diff options
Diffstat (limited to 'gnu/packages/patches')
5 files changed, 233 insertions, 195 deletions
diff --git a/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch b/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch deleted file mode 100644 index 79bb41caaa..0000000000 --- a/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch +++ /dev/null @@ -1,40 +0,0 @@ -This fixes a segfault on 32-bit architectures. Upstream discussion: - -https://lists.gnupg.org/pipermail/gnupg-devel/2016-December/032364.html - -Guix thread: https://lists.gnu.org/archive/html/guix-devel/2016-12/msg00631.html - -Patch copied from upstream source repository: - -https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=6e96cdd41a0e55b672309431062f37c4a4a9f485 - -From 6e96cdd41a0e55b672309431062f37c4a4a9f485 Mon Sep 17 00:00:00 2001 -From: Justus Winter <justus@g10code.com> -Date: Wed, 21 Dec 2016 16:14:45 +0100 -Subject: [PATCH] gpgscm: Guard use of union member. - -* tests/gpgscm/scheme.c (opexe_5): Check that we have a file port -before accessing filename. Fixes a crash on 32-bit architectures. - -Fixes-commit: e7429b1ced0c69fa7901f888f8dc25f00fc346a4 -Signed-off-by: Justus Winter <justus@g10code.com> ---- - tests/gpgscm/scheme.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c -index a5b7691..2844545 100644 ---- a/tests/gpgscm/scheme.c -+++ b/tests/gpgscm/scheme.c -@@ -4838,7 +4838,7 @@ static pointer opexe_5(scheme *sc, enum scheme_opcodes op) { - } else { - sc->nesting_stack[sc->file_i]++; - #if USE_TAGS && SHOW_ERROR_LINE -- { -+ if (sc->load_stack[sc->file_i].kind & port_file) { - const char *filename = - sc->load_stack[sc->file_i].rep.stdio.filename; - int lineno = --- -2.8.0.rc3 - diff --git a/gnu/packages/patches/khal-disable-failing-tests.patch b/gnu/packages/patches/khal-disable-failing-tests.patch deleted file mode 100644 index e2c65df8ce..0000000000 --- a/gnu/packages/patches/khal-disable-failing-tests.patch +++ /dev/null @@ -1,33 +0,0 @@ -Disable some tests that are known to fail: - -https://github.com/pimutils/khal/issues/546 -https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844081 - -diff --git a/tests/khalendar_test.py b/tests/khalendar_test.py -index fd8dcc6..17732bf 100644 ---- a/tests/khalendar_test.py -+++ b/tests/khalendar_test.py -@@ -65,6 +65,7 @@ class TestCalendar(object): - else: - mtimes[cal] = mtime - -+ @pytest.mark.xfail - def test_db_needs_update(self, coll_vdirs): - coll, vdirs = coll_vdirs - -@@ -321,6 +322,7 @@ class TestDbCreation(object): - CalendarCollection(calendars, dbpath=dbpath, locale=aux.locale) - - -+@pytest.mark.xfail - def test_default_calendar(coll_vdirs): - """test if an update to the vdir is detected by the CalendarCollection""" - coll, vdirs = coll_vdirs -@@ -341,6 +343,7 @@ def test_default_calendar(coll_vdirs): - assert len(list(coll.get_events_on(today))) == 0 - - -+@pytest.mark.xfail - def test_only_update_old_event(coll_vdirs, monkeypatch): - coll, vdirs = coll_vdirs - diff --git a/gnu/packages/patches/libupnp-CVE-2016-6255.patch b/gnu/packages/patches/libupnp-CVE-2016-6255.patch deleted file mode 100644 index c9a3fa284c..0000000000 --- a/gnu/packages/patches/libupnp-CVE-2016-6255.patch +++ /dev/null @@ -1,50 +0,0 @@ -Fix CVE-2016-6255: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6255 -http://www.openwall.com/lists/oss-security/2016/07/18/13 - -Patch adapted from upstream commit: - -https://github.com/mrjimenez/pupnp/commit/d64d6a44906b5aa5306bdf1708531d698654dda5 - -The upstream change is simplified to unconditionally disable the HTTP -POST feature. - -From d64d6a44906b5aa5306bdf1708531d698654dda5 Mon Sep 17 00:00:00 2001 -From: Matthew Garrett <mjg59@srcf.ucam.org> -Date: Tue, 23 Feb 2016 13:53:20 -0800 -Subject: [PATCH] Don't allow unhandled POSTs to write to the filesystem by - default - -If there's no registered handler for a POST request, the default behaviour -is to write it to the filesystem. Several million deployed devices appear -to have this behaviour, making it possible to (at least) store arbitrary -data on them. Add a configure option that enables this behaviour, and change -the default to just drop POSTs that aren't directly handled. - -Signed-off-by: Marcelo Roberto Jimenez <mroberto@users.sourceforge.net> -(cherry picked from commit c91a8a3903367e1163765b73eb4d43be7d7927fa) ---- - configure.ac | 9 +++++++++ - upnp/inc/upnpconfig.h.in | 9 +++++++++ - upnp/src/genlib/net/http/webserver.c | 4 ++++ - 3 files changed, 22 insertions(+) - -diff --git a/upnp/src/genlib/net/http/webserver.c b/upnp/src/genlib/net/http/webserver.c -index 26bf0f7..7ae8c1e 100644 ---- a/upnp/src/genlib/net/http/webserver.c -+++ b/upnp/src/genlib/net/http/webserver.c -@@ -1367,9 +1367,13 @@ static int http_RecvPostMessage( - if (Fp == NULL) - return HTTP_INTERNAL_SERVER_ERROR; - } else { -+#if 0 - Fp = fopen(filename, "wb"); - if (Fp == NULL) - return HTTP_UNAUTHORIZED; -+#else -+ return HTTP_NOT_FOUND; -+#endif - } - parser->position = POS_ENTITY; - do { diff --git a/gnu/packages/patches/libupnp-CVE-2016-8863.patch b/gnu/packages/patches/libupnp-CVE-2016-8863.patch deleted file mode 100644 index 9978b39487..0000000000 --- a/gnu/packages/patches/libupnp-CVE-2016-8863.patch +++ /dev/null @@ -1,72 +0,0 @@ -Fix CVE-2016-8863: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8863 -https://sourceforge.net/p/pupnp/bugs/133/ - -Patch copied from upstream source repository: - -https://sourceforge.net/p/pupnp/code/ci/9c099c2923ab4d98530ab5204af1738be5bddba7/ - -From 9c099c2923ab4d98530ab5204af1738be5bddba7 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= <ukleinek@debian.org> -Date: Thu, 8 Dec 2016 17:11:53 +0100 -Subject: [PATCH] Fix out-of-bound access in create_url_list() (CVE-2016-8863) - -If there is an invalid URL in URLS->buf after a valid one, uri_parse is -called with out pointing after the allocated memory. As uri_parse writes -to *out before returning an error the loop in create_url_list must be -stopped early to prevent an out-of-bound access - -Bug: https://sourceforge.net/p/pupnp/bugs/133/ -Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8863 -Bug-Debian: https://bugs.debian.org/842093 -Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=1388771 -(cherry picked from commit a0f6e719bc03c4d2fe6a4a42ef6b8761446f520b) ---- - upnp/src/gena/gena_device.c | 17 ++++++++++++----- - 1 file changed, 12 insertions(+), 5 deletions(-) - -diff --git a/upnp/src/gena/gena_device.c b/upnp/src/gena/gena_device.c -index fb04a29..245c56b 100644 ---- a/upnp/src/gena/gena_device.c -+++ b/upnp/src/gena/gena_device.c -@@ -1113,7 +1113,7 @@ static int create_url_list( - /*! [out] . */ - URL_list *out) - { -- size_t URLcount = 0; -+ size_t URLcount = 0, URLcount2 = 0; - size_t i; - int return_code = 0; - uri_type temp; -@@ -1155,16 +1155,23 @@ static int create_url_list( - } - memcpy( out->URLs, URLS->buff, URLS->size ); - out->URLs[URLS->size] = 0; -- URLcount = 0; - for( i = 0; i < URLS->size; i++ ) { - if( ( URLS->buff[i] == '<' ) && ( i + 1 < URLS->size ) ) { - if( ( ( return_code = - parse_uri( &out->URLs[i + 1], URLS->size - i + 1, -- &out->parsedURLs[URLcount] ) ) == -+ &out->parsedURLs[URLcount2] ) ) == - HTTP_SUCCESS ) -- && ( out->parsedURLs[URLcount].hostport.text.size != -+ && ( out->parsedURLs[URLcount2].hostport.text.size != - 0 ) ) { -- URLcount++; -+ URLcount2++; -+ if (URLcount2 >= URLcount) -+ /* -+ * break early here in case there is a bogus URL that -+ * was skipped above. This prevents to access -+ * out->parsedURLs[URLcount] which is beyond the -+ * allocation. -+ */ -+ break; - } else { - if( return_code == UPNP_E_OUTOF_MEMORY ) { - free( out->URLs ); --- -2.11.0 - diff --git a/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch b/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch new file mode 100644 index 0000000000..545b5d0a71 --- /dev/null +++ b/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch @@ -0,0 +1,233 @@ +Fix CVE-2016-9572 and CVE-2016-9573: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9572 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9573 +https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572 +https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9573 + +Patch copied from 3rd-party repository: + +https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d + +From 7b28bd2b723df6be09fe7791eba33147c1c47d0d Mon Sep 17 00:00:00 2001 +From: szukw000 <szukw000@arcor.de> +Date: Mon, 28 Nov 2016 21:57:20 +0100 +Subject: [PATCH] Changes for issues #863 and #862 + +--- + src/bin/jp2/convert.c | 59 +++++++++++++++++++++++++++++++++++++++----- + src/bin/jp2/convertbmp.c | 29 +++++++++++++++++++++- + src/bin/jp2/opj_decompress.c | 2 +- + src/lib/openjp2/j2k.c | 11 ++++++--- + 4 files changed, 90 insertions(+), 11 deletions(-) + +diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c +index deee4f6..6a3f65b 100644 +--- a/src/bin/jp2/convert.c ++++ b/src/bin/jp2/convert.c +@@ -906,7 +906,8 @@ int imagetotga(opj_image_t * image, const char *outfile) { + for (i = 0; i < image->numcomps-1; i++) { + if ((image->comps[0].dx != image->comps[i+1].dx) + ||(image->comps[0].dy != image->comps[i+1].dy) +- ||(image->comps[0].prec != image->comps[i+1].prec)) { ++ ||(image->comps[0].prec != image->comps[i+1].prec) ++ ||(image->comps[0].sgnd != image->comps[i+1].sgnd)) { + fclose(fdest); + fprintf(stderr, "Unable to create a tga file with such J2K image charateristics."); + return 1; +@@ -1743,7 +1744,7 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split) + int *red, *green, *blue, *alpha; + int wr, hr, max; + int i; +- unsigned int compno, ncomp; ++ unsigned int compno, ncomp, ui; + int adjustR, adjustG, adjustB, adjustA; + int fails, two, want_gray, has_alpha, triple; + int prec, v; +@@ -1768,6 +1769,27 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split) + + if(want_gray) ncomp = 1; + ++ for (ui = 1; ui < ncomp; ++ui) { ++ if (image->comps[0].dx != image->comps[ui].dx) { ++ break; ++ } ++ if (image->comps[0].dy != image->comps[ui].dy) { ++ break; ++ } ++ if (image->comps[0].prec != image->comps[ui].prec) { ++ break; ++ } ++ if (image->comps[0].sgnd != image->comps[ui].sgnd) { ++ break; ++ } ++ } ++ if (ui != ncomp) { ++ fprintf(stderr,"imagetopnm: All components\n shall have " ++ "the same subsampling, same bit depth, same sign.\n" ++ " Aborting\n"); ++ return 1; ++ } ++ + if ((force_split == 0) && + (ncomp == 2 /* GRAYA */ + || (ncomp > 2 /* RGB, RGBA */ +@@ -2126,7 +2148,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL + { + FILE *rawFile = NULL; + size_t res; +- unsigned int compno; ++ unsigned int compno, numcomps; + int w, h, fails; + int line, row, curr, mask; + int *ptr; +@@ -2139,6 +2161,31 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL + return 1; + } + ++ numcomps = image->numcomps; ++ ++ if (numcomps > 4) { ++ numcomps = 4; ++ } ++ for (compno = 1; compno < numcomps; ++compno) { ++ if (image->comps[0].dx != image->comps[compno].dx) { ++ break; ++ } ++ if (image->comps[0].dy != image->comps[compno].dy) { ++ break; ++ } ++ if (image->comps[0].prec != image->comps[compno].prec) { ++ break; ++ } ++ if (image->comps[0].sgnd != image->comps[compno].sgnd) { ++ break; ++ } ++ } ++ if (compno != numcomps) { ++ fprintf(stderr,"imagetoraw_common: All components shall have the same subsampling, same bit depth, same sign.\n"); ++ fprintf(stderr,"\tAborting\n"); ++ return 1; ++ } ++ + rawFile = fopen(outfile, "wb"); + if (!rawFile) { + fprintf(stderr, "Failed to open %s for writing !!\n", outfile); +@@ -2146,9 +2193,9 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL + } + + fails = 1; +- fprintf(stdout,"Raw image characteristics: %d components\n", image->numcomps); ++ fprintf(stdout,"Raw image characteristics: %d components\n", numcomps); + +- for(compno = 0; compno < image->numcomps; compno++) ++ for(compno = 0; compno < numcomps; compno++) + { + fprintf(stdout,"Component %u characteristics: %dx%dx%d %s\n", compno, image->comps[compno].w, + image->comps[compno].h, image->comps[compno].prec, image->comps[compno].sgnd==1 ? "signed": "unsigned"); +@@ -2238,7 +2285,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL + } + else if (image->comps[compno].prec <= 32) + { +- fprintf(stderr,"More than 16 bits per component no handled yet\n"); ++ fprintf(stderr,"More than 16 bits per component not handled yet\n"); + goto fin; + } + else +diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c +index ae83077..8017ba8 100644 +--- a/src/bin/jp2/convertbmp.c ++++ b/src/bin/jp2/convertbmp.c +@@ -806,8 +806,35 @@ int imagetobmp(opj_image_t * image, const char *outfile) { + FILE *fdest = NULL; + int adjustR, adjustG, adjustB; + ++ { ++ unsigned int ui, ncomp = image->numcomps; ++ ++ if (ncomp > 4) { /* RGBA in bmpmask32toimage */ ++ ncomp = 4; ++ } ++ for (ui = 1; ui < ncomp; ++ui) { ++ if (image->comps[0].dx != image->comps[ui].dx) { ++ break; ++ } ++ if (image->comps[0].dy != image->comps[ui].dy) { ++ break; ++ } ++ if (image->comps[0].prec != image->comps[ui].prec) { ++ break; ++ } ++ if (image->comps[0].sgnd != image->comps[ui].sgnd) { ++ break; ++ } ++ } ++ if (ui != ncomp) { ++ fprintf(stderr,"imagetobmp: All components shall have the same subsampling, same bit depth, same sign.\n"); ++ fprintf(stderr,"\tAborting\n"); ++ return 1; ++ } ++ ++ } + if (image->comps[0].prec < 8) { +- fprintf(stderr, "Unsupported number of components: %d\n", image->comps[0].prec); ++ fprintf(stderr, "imagetobmp: Unsupported precision: %d\n", image->comps[0].prec); + return 1; + } + if (image->numcomps >= 3 && image->comps[0].dx == image->comps[1].dx +diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c +index 83160c3..c30079b 100644 +--- a/src/bin/jp2/opj_decompress.c ++++ b/src/bin/jp2/opj_decompress.c +@@ -1607,7 +1607,7 @@ int main(int argc, char **argv) + if(dirptr->filename_buf) free(dirptr->filename_buf); + free(dirptr); + } +- if (numDecompressedImages) { ++ if (numDecompressedImages && !failed) { + fprintf(stdout, "decode time: %d ms\n", (int)( (tCumulative * 1000.0) / (OPJ_FLOAT64)numDecompressedImages)); + } + return failed ? EXIT_FAILURE : EXIT_SUCCESS; +diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c +index 66802bb..b6daa32 100644 +--- a/src/lib/openjp2/j2k.c ++++ b/src/lib/openjp2/j2k.c +@@ -2158,7 +2158,7 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k, + i, l_img_comp->dx, l_img_comp->dy); + return OPJ_FALSE; + } +- if( l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */ ++ if( l_img_comp->prec < 1 || l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */ + opj_event_msg(p_manager, EVT_ERROR, + "Invalid values for comp = %d : prec=%u (should be between 1 and 38 according to the JPEG2000 norm)\n", + i, l_img_comp->prec); +@@ -10029,7 +10029,11 @@ OPJ_BOOL opj_j2k_decode(opj_j2k_t * p_j2k, + /* Move data and copy one information from codec to output image*/ + for (compno = 0; compno < p_image->numcomps; compno++) { + p_image->comps[compno].resno_decoded = p_j2k->m_output_image->comps[compno].resno_decoded; +- p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data; ++ p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data; ++ ++ if(p_image->comps[compno].data == NULL) return OPJ_FALSE; ++ ++ p_j2k->m_output_image->comps[compno].data = NULL; + #if 0 + char fn[256]; + sprintf( fn, "/tmp/%d.raw", compno ); +@@ -10037,7 +10041,6 @@ OPJ_BOOL opj_j2k_decode(opj_j2k_t * p_j2k, + fwrite( p_image->comps[compno].data, sizeof(OPJ_INT32), p_image->comps[compno].w * p_image->comps[compno].h, debug ); + fclose( debug ); + #endif +- p_j2k->m_output_image->comps[compno].data = NULL; + } + + return OPJ_TRUE; +@@ -10131,6 +10134,8 @@ OPJ_BOOL opj_j2k_get_tile( opj_j2k_t *p_j2k, + + p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data; + ++ if (p_image->comps[compno].data == NULL) return OPJ_FALSE; ++ + p_j2k->m_output_image->comps[compno].data = NULL; + } + |