem.patch b/gnu/packages/patches/4store-fix-buildsystem.patch new file mode 100644 index 0000000000..383baa9461 --- /dev/null +++ b/gnu/packages/patches/4store-fix-buildsystem.patch @@ -0,0 +1,56 @@ +This patch sets a fixed version to avoid needing Git and the .git/ folder. +It also removes the creation of "/var/lib/4store", which is not available +during the install phase in GNU Guix. + +Patch by Roel Janssen +*** a/configure.ac Wed Feb 4 19:05:24 2015 +--- b/configure.ac Wed Mar 23 11:20:38 2016 +*************** +*** 2,13 **** + # Process this file with autoconf to produce a configure script. + + AC_PREREQ([2.50]) +! AC_INIT([4store], m4_esyscmd([./version.sh .version]), [http://4store.org/support/], [4store]) + AC_CONFIG_SRCDIR([src/backend/backend-intl.h]) +! AM_INIT_AUTOMAKE([1.7 std-options -Wall]) + AC_CONFIG_HEADERS(4store-config.h) + + # Checks for programs. + AC_PROG_LIBTOOL + AC_PROG_AWK + AC_PROG_CC +--- 2,14 ---- + # Process this file with autoconf to produce a configure script. + + AC_PREREQ([2.50]) +! AC_INIT([4store], [1.1.6], [http://4store.org/support/], [4store]) + AC_CONFIG_SRCDIR([src/backend/backend-intl.h]) +! AM_INIT_AUTOMAKE([1.7 std-options foreign -Wall]) + AC_CONFIG_HEADERS(4store-config.h) + + # Checks for programs. ++ AM_PROG_AR + AC_PROG_LIBTOOL + AC_PROG_AWK + AC_PROG_CC + +*** a/src/utilities/Makefile.am Wed Feb 4 19:05:24 2015 +--- b/src/utilities/Makefile.am Wed Mar 23 14:05:56 2016 +*************** +*** 13,20 **** + noinst_PROGRAMS = lex-file-verify 4s-rid + + install-data-local: +! mkdir -p $(DESTDIR)@FS_STORE_ROOT@ +! chmod 1777 $(DESTDIR)@FS_STORE_ROOT@ + + 4s_backend_destroy_SOURCES = backend-destroy.c + 4s_backend_destroy_LDADD = ../common/lib4sintl.a +--- 13,19 ---- + noinst_PROGRAMS = lex-file-verify 4s-rid + + install-data-local: +! echo "Please create the following directory: " $(DESTDIR)@FS_STORE_ROOT@ + + 4s_backend_destroy_SOURCES = backend-destroy.c + 4s_backend_destroy_LDADD = ../common/lib4sintl.a -- cgit 1.4.1 From 0a17fd7c0b82ac315b68c88e6f206e0051dcd661 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Tue, 3 May 2016 09:33:47 -0400 Subject: gnu: wpa-supplicant: Add fixes for CVE-2016-{4476,4477}. * gnu/packages/patches/wpa-supplicant-CVE-2016-4476.patch, gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch, gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt2.patch, gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt3.patch, gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch: New files. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/admin.scm (wpa-supplicant-minimal)[source]: Add patches. --- gnu/local.mk | 5 ++ gnu/packages/admin.scm | 7 +- .../patches/wpa-supplicant-CVE-2016-4476.patch | 82 ++++++++++++++++++++++ .../patches/wpa-supplicant-CVE-2016-4477-pt1.patch | 51 ++++++++++++++ .../patches/wpa-supplicant-CVE-2016-4477-pt2.patch | 82 ++++++++++++++++++++++ .../patches/wpa-supplicant-CVE-2016-4477-pt3.patch | 62 ++++++++++++++++ .../patches/wpa-supplicant-CVE-2016-4477-pt4.patch | 50 +++++++++++++ 7 files changed, 338 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/wpa-supplicant-CVE-2016-4476.patch create mode 100644 gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch create mode 100644 gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt2.patch create mode 100644 gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt3.patch create mode 100644 gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 4a36bb5a36..a01efa9224 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -794,6 +794,11 @@ dist_patch_DATA = \ gnu/packages/patches/wpa-supplicant-CVE-2015-5314.patch \ gnu/packages/patches/wpa-supplicant-CVE-2015-5315.patch \ gnu/packages/patches/wpa-supplicant-CVE-2015-5316.patch \ + gnu/packages/patches/wpa-supplicant-CVE-2016-4476.patch \ + gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch \ + gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt2.patch \ + gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt3.patch \ + gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch \ gnu/packages/patches/xdotool-fix-makefile.patch \ gnu/packages/patches/xf86-video-ark-remove-mibstore.patch \ gnu/packages/patches/xf86-video-ast-remove-mibstore.patch \ diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index 11a2d1622b..d815dfb8b5 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -874,7 +874,12 @@ commands and their arguments.") (search-patches "wpa-supplicant-CVE-2015-5310.patch" "wpa-supplicant-CVE-2015-5314.patch" "wpa-supplicant-CVE-2015-5315.patch" - "wpa-supplicant-CVE-2015-5316.patch")))) + "wpa-supplicant-CVE-2015-5316.patch" + "wpa-supplicant-CVE-2016-4476.patch" + "wpa-supplicant-CVE-2016-4477-pt1.patch" + "wpa-supplicant-CVE-2016-4477-pt2.patch" + "wpa-supplicant-CVE-2016-4477-pt3.patch" + "wpa-supplicant-CVE-2016-4477-pt4.patch")))) (build-system gnu-build-system) (arguments '(#:phases (alist-replace diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2016-4476.patch b/gnu/packages/patches/wpa-supplicant-CVE-2016-4476.patch new file mode 100644 index 0000000000..acad6be0a4 --- /dev/null +++ b/gnu/packages/patches/wpa-supplicant-CVE-2016-4476.patch @@ -0,0 +1,82 @@ +From ecbb0b3dc122b0d290987cf9c84010bbe53e1022 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Fri, 4 Mar 2016 17:20:18 +0200 +Subject: [PATCH 1/5] WPS: Reject a Credential with invalid passphrase + +WPA/WPA2-Personal passphrase is not allowed to include control +characters. Reject a Credential received from a WPS Registrar both as +STA (Credential) and AP (AP Settings) if the credential is for WPAPSK or +WPA2PSK authentication type and includes an invalid passphrase. + +This fixes an issue where hostapd or wpa_supplicant could have updated +the configuration file PSK/passphrase parameter with arbitrary data from +an external device (Registrar) that may not be fully trusted. Should +such data include a newline character, the resulting configuration file +could become invalid and fail to be parsed. + +Signed-off-by: Jouni Malinen +--- + src/utils/common.c | 12 ++++++++++++ + src/utils/common.h | 1 + + src/wps/wps_attr_process.c | 10 ++++++++++ + 3 files changed, 23 insertions(+) + +diff --git a/src/utils/common.c b/src/utils/common.c +index 450e2c6..27b7c02 100644 +--- a/src/utils/common.c ++++ b/src/utils/common.c +@@ -697,6 +697,18 @@ int is_hex(const u8 *data, size_t len) + } + + ++int has_ctrl_char(const u8 *data, size_t len) ++{ ++ size_t i; ++ ++ for (i = 0; i < len; i++) { ++ if (data[i] < 32 || data[i] == 127) ++ return 1; ++ } ++ return 0; ++} ++ ++ + size_t merge_byte_arrays(u8 *res, size_t res_len, + const u8 *src1, size_t src1_len, + const u8 *src2, size_t src2_len) +diff --git a/src/utils/common.h b/src/utils/common.h +index 701dbb2..a972240 100644 +--- a/src/utils/common.h ++++ b/src/utils/common.h +@@ -488,6 +488,7 @@ const char * wpa_ssid_txt(const u8 *ssid, size_t ssid_len); + + char * wpa_config_parse_string(const char *value, size_t *len); + int is_hex(const u8 *data, size_t len); ++int has_ctrl_char(const u8 *data, size_t len); + size_t merge_byte_arrays(u8 *res, size_t res_len, + const u8 *src1, size_t src1_len, + const u8 *src2, size_t src2_len); +diff --git a/src/wps/wps_attr_process.c b/src/wps/wps_attr_process.c +index eadb22f..e8c4579 100644 +--- a/src/wps/wps_attr_process.c ++++ b/src/wps/wps_attr_process.c +@@ -229,6 +229,16 @@ static int wps_workaround_cred_key(struct wps_credential *cred) + cred->key_len--; + #endif /* CONFIG_WPS_STRICT */ + } ++ ++ ++ if (cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK) && ++ (cred->key_len < 8 || has_ctrl_char(cred->key, cred->key_len))) { ++ wpa_printf(MSG_INFO, "WPS: Reject credential with invalid WPA/WPA2-Personal passphrase"); ++ wpa_hexdump_ascii_key(MSG_INFO, "WPS: Network Key", ++ cred->key, cred->key_len); ++ return -1; ++ } ++ + return 0; + } + +-- +1.9.1 + diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch new file mode 100644 index 0000000000..507a96e47c --- /dev/null +++ b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch @@ -0,0 +1,51 @@ +From 73e4abb24a936014727924d8b0b2965edfc117dd Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Fri, 4 Mar 2016 18:46:41 +0200 +Subject: [PATCH 2/5] Reject psk parameter set with invalid passphrase + character + +WPA/WPA2-Personal passphrase is not allowed to include control +characters. Reject a passphrase configuration attempt if that passphrase +includes an invalid passphrase. + +This fixes an issue where wpa_supplicant could have updated the +configuration file psk parameter with arbitrary data from the control +interface or D-Bus interface. While those interfaces are supposed to be +accessible only for trusted users/applications, it may be possible that +an untrusted user has access to a management software component that +does not validate the passphrase value before passing it to +wpa_supplicant. + +This could allow such an untrusted user to inject up to 63 characters of +almost arbitrary data into the configuration file. Such configuration +file could result in wpa_supplicant trying to load a library (e.g., +opensc_engine_path, pkcs11_engine_path, pkcs11_module_path, +load_dynamic_eap) from user controlled location when starting again. +This would allow code from that library to be executed under the +wpa_supplicant process privileges. + +Signed-off-by: Jouni Malinen +--- + wpa_supplicant/config.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c +index b1c7870..fdd9643 100644 +--- a/wpa_supplicant/config.c ++++ b/wpa_supplicant/config.c +@@ -478,6 +478,12 @@ static int wpa_config_parse_psk(const struct parse_data *data, + } + wpa_hexdump_ascii_key(MSG_MSGDUMP, "PSK (ASCII passphrase)", + (u8 *) value, len); ++ if (has_ctrl_char((u8 *) value, len)) { ++ wpa_printf(MSG_ERROR, ++ "Line %d: Invalid passphrase character", ++ line); ++ return -1; ++ } + if (ssid->passphrase && os_strlen(ssid->passphrase) == len && + os_memcmp(ssid->passphrase, value, len) == 0) { + /* No change to the previously configured value */ +-- +1.9.1 + diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt2.patch b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt2.patch new file mode 100644 index 0000000000..684d25de96 --- /dev/null +++ b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt2.patch @@ -0,0 +1,82 @@ +From 0fe5a234240a108b294a87174ad197f6b5cb38e9 Mon Sep 17 00:00:00 2001 +From: Paul Stewart +Date: Thu, 3 Mar 2016 15:40:19 -0800 +Subject: [PATCH 3/5] Remove newlines from wpa_supplicant config network + output + +Spurious newlines output while writing the config file can corrupt the +wpa_supplicant configuration. Avoid writing these for the network block +parameters. This is a generic filter that cover cases that may not have +been explicitly addressed with a more specific commit to avoid control +characters in the psk parameter. + +Signed-off-by: Paul Stewart +--- + src/utils/common.c | 11 +++++++++++ + src/utils/common.h | 1 + + wpa_supplicant/config.c | 15 +++++++++++++-- + 3 files changed, 25 insertions(+), 2 deletions(-) + +diff --git a/src/utils/common.c b/src/utils/common.c +index 27b7c02..9856463 100644 +--- a/src/utils/common.c ++++ b/src/utils/common.c +@@ -709,6 +709,17 @@ int has_ctrl_char(const u8 *data, size_t len) + } + + ++int has_newline(const char *str) ++{ ++ while (*str) { ++ if (*str == '\n' || *str == '\r') ++ return 1; ++ str++; ++ } ++ return 0; ++} ++ ++ + size_t merge_byte_arrays(u8 *res, size_t res_len, + const u8 *src1, size_t src1_len, + const u8 *src2, size_t src2_len) +diff --git a/src/utils/common.h b/src/utils/common.h +index a972240..d19927b 100644 +--- a/src/utils/common.h ++++ b/src/utils/common.h +@@ -489,6 +489,7 @@ const char * wpa_ssid_txt(const u8 *ssid, size_t ssid_len); + char * wpa_config_parse_string(const char *value, size_t *len); + int is_hex(const u8 *data, size_t len); + int has_ctrl_char(const u8 *data, size_t len); ++int has_newline(const char *str); + size_t merge_byte_arrays(u8 *res, size_t res_len, + const u8 *src1, size_t src1_len, + const u8 *src2, size_t src2_len); +diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c +index fdd9643..eb97cd5 100644 +--- a/wpa_supplicant/config.c ++++ b/wpa_supplicant/config.c +@@ -2699,8 +2699,19 @@ char * wpa_config_get(struct wpa_ssid *ssid, const char *var) + + for (i = 0; i < NUM_SSID_FIELDS; i++) { + const struct parse_data *field = &ssid_fields[i]; +- if (os_strcmp(var, field->name) == 0) +- return field->writer(field, ssid); ++ if (os_strcmp(var, field->name) == 0) { ++ char *ret = field->writer(field, ssid); ++ ++ if (ret && has_newline(ret)) { ++ wpa_printf(MSG_ERROR, ++ "Found newline in value for %s; not returning it", ++ var); ++ os_free(ret); ++ ret = NULL; ++ } ++ ++ return ret; ++ } + } + + return NULL; +-- +1.9.1 + diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt3.patch b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt3.patch new file mode 100644 index 0000000000..2dd38fee31 --- /dev/null +++ b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt3.patch @@ -0,0 +1,62 @@ +From b166cd84a77a6717be9600bf95378a0055d6f5a5 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Tue, 5 Apr 2016 23:33:10 +0300 +Subject: [PATCH 4/5] Reject SET_CRED commands with newline characters in the + string values + +Most of the cred block parameters are written as strings without +filtering and if there is an embedded newline character in the value, +unexpected configuration file data might be written. + +This fixes an issue where wpa_supplicant could have updated the +configuration file cred parameter with arbitrary data from the control +interface or D-Bus interface. While those interfaces are supposed to be +accessible only for trusted users/applications, it may be possible that +an untrusted user has access to a management software component that +does not validate the credential value before passing it to +wpa_supplicant. + +This could allow such an untrusted user to inject almost arbitrary data +into the configuration file. Such configuration file could result in +wpa_supplicant trying to load a library (e.g., opensc_engine_path, +pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user +controlled location when starting again. This would allow code from that +library to be executed under the wpa_supplicant process privileges. + +Signed-off-by: Jouni Malinen +--- + wpa_supplicant/config.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c +index eb97cd5..69152ef 100644 +--- a/wpa_supplicant/config.c ++++ b/wpa_supplicant/config.c +@@ -2896,6 +2896,8 @@ int wpa_config_set_cred(struct wpa_cred *cred, const char *var, + + if (os_strcmp(var, "password") == 0 && + os_strncmp(value, "ext:", 4) == 0) { ++ if (has_newline(value)) ++ return -1; + str_clear_free(cred->password); + cred->password = os_strdup(value); + cred->ext_password = 1; +@@ -2946,9 +2948,14 @@ int wpa_config_set_cred(struct wpa_cred *cred, const char *var, + } + + val = wpa_config_parse_string(value, &len); +- if (val == NULL) { ++ if (val == NULL || ++ (os_strcmp(var, "excluded_ssid") != 0 && ++ os_strcmp(var, "roaming_consortium") != 0 && ++ os_strcmp(var, "required_roaming_consortium") != 0 && ++ has_newline(val))) { + wpa_printf(MSG_ERROR, "Line %d: invalid field '%s' string " + "value '%s'.", line, var, value); ++ os_free(val); + return -1; + } + +-- +1.9.1 + diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch new file mode 100644 index 0000000000..5f42aa9219 --- /dev/null +++ b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch @@ -0,0 +1,50 @@ +From 2a3f56502b52375c3bf113cf92adfa99bad6b488 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Tue, 5 Apr 2016 23:55:48 +0300 +Subject: [PATCH 5/5] Reject SET commands with newline characters in the + string values + +Many of the global configuration parameters are written as strings +without filtering and if there is an embedded newline character in the +value, unexpected configuration file data might be written. + +This fixes an issue where wpa_supplicant could have updated the +configuration file global parameter with arbitrary data from the control +interface or D-Bus interface. While those interfaces are supposed to be +accessible only for trusted users/applications, it may be possible that +an untrusted user has access to a management software component that +does not validate the value of a parameter before passing it to +wpa_supplicant. + +This could allow such an untrusted user to inject almost arbitrary data +into the configuration file. Such configuration file could result in +wpa_supplicant trying to load a library (e.g., opensc_engine_path, +pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user +controlled location when starting again. This would allow code from that +library to be executed under the wpa_supplicant process privileges. + +Signed-off-by: Jouni Malinen +--- + wpa_supplicant/config.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c +index 69152ef..d9a1603 100644 +--- a/wpa_supplicant/config.c ++++ b/wpa_supplicant/config.c +@@ -3764,6 +3764,12 @@ static int wpa_global_config_parse_str(const struct global_parse_data *data, + return -1; + } + ++ if (has_newline(pos)) { ++ wpa_printf(MSG_ERROR, "Line %d: invalid %s value with newline", ++ line, data->name); ++ return -1; ++ } ++ + tmp = os_strdup(pos); + if (tmp == NULL) + return -1; +-- +1.9.1 + -- cgit 1.4.1