From 12f37d60152e8ac818dea0f15f500eddb48e9cff Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Fri, 26 May 2017 23:48:01 -0400 Subject: gnu: graphite2/fixed: Update to 1.3.10. * gnu/packages/fontutils.scm (graphite2/fixed): Update to 1.3.10. Remove patches that have been incorporated upstream. * gnu/packages/patches/graphite2-CVE-2017-5436.patch, gnu/packages/patches/graphite2-check-code-point-limit.patch, gnu/packages/patches/graphite2-fix-32-bit-wrap-arounds.patch, gnu/packages/patches/graphite2-non-linear-classes-even-number.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. --- gnu/packages/patches/graphite2-CVE-2017-5436.patch | 25 ------ .../patches/graphite2-check-code-point-limit.patch | 50 ------------ .../graphite2-fix-32-bit-wrap-arounds.patch | 93 ---------------------- .../graphite2-non-linear-classes-even-number.patch | 26 ------ 4 files changed, 194 deletions(-) delete mode 100644 gnu/packages/patches/graphite2-CVE-2017-5436.patch delete mode 100644 gnu/packages/patches/graphite2-check-code-point-limit.patch delete mode 100644 gnu/packages/patches/graphite2-fix-32-bit-wrap-arounds.patch delete mode 100644 gnu/packages/patches/graphite2-non-linear-classes-even-number.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/graphite2-CVE-2017-5436.patch b/gnu/packages/patches/graphite2-CVE-2017-5436.patch deleted file mode 100644 index d7383ec8de..0000000000 --- a/gnu/packages/patches/graphite2-CVE-2017-5436.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 1ce331d5548b98ed8b818532b2556d6f2c7a3b83 Mon Sep 17 00:00:00 2001 -From: Martin Hosken -Date: Thu, 9 Mar 2017 22:04:04 +0000 -Subject: [PATCH] Ensure features have enough space. Fix from Mozilla - ---- - src/FeatureMap.cpp | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/FeatureMap.cpp b/src/FeatureMap.cpp -index b8c8405..83bd5f6 100644 ---- a/src/FeatureMap.cpp -+++ b/src/FeatureMap.cpp -@@ -275,7 +275,7 @@ bool FeatureRef::applyValToFeature(uint32 val, Features & pDest) const - else - if (pDest.m_pMap!=&m_pFace->theSill().theFeatureMap()) - return false; //incompatible -- pDest.reserve(m_index); -+ pDest.reserve(m_index+1); - pDest[m_index] &= ~m_mask; - pDest[m_index] |= (uint32(val) << m_bits); - return true; --- -2.12.2 - diff --git a/gnu/packages/patches/graphite2-check-code-point-limit.patch b/gnu/packages/patches/graphite2-check-code-point-limit.patch deleted file mode 100644 index a9b6caf53f..0000000000 --- a/gnu/packages/patches/graphite2-check-code-point-limit.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 348c11e4571b534efdbd58a575bbea979c880b2f Mon Sep 17 00:00:00 2001 -From: Tim Eves -Date: Wed, 1 Mar 2017 14:23:46 +0700 -Subject: [PATCH] Fix decoding of USV greater than U+110000 - -Add test cases too ---- - src/inc/UtfCodec.h | 4 ++-- - tests/utftest/utftest.cpp | 3 +++ - 2 files changed, 5 insertions(+), 2 deletions(-) - -diff --git a/src/inc/UtfCodec.h b/src/inc/UtfCodec.h -index 3417bac..9dc760f 100644 ---- a/src/inc/UtfCodec.h -+++ b/src/inc/UtfCodec.h -@@ -124,7 +124,7 @@ struct _utf_codec<8> - private: - static const int8 sz_lut[16]; - static const byte mask_lut[5]; -- -+ static const uchar_t limit = 0x110000; - - public: - typedef uint8 codeunit_t; -@@ -157,7 +157,7 @@ public: - case 0: l = -1; return 0xFFFD; - } - -- if (l != seq_sz || toolong) -+ if (l != seq_sz || toolong || u >= limit) - { - l = -l; - return 0xFFFD; -diff --git a/tests/utftest/utftest.cpp b/tests/utftest/utftest.cpp -index 21cb188..a23553a 100644 ---- a/tests/utftest/utftest.cpp -+++ b/tests/utftest/utftest.cpp -@@ -8,6 +8,9 @@ struct test8 - unsigned char str[12]; - }; - struct test8 tests8[] = { -+ { 0, 0, {0xF4, 0x90, 0x80, 0x80, 0, 0, 0, 0, 0, 0, 0, 0} }, // bad(4) [U+110000] -+ { 0, 0, {0xC0, 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} }, // bad(4) [U+110000] -+ { 0, 0, {0xA0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} }, // bad(4) [U+110000] - { 4, -1, {0x7F, 0xDF, 0xBF, 0xEF, 0xBF, 0xBF, 0xF4, 0x8F, 0xBF, 0xBF, 0, 0} }, // U+7F, U+7FF, U+FFFF, U+10FFF - { 2, 3, {0x7F, 0xDF, 0xBF, 0xF0, 0x8F, 0xBF, 0xBF, 0xF4, 0x8F, 0xBF, 0xBF, 0} }, // U+7F, U+7FF, long(U+FFFF), U+10FFF - { 1, 1, {0x7F, 0xE0, 0x9F, 0xBF, 0xEF, 0xBF, 0xBF, 0xF4, 0x8F, 0xBF, 0xBF, 0} }, // U+7F, long(U+7FF), U+FFFF, U+10FFF --- -2.12.2 - diff --git a/gnu/packages/patches/graphite2-fix-32-bit-wrap-arounds.patch b/gnu/packages/patches/graphite2-fix-32-bit-wrap-arounds.patch deleted file mode 100644 index 57d4ce2c6e..0000000000 --- a/gnu/packages/patches/graphite2-fix-32-bit-wrap-arounds.patch +++ /dev/null @@ -1,93 +0,0 @@ -This patch incorporates the following 6 consecutive commits from the upstream -graphite2 repository: - -75b83cd..: Martin Hosken 2017-03-28 Fix 32-bit wrap arounds -1f97e36..: Martin Hosken 2017-03-28 balance comparisons in decompressor -9493785..: Martin Hosken 2017-03-29 Speculative rounding fix -09af043..: Tim Eves 2017-03-31 Move a MINMATCH to rhs of a comparisio -28cc60d..: Tim Eves 2017-03-31 Deal with similar wrap around in literal_len -8afc7d0..: Martin Hosken 2017-04-03 Fix 32-bit rollover in decompressor, again - -This diff was generated by the following command: - - git diff 1ce331d5548b98ed..8afc7d0081959866 - - -diff --git a/src/Decompressor.cpp b/src/Decompressor.cpp -index 084570f..56d531f 100644 ---- a/src/Decompressor.cpp -+++ b/src/Decompressor.cpp -@@ -51,7 +51,7 @@ bool read_sequence(u8 const * &src, u8 const * const end, u8 const * &literal, u - literal = src; - src += literal_len; - -- if (src > end - 2) -+ if (src > end - 2 || src < literal) - return false; - - match_dist = *src++; -@@ -85,7 +85,7 @@ int lz4::decompress(void const *in, size_t in_size, void *out, size_t out_size) - { - // Copy in literal. At this point the last full sequence must be at - // least MINMATCH + 5 from the end of the output buffer. -- if (dst + align(literal_len) > dst_end - (MINMATCH+5)) -+ if (align(literal_len) > unsigned(dst_end - dst - (MINMATCH+5)) || dst_end - dst < MINMATCH + 5) - return -1; - dst = overrun_copy(dst, literal, literal_len); - } -@@ -94,7 +94,8 @@ int lz4::decompress(void const *in, size_t in_size, void *out, size_t out_size) - // decoded output. - u8 const * const pcpy = dst - match_dist; - if (pcpy < static_cast(out) -- || dst + match_len + MINMATCH > dst_end - 5) -+ || match_len > unsigned(dst_end - dst - (MINMATCH+5)) -+ || dst_end - dst < MINMATCH + 5) - return -1; - if (dst > pcpy+sizeof(unsigned long) - && dst + align(match_len + MINMATCH) <= dst_end) -@@ -103,8 +104,8 @@ int lz4::decompress(void const *in, size_t in_size, void *out, size_t out_size) - dst = safe_copy(dst, pcpy, match_len + MINMATCH); - } - -- if (literal + literal_len > src_end -- || dst + literal_len > dst_end) -+ if (literal_len > src_end - literal -+ || literal_len > dst_end - dst) - return -1; - dst = fast_copy(dst, literal, literal_len); - -diff --git a/src/Pass.cpp b/src/Pass.cpp -index a4bac2e..683143c 100644 ---- a/src/Pass.cpp -+++ b/src/Pass.cpp -@@ -171,7 +171,7 @@ bool Pass::readPass(const byte * const pass_start, size_t pass_length, size_t su - const uint16 * const o_actions = reinterpret_cast(p); - be::skip(p, m_numRules + 1); - const byte * const states = p; -- if (e.test(p + 2u*m_numTransition*m_numColumns >= pass_end, E_BADPASSLENGTH)) return face.error(e); -+ if (e.test(2u*m_numTransition*m_numColumns >= (unsigned)(pass_end - p), E_BADPASSLENGTH)) return face.error(e); - be::skip(p, m_numTransition*m_numColumns); - be::skip(p); - if (e.test(p != pcCode, E_BADPASSCCODEPTR)) return face.error(e); -@@ -192,7 +192,7 @@ bool Pass::readPass(const byte * const pass_start, size_t pass_length, size_t su - m_cPConstraint = vm::Machine::Code(true, pcCode, pcCode + pass_constraint_len, - precontext[0], be::peek(sort_keys), *m_silf, face, PASS_TYPE_UNKNOWN); - if (e.test(!m_cPConstraint, E_OUTOFMEM) -- || e.test(!m_cPConstraint, m_cPConstraint.status() + E_CODEFAILURE)) -+ || e.test(m_cPConstraint.status() != Code::loaded, m_cPConstraint.status() + E_CODEFAILURE)) - return face.error(e); - face.error_context(face.error_context() - 1); - } -diff --git a/src/Silf.cpp b/src/Silf.cpp -index 72a22cd..d661992 100644 ---- a/src/Silf.cpp -+++ b/src/Silf.cpp -@@ -191,7 +191,7 @@ bool Silf::readGraphite(const byte * const silf_start, size_t lSilf, Face& face, - - const size_t clen = readClassMap(p, passes_start - p, version, e); - m_passes = new Pass[m_numPasses]; -- if (e || e.test(p + clen > passes_start, E_BADPASSESSTART) -+ if (e || e.test(clen > unsigned(passes_start - p), E_BADPASSESSTART) - || e.test(!m_passes, E_OUTOFMEM)) - { releaseBuffers(); return face.error(e); } - diff --git a/gnu/packages/patches/graphite2-non-linear-classes-even-number.patch b/gnu/packages/patches/graphite2-non-linear-classes-even-number.patch deleted file mode 100644 index 2bb1c9f94e..0000000000 --- a/gnu/packages/patches/graphite2-non-linear-classes-even-number.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 0646e4ee471183994f78a759269f0505617711f3 Mon Sep 17 00:00:00 2001 -From: Martin Hosken -Date: Tue, 18 Apr 2017 13:17:14 +0100 -Subject: [PATCH] Ensure non linear classes have even number of elements - ---- - src/Silf.cpp | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/Silf.cpp b/src/Silf.cpp -index d661992..9f2f954 100644 ---- a/src/Silf.cpp -+++ b/src/Silf.cpp -@@ -293,7 +293,8 @@ size_t Silf::readClassMap(const byte *p, size_t data_len, uint32 version, Error - if (e.test(*o + 4 > max_off, E_HIGHCLASSOFFSET) // LookupClass doesn't stretch over max_off - || e.test(lookup[0] == 0 // A LookupClass with no looks is a suspicious thing ... - || lookup[0] * 2 + *o + 4 > max_off // numIDs lookup pairs fits within (start of LookupClass' lookups array, max_off] -- || lookup[3] + lookup[1] != lookup[0], E_BADCLASSLOOKUPINFO)) // rangeShift: numIDs - searchRange -+ || lookup[3] + lookup[1] != lookup[0], E_BADCLASSLOOKUPINFO) // rangeShift: numIDs - searchRange -+ || e.test(((o[1] - *o) & 1) != 0, ERROROFFSET)) // glyphs are in pairs so difference must be even. - return ERROROFFSET; - } - --- -2.12.2 - -- cgit 1.4.1 From b208f71b9b3540be9ae2b17b17b506a3526597b8 Mon Sep 17 00:00:00 2001 From: Adriano Peluso Date: Wed, 5 Apr 2017 15:29:56 +0200 Subject: gnu: Add python-genshi. * gnu/packages/python.scm (python-genshi, python2-genshi): New variables. * gnu/packages/patches/python-genshi-add-support-for-python-3.4-AST.patch: New file. * gnu/packages/patches/python-genshi-buildable-on-python-2.7.patch: New file. * gnu/packages/patches/python-genshi-disable-speedups-on-python-3.3.patch: New file. * gnu/packages/patches/python-genshi-fix-tests-on-python-3.5.patch: New file. * gnu/packages/patches/python-genshi-isstring-helper.patch: New file. * gnu/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch: New file. * gnu/local.mk (dist_patch_DATA): Add them. Signed-off-by: Arun Isaac --- gnu/local.mk | 6 + ...hon-genshi-add-support-for-python-3.4-AST.patch | 151 +++++++++++++++++++++ .../python-genshi-buildable-on-python-2.7.patch | 25 ++++ ...hon-genshi-disable-speedups-on-python-3.3.patch | 32 +++++ .../python-genshi-fix-tests-on-python-3.5.patch | 112 +++++++++++++++ .../patches/python-genshi-isstring-helper.patch | 37 +++++ ...on-genshi-stripping-of-unsafe-script-tags.patch | 51 +++++++ gnu/packages/python.scm | 40 ++++++ 8 files changed, 454 insertions(+) create mode 100644 gnu/packages/patches/python-genshi-add-support-for-python-3.4-AST.patch create mode 100644 gnu/packages/patches/python-genshi-buildable-on-python-2.7.patch create mode 100644 gnu/packages/patches/python-genshi-disable-speedups-on-python-3.3.patch create mode 100644 gnu/packages/patches/python-genshi-fix-tests-on-python-3.5.patch create mode 100644 gnu/packages/patches/python-genshi-isstring-helper.patch create mode 100644 gnu/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 0ef6e2af98..50e8713bf1 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -929,6 +929,12 @@ dist_patch_DATA = \ %D%/packages/patches/python-dendropy-fix-tests.patch \ %D%/packages/patches/python-file-double-encoding-bug.patch \ %D%/packages/patches/python-fix-tests.patch \ + %D%/packages/patches/python-genshi-add-support-for-python-3.4-AST.patch \ + %D%/packages/patches/python-genshi-buildable-on-python-2.7.patch \ + %D%/packages/patches/python-genshi-disable-speedups-on-python-3.3.patch \ + %D%/packages/patches/python-genshi-fix-tests-on-python-3.5.patch \ + %D%/packages/patches/python-genshi-isstring-helper.patch \ + %D%/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch \ %D%/packages/patches/python-parse-too-many-fields.patch \ %D%/packages/patches/python2-rdflib-drop-sparqlwrapper.patch \ %D%/packages/patches/python-statsmodels-fix-tests.patch \ diff --git a/gnu/packages/patches/python-genshi-add-support-for-python-3.4-AST.patch b/gnu/packages/patches/python-genshi-add-support-for-python-3.4-AST.patch new file mode 100644 index 0000000000..4e40c1daa1 --- /dev/null +++ b/gnu/packages/patches/python-genshi-add-support-for-python-3.4-AST.patch @@ -0,0 +1,151 @@ +From 86b98a11559da7d1b21dc9b4c6b10511b9095bc4 Mon Sep 17 00:00:00 2001 +From: Simon Cross +Date: Sun, 16 Feb 2014 18:46:15 +0000 +Subject: [PATCH 05/16] Add support for Python 3.4 AST (support for + NameConstants and changes to existing to arguments node attributes). + +--- + genshi/template/astutil.py | 31 ++++++++++++++++++++++++++++--- + genshi/template/eval.py | 34 +++++++++++++++++++--------------- + 2 files changed, 47 insertions(+), 18 deletions(-) + +diff --git a/genshi/template/astutil.py b/genshi/template/astutil.py +index a4c21c8..a3946b4 100644 +--- a/genshi/template/astutil.py ++++ b/genshi/template/astutil.py +@@ -21,7 +21,7 @@ else: + def parse(source, mode): + return compile(source, '', mode, _ast.PyCF_ONLY_AST) + +-from genshi.compat import IS_PYTHON2 ++from genshi.compat import IS_PYTHON2, isstring + + __docformat__ = 'restructuredtext en' + +@@ -103,8 +103,13 @@ class ASTCodeGenerator(object): + self._new_line() + return self.visit(node.body) + ++ # Python < 3.4 + # arguments = (expr* args, identifier? vararg, + # identifier? kwarg, expr* defaults) ++ # ++ # Python >= 3.4 ++ # arguments = (arg* args, arg? vararg, arg* kwonlyargs, expr* kw_defaults, ++ # arg? kwarg, expr* defaults) + def visit_arguments(self, node): + first = True + no_default_count = len(node.args) - len(node.defaults) +@@ -122,13 +127,21 @@ class ASTCodeGenerator(object): + self._write(', ') + else: + first = False +- self._write('*' + node.vararg) ++ self._write('*') ++ if isstring(node.vararg): ++ self._write(node.vararg) ++ else: ++ self.visit(node.vararg) + if getattr(node, 'kwarg', None): + if not first: + self._write(', ') + else: + first = False +- self._write('**' + node.kwarg) ++ self._write('**') ++ if isstring(node.kwarg): ++ self._write(node.kwarg) ++ else: ++ self.visit(node.kwarg) + + if not IS_PYTHON2: + # In Python 3 arguments get a special node +@@ -724,6 +737,17 @@ class ASTCodeGenerator(object): + def visit_Name(self, node): + self._write(node.id) + ++ # NameConstant(singleton value) ++ def visit_NameConstant(self, node): ++ if node.value is None: ++ self._write('None') ++ elif node.value is True: ++ self._write('True') ++ elif node.value is False: ++ self._write('False') ++ else: ++ raise Exception("Unknown NameConstant %r" % (node.value,)) ++ + # List(expr* elts, expr_context ctx) + def visit_List(self, node): + self._write('[') +@@ -829,6 +853,7 @@ class ASTTransformer(object): + visit_Attribute = _clone + visit_Subscript = _clone + visit_Name = _clone ++ visit_NameConstant = _clone + visit_List = _clone + visit_Tuple = _clone + +diff --git a/genshi/template/eval.py b/genshi/template/eval.py +index 89aec49..de4bc86 100644 +--- a/genshi/template/eval.py ++++ b/genshi/template/eval.py +@@ -24,7 +24,8 @@ from genshi.template.astutil import ASTTransformer, ASTCodeGenerator, \ + from genshi.template.base import TemplateRuntimeError + from genshi.util import flatten + +-from genshi.compat import get_code_params, build_code_chunk, IS_PYTHON2 ++from genshi.compat import get_code_params, build_code_chunk, isstring, \ ++ IS_PYTHON2 + + __all__ = ['Code', 'Expression', 'Suite', 'LenientLookup', 'StrictLookup', + 'Undefined', 'UndefinedError'] +@@ -495,28 +496,31 @@ class TemplateASTTransformer(ASTTransformer): + def __init__(self): + self.locals = [CONSTANTS] + ++ def _process(self, names, node): ++ if not IS_PYTHON2 and isinstance(node, _ast.arg): ++ names.add(node.arg) ++ elif isstring(node): ++ names.add(node) ++ elif isinstance(node, _ast.Name): ++ names.add(node.id) ++ elif isinstance(node, _ast.alias): ++ names.add(node.asname or node.name) ++ elif isinstance(node, _ast.Tuple): ++ for elt in node.elts: ++ self._process(names, elt) ++ + def _extract_names(self, node): + names = set() +- def _process(node): +- if not IS_PYTHON2 and isinstance(node, _ast.arg): +- names.add(node.arg) +- if isinstance(node, _ast.Name): +- names.add(node.id) +- elif isinstance(node, _ast.alias): +- names.add(node.asname or node.name) +- elif isinstance(node, _ast.Tuple): +- for elt in node.elts: +- _process(elt) + if hasattr(node, 'args'): + for arg in node.args: +- _process(arg) ++ self._process(names, arg) + if hasattr(node, 'vararg'): +- names.add(node.vararg) ++ self._process(names, node.vararg) + if hasattr(node, 'kwarg'): +- names.add(node.kwarg) ++ self._process(names, node.kwarg) + elif hasattr(node, 'names'): + for elt in node.names: +- _process(elt) ++ self._process(names, elt) + return names + + def visit_Str(self, node): +-- +2.12.0 + diff --git a/gnu/packages/patches/python-genshi-buildable-on-python-2.7.patch b/gnu/packages/patches/python-genshi-buildable-on-python-2.7.patch new file mode 100644 index 0000000000..2bc516c697 --- /dev/null +++ b/gnu/packages/patches/python-genshi-buildable-on-python-2.7.patch @@ -0,0 +1,25 @@ +From 32bfaa7cc1c736fd62fcbb6414de9498dc20ed07 Mon Sep 17 00:00:00 2001 +From: Adriano Peluso +Date: Wed, 5 Apr 2017 15:13:06 +0200 +Subject: [PATCH 2/2] buildable on python27 too + +--- + genshi/template/directives.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/genshi/template/directives.py b/genshi/template/directives.py +index 6fd0f28..1f70ef6 100644 +--- a/genshi/template/directives.py ++++ b/genshi/template/directives.py +@@ -266,7 +266,7 @@ class DefDirective(Directive): + if isinstance(ast, _ast.Call): + self.name = ast.func.id + for arg in ast.args: +- if isinstance(arg, _ast.Starred): ++ if hasattr(_ast, 'Starred') and isinstance(arg, _ast.Starred): + # Python 3.5+ + self.star_args = arg.value.id + else: +-- +2.12.0 + diff --git a/gnu/packages/patches/python-genshi-disable-speedups-on-python-3.3.patch b/gnu/packages/patches/python-genshi-disable-speedups-on-python-3.3.patch new file mode 100644 index 0000000000..c25c3bd7a9 --- /dev/null +++ b/gnu/packages/patches/python-genshi-disable-speedups-on-python-3.3.patch @@ -0,0 +1,32 @@ +From cef2c8df44166195e1705638f9f17033a4943bb7 Mon Sep 17 00:00:00 2001 +From: Simon Cross +Date: Sun, 16 Feb 2014 18:32:21 +0000 +Subject: [PATCH 02/15] Disable the speedups C extension on CPython >= 3.3 + since Genshi doesn't support the new Unicode C API yet. + +--- + setup.py | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/setup.py b/setup.py +index 123a2cb..a3d748c 100755 +--- a/setup.py ++++ b/setup.py +@@ -65,9 +65,13 @@ available.""") + + + if Feature: ++ # Optional C extension module for speeding up Genshi: ++ # Not activated by default on: ++ # - PyPy (where it harms performance) ++ # - CPython >= 3.3 (the new Unicode C API is not supported yet) + speedups = Feature( + "optional C speed-enhancements", +- standard = not is_pypy, ++ standard = not is_pypy and sys.version_info < (3, 3), + ext_modules = [ + Extension('genshi._speedups', ['genshi/_speedups.c']), + ], +-- +2.12.0 + diff --git a/gnu/packages/patches/python-genshi-fix-tests-on-python-3.5.patch b/gnu/packages/patches/python-genshi-fix-tests-on-python-3.5.patch new file mode 100644 index 0000000000..05be080cdf --- /dev/null +++ b/gnu/packages/patches/python-genshi-fix-tests-on-python-3.5.patch @@ -0,0 +1,112 @@ +From ce796ad4bae5c47011876778674ad036357febdf Mon Sep 17 00:00:00 2001 +From: Adriano Peluso +Date: Wed, 5 Apr 2017 15:10:06 +0200 +Subject: [PATCH 1/2] fixing the tests on python35 + +--- + genshi/filters/i18n.py | 6 ++++-- + genshi/template/astutil.py | 14 +++++++++++--- + genshi/template/directives.py | 20 ++++++++++++++------ + genshi/template/eval.py | 5 +++++ + 4 files changed, 34 insertions(+), 11 deletions(-) + +diff --git a/genshi/filters/i18n.py b/genshi/filters/i18n.py +index 526fda4..5387fcf 100644 +--- a/genshi/filters/i18n.py ++++ b/genshi/filters/i18n.py +@@ -1194,8 +1194,10 @@ def extract_from_code(code, gettext_functions): + elif arg: + strings.append(None) + [_add(arg) for arg in node.args] +- _add(node.starargs) +- _add(node.kwargs) ++ if hasattr(node, 'starargs'): ++ _add(node.starargs) ++ if hasattr(node, 'kwargs'): ++ _add(node.kwargs) + if len(strings) == 1: + strings = strings[0] + else: +diff --git a/genshi/template/astutil.py b/genshi/template/astutil.py +index f4e1edd..e561846 100644 +--- a/genshi/template/astutil.py ++++ b/genshi/template/astutil.py +@@ -151,6 +151,10 @@ class ASTCodeGenerator(object): + def visit_arg(self, node): + self._write(node.arg) + ++ def visit_Starred(self, node): ++ self._write('*') ++ self.visit(node.value) ++ + # FunctionDef(identifier name, arguments args, + # stmt* body, expr* decorator_list) + def visit_FunctionDef(self, node): +@@ -664,9 +668,13 @@ class ASTCodeGenerator(object): + if not first: + self._write(', ') + first = False +- # keyword = (identifier arg, expr value) +- self._write(keyword.arg) +- self._write('=') ++ if not keyword.arg: ++ # Python 3.5+ star-star args ++ self._write('**') ++ else: ++ # keyword = (identifier arg, expr value) ++ self._write(keyword.arg) ++ self._write('=') + self.visit(keyword.value) + if getattr(node, 'starargs', None): + if not first: +diff --git a/genshi/template/directives.py b/genshi/template/directives.py +index 7301c2d..6fd0f28 100644 +--- a/genshi/template/directives.py ++++ b/genshi/template/directives.py +@@ -266,13 +266,21 @@ class DefDirective(Directive): + if isinstance(ast, _ast.Call): + self.name = ast.func.id + for arg in ast.args: +- # only names +- self.args.append(arg.id) ++ if isinstance(arg, _ast.Starred): ++ # Python 3.5+ ++ self.star_args = arg.value.id ++ else: ++ # only names ++ self.args.append(arg.id) + for kwd in ast.keywords: +- self.args.append(kwd.arg) +- exp = Expression(kwd.value, template.filepath, +- lineno, lookup=template.lookup) +- self.defaults[kwd.arg] = exp ++ if kwd.arg is None: ++ # Python 3.5+ ++ self.dstar_args = kwd.value.id ++ else: ++ self.args.append(kwd.arg) ++ exp = Expression(kwd.value, template.filepath, ++ lineno, lookup=template.lookup) ++ self.defaults[kwd.arg] = exp + if getattr(ast, 'starargs', None): + self.star_args = ast.starargs.id + if getattr(ast, 'kwargs', None): +diff --git a/genshi/template/eval.py b/genshi/template/eval.py +index d378419..81644a7 100644 +--- a/genshi/template/eval.py ++++ b/genshi/template/eval.py +@@ -600,6 +600,11 @@ class TemplateASTTransformer(ASTTransformer): + finally: + self.locals.pop() + ++ # Only used in Python 3.5+ ++ def visit_Starred(self, node): ++ node.value = self.visit(node.value) ++ return node ++ + def visit_Name(self, node): + # If the name refers to a local inside a lambda, list comprehension, or + # generator expression, leave it alone +-- +2.12.0 + diff --git a/gnu/packages/patches/python-genshi-isstring-helper.patch b/gnu/packages/patches/python-genshi-isstring-helper.patch new file mode 100644 index 0000000000..4f6c19bba9 --- /dev/null +++ b/gnu/packages/patches/python-genshi-isstring-helper.patch @@ -0,0 +1,37 @@ +From cc5e07284f44cdd9beec178c69070a53f55d1323 Mon Sep 17 00:00:00 2001 +From: Simon Cross +Date: Sun, 16 Feb 2014 18:43:20 +0000 +Subject: [PATCH 03/15] Add isstring helper. + +--- + genshi/compat.py | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/genshi/compat.py b/genshi/compat.py +index 9787325..6574e39 100644 +--- a/genshi/compat.py ++++ b/genshi/compat.py +@@ -35,6 +35,15 @@ else: + 'Python 2 compatibility function. Not usable in Python 3.') + + ++# We need to test if an object is an instance of a string type in places ++ ++if IS_PYTHON2: ++ def isstring(obj): ++ return isinstance(obj, basestring) ++else: ++ def isstring(obj): ++ return isinstance(obj, str) ++ + # We need to differentiate between StringIO and BytesIO in places + + if IS_PYTHON2: +@@ -112,4 +121,3 @@ except NameError: + if not x: + return False + return True +- +-- +2.12.0 + diff --git a/gnu/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch b/gnu/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch new file mode 100644 index 0000000000..29951a6149 --- /dev/null +++ b/gnu/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch @@ -0,0 +1,51 @@ +From 0769be04c3891ae5c724c6779ba13d1d0f53b4ae Mon Sep 17 00:00:00 2001 +From: Simon Cross +Date: Sun, 16 Feb 2014 18:25:17 +0000 +Subject: [PATCH 01/15] Also allow stripping of unsafe script tags (Python 3.4 + parses the second example as a tag whose name is script&xyz). + +--- + genshi/filters/tests/test_html.py | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/genshi/filters/tests/test_html.py b/genshi/filters/tests/test_html.py +index 0c6cfe1..45ec0da 100644 +--- a/genshi/filters/tests/test_html.py ++++ b/genshi/filters/tests/test_html.py +@@ -368,12 +368,16 @@ def StyleSanitizer(): + + class HTMLSanitizerTestCase(unittest.TestCase): + +- def assert_parse_error_or_equal(self, expected, exploit): ++ def assert_parse_error_or_equal(self, expected, exploit, ++ allow_strip=False): + try: + html = HTML(exploit) + except ParseError: + return +- self.assertEquals(expected, (html | HTMLSanitizer()).render()) ++ sanitized_html = (html | HTMLSanitizer()).render() ++ if not sanitized_html and allow_strip: ++ return ++ self.assertEquals(expected, sanitized_html) + + def test_sanitize_unchanged(self): + html = HTML(u'fo
o
') +@@ -416,10 +420,12 @@ class HTMLSanitizerTestCase(unittest.TestCase): + html = HTML(u'') + self.assertEquals('', (html | HTMLSanitizer()).render()) + src = u'alert("foo")' +- self.assert_parse_error_or_equal('<SCR\x00IPT>alert("foo")', src) ++ self.assert_parse_error_or_equal('<SCR\x00IPT>alert("foo")', src, ++ allow_strip=True) + src = u'' + self.assert_parse_error_or_equal('<SCRIPT&XYZ; ' +- 'SRC="http://example.com/">', src) ++ 'SRC="http://example.com/">', src, ++ allow_strip=True) + + def test_sanitize_remove_onclick_attr(self): + html = HTML(u'
') +-- +2.12.0 + diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 174ebfcb03..23a96a25e5 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -14825,3 +14825,43 @@ transforms idiomatic python function calls to well-formed SQL queries.") (define-public python2-sql (package-with-python2 python-sql)) + +(define-public python-genshi + (package + (name "python-genshi") + (version "0.7") + (source + (origin + (method url-fetch) + (uri (string-append + "https://ftp.edgewall.org/pub/genshi/Genshi-" + version ".tar.gz")) + (patches + (search-patches + ;; The first 4 patches are in the master branch upstream. + ;; See this as a reference https://genshi.edgewall.org/ticket/582 + ;; The last 2 are NOT in any branch. + ;; They were sent as attachments to a ticket opened at + ;; https://genshi.edgewall.org/ticket/602#no1 + "python-genshi-stripping-of-unsafe-script-tags.patch" + "python-genshi-disable-speedups-on-python-3.3.patch" + "python-genshi-isstring-helper.patch" + "python-genshi-add-support-for-python-3.4-AST.patch" + "python-genshi-fix-tests-on-python-3.5.patch" + "python-genshi-buildable-on-python-2.7.patch")) + (sha256 + (base32 + "0lkkbp6fbwzv0zda5iqc21rr7rdldkwh3hfabfjl9i4bwq14858x")))) + (build-system python-build-system) + (home-page "https://genshi.edgewall.org/") + (synopsis "Toolkit for generation of output for the web") + (description "Genshi is a Python library that provides an integrated set +of components for parsing, generating, and processing HTML, XML or other +textual content for output generation on the web.") + (license license:bsd-3))) + +;; The linter here claims that patch file names should start with the package +;; name. But, in this case the patches are inherited from python-genshi with +;; the "python-genshi-" prefix instead of "python2-genshi-". +(define-public python2-genshi + (package-with-python2 python-genshi)) -- cgit 1.4.1 From 21fea1d1a9316a0eaf7e8e600cc8e6554fc5fb9a Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Sat, 27 May 2017 17:54:20 +0200 Subject: gnu: synfigstudio: Update to 1.2.0. * gnu/packages/patches/synfig-build-fix.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove patch. * gnu/packages/animation.scm (etl): Update to 0.04.22. (synfig): Update to 1.2.0. [source]: Remove patch. [arguments]: Remove obsolete build phases. [propagated-inputs]: Add fftw. (synfigstudio): Update to 1.2.0. [source]: Remove unnecessary snippet. [arguments]: Remove. --- gnu/local.mk | 1 - gnu/packages/animation.scm | 43 ++++++-------------- gnu/packages/patches/synfig-build-fix.patch | 61 ----------------------------- 3 files changed, 11 insertions(+), 94 deletions(-) delete mode 100644 gnu/packages/patches/synfig-build-fix.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index a7da058d8c..80b0d495aa 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -992,7 +992,6 @@ dist_patch_DATA = \ %D%/packages/patches/superlu-dist-scotchmetis.patch \ %D%/packages/patches/swish-e-search.patch \ %D%/packages/patches/swish-e-format-security.patch \ - %D%/packages/patches/synfig-build-fix.patch \ %D%/packages/patches/t1lib-CVE-2010-2642.patch \ %D%/packages/patches/t1lib-CVE-2011-0764.patch \ %D%/packages/patches/t1lib-CVE-2011-1552+CVE-2011-1553+CVE-2011-1554.patch \ diff --git a/gnu/packages/animation.scm b/gnu/packages/animation.scm index 8de1fbfaa8..0f37ea55d5 100644 --- a/gnu/packages/animation.scm +++ b/gnu/packages/animation.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2015 Ricardo Wurmus +;;; Copyright © 2015, 2017 Ricardo Wurmus ;;; ;;; This file is part of GNU Guix. ;;; @@ -23,6 +23,7 @@ #:use-module ((guix licenses) #:prefix license:) #:use-module (guix build-system gnu) #:use-module (gnu packages) + #:use-module (gnu packages algebra) #:use-module (gnu packages boost) #:use-module (gnu packages compression) #:use-module (gnu packages fontutils) @@ -38,15 +39,15 @@ (define-public etl (package (name "etl") - (version "0.04.19") + (version "0.04.22") (source (origin (method url-fetch) ;; Keep this synchronized with the synfig release version. (uri (string-append "mirror://sourceforge/synfig/releases/" - "1.0.2/source/ETL-" version ".tar.gz")) + "1.2.0/source/ETL-" version ".tar.gz")) (sha256 (base32 - "070c70slizrklq1gbgja8m49xfmq65wlcd6hz6418cpx0wd4r55s")))) + "0ii73nsd3xzkhz6w1rnxwphl637j9w82xiy6apa9vin2isdynnmc")))) (build-system gnu-build-system) (home-page "http://www.synfig.org") (synopsis "Extended C++ template library") @@ -59,7 +60,7 @@ C++ @dfn{Standard Template Library} (STL).") (define-public synfig (package (name "synfig") - (version "1.0.2") + (version "1.2.0") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/synfig/releases/" @@ -67,8 +68,7 @@ C++ @dfn{Standard Template Library} (STL).") ".tar.gz")) (sha256 (base32 - "1d3z2r78j3rkff47q3wl0ami69y3l4nyi5r9zclymb8ar7mgkk9l")) - (patches (search-patches "synfig-build-fix.patch")))) + "1gqx4gn4c73rqwhsgzx0a460gr9hadmi28csp75rx30qavqsj7k1")))) (build-system gnu-build-system) (arguments `(#:configure-flags @@ -90,16 +90,6 @@ C++ @dfn{Standard Template Library} (STL).") (("remove_child\\(") "remove_node(")) (substitute* "src/modules/mod_svg/svg_parser.cpp" (("xmlpp::Node::NodeList") "xmlpp::Node::const_NodeList")) - #t)) - (add-after 'unpack 'fix-isnan-error - (lambda _ - (substitute* "src/synfig/time.cpp" - (("return !::isnan") "return !std::isnan")) - #t)) - (add-before 'configure 'set-flags - (lambda _ - ;; Compile with C++11, required by libsigc++. - (setenv "CXXFLAGS" "-D__STDC_CONSTANT_MACROS -std=gnu++11") #t))))) (inputs `(("boost" ,boost) @@ -110,11 +100,12 @@ C++ @dfn{Standard Template Library} (STL).") ("libmng" ,libmng) ("zlib" ,zlib))) ;; synfig.pc lists the following as required: Magick++ freetype2 - ;; fontconfig OpenEXR ETL glibmm-2.4 giomm-2.4 libxml++-3.0 sigc++-2.0 + ;; fontconfig fftw OpenEXR ETL glibmm-2.4 giomm-2.4 libxml++-3.0 sigc++-2.0 ;; cairo pango pangocairo mlt++ (propagated-inputs `(("cairo" ,cairo) ("etl" ,etl) + ("fftw" ,fftw) ("fontconfig" ,fontconfig) ("freetype" ,freetype) ("glibmm" ,glibmm) @@ -137,7 +128,7 @@ for tweening, preventing the need to hand-draw each frame.") (define-public synfigstudio (package (name "synfigstudio") - (version "1.0.2") + (version "1.2.0") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/synfig/releases/" @@ -145,27 +136,15 @@ for tweening, preventing the need to hand-draw each frame.") ".tar.gz")) (sha256 (base32 - "1xa74dlgkpjn0gzdcs0x25z7wg0806v2wygvvi73f7sn1fm88ig4")) + "0fbckfbw8dzf0m2wv7vlmw492k1dqa3zf510z019d0as3zpnp6qm")) (modules '((guix build utils))) (snippet '(begin (substitute* "src/synfigapp/pluginmanager.cpp" (("xmlpp::Node\\* n =") "const xmlpp::Node* n =") (("xmlpp::Node::NodeList") "xmlpp::Node::const_NodeList")) - ;; Some files are ISO-8859-1 encoded. - (with-fluids ((%default-port-encoding #f)) - (substitute* (find-files "src/" "\\.(cpp|h)$") - (("#include ") - "#include ") - (("#include ") - "#include ") - (("#include ") - "#include "))) #t)))) (build-system gnu-build-system) - (arguments - `(#:configure-flags - (list "CXXFLAGS=-std=gnu++11"))) (inputs `(("gtkmm" ,gtkmm) ("libsigc++" ,libsigc++) diff --git a/gnu/packages/patches/synfig-build-fix.patch b/gnu/packages/patches/synfig-build-fix.patch deleted file mode 100644 index 3f6168e0fb..0000000000 --- a/gnu/packages/patches/synfig-build-fix.patch +++ /dev/null @@ -1,61 +0,0 @@ -Allow Synfig to build in C++11 mode. - -Taken from here: -https://projects.archlinux.org/svntogit/community.git/plain/trunk/build-fix.patch?h=packages/synfig - -diff -wbBur synfig-1.0-RC5/src/modules/mod_libavcodec/mptr.cpp synfig-1.0-RC5.my/src/modules/mod_libavcodec/mptr.cpp ---- synfig-1.0-RC5/src/modules/mod_libavcodec/mptr.cpp 2015-03-28 13:15:00.000000000 +0300 -+++ synfig-1.0-RC5.my/src/modules/mod_libavcodec/mptr.cpp 2015-04-28 16:56:11.568749053 +0300 -@@ -56,8 +56,8 @@ - /* === M E T H O D S ======================================================= */ - - --Importer_LibAVCodec::Importer_LibAVCodec(const char *file): -- filename(file) -+Importer_LibAVCodec::Importer_LibAVCodec(const synfig::FileSystem::Identifier &identifier): -+ Importer(identifier) - { - } - -diff -wbBur synfig-1.0-RC5/src/modules/mod_libavcodec/mptr.h synfig-1.0-RC5.my/src/modules/mod_libavcodec/mptr.h ---- synfig-1.0-RC5/src/modules/mod_libavcodec/mptr.h 2015-03-28 13:15:00.000000000 +0300 -+++ synfig-1.0-RC5.my/src/modules/mod_libavcodec/mptr.h 2015-04-28 16:55:18.699192946 +0300 -@@ -46,7 +46,7 @@ - synfig::String filename; - - public: -- Importer_LibAVCodec(const char *filename); -+ Importer_LibAVCodec(const synfig::FileSystem::Identifier &identifier); - ~Importer_LibAVCodec(); - - virtual bool get_frame(synfig::Surface &surface, const synfig::RendDesc &renddesc, synfig::Time time, synfig::ProgressCallback *callback); -diff -wbBur synfig-1.0-RC5/src/modules/mod_libavcodec/trgt_av.cpp synfig-1.0-RC5.my/src/modules/mod_libavcodec/trgt_av.cpp ---- synfig-1.0-RC5/src/modules/mod_libavcodec/trgt_av.cpp 2015-03-28 13:15:00.000000000 +0300 -+++ synfig-1.0-RC5.my/src/modules/mod_libavcodec/trgt_av.cpp 2015-04-28 16:46:54.720091106 +0300 -@@ -121,14 +121,14 @@ - picture = avcodec_alloc_frame(); - if (!picture) - return NULL; -- size = avpicture_get_size(pix_fmt, width, height); -+ size = avpicture_get_size((::PixelFormat)pix_fmt, width, height); - picture_buf = (uint8_t *)malloc(size); - if (!picture_buf) { - av_free(picture); - return NULL; - } - avpicture_fill((AVPicture *)picture, picture_buf, -- pix_fmt, width, height); -+ (::PixelFormat)pix_fmt, width, height); - return picture; - } - -diff -wbBur synfig-1.0.2/src/synfig/time.cpp synfig-1.0.2.my/src/synfig/time.cpp ---- synfig-1.0.2/src/synfig/time.cpp 2015-07-09 10:33:03.000000000 +0300 -+++ synfig-1.0.2.my/src/synfig/time.cpp 2015-10-12 13:54:58.382313903 +0300 -@@ -319,5 +319,5 @@ - bool - Time::is_valid()const - { -- return !isnan(value_); -+ return !::isnan(value_); - } -- cgit 1.4.1 From 3803b069f6425d2ef586e62cdffe339ef55178ec Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sun, 28 May 2017 13:07:05 +0200 Subject: gnu: gajim: Fix CVE-2016-10376. * gnu/packages/patches/gajim-CVE-2016-10376.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/messaging.scm (gajim)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/messaging.scm | 2 + gnu/packages/patches/gajim-CVE-2016-10376.patch | 57 +++++++++++++++++++++++++ 3 files changed, 60 insertions(+) create mode 100644 gnu/packages/patches/gajim-CVE-2016-10376.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 80b0d495aa..eb12b62f83 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -598,6 +598,7 @@ dist_patch_DATA = \ %D%/packages/patches/freetype-CVE-2017-8105.patch \ %D%/packages/patches/freetype-CVE-2017-8287.patch \ %D%/packages/patches/fuse-overlapping-headers.patch \ + %D%/packages/patches/gajim-CVE-2016-10376.patch \ %D%/packages/patches/gawk-shell.patch \ %D%/packages/patches/gcc-arm-bug-71399.patch \ %D%/packages/patches/gcc-arm-link-spec-fix.patch \ diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm index c22d3d4dc8..425a7c4c23 100644 --- a/gnu/packages/messaging.scm +++ b/gnu/packages/messaging.scm @@ -490,6 +490,8 @@ was initially a fork of xmpppy, but uses non-blocking sockets.") (uri (string-append "https://gajim.org/downloads/" (version-major+minor version) "/gajim-" version ".tar.bz2")) + (patches + (search-patches "gajim-CVE-2016-10376.patch")) (sha256 (base32 "13sxz0hpvyj2yvcbsfqq9yn0hp1d1zsxsj40r0v16jlibha5da9n")))) diff --git a/gnu/packages/patches/gajim-CVE-2016-10376.patch b/gnu/packages/patches/gajim-CVE-2016-10376.patch new file mode 100644 index 0000000000..591dd1af21 --- /dev/null +++ b/gnu/packages/patches/gajim-CVE-2016-10376.patch @@ -0,0 +1,57 @@ +Fix CVE-2016-10376. + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10376 +http://seclists.org/oss-sec/2017/q2/341 +https://dev.gajim.org/gajim/gajim/issues/8378 + +Patch copied from upstream source repository: + +https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc + +(adapted for context in config.py) + +From cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc Mon Sep 17 00:00:00 2001 +From: Philipp Hörist +Date: Fri, 26 May 2017 23:10:05 +0200 +Subject: [PATCH] Add config option to activate XEP-0146 commands + +Some of the Commands have security implications, thats why we disable them per default +Fixes #8378 +--- + src/common/commands.py | 7 ++++--- + src/common/config.py | 1 + + 2 files changed, 5 insertions(+), 3 deletions(-) + +diff --git a/src/common/commands.py b/src/common/commands.py +index 19d8c13..0eeb57c 100644 +--- a/src/common/commands.py ++++ b/src/common/commands.py +@@ -345,9 +345,10 @@ class ConnectionCommands: + def __init__(self): + # a list of all commands exposed: node -> command class + self.__commands = {} +- for cmdobj in (ChangeStatusCommand, ForwardMessagesCommand, +- LeaveGroupchatsCommand, FwdMsgThenDisconnectCommand): +- self.__commands[cmdobj.commandnode] = cmdobj ++ if gajim.config.get('remote_commands'): ++ for cmdobj in (ChangeStatusCommand, ForwardMessagesCommand, ++ LeaveGroupchatsCommand, FwdMsgThenDisconnectCommand): ++ self.__commands[cmdobj.commandnode] = cmdobj + + # a list of sessions; keys are tuples (jid, sessionid, node) + self.__sessions = {} +diff --git a/src/common/config.py b/src/common/config.py +index cde1f81..fe25455 100644 +--- a/src/common/config.py ++++ b/src/common/config.py +@@ -314,6 +314,7 @@ class Config: + 'ignore_incoming_attention': [opt_bool, False, _('If True, Gajim will ignore incoming attention requestd ("wizz").')], + 'remember_opened_chat_controls': [ opt_bool, True, _('If enabled, Gajim will reopen chat windows that were opened last time Gajim was closed.')], + 'positive_184_ack': [ opt_bool, False, _('If enabled, Gajim will show an icon to show that sent message has been received by your contact')], ++ 'remote_commands': [opt_bool, False, _('If True, Gajim will execute XEP-0146 Commands.')], + }, {}) + + __options_per_key = { +-- +libgit2 0.24.0 + -- cgit 1.4.1 From 2ac2b17251be51778963e6ced0b83e461d175d01 Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Sun, 28 May 2017 15:56:31 +0200 Subject: gnu: synfigstudio: Fix UI bug. * gnu/packages/patches/synfigstudio-fix-ui-with-gtk3.patch: New file. * gnu/local.mk (dist_patch_DATA): Add patch. * gnu/packages/animation.scm (synfigstudio)[source]: Apply patch. --- gnu/local.mk | 1 + gnu/packages/animation.scm | 4 +- .../patches/synfigstudio-fix-ui-with-gtk3.patch | 55 ++++++++++++++++++++++ 3 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/synfigstudio-fix-ui-with-gtk3.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index eb12b62f83..9ef9f95533 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -993,6 +993,7 @@ dist_patch_DATA = \ %D%/packages/patches/superlu-dist-scotchmetis.patch \ %D%/packages/patches/swish-e-search.patch \ %D%/packages/patches/swish-e-format-security.patch \ + %D%/packages/patches/synfigstudio-fix-ui-with-gtk3.patch.patch \ %D%/packages/patches/t1lib-CVE-2010-2642.patch \ %D%/packages/patches/t1lib-CVE-2011-0764.patch \ %D%/packages/patches/t1lib-CVE-2011-1552+CVE-2011-1553+CVE-2011-1554.patch \ diff --git a/gnu/packages/animation.scm b/gnu/packages/animation.scm index 0f37ea55d5..cbbfa6ed4a 100644 --- a/gnu/packages/animation.scm +++ b/gnu/packages/animation.scm @@ -143,7 +143,9 @@ for tweening, preventing the need to hand-draw each frame.") (substitute* "src/synfigapp/pluginmanager.cpp" (("xmlpp::Node\\* n =") "const xmlpp::Node* n =") (("xmlpp::Node::NodeList") "xmlpp::Node::const_NodeList")) - #t)))) + #t)) + (patches + (search-patches "synfigstudio-fix-ui-with-gtk3.patch")))) (build-system gnu-build-system) (inputs `(("gtkmm" ,gtkmm) diff --git a/gnu/packages/patches/synfigstudio-fix-ui-with-gtk3.patch b/gnu/packages/patches/synfigstudio-fix-ui-with-gtk3.patch new file mode 100644 index 0000000000..d7b3e92507 --- /dev/null +++ b/gnu/packages/patches/synfigstudio-fix-ui-with-gtk3.patch @@ -0,0 +1,55 @@ +Downloaded from +https://github.com/synfig/synfig/commit/b9c3b73ee35b83c4d9183c800809040cef98b2f2.patch + +Without this patch the UI of Synfig Studio (when built with the latest version +of GTK) displays very large buttons in the header of every frame. + +This patch can be removed with the next release. + + +From b9c3b73ee35b83c4d9183c800809040cef98b2f2 Mon Sep 17 00:00:00 2001 +From: caryoscelus +Date: Wed, 25 Jan 2017 18:34:39 +0300 +Subject: [PATCH] Fix dock drop area size + +Fixes #227 + +By using Frame instead of Button we avoid intrusive Gtk themes +from forcing huge drop area size. +--- + synfig-studio/src/gui/docks/dockdroparea.cpp | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +diff --git a/src/gui/docks/dockdroparea.cpp b/synfig-studio/src/gui/docks/dockdroparea.cpp +index 0f8936fdb..e012282f0 100644 +--- a/src/gui/docks/dockdroparea.cpp ++++ b/src/gui/docks/dockdroparea.cpp +@@ -35,7 +35,7 @@ + #include "app.h" + #include "docks/dockdroparea.h" + #include "docks/dockmanager.h" +-#include ++#include + + #endif + +@@ -61,10 +61,15 @@ DockDropArea::DockDropArea(Gtk::Widget *target): + std::vector listTargets; + listTargets.push_back( Gtk::TargetEntry("SYNFIG_DOCK") ); + +- Gtk::Button *button_left = manage(new Gtk::Button()); +- Gtk::Button *button_right = manage(new Gtk::Button()); +- Gtk::Button *button_top = manage(new Gtk::Button()); +- Gtk::Button *button_bottom = manage(new Gtk::Button()); ++ Gtk::Frame *button_left = manage(new Gtk::Frame()); ++ Gtk::Frame *button_right = manage(new Gtk::Frame()); ++ Gtk::Frame *button_top = manage(new Gtk::Frame()); ++ Gtk::Frame *button_bottom = manage(new Gtk::Frame()); ++ ++ button_left->set_size_request(20, 10); ++ button_right->set_size_request(20, 10); ++ button_top->set_size_request(20, 10); ++ button_bottom->set_size_request(20, 10); + + button_left->drag_dest_set(listTargets); + button_right->drag_dest_set(listTargets); -- cgit 1.4.1 From 22e6656d259838ae9014c1ed876caa9d819be6df Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sat, 27 May 2017 11:31:52 -0400 Subject: gnu: libtiff: Update replacement to 4.0.8 [security fixes]. See 'ChangeLog' in the source distribution for more information about the bugs and security issues fixed in this release. * gnu/packages/image.scm (libtiff)[replacement]: Replace with libtiff-4.0.8. (libtiff/fixed): Replace with ... (libtiff-4.0.8): New variable. * gnu/packages/patches/libtiff-CVE-2017-7593.patch, gnu/packages/patches/libtiff-CVE-2017-7594.patch, gnu/packages/patches/libtiff-multiple-UBSAN-crashes.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. --- gnu/local.mk | 3 - gnu/packages/image.scm | 18 +- gnu/packages/patches/libtiff-CVE-2017-7593.patch | 113 ------ gnu/packages/patches/libtiff-CVE-2017-7594.patch | 54 --- .../patches/libtiff-multiple-UBSAN-crashes.patch | 449 --------------------- 5 files changed, 9 insertions(+), 628 deletions(-) delete mode 100644 gnu/packages/patches/libtiff-CVE-2017-7593.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2017-7594.patch delete mode 100644 gnu/packages/patches/libtiff-multiple-UBSAN-crashes.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 9ef9f95533..2e60585432 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -751,9 +751,6 @@ dist_patch_DATA = \ %D%/packages/patches/libtiff-CVE-2016-10093.patch \ %D%/packages/patches/libtiff-CVE-2016-10094.patch \ %D%/packages/patches/libtiff-CVE-2017-5225.patch \ - %D%/packages/patches/libtiff-CVE-2017-7593.patch \ - %D%/packages/patches/libtiff-CVE-2017-7594.patch \ - %D%/packages/patches/libtiff-multiple-UBSAN-crashes.patch \ %D%/packages/patches/libtiff-assertion-failure.patch \ %D%/packages/patches/libtiff-divide-by-zero-ojpeg.patch \ %D%/packages/patches/libtiff-divide-by-zero-tiffcp.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 86902d5680..fe9e457f34 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -335,7 +335,7 @@ extracting icontainer icon files.") (define-public libtiff (package (name "libtiff") - (replacement libtiff/fixed) + (replacement libtiff-4.0.8) (version "4.0.7") (source (origin (method url-fetch) @@ -384,18 +384,18 @@ collection of tools for doing simple manipulations of TIFF images.") "See COPYRIGHT in the distribution.")) (home-page "http://www.simplesystems.org/libtiff/"))) -(define libtiff/fixed +(define libtiff-4.0.8 (package (inherit libtiff) + (version "4.0.8") (source (origin - (inherit (package-source libtiff)) - (patches - (append - (origin-patches (package-source libtiff)) - (search-patches "libtiff-CVE-2017-7593.patch" - "libtiff-CVE-2017-7594.patch" - "libtiff-multiple-UBSAN-crashes.patch"))))))) + (method url-fetch) + (uri (string-append "http://download.osgeo.org/libtiff/tiff-" + version ".tar.gz")) + (sha256 + (base32 + "0419mh6kkhz5fkyl77gv0in8x4d2jpdpfs147y8mj86rrjlabmsr")))))) (define-public libwmf (package diff --git a/gnu/packages/patches/libtiff-CVE-2017-7593.patch b/gnu/packages/patches/libtiff-CVE-2017-7593.patch deleted file mode 100644 index 496efb73b9..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2017-7593.patch +++ /dev/null @@ -1,113 +0,0 @@ -Fixes CVE-2017-7593 (Potential uninitialized-memory access from tif_rawdata): - -http://bugzilla.maptools.org/show_bug.cgi?id=2651 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7593 -https://security-tracker.debian.org/tracker/CVE-2017-7593 - -2017-01-11 Even Rouault - - * libtiff/tiffio.h, tif_unix.c, tif_win32.c, tif_vms.c: add - _TIFFcalloc() - - * libtiff/tif_read.c: TIFFReadBufferSetup(): use _TIFFcalloc() to zero - initialize tif_rawdata. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2651 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1208; previous revision: 1.1207 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v <-- libtiff/tif_read.c -new revision: 1.53; previous revision: 1.52 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_unix.c,v <-- libtiff/tif_unix.c -new revision: 1.28; previous revision: 1.27 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_vms.c,v <-- libtiff/tif_vms.c -new revision: 1.14; previous revision: 1.13 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_win32.c,v <-- libtiff/tif_win32.c -new revision: 1.42; previous revision: 1.41 -/cvs/maptools/cvsroot/libtiff/libtiff/tiffio.h,v <-- libtiff/tiffio.h -new revision: 1.94; previous revision: 1.93 - -diff -ru tiff-4.0.7/libtiff/tiffio.h tiff-4.0.7.new/libtiff/tiffio.h ---- tiff-4.0.7/libtiff/tiffio.h 1969-12-31 19:00:00.000000000 -0500 -+++ tiff-4.0.7.new/libtiff/tiffio.h 2017-05-05 19:08:03.772999790 -0400 -@@ -1,4 +1,4 @@ --/* $Id: tiffio.h,v 1.92 2016-01-23 21:20:34 erouault Exp $ */ -+/* $Id: tiffio.h,v 1.94 2017-01-11 19:02:49 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -293,6 +293,7 @@ - */ - - extern void* _TIFFmalloc(tmsize_t s); -+extern void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz); - extern void* _TIFFrealloc(void* p, tmsize_t s); - extern void _TIFFmemset(void* p, int v, tmsize_t c); - extern void _TIFFmemcpy(void* d, const void* s, tmsize_t c); -diff -ru tiff-4.0.7/libtiff/tif_read.c tiff-4.0.7.new/libtiff/tif_read.c ---- tiff-4.0.7/libtiff/tif_read.c 2017-05-05 19:04:09.740966642 -0400 -+++ tiff-4.0.7.new/libtiff/tif_read.c 2017-05-05 18:59:11.070709441 -0400 -@@ -1,4 +1,4 @@ --/* $Id: tif_read.c,v 1.50 2016-12-02 21:56:56 erouault Exp $ */ -+/* $Id: tif_read.c,v 1.53 2017-01-11 19:02:49 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -976,7 +976,9 @@ - "Invalid buffer size"); - return (0); - } -- tif->tif_rawdata = (uint8*) _TIFFmalloc(tif->tif_rawdatasize); -+ /* Initialize to zero to avoid uninitialized buffers in case of */ -+ /* short reads (http://bugzilla.maptools.org/show_bug.cgi?id=2651) */ -+ tif->tif_rawdata = (uint8*) _TIFFcalloc(1, tif->tif_rawdatasize); - tif->tif_flags |= TIFF_MYBUFFER; - } - if (tif->tif_rawdata == NULL) { -diff -ru tiff-4.0.7/libtiff/tif_unix.c tiff-4.0.7.new/libtiff/tif_unix.c ---- tiff-4.0.7/libtiff/tif_unix.c 1969-12-31 19:00:00.000000000 -0500 -+++ tiff-4.0.7.new/libtiff/tif_unix.c 2017-05-05 19:10:48.302645187 -0400 -@@ -1,4 +1,4 @@ --/* $Id: tif_unix.c,v 1.27 2015-08-19 02:31:04 bfriesen Exp $ */ -+/* $Id: tif_unix.c,v 1.28 2017-01-11 19:02:49 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -316,6 +316,14 @@ - return (malloc((size_t) s)); - } - -+void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz) -+{ -+ if( nmemb == 0 || siz == 0 ) -+ return ((void *) NULL); -+ -+ return calloc((size_t) nmemb, (size_t)siz); -+} -+ - void - _TIFFfree(void* p) - { -diff -ru tiff-4.0.7/libtiff/tif_win32.c tiff-4.0.7.new/libtiff/tif_win32.c ---- tiff-4.0.7/libtiff/tif_win32.c 1969-12-31 19:00:00.000000000 -0500 -+++ tiff-4.0.7.new/libtiff/tif_win32.c 2017-05-05 19:13:06.903399627 -0400 -@@ -1,4 +1,4 @@ --/* $Id: tif_win32.c,v 1.41 2015-08-23 20:12:44 bfriesen Exp $ */ -+/* $Id: tif_win32.c,v 1.42 2017-01-11 19:02:49 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -360,6 +360,14 @@ - return (malloc((size_t) s)); - } - -+void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz) -+{ -+ if( nmemb == 0 || siz == 0 ) -+ return ((void *) NULL); -+ -+ return calloc((size_t) nmemb, (size_t)siz); -+} -+ - void - _TIFFfree(void* p) - { diff --git a/gnu/packages/patches/libtiff-CVE-2017-7594.patch b/gnu/packages/patches/libtiff-CVE-2017-7594.patch deleted file mode 100644 index d17997d447..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2017-7594.patch +++ /dev/null @@ -1,54 +0,0 @@ -Fixes CVE-2017-7594 (Direct leak in tif_ojpeg.c): - -http://bugzilla.maptools.org/show_bug.cgi?id=2659 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7594 -https://security-tracker.debian.org/tracker/CVE-2017-7594 - -2017-01-12 Even Rouault - - * libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesAcTable - when read fails. - Patch by Nicolás Peña. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1212; previous revision: 1.1211 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v <-- libtiff/tif_ojpeg.c -new revision: 1.67; previous revision: 1.66 - -Index: libtiff/libtiff/tif_ojpeg.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v -retrieving revision 1.67 -retrieving revision 1.68 -diff -u -r1.67 -r1.68 ---- libtiff/libtiff/tif_ojpeg.c 12 Jan 2017 17:43:26 -0000 1.67 -+++ libtiff/libtiff/tif_ojpeg.c 12 Jan 2017 19:23:20 -0000 1.68 -@@ -1,4 +1,4 @@ --/* $Id: tif_ojpeg.c,v 1.66 2016-12-03 11:15:18 erouault Exp $ */ -+/* $Id: tif_ojpeg.c,v 1.68 2017-01-12 19:23:20 erouault Exp $ */ - - /* WARNING: The type of JPEG encapsulation defined by the TIFF Version 6.0 - specification is now totally obsolete and deprecated for new applications and -@@ -1790,7 +1790,10 @@ - TIFFSeekFile(tif,sp->qtable_offset[m],SEEK_SET); - p=(uint32)TIFFReadFile(tif,&ob[sizeof(uint32)+5],64); - if (p!=64) -+ { -+ _TIFFfree(ob); - return(0); -+ } - sp->qtable[m]=ob; - sp->sof_tq[m]=m; - } -@@ -1854,7 +1857,10 @@ - rb[sizeof(uint32)+5+n]=o[n]; - p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q); - if (p!=q) -+ { -+ _TIFFfree(rb); - return(0); -+ } - sp->dctable[m]=rb; - sp->sos_tda[m]=(m<<4); - } diff --git a/gnu/packages/patches/libtiff-multiple-UBSAN-crashes.patch b/gnu/packages/patches/libtiff-multiple-UBSAN-crashes.patch deleted file mode 100644 index 2f4509f386..0000000000 --- a/gnu/packages/patches/libtiff-multiple-UBSAN-crashes.patch +++ /dev/null @@ -1,449 +0,0 @@ -Fixes CVE-2017-{7595,7596,7597,7598,7599,7600,7601,7602}: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7595 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7596 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7597 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7598 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7599 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7600 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7601 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7602 - -2017-01-11 Even Rouault - - * libtiff/tif_dir.c, tif_dirread.c, tif_dirwrite.c: implement various - clampings - of double to other data types to avoid undefined behaviour if the - output range - isn't big enough to hold the input value. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2643 - http://bugzilla.maptools.org/show_bug.cgi?id=2642 - http://bugzilla.maptools.org/show_bug.cgi?id=2646 - http://bugzilla.maptools.org/show_bug.cgi?id=2647 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1204; previous revision: 1.1203 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.c,v <-- libtiff/tif_dir.c -new revision: 1.129; previous revision: 1.128 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v <-- libtiff/tif_dirread.c -new revision: 1.207; previous revision: 1.206 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirwrite.c,v <-- libtiff/tif_dirwrite.c -new revision: 1.85; previous revision: 1.84 - -2017-01-11 Even Rouault - - * libtiff/tif_dirread.c: avoid division by floating point 0 in - TIFFReadDirEntryCheckedRational() and - TIFFReadDirEntryCheckedSrational(), - and return 0 in that case (instead of infinity as before presumably) - Apparently some sanitizers do not like those divisions by zero. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2644 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1203; previous revision: 1.1202 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v <-- libtiff/tif_dirread.c -new revision: 1.206; previous revision: 1.205 - -2017-01-11 Even Rouault - - * libtiff/tif_jpeg.c: validate BitsPerSample in JPEGSetupEncode() to - avoid undefined behaviour caused by invalid shift exponent. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648 - - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1205; previous revision: 1.1204 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_jpeg.c,v <-- libtiff/tif_jpeg.c -new revision: 1.126; previous revision: 1.125 - -2017-01-11 Even Rouault - - * libtiff/tif_read.c: avoid potential undefined behaviour on signed - integer addition in TIFFReadRawStrip1() in isMapped() case. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2650 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1206; previous revision: 1.1205 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v <-- libtiff/tif_read.c -new revision: 1.51; previous revision: 1.50 - -Index: libtiff/libtiff/tif_dir.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.c,v -retrieving revision 1.128 -retrieving revision 1.129 -diff -u -r1.128 -r1.129 ---- libtiff/libtiff/tif_dir.c 3 Dec 2016 15:30:31 -0000 1.128 -+++ libtiff/libtiff/tif_dir.c 11 Jan 2017 16:09:02 -0000 1.129 -@@ -1,4 +1,4 @@ --/* $Id: tif_dir.c,v 1.128 2016-12-03 15:30:31 erouault Exp $ */ -+/* $Id: tif_dir.c,v 1.129 2017-01-11 16:09:02 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -31,6 +31,7 @@ - * (and also some miscellaneous stuff) - */ - #include "tiffiop.h" -+#include - - /* - * These are used in the backwards compatibility code... -@@ -154,6 +155,15 @@ - return (0); - } - -+static float TIFFClampDoubleToFloat( double val ) -+{ -+ if( val > FLT_MAX ) -+ return FLT_MAX; -+ if( val < -FLT_MAX ) -+ return -FLT_MAX; -+ return (float)val; -+} -+ - static int - _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap) - { -@@ -312,13 +322,13 @@ - dblval = va_arg(ap, double); - if( dblval < 0 ) - goto badvaluedouble; -- td->td_xresolution = (float) dblval; -+ td->td_xresolution = TIFFClampDoubleToFloat( dblval ); - break; - case TIFFTAG_YRESOLUTION: - dblval = va_arg(ap, double); - if( dblval < 0 ) - goto badvaluedouble; -- td->td_yresolution = (float) dblval; -+ td->td_yresolution = TIFFClampDoubleToFloat( dblval ); - break; - case TIFFTAG_PLANARCONFIG: - v = (uint16) va_arg(ap, uint16_vap); -@@ -327,10 +337,10 @@ - td->td_planarconfig = (uint16) v; - break; - case TIFFTAG_XPOSITION: -- td->td_xposition = (float) va_arg(ap, double); -+ td->td_xposition = TIFFClampDoubleToFloat( va_arg(ap, double) ); - break; - case TIFFTAG_YPOSITION: -- td->td_yposition = (float) va_arg(ap, double); -+ td->td_yposition = TIFFClampDoubleToFloat( va_arg(ap, double) ); - break; - case TIFFTAG_RESOLUTIONUNIT: - v = (uint16) va_arg(ap, uint16_vap); -Index: libtiff/libtiff/tif_dirread.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v -retrieving revision 1.206 -retrieving revision 1.207 -diff -u -r1.206 -r1.207 ---- libtiff/libtiff/tif_dirread.c 11 Jan 2017 13:28:01 -0000 1.206 -+++ libtiff/libtiff/tif_dirread.c 11 Jan 2017 16:09:02 -0000 1.207 -@@ -1,4 +1,4 @@ --/* $Id: tif_dirread.c,v 1.205 2016-12-03 11:02:15 erouault Exp $ */ -+/* $Id: tif_dirread.c,v 1.207 2017-01-11 16:09:02 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -40,6 +40,7 @@ - */ - - #include "tiffiop.h" -+#include - - #define IGNORE 0 /* tag placeholder used below */ - #define FAILED_FII ((uint32) -1) -@@ -2406,7 +2407,14 @@ - ma=(double*)origdata; - mb=data; - for (n=0; n FLT_MAX ) -+ val = FLT_MAX; -+ else if( val < -FLT_MAX ) -+ val = -FLT_MAX; -+ *mb++=(float)val; -+ } - } - break; - } -Index: libtiff/libtiff/tif_dirwrite.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirwrite.c,v -retrieving revision 1.84 -retrieving revision 1.85 -diff -u -r1.84 -r1.85 ---- libtiff/libtiff/tif_dirwrite.c 11 Jan 2017 12:51:59 -0000 1.84 -+++ libtiff/libtiff/tif_dirwrite.c 11 Jan 2017 16:09:02 -0000 1.85 -@@ -1,4 +1,4 @@ --/* $Id: tif_dirwrite.c,v 1.83 2016-10-25 21:35:15 erouault Exp $ */ -+/* $Id: tif_dirwrite.c,v 1.85 2017-01-11 16:09:02 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -30,6 +30,7 @@ - * Directory Write Support Routines. - */ - #include "tiffiop.h" -+#include - - #ifdef HAVE_IEEEFP - #define TIFFCvtNativeToIEEEFloat(tif, n, fp) -@@ -939,6 +940,69 @@ - return(0); - } - -+static float TIFFClampDoubleToFloat( double val ) -+{ -+ if( val > FLT_MAX ) -+ return FLT_MAX; -+ if( val < -FLT_MAX ) -+ return -FLT_MAX; -+ return (float)val; -+} -+ -+static int8 TIFFClampDoubleToInt8( double val ) -+{ -+ if( val > 127 ) -+ return 127; -+ if( val < -128 || val != val ) -+ return -128; -+ return (int8)val; -+} -+ -+static int16 TIFFClampDoubleToInt16( double val ) -+{ -+ if( val > 32767 ) -+ return 32767; -+ if( val < -32768 || val != val ) -+ return -32768; -+ return (int16)val; -+} -+ -+static int32 TIFFClampDoubleToInt32( double val ) -+{ -+ if( val > 0x7FFFFFFF ) -+ return 0x7FFFFFFF; -+ if( val < -0x7FFFFFFF-1 || val != val ) -+ return -0x7FFFFFFF-1; -+ return (int32)val; -+} -+ -+static uint8 TIFFClampDoubleToUInt8( double val ) -+{ -+ if( val < 0 ) -+ return 0; -+ if( val > 255 || val != val ) -+ return 255; -+ return (uint8)val; -+} -+ -+static uint16 TIFFClampDoubleToUInt16( double val ) -+{ -+ if( val < 0 ) -+ return 0; -+ if( val > 65535 || val != val ) -+ return 65535; -+ return (uint16)val; -+} -+ -+static uint32 TIFFClampDoubleToUInt32( double val ) -+{ -+ if( val < 0 ) -+ return 0; -+ if( val > 0xFFFFFFFFU || val != val ) -+ return 0xFFFFFFFFU; -+ return (uint32)val; -+} -+ - static int - TIFFWriteDirectoryTagSampleformatArray(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, uint16 tag, uint32 count, double* value) - { -@@ -959,7 +1023,7 @@ - if (tif->tif_dir.td_bitspersample<=32) - { - for (i = 0; i < count; ++i) -- ((float*)conv)[i] = (float)value[i]; -+ ((float*)conv)[i] = TIFFClampDoubleToFloat(value[i]); - ok = TIFFWriteDirectoryTagFloatArray(tif,ndir,dir,tag,count,(float*)conv); - } - else -@@ -971,19 +1035,19 @@ - if (tif->tif_dir.td_bitspersample<=8) - { - for (i = 0; i < count; ++i) -- ((int8*)conv)[i] = (int8)value[i]; -+ ((int8*)conv)[i] = TIFFClampDoubleToInt8(value[i]); - ok = TIFFWriteDirectoryTagSbyteArray(tif,ndir,dir,tag,count,(int8*)conv); - } - else if (tif->tif_dir.td_bitspersample<=16) - { - for (i = 0; i < count; ++i) -- ((int16*)conv)[i] = (int16)value[i]; -+ ((int16*)conv)[i] = TIFFClampDoubleToInt16(value[i]); - ok = TIFFWriteDirectoryTagSshortArray(tif,ndir,dir,tag,count,(int16*)conv); - } - else - { - for (i = 0; i < count; ++i) -- ((int32*)conv)[i] = (int32)value[i]; -+ ((int32*)conv)[i] = TIFFClampDoubleToInt32(value[i]); - ok = TIFFWriteDirectoryTagSlongArray(tif,ndir,dir,tag,count,(int32*)conv); - } - break; -@@ -991,19 +1055,19 @@ - if (tif->tif_dir.td_bitspersample<=8) - { - for (i = 0; i < count; ++i) -- ((uint8*)conv)[i] = (uint8)value[i]; -+ ((uint8*)conv)[i] = TIFFClampDoubleToUInt8(value[i]); - ok = TIFFWriteDirectoryTagByteArray(tif,ndir,dir,tag,count,(uint8*)conv); - } - else if (tif->tif_dir.td_bitspersample<=16) - { - for (i = 0; i < count; ++i) -- ((uint16*)conv)[i] = (uint16)value[i]; -+ ((uint16*)conv)[i] = TIFFClampDoubleToUInt16(value[i]); - ok = TIFFWriteDirectoryTagShortArray(tif,ndir,dir,tag,count,(uint16*)conv); - } - else - { - for (i = 0; i < count; ++i) -- ((uint32*)conv)[i] = (uint32)value[i]; -+ ((uint32*)conv)[i] = TIFFClampDoubleToUInt32(value[i]); - ok = TIFFWriteDirectoryTagLongArray(tif,ndir,dir,tag,count,(uint32*)conv); - } - break; -@@ -2102,7 +2102,7 @@ - m[0]=0; - m[1]=1; - } -- else if (value==(double)(uint32)value) -+ else if (value <= 0xFFFFFFFFU && value==(double)(uint32)value) - { - m[0]=(uint32)value; - m[1]=1; -@@ -2148,12 +2217,13 @@ - } - for (na=value, nb=m, nc=0; nc= 0 && *na <= (float)0xFFFFFFFFU && -+ *na==(float)(uint32)(*na)) - { - nb[0]=(uint32)(*na); - nb[1]=1; -Index: libtiff/libtiff/tif_dirread.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v -retrieving revision 1.205 -retrieving revision 1.206 -diff -u -r1.205 -r1.206 ---- libtiff/libtiff/tif_dirread.c 3 Dec 2016 11:02:15 -0000 1.205 -+++ libtiff/libtiff/tif_dirread.c 11 Jan 2017 13:28:01 -0000 1.206 -@@ -2872,7 +2872,10 @@ - m.l = direntry->tdir_offset.toff_long8; - if (tif->tif_flags&TIFF_SWAB) - TIFFSwabArrayOfLong(m.i,2); -- if (m.i[0]==0) -+ /* Not completely sure what we should do when m.i[1]==0, but some */ -+ /* sanitizers do not like division by 0.0: */ -+ /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */ -+ if (m.i[0]==0 || m.i[1]==0) - *value=0.0; - else - *value=(double)m.i[0]/(double)m.i[1]; -@@ -2900,7 +2903,10 @@ - m.l=direntry->tdir_offset.toff_long8; - if (tif->tif_flags&TIFF_SWAB) - TIFFSwabArrayOfLong(m.i,2); -- if ((int32)m.i[0]==0) -+ /* Not completely sure what we should do when m.i[1]==0, but some */ -+ /* sanitizers do not like division by 0.0: */ -+ /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */ -+ if ((int32)m.i[0]==0 || m.i[1]==0) - *value=0.0; - else - *value=(double)((int32)m.i[0])/(double)m.i[1]; -Index: libtiff/libtiff/tif_jpeg.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_jpeg.c,v -retrieving revision 1.125 -retrieving revision 1.126 -diff -u -r1.125 -r1.126 ---- libtiff/libtiff/tif_jpeg.c 11 Jan 2017 12:15:01 -0000 1.125 -+++ libtiff/libtiff/tif_jpeg.c 11 Jan 2017 16:13:50 -0000 1.126 -@@ -1,4 +1,4 @@ --/* $Id: tif_jpeg.c,v 1.123 2016-01-23 21:20:34 erouault Exp $ */ -+/* $Id: tif_jpeg.c,v 1.126 2017-01-11 16:13:50 erouault Exp $ */ - - /* - * Copyright (c) 1994-1997 Sam Leffler -@@ -1632,6 +1632,13 @@ - "Invalig horizontal/vertical sampling value"); - return (0); - } -+ if( td->td_bitspersample > 16 ) -+ { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "BitsPerSample %d not allowed for JPEG", -+ td->td_bitspersample); -+ return (0); -+ } - - /* - * A ReferenceBlackWhite field *must* be present since the -Index: libtiff/libtiff/tif_read.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v -retrieving revision 1.50 -retrieving revision 1.51 -diff -u -r1.50 -r1.51 ---- libtiff/libtiff/tif_read.c 2 Dec 2016 21:56:56 -0000 1.50 -+++ libtiff/libtiff/tif_read.c 11 Jan 2017 16:33:34 -0000 1.51 -@@ -420,16 +420,25 @@ - return ((tmsize_t)(-1)); - } - } else { -- tmsize_t ma,mb; -+ tmsize_t ma; - tmsize_t n; -- ma=(tmsize_t)td->td_stripoffset[strip]; -- mb=ma+size; -- if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||(ma>tif->tif_size)) -- n=0; -- else if ((mbtif->tif_size)) -- n=tif->tif_size-ma; -- else -- n=size; -+ if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)|| -+ ((ma=(tmsize_t)td->td_stripoffset[strip])>tif->tif_size)) -+ { -+ n=0; -+ } -+ else if( ma > TIFF_TMSIZE_T_MAX - size ) -+ { -+ n=0; -+ } -+ else -+ { -+ tmsize_t mb=ma+size; -+ if (mb>tif->tif_size) -+ n=tif->tif_size-ma; -+ else -+ n=size; -+ } - if (n!=size) { - #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) - TIFFErrorExt(tif->tif_clientdata, module, -- cgit 1.4.1 From 0fd0bb56a806d3da4158e1744249de0296161fa6 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sat, 27 May 2017 11:01:25 -0400 Subject: gnu: rxvt-unicode: Disable an unwanted code execution vector. * gnu/packages/patches/rxvt-unicode-escape-sequences.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/xdisorg.scm (rxvt-unicode)[source]: Use it. --- gnu/local.mk | 1 + .../patches/rxvt-unicode-escape-sequences.patch | 35 ++++++++++++++++++++++ gnu/packages/xdisorg.scm | 1 + 3 files changed, 37 insertions(+) create mode 100644 gnu/packages/patches/rxvt-unicode-escape-sequences.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 1937da8968..e811e9a0be 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -972,6 +972,7 @@ dist_patch_DATA = \ %D%/packages/patches/ruby-puma-ignore-broken-test.patch \ %D%/packages/patches/ruby-rack-ignore-failing-test.patch \ %D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\ + %D%/packages/patches/rxvt-unicode-escape-sequences.patch \ %D%/packages/patches/scheme48-tests.patch \ %D%/packages/patches/scotch-test-threading.patch \ %D%/packages/patches/screen-fix-info-syntax-error.patch \ diff --git a/gnu/packages/patches/rxvt-unicode-escape-sequences.patch b/gnu/packages/patches/rxvt-unicode-escape-sequences.patch new file mode 100644 index 0000000000..064dd51e2d --- /dev/null +++ b/gnu/packages/patches/rxvt-unicode-escape-sequences.patch @@ -0,0 +1,35 @@ +This patch prevents a code execution vector involving terminal escape +sequences when rxvt-unicode is in "secure mode". + +This change was spurred by the following conversation on the +oss-security mailing list: + +Problem description and proof of concept: +http://seclists.org/oss-sec/2017/q2/190 + +Upstream response: +http://seclists.org/oss-sec/2017/q2/291 + +Patch copied from upstream source repository: +http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583 + +--- rxvt-unicode/src/command.C 2016/07/14 05:33:26 1.582 ++++ rxvt-unicode/src/command.C 2017/05/18 02:43:18 1.583 +@@ -2695,7 +2695,7 @@ + /* kidnapped escape sequence: Should be 8.3.48 */ + case C1_ESA: /* ESC G */ + // used by original rxvt for rob nations own graphics mode +- if (cmd_getc () == 'Q') ++ if (cmd_getc () == 'Q' && option (Opt_insecure)) + tt_printf ("\033G0\012"); /* query graphics - no graphics */ + break; + +@@ -2914,7 +2914,7 @@ + break; + + case CSI_CUB: /* 8.3.18: (1) CURSOR LEFT */ +- case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */ ++ case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */ + #ifdef ISO6429 + arg[0] = -arg[0]; + #else /* emulate common DEC VTs */ diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm index ad919a6b28..a2230c4e93 100644 --- a/gnu/packages/xdisorg.scm +++ b/gnu/packages/xdisorg.scm @@ -682,6 +682,7 @@ compact configuration syntax.") (method url-fetch) (uri (string-append "http://dist.schmorp.de/rxvt-unicode/Attic/" name "-" version ".tar.bz2")) + (patches (search-patches "rxvt-unicode-escape-sequences.patch")) (sha256 (base32 "1pddjn5ynblwfrdmskylrsxb9vfnk3w4jdnq2l8xn2pspkljhip9")))) -- cgit 1.4.1