From a1fa2691cdc57b3874480b3b3d7dba470d8a5e41 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Tue, 26 Jun 2018 01:52:18 +0200 Subject: gnu: Add gcc@8. * gnu/packages/patches/gcc-8-strmov-store-file-names.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/gcc.scm (gcc-8): New public variable. --- .../patches/gcc-8-strmov-store-file-names.patch | 110 +++++++++++++++++++++ 1 file changed, 110 insertions(+) create mode 100644 gnu/packages/patches/gcc-8-strmov-store-file-names.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/gcc-8-strmov-store-file-names.patch b/gnu/packages/patches/gcc-8-strmov-store-file-names.patch new file mode 100644 index 0000000000..f8e6b951b2 --- /dev/null +++ b/gnu/packages/patches/gcc-8-strmov-store-file-names.patch @@ -0,0 +1,110 @@ +Make sure that statements such as: + + strcpy (dst, "/gnu/store/…"); + +or + + static const char str[] = "/gnu/store/…"; + … + strcpy (dst, str); + +do not result in chunked /gnu/store strings that are undetectable by +Guix's GC and its grafting code. See +and . + +--- gcc-5.3.0/gcc/builtins.c 2016-10-18 10:50:46.080616285 +0200 ++++ gcc-5.3.0/gcc/builtins.c 2016-11-09 15:26:43.693042737 +0100 +@@ -3012,6 +3012,58 @@ determine_block_size (tree len, rtx len_rtx, + GET_MODE_MASK (GET_MODE (len_rtx))); + } + ++extern void debug_tree (tree); ++ ++/* Return true if STR contains the string "/gnu/store". */ ++ ++bool ++store_reference_p (tree str) ++{ ++ if (getenv ("GUIX_GCC_DEBUG") != NULL) ++ debug_tree (str); ++ ++ if (TREE_CODE (str) == ADDR_EXPR) ++ str = TREE_OPERAND (str, 0); ++ ++ if (TREE_CODE (str) == VAR_DECL ++ && TREE_STATIC (str) ++ && TREE_READONLY (str)) ++ { ++ /* STR may be a 'static const' variable whose initial value ++ is a string constant. See . */ ++ str = DECL_INITIAL (str); ++ if (str == NULL_TREE) ++ return false; ++ } ++ ++ if (TREE_CODE (str) != STRING_CST) ++ return false; ++ ++ int len; ++ const char *store; ++ ++ store = getenv ("NIX_STORE") ? getenv ("NIX_STORE") : "/gnu/store"; ++ len = strlen (store); ++ ++ /* Size of the hash part of store file names, including leading slash and ++ trailing hyphen. */ ++ const int hash_len = 34; ++ ++ if (TREE_STRING_LENGTH (str) < len + hash_len) ++ return false; ++ ++ /* We cannot use 'strstr' because 'TREE_STRING_POINTER' returns a string ++ that is not necessarily NUL-terminated. */ ++ ++ for (int i = 0; i < TREE_STRING_LENGTH (str) - (len + hash_len); i++) ++ { ++ if (strncmp (TREE_STRING_POINTER (str) + i, store, len) == 0) ++ return true; ++ } ++ ++ return false; ++} ++ + /* Try to verify that the sizes and lengths of the arguments to a string + manipulation function given by EXP are within valid bounds and that + the operation does not lead to buffer overflow or read past the end. +@@ -3605,6 +3657,13 @@ expand_builtin_memory_copy_args (tree dest, tree src, tree len, + unsigned HOST_WIDE_INT max_size; + unsigned HOST_WIDE_INT probable_max_size; + ++ /* Do not emit block moves, which translate to the 'movabs' instruction on ++ x86_64, when SRC refers to store items. That way, store references ++ remain visible to the Guix GC and grafting code. See ++ . */ ++ if (store_reference_p (src)) ++ return NULL_RTX; ++ + /* If DEST is not a pointer type, call the normal function. */ + if (dest_align == 0) + return NULL_RTX; +--- gcc-5.5.0/gcc/gimple-fold.c 2018-03-20 11:36:16.709442004 +0100 ++++ gcc-5.5.0/gcc/gimple-fold.c 2018-03-20 11:46:43.838487065 +0100 +@@ -635,6 +635,8 @@ var_decl_component_p (tree var) + return SSA_VAR_P (inner); + } + ++extern bool store_reference_p (tree); ++ + /* If the SIZE argument representing the size of an object is in a range + of values of which exactly one is valid (and that is zero), return + true, otherwise false. */ +@@ -742,6 +744,9 @@ gimple_fold_builtin_memory_op (gimple_stmt_iterator *gsi, + off0 = build_int_cst (build_pointer_type_for_mode (char_type_node, + ptr_mode, true), 0); + ++ if (store_reference_p (src)) ++ return false; ++ + /* If we can perform the copy efficiently with first doing all loads + and then all stores inline it that way. Currently efficiently + means that we can load all the memory into a single integer -- cgit 1.4.1 From 8dbfaff028d73cc847a9fff03cb17006c5461b11 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Mon, 25 Jun 2018 16:28:00 -0400 Subject: gnu: libtiff: Fix CVE-2018-{8905,10963}. * gnu/packages/patches/libtiff-CVE-2018-8905.patch, gnu/packages/patches/libtiff-CVE-2018-10963.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/image.scm (libtiff)[replacement]: New field. (libtiff/fixed): New variable. --- gnu/local.mk | 2 + gnu/packages/image.scm | 12 +++++ gnu/packages/patches/libtiff-CVE-2018-10963.patch | 40 +++++++++++++++ gnu/packages/patches/libtiff-CVE-2018-8905.patch | 61 +++++++++++++++++++++++ 4 files changed, 115 insertions(+) create mode 100644 gnu/packages/patches/libtiff-CVE-2018-10963.patch create mode 100644 gnu/packages/patches/libtiff-CVE-2018-8905.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 2e26b33371..30d314c882 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -887,6 +887,8 @@ dist_patch_DATA = \ %D%/packages/patches/libtheora-config-guess.patch \ %D%/packages/patches/libtiff-CVE-2017-9935.patch \ %D%/packages/patches/libtiff-CVE-2017-18013.patch \ + %D%/packages/patches/libtiff-CVE-2018-8905.patch \ + %D%/packages/patches/libtiff-CVE-2018-10963.patch \ %D%/packages/patches/libtool-skip-tests2.patch \ %D%/packages/patches/libusb-0.1-disable-tests.patch \ %D%/packages/patches/libusb-for-axoloti.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index a2874be1a8..5ad6fe9487 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -394,6 +394,7 @@ extracting icontainer icon files.") (define-public libtiff (package (name "libtiff") + (replacement libtiff/fixed) (version "4.0.9") (source (origin @@ -426,6 +427,17 @@ collection of tools for doing simple manipulations of TIFF images.") "See COPYRIGHT in the distribution.")) (home-page "http://www.simplesystems.org/libtiff/"))) +(define libtiff/fixed + (package + (inherit libtiff) + (source + (origin + (inherit (package-source libtiff)) + (patches + (append (origin-patches (package-source libtiff)) + (search-patches "libtiff-CVE-2018-8905.patch" + "libtiff-CVE-2018-10963.patch"))))))) + (define-public leptonica (package (name "leptonica") diff --git a/gnu/packages/patches/libtiff-CVE-2018-10963.patch b/gnu/packages/patches/libtiff-CVE-2018-10963.patch new file mode 100644 index 0000000000..d31c12399d --- /dev/null +++ b/gnu/packages/patches/libtiff-CVE-2018-10963.patch @@ -0,0 +1,40 @@ +Fix CVE-2018-10963: + +http://bugzilla.maptools.org/show_bug.cgi?id=2795 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963 + +Patch copied from upstream source repository: + +https://gitlab.com/libtiff/libtiff/commit/de144fd228e4be8aa484c3caf3d814b6fa88c6d9 + +From de144fd228e4be8aa484c3caf3d814b6fa88c6d9 Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Sat, 12 May 2018 14:24:15 +0200 +Subject: [PATCH] TIFFWriteDirectorySec: avoid assertion. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2795. CVE-2018-10963 + +--- + libtiff/tif_dirwrite.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c +index 2430de6d..c15a28db 100644 +--- a/libtiff/tif_dirwrite.c ++++ b/libtiff/tif_dirwrite.c +@@ -695,8 +695,11 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64* pdiroff) + } + break; + default: +- assert(0); /* we should never get here */ +- break; ++ TIFFErrorExt(tif->tif_clientdata,module, ++ "Cannot write tag %d (%s)", ++ TIFFFieldTag(o), ++ o->field_name ? o->field_name : "unknown"); ++ goto bad; + } + } + } +-- +2.17.0 + diff --git a/gnu/packages/patches/libtiff-CVE-2018-8905.patch b/gnu/packages/patches/libtiff-CVE-2018-8905.patch new file mode 100644 index 0000000000..f49815789e --- /dev/null +++ b/gnu/packages/patches/libtiff-CVE-2018-8905.patch @@ -0,0 +1,61 @@ +Fix CVE-2018-8095: + +http://bugzilla.maptools.org/show_bug.cgi?id=2780 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905 + +Patch copied from upstream source repository: + +https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d + +From 58a898cb4459055bb488ca815c23b880c242a27d Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Sat, 12 May 2018 15:32:31 +0200 +Subject: [PATCH] LZWDecodeCompat(): fix potential index-out-of-bounds write. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2780 / CVE-2018-8905 + +The fix consists in using the similar code LZWDecode() to validate we +don't write outside of the output buffer. +--- + libtiff/tif_lzw.c | 18 ++++++++++++------ + 1 file changed, 12 insertions(+), 6 deletions(-) + +diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c +index 4ccb443c..94d85e38 100644 +--- a/libtiff/tif_lzw.c ++++ b/libtiff/tif_lzw.c +@@ -602,6 +602,7 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s) + char *tp; + unsigned char *bp; + int code, nbits; ++ int len; + long nextbits, nextdata, nbitsmask; + code_t *codep, *free_entp, *maxcodep, *oldcodep; + +@@ -753,13 +754,18 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s) + } while (--occ); + break; + } +- assert(occ >= codep->length); +- op += codep->length; +- occ -= codep->length; +- tp = op; ++ len = codep->length; ++ tp = op + len; + do { +- *--tp = codep->value; +- } while( (codep = codep->next) != NULL ); ++ int t; ++ --tp; ++ t = codep->value; ++ codep = codep->next; ++ *tp = (char)t; ++ } while (codep && tp > op); ++ assert(occ >= len); ++ op += len; ++ occ -= len; + } else { + *op++ = (char)code; + occ--; +-- +2.17.0 + -- cgit 1.4.1 From f19b26307829d528750264cd87e159a28bb5435c Mon Sep 17 00:00:00 2001 From: Fis Trivial Date: Tue, 26 Jun 2018 19:40:31 +0000 Subject: gnu: Add beignet. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/opencl.scm (beignet): New variable. * gnu/packages/patches/beignet-correct-file-names.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. Co-authored-by: Ludovic Courtès --- gnu/local.mk | 1 + gnu/packages/opencl.scm | 93 +++++++++++++++++++++- .../patches/beignet-correct-file-names.patch | 32 ++++++++ 3 files changed, 124 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/beignet-correct-file-names.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 30d314c882..5818603802 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -583,6 +583,7 @@ dist_patch_DATA = \ %D%/packages/patches/azr3.patch \ %D%/packages/patches/bash-completion-directories.patch \ %D%/packages/patches/bazaar-CVE-2017-14176.patch \ + %D%/packages/patches/beignet-correct-file-names.patch \ %D%/packages/patches/bind-CVE-2018-5738.patch \ %D%/packages/patches/binutils-aarch64-symbol-relocation.patch \ %D%/packages/patches/binutils-loongson-workaround.patch \ diff --git a/gnu/packages/opencl.scm b/gnu/packages/opencl.scm index 3ce8a14c4c..644cd95e93 100644 --- a/gnu/packages/opencl.scm +++ b/gnu/packages/opencl.scm @@ -21,11 +21,21 @@ #:use-module (guix build-system cmake) #:use-module (guix download) #:use-module (guix git-download) - #:use-module (guix packages) #:use-module ((guix licenses) #:prefix license:) + #:use-module (guix packages) + #:use-module (gnu packages) + #:use-module (gnu packages gl) #:use-module (gnu packages gnupg) + #:use-module (gnu packages compression) + #:use-module (gnu packages libedit) + #:use-module (gnu packages llvm) + #:use-module (gnu packages ncurses) + #:use-module (gnu packages pkg-config) #:use-module (gnu packages python) - #:use-module (gnu packages ruby)) + #:use-module (gnu packages ruby) + #:use-module (gnu packages video) + #:use-module (gnu packages xdisorg) + #:use-module (gnu packages xorg)) ;; This file adds OpenCL implementation related packages. Due to the fact that ;; OpenCL devices are not available during build (store environment), tests are @@ -199,3 +209,82 @@ Loader as provided by this package.") possible (known) properties of the OpenCL platform and devices available on the system.") (license license:cc0))) + +(define-public beignet + (package + (name "beignet") + (version "1.3.2") + (source (origin + (method url-fetch) + (uri (string-append + "https://github.com/intel/beignet/archive/Release_v" + version + ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "18r0lq3dkd4yn6bxa45s2lrr9cjbg70nr2nn6xablvgqwzw0jb0r")) + (patches (search-patches "beignet-correct-file-names.patch")) + (modules '((guix build utils))) + (snippet + ;; There's a suspicious .isa binary file under kernels/. + ;; Remove it. + '(for-each delete-file (find-files "." "\\.isa$"))))) + (native-inputs `(("pkg-config" ,pkg-config) + ("python" ,python))) + (inputs `(("clang@3.7" ,clang-3.7) + ("clang-runtime@3.7" ,clang-runtime-3.7) + ("glu" ,glu) + ("llvm@3.7" ,llvm-3.7) + ("libdrm" ,libdrm) + ("libedit" ,libedit) + ("libpthread-stubs", libpthread-stubs) + ("libsm" ,libsm) + ("libva" ,libva) + ("libxfixes" ,libxfixes) + ("libxext" ,libxext) + ("mesa-utils" ,mesa-utils) + ("ncurses" ,ncurses) + ("ocl-icd" ,ocl-icd) + ("opencl-headers" ,opencl-headers) + ("xextproto" ,xextproto) + ("zlib" ,zlib))) + (build-system cmake-build-system) + (arguments + `(#:configure-flags + (list (string-append "-DCLANG_LIBRARY_DIR=" + (assoc-ref %build-inputs "clang@3.7") "/lib") + "-DENABLE_GL_SHARING=ON" + "-DEXPERIMENTAL_DOUBLE=ON") + + #:phases + (modify-phases %standard-phases + (add-after 'install 'remove-headers + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (delete-file-recursively + (string-append out "/include")) + #t))) + (add-after 'remove-headers 'install-kernels + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (builddir (getcwd)) + (source-dir (string-append + builddir + "/../beignet-Release_v1.3.2/kernels"))) + (copy-recursively source-dir + (string-append out "/lib/beignet/kernels")) + #t)))) + ;; Beignet tries to find GPU when running tests, which is not available + ;; during build. + #:tests? #f)) + (home-page "https://wiki.freedesktop.org/www/Software/Beignet/") + (synopsis "OpenCL framework for Intel GPUs") + (description + "Beignet is an implementation of the OpenCL specification. This code +base contains the code to run OpenCL programs on Intel GPUs---IvyBridge, +Haswell, Skylake, Apollolake, etc. It defines and implements the OpenCL host +functions required to initialize the device, create the command queues, the +kernels and the programs, and run them on the GPU. The code also contains a +back-end for the LLVM compiler framework.") + (license license:lgpl2.1+))) diff --git a/gnu/packages/patches/beignet-correct-file-names.patch b/gnu/packages/patches/beignet-correct-file-names.patch new file mode 100644 index 0000000000..2c5d0bbaea --- /dev/null +++ b/gnu/packages/patches/beignet-correct-file-names.patch @@ -0,0 +1,32 @@ +Help CMake find Clang's libraries. +Have it install the ICD file in the right place. + +diff --git a/CMake/FindLLVM.cmake b/CMake/FindLLVM.cmake +index 5457f248..e8e8f94a 100644 +--- a/CMake/FindLLVM.cmake ++++ b/CMake/FindLLVM.cmake +@@ -107,7 +107,7 @@ endif (LLVM_VERSION_NODOT VERSION_GREATER 34) + macro(add_one_lib name) + FIND_LIBRARY(CLANG_LIB + NAMES ${name} +- PATHS ${LLVM_LIBRARY_DIR} NO_DEFAULT_PATH) ++ PATHS ${CLANG_LIBRARY_DIR} NO_DEFAULT_PATH) + set(CLANG_LIBRARIES ${CLANG_LIBRARIES} ${CLANG_LIB}) + unset(CLANG_LIB CACHE) + endmacro() +diff --git a/CMakeLists.txt b/CMakeLists.txt +index c11acbb2..fb99e5c8 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -217,7 +217,7 @@ IF(OCLIcd_FOUND) + "intel-beignet.icd.in" + "${ICD_FILE_NAME}" + ) +- install (FILES ${CMAKE_CURRENT_BINARY_DIR}/${ICD_FILE_NAME} DESTINATION /etc/OpenCL/vendors) ++ install (FILES ${CMAKE_CURRENT_BINARY_DIR}/${ICD_FILE_NAME} DESTINATION etc/OpenCL/vendors COMPONENT config) + ELSE(OCLIcd_FOUND) + MESSAGE(STATUS "Looking for OCL ICD header file - not found") + MESSAGE(FATAL_ERROR "OCL ICD loader miss. If you really want to disable OCL ICD support, please run cmake with option -DOCLICD_COMPAT=0.") +-- +2.14.3 + -- cgit 1.4.1 From 605e3345c3ee89a7e462898439e8fc3d3c0ecaf6 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Tue, 26 Jun 2018 22:13:06 -0400 Subject: gnu: icecat: Add more fixes from upstream mozilla-esr52. Includes fixes for CVE-2018-12363, CVE-2018-12364, CVE-2018-12366, the remaining 1 out of 2 changesets for CVE-2018-5156, and the remaining 7 out of 17 changesets for CVE-2018-5188. * gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the upstream mozilla-esr52 repository. * gnu/packages/patches/icecat-bug-1413868-pt1.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/gnuzilla.scm | 18 +- gnu/packages/patches/icecat-bug-1413868-pt1.patch | 663 ++++++++++++++++++++++ 3 files changed, 681 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/icecat-bug-1413868-pt1.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 5818603802..58aebf12a2 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -798,6 +798,7 @@ dist_patch_DATA = \ %D%/packages/patches/hurd-fix-eth-multiplexer-dependency.patch \ %D%/packages/patches/hydra-disable-darcs-test.patch \ %D%/packages/patches/icecat-avoid-bundled-libraries.patch \ + %D%/packages/patches/icecat-bug-1413868-pt1.patch \ %D%/packages/patches/icecat-CVE-2018-5157-and-CVE-2018-5158.patch \ %D%/packages/patches/icecat-use-system-graphite2.patch \ %D%/packages/patches/icecat-use-system-harfbuzz.patch \ diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index f98d6cc99a..9e6061eb64 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -499,7 +499,23 @@ security standards.") (mozilla-patch "icecat-CVE-2018-12360.patch" "face7a3dd5d7" "0jclw30mf693w8lrmvn0iankggj21nh4j3zh51q5363rj5xncdzx") (mozilla-patch "icecat-CVE-2018-5188-pt10.patch" "7afb58c046c8" "1r0569r76712x7x1sw6xr0x06ilv6iw3fncb0f8r8b9mp6wrpx34") (mozilla-patch "icecat-CVE-2018-12362-pt1.patch" "f1a745f8c42d" "11q73pb7a8f09xjzil4rhg5nr49zrnz1vb0prni0kqvrnppf5s40") - (mozilla-patch "icecat-CVE-2018-12362-pt2.patch" "1f9a430881cc" "0f79rv7njliqxx33z07n60b50jg0a596d1km7ayz2hivbl2d0168"))) + (mozilla-patch "icecat-CVE-2018-12362-pt2.patch" "1f9a430881cc" "0f79rv7njliqxx33z07n60b50jg0a596d1km7ayz2hivbl2d0168") + (mozilla-patch "icecat-CVE-2018-5188-pt11.patch" "28f4fc0a5141" "1a8f9z6c80in8ccj82ysdrcr2lqypp29l4acs50kwncm0c0b01zl") + (mozilla-patch "icecat-CVE-2018-12363.patch" "ad5a53a1d2b1" "0rhl4r39ydb3lkfp5pkwvhhzqgfh33s9r7b7jccgkrx6f13xyq78") + (mozilla-patch "icecat-CVE-2018-5188-pt12.patch" "0ddfc03c0454" "1b0xw2kj9765lvpl8iwr3wwcz40bdfp3dp4y9f546a61qsi9q9d6") + (mozilla-patch "icecat-CVE-2018-5156-pt2.patch" "dbf36189a364" "1awbyhy0r79i03sns2p0m78f9hb6c7kp4hwia2khx4qszlsr4j95") + (mozilla-patch "icecat-CVE-2018-5188-pt13.patch" "32509dfde003" "0cc3c92dgf5qynk093prq610c9x815l2fa24ddrw9czdzbwblsdq") + (mozilla-patch "icecat-bug-1462912.patch" "f18535a212da" "0zkqz9il89f1s1yrp5c6hj6kysy2x02iy50vgwdj30lr56gkpzmk") + (mozilla-patch "icecat-CVE-2018-5188-pt14.patch" "e8e9e1ef79f2" "0dc8p6fsppq3bhbpmp41f8mjxbr31pvgpga0a73dqdaicq5ydgj4") + (search-patch "icecat-bug-1413868-pt1.patch") + (mozilla-patch "icecat-CVE-2018-5188-pt15.patch" "9d4d31b2630d" "1lcbmsyi09kp80h1jgxj5l45zl24xn22h1lq7drbyjxsn1kggq4g") + (mozilla-patch "icecat-CVE-2018-12366-pt1.patch" "edf2c7dff493" "06xmyk7nm54cm9m6qc59wz8cxxfa5r25mf2xzdzy74iq5hwa1ac8") + (mozilla-patch "icecat-CVE-2018-5188-pt16.patch" "05549a4d1b80" "10q68cllshmmhlrbirm9h4gyc3ffrcpsxihfpcbxh90nv2h16jci") + (mozilla-patch "icecat-CVE-2018-12364.patch" "67b2d8924841" "197riigbb6l30959pygr0zlv7vaims78dg1mh0pg33pa7cbna0ds") + (mozilla-patch "icecat-CVE-2018-12366-pt2.patch" "528d4d997bb3" "0f375i96a404dkn0fanmd9pgfj3wyrhjfc5dwslw2s44gwfjhljb") + (mozilla-patch "icecat-bug-1369771.patch" "fab16ad7f256" "0kd8qm04sjgfgfg8yw3ivcxazb1d7v430g86chw4n64qybsh9ka3") + (mozilla-patch "icecat-CVE-2018-5188-pt17.patch" "068e249d02b4" "1iy9by1mg5qhp8502h31m8zm99aq2hx0c5n3hadd5pk11lfnq6ll") + (mozilla-patch "icecat-bug-1413868-pt2.patch" "755067c14b06" "089dwqwzcdg1l6aimi0i65q4dgb2iny5h8yjx63h9zgv77n0700a"))) (modules '((guix build utils))) (snippet '(begin diff --git a/gnu/packages/patches/icecat-bug-1413868-pt1.patch b/gnu/packages/patches/icecat-bug-1413868-pt1.patch new file mode 100644 index 0000000000..18382dc33a --- /dev/null +++ b/gnu/packages/patches/icecat-bug-1413868-pt1.patch @@ -0,0 +1,663 @@ +Based on +Adapted to apply cleanly to GNU IceCat. + +# HG changeset patch +# User Honza Bambas +# Date 1528830658 14400 +# Node ID 431fa5dd4016bdab7e4bb0d3c4df85468fe337b0 +# Parent e8e9e1ef79f2a18c61ec1b87cfb214c8d4960f8e +Bug 1413868. r=valentin, a=RyanVM + +diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp +--- a/toolkit/xre/nsAppRunner.cpp ++++ b/toolkit/xre/nsAppRunner.cpp +@@ -4,16 +4,17 @@ + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + + #include "mozilla/dom/ContentParent.h" + #include "mozilla/dom/ContentChild.h" + #include "mozilla/ipc/GeckoChildProcessHost.h" + + #include "mozilla/ArrayUtils.h" + #include "mozilla/Attributes.h" ++#include "mozilla/FilePreferences.h" + #include "mozilla/ChaosMode.h" + #include "mozilla/IOInterposer.h" + #include "mozilla/Likely.h" + #include "mozilla/MemoryChecking.h" + #include "mozilla/Poison.h" + #include "mozilla/Preferences.h" + #include "mozilla/ScopeExit.h" + #include "mozilla/Services.h" +@@ -4304,16 +4305,20 @@ XREMain::XRE_mainRun() + // Need to write out the fact that the profile has been removed and potentially + // that the selected/default profile changed. + mProfileSvc->Flush(); + } + } + + mDirProvider.DoStartup(); + ++ // As FilePreferences need the profile directory, we must initialize right here. ++ mozilla::FilePreferences::InitDirectoriesWhitelist(); ++ mozilla::FilePreferences::InitPrefs(); ++ + OverrideDefaultLocaleIfNeeded(); + + #ifdef MOZ_CRASHREPORTER + nsCString userAgentLocale; + // Try a localized string first. This pref is always a localized string in + // IceCatMobile, and might be elsewhere, too. + if (NS_SUCCEEDED(Preferences::GetLocalizedCString("general.useragent.locale", &userAgentLocale))) { + CrashReporter::AnnotateCrashReport(NS_LITERAL_CSTRING("useragent_locale"), userAgentLocale); +diff --git a/toolkit/xre/nsEmbedFunctions.cpp b/toolkit/xre/nsEmbedFunctions.cpp +--- a/toolkit/xre/nsEmbedFunctions.cpp ++++ b/toolkit/xre/nsEmbedFunctions.cpp +@@ -46,16 +46,17 @@ + #include "nsX11ErrorHandler.h" + #include "nsGDKErrorHandler.h" + #include "base/at_exit.h" + #include "base/command_line.h" + #include "base/message_loop.h" + #include "base/process_util.h" + #include "chrome/common/child_process.h" + ++#include "mozilla/FilePreferences.h" + #include "mozilla/ipc/BrowserProcessSubThread.h" + #include "mozilla/ipc/GeckoChildProcessHost.h" + #include "mozilla/ipc/IOThreadChild.h" + #include "mozilla/ipc/ProcessChild.h" + #include "ScopedXREEmbed.h" + + #include "mozilla/plugins/PluginProcessChild.h" + #include "mozilla/dom/ContentProcess.h" +@@ -680,16 +681,18 @@ XRE_InitChildProcess(int aArgc, + ::SetProcessShutdownParameters(0x280 - 1, SHUTDOWN_NORETRY); + #endif + + #if defined(MOZ_SANDBOX) && defined(XP_WIN) + // We need to do this after the process has been initialised, as + // InitLoggingIfRequired may need access to prefs. + mozilla::sandboxing::InitLoggingIfRequired(aChildData->ProvideLogFunction); + #endif ++ mozilla::FilePreferences::InitDirectoriesWhitelist(); ++ mozilla::FilePreferences::InitPrefs(); + + OverrideDefaultLocaleIfNeeded(); + + #if defined(MOZ_CRASHREPORTER) + #if defined(MOZ_CONTENT_SANDBOX) && !defined(MOZ_WIDGET_GONK) + AddContentSandboxLevelAnnotation(); + #endif + #endif +diff --git a/xpcom/io/FilePreferences.cpp b/xpcom/io/FilePreferences.cpp +new file mode 100644 +--- /dev/null ++++ b/xpcom/io/FilePreferences.cpp +@@ -0,0 +1,271 @@ ++/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ ++/* vim: set ts=8 sts=2 et sw=2 tw=80: */ ++/* This Source Code Form is subject to the terms of the Mozilla Public ++* License, v. 2.0. If a copy of the MPL was not distributed with this ++* file, You can obtain one at http://mozilla.org/MPL/2.0/. */ ++ ++#include "FilePreferences.h" ++ ++#include "mozilla/Preferences.h" ++#include "nsAppDirectoryServiceDefs.h" ++#include "nsDirectoryServiceDefs.h" ++#include "nsDirectoryServiceUtils.h" ++ ++namespace mozilla { ++namespace FilePreferences { ++ ++static bool sBlockUNCPaths = false; ++typedef nsTArray Paths; ++ ++static Paths& PathArray() ++{ ++ static Paths sPaths; ++ return sPaths; ++} ++ ++static void AllowDirectory(char const* directory) ++{ ++ nsCOMPtr file; ++ NS_GetSpecialDirectory(directory, getter_AddRefs(file)); ++ if (!file) { ++ return; ++ } ++ ++ nsString path; ++ if (NS_FAILED(file->GetTarget(path))) { ++ return; ++ } ++ ++ // The whitelist makes sense only for UNC paths, because this code is used ++ // to block only UNC paths, hence, no need to add non-UNC directories here ++ // as those would never pass the check. ++ if (!StringBeginsWith(path, NS_LITERAL_STRING("\\\\"))) { ++ return; ++ } ++ ++ if (!PathArray().Contains(path)) { ++ PathArray().AppendElement(path); ++ } ++} ++ ++void InitPrefs() ++{ ++ sBlockUNCPaths = Preferences::GetBool("network.file.disable_unc_paths", false); ++} ++ ++void InitDirectoriesWhitelist() ++{ ++ // NS_GRE_DIR is the installation path where the binary resides. ++ AllowDirectory(NS_GRE_DIR); ++ // NS_APP_USER_PROFILE_50_DIR and NS_APP_USER_PROFILE_LOCAL_50_DIR are the two ++ // parts of the profile we store permanent and local-specific data. ++ AllowDirectory(NS_APP_USER_PROFILE_50_DIR); ++ AllowDirectory(NS_APP_USER_PROFILE_LOCAL_50_DIR); ++} ++ ++namespace { // anon ++ ++class Normalizer ++{ ++public: ++ Normalizer(const nsAString& aFilePath, const char16_t aSeparator); ++ bool Get(nsAString& aNormalizedFilePath); ++ ++private: ++ bool ConsumeItem(); ++ bool ConsumeSeparator(); ++ bool IsEOF() { return mFilePathCursor == mFilePathEnd; } ++ ++ bool ConsumeName(); ++ bool CheckParentDir(); ++ bool CheckCurrentDir(); ++ ++ nsString::const_char_iterator mFilePathCursor; ++ nsString::const_char_iterator mFilePathEnd; ++ ++ nsDependentSubstring mItem; ++ char16_t const mSeparator; ++ nsTArray mStack; ++}; ++ ++Normalizer::Normalizer(const nsAString& aFilePath, const char16_t aSeparator) ++ : mFilePathCursor(aFilePath.BeginReading()) ++ , mFilePathEnd(aFilePath.EndReading()) ++ , mSeparator(aSeparator) ++{ ++} ++ ++bool Normalizer::ConsumeItem() ++{ ++ if (IsEOF()) { ++ return false; ++ } ++ ++ nsString::const_char_iterator nameBegin = mFilePathCursor; ++ while (mFilePathCursor != mFilePathEnd) { ++ if (*mFilePathCursor == mSeparator) { ++ break; // don't include the separator ++ } ++ ++mFilePathCursor; ++ } ++ ++ mItem.Rebind(nameBegin, mFilePathCursor); ++ return true; ++} ++ ++bool Normalizer::ConsumeSeparator() ++{ ++ if (IsEOF()) { ++ return false; ++ } ++ ++ if (*mFilePathCursor != mSeparator) { ++ return false; ++ } ++ ++ ++mFilePathCursor; ++ return true; ++} ++ ++bool Normalizer::Get(nsAString& aNormalizedFilePath) ++{ ++ aNormalizedFilePath.Truncate(); ++ ++ if (IsEOF()) { ++ return true; ++ } ++ if (ConsumeSeparator()) { ++ aNormalizedFilePath.Append(mSeparator); ++ } ++ ++ if (IsEOF()) { ++ return true; ++ } ++ if (ConsumeSeparator()) { ++ aNormalizedFilePath.Append(mSeparator); ++ } ++ ++ while (!IsEOF()) { ++ if (!ConsumeName()) { ++ return false; ++ } ++ } ++ ++ for (auto const& name : mStack) { ++ aNormalizedFilePath.Append(name); ++ } ++ ++ return true; ++} ++ ++bool Normalizer::ConsumeName() ++{ ++ if (!ConsumeItem()) { ++ return true; ++ } ++ ++ if (CheckCurrentDir()) { ++ return true; ++ } ++ ++ if (CheckParentDir()) { ++ if (!mStack.Length()) { ++ // This means there are more \.. than valid names ++ return false; ++ } ++ ++ mStack.RemoveElementAt(mStack.Length() - 1); ++ return true; ++ } ++ ++ if (mItem.IsEmpty()) { ++ // this means an empty name (a lone slash), which is illegal ++ return false; ++ } ++ ++ if (ConsumeSeparator()) { ++ mItem.Rebind(mItem.BeginReading(), mFilePathCursor); ++ } ++ mStack.AppendElement(mItem); ++ ++ return true; ++} ++ ++bool Normalizer::CheckCurrentDir() ++{ ++ if (mItem == NS_LITERAL_STRING(".")) { ++ ConsumeSeparator(); ++ // EOF is acceptable ++ return true; ++ } ++ ++ return false; ++} ++ ++bool Normalizer::CheckParentDir() ++{ ++ if (mItem == NS_LITERAL_STRING("..")) { ++ ConsumeSeparator(); ++ // EOF is acceptable ++ return true; ++ } ++ ++ return false; ++} ++ ++} // anon ++ ++bool IsBlockedUNCPath(const nsAString& aFilePath) ++{ ++ if (!sBlockUNCPaths) { ++ return false; ++ } ++ ++ if (!StringBeginsWith(aFilePath, NS_LITERAL_STRING("\\\\"))) { ++ return false; ++ } ++ ++ nsAutoString normalized; ++ if (!Normalizer(aFilePath, L'\\').Get(normalized)) { ++ // Broken paths are considered invalid and thus inaccessible ++ return true; ++ } ++ ++ for (const auto& allowedPrefix : PathArray()) { ++ if (StringBeginsWith(normalized, allowedPrefix)) { ++ if (normalized.Length() == allowedPrefix.Length()) { ++ return false; ++ } ++ if (normalized[allowedPrefix.Length()] == L'\\') { ++ return false; ++ } ++ ++ // When we are here, the path has a form "\\path\prefixevil" ++ // while we have an allowed prefix of "\\path\prefix". ++ // Note that we don't want to add a slash to the end of a prefix ++ // so that opening the directory (no slash at the end) still works. ++ break; ++ } ++ } ++ ++ return true; ++} ++ ++void testing::SetBlockUNCPaths(bool aBlock) ++{ ++ sBlockUNCPaths = aBlock; ++} ++ ++void testing::AddDirectoryToWhitelist(nsAString const & aPath) ++{ ++ PathArray().AppendElement(aPath); ++} ++ ++bool testing::NormalizePath(nsAString const & aPath, nsAString & aNormalized) ++{ ++ Normalizer normalizer(aPath, L'\\'); ++ return normalizer.Get(aNormalized); ++} ++ ++} // ::FilePreferences ++} // ::mozilla +diff --git a/xpcom/io/FilePreferences.h b/xpcom/io/FilePreferences.h +new file mode 100644 +--- /dev/null ++++ b/xpcom/io/FilePreferences.h +@@ -0,0 +1,25 @@ ++/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ ++/* vim: set ts=8 sts=2 et sw=2 tw=80: */ ++/* This Source Code Form is subject to the terms of the Mozilla Public ++* License, v. 2.0. If a copy of the MPL was not distributed with this ++* file, You can obtain one at http://mozilla.org/MPL/2.0/. */ ++ ++#include "nsIObserver.h" ++ ++namespace mozilla { ++namespace FilePreferences { ++ ++void InitPrefs(); ++void InitDirectoriesWhitelist(); ++bool IsBlockedUNCPath(const nsAString& aFilePath); ++ ++namespace testing { ++ ++void SetBlockUNCPaths(bool aBlock); ++void AddDirectoryToWhitelist(nsAString const& aPath); ++bool NormalizePath(nsAString const & aPath, nsAString & aNormalized); ++ ++} ++ ++} // FilePreferences ++} // mozilla +diff --git a/xpcom/io/moz.build b/xpcom/io/moz.build +--- a/xpcom/io/moz.build ++++ b/xpcom/io/moz.build +@@ -79,24 +79,26 @@ EXPORTS += [ + 'nsUnicharInputStream.h', + 'nsWildCard.h', + 'SlicedInputStream.h', + 'SpecialSystemDirectory.h', + ] + + EXPORTS.mozilla += [ + 'Base64.h', ++ 'FilePreferences.h', + 'SnappyCompressOutputStream.h', + 'SnappyFrameUtils.h', + 'SnappyUncompressInputStream.h', + ] + + UNIFIED_SOURCES += [ + 'Base64.cpp', + 'crc32c.c', ++ 'FilePreferences.cpp', + 'nsAnonymousTemporaryFile.cpp', + 'nsAppFileLocationProvider.cpp', + 'nsBinaryStream.cpp', + 'nsDirectoryService.cpp', + 'nsEscape.cpp', + 'nsInputStreamTee.cpp', + 'nsIOUtil.cpp', + 'nsLinebreakConverter.cpp', +diff --git a/xpcom/io/nsLocalFileWin.cpp b/xpcom/io/nsLocalFileWin.cpp +--- a/xpcom/io/nsLocalFileWin.cpp ++++ b/xpcom/io/nsLocalFileWin.cpp +@@ -41,16 +41,17 @@ + #include + #include + #include + + #include "nsXPIDLString.h" + #include "prproces.h" + #include "prlink.h" + ++#include "mozilla/FilePreferences.h" + #include "mozilla/Mutex.h" + #include "SpecialSystemDirectory.h" + + #include "nsTraceRefcnt.h" + #include "nsXPCOMCIDInternal.h" + #include "nsThreadUtils.h" + #include "nsXULAppAPI.h" + +@@ -1162,16 +1163,20 @@ nsLocalFile::InitWithPath(const nsAStrin + char16_t secondChar = *(++begin); + + // just do a sanity check. if it has any forward slashes, it is not a Native path + // on windows. Also, it must have a colon at after the first char. + if (FindCharInReadable(L'/', begin, end)) { + return NS_ERROR_FILE_UNRECOGNIZED_PATH; + } + ++ if (FilePreferences::IsBlockedUNCPath(aFilePath)) { ++ return NS_ERROR_FILE_ACCESS_DENIED; ++ } ++ + if (secondChar != L':' && (secondChar != L'\\' || firstChar != L'\\')) { + return NS_ERROR_FILE_UNRECOGNIZED_PATH; + } + + if (secondChar == L':') { + // Make sure we have a valid drive, later code assumes the drive letter + // is a single char a-z or A-Z. + if (PathGetDriveNumberW(aFilePath.Data()) == -1) { +@@ -1974,16 +1979,20 @@ nsLocalFile::CopySingleFile(nsIFile* aSo + bool path1Remote, path2Remote; + if (!IsRemoteFilePath(filePath.get(), path1Remote) || + !IsRemoteFilePath(destPath.get(), path2Remote) || + path1Remote || path2Remote) { + dwCopyFlags |= COPY_FILE_NO_BUFFERING; + } + } + ++ if (FilePreferences::IsBlockedUNCPath(destPath)) { ++ return NS_ERROR_FILE_ACCESS_DENIED; ++ } ++ + if (!move) { + copyOK = ::CopyFileExW(filePath.get(), destPath.get(), nullptr, + nullptr, nullptr, dwCopyFlags); + } else { + copyOK = ::MoveFileExW(filePath.get(), destPath.get(), + MOVEFILE_REPLACE_EXISTING); + + // Check if copying the source file to a different volume, +diff --git a/xpcom/tests/gtest/TestFilePreferencesWin.cpp b/xpcom/tests/gtest/TestFilePreferencesWin.cpp +new file mode 100644 +--- /dev/null ++++ b/xpcom/tests/gtest/TestFilePreferencesWin.cpp +@@ -0,0 +1,141 @@ ++#include "gtest/gtest.h" ++ ++#include "mozilla/FilePreferences.h" ++#include "nsIFile.h" ++#include "nsXPCOMCID.h" ++ ++TEST(FilePreferencesWin, Normalization) ++{ ++ nsAutoString normalized; ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("foo"), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("foo")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\foo"), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\foo")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\foo"), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("foo\\some"), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("foo\\some")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\.\\foo"), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\."), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\.\\"), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\.\\."), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\foo\\bar"), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo\\bar")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\foo\\bar\\"), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo\\bar\\")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\foo\\bar\\."), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo\\bar\\")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\foo\\bar\\.\\"), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo\\bar\\")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\foo\\bar\\..\\"), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo\\")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\foo\\bar\\.."), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo\\")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\foo\\..\\bar\\..\\"), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\foo\\..\\bar"), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\bar")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\foo\\bar\\..\\..\\"), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\foo\\bar\\.\\..\\.\\..\\"), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\")); ++ ++ bool result; ++ ++ result = mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\.."), normalized); ++ ASSERT_FALSE(result); ++ ++ result = mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\..\\"), normalized); ++ ASSERT_FALSE(result); ++ ++ result = mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\.\\..\\"), normalized); ++ ASSERT_FALSE(result); ++ ++ result = mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\foo\\\\bar"), normalized); ++ ASSERT_FALSE(result); ++ ++ result = mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\foo\\bar\\..\\..\\..\\..\\"), normalized); ++ ASSERT_FALSE(result); ++ ++ result = mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\\\"), normalized); ++ ASSERT_FALSE(result); ++ ++ result = mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\.\\\\"), normalized); ++ ASSERT_FALSE(result); ++ ++ result = mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\..\\\\"), normalized); ++ ASSERT_FALSE(result); ++} ++ ++TEST(FilePreferencesWin, AccessUNC) ++{ ++ nsCOMPtr lf = do_CreateInstance(NS_LOCAL_FILE_CONTRACTID); ++ ++ nsresult rv; ++ ++ mozilla::FilePreferences::testing::SetBlockUNCPaths(false); ++ ++ rv = lf->InitWithPath(NS_LITERAL_STRING("\\\\nice\\..\\evil\\share")); ++ ASSERT_EQ(rv, NS_OK); ++ ++ mozilla::FilePreferences::testing::SetBlockUNCPaths(true); ++ ++ rv = lf->InitWithPath(NS_LITERAL_STRING("\\\\nice\\..\\evil\\share")); ++ ASSERT_EQ(rv, NS_ERROR_FILE_ACCESS_DENIED); ++ ++ mozilla::FilePreferences::testing::AddDirectoryToWhitelist(NS_LITERAL_STRING("\\\\nice")); ++ ++ rv = lf->InitWithPath(NS_LITERAL_STRING("\\\\nice\\share")); ++ ASSERT_EQ(rv, NS_OK); ++ ++ rv = lf->InitWithPath(NS_LITERAL_STRING("\\\\nice\\..\\evil\\share")); ++ ASSERT_EQ(rv, NS_ERROR_FILE_ACCESS_DENIED); ++} +diff --git a/xpcom/tests/gtest/moz.build b/xpcom/tests/gtest/moz.build +--- a/xpcom/tests/gtest/moz.build ++++ b/xpcom/tests/gtest/moz.build +@@ -51,16 +51,21 @@ UNIFIED_SOURCES += [ + if CONFIG['MOZ_DEBUG'] and CONFIG['OS_ARCH'] not in ('WINNT') and CONFIG['OS_TARGET'] != 'Android': + # FIXME bug 523392: TestDeadlockDetector doesn't like Windows + # Bug 1054249: Doesn't work on Android + UNIFIED_SOURCES += [ + 'TestDeadlockDetector.cpp', + 'TestDeadlockDetectorScalability.cpp', + ] + ++if CONFIG['OS_TARGET'] == 'WINNT': ++ UNIFIED_SOURCES += [ ++ 'TestFilePreferencesWin.cpp', ++ ] ++ + if CONFIG['WRAP_STL_INCLUDES'] and not CONFIG['CLANG_CL']: + UNIFIED_SOURCES += [ + 'TestSTLWrappers.cpp', + ] + + # Compile TestAllocReplacement separately so Windows headers don't pollute + # the global namespace for other files. + SOURCES += [ + -- cgit 1.4.1 From 7a3772b37478a3170e3703b31c9a60b764988c35 Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Sat, 30 Jun 2018 20:03:42 -0400 Subject: gnu: qtoctave: Fix build for Qt 5.11. * gnu/packages/maths.scm (qtoctave)[source]: Add patch. [native-inputs]: Add texlive. * gnu/packages/patches/qtoctave-qt-5.11-fix.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/maths.scm | 6 ++++++ gnu/packages/patches/qtoctave-qt-5.11-fix.patch | 26 +++++++++++++++++++++++++ 3 files changed, 33 insertions(+) create mode 100644 gnu/packages/patches/qtoctave-qt-5.11-fix.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 58aebf12a2..ce1a2b50f6 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1088,6 +1088,7 @@ dist_patch_DATA = \ %D%/packages/patches/qemu-CVE-2018-11806.patch \ %D%/packages/patches/qt4-ldflags.patch \ %D%/packages/patches/qtbase-use-TZDIR.patch \ + %D%/packages/patches/qtoctave-qt-5.11-fix.patch \ %D%/packages/patches/qtscript-disable-tests.patch \ %D%/packages/patches/quagga-reproducible-build.patch \ %D%/packages/patches/quassel-qt-5.11.patch \ diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm index f3ada33e08..64b8887e48 100644 --- a/gnu/packages/maths.scm +++ b/gnu/packages/maths.scm @@ -1400,12 +1400,18 @@ script files.") (define-public qtoctave (package (inherit octave) (name "qtoctave") + (source (origin + (inherit (package-source octave)) + (patches (append (origin-patches (package-source octave)) + (search-patches + "qtoctave-qt-5.11-fix.patch"))))) (inputs `(("qscintilla" ,qscintilla) ("qt" ,qtbase) ,@(package-inputs octave))) (native-inputs `(("qttools" , qttools) ;for lrelease + ("texlive" ,texlive) ;for texi2dvi ,@(package-native-inputs octave))) (arguments (substitute-keyword-arguments (package-arguments octave) diff --git a/gnu/packages/patches/qtoctave-qt-5.11-fix.patch b/gnu/packages/patches/qtoctave-qt-5.11-fix.patch new file mode 100644 index 0000000000..67317d1b36 --- /dev/null +++ b/gnu/packages/patches/qtoctave-qt-5.11-fix.patch @@ -0,0 +1,26 @@ +This patch comes from upstream: +https://hg.savannah.gnu.org/hgweb/octave/rev/cdaa884568b1. + +# HG changeset patch +# User Mike Miller +# Date 1527214835 25200 +# Node ID cdaa884568b159549bd373f04386ff62417f6df9 +# Parent 9e39a53b4e007d3f79f88b711ab9fa5f2f24fbc9 +add Qt include needed to build against Qt 5.11 (bug #53978) + +* settings-dialog.cc: Add missing include for to fix build +failure with Qt 5.11. + +diff --git a/libgui/src/settings-dialog.cc b/libgui/src/settings-dialog.cc +--- a/libgui/src/settings-dialog.cc ++++ b/libgui/src/settings-dialog.cc +@@ -34,6 +34,8 @@ + #include "workspace-model.h" + #include "settings-dialog.h" + #include "ui-settings-dialog.h" ++ ++#include + #include + #include + #include + -- cgit 1.4.1 From 960231873661365bb6228d62c5452e634d6da5d2 Mon Sep 17 00:00:00 2001 From: Oleg Pykhalov Date: Sat, 30 Jun 2018 22:35:12 +0300 Subject: gnu: emacs-browse-at-remote: Update to 0.10.0. * gnu/packages/emacs.scm (emacs-browse-at-remote): Update to 0.10.0. * gnu/packages/patches/emacs-browse-at-remote-cgit-gnu.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/emacs.scm | 58 ++++++++++----------- .../patches/emacs-browse-at-remote-cgit-gnu.patch | 59 ---------------------- 3 files changed, 27 insertions(+), 91 deletions(-) delete mode 100644 gnu/packages/patches/emacs-browse-at-remote-cgit-gnu.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index ce1a2b50f6..3213e504a7 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -649,7 +649,6 @@ dist_patch_DATA = \ %D%/packages/patches/elfutils-tests-ptrace.patch \ %D%/packages/patches/elogind-glibc-2.27.patch \ %D%/packages/patches/einstein-build.patch \ - %D%/packages/patches/emacs-browse-at-remote-cgit-gnu.patch \ %D%/packages/patches/emacs-exec-path.patch \ %D%/packages/patches/emacs-fix-scheme-indent-function.patch \ %D%/packages/patches/emacs-json-reformat-fix-tests.patch \ diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm index 349ae0d20c..c4468c8175 100644 --- a/gnu/packages/emacs.scm +++ b/gnu/packages/emacs.scm @@ -7027,39 +7027,35 @@ Idris.") (license license:gpl3+))) (define-public emacs-browse-at-remote - (let ((commit "31dcf77d7c89a12f230e2b2332585db2c44530ef") - (revision "1")) - (package - (name "emacs-browse-at-remote") - (version (string-append "0.9.0-" revision "." - (string-take commit 7))) - (source (origin - (method git-fetch) - (uri (git-reference - (url "https://github.com/rmuslimov/browse-at-remote.git") - (commit commit))) - (file-name (string-append name "-" version "-checkout")) - (patches - (search-patches "emacs-browse-at-remote-cgit-gnu.patch")) - (sha256 - (base32 - "017cb8lf7zbg0jmr7zxzd7d5kz2jy35cvw5vcpdmq1fdr3wqwkgj")))) - (build-system emacs-build-system) - (propagated-inputs - `(("emacs-f" ,emacs-f) - ("emacs-s" ,emacs-s))) - (native-inputs - `(("ert-runner" ,ert-runner))) - (arguments - `(#:tests? #t - #:test-command '("ert-runner"))) - (home-page "https://github.com/rmuslimov/browse-at-remote") - (synopsis "Open github/gitlab/bitbucket/stash page from Emacs") - (description - "This Emacs package allows you to open a target page on + (package + (name "emacs-browse-at-remote") + (version "0.10.0") + (source + (origin + (method url-fetch) + (uri (string-append + "https://github.com/rmuslimov/browse-at-remote/archive/" + version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "0ymslsp6i1naw25zckv25bf4aaq6qwkbkn95qyzlwg869l802686")))) + (build-system emacs-build-system) + (propagated-inputs + `(("emacs-f" ,emacs-f) + ("emacs-s" ,emacs-s))) + (native-inputs + `(("ert-runner" ,ert-runner))) + (arguments + `(#:tests? #t + #:test-command '("ert-runner"))) + (home-page "https://github.com/rmuslimov/browse-at-remote") + (synopsis "Open github/gitlab/bitbucket/stash page from Emacs") + (description + "This Emacs package allows you to open a target page on github/gitlab (or bitbucket) by calling @code{browse-at-remote} command. It supports dired buffers and opens them in tree mode at destination.") - (license license:gpl3+)))) + (license license:gpl3+))) (define-public emacs-tiny (package diff --git a/gnu/packages/patches/emacs-browse-at-remote-cgit-gnu.patch b/gnu/packages/patches/emacs-browse-at-remote-cgit-gnu.patch deleted file mode 100644 index b90017fdb4..0000000000 --- a/gnu/packages/patches/emacs-browse-at-remote-cgit-gnu.patch +++ /dev/null @@ -1,59 +0,0 @@ -Copyright © 2018 Oleg Pykhalov - -This patch adds a support for Git repositories hosted on git.savannah.gnu.org. - -Upstream bug URL: - -https://github.com/rmuslimov/browse-at-remote/pull/46 - -From cd2ccdaef8b1d97337d790175f71cc3dbcfcff64 Mon Sep 17 00:00:00 2001 -From: Oleg Pykhalov -Date: Fri, 26 Jan 2018 00:05:30 +0300 -Subject: [PATCH] Add support for repositories that are hosted on gnu cgit - ---- - browse-at-remote.el | 21 ++++++++++++++++++++- - 1 file changed, 20 insertions(+), 1 deletion(-) - -diff --git a/browse-at-remote.el b/browse-at-remote.el -index 66967b3..e210d18 100644 ---- a/browse-at-remote.el -+++ b/browse-at-remote.el -@@ -44,7 +44,8 @@ - (defcustom browse-at-remote-remote-type-domains - '(("bitbucket.org" ."bitbucket") - ("github.com" . "github") -- ("gitlab.com" . "gitlab")) -+ ("gitlab.com" . "gitlab") -+ ("git.savannah.gnu.org" . "gnu")) - "Alist of domain patterns to remote types." - - :type '(alist :key-type (string :tag "Domain") -@@ -199,6 +200,24 @@ If HEAD is detached, return nil." - (if (fboundp formatter) - formatter nil))) - -+(defun browse-at-remote-gnu-format-url (repo-url) -+ "Get a gnu formatted URL." -+ (replace-regexp-in-string -+ (concat "https://" (car (rassoc "gnu" browse-at-remote-remote-type-domains)) -+ "/\\(git\\).*\\'") -+ "cgit" repo-url nil nil 1)) -+ -+(defun browse-at-remote--format-region-url-as-gnu (repo-url location filename &optional linestart lineend) -+ "URL formatter for gnu." -+ (let ((repo-url (browse-at-remote-gnu-format-url repo-url))) -+ (cond -+ (linestart (format "%s.git/tree/%s?h=%s#n%d" repo-url filename location linestart)) -+ (t (format "%s.git/tree/%s?h=%s" repo-url filename location))))) -+ -+(defun browse-at-remote--format-commit-url-as-gnu (repo-url commithash) -+ "Commit URL formatted for gnu" -+ (format "%s.git/commit/?id=%s" (browse-at-remote-gnu-format-url repo-url) commithash)) -+ - (defun browse-at-remote--format-region-url-as-github (repo-url location filename &optional linestart lineend) - "URL formatted for github." - (cond --- -2.15.1 - -- cgit 1.4.1