From 6543bc80b41c488a069b39d8b26e6d61cbb8252d Mon Sep 17 00:00:00 2001 From: Pierre Langlois Date: Wed, 12 Jun 2019 21:15:27 +0100 Subject: gnu: Add python-slugify. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/python-web.scm (python-slugify): New variable. * gnu/packages/patches/python-slugify-depend-on-unidecode.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. Signed-off-by: Ludovic Courtès --- .../python-slugify-depend-on-unidecode.patch | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 gnu/packages/patches/python-slugify-depend-on-unidecode.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/python-slugify-depend-on-unidecode.patch b/gnu/packages/patches/python-slugify-depend-on-unidecode.patch new file mode 100644 index 0000000000..6038f432f1 --- /dev/null +++ b/gnu/packages/patches/python-slugify-depend-on-unidecode.patch @@ -0,0 +1,22 @@ +diff --git a/setup.py b/setup.py +index 4800173..6bdd77f 100755 +--- a/setup.py ++++ b/setup.py +@@ -14,8 +14,7 @@ url = 'https://github.com/un33k/python-slugify' + author = 'Val Neekman' + author_email = 'info@neekware.com' + license = 'MIT' +-install_requires = ['text-unidecode==1.2'] +-extras_require = {'unidecode': ['Unidecode==1.0.23']} ++install_requires = ['Unidecode'] + + classifiers = [ + 'Development Status :: 5 - Production/Stable', +@@ -67,7 +66,6 @@ setup( + author_email=author_email, + packages=find_packages(exclude=EXCLUDE_FROM_PACKAGES), + install_requires=install_requires, +- extras_require=extras_require, + classifiers=classifiers, + entry_points={'console_scripts': ['slugify=slugify.slugify:main']}, + ) -- cgit 1.4.1 From bf187d92e39e93e8e08719de8b08c57db530eed9 Mon Sep 17 00:00:00 2001 From: Pierre Langlois Date: Thu, 13 Jun 2019 16:07:21 +0100 Subject: gnu: Add csvkit. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/wireservice.scm (csvkit): New variable. * gnu/packages/patches/csvkit-fix-tests.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 1 + gnu/packages/patches/csvkit-fix-tests.patch | 45 ++++++++++++++++++ gnu/packages/wireservice.scm | 73 +++++++++++++++++++++++++++++ 3 files changed, 119 insertions(+) create mode 100644 gnu/packages/patches/csvkit-fix-tests.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 0f4c1ce5c8..734676f45a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -742,6 +742,7 @@ dist_patch_DATA = \ %D%/packages/patches/cpufrequtils-fix-aclocal.patch \ %D%/packages/patches/crawl-upgrade-saves.patch \ %D%/packages/patches/crda-optional-gcrypt.patch \ + %D%/packages/patches/csvkit-fix-tests.patch \ %D%/packages/patches/clucene-contribs-lib.patch \ %D%/packages/patches/cube-nocheck.patch \ %D%/packages/patches/cursynth-wave-rand.patch \ diff --git a/gnu/packages/patches/csvkit-fix-tests.patch b/gnu/packages/patches/csvkit-fix-tests.patch new file mode 100644 index 0000000000..cb9ec39cb0 --- /dev/null +++ b/gnu/packages/patches/csvkit-fix-tests.patch @@ -0,0 +1,45 @@ +diff --git a/tests/test_utilities/test_csvsql.py b/tests/test_utilities/test_csvsql.py +index e6ec4af..4f47980 100644 +--- a/tests/test_utilities/test_csvsql.py ++++ b/tests/test_utilities/test_csvsql.py +@@ -197,7 +197,7 @@ class TestCSVSQL(CSVKitTestCase, EmptyFileTests): + utility.run() + output = output_file.getvalue() + output_file.close() +- self.assertEqual(output, 'a,b,c\n1,2,3\n0,5,6\n') ++ self.assertEqual(output, 'a,b,c\n1,2.0,3.0\n0,5.0,6.0\n') + + def test_no_prefix_unique_constraint(self): + self.get_output(['--db', 'sqlite:///' + self.db_file, '--insert', 'examples/dummy.csv', '--unique-constraint', 'a']) +diff --git a/tests/test_utilities/test_sql2csv.py b/tests/test_utilities/test_sql2csv.py +index a0c3d3e..babcfd6 100644 +--- a/tests/test_utilities/test_sql2csv.py ++++ b/tests/test_utilities/test_sql2csv.py +@@ -121,23 +121,23 @@ class TestSQL2CSV(CSVKitTestCase, EmptyFileTests): + input_file.close() + + def test_unicode(self): +- expected = self.csvsql('examples/test_utf8.csv') ++ self.csvsql('examples/test_utf8.csv') + csv = self.get_output(['--db', 'sqlite:///' + self.db_file, '--query', 'select * from foo']) +- self.assertEqual(csv.strip(), expected) ++ self.assertEqual(csv.strip(), 'foo,bar,baz\n1.0,2.0,3\n4.0,5.0,ʤ') + + def test_no_header_row(self): + self.csvsql('examples/dummy.csv') + csv = self.get_output(['--db', 'sqlite:///' + self.db_file, '--no-header-row', '--query', 'select * from foo']) + + self.assertTrue('a,b,c' not in csv) +- self.assertTrue('1,2,3' in csv) ++ self.assertTrue('1,2.0,3.0' in csv) + + def test_linenumbers(self): + self.csvsql('examples/dummy.csv') + csv = self.get_output(['--db', 'sqlite:///' + self.db_file, '--linenumbers', '--query', 'select * from foo']) + + self.assertTrue('line_number,a,b,c' in csv) +- self.assertTrue('1,1,2,3' in csv) ++ self.assertTrue('1,1,2.0,3.0' in csv) + + def test_wildcard_on_sqlite(self): + self.csvsql('examples/iris.csv') diff --git a/gnu/packages/wireservice.scm b/gnu/packages/wireservice.scm index 78c2a4264d..ab86f21f2f 100644 --- a/gnu/packages/wireservice.scm +++ b/gnu/packages/wireservice.scm @@ -19,6 +19,7 @@ (define-module (gnu packages wireservice) #:use-module ((guix licenses) #:prefix license:) #:use-module (guix build-system python) + #:use-module (guix download) #:use-module (guix git-download) #:use-module (guix packages) #:use-module (gnu packages) @@ -191,3 +192,75 @@ for dbf files support to all @code{agate.Table} instances."))) (synopsis "Add read support for Excel files (xls and xlsx) to agate") (description "@code{agateexcel} uses a monkey patching pattern to add read for xls and xlsx files support to all @code{agate.Table} instances."))) + +(define-public csvkit + (package + (name "csvkit") + (version "1.0.4") + (source (origin + (method url-fetch) + (uri (pypi-uri "csvkit" version)) + (sha256 + (base32 + "1830lb95rh1iyi3drlwxzb6y3pqkii0qiyzd40c1kvhvaf1s6lqk")) + (patches (search-patches "csvkit-fix-tests.patch")))) + (build-system python-build-system) + (native-inputs + `(("python-psycopg2" ,python-psycopg2) ;; Used to test PostgreSQL support. + ("python-sphinx" ,python-sphinx) + ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme))) + (inputs + `(("python-agate-dbf" ,python-agate-dbf) + ("python-agate-excel" ,python-agate-excel) + ("python-agate-sql" ,python-agate-sql) + ("python-six" ,python-six))) + (arguments + `(#:phases + (modify-phases %standard-phases + (add-after 'install 'install-docs + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (man1 (string-append out "/share/man/man1"))) + (with-directory-excursion "docs" + (invoke "make" "man") + (copy-recursively "_build/man" man1)) + #t)))))) + (home-page "https://csvkit.rtfd.org") + (synopsis "Command-line tools for working with CSV") + (description "csvkit is a suite of command-line tools for converting to +and working with CSV. It provides the following commands: +@itemize +@item Input: + @itemize + @item @command{in2csv}: Convert various formats to CSV. + @item @command{sql2csv}: Execute SQL commands on a database and return the +data as CSV. + @end itemize +@item Processing: + @itemize + @item @command{csvclean}: Remove common syntax errors. + @item @command{csvcut}: Filter and truncate CSV files. + @item @command{csvgrep}: Filter tabular data to only those rows where +certain columns contain a given value or match a regular expression. + @item @command{csvjoin}: Merges two or more CSV tables together using a +method analogous to SQL JOIN operation. + @item @command{csvsort}: Sort CSV files. + @item @command{csvstack}: Stack up the rows from multiple CSV files, +optionally adding a grouping value to each row. + @end itemize +@item Output and analysis: + @itemize + @item @command{csvformat}: Convert a CSV file to a custom output format. + @item @command{csvjson}: Converts a CSV file into JSON or GeoJSON. + @item @command{csvlook}: Renders a CSV to the command line in a +Markdown-compatible, fixed-width format. + @item @command{csvpy}: Loads a CSV file into a @code{agate.csv.Reader} +object and then drops into a Python shell so the user can inspect the data +however they see fit. + @item @command{csvsql}: Generate SQL statements for a CSV file or execute +those statements directly on a database. + @item @command{csvstat}: Prints descriptive statistics for all columns in a +CSV file. + @end itemize +@end itemize") + (license license:expat))) -- cgit 1.4.1 From 069ab3bbfde704760acaca20dff8a29d167c6be5 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Tue, 9 Jul 2019 01:24:17 +0200 Subject: gnu: grub: Update to 2.04. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/bootloaders.scm (grub): Update to 2.04. [source]: Remove upstreamed patches. [arguments]: Don't require Python. Add a ‘disable-pixel-perfect-test’ phase to skip tests that fail with with our newer Unifont. * gnu/packages/patches/grub-efi-fat-serial-number.patch: Adjust context. * gnu/packages/patches/grub-binutils-compat.patch, gnu/packages/patches/grub-check-error-efibootmgr.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. --- gnu/local.mk | 2 - gnu/packages/bootloaders.scm | 23 ++- gnu/packages/patches/grub-binutils-compat.patch | 53 ------ .../patches/grub-check-error-efibootmgr.patch | 197 --------------------- .../patches/grub-efi-fat-serial-number.patch | 17 +- 5 files changed, 26 insertions(+), 266 deletions(-) delete mode 100644 gnu/packages/patches/grub-binutils-compat.patch delete mode 100644 gnu/packages/patches/grub-check-error-efibootmgr.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 734676f45a..7dcac4f2bc 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -893,8 +893,6 @@ dist_patch_DATA = \ %D%/packages/patches/grep-timing-sensitive-test.patch \ %D%/packages/patches/groff-source-date-epoch.patch \ %D%/packages/patches/groovy-add-exceptionutilsgenerator.patch \ - %D%/packages/patches/grub-binutils-compat.patch \ - %D%/packages/patches/grub-check-error-efibootmgr.patch \ %D%/packages/patches/grub-efi-fat-serial-number.patch \ %D%/packages/patches/gsl-test-i686.patch \ %D%/packages/patches/gspell-dash-test.patch \ diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm index 6e6e69ff3b..d6b936b64a 100644 --- a/gnu/packages/bootloaders.scm +++ b/gnu/packages/bootloaders.scm @@ -82,19 +82,22 @@ (define-public grub (package (name "grub") - (version "2.02") + (version "2.04") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/grub/grub-" version ".tar.xz")) (sha256 (base32 - "03vvdfhdmf16121v7xs8is2krwnv15wpkhkf16a4yf8nsfc3f2w1")) - (patches (search-patches "grub-check-error-efibootmgr.patch" - "grub-binutils-compat.patch" - "grub-efi-fat-serial-number.patch")))) + "0zgp5m3hmc9jh8wpjx6czzkh5id2y8n1k823x2mjvm2sk6b28ag5")) + (patches (search-patches "grub-efi-fat-serial-number.patch")))) (build-system gnu-build-system) (arguments - `(#:phases (modify-phases %standard-phases + `(#:configure-flags + ;; Counterintuitively, this *disables* a spurious Python dependency by + ;; calling the ‘true’ binary instead. Python is only needed during + ;; bootstrapping (for genptl.py), not when building from a release. + (list "PYTHON=true") + #:phases (modify-phases %standard-phases (add-after 'unpack 'patch-stuff (lambda* (#:key inputs #:allow-other-keys) (substitute* "grub-core/Makefile.in" @@ -127,6 +130,14 @@ (substitute* "Makefile.in" (("grub_cmd_date grub_cmd_set_date grub_cmd_sleep") "grub_cmd_date grub_cmd_sleep")) + #t)) + (add-before 'check 'disable-pixel-perfect-test + (lambda _ + ;; This test compares many screenshots rendered with an + ;; older Unifont (9.0.06) than that packaged in Guix. + (substitute* "Makefile.in" + (("test_unset grub_func_test") + "test_unset")) #t))) ;; Disable tests on ARM and AARCH64 platforms. #:tests? ,(not (any (cute string-prefix? <> (or (%current-target-system) diff --git a/gnu/packages/patches/grub-binutils-compat.patch b/gnu/packages/patches/grub-binutils-compat.patch deleted file mode 100644 index 2107869314..0000000000 --- a/gnu/packages/patches/grub-binutils-compat.patch +++ /dev/null @@ -1,53 +0,0 @@ -Fix a relocation issue that shows up with recent binutils. - -Patch taken from upstream: -https://git.sv.gnu.org/cgit/grub.git/commit/?id=842c390469e2c2e10b5aa36700324cd3bde25875 - -diff --git a/grub-core/efiemu/i386/loadcore64.c b/grub-core/efiemu/i386/loadcore64.c -index e49d0b6..18facf4 100644 ---- a/grub-core/efiemu/i386/loadcore64.c -+++ b/grub-core/efiemu/i386/loadcore64.c -@@ -98,6 +98,7 @@ grub_arch_efiemu_relocate_symbols64 (grub_efiemu_segment_t segs, - break; - - case R_X86_64_PC32: -+ case R_X86_64_PLT32: - err = grub_efiemu_write_value (addr, - *addr32 + rel->r_addend - + sym.off -diff --git a/grub-core/kern/x86_64/dl.c b/grub-core/kern/x86_64/dl.c -index 4406906..3a73e6e 100644 ---- a/grub-core/kern/x86_64/dl.c -+++ b/grub-core/kern/x86_64/dl.c -@@ -70,6 +70,7 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, - break; - - case R_X86_64_PC32: -+ case R_X86_64_PLT32: - { - grub_int64_t value; - value = ((grub_int32_t) *addr32) + rel->r_addend + sym->st_value - -diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c -index a2bb054..39d7efb 100644 ---- a/util/grub-mkimagexx.c -+++ b/util/grub-mkimagexx.c -@@ -841,6 +841,7 @@ SUFFIX (relocate_addresses) (Elf_Ehdr *e, Elf_Shdr *sections, - break; - - case R_X86_64_PC32: -+ case R_X86_64_PLT32: - { - grub_uint32_t *t32 = (grub_uint32_t *) target; - *t32 = grub_host_to_target64 (grub_target_to_host32 (*t32) -diff --git a/util/grub-module-verifier.c b/util/grub-module-verifier.c -index 9179285..a79271f 100644 ---- a/util/grub-module-verifier.c -+++ b/util/grub-module-verifier.c -@@ -19,6 +19,7 @@ struct grub_module_verifier_arch archs[] = { - -1 - }, (int[]){ - R_X86_64_PC32, -+ R_X86_64_PLT32, - -1 - } - }, diff --git a/gnu/packages/patches/grub-check-error-efibootmgr.patch b/gnu/packages/patches/grub-check-error-efibootmgr.patch deleted file mode 100644 index efeb20f213..0000000000 --- a/gnu/packages/patches/grub-check-error-efibootmgr.patch +++ /dev/null @@ -1,197 +0,0 @@ -Without this patch, GRUB may proceed to wipe all firmware boot entries -and report a successful installation, even if efibootmgr hit an error. - -Origin URL: -https://git.sv.gnu.org/cgit/grub.git/commit/?id=6400613ad0b463abc93362086a491cd2a5e99b0d - -From 6400613ad0b463abc93362086a491cd2a5e99b0d Mon Sep 17 00:00:00 2001 -From: Steve McIntyre -Date: Wed, 31 Jan 2018 21:49:36 +0000 -Subject: Make grub-install check for errors from efibootmgr - -Code is currently ignoring errors from efibootmgr, giving users -clearly bogus output like: - - Setting up grub-efi-amd64 (2.02~beta3-4) ... - Installing for x86_64-efi platform. - Could not delete variable: No space left on device - Could not prepare Boot variable: No space left on device - Installation finished. No error reported. - -and then potentially unbootable systems. If efibootmgr fails, grub-install -should know that and report it! - -We've been using similar patch in Debian now for some time, with no ill effects. - -diff --git a/grub-core/osdep/unix/platform.c b/grub-core/osdep/unix/platform.c -index a3fcfca..ca448bc 100644 ---- a/grub-core/osdep/unix/platform.c -+++ b/grub-core/osdep/unix/platform.c -@@ -78,19 +78,20 @@ get_ofpathname (const char *dev) - dev); - } - --static void -+static int - grub_install_remove_efi_entries_by_distributor (const char *efi_distributor) - { - int fd; - pid_t pid = grub_util_exec_pipe ((const char * []){ "efibootmgr", NULL }, &fd); - char *line = NULL; - size_t len = 0; -+ int rc; - - if (!pid) - { - grub_util_warn (_("Unable to open stream from %s: %s"), - "efibootmgr", strerror (errno)); -- return; -+ return errno; - } - - FILE *fp = fdopen (fd, "r"); -@@ -98,7 +99,7 @@ grub_install_remove_efi_entries_by_distributor (const char *efi_distributor) - { - grub_util_warn (_("Unable to open stream from %s: %s"), - "efibootmgr", strerror (errno)); -- return; -+ return errno; - } - - line = xmalloc (80); -@@ -119,23 +120,25 @@ grub_install_remove_efi_entries_by_distributor (const char *efi_distributor) - bootnum = line + sizeof ("Boot") - 1; - bootnum[4] = '\0'; - if (!verbosity) -- grub_util_exec ((const char * []){ "efibootmgr", "-q", -+ rc = grub_util_exec ((const char * []){ "efibootmgr", "-q", - "-b", bootnum, "-B", NULL }); - else -- grub_util_exec ((const char * []){ "efibootmgr", -+ rc = grub_util_exec ((const char * []){ "efibootmgr", - "-b", bootnum, "-B", NULL }); - } - - free (line); -+ return rc; - } - --void -+int - grub_install_register_efi (grub_device_t efidir_grub_dev, - const char *efifile_path, - const char *efi_distributor) - { - const char * efidir_disk; - int efidir_part; -+ int ret; - efidir_disk = grub_util_biosdisk_get_osdev (efidir_grub_dev->disk); - efidir_part = efidir_grub_dev->disk->partition ? efidir_grub_dev->disk->partition->number + 1 : 1; - -@@ -151,23 +154,26 @@ grub_install_register_efi (grub_device_t efidir_grub_dev, - grub_util_exec ((const char * []){ "modprobe", "-q", "efivars", NULL }); - #endif - /* Delete old entries from the same distributor. */ -- grub_install_remove_efi_entries_by_distributor (efi_distributor); -+ ret = grub_install_remove_efi_entries_by_distributor (efi_distributor); -+ if (ret) -+ return ret; - - char *efidir_part_str = xasprintf ("%d", efidir_part); - - if (!verbosity) -- grub_util_exec ((const char * []){ "efibootmgr", "-q", -+ ret = grub_util_exec ((const char * []){ "efibootmgr", "-q", - "-c", "-d", efidir_disk, - "-p", efidir_part_str, "-w", - "-L", efi_distributor, "-l", - efifile_path, NULL }); - else -- grub_util_exec ((const char * []){ "efibootmgr", -+ ret = grub_util_exec ((const char * []){ "efibootmgr", - "-c", "-d", efidir_disk, - "-p", efidir_part_str, "-w", - "-L", efi_distributor, "-l", - efifile_path, NULL }); - free (efidir_part_str); -+ return ret; - } - - void -diff --git a/include/grub/util/install.h b/include/grub/util/install.h -index 5910b0c..0dba8b6 100644 ---- a/include/grub/util/install.h -+++ b/include/grub/util/install.h -@@ -210,7 +210,7 @@ grub_install_create_envblk_file (const char *name); - const char * - grub_install_get_default_x86_platform (void); - --void -+int - grub_install_register_efi (grub_device_t efidir_grub_dev, - const char *efifile_path, - const char *efi_distributor); -diff --git a/util/grub-install.c b/util/grub-install.c -index 5e4cdfd..690f180 100644 ---- a/util/grub-install.c -+++ b/util/grub-install.c -@@ -1848,9 +1848,13 @@ main (int argc, char *argv[]) - if (!removable && update_nvram) - { - /* Try to make this image bootable using the EFI Boot Manager, if available. */ -- grub_install_register_efi (efidir_grub_dev, -- "\\System\\Library\\CoreServices", -- efi_distributor); -+ int ret; -+ ret = grub_install_register_efi (efidir_grub_dev, -+ "\\System\\Library\\CoreServices", -+ efi_distributor); -+ if (ret) -+ grub_util_error (_("efibootmgr failed to register the boot entry: %s"), -+ strerror (ret)); - } - - grub_device_close (ins_dev); -@@ -1871,6 +1875,7 @@ main (int argc, char *argv[]) - { - char * efifile_path; - char * part; -+ int ret; - - /* Try to make this image bootable using the EFI Boot Manager, if available. */ - if (!efi_distributor || efi_distributor[0] == '\0') -@@ -1887,7 +1892,10 @@ main (int argc, char *argv[]) - efidir_grub_dev->disk->name, - (part ? ",": ""), (part ? : "")); - grub_free (part); -- grub_install_register_efi (efidir_grub_dev, -- efifile_path, efi_distributor); -+ ret = grub_install_register_efi (efidir_grub_dev, -+ efifile_path, efi_distributor); -+ if (ret) -+ grub_util_error (_("efibootmgr failed to register the boot entry: %s"), -+ strerror (ret)); - } - break; - - -Below is a followup to the patch above: the uninitialized variable could lead -‘grub-install’ to error out when it shouldn’t (seen on an AArch64 box where -‘grub_install_remove_efi_entries_by_distributor’ didn't have any entry to -remove): - - grub-install: error: efibootmgr failed to register the boot entry: Unknown error 65535. - -See . - ---- grub-2.02/grub-core/osdep/unix/platform.c 2018-10-17 22:21:53.015284846 +0200 -+++ grub-2.02/grub-core/osdep/unix/platform.c 2018-10-17 22:21:55.595271222 +0200 -@@ -85,7 +85,7 @@ grub_install_remove_efi_entries_by_distr - pid_t pid = grub_util_exec_pipe ((const char * []){ "efibootmgr", NULL }, &fd); - char *line = NULL; - size_t len = 0; -- int rc; -+ int rc = 0; - - if (!pid) - { diff --git a/gnu/packages/patches/grub-efi-fat-serial-number.patch b/gnu/packages/patches/grub-efi-fat-serial-number.patch index ad92f9bc9e..aec37d68e2 100644 --- a/gnu/packages/patches/grub-efi-fat-serial-number.patch +++ b/gnu/packages/patches/grub-efi-fat-serial-number.patch @@ -4,22 +4,23 @@ serial number (instead of the randomly chosen one) to create EFI images (the 'efi.img' file) that are reproducible bit-for-bit. Patch by Ludovic Courtès . +Mangled (for GRUB 2.04) by Tobias Geerinckx-Rice . ---- grub-2.02/util/grub-mkrescue.c 2019-04-20 19:15:26.180242812 +0200 -+++ grub-2.02/util/grub-mkrescue.c 2019-04-20 21:56:34.672370849 +0200 -@@ -788,8 +788,15 @@ main (int argc, char *argv[]) +--- grub-2.04/util/grub-mkrescue.c 2019-05-20 13:01:11.000000000 +0200 ++++ grub-2.04/util/grub-mkrescue.c 2019-07-08 23:57:36.912104652 +0200 +@@ -809,8 +809,15 @@ + free (efidir_efi_boot); efiimgfat = grub_util_path_concat (2, iso9660_dir, "efi.img"); - int rv; - rv = grub_util_exec ((const char * []) { "mformat", "-C", "-f", "2880", "-L", "16", "-i", - efiimgfat, "::", NULL }); + + const char *fat_serial_number = getenv ("GRUB_FAT_SERIAL_NUMBER"); + const char *mformat_args[] = -+ { "mformat", "-C", "-f", "2880", "-L", "16", -+ fat_serial_number != NULL ? "-N" : "-C", -+ fat_serial_number != NULL ? fat_serial_number : "-C", -+ "-i", efiimgfat, "::", NULL }; ++ { "mformat", "-C", "-f", "2880", "-L", "16", ++ fat_serial_number != NULL ? "-N" : "-C", ++ fat_serial_number != NULL ? fat_serial_number : "-C", ++ "-i", efiimgfat, "::", NULL }; + + rv = grub_util_exec (mformat_args); if (rv != 0) -- cgit 1.4.1 From 05f386f103bbd0145ac2fcf8b920bb27f1b518a4 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Wed, 10 Jul 2019 11:58:47 +0300 Subject: gnu: plib: Fix CVE-2011-4620, CVE-2012-4552. * gnu/packages/game-development.scm (plib)[patches]: Add patches. * gnu/packages/patches/plib-CVE-2011-4620.patch, gnu/packages/patches/plib-CVE-2012-4552.patch: New files. * gnu/local.mk (dist_patch_DATA): Register them. --- gnu/local.mk | 2 + gnu/packages/game-development.scm | 4 +- gnu/packages/patches/plib-CVE-2011-4620.patch | 13 ++++++ gnu/packages/patches/plib-CVE-2012-4552.patch | 57 +++++++++++++++++++++++++++ 4 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/plib-CVE-2011-4620.patch create mode 100644 gnu/packages/patches/plib-CVE-2012-4552.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 7dcac4f2bc..01c3ce011f 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1182,6 +1182,8 @@ dist_patch_DATA = \ %D%/packages/patches/pixman-CVE-2016-5296.patch \ %D%/packages/patches/plink-1.07-unclobber-i.patch \ %D%/packages/patches/plink-endian-detection.patch \ + %D%/packages/patches/plib-CVE-2011-4620.patch \ + %D%/packages/patches/plib-CVE-2012-4552.patch \ %D%/packages/patches/plotutils-libpng-jmpbuf.patch \ %D%/packages/patches/podofo-cmake-3.12.patch \ %D%/packages/patches/portaudio-audacity-compat.patch \ diff --git a/gnu/packages/game-development.scm b/gnu/packages/game-development.scm index 05a68b717a..7eac935a69 100644 --- a/gnu/packages/game-development.scm +++ b/gnu/packages/game-development.scm @@ -1434,7 +1434,9 @@ joystick support."))) "plib-" version ".tar.gz")) (sha256 (base32 - "0cha71mflpa10vh2l7ipyqk67dq2y0k5xbafwdks03fwdyzj4ns8")))) + "0cha71mflpa10vh2l7ipyqk67dq2y0k5xbafwdks03fwdyzj4ns8")) + (patches (search-patches "plib-CVE-2011-4620.patch" + "plib-CVE-2012-4552.patch")))) (build-system gnu-build-system) (inputs `(("mesa" ,mesa) diff --git a/gnu/packages/patches/plib-CVE-2011-4620.patch b/gnu/packages/patches/plib-CVE-2011-4620.patch new file mode 100644 index 0000000000..c5a03bd0ca --- /dev/null +++ b/gnu/packages/patches/plib-CVE-2011-4620.patch @@ -0,0 +1,13 @@ +https://sources.debian.org/data/main/p/plib/1.8.5-8/debian/patches/04_CVE-2011-4620.diff + +--- a/src/util/ulError.cxx ++++ b/src/util/ulError.cxx +@@ -39,7 +39,7 @@ + { + va_list argp; + va_start ( argp, fmt ) ; +- vsprintf ( _ulErrorBuffer, fmt, argp ) ; ++ vsnprintf ( _ulErrorBuffer, sizeof(_ulErrorBuffer), fmt, argp ) ; + va_end ( argp ) ; + + if ( _ulErrorCB ) diff --git a/gnu/packages/patches/plib-CVE-2012-4552.patch b/gnu/packages/patches/plib-CVE-2012-4552.patch new file mode 100644 index 0000000000..7b697855d6 --- /dev/null +++ b/gnu/packages/patches/plib-CVE-2012-4552.patch @@ -0,0 +1,57 @@ +https://sources.debian.org/data/main/p/plib/1.8.5-8/debian/patches/05_CVE-2012-4552.diff + +diff -up plib-1.8.5/src/ssg/ssgParser.cxx~ plib-1.8.5/src/ssg/ssgParser.cxx +--- plib-1.8.5/src/ssg/ssgParser.cxx~ 2008-03-11 03:06:23.000000000 +0100 ++++ plib-1.8.5/src/ssg/ssgParser.cxx 2012-11-01 15:33:12.424483374 +0100 +@@ -57,18 +57,16 @@ void _ssgParser::error( const char *form + char msgbuff[ 255 ]; + va_list argp; + +- char* msgptr = msgbuff; +- if (linenum) +- { +- msgptr += sprintf ( msgptr,"%s, line %d: ", +- path, linenum ); +- } +- + va_start( argp, format ); +- vsprintf( msgptr, format, argp ); ++ vsnprintf( msgbuff, sizeof(msgbuff), format, argp ); + va_end( argp ); + +- ulSetError ( UL_WARNING, "%s", msgbuff ) ; ++ if (linenum) ++ { ++ ulSetError ( UL_WARNING, "%s, line %d: %s", path, linenum, msgbuff ) ; ++ } else { ++ ulSetError ( UL_WARNING, "%s", msgbuff ) ; ++ } + } + + +@@ -78,18 +76,16 @@ void _ssgParser::message( const char *fo + char msgbuff[ 255 ]; + va_list argp; + +- char* msgptr = msgbuff; +- if (linenum) +- { +- msgptr += sprintf ( msgptr,"%s, line %d: ", +- path, linenum ); +- } +- + va_start( argp, format ); +- vsprintf( msgptr, format, argp ); ++ vsnprintf( msgbuff, sizeof(msgbuff), format, argp ); + va_end( argp ); + +- ulSetError ( UL_DEBUG, "%s", msgbuff ) ; ++ if (linenum) ++ { ++ ulSetError ( UL_DEBUG, "%s, line %d: %s", path, linenum, msgbuff ) ; ++ } else { ++ ulSetError ( UL_DEBUG, "%s", msgbuff ) ; ++ } + } + + // Opens the file and does a few internal calculations based on the spec. -- cgit 1.4.1 From 841bddb4b45fd6e47a8991f74380ba20dacbe1be Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Wed, 10 Jul 2019 12:45:08 +0300 Subject: gnu: a2ps: Fix CVE-2015-8107. * gnu/packages/pretty-print.scm (a2ps)[source]: Add patch. * gnu/packages/patches/a2ps-CVE-2015-8107.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/patches/a2ps-CVE-2015-8107.patch | 80 +++++++++++++++++++++++++++ gnu/packages/pretty-print.scm | 5 +- 3 files changed, 84 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/a2ps-CVE-2015-8107.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 01c3ce011f..2821cdcca9 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -660,6 +660,7 @@ dist_patch_DATA = \ %D%/packages/patches/4store-unset-preprocessor-directive.patch \ %D%/packages/patches/a2ps-CVE-2001-1593.patch \ %D%/packages/patches/a2ps-CVE-2014-0466.patch \ + %D%/packages/patches/a2ps-CVE-2015-8107.patch \ %D%/packages/patches/abiword-explictly-cast-bools.patch \ %D%/packages/patches/abiword-black-drawing-with-gtk322.patch \ %D%/packages/patches/acl-fix-perl-regex.patch \ diff --git a/gnu/packages/patches/a2ps-CVE-2015-8107.patch b/gnu/packages/patches/a2ps-CVE-2015-8107.patch new file mode 100644 index 0000000000..5ea35d45da --- /dev/null +++ b/gnu/packages/patches/a2ps-CVE-2015-8107.patch @@ -0,0 +1,80 @@ +https://sources.debian.org/data/main/a/a2ps/1:4.14-2/debian/patches/fix-format-security.diff + +Index: b/lib/psgen.c +=================================================================== +--- a/lib/psgen.c ++++ b/lib/psgen.c +@@ -232,7 +232,7 @@ + default: + *buf = '\0'; + ps_escape_char (job, cp[i], buf); +- output (jdiv, (char *) buf); ++ output (jdiv, "%s", (char *) buf); + break; + } + } +Index: b/lib/output.c +=================================================================== +--- a/lib/output.c ++++ b/lib/output.c +@@ -525,7 +525,7 @@ + expand_user_string (job, FIRST_FILE (job), + (const uchar *) "Expand: requirement", + (const uchar *) token)); +- output (dest, expansion); ++ output (dest, "%s", expansion); + continue; + } + +Index: b/lib/parseppd.y +=================================================================== +--- a/lib/parseppd.y ++++ b/lib/parseppd.y +@@ -154,7 +154,7 @@ + void + yyerror (const char *msg) + { +- error_at_line (1, 0, ppdfilename, ppdlineno, msg); ++ error_at_line (1, 0, ppdfilename, ppdlineno, "%s", msg); + } + + /* +Index: b/src/parsessh.y +=================================================================== +--- a/src/parsessh.y ++++ b/src/parsessh.y +@@ -740,7 +740,7 @@ + void + yyerror (const char *msg) + { +- error_at_line (1, 0, sshfilename, sshlineno, msg); ++ error_at_line (1, 0, sshfilename, sshlineno, "%s", msg); + } + + /* +Index: b/lib/parseppd.c +=================================================================== +--- a/lib/parseppd.c ++++ b/lib/parseppd.c +@@ -1707,7 +1707,7 @@ + void + yyerror (const char *msg) + { +- error_at_line (1, 0, ppdfilename, ppdlineno, msg); ++ error_at_line (1, 0, ppdfilename, ppdlineno, "%s", msg); + } + + /* +Index: b/src/parsessh.c +=================================================================== +--- a/src/parsessh.c ++++ b/src/parsessh.c +@@ -2639,7 +2639,7 @@ + void + yyerror (const char *msg) + { +- error_at_line (1, 0, sshfilename, sshlineno, msg); ++ error_at_line (1, 0, sshfilename, sshlineno, "%s", msg); + } + + /* diff --git a/gnu/packages/pretty-print.scm b/gnu/packages/pretty-print.scm index 405ad08ba4..7a5b98c698 100644 --- a/gnu/packages/pretty-print.scm +++ b/gnu/packages/pretty-print.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2016 Efraim Flashner +;;; Copyright © 2016, 2019 Efraim Flashner ;;; Copyright © 2016 Ricardo Wurmus ;;; Copyright © 2017 Marius Bakke ;;; Copyright © 2017 Ludovic Courtès @@ -63,7 +63,8 @@ #t)) (patches (search-patches "a2ps-CVE-2001-1593.patch" - "a2ps-CVE-2014-0466.patch")))) + "a2ps-CVE-2014-0466.patch" + "a2ps-CVE-2015-8107.patch")))) (build-system gnu-build-system) (inputs `(("psutils" ,psutils) -- cgit 1.4.1 From 5a4e5c26cc3fb24e0e7f6a2d95f03396f3d0b014 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Wed, 10 Jul 2019 14:27:51 +0300 Subject: gnu: libexif: Fix CVE-2018-20030. * gnu/packages/photo.scm (libexif)[source]: Add patch. * gnu/packages/patches/libexif-CVE-2018-20030.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/patches/libexif-CVE-2018-20030.patch | 120 ++++++++++++++++++++++ gnu/packages/photo.scm | 5 +- 3 files changed, 124 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/libexif-CVE-2018-20030.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 2821cdcca9..66f904291b 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1006,6 +1006,7 @@ dist_patch_DATA = \ %D%/packages/patches/libdrm-symbol-check.patch \ %D%/packages/patches/libexif-CVE-2016-6328.patch \ %D%/packages/patches/libexif-CVE-2017-7544.patch \ + %D%/packages/patches/libexif-CVE-2018-20030.patch \ %D%/packages/patches/libgcrypt-make-yat2m-reproducible.patch \ %D%/packages/patches/libgit2-avoid-python.patch \ %D%/packages/patches/libgit2-mtime-0.patch \ diff --git a/gnu/packages/patches/libexif-CVE-2018-20030.patch b/gnu/packages/patches/libexif-CVE-2018-20030.patch new file mode 100644 index 0000000000..57e4746b58 --- /dev/null +++ b/gnu/packages/patches/libexif-CVE-2018-20030.patch @@ -0,0 +1,120 @@ +https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89.patch + +NEWS section was removed +'12' -> '30' on line 79 + +From 6aa11df549114ebda520dde4cdaea2f9357b2c89 Mon Sep 17 00:00:00 2001 +From: Dan Fandrich +Date: Fri, 12 Oct 2018 16:01:45 +0200 +Subject: [PATCH] Improve deep recursion detection in + exif_data_load_data_content. + +The existing detection was still vulnerable to pathological cases +causing DoS by wasting CPU. The new algorithm takes the number of tags +into account to make it harder to abuse by cases using shallow recursion +but with a very large number of tags. This improves on commit 5d28011c +which wasn't sufficient to counter this kind of case. + +The limitation in the previous fix was discovered by Laurent Delosieres, +Secunia Research at Flexera (Secunia Advisory SA84652) and is assigned +the identifier CVE-2018-20030. +--- + NEWS | 1 + + libexif/exif-data.c | 45 +++++++++++++++++++++++++++++++++++++-------- + 2 files changed, 38 insertions(+), 8 deletions(-) + +diff --git a/libexif/exif-data.c b/libexif/exif-data.c +index e35403d..a6f9c94 100644 +--- a/libexif/exif-data.c ++++ b/libexif/exif-data.c +@@ -35,6 +35,7 @@ + #include + #include + ++#include + #include + #include + #include +@@ -350,6 +351,20 @@ if (data->ifd[(i)]->count) { \ + break; \ + } + ++/*! Calculate the recursion cost added by one level of IFD loading. ++ * ++ * The work performed is related to the cost in the exponential relation ++ * work=1.1**cost ++ */ ++static unsigned int ++level_cost(unsigned int n) ++{ ++ static const double log_1_1 = 0.09531017980432493; ++ ++ /* Adding 0.1 protects against the case where n==1 */ ++ return ceil(log(n + 0.1)/log_1_1); ++} ++ + /*! Load data for an IFD. + * + * \param[in,out] data #ExifData +@@ -357,13 +372,13 @@ if (data->ifd[(i)]->count) { \ + * \param[in] d pointer to buffer containing raw IFD data + * \param[in] ds size of raw data in buffer at \c d + * \param[in] offset offset into buffer at \c d at which IFD starts +- * \param[in] recursion_depth number of times this function has been +- * recursively called without returning ++ * \param[in] recursion_cost factor indicating how expensive this recursive ++ * call could be + */ + static void + exif_data_load_data_content (ExifData *data, ExifIfd ifd, + const unsigned char *d, +- unsigned int ds, unsigned int offset, unsigned int recursion_depth) ++ unsigned int ds, unsigned int offset, unsigned int recursion_cost) + { + ExifLong o, thumbnail_offset = 0, thumbnail_length = 0; + ExifShort n; +@@ -378,9 +393,20 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd, + if ((((int)ifd) < 0) || ( ((int)ifd) >= EXIF_IFD_COUNT)) + return; + +- if (recursion_depth > 30) { ++ if (recursion_cost > 170) { ++ /* ++ * recursion_cost is a logarithmic-scale indicator of how expensive this ++ * recursive call might end up being. It is an indicator of the depth of ++ * recursion as well as the potential for worst-case future recursive ++ * calls. Since it's difficult to tell ahead of time how often recursion ++ * will occur, this assumes the worst by assuming every tag could end up ++ * causing recursion. ++ * The value of 170 was chosen to limit typical EXIF structures to a ++ * recursive depth of about 6, but pathological ones (those with very ++ * many tags) to only 2. ++ */ + exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData", +- "Deep recursion detected!"); ++ "Deep/expensive recursion detected!"); + return; + } + +@@ -422,15 +448,18 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd, + switch (tag) { + case EXIF_TAG_EXIF_IFD_POINTER: + CHECK_REC (EXIF_IFD_EXIF); +- exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o, recursion_depth + 1); ++ exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o, ++ recursion_cost + level_cost(n)); + break; + case EXIF_TAG_GPS_INFO_IFD_POINTER: + CHECK_REC (EXIF_IFD_GPS); +- exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o, recursion_depth + 1); ++ exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o, ++ recursion_cost + level_cost(n)); + break; + case EXIF_TAG_INTEROPERABILITY_IFD_POINTER: + CHECK_REC (EXIF_IFD_INTEROPERABILITY); +- exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o, recursion_depth + 1); ++ exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o, ++ recursion_cost + level_cost(n)); + break; + case EXIF_TAG_JPEG_INTERCHANGE_FORMAT: + thumbnail_offset = o; diff --git a/gnu/packages/photo.scm b/gnu/packages/photo.scm index cf7da80642..cbfc2debd8 100644 --- a/gnu/packages/photo.scm +++ b/gnu/packages/photo.scm @@ -2,7 +2,7 @@ ;;; Copyright © 2014, 2015, 2017, 2019 Ludovic Courtès ;;; Copyright © 2015 Ricardo Wurmus ;;; Copyright © 2015, 2017 Andreas Enge -;;; Copyright © 2016, 2017, 2018 Efraim Flashner +;;; Copyright © 2016, 2017, 2018, 2019 Efraim Flashner ;;; Copyright © 2017 Roel Janssen ;;; Copyright © 2018, 2019 Tobias Geerinckx-Rice ;;; Copyright © 2018 Leo Famulari @@ -117,7 +117,8 @@ cameras (CRW/CR2, NEF, RAF, DNG, and others).") (uri (string-append "mirror://sourceforge/libexif/libexif/" version "/libexif-" version ".tar.bz2")) (patches (search-patches "libexif-CVE-2016-6328.patch" - "libexif-CVE-2017-7544.patch")) + "libexif-CVE-2017-7544.patch" + "libexif-CVE-2018-20030.patch")) (sha256 (base32 "06nlsibr3ylfwp28w8f5466l6drgrnydgxrm4jmxzrmk5svaxk8n")))) -- cgit 1.4.1 From bba3c489701693c59315efed001b37d6fa014a6c Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Wed, 10 Jul 2019 14:53:04 +0300 Subject: gnu: cvs: Rename patch file. * gnu/packages/version-control.scm (cvs)[source]: Rename patch. * gnu/packages/patches/cvs-2017-12836.patch: Rename to ... * gnu/packages/patches/cvs-CVE-2018-12836.patch: ... this. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 2 +- gnu/packages/patches/cvs-2017-12836.patch | 45 --------------------------- gnu/packages/patches/cvs-CVE-2017-12836.patch | 45 +++++++++++++++++++++++++++ gnu/packages/version-control.scm | 2 +- 4 files changed, 47 insertions(+), 47 deletions(-) delete mode 100644 gnu/packages/patches/cvs-2017-12836.patch create mode 100644 gnu/packages/patches/cvs-CVE-2017-12836.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 66f904291b..9a70d73759 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -747,7 +747,7 @@ dist_patch_DATA = \ %D%/packages/patches/clucene-contribs-lib.patch \ %D%/packages/patches/cube-nocheck.patch \ %D%/packages/patches/cursynth-wave-rand.patch \ - %D%/packages/patches/cvs-2017-12836.patch \ + %D%/packages/patches/cvs-CVE-2017-12836.patch \ %D%/packages/patches/dbus-helper-search-path.patch \ %D%/packages/patches/dbus-CVE-2019-12749.patch \ %D%/packages/patches/dealii-mpi-deprecations.patch \ diff --git a/gnu/packages/patches/cvs-2017-12836.patch b/gnu/packages/patches/cvs-2017-12836.patch deleted file mode 100644 index 507ab0f7d0..0000000000 --- a/gnu/packages/patches/cvs-2017-12836.patch +++ /dev/null @@ -1,45 +0,0 @@ -Fix CVE-2017-12836: - -http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12836 -https://security-tracker.debian.org/tracker/CVE-2017-12836 - -Patch adpated from Debian (comments and changelog annotations removed): - -https://anonscm.debian.org/cgit/collab-maint/cvs.git/commit/?h=stretch&id=41e077396e35efb6c879951f44c62dd8a1d0f094 - -From 41e077396e35efb6c879951f44c62dd8a1d0f094 Mon Sep 17 00:00:00 2001 -From: mirabilos -Date: Sat, 12 Aug 2017 03:17:18 +0200 -Subject: Fix CVE-2017-12836 (Closes: #871810) for stretch - ---- - debian/changelog | 6 ++++++ - src/rsh-client.c | 10 ++++++++-- - 2 files changed, 14 insertions(+), 2 deletions(-) - -diff --git a/src/rsh-client.c b/src/rsh-client.c -index fe0cfc4..1fc860d 100644 ---- a/src/rsh-client.c -+++ b/src/rsh-client.c -@@ -105,6 +106,9 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p, - rsh_argv[i++] = argvport; - } - -+ /* Only non-option arguments from here. (CVE-2017-12836) */ -+ rsh_argv[i++] = "--"; -+ - rsh_argv[i++] = root->hostname; - rsh_argv[i++] = cvs_server; - if (readonlyfs) -@@ -189,6 +193,8 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p, - *p++ = argvport; - } - -+ *p++ = "--"; -+ - *p++ = root->hostname; - *p++ = command; - *p++ = NULL; --- -cgit v0.12 - diff --git a/gnu/packages/patches/cvs-CVE-2017-12836.patch b/gnu/packages/patches/cvs-CVE-2017-12836.patch new file mode 100644 index 0000000000..507ab0f7d0 --- /dev/null +++ b/gnu/packages/patches/cvs-CVE-2017-12836.patch @@ -0,0 +1,45 @@ +Fix CVE-2017-12836: + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12836 +https://security-tracker.debian.org/tracker/CVE-2017-12836 + +Patch adpated from Debian (comments and changelog annotations removed): + +https://anonscm.debian.org/cgit/collab-maint/cvs.git/commit/?h=stretch&id=41e077396e35efb6c879951f44c62dd8a1d0f094 + +From 41e077396e35efb6c879951f44c62dd8a1d0f094 Mon Sep 17 00:00:00 2001 +From: mirabilos +Date: Sat, 12 Aug 2017 03:17:18 +0200 +Subject: Fix CVE-2017-12836 (Closes: #871810) for stretch + +--- + debian/changelog | 6 ++++++ + src/rsh-client.c | 10 ++++++++-- + 2 files changed, 14 insertions(+), 2 deletions(-) + +diff --git a/src/rsh-client.c b/src/rsh-client.c +index fe0cfc4..1fc860d 100644 +--- a/src/rsh-client.c ++++ b/src/rsh-client.c +@@ -105,6 +106,9 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p, + rsh_argv[i++] = argvport; + } + ++ /* Only non-option arguments from here. (CVE-2017-12836) */ ++ rsh_argv[i++] = "--"; ++ + rsh_argv[i++] = root->hostname; + rsh_argv[i++] = cvs_server; + if (readonlyfs) +@@ -189,6 +193,8 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p, + *p++ = argvport; + } + ++ *p++ = "--"; ++ + *p++ = root->hostname; + *p++ = command; + *p++ = NULL; +-- +cgit v0.12 + diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm index 8effe1d502..b1fd0195ce 100644 --- a/gnu/packages/version-control.scm +++ b/gnu/packages/version-control.scm @@ -1409,7 +1409,7 @@ machine.") (uri (string-append "https://ftp.gnu.org/non-gnu/cvs/source/feature/" version "/cvs-" version ".tar.bz2")) - (patches (search-patches "cvs-2017-12836.patch")) + (patches (search-patches "cvs-CVE-2017-12836.patch")) (sha256 (base32 "0pjir8cwn0087mxszzbsi1gyfc6373vif96cw4q3m1x6p49kd1bq")))) -- cgit 1.4.1 From c894b80324d82f2f807578efa1de792ed1331eb3 Mon Sep 17 00:00:00 2001 From: Pierre Langlois Date: Sat, 6 Jul 2019 20:49:40 +0100 Subject: gnu: sbcl-clx: Update to 0.7.5. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/lisp.scm (sbcl-clx): Update to 0.7.5. [origin]: Drop "clx-remove-demo.patch" and the snippet that removes demo code. * gnu/packages/patches/clx-remove-demo.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 1 - gnu/packages/lisp.scm | 56 ++++++++++++------------------ gnu/packages/patches/clx-remove-demo.patch | 27 -------------- 3 files changed, 22 insertions(+), 62 deletions(-) delete mode 100644 gnu/packages/patches/clx-remove-demo.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 9a70d73759..ae5477c428 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -735,7 +735,6 @@ dist_patch_DATA = \ %D%/packages/patches/clementine-use-openssl.patch \ %D%/packages/patches/clisp-remove-failing-test.patch \ %D%/packages/patches/clucene-pkgconfig.patch \ - %D%/packages/patches/clx-remove-demo.patch \ %D%/packages/patches/coda-use-system-libs.patch \ %D%/packages/patches/combinatorial-blas-awpm.patch \ %D%/packages/patches/combinatorial-blas-io-fix.patch \ diff --git a/gnu/packages/lisp.scm b/gnu/packages/lisp.scm index 3aa2429595..884d00d935 100644 --- a/gnu/packages/lisp.scm +++ b/gnu/packages/lisp.scm @@ -11,7 +11,7 @@ ;;; Copyright © 2018 Benjamin Slade ;;; Copyright © 2018 Alex Vong ;;; Copyright © 2018 Pierre Neidhardt -;;; Copyright © 2018 Pierre Langlois +;;; Copyright © 2018, 2019 Pierre Langlois ;;; Copyright © 2019 Katherine Cox-Buday ;;; Copyright © 2019 Jesse Gildersleve ;;; Copyright © 2019 Guillaume Le Vaillant @@ -930,42 +930,30 @@ ANSI-compliant Common Lisp implementations.") (sbcl-package->cl-source-package sbcl-cl-unicode)) (define-public sbcl-clx - (let ((revision "1") - (commit "1c62774b03c1cf3fe6e5cb532df8b14b44c96b95")) - (package - (name "sbcl-clx") - (version (string-append "0.0.0-" revision "." (string-take commit 7))) - (source - (origin - (method git-fetch) - (uri - (git-reference - (url "https://github.com/sharplispers/clx.git") - (commit commit))) - (sha256 - (base32 "0qffag03ns52kwq9xjns2qg1yr0bf3ba507iwq5cmx5xz0b0rmjm")) - (file-name (string-append "clx-" version "-checkout")) - (patches - (list - (search-patch "clx-remove-demo.patch"))) - (modules '((guix build utils))) - (snippet - '(begin - ;; These removed files cause the compiled system to crash when - ;; loading. - (delete-file-recursively "demo") - (delete-file "test/trapezoid.lisp") - (substitute* "clx.asd" - (("\\(:file \"trapezoid\"\\)") "")) - #t)))) - (build-system asdf-build-system/sbcl) - (home-page "http://www.cliki.net/portable-clx") - (synopsis "X11 client library for Common Lisp") - (description "CLX is an X11 client library for Common Lisp. The code was + (package + (name "sbcl-clx") + (version "0.7.5") + (source + (origin + (method git-fetch) + (uri + (git-reference + (url "https://github.com/sharplispers/clx.git") + (commit version))) + (sha256 + (base32 + "1vi67z9hpj5rr4xcmfbfwzmlcc0ah7hzhrmfid6lqdkva238v2wf")) + (file-name (string-append "clx-" version)))) + (build-system asdf-build-system/sbcl) + (native-inputs + `(("fiasco" ,sbcl-fiasco))) + (home-page "http://www.cliki.net/portable-clx") + (synopsis "X11 client library for Common Lisp") + (description "CLX is an X11 client library for Common Lisp. The code was originally taken from a CMUCL distribution, was modified somewhat in order to make it compile and run under SBCL, then a selection of patches were added from other CLXes around the net.") - (license license:x11)))) + (license license:x11))) (define-public cl-clx (sbcl-package->cl-source-package sbcl-clx)) diff --git a/gnu/packages/patches/clx-remove-demo.patch b/gnu/packages/patches/clx-remove-demo.patch deleted file mode 100644 index c5fffea0d0..0000000000 --- a/gnu/packages/patches/clx-remove-demo.patch +++ /dev/null @@ -1,27 +0,0 @@ ---- a/clx.asd 2016-02-16 00:06:48.161596976 -0500 -+++ b/clx.asd 2016-02-16 00:06:54.793774658 -0500 -@@ -79,24 +79,6 @@ - (:file "xtest") - (:file "screensaver") - (:file "xinerama"))) -- (:module demo -- :default-component-class example-source-file -- :components -- ((:file "bezier") -- ;; KLUDGE: this requires "bezier" for proper operation, -- ;; but we don't declare that dependency here, because -- ;; asdf doesn't load example files anyway. -- (:file "beziertest") -- (:file "clclock") -- (:file "clipboard") -- (:file "clx-demos") -- (:file "gl-test") -- ;; FIXME: compiling this generates 30-odd spurious code -- ;; deletion notes. Find out why, and either fix or -- ;; workaround the problem. -- (:file "mandel") -- (:file "menu") -- (:file "zoid"))) - (:module test - :default-component-class example-source-file - :components -- cgit 1.4.1 From 5a836ce38c9c29e9c2bd306007347486b90c5064 Mon Sep 17 00:00:00 2001 From: Jack Hill Date: Wed, 10 Jul 2019 16:23:03 -0400 Subject: gnu: expat: fix CVE-2018-20843 * gnu/packages/xml.scm (expat)[replacement]: New field. (expat/fixed): New variable. * gnu/packages/patches/expat-CVE-2018-20843.patch: New file. * gnu/local.mk (dist_patch_DATA): Add patch file. Signed-off-by: Marius Bakke --- gnu/local.mk | 1 + gnu/packages/patches/expat-CVE-2018-20843.patch | 21 +++++++++++++++++++++ gnu/packages/xml.scm | 9 +++++++++ 3 files changed, 31 insertions(+) create mode 100644 gnu/packages/patches/expat-CVE-2018-20843.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index ae5477c428..67d9eb703a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -784,6 +784,7 @@ dist_patch_DATA = \ %D%/packages/patches/evilwm-lost-focus-bug.patch \ %D%/packages/patches/exiv2-CVE-2017-14860.patch \ %D%/packages/patches/exiv2-CVE-2017-14859-14862-14864.patch \ + %D%/packages/patches/expat-CVE-2018-20843.patch \ %D%/packages/patches/extundelete-e2fsprogs-1.44.patch \ %D%/packages/patches/fastcap-mulGlobal.patch \ %D%/packages/patches/fastcap-mulSetup.patch \ diff --git a/gnu/packages/patches/expat-CVE-2018-20843.patch b/gnu/packages/patches/expat-CVE-2018-20843.patch new file mode 100644 index 0000000000..216fbe9667 --- /dev/null +++ b/gnu/packages/patches/expat-CVE-2018-20843.patch @@ -0,0 +1,21 @@ +Fix extraction of namespace prefix from XML name. +Fixes CVE-2018-20843 + +This patch comes from upstream commit 11f8838bf99ea0a6f0b76f9760c43704d00c4ff6 +https://github.com/libexpat/libexpat/commit/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6 + +CVE is https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843 + +diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c +index 30d55c5..737d7cd 100644 +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -6071,7 +6071,7 @@ setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE *elementType) + else + poolDiscard(&dtd->pool); + elementType->prefix = prefix; +- ++ break; + } + } + return 1; diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index e3260be103..0cd9319c95 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -66,6 +66,7 @@ (define-public expat (package (name "expat") + (replacement expat/fixed) (version "2.2.6") (source (let ((dot->underscore (lambda (c) (if (char=? #\. c) #\_ c)))) (origin @@ -88,6 +89,14 @@ stream-oriented parser in which an application registers handlers for things the parser might find in the XML document (like start tags).") (license license:expat))) +(define expat/fixed + (package + (inherit expat) + (source + (origin + (inherit (package-source expat)) + (patches (search-patches "expat-CVE-2018-20843.patch")))))) + (define-public libebml (package (name "libebml") -- cgit 1.4.1