From 3c8ba11a97d3f3b671b8919da8c41f0b0e2ccaf3 Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Sun, 27 Aug 2017 22:27:56 -0400 Subject: Update e-mail for Kei Kebreau. * .mailmap: Map kei@openmailbox.org to current address. * gnu/local.mk: Replace kei@openmailbox.org to current address. * gnu/packages/backup.scm: Likewise. * gnu/packages/calendar.scm: Likewise. * gnu/packages/check.scm: Likewise. * gnu/packages/compression.scm: Likewise. * gnu/packages/documentation.scm: Likewise. * gnu/packages/emacs.scm: Likewise. * gnu/packages/fltk.scm: Likewise. * gnu/packages/freedesktop.scm: Likewise. * gnu/packages/game-development.scm: Likewise. * gnu/packages/games.scm: Likewise. * gnu/packages/gnome.scm: Likewise. * gnu/packages/gnustep.scm: Likewise. * gnu/packages/gtk.scm: Likewise. * gnu/packages/hexedit.scm: Likewise. * gnu/packages/image.scm: Likewise. * gnu/packages/maths.scm: Likewise. * gnu/packages/music.scm: Likewise. * gnu/packages/xfce.scm: Likewise. * gnu/packages/python.scm: Likewise. * gnu/packages/tcl.scm: Likewise. * gnu/packages/textutils.scm: Likewise. * gnu/packages/video.scm: Likewise. * gnu/packages/w3m.scm: Likewise. * gnu/packages/web.scm: Likewise. * gnu/packages/web-browsers.scm: Likewise. * gnu/packages/patches/wmfire-update-for-new-gdk-versions.patch: Likewise. --- gnu/local.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 2ff87dfa5c..10d4ab1143 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -4,7 +4,7 @@ # Copyright © 2016 Mathieu Lirzin # Copyright © 2013, 2014, 2015, 2016, 2017 Mark H Weaver # Copyright © 2016 Chris Marusich -# Copyright © 2016, 2017 Kei Kebreau +# Copyright © 2016, 2017 Kei Kebreau # Copyright © 2016, 2017 Rene Saavedra # Copyright © 2016 Adonay "adfeno" Felipe Nogueira # Copyright © 2016, 2017 Ricardo Wurmus -- cgit 1.4.1 From 799247d2d97c2f4ae281b35e091f587988fb699a Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Wed, 30 Aug 2017 17:12:23 +0200 Subject: gnu: multiqc: Update to 1.2. * gnu/packages/bioinformatics.scm (multiqc): Update to 1.2. [source]: Remove patches. [arguments]: Remove to enable tests. [propagated-inputs]: Add python-spectra, python-requests, python-markdown, python-lzstring. * gnu/packages/patches/multiqc-fix-git-subprocess-error.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/bioinformatics.scm | 13 ++++++------- .../patches/multiqc-fix-git-subprocess-error.patch | 16 ---------------- 3 files changed, 6 insertions(+), 24 deletions(-) delete mode 100644 gnu/packages/patches/multiqc-fix-git-subprocess-error.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 10d4ab1143..306a16911d 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -853,7 +853,6 @@ dist_patch_DATA = \ %D%/packages/patches/mozjs38-shell-version.patch \ %D%/packages/patches/mozjs38-tracelogger.patch \ %D%/packages/patches/mozjs38-version-detection.patch \ - %D%/packages/patches/multiqc-fix-git-subprocess-error.patch \ %D%/packages/patches/mumps-build-parallelism.patch \ %D%/packages/patches/mupdf-build-with-openjpeg-2.1.patch \ %D%/packages/patches/mupen64plus-ui-console-notice.patch \ diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm index c5157046ab..d0df0ee41a 100644 --- a/gnu/packages/bioinformatics.scm +++ b/gnu/packages/bioinformatics.scm @@ -8575,25 +8575,24 @@ replacement for strverscmp.") (define-public multiqc (package (name "multiqc") - (version "0.9") + (version "1.2") (source (origin (method url-fetch) (uri (pypi-uri "multiqc" version)) (sha256 (base32 - "12gs1jw2jrxrij529rnl5kaqxfcqn15yzcsggxkfhdx634ml0cny")) - (patches (search-patches "multiqc-fix-git-subprocess-error.patch")))) + "032svgym67k2ds7wp0cxzv79gi30yrdl45zbqn74lni3dk04qm33")))) (build-system python-build-system) - (arguments - ;; Tests are to be introduced in the next version, see - ;; https://github.com/ewels/MultiQC/issues/376 - `(#:tests? #f)) (propagated-inputs `(("python-jinja2" ,python-jinja2) ("python-simplejson" ,python-simplejson) ("python-pyyaml" ,python-pyyaml) ("python-click" ,python-click) + ("python-spectra" ,python-spectra) + ("python-requests" ,python-requests) + ("python-markdown" ,python-markdown) + ("python-lzstring" ,python-lzstring) ("python-matplotlib" ,python-matplotlib) ("python-numpy" ,python-numpy) ;; MultQC checks for the presence of nose at runtime. diff --git a/gnu/packages/patches/multiqc-fix-git-subprocess-error.patch b/gnu/packages/patches/multiqc-fix-git-subprocess-error.patch deleted file mode 100644 index 87be6142f4..0000000000 --- a/gnu/packages/patches/multiqc-fix-git-subprocess-error.patch +++ /dev/null @@ -1,16 +0,0 @@ -Without this patch, the incorrect exception is caught when 'git' is not in -PATH. See https://github.com/ewels/MultiQC/pull/377. - -diff --git a/multiqc/utils/config.py b/multiqc/utils/config.py -index 01fa554..4a11793 100755 ---- a/multiqc/utils/config.py -+++ b/multiqc/utils/config.py -@@ -28,7 +28,7 @@ try: - git_hash = subprocess.check_output(['git', 'rev-parse', 'HEAD'], stderr=subprocess.STDOUT) - git_hash_short = git_hash[:7] - version = '{} ({})'.format(version, git_hash_short) --except subprocess.CalledProcessError: -+except (subprocess.CalledProcessError, FileNotFoundError): - pass - os.chdir(cwd) - -- cgit 1.4.1 From 2de7d137b3c6f528acb540a6ab3460627f484b0a Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Wed, 30 Aug 2017 20:50:13 +0200 Subject: gnu: qemu: Update to 2.10.0. * gnu/packages/patches/qemu-CVE-2017-10664.patch, gnu/packages/patches/qemu-CVE-2017-10806.patch, gnu/packages/patches/qemu-CVE-2017-10911.patch, gnu/packages/patches/qemu-CVE-2017-11334.patch, gnu/packages/patches/qemu-CVE-2017-11434.patch, gnu/packages/patches/qemu-CVE-2017-12809.patch: gnu/packages/patches/qemu-CVE-2017-7493.patch, gnu/packages/patches/qemu-CVE-2017-8112.patch, gnu/packages/patches/qemu-CVE-2017-8309.patch, gnu/packages/patches/qemu-CVE-2017-8379.patch, gnu/packages/patches/qemu-CVE-2017-8380.patch, gnu/packages/patches/qemu-CVE-2017-9524.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/virtualization.scm (qemu): Update to 2.10.0. [source](patches): Remove. --- gnu/local.mk | 12 -- gnu/packages/patches/qemu-CVE-2017-10664.patch | 27 --- gnu/packages/patches/qemu-CVE-2017-10806.patch | 38 ---- gnu/packages/patches/qemu-CVE-2017-10911.patch | 106 --------- gnu/packages/patches/qemu-CVE-2017-11334.patch | 52 ----- gnu/packages/patches/qemu-CVE-2017-11434.patch | 25 --- gnu/packages/patches/qemu-CVE-2017-12809.patch | 38 ---- gnu/packages/patches/qemu-CVE-2017-7493.patch | 182 ---------------- gnu/packages/patches/qemu-CVE-2017-8112.patch | 41 ---- gnu/packages/patches/qemu-CVE-2017-8309.patch | 46 ---- gnu/packages/patches/qemu-CVE-2017-8379.patch | 98 --------- gnu/packages/patches/qemu-CVE-2017-8380.patch | 53 ----- gnu/packages/patches/qemu-CVE-2017-9524.patch | 287 ------------------------- gnu/packages/virtualization.scm | 18 +- 14 files changed, 3 insertions(+), 1020 deletions(-) delete mode 100644 gnu/packages/patches/qemu-CVE-2017-10664.patch delete mode 100644 gnu/packages/patches/qemu-CVE-2017-10806.patch delete mode 100644 gnu/packages/patches/qemu-CVE-2017-10911.patch delete mode 100644 gnu/packages/patches/qemu-CVE-2017-11334.patch delete mode 100644 gnu/packages/patches/qemu-CVE-2017-11434.patch delete mode 100644 gnu/packages/patches/qemu-CVE-2017-12809.patch delete mode 100644 gnu/packages/patches/qemu-CVE-2017-7493.patch delete mode 100644 gnu/packages/patches/qemu-CVE-2017-8112.patch delete mode 100644 gnu/packages/patches/qemu-CVE-2017-8309.patch delete mode 100644 gnu/packages/patches/qemu-CVE-2017-8379.patch delete mode 100644 gnu/packages/patches/qemu-CVE-2017-8380.patch delete mode 100644 gnu/packages/patches/qemu-CVE-2017-9524.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 306a16911d..9207966859 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -971,18 +971,6 @@ dist_patch_DATA = \ %D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \ %D%/packages/patches/python-pygpgme-fix-pinentry-tests.patch \ %D%/packages/patches/python2-subprocess32-disable-input-test.patch \ - %D%/packages/patches/qemu-CVE-2017-7493.patch \ - %D%/packages/patches/qemu-CVE-2017-8112.patch \ - %D%/packages/patches/qemu-CVE-2017-8309.patch \ - %D%/packages/patches/qemu-CVE-2017-8379.patch \ - %D%/packages/patches/qemu-CVE-2017-8380.patch \ - %D%/packages/patches/qemu-CVE-2017-9524.patch \ - %D%/packages/patches/qemu-CVE-2017-10664.patch \ - %D%/packages/patches/qemu-CVE-2017-10806.patch \ - %D%/packages/patches/qemu-CVE-2017-10911.patch \ - %D%/packages/patches/qemu-CVE-2017-11334.patch \ - %D%/packages/patches/qemu-CVE-2017-11434.patch \ - %D%/packages/patches/qemu-CVE-2017-12809.patch \ %D%/packages/patches/qt4-ldflags.patch \ %D%/packages/patches/qtscript-disable-tests.patch \ %D%/packages/patches/quagga-reproducible-build.patch \ diff --git a/gnu/packages/patches/qemu-CVE-2017-10664.patch b/gnu/packages/patches/qemu-CVE-2017-10664.patch deleted file mode 100644 index 2b60de3dca..0000000000 --- a/gnu/packages/patches/qemu-CVE-2017-10664.patch +++ /dev/null @@ -1,27 +0,0 @@ -Fix CVE-2017-10664: - -https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02693.html -https://bugzilla.redhat.com/show_bug.cgi?id=1466190 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10664 -https://security-tracker.debian.org/tracker/CVE-2017-10664 - -Patch copied from upstream source repository: - -https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commitdiff;h=041e32b8d9d076980b4e35317c0339e57ab888f1 - -diff --git a/qemu-nbd.c b/qemu-nbd.c -index 9464a0461c..4dd3fd4732 100644 ---- a/qemu-nbd.c -+++ b/qemu-nbd.c -@@ -581,6 +581,10 @@ int main(int argc, char **argv) - sa_sigterm.sa_handler = termsig_handler; - sigaction(SIGTERM, &sa_sigterm, NULL); - -+#ifdef CONFIG_POSIX -+ signal(SIGPIPE, SIG_IGN); -+#endif -+ - module_call_init(MODULE_INIT_TRACE); - qcrypto_init(&error_fatal); - - diff --git a/gnu/packages/patches/qemu-CVE-2017-10806.patch b/gnu/packages/patches/qemu-CVE-2017-10806.patch deleted file mode 100644 index ebf782fe7b..0000000000 --- a/gnu/packages/patches/qemu-CVE-2017-10806.patch +++ /dev/null @@ -1,38 +0,0 @@ -Fix CVE-2017-10806: - -https://lists.nongnu.org/archive/html/qemu-devel/2017-05/msg03087.html -https://bugzilla.redhat.com/show_bug.cgi?id=1468496 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10806 -https://security-tracker.debian.org/tracker/CVE-2017-10806 - -Patch copied from upstream source repository: - -https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=bd4a683505b27adc1ac809f71e918e58573d851d - -diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c -index b001a27f05..ad5ef783a6 100644 ---- a/hw/usb/redirect.c -+++ b/hw/usb/redirect.c -@@ -229,21 +229,10 @@ static void usbredir_log(void *priv, int level, const char *msg) - static void usbredir_log_data(USBRedirDevice *dev, const char *desc, - const uint8_t *data, int len) - { -- int i, j, n; -- - if (dev->debug < usbredirparser_debug_data) { - return; - } -- -- for (i = 0; i < len; i += j) { -- char buf[128]; -- -- n = sprintf(buf, "%s", desc); -- for (j = 0; j < 8 && i + j < len; j++) { -- n += sprintf(buf + n, " %02X", data[i + j]); -- } -- error_report("%s", buf); -- } -+ qemu_hexdump((char *)data, stderr, desc, len); - } - - /* diff --git a/gnu/packages/patches/qemu-CVE-2017-10911.patch b/gnu/packages/patches/qemu-CVE-2017-10911.patch deleted file mode 100644 index 1dcb860a2d..0000000000 --- a/gnu/packages/patches/qemu-CVE-2017-10911.patch +++ /dev/null @@ -1,106 +0,0 @@ -Fix CVE-2017-10911: - -https://xenbits.xen.org/xsa/advisory-216.html -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10911 -https://security-tracker.debian.org/tracker/CVE-2017-10911 - -Patch copied from Xen Security Advisory: - -https://xenbits.xen.org/xsa/xsa216-qemuu.patch - ---- a/hw/block/xen_blkif.h -+++ b/hw/block/xen_blkif.h -@@ -14,9 +14,6 @@ - struct blkif_common_request { - char dummy; - }; --struct blkif_common_response { -- char dummy; --}; - - /* i386 protocol version */ - #pragma pack(push, 4) -@@ -36,13 +33,7 @@ struct blkif_x86_32_request_discard { - blkif_sector_t sector_number; /* start sector idx on disk (r/w only) */ - uint64_t nr_sectors; /* # of contiguous sectors to discard */ - }; --struct blkif_x86_32_response { -- uint64_t id; /* copied from request */ -- uint8_t operation; /* copied from request */ -- int16_t status; /* BLKIF_RSP_??? */ --}; - typedef struct blkif_x86_32_request blkif_x86_32_request_t; --typedef struct blkif_x86_32_response blkif_x86_32_response_t; - #pragma pack(pop) - - /* x86_64 protocol version */ -@@ -62,20 +53,14 @@ struct blkif_x86_64_request_discard { - blkif_sector_t sector_number; /* start sector idx on disk (r/w only) */ - uint64_t nr_sectors; /* # of contiguous sectors to discard */ - }; --struct blkif_x86_64_response { -- uint64_t __attribute__((__aligned__(8))) id; -- uint8_t operation; /* copied from request */ -- int16_t status; /* BLKIF_RSP_??? */ --}; - typedef struct blkif_x86_64_request blkif_x86_64_request_t; --typedef struct blkif_x86_64_response blkif_x86_64_response_t; - - DEFINE_RING_TYPES(blkif_common, struct blkif_common_request, -- struct blkif_common_response); -+ struct blkif_response); - DEFINE_RING_TYPES(blkif_x86_32, struct blkif_x86_32_request, -- struct blkif_x86_32_response); -+ struct blkif_response QEMU_PACKED); - DEFINE_RING_TYPES(blkif_x86_64, struct blkif_x86_64_request, -- struct blkif_x86_64_response); -+ struct blkif_response); - - union blkif_back_rings { - blkif_back_ring_t native; ---- a/hw/block/xen_disk.c -+++ b/hw/block/xen_disk.c -@@ -769,31 +769,30 @@ static int blk_send_response_one(struct - struct XenBlkDev *blkdev = ioreq->blkdev; - int send_notify = 0; - int have_requests = 0; -- blkif_response_t resp; -- void *dst; -- -- resp.id = ioreq->req.id; -- resp.operation = ioreq->req.operation; -- resp.status = ioreq->status; -+ blkif_response_t *resp; - - /* Place on the response ring for the relevant domain. */ - switch (blkdev->protocol) { - case BLKIF_PROTOCOL_NATIVE: -- dst = RING_GET_RESPONSE(&blkdev->rings.native, blkdev->rings.native.rsp_prod_pvt); -+ resp = RING_GET_RESPONSE(&blkdev->rings.native, -+ blkdev->rings.native.rsp_prod_pvt); - break; - case BLKIF_PROTOCOL_X86_32: -- dst = RING_GET_RESPONSE(&blkdev->rings.x86_32_part, -- blkdev->rings.x86_32_part.rsp_prod_pvt); -+ resp = RING_GET_RESPONSE(&blkdev->rings.x86_32_part, -+ blkdev->rings.x86_32_part.rsp_prod_pvt); - break; - case BLKIF_PROTOCOL_X86_64: -- dst = RING_GET_RESPONSE(&blkdev->rings.x86_64_part, -- blkdev->rings.x86_64_part.rsp_prod_pvt); -+ resp = RING_GET_RESPONSE(&blkdev->rings.x86_64_part, -+ blkdev->rings.x86_64_part.rsp_prod_pvt); - break; - default: -- dst = NULL; - return 0; - } -- memcpy(dst, &resp, sizeof(resp)); -+ -+ resp->id = ioreq->req.id; -+ resp->operation = ioreq->req.operation; -+ resp->status = ioreq->status; -+ - blkdev->rings.common.rsp_prod_pvt++; - - RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&blkdev->rings.common, send_notify); diff --git a/gnu/packages/patches/qemu-CVE-2017-11334.patch b/gnu/packages/patches/qemu-CVE-2017-11334.patch deleted file mode 100644 index cb68c803aa..0000000000 --- a/gnu/packages/patches/qemu-CVE-2017-11334.patch +++ /dev/null @@ -1,52 +0,0 @@ -Fix CVE-2017-11334: - -https://bugzilla.redhat.com/show_bug.cgi?id=1471638 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11334 - -Patch copied from upstream source repository: - -http://git.qemu.org/?p=qemu.git;a=commitdiff;h=04bf2526ce87f21b32c9acba1c5518708c243ad0 - -From 04bf2526ce87f21b32c9acba1c5518708c243ad0 Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit -Date: Wed, 12 Jul 2017 18:08:40 +0530 -Subject: [PATCH] exec: use qemu_ram_ptr_length to access guest ram - -When accessing guest's ram block during DMA operation, use -'qemu_ram_ptr_length' to get ram block pointer. It ensures -that DMA operation of given length is possible; And avoids -any OOB memory access situations. - -Reported-by: Alex -Signed-off-by: Prasad J Pandit -Message-Id: <20170712123840.29328-1-ppandit@redhat.com> -Signed-off-by: Paolo Bonzini ---- - exec.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/exec.c b/exec.c -index a083ff89ad..ad103ce483 100644 ---- a/exec.c -+++ b/exec.c -@@ -2929,7 +2929,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr, - } - } else { - /* RAM case */ -- ptr = qemu_map_ram_ptr(mr->ram_block, addr1); -+ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l); - memcpy(ptr, buf, l); - invalidate_and_set_dirty(mr, addr1, l); - } -@@ -3020,7 +3020,7 @@ MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr, - } - } else { - /* RAM case */ -- ptr = qemu_map_ram_ptr(mr->ram_block, addr1); -+ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l); - memcpy(buf, ptr, l); - } - --- -2.13.3 - diff --git a/gnu/packages/patches/qemu-CVE-2017-11434.patch b/gnu/packages/patches/qemu-CVE-2017-11434.patch deleted file mode 100644 index 4da701a73d..0000000000 --- a/gnu/packages/patches/qemu-CVE-2017-11434.patch +++ /dev/null @@ -1,25 +0,0 @@ -Fix CVE-2017-11434: - -https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg05001.html -https://bugzilla.redhat.com/show_bug.cgi?id=1472611 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11434 -https://security-tracker.debian.org/tracker/CVE-2017-11434 - -Patch copied from upstream source repository: - -https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=413d463f43fbc4dd3a601e80a5724aa384a265a0 - -diff --git a/slirp/bootp.c b/slirp/bootp.c -index 5a4646c182..5dd1a415b5 100644 ---- a/slirp/bootp.c -+++ b/slirp/bootp.c -@@ -123,6 +123,9 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type, - if (p >= p_end) - break; - len = *p++; -+ if (p + len > p_end) { -+ break; -+ } - DPRINTF("dhcp: tag=%d len=%d\n", tag, len); - - switch(tag) { diff --git a/gnu/packages/patches/qemu-CVE-2017-12809.patch b/gnu/packages/patches/qemu-CVE-2017-12809.patch deleted file mode 100644 index e40a14b4e0..0000000000 --- a/gnu/packages/patches/qemu-CVE-2017-12809.patch +++ /dev/null @@ -1,38 +0,0 @@ -http://openwall.com/lists/oss-security/2017/08/21/2 -https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01850.html - -The block backend changed in a way that flushing empty CDROM drives now -crashes. Amend IDE to avoid doing so until the root problem can be -addressed for 2.11. - -Original patch by John Snow . - -Reported-by: Kieron Shorrock -Signed-off-by: Stefan Hajnoczi ---- - hw/ide/core.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/hw/ide/core.c b/hw/ide/core.c -index 0b48b64d3a..bea39536b0 100644 ---- a/hw/ide/core.c -+++ b/hw/ide/core.c -@@ -1063,7 +1063,15 @@ static void ide_flush_cache(IDEState *s) - s->status |= BUSY_STAT; - ide_set_retry(s); - block_acct_start(blk_get_stats(s->blk), &s->acct, 0, BLOCK_ACCT_FLUSH); -- s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s); -+ -+ if (blk_bs(s->blk)) { -+ s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s); -+ } else { -+ /* XXX blk_aio_flush() crashes when blk_bs(blk) is NULL, remove this -+ * temporary workaround when blk_aio_*() functions handle NULL blk_bs. -+ */ -+ ide_flush_cb(s, 0); -+ } - } - - static void ide_cfata_metadata_inquiry(IDEState *s) --- -2.13.3 diff --git a/gnu/packages/patches/qemu-CVE-2017-7493.patch b/gnu/packages/patches/qemu-CVE-2017-7493.patch deleted file mode 100644 index 67b26fad81..0000000000 --- a/gnu/packages/patches/qemu-CVE-2017-7493.patch +++ /dev/null @@ -1,182 +0,0 @@ -Fix CVE-2017-7493: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7493 - -Patch copied from upstream source repository: - -http://git.qemu.org/?p=qemu.git;a=commit;h=7a95434e0ca8a037fd8aa1a2e2461f92585eb77b - -From 7a95434e0ca8a037fd8aa1a2e2461f92585eb77b Mon Sep 17 00:00:00 2001 -From: Greg Kurz -Date: Fri, 5 May 2017 14:48:08 +0200 -Subject: [PATCH] 9pfs: local: forbid client access to metadata (CVE-2017-7493) - -When using the mapped-file security mode, we shouldn't let the client mess -with the metadata. The current code already tries to hide the metadata dir -from the client by skipping it in local_readdir(). But the client can still -access or modify it through several other operations. This can be used to -escalate privileges in the guest. - -Affected backend operations are: -- local_mknod() -- local_mkdir() -- local_open2() -- local_symlink() -- local_link() -- local_unlinkat() -- local_renameat() -- local_rename() -- local_name_to_path() - -Other operations are safe because they are only passed a fid path, which -is computed internally in local_name_to_path(). - -This patch converts all the functions listed above to fail and return -EINVAL when being passed the name of the metadata dir. This may look -like a poor choice for errno, but there's no such thing as an illegal -path name on Linux and I could not think of anything better. - -This fixes CVE-2017-7493. - -Reported-by: Leo Gaspard -Signed-off-by: Greg Kurz -Reviewed-by: Eric Blake ---- - hw/9pfs/9p-local.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 56 insertions(+), 2 deletions(-) - -diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c -index f3ebca4f7a..a2486566af 100644 ---- a/hw/9pfs/9p-local.c -+++ b/hw/9pfs/9p-local.c -@@ -452,6 +452,11 @@ static off_t local_telldir(FsContext *ctx, V9fsFidOpenState *fs) - return telldir(fs->dir.stream); - } - -+static bool local_is_mapped_file_metadata(FsContext *fs_ctx, const char *name) -+{ -+ return !strcmp(name, VIRTFS_META_DIR); -+} -+ - static struct dirent *local_readdir(FsContext *ctx, V9fsFidOpenState *fs) - { - struct dirent *entry; -@@ -465,8 +470,8 @@ again: - if (ctx->export_flags & V9FS_SM_MAPPED) { - entry->d_type = DT_UNKNOWN; - } else if (ctx->export_flags & V9FS_SM_MAPPED_FILE) { -- if (!strcmp(entry->d_name, VIRTFS_META_DIR)) { -- /* skp the meta data directory */ -+ if (local_is_mapped_file_metadata(ctx, entry->d_name)) { -+ /* skip the meta data directory */ - goto again; - } - entry->d_type = DT_UNKNOWN; -@@ -559,6 +564,12 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir_path, - int err = -1; - int dirfd; - -+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(fs_ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - dirfd = local_opendir_nofollow(fs_ctx, dir_path->data); - if (dirfd == -1) { - return -1; -@@ -605,6 +616,12 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir_path, - int err = -1; - int dirfd; - -+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(fs_ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - dirfd = local_opendir_nofollow(fs_ctx, dir_path->data); - if (dirfd == -1) { - return -1; -@@ -694,6 +711,12 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir_path, const char *name, - int err = -1; - int dirfd; - -+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(fs_ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - /* - * Mark all the open to not follow symlinks - */ -@@ -752,6 +775,12 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath, - int err = -1; - int dirfd; - -+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(fs_ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - dirfd = local_opendir_nofollow(fs_ctx, dir_path->data); - if (dirfd == -1) { - return -1; -@@ -826,6 +855,12 @@ static int local_link(FsContext *ctx, V9fsPath *oldpath, - int ret = -1; - int odirfd, ndirfd; - -+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - odirfd = local_opendir_nofollow(ctx, odirpath); - if (odirfd == -1) { - goto out; -@@ -1096,6 +1131,12 @@ static int local_lremovexattr(FsContext *ctx, V9fsPath *fs_path, - static int local_name_to_path(FsContext *ctx, V9fsPath *dir_path, - const char *name, V9fsPath *target) - { -+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - if (dir_path) { - v9fs_path_sprintf(target, "%s/%s", dir_path->data, name); - } else if (strcmp(name, "/")) { -@@ -1116,6 +1157,13 @@ static int local_renameat(FsContext *ctx, V9fsPath *olddir, - int ret; - int odirfd, ndirfd; - -+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ (local_is_mapped_file_metadata(ctx, old_name) || -+ local_is_mapped_file_metadata(ctx, new_name))) { -+ errno = EINVAL; -+ return -1; -+ } -+ - odirfd = local_opendir_nofollow(ctx, olddir->data); - if (odirfd == -1) { - return -1; -@@ -1206,6 +1254,12 @@ static int local_unlinkat(FsContext *ctx, V9fsPath *dir, - int ret; - int dirfd; - -+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - dirfd = local_opendir_nofollow(ctx, dir->data); - if (dirfd == -1) { - return -1; --- -2.13.0 - diff --git a/gnu/packages/patches/qemu-CVE-2017-8112.patch b/gnu/packages/patches/qemu-CVE-2017-8112.patch deleted file mode 100644 index 88b33aa2f0..0000000000 --- a/gnu/packages/patches/qemu-CVE-2017-8112.patch +++ /dev/null @@ -1,41 +0,0 @@ -Fix CVE-2017-8112: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8112 - -Patch copied from upstream source repository: - -http://git.qemu.org/?p=qemu.git;a=commitdiff;h=f68826989cd4d1217797251339579c57b3c0934e - -From f68826989cd4d1217797251339579c57b3c0934e Mon Sep 17 00:00:00 2001 -From: P J P -Date: Tue, 25 Apr 2017 18:36:23 +0530 -Subject: [PATCH] vmw_pvscsi: check message ring page count at initialisation - -A guest could set the message ring page count to zero, resulting in -infinite loop. Add check to avoid it. - -Reported-by: YY Z -Signed-off-by: P J P -Message-Id: <20170425130623.3649-1-ppandit@redhat.com> -Reviewed-by: Dmitry Fleytman -Signed-off-by: Paolo Bonzini ---- - hw/scsi/vmw_pvscsi.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c -index 75575461e2..4a106da856 100644 ---- a/hw/scsi/vmw_pvscsi.c -+++ b/hw/scsi/vmw_pvscsi.c -@@ -202,7 +202,7 @@ pvscsi_ring_init_msg(PVSCSIRingInfo *m, PVSCSICmdDescSetupMsgRing *ri) - uint32_t len_log2; - uint32_t ring_size; - -- if (ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) { -+ if (!ri->numPages || ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) { - return -1; - } - ring_size = ri->numPages * PVSCSI_MAX_NUM_MSG_ENTRIES_PER_PAGE; --- -2.13.0 - diff --git a/gnu/packages/patches/qemu-CVE-2017-8309.patch b/gnu/packages/patches/qemu-CVE-2017-8309.patch deleted file mode 100644 index dc4b4006b7..0000000000 --- a/gnu/packages/patches/qemu-CVE-2017-8309.patch +++ /dev/null @@ -1,46 +0,0 @@ -Fix CVE-2017-8309: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8309 - -Patch copied from upstream source repository: - -http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3268a845f41253fb55852a8429c32b50f36f349a - -From 3268a845f41253fb55852a8429c32b50f36f349a Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Fri, 28 Apr 2017 09:56:12 +0200 -Subject: [PATCH] audio: release capture buffers - -AUD_add_capture() allocates two buffers which are never released. -Add the missing calls to AUD_del_capture(). - -Impact: Allows vnc clients to exhaust host memory by repeatedly -starting and stopping audio capture. - -Fixes: CVE-2017-8309 -Cc: P J P -Cc: Huawei PSIRT -Reported-by: "Jiangxin (hunter, SCC)" -Signed-off-by: Gerd Hoffmann -Reviewed-by: Prasad J Pandit -Message-id: 20170428075612.9997-1-kraxel@redhat.com ---- - audio/audio.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/audio/audio.c b/audio/audio.c -index c8898d8422..beafed209b 100644 ---- a/audio/audio.c -+++ b/audio/audio.c -@@ -2028,6 +2028,8 @@ void AUD_del_capture (CaptureVoiceOut *cap, void *cb_opaque) - sw = sw1; - } - QLIST_REMOVE (cap, entries); -+ g_free (cap->hw.mix_buf); -+ g_free (cap->buf); - g_free (cap); - } - return; --- -2.13.0 - diff --git a/gnu/packages/patches/qemu-CVE-2017-8379.patch b/gnu/packages/patches/qemu-CVE-2017-8379.patch deleted file mode 100644 index 200b133d3e..0000000000 --- a/gnu/packages/patches/qemu-CVE-2017-8379.patch +++ /dev/null @@ -1,98 +0,0 @@ -Fix CVE-2017-8379: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8379 - -Patch copied from upstream source repository: - -http://git.qemu.org/?p=qemu.git;a=commitdiff;h=fa18f36a461984eae50ab957e47ec78dae3c14fc - -From fa18f36a461984eae50ab957e47ec78dae3c14fc Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Fri, 28 Apr 2017 10:42:37 +0200 -Subject: [PATCH] input: limit kbd queue depth - -Apply a limit to the number of items we accept into the keyboard queue. - -Impact: Without this limit vnc clients can exhaust host memory by -sending keyboard events faster than qemu feeds them to the guest. - -Fixes: CVE-2017-8379 -Cc: P J P -Cc: Huawei PSIRT -Reported-by: jiangxin1@huawei.com -Signed-off-by: Gerd Hoffmann -Message-id: 20170428084237.23960-1-kraxel@redhat.com ---- - ui/input.c | 14 +++++++++++--- - 1 file changed, 11 insertions(+), 3 deletions(-) - -diff --git a/ui/input.c b/ui/input.c -index ed88cda6d6..fb1f404095 100644 ---- a/ui/input.c -+++ b/ui/input.c -@@ -41,6 +41,8 @@ static QTAILQ_HEAD(QemuInputEventQueueHead, QemuInputEventQueue) kbd_queue = - QTAILQ_HEAD_INITIALIZER(kbd_queue); - static QEMUTimer *kbd_timer; - static uint32_t kbd_default_delay_ms = 10; -+static uint32_t queue_count; -+static uint32_t queue_limit = 1024; - - QemuInputHandlerState *qemu_input_handler_register(DeviceState *dev, - QemuInputHandler *handler) -@@ -268,6 +270,7 @@ static void qemu_input_queue_process(void *opaque) - break; - } - QTAILQ_REMOVE(queue, item, node); -+ queue_count--; - g_free(item); - } - } -@@ -282,6 +285,7 @@ static void qemu_input_queue_delay(struct QemuInputEventQueueHead *queue, - item->delay_ms = delay_ms; - item->timer = timer; - QTAILQ_INSERT_TAIL(queue, item, node); -+ queue_count++; - - if (start_timer) { - timer_mod(item->timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) -@@ -298,6 +302,7 @@ static void qemu_input_queue_event(struct QemuInputEventQueueHead *queue, - item->src = src; - item->evt = evt; - QTAILQ_INSERT_TAIL(queue, item, node); -+ queue_count++; - } - - static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue) -@@ -306,6 +311,7 @@ static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue) - - item->type = QEMU_INPUT_QUEUE_SYNC; - QTAILQ_INSERT_TAIL(queue, item, node); -+ queue_count++; - } - - void qemu_input_event_send_impl(QemuConsole *src, InputEvent *evt) -@@ -381,7 +387,7 @@ void qemu_input_event_send_key(QemuConsole *src, KeyValue *key, bool down) - qemu_input_event_send(src, evt); - qemu_input_event_sync(); - qapi_free_InputEvent(evt); -- } else { -+ } else if (queue_count < queue_limit) { - qemu_input_queue_event(&kbd_queue, src, evt); - qemu_input_queue_sync(&kbd_queue); - } -@@ -409,8 +415,10 @@ void qemu_input_event_send_key_delay(uint32_t delay_ms) - kbd_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, qemu_input_queue_process, - &kbd_queue); - } -- qemu_input_queue_delay(&kbd_queue, kbd_timer, -- delay_ms ? delay_ms : kbd_default_delay_ms); -+ if (queue_count < queue_limit) { -+ qemu_input_queue_delay(&kbd_queue, kbd_timer, -+ delay_ms ? delay_ms : kbd_default_delay_ms); -+ } - } - - InputEvent *qemu_input_event_new_btn(InputButton btn, bool down) --- -2.13.0 - diff --git a/gnu/packages/patches/qemu-CVE-2017-8380.patch b/gnu/packages/patches/qemu-CVE-2017-8380.patch deleted file mode 100644 index 65e49fc885..0000000000 --- a/gnu/packages/patches/qemu-CVE-2017-8380.patch +++ /dev/null @@ -1,53 +0,0 @@ -Fix CVE-2017-8380: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8380 - -Patch copied from upstream source repository: - -http://git.qemu.org/?p=qemu.git;a=commitdiff;h=24dfa9fa2f90a95ac33c7372de4f4f2c8a2c141f - -From 24dfa9fa2f90a95ac33c7372de4f4f2c8a2c141f Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit -Date: Mon, 24 Apr 2017 17:36:34 +0530 -Subject: [PATCH] scsi: avoid an off-by-one error in megasas_mmio_write - -While reading magic sequence(MFI_SEQ) in megasas_mmio_write, -an off-by-one error could occur as 's->adp_reset' index is not -reset after reading the last sequence. - -Reported-by: YY Z -Signed-off-by: Prasad J Pandit -Message-Id: <20170424120634.12268-1-ppandit@redhat.com> -Signed-off-by: Paolo Bonzini ---- - hw/scsi/megasas.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c -index 84b8caf901..804122ab05 100644 ---- a/hw/scsi/megasas.c -+++ b/hw/scsi/megasas.c -@@ -2138,15 +2138,15 @@ static void megasas_mmio_write(void *opaque, hwaddr addr, - case MFI_SEQ: - trace_megasas_mmio_writel("MFI_SEQ", val); - /* Magic sequence to start ADP reset */ -- if (adp_reset_seq[s->adp_reset] == val) { -- s->adp_reset++; -+ if (adp_reset_seq[s->adp_reset++] == val) { -+ if (s->adp_reset == 6) { -+ s->adp_reset = 0; -+ s->diag = MFI_DIAG_WRITE_ENABLE; -+ } - } else { - s->adp_reset = 0; - s->diag = 0; - } -- if (s->adp_reset == 6) { -- s->diag = MFI_DIAG_WRITE_ENABLE; -- } - break; - case MFI_DIAG: - trace_megasas_mmio_writel("MFI_DIAG", val); --- -2.13.0 - diff --git a/gnu/packages/patches/qemu-CVE-2017-9524.patch b/gnu/packages/patches/qemu-CVE-2017-9524.patch deleted file mode 100644 index 57160055e3..0000000000 --- a/gnu/packages/patches/qemu-CVE-2017-9524.patch +++ /dev/null @@ -1,287 +0,0 @@ -Fix CVE-2017-9524: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9524 -http://seclists.org/oss-sec/2017/q2/454 - -Patches copied from upstream source repository: - -http://git.qemu.org/?p=qemu.git;a=commitdiff;h=df8ad9f128c15aa0a0ebc7b24e9a22c9775b67af -http://git.qemu.org/?p=qemu.git;a=commitdiff;h=0c9390d978cbf61e8f16c9f580fa96b305c43568 - -From df8ad9f128c15aa0a0ebc7b24e9a22c9775b67af Mon Sep 17 00:00:00 2001 -From: Eric Blake -Date: Fri, 26 May 2017 22:04:21 -0500 -Subject: [PATCH] nbd: Fully initialize client in case of failed negotiation - -If a non-NBD client connects to qemu-nbd, we would end up with -a SIGSEGV in nbd_client_put() because we were trying to -unregister the client's association to the export, even though -we skipped inserting the client into that list. Easy trigger -in two terminals: - -$ qemu-nbd -p 30001 --format=raw file -$ nmap 127.0.0.1 -p 30001 - -nmap claims that it thinks it connected to a pago-services1 -server (which probably means nmap could be updated to learn the -NBD protocol and give a more accurate diagnosis of the open -port - but that's not our problem), then terminates immediately, -so our call to nbd_negotiate() fails. The fix is to reorder -nbd_co_client_start() to ensure that all initialization occurs -before we ever try talking to a client in nbd_negotiate(), so -that the teardown sequence on negotiation failure doesn't fault -while dereferencing a half-initialized object. - -While debugging this, I also noticed that nbd_update_server_watch() -called by nbd_client_closed() was still adding a channel to accept -the next client, even when the state was no longer RUNNING. That -is fixed by making nbd_can_accept() pay attention to the current -state. - -Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614 - -Signed-off-by: Eric Blake -Message-Id: <20170527030421.28366-1-eblake@redhat.com> -Signed-off-by: Paolo Bonzini ---- - nbd/server.c | 8 +++----- - qemu-nbd.c | 2 +- - 2 files changed, 4 insertions(+), 6 deletions(-) - -diff --git a/nbd/server.c b/nbd/server.c -index ee59e5d234..49b55f6ede 100644 ---- a/nbd/server.c -+++ b/nbd/server.c -@@ -1358,16 +1358,14 @@ static coroutine_fn void nbd_co_client_start(void *opaque) - - if (exp) { - nbd_export_get(exp); -+ QTAILQ_INSERT_TAIL(&exp->clients, client, next); - } -+ qemu_co_mutex_init(&client->send_lock); -+ - if (nbd_negotiate(data)) { - client_close(client); - goto out; - } -- qemu_co_mutex_init(&client->send_lock); -- -- if (exp) { -- QTAILQ_INSERT_TAIL(&exp->clients, client, next); -- } - - nbd_client_receive_next_request(client); - -diff --git a/qemu-nbd.c b/qemu-nbd.c -index f60842fd86..651f85ecc1 100644 ---- a/qemu-nbd.c -+++ b/qemu-nbd.c -@@ -325,7 +325,7 @@ out: - - static int nbd_can_accept(void) - { -- return nb_fds < shared; -+ return state == RUNNING && nb_fds < shared; - } - - static void nbd_export_closed(NBDExport *exp) --- -2.13.1 - -From 0c9390d978cbf61e8f16c9f580fa96b305c43568 Mon Sep 17 00:00:00 2001 -From: Eric Blake -Date: Thu, 8 Jun 2017 17:26:17 -0500 -Subject: [PATCH] nbd: Fix regression on resiliency to port scan - -Back in qemu 2.5, qemu-nbd was immune to port probes (a transient -server would not quit, regardless of how many probe connections -came and went, until a connection actually negotiated). But we -broke that in commit ee7d7aa when removing the return value to -nbd_client_new(), although that patch also introduced a bug causing -an assertion failure on a client that fails negotiation. We then -made it worse during refactoring in commit 1a6245a (a segfault -before we could even assert); the (masked) assertion was cleaned -up in d3780c2 (still in 2.6), and just recently we finally fixed -the segfault ("nbd: Fully intialize client in case of failed -negotiation"). But that still means that ever since we added -TLS support to qemu-nbd, we have been vulnerable to an ill-timed -port-scan being able to cause a denial of service by taking down -qemu-nbd before a real client has a chance to connect. - -Since negotiation is now handled asynchronously via coroutines, -we no longer have a synchronous point of return by re-adding a -return value to nbd_client_new(). So this patch instead wires -things up to pass the negotiation status through the close_fn -callback function. - -Simple test across two terminals: -$ qemu-nbd -f raw -p 30001 file -$ nmap 127.0.0.1 -p 30001 && \ - qemu-io -c 'r 0 512' -f raw nbd://localhost:30001 - -Note that this patch does not change what constitutes successful -negotiation (thus, a client must enter transmission phase before -that client can be considered as a reason to terminate the server -when the connection ends). Perhaps we may want to tweak things -in a later patch to also treat a client that uses NBD_OPT_ABORT -as being a 'successful' negotiation (the client correctly talked -the NBD protocol, and informed us it was not going to use our -export after all), but that's a discussion for another day. - -Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614 - -Signed-off-by: Eric Blake -Message-Id: <20170608222617.20376-1-eblake@redhat.com> -Signed-off-by: Paolo Bonzini ---- - blockdev-nbd.c | 6 +++++- - include/block/nbd.h | 2 +- - nbd/server.c | 24 +++++++++++++++--------- - qemu-nbd.c | 4 ++-- - 4 files changed, 23 insertions(+), 13 deletions(-) - -diff --git a/blockdev-nbd.c b/blockdev-nbd.c -index dd0860f4a6..28f551a7b0 100644 ---- a/blockdev-nbd.c -+++ b/blockdev-nbd.c -@@ -27,6 +27,10 @@ typedef struct NBDServerData { - - static NBDServerData *nbd_server; - -+static void nbd_blockdev_client_closed(NBDClient *client, bool ignored) -+{ -+ nbd_client_put(client); -+} - - static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition, - gpointer opaque) -@@ -46,7 +50,7 @@ static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition, - qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server"); - nbd_client_new(NULL, cioc, - nbd_server->tlscreds, NULL, -- nbd_client_put); -+ nbd_blockdev_client_closed); - object_unref(OBJECT(cioc)); - return TRUE; - } -diff --git a/include/block/nbd.h b/include/block/nbd.h -index 416257abca..8fa5ce51f3 100644 ---- a/include/block/nbd.h -+++ b/include/block/nbd.h -@@ -162,7 +162,7 @@ void nbd_client_new(NBDExport *exp, - QIOChannelSocket *sioc, - QCryptoTLSCreds *tlscreds, - const char *tlsaclname, -- void (*close)(NBDClient *)); -+ void (*close_fn)(NBDClient *, bool)); - void nbd_client_get(NBDClient *client); - void nbd_client_put(NBDClient *client); - -diff --git a/nbd/server.c b/nbd/server.c -index 49b55f6ede..f2b1aa47ce 100644 ---- a/nbd/server.c -+++ b/nbd/server.c -@@ -81,7 +81,7 @@ static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports); - - struct NBDClient { - int refcount; -- void (*close)(NBDClient *client); -+ void (*close_fn)(NBDClient *client, bool negotiated); - - bool no_zeroes; - NBDExport *exp; -@@ -778,7 +778,7 @@ void nbd_client_put(NBDClient *client) - } - } - --static void client_close(NBDClient *client) -+static void client_close(NBDClient *client, bool negotiated) - { - if (client->closing) { - return; -@@ -793,8 +793,8 @@ static void client_close(NBDClient *client) - NULL); - - /* Also tell the client, so that they release their reference. */ -- if (client->close) { -- client->close(client); -+ if (client->close_fn) { -+ client->close_fn(client, negotiated); - } - } - -@@ -975,7 +975,7 @@ void nbd_export_close(NBDExport *exp) - - nbd_export_get(exp); - QTAILQ_FOREACH_SAFE(client, &exp->clients, next, next) { -- client_close(client); -+ client_close(client, true); - } - nbd_export_set_name(exp, NULL); - nbd_export_set_description(exp, NULL); -@@ -1337,7 +1337,7 @@ done: - - out: - nbd_request_put(req); -- client_close(client); -+ client_close(client, true); - nbd_client_put(client); - } - -@@ -1363,7 +1363,7 @@ static coroutine_fn void nbd_co_client_start(void *opaque) - qemu_co_mutex_init(&client->send_lock); - - if (nbd_negotiate(data)) { -- client_close(client); -+ client_close(client, false); - goto out; - } - -@@ -1373,11 +1373,17 @@ out: - g_free(data); - } - -+/* -+ * Create a new client listener on the given export @exp, using the -+ * given channel @sioc. Begin servicing it in a coroutine. When the -+ * connection closes, call @close_fn with an indication of whether the -+ * client completed negotiation. -+ */ - void nbd_client_new(NBDExport *exp, - QIOChannelSocket *sioc, - QCryptoTLSCreds *tlscreds, - const char *tlsaclname, -- void (*close_fn)(NBDClient *)) -+ void (*close_fn)(NBDClient *, bool)) - { - NBDClient *client; - NBDClientNewData *data = g_new(NBDClientNewData, 1); -@@ -1394,7 +1400,7 @@ void nbd_client_new(NBDExport *exp, - object_ref(OBJECT(client->sioc)); - client->ioc = QIO_CHANNEL(sioc); - object_ref(OBJECT(client->ioc)); -- client->close = close_fn; -+ client->close_fn = close_fn; - - data->client = client; - data->co = qemu_coroutine_create(nbd_co_client_start, data); -diff --git a/qemu-nbd.c b/qemu-nbd.c -index 651f85ecc1..9464a0461c 100644 ---- a/qemu-nbd.c -+++ b/qemu-nbd.c -@@ -336,10 +336,10 @@ static void nbd_export_closed(NBDExport *exp) - - static void nbd_update_server_watch(void); - --static void nbd_client_closed(NBDClient *client) -+static void nbd_client_closed(NBDClient *client, bool negotiated) - { - nb_fds--; -- if (nb_fds == 0 && !persistent && state == RUNNING) { -+ if (negotiated && nb_fds == 0 && !persistent && state == RUNNING) { - state = TERMINATE; - } - nbd_update_server_watch(); --- -2.13.1 - diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index d06c55bd57..32d10dcf82 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -72,26 +72,14 @@ (define-public qemu (package (name "qemu") - (version "2.9.0") + (version "2.10.0") (source (origin (method url-fetch) - (uri (string-append "http://wiki.qemu-project.org/download/qemu-" + (uri (string-append "https://download.qemu.org/qemu-" version ".tar.xz")) - (patches (search-patches "qemu-CVE-2017-7493.patch" - "qemu-CVE-2017-8112.patch" - "qemu-CVE-2017-8309.patch" - "qemu-CVE-2017-8379.patch" - "qemu-CVE-2017-8380.patch" - "qemu-CVE-2017-9524.patch" - "qemu-CVE-2017-10664.patch" - "qemu-CVE-2017-10806.patch" - "qemu-CVE-2017-10911.patch" - "qemu-CVE-2017-11334.patch" - "qemu-CVE-2017-11434.patch" - "qemu-CVE-2017-12809.patch")) (sha256 (base32 - "08mhfs0ndbkyqgw7fjaa9vjxf4dinrly656f6hjzvmaz7hzc677h")))) + "0dgk7zcni41nf1jp84y0m6dk2nb4frnh571m8hkiv0m4hz4imn2m")))) (build-system gnu-build-system) (arguments '(;; Running tests in parallel can occasionally lead to failures, like: -- cgit 1.4.1 From 4f6815614097630dfe507df7bae768d37f3f0627 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Wed, 30 Aug 2017 23:41:08 +0200 Subject: gnu: gd: Replace with 2.2.5. Fixes CVE-2017-6362 and CVE-2017-7890. * gnu/packages/gd.scm (gd)[replacement]: New field. (gd-2.2.5): New variable. * gnu/packages/php.scm (gd-for-php): Remove variable (php)[inputs]: Replace GD-FOR-PHP with GD-2.2.5. * gnu/packages/patches/gd-CVE-2017-7890.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/gd.scm | 20 +++++++++++++++++-- gnu/packages/patches/gd-CVE-2017-7890.patch | 30 ----------------------------- gnu/packages/php.scm | 13 +------------ 4 files changed, 19 insertions(+), 45 deletions(-) delete mode 100644 gnu/packages/patches/gd-CVE-2017-7890.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 9207966859..708b50e8b6 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -631,7 +631,6 @@ dist_patch_DATA = \ %D%/packages/patches/gcr-disable-failing-tests.patch \ %D%/packages/patches/gcr-fix-collection-tests-to-work-with-gpg-21.patch \ %D%/packages/patches/gdk-pixbuf-list-dir.patch \ - %D%/packages/patches/gd-CVE-2017-7890.patch \ %D%/packages/patches/gd-fix-gd2-read-test.patch \ %D%/packages/patches/gd-fix-tests-on-i686.patch \ %D%/packages/patches/gd-freetype-test-failure.patch \ diff --git a/gnu/packages/gd.scm b/gnu/packages/gd.scm index b4e6ce435b..169f040ee4 100644 --- a/gnu/packages/gd.scm +++ b/gnu/packages/gd.scm @@ -4,6 +4,7 @@ ;;; Copyright © 2015 Eric Bavier ;;; Copyright © 2016, 2017 Leo Famulari ;;; Copyright © 2017 Efraim Flashner +;;; Copyright © 2017 Marius Bakke ;;; ;;; This file is part of GNU Guix. ;;; @@ -37,12 +38,11 @@ (define-public gd (package (name "gd") - + (replacement gd-2.2.5) ;; Note: With libgd.org now pointing to github.com, genuine old ;; tarballs are no longer available. Notably, versions 2.0.x are ;; missing. (version "2.2.4") - (source (origin (method url-fetch) (uri (string-append @@ -93,6 +93,22 @@ most common applications of GD involve website development.") "See COPYING file in the distribution.")) (properties '((cpe-name . "libgd"))))) +;; For CVE-2017-6362 and CVE-2017-7890. +(define-public gd-2.2.5 + (package + (inherit gd) + (version "2.2.5") + (source (origin + (method url-fetch) + (uri (string-append + "https://github.com/libgd/libgd/releases/download/gd-" + version "/libgd-" version ".tar.xz")) + (patches (search-patches "gd-fix-tests-on-i686.patch" + "gd-freetype-test-failure.patch")) + (sha256 + (base32 + "0lfy5f241sbv8s3splm2zqiaxv7lxrcshh875xryryk7yk5jqc4c")))))) + (define-public perl-gd (package (name "perl-gd") diff --git a/gnu/packages/patches/gd-CVE-2017-7890.patch b/gnu/packages/patches/gd-CVE-2017-7890.patch deleted file mode 100644 index 66034c5703..0000000000 --- a/gnu/packages/patches/gd-CVE-2017-7890.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 99ba5c353373ed198f54af66fe4e355ebb96e363 Mon Sep 17 00:00:00 2001 -From: LEPILLER Julien -Date: Thu, 3 Aug 2017 17:04:17 +0200 -Subject: [PATCH] Fix #399: Buffer over-read into uninitialized memory. - -The stack allocated color map buffers were not zeroed before usage, and -so undefined palette indexes could cause information leakage. - -This is CVE-2017-7890. ---- - src/gd_gif_in.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/gd_gif_in.c b/src/gd_gif_in.c -index 008d1ec..c195448 100644 ---- a/src/gd_gif_in.c -+++ b/src/gd_gif_in.c -@@ -216,6 +216,9 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromGifCtx(gdIOCtxPtr fd) - - gdImagePtr im = 0; - -+ memset(ColorMap, 0, 3 * MAXCOLORMAPSIZE); -+ memset(localColorMap, 0, 3 * MAXCOLORMAPSIZE); -+ - if(!ReadOK(fd, buf, 6)) { - return 0; - } --- -2.13.3 - diff --git a/gnu/packages/php.scm b/gnu/packages/php.scm index d0afab0931..44fa78d624 100644 --- a/gnu/packages/php.scm +++ b/gnu/packages/php.scm @@ -49,17 +49,6 @@ #:use-module (guix build-system gnu) #:use-module ((guix licenses) #:prefix license:)) -(define gd-for-php - (package - (inherit gd) - (source (origin - (inherit (package-source gd)) - (patches - (append - (origin-patches (package-source gd)) - (search-patches "gd-CVE-2017-7890.patch"))))))) - - (define-public php (package (name "php") @@ -293,7 +282,7 @@ ("curl" ,curl) ("cyrus-sasl" ,cyrus-sasl) ("freetype" ,freetype) - ("gd" ,gd-for-php) + ("gd" ,gd-2.2.5) ("gdbm" ,gdbm) ("glibc" ,glibc) ("gmp" ,gmp) -- cgit 1.4.1 From 690a904ad766dfecf78749d121af528a7a49fa77 Mon Sep 17 00:00:00 2001 From: Ben Woodcroft Date: Thu, 31 Aug 2017 09:31:54 +0800 Subject: gnu: metabat: Update to 2.11.3. * gnu/packages/bioinformatics.scm (metabat): Update to 2.11.3. [source]: Use git-fetch. Remove boost-related patch. * gnu/packages/patches/metabat-fix-boost-issue.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/bioinformatics.scm | 16 ++++++------- gnu/packages/patches/metabat-fix-boost-issue.patch | 27 ---------------------- 3 files changed, 8 insertions(+), 36 deletions(-) delete mode 100644 gnu/packages/patches/metabat-fix-boost-issue.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 708b50e8b6..1becca3d30 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -841,7 +841,6 @@ dist_patch_DATA = \ %D%/packages/patches/mesa-wayland-egl-symbols-check-mips.patch \ %D%/packages/patches/metabat-remove-compilation-date.patch \ %D%/packages/patches/metabat-fix-compilation.patch \ - %D%/packages/patches/metabat-fix-boost-issue.patch \ %D%/packages/patches/mhash-keygen-test-segfault.patch \ %D%/packages/patches/mingw-w64-5.0rc2-gcc-4.9.3.patch \ %D%/packages/patches/mpc123-initialize-ao.patch \ diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm index d0df0ee41a..e3729537bb 100644 --- a/gnu/packages/bioinformatics.scm +++ b/gnu/packages/bioinformatics.scm @@ -3475,19 +3475,19 @@ form of assemblies or reads.") (define-public metabat (package (name "metabat") - (version "2.11.2") + (version "2.11.3") (source (origin - (method url-fetch) - (uri (string-append "https://bitbucket.org/berkeleylab/metabat/get/v" - version ".tar.gz")) - (file-name (string-append name "-" version ".tar.gz")) + (method git-fetch) + (uri (git-reference + (url "https://bitbucket.org/berkeleylab/metabat.git") + (commit "d0ad65367ffc8e08d1a9dd1388d6170daa047e5c"))) + (file-name (string-append name "-" version "-checkout")) (sha256 (base32 - "0rws9r1ziv6way8cf49jg8bzj7x2131kfqkhj8byf0z5hnrq3bwv")) + "1rlsrkz8iq8xah65222p055kzv5i3szz8bwysnvnh0pv72wvv6ww")) (patches (search-patches "metabat-remove-compilation-date.patch" - "metabat-fix-compilation.patch" - "metabat-fix-boost-issue.patch")))) + "metabat-fix-compilation.patch")))) (build-system gnu-build-system) (arguments `(#:phases diff --git a/gnu/packages/patches/metabat-fix-boost-issue.patch b/gnu/packages/patches/metabat-fix-boost-issue.patch deleted file mode 100644 index 3382d84d66..0000000000 --- a/gnu/packages/patches/metabat-fix-boost-issue.patch +++ /dev/null @@ -1,27 +0,0 @@ -This patch fixes the issue described at -https://bitbucket.org/berkeleylab/metabat/issues/28/compilation-fail-with-boost-164 - -diff --git a/src/metabat.h b/src/metabat.h -index 32ae94c..2292c04 100644 ---- a/src/metabat.h -+++ b/src/metabat.h -@@ -35,6 +35,7 @@ KSEQ_INIT(gzFile, gzread) - - #include - #include -+#include - #include - #include - #include -diff --git a/src/metabat2.h b/src/metabat2.h -index 60a9998..19fa815 100644 ---- a/src/metabat2.h -+++ b/src/metabat2.h -@@ -41,6 +41,7 @@ KSEQ_INIT(gzFile, gzread) - - #include - #include -+#include - #include - #include - #include -- cgit 1.4.1 From 9770cbf9e2c2c723744f40040ae2d606dbc789a0 Mon Sep 17 00:00:00 2001 From: Ben Woodcroft Date: Thu, 31 Aug 2017 10:06:36 +0800 Subject: gnu: ruby-2.4.1: Fix CVE-2017-{0899,0900,0901,0902}. * gnu/packages/patches/ruby-rubygems-2612-ruby24.patch, gnu/packages/patches/ruby-rubygems-2613-ruby24.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/ruby.scm (ruby-2.4.1)[source]: Use them. --- gnu/local.mk | 2 + .../patches/ruby-rubygems-2612-ruby24.patch | 437 +++++++++++++++++++++ .../patches/ruby-rubygems-2613-ruby24.patch | 355 +++++++++++++++++ gnu/packages/ruby.scm | 5 +- 4 files changed, 798 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/ruby-rubygems-2612-ruby24.patch create mode 100644 gnu/packages/patches/ruby-rubygems-2613-ruby24.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 1becca3d30..3b8ddcc8e5 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -987,6 +987,8 @@ dist_patch_DATA = \ %D%/packages/patches/rsem-makefile.patch \ %D%/packages/patches/ruby-concurrent-ignore-broken-test.patch \ %D%/packages/patches/ruby-concurrent-test-arm.patch \ + %D%/packages/patches/ruby-rubygems-2612-ruby24.patch \ + %D%/packages/patches/ruby-rubygems-2613-ruby24.patch \ %D%/packages/patches/ruby-rack-ignore-failing-test.patch \ %D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\ %D%/packages/patches/rxvt-unicode-escape-sequences.patch \ diff --git a/gnu/packages/patches/ruby-rubygems-2612-ruby24.patch b/gnu/packages/patches/ruby-rubygems-2612-ruby24.patch new file mode 100644 index 0000000000..8ee32c0c6e --- /dev/null +++ b/gnu/packages/patches/ruby-rubygems-2612-ruby24.patch @@ -0,0 +1,437 @@ +diff --git lib/rubygems.rb lib/rubygems.rb +index 5cd1a4c47a..bc5bf9b4c2 100644 +--- ruby-2.4.1/lib/rubygems.rb ++++ ruby-2.4.1/lib/rubygems.rb +@@ -10,7 +10,7 @@ + require 'thread' + + module Gem +- VERSION = "2.6.11" ++ VERSION = "2.6.12" + end + + # Must be first since it unloads the prelude from 1.9.2 +@@ -234,6 +234,7 @@ def self.needs + + def self.finish_resolve(request_set=Gem::RequestSet.new) + request_set.import Gem::Specification.unresolved_deps.values ++ request_set.import Gem.loaded_specs.values.map {|s| Gem::Dependency.new(s.name, s.version) } + + request_set.resolve_current.each do |s| + s.full_spec.activate +diff --git lib/rubygems/commands/open_command.rb lib/rubygems/commands/open_command.rb +index a89b7421e3..059635e835 100644 +--- ruby-2.4.1/lib/rubygems/commands/open_command.rb ++++ ruby-2.4.1/lib/rubygems/commands/open_command.rb +@@ -72,7 +72,7 @@ def open_editor path + end + + def spec_for name +- spec = Gem::Specification.find_all_by_name(name, @version).last ++ spec = Gem::Specification.find_all_by_name(name, @version).first + + return spec if spec + +diff --git lib/rubygems/commands/query_command.rb lib/rubygems/commands/query_command.rb +index f25d120b88..70f8127292 100644 +--- ruby-2.4.1/lib/rubygems/commands/query_command.rb ++++ ruby-2.4.1/lib/rubygems/commands/query_command.rb +@@ -86,7 +86,7 @@ def execute + name = Array(options[:name]) + else + args = options[:args].to_a +- name = options[:exact] ? args : args.map{|arg| /#{arg}/i } ++ name = options[:exact] ? args.map{|arg| /\A#{Regexp.escape(arg)}\Z/ } : args.map{|arg| /#{arg}/i } + end + + prerelease = options[:prerelease] +diff --git lib/rubygems/commands/sources_command.rb lib/rubygems/commands/sources_command.rb +index 9832afd214..7e46963a4c 100644 +--- ruby-2.4.1/lib/rubygems/commands/sources_command.rb ++++ ruby-2.4.1/lib/rubygems/commands/sources_command.rb +@@ -44,7 +44,7 @@ def add_source source_uri # :nodoc: + source = Gem::Source.new source_uri + + begin +- if Gem.sources.include? source_uri then ++ if Gem.sources.include? source then + say "source #{source_uri} already present in the cache" + else + source.load_specs :released +diff --git lib/rubygems/dependency_list.rb lib/rubygems/dependency_list.rb +index 35fe7c4c1a..d8314eaf60 100644 +--- ruby-2.4.1/lib/rubygems/dependency_list.rb ++++ ruby-2.4.1/lib/rubygems/dependency_list.rb +@@ -104,7 +104,7 @@ def find_name(full_name) + end + + def inspect # :nodoc: +- "#<%s:0x%x %p>" % [self.class, object_id, map { |s| s.full_name }] ++ "%s %p>" % [super[0..-2], map { |s| s.full_name }] + end + + ## +diff --git lib/rubygems/installer.rb lib/rubygems/installer.rb +index f4d3e728de..967543c2d1 100644 +--- ruby-2.4.1/lib/rubygems/installer.rb ++++ ruby-2.4.1/lib/rubygems/installer.rb +@@ -214,7 +214,7 @@ def check_executable_overwrite filename # :nodoc: + + ruby_executable = true + existing = io.read.slice(%r{ +- ^( ++ ^\s*( + gem \s | + load \s Gem\.bin_path\( | + load \s Gem\.activate_bin_path\( +@@ -701,6 +701,8 @@ def verify_gem_home(unpack = false) # :nodoc: + # Return the text for an application file. + + def app_script_text(bin_file_name) ++ # note that the `load` lines cannot be indented, as old RG versions match ++ # against the beginning of the line + return <<-TEXT + #{shebang bin_file_name} + # +@@ -723,7 +725,12 @@ def app_script_text(bin_file_name) + end + end + ++if Gem.respond_to?(:activate_bin_path) + load Gem.activate_bin_path('#{spec.name}', '#{bin_file_name}', version) ++else ++gem #{spec.name.dump}, version ++load Gem.bin_path(#{spec.name.dump}, #{bin_file_name.dump}, version) ++end + TEXT + end + +diff --git lib/rubygems/platform.rb lib/rubygems/platform.rb +index d22d91ae54..2dd9ed5782 100644 +--- ruby-2.4.1/lib/rubygems/platform.rb ++++ ruby-2.4.1/lib/rubygems/platform.rb +@@ -112,7 +112,7 @@ def initialize(arch) + end + + def inspect +- "#<%s:0x%x @cpu=%p, @os=%p, @version=%p>" % [self.class, object_id, *to_a] ++ "%s @cpu=%p, @os=%p, @version=%p>" % [super[0..-2], *to_a] + end + + def to_a +diff --git lib/rubygems/security.rb lib/rubygems/security.rb +index 119d6d56f7..6963ca156f 100644 +--- ruby-2.4.1/lib/rubygems/security.rb ++++ ruby-2.4.1/lib/rubygems/security.rb +@@ -455,7 +455,7 @@ def self.create_cert_self_signed subject, key, age = ONE_YEAR, + + ## + # Creates a new key pair of the specified +length+ and +algorithm+. The +- # default is a 2048 bit RSA key. ++ # default is a 3072 bit RSA key. + + def self.create_key length = KEY_LENGTH, algorithm = KEY_ALGORITHM + algorithm.new length +diff --git lib/rubygems/server.rb lib/rubygems/server.rb +index 81df0e608e..df4eb566d3 100644 +--- ruby-2.4.1/lib/rubygems/server.rb ++++ ruby-2.4.1/lib/rubygems/server.rb +@@ -657,7 +657,7 @@ def root(req, res) + "only_one_executable" => true, + "full_name" => "rubygems-#{Gem::VERSION}", + "has_deps" => false, +- "homepage" => "http://docs.rubygems.org/", ++ "homepage" => "http://guides.rubygems.org/", + "name" => 'rubygems', + "ri_installed" => true, + "summary" => "RubyGems itself", +diff --git lib/rubygems/specification.rb lib/rubygems/specification.rb +index a2f289d162..500f0af768 100644 +--- ruby-2.4.1/lib/rubygems/specification.rb ++++ ruby-2.4.1/lib/rubygems/specification.rb +@@ -2105,7 +2105,7 @@ def inspect # :nodoc: + if $DEBUG + super + else +- "#<#{self.class}:0x#{__id__.to_s(16)} #{full_name}>" ++ "#{super[0..-2]} #{full_name}>" + end + end + +diff --git lib/rubygems/test_case.rb lib/rubygems/test_case.rb +index 86b68e1efb..4e48f1eb4c 100644 +--- ruby-2.4.1/lib/rubygems/test_case.rb ++++ ruby-2.4.1/lib/rubygems/test_case.rb +@@ -484,7 +484,7 @@ def git_gem name = 'a', version = 1 + + system @git, 'add', gemspec + system @git, 'commit', '-a', '-m', 'a non-empty commit message', '--quiet' +- head = Gem::Util.popen('git', 'rev-parse', 'master').strip ++ head = Gem::Util.popen(@git, 'rev-parse', 'master').strip + end + + return name, git_spec.version, directory, head +@@ -1498,6 +1498,8 @@ def self.key_path key_name + begin + gem 'rdoc' + require 'rdoc' ++ ++ require 'rubygems/rdoc' + rescue LoadError, Gem::LoadError + end + +@@ -1514,3 +1516,4 @@ def self.key_path key_name + pid = $$ + END {tmpdirs.each {|dir| Dir.rmdir(dir)} if $$ == pid} + Gem.clear_paths ++Gem.loaded_specs.clear +diff --git test/rubygems/test_gem.rb test/rubygems/test_gem.rb +index a605f9cdfe..62b36dfd41 100644 +--- ruby-2.4.1/test/rubygems/test_gem.rb ++++ ruby-2.4.1/test/rubygems/test_gem.rb +@@ -75,6 +75,29 @@ def test_self_finish_resolve_wtf + end + end + ++ def test_self_finish_resolve_respects_loaded_specs ++ save_loaded_features do ++ a1 = new_spec "a", "1", "b" => "> 0" ++ b1 = new_spec "b", "1", "c" => ">= 1" ++ b2 = new_spec "b", "2", "c" => ">= 2" ++ c1 = new_spec "c", "1" ++ c2 = new_spec "c", "2" ++ ++ install_specs c1, c2, b1, b2, a1 ++ ++ a1.activate ++ c1.activate ++ ++ assert_equal %w(a-1 c-1), loaded_spec_names ++ assert_equal ["b (> 0)"], unresolved_names ++ ++ Gem.finish_resolve ++ ++ assert_equal %w(a-1 b-1 c-1), loaded_spec_names ++ assert_equal [], unresolved_names ++ end ++ end ++ + def test_self_install + spec_fetcher do |f| + f.gem 'a', 1 +@@ -492,7 +515,7 @@ def test_self_find_files_with_gemfile + skip if RUBY_VERSION <= "1.8.7" + + cwd = File.expand_path("test/rubygems", @@project_dir) +- $LOAD_PATH.unshift cwd ++ actual_load_path = $LOAD_PATH.unshift(cwd).dup + + discover_path = File.join 'lib', 'sff', 'discover.rb' + +@@ -518,12 +541,12 @@ def test_self_find_files_with_gemfile + expected = [ + File.expand_path('test/rubygems/sff/discover.rb', @@project_dir), + File.join(foo1.full_gem_path, discover_path) +- ] ++ ].sort + +- assert_equal expected, Gem.find_files('sff/discover') +- assert_equal expected, Gem.find_files('sff/**.rb'), '[ruby-core:31730]' ++ assert_equal expected, Gem.find_files('sff/discover').sort ++ assert_equal expected, Gem.find_files('sff/**.rb').sort, '[ruby-core:31730]' + ensure +- assert_equal cwd, $LOAD_PATH.shift unless RUBY_VERSION <= "1.8.7" ++ assert_equal cwd, actual_load_path.shift unless RUBY_VERSION <= "1.8.7" + end + + def test_self_find_latest_files +diff --git test/rubygems/test_gem_commands_open_command.rb test/rubygems/test_gem_commands_open_command.rb +index 3ec38972e6..a96fa6ea23 100644 +--- ruby-2.4.1/test/rubygems/test_gem_commands_open_command.rb ++++ ruby-2.4.1/test/rubygems/test_gem_commands_open_command.rb +@@ -24,7 +24,8 @@ def test_execute + @cmd.options[:args] = %w[foo] + @cmd.options[:editor] = "#{Gem.ruby} -e0 --" + +- spec = gem 'foo' ++ gem 'foo', '1.0.0' ++ spec = gem 'foo', '1.0.1' + mock = MiniTest::Mock.new + mock.expect(:call, true, [spec.full_gem_path]) + +diff --git test/rubygems/test_gem_commands_query_command.rb test/rubygems/test_gem_commands_query_command.rb +index 223f205b2d..d8d682b136 100644 +--- ruby-2.4.1/test/rubygems/test_gem_commands_query_command.rb ++++ ruby-2.4.1/test/rubygems/test_gem_commands_query_command.rb +@@ -642,7 +642,7 @@ def test_execute_local_details + assert_equal expected, @ui.output + end + +- def test_execute_exact ++ def test_execute_exact_remote + spec_fetcher do |fetcher| + fetcher.spec 'coolgem-omg', 3 + fetcher.spec 'coolgem', '4.2.1' +@@ -665,6 +665,60 @@ def test_execute_exact + assert_equal expected, @ui.output + end + ++ def test_execute_exact_local ++ spec_fetcher do |fetcher| ++ fetcher.spec 'coolgem-omg', 3 ++ fetcher.spec 'coolgem', '4.2.1' ++ fetcher.spec 'wow_coolgem', 1 ++ end ++ ++ @cmd.handle_options %w[--exact coolgem] ++ ++ use_ui @ui do ++ @cmd.execute ++ end ++ ++ expected = <<-EOF ++ ++*** LOCAL GEMS *** ++ ++coolgem (4.2.1) ++ EOF ++ ++ assert_equal expected, @ui.output ++ end ++ ++ def test_execute_exact_multiple ++ spec_fetcher do |fetcher| ++ fetcher.spec 'coolgem-omg', 3 ++ fetcher.spec 'coolgem', '4.2.1' ++ fetcher.spec 'wow_coolgem', 1 ++ ++ fetcher.spec 'othergem-omg', 3 ++ fetcher.spec 'othergem', '1.2.3' ++ fetcher.spec 'wow_othergem', 1 ++ end ++ ++ @cmd.handle_options %w[--exact coolgem othergem] ++ ++ use_ui @ui do ++ @cmd.execute ++ end ++ ++ expected = <<-EOF ++ ++*** LOCAL GEMS *** ++ ++coolgem (4.2.1) ++ ++*** LOCAL GEMS *** ++ ++othergem (1.2.3) ++ EOF ++ ++ assert_equal expected, @ui.output ++ end ++ + private + + def add_gems_to_fetcher +diff --git test/rubygems/test_gem_commands_sources_command.rb test/rubygems/test_gem_commands_sources_command.rb +index 014b4b4c12..d5b6d99419 100644 +--- ruby-2.4.1/test/rubygems/test_gem_commands_sources_command.rb ++++ ruby-2.4.1/test/rubygems/test_gem_commands_sources_command.rb +@@ -108,6 +108,58 @@ def test_execute_add_redundant_source + assert_equal '', @ui.error + end + ++ def test_execute_add_redundant_source_trailing_slash ++ # Remove pre-existing gem source (w/ slash) ++ repo_with_slash = "http://gems.example.com/" ++ @cmd.handle_options %W[--remove #{repo_with_slash}] ++ use_ui @ui do ++ @cmd.execute ++ end ++ source = Gem::Source.new repo_with_slash ++ assert_equal false, Gem.sources.include?(source) ++ ++ expected = <<-EOF ++#{repo_with_slash} removed from sources ++ EOF ++ ++ assert_equal expected, @ui.output ++ assert_equal '', @ui.error ++ ++ # Re-add pre-existing gem source (w/o slash) ++ repo_without_slash = "http://gems.example.com" ++ @cmd.handle_options %W[--add #{repo_without_slash}] ++ use_ui @ui do ++ @cmd.execute ++ end ++ source = Gem::Source.new repo_without_slash ++ assert_equal true, Gem.sources.include?(source) ++ ++ expected = <<-EOF ++http://gems.example.com/ removed from sources ++http://gems.example.com added to sources ++ EOF ++ ++ assert_equal expected, @ui.output ++ assert_equal '', @ui.error ++ ++ # Re-add original gem source (w/ slash) ++ @cmd.handle_options %W[--add #{repo_with_slash}] ++ use_ui @ui do ++ @cmd.execute ++ end ++ source = Gem::Source.new repo_with_slash ++ assert_equal true, Gem.sources.include?(source) ++ ++ expected = <<-EOF ++http://gems.example.com/ removed from sources ++http://gems.example.com added to sources ++source http://gems.example.com/ already present in the cache ++ EOF ++ ++ assert_equal expected, @ui.output ++ assert_equal '', @ui.error ++ end ++ + def test_execute_add_http_rubygems_org + http_rubygems_org = 'http://rubygems.org' + +diff --git test/rubygems/test_gem_installer.rb test/rubygems/test_gem_installer.rb +index 6ceb2c6dfc..882981d344 100644 +--- ruby-2.4.1/test/rubygems/test_gem_installer.rb ++++ ruby-2.4.1/test/rubygems/test_gem_installer.rb +@@ -62,7 +62,12 @@ def test_app_script_text + end + end + ++if Gem.respond_to?(:activate_bin_path) + load Gem.activate_bin_path('a', 'executable', version) ++else ++gem "a", version ++load Gem.bin_path("a", "executable", version) ++end + EOF + + wrapper = @installer.app_script_text 'executable' +diff --git test/rubygems/test_require.rb test/rubygems/test_require.rb +index dd606e44d4..936f78fb2a 100644 +--- ruby-2.4.1/test/rubygems/test_require.rb ++++ ruby-2.4.1/test/rubygems/test_require.rb +@@ -301,6 +301,17 @@ def test_default_gem_only + assert_equal %w(default-2.0.0.0), loaded_spec_names + end + ++ def test_realworld_default_gem ++ skip "no default gems on ruby < 2.0" unless RUBY_VERSION >= "2" ++ cmd = <<-RUBY ++ $stderr = $stdout ++ require "json" ++ puts Gem.loaded_specs["json"].default_gem? ++ RUBY ++ output = Gem::Util.popen(Gem.ruby, "-e", cmd).strip ++ assert_equal "true", output ++ end ++ + def test_default_gem_and_normal_gem + default_gem_spec = new_default_spec("default", "2.0.0.0", + nil, "default/gem.rb") diff --git a/gnu/packages/patches/ruby-rubygems-2613-ruby24.patch b/gnu/packages/patches/ruby-rubygems-2613-ruby24.patch new file mode 100644 index 0000000000..c253cc912d --- /dev/null +++ b/gnu/packages/patches/ruby-rubygems-2613-ruby24.patch @@ -0,0 +1,355 @@ +diff --git lib/rubygems.rb lib/rubygems.rb +index bc5bf9b4c2..55aa85b8b2 100644 +--- ruby-2.4.1/lib/rubygems.rb ++++ ruby-2.4.1/lib/rubygems.rb +@@ -10,7 +10,7 @@ + require 'thread' + + module Gem +- VERSION = "2.6.12" ++ VERSION = "2.6.13" + end + + # Must be first since it unloads the prelude from 1.9.2 +diff --git lib/rubygems/commands/query_command.rb lib/rubygems/commands/query_command.rb +index 70f8127292..44144203e0 100644 +--- ruby-2.4.1/lib/rubygems/commands/query_command.rb ++++ ruby-2.4.1/lib/rubygems/commands/query_command.rb +@@ -226,7 +226,7 @@ def output_versions output, versions + end + end + +- output << make_entry(matching_tuples, platforms) ++ output << clean_text(make_entry(matching_tuples, platforms)) + end + end + +@@ -353,7 +353,8 @@ def spec_platforms entry, platforms + end + + def spec_summary entry, spec +- entry << "\n\n" << format_text(spec.summary, 68, 4) ++ summary = truncate_text(spec.summary, "the summary for #{spec.full_name}") ++ entry << "\n\n" << format_text(summary, 68, 4) + end + + end +diff --git lib/rubygems/installer.rb lib/rubygems/installer.rb +index 967543c2d1..6fd3399dd4 100644 +--- ruby-2.4.1/lib/rubygems/installer.rb ++++ ruby-2.4.1/lib/rubygems/installer.rb +@@ -697,6 +697,11 @@ def verify_gem_home(unpack = false) # :nodoc: + unpack or File.writable?(gem_home) + end + ++ def verify_spec_name ++ return if spec.name =~ Gem::Specification::VALID_NAME_PATTERN ++ raise Gem::InstallError, "#{spec} has an invalid name" ++ end ++ + ## + # Return the text for an application file. + +@@ -823,6 +828,8 @@ def pre_install_checks + + ensure_loadable_spec + ++ verify_spec_name ++ + if options[:install_as_default] + Gem.ensure_default_gem_subdirectories gem_home + else +diff --git lib/rubygems/remote_fetcher.rb lib/rubygems/remote_fetcher.rb +index e6a13d4b8c..8f0cf0b402 100644 +--- ruby-2.4.1/lib/rubygems/remote_fetcher.rb ++++ ruby-2.4.1/lib/rubygems/remote_fetcher.rb +@@ -110,7 +110,7 @@ def api_endpoint(uri) + else + target = res.target.to_s.strip + +- if /\.#{Regexp.quote(host)}\z/ =~ target ++ if URI("http://" + target).host.end_with?(".#{host}") + return URI.parse "#{uri.scheme}://#{target}#{uri.path}" + end + +diff --git lib/rubygems/specification.rb lib/rubygems/specification.rb +index 500f0af768..88e320c05a 100644 +--- ruby-2.4.1/lib/rubygems/specification.rb ++++ ruby-2.4.1/lib/rubygems/specification.rb +@@ -108,6 +108,8 @@ class Gem::Specification < Gem::BasicSpecification + + private_constant :LOAD_CACHE if defined? private_constant + ++ VALID_NAME_PATTERN = /\A[a-zA-Z0-9\.\-\_]+\z/ # :nodoc: ++ + # :startdoc: + + ## +@@ -2671,9 +2673,15 @@ def validate packaging = true + end + end + +- unless String === name then ++ if !name.is_a?(String) then + raise Gem::InvalidSpecificationException, +- "invalid value for attribute name: \"#{name.inspect}\"" ++ "invalid value for attribute name: \"#{name.inspect}\" must be a string" ++ elsif name !~ /[a-zA-Z]/ then ++ raise Gem::InvalidSpecificationException, ++ "invalid value for attribute name: #{name.dump} must include at least one letter" ++ elsif name !~ VALID_NAME_PATTERN then ++ raise Gem::InvalidSpecificationException, ++ "invalid value for attribute name: #{name.dump} can only include letters, numbers, dashes, and underscores" + end + + if raw_require_paths.empty? then +diff --git lib/rubygems/text.rb lib/rubygems/text.rb +index 732f1b99f2..b944b62c27 100644 +--- ruby-2.4.1/lib/rubygems/text.rb ++++ ruby-2.4.1/lib/rubygems/text.rb +@@ -6,13 +6,26 @@ + + module Gem::Text + ++ ## ++ # Remove any non-printable characters and make the text suitable for ++ # printing. ++ def clean_text(text) ++ text.gsub(/[\000-\b\v-\f\016-\037\177]/, ".".freeze) ++ end ++ ++ def truncate_text(text, description, max_length = 100_000) ++ raise ArgumentError, "max_length must be positive" unless max_length > 0 ++ return text if text.size <= max_length ++ "Truncating #{description} to #{max_length.to_s.reverse.gsub(/...(?=.)/,'\&,').reverse} characters:\n" + text[0, max_length] ++ end ++ + ## + # Wraps +text+ to +wrap+ characters and optionally indents by +indent+ + # characters + + def format_text(text, wrap, indent=0) + result = [] +- work = text.dup ++ work = clean_text(text) + + while work.length > wrap do + if work =~ /^(.{0,#{wrap}})[ \n]/ then +diff --git test/rubygems/test_gem_commands_query_command.rb test/rubygems/test_gem_commands_query_command.rb +index d8d682b136..469223c6c0 100644 +--- ruby-2.4.1/test/rubygems/test_gem_commands_query_command.rb ++++ ruby-2.4.1/test/rubygems/test_gem_commands_query_command.rb +@@ -116,6 +116,86 @@ def test_execute_details + This is a lot of text. This is a lot of text. This is a lot of text. + This is a lot of text. + ++pl (1) ++ Platform: i386-linux ++ Author: A User ++ Homepage: http://example.com ++ ++ this is a summary ++ EOF ++ ++ assert_equal expected, @ui.output ++ assert_equal '', @ui.error ++ end ++ ++ def test_execute_details_cleans_text ++ spec_fetcher do |fetcher| ++ fetcher.spec 'a', 2 do |s| ++ s.summary = 'This is a lot of text. ' * 4 ++ s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"] ++ s.homepage = "http://a.example.com/\x03" ++ end ++ ++ fetcher.legacy_platform ++ end ++ ++ @cmd.handle_options %w[-r -d] ++ ++ use_ui @ui do ++ @cmd.execute ++ end ++ ++ expected = <<-EOF ++ ++*** REMOTE GEMS *** ++ ++a (2) ++ Authors: Abraham Lincoln ., . Hirohito ++ Homepage: http://a.example.com/. ++ ++ This is a lot of text. This is a lot of text. This is a lot of text. ++ This is a lot of text. ++ ++pl (1) ++ Platform: i386-linux ++ Author: A User ++ Homepage: http://example.com ++ ++ this is a summary ++ EOF ++ ++ assert_equal expected, @ui.output ++ assert_equal '', @ui.error ++ end ++ ++ def test_execute_details_truncates_summary ++ spec_fetcher do |fetcher| ++ fetcher.spec 'a', 2 do |s| ++ s.summary = 'This is a lot of text. ' * 10_000 ++ s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"] ++ s.homepage = "http://a.example.com/\x03" ++ end ++ ++ fetcher.legacy_platform ++ end ++ ++ @cmd.handle_options %w[-r -d] ++ ++ use_ui @ui do ++ @cmd.execute ++ end ++ ++ expected = <<-EOF ++ ++*** REMOTE GEMS *** ++ ++a (2) ++ Authors: Abraham Lincoln ., . Hirohito ++ Homepage: http://a.example.com/. ++ ++ Truncating the summary for a-2 to 100,000 characters: ++#{" This is a lot of text. This is a lot of text. This is a lot of text.\n" * 1449} This is a lot of te ++ + pl (1) + Platform: i386-linux + Author: A User +diff --git test/rubygems/test_gem_installer.rb test/rubygems/test_gem_installer.rb +index 882981d344..dd049214fb 100644 +--- ruby-2.4.1/test/rubygems/test_gem_installer.rb ++++ ruby-2.4.1/test/rubygems/test_gem_installer.rb +@@ -1448,6 +1448,26 @@ def test_pre_install_checks_wrong_rubygems_version + end + end + ++ def test_pre_install_checks_malicious_name ++ spec = util_spec '../malicious', '1' ++ def spec.full_name # so the spec is buildable ++ "malicious-1" ++ end ++ def spec.validate; end ++ ++ util_build_gem spec ++ ++ gem = File.join(@gemhome, 'cache', spec.file_name) ++ ++ use_ui @ui do ++ @installer = Gem::Installer.at gem ++ e = assert_raises Gem::InstallError do ++ @installer.pre_install_checks ++ end ++ assert_equal '# has an invalid name', e.message ++ end ++ end ++ + def test_shebang + util_make_exec @spec, "#!/usr/bin/ruby" + +diff --git test/rubygems/test_gem_remote_fetcher.rb test/rubygems/test_gem_remote_fetcher.rb +index cb994462cd..fbb7d89019 100644 +--- ruby-2.4.1/test/rubygems/test_gem_remote_fetcher.rb ++++ ruby-2.4.1/test/rubygems/test_gem_remote_fetcher.rb +@@ -241,6 +241,21 @@ def test_api_endpoint_ignores_trans_domain_values_that_end_with_original + dns.verify + end + ++ def test_api_endpoint_ignores_trans_domain_values_that_end_with_original_in_path ++ uri = URI.parse "http://example.com/foo" ++ target = MiniTest::Mock.new ++ target.expect :target, "evil.com/a.example.com" ++ ++ dns = MiniTest::Mock.new ++ dns.expect :getresource, target, [String, Object] ++ ++ fetch = Gem::RemoteFetcher.new nil, dns ++ assert_equal URI.parse("http://example.com/foo"), fetch.api_endpoint(uri) ++ ++ target.verify ++ dns.verify ++ end ++ + def test_api_endpoint_timeout_warning + uri = URI.parse "http://gems.example.com/foo" + +diff --git test/rubygems/test_gem_specification.rb test/rubygems/test_gem_specification.rb +index d43289d745..0fcc11e78f 100644 +--- ruby-2.4.1/test/rubygems/test_gem_specification.rb ++++ ruby-2.4.1/test/rubygems/test_gem_specification.rb +@@ -2985,7 +2985,37 @@ def test_validate_name + @a1.validate + end + +- assert_equal 'invalid value for attribute name: ":json"', e.message ++ assert_equal 'invalid value for attribute name: ":json" must be a string', e.message ++ ++ @a1.name = [] ++ e = assert_raises Gem::InvalidSpecificationException do ++ @a1.validate ++ end ++ assert_equal "invalid value for attribute name: \"[]\" must be a string", e.message ++ ++ @a1.name = "" ++ e = assert_raises Gem::InvalidSpecificationException do ++ @a1.validate ++ end ++ assert_equal "invalid value for attribute name: \"\" must include at least one letter", e.message ++ ++ @a1.name = "12345" ++ e = assert_raises Gem::InvalidSpecificationException do ++ @a1.validate ++ end ++ assert_equal "invalid value for attribute name: \"12345\" must include at least one letter", e.message ++ ++ @a1.name = "../malicious" ++ e = assert_raises Gem::InvalidSpecificationException do ++ @a1.validate ++ end ++ assert_equal "invalid value for attribute name: \"../malicious\" can only include letters, numbers, dashes, and underscores", e.message ++ ++ @a1.name = "\ba\t" ++ e = assert_raises Gem::InvalidSpecificationException do ++ @a1.validate ++ end ++ assert_equal "invalid value for attribute name: \"\\ba\\t\" can only include letters, numbers, dashes, and underscores", e.message + end + + def test_validate_non_nil +diff --git test/rubygems/test_gem_text.rb test/rubygems/test_gem_text.rb +index a6e22e04da..04f3f605e8 100644 +--- ruby-2.4.1/test/rubygems/test_gem_text.rb ++++ ruby-2.4.1/test/rubygems/test_gem_text.rb +@@ -36,6 +36,10 @@ def test_format_text_trailing # for two spaces after . + assert_equal expected, format_text(text, 78) + end + ++ def test_format_removes_nonprintable_characters ++ assert_equal "text with weird .. stuff .", format_text("text with weird \x1b\x02 stuff \x7f", 40) ++ end ++ + def test_min3 + assert_equal 1, min3(1, 1, 1) + assert_equal 1, min3(1, 1, 2) +@@ -74,4 +78,11 @@ def test_levenshtein_distance_replace + assert_equal 7, levenshtein_distance("xxxxxxx", "ZenTest") + assert_equal 7, levenshtein_distance("zentest", "xxxxxxx") + end ++ ++ def test_truncate_text ++ assert_equal "abc", truncate_text("abc", "desc") ++ assert_equal "Truncating desc to 2 characters:\nab", truncate_text("abc", "desc", 2) ++ s = "ab" * 500_001 ++ assert_equal "Truncating desc to 1,000,000 characters:\n#{s[0, 1_000_000]}", truncate_text(s, "desc", 1_000_000) ++ end + end diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm index 243ff9e5db..e2258cba23 100644 --- a/gnu/packages/ruby.scm +++ b/gnu/packages/ruby.scm @@ -121,7 +121,10 @@ a focus on simplicity and productivity.") (snippet `(begin ;; Remove bundled libffi (delete-file-recursively "ext/fiddle/libffi-3.2.1") - #t)))))) + #t)) + (patches + (search-patches "ruby-rubygems-2612-ruby24.patch" + "ruby-rubygems-2613-ruby24.patch")))))) (define-public ruby-2.3 (package -- cgit 1.4.1 From db542518b375505fc46eb9e52324e523dd0bad33 Mon Sep 17 00:00:00 2001 From: Ben Woodcroft Date: Thu, 31 Aug 2017 10:21:36 +0800 Subject: gnu: ruby-2.3.4: Fix CVE-2017-{0899,0900,0901,0902}. * gnu/packages/patches/ruby-2.3.4-rubygems-2613-ruby23.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/ruby.scm (ruby-2.3.4)[source]: Use it. --- gnu/local.mk | 1 + .../patches/ruby-2.3.4-rubygems-2613-ruby23.patch | 355 +++++++++++++++++++++ gnu/packages/ruby.scm | 1 + 3 files changed, 357 insertions(+) create mode 100644 gnu/packages/patches/ruby-2.3.4-rubygems-2613-ruby23.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 3b8ddcc8e5..e807df0d2a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -989,6 +989,7 @@ dist_patch_DATA = \ %D%/packages/patches/ruby-concurrent-test-arm.patch \ %D%/packages/patches/ruby-rubygems-2612-ruby24.patch \ %D%/packages/patches/ruby-rubygems-2613-ruby24.patch \ + %D%/packages/patches/ruby-2.3.4-rubygems-2613-ruby23.patch \ %D%/packages/patches/ruby-rack-ignore-failing-test.patch \ %D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\ %D%/packages/patches/rxvt-unicode-escape-sequences.patch \ diff --git a/gnu/packages/patches/ruby-2.3.4-rubygems-2613-ruby23.patch b/gnu/packages/patches/ruby-2.3.4-rubygems-2613-ruby23.patch new file mode 100644 index 0000000000..8f4758293e --- /dev/null +++ b/gnu/packages/patches/ruby-2.3.4-rubygems-2613-ruby23.patch @@ -0,0 +1,355 @@ +diff --git lib/rubygems.rb lib/rubygems.rb +index 04031c765c..9c0219ce06 100644 +--- ruby-2.3.4/lib/rubygems.rb ++++ ruby-2.3.4/lib/rubygems.rb +@@ -10,7 +10,7 @@ + require 'thread' + + module Gem +- VERSION = '2.5.2' ++ VERSION = '2.5.2.1' + end + + # Must be first since it unloads the prelude from 1.9.2 +diff --git lib/rubygems/commands/query_command.rb lib/rubygems/commands/query_command.rb +index d6196b44ed..61e9808860 100644 +--- ruby-2.3.4/lib/rubygems/commands/query_command.rb ++++ ruby-2.3.4/lib/rubygems/commands/query_command.rb +@@ -226,7 +226,7 @@ def output_versions output, versions + end + end + +- output << make_entry(matching_tuples, platforms) ++ output << clean_text(make_entry(matching_tuples, platforms)) + end + end + +@@ -344,7 +344,8 @@ def spec_platforms entry, platforms + end + + def spec_summary entry, spec +- entry << "\n\n" << format_text(spec.summary, 68, 4) ++ summary = truncate_text(spec.summary, "the summary for #{spec.full_name}") ++ entry << "\n\n" << format_text(summary, 68, 4) + end + + end +diff --git lib/rubygems/installer.rb lib/rubygems/installer.rb +index 85358e0d1a..709b77d126 100644 +--- ruby-2.3.4/lib/rubygems/installer.rb ++++ ruby-2.3.4/lib/rubygems/installer.rb +@@ -693,6 +693,11 @@ def verify_gem_home(unpack = false) # :nodoc: + unpack or File.writable?(gem_home) + end + ++ def verify_spec_name ++ return if spec.name =~ Gem::Specification::VALID_NAME_PATTERN ++ raise Gem::InstallError, "#{spec} has an invalid name" ++ end ++ + ## + # Return the text for an application file. + +@@ -812,6 +817,8 @@ def pre_install_checks + + ensure_loadable_spec + ++ verify_spec_name ++ + if options[:install_as_default] + Gem.ensure_default_gem_subdirectories gem_home + else +diff --git lib/rubygems/remote_fetcher.rb lib/rubygems/remote_fetcher.rb +index fda1e067ef..254bebfadf 100644 +--- ruby-2.3.4/lib/rubygems/remote_fetcher.rb ++++ ruby-2.3.4/lib/rubygems/remote_fetcher.rb +@@ -104,7 +104,7 @@ def api_endpoint(uri) + else + target = res.target.to_s.strip + +- if /\.#{Regexp.quote(host)}\z/ =~ target ++ if URI("http://" + target).host.end_with?(".#{host}") + return URI.parse "#{uri.scheme}://#{target}#{uri.path}" + end + +diff --git lib/rubygems/specification.rb lib/rubygems/specification.rb +index 8e2557cdb2..dd4fde1776 100644 +--- ruby-2.3.4/lib/rubygems/specification.rb ++++ ruby-2.3.4/lib/rubygems/specification.rb +@@ -108,6 +108,8 @@ class Gem::Specification < Gem::BasicSpecification + + private_constant :LOAD_CACHE if defined? private_constant + ++ VALID_NAME_PATTERN = /\A[a-zA-Z0-9\.\-\_]+\z/ # :nodoc: ++ + # :startdoc: + + ## +@@ -2665,9 +2667,15 @@ def validate packaging = true + end + end + +- unless String === name then ++ if !name.is_a?(String) then + raise Gem::InvalidSpecificationException, +- "invalid value for attribute name: \"#{name.inspect}\"" ++ "invalid value for attribute name: \"#{name.inspect}\" must be a string" ++ elsif name !~ /[a-zA-Z]/ then ++ raise Gem::InvalidSpecificationException, ++ "invalid value for attribute name: #{name.dump} must include at least one letter" ++ elsif name !~ VALID_NAME_PATTERN then ++ raise Gem::InvalidSpecificationException, ++ "invalid value for attribute name: #{name.dump} can only include letters, numbers, dashes, and underscores" + end + + if raw_require_paths.empty? then +diff --git lib/rubygems/text.rb lib/rubygems/text.rb +index 732f1b99f2..b944b62c27 100644 +--- ruby-2.3.4/lib/rubygems/text.rb ++++ ruby-2.3.4/lib/rubygems/text.rb +@@ -6,13 +6,26 @@ + + module Gem::Text + ++ ## ++ # Remove any non-printable characters and make the text suitable for ++ # printing. ++ def clean_text(text) ++ text.gsub(/[\000-\b\v-\f\016-\037\177]/, ".".freeze) ++ end ++ ++ def truncate_text(text, description, max_length = 100_000) ++ raise ArgumentError, "max_length must be positive" unless max_length > 0 ++ return text if text.size <= max_length ++ "Truncating #{description} to #{max_length.to_s.reverse.gsub(/...(?=.)/,'\&,').reverse} characters:\n" + text[0, max_length] ++ end ++ + ## + # Wraps +text+ to +wrap+ characters and optionally indents by +indent+ + # characters + + def format_text(text, wrap, indent=0) + result = [] +- work = text.dup ++ work = clean_text(text) + + while work.length > wrap do + if work =~ /^(.{0,#{wrap}})[ \n]/ then +diff --git test/rubygems/test_gem_commands_query_command.rb test/rubygems/test_gem_commands_query_command.rb +index 78c15a1770..9ec715492f 100644 +--- ruby-2.3.4/test/rubygems/test_gem_commands_query_command.rb ++++ ruby-2.3.4/test/rubygems/test_gem_commands_query_command.rb +@@ -116,6 +116,86 @@ def test_execute_details + This is a lot of text. This is a lot of text. This is a lot of text. + This is a lot of text. + ++pl (1) ++ Platform: i386-linux ++ Author: A User ++ Homepage: http://example.com ++ ++ this is a summary ++ EOF ++ ++ assert_equal expected, @ui.output ++ assert_equal '', @ui.error ++ end ++ ++ def test_execute_details_cleans_text ++ spec_fetcher do |fetcher| ++ fetcher.spec 'a', 2 do |s| ++ s.summary = 'This is a lot of text. ' * 4 ++ s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"] ++ s.homepage = "http://a.example.com/\x03" ++ end ++ ++ fetcher.legacy_platform ++ end ++ ++ @cmd.handle_options %w[-r -d] ++ ++ use_ui @ui do ++ @cmd.execute ++ end ++ ++ expected = <<-EOF ++ ++*** REMOTE GEMS *** ++ ++a (2) ++ Authors: Abraham Lincoln ., . Hirohito ++ Homepage: http://a.example.com/. ++ ++ This is a lot of text. This is a lot of text. This is a lot of text. ++ This is a lot of text. ++ ++pl (1) ++ Platform: i386-linux ++ Author: A User ++ Homepage: http://example.com ++ ++ this is a summary ++ EOF ++ ++ assert_equal expected, @ui.output ++ assert_equal '', @ui.error ++ end ++ ++ def test_execute_details_truncates_summary ++ spec_fetcher do |fetcher| ++ fetcher.spec 'a', 2 do |s| ++ s.summary = 'This is a lot of text. ' * 10_000 ++ s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"] ++ s.homepage = "http://a.example.com/\x03" ++ end ++ ++ fetcher.legacy_platform ++ end ++ ++ @cmd.handle_options %w[-r -d] ++ ++ use_ui @ui do ++ @cmd.execute ++ end ++ ++ expected = <<-EOF ++ ++*** REMOTE GEMS *** ++ ++a (2) ++ Authors: Abraham Lincoln ., . Hirohito ++ Homepage: http://a.example.com/. ++ ++ Truncating the summary for a-2 to 100,000 characters: ++#{" This is a lot of text. This is a lot of text. This is a lot of text.\n" * 1449} This is a lot of te ++ + pl (1) + Platform: i386-linux + Author: A User +diff --git test/rubygems/test_gem_installer.rb test/rubygems/test_gem_installer.rb +index 5ec71d0a01..1092a0c68f 100644 +--- ruby-2.3.4/test/rubygems/test_gem_installer.rb ++++ ruby-2.3.4/test/rubygems/test_gem_installer.rb +@@ -1227,6 +1227,26 @@ def test_pre_install_checks_wrong_rubygems_version + end + end + ++ def test_pre_install_checks_malicious_name ++ spec = util_spec '../malicious', '1' ++ def spec.full_name # so the spec is buildable ++ "malicious-1" ++ end ++ def spec.validate; end ++ ++ util_build_gem spec ++ ++ gem = File.join(@gemhome, 'cache', spec.file_name) ++ ++ use_ui @ui do ++ @installer = Gem::Installer.at gem ++ e = assert_raises Gem::InstallError do ++ @installer.pre_install_checks ++ end ++ assert_equal '# has an invalid name', e.message ++ end ++ end ++ + def test_shebang + util_make_exec @spec, "#!/usr/bin/ruby" + +diff --git test/rubygems/test_gem_remote_fetcher.rb test/rubygems/test_gem_remote_fetcher.rb +index 49b6b6656c..a3919c8ef2 100644 +--- ruby-2.3.4/test/rubygems/test_gem_remote_fetcher.rb ++++ ruby-2.3.4/test/rubygems/test_gem_remote_fetcher.rb +@@ -253,6 +253,21 @@ def test_api_endpoint_ignores_trans_domain_values_that_end_with_original + dns.verify + end + ++ def test_api_endpoint_ignores_trans_domain_values_that_end_with_original_in_path ++ uri = URI.parse "http://example.com/foo" ++ target = MiniTest::Mock.new ++ target.expect :target, "evil.com/a.example.com" ++ ++ dns = MiniTest::Mock.new ++ dns.expect :getresource, target, [String, Object] ++ ++ fetch = Gem::RemoteFetcher.new nil, dns ++ assert_equal URI.parse("http://example.com/foo"), fetch.api_endpoint(uri) ++ ++ target.verify ++ dns.verify ++ end ++ + def test_api_endpoint_timeout_warning + uri = URI.parse "http://gems.example.com/foo" + +diff --git test/rubygems/test_gem_specification.rb test/rubygems/test_gem_specification.rb +index bc1c8d2ca7..9a49bbbf59 100644 +--- ruby-2.3.4/test/rubygems/test_gem_specification.rb ++++ ruby-2.3.4/test/rubygems/test_gem_specification.rb +@@ -2974,7 +2974,37 @@ def test_validate_name + @a1.validate + end + +- assert_equal 'invalid value for attribute name: ":json"', e.message ++ assert_equal 'invalid value for attribute name: ":json" must be a string', e.message ++ ++ @a1.name = [] ++ e = assert_raises Gem::InvalidSpecificationException do ++ @a1.validate ++ end ++ assert_equal "invalid value for attribute name: \"[]\" must be a string", e.message ++ ++ @a1.name = "" ++ e = assert_raises Gem::InvalidSpecificationException do ++ @a1.validate ++ end ++ assert_equal "invalid value for attribute name: \"\" must include at least one letter", e.message ++ ++ @a1.name = "12345" ++ e = assert_raises Gem::InvalidSpecificationException do ++ @a1.validate ++ end ++ assert_equal "invalid value for attribute name: \"12345\" must include at least one letter", e.message ++ ++ @a1.name = "../malicious" ++ e = assert_raises Gem::InvalidSpecificationException do ++ @a1.validate ++ end ++ assert_equal "invalid value for attribute name: \"../malicious\" can only include letters, numbers, dashes, and underscores", e.message ++ ++ @a1.name = "\ba\t" ++ e = assert_raises Gem::InvalidSpecificationException do ++ @a1.validate ++ end ++ assert_equal "invalid value for attribute name: \"\\ba\\t\" can only include letters, numbers, dashes, and underscores", e.message + end + + def test_validate_non_nil +diff --git test/rubygems/test_gem_text.rb test/rubygems/test_gem_text.rb +index a6e22e04da..04f3f605e8 100644 +--- ruby-2.3.4/test/rubygems/test_gem_text.rb ++++ ruby-2.3.4/test/rubygems/test_gem_text.rb +@@ -36,6 +36,10 @@ def test_format_text_trailing # for two spaces after . + assert_equal expected, format_text(text, 78) + end + ++ def test_format_removes_nonprintable_characters ++ assert_equal "text with weird .. stuff .", format_text("text with weird \x1b\x02 stuff \x7f", 40) ++ end ++ + def test_min3 + assert_equal 1, min3(1, 1, 1) + assert_equal 1, min3(1, 1, 2) +@@ -74,4 +78,11 @@ def test_levenshtein_distance_replace + assert_equal 7, levenshtein_distance("xxxxxxx", "ZenTest") + assert_equal 7, levenshtein_distance("zentest", "xxxxxxx") + end ++ ++ def test_truncate_text ++ assert_equal "abc", truncate_text("abc", "desc") ++ assert_equal "Truncating desc to 2 characters:\nab", truncate_text("abc", "desc", 2) ++ s = "ab" * 500_001 ++ assert_equal "Truncating desc to 1,000,000 characters:\n#{s[0, 1_000_000]}", truncate_text(s, "desc", 1_000_000) ++ end + end diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm index e2258cba23..754a6eccd0 100644 --- a/gnu/packages/ruby.scm +++ b/gnu/packages/ruby.scm @@ -140,6 +140,7 @@ a focus on simplicity and productivity.") (base32 "132p5kc1sx97svbx04g40pz5pr7p8f6jlmnq5r2prlcz5q1xj71l")) (modules '((guix build utils))) + (patches (search-patches "ruby-2.3.4-rubygems-2613-ruby23.patch")) (snippet `(begin ;; Remove bundled libffi (delete-file-recursively "ext/fiddle/libffi-3.2.1") -- cgit 1.4.1 From c959e5a1dc266325b2e4986a18bd98d1e37900ac Mon Sep 17 00:00:00 2001 From: Ben Woodcroft Date: Thu, 31 Aug 2017 10:26:21 +0800 Subject: gnu: ruby-2.2.7: Fix CVE-2017-{0899,0900,0901,0902}. * gnu/packages/patches/ruby-2.2.7-rubygems-2613-ruby22.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/ruby.scm (ruby-2.2.7)[source]: Use it. --- gnu/local.mk | 1 + .../patches/ruby-2.2.7-rubygems-2613-ruby22.patch | 355 +++++++++++++++++++++ gnu/packages/ruby.scm | 1 + 3 files changed, 357 insertions(+) create mode 100644 gnu/packages/patches/ruby-2.2.7-rubygems-2613-ruby22.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index e807df0d2a..175434bcd9 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -989,6 +989,7 @@ dist_patch_DATA = \ %D%/packages/patches/ruby-concurrent-test-arm.patch \ %D%/packages/patches/ruby-rubygems-2612-ruby24.patch \ %D%/packages/patches/ruby-rubygems-2613-ruby24.patch \ + %D%/packages/patches/ruby-2.2.7-rubygems-2613-ruby22.patch \ %D%/packages/patches/ruby-2.3.4-rubygems-2613-ruby23.patch \ %D%/packages/patches/ruby-rack-ignore-failing-test.patch \ %D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\ diff --git a/gnu/packages/patches/ruby-2.2.7-rubygems-2613-ruby22.patch b/gnu/packages/patches/ruby-2.2.7-rubygems-2613-ruby22.patch new file mode 100644 index 0000000000..d68b836c71 --- /dev/null +++ b/gnu/packages/patches/ruby-2.2.7-rubygems-2613-ruby22.patch @@ -0,0 +1,355 @@ +diff --git lib/rubygems.rb lib/rubygems.rb +index f48496aa31..0e1855b148 100644 +--- ruby-2.2.7/lib/rubygems.rb ++++ ruby-2.2.7/lib/rubygems.rb +@@ -9,7 +9,7 @@ require 'rbconfig' + require 'thread' + + module Gem +- VERSION = '2.4.5.2' ++ VERSION = '2.4.5.3' + end + + # Must be first since it unloads the prelude from 1.9.2 +diff --git lib/rubygems/commands/query_command.rb lib/rubygems/commands/query_command.rb +index 432250e033..44364cfab2 100644 +--- ruby-2.2.7/lib/rubygems/commands/query_command.rb ++++ ruby-2.2.7/lib/rubygems/commands/query_command.rb +@@ -218,7 +218,7 @@ is too hard to use. + end + end + +- output << make_entry(matching_tuples, platforms) ++ output << clean_text(make_entry(matching_tuples, platforms)) + end + end + +@@ -336,7 +336,8 @@ is too hard to use. + end + + def spec_summary entry, spec +- entry << "\n\n" << format_text(spec.summary, 68, 4) ++ summary = truncate_text(spec.summary, "the summary for #{spec.full_name}") ++ entry << "\n\n" << format_text(summary, 68, 4) + end + + end +diff --git lib/rubygems/installer.rb lib/rubygems/installer.rb +index 10fc1a34a5..a27569fe2e 100644 +--- ruby-2.2.7/lib/rubygems/installer.rb ++++ ruby-2.2.7/lib/rubygems/installer.rb +@@ -646,6 +646,11 @@ class Gem::Installer + unpack or File.writable?(gem_home) + end + ++ def verify_spec_name ++ return if spec.name =~ Gem::Specification::VALID_NAME_PATTERN ++ raise Gem::InstallError, "#{spec} has an invalid name" ++ end ++ + ## + # Return the text for an application file. + +@@ -771,6 +776,8 @@ TEXT + + ensure_loadable_spec + ++ verify_spec_name ++ + if options[:install_as_default] + Gem.ensure_default_gem_subdirectories gem_home + else +diff --git lib/rubygems/remote_fetcher.rb lib/rubygems/remote_fetcher.rb +index b1f6dd17fc..2b9d61c0a1 100644 +--- ruby-2.2.7/lib/rubygems/remote_fetcher.rb ++++ ruby-2.2.7/lib/rubygems/remote_fetcher.rb +@@ -96,7 +96,7 @@ class Gem::RemoteFetcher + else + target = res.target.to_s.strip + +- if /\.#{Regexp.quote(host)}\z/ =~ target ++ if URI("http://" + target).host.end_with?(".#{host}") + return URI.parse "#{uri.scheme}://#{target}#{uri.path}" + end + +diff --git lib/rubygems/specification.rb lib/rubygems/specification.rb +index ab1cd92270..faca837128 100644 +--- ruby-2.2.7/lib/rubygems/specification.rb ++++ ruby-2.2.7/lib/rubygems/specification.rb +@@ -106,6 +106,8 @@ class Gem::Specification < Gem::BasicSpecification + + private_constant :LOAD_CACHE if defined? private_constant + ++ VALID_NAME_PATTERN = /\A[a-zA-Z0-9\.\-\_]+\z/ # :nodoc: ++ + # :startdoc: + + ## +@@ -2477,9 +2479,15 @@ class Gem::Specification < Gem::BasicSpecification + end + end + +- unless String === name then ++ if !name.is_a?(String) then + raise Gem::InvalidSpecificationException, +- "invalid value for attribute name: \"#{name.inspect}\"" ++ "invalid value for attribute name: \"#{name.inspect}\" must be a string" ++ elsif name !~ /[a-zA-Z]/ then ++ raise Gem::InvalidSpecificationException, ++ "invalid value for attribute name: #{name.dump} must include at least one letter" ++ elsif name !~ VALID_NAME_PATTERN then ++ raise Gem::InvalidSpecificationException, ++ "invalid value for attribute name: #{name.dump} can only include letters, numbers, dashes, and underscores" + end + + if raw_require_paths.empty? then +diff --git lib/rubygems/text.rb lib/rubygems/text.rb +index 5c9287ad2e..86a722ffc0 100644 +--- ruby-2.2.7/lib/rubygems/text.rb ++++ ruby-2.2.7/lib/rubygems/text.rb +@@ -5,13 +5,26 @@ require 'rubygems' + + module Gem::Text + ++ ## ++ # Remove any non-printable characters and make the text suitable for ++ # printing. ++ def clean_text(text) ++ text.gsub(/[\000-\b\v-\f\016-\037\177]/, ".".freeze) ++ end ++ ++ def truncate_text(text, description, max_length = 100_000) ++ raise ArgumentError, "max_length must be positive" unless max_length > 0 ++ return text if text.size <= max_length ++ "Truncating #{description} to #{max_length.to_s.reverse.gsub(/...(?=.)/,'\&,').reverse} characters:\n" + text[0, max_length] ++ end ++ + ## + # Wraps +text+ to +wrap+ characters and optionally indents by +indent+ + # characters + + def format_text(text, wrap, indent=0) + result = [] +- work = text.dup ++ work = clean_text(text) + + while work.length > wrap do + if work =~ /^(.{0,#{wrap}})[ \n]/ then +diff --git test/rubygems/test_gem_commands_query_command.rb test/rubygems/test_gem_commands_query_command.rb +index 43fa82571d..ccd2621874 100644 +--- ruby-2.2.7/test/rubygems/test_gem_commands_query_command.rb ++++ ruby-2.2.7/test/rubygems/test_gem_commands_query_command.rb +@@ -147,6 +147,86 @@ a (2) + This is a lot of text. This is a lot of text. This is a lot of text. + This is a lot of text. + ++pl (1) ++ Platform: i386-linux ++ Author: A User ++ Homepage: http://example.com ++ ++ this is a summary ++ EOF ++ ++ assert_equal expected, @ui.output ++ assert_equal '', @ui.error ++ end ++ ++ def test_execute_details_cleans_text ++ spec_fetcher do |fetcher| ++ fetcher.spec 'a', 2 do |s| ++ s.summary = 'This is a lot of text. ' * 4 ++ s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"] ++ s.homepage = "http://a.example.com/\x03" ++ end ++ ++ fetcher.legacy_platform ++ end ++ ++ @cmd.handle_options %w[-r -d] ++ ++ use_ui @ui do ++ @cmd.execute ++ end ++ ++ expected = <<-EOF ++ ++*** REMOTE GEMS *** ++ ++a (2) ++ Authors: Abraham Lincoln ., . Hirohito ++ Homepage: http://a.example.com/. ++ ++ This is a lot of text. This is a lot of text. This is a lot of text. ++ This is a lot of text. ++ ++pl (1) ++ Platform: i386-linux ++ Author: A User ++ Homepage: http://example.com ++ ++ this is a summary ++ EOF ++ ++ assert_equal expected, @ui.output ++ assert_equal '', @ui.error ++ end ++ ++ def test_execute_details_truncates_summary ++ spec_fetcher do |fetcher| ++ fetcher.spec 'a', 2 do |s| ++ s.summary = 'This is a lot of text. ' * 10_000 ++ s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"] ++ s.homepage = "http://a.example.com/\x03" ++ end ++ ++ fetcher.legacy_platform ++ end ++ ++ @cmd.handle_options %w[-r -d] ++ ++ use_ui @ui do ++ @cmd.execute ++ end ++ ++ expected = <<-EOF ++ ++*** REMOTE GEMS *** ++ ++a (2) ++ Authors: Abraham Lincoln ., . Hirohito ++ Homepage: http://a.example.com/. ++ ++ Truncating the summary for a-2 to 100,000 characters: ++#{" This is a lot of text. This is a lot of text. This is a lot of text.\n" * 1449} This is a lot of te ++ + pl (1) + Platform: i386-linux + Author: A User +diff --git test/rubygems/test_gem_installer.rb test/rubygems/test_gem_installer.rb +index 6f8012feb8..aba73af181 100644 +--- ruby-2.2.7/test/rubygems/test_gem_installer.rb ++++ ruby-2.2.7/test/rubygems/test_gem_installer.rb +@@ -1214,6 +1214,26 @@ gem 'other', version + end + end + ++ def test_pre_install_checks_malicious_name ++ spec = util_spec '../malicious', '1' ++ def spec.full_name # so the spec is buildable ++ "malicious-1" ++ end ++ def spec.validate; end ++ ++ util_build_gem spec ++ ++ gem = File.join(@gemhome, 'cache', spec.file_name) ++ ++ use_ui @ui do ++ @installer = Gem::Installer.at gem ++ e = assert_raises Gem::InstallError do ++ @installer.pre_install_checks ++ end ++ assert_equal '# has an invalid name', e.message ++ end ++ end ++ + def test_shebang + util_make_exec @spec, "#!/usr/bin/ruby" + +diff --git test/rubygems/test_gem_remote_fetcher.rb test/rubygems/test_gem_remote_fetcher.rb +index 63dd8feb38..ca4627810b 100644 +--- ruby-2.2.7/test/rubygems/test_gem_remote_fetcher.rb ++++ ruby-2.2.7/test/rubygems/test_gem_remote_fetcher.rb +@@ -181,6 +181,21 @@ gems: + dns.verify + end + ++ def test_api_endpoint_ignores_trans_domain_values_that_end_with_original_in_path ++ uri = URI.parse "http://example.com/foo" ++ target = MiniTest::Mock.new ++ target.expect :target, "evil.com/a.example.com" ++ ++ dns = MiniTest::Mock.new ++ dns.expect :getresource, target, [String, Object] ++ ++ fetch = Gem::RemoteFetcher.new nil, dns ++ assert_equal URI.parse("http://example.com/foo"), fetch.api_endpoint(uri) ++ ++ target.verify ++ dns.verify ++ end ++ + def test_api_endpoint_ignores_trans_domain_values + uri = URI.parse "http://gems.example.com/foo" + target = MiniTest::Mock.new +diff --git test/rubygems/test_gem_specification.rb test/rubygems/test_gem_specification.rb +index 3cadc55d5d..4f7076a03a 100644 +--- ruby-2.2.7/test/rubygems/test_gem_specification.rb ++++ ruby-2.2.7/test/rubygems/test_gem_specification.rb +@@ -2610,7 +2610,37 @@ http://opensource.org/licenses/alphabetical + @a1.validate + end + +- assert_equal 'invalid value for attribute name: ":json"', e.message ++ assert_equal 'invalid value for attribute name: ":json" must be a string', e.message ++ ++ @a1.name = [] ++ e = assert_raises Gem::InvalidSpecificationException do ++ @a1.validate ++ end ++ assert_equal "invalid value for attribute name: \"[]\" must be a string", e.message ++ ++ @a1.name = "" ++ e = assert_raises Gem::InvalidSpecificationException do ++ @a1.validate ++ end ++ assert_equal "invalid value for attribute name: \"\" must include at least one letter", e.message ++ ++ @a1.name = "12345" ++ e = assert_raises Gem::InvalidSpecificationException do ++ @a1.validate ++ end ++ assert_equal "invalid value for attribute name: \"12345\" must include at least one letter", e.message ++ ++ @a1.name = "../malicious" ++ e = assert_raises Gem::InvalidSpecificationException do ++ @a1.validate ++ end ++ assert_equal "invalid value for attribute name: \"../malicious\" can only include letters, numbers, dashes, and underscores", e.message ++ ++ @a1.name = "\ba\t" ++ e = assert_raises Gem::InvalidSpecificationException do ++ @a1.validate ++ end ++ assert_equal "invalid value for attribute name: \"\\ba\\t\" can only include letters, numbers, dashes, and underscores", e.message + end + + def test_validate_non_nil +diff --git test/rubygems/test_gem_text.rb test/rubygems/test_gem_text.rb +index e5cfc41e61..9b270b481b 100644 +--- ruby-2.2.7/test/rubygems/test_gem_text.rb ++++ ruby-2.2.7/test/rubygems/test_gem_text.rb +@@ -35,6 +35,10 @@ Without the wrapping, the text might not look good in the RSS feed. + assert_equal expected, format_text(text, 78) + end + ++ def test_format_removes_nonprintable_characters ++ assert_equal "text with weird .. stuff .", format_text("text with weird \x1b\x02 stuff \x7f", 40) ++ end ++ + def test_min3 + assert_equal 1, min3(1, 1, 1) + assert_equal 1, min3(1, 1, 2) +@@ -71,4 +75,11 @@ Without the wrapping, the text might not look good in the RSS feed. + assert_equal 7, levenshtein_distance("xxxxxxx", "ZenTest") + assert_equal 7, levenshtein_distance("zentest", "xxxxxxx") + end ++ ++ def test_truncate_text ++ assert_equal "abc", truncate_text("abc", "desc") ++ assert_equal "Truncating desc to 2 characters:\nab", truncate_text("abc", "desc", 2) ++ s = "ab" * 500_001 ++ assert_equal "Truncating desc to 1,000,000 characters:\n#{s[0, 1_000_000]}", truncate_text(s, "desc", 1_000_000) ++ end + end diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm index 754a6eccd0..6251145f09 100644 --- a/gnu/packages/ruby.scm +++ b/gnu/packages/ruby.scm @@ -155,6 +155,7 @@ a focus on simplicity and productivity.") (uri (string-append "http://cache.ruby-lang.org/pub/ruby/" (version-major+minor version) "/ruby-" version ".tar.xz")) + (patches (search-patches "ruby-2.2.7-rubygems-2613-ruby22.patch")) (sha256 (base32 "0lyb7gnbbhs3a3v9grsjgbaixm20wxz6x3h0czyrxnj3cpp8lk13")))))) -- cgit 1.4.1 From 76fed2b3c4e3703d1ad81c4330edd94d551b6334 Mon Sep 17 00:00:00 2001 From: Alex Vong Date: Wed, 30 Aug 2017 21:21:21 +0800 Subject: gnu: libxml2: Fix CVE-2017-{0663,7375,7376,9047,9048,9049,9050}. * gnu/packages/patches/libxml2-CVE-2017-0663.patch, gnu/packages/patches/libxml2-CVE-2017-7375.patch, gnu/packages/patches/libxml2-CVE-2017-7376.patch, gnu/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch, gnu/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/xml.scm (libxml2)[replacement]: New field. (libxml2/fixed): New variable. Signed-off-by: Marius Bakke --- gnu/local.mk | 5 + gnu/packages/patches/libxml2-CVE-2017-0663.patch | 53 ++++ gnu/packages/patches/libxml2-CVE-2017-7375.patch | 45 +++ gnu/packages/patches/libxml2-CVE-2017-7376.patch | 41 +++ .../libxml2-CVE-2017-9047+CVE-2017-9048.patch | 130 +++++++++ .../libxml2-CVE-2017-9049+CVE-2017-9050.patch | 319 +++++++++++++++++++++ gnu/packages/xml.scm | 15 + 7 files changed, 608 insertions(+) create mode 100644 gnu/packages/patches/libxml2-CVE-2017-0663.patch create mode 100644 gnu/packages/patches/libxml2-CVE-2017-7375.patch create mode 100644 gnu/packages/patches/libxml2-CVE-2017-7376.patch create mode 100644 gnu/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch create mode 100644 gnu/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 175434bcd9..586fa9809c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -803,6 +803,11 @@ dist_patch_DATA = \ %D%/packages/patches/libxcb-python-3.5-compat.patch \ %D%/packages/patches/libxml2-CVE-2016-4658.patch \ %D%/packages/patches/libxml2-CVE-2016-5131.patch \ + %D%/packages/patches/libxml2-CVE-2017-0663.patch \ + %D%/packages/patches/libxml2-CVE-2017-7375.patch \ + %D%/packages/patches/libxml2-CVE-2017-7376.patch \ + %D%/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch \ + %D%/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch \ %D%/packages/patches/libxslt-generated-ids.patch \ %D%/packages/patches/libxslt-CVE-2016-4738.patch \ %D%/packages/patches/libxt-guix-search-paths.patch \ diff --git a/gnu/packages/patches/libxml2-CVE-2017-0663.patch b/gnu/packages/patches/libxml2-CVE-2017-0663.patch new file mode 100644 index 0000000000..b0277a2d23 --- /dev/null +++ b/gnu/packages/patches/libxml2-CVE-2017-0663.patch @@ -0,0 +1,53 @@ +Fix CVE-2017-0663: + +https://bugzilla.gnome.org/show_bug.cgi?id=780228 (not yet public) +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663 +https://security-tracker.debian.org/tracker/CVE-2017-0663 + +Patch copied from upstream source repository: + +https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66 + +From 92b9e8c8b3787068565a1820ba575d042f9eec66 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Tue, 6 Jun 2017 12:56:28 +0200 +Subject: [PATCH] Fix type confusion in xmlValidateOneNamespace + +Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types on +namespace declarations make no practical sense anyway. + +Fixes bug 780228. + +Found with libFuzzer and ASan. +--- + valid.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/valid.c b/valid.c +index 8075d3a0..c51ea290 100644 +--- a/valid.c ++++ b/valid.c +@@ -4627,6 +4627,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) { + } + } + ++ /* ++ * Casting ns to xmlAttrPtr is wrong. We'd need separate functions ++ * xmlAddID and xmlAddRef for namespace declarations, but it makes ++ * no practical sense to use ID types anyway. ++ */ ++#if 0 + /* Validity Constraint: ID uniqueness */ + if (attrDecl->atype == XML_ATTRIBUTE_ID) { + if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) +@@ -4638,6 +4644,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) { + if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) + ret = 0; + } ++#endif + + /* Validity Constraint: Notation Attributes */ + if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) { +-- +2.14.1 + diff --git a/gnu/packages/patches/libxml2-CVE-2017-7375.patch b/gnu/packages/patches/libxml2-CVE-2017-7375.patch new file mode 100644 index 0000000000..32af1ff6ba --- /dev/null +++ b/gnu/packages/patches/libxml2-CVE-2017-7375.patch @@ -0,0 +1,45 @@ +Fix CVE-2017-7375: + +https://bugzilla.gnome.org/show_bug.cgi?id=780691 (not yet public) +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375 +https://security-tracker.debian.org/tracker/CVE-2017-7375 + +Patch copied from upstream source repository: + +https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e + +From 90ccb58242866b0ba3edbef8fe44214a101c2b3e Mon Sep 17 00:00:00 2001 +From: Neel Mehta +Date: Fri, 7 Apr 2017 17:43:02 +0200 +Subject: [PATCH] Prevent unwanted external entity reference + +For https://bugzilla.gnome.org/show_bug.cgi?id=780691 + +* parser.c: add a specific check to avoid PE reference +--- + parser.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/parser.c b/parser.c +index 609a2703..c2c812de 100644 +--- a/parser.c ++++ b/parser.c +@@ -8123,6 +8123,15 @@ xmlParsePEReference(xmlParserCtxtPtr ctxt) + if (xmlPushInput(ctxt, input) < 0) + return; + } else { ++ if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) && ++ ((ctxt->options & XML_PARSE_NOENT) == 0) && ++ ((ctxt->options & XML_PARSE_DTDVALID) == 0) && ++ ((ctxt->options & XML_PARSE_DTDLOAD) == 0) && ++ ((ctxt->options & XML_PARSE_DTDATTR) == 0) && ++ (ctxt->replaceEntities == 0) && ++ (ctxt->validate == 0)) ++ return; ++ + /* + * TODO !!! + * handle the extra spaces added before and after +-- +2.14.1 + diff --git a/gnu/packages/patches/libxml2-CVE-2017-7376.patch b/gnu/packages/patches/libxml2-CVE-2017-7376.patch new file mode 100644 index 0000000000..5b9e45bd83 --- /dev/null +++ b/gnu/packages/patches/libxml2-CVE-2017-7376.patch @@ -0,0 +1,41 @@ +Fix CVE-2017-7376: + +https://bugzilla.gnome.org/show_bug.cgi?id=780690 (not yet public) +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376 +https://security-tracker.debian.org/tracker/CVE-2017-7376 + +Patch copied from upstream source repository: + +https://git.gnome.org/browse/libxml2/commit/?id=5dca9eea1bd4263bfa4d037ab2443de1cd730f7e + +From 5dca9eea1bd4263bfa4d037ab2443de1cd730f7e Mon Sep 17 00:00:00 2001 +From: Daniel Veillard +Date: Fri, 7 Apr 2017 17:13:28 +0200 +Subject: [PATCH] Increase buffer space for port in HTTP redirect support + +For https://bugzilla.gnome.org/show_bug.cgi?id=780690 + +nanohttp.c: the code wrongly assumed a short int port value. +--- + nanohttp.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/nanohttp.c b/nanohttp.c +index e109ad75..373425de 100644 +--- a/nanohttp.c ++++ b/nanohttp.c +@@ -1423,9 +1423,9 @@ retry: + if (ctxt->port != 80) { + /* reserve space for ':xxxxx', incl. potential proxy */ + if (proxy) +- blen += 12; ++ blen += 17; + else +- blen += 6; ++ blen += 11; + } + bp = (char*)xmlMallocAtomic(blen); + if ( bp == NULL ) { +-- +2.14.1 + diff --git a/gnu/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch b/gnu/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch new file mode 100644 index 0000000000..0a0e6d34cf --- /dev/null +++ b/gnu/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch @@ -0,0 +1,130 @@ +Fix CVE-2017-{9047,9048}: + +https://bugzilla.gnome.org/show_bug.cgi?id=781333 (not yet public) +https://bugzilla.gnome.org/show_bug.cgi?id=781701 (not yet public) +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048 +http://www.openwall.com/lists/oss-security/2017/05/15/1 +https://security-tracker.debian.org/tracker/CVE-2017-9047 +https://security-tracker.debian.org/tracker/CVE-2017-9048 + +Patch copied from upstream source repository: + +https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74 + +From 932cc9896ab41475d4aa429c27d9afd175959d74 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Sat, 3 Jun 2017 02:01:29 +0200 +Subject: [PATCH] Fix buffer size checks in xmlSnprintfElementContent +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +xmlSnprintfElementContent failed to correctly check the available +buffer space in two locations. + +Fixes bug 781333 (CVE-2017-9047) and bug 781701 (CVE-2017-9048). + +Thanks to Marcel Böhme and Thuan Pham for the report. +--- + result/valid/781333.xml | 5 +++++ + result/valid/781333.xml.err | 3 +++ + result/valid/781333.xml.err.rdr | 6 ++++++ + test/valid/781333.xml | 4 ++++ + valid.c | 20 +++++++++++--------- + 5 files changed, 29 insertions(+), 9 deletions(-) + create mode 100644 result/valid/781333.xml + create mode 100644 result/valid/781333.xml.err + create mode 100644 result/valid/781333.xml.err.rdr + create mode 100644 test/valid/781333.xml + +diff --git a/result/valid/781333.xml b/result/valid/781333.xml +new file mode 100644 +index 00000000..45dc451d +--- /dev/null ++++ b/result/valid/781333.xml +@@ -0,0 +1,5 @@ ++ ++ ++]> ++ +diff --git a/result/valid/781333.xml.err b/result/valid/781333.xml.err +new file mode 100644 +index 00000000..b401b49a +--- /dev/null ++++ b/result/valid/781333.xml.err +@@ -0,0 +1,3 @@ ++./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got ++ ++ ^ +diff --git a/result/valid/781333.xml.err.rdr b/result/valid/781333.xml.err.rdr +new file mode 100644 +index 00000000..5ff56992 +--- /dev/null ++++ b/result/valid/781333.xml.err.rdr +@@ -0,0 +1,6 @@ ++./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got ++ ++ ^ ++./test/valid/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child ++ ++^ +diff --git a/test/valid/781333.xml b/test/valid/781333.xml +new file mode 100644 +index 00000000..b29e5a68 +--- /dev/null ++++ b/test/valid/781333.xml +@@ -0,0 +1,4 @@ ++ ++]> ++ +diff --git a/valid.c b/valid.c +index 19f84b82..9b2df56a 100644 +--- a/valid.c ++++ b/valid.c +@@ -1262,22 +1262,23 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int + case XML_ELEMENT_CONTENT_PCDATA: + strcat(buf, "#PCDATA"); + break; +- case XML_ELEMENT_CONTENT_ELEMENT: ++ case XML_ELEMENT_CONTENT_ELEMENT: { ++ int qnameLen = xmlStrlen(content->name); ++ ++ if (content->prefix != NULL) ++ qnameLen += xmlStrlen(content->prefix) + 1; ++ if (size - len < qnameLen + 10) { ++ strcat(buf, " ..."); ++ return; ++ } + if (content->prefix != NULL) { +- if (size - len < xmlStrlen(content->prefix) + 10) { +- strcat(buf, " ..."); +- return; +- } + strcat(buf, (char *) content->prefix); + strcat(buf, ":"); + } +- if (size - len < xmlStrlen(content->name) + 10) { +- strcat(buf, " ..."); +- return; +- } + if (content->name != NULL) + strcat(buf, (char *) content->name); + break; ++ } + case XML_ELEMENT_CONTENT_SEQ: + if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || + (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) +@@ -1319,6 +1320,7 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int + xmlSnprintfElementContent(buf, size, content->c2, 0); + break; + } ++ if (size - strlen(buf) <= 2) return; + if (englob) + strcat(buf, ")"); + switch (content->ocur) { +-- +2.14.1 + diff --git a/gnu/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch b/gnu/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch new file mode 100644 index 0000000000..890e9c2284 --- /dev/null +++ b/gnu/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch @@ -0,0 +1,319 @@ +Fix CVE-2017-{9049,9050}: + +https://bugzilla.gnome.org/show_bug.cgi?id=781205 (not yet public) +https://bugzilla.gnome.org/show_bug.cgi?id=781361 (not yet public) +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050 +http://www.openwall.com/lists/oss-security/2017/05/15/1 +https://security-tracker.debian.org/tracker/CVE-2017-9049 +https://security-tracker.debian.org/tracker/CVE-2017-9050 + +Patch copied from upstream source repository: + +https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3 + +Changes to 'runtest.c' are removed since they introduce test failure +when applying to libxml2 2.9.4 release tarball. + +From e26630548e7d138d2c560844c43820b6767251e3 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Mon, 5 Jun 2017 15:37:17 +0200 +Subject: [PATCH] Fix handling of parameter-entity references +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +There were two bugs where parameter-entity references could lead to an +unexpected change of the input buffer in xmlParseNameComplex and +xmlDictLookup being called with an invalid pointer. + +Percent sign in DTD Names +========================= + +The NEXTL macro used to call xmlParserHandlePEReference. When parsing +"complex" names inside the DTD, this could result in entity expansion +which created a new input buffer. The fix is to simply remove the call +to xmlParserHandlePEReference from the NEXTL macro. This is safe because +no users of the macro require expansion of parameter entities. + +- xmlParseNameComplex +- xmlParseNCNameComplex +- xmlParseNmtoken + +The percent sign is not allowed in names, which are grammatical tokens. + +- xmlParseEntityValue + +Parameter-entity references in entity values are expanded but this +happens in a separate step in this function. + +- xmlParseSystemLiteral + +Parameter-entity references are ignored in the system literal. + +- xmlParseAttValueComplex +- xmlParseCharDataComplex +- xmlParseCommentComplex +- xmlParsePI +- xmlParseCDSect + +Parameter-entity references are ignored outside the DTD. + +- xmlLoadEntityContent + +This function is only called from xmlStringLenDecodeEntities and +entities are replaced in a separate step immediately after the function +call. + +This bug could also be triggered with an internal subset and double +entity expansion. + +This fixes bug 766956 initially reported by Wei Lei and independently by +Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone +involved. + +xmlParseNameComplex with XML_PARSE_OLD10 +======================================== + +When parsing Names inside an expanded parameter entity with the +XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the +GROW macro if the input buffer was exhausted. At the end of the +parameter entity's replacement text, this function would then call +xmlPopInput which invalidated the input buffer. + +There should be no need to invoke GROW in this situation because the +buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and, +at least for UTF-8, in xmlCurrentChar. This also matches the code path +executed when XML_PARSE_OLD10 is not set. + +This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050). +Thanks to Marcel Böhme and Thuan Pham for the report. + +Additional hardening +==================== + +A separate check was added in xmlParseNameComplex to validate the +buffer size. +--- + Makefile.am | 18 ++++++++++++++++++ + parser.c | 18 ++++++++++-------- + result/errors10/781205.xml | 0 + result/errors10/781205.xml.err | 21 +++++++++++++++++++++ + result/errors10/781361.xml | 0 + result/errors10/781361.xml.err | 13 +++++++++++++ + result/valid/766956.xml | 0 + result/valid/766956.xml.err | 9 +++++++++ + result/valid/766956.xml.err.rdr | 10 ++++++++++ + runtest.c | 3 +++ + test/errors10/781205.xml | 3 +++ + test/errors10/781361.xml | 3 +++ + test/valid/766956.xml | 2 ++ + test/valid/dtds/766956.dtd | 2 ++ + 14 files changed, 94 insertions(+), 8 deletions(-) + create mode 100644 result/errors10/781205.xml + create mode 100644 result/errors10/781205.xml.err + create mode 100644 result/errors10/781361.xml + create mode 100644 result/errors10/781361.xml.err + create mode 100644 result/valid/766956.xml + create mode 100644 result/valid/766956.xml.err + create mode 100644 result/valid/766956.xml.err.rdr + create mode 100644 test/errors10/781205.xml + create mode 100644 test/errors10/781361.xml + create mode 100644 test/valid/766956.xml + create mode 100644 test/valid/dtds/766956.dtd + +diff --git a/Makefile.am b/Makefile.am +index 6fc8ffa9..10e716a5 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -427,6 +427,24 @@ Errtests : xmllint$(EXEEXT) + if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \ + rm result.$$name error.$$name ; \ + fi ; fi ; done) ++ @echo "## Error cases regression tests (old 1.0)" ++ -@(for i in $(srcdir)/test/errors10/*.xml ; do \ ++ name=`basename $$i`; \ ++ if [ ! -d $$i ] ; then \ ++ if [ ! -f $(srcdir)/result/errors10/$$name ] ; then \ ++ echo New test file $$name ; \ ++ $(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i \ ++ 2> $(srcdir)/result/errors10/$$name.err \ ++ > $(srcdir)/result/errors10/$$name ; \ ++ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \ ++ else \ ++ log=`$(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i 2> error.$$name > result.$$name ; \ ++ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \ ++ diff $(srcdir)/result/errors10/$$name result.$$name ; \ ++ diff $(srcdir)/result/errors10/$$name.err error.$$name` ; \ ++ if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \ ++ rm result.$$name error.$$name ; \ ++ fi ; fi ; done) + @echo "## Error cases stream regression tests" + -@(for i in $(srcdir)/test/errors/*.xml ; do \ + name=`basename $$i`; \ +diff --git a/parser.c b/parser.c +index df2efa55..a175ac4e 100644 +--- a/parser.c ++++ b/parser.c +@@ -2121,7 +2121,6 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) { + ctxt->input->line++; ctxt->input->col = 1; \ + } else ctxt->input->col++; \ + ctxt->input->cur += l; \ +- if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt); \ + } while (0) + + #define CUR_CHAR(l) xmlCurrentChar(ctxt, &l) +@@ -3412,13 +3411,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { + len += l; + NEXTL(l); + c = CUR_CHAR(l); +- if (c == 0) { +- count = 0; +- GROW; +- if (ctxt->instate == XML_PARSER_EOF) +- return(NULL); +- c = CUR_CHAR(l); +- } + } + } + if ((len > XML_MAX_NAME_LENGTH) && +@@ -3426,6 +3418,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { + xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name"); + return(NULL); + } ++ if (ctxt->input->cur - ctxt->input->base < len) { ++ /* ++ * There were a couple of bugs where PERefs lead to to a change ++ * of the buffer. Check the buffer size to avoid passing an invalid ++ * pointer to xmlDictLookup. ++ */ ++ xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR, ++ "unexpected change of input buffer"); ++ return (NULL); ++ } + if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r')) + return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len)); + return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len)); +diff --git a/result/errors10/781205.xml b/result/errors10/781205.xml +new file mode 100644 +index 00000000..e69de29b +diff --git a/result/errors10/781205.xml.err b/result/errors10/781205.xml.err +new file mode 100644 +index 00000000..da15c3f7 +--- /dev/null ++++ b/result/errors10/781205.xml.err +@@ -0,0 +1,21 @@ ++Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration ++ ++ %a; ++ ^ ++Entity: line 1: ++<:0000 ++^ ++Entity: line 1: parser error : DOCTYPE improperly terminated ++ %a; ++ ^ ++Entity: line 1: ++<:0000 ++^ ++namespace error : Failed to parse QName ':0000' ++ %a; ++ ^ ++<:0000 ++ ^ ++./test/errors10/781205.xml:4: parser error : Couldn't find end of Start Tag :0000 line 1 ++ ++^ +diff --git a/result/errors10/781361.xml b/result/errors10/781361.xml +new file mode 100644 +index 00000000..e69de29b +diff --git a/result/errors10/781361.xml.err b/result/errors10/781361.xml.err +new file mode 100644 +index 00000000..655f41a2 +--- /dev/null ++++ b/result/errors10/781361.xml.err +@@ -0,0 +1,13 @@ ++./test/errors10/781361.xml:4: parser error : xmlParseElementDecl: 'EMPTY', 'ANY' or '(' expected ++ ++^ ++./test/errors10/781361.xml:4: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration ++ ++ ++^ ++./test/errors10/781361.xml:4: parser error : DOCTYPE improperly terminated ++ ++^ ++./test/errors10/781361.xml:4: parser error : Start tag expected, '<' not found ++ ++^ +diff --git a/result/valid/766956.xml b/result/valid/766956.xml +new file mode 100644 +index 00000000..e69de29b +diff --git a/result/valid/766956.xml.err b/result/valid/766956.xml.err +new file mode 100644 +index 00000000..34b1dae6 +--- /dev/null ++++ b/result/valid/766956.xml.err +@@ -0,0 +1,9 @@ ++test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';' ++%ä%ent; ++ ^ ++Entity: line 1: parser error : Content error in the external subset ++ %ent; ++ ^ ++Entity: line 1: ++value ++^ +diff --git a/result/valid/766956.xml.err.rdr b/result/valid/766956.xml.err.rdr +new file mode 100644 +index 00000000..77603462 +--- /dev/null ++++ b/result/valid/766956.xml.err.rdr +@@ -0,0 +1,10 @@ ++test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';' ++%ä%ent; ++ ^ ++Entity: line 1: parser error : Content error in the external subset ++ %ent; ++ ^ ++Entity: line 1: ++value ++^ ++./test/valid/766956.xml : failed to parse +diff --git a/test/errors10/781205.xml b/test/errors10/781205.xml +new file mode 100644 +index 00000000..d9e9e839 +--- /dev/null ++++ b/test/errors10/781205.xml +@@ -0,0 +1,3 @@ ++ ++ %a; +diff --git a/test/errors10/781361.xml b/test/errors10/781361.xml +new file mode 100644 +index 00000000..67476bcb +--- /dev/null ++++ b/test/errors10/781361.xml +@@ -0,0 +1,3 @@ ++ ++ %elem; +diff --git a/test/valid/766956.xml b/test/valid/766956.xml +new file mode 100644 +index 00000000..19a95a0e +--- /dev/null ++++ b/test/valid/766956.xml +@@ -0,0 +1,2 @@ ++ ++ +diff --git a/test/valid/dtds/766956.dtd b/test/valid/dtds/766956.dtd +new file mode 100644 +index 00000000..dddde68b +--- /dev/null ++++ b/test/valid/dtds/766956.dtd +@@ -0,0 +1,2 @@ ++ ++%ä%ent; +-- +2.14.1 + diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index dd229ba73b..b4aa89e881 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -16,6 +16,7 @@ ;;; Copyright © 2016, 2017 Marius Bakke ;;; Copyright © 2017 Adriano Peluso ;;; Copyright © 2017 Gregor Giesen +;;; Copyright © 2017 Alex Vong ;;; ;;; This file is part of GNU Guix. ;;; @@ -110,6 +111,7 @@ hierarchical form with variable field lengths.") (package (name "libxml2") (version "2.9.4") + (replacement libxml2/fixed) (source (origin (method url-fetch) (uri (string-append "ftp://xmlsoft.org/libxml2/libxml2-" @@ -138,6 +140,19 @@ hierarchical form with variable field lengths.") project (but it is usable outside of the Gnome platform).") (license license:x11))) +(define libxml2/fixed + (package + (inherit libxml2) + (source + (origin + (inherit (package-source libxml2)) + (patches + (search-patches "libxml2-CVE-2017-0663.patch" + "libxml2-CVE-2017-7375.patch" + "libxml2-CVE-2017-7376.patch" + "libxml2-CVE-2017-9047+CVE-2017-9048.patch" + "libxml2-CVE-2017-9049+CVE-2017-9050.patch")))))) + (define-public python-libxml2 (package (inherit libxml2) (name "python-libxml2") -- cgit 1.4.1 From 0ff44ba4642c4ae672a7c66108a46f8d311955c2 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Fri, 1 Sep 2017 00:00:14 +0300 Subject: gnu: graphicsmagick: Fix CVE-2017-{13775,13776,13777}. * gnu/packages/imagemagick.scm (graphicsmagick)[source]: Add patches. * gnu/packages/patches/graphicsmagick-CVE-2017-13775.patch, gnu/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch: New files. * gnu/local.mk (dist_patch_DATA): Register them. --- gnu/local.mk | 2 + gnu/packages/imagemagick.scm | 5 +- .../patches/graphicsmagick-CVE-2017-13775.patch | 195 +++++++++++++++++++++ ...phicsmagick-CVE-2017-13776+CVE-2017-13777.patch | 179 +++++++++++++++++++ 4 files changed, 380 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/graphicsmagick-CVE-2017-13775.patch create mode 100644 gnu/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 586fa9809c..fbc6ff057f 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -676,6 +676,8 @@ dist_patch_DATA = \ %D%/packages/patches/graphicsmagick-CVE-2017-12935.patch \ %D%/packages/patches/graphicsmagick-CVE-2017-12936.patch \ %D%/packages/patches/graphicsmagick-CVE-2017-12937.patch \ + %D%/packages/patches/graphicsmagick-CVE-2017-13775.patch \ + %D%/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch \ %D%/packages/patches/graphite2-ffloat-store.patch \ %D%/packages/patches/grep-gnulib-lock.patch \ %D%/packages/patches/grep-timing-sensitive-test.patch \ diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm index 4056d486fb..57ac7fda97 100644 --- a/gnu/packages/imagemagick.scm +++ b/gnu/packages/imagemagick.scm @@ -4,6 +4,7 @@ ;;; Copyright © 2015 Ricardo Wurmus ;;; Copyright © 2016 Leo Famulari ;;; Copyright © 2016 Mark H Weaver +;;; Copyright © 2017 Efraim Flashner ;;; ;;; This file is part of GNU Guix. ;;; @@ -179,7 +180,9 @@ script.") (patches (search-patches "graphicsmagick-CVE-2017-12935.patch" "graphicsmagick-CVE-2017-12936.patch" - "graphicsmagick-CVE-2017-12937.patch")))) + "graphicsmagick-CVE-2017-12937.patch" + "graphicsmagick-CVE-2017-13775.patch" + "graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch")))) (build-system gnu-build-system) (arguments `(#:configure-flags diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-13775.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-13775.patch new file mode 100644 index 0000000000..83478c13b3 --- /dev/null +++ b/gnu/packages/patches/graphicsmagick-CVE-2017-13775.patch @@ -0,0 +1,195 @@ +http://openwall.com/lists/oss-security/2017/08/31/3 +http://hg.code.sf.net/p/graphicsmagick/code/raw-rev/b037d79b6ccd + +some changes were made to make the patch apply + +# HG changeset patch +# User Bob Friesenhahn +# Date 1503774853 18000 +# Node ID b037d79b6ccd0cfba7ba9ce09b454ed46d688036 +# Parent 198ea602ea7cc767dc3022bbcf887bcd4534158d +JNX: Fix DOS issues + +diff -r 198ea602ea7c -r b037d79b6ccd coders/jnx.c +--- a/coders/jnx.c Tue Aug 22 08:08:30 2017 -0500 ++++ b/coders/jnx.c Sat Aug 26 14:14:13 2017 -0500 +@@ -1,5 +1,5 @@ + /* +-% Copyright (C) 2012-2015 GraphicsMagick Group ++% Copyright (C) 2012-2017 GraphicsMagick Group + % + % This program is covered by multiple licenses, which are described in + % Copyright.txt. You should have received a copy of Copyright.txt with this +@@ -100,6 +100,7 @@ + + char img_label_str[MaxTextExtent]; + ++ + alloc_size = TileInfo->PicSize + 2; + + if (image->logging) +@@ -242,6 +243,9 @@ + total_tiles, + current_tile; + ++ magick_off_t ++ file_size; ++ + /* Open image file. */ + assert(image_info != (const ImageInfo *) NULL); + assert(image_info->signature == MagickSignature); +@@ -254,9 +258,8 @@ + if (status == False) + ThrowReaderException(FileOpenError, UnableToOpenFile, image); + +- memset(JNXLevelInfo, 0, sizeof(JNXLevelInfo)); +- + /* Read JNX image header. */ ++ (void) memset(&JNXHeader, 0, sizeof(JNXHeader)); + JNXHeader.Version = ReadBlobLSBLong(image); + if (JNXHeader.Version > 4) + ThrowReaderException(CorruptImageError, ImproperImageHeader, image); +@@ -266,8 +269,6 @@ + JNXHeader.MapBounds.SouthWest.lat = ReadBlobLSBLong(image); + JNXHeader.MapBounds.SouthWest.lon = ReadBlobLSBLong(image); + JNXHeader.Levels = ReadBlobLSBLong(image); +- if (JNXHeader.Levels > 20) +- ThrowReaderException(CorruptImageError, ImproperImageHeader, image); + JNXHeader.Expiration = ReadBlobLSBLong(image); + JNXHeader.ProductID = ReadBlobLSBLong(image); + JNXHeader.CRC = ReadBlobLSBLong(image); +@@ -279,7 +280,41 @@ + if (EOFBlob(image)) + ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image); + ++ file_size = GetBlobSize(image); ++ ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ "JNX Header:\n" ++ " Version: %u\n" ++ " DeviceSN: %u\n" ++ " MapBounds:\n" ++ " NorthEast: lat = %u, lon = %u\n" ++ " SouthWest: lat = %u, lon = %u\n" ++ " Levels: %u\n" ++ " Expiration: %u\n" ++ " ProductID: %u\n" ++ " CRC: %u\n" ++ " SigVersion: %u\n" ++ " SigOffset: %u\n" ++ " ZOrder: %u", ++ JNXHeader.Version, ++ JNXHeader.DeviceSN, ++ JNXHeader.MapBounds.NorthEast.lat, ++ JNXHeader.MapBounds.NorthEast.lon, ++ JNXHeader.MapBounds.SouthWest.lat, ++ JNXHeader.MapBounds.SouthWest.lon, ++ JNXHeader.Levels, ++ JNXHeader.Expiration, ++ JNXHeader.ProductID, ++ JNXHeader.CRC, ++ JNXHeader.SigVersion, ++ JNXHeader.SigOffset, ++ JNXHeader.ZOrder); ++ ++ if (JNXHeader.Levels > 20) ++ ThrowReaderException(CorruptImageError, ImproperImageHeader, image); ++ + /* Read JNX image level info. */ ++ memset(JNXLevelInfo, 0, sizeof(JNXLevelInfo)); + total_tiles = 0; + current_tile = 0; + for (i = 0; i < JNXHeader.Levels; i++) +@@ -302,11 +337,23 @@ + { + JNXLevelInfo[i].Copyright = NULL; + } ++ ++ if (EOFBlob(image)) ++ ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image); ++ ++ if (image->logging) ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ "Level[%u] Info:" ++ " TileCount: %4u" ++ " TilesOffset: %6u" ++ " Scale: %04u", ++ i, ++ JNXLevelInfo[i].TileCount, ++ JNXLevelInfo[i].TilesOffset, ++ JNXLevelInfo[i].Scale ++ ); + } + +- if (EOFBlob(image)) +- ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image); +- + /* Get the current limit */ + SaveLimit = GetMagickResourceLimit(MapResource); + +@@ -316,11 +363,32 @@ + /* Read JNX image data. */ + for (i = 0; i < JNXHeader.Levels; i++) + { ++ /* ++ Validate TileCount against remaining file data ++ */ ++ const magick_off_t current_offset = TellBlob(image); ++ const size_t pos_list_entry_size = ++ sizeof(magick_uint32_t) + sizeof(magick_uint32_t) + sizeof(magick_uint32_t) + ++ sizeof(magick_uint32_t) + sizeof(magick_uint16_t) + sizeof(magick_uint16_t) + ++ sizeof(magick_uint32_t) + sizeof(magick_uint32_t); ++ const magick_off_t remaining = file_size-current_offset; ++ const size_t needed = MagickArraySize(pos_list_entry_size,JNXLevelInfo[i].TileCount); ++ ++ if ((needed == 0U) || (remaining <= 0) || (remaining < (magick_off_t) needed)) ++ { ++ (void) SetMagickResourceLimit(MapResource, SaveLimit); ++ ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image); ++ } ++ + PositionList = MagickAllocateArray(TJNXTileInfo *, + JNXLevelInfo[i].TileCount, + sizeof(TJNXTileInfo)); + if (PositionList == NULL) +- continue; ++ { ++ (void) SetMagickResourceLimit(MapResource, SaveLimit); ++ ThrowReaderException(ResourceLimitError,MemoryAllocationFailed, ++ image); ++ } + + (void) SeekBlob(image, JNXLevelInfo[i].TilesOffset, SEEK_SET); + for (j = 0; j < JNXLevelInfo[i].TileCount; j++) +@@ -333,12 +401,15 @@ + PositionList[j].PicHeight = ReadBlobLSBShort(image); + PositionList[j].PicSize = ReadBlobLSBLong(image); + PositionList[j].PicOffset = ReadBlobLSBLong(image); +- } + +- if (EOFBlob(image)) +- { +- MagickFreeMemory(PositionList); +- ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image); ++ if (EOFBlob(image) || ++ ((magick_off_t) PositionList[j].PicOffset + ++ PositionList[j].PicSize > file_size)) ++ { ++ (void) SetMagickResourceLimit(MapResource, SaveLimit); ++ MagickFreeMemory(PositionList); ++ ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image); ++ } + } + + for (j = 0; j < JNXLevelInfo[i].TileCount; j++) +@@ -351,6 +422,9 @@ + image = ExtractTileJPG(image, image_info, PositionList+j, exception); + (void) SetMonitorHandler(previous_handler); + ++ if (exception->severity >= ErrorException) ++ break; ++ + current_tile++; + if (QuantumTick(current_tile,total_tiles)) + if (!MagickMonitorFormatted(current_tile,total_tiles,exception, + diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch new file mode 100644 index 0000000000..e129fd58fc --- /dev/null +++ b/gnu/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch @@ -0,0 +1,179 @@ +http://openwall.com/lists/oss-security/2017/08/31/1 +http://openwall.com/lists/oss-security/2017/08/31/2 +http://hg.code.sf.net/p/graphicsmagick/code/raw-rev/233a720bfd5e + +some changes were made to make the patch apply + +# HG changeset patch +# User Bob Friesenhahn +# Date 1503779175 18000 +# Node ID 233a720bfd5efd378f133a776507ed41230da617 +# Parent b037d79b6ccd0cfba7ba9ce09b454ed46d688036 +XBM: Fix DOS issues. + +diff -r b037d79b6ccd -r 233a720bfd5e coders/xbm.c +--- a/coders/xbm.c Sat Aug 26 14:14:13 2017 -0500 ++++ b/coders/xbm.c Sat Aug 26 15:26:15 2017 -0500 +@@ -1,5 +1,5 @@ + /* +-% Copyright (C) 2003 -2012 GraphicsMagick Group ++% Copyright (C) 2003-2017 GraphicsMagick Group + % Copyright (C) 2002 ImageMagick Studio + % Copyright 1991-1999 E. I. du Pont de Nemours and Company + % +@@ -121,13 +121,15 @@ + + static int XBMInteger(Image *image,short int *hex_digits) + { ++ unsigned int ++ flag; ++ + int + c, +- flag, + value; + + value=0; +- flag=0; ++ flag=0U; + for ( ; ; ) + { + c=ReadBlobByte(image); +@@ -158,18 +160,14 @@ + Image + *image; + +- int +- bit; +- +- long +- y; +- + register IndexPacket + *indexes; + +- register long ++ register size_t ++ bytes_per_line, + i, +- x; ++ x, ++ y; + + register PixelPacket + *q; +@@ -177,22 +175,24 @@ + register unsigned char + *p; + +- short int +- hex_digits[256]; +- + unsigned char + *data; + + unsigned int ++ bit, ++ byte, ++ padding, ++ version; ++ ++ int ++ value; ++ ++ short int ++ hex_digits[256]; ++ ++ MagickPassFail + status; + +- unsigned long +- byte, +- bytes_per_line, +- padding, +- value, +- version; +- + /* + Open image file. + */ +@@ -207,6 +207,8 @@ + /* + Read X bitmap header. + */ ++ (void) memset(buffer,0,sizeof(buffer)); ++ name[0]='\0'; + while (ReadBlobString(image,buffer) != (char *) NULL) + if (sscanf(buffer,"#define %s %lu",name,&image->columns) == 2) + if ((strlen(name) >= 6) && +@@ -278,6 +280,8 @@ + /* + Initialize hex values. + */ ++ for (i = 0; i < sizeof(hex_digits)/sizeof(hex_digits[0]); i++) ++ hex_digits[i]=(-1); + hex_digits['0']=0; + hex_digits['1']=1; + hex_digits['2']=2; +@@ -311,40 +315,50 @@ + */ + p=data; + if (version == 10) +- for (i=0; i < (long) (bytes_per_line*image->rows); (i+=2)) ++ for (i=0; i < (bytes_per_line*image->rows); (i+=2)) + { + value=XBMInteger(image,hex_digits); ++ if (value < 0) ++ { ++ MagickFreeMemory(data); ++ ThrowReaderException(CorruptImageError,ImproperImageHeader,image); ++ } + *p++=(unsigned char) value; + if (!padding || ((i+2) % bytes_per_line)) + *p++=(unsigned char) (value >> 8); + } + else +- for (i=0; i < (long) (bytes_per_line*image->rows); i++) ++ for (i=0; i < (bytes_per_line*image->rows); i++) + { + value=XBMInteger(image,hex_digits); ++ if (value < 0) ++ { ++ MagickFreeMemory(data); ++ ThrowReaderException(CorruptImageError,ImproperImageHeader,image); ++ } + *p++=(unsigned char) value; + } + /* + Convert X bitmap image to pixel packets. + */ + p=data; +- for (y=0; y < (long) image->rows; y++) ++ for (y=0; y < image->rows; y++) + { + q=SetImagePixels(image,0,y,image->columns,1); + if (q == (PixelPacket *) NULL) + break; + indexes=AccessMutableIndexes(image); +- bit=0; +- byte=0; +- for (x=0; x < (long) image->columns; x++) ++ bit=0U; ++ byte=0U; ++ for (x=0; x < image->columns; x++) + { +- if (bit == 0) ++ if (bit == 0U) + byte=(*p++); + indexes[x]=byte & 0x01 ? 0x01 : 0x00; + bit++; +- byte>>=1; +- if (bit == 8) +- bit=0; ++ byte>>=1U; ++ if (bit == 8U) ++ bit=0U; + } + if (!SyncImagePixels(image)) + break; + -- cgit 1.4.1 From a0596a2f27c339bcb4c5d3f2ffc8d6df38ff7947 Mon Sep 17 00:00:00 2001 From: Arun Isaac Date: Tue, 29 Aug 2017 16:02:50 +0530 Subject: gnu: python2-larch: Enable tests. * gnu/packages/patches/python2-larch-coverage-4.0a6-compatibility.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/python.scm (python2-larch)[source]: Use it. [arguments]: Move 'check' phase to before 'build' phase. --- gnu/local.mk | 1 + ...ython2-larch-coverage-4.0a6-compatibility.patch | 29 ++++++++++++++++++++++ gnu/packages/python.scm | 17 ++++++++++++- 3 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/python2-larch-coverage-4.0a6-compatibility.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index fbc6ff057f..2e40026e53 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -962,6 +962,7 @@ dist_patch_DATA = \ %D%/packages/patches/python-genshi-fix-tests-on-python-3.5.patch \ %D%/packages/patches/python-genshi-isstring-helper.patch \ %D%/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch \ + %D%/packages/patches/python2-larch-coverage-4.0a6-compatibility.patch \ %D%/packages/patches/python-parse-too-many-fields.patch \ %D%/packages/patches/python2-rdflib-drop-sparqlwrapper.patch \ %D%/packages/patches/python-statsmodels-fix-tests.patch \ diff --git a/gnu/packages/patches/python2-larch-coverage-4.0a6-compatibility.patch b/gnu/packages/patches/python2-larch-coverage-4.0a6-compatibility.patch new file mode 100644 index 0000000000..f1db5d7c3b --- /dev/null +++ b/gnu/packages/patches/python2-larch-coverage-4.0a6-compatibility.patch @@ -0,0 +1,29 @@ +From ca548da9ba78ddee90779051210e3e89185e4f7d Mon Sep 17 00:00:00 2001 +From: Michel Alexandre Salim +Date: Mon, 15 Feb 2016 23:03:42 +0700 +Subject: coverage-4.0a6 compatibility + +coverage 4.0a6 no longer generates .coverage file, so use -f when +deleting .coverage to ensure deletion does not fail. +--- + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +(limited to 'Makefile') + +diff --git a/Makefile b/Makefile +index 7818f57..362c07f 100644 +--- a/Makefile ++++ b/Makefile +@@ -23,7 +23,7 @@ fsck-larch.1: fsck-larch.1.in fsck-larch + + check: + python -m CoverageTestRunner --ignore-missing-from=without-tests +- rm .coverage ++ rm -f .coverage + ./insert-remove-test tempdir 100 + rm -r tempdir larch.log + cmdtest tests +-- +cgit v1.1 + diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 8bdd865af3..874ad82d91 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -68,6 +68,7 @@ #:use-module (gnu packages attr) #:use-module (gnu packages backup) #:use-module (gnu packages bash) + #:use-module (gnu packages check) #:use-module (gnu packages compression) #:use-module (gnu packages crypto) #:use-module (gnu packages databases) @@ -14193,12 +14194,26 @@ happens using the @code{logging} library.") (uri (string-append "http://git.liw.fi/cgi-bin/cgit/cgit.cgi/larch/snapshot/larch-" version ".tar.gz")) + (patches (search-patches + "python2-larch-coverage-4.0a6-compatibility.patch")) (sha256 (base32 "1p4knkkavlqymgciz2wbcnfrdgdbafhg14maplnk4vbw0q8xs663")))) (build-system python-build-system) (arguments - `(#:python ,python-2)) + `(#:python ,python-2 + #:phases + (modify-phases %standard-phases + ;; check phase needs to be run before the build phase. If not, + ;; coverage-test-runner looks for tests for the built source files, + ;; and fails. + (delete 'check) + (add-before 'build 'check + (lambda _ + (zero? (system* "make" "check"))))))) + (native-inputs + `(("cmdtest" ,cmdtest) + ("python2-coverage-test-runner" ,python2-coverage-test-runner))) (propagated-inputs `(("python2-tracing" ,python2-tracing))) (home-page "https://liw.fi/larch/") -- cgit 1.4.1 From 25bd1fc1c12ee2dfbcb12daf36f25285a4f7e55a Mon Sep 17 00:00:00 2001 From: Ben Woodcroft Date: Fri, 1 Sep 2017 13:59:28 +0800 Subject: gnu: metabat: Update to 2.12.1. * gnu/packages/patches/metabat-remove-compilation-date.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. * gnu/packages/bioinformatics.scm (metabat): Update to 2.12.1. [source]: Remove it. Use url-fetch. --- gnu/local.mk | 1 - gnu/packages/bioinformatics.scm | 16 +++++++--------- .../patches/metabat-remove-compilation-date.patch | 16 ---------------- 3 files changed, 7 insertions(+), 26 deletions(-) delete mode 100644 gnu/packages/patches/metabat-remove-compilation-date.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 2e40026e53..8c683b8e42 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -846,7 +846,6 @@ dist_patch_DATA = \ %D%/packages/patches/mcrypt-CVE-2012-4527.patch \ %D%/packages/patches/mesa-skip-disk-cache-test.patch \ %D%/packages/patches/mesa-wayland-egl-symbols-check-mips.patch \ - %D%/packages/patches/metabat-remove-compilation-date.patch \ %D%/packages/patches/metabat-fix-compilation.patch \ %D%/packages/patches/mhash-keygen-test-segfault.patch \ %D%/packages/patches/mingw-w64-5.0rc2-gcc-4.9.3.patch \ diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm index 70418cd977..37980f3756 100644 --- a/gnu/packages/bioinformatics.scm +++ b/gnu/packages/bioinformatics.scm @@ -3475,19 +3475,17 @@ form of assemblies or reads.") (define-public metabat (package (name "metabat") - (version "2.11.3") + (version "2.12.1") (source (origin - (method git-fetch) - (uri (git-reference - (url "https://bitbucket.org/berkeleylab/metabat.git") - (commit "d0ad65367ffc8e08d1a9dd1388d6170daa047e5c"))) - (file-name (string-append name "-" version "-checkout")) + (method url-fetch) + (uri (string-append "https://bitbucket.org/berkeleylab/metabat/get/v" + version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "1rlsrkz8iq8xah65222p055kzv5i3szz8bwysnvnh0pv72wvv6ww")) - (patches (search-patches "metabat-remove-compilation-date.patch" - "metabat-fix-compilation.patch")))) + "1hmvdalz3zj5sqqklg0l4npjdv37cv2hsdi1al9iby2ndxjs1b73")) + (patches (search-patches "metabat-fix-compilation.patch")))) (build-system gnu-build-system) (arguments `(#:phases diff --git a/gnu/packages/patches/metabat-remove-compilation-date.patch b/gnu/packages/patches/metabat-remove-compilation-date.patch deleted file mode 100644 index 7672205b22..0000000000 --- a/gnu/packages/patches/metabat-remove-compilation-date.patch +++ /dev/null @@ -1,16 +0,0 @@ -Remove the reference to the compilation date so that the build is -reproducible. - -diff --git a/src/metabat.cpp b/src/metabat.cpp -index 88e06de..c95cb1a 100644 ---- a/src/metabat.cpp -+++ b/src/metabat.cpp -@@ -49,7 +49,7 @@ int main(int ac, char* av[]) { - po::notify(vm); - - if (vm.count("help") || inFile.length() == 0 || outFile.length() == 0) { -- cerr << "\nMetaBAT: Metagenome Binning based on Abundance and Tetranucleotide frequency (version " << version << "; " << __DATE__ << " " << __TIME__ << ")" << endl; -+ cerr << "\nMetaBAT: Metagenome Binning based on Abundance and Tetranucleotide frequency (version " << version << "; unknown compilation date)" << endl; - cerr << "by Don Kang (ddkang@lbl.gov), Jeff Froula, Rob Egan, and Zhong Wang (zhongwang@lbl.gov) \n" << endl; - cerr << desc << endl << endl; - -- cgit 1.4.1 From d536113df0049e979a088a7794016d77a784b95c Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Fri, 1 Sep 2017 20:45:49 -0400 Subject: gnu: openjpeg: Fix CVE-2017-{14040,14041}. * gnu/packages/image.scm (openjpeg)[source]: Add patches. * gnu/packages/patches/openjpeg-CVE-2017-14040.patch, gnu/packages/patches/openjpeg-CVE-2017-14041.patch: New files. * gnu/local.mk (dist_patch_DATA): Register them. --- gnu/local.mk | 2 + gnu/packages/image.scm | 4 +- gnu/packages/patches/openjpeg-CVE-2017-14040.patch | 83 ++++++++++++++++++++++ gnu/packages/patches/openjpeg-CVE-2017-14041.patch | 25 +++++++ 4 files changed, 113 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/openjpeg-CVE-2017-14040.patch create mode 100644 gnu/packages/patches/openjpeg-CVE-2017-14041.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 8c683b8e42..05a640428d 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -888,6 +888,8 @@ dist_patch_DATA = \ %D%/packages/patches/openscenegraph-ffmpeg3.patch \ %D%/packages/patches/openexr-missing-samples.patch \ %D%/packages/patches/openjpeg-CVE-2017-12982.patch \ + %D%/packages/patches/openjpeg-CVE-2017-14040.patch \ + %D%/packages/patches/openjpeg-CVE-2017-14041.patch \ %D%/packages/patches/openldap-CVE-2017-9287.patch \ %D%/packages/patches/openocd-nrf52.patch \ %D%/packages/patches/openssl-runpath.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 503a249a91..5d062b107b 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -520,7 +520,9 @@ work.") (sha256 (base32 "0yvfghxwfm3dcqr9krkw63pcd76hzkknc3fh7bh11s8qlvjvrpbg")) - (patches (search-patches "openjpeg-CVE-2017-12982.patch")))) + (patches (search-patches "openjpeg-CVE-2017-12982.patch" + "openjpeg-CVE-2017-14040.patch" + "openjpeg-CVE-2017-14041.patch")))) (build-system cmake-build-system) (arguments ;; Trying to run `$ make check' results in a no rule fault. diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14040.patch b/gnu/packages/patches/openjpeg-CVE-2017-14040.patch new file mode 100644 index 0000000000..bd7473ba0d --- /dev/null +++ b/gnu/packages/patches/openjpeg-CVE-2017-14040.patch @@ -0,0 +1,83 @@ +http://openwall.com/lists/oss-security/2017/08/28/3 +https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281.patch + +From 2cd30c2b06ce332dede81cccad8b334cde997281 Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Thu, 17 Aug 2017 11:47:40 +0200 +Subject: [PATCH] tgatoimage(): avoid excessive memory allocation attempt, and + fixes unaligned load (#995) + +--- + src/bin/jp2/convert.c | 39 +++++++++++++++++++++++++++------------ + 1 file changed, 27 insertions(+), 12 deletions(-) + +diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c +index a4eb81f6a..73dfc8d5f 100644 +--- a/src/bin/jp2/convert.c ++++ b/src/bin/jp2/convert.c +@@ -580,13 +580,10 @@ struct tga_header { + }; + #endif /* INFORMATION_ONLY */ + +-static unsigned short get_ushort(const unsigned char *data) ++/* Returns a ushort from a little-endian serialized value */ ++static unsigned short get_tga_ushort(const unsigned char *data) + { +- unsigned short val = *(const unsigned short *)data; +-#ifdef OPJ_BIG_ENDIAN +- val = ((val & 0xffU) << 8) | (val >> 8); +-#endif +- return val; ++ return data[0] | (data[1] << 8); + } + + #define TGA_HEADER_SIZE 18 +@@ -613,17 +610,17 @@ static int tga_readheader(FILE *fp, unsigned int *bits_per_pixel, + id_len = tga[0]; + /*cmap_type = tga[1];*/ + image_type = tga[2]; +- /*cmap_index = get_ushort(&tga[3]);*/ +- cmap_len = get_ushort(&tga[5]); ++ /*cmap_index = get_tga_ushort(&tga[3]);*/ ++ cmap_len = get_tga_ushort(&tga[5]); + cmap_entry_size = tga[7]; + + + #if 0 +- x_origin = get_ushort(&tga[8]); +- y_origin = get_ushort(&tga[10]); ++ x_origin = get_tga_ushort(&tga[8]); ++ y_origin = get_tga_ushort(&tga[10]); + #endif +- image_w = get_ushort(&tga[12]); +- image_h = get_ushort(&tga[14]); ++ image_w = get_tga_ushort(&tga[12]); ++ image_h = get_tga_ushort(&tga[14]); + pixel_depth = tga[16]; + image_desc = tga[17]; + +@@ -817,6 +814,24 @@ opj_image_t* tgatoimage(const char *filename, opj_cparameters_t *parameters) + color_space = OPJ_CLRSPC_SRGB; + } + ++ /* If the declared file size is > 10 MB, check that the file is big */ ++ /* enough to avoid excessive memory allocations */ ++ if (image_height != 0 && image_width > 10000000 / image_height / numcomps) { ++ char ch; ++ OPJ_UINT64 expected_file_size = ++ (OPJ_UINT64)image_width * image_height * numcomps; ++ long curpos = ftell(f); ++ if (expected_file_size > (OPJ_UINT64)INT_MAX) { ++ expected_file_size = (OPJ_UINT64)INT_MAX; ++ } ++ fseek(f, (long)expected_file_size - 1, SEEK_SET); ++ if (fread(&ch, 1, 1, f) != 1) { ++ fclose(f); ++ return NULL; ++ } ++ fseek(f, curpos, SEEK_SET); ++ } ++ + subsampling_dx = parameters->subsampling_dx; + subsampling_dy = parameters->subsampling_dy; + diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14041.patch b/gnu/packages/patches/openjpeg-CVE-2017-14041.patch new file mode 100644 index 0000000000..6e3fccf3c0 --- /dev/null +++ b/gnu/packages/patches/openjpeg-CVE-2017-14041.patch @@ -0,0 +1,25 @@ +http://openwall.com/lists/oss-security/2017/08/28/4 +https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9.patch + +From e5285319229a5d77bf316bb0d3a6cbd3cb8666d9 Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Fri, 18 Aug 2017 13:39:20 +0200 +Subject: [PATCH] pgxtoimage(): fix write stack buffer overflow (#997) + +--- + src/bin/jp2/convert.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c +index 5459f7d44..e606c9be7 100644 +--- a/src/bin/jp2/convert.c ++++ b/src/bin/jp2/convert.c +@@ -1185,7 +1185,7 @@ opj_image_t* pgxtoimage(const char *filename, opj_cparameters_t *parameters) + } + + fseek(f, 0, SEEK_SET); +- if (fscanf(f, "PG%[ \t]%c%c%[ \t+-]%d%[ \t]%d%[ \t]%d", temp, &endian1, ++ if (fscanf(f, "PG%31[ \t]%c%c%31[ \t+-]%d%31[ \t]%d%31[ \t]%d", temp, &endian1, + &endian2, signtmp, &prec, temp, &w, temp, &h) != 9) { + fclose(f); + fprintf(stderr, -- cgit 1.4.1 From 448339709d85b77e89651a2f4facf57e31c79b4a Mon Sep 17 00:00:00 2001 From: Jelle Licht Date: Thu, 27 Jul 2017 17:11:08 +0200 Subject: gnu: node: Update to 8.4.0. * gnu/packages/patches/node-9077.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. * gnu/packages/node.scm (node): Update to 8.4.0. (node)[arguments]: Removed broken linter test. Removed dns test. --- gnu/local.mk | 1 - gnu/packages/node.scm | 12 +++++------- gnu/packages/patches/node-9077.patch | 31 ------------------------------- 3 files changed, 5 insertions(+), 39 deletions(-) delete mode 100644 gnu/packages/patches/node-9077.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 05a640428d..643a88db81 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -872,7 +872,6 @@ dist_patch_DATA = \ %D%/packages/patches/newsbeuter-CVE-2017-12904.patch \ %D%/packages/patches/ngircd-handle-zombies.patch \ %D%/packages/patches/ninja-zero-mtime.patch \ - %D%/packages/patches/node-9077.patch \ %D%/packages/patches/nss-increase-test-timeout.patch \ %D%/packages/patches/nss-pkgconfig.patch \ %D%/packages/patches/nvi-assume-preserve-path.patch \ diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm index 2cebabbcaf..805b81bd2e 100644 --- a/gnu/packages/node.scm +++ b/gnu/packages/node.scm @@ -40,16 +40,14 @@ (define-public node (package (name "node") - (version "8.1.2") + (version "8.4.0") (source (origin (method url-fetch) (uri (string-append "http://nodejs.org/dist/v" version "/node-v" version ".tar.gz")) (sha256 (base32 - "0l92gar1pivzaiwffiiiz2f2m5k39sl5fphlfnvy0ml9hrjb65yp")) - ;; https://github.com/nodejs/node/pull/9077 - (patches (search-patches "node-9077.patch")))) + "1vrpc4lspm33hmb8c2q4w1fzg3iaip2gx4wpr4nyy417hbx1a6k4")))) (build-system gnu-build-system) (arguments ;; TODO: Purge the bundled copies from the source. @@ -78,10 +76,9 @@ (("'/usr/bin/env'") (string-append "'" (which "env") "'"))) - ;; Having the build fail because of linter errors is insane! + ;; Linting is no longer supported in the release tarball (substitute* '("Makefile") - ((" \\$\\(MAKE\\) jslint") "") - ((" \\$\\(MAKE\\) cpplint\n") "")) + ((" \\$\\(MAKE\\) lint") "")) ;; FIXME: This test seems to depends on files that are not ;; available in the bundled v8. See @@ -95,6 +92,7 @@ "test/parallel/test-util-inspect.js" "test/parallel/test-v8-serdes.js" "test/parallel/test-dgram-membership.js" + "test/parallel/test-dns-resolveany.js" "test/parallel/test-cluster-master-error.js" "test/parallel/test-cluster-master-kill.js" "test/parallel/test-npm-install.js" diff --git a/gnu/packages/patches/node-9077.patch b/gnu/packages/patches/node-9077.patch deleted file mode 100644 index 6b71d48c0e..0000000000 --- a/gnu/packages/patches/node-9077.patch +++ /dev/null @@ -1,31 +0,0 @@ -From fc164acbbb700fd50ab9c04b47fc1b2687e9c0f4 Mon Sep 17 00:00:00 2001 -From: "Bradley T. Hughes" -Date: Thu, 13 Oct 2016 07:38:38 +0000 -Subject: [PATCH] build: add -DZLIB_CONST when building with --shared-zlib - -Commit 782620f added the define only when building with the bundled -zlib. Using a shared zlib results in build breakage: - -../src/inspector_agent.cc:179:16: error: assigning to 'Bytef *' (aka 'unsigned char *') from incompatible type - 'const uint8_t *' (aka 'const unsigned char *') - strm.next_in = PROTOCOL_JSON + 3; - ^ ~~~~~~~~~~~~~~~~~ -1 error generated. ---- - node.gyp | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/node.gyp b/node.gyp -index 272dc98..667c260 100644 ---- a/node.gyp -+++ b/node.gyp -@@ -653,7 +653,8 @@ - [ 'node_shared_zlib=="false"', { - 'dependencies': [ - 'deps/zlib/zlib.gyp:zlib', -- ] -+ ]}, { -+ 'defines': [ 'ZLIB_CONST' ], - }], - [ 'node_shared_openssl=="false"', { - 'dependencies': [ -- cgit 1.4.1 From 514c2f480643c3481498b4a3ad32d6e6351260ff Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Tue, 5 Sep 2017 12:56:00 -0400 Subject: gnu: tcpdump: Fix CVE-2017-[11541,11542,11543]. * gnu/packages/patches/tcpdump-CVE-2017-11541.patch, gnu/packages/patches/tcpdump-CVE-2017-11542.patch gnu/packages/patches/tcpdump-CVE-2017-11543.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/admin.scm (tcpdump)[source]: Use them. --- gnu/local.mk | 3 + gnu/packages/admin.scm | 3 + gnu/packages/patches/tcpdump-CVE-2017-11541.patch | 47 ++++++++++++++ gnu/packages/patches/tcpdump-CVE-2017-11542.patch | 37 +++++++++++ gnu/packages/patches/tcpdump-CVE-2017-11543.patch | 79 +++++++++++++++++++++++ 5 files changed, 169 insertions(+) create mode 100644 gnu/packages/patches/tcpdump-CVE-2017-11541.patch create mode 100644 gnu/packages/patches/tcpdump-CVE-2017-11542.patch create mode 100644 gnu/packages/patches/tcpdump-CVE-2017-11543.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 643a88db81..edfecc7783 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1031,6 +1031,9 @@ dist_patch_DATA = \ %D%/packages/patches/tar-skip-unreliable-tests.patch \ %D%/packages/patches/tcl-mkindex-deterministic.patch \ %D%/packages/patches/tclxml-3.2-install.patch \ + %D%/packages/patches/tcpdump-CVE-2017-11541.patch \ + %D%/packages/patches/tcpdump-CVE-2017-11542.patch \ + %D%/packages/patches/tcpdump-CVE-2017-11543.patch \ %D%/packages/patches/tcsh-fix-autotest.patch \ %D%/packages/patches/tcsh-fix-out-of-bounds-read.patch \ %D%/packages/patches/teensy-loader-cli-help.patch \ diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index ea71de6f57..f047bcaef3 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -666,6 +666,9 @@ network statistics collection, security monitoring, network debugging, etc.") (method url-fetch) (uri (string-append "http://www.tcpdump.org/release/tcpdump-" version ".tar.gz")) + (patches (search-patches "tcpdump-CVE-2017-11541.patch" + "tcpdump-CVE-2017-11542.patch" + "tcpdump-CVE-2017-11543.patch")) (sha256 (base32 "1wyqbg7bkmgqyslf1ns0xx9fcqi66hvcfm9nf77rl15jvvs8qi7r")))) diff --git a/gnu/packages/patches/tcpdump-CVE-2017-11541.patch b/gnu/packages/patches/tcpdump-CVE-2017-11541.patch new file mode 100644 index 0000000000..a9fc632dc2 --- /dev/null +++ b/gnu/packages/patches/tcpdump-CVE-2017-11541.patch @@ -0,0 +1,47 @@ +Fix CVE-2017-11541 + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11541 + +Patch copied from upstream source repository: + +https://github.com/the-tcpdump-group/tcpdump/commit/21d702a136c5c16882e368af7c173df728242280 + +From 21d702a136c5c16882e368af7c173df728242280 Mon Sep 17 00:00:00 2001 +From: Guy Harris +Date: Tue, 7 Feb 2017 11:40:36 -0800 +Subject: [PATCH] CVE-2017-11541: In safeputs(), check the length before + checking for a NUL terminator. + +safeputs() doesn't do packet bounds checking of its own; it assumes that +the caller has checked the availability in the packet data of all maxlen +bytes of data. This means we should check that we're within the +specified limit before looking at the byte. + +This fixes a buffer over-read discovered by Kamil Frankowicz. + +Add a test using the capture file supplied by the reporter(s). +--- + tests/TESTLIST | 1 + + tests/hoobr_safeputs.out | 2 ++ + tests/hoobr_safeputs.pcap | Bin 0 -> 88 bytes + util-print.c | 2 +- + 4 files changed, 4 insertions(+), 1 deletion(-) + create mode 100644 tests/hoobr_safeputs.out + create mode 100644 tests/hoobr_safeputs.pcap + +diff --git a/util-print.c b/util-print.c +index 394e7d59..ec3e8de8 100644 +--- a/util-print.c ++++ b/util-print.c +@@ -904,7 +904,7 @@ safeputs(netdissect_options *ndo, + { + u_int idx = 0; + +- while (*s && idx < maxlen) { ++ while (idx < maxlen && *s) { + safeputchar(ndo, *s); + idx++; + s++; +-- +2.14.1 + diff --git a/gnu/packages/patches/tcpdump-CVE-2017-11542.patch b/gnu/packages/patches/tcpdump-CVE-2017-11542.patch new file mode 100644 index 0000000000..24849d5187 --- /dev/null +++ b/gnu/packages/patches/tcpdump-CVE-2017-11542.patch @@ -0,0 +1,37 @@ +Fix CVE-2017-11542: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11542 + +Patch copied from upstream source repository: + +https://github.com/the-tcpdump-group/tcpdump/commit/bed48062a64fca524156d7684af19f5b4a116fae + +From bed48062a64fca524156d7684af19f5b4a116fae Mon Sep 17 00:00:00 2001 +From: Guy Harris +Date: Tue, 7 Feb 2017 11:10:04 -0800 +Subject: [PATCH] CVE-2017-11542/PIMv1: Add a bounds check. + +This fixes a buffer over-read discovered by Kamil Frankowicz. + +Add a test using the capture file supplied by the reporter(s). +--- + print-pim.c | 1 + + tests/TESTLIST | 1 + + tests/hoobr_pimv1.out | 25 +++++++++++++++++++++++++ + tests/hoobr_pimv1.pcap | Bin 0 -> 3321 bytes + 4 files changed, 27 insertions(+) + create mode 100644 tests/hoobr_pimv1.out + create mode 100644 tests/hoobr_pimv1.pcap + +diff --git a/print-pim.c b/print-pim.c +index 25525953..ed880ae7 100644 +--- a/print-pim.c ++++ b/print-pim.c +@@ -306,6 +306,7 @@ pimv1_print(netdissect_options *ndo, + pimv1_join_prune_print(ndo, &bp[8], len - 8); + break; + } ++ ND_TCHECK(bp[4]); + if ((bp[4] >> 4) != 1) + ND_PRINT((ndo, " [v%d]", bp[4] >> 4)); + return; diff --git a/gnu/packages/patches/tcpdump-CVE-2017-11543.patch b/gnu/packages/patches/tcpdump-CVE-2017-11543.patch new file mode 100644 index 0000000000..c973503983 --- /dev/null +++ b/gnu/packages/patches/tcpdump-CVE-2017-11543.patch @@ -0,0 +1,79 @@ +Fix CVE-2017-11543: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11543 + +Patch copied from upstream source repository: + +https://github.com/the-tcpdump-group/tcpdump/commit/7039327875525278d17edee59720e29a3e76b7b3 + +From 7039327875525278d17edee59720e29a3e76b7b3 Mon Sep 17 00:00:00 2001 +From: Guy Harris +Date: Fri, 17 Mar 2017 12:49:04 -0700 +Subject: [PATCH] CVE-2017-11543/Make sure the SLIP direction octet is valid. + +Report if it's not, and don't use it as an out-of-bounds index into an +array. + +This fixes a buffer overflow discovered by Wilfried Kirsch. + +Add a test using the capture file supplied by the reporter(s), modified +so the capture file won't be rejected as an invalid capture. +--- + print-sl.c | 25 +++++++++++++++++++++++-- + tests/TESTLIST | 3 +++ + tests/slip-bad-direction.out | 1 + + tests/slip-bad-direction.pcap | Bin 0 -> 79 bytes + 4 files changed, 27 insertions(+), 2 deletions(-) + create mode 100644 tests/slip-bad-direction.out + create mode 100644 tests/slip-bad-direction.pcap + +diff --git a/print-sl.c b/print-sl.c +index 3fd7e898..a02077b3 100644 +--- a/print-sl.c ++++ b/print-sl.c +@@ -131,8 +131,21 @@ sliplink_print(netdissect_options *ndo, + u_int hlen; + + dir = p[SLX_DIR]; +- ND_PRINT((ndo, dir == SLIPDIR_IN ? "I " : "O ")); ++ switch (dir) { + ++ case SLIPDIR_IN: ++ ND_PRINT((ndo, "I ")); ++ break; ++ ++ case SLIPDIR_OUT: ++ ND_PRINT((ndo, "O ")); ++ break; ++ ++ default: ++ ND_PRINT((ndo, "Invalid direction %d ", dir)); ++ dir = -1; ++ break; ++ } + if (ndo->ndo_nflag) { + /* XXX just dump the header */ + register int i; +@@ -155,13 +168,21 @@ sliplink_print(netdissect_options *ndo, + * has restored the IP header copy to IPPROTO_TCP. + */ + lastconn = ((const struct ip *)&p[SLX_CHDR])->ip_p; ++ ND_PRINT((ndo, "utcp %d: ", lastconn)); ++ if (dir == -1) { ++ /* Direction is bogus, don't use it */ ++ return; ++ } + hlen = IP_HL(ip); + hlen += TH_OFF((const struct tcphdr *)&((const int *)ip)[hlen]); + lastlen[dir][lastconn] = length - (hlen << 2); +- ND_PRINT((ndo, "utcp %d: ", lastconn)); + break; + + default: ++ if (dir == -1) { ++ /* Direction is bogus, don't use it */ ++ return; ++ } + if (p[SLX_CHDR] & TYPE_COMPRESSED_TCP) { + compressed_sl_print(ndo, &p[SLX_CHDR], ip, + length, dir); -- cgit 1.4.1 From f1597427f220b0799b9c8847768d2f5a93fe3730 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Tue, 5 Sep 2017 23:02:56 +0300 Subject: gnu: file: Fix CVE-2017-1000249. * gnu/packages/file.scm (file)[replacement]: New field. (file/fixed): New variable. * gnu/packages/commencement.scm (file-boot0): Use package/inherit. * gnu/packages/patches/file-CVE-2017-1000249.patch. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/commencement.scm | 3 +-- gnu/packages/file.scm | 11 ++++++++-- gnu/packages/patches/file-CVE-2017-1000249.patch | 27 ++++++++++++++++++++++++ 4 files changed, 38 insertions(+), 4 deletions(-) create mode 100644 gnu/packages/patches/file-CVE-2017-1000249.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index edfecc7783..445d126c1b 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -603,6 +603,7 @@ dist_patch_DATA = \ %D%/packages/patches/fasthenry-spFactor.patch \ %D%/packages/patches/fcgi-2.4.0-gcc44-fixes.patch \ %D%/packages/patches/fcgi-2.4.0-poll.patch \ + %D%/packages/patches/file-CVE-2017-1000249.patch \ %D%/packages/patches/findutils-localstatedir.patch \ %D%/packages/patches/findutils-gnulib-multi-core.patch \ %D%/packages/patches/findutils-test-xargs.patch \ diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm index 2b67881ede..7bbe1becd9 100644 --- a/gnu/packages/commencement.scm +++ b/gnu/packages/commencement.scm @@ -112,8 +112,7 @@ (define file-boot0 (package-with-bootstrap-guile - (package-with-explicit-inputs (package - (inherit file) + (package-with-explicit-inputs (package/inherit file (name "file-boot0")) `(("make" ,gnu-make-boot0) ,@%bootstrap-inputs) diff --git a/gnu/packages/file.scm b/gnu/packages/file.scm index 050e6715b1..3bc8e1dcfe 100644 --- a/gnu/packages/file.scm +++ b/gnu/packages/file.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013 Andreas Enge ;;; Copyright © 2014, 2015 Mark H Weaver -;;; Copyright © 2016 Efraim Flashner +;;; Copyright © 2016, 2017 Efraim Flashner ;;; ;;; This file is part of GNU Guix. ;;; @@ -27,7 +27,8 @@ (define-public file (package - (name "file") + (replacement file/fixed) + (name "file") (version "5.30") (source (origin (method url-fetch) @@ -51,3 +52,9 @@ of the file.") (license bsd-2) (home-page "http://www.darwinsys.com/file/"))) +(define file/fixed + (package + (inherit file) + (source (origin + (inherit (package-source file)) + (patches (search-patches "file-CVE-2017-1000249.patch")))))) diff --git a/gnu/packages/patches/file-CVE-2017-1000249.patch b/gnu/packages/patches/file-CVE-2017-1000249.patch new file mode 100644 index 0000000000..505acf1592 --- /dev/null +++ b/gnu/packages/patches/file-CVE-2017-1000249.patch @@ -0,0 +1,27 @@ +https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793.patch +http://openwall.com/lists/oss-security/2017/09/05/3 + +The patch is minorly modified to apply to file-5.30 + +From 35c94dc6acc418f1ad7f6241a6680e5327495793 Mon Sep 17 00:00:00 2001 +From: Christos Zoulas +Date: Sun, 27 Aug 2017 07:55:02 +0000 +Subject: [PATCH] Fix always true condition (Thomas Jarosch) + +--- + src/readelf.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/readelf.c b/src/readelf.c +index 81451827..5f425c97 100644 +--- a/src/readelf.c ++++ b/src/readelf.c +@@ -511,7 +511,7 @@ do_bid_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type, + size_t noff, size_t doff, int *flags) + { + if (namesz == 4 && strcmp((char *)&nbuf[noff], "GNU") == 0 && +- type == NT_GNU_BUILD_ID && (descsz >= 4 || descsz <= 20)) { ++ type == NT_GNU_BUILD_ID && (descsz >= 4 && descsz <= 20)) { + uint8_t desc[20]; + const char *btype; + uint32_t i; -- cgit 1.4.1 From 026ebc141ff9eb6147c9538f004119193d4cfe49 Mon Sep 17 00:00:00 2001 From: Roel Janssen Date: Fri, 25 Aug 2017 20:15:40 +0200 Subject: gnu: Update calibre to 3.6.0. * gnu/local.mk: Remove calibre-drop-unrar.patch * gnu/packages/ebook.scm (calibre): Update to 3.6.0. Add python-html5-parser input. * gnu/packages/patches/calibre-drop-unrar.patch: Remove file. --- gnu/local.mk | 1 - gnu/packages/ebook.scm | 12 ++++--- gnu/packages/patches/calibre-drop-unrar.patch | 49 --------------------------- 3 files changed, 7 insertions(+), 55 deletions(-) delete mode 100644 gnu/packages/patches/calibre-drop-unrar.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 445d126c1b..73efaba64e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -536,7 +536,6 @@ dist_patch_DATA = \ %D%/packages/patches/blast+-fix-makefile.patch \ %D%/packages/patches/byobu-writable-status.patch \ %D%/packages/patches/cairo-CVE-2016-9082.patch \ - %D%/packages/patches/calibre-drop-unrar.patch \ %D%/packages/patches/calibre-no-updates-dialog.patch \ %D%/packages/patches/calibre-use-packaged-feedparser.patch \ %D%/packages/patches/catdoc-CVE-2017-11110.patch \ diff --git a/gnu/packages/ebook.scm b/gnu/packages/ebook.scm index 38abf47c87..4bcaa0abfe 100644 --- a/gnu/packages/ebook.scm +++ b/gnu/packages/ebook.scm @@ -72,7 +72,7 @@ (define-public calibre (package (name "calibre") - (version "3.0.0") + (version "3.6.0") (source (origin (method url-fetch) @@ -81,21 +81,19 @@ version ".tar.xz")) (sha256 (base32 - "1zhk7bvgr973dd18x4wp48kzai29qqqi5qcy72sxc4wcbk2sbnkw")) + "0vp2nds4b5xbchsh1rpc1q7093gd26dnw7mgbnax97dcchvlc4sc")) ;; Remove non-free or doubtful code, see ;; https://lists.gnu.org/archive/html/guix-devel/2015-02/msg00478.html (modules '((guix build utils))) (snippet '(begin (delete-file-recursively "src/calibre/ebooks/markdown") - (delete-file-recursively "src/unrar") (delete-file "src/odf/thumbnail.py") (delete-file-recursively "resources/fonts/liberation") (substitute* (find-files "." "\\.py") (("calibre\\.ebooks\\.markdown") "markdown")) #t)) - (patches (search-patches "calibre-drop-unrar.patch" - "calibre-use-packaged-feedparser.patch" + (patches (search-patches "calibre-use-packaged-feedparser.patch" "calibre-no-updates-dialog.patch")))) (build-system python-build-system) (native-inputs @@ -129,6 +127,7 @@ ("python2-dbus" ,python2-dbus) ("python2-dnspython" ,python2-dnspython) ("python2-feedparser" ,python2-feedparser) + ("python2-html5-parser" ,python2-html5-parser) ("python2-lxml" ,python2-lxml) ("python2-markdown" ,python2-markdown) ("python2-mechanize" ,python2-mechanize) @@ -140,6 +139,9 @@ ("python2-pyqt" ,python2-pyqt) ("python2-sip" ,python2-sip) ("python2-regex" ,python2-regex) + ;; python2-unrardll is needed for decompressing RAR files. + ;; A program called 'pdf2html' is needed for reading PDF books + ;; in the web interface. ("sqlite" ,sqlite))) (arguments `(#:python ,python-2 diff --git a/gnu/packages/patches/calibre-drop-unrar.patch b/gnu/packages/patches/calibre-drop-unrar.patch deleted file mode 100644 index adf977b183..0000000000 --- a/gnu/packages/patches/calibre-drop-unrar.patch +++ /dev/null @@ -1,49 +0,0 @@ -Recreated old debian patch on the latest calibre version - -From 6764e4c211e50d4f4633dbabfba7cbc3089c51dc Mon Sep 17 00:00:00 2001 -From: Brendan Tildesley -Date: Sat, 13 May 2017 21:12:12 +1000 -Subject: [PATCH] Remove unrar extension - ---- - setup/extensions.json | 11 ----------- - src/calibre/ebooks/metadata/archive.py | 2 +- - 2 files changed, 1 insertion(+), 12 deletions(-) - -diff --git a/setup/extensions.json b/setup/extensions.json -index 1f6d1fb5fd..127390450f 100644 ---- a/setup/extensions.json -+++ b/setup/extensions.json -@@ -211,16 +211,5 @@ - "sources": "calibre/devices/mtp/unix/devices.c calibre/devices/mtp/unix/libmtp.c", - "headers": "calibre/devices/mtp/unix/devices.h calibre/devices/mtp/unix/upstream/music-players.h calibre/devices/mtp/unix/upstream/device-flags.h", - "libraries": "mtp" -- }, -- { -- "name": "unrar", -- "sources": "unrar/rar.cpp unrar/strlist.cpp unrar/strfn.cpp unrar/pathfn.cpp unrar/savepos.cpp unrar/smallfn.cpp unrar/global.cpp unrar/file.cpp unrar/filefn.cpp unrar/filcreat.cpp unrar/archive.cpp unrar/arcread.cpp unrar/unicode.cpp unrar/system.cpp unrar/isnt.cpp unrar/crypt.cpp unrar/crc.cpp unrar/rawread.cpp unrar/encname.cpp unrar/resource.cpp unrar/match.cpp unrar/timefn.cpp unrar/rdwrfn.cpp unrar/consio.cpp unrar/options.cpp unrar/ulinks.cpp unrar/errhnd.cpp unrar/rarvm.cpp unrar/secpassword.cpp unrar/rijndael.cpp unrar/getbits.cpp unrar/sha1.cpp unrar/extinfo.cpp unrar/extract.cpp unrar/volume.cpp unrar/list.cpp unrar/find.cpp unrar/unpack.cpp unrar/cmddata.cpp unrar/filestr.cpp unrar/scantree.cpp calibre/utils/unrar.cpp", -- "inc_dirs": "unrar", -- "defines": "SILENT RARDLL UNRAR _FILE_OFFSET_BITS=64 _LARGEFILE_SOURCE", -- "windows_defines": "SILENT RARDLL UNRAR", -- "haiku_defines": "LITTLE_ENDIAN SILENT RARDLL UNRAR _FILE_OFFSET_BITS=64 _LARGEFILE_SOURCE _BSD_SOURCE", -- "haiku_libraries": "bsd", -- "optimize_level": 2, -- "windows_libraries": "User32 Advapi32 kernel32 Shell32" - } - ] -diff --git a/src/calibre/ebooks/metadata/archive.py b/src/calibre/ebooks/metadata/archive.py -index f5c0b7bed3..32257dcdae 100644 ---- a/src/calibre/ebooks/metadata/archive.py -+++ b/src/calibre/ebooks/metadata/archive.py -@@ -44,7 +44,7 @@ class ArchiveExtract(FileTypePlugin): - description = _('Extract common e-book formats from archive files ' - '(ZIP/RAR). Also try to autodetect if they are actually ' - 'CBZ/CBR files.') -- file_types = set(['zip', 'rar']) -+ file_types = set(['zip']) - supported_platforms = ['windows', 'osx', 'linux'] - on_import = True - --- -2.12.2 - -- cgit 1.4.1 From f049e79dc34c112fca244946256920a5ce2e9db0 Mon Sep 17 00:00:00 2001 From: Nicolas Goaziou Date: Wed, 6 Sep 2017 12:51:59 +0200 Subject: gnu: csound: Update to 6.09.1. * gnu/packages/audio.scm (csound): Update to 6.09.1. Change source URI. * gnu/packages/patches/csound-header-ordering.patch: Remove patch. * gnu/local.mk (dist_patch_DATA): Remove reference to patch above. --- gnu/local.mk | 1 - gnu/packages/audio.scm | 16 +++++----------- gnu/packages/patches/csound-header-ordering.patch | 20 -------------------- 3 files changed, 5 insertions(+), 32 deletions(-) delete mode 100644 gnu/packages/patches/csound-header-ordering.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 73efaba64e..2975c0208e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -566,7 +566,6 @@ dist_patch_DATA = \ %D%/packages/patches/crawl-upgrade-saves.patch \ %D%/packages/patches/crda-optional-gcrypt.patch \ %D%/packages/patches/crossmap-allow-system-pysam.patch \ - %D%/packages/patches/csound-header-ordering.patch \ %D%/packages/patches/clucene-contribs-lib.patch \ %D%/packages/patches/curl-bounds-check.patch \ %D%/packages/patches/cursynth-wave-rand.patch \ diff --git a/gnu/packages/audio.scm b/gnu/packages/audio.scm index e27c13bed4..1b7950cf00 100644 --- a/gnu/packages/audio.scm +++ b/gnu/packages/audio.scm @@ -568,23 +568,17 @@ emulation (valve, tape), bit fiddling (decimator, pointer-cast), etc.") (define-public csound (package (name "csound") - (version "6.05") + (version "6.09.1") (source (origin (method url-fetch) (uri (string-append - "mirror://sourceforge/csound/csound6/Csound" - version "/Csound" version ".tar.gz")) + "https://github.com/csound/csound/archive/" + version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "0a1sni6lr7qpwywpggbkp0ia3h9bwwgf9i87gsag8ra2h30v82hd")) - (patches (search-patches "csound-header-ordering.patch")))) + "0f67vyy3r29hn26qkkcwnizrnzzy8p7gmg3say5q3wjhxns3b5yl")))) (build-system cmake-build-system) - (arguments - ;; Work around this error on x86_64 with libc 2.22+: - ;; libmvec.so.1: error adding symbols: DSO missing from command line - (if (string-prefix? "x86_64" (or (%current-target-system) (%current-system))) - '(#:configure-flags '("-DCMAKE_EXE_LINKER_FLAGS=-lmvec")) - '())) (inputs `(("alsa-lib" ,alsa-lib) ("boost" ,boost) diff --git a/gnu/packages/patches/csound-header-ordering.patch b/gnu/packages/patches/csound-header-ordering.patch deleted file mode 100644 index 3640d123dd..0000000000 --- a/gnu/packages/patches/csound-header-ordering.patch +++ /dev/null @@ -1,20 +0,0 @@ -Prevent compilation issues with boost-1.60.0. - -Reported upstream at https://github.com/csound/csound/issues/570 - ---- Csound6.05/Opcodes/chua/ChuaOscillator.cpp 2015-04-25 14:06:22.995646234 -0500 -+++ Csound6.05/Opcodes/chua/ChuaOscillator.cpp 2015-12-21 10:31:58.182362640 -0600 -@@ -117,11 +117,12 @@ - // d = sys_variables(12); - // gnor = a*(x.^3) + b*(x.^2) + c*x + d; - --#include - #include - using namespace boost::numeric; - #include - -+#include -+ - #undef CS_KSMPS - #define CS_KSMPS (opds.insdshead->ksmps) - -- cgit 1.4.1 From 3b7c606965656e95725e9cd5f1c7cfc4d0ea18cf Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Wed, 6 Sep 2017 13:17:45 +0300 Subject: gnu: openjpeg: Fix CVE-2017-14151, CVE-2017-14152. * gnu/packages/image.scm (openjpeg)[source]: Add patches. * gnu/packages/patches/openjpeg-CVE-2017-14151.patch, gnu/packages/patches/openjpeg-CVE-2017-14152.patch: New files. * gnu/local.mk (dist_patch_DATA): Register them. --- gnu/local.mk | 2 + gnu/packages/image.scm | 4 +- gnu/packages/patches/openjpeg-CVE-2017-14151.patch | 46 ++++++++++++++++++++++ gnu/packages/patches/openjpeg-CVE-2017-14152.patch | 38 ++++++++++++++++++ 4 files changed, 89 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/openjpeg-CVE-2017-14151.patch create mode 100644 gnu/packages/patches/openjpeg-CVE-2017-14152.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 2975c0208e..19dfa13449 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -888,6 +888,8 @@ dist_patch_DATA = \ %D%/packages/patches/openjpeg-CVE-2017-12982.patch \ %D%/packages/patches/openjpeg-CVE-2017-14040.patch \ %D%/packages/patches/openjpeg-CVE-2017-14041.patch \ + %D%/packages/patches/openjpeg-CVE-2017-14151.patch \ + %D%/packages/patches/openjpeg-CVE-2017-14152.patch \ %D%/packages/patches/openldap-CVE-2017-9287.patch \ %D%/packages/patches/openocd-nrf52.patch \ %D%/packages/patches/openssl-runpath.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 5d062b107b..3bb8de15c4 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -522,7 +522,9 @@ work.") "0yvfghxwfm3dcqr9krkw63pcd76hzkknc3fh7bh11s8qlvjvrpbg")) (patches (search-patches "openjpeg-CVE-2017-12982.patch" "openjpeg-CVE-2017-14040.patch" - "openjpeg-CVE-2017-14041.patch")))) + "openjpeg-CVE-2017-14041.patch" + "openjpeg-CVE-2017-14151.patch" + "openjpeg-CVE-2017-14152.patch")))) (build-system cmake-build-system) (arguments ;; Trying to run `$ make check' results in a no rule fault. diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14151.patch b/gnu/packages/patches/openjpeg-CVE-2017-14151.patch new file mode 100644 index 0000000000..4fcf6af6db --- /dev/null +++ b/gnu/packages/patches/openjpeg-CVE-2017-14151.patch @@ -0,0 +1,46 @@ +https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9.patch +http://openwall.com/lists/oss-security/2017/09/06/1 + +From afb308b9ccbe129608c9205cf3bb39bbefad90b9 Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Mon, 14 Aug 2017 17:20:37 +0200 +Subject: [PATCH] Encoder: grow buffer size in + opj_tcd_code_block_enc_allocate_data() to avoid write heap buffer overflow in + opj_mqc_flush (#982) + +--- + src/lib/openjp2/tcd.c | 7 +++++-- + tests/nonregression/test_suite.ctest.in | 2 ++ + 2 files changed, 7 insertions(+), 2 deletions(-) + +diff --git a/src/lib/openjp2/tcd.c b/src/lib/openjp2/tcd.c +index 301c7213e..53cdcf64d 100644 +--- a/src/lib/openjp2/tcd.c ++++ b/src/lib/openjp2/tcd.c +@@ -1187,8 +1187,11 @@ static OPJ_BOOL opj_tcd_code_block_enc_allocate_data(opj_tcd_cblk_enc_t * + { + OPJ_UINT32 l_data_size; + +- /* The +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */ +- l_data_size = 1 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * ++ /* +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */ ++ /* and actually +2 required for https://github.com/uclouvain/openjpeg/issues/982 */ ++ /* TODO: is there a theoretical upper-bound for the compressed code */ ++ /* block size ? */ ++ l_data_size = 2 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * + (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32)); + + if (l_data_size > p_code_block->data_size) { +diff --git a/tests/nonregression/test_suite.ctest.in b/tests/nonregression/test_suite.ctest.in +index aaf40d7d0..ffd964c2a 100644 +--- a/tests/nonregression/test_suite.ctest.in ++++ b/tests/nonregression/test_suite.ctest.in +@@ -169,6 +169,8 @@ opj_compress -i @INPUT_NR_PATH@/Bretagne2.ppm -o @TEMP_PATH@/Bretagne2_empty_ban + # Same rate as Bretagne2_4.j2k + opj_compress -i @INPUT_NR_PATH@/Bretagne2.ppm -o @TEMP_PATH@/Bretagne2_empty_band_r800.j2k -t 2591,1943 -n 2 -r 800 + ++opj_compress -i @INPUT_NR_PATH@/issue982.bmp -o @TEMP_PATH@/issue982.j2k -n 1 ++ + # DECODER TEST SUITE + opj_decompress -i @INPUT_NR_PATH@/Bretagne2.j2k -o @TEMP_PATH@/Bretagne2.j2k.pgx + opj_decompress -i @INPUT_NR_PATH@/_00042.j2k -o @TEMP_PATH@/_00042.j2k.pgx diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14152.patch b/gnu/packages/patches/openjpeg-CVE-2017-14152.patch new file mode 100644 index 0000000000..6c083be123 --- /dev/null +++ b/gnu/packages/patches/openjpeg-CVE-2017-14152.patch @@ -0,0 +1,38 @@ +https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154.patch +http://openwall.com/lists/oss-security/2017/09/06/2 + +From 4241ae6fbbf1de9658764a80944dc8108f2b4154 Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Tue, 15 Aug 2017 11:55:58 +0200 +Subject: [PATCH] Fix assertion in debug mode / heap-based buffer overflow in + opj_write_bytes_LE for Cinema profiles with numresolutions = 1 (#985) + +--- + src/lib/openjp2/j2k.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c +index a2521ebbc..54b490a8c 100644 +--- a/src/lib/openjp2/j2k.c ++++ b/src/lib/openjp2/j2k.c +@@ -6573,10 +6573,16 @@ static void opj_j2k_set_cinema_parameters(opj_cparameters_t *parameters, + + /* Precincts */ + parameters->csty |= 0x01; +- parameters->res_spec = parameters->numresolution - 1; +- for (i = 0; i < parameters->res_spec; i++) { +- parameters->prcw_init[i] = 256; +- parameters->prch_init[i] = 256; ++ if (parameters->numresolution == 1) { ++ parameters->res_spec = 1; ++ parameters->prcw_init[0] = 128; ++ parameters->prch_init[0] = 128; ++ } else { ++ parameters->res_spec = parameters->numresolution - 1; ++ for (i = 0; i < parameters->res_spec; i++) { ++ parameters->prcw_init[i] = 256; ++ parameters->prch_init[i] = 256; ++ } + } + + /* The progression order shall be CPRL */ -- cgit 1.4.1 From 98df3a88b5e323087db6097094f119fa4663f6d3 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Wed, 6 Sep 2017 14:19:50 +0300 Subject: gnu: libzip: Update to 1.3.0 (fixes CVE-2017-14107). * gnu/packages/compression.scm (libzip): Update to 1.3.0. [source]: Remove patch. [arguments]: Remove custom 'patch-perl phase. * gnu/packages/patches/libzip-CVE-2017-12858.patch: Remove file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/compression.scm | 14 ++------ gnu/packages/patches/libzip-CVE-2017-12858.patch | 45 ------------------------ 3 files changed, 3 insertions(+), 57 deletions(-) delete mode 100644 gnu/packages/patches/libzip-CVE-2017-12858.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 19dfa13449..a38e4e2d5a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -812,7 +812,6 @@ dist_patch_DATA = \ %D%/packages/patches/libxslt-generated-ids.patch \ %D%/packages/patches/libxslt-CVE-2016-4738.patch \ %D%/packages/patches/libxt-guix-search-paths.patch \ - %D%/packages/patches/libzip-CVE-2017-12858.patch \ %D%/packages/patches/lierolibre-check-unaligned-access.patch \ %D%/packages/patches/lierolibre-is-free-software.patch \ %D%/packages/patches/lierolibre-newer-libconfig.patch \ diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index a6758e9471..499c13a291 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -1542,22 +1542,14 @@ manipulate, read, and write Zip archive files.") (define-public libzip (package (name "libzip") - (version "1.2.0") + (version "1.3.0") (source (origin (method url-fetch) (uri (string-append - "https://nih.at/libzip/libzip-" version ".tar.gz")) - (patches (search-patches "libzip-CVE-2017-12858.patch")) + "https://nih.at/libzip/libzip-" version ".tar.xz")) (sha256 (base32 - "17vxj2ffsxwh8lkc6801ppmwj15jp8q58rin76znxfbx88789ybc")))) - (arguments - `(#:phases - (modify-phases %standard-phases - (add-before 'configure 'patch-perl - (lambda _ - (substitute* "regress/runtest.in" - (("/usr/bin/env perl") (which "perl")))))))) + "0wykw0q9dwdzx0gssi2dpgckx9ggr2spzc1amjnff6wi6kz6x4xa")))) (native-inputs `(("perl" ,perl))) (inputs diff --git a/gnu/packages/patches/libzip-CVE-2017-12858.patch b/gnu/packages/patches/libzip-CVE-2017-12858.patch deleted file mode 100644 index 8125173f95..0000000000 --- a/gnu/packages/patches/libzip-CVE-2017-12858.patch +++ /dev/null @@ -1,45 +0,0 @@ -Fix CVE-2017-12858: - -http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12858 - -Patch copied from upstream source repository: - -https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796 - -From 2217022b7d1142738656d891e00b3d2d9179b796 Mon Sep 17 00:00:00 2001 -From: Thomas Klausner -Date: Mon, 14 Aug 2017 10:55:44 +0200 -Subject: [PATCH] Fix double free(). - -Found by Brian 'geeknik' Carpenter using AFL. ---- - THANKS | 1 + - lib/zip_dirent.c | 3 --- - 2 files changed, 1 insertion(+), 3 deletions(-) - -diff --git a/THANKS b/THANKS -index be0cca9..a80ee1d 100644 ---- a/THANKS -+++ b/THANKS -@@ -12,6 +12,7 @@ BALATON Zoltan - Benjamin Gilbert - Boaz Stolk - Bogdan -+Brian 'geeknik' Carpenter - Chris Nehren - Coverity - Dane Springmeyer -diff --git a/lib/zip_dirent.c b/lib/zip_dirent.c -index a369900..e5a7cc9 100644 ---- a/lib/zip_dirent.c -+++ b/lib/zip_dirent.c -@@ -579,9 +579,6 @@ _zip_dirent_read(zip_dirent_t *zde, zip_source_t *src, zip_buffer_t *buffer, boo - } - - if (!_zip_dirent_process_winzip_aes(zde, error)) { -- if (!from_buffer) { -- _zip_buffer_free(buffer); -- } - return -1; - } - -- cgit 1.4.1 From 94d671f673d184691cb13d36203e109c13cd4859 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Wed, 6 Sep 2017 15:43:30 -0400 Subject: gnu: libarchive: Replace with libarchive 3.3.2 and fix CVE-2017-14166. * gnu/packages/backup.scm (libarchive)[replacement]: New field. (libarchive-3.3.2): New variable. * gnu/packages/patches/libarchive-CVE-2017-14166.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/backup.scm | 9 +++-- .../patches/libarchive-CVE-2017-14166.patch | 45 ++++++++++++++++++++++ 3 files changed, 51 insertions(+), 4 deletions(-) create mode 100644 gnu/packages/patches/libarchive-CVE-2017-14166.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index a38e4e2d5a..60e9ff29f1 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -752,6 +752,7 @@ dist_patch_DATA = \ %D%/packages/patches/liba52-link-with-libm.patch \ %D%/packages/patches/liba52-set-soname.patch \ %D%/packages/patches/liba52-use-mtune-not-mcpu.patch \ + %D%/packages/patches/libarchive-CVE-2017-14166.patch \ %D%/packages/patches/libbase-fix-includes.patch \ %D%/packages/patches/libbase-use-own-logging.patch \ %D%/packages/patches/libbonobo-activation-test-race.patch \ diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm index eca69bebed..006d00ef0c 100644 --- a/gnu/packages/backup.scm +++ b/gnu/packages/backup.scm @@ -184,6 +184,7 @@ backups (called chunks) to allow easy burning to CD/DVD.") (define-public libarchive (package (name "libarchive") + (replacement libarchive-3.3.2) (version "3.3.1") (source (origin @@ -239,19 +240,19 @@ archive. In particular, note that there is currently no built-in support for random access nor for in-place modification.") (license license:bsd-2))) -(define libarchive-3.3.1 +(define libarchive-3.3.2 (package (inherit libarchive) - (name "libarchive") - (version "3.3.1") + (version "3.3.2") (source (origin (method url-fetch) (uri (string-append "http://libarchive.org/downloads/libarchive-" version ".tar.gz")) + (patches (search-patches "libarchive-CVE-2017-14166.patch")) (sha256 (base32 - "1rr40hxlm9vy5z2zb5w7pyfkgd1a4s061qapm83s19accb8mpji9")))))) + "1km0mzfl6in7l5vz9kl09a88ajx562rw93ng9h2jqavrailvsbgd")))))) (define-public rdup (package diff --git a/gnu/packages/patches/libarchive-CVE-2017-14166.patch b/gnu/packages/patches/libarchive-CVE-2017-14166.patch new file mode 100644 index 0000000000..a122848440 --- /dev/null +++ b/gnu/packages/patches/libarchive-CVE-2017-14166.patch @@ -0,0 +1,45 @@ +Fix CVE-2017-14166: + +https://github.com/libarchive/libarchive/issues/935 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166 + +Patch copied from upstream source repository: + +https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71 + +From fa7438a0ff4033e4741c807394a9af6207940d71 Mon Sep 17 00:00:00 2001 +From: Joerg Sonnenberger +Date: Tue, 5 Sep 2017 18:12:19 +0200 +Subject: [PATCH] Do something sensible for empty strings to make fuzzers + happy. + +--- + libarchive/archive_read_support_format_xar.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c +index 7a22beb9d..93eeacc5e 100644 +--- a/libarchive/archive_read_support_format_xar.c ++++ b/libarchive/archive_read_support_format_xar.c +@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt) + uint64_t l; + int digit; + ++ if (char_cnt == 0) ++ return (0); ++ + l = 0; + digit = *p - '0'; + while (digit >= 0 && digit < 10 && char_cnt-- > 0) { +@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt) + { + int64_t l; + int digit; +- ++ ++ if (char_cnt == 0) ++ return (0); ++ + l = 0; + while (char_cnt-- > 0) { + if (*p >= '0' && *p <= '7') -- cgit 1.4.1 From 6a7bd25bf29f886ac2700c99d5e84ee004ee488e Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Thu, 7 Sep 2017 14:44:45 -0400 Subject: gnu: qemu: Fix CVE-2017-{13711,14167}. * gnu/packages/patches/qemu-CVE-2017-14167.patch gnu/packages/patches/qemu-CVE-2017-13711.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/virtualization.scm (qemu)[source]: Use them. --- gnu/local.mk | 2 + gnu/packages/patches/qemu-CVE-2017-13711.patch | 89 ++++++++++++++++++++++++++ gnu/packages/patches/qemu-CVE-2017-14167.patch | 69 ++++++++++++++++++++ gnu/packages/virtualization.scm | 2 + 4 files changed, 162 insertions(+) create mode 100644 gnu/packages/patches/qemu-CVE-2017-13711.patch create mode 100644 gnu/packages/patches/qemu-CVE-2017-14167.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 60e9ff29f1..9df17110b6 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -978,6 +978,8 @@ dist_patch_DATA = \ %D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \ %D%/packages/patches/python-pygpgme-fix-pinentry-tests.patch \ %D%/packages/patches/python2-subprocess32-disable-input-test.patch \ + %D%/packages/patches/qemu-CVE-2017-13711.patch \ + %D%/packages/patches/qemu-CVE-2017-14167.patch \ %D%/packages/patches/qt4-ldflags.patch \ %D%/packages/patches/qtscript-disable-tests.patch \ %D%/packages/patches/quagga-reproducible-build.patch \ diff --git a/gnu/packages/patches/qemu-CVE-2017-13711.patch b/gnu/packages/patches/qemu-CVE-2017-13711.patch new file mode 100644 index 0000000000..4070115419 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-13711.patch @@ -0,0 +1,89 @@ +Fix CVE-2017-13711: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13711 + +Patch copied from upstream source repository: + +https://git.qemu.org/?p=qemu.git;a=commitdiff;h=1201d308519f1e915866d7583d5136d03cc1d384 + +From 1201d308519f1e915866d7583d5136d03cc1d384 Mon Sep 17 00:00:00 2001 +From: Samuel Thibault +Date: Fri, 25 Aug 2017 01:35:53 +0200 +Subject: [PATCH] slirp: fix clearing ifq_so from pending packets +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The if_fastq and if_batchq contain not only packets, but queues of packets +for the same socket. When sofree frees a socket, it thus has to clear ifq_so +from all the packets from the queues, not only the first. + +Signed-off-by: Samuel Thibault +Reviewed-by: Philippe Mathieu-Daudé +Cc: qemu-stable@nongnu.org +Signed-off-by: Peter Maydell +--- + slirp/socket.c | 39 +++++++++++++++++++++++---------------- + 1 file changed, 23 insertions(+), 16 deletions(-) + +diff --git a/slirp/socket.c b/slirp/socket.c +index ecec0295a9..cb7b5b608d 100644 +--- a/slirp/socket.c ++++ b/slirp/socket.c +@@ -59,6 +59,27 @@ socreate(Slirp *slirp) + return(so); + } + ++/* ++ * Remove references to so from the given message queue. ++ */ ++static void ++soqfree(struct socket *so, struct quehead *qh) ++{ ++ struct mbuf *ifq; ++ ++ for (ifq = (struct mbuf *) qh->qh_link; ++ (struct quehead *) ifq != qh; ++ ifq = ifq->ifq_next) { ++ if (ifq->ifq_so == so) { ++ struct mbuf *ifm; ++ ifq->ifq_so = NULL; ++ for (ifm = ifq->ifs_next; ifm != ifq; ifm = ifm->ifs_next) { ++ ifm->ifq_so = NULL; ++ } ++ } ++ } ++} ++ + /* + * remque and free a socket, clobber cache + */ +@@ -66,23 +87,9 @@ void + sofree(struct socket *so) + { + Slirp *slirp = so->slirp; +- struct mbuf *ifm; + +- for (ifm = (struct mbuf *) slirp->if_fastq.qh_link; +- (struct quehead *) ifm != &slirp->if_fastq; +- ifm = ifm->ifq_next) { +- if (ifm->ifq_so == so) { +- ifm->ifq_so = NULL; +- } +- } +- +- for (ifm = (struct mbuf *) slirp->if_batchq.qh_link; +- (struct quehead *) ifm != &slirp->if_batchq; +- ifm = ifm->ifq_next) { +- if (ifm->ifq_so == so) { +- ifm->ifq_so = NULL; +- } +- } ++ soqfree(so, &slirp->if_fastq); ++ soqfree(so, &slirp->if_batchq); + + if (so->so_emu==EMU_RSH && so->extra) { + sofree(so->extra); +-- +2.14.1 + diff --git a/gnu/packages/patches/qemu-CVE-2017-14167.patch b/gnu/packages/patches/qemu-CVE-2017-14167.patch new file mode 100644 index 0000000000..a6007ac082 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-14167.patch @@ -0,0 +1,69 @@ +Fix CVE-2017-14167: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14167 +http://seclists.org/oss-sec/2017/q3/407 + +Patch copied from upstream development mailing list: + +https://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg01483.html + +From: Prasad J Pandit + +While loading kernel via multiboot-v1 image, (flags & 0x00010000) +indicates that multiboot header contains valid addresses to load +the kernel image. These addresses are used to compute kernel +size and kernel text offset in the OS image. Validate these +address values to avoid an OOB access issue. + +This is CVE-2017-14167. + +Reported-by: Thomas Garnier +Signed-off-by: Prasad J Pandit +--- + hw/i386/multiboot.c | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +Update: add CVE-ID to the commit message. + +diff --git a/hw/i386/multiboot.c b/hw/i386/multiboot.c +index 6001f4caa2..c7b70c91d5 100644 +--- a/hw/i386/multiboot.c ++++ b/hw/i386/multiboot.c +@@ -221,15 +221,34 @@ int load_multiboot(FWCfgState *fw_cfg, + uint32_t mh_header_addr = ldl_p(header+i+12); + uint32_t mh_load_end_addr = ldl_p(header+i+20); + uint32_t mh_bss_end_addr = ldl_p(header+i+24); ++ + mh_load_addr = ldl_p(header+i+16); ++ if (mh_header_addr < mh_load_addr) { ++ fprintf(stderr, "invalid mh_load_addr address\n"); ++ exit(1); ++ } ++ + uint32_t mb_kernel_text_offset = i - (mh_header_addr - mh_load_addr); + uint32_t mb_load_size = 0; + mh_entry_addr = ldl_p(header+i+28); + + if (mh_load_end_addr) { ++ if (mh_bss_end_addr < mh_load_addr) { ++ fprintf(stderr, "invalid mh_bss_end_addr address\n"); ++ exit(1); ++ } + mb_kernel_size = mh_bss_end_addr - mh_load_addr; ++ ++ if (mh_load_end_addr < mh_load_addr) { ++ fprintf(stderr, "invalid mh_load_end_addr address\n"); ++ exit(1); ++ } + mb_load_size = mh_load_end_addr - mh_load_addr; + } else { ++ if (kernel_file_size < mb_kernel_text_offset) { ++ fprintf(stderr, "invalid kernel_file_size\n"); ++ exit(1); ++ } + mb_kernel_size = kernel_file_size - mb_kernel_text_offset; + mb_load_size = mb_kernel_size; + } +-- +2.13.5 + diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index 6cb4331b1f..8fd3230895 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -77,6 +77,8 @@ (method url-fetch) (uri (string-append "https://download.qemu.org/qemu-" version ".tar.xz")) + (patches (search-patches "qemu-CVE-2017-13711.patch" + "qemu-CVE-2017-14167.patch")) (sha256 (base32 "0dgk7zcni41nf1jp84y0m6dk2nb4frnh571m8hkiv0m4hz4imn2m")))) -- cgit 1.4.1 From 81635ad03ecb3a51b5248db65919621bde9039f4 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Tue, 5 Sep 2017 14:57:21 -0400 Subject: gnu: tcpdump: Update to 4.9.2 [security fixes]. Fixes CVE-2017-{12893,12894,12895,12896,12897,12898,12899,12900,12901,12902, 12985,12986,12987,12988,12989,12990,12991,12992,12993,12994,12995,12996,12997, 12998,12999,13000,13001,13002,13003,13004,13005,13006,13007,13008,13009,13010, 13012,13013,13014,13015,13016,13017,13018,13019,13020,13021,13022,13023,13024, 13025,13026,13027,13028,13029,13030,13031,13032,13033,13034,13035,13036,13037, 13038,13039,13040,13041,13042,13043,13044,13045,13046,13047,13048,13049,13050, 13051,13052,13053,13054,13055,13687,13688,13689,13690,13725}. * gnu/packages/admin.scm (tcpdump): Update to 4.9.2. [source]: Remove patches and add alternate source URL. * gnu/packages/patches/tcpdump-CVE-2017-11541.patch, gnu/packages/patches/tcpdump-CVE-2017-11542.patch, gnu/packages/patches/tcpdump-CVE-2017-11543.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. --- gnu/local.mk | 3 - gnu/packages/admin.scm | 17 +++-- gnu/packages/patches/tcpdump-CVE-2017-11541.patch | 47 -------------- gnu/packages/patches/tcpdump-CVE-2017-11542.patch | 37 ----------- gnu/packages/patches/tcpdump-CVE-2017-11543.patch | 79 ----------------------- 5 files changed, 10 insertions(+), 173 deletions(-) delete mode 100644 gnu/packages/patches/tcpdump-CVE-2017-11541.patch delete mode 100644 gnu/packages/patches/tcpdump-CVE-2017-11542.patch delete mode 100644 gnu/packages/patches/tcpdump-CVE-2017-11543.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 9df17110b6..2f85510767 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1034,9 +1034,6 @@ dist_patch_DATA = \ %D%/packages/patches/tar-skip-unreliable-tests.patch \ %D%/packages/patches/tcl-mkindex-deterministic.patch \ %D%/packages/patches/tclxml-3.2-install.patch \ - %D%/packages/patches/tcpdump-CVE-2017-11541.patch \ - %D%/packages/patches/tcpdump-CVE-2017-11542.patch \ - %D%/packages/patches/tcpdump-CVE-2017-11543.patch \ %D%/packages/patches/tcsh-fix-autotest.patch \ %D%/packages/patches/tcsh-fix-out-of-bounds-read.patch \ %D%/packages/patches/teensy-loader-cli-help.patch \ diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index f047bcaef3..c67491c534 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -661,17 +661,20 @@ network statistics collection, security monitoring, network debugging, etc.") (define-public tcpdump (package (name "tcpdump") - (version "4.9.1") + (version "4.9.2") (source (origin (method url-fetch) - (uri (string-append "http://www.tcpdump.org/release/tcpdump-" - version ".tar.gz")) - (patches (search-patches "tcpdump-CVE-2017-11541.patch" - "tcpdump-CVE-2017-11542.patch" - "tcpdump-CVE-2017-11543.patch")) + (uri (list (string-append "http://www.tcpdump.org/release/tcpdump-" + version ".tar.gz") + ;; The tarball is not yet distributed from tcpdump.org, + ;; so we fetch it from Arch. For more information see + ;; . + (string-append "https://sources.archlinux.org/other/" + "packages/tcpdump/tcpdump-" version + ".tar.gz"))) (sha256 (base32 - "1wyqbg7bkmgqyslf1ns0xx9fcqi66hvcfm9nf77rl15jvvs8qi7r")))) + "0ygy0layzqaj838r5xd613iraz09wlfgpyh7pc6cwclql8v3b2vr")))) (build-system gnu-build-system) (inputs `(("libpcap" ,libpcap) ("openssl" ,openssl))) diff --git a/gnu/packages/patches/tcpdump-CVE-2017-11541.patch b/gnu/packages/patches/tcpdump-CVE-2017-11541.patch deleted file mode 100644 index a9fc632dc2..0000000000 --- a/gnu/packages/patches/tcpdump-CVE-2017-11541.patch +++ /dev/null @@ -1,47 +0,0 @@ -Fix CVE-2017-11541 - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11541 - -Patch copied from upstream source repository: - -https://github.com/the-tcpdump-group/tcpdump/commit/21d702a136c5c16882e368af7c173df728242280 - -From 21d702a136c5c16882e368af7c173df728242280 Mon Sep 17 00:00:00 2001 -From: Guy Harris -Date: Tue, 7 Feb 2017 11:40:36 -0800 -Subject: [PATCH] CVE-2017-11541: In safeputs(), check the length before - checking for a NUL terminator. - -safeputs() doesn't do packet bounds checking of its own; it assumes that -the caller has checked the availability in the packet data of all maxlen -bytes of data. This means we should check that we're within the -specified limit before looking at the byte. - -This fixes a buffer over-read discovered by Kamil Frankowicz. - -Add a test using the capture file supplied by the reporter(s). ---- - tests/TESTLIST | 1 + - tests/hoobr_safeputs.out | 2 ++ - tests/hoobr_safeputs.pcap | Bin 0 -> 88 bytes - util-print.c | 2 +- - 4 files changed, 4 insertions(+), 1 deletion(-) - create mode 100644 tests/hoobr_safeputs.out - create mode 100644 tests/hoobr_safeputs.pcap - -diff --git a/util-print.c b/util-print.c -index 394e7d59..ec3e8de8 100644 ---- a/util-print.c -+++ b/util-print.c -@@ -904,7 +904,7 @@ safeputs(netdissect_options *ndo, - { - u_int idx = 0; - -- while (*s && idx < maxlen) { -+ while (idx < maxlen && *s) { - safeputchar(ndo, *s); - idx++; - s++; --- -2.14.1 - diff --git a/gnu/packages/patches/tcpdump-CVE-2017-11542.patch b/gnu/packages/patches/tcpdump-CVE-2017-11542.patch deleted file mode 100644 index 24849d5187..0000000000 --- a/gnu/packages/patches/tcpdump-CVE-2017-11542.patch +++ /dev/null @@ -1,37 +0,0 @@ -Fix CVE-2017-11542: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11542 - -Patch copied from upstream source repository: - -https://github.com/the-tcpdump-group/tcpdump/commit/bed48062a64fca524156d7684af19f5b4a116fae - -From bed48062a64fca524156d7684af19f5b4a116fae Mon Sep 17 00:00:00 2001 -From: Guy Harris -Date: Tue, 7 Feb 2017 11:10:04 -0800 -Subject: [PATCH] CVE-2017-11542/PIMv1: Add a bounds check. - -This fixes a buffer over-read discovered by Kamil Frankowicz. - -Add a test using the capture file supplied by the reporter(s). ---- - print-pim.c | 1 + - tests/TESTLIST | 1 + - tests/hoobr_pimv1.out | 25 +++++++++++++++++++++++++ - tests/hoobr_pimv1.pcap | Bin 0 -> 3321 bytes - 4 files changed, 27 insertions(+) - create mode 100644 tests/hoobr_pimv1.out - create mode 100644 tests/hoobr_pimv1.pcap - -diff --git a/print-pim.c b/print-pim.c -index 25525953..ed880ae7 100644 ---- a/print-pim.c -+++ b/print-pim.c -@@ -306,6 +306,7 @@ pimv1_print(netdissect_options *ndo, - pimv1_join_prune_print(ndo, &bp[8], len - 8); - break; - } -+ ND_TCHECK(bp[4]); - if ((bp[4] >> 4) != 1) - ND_PRINT((ndo, " [v%d]", bp[4] >> 4)); - return; diff --git a/gnu/packages/patches/tcpdump-CVE-2017-11543.patch b/gnu/packages/patches/tcpdump-CVE-2017-11543.patch deleted file mode 100644 index c973503983..0000000000 --- a/gnu/packages/patches/tcpdump-CVE-2017-11543.patch +++ /dev/null @@ -1,79 +0,0 @@ -Fix CVE-2017-11543: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11543 - -Patch copied from upstream source repository: - -https://github.com/the-tcpdump-group/tcpdump/commit/7039327875525278d17edee59720e29a3e76b7b3 - -From 7039327875525278d17edee59720e29a3e76b7b3 Mon Sep 17 00:00:00 2001 -From: Guy Harris -Date: Fri, 17 Mar 2017 12:49:04 -0700 -Subject: [PATCH] CVE-2017-11543/Make sure the SLIP direction octet is valid. - -Report if it's not, and don't use it as an out-of-bounds index into an -array. - -This fixes a buffer overflow discovered by Wilfried Kirsch. - -Add a test using the capture file supplied by the reporter(s), modified -so the capture file won't be rejected as an invalid capture. ---- - print-sl.c | 25 +++++++++++++++++++++++-- - tests/TESTLIST | 3 +++ - tests/slip-bad-direction.out | 1 + - tests/slip-bad-direction.pcap | Bin 0 -> 79 bytes - 4 files changed, 27 insertions(+), 2 deletions(-) - create mode 100644 tests/slip-bad-direction.out - create mode 100644 tests/slip-bad-direction.pcap - -diff --git a/print-sl.c b/print-sl.c -index 3fd7e898..a02077b3 100644 ---- a/print-sl.c -+++ b/print-sl.c -@@ -131,8 +131,21 @@ sliplink_print(netdissect_options *ndo, - u_int hlen; - - dir = p[SLX_DIR]; -- ND_PRINT((ndo, dir == SLIPDIR_IN ? "I " : "O ")); -+ switch (dir) { - -+ case SLIPDIR_IN: -+ ND_PRINT((ndo, "I ")); -+ break; -+ -+ case SLIPDIR_OUT: -+ ND_PRINT((ndo, "O ")); -+ break; -+ -+ default: -+ ND_PRINT((ndo, "Invalid direction %d ", dir)); -+ dir = -1; -+ break; -+ } - if (ndo->ndo_nflag) { - /* XXX just dump the header */ - register int i; -@@ -155,13 +168,21 @@ sliplink_print(netdissect_options *ndo, - * has restored the IP header copy to IPPROTO_TCP. - */ - lastconn = ((const struct ip *)&p[SLX_CHDR])->ip_p; -+ ND_PRINT((ndo, "utcp %d: ", lastconn)); -+ if (dir == -1) { -+ /* Direction is bogus, don't use it */ -+ return; -+ } - hlen = IP_HL(ip); - hlen += TH_OFF((const struct tcphdr *)&((const int *)ip)[hlen]); - lastlen[dir][lastconn] = length - (hlen << 2); -- ND_PRINT((ndo, "utcp %d: ", lastconn)); - break; - - default: -+ if (dir == -1) { -+ /* Direction is bogus, don't use it */ -+ return; -+ } - if (p[SLX_CHDR] & TYPE_COMPRESSED_TCP) { - compressed_sl_print(ndo, &p[SLX_CHDR], ip, - length, dir); -- cgit 1.4.1 From cd1ad27e6cdf90230d07efc18a8fcfe45494aad0 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Thu, 7 Sep 2017 23:59:51 +0200 Subject: gnu: elogind: Use itself as the cgroup controller. Fixes a regression introduced in fa67d5654176b4b815832eaf259188e1486c65ab whereby elogind would fail to start with: Cannot determine cgroup we are running in: No data available Out of memory. thereby preventing log-in altogether. * gnu/packages/freedesktop.scm (elogind)[arguments]: Pass "--with-cgroup-controller=elogind". * gnu/tests/desktop.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. --- gnu/local.mk | 1 + gnu/packages/freedesktop.scm | 6 +++ gnu/tests/desktop.scm | 105 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 112 insertions(+) create mode 100644 gnu/tests/desktop.scm (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 2f85510767..1ac9d5efea 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -487,6 +487,7 @@ GNU_SYSTEM_MODULES = \ %D%/tests/audio.scm \ %D%/tests/base.scm \ %D%/tests/databases.scm \ + %D%/tests/desktop.scm \ %D%/tests/dict.scm \ %D%/tests/nfs.scm \ %D%/tests/install.scm \ diff --git a/gnu/packages/freedesktop.scm b/gnu/packages/freedesktop.scm index 3307a4ae80..606859771a 100644 --- a/gnu/packages/freedesktop.scm +++ b/gnu/packages/freedesktop.scm @@ -227,6 +227,12 @@ the freedesktop.org XDG Base Directory specification.") (list (string-append "--with-udevrulesdir=" (assoc-ref %outputs "out") "/lib/udev/rules.d") + + ;; Let elogind be its own cgroup controller, rather than relying + ;; on systemd or OpenRC. By default, 'configure' makes an + ;; incorrect guess. + "--with-cgroup-controller=elogind" + (string-append "--with-rootprefix=" (assoc-ref %outputs "out")) (string-append "--with-rootlibexecdir=" diff --git a/gnu/tests/desktop.scm b/gnu/tests/desktop.scm new file mode 100644 index 0000000000..be64c4e7e5 --- /dev/null +++ b/gnu/tests/desktop.scm @@ -0,0 +1,105 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 Ludovic Courtès +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu tests desktop) + #:use-module (gnu tests) + #:use-module (gnu services) + #:use-module (gnu services dbus) + #:use-module (gnu services desktop) + #:use-module (gnu system vm) + #:use-module (guix gexp) + #:use-module (srfi srfi-1) + #:export (%test-elogind)) + + +;;; +;;; Elogind. +;;; + +(define (run-elogind-test vm) + (define test + (with-imported-modules '((gnu build marionette) + (guix build syscalls)) + #~(begin + (use-modules (gnu build marionette) + (guix build syscalls) + (srfi srfi-64)) + + (define marionette + (make-marionette '(#$vm))) + + (mkdir #$output) + (chdir #$output) + + (test-begin "elogind") + + ;; Log in as root on tty1, and check what 'loginctl' returns. + (test-equal "login on tty1" + '(("c1" "0" "root" "seat0" "/dev/tty1") ;session + ("seat0") ;seat + ("0" "root")) ;user + + (begin + ;; Wait for tty1. + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (start-service 'term-tty1)) + marionette) + (marionette-control "sendkey ctrl-alt-f1" marionette) + + ;; Now we can type. + (marionette-type "root\n" marionette) + (marionette-type "loginctl list-users --no-legend > users\n" + marionette) + (marionette-type "loginctl list-seats --no-legend > seats\n" + marionette) + (marionette-type "loginctl list-sessions --no-legend > sessions\n" + marionette) + + + ;; Read the three files. + (marionette-eval '(use-modules (rnrs io ports)) marionette) + (let ((guest-file (lambda (file) + (string-tokenize + (wait-for-file file marionette + #:read 'get-string-all))))) + (list (guest-file "/root/sessions") + (guest-file "/root/seats") + (guest-file "/root/users"))))) + + (test-end) + (exit (= (test-runner-fail-count (test-runner-current)) 0))))) + + (gexp->derivation "elogind" test)) + +(define %test-elogind + (system-test + (name "elogind") + (description + "Test whether we can log in when elogind is enabled, and whether +'loginctl' reports accurate user, session, and seat information.") + (value + (let ((os (marionette-operating-system + (simple-operating-system + (service elogind-service-type) + (service polkit-service-type) + (service dbus-root-service-type)) + #:imported-modules '((gnu services herd) + (guix combinators))))) + (run-elogind-test (virtual-machine os)))))) -- cgit 1.4.1 From 67a37c63118519ccc5c24f3325bad6f29ab21e59 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Sun, 10 Sep 2017 12:00:25 +0200 Subject: gnu: foomatic-filters: Add missing patches. This is a followup to commit d02aabaf1b57eda3ef052c70df1322f915e7c736. * gnu/packages/patches/foomatic-filters-CVE-2015-8327.patch: New file. * gnu/packages/patches/foomatic-filters-CVE-2015-8560.patch: New file. * gnu/local.mk (dist_patch_DATA): Add them. --- gnu/local.mk | 2 ++ gnu/packages/patches/foomatic-filters-CVE-2015-8327.patch | 14 ++++++++++++++ gnu/packages/patches/foomatic-filters-CVE-2015-8560.patch | 13 +++++++++++++ 3 files changed, 29 insertions(+) create mode 100644 gnu/packages/patches/foomatic-filters-CVE-2015-8327.patch create mode 100644 gnu/packages/patches/foomatic-filters-CVE-2015-8560.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 1ac9d5efea..8ffa13b3ee 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -610,6 +610,8 @@ dist_patch_DATA = \ %D%/packages/patches/fltk-shared-lib-defines.patch \ %D%/packages/patches/fltk-xfont-on-demand.patch \ %D%/packages/patches/fontforge-svg-modtime.patch \ + %D%/packages/patches/foomatic-filters-CVE-2015-8327.patch \ + %D%/packages/patches/foomatic-filters-CVE-2015-8560.patch \ %D%/packages/patches/freeimage-CVE-2015-0852.patch \ %D%/packages/patches/freeimage-CVE-2016-5684.patch \ %D%/packages/patches/freeimage-fix-build-with-gcc-5.patch \ diff --git a/gnu/packages/patches/foomatic-filters-CVE-2015-8327.patch b/gnu/packages/patches/foomatic-filters-CVE-2015-8327.patch new file mode 100644 index 0000000000..d9f0cc1212 --- /dev/null +++ b/gnu/packages/patches/foomatic-filters-CVE-2015-8327.patch @@ -0,0 +1,14 @@ +Fix for . + +--- a/util.c 2014-06-20 19:26:18 +0000 ++++ b/util.c 2015-10-30 15:45:03 +0000 +@@ -31,7 +31,7 @@ + #include + + +-const char* shellescapes = "|<>&!$\'\"#*?()[]{}"; ++const char* shellescapes = "|<>&!$\'\"`#*?()[]{}"; + + const char * temp_dir() + { + diff --git a/gnu/packages/patches/foomatic-filters-CVE-2015-8560.patch b/gnu/packages/patches/foomatic-filters-CVE-2015-8560.patch new file mode 100644 index 0000000000..d3c3024220 --- /dev/null +++ b/gnu/packages/patches/foomatic-filters-CVE-2015-8560.patch @@ -0,0 +1,13 @@ +Fix for . + +--- a/util.c 2015-10-30 15:45:03 +0000 ++++ b/util.c 2015-12-12 23:27:21 +0000 +@@ -31,7 +31,7 @@ + #include + + +-const char* shellescapes = "|<>&!$\'\"`#*?()[]{}"; ++const char* shellescapes = "|;<>&!$\'\"`#*?()[]{}"; + + const char * temp_dir() + { -- cgit 1.4.1 From 2cc752c0b0ab801509574d601c1024b73aed0dab Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Sat, 9 Sep 2017 09:41:28 -0400 Subject: gnu: graphicsmagick: Fix CVE-2017-14042. * gnu/packages/imagemagick.scm (graphicsmagick)[source]: Add patch. * gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch: New files. * gnu/local.mk (dist_patch_DATA): Register them. --- gnu/local.mk | 1 + gnu/packages/imagemagick.scm | 3 +- .../patches/graphicsmagick-CVE-2017-14042.patch | 80 ++++++++++++++++++++++ 3 files changed, 83 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 8ffa13b3ee..64b1b1c14d 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -680,6 +680,7 @@ dist_patch_DATA = \ %D%/packages/patches/graphicsmagick-CVE-2017-12937.patch \ %D%/packages/patches/graphicsmagick-CVE-2017-13775.patch \ %D%/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch \ + %D%/packages/patches/graphicsmagick-CVE-2017-14042.patch \ %D%/packages/patches/graphite2-ffloat-store.patch \ %D%/packages/patches/grep-gnulib-lock.patch \ %D%/packages/patches/grep-timing-sensitive-test.patch \ diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm index 57ac7fda97..632be70349 100644 --- a/gnu/packages/imagemagick.scm +++ b/gnu/packages/imagemagick.scm @@ -182,7 +182,8 @@ script.") "graphicsmagick-CVE-2017-12936.patch" "graphicsmagick-CVE-2017-12937.patch" "graphicsmagick-CVE-2017-13775.patch" - "graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch")))) + "graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch" + "graphicsmagick-CVE-2017-14042.patch")))) (build-system gnu-build-system) (arguments `(#:configure-flags diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch new file mode 100644 index 0000000000..46f6b032c7 --- /dev/null +++ b/gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch @@ -0,0 +1,80 @@ +http://openwall.com/lists/oss-security/2017/08/28/5 +http://hg.code.sf.net/p/graphicsmagick/code/rev/3bbf7a13643d + +some changes were made to make the patch apply + +# HG changeset patch +# User Bob Friesenhahn +# Date 1503268616 18000 +# Node ID 3bbf7a13643df3be76b0e19088a6cc632eea2072 +# Parent 83a5b946180835f260bcb91e3d06327a8e2577e3 +PNM: For binary formats, verify sufficient backing file data before memory request. + +diff -r 83a5b9461808 -r 3bbf7a13643d coders/pnm.c +--- a/coders/pnm.c Sun Aug 20 17:31:35 2017 -0500 ++++ b/coders/pnm.c Sun Aug 20 17:36:56 2017 -0500 +@@ -569,7 +569,7 @@ + (void) LogMagickEvent(CoderEvent,GetMagickModule(),"Colors: %u", + image->colors); + } +- number_pixels=image->columns*image->rows; ++ number_pixels=MagickArraySize(image->columns,image->rows); + if (number_pixels == 0) + ThrowReaderException(CorruptImageError,NegativeOrZeroImageSize,image); + if (image->storage_class == PseudoClass) +@@ -858,14 +858,14 @@ + if (1 == bits_per_sample) + { + /* PBM */ +- bytes_per_row=((image->columns+7) >> 3); ++ bytes_per_row=((image->columns+7U) >> 3); + import_options.grayscale_miniswhite=MagickTrue; + quantum_type=GrayQuantum; + } + else + { + /* PGM & XV_332 */ +- bytes_per_row=((bits_per_sample+7)/8)*image->columns; ++ bytes_per_row=MagickArraySize(((bits_per_sample+7U)/8U),image->columns); + if (XV_332_Format == format) + { + quantum_type=IndexQuantum; +@@ -878,7 +878,8 @@ + } + else + { +- bytes_per_row=(((bits_per_sample+7)/8)*samples_per_pixel)*image->columns; ++ bytes_per_row=MagickArraySize((((bits_per_sample+7)/8)*samples_per_pixel), ++ image->columns); + if (3 == samples_per_pixel) + { + /* PPM */ +@@ -915,6 +916,28 @@ + is_monochrome=MagickFalse; + } + } ++ ++ /* Validate file size before allocating memory */ ++ if (BlobIsSeekable(image)) ++ { ++ const magick_off_t file_size = GetBlobSize(image); ++ const magick_off_t current_offset = TellBlob(image); ++ if ((file_size > 0) && ++ (current_offset > 0) && ++ (file_size > current_offset)) ++ { ++ const magick_off_t remaining = file_size-current_offset; ++ const magick_off_t needed = (magick_off_t) image->rows * ++ (magick_off_t) bytes_per_row; ++ if ((remaining < (magick_off_t) bytes_per_row) || ++ (remaining < needed)) ++ { ++ ThrowException(exception,CorruptImageError,UnexpectedEndOfFile, ++ image->filename); ++ break; ++ } ++ } ++ } + + scanline_set=AllocateThreadViewDataArray(image,exception,bytes_per_row,1); + if (scanline_set == (ThreadViewDataSet *) NULL) -- cgit 1.4.1 From 224bb4b6f9fa7c14fbbaac682ec0b5d1a48c616d Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Sun, 10 Sep 2017 21:40:17 +0300 Subject: gnu: graphicsmagick: Fix CVE-2017-14165. * gnu/packages/imagemagick.scm (graphicsmagick)[source]: Add patch. * gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/imagemagick.scm | 3 +- .../patches/graphicsmagick-CVE-2017-14165.patch | 72 ++++++++++++++++++++++ 3 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 64b1b1c14d..43eac7717a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -681,6 +681,7 @@ dist_patch_DATA = \ %D%/packages/patches/graphicsmagick-CVE-2017-13775.patch \ %D%/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch \ %D%/packages/patches/graphicsmagick-CVE-2017-14042.patch \ + %D%/packages/patches/graphicsmagick-CVE-2017-14165.patch \ %D%/packages/patches/graphite2-ffloat-store.patch \ %D%/packages/patches/grep-gnulib-lock.patch \ %D%/packages/patches/grep-timing-sensitive-test.patch \ diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm index 632be70349..502dc43acf 100644 --- a/gnu/packages/imagemagick.scm +++ b/gnu/packages/imagemagick.scm @@ -183,7 +183,8 @@ script.") "graphicsmagick-CVE-2017-12937.patch" "graphicsmagick-CVE-2017-13775.patch" "graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch" - "graphicsmagick-CVE-2017-14042.patch")))) + "graphicsmagick-CVE-2017-14042.patch" + "graphicsmagick-CVE-2017-14165.patch")))) (build-system gnu-build-system) (arguments `(#:configure-flags diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch new file mode 100644 index 0000000000..1f55d90d38 --- /dev/null +++ b/gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch @@ -0,0 +1,72 @@ +http://hg.code.sf.net/p/graphicsmagick/code/raw-rev/493da54370aa +http://openwall.com/lists/oss-security/2017/09/06/4 + +some changes were made to make the patch apply + +# HG changeset patch +# User Bob Friesenhahn +# Date 1503257388 18000 +# Node ID 493da54370aa42cb430c52a69eb75db0001a5589 +# Parent f8724674907902b7bc37c04f252fe30fbdd88e6f +SUN: Verify that file header data length, and file length are sufficient for claimed image dimensions. + +diff -r f87246749079 -r 493da54370aa coders/sun.c +--- a/coders/sun.c Sun Aug 20 12:21:03 2017 +0200 ++++ b/coders/sun.c Sun Aug 20 14:29:48 2017 -0500 +@@ -498,6 +498,12 @@ + if (sun_info.depth < 8) + image->depth=sun_info.depth; + ++ if (image_info->ping) ++ { ++ CloseBlob(image); ++ return(image); ++ } ++ + /* + Compute bytes per line and bytes per image for an unencoded + image. +@@ -522,15 +528,37 @@ + if (bytes_per_image > sun_info.length) + ThrowReaderException(CorruptImageError,ImproperImageHeader,image); + +- if (image_info->ping) +- { +- CloseBlob(image); +- return(image); +- } + if (sun_info.type == RT_ENCODED) + sun_data_length=(size_t) sun_info.length; + else + sun_data_length=bytes_per_image; ++ ++ /* ++ Verify that data length claimed by header is supported by file size ++ */ ++ if (sun_info.type == RT_ENCODED) ++ { ++ if (sun_data_length < bytes_per_image/255U) ++ { ++ ThrowReaderException(CorruptImageError,ImproperImageHeader,image); ++ } ++ } ++ if (BlobIsSeekable(image)) ++ { ++ const magick_off_t file_size = GetBlobSize(image); ++ const magick_off_t current_offset = TellBlob(image); ++ if ((file_size > 0) && ++ (current_offset > 0) && ++ (file_size > current_offset)) ++ { ++ const magick_off_t remaining = file_size-current_offset; ++ if (remaining < (magick_off_t) sun_data_length) ++ { ++ ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image); ++ } ++ } ++ } ++ + sun_data=MagickAllocateMemory(unsigned char *,sun_data_length); + if (sun_data == (unsigned char *) NULL) + ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,image); + -- cgit 1.4.1 From 338b58e0ea880f7cccbe43de21eccbf1440ac6af Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Sun, 10 Sep 2017 22:00:35 +0300 Subject: gnu: openjpeg: Fix CVE-2017-14164. * gnu/packages/image.scm (openjpeg)[source]: Add patch. * gnu/packages/patches/openjpeg-CVE-2017-14164.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/image.scm | 3 +- gnu/packages/patches/openjpeg-CVE-2017-14164.patch | 89 ++++++++++++++++++++++ 3 files changed, 92 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/openjpeg-CVE-2017-14164.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 43eac7717a..c92b93dbd2 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -895,6 +895,7 @@ dist_patch_DATA = \ %D%/packages/patches/openjpeg-CVE-2017-14041.patch \ %D%/packages/patches/openjpeg-CVE-2017-14151.patch \ %D%/packages/patches/openjpeg-CVE-2017-14152.patch \ + %D%/packages/patches/openjpeg-CVE-2017-14164.patch \ %D%/packages/patches/openldap-CVE-2017-9287.patch \ %D%/packages/patches/openocd-nrf52.patch \ %D%/packages/patches/openssl-runpath.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 3bb8de15c4..d45f08d9df 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -524,7 +524,8 @@ work.") "openjpeg-CVE-2017-14040.patch" "openjpeg-CVE-2017-14041.patch" "openjpeg-CVE-2017-14151.patch" - "openjpeg-CVE-2017-14152.patch")))) + "openjpeg-CVE-2017-14152.patch" + "openjpeg-CVE-2017-14164.patch")))) (build-system cmake-build-system) (arguments ;; Trying to run `$ make check' results in a no rule fault. diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14164.patch b/gnu/packages/patches/openjpeg-CVE-2017-14164.patch new file mode 100644 index 0000000000..2bfc5a6a85 --- /dev/null +++ b/gnu/packages/patches/openjpeg-CVE-2017-14164.patch @@ -0,0 +1,89 @@ +https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a.patch +http://openwall.com/lists/oss-security/2017/09/06/3 + +From dcac91b8c72f743bda7dbfa9032356bc8110098a Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Wed, 16 Aug 2017 17:09:10 +0200 +Subject: [PATCH] opj_j2k_write_sot(): fix potential write heap buffer overflow + (#991) + +--- + src/lib/openjp2/j2k.c | 25 ++++++++++++++++++++----- + 1 file changed, 20 insertions(+), 5 deletions(-) + +diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c +index 54b490a8c..16915452e 100644 +--- a/src/lib/openjp2/j2k.c ++++ b/src/lib/openjp2/j2k.c +@@ -832,13 +832,15 @@ static OPJ_BOOL opj_j2k_write_tlm(opj_j2k_t *p_j2k, + * Writes the SOT marker (Start of tile-part) + * + * @param p_j2k J2K codec. +- * @param p_data FIXME DOC +- * @param p_data_written FIXME DOC ++ * @param p_data Output buffer ++ * @param p_total_data_size Output buffer size ++ * @param p_data_written Number of bytes written into stream + * @param p_stream the stream to write data to. + * @param p_manager the user event manager. + */ + static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k, + OPJ_BYTE * p_data, ++ OPJ_UINT32 p_total_data_size, + OPJ_UINT32 * p_data_written, + const opj_stream_private_t *p_stream, + opj_event_mgr_t * p_manager); +@@ -4201,6 +4203,7 @@ static OPJ_BOOL opj_j2k_write_tlm(opj_j2k_t *p_j2k, + + static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k, + OPJ_BYTE * p_data, ++ OPJ_UINT32 p_total_data_size, + OPJ_UINT32 * p_data_written, + const opj_stream_private_t *p_stream, + opj_event_mgr_t * p_manager +@@ -4214,6 +4217,12 @@ static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k, + OPJ_UNUSED(p_stream); + OPJ_UNUSED(p_manager); + ++ if (p_total_data_size < 12) { ++ opj_event_msg(p_manager, EVT_ERROR, ++ "Not enough bytes in output buffer to write SOT marker\n"); ++ return OPJ_FALSE; ++ } ++ + opj_write_bytes(p_data, J2K_MS_SOT, + 2); /* SOT */ + p_data += 2; +@@ -11480,7 +11489,8 @@ static OPJ_BOOL opj_j2k_write_first_tile_part(opj_j2k_t *p_j2k, + + l_current_nb_bytes_written = 0; + l_begin_data = p_data; +- if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream, ++ if (! opj_j2k_write_sot(p_j2k, p_data, p_total_data_size, ++ &l_current_nb_bytes_written, p_stream, + p_manager)) { + return OPJ_FALSE; + } +@@ -11572,7 +11582,10 @@ static OPJ_BOOL opj_j2k_write_all_tile_parts(opj_j2k_t *p_j2k, + l_part_tile_size = 0; + l_begin_data = p_data; + +- if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream, ++ if (! opj_j2k_write_sot(p_j2k, p_data, ++ p_total_data_size, ++ &l_current_nb_bytes_written, ++ p_stream, + p_manager)) { + return OPJ_FALSE; + } +@@ -11615,7 +11628,9 @@ static OPJ_BOOL opj_j2k_write_all_tile_parts(opj_j2k_t *p_j2k, + l_part_tile_size = 0; + l_begin_data = p_data; + +- if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream, ++ if (! opj_j2k_write_sot(p_j2k, p_data, ++ p_total_data_size, ++ &l_current_nb_bytes_written, p_stream, + p_manager)) { + return OPJ_FALSE; + } -- cgit 1.4.1 From 66ae958c5bee27266bce2a573812db7fec7c3111 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 11 Sep 2017 14:46:13 +0200 Subject: gnu: emacs: Patch message-mode enriched text translation [security fix]. * gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch: New file. * gnu/packages/emacs.scm (emacs)[source](patches): Add it. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/emacs.scm | 3 +- .../emacs-unsafe-enriched-mode-translations.patch | 85 ++++++++++++++++++++++ 3 files changed, 88 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index c92b93dbd2..e98ee6d7fe 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -589,6 +589,7 @@ dist_patch_DATA = \ %D%/packages/patches/emacs-fix-scheme-indent-function.patch \ %D%/packages/patches/emacs-scheme-complete-scheme-r5rs-info.patch \ %D%/packages/patches/emacs-source-date-epoch.patch \ + %D%/packages/patches/emacs-unsafe-enriched-mode-translations.patch \ %D%/packages/patches/erlang-man-path.patch \ %D%/packages/patches/eudev-rules-directory.patch \ %D%/packages/patches/evilwm-lost-focus-bug.patch \ diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm index 2277edcece..c6d5766cbd 100644 --- a/gnu/packages/emacs.scm +++ b/gnu/packages/emacs.scm @@ -113,7 +113,8 @@ "1ykkq0xl28ljdg61bm6gzy04ww86ajms98gix72qg6cpr6a53dar")) (patches (search-patches "emacs-exec-path.patch" "emacs-fix-scheme-indent-function.patch" - "emacs-source-date-epoch.patch")) + "emacs-source-date-epoch.patch" + "emacs-unsafe-enriched-mode-translations.patch")) (modules '((guix build utils))) (snippet ;; Delete the bundled byte-compiled elisp files and diff --git a/gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch b/gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch new file mode 100644 index 0000000000..7e45d30129 --- /dev/null +++ b/gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch @@ -0,0 +1,85 @@ +This patch fixes a remote code execution vulnerability reported here: + + https://bugs.gnu.org/28350 + http://www.openwall.com/lists/oss-security/2017/09/11/1 + +From 9ad0fcc54442a9a01d41be19880250783426db70 Mon Sep 17 00:00:00 2001 +From: Lars Ingebrigtsen +Date: Fri, 8 Sep 2017 20:23:31 -0700 +Subject: Remove unsafe enriched mode translations + +* lisp/gnus/mm-view.el (mm-inline-text): +Do not worry about enriched or richtext type. +* lisp/textmodes/enriched.el (enriched-translations): +Remove translations for FUNCTION, display (Bug#28350). +(enriched-handle-display-prop, enriched-decode-display-prop): Remove. +--- + lisp/gnus/mm-view.el | 4 ---- + lisp/textmodes/enriched.el | 32 -------------------------------- + 2 files changed, 36 deletions(-) + +diff --git a/lisp/gnus/mm-view.el b/lisp/gnus/mm-view.el +index e5859d0..77ad271 100644 +--- a/lisp/gnus/mm-view.el ++++ b/lisp/gnus/mm-view.el +@@ -383,10 +383,6 @@ + (goto-char (point-max)))) + (save-restriction + (narrow-to-region b (point)) +- (when (member type '("enriched" "richtext")) +- (set-text-properties (point-min) (point-max) nil) +- (ignore-errors +- (enriched-decode (point-min) (point-max)))) + (mm-handle-set-undisplayer + handle + `(lambda () +diff --git a/lisp/textmodes/enriched.el b/lisp/textmodes/enriched.el +index beb6c6d..a8f0d38 100644 +--- a/lisp/textmodes/enriched.el ++++ b/lisp/textmodes/enriched.el +@@ -117,12 +117,7 @@ expression, which is evaluated to get the string to insert.") + (full "flushboth") + (center "center")) + (PARAMETER (t "param")) ; Argument of preceding annotation +- ;; The following are not part of the standard: +- (FUNCTION (enriched-decode-foreground "x-color") +- (enriched-decode-background "x-bg-color") +- (enriched-decode-display-prop "x-display")) + (read-only (t "x-read-only")) +- (display (nil enriched-handle-display-prop)) + (unknown (nil format-annotate-value)) + ; (font-size (2 "bigger") ; unimplemented + ; (-2 "smaller")) +@@ -477,32 +472,5 @@ Return value is \(begin end name positive-p), or nil if none was found." + (message "Warning: no color specified for ") + nil)) + +-;;; Handling the `display' property. +- +- +-(defun enriched-handle-display-prop (old new) +- "Return a list of annotations for a change in the `display' property. +-OLD is the old value of the property, NEW is the new value. Value +-is a list `(CLOSE OPEN)', where CLOSE is a list of annotations to +-close and OPEN a list of annotations to open. Each of these lists +-has the form `(ANNOTATION PARAM ...)'." +- (let ((annotation "x-display") +- (param (prin1-to-string (or old new)))) +- (if (null old) +- (cons nil (list (list annotation param))) +- (cons (list (list annotation param)) nil)))) +- +-(defun enriched-decode-display-prop (start end &optional param) +- "Decode a `display' property for text between START and END. +-PARAM is a `' found for the property. +-Value is a list `(START END SYMBOL VALUE)' with START and END denoting +-the range of text to assign text property SYMBOL with value VALUE." +- (let ((prop (when (stringp param) +- (condition-case () +- (car (read-from-string param)) +- (error nil))))) +- (unless prop +- (message "Warning: invalid parameter %s" param)) +- (list start end 'display prop))) + + ;;; enriched.el ends here -- cgit 1.4.1 From 47cef4ecad54d112aa3b4bc509194d3d49a10785 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 5 Sep 2017 21:51:12 +0200 Subject: file-systems: Introduce (gnu system uuid). * gnu/build/file-systems.scm (sub-bytevector) (latin1->string, %fat32-endianness, fat32-uuid->string) (%iso9660-uuid-rx, string->iso9660-uuid) (iso9660-uuid->string, %network-byte-order) (dce-uuid->string, %uuid-rx, string->dce-uuid) (string->ext2-uuid, string->ext3-uuid, string->ext4-uuid) (vhashq, %uuid-parsers, %uuid-printers, string->uuid) (uuid->string): Move to... * gnu/system/uuid.scm: ... here. New file. * gnu/system/file-systems.scm (uuid): Move to the above file. * gnu/system/vm.scm: Adjust accordingly. * gnu/local.mk (GNU_SYSTEM_MODULES): Add uuid.scm. --- gnu/build/file-systems.scm | 167 +------------------------------- gnu/build/vm.scm | 2 +- gnu/local.mk | 1 + gnu/system/file-systems.scm | 22 +---- gnu/system/uuid.scm | 227 ++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 234 insertions(+), 185 deletions(-) create mode 100644 gnu/system/uuid.scm (limited to 'gnu/local.mk') diff --git a/gnu/build/file-systems.scm b/gnu/build/file-systems.scm index fbaf158951..32885f1d2e 100644 --- a/gnu/build/file-systems.scm +++ b/gnu/build/file-systems.scm @@ -19,6 +19,7 @@ ;;; along with GNU Guix. If not, see . (define-module (gnu build file-systems) + #:use-module (gnu system uuid) #:use-module (guix build utils) #:use-module (guix build bournish) #:use-module (guix build syscalls) @@ -26,9 +27,6 @@ #:use-module (rnrs bytevectors) #:use-module (ice-9 match) #:use-module (ice-9 rdelim) - #:use-module (ice-9 format) - #:use-module (ice-9 regex) - #:use-module (ice-9 vlist) #:use-module (system foreign) #:autoload (system repl repl) (start-repl) #:use-module (srfi srfi-1) @@ -42,17 +40,6 @@ find-partition-by-luks-uuid canonicalize-device-spec - uuid->string - dce-uuid->string - string->uuid - string->dce-uuid - string->iso9660-uuid - string->ext2-uuid - string->ext3-uuid - string->ext4-uuid - string->btrfs-uuid - iso9660-uuid->string - bind-mount mount-flags->bit-mask @@ -98,20 +85,6 @@ takes a bytevector and returns #t when it's a valid superblock." (and (magic? block) block))))))))) -(define (sub-bytevector bv start size) - "Return a copy of the SIZE bytes of BV starting from offset START." - (let ((result (make-bytevector size))) - (bytevector-copy! bv start result 0 size) - result)) - -(define (latin1->string bv terminator) - "Return a string of BV, a latin1 bytevector, or #f. TERMINATOR is a predicate -that takes a number and returns #t when a termination character is found." - (let ((bytes (take-while (negate terminator) (bytevector->u8-list bv)))) - (if (null? bytes) - #f - (list->string (map integer->char bytes))))) - (define null-terminated-latin1->string (cut latin1->string <> zero?)) @@ -199,10 +172,6 @@ if DEVICE does not contain a btrfs file system." ;; . -(define-syntax %fat32-endianness - ;; Endianness of fat file systems. - (identifier-syntax (endianness little))) - (define (fat32-superblock? sblock) "Return #t when SBLOCK is a fat32 superblock." (bytevector=? (sub-bytevector sblock 82 8) @@ -217,12 +186,6 @@ if DEVICE does not contain a btrfs file system." "Return the Volume ID of a fat superblock SBLOCK as a 4-byte bytevector." (sub-bytevector sblock 67 4)) -(define (fat32-uuid->string uuid) - "Convert fat32 UUID, a 4-byte bytevector, to its string representation." - (let ((high (bytevector-uint-ref uuid 0 %fat32-endianness 2)) - (low (bytevector-uint-ref uuid 2 %fat32-endianness 2))) - (format #f "~:@(~x-~x~)" low high))) - (define (fat32-superblock-volume-name sblock) "Return the volume name of SBLOCK as a string of at most 11 characters, or #f if SBLOCK has no volume name. The volume name is a latin1 string. @@ -244,27 +207,6 @@ Trailing spaces are trimmed." ;; . -(define %iso9660-uuid-rx - ;; Y m d H M S ss - (make-regexp "^([[:digit:]]{4})-([[:digit:]]{2})-([[:digit:]]{2})-([[:digit:]]{2})-([[:digit:]]{2})-([[:digit:]]{2})-([[:digit:]]{2})$")) - -(define (string->iso9660-uuid str) - "Parse STR as a ISO9660 UUID (which is really a timestamp - see /dev/disk/by-uuid). -Return its contents as a 16-byte bytevector. Return #f if STR is not a valid -ISO9660 UUID representation." - (and=> (regexp-exec %iso9660-uuid-rx str) - (lambda (match) - (letrec-syntax ((match-numerals - (syntax-rules () - ((_ index (name rest ...) body) - (let ((name (match:substring match index))) - (match-numerals (+ 1 index) (rest ...) body))) - ((_ index () body) - body)))) - (match-numerals 1 (year month day hour minute second hundredths) - (string->utf8 (string-append year month day - hour minute second hundredths))))))) - (define (iso9660-superblock? sblock) "Return #t when SBLOCK is an iso9660 volume descriptor." (bytevector=? (sub-bytevector sblock 1 6) @@ -311,20 +253,6 @@ SBLOCK as a bytevector. If that's not set, returns the creation time." modification-time))) (sub-bytevector time 0 16))) ; strips GMT offset. -(define (iso9660-uuid->string uuid) - "Given an UUID bytevector, return its timestamp string." - (define (digits->string bytes) - (latin1->string bytes (lambda (c) #f))) - (let* ((year (sub-bytevector uuid 0 4)) - (month (sub-bytevector uuid 4 2)) - (day (sub-bytevector uuid 6 2)) - (hour (sub-bytevector uuid 8 2)) - (minute (sub-bytevector uuid 10 2)) - (second (sub-bytevector uuid 12 2)) - (hundredths (sub-bytevector uuid 14 2)) - (parts (list year month day hour minute second hundredths))) - (string-append (string-join (map digits->string parts) "-")))) - (define (iso9660-superblock-volume-name sblock) "Return the volume name of SBLOCK as a string. The volume name is an ASCII string. Trailing spaces are trimmed." @@ -511,99 +439,6 @@ were found." (define find-partition-by-luks-uuid (find-partition luks-partition-uuid-predicate)) - -;;; -;;; UUIDs. -;;; - -(define-syntax %network-byte-order - (identifier-syntax (endianness big))) - -(define (dce-uuid->string uuid) - "Convert UUID, a 16-byte bytevector, to its string representation, something -like \"6b700d61-5550-48a1-874c-a3d86998990e\"." - ;; See . - (let ((time-low (bytevector-uint-ref uuid 0 %network-byte-order 4)) - (time-mid (bytevector-uint-ref uuid 4 %network-byte-order 2)) - (time-hi (bytevector-uint-ref uuid 6 %network-byte-order 2)) - (clock-seq (bytevector-uint-ref uuid 8 %network-byte-order 2)) - (node (bytevector-uint-ref uuid 10 %network-byte-order 6))) - (format #f "~8,'0x-~4,'0x-~4,'0x-~4,'0x-~12,'0x" - time-low time-mid time-hi clock-seq node))) - -(define %uuid-rx - ;; The regexp of a UUID. - (make-regexp "^([[:xdigit:]]{8})-([[:xdigit:]]{4})-([[:xdigit:]]{4})-([[:xdigit:]]{4})-([[:xdigit:]]{12})$")) - -(define (string->dce-uuid str) - "Parse STR as a DCE UUID (see ) and -return its contents as a 16-byte bytevector. Return #f if STR is not a valid -UUID representation." - (and=> (regexp-exec %uuid-rx str) - (lambda (match) - (letrec-syntax ((hex->number - (syntax-rules () - ((_ index) - (string->number (match:substring match index) - 16)))) - (put! - (syntax-rules () - ((_ bv index (number len) rest ...) - (begin - (bytevector-uint-set! bv index number - (endianness big) len) - (put! bv (+ index len) rest ...))) - ((_ bv index) - bv)))) - (let ((time-low (hex->number 1)) - (time-mid (hex->number 2)) - (time-hi (hex->number 3)) - (clock-seq (hex->number 4)) - (node (hex->number 5)) - (uuid (make-bytevector 16))) - (put! uuid 0 - (time-low 4) (time-mid 2) (time-hi 2) - (clock-seq 2) (node 6))))))) - -(define string->ext2-uuid string->dce-uuid) -(define string->ext3-uuid string->dce-uuid) -(define string->ext4-uuid string->dce-uuid) -(define string->btrfs-uuid string->dce-uuid) - -(define-syntax vhashq - (syntax-rules (=>) - ((_) - vlist-null) - ((_ (key others ... => value) rest ...) - (vhash-consq key value - (vhashq (others ... => value) rest ...))) - ((_ (=> value) rest ...) - (vhashq rest ...)))) - -(define %uuid-parsers - (vhashq - ('dce 'ext2 'ext3 'ext4 'btrfs 'luks => string->dce-uuid) - ('iso9660 => string->iso9660-uuid))) - -(define %uuid-printers - (vhashq - ('dce 'ext2 'ext3 'ext4 'btrfs 'luks => dce-uuid->string) - ('iso9660 => iso9660-uuid->string) - ('fat32 'fat => fat32-uuid->string))) - -(define* (string->uuid str #:key (type 'dce)) - "Parse STR as a UUID of the given TYPE. On success, return the -corresponding bytevector; otherwise return #f." - (match (vhash-assq type %uuid-parsers) - (#f #f) - ((_ . (? procedure? parse)) (parse str)))) - -(define* (uuid->string bv #:key (type 'dce)) - "Convert BV, a bytevector, to the UUID string representation for TYPE." - (match (vhash-assq type %uuid-printers) - (#f #f) - ((_ . (? procedure? unparse)) (unparse bv)))) - (define* (canonicalize-device-spec spec #:optional (title 'any)) "Return the device name corresponding to SPEC. TITLE is a symbol, one of diff --git a/gnu/build/vm.scm b/gnu/build/vm.scm index ad67a3727f..6da4fa654e 100644 --- a/gnu/build/vm.scm +++ b/gnu/build/vm.scm @@ -26,7 +26,7 @@ #:use-module (guix build syscalls) #:use-module (gnu build linux-boot) #:use-module (gnu build install) - #:use-module (gnu build file-systems) + #:use-module (gnu system uuid) #:use-module (guix records) #:use-module ((guix combinators) #:select (fold2)) #:use-module (ice-9 format) diff --git a/gnu/local.mk b/gnu/local.mk index e98ee6d7fe..c1bc391101 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -468,6 +468,7 @@ GNU_SYSTEM_MODULES = \ %D%/system/nss.scm \ %D%/system/pam.scm \ %D%/system/shadow.scm \ + %D%/system/uuid.scm \ %D%/system/vm.scm \ \ %D%/build/activation.scm \ diff --git a/gnu/system/file-systems.scm b/gnu/system/file-systems.scm index bbac23fbdf..dd30559d7e 100644 --- a/gnu/system/file-systems.scm +++ b/gnu/system/file-systems.scm @@ -20,9 +20,10 @@ #:use-module (ice-9 match) #:use-module (srfi srfi-1) #:use-module (guix records) - #:use-module ((gnu build file-systems) - #:select (string->uuid uuid->string)) - #:re-export (string->uuid + #:use-module ((gnu system uuid) + #:select (uuid string->uuid uuid->string)) + #:re-export (uuid ;backward compatibility + string->uuid uuid->string) #:export ( file-system @@ -44,7 +45,6 @@ file-system->spec spec->file-system specification->file-system-mapping - uuid %fuse-control-file-system %binary-format-file-system @@ -186,20 +186,6 @@ TARGET in the other system." (target spec) (writable? writable?))))) -(define-syntax uuid - (lambda (s) - "Return the bytevector corresponding to the given UUID representation." - (syntax-case s () - ((_ str) - (string? (syntax->datum #'str)) - ;; A literal string: do the conversion at expansion time. - (let ((bv (string->uuid (syntax->datum #'str)))) - (unless bv - (syntax-violation 'uuid "invalid UUID" s)) - (datum->syntax #'str bv))) - ((_ str) - #'(string->uuid str))))) - ;;; ;;; Common file systems. diff --git a/gnu/system/uuid.scm b/gnu/system/uuid.scm new file mode 100644 index 0000000000..64dad5a374 --- /dev/null +++ b/gnu/system/uuid.scm @@ -0,0 +1,227 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2016, 2017 Ludovic Courtès +;;; Copyright © 2017 Danny Milosavljevic +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu system uuid) + #:use-module (srfi srfi-1) + #:use-module (rnrs bytevectors) + #:use-module (ice-9 match) + #:use-module (ice-9 vlist) + #:use-module (ice-9 regex) + #:use-module (ice-9 format) + #:export (uuid + uuid->string + dce-uuid->string + string->uuid + string->dce-uuid + string->iso9660-uuid + string->ext2-uuid + string->ext3-uuid + string->ext4-uuid + string->btrfs-uuid + iso9660-uuid->string + + ;; XXX: For lack of a better place. + sub-bytevector + latin1->string)) + + +;;; +;;; Tools that lack a better place. +;;; + +(define (sub-bytevector bv start size) + "Return a copy of the SIZE bytes of BV starting from offset START." + (let ((result (make-bytevector size))) + (bytevector-copy! bv start result 0 size) + result)) + +(define (latin1->string bv terminator) + "Return a string of BV, a latin1 bytevector, or #f. TERMINATOR is a predicate +that takes a number and returns #t when a termination character is found." + (let ((bytes (take-while (negate terminator) (bytevector->u8-list bv)))) + (if (null? bytes) + #f + (list->string (map integer->char bytes))))) + + +;;; +;;; DCE UUIDs. +;;; + +(define-syntax %network-byte-order + (identifier-syntax (endianness big))) + +(define (dce-uuid->string uuid) + "Convert UUID, a 16-byte bytevector, to its string representation, something +like \"6b700d61-5550-48a1-874c-a3d86998990e\"." + ;; See . + (let ((time-low (bytevector-uint-ref uuid 0 %network-byte-order 4)) + (time-mid (bytevector-uint-ref uuid 4 %network-byte-order 2)) + (time-hi (bytevector-uint-ref uuid 6 %network-byte-order 2)) + (clock-seq (bytevector-uint-ref uuid 8 %network-byte-order 2)) + (node (bytevector-uint-ref uuid 10 %network-byte-order 6))) + (format #f "~8,'0x-~4,'0x-~4,'0x-~4,'0x-~12,'0x" + time-low time-mid time-hi clock-seq node))) + +(define %uuid-rx + ;; The regexp of a UUID. + (make-regexp "^([[:xdigit:]]{8})-([[:xdigit:]]{4})-([[:xdigit:]]{4})-([[:xdigit:]]{4})-([[:xdigit:]]{12})$")) + +(define (string->dce-uuid str) + "Parse STR as a DCE UUID (see ) and +return its contents as a 16-byte bytevector. Return #f if STR is not a valid +UUID representation." + (and=> (regexp-exec %uuid-rx str) + (lambda (match) + (letrec-syntax ((hex->number + (syntax-rules () + ((_ index) + (string->number (match:substring match index) + 16)))) + (put! + (syntax-rules () + ((_ bv index (number len) rest ...) + (begin + (bytevector-uint-set! bv index number + (endianness big) len) + (put! bv (+ index len) rest ...))) + ((_ bv index) + bv)))) + (let ((time-low (hex->number 1)) + (time-mid (hex->number 2)) + (time-hi (hex->number 3)) + (clock-seq (hex->number 4)) + (node (hex->number 5)) + (uuid (make-bytevector 16))) + (put! uuid 0 + (time-low 4) (time-mid 2) (time-hi 2) + (clock-seq 2) (node 6))))))) + + +;;; +;;; ISO-9660. +;;; + +;; . + +(define %iso9660-uuid-rx + ;; Y m d H M S ss + (make-regexp "^([[:digit:]]{4})-([[:digit:]]{2})-([[:digit:]]{2})-([[:digit:]]{2})-([[:digit:]]{2})-([[:digit:]]{2})-([[:digit:]]{2})$")) +(define (string->iso9660-uuid str) + "Parse STR as a ISO9660 UUID (which is really a timestamp - see /dev/disk/by-uuid). +Return its contents as a 16-byte bytevector. Return #f if STR is not a valid +ISO9660 UUID representation." + (and=> (regexp-exec %iso9660-uuid-rx str) + (lambda (match) + (letrec-syntax ((match-numerals + (syntax-rules () + ((_ index (name rest ...) body) + (let ((name (match:substring match index))) + (match-numerals (+ 1 index) (rest ...) body))) + ((_ index () body) + body)))) + (match-numerals 1 (year month day hour minute second hundredths) + (string->utf8 (string-append year month day + hour minute second hundredths))))))) +(define (iso9660-uuid->string uuid) + "Given an UUID bytevector, return its timestamp string." + (define (digits->string bytes) + (latin1->string bytes (lambda (c) #f))) + (let* ((year (sub-bytevector uuid 0 4)) + (month (sub-bytevector uuid 4 2)) + (day (sub-bytevector uuid 6 2)) + (hour (sub-bytevector uuid 8 2)) + (minute (sub-bytevector uuid 10 2)) + (second (sub-bytevector uuid 12 2)) + (hundredths (sub-bytevector uuid 14 2)) + (parts (list year month day hour minute second hundredths))) + (string-append (string-join (map digits->string parts) "-")))) + + +;;; +;;; FAT32. +;;; + +(define-syntax %fat32-endianness + ;; Endianness of FAT file systems. + (identifier-syntax (endianness little))) + +(define (fat32-uuid->string uuid) + "Convert fat32 UUID, a 4-byte bytevector, to its string representation." + (let ((high (bytevector-uint-ref uuid 0 %fat32-endianness 2)) + (low (bytevector-uint-ref uuid 2 %fat32-endianness 2))) + (format #f "~:@(~x-~x~)" low high))) + + +;;; +;;; Generic interface. +;;; + +(define string->ext2-uuid string->dce-uuid) +(define string->ext3-uuid string->dce-uuid) +(define string->ext4-uuid string->dce-uuid) +(define string->btrfs-uuid string->dce-uuid) + +(define-syntax vhashq + (syntax-rules (=>) + ((_) + vlist-null) + ((_ (key others ... => value) rest ...) + (vhash-consq key value + (vhashq (others ... => value) rest ...))) + ((_ (=> value) rest ...) + (vhashq rest ...)))) + +(define %uuid-parsers + (vhashq + ('dce 'ext2 'ext3 'ext4 'btrfs 'luks => string->dce-uuid) + ('iso9660 => string->iso9660-uuid))) + +(define %uuid-printers + (vhashq + ('dce 'ext2 'ext3 'ext4 'btrfs 'luks => dce-uuid->string) + ('iso9660 => iso9660-uuid->string) + ('fat32 'fat => fat32-uuid->string))) + +(define* (string->uuid str #:key (type 'dce)) + "Parse STR as a UUID of the given TYPE. On success, return the +corresponding bytevector; otherwise return #f." + (match (vhash-assq type %uuid-parsers) + (#f #f) + ((_ . (? procedure? parse)) (parse str)))) + +(define* (uuid->string bv #:key (type 'dce)) + "Convert BV, a bytevector, to the UUID string representation for TYPE." + (match (vhash-assq type %uuid-printers) + (#f #f) + ((_ . (? procedure? unparse)) (unparse bv)))) + +(define-syntax uuid + (lambda (s) + "Return the bytevector corresponding to the given UUID representation." + (syntax-case s () + ((_ str) + (string? (syntax->datum #'str)) + ;; A literal string: do the conversion at expansion time. + (let ((bv (string->uuid (syntax->datum #'str)))) + (unless bv + (syntax-violation 'uuid "invalid UUID" s)) + (datum->syntax #'str bv))) + ((_ str) + #'(string->uuid str))))) -- cgit 1.4.1 From 27236a43486b8fbb9d55d533e558165bab07d020 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Wed, 13 Sep 2017 10:30:47 -0400 Subject: gnu: bluez: Add replacement to fix CVE-2017-1000250. * gnu/packages/patches/bluez-CVE-2017-1000250.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/linux.scm (bluez)[replacement]: New field. (bluez/fixed): New variable. --- gnu/local.mk | 1 + gnu/packages/linux.scm | 15 ++++++++ gnu/packages/patches/bluez-CVE-2017-1000250.patch | 42 +++++++++++++++++++++++ 3 files changed, 58 insertions(+) create mode 100644 gnu/packages/patches/bluez-CVE-2017-1000250.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index c1bc391101..1f55e52bfd 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -536,6 +536,7 @@ dist_patch_DATA = \ %D%/packages/patches/binutils-ld-new-dtags.patch \ %D%/packages/patches/binutils-loongson-workaround.patch \ %D%/packages/patches/blast+-fix-makefile.patch \ + %D%/packages/patches/bluez-CVE-2017-1000250.patch \ %D%/packages/patches/byobu-writable-status.patch \ %D%/packages/patches/cairo-CVE-2016-9082.patch \ %D%/packages/patches/calibre-no-updates-dialog.patch \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 22f22c036c..28a5e5b885 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -3013,6 +3013,7 @@ Bluetooth audio output devices like headphones or loudspeakers.") (package (name "bluez") (version "5.45") + (replacement bluez/fixed) (source (origin (method url-fetch) (uri (string-append @@ -3074,6 +3075,20 @@ Bluetooth audio output devices like headphones or loudspeakers.") is flexible, efficient and uses a modular implementation.") (license license:gpl2+))) +(define bluez/fixed + (package + (inherit bluez) + (version "5.45") + (source (origin + (method url-fetch) + (uri (string-append + "mirror://kernel.org/linux/bluetooth/bluez-" + version ".tar.xz")) + (sha256 + (base32 + "1sb4aflgyrl7apricjipa8wx95qm69yja0lmn2f19g560c3v1b2c")) + (patches (search-patches "bluez-CVE-2017-1000250.patch")))))) + (define-public fuse-exfat (package (name "fuse-exfat") diff --git a/gnu/packages/patches/bluez-CVE-2017-1000250.patch b/gnu/packages/patches/bluez-CVE-2017-1000250.patch new file mode 100644 index 0000000000..81f209d7b2 --- /dev/null +++ b/gnu/packages/patches/bluez-CVE-2017-1000250.patch @@ -0,0 +1,42 @@ +Description: CVE-2017-1000250: information disclosure vulnerability in service_search_attr_req +Origin: vendor +Bug-Debian: https://bugs.debian.org/875633 +Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1489446 +Bug-SuSE: https://bugzilla.suse.com/show_bug.cgi?id=1057342 +Forwarded: no +Author: Armis Security +Reviewed-by: Salvatore Bonaccorso +Last-Update: 2017-09-13 + +--- a/src/sdpd-request.c ++++ b/src/sdpd-request.c +@@ -918,15 +918,20 @@ static int service_search_attr_req(sdp_r + /* continuation State exists -> get from cache */ + sdp_buf_t *pCache = sdp_get_cached_rsp(cstate); + if (pCache) { +- uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent); +- pResponse = pCache->data; +- memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent); +- buf->data_size += sent; +- cstate->cStateValue.maxBytesSent += sent; +- if (cstate->cStateValue.maxBytesSent == pCache->data_size) +- cstate_size = sdp_set_cstate_pdu(buf, NULL); +- else +- cstate_size = sdp_set_cstate_pdu(buf, cstate); ++ if (cstate->cStateValue.maxBytesSent >= pCache->data_size) { ++ status = SDP_INVALID_CSTATE; ++ SDPDBG("Got bad cstate with invalid size"); ++ } else { ++ uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent); ++ pResponse = pCache->data; ++ memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent); ++ buf->data_size += sent; ++ cstate->cStateValue.maxBytesSent += sent; ++ if (cstate->cStateValue.maxBytesSent == pCache->data_size) ++ cstate_size = sdp_set_cstate_pdu(buf, NULL); ++ else ++ cstate_size = sdp_set_cstate_pdu(buf, cstate); ++ } + } else { + status = SDP_INVALID_CSTATE; + SDPDBG("Non-null continuation state, but null cache buffer"); -- cgit 1.4.1 From db7f7eb8ca670ee5d76e3bad3ada29e87e3f6a10 Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Sun, 10 Sep 2017 12:19:06 -0400 Subject: gnu: graphicsmagick: Fix CVE-2017-{11403,14103}. * gnu/packages/imagemagick.scm (graphicsmagick)[source]: Add patch. * gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/imagemagick.scm | 3 +- ...phicsmagick-CVE-2017-11403+CVE-2017-14103.patch | 137 +++++++++++++++++++++ 3 files changed, 140 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 1f55e52bfd..4fefa3b10b 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -678,6 +678,7 @@ dist_patch_DATA = \ %D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \ %D%/packages/patches/gobject-introspection-cc.patch \ %D%/packages/patches/gobject-introspection-girepository.patch \ + %D%/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch \ %D%/packages/patches/graphicsmagick-CVE-2017-12935.patch \ %D%/packages/patches/graphicsmagick-CVE-2017-12936.patch \ %D%/packages/patches/graphicsmagick-CVE-2017-12937.patch \ diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm index 72b4643735..5f3e3ad96d 100644 --- a/gnu/packages/imagemagick.scm +++ b/gnu/packages/imagemagick.scm @@ -178,7 +178,8 @@ script.") (base32 "122zgs96dqrys62mnh8x5yvfff6km4d3yrnvaxzg3mg5sprib87v")) (patches - (search-patches "graphicsmagick-CVE-2017-12935.patch" + (search-patches "graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch" + "graphicsmagick-CVE-2017-12935.patch" "graphicsmagick-CVE-2017-12936.patch" "graphicsmagick-CVE-2017-12937.patch" "graphicsmagick-CVE-2017-13775.patch" diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch new file mode 100644 index 0000000000..dbcaea1343 --- /dev/null +++ b/gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch @@ -0,0 +1,137 @@ +http://www.openwall.com/lists/oss-security/2017/09/01/6 + +CVE-2017-11403: +http://hg.code.sf.net/p/graphicsmagick/code/rev/d0a76868ca37 + +CVE-2017-14103: +http://hg.code.sf.net/p/graphicsmagick/code/rev/98721124e51f + +some changes were made to make the patch apply + +# HG changeset patch +# User Glenn Randers-Pehrson +# Date 1503875721 14400 +# Node ID 98721124e51fd5ec0c6fba64bce2e218869632d2 +# Parent f0f2ea85a2930f3b6dcd72352719adb9660f2aad +Attempt to fix Issue 440. + +diff -ru a/coders/png.c b/coders/png.c +--- a/coders/png.c 1969-12-31 19:00:00.000000000 -0500 ++++ b/coders/png.c 2017-09-10 11:31:56.543194173 -0400 +@@ -3106,7 +3106,9 @@ + if (length > PNG_MAX_UINT || count == 0) + { + DestroyJNGInfo(color_image_info,alpha_image_info); +- ThrowReaderException(CorruptImageError,CorruptImage,image); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ "chunk length (%lu) > PNG_MAX_UINT",length); ++ return ((Image*)NULL); + } + + chunk=(unsigned char *) NULL; +@@ -3117,13 +3119,16 @@ + if (chunk == (unsigned char *) NULL) + { + DestroyJNGInfo(color_image_info,alpha_image_info); +- ThrowReaderException(ResourceLimitError,MemoryAllocationFailed, +- image); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " Could not allocate chunk memory"); ++ return ((Image*)NULL); + } + if (ReadBlob(image,length,chunk) < length) + { + DestroyJNGInfo(color_image_info,alpha_image_info); +- ThrowReaderException(CorruptImageError,CorruptImage,image); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " chunk reading was incomplete"); ++ return ((Image*)NULL); + } + p=chunk; + } +@@ -3198,7 +3203,7 @@ + jng_width, jng_height); + MagickFreeMemory(chunk); + DestroyJNGInfo(color_image_info,alpha_image_info); +- ThrowReaderException(CorruptImageError,ImproperImageHeader,image); ++ return ((Image *)NULL); + } + + /* Temporarily set width and height resources to match JHDR */ +@@ -3233,8 +3238,9 @@ + if (color_image == (Image *) NULL) + { + DestroyJNGInfo(color_image_info,alpha_image_info); +- ThrowReaderException(ResourceLimitError,MemoryAllocationFailed, +- image); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " could not open color_image blob"); ++ return ((Image *)NULL); + } + if (logging) + (void) LogMagickEvent(CoderEvent,GetMagickModule(), +@@ -3245,7 +3251,9 @@ + if (status == MagickFalse) + { + DestroyJNGInfo(color_image_info,alpha_image_info); +- ThrowReaderException(CoderError,UnableToOpenBlob,color_image); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " could not open color_image blob"); ++ return ((Image *)NULL); + } + + if (!image_info->ping && jng_color_type >= 12) +@@ -3255,17 +3263,18 @@ + if (alpha_image_info == (ImageInfo *) NULL) + { + DestroyJNGInfo(color_image_info,alpha_image_info); +- ThrowReaderException(ResourceLimitError, +- MemoryAllocationFailed, image); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " could not allocate alpha_image_info",length); ++ return ((Image *)NULL); + } + GetImageInfo(alpha_image_info); + alpha_image=AllocateImage(alpha_image_info); + if (alpha_image == (Image *) NULL) + { + DestroyJNGInfo(color_image_info,alpha_image_info); +- ThrowReaderException(ResourceLimitError, +- MemoryAllocationFailed, +- alpha_image); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " could not allocate alpha_image"); ++ return ((Image *)NULL); + } + if (logging) + (void) LogMagickEvent(CoderEvent,GetMagickModule(), +@@ -3277,7 +3286,9 @@ + { + DestroyJNGInfo(color_image_info,alpha_image_info); + DestroyImage(alpha_image); +- ThrowReaderException(CoderError,UnableToOpenBlob,image); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " could not allocate alpha_image blob"); ++ return ((Image *)NULL); + } + if (jng_alpha_compression_method == 0) + { +@@ -3613,6 +3624,8 @@ + alpha_image = (Image *)NULL; + DestroyImageInfo(alpha_image_info); + alpha_image_info = (ImageInfo *)NULL; ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " Destroy the JNG image"); + DestroyImage(jng_image); + jng_image = (Image *)NULL; + } +@@ -5146,8 +5159,8 @@ + + if (image == (Image *) NULL) + { +- DestroyImageList(previous); + CloseBlob(previous); ++ DestroyImageList(previous); + MngInfoFreeStruct(mng_info,&have_mng_structure); + return((Image *) NULL); + } -- cgit 1.4.1 From 2206bd340b6d55b69779acc894d122eeea421339 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Thu, 14 Sep 2017 19:32:36 +0300 Subject: gnu: Add gnucobol. * gnu/packages/cobol.scm (gnucobol): New variable. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. --- gnu/local.mk | 1 + gnu/packages/cobol.scm | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+) create mode 100644 gnu/packages/cobol.scm (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 4fefa3b10b..f2feca0524 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -88,6 +88,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/chez.scm \ %D%/packages/ci.scm \ %D%/packages/cmake.scm \ + %D%/packages/cobol.scm \ %D%/packages/code.scm \ %D%/packages/commencement.scm \ %D%/packages/compression.scm \ diff --git a/gnu/packages/cobol.scm b/gnu/packages/cobol.scm new file mode 100644 index 0000000000..f8f35928a7 --- /dev/null +++ b/gnu/packages/cobol.scm @@ -0,0 +1,59 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 Efraim Flashner +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages cobol) + #:use-module (gnu packages) + #:use-module (guix build-system gnu) + #:use-module (guix licenses) + #:use-module (guix packages) + #:use-module (guix download) + #:use-module (gnu packages databases) + #:use-module (gnu packages multiprecision) + #:use-module (gnu packages ncurses)) + +(define-public gnucobol + (package + (name "gnucobol") + (version "2.2") + (source + (origin + (method url-fetch) + (uri (string-append + "mirror://gnu/gnucobol/gnucobol-" + version ".tar.xz")) + (sha256 + (base32 + "1814s1n95xax2dz938cf4fkcp0q94nkj1gjbdblbzpk9q92zq66w")))) + (arguments + '(#:configure-flags (list (string-append "LDFLAGS=-Wl,-rpath=" + (assoc-ref %outputs "out") + "/lib")))) + (inputs + `(("bdb" ,bdb) + ("gmp" ,gmp) + ("ncurses" ,ncurses))) + (build-system gnu-build-system) + (home-page "https://savannah.gnu.org/projects/gnucobol/") + (synopsis "A modern COBOL compiler") + (description "GnuCOBOL is a free, modern COBOL compiler. GnuCOBOL +implements a substantial part of the COBOL 85, COBOL 2002 and COBOL 2014 +standards and X/Open COBOL, as well as many extensions included in other +COBOL compilers (IBM COBOL, MicroFocus COBOL, ACUCOBOL-GT and others). +GnuCOBOL translates COBOL into C and compiles the translated code using +a native C compiler.") + (license gpl3+))) -- cgit 1.4.1 From 8f21aa22bf4b731ed0e5631c371846028e5cec0d Mon Sep 17 00:00:00 2001 From: Paul Garlick Date: Thu, 14 Sep 2017 16:46:21 +0100 Subject: gnu: Add openfoam. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit *gnu/packages/patches/openfoam-4.1-cleanup.patch: New file *gnu/packages/simulation.scm: New file *gnu/local.mk (GNU_SYSTEM_MODULES): Add module. (dist_patch_DATA): Add patch. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 2 + gnu/packages/patches/openfoam-4.1-cleanup.patch | 243 ++++++++++++++++++++++++ gnu/packages/simulation.scm | 212 +++++++++++++++++++++ 3 files changed, 457 insertions(+) create mode 100644 gnu/packages/patches/openfoam-4.1-cleanup.patch create mode 100644 gnu/packages/simulation.scm (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index f2feca0524..c906f34a3e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -364,6 +364,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/shells.scm \ %D%/packages/shellutils.scm \ %D%/packages/simh.scm \ + %D%/packages/simulation.scm \ %D%/packages/skarnet.scm \ %D%/packages/skribilo.scm \ %D%/packages/slang.scm \ @@ -895,6 +896,7 @@ dist_patch_DATA = \ %D%/packages/patches/ola-readdir-r.patch \ %D%/packages/patches/openscenegraph-ffmpeg3.patch \ %D%/packages/patches/openexr-missing-samples.patch \ + %D%/packages/patches/openfoam-4.1-cleanup.patch \ %D%/packages/patches/openjpeg-CVE-2017-12982.patch \ %D%/packages/patches/openjpeg-CVE-2017-14040.patch \ %D%/packages/patches/openjpeg-CVE-2017-14041.patch \ diff --git a/gnu/packages/patches/openfoam-4.1-cleanup.patch b/gnu/packages/patches/openfoam-4.1-cleanup.patch new file mode 100644 index 0000000000..37effa5c9c --- /dev/null +++ b/gnu/packages/patches/openfoam-4.1-cleanup.patch @@ -0,0 +1,243 @@ +# This patch removes all need for the ThirdParty files of OpenFOAM. + +# Derived from EasyBuild patch by Ward Poelmans . +# Modified for GNU Guix by Paul Garlick . + +diff -ur OpenFOAM-4.x-version-4.1.org/applications/utilities/mesh/manipulation/setSet/Allwmake OpenFOAM-4.x-version-4.1/applications/utilities/mesh/manipulation/setSet/Allwmake +--- OpenFOAM-4.x-version-4.1.org/applications/utilities/mesh/manipulation/setSet/Allwmake ++++ OpenFOAM-4.x-version-4.1/applications/utilities/mesh/manipulation/setSet/Allwmake +@@ -9,7 +9,7 @@ + # + # use readline if available + # +-if [ -f /usr/include/readline/readline.h ] ++if true + then + echo "Found -- enabling readline support." + export COMP_FLAGS="-DHAS_READLINE" +diff -ur OpenFOAM-4.x-version-4.1.org/etc/bashrc OpenFOAM-4.x-version-4.1/etc/bashrc +--- OpenFOAM-4.x-version-4.1.org/etc/bashrc ++++ OpenFOAM-4.x-version-4.1/etc/bashrc +@@ -43,8 +43,10 @@ + # Please set to the appropriate path if the default is not correct. + # + [ $BASH_SOURCE ] && \ +-export FOAM_INST_DIR=$(cd ${BASH_SOURCE%/*/*/*} && pwd -P) || \ ++export FOAM_INST_DIR=$(cd $(dirname $BASH_SOURCE)/../.. && pwd -P) || \ + export FOAM_INST_DIR=$HOME/$WM_PROJECT ++# For GNU Guix: set initially for build then re-set at runtime ++# + # export FOAM_INST_DIR=~$WM_PROJECT + # export FOAM_INST_DIR=/opt/$WM_PROJECT + # export FOAM_INST_DIR=/usr/local/$WM_PROJECT +diff -ur OpenFOAM-4.x-version-4.1.org/etc/config.sh/CGAL OpenFOAM-4.x-version-4.1/etc/config.sh/CGAL +--- OpenFOAM-4.x-version-4.1.org/etc/config.sh/CGAL ++++ OpenFOAM-4.x-version-4.1/etc/config.sh/CGAL +@@ -36,37 +36,7 @@ + # + #------------------------------------------------------------------------------ + +-boost_version=boost-system +-cgal_version=cgal-system +-#cgal_version=CGAL-4.8 +- +-if [ -z "$SOURCE_CGAL_VERSIONS_ONLY" ] +-then +- +- common_path=$WM_THIRD_PARTY_DIR/platforms/$WM_ARCH$WM_COMPILER +- +- export BOOST_ARCH_PATH=$common_path/$boost_version +- export CGAL_ARCH_PATH=$common_path/$cgal_version +- +- if [ "$FOAM_VERBOSE" -a "$PS1" ] +- then +- echo "Using CGAL and boost" 1>&2 +- echo " $cgal_version at $CGAL_ARCH_PATH" 1>&2 +- echo " $boost_version at $BOOST_ARCH_PATH" 1>&2 +- fi +- +- if [ -d "$CGAL_ARCH_PATH" -a "$cgal_version" != "cgal-system" ] +- then +- _foamAddLib $CGAL_ARCH_PATH/lib +- fi +- +- if [ -d "$BOOST_ARCH_PATH" -a "$boost_version" != "boost-system" ] +- then +- _foamAddLib $BOOST_ARCH_PATH/lib +- fi +- +- unset boost_version cgal_version common_path +- +-fi ++export CGAL_ARCH_PATH=$CGAL_ROOT ++export BOOST_ARCH_PATH=$BOOST_ROOT + + #------------------------------------------------------------------------------ +diff -ur OpenFOAM-4.x-version-4.1.org/etc/config.sh/gperftools OpenFOAM-4.x-version-4.1/etc/config.sh/gperftools +--- OpenFOAM-4.x-version-4.1.org/etc/config.sh/gperftools ++++ OpenFOAM-4.x-version-4.1/etc/config.sh/gperftools +@@ -29,13 +29,5 @@ + # + #------------------------------------------------------------------------------ + +-version=svn +-gperftools_install=$WM_THIRD_PARTY_DIR/platforms/$WM_ARCH$WM_COMPILER +- +-GPERFTOOLS_VERSION=gperftools-$version +-GPERFTOOLS_ARCH_PATH=$gperftools_install/$GPERFTOOLS_VERSION +- +-export PATH=$GPERFTOOLS_ARCH_PATH/bin:$PATH +-export LD_LIBRARY_PATH=$GPERFTOOLS_ARCH_PATH/lib:$LD_LIBRARY_PATH + + #------------------------------------------------------------------------------ +diff -ur OpenFOAM-4.x-version-4.1.org/etc/config.sh/metis OpenFOAM-4.x-version-4.1/etc/config.sh/metis +--- OpenFOAM-4.x-version-4.1.org/etc/config.sh/metis ++++ OpenFOAM-4.x-version-4.1/etc/config.sh/metis +@@ -34,7 +34,7 @@ + # + #------------------------------------------------------------------------------ + +-export METIS_VERSION=metis-5.1.0 +-export METIS_ARCH_PATH=$WM_THIRD_PARTY_DIR/platforms/$WM_ARCH$WM_COMPILER$WM_PRECISION_OPTION$WM_LABEL_OPTION/$METIS_VERSION ++export METIS_VERSION=metis-$METISVERSION ++export METIS_ARCH_PATH=$METIS_ROOT + + #------------------------------------------------------------------------------ +diff -ur OpenFOAM-4.x-version-4.1.org/etc/config.sh/scotch OpenFOAM-4.x-version-4.1/etc/config.sh/scotch +--- OpenFOAM-4.x-version-4.1.org/etc/config.sh/scotch ++++ OpenFOAM-4.x-version-4.1/etc/config.sh/scotch +@@ -37,7 +37,7 @@ + # + #------------------------------------------------------------------------------ + +-export SCOTCH_VERSION=scotch_6.0.3 +-export SCOTCH_ARCH_PATH=$WM_THIRD_PARTY_DIR/platforms/$WM_ARCH$WM_COMPILER$WM_PRECISION_OPTION$WM_LABEL_OPTION/$SCOTCH_VERSION ++export SCOTCH_VERSION=scotch_$SCOTCHVERSION ++export SCOTCH_ARCH_PATH=$SCOTCH_ROOT + + #------------------------------------------------------------------------------ +diff -ur OpenFOAM-4.x-version-4.1.org/etc/config.sh/settings OpenFOAM-4.x-version-4.1/etc/config.sh/settings +--- OpenFOAM-4.x-version-4.1.org/etc/config.sh/settings ++++ OpenFOAM-4.x-version-4.1/etc/config.sh/settings +@@ -279,6 +279,9 @@ + ;; + system) + # Use system compiler ++ # Use system GMP and MPFR packages ++ export GMP_ARCH_PATH=$GMP_ROOT ++ export MPFR_ARCH_PATH=$MPFR_ROOT + ;; + *) + echo "Warn: WM_COMPILER_TYPE='$WM_COMPILER_TYPE' is unsupported" 1>&2 +diff -ur OpenFOAM-4.x-version-4.1.org/src/parallel/decompose/ptscotchDecomp/Make/options OpenFOAM-4.x-version-4.1/src/parallel/decompose/ptscotchDecomp/Make/options +--- OpenFOAM-4.x-version-4.1.org/src/parallel/decompose/ptscotchDecomp/Make/options ++++ OpenFOAM-4.x-version-4.1/src/parallel/decompose/ptscotchDecomp/Make/options +@@ -5,8 +5,7 @@ + $(PFLAGS) $(PINC) \ + -I$(SCOTCH_ROOT)/include \ + -I$(SCOTCH_ARCH_PATH)/include/$(FOAM_MPI) \ +- -I/usr/include/scotch \ + -I../decompositionMethods/lnInclude + + LIB_LIBS = \ +- -L$(SCOTCH_ROOT)/lib -L$(FOAM_EXT_LIBBIN)/$(FOAM_MPI) -lptscotch -lptscotcherrexit -lscotch ${LINK_FLAGS} -lrt ++ -L$(SCOTCH_ROOT)/lib -L$(MPI_ARCH_PATH)/lib -lptscotch -lptscotcherrexit -lscotch ${LINK_FLAGS} -lrt +diff -ur OpenFOAM-4.x-version-4.1.org/src/parallel/decompose/scotchDecomp/Make/options OpenFOAM-4.x-version-4.1/src/parallel/decompose/scotchDecomp/Make/options +--- OpenFOAM-4.x-version-4.1.org/src/parallel/decompose/scotchDecomp/Make/options ++++ OpenFOAM-4.x-version-4.1/src/parallel/decompose/scotchDecomp/Make/options +@@ -9,8 +9,7 @@ + $(PFLAGS) $(PINC) \ + -I$(SCOTCH_ROOT)/include \ + -I$(SCOTCH_ARCH_PATH)/include \ +- -I/usr/include/scotch \ + -I../decompositionMethods/lnInclude + + LIB_LIBS = \ +- -L$(SCOTCH_ROOT)/lib -L$(FOAM_EXT_LIBBIN) -lscotch -lscotcherrexit -lrt ++ -L$(SCOTCH_ROOT)/lib -lscotch -lscotcherrexit -lrt +diff -ur OpenFOAM-4.x-version-4.1.org/wmake/makefiles/general OpenFOAM-4.x-version-4.1/wmake/makefiles/general +--- OpenFOAM-4.x-version-4.1.org/wmake/makefiles/general ++++ OpenFOAM-4.x-version-4.1/wmake/makefiles/general +@@ -33,7 +33,6 @@ + # The Makefile uses a POSIX shell + #------------------------------------------------------------------------------ + +-SHELL = /bin/sh + + + #------------------------------------------------------------------------------ +diff -ur OpenFOAM-4.x-version-4.1.org/wmake/wmake OpenFOAM-4.x-version-4.1/wmake/wmake +--- OpenFOAM-4.x-version-4.1.org/wmake/wmake ++++ OpenFOAM-4.x-version-4.1/wmake/wmake +@@ -163,7 +163,7 @@ + then + if [ "$WM_NCOMPPROCS" -gt 1 -a ! "$MAKEFLAGS" ] + then +- lockDir=$HOME/.$WM_PROJECT/.wmake ++ lockDir=$(cd $(dirname $BASH_SOURCE)/../.. && pwd -P)/.$WM_PROJECT/.wmake + + if [ -d $lockDir ] + then +diff -ur OpenFOAM-4.x-version-4.1.org/wmake/wmakeScheduler OpenFOAM-4.x-version-4.1/wmake/wmakeScheduler +--- OpenFOAM-4.x-version-4.1.org/wmake/wmakeScheduler ++++ OpenFOAM-4.x-version-4.1/wmake/wmakeScheduler +@@ -53,7 +53,7 @@ + # csh sets HOST, bash sets HOSTNAME + : ${HOST:=$HOSTNAME} + +-lockDir=$HOME/.$WM_PROJECT/.wmake ++lockDir=$(cd $(dirname $BASH_SOURCE)/../.. && pwd -P)/.$WM_PROJECT/.wmake + + # Fallback - 1 core on current host + : ${WM_HOSTS:=$HOST:1} +diff -ur OpenFOAM-4.x-version-4.1.org/wmake/wmakeSchedulerUptime OpenFOAM-4.x-version-4.1/wmake/wmakeSchedulerUptime +--- OpenFOAM-4.x-version-4.1.org/wmake/wmakeSchedulerUptime ++++ OpenFOAM-4.x-version-4.1/wmake/wmakeSchedulerUptime +@@ -53,7 +53,7 @@ + # csh sets HOST, bash sets HOSTNAME + : ${HOST:=$HOSTNAME} + +-lockDir=$HOME/.$WM_PROJECT/.wmake ++lockDir=$(cd $(dirname $BASH_SOURCE)/../.. && pwd -P)/.$WM_PROJECT/.wmake + # Fallback - 1 core on current host + : ${WM_HOSTS:=$HOST:1} + +diff -ur OpenFOAM-4.x-version-4.1.org/src/parallel/decompose/metisDecomp/metisDecomp.C OpenFOAM-4.x-version-4.1/src/parallel/decompose/metisDecomp/metisDecomp.C +--- OpenFOAM-4.x-version-4.1.org/src/parallel/decompose/metisDecomp/metisDecomp.C ++++ OpenFOAM-4.x-version-4.1/src/parallel/decompose/metisDecomp/metisDecomp.C +@@ -67,7 +67,7 @@ + + // Processor weights initialised with no size, only used if specified in + // a file +- Field processorWeights; ++ Field processorWeights; + + // Cell weights (so on the vertices of the dual) + List