From ce1e6de0763a148ed4fe7e0a455831d2f5973ac3 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Wed, 24 May 2017 19:53:21 +0200 Subject: gnu: gnome-shell: Update to 3.24.2. * gnu/packages/patches/gnome-shell-CVE-2017-8288.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. * gnu/packages/gnome.scm (gnome-shell): Update to 3.24.2. [source]: Remove patch. --- .../patches/gnome-shell-CVE-2017-8288.patch | 54 ---------------------- 1 file changed, 54 deletions(-) delete mode 100644 gnu/packages/patches/gnome-shell-CVE-2017-8288.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/gnome-shell-CVE-2017-8288.patch b/gnu/packages/patches/gnome-shell-CVE-2017-8288.patch deleted file mode 100644 index 5d8e31563f..0000000000 --- a/gnu/packages/patches/gnome-shell-CVE-2017-8288.patch +++ /dev/null @@ -1,54 +0,0 @@ -Fix CVE-2017-8288: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8288 -http://seclists.org/oss-sec/2017/q2/136 - -Patch copied from upstream source repository: - -https://git.gnome.org/browse/gnome-shell/commit/?id=ff425d1db7082e2755d2a405af53861552acf2a1 - -From ff425d1db7082e2755d2a405af53861552acf2a1 Mon Sep 17 00:00:00 2001 -From: Emilio Pozuelo Monfort -Date: Tue, 25 Apr 2017 17:27:42 +0200 -Subject: extensionSystem: handle reloading broken extensions - -Some extensions out there may fail to reload. When that happens, -we need to catch any exceptions so that we don't leave things in -a broken state that could lead to leaving extensions enabled in -the screen shield. - -https://bugzilla.gnome.org/show_bug.cgi?id=781728 ---- - js/ui/extensionSystem.js | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - -diff --git a/js/ui/extensionSystem.js b/js/ui/extensionSystem.js -index a4dc29e..fc352b8 100644 ---- a/js/ui/extensionSystem.js -+++ b/js/ui/extensionSystem.js -@@ -282,12 +282,20 @@ function _onVersionValidationChanged() { - // temporarily disable them all - enabledExtensions = []; - for (let uuid in ExtensionUtils.extensions) -- reloadExtension(ExtensionUtils.extensions[uuid]); -+ try { -+ reloadExtension(ExtensionUtils.extensions[uuid]); -+ } catch(e) { -+ logExtensionError(uuid, e); -+ } - enabledExtensions = getEnabledExtensions(); - - if (Main.sessionMode.allowExtensions) { - enabledExtensions.forEach(function(uuid) { -- enableExtension(uuid); -+ try { -+ enableExtension(uuid); -+ } catch(e) { -+ logExtensionError(uuid, e); -+ } - }); - } - } --- -cgit v0.12 - -- cgit 1.4.1 From adc5cb1b499d4878be5663e1aea2b290898f82d0 Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Fri, 26 May 2017 01:13:23 -0400 Subject: gnu: Add libgdata. * gnu/packages/gnome.scm (libgdata): New variable. * gnu/packages/patches/libgdata-fix-tests.patch, gnu/packages/patches/libgdata-glib-duplicate-tests.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. --- gnu/local.mk | 2 + gnu/packages/gnome.scm | 52 +++- gnu/packages/patches/libgdata-fix-tests.patch | 325 +++++++++++++++++++++ .../patches/libgdata-glib-duplicate-tests.patch | 16 + 4 files changed, 394 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/libgdata-fix-tests.patch create mode 100644 gnu/packages/patches/libgdata-glib-duplicate-tests.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index e08146f3b2..922c33aca3 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -729,6 +729,8 @@ dist_patch_DATA = \ %D%/packages/patches/libevent-2.1-dns-tests.patch \ %D%/packages/patches/libevent-2.1-skip-failing-test.patch \ %D%/packages/patches/libextractor-ffmpeg-3.patch \ + %D%/packages/patches/libgdata-fix-tests.patch \ + %D%/packages/patches/libgdata-glib-duplicate-tests.patch \ %D%/packages/patches/libgit2-use-after-free.patch \ %D%/packages/patches/libjxr-fix-function-signature.patch \ %D%/packages/patches/libjxr-fix-typos.patch \ diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index 299f11b2d2..6ffa10b252 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -14,7 +14,7 @@ ;;; Copyright © 2015, 2016 Efraim Flashner ;;; Copyright © 2016, 2017 Rene Saavedra ;;; Copyright © 2016 Jochem Raat -;;; Copyright © 2016 Kei Kebreau +;;; Copyright © 2016, 2017 Kei Kebreau ;;; Copyright © 2016 Jan Nieuwenhuizen ;;; Copyright © 2016 Roel Janssen ;;; Copyright © 2016 Leo Famulari @@ -238,6 +238,56 @@ relationship modeling, and network diagrams. The program supports various file formats like PNG, SVG, PDF and EPS.") (license license:gpl2+)))) +(define-public libgdata + (package + (name "libgdata") + (version "0.16.1") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnome/sources/" name "/" + (version-major+minor version) "/" + name "-" version ".tar.xz")) + (sha256 + (base32 + "09q8h1129xjpw33rvzz7856drygxwlm0s64z9cm0vbmjxiqy0h47")) + (patches + (search-patches "libgdata-fix-tests.patch" + "libgdata-glib-duplicate-tests.patch")))) + (build-system gnu-build-system) + (arguments + '(#:phases + (modify-phases %standard-phases + (add-before 'check 'use-empty-ssl-cert-file + (lambda _ + ;; The ca-certificates.crt is not available in the build + ;; environment. + (setenv "SSL_CERT_FILE" "/dev/null") + #t))))) + (native-inputs + `(("glib:bin" ,glib "bin") + ("gsettings-desktop-schemas" ,gsettings-desktop-schemas) + ("intltool" ,intltool) + ("pkg-config" ,pkg-config) + ("uhttpmock" ,uhttpmock))) + (inputs + `(("cyrus-sasl" ,cyrus-sasl) + ("glib" ,glib) + ("glib-networking" ,glib-networking) + ("json-glib" ,json-glib) + ("libsoup" ,libsoup))) + (propagated-inputs + `(("gcr" ,gcr) + ("gnome-online-accounts" ,gnome-online-accounts) + ("liboauth" ,liboauth) + ("libxml2" ,libxml2))) + (home-page "https://wiki.gnome.org/Projects/libgdata") + (synopsis "Library for accessing online service APIs") + (description + "libgdata is a GLib-based library for accessing online service APIs using +the GData protocol — most notably, Google's services. It provides APIs to +access the common Google services, and has full asynchronous support.") + (license license:lgpl2.1+))) + (define-public gnome-common (package (name "gnome-common") diff --git a/gnu/packages/patches/libgdata-fix-tests.patch b/gnu/packages/patches/libgdata-fix-tests.patch new file mode 100644 index 0000000000..dc86b3ab5a --- /dev/null +++ b/gnu/packages/patches/libgdata-fix-tests.patch @@ -0,0 +1,325 @@ +From c87a112246e0bcbd5c3a8aa484a50c617d710dbf Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Fri, 12 Dec 2014 17:31:01 +0000 +Subject: [PATCH] tests: Eliminate ISO 8601 formatting workaround for dates + +Follow up to commit 732017e4e5235e28c578cc3367fa0c4548b65495. + +https://bugzilla.gnome.org/show_bug.cgi?id=739956 +--- + gdata/tests/calendar.c | 20 ++++++++++---------- + gdata/tests/general.c | 34 +++++++++++++++++----------------- + gdata/tests/tasks.c | 34 +++++++++++++++++----------------- + gdata/tests/youtube.c | 16 ++++++++-------- + 4 files changed, 52 insertions(+), 52 deletions(-) + +diff --git a/gdata/tests/calendar.c b/gdata/tests/calendar.c +index bb1d609..c54ddda 100644 +--- a/gdata/tests/calendar.c ++++ b/gdata/tests/calendar.c +@@ -620,7 +620,7 @@ test_event_xml (void) + "" + "" + "" +- "" ++ "" + "" +@@ -706,7 +706,7 @@ test_event_xml_dates (void) + "" + "" + "" +- "" ++ "" + "" + ""); + +@@ -934,25 +934,25 @@ test_query_uri (void) + + /* Check the built query URI with a normal feed URI */ + query_uri = gdata_query_get_query_uri (GDATA_QUERY (query), "http://example.com"); +- g_assert_cmpstr (query_uri, ==, "http://example.com?q=q&futureevents=true&orderby=starttime&recurrence-expansion-start=2009-04-17T15:00:00.000001+00:00" +- "&recurrence-expansion-end=2010-04-17T15:00:00.000001+00:00&singleevents=true&sortorder=descending" +- "&start-min=2009-04-17T15:00:00.000001+00:00&start-max=2010-04-17T15:00:00.000001+00:00&ctz=America%2FLos_Angeles&max-attendees=15" ++ g_assert_cmpstr (query_uri, ==, "http://example.com?q=q&futureevents=true&orderby=starttime&recurrence-expansion-start=2009-04-17T15:00:00Z" ++ "&recurrence-expansion-end=2010-04-17T15:00:00Z&singleevents=true&sortorder=descending" ++ "&start-min=2009-04-17T15:00:00Z&start-max=2010-04-17T15:00:00Z&ctz=America%2FLos_Angeles&max-attendees=15" + "&showdeleted=true"); + g_free (query_uri); + + /* …with a feed URI with a trailing slash */ + query_uri = gdata_query_get_query_uri (GDATA_QUERY (query), "http://example.com/"); +- g_assert_cmpstr (query_uri, ==, "http://example.com/?q=q&futureevents=true&orderby=starttime&recurrence-expansion-start=2009-04-17T15:00:00.000001+00:00" +- "&recurrence-expansion-end=2010-04-17T15:00:00.000001+00:00&singleevents=true&sortorder=descending" +- "&start-min=2009-04-17T15:00:00.000001+00:00&start-max=2010-04-17T15:00:00.000001+00:00&ctz=America%2FLos_Angeles&max-attendees=15" ++ g_assert_cmpstr (query_uri, ==, "http://example.com/?q=q&futureevents=true&orderby=starttime&recurrence-expansion-start=2009-04-17T15:00:00Z" ++ "&recurrence-expansion-end=2010-04-17T15:00:00Z&singleevents=true&sortorder=descending" ++ "&start-min=2009-04-17T15:00:00Z&start-max=2010-04-17T15:00:00Z&ctz=America%2FLos_Angeles&max-attendees=15" + "&showdeleted=true"); + g_free (query_uri); + + /* …with a feed URI with pre-existing arguments */ + query_uri = gdata_query_get_query_uri (GDATA_QUERY (query), "http://example.com/bar/?test=test&this=that"); + g_assert_cmpstr (query_uri, ==, "http://example.com/bar/?test=test&this=that&q=q&futureevents=true&orderby=starttime" +- "&recurrence-expansion-start=2009-04-17T15:00:00.000001+00:00&recurrence-expansion-end=2010-04-17T15:00:00.000001+00:00" +- "&singleevents=true&sortorder=descending&start-min=2009-04-17T15:00:00.000001+00:00&start-max=2010-04-17T15:00:00.000001+00:00" ++ "&recurrence-expansion-start=2009-04-17T15:00:00Z&recurrence-expansion-end=2010-04-17T15:00:00Z" ++ "&singleevents=true&sortorder=descending&start-min=2009-04-17T15:00:00Z&start-max=2010-04-17T15:00:00Z" + "&ctz=America%2FLos_Angeles&max-attendees=15&showdeleted=true"); + g_free (query_uri); + +diff --git a/gdata/tests/general.c b/gdata/tests/general.c +index 237a908..f828d2e 100644 +--- a/gdata/tests/general.c ++++ b/gdata/tests/general.c +@@ -528,8 +528,8 @@ test_entry_parse_xml (void) + "" + "" + "Testing unhandled XML" +- "2009-01-25T14:07:37.000001+00:00" +- "2009-01-23T14:06:37.000001+00:00" ++ "2009-01-25T14:07:37Z" ++ "2009-01-23T14:06:37Z" + "Here we test unhandled XML elements." + "Test!" + "" +@@ -569,8 +569,8 @@ test_entry_parse_xml_kind_category (void) + "" + "" + "Testing kind categories" +- "2009-01-25T14:07:37.000001+00:00" +- "2009-01-23T14:06:37.000001+00:00" ++ "2009-01-25T14:07:37Z" ++ "2009-01-23T14:06:37Z" + "Here we test kind categories." + "" + "Escaped content & stuff" + "http://foo.com/?foo&bar" +- "2010-12-10T17:21:24.000001+00:00" +- "2010-12-10T17:21:24.000001+00:00" ++ "2010-12-10T17:21:24Z" ++ "2010-12-10T17:21:24Z" + "Summary & stuff" + "Free & open source" + "Content & things." +@@ -1106,7 +1106,7 @@ test_feed_escaping (void) + "" + "Test feed & stuff." + "http://foo.com?foo&bar" +- "2010-12-10T17:49:15.000001+00:00" ++ "2010-12-10T17:49:15Z" + ""); + g_object_unref (feed); + } +@@ -1157,28 +1157,28 @@ test_query_dates (void) + /* updated-min */ + gdata_query_set_updated_min (query, 1373280114); /* 2013-07-08T10:41:54Z */ + query_uri = gdata_query_get_query_uri (query, "http://example.com"); +- g_assert_cmpstr (query_uri, ==, "http://example.com?q=baz&updated-min=2013-07-08T10:41:54.000001+00:00"); ++ g_assert_cmpstr (query_uri, ==, "http://example.com?q=baz&updated-min=2013-07-08T10:41:54Z"); + g_free (query_uri); + gdata_query_set_updated_min (query, -1); + + /* updated-max */ + gdata_query_set_updated_max (query, 1373280114); /* 2013-07-08T10:41:54Z */ + query_uri = gdata_query_get_query_uri (query, "http://example.com"); +- g_assert_cmpstr (query_uri, ==, "http://example.com?q=baz&updated-max=2013-07-08T10:41:54.000001+00:00"); ++ g_assert_cmpstr (query_uri, ==, "http://example.com?q=baz&updated-max=2013-07-08T10:41:54Z"); + g_free (query_uri); + gdata_query_set_updated_max (query, -1); + + /* published-min */ + gdata_query_set_published_min (query, 1373280114); /* 2013-07-08T10:41:54Z */ + query_uri = gdata_query_get_query_uri (query, "http://example.com"); +- g_assert_cmpstr (query_uri, ==, "http://example.com?q=baz&published-min=2013-07-08T10:41:54.000001+00:00"); ++ g_assert_cmpstr (query_uri, ==, "http://example.com?q=baz&published-min=2013-07-08T10:41:54Z"); + g_free (query_uri); + gdata_query_set_published_min (query, -1); + + /* published-max */ + gdata_query_set_published_max (query, 1373280114); /* 2013-07-08T10:41:54Z */ + query_uri = gdata_query_get_query_uri (query, "http://example.com"); +- g_assert_cmpstr (query_uri, ==, "http://example.com?q=baz&published-max=2013-07-08T10:41:54.000001+00:00"); ++ g_assert_cmpstr (query_uri, ==, "http://example.com?q=baz&published-max=2013-07-08T10:41:54Z"); + g_free (query_uri); + gdata_query_set_published_max (query, -1); + +@@ -3127,7 +3127,7 @@ test_gd_reminder (void) + gdata_test_assert_xml (reminder, + "" + ""); ++ "absoluteTime='2005-06-07T00:55:00Z' method='alert'/>"); + g_object_unref (reminder); + } + +@@ -3218,8 +3218,8 @@ test_gd_when (void) + /* Check the outputted XML is the same */ + gdata_test_assert_xml (when, + "" +- ""); ++ ""); + g_object_unref (when); + + /* Now parse a time with different information */ +@@ -3258,7 +3258,7 @@ test_gd_when (void) + "" + "" +- "" ++ "" + "" + ""); + g_object_unref (when); +@@ -3278,7 +3278,7 @@ test_gd_when_escaping (void) + gdata_test_assert_xml (when, + "" + ""); ++ "startTime='2005-06-07T01:00:00Z' valueString='Value string & stuff!'/>"); + g_object_unref (when); + } + +diff --git a/gdata/tests/tasks.c b/gdata/tests/tasks.c +index 7a5bc7e..7bf3174 100644 +--- a/gdata/tests/tasks.c ++++ b/gdata/tests/tasks.c +@@ -122,11 +122,11 @@ test_query_uri (void) + g_assert_cmpstr (query_uri, ==, + "http://example.com" + "?maxResults=10" +- "&updatedMin=1970-01-01T01:53:09.000001+00:00" +- "&completedMin=1970-01-01T01:34:38.000001+00:00" +- "&completedMax=1970-01-01T00:20:34.000001+00:00" +- "&dueMin=1970-01-01T00:39:05.000001+00:00" +- "&dueMax=1970-01-01T00:57:36.000001+00:00" ++ "&updatedMin=1970-01-01T01:53:09Z" ++ "&completedMin=1970-01-01T01:34:38Z" ++ "&completedMax=1970-01-01T00:20:34Z" ++ "&dueMin=1970-01-01T00:39:05Z" ++ "&dueMax=1970-01-01T00:57:36Z" + "&showCompleted=true" + "&showDeleted=true" + "&showHidden=true"); +@@ -148,11 +148,11 @@ test_query_uri (void) + g_assert_cmpstr (query_uri, ==, + "http://example.com" + "?maxResults=10" +- "&updatedMin=1970-01-01T01:53:09.000001+00:00" +- "&completedMin=1970-01-01T01:34:38.000001+00:00" +- "&completedMax=1970-01-01T00:20:34.000001+00:00" +- "&dueMin=1970-01-01T00:39:05.000001+00:00" +- "&dueMax=1970-01-01T00:57:36.000001+00:00" ++ "&updatedMin=1970-01-01T01:53:09Z" ++ "&completedMin=1970-01-01T01:34:38Z" ++ "&completedMax=1970-01-01T00:20:34Z" ++ "&dueMin=1970-01-01T00:39:05Z" ++ "&dueMax=1970-01-01T00:57:36Z" + "&showCompleted=false" + "&showDeleted=false" + "&showHidden=false"); +@@ -317,8 +317,8 @@ test_task_properties (void) + "\"title\": \"some-other-title\"," + "\"notes\": \"more-notes\"," + "\"status\": \"completed\"," +- "\"due\": \"2014-08-30T17:20:00.000001+00:00\"," +- "\"completed\": \"2014-08-30T17:20:00.000001+00:00\"," ++ "\"due\": \"2014-08-30T17:20:00Z\"," ++ "\"completed\": \"2014-08-30T17:20:00Z\"," + "\"deleted\": true," + "\"hidden\": false" + "}"); +@@ -332,8 +332,8 @@ test_task_properties (void) + "\"title\": \"some-other-title\"," + "\"notes\": \"more-notes\"," + "\"status\": \"completed\"," +- "\"due\": \"2014-08-30T17:20:00.000001+00:00\"," +- "\"completed\": \"2014-08-30T17:20:00.000001+00:00\"," ++ "\"due\": \"2014-08-30T17:20:00Z\"," ++ "\"completed\": \"2014-08-30T17:20:00Z\"," + "\"deleted\": false," + "\"hidden\": false" + "}"); +@@ -496,14 +496,14 @@ test_task_parser_normal (void) + "\"id\": \"some-id\"," + "\"etag\": \"some-etag\"," + "\"title\": \"some-title \\\"with quotes\\\"\"," +- "\"updated\": \"2014-08-30T19:40:00.000001+00:00\"," ++ "\"updated\": \"2014-08-30T19:40:00Z\"," + "\"selfLink\": \"http://some-uri/\"," + "\"parent\": \"some-parent-id\"," + "\"position\": \"some-position\"," + "\"notes\": \"Some notes!\"," + "\"status\": \"needsAction\"," +- "\"due\": \"2014-08-30T20:00:00.000001+00:00\"," +- "\"completed\": \"2014-08-30T20:10:05.000001+00:00\"," ++ "\"due\": \"2014-08-30T20:00:00Z\"," ++ "\"completed\": \"2014-08-30T20:10:05Z\"," + "\"deleted\": false," + "\"hidden\": true," + /* Unhandled for the moment: */ +diff --git a/gdata/tests/youtube.c b/gdata/tests/youtube.c +index a1e070a..1195bc3 100644 +--- a/gdata/tests/youtube.c ++++ b/gdata/tests/youtube.c +@@ -967,8 +967,8 @@ test_parsing_yt_recorded (void) + "gd:etag='W/\"CEMFSX47eCp7ImA9WxVUGEw.\"'>" + "Judas Priest - Painkiller" + "tag:youtube.com,2008:video:JAagedeKdcQ" +- "2009-03-23T12:46:58.000001+00:00" +- "2006-05-16T14:06:37.000001+00:00" ++ "2009-03-23T12:46:58Z" ++ "2006-05-16T14:06:37Z" + "" + "" + "" +@@ -1055,8 +1055,8 @@ test_parsing_yt_access_control (void) + "gd:etag='W/\"CEMFSX47eCp7ImA9WxVUGEw.\"'>" + "Judas Priest - Painkiller" + "tag:youtube.com,2008:video:JAagedeKdcQ" +- "2009-03-23T12:46:58.000001+00:00" +- "2006-05-16T14:06:37.000001+00:00" ++ "2009-03-23T12:46:58Z" ++ "2006-05-16T14:06:37Z" + "" + "" + "" +@@ -1255,8 +1255,8 @@ test_parsing_georss_where (void) + "xmlns:gml='http://www.opengis.net/gml'>" + "Some video somewhere" + "tag:youtube.com,2008:video:JAagedeKdcQ" +- "2009-03-23T12:46:58.000001+00:00" +- "2006-05-16T14:06:37.000001+00:00" ++ "2009-03-23T12:46:58Z" ++ "2006-05-16T14:06:37Z" + "" + "" + "" +@@ -1295,8 +1295,8 @@ test_parsing_georss_where (void) + "xmlns:gml='http://www.opengis.net/gml'>" + "Some video somewhere" + "tag:youtube.com,2008:video:JAagedeKdcQ" +- "2009-03-23T12:46:58.000001+00:00" +- "2006-05-16T14:06:37.000001+00:00" ++ "2009-03-23T12:46:58Z" ++ "2006-05-16T14:06:37Z" + "" + "" + "" +-- +1.9.3 diff --git a/gnu/packages/patches/libgdata-glib-duplicate-tests.patch b/gnu/packages/patches/libgdata-glib-duplicate-tests.patch new file mode 100644 index 0000000000..d5d8d064de --- /dev/null +++ b/gnu/packages/patches/libgdata-glib-duplicate-tests.patch @@ -0,0 +1,16 @@ +diff -ur a/gdata/tests/oauth1-authorizer.c b/gdata/tests/oauth1-authorizer.c +--- a/gdata/tests/oauth1-authorizer.c 1969-12-31 19:00:00.000000000 -0500 ++++ b/gdata/tests/oauth1-authorizer.c 2017-05-27 19:35:30.551725678 -0400 +@@ -1045,10 +1045,10 @@ + /* Sync request-authentication-uri tests */ + g_test_add ("/oauth1-authorizer/request-authentication-uri/sync", OAuth1AuthorizerData, NULL, set_up_oauth1_authorizer_data, + test_oauth1_authorizer_request_authentication_uri_sync, tear_down_oauth1_authorizer_data); +- g_test_add ("/oauth1-authorizer/request-authentication-uri/sync/multiple-domains", OAuth1AuthorizerData, NULL, ++ g_test_add ("/oauth1-authorizer/request-authentication-uri/sync/multiple-domains1", OAuth1AuthorizerData, NULL, + set_up_oauth1_authorizer_data_multiple_domains, test_oauth1_authorizer_request_authentication_uri_sync, + tear_down_oauth1_authorizer_data); +- g_test_add ("/oauth1-authorizer/request-authentication-uri/sync/multiple-domains", OAuth1AuthorizerData, NULL, ++ g_test_add ("/oauth1-authorizer/request-authentication-uri/sync/multiple-domains2", OAuth1AuthorizerData, NULL, + set_up_oauth1_authorizer_data_locale, test_oauth1_authorizer_request_authentication_uri_sync, + tear_down_oauth1_authorizer_data); + g_test_add ("/oauth1-authorizer/request-authentication-uri/sync/cancellation", OAuth1AuthorizerData, NULL, -- cgit 1.4.1 From 6bf11392f96c1667d6f5927b53caf5411fc0ed6e Mon Sep 17 00:00:00 2001 From: Manolis Ragkousis Date: Sun, 4 Jun 2017 17:46:56 +0300 Subject: gnu: Add openscenegraph. * gnu/packages/graphics.scm (openscenegraph): New variable. * gnu/packages/patches/openscenegraph-ffmpeg3.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/graphics.scm | 43 ++++++ gnu/packages/patches/openscenegraph-ffmpeg3.patch | 156 ++++++++++++++++++++++ 3 files changed, 200 insertions(+) create mode 100644 gnu/packages/patches/openscenegraph-ffmpeg3.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 0449e8adc6..4d4c3b40fd 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -861,6 +861,7 @@ dist_patch_DATA = \ %D%/packages/patches/ocaml-findlib-make-install.patch \ %D%/packages/patches/omake-fix-non-determinism.patch \ %D%/packages/patches/ola-readdir-r.patch \ + %D%/packages/patches/openscenegraph-ffmpeg3.patch \ %D%/packages/patches/openexr-missing-samples.patch \ %D%/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch \ %D%/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch \ diff --git a/gnu/packages/graphics.scm b/gnu/packages/graphics.scm index cc1497cb8d..90a2909ab2 100644 --- a/gnu/packages/graphics.scm +++ b/gnu/packages/graphics.scm @@ -5,6 +5,7 @@ ;;; Copyright © 2016, 2017 Ricardo Wurmus ;;; Copyright © 2016 Efraim Flashner ;;; Copyright © 2016 Andreas Enge +;;; Copyright © 2017 Manolis Fragkiskos Ragkousis ;;; ;;; This file is part of GNU Guix. ;;; @@ -54,6 +55,7 @@ #:use-module (gnu packages image) #:use-module (gnu packages jemalloc) #:use-module (gnu packages photo) + #:use-module (gnu packages pth) #:use-module (gnu packages python) #:use-module (gnu packages qt) #:use-module (gnu packages readline) @@ -318,6 +320,47 @@ visual effects work for film.") (home-page "http://www.openimageio.org") (license license:bsd-3))) +(define-public openscenegraph + (package + (name "openscenegraph") + (version "3.4.0") + (source + (origin + (method url-fetch) + (uri (string-append "http://trac.openscenegraph.org/downloads/developer_releases/" + "OpenSceneGraph-" version ".zip")) + (sha256 + (base32 + "03h4wfqqk7rf3mpz0sa99gy715cwpala7964z2npd8jxfn27swjw")) + (patches (search-patches "openscenegraph-ffmpeg3.patch")) + (file-name (string-append name "-" version ".zip")))) + (build-system cmake-build-system) + (arguments + `(#:tests? #f ;; No test target available. + #:configure-flags + (list (string-append "-DCMAKE_INSTALL_RPATH=" + (assoc-ref %outputs "out") "/lib:" + (assoc-ref %outputs "out") "/lib64")))) + (native-inputs + `(("unzip" ,unzip))) + (inputs + `(("giflib", giflib) + ("jasper", jasper) + ("librsvg", librsvg) + ("pth", pth) + ("qtbase", qtbase) + ("ffmpeg", ffmpeg) + ("mesa", mesa))) + (synopsis "High performance real-time graphics toolkit") + (description + "The OpenSceneGraph is an open source high performance 3D graphics toolkit, +used by application developers in fields such as visual simulation, games, +virtual reality, scientific visualization and modelling.") + (home-page "http://www.openscenegraph.org") + ;; The 'LICENSE' file explains that the source is licensed under + ;; LGPL 2.1, but with 4 exceptions. This version is called OSGPL. + (license license:lgpl2.1))) + (define-public rapicorn (package (name "rapicorn") diff --git a/gnu/packages/patches/openscenegraph-ffmpeg3.patch b/gnu/packages/patches/openscenegraph-ffmpeg3.patch new file mode 100644 index 0000000000..02c04a5583 --- /dev/null +++ b/gnu/packages/patches/openscenegraph-ffmpeg3.patch @@ -0,0 +1,156 @@ +Description: Replace deprecated FFmpeg API +Author: Andreas Cadhalpun +See . +--- a/src/osgPlugins/ffmpeg/FFmpegDecoderVideo.cpp ++++ b/src/osgPlugins/ffmpeg/FFmpegDecoderVideo.cpp +@@ -71,7 +71,7 @@ void FFmpegDecoderVideo::open(AVStream * + findAspectRatio(); + + // Find out whether we support Alpha channel +- m_alpha_channel = (m_context->pix_fmt == PIX_FMT_YUVA420P); ++ m_alpha_channel = (m_context->pix_fmt == AV_PIX_FMT_YUVA420P); + + // Find out the framerate + m_frame_rate = av_q2d(stream->avg_frame_rate); +@@ -91,20 +91,19 @@ void FFmpegDecoderVideo::open(AVStream * + throw std::runtime_error("avcodec_open() failed"); + + // Allocate video frame +- m_frame.reset(avcodec_alloc_frame()); ++ m_frame.reset(av_frame_alloc()); + + // Allocate converted RGB frame +- m_frame_rgba.reset(avcodec_alloc_frame()); +- m_buffer_rgba[0].resize(avpicture_get_size(PIX_FMT_RGB24, width(), height())); ++ m_frame_rgba.reset(av_frame_alloc()); ++ m_buffer_rgba[0].resize(avpicture_get_size(AV_PIX_FMT_RGB24, width(), height())); + m_buffer_rgba[1].resize(m_buffer_rgba[0].size()); + + // Assign appropriate parts of the buffer to image planes in m_frame_rgba +- avpicture_fill((AVPicture *) (m_frame_rgba).get(), &(m_buffer_rgba[0])[0], PIX_FMT_RGB24, width(), height()); ++ avpicture_fill((AVPicture *) (m_frame_rgba).get(), &(m_buffer_rgba[0])[0], AV_PIX_FMT_RGB24, width(), height()); + + // Override get_buffer()/release_buffer() from codec context in order to retrieve the PTS of each frame. + m_context->opaque = this; +- m_context->get_buffer = getBuffer; +- m_context->release_buffer = releaseBuffer; ++ m_context->get_buffer2 = getBuffer; + } + + +@@ -263,8 +262,8 @@ int FFmpegDecoderVideo::convert(AVPictur + #ifdef USE_SWSCALE + if (m_swscale_ctx==0) + { +- m_swscale_ctx = sws_getContext(src_width, src_height, (PixelFormat) src_pix_fmt, +- src_width, src_height, (PixelFormat) dst_pix_fmt, ++ m_swscale_ctx = sws_getContext(src_width, src_height, (AVPixelFormat) src_pix_fmt, ++ src_width, src_height, (AVPixelFormat) dst_pix_fmt, + /*SWS_BILINEAR*/ SWS_BICUBIC, NULL, NULL, NULL); + } + +@@ -311,14 +310,14 @@ void FFmpegDecoderVideo::publishFrame(co + AVPicture * const dst = (AVPicture *) m_frame_rgba.get(); + + // Assign appropriate parts of the buffer to image planes in m_frame_rgba +- avpicture_fill((AVPicture *) (m_frame_rgba).get(), &(m_buffer_rgba[m_writeBuffer])[0], PIX_FMT_RGB24, width(), height()); ++ avpicture_fill((AVPicture *) (m_frame_rgba).get(), &(m_buffer_rgba[m_writeBuffer])[0], AV_PIX_FMT_RGB24, width(), height()); + + // Convert YUVA420p (i.e. YUV420p plus alpha channel) using our own routine + +- if (m_context->pix_fmt == PIX_FMT_YUVA420P) ++ if (m_context->pix_fmt == AV_PIX_FMT_YUVA420P) + yuva420pToRgba(dst, src, width(), height()); + else +- convert(dst, PIX_FMT_RGB24, src, m_context->pix_fmt, width(), height()); ++ convert(dst, AV_PIX_FMT_RGB24, src, m_context->pix_fmt, width(), height()); + + // Wait 'delay' seconds before publishing the picture. + int i_delay = static_cast(delay * 1000000 + 0.5); +@@ -345,7 +344,7 @@ void FFmpegDecoderVideo::publishFrame(co + + void FFmpegDecoderVideo::yuva420pToRgba(AVPicture * const dst, AVPicture * const src, int width, int height) + { +- convert(dst, PIX_FMT_RGB24, src, m_context->pix_fmt, width, height); ++ convert(dst, AV_PIX_FMT_RGB24, src, m_context->pix_fmt, width, height); + + const size_t bpp = 4; + +@@ -363,31 +362,28 @@ void FFmpegDecoderVideo::yuva420pToRgba( + } + } + +- +- +-int FFmpegDecoderVideo::getBuffer(AVCodecContext * const context, AVFrame * const picture) ++int FFmpegDecoderVideo::getBuffer(AVCodecContext * const context, AVFrame * const picture, int flags) + { ++ AVBufferRef *ref; + const FFmpegDecoderVideo * const this_ = reinterpret_cast(context->opaque); + +- const int result = avcodec_default_get_buffer(context, picture); ++ const int result = avcodec_default_get_buffer2(context, picture, flags); + int64_t * p_pts = reinterpret_cast( av_malloc(sizeof(int64_t)) ); + + *p_pts = this_->m_packet_pts; + picture->opaque = p_pts; + ++ ref = av_buffer_create((uint8_t *)picture->opaque, sizeof(int64_t), FFmpegDecoderVideo::freeBuffer, picture->buf[0], flags); ++ picture->buf[0] = ref; ++ + return result; + } + +- +- +-void FFmpegDecoderVideo::releaseBuffer(AVCodecContext * const context, AVFrame * const picture) ++void FFmpegDecoderVideo::freeBuffer(void *opaque, uint8_t *data) + { +- if (picture != 0) +- av_freep(&picture->opaque); +- +- avcodec_default_release_buffer(context, picture); ++ AVBufferRef *ref = (AVBufferRef *)opaque; ++ av_buffer_unref(&ref); ++ av_free(data); + } + +- +- + } // namespace osgFFmpeg +--- a/src/osgPlugins/ffmpeg/FFmpegDecoderVideo.hpp ++++ b/src/osgPlugins/ffmpeg/FFmpegDecoderVideo.hpp +@@ -94,8 +94,8 @@ private: + int src_pix_fmt, int src_width, int src_height); + + +- static int getBuffer(AVCodecContext * context, AVFrame * picture); +- static void releaseBuffer(AVCodecContext * context, AVFrame * picture); ++ static int getBuffer(AVCodecContext * context, AVFrame * picture, int flags); ++ static void freeBuffer(void * opaque, uint8_t *data); + + PacketQueue & m_packets; + FFmpegClocks & m_clocks; +--- a/src/osgPlugins/ffmpeg/FFmpegParameters.cpp ++++ b/src/osgPlugins/ffmpeg/FFmpegParameters.cpp +@@ -19,7 +19,7 @@ extern "C" + #include + } + +-inline PixelFormat osg_av_get_pix_fmt(const char *name) { return av_get_pix_fmt(name); } ++inline AVPixelFormat osg_av_get_pix_fmt(const char *name) { return av_get_pix_fmt(name); } + + + namespace osgFFmpeg { +--- a/src/osgPlugins/ffmpeg/FFmpegDecoderAudio.cpp 2016-02-18 21:25:39.627923629 +0000 ++++ b/src/osgPlugins/ffmpeg/FFmpegDecoderAudio.cpp 2016-02-18 21:26:17.071140100 +0000 +@@ -227,8 +227,7 @@ + if (avcodec_open2(m_context, p_codec, NULL) < 0) + throw std::runtime_error("avcodec_open() failed"); + +- m_context->get_buffer = avcodec_default_get_buffer; +- m_context->release_buffer = avcodec_default_release_buffer; ++ m_context->get_buffer2 = avcodec_default_get_buffer2; + + } + -- cgit 1.4.1 From fb976ada5be4634048bcbdde880729ee12f610e9 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Sun, 4 Jun 2017 21:59:18 +0200 Subject: gnu: libssh: Update to 0.7.5. * gnu/packages/ssh.scm (libssh): Update to 0.7.5. [source](patches): New field. --- gnu/local.mk | 1 + .../patches/libssh-hostname-parser-bug.patch | 31 ++++++++++++++++++++++ gnu/packages/ssh.scm | 7 ++--- 3 files changed, 36 insertions(+), 3 deletions(-) create mode 100644 gnu/packages/patches/libssh-hostname-parser-bug.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 4d4c3b40fd..bf8143c2c6 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -743,6 +743,7 @@ dist_patch_DATA = \ %D%/packages/patches/libsndfile-armhf-type-checks.patch \ %D%/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch \ %D%/packages/patches/libsndfile-CVE-2017-8362.patch \ + %D%/packages/patches/libssh-hostname-parser-bug.patch \ %D%/packages/patches/libssh2-fix-build-failure-with-gcrypt.patch \ %D%/packages/patches/libtar-CVE-2013-4420.patch \ %D%/packages/patches/libtasn1-CVE-2017-6891.patch \ diff --git a/gnu/packages/patches/libssh-hostname-parser-bug.patch b/gnu/packages/patches/libssh-hostname-parser-bug.patch new file mode 100644 index 0000000000..69f46cbdd6 --- /dev/null +++ b/gnu/packages/patches/libssh-hostname-parser-bug.patch @@ -0,0 +1,31 @@ +Fix "Hostname" parsing in OpenSSH config files, as reported +at . + +From: Niels Ole Salscheider +Date: Mon, 8 May 2017 17:36:13 +0200 +Subject: [PATCH] Fix reading of the first parameter + +This is a fixup for 7b8b5eb4eac314a3a29be812bef0264c6611f6e7. +Previously, it would return as long as the parameter was _not_ seen +before. It also did not handle the case for the unsupported opcode (-1) +which would cause a segfault when accessing the "seen" array. +--- + src/config.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/config.c b/src/config.c +index 7c03b27..238a655 100644 +--- a/src/config.c ++++ b/src/config.c +@@ -218,8 +218,9 @@ static int ssh_config_parse_line(ssh_session session, const char *line, + } + + opcode = ssh_config_get_opcode(keyword); +- if (*parsing == 1 && opcode != SOC_HOST) { +- if (seen[opcode] == 0) { ++ if (*parsing == 1 && opcode != SOC_HOST && ++ opcode > SOC_UNSUPPORTED && opcode < SOC_END) { ++ if (seen[opcode] == 1) { + return 0; + } + seen[opcode] = 1; diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm index c96ed0a72b..d79663a2b5 100644 --- a/gnu/packages/ssh.scm +++ b/gnu/packages/ssh.scm @@ -58,15 +58,16 @@ (define-public libssh (package (name "libssh") - (version "0.7.4") + (version "0.7.5") (source (origin (method url-fetch) (uri (string-append - "https://red.libssh.org/attachments/download/210/libssh-" + "https://red.libssh.org/attachments/download/218/libssh-" version ".tar.xz")) (sha256 (base32 - "03bcp9ksqp0s1pmwfmzhcknvkxay5k0mjzzxp3rjlifbng1vxq9r")))) + "15bh6dm9c50ndddzh3gqcgw7axp3ghrspjpkb1z3dr90vkanvs2l")) + (patches (search-patches "libssh-hostname-parser-bug.patch")))) (build-system cmake-build-system) (outputs '("out" "debug")) (arguments -- cgit 1.4.1 From 00c5e3e5fcc815f99754549cf261d37fc4062455 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Mon, 5 Jun 2017 14:58:01 +0200 Subject: gnu: xf86-input-wacom: Update to 0.34.2. * gnu/packages/xdisorg.scm (xf86-input-wacom): Update to 0.34.2. [source]: Remove obsolete patch. * gnu/packages/patches/xf86-input-wacom-xorg-abi-25.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - .../patches/xf86-input-wacom-xorg-abi-25.patch | 46 ---------------------- gnu/packages/xdisorg.scm | 6 +-- 3 files changed, 2 insertions(+), 51 deletions(-) delete mode 100644 gnu/packages/patches/xf86-input-wacom-xorg-abi-25.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index cb8fbc5db9..0722217ac4 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1066,7 +1066,6 @@ dist_patch_DATA = \ %D%/packages/patches/xcb-proto-python3-whitespace.patch \ %D%/packages/patches/wxwidgets-fix-windowGTK.patch \ %D%/packages/patches/xdotool-fix-makefile.patch \ - %D%/packages/patches/xf86-input-wacom-xorg-abi-25.patch \ %D%/packages/patches/xf86-video-ark-remove-mibstore.patch \ %D%/packages/patches/xf86-video-ast-remove-mibstore.patch \ %D%/packages/patches/xf86-video-geode-glibc-2.20.patch \ diff --git a/gnu/packages/patches/xf86-input-wacom-xorg-abi-25.patch b/gnu/packages/patches/xf86-input-wacom-xorg-abi-25.patch deleted file mode 100644 index dc594bdccb..0000000000 --- a/gnu/packages/patches/xf86-input-wacom-xorg-abi-25.patch +++ /dev/null @@ -1,46 +0,0 @@ -Resolves a test compatibility issue with xorg >= 1.19. - -Upstream bug report: - -https://sourceforge.net/p/linuxwacom/bugs/329/ - -Patch copied from upstream source repository: - -https://sourceforge.net/p/linuxwacom/xf86-input-wacom/ci/f0dedf7a610ac97bc45738492b98ce4f1e0514ec/ - -From f0dedf7a610ac97bc45738492b98ce4f1e0514ec Mon Sep 17 00:00:00 2001 -From: Jason Gerecke -Date: Wed, 18 Jan 2017 09:00:10 -0800 -Subject: [PATCH] tests: Fix compilation under ABI 25 and greater - -diff --git a/test/fake-symbols.c b/test/fake-symbols.c -index 6f2c10a..e649fb9 100644 ---- a/test/fake-symbols.c -+++ b/test/fake-symbols.c -@@ -493,6 +493,7 @@ void TimerFree(OsTimerPtr timer) - { - } - -+#if GET_ABI_MAJOR(ABI_XINPUT_VERSION) < 24 - int - xf86BlockSIGIO (void) - { -@@ -503,6 +504,15 @@ void - xf86UnblockSIGIO (int wasset) - { - } -+#else -+void input_lock (void) -+{ -+} -+ -+void input_unlock (void) -+{ -+} -+#endif - - /* This is not the same as the X server one, but it'll do for the tests */ - #if GET_ABI_MAJOR(ABI_XINPUT_VERSION) >= 14 --- -2.11.1 - diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm index af5c863960..91abf66945 100644 --- a/gnu/packages/xdisorg.scm +++ b/gnu/packages/xdisorg.scm @@ -823,7 +823,7 @@ Wacom tablet applet.") (define-public xf86-input-wacom (package (name "xf86-input-wacom") - (version "0.34.0") + (version "0.34.2") (source (origin (method url-fetch) (uri (string-append @@ -831,9 +831,7 @@ Wacom tablet applet.") name "-" version ".tar.bz2")) (sha256 (base32 - "0idhkigl0pnyp08sqm6bqfb4h20v6rjrb71z1gdv59gk7d7qwpgi")) - (patches - (search-patches "xf86-input-wacom-xorg-abi-25.patch")))) + "073bf12ka1mcqvr1sviixb51bsfx37jalrj9xw53f10i2kdvkl9a")))) (arguments `(#:configure-flags (list (string-append "--with-sdkdir=" -- cgit 1.4.1 From 15df12beae9f01c87bae85a9a60edf72d8b6ed66 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Mon, 5 Jun 2017 22:09:13 -0400 Subject: gnu: perl: Fix CVE-2017-6512 in File::Path. * gnu/packages/perl.scm (perl)[replacement]: New field. (perl/fixed): New variable. * gnu/packages/patches/perl-file-path-CVE-2017-6512.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + .../patches/perl-file-path-CVE-2017-6512.patch | 173 +++++++++++++++++++++ gnu/packages/perl.scm | 13 ++ 3 files changed, 187 insertions(+) create mode 100644 gnu/packages/patches/perl-file-path-CVE-2017-6512.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 4b2bdfe37a..ab3fbb2d39 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -884,6 +884,7 @@ dist_patch_DATA = \ %D%/packages/patches/pcre-CVE-2017-7186.patch \ %D%/packages/patches/pcre2-CVE-2017-7186.patch \ %D%/packages/patches/pcre2-CVE-2017-8786.patch \ + %D%/packages/patches/perl-file-path-CVE-2017-6512.patch \ %D%/packages/patches/perl-autosplit-default-time.patch \ %D%/packages/patches/perl-deterministic-ordering.patch \ %D%/packages/patches/perl-finance-quote-unuse-mozilla-ca.patch \ diff --git a/gnu/packages/patches/perl-file-path-CVE-2017-6512.patch b/gnu/packages/patches/perl-file-path-CVE-2017-6512.patch new file mode 100644 index 0000000000..28ab067599 --- /dev/null +++ b/gnu/packages/patches/perl-file-path-CVE-2017-6512.patch @@ -0,0 +1,173 @@ +Fix CVE-2017-6512: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6512 +https://rt.cpan.org/Public/Bug/Display.html?id=121951 + +Patch copied from Debian, adapted to apply to the copy of File::Path in Perl +5.24.0. + +https://github.com/jkeenan/File-Path/commit/e5ef95276ee8ad471c66ee574a5d42552b3a6af2 +https://anonscm.debian.org/cgit/perl/perl.git/diff/debian/patches/fixes/file_path_chmod_race.diff?id=e7b50f8fb6413f8ddfbbfda2d531615fb029e2d3 + +From d760748be0efca7c05454440e24f3df77bf7cf5d Mon Sep 17 00:00:00 2001 +From: John Lightsey +Date: Tue, 2 May 2017 12:03:52 -0500 +Subject: Prevent directory chmod race attack. + +CVE-2017-6512 is a race condition attack where the chmod() of directories +that cannot be entered is misused to change the permissions on other +files or directories on the system. This has been corrected by limiting +the directory-permission loosening logic to systems where fchmod() is +supported. + +[Backported (whitespace adjustments) to File-Path 2.12 / perl 5.24 by +Dominic Hargreaves for Debian.] + +Bug: https://rt.cpan.org/Public/Bug/Display.html?id=121951 +Bug-Debian: https://bugs.debian.org/863870 +Patch-Name: fixes/file_path_chmod_race.diff +--- + cpan/File-Path/lib/File/Path.pm | 39 +++++++++++++++++++++++++-------------- + cpan/File-Path/t/Path.t | 40 ++++++++++++++++++++++++++-------------- + 2 files changed, 51 insertions(+), 28 deletions(-) + +diff --git a/cpan/File-Path/lib/File/Path.pm b/cpan/File-Path/lib/File/Path.pm +index 034da1e..a824cc8 100644 +--- a/cpan/File-Path/lib/File/Path.pm ++++ b/cpan/File-Path/lib/File/Path.pm +@@ -354,21 +354,32 @@ sub _rmtree { + + # see if we can escalate privileges to get in + # (e.g. funny protection mask such as -w- instead of rwx) +- $perm &= oct '7777'; +- my $nperm = $perm | oct '700'; +- if ( +- !( +- $arg->{safe} +- or $nperm == $perm +- or chmod( $nperm, $root ) +- ) +- ) +- { +- _error( $arg, +- "cannot make child directory read-write-exec", $canon ); +- next ROOT_DIR; ++ # This uses fchmod to avoid traversing outside of the proper ++ # location (CVE-2017-6512) ++ my $root_fh; ++ if (open($root_fh, '<', $root)) { ++ my ($fh_dev, $fh_inode) = (stat $root_fh )[0,1]; ++ $perm &= oct '7777'; ++ my $nperm = $perm | oct '700'; ++ local $@; ++ if ( ++ !( ++ $arg->{safe} ++ or $nperm == $perm ++ or !-d _ ++ or $fh_dev ne $ldev ++ or $fh_inode ne $lino ++ or eval { chmod( $nperm, $root_fh ) } ++ ) ++ ) ++ { ++ _error( $arg, ++ "cannot make child directory read-write-exec", $canon ); ++ next ROOT_DIR; ++ } ++ close $root_fh; + } +- elsif ( !chdir($root) ) { ++ if ( !chdir($root) ) { + _error( $arg, "cannot chdir to child", $canon ); + next ROOT_DIR; + } +diff --git a/cpan/File-Path/t/Path.t b/cpan/File-Path/t/Path.t +index ff52fd6..956ca09 100644 +--- a/cpan/File-Path/t/Path.t ++++ b/cpan/File-Path/t/Path.t +@@ -3,7 +3,7 @@ + + use strict; + +-use Test::More tests => 127; ++use Test::More tests => 126; + use Config; + use Fcntl ':mode'; + use lib 't/'; +@@ -18,6 +18,13 @@ BEGIN { + + my $Is_VMS = $^O eq 'VMS'; + ++my $fchmod_supported = 0; ++if (open my $fh, curdir()) { ++ my ($perm) = (stat($fh))[2]; ++ $perm &= 07777; ++ eval { $fchmod_supported = chmod( $perm, $fh); }; ++} ++ + # first check for stupid permissions second for full, so we clean up + # behind ourselves + for my $perm (0111,0777) { +@@ -299,16 +306,19 @@ is($created[0], $dir, "created directory (old style 3 mode undef) cross-check"); + + is(rmtree($dir, 0, undef), 1, "removed directory 3 verbose undef"); + +-$dir = catdir($tmp_base,'G'); +-$dir = VMS::Filespec::unixify($dir) if $Is_VMS; ++SKIP: { ++ skip "fchmod of directories not supported on this platform", 3 unless $fchmod_supported; ++ $dir = catdir($tmp_base,'G'); ++ $dir = VMS::Filespec::unixify($dir) if $Is_VMS; + +-@created = mkpath($dir, undef, 0200); ++ @created = mkpath($dir, undef, 0400); + +-is(scalar(@created), 1, "created write-only dir"); ++ is(scalar(@created), 1, "created read-only dir"); + +-is($created[0], $dir, "created write-only directory cross-check"); ++ is($created[0], $dir, "created read-only directory cross-check"); + +-is(rmtree($dir), 1, "removed write-only dir"); ++ is(rmtree($dir), 1, "removed read-only dir"); ++} + + # borderline new-style heuristics + if (chdir $tmp_base) { +@@ -450,26 +460,28 @@ SKIP: { + } + + SKIP : { +- my $skip_count = 19; ++ my $skip_count = 18; + # this test will fail on Windows, as per: + # http://perldoc.perl.org/perlport.html#chmod + + skip "Windows chmod test skipped", $skip_count + if $^O eq 'MSWin32'; ++ skip "fchmod() on directories is not supported on this platform", $skip_count ++ unless $fchmod_supported; + my $mode; + my $octal_mode; + my @inputs = ( +- 0777, 0700, 0070, 0007, +- 0333, 0300, 0030, 0003, +- 0111, 0100, 0010, 0001, +- 0731, 0713, 0317, 0371, 0173, 0137, +- 00 ); ++ 0777, 0700, 0470, 0407, ++ 0433, 0400, 0430, 0403, ++ 0111, 0100, 0110, 0101, ++ 0731, 0713, 0317, 0371, ++ 0173, 0137); + my $input; + my $octal_input; +- $dir = catdir($tmp_base, 'chmod_test'); + + foreach (@inputs) { + $input = $_; ++ $dir = catdir($tmp_base, sprintf("chmod_test%04o", $input)); + # We can skip from here because 0 is last in the list. + skip "Mode of 0 means assume user defaults on VMS", 1 + if ($input == 0 && $Is_VMS); diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm index e56c80609b..6da4bb13fd 100644 --- a/gnu/packages/perl.scm +++ b/gnu/packages/perl.scm @@ -51,6 +51,7 @@ ;; Yeah, Perl... It is required early in the bootstrap process by Linux. (package (name "perl") + (replacement perl/fixed) (version "5.24.0") (source (origin (method url-fetch) @@ -147,6 +148,18 @@ (home-page "http://www.perl.org/") (license gpl1+))) ; or "Artistic" +(define perl/fixed + (package + (inherit perl) + (replacement #f) + (source + (origin + (inherit (package-source perl)) + (patches + (append + (origin-patches (package-source perl)) + (search-patches "perl-file-path-CVE-2017-6512.patch"))))))) + (define-public perl-algorithm-c3 (package (name "perl-algorithm-c3") -- cgit 1.4.1