diff options
Diffstat (limited to 'gnu/packages/patches')
| -rw-r--r-- | gnu/packages/patches/calibre-dont-load-remote-icons.patch | 45 | ||||
| -rw-r--r-- | gnu/packages/patches/calibre-drop-unrar.patch | 48 | ||||
| -rw-r--r-- | gnu/packages/patches/calibre-use-packaged-feedparser.patch | 51 | ||||
| -rw-r--r-- | gnu/packages/patches/gspell-dash-test.patch | 16 | ||||
| -rw-r--r-- | gnu/packages/patches/jbig2dec-CVE-2017-7885.patch | 38 | ||||
| -rw-r--r-- | gnu/packages/patches/jbig2dec-CVE-2017-7975.patch | 40 | ||||
| -rw-r--r-- | gnu/packages/patches/jbig2dec-CVE-2017-7976.patch | 122 | ||||
| -rw-r--r-- | gnu/packages/patches/qtscript-disable-tests.patch | 64 | ||||
| -rw-r--r-- | gnu/packages/patches/ruby-concurrent-test-arm.patch | 26 | ||||
| -rw-r--r-- | gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch | 31 | ||||
| -rw-r--r-- | gnu/packages/patches/shadow-CVE-2017-2616.patch | 72 |
11 files changed, 417 insertions, 136 deletions
diff --git a/gnu/packages/patches/calibre-dont-load-remote-icons.patch b/gnu/packages/patches/calibre-dont-load-remote-icons.patch new file mode 100644 index 0000000000..2168263072 --- /dev/null +++ b/gnu/packages/patches/calibre-dont-load-remote-icons.patch @@ -0,0 +1,45 @@ +From: Martin Pitt <mpitt@debian.org> +Date: Mon, 14 Nov 2016 22:41:24 +0100 +Subject: content-server: Don't load external URLs for privacy + +Spotted by lintian. +--- + resources/content_server/browse/browse.html | 4 +--- + resources/content_server/index.html | 2 +- + 2 files changed, 2 insertions(+), 4 deletions(-) + +diff --git a/resources/content_server/browse/browse.html b/resources/content_server/browse/browse.html +index 36f7199..e615707 100644 +--- a/resources/content_server/browse/browse.html ++++ b/resources/content_server/browse/browse.html +@@ -7,7 +7,7 @@ + <title>..:: calibre {library} ::.. {title}</title> + <meta http-equiv="X-UA-Compatible" content="IE=100" /> + <meta name="robots" content="noindex" /> +- <link rel="icon" type="image/x-icon" href="//calibre-ebook.com/favicon.ico" /> ++ <link rel="icon" type="image/x-icon" href="favicon.ico" /> + + <link rel="stylesheet" type="text/css" href="{prefix}/static/browse/browse.css" /> + <link type="text/css" href="{prefix}/static/jquery_ui/css/humanity-custom/jquery-ui-1.8.5.custom.css" rel="stylesheet" /> +@@ -63,8 +63,6 @@ + <input type="image" + src="{prefix}/static/button-donate.png" + name="submit"></input> +- <img alt="" src="https://www.paypal.com/en_US/i/scr/pixel.gif" +- width="1" height="1"></img> + </div> + </form> + <div id="calibre-home-link" title="Go to the calibre website"></div> +diff --git a/resources/content_server/index.html b/resources/content_server/index.html +index 51cc33a..e71d0e8 100644 +--- a/resources/content_server/index.html ++++ b/resources/content_server/index.html +@@ -9,7 +9,7 @@ + <script type="text/javascript" src="{prefix}/static/date.js" charset="utf-8"></script> + <script type="text/javascript" src="{prefix}/static/jquery.js" charset="utf-8"></script> + <script type="text/javascript" src="{prefix}/static/gui.js" charset="utf-8"></script> +- <link rel="icon" href="//calibre-ebook.com/favicon.ico" type="image/x-icon" /> ++ <link rel="icon" href="favicon.ico" type="image/x-icon" /> + </head> + <body> + <div id="banner"> diff --git a/gnu/packages/patches/calibre-drop-unrar.patch b/gnu/packages/patches/calibre-drop-unrar.patch index 4eb64404f6..adf977b183 100644 --- a/gnu/packages/patches/calibre-drop-unrar.patch +++ b/gnu/packages/patches/calibre-drop-unrar.patch @@ -1,15 +1,20 @@ -Taken from Debian. Updated by Alex Griffin. +Recreated old debian patch on the latest calibre version -Author: Dmitry Shachnev <mitya57@gmail.com> -Description: do not build unrar extension as we strip unrar from the tarball -Forwarded: not-needed -Last-Update: 2013-04-04 +From 6764e4c211e50d4f4633dbabfba7cbc3089c51dc Mon Sep 17 00:00:00 2001 +From: Brendan Tildesley <brendan.tildesley@openmailbox.org> +Date: Sat, 13 May 2017 21:12:12 +1000 +Subject: [PATCH] Remove unrar extension -Index: calibre/setup/extensions.py -=================================================================== ---- calibre.orig/setup/extensions.json 2016-07-21 21:21:05.000000000 -0500 -+++ calibre/setup/extensions.json 2016-07-27 11:22:17.167710112 -0500 -@@ -211,14 +211,5 @@ +--- + setup/extensions.json | 11 ----------- + src/calibre/ebooks/metadata/archive.py | 2 +- + 2 files changed, 1 insertion(+), 12 deletions(-) + +diff --git a/setup/extensions.json b/setup/extensions.json +index 1f6d1fb5fd..127390450f 100644 +--- a/setup/extensions.json ++++ b/setup/extensions.json +@@ -211,16 +211,5 @@ "sources": "calibre/devices/mtp/unix/devices.c calibre/devices/mtp/unix/libmtp.c", "headers": "calibre/devices/mtp/unix/devices.h calibre/devices/mtp/unix/upstream/music-players.h calibre/devices/mtp/unix/upstream/device-flags.h", "libraries": "mtp" @@ -20,22 +25,25 @@ Index: calibre/setup/extensions.py - "inc_dirs": "unrar", - "defines": "SILENT RARDLL UNRAR _FILE_OFFSET_BITS=64 _LARGEFILE_SOURCE", - "windows_defines": "SILENT RARDLL UNRAR", +- "haiku_defines": "LITTLE_ENDIAN SILENT RARDLL UNRAR _FILE_OFFSET_BITS=64 _LARGEFILE_SOURCE _BSD_SOURCE", +- "haiku_libraries": "bsd", - "optimize_level": 2, - "windows_libraries": "User32 Advapi32 kernel32 Shell32" } ] - - -Index: calibre/src/calibre/ebooks/metadata/archive.py -=================================================================== ---- calibre.orig/src/calibre/ebooks/metadata/archive.py 2016-07-21 21:21:05.000000000 -0500 -+++ calibre/src/calibre/ebooks/metadata/archive.py 2016-07-27 11:21:07.793616039 -0500 -@@ -42,7 +42,7 @@ - description = _('Extract common e-book formats from archives ' - '(zip/rar) files. Also try to autodetect if they are actually ' - 'cbz/cbr files.') +diff --git a/src/calibre/ebooks/metadata/archive.py b/src/calibre/ebooks/metadata/archive.py +index f5c0b7bed3..32257dcdae 100644 +--- a/src/calibre/ebooks/metadata/archive.py ++++ b/src/calibre/ebooks/metadata/archive.py +@@ -44,7 +44,7 @@ class ArchiveExtract(FileTypePlugin): + description = _('Extract common e-book formats from archive files ' + '(ZIP/RAR). Also try to autodetect if they are actually ' + 'CBZ/CBR files.') - file_types = set(['zip', 'rar']) + file_types = set(['zip']) supported_platforms = ['windows', 'osx', 'linux'] on_import = True +-- +2.12.2 + diff --git a/gnu/packages/patches/calibre-use-packaged-feedparser.patch b/gnu/packages/patches/calibre-use-packaged-feedparser.patch new file mode 100644 index 0000000000..8f4bbc8248 --- /dev/null +++ b/gnu/packages/patches/calibre-use-packaged-feedparser.patch @@ -0,0 +1,51 @@ +From: Martin Pitt <mpitt@debian.org> +Date: Mon, 14 Nov 2016 22:41:23 +0100 +Subject: Use packaged instead of bundled feedparser Python module + +--- + recipes/lenta_ru.recipe | 4 +++- + src/calibre/web/feeds/__init__.py | 4 +++- + 2 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/recipes/lenta_ru.recipe b/recipes/lenta_ru.recipe +index aa4dac4..4b6710c 100644 +--- a/recipes/lenta_ru.recipe ++++ b/recipes/lenta_ru.recipe +@@ -4,11 +4,13 @@ + Lenta.ru + ''' + +-from calibre.web.feeds.feedparser import parse + from calibre.ebooks.BeautifulSoup import Tag + from calibre.web.feeds.news import BasicNewsRecipe ++from feedparser import parse ++from functools import partial + import re + ++parse = partial(parse, agent='Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11') + + class LentaRURecipe(BasicNewsRecipe): + title = u'Lenta.ru: \u041d\u043e\u0432\u043e\u0441\u0442\u0438' +diff --git a/src/calibre/web/feeds/__init__.py b/src/calibre/web/feeds/__init__.py +index 8c9d748..f262604 100644 +--- a/src/calibre/web/feeds/__init__.py ++++ b/src/calibre/web/feeds/__init__.py +@@ -11,7 +11,10 @@ from calibre.utils.logging import default_log + from calibre import entity_to_unicode, strftime, force_unicode + from calibre.utils.date import dt_factory, utcnow, local_tz + from calibre.utils.cleantext import clean_ascii_chars, clean_xml_chars ++from feedparser import parse ++from functools import partial + ++parse = partial(parse, agent='Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11') + + class Article(object): + +@@ -334,7 +337,6 @@ def feed_from_xml(raw_xml, title=None, oldest_article=7, + max_articles_per_feed=100, + get_article_url=lambda item: item.get('link', None), + log=default_log): +- from calibre.web.feeds.feedparser import parse + # Handle unclosed escaped entities. They trip up feedparser and HBR for one + # generates them + raw_xml = re.sub(r'(&#\d+)([^0-9;])', r'\1;\2', raw_xml) diff --git a/gnu/packages/patches/gspell-dash-test.patch b/gnu/packages/patches/gspell-dash-test.patch new file mode 100644 index 0000000000..e737921c4b --- /dev/null +++ b/gnu/packages/patches/gspell-dash-test.patch @@ -0,0 +1,16 @@ +Somehow, Aspell 0.60.6.1 and aspell-dict-en-2016.11.20-0 don't consider +this a valid spelling. Skip it. + +--- gspell-1.3.2/testsuite/test-checker.c 2017-05-17 16:02:40.832415940 +0200 ++++ gspell-1.3.2/testsuite/test-checker.c 2017-05-17 16:02:50.768351895 +0200 +@@ -101,9 +101,6 @@ test_dashes (void) + + checker = gspell_checker_new (lang); + +- correctly_spelled = gspell_checker_check_word (checker, "spell-checking", -1, &error); +- g_assert_no_error (error); +- g_assert (correctly_spelled); + + correctly_spelled = gspell_checker_check_word (checker, "nrst-auie", -1, &error); + g_assert_no_error (error); + diff --git a/gnu/packages/patches/jbig2dec-CVE-2017-7885.patch b/gnu/packages/patches/jbig2dec-CVE-2017-7885.patch new file mode 100644 index 0000000000..a598392765 --- /dev/null +++ b/gnu/packages/patches/jbig2dec-CVE-2017-7885.patch @@ -0,0 +1,38 @@ +Fix CVE-2017-7885: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7885 +https://bugs.ghostscript.com/show_bug.cgi?id=697703 + +Patch copied from upstream source repository: + +https://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=258290340bb657c9efb44457f717b0d8b49f4aa3 + +From 258290340bb657c9efb44457f717b0d8b49f4aa3 Mon Sep 17 00:00:00 2001 +From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk> +Date: Wed, 3 May 2017 22:06:01 +0100 +Subject: [PATCH] Bug 697703: Prevent integer overflow vulnerability. + +Add extra check for the offset being greater than the size +of the image and hence reading off the end of the buffer. + +Thank you to Dai Ge for finding this issue and suggesting a patch. +--- + jbig2_symbol_dict.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/jbig2_symbol_dict.c b/jbig2_symbol_dict.c +index 4acaba9..36225cb 100644 +--- a/jbig2_symbol_dict.c ++++ b/jbig2_symbol_dict.c +@@ -629,7 +629,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, + byte *dst = image->data; + + /* SumatraPDF: prevent read access violation */ +- if (size - jbig2_huffman_offset(hs) < image->height * stride) { ++ if ((size - jbig2_huffman_offset(hs) < image->height * stride) || (size < jbig2_huffman_offset(hs))) { + jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "not enough data for decoding (%d/%d)", image->height * stride, + size - jbig2_huffman_offset(hs)); + jbig2_image_release(ctx, image); +-- +2.13.0 + diff --git a/gnu/packages/patches/jbig2dec-CVE-2017-7975.patch b/gnu/packages/patches/jbig2dec-CVE-2017-7975.patch new file mode 100644 index 0000000000..c83fe9d9f2 --- /dev/null +++ b/gnu/packages/patches/jbig2dec-CVE-2017-7975.patch @@ -0,0 +1,40 @@ +Fix CVE-2017-7975: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7975 +https://bugs.ghostscript.com/show_bug.cgi?id=697693 + +Patch copied from upstream source repository: + +https://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=f8992b8fe65c170c8624226f127c5c4bfed42c66 + +From f8992b8fe65c170c8624226f127c5c4bfed42c66 Mon Sep 17 00:00:00 2001 +From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk> +Date: Wed, 26 Apr 2017 22:12:14 +0100 +Subject: [PATCH] Bug 697693: Prevent SEGV due to integer overflow. + +While building a Huffman table, the start and end points were susceptible +to integer overflow. + +Thank you to Jiaqi for finding this issue and suggesting a patch. +--- + jbig2_huffman.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/jbig2_huffman.c b/jbig2_huffman.c +index 511e461..b4189a1 100644 +--- a/jbig2_huffman.c ++++ b/jbig2_huffman.c +@@ -421,8 +421,8 @@ jbig2_build_huffman_table(Jbig2Ctx *ctx, const Jbig2HuffmanParams *params) + + if (PREFLEN == CURLEN) { + int RANGELEN = lines[CURTEMP].RANGELEN; +- int start_j = CURCODE << shift; +- int end_j = (CURCODE + 1) << shift; ++ uint32_t start_j = CURCODE << shift; ++ uint32_t end_j = (CURCODE + 1) << shift; + byte eflags = 0; + + if (end_j > max_j) { +-- +2.13.0 + diff --git a/gnu/packages/patches/jbig2dec-CVE-2017-7976.patch b/gnu/packages/patches/jbig2dec-CVE-2017-7976.patch new file mode 100644 index 0000000000..2fe02358b8 --- /dev/null +++ b/gnu/packages/patches/jbig2dec-CVE-2017-7976.patch @@ -0,0 +1,122 @@ +Fix CVE-2017-7976: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7976 +https://bugs.ghostscript.com/show_bug.cgi?id=697683 + +In order to make the bug-fix patch apply, we also include an earlier commit +that it depends on. + +Patches copied from upstream source repository: + +Earlier commit, creating context for the CVE fix: +https://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=9d2c4f3bdb0bd003deae788e7187c0f86e624544 + +CVE-2017-7976 bug fix: +https://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=cfa054925de49675ac5445515ebf036fa9379ac6 + +From 9d2c4f3bdb0bd003deae788e7187c0f86e624544 Mon Sep 17 00:00:00 2001 +From: Tor Andersson <tor.andersson@artifex.com> +Date: Wed, 14 Dec 2016 15:56:31 +0100 +Subject: [PATCH] Fix warnings: remove unsigned < 0 tests that are always + false. + +--- + jbig2_image.c | 2 +- + jbig2_mmr.c | 2 +- + jbig2_symbol_dict.c | 9 ++------- + 3 files changed, 4 insertions(+), 9 deletions(-) + +diff --git a/jbig2_image.c b/jbig2_image.c +index 94e5a4c..00f966b 100644 +--- a/jbig2_image.c ++++ b/jbig2_image.c +@@ -256,7 +256,7 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int + /* general OR case */ + s = ss; + d = dd = dst->data + y * dst->stride + leftbyte; +- if (d < dst->data || leftbyte > dst->stride || h * dst->stride < 0 || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride) { ++ if (d < dst->data || leftbyte > dst->stride || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride) { + return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "preventing heap overflow in jbig2_image_compose"); + } + if (leftbyte == rightbyte) { +diff --git a/jbig2_mmr.c b/jbig2_mmr.c +index 390e27c..da54934 100644 +--- a/jbig2_mmr.c ++++ b/jbig2_mmr.c +@@ -977,7 +977,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) + if (b1 < 2) + break; + if (c) { +- if (b1 - 2 < a0 || a0 < 0) ++ if (a0 == MINUS1 || b1 - 2 < a0) + return -1; + jbig2_set_bits(dst, a0, b1 - 2); + } +diff --git a/jbig2_symbol_dict.c b/jbig2_symbol_dict.c +index 11a2252..4acaba9 100644 +--- a/jbig2_symbol_dict.c ++++ b/jbig2_symbol_dict.c +@@ -92,11 +92,6 @@ jbig2_sd_new(Jbig2Ctx *ctx, uint32_t n_symbols) + { + Jbig2SymbolDict *new_dict = NULL; + +- if (n_symbols < 0) { +- jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "Negative number of symbols in symbol dict: %d", n_symbols); +- return NULL; +- } +- + new_dict = jbig2_new(ctx, Jbig2SymbolDict, 1); + if (new_dict != NULL) { + new_dict->glyphs = jbig2_new(ctx, Jbig2Image *, n_symbols); +@@ -613,7 +608,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, + uint32_t j; + int x; + +- if (code || (BMSIZE < 0)) { ++ if (code) { + jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "error decoding size of collective bitmap!"); + goto cleanup4; + } +@@ -716,7 +711,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, + code = jbig2_arith_int_decode(IAEX, as, (int32_t *)&exrunlength); + /* prevent infinite loop */ + zerolength = exrunlength > 0 ? 0 : zerolength + 1; +- if (code || (exrunlength > limit - i) || (exrunlength < 0) || (zerolength > 4) || (exflag && (exrunlength + j > params->SDNUMEXSYMS))) { ++ if (code || (exrunlength > limit - i) || (zerolength > 4) || (exflag && (exrunlength + j > params->SDNUMEXSYMS))) { + if (code) + jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to decode exrunlength for exported symbols"); + else if (exrunlength <= 0) +-- +2.13.0 + +From cfa054925de49675ac5445515ebf036fa9379ac6 Mon Sep 17 00:00:00 2001 +From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk> +Date: Wed, 10 May 2017 17:50:39 +0100 +Subject: [PATCH] Bug 697683: Bounds check before reading from image source + data. + +Add extra check to prevent reading off the end of the image source +data buffer. + +Thank you to Dai Ge for finding this issue and suggesting a patch. +--- + jbig2_image.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/jbig2_image.c b/jbig2_image.c +index 661d0a5..ae161b9 100644 +--- a/jbig2_image.c ++++ b/jbig2_image.c +@@ -263,7 +263,8 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int + /* general OR case */ + s = ss; + d = dd = dst->data + y * dst->stride + leftbyte; +- if (d < dst->data || leftbyte > dst->stride || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride) { ++ if (d < dst->data || leftbyte > dst->stride || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride || ++ s - leftbyte + (h - 1) * src->stride + rightbyte > src->data + src->height * src->stride) { + return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "preventing heap overflow in jbig2_image_compose"); + } + if (leftbyte == rightbyte) { +-- +2.13.0 + diff --git a/gnu/packages/patches/qtscript-disable-tests.patch b/gnu/packages/patches/qtscript-disable-tests.patch new file mode 100644 index 0000000000..41a017d864 --- /dev/null +++ b/gnu/packages/patches/qtscript-disable-tests.patch @@ -0,0 +1,64 @@ +In all of these tests the result wraps around and comes out the negative of the exptected value. + +--- + tests/auto/qscriptjstestsuite/tests/ecma/Expressions/11.4.7-02.js | 2 +- + tests/auto/qscriptjstestsuite/tests/ecma/TypeConversion/9.3.1-3.js | 5 ++++- + 2 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/tests/auto/qscriptjstestsuite/tests/ecma/Expressions/11.4.7-02.js b/tests/auto/qscriptjstestsuite/tests/ecma/Expressions/11.4.7-02.js +index 43bd923..103f251 100644 +--- a/tests/auto/qscriptjstestsuite/tests/ecma/Expressions/11.4.7-02.js ++++ b/tests/auto/qscriptjstestsuite/tests/ecma/Expressions/11.4.7-02.js +@@ -74,7 +74,7 @@ test_negation(-1073741823, 1073741823); + + //2147483648 == (1 << 31) + test_negation(2147483648, -2147483648); +-test_negation(-2147483648, 2147483648); ++//test_negation(-2147483648, 2147483648); + + //2147483648 == (1 << 31) - 1 + test_negation(2147483647, -2147483647); +diff --git a/tests/auto/qscriptjstestsuite/tests/ecma/TypeConversion/9.3.1-3.js b/tests/auto/qscriptjstestsuite/tests/ecma/TypeConversion/9.3.1-3.js +index dc56427..c1a4bf3 100644 +--- a/tests/auto/qscriptjstestsuite/tests/ecma/TypeConversion/9.3.1-3.js ++++ b/tests/auto/qscriptjstestsuite/tests/ecma/TypeConversion/9.3.1-3.js +@@ -86,11 +86,12 @@ new TestCase( + // test cases from bug http://scopus.mcom.com/bugsplat/show_bug.cgi?id=122882 + + +- ++/* + new TestCase( SECTION, + '- -"0x80000000"', + 2147483648, + - -"0x80000000" ); ++*/ + + new TestCase( SECTION, + '- -"0x100000000"', +@@ -280,10 +281,12 @@ new TestCase( SECTION, + 305419896, + 0x12345678 ); + ++/* + new TestCase( SECTION, + "0x80000000", + 2147483648, + 0x80000000 ); ++*/ + + new TestCase( SECTION, + "0xffffffff", +@@ -681,10 +681,12 @@ new TestCase( SECTION, + NaN, + -"+Infiniti" ); + ++/* + new TestCase( SECTION, + "- -\"0x80000000\"", + 2147483648, + - -"0x80000000" ); ++*/ + + new TestCase( SECTION, + "- -\"0x100000000\"", diff --git a/gnu/packages/patches/ruby-concurrent-test-arm.patch b/gnu/packages/patches/ruby-concurrent-test-arm.patch index 75e6365565..06d5657814 100644 --- a/gnu/packages/patches/ruby-concurrent-test-arm.patch +++ b/gnu/packages/patches/ruby-concurrent-test-arm.patch @@ -5,27 +5,27 @@ Work around two test suite failures on ARM: The regexps here assume addresses like "0x1234" but on ARM (32-bit) we get something like "0x-7db1e810" (notice the dash). -diff --git a/spec/concurrent/edge/future_spec.rb b/spec/concurrent/edge/future_spec.rb -index a48fd29..4344d7e 100644 ---- b/spec/concurrent/edge/future_spec.rb -+++ a/spec/concurrent/edge/future_spec.rb -@@ -322,9 +322,9 @@ +diff --git a/spec/concurrent/edge/promises_spec.rb b/spec/concurrent/edge/promises_spec.rb +index 727210f..149f7cd 100644 +--- a/spec/concurrent/edge/promises_spec.rb ++++ b/spec/concurrent/edge/promises_spec.rb +@@ -371,9 +371,9 @@ describe 'Concurrent::Promises' do four = three.delay.then(&:succ) # meaningful to_s and inspect defined for Future and Promise -- expect(head.to_s).to match /<#Concurrent::Edge::Future:0x[\da-f]+ pending>/ -+ expect(head.to_s).to match /<#Concurrent::Edge::Future:0x-?[\da-f]+ pending>/ +- expect(head.to_s).to match /<#Concurrent::Promises::Future:0x[\da-f]+ pending>/ ++ expect(head.to_s).to match /<#Concurrent::Promises::Future:0x-?[\da-f]+ pending>/ expect(head.inspect).to( -- match(/<#Concurrent::Edge::Future:0x[\da-f]+ pending blocks:\[<#Concurrent::Edge::ThenPromise:0x[\da-f]+ pending>\]>/)) -+ match(/<#Concurrent::Edge::Future:0x-?[\da-f]+ pending blocks:\[<#Concurrent::Edge::ThenPromise:0x-?[\da-f]+ pending>\]>/)) +- match(/<#Concurrent::Promises::Future:0x[\da-f]+ pending>/)) ++ match(/<#Concurrent::Promises::Future:0x-?[\da-f]+ pending>/)) # evaluates only up to three, four is left unevaluated expect(three.value!).to eq 3 diff --git a/spec/concurrent/map_spec.rb b/spec/concurrent/map_spec.rb -index 13fd5b7..1c82ebe 100644 ---- b/spec/concurrent/map_spec.rb -+++ a/spec/concurrent/map_spec.rb -@@ -827,7 +827,7 @@ +index c4050be..0a9095d 100644 +--- a/spec/concurrent/map_spec.rb ++++ b/spec/concurrent/map_spec.rb +@@ -794,7 +794,7 @@ module Concurrent end it '#inspect' do diff --git a/gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch b/gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch deleted file mode 100644 index 3f357c4924..0000000000 --- a/gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch +++ /dev/null @@ -1,31 +0,0 @@ -Patch copied from upstream source repository: - -https://github.com/shadow-maint/shadow/commit/67d2bb6e0a5ac124ce1f026dd5723217b1493194 - -From 67d2bb6e0a5ac124ce1f026dd5723217b1493194 Mon Sep 17 00:00:00 2001 -From: Serge Hallyn <serge@hallyn.com> -Date: Sun, 18 Sep 2016 21:31:18 -0500 -Subject: [PATCH] su.c: fix missing length argument to snprintf - ---- - src/su.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/su.c b/src/su.c -index 0c50a9456afd..93ffd2fbe2b4 100644 ---- a/src/su.c -+++ b/src/su.c -@@ -373,8 +373,8 @@ static void prepare_pam_close_session (void) - stderr); - (void) kill (-pid_child, caught); - -- snprintf (kill_msg, _(" ...killed.\n")); -- snprintf (wait_msg, _(" ...waiting for child to terminate.\n")); -+ snprintf (kill_msg, 256, _(" ...killed.\n")); -+ snprintf (wait_msg, 256, _(" ...waiting for child to terminate.\n")); - - (void) signal (SIGALRM, kill_child); - (void) alarm (2); --- -2.11.0.rc2 - diff --git a/gnu/packages/patches/shadow-CVE-2017-2616.patch b/gnu/packages/patches/shadow-CVE-2017-2616.patch deleted file mode 100644 index f88aac40bc..0000000000 --- a/gnu/packages/patches/shadow-CVE-2017-2616.patch +++ /dev/null @@ -1,72 +0,0 @@ -Fix CVE-2017-2616: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616 -http://seclists.org/oss-sec/2017/q1/490 -http://seclists.org/oss-sec/2017/q1/474 - -Patch copied from upstream source repository: - -https://github.com/shadow-maint/shadow/commit/08fd4b69e84364677a10e519ccb25b71710ee686 - -From 08fd4b69e84364677a10e519ccb25b71710ee686 Mon Sep 17 00:00:00 2001 -From: Tobias Stoeckmann <tobias@stoeckmann.org> -Date: Thu, 23 Feb 2017 09:47:29 -0600 -Subject: [PATCH] su: properly clear child PID - -If su is compiled with PAM support, it is possible for any local user -to send SIGKILL to other processes with root privileges. There are -only two conditions. First, the user must be able to perform su with -a successful login. This does NOT have to be the root user, even using -su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL -can only be sent to processes which were executed after the su process. -It is not possible to send SIGKILL to processes which were already -running. I consider this as a security vulnerability, because I was -able to write a proof of concept which unlocked a screen saver of -another user this way. ---- - src/su.c | 19 +++++++++++++++++-- - 1 file changed, 17 insertions(+), 2 deletions(-) - -diff --git a/src/su.c b/src/su.c -index f20d230..d86aa86 100644 ---- a/src/su.c -+++ b/src/su.c -@@ -379,11 +379,13 @@ static void prepare_pam_close_session (void) - /* wake child when resumed */ - kill (pid, SIGCONT); - stop = false; -+ } else { -+ pid_child = 0; - } - } while (!stop); - } - -- if (0 != caught) { -+ if (0 != caught && 0 != pid_child) { - (void) fputs ("\n", stderr); - (void) fputs (_("Session terminated, terminating shell..."), - stderr); -@@ -393,9 +395,22 @@ static void prepare_pam_close_session (void) - snprintf (wait_msg, sizeof wait_msg, _(" ...waiting for child to terminate.\n")); - - (void) signal (SIGALRM, kill_child); -+ (void) signal (SIGCHLD, catch_signals); - (void) alarm (2); - -- (void) wait (&status); -+ sigemptyset (&ourset); -+ if ((sigaddset (&ourset, SIGALRM) != 0) -+ || (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0)) { -+ fprintf (stderr, _("%s: signal masking malfunction\n"), Prog); -+ kill_child (0); -+ } else { -+ while (0 == waitpid (pid_child, &status, WNOHANG)) { -+ sigsuspend (&ourset); -+ } -+ pid_child = 0; -+ (void) sigprocmask (SIG_UNBLOCK, &ourset, NULL); -+ } -+ - (void) fputs (_(" ...terminated.\n"), stderr); - } - |