diff options
author | Marius Bakke <marius@gnu.org> | 2020-05-26 22:38:12 +0200 |
---|---|---|
committer | Marius Bakke <marius@gnu.org> | 2020-05-26 22:38:12 +0200 |
commit | 8a7a5dc7805f4628e60f90af6b2416f951d0c034 (patch) | |
tree | 63f13443ea5c9e7ee5bb219fc9ff4f1eacfbf21a /gnu/packages/patches | |
parent | c37b621cf3f0cd9c06677b4be6f931d927e7fea5 (diff) | |
parent | 8bd0b533b30d7ee5e03aee99a2eb96d5b0b1c836 (diff) | |
download | guix-8a7a5dc7805f4628e60f90af6b2416f951d0c034.tar guix-8a7a5dc7805f4628e60f90af6b2416f951d0c034.tar.gz |
Merge branch 'master' into staging
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/deja-dup-use-ref-keyword-for-iter.patch | 41 | ||||
-rw-r--r-- | gnu/packages/patches/enlightenment-fix-setuid-path.patch | 223 | ||||
-rw-r--r-- | gnu/packages/patches/git-annex-S3v4.patch | 77 | ||||
-rw-r--r-- | gnu/packages/patches/guile-fibers-destroy-peer-schedulers.patch | 24 | ||||
-rw-r--r-- | gnu/packages/patches/libexif-CVE-2016-6328.patch | 72 | ||||
-rw-r--r-- | gnu/packages/patches/libexif-CVE-2017-7544.patch | 29 | ||||
-rw-r--r-- | gnu/packages/patches/libexif-CVE-2018-20030.patch | 120 | ||||
-rw-r--r-- | gnu/packages/patches/network-manager-plugin-path.patch (renamed from gnu/packages/patches/nm-plugin-path.patch) | 0 | ||||
-rw-r--r-- | gnu/packages/patches/pidgin-libnm.patch | 60 | ||||
-rw-r--r-- | gnu/packages/patches/python-argcomplete-1.11.1-fish31.patch | 29 |
10 files changed, 156 insertions, 519 deletions
diff --git a/gnu/packages/patches/deja-dup-use-ref-keyword-for-iter.patch b/gnu/packages/patches/deja-dup-use-ref-keyword-for-iter.patch deleted file mode 100644 index a03e0c5481..0000000000 --- a/gnu/packages/patches/deja-dup-use-ref-keyword-for-iter.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 5676766be5e845ccb6cdf46cfa8722497f151752 Mon Sep 17 00:00:00 2001 -From: Jeremy Bicha <jbicha@ubuntu.com> -Date: Fri, 16 Jun 2017 15:11:37 -0400 -Subject: Use 'ref' keyword for iter, requires vala 0.36 - - -diff --git a/deja-dup/widgets/ConfigList.vala b/deja-dup/widgets/ConfigList.vala -index 15de2d6..02cd81a 100644 ---- a/deja-dup/widgets/ConfigList.vala -+++ b/deja-dup/widgets/ConfigList.vala -@@ -333,7 +333,7 @@ public class ConfigList : ConfigWidget - - model.row_deleted.disconnect(write_to_config); - foreach (Gtk.TreeIter iter in iters) { -- (model as Gtk.ListStore).remove(iter); -+ (model as Gtk.ListStore).remove(ref iter); - } - model.row_deleted.connect(write_to_config); - -diff --git a/deja-dup/widgets/ConfigLocation.vala b/deja-dup/widgets/ConfigLocation.vala -index 869e2a8..d21c556 100644 ---- a/deja-dup/widgets/ConfigLocation.vala -+++ b/deja-dup/widgets/ConfigLocation.vala -@@ -397,12 +397,12 @@ public class ConfigLocation : ConfigWidget - if (uuid == saved_uuid) - return; - -- store.remove(iter); -+ store.remove(ref iter); - - if (--num_volumes == 0) { - Gtk.TreeIter sep_iter; - if (store.get_iter_from_string(out sep_iter, index_vol_sep.to_string())) { -- store.remove(sep_iter); -+ store.remove(ref sep_iter); - index_vol_sep = -2; - } - } --- -cgit v0.10.2 - diff --git a/gnu/packages/patches/enlightenment-fix-setuid-path.patch b/gnu/packages/patches/enlightenment-fix-setuid-path.patch index c48f18c8ec..f2930845ba 100644 --- a/gnu/packages/patches/enlightenment-fix-setuid-path.patch +++ b/gnu/packages/patches/enlightenment-fix-setuid-path.patch @@ -1,34 +1,31 @@ diff --git a/src/bin/e_auth.c b/src/bin/e_auth.c -index 00b0e5d84..98ab4518f 100644 +index 8b0aa6641..f15d2c2a2 100644 --- a/src/bin/e_auth.c +++ b/src/bin/e_auth.c -@@ -9,8 +9,7 @@ e_auth_begin(char *passwd) +@@ -11,9 +11,7 @@ e_auth_begin(char *passwd) + pwlen = strlen(passwd); + if (pwlen == 0) goto out; - if (strlen(passwd) == 0) goto out; - -- snprintf(buf, sizeof(buf), "%s/enlightenment/utils/enlightenment_ckpasswd", +- snprintf(buf, sizeof(buf), +- "%s/enlightenment/utils/enlightenment_ckpasswd pw", - e_prefix_lib_get()); + snprintf(buf, sizeof(buf), "/run/setuid-programs/enlightenment_ckpasswd"); + exe = ecore_exe_pipe_run(buf, ECORE_EXE_PIPE_WRITE, NULL); + if (!exe) goto out; + if (ecore_exe_send(exe, passwd, pwlen) != EINA_TRUE) goto out; +@@ -46,9 +44,7 @@ e_auth_polkit_begin(char *passwd, const char *cookie, unsigned int uid) + pwlen = strlen(passwd); + if (pwlen == 0) goto out; +- snprintf(buf, sizeof(buf), +- "%s/enlightenment/utils/enlightenment_ckpasswd pk", +- e_prefix_lib_get()); ++ snprintf(buf, sizeof(buf), "/run/setuid-programs/enlightenment_ckpasswd"); exe = ecore_exe_pipe_run(buf, ECORE_EXE_PIPE_WRITE, NULL); - if (ecore_exe_send(exe, passwd, strlen(passwd)) != EINA_TRUE) goto out; -diff --git a/src/bin/e_backlight.c b/src/bin/e_backlight.c -index 2bced6766..208e583ba 100644 ---- a/src/bin/e_backlight.c -+++ b/src/bin/e_backlight.c -@@ -521,8 +521,8 @@ _bl_sys_level_set(double val) - } - // fprintf(stderr, "SET: %1.3f\n", val); - snprintf(buf, sizeof(buf), -- "%s/enlightenment/utils/enlightenment_backlight %i %s", -- e_prefix_lib_get(), (int)(val * 1000.0), bl_sysval); -+ "/run/setuid-programs/enlightenment_backlight %i %s", -+ (int)(val * 1000.0), bl_sysval); - bl_sys_set_exe = ecore_exe_run(buf, NULL); - } - #endif // HAVE_EEZE || __FreeBSD_kernel__ + if (!exe) goto out; + snprintf(buf, sizeof(buf), "%s %u %s", cookie, uid, passwd); diff --git a/src/bin/e_fm/e_fm_main_eeze.c b/src/bin/e_fm/e_fm_main_eeze.c -index 0fcffa249..c1921121d 100644 +index 9b10b3117..74e6b72ad 100644 --- a/src/bin/e_fm/e_fm_main_eeze.c +++ b/src/bin/e_fm/e_fm_main_eeze.c @@ -318,7 +318,7 @@ _e_fm_main_eeze_volume_eject(E_Volume *v) @@ -58,163 +55,29 @@ index 0fcffa249..c1921121d 100644 eeze_disk_mount_wrapper_set(v->disk, buf2); } v->guard = ecore_timer_loop_add(E_FM_MOUNT_TIMEOUT, (Ecore_Task_Cb)_e_fm_main_eeze_vol_mount_timeout, v); -diff --git a/src/bin/e_sys.c b/src/bin/e_sys.c -index 671fbcd9a..90ee04cf1 100644 ---- a/src/bin/e_sys.c -+++ b/src/bin/e_sys.c -@@ -702,20 +702,16 @@ _e_sys_cb_timer(void *data EINA_UNUSED) - - e_init_status_set(_("Checking System Permissions")); - snprintf(buf, sizeof(buf), -- "%s/enlightenment/utils/enlightenment_sys -t halt", -- e_prefix_lib_get()); -+ "/run/setuid-programs/enlightenment_sys -t halt"); - _e_sys_halt_check_exe = ecore_exe_run(buf, NULL); - snprintf(buf, sizeof(buf), -- "%s/enlightenment/utils/enlightenment_sys -t reboot", -- e_prefix_lib_get()); -+ "/run/setuid-programs/enlightenment_sys -t reboot"); - _e_sys_reboot_check_exe = ecore_exe_run(buf, NULL); - snprintf(buf, sizeof(buf), -- "%s/enlightenment/utils/enlightenment_sys -t suspend", -- e_prefix_lib_get()); -+ "/run/setuid-programs/enlightenment_sys -t suspend"); - _e_sys_suspend_check_exe = ecore_exe_run(buf, NULL); - snprintf(buf, sizeof(buf), -- "%s/enlightenment/utils/enlightenment_sys -t hibernate", -- e_prefix_lib_get()); -+ "/run/setuid-programs/enlightenment_sys -t hibernate"); - _e_sys_hibernate_check_exe = ecore_exe_run(buf, NULL); - return ECORE_CALLBACK_CANCEL; - } -@@ -1134,8 +1130,7 @@ _e_sys_action_do(E_Sys_Action a, char *param EINA_UNUSED, Eina_Bool raw) - if (e_util_immortal_check()) return 0; - e_fm2_die(); - snprintf(buf, sizeof(buf), -- "%s/enlightenment/utils/enlightenment_sys halt", -- e_prefix_lib_get()); -+ "/run/setuid-programs/enlightenment_sys halt"); - if (_e_sys_exe) - { - if ((ecore_time_get() - _e_sys_begin_time) > 2.0) -@@ -1170,8 +1165,7 @@ _e_sys_action_do(E_Sys_Action a, char *param EINA_UNUSED, Eina_Bool raw) - if (e_util_immortal_check()) return 0; - e_fm2_die(); - snprintf(buf, sizeof(buf), -- "%s/enlightenment/utils/enlightenment_sys reboot", -- e_prefix_lib_get()); -+ "/run/setuid-programs/enlightenment_sys reboot"); - if (_e_sys_exe) - { - if ((ecore_time_get() - _e_sys_begin_time) > 2.0) -@@ -1204,8 +1198,7 @@ _e_sys_action_do(E_Sys_Action a, char *param EINA_UNUSED, Eina_Bool raw) - case E_SYS_SUSPEND: - /* /etc/acpi/sleep.sh force */ - snprintf(buf, sizeof(buf), -- "%s/enlightenment/utils/enlightenment_sys suspend", -- e_prefix_lib_get()); -+ "/run/setuid-programs/enlightenment_sys suspend"); - if (_e_sys_exe) - { - if ((ecore_time_get() - _e_sys_begin_time) > 2.0) -@@ -1265,8 +1258,7 @@ _e_sys_action_do(E_Sys_Action a, char *param EINA_UNUSED, Eina_Bool raw) - case E_SYS_HIBERNATE: - /* /etc/acpi/hibernate.sh force */ - snprintf(buf, sizeof(buf), -- "%s/enlightenment/utils/enlightenment_sys hibernate", -- e_prefix_lib_get()); -+ "/run/setuid-programs/enlightenment_sys hibernate"); - if (_e_sys_exe) - { - if ((ecore_time_get() - _e_sys_begin_time) > 2.0) -diff --git a/src/modules/bluez4/e_mod_main.c b/src/modules/bluez4/e_mod_main.c -index 4b5148634..47d34b07f 100644 ---- a/src/modules/bluez4/e_mod_main.c -+++ b/src/modules/bluez4/e_mod_main.c -@@ -49,8 +49,8 @@ _ebluez_l2ping_poller(void *data EINA_UNUSED) - - if (tmp) - { -- eina_strbuf_append_printf(buf, "%s/enlightenment/utils/enlightenment_sys l2ping %s", -- e_prefix_lib_get(), tmp); -+ eina_strbuf_append_printf(buf, "/run/setuid-programs/enlightenment_sys l2ping %s", -+ tmp); - autolock_exe = ecore_exe_run(eina_strbuf_string_get(buf), NULL); - } - -@@ -692,8 +692,7 @@ e_modapi_init(E_Module *m) - autolock_desklock = ecore_event_handler_add(E_EVENT_DESKLOCK, _ebluez_desklock, NULL); - - buf = eina_strbuf_new(); -- eina_strbuf_append_printf(buf, "%s/enlightenment/utils/enlightenment_sys -t l2ping", -- e_prefix_lib_get()); -+ eina_strbuf_append_printf(buf, "/run/setuid-programs/enlightenment_sys -t l2ping"); - autolock_exe = ecore_exe_run(eina_strbuf_string_get(buf), NULL); - eina_strbuf_free(buf); - -diff --git a/src/modules/bluez5/e_mod_main.c b/src/modules/bluez5/e_mod_main.c -index a581c466c..095d8f360 100644 ---- a/src/modules/bluez5/e_mod_main.c -+++ b/src/modules/bluez5/e_mod_main.c -@@ -321,8 +321,8 @@ ebluez5_rfkill_unblock(const char *name) - if (buf) - { - eina_strbuf_append_printf -- (buf, "%s/enlightenment/utils/enlightenment_sys rfkill-unblock %s", -- e_prefix_lib_get(), name); -+ (buf, "/run/setuid-programs/enlightenment_sys rfkill-unblock %s", -+ name); - _rfkill_exe = ecore_exe_run(eina_strbuf_string_get(buf), NULL); - eina_strbuf_free(buf); - } -diff --git a/src/modules/cpufreq/e_mod_main.c b/src/modules/cpufreq/e_mod_main.c -index b66b365d8..bab0802cc 100644 ---- a/src/modules/cpufreq/e_mod_main.c -+++ b/src/modules/cpufreq/e_mod_main.c -@@ -1452,8 +1452,7 @@ e_modapi_init(E_Module *m) - } - E_CONFIG_LIMIT(cpufreq_config->poll_interval, 1, 1024); - -- snprintf(buf, sizeof(buf), "%s/%s/freqset", -- e_module_dir_get(m), MODULE_ARCH); -+ snprintf(buf, sizeof(buf), "/run/setuid-programs/freqset"); - cpufreq_config->set_exe_path = strdup(buf); - - if (stat(buf, &st) < 0) -diff --git a/src/modules/sysinfo/cpuclock/cpuclock.c b/src/modules/sysinfo/cpuclock/cpuclock.c -index 938916e53..00d5067d0 100644 ---- a/src/modules/sysinfo/cpuclock/cpuclock.c -+++ b/src/modules/sysinfo/cpuclock/cpuclock.c -@@ -80,8 +80,7 @@ _cpuclock_set_governor(const char *governor) - char buf[4096 + 100], exe[4096]; - struct stat st; - -- snprintf(exe, 4096, "%s/%s/cpuclock_sysfs", -- e_module_dir_get(sysinfo_config->module), MODULE_ARCH); -+ snprintf(exe, 4096, "/run/setuid-programs/cpuclock_sysfs"); - if (stat(exe, &st) < 0) return; - - snprintf(buf, sizeof(buf), -@@ -108,8 +107,7 @@ _cpuclock_set_frequency(int frequency) - if (system(buf) != 0) - ERR("Error code from trying to run \"%s\"", buf); - #else -- snprintf(exe, 4096, "%s/%s/cpuclock_sysfs", -- e_module_dir_get(sysinfo_config->module), MODULE_ARCH); -+ snprintf(exe, 4096, "/run/setuid-programs/cpuclock_sysfs"); - if (stat(exe, &st) < 0) return; - snprintf(buf, sizeof(buf), - "%s %s %i", exe, "frequency", frequency); -@@ -127,8 +125,7 @@ _cpuclock_set_pstate(int min, int max, int turbo) - char buf[4096 + 100], exe[4096]; - struct stat st; +diff --git a/src/bin/e_start_main.c b/src/bin/e_start_main.c +index b2c439455..cb16c7bd4 100644 +--- a/src/bin/e_start_main.c ++++ b/src/bin/e_start_main.c +@@ -710,7 +710,7 @@ main(int argc, char **argv) + "E_ALERT_FONT_DIR=%s/data/fonts", eina_prefix_data_get(pfx)); + putenv(buf2); + snprintf(buf3, sizeof(buf3), +- "E_ALERT_SYSTEM_BIN=%s/enlightenment/utils/enlightenment_system", eina_prefix_lib_get(pfx)); ++ "E_ALERT_SYSTEM_BIN=/run/setuid-programs/enlightenment_system"); + putenv(buf3); -- snprintf(exe, 4096, "%s/%s/cpuclock_sysfs", -- e_module_dir_get(sysinfo_config->module), MODULE_ARCH); -+ snprintf(exe, 4096, "/run/setuid-programs/cpuclock_sysfs"); - if (stat(exe, &st) < 0) return; + if ((valgrind_mode || valgrind_tool) && +diff --git a/src/bin/e_system.c b/src/bin/e_system.c +index 1e7aabb64..dc0173219 100644 +--- a/src/bin/e_system.c ++++ b/src/bin/e_system.c +@@ -132,7 +132,7 @@ _system_spawn(void) + else _respawn_count = 0; + if (_respawn_count > 5) return; snprintf(buf, sizeof(buf), - "%s %s %i %i %i", exe, "pstate", min, max, turbo); --- -2.23.0 - +- "%s/enlightenment/utils/enlightenment_system", e_prefix_lib_get()); ++ "/run/setuid-programs/enlightenment_system"); + _system_exe = ecore_exe_pipe_run + (buf, ECORE_EXE_NOT_LEADER | ECORE_EXE_TERM_WITH_PARENT | + ECORE_EXE_PIPE_READ | ECORE_EXE_PIPE_WRITE, NULL); diff --git a/gnu/packages/patches/git-annex-S3v4.patch b/gnu/packages/patches/git-annex-S3v4.patch deleted file mode 100644 index 9f7cea329e..0000000000 --- a/gnu/packages/patches/git-annex-S3v4.patch +++ /dev/null @@ -1,77 +0,0 @@ -From the upstream commit, with the changes to CHANGELOG and the docs -folder removed. - -From 1532d67c3ecf452b8c86bcc5928525398755cd01 Mon Sep 17 00:00:00 2001 -From: Joey Hess <joeyh@joeyh.name> -Date: Thu, 7 May 2020 13:18:11 -0400 -Subject: [PATCH] S3: Support signature=v4 - -To use S3 Signature Version 4. Some S3 services seem to require v4, while -others may only support v2, which remains the default. - -I'm also not sure if v4 works correctly in all cases, there is this -upstream bug report: https://github.com/aristidb/aws/issues/262 -I've only tested it against the default S3 endpoint. ---- - CHANGELOG | 3 +++ - Remote/S3.hs | 23 ++++++++++++++++++- - ..._3bbdf23c8a4a480f4f6b8e8a2f8ddecd._comment | 13 +++++++++++ - ..._854390b9a781da82ecb85ad85eecad04._comment | 13 +++++++++++ - doc/special_remotes/S3.mdwn | 4 ++++ - ..._cf57e8dbd9fdc7c487565b61808b6bb2._comment | 10 ++++++++ - 6 files changed, 65 insertions(+), 1 deletion(-) - create mode 100644 doc/bugs/S3_special_remote_support_for_DigitalOcean_Spaces/comment_2_3bbdf23c8a4a480f4f6b8e8a2f8ddecd._comment - create mode 100644 doc/forum/backblaze_s3/comment_1_854390b9a781da82ecb85ad85eecad04._comment - create mode 100644 doc/special_remotes/S3/comment_34_cf57e8dbd9fdc7c487565b61808b6bb2._comment - -diff --git a/Remote/S3.hs b/Remote/S3.hs -index cb345d1f8..e3ea492f2 100644 ---- a/Remote/S3.hs -+++ b/Remote/S3.hs -@@ -99,6 +99,8 @@ remote = specialRemoteType $ RemoteType - (FieldDesc "port to connect to") - , optionalStringParser requeststyleField - (FieldDesc "for path-style requests, set to \"path\"") -+ , signatureVersionParser signatureField -+ (FieldDesc "S3 signature version") - , optionalStringParser mungekeysField HiddenField - , optionalStringParser AWS.s3credsField HiddenField - ] -@@ -148,6 +150,22 @@ protocolField = Accepted "protocol" - requeststyleField :: RemoteConfigField - requeststyleField = Accepted "requeststyle" - -+signatureField :: RemoteConfigField -+signatureField = Accepted "signature" -+ -+newtype SignatureVersion = SignatureVersion Int -+ -+signatureVersionParser :: RemoteConfigField -> FieldDesc -> RemoteConfigFieldParser -+signatureVersionParser f fd = -+ genParser go f defver fd -+ (Just (ValueDesc "v2 or v4")) -+ where -+ go "v2" = Just (SignatureVersion 2) -+ go "v4" = Just (SignatureVersion 4) -+ go _ = Nothing -+ -+ defver = SignatureVersion 2 -+ - portField :: RemoteConfigField - portField = Accepted "port" - -@@ -877,7 +895,10 @@ s3Configuration c = cfg - Nothing - | port == 443 -> AWS.HTTPS - | otherwise -> AWS.HTTP -- cfg = S3.s3 proto endpoint False -+ cfg = case getRemoteConfigValue signatureField c of -+ Just (SignatureVersion 4) -> -+ S3.s3v4 proto endpoint False S3.SignWithEffort -+ _ -> S3.s3 proto endpoint False - - data S3Info = S3Info - { bucket :: S3.Bucket --- -2.26.2 - diff --git a/gnu/packages/patches/guile-fibers-destroy-peer-schedulers.patch b/gnu/packages/patches/guile-fibers-destroy-peer-schedulers.patch new file mode 100644 index 0000000000..8bb7153153 --- /dev/null +++ b/gnu/packages/patches/guile-fibers-destroy-peer-schedulers.patch @@ -0,0 +1,24 @@ +Fibers 1.0.0 has a bug in run-fibers in which peer schedulers aren't destroyed - +so if you had 4 cores, 1 would be destroyed when run-fibers returned, but the +other 3 would stay around. Each scheduler uses 3 file descriptors, so for +machines with many cores, this resource leak adds up quickly - quickly enough +that the test suite can even fail because of it. + +See https://github.com/wingo/fibers/issues/36. + +This fixes that. It should be safe to destroy the peer schedulers at the given +point because the threads that could be running them are all either dead or the +current thread. + +As of May 21, 2020, this bug still existed in the 1.0.0 (latest) release and in +git master. +--- a/fibers.scm 2020-05-21 18:38:06.890690154 -0500 ++++ b/fibers.scm 2020-05-21 18:38:56.395686693 -0500 +@@ -137,5 +137,6 @@ + (%run-fibers scheduler hz finished? affinity)) + (lambda () + (stop-auxiliary-threads scheduler))))) ++ (for-each destroy-scheduler (scheduler-remote-peers scheduler)) + (destroy-scheduler scheduler) + (apply values (atomic-box-ref ret)))))) + diff --git a/gnu/packages/patches/libexif-CVE-2016-6328.patch b/gnu/packages/patches/libexif-CVE-2016-6328.patch deleted file mode 100644 index 67fee0f528..0000000000 --- a/gnu/packages/patches/libexif-CVE-2016-6328.patch +++ /dev/null @@ -1,72 +0,0 @@ -Fix CVE-2016-6328: - -https://bugzilla.redhat.com/show_bug.cgi?id=1366239 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328 - -Patch copied from upstream source repository: - -https://github.com/libexif/libexif/commit/41bd04234b104312f54d25822f68738ba8d7133d - -From 41bd04234b104312f54d25822f68738ba8d7133d Mon Sep 17 00:00:00 2001 -From: Marcus Meissner <marcus@jet.franken.de> -Date: Tue, 25 Jul 2017 23:44:44 +0200 -Subject: [PATCH] fixes some (not all) buffer overreads during decoding pentax - makernote entries. - -This should fix: -https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328 ---- - libexif/pentax/mnote-pentax-entry.c | 16 +++++++++++++--- - 1 file changed, 13 insertions(+), 3 deletions(-) - -diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c -index d03d159..ea0429a 100644 ---- a/libexif/pentax/mnote-pentax-entry.c -+++ b/libexif/pentax/mnote-pentax-entry.c -@@ -425,24 +425,34 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry, - case EXIF_FORMAT_SHORT: - { - const unsigned char *data = entry->data; -- size_t k, len = strlen(val); -+ size_t k, len = strlen(val), sizeleft; -+ -+ sizeleft = entry->size; - for(k=0; k<entry->components; k++) { -+ if (sizeleft < 2) -+ break; - vs = exif_get_short (data, entry->order); - snprintf (val+len, maxlen-len, "%i ", vs); - len = strlen(val); - data += 2; -+ sizeleft -= 2; - } - } - break; - case EXIF_FORMAT_LONG: - { - const unsigned char *data = entry->data; -- size_t k, len = strlen(val); -+ size_t k, len = strlen(val), sizeleft; -+ -+ sizeleft = entry->size; - for(k=0; k<entry->components; k++) { -+ if (sizeleft < 4) -+ break; - vl = exif_get_long (data, entry->order); - snprintf (val+len, maxlen-len, "%li", (long int) vl); - len = strlen(val); - data += 4; -+ sizeleft -= 4; - } - } - break; -@@ -455,5 +465,5 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry, - break; - } - -- return (val); -+ return val; - } --- -2.16.0 - diff --git a/gnu/packages/patches/libexif-CVE-2017-7544.patch b/gnu/packages/patches/libexif-CVE-2017-7544.patch deleted file mode 100644 index c4ea373dc5..0000000000 --- a/gnu/packages/patches/libexif-CVE-2017-7544.patch +++ /dev/null @@ -1,29 +0,0 @@ -Fix CVE-2017-7544: - -https://sourceforge.net/p/libexif/bugs/130/ -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7544 - -Patch copied from upstream bug tracker: - -https://sourceforge.net/p/libexif/bugs/130/#489a - -Index: libexif/exif-data.c -=================================================================== -RCS file: /cvsroot/libexif/libexif/libexif/exif-data.c,v -retrieving revision 1.131 -diff -u -r1.131 exif-data.c ---- a/libexif/exif-data.c 12 Jul 2012 17:28:26 -0000 1.131 -+++ b/libexif/exif-data.c 25 Jul 2017 21:34:06 -0000 -@@ -255,6 +255,12 @@ - exif_mnote_data_set_offset (data->priv->md, *ds - 6); - exif_mnote_data_save (data->priv->md, &e->data, &e->size); - e->components = e->size; -+ if (exif_format_get_size (e->format) != 1) { -+ /* e->format is taken from input code, -+ * but we need to make sure it is a 1 byte -+ * entity due to the multiplication below. */ -+ e->format = EXIF_FORMAT_UNDEFINED; -+ } - } - } - diff --git a/gnu/packages/patches/libexif-CVE-2018-20030.patch b/gnu/packages/patches/libexif-CVE-2018-20030.patch deleted file mode 100644 index 57e4746b58..0000000000 --- a/gnu/packages/patches/libexif-CVE-2018-20030.patch +++ /dev/null @@ -1,120 +0,0 @@ -https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89.patch - -NEWS section was removed -'12' -> '30' on line 79 - -From 6aa11df549114ebda520dde4cdaea2f9357b2c89 Mon Sep 17 00:00:00 2001 -From: Dan Fandrich <dan@coneharvesters.com> -Date: Fri, 12 Oct 2018 16:01:45 +0200 -Subject: [PATCH] Improve deep recursion detection in - exif_data_load_data_content. - -The existing detection was still vulnerable to pathological cases -causing DoS by wasting CPU. The new algorithm takes the number of tags -into account to make it harder to abuse by cases using shallow recursion -but with a very large number of tags. This improves on commit 5d28011c -which wasn't sufficient to counter this kind of case. - -The limitation in the previous fix was discovered by Laurent Delosieres, -Secunia Research at Flexera (Secunia Advisory SA84652) and is assigned -the identifier CVE-2018-20030. ---- - NEWS | 1 + - libexif/exif-data.c | 45 +++++++++++++++++++++++++++++++++++++-------- - 2 files changed, 38 insertions(+), 8 deletions(-) - -diff --git a/libexif/exif-data.c b/libexif/exif-data.c -index e35403d..a6f9c94 100644 ---- a/libexif/exif-data.c -+++ b/libexif/exif-data.c -@@ -35,6 +35,7 @@ - #include <libexif/olympus/exif-mnote-data-olympus.h> - #include <libexif/pentax/exif-mnote-data-pentax.h> - -+#include <math.h> - #include <stdlib.h> - #include <stdio.h> - #include <string.h> -@@ -350,6 +351,20 @@ if (data->ifd[(i)]->count) { \ - break; \ - } - -+/*! Calculate the recursion cost added by one level of IFD loading. -+ * -+ * The work performed is related to the cost in the exponential relation -+ * work=1.1**cost -+ */ -+static unsigned int -+level_cost(unsigned int n) -+{ -+ static const double log_1_1 = 0.09531017980432493; -+ -+ /* Adding 0.1 protects against the case where n==1 */ -+ return ceil(log(n + 0.1)/log_1_1); -+} -+ - /*! Load data for an IFD. - * - * \param[in,out] data #ExifData -@@ -357,13 +372,13 @@ if (data->ifd[(i)]->count) { \ - * \param[in] d pointer to buffer containing raw IFD data - * \param[in] ds size of raw data in buffer at \c d - * \param[in] offset offset into buffer at \c d at which IFD starts -- * \param[in] recursion_depth number of times this function has been -- * recursively called without returning -+ * \param[in] recursion_cost factor indicating how expensive this recursive -+ * call could be - */ - static void - exif_data_load_data_content (ExifData *data, ExifIfd ifd, - const unsigned char *d, -- unsigned int ds, unsigned int offset, unsigned int recursion_depth) -+ unsigned int ds, unsigned int offset, unsigned int recursion_cost) - { - ExifLong o, thumbnail_offset = 0, thumbnail_length = 0; - ExifShort n; -@@ -378,9 +393,20 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd, - if ((((int)ifd) < 0) || ( ((int)ifd) >= EXIF_IFD_COUNT)) - return; - -- if (recursion_depth > 30) { -+ if (recursion_cost > 170) { -+ /* -+ * recursion_cost is a logarithmic-scale indicator of how expensive this -+ * recursive call might end up being. It is an indicator of the depth of -+ * recursion as well as the potential for worst-case future recursive -+ * calls. Since it's difficult to tell ahead of time how often recursion -+ * will occur, this assumes the worst by assuming every tag could end up -+ * causing recursion. -+ * The value of 170 was chosen to limit typical EXIF structures to a -+ * recursive depth of about 6, but pathological ones (those with very -+ * many tags) to only 2. -+ */ - exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData", -- "Deep recursion detected!"); -+ "Deep/expensive recursion detected!"); - return; - } - -@@ -422,15 +448,18 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd, - switch (tag) { - case EXIF_TAG_EXIF_IFD_POINTER: - CHECK_REC (EXIF_IFD_EXIF); -- exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o, recursion_depth + 1); -+ exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o, -+ recursion_cost + level_cost(n)); - break; - case EXIF_TAG_GPS_INFO_IFD_POINTER: - CHECK_REC (EXIF_IFD_GPS); -- exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o, recursion_depth + 1); -+ exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o, -+ recursion_cost + level_cost(n)); - break; - case EXIF_TAG_INTEROPERABILITY_IFD_POINTER: - CHECK_REC (EXIF_IFD_INTEROPERABILITY); -- exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o, recursion_depth + 1); -+ exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o, -+ recursion_cost + level_cost(n)); - break; - case EXIF_TAG_JPEG_INTERCHANGE_FORMAT: - thumbnail_offset = o; diff --git a/gnu/packages/patches/nm-plugin-path.patch b/gnu/packages/patches/network-manager-plugin-path.patch index 505ae31534..505ae31534 100644 --- a/gnu/packages/patches/nm-plugin-path.patch +++ b/gnu/packages/patches/network-manager-plugin-path.patch diff --git a/gnu/packages/patches/pidgin-libnm.patch b/gnu/packages/patches/pidgin-libnm.patch new file mode 100644 index 0000000000..d34af749af --- /dev/null +++ b/gnu/packages/patches/pidgin-libnm.patch @@ -0,0 +1,60 @@ +From: Tobias Geerinckx-Rice <me@tobias.gr> +Date: Sun, 24 May 2020 16:11:01 +0200 +Subject: [PATCH] gnu: pidgin: Find libnm. + +Copied verbatim from[0]. + +[0]: https://git.archlinux.org/svntogit/packages.git/plain/trunk/pidgin-nm-1.0.patch?h=packages/pidgin + +diff --git a/configure.ac b/configure.ac +index 04836fa..0a2d451 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1423,18 +1423,24 @@ fi + dnl Check for NetworkManager.h; if we don't have it, oh well + if test "x$enable_dbus" = "xyes" ; then + if test "x$enable_nm" = "xyes" ; then +- PKG_CHECK_MODULES(NETWORKMANAGER, [NetworkManager >= 0.5.0], [ ++ PKG_CHECK_MODULES(NETWORKMANAGER, [libnm], [ + AC_SUBST(NETWORKMANAGER_CFLAGS) + AC_SUBST(NETWORKMANAGER_LIBS) + AC_DEFINE(HAVE_NETWORKMANAGER, 1, [Define if we have NetworkManager.]) + ], [ +- enable_nm=no +- if test "x$force_deps" = "xyes" ; then +- AC_MSG_ERROR([ ++ PKG_CHECK_MODULES(NETWORKMANAGER, [NetworkManager >= 0.5.0], [ ++ AC_SUBST(NETWORKMANAGER_CFLAGS) ++ AC_SUBST(NETWORKMANAGER_LIBS) ++ AC_DEFINE(HAVE_NETWORKMANAGER, 1, [Define if we have NetworkManager.]) ++ ], [ ++ enable_nm=no ++ if test "x$force_deps" = "xyes" ; then ++ AC_MSG_ERROR([ + NetworkManager development headers not found. + Use --disable-nm if you do not need NetworkManager support. + ]) +- fi]) ++ fi]) ++ ]) + fi + else + enable_nm=no +diff --git a/libpurple/network.c b/libpurple/network.c +index c43e3c7..b17e439 100644 +--- a/libpurple/network.c ++++ b/libpurple/network.c +@@ -939,8 +939,13 @@ nm_update_state(NMState state) + #if NM_CHECK_VERSION(0,8,992) + case NM_STATE_DISCONNECTING: + #endif ++#if NM_CHECK_VERSION(1,0,0) ++ if (prev != NM_STATE_CONNECTED_GLOBAL && prev != NM_STATE_UNKNOWN) ++ break; ++#else + if (prev != NM_STATE_CONNECTED && prev != NM_STATE_UNKNOWN) + break; ++#endif + if (ui_ops != NULL && ui_ops->network_disconnected != NULL) + ui_ops->network_disconnected(); + break; diff --git a/gnu/packages/patches/python-argcomplete-1.11.1-fish31.patch b/gnu/packages/patches/python-argcomplete-1.11.1-fish31.patch new file mode 100644 index 0000000000..98f0ca1473 --- /dev/null +++ b/gnu/packages/patches/python-argcomplete-1.11.1-fish31.patch @@ -0,0 +1,29 @@ +Upstream commit fixing testcases for fish>=3.1, see +https://github.com/kislyuk/argcomplete/commit/08bfc8a788e8081515d733e67be026d051c726f7 + +diff --git a/test/test.py b/test/test.py +index e91352b..2c34806 100755 +--- a/test/test.py ++++ b/test/test.py +@@ -28,6 +28,8 @@ + + BASH_VERSION = subprocess.check_output(['bash', '-c', 'echo $BASH_VERSION']).decode() + BASH_MAJOR_VERSION = int(BASH_VERSION.split('.')[0]) ++FISH_VERSION_STR = subprocess.check_output(['fish', '-c', 'echo -n $FISH_VERSION']).decode() ++FISH_VERSION_TUPLE = tuple(int(x) for x in FISH_VERSION_STR.split('.')) + + + class TempDir(object): +@@ -1258,8 +1260,11 @@ class TestFish(_TestSh, unittest.TestCase): + expected_failures = [ + 'test_parse_special_characters', + 'test_comp_point', +- 'test_special_characters_double_quoted' + ] ++ if FISH_VERSION_TUPLE < (3, 1): ++ expected_failures.extend([ ++ 'test_special_characters_double_quoted' ++ ]) + + skipped = [ + 'test_single_quotes_in_single_quotes', |