aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2017-06-18 02:36:51 -0400
committerMark H Weaver <mhw@netris.org>2017-06-18 02:36:51 -0400
commit9d4385634d098cc0fb35bfe58179f7d855352e39 (patch)
tree653cfd7a6faecaf42129b1aa47703e7bd01bc471 /gnu/packages/patches
parenta6aff3528c32cc921bddd78b254678a1fc121f21 (diff)
parent96fd87c96bd6987a967575aaa931c5a7b1c84e21 (diff)
downloadguix-9d4385634d098cc0fb35bfe58179f7d855352e39.tar
guix-9d4385634d098cc0fb35bfe58179f7d855352e39.tar.gz
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/crawl-upgrade-saves.patch83
-rw-r--r--gnu/packages/patches/gcc-4.6-gnu-inline.patch65
-rw-r--r--gnu/packages/patches/gspell-dash-test.patch20
-rw-r--r--gnu/packages/patches/guile-ssh-channel-finalization.patch28
-rw-r--r--gnu/packages/patches/libextractor-ffmpeg-3.patch360
-rw-r--r--gnu/packages/patches/libmwaw-CVE-2017-9433.patch33
-rw-r--r--gnu/packages/patches/nss-disable-long-b64-tests.patch34
-rw-r--r--gnu/packages/patches/nss-increase-test-timeout.patch6
-rw-r--r--gnu/packages/patches/osip-CVE-2017-7853.patch40
-rw-r--r--gnu/packages/patches/zziplib-CVE-2017-5974.patch28
-rw-r--r--gnu/packages/patches/zziplib-CVE-2017-5975.patch32
-rw-r--r--gnu/packages/patches/zziplib-CVE-2017-5976.patch61
-rw-r--r--gnu/packages/patches/zziplib-CVE-2017-5978.patch37
-rw-r--r--gnu/packages/patches/zziplib-CVE-2017-5979.patch19
-rw-r--r--gnu/packages/patches/zziplib-CVE-2017-5981.patch19
15 files changed, 461 insertions, 404 deletions
diff --git a/gnu/packages/patches/crawl-upgrade-saves.patch b/gnu/packages/patches/crawl-upgrade-saves.patch
new file mode 100644
index 0000000000..301942dc30
--- /dev/null
+++ b/gnu/packages/patches/crawl-upgrade-saves.patch
@@ -0,0 +1,83 @@
+Store the crawl version in the textdatabases in SAVEDIR and
+upgrade the databases when the crawl version changes.
+
+By default crawl checks for a mtime difference on files in DATADIR to see if an
+upgrade is required, but guix nulls all file dates,
+and crawl would never upgrade saves.
+
+--- a/source/database.cc 2016-05-31 09:56:08.000000000 +0200
++++ a/source/database.cc 2017-06-05 03:00:19.270632107 +0200
+@@ -25,6 +25,7 @@
+ #include "syscalls.h"
+ #include "threads.h"
+ #include "unicode.h"
++#include "version.h"
+
+ // TextDB handles dependency checking the db vs text files, creating the
+ // db, loading, and destroying the DB.
+@@ -55,6 +56,7 @@
+ vector<string> _input_files;
+ DBM* _db;
+ string timestamp;
++ string version;
+ TextDB *_parent;
+ const char* lang() { return _parent ? Options.lang_name : 0; }
+ public:
+@@ -165,7 +167,7 @@
+
+ TextDB::TextDB(const char* db_name, const char* dir, ...)
+ : _db_name(db_name), _directory(dir),
+- _db(nullptr), timestamp(""), _parent(0), translation(0)
++ _db(nullptr), timestamp(""), version(""), _parent(0), translation(0)
+ {
+ va_list args;
+ va_start(args, dir);
+@@ -187,7 +189,7 @@
+ : _db_name(parent->_db_name),
+ _directory(parent->_directory + Options.lang_name + "/"),
+ _input_files(parent->_input_files), // FIXME: pointless copy
+- _db(nullptr), timestamp(""), _parent(parent), translation(nullptr)
++ _db(nullptr), timestamp(""), version(""), _parent(parent), translation(nullptr)
+ {
+ }
+
+@@ -202,6 +204,9 @@
+ return false;
+
+ timestamp = _query_database(*this, "TIMESTAMP", false, false, true);
++ version = _query_database(*this, "VERSION", false, false, true);
++ if (version.empty())
++ return false;
+ if (timestamp.empty())
+ return false;
+
+@@ -245,6 +250,9 @@
+ string ts;
+ bool no_files = true;
+
++ if (string(Version::Long) != version)
++ return true;
++
+ for (const string &file : _input_files)
+ {
+ string full_input_path = _directory + file;
+@@ -261,7 +269,7 @@
+ ts += buf;
+ }
+
+- if (no_files && timestamp.empty())
++ if (no_files && timestamp.empty() && version.empty())
+ {
+ // No point in empty databases, although for simplicity keep ones
+ // for disappeared translations for now.
+@@ -321,7 +329,10 @@
+ _store_text_db(full_input_path, _db);
+ }
+ }
++
++ string current_version = string(Version::Long);
+ _add_entry(_db, "TIMESTAMP", ts);
++ _add_entry(_db, "VERSION", current_version);
+
+ dbm_close(_db);
+ _db = 0;
diff --git a/gnu/packages/patches/gcc-4.6-gnu-inline.patch b/gnu/packages/patches/gcc-4.6-gnu-inline.patch
new file mode 100644
index 0000000000..710d358a8b
--- /dev/null
+++ b/gnu/packages/patches/gcc-4.6-gnu-inline.patch
@@ -0,0 +1,65 @@
+This patch was taken from https://gcc.gnu.org/ml/gcc-patches/2015-08/msg00375.html.
+It is used by propeller-gcc-4.
+
+Since the 3.0.3 release of gperf (made in May 2007), the generated func
+has had the gnu_inline attribute applied to it. The gcc source however
+has not been updated to include that which has lead to a mismatch.
+
+In practice, this hasn't been an issue for two reasons:
+(1) Before gcc-5, the default standard was (gnu) C89, and gcc does not
+warn or throw an error in this mode.
+(2) Starting with gcc-4.8, the compiler driver used to build gcc was
+changed to C++, and g++ does not warn or throw an error in this mode.
+
+This error does show up though when using gcc-5 to build gcc-4.7 or
+older as then the default is (gnu) C11 and the C compiler driver is
+used. That failure looks like:
+In file included from .../gcc-4.7.4/gcc/cp/except.c:990:0:
+cfns.gperf: At top level:
+cfns.gperf:101:1: error: 'gnu_inline' attribute present on 'libc_name_p'
+cfns.gperf:26:14: error: but not here
+
+Whether the compiler should always emit this error regardless of the
+active standard or compiler driver is debatable (I think it should be
+consistent -- either always do it or never do it).
+
+2015-08-06 Mike Frysinger <vapier@gentoo.org>
+
+ * cfns.gperf [__GNUC__, __GNUC_STDC_INLINE__]: Apply the
+ __gnu_inline__ attribute.
+ * cfns.h: Regenerated.
+---
+ gcc/cp/cfns.gperf | 3 +++
+ gcc/cp/cfns.h | 3 +++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/gcc/cp/cfns.gperf b/gcc/cp/cfns.gperf
+index 68acd3d..953262f 100644
+--- a/gcc/cp/cfns.gperf
++++ b/gcc/cp/cfns.gperf
+@@ -22,6 +22,9 @@ __inline
+ static unsigned int hash (const char *, unsigned int);
+ #ifdef __GNUC__
+ __inline
++#ifdef __GNUC_STDC_INLINE__
++__attribute__ ((__gnu_inline__))
++#endif
+ #endif
+ const char * libc_name_p (const char *, unsigned int);
+ %}
+diff --git a/gcc/cp/cfns.h b/gcc/cp/cfns.h
+index 1c6665d..6d00c0e 100644
+--- a/gcc/cp/cfns.h
++++ b/gcc/cp/cfns.h
+@@ -53,6 +53,9 @@ __inline
+ static unsigned int hash (const char *, unsigned int);
+ #ifdef __GNUC__
+ __inline
++#ifdef __GNUC_STDC_INLINE__
++__attribute__ ((__gnu_inline__))
++#endif
+ #endif
+ const char * libc_name_p (const char *, unsigned int);
+ /* maximum key range = 391, duplicates = 0 */
+--
+2.4.4
diff --git a/gnu/packages/patches/gspell-dash-test.patch b/gnu/packages/patches/gspell-dash-test.patch
index e737921c4b..1c9d77cfba 100644
--- a/gnu/packages/patches/gspell-dash-test.patch
+++ b/gnu/packages/patches/gspell-dash-test.patch
@@ -1,16 +1,22 @@
Somehow, Aspell 0.60.6.1 and aspell-dict-en-2016.11.20-0 don't consider
this a valid spelling. Skip it.
---- gspell-1.3.2/testsuite/test-checker.c 2017-05-17 16:02:40.832415940 +0200
-+++ gspell-1.3.2/testsuite/test-checker.c 2017-05-17 16:02:50.768351895 +0200
-@@ -101,9 +101,6 @@ test_dashes (void)
-
- checker = gspell_checker_new (lang);
-
+TODO: Migrate to using hunspell. According to upstream, this bug won't be fixed.
+See https://bugzilla.gnome.org/show_bug.cgi?id=772406.
+--- a/testsuite/test-checker.c 2017-03-24 09:50:50.000000000 -0400
++++ b/testsuite/test-checker.c 2017-06-15 21:47:07.116173895 -0400
+@@ -105,10 +105,11 @@
+ * be considered deprecated, it is better to use hunspell, so WONTFIX.
+ * For more details, see:
+ * https://bugzilla.gnome.org/show_bug.cgi?id=772406
++ *
++ * correctly_spelled = gspell_checker_check_word (checker, "spell-checking", -1, &error);
++ * g_assert_no_error (error);
++ * g_assert (correctly_spelled);
+ */
- correctly_spelled = gspell_checker_check_word (checker, "spell-checking", -1, &error);
- g_assert_no_error (error);
- g_assert (correctly_spelled);
correctly_spelled = gspell_checker_check_word (checker, "nrst-auie", -1, &error);
g_assert_no_error (error);
-
diff --git a/gnu/packages/patches/guile-ssh-channel-finalization.patch b/gnu/packages/patches/guile-ssh-channel-finalization.patch
new file mode 100644
index 0000000000..54b5055a20
--- /dev/null
+++ b/gnu/packages/patches/guile-ssh-channel-finalization.patch
@@ -0,0 +1,28 @@
+Avoid asynchronous channel finalization, which could lead to segfaults due to
+libssh not being thread-safe: <https://bugs.gnu.org/26976>.
+
+--- guile-ssh-0.11.0/modules/ssh/dist/node.scm 2017-06-13 14:37:44.861671297 +0200
++++ guile-ssh-0.11.0/modules/ssh/dist/node.scm 2017-06-13 14:38:02.841580565 +0200
+@@ -391,11 +391,18 @@ listens on an expected port, return #f o
+ "Evaluate QUOTED-EXP on the node and return the evaluated result."
+ (let ((repl-channel (node-open-rrepl node)))
+ (rrepl-skip-to-prompt repl-channel)
+- (call-with-values (lambda () (rrepl-eval repl-channel quoted-exp))
+- (lambda vals
+- (and (node-stop-repl-server? node)
++ (dynamic-wind
++ (const #t)
++ (lambda ()
++ (rrepl-eval repl-channel quoted-exp))
++ (lambda ()
++ (when (node-stop-repl-server? node)
+ (node-stop-server node))
+- (apply values vals)))))
++
++ ;; Close REPL-CHANNEL right away to prevent finalization from
++ ;; happening in another thread at the wrong time (see
++ ;; <https://bugs.gnu.org/26976>.)
++ (close-port repl-channel)))))
+
+ (define (node-eval-1 node quoted-exp)
+ "Evaluate QUOTED-EXP on the node and return the evaluated result. The
diff --git a/gnu/packages/patches/libextractor-ffmpeg-3.patch b/gnu/packages/patches/libextractor-ffmpeg-3.patch
deleted file mode 100644
index d0f83f624c..0000000000
--- a/gnu/packages/patches/libextractor-ffmpeg-3.patch
+++ /dev/null
@@ -1,360 +0,0 @@
-Fix build with ffmpeg-3, based on upstream revisions r35548 and r35549 by LRN
-and r36975 by Christian Grothoff, and backported to libextractor-1.3 by
-Mark H Weaver <mhw@netris.org>
-
---- libextractor-1.3/src/plugins/thumbnailffmpeg_extractor.c.orig 2013-12-21 11:04:41.000000000 -0500
-+++ libextractor-1.3/src/plugins/thumbnailffmpeg_extractor.c 2016-04-04 23:38:46.429041081 -0400
-@@ -59,6 +59,12 @@
- #include <ffmpeg/swscale.h>
- #endif
-
-+#ifdef PIX_FMT_RGB24
-+#define PIX_OUTPUT_FORMAT PIX_FMT_RGB24
-+#else
-+#define PIX_OUTPUT_FORMAT AV_PIX_FMT_RGB24
-+#endif
-+
- /**
- * Set to 1 to enable debug output.
- */
-@@ -153,7 +159,7 @@
- static size_t
- create_thumbnail (int src_width, int src_height,
- int src_stride[],
-- enum PixelFormat src_pixfmt,
-+ enum AVPixelFormat src_pixfmt,
- const uint8_t * const src_data[],
- int dst_width, int dst_height,
- uint8_t **output_data,
-@@ -189,7 +195,8 @@
- if (NULL ==
- (scaler_ctx =
- sws_getContext (src_width, src_height, src_pixfmt,
-- dst_width, dst_height, PIX_FMT_RGB24,
-+ dst_width, dst_height,
-+ PIX_OUTPUT_FORMAT,
- SWS_BILINEAR, NULL, NULL, NULL)))
- {
- #if DEBUG
-@@ -199,7 +206,12 @@
- return 0;
- }
-
-- if (NULL == (dst_frame = avcodec_alloc_frame ()))
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+ dst_frame = av_frame_alloc ();
-+#else
-+ dst_frame = avcodec_alloc_frame();
-+#endif
-+ if (NULL == dst_frame)
- {
- #if DEBUG
- fprintf (stderr,
-@@ -209,18 +221,24 @@
- return 0;
- }
- if (NULL == (dst_buffer =
-- av_malloc (avpicture_get_size (PIX_FMT_RGB24, dst_width, dst_height))))
-+ av_malloc (avpicture_get_size (PIX_OUTPUT_FORMAT,
-+ dst_width, dst_height))))
- {
- #if DEBUG
- fprintf (stderr,
- "Failed to allocate the destination image buffer\n");
- #endif
-- av_free (dst_frame);
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+ av_frame_free (&dst_frame);
-+#else
-+ avcodec_free_frame (&dst_frame);
-+#endif
- sws_freeContext (scaler_ctx);
- return 0;
- }
- avpicture_fill ((AVPicture *) dst_frame, dst_buffer,
-- PIX_FMT_RGB24, dst_width, dst_height);
-+ PIX_OUTPUT_FORMAT,
-+ dst_width, dst_height);
- sws_scale (scaler_ctx,
- src_data,
- src_stride,
-@@ -236,7 +254,11 @@
- "Failed to allocate the encoder output buffer\n");
- #endif
- av_free (dst_buffer);
-- av_free (dst_frame);
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+ av_frame_free (&dst_frame);
-+#else
-+ avcodec_free_frame (&dst_frame);
-+#endif
- sws_freeContext (scaler_ctx);
- return 0;
- }
-@@ -249,13 +271,17 @@
- #endif
- av_free (encoder_output_buffer);
- av_free (dst_buffer);
-- av_free (dst_frame);
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+ av_frame_free (&dst_frame);
-+#else
-+ avcodec_free_frame (&dst_frame);
-+#endif
- sws_freeContext (scaler_ctx);
- return 0;
- }
- encoder_codec_ctx->width = dst_width;
- encoder_codec_ctx->height = dst_height;
-- encoder_codec_ctx->pix_fmt = PIX_FMT_RGB24;
-+ encoder_codec_ctx->pix_fmt = PIX_OUTPUT_FORMAT;
- opts = NULL;
- if (avcodec_open2 (encoder_codec_ctx, encoder_codec, &opts) < 0)
- {
-@@ -263,10 +289,14 @@
- fprintf (stderr,
- "Failed to open the encoder\n");
- #endif
-- av_free (encoder_codec_ctx);
-+ avcodec_free_context (&encoder_codec_ctx);
- av_free (encoder_output_buffer);
- av_free (dst_buffer);
-- av_free (dst_frame);
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+ av_frame_free (&dst_frame);
-+#else
-+ avcodec_free_frame (&dst_frame);
-+#endif
- sws_freeContext (scaler_ctx);
- return 0;
- }
-@@ -295,9 +325,13 @@
- cleanup:
- av_dict_free (&opts);
- avcodec_close (encoder_codec_ctx);
-- av_free (encoder_codec_ctx);
-+ avcodec_free_context (&encoder_codec_ctx);
- av_free (dst_buffer);
-- av_free (dst_frame);
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+ av_frame_free (&dst_frame);
-+#else
-+ avcodec_free_frame (&dst_frame);
-+#endif
- sws_freeContext (scaler_ctx);
- *output_data = encoder_output_buffer;
-
-@@ -406,18 +440,23 @@
- fprintf (stderr,
- "Failed to open image codec\n");
- #endif
-- av_free (codec_ctx);
-+ avcodec_free_context (&codec_ctx);
- return;
- }
- av_dict_free (&opts);
-- if (NULL == (frame = avcodec_alloc_frame ()))
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+ frame = av_frame_alloc ();
-+#else
-+ frame = avcodec_alloc_frame();
-+#endif
-+ if (NULL == frame)
- {
- #if DEBUG
- fprintf (stderr,
- "Failed to allocate frame\n");
- #endif
- avcodec_close (codec_ctx);
-- av_free (codec_ctx);
-+ avcodec_free_context (&codec_ctx);
- return;
- }
-
-@@ -441,9 +480,13 @@
- fprintf (stderr,
- "Failed to decode a complete frame\n");
- #endif
-- av_free (frame);
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+ av_frame_free (&frame);
-+#else
-+ avcodec_free_frame (&frame);
-+#endif
- avcodec_close (codec_ctx);
-- av_free (codec_ctx);
-+ avcodec_free_context (&codec_ctx);
- return;
- }
- calculate_thumbnail_dimensions (codec_ctx->width, codec_ctx->height,
-@@ -467,9 +510,13 @@
- err);
- av_free (encoded_thumbnail);
- }
-- av_free (frame);
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+ av_frame_free (&frame);
-+#else
-+ avcodec_free_frame (&frame);
-+#endif
- avcodec_close (codec_ctx);
-- av_free (codec_ctx);
-+ avcodec_free_context (&codec_ctx);
- }
-
-
-@@ -563,7 +610,12 @@
- return;
- }
-
-- if (NULL == (frame = avcodec_alloc_frame ()))
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+ frame = av_frame_alloc ();
-+#else
-+ frame = avcodec_alloc_frame();
-+#endif
-+ if (NULL == frame)
- {
- #if DEBUG
- fprintf (stderr,
-@@ -616,7 +668,11 @@
- fprintf (stderr,
- "Failed to decode a complete frame\n");
- #endif
-- av_free (frame);
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+ av_frame_free (&frame);
-+#else
-+ avcodec_free_frame (&frame);
-+#endif
- avcodec_close (codec_ctx);
- avformat_close_input (&format_ctx);
- av_free (io_ctx);
-@@ -643,7 +699,11 @@
- err);
- av_free (encoded_thumbnail);
- }
-- av_free (frame);
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+ av_frame_free (&frame);
-+#else
-+ avcodec_free_frame (&frame);
-+#endif
- avcodec_close (codec_ctx);
- avformat_close_input (&format_ctx);
- av_free (io_ctx);
---- libextractor-1.3/src/plugins/previewopus_extractor.c.orig 2013-12-22 17:44:18.000000000 -0500
-+++ libextractor-1.3/src/plugins/previewopus_extractor.c 2016-04-04 23:39:41.377720710 -0400
-@@ -296,8 +296,13 @@
- /** Initialize one audio frame for reading from the input file */
- static int init_input_frame(AVFrame **frame)
- {
-- if (!(*frame = avcodec_alloc_frame())) {
-- #if DEBUG
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+ *frame = av_frame_alloc ();
-+#else
-+ *frame = avcodec_alloc_frame();
-+#endif
-+ if (NULL == *frame) {
-+#if DEBUG
- fprintf(stderr, "Could not allocate input frame\n");
- #endif
- return AVERROR(ENOMEM);
-@@ -655,7 +660,11 @@
- av_freep(&converted_input_samples[0]);
- free(converted_input_samples);
- }
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+ av_frame_free (&input_frame);
-+#else
- avcodec_free_frame(&input_frame);
-+#endif
-
- return ret;
- }
-@@ -671,10 +680,15 @@
- int error;
-
- /** Create a new frame to store the audio samples. */
-- if (!(*frame = avcodec_alloc_frame())) {
-- #if DEBUG
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+ *frame = av_frame_alloc ();
-+#else
-+ *frame = avcodec_alloc_frame();
-+#endif
-+ if (NULL == *frame) {
-+#if DEBUG
- fprintf(stderr, "Could not allocate output frame\n");
-- #endif
-+#endif
- return AVERROR_EXIT;
- }
-
-@@ -699,10 +713,14 @@
- * sure that the audio frame can hold as many samples as specified.
- */
- if ((error = av_frame_get_buffer(*frame, 0)) < 0) {
-- #if DEBUG
-+#if DEBUG
- fprintf(stderr, "Could allocate output frame samples (error '%s')\n", get_error_text(error));
-- #endif
-+#endif
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+ av_frame_free (frame);
-+#else
- avcodec_free_frame(frame);
-+#endif
- return error;
- }
-
-@@ -780,20 +798,32 @@
- * The samples are stored in the frame temporarily.
- */
- if (av_audio_fifo_read(fifo, (void **)output_frame->data, frame_size) < frame_size) {
-- #if DEBUG
-+#if DEBUG
- fprintf(stderr, "Could not read data from FIFO\n");
-- #endif
-+#endif
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+ av_frame_free (&output_frame);
-+#else
- avcodec_free_frame(&output_frame);
-+#endif
- return AVERROR_EXIT;
- }
-
- /** Encode one frame worth of audio samples. */
- if (encode_audio_frame(output_frame, output_format_context,
- output_codec_context, &data_written)) {
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+ av_frame_free (&output_frame);
-+#else
- avcodec_free_frame(&output_frame);
-+#endif
- return AVERROR_EXIT;
- }
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+ av_frame_free (&output_frame);
-+#else
- avcodec_free_frame(&output_frame);
-+#endif
- return 0;
- }
- /** Write the trailer of the output file container. */
-@@ -907,7 +937,12 @@
- return;
- }
-
-- if (NULL == (frame = avcodec_alloc_frame ()))
-+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1)
-+ frame = av_frame_alloc ();
-+#else
-+ frame = avcodec_alloc_frame();
-+#endif
-+ if (NULL == frame)
- {
- #if DEBUG
- fprintf (stderr,
diff --git a/gnu/packages/patches/libmwaw-CVE-2017-9433.patch b/gnu/packages/patches/libmwaw-CVE-2017-9433.patch
new file mode 100644
index 0000000000..502a11d2a8
--- /dev/null
+++ b/gnu/packages/patches/libmwaw-CVE-2017-9433.patch
@@ -0,0 +1,33 @@
+Fix CVE-2017-9433:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9433
+
+Patch copied from upstream source repository:
+
+https://sourceforge.net/p/libmwaw/libmwaw/ci/68b3b74569881248bfb6cbb4266177cc253b292f
+
+From 68b3b74569881248bfb6cbb4266177cc253b292f Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Sat, 8 Apr 2017 14:03:29 +0200
+Subject: [PATCH] ofz#1037 resize vector correctly
+
+---
+ src/lib/MsWrd1Parser.cxx | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/lib/MsWrd1Parser.cxx b/src/lib/MsWrd1Parser.cxx
+index 63547e6..3626064 100644
+--- a/src/lib/MsWrd1Parser.cxx
++++ b/src/lib/MsWrd1Parser.cxx
+@@ -902,7 +902,7 @@ bool MsWrd1Parser::readFootnoteCorrespondance(MWAWVec2i limits)
+ int id = fIt++->second;
+ fPos[1] = fIt==footnoteMap.end() ? m_state->m_eot : fIt->first;
+ if (id >= int(m_state->m_footnotesList.size()))
+- m_state->m_footnotesList.resize(size_t(id),MWAWVec2l(0,0));
++ m_state->m_footnotesList.resize(size_t(id)+1,MWAWVec2l(0,0));
+ m_state->m_footnotesList[size_t(id)]=fPos;
+ }
+ ascii().addDelimiter(input->tell(),'|');
+--
+2.13.1
+
diff --git a/gnu/packages/patches/nss-disable-long-b64-tests.patch b/gnu/packages/patches/nss-disable-long-b64-tests.patch
deleted file mode 100644
index 612d94128d..0000000000
--- a/gnu/packages/patches/nss-disable-long-b64-tests.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Disable long b64 tests, which consistently fail on armhf.
-This is based on an excerpt of the following upstream patch:
-
- https://hg.mozilla.org/projects/nss/rev/00b2cc2b33c7
-
-(we exclude the part of the upstream patch that reverts
-an earlier failed attempt, and adapt the file names)
-
-diff --git a/gtests/util_gtest/util_b64_unittest.cc b/gtests/util_gtest/util_b64_unittest.cc
---- a/nss/gtests/util_gtest/util_b64_unittest.cc
-+++ b/nss/gtests/util_gtest/util_b64_unittest.cc
-@@ -63,17 +63,19 @@ TEST_F(B64EncodeDecodeTest, EncDecTest)
-
- TEST_F(B64EncodeDecodeTest, FakeDecTest) { EXPECT_TRUE(TestFakeDecode(100)); }
-
- TEST_F(B64EncodeDecodeTest, FakeEncDecTest) {
- EXPECT_TRUE(TestFakeEncode(100));
- }
-
- // These takes a while ...
--TEST_F(B64EncodeDecodeTest, LongFakeDecTest1) {
-+TEST_F(B64EncodeDecodeTest, DISABLED_LongFakeDecTest1) {
- EXPECT_TRUE(TestFakeDecode(0x66666666));
- }
--TEST_F(B64EncodeDecodeTest, LongFakeEncDecTest1) { TestFakeEncode(0x3fffffff); }
--TEST_F(B64EncodeDecodeTest, LongFakeEncDecTest2) {
-+TEST_F(B64EncodeDecodeTest, DISABLED_LongFakeEncDecTest1) {
-+ TestFakeEncode(0x3fffffff);
-+}
-+TEST_F(B64EncodeDecodeTest, DISABLED_LongFakeEncDecTest2) {
- EXPECT_FALSE(TestFakeEncode(0x40000000));
- }
-
- } // namespace nss_test
diff --git a/gnu/packages/patches/nss-increase-test-timeout.patch b/gnu/packages/patches/nss-increase-test-timeout.patch
index 1e24940322..55117c02e9 100644
--- a/gnu/packages/patches/nss-increase-test-timeout.patch
+++ b/gnu/packages/patches/nss-increase-test-timeout.patch
@@ -1,4 +1,4 @@
-We've seen some tests take more than 20s to complete on a busy armhf
+We've seen some tests take up to 60s to complete on a busy armhf
machine. Even a busy x86_64 machine can use more than 5s on some tests.
Increase timeouts to increase chances of a successful build.
@@ -10,7 +10,7 @@ Increase timeouts to increase chances of a successful build.
ASSERT_TRUE_WAIT((client_->state() != TlsAgent::STATE_CONNECTING) &&
(server_->state() != TlsAgent::STATE_CONNECTING),
- 5000);
-+ 25000);
++ 300000);
}
void TlsConnectTestBase::EnableExtendedMasterSecret() {
@@ -19,7 +19,7 @@ Increase timeouts to increase chances of a successful build.
failing_agent = client_;
}
- ASSERT_TRUE_WAIT(failing_agent->state() == TlsAgent::STATE_ERROR, 5000);
-+ ASSERT_TRUE_WAIT(failing_agent->state() == TlsAgent::STATE_ERROR, 25000);
++ ASSERT_TRUE_WAIT(failing_agent->state() == TlsAgent::STATE_ERROR, 300000);
}
void TlsConnectTestBase::ConfigureVersion(uint16_t version) {
diff --git a/gnu/packages/patches/osip-CVE-2017-7853.patch b/gnu/packages/patches/osip-CVE-2017-7853.patch
new file mode 100644
index 0000000000..33d95cdb0e
--- /dev/null
+++ b/gnu/packages/patches/osip-CVE-2017-7853.patch
@@ -0,0 +1,40 @@
+Fix CVE-2017-7853:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7853
+https://savannah.gnu.org/support/index.php?109265
+
+Patch copied from upstream source repository:
+
+https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1ae06daf3b2375c34af23083394a6f010be24a45
+
+From 1ae06daf3b2375c34af23083394a6f010be24a45 Mon Sep 17 00:00:00 2001
+From: Aymeric Moizard <amoizard@gmail.com>
+Date: Tue, 21 Feb 2017 17:16:26 +0100
+Subject: [PATCH] * fix bug report: sr #109265: SIP message body length
+ underflow in libosip2-4.1.0 https://savannah.gnu.org/support/?109265
+ also applicable to current latest version
+
+---
+ src/osipparser2/osip_message_parse.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/osipparser2/osip_message_parse.c b/src/osipparser2/osip_message_parse.c
+index 1628c60..aa35446 100644
+--- a/src/osipparser2/osip_message_parse.c
++++ b/src/osipparser2/osip_message_parse.c
+@@ -784,6 +784,12 @@ msg_osip_body_parse (osip_message_t * sip, const char *start_of_buf, const char
+ if ('\n' == start_of_body[0] || '\r' == start_of_body[0])
+ start_of_body++;
+
++ /* if message body is empty or contains a single CR/LF */
++ if (end_of_body <= start_of_body) {
++ osip_free (sep_boundary);
++ return OSIP_SYNTAXERROR;
++ }
++
+ body_len = end_of_body - start_of_body;
+
+ /* Skip CR before end boundary. */
+--
+2.13.1
+
diff --git a/gnu/packages/patches/zziplib-CVE-2017-5974.patch b/gnu/packages/patches/zziplib-CVE-2017-5974.patch
new file mode 100644
index 0000000000..9ae02103e7
--- /dev/null
+++ b/gnu/packages/patches/zziplib-CVE-2017-5974.patch
@@ -0,0 +1,28 @@
+Fix CVE-2017-5974:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5974
+
+Patch copied from Debian.
+
+Index: zziplib-0.13.62/zzip/memdisk.c
+===================================================================
+--- zziplib-0.13.62.orig/zzip/memdisk.c
++++ zziplib-0.13.62/zzip/memdisk.c
+@@ -216,12 +216,12 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
+ /* override sizes/offsets with zip64 values for largefile support */
+ zzip_extra_zip64 *block = (zzip_extra_zip64 *)
+ zzip_mem_entry_extra_block(item, ZZIP_EXTRA_zip64);
+- if (block)
++ if (block && ZZIP_GET16(block->z_datasize) >= (8 + 8 + 8 + 4))
+ {
+- item->zz_usize = __zzip_get64(block->z_usize);
+- item->zz_csize = __zzip_get64(block->z_csize);
+- item->zz_offset = __zzip_get64(block->z_offset);
+- item->zz_diskstart = __zzip_get32(block->z_diskstart);
++ item->zz_usize = ZZIP_GET64(block->z_usize);
++ item->zz_csize = ZZIP_GET64(block->z_csize);
++ item->zz_offset = ZZIP_GET64(block->z_offset);
++ item->zz_diskstart = ZZIP_GET32(block->z_diskstart);
+ }
+ }
+ /* NOTE:
diff --git a/gnu/packages/patches/zziplib-CVE-2017-5975.patch b/gnu/packages/patches/zziplib-CVE-2017-5975.patch
new file mode 100644
index 0000000000..fad174b056
--- /dev/null
+++ b/gnu/packages/patches/zziplib-CVE-2017-5975.patch
@@ -0,0 +1,32 @@
+Fix CVE-2017-5975:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5975
+
+Patch copied from Debian.
+
+Index: zziplib-0.13.62/zzip/memdisk.c
+===================================================================
+--- zziplib-0.13.62.orig/zzip/memdisk.c
++++ zziplib-0.13.62/zzip/memdisk.c
+@@ -173,6 +173,8 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
+ return 0; /* errno=ENOMEM; */
+ ___ struct zzip_file_header *header =
+ zzip_disk_entry_to_file_header(disk, entry);
++ if (!header)
++ { free(item); return 0; }
+ /* there is a number of duplicated information in the file header
+ * or the disk entry block. Theoretically some part may be missing
+ * that exists in the other, ... but we will prefer the disk entry.
+Index: zziplib-0.13.62/zzip/mmapped.c
+===================================================================
+--- zziplib-0.13.62.orig/zzip/mmapped.c
++++ zziplib-0.13.62/zzip/mmapped.c
+@@ -289,6 +289,8 @@ zzip_disk_entry_to_file_header(ZZIP_DISK
+ (disk->buffer + zzip_disk_entry_fileoffset(entry));
+ if (disk->buffer > file_header || file_header >= disk->endbuf)
+ return 0;
++ if (ZZIP_GET32(file_header) != ZZIP_FILE_HEADER_MAGIC)
++ return 0;
+ return (struct zzip_file_header *) file_header;
+ }
+
diff --git a/gnu/packages/patches/zziplib-CVE-2017-5976.patch b/gnu/packages/patches/zziplib-CVE-2017-5976.patch
new file mode 100644
index 0000000000..17fc30e302
--- /dev/null
+++ b/gnu/packages/patches/zziplib-CVE-2017-5976.patch
@@ -0,0 +1,61 @@
+Fix CVE-2017-5976:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5976
+
+Patch copied from Debian.
+
+Index: zziplib-0.13.62/zzip/memdisk.c
+===================================================================
+--- zziplib-0.13.62.orig/zzip/memdisk.c
++++ zziplib-0.13.62/zzip/memdisk.c
+@@ -201,6 +201,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
+ {
+ void *mem = malloc(ext1 + 2);
+ item->zz_ext[1] = mem;
++ item->zz_extlen[1] = ext1 + 2;
+ memcpy(mem, ptr1, ext1);
+ ((char *) (mem))[ext1 + 0] = 0;
+ ((char *) (mem))[ext1 + 1] = 0;
+@@ -209,6 +210,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
+ {
+ void *mem = malloc(ext2 + 2);
+ item->zz_ext[2] = mem;
++ item->zz_extlen[2] = ext2 + 2;
+ memcpy(mem, ptr2, ext2);
+ ((char *) (mem))[ext2 + 0] = 0;
+ ((char *) (mem))[ext2 + 1] = 0;
+@@ -245,8 +247,10 @@ zzip_mem_entry_extra_block(ZZIP_MEM_ENTR
+ while (1)
+ {
+ ZZIP_EXTRA_BLOCK *ext = entry->zz_ext[i];
+- if (ext)
++ if (ext && (entry->zz_extlen[i] >= zzip_extra_block_headerlength))
+ {
++ char *endblock = (char *)ext + entry->zz_extlen[i];
++
+ while (*(short *) (ext->z_datatype))
+ {
+ if (datatype == zzip_extra_block_get_datatype(ext))
+@@ -257,6 +261,10 @@ zzip_mem_entry_extra_block(ZZIP_MEM_ENTR
+ e += zzip_extra_block_headerlength;
+ e += zzip_extra_block_get_datasize(ext);
+ ext = (void *) e;
++ if (e >= endblock)
++ {
++ break;
++ }
+ ____;
+ }
+ }
+Index: zziplib-0.13.62/zzip/memdisk.h
+===================================================================
+--- zziplib-0.13.62.orig/zzip/memdisk.h
++++ zziplib-0.13.62/zzip/memdisk.h
+@@ -66,6 +66,7 @@ struct _zzip_mem_entry {
+ int zz_filetype; /* (from "z_filetype") */
+ char* zz_comment; /* zero-terminated (from "comment") */
+ ZZIP_EXTRA_BLOCK* zz_ext[3]; /* terminated by null in z_datatype */
++ int zz_extlen[3]; /* length of zz_ext[i] in bytes */
+ }; /* the extra blocks are NOT converted */
+
+ #define _zzip_mem_disk_findfirst(_d_) ((_d_)->list)
diff --git a/gnu/packages/patches/zziplib-CVE-2017-5978.patch b/gnu/packages/patches/zziplib-CVE-2017-5978.patch
new file mode 100644
index 0000000000..452b14f804
--- /dev/null
+++ b/gnu/packages/patches/zziplib-CVE-2017-5978.patch
@@ -0,0 +1,37 @@
+Fix CVE-2017-5978:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5978
+
+Patch copied from Debian.
+
+Index: zziplib-0.13.62/zzip/memdisk.c
+===================================================================
+--- zziplib-0.13.62.orig/zzip/memdisk.c
++++ zziplib-0.13.62/zzip/memdisk.c
+@@ -180,7 +180,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
+ * that exists in the other, ... but we will prefer the disk entry.
+ */
+ item->zz_comment = zzip_disk_entry_strdup_comment(disk, entry);
+- item->zz_name = zzip_disk_entry_strdup_name(disk, entry);
++ item->zz_name = zzip_disk_entry_strdup_name(disk, entry) ?: strdup("");
+ item->zz_data = zzip_file_header_to_data(header);
+ item->zz_flags = zzip_disk_entry_get_flags(entry);
+ item->zz_compr = zzip_disk_entry_get_compr(entry);
+@@ -197,7 +197,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
+ int /* */ ext2 = zzip_file_header_get_extras(header);
+ char *_zzip_restrict ptr2 = zzip_file_header_to_extras(header);
+
+- if (ext1)
++ if (ext1 && ((ptr1 + ext1) < disk->endbuf))
+ {
+ void *mem = malloc(ext1 + 2);
+ item->zz_ext[1] = mem;
+@@ -206,7 +206,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
+ ((char *) (mem))[ext1 + 0] = 0;
+ ((char *) (mem))[ext1 + 1] = 0;
+ }
+- if (ext2)
++ if (ext2 && ((ptr2 + ext2) < disk->endbuf))
+ {
+ void *mem = malloc(ext2 + 2);
+ item->zz_ext[2] = mem;
diff --git a/gnu/packages/patches/zziplib-CVE-2017-5979.patch b/gnu/packages/patches/zziplib-CVE-2017-5979.patch
new file mode 100644
index 0000000000..b38f50b172
--- /dev/null
+++ b/gnu/packages/patches/zziplib-CVE-2017-5979.patch
@@ -0,0 +1,19 @@
+Fix CVE-2017-5979:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5979
+
+Patch copied from Debian.
+
+Index: zziplib-0.13.62/zzip/fseeko.c
+===================================================================
+--- zziplib-0.13.62.orig/zzip/fseeko.c
++++ zziplib-0.13.62/zzip/fseeko.c
+@@ -255,7 +255,7 @@ zzip_entry_findfirst(FILE * disk)
+ return 0;
+ /* we read out chunks of 8 KiB in the hope to match disk granularity */
+ ___ zzip_off_t pagesize = PAGESIZE; /* getpagesize() */
+- ___ ZZIP_ENTRY *entry = malloc(sizeof(*entry));
++ ___ ZZIP_ENTRY *entry = calloc(1, sizeof(*entry));
+ if (! entry)
+ return 0;
+ ___ unsigned char *buffer = malloc(pagesize);
diff --git a/gnu/packages/patches/zziplib-CVE-2017-5981.patch b/gnu/packages/patches/zziplib-CVE-2017-5981.patch
new file mode 100644
index 0000000000..ed82cb3b91
--- /dev/null
+++ b/gnu/packages/patches/zziplib-CVE-2017-5981.patch
@@ -0,0 +1,19 @@
+Fix CVE-2017-5981:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5981
+
+Patch copied from Debian.
+Index: zziplib-0.13.62/zzip/fseeko.c
+===================================================================
+--- zziplib-0.13.62.orig/zzip/fseeko.c
++++ zziplib-0.13.62/zzip/fseeko.c
+@@ -311,7 +311,8 @@ zzip_entry_findfirst(FILE * disk)
+ } else
+ continue;
+
+- assert(0 <= root && root < mapsize);
++ if (root < 0 || root >= mapsize)
++ goto error;
+ if (fseeko(disk, root, SEEK_SET) == -1)
+ goto error;
+ if (fread(disk_(entry), 1, sizeof(*disk_(entry)), disk)