From aa3542e844cb527d3d95e65de652fd664c77c5b3 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sat, 2 Sep 2017 16:51:10 +0200 Subject: gnu: gdk-pixbuf: Update to 2.36.9. * gnu/packages/gtk.scm (gdk-pixbuf): Update to 2.36.9. [source]: Remove obsolete patch. * gnu/packages/patches/gdk-pixbuf-list-dir.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/packages/patches/gdk-pixbuf-list-dir.patch | 35 -------------------------- 1 file changed, 35 deletions(-) delete mode 100644 gnu/packages/patches/gdk-pixbuf-list-dir.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/gdk-pixbuf-list-dir.patch b/gnu/packages/patches/gdk-pixbuf-list-dir.patch deleted file mode 100644 index 137914a19c..0000000000 --- a/gnu/packages/patches/gdk-pixbuf-list-dir.patch +++ /dev/null @@ -1,35 +0,0 @@ -Sort directory entries so that the output of -‘gdk-pixbuf-query-loaders’ is deterministic. - -See: https://bugzilla.gnome.org/show_bug.cgi?id=777332 ---- gdk-pixbuf-2.34.0/gdk-pixbuf/queryloaders.c.orig 2017-01-11 00:17:32.865843062 +0100 -+++ gdk-pixbuf-2.34.0/gdk-pixbuf/queryloaders.c 2017-01-16 16:12:03.420667874 +0100 -@@ -354,16 +354,27 @@ - - dir = g_dir_open (path, 0, NULL); - if (dir) { -+ GList *entries = NULL; - const char *dent; - - while ((dent = g_dir_read_name (dir))) { - gint len = strlen (dent); - if (len > SOEXT_LEN && - strcmp (dent + len - SOEXT_LEN, SOEXT) == 0) { -- query_module (contents, path, dent); -+ entries = g_list_append (entries, g_strdup (dent)); - } - } - g_dir_close (dir); -+ /* Sort directory entries so that the output of -+ ‘gdk-pixbuf-query-loaders’ is deterministic. */ -+ entries = g_list_sort (entries, (GCompareFunc) strcmp); -+ GList *xentries; -+ for (xentries = entries; xentries; xentries = g_list_next (xentries)) { -+ dent = xentries->data; -+ query_module (contents, path, dent); -+ g_free (xentries->data); -+ } -+ g_list_free (entries); - } - #else - g_string_append_printf (contents, "# dynamic loading of modules not supported\n"); -- cgit 1.4.1 From b093be236efa913748855879094e38cd983c7f00 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Wed, 20 Sep 2017 19:06:38 +0200 Subject: gnu: gd: Remove graft for 2.2.5. * gnu/packages/gd.scm (gd): Update to 2.2.5. [source]: Remove obsolete patches. [replacement]: Remove field. (gd-2.2.5): Remove variable. * gnu/packages/patches/gd-fix-gd2-read-test.patch, gnu/packages/patches/gd-php-73968-Fix-109-XBM-reading.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove patches. * gnu/packages/php.scm (php)[inputs]: Replace GD-2.2.5 with GD. --- gnu/local.mk | 2 - gnu/packages/gd.scm | 27 +---- gnu/packages/patches/gd-fix-gd2-read-test.patch | 14 --- .../patches/gd-php-73968-Fix-109-XBM-reading.patch | 121 --------------------- gnu/packages/php.scm | 2 +- 5 files changed, 5 insertions(+), 161 deletions(-) delete mode 100644 gnu/packages/patches/gd-fix-gd2-read-test.patch delete mode 100644 gnu/packages/patches/gd-php-73968-Fix-109-XBM-reading.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 3bdab4f886..24aaf9477e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -638,10 +638,8 @@ dist_patch_DATA = \ %D%/packages/patches/gcc-6-cross-environment-variables.patch \ %D%/packages/patches/gcr-disable-failing-tests.patch \ %D%/packages/patches/gcr-fix-collection-tests-to-work-with-gpg-21.patch \ - %D%/packages/patches/gd-fix-gd2-read-test.patch \ %D%/packages/patches/gd-fix-tests-on-i686.patch \ %D%/packages/patches/gd-freetype-test-failure.patch \ - %D%/packages/patches/gd-php-73968-Fix-109-XBM-reading.patch \ %D%/packages/patches/gegl-CVE-2012-4433.patch \ %D%/packages/patches/gemma-intel-compat.patch \ %D%/packages/patches/geoclue-config.patch \ diff --git a/gnu/packages/gd.scm b/gnu/packages/gd.scm index 169f040ee4..f9864d7784 100644 --- a/gnu/packages/gd.scm +++ b/gnu/packages/gd.scm @@ -38,11 +38,10 @@ (define-public gd (package (name "gd") - (replacement gd-2.2.5) ;; Note: With libgd.org now pointing to github.com, genuine old ;; tarballs are no longer available. Notably, versions 2.0.x are ;; missing. - (version "2.2.4") + (version "2.2.5") (source (origin (method url-fetch) (uri (string-append @@ -50,11 +49,9 @@ version "/libgd-" version ".tar.xz")) (sha256 (base32 - "1rp4v7n1dq38b92kl7gkvpvqqkw7nvdfnz6d5kip5klkxfki6zqk")) - (patches (search-patches "gd-fix-gd2-read-test.patch" - "gd-fix-tests-on-i686.patch" - "gd-freetype-test-failure.patch" - "gd-php-73968-Fix-109-XBM-reading.patch")))) + "0lfy5f241sbv8s3splm2zqiaxv7lxrcshh875xryryk7yk5jqc4c")) + (patches (search-patches "gd-fix-tests-on-i686.patch" + "gd-freetype-test-failure.patch")))) (build-system gnu-build-system) (arguments ;; As recommended by github.com/libgd/libgd/issues/278 to fix rounding @@ -93,22 +90,6 @@ most common applications of GD involve website development.") "See COPYING file in the distribution.")) (properties '((cpe-name . "libgd"))))) -;; For CVE-2017-6362 and CVE-2017-7890. -(define-public gd-2.2.5 - (package - (inherit gd) - (version "2.2.5") - (source (origin - (method url-fetch) - (uri (string-append - "https://github.com/libgd/libgd/releases/download/gd-" - version "/libgd-" version ".tar.xz")) - (patches (search-patches "gd-fix-tests-on-i686.patch" - "gd-freetype-test-failure.patch")) - (sha256 - (base32 - "0lfy5f241sbv8s3splm2zqiaxv7lxrcshh875xryryk7yk5jqc4c")))))) - (define-public perl-gd (package (name "perl-gd") diff --git a/gnu/packages/patches/gd-fix-gd2-read-test.patch b/gnu/packages/patches/gd-fix-gd2-read-test.patch deleted file mode 100644 index 65f39e4426..0000000000 --- a/gnu/packages/patches/gd-fix-gd2-read-test.patch +++ /dev/null @@ -1,14 +0,0 @@ -Fix a 'maybe-uninitialized' warning (turned error) -which occurs on non-Intel platforms. - ---- libgd-2.2.3/tests/gd2/gd2_read.c 2016-07-21 01:21:16.000000000 -0400 -+++ libgd-2.2.3/tests/gd2/gd2_read.c 2016-07-29 15:52:03.806405312 -0400 -@@ -5,7 +5,7 @@ - - int main(int argc, char *argv[]) - { -- int error, i = 0; -+ int error = 0, i = 0; - gdImagePtr im, exp; - FILE *fp; - char *path[] = { diff --git a/gnu/packages/patches/gd-php-73968-Fix-109-XBM-reading.patch b/gnu/packages/patches/gd-php-73968-Fix-109-XBM-reading.patch deleted file mode 100644 index a926c1455c..0000000000 --- a/gnu/packages/patches/gd-php-73968-Fix-109-XBM-reading.patch +++ /dev/null @@ -1,121 +0,0 @@ -This bug was first reported to php on https://bugs.php.net/bug.php?id=73968. -php then reported it to gd in https://github.com/libgd/libgd/issues/109. - -Patch adapted from upstream source repository: - -https://github.com/libgd/libgd/commit/082c5444838ea0d84f9fb6441aefdb44d78d9bba - -Binary diffs have been removed from the patch because our patch -procedure doesn't support them. - -From 082c5444838ea0d84f9fb6441aefdb44d78d9bba Mon Sep 17 00:00:00 2001 -From: "Christoph M. Becker" -Date: Fri, 20 Jan 2017 22:48:20 +0100 -Subject: [PATCH] Fix #109: XBM reading fails with printed error - -When calculating the number of required bytes of an XBM image, we have -to take the line padding into account. ---- - src/gd_xbm.c | 2 +- - tests/xbm/CMakeLists.txt | 1 + - tests/xbm/Makemodule.am | 5 ++++- - tests/xbm/github_bug_109.c | 35 +++++++++++++++++++++++++++++++++++ - tests/xbm/github_bug_109.xbm | 5 +++++ - 5 files changed, 47 insertions(+), 2 deletions(-) - create mode 100644 tests/xbm/github_bug_109.c - create mode 100644 tests/xbm/github_bug_109.xbm - create mode 100644 tests/xbm/github_bug_109_exp.png - -diff --git a/src/gd_xbm.c b/src/gd_xbm.c -index 5f09b56..c2ba2ad 100644 ---- a/src/gd_xbm.c -+++ b/src/gd_xbm.c -@@ -108,7 +108,7 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromXbm(FILE * fd) - max_bit = 32768; - } - if (max_bit) { -- bytes = (width * height / 8) + 1; -+ bytes = (width + 7) / 8 * height; - if (!bytes) { - return 0; - } -diff --git a/tests/xbm/CMakeLists.txt b/tests/xbm/CMakeLists.txt -index 183cf5e..08576e0 100644 ---- a/tests/xbm/CMakeLists.txt -+++ b/tests/xbm/CMakeLists.txt -@@ -1,4 +1,5 @@ - LIST(APPEND TESTS_FILES -+ github_bug_109 - github_bug_170 - ) - -diff --git a/tests/xbm/Makemodule.am b/tests/xbm/Makemodule.am -index ba1eabd..0f5beb6 100644 ---- a/tests/xbm/Makemodule.am -+++ b/tests/xbm/Makemodule.am -@@ -1,5 +1,8 @@ - libgd_test_programs += \ -+ xbm/github_bug_109 \ - xbm/github_bug_170 - - EXTRA_DIST += \ -- xbm/CMakeLists.txt -+ xbm/CMakeLists.txt \ -+ xbm/github_bug_109.xbm \ -+ xbm/github_bug_109_exp.png -diff --git a/tests/xbm/github_bug_109.c b/tests/xbm/github_bug_109.c -new file mode 100644 -index 0000000..1a020c6 ---- /dev/null -+++ b/tests/xbm/github_bug_109.c -@@ -0,0 +1,35 @@ -+/** -+ * Test reading of XBM images with a width that is not a multiple of 8 -+ * -+ * We're reading such an XBM image, and check that we got what we've expected, -+ * instead of an error message. -+ * -+ * See also . -+ */ -+ -+ -+#include "gd.h" -+#include "gdtest.h" -+ -+ -+int main() -+{ -+ gdImagePtr im; -+ FILE *fp; -+ char *path; -+ -+ fp = gdTestFileOpen2("xbm", "github_bug_109.xbm"); -+ im = gdImageCreateFromXbm(fp); -+ fclose(fp); -+ gdTestAssert(im != NULL); -+ gdTestAssert(gdImageGetTrueColorPixel(im, 0, 0) == 0); -+ gdTestAssert(gdImageGetTrueColorPixel(im, 0, 1) == 0xffffff); -+ -+ path = gdTestFilePath2("xbm", "github_bug_109_exp.png"); -+ gdAssertImageEqualsToFile(path, im); -+ gdFree(path); -+ -+ gdImageDestroy(im); -+ -+ return gdNumFailures(); -+} -diff --git a/tests/xbm/github_bug_109.xbm b/tests/xbm/github_bug_109.xbm -new file mode 100644 -index 0000000..f427d86 ---- /dev/null -+++ b/tests/xbm/github_bug_109.xbm -@@ -0,0 +1,5 @@ -+#define test_width 10 -+#define test_height 10 -+static unsigned char test_bits[] = { -+ 0xFF, 0x03, 0x00, 0x00, 0xFF, 0x03, 0x00, 0x00, 0xFF, 0x03, 0x00, 0x00, -+ 0xFF, 0x03, 0x00, 0x00, 0xFF, 0x03, 0x00, 0x00}; - --- -2.7.4 - diff --git a/gnu/packages/php.scm b/gnu/packages/php.scm index bcf1d00829..3e4b51d81a 100644 --- a/gnu/packages/php.scm +++ b/gnu/packages/php.scm @@ -282,7 +282,7 @@ ("curl" ,curl) ("cyrus-sasl" ,cyrus-sasl) ("freetype" ,freetype) - ("gd" ,gd-2.2.5) + ("gd" ,gd) ("gdbm" ,gdbm) ("glibc" ,glibc) ("gmp" ,gmp) -- cgit 1.4.1 From cb6392698af08c1774e8a9f05cb09dcf0409e718 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Wed, 20 Sep 2017 19:54:56 +0200 Subject: gnu: mesa: Update to 17.2.1. * gnu/packages/gl.scm (mesa): Update to 17.2.1. [inputs]: Add WAYLAND-PROTOCOLS. * gnu/packages/patches/mesa-skip-disk-cache-test.patch: Adjust context. --- gnu/packages/gl.scm | 7 ++++--- gnu/packages/patches/mesa-skip-disk-cache-test.patch | 6 +++--- 2 files changed, 7 insertions(+), 6 deletions(-) (limited to 'gnu/packages/patches') diff --git a/gnu/packages/gl.scm b/gnu/packages/gl.scm index fa9b501077..9ce97dbcc2 100644 --- a/gnu/packages/gl.scm +++ b/gnu/packages/gl.scm @@ -217,7 +217,7 @@ also known as DXTn or DXTC) for Mesa.") (define-public mesa (package (name "mesa") - (version "17.1.8") + (version "17.2.1") (source (origin (method url-fetch) @@ -229,7 +229,7 @@ also known as DXTn or DXTC) for Mesa.") version "/mesa-" version ".tar.xz"))) (sha256 (base32 - "1nv9aaz7ay2bs4fc8j3rf6ky3qla8s346a8g2lvdbp96msp2xvbm")) + "07msr6xismw2jq87irwhz7vygvzj6hi38d71paij9zvwh8bmsf3p")) (patches (search-patches "mesa-wayland-egl-symbols-check-mips.patch" "mesa-skip-disk-cache-test.patch")))) @@ -261,7 +261,8 @@ also known as DXTn or DXTC) for Mesa.") ("makedepend" ,makedepend) ("presentproto" ,presentproto) ("s2tc" ,s2tc) - ("wayland" ,wayland))) + ("wayland" ,wayland) + ("wayland-protocols" ,wayland-protocols))) (native-inputs `(("pkg-config" ,pkg-config) ("python" ,python-2) diff --git a/gnu/packages/patches/mesa-skip-disk-cache-test.patch b/gnu/packages/patches/mesa-skip-disk-cache-test.patch index b3f9367fd5..190f6b6ee1 100644 --- a/gnu/packages/patches/mesa-skip-disk-cache-test.patch +++ b/gnu/packages/patches/mesa-skip-disk-cache-test.patch @@ -8,12 +8,12 @@ for now. @@ -170,11 +170,6 @@ unsetenv("MESA_GLSL_CACHE_DIR"); unsetenv("XDG_CACHE_HOME"); - -- cache = disk_cache_create("test", "make_check"); + +- cache = disk_cache_create("test", "make_check", 0); - expect_non_null(cache, "disk_cache_create with no environment variables"); - - disk_cache_destroy(cache); - /* Test with XDG_CACHE_HOME set */ setenv("XDG_CACHE_HOME", CACHE_TEST_TMP "/xdg-cache-home", 1); - cache = disk_cache_create("test", "make_check"); + cache = disk_cache_create("test", "make_check", 0); -- cgit 1.4.1 From a9bd50e3527d1f16cf7e70c457dd165cafeb6372 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Wed, 20 Sep 2017 20:50:00 +0200 Subject: gnu: bluez: Remove leftover patch. This is a follow-up to commit 164fccea7eead86c6ebe389bc0255c72b161d109. * gnu/packages/patches/bluez-CVE-2017-1000250.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/patches/bluez-CVE-2017-1000250.patch | 42 ----------------------- 2 files changed, 43 deletions(-) delete mode 100644 gnu/packages/patches/bluez-CVE-2017-1000250.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 24aaf9477e..8dfc1b71f2 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -538,7 +538,6 @@ dist_patch_DATA = \ %D%/packages/patches/binutils-ld-new-dtags.patch \ %D%/packages/patches/binutils-loongson-workaround.patch \ %D%/packages/patches/blast+-fix-makefile.patch \ - %D%/packages/patches/bluez-CVE-2017-1000250.patch \ %D%/packages/patches/byobu-writable-status.patch \ %D%/packages/patches/cairo-CVE-2016-9082.patch \ %D%/packages/patches/calibre-no-updates-dialog.patch \ diff --git a/gnu/packages/patches/bluez-CVE-2017-1000250.patch b/gnu/packages/patches/bluez-CVE-2017-1000250.patch deleted file mode 100644 index 81f209d7b2..0000000000 --- a/gnu/packages/patches/bluez-CVE-2017-1000250.patch +++ /dev/null @@ -1,42 +0,0 @@ -Description: CVE-2017-1000250: information disclosure vulnerability in service_search_attr_req -Origin: vendor -Bug-Debian: https://bugs.debian.org/875633 -Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1489446 -Bug-SuSE: https://bugzilla.suse.com/show_bug.cgi?id=1057342 -Forwarded: no -Author: Armis Security -Reviewed-by: Salvatore Bonaccorso -Last-Update: 2017-09-13 - ---- a/src/sdpd-request.c -+++ b/src/sdpd-request.c -@@ -918,15 +918,20 @@ static int service_search_attr_req(sdp_r - /* continuation State exists -> get from cache */ - sdp_buf_t *pCache = sdp_get_cached_rsp(cstate); - if (pCache) { -- uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent); -- pResponse = pCache->data; -- memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent); -- buf->data_size += sent; -- cstate->cStateValue.maxBytesSent += sent; -- if (cstate->cStateValue.maxBytesSent == pCache->data_size) -- cstate_size = sdp_set_cstate_pdu(buf, NULL); -- else -- cstate_size = sdp_set_cstate_pdu(buf, cstate); -+ if (cstate->cStateValue.maxBytesSent >= pCache->data_size) { -+ status = SDP_INVALID_CSTATE; -+ SDPDBG("Got bad cstate with invalid size"); -+ } else { -+ uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent); -+ pResponse = pCache->data; -+ memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent); -+ buf->data_size += sent; -+ cstate->cStateValue.maxBytesSent += sent; -+ if (cstate->cStateValue.maxBytesSent == pCache->data_size) -+ cstate_size = sdp_set_cstate_pdu(buf, NULL); -+ else -+ cstate_size = sdp_set_cstate_pdu(buf, cstate); -+ } - } else { - status = SDP_INVALID_CSTATE; - SDPDBG("Non-null continuation state, but null cache buffer"); -- cgit 1.4.1 From e0afc09de484e7c6fdf111257e9c250bd608ee54 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Thu, 21 Sep 2017 20:53:15 +0200 Subject: gnu: curl: Update to 7.55.1. * gnu/packages/patches/curl-bounds-check.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. * gnu/packages/curl.scm (curl): Update to 7.55.1. [replacement]: Remove field. [source]: Use '.xz' tarball. (curl-7.55.0): Remove variable. --- gnu/local.mk | 1 - gnu/packages/curl.scm | 33 +++------------------------- gnu/packages/patches/curl-bounds-check.patch | 19 ---------------- 3 files changed, 3 insertions(+), 50 deletions(-) delete mode 100644 gnu/packages/patches/curl-bounds-check.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 5731d1ee84..bfa55bfcc6 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -572,7 +572,6 @@ dist_patch_DATA = \ %D%/packages/patches/crda-optional-gcrypt.patch \ %D%/packages/patches/crossmap-allow-system-pysam.patch \ %D%/packages/patches/clucene-contribs-lib.patch \ - %D%/packages/patches/curl-bounds-check.patch \ %D%/packages/patches/cursynth-wave-rand.patch \ %D%/packages/patches/cvs-2017-12836.patch \ %D%/packages/patches/cyrus-sasl-CVE-2013-4122.patch \ diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index 23606b4810..9408af70cc 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -42,15 +42,14 @@ (define-public curl (package (name "curl") - (replacement curl-7.55.0) - (version "7.54.1") + (version "7.55.1") (source (origin (method url-fetch) (uri (string-append "https://curl.haxx.se/download/curl-" - version ".tar.lzma")) + version ".tar.xz")) (sha256 (base32 - "0vnv3cz0s1l5cjby86hm0x6pgzqijmdm97qa9q5px200956z6yib")))) + "1dvbcwcar3dv488h9378hy145ma3ws2fwpbr6mgszd7chipcmbry")))) (build-system gnu-build-system) (outputs '("out" "doc")) ;1.2 MiB of man3 pages @@ -122,29 +121,3 @@ tunneling, and so on.") (license (license:non-copyleft "file://COPYING" "See COPYING in the distribution.")) (home-page "https://curl.haxx.se/"))) - -(define-public curl-7.55.0 - (package - (inherit curl) - (version "7.55.0") - (source - (origin - (method url-fetch) - (uri (string-append "https://curl.haxx.se/download/curl-" - version ".tar.xz")) - (patches (search-patches "curl-bounds-check.patch")) - (sha256 - (base32 - "1785vxi0jamiv9d1wr1l45g0fm9ircxdfyfzf7ld8zv0z0i8bmfd")))) - (arguments - `(,@(substitute-keyword-arguments (package-arguments curl) - ((#:phases phases) - `(modify-phases ,phases - (add-before 'install 'fix-Makefile - ;; Fix a regression in 7.55.0 where docs are not installed. - ;; https://github.com/curl/curl/commit/a7bbbb7c368c6096802007f61f19a02e9d75285b - (lambda _ - (substitute* "Makefile" - (("install-data-hook:\n") - "install-data-hook:\n\tcd docs/libcurl && $(MAKE) install\n")) - #t))))))))) diff --git a/gnu/packages/patches/curl-bounds-check.patch b/gnu/packages/patches/curl-bounds-check.patch deleted file mode 100644 index 4b8ff65304..0000000000 --- a/gnu/packages/patches/curl-bounds-check.patch +++ /dev/null @@ -1,19 +0,0 @@ -Fix test failure on some 32-bit platforms. - -Patch copied from upstream source repository: - -https://github.com/curl/curl/commit/45a560390c4356bcb81d933bbbb229c8ea2acb63 - -diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c -index b9dedc989e..85c5e79a7e 100644 ---- a/src/tool_paramhlp.c -+++ b/src/tool_paramhlp.c -@@ -218,7 +218,7 @@ static ParameterError str2double(double *val, const char *str, long max) - num = strtod(str, &endptr); - if(errno == ERANGE) - return PARAM_NUMBER_TOO_LARGE; -- if((long)num > max) { -+ if(num > max) { - /* too large */ - return PARAM_NUMBER_TOO_LARGE; - } -- cgit 1.4.1 From a66408f8c0aedce21802e73d3dddda30281e4ef6 Mon Sep 17 00:00:00 2001 From: Dave Love Date: Mon, 2 Oct 2017 21:48:45 +0100 Subject: gnu: Add cube. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/profiling.scm(cube): New variable. * gnu/packages/patches/cube-nocheck.patch: New file. * gnu/local.mk: Add it. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 1 + gnu/packages/patches/cube-nocheck.patch | 16 ++++ gnu/packages/profiling.scm | 139 +++++++++++++++++++++++++++++++- 3 files changed, 155 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/cube-nocheck.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index d5fb935e33..6d14f2a47c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -577,6 +577,7 @@ dist_patch_DATA = \ %D%/packages/patches/crda-optional-gcrypt.patch \ %D%/packages/patches/crossmap-allow-system-pysam.patch \ %D%/packages/patches/clucene-contribs-lib.patch \ + %D%/packages/patches/cube-nocheck.patch \ %D%/packages/patches/curl-bounds-check.patch \ %D%/packages/patches/cursynth-wave-rand.patch \ %D%/packages/patches/cvs-2017-12836.patch \ diff --git a/gnu/packages/patches/cube-nocheck.patch b/gnu/packages/patches/cube-nocheck.patch new file mode 100644 index 0000000000..576044e622 --- /dev/null +++ b/gnu/packages/patches/cube-nocheck.patch @@ -0,0 +1,16 @@ +Unconditionally disable network check for new versions (from Fedora). + +diff -u /home/dlove/rpmbuild/BUILD/cube-4.3.4/src/GUI-qt/display/VersionCheckWidget.cpp\~ /home/dlove/rpmbuild/BUILD/cube-4.3.4/src/GUI-qt/display/VersionCheckWidget.cpp +--- cube-4.3.4/src/GUI-qt/display/VersionCheckWidget.cpp~ 2016-04-03 00:05:37.942066948 +0100 ++++ cube-4.3.4/src/GUI-qt/display/VersionCheckWidget.cpp 2016-05-06 17:16:31.648143908 +0100 +@@ -52,7 +52,8 @@ + url = QUrl( UPDATE_CHECK_URL ); + download = NULL; + update_Available = false; +- bool no_http = env_str2bool( getenv( "CUBE_DISABLE_HTTP_DOCS" ) ); ++ // bool no_http = env_str2bool( getenv( "CUBE_DISABLE_HTTP_DOCS" ) ); ++ bool no_http = true; + if ( !no_http ) + { + updateDescription = tr( "Check for update is not performed yet." ); + diff --git a/gnu/packages/profiling.scm b/gnu/packages/profiling.scm index 9a2f2a6642..598633c3e5 100644 --- a/gnu/packages/profiling.scm +++ b/gnu/packages/profiling.scm @@ -25,13 +25,18 @@ #:use-module (gnu packages) #:use-module (gnu packages autotools) #:use-module (gnu packages base) ;for "which" + #:use-module (gnu packages compression) + #:use-module (gnu packages documentation) #:use-module (gnu packages fabric-management) #:use-module (gnu packages gawk) #:use-module (gnu packages gcc) + #:use-module (gnu packages glib) #:use-module (gnu packages libunwind) #:use-module (gnu packages linux) #:use-module (gnu packages ncurses) - #:use-module (gnu packages python)) + #:use-module (gnu packages perl) + #:use-module (gnu packages python) + #:use-module (gnu packages qt)) ;; Fixme: Separate out lib and fix resulting cycle errors; separate libpfm ;; output(?); build libmsr and add that component. @@ -193,3 +198,135 @@ efficient event trace data format plus support library.") and hybrid codes. It surrounds OpenMP directives and runtime library calls with calls to the POMP2 measurement interface.") (license license:bsd-3))) + +(define-public cube + (package + (name "cube") + (version "4.3.5") + (source + (origin + (method url-fetch) + (uri (string-append + "http://apps.fz-juelich.de/scalasca/releases/cube/4.3/dist/cube-" + version ".tar.gz")) + (sha256 (base32 "04irflia4rfw02093w9nx7rr98r640y4q8hisjywvd4b7r3nzhhx")) + (patches (search-patches "cube-nocheck.patch")))) + (inputs `(("dbus" ,dbus) + ("zlib" ,zlib))) + (native-inputs `(("perl" ,perl) + ("qtbase" ,qtbase) ; native because of qmake + ("which" ,which))) + + ;; FIXME: The doc is 14MB, but adding a doc output results in a cycle. + (outputs '("out" ;"doc" + "lib")) + + (build-system gnu-build-system) + (arguments + `(#:configure-flags + `("--enable-shared" "--disable-static" "--disable-silent-rules" + ,(string-append "LDFLAGS=-L" (assoc-ref %outputs "lib") "/lib")) + #:parallel-tests? #f + #:phases + (modify-phases %standard-phases + (add-after 'configure 'rpath + ;; Account for moving GUI stuff + (lambda* (#:key outputs #:allow-other-keys) + (let ((wl (string-append "-Wl,-rpath=" (assoc-ref outputs "out") + "/lib"))) + (substitute* "build-backend/Makefile" + (("^cube_LDFLAGS =") (string-append "cube_LDFLAGS = " wl)) + (("^libheatmap_plugin_la_LDFLAGS =") + (string-append "libheatmap_plugin_la_LDFLAGS = " wl)) + (("^libbarplot_plugin_la_LDFLAGS =") + (string-append "libbarplot_plugin_la_LDFLAGS = " wl))) + #t))) + (add-before 'install 'includes-cube + ;; It tries to install here before include exists. + (lambda* (#:key outputs #:allow-other-keys) + (let ((inc (string-append (assoc-ref outputs "lib") "/include"))) + (mkdir-p (string-append inc "/cube")) + (mkdir-p (string-append inc "/cubew")) + #t))) + (add-after 'install 'licence + (lambda* (#:key outputs #:allow-other-keys) + (let ((doc (string-append (assoc-ref outputs "lib") + "/share/doc/cube"))) + (install-file "COPYING" doc) + #t))) + ;; XXX: Commented due to cycle (see comment above.) + ;; (add-after 'install 'doc + ;; (lambda _ + ;; (let ((share (string-append (assoc-ref %outputs "doc") + ;; "/share"))) + ;; (mkdir-p share) + ;; (rename-file (string-append %output "/share/doc") + ;; (string-append share "/doc"))))) + (add-after 'install 'gui-stuff + ;; Get the Qt horror dependencies out of the lib closure + (lambda _ + (let ((outlib (string-append (assoc-ref %outputs "out") "/lib")) + (lib (string-append (assoc-ref %outputs "lib") "/lib"))) + (mkdir-p outlib) + (rename-file (string-append lib "/cube-plugins") + (string-append outlib "/cube-plugins")) + (for-each (lambda (file) + (rename-file + file (string-append outlib "/" (basename file)))) + (append (find-files lib "libgraphwidgetcommon-plugin\\..*") + (find-files lib "libcube4gui\\.so.*"))) + #t))) + (add-after 'install 'move-include + ;; Most of the headers end up under %output for some reason, + ;; despite --includedir in configure. + (lambda* (#:key outputs #:allow-other-keys) + (let ((outinc (string-append (assoc-ref outputs "out") + "/include")) + (libinc (string-append (assoc-ref outputs "lib") + "/include"))) + (for-each (lambda (file) + (let ((from (string-append outinc "/" file))) + (copy-recursively from libinc) + (delete-file-recursively from))) + '("cube" "cubew")) + #t))) + + ;; XXX: This doesn't work because cube-config, which is needed for + ;; building stuff, sources cube-config-frontend. We don't want that + ;; in the lib output because it pulls in >1GB via QT. + ;; + ;; (add-after 'install 'cube-config + ;; (lambda _ + ;; (let* ((lib (assoc-ref %outputs "lib")) + ;; (libbin (string-append lib "/bin"))) + ;; (mkdir-p libbin) + ;; (system (string-append "mv " (assoc-ref %outputs "out") + ;; "/bin/cube-config* " libbin)) + ;; (substitute* (list (string-append libbin "/cube-config")) + ;; (("^prefix=.*") (string-append "prefix=" lib)) + ;; (("^exec_prefix=\"\\$\\{prefix\\}\"") + ;; (string-append "exec_prefix=" lib)))))) + (add-after 'install 'cube-config + (lambda* (#:key outputs #:allow-other-keys) + (let* ((lib (assoc-ref outputs "lib")) + (libbin (string-append lib "/bin"))) + (mkdir-p libbin) + (install-file (string-append %output "/bin/cube-config") libbin) + (install-file (string-append %output "/bin/cube-config-backend") + libbin) + (substitute* (list (string-append libbin "/cube-config")) + (("^source .*frontend.*$") "") + (((assoc-ref outputs "out")) lib)) + #t)))))) + (home-page "http://www.scalasca.org/software/cube-4.x/download.html") + (synopsis "Performance report explorer for parallel programs") + (description + "CUBE (CUBE Uniform Behavioral Encoding) is a tool to display a variety +of performance metrics for parallel programs including MPI and OpenMP +applications. CUBE allows interactive exploration of a multidimensional +performance space in a scalable fashion. Scalability is achieved in two ways: +hierarchical decomposition of individual dimensions and aggregation across +different dimensions. All performance metrics are uniformly accommodated in +the same display and thus provide the ability to easily compare the effects of +different kinds of performance behavior.") + (license license:bsd-3))) -- cgit 1.4.1 From 4d6801b735550ee804454a6d4f0d44c3372e0ae9 Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Sat, 30 Sep 2017 09:11:43 -0400 Subject: gnu: graphicsmagick: Fix CVE-2017-14649. * gnu/packages/imagemagick.scm (graphicsmagick)[source]: Add patch. * gnu/packages/patches/graphicsmagick-CVE-2017-14649.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/imagemagick.scm | 3 +- .../patches/graphicsmagick-CVE-2017-14649.patch | 210 +++++++++++++++++++++ 3 files changed, 213 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/graphicsmagick-CVE-2017-14649.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 6d14f2a47c..88d24fab27 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -691,6 +691,7 @@ dist_patch_DATA = \ %D%/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch \ %D%/packages/patches/graphicsmagick-CVE-2017-14042.patch \ %D%/packages/patches/graphicsmagick-CVE-2017-14165.patch \ + %D%/packages/patches/graphicsmagick-CVE-2017-14649.patch \ %D%/packages/patches/graphite2-ffloat-store.patch \ %D%/packages/patches/grep-gnulib-lock.patch \ %D%/packages/patches/grep-timing-sensitive-test.patch \ diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm index 7599f87311..b22799eea2 100644 --- a/gnu/packages/imagemagick.scm +++ b/gnu/packages/imagemagick.scm @@ -185,7 +185,8 @@ script.") "graphicsmagick-CVE-2017-13775.patch" "graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch" "graphicsmagick-CVE-2017-14042.patch" - "graphicsmagick-CVE-2017-14165.patch")))) + "graphicsmagick-CVE-2017-14165.patch" + "graphicsmagick-CVE-2017-14649.patch")))) (build-system gnu-build-system) (arguments `(#:configure-flags diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-14649.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-14649.patch new file mode 100644 index 0000000000..8e1166ba7a --- /dev/null +++ b/gnu/packages/patches/graphicsmagick-CVE-2017-14649.patch @@ -0,0 +1,210 @@ +http://hg.code.sf.net/p/graphicsmagick/code/rev/358608a46f0a +http://www.openwall.com/lists/oss-security/2017/09/22/2 + +Some changes were made to make the patch apply. + +Notably, the DestroyJNG() function in the upstream diff has been replaced by +its equivalent, a series of calls to MagickFreeMemory(), DestroyImageInfo(), +and DestroyImage(). See +http://hg.code.sf.net/p/graphicsmagick/code/rev/d445af60a8d5. + +# HG changeset patch +# User Glenn Randers-Pehrson +# Date 1504014487 14400 +# Node ID 358608a46f0a9c55e9bb8b37d09bf1ac9bc87f06 +# Parent 38c362f0ae5e7a914c3fe822284c6953f8e6eee2 +Fix Issue 439 + +diff -ru a/coders/png.c b/coders/png.c +--- a/coders/png.c 1969-12-31 19:00:00.000000000 -0500 ++++ b/coders/png.c 2017-09-30 08:20:16.218944991 -0400 +@@ -1176,15 +1176,15 @@ + /* allocate space */ + if (length == 0) + { +- (void) ThrowException2(&image->exception,CoderWarning, +- "invalid profile length",(char *) NULL); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ "invalid profile length"); + return (MagickFail); + } + info=MagickAllocateMemory(unsigned char *,length); + if (info == (unsigned char *) NULL) + { +- (void) ThrowException2(&image->exception,CoderWarning, +- "unable to copy profile",(char *) NULL); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ "Unable to copy profile"); + return (MagickFail); + } + /* copy profile, skipping white space and column 1 "=" signs */ +@@ -1197,8 +1197,8 @@ + if (*sp == '\0') + { + MagickFreeMemory(info); +- (void) ThrowException2(&image->exception,CoderWarning, +- "ran out of profile data",(char *) NULL); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ "ran out of profile data"); + return (MagickFail); + } + sp++; +@@ -1234,8 +1234,9 @@ + if(SetImageProfile(image,profile_name,info,length) == MagickFail) + { + MagickFreeMemory(info); +- (void) ThrowException(&image->exception,ResourceLimitError, +- MemoryAllocationFailed,"unable to copy profile"); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ "unable to copy profile"); ++ return MagickFail; + } + MagickFreeMemory(info); + return MagickTrue; +@@ -3285,7 +3286,6 @@ + if (status == MagickFalse) + { + DestroyJNGInfo(color_image_info,alpha_image_info); +- DestroyImage(alpha_image); + (void) LogMagickEvent(CoderEvent,GetMagickModule(), + " could not allocate alpha_image blob"); + return ((Image *)NULL); +@@ -3534,7 +3534,7 @@ + CloseBlob(color_image); + if (logging) + (void) LogMagickEvent(CoderEvent,GetMagickModule(), +- " Reading jng_image from color_blob."); ++ " Reading jng_image from color_blob."); + + FormatString(color_image_info->filename,"%.1024s",color_image->filename); + +@@ -3558,13 +3558,18 @@ + + if (logging) + (void) LogMagickEvent(CoderEvent,GetMagickModule(), +- " Copying jng_image pixels to main image."); ++ " Copying jng_image pixels to main image."); + image->rows=jng_height; + image->columns=jng_width; + length=image->columns*sizeof(PixelPacket); ++ if ((jng_height == 0 || jng_width == 0) && logging) ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " jng_width=%lu jng_height=%lu", ++ (unsigned long)jng_width,(unsigned long)jng_height); + for (y=0; y < (long) image->rows; y++) + { +- s=AcquireImagePixels(jng_image,0,y,image->columns,1,&image->exception); ++ s=AcquireImagePixels(jng_image,0,y,image->columns,1, ++ &image->exception); + q=SetImagePixels(image,0,y,image->columns,1); + (void) memcpy(q,s,length); + if (!SyncImagePixels(image)) +@@ -3589,45 +3594,79 @@ + CloseBlob(alpha_image); + if (logging) + (void) LogMagickEvent(CoderEvent,GetMagickModule(), +- " Reading opacity from alpha_blob."); ++ " Reading opacity from alpha_blob."); + + FormatString(alpha_image_info->filename,"%.1024s", + alpha_image->filename); + + jng_image=ReadImage(alpha_image_info,exception); + +- for (y=0; y < (long) image->rows; y++) ++ if (jng_image == (Image *)NULL) + { +- s=AcquireImagePixels(jng_image,0,y,image->columns,1, +- &image->exception); +- if (image->matte) +- { +- q=SetImagePixels(image,0,y,image->columns,1); +- for (x=(long) image->columns; x > 0; x--,q++,s++) +- q->opacity=(Quantum) MaxRGB-s->red; +- } +- else ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " jng_image is NULL."); ++ if (color_image_info) ++ DestroyImageInfo(color_image_info); ++ if (alpha_image_info) ++ DestroyImageInfo(alpha_image_info); ++ if (color_image) ++ DestroyImage(color_image); ++ if (alpha_image) ++ DestroyImage(alpha_image); ++ } ++ else ++ { ++ ++ if (logging) + { +- q=SetImagePixels(image,0,y,image->columns,1); +- for (x=(long) image->columns; x > 0; x--,q++,s++) +- { +- q->opacity=(Quantum) MaxRGB-s->red; +- if (q->opacity != OpaqueOpacity) +- image->matte=MagickTrue; +- } ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " Read jng_image."); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " jng_image->width=%lu, jng_image->height=%lu", ++ (unsigned long)jng_width,(unsigned long)jng_height); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " image->rows=%lu, image->columns=%lu", ++ (unsigned long)image->rows, ++ (unsigned long)image->columns); + } +- if (!SyncImagePixels(image)) +- break; +- } +- (void) LiberateUniqueFileResource(alpha_image->filename); +- DestroyImage(alpha_image); +- alpha_image = (Image *)NULL; +- DestroyImageInfo(alpha_image_info); +- alpha_image_info = (ImageInfo *)NULL; +- (void) LogMagickEvent(CoderEvent,GetMagickModule(), +- " Destroy the JNG image"); +- DestroyImage(jng_image); +- jng_image = (Image *)NULL; ++ ++ for (y=0; y < (long) image->rows; y++) ++ { ++ s=AcquireImagePixels(jng_image,0,y,image->columns,1, ++ &image->exception); ++ if (image->matte) ++ { ++ q=SetImagePixels(image,0,y,image->columns,1); ++ for (x=(long) image->columns; x > 0; x--,q++,s++) ++ q->opacity=(Quantum) MaxRGB-s->red; ++ } ++ else ++ { ++ q=SetImagePixels(image,0,y,image->columns,1); ++ for (x=(long) image->columns; x > 0; x--,q++,s++) ++ { ++ q->opacity=(Quantum) MaxRGB-s->red; ++ if (q->opacity != OpaqueOpacity) ++ image->matte=MagickTrue; ++ } ++ } ++ if (!SyncImagePixels(image)) ++ break; ++ } ++ (void) LiberateUniqueFileResource(alpha_image->filename); ++ if (color_image_info) ++ DestroyImageInfo(color_image_info); ++ if (alpha_image_info) ++ DestroyImageInfo(alpha_image_info); ++ if (color_image) ++ DestroyImage(color_image); ++ if (alpha_image) ++ DestroyImage(alpha_image); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " Destroy the JNG image"); ++ DestroyImage(jng_image); ++ jng_image = (Image *)NULL; ++ } + } + } -- cgit 1.4.1 From 2299f5cd78a9874ec7797d02d9bd53cc3c30b698 Mon Sep 17 00:00:00 2001 From: Cyril Roelandt Date: Tue, 3 Oct 2017 22:28:51 +0200 Subject: gnu: python-nose-timer: Add missing patch. * gnu/packages/patches/python-nose-timer-drop-ordereddict.patch: New file. * gnu/local.mk: Add it. --- gnu/local.mk | 1 + .../python-nose-timer-drop-ordereddict.patch | 44 ++++++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 gnu/packages/patches/python-nose-timer-drop-ordereddict.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 88d24fab27..c802b7b340 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -984,6 +984,7 @@ dist_patch_DATA = \ %D%/packages/patches/python-genshi-isstring-helper.patch \ %D%/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch \ %D%/packages/patches/python2-larch-coverage-4.0a6-compatibility.patch \ + %D%/packages/patches/python-nose-timer-drop-ordereddict.patch \ %D%/packages/patches/python-parse-too-many-fields.patch \ %D%/packages/patches/python2-rdflib-drop-sparqlwrapper.patch \ %D%/packages/patches/python-statsmodels-fix-tests.patch \ diff --git a/gnu/packages/patches/python-nose-timer-drop-ordereddict.patch b/gnu/packages/patches/python-nose-timer-drop-ordereddict.patch new file mode 100644 index 0000000000..e1e71a332a --- /dev/null +++ b/gnu/packages/patches/python-nose-timer-drop-ordereddict.patch @@ -0,0 +1,44 @@ +From 700076019b5aff72aac7651cc830aaef21ee9a47 Mon Sep 17 00:00:00 2001 +From: jakirkham +Date: Fri, 7 Jul 2017 05:57:56 -0400 +Subject: [PATCH] Drop ordereddict requirement (#84) + +* Drop ordereddict requirement + +As Python 2.7 is the minimum Python supported, every version of Python +should have `ordereddict` preincluded in the standard library one way or +another. So we can drop this dependency and just handle the differences +between Python 2 and Python 3. +--- + nosetimer/plugin.py | 5 +---- + setup.py | 1 - + 2 files changed, 1 insertion(+), 5 deletions(-) + +diff --git a/nosetimer/plugin.py b/nosetimer/plugin.py +index ef28e11..d093a51 100644 +--- a/nosetimer/plugin.py ++++ b/nosetimer/plugin.py +@@ -12,10 +12,7 @@ + except ImportError: + import queue as Queue + +-try: +- from collections import OrderedDict +-except ImportError: +- from ordereddict import OrderedDict ++from collections import OrderedDict + + + # define constants +diff --git a/setup.py b/setup.py +index 6a55b82..d249325 100755 +--- a/setup.py ++++ b/setup.py +@@ -27,7 +27,6 @@ + install_requires=[ + 'nose', + 'termcolor', +- 'ordereddict', + ], + license='MIT', + entry_points={ -- cgit 1.4.1 From f9bd2051f041d5530f88fb2e8b183193209b5f41 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Tue, 3 Oct 2017 23:00:23 +0200 Subject: gnu: qemu: Update to 2.10.1. * gnu/packages/patches/qemu-CVE-2017-13711.patch, gnu/packages/patches/qemu-CVE-2017-14167.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. * gnu/packages/virtualization.scm (qemu): Update to 2.10.1. [source](patches): Remove. --- gnu/local.mk | 2 - gnu/packages/patches/qemu-CVE-2017-13711.patch | 89 -------------------------- gnu/packages/patches/qemu-CVE-2017-14167.patch | 69 -------------------- gnu/packages/virtualization.scm | 6 +- 4 files changed, 2 insertions(+), 164 deletions(-) delete mode 100644 gnu/packages/patches/qemu-CVE-2017-13711.patch delete mode 100644 gnu/packages/patches/qemu-CVE-2017-14167.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index c802b7b340..9f4c6398b2 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -999,8 +999,6 @@ dist_patch_DATA = \ %D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \ %D%/packages/patches/python-pygpgme-fix-pinentry-tests.patch \ %D%/packages/patches/python2-subprocess32-disable-input-test.patch \ - %D%/packages/patches/qemu-CVE-2017-13711.patch \ - %D%/packages/patches/qemu-CVE-2017-14167.patch \ %D%/packages/patches/qt4-ldflags.patch \ %D%/packages/patches/qtscript-disable-tests.patch \ %D%/packages/patches/quagga-reproducible-build.patch \ diff --git a/gnu/packages/patches/qemu-CVE-2017-13711.patch b/gnu/packages/patches/qemu-CVE-2017-13711.patch deleted file mode 100644 index 4070115419..0000000000 --- a/gnu/packages/patches/qemu-CVE-2017-13711.patch +++ /dev/null @@ -1,89 +0,0 @@ -Fix CVE-2017-13711: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13711 - -Patch copied from upstream source repository: - -https://git.qemu.org/?p=qemu.git;a=commitdiff;h=1201d308519f1e915866d7583d5136d03cc1d384 - -From 1201d308519f1e915866d7583d5136d03cc1d384 Mon Sep 17 00:00:00 2001 -From: Samuel Thibault -Date: Fri, 25 Aug 2017 01:35:53 +0200 -Subject: [PATCH] slirp: fix clearing ifq_so from pending packets -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The if_fastq and if_batchq contain not only packets, but queues of packets -for the same socket. When sofree frees a socket, it thus has to clear ifq_so -from all the packets from the queues, not only the first. - -Signed-off-by: Samuel Thibault -Reviewed-by: Philippe Mathieu-Daudé -Cc: qemu-stable@nongnu.org -Signed-off-by: Peter Maydell ---- - slirp/socket.c | 39 +++++++++++++++++++++++---------------- - 1 file changed, 23 insertions(+), 16 deletions(-) - -diff --git a/slirp/socket.c b/slirp/socket.c -index ecec0295a9..cb7b5b608d 100644 ---- a/slirp/socket.c -+++ b/slirp/socket.c -@@ -59,6 +59,27 @@ socreate(Slirp *slirp) - return(so); - } - -+/* -+ * Remove references to so from the given message queue. -+ */ -+static void -+soqfree(struct socket *so, struct quehead *qh) -+{ -+ struct mbuf *ifq; -+ -+ for (ifq = (struct mbuf *) qh->qh_link; -+ (struct quehead *) ifq != qh; -+ ifq = ifq->ifq_next) { -+ if (ifq->ifq_so == so) { -+ struct mbuf *ifm; -+ ifq->ifq_so = NULL; -+ for (ifm = ifq->ifs_next; ifm != ifq; ifm = ifm->ifs_next) { -+ ifm->ifq_so = NULL; -+ } -+ } -+ } -+} -+ - /* - * remque and free a socket, clobber cache - */ -@@ -66,23 +87,9 @@ void - sofree(struct socket *so) - { - Slirp *slirp = so->slirp; -- struct mbuf *ifm; - -- for (ifm = (struct mbuf *) slirp->if_fastq.qh_link; -- (struct quehead *) ifm != &slirp->if_fastq; -- ifm = ifm->ifq_next) { -- if (ifm->ifq_so == so) { -- ifm->ifq_so = NULL; -- } -- } -- -- for (ifm = (struct mbuf *) slirp->if_batchq.qh_link; -- (struct quehead *) ifm != &slirp->if_batchq; -- ifm = ifm->ifq_next) { -- if (ifm->ifq_so == so) { -- ifm->ifq_so = NULL; -- } -- } -+ soqfree(so, &slirp->if_fastq); -+ soqfree(so, &slirp->if_batchq); - - if (so->so_emu==EMU_RSH && so->extra) { - sofree(so->extra); --- -2.14.1 - diff --git a/gnu/packages/patches/qemu-CVE-2017-14167.patch b/gnu/packages/patches/qemu-CVE-2017-14167.patch deleted file mode 100644 index a6007ac082..0000000000 --- a/gnu/packages/patches/qemu-CVE-2017-14167.patch +++ /dev/null @@ -1,69 +0,0 @@ -Fix CVE-2017-14167: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14167 -http://seclists.org/oss-sec/2017/q3/407 - -Patch copied from upstream development mailing list: - -https://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg01483.html - -From: Prasad J Pandit - -While loading kernel via multiboot-v1 image, (flags & 0x00010000) -indicates that multiboot header contains valid addresses to load -the kernel image. These addresses are used to compute kernel -size and kernel text offset in the OS image. Validate these -address values to avoid an OOB access issue. - -This is CVE-2017-14167. - -Reported-by: Thomas Garnier -Signed-off-by: Prasad J Pandit ---- - hw/i386/multiboot.c | 19 +++++++++++++++++++ - 1 file changed, 19 insertions(+) - -Update: add CVE-ID to the commit message. - -diff --git a/hw/i386/multiboot.c b/hw/i386/multiboot.c -index 6001f4caa2..c7b70c91d5 100644 ---- a/hw/i386/multiboot.c -+++ b/hw/i386/multiboot.c -@@ -221,15 +221,34 @@ int load_multiboot(FWCfgState *fw_cfg, - uint32_t mh_header_addr = ldl_p(header+i+12); - uint32_t mh_load_end_addr = ldl_p(header+i+20); - uint32_t mh_bss_end_addr = ldl_p(header+i+24); -+ - mh_load_addr = ldl_p(header+i+16); -+ if (mh_header_addr < mh_load_addr) { -+ fprintf(stderr, "invalid mh_load_addr address\n"); -+ exit(1); -+ } -+ - uint32_t mb_kernel_text_offset = i - (mh_header_addr - mh_load_addr); - uint32_t mb_load_size = 0; - mh_entry_addr = ldl_p(header+i+28); - - if (mh_load_end_addr) { -+ if (mh_bss_end_addr < mh_load_addr) { -+ fprintf(stderr, "invalid mh_bss_end_addr address\n"); -+ exit(1); -+ } - mb_kernel_size = mh_bss_end_addr - mh_load_addr; -+ -+ if (mh_load_end_addr < mh_load_addr) { -+ fprintf(stderr, "invalid mh_load_end_addr address\n"); -+ exit(1); -+ } - mb_load_size = mh_load_end_addr - mh_load_addr; - } else { -+ if (kernel_file_size < mb_kernel_text_offset) { -+ fprintf(stderr, "invalid kernel_file_size\n"); -+ exit(1); -+ } - mb_kernel_size = kernel_file_size - mb_kernel_text_offset; - mb_load_size = mb_kernel_size; - } --- -2.13.5 - diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index 344ffc786b..a8e54d6840 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -72,16 +72,14 @@ (define-public qemu (package (name "qemu") - (version "2.10.0") + (version "2.10.1") (source (origin (method url-fetch) (uri (string-append "https://download.qemu.org/qemu-" version ".tar.xz")) - (patches (search-patches "qemu-CVE-2017-13711.patch" - "qemu-CVE-2017-14167.patch")) (sha256 (base32 - "0dgk7zcni41nf1jp84y0m6dk2nb4frnh571m8hkiv0m4hz4imn2m")))) + "1ahwl7r18iw2ds0q3c51nlivqsan9hcgnc8bbf9pv366iy81mm8x")))) (build-system gnu-build-system) (arguments '(;; Running tests in parallel can occasionally lead to failures, like: -- cgit 1.4.1 From f473b8f1f7db695dce1ed5b145be501424e76b34 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Tue, 3 Oct 2017 22:46:40 +0300 Subject: gnu: clisp: Update to 2.49-60. * gnu/packages/lisp.scm (clisp): Update to 2.49-60. [source]: Download mercurial repository, apply patch. [inputs]: Replace readline@6.2 with readline, add ncurses. [arguments]: Add multiple configure flags. Remove build phase to build in "src" directory. Remove more uses of a timestamp. --- gnu/local.mk | 1 + gnu/packages/lisp.scm | 32 ++++++++++------ .../patches/clisp-remove-failing-test.patch | 43 ++++++++++++++++++++++ 3 files changed, 65 insertions(+), 11 deletions(-) create mode 100644 gnu/packages/patches/clisp-remove-failing-test.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 9f4c6398b2..ad8b02a082 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -560,6 +560,7 @@ dist_patch_DATA = \ %D%/packages/patches/chmlib-inttypes.patch \ %D%/packages/patches/clang-libc-search-path.patch \ %D%/packages/patches/clang-3.8-libc-search-path.patch \ + %D%/packages/patches/clisp-remove-failing-test.patch \ %D%/packages/patches/clucene-pkgconfig.patch \ %D%/packages/patches/clx-remove-demo.patch \ %D%/packages/patches/cmake-fix-tests.patch \ diff --git a/gnu/packages/lisp.scm b/gnu/packages/lisp.scm index 224cea56f6..f5840e1b28 100644 --- a/gnu/packages/lisp.scm +++ b/gnu/packages/lisp.scm @@ -33,6 +33,7 @@ #:use-module (gnu packages m4) #:use-module (guix download) #:use-module (guix git-download) + #:use-module (guix hg-download) #:use-module (guix utils) #:use-module (guix build-system gnu) #:use-module (guix build-system asdf) @@ -42,6 +43,7 @@ #:use-module (gnu packages fontutils) #:use-module (gnu packages maths) #:use-module (gnu packages multiprecision) + #:use-module (gnu packages ncurses) #:use-module (gnu packages bdw-gc) #:use-module (gnu packages libffi) #:use-module (gnu packages libffcall) @@ -228,21 +230,31 @@ supporting ASDF, Sockets, Gray streams, MOP, and other useful components.") (define-public clisp (package (name "clisp") - (version "2.49") + (version "2.49-60") (source (origin - (method url-fetch) - (uri (string-append "mirror://gnu/clisp/release/" version - "/clisp-" version ".tar.gz")) + (method hg-fetch) + (uri (hg-reference + (url "http://hg.code.sf.net/p/clisp/clisp") + (changeset "clisp_2_49_60-2017-06-25"))) + (file-name (string-append name "-" version "-checkout")) (sha256 - (base32 "0rp82nqp5362isl9i34rwgg04cidz7izljd9d85pqcw1qr964bxx")))) + (base32 "0qjv3z274rbdmb941hy03hl63f4z7bmci234f8dyz4skgfr82d3i")) + (patches (search-patches "clisp-remove-failing-test.patch")))) (build-system gnu-build-system) (inputs `(("libffcall" ,libffcall) - ("readline" ,readline-6.2) + ("ncurses" ,ncurses) + ("readline" ,readline) ("libsigsegv" ,libsigsegv))) (arguments '(;; XXX The custom configure script does not cope well when passed ;; --build=. + #:configure-flags '("CFLAGS=-falign-functions=4" + "--enable-portability" + "--with-dynamic-ffi" + "--with-dynamic-modules" + "--with-module=bindings/glibc" + "--with-module=rawsock") #:build #f #:phases (modify-phases %standard-phases @@ -262,11 +274,9 @@ supporting ASDF, Sockets, Gray streams, MOP, and other useful components.") (lambda _ (substitute* "src/constobj.d" (("__DATE__ __TIME__") "\"1\"")) - #t)) - (add-before 'build 'chdir-to-source - (lambda _ - ;; We are supposed to call make under the src sub-directory. - (chdir "src") + (substitute* "src/genclisph.d" + (("__DATE__") "\"1\"") + (("__TIME__") "\"1\"")) #t))) ;; Makefiles seem to have race conditions. #:parallel-build? #f)) diff --git a/gnu/packages/patches/clisp-remove-failing-test.patch b/gnu/packages/patches/clisp-remove-failing-test.patch new file mode 100644 index 0000000000..e44ce80f74 --- /dev/null +++ b/gnu/packages/patches/clisp-remove-failing-test.patch @@ -0,0 +1,43 @@ +This test doesn't ever complete or timeout + +--- + tests/socket.tst | 24 ------------------------ + 1 file changed, 24 deletions(-) + +diff --git a/tests/socket.tst b/tests/socket.tst +index 93c6310..1d976ff 100644 +--- a/tests/socket.tst ++++ b/tests/socket.tst +@@ -551,30 +551,6 @@ T + interfaces)) + ("0.0.0.0" "127.0.0.1" "0.0.0.0" "127.0.0.1") + +-(multiple-value-bind (run args) (cmd-args) +- (let ((se (socket:socket-server))) +- (ext:run-program run :arguments (append args (list "-q" "-q" "-x" (format nil "(close (socket:socket-connect ~D))" (socket:socket-server-port se)))) +- :wait nil :input nil :output nil) +- (unwind-protect +- (with-open-stream (so (socket:socket-accept se)) +- (list +- (socket:socket-status so) +- (write-line "foo" so) +- (socket:socket-status so) +- #+macos (handler-case (read-char so) +- (end-of-file (c) +- (princ 'read-char) (princ-error c) t)) +- #-macos (check-os-error (read-char so) (:ECONNRESET 104)) +- (null (member (socket:socket-status so) '(:EOF :APPEND))) +- #+macos (string= (write-line "bar" so) "bar") +- #-macos (check-os-error (write-line "bar" so) (:EPIPE 32)) +- (null (member (socket:socket-status so) '(:EOF :APPEND))) +- (handler-case (read-char so) +- (end-of-file (c) +- (princ 'read-char) (princ-error c) 'end-of-file)))) +- (socket:socket-server-close se)))) +-(:OUTPUT "foo" :OUTPUT T NIL T NIL END-OF-FILE) +- + ;; https://sourceforge.net/p/clisp/feature-requests/46/ + (check-os-error (socket:socket-connect 0) + #-(or win32 macos) (:ECONNREFUSED 111) +-- + -- cgit 1.4.1 From a35532f52df3ba3bc360346938aa90806cad493e Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Thu, 5 Oct 2017 00:34:53 +0200 Subject: gnu: xorg-server: Update to 1.19.4 [fixes CVE-2017-13721, CVE-2017-13723]. The GPG signature for the bz2 tarball is bad, but the checksum matches the signed release announcement, and contents are identical to the good .gz. * gnu/packages/xorg.scm (xorg-server): Update to 1.19.4. [source]: Remove obsolete patches. * gnu/packages/patches/xorg-server-CVE-2017-10971.patch, gnu/packages/patches/xorg-server-CVE-2017-10972.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. --- gnu/local.mk | 2 - .../patches/xorg-server-CVE-2017-10971.patch | 153 --------------------- .../patches/xorg-server-CVE-2017-10972.patch | 35 ----- gnu/packages/xorg.scm | 10 +- 4 files changed, 4 insertions(+), 196 deletions(-) delete mode 100644 gnu/packages/patches/xorg-server-CVE-2017-10971.patch delete mode 100644 gnu/packages/patches/xorg-server-CVE-2017-10972.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index ad8b02a082..6db176b767 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1124,8 +1124,6 @@ dist_patch_DATA = \ %D%/packages/patches/xinetd-fix-fd-leak.patch \ %D%/packages/patches/xinetd-CVE-2013-4342.patch \ %D%/packages/patches/xmodmap-asprintf.patch \ - %D%/packages/patches/xorg-server-CVE-2017-10971.patch \ - %D%/packages/patches/xorg-server-CVE-2017-10972.patch \ %D%/packages/patches/libyaml-CVE-2014-9130.patch \ %D%/packages/patches/zathura-plugindir-environment-variable.patch \ %D%/packages/patches/zziplib-CVE-2017-5974.patch \ diff --git a/gnu/packages/patches/xorg-server-CVE-2017-10971.patch b/gnu/packages/patches/xorg-server-CVE-2017-10971.patch deleted file mode 100644 index 2696033e58..0000000000 --- a/gnu/packages/patches/xorg-server-CVE-2017-10971.patch +++ /dev/null @@ -1,153 +0,0 @@ -From 215f894965df5fb0bb45b107d84524e700d2073c Mon Sep 17 00:00:00 2001 -From: Michal Srb -Date: Wed, 24 May 2017 15:54:40 +0300 -Subject: dix: Disallow GenericEvent in SendEvent request. - -The SendEvent request holds xEvent which is exactly 32 bytes long, no more, -no less. Both ProcSendEvent and SProcSendEvent verify that the received data -exactly match the request size. However nothing stops the client from passing -in event with xEvent::type = GenericEvent and any value of -xGenericEvent::length. - -In the case of ProcSendEvent, the event will be eventually passed to -WriteEventsToClient which will see that it is Generic event and copy the -arbitrary length from the receive buffer (and possibly past it) and send it to -the other client. This allows clients to copy unitialized heap memory out of X -server or to crash it. - -In case of SProcSendEvent, it will attempt to swap the incoming event by -calling a swapping function from the EventSwapVector array. The swapped event -is written to target buffer, which in this case is local xEvent variable. The -xEvent variable is 32 bytes long, but the swapping functions for GenericEvents -expect that the target buffer has size matching the size of the source -GenericEvent. This allows clients to cause stack buffer overflows. - -Signed-off-by: Michal Srb -Reviewed-by: Peter Hutterer -Signed-off-by: Peter Hutterer - -diff --git a/dix/events.c b/dix/events.c -index 3e3a01e..d3a33ea 100644 ---- a/dix/events.c -+++ b/dix/events.c -@@ -5366,6 +5366,12 @@ ProcSendEvent(ClientPtr client) - client->errorValue = stuff->event.u.u.type; - return BadValue; - } -+ /* Generic events can have variable size, but SendEvent request holds -+ exactly 32B of event data. */ -+ if (stuff->event.u.u.type == GenericEvent) { -+ client->errorValue = stuff->event.u.u.type; -+ return BadValue; -+ } - if (stuff->event.u.u.type == ClientMessage && - stuff->event.u.u.detail != 8 && - stuff->event.u.u.detail != 16 && stuff->event.u.u.detail != 32) { -diff --git a/dix/swapreq.c b/dix/swapreq.c -index 719e9b8..6785059 100644 ---- a/dix/swapreq.c -+++ b/dix/swapreq.c -@@ -292,6 +292,13 @@ SProcSendEvent(ClientPtr client) - swapl(&stuff->destination); - swapl(&stuff->eventMask); - -+ /* Generic events can have variable size, but SendEvent request holds -+ exactly 32B of event data. */ -+ if (stuff->event.u.u.type == GenericEvent) { -+ client->errorValue = stuff->event.u.u.type; -+ return BadValue; -+ } -+ - /* Swap event */ - proc = EventSwapVector[stuff->event.u.u.type & 0177]; - if (!proc || proc == NotImplemented) /* no swapping proc; invalid event type? */ --- -cgit v0.10.2 - -From 8caed4df36b1f802b4992edcfd282cbeeec35d9d Mon Sep 17 00:00:00 2001 -From: Michal Srb -Date: Wed, 24 May 2017 15:54:41 +0300 -Subject: Xi: Verify all events in ProcXSendExtensionEvent. - -The requirement is that events have type in range -EXTENSION_EVENT_BASE..lastEvent, but it was tested -only for first event of all. - -Signed-off-by: Michal Srb -Reviewed-by: Peter Hutterer -Signed-off-by: Peter Hutterer - -diff --git a/Xi/sendexev.c b/Xi/sendexev.c -index 1cf118a..5e63bfc 100644 ---- a/Xi/sendexev.c -+++ b/Xi/sendexev.c -@@ -117,7 +117,7 @@ SProcXSendExtensionEvent(ClientPtr client) - int - ProcXSendExtensionEvent(ClientPtr client) - { -- int ret; -+ int ret, i; - DeviceIntPtr dev; - xEvent *first; - XEventClass *list; -@@ -141,10 +141,12 @@ ProcXSendExtensionEvent(ClientPtr client) - /* The client's event type must be one defined by an extension. */ - - first = ((xEvent *) &stuff[1]); -- if (!((EXTENSION_EVENT_BASE <= first->u.u.type) && -- (first->u.u.type < lastEvent))) { -- client->errorValue = first->u.u.type; -- return BadValue; -+ for (i = 0; i < stuff->num_events; i++) { -+ if (!((EXTENSION_EVENT_BASE <= first[i].u.u.type) && -+ (first[i].u.u.type < lastEvent))) { -+ client->errorValue = first[i].u.u.type; -+ return BadValue; -+ } - } - - list = (XEventClass *) (first + stuff->num_events); --- -cgit v0.10.2 - -From ba336b24052122b136486961c82deac76bbde455 Mon Sep 17 00:00:00 2001 -From: Michal Srb -Date: Wed, 24 May 2017 15:54:42 +0300 -Subject: Xi: Do not try to swap GenericEvent. - -The SProcXSendExtensionEvent must not attempt to swap GenericEvent because -it is assuming that the event has fixed size and gives the swapping function -xEvent-sized buffer. - -A GenericEvent would be later rejected by ProcXSendExtensionEvent anyway. - -Signed-off-by: Michal Srb -Reviewed-by: Peter Hutterer -Signed-off-by: Peter Hutterer - -diff --git a/Xi/sendexev.c b/Xi/sendexev.c -index 5e63bfc..5c2e0fc 100644 ---- a/Xi/sendexev.c -+++ b/Xi/sendexev.c -@@ -95,9 +95,17 @@ SProcXSendExtensionEvent(ClientPtr client) - - eventP = (xEvent *) &stuff[1]; - for (i = 0; i < stuff->num_events; i++, eventP++) { -+ if (eventP->u.u.type == GenericEvent) { -+ client->errorValue = eventP->u.u.type; -+ return BadValue; -+ } -+ - proc = EventSwapVector[eventP->u.u.type & 0177]; -- if (proc == NotImplemented) /* no swapping proc; invalid event type? */ -+ /* no swapping proc; invalid event type? */ -+ if (proc == NotImplemented) { -+ client->errorValue = eventP->u.u.type; - return BadValue; -+ } - (*proc) (eventP, &eventT); - *eventP = eventT; - } --- -cgit v0.10.2 - diff --git a/gnu/packages/patches/xorg-server-CVE-2017-10972.patch b/gnu/packages/patches/xorg-server-CVE-2017-10972.patch deleted file mode 100644 index f24e9c0ae6..0000000000 --- a/gnu/packages/patches/xorg-server-CVE-2017-10972.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 05442de962d3dc624f79fc1a00eca3ffc5489ced Mon Sep 17 00:00:00 2001 -From: Michal Srb -Date: Wed, 24 May 2017 15:54:39 +0300 -Subject: Xi: Zero target buffer in SProcXSendExtensionEvent. - -Make sure that the xEvent eventT is initialized with zeros, the same way as -in SProcSendEvent. - -Some event swapping functions do not overwrite all 32 bytes of xEvent -structure, for example XSecurityAuthorizationRevoked. Two cooperating -clients, one swapped and the other not, can send -XSecurityAuthorizationRevoked event to each other to retrieve old stack data -from X server. This can be potentialy misused to go around ASLR or -stack-protector. - -Signed-off-by: Michal Srb -Reviewed-by: Peter Hutterer -Signed-off-by: Peter Hutterer - -diff --git a/Xi/sendexev.c b/Xi/sendexev.c -index 11d8202..1cf118a 100644 ---- a/Xi/sendexev.c -+++ b/Xi/sendexev.c -@@ -78,7 +78,7 @@ SProcXSendExtensionEvent(ClientPtr client) - { - CARD32 *p; - int i; -- xEvent eventT; -+ xEvent eventT = { .u.u.type = 0 }; - xEvent *eventP; - EventSwapPtr proc; - --- -cgit v0.10.2 - diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm index d66cf417f6..f3d415c096 100644 --- a/gnu/packages/xorg.scm +++ b/gnu/packages/xorg.scm @@ -5067,7 +5067,7 @@ over Xlib, including: (define-public xorg-server (package (name "xorg-server") - (version "1.19.3") + (version "1.19.4") (source (origin (method url-fetch) @@ -5076,9 +5076,9 @@ over Xlib, including: name "-" version ".tar.bz2")) (sha256 (base32 - "162s1v901djr57gxmmk4airk8hiwcz79dqyz72972x1lw1k82yk7")) + "1a690fzv5l5ks45g9zhlzdskdq8q73mcbpb9a3wz3shxm778lxda")) (patches - (cons + (list ;; See: ;; https://lists.fedoraproject.org/archives/list/devel@lists. ;; fedoraproject.org/message/JU655YB7AM4OOEQ4MOMCRHJTYJ76VFOK/ @@ -5090,9 +5090,7 @@ over Xlib, including: (sha256 (base32 "0mm70y058r8s9y9jiv7q2myv0ycnaw3iqzm7d274410s0ik38w7q")) - (file-name "xorg-server-use-intel-only-on-pre-gen4.diff")) - (search-patches "xorg-server-CVE-2017-10971.patch" - "xorg-server-CVE-2017-10972.patch"))))) + (file-name "xorg-server-use-intel-only-on-pre-gen4.diff")))))) (build-system gnu-build-system) (propagated-inputs `(("dri2proto" ,dri2proto) -- cgit 1.4.1 From 46cf31868c1b12eec50bc9b8dda64604dd81f986 Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Wed, 4 Oct 2017 10:28:42 -0400 Subject: gnu: curl: Update replacement to 7.56.0 [security fixes]. Fixes CVE-2017-1000254. See for details. * gnu/packages/curl.scm (curl)[replacement]: Update to 7.56.0. (curl-7.55.0): Rename to ... (curl-7.56.0): ... this. [arguments]: Remove 'fix-Makefile' phase. [source]: Remove patch. * gnu/packages/patches/curl-bounds-check.patch: Delete it. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/curl.scm | 21 ++++----------------- gnu/packages/patches/curl-bounds-check.patch | 19 ------------------- 3 files changed, 4 insertions(+), 37 deletions(-) delete mode 100644 gnu/packages/patches/curl-bounds-check.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 6db176b767..f3baadd8ab 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -579,7 +579,6 @@ dist_patch_DATA = \ %D%/packages/patches/crossmap-allow-system-pysam.patch \ %D%/packages/patches/clucene-contribs-lib.patch \ %D%/packages/patches/cube-nocheck.patch \ - %D%/packages/patches/curl-bounds-check.patch \ %D%/packages/patches/cursynth-wave-rand.patch \ %D%/packages/patches/cvs-2017-12836.patch \ %D%/packages/patches/cyrus-sasl-CVE-2013-4122.patch \ diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index 23606b4810..ef1b6c74ba 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -42,7 +42,7 @@ (define-public curl (package (name "curl") - (replacement curl-7.55.0) + (replacement curl-7.56.0) (version "7.54.1") (source (origin (method url-fetch) @@ -123,28 +123,15 @@ tunneling, and so on.") "See COPYING in the distribution.")) (home-page "https://curl.haxx.se/"))) -(define-public curl-7.55.0 +(define-public curl-7.56.0 (package (inherit curl) - (version "7.55.0") + (version "7.56.0") (source (origin (method url-fetch) (uri (string-append "https://curl.haxx.se/download/curl-" version ".tar.xz")) - (patches (search-patches "curl-bounds-check.patch")) (sha256 (base32 - "1785vxi0jamiv9d1wr1l45g0fm9ircxdfyfzf7ld8zv0z0i8bmfd")))) - (arguments - `(,@(substitute-keyword-arguments (package-arguments curl) - ((#:phases phases) - `(modify-phases ,phases - (add-before 'install 'fix-Makefile - ;; Fix a regression in 7.55.0 where docs are not installed. - ;; https://github.com/curl/curl/commit/a7bbbb7c368c6096802007f61f19a02e9d75285b - (lambda _ - (substitute* "Makefile" - (("install-data-hook:\n") - "install-data-hook:\n\tcd docs/libcurl && $(MAKE) install\n")) - #t))))))))) + "0wni3zkw7jyrwgwkqnrkf2x2b7c78wsp7p4z6a246hz9l367nhrj")))))) diff --git a/gnu/packages/patches/curl-bounds-check.patch b/gnu/packages/patches/curl-bounds-check.patch deleted file mode 100644 index 4b8ff65304..0000000000 --- a/gnu/packages/patches/curl-bounds-check.patch +++ /dev/null @@ -1,19 +0,0 @@ -Fix test failure on some 32-bit platforms. - -Patch copied from upstream source repository: - -https://github.com/curl/curl/commit/45a560390c4356bcb81d933bbbb229c8ea2acb63 - -diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c -index b9dedc989e..85c5e79a7e 100644 ---- a/src/tool_paramhlp.c -+++ b/src/tool_paramhlp.c -@@ -218,7 +218,7 @@ static ParameterError str2double(double *val, const char *str, long max) - num = strtod(str, &endptr); - if(errno == ERANGE) - return PARAM_NUMBER_TOO_LARGE; -- if((long)num > max) { -+ if(num > max) { - /* too large */ - return PARAM_NUMBER_TOO_LARGE; - } -- cgit 1.4.1 From 3f697ff2e8b44941749ce54ca9dfbe0cc388a764 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Thu, 5 Oct 2017 20:23:06 +0200 Subject: gnu: openjpeg: Update to 2.3.0. * gnu/packages/patches/openjpeg-CVE-2017-12982.patch, gnu/packages/patches/openjpeg-CVE-2017-14040.patch, gnu/packages/patches/openjpeg-CVE-2017-14041.patch, gnu/packages/patches/openjpeg-CVE-2017-14151.patch, gnu/packages/patches/openjpeg-CVE-2017-14152.patch, gnu/packages/patches/openjpeg-CVE-2017-14164.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. * gnu/packages/image.scm (openjpeg): Update to 2.3.0. [source](patches): Remove. * gnu/packages/gstreamer.scm (gst-plugins-bad)[arguments]: Adjust openjpeg substitution. --- gnu/local.mk | 6 -- gnu/packages/gstreamer.scm | 4 +- gnu/packages/image.scm | 10 +-- gnu/packages/patches/openjpeg-CVE-2017-12982.patch | 28 ------- gnu/packages/patches/openjpeg-CVE-2017-14040.patch | 83 -------------------- gnu/packages/patches/openjpeg-CVE-2017-14041.patch | 25 ------ gnu/packages/patches/openjpeg-CVE-2017-14151.patch | 46 ----------- gnu/packages/patches/openjpeg-CVE-2017-14152.patch | 38 --------- gnu/packages/patches/openjpeg-CVE-2017-14164.patch | 89 ---------------------- 9 files changed, 4 insertions(+), 325 deletions(-) delete mode 100644 gnu/packages/patches/openjpeg-CVE-2017-12982.patch delete mode 100644 gnu/packages/patches/openjpeg-CVE-2017-14040.patch delete mode 100644 gnu/packages/patches/openjpeg-CVE-2017-14041.patch delete mode 100644 gnu/packages/patches/openjpeg-CVE-2017-14151.patch delete mode 100644 gnu/packages/patches/openjpeg-CVE-2017-14152.patch delete mode 100644 gnu/packages/patches/openjpeg-CVE-2017-14164.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index f3baadd8ab..e10d7ec2fb 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -904,12 +904,6 @@ dist_patch_DATA = \ %D%/packages/patches/openscenegraph-ffmpeg3.patch \ %D%/packages/patches/openexr-missing-samples.patch \ %D%/packages/patches/openfoam-4.1-cleanup.patch \ - %D%/packages/patches/openjpeg-CVE-2017-12982.patch \ - %D%/packages/patches/openjpeg-CVE-2017-14040.patch \ - %D%/packages/patches/openjpeg-CVE-2017-14041.patch \ - %D%/packages/patches/openjpeg-CVE-2017-14151.patch \ - %D%/packages/patches/openjpeg-CVE-2017-14152.patch \ - %D%/packages/patches/openjpeg-CVE-2017-14164.patch \ %D%/packages/patches/openldap-CVE-2017-9287.patch \ %D%/packages/patches/openocd-nrf52.patch \ %D%/packages/patches/openssl-runpath.patch \ diff --git a/gnu/packages/gstreamer.scm b/gnu/packages/gstreamer.scm index bc8f75ba12..c308dc9f34 100644 --- a/gnu/packages/gstreamer.scm +++ b/gnu/packages/gstreamer.scm @@ -280,10 +280,10 @@ developers consider to have good quality code and correct functionality.") (modify-phases %standard-phases (add-after 'unpack 'patch-openjpeg-reference (lambda _ - ;; Remove hard-coded openjpeg-2.1 path. 2.2 is API- and + ;; Remove hard-coded openjpeg-2.2 path. 2.3 is API- and ;; ABI-compatible. (substitute* "ext/openjpeg/gstopenjpeg.h" - ((" -Date: Mon, 14 Aug 2017 17:26:58 +0200 -Subject: [PATCH] bmp_read_info_header(): reject bmp files with biBitCount == 0 - (#983) - ---- - src/bin/jp2/convertbmp.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c -index b49e7a080..2715fdf24 100644 ---- a/src/bin/jp2/convertbmp.c -+++ b/src/bin/jp2/convertbmp.c -@@ -392,6 +392,10 @@ static OPJ_BOOL bmp_read_info_header(FILE* IN, OPJ_BITMAPINFOHEADER* header) - - header->biBitCount = (OPJ_UINT16)getc(IN); - header->biBitCount |= (OPJ_UINT16)((OPJ_UINT32)getc(IN) << 8); -+ if (header->biBitCount == 0) { -+ fprintf(stderr, "Error, invalid biBitCount %d\n", 0); -+ return OPJ_FALSE; -+ } - - if (header->biSize >= 40U) { - header->biCompression = (OPJ_UINT32)getc(IN); diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14040.patch b/gnu/packages/patches/openjpeg-CVE-2017-14040.patch deleted file mode 100644 index bd7473ba0d..0000000000 --- a/gnu/packages/patches/openjpeg-CVE-2017-14040.patch +++ /dev/null @@ -1,83 +0,0 @@ -http://openwall.com/lists/oss-security/2017/08/28/3 -https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281.patch - -From 2cd30c2b06ce332dede81cccad8b334cde997281 Mon Sep 17 00:00:00 2001 -From: Even Rouault -Date: Thu, 17 Aug 2017 11:47:40 +0200 -Subject: [PATCH] tgatoimage(): avoid excessive memory allocation attempt, and - fixes unaligned load (#995) - ---- - src/bin/jp2/convert.c | 39 +++++++++++++++++++++++++++------------ - 1 file changed, 27 insertions(+), 12 deletions(-) - -diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c -index a4eb81f6a..73dfc8d5f 100644 ---- a/src/bin/jp2/convert.c -+++ b/src/bin/jp2/convert.c -@@ -580,13 +580,10 @@ struct tga_header { - }; - #endif /* INFORMATION_ONLY */ - --static unsigned short get_ushort(const unsigned char *data) -+/* Returns a ushort from a little-endian serialized value */ -+static unsigned short get_tga_ushort(const unsigned char *data) - { -- unsigned short val = *(const unsigned short *)data; --#ifdef OPJ_BIG_ENDIAN -- val = ((val & 0xffU) << 8) | (val >> 8); --#endif -- return val; -+ return data[0] | (data[1] << 8); - } - - #define TGA_HEADER_SIZE 18 -@@ -613,17 +610,17 @@ static int tga_readheader(FILE *fp, unsigned int *bits_per_pixel, - id_len = tga[0]; - /*cmap_type = tga[1];*/ - image_type = tga[2]; -- /*cmap_index = get_ushort(&tga[3]);*/ -- cmap_len = get_ushort(&tga[5]); -+ /*cmap_index = get_tga_ushort(&tga[3]);*/ -+ cmap_len = get_tga_ushort(&tga[5]); - cmap_entry_size = tga[7]; - - - #if 0 -- x_origin = get_ushort(&tga[8]); -- y_origin = get_ushort(&tga[10]); -+ x_origin = get_tga_ushort(&tga[8]); -+ y_origin = get_tga_ushort(&tga[10]); - #endif -- image_w = get_ushort(&tga[12]); -- image_h = get_ushort(&tga[14]); -+ image_w = get_tga_ushort(&tga[12]); -+ image_h = get_tga_ushort(&tga[14]); - pixel_depth = tga[16]; - image_desc = tga[17]; - -@@ -817,6 +814,24 @@ opj_image_t* tgatoimage(const char *filename, opj_cparameters_t *parameters) - color_space = OPJ_CLRSPC_SRGB; - } - -+ /* If the declared file size is > 10 MB, check that the file is big */ -+ /* enough to avoid excessive memory allocations */ -+ if (image_height != 0 && image_width > 10000000 / image_height / numcomps) { -+ char ch; -+ OPJ_UINT64 expected_file_size = -+ (OPJ_UINT64)image_width * image_height * numcomps; -+ long curpos = ftell(f); -+ if (expected_file_size > (OPJ_UINT64)INT_MAX) { -+ expected_file_size = (OPJ_UINT64)INT_MAX; -+ } -+ fseek(f, (long)expected_file_size - 1, SEEK_SET); -+ if (fread(&ch, 1, 1, f) != 1) { -+ fclose(f); -+ return NULL; -+ } -+ fseek(f, curpos, SEEK_SET); -+ } -+ - subsampling_dx = parameters->subsampling_dx; - subsampling_dy = parameters->subsampling_dy; - diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14041.patch b/gnu/packages/patches/openjpeg-CVE-2017-14041.patch deleted file mode 100644 index 6e3fccf3c0..0000000000 --- a/gnu/packages/patches/openjpeg-CVE-2017-14041.patch +++ /dev/null @@ -1,25 +0,0 @@ -http://openwall.com/lists/oss-security/2017/08/28/4 -https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9.patch - -From e5285319229a5d77bf316bb0d3a6cbd3cb8666d9 Mon Sep 17 00:00:00 2001 -From: Even Rouault -Date: Fri, 18 Aug 2017 13:39:20 +0200 -Subject: [PATCH] pgxtoimage(): fix write stack buffer overflow (#997) - ---- - src/bin/jp2/convert.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c -index 5459f7d44..e606c9be7 100644 ---- a/src/bin/jp2/convert.c -+++ b/src/bin/jp2/convert.c -@@ -1185,7 +1185,7 @@ opj_image_t* pgxtoimage(const char *filename, opj_cparameters_t *parameters) - } - - fseek(f, 0, SEEK_SET); -- if (fscanf(f, "PG%[ \t]%c%c%[ \t+-]%d%[ \t]%d%[ \t]%d", temp, &endian1, -+ if (fscanf(f, "PG%31[ \t]%c%c%31[ \t+-]%d%31[ \t]%d%31[ \t]%d", temp, &endian1, - &endian2, signtmp, &prec, temp, &w, temp, &h) != 9) { - fclose(f); - fprintf(stderr, diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14151.patch b/gnu/packages/patches/openjpeg-CVE-2017-14151.patch deleted file mode 100644 index 4fcf6af6db..0000000000 --- a/gnu/packages/patches/openjpeg-CVE-2017-14151.patch +++ /dev/null @@ -1,46 +0,0 @@ -https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9.patch -http://openwall.com/lists/oss-security/2017/09/06/1 - -From afb308b9ccbe129608c9205cf3bb39bbefad90b9 Mon Sep 17 00:00:00 2001 -From: Even Rouault -Date: Mon, 14 Aug 2017 17:20:37 +0200 -Subject: [PATCH] Encoder: grow buffer size in - opj_tcd_code_block_enc_allocate_data() to avoid write heap buffer overflow in - opj_mqc_flush (#982) - ---- - src/lib/openjp2/tcd.c | 7 +++++-- - tests/nonregression/test_suite.ctest.in | 2 ++ - 2 files changed, 7 insertions(+), 2 deletions(-) - -diff --git a/src/lib/openjp2/tcd.c b/src/lib/openjp2/tcd.c -index 301c7213e..53cdcf64d 100644 ---- a/src/lib/openjp2/tcd.c -+++ b/src/lib/openjp2/tcd.c -@@ -1187,8 +1187,11 @@ static OPJ_BOOL opj_tcd_code_block_enc_allocate_data(opj_tcd_cblk_enc_t * - { - OPJ_UINT32 l_data_size; - -- /* The +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */ -- l_data_size = 1 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * -+ /* +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */ -+ /* and actually +2 required for https://github.com/uclouvain/openjpeg/issues/982 */ -+ /* TODO: is there a theoretical upper-bound for the compressed code */ -+ /* block size ? */ -+ l_data_size = 2 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * - (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32)); - - if (l_data_size > p_code_block->data_size) { -diff --git a/tests/nonregression/test_suite.ctest.in b/tests/nonregression/test_suite.ctest.in -index aaf40d7d0..ffd964c2a 100644 ---- a/tests/nonregression/test_suite.ctest.in -+++ b/tests/nonregression/test_suite.ctest.in -@@ -169,6 +169,8 @@ opj_compress -i @INPUT_NR_PATH@/Bretagne2.ppm -o @TEMP_PATH@/Bretagne2_empty_ban - # Same rate as Bretagne2_4.j2k - opj_compress -i @INPUT_NR_PATH@/Bretagne2.ppm -o @TEMP_PATH@/Bretagne2_empty_band_r800.j2k -t 2591,1943 -n 2 -r 800 - -+opj_compress -i @INPUT_NR_PATH@/issue982.bmp -o @TEMP_PATH@/issue982.j2k -n 1 -+ - # DECODER TEST SUITE - opj_decompress -i @INPUT_NR_PATH@/Bretagne2.j2k -o @TEMP_PATH@/Bretagne2.j2k.pgx - opj_decompress -i @INPUT_NR_PATH@/_00042.j2k -o @TEMP_PATH@/_00042.j2k.pgx diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14152.patch b/gnu/packages/patches/openjpeg-CVE-2017-14152.patch deleted file mode 100644 index 6c083be123..0000000000 --- a/gnu/packages/patches/openjpeg-CVE-2017-14152.patch +++ /dev/null @@ -1,38 +0,0 @@ -https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154.patch -http://openwall.com/lists/oss-security/2017/09/06/2 - -From 4241ae6fbbf1de9658764a80944dc8108f2b4154 Mon Sep 17 00:00:00 2001 -From: Even Rouault -Date: Tue, 15 Aug 2017 11:55:58 +0200 -Subject: [PATCH] Fix assertion in debug mode / heap-based buffer overflow in - opj_write_bytes_LE for Cinema profiles with numresolutions = 1 (#985) - ---- - src/lib/openjp2/j2k.c | 14 ++++++++++---- - 1 file changed, 10 insertions(+), 4 deletions(-) - -diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c -index a2521ebbc..54b490a8c 100644 ---- a/src/lib/openjp2/j2k.c -+++ b/src/lib/openjp2/j2k.c -@@ -6573,10 +6573,16 @@ static void opj_j2k_set_cinema_parameters(opj_cparameters_t *parameters, - - /* Precincts */ - parameters->csty |= 0x01; -- parameters->res_spec = parameters->numresolution - 1; -- for (i = 0; i < parameters->res_spec; i++) { -- parameters->prcw_init[i] = 256; -- parameters->prch_init[i] = 256; -+ if (parameters->numresolution == 1) { -+ parameters->res_spec = 1; -+ parameters->prcw_init[0] = 128; -+ parameters->prch_init[0] = 128; -+ } else { -+ parameters->res_spec = parameters->numresolution - 1; -+ for (i = 0; i < parameters->res_spec; i++) { -+ parameters->prcw_init[i] = 256; -+ parameters->prch_init[i] = 256; -+ } - } - - /* The progression order shall be CPRL */ diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14164.patch b/gnu/packages/patches/openjpeg-CVE-2017-14164.patch deleted file mode 100644 index 2bfc5a6a85..0000000000 --- a/gnu/packages/patches/openjpeg-CVE-2017-14164.patch +++ /dev/null @@ -1,89 +0,0 @@ -https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a.patch -http://openwall.com/lists/oss-security/2017/09/06/3 - -From dcac91b8c72f743bda7dbfa9032356bc8110098a Mon Sep 17 00:00:00 2001 -From: Even Rouault -Date: Wed, 16 Aug 2017 17:09:10 +0200 -Subject: [PATCH] opj_j2k_write_sot(): fix potential write heap buffer overflow - (#991) - ---- - src/lib/openjp2/j2k.c | 25 ++++++++++++++++++++----- - 1 file changed, 20 insertions(+), 5 deletions(-) - -diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c -index 54b490a8c..16915452e 100644 ---- a/src/lib/openjp2/j2k.c -+++ b/src/lib/openjp2/j2k.c -@@ -832,13 +832,15 @@ static OPJ_BOOL opj_j2k_write_tlm(opj_j2k_t *p_j2k, - * Writes the SOT marker (Start of tile-part) - * - * @param p_j2k J2K codec. -- * @param p_data FIXME DOC -- * @param p_data_written FIXME DOC -+ * @param p_data Output buffer -+ * @param p_total_data_size Output buffer size -+ * @param p_data_written Number of bytes written into stream - * @param p_stream the stream to write data to. - * @param p_manager the user event manager. - */ - static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k, - OPJ_BYTE * p_data, -+ OPJ_UINT32 p_total_data_size, - OPJ_UINT32 * p_data_written, - const opj_stream_private_t *p_stream, - opj_event_mgr_t * p_manager); -@@ -4201,6 +4203,7 @@ static OPJ_BOOL opj_j2k_write_tlm(opj_j2k_t *p_j2k, - - static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k, - OPJ_BYTE * p_data, -+ OPJ_UINT32 p_total_data_size, - OPJ_UINT32 * p_data_written, - const opj_stream_private_t *p_stream, - opj_event_mgr_t * p_manager -@@ -4214,6 +4217,12 @@ static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k, - OPJ_UNUSED(p_stream); - OPJ_UNUSED(p_manager); - -+ if (p_total_data_size < 12) { -+ opj_event_msg(p_manager, EVT_ERROR, -+ "Not enough bytes in output buffer to write SOT marker\n"); -+ return OPJ_FALSE; -+ } -+ - opj_write_bytes(p_data, J2K_MS_SOT, - 2); /* SOT */ - p_data += 2; -@@ -11480,7 +11489,8 @@ static OPJ_BOOL opj_j2k_write_first_tile_part(opj_j2k_t *p_j2k, - - l_current_nb_bytes_written = 0; - l_begin_data = p_data; -- if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream, -+ if (! opj_j2k_write_sot(p_j2k, p_data, p_total_data_size, -+ &l_current_nb_bytes_written, p_stream, - p_manager)) { - return OPJ_FALSE; - } -@@ -11572,7 +11582,10 @@ static OPJ_BOOL opj_j2k_write_all_tile_parts(opj_j2k_t *p_j2k, - l_part_tile_size = 0; - l_begin_data = p_data; - -- if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream, -+ if (! opj_j2k_write_sot(p_j2k, p_data, -+ p_total_data_size, -+ &l_current_nb_bytes_written, -+ p_stream, - p_manager)) { - return OPJ_FALSE; - } -@@ -11615,7 +11628,9 @@ static OPJ_BOOL opj_j2k_write_all_tile_parts(opj_j2k_t *p_j2k, - l_part_tile_size = 0; - l_begin_data = p_data; - -- if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream, -+ if (! opj_j2k_write_sot(p_j2k, p_data, -+ p_total_data_size, -+ &l_current_nb_bytes_written, p_stream, - p_manager)) { - return OPJ_FALSE; - } -- cgit 1.4.1 From 6bbbca90736b6a34776a4ef15e954c80d8085878 Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Fri, 6 Oct 2017 21:24:23 +0100 Subject: gnu: Add mongodb. * gnu/packages/databases.scm (mongodb): New variable. --- gnu/packages/databases.scm | 94 ++++++++++++++++++++++ ...ngodb-support-unknown-linux-distributions.patch | 55 +++++++++++++ 2 files changed, 149 insertions(+) create mode 100644 gnu/packages/patches/mongodb-support-unknown-linux-distributions.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm index fbfb341026..62f940e909 100644 --- a/gnu/packages/databases.scm +++ b/gnu/packages/databases.scm @@ -69,8 +69,10 @@ #:use-module (gnu packages rdf) #:use-module (gnu packages readline) #:use-module (gnu packages ruby) + #:use-module (gnu packages serialization) #:use-module (gnu packages tcl) #:use-module (gnu packages tls) + #:use-module (gnu packages valgrind) #:use-module (gnu packages xml) #:use-module ((guix licenses) #:prefix license:) #:use-module (guix packages) @@ -357,6 +359,98 @@ and generic API, and was originally intended for use with dynamic web applications.") (license license:bsd-3))) +(define-public mongodb + (package + (name "mongodb") + (version "3.4.9") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/mongodb/mongo/archive/r" + version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 "0gidwyvh3bdwmk2pccgkqkaln4ysgn8iwa7ihjzllsq0rdg95045")) + (patches + (list + (search-patch "mongodb-support-unknown-linux-distributions.patch"))))) + (build-system gnu-build-system) + (inputs + `(("openssl" ,openssl) + ("pcre" ,pcre) + ("yaml-cpp" ,yaml-cpp) + ("zlib" ,zlib) + ("snappy" ,snappy) + ("boost" ,boost))) + (native-inputs + `(("scons" ,scons) + ("python" ,python-2) + ("valgrind" ,valgrind) + ("perl" ,perl))) + (arguments + `(#:phases + (let ((common-options + `(;; "--use-system-tcmalloc" TODO: Missing gperftools + "--use-system-pcre" + ;; TODO + ;; build/opt/mongo/db/fts/unicode/string.o failed: Error 1 + ;; --use-system-boost + "--use-system-snappy" + "--use-system-zlib" + "--use-system-valgrind" + ;; "--use-system-stemmer" TODO: Missing relevant package + "--use-system-yaml" + "--disable-warnings-as-errors" + ,(format #f "--jobs=~a" (parallel-job-count)) + "--ssl"))) + (modify-phases %standard-phases + (delete 'configure) ; There is no configure phase + (add-after 'unpack 'scons-propagate-environment + (lambda _ + ;; Modify the SConstruct file to arrange for + ;; environment variables to be propagated. + (substitute* "SConstruct" + (("^env = Environment\\(") + "env = Environment(ENV=os.environ, ")) + #t)) + (add-after 'unpack 'create-version-file + (lambda _ + (call-with-output-file "version.json" + (lambda (port) + (display ,(simple-format #f "{ + \"version\": \"~A\" +}" version) port))) + #t)) + (replace 'build + (lambda _ + (zero? (apply system* + `("scons" + ,@common-options + "mongod" "mongo" "mongos"))))) + (replace 'check + (lambda* (#:key tests? #:allow-other-keys) + (or (not tests?) + (zero? (apply system* + `("scons" + ,@common-options + "dbtest" "unittests")))))) + (replace 'install + (lambda _ + (let ((bin (string-append (assoc-ref %outputs "out") "/bin"))) + (install-file "mongod" bin) + (install-file "mongos" bin) + (install-file "mongo" bin)) + #t)))))) + (home-page "https://www.mongodb.org/") + (synopsis "High performance and high availability document database") + (description + "Mongo is a high-performance, high availability, schema-free +document-oriented database. A key goal of MongoDB is to bridge the gap +between key/value stores (which are fast and highly scalable) and traditional +RDBMS systems (which are deep in functionality).") + (license (list license:agpl3 + ;; Some parts are licensed under the Apache License + license:asl2.0)))) + (define-public mysql (package (name "mysql") diff --git a/gnu/packages/patches/mongodb-support-unknown-linux-distributions.patch b/gnu/packages/patches/mongodb-support-unknown-linux-distributions.patch new file mode 100644 index 0000000000..6057ebeb08 --- /dev/null +++ b/gnu/packages/patches/mongodb-support-unknown-linux-distributions.patch @@ -0,0 +1,55 @@ +From e724bb7018a482640c4f194f88b554af2c59d76e Mon Sep 17 00:00:00 2001 +From: Mark Benvenuto +Date: Wed, 20 Sep 2017 11:50:02 -0400 +Subject: [PATCH] SERVER-30857 Support unknown Linux distributions + +--- + src/mongo/rpc/metadata/client_metadata.cpp | 6 ------ + src/mongo/util/processinfo_linux.cpp | 9 ++++++--- + 2 files changed, 6 insertions(+), 9 deletions(-) + +diff --git a/src/mongo/rpc/metadata/client_metadata.cpp b/src/mongo/rpc/metadata/client_metadata.cpp +index 845a315dd74..a959a4e31e9 100644 +--- a/src/mongo/rpc/metadata/client_metadata.cpp ++++ b/src/mongo/rpc/metadata/client_metadata.cpp +@@ -302,9 +302,6 @@ void ClientMetadata::serializePrivate(StringData driverName, + StringData osArchitecture, + StringData osVersion, + BSONObjBuilder* builder) { +- invariant(!driverName.empty() && !driverVersion.empty() && !osType.empty() && !osName.empty() && +- !osArchitecture.empty() && !osVersion.empty()); +- + BSONObjBuilder metaObjBuilder(builder->subobjStart(kMetadataDocumentName)); + + { +@@ -347,9 +344,6 @@ Status ClientMetadata::serializePrivate(StringData driverName, + StringData osVersion, + StringData appName, + BSONObjBuilder* builder) { +- invariant(!driverName.empty() && !driverVersion.empty() && !osType.empty() && !osName.empty() && +- !osArchitecture.empty() && !osVersion.empty()); +- + if (appName.size() > kMaxApplicationNameByteLength) { + return Status(ErrorCodes::ClientMetadataAppNameTooLarge, + str::stream() << "The '" << kApplication << "." << kName +diff --git a/src/mongo/util/processinfo_linux.cpp b/src/mongo/util/processinfo_linux.cpp +index c3debf377bd..c2813b026b0 100644 +--- a/src/mongo/util/processinfo_linux.cpp ++++ b/src/mongo/util/processinfo_linux.cpp +@@ -376,10 +376,13 @@ class LinuxSysHelper { + if ((nl = name.find('\n', nl)) != string::npos) + // stop at first newline + name.erase(nl); +- // no standard format for name and version. use kernel version +- version = "Kernel "; +- version += LinuxSysHelper::readLineFromFile("/proc/sys/kernel/osrelease"); ++ } else { ++ name = "unknown"; + } ++ ++ // There is no standard format for name and version so use the kernel version. ++ version = "Kernel "; ++ version += LinuxSysHelper::readLineFromFile("/proc/sys/kernel/osrelease"); + } + + /** -- cgit 1.4.1 From 4792a0321a5163ed043d404925c8ab03efae1223 Mon Sep 17 00:00:00 2001 From: Cyril Roelandt Date: Tue, 12 Sep 2017 21:27:06 +0200 Subject: gnu: python2-unittest2: Update to 1.1.0. * gnu/packages/python.scm (python2-unittest2): Update to 1.1.0. * gnu/packages/patches/python2-unittest2-remove-argparse.patch: New file. * gnu/local.mk: Add it. --- gnu/local.mk | 1 + gnu/packages/patches/python2-unittest2-remove-argparse.patch | 11 +++++++++++ gnu/packages/python.scm | 9 +++++++-- 3 files changed, 19 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/python2-unittest2-remove-argparse.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index b71b36024e..a866c9084a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -994,6 +994,7 @@ dist_patch_DATA = \ %D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \ %D%/packages/patches/python-pygpgme-fix-pinentry-tests.patch \ %D%/packages/patches/python2-subprocess32-disable-input-test.patch \ + %D%/packages/patches/python2-unittest2-remove-argparse.patch \ %D%/packages/patches/qt4-ldflags.patch \ %D%/packages/patches/qtscript-disable-tests.patch \ %D%/packages/patches/quagga-reproducible-build.patch \ diff --git a/gnu/packages/patches/python2-unittest2-remove-argparse.patch b/gnu/packages/patches/python2-unittest2-remove-argparse.patch new file mode 100644 index 0000000000..c96738757e --- /dev/null +++ b/gnu/packages/patches/python2-unittest2-remove-argparse.patch @@ -0,0 +1,11 @@ +--- a/setup.py 2017-09-12 01:22:06.273997788 +0200 ++++ b/setup.py 2017-09-12 01:22:14.297918757 +0200 +@@ -57,7 +57,7 @@ + # Both install and setup requires - because we read VERSION from within the + # package, and the package also exports all the APIs. + # six for compat helpers +-REQUIRES = ['argparse', 'six>=1.4', 'traceback2'], ++REQUIRES = ['six>=1.4', 'traceback2'], + + params = dict( + name=NAME, diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index fd08f1a469..f5e92d8890 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -1843,7 +1843,7 @@ standard library.") (define-public python2-unittest2 (package (inherit python-unittest2) (name "python2-unittest2") - (version "0.5.1") + (version "1.1.0") (source (origin (method url-fetch) @@ -1852,7 +1852,12 @@ standard library.") version ".tar.gz")) (sha256 (base32 - "0wbs4i4x3x7klr3v35ss6p9mcqz883i1xgcpkhvl7n2lyv6yhpda")))) + "0y855kmx7a8rnf81d3lh5lyxai1908xjp0laf4glwa4c8472m212")) + (patches + (search-patches "python2-unittest2-remove-argparse.patch")))) + (propagated-inputs + `(("python2-six" ,python2-six) + ("python2-traceback2" ,python2-traceback2))) (arguments `(#:python ,python-2 #:tests? #f)))) ; no setup.py test command -- cgit 1.4.1 From 5124e6377578c0346efa7d839b5c4e5cfc1d6d72 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sun, 8 Oct 2017 17:53:36 +0200 Subject: gnu: libvisio: Update to 0.1.5. * gnu/packages/patches/libvisio-fix-tests.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/libreoffice.scm (libvisio): Update to 0.1.5. [source]: Add 'libvisio-fix-tests.patch'. [arguments]: Remove. --- gnu/local.mk | 1 + gnu/packages/libreoffice.scm | 10 +++----- gnu/packages/patches/libvisio-fix-tests.patch | 35 +++++++++++++++++++++++++++ 3 files changed, 39 insertions(+), 7 deletions(-) create mode 100644 gnu/packages/patches/libvisio-fix-tests.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index a866c9084a..566791ede9 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -816,6 +816,7 @@ dist_patch_DATA = \ %D%/packages/patches/libtool-skip-tests2.patch \ %D%/packages/patches/libunistring-gnulib-multi-core.patch \ %D%/packages/patches/libusb-0.1-disable-tests.patch \ + %D%/packages/patches/libvisio-fix-tests.patch \ %D%/packages/patches/libvpx-CVE-2016-2818.patch \ %D%/packages/patches/libxcb-python-3.5-compat.patch \ %D%/packages/patches/libxml2-CVE-2016-4658.patch \ diff --git a/gnu/packages/libreoffice.scm b/gnu/packages/libreoffice.scm index 535772dfff..9c392c536b 100644 --- a/gnu/packages/libreoffice.scm +++ b/gnu/packages/libreoffice.scm @@ -537,15 +537,15 @@ created by PageMaker version 6.x and 7.") (define-public libvisio (package (name "libvisio") - ;; FIXME: The newer version 0.1.1 fails its tests. - (version "0.1.0") + (version "0.1.5") (source (origin (method url-fetch) (uri (string-append "http://dev-www.libreoffice.org/src/" name "/" name "-" version ".tar.xz")) + (patches (search-patches "libvisio-fix-tests.patch")) (sha256 (base32 - "0vvd2wyp4rw6s9xnj1dc9vgdpfvm45gnb5b9hhzif0fdnx4iskqf")))) + "132szijxm95ibzq5qqaylifbf6wa81g08jxggnwv22v60dwhc2j3")))) (build-system gnu-build-system) (native-inputs `(("cppunit" ,cppunit) @@ -559,10 +559,6 @@ created by PageMaker version 6.x and 7.") ("libxml2" ,libxml2))) (inputs `(("boost" ,boost))) - ;; FIXME: Not needed any more for newer version 0.1.1. - (arguments - ;; avoid triggering a build failure due to warnings - `(#:configure-flags '("--disable-werror"))) (home-page "https://wiki.documentfoundation.org/DLP/Libraries/libvisio") (synopsis "Library for parsing the Microsoft Visio format") (description "Libvisio is a library that parses the file format of diff --git a/gnu/packages/patches/libvisio-fix-tests.patch b/gnu/packages/patches/libvisio-fix-tests.patch new file mode 100644 index 0000000000..335f7c11a8 --- /dev/null +++ b/gnu/packages/patches/libvisio-fix-tests.patch @@ -0,0 +1,35 @@ +Tests assume a CET timezone, but do not respect the "TZ" variable. + +This patch is a "squashed" version of these upstream commits: + + + +diff --git a/src/test/Makefile.am b/src/test/Makefile.am +index 59d3419..23049b5 100644 +--- a/src/test/Makefile.am ++++ b/src/test/Makefile.am +@@ -29,4 +29,7 @@ EXTRA_DIST = \ + data/dwg.vsdx \ + $(test_SOURCES) + ++# ImportTest::testVsdMetadataTitleUtf8 checks formatted date string ++AM_TESTS_ENVIRONMENT = TZ=UTC; export TZ; ++ + TESTS = test +diff --git a/src/test/importtest.cpp b/src/test/importtest.cpp +index e05b3c1..32fb185 100644 +--- a/src/test/importtest.cpp ++++ b/src/test/importtest.cpp +@@ -242,8 +242,8 @@ void ImportTest::testVsdMetadataTitleUtf8() + // Test the case when the string is UTF-8 encoded already in the file. + assertXPath(m_doc, "/document/setDocumentMetaData", "title", "mytitle\xC3\xA9\xC3\xA1\xC5\x91\xC5\xB1"); + // Test and . +- assertXPath(m_doc, "/document/setDocumentMetaData", "creation-date", "2014-11-26T09:24:56Z"); +- assertXPath(m_doc, "/document/setDocumentMetaData", "date", "2014-11-26T09:24:56Z"); ++ assertXPath(m_doc, "/document/setDocumentMetaData", "creation-date", "2014-11-26T08:24:56Z"); ++ assertXPath(m_doc, "/document/setDocumentMetaData", "date", "2014-11-26T08:24:56Z"); + } + + void ImportTest::testVsdUserDefinedMetadata() +-- +2.1.4 -- cgit 1.4.1 From c334058f6e7d7f1f1964869e7b11051156ad0e72 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sun, 8 Oct 2017 17:59:07 +0200 Subject: gnu: libmwaw: Update to 0.3.12. * gnu/packages/libreoffice.scm (libmwaw): Update to 0.3.12. [source](patches): Remove. [arguments]: Remove. * gnu/packages/patches/libmwaw-CVE-2017-9433.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/libreoffice.scm | 8 ++---- gnu/packages/patches/libmwaw-CVE-2017-9433.patch | 33 ------------------------ 3 files changed, 2 insertions(+), 40 deletions(-) delete mode 100644 gnu/packages/patches/libmwaw-CVE-2017-9433.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 566791ede9..21b4b9532d 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -797,7 +797,6 @@ dist_patch_DATA = \ %D%/packages/patches/libmad-armv7-thumb-pt2.patch \ %D%/packages/patches/libmad-frame-length.patch \ %D%/packages/patches/libmad-mips-newgcc.patch \ - %D%/packages/patches/libmwaw-CVE-2017-9433.patch \ %D%/packages/patches/libsndfile-armhf-type-checks.patch \ %D%/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch \ %D%/packages/patches/libsndfile-CVE-2017-8362.patch \ diff --git a/gnu/packages/libreoffice.scm b/gnu/packages/libreoffice.scm index 83dedd6b1d..c7e1d81c76 100644 --- a/gnu/packages/libreoffice.scm +++ b/gnu/packages/libreoffice.scm @@ -599,15 +599,14 @@ text documents, vector drawings, presentations and spreadsheets.") (define-public libmwaw (package (name "libmwaw") - (version "0.3.11") + (version "0.3.12") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/" name "/" name "/" name "-" version "/" name "-" version ".tar.xz")) - (patches (search-patches "libmwaw-CVE-2017-9433.patch")) (sha256 (base32 - "16i9s9p4sjpdpbm3gq6jkc9r3nyfy47ggkdlgh7vr0mydccklj2b")))) + "1ryi1v38lgy5kv84fzjqkawidrg30y4hlqrz1v262792wzkad4bn")))) (build-system gnu-build-system) (native-inputs `(("doxygen" ,doxygen) @@ -617,9 +616,6 @@ text documents, vector drawings, presentations and spreadsheets.") (inputs `(("boost" ,boost) ("zlib" ,zlib))) - (arguments - ;; avoid triggering configure errors by simple inclusion of boost headers - `(#:configure-flags '("--disable-werror"))) (home-page "https://sourceforge.net/p/libmwaw/wiki/Home/") (synopsis "Import library for some old Macintosh text documents") (description "Libmwaw contains some import filters for old Macintosh diff --git a/gnu/packages/patches/libmwaw-CVE-2017-9433.patch b/gnu/packages/patches/libmwaw-CVE-2017-9433.patch deleted file mode 100644 index 502a11d2a8..0000000000 --- a/gnu/packages/patches/libmwaw-CVE-2017-9433.patch +++ /dev/null @@ -1,33 +0,0 @@ -Fix CVE-2017-9433: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9433 - -Patch copied from upstream source repository: - -https://sourceforge.net/p/libmwaw/libmwaw/ci/68b3b74569881248bfb6cbb4266177cc253b292f - -From 68b3b74569881248bfb6cbb4266177cc253b292f Mon Sep 17 00:00:00 2001 -From: David Tardon -Date: Sat, 8 Apr 2017 14:03:29 +0200 -Subject: [PATCH] ofz#1037 resize vector correctly - ---- - src/lib/MsWrd1Parser.cxx | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/lib/MsWrd1Parser.cxx b/src/lib/MsWrd1Parser.cxx -index 63547e6..3626064 100644 ---- a/src/lib/MsWrd1Parser.cxx -+++ b/src/lib/MsWrd1Parser.cxx -@@ -902,7 +902,7 @@ bool MsWrd1Parser::readFootnoteCorrespondance(MWAWVec2i limits) - int id = fIt++->second; - fPos[1] = fIt==footnoteMap.end() ? m_state->m_eot : fIt->first; - if (id >= int(m_state->m_footnotesList.size())) -- m_state->m_footnotesList.resize(size_t(id),MWAWVec2l(0,0)); -+ m_state->m_footnotesList.resize(size_t(id)+1,MWAWVec2l(0,0)); - m_state->m_footnotesList[size_t(id)]=fPos; - } - ascii().addDelimiter(input->tell(),'|'); --- -2.13.1 - -- cgit 1.4.1 From 97ecd75e289d96a8b4f9b1ae877d9d1a2f6774b4 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Tue, 10 Oct 2017 19:34:02 +0200 Subject: gnu: libxfont: Fix CVE-2017-13720, CVE-2017-13722. * gnu/packages/patches/libxfont-CVE-2017-13720.patch, gnu/packages/patches/libxfont-CVE-2017-13722.patch: New files. * gnu/local.mk (dist_patch_DATA): Register them. * gnu/packages/xorg.scm (libxfont, libxfont2)[source]: Use them. --- gnu/local.mk | 2 + gnu/packages/patches/libxfont-CVE-2017-13720.patch | 36 +++++++++++++++ gnu/packages/patches/libxfont-CVE-2017-13722.patch | 53 ++++++++++++++++++++++ gnu/packages/xorg.scm | 4 ++ 4 files changed, 95 insertions(+) create mode 100644 gnu/packages/patches/libxfont-CVE-2017-13720.patch create mode 100644 gnu/packages/patches/libxfont-CVE-2017-13722.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 21b4b9532d..234c92ba97 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -818,6 +818,8 @@ dist_patch_DATA = \ %D%/packages/patches/libvisio-fix-tests.patch \ %D%/packages/patches/libvpx-CVE-2016-2818.patch \ %D%/packages/patches/libxcb-python-3.5-compat.patch \ + %D%/packages/patches/libxfont-CVE-2017-13720.patch \ + %D%/packages/patches/libxfont-CVE-2017-13722.patch \ %D%/packages/patches/libxml2-CVE-2016-4658.patch \ %D%/packages/patches/libxml2-CVE-2016-5131.patch \ %D%/packages/patches/libxml2-CVE-2017-0663.patch \ diff --git a/gnu/packages/patches/libxfont-CVE-2017-13720.patch b/gnu/packages/patches/libxfont-CVE-2017-13720.patch new file mode 100644 index 0000000000..0936171060 --- /dev/null +++ b/gnu/packages/patches/libxfont-CVE-2017-13720.patch @@ -0,0 +1,36 @@ +Fix CVE-2017-13720. + +Copied from upstream source repository: + + + +From d1e670a4a8704b8708e493ab6155589bcd570608 Mon Sep 17 00:00:00 2001 +From: Michal Srb +Date: Thu, 20 Jul 2017 13:38:53 +0200 +Subject: Check for end of string in PatternMatch (CVE-2017-13720) + +If a pattern contains '?' character, any character in the string is skipped, +even if it is '\0'. The rest of the matching then reads invalid memory. + +Reviewed-by: Peter Hutterer +Signed-off-by: Julien Cristau + +diff --git a/src/fontfile/fontdir.c b/src/fontfile/fontdir.c +index 4ce2473..996b7d1 100644 +--- a/src/fontfile/fontdir.c ++++ b/src/fontfile/fontdir.c +@@ -400,8 +400,10 @@ PatternMatch(char *pat, int patdashes, char *string, int stringdashes) + } + } + case '?': +- if (*string++ == XK_minus) ++ if ((t = *string++) == XK_minus) + stringdashes--; ++ if (!t) ++ return 0; + break; + case '\0': + return (*string == '\0'); +-- +cgit v0.10.2 + diff --git a/gnu/packages/patches/libxfont-CVE-2017-13722.patch b/gnu/packages/patches/libxfont-CVE-2017-13722.patch new file mode 100644 index 0000000000..458fdfd1a7 --- /dev/null +++ b/gnu/packages/patches/libxfont-CVE-2017-13722.patch @@ -0,0 +1,53 @@ +Fix CVE-2017-13722. + +Copied from upstream source repository: + + +From 672bb944311392e2415b39c0d63b1e1902905bcd Mon Sep 17 00:00:00 2001 +From: Michal Srb +Date: Thu, 20 Jul 2017 17:05:23 +0200 +Subject: pcfGetProperties: Check string boundaries (CVE-2017-13722) + +Without the checks a malformed PCF file can cause the library to make +atom from random heap memory that was behind the `strings` buffer. +This may crash the process or leak information. + +Signed-off-by: Julien Cristau + +diff --git a/src/bitmap/pcfread.c b/src/bitmap/pcfread.c +index dab1c44..ae34c28 100644 +--- a/src/bitmap/pcfread.c ++++ b/src/bitmap/pcfread.c +@@ -45,6 +45,7 @@ from The Open Group. + + #include + #include ++#include + + void + pcfError(const char* message, ...) +@@ -311,11 +312,19 @@ pcfGetProperties(FontInfoPtr pFontInfo, FontFilePtr file, + if (IS_EOF(file)) goto Bail; + position += string_size; + for (i = 0; i < nprops; i++) { ++ if (props[i].name >= string_size) { ++ pcfError("pcfGetProperties(): String starts out of bounds (%ld/%d)\n", props[i].name, string_size); ++ goto Bail; ++ } + props[i].name = MakeAtom(strings + props[i].name, +- strlen(strings + props[i].name), TRUE); ++ strnlen(strings + props[i].name, string_size - props[i].name), TRUE); + if (isStringProp[i]) { ++ if (props[i].value >= string_size) { ++ pcfError("pcfGetProperties(): String starts out of bounds (%ld/%d)\n", props[i].value, string_size); ++ goto Bail; ++ } + props[i].value = MakeAtom(strings + props[i].value, +- strlen(strings + props[i].value), TRUE); ++ strnlen(strings + props[i].value, string_size - props[i].value), TRUE); + } + } + free(strings); +-- +cgit v0.10.2 + diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm index c2023dead2..7511c53266 100644 --- a/gnu/packages/xorg.scm +++ b/gnu/packages/xorg.scm @@ -4862,6 +4862,8 @@ an X Window System display.") "mirror://xorg/individual/lib/libXfont-" version ".tar.bz2")) + (patches (search-patches "libxfont-CVE-2017-13720.patch" + "libxfont-CVE-2017-13722.patch")) (sha256 (base32 "0w8d07bkmjiarkx09579bl8zsq903mn8javc7qpi0ix4ink5x502")))) @@ -4895,6 +4897,8 @@ new API's in libXft, or the legacy API's in libX11.") (method url-fetch) (uri (string-append "mirror://xorg/individual/lib/libXfont2-" version ".tar.bz2")) + (patches (search-patches "libxfont-CVE-2017-13720.patch" + "libxfont-CVE-2017-13722.patch")) (sha256 (base32 "0znvwk36nhmyqpmhbm9mzisgixp1mp5qkfald8x1n5yxbm3vpyz9")))))) -- cgit 1.4.1