Merge branch 'master' into core-updates

6 files changed, 191 insertions, 36 deletions

diff --git a/gnu/packages/patches/cracklib-CVE-2016-6318.patch b/gnu/packages/patches/cracklib-CVE-2016-6318.patch
new file mode 100644
index 0000000000..4806ecaae9
--- /dev/null
+++ b/gnu/packages/patches/cracklib-CVE-2016-6318.patch
@@ -0,0 +1,95 @@
+Fix CVE-2016-6318.
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318
+
+Patch copied from Red Hat:
+
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-6318
+https://bugzilla.redhat.com/attachment.cgi?id=1188599&action=diff
+
+It is not safe to pass words longer than STRINGSIZE further to cracklib
+so the longbuffer cannot be longer than STRINGSIZE.
+diff -up cracklib-2.9.0/lib/fascist.c.longgecos cracklib-2.9.0/lib/fascist.c
+--- cracklib-2.9.0/lib/fascist.c.longgecos	2014-02-06 16:03:59.000000000 +0100
++++ cracklib-2.9.0/lib/fascist.c	2016-08-08 12:05:40.279235815 +0200
+@@ -515,7 +515,7 @@ FascistGecosUser(char *password, const c
+     char gbuffer[STRINGSIZE];
+     char tbuffer[STRINGSIZE];
+     char *uwords[STRINGSIZE];
+-    char longbuffer[STRINGSIZE * 2];
++    char longbuffer[STRINGSIZE];
+ 
+     if (gecos == NULL)
+ 	gecos = "";
+@@ -596,38 +596,47 @@ FascistGecosUser(char *password, const c
+     {
+ 	for (i = 0; i < j; i++)
+ 	{
+-	    strcpy(longbuffer, uwords[i]);
+-	    strcat(longbuffer, uwords[j]);
+-
+-	    if (GTry(longbuffer, password))
++	    if (strlen(uwords[i]) + strlen(uwords[j]) < STRINGSIZE)
+ 	    {
+-		return _("it is derived from your password entry");
+-	    }
+-
+-	    strcpy(longbuffer, uwords[j]);
+-	    strcat(longbuffer, uwords[i]);
++		strcpy(longbuffer, uwords[i]);
++		strcat(longbuffer, uwords[j]);
+ 
+-	    if (GTry(longbuffer, password))
+-	    {
+-		return _("it's derived from your password entry");
++		if (GTry(longbuffer, password))
++		{
++		    return _("it is derived from your password entry");
++		}
++
++		strcpy(longbuffer, uwords[j]);
++		strcat(longbuffer, uwords[i]);
++
++		if (GTry(longbuffer, password))
++		{
++		   return _("it's derived from your password entry");
++		}
+ 	    }
+ 
+-	    longbuffer[0] = uwords[i][0];
+-	    longbuffer[1] = '\0';
+-	    strcat(longbuffer, uwords[j]);
+-
+-	    if (GTry(longbuffer, password))
++	    if (strlen(uwords[j]) < STRINGSIZE - 1)
+ 	    {
+-		return _("it is derivable from your password entry");
++		longbuffer[0] = uwords[i][0];
++		longbuffer[1] = '\0';
++		strcat(longbuffer, uwords[j]);
++
++		if (GTry(longbuffer, password))
++		{
++		    return _("it is derivable from your password entry");
++		}
+ 	    }
+ 
+-	    longbuffer[0] = uwords[j][0];
+-	    longbuffer[1] = '\0';
+-	    strcat(longbuffer, uwords[i]);
+-
+-	    if (GTry(longbuffer, password))
++	    if (strlen(uwords[i]) < STRINGSIZE - 1)
+ 	    {
+-		return _("it's derivable from your password entry");
++		longbuffer[0] = uwords[j][0];
++		longbuffer[1] = '\0';
++		strcat(longbuffer, uwords[i]);
++
++		if (GTry(longbuffer, password))
++		{
++		    return _("it's derivable from your password entry");
++		}
+ 	    }
+ 	}
+     }
diff --git a/gnu/packages/patches/dico-idxgcide-bug.patch b/gnu/packages/patches/dico-idxgcide-bug.patch
deleted file mode 100644
index 28cc8a6a08..0000000000
--- a/gnu/packages/patches/dico-idxgcide-bug.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-Reported at <http://mail.gnu.org.ua/archives/bug-dico/2016-07/msg00000.html>.
-Patch the .c file to avoid depending on Flex.
-
-commit 4599abbda3b5979367138ea098e435c919fe93fc
-Author: Sergey Poznyakoff <gray@gnu.org>
-Date:   Thu Jul 28 14:09:58 2016 +0300
-
-    Bugfix
-    
-    * modules/gcide/idxgcide.l (main): Initialize ipg_header.
-
---- dico-2.2/modules/gcide/idxgcide.c	2016-07-28 14:15:07.823587004 +0200
-+++ dico-2.2/modules/gcide/idxgcide.c	2016-07-28 14:15:09.435600549 +0200
-@@ -2497,6 +2497,7 @@ main(int argc, char **argv)
- 	dico_log(L_ERR, 0, _("not enough memory"));
- 	exit(EX_UNAVAILABLE);
-     }
-+    idx_page->ipg_header.hdr.phdr_numentries = 0;
-     idx_page->ipg_header.hdr.phdr_text_offset = idx_header.ihdr_pagesize / 2;
- 
-     idx_header.ihdr_maxpageref = idx_header.ihdr_pagesize / 2 /
diff --git a/gnu/packages/patches/dico-libtool-deterministic.patch b/gnu/packages/patches/dico-libtool-deterministic.patch
deleted file mode 100644
index 957fc79786..0000000000
--- a/gnu/packages/patches/dico-libtool-deterministic.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Dico 2.2 uses an old Libtool (2.2.7a) that did not sort the output
-of 'find', thereby leading to non-deterministic file name ordering
-in the arguments passed to 'ar rcu' for libdico.a & co.
-
---- dico-2.2/build-aux/ltmain.sh	1970-01-01 01:00:00.000000000 +0100
-+++ dico-2.2/build-aux/ltmain.sh	2015-11-25 09:39:30.826169050 +0100
-@@ -2926,7 +2926,7 @@ func_extract_archives ()
-         func_extract_an_archive "$my_xdir" "$my_xabs"
- 	;;
-       esac
--      my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | $NL2SP`
-+      my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | sort | $NL2SP`
-     done
- 
-     func_extract_archives_result="$my_oldobjs"
diff --git a/gnu/packages/patches/jq-CVE-2015-8863.patch b/gnu/packages/patches/jq-CVE-2015-8863.patch
new file mode 100644
index 0000000000..20b3bb3f06
--- /dev/null
+++ b/gnu/packages/patches/jq-CVE-2015-8863.patch
@@ -0,0 +1,45 @@
+Fix CVE-2015-8863 (Off-by-one error in the tokenadd function in
+jv_parse.c in jq allows remote attackers to cause a denial of service
+(crash) via a long JSON-encoded number, which triggers a heap-based
+buffer overflow):
+
+<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8863>
+
+Copied from upstream code repository:
+
+<https://github.com/stedolan/jq/commit/8eb1367ca44e772963e704a700ef72ae2e12babd>
+
+From 8eb1367ca44e772963e704a700ef72ae2e12babd Mon Sep 17 00:00:00 2001
+From: Nicolas Williams <nico@cryptonector.com>
+Date: Sat, 24 Oct 2015 17:24:57 -0500
+Subject: [PATCH] Heap buffer overflow in tokenadd() (fix #105)
+
+This was an off-by one: the NUL terminator byte was not allocated on
+resize.  This was triggered by JSON-encoded numbers longer than 256
+bytes.
+---
+ jv_parse.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/jv_parse.c b/jv_parse.c
+index 3102ed4..84245b8 100644
+--- a/jv_parse.c
++++ b/jv_parse.c
+@@ -383,7 +383,7 @@ static pfunc stream_token(struct jv_parser* p, char ch) {
+ 
+ static void tokenadd(struct jv_parser* p, char c) {
+   assert(p->tokenpos <= p->tokenlen);
+-  if (p->tokenpos == p->tokenlen) {
++  if (p->tokenpos >= (p->tokenlen - 1)) {
+     p->tokenlen = p->tokenlen*2 + 256;
+     p->tokenbuf = jv_mem_realloc(p->tokenbuf, p->tokenlen);
+   }
+@@ -485,7 +485,7 @@ static pfunc check_literal(struct jv_parser* p) {
+     TRY(value(p, v));
+   } else {
+     // FIXME: better parser
+-    p->tokenbuf[p->tokenpos] = 0; // FIXME: invalid
++    p->tokenbuf[p->tokenpos] = 0;
+     char* end = 0;
+     double d = jvp_strtod(&p->dtoa, p->tokenbuf, &end);
+     if (end == 0 || *end != 0)
diff --git a/gnu/packages/patches/laby-make-install.patch b/gnu/packages/patches/laby-make-install.patch
new file mode 100644
index 0000000000..3e956bedd5
--- /dev/null
+++ b/gnu/packages/patches/laby-make-install.patch
@@ -0,0 +1,25 @@
+From e9896b8951f9faf1f76a3b45be6e70d0aeb30a73 Mon Sep 17 00:00:00 2001
+From: Jan Nieuwenhuizen <janneke@gnu.org>
+Date: Sat, 15 Nov 2014 17:48:18 +0100
+Subject: [PATCH] Add make install.
+
+---
+ Makefile | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/Makefile b/Makefile
+index ca18c1e..65af31b 100644
+--- a/Makefile	2016-02-09 21:34:01.883660009 +0100
++++ b/Makefile	2016-02-09 21:34:30.672150679 +0100
+@@ -19,3 +19,11 @@
+ 	@git archive --prefix="$(PROJECT_ARCHIVE)/" HEAD \
+ 		 | gzip >_dist/"$(PROJECT_ARCHIVE)".tar.gz
+ 	@echo archive stored in "_dist/$(PROJECT_ARCHIVE).tar.gz"
++
++PREFIX=/usr/local
++install:
++	strip laby
++	mkdir -p $(PREFIX)/bin
++	cp laby $(PREFIX)/bin/laby
++	mkdir -p $(PREFIX)/share/laby
++	tar -C data -cf - . | tar -C $(PREFIX)/share/laby -xf-
diff --git a/gnu/packages/patches/netsurf-about.patch b/gnu/packages/patches/netsurf-about.patch
new file mode 100644
index 0000000000..1fb8eae824
--- /dev/null
+++ b/gnu/packages/patches/netsurf-about.patch
@@ -0,0 +1,26 @@
+--- netsurf-all-3.5/netsurf/gtk/about.c
++++ netsurf-all-3.5/netsurf/gtk/about.c
+@@ -79,11 +79,11 @@
+ 	switch (response_id) {
+ 
+ 	case ABOUT_RESPONSE_ID_LICENCE:
+-		about_open("about:credits");
++		about_open("about:licence");
+ 		break;
+ 
+ 	case ABOUT_RESPONSE_ID_CREDITS:
+-		about_open("about:licence");
++		about_open("about:credits");
+ 		break;
+ 	}
+ 
+--- netsurf-all-3.5/netsurf/desktop/version.c
++++ netsurf-all-3.5/netsurf/desktop/version.c
+@@ -20,6 +20,6 @@
+ 
+ #include "desktop/version.h"
+ 
+-const char * const netsurf_version = "3.5 (6th April 1016)";
++const char * const netsurf_version = "3.5 (6th April 2016)";
+ const int netsurf_version_major = 3;
+ const int netsurf_version_minor = 5;