diff options
author | Ludovic Courtès <ludo@gnu.org> | 2016-07-20 11:42:02 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2016-07-20 11:42:17 +0200 |
commit | 7575655212ecfbcd1f04e429c8a7a41f8720d027 (patch) | |
tree | 558982d3cf50ef6b19ef293850de1f485fde66a6 /gnu/packages/patches | |
parent | 5d4c90ae02f1e0b42d575bba2d828d63aaf79be5 (diff) | |
parent | 5f01078129f4eaa4760a14f22761cf357afb6738 (diff) | |
download | guix-7575655212ecfbcd1f04e429c8a7a41f8720d027.tar guix-7575655212ecfbcd1f04e429c8a7a41f8720d027.tar.gz |
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/avrdude-fix-libusb.patch | 256 | ||||
-rw-r--r-- | gnu/packages/patches/clang-3.8-libc-search-path.patch | 69 | ||||
-rw-r--r-- | gnu/packages/patches/gd-CVE-2016-5766.patch | 81 | ||||
-rw-r--r-- | gnu/packages/patches/gd-CVE-2016-6128.patch | 253 | ||||
-rw-r--r-- | gnu/packages/patches/gd-CVE-2016-6132.patch | 55 | ||||
-rw-r--r-- | gnu/packages/patches/gd-CVE-2016-6214.patch | 66 | ||||
-rw-r--r-- | gnu/packages/patches/gd-fix-test-on-i686.patch | 34 | ||||
-rw-r--r-- | gnu/packages/patches/gimp-CVE-2016-4994.patch | 96 | ||||
-rw-r--r-- | gnu/packages/patches/khmer-use-libraries.patch | 16 | ||||
-rw-r--r-- | gnu/packages/patches/libmtp-devices.patch | 554 | ||||
-rw-r--r-- | gnu/packages/patches/ninja-tests.patch | 34 | ||||
-rw-r--r-- | gnu/packages/patches/openimageio-boost-1.60.patch | 47 | ||||
-rw-r--r-- | gnu/packages/patches/python-dendropy-exclude-failing-tests.patch | 21 | ||||
-rw-r--r-- | gnu/packages/patches/sudo-CVE-2015-5602.patch | 372 |
14 files changed, 710 insertions, 1244 deletions
diff --git a/gnu/packages/patches/avrdude-fix-libusb.patch b/gnu/packages/patches/avrdude-fix-libusb.patch deleted file mode 100644 index 13d0eca91c..0000000000 --- a/gnu/packages/patches/avrdude-fix-libusb.patch +++ /dev/null @@ -1,256 +0,0 @@ -Avrdude cannot build with our version of libusb. This patch fixes that. -See http://savannah.nongnu.org/bugs/?41854 - -diff --git a/dfu.c b/dfu.c -index 7d349bc..0f80440 100644 ---- a/dfu.c -+++ b/dfu.c -@@ -36,13 +36,14 @@ - - #ifndef HAVE_LIBUSB - --int dfu_open(struct dfu_dev *dfu, char *port_name) { -+struct dfu_dev * dfu_open(char *port_spec) { - fprintf(stderr, "%s: Error: No USB support in this compile of avrdude\n", - progname); -- return -1; -+ return NULL; - } - --int dfu_init(struct dfu_dev *dfu, unsigned short usb_pid) { -+int dfu_init(struct dfu_dev *dfu, -+ unsigned short vid, unsigned short pid) { - return -1; - } - -diff --git a/flip1.c b/flip1.c -index b891d80..0959996 100644 ---- a/flip1.c -+++ b/flip1.c -@@ -164,6 +164,8 @@ static void flip1_setup(PROGRAMMER * pgm); - static void flip1_teardown(PROGRAMMER * pgm); - - /* INTERNAL PROGRAMMER FUNCTION PROTOTYPES */ -+#ifdef HAVE_LIBUSB -+// The internal ones are made conditional, as they're not defined further down #ifndef HAVE_LIBUSB - - static void flip1_show_info(struct flip1 *flip1); - -@@ -177,6 +179,8 @@ static const char * flip1_mem_unit_str(enum flip1_mem_unit mem_unit); - static int flip1_set_mem_page(struct dfu_dev *dfu, unsigned short page_addr); - static enum flip1_mem_unit flip1_mem_unit(const char *name); - -+#endif /* HAVE_LIBUSB */ -+ - /* THE INITPGM FUNCTION DEFINITIONS */ - - void flip1_initpgm(PROGRAMMER *pgm) -@@ -201,6 +205,7 @@ void flip1_initpgm(PROGRAMMER *pgm) - pgm->teardown = flip1_teardown; - } - -+#ifdef HAVE_LIBUSB - /* EXPORTED PROGRAMMER FUNCTION DEFINITIONS */ - - int flip1_open(PROGRAMMER *pgm, char *port_spec) -@@ -876,3 +881,82 @@ enum flip1_mem_unit flip1_mem_unit(const char *name) { - return FLIP1_MEM_UNIT_EEPROM; - return FLIP1_MEM_UNIT_UNKNOWN; - } -+#else /* HAVE_LIBUSB */ -+// Dummy functions -+int flip1_open(PROGRAMMER *pgm, char *port_spec) -+{ -+ fprintf(stderr, "%s: Error: No USB support in this compile of avrdude\n", -+ progname); -+ return NULL; -+} -+ -+int flip1_initialize(PROGRAMMER* pgm, AVRPART *part) -+{ -+ return -1; -+} -+ -+void flip1_close(PROGRAMMER* pgm) -+{ -+} -+ -+void flip1_enable(PROGRAMMER* pgm) -+{ -+} -+ -+void flip1_disable(PROGRAMMER* pgm) -+{ -+} -+ -+void flip1_display(PROGRAMMER* pgm, const char *prefix) -+{ -+} -+ -+int flip1_program_enable(PROGRAMMER* pgm, AVRPART *part) -+{ -+ return -1; -+} -+ -+int flip1_chip_erase(PROGRAMMER* pgm, AVRPART *part) -+{ -+ return -1; -+} -+ -+int flip1_read_byte(PROGRAMMER* pgm, AVRPART *part, AVRMEM *mem, -+ unsigned long addr, unsigned char *value) -+{ -+ return -1; -+} -+ -+int flip1_write_byte(PROGRAMMER* pgm, AVRPART *part, AVRMEM *mem, -+ unsigned long addr, unsigned char value) -+{ -+ return -1; -+} -+ -+int flip1_paged_load(PROGRAMMER* pgm, AVRPART *part, AVRMEM *mem, -+ unsigned int page_size, unsigned int addr, unsigned int n_bytes) -+{ -+ return -1; -+} -+ -+int flip1_paged_write(PROGRAMMER* pgm, AVRPART *part, AVRMEM *mem, -+ unsigned int page_size, unsigned int addr, unsigned int n_bytes) -+{ -+ return -1; -+} -+ -+int flip1_read_sig_bytes(PROGRAMMER* pgm, AVRPART *part, AVRMEM *mem) -+{ -+ return -1; -+} -+ -+void flip1_setup(PROGRAMMER * pgm) -+{ -+} -+ -+void flip1_teardown(PROGRAMMER * pgm) -+{ -+} -+ -+ -+#endif /* HAVE_LIBUSB */ -\ No newline at end of file - -diff --git a/flip2.c b/flip2.c -index ed8e996..16c4bf8 100644 ---- a/flip2.c -+++ b/flip2.c -@@ -151,6 +151,8 @@ static void flip2_setup(PROGRAMMER * pgm); - static void flip2_teardown(PROGRAMMER * pgm); - - /* INTERNAL PROGRAMMER FUNCTION PROTOTYPES */ -+#ifdef HAVE_LIBUSB -+// The internal ones are made conditional, as they're not defined further down #ifndef HAVE_LIBUSB - - static void flip2_show_info(struct flip2 *flip2); - -@@ -171,6 +173,8 @@ static const char * flip2_status_str(const struct dfu_status *status); - static const char * flip2_mem_unit_str(enum flip2_mem_unit mem_unit); - static enum flip2_mem_unit flip2_mem_unit(const char *name); - -+#endif /* HAVE_LIBUSB */ -+ - /* THE INITPGM FUNCTION DEFINITIONS */ - - void flip2_initpgm(PROGRAMMER *pgm) -@@ -195,6 +199,7 @@ void flip2_initpgm(PROGRAMMER *pgm) - pgm->teardown = flip2_teardown; - } - -+#ifdef HAVE_LIBUSB - /* EXPORTED PROGRAMMER FUNCTION DEFINITIONS */ - - int flip2_open(PROGRAMMER *pgm, char *port_spec) -@@ -922,3 +927,85 @@ enum flip2_mem_unit flip2_mem_unit(const char *name) { - return FLIP2_MEM_UNIT_SIGNATURE; - return FLIP2_MEM_UNIT_UNKNOWN; - } -+ -+#else /* HAVE_LIBUSB */ -+ -+/* EXPORTED PROGRAMMER FUNCTION DEFINITIONS */ -+ -+int flip2_open(PROGRAMMER *pgm, char *port_spec) -+{ -+ fprintf(stderr, "%s: Error: No USB support in this compile of avrdude\n", -+ progname); -+ return NULL; -+} -+ -+int flip2_initialize(PROGRAMMER* pgm, AVRPART *part) -+{ -+ return -1; -+} -+ -+void flip2_close(PROGRAMMER* pgm) -+{ -+} -+ -+void flip2_enable(PROGRAMMER* pgm) -+{ -+} -+ -+void flip2_disable(PROGRAMMER* pgm) -+{ -+} -+ -+void flip2_display(PROGRAMMER* pgm, const char *prefix) -+{ -+} -+ -+int flip2_program_enable(PROGRAMMER* pgm, AVRPART *part) -+{ -+ return -1; -+} -+ -+int flip2_chip_erase(PROGRAMMER* pgm, AVRPART *part) -+{ -+ return -1; -+} -+ -+int flip2_read_byte(PROGRAMMER* pgm, AVRPART *part, AVRMEM *mem, -+ unsigned long addr, unsigned char *value) -+{ -+ return -1; -+} -+ -+int flip2_write_byte(PROGRAMMER* pgm, AVRPART *part, AVRMEM *mem, -+ unsigned long addr, unsigned char value) -+{ -+ return -1; -+} -+ -+int flip2_paged_load(PROGRAMMER* pgm, AVRPART *part, AVRMEM *mem, -+ unsigned int page_size, unsigned int addr, unsigned int n_bytes) -+{ -+ return -1; -+} -+ -+int flip2_paged_write(PROGRAMMER* pgm, AVRPART *part, AVRMEM *mem, -+ unsigned int page_size, unsigned int addr, unsigned int n_bytes) -+{ -+ return -1; -+} -+ -+int flip2_read_sig_bytes(PROGRAMMER* pgm, AVRPART *part, AVRMEM *mem) -+{ -+ return -1; -+} -+ -+void flip2_setup(PROGRAMMER * pgm) -+{ -+} -+ -+void flip2_teardown(PROGRAMMER * pgm) -+{ -+} -+ -+ -+#endif /* HAVE_LIBUSB */ diff --git a/gnu/packages/patches/clang-3.8-libc-search-path.patch b/gnu/packages/patches/clang-3.8-libc-search-path.patch new file mode 100644 index 0000000000..0f7d0a4add --- /dev/null +++ b/gnu/packages/patches/clang-3.8-libc-search-path.patch @@ -0,0 +1,69 @@ +Clang attempts to guess file names based on the OS and distro (yes!), +but unfortunately, that doesn't work for us. + +This patch makes it easy to insert libc's $libdir so that Clang passes the +correct absolute file name of crt1.o etc. to 'ld'. It also disables all +the distro-specific stuff and removes the hard-coded FHS directory names +to make sure Clang also works on non-GuixSD systems. + +This patch makes slight adjustments over "clang-libc-search-path.patch" for +changes in clang 3.8. + +--- cfe-3.8.0.src/lib/Driver/ToolChains.cpp ++++ cfe-3.8.0.src/lib/Driver/ToolChains.cpp +@@ -3661,6 +3661,9 @@ + GCCInstallation.getTriple().str() + "/bin") + .str()); + ++ // Comment out the distro-specific tweaks so that they don't bite when ++ // using Guix on a foreign distro. ++#if 0 + Distro Distro = DetectDistro(D, Arch); + + if (IsOpenSUSE(Distro) || IsUbuntu(Distro)) { +@@ -3702,6 +3705,7 @@ + + if (IsOpenSUSE(Distro)) + ExtraOpts.push_back("--enable-new-dtags"); ++#endif + + // The selection of paths to try here is designed to match the patterns which + // the GCC driver itself uses, as this is part of the GCC-compatible driver. +@@ -3771,14 +3775,12 @@ + addPathIfExists(D, D.Dir + "/../" + OSLibDir, Paths); + } + +- addPathIfExists(D, SysRoot + "/lib/" + MultiarchTriple, Paths); +- addPathIfExists(D, SysRoot + "/lib/../" + OSLibDir, Paths); +- addPathIfExists(D, SysRoot + "/usr/lib/" + MultiarchTriple, Paths); +- addPathIfExists(D, SysRoot + "/usr/lib/../" + OSLibDir, Paths); +- + // Try walking via the GCC triple path in case of biarch or multiarch GCC + // installations with strange symlinks. + if (GCCInstallation.isValid()) { ++ // The following code would end up adding things like ++ // "/usr/lib/x86_64-unknown-linux-gnu/../../lib64" to the search path. ++#if 0 + addPathIfExists(D, + SysRoot + "/usr/lib/" + GCCInstallation.getTriple().str() + + "/../../" + OSLibDir, +@@ -3791,6 +3793,7 @@ + BiarchSibling.gccSuffix(), + Paths); + } ++#endif + + // See comments above on the multilib variant for details of why this is + // included even from outside the sysroot. +@@ -3815,8 +3818,9 @@ + if (StringRef(D.Dir).startswith(SysRoot)) + addPathIfExists(D, D.Dir + "/../lib", Paths); + +- addPathIfExists(D, SysRoot + "/lib", Paths); +- addPathIfExists(D, SysRoot + "/usr/lib", Paths); ++ // Add libc's lib/ directory to the search path, so that crt1.o, crti.o, ++ // and friends can be found. ++ addPathIfExists(D, "@GLIBC_LIBDIR@", Paths); + } + + bool Linux::HasNativeLLVMSupport() const { return true; } diff --git a/gnu/packages/patches/gd-CVE-2016-5766.patch b/gnu/packages/patches/gd-CVE-2016-5766.patch new file mode 100644 index 0000000000..400cb0ab48 --- /dev/null +++ b/gnu/packages/patches/gd-CVE-2016-5766.patch @@ -0,0 +1,81 @@ +Fix CVE-2016-5766 (Integer Overflow in _gd2GetHeader() resulting in heap +overflow). + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5766 + +Adapted from upstream commits: +https://github.com/libgd/libgd/commit/aba3db8ba159465ecec1089027a24835a6da9cc0 +https://github.com/libgd/libgd/commit/a6a0e7feabb2a9738086a5dc96348f233c87fa79 + +Since `patch` cannot apply Git binary diffs, we omit the addition of +'tests/gd2/php_bug_72339.c' and its associated binary data. + +From aba3db8ba159465ecec1089027a24835a6da9cc0 Mon Sep 17 00:00:00 2001 +From: Pierre Joye <pierre.php@gmail.com> +Date: Tue, 28 Jun 2016 16:23:42 +0700 +Subject: [PATCH] fix php bug 72339 (CVE-2016-5766), Integer Overflow in + _gd2GetHeader() resulting in heap overflow + +--- + src/gd_gd2.c | 5 ++++- + tests/gd2/CMakeLists.txt | 1 + + tests/gd2/Makemodule.am | 6 ++++-- + tests/gd2/php_bug_72339.c | 21 +++++++++++++++++++++ + tests/gd2/php_bug_72339_exp.gd2 | Bin 0 -> 67108882 bytes + 5 files changed, 30 insertions(+), 3 deletions(-) + create mode 100644 tests/gd2/php_bug_72339.c + create mode 100644 tests/gd2/php_bug_72339_exp.gd2 + +diff --git a/src/gd_gd2.c b/src/gd_gd2.c +index fd1e0c9..bdbbecf 100644 +--- a/src/gd_gd2.c ++++ b/src/gd_gd2.c +@@ -154,8 +154,11 @@ _gd2GetHeader (gdIOCtxPtr in, int *sx, int *sy, + nc = (*ncx) * (*ncy); + GD2_DBG (printf ("Reading %d chunk index entries\n", nc)); + sidx = sizeof (t_chunk_info) * nc; ++ if (overflow2(sidx, nc)) { ++ goto fail1; ++ } + cidx = gdCalloc (sidx, 1); +- if (!cidx) { ++ if (cidx == NULL) { + goto fail1; + } + for (i = 0; i < nc; i++) { +From a6a0e7feabb2a9738086a5dc96348f233c87fa79 Mon Sep 17 00:00:00 2001 +From: Pierre Joye <pierre.php@gmail.com> +Date: Wed, 29 Jun 2016 09:36:26 +0700 +Subject: [PATCH] fix php bug 72339 (CVE-2016-5766), Integer Overflow in + _gd2GetHeader() resulting in heap overflow. Sync with php's sync + +--- + src/gd_gd2.c | 7 ++++++- + tests/gd2/php_bug_72339.c | 2 +- + 2 files changed, 7 insertions(+), 2 deletions(-) + +diff --git a/src/gd_gd2.c b/src/gd_gd2.c +index bdbbecf..2837456 100644 +--- a/src/gd_gd2.c ++++ b/src/gd_gd2.c +@@ -152,11 +152,16 @@ _gd2GetHeader (gdIOCtxPtr in, int *sx, int *sy, + + if (gd2_compressed (*fmt)) { + nc = (*ncx) * (*ncy); ++ + GD2_DBG (printf ("Reading %d chunk index entries\n", nc)); ++ if (overflow2(sizeof(t_chunk_info), nc)) { ++ goto fail1; ++ } + sidx = sizeof (t_chunk_info) * nc; +- if (overflow2(sidx, nc)) { ++ if (sidx <= 0) { + goto fail1; + } ++ + cidx = gdCalloc (sidx, 1); + if (cidx == NULL) { + goto fail1; +-- +2.9.1 + diff --git a/gnu/packages/patches/gd-CVE-2016-6128.patch b/gnu/packages/patches/gd-CVE-2016-6128.patch new file mode 100644 index 0000000000..45ee6b0cfa --- /dev/null +++ b/gnu/packages/patches/gd-CVE-2016-6128.patch @@ -0,0 +1,253 @@ +Fix CVE-2016-6128 (invalid color index is not properly handled leading +to denial of service). + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6128 + +Copied from upstream commits: +https://github.com/libgd/libgd/compare/3fe0a7128bac5000fdcfab888bd2a75ec0c9447d...fd623025505e87bba7ec8555eeb72dae4fb0afd + +From 1ccfe21e14c4d18336f9da8515cd17db88c3de61 Mon Sep 17 00:00:00 2001 +From: Pierre Joye <pierre.php@gmail.com> +Date: Mon, 27 Jun 2016 11:17:39 +0700 +Subject: [PATCH 1/8] fix php 72494, invalid color index not handled, can lead + to crash + +--- + src/gd_crop.c | 4 ++++ + tests/CMakeLists.txt | 1 + + tests/Makefile.am | 1 + + 3 files changed, 6 insertions(+) + +diff --git a/src/gd_crop.c b/src/gd_crop.c +index 0296633..532b49b 100644 +--- a/src/gd_crop.c ++++ b/src/gd_crop.c +@@ -136,6 +136,10 @@ BGD_DECLARE(gdImagePtr) gdImageCropThreshold(gdImagePtr im, const unsigned int c + return NULL; + } + ++ if (color < 0 || (!gdImageTrueColor(im) && color >= gdImageColorsTotal(im))) { ++ return NULL; ++ } ++ + /* TODO: Add gdImageGetRowPtr and works with ptr at the row level + * for the true color and palette images + * new formats will simply work with ptr +diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt +index 6f5c786..5093d52 100644 +--- a/tests/CMakeLists.txt ++++ b/tests/CMakeLists.txt +@@ -31,6 +31,7 @@ if (BUILD_TEST) + gdimagecolortransparent + gdimagecopy + gdimagecopyrotated ++ gdimagecrop + gdimagefile + gdimagefill + gdimagefilledellipse +diff --git a/tests/Makefile.am b/tests/Makefile.am +index 4f6e756..5a0ebe8 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -25,6 +25,7 @@ include gdimagecolorresolve/Makemodule.am + include gdimagecolortransparent/Makemodule.am + include gdimagecopy/Makemodule.am + include gdimagecopyrotated/Makemodule.am ++include gdimagecrop/Makemodule.am + include gdimagefile/Makemodule.am + include gdimagefill/Makemodule.am + include gdimagefilledellipse/Makemodule.am +-- +2.9.1 + +From 8c9f39c7cb1f62ea00bc7a48aff64d3811c2d6d0 Mon Sep 17 00:00:00 2001 +From: Pierre Joye <pierre.php@gmail.com> +Date: Mon, 27 Jun 2016 11:20:07 +0700 +Subject: [PATCH 2/8] fix php 72494, invalid color index not handled, can lead + to crash + +--- + tests/gdimagecrop/.gitignore | 1 + + 1 file changed, 1 insertion(+) + create mode 100644 tests/gdimagecrop/.gitignore + +diff --git a/tests/gdimagecrop/.gitignore b/tests/gdimagecrop/.gitignore +new file mode 100644 +index 0000000..8e8c9c3 +--- /dev/null ++++ b/tests/gdimagecrop/.gitignore +@@ -0,0 +1 @@ ++/php_bug_72494 +-- +2.9.1 + +From 8de370b7b6263a02268037a7cd13ddd991b43ea9 Mon Sep 17 00:00:00 2001 +From: Pierre Joye <pierre.php@gmail.com> +Date: Mon, 27 Jun 2016 11:24:50 +0700 +Subject: [PATCH 3/8] fix php 72494, invalid color index not handled, can lead + to crash + +--- + tests/gdimagecrop/CMakeLists.txt | 5 +++++ + 1 file changed, 5 insertions(+) + create mode 100644 tests/gdimagecrop/CMakeLists.txt + +diff --git a/tests/gdimagecrop/CMakeLists.txt b/tests/gdimagecrop/CMakeLists.txt +new file mode 100644 +index 0000000..f7e4c7e +--- /dev/null ++++ b/tests/gdimagecrop/CMakeLists.txt +@@ -0,0 +1,5 @@ ++SET(TESTS_FILES ++ php_bug_72494 ++) ++ ++ADD_GD_TESTS() +-- +2.9.1 + +From bca12e4e11ecda8a0ea719472700ad5c2b36a0d6 Mon Sep 17 00:00:00 2001 +From: Pierre Joye <pierre.php@gmail.com> +Date: Mon, 27 Jun 2016 11:25:12 +0700 +Subject: [PATCH 4/8] fix php 72494, invalid color index not handled, can lead + to crash + +--- + tests/gdimagecrop/Makemodule.am | 5 +++++ + 1 file changed, 5 insertions(+) + create mode 100644 tests/gdimagecrop/Makemodule.am + +diff --git a/tests/gdimagecrop/Makemodule.am b/tests/gdimagecrop/Makemodule.am +new file mode 100644 +index 0000000..210888b +--- /dev/null ++++ b/tests/gdimagecrop/Makemodule.am +@@ -0,0 +1,5 @@ ++libgd_test_programs += \ ++ gdimagecrop/php_bug_72494 ++ ++EXTRA_DIST += \ ++ gdimagecrop/CMakeLists.txt +-- +2.9.1 + +From 6ff72ae40c7c20ece939afb362d98cc37f4a1c96 Mon Sep 17 00:00:00 2001 +From: Pierre Joye <pierre.php@gmail.com> +Date: Mon, 27 Jun 2016 11:25:40 +0700 +Subject: [PATCH 5/8] fix php 72494, invalid color index not handled, can lead + to crash + +--- + tests/gdimagecrop/php_bug_72494.c | 23 +++++++++++++++++++++++ + 1 file changed, 23 insertions(+) + create mode 100644 tests/gdimagecrop/php_bug_72494.c + +diff --git a/tests/gdimagecrop/php_bug_72494.c b/tests/gdimagecrop/php_bug_72494.c +new file mode 100644 +index 0000000..adaa379 +--- /dev/null ++++ b/tests/gdimagecrop/php_bug_72494.c +@@ -0,0 +1,23 @@ ++#include <stdio.h> ++#include <stdlib.h> ++#include "gd.h" ++ ++#include "gdtest.h" ++ ++int main() ++{ ++ gdImagePtr im, exp; ++ int error = 0; ++ ++ im = gdImageCreate(50, 50); ++ ++ if (!im) { ++ gdTestErrorMsg("gdImageCreate failed.\n"); ++ return 1; ++ } ++ ++ gdImageCropThreshold(im, 1337, 0); ++ gdImageDestroy(im); ++ /* this bug tests a crash, it never reaches this point if the bug exists*/ ++ return 0; ++} +-- +2.9.1 + +From a0f9f8f7bd0d3a6c6afd6d180b8e75d93aadddfa Mon Sep 17 00:00:00 2001 +From: Pierre Joye <pierre.php@gmail.com> +Date: Mon, 27 Jun 2016 11:38:07 +0700 +Subject: [PATCH 6/8] fix php 72494, CID 149753, color is unsigned int, remove + useless <0 comparison + +--- + src/gd_crop.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/gd_crop.c b/src/gd_crop.c +index 532b49b..d51ad67 100644 +--- a/src/gd_crop.c ++++ b/src/gd_crop.c +@@ -136,7 +136,7 @@ BGD_DECLARE(gdImagePtr) gdImageCropThreshold(gdImagePtr im, const unsigned int c + return NULL; + } + +- if (color < 0 || (!gdImageTrueColor(im) && color >= gdImageColorsTotal(im))) { ++ if (!gdImageTrueColor(im) && color >= gdImageColorsTotal(im)) { + return NULL; + } + +-- +2.9.1 + +From 907115fbb980862934d0de91af4977a216745039 Mon Sep 17 00:00:00 2001 +From: Pierre Joye <pierre.php@gmail.com> +Date: Mon, 27 Jun 2016 11:51:40 +0700 +Subject: [PATCH 7/8] fix php 72494, CID 149753, color is unsigned int, remove + useless <0 comparison + +--- + tests/gdimagecrop/php_bug_72494.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/gdimagecrop/php_bug_72494.c b/tests/gdimagecrop/php_bug_72494.c +index adaa379..5cb589b 100644 +--- a/tests/gdimagecrop/php_bug_72494.c ++++ b/tests/gdimagecrop/php_bug_72494.c +@@ -6,7 +6,7 @@ + + int main() + { +- gdImagePtr im, exp; ++ gdImagePtr im; + int error = 0; + + im = gdImageCreate(50, 50); +-- +2.9.1 + +From fd623025505e87bba7ec8555eeb72dae4fb0afdc Mon Sep 17 00:00:00 2001 +From: Pierre Joye <pierre.php@gmail.com> +Date: Mon, 27 Jun 2016 12:04:25 +0700 +Subject: [PATCH 8/8] fix php 72494, CID 149753, color is unsigned int, remove + useless <0 comparison + +--- + tests/gdimagecrop/php_bug_72494.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/tests/gdimagecrop/php_bug_72494.c b/tests/gdimagecrop/php_bug_72494.c +index 5cb589b..3bd19be 100644 +--- a/tests/gdimagecrop/php_bug_72494.c ++++ b/tests/gdimagecrop/php_bug_72494.c +@@ -7,7 +7,6 @@ + int main() + { + gdImagePtr im; +- int error = 0; + + im = gdImageCreate(50, 50); + +-- +2.9.1 + diff --git a/gnu/packages/patches/gd-CVE-2016-6132.patch b/gnu/packages/patches/gd-CVE-2016-6132.patch new file mode 100644 index 0000000000..4c475b71b2 --- /dev/null +++ b/gnu/packages/patches/gd-CVE-2016-6132.patch @@ -0,0 +1,55 @@ +Fix CVE-2016-6132 (read out-of-bounds when parsing TGA files). + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6132 + +Copied from upstream commit: +https://github.com/libgd/libgd/commit/ead349e99868303b37f5e6e9d9d680c9dc71ff8d + +From ead349e99868303b37f5e6e9d9d680c9dc71ff8d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org> +Date: Tue, 12 Jul 2016 11:24:09 +0200 +Subject: [PATCH] Fix #247, A read out-of-bands was found in the parsing of TGA + files (CVE-2016-6132) + +--- + src/gd_tga.c | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +diff --git a/src/gd_tga.c b/src/gd_tga.c +index ef20f86..20fe2d2 100644 +--- a/src/gd_tga.c ++++ b/src/gd_tga.c +@@ -237,7 +237,11 @@ int read_image_tga( gdIOCtx *ctx, oTga *tga ) + return -1; + } + +- gdGetBuf(conversion_buffer, image_block_size, ctx); ++ if (gdGetBuf(conversion_buffer, image_block_size, ctx) != image_block_size) { ++ gd_error("gd-tga: premature end of image data\n"); ++ gdFree(conversion_buffer); ++ return -1; ++ } + + while (buffer_caret < image_block_size) { + tga->bitmap[buffer_caret] = (int) conversion_buffer[buffer_caret]; +@@ -257,11 +261,16 @@ int read_image_tga( gdIOCtx *ctx, oTga *tga ) + } + conversion_buffer = (unsigned char *) gdMalloc(image_block_size * sizeof(unsigned char)); + if (conversion_buffer == NULL) { ++ gd_error("gd-tga: premature end of image data\n"); + gdFree( decompression_buffer ); + return -1; + } + +- gdGetBuf( conversion_buffer, image_block_size, ctx ); ++ if (gdGetBuf(conversion_buffer, image_block_size, ctx) != image_block_size) { ++ gdFree(conversion_buffer); ++ gdFree(decompression_buffer); ++ return -1; ++ } + + buffer_caret = 0; + +-- +2.9.1 + diff --git a/gnu/packages/patches/gd-CVE-2016-6214.patch b/gnu/packages/patches/gd-CVE-2016-6214.patch new file mode 100644 index 0000000000..7894a32bb1 --- /dev/null +++ b/gnu/packages/patches/gd-CVE-2016-6214.patch @@ -0,0 +1,66 @@ +Fix CVE-2016-6214 (read out-of-bounds when parsing TGA files). + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6214 + +Adapted from upstream commit: +https://github.com/libgd/libgd/commit/341aa68843ceceae9ba6e083431f14a07bd92308 + +Since `patch` cannot apply Git binary diffs, we omit the addition of +'tests/tga/bug00247a.c' and its associated binary data. + +From 341aa68843ceceae9ba6e083431f14a07bd92308 Mon Sep 17 00:00:00 2001 +From: "Christoph M. Becker" <cmbecker69@gmx.de> +Date: Tue, 12 Jul 2016 19:23:13 +0200 +Subject: [PATCH] Unsupported TGA bpp/alphabit combinations should error + gracefully + +Currently, only 24bpp without alphabits and 32bpp with 8 alphabits are +really supported. All other combinations will be rejected with a warning. + +(cherry picked from commit cb1a0b7e54e9aa118270c23a4a6fe560e4590dc9) +--- + src/gd_tga.c | 16 ++++++---------- + tests/tga/.gitignore | 1 + + tests/tga/CMakeLists.txt | 1 + + tests/tga/Makemodule.am | 4 +++- + tests/tga/bug00247a.c | 19 +++++++++++++++++++ + tests/tga/bug00247a.tga | Bin 0 -> 36 bytes + 6 files changed, 30 insertions(+), 11 deletions(-) + create mode 100644 tests/tga/bug00247a.c + create mode 100644 tests/tga/bug00247a.tga + +diff --git a/src/gd_tga.c b/src/gd_tga.c +index 20fe2d2..b4f8fa6 100644 +--- a/src/gd_tga.c ++++ b/src/gd_tga.c +@@ -99,7 +99,7 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromTgaCtx(gdIOCtx* ctx) + if (tga->bits == TGA_BPP_24) { + *tpix = gdTrueColor(tga->bitmap[bitmap_caret + 2], tga->bitmap[bitmap_caret + 1], tga->bitmap[bitmap_caret]); + bitmap_caret += 3; +- } else if (tga->bits == TGA_BPP_32 || tga->alphabits) { ++ } else if (tga->bits == TGA_BPP_32 && tga->alphabits) { + register int a = tga->bitmap[bitmap_caret + 3]; + + *tpix = gdTrueColorAlpha(tga->bitmap[bitmap_caret + 2], tga->bitmap[bitmap_caret + 1], tga->bitmap[bitmap_caret], gdAlphaMax - (a >> 1)); +@@ -159,16 +159,12 @@ int read_header_tga(gdIOCtx *ctx, oTga *tga) + printf("wxh: %i %i\n", tga->width, tga->height); + #endif + +- switch(tga->bits) { +- case 8: +- case 16: +- case 24: +- case 32: +- break; +- default: +- gd_error("bps %i not supported", tga->bits); ++ if (!((tga->bits == TGA_BPP_24 && tga->alphabits == 0) ++ || (tga->bits == TGA_BPP_32 && tga->alphabits == 8))) ++ { ++ gd_error_ex(GD_WARNING, "gd-tga: %u bits per pixel with %u alpha bits not supported\n", ++ tga->bits, tga->alphabits); + return -1; +- break; + } + + tga->ident = NULL; diff --git a/gnu/packages/patches/gd-fix-test-on-i686.patch b/gnu/packages/patches/gd-fix-test-on-i686.patch new file mode 100644 index 0000000000..6dd2e0fb03 --- /dev/null +++ b/gnu/packages/patches/gd-fix-test-on-i686.patch @@ -0,0 +1,34 @@ +Disable part of the gdimagerotate test on architectures such as i686 +where intermediate floating-point operations are done with 80-bit long +doubles, and typically later rounded to 64-bit doubles. This double +rounding causes small differences in the resulting pixel values +compared with other architectures, causing the image comparison to +fail. + +Patch by Mark H Weaver <mhw@netris.org>. + +--- libgd-2.2.2/tests/gdimagerotate/bug00067.c 1969-12-31 19:00:00.000000000 -0500 ++++ libgd-2.2.2/tests/gdimagerotate/bug00067.c 2016-07-18 12:19:19.885423132 -0400 +@@ -1,5 +1,6 @@ + #include <stdio.h> + #include <stdlib.h> ++#include <float.h> + #include "gd.h" + + #include "gdtest.h" +@@ -41,6 +42,7 @@ + return 1; + } + ++#if FLT_EVAL_METHOD != 2 + sprintf(filename, "bug00067_%03d_exp.png", angle); + path = gdTestFilePath2("gdimagerotate", filename); + if (!gdAssertImageEqualsToFile(path, exp)) { +@@ -48,6 +50,7 @@ + error += 1; + } + free(path); ++#endif + + gdImageDestroy(exp); + } diff --git a/gnu/packages/patches/gimp-CVE-2016-4994.patch b/gnu/packages/patches/gimp-CVE-2016-4994.patch new file mode 100644 index 0000000000..6c81c63386 --- /dev/null +++ b/gnu/packages/patches/gimp-CVE-2016-4994.patch @@ -0,0 +1,96 @@ +Fix CVE-2016-4994: +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4994 + +Copied from upstream repository: +https://git.gnome.org/browse/gimp/patch/?id=e82aaa4b4ee0703c879e35ea9321fff6be3e9b6f + +From e82aaa4b4ee0703c879e35ea9321fff6be3e9b6f Mon Sep 17 00:00:00 2001 +From: Shmuel H <shmuelgimp@gmail.com> +Date: Mon, 20 Jun 2016 17:14:41 +0300 +Subject: Bug 767873 - (CVE-2016-4994) Multiple Use-After-Free when parsing... + +...XCF channel and layer properties + +The properties PROP_ACTIVE_LAYER, PROP_FLOATING_SELECTION, +PROP_ACTIVE_CHANNEL saves the current object pointer the @info +structure. Others like PROP_SELECTION (for channel) and +PROP_GROUP_ITEM (for layer) will delete the current object and create +a new object, leaving the pointers in @info invalid (dangling). + +Therefore, if a property from the first type will come before the +second, the result will be an UaF in the last lines of xcf_load_image +(when it actually using the pointers from @info). + +I wasn't able to exploit this bug because that +g_object_instance->c_class gets cleared by the last g_object_unref and +GIMP_IS_{LAYER,CHANNEL} detects that and return FALSE. + +(cherry picked from commit 6d804bf9ae77bc86a0a97f9b944a129844df9395) +--- + app/xcf/xcf-load.c | 29 +++++++++++++++++++++++++++++ + 1 file changed, 29 insertions(+) + +diff --git a/app/xcf/xcf-load.c b/app/xcf/xcf-load.c +index b180377..67cc6d4 100644 +--- a/app/xcf/xcf-load.c ++++ b/app/xcf/xcf-load.c +@@ -904,6 +904,18 @@ xcf_load_layer_props (XcfInfo *info, + case PROP_GROUP_ITEM: + { + GimpLayer *group; ++ gboolean is_active_layer; ++ ++ /* We're going to delete *layer, Don't leave its pointers ++ * in @info. After that, we'll restore them back with the ++ * new pointer. See bug #767873. ++ */ ++ is_active_layer = (*layer == info->active_layer); ++ if (is_active_layer) ++ info->active_layer = NULL; ++ ++ if (*layer == info->floating_sel) ++ info->floating_sel = NULL; + + group = gimp_group_layer_new (image); + +@@ -916,6 +928,13 @@ xcf_load_layer_props (XcfInfo *info, + g_object_ref_sink (*layer); + g_object_unref (*layer); + *layer = group; ++ ++ if (is_active_layer) ++ info->active_layer = *layer; ++ ++ /* Don't restore info->floating_sel because group layers ++ * can't be floating selections ++ */ + } + break; + +@@ -986,6 +1005,12 @@ xcf_load_channel_props (XcfInfo *info, + { + GimpChannel *mask; + ++ /* We're going to delete *channel, Don't leave its pointer ++ * in @info. See bug #767873. ++ */ ++ if (*channel == info->active_channel) ++ info->active_channel = NULL; ++ + mask = + gimp_selection_new (image, + gimp_item_get_width (GIMP_ITEM (*channel)), +@@ -1000,6 +1025,10 @@ xcf_load_channel_props (XcfInfo *info, + *channel = mask; + (*channel)->boundary_known = FALSE; + (*channel)->bounds_known = FALSE; ++ ++ /* Don't restore info->active_channel because the ++ * selection can't be the active channel ++ */ + } + break; + +-- +cgit v0.12 + diff --git a/gnu/packages/patches/khmer-use-libraries.patch b/gnu/packages/patches/khmer-use-libraries.patch new file mode 100644 index 0000000000..47d163a99a --- /dev/null +++ b/gnu/packages/patches/khmer-use-libraries.patch @@ -0,0 +1,16 @@ +Change setup.cfg so that the bundled zlib and bzip2 are not used. This cannot +currently be achieved using "--library z,bz2" as instructed in the setup.py. + +diff --git a/setup.cfg b/setup.cfg +index c054092..080992e 100644 +--- a/setup.cfg ++++ b/setup.cfg +@@ -1,7 +1,7 @@ + [build_ext] + define = SEQAN_HAS_BZIP2,SEQAN_HAS_ZLIB + undef = NO_UNIQUE_RC +-# libraries = z,bz2 ++libraries = z,bz2 + ## if using system libraries + include-dirs = lib:third-party/zlib:third-party/bzip2:third-party/seqan/core/include:third-party/smhasher + # include-dirs = lib diff --git a/gnu/packages/patches/libmtp-devices.patch b/gnu/packages/patches/libmtp-devices.patch deleted file mode 100644 index 9b985e526d..0000000000 --- a/gnu/packages/patches/libmtp-devices.patch +++ /dev/null @@ -1,554 +0,0 @@ -Add additional devices; the patched file corresponds to git commit 8e471b, -to which one additional device has been added as reported at - http://sourceforge.net/p/libmtp/bugs/1422/ - -diff -u -r libmtp-1.1.9.orig/src/music-players.h libmtp-1.1.9/src/music-players.h ---- libmtp-1.1.9.orig/src/music-players.h 2015-09-19 22:54:24.537330594 +0200 -+++ libmtp-1.1.9/src/music-players.h 2015-09-19 23:16:41.079206331 +0200 -@@ -47,82 +47,61 @@ - * and properties. - */ - { "Creative", 0x041e, "ZEN Vision", 0x411f, -- DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL | -- DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL }, -+ DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL }, - { "Creative", 0x041e, "Portable Media Center", 0x4123, -- DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL | -- DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL }, -+ DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL }, - { "Creative", 0x041e, "ZEN Xtra (MTP mode)", 0x4128, -- DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL | -- DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL }, -+ DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL }, - { "Dell", 0x041e, "DJ (2nd generation)", 0x412f, -- DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL | -- DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL }, -+ DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL }, - { "Creative", 0x041e, "ZEN Micro (MTP mode)", 0x4130, -- DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL | -- DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL }, -+ DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL }, - { "Creative", 0x041e, "ZEN Touch (MTP mode)", 0x4131, -- DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL | -- DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL }, -+ DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL }, - { "Dell", 0x041e, "Dell Pocket DJ (MTP mode)", 0x4132, -- DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL | -- DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL }, -- { "Creative", 0x041e, "ZEN MicroPhoto (alternate version)", 0x4133, -- DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL | -- DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL }, -+ DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL }, -+ { "Creative", 0x041e, "ZEN MicroPhoto (alternate version)", 0x4133, -+ DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL }, - { "Creative", 0x041e, "ZEN Sleek (MTP mode)", 0x4137, -- DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL | -- DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL }, -+ DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL }, - { "Creative", 0x041e, "ZEN MicroPhoto", 0x413c, -- DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL | -- DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL }, -+ DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL }, - { "Creative", 0x041e, "ZEN Sleek Photo", 0x413d, -- DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL | -- DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL }, -+ DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL }, - { "Creative", 0x041e, "ZEN Vision:M", 0x413e, -- DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL | -- DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL }, -+ DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL }, - // Reported by marazm@o2.pl - { "Creative", 0x041e, "ZEN V", 0x4150, -- DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL | -- DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL }, -+ DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL }, - // Reported by danielw@iinet.net.au - // This version of the Vision:M needs the no release interface flag, - // unclear whether the other version above need it too or not. - { "Creative", 0x041e, "ZEN Vision:M (DVP-HD0004)", 0x4151, - DEVICE_FLAG_NO_RELEASE_INTERFACE | -- DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL | -- DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL }, -+ DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL }, - // Reported by Darel on the XNJB forums - { "Creative", 0x041e, "ZEN V Plus", 0x4152, -- DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL | -- DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL }, -+ DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL }, - { "Creative", 0x041e, "ZEN Vision W", 0x4153, -- DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL | -- DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL }, -+ DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL }, - // Don't add 0x4155: this is a Zen Stone device which is not MTP - // Reported by Paul Kurczaba <paul@kurczaba.com> - { "Creative", 0x041e, "ZEN", 0x4157, - DEVICE_FLAG_IGNORE_HEADER_ERRORS | - DEVICE_FLAG_BROKEN_SET_SAMPLE_DIMENSIONS | -- DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL | -- DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL }, -+ DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL }, - // Reported by Ringofan <mcroman@users.sourceforge.net> - { "Creative", 0x041e, "ZEN V 2GB", 0x4158, -- DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL | -- DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL }, -+ DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL }, - // Reported by j norment <stormzen@gmail.com> - { "Creative", 0x041e, "ZEN Mozaic", 0x4161, -- DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL | -- DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL }, -+ DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL }, - // Reported by Aaron F. Gonzalez <sub_tex@users.sourceforge.net> - { "Creative", 0x041e, "ZEN X-Fi", 0x4162, -- DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL | -- DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL }, -+ DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL }, - // Reported by farmerstimuli <farmerstimuli@users.sourceforge.net> - { "Creative", 0x041e, "ZEN X-Fi 3", 0x4169, -- DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL | -- DEVICE_FLAG_BROKEN_GET_OBJECT_PROPVAL }, -+ DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST_ALL }, - // Reported by Todor Gyumyushev <yodor1@users.sourceforge.net> - { "ZiiLABS", 0x041e, "Zii EGG", 0x6000, - DEVICE_FLAG_UNLOAD_DRIVER | -@@ -607,8 +586,17 @@ - /* https://sourceforge.net/p/libmtp/bugs/1251/ */ - { "Acer", 0x0502, "E39", 0x3643, - DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1369/ */ -+ { "Acer", 0x0502, "liquid e700", 0x3644, -+ DEVICE_FLAGS_ANDROID_BUGS }, - { "Acer", 0x0502, "One 7", 0x3657, - DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/support-requests/183/ */ -+ { "Acer", 0x0502, "Z200", 0x3683, -+ DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1341/ */ -+ { "Acer", 0x0502, "Liquid S56", 0x3725, -+ DEVICE_FLAGS_ANDROID_BUGS }, - - /* - * SanDisk -@@ -952,6 +940,7 @@ - { "Archos", 0x0e79, "SPOD (MTP mode)", 0x1341, DEVICE_FLAG_UNLOAD_DRIVER }, - { "Archos", 0x0e79, "5S IT (MTP mode)", 0x1351, DEVICE_FLAG_UNLOAD_DRIVER }, - { "Archos", 0x0e79, "5H IT (MTP mode)", 0x1357, DEVICE_FLAG_UNLOAD_DRIVER }, -+ { "Archos", 0x0e79, "48 (MTP mode)", 0x1421, DEVICE_FLAGS_ANDROID_BUGS }, - { "Archos", 0x0e79, "Arnova Childpad", 0x1458, DEVICE_FLAGS_ANDROID_BUGS }, - { "Archos", 0x0e79, "Arnova 8c G3", 0x145e, DEVICE_FLAGS_ANDROID_BUGS }, - { "Archos", 0x0e79, "Arnova 10bG3 Tablet", 0x146b, DEVICE_FLAGS_ANDROID_BUGS }, -@@ -973,9 +962,17 @@ - { "Archos", 0x0e79, "70it2 (ID 2)", 0x1569, DEVICE_FLAGS_ANDROID_BUGS }, - { "Archos", 0x0e79, "50c", 0x2008, DEVICE_FLAGS_ANDROID_BUGS }, - { "Archos", 0x0e79, "C40", 0x31ab, DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1393/ */ -+ { "Archos", 0x0e79, "Phone", 0x31e1, DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1325/ */ -+ { "Archos", 0x0e79, "45 Neon", 0x31f3, DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1352/ */ -+ { "Archos", 0x0e79, "50 Diamond", 0x3229, DEVICE_FLAGS_ANDROID_BUGS }, - { "Archos", 0x0e79, "101 G4", 0x4002, DEVICE_FLAGS_ANDROID_BUGS }, - { "Archos (for Tesco)", 0x0e79, "Hudl (ID1)", 0x5008, DEVICE_FLAGS_ANDROID_BUGS }, - { "Archos (for Tesco)", 0x0e79, "Hudl (ID2)", 0x5009, DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1404/ */ -+ { "Archos", 0x0e79, "AC40DTI", 0x5217, DEVICE_FLAGS_ANDROID_BUGS }, - - /* - * Dunlop (OEM of EGOMAN ltd?) reported by Nanomad -@@ -1181,6 +1178,10 @@ - { "Qualcomm (for OnePlus)", 0x05c6, "One (MTP+ADB)", - 0x6765, DEVICE_FLAGS_ANDROID_BUGS }, - -+ /* https://sourceforge.net/p/libmtp/bugs/1377/ */ -+ { "Qualcomm (for Xolo)", 0x901b, "Xolo Black (MTP)", -+ 0x9039, DEVICE_FLAGS_ANDROID_BUGS }, -+ - { "Qualcomm (for PhiComm)", 0x05c6, "C230w (MTP)", - 0x9039, DEVICE_FLAGS_ANDROID_BUGS }, - -@@ -1221,6 +1222,9 @@ - // Reported by Thomas Bretthauer - { "Fujitsu, Ltd", 0x04c5, "STYLISTIC M532", 0x133b, - DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/feature-requests/137/ */ -+ { "Fujitsu, Ltd", 0x04c5, "F02-E", 0x1378, -+ DEVICE_FLAGS_ANDROID_BUGS }, - - /* - * Palm device userland program named Pocket Tunes -@@ -1247,6 +1251,9 @@ - // Reported by anonymous SourceForge user - { "Medion", 0x066f, "MD8333 (ID2)", 0x8588, - DEVICE_FLAG_UNLOAD_DRIVER | DEVICE_FLAG_BROKEN_MTPGETOBJPROPLIST }, -+ /* https://sourceforge.net/p/libmtp/bugs/1359/ */ -+ { "Verizon", 0x0408, "Ellipsis 7", 0x3899, -+ DEVICE_FLAGS_ANDROID_BUGS }, - // The vendor ID is "Quanta Computer, Inc." - // same as Olivetti Olipad 110 - // Guessing on device flags -@@ -1403,6 +1410,9 @@ - DEVICE_FLAGS_ANDROID_BUGS }, - { "LG Electronics Inc.", 0x1004, "LG2 Optimus", 0x6225, - DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1386/ */ -+ { "LG Electronics Inc.", 0x1004, "LG VS950", 0x622a, -+ DEVICE_FLAGS_ANDROID_BUGS }, - { "LG Electronics Inc.", 0x1004, "LG VS870", 0x6239, - DEVICE_FLAGS_ANDROID_BUGS }, - /* https://sourceforge.net/p/libmtp/bugs/992/ */ -@@ -1410,6 +1420,8 @@ - DEVICE_FLAGS_ANDROID_BUGS }, - { "LG Electronics Inc.", 0x1004, "VK810", 0x6265, - DEVICE_FLAGS_ANDROID_BUGS }, -+ { "LG Electronics Inc.", 0x1004, "G3", 0x627f, -+ DEVICE_FLAGS_ANDROID_BUGS }, - /* https://sourceforge.net/p/libmtp/support-requests/134/ */ - { "LG Electronics Inc.", 0x1004, "G3 (VS985)", 0x626e, - DEVICE_FLAGS_ANDROID_BUGS }, -@@ -1723,8 +1735,12 @@ - DEVICE_FLAG_NONE }, - { "SONY", 0x0fce, "Xperia M2 MTP", 0x01aa, - DEVICE_FLAG_NONE }, -+ { "SONY", 0x0fce, "Xperia M2 Dual MTP", 0x01ab, -+ DEVICE_FLAG_NONE }, - { "SONY", 0x0fce, "Xperia Z2 MTP", 0x01af, - DEVICE_FLAG_NONE }, -+ { "SONY", 0x0fce, "Xperia Z2 Tablet MTP", 0x01b1, -+ DEVICE_FLAGS_ANDROID_BUGS }, - { "SONY", 0x0fce, "Xperia Z Ultra MTP", 0x01b6, - DEVICE_FLAGS_ANDROID_BUGS }, - { "SONY", 0x0fce, "Xperia Z3 MTP", 0x01ba, -@@ -1733,6 +1749,10 @@ - DEVICE_FLAG_NONE }, - { "SONY", 0x0fce, "Xperia E3 MTP", 0x01bc, - DEVICE_FLAG_NONE }, -+ { "SONY", 0x0fce, "XPeria Z3+ MTP", 0x01c9, -+ DEVICE_FLAG_NONE }, -+ { "SONY", 0x0fce, "XPeria E4g MTP", 0x01cb, -+ DEVICE_FLAG_NONE }, - - - /* -@@ -1788,6 +1808,8 @@ - DEVICE_FLAG_NONE }, - { "SONY", 0x0fce, "Xperia M MTP+CDROM", 0x419b, - DEVICE_FLAG_NONE }, -+ { "SONY", 0x0fce, "Xperia Z Ultra MTP+CDROM (ID3)", 0x419c, -+ DEVICE_FLAG_NONE }, - { "SONY", 0x0fce, "Xperia Z1 MTP+CDROM", 0x419e, - DEVICE_FLAG_NONE }, - { "SONY", 0x0fce, "Xperia C MTP+CDROM", 0x41a3, -@@ -1796,10 +1818,20 @@ - DEVICE_FLAG_NONE }, - { "SONY", 0x0fce, "Xperia M2 MTP+CDROM", 0x41aa, - DEVICE_FLAG_NONE }, -+ { "SONY", 0x0fce, "Xperia M2 Dual MTP+CDROM", 0x41ab, -+ DEVICE_FLAG_NONE }, - { "SONY", 0x0fce, "Xperia Z2 MTP+CDROM", 0x41af, - DEVICE_FLAG_NONE }, - { "SONY", 0x0fce, "Xperia Z3 MTP+CDROM", 0x41ba, - DEVICE_FLAG_NONE }, -+ { "SONY", 0x0fce, "Xperia Z3 Compact MTP+CDROM", 0x41bb, -+ DEVICE_FLAG_NONE }, -+ { "SONY", 0x0fce, "Xperia E3 MTP+CDROM", 0x01bc, -+ DEVICE_FLAG_NONE }, -+ { "SONY", 0x0fce, "XPeria Z3+ MTP+CDROM", 0x41c9, -+ DEVICE_FLAG_NONE }, -+ { "SONY", 0x0fce, "XPeria E4g MTP+CDROM", 0x41cb, -+ DEVICE_FLAG_NONE }, - - /* - * MTP+ADB personalities of MTP devices (see above) -@@ -1888,6 +1920,8 @@ - DEVICE_FLAG_NONE }, - { "SONY", 0x0fce, "Xperia M2 MTP+ADB", 0x51aa, - DEVICE_FLAG_NONE }, -+ { "SONY", 0x0fce, "Xperia M2 Dual MTP+ADB", 0x51ab, -+ DEVICE_FLAG_NONE }, - { "SONY", 0x0fce, "Xperia Z2 MTP+ADB", 0x51af, - DEVICE_FLAG_NONE }, - { "SONY", 0x0fce, "Xperia Z Ultra MTP+ADB", 0x51b6, -@@ -1898,6 +1932,10 @@ - DEVICE_FLAG_NONE }, - { "SONY", 0x0fce, "Xperia E3 MTP+ADB", 0x51bc, - DEVICE_FLAG_NONE }, -+ { "SONY", 0x0fce, "XPeria Z3+ MTP+ADB", 0x51c9, -+ DEVICE_FLAG_NONE }, -+ { "SONY", 0x0fce, "XPeria E4g MTP+ADB", 0x51cb, -+ DEVICE_FLAG_NONE }, - - /* - * MTP+UMS modes -@@ -1936,6 +1974,9 @@ - * Motorola - * Assume DEVICE_FLAG_BROKEN_SET_OBJECT_PROPLIST on all of these. - */ -+ /* https://sourceforge.net/p/libmtp/feature-requests/136/ */ -+ { "Motorola", 0x22b8, "XT1524 (MTP)", 0x002e, -+ DEVICE_FLAGS_ANDROID_BUGS }, - // Reported by David Boyd <tiggrdave@users.sourceforge.net> - { "Motorola", 0x22b8, "V3m/V750 verizon", 0x2a65, - DEVICE_FLAG_BROKEN_SET_OBJECT_PROPLIST | -@@ -1952,6 +1993,9 @@ - DEVICE_FLAGS_ANDROID_BUGS }, - { "Motorola", 0x22b8, "Moto X (XT1058)", 0x2e63, - DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1323/ */ -+ { "Motorola", 0x22b8, "Moto X (XT1080)", 0x2e66, -+ DEVICE_FLAGS_ANDROID_BUGS }, - { "Motorola", 0x22b8, "Droid Maxx (XT1080)", 0x2e67, - DEVICE_FLAGS_ANDROID_BUGS }, - { "Motorola", 0x22b8, "Droid Ultra", 0x2e68, -@@ -2345,6 +2389,14 @@ - /* https://sourceforge.net/p/libmtp/bugs/1244/ */ - { "Asus", 0x0b05, "MemoPad 8 ME181 CX (MTP)", 0x5561, - DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1406/ */ -+ { "Asus", 0x0b05, "Zenfone 2 (MTP)", 0x5600, -+ DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1364/ */ -+ { "Asus", 0x0b05, "Z00AD (MTP)", 0x5601, -+ DEVICE_FLAGS_ANDROID_BUGS }, -+ { "Asus", 0x0b05, "TX201LA (MTP)", 0x561f, -+ DEVICE_FLAGS_ANDROID_BUGS }, - /* https://sourceforge.net/p/libmtp/bugs/1271/ */ - { "Asus", 0x0b05, "ZenFone 4 (MTP)", 0x580f, - DEVICE_FLAGS_ANDROID_BUGS }, -@@ -2354,9 +2406,20 @@ - /* https://sourceforge.net/p/libmtp/bugs/1258/ */ - { "Asus", 0x0b05, "A450CG (MTP)", 0x5a0f, - DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1350/ */ -+ { "Asus", 0x0b05, "Zenfone 2 ZE550ML (MTP)", 0x5f02, -+ DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1364/ */ -+ { "Asus", 0x0b05, "Zenfone 2 ZE551ML (MTP)", 0x5f03, -+ DEVICE_FLAGS_ANDROID_BUGS }, - /* https://sourceforge.net/p/libmtp/bugs/1232/ */ - { "Asus", 0x0b05, "MemoPad 7 (ME572CL)", 0x7772, - DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1351/ */ -+ { "Asus", 0x0b05, "Fonepad 7 (FE375CXG)", 0x7773, -+ DEVICE_FLAGS_ANDROID_BUGS }, -+ { "Asus", 0x0b05, "ZenFone 5 A500KL (MTP)", 0x7780, -+ DEVICE_FLAGS_ANDROID_BUGS }, - /* https://sourceforge.net/p/libmtp/bugs/1247/ */ - { "Asus", 0x0b05, "ZenFone 5 A500KL (MTP+ADB)", 0x7781, - DEVICE_FLAGS_ANDROID_BUGS }, -@@ -2365,6 +2428,12 @@ - /* - * Lenovo - */ -+ /* https://sourceforge.net/p/libmtp/support-requests/178/ */ -+ { "Lenovo", 0x17ef, "P70-A", 0x0c02, -+ DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1415/ */ -+ { "Lenovo", 0x17ef, "P70", 0x2008, -+ DEVICE_FLAGS_ANDROID_BUGS }, - // Reported by Richard Körber <shredzone@users.sourceforge.net> - { "Lenovo", 0x17ef, "K1", 0x740a, - DEVICE_FLAGS_ANDROID_BUGS }, -@@ -2407,6 +2476,9 @@ - DEVICE_FLAGS_ANDROID_BUGS }, - { "Lenovo", 0x17ef, "Toga Tablet B6000-F", 0x76f2, - DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1122/ */ -+ { "Lenovo", 0x17ef, "S930", 0x7718, -+ DEVICE_FLAGS_ANDROID_BUGS }, - /* https://sourceforge.net/p/libmtp/bugs/1250/ */ - { "Lenovo", 0x17ef, "A5500-F", 0x772b, - DEVICE_FLAGS_ANDROID_BUGS }, -@@ -2417,15 +2489,24 @@ - /* https://sourceforge.net/p/libmtp/bugs/1155/ */ - { "Lenovo", 0x17ef, "Yoga Tablet 10 B8000-H", 0x76ff, - DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1391/ */ -+ { "Lenovo", 0x17ef, "A7600-F", 0x7731, -+ DEVICE_FLAGS_ANDROID_BUGS }, - /* https://sourceforge.net/p/libmtp/bugs/1291/ */ - { "Lenovo", 0x17ef, "A3500-F", 0x7737, - DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/support-requests/186/ */ -+ { "Lenovo", 0x17ef, "Yoga Tablet 2 - 1050F", 0x77a4, -+ DEVICE_FLAGS_ANDROID_BUGS }, - /* https://sourceforge.net/p/libmtp/support-requests/168/ */ - { "Lenovo", 0x17ef, "Yoga Tablet 2 Pro", 0x77b1, - DEVICE_FLAGS_ANDROID_BUGS }, - /* https://sourceforge.net/p/libmtp/feature-requests/125/ */ - { "Lenovo", 0x17ef, "Vibe Z2", 0x77ea, - DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1360/ */ -+ { "Lenovo", 0x17ef, "K3 Note", 0x7883, -+ DEVICE_FLAGS_ANDROID_BUGS }, - - /* - * Huawei -@@ -2435,6 +2516,15 @@ - DEVICE_FLAGS_ANDROID_BUGS }, - { "Huawei", 0x12d1, "MTP device (ID2)", 0x1052, - DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1381/ */ -+ { "Huawei", 0x12d1, "H60-L11", 0x1079, -+ DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1361/ */ -+ { "Huawei", 0x12d1, "Ascend P8 ", 0x1082, -+ DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1418/ */ -+ { "Huawei", 0x12d1, "Honor 3C ", 0x2012, -+ DEVICE_FLAGS_ANDROID_BUGS }, - { "Huawei", 0x12d1, "Mediapad (mode 0)", 0x360f, - DEVICE_FLAGS_ANDROID_BUGS }, - // Reported by Bearsh <bearsh@users.sourceforge.net> -@@ -2452,6 +2542,8 @@ - /* https://sourceforge.net/p/libmtp/bugs/672/ */ - { "ZTE", 0x19d2, "Grand X In", 0x0343, DEVICE_FLAGS_ANDROID_BUGS }, - { "ZTE", 0x19d2, "V985", 0x0383, DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1328/ */ -+ { "ZTE", 0x19d2, "V5", 0xffce, DEVICE_FLAGS_ANDROID_BUGS }, - - /* - * HTC (High Tech Computer Corp) -@@ -2459,6 +2551,12 @@ - * Steven Eastland <grassmonk@users.sourceforge.net> - * Kevin Cheng <kache@users.sf.net> - */ -+ /* https://sourceforge.net/p/libmtp/support-requests/181/ */ -+ { "HTC", 0x0bb4, "HTC One M9 (MTP)", 0x040b, -+ DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1398/ */ -+ { "HTC", 0x0bb4, "Spreadtrum SH57MYZ03342 (MTP)", 0x05e3, -+ DEVICE_FLAGS_ANDROID_BUGS }, - /* reported by Mikkel Oscar Lyderik <mikkeloscar@gmail.com> */ - { "HTC", 0x0bb4, "HTC Desire 510 (MTP+ADB)", 0x05fd, - DEVICE_FLAGS_ANDROID_BUGS }, -@@ -2545,6 +2643,9 @@ - /* https://sourceforge.net/p/libmtp/bugs/1182/ */ - { "HTC", 0x0bb4, "Desire 310 (MTP)", 0x0ec6, - DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1420/ */ -+ { "HTC", 0x0bb4, "Desire 816G (MTP)", 0x0edb, -+ DEVICE_FLAGS_ANDROID_BUGS }, - { "HTC", 0x0bb4, "HTC One (MTP+ADB+CDC)", 0x0f5f, - DEVICE_FLAGS_ANDROID_BUGS }, - { "HTC", 0x0bb4, "HTC One (MTP+CDC)", 0x0f60, -@@ -2658,6 +2759,9 @@ - DEVICE_FLAGS_ANDROID_BUGS }, - { "Amazon", 0x1949, "Kindle Fire (ID5)", 0x0012, - DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1353/ */ -+ { "Amazon", 0x1949, "Kindle Fire HD6", 0x00f2, -+ DEVICE_FLAGS_ANDROID_BUGS }, - { "Amazon", 0x1949, "Fire Phone", 0x0800, - DEVICE_FLAGS_ANDROID_BUGS }, - -@@ -2677,6 +2781,9 @@ - DEVICE_FLAGS_ANDROID_BUGS }, - { "YiFang", 0x2207, "BQ Tesla", 0x0006, - DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1354/ */ -+ { "Various", 0x2207, "Viewpia DR/bq Kepler Debugging", 0x0011, -+ DEVICE_FLAGS_ANDROID_BUGS }, - - /* - * Kobo -@@ -2708,6 +2815,8 @@ - { "Intel", 0x8087, "Foxconn iView i700", 0x0a15, DEVICE_FLAGS_ANDROID_BUGS }, - /* https://sourceforge.net/p/libmtp/bugs/1237/ */ - { "Intel", 0x8087, "Telcast Air 3G", 0x0a5e, DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1338/ */ -+ { "Intel", 0x8087, "Chuwi vi8", 0x0a5f, DEVICE_FLAGS_ANDROID_BUGS }, - - /* - * Xiaomi -@@ -2738,6 +2847,15 @@ - DEVICE_FLAGS_ANDROID_BUGS }, - { "Xiaomi", 0x2717, "Mi-2 (MTP)", 0xf003, - DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1397/ */ -+ { "Xiaomi", 0x2717, "Mi-2s (id2) (MTP)", 0xff40, -+ DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1339/ */ -+ { "Xiaomi", 0x2717, "Mi-2s (MTP)", 0xff48, -+ DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1402/ */ -+ { "Xiaomi", 0x2717, "Redmi 2 (MTP)", 0xff60, -+ DEVICE_FLAGS_ANDROID_BUGS }, - - /* - * XO Learning Tablet -@@ -2774,6 +2892,9 @@ - /* https://sourceforge.net/p/libmtp/bugs/1304/ */ - { "Alcatel", 0x1bbb, "OneTouch 5042D (MTP)", 0xa00e, - DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1401/ */ -+ { "Alcatel", 0x1bbb, "OneTouch Idol 3 (MTP)", 0xaf2b, -+ DEVICE_FLAGS_ANDROID_BUGS }, - /* https://sourceforge.net/p/libmtp/feature-requests/114/ */ - { "Alcatel", 0x1bbb, "OneTouch 6034R", 0xf003, - DEVICE_FLAGS_ANDROID_BUGS }, -@@ -2782,8 +2903,12 @@ - * Kyocera - */ - { "Kyocera", 0x0482, "Rise", 0x0571, DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/feature-requests/134/ */ -+ { "Kyocera", 0x0482, "Torque Model E6715", 0x0059a, DEVICE_FLAGS_ANDROID_BUGS }, - /* https://sourceforge.net/p/libmtp/discussion/535190/thread/6270f5ce/ */ - { "Kyocera", 0x0482, "KYL22", 0x0810, DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1345/ */ -+ { "Kyocera", 0x0482, "DuraForce", 0x0979, DEVICE_FLAGS_ANDROID_BUGS }, - - /* - * HiSense -@@ -2798,12 +2923,20 @@ - DEVICE_FLAGS_ANDROID_BUGS }, - { "Hewlett-Packard", 0x03f0, "Slate 7 2800", 0x5d1d, - DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/bugs/1366/ */ -+ { "Hewlett-Packard", 0x03f0, "Slate 10 HD", 0x7e1d, -+ DEVICE_FLAGS_ANDROID_BUGS }, - - /* - * MediaTek Inc. - */ - { "MediaTek Inc", 0x0e8d, "MT5xx and MT6xx SoCs", 0x0050, - DEVICE_FLAGS_ANDROID_BUGS }, -+ { "MediaTek Inc", 0x0e8d, "MT65xx", 0x2008, -+ DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/feature-requests/79/ */ -+ { "MediaTek Inc", 0x0e8d, "Elephone P8000", 0x201d, -+ DEVICE_FLAGS_ANDROID_BUGS }, - - /* - * Jolla -@@ -2860,6 +2993,8 @@ - { "Prestigio", 0x29e4, "5505 DUO ", 0x1103, DEVICE_FLAGS_ANDROID_BUGS }, - /* https://sourceforge.net/p/libmtp/bugs/1243/ */ - { "Prestigio", 0x29e4, "5504 DUO ", 0x1203, DEVICE_FLAGS_ANDROID_BUGS }, -+ /* https://sourceforge.net/p/libmtp/feature-requests/141/ */ -+ { "Prestigio", 0x29e4, "3405 DUO ", 0x3201, DEVICE_FLAGS_ANDROID_BUGS }, - - /* https://sourceforge.net/p/libmtp/bugs/1283/ */ - { "Megafon", 0x201e, "MFLogin3T", 0x42ab, DEVICE_FLAGS_ANDROID_BUGS }, -@@ -2867,6 +3002,8 @@ - /* https://sourceforge.net/p/libmtp/bugs/1287/ */ - { "Gensis", 0x040d, "GT-7305 ", 0x885c, DEVICE_FLAGS_ANDROID_BUGS }, - -+ /* https://sourceforge.net/p/libmtp/support-requests/182/ */ -+ { "Oppo", 0x22d9, "Find 5", 0x2764, DEVICE_FLAGS_ANDROID_BUGS }, - /* https://sourceforge.net/p/libmtp/bugs/1207/ */ - { "Oppo", 0x22d9, "Find 7 (ID 1)", 0x2765, DEVICE_FLAGS_ANDROID_BUGS }, - /* https://sourceforge.net/p/libmtp/bugs/1277/ */ -@@ -2916,6 +3053,14 @@ - /* https://sourceforge.net/p/libmtp/bugs/1314/ */ - { "BenQ", 0x1d45, "F5", 0x459d, DEVICE_FLAGS_ANDROID_BUGS }, - -+ /* https://sourceforge.net/p/libmtp/bugs/1362/ */ -+ { "TomTom", 0x1390, "Rider 40", 0x5455, DEVICE_FLAGS_ANDROID_BUGS }, -+ -+ /* https://sourceforge.net/p/libmtp/feature-requests/135/. guessed android. */ -+ { "OUYA", 0x2836, "Videogame Console", 0x0010, DEVICE_FLAGS_ANDROID_BUGS }, -+ -+ /* https://sourceforge.net/p/libmtp/bugs/1383/ */ -+ { "BLU", 0x0e8d, "Studio HD", 0x2008, DEVICE_FLAGS_ANDROID_BUGS }, - /* - * Other strange stuff. - */ diff --git a/gnu/packages/patches/ninja-tests.patch b/gnu/packages/patches/ninja-tests.patch index 3436b6314d..f9b0d9f910 100644 --- a/gnu/packages/patches/ninja-tests.patch +++ b/gnu/packages/patches/ninja-tests.patch @@ -1,16 +1,17 @@ -SubprocessTest.SetWithLots fails with: - Raise [ulimit -n] well above 1025 to make this test go. -Skip it. +From 67d6b9262efad99f8aad63ab81efc8e689748766 Mon Sep 17 00:00:00 2001 +From: Efraim Flashner <efraim@flashner.co.il> +Date: Sun, 3 Jul 2016 11:55:43 +0300 +Subject: [PATCH] patch -SubprocessTest.InterruptChild fails when using 'system*': - *** Failure in src/subprocess_test.cc:83 - ExitInterrupted == subproc->Finish() -I can pass it by using 'system' instead of 'system*' when building locally, -but it still failed on Hydra. Skip it. +--- + src/subprocess_test.cc | 4 ++++ + 1 file changed, 4 insertions(+) ---- ninja-1.5.3.orig/src/subprocess_test.cc 2015-01-15 10:34:28.859522176 +0800 -+++ ninja-1.5.3/src/subprocess_test.cc 2015-01-15 10:37:52.969572075 +0800 -@@ -72,6 +72,7 @@ +diff --git a/src/subprocess_test.cc b/src/subprocess_test.cc +index ee16190..a537c11 100644 +--- a/src/subprocess_test.cc ++++ b/src/subprocess_test.cc +@@ -72,6 +72,7 @@ TEST_F(SubprocessTest, NoSuchCommand) { #ifndef _WIN32 @@ -18,7 +19,7 @@ but it still failed on Hydra. Skip it. TEST_F(SubprocessTest, InterruptChild) { Subprocess* subproc = subprocs_.Add("kill -INT $$"); ASSERT_NE((Subprocess *) 0, subproc); -@@ -82,6 +83,7 @@ +@@ -82,6 +83,7 @@ TEST_F(SubprocessTest, InterruptChild) { EXPECT_EQ(ExitInterrupted, subproc->Finish()); } @@ -26,7 +27,7 @@ but it still failed on Hydra. Skip it. TEST_F(SubprocessTest, InterruptParent) { Subprocess* subproc = subprocs_.Add("kill -INT $PPID ; sleep 1"); -@@ -169,6 +171,7 @@ +@@ -217,6 +219,7 @@ TEST_F(SubprocessTest, SetWithMulti) { // OS X's process limit is less than 1025 by default // (|sysctl kern.maxprocperuid| is 709 on 10.7 and 10.8 and less prior to that). #if !defined(__APPLE__) && !defined(_WIN32) @@ -34,11 +35,14 @@ but it still failed on Hydra. Skip it. TEST_F(SubprocessTest, SetWithLots) { // Arbitrary big number; needs to be over 1024 to confirm we're no longer // hostage to pselect. -@@ -196,6 +199,7 @@ +@@ -245,6 +248,7 @@ TEST_F(SubprocessTest, SetWithLots) { } ASSERT_EQ(kNumProcs, subprocs_.finished_.size()); } +#endif - #endif // !__APPLE__ && !_WIN32 + #endif // !__APPLE__ && !_WIN32 // TODO: this test could work on Windows, just not sure how to simply +-- +2.9.0 + diff --git a/gnu/packages/patches/openimageio-boost-1.60.patch b/gnu/packages/patches/openimageio-boost-1.60.patch deleted file mode 100644 index 92fc3237bb..0000000000 --- a/gnu/packages/patches/openimageio-boost-1.60.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 875fbbd92695397bfc83d1cd5fdd4094e1d50199 Mon Sep 17 00:00:00 2001 -From: Larry Gritz <lg@larrygritz.com> -Date: Mon, 28 Dec 2015 11:46:07 -0800 -Subject: [PATCH] Python ImageCache binding fixes -- disable broken calls - -Some of these calls (thankfully undocumented and presumably unused) -are horribly broken. They compiled before, but with new Boost 1.60 -they don't even compile properly. So just comment them out on this -obsolete branch. They are fully fixed in RB-1.6 and beyond. - ---- a/src/python/py_imagecache.cpp -+++ b/src/python/py_imagecache.cpp -@@ -199,23 +199,24 @@ void declare_imagecache() - .def("destroy", &ImageCacheWrap::destroy) - .staticmethod("destroy") - .def("clear", &ImageCacheWrap::clear) -- .def("attribute", &ImageCacheWrap::attribute) -+ // .def("attribute", &ImageCacheWrap::attribute) - .def("attribute", &ImageCacheWrap::attribute_int) - .def("attribute", &ImageCacheWrap::attribute_float) -- .def("attribute", &ImageCacheWrap::attribute_double) -- .def("attribute", &ImageCacheWrap::attribute_char) -+ // .def("attribute", &ImageCacheWrap::attribute_double) -+ // .def("attribute", &ImageCacheWrap::attribute_char) - .def("attribute", &ImageCacheWrap::attribute_string) -- .def("getattribute", &ImageCacheWrap::attribute) -+ // .def("getattribute", &ImageCacheWrap::attribute) - .def("getattribute", &ImageCacheWrap::getattribute_int) - .def("getattribute", &ImageCacheWrap::getattribute_float) -- .def("getattribute", &ImageCacheWrap::getattribute_double) -- .def("getattribute", &ImageCacheWrap::getattribute_char) -+ // .def("getattribute", &ImageCacheWrap::getattribute_double) -+ // .def("getattribute", &ImageCacheWrap::getattribute_char) - .def("getattribute", &ImageCacheWrap::getattribute_string) -- .def("resolve_filename", &ImageCacheWrap::resolve_filename) -- .def("get_image_info", &ImageCacheWrap::get_image_info) -- .def("get_image_info", &ImageCacheWrap::get_image_info_old) -+ // .def("get_image_info", &ImageCacheWrap::get_image_info) -+ // .def("get_image_info", &ImageCacheWrap::get_image_info_old) - .def("get_imagespec", &ImageCacheWrap::get_imagespec) -- .def("get_pixels", &ImageCacheWrap::get_pixels) -+ // .def("get_pixels", &ImageCacheWrap::get_pixels) -+ .def("resolve_filename", &ImageCacheWrap::resolve_filename) -+ - // .def("get_tile", &ImageCacheWrap::get_tile) - // .def("release_tile", &ImageCacheWrap::release_tile) - // .def("tile_pixels", &ImageCacheWrap::tile_pixels) diff --git a/gnu/packages/patches/python-dendropy-exclude-failing-tests.patch b/gnu/packages/patches/python-dendropy-exclude-failing-tests.patch new file mode 100644 index 0000000000..288a58b06f --- /dev/null +++ b/gnu/packages/patches/python-dendropy-exclude-failing-tests.patch @@ -0,0 +1,21 @@ +diff --git a/dendropy/test/test_phylogenetic_distance_matrix.py b/dendropy/test/test_phylogenetic_distance_matrix.py +index 10c05f5..a18ba52 100644 +--- a/dendropy/test/test_phylogenetic_distance_matrix.py ++++ b/dendropy/test/test_phylogenetic_distance_matrix.py +@@ -793,7 +793,7 @@ class PdmUpgmaTree(PdmTreeChecker, unittest.TestCase): + expected_tree=expected_tree) + + class NodeToNodeDistancesTest(unittest.TestCase): +- ++ @unittest.expectedFailure + def test_distances(self): + ## get distances from ape + # library(ape) +@@ -825,6 +825,7 @@ class NodeToNodeDistancesTest(unittest.TestCase): + e = reference_table[nd1.label, nd2.label] + self.assertAlmostEqual(d, e) + ++ @unittest.expectedFailure + def test_mrca(self): + test_runs = [ + "hiv1.newick", diff --git a/gnu/packages/patches/sudo-CVE-2015-5602.patch b/gnu/packages/patches/sudo-CVE-2015-5602.patch deleted file mode 100644 index 36c90fbee7..0000000000 --- a/gnu/packages/patches/sudo-CVE-2015-5602.patch +++ /dev/null @@ -1,372 +0,0 @@ -Based on the patch from https://www.sudo.ws/repos/sudo/raw-rev/c2e36a80a279 -Backported to 1.8.15 by Mark H Weaver <mhw@netris.org> - -# HG changeset patch -# User Todd C. Miller <Todd.Miller@courtesan.com> -# Date 1452475889 25200 -# Node ID c2e36a80a27927c32cba55afae78b8dc830cddc3 -# Parent 94ffd6b18431fa4b9ed0a0c3f0b7b9582a4f6bde -Rewritten sudoedit_checkdir support that checks all the dirs in the -path and refuses to follow symlinks in writable directories. -This is a better fix for CVE-2015-5602. -Adapted from a diff by Ben Hutchings. Bug #707 - -diff -r 94ffd6b18431 -r c2e36a80a279 doc/CONTRIBUTORS ---- a/doc/CONTRIBUTORS Mon Jan 04 10:47:11 2016 -0700 -+++ b/doc/CONTRIBUTORS Sun Jan 10 18:31:29 2016 -0700 -@@ -58,6 +58,7 @@ - Holloway, Nick - Hoover, Adam - Hunter, Michael T. -+ Hutchings, Ben - Irrgang, Eric - Jackson, Brian - Jackson, John R. -diff -r 94ffd6b18431 -r c2e36a80a279 doc/UPGRADE ---- a/doc/UPGRADE Mon Jan 04 10:47:11 2016 -0700 -+++ b/doc/UPGRADE Sun Jan 10 18:31:29 2016 -0700 -@@ -1,6 +1,15 @@ - Notes on upgrading from an older release - ======================================== - -+o Upgrading from a version prior to the post-1.8.15 fix for CVE-2015-5602. -+ -+ The meaning of the sudoedit_checkdir sudoers option has changed. -+ Previously, it would only check the parent directory -+ of the file to be edited. After the CVE fix, all directories -+ in the path to be edited are checked and sudoedit will refuse -+ to follow a symbolic link in a directory that is writable by -+ the invoking user. -+ - o Upgrading from a version prior to 1.8.15: - - Prior to version 1.8.15, when env_reset was enabled (the default) -diff -r 94ffd6b18431 -r c2e36a80a279 doc/sudoers.cat ---- a/doc/sudoers.cat Mon Jan 04 10:47:11 2016 -0700 -+++ b/doc/sudoers.cat Sun Jan 10 18:31:29 2016 -0700 -@@ -1275,12 +1275,15 @@ - system call. This flag is _o_f_f by default. - - sudoedit_checkdir -- If set, ssuuddooeeddiitt will refuse to edit files located in a -- directory that is writable by the invoking user unless -- it is run by root. On many systems, this option -- requires that the parent directory of the file to be -- edited be readable by the target user. This flag is -- _o_f_f by default. -+ If set, ssuuddooeeddiitt will check directories in the path to -+ be edited for writability by the invoking user. -+ Symbolic links will not be followed in writable -+ directories and ssuuddooeeddiitt will also refuse to edit a -+ file located in a writable directory. Theses -+ restrictions are not enforced when ssuuddooeeddiitt is invoked -+ as root. On many systems, this option requires that -+ all directories in the path to be edited be readable by -+ the target user. This flag is _o_f_f by default. - - sudoedit_follow By default, ssuuddooeeddiitt will not follow symbolic links - when opening files. The _s_u_d_o_e_d_i_t___f_o_l_l_o_w option can be -diff -r 94ffd6b18431 -r c2e36a80a279 doc/sudoers.man.in ---- a/doc/sudoers.man.in Mon Jan 04 10:47:11 2016 -0700 -+++ b/doc/sudoers.man.in Sun Jan 10 18:31:29 2016 -0700 -@@ -2715,10 +2715,16 @@ - .br - If set, - \fBsudoedit\fR --will refuse to edit files located in a directory that is writable --by the invoking user unless it is run by root. --On many systems, this option requires that the parent directory --of the file to be edited be readable by the target user. -+will check directories in the path to be edited for writability -+by the invoking user. -+Symbolic links will not be followed in writable directories and -+\fBsudoedit\fR -+will also refuse to edit a file located in a writable directory. -+Theses restrictions are not enforced when -+\fBsudoedit\fR -+is invoked as root. -+On many systems, this option requires that all directories -+in the path to be edited be readable by the target user. - This flag is - \fIoff\fR - by default. -diff -r 94ffd6b18431 -r c2e36a80a279 doc/sudoers.mdoc.in ---- a/doc/sudoers.mdoc.in Mon Jan 04 10:47:11 2016 -0700 -+++ b/doc/sudoers.mdoc.in Sun Jan 10 18:31:29 2016 -0700 -@@ -2549,10 +2549,16 @@ - .It sudoedit_checkdir - If set, - .Nm sudoedit --will refuse to edit files located in a directory that is writable --by the invoking user unless it is run by root. --On many systems, this option requires that the parent directory --of the file to be edited be readable by the target user. -+will check directories in the path to be edited for writability -+by the invoking user. -+Symbolic links will not be followed in writable directories and -+.Nm sudoedit -+will also refuse to edit a file located in a writable directory. -+Theses restrictions are not enforced when -+.Nm sudoedit -+is invoked as root. -+On many systems, this option requires that all directories -+in the path to be edited be readable by the target user. - This flag is - .Em off - by default. -diff -r 94ffd6b18431 -r c2e36a80a279 include/sudo_compat.h ---- a/include/sudo_compat.h Mon Jan 04 10:47:11 2016 -0700 -+++ b/include/sudo_compat.h Sun Jan 10 18:31:29 2016 -0700 -@@ -182,6 +182,8 @@ - # ifndef UTIME_NOW - # define UTIME_NOW -2L - # endif -+#endif -+#if !defined(HAVE_OPENAT) || (!defined(HAVE_FUTIMENS) && !defined(HAVE_UTIMENSAT)) - # ifndef AT_FDCWD - # define AT_FDCWD -100 - # endif -diff -r 94ffd6b18431 -r c2e36a80a279 src/sudo_edit.c ---- a/src/sudo_edit.c Mon Jan 04 10:47:11 2016 -0700 -+++ b/src/sudo_edit.c Sun Jan 10 18:31:29 2016 -0700 -@@ -179,13 +179,15 @@ - } - - #ifndef HAVE_OPENAT --/* This does not support AT_FDCWD... */ - static int - sudo_openat(int dfd, const char *path, int flags, mode_t mode) - { - int fd, odfd; - debug_decl(sudo_openat, SUDO_DEBUG_EDIT) - -+ if (dfd == AT_FDCWD) -+ debug_return_int(open(path, flags, mode)); -+ - /* Save cwd */ - if ((odfd = open(".", O_RDONLY)) == -1) - debug_return_int(-1); -@@ -207,6 +209,64 @@ - #define openat sudo_openat - #endif /* HAVE_OPENAT */ - -+#ifdef O_NOFOLLOW -+static int -+sudo_edit_openat_nofollow(int dfd, char *path, int oflags, mode_t mode) -+{ -+ debug_decl(sudo_edit_open_nofollow, SUDO_DEBUG_EDIT) -+ -+ debug_return_int(openat(dfd, path, oflags|O_NOFOLLOW, mode)); -+} -+#else -+/* -+ * Returns true if fd and path don't match or path is a symlink. -+ * Used on older systems without O_NOFOLLOW. -+ */ -+static bool -+sudo_edit_is_symlink(int fd, char *path) -+{ -+ struct stat sb1, sb2; -+ debug_decl(sudo_edit_is_symlink, SUDO_DEBUG_EDIT) -+ -+ /* -+ * Treat [fl]stat() failure like there was a symlink. -+ */ -+ if (fstat(fd, &sb1) == -1 || lstat(path, &sb2) == -1) -+ debug_return_bool(true); -+ -+ /* -+ * Make sure we did not open a link and that what we opened -+ * matches what is currently on the file system. -+ */ -+ if (S_ISLNK(sb2.st_mode) || -+ sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino) { -+ debug_return_bool(true); -+ } -+ -+ debug_return_bool(false); -+} -+ -+static int -+sudo_edit_openat_nofollow(char *path, int oflags, mode_t mode) -+{ -+ struct stat sb1, sb2; -+ int fd; -+ debug_decl(sudo_edit_openat_nofollow, SUDO_DEBUG_EDIT) -+ -+ fd = openat(dfd, path, oflags, mode); -+ if (fd == -1) -+ debug_return_int(-1); -+ -+ if (sudo_edit_is_symlink(fd, path)) { -+ close(fd); -+ fd = -1; -+ errno = ELOOP; -+ } -+ -+ debug_return_int(fd); -+} -+#endif /* O_NOFOLLOW */ -+ - /* - * Returns true if the directory described by sb is writable - * by the user. We treat directories with the sticky bit as -@@ -245,49 +305,94 @@ - debug_return_bool(false); - } - -+/* -+ * Directory open flags for use with openat(2) and fstat(2). -+ * Use O_PATH and O_DIRECTORY where possible. -+ */ -+#if defined(O_PATH) && defined(O_DIRECTORY) -+# define DIR_OPEN_FLAGS (O_PATH|O_DIRECTORY) -+#elif defined(O_PATH) && !defined(O_DIRECTORY) -+# define DIR_OPEN_FLAGS O_PATH -+#elif !defined(O_PATH) && defined(O_DIRECTORY) -+# define DIR_OPEN_FLAGS (O_RDONLY|O_DIRECTORY) -+#else -+# define DIR_OPEN_FLAGS (O_RDONLY|O_NONBLOCK) -+#endif -+ - static int - sudo_edit_open_nonwritable(char *path, int oflags, mode_t mode) - { -- char *base, *dir; -+ int dfd, fd, dflags = DIR_OPEN_FLAGS; -+#if defined(__linux__) && defined(O_PATH) -+ char *opath = path; -+#endif -+ bool is_writable; - struct stat sb; -- int dfd, fd; - debug_decl(sudo_edit_open_nonwritable, SUDO_DEBUG_EDIT) - -- base = strrchr(path, '/'); -- if (base != NULL) { -- *base++ = '\0'; -- dir = path; -+#if defined(__linux__) && defined(O_PATH) -+restart: -+#endif -+ if (path[0] == '/') { -+ dfd = open("/", dflags); -+ path++; - } else { -- base = path; -- dir = "."; -+ dfd = open(".", dflags); -+ if (path[0] == '.' && path[1] == '/') -+ path += 2; - } --#ifdef O_PATH -- if ((dfd = open(dir, O_PATH)) != -1) { -- /* Linux kernels < 3.6 can't do fstat on O_PATH fds. */ -- if (fstat(dfd, &sb) == -1) { -- close(dfd); -- dfd = open(dir, O_RDONLY); -- if (fstat(dfd, &sb) == -1) { -- close(dfd); -- dfd = -1; -- } -- } -- } --#else -- if ((dfd = open(dir, O_RDONLY)) != -1) { -- if (fstat(dfd, &sb) == -1) { -- close(dfd); -- dfd = -1; -- } -- } --#endif -- if (base != path) -- base[-1] = '/'; /* restore path */ - if (dfd == -1) - debug_return_int(-1); - -- if (dir_is_writable(&sb, user_details.uid, user_details.gid, -- user_details.ngroups, user_details.groups)) { -+ for (;;) { -+ char *slash; -+ int subdfd; -+ -+ /* -+ * Look up one component at a time, avoiding symbolic links in -+ * writable directories. -+ */ -+ if (fstat(dfd, &sb) == -1) { -+ close(dfd); -+#if defined(__linux__) && defined(O_PATH) -+ /* Linux prior to 3.6 can't fstat an O_PATH fd */ -+ if (ISSET(dflags, O_PATH)) { -+ CLR(dflags, O_PATH); -+ path = opath; -+ goto restart; -+ } -+#endif -+ debug_return_int(-1); -+ } -+#ifndef O_DIRECTORY -+ if (!S_ISDIR(sb.st_mode)) { -+ close(dfd); -+ errno = ENOTDIR; -+ debug_return_int(-1); -+ } -+#endif -+ is_writable = dir_is_writable(&sb, user_details.uid, user_details.gid, -+ user_details.ngroups, user_details.groups); -+ -+ while (path[0] == '/') -+ path++; -+ slash = strchr(path, '/'); -+ if (slash == NULL) -+ break; -+ *slash = '\0'; -+ if (is_writable) -+ subdfd = sudo_edit_openat_nofollow(dfd, path, dflags, 0); -+ else -+ subdfd = openat(dfd, path, dflags, 0); -+ *slash = '/'; /* restore path */ -+ close(dfd); -+ if (subdfd == -1) -+ debug_return_int(-1); -+ path = slash + 1; -+ dfd = subdfd; -+ } -+ -+ if (is_writable) { - close(dfd); - errno = EISDIR; - debug_return_int(-1); -@@ -332,27 +437,10 @@ - if (!ISSET(oflags, O_NONBLOCK)) - (void) fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); - -- /* -- * Treat [fl]stat() failure like an open() failure. -- */ -- if (fstat(fd, &sb1) == -1 || lstat(path, &sb2) == -1) { -- const int serrno = errno; -+ if (!ISSET(sflags, CD_SUDOEDIT_FOLLOW) && sudo_edit_is_symlink(fd, path)) { - close(fd); -- errno = serrno; -- debug_return_int(-1); -- } -- -- /* -- * Make sure we did not open a link and that what we opened -- * matches what is currently on the file system. -- */ -- if (!ISSET(sflags, CD_SUDOEDIT_FOLLOW)) { -- if (S_ISLNK(sb2.st_mode) || -- sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino) { -- close(fd); -- errno = ELOOP; -- debug_return_int(-1); -- } -+ fd = -1; -+ errno = ELOOP; - } - - debug_return_int(fd); - |