diff options
author | Marius Bakke <mbakke@fastmail.com> | 2017-02-13 22:35:05 +0100 |
---|---|---|
committer | Marius Bakke <mbakke@fastmail.com> | 2017-02-13 22:35:05 +0100 |
commit | 424b1ae76901c538457bd3c30d9d9cf67e79855f (patch) | |
tree | acc35c1160625618cd6083e728c6a4ff7e9cccc9 /gnu/packages/patches | |
parent | a50e03014177d2f00b5b85d3e1c295406f842016 (diff) | |
parent | eae2dbd47ac1f4a201b8584e2f88c30cd28e093a (diff) | |
download | guix-424b1ae76901c538457bd3c30d9d9cf67e79855f.tar guix-424b1ae76901c538457bd3c30d9d9cf67e79855f.tar.gz |
Merge branch 'master' into python-tests
Diffstat (limited to 'gnu/packages/patches')
51 files changed, 2799 insertions, 397 deletions
diff --git a/gnu/packages/patches/duplicity-piped-password.patch b/gnu/packages/patches/duplicity-piped-password.patch deleted file mode 100644 index db50f5df32..0000000000 --- a/gnu/packages/patches/duplicity-piped-password.patch +++ /dev/null @@ -1,20 +0,0 @@ -This test, on three occasions, is failing with the error: - - EOF: End Of File (EOF) in read_nonblocking(). Braindead platform. - ---- duplicity-0.6.24/testing/functional/test_final.py 2014-09-28 13:14:52.146001614 -0500 -+++ duplicity-0.6.24/testing/functional/test_final.py 2014-09-28 13:13:20.333546342 -0500 -@@ -156,13 +156,6 @@ - self.run_duplicity(options=["remove-older-than", "50000", "--force", self.backend_url]) - self.assertEqual(self.get_backend_files(), second_chain) - -- def test_piped_password(self): -- """Make sure that prompting for a password works""" -- self.set_environ("PASSPHRASE", None) -- self.backup("full", "testfiles/empty_dir", -- passphrase_input=[self.sign_passphrase, self.sign_passphrase]) -- self.restore(passphrase_input=[self.sign_passphrase]) -- - - class OldFilenamesFinalTest(FinalTest): - diff --git a/gnu/packages/patches/duplicity-test_selection-tmp.patch b/gnu/packages/patches/duplicity-test_selection-tmp.patch deleted file mode 100644 index 8f66be4dcc..0000000000 --- a/gnu/packages/patches/duplicity-test_selection-tmp.patch +++ /dev/null @@ -1,18 +0,0 @@ -Reported upstream at https://bugs.launchpad.net/duplicity/+bug/1375019 - ---- duplicity-0.6.24/testing/unit/test_selection.py 2014-05-09 08:27:40.000000000 -0500 -+++ duplicity-0.6.24/testing/unit/test_selection.py 2014-09-28 12:28:53.932324380 -0500 -@@ -431,10 +431,10 @@ - [(), ('1',), ('1', '1'), ('1', '2'), ('1', '3')]) - - self.root = Path("/") -- self.ParseTest([("--exclude", "/home/*"), -- ("--include", "/home"), -+ self.ParseTest([("--exclude", "/tmp/*"), -+ ("--include", "/tmp"), - ("--exclude", "/")], -- [(), ("home",)]) -+ [(), ("tmp",)]) - - if __name__ == "__main__": - unittest.main() diff --git a/gnu/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch b/gnu/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch new file mode 100644 index 0000000000..40aae7a9d7 --- /dev/null +++ b/gnu/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch @@ -0,0 +1,27 @@ +Don’t add linker flags via ‘response files’ since ld-wrapper +doesn’t handle them. +See https://github.com/NixOS/nixpkgs/commit/a421e7bd4a28c69bded8b17888325e31554f61a1 +https://gcc.gnu.org/ml/gcc/2016-10/msg00151.html + +diff --git a/compiler/main/SysTools.hs.orig b/compiler/main/SysTools.hs +index 1ab5b13..99270fc 100644 +--- a/compiler/main/SysTools.hs.orig ++++ b/compiler/main/SysTools.hs +@@ -424,7 +424,7 @@ runCc dflags args = do + args1 = map Option (getOpts dflags opt_c) + args2 = args0 ++ args1 ++ args + mb_env <- getGccEnv args2 +- runSomethingResponseFile dflags cc_filter "C Compiler" p args2 mb_env ++ runSomethingFiltered dflags cc_filter "C Compiler" p args2 mb_env + where + -- discard some harmless warnings from gcc that we can't turn off + cc_filter = unlines . doFilter . lines +@@ -945,7 +945,7 @@ runLink dflags args = do + args1 = map Option (getOpts dflags opt_l) + args2 = args0 ++ linkargs ++ args1 ++ args + mb_env <- getGccEnv args2 +- runSomethingResponseFile dflags ld_filter "Linker" p args2 mb_env ++ runSomethingFiltered dflags ld_filter "Linker" p args2 mb_env + where + ld_filter = case (platformOS (targetPlatform dflags)) of + OSSolaris2 -> sunos_ld_filter diff --git a/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch b/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch deleted file mode 100644 index 79bb41caaa..0000000000 --- a/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch +++ /dev/null @@ -1,40 +0,0 @@ -This fixes a segfault on 32-bit architectures. Upstream discussion: - -https://lists.gnupg.org/pipermail/gnupg-devel/2016-December/032364.html - -Guix thread: https://lists.gnu.org/archive/html/guix-devel/2016-12/msg00631.html - -Patch copied from upstream source repository: - -https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=6e96cdd41a0e55b672309431062f37c4a4a9f485 - -From 6e96cdd41a0e55b672309431062f37c4a4a9f485 Mon Sep 17 00:00:00 2001 -From: Justus Winter <justus@g10code.com> -Date: Wed, 21 Dec 2016 16:14:45 +0100 -Subject: [PATCH] gpgscm: Guard use of union member. - -* tests/gpgscm/scheme.c (opexe_5): Check that we have a file port -before accessing filename. Fixes a crash on 32-bit architectures. - -Fixes-commit: e7429b1ced0c69fa7901f888f8dc25f00fc346a4 -Signed-off-by: Justus Winter <justus@g10code.com> ---- - tests/gpgscm/scheme.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c -index a5b7691..2844545 100644 ---- a/tests/gpgscm/scheme.c -+++ b/tests/gpgscm/scheme.c -@@ -4838,7 +4838,7 @@ static pointer opexe_5(scheme *sc, enum scheme_opcodes op) { - } else { - sc->nesting_stack[sc->file_i]++; - #if USE_TAGS && SHOW_ERROR_LINE -- { -+ if (sc->load_stack[sc->file_i].kind & port_file) { - const char *filename = - sc->load_stack[sc->file_i].rep.stdio.filename; - int lineno = --- -2.8.0.rc3 - diff --git a/gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch b/gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch new file mode 100644 index 0000000000..4c6c7ed06e --- /dev/null +++ b/gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch @@ -0,0 +1,32 @@ +This fixes a test failure on i686. + +Patch copied from upstream source repository: + +https://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=5e2e111627871c566ffc6607eda8f4ef4699d040 + +From 5e2e111627871c566ffc6607eda8f4ef4699d040 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> +Date: Thu, 2 Feb 2017 14:56:39 +0200 +Subject: [PATCH] multifdsink: Make sure to use a 64 bit integer for the + units-max property + +--- + tests/check/elements/multifdsink.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/check/elements/multifdsink.c b/tests/check/elements/multifdsink.c +index af138cc92..951b1b9fa 100644 +--- a/tests/check/elements/multifdsink.c ++++ b/tests/check/elements/multifdsink.c +@@ -869,7 +869,7 @@ GST_START_TEST (test_client_kick) + gint i, initial_buffers = 3, num_buffers = 0; + + sink = setup_multifdsink (); +- g_object_set (sink, "units-max", initial_buffers, NULL); ++ g_object_set (sink, "units-max", (gint64) initial_buffers, NULL); + + fail_if (pipe (pfd1) == -1); + fail_if (pipe (pfd2) == -1); +-- +2.11.0 + diff --git a/gnu/packages/patches/httpd-CVE-2016-8740.patch b/gnu/packages/patches/httpd-CVE-2016-8740.patch deleted file mode 100644 index 17ba323ccf..0000000000 --- a/gnu/packages/patches/httpd-CVE-2016-8740.patch +++ /dev/null @@ -1,36 +0,0 @@ -This patch applies against httpd-2.4.23 and shouldn't be needed in later releases -http://openwall.com/lists/oss-security/2016/12/05/17 -Index: modules/http2/h2_stream.c -=================================================================== ---- modules/http2/h2_stream.c (revision 1771866) -+++ modules/http2/h2_stream.c (working copy) -@@ -322,18 +322,18 @@ - HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE); - } - } -- } -- -- if (h2_stream_is_scheduled(stream)) { -- return h2_request_add_trailer(stream->request, stream->pool, -- name, nlen, value, vlen); -- } -- else { -- if (!input_open(stream)) { -- return APR_ECONNRESET; -+ -+ if (h2_stream_is_scheduled(stream)) { -+ return h2_request_add_trailer(stream->request, stream->pool, -+ name, nlen, value, vlen); - } -- return h2_request_add_header(stream->request, stream->pool, -- name, nlen, value, vlen); -+ else { -+ if (!input_open(stream)) { -+ return APR_ECONNRESET; -+ } -+ return h2_request_add_header(stream->request, stream->pool, -+ name, nlen, value, vlen); -+ } - } - } - diff --git a/gnu/packages/patches/khal-disable-failing-tests.patch b/gnu/packages/patches/khal-disable-failing-tests.patch deleted file mode 100644 index e2c65df8ce..0000000000 --- a/gnu/packages/patches/khal-disable-failing-tests.patch +++ /dev/null @@ -1,33 +0,0 @@ -Disable some tests that are known to fail: - -https://github.com/pimutils/khal/issues/546 -https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844081 - -diff --git a/tests/khalendar_test.py b/tests/khalendar_test.py -index fd8dcc6..17732bf 100644 ---- a/tests/khalendar_test.py -+++ b/tests/khalendar_test.py -@@ -65,6 +65,7 @@ class TestCalendar(object): - else: - mtimes[cal] = mtime - -+ @pytest.mark.xfail - def test_db_needs_update(self, coll_vdirs): - coll, vdirs = coll_vdirs - -@@ -321,6 +322,7 @@ class TestDbCreation(object): - CalendarCollection(calendars, dbpath=dbpath, locale=aux.locale) - - -+@pytest.mark.xfail - def test_default_calendar(coll_vdirs): - """test if an update to the vdir is detected by the CalendarCollection""" - coll, vdirs = coll_vdirs -@@ -341,6 +343,7 @@ def test_default_calendar(coll_vdirs): - assert len(list(coll.get_events_on(today))) == 0 - - -+@pytest.mark.xfail - def test_only_update_old_event(coll_vdirs, monkeypatch): - coll, vdirs = coll_vdirs - diff --git a/gnu/packages/patches/lcms-fix-out-of-bounds-read.patch b/gnu/packages/patches/lcms-fix-out-of-bounds-read.patch new file mode 100644 index 0000000000..d9f7ac6a36 --- /dev/null +++ b/gnu/packages/patches/lcms-fix-out-of-bounds-read.patch @@ -0,0 +1,34 @@ +Fix an out-of-bounds heap read in Type_MLU_Read(): + +http://seclists.org/oss-sec/2016/q3/288 +https://bugzilla.redhat.com/show_bug.cgi?id=1367357 + +Patch copied from upstream source repository: + +https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2 + +From 5ca71a7bc18b6897ab21d815d15e218e204581e2 Mon Sep 17 00:00:00 2001 +From: Marti <marti.maria@tktbrainpower.com> +Date: Mon, 15 Aug 2016 23:31:39 +0200 +Subject: [PATCH] Added an extra check to MLU bounds + +Thanks to Ibrahim el-sayed for spotting the bug +--- + src/cmstypes.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/cmstypes.c b/src/cmstypes.c +index cb61860..c7328b9 100644 +--- a/src/cmstypes.c ++++ b/src/cmstypes.c +@@ -1460,6 +1460,7 @@ void *Type_MLU_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU + + // Check for overflow + if (Offset < (SizeOfHeader + 8)) goto Error; ++ if ((Offset + Len) > SizeOfTag + 8) goto Error; + + // True begin of the string + BeginOfThisString = Offset - SizeOfHeader - 8; +-- +2.11.0 + diff --git a/gnu/packages/patches/ldc-1.1.0-disable-dmd-tests.patch b/gnu/packages/patches/ldc-1.1.0-disable-dmd-tests.patch new file mode 100644 index 0000000000..31eb44aefc --- /dev/null +++ b/gnu/packages/patches/ldc-1.1.0-disable-dmd-tests.patch @@ -0,0 +1,35 @@ +This patch deactivates some tests that fail when ldc is built with the command: + +./pre-inst-env guix environment guix --pure -- ./pre-inst-env guix build ldc@1.1.0-beta6 + +When the --keep-failed flag is added to the build command above, and the tests +run in the resulting /tmp/guix-build-ldc-1.1.0-beta6.drv-* directory, the tests +pass. + +by Frederick M. Muriithi <fredmanglis@gmail.com> + +diff --git a/d_do_test.d b/d_do_test.d +index aa67169..8173759 100755 +--- a/d_do_test.d ++++ b/d_do_test.d +@@ -645,8 +645,6 @@ int main(string[] args) + auto gdb_output = execute(fThisRun, command, true, result_path); + if (testArgs.gdbMatch !is null) + { +- enforce(match(gdb_output, regex(testArgs.gdbMatch)), +- "\nGDB regex: '"~testArgs.gdbMatch~"' didn't match output:\n----\n"~gdb_output~"\n----\n"); + } + } + } +diff --git a/runnable/gdb15729.sh b/runnable/gdb15729.sh +index 1d390e0..906b2b6 100755 +--- a/runnable/gdb15729.sh ++++ b/runnable/gdb15729.sh +@@ -21,7 +21,6 @@ if [ $OS == "linux" ]; then + echo RESULT= + p s.val + EOF +- gdb ${dir}${SEP}gdb15729 --batch -x ${dir}${SEP}gdb15729.gdb | grep 'RESULT=.*1234' || exit 1 + fi + + rm -f ${libname} ${dir}${SEP}{gdb15729${OBJ},gdb15729${EXE},gdb15729.gdb} diff --git a/gnu/packages/patches/ldc-1.1.0-disable-phobos-tests.patch b/gnu/packages/patches/ldc-1.1.0-disable-phobos-tests.patch new file mode 100644 index 0000000000..70dd419455 --- /dev/null +++ b/gnu/packages/patches/ldc-1.1.0-disable-phobos-tests.patch @@ -0,0 +1,414 @@ +This patch deactivates failing tests that depend on network connectivity +to pass in curl.d and socket.d +It deactivates tests in path.d that assume /root + +A thread was started on the ldc forum to pursue the possibility of a +version flag to deactivate tests conditionally. The thread is at +https://forum.dlang.org/post/zmdbdgnzrxyvtpqafvyg@forum.dlang.org + +by Frederick M. Muriithi <fredmanglis@gmail.com> + +diff --git a/std/datetime.d b/std/datetime.d +index 4d4afb1..2c91a44 100644 +--- a/std/datetime.d ++++ b/std/datetime.d +@@ -27306,8 +27306,8 @@ public: + // leaving it commented out until I can sort it out. + //assert(equal(tzNames, tzNames.uniq())); + +- foreach(tzName; tzNames) +- assertNotThrown!DateTimeException(testPZSuccess(tzName)); ++ //foreach(tzName; tzNames) ++ //assertNotThrown!DateTimeException(testPZSuccess(tzName)); + } + + +@@ -29178,8 +29178,8 @@ public: + + auto tzNames = getInstalledTZNames(); + +- foreach(tzName; tzNames) +- assertNotThrown!DateTimeException(testPTZSuccess(tzName)); ++ //foreach(tzName; tzNames) ++ //assertNotThrown!DateTimeException(testPTZSuccess(tzName)); + + // No timezone directories on Android, just a single tzdata file + version(Android) {} else +diff --git a/std/net/curl.d b/std/net/curl.d +index 9c6af66..5fccb38 100644 +--- a/std/net/curl.d ++++ b/std/net/curl.d +@@ -419,7 +419,7 @@ void download(Conn = AutoProtocol)(const(char)[] url, string saveToPath, Conn co + + unittest + { +- static import std.file; ++ /*static import std.file; + foreach (host; [testServer.addr, "http://"~testServer.addr]) + { + testServer.handle((s) { +@@ -430,7 +430,7 @@ unittest + scope (exit) std.file.remove(fn); + download(host, fn); + assert(std.file.readText(fn) == "Hello world"); +- } ++ }*/ + } + + /** Upload file from local files system using the HTTP or FTP protocol. +@@ -483,7 +483,7 @@ void upload(Conn = AutoProtocol)(string loadFromPath, const(char)[] url, Conn co + + unittest + { +- static import std.file; ++ /*static import std.file; + foreach (host; [testServer.addr, "http://"~testServer.addr]) + { + auto fn = std.file.deleteme; +@@ -496,7 +496,7 @@ unittest + s.send(httpOK()); + }); + upload(fn, host ~ "/path"); +- } ++ }*/ + } + + /** HTTP/FTP get content. +@@ -551,7 +551,7 @@ T[] get(Conn = AutoProtocol, T = char)(const(char)[] url, Conn conn = Conn()) + + unittest + { +- foreach (host; [testServer.addr, "http://"~testServer.addr]) ++ /*foreach (host; [testServer.addr, "http://"~testServer.addr]) + { + testServer.handle((s) { + assert(s.recvReq.hdrs.canFind("GET /path")); +@@ -559,7 +559,7 @@ unittest + }); + auto res = get(host ~ "/path"); + assert(res == "GETRESPONSE"); +- } ++ }*/ + } + + +@@ -598,7 +598,7 @@ if (is(T == char) || is(T == ubyte)) + + unittest + { +- foreach (host; [testServer.addr, "http://"~testServer.addr]) ++ /*foreach (host; [testServer.addr, "http://"~testServer.addr]) + { + testServer.handle((s) { + auto req = s.recvReq; +@@ -608,12 +608,12 @@ unittest + }); + auto res = post(host ~ "/path", "POSTBODY"); + assert(res == "POSTRESPONSE"); +- } ++ }*/ + } + + unittest + { +- auto data = new ubyte[](256); ++ /*auto data = new ubyte[](256); + foreach (i, ref ub; data) + ub = cast(ubyte)i; + +@@ -624,7 +624,7 @@ unittest + s.send(httpOK(cast(ubyte[])[17, 27, 35, 41])); + }); + auto res = post!ubyte(testServer.addr, data); +- assert(res == cast(ubyte[])[17, 27, 35, 41]); ++ assert(res == cast(ubyte[])[17, 27, 35, 41]);*/ + } + + +@@ -680,7 +680,7 @@ T[] put(Conn = AutoProtocol, T = char, PutUnit)(const(char)[] url, const(PutUnit + + unittest + { +- foreach (host; [testServer.addr, "http://"~testServer.addr]) ++ /*foreach (host; [testServer.addr, "http://"~testServer.addr]) + { + testServer.handle((s) { + auto req = s.recvReq; +@@ -690,7 +690,7 @@ unittest + }); + auto res = put(host ~ "/path", "PUTBODY"); + assert(res == "PUTRESPONSE"); +- } ++ }*/ + } + + +@@ -742,7 +742,7 @@ void del(Conn = AutoProtocol)(const(char)[] url, Conn conn = Conn()) + + unittest + { +- foreach (host; [testServer.addr, "http://"~testServer.addr]) ++ /*foreach (host; [testServer.addr, "http://"~testServer.addr]) + { + testServer.handle((s) { + auto req = s.recvReq; +@@ -750,7 +750,7 @@ unittest + s.send(httpOK()); + }); + del(host ~ "/path"); +- } ++ }*/ + } + + +@@ -796,13 +796,13 @@ T[] options(T = char, OptionsUnit)(const(char)[] url, + + unittest + { +- testServer.handle((s) { ++ /*testServer.handle((s) { + auto req = s.recvReq; + assert(req.hdrs.canFind("OPTIONS /path")); + s.send(httpOK("OPTIONSRESPONSE")); + }); + auto res = options(testServer.addr ~ "/path"); +- assert(res == "OPTIONSRESPONSE"); ++ assert(res == "OPTIONSRESPONSE");*/ + } + + +@@ -836,13 +836,13 @@ T[] trace(T = char)(const(char)[] url, HTTP conn = HTTP()) + + unittest + { +- testServer.handle((s) { ++ /*testServer.handle((s) { + auto req = s.recvReq; + assert(req.hdrs.canFind("TRACE /path")); + s.send(httpOK("TRACERESPONSE")); + }); + auto res = trace(testServer.addr ~ "/path"); +- assert(res == "TRACERESPONSE"); ++ assert(res == "TRACERESPONSE");*/ + } + + +@@ -875,13 +875,13 @@ T[] connect(T = char)(const(char)[] url, HTTP conn = HTTP()) + + unittest + { +- testServer.handle((s) { ++ /*testServer.handle((s) { + auto req = s.recvReq; + assert(req.hdrs.canFind("CONNECT /path")); + s.send(httpOK("CONNECTRESPONSE")); + }); + auto res = connect(testServer.addr ~ "/path"); +- assert(res == "CONNECTRESPONSE"); ++ assert(res == "CONNECTRESPONSE");*/ + } + + +@@ -919,14 +919,14 @@ T[] patch(T = char, PatchUnit)(const(char)[] url, const(PatchUnit)[] patchData, + + unittest + { +- testServer.handle((s) { ++ /*testServer.handle((s) { + auto req = s.recvReq; + assert(req.hdrs.canFind("PATCH /path")); + assert(req.bdy.canFind("PATCHBODY")); + s.send(httpOK("PATCHRESPONSE")); + }); + auto res = patch(testServer.addr ~ "/path", "PATCHBODY"); +- assert(res == "PATCHRESPONSE"); ++ assert(res == "PATCHRESPONSE");*/ + } + + +@@ -1031,19 +1031,19 @@ private auto _basicHTTP(T)(const(char)[] url, const(void)[] sendData, HTTP clien + + unittest + { +- testServer.handle((s) { ++ /*testServer.handle((s) { + auto req = s.recvReq; + assert(req.hdrs.canFind("GET /path")); + s.send(httpNotFound()); + }); + auto e = collectException!CurlException(get(testServer.addr ~ "/path")); +- assert(e.msg == "HTTP request returned status code 404 (Not Found)"); ++ assert(e.msg == "HTTP request returned status code 404 (Not Found)");*/ + } + + // Bugzilla 14760 - content length must be reset after post + unittest + { +- testServer.handle((s) { ++ /*testServer.handle((s) { + auto req = s.recvReq; + assert(req.hdrs.canFind("POST /")); + assert(req.bdy.canFind("POSTBODY")); +@@ -1061,7 +1061,7 @@ unittest + auto res = post(testServer.addr, "POSTBODY", http); + assert(res == "POSTRESPONSE"); + res = trace(testServer.addr, http); +- assert(res == "TRACERESPONSE"); ++ assert(res == "TRACERESPONSE");*/ + } + + /* +@@ -1265,14 +1265,14 @@ if (isCurlConn!Conn && isSomeChar!Char && isSomeChar!Terminator) + + unittest + { +- foreach (host; [testServer.addr, "http://"~testServer.addr]) ++ /*foreach (host; [testServer.addr, "http://"~testServer.addr]) + { + testServer.handle((s) { + auto req = s.recvReq; + s.send(httpOK("Line1\nLine2\nLine3")); + }); + assert(byLine(host).equal(["Line1", "Line2", "Line3"])); +- } ++ }*/ + } + + /** HTTP/FTP fetch content as a range of chunks. +@@ -1337,14 +1337,14 @@ auto byChunk(Conn = AutoProtocol) + + unittest + { +- foreach (host; [testServer.addr, "http://"~testServer.addr]) ++ /*foreach (host; [testServer.addr, "http://"~testServer.addr]) + { + testServer.handle((s) { + auto req = s.recvReq; + s.send(httpOK(cast(ubyte[])[0, 1, 2, 3, 4, 5])); + }); + assert(byChunk(host, 2).equal([[0, 1], [2, 3], [4, 5]])); +- } ++ }*/ + } + + private T[] _getForRange(T,Conn)(const(char)[] url, Conn conn) +@@ -1629,14 +1629,14 @@ auto byLineAsync(Conn = AutoProtocol, Terminator = char, Char = char) + + unittest + { +- foreach (host; [testServer.addr, "http://"~testServer.addr]) ++ /*foreach (host; [testServer.addr, "http://"~testServer.addr]) + { + testServer.handle((s) { + auto req = s.recvReq; + s.send(httpOK("Line1\nLine2\nLine3")); + }); + assert(byLineAsync(host).equal(["Line1", "Line2", "Line3"])); +- } ++ }*/ + } + + +@@ -1778,14 +1778,14 @@ auto byChunkAsync(Conn = AutoProtocol) + + unittest + { +- foreach (host; [testServer.addr, "http://"~testServer.addr]) ++ /*foreach (host; [testServer.addr, "http://"~testServer.addr]) + { + testServer.handle((s) { + auto req = s.recvReq; + s.send(httpOK(cast(ubyte[])[0, 1, 2, 3, 4, 5])); + }); + assert(byChunkAsync(host, 2).equal([[0, 1], [2, 3], [4, 5]])); +- } ++ }*/ + } + + +@@ -2041,7 +2041,7 @@ private mixin template Protocol() + + unittest + { +- testServer.handle((s) { ++ /*testServer.handle((s) { + auto req = s.recvReq; + assert(req.hdrs.canFind("GET /")); + assert(req.hdrs.canFind("Basic dXNlcjpwYXNz")); +@@ -2051,7 +2051,7 @@ private mixin template Protocol() + auto http = HTTP(testServer.addr); + http.onReceive = (ubyte[] data) { return data.length; }; + http.setAuthentication("user", "pass"); +- http.perform(); ++ http.perform();*/ + } + + /** +@@ -2959,7 +2959,7 @@ struct HTTP + + unittest + { +- testServer.handle((s) { ++ /*testServer.handle((s) { + auto req = s.recvReq!ubyte; + assert(req.hdrs.canFind("POST /path")); + assert(req.bdy.canFind(cast(ubyte[])[0, 1, 2, 3, 4])); +@@ -2975,7 +2975,7 @@ struct HTTP + ubyte[] res; + http.onReceive = (data) { res ~= data; return data.length; }; + http.perform(); +- assert(res == cast(ubyte[])[17, 27, 35, 41]); ++ assert(res == cast(ubyte[])[17, 27, 35, 41]);*/ + } + + /** +diff --git a/std/path.d b/std/path.d +index 60c844f..0598104 100644 +--- a/std/path.d ++++ b/std/path.d +@@ -3953,8 +3953,10 @@ unittest + } + else + { ++/* + assert(expandTilde("~root") == "/root", expandTilde("~root")); + assert(expandTilde("~root/") == "/root/", expandTilde("~root/")); ++*/ + } + assert(expandTilde("~Idontexist/hey") == "~Idontexist/hey"); + } +diff --git a/std/socket.d b/std/socket.d +index 7f5a3c3..e68b881 100644 +--- a/std/socket.d ++++ b/std/socket.d +@@ -481,15 +481,15 @@ unittest + { + softUnittest({ + Protocol proto = new Protocol; +- assert(proto.getProtocolByType(ProtocolType.TCP)); ++ //assert(proto.getProtocolByType(ProtocolType.TCP)); + //writeln("About protocol TCP:"); + //writefln("\tName: %s", proto.name); + // foreach(string s; proto.aliases) + // { + // writefln("\tAlias: %s", s); + // } +- assert(proto.name == "tcp"); +- assert(proto.aliases.length == 1 && proto.aliases[0] == "TCP"); ++ //assert(proto.name == "tcp"); ++ //assert(proto.aliases.length == 1 && proto.aliases[0] == "TCP"); + }); + } + +@@ -832,9 +832,9 @@ unittest + InternetHost ih = new InternetHost; + + ih.getHostByAddr(0x7F_00_00_01); +- assert(ih.addrList[0] == 0x7F_00_00_01); ++ //assert(ih.addrList[0] == 0x7F_00_00_01); + ih.getHostByAddr("127.0.0.1"); +- assert(ih.addrList[0] == 0x7F_00_00_01); ++ //assert(ih.addrList[0] == 0x7F_00_00_01); + + softUnittest({ + if (!ih.getHostByName("www.digitalmars.com")) diff --git a/gnu/packages/patches/libevent-2.0-evdns-fix-remote-stack-overread.patch b/gnu/packages/patches/libevent-2.0-evdns-fix-remote-stack-overread.patch new file mode 100644 index 0000000000..f1907d53e2 --- /dev/null +++ b/gnu/packages/patches/libevent-2.0-evdns-fix-remote-stack-overread.patch @@ -0,0 +1,42 @@ +Fix buffer overread in libevents DNS code. + +Upstream bug report: + +https://github.com/libevent/libevent/issues/317 + +Patch copied from upstream source repository: + +https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d + +From 3c570970516f48da35f42fef98276531fcc0abaa Mon Sep 17 00:00:00 2001 +From: Azat Khuzhin <a3at.mail@gmail.com> +Date: Mon, 1 Feb 2016 17:32:09 +0300 +Subject: [PATCH] evdns: name_parse(): fix remote stack overread + +--- + evdns.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/evdns.c b/evdns.c +index 60b10485..137c24ea 100644 +--- a/evdns.c ++++ b/evdns.c +@@ -960,7 +960,6 @@ name_parse(u8 *packet, int length, int *idx, char *name_out, int name_out_len) { + + for (;;) { + u8 label_len; +- if (j >= length) return -1; + GET8(label_len); + if (!label_len) break; + if (label_len & 0xc0) { +@@ -981,6 +980,7 @@ name_parse(u8 *packet, int length, int *idx, char *name_out, int name_out_len) { + *cp++ = '.'; + } + if (cp + label_len >= end) return -1; ++ if (j + label_len > length) return -1; + memcpy(cp, packet + j, label_len); + cp += label_len; + j += label_len; +-- +2.11.0 + diff --git a/gnu/packages/patches/libevent-2.0-evdns-fix-searching-empty-hostnames.patch b/gnu/packages/patches/libevent-2.0-evdns-fix-searching-empty-hostnames.patch new file mode 100644 index 0000000000..c4ad0a1a4a --- /dev/null +++ b/gnu/packages/patches/libevent-2.0-evdns-fix-searching-empty-hostnames.patch @@ -0,0 +1,40 @@ +Fix OOB read on empty hostnames in evdns. + +Upstream bug report: + +https://github.com/libevent/libevent/issues/332 + +Patch copied from upstream source repository: + +https://github.com/libevent/libevent/commit/ec65c42052d95d2c23d1d837136d1cf1d9ecef9e + +From a0305cec166a5bc89f1eb362510cc4cd25ecc0bc Mon Sep 17 00:00:00 2001 +From: Azat Khuzhin <a3at.mail@gmail.com> +Date: Fri, 25 Mar 2016 00:33:47 +0300 +Subject: [PATCH] evdns: fix searching empty hostnames + +--- + evdns.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/evdns.c b/evdns.c +index 137c24ea..6191c677 100644 +--- a/evdns.c ++++ b/evdns.c +@@ -3122,9 +3122,12 @@ search_set_from_hostname(struct evdns_base *base) { + static char * + search_make_new(const struct search_state *const state, int n, const char *const base_name) { + const size_t base_len = strlen(base_name); +- const char need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1; ++ char need_to_append_dot; + struct search_domain *dom; + ++ if (!base_len) return NULL; ++ need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1; ++ + for (dom = state->head; dom; dom = dom->next) { + if (!n--) { + /* this is the postfix we want */ +-- +2.11.0 + diff --git a/gnu/packages/patches/libevent-2.0-evutil-fix-buffer-overflow.patch b/gnu/packages/patches/libevent-2.0-evutil-fix-buffer-overflow.patch new file mode 100644 index 0000000000..4d16a4b917 --- /dev/null +++ b/gnu/packages/patches/libevent-2.0-evutil-fix-buffer-overflow.patch @@ -0,0 +1,42 @@ +Fix buffer overflow in evutil. + +Upstream bug report: + +https://github.com/libevent/libevent/issues/318 + +Patch copied from upstream source repository: + +https://github.com/libevent/libevent/commit/329acc18a0768c21ba22522f01a5c7f46cacc4d5 + +From 28bdc2f3f62259d21ccaf7be2b60ef0a53e6f342 Mon Sep 17 00:00:00 2001 +From: Azat Khuzhin <a3at.mail@gmail.com> +Date: Sun, 31 Jan 2016 00:57:16 +0300 +Subject: [PATCH] evutil_parse_sockaddr_port(): fix buffer overflow + +--- + evutil.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/evutil.c b/evutil.c +index 33445170..e2dfe6e4 100644 +--- a/evutil.c ++++ b/evutil.c +@@ -1808,12 +1808,12 @@ evutil_parse_sockaddr_port(const char *ip_as_string, struct sockaddr *out, int * + + cp = strchr(ip_as_string, ':'); + if (*ip_as_string == '[') { +- int len; ++ size_t len; + if (!(cp = strchr(ip_as_string, ']'))) { + return -1; + } +- len = (int) ( cp-(ip_as_string + 1) ); +- if (len > (int)sizeof(buf)-1) { ++ len = ( cp-(ip_as_string + 1) ); ++ if (len > sizeof(buf)-1) { + return -1; + } + memcpy(buf, ip_as_string+1, len); +-- +2.11.0 + diff --git a/gnu/packages/patches/libevent-2.1-dns-tests.patch b/gnu/packages/patches/libevent-2.1-dns-tests.patch new file mode 100644 index 0000000000..091752a49d --- /dev/null +++ b/gnu/packages/patches/libevent-2.1-dns-tests.patch @@ -0,0 +1,26 @@ +Disable tests that rely on usable DNS lookups, which aren't available +in build chroots. + +--- libevent-2.0.21-stable/test/regress_dns.c 2013-01-20 22:32:09.000000000 +0100 ++++ libevent-2.0.21-stable/test/regress_dns.c 2013-01-20 22:32:30.000000000 +0100 +@@ -2120,10 +2120,6 @@ + + struct testcase_t dns_testcases[] = { + DNS_LEGACY(server, TT_FORK|TT_NEED_BASE), +- DNS_LEGACY(gethostbyname, TT_FORK|TT_NEED_BASE|TT_NEED_DNS|TT_OFF_BY_DEFAULT), +- DNS_LEGACY(gethostbyname6, TT_FORK|TT_NEED_BASE|TT_NEED_DNS|TT_OFF_BY_DEFAULT), +- DNS_LEGACY(gethostbyaddr, TT_FORK|TT_NEED_BASE|TT_NEED_DNS|TT_OFF_BY_DEFAULT), +- { "resolve_reverse", dns_resolve_reverse, TT_FORK|TT_OFF_BY_DEFAULT, NULL, NULL }, + { "search_empty", dns_search_empty_test, TT_FORK|TT_NEED_BASE, &basic_setup, NULL }, + { "search", dns_search_test, TT_FORK|TT_NEED_BASE, &basic_setup, NULL }, + { "search_lower", dns_search_lower_test, TT_FORK|TT_NEED_BASE, &basic_setup, NULL }, +@@ -2163,9 +2159,6 @@ + + { "client_fail_requests", dns_client_fail_requests_test, + TT_FORK|TT_NEED_BASE, &basic_setup, NULL }, +- { "client_fail_requests_getaddrinfo", +- dns_client_fail_requests_getaddrinfo_test, +- TT_FORK|TT_NEED_BASE, &basic_setup, NULL }, + + END_OF_TESTCASES + }; diff --git a/gnu/packages/patches/libevent-2.1-skip-failing-test.patch b/gnu/packages/patches/libevent-2.1-skip-failing-test.patch new file mode 100644 index 0000000000..d9ea1d422d --- /dev/null +++ b/gnu/packages/patches/libevent-2.1-skip-failing-test.patch @@ -0,0 +1,24 @@ +These fail on 32-bit due to an overflow bug in the test program. + +See test/regress_util.c:1448. + +Upstream bug URL: + +https://github.com/libevent/libevent/issues/452 + +diff --git a/test/regress_util.c b/test/regress_util.c +index ef6a1487..4de501fc 100644 +--- a/test/regress_util.c ++++ b/test/regress_util.c +@@ -1413,9 +1413,9 @@ static struct date_rfc1123_case { + { 1323648000, "Mon, 12 Dec 2011 00:00:00 GMT"}, + #ifndef _WIN32 + /** In win32 case we have max "23:59:59 January 18, 2038, UTC" for time32 */ +- { 4294967296, "Sun, 07 Feb 2106 06:28:16 GMT"} /* 2^32 */, ++ //{ 4294967296, "Sun, 07 Feb 2106 06:28:16 GMT"} /* 2^32 */, + /** In win32 case we have max "23:59:59, December 31, 3000, UTC" for time64 */ +- {253402300799, "Fri, 31 Dec 9999 23:59:59 GMT"} /* long long future no one can imagine */, ++ //{253402300799, "Fri, 31 Dec 9999 23:59:59 GMT"} /* long long future no one can imagine */, + { 1456704000, "Mon, 29 Feb 2016 00:00:00 GMT"} /* leap year */, + #endif + { 1435708800, "Wed, 01 Jul 2015 00:00:00 GMT"} /* leap second */, diff --git a/gnu/packages/patches/libtiff-CVE-2017-5225.patch b/gnu/packages/patches/libtiff-CVE-2017-5225.patch new file mode 100644 index 0000000000..3158b49360 --- /dev/null +++ b/gnu/packages/patches/libtiff-CVE-2017-5225.patch @@ -0,0 +1,86 @@ +Fix CVE-2017-5225 (Heap based buffer overflow in tools/tiffcp): + +http://bugzilla.maptools.org/show_bug.cgi?id=2656 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5225 +https://security-tracker.debian.org/tracker/CVE-2017-5225 + +2017-01-11 Even Rouault <even.rouault at spatialys.com> + + * tools/tiffcp.c: error out cleanly in cpContig2SeparateByRow and + cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based +overflow. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2656 and + http://bugzilla.maptools.org/show_bug.cgi?id=2657 + + +less C/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog +new revision: 1.1210; previous revision: 1.1209 +/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v <-- tools/tiffcp.c +new revision: 1.61; previous revision: 1.60 + +Index: libtiff/tools/tiffcp.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v +retrieving revision 1.60 +retrieving revision 1.61 +diff -u -r1.60 -r1.61 +--- libtiff/tools/tiffcp.c 3 Dec 2016 16:50:02 -0000 1.60 ++++ libtiff/tools/tiffcp.c 11 Jan 2017 19:26:14 -0000 1.61 +#@@ -1,4 +1,4 @@ +#-/* $Id: tiffcp.c,v 1.60 2016-12-03 16:50:02 erouault Exp $ */ +#+/* $Id: tiffcp.c,v 1.61 2017-01-11 19:26:14 erouault Exp $ */ +# +# /* +# * Copyright (c) 1988-1997 Sam Leffler +@@ -591,7 +591,7 @@ + static int + tiffcp(TIFF* in, TIFF* out) + { +- uint16 bitspersample, samplesperpixel = 1; ++ uint16 bitspersample = 1, samplesperpixel = 1; + uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK; + copyFunc cf; + uint32 width, length; +@@ -1067,6 +1067,16 @@ + register uint32 n; + uint32 row; + tsample_t s; ++ uint16 bps = 0; ++ ++ (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps); ++ if( bps != 8 ) ++ { ++ TIFFError(TIFFFileName(in), ++ "Error, can only handle BitsPerSample=8 in %s", ++ "cpContig2SeparateByRow"); ++ return 0; ++ } + + inbuf = _TIFFmalloc(scanlinesizein); + outbuf = _TIFFmalloc(scanlinesizeout); +@@ -1120,6 +1130,16 @@ + register uint32 n; + uint32 row; + tsample_t s; ++ uint16 bps = 0; ++ ++ (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps); ++ if( bps != 8 ) ++ { ++ TIFFError(TIFFFileName(in), ++ "Error, can only handle BitsPerSample=8 in %s", ++ "cpSeparate2ContigByRow"); ++ return 0; ++ } + + inbuf = _TIFFmalloc(scanlinesizein); + outbuf = _TIFFmalloc(scanlinesizeout); +@@ -1784,7 +1804,7 @@ + uint32 w, l, tw, tl; + int bychunk; + +- (void) TIFFGetField(in, TIFFTAG_PLANARCONFIG, &shortv); ++ (void) TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &shortv); + if (shortv != config && bitspersample != 8 && samplesperpixel > 1) { + fprintf(stderr, + "%s: Cannot handle different planar configuration w/ bits/sample != 8\n", diff --git a/gnu/packages/patches/libupnp-CVE-2016-6255.patch b/gnu/packages/patches/libupnp-CVE-2016-6255.patch deleted file mode 100644 index c9a3fa284c..0000000000 --- a/gnu/packages/patches/libupnp-CVE-2016-6255.patch +++ /dev/null @@ -1,50 +0,0 @@ -Fix CVE-2016-6255: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6255 -http://www.openwall.com/lists/oss-security/2016/07/18/13 - -Patch adapted from upstream commit: - -https://github.com/mrjimenez/pupnp/commit/d64d6a44906b5aa5306bdf1708531d698654dda5 - -The upstream change is simplified to unconditionally disable the HTTP -POST feature. - -From d64d6a44906b5aa5306bdf1708531d698654dda5 Mon Sep 17 00:00:00 2001 -From: Matthew Garrett <mjg59@srcf.ucam.org> -Date: Tue, 23 Feb 2016 13:53:20 -0800 -Subject: [PATCH] Don't allow unhandled POSTs to write to the filesystem by - default - -If there's no registered handler for a POST request, the default behaviour -is to write it to the filesystem. Several million deployed devices appear -to have this behaviour, making it possible to (at least) store arbitrary -data on them. Add a configure option that enables this behaviour, and change -the default to just drop POSTs that aren't directly handled. - -Signed-off-by: Marcelo Roberto Jimenez <mroberto@users.sourceforge.net> -(cherry picked from commit c91a8a3903367e1163765b73eb4d43be7d7927fa) ---- - configure.ac | 9 +++++++++ - upnp/inc/upnpconfig.h.in | 9 +++++++++ - upnp/src/genlib/net/http/webserver.c | 4 ++++ - 3 files changed, 22 insertions(+) - -diff --git a/upnp/src/genlib/net/http/webserver.c b/upnp/src/genlib/net/http/webserver.c -index 26bf0f7..7ae8c1e 100644 ---- a/upnp/src/genlib/net/http/webserver.c -+++ b/upnp/src/genlib/net/http/webserver.c -@@ -1367,9 +1367,13 @@ static int http_RecvPostMessage( - if (Fp == NULL) - return HTTP_INTERNAL_SERVER_ERROR; - } else { -+#if 0 - Fp = fopen(filename, "wb"); - if (Fp == NULL) - return HTTP_UNAUTHORIZED; -+#else -+ return HTTP_NOT_FOUND; -+#endif - } - parser->position = POS_ENTITY; - do { diff --git a/gnu/packages/patches/libupnp-CVE-2016-8863.patch b/gnu/packages/patches/libupnp-CVE-2016-8863.patch deleted file mode 100644 index 9978b39487..0000000000 --- a/gnu/packages/patches/libupnp-CVE-2016-8863.patch +++ /dev/null @@ -1,72 +0,0 @@ -Fix CVE-2016-8863: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8863 -https://sourceforge.net/p/pupnp/bugs/133/ - -Patch copied from upstream source repository: - -https://sourceforge.net/p/pupnp/code/ci/9c099c2923ab4d98530ab5204af1738be5bddba7/ - -From 9c099c2923ab4d98530ab5204af1738be5bddba7 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= <ukleinek@debian.org> -Date: Thu, 8 Dec 2016 17:11:53 +0100 -Subject: [PATCH] Fix out-of-bound access in create_url_list() (CVE-2016-8863) - -If there is an invalid URL in URLS->buf after a valid one, uri_parse is -called with out pointing after the allocated memory. As uri_parse writes -to *out before returning an error the loop in create_url_list must be -stopped early to prevent an out-of-bound access - -Bug: https://sourceforge.net/p/pupnp/bugs/133/ -Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8863 -Bug-Debian: https://bugs.debian.org/842093 -Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=1388771 -(cherry picked from commit a0f6e719bc03c4d2fe6a4a42ef6b8761446f520b) ---- - upnp/src/gena/gena_device.c | 17 ++++++++++++----- - 1 file changed, 12 insertions(+), 5 deletions(-) - -diff --git a/upnp/src/gena/gena_device.c b/upnp/src/gena/gena_device.c -index fb04a29..245c56b 100644 ---- a/upnp/src/gena/gena_device.c -+++ b/upnp/src/gena/gena_device.c -@@ -1113,7 +1113,7 @@ static int create_url_list( - /*! [out] . */ - URL_list *out) - { -- size_t URLcount = 0; -+ size_t URLcount = 0, URLcount2 = 0; - size_t i; - int return_code = 0; - uri_type temp; -@@ -1155,16 +1155,23 @@ static int create_url_list( - } - memcpy( out->URLs, URLS->buff, URLS->size ); - out->URLs[URLS->size] = 0; -- URLcount = 0; - for( i = 0; i < URLS->size; i++ ) { - if( ( URLS->buff[i] == '<' ) && ( i + 1 < URLS->size ) ) { - if( ( ( return_code = - parse_uri( &out->URLs[i + 1], URLS->size - i + 1, -- &out->parsedURLs[URLcount] ) ) == -+ &out->parsedURLs[URLcount2] ) ) == - HTTP_SUCCESS ) -- && ( out->parsedURLs[URLcount].hostport.text.size != -+ && ( out->parsedURLs[URLcount2].hostport.text.size != - 0 ) ) { -- URLcount++; -+ URLcount2++; -+ if (URLcount2 >= URLcount) -+ /* -+ * break early here in case there is a bogus URL that -+ * was skipped above. This prevents to access -+ * out->parsedURLs[URLcount] which is beyond the -+ * allocation. -+ */ -+ break; - } else { - if( return_code == UPNP_E_OUTOF_MEMORY ) { - free( out->URLs ); --- -2.11.0 - diff --git a/gnu/packages/patches/libvpx-CVE-2016-2818.patch b/gnu/packages/patches/libvpx-CVE-2016-2818.patch index 1fdf01cbca..bef3448b81 100644 --- a/gnu/packages/patches/libvpx-CVE-2016-2818.patch +++ b/gnu/packages/patches/libvpx-CVE-2016-2818.patch @@ -9,15 +9,15 @@ Patch contents copied from Mozilla esr45 changeset 312077:7ebfe49f001c --- libvpx-1.5.0/vp8/vp8_cx_iface.c.orig 2015-11-09 17:12:38.000000000 -0500 +++ libvpx-1.5.0/vp8/vp8_cx_iface.c 2016-06-08 08:48:46.037213092 -0400 -@@ -925,11 +925,19 @@ - { - res = image2yuvconfig(img, &sd); +@@ -860,11 +860,20 @@ + if (img != NULL) { + res = image2yuvconfig(img, &sd); -- if (vp8_receive_raw_frame(ctx->cpi, ctx->next_frame_flag | lib_flags, -- &sd, dst_time_stamp, dst_end_time_stamp)) -- { -- VP8_COMP *cpi = (VP8_COMP *)ctx->cpi; -- res = update_error_state(ctx, &cpi->common.error); +- if (vp8_receive_raw_frame(ctx->cpi, ctx->next_frame_flag | lib_flags, &sd, +- dst_time_stamp, dst_end_time_stamp)) { +- VP8_COMP *cpi = (VP8_COMP *)ctx->cpi; +- res = update_error_state(ctx, &cpi->common.error); +- } + if (sd.y_width != ctx->cfg.g_w || sd.y_height != ctx->cfg.g_h) { + /* from vp8_encoder.h for g_w/g_h: + "Note that the frames passed as input to the encoder must have this resolution" @@ -31,6 +31,7 @@ Patch contents copied from Mozilla esr45 changeset 312077:7ebfe49f001c + VP8_COMP *cpi = (VP8_COMP *)ctx->cpi; + res = update_error_state(ctx, &cpi->common.error); + } - } ++ } - /* reset for next frame */ + /* reset for next frame */ + ctx->next_frame_flag = 0; diff --git a/gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch b/gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch new file mode 100644 index 0000000000..e752e57ec5 --- /dev/null +++ b/gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch @@ -0,0 +1,188 @@ +Fix CVE-2016-10132: + +https://bugs.ghostscript.com/show_bug.cgi?id=697381 +http://seclists.org/oss-sec/2017/q1/74 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10132 + +Patch lifted from upstream source repository: + +http://git.ghostscript.com/?p=mujs.git;h=fd003eceda531e13fbdd1aeb6e9c73156496e569 + +From fd003eceda531e13fbdd1aeb6e9c73156496e569 Mon Sep 17 00:00:00 2001 +From: Tor Andersson <tor@ccxvii.net> +Date: Fri, 2 Dec 2016 14:56:20 -0500 +Subject: [PATCH] Fix 697381: check allocation when compiling regular + expressions. + +Also use allocator callback function. +--- + thirdparty/mujs/jsgc.c | 2 +- + thirdparty/mujs/jsregexp.c | 2 +- + thirdparty/mujs/jsstate.c | 6 ------ + thirdparty/mujs/regexp.c | 45 +++++++++++++++++++++++++++++++++++---------- + thirdparty/mujs/regexp.h | 7 +++++++ + 5 files changed, 44 insertions(+), 18 deletions(-) + +diff --git a/thirdparty/mujs/jsgc.c b/thirdparty/mujs/jsgc.c +index 4f7e7dc..f80111e 100644 +--- a/thirdparty/mujs/jsgc.c ++++ b/thirdparty/mujs/jsgc.c +@@ -46,7 +46,7 @@ static void jsG_freeobject(js_State *J, js_Object *obj) + jsG_freeproperty(J, obj->head); + if (obj->type == JS_CREGEXP) { + js_free(J, obj->u.r.source); +- js_regfree(obj->u.r.prog); ++ js_regfreex(J->alloc, J->actx, obj->u.r.prog); + } + if (obj->type == JS_CITERATOR) + jsG_freeiterator(J, obj->u.iter.head); +diff --git a/thirdparty/mujs/jsregexp.c b/thirdparty/mujs/jsregexp.c +index a2d5156..7b09c06 100644 +--- a/thirdparty/mujs/jsregexp.c ++++ b/thirdparty/mujs/jsregexp.c +@@ -16,7 +16,7 @@ void js_newregexp(js_State *J, const char *pattern, int flags) + if (flags & JS_REGEXP_I) opts |= REG_ICASE; + if (flags & JS_REGEXP_M) opts |= REG_NEWLINE; + +- prog = js_regcomp(pattern, opts, &error); ++ prog = js_regcompx(J->alloc, J->actx, pattern, opts, &error); + if (!prog) + js_syntaxerror(J, "regular expression: %s", error); + +diff --git a/thirdparty/mujs/jsstate.c b/thirdparty/mujs/jsstate.c +index 638cab3..fd5bcf6 100644 +--- a/thirdparty/mujs/jsstate.c ++++ b/thirdparty/mujs/jsstate.c +@@ -9,12 +9,6 @@ + + static void *js_defaultalloc(void *actx, void *ptr, int size) + { +- if (size == 0) { +- free(ptr); +- return NULL; +- } +- if (!ptr) +- return malloc((size_t)size); + return realloc(ptr, (size_t)size); + } + +diff --git a/thirdparty/mujs/regexp.c b/thirdparty/mujs/regexp.c +index 9852be2..01c18a3 100644 +--- a/thirdparty/mujs/regexp.c ++++ b/thirdparty/mujs/regexp.c +@@ -807,23 +807,31 @@ static void dumpprog(Reprog *prog) + } + #endif + +-Reprog *regcomp(const char *pattern, int cflags, const char **errorp) ++Reprog *regcompx(void *(*alloc)(void *ctx, void *p, int n), void *ctx, ++ const char *pattern, int cflags, const char **errorp) + { + struct cstate g; + Renode *node; + Reinst *split, *jump; + int i; + +- g.prog = malloc(sizeof (Reprog)); +- g.pstart = g.pend = malloc(sizeof (Renode) * strlen(pattern) * 2); ++ g.pstart = NULL; ++ g.prog = NULL; + + if (setjmp(g.kaboom)) { + if (errorp) *errorp = g.error; +- free(g.pstart); +- free(g.prog); ++ alloc(ctx, g.pstart, 0); ++ alloc(ctx, g.prog, 0); + return NULL; + } + ++ g.prog = alloc(ctx, NULL, sizeof (Reprog)); ++ if (!g.prog) ++ die(&g, "cannot allocate regular expression"); ++ g.pstart = g.pend = alloc(ctx, NULL, sizeof (Renode) * strlen(pattern) * 2); ++ if (!g.pstart) ++ die(&g, "cannot allocate regular expression parse list"); ++ + g.source = pattern; + g.ncclass = 0; + g.nsub = 1; +@@ -840,7 +848,9 @@ Reprog *regcomp(const char *pattern, int cflags, const char **errorp) + die(&g, "syntax error"); + + g.prog->nsub = g.nsub; +- g.prog->start = g.prog->end = malloc((count(node) + 6) * sizeof (Reinst)); ++ g.prog->start = g.prog->end = alloc(ctx, NULL, (count(node) + 6) * sizeof (Reinst)); ++ if (!g.prog->start) ++ die(&g, "cannot allocate regular expression instruction list"); + + split = emit(g.prog, I_SPLIT); + split->x = split + 3; +@@ -859,20 +869,35 @@ Reprog *regcomp(const char *pattern, int cflags, const char **errorp) + dumpprog(g.prog); + #endif + +- free(g.pstart); ++ alloc(ctx, g.pstart, 0); + + if (errorp) *errorp = NULL; + return g.prog; + } + +-void regfree(Reprog *prog) ++void regfreex(void *(*alloc)(void *ctx, void *p, int n), void *ctx, Reprog *prog) + { + if (prog) { +- free(prog->start); +- free(prog); ++ alloc(ctx, prog->start, 0); ++ alloc(ctx, prog, 0); + } + } + ++static void *default_alloc(void *ctx, void *p, int n) ++{ ++ return realloc(p, (size_t)n); ++} ++ ++Reprog *regcomp(const char *pattern, int cflags, const char **errorp) ++{ ++ return regcompx(default_alloc, NULL, pattern, cflags, errorp); ++} ++ ++void regfree(Reprog *prog) ++{ ++ regfreex(default_alloc, NULL, prog); ++} ++ + /* Match */ + + static int isnewline(int c) +diff --git a/thirdparty/mujs/regexp.h b/thirdparty/mujs/regexp.h +index 4bb4615..6bb73e8 100644 +--- a/thirdparty/mujs/regexp.h ++++ b/thirdparty/mujs/regexp.h +@@ -1,6 +1,8 @@ + #ifndef regexp_h + #define regexp_h + ++#define regcompx js_regcompx ++#define regfreex js_regfreex + #define regcomp js_regcomp + #define regexec js_regexec + #define regfree js_regfree +@@ -8,6 +10,11 @@ + typedef struct Reprog Reprog; + typedef struct Resub Resub; + ++Reprog *regcompx(void *(*alloc)(void *ctx, void *p, int n), void *ctx, ++ const char *pattern, int cflags, const char **errorp); ++void regfreex(void *(*alloc)(void *ctx, void *p, int n), void *ctx, ++ Reprog *prog); ++ + Reprog *regcomp(const char *pattern, int cflags, const char **errorp); + int regexec(Reprog *prog, const char *string, Resub *sub, int eflags); + void regfree(Reprog *prog); +-- +2.9.1 + diff --git a/gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch b/gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch new file mode 100644 index 0000000000..d73849262c --- /dev/null +++ b/gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch @@ -0,0 +1,36 @@ +Fix CVE-2016-10133: + +https://bugs.ghostscript.com/show_bug.cgi?id=697401 +http://seclists.org/oss-sec/2017/q1/74 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10133 + +Patch lifted from upstream source repository: + +https://git.ghostscript.com/?p=mujs.git;h=77ab465f1c394bb77f00966cd950650f3f53cb24 + +From 77ab465f1c394bb77f00966cd950650f3f53cb24 Mon Sep 17 00:00:00 2001 +From: Tor Andersson <tor.andersson@gmail.com> +Date: Thu, 12 Jan 2017 14:47:01 +0100 +Subject: [PATCH] Fix 697401: Error when dropping extra arguments to + lightweight functions. + +--- + thirdparty/mujs/jsrun.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/thirdparty/mujs/jsrun.c b/thirdparty/mujs/jsrun.c +index ee80845..782a6f9 100644 +--- a/thirdparty/mujs/jsrun.c ++++ b/thirdparty/mujs/jsrun.c +@@ -937,7 +937,7 @@ static void jsR_calllwfunction(js_State *J, int n, js_Function *F, js_Environmen + jsR_savescope(J, scope); + + if (n > F->numparams) { +- js_pop(J, F->numparams - n); ++ js_pop(J, n - F->numparams); + n = F->numparams; + } + for (i = n; i < F->varlen; ++i) +-- +2.9.1 + diff --git a/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch b/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch new file mode 100644 index 0000000000..6edd676e38 --- /dev/null +++ b/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch @@ -0,0 +1,42 @@ +Fix CVE-2017-0358: +http://seclists.org/oss-sec/2017/q1/259 +This patch was copied from the above URL. + +diff -ur ntfs-3g.old/src/lowntfs-3g.c ntfs-3g/src/lowntfs-3g.c +--- ntfs-3g.old/src/lowntfs-3g.c 2017-02-09 15:01:04.074331542 -0500 ++++ ntfs-3g/src/lowntfs-3g.c 2017-02-09 15:06:35.757580937 -0500 +@@ -3827,13 +3827,14 @@ + struct stat st; + pid_t pid; + const char *cmd = "/sbin/modprobe"; ++ char *env = (char*)NULL; + struct timespec req = { 0, 100000000 }; /* 100 msec */ + fuse_fstype fstype; + + if (!stat(cmd, &st) && !geteuid()) { + pid = fork(); + if (!pid) { +- execl(cmd, cmd, "fuse", NULL); ++ execle(cmd, cmd, "fuse", NULL, &env); + _exit(1); + } else if (pid != -1) + waitpid(pid, NULL, 0); +diff -ur ntfs-3g.old/src/ntfs-3g.c ntfs-3g/src/ntfs-3g.c +--- ntfs-3g.old/src/ntfs-3g.c 2017-02-09 15:01:04.074331542 -0500 ++++ ntfs-3g/src/ntfs-3g.c 2017-02-09 15:06:26.077252571 -0500 +@@ -3612,13 +3612,14 @@ + struct stat st; + pid_t pid; + const char *cmd = "/sbin/modprobe"; ++ char *env = (char*)NULL; + struct timespec req = { 0, 100000000 }; /* 100 msec */ + fuse_fstype fstype; + + if (!stat(cmd, &st) && !geteuid()) { + pid = fork(); + if (!pid) { +- execl(cmd, cmd, "fuse", NULL); ++ execle(cmd, cmd, "fuse", NULL, &env); + _exit(1); + } else if (pid != -1) + waitpid(pid, NULL, 0); diff --git a/gnu/packages/patches/omake-fix-non-determinism.patch b/gnu/packages/patches/omake-fix-non-determinism.patch new file mode 100644 index 0000000000..813ce3cd7d --- /dev/null +++ b/gnu/packages/patches/omake-fix-non-determinism.patch @@ -0,0 +1,41 @@ +From 2e7e254160506dc00f1beabf170512a8e932934b Mon Sep 17 00:00:00 2001 +From: Julien Lepiller <julien@lepiller.eu> +Date: Sat, 31 Dec 2016 15:43:38 +0100 +Subject: [PATCH] fix build date in binary + +--- + src/magic/omake_gen_magic.ml | 12 ++---------- + 1 file changed, 2 insertions(+), 10 deletions(-) + +diff --git a/src/magic/omake_gen_magic.ml b/src/magic/omake_gen_magic.ml +index b2419ba..fad52f5 100644 +--- a/src/magic/omake_gen_magic.ml ++++ b/src/magic/omake_gen_magic.ml +@@ -150,7 +150,7 @@ let ir_magic = "%s" + let obj_magic = "%s" + let lib_dir = "%s" + let version = "%s" +-let version_message = "OMake %s:\\n\\tbuild [%s %s %d %02d:%02d:%02d %d]\\n\\ton %s" ++let version_message = "OMake %s" + |} + default_save_interval + digest_len +@@ -160,15 +160,7 @@ let version_message = "OMake %s:\\n\\tbuild [%s %s %d %02d:%02d:%02d %d]\\n\\ton + (digest_files ".omo.magic" ".omo" omo_files) + (String.escaped libdir) + (String.escaped (shorten_version version)) +- (String.escaped version) +- [|"Sun"; "Mon"; "Tue"; "Wed"; "Thu"; "Fri"; "Sat"|].(tm.tm_wday) +- [|"Jan"; "Feb"; "Mar"; "Apr"; "May"; "Jun"; "Jul"; "Aug"; "Sep"; "Oct"; "Nov"; "Dec"|].(tm.tm_mon) +- tm.tm_mday +- tm.tm_hour +- tm.tm_min +- tm.tm_sec +- (tm.tm_year + 1900) +- (String.escaped (Unix.gethostname ())); ++ (String.escaped version); + List.iter + (fun (name,value) -> + Printf.fprintf buf "let %s = %S\n" name value +-- +2.11.0 diff --git a/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch b/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch new file mode 100644 index 0000000000..545b5d0a71 --- /dev/null +++ b/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch @@ -0,0 +1,233 @@ +Fix CVE-2016-9572 and CVE-2016-9573: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9572 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9573 +https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572 +https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9573 + +Patch copied from 3rd-party repository: + +https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d + +From 7b28bd2b723df6be09fe7791eba33147c1c47d0d Mon Sep 17 00:00:00 2001 +From: szukw000 <szukw000@arcor.de> +Date: Mon, 28 Nov 2016 21:57:20 +0100 +Subject: [PATCH] Changes for issues #863 and #862 + +--- + src/bin/jp2/convert.c | 59 +++++++++++++++++++++++++++++++++++++++----- + src/bin/jp2/convertbmp.c | 29 +++++++++++++++++++++- + src/bin/jp2/opj_decompress.c | 2 +- + src/lib/openjp2/j2k.c | 11 ++++++--- + 4 files changed, 90 insertions(+), 11 deletions(-) + +diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c +index deee4f6..6a3f65b 100644 +--- a/src/bin/jp2/convert.c ++++ b/src/bin/jp2/convert.c +@@ -906,7 +906,8 @@ int imagetotga(opj_image_t * image, const char *outfile) { + for (i = 0; i < image->numcomps-1; i++) { + if ((image->comps[0].dx != image->comps[i+1].dx) + ||(image->comps[0].dy != image->comps[i+1].dy) +- ||(image->comps[0].prec != image->comps[i+1].prec)) { ++ ||(image->comps[0].prec != image->comps[i+1].prec) ++ ||(image->comps[0].sgnd != image->comps[i+1].sgnd)) { + fclose(fdest); + fprintf(stderr, "Unable to create a tga file with such J2K image charateristics."); + return 1; +@@ -1743,7 +1744,7 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split) + int *red, *green, *blue, *alpha; + int wr, hr, max; + int i; +- unsigned int compno, ncomp; ++ unsigned int compno, ncomp, ui; + int adjustR, adjustG, adjustB, adjustA; + int fails, two, want_gray, has_alpha, triple; + int prec, v; +@@ -1768,6 +1769,27 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split) + + if(want_gray) ncomp = 1; + ++ for (ui = 1; ui < ncomp; ++ui) { ++ if (image->comps[0].dx != image->comps[ui].dx) { ++ break; ++ } ++ if (image->comps[0].dy != image->comps[ui].dy) { ++ break; ++ } ++ if (image->comps[0].prec != image->comps[ui].prec) { ++ break; ++ } ++ if (image->comps[0].sgnd != image->comps[ui].sgnd) { ++ break; ++ } ++ } ++ if (ui != ncomp) { ++ fprintf(stderr,"imagetopnm: All components\n shall have " ++ "the same subsampling, same bit depth, same sign.\n" ++ " Aborting\n"); ++ return 1; ++ } ++ + if ((force_split == 0) && + (ncomp == 2 /* GRAYA */ + || (ncomp > 2 /* RGB, RGBA */ +@@ -2126,7 +2148,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL + { + FILE *rawFile = NULL; + size_t res; +- unsigned int compno; ++ unsigned int compno, numcomps; + int w, h, fails; + int line, row, curr, mask; + int *ptr; +@@ -2139,6 +2161,31 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL + return 1; + } + ++ numcomps = image->numcomps; ++ ++ if (numcomps > 4) { ++ numcomps = 4; ++ } ++ for (compno = 1; compno < numcomps; ++compno) { ++ if (image->comps[0].dx != image->comps[compno].dx) { ++ break; ++ } ++ if (image->comps[0].dy != image->comps[compno].dy) { ++ break; ++ } ++ if (image->comps[0].prec != image->comps[compno].prec) { ++ break; ++ } ++ if (image->comps[0].sgnd != image->comps[compno].sgnd) { ++ break; ++ } ++ } ++ if (compno != numcomps) { ++ fprintf(stderr,"imagetoraw_common: All components shall have the same subsampling, same bit depth, same sign.\n"); ++ fprintf(stderr,"\tAborting\n"); ++ return 1; ++ } ++ + rawFile = fopen(outfile, "wb"); + if (!rawFile) { + fprintf(stderr, "Failed to open %s for writing !!\n", outfile); +@@ -2146,9 +2193,9 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL + } + + fails = 1; +- fprintf(stdout,"Raw image characteristics: %d components\n", image->numcomps); ++ fprintf(stdout,"Raw image characteristics: %d components\n", numcomps); + +- for(compno = 0; compno < image->numcomps; compno++) ++ for(compno = 0; compno < numcomps; compno++) + { + fprintf(stdout,"Component %u characteristics: %dx%dx%d %s\n", compno, image->comps[compno].w, + image->comps[compno].h, image->comps[compno].prec, image->comps[compno].sgnd==1 ? "signed": "unsigned"); +@@ -2238,7 +2285,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL + } + else if (image->comps[compno].prec <= 32) + { +- fprintf(stderr,"More than 16 bits per component no handled yet\n"); ++ fprintf(stderr,"More than 16 bits per component not handled yet\n"); + goto fin; + } + else +diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c +index ae83077..8017ba8 100644 +--- a/src/bin/jp2/convertbmp.c ++++ b/src/bin/jp2/convertbmp.c +@@ -806,8 +806,35 @@ int imagetobmp(opj_image_t * image, const char *outfile) { + FILE *fdest = NULL; + int adjustR, adjustG, adjustB; + ++ { ++ unsigned int ui, ncomp = image->numcomps; ++ ++ if (ncomp > 4) { /* RGBA in bmpmask32toimage */ ++ ncomp = 4; ++ } ++ for (ui = 1; ui < ncomp; ++ui) { ++ if (image->comps[0].dx != image->comps[ui].dx) { ++ break; ++ } ++ if (image->comps[0].dy != image->comps[ui].dy) { ++ break; ++ } ++ if (image->comps[0].prec != image->comps[ui].prec) { ++ break; ++ } ++ if (image->comps[0].sgnd != image->comps[ui].sgnd) { ++ break; ++ } ++ } ++ if (ui != ncomp) { ++ fprintf(stderr,"imagetobmp: All components shall have the same subsampling, same bit depth, same sign.\n"); ++ fprintf(stderr,"\tAborting\n"); ++ return 1; ++ } ++ ++ } + if (image->comps[0].prec < 8) { +- fprintf(stderr, "Unsupported number of components: %d\n", image->comps[0].prec); ++ fprintf(stderr, "imagetobmp: Unsupported precision: %d\n", image->comps[0].prec); + return 1; + } + if (image->numcomps >= 3 && image->comps[0].dx == image->comps[1].dx +diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c +index 83160c3..c30079b 100644 +--- a/src/bin/jp2/opj_decompress.c ++++ b/src/bin/jp2/opj_decompress.c +@@ -1607,7 +1607,7 @@ int main(int argc, char **argv) + if(dirptr->filename_buf) free(dirptr->filename_buf); + free(dirptr); + } +- if (numDecompressedImages) { ++ if (numDecompressedImages && !failed) { + fprintf(stdout, "decode time: %d ms\n", (int)( (tCumulative * 1000.0) / (OPJ_FLOAT64)numDecompressedImages)); + } + return failed ? EXIT_FAILURE : EXIT_SUCCESS; +diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c +index 66802bb..b6daa32 100644 +--- a/src/lib/openjp2/j2k.c ++++ b/src/lib/openjp2/j2k.c +@@ -2158,7 +2158,7 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k, + i, l_img_comp->dx, l_img_comp->dy); + return OPJ_FALSE; + } +- if( l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */ ++ if( l_img_comp->prec < 1 || l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */ + opj_event_msg(p_manager, EVT_ERROR, + "Invalid values for comp = %d : prec=%u (should be between 1 and 38 according to the JPEG2000 norm)\n", + i, l_img_comp->prec); +@@ -10029,7 +10029,11 @@ OPJ_BOOL opj_j2k_decode(opj_j2k_t * p_j2k, + /* Move data and copy one information from codec to output image*/ + for (compno = 0; compno < p_image->numcomps; compno++) { + p_image->comps[compno].resno_decoded = p_j2k->m_output_image->comps[compno].resno_decoded; +- p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data; ++ p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data; ++ ++ if(p_image->comps[compno].data == NULL) return OPJ_FALSE; ++ ++ p_j2k->m_output_image->comps[compno].data = NULL; + #if 0 + char fn[256]; + sprintf( fn, "/tmp/%d.raw", compno ); +@@ -10037,7 +10041,6 @@ OPJ_BOOL opj_j2k_decode(opj_j2k_t * p_j2k, + fwrite( p_image->comps[compno].data, sizeof(OPJ_INT32), p_image->comps[compno].w * p_image->comps[compno].h, debug ); + fclose( debug ); + #endif +- p_j2k->m_output_image->comps[compno].data = NULL; + } + + return OPJ_TRUE; +@@ -10131,6 +10134,8 @@ OPJ_BOOL opj_j2k_get_tile( opj_j2k_t *p_j2k, + + p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data; + ++ if (p_image->comps[compno].data == NULL) return OPJ_FALSE; ++ + p_j2k->m_output_image->comps[compno].data = NULL; + } + diff --git a/gnu/packages/patches/p7zip-CVE-2016-9296.patch b/gnu/packages/patches/p7zip-CVE-2016-9296.patch new file mode 100644 index 0000000000..3fa80377ad --- /dev/null +++ b/gnu/packages/patches/p7zip-CVE-2016-9296.patch @@ -0,0 +1,24 @@ +From: Robert Luberda <robert@debian.org> +Date: Sat, 19 Nov 2016 08:48:08 +0100 +Subject: Fix nullptr dereference (CVE-2016-9296) + +Patch taken from https://sourceforge.net/p/p7zip/bugs/185/ +This patch file taken from Debian's patch set for p7zip +--- + CPP/7zip/Archive/7z/7zIn.cpp | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/CPP/7zip/Archive/7z/7zIn.cpp b/CPP/7zip/Archive/7z/7zIn.cpp +index b0c6b98..7c6dde2 100644 +--- a/CPP/7zip/Archive/7z/7zIn.cpp ++++ b/CPP/7zip/Archive/7z/7zIn.cpp +@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedStreams( + if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i]) + ThrowIncorrect(); + } +- HeadersSize += folders.PackPositions[folders.NumPackStreams]; ++ if (folders.PackPositions) ++ HeadersSize += folders.PackPositions[folders.NumPackStreams]; + return S_OK; + } + diff --git a/gnu/packages/patches/qemu-CVE-2016-10155.patch b/gnu/packages/patches/qemu-CVE-2016-10155.patch new file mode 100644 index 0000000000..825edaa815 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2016-10155.patch @@ -0,0 +1,49 @@ +From eb7a20a3616085d46aa6b4b4224e15587ec67e6e Mon Sep 17 00:00:00 2001 +From: Li Qiang <liqiang6-s@360.cn> +Date: Mon, 28 Nov 2016 17:49:04 -0800 +Subject: [PATCH] watchdog: 6300esb: add exit function + +When the Intel 6300ESB watchdog is hot unplug. The timer allocated +in realize isn't freed thus leaking memory leak. This patch avoid +this through adding the exit function. + +http://git.qemu.org/?p=qemu.git;a=patch;h=eb7a20a3616085d46aa6b4b4224e15587ec67e6e +this patch is from qemu-git. + +Signed-off-by: Li Qiang <liqiang6-s@360.cn> +Message-Id: <583cde9c.3223ed0a.7f0c2.886e@mx.google.com> +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> +--- + hw/watchdog/wdt_i6300esb.c | 9 +++++++++ + 1 files changed, 9 insertions(+), 0 deletions(-) + +diff --git a/hw/watchdog/wdt_i6300esb.c b/hw/watchdog/wdt_i6300esb.c +index a83d951..49b3cd1 100644 +--- a/hw/watchdog/wdt_i6300esb.c ++++ b/hw/watchdog/wdt_i6300esb.c +@@ -428,6 +428,14 @@ static void i6300esb_realize(PCIDevice *dev, Error **errp) + /* qemu_register_coalesced_mmio (addr, 0x10); ? */ + } + ++static void i6300esb_exit(PCIDevice *dev) ++{ ++ I6300State *d = WATCHDOG_I6300ESB_DEVICE(dev); ++ ++ timer_del(d->timer); ++ timer_free(d->timer); ++} ++ + static WatchdogTimerModel model = { + .wdt_name = "i6300esb", + .wdt_description = "Intel 6300ESB", +@@ -441,6 +449,7 @@ static void i6300esb_class_init(ObjectClass *klass, void *data) + k->config_read = i6300esb_config_read; + k->config_write = i6300esb_config_write; + k->realize = i6300esb_realize; ++ k->exit = i6300esb_exit; + k->vendor_id = PCI_VENDOR_ID_INTEL; + k->device_id = PCI_DEVICE_ID_INTEL_ESB_9; + k->class_id = PCI_CLASS_SYSTEM_OTHER; +-- +1.7.0.4 + diff --git a/gnu/packages/patches/qemu-CVE-2017-2615.patch b/gnu/packages/patches/qemu-CVE-2017-2615.patch new file mode 100644 index 0000000000..ede1f8c89d --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-2615.patch @@ -0,0 +1,52 @@ +http://git.qemu.org/?p=qemu.git;a=patch;h=62d4c6bd5263bb8413a06c80144fc678df6dfb64 +this patch is from qemu-git. + + +From 62d4c6bd5263bb8413a06c80144fc678df6dfb64 Mon Sep 17 00:00:00 2001 +From: Li Qiang <liqiang6-s@360.cn> +Date: Wed, 1 Feb 2017 09:35:01 +0100 +Subject: [PATCH] cirrus: fix oob access issue (CVE-2017-2615) + +When doing bitblt copy in backward mode, we should minus the +blt width first just like the adding in the forward mode. This +can avoid the oob access of the front of vga's vram. + +Signed-off-by: Li Qiang <liqiang6-s@360.cn> + +{ kraxel: with backward blits (negative pitch) addr is the topmost + address, so check it as-is against vram size ] + +Cc: qemu-stable@nongnu.org +Cc: P J P <ppandit@redhat.com> +Cc: Laszlo Ersek <lersek@redhat.com> +Cc: Paolo Bonzini <pbonzini@redhat.com> +Cc: Wolfgang Bumiller <w.bumiller@proxmox.com> +Fixes: d3532a0db02296e687711b8cdc7791924efccea0 (CVE-2014-8106) +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> +Message-id: 1485938101-26602-1-git-send-email-kraxel@redhat.com +Reviewed-by: Laszlo Ersek <lersek@redhat.com> +--- + hw/display/cirrus_vga.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c +index 7db6409dc5..16f27e8ac5 100644 +--- a/hw/display/cirrus_vga.c ++++ b/hw/display/cirrus_vga.c +@@ -274,10 +274,9 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s, + { + if (pitch < 0) { + int64_t min = addr +- + ((int64_t)s->cirrus_blt_height-1) * pitch; +- int32_t max = addr +- + s->cirrus_blt_width; +- if (min < 0 || max > s->vga.vram_size) { ++ + ((int64_t)s->cirrus_blt_height - 1) * pitch ++ - s->cirrus_blt_width; ++ if (min < -1 || addr >= s->vga.vram_size) { + return true; + } + } else { +-- +2.11.0 + diff --git a/gnu/packages/patches/qemu-CVE-2017-5525.patch b/gnu/packages/patches/qemu-CVE-2017-5525.patch new file mode 100644 index 0000000000..d0c0c82a4a --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-5525.patch @@ -0,0 +1,55 @@ +From 12351a91da97b414eec8cdb09f1d9f41e535a401 Mon Sep 17 00:00:00 2001 +From: Li Qiang <liqiang6-s@360.cn> +Date: Wed, 14 Dec 2016 18:30:21 -0800 +Subject: [PATCH] audio: ac97: add exit function +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +http://git.qemu.org/?p=qemu.git;a=patch;h=12351a91da97b414eec8cdb09f1d9f41e535a401 +this patch is from qemu-git + +Currently the ac97 device emulation doesn't have a exit function, +hot unplug this device will leak some memory. Add a exit function to +avoid this. + +Signed-off-by: Li Qiang <liqiang6-s@360.cn> +Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> +Message-id: 58520052.4825ed0a.27a71.6cae@mx.google.com +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> +--- + hw/audio/ac97.c | 11 +++++++++++ + 1 files changed, 11 insertions(+), 0 deletions(-) + +diff --git a/hw/audio/ac97.c b/hw/audio/ac97.c +index cbd959e..c306575 100644 +--- a/hw/audio/ac97.c ++++ b/hw/audio/ac97.c +@@ -1387,6 +1387,16 @@ static void ac97_realize(PCIDevice *dev, Error **errp) + ac97_on_reset (&s->dev.qdev); + } + ++static void ac97_exit(PCIDevice *dev) ++{ ++ AC97LinkState *s = DO_UPCAST(AC97LinkState, dev, dev); ++ ++ AUD_close_in(&s->card, s->voice_pi); ++ AUD_close_out(&s->card, s->voice_po); ++ AUD_close_in(&s->card, s->voice_mc); ++ AUD_remove_card(&s->card); ++} ++ + static int ac97_init (PCIBus *bus) + { + pci_create_simple (bus, -1, "AC97"); +@@ -1404,6 +1414,7 @@ static void ac97_class_init (ObjectClass *klass, void *data) + PCIDeviceClass *k = PCI_DEVICE_CLASS (klass); + + k->realize = ac97_realize; ++ k->exit = ac97_exit; + k->vendor_id = PCI_VENDOR_ID_INTEL; + k->device_id = PCI_DEVICE_ID_INTEL_82801AA_5; + k->revision = 0x01; +-- +1.7.0.4 + diff --git a/gnu/packages/patches/qemu-CVE-2017-5526.patch b/gnu/packages/patches/qemu-CVE-2017-5526.patch new file mode 100644 index 0000000000..5a6d796458 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-5526.patch @@ -0,0 +1,58 @@ +From 069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da Mon Sep 17 00:00:00 2001 +From: Li Qiang <liqiang6-s@360.cn> +Date: Wed, 14 Dec 2016 18:32:22 -0800 +Subject: [PATCH] audio: es1370: add exit function +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +http://git.qemu.org/?p=qemu.git;a=patch;h=069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da +this patch is from qemu-git. + +Currently the es1370 device emulation doesn't have a exit function, +hot unplug this device will leak some memory. Add a exit function to +avoid this. + +Signed-off-by: Li Qiang <liqiang6-s@360.cn> +Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> +Message-id: 585200c9.a968ca0a.1ab80.4c98@mx.google.com +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> +--- + hw/audio/es1370.c | 14 ++++++++++++++ + 1 files changed, 14 insertions(+), 0 deletions(-) + +diff --git a/hw/audio/es1370.c b/hw/audio/es1370.c +index 8449b5f..883ec69 100644 +--- a/hw/audio/es1370.c ++++ b/hw/audio/es1370.c +@@ -1041,6 +1041,19 @@ static void es1370_realize(PCIDevice *dev, Error **errp) + es1370_reset (s); + } + ++static void es1370_exit(PCIDevice *dev) ++{ ++ ES1370State *s = ES1370(dev); ++ int i; ++ ++ for (i = 0; i < 2; ++i) { ++ AUD_close_out(&s->card, s->dac_voice[i]); ++ } ++ ++ AUD_close_in(&s->card, s->adc_voice); ++ AUD_remove_card(&s->card); ++} ++ + static int es1370_init (PCIBus *bus) + { + pci_create_simple (bus, -1, TYPE_ES1370); +@@ -1053,6 +1066,7 @@ static void es1370_class_init (ObjectClass *klass, void *data) + PCIDeviceClass *k = PCI_DEVICE_CLASS (klass); + + k->realize = es1370_realize; ++ k->exit = es1370_exit; + k->vendor_id = PCI_VENDOR_ID_ENSONIQ; + k->device_id = PCI_DEVICE_ID_ENSONIQ_ES1370; + k->class_id = PCI_CLASS_MULTIMEDIA_AUDIO; +-- +1.7.0.4 + diff --git a/gnu/packages/patches/qemu-CVE-2017-5552.patch b/gnu/packages/patches/qemu-CVE-2017-5552.patch new file mode 100644 index 0000000000..50911f4f36 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-5552.patch @@ -0,0 +1,44 @@ +From 33243031dad02d161225ba99d782616da133f689 Mon Sep 17 00:00:00 2001 +From: Li Qiang <liq3ea@gmail.com> +Date: Thu, 29 Dec 2016 03:11:26 -0500 +Subject: [PATCH] virtio-gpu-3d: fix memory leak in resource attach backing +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +If the virgl_renderer_resource_attach_iov function fails the +'res_iovs' will be leaked. Add check of the return value to +free the 'res_iovs' when failing. + +http://git.qemu.org/?p=qemu.git;a=patch;h=33243031dad02d161225ba99d782616da133f689 +this patch is from qemu-git. + +Signed-off-by: Li Qiang <liq3ea@gmail.com> +Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> +Message-id: 1482999086-59795-1-git-send-email-liq3ea@gmail.com +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> +--- + hw/display/virtio-gpu-3d.c | 7 +++++-- + 1 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c +index e29f099..b13ced3 100644 +--- a/hw/display/virtio-gpu-3d.c ++++ b/hw/display/virtio-gpu-3d.c +@@ -291,8 +291,11 @@ static void virgl_resource_attach_backing(VirtIOGPU *g, + return; + } + +- virgl_renderer_resource_attach_iov(att_rb.resource_id, +- res_iovs, att_rb.nr_entries); ++ ret = virgl_renderer_resource_attach_iov(att_rb.resource_id, ++ res_iovs, att_rb.nr_entries); ++ ++ if (ret != 0) ++ virtio_gpu_cleanup_mapping_iov(res_iovs, att_rb.nr_entries); + } + + static void virgl_resource_detach_backing(VirtIOGPU *g, +-- +1.7.0.4 + diff --git a/gnu/packages/patches/qemu-CVE-2017-5578.patch b/gnu/packages/patches/qemu-CVE-2017-5578.patch new file mode 100644 index 0000000000..05655bcd98 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-5578.patch @@ -0,0 +1,39 @@ +http://git.qemu.org/?p=qemu.git;a=patch;h=204f01b30975923c64006f8067f0937b91eea68b +this patch is from qemu-git. + + +From 204f01b30975923c64006f8067f0937b91eea68b Mon Sep 17 00:00:00 2001 +From: Li Qiang <liq3ea@gmail.com> +Date: Thu, 29 Dec 2016 04:28:41 -0500 +Subject: [PATCH] virtio-gpu: fix memory leak in resource attach backing + +In the resource attach backing function, everytime it will +allocate 'res->iov' thus can leading a memory leak. This +patch avoid this. + +Signed-off-by: Li Qiang <liq3ea@gmail.com> +Message-id: 1483003721-65360-1-git-send-email-liq3ea@gmail.com +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> +--- + hw/display/virtio-gpu.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c +index 6a26258cac..ca88cf478d 100644 +--- a/hw/display/virtio-gpu.c ++++ b/hw/display/virtio-gpu.c +@@ -714,6 +714,11 @@ virtio_gpu_resource_attach_backing(VirtIOGPU *g, + return; + } + ++ if (res->iov) { ++ cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; ++ return; ++ } ++ + ret = virtio_gpu_create_mapping_iov(&ab, cmd, &res->addrs, &res->iov); + if (ret != 0) { + cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; +-- +2.11.0 + diff --git a/gnu/packages/patches/qemu-CVE-2017-5579.patch b/gnu/packages/patches/qemu-CVE-2017-5579.patch new file mode 100644 index 0000000000..7630012d54 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-5579.patch @@ -0,0 +1,44 @@ +http://git.qemu.org/?p=qemu.git;a=patch;h=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b +this patch is from qemu-git. + + +From 8409dc884a201bf74b30a9d232b6bbdd00cb7e2b Mon Sep 17 00:00:00 2001 +From: Li Qiang <liqiang6-s@360.cn> +Date: Wed, 4 Jan 2017 00:43:16 -0800 +Subject: [PATCH] serial: fix memory leak in serial exit + +The serial_exit_core function doesn't free some resources. +This can lead memory leak when hotplug and unplug. This +patch avoid this. + +Signed-off-by: Li Qiang <liqiang6-s@360.cn> +Message-Id: <586cb5ab.f31d9d0a.38ac3.acf2@mx.google.com> +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> +--- + hw/char/serial.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/hw/char/serial.c b/hw/char/serial.c +index ffbacd8227..67b18eda12 100644 +--- a/hw/char/serial.c ++++ b/hw/char/serial.c +@@ -906,6 +906,16 @@ void serial_realize_core(SerialState *s, Error **errp) + void serial_exit_core(SerialState *s) + { + qemu_chr_fe_deinit(&s->chr); ++ ++ timer_del(s->modem_status_poll); ++ timer_free(s->modem_status_poll); ++ ++ timer_del(s->fifo_timeout_timer); ++ timer_free(s->fifo_timeout_timer); ++ ++ fifo8_destroy(&s->recv_fifo); ++ fifo8_destroy(&s->xmit_fifo); ++ + qemu_unregister_reset(serial_reset, s); + } + +-- +2.11.0 + diff --git a/gnu/packages/patches/qemu-CVE-2017-5667.patch b/gnu/packages/patches/qemu-CVE-2017-5667.patch new file mode 100644 index 0000000000..5adea0d278 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-5667.patch @@ -0,0 +1,46 @@ +Fix CVE-2017-5667 (sdhci OOB access during multi block SDMA transfer): + +http://seclists.org/oss-sec/2017/q1/243 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5667 + +Patch copied from upstream source repository: + +http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=42922105beb14c2fc58185ea022b9f72fb5465e9 + +From 42922105beb14c2fc58185ea022b9f72fb5465e9 Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit <pjp@fedoraproject.org> +Date: Tue, 7 Feb 2017 18:29:59 +0000 +Subject: [PATCH] sd: sdhci: check data length during dma_memory_read + +While doing multi block SDMA transfer in routine +'sdhci_sdma_transfer_multi_blocks', the 's->fifo_buffer' starting +index 'begin' and data length 's->data_count' could end up to be same. +This could lead to an OOB access issue. Correct transfer data length +to avoid it. + +Cc: qemu-stable@nongnu.org +Reported-by: Jiang Xin <jiangxin1@huawei.com> +Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> +Reviewed-by: Peter Maydell <peter.maydell@linaro.org> +Message-id: 20170130064736.9236-1-ppandit@redhat.com +Signed-off-by: Peter Maydell <peter.maydell@linaro.org> +--- + hw/sd/sdhci.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c +index 01fbf228be..5bd5ab6319 100644 +--- a/hw/sd/sdhci.c ++++ b/hw/sd/sdhci.c +@@ -536,7 +536,7 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s) + boundary_count -= block_size - begin; + } + dma_memory_read(&address_space_memory, s->sdmasysad, +- &s->fifo_buffer[begin], s->data_count); ++ &s->fifo_buffer[begin], s->data_count - begin); + s->sdmasysad += s->data_count - begin; + if (s->data_count == block_size) { + for (n = 0; n < block_size; n++) { +-- +2.11.1 + diff --git a/gnu/packages/patches/qemu-CVE-2017-5856.patch b/gnu/packages/patches/qemu-CVE-2017-5856.patch new file mode 100644 index 0000000000..bee0824c0a --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-5856.patch @@ -0,0 +1,68 @@ +http://git.qemu.org/?p=qemu.git;a=patch;h=765a707000e838c30b18d712fe6cb3dd8e0435f3 +this patch is from qemu-git. + + +From 765a707000e838c30b18d712fe6cb3dd8e0435f3 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini <pbonzini@redhat.com> +Date: Mon, 2 Jan 2017 11:03:33 +0100 +Subject: [PATCH] megasas: fix guest-triggered memory leak + +If the guest sets the sglist size to a value >=2GB, megasas_handle_dcmd +will return MFI_STAT_MEMORY_NOT_AVAILABLE without freeing the memory. +Avoid this by returning only the status from map_dcmd, and loading +cmd->iov_size in the caller. + +Reported-by: Li Qiang <liqiang6-s@360.cn> +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> +--- + hw/scsi/megasas.c | 11 ++++++----- + 1 files changed, 6 insertions(+), 5 deletions(-) + +diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c +index 67fc1e7..6233865 100644 +--- a/hw/scsi/megasas.c ++++ b/hw/scsi/megasas.c +@@ -683,14 +683,14 @@ static int megasas_map_dcmd(MegasasState *s, MegasasCmd *cmd) + trace_megasas_dcmd_invalid_sge(cmd->index, + cmd->frame->header.sge_count); + cmd->iov_size = 0; +- return -1; ++ return -EINVAL; + } + iov_pa = megasas_sgl_get_addr(cmd, &cmd->frame->dcmd.sgl); + iov_size = megasas_sgl_get_len(cmd, &cmd->frame->dcmd.sgl); + pci_dma_sglist_init(&cmd->qsg, PCI_DEVICE(s), 1); + qemu_sglist_add(&cmd->qsg, iov_pa, iov_size); + cmd->iov_size = iov_size; +- return cmd->iov_size; ++ return 0; + } + + static void megasas_finish_dcmd(MegasasCmd *cmd, uint32_t iov_size) +@@ -1559,19 +1559,20 @@ static const struct dcmd_cmd_tbl_t { + + static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd) + { +- int opcode, len; ++ int opcode; + int retval = 0; ++ size_t len; + const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl; + + opcode = le32_to_cpu(cmd->frame->dcmd.opcode); + trace_megasas_handle_dcmd(cmd->index, opcode); +- len = megasas_map_dcmd(s, cmd); +- if (len < 0) { ++ if (megasas_map_dcmd(s, cmd) < 0) { + return MFI_STAT_MEMORY_NOT_AVAILABLE; + } + while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) { + cmdptr++; + } ++ len = cmd->iov_size; + if (cmdptr->opcode == -1) { + trace_megasas_dcmd_unhandled(cmd->index, opcode, len); + retval = megasas_dcmd_dummy(s, cmd); +-- +1.7.0.4 + diff --git a/gnu/packages/patches/qemu-CVE-2017-5898.patch b/gnu/packages/patches/qemu-CVE-2017-5898.patch new file mode 100644 index 0000000000..5a94bb1ae4 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-5898.patch @@ -0,0 +1,44 @@ +Fix CVE-2017-5898 (integer overflow in emulated_apdu_from_guest): + +http://seclists.org/oss-sec/2017/q1/328 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5898 + +Patch copied from upstream source repository: + +http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=c7dfbf322595ded4e70b626bf83158a9f3807c6a + +From c7dfbf322595ded4e70b626bf83158a9f3807c6a Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit <pjp@fedoraproject.org> +Date: Fri, 3 Feb 2017 00:52:28 +0530 +Subject: [PATCH] usb: ccid: check ccid apdu length + +CCID device emulator uses Application Protocol Data Units(APDU) +to exchange command and responses to and from the host. +The length in these units couldn't be greater than 65536. Add +check to ensure the same. It'd also avoid potential integer +overflow in emulated_apdu_from_guest. + +Reported-by: Li Qiang <liqiang6-s@360.cn> +Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> +Message-id: 20170202192228.10847-1-ppandit@redhat.com +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> +--- + hw/usb/dev-smartcard-reader.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c +index 89e11b68c4..1325ea1659 100644 +--- a/hw/usb/dev-smartcard-reader.c ++++ b/hw/usb/dev-smartcard-reader.c +@@ -967,7 +967,7 @@ static void ccid_on_apdu_from_guest(USBCCIDState *s, CCID_XferBlock *recv) + DPRINTF(s, 1, "%s: seq %d, len %d\n", __func__, + recv->hdr.bSeq, len); + ccid_add_pending_answer(s, (CCID_Header *)recv); +- if (s->card) { ++ if (s->card && len <= BULK_OUT_DATA_SIZE) { + ccid_card_apdu_from_guest(s->card, recv->abData, len); + } else { + DPRINTF(s, D_WARN, "warning: discarded apdu\n"); +-- +2.11.1 + diff --git a/gnu/packages/patches/qemu-CVE-2017-5931.patch b/gnu/packages/patches/qemu-CVE-2017-5931.patch new file mode 100644 index 0000000000..08910e5fac --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-5931.patch @@ -0,0 +1,55 @@ +Fix CVE-2017-5931 (integer overflow in handling virtio-crypto requests): + +http://seclists.org/oss-sec/2017/q1/337 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5931 + +Patch copied from upstream source repository: + +http://git.qemu-project.org/?p=qemu.git;a=commit;h=a08aaff811fb194950f79711d2afe5a892ae03a4 + +From a08aaff811fb194950f79711d2afe5a892ae03a4 Mon Sep 17 00:00:00 2001 +From: Gonglei <arei.gonglei@huawei.com> +Date: Tue, 3 Jan 2017 14:50:03 +0800 +Subject: [PATCH] virtio-crypto: fix possible integer and heap overflow + +Because the 'size_t' type is 4 bytes in 32-bit platform, which +is the same with 'int'. It's easy to make 'max_len' to zero when +integer overflow and then cause heap overflow if 'max_len' is zero. + +Using uint_64 instead of size_t to avoid the integer overflow. + +Cc: qemu-stable@nongnu.org +Reported-by: Li Qiang <liqiang6-s@360.cn> +Signed-off-by: Gonglei <arei.gonglei@huawei.com> +Tested-by: Li Qiang <liqiang6-s@360.cn> +Reviewed-by: Michael S. Tsirkin <mst@redhat.com> +Signed-off-by: Michael S. Tsirkin <mst@redhat.com> +--- + hw/virtio/virtio-crypto.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c +index 2f2467e859..c23e1ad458 100644 +--- a/hw/virtio/virtio-crypto.c ++++ b/hw/virtio/virtio-crypto.c +@@ -416,7 +416,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev, + uint32_t hash_start_src_offset = 0, len_to_hash = 0; + uint32_t cipher_start_src_offset = 0, len_to_cipher = 0; + +- size_t max_len, curr_size = 0; ++ uint64_t max_len, curr_size = 0; + size_t s; + + /* Plain cipher */ +@@ -441,7 +441,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev, + return NULL; + } + +- max_len = iv_len + aad_len + src_len + dst_len + hash_result_len; ++ max_len = (uint64_t)iv_len + aad_len + src_len + dst_len + hash_result_len; + if (unlikely(max_len > vcrypto->conf.max_size)) { + virtio_error(vdev, "virtio-crypto too big length"); + return NULL; +-- +2.11.1 + diff --git a/gnu/packages/patches/screen-CVE-2017-5618.patch b/gnu/packages/patches/screen-CVE-2017-5618.patch new file mode 100644 index 0000000000..1b95e428c8 --- /dev/null +++ b/gnu/packages/patches/screen-CVE-2017-5618.patch @@ -0,0 +1,40 @@ +Fixes CVE-2017-5618 (privilege escalation via opening the logfile when +screen is installed setuid root): + +https://savannah.gnu.org/bugs/?50142 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5618 + +This patch reverts the upstream commit that introduced the bug: + +https://git.savannah.gnu.org/cgit/screen.git/commit/?id=5460f5d28c01a9a58e021eb1dffef2965e629d58 + +From f55b0cc29a0ac2a1c54e8a5e886b7393edd4a76c Mon Sep 17 00:00:00 2001 +From: Leo Famulari <leo@famulari.name> +Date: Sat, 11 Feb 2017 22:40:24 -0500 +Subject: [PATCH] Revert "adding permissions check for the logfile name" + +This reverts commit 5460f5d28c01a9a58e021eb1dffef2965e629d58. +--- + src/screen.c | 6 ------ + 1 file changed, 6 deletions(-) + +diff --git a/src/screen.c b/src/screen.c +index 64650e9..283c305 100644 +--- a/src/screen.c ++++ b/src/screen.c +@@ -673,12 +673,6 @@ int main(int ac, char** av) + Panic(0, "-L: logfile name can not start with \"-\" symbol"); + if (strlen(screenlogfile) > PATH_MAX) + Panic(0, "-L: logfile name too long. (max. %d char)", PATH_MAX); +- +- FILE *w_check; +- if ((w_check = fopen(screenlogfile, "w")) == NULL) +- Panic(0, "-L: logfile name access problem"); +- else +- fclose(w_check); + } + nwin_options.Lflag = 1; + break; +-- +2.11.1 + diff --git a/gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch b/gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch new file mode 100644 index 0000000000..3f357c4924 --- /dev/null +++ b/gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch @@ -0,0 +1,31 @@ +Patch copied from upstream source repository: + +https://github.com/shadow-maint/shadow/commit/67d2bb6e0a5ac124ce1f026dd5723217b1493194 + +From 67d2bb6e0a5ac124ce1f026dd5723217b1493194 Mon Sep 17 00:00:00 2001 +From: Serge Hallyn <serge@hallyn.com> +Date: Sun, 18 Sep 2016 21:31:18 -0500 +Subject: [PATCH] su.c: fix missing length argument to snprintf + +--- + src/su.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/su.c b/src/su.c +index 0c50a9456afd..93ffd2fbe2b4 100644 +--- a/src/su.c ++++ b/src/su.c +@@ -373,8 +373,8 @@ static void prepare_pam_close_session (void) + stderr); + (void) kill (-pid_child, caught); + +- snprintf (kill_msg, _(" ...killed.\n")); +- snprintf (wait_msg, _(" ...waiting for child to terminate.\n")); ++ snprintf (kill_msg, 256, _(" ...killed.\n")); ++ snprintf (wait_msg, 256, _(" ...waiting for child to terminate.\n")); + + (void) signal (SIGALRM, kill_child); + (void) alarm (2); +-- +2.11.0.rc2 + diff --git a/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch b/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch index b63d5bb018..4092261f75 100644 --- a/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch +++ b/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch @@ -1,19 +1,19 @@ -From 53eda9102b969a4be2882cea4befee03591a7436 Mon Sep 17 00:00:00 2001 -From: Pjotr Prins <pjotr.public01@thebird.nl> -Date: Fri, 12 Feb 2016 12:43:33 +0100 -Subject: [PATCH] Remove contribs +From 49d83e24a8e66977056fc9920812265c16806500 Mon Sep 17 00:00:00 2001 +From: carolili <carolili@iki.fi> +Date: Thu, 9 Feb 2017 19:24:49 +0000 +Subject: [PATCH] Removing contribs --- - configure.ac | 20 -------------------- - 1 file changed, 20 deletions(-) + configure.ac | 22 ---------------------- + 1 file changed, 22 deletions(-) diff --git a/configure.ac b/configure.ac -index fedf354..e010732 100644 +index 1cf1051..5d76b44 100644 --- a/configure.ac +++ b/configure.ac -@@ -438,26 +438,6 @@ dnl All slurm Makefiles: +@@ -435,28 +435,6 @@ dnl All slurm Makefiles: + AC_CONFIG_FILES([Makefile - config.xml auxdir/Makefile - contribs/Makefile - contribs/cray/Makefile @@ -27,7 +27,9 @@ index fedf354..e010732 100644 - contribs/perlapi/libslurm/perl/Makefile.PL - contribs/perlapi/libslurmdb/Makefile - contribs/perlapi/libslurmdb/perl/Makefile.PL +- contribs/seff/Makefile - contribs/torque/Makefile +- contribs/openlava/Makefile - contribs/phpext/Makefile - contribs/phpext/slurm_php/config.m4 - contribs/sgather/Makefile @@ -39,5 +41,5 @@ index fedf354..e010732 100644 doc/man/Makefile doc/man/man1/Makefile -- -2.1.4 +2.11.0 diff --git a/gnu/packages/patches/spice-CVE-2016-9577.patch b/gnu/packages/patches/spice-CVE-2016-9577.patch new file mode 100644 index 0000000000..a2cb558cd3 --- /dev/null +++ b/gnu/packages/patches/spice-CVE-2016-9577.patch @@ -0,0 +1,33 @@ +Prevent buffer overflow when reading large messages. + +https://bugzilla.redhat.com/show_bug.cgi?id=1401603 +https://access.redhat.com/security/cve/CVE-2016-9577 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9577 +https://security-tracker.debian.org/tracker/CVE-2016-9577 + +Patch copied from upstream source repository: + +https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=5f96b596353d73bdf4bb3cd2de61e48a7fd5b4c3 + +From 5f96b596353d73bdf4bb3cd2de61e48a7fd5b4c3 Mon Sep 17 00:00:00 2001 +From: Frediano Ziglio <fziglio@redhat.com> +Date: Tue, 29 Nov 2016 16:46:56 +0000 +Subject: main-channel: Prevent overflow reading messages from client + +diff --git a/server/main_channel.c b/server/main_channel.c +index 0ecc9df..1fc3915 100644 +--- a/server/main_channel.c ++++ b/server/main_channel.c +@@ -1026,6 +1026,9 @@ static uint8_t *main_channel_alloc_msg_rcv_buf(RedChannelClient *rcc, + + if (type == SPICE_MSGC_MAIN_AGENT_DATA) { + return reds_get_agent_data_buffer(mcc, size); ++ } else if (size > sizeof(main_chan->recv_buf)) { ++ /* message too large, caller will log a message and close the connection */ ++ return NULL; + } else { + return main_chan->recv_buf; + } +-- +cgit v0.10.2 + diff --git a/gnu/packages/patches/spice-CVE-2016-9578-1.patch b/gnu/packages/patches/spice-CVE-2016-9578-1.patch new file mode 100644 index 0000000000..f86cdb4eb1 --- /dev/null +++ b/gnu/packages/patches/spice-CVE-2016-9578-1.patch @@ -0,0 +1,33 @@ +Prevent possible DoS during protocol handshake. + +https://bugzilla.redhat.com/show_bug.cgi?id=1399566 +https://access.redhat.com/security/cve/CVE-2016-9578 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9578 +https://security-tracker.debian.org/tracker/CVE-2016-9578 + +Patch copied from upstream source repository: + +https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=f66dc643635518e53dfbe5262f814a64eec54e4a + +From 1c6517973095a67c8cb57f3550fc1298404ab556 Mon Sep 17 00:00:00 2001 +From: Frediano Ziglio <fziglio@redhat.com> +Date: Tue, 13 Dec 2016 14:39:48 +0000 +Subject: Prevent possible DoS attempts during protocol handshake + +diff --git a/server/reds.c b/server/reds.c +index f40b65c..86a33d5 100644 +--- a/server/reds.c ++++ b/server/reds.c +@@ -2202,7 +2202,8 @@ static void reds_handle_read_header_done(void *opaque) + + reds->peer_minor_version = header->minor_version; + +- if (header->size < sizeof(SpiceLinkMess)) { ++ /* the check for 4096 is to avoid clients to cause arbitrary big memory allocations */ ++ if (header->size < sizeof(SpiceLinkMess) || header->size > 4096) { + reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA); + spice_warning("bad size %u", header->size); + reds_link_free(link); +-- +cgit v0.10.2 + diff --git a/gnu/packages/patches/spice-CVE-2016-9578-2.patch b/gnu/packages/patches/spice-CVE-2016-9578-2.patch new file mode 100644 index 0000000000..76f7ec7ffb --- /dev/null +++ b/gnu/packages/patches/spice-CVE-2016-9578-2.patch @@ -0,0 +1,38 @@ +Fixes a potential buffer overflow in the protocol handling. + +https://bugzilla.redhat.com/show_bug.cgi?id=1399566 +https://access.redhat.com/security/cve/CVE-2016-9578 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9578 +https://security-tracker.debian.org/tracker/CVE-2016-9578 + +Patch copied from upstream source repository: + +https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=f66dc643635518e53dfbe5262f814a64eec54e4a + +From f66dc643635518e53dfbe5262f814a64eec54e4a Mon Sep 17 00:00:00 2001 +From: Frediano Ziglio <fziglio@redhat.com> +Date: Tue, 13 Dec 2016 14:40:10 +0000 +Subject: Prevent integer overflows in capability checks + +diff --git a/server/reds.c b/server/reds.c +index 86a33d5..9150454 100644 +--- a/server/reds.c ++++ b/server/reds.c +@@ -2110,6 +2110,14 @@ static void reds_handle_read_link_done(void *opaque) + link_mess->num_channel_caps = GUINT32_FROM_LE(link_mess->num_channel_caps); + link_mess->num_common_caps = GUINT32_FROM_LE(link_mess->num_common_caps); + ++ /* Prevent DoS. Currently we defined only 13 capabilities, ++ * I expect 1024 to be valid for quite a lot time */ ++ if (link_mess->num_channel_caps > 1024 || link_mess->num_common_caps > 1024) { ++ reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA); ++ reds_link_free(link); ++ return; ++ } ++ + num_caps = link_mess->num_common_caps + link_mess->num_channel_caps; + caps = (uint32_t *)((uint8_t *)link_mess + link_mess->caps_offset); + +-- +cgit v0.10.2 + diff --git a/gnu/packages/patches/tipp10-fix-compiling.patch b/gnu/packages/patches/tipp10-fix-compiling.patch new file mode 100644 index 0000000000..4c206d4d83 --- /dev/null +++ b/gnu/packages/patches/tipp10-fix-compiling.patch @@ -0,0 +1,213 @@ +Description: Debian patches to make tipp10 compile +Author: Christoph Martin <chrism@debian.org> +Last-Update: 2016-07-20 + +https://sources.debian.net/data/main/t/tipp10/2.1.0-2/debian/patches/0001-FixCompiling + +--- a/widget/tickerboard.cpp ++++ b/widget/tickerboard.cpp +@@ -97,7 +97,8 @@ void TickerBoard::startTicker(bool wasPa +
+ if (tickerSpeed == 50) {
+ scrollOffset = 290;
+- scroll(-290, 0, QRect::QRect(10, 15, 590, 35)); //contentsRect());
++ const QRect qr = QRect(10, 15, 590, 35);
++ scroll(-290, 0, qr); //contentsRect());
+ }
+
+ startFlag = true;
+@@ -153,7 +154,8 @@ void TickerBoard::changeChar() { + scrollOffset = 0;
+ } else {
+ scrollOffset = 290;
+- scroll(-290, 0, QRect::QRect(10, 15, 590, 35)); //contentsRect());
++ const QRect qr = QRect(10, 15, 590, 35);
++ scroll(-290, 0, qr); //contentsRect());
+ }
+ splitLesson();
+ }
+@@ -242,7 +244,8 @@ void TickerBoard::progress() { +
+ // Move ticker 1 pixel to left
+ scrollOffset++;
+- scroll(-1, 0, QRect::QRect(10, 15, 590, 35)); //contentsRect());
++ const QRect qr = QRect(10, 15, 590, 35);
++ scroll(-1, 0, qr); //contentsRect());
+
+ if ((lessonOffset - scrollOffset) <= 30) {
+ setSpeed(tickerSpeed);
+@@ -265,14 +268,16 @@ void TickerBoard::progress() { + // 160 pixels overage (because the user must see at least the next word)
+ if ((lessonOffset - scrollOffset) > 200) {
+ scrollOffset += (lessonOffset - scrollOffset) - 200;
+- scroll(-((lessonOffset - scrollOffset) - 200), 0, QRect::QRect(10, 15, 590, 35)); //contentsRect());
++ const QRect qr = QRect(10, 15, 590, 35);
++ scroll(-((lessonOffset - scrollOffset) - 200), 0, qr); //contentsRect());
+ }
+ } else {
+ // If the user types faster than the ticker, move ticker faster after
+ // 160 pixels overage (because the user must see at least the next word)
+ if ((lessonOffset - scrollOffset) > 280) {
+ scrollOffset += 570;
+- scroll(-570, 0, QRect::QRect(10, 15, 590, 35)); //contentsRect());
++ const QRect qr = QRect(10, 15, 590, 35);
++ scroll(-570, 0, qr); //contentsRect());
+ }
+
+ }
+--- a/widget/settingspages.cpp ++++ b/widget/settingspages.cpp +@@ -501,7 +501,7 @@ void DatabasePage::writeSettings() { + QSettings settings;
+ #endif
+ settings.beginGroup("database");
+- settings.setValue("pathpro", lineDatabasePath->text() + "/" + QString::QString(APP_USER_DB));
++ settings.setValue("pathpro", lineDatabasePath->text() + "/" + QString(APP_USER_DB));
+ settings.endGroup();
+ }
+
+--- a/widget/lessondialog.cpp ++++ b/widget/lessondialog.cpp +@@ -89,7 +89,7 @@ void LessonDialog::updateContent() { + *lessonData = lineLessonContent->toPlainText().split("\n", QString::SkipEmptyParts);
+ // Delete empty lines
+ for (int i = 0; i < lessonData->size(); i++) {
+- if (QString::QString(lessonData->at(i).toLocal8Bit().constData()).simplified() == "") {
++ if (QString(lessonData->at(i).toLocal8Bit().constData()).simplified() == "") {
+ lessonData->removeAt(i);
+ }
+ }
+@@ -259,7 +259,7 @@ void LessonDialog::clickSave() { + contentList = lineLessonContent->toPlainText().split("\n", QString::SkipEmptyParts);
+ // Delete empty lines
+ for (i = 0; i < contentList.size(); i++) {
+- if (QString::QString(contentList.at(i).toLocal8Bit().constData()).simplified() == "") {
++ if (QString(contentList.at(i).toLocal8Bit().constData()).simplified() == "") {
+ contentList.removeAt(i);
+ }
+ }
+--- a/sql/chartablesql.cpp ++++ b/sql/chartablesql.cpp +@@ -57,7 +57,7 @@ QVariant CharSqlModel::data(const QModel + // Read the unicode value
+ unicode = value.toInt();
+ // Convert unicode to a char
+- unicodeToChar = QString::QString(QChar(unicode)); //"\'" + QString::QString(QChar(unicode)) + "\'";
++ unicodeToChar = QString(QChar(unicode)); //"\'" + QString::QString(QChar(unicode)) + "\'";
+ return unicodeToChar;
+ } else {
+ // Last column (error weight)
+--- a/sql/startsql.cpp ++++ b/sql/startsql.cpp +@@ -344,7 +344,7 @@ bool StartSql::updateOwnLesson(QString l + for (i = 0; i < content.size(); i++) {
+ //simplifiedContent = QString::QString(
+ // content.at(i)).replace(QChar(0x27), "''", Qt::CaseSensitive).simplified();
+- simplifiedContent = trim(QString::QString(
++ simplifiedContent = trim(QString(
+ content.at(i)).replace(QChar(0x27), "''", Qt::CaseSensitive));
+
+ if (!query.exec("INSERT INTO own_content VALUES(NULL,'" +
+--- a/def/defines.h ++++ b/def/defines.h +@@ -27,9 +27,9 @@ Foundation, Inc., 51 Franklin Street, Fi + #define DEFINES_H
+
+ // OS constants
+-#define APP_WIN true
++#define APP_WIN false
+ #define APP_MAC false
+-#define APP_X11 false
++#define APP_X11 true
+ #define APP_PORTABLE false //at least one of the 3 OS must be true too!
+
+ // Languages
+@@ -47,6 +47,7 @@ Foundation, Inc., 51 Franklin Street, Fi + #define APP_URL "http://www.tipp10.com"
+ #define APP_DB "tipp10v2.template"
+ #define APP_USER_DB "tipp10v2.db"
++#define APP_SHARE_DIR "/usr/share/tipp10"
+
+ // Update constants
+ #define UPDATE_URL "www.tipp10.com"
+--- a/tipp10.pro ++++ b/tipp10.pro +@@ -88,3 +88,15 @@ SOURCES += main.cpp \ + sql/startsql.cpp \
+ games/abcrainwidget.cpp \
+ games/charball.cpp
++
++target.path = /usr/bin/
++INSTALLS += target
++share.path = /usr/share/tipp10/
++share.files = release/* *wav
++INSTALLS += share
++desktop.path = /usr/share/applications/
++desktop.files = tipp10.desktop
++INSTALLS += desktop
++pixmap.path = /usr/share/pixmaps/
++pixmap.files = tipp10.png
++INSTALLS += pixmap
+--- a/sql/connection.h ++++ b/sql/connection.h +@@ -179,11 +179,13 @@ static bool createConnection() { + CANCEL_NO, "Betroffener Pfad:\n" + dbPath);*/
+ // Try to create new databae in user path
+ // Exist a database in the program dir?
+- if (QFile::exists(QCoreApplication::applicationDirPath() + "/" + dbNameTemplate)) {
++ // if (QFile::exists(QCoreApplication::applicationDirPath() + "/" + dbNameTemplate)) {
++ if (QFile::exists(QString(APP_SHARE_DIR) + "/" + dbNameTemplate)) {
+ //if (QFile::exists(":/" + dbNameTemplate)) {
+ // A database exist in the program dir
+ // -> copy database to user home dir
+- QFile file(QCoreApplication::applicationDirPath() + "/" + dbNameTemplate);
++ // QFile file(QCoreApplication::applicationDirPath() + "/" + dbNameTemplate);
++ QFile file(QString(APP_SHARE_DIR) + "/" + dbNameTemplate);
+ //QFile file(":/" + dbNameTemplate);
+ if (file.copy(dbPath)) {
+ QFile::setPermissions(dbPath, QFile::permissions(dbPath) | QFile::WriteUser);
+@@ -229,7 +231,8 @@ static bool createConnection() { + // Exist a database in user's home dir?
+ if (!QFile::exists(dbPath)) {
+ // Exist a database template in the program dir?
+- dbPath = QCoreApplication::applicationDirPath() + "/" + dbNameTemplate;
++ // dbPath = QCoreApplication::applicationDirPath() + "/" + dbNameTemplate;
++ dbPath = QString(APP_SHARE_DIR) + "/" + dbNameTemplate;
+ //dbPath = ":/" + dbNameTemplate;
+ if (QFile::exists(dbPath)) {
+ // A database template exist in the program dir
+--- a/widget/helpbrowser.cpp ++++ b/widget/helpbrowser.cpp +@@ -52,13 +52,15 @@ HelpBrowser::HelpBrowser(QString link, Q + textBrowser->setOpenExternalLinks(true);
+
+ textBrowser->setSource(QString("file:///") +
+- QCoreApplication::applicationDirPath() +
++ // QCoreApplication::applicationDirPath() +
++ APP_SHARE_DIR +
+ QString("/help/") + language + QString("/index.html"));
+
+ if (link != "") {
+
+ textBrowser->setSource(QString("file:///") +
+- QCoreApplication::applicationDirPath() +
++ // QCoreApplication::applicationDirPath() +
++ APP_SHARE_DIR +
+ QString("/help/") + language + QString("/content/") + link);
+
+ }
+--- a/tipp10.desktop ++++ b/tipp10.desktop +@@ -1,10 +1,10 @@ + [Desktop Entry] +-Encoding=UTF-8 + Name=TIPP10 + Comment=Touch Typing Tutor + Comment[de]=10-Finger-Schreibtrainer +-Exec=tipp10 ++Exec=/usr/bin/tipp10 + Icon=tipp10.png + Terminal=false + Type=Application + Categories=Education; ++Keywords=learning;touchtyping diff --git a/gnu/packages/patches/tipp10-remove-license-code.patch b/gnu/packages/patches/tipp10-remove-license-code.patch new file mode 100644 index 0000000000..4b7487e726 --- /dev/null +++ b/gnu/packages/patches/tipp10-remove-license-code.patch @@ -0,0 +1,332 @@ +Description: Remove license dialog and license key checking + +https://sources.debian.net/data/main/t/tipp10/2.1.0-2/debian/patches/0002-RemoveLicenseCode + +--- a/main.cpp ++++ b/main.cpp +@@ -33,7 +33,6 @@ Foundation, Inc., 51 Franklin Street, Fi + #include "def/defines.h"
+ #include "sql/connection.h"
+ #include "widget/mainwindow.h"
+-#include "widget/licensedialog.h"
+ #include "widget/illustrationdialog.h"
+
+ int main(int argc, char *argv[]) {
+@@ -59,7 +58,7 @@ int main(int argc, char *argv[]) { + QSettings settings;
+ #endif
+
+- // Read/write language, license key and show illustration flag
++ // Read/write language and show illustration flag
+ settings.beginGroup("general");
+ QString languageGui = settings.value("language_gui",
+ QLocale::system().name()).toString();
+@@ -101,7 +100,6 @@ int main(int argc, char *argv[]) { + QString languageLesson = settings.value("language_lesson",
+ "").toString();
+
+- QString licenseKey = settings.value("licensekey", "").toString();
+ bool showIllustration = settings.value("check_illustration", true).toBool();
+ bool useNativeStyle = settings.value("check_native_style", false).toBool();
+ settings.endGroup();
+--- a/tipp10.pro ++++ b/tipp10.pro +@@ -43,7 +43,6 @@ HEADERS += def/defines.h \ + widget/helpbrowser.h \
+ widget/companylogo.h \
+ widget/errormessage.h \
+- widget/licensedialog.h \
+ widget/txtmessagedialog.h \
+ widget/checkversion.h \
+ sql/connection.h \
+@@ -78,7 +77,6 @@ SOURCES += main.cpp \ + widget/helpbrowser.cpp \
+ widget/companylogo.cpp \
+ widget/errormessage.cpp \
+- widget/licensedialog.cpp \
+ widget/txtmessagedialog.cpp \
+ widget/checkversion.cpp \
+ sql/lessontablesql.cpp \
+--- a/widget/licensedialog.cpp ++++ /dev/null +@@ -1,168 +0,0 @@ +-/*
+-Copyright (c) 2006-2009, Tom Thielicke IT Solutions
+-
+-This program is free software; you can redistribute it and/or
+-modify it under the terms of the GNU General Public License
+-as published by the Free Software Foundation; either version 2
+-of the License.
+-
+-This program is distributed in the hope that it will be useful,
+-but WITHOUT ANY WARRANTY; without even the implied warranty of
+-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+-GNU General Public License for more details.
+-
+-You should have received a copy of the GNU General Public License
+-along with this program; if not, write to the Free Software
+-Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+-02110-1301, USA.
+-*/
+-
+-/****************************************************************
+-**
+-** Implementation of the LicenseDialog class
+-** File name: licensedialog.cpp
+-**
+-****************************************************************/
+-
+-#include <QHBoxLayout>
+-#include <QVBoxLayout>
+-#include <QMessageBox>
+-#include <QSettings>
+-#include <QCoreApplication>
+-
+-#include "licensedialog.h"
+-#include "def/defines.h"
+-
+-LicenseDialog::LicenseDialog(QWidget *parent) : QDialog(parent) {
+-
+- setWindowFlags(windowFlags() ^ Qt::WindowContextHelpButtonHint);
+-
+- setWindowTitle(tr("Lizenznummer"));
+- setWindowIcon(QIcon(":/img/" + QString(ICON_FILENAME)));
+-
+- // Create texbox
+- createLineEdit();
+-
+- // Create buttons
+- createButtons();
+-
+- // Set the layout of all widgets created above
+- createLayout();
+-
+- lineLicensing->setFocus();
+-}
+-
+-void LicenseDialog::createButtons() {
+- //Buttons
+- buttonOk = new QPushButton(this);
+- buttonDemo = new QPushButton(this);
+-
+- buttonOk->setText(tr("&Ok"));
+- buttonDemo->setText(tr("&Demo starten"));
+- buttonDemo->setToolTip(tr("Im Demo-Modus koennen pro Lektion nur\n"
+- "10 Schriftzeichen eingegeben werden"));
+-
+- buttonOk->setDefault(true);
+- // Widget connections
+- connect(buttonOk, SIGNAL(clicked()), this, SLOT(clickOk()));
+- connect(buttonDemo, SIGNAL(clicked()), this, SLOT(clickDemo()));
+-}
+-
+-void LicenseDialog::createLineEdit() {
+-
+- lineLicensing = new QLineEdit();
+- lineLicensing->setInputMask(">NNNNNNNNNNNNNN");
+-
+- labelLicensing = new QLabel(tr("Bitte geben Sie Ihre Lizenznummer "
+- "(ohne Leerzeichen) ein, "
+- "die Sie im Arbeitsbuch (Schulbuch) auf Seite 3 finden:"));
+-
+- labelLicensing->setWordWrap(true);
+-}
+-
+-void LicenseDialog::createLayout() {
+- // Button layout horizontal
+- QHBoxLayout *buttonLayoutHorizontal = new QHBoxLayout;
+- buttonLayoutHorizontal->addStretch(1);
+- buttonLayoutHorizontal->addWidget(buttonDemo);
+- buttonLayoutHorizontal->addWidget(buttonOk);
+- // Full layout of all widgets vertical
+- QVBoxLayout *mainLayout = new QVBoxLayout;
+- mainLayout->addSpacing(1);
+- mainLayout->addWidget(labelLicensing);
+- mainLayout->addSpacing(1);
+- mainLayout->addWidget(lineLicensing);
+- mainLayout->addSpacing(1);
+- mainLayout->addLayout(buttonLayoutHorizontal);
+- mainLayout->setMargin(15);
+- mainLayout->setSpacing(15);
+- // Pass layout to parent widget (this)
+- this->setLayout(mainLayout);
+-}
+-
+-void LicenseDialog::clickOk() {
+-
+- // Check license key
+- if (!checkLicenseKey(lineLicensing->text())) {
+-
+- // License key is wrong
+-
+- // Message to the user
+- QMessageBox::information(0, APP_NAME,
+- tr("Die eingegebene Lizenznummer ist leider nicht "
+- "korrekt.\nBitte ueberpruefen Sie die Schreibweise."));
+-
+- lineLicensing->setFocus();
+-
+- } else {
+-
+- // License key is ok
+- writeSettings();
+- accept();
+- }
+-}
+-
+-void LicenseDialog::clickDemo() {
+- accept();
+-}
+-
+-bool LicenseDialog::checkLicenseKey(QString licenseKey) {
+- if (licenseKey.size() == 14 &&
+- licenseKey[0].isLetter() &&
+- licenseKey[1].isLetter() &&
+- (licenseKey.mid(2, 2) == "39" ||
+- licenseKey.mid(2, 2) == "41" ||
+- licenseKey.mid(2, 2) == "43" ||
+- licenseKey.mid(2, 2) == "49" ||
+- licenseKey.mid(2, 2) == "99") &&
+- licenseKey[4].isDigit() &&
+- licenseKey[5].isDigit() &&
+- licenseKey[6].isDigit() &&
+- licenseKey[7].isLetter() &&
+- licenseKey[8].isDigit() &&
+- licenseKey[9].isDigit() &&
+- licenseKey[10].isDigit() &&
+- licenseKey[11].isDigit() &&
+- licenseKey[12].isLetter() &&
+- licenseKey[13].isLetter()) {
+-
+- return true;
+- }
+- return false;
+-}
+-
+-void LicenseDialog::writeSettings() {
+- // Saves settings of the startwiget
+- // (uses the default constructor of QSettings, passing
+- // the application and company name see main function)
+- #if APP_PORTABLE
+- QSettings settings(QCoreApplication::applicationDirPath() +
+- "/portable/settings.ini", QSettings::IniFormat);
+- #else
+- QSettings settings;
+- #endif
+-
+- settings.beginGroup("general");
+- settings.setValue("licensekey", lineLicensing->text());
+- settings.endGroup();
+-}
+--- a/widget/licensedialog.h ++++ /dev/null +@@ -1,85 +0,0 @@ +-/*
+-Copyright (c) 2006-2009, Tom Thielicke IT Solutions
+-
+-This program is free software; you can redistribute it and/or
+-modify it under the terms of the GNU General Public License
+-as published by the Free Software Foundation; either version 2
+-of the License.
+-
+-This program is distributed in the hope that it will be useful,
+-but WITHOUT ANY WARRANTY; without even the implied warranty of
+-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+-GNU General Public License for more details.
+-
+-You should have received a copy of the GNU General Public License
+-along with this program; if not, write to the Free Software
+-Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+-02110-1301, USA.
+-*/
+-
+-/****************************************************************
+-**
+-** Definition of the LicenseDialog class
+-** File name: licensedialog.h
+-**
+-****************************************************************/
+-
+-#ifndef LICENSEDIALOG_H
+-#define LICENSEDIALOG_H
+-
+-#include <QDialog>
+-#include <QWidget>
+-#include <QPushButton>
+-#include <QLabel>
+-#include <QLineEdit>
+-#include <QString>
+-
+-//! The LicenseDialog class provides a license input widget.
+-/*!
+- The LicenseDialog class shows a dialog to enter a license key.
+-
+- @author Tom Thielicke, s712715
+- @version 0.0.1
+- @date 09.09.2008
+-*/
+-class LicenseDialog : public QDialog {
+- Q_OBJECT
+-
+- public:
+-
+- //! Constructor, creates two table objects and provide it in two tabs.
+- LicenseDialog(QWidget *parent = 0);
+-
+- bool checkLicenseKey(QString licenseKey);
+-
+- public slots:
+-
+- private slots:
+-
+- //! Start button pressed
+- void clickOk();
+-
+- //! Demo button pressed
+- void clickDemo();
+-
+- private:
+-
+- //! Creates a cancel and a ok button.
+- void createButtons();
+-
+- //! Creates a textbox.
+- void createLineEdit();
+-
+- //! Creates the layout of the complete class.
+- void createLayout();
+-
+- //! Writes user settings
+- void writeSettings();
+-
+- QPushButton *buttonOk;
+- QPushButton *buttonDemo;
+- QLabel *labelLicensing;
+- QLineEdit *lineLicensing;
+-};
+-
+-#endif //LICENSEDIALOG_H
+--- a/widget/mainwindow.cpp ++++ b/widget/mainwindow.cpp +@@ -116,11 +116,6 @@ void MainWindow::closeEvent(QCloseEvent + }
+ }
+
+-bool MainWindow::checkLicenseKey(QString licenseKey) {
+-
+- return false;
+-}
+-
+ void MainWindow::createMenu() {
+ //Mac-Version:
+ //-----------
+--- a/widget/mainwindow.h ++++ b/widget/mainwindow.h +@@ -39,7 +39,6 @@ Foundation, Inc., 51 Franklin Street, Fi + #include "trainingwidget.h"
+ #include "evaluationwidget.h"
+ #include "illustrationdialog.h"
+-#include "licensedialog.h"
+ #include "games/abcrainwidget.h"
+ #include "helpbrowser.h"
+
diff --git a/gnu/packages/patches/totem-debug-format-fix.patch b/gnu/packages/patches/totem-debug-format-fix.patch deleted file mode 100644 index 7ddd31ee10..0000000000 --- a/gnu/packages/patches/totem-debug-format-fix.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- totem-3.20.1/src/backend/bacon-video-widget.c.orig 2016-03-22 12:45:32.000000000 -0400 -+++ totem-3.20.1/src/backend/bacon-video-widget.c 2016-05-11 02:49:55.299109551 -0400 -@@ -2334,7 +2334,7 @@ - if (!gst_toc_entry_get_start_stop_times (entry, &start, &stop)) { - GST_DEBUG ("Chapter #%d (couldn't get times)", i); - } else { -- GST_DEBUG ("Chapter #%d (start: %li stop: %li)", i, start, stop); -+ GST_DEBUG ("Chapter #%d (start: %li stop: %li)", i, (long) start, (long) stop); - } - } - diff --git a/gnu/packages/patches/upower-builddir.patch b/gnu/packages/patches/upower-builddir.patch index 13cef5876a..d59d4364b8 100644 --- a/gnu/packages/patches/upower-builddir.patch +++ b/gnu/packages/patches/upower-builddir.patch @@ -37,7 +37,7 @@ Patch by Andy Wingo <wingo@igalia.com> - if (g_file_test ("../etc/UPower.conf", G_FILE_TEST_EXISTS)) - g_setenv ("UPOWER_CONF_FILE_NAME", "../etc/UPower.conf", TRUE); - else -- g_setenv ("UPOWER_CONF_FILE_NAME", "../../etc/UPower.conf", TRUE); +- g_setenv ("UPOWER_CONF_FILE_NAME", "../../../etc/UPower.conf", TRUE); - /* tests go here */ g_test_add_func ("/power/backend", up_test_backend_func); diff --git a/gnu/packages/patches/vsearch-unbundle-cityhash.patch b/gnu/packages/patches/vsearch-unbundle-cityhash.patch new file mode 100644 index 0000000000..b1ecb1f063 --- /dev/null +++ b/gnu/packages/patches/vsearch-unbundle-cityhash.patch @@ -0,0 +1,73 @@ +diff --git a/src/Makefile.am b/src/Makefile.am +index e56a8a2..4adcc48 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -3,7 +3,7 @@ bin_PROGRAMS = $(top_builddir)/bin/vsearch + if TARGET_PPC + AM_CXXFLAGS=-Wall -Wsign-compare -O3 -g -mcpu=power8 + else +-AM_CXXFLAGS=-Wall -Wsign-compare -O3 -g ++AM_CXXFLAGS=-Wall -Wsign-compare -O3 -g -lcityhash + endif + + AM_CFLAGS=$(AM_CXXFLAGS) +@@ -18,8 +18,6 @@ allpairs.h \ + arch.h \ + bitmap.h \ + chimera.h \ +-city.h \ +-citycrc.h \ + cluster.h \ + cpu.h \ + db.h \ +@@ -59,31 +57,26 @@ xstring.h + + if TARGET_PPC + libcpu_a_SOURCES = cpu.cc $(VSEARCHHEADERS) +-noinst_LIBRARIES = libcpu.a libcityhash.a ++noinst_LIBRARIES = libcpu.a + else + libcpu_sse2_a_SOURCES = cpu.cc $(VSEARCHHEADERS) + libcpu_sse2_a_CXXFLAGS = $(AM_CXXFLAGS) -msse2 + libcpu_ssse3_a_SOURCES = cpu.cc $(VSEARCHHEADERS) + libcpu_ssse3_a_CXXFLAGS = $(AM_CXXFLAGS) -mssse3 -DSSSE3 +-noinst_LIBRARIES = libcpu_sse2.a libcpu_ssse3.a libcityhash.a ++noinst_LIBRARIES = libcpu_sse2.a libcpu_ssse3.a + endif + +-libcityhash_a_SOURCES = city.cc city.h +- + if TARGET_WIN + +-libcityhash_a_CXXFLAGS = -Wall -Wno-sign-compare -O3 -g -D_MSC_VER +-__top_builddir__bin_vsearch_LDFLAGS = -static +-__top_builddir__bin_vsearch_LDADD = libregex.a libcityhash.a libcpu_ssse3.a libcpu_sse2.a ++__top_builddir__bin_vsearch_LDFLAGS = -static -lcityhash ++__top_builddir__bin_vsearch_LDADD = libregex.a libcpu_ssse3.a libcpu_sse2.a + + else + +-libcityhash_a_CXXFLAGS = -Wall -Wno-sign-compare -O3 -g +- + if TARGET_PPC +-__top_builddir__bin_vsearch_LDADD = libcityhash.a libcpu.a ++__top_builddir__bin_vsearch_LDADD = libcpu.a + else +-__top_builddir__bin_vsearch_LDADD = libcityhash.a libcpu_ssse3.a libcpu_sse2.a ++__top_builddir__bin_vsearch_LDADD = libcpu_ssse3.a libcpu_sse2.a + endif + + endif +diff --git a/src/vsearch.h b/src/vsearch.h +index f2c244b..5f51bbe 100644 +--- a/src/vsearch.h ++++ b/src/vsearch.h +@@ -148,7 +148,7 @@ + #include <bzlib.h> + #endif + +-#include "city.h" ++#include <city.h> + #include "md5.h" + #include "sha1.h" + diff --git a/gnu/packages/patches/xf86-video-glint-remove-mibstore.patch b/gnu/packages/patches/xf86-video-glint-remove-mibstore.patch deleted file mode 100644 index 969ed7e41e..0000000000 --- a/gnu/packages/patches/xf86-video-glint-remove-mibstore.patch +++ /dev/null @@ -1,24 +0,0 @@ -Removes references to mibstore.h and miInitializeBackingStore, which -have been removed from xorg-server. Zack Rusin <zackr@vmware.com> -wrote: "It was a noop for at least 5 years and it has been removed." -See: http://patches.openembedded.org/patch/46133/ - ---- xf86-video-glint-1.2.8/src/glint_driver.c.~1~ 2012-07-15 22:50:47.000000000 -0400 -+++ xf86-video-glint-1.2.8/src/glint_driver.c 2014-12-19 00:42:39.162714279 -0500 -@@ -52,8 +52,6 @@ - #include "compiler.h" - #include "mipointer.h" - --#include "mibstore.h" -- - #include "pm3_regs.h" - #include "glint_regs.h" - #include "IBM.h" -@@ -2904,7 +2902,6 @@ - } - } - -- miInitializeBackingStore(pScreen); - xf86SetBackingStore(pScreen); - xf86SetSilkenMouse(pScreen); - diff --git a/gnu/packages/patches/xf86-video-nv-remove-mibstore.patch b/gnu/packages/patches/xf86-video-nv-remove-mibstore.patch deleted file mode 100644 index 48588ed0e4..0000000000 --- a/gnu/packages/patches/xf86-video-nv-remove-mibstore.patch +++ /dev/null @@ -1,72 +0,0 @@ -Removes references to mibstore.h and miInitializeBackingStore, which -have been removed from xorg-server. Zack Rusin <zackr@vmware.com> -wrote: "It was a noop for at least 5 years and it has been removed." -See: http://patches.openembedded.org/patch/46133/ - -diff -ru xf86-video-nv-2.1.20.orig/src/g80_driver.c xf86-video-nv-2.1.20/src/g80_driver.c ---- xf86-video-nv-2.1.20.orig/src/g80_driver.c 2012-07-17 02:47:02.000000000 -0400 -+++ xf86-video-nv-2.1.20/src/g80_driver.c 2014-12-17 10:11:42.197579082 -0500 -@@ -34,7 +34,6 @@ - #include <xf86Resources.h> - #endif - #include <mipointer.h> --#include <mibstore.h> - #include <micmap.h> - #include <xf86cmap.h> - #include <fb.h> -@@ -833,7 +832,6 @@ - } - } - -- miInitializeBackingStore(pScreen); - xf86SetBackingStore(pScreen); - xf86SetSilkenMouse(pScreen); - -diff -ru xf86-video-nv-2.1.20.orig/src/nv_driver.c xf86-video-nv-2.1.20/src/nv_driver.c ---- xf86-video-nv-2.1.20.orig/src/nv_driver.c 2012-07-17 02:47:02.000000000 -0400 -+++ xf86-video-nv-2.1.20/src/nv_driver.c 2014-12-17 10:11:39.037563413 -0500 -@@ -2550,7 +2550,6 @@ - if (!pNv->NoAccel) - NVAccelInit(pScreen); - -- miInitializeBackingStore(pScreen); - xf86SetBackingStore(pScreen); - xf86SetSilkenMouse(pScreen); - -diff -ru xf86-video-nv-2.1.20.orig/src/nv_include.h xf86-video-nv-2.1.20/src/nv_include.h ---- xf86-video-nv-2.1.20.orig/src/nv_include.h 2012-07-17 02:48:19.000000000 -0400 -+++ xf86-video-nv-2.1.20/src/nv_include.h 2014-12-17 10:11:22.089479372 -0500 -@@ -24,9 +24,6 @@ - /* All drivers initialising the SW cursor need this */ - #include "mipointer.h" - --/* All drivers implementing backing store need this */ --#include "mibstore.h" -- - #include "micmap.h" - - #include "xf86DDC.h" -diff -ru xf86-video-nv-2.1.20.orig/src/riva_driver.c xf86-video-nv-2.1.20/src/riva_driver.c ---- xf86-video-nv-2.1.20.orig/src/riva_driver.c 2012-07-17 02:47:02.000000000 -0400 -+++ xf86-video-nv-2.1.20/src/riva_driver.c 2014-12-17 10:11:31.101524060 -0500 -@@ -1168,7 +1168,6 @@ - if (!pRiva->NoAccel) - RivaAccelInit(pScreen); - -- miInitializeBackingStore(pScreen); - xf86SetBackingStore(pScreen); - xf86SetSilkenMouse(pScreen); - -diff -ru xf86-video-nv-2.1.20.orig/src/riva_include.h xf86-video-nv-2.1.20/src/riva_include.h ---- xf86-video-nv-2.1.20.orig/src/riva_include.h 2012-07-17 02:48:45.000000000 -0400 -+++ xf86-video-nv-2.1.20/src/riva_include.h 2014-12-17 10:11:12.229430478 -0500 -@@ -22,9 +22,6 @@ - /* All drivers initialising the SW cursor need this */ - #include "mipointer.h" - --/* All drivers implementing backing store need this */ --#include "mibstore.h" -- - #include "micmap.h" - - #include "xf86DDC.h" diff --git a/gnu/packages/patches/xinetd-CVE-2013-4342.patch b/gnu/packages/patches/xinetd-CVE-2013-4342.patch new file mode 100644 index 0000000000..ad57bc7b0e --- /dev/null +++ b/gnu/packages/patches/xinetd-CVE-2013-4342.patch @@ -0,0 +1,36 @@ +Fix CVE-2013-4342: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4342 +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678 + +Patch copied from upstream source repository: + +https://github.com/xinetd-org/xinetd/commit/91e2401a219121eae15244a6b25d2e79c1af5864 + +From 91e2401a219121eae15244a6b25d2e79c1af5864 Mon Sep 17 00:00:00 2001 +From: Thomas Swan <thomas.swan@gmail.com> +Date: Wed, 2 Oct 2013 23:17:17 -0500 +Subject: [PATCH] CVE-2013-4342: xinetd: ignores user and group directives for + TCPMUX services + +Originally reported to Debian in 2005 <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678> and rediscovered <https://bugzilla.redhat.com/show_bug.cgi?id=1006100>, xinetd would execute TCPMUX services without dropping privilege to match the service configuration allowing the service to run with same privilege as the xinetd process (root). +--- + xinetd/builtins.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/xinetd/builtins.c b/xinetd/builtins.c +index 3b85579..34a5bac 100644 +--- a/xinetd/builtins.c ++++ b/xinetd/builtins.c +@@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp ) + if( SC_IS_INTERNAL( scp ) ) { + SC_INTERNAL(scp, nserp); + } else { +- exec_server(nserp); ++ child_process(nserp); + } + } + +-- +2.7.4 + diff --git a/gnu/packages/patches/xinetd-fix-fd-leak.patch b/gnu/packages/patches/xinetd-fix-fd-leak.patch new file mode 100644 index 0000000000..77e4600185 --- /dev/null +++ b/gnu/packages/patches/xinetd-fix-fd-leak.patch @@ -0,0 +1,26 @@ +Fix a file descriptor leak: + +https://github.com/xinetd-org/xinetd/issues/23 + +Patch copied from Debian: + +https://anonscm.debian.org/cgit/collab-maint/xinetd.git/tree/debian/patches/000012-fix_fd_leak + +Patch sent upstream at https://github.com/xinetd-org/xinetd/pull/26. + +diff --git a/xinetd/xgetloadavg.c b/xinetd/xgetloadavg.c +index 5a26214..fe0f872 100644 +--- a/xinetd/xgetloadavg.c ++++ b/xinetd/xgetloadavg.c +@@ -34,7 +34,7 @@ double xgetloadavg(void) + + if( fscanf(fd, "%lf", &ret) != 1 ) { + perror("fscanf"); +- return -1; ++ ret = -1; + } + + fclose(fd); +-- +2.7.4 + |