From f8faf537cae393b9d9bdb7fd476ad5f79dedaf91 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 16 Dec 2016 15:23:47 -0500 Subject: gnu: libupnp: Fix CVE-2016-8863. * gnu/packages/patches/libupnp-CVE-2016-8863.patch: New file. * gnu/local.mk (dist_patch_DATA): Use it. * gnu/packages/libupnp.scm (libupnp)[source]: Use it. --- gnu/packages/patches/libupnp-CVE-2016-8863.patch | 72 ++++++++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 gnu/packages/patches/libupnp-CVE-2016-8863.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/libupnp-CVE-2016-8863.patch b/gnu/packages/patches/libupnp-CVE-2016-8863.patch new file mode 100644 index 0000000000..9978b39487 --- /dev/null +++ b/gnu/packages/patches/libupnp-CVE-2016-8863.patch @@ -0,0 +1,72 @@ +Fix CVE-2016-8863: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8863 +https://sourceforge.net/p/pupnp/bugs/133/ + +Patch copied from upstream source repository: + +https://sourceforge.net/p/pupnp/code/ci/9c099c2923ab4d98530ab5204af1738be5bddba7/ + +From 9c099c2923ab4d98530ab5204af1738be5bddba7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= +Date: Thu, 8 Dec 2016 17:11:53 +0100 +Subject: [PATCH] Fix out-of-bound access in create_url_list() (CVE-2016-8863) + +If there is an invalid URL in URLS->buf after a valid one, uri_parse is +called with out pointing after the allocated memory. As uri_parse writes +to *out before returning an error the loop in create_url_list must be +stopped early to prevent an out-of-bound access + +Bug: https://sourceforge.net/p/pupnp/bugs/133/ +Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8863 +Bug-Debian: https://bugs.debian.org/842093 +Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=1388771 +(cherry picked from commit a0f6e719bc03c4d2fe6a4a42ef6b8761446f520b) +--- + upnp/src/gena/gena_device.c | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +diff --git a/upnp/src/gena/gena_device.c b/upnp/src/gena/gena_device.c +index fb04a29..245c56b 100644 +--- a/upnp/src/gena/gena_device.c ++++ b/upnp/src/gena/gena_device.c +@@ -1113,7 +1113,7 @@ static int create_url_list( + /*! [out] . */ + URL_list *out) + { +- size_t URLcount = 0; ++ size_t URLcount = 0, URLcount2 = 0; + size_t i; + int return_code = 0; + uri_type temp; +@@ -1155,16 +1155,23 @@ static int create_url_list( + } + memcpy( out->URLs, URLS->buff, URLS->size ); + out->URLs[URLS->size] = 0; +- URLcount = 0; + for( i = 0; i < URLS->size; i++ ) { + if( ( URLS->buff[i] == '<' ) && ( i + 1 < URLS->size ) ) { + if( ( ( return_code = + parse_uri( &out->URLs[i + 1], URLS->size - i + 1, +- &out->parsedURLs[URLcount] ) ) == ++ &out->parsedURLs[URLcount2] ) ) == + HTTP_SUCCESS ) +- && ( out->parsedURLs[URLcount].hostport.text.size != ++ && ( out->parsedURLs[URLcount2].hostport.text.size != + 0 ) ) { +- URLcount++; ++ URLcount2++; ++ if (URLcount2 >= URLcount) ++ /* ++ * break early here in case there is a bogus URL that ++ * was skipped above. This prevents to access ++ * out->parsedURLs[URLcount] which is beyond the ++ * allocation. ++ */ ++ break; + } else { + if( return_code == UPNP_E_OUTOF_MEMORY ) { + free( out->URLs ); +-- +2.11.0 + -- cgit v1.2.3 From 43686dcb2f99b2700255de7f4eedd608f6847078 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Mon, 19 Dec 2016 10:33:17 -0500 Subject: gnu: openssh: Update to 7.4p1. * gnu/packages/ssh.scm (openssh): Update to 7.4p1. [source]: Remove 'openssh-memory-exhaustion.patch'. * gnu/packages/patches/openssh-memory-exhaustion.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - .../patches/openssh-memory-exhaustion.patch | 39 ---------------------- gnu/packages/ssh.scm | 5 ++- 3 files changed, 2 insertions(+), 43 deletions(-) delete mode 100644 gnu/packages/patches/openssh-memory-exhaustion.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 49fd2337cd..c076ab969d 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -752,7 +752,6 @@ dist_patch_DATA = \ %D%/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch \ %D%/packages/patches/openjpeg-use-after-free-fix.patch \ %D%/packages/patches/openocd-nrf52.patch \ - %D%/packages/patches/openssh-memory-exhaustion.patch \ %D%/packages/patches/openssl-runpath.patch \ %D%/packages/patches/openssl-1.1.0-c-rehash-in.patch \ %D%/packages/patches/openssl-c-rehash-in.patch \ diff --git a/gnu/packages/patches/openssh-memory-exhaustion.patch b/gnu/packages/patches/openssh-memory-exhaustion.patch deleted file mode 100644 index 91fe294ca4..0000000000 --- a/gnu/packages/patches/openssh-memory-exhaustion.patch +++ /dev/null @@ -1,39 +0,0 @@ -Fix a memory exhaustion bug in the key exchange, whereby an unauthenticated user -could potentially consume 38400 MB of memory on the server: - -http://seclists.org/oss-sec/2016/q4/185 - -Patch adapted from upstream source repository: - -https://github.com/openssh/openssh-portable/commit/ec165c392ca54317dbe3064a8c200de6531e89ad - -From ec165c392ca54317dbe3064a8c200de6531e89ad Mon Sep 17 00:00:00 2001 -From: "markus@openbsd.org" -Date: Mon, 10 Oct 2016 19:28:48 +0000 -Subject: [PATCH] upstream commit - -Unregister the KEXINIT handler after message has been -received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause -allocation of up to 128MB -- until the connection is closed. Reported by -shilei-c at 360.cn - -Upstream-ID: 43649ae12a27ef94290db16d1a98294588b75c05 ---- - kex.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/kex.c b/kex.c -index 3f97f8c..6a94bc5 100644 ---- a/kex.c -+++ b/kex.c -@@ -481,6 +481,7 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt) - if (kex == NULL) - return SSH_ERR_INVALID_ARGUMENT; - -+ ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL); - ptr = sshpkt_ptr(ssh, &dlen); - if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0) - return r; --- -2.10.1 - diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm index ea5ec811d1..0fe6598bb2 100644 --- a/gnu/packages/ssh.scm +++ b/gnu/packages/ssh.scm @@ -112,7 +112,7 @@ a server that supports the SSH-2 protocol.") (define-public openssh (package (name "openssh") - (version "7.3p1") + (version "7.4p1") (source (origin (method url-fetch) (uri (let ((tail (string-append name "-" version ".tar.gz"))) @@ -122,9 +122,8 @@ a server that supports the SSH-2 protocol.") tail) (string-append "http://ftp2.fr.openbsd.org/pub/OpenBSD/OpenSSH/portable/" tail)))) - (patches (search-patches "openssh-memory-exhaustion.patch")) (sha256 (base32 - "1k5y1wi29d47cgizbryxrhc1fbjsba2x8l5mqfa9b9nadnd9iyrz")))) + "1l8r3x4fr2kb6xm95s7kjdif1wp6f94d4kljh4qjj9109shw87qv")))) (build-system gnu-build-system) (inputs `(("groff" ,groff) ("openssl" ,openssl) -- cgit v1.2.3 From 834d12226bed90800c0ee7886c0b90e65d070f97 Mon Sep 17 00:00:00 2001 From: Thomas Danckaert Date: Tue, 6 Dec 2016 14:55:39 +0100 Subject: gnu: kdbusaddons: Embed kinit store dir, avoid dependency cycles. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit kdbusaddons needs to know the location of the kdeinit5 executable, provided by kinit. kinit depends on kdbusaddons, so we add bootstrap versions of all packages in the dependency chain from kinit to kdbusaddons to avoid cyclic dependencies. * gnu/packages/kde-frameworks.scm (kinit-bootstrap, kdbusaddons-bootstrap): New variables. (kdbusaddons)[inputs]: Add kinit-bootstrap. [source,arguments]: Add patch and substitution to embed kinit-bootstrap's store directory in the code. * gnu/packages/patches/kdbusaddons-kinit-file-name.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 1 + gnu/packages/kde-frameworks.scm | 36 ++++++++++++++++++++-- .../patches/kdbusaddons-kinit-file-name.patch | 15 +++++++++ 3 files changed, 49 insertions(+), 3 deletions(-) create mode 100644 gnu/packages/patches/kdbusaddons-kinit-file-name.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index c076ab969d..3a56c840bc 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -639,6 +639,7 @@ dist_patch_DATA = \ %D%/packages/patches/isl-0.11.1-aarch64-support.patch \ %D%/packages/patches/jbig2dec-ignore-testtest.patch \ %D%/packages/patches/jq-CVE-2015-8863.patch \ + %D%/packages/patches/kdbusaddons-kinit-file-name.patch \ %D%/packages/patches/khmer-use-libraries.patch \ %D%/packages/patches/kmod-module-directory.patch \ %D%/packages/patches/kobodeluxe-paths.patch \ diff --git a/gnu/packages/kde-frameworks.scm b/gnu/packages/kde-frameworks.scm index 8b841330b8..94145fb95d 100644 --- a/gnu/packages/kde-frameworks.scm +++ b/gnu/packages/kde-frameworks.scm @@ -25,6 +25,7 @@ #:use-module ((guix licenses) #:prefix license:) #:use-module (guix packages) #:use-module (guix utils) + #:use-module (gnu packages) #:use-module (gnu packages acl) #:use-module (gnu packages admin) #:use-module (gnu packages attr) @@ -50,7 +51,8 @@ #:use-module (gnu packages version-control) #:use-module (gnu packages web) #:use-module (gnu packages xml) - #:use-module (gnu packages xorg)) + #:use-module (gnu packages xorg) + #:use-module (srfi srfi-1)) (define-public extra-cmake-modules (package @@ -516,7 +518,8 @@ many more.") name "-" version ".tar.xz")) (sha256 (base32 - "07mzb1xr8wyiid25p8kg6mjp6vq8ngvv1ikhq75zvd2cbax530c8")))) + "07mzb1xr8wyiid25p8kg6mjp6vq8ngvv1ikhq75zvd2cbax530c8")) + (patches (search-patches "kdbusaddons-kinit-file-name.patch")))) (build-system cmake-build-system) (native-inputs `(("extra-cmake-modules" ,extra-cmake-modules) @@ -524,10 +527,18 @@ many more.") ("qttools" ,qttools))) (inputs `(("qtbase" ,qtbase) - ("qtx11extras" ,qtx11extras))) + ("qtx11extras" ,qtx11extras) + ("kinit" ,kinit-bootstrap))) ;; kinit-bootstrap: kinit package which does not depend on kdbusaddons. (arguments `(#:phases (modify-phases %standard-phases + (add-before + 'configure 'patch-source + (lambda* (#:key inputs #:allow-other-keys) + ;; look for the kdeinit5 executable in kinit's store directory, + ;; instead of the current application's directory: + (substitute* "src/kdeinitinterface.cpp" + (("@SUBSTITUTEME@") (assoc-ref inputs "kinit"))))) (replace 'check (lambda _ (setenv "DBUS_FATAL_WARNINGS" "0") @@ -2866,3 +2877,22 @@ setUrl, setUserAgent and call.") script engines.") ;; dual licensed (license (list license:gpl2+ license:lgpl2.1+)))) + +;; This version of kdbusaddons does not use kinit as an input, and is used to +;; build kinit-bootstrap, as well as bootstrap versions of all kinit +;; dependencies which also rely on kdbusaddons. +(define kdbusaddons-bootstrap + (package + (inherit kdbusaddons) + (source (origin + (inherit (package-source kdbusaddons)) + (patches '()))) + (inputs (alist-delete "kinit" (package-inputs kdbusaddons))) + (arguments + (substitute-keyword-arguments (package-arguments kdbusaddons) + ((#:phases phases) + `(modify-phases ,phases + (delete 'patch-source))))))) + +(define kinit-bootstrap + ((package-input-rewriting `((,kdbusaddons . ,kdbusaddons-bootstrap))) kinit)) diff --git a/gnu/packages/patches/kdbusaddons-kinit-file-name.patch b/gnu/packages/patches/kdbusaddons-kinit-file-name.patch new file mode 100644 index 0000000000..ffed88e043 --- /dev/null +++ b/gnu/packages/patches/kdbusaddons-kinit-file-name.patch @@ -0,0 +1,15 @@ +Add placeholder for kinit's store file name. + +diff --git a/src/kdeinitinterface.cpp b/src/kdeinitinterface.cpp +index 22fa5e5..3d40937 100644 +--- a/src/kdeinitinterface.cpp ++++ b/src/kdeinitinterface.cpp +@@ -52,7 +52,7 @@ void KDEInitInterface::ensureKdeinitRunning() + // If not found in system paths, search other paths + if (srv.isEmpty()) { + const QStringList searchPaths = QStringList() +- << QCoreApplication::applicationDirPath() // then look where our application binary is located ++ << QString::fromUtf8("@SUBSTITUTEME@/bin") // using QStringLiteral would be more efficient, but breaks guix store reference detection. + << QLibraryInfo::location(QLibraryInfo::BinariesPath); // look where exec path is (can be set in qt.conf) + srv = QStandardPaths::findExecutable(QStringLiteral("kdeinit5"), searchPaths); + if (srv.isEmpty()) { -- cgit v1.2.3 From d229ba95024525a20a34106d875cde604c27817d Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Wed, 21 Dec 2016 21:28:15 +0200 Subject: gnu: qemu: Update to 2.8.0. * gnu/packages/qemu.scm (qemu): Update to 2.8.0. [source]: Remove patches. [arguments]: Set host_cc during 'configure. * gnu/packages/patches/qemu-CVE-2016-8576.patch, gnu/packages/patches/qemu-CVE-2016-8577.patch, gnu/packages/patches/qemu-CVE-2016-8577.patch: Remove files. * gnu/local.mk (dist_patch_DATA): Remove them. --- gnu/local.mk | 3 -- gnu/packages/patches/qemu-CVE-2016-8576.patch | 62 --------------------------- gnu/packages/patches/qemu-CVE-2016-8577.patch | 36 ---------------- gnu/packages/patches/qemu-CVE-2016-8578.patch | 27 ------------ gnu/packages/qemu.scm | 11 +++-- 5 files changed, 5 insertions(+), 134 deletions(-) delete mode 100644 gnu/packages/patches/qemu-CVE-2016-8576.patch delete mode 100644 gnu/packages/patches/qemu-CVE-2016-8577.patch delete mode 100644 gnu/packages/patches/qemu-CVE-2016-8578.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 3a56c840bc..f55d8e5e74 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -819,9 +819,6 @@ dist_patch_DATA = \ %D%/packages/patches/python-paste-remove-website-test.patch \ %D%/packages/patches/python-paste-remove-timing-test.patch \ %D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \ - %D%/packages/patches/qemu-CVE-2016-8576.patch \ - %D%/packages/patches/qemu-CVE-2016-8577.patch \ - %D%/packages/patches/qemu-CVE-2016-8578.patch \ %D%/packages/patches/qt4-ldflags.patch \ %D%/packages/patches/quickswitch-fix-dmenu-check.patch \ %D%/packages/patches/rapicorn-isnan.patch \ diff --git a/gnu/packages/patches/qemu-CVE-2016-8576.patch b/gnu/packages/patches/qemu-CVE-2016-8576.patch deleted file mode 100644 index 5031b59d81..0000000000 --- a/gnu/packages/patches/qemu-CVE-2016-8576.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 20009bdaf95d10bf748fa69b104672d3cfaceddf Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Fri, 7 Oct 2016 10:15:29 +0200 -Subject: [PATCH] xhci: limit the number of link trbs we are willing to process - -Signed-off-by: Gerd Hoffmann ---- - hw/usb/hcd-xhci.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c -index 726435c..ee4fa48 100644 ---- a/hw/usb/hcd-xhci.c -+++ b/hw/usb/hcd-xhci.c -@@ -54,6 +54,8 @@ - * to the specs when it gets them */ - #define ER_FULL_HACK - -+#define TRB_LINK_LIMIT 4 -+ - #define LEN_CAP 0x40 - #define LEN_OPER (0x400 + 0x10 * MAXPORTS) - #define LEN_RUNTIME ((MAXINTRS + 1) * 0x20) -@@ -1000,6 +1002,7 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb, - dma_addr_t *addr) - { - PCIDevice *pci_dev = PCI_DEVICE(xhci); -+ uint32_t link_cnt = 0; - - while (1) { - TRBType type; -@@ -1026,6 +1029,9 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb, - ring->dequeue += TRB_SIZE; - return type; - } else { -+ if (++link_cnt > TRB_LINK_LIMIT) { -+ return 0; -+ } - ring->dequeue = xhci_mask64(trb->parameter); - if (trb->control & TRB_LK_TC) { - ring->ccs = !ring->ccs; -@@ -1043,6 +1049,7 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring) - bool ccs = ring->ccs; - /* hack to bundle together the two/three TDs that make a setup transfer */ - bool control_td_set = 0; -+ uint32_t link_cnt = 0; - - while (1) { - TRBType type; -@@ -1058,6 +1065,9 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring) - type = TRB_TYPE(trb); - - if (type == TR_LINK) { -+ if (++link_cnt > TRB_LINK_LIMIT) { -+ return -length; -+ } - dequeue = xhci_mask64(trb.parameter); - if (trb.control & TRB_LK_TC) { - ccs = !ccs; --- -1.8.3.1 - diff --git a/gnu/packages/patches/qemu-CVE-2016-8577.patch b/gnu/packages/patches/qemu-CVE-2016-8577.patch deleted file mode 100644 index c4132d2fb1..0000000000 --- a/gnu/packages/patches/qemu-CVE-2016-8577.patch +++ /dev/null @@ -1,36 +0,0 @@ -Subject: [Qemu-devel] [PATCH] 9pfs: fix potential host memory leak in v9fs_read -From: Li Qiang - -In 9pfs read dispatch function, it doesn't free two QEMUIOVector -object thus causing potential memory leak. This patch avoid this. - -Signed-off-by: Li Qiang ---- - hw/9pfs/9p.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c -index 119ee58..543a791 100644 ---- a/hw/9pfs/9p.c -+++ b/hw/9pfs/9p.c -@@ -1826,14 +1826,15 @@ static void v9fs_read(void *opaque) - if (len < 0) { - /* IO error return the error */ - err = len; -- goto out; -+ goto out_free_iovec; - } - } while (count < max_count && len > 0); - err = pdu_marshal(pdu, offset, "d", count); - if (err < 0) { -- goto out; -+ goto out_free_iovec; - } - err += offset + count; -+out_free_iovec: - qemu_iovec_destroy(&qiov); - qemu_iovec_destroy(&qiov_full); - } else if (fidp->fid_type == P9_FID_XATTR) { --- -1.8.3.1 - diff --git a/gnu/packages/patches/qemu-CVE-2016-8578.patch b/gnu/packages/patches/qemu-CVE-2016-8578.patch deleted file mode 100644 index 92ba365727..0000000000 --- a/gnu/packages/patches/qemu-CVE-2016-8578.patch +++ /dev/null @@ -1,27 +0,0 @@ -From: Li Qiang - -In 9pfs function v9fs_iov_vunmarshal, it will not allocate space -for empty string. This will cause several NULL pointer dereference -issues. this patch fix this issue. - -Signed-off-by: Li Qiang ---- - fsdev/9p-iov-marshal.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/fsdev/9p-iov-marshal.c b/fsdev/9p-iov-marshal.c -index 663cad5..1d16f8d 100644 ---- a/fsdev/9p-iov-marshal.c -+++ b/fsdev/9p-iov-marshal.c -@@ -125,7 +125,7 @@ ssize_t v9fs_iov_vunmarshal(struct iovec *out_sg, int out_num, size_t offset, - str->data = g_malloc(str->size + 1); - copied = v9fs_unpack(str->data, out_sg, out_num, offset, - str->size); -- if (copied > 0) { -+ if (copied >= 0) { - str->data[str->size] = 0; - } else { - v9fs_string_free(str); --- -1.8.3.1 - diff --git a/gnu/packages/qemu.scm b/gnu/packages/qemu.scm index 805bb33b6b..4c47a09902 100644 --- a/gnu/packages/qemu.scm +++ b/gnu/packages/qemu.scm @@ -69,17 +69,14 @@ (define-public qemu (package (name "qemu") - (version "2.7.0") + (version "2.8.0") (source (origin (method url-fetch) (uri (string-append "http://wiki.qemu-project.org/download/qemu-" version ".tar.bz2")) (sha256 (base32 - "0lqyz01z90nvxpc3nx4djbci7hx62cwvs5zwd6phssds0sap6vij")) - (patches (search-patches "qemu-CVE-2016-8576.patch" - "qemu-CVE-2016-8577.patch" - "qemu-CVE-2016-8578.patch")))) + "0qjy3rcrn89n42y5iz60kgr0rrl29hpnj8mq2yvbc1wrcizmvzfs")))) (build-system gnu-build-system) (arguments '(;; Running tests in parallel can occasionally lead to failures, like: @@ -106,6 +103,8 @@ (apply system* `("./configure" ,(string-append "--cc=" (which "gcc")) + ;; Some architectures insist on using HOST_CC + ,(string-append "--host-cc=" (which "gcc")) "--disable-debug-info" ; save build space "--enable-virtfs" ; just to be sure ,(string-append "--prefix=" out) @@ -124,7 +123,7 @@ (add-before 'check 'make-gtester-verbose (lambda _ ;; Make GTester verbose to facilitate investigation upon failure. - (setenv "V" "1"))) + (setenv "V" "1") #t)) (add-before 'check 'disable-test-qga (lambda _ (substitute* "tests/Makefile.include" -- cgit v1.2.3 From 059b3aa9c335041d947cf2b765ab3dab811cfdc5 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Thu, 22 Dec 2016 14:56:48 +0100 Subject: gnu: gnupg: Fix build on 32-bit architectures. * gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/gnupg.scm (gnupg)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/gnupg.scm | 6 +++- .../gnupg-test-segfault-on-32bit-arch.patch | 40 ++++++++++++++++++++++ 3 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index f55d8e5e74..ee8f1e591f 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -588,6 +588,7 @@ dist_patch_DATA = \ %D%/packages/patches/gmp-faulty-test.patch \ %D%/packages/patches/gnome-tweak-tool-search-paths.patch \ %D%/packages/patches/gnucash-price-quotes-perl.patch \ + %D%/packages/patches/gnupg-test-segfault-on-32bit-arch.patch \ %D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \ %D%/packages/patches/gobject-introspection-cc.patch \ %D%/packages/patches/gobject-introspection-girepository.patch \ diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index 096fcb96f5..5d5a6cdff0 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -220,7 +220,11 @@ compatible to GNU Pth.") ".tar.bz2")) (sha256 (base32 - "1js308b46ifx1gim0c9nivr5yxhans7iq1yvkf7zl2928gdm9p65")))) + "1js308b46ifx1gim0c9nivr5yxhans7iq1yvkf7zl2928gdm9p65")) + (patches + ;; This fixes a test failure on 32bit. Remove for next version. + ;; https://lists.gnu.org/archive/html/guix-devel/2016-12/msg00869.html + (search-patches "gnupg-test-segfault-on-32bit-arch.patch")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) diff --git a/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch b/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch new file mode 100644 index 0000000000..79bb41caaa --- /dev/null +++ b/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch @@ -0,0 +1,40 @@ +This fixes a segfault on 32-bit architectures. Upstream discussion: + +https://lists.gnupg.org/pipermail/gnupg-devel/2016-December/032364.html + +Guix thread: https://lists.gnu.org/archive/html/guix-devel/2016-12/msg00631.html + +Patch copied from upstream source repository: + +https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=6e96cdd41a0e55b672309431062f37c4a4a9f485 + +From 6e96cdd41a0e55b672309431062f37c4a4a9f485 Mon Sep 17 00:00:00 2001 +From: Justus Winter +Date: Wed, 21 Dec 2016 16:14:45 +0100 +Subject: [PATCH] gpgscm: Guard use of union member. + +* tests/gpgscm/scheme.c (opexe_5): Check that we have a file port +before accessing filename. Fixes a crash on 32-bit architectures. + +Fixes-commit: e7429b1ced0c69fa7901f888f8dc25f00fc346a4 +Signed-off-by: Justus Winter +--- + tests/gpgscm/scheme.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c +index a5b7691..2844545 100644 +--- a/tests/gpgscm/scheme.c ++++ b/tests/gpgscm/scheme.c +@@ -4838,7 +4838,7 @@ static pointer opexe_5(scheme *sc, enum scheme_opcodes op) { + } else { + sc->nesting_stack[sc->file_i]++; + #if USE_TAGS && SHOW_ERROR_LINE +- { ++ if (sc->load_stack[sc->file_i].kind & port_file) { + const char *filename = + sc->load_stack[sc->file_i].rep.stdio.filename; + int lineno = +-- +2.8.0.rc3 + -- cgit v1.2.3 From 0c83c6bf2669367e81012391b5bc4ab0406ffbf3 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sat, 24 Dec 2016 19:09:03 -0500 Subject: gnu: libxml2: Fix CVE-2016-4658. * gnu/packages/xml.scm (libxml2)[replacement]: New field. (libxml2/fixed): New variable. * gnu/packages/patches/libxml2-CVE-2016-4658.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/patches/libxml2-CVE-2016-4658.patch | 257 +++++++++++++++++++++++ gnu/packages/xml.scm | 9 + 3 files changed, 267 insertions(+) create mode 100644 gnu/packages/patches/libxml2-CVE-2016-4658.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index ee8f1e591f..a1137cf36f 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -696,6 +696,7 @@ dist_patch_DATA = \ %D%/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch \ %D%/packages/patches/libwmf-CVE-2015-4695.patch \ %D%/packages/patches/libwmf-CVE-2015-4696.patch \ + %D%/packages/patches/libxml2-CVE-2016-4658.patch \ %D%/packages/patches/libxslt-generated-ids.patch \ %D%/packages/patches/libxslt-CVE-2016-4738.patch \ %D%/packages/patches/linux-pam-no-setfsuid.patch \ diff --git a/gnu/packages/patches/libxml2-CVE-2016-4658.patch b/gnu/packages/patches/libxml2-CVE-2016-4658.patch new file mode 100644 index 0000000000..a4e1f31fae --- /dev/null +++ b/gnu/packages/patches/libxml2-CVE-2016-4658.patch @@ -0,0 +1,257 @@ +Fix CVE-2016-4658: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658 + +Patch copied from upstream source repository: + +https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b + +From c1d1f7121194036608bf555f08d3062a36fd344b Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Tue, 28 Jun 2016 18:34:52 +0200 +Subject: [PATCH] Disallow namespace nodes in XPointer ranges + +Namespace nodes must be copied to avoid use-after-free errors. +But they don't necessarily have a physical representation in a +document, so simply disallow them in XPointer ranges. + +Found with afl-fuzz. + +Fixes CVE-2016-4658. +--- + xpointer.c | 149 +++++++++++++++++++++++-------------------------------------- + 1 file changed, 56 insertions(+), 93 deletions(-) + +diff --git a/xpointer.c b/xpointer.c +index a7b03fbd..694d120e 100644 +--- a/xpointer.c ++++ b/xpointer.c +@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) { + } + + /** ++ * xmlXPtrNewRangeInternal: ++ * @start: the starting node ++ * @startindex: the start index ++ * @end: the ending point ++ * @endindex: the ending index ++ * ++ * Internal function to create a new xmlXPathObjectPtr of type range ++ * ++ * Returns the newly created object. ++ */ ++static xmlXPathObjectPtr ++xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex, ++ xmlNodePtr end, int endindex) { ++ xmlXPathObjectPtr ret; ++ ++ /* ++ * Namespace nodes must be copied (see xmlXPathNodeSetDupNs). ++ * Disallow them for now. ++ */ ++ if ((start != NULL) && (start->type == XML_NAMESPACE_DECL)) ++ return(NULL); ++ if ((end != NULL) && (end->type == XML_NAMESPACE_DECL)) ++ return(NULL); ++ ++ ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); ++ if (ret == NULL) { ++ xmlXPtrErrMemory("allocating range"); ++ return(NULL); ++ } ++ memset(ret, 0, sizeof(xmlXPathObject)); ++ ret->type = XPATH_RANGE; ++ ret->user = start; ++ ret->index = startindex; ++ ret->user2 = end; ++ ret->index2 = endindex; ++ return(ret); ++} ++ ++/** + * xmlXPtrNewRange: + * @start: the starting node + * @startindex: the start index +@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex, + if (endindex < 0) + return(NULL); + +- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); +- if (ret == NULL) { +- xmlXPtrErrMemory("allocating range"); +- return(NULL); +- } +- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); +- ret->type = XPATH_RANGE; +- ret->user = start; +- ret->index = startindex; +- ret->user2 = end; +- ret->index2 = endindex; ++ ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex); + xmlXPtrRangeCheckOrder(ret); + return(ret); + } +@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) { + if (end->type != XPATH_POINT) + return(NULL); + +- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); +- if (ret == NULL) { +- xmlXPtrErrMemory("allocating range"); +- return(NULL); +- } +- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); +- ret->type = XPATH_RANGE; +- ret->user = start->user; +- ret->index = start->index; +- ret->user2 = end->user; +- ret->index2 = end->index; ++ ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user, ++ end->index); + xmlXPtrRangeCheckOrder(ret); + return(ret); + } +@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) { + if (start->type != XPATH_POINT) + return(NULL); + +- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); +- if (ret == NULL) { +- xmlXPtrErrMemory("allocating range"); +- return(NULL); +- } +- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); +- ret->type = XPATH_RANGE; +- ret->user = start->user; +- ret->index = start->index; +- ret->user2 = end; +- ret->index2 = -1; ++ ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1); + xmlXPtrRangeCheckOrder(ret); + return(ret); + } +@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) { + if (end->type != XPATH_POINT) + return(NULL); + +- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); +- if (ret == NULL) { +- xmlXPtrErrMemory("allocating range"); +- return(NULL); +- } +- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); +- ret->type = XPATH_RANGE; +- ret->user = start; +- ret->index = -1; +- ret->user2 = end->user; +- ret->index2 = end->index; ++ ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index); + xmlXPtrRangeCheckOrder(ret); + return(ret); + } +@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) { + if (end == NULL) + return(NULL); + +- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); +- if (ret == NULL) { +- xmlXPtrErrMemory("allocating range"); +- return(NULL); +- } +- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); +- ret->type = XPATH_RANGE; +- ret->user = start; +- ret->index = -1; +- ret->user2 = end; +- ret->index2 = -1; ++ ret = xmlXPtrNewRangeInternal(start, -1, end, -1); + xmlXPtrRangeCheckOrder(ret); + return(ret); + } +@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) { + if (start == NULL) + return(NULL); + +- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); +- if (ret == NULL) { +- xmlXPtrErrMemory("allocating range"); +- return(NULL); +- } +- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); +- ret->type = XPATH_RANGE; +- ret->user = start; +- ret->index = -1; +- ret->user2 = NULL; +- ret->index2 = -1; ++ ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1); + return(ret); + } + +@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) { + */ + xmlXPathObjectPtr + xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { ++ xmlNodePtr endNode; ++ int endIndex; + xmlXPathObjectPtr ret; + + if (start == NULL) +@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { + return(NULL); + switch (end->type) { + case XPATH_POINT: ++ endNode = end->user; ++ endIndex = end->index; ++ break; + case XPATH_RANGE: ++ endNode = end->user2; ++ endIndex = end->index2; + break; + case XPATH_NODESET: + /* +@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { + */ + if (end->nodesetval->nodeNr <= 0) + return(NULL); ++ endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1]; ++ endIndex = -1; + break; + default: + /* TODO */ + return(NULL); + } + +- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); +- if (ret == NULL) { +- xmlXPtrErrMemory("allocating range"); +- return(NULL); +- } +- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); +- ret->type = XPATH_RANGE; +- ret->user = start; +- ret->index = -1; +- switch (end->type) { +- case XPATH_POINT: +- ret->user2 = end->user; +- ret->index2 = end->index; +- break; +- case XPATH_RANGE: +- ret->user2 = end->user2; +- ret->index2 = end->index2; +- break; +- case XPATH_NODESET: { +- ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1]; +- ret->index2 = -1; +- break; +- } +- default: +- STRANGE +- return(NULL); +- } ++ ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex); + xmlXPtrRangeCheckOrder(ret); + return(ret); + } +-- +2.11.0 + diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index 594a1a471c..d821338b52 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -74,6 +74,7 @@ things the parser might find in the XML document (like start tags).") (define-public libxml2 (package (name "libxml2") + (replacement libxml2/fixed) (version "2.9.4") (source (origin (method url-fetch) @@ -101,6 +102,14 @@ things the parser might find in the XML document (like start tags).") project (but it is usable outside of the Gnome platform).") (license license:x11))) +(define libxml2/fixed + (package + (inherit libxml2) + (source + (origin + (inherit (package-source libxml2)) + (patches (search-patches "libxml2-CVE-2016-4658.patch")))))) + (define-public python-libxml2 (package (inherit libxml2) (name "python-libxml2") -- cgit v1.2.3 From 3a2bcac6bd5a372553079750717ed4e9e6a638f1 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sat, 24 Dec 2016 19:11:30 -0500 Subject: gnu: libxml2: Fix CVE-2016-5131. * gnu/packages/patches/libxml2-CVE-2016-5131.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/xml.scm (libxml2/fixed)[source]: Add it. --- gnu/local.mk | 1 + gnu/packages/patches/libxml2-CVE-2016-5131.patch | 218 +++++++++++++++++++++++ gnu/packages/xml.scm | 3 +- 3 files changed, 221 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/libxml2-CVE-2016-5131.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index a1137cf36f..106adb2351 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -697,6 +697,7 @@ dist_patch_DATA = \ %D%/packages/patches/libwmf-CVE-2015-4695.patch \ %D%/packages/patches/libwmf-CVE-2015-4696.patch \ %D%/packages/patches/libxml2-CVE-2016-4658.patch \ + %D%/packages/patches/libxml2-CVE-2016-5131.patch \ %D%/packages/patches/libxslt-generated-ids.patch \ %D%/packages/patches/libxslt-CVE-2016-4738.patch \ %D%/packages/patches/linux-pam-no-setfsuid.patch \ diff --git a/gnu/packages/patches/libxml2-CVE-2016-5131.patch b/gnu/packages/patches/libxml2-CVE-2016-5131.patch new file mode 100644 index 0000000000..38938c8e3e --- /dev/null +++ b/gnu/packages/patches/libxml2-CVE-2016-5131.patch @@ -0,0 +1,218 @@ +Fix CVE-2016-5131: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131 + +Patches copied from upstream source repository (the test suite fails +without the 2nd patch): + +https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e +https://git.gnome.org/browse/libxml2/commit/?id=a005199330b86dada19d162cae15ef9bdcb6baa8 + +From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Tue, 28 Jun 2016 14:22:23 +0200 +Subject: [PATCH] Fix XPointer paths beginning with range-to + +The old code would invoke the broken xmlXPtrRangeToFunction. range-to +isn't really a function but a special kind of location step. Remove +this function and always handle range-to in the XPath code. + +The old xmlXPtrRangeToFunction could also be abused to trigger a +use-after-free error with the potential for remote code execution. + +Found with afl-fuzz. + +Fixes CVE-2016-5131. +--- + result/XPath/xptr/vidbase | 13 ++++++++ + test/XPath/xptr/vidbase | 1 + + xpath.c | 7 ++++- + xpointer.c | 76 ++++------------------------------------------- + 4 files changed, 26 insertions(+), 71 deletions(-) + +diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase +index 8b9e92d6..f19193e7 100644 +--- a/result/XPath/xptr/vidbase ++++ b/result/XPath/xptr/vidbase +@@ -17,3 +17,16 @@ Object is a Location Set: + To node + ELEMENT p + ++ ++======================== ++Expression: xpointer(range-to(id('chapter2'))) ++Object is a Location Set: ++1 : Object is a range : ++ From node ++ / ++ To node ++ ELEMENT chapter ++ ATTRIBUTE id ++ TEXT ++ content=chapter2 ++ +diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase +index b1463830..884b1065 100644 +--- a/test/XPath/xptr/vidbase ++++ b/test/XPath/xptr/vidbase +@@ -1,2 +1,3 @@ + xpointer(id('chapter1')/p) + xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2])) ++xpointer(range-to(id('chapter2'))) +diff --git a/xpath.c b/xpath.c +index d992841e..5a01b1b3 100644 +--- a/xpath.c ++++ b/xpath.c +@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) { + lc = 1; + break; + } else if ((NXT(len) == '(')) { +- /* Note Type or Function */ ++ /* Node Type or Function */ + if (xmlXPathIsNodeType(name)) { + #ifdef DEBUG_STEP + xmlGenericError(xmlGenericErrorContext, + "PathExpr: Type search\n"); + #endif + lc = 1; ++#ifdef LIBXML_XPTR_ENABLED ++ } else if (ctxt->xptr && ++ xmlStrEqual(name, BAD_CAST "range-to")) { ++ lc = 1; ++#endif + } else { + #ifdef DEBUG_STEP + xmlGenericError(xmlGenericErrorContext, +diff --git a/xpointer.c b/xpointer.c +index 676c5105..d74174a3 100644 +--- a/xpointer.c ++++ b/xpointer.c +@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) { + ret->here = here; + ret->origin = origin; + +- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to", +- xmlXPtrRangeToFunction); + xmlXPathRegisterFunc(ret, (xmlChar *)"range", + xmlXPtrRangeFunction); + xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside", +@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) { + * @nargs: the number of args + * + * Implement the range-to() XPointer function ++ * ++ * Obsolete. range-to is not a real function but a special type of location ++ * step which is handled in xpath.c. + */ + void +-xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) { +- xmlXPathObjectPtr range; +- const xmlChar *cur; +- xmlXPathObjectPtr res, obj; +- xmlXPathObjectPtr tmp; +- xmlLocationSetPtr newset = NULL; +- xmlNodeSetPtr oldset; +- int i; +- +- if (ctxt == NULL) return; +- CHECK_ARITY(1); +- /* +- * Save the expression pointer since we will have to evaluate +- * it multiple times. Initialize the new set. +- */ +- CHECK_TYPE(XPATH_NODESET); +- obj = valuePop(ctxt); +- oldset = obj->nodesetval; +- ctxt->context->node = NULL; +- +- cur = ctxt->cur; +- newset = xmlXPtrLocationSetCreate(NULL); +- +- for (i = 0; i < oldset->nodeNr; i++) { +- ctxt->cur = cur; +- +- /* +- * Run the evaluation with a node list made of a single item +- * in the nodeset. +- */ +- ctxt->context->node = oldset->nodeTab[i]; +- tmp = xmlXPathNewNodeSet(ctxt->context->node); +- valuePush(ctxt, tmp); +- +- xmlXPathEvalExpr(ctxt); +- CHECK_ERROR; +- +- /* +- * The result of the evaluation need to be tested to +- * decided whether the filter succeeded or not +- */ +- res = valuePop(ctxt); +- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res); +- if (range != NULL) { +- xmlXPtrLocationSetAdd(newset, range); +- } +- +- /* +- * Cleanup +- */ +- if (res != NULL) +- xmlXPathFreeObject(res); +- if (ctxt->value == tmp) { +- res = valuePop(ctxt); +- xmlXPathFreeObject(res); +- } +- +- ctxt->context->node = NULL; +- } +- +- /* +- * The result is used as the new evaluation set. +- */ +- xmlXPathFreeObject(obj); +- ctxt->context->node = NULL; +- ctxt->context->contextSize = -1; +- ctxt->context->proximityPosition = -1; +- valuePush(ctxt, xmlXPtrWrapLocationSet(newset)); ++xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, ++ int nargs ATTRIBUTE_UNUSED) { ++ XP_ERROR(XPATH_EXPR_ERROR); + } + + /** +-- +2.11.0 + +From a005199330b86dada19d162cae15ef9bdcb6baa8 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Tue, 28 Jun 2016 14:19:58 +0200 +Subject: [PATCH] Fix comparison with root node in xmlXPathCmpNodes + +This change has already been made in xmlXPathCmpNodesExt but not in +xmlXPathCmpNodes. +--- + xpath.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/xpath.c b/xpath.c +index 751665b8..d992841e 100644 +--- a/xpath.c ++++ b/xpath.c +@@ -3342,13 +3342,13 @@ xmlXPathCmpNodes(xmlNodePtr node1, xmlNodePtr node2) { + * compute depth to root + */ + for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) { +- if (cur == node1) ++ if (cur->parent == node1) + return(1); + depth2++; + } + root = cur; + for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) { +- if (cur == node2) ++ if (cur->parent == node2) + return(-1); + depth1++; + } +-- +2.11.0 + diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index d821338b52..32b658489c 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -108,7 +108,8 @@ project (but it is usable outside of the Gnome platform).") (source (origin (inherit (package-source libxml2)) - (patches (search-patches "libxml2-CVE-2016-4658.patch")))))) + (patches (search-patches "libxml2-CVE-2016-4658.patch" + "libxml2-CVE-2016-5131.patch")))))) (define-public python-libxml2 (package (inherit libxml2) -- cgit v1.2.3 From 91426243f15696c38fbe84d3885a71f45911217f Mon Sep 17 00:00:00 2001 From: ng0 Date: Mon, 26 Dec 2016 20:53:40 +0000 Subject: gnu: awesome: Update to 4.0. * gnu/packages/wm.scm (awesome): Update to 4.0. [source]: Adjust URL. [inputs]: Add xcb-util-xrm and libxkbcommon. * gnu/packages/patches/awesome-reproducible-png.patch: Adjust patch. Signed-off-by: Leo Famulari --- gnu/packages/patches/awesome-reproducible-png.patch | 4 ++-- gnu/packages/wm.scm | 12 +++++++----- 2 files changed, 9 insertions(+), 7 deletions(-) (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/awesome-reproducible-png.patch b/gnu/packages/patches/awesome-reproducible-png.patch index 0fae65bc71..d8e92c70f9 100644 --- a/gnu/packages/patches/awesome-reproducible-png.patch +++ b/gnu/packages/patches/awesome-reproducible-png.patch @@ -7,8 +7,8 @@ See . set(ALL_ICONS ${ALL_ICONS} ${output}) add_custom_command( -- COMMAND ${CONVERT_EXECUTABLE} ${input} ${ARGN} ${output} -+ COMMAND ${CONVERT_EXECUTABLE} +set date:create +set date:modify -define png:exclude-chunk=time ${input} ${ARGN} ${output} +- COMMAND ${CONVERT_EXECUTABLE} ${input} -strip ${ARGN} ${output} ++ COMMAND ${CONVERT_EXECUTABLE} +set date:create +set date:modify -define png:exclude-chunk=time ${input} -strip ${ARGN} ${output} OUTPUT ${output} DEPENDS ${input} VERBATIM) diff --git a/gnu/packages/wm.scm b/gnu/packages/wm.scm index 46a8c3f873..6713560c5f 100644 --- a/gnu/packages/wm.scm +++ b/gnu/packages/wm.scm @@ -9,7 +9,7 @@ ;;; Copyright © 2016 Al McElrath ;;; Copyright © 2016 Carlo Zancanaro ;;; Copyright © 2016 Ludovic Courtès -;;; Copyright © 2016 ng0 +;;; Copyright © 2016 ng0 ;;; Copyright © 2016 doncatnip ;;; Copyright © 2016 Ivan Vilata i Balaguer ;;; @@ -497,15 +497,15 @@ experience.") (define-public awesome (package (name "awesome") - (version "3.5.9") + (version "4.0") (source (origin (method url-fetch) (uri (string-append - "https://awesome.naquadah.org/download/awesome-" - version ".tar.xz")) + "https://github.com/awesomeWM/awesome-releases/raw/" + "master/awesome-" version ".tar.xz")) (sha256 (base32 - "0kynair1ykr74b39a4gcm2y24viial64337cf26nhlc7azjbby67")) + "0czkcz67sab63gf5m2p2pgg05yinjx60hfb9rfyzdkkg28q9f02w")) (modules '((guix build utils) (srfi srfi-19))) (snippet @@ -538,6 +538,7 @@ experience.") ("libxcb" ,libxcb) ("libxcursor" ,libxcursor) ("libxdg-basedir" ,libxdg-basedir) + ("libxkbcommon" ,libxkbcommon) ("lua" ,lua) ("lua-lgi",lua-lgi) ("pango" ,pango) @@ -547,6 +548,7 @@ experience.") ("xcb-util-image" ,xcb-util-image) ("xcb-util-keysyms" ,xcb-util-keysyms) ("xcb-util-renderutil" ,xcb-util-renderutil) + ("xcb-util-xrm" ,xcb-util-xrm) ("xcb-util-wm" ,xcb-util-wm))) (arguments `(;; Let compression happen in our 'compress-documentation' phase so that -- cgit v1.2.3 From 322e724bfad9f82149c3f83416234ab19486a229 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Thu, 29 Dec 2016 13:01:55 -0500 Subject: gnu: libpng: Fix a null pointer dereference [fixes security issue]. * gnu/packages/patches/libpng-fix-null-ptr-dereference.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/image.scm (libpng)[replacement]: New field. (libpng/fixed): New variable. --- gnu/local.mk | 1 + gnu/packages/image.scm | 9 ++++++ .../patches/libpng-fix-null-ptr-dereference.patch | 36 ++++++++++++++++++++++ 3 files changed, 46 insertions(+) create mode 100644 gnu/packages/patches/libpng-fix-null-ptr-dereference.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 106adb2351..38c1b0b94e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -675,6 +675,7 @@ dist_patch_DATA = \ %D%/packages/patches/libmad-armv7-thumb-pt2.patch \ %D%/packages/patches/libmad-frame-length.patch \ %D%/packages/patches/libmad-mips-newgcc.patch \ + %D%/packages/patches/libpng-fix-null-ptr-dereference.patch \ %D%/packages/patches/libssh-0.6.5-CVE-2016-0739.patch \ %D%/packages/patches/libtar-CVE-2013-4420.patch \ %D%/packages/patches/libtheora-config-guess.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 1c500b3341..69eeaed58d 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -64,6 +64,7 @@ (define-public libpng (package (name "libpng") + (replacement libpng/fixed) (version "1.6.25") (source (origin (method url-fetch) @@ -88,6 +89,14 @@ library. It supports almost all PNG features and is extensible.") (license license:zlib) (home-page "http://www.libpng.org/pub/png/libpng.html"))) +(define libpng/fixed + (package + (inherit libpng) + (source + (origin + (inherit (package-source libpng)) + (patches (search-patches "libpng-fix-null-ptr-dereference.patch")))))) + (define-public libpng-1.2 (package (inherit libpng) diff --git a/gnu/packages/patches/libpng-fix-null-ptr-dereference.patch b/gnu/packages/patches/libpng-fix-null-ptr-dereference.patch new file mode 100644 index 0000000000..192459162b --- /dev/null +++ b/gnu/packages/patches/libpng-fix-null-ptr-dereference.patch @@ -0,0 +1,36 @@ +Fix a null pointer dereference in png_set_text_2(): + +http://seclists.org/oss-sec/2016/q4/777 + +Patch adapted from upstream source repository: + +https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb/ + +From 812768d7a9c973452222d454634496b25ed415eb Mon Sep 17 00:00:00 2001 +From: Glenn Randers-Pehrson +Date: Thu, 29 Dec 2016 07:51:33 -0600 +Subject: [PATCH] [libpng16] Fixed a potential null pointer dereference in + png_set_text_2() + +(bug report and patch by Patrick Keshishian). +--- + ANNOUNCE | 2 ++ + CHANGES | 2 ++ + png.c | 1 + + 3 files changed, 5 insertions(+) + +diff --git a/png.c b/png.c +index 8afc28fc2..2e05de159 100644 +--- a/png.c ++++ b/png.c +@@ -477,6 +477,7 @@ png_free_data(png_const_structrp png_ptr, png_inforp info_ptr, png_uint_32 mask, + png_free(png_ptr, info_ptr->text); + info_ptr->text = NULL; + info_ptr->num_text = 0; ++ info_ptr->max_text = 0; + } + } + #endif +-- +2.11.0 + -- cgit v1.2.3 From a29929b32caf9e437d18bdb0cd4d1b22bc096fed Mon Sep 17 00:00:00 2001 From: Ben Woodcroft Date: Fri, 30 Dec 2016 17:21:37 +1000 Subject: gnu: multiqc: Update to 0.9. Suggested by Raoul Bonnal . * gnu/packages/bioinformatics.scm (multiqc): Update to 0.9. [origin]: Add patch. * gnu/packages/patches/multiqc-fix-git-subprocess-error.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/bioinformatics.scm | 9 +++++++-- .../patches/multiqc-fix-git-subprocess-error.patch | 16 ++++++++++++++++ 3 files changed, 24 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/multiqc-fix-git-subprocess-error.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 38c1b0b94e..b7c182fbf6 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -730,6 +730,7 @@ dist_patch_DATA = \ %D%/packages/patches/mpc123-initialize-ao.patch \ %D%/packages/patches/mplayer2-theora-fix.patch \ %D%/packages/patches/module-init-tools-moduledir.patch \ + %D%/packages/patches/multiqc-fix-git-subprocess-error.patch \ %D%/packages/patches/mumps-build-parallelism.patch \ %D%/packages/patches/mupdf-build-with-openjpeg-2.1.patch \ %D%/packages/patches/mupen64plus-ui-console-notice.patch \ diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm index 07c4a0a1b7..54c8ce0f63 100644 --- a/gnu/packages/bioinformatics.scm +++ b/gnu/packages/bioinformatics.scm @@ -7855,15 +7855,20 @@ replacement for strverscmp.") (define-public multiqc (package (name "multiqc") - (version "0.6") + (version "0.9") (source (origin (method url-fetch) (uri (pypi-uri "multiqc" version)) (sha256 (base32 - "0avw11h63ldpxy5pizc3wl1wa01ha7q10wb240nggsjz3jaqvyiy")))) + "12gs1jw2jrxrij529rnl5kaqxfcqn15yzcsggxkfhdx634ml0cny")) + (patches (search-patches "multiqc-fix-git-subprocess-error.patch")))) (build-system python-build-system) + (arguments + ;; Tests are to be introduced in the next version, see + ;; https://github.com/ewels/MultiQC/issues/376 + `(#:tests? #f)) (propagated-inputs `(("python-jinja2" ,python-jinja2) ("python-simplejson" ,python-simplejson) diff --git a/gnu/packages/patches/multiqc-fix-git-subprocess-error.patch b/gnu/packages/patches/multiqc-fix-git-subprocess-error.patch new file mode 100644 index 0000000000..87be6142f4 --- /dev/null +++ b/gnu/packages/patches/multiqc-fix-git-subprocess-error.patch @@ -0,0 +1,16 @@ +Without this patch, the incorrect exception is caught when 'git' is not in +PATH. See https://github.com/ewels/MultiQC/pull/377. + +diff --git a/multiqc/utils/config.py b/multiqc/utils/config.py +index 01fa554..4a11793 100755 +--- a/multiqc/utils/config.py ++++ b/multiqc/utils/config.py +@@ -28,7 +28,7 @@ try: + git_hash = subprocess.check_output(['git', 'rev-parse', 'HEAD'], stderr=subprocess.STDOUT) + git_hash_short = git_hash[:7] + version = '{} ({})'.format(version, git_hash_short) +-except subprocess.CalledProcessError: ++except (subprocess.CalledProcessError, FileNotFoundError): + pass + os.chdir(cwd) + -- cgit v1.2.3 From 858b9afeaf1b41dc524b50c568dccb38c8ef4e73 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 30 Dec 2016 14:29:48 -0500 Subject: gnu: libpng: Mention CVE-2016-10087. * gnu/packages/patches/libpng-fix-null-ptr-dereference.patch: Rename to ... * gnu/packages/patches/libpng-CVE-2016-10087.patch: ... this. * gnu/local.mk (dist_patch_DATA): Adjust. * gnu/packages/image.scm (libpng/fixed)[source]: Use renamed patch. --- gnu/local.mk | 2 +- gnu/packages/image.scm | 2 +- gnu/packages/patches/libpng-CVE-2016-10087.patch | 37 ++++++++++++++++++++++ .../patches/libpng-fix-null-ptr-dereference.patch | 36 --------------------- 4 files changed, 39 insertions(+), 38 deletions(-) create mode 100644 gnu/packages/patches/libpng-CVE-2016-10087.patch delete mode 100644 gnu/packages/patches/libpng-fix-null-ptr-dereference.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index b7c182fbf6..69633131e6 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -675,7 +675,7 @@ dist_patch_DATA = \ %D%/packages/patches/libmad-armv7-thumb-pt2.patch \ %D%/packages/patches/libmad-frame-length.patch \ %D%/packages/patches/libmad-mips-newgcc.patch \ - %D%/packages/patches/libpng-fix-null-ptr-dereference.patch \ + %D%/packages/patches/libpng-CVE-2016-10087.patch \ %D%/packages/patches/libssh-0.6.5-CVE-2016-0739.patch \ %D%/packages/patches/libtar-CVE-2013-4420.patch \ %D%/packages/patches/libtheora-config-guess.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 687596f966..ab4d3b0e57 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -95,7 +95,7 @@ library. It supports almost all PNG features and is extensible.") (source (origin (inherit (package-source libpng)) - (patches (search-patches "libpng-fix-null-ptr-dereference.patch")))))) + (patches (search-patches "libpng-CVE-2016-10087.patch")))))) (define-public libpng-1.2 (package diff --git a/gnu/packages/patches/libpng-CVE-2016-10087.patch b/gnu/packages/patches/libpng-CVE-2016-10087.patch new file mode 100644 index 0000000000..8093b3e448 --- /dev/null +++ b/gnu/packages/patches/libpng-CVE-2016-10087.patch @@ -0,0 +1,37 @@ +Fix CVE-2016-10087, a null pointer dereference in png_set_text_2(): + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087 +http://seclists.org/oss-sec/2016/q4/777 + +Patch adapted from upstream source repository: + +https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb/ + +From 812768d7a9c973452222d454634496b25ed415eb Mon Sep 17 00:00:00 2001 +From: Glenn Randers-Pehrson +Date: Thu, 29 Dec 2016 07:51:33 -0600 +Subject: [PATCH] [libpng16] Fixed a potential null pointer dereference in + png_set_text_2() + +(bug report and patch by Patrick Keshishian). +--- + ANNOUNCE | 2 ++ + CHANGES | 2 ++ + png.c | 1 + + 3 files changed, 5 insertions(+) + +diff --git a/png.c b/png.c +index 8afc28fc2..2e05de159 100644 +--- a/png.c ++++ b/png.c +@@ -477,6 +477,7 @@ png_free_data(png_const_structrp png_ptr, png_inforp info_ptr, png_uint_32 mask, + png_free(png_ptr, info_ptr->text); + info_ptr->text = NULL; + info_ptr->num_text = 0; ++ info_ptr->max_text = 0; + } + } + #endif +-- +2.11.0 + diff --git a/gnu/packages/patches/libpng-fix-null-ptr-dereference.patch b/gnu/packages/patches/libpng-fix-null-ptr-dereference.patch deleted file mode 100644 index 192459162b..0000000000 --- a/gnu/packages/patches/libpng-fix-null-ptr-dereference.patch +++ /dev/null @@ -1,36 +0,0 @@ -Fix a null pointer dereference in png_set_text_2(): - -http://seclists.org/oss-sec/2016/q4/777 - -Patch adapted from upstream source repository: - -https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb/ - -From 812768d7a9c973452222d454634496b25ed415eb Mon Sep 17 00:00:00 2001 -From: Glenn Randers-Pehrson -Date: Thu, 29 Dec 2016 07:51:33 -0600 -Subject: [PATCH] [libpng16] Fixed a potential null pointer dereference in - png_set_text_2() - -(bug report and patch by Patrick Keshishian). ---- - ANNOUNCE | 2 ++ - CHANGES | 2 ++ - png.c | 1 + - 3 files changed, 5 insertions(+) - -diff --git a/png.c b/png.c -index 8afc28fc2..2e05de159 100644 ---- a/png.c -+++ b/png.c -@@ -477,6 +477,7 @@ png_free_data(png_const_structrp png_ptr, png_inforp info_ptr, png_uint_32 mask, - png_free(png_ptr, info_ptr->text); - info_ptr->text = NULL; - info_ptr->num_text = 0; -+ info_ptr->max_text = 0; - } - } - #endif --- -2.11.0 - -- cgit v1.2.3 From 25d84d3122b8de29a67d69e8ff5de6660b8d44c5 Mon Sep 17 00:00:00 2001 From: Ben Woodcroft Date: Sun, 1 Jan 2017 16:37:08 +1000 Subject: gnu: python-dendropy: Update to 4.2.0. * gnu/packages/bioinformatics.scm (python-dendropy): Update to 4.2.0. [source]: Remove patch. (python2-dendropy)[source]: Use the same source as python-dendropy. * gnu/packages/patches/python-dendropy-exclude-failing-tests.patch: Remove file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/bioinformatics.scm | 18 ++---------------- .../python-dendropy-exclude-failing-tests.patch | 21 --------------------- 3 files changed, 2 insertions(+), 38 deletions(-) delete mode 100644 gnu/packages/patches/python-dendropy-exclude-failing-tests.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 69633131e6..6ab1c1c488 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -814,7 +814,6 @@ dist_patch_DATA = \ %D%/packages/patches/python-3-search-paths.patch \ %D%/packages/patches/python-3.4-fix-tests.patch \ %D%/packages/patches/python-3.5-fix-tests.patch \ - %D%/packages/patches/python-dendropy-exclude-failing-tests.patch \ %D%/packages/patches/python-file-double-encoding-bug.patch \ %D%/packages/patches/python-fix-tests.patch \ %D%/packages/patches/python-parse-too-many-fields.patch \ diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm index b1d0c38a49..7a61de2eda 100644 --- a/gnu/packages/bioinformatics.scm +++ b/gnu/packages/bioinformatics.scm @@ -1930,19 +1930,14 @@ accessing bigWig files.") (define-public python-dendropy (package (name "python-dendropy") - (version "4.1.0") + (version "4.2.0") (source (origin (method url-fetch) (uri (pypi-uri "DendroPy" version)) (sha256 (base32 - "1jfz7gp18wph311w1yygbvjanb3n5mdqal439bb6myw41dwb5m63")) - ;; There are two known test failures that will be fixed in the next - ;; release after 4.1.0. - ;; https://github.com/jeetsukumaran/DendroPy/issues/48 - (patches (search-patches - "python-dendropy-exclude-failing-tests.patch")))) + "15c7s3d5gf19ljsxvq5advaa752wfi7pwrdjyhzmg85hccyvp47p")))) (build-system python-build-system) (home-page "http://packages.python.org/DendroPy/") (synopsis "Library for phylogenetics and phylogenetic computing") @@ -1957,15 +1952,6 @@ trees (phylogenies) and characters.") (let ((base (package-with-python2 (strip-python2-variant python-dendropy)))) (package (inherit base) - ;; Do not use same source as 'python-dendropy' because the patched - ;; failing tests do not occur on Python 2. - (source - (origin - (method url-fetch) - (uri (pypi-uri "DendroPy" (package-version base))) - (sha256 - (base32 - "1jfz7gp18wph311w1yygbvjanb3n5mdqal439bb6myw41dwb5m63")))) (arguments `(#:python ,python-2 #:phases diff --git a/gnu/packages/patches/python-dendropy-exclude-failing-tests.patch b/gnu/packages/patches/python-dendropy-exclude-failing-tests.patch deleted file mode 100644 index 288a58b06f..0000000000 --- a/gnu/packages/patches/python-dendropy-exclude-failing-tests.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff --git a/dendropy/test/test_phylogenetic_distance_matrix.py b/dendropy/test/test_phylogenetic_distance_matrix.py -index 10c05f5..a18ba52 100644 ---- a/dendropy/test/test_phylogenetic_distance_matrix.py -+++ b/dendropy/test/test_phylogenetic_distance_matrix.py -@@ -793,7 +793,7 @@ class PdmUpgmaTree(PdmTreeChecker, unittest.TestCase): - expected_tree=expected_tree) - - class NodeToNodeDistancesTest(unittest.TestCase): -- -+ @unittest.expectedFailure - def test_distances(self): - ## get distances from ape - # library(ape) -@@ -825,6 +825,7 @@ class NodeToNodeDistancesTest(unittest.TestCase): - e = reference_table[nd1.label, nd2.label] - self.assertAlmostEqual(d, e) - -+ @unittest.expectedFailure - def test_mrca(self): - test_runs = [ - "hiv1.newick", -- cgit v1.2.3 From 6a37872cd2c132371ef2cb5344e004c63fdeb927 Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Tue, 3 Jan 2017 08:11:15 -0500 Subject: gnu: chicken: Fix CVE-2016-{6830,6831}. * gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch: New file. * gnu/local.mk (dist_patch_DATA): Use it. * gnu/packages/scheme.scm (chicken)[source]: Use it. --- gnu/local.mk | 1 + .../chicken-CVE-2016-6830+CVE-2016-6831.patch | 81 ++++++++++++++++++++++ gnu/packages/scheme.scm | 4 +- 3 files changed, 85 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 6ab1c1c488..0c42f9f442 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -497,6 +497,7 @@ dist_patch_DATA = \ %D%/packages/patches/calibre-drop-unrar.patch \ %D%/packages/patches/calibre-no-updates-dialog.patch \ %D%/packages/patches/cdparanoia-fpic.patch \ + %D%/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch \ %D%/packages/patches/chmlib-inttypes.patch \ %D%/packages/patches/clang-libc-search-path.patch \ %D%/packages/patches/clang-3.8-libc-search-path.patch \ diff --git a/gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch b/gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch new file mode 100644 index 0000000000..59decde0e9 --- /dev/null +++ b/gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch @@ -0,0 +1,81 @@ +diff -ur a/irregex-core.scm b/irregex-core.scm +--- a/irregex-core.scm 2016-09-11 19:03:00.000000000 -0400 ++++ b/irregex-core.scm 2017-01-01 22:24:08.000000000 -0500 +@@ -30,6 +30,8 @@ + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + ;;;; History ++;; 0.9.6: 2016/12/05 - fixed exponential memory use of + in compilation ++;; of backtracking matcher. + ;; 0.9.5: 2016/09/10 - fixed a bug in irregex-fold handling of bow + ;; 0.9.4: 2015/12/14 - performance improvement for {n,m} matches + ;; 0.9.3: 2014/07/01 - R7RS library +@@ -3170,16 +3172,7 @@ + ((sre-empty? (sre-sequence (cdr sre))) + (error "invalid sre: empty *" sre)) + (else +- (letrec +- ((body +- (lp (sre-sequence (cdr sre)) +- n +- flags +- (lambda (cnk init src str i end matches fail) +- (body cnk init src str i end matches +- (lambda () +- (next cnk init src str i end matches fail) +- )))))) ++ (let ((body (rec (list '+ (sre-sequence (cdr sre)))))) + (lambda (cnk init src str i end matches fail) + (body cnk init src str i end matches + (lambda () +@@ -3204,10 +3197,21 @@ + (lambda () + (body cnk init src str i end matches fail)))))))) + ((+) +- (lp (sre-sequence (cdr sre)) +- n +- flags +- (rec (list '* (sre-sequence (cdr sre)))))) ++ (cond ++ ((sre-empty? (sre-sequence (cdr sre))) ++ (error "invalid sre: empty +" sre)) ++ (else ++ (letrec ++ ((body ++ (lp (sre-sequence (cdr sre)) ++ n ++ flags ++ (lambda (cnk init src str i end matches fail) ++ (body cnk init src str i end matches ++ (lambda () ++ (next cnk init src str i end matches fail) ++ )))))) ++ body)))) + ((=) + (rec `(** ,(cadr sre) ,(cadr sre) ,@(cddr sre)))) + ((>=) +diff -ur a/irregex-utils.scm b/irregex-utils.scm +--- a/irregex-utils.scm 2016-09-11 19:03:00.000000000 -0400 ++++ b/irregex-utils.scm 2017-01-01 22:25:25.000000000 -0500 +@@ -89,7 +89,7 @@ + (case (car x) + ((: seq) + (cond +- ((and (pair? (cddr x)) (pair? (cddr x)) (not (eq? x obj))) ++ ((and (pair? (cdr x)) (pair? (cddr x)) (not (eq? x obj))) + (display "(?:" out) (for-each lp (cdr x)) (display ")" out)) + (else (for-each lp (cdr x))))) + ((submatch) +diff -ur "a/manual-html/Unit irregex.html" "b/manual-html/Unit irregex.html" +--- "a/manual-html/Unit irregex.html" 2016-09-11 19:10:47.000000000 -0400 ++++ "b/manual-html/Unit irregex.html" 2017-01-01 22:26:05.000000000 -0500 +@@ -353,6 +353,6 @@ +

Returns an optimized SRE matching any of the literal strings in the list, like Emacs' regexp-opt. Note this optimization doesn't help when irregex is able to build a DFA.

+ +
sre->string
(sre->string <sre>) procedure
+-

Convert an SRE to a POSIX-style regular expression string, if possible.

++

Convert an SRE to a PCRE-style regular expression string, if possible.

+
+-

Previous: Unit extras

Next: Unit srfi-1

+\ No newline at end of file ++

Previous: Unit extras

Next: Unit srfi-1

diff --git a/gnu/packages/scheme.scm b/gnu/packages/scheme.scm index 08bb89cefb..2756805f3d 100644 --- a/gnu/packages/scheme.scm +++ b/gnu/packages/scheme.scm @@ -332,7 +332,9 @@ mashups, office (web agendas, mail clients, ...), etc.") "2016/09/12/chicken-" version ".tar.gz")) (sha256 (base32 - "1rwymbbmnwdyhdzilv9w75an989xw9kjf3x52iqdng3nphpflcga")))) + "1rwymbbmnwdyhdzilv9w75an989xw9kjf3x52iqdng3nphpflcga")) + (patches + (search-patches "chicken-CVE-2016-6830+CVE-2016-6831.patch")))) (build-system gnu-build-system) (arguments `(#:modules ((guix build gnu-build-system) -- cgit v1.2.3 From f3a53f3c8feedfad2a33462225dca8ea077b151b Mon Sep 17 00:00:00 2001 From: Alex Griffin Date: Tue, 3 Jan 2017 08:49:01 -0600 Subject: gnu: slock: Update to 1.4. * gnu/packages/suckless.scm (slock): Update to 1.4. [source] Remove CVE-2016-6866 patch (no longer needed). * gnu/packages/patches/slock-CVE-2016-6866.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. Signed-off-by: Leo Famulari --- gnu/local.mk | 1 - gnu/packages/patches/slock-CVE-2016-6866.patch | 51 -------------------------- gnu/packages/suckless.scm | 6 +-- 3 files changed, 3 insertions(+), 55 deletions(-) delete mode 100644 gnu/packages/patches/slock-CVE-2016-6866.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 0c42f9f442..f45030f840 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -851,7 +851,6 @@ dist_patch_DATA = \ %D%/packages/patches/slim-sigusr1.patch \ %D%/packages/patches/slim-reset.patch \ %D%/packages/patches/slim-login.patch \ - %D%/packages/patches/slock-CVE-2016-6866.patch \ %D%/packages/patches/slurm-configure-remove-nonfree-contribs.patch \ %D%/packages/patches/soprano-find-clucene.patch \ %D%/packages/patches/steghide-fixes.patch \ diff --git a/gnu/packages/patches/slock-CVE-2016-6866.patch b/gnu/packages/patches/slock-CVE-2016-6866.patch deleted file mode 100644 index 2f94b8c1a9..0000000000 --- a/gnu/packages/patches/slock-CVE-2016-6866.patch +++ /dev/null @@ -1,51 +0,0 @@ -Fix CVE-2016-6866. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6866 -https://security-tracker.debian.org/tracker/CVE-2016-6866 - -Copied from upstream source repository: -http://git.suckless.org/slock/commit/?id=d8bec0f6fdc8a246d78cb488a0068954b46fcb29 - -From d8bec0f6fdc8a246d78cb488a0068954b46fcb29 Mon Sep 17 00:00:00 2001 -From: Markus Teich -Date: Tue, 30 Aug 2016 22:59:06 +0000 -Subject: fix CVE-2016-6866 - ---- -diff --git a/slock.c b/slock.c -index 847b328..8ed59ca 100644 ---- a/slock.c -+++ b/slock.c -@@ -123,7 +123,7 @@ readpw(Display *dpy) - readpw(Display *dpy, const char *pws) - #endif - { -- char buf[32], passwd[256]; -+ char buf[32], passwd[256], *encrypted; - int num, screen; - unsigned int len, color; - KeySym ksym; -@@ -159,7 +159,11 @@ readpw(Display *dpy, const char *pws) - #ifdef HAVE_BSD_AUTH - running = !auth_userokay(getlogin(), NULL, "auth-slock", passwd); - #else -- running = !!strcmp(crypt(passwd, pws), pws); -+ errno = 0; -+ if (!(encrypted = crypt(passwd, pws))) -+ fprintf(stderr, "slock: crypt: %s\n", strerror(errno)); -+ else -+ running = !!strcmp(encrypted, pws); - #endif - if (running) { - XBell(dpy, 100); -@@ -312,6 +316,8 @@ main(int argc, char **argv) { - - #ifndef HAVE_BSD_AUTH - pws = getpw(); -+ if (strlen(pws) < 2) -+ die("slock: failed to get user password hash.\n"); - #endif - - if (!(dpy = XOpenDisplay(NULL))) --- -cgit v0.9.0.3-65-g4555 diff --git a/gnu/packages/suckless.scm b/gnu/packages/suckless.scm index 820d550d6e..a501bb5f2d 100644 --- a/gnu/packages/suckless.scm +++ b/gnu/packages/suckless.scm @@ -6,6 +6,7 @@ ;;; Copyright © 2015 Dmitry Bogatov ;;; Copyright © 2015 Leo Famulari ;;; Copyright © 2016 Eric Bavier +;;; Copyright © 2017 Alex Griffin ;;; ;;; This file is part of GNU Guix. ;;; @@ -106,15 +107,14 @@ numbers of user-defined menu items efficiently.") (define-public slock (package (name "slock") - (version "1.3") + (version "1.4") (source (origin (method url-fetch) (uri (string-append "http://dl.suckless.org/tools/slock-" version ".tar.gz")) - (patches (search-patches "slock-CVE-2016-6866.patch")) (sha256 (base32 - "065xa9hl7zn0lv2f7yjxphqsa35rg6dn9hv10gys0sh4ljpa7d5s")))) + "0sif752303dg33f14k6pgwq2jp1hjyhqv6x4sy3sj281qvdljf5m")))) (build-system gnu-build-system) (arguments '(#:tests? #f ; no tests -- cgit v1.2.3 From 324f4fc559b4cf9f7df0bc334ac8a0a4fa040c22 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Wed, 4 Jan 2017 02:37:51 -0500 Subject: gnu: mcrypt: Fix patches for CVE-2012-{4409,4527}. This fixes CVE-2012-{4409,4527}. This is a followup to commit fd1461879c63c608617d30524183a71370a7451c. * gnu/packages/patches/mcrypt-CVE-2012-4409.patch, gnu/packages/patches/mcrypt-CVE-2012-4527.patch: Apply the patches to the mcrypt source code. --- gnu/packages/patches/mcrypt-CVE-2012-4409.patch | 35 ++--- gnu/packages/patches/mcrypt-CVE-2012-4527.patch | 198 +++++++++++------------- 2 files changed, 104 insertions(+), 129 deletions(-) (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/mcrypt-CVE-2012-4409.patch b/gnu/packages/patches/mcrypt-CVE-2012-4409.patch index 60cf8e0430..3089f962f7 100644 --- a/gnu/packages/patches/mcrypt-CVE-2012-4409.patch +++ b/gnu/packages/patches/mcrypt-CVE-2012-4409.patch @@ -3,30 +3,17 @@ From: Tom Callaway Date: Fri, 7 Sep 2012 11:39:29 -0400 Subject: apply fix for CVE-2012-4409 (thanks to Raphael Geissert) ---- - mcrypt-CVE-2012-4409.patch | 12 ++++++++++++ - mcrypt.spec | 10 +++++++++- - 2 files changed, 21 insertions(+), 1 deletion(-) - create mode 100644 mcrypt-CVE-2012-4409.patch - -diff --git a/mcrypt-CVE-2012-4409.patch b/mcrypt-CVE-2012-4409.patch -new file mode 100644 -index 0000000..747f428 ---- /dev/null -+++ b/mcrypt-CVE-2012-4409.patch -@@ -0,0 +1,12 @@ -+diff -up mcrypt-2.6.8/src/extra.c.CVE-2012-4409 mcrypt-2.6.8/src/extra.c -+--- mcrypt-2.6.8/src/extra.c.CVE-2012-4409 2012-09-07 11:00:55.906870746 -0400 -++++ mcrypt-2.6.8/src/extra.c 2012-09-07 11:00:27.967858365 -0400 -+@@ -242,6 +242,8 @@ int check_file_head(FILE * fstream, char -+ if (m_getbit(0, sflag) != 0) { /* if the first bit is set */ -+ *salt_size = m_setbit(0, sflag, 0); -+ if (*salt_size > 0) { -++ if (*salt_size > sizeof(tmp_buf)) -++ err_quit(_("Salt is too long\n")); -+ fread(tmp_buf, 1, *salt_size, -+ fstream); -+ memmove(salt, tmp_buf, *salt_size); +--- mcrypt-2.6.8/src/extra.c.CVE-2012-4409 2012-09-07 11:00:55.906870746 -0400 ++++ mcrypt-2.6.8/src/extra.c 2012-09-07 11:00:27.967858365 -0400 +@@ -242,6 +242,8 @@ int check_file_head(FILE * fstream, char + if (m_getbit(0, sflag) != 0) { /* if the first bit is set */ + *salt_size = m_setbit(0, sflag, 0); + if (*salt_size > 0) { ++ if (*salt_size > sizeof(tmp_buf)) ++ err_quit(_("Salt is too long\n")); + fread(tmp_buf, 1, *salt_size, + fstream); + memmove(salt, tmp_buf, *salt_size); -- cgit v0.12 diff --git a/gnu/packages/patches/mcrypt-CVE-2012-4527.patch b/gnu/packages/patches/mcrypt-CVE-2012-4527.patch index d931dd174b..dfbf048583 100644 --- a/gnu/packages/patches/mcrypt-CVE-2012-4527.patch +++ b/gnu/packages/patches/mcrypt-CVE-2012-4527.patch @@ -3,109 +3,97 @@ From: Tom Callaway Date: Tue, 30 Oct 2012 15:39:24 -0400 Subject: apply workaround to CVE-2012-4527 ---- - mcrypt-CVE-2012-4527-80-width-patch | 91 +++++++++++++++++++++++++++++++++++++ - mcrypt.spec | 10 +++- - 2 files changed, 100 insertions(+), 1 deletion(-) - create mode 100644 mcrypt-CVE-2012-4527-80-width-patch - -diff --git a/mcrypt-CVE-2012-4527-80-width-patch b/mcrypt-CVE-2012-4527-80-width-patch -new file mode 100644 -index 0000000..0eb94d8 ---- /dev/null -+++ b/mcrypt-CVE-2012-4527-80-width-patch -@@ -0,0 +1,91 @@ -+--- mcrypt-2.6.8.orig/src/mcrypt.c -++++ mcrypt-2.6.8/src/mcrypt.c -+@@ -41,6 +41,8 @@ -+ # include -+ #endif -+ -++#define WIDTH 80 -++ -+ static char rcsid[] = -+ "$Id: mcrypt.c,v 1.2 2007/11/07 17:10:21 nmav Exp $"; -+ -+@@ -482,7 +484,7 @@ -+ #ifdef HAVE_STAT -+ if (stream_flag == FALSE) { -+ if (is_normal_file(file[i]) == FALSE) { -+- sprintf(tmperr, -++ snprintf(tmperr, WIDTH, -+ _ -+ ("%s: %s is not a regular file. Skipping...\n"), -+ program_name, file[i]); -+@@ -501,7 +503,7 @@ -+ dinfile = file[i]; -+ if ((isatty(fileno((FILE *) (stdin))) == 1) -+ && (stream_flag == TRUE) && (force == 0)) { /* not a tty */ -+- sprintf(tmperr, -++ snprintf(tmperr, WIDTH, -+ _ -+ ("%s: Encrypted data will not be read from a terminal.\n"), -+ program_name); -+@@ -520,7 +522,7 @@ -+ einfile = file[i]; -+ if ((isatty(fileno((FILE *) (stdout))) == 1) -+ && (stream_flag == TRUE) && (force == 0)) { /* not a tty */ -+- sprintf(tmperr, -++ snprintf(tmperr, WIDTH, -+ _ -+ ("%s: Encrypted data will not be written to a terminal.\n"), -+ program_name); -+@@ -544,7 +546,7 @@ -+ strcpy(outfile, einfile); -+ /* if file has already the .nc ignore it */ -+ if (strstr(outfile, ".nc") != NULL) { -+- sprintf(tmperr, -++ snprintf(tmperr, WIDTH, -+ _ -+ ("%s: file %s has the .nc suffix... skipping...\n"), -+ program_name, outfile); -+@@ -590,10 +592,10 @@ -+ -+ if (x == 0) { -+ if (stream_flag == FALSE) { -+- sprintf(tmperr, _("File %s was decrypted.\n"), dinfile); -++ snprintf(tmperr, WIDTH, _("File %s was decrypted.\n"), dinfile); -+ err_warn(tmperr); -+ } else { -+- sprintf(tmperr, _("Stdin was decrypted.\n")); -++ snprintf(tmperr, WIDTH, _("Stdin was decrypted.\n")); -+ err_warn(tmperr); -+ } -+ #ifdef HAVE_STAT -+@@ -610,7 +612,7 @@ -+ -+ } else { -+ if (stream_flag == FALSE) { -+- sprintf(tmperr, -++ snprintf(tmperr, WIDTH, -+ _ -+ ("File %s was NOT decrypted successfully.\n"), -+ dinfile); -+@@ -636,10 +638,10 @@ -+ -+ if (x == 0) { -+ if (stream_flag == FALSE) { -+- sprintf(tmperr, _("File %s was encrypted.\n"), einfile); -++ snprintf(tmperr, WIDTH, _("File %s was encrypted.\n"), einfile); -+ err_warn(tmperr); -+ } else { -+- sprintf(tmperr, _("Stdin was encrypted.\n")); -++ snprintf(tmperr, WIDTH, _("Stdin was encrypted.\n")); -+ err_warn(tmperr); -+ } -+ #ifdef HAVE_STAT -+@@ -655,7 +657,7 @@ -+ -+ } else { -+ if (stream_flag == FALSE) { -+- sprintf(tmperr, -++ snprintf(tmperr, WIDTH, -+ _ -+ ("File %s was NOT encrypted successfully.\n"), -+ einfile); --- -cgit v0.12 +--- mcrypt-2.6.8.orig/src/mcrypt.c ++++ mcrypt-2.6.8/src/mcrypt.c +@@ -41,6 +41,8 @@ + # include + #endif + ++#define WIDTH 80 ++ + static char rcsid[] = + "$Id: mcrypt.c,v 1.2 2007/11/07 17:10:21 nmav Exp $"; + +@@ -482,7 +484,7 @@ + #ifdef HAVE_STAT + if (stream_flag == FALSE) { + if (is_normal_file(file[i]) == FALSE) { +- sprintf(tmperr, ++ snprintf(tmperr, WIDTH, + _ + ("%s: %s is not a regular file. Skipping...\n"), + program_name, file[i]); +@@ -501,7 +503,7 @@ + dinfile = file[i]; + if ((isatty(fileno((FILE *) (stdin))) == 1) + && (stream_flag == TRUE) && (force == 0)) { /* not a tty */ +- sprintf(tmperr, ++ snprintf(tmperr, WIDTH, + _ + ("%s: Encrypted data will not be read from a terminal.\n"), + program_name); +@@ -520,7 +522,7 @@ + einfile = file[i]; + if ((isatty(fileno((FILE *) (stdout))) == 1) + && (stream_flag == TRUE) && (force == 0)) { /* not a tty */ +- sprintf(tmperr, ++ snprintf(tmperr, WIDTH, + _ + ("%s: Encrypted data will not be written to a terminal.\n"), + program_name); +@@ -544,7 +546,7 @@ + strcpy(outfile, einfile); + /* if file has already the .nc ignore it */ + if (strstr(outfile, ".nc") != NULL) { +- sprintf(tmperr, ++ snprintf(tmperr, WIDTH, + _ + ("%s: file %s has the .nc suffix... skipping...\n"), + program_name, outfile); +@@ -590,10 +592,10 @@ + + if (x == 0) { + if (stream_flag == FALSE) { +- sprintf(tmperr, _("File %s was decrypted.\n"), dinfile); ++ snprintf(tmperr, WIDTH, _("File %s was decrypted.\n"), dinfile); + err_warn(tmperr); + } else { +- sprintf(tmperr, _("Stdin was decrypted.\n")); ++ snprintf(tmperr, WIDTH, _("Stdin was decrypted.\n")); + err_warn(tmperr); + } + #ifdef HAVE_STAT +@@ -610,7 +612,7 @@ + + } else { + if (stream_flag == FALSE) { +- sprintf(tmperr, ++ snprintf(tmperr, WIDTH, + _ + ("File %s was NOT decrypted successfully.\n"), + dinfile); +@@ -636,10 +638,10 @@ + + if (x == 0) { + if (stream_flag == FALSE) { +- sprintf(tmperr, _("File %s was encrypted.\n"), einfile); ++ snprintf(tmperr, WIDTH, _("File %s was encrypted.\n"), einfile); + err_warn(tmperr); + } else { +- sprintf(tmperr, _("Stdin was encrypted.\n")); ++ snprintf(tmperr, WIDTH, _("Stdin was encrypted.\n")); + err_warn(tmperr); + } + #ifdef HAVE_STAT +@@ -655,7 +657,7 @@ + + } else { + if (stream_flag == FALSE) { +- sprintf(tmperr, ++ snprintf(tmperr, WIDTH, + _ + ("File %s was NOT encrypted successfully.\n"), + einfile); +- +git v0.12 -- cgit v1.2.3 From 8bd10c1082041ba2b7add31f34abcb2683f76315 Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Sat, 31 Dec 2016 17:44:22 +0100 Subject: gnu: ocaml: Add a .file directive to generated .s files. * gnu/packages/ocaml.scm (ocaml)[origin]: Add patch. * gnu/packages/patches/ocaml-Add-a-.file-directive.patch: New file. * gnu/local.mk (dist_patch_DATA): Add patch. Signed-off-by: David Craven --- gnu/local.mk | 1 + gnu/packages/ocaml.scm | 7 +- .../patches/ocaml-Add-a-.file-directive.patch | 96 ++++++++++++++++++++++ 3 files changed, 102 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/ocaml-Add-a-.file-directive.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 61e0fca3ba..860d16d910 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -752,6 +752,7 @@ dist_patch_DATA = \ %D%/packages/patches/nvi-dbpagesize-binpower.patch \ %D%/packages/patches/nvi-db4.patch \ %D%/packages/patches/ocaml-CVE-2015-8869.patch \ + %D%/packages/patches/ocaml-Add-a-.file-directive.patch \ %D%/packages/patches/ocaml-findlib-make-install.patch \ %D%/packages/patches/ola-readdir-r.patch \ %D%/packages/patches/openexr-missing-samples.patch \ diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm index 2dad042e72..ab70eb63de 100644 --- a/gnu/packages/ocaml.scm +++ b/gnu/packages/ocaml.scm @@ -6,7 +6,7 @@ ;;; Copyright © 2016 Eric Bavier ;;; Copyright © 2016 Jan Nieuwenhuizen ;;; Copyright © 2016 Efraim Flashner -;;; Copyright © 2016 Julien Lepiller +;;; Copyright © 2016, 2017 Julien Lepiller ;;; ;;; This file is part of GNU Guix. ;;; @@ -63,7 +63,10 @@ (sha256 (base32 "1qwwvy8nzd87hk8rd9sm667nppakiapnx4ypdwcrlnav2dz6kil3")) - (patches (search-patches "ocaml-CVE-2015-8869.patch")))) + (patches + (search-patches + "ocaml-CVE-2015-8869.patch" + "ocaml-Add-a-.file-directive.patch")))) (build-system gnu-build-system) (native-search-paths (list (search-path-specification diff --git a/gnu/packages/patches/ocaml-Add-a-.file-directive.patch b/gnu/packages/patches/ocaml-Add-a-.file-directive.patch new file mode 100644 index 0000000000..07842e9c32 --- /dev/null +++ b/gnu/packages/patches/ocaml-Add-a-.file-directive.patch @@ -0,0 +1,96 @@ +From: Stephane Glondu +Date: Sun, 16 Aug 2015 20:59:14 +0200 +Subject: Add a .file directive to generated .s files + +When no .file directive is given, the toolchain records the filename +of the .o file, which is sometimes random, making generated objects +non-deterministic. + +We use Location.input_name for adding .file directives to assembly +files. Note: when the file is preprocessed, this reference holds the +name of the temporary file. Hence, files compiled with -pp are still +not deterministic. + +Bug-Debian: https://bugs.debian.org/795784 +Bug-Debian: https://bugs.debian.org/796336 +--- + asmcomp/amd64/emit.mlp | 1 + + asmcomp/arm/emit.mlp | 1 + + asmcomp/arm64/emit.mlp | 1 + + asmcomp/i386/emit.mlp | 1 + + asmcomp/power/emit.mlp | 1 + + asmcomp/sparc/emit.mlp | 1 + + 6 files changed, 6 insertions(+) + +diff --git a/asmcomp/amd64/emit.mlp b/asmcomp/amd64/emit.mlp +index d56d0f5..4d7aa30 100644 +--- a/asmcomp/amd64/emit.mlp ++++ b/asmcomp/amd64/emit.mlp +@@ -794,6 +794,7 @@ let data l = + let begin_assembly() = + reset_debug_info(); (* PR#5603 *) + float_constants := []; ++ ` .file \"{emit_string (String.escaped !Location.input_name)}\"\n`; + if !Clflags.dlcode then begin + (* from amd64.S; could emit these constants on demand *) + if macosx then +diff --git a/asmcomp/arm/emit.mlp b/asmcomp/arm/emit.mlp +index 4948fb2..6f30fba 100644 +--- a/asmcomp/arm/emit.mlp ++++ b/asmcomp/arm/emit.mlp +@@ -892,6 +892,7 @@ let data l = + + let begin_assembly() = + reset_debug_info(); ++ ` .file \"{emit_string (String.escaped !Location.input_name)}\"\n`; + ` .syntax unified\n`; + begin match !arch with + | ARMv4 -> ` .arch armv4t\n` +diff --git a/asmcomp/arm64/emit.mlp b/asmcomp/arm64/emit.mlp +index 750c2b2..5afbb8a 100644 +--- a/asmcomp/arm64/emit.mlp ++++ b/asmcomp/arm64/emit.mlp +@@ -942,6 +942,7 @@ let data l = + + let begin_assembly() = + reset_debug_info(); ++ ` .file \"{emit_string (String.escaped !Location.input_name)}\"\n`; + let lbl_begin = Compilenv.make_symbol (Some "data_begin") in + ` .data\n`; + ` .globl {emit_symbol lbl_begin}\n`; +diff --git a/asmcomp/i386/emit.mlp b/asmcomp/i386/emit.mlp +index 98df5f9..531150f 100644 +--- a/asmcomp/i386/emit.mlp ++++ b/asmcomp/i386/emit.mlp +@@ -986,6 +986,7 @@ let data l = + let begin_assembly() = + reset_debug_info(); (* PR#5603 *) + float_constants := []; ++ ` .file \"{emit_string (String.escaped !Location.input_name)}\"\n`; + let lbl_begin = Compilenv.make_symbol (Some "data_begin") in + ` .data\n`; + ` .globl {emit_symbol lbl_begin}\n`; +diff --git a/asmcomp/power/emit.mlp b/asmcomp/power/emit.mlp +index 4344085..343132b 100644 +--- a/asmcomp/power/emit.mlp ++++ b/asmcomp/power/emit.mlp +@@ -887,6 +887,7 @@ let data l = + let begin_assembly() = + defined_functions := StringSet.empty; + external_functions := StringSet.empty; ++ ` .file \"{emit_string (String.escaped !Location.input_name)}\"\n`; + (* Emit the beginning of the segments *) + let lbl_begin = Compilenv.make_symbol (Some "data_begin") in + emit_string data_space; +diff --git a/asmcomp/sparc/emit.mlp b/asmcomp/sparc/emit.mlp +index 877a3d5..7b041e9 100644 +--- a/asmcomp/sparc/emit.mlp ++++ b/asmcomp/sparc/emit.mlp +@@ -727,6 +727,7 @@ let data l = + (* Beginning / end of an assembly file *) + + let begin_assembly() = ++ ` .file \"{emit_string (String.escaped !Location.input_name)}\"\n`; + let lbl_begin = Compilenv.make_symbol (Some "data_begin") in + ` .data\n`; + ` .global {emit_symbol lbl_begin}\n`; -- cgit v1.2.3 From a5b5bd1d18f32c29e704acae24c3e1945666afb9 Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Fri, 30 Dec 2016 11:17:17 +0100 Subject: gnu: Add ocaml-bisect. * gnu/packages/ocaml.scm (ocaml-bisect): New variable. * gnu/packages/patches/ocaml-bisect-fix-camlp4-in-another-directory.patch: New file. * gnu/local.mk (dist_patch_DATA): Add patch. Signed-off-by: David Craven --- gnu/local.mk | 1 + gnu/packages/ocaml.scm | 42 +++++++ ...ml-bisect-fix-camlp4-in-another-directory.patch | 125 +++++++++++++++++++++ 3 files changed, 168 insertions(+) create mode 100644 gnu/packages/patches/ocaml-bisect-fix-camlp4-in-another-directory.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 860d16d910..7e8b7c5033 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -751,6 +751,7 @@ dist_patch_DATA = \ %D%/packages/patches/nvi-assume-preserve-path.patch \ %D%/packages/patches/nvi-dbpagesize-binpower.patch \ %D%/packages/patches/nvi-db4.patch \ + %D%/packages/patches/ocaml-bisect-fix-camlp4-in-another-directory.patch \ %D%/packages/patches/ocaml-CVE-2015-8869.patch \ %D%/packages/patches/ocaml-Add-a-.file-directive.patch \ %D%/packages/patches/ocaml-findlib-make-install.patch \ diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm index 0a362b1f92..a1c7bc7155 100644 --- a/gnu/packages/ocaml.scm +++ b/gnu/packages/ocaml.scm @@ -960,3 +960,45 @@ full_split, cut, rcut, etc..") ;; the only mention of a license in this project is in its `opam' file ;; where it says `mit'. (license license:expat))) + + +(define-public ocaml-bisect + (package + (name "ocaml-bisect") + (version "1.3") + (source (origin + (method url-fetch) + (uri (ocaml-forge-uri "bisect" version 1051)) + (sha256 + (base32 + "0kcg2rh0qlkfpbv3nhcb75n62b04gbrz0zasq15ynln91zd5qrg0")) + (patches + (search-patches + "ocaml-bisect-fix-camlp4-in-another-directory.patch")))) + (build-system ocaml-build-system) + (native-inputs + `(("camlp4" ,camlp4) + ("libxml2" ,libxml2) + ("which" ,which))) + (propagated-inputs + `(("camlp4" ,camlp4))) + (arguments + `(#:test-target "tests" + #:make-flags + (list "all" (string-append "CAMLP4_LIBDIR=" + (assoc-ref %build-inputs "camlp4") + "/lib/ocaml/site-lib/camlp4")) + #:phases + (modify-phases %standard-phases + (replace 'configure + (lambda* (#:key outputs #:allow-other-keys) + (zero? (system* "./configure" "-prefix" + (assoc-ref outputs "out")))))))) + (home-page "http://bisect.x9c.fr") + (synopsis "Code coverage tool for the OCaml language") + (description "Bisect is a code coverage tool for the OCaml language. It is +a camlp4-based tool that allows to instrument your application before running +tests. After application execution, it is possible to generate a report in HTML +format that is the replica of the application source code annotated with code +coverage information.") + (license license:gpl3+))) diff --git a/gnu/packages/patches/ocaml-bisect-fix-camlp4-in-another-directory.patch b/gnu/packages/patches/ocaml-bisect-fix-camlp4-in-another-directory.patch new file mode 100644 index 0000000000..2056b42356 --- /dev/null +++ b/gnu/packages/patches/ocaml-bisect-fix-camlp4-in-another-directory.patch @@ -0,0 +1,125 @@ +From 26cac62fe0154cf65c06faaee10805531e9dade8 Mon Sep 17 00:00:00 2001 +From: Julien Lepiller +Date: Wed, 14 Dec 2016 14:14:59 +0100 +Subject: [PATCH] fix camlp4 in another directory + +--- + Makefile | 11 ++++++----- + configure | 13 ++++++++++++- + myocamlbuild.ml | 2 +- + 3 files changed, 19 insertions(+), 7 deletions(-) + +diff --git a/Makefile b/Makefile +index 4a8ce17..d94a6d5 100644 +--- a/Makefile ++++ b/Makefile +@@ -25,7 +25,7 @@ PATH_BUILD=$(PATH_BASE)/_build + PATH_OCAMLDOC=$(PATH_BASE)/ocamldoc + PATH_SRC=$(PATH_BASE)/src + PATH_TESTS=$(PATH_BASE)/tests +-PATH_INSTALL=$(PATH_OCAML_PREFIX)/lib/ocaml/bisect ++PATH_INSTALL=$(PREFIX)/lib/ocaml/bisect + + + # DEFINITIONS +@@ -33,7 +33,8 @@ PATH_INSTALL=$(PATH_OCAML_PREFIX)/lib/ocaml/bisect + PROJECT_NAME=bisect + OCAMLBUILD=$(PATH_OCAML_PREFIX)/bin/ocamlbuild + OCAMLBUILD_ENV=WARNINGS=$(WARNINGS) PATH_OCAML_PREFIX=$(PATH_OCAML_PREFIX) +-OCAMLBUILD_FLAGS=-classic-display -no-links ++CAMLP4_INCLUDE=$(shell test -z $(CAMLP4_LIBDIR) || echo "-cflags -I,$(CAMLP4_LIBDIR)") ++OCAMLBUILD_FLAGS=-classic-display -no-links $(CAMLP4_INCLUDE) + MODULES_ODOCL=$(PROJECT_NAME).odocl + MODULES_MLPACK=$(PROJECT_NAME).mlpack + MODULES_MLPACK_PP=$(PROJECT_NAME)_pp.mlpack +@@ -80,11 +81,11 @@ veryclean: clean + rm -f $(PATH_OCAMLDOC)/*.html $(PATH_OCAMLDOC)/*.css + + install: FORCE +- cp $(PATH_BUILD)/src/report/report.byte $(PATH_OCAML_PREFIX)/bin/bisect-report; \ ++ cp $(PATH_BUILD)/src/report/report.byte $(PREFIX)/bin/bisect-report; \ + if [ "$(PPX)" = "TRUE" ]; then \ +- cp $(PATH_BUILD)/src/syntax/bisect_ppx.byte $(PATH_OCAML_PREFIX)/bin; \ ++ cp $(PATH_BUILD)/src/syntax/bisect_ppx.byte $(PREFIX)/bin; \ + fi; \ +- (test -x $(PATH_OCAML_PREFIX)/bin/ocamlopt && cp $(PATH_BUILD)/src/report/report.native $(PATH_OCAML_PREFIX)/bin/bisect-report.opt || true); \ ++ (test -x $(PATH_OCAML_PREFIX)/bin/ocamlopt && cp $(PATH_BUILD)/src/report/report.native $(PREFIX)/bin/bisect-report.opt || true); \ + if [ -x "$(PATH_OCAMLFIND)" ]; then \ + $(PATH_OCAMLFIND) query $(PROJECT_NAME) && $(PATH_OCAMLFIND) remove $(PROJECT_NAME) || true; \ + $(PATH_OCAMLFIND) install $(PROJECT_NAME) META -optional \ +diff --git a/configure b/configure +index bb7ebf4..61a3095 100755 +--- a/configure ++++ b/configure +@@ -21,7 +21,9 @@ + # default values + ocamlbuild=`which ocamlbuild || echo '/usr/local/bin/ocamlbuild'` + bin_path=`dirname $ocamlbuild` ++prefix='' + ocaml_prefix=`dirname $bin_path` ++camlp4_prefix=`dirname $(dirname $(which camlp4of))` + ocamlfind=`which ocamlfind 2> /dev/null || echo ''` + native_dynlink='TRUE' + devel='FALSE' +@@ -32,8 +34,12 @@ ppx='FALSE' + while [ $# -gt 0 ] + do + case "$1" in ++ -prefix) ++ prefix="$2"; shift;; + -ocaml-prefix) + ocaml_prefix="$2"; shift;; ++ -camlp4-prefix) ++ camlp4_prefix="$2"; shift;; + -ocamlfind) + ocamlfind="$2"; shift;; + -no-native-dynlink) +@@ -45,7 +51,7 @@ do + -ppx) + ppx='TRUE';; + *) +- echo "usage: $0 [-ocaml-prefix ] [-ocamlfind ] [-no-native-dynlink] [-devel]"; ++ echo "usage: $0 [-prefix ] [-ocaml-prefix ] [-ocamlfind ] [-no-native-dynlink] [-devel]"; + exit 1;; + esac + shift +@@ -57,6 +63,9 @@ if [ "$no_camlp4" = "TRUE" -a "$ppx" = "FALSE" ]; then + exit 1 + fi + ++# prefix default value ++test -z $prefix && prefix=$ocaml_prefix ++ + # make options + make_quiet=`make -f - < Makefile.config + echo "PATH_OCAML_PREFIX=$ocaml_prefix" >> Makefile.config ++echo "PATH_CAMLP4_PREFIX=$camlp4_prefix" >> Makefile.config + echo "PATH_OCAMLFIND=$ocamlfind" >> Makefile.config + echo "NATIVE_DYNLINK=$native_dynlink" >> Makefile.config + echo "WARNINGS=$devel" >> Makefile.config + echo "NO_CAMLP4=$no_camlp4" >> Makefile.config + echo "PPX=$ppx" >> Makefile.config + echo "MAKE_QUIET=$make_quiet" >> Makefile.config ++echo "PREFIX=$prefix" >> Makefile.config + echo "" >> Makefile.config + echo 'Makefile.config successfully created' +diff --git a/myocamlbuild.ml b/myocamlbuild.ml +index 8aa25fd..09a7d48 100644 +--- a/myocamlbuild.ml ++++ b/myocamlbuild.ml +@@ -70,7 +70,7 @@ let () = + | After_rules -> + let camlp4of = + try +- let path_bin = Filename.concat (Sys.getenv "PATH_OCAML_PREFIX") "bin" in ++ let path_bin = Filename.concat (Sys.getenv "PATH_CAMLP4_PREFIX") "bin" in + Filename.concat path_bin "camlp4of" + with _ -> "camlp4of" in + flag ["ocaml"; "compile"; "pp_camlp4of"] (S[A"-pp"; A camlp4of]); +-- +2.7.4 + -- cgit v1.2.3 From 44c23cb8d800ed3480755347b2dfee6a3544d727 Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Fri, 30 Dec 2016 11:33:36 +0100 Subject: gnu: Add ocaml-bitstring. * gnu/packages/ocaml.scm (ocaml-bitstring): New variable. * gnu/packages/patches/ocaml-bitstring-fix-configure.patch: New file. * gnu/local.mk (dist_patch_DATA): New patch. Signed-off-by: David Craven --- gnu/local.mk | 1 + gnu/packages/ocaml.scm | 67 ++++++++++++++++++++++ .../patches/ocaml-bitstring-fix-configure.patch | 53 +++++++++++++++++ 3 files changed, 121 insertions(+) create mode 100644 gnu/packages/patches/ocaml-bitstring-fix-configure.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 7e8b7c5033..8feb139083 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -752,6 +752,7 @@ dist_patch_DATA = \ %D%/packages/patches/nvi-dbpagesize-binpower.patch \ %D%/packages/patches/nvi-db4.patch \ %D%/packages/patches/ocaml-bisect-fix-camlp4-in-another-directory.patch \ + %D%/packages/patches/ocaml-bitstring-fix-configure.patch \ %D%/packages/patches/ocaml-CVE-2015-8869.patch \ %D%/packages/patches/ocaml-Add-a-.file-directive.patch \ %D%/packages/patches/ocaml-findlib-make-install.patch \ diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm index a1c7bc7155..b999ee91e6 100644 --- a/gnu/packages/ocaml.scm +++ b/gnu/packages/ocaml.scm @@ -25,6 +25,7 @@ (define-module (gnu packages ocaml) #:use-module (gnu packages) + #:use-module (gnu packages autotools) #:use-module (gnu packages base) #:use-module (gnu packages compression) #:use-module (gnu packages curl) @@ -42,6 +43,7 @@ #:use-module (gnu packages python) #:use-module (gnu packages tex) #:use-module (gnu packages texinfo) + #:use-module (gnu packages time) #:use-module (gnu packages version-control) #:use-module (gnu packages xml) #:use-module (gnu packages xorg) @@ -1002,3 +1004,68 @@ tests. After application execution, it is possible to generate a report in HTML format that is the replica of the application source code annotated with code coverage information.") (license license:gpl3+))) + +(define-public ocaml-bitstring + (package + (name "ocaml-bitstring") + (version "2.1.0") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/xguerin/bitstring" + "/archive/v" version ".tar.gz")) + (sha256 + (base32 + "0miw4banfpmx4kxrckpqr57b1fcmsqdmspyjx6gqjd4kghm4l7xj")) + (patches (search-patches "ocaml-bitstring-fix-configure.patch")))) + (build-system ocaml-build-system) + (native-inputs + `(("camlp4" ,camlp4) + ("time" ,time) + ("autoconf" ,autoconf) + ("automake" ,automake) + ("bisect" ,ocaml-bisect))) + (propagated-inputs + `(("camlp4" ,camlp4))) + (arguments + `(#:configure-flags + (list "CAMLP4OF=camlp4of" "--enable-coverage") + #:make-flags + (list (string-append "BISECTLIB=" + (assoc-ref %build-inputs "bisect") + "/lib/ocaml/site-lib") + (string-append "OCAMLCFLAGS=-g -I " + (assoc-ref %build-inputs "camlp4") + "/lib/ocaml/site-lib/camlp4 -I " + "$(BISECTLIB)/bisect") + (string-append "OCAMLOPTFLAGS=-g -I " + (assoc-ref %build-inputs "camlp4") + "/lib/ocaml/site-lib/camlp4 -I " + "$(BISECTLIB)/bisect")) + #:phases + (modify-phases %standard-phases + (add-before 'configure 'fix-configure + (lambda* (#:key inputs #:allow-other-keys) + (substitute* "Makefile.in" + (("@abs_top_builddir@") + (string-append "@abs_top_builddir@:" (getenv "LIBRARY_PATH")))) + (substitute* "configure" + (("-/bin/sh") (string-append "-" (assoc-ref inputs "bash") + "/bin/sh"))))) + (add-after 'install 'link-lib + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (stubs (string-append out + "/lib/ocaml/site-lib/stubslibs")) + (lib (string-append out + "/lib/ocaml/site-lib/bitstring"))) + (mkdir-p stubs) + (symlink (string-append lib "/dllbitstring.so") + (string-append stubs "/dllbitstring.so")))))))) + (home-page "https://github.com/xguerin/bitstring") + (synopsis "Bitstrings and bitstring matching for OCaml") + (description "Adds Erlang-style bitstrings and matching over bitstrings as +a syntax extension and library for OCaml. You can use this module to both parse +and generate binary formats, files and protocols. Bitstring handling is added +as primitives to the language, making it exceptionally simple to use and very +powerful.") + (license license:isc))) diff --git a/gnu/packages/patches/ocaml-bitstring-fix-configure.patch b/gnu/packages/patches/ocaml-bitstring-fix-configure.patch new file mode 100644 index 0000000000..c358bf3d6b --- /dev/null +++ b/gnu/packages/patches/ocaml-bitstring-fix-configure.patch @@ -0,0 +1,53 @@ +From 0aaddfceeea3e89df196ab1846da54d09713a512 Mon Sep 17 00:00:00 2001 +From: Julien Lepiller +Date: Thu, 15 Dec 2016 21:17:31 +0100 +Subject: [PATCH] fix configure + +--- + Makefile.in | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/Makefile.in b/Makefile.in +index d040f4c..85e0b38 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -32,6 +32,7 @@ BISECT_REPORT = @BISECT_REPORT@ + BYTESWAP_H = @BYTESWAP_H@ + + OCAMLLIB = @OCAMLLIB@ ++BISECTLIB = $(shell if test -z $${BISECTLIB}; then echo $(OCAMLLIB); else echo $${BISECTLIB}; fi) + top_srcdir = @top_srcdir@ + + pkg_cil = @OCAML_PKG_cil@ +@@ -47,9 +48,9 @@ OCAMLOPTPACKAGES = $(OCAMLCPACKAGES) + OCAMLOPTLIBS = -linkpkg + + ifneq ($(enable_coverage),no) +-OCAMLCFLAGS += -I +bisect -pp 'camlp4o $(OCAMLLIB)/bisect/instrument.cma' ++OCAMLCFLAGS += -I +bisect -pp 'camlp4o $(BISECTLIB)/bisect/instrument.cma' + OCAMLCLIBS += -I +bisect bisect.cma +-OCAMLOPTFLAGS += -I +bisect -pp 'camlp4o $(OCAMLLIB)/bisect/instrument.cma' ++OCAMLOPTFLAGS += -I +bisect -pp 'camlp4o $(BISECTLIB)/bisect/instrument.cma' + OCAMLOPTLIBS += -I +bisect bisect.cmxa + endif + +@@ -110,7 +111,7 @@ bitstring_persistent.cmi: bitstring_persistent.mli + -I +camlp4 -pp camlp4of -c $< + + pa_bitstring.cmo: pa_bitstring.ml bitstring.cma bitstring_persistent.cma +- $(OCAMLFIND) ocamlc bitstring.cma -I +camlp4 dynlink.cma camlp4lib.cma \ ++ $(OCAMLFIND) ocamlc $(OCAMLCFLAGS) bitstring.cma -I +camlp4 dynlink.cma camlp4lib.cma \ + -pp camlp4of -c $< -o $@ + + bitstring-objinfo: bitstring_objinfo.cmo bitstring.cma bitstring_persistent.cma +@@ -133,7 +134,7 @@ byteswap.h: byteswap.in.h + ifeq ($(enable_coverage),no) + PP = -pp 'camlp4o bitstring.cma bitstring_persistent.cma pa_bitstring.cmo' + else +-PP = -pp 'camlp4o $(OCAMLLIB)/bisect/bisect.cma bitstring.cma bitstring_persistent.cma pa_bitstring.cmo' ++PP = -pp 'camlp4o $(BISECTLIB)/bisect/bisect.cma bitstring.cma bitstring_persistent.cma pa_bitstring.cmo' + endif + + check: test +-- +2.11.0 -- cgit v1.2.3 From 68f90673242777feea9537d6e506d97ea8506c45 Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Wed, 4 Jan 2017 16:38:57 +0100 Subject: gnu: inkscape: Update to 0.92.0. * gnu/packages/patches/inkscape-drop-wait-for-targets.patch: Remove it. * gnu/local.mk (dist_patch_DATA): Remove it. * gnu/packages/inkscape.scm (inkscape): Update to 0.92.0. [build-system]: Use "cmake-build-system". [native-inputs]: Add glib:bin. [arguments]: Remove obsolete arguments; disable tests. --- gnu/local.mk | 3 +- gnu/packages/inkscape.scm | 32 ++++------ .../patches/inkscape-drop-wait-for-targets.patch | 68 ---------------------- 3 files changed, 11 insertions(+), 92 deletions(-) delete mode 100644 gnu/packages/patches/inkscape-drop-wait-for-targets.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 8feb139083..4d321d1a59 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -7,7 +7,7 @@ # Copyright © 2016 Kei Kebreau # Copyright © 2016 Rene Saavedra # Copyright © 2016 Adonay "adfeno" Felipe Nogueira -# Copyright © 2016 Ricardo Wurmus +# Copyright © 2016, 2017 Ricardo Wurmus # Copyright © 2016 Ben Woodcroft # # This file is part of GNU Guix. @@ -638,7 +638,6 @@ dist_patch_DATA = \ %D%/packages/patches/icu4c-CVE-2015-4760.patch \ %D%/packages/patches/id3lib-CVE-2007-4460.patch \ %D%/packages/patches/ilmbase-fix-tests.patch \ - %D%/packages/patches/inkscape-drop-wait-for-targets.patch \ %D%/packages/patches/isl-0.11.1-aarch64-support.patch \ %D%/packages/patches/jbig2dec-ignore-testtest.patch \ %D%/packages/patches/jq-CVE-2015-8863.patch \ diff --git a/gnu/packages/inkscape.scm b/gnu/packages/inkscape.scm index d98a4cd7a9..e20ca666bd 100644 --- a/gnu/packages/inkscape.scm +++ b/gnu/packages/inkscape.scm @@ -23,7 +23,7 @@ #:use-module (guix packages) #:use-module (guix download) #:use-module (guix utils) - #:use-module (guix build-system gnu) + #:use-module (guix build-system cmake) #:use-module (gnu packages) #:use-module (gnu packages aspell) #:use-module (gnu packages bdw-gc) @@ -44,20 +44,16 @@ (define-public inkscape (package (name "inkscape") - (version "0.91") + (version "0.92.0") (source (origin (method url-fetch) - (uri (string-append "https://launchpad.net/inkscape/" - (version-major+minor version) ".x/" - version "/+download/inkscape-" - version ".tar.gz")) + (uri (string-append "https://media.inkscape.org/dl/" + "resources/file/" + "inkscape-" version ".tar.bz2")) (sha256 (base32 - "086v01jy896dj86bq7plrf6si4p6gh6ga2v5417llgmminycz8rc")) - (patch-flags '("-p0")) - (patches - (search-patches "inkscape-drop-wait-for-targets.patch")))) - (build-system gnu-build-system) + "0mmssxnxsvb3bpm7ck5pqvwyacrz1nkyacs571jx8j04l1cw3d5q")))) + (build-system cmake-build-system) (inputs `(("aspell" ,aspell) ("gtkmm" ,gtkmm-2) @@ -75,19 +71,11 @@ ("boost" ,boost))) (native-inputs `(("intltool" ,intltool) + ("glib" ,glib "bin") ("perl" ,perl) ("pkg-config" ,pkg-config))) - (arguments - `(;; Add '-std=c++11', required by recent versions of GLibmm & co. - ;; Use '-g0' to reduce disk usage during the build. - #:configure-flags '("CXXFLAGS=-g0 -O2 -fopenmp -std=c++11") - #:phases - (modify-phases %standard-phases - (add-after 'unpack 'fix-test-includes - (lambda _ - (substitute* "src/cxxtests.cpp" - (("\\.\\./\\.\\./src") "../src")) - #t))))) + ;; FIXME: tests require gmock + (arguments `(#:tests? #f)) (home-page "http://inkscape.org/") (synopsis "Vector graphics editor") (description "Inkscape is a vector graphics editor. What sets Inkscape diff --git a/gnu/packages/patches/inkscape-drop-wait-for-targets.patch b/gnu/packages/patches/inkscape-drop-wait-for-targets.patch deleted file mode 100644 index 3dbe6641e2..0000000000 --- a/gnu/packages/patches/inkscape-drop-wait-for-targets.patch +++ /dev/null @@ -1,68 +0,0 @@ -Copied from Fedora. - -http://pkgs.fedoraproject.org/cgit/rpms/inkscape.git/plain/inkscape-0.91-drop-wait-for-targets.patch?id=eb5340800b563d6b05aa5f11a2f24f2cc0d8c80e - -=== modified file 'src/ui/clipboard.cpp' ---- src/ui/clipboard.cpp 2016-04-02 15:15:43 +0000 -+++ src/ui/clipboard.cpp 2016-04-07 16:30:32 +0000 -@@ -146,8 +146,6 @@ - void _setClipboardColor(guint32); - void _userWarn(SPDesktop *, char const *); - -- void _inkscape_wait_for_targets(std::list &); -- - // private properites - SPDocument *_clipboardSPDoc; ///< Document that stores the clipboard until someone requests it - Inkscape::XML::Node *_defs; ///< Reference to the clipboard document's defs node -@@ -1302,9 +1300,7 @@ - */ - Glib::ustring ClipboardManagerImpl::_getBestTarget() - { -- // GTKmm's wait_for_targets() is broken, see the comment in _inkscape_wait_for_targets() -- std::list targets; // = _clipboard->wait_for_targets(); -- _inkscape_wait_for_targets(targets); -+ std::list targets = _clipboard->wait_for_targets(); - - // clipboard target debugging snippet - /* -@@ -1456,39 +1452,6 @@ - desktop->messageStack()->flash(Inkscape::WARNING_MESSAGE, msg); - } - -- --// GTKMM's clipboard::wait_for_targets is buggy and might return bogus, see --// --// https://bugs.launchpad.net/inkscape/+bug/296778 --// http://mail.gnome.org/archives/gtk-devel-list/2009-June/msg00062.html --// --// for details. Until this has been fixed upstream we will use our own implementation --// of this method, as copied from /gtkmm-2.16.0/gtk/gtkmm/clipboard.cc. --void ClipboardManagerImpl::_inkscape_wait_for_targets(std::list &listTargets) --{ -- //Get a newly-allocated array of atoms: -- GdkAtom* targets = NULL; -- gint n_targets = 0; -- gboolean test = gtk_clipboard_wait_for_targets( gtk_clipboard_get(GDK_SELECTION_CLIPBOARD), &targets, &n_targets ); -- if (!test || (targets == NULL)) { -- return; -- } -- -- //Add the targets to the C++ container: -- for (int i = 0; i < n_targets; i++) -- { -- //Convert the atom to a string: -- gchar* const atom_name = gdk_atom_name(targets[i]); -- -- Glib::ustring target; -- if (atom_name) { -- target = Glib::ScopedPtr(atom_name).get(); //This frees the gchar*. -- } -- -- listTargets.push_back(target); -- } --} -- - /* ####################################### - ClipboardManager class - ####################################### */ - -- cgit v1.2.3 From 5f0fabec54812e9ebd9a54b7c24b29899c765548 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sun, 1 Jan 2017 15:12:48 -0500 Subject: gnu: unrtf: Fix CVE-2016-10091. * gnu/packages/patches/unrtf-CVE-2016-10091.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/unrtf.scm (unrtf)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/patches/unrtf-CVE-2016-10091.patch | 189 ++++++++++++++++++++++++ gnu/packages/unrtf.scm | 2 + 3 files changed, 192 insertions(+) create mode 100644 gnu/packages/patches/unrtf-CVE-2016-10091.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 4d321d1a59..2e714ac28c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -881,6 +881,7 @@ dist_patch_DATA = \ %D%/packages/patches/tophat-build-with-later-seqan.patch \ %D%/packages/patches/totem-debug-format-fix.patch \ %D%/packages/patches/tuxpaint-stamps-path.patch \ + %D%/packages/patches/unrtf-CVE-2016-10091.patch \ %D%/packages/patches/unzip-CVE-2014-8139.patch \ %D%/packages/patches/unzip-CVE-2014-8140.patch \ %D%/packages/patches/unzip-CVE-2014-8141.patch \ diff --git a/gnu/packages/patches/unrtf-CVE-2016-10091.patch b/gnu/packages/patches/unrtf-CVE-2016-10091.patch new file mode 100644 index 0000000000..badd1b8ed6 --- /dev/null +++ b/gnu/packages/patches/unrtf-CVE-2016-10091.patch @@ -0,0 +1,189 @@ +Fix CVE-2016-10091 (stack-based buffer overflows in cmd_* functions): + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10091 +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849705 +http://seclists.org/oss-sec/2016/q4/787 + +Patch adapted from Debian: + +https://anonscm.debian.org/cgit/collab-maint/unrtf.git/commit/?h=jessie&id=7500a48fb0fbad3ab963fb17560b2f90a8a485c8 + +The Debian patch adapts this upstream commit so that it can be applied +to the 0.21.9 release tarball: + +http://hg.savannah.gnu.org/hgweb/unrtf/rev/3b16893a6406 + +From 7dd568ed8a6a5acb6c04f2b40f457d63a00435f3 Mon Sep 17 00:00:00 2001 +From: Willi Mann +Date: Sat, 31 Dec 2016 20:31:38 +0100 +Subject: [PATCH] Add patch from upstream to fix CVE-2016-10091 (buffer + overflow in various cmd_ functions) + +diff --git a/src/attr.c b/src/attr.c +index 02b5c81..e2951ea 100644 +--- a/src/attr.c ++++ b/src/attr.c +@@ -746,7 +746,7 @@ char * + assemble_string(char *string, int nr) + { + +- char *s, tmp[12];/* Number of characters that can be in int type (including '\0') - AF */ ++ char *s, tmp[20]; + int i = 0, j = 0; + + if (string == NULL) +@@ -762,7 +762,7 @@ assemble_string(char *string, int nr) + } + + if (string[i] != '\0') { +- sprintf(tmp, "%d", nr); ++ snprintf(tmp, 20, "%d", nr); + strcpy(&s[j], tmp); + j = j + strlen(tmp); + } +diff --git a/src/convert.c b/src/convert.c +index c76d7d6..8eacdcb 100644 +--- a/src/convert.c ++++ b/src/convert.c +@@ -472,7 +472,7 @@ static const int fcharsetparmtocp(int parm) + } + + // Translate code page to encoding name hopefully suitable as iconv input +-static char *cptoencoding(parm) ++static char *cptoencoding(int parm) + { + // Note that CP0 is supposed to mean current system default, which does + // not make any sense as a stored value, we don't handle it. +@@ -964,7 +964,7 @@ cmd_cf (Word *w, int align, char has_param, int num) + } + else + { +- sprintf(str,"#%02x%02x%02x", ++ snprintf(str, 40, "#%02x%02x%02x", + color_table[num].r, + color_table[num].g, + color_table[num].b); +@@ -993,7 +993,7 @@ cmd_cb (Word *w, int align, char has_param, int num) + } + else + { +- sprintf(str,"#%02x%02x%02x", ++ snprintf(str, 40, "#%02x%02x%02x", + color_table[num].r, + color_table[num].g, + color_table[num].b); +@@ -1018,7 +1018,7 @@ cmd_fs (Word *w, int align, char has_param, int points) { + /* Note, fs20 means 10pt */ + points /= 2; + +- sprintf(str,"%d",points); ++ snprintf(str, 20, "%d", points); + attr_push(ATTR_FONTSIZE,str); + + return FALSE; +@@ -1166,7 +1166,7 @@ cmd_f (Word *w, int align, char has_param, int num) + { + // TOBEDONE: WHAT'S THIS ??? + name = my_malloc(12); +- sprintf(name, "%d", num); ++ snprintf(name, 12, "%d", num); + } + + /* we are going to output entities, so should not output font */ +@@ -1218,7 +1218,7 @@ cmd_highlight (Word *w, int align, char has_param, int num) + } + else + { +- sprintf(str,"#%02x%02x%02x", ++ snprintf(str, 40, "#%02x%02x%02x", + color_table[num].r, + color_table[num].g, + color_table[num].b); +@@ -1373,9 +1373,9 @@ cmd_ftech (Word *w, int align, char has_param, int param) { + + static int + cmd_expand (Word *w, int align, char has_param, int param) { +- char str[10]; ++ char str[20]; + if (has_param) { +- sprintf(str, "%d", param/4); ++ snprintf(str, 20, "%d", param / 4); + if (!param) + attr_pop(ATTR_EXPAND); + else +@@ -1394,7 +1394,7 @@ cmd_expand (Word *w, int align, char has_param, int param) { + + static int + cmd_emboss (Word *w, int align, char has_param, int param) { +- char str[10]; ++ char str[20]; + if (has_param && !param) + #ifdef SUPPORT_UNNESTED + attr_find_pop(ATTR_EMBOSS); +@@ -1403,7 +1403,7 @@ cmd_emboss (Word *w, int align, char has_param, int param) { + #endif + else + { +- sprintf(str, "%d", param); ++ snprintf(str, 20, "%d", param); + attr_push(ATTR_EMBOSS, str); + } + return FALSE; +@@ -1419,12 +1419,12 @@ cmd_emboss (Word *w, int align, char has_param, int param) { + + static int + cmd_engrave (Word *w, int align, char has_param, int param) { +- char str[10]; ++ char str[20]; + if (has_param && !param) + attr_pop(ATTR_ENGRAVE); + else + { +- sprintf(str, "%d", param); ++ snprintf(str, 20, "%d", param); + attr_push(ATTR_ENGRAVE, str); + } + return FALSE; +@@ -1976,7 +1976,7 @@ static int cmd_u (Word *w, int align, char has_param, int param) { + + short done=0; + long unicode_number = (long) param; /* On 16bit architectures int is too small to store unicode characters. - AF */ +- char tmp[12]; /* Number of characters that can be in int type (including '\0'). If int size is greater than 4 bytes change this value. - AF */ ++ char tmp[20]; /* Number of characters that can be in int type (including '\0'). If int size is greater than 4 bytes change this value. - AF */ + const char *alias; + #define DEBUG 0 + #if DEBUG +@@ -2006,7 +2006,7 @@ static int cmd_u (Word *w, int align, char has_param, int param) { + /* RTF spec: Unicode values beyond 32767 are represented by negative numbers */ + unicode_number += 65536; + } +- sprintf(tmp, "%ld", unicode_number); ++ snprintf(tmp, 20, "%ld", unicode_number); + + if (safe_printf(1, op->unisymbol_print, tmp)) fprintf(stderr, TOO_MANY_ARGS, "unisymbol_print"); + done++; +diff --git a/src/output.c b/src/output.c +index 86d8b5c..4cdbfa6 100644 +--- a/src/output.c ++++ b/src/output.c +@@ -320,7 +320,7 @@ op_begin_std_fontsize (OutputPersonality *op, int size) + if (!found_std_expr) { + if (op->fontsize_begin) { + char expr[16]; +- sprintf (expr, "%d", size); ++ snprintf(expr, 16, "%d", size); + if (safe_printf (1, op->fontsize_begin, expr)) fprintf(stderr, TOO_MANY_ARGS, "fontsize_begin"); + } else { + /* If we cannot write out a change for the exact +@@ -440,7 +440,7 @@ op_end_std_fontsize (OutputPersonality *op, int size) + if (!found_std_expr) { + if (op->fontsize_end) { + char expr[16]; +- sprintf (expr, "%d", size); ++ snprintf(expr, 16, "%d", size); + if (safe_printf(1, op->fontsize_end, expr)) fprintf(stderr, TOO_MANY_ARGS, "fontsize_end"); + } else { + /* If we cannot write out a change for the exact +- +.11.0 + diff --git a/gnu/packages/unrtf.scm b/gnu/packages/unrtf.scm index 162dec7525..e11c9445ca 100644 --- a/gnu/packages/unrtf.scm +++ b/gnu/packages/unrtf.scm @@ -23,6 +23,7 @@ #:use-module (guix download) #:use-module (guix build-system gnu) #:use-module (guix gexp) + #:use-module (gnu packages) #:use-module (gnu packages autotools) #:use-module (gnu packages m4) #:use-module (gnu packages base)) @@ -35,6 +36,7 @@ (method url-fetch) (uri (string-append "mirror://gnu/unrtf/unrtf-" version ".tar.gz")) + (patches (search-patches "unrtf-CVE-2016-10091.patch")) (sha256 (base32 "1pcdzf2h1prn393dkvg93v80vh38q0v817xnbwrlwxbdz4k7i8r2")) -- cgit v1.2.3 From e50d5b8c9d948a2aa08c69aaa2e4a778387ed944 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 6 Jan 2017 03:14:17 -0500 Subject: gnu: khal: Disable failing tests. * gnu/packages/patches/khal-disable-failing-tests.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/calendar.scm (khal): Use it. --- gnu/local.mk | 1 + gnu/packages/calendar.scm | 1 + .../patches/khal-disable-failing-tests.patch | 33 ++++++++++++++++++++++ 3 files changed, 35 insertions(+) create mode 100644 gnu/packages/patches/khal-disable-failing-tests.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 2e714ac28c..2fbb01fb2e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -642,6 +642,7 @@ dist_patch_DATA = \ %D%/packages/patches/jbig2dec-ignore-testtest.patch \ %D%/packages/patches/jq-CVE-2015-8863.patch \ %D%/packages/patches/kdbusaddons-kinit-file-name.patch \ + %D%/packages/patches/khal-disable-failing-tests.patch \ %D%/packages/patches/khmer-use-libraries.patch \ %D%/packages/patches/kmod-module-directory.patch \ %D%/packages/patches/kobodeluxe-paths.patch \ diff --git a/gnu/packages/calendar.scm b/gnu/packages/calendar.scm index 447dcd698e..70bf8f9573 100644 --- a/gnu/packages/calendar.scm +++ b/gnu/packages/calendar.scm @@ -88,6 +88,7 @@ data units.") (source (origin (method url-fetch) (uri (pypi-uri "khal" version)) + (patches (search-patches "khal-disable-failing-tests.patch")) (sha256 (base32 "03vy4dp9n43w51mwqjjy08dr5nj7wxqnb085visz3j43vzm42p1f")))) diff --git a/gnu/packages/patches/khal-disable-failing-tests.patch b/gnu/packages/patches/khal-disable-failing-tests.patch new file mode 100644 index 0000000000..e2c65df8ce --- /dev/null +++ b/gnu/packages/patches/khal-disable-failing-tests.patch @@ -0,0 +1,33 @@ +Disable some tests that are known to fail: + +https://github.com/pimutils/khal/issues/546 +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844081 + +diff --git a/tests/khalendar_test.py b/tests/khalendar_test.py +index fd8dcc6..17732bf 100644 +--- a/tests/khalendar_test.py ++++ b/tests/khalendar_test.py +@@ -65,6 +65,7 @@ class TestCalendar(object): + else: + mtimes[cal] = mtime + ++ @pytest.mark.xfail + def test_db_needs_update(self, coll_vdirs): + coll, vdirs = coll_vdirs + +@@ -321,6 +322,7 @@ class TestDbCreation(object): + CalendarCollection(calendars, dbpath=dbpath, locale=aux.locale) + + ++@pytest.mark.xfail + def test_default_calendar(coll_vdirs): + """test if an update to the vdir is detected by the CalendarCollection""" + coll, vdirs = coll_vdirs +@@ -341,6 +343,7 @@ def test_default_calendar(coll_vdirs): + assert len(list(coll.get_events_on(today))) == 0 + + ++@pytest.mark.xfail + def test_only_update_old_event(coll_vdirs, monkeypatch): + coll, vdirs = coll_vdirs + -- cgit v1.2.3 From aa21c764d65068783ae31febee2a92eb3d138a24 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 6 Jan 2017 13:43:38 -0500 Subject: gnu: python-pycrypto: Fix CVE-2013-7459. * gnu/packages/patches/python-pycrypto-CVE-2013-7459.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/python.scm (python-pycrypto, python2-pycrypto)[source]: Use the patch. Use pypi-uri. --- gnu/local.mk | 1 + .../patches/python-pycrypto-CVE-2013-7459.patch | 97 ++++++++++++++++++++++ gnu/packages/python.scm | 12 ++- 3 files changed, 103 insertions(+), 7 deletions(-) create mode 100644 gnu/packages/patches/python-pycrypto-CVE-2013-7459.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 2fbb01fb2e..1889a0ecd6 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -827,6 +827,7 @@ dist_patch_DATA = \ %D%/packages/patches/python-configobj-setuptools.patch \ %D%/packages/patches/python-paste-remove-website-test.patch \ %D%/packages/patches/python-paste-remove-timing-test.patch \ + %D%/packages/patches/python-pycrypto-CVE-2013-7459.patch \ %D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \ %D%/packages/patches/qt4-ldflags.patch \ %D%/packages/patches/quickswitch-fix-dmenu-check.patch \ diff --git a/gnu/packages/patches/python-pycrypto-CVE-2013-7459.patch b/gnu/packages/patches/python-pycrypto-CVE-2013-7459.patch new file mode 100644 index 0000000000..3570b94e9b --- /dev/null +++ b/gnu/packages/patches/python-pycrypto-CVE-2013-7459.patch @@ -0,0 +1,97 @@ +Fix CVE-2013-7459: + +https://github.com/dlitz/pycrypto/issues/176 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7459 + +Copied from Debian: + +https://anonscm.debian.org/cgit/collab-maint/python-crypto.git/commit/?id=0de2243837ed369a086f15c50cca2be85bdfab9d + +Debian adapts this upstream commit: + +https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4 + +From 8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4 Mon Sep 17 00:00:00 2001 +From: Legrandin +Date: Sun, 22 Dec 2013 22:24:46 +0100 +Subject: [PATCH] Throw exception when IV is used with ECB or CTR + +The IV parameter is currently ignored when initializing +a cipher in ECB or CTR mode. + +For CTR mode, it is confusing: it takes some time to see +that a different parameter is needed (the counter). + +For ECB mode, it is outright dangerous. + +This patch forces an exception to be raised. +--- + lib/Crypto/SelfTest/Cipher/common.py | 31 +++++++++++++++++++++++-------- + src/block_template.c | 11 +++++++++++ + 2 files changed, 34 insertions(+), 8 deletions(-) + +--- a/lib/Crypto/SelfTest/Cipher/common.py ++++ b/lib/Crypto/SelfTest/Cipher/common.py +@@ -239,19 +239,34 @@ class RoundtripTest(unittest.TestCase): + return """%s .decrypt() output of .encrypt() should not be garbled""" % (self.module_name,) + + def runTest(self): +- for mode in (self.module.MODE_ECB, self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_OFB, self.module.MODE_OPENPGP): ++ ++ ## ECB mode ++ mode = self.module.MODE_ECB ++ encryption_cipher = self.module.new(a2b_hex(self.key), mode) ++ ciphertext = encryption_cipher.encrypt(self.plaintext) ++ decryption_cipher = self.module.new(a2b_hex(self.key), mode) ++ decrypted_plaintext = decryption_cipher.decrypt(ciphertext) ++ self.assertEqual(self.plaintext, decrypted_plaintext) ++ ++ ## OPENPGP mode ++ mode = self.module.MODE_OPENPGP ++ encryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv) ++ eiv_ciphertext = encryption_cipher.encrypt(self.plaintext) ++ eiv = eiv_ciphertext[:self.module.block_size+2] ++ ciphertext = eiv_ciphertext[self.module.block_size+2:] ++ decryption_cipher = self.module.new(a2b_hex(self.key), mode, eiv) ++ decrypted_plaintext = decryption_cipher.decrypt(ciphertext) ++ self.assertEqual(self.plaintext, decrypted_plaintext) ++ ++ ## All other non-AEAD modes (but CTR) ++ for mode in (self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_OFB): + encryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv) + ciphertext = encryption_cipher.encrypt(self.plaintext) +- +- if mode != self.module.MODE_OPENPGP: +- decryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv) +- else: +- eiv = ciphertext[:self.module.block_size+2] +- ciphertext = ciphertext[self.module.block_size+2:] +- decryption_cipher = self.module.new(a2b_hex(self.key), mode, eiv) ++ decryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv) + decrypted_plaintext = decryption_cipher.decrypt(ciphertext) + self.assertEqual(self.plaintext, decrypted_plaintext) + ++ + class PGPTest(unittest.TestCase): + def __init__(self, module, params): + unittest.TestCase.__init__(self) +--- a/src/block_template.c ++++ b/src/block_template.c +@@ -170,6 +170,17 @@ ALGnew(PyObject *self, PyObject *args, P + "Key cannot be the null string"); + return NULL; + } ++ if (IVlen != 0 && mode == MODE_ECB) ++ { ++ PyErr_Format(PyExc_ValueError, "ECB mode does not use IV"); ++ return NULL; ++ } ++ if (IVlen != 0 && mode == MODE_CTR) ++ { ++ PyErr_Format(PyExc_ValueError, ++ "CTR mode needs counter parameter, not IV"); ++ return NULL; ++ } + if (IVlen != BLOCK_SIZE && mode != MODE_ECB && mode != MODE_CTR) + { + PyErr_Format(PyExc_ValueError, diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 5faebae3d9..d8ca83d810 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -958,13 +958,11 @@ Python 3 support.") (define-public python2-setuptools (package-with-python2 python-setuptools)) -;;; Pycrypto is abandoned upstream [0] and contains at least one bug that can be -;;; exploited to achieve arbitrary code execution [1]. +;;; Pycrypto is abandoned upstream: ;;; -;;; TODO Remove this package from GNU Guix. +;;; https://github.com/dlitz/pycrypto/issues/173 ;;; -;;; [0] https://github.com/dlitz/pycrypto/issues/173 -;;; [1] https://github.com/dlitz/pycrypto/issues/176 +;;; TODO Remove this package from GNU Guix. (define-public python-pycrypto (package (name "python-pycrypto") @@ -972,8 +970,8 @@ Python 3 support.") (source (origin (method url-fetch) - (uri (string-append "https://pypi.python.org/packages/source/p/" - "pycrypto/pycrypto-" version ".tar.gz")) + (uri (pypi-uri "pycrypto" version)) + (patches (search-patches "python-pycrypto-CVE-2013-7459.patch")) (sha256 (base32 "0g0ayql5b9mkjam8hym6zyg6bv77lbh66rv1fyvgqb17kfc1xkpj")))) -- cgit v1.2.3 From 1c9cea74b48348a24bbd38e51345c548255666e4 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sat, 7 Jan 2017 12:11:45 -0500 Subject: gnu: python-pygpgme: Fix build failure. * gnu/packages/patches/python-pygpgme-fix-pinentry-tests.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/gnupg.scm (python-pygpgme, python2-pygpgme)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/gnupg.scm | 3 +- .../python-pygpgme-fix-pinentry-tests.patch | 69 ++++++++++++++++++++++ 3 files changed, 72 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/python-pygpgme-fix-pinentry-tests.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 1889a0ecd6..0c95279e3b 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -829,6 +829,7 @@ dist_patch_DATA = \ %D%/packages/patches/python-paste-remove-timing-test.patch \ %D%/packages/patches/python-pycrypto-CVE-2013-7459.patch \ %D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \ + %D%/packages/patches/python-pygpgme-fix-pinentry-tests.patch \ %D%/packages/patches/qt4-ldflags.patch \ %D%/packages/patches/quickswitch-fix-dmenu-check.patch \ %D%/packages/patches/rapicorn-isnan.patch \ diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index 5f6215b854..dc801a6a4f 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -434,7 +434,8 @@ distributed separately.") ;; Unfortunately, we have to disable some tests due to some gpg-agent ;; goofiness... see: ;; https://bugs.launchpad.net/pygpgme/+bug/999949 - (patches (search-patches "pygpgme-disable-problematic-tests.patch")))) + (patches (search-patches "pygpgme-disable-problematic-tests.patch" + "python-pygpgme-fix-pinentry-tests.patch")))) (arguments `(#:phases (modify-phases %standard-phases diff --git a/gnu/packages/patches/python-pygpgme-fix-pinentry-tests.patch b/gnu/packages/patches/python-pygpgme-fix-pinentry-tests.patch new file mode 100644 index 0000000000..1f7a4cadb7 --- /dev/null +++ b/gnu/packages/patches/python-pygpgme-fix-pinentry-tests.patch @@ -0,0 +1,69 @@ +Fix test failure of test_XXX caused by upgrade of gpgme from 1.6.0 to +1.8.0: + +====================================================================== +FAIL: test_encrypt_to_signonly (tests.test_encrypt_decrypt.EncryptDecryptTestCase) +---------------------------------------------------------------------- +Traceback (most recent call last): + File "/tmp/guix-build-python2-pygpgme-0.3.drv-0/pygpgme-0.3/tests/test_encrypt_decrypt.py", line 185, in test_encrypt_to_signonly + self.assertEqual(exc.args[0], gpgme.ERR_SOURCE_UNKNOWN) +AssertionError: 7 != 0 + +---------------------------------------------------------------------- + +Patch copied from the Debian package pygpgme-0.3-1.2: + +https://sources.debian.net/src/pygpgme/0.3-1.2/debian/patches/0005-Fix-test-failures-with-pinentry.patch/ + +From: "Dr. Tobias Quathamer" +Date: Thu, 24 Nov 2016 12:20:54 +0100 +Subject: Fix test failures with pinentry + +--- + tests/test_encrypt_decrypt.py | 5 +++-- + tests/test_passphrase.py | 2 ++ + 2 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/tests/test_encrypt_decrypt.py b/tests/test_encrypt_decrypt.py +index 21ae83e..05707e1 100644 +--- a/tests/test_encrypt_decrypt.py ++++ b/tests/test_encrypt_decrypt.py +@@ -132,6 +132,7 @@ class EncryptDecryptTestCase(GpgHomeTestCase): + os.write(fd, b'Symmetric passphrase\n') + ctx = gpgme.Context() + ctx.armor = True ++ ctx.pinentry_mode = gpgme.PINENTRY_MODE_LOOPBACK + ctx.passphrase_cb = passphrase + ctx.encrypt(None, 0, plaintext, ciphertext) + self.assertTrue( +@@ -182,8 +183,8 @@ class EncryptDecryptTestCase(GpgHomeTestCase): + ctx.encrypt([recipient], gpgme.ENCRYPT_ALWAYS_TRUST, + plaintext, ciphertext) + except gpgme.GpgmeError as exc: +- self.assertEqual(exc.args[0], gpgme.ERR_SOURCE_UNKNOWN) +- self.assertEqual(exc.args[1], gpgme.ERR_GENERAL) ++ self.assertEqual(exc.args[0], gpgme.ERR_SOURCE_GPGME) ++ self.assertEqual(exc.args[1], gpgme.ERR_UNUSABLE_PUBKEY) + else: + self.fail('gpgme.GpgmeError not raised') + +diff --git a/tests/test_passphrase.py b/tests/test_passphrase.py +index 35b3c59..05e6811 100644 +--- a/tests/test_passphrase.py ++++ b/tests/test_passphrase.py +@@ -34,6 +34,7 @@ class PassphraseTestCase(GpgHomeTestCase): + ctx = gpgme.Context() + key = ctx.get_key('EFB052B4230BBBC51914BCBB54DCBBC8DBFB9EB3') + ctx.signers = [key] ++ ctx.pinentry_mode = gpgme.PINENTRY_MODE_LOOPBACK + plaintext = BytesIO(b'Hello World\n') + signature = BytesIO() + +@@ -55,6 +56,7 @@ class PassphraseTestCase(GpgHomeTestCase): + ctx = gpgme.Context() + key = ctx.get_key('EFB052B4230BBBC51914BCBB54DCBBC8DBFB9EB3') + ctx.signers = [key] ++ ctx.pinentry_mode = gpgme.PINENTRY_MODE_LOOPBACK + ctx.passphrase_cb = self.passphrase_cb + plaintext = BytesIO(b'Hello World\n') + signature = BytesIO() -- cgit v1.2.3 From 6499893ef82b85e9ba67b9e086e82644b94a55bb Mon Sep 17 00:00:00 2001 From: Ben Woodcroft Date: Sun, 8 Jan 2017 10:18:41 +1000 Subject: gnu: ruby-yard: Update to 0.9.6. * gnu/packages/ruby.scm (ruby-yard): Update to 0.9.6. [source]: Use 'GitHub' source. [arguments]: Run tests without 'Rakefile'. [native-inputs]: Replace 'ruby-rspec-2' with ruby-rspec'. * gnu/packages/patches/ruby-yard-fix-skip-of-markdown-tests.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - .../ruby-yard-fix-skip-of-markdown-tests.patch | 17 ------ gnu/packages/ruby.scm | 66 ++++++++++------------ 3 files changed, 31 insertions(+), 53 deletions(-) delete mode 100644 gnu/packages/patches/ruby-yard-fix-skip-of-markdown-tests.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 0c95279e3b..49d9554910 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -844,7 +844,6 @@ dist_patch_DATA = \ %D%/packages/patches/ruby-puma-ignore-broken-test.patch \ %D%/packages/patches/ruby-rack-ignore-failing-test.patch \ %D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\ - %D%/packages/patches/ruby-yard-fix-skip-of-markdown-tests.patch \ %D%/packages/patches/sed-hurd-path-max.patch \ %D%/packages/patches/scheme48-tests.patch \ %D%/packages/patches/scotch-test-threading.patch \ diff --git a/gnu/packages/patches/ruby-yard-fix-skip-of-markdown-tests.patch b/gnu/packages/patches/ruby-yard-fix-skip-of-markdown-tests.patch deleted file mode 100644 index f592f5cd51..0000000000 --- a/gnu/packages/patches/ruby-yard-fix-skip-of-markdown-tests.patch +++ /dev/null @@ -1,17 +0,0 @@ -The tests currently fail due to use of 'skip' rather than 'pending' to skip a -test usually not skipped by upstream. This patch has been proposed upstream -at https://github.com/lsegal/yard/pull/1033 - -diff --git a/spec/templates/helpers/html_helper_spec.rb b/spec/templates/helpers/html_helper_spec.rb -index 84624c3..9c4fc2b 100644 ---- a/spec/templates/helpers/html_helper_spec.rb -+++ b/spec/templates/helpers/html_helper_spec.rb -@@ -184,7 +184,7 @@ describe YARD::Templates::Helpers::HtmlHelper do - it "creates tables (markdown specific)" do - log.enter_level(Logger::FATAL) do - unless markup_class(:markdown).to_s == "RedcarpetCompat" -- skip "This test depends on a markdown engine that supports tables" -+ pending "This test depends on a markdown engine that supports tables" - end - end - diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm index 50dde3f48c..4a2a3c1d31 100644 --- a/gnu/packages/ruby.scm +++ b/gnu/packages/ruby.scm @@ -3049,44 +3049,40 @@ features such as filtering and fine grained logging.") (license license:expat))) (define-public ruby-yard - ;; Use git reference because gem is >100 commits out of date and the tests - ;; do not pass with the released gem. - (let ((commit "d816482a0d4850506c3bcccc9434550c536c28c6")) - (package - (name "ruby-yard") - (version (string-append "0.9.5-1." (string-take commit 8))) - (source - (origin - (method git-fetch) - (uri (git-reference - (url "https://github.com/lsegal/yard.git") - (commit commit))) - (file-name (string-append name "-" version "-checkout")) - (sha256 - (base32 - "1j16c85x22if7y0fzi3c900p9wzkx2riq1y7vsj92a0zvwsxai4i")) - (patches (search-patches "ruby-yard-fix-skip-of-markdown-tests.patch")))) - (build-system ruby-build-system) - (arguments - `(#:test-target "spec" - #:phases - (modify-phases %standard-phases - (add-before 'check 'set-HOME-and-disable-failing-test - (lambda _ - ;; $HOME needs to be set to somewhere writeable for tests to run - (setenv "HOME" "/tmp") - #t))))) - (native-inputs - `(("ruby-rspec" ,ruby-rspec-2) - ("ruby-rack" ,ruby-rack))) - (synopsis "Documentation generation tool for Ruby") - (description - "YARD is a documentation generation tool for the Ruby programming + (package + (name "ruby-yard") + (version "0.9.6") + (source + (origin + (method url-fetch) + ;; Tests do not pass if we build from the distributed gem. + (uri (string-append "https://github.com/lsegal/yard/archive/v" + version "tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "0rsz4bghgx7fryzyhlz8wlnd2m9xgyvf1xhrq58mnzfrrfm41bdg")))) + (build-system ruby-build-system) + (arguments + `(#:phases + (modify-phases %standard-phases + (replace 'check + (lambda _ + ;; $HOME needs to be set to somewhere writeable for tests to run + (setenv "HOME" "/tmp") + ;; Run tests without using 'rake' to avoid dependencies. + (zero? (system* "rspec"))))))) + (native-inputs + `(("ruby-rspec" ,ruby-rspec) + ("ruby-rack" ,ruby-rack))) + (synopsis "Documentation generation tool for Ruby") + (description + "YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions.") - (home-page "http://yardoc.org") - (license license:expat)))) + (home-page "http://yardoc.org") + (license license:expat))) (define-public ruby-clap (package -- cgit v1.2.3 From 4b96149d8b199048aa526159120d14a44d6ee054 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Tue, 10 Jan 2017 03:22:33 -0500 Subject: gnu: libtiff: Fix CVE-2016-{10092,10093,10094} and others. * gnu/packages/patches/libtiff-CVE-2016-10092.patch, gnu/packages/patches/libtiff-CVE-2016-10093.patch, gnu/packages/patches/libtiff-CVE-2016-10094.patch, gnu/packages/patches/libtiff-assertion-failure.patch, gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch, gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch, gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch, gnu/packages/patches/libtiff-divide-by-zero.patch, gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch, gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch, gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch, gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch, gnu/packages/patches/libtiff-invalid-read.patch, gnu/packages/patches/libtiff-null-dereference.patch, gnu/packages/patches/libtiff-tiffcp-underflow.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/image.scm (libtiff)[replacement]: New field. (libtiff/fixed): New variable. --- gnu/local.mk | 15 +++ gnu/packages/image.scm | 24 ++++ gnu/packages/patches/libtiff-CVE-2016-10092.patch | 42 +++++++ gnu/packages/patches/libtiff-CVE-2016-10093.patch | 53 +++++++++ gnu/packages/patches/libtiff-CVE-2016-10094.patch | 34 ++++++ .../patches/libtiff-assertion-failure.patch | 60 ++++++++++ .../patches/libtiff-divide-by-zero-ojpeg.patch | 63 ++++++++++ .../patches/libtiff-divide-by-zero-tiffcp.patch | 104 ++++++++++++++++ .../patches/libtiff-divide-by-zero-tiffcrop.patch | 57 +++++++++ gnu/packages/patches/libtiff-divide-by-zero.patch | 67 +++++++++++ .../libtiff-heap-overflow-pixarlog-luv.patch | 131 ++++++++++++++++++++ .../libtiff-heap-overflow-tif-dirread.patch | 132 +++++++++++++++++++++ .../patches/libtiff-heap-overflow-tiffcp.patch | 67 +++++++++++ .../patches/libtiff-heap-overflow-tiffcrop.patch | 60 ++++++++++ gnu/packages/patches/libtiff-invalid-read.patch | 64 ++++++++++ .../patches/libtiff-null-dereference.patch | 42 +++++++ .../patches/libtiff-tiffcp-underflow.patch | 41 +++++++ 17 files changed, 1056 insertions(+) create mode 100644 gnu/packages/patches/libtiff-CVE-2016-10092.patch create mode 100644 gnu/packages/patches/libtiff-CVE-2016-10093.patch create mode 100644 gnu/packages/patches/libtiff-CVE-2016-10094.patch create mode 100644 gnu/packages/patches/libtiff-assertion-failure.patch create mode 100644 gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch create mode 100644 gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch create mode 100644 gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch create mode 100644 gnu/packages/patches/libtiff-divide-by-zero.patch create mode 100644 gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch create mode 100644 gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch create mode 100644 gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch create mode 100644 gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch create mode 100644 gnu/packages/patches/libtiff-invalid-read.patch create mode 100644 gnu/packages/patches/libtiff-null-dereference.patch create mode 100644 gnu/packages/patches/libtiff-tiffcp-underflow.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index a7b917e6e7..e34ae17796 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -683,6 +683,21 @@ dist_patch_DATA = \ %D%/packages/patches/libssh-0.6.5-CVE-2016-0739.patch \ %D%/packages/patches/libtar-CVE-2013-4420.patch \ %D%/packages/patches/libtheora-config-guess.patch \ + %D%/packages/patches/libtiff-CVE-2016-10092.patch \ + %D%/packages/patches/libtiff-CVE-2016-10093.patch \ + %D%/packages/patches/libtiff-CVE-2016-10094.patch \ + %D%/packages/patches/libtiff-assertion-failure.patch \ + %D%/packages/patches/libtiff-divide-by-zero-ojpeg.patch \ + %D%/packages/patches/libtiff-divide-by-zero-tiffcp.patch \ + %D%/packages/patches/libtiff-divide-by-zero-tiffcrop.patch \ + %D%/packages/patches/libtiff-divide-by-zero.patch \ + %D%/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch \ + %D%/packages/patches/libtiff-heap-overflow-tif-dirread.patch \ + %D%/packages/patches/libtiff-heap-overflow-tiffcp.patch \ + %D%/packages/patches/libtiff-heap-overflow-tiffcrop.patch \ + %D%/packages/patches/libtiff-invalid-read.patch \ + %D%/packages/patches/libtiff-null-dereference.patch \ + %D%/packages/patches/libtiff-tiffcp-underflow.patch \ %D%/packages/patches/libtool-skip-tests2.patch \ %D%/packages/patches/libunwind-CVE-2015-3239.patch \ %D%/packages/patches/libupnp-CVE-2016-6255.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 4e40533a21..a9bbf192cc 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -8,6 +8,7 @@ ;;; Copyright © 2015 Amirouche Boubekki ;;; Copyright © 2014 John Darrington ;;; Copyright © 2016 Leo Famulari +;;; Copyright © 2016, 2017 Leo Famulari ;;; Copyright © 2016, 2017 Efraim Flashner ;;; Copyright © 2016 Tobias Geerinckx-Rice ;;; Copyright © 2016 Eric Bavier @@ -258,6 +259,7 @@ extracting icontainer icon files.") (define-public libtiff (package (name "libtiff") + (replacement libtiff/fixed) (version "4.0.7") (source (origin (method url-fetch) @@ -290,6 +292,28 @@ collection of tools for doing simple manipulations of TIFF images.") "See COPYRIGHT in the distribution.")) (home-page "http://www.simplesystems.org/libtiff/"))) +(define libtiff/fixed + (package + (inherit libtiff) + (source + (origin + (inherit (package-source libtiff)) + (patches (search-patches "libtiff-heap-overflow-tiffcp.patch" + "libtiff-null-dereference.patch" + "libtiff-heap-overflow-tif-dirread.patch" + "libtiff-heap-overflow-pixarlog-luv.patch" + "libtiff-divide-by-zero.patch" + "libtiff-divide-by-zero-ojpeg.patch" + "libtiff-tiffcp-underflow.patch" + "libtiff-invalid-read.patch" + "libtiff-CVE-2016-10092.patch" + "libtiff-heap-overflow-tiffcrop.patch" + "libtiff-divide-by-zero-tiffcrop.patch" + "libtiff-CVE-2016-10093.patch" + "libtiff-divide-by-zero-tiffcp.patch" + "libtiff-assertion-failure.patch" + "libtiff-CVE-2016-10094.patch")))))) + (define-public libwmf (package (name "libwmf") diff --git a/gnu/packages/patches/libtiff-CVE-2016-10092.patch b/gnu/packages/patches/libtiff-CVE-2016-10092.patch new file mode 100644 index 0000000000..d5fd796169 --- /dev/null +++ b/gnu/packages/patches/libtiff-CVE-2016-10092.patch @@ -0,0 +1,42 @@ +Fix CVE-2016-10092: + +http://bugzilla.maptools.org/show_bug.cgi?id=2620 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10092 +https://security-tracker.debian.org/tracker/CVE-2016-10092 + +2016-12-03 Even Rouault + + * tools/tiffcrop.c: fix readContigStripsIntoBuffer() in -i (ignore) + mode so that the output buffer is correctly incremented to avoid write + outside bounds. + Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2620 + +/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog +new revision: 1.1178; previous revision: 1.1177 +/cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v <-- tools/tiffcrop.c +new revision: 1.47; previous revision: 1.46 + +Index: libtiff/tools/tiffcrop.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v +retrieving revision 1.46 +retrieving revision 1.47 +diff -u -r1.46 -r1.47 +--- libtiff/tools/tiffcrop.c 18 Nov 2016 14:58:46 -0000 1.46 ++++ libtiff/tools/tiffcrop.c 3 Dec 2016 11:35:56 -0000 1.47 +@@ -1,4 +1,4 @@ +-/* $Id: tiffcrop.c,v 1.46 2016-11-18 14:58:46 erouault Exp $ */ ++/* $Id: tiffcrop.c,v 1.47 2016-12-03 11:35:56 erouault Exp $ */ + + /* tiffcrop.c -- a port of tiffcp.c extended to include manipulations of + * the image data through additional options listed below +@@ -3698,7 +3698,7 @@ + (unsigned long) strip, (unsigned long)rows); + return 0; + } +- bufp += bytes_read; ++ bufp += stripsize; + } + + return 1; diff --git a/gnu/packages/patches/libtiff-CVE-2016-10093.patch b/gnu/packages/patches/libtiff-CVE-2016-10093.patch new file mode 100644 index 0000000000..5897ec1029 --- /dev/null +++ b/gnu/packages/patches/libtiff-CVE-2016-10093.patch @@ -0,0 +1,53 @@ +Fix CVE-2016-10093: + +http://bugzilla.maptools.org/show_bug.cgi?id=2610 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10093 +https://security-tracker.debian.org/tracker/CVE-2016-10093 + +2016-12-03 Even Rouault + + * tools/tiffcp.c: fix uint32 underflow/overflow that can cause + heap-based buffer overflow. + Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2610 + +/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog +new revision: 1.1187; previous revision: 1.1186 +/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v <-- tools/tiffcp.c +new revision: 1.59; previous revision: 1.58 + +Index: libtiff/tools/tiffcp.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v +retrieving revision 1.58 +retrieving revision 1.59 +diff -u -r1.58 -r1.59 +--- libtiff/tools/tiffcp.c 3 Dec 2016 15:44:15 -0000 1.58 ++++ libtiff/tools/tiffcp.c 3 Dec 2016 16:40:01 -0000 1.59 +@@ -1163,7 +1163,7 @@ + + static void + cpStripToTile(uint8* out, uint8* in, +- uint32 rows, uint32 cols, int outskew, int inskew) ++ uint32 rows, uint32 cols, int outskew, int64 inskew) + { + while (rows-- > 0) { + uint32 j = cols; +@@ -1320,7 +1320,7 @@ + tdata_t tilebuf; + uint32 imagew = TIFFScanlineSize(in); + uint32 tilew = TIFFTileRowSize(in); +- int iskew = imagew - tilew; ++ int64 iskew = (int64)imagew - (int64)tilew; + uint8* bufp = (uint8*) buf; + uint32 tw, tl; + uint32 row; +@@ -1348,7 +1348,7 @@ + status = 0; + goto done; + } +- if (colb + tilew > imagew) { ++ if (colb > iskew) { + uint32 width = imagew - colb; + uint32 oskew = tilew - width; + cpStripToTile(bufp + colb, diff --git a/gnu/packages/patches/libtiff-CVE-2016-10094.patch b/gnu/packages/patches/libtiff-CVE-2016-10094.patch new file mode 100644 index 0000000000..9018773565 --- /dev/null +++ b/gnu/packages/patches/libtiff-CVE-2016-10094.patch @@ -0,0 +1,34 @@ +Fix CVE-2016-10094: + +http://bugzilla.maptools.org/show_bug.cgi?id=2640 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10094 +https://security-tracker.debian.org/tracker/CVE-2016-10094 + +2016-12-20 Even Rouault + + * tools/tiff2pdf.c: avoid potential heap-based overflow in + t2p_readwrite_pdf_image_tile(). + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2640 + +/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog +new revision: 1.1199; previous revision: 1.1198 +/cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v <-- tools/tiff2pdf.c +new revision: 1.101; previous revision: 1.100 + +Index: libtiff/tools/tiff2pdf.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v +retrieving revision 1.100 +retrieving revision 1.101 +diff -u -r1.100 -r1.101 +--- libtiff/tools/tiff2pdf.c 20 Dec 2016 17:24:35 -0000 1.100 ++++ libtiff/tools/tiff2pdf.c 20 Dec 2016 17:28:17 -0000 1.101 +@@ -2895,7 +2895,7 @@ + return(0); + } + if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) { +- if (count >= 4) { ++ if (count > 4) { + int retTIFFReadRawTile; + /* Ignore EOI marker of JpegTables */ + _TIFFmemcpy(buffer, jpt, count - 2); diff --git a/gnu/packages/patches/libtiff-assertion-failure.patch b/gnu/packages/patches/libtiff-assertion-failure.patch new file mode 100644 index 0000000000..ef747fbdd7 --- /dev/null +++ b/gnu/packages/patches/libtiff-assertion-failure.patch @@ -0,0 +1,60 @@ +Fix assertion failure in readSeparateTilesIntoBuffer(): + +http://bugzilla.maptools.org/show_bug.cgi?id=2605 + +2016-12-03 Even Rouault + + * tools/tiffcp.c: replace assert( (bps % 8) == 0 ) by a non assert +check. + Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2605 + +/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog +new revision: 1.1188; previous revision: 1.1187 +/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v <-- tools/tiffcp.c +new revision: 1.60; previous revision: 1.59 + +Index: libtiff/tools/tiffcp.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v +retrieving revision 1.59 +retrieving revision 1.60 +diff -u -r1.59 -r1.60 +--- libtiff/tools/tiffcp.c 3 Dec 2016 16:40:01 -0000 1.59 ++++ libtiff/tools/tiffcp.c 3 Dec 2016 16:50:02 -0000 1.60 +@@ -45,7 +45,6 @@ + #include + + #include +-#include + + #ifdef HAVE_UNISTD_H + # include +@@ -1393,7 +1392,12 @@ + status = 0; + goto done; + } +- assert( bps % 8 == 0 ); ++ if( (bps % 8) != 0 ) ++ { ++ TIFFError(TIFFFileName(in), "Error, cannot handle BitsPerSample that is not a multiple of 8"); ++ status = 0; ++ goto done; ++ } + bytes_per_sample = bps/8; + + for (row = 0; row < imagelength; row += tl) { +@@ -1584,7 +1588,12 @@ + _TIFFfree(obuf); + return 0; + } +- assert( bps % 8 == 0 ); ++ if( (bps % 8) != 0 ) ++ { ++ TIFFError(TIFFFileName(out), "Error, cannot handle BitsPerSample that is not a multiple of 8"); ++ _TIFFfree(obuf); ++ return 0; ++ } + bytes_per_sample = bps/8; + + for (row = 0; row < imagelength; row += tl) { diff --git a/gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch b/gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch new file mode 100644 index 0000000000..2a96b68521 --- /dev/null +++ b/gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch @@ -0,0 +1,63 @@ +Fix divide-by-zero in OJPEGDecodeRaw(): + +http://bugzilla.maptools.org/show_bug.cgi?id=2611 + +2016-12-03 Even Rouault + + * libtiff/tif_ojpeg.c: make OJPEGDecode() early exit in case of failure +in + OJPEGPreDecode(). This will avoid a divide by zero, and potential other +issues. + Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2611 + +/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog +new revision: 1.1177; previous revision: 1.1176 +/cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v <-- libtiff/tif_ojpeg.c +new revision: 1.66; previous revision: 1.65 + +Index: libtiff/libtiff/tif_ojpeg.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v +retrieving revision 1.65 +retrieving revision 1.66 +diff -u -r1.65 -r1.66 +--- libtiff/libtiff/tif_ojpeg.c 4 Sep 2016 21:32:56 -0000 1.65 ++++ libtiff/libtiff/tif_ojpeg.c 3 Dec 2016 11:15:18 -0000 1.66 +@@ -1,4 +1,4 @@ +-/* $Id: tif_ojpeg.c,v 1.65 2016-09-04 21:32:56 erouault Exp $ */ ++/* $Id: tif_ojpeg.c,v 1.66 2016-12-03 11:15:18 erouault Exp $ */ + + /* WARNING: The type of JPEG encapsulation defined by the TIFF Version 6.0 + specification is now totally obsolete and deprecated for new applications and +@@ -244,6 +244,7 @@ + + typedef struct { + TIFF* tif; ++ int decoder_ok; + #ifndef LIBJPEG_ENCAP_EXTERNAL + JMP_BUF exit_jmpbuf; + #endif +@@ -722,6 +723,7 @@ + } + sp->write_curstrile++; + } ++ sp->decoder_ok = 1; + return(1); + } + +@@ -784,8 +786,14 @@ + static int + OJPEGDecode(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s) + { ++ static const char module[]="OJPEGDecode"; + OJPEGState* sp=(OJPEGState*)tif->tif_data; + (void)s; ++ if( !sp->decoder_ok ) ++ { ++ TIFFErrorExt(tif->tif_clientdata,module,"Cannot decode: decoder not correctly initialized"); ++ return 0; ++ } + if (sp->libjpeg_jpeg_query_style==0) + { + if (OJPEGDecodeRaw(tif,buf,cc)==0) diff --git a/gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch b/gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch new file mode 100644 index 0000000000..d3f1c2b60e --- /dev/null +++ b/gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch @@ -0,0 +1,104 @@ +Fix two divide-by-zero bugs in readSeparateTilesIntoBuffer(): + +http://bugzilla.maptools.org/show_bug.cgi?id=2597 +http://bugzilla.maptools.org/show_bug.cgi?id=2607 + +2016-12-03 Even Rouault + + * tools/tiffcp.c: avoid potential division by zero is BitsPerSamples +tag is + missing. + Reported by Agostino sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2597 + +/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog +new revision: 1.1183; previous revision: 1.1182 +/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v <-- tools/tiffcp.c +new revision: 1.57; previous revision: 1.56 + +Index: libtiff/tools/tiffcp.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v +retrieving revision 1.56 +retrieving revision 1.57 +diff -u -r1.56 -r1.57 +--- libtiff/tools/tiffcp.c 2 Dec 2016 22:13:32 -0000 1.56 ++++ libtiff/tools/tiffcp.c 3 Dec 2016 14:42:40 -0000 1.57 +@@ -1,4 +1,4 @@ +-/* $Id: tiffcp.c,v 1.56 2016-12-02 22:13:32 erouault Exp $ */ ++/* $Id: tiffcp.c,v 1.57 2016-12-03 14:42:40 erouault Exp $ */ + + /* + * Copyright (c) 1988-1997 Sam Leffler +@@ -1378,7 +1378,7 @@ + uint8* bufp = (uint8*) buf; + uint32 tw, tl; + uint32 row; +- uint16 bps, bytes_per_sample; ++ uint16 bps = 0, bytes_per_sample; + + tilebuf = _TIFFmalloc(tilesize); + if (tilebuf == 0) +@@ -1387,6 +1387,12 @@ + (void) TIFFGetField(in, TIFFTAG_TILEWIDTH, &tw); + (void) TIFFGetField(in, TIFFTAG_TILELENGTH, &tl); + (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps); ++ if( bps == 0 ) ++ { ++ TIFFError(TIFFFileName(in), "Error, cannot read BitsPerSample"); ++ status = 0; ++ goto done; ++ } + assert( bps % 8 == 0 ); + bytes_per_sample = bps/8; + +2016-12-03 Even Rouault + + * tools/tiffcp.c: avoid potential division by zero is BitsPerSamples +tag is + missing. + Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2607 + + +/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog +new revision: 1.1186; previous revision: 1.1185 +/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v <-- tools/tiffcp.c +new revision: 1.58; previous revision: 1.57 + +Index: libtiff/tools/tiffcp.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v +retrieving revision 1.57 +retrieving revision 1.58 +diff -u -r1.57 -r1.58 +--- libtiff/tools/tiffcp.c 3 Dec 2016 14:42:40 -0000 1.57 ++++ libtiff/tools/tiffcp.c 3 Dec 2016 15:44:15 -0000 1.58 +@@ -1,4 +1,4 @@ +-/* $Id: tiffcp.c,v 1.57 2016-12-03 14:42:40 erouault Exp $ */ ++/* $Id: tiffcp.c,v 1.58 2016-12-03 15:44:15 erouault Exp $ */ + + /* + * Copyright (c) 1988-1997 Sam Leffler +@@ -1569,7 +1569,7 @@ + uint8* bufp = (uint8*) buf; + uint32 tl, tw; + uint32 row; +- uint16 bps, bytes_per_sample; ++ uint16 bps = 0, bytes_per_sample; + + obuf = _TIFFmalloc(TIFFTileSize(out)); + if (obuf == NULL) +@@ -1578,6 +1578,12 @@ + (void) TIFFGetField(out, TIFFTAG_TILELENGTH, &tl); + (void) TIFFGetField(out, TIFFTAG_TILEWIDTH, &tw); + (void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps); ++ if( bps == 0 ) ++ { ++ TIFFError(TIFFFileName(out), "Error, cannot read BitsPerSample"); ++ _TIFFfree(obuf); ++ return 0; ++ } + assert( bps % 8 == 0 ); + bytes_per_sample = bps/8; + diff --git a/gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch b/gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch new file mode 100644 index 0000000000..823293f1cf --- /dev/null +++ b/gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch @@ -0,0 +1,57 @@ +Fix divide-by-zero in readSeparateStripsIntoBuffer(): + +http://bugzilla.maptools.org/show_bug.cgi?id=2619 + +2016-12-03 Even Rouault + + * tools/tiffcrop.c: fix integer division by zero when BitsPerSample is +missing. + Reported by Agostina Sarubo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2619 + +/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog +new revision: 1.1180; previous revision: 1.1179 +/cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v <-- tools/tiffcrop.c +new revision: 1.49; previous revision: 1.48 + +Index: libtiff/tools/tiffcrop.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v +retrieving revision 1.48 +retrieving revision 1.49 +diff -u -r1.48 -r1.49 +--- libtiff/tools/tiffcrop.c 3 Dec 2016 12:19:32 -0000 1.48 ++++ libtiff/tools/tiffcrop.c 3 Dec 2016 13:00:04 -0000 1.49 +@@ -1,4 +1,4 @@ +-/* $Id: tiffcrop.c,v 1.48 2016-12-03 12:19:32 erouault Exp $ */ ++/* $Id: tiffcrop.c,v 1.49 2016-12-03 13:00:04 erouault Exp $ */ + + /* tiffcrop.c -- a port of tiffcp.c extended to include manipulations of + * the image data through additional options listed below +@@ -1164,7 +1164,7 @@ + tdata_t obuf; + + (void) TIFFGetFieldDefaulted(out, TIFFTAG_ROWSPERSTRIP, &rowsperstrip); +- (void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps); ++ (void) TIFFGetFieldDefaulted(out, TIFFTAG_BITSPERSAMPLE, &bps); + bytes_per_sample = (bps + 7) / 8; + if( width == 0 || + (uint32)bps * (uint32)spp > TIFF_UINT32_MAX / width || +@@ -4760,7 +4760,7 @@ + int i, bytes_per_sample, bytes_per_pixel, shift_width, result = 1; + uint32 j; + int32 bytes_read = 0; +- uint16 bps, planar; ++ uint16 bps = 0, planar; + uint32 nstrips; + uint32 strips_per_sample; + uint32 src_rowsize, dst_rowsize, rows_processed, rps; +@@ -4780,7 +4780,7 @@ + } + + memset (srcbuffs, '\0', sizeof(srcbuffs)); +- TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps); ++ TIFFGetFieldDefaulted(in, TIFFTAG_BITSPERSAMPLE, &bps); + TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &planar); + TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rps); + if (rps > length) diff --git a/gnu/packages/patches/libtiff-divide-by-zero.patch b/gnu/packages/patches/libtiff-divide-by-zero.patch new file mode 100644 index 0000000000..6dbd4666cd --- /dev/null +++ b/gnu/packages/patches/libtiff-divide-by-zero.patch @@ -0,0 +1,67 @@ +Fix an integer overflow in TIFFReadEncodedStrip() that led to division-by-zero: + +http://bugzilla.maptools.org/show_bug.cgi?id=2596 + +2016-12-02 Even Rouault + + * libtiff/tif_read.c, libtiff/tiffiop.h: fix uint32 overflow in + TIFFReadEncodedStrip() that caused an integer division by zero. + Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2596 + + +/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog +new revision: 1.1173; previous revision: 1.1172 +/cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v <-- libtiff/tif_read.c +new revision: 1.50; previous revision: 1.49 +/cvs/maptools/cvsroot/libtiff/libtiff/tiffiop.h,v <-- libtiff/tiffiop.h +new revision: 1.90; previous revision: 1.89 + +Index: libtiff/libtiff/tif_read.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v +retrieving revision 1.49 +retrieving revision 1.50 +diff -u -r1.49 -r1.50 +--- libtiff/libtiff/tif_read.c 10 Jul 2016 18:00:21 -0000 1.49 ++++ libtiff/libtiff/tif_read.c 2 Dec 2016 21:56:56 -0000 1.50 +@@ -1,4 +1,4 @@ +-/* $Id: tif_read.c,v 1.49 2016-07-10 18:00:21 erouault Exp $ */ ++/* $Id: tif_read.c,v 1.50 2016-12-02 21:56:56 erouault Exp $ */ + + /* + * Copyright (c) 1988-1997 Sam Leffler +@@ -346,7 +346,7 @@ + rowsperstrip=td->td_rowsperstrip; + if (rowsperstrip>td->td_imagelength) + rowsperstrip=td->td_imagelength; +- stripsperplane=((td->td_imagelength+rowsperstrip-1)/rowsperstrip); ++ stripsperplane= TIFFhowmany_32_maxuint_compat(td->td_imagelength, rowsperstrip); + stripinplane=(strip%stripsperplane); + plane=(uint16)(strip/stripsperplane); + rows=td->td_imagelength-stripinplane*rowsperstrip; +Index: libtiff/libtiff/tiffiop.h +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tiffiop.h,v +retrieving revision 1.89 +retrieving revision 1.90 +diff -u -r1.89 -r1.90 +--- libtiff/libtiff/tiffiop.h 23 Jan 2016 21:20:34 -0000 1.89 ++++ libtiff/libtiff/tiffiop.h 2 Dec 2016 21:56:56 -0000 1.90 +@@ -1,4 +1,4 @@ +-/* $Id: tiffiop.h,v 1.89 2016-01-23 21:20:34 erouault Exp $ */ ++/* $Id: tiffiop.h,v 1.90 2016-12-02 21:56:56 erouault Exp $ */ + + /* + * Copyright (c) 1988-1997 Sam Leffler +@@ -250,6 +250,10 @@ + #define TIFFhowmany_32(x, y) (((uint32)x < (0xffffffff - (uint32)(y-1))) ? \ + ((((uint32)(x))+(((uint32)(y))-1))/((uint32)(y))) : \ + 0U) ++/* Variant of TIFFhowmany_32() that doesn't return 0 if x close to MAXUINT. */ ++/* Caution: TIFFhowmany_32_maxuint_compat(x,y)*y might overflow */ ++#define TIFFhowmany_32_maxuint_compat(x, y) \ ++ (((uint32)(x) / (uint32)(y)) + ((((uint32)(x) % (uint32)(y)) != 0) ? 1 : 0)) + #define TIFFhowmany8_32(x) (((x)&0x07)?((uint32)(x)>>3)+1:(uint32)(x)>>3) + #define TIFFroundup_32(x, y) (TIFFhowmany_32(x,y)*(y)) + #define TIFFhowmany_64(x, y) ((((uint64)(x))+(((uint64)(y))-1))/((uint64)(y))) diff --git a/gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch b/gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch new file mode 100644 index 0000000000..2d5e23586d --- /dev/null +++ b/gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch @@ -0,0 +1,131 @@ +Fix heap-based buffer overflow in _TIFFmemcpy(): + +http://bugzilla.maptools.org/show_bug.cgi?id=2604 + +2016-12-03 Even Rouault + + * libtiff/tif_pixarlog.c, libtiff/tif_luv.c: fix heap-based buffer + overflow on generation of PixarLog / LUV compressed files, with + ColorMap, TransferFunction attached and nasty plays with bitspersample. + The fix for LUV has not been tested, but suffers from the same kind + of issue of PixarLog. + Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2604 + +/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog +new revision: 1.1175; previous revision: 1.1174 +/cvs/maptools/cvsroot/libtiff/libtiff/tif_luv.c,v <-- libtiff/tif_luv.c +new revision: 1.44; previous revision: 1.43 +/cvs/maptools/cvsroot/libtiff/libtiff/tif_pixarlog.c,v <-- +libtiff/tif_pixarlog.c +new revision: 1.49; previous revision: 1.48 + +Index: libtiff/libtiff/tif_luv.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_luv.c,v +retrieving revision 1.43 +retrieving revision 1.44 +diff -u -r1.43 -r1.44 +--- libtiff/libtiff/tif_luv.c 4 Sep 2016 21:32:56 -0000 1.43 ++++ libtiff/libtiff/tif_luv.c 2 Dec 2016 23:05:51 -0000 1.44 +@@ -1,4 +1,4 @@ +-/* $Id: tif_luv.c,v 1.43 2016-09-04 21:32:56 erouault Exp $ */ ++/* $Id: tif_luv.c,v 1.44 2016-12-02 23:05:51 erouault Exp $ */ + + /* + * Copyright (c) 1997 Greg Ward Larson +@@ -158,6 +158,7 @@ + typedef struct logLuvState LogLuvState; + + struct logLuvState { ++ int encoder_state; /* 1 if encoder correctly initialized */ + int user_datafmt; /* user data format */ + int encode_meth; /* encoding method */ + int pixel_size; /* bytes per pixel */ +@@ -1552,6 +1553,7 @@ + td->td_photometric, "must be either LogLUV or LogL"); + break; + } ++ sp->encoder_state = 1; + return (1); + notsupported: + TIFFErrorExt(tif->tif_clientdata, module, +@@ -1563,19 +1565,27 @@ + static void + LogLuvClose(TIFF* tif) + { ++ LogLuvState* sp = (LogLuvState*) tif->tif_data; + TIFFDirectory *td = &tif->tif_dir; + ++ assert(sp != 0); + /* + * For consistency, we always want to write out the same + * bitspersample and sampleformat for our TIFF file, + * regardless of the data format being used by the application. + * Since this routine is called after tags have been set but + * before they have been recorded in the file, we reset them here. ++ * Note: this is really a nasty approach. See PixarLogClose + */ +- td->td_samplesperpixel = +- (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3; +- td->td_bitspersample = 16; +- td->td_sampleformat = SAMPLEFORMAT_INT; ++ if( sp->encoder_state ) ++ { ++ /* See PixarLogClose. Might avoid issues with tags whose size depends ++ * on those below, but not completely sure this is enough. */ ++ td->td_samplesperpixel = ++ (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3; ++ td->td_bitspersample = 16; ++ td->td_sampleformat = SAMPLEFORMAT_INT; ++ } + } + + static void +Index: libtiff/libtiff/tif_pixarlog.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_pixarlog.c,v +retrieving revision 1.48 +retrieving revision 1.49 +diff -u -r1.48 -r1.49 +--- libtiff/libtiff/tif_pixarlog.c 23 Sep 2016 22:12:18 -0000 1.48 ++++ libtiff/libtiff/tif_pixarlog.c 2 Dec 2016 23:05:51 -0000 1.49 +@@ -1,4 +1,4 @@ +-/* $Id: tif_pixarlog.c,v 1.48 2016-09-23 22:12:18 erouault Exp $ */ ++/* $Id: tif_pixarlog.c,v 1.49 2016-12-02 23:05:51 erouault Exp $ */ + + /* + * Copyright (c) 1996-1997 Sam Leffler +@@ -1233,8 +1233,10 @@ + static void + PixarLogClose(TIFF* tif) + { ++ PixarLogState* sp = (PixarLogState*) tif->tif_data; + TIFFDirectory *td = &tif->tif_dir; + ++ assert(sp != 0); + /* In a really sneaky (and really incorrect, and untruthful, and + * troublesome, and error-prone) maneuver that completely goes against + * the spirit of TIFF, and breaks TIFF, on close, we covertly +@@ -1243,8 +1245,19 @@ + * readers that don't know about PixarLog, or how to set + * the PIXARLOGDATFMT pseudo-tag. + */ +- td->td_bitspersample = 8; +- td->td_sampleformat = SAMPLEFORMAT_UINT; ++ ++ if (sp->state&PLSTATE_INIT) { ++ /* We test the state to avoid an issue such as in ++ * http://bugzilla.maptools.org/show_bug.cgi?id=2604 ++ * What appends in that case is that the bitspersample is 1 and ++ * a TransferFunction is set. The size of the TransferFunction ++ * depends on 1<td_bitspersample = 8; ++ td->td_sampleformat = SAMPLEFORMAT_UINT; ++ } + } + + static void diff --git a/gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch b/gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch new file mode 100644 index 0000000000..68889b121b --- /dev/null +++ b/gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch @@ -0,0 +1,132 @@ +Fix heap-based buffer overflow in TIFFFillStrip(): + +http://bugzilla.maptools.org/show_bug.cgi?id=2608 + +2016-12-03 Even Rouault + + * libtiff/tif_dirread.c: modify ChopUpSingleUncompressedStrip() to + instanciate compute ntrips as TIFFhowmany_32(td->td_imagelength, +rowsperstrip), + instead of a logic based on the total size of data. Which is faulty is + the total size of data is not sufficient to fill the whole image, and +thus + results in reading outside of the StripByCounts/StripOffsets arrays +when + using TIFFReadScanline(). + Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2608. + + * libtiff/tif_strip.c: revert the change in TIFFNumberOfStrips() done + for http://bugzilla.maptools.org/show_bug.cgi?id=2587 / CVE-2016-9273 +since + the above change is a better fix that makes it unnecessary. + +/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog +new revision: 1.1176; previous revision: 1.1175 +/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v <-- +libtiff/tif_dirread.c +new revision: 1.205; previous revision: 1.204 +/cvs/maptools/cvsroot/libtiff/libtiff/tif_strip.c,v <-- libtiff/tif_strip.c +new revision: 1.38; previous revision: 1.37 + +Index: libtiff/libtiff/tif_dirread.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v +retrieving revision 1.204 +retrieving revision 1.205 +diff -u -r1.204 -r1.205 +--- libtiff/libtiff/tif_dirread.c 16 Nov 2016 15:14:15 -0000 1.204 ++++ libtiff/libtiff/tif_dirread.c 3 Dec 2016 11:02:15 -0000 1.205 +@@ -1,4 +1,4 @@ +-/* $Id: tif_dirread.c,v 1.204 2016-11-16 15:14:15 erouault Exp $ */ ++/* $Id: tif_dirread.c,v 1.205 2016-12-03 11:02:15 erouault Exp $ */ + + /* + * Copyright (c) 1988-1997 Sam Leffler +@@ -5502,8 +5502,7 @@ + uint64 rowblockbytes; + uint64 stripbytes; + uint32 strip; +- uint64 nstrips64; +- uint32 nstrips32; ++ uint32 nstrips; + uint32 rowsperstrip; + uint64* newcounts; + uint64* newoffsets; +@@ -5534,18 +5533,17 @@ + return; + + /* +- * never increase the number of strips in an image ++ * never increase the number of rows per strip + */ + if (rowsperstrip >= td->td_rowsperstrip) + return; +- nstrips64 = TIFFhowmany_64(bytecount, stripbytes); +- if ((nstrips64==0)||(nstrips64>0xFFFFFFFF)) /* something is wonky, do nothing. */ +- return; +- nstrips32 = (uint32)nstrips64; ++ nstrips = TIFFhowmany_32(td->td_imagelength, rowsperstrip); ++ if( nstrips == 0 ) ++ return; + +- newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64), ++ newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64), + "for chopped \"StripByteCounts\" array"); +- newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64), ++ newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64), + "for chopped \"StripOffsets\" array"); + if (newcounts == NULL || newoffsets == NULL) { + /* +@@ -5562,18 +5560,18 @@ + * Fill the strip information arrays with new bytecounts and offsets + * that reflect the broken-up format. + */ +- for (strip = 0; strip < nstrips32; strip++) { ++ for (strip = 0; strip < nstrips; strip++) { + if (stripbytes > bytecount) + stripbytes = bytecount; + newcounts[strip] = stripbytes; +- newoffsets[strip] = offset; ++ newoffsets[strip] = stripbytes ? offset : 0; + offset += stripbytes; + bytecount -= stripbytes; + } + /* + * Replace old single strip info with multi-strip info. + */ +- td->td_stripsperimage = td->td_nstrips = nstrips32; ++ td->td_stripsperimage = td->td_nstrips = nstrips; + TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, rowsperstrip); + + _TIFFfree(td->td_stripbytecount); +Index: libtiff/libtiff/tif_strip.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_strip.c,v +retrieving revision 1.37 +retrieving revision 1.38 +diff -u -r1.37 -r1.38 +--- libtiff/libtiff/tif_strip.c 9 Nov 2016 23:00:49 -0000 1.37 ++++ libtiff/libtiff/tif_strip.c 3 Dec 2016 11:02:15 -0000 1.38 +@@ -1,4 +1,4 @@ +-/* $Id: tif_strip.c,v 1.37 2016-11-09 23:00:49 erouault Exp $ */ ++/* $Id: tif_strip.c,v 1.38 2016-12-03 11:02:15 erouault Exp $ */ + + /* + * Copyright (c) 1991-1997 Sam Leffler +@@ -63,15 +63,6 @@ + TIFFDirectory *td = &tif->tif_dir; + uint32 nstrips; + +- /* If the value was already computed and store in td_nstrips, then return it, +- since ChopUpSingleUncompressedStrip might have altered and resized the +- since the td_stripbytecount and td_stripoffset arrays to the new value +- after the initial affectation of td_nstrips = TIFFNumberOfStrips() in +- tif_dirread.c ~line 3612. +- See http://bugzilla.maptools.org/show_bug.cgi?id=2587 */ +- if( td->td_nstrips ) +- return td->td_nstrips; +- + nstrips = (td->td_rowsperstrip == (uint32) -1 ? 1 : + TIFFhowmany_32(td->td_imagelength, td->td_rowsperstrip)); + if (td->td_planarconfig == PLANARCONFIG_SEPARATE) diff --git a/gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch b/gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch new file mode 100644 index 0000000000..f0fef08bf3 --- /dev/null +++ b/gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch @@ -0,0 +1,67 @@ +Fix heap buffer overflow in tiffcp when parsing number of inks: + +http://bugzilla.maptools.org/show_bug.cgi?id=2599 + +2016-12-03 Even Rouault + + * tools/tif_dir.c: when TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) is +called, + limit the return number of inks to SamplesPerPixel, so that code that +parses + ink names doesn't go past the end of the buffer. + Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2599 + + +/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog +new revision: 1.1184; previous revision: 1.1183 +/cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.c,v <-- libtiff/tif_dir.c +new revision: 1.128; previous revision: 1.127 + +Index: libtiff/libtiff/tif_dir.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.c,v +retrieving revision 1.127 +retrieving revision 1.128 +diff -u -r1.127 -r1.128 +--- libtiff/libtiff/tif_dir.c 25 Oct 2016 21:35:15 -0000 1.127 ++++ libtiff/libtiff/tif_dir.c 3 Dec 2016 15:30:31 -0000 1.128 +@@ -1,4 +1,4 @@ +-/* $Id: tif_dir.c,v 1.127 2016-10-25 21:35:15 erouault Exp $ */ ++/* $Id: tif_dir.c,v 1.128 2016-12-03 15:30:31 erouault Exp $ */ + + /* + * Copyright (c) 1988-1997 Sam Leffler +@@ -854,6 +854,32 @@ + if( fip == NULL ) /* cannot happen since TIFFGetField() already checks it */ + return 0; + ++ if( tag == TIFFTAG_NUMBEROFINKS ) ++ { ++ int i; ++ for (i = 0; i < td->td_customValueCount; i++) { ++ uint16 val; ++ TIFFTagValue *tv = td->td_customValues + i; ++ if (tv->info->field_tag != tag) ++ continue; ++ val = *(uint16 *)tv->value; ++ /* Truncate to SamplesPerPixel, since the */ ++ /* setting code for INKNAMES assume that there are SamplesPerPixel */ ++ /* inknames. */ ++ /* Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2599 */ ++ if( val > td->td_samplesperpixel ) ++ { ++ TIFFWarningExt(tif->tif_clientdata,"_TIFFVGetField", ++ "Truncating NumberOfInks from %u to %u", ++ val, td->td_samplesperpixel); ++ val = td->td_samplesperpixel; ++ } ++ *va_arg(ap, uint16*) = val; ++ return 1; ++ } ++ return 0; ++ } ++ + /* + * We want to force the custom code to be used for custom + * fields even if the tag happens to match a well known diff --git a/gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch b/gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch new file mode 100644 index 0000000000..8166c55758 --- /dev/null +++ b/gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch @@ -0,0 +1,60 @@ +Fix heap-based buffer overflow in combineSeparateSamples16bits(): + +http://bugzilla.maptools.org/show_bug.cgi?id=2621 + +2016-12-03 Even Rouault + + * tools/tiffcrop.c: add 3 extra bytes at end of strip buffer in + readSeparateStripsIntoBuffer() to avoid read outside of heap allocated +buffer. + Reported by Agostina Sarubo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2621 + +/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog +new revision: 1.1179; previous revision: 1.1178 +/cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v <-- tools/tiffcrop.c +new revision: 1.48; previous revision: 1.47 + +Index: libtiff/tools/tiffcrop.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v +retrieving revision 1.47 +retrieving revision 1.48 +diff -u -r1.47 -r1.48 +--- libtiff/tools/tiffcrop.c 3 Dec 2016 11:35:56 -0000 1.47 ++++ libtiff/tools/tiffcrop.c 3 Dec 2016 12:19:32 -0000 1.48 +@@ -1,4 +1,4 @@ +-/* $Id: tiffcrop.c,v 1.47 2016-12-03 11:35:56 erouault Exp $ */ ++/* $Id: tiffcrop.c,v 1.48 2016-12-03 12:19:32 erouault Exp $ */ + + /* tiffcrop.c -- a port of tiffcp.c extended to include manipulations of + * the image data through additional options listed below +@@ -4815,10 +4815,17 @@ + nstrips = TIFFNumberOfStrips(in); + strips_per_sample = nstrips /spp; + ++ /* Add 3 padding bytes for combineSeparateSamples32bits */ ++ if( (size_t) stripsize > 0xFFFFFFFFU - 3U ) ++ { ++ TIFFError("readSeparateStripsIntoBuffer", "Integer overflow when calculating buffer size."); ++ exit(-1); ++ } ++ + for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) + { + srcbuffs[s] = NULL; +- buff = _TIFFmalloc(stripsize); ++ buff = _TIFFmalloc(stripsize + 3); + if (!buff) + { + TIFFError ("readSeparateStripsIntoBuffer", +@@ -4827,6 +4834,9 @@ + _TIFFfree (srcbuffs[i]); + return 0; + } ++ buff[stripsize] = 0; ++ buff[stripsize+1] = 0; ++ buff[stripsize+2] = 0; + srcbuffs[s] = buff; + } + diff --git a/gnu/packages/patches/libtiff-invalid-read.patch b/gnu/packages/patches/libtiff-invalid-read.patch new file mode 100644 index 0000000000..92742d8757 --- /dev/null +++ b/gnu/packages/patches/libtiff-invalid-read.patch @@ -0,0 +1,64 @@ +Fix invalid read in t2p_writeproc(): + +http://bugzilla.maptools.org/show_bug.cgi?id=2639 + +2016-12-20 Even Rouault + + * tools/tiff2pdf.c: avoid potential invalid memory read in + t2p_writeproc. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2639 + + +/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog +new revision: 1.1198; previous revision: 1.1197 +/cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v <-- tools/tiff2pdf.c +new revision: 1.100; previous revision: 1.99 + +Index: libtiff/tools/tiff2pdf.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v +retrieving revision 1.99 +retrieving revision 1.100 +diff -u -r1.99 -r1.100 +--- libtiff/tools/tiff2pdf.c 20 Dec 2016 17:13:26 -0000 1.99 ++++ libtiff/tools/tiff2pdf.c 20 Dec 2016 17:24:35 -0000 1.100 +@@ -2896,6 +2896,7 @@ + } + if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) { + if (count >= 4) { ++ int retTIFFReadRawTile; + /* Ignore EOI marker of JpegTables */ + _TIFFmemcpy(buffer, jpt, count - 2); + bufferoffset += count - 2; +@@ -2903,22 +2904,23 @@ + table_end[0] = buffer[bufferoffset-2]; + table_end[1] = buffer[bufferoffset-1]; + xuint32 = bufferoffset; +- bufferoffset -= 2; +- bufferoffset += TIFFReadRawTile( ++ bufferoffset -= 2; ++ retTIFFReadRawTile= TIFFReadRawTile( + input, + tile, + (tdata_t) &(((unsigned char*)buffer)[bufferoffset]), + -1); ++ if( retTIFFReadRawTile < 0 ) ++ { ++ _TIFFfree(buffer); ++ t2p->t2p_error = T2P_ERR_ERROR; ++ return(0); ++ } ++ bufferoffset += retTIFFReadRawTile; + /* Overwrite SOI marker of image scan with previously */ + /* saved end of JpegTables */ + buffer[xuint32-2]=table_end[0]; + buffer[xuint32-1]=table_end[1]; +- } else { +- bufferoffset += TIFFReadRawTile( +- input, +- tile, +- (tdata_t) &(((unsigned char*)buffer)[bufferoffset]), +- -1); + } + } + t2pWriteFile(output, (tdata_t) buffer, bufferoffset); diff --git a/gnu/packages/patches/libtiff-null-dereference.patch b/gnu/packages/patches/libtiff-null-dereference.patch new file mode 100644 index 0000000000..8c6345b804 --- /dev/null +++ b/gnu/packages/patches/libtiff-null-dereference.patch @@ -0,0 +1,42 @@ +Fix NULL pointer dereference in TIFFReadRawData(): + +http://bugzilla.maptools.org/show_bug.cgi?id=2594 + + +2016-12-03 Even Rouault + + * tools/tiffinfo.c: fix null pointer dereference in -r mode when + * the +image has + no StripByteCount tag. + Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2594 + +/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog +new revision: 1.1182; previous revision: 1.1181 +/cvs/maptools/cvsroot/libtiff/tools/tiffinfo.c,v <-- tools/tiffinfo.c +new revision: 1.26; previous revision: 1.25 + +Index: libtiff/tools/tiffinfo.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffinfo.c,v +retrieving revision 1.25 +retrieving revision 1.26 +diff -u -r1.25 -r1.26 +--- libtiff/tools/tiffinfo.c 12 Nov 2016 20:06:05 -0000 1.25 ++++ libtiff/tools/tiffinfo.c 3 Dec 2016 14:18:49 -0000 1.26 +@@ -1,4 +1,4 @@ +-/* $Id: tiffinfo.c,v 1.25 2016-11-12 20:06:05 bfriesen Exp $ */ ++/* $Id: tiffinfo.c,v 1.26 2016-12-03 14:18:49 erouault Exp $ */ + + /* + * Copyright (c) 1988-1997 Sam Leffler +@@ -417,7 +417,7 @@ + uint64* stripbc=NULL; + + TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &stripbc); +- if (nstrips > 0) { ++ if (stripbc != NULL && nstrips > 0) { + uint32 bufsize = (uint32) stripbc[0]; + tdata_t buf = _TIFFmalloc(bufsize); + tstrip_t s; diff --git a/gnu/packages/patches/libtiff-tiffcp-underflow.patch b/gnu/packages/patches/libtiff-tiffcp-underflow.patch new file mode 100644 index 0000000000..5615cbb3e1 --- /dev/null +++ b/gnu/packages/patches/libtiff-tiffcp-underflow.patch @@ -0,0 +1,41 @@ +Fix a integer underflow in tiffcp that led to heap overflows in +TIFFReverseBits(): + +http://bugzilla.maptools.org/show_bug.cgi?id=2598 + +2016-12-02 Even Rouault + + * tools/tiffcp.c: avoid uint32 underflow in cpDecodedStrips that + can cause various issues, such as buffer overflows in the library. + Reported by Agostino Sarubbo. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2598 + + +/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog +new revision: 1.1174; previous revision: 1.1173 +/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v <-- tools/tiffcp.c +new revision: 1.56; previous revision: 1.55 + +Index: libtiff/tools/tiffcp.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v +retrieving revision 1.55 +retrieving revision 1.56 +diff -u -r1.55 -r1.56 +--- libtiff/tools/tiffcp.c 8 Oct 2016 15:54:57 -0000 1.55 ++++ libtiff/tools/tiffcp.c 2 Dec 2016 22:13:32 -0000 1.56 +@@ -1,4 +1,4 @@ +-/* $Id: tiffcp.c,v 1.55 2016-10-08 15:54:57 erouault Exp $ */ ++/* $Id: tiffcp.c,v 1.56 2016-12-02 22:13:32 erouault Exp $ */ + + /* + * Copyright (c) 1988-1997 Sam Leffler +@@ -985,7 +985,7 @@ + tstrip_t s, ns = TIFFNumberOfStrips(in); + uint32 row = 0; + _TIFFmemset(buf, 0, stripsize); +- for (s = 0; s < ns; s++) { ++ for (s = 0; s < ns && row < imagelength; s++) { + tsize_t cc = (row + rowsperstrip > imagelength) ? + TIFFVStripSize(in, imagelength - row) : stripsize; + if (TIFFReadEncodedStrip(in, s, buf, cc) < 0 -- cgit v1.2.3 From b0a567640cf66f396de3fb4a827f9cf8a7ee0abb Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Tue, 10 Jan 2017 15:27:44 -0500 Subject: gnu: cracklib: Fix buffer overflow. * gnu/packages/patches/cracklib-fix-buffer-overflow.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/password-utils.scm (cracklib)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/password-utils.scm | 3 +- .../patches/cracklib-fix-buffer-overflow.patch | 39 ++++++++++++++++++++++ 3 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/cracklib-fix-buffer-overflow.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index e34ae17796..21580a3870 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -511,6 +511,7 @@ dist_patch_DATA = \ %D%/packages/patches/cpio-CVE-2016-2037.patch \ %D%/packages/patches/cpufrequtils-fix-aclocal.patch \ %D%/packages/patches/cracklib-CVE-2016-6318.patch \ + %D%/packages/patches/cracklib-fix-buffer-overflow.patch \ %D%/packages/patches/crda-optional-gcrypt.patch \ %D%/packages/patches/crossmap-allow-system-pysam.patch \ %D%/packages/patches/csound-header-ordering.patch \ diff --git a/gnu/packages/password-utils.scm b/gnu/packages/password-utils.scm index f8111b2abf..cb8dacc3ea 100644 --- a/gnu/packages/password-utils.scm +++ b/gnu/packages/password-utils.scm @@ -173,7 +173,8 @@ and vice versa.") (uri (string-append "https://github.com/cracklib/cracklib/" "releases/download/" name "-" version "/" name "-" version ".tar.gz")) - (patches (search-patches "cracklib-CVE-2016-6318.patch")) + (patches (search-patches "cracklib-CVE-2016-6318.patch" + "cracklib-fix-buffer-overflow.patch")) (sha256 (base32 "0hrkb0prf7n92w6rxgq0ilzkk6rkhpys2cfqkrbzswp27na7dkqp")))) diff --git a/gnu/packages/patches/cracklib-fix-buffer-overflow.patch b/gnu/packages/patches/cracklib-fix-buffer-overflow.patch new file mode 100644 index 0000000000..b1c990f282 --- /dev/null +++ b/gnu/packages/patches/cracklib-fix-buffer-overflow.patch @@ -0,0 +1,39 @@ +Fix buffer overflow processing long words in Mangle(). + +Patch adpated from upstream commit, omitting changes to 'NEWS': + +https://github.com/cracklib/cracklib/commit/33d7fa4585247cd2247a1ffa032ad245836c6edb + +From 33d7fa4585247cd2247a1ffa032ad245836c6edb Mon Sep 17 00:00:00 2001 +From: Jan Dittberner +Date: Thu, 25 Aug 2016 17:17:53 +0200 +Subject: [PATCH] Fix a buffer overflow processing long words + +A buffer overflow processing long words has been discovered. This commit +applies the patch from +https://build.opensuse.org/package/view_file/Base:System/cracklib/0004-overflow-processing-long-words.patch +by Howard Guo. + +See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835386 and +http://www.openwall.com/lists/oss-security/2016/08/23/8 +--- + src/NEWS | 1 + + src/lib/rules.c | 5 ++--- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/lib/rules.c b/src/lib/rules.c +index d193cc0..3a2aa46 100644 +--- a/lib/rules.c ++++ b/lib/rules.c +@@ -434,9 +434,8 @@ Mangle(input, control) /* returns a pointer to a controlled Mangle */ + { + int limit; + register char *ptr; +- static char area[STRINGSIZE]; +- char area2[STRINGSIZE]; +- area[0] = '\0'; ++ static char area[STRINGSIZE * 2] = {0}; ++ char area2[STRINGSIZE * 2] = {0}; + strcpy(area, input); + + for (ptr = control; *ptr; ptr++) -- cgit v1.2.3 From 54d8d0fef1a0224f118dbfad8fceece06d322eab Mon Sep 17 00:00:00 2001 From: John Darrington Date: Fri, 2 Dec 2016 17:25:34 +0100 Subject: gnu: Patch libxt's default search path. * gnu/packages/patches/libxt-guix-search-paths.patch: New file. * gnu/packages/xorg.scm (libxt) [source]: Add patch. --- gnu/packages/patches/libxt-guix-search-paths.patch | 126 +++++++++++++++++++++ gnu/packages/xorg.scm | 3 +- 2 files changed, 128 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/libxt-guix-search-paths.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/libxt-guix-search-paths.patch b/gnu/packages/patches/libxt-guix-search-paths.patch new file mode 100644 index 0000000000..c618f48da5 --- /dev/null +++ b/gnu/packages/patches/libxt-guix-search-paths.patch @@ -0,0 +1,126 @@ +--- libXt-1.1.5/src/Intrinsic.c 2015-05-01 07:36:20.000000000 +0200 ++++ Intrinsic.c 2016-12-12 00:42:16.567388450 +0100 +@@ -1303,21 +1303,101 @@ + } else (void) strcpy(*rest, string); + } + +-/* +- * default path used if environment variable XFILESEARCHPATH +- * is not defined. Also substitued for %D. +- * The exact value should be documented in the implementation +- * notes for any Xt implementation. ++ ++ ++/* ++ Return the default search path for the function ++ XtResolvePathname to use if XFILESEARCHPATH is ++ not defined. ++ ++ It returns the combination the set of values which are the 6 "stems" below, ++ prepended with "/run/current-system/profile", and $GUIX_PROFILE and ++ "$HOME/.guix-profile" ++ ++ These values provide the default paths where Guix/GuixSD can expect ++ to find resources for installed packages. + */ +-static const char *implementation_default_path(void) ++static const char *guix_default_path(void) + { +-#if defined(WIN32) +- static char xfilesearchpath[] = ""; +- +- return xfilesearchpath; +-#else +- return XFILESEARCHPATHDEFAULT; +-#endif ++ static const char *search_path_default_stem[] = { ++ "/lib/X11/%L/%T/%N%C%S", ++ "/lib/X11/%l/%T/%N%C%S", ++ "/lib/X11/%T/%N%C%S", ++ "/lib/X11/%L/%T/%N%S", ++ "/lib/X11/%l/%T/%N%S", ++ "/lib/X11/%T/%N%S" ++ }; ++ ++#define SIZEOF_STEMS (strlen (search_path_default_stem[0]) \ ++ + strlen (search_path_default_stem[1]) \ ++ + strlen (search_path_default_stem[2]) \ ++ + strlen (search_path_default_stem[3]) \ ++ + strlen (search_path_default_stem[4]) \ ++ + strlen (search_path_default_stem[5])) ++ ++ ++ int i; ++ const char *current_profile = "/run/current-system/profile"; ++ char *home = getenv ("HOME"); ++ char *guix_profile = getenv ("GUIX_PROFILE"); ++ ++ size_t bytesAllocd = SIZEOF_STEMS + 1; ++ ++ /* This function is evaluated multiple times and the calling ++ code assumes that it is idempotent. So we must not allow ++ (say) a changed environment variable to cause it to return ++ something different. */ ++ static char *path = NULL; ++ if (path) ++ return path; ++ ++ bytesAllocd += 6 * (1 + strlen (current_profile)); ++ ++ if (guix_profile != NULL) ++ { ++ bytesAllocd += SIZEOF_STEMS; ++ bytesAllocd += 6 * (1 + strlen (guix_profile)); ++ } ++ ++ if (home != NULL) ++ { ++ bytesAllocd += SIZEOF_STEMS; ++ bytesAllocd += 6 * (1 + strlen(home) + strlen ("/.guix-profile")); ++ } ++ ++ path = XtMalloc(bytesAllocd); ++ if (path == NULL) _XtAllocError(NULL); ++ ++ memset (path, 0, bytesAllocd); ++ ++ for (i = 0 ; i < 6 ; ++i) ++ { ++ strcat (path, current_profile); ++ strcat (path, search_path_default_stem[i]); ++ strcat (path, ":"); ++ } ++ ++ if (guix_profile != NULL) ++ for (i = 0 ; i < 6 ; ++i) ++ { ++ strcat (path, guix_profile); ++ strcat (path, search_path_default_stem[i]); ++ strcat (path, ":"); ++ } ++ ++ if (home != NULL) ++ for (i = 0 ; i < 6 ; ++i) ++ { ++ strcat (path, home); ++ strcat (path, "/.guix-profile"); ++ strcat (path, search_path_default_stem[i]); ++ strcat (path, ":"); ++ } ++ ++ /* Remove final : */ ++ path[strlen(path) - 1] = '\0'; ++ ++ return path; + } + + +@@ -1345,7 +1425,7 @@ + { + XtPerDisplay pd; + static const char *defaultPath = NULL; +- const char *impl_default = implementation_default_path(); ++ const char *impl_default = guix_default_path(); + int idef_len = strlen(impl_default); + char *massagedPath; + int bytesAllocd, bytesLeft; diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm index 3930d21617..c3df6ad323 100644 --- a/gnu/packages/xorg.scm +++ b/gnu/packages/xorg.scm @@ -5304,7 +5304,8 @@ draggable titlebars and borders.") ".tar.bz2")) (sha256 (base32 - "06lz6i7rbrp19kgikpaz4c97fw7n31k2h2aiikczs482g2zbdvj6")))) + "06lz6i7rbrp19kgikpaz4c97fw7n31k2h2aiikczs482g2zbdvj6")) + (patches (search-patches "libxt-guix-search-paths.patch")))) (build-system gnu-build-system) (outputs '("out" "doc")) ;2 MiB of man pages + XML -- cgit v1.2.3