diff options
Diffstat (limited to 'gnu/packages/patches')
64 files changed, 2501 insertions, 3724 deletions
diff --git a/gnu/packages/patches/awesome-reproducible-png.patch b/gnu/packages/patches/awesome-reproducible-png.patch index 0fae65bc71..d8e92c70f9 100644 --- a/gnu/packages/patches/awesome-reproducible-png.patch +++ b/gnu/packages/patches/awesome-reproducible-png.patch @@ -7,8 +7,8 @@ See <https://wiki.debian.org/ReproducibleBuilds/TimestampsInPNG>. set(ALL_ICONS ${ALL_ICONS} ${output}) add_custom_command( -- COMMAND ${CONVERT_EXECUTABLE} ${input} ${ARGN} ${output} -+ COMMAND ${CONVERT_EXECUTABLE} +set date:create +set date:modify -define png:exclude-chunk=time ${input} ${ARGN} ${output} +- COMMAND ${CONVERT_EXECUTABLE} ${input} -strip ${ARGN} ${output} ++ COMMAND ${CONVERT_EXECUTABLE} +set date:create +set date:modify -define png:exclude-chunk=time ${input} -strip ${ARGN} ${output} OUTPUT ${output} DEPENDS ${input} VERBATIM) diff --git a/gnu/packages/patches/cairo-CVE-2016-9082.patch b/gnu/packages/patches/cairo-CVE-2016-9082.patch new file mode 100644 index 0000000000..ad83404194 --- /dev/null +++ b/gnu/packages/patches/cairo-CVE-2016-9082.patch @@ -0,0 +1,122 @@ +From: Adrian Johnson <ajohnson@redneon.com> +Date: Thu, 20 Oct 2016 21:12:30 +1030 +Subject: [PATCH] image: prevent invalid ptr access for > 4GB images + +Image data is often accessed using: + + image->data + y * image->stride + +On 64-bit achitectures if the image data is > 4GB, this computation +will overflow since both y and stride are 32-bit types. + +bug report: https://bugs.freedesktop.org/show_bug.cgi?id=98165 +patch: https://bugs.freedesktop.org/attachment.cgi?id=127421 +--- + boilerplate/cairo-boilerplate.c | 4 +++- + src/cairo-image-compositor.c | 4 ++-- + src/cairo-image-surface-private.h | 2 +- + src/cairo-mesh-pattern-rasterizer.c | 2 +- + src/cairo-png.c | 2 +- + src/cairo-script-surface.c | 3 ++- + 6 files changed, 10 insertions(+), 7 deletions(-) + +diff --git a/boilerplate/cairo-boilerplate.c b/boilerplate/cairo-boilerplate.c +index 7fdbf79..4804dea 100644 +--- a/boilerplate/cairo-boilerplate.c ++++ b/boilerplate/cairo-boilerplate.c +@@ -42,6 +42,7 @@ + #undef CAIRO_VERSION_H + #include "../cairo-version.h" + ++#include <stddef.h> + #include <stdlib.h> + #include <ctype.h> + #include <assert.h> +@@ -976,7 +977,8 @@ cairo_surface_t * + cairo_boilerplate_image_surface_create_from_ppm_stream (FILE *file) + { + char format; +- int width, height, stride; ++ int width, height; ++ ptrdiff_t stride; + int x, y; + unsigned char *data; + cairo_surface_t *image = NULL; +diff --git a/src/cairo-image-compositor.c b/src/cairo-image-compositor.c +index 48072f8..3ca0006 100644 +--- a/src/cairo-image-compositor.c ++++ b/src/cairo-image-compositor.c +@@ -1575,7 +1575,7 @@ typedef struct _cairo_image_span_renderer { + pixman_image_t *src, *mask; + union { + struct fill { +- int stride; ++ ptrdiff_t stride; + uint8_t *data; + uint32_t pixel; + } fill; +@@ -1594,7 +1594,7 @@ typedef struct _cairo_image_span_renderer { + struct finish { + cairo_rectangle_int_t extents; + int src_x, src_y; +- int stride; ++ ptrdiff_t stride; + uint8_t *data; + } mask; + } u; +diff --git a/src/cairo-image-surface-private.h b/src/cairo-image-surface-private.h +index 8ca694c..7e78d61 100644 +--- a/src/cairo-image-surface-private.h ++++ b/src/cairo-image-surface-private.h +@@ -71,7 +71,7 @@ struct _cairo_image_surface { + + int width; + int height; +- int stride; ++ ptrdiff_t stride; + int depth; + + unsigned owns_data : 1; +diff --git a/src/cairo-mesh-pattern-rasterizer.c b/src/cairo-mesh-pattern-rasterizer.c +index 1b63ca8..e7f0db6 100644 +--- a/src/cairo-mesh-pattern-rasterizer.c ++++ b/src/cairo-mesh-pattern-rasterizer.c +@@ -470,7 +470,7 @@ draw_pixel (unsigned char *data, int width, int height, int stride, + tg += tg >> 16; + tb += tb >> 16; + +- *((uint32_t*) (data + y*stride + 4*x)) = ((ta << 16) & 0xff000000) | ++ *((uint32_t*) (data + y*(ptrdiff_t)stride + 4*x)) = ((ta << 16) & 0xff000000) | + ((tr >> 8) & 0xff0000) | ((tg >> 16) & 0xff00) | (tb >> 24); + } + } +diff --git a/src/cairo-png.c b/src/cairo-png.c +index 562b743..aa8c227 100644 +--- a/src/cairo-png.c ++++ b/src/cairo-png.c +@@ -673,7 +673,7 @@ read_png (struct png_read_closure_t *png_closure) + } + + for (i = 0; i < png_height; i++) +- row_pointers[i] = &data[i * stride]; ++ row_pointers[i] = &data[i * (ptrdiff_t)stride]; + + png_read_image (png, row_pointers); + png_read_end (png, info); +diff --git a/src/cairo-script-surface.c b/src/cairo-script-surface.c +index ea0117d..91e4baa 100644 +--- a/src/cairo-script-surface.c ++++ b/src/cairo-script-surface.c +@@ -1202,7 +1202,8 @@ static cairo_status_t + _write_image_surface (cairo_output_stream_t *output, + const cairo_image_surface_t *image) + { +- int stride, row, width; ++ int row, width; ++ ptrdiff_t stride; + uint8_t row_stack[CAIRO_STACK_BUFFER_SIZE]; + uint8_t *rowdata; + uint8_t *data; +-- +2.1.4 + diff --git a/gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch b/gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch new file mode 100644 index 0000000000..59decde0e9 --- /dev/null +++ b/gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch @@ -0,0 +1,81 @@ +diff -ur a/irregex-core.scm b/irregex-core.scm +--- a/irregex-core.scm 2016-09-11 19:03:00.000000000 -0400 ++++ b/irregex-core.scm 2017-01-01 22:24:08.000000000 -0500 +@@ -30,6 +30,8 @@ + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + ;;;; History ++;; 0.9.6: 2016/12/05 - fixed exponential memory use of + in compilation ++;; of backtracking matcher. + ;; 0.9.5: 2016/09/10 - fixed a bug in irregex-fold handling of bow + ;; 0.9.4: 2015/12/14 - performance improvement for {n,m} matches + ;; 0.9.3: 2014/07/01 - R7RS library +@@ -3170,16 +3172,7 @@ + ((sre-empty? (sre-sequence (cdr sre))) + (error "invalid sre: empty *" sre)) + (else +- (letrec +- ((body +- (lp (sre-sequence (cdr sre)) +- n +- flags +- (lambda (cnk init src str i end matches fail) +- (body cnk init src str i end matches +- (lambda () +- (next cnk init src str i end matches fail) +- )))))) ++ (let ((body (rec (list '+ (sre-sequence (cdr sre)))))) + (lambda (cnk init src str i end matches fail) + (body cnk init src str i end matches + (lambda () +@@ -3204,10 +3197,21 @@ + (lambda () + (body cnk init src str i end matches fail)))))))) + ((+) +- (lp (sre-sequence (cdr sre)) +- n +- flags +- (rec (list '* (sre-sequence (cdr sre)))))) ++ (cond ++ ((sre-empty? (sre-sequence (cdr sre))) ++ (error "invalid sre: empty +" sre)) ++ (else ++ (letrec ++ ((body ++ (lp (sre-sequence (cdr sre)) ++ n ++ flags ++ (lambda (cnk init src str i end matches fail) ++ (body cnk init src str i end matches ++ (lambda () ++ (next cnk init src str i end matches fail) ++ )))))) ++ body)))) + ((=) + (rec `(** ,(cadr sre) ,(cadr sre) ,@(cddr sre)))) + ((>=) +diff -ur a/irregex-utils.scm b/irregex-utils.scm +--- a/irregex-utils.scm 2016-09-11 19:03:00.000000000 -0400 ++++ b/irregex-utils.scm 2017-01-01 22:25:25.000000000 -0500 +@@ -89,7 +89,7 @@ + (case (car x) + ((: seq) + (cond +- ((and (pair? (cddr x)) (pair? (cddr x)) (not (eq? x obj))) ++ ((and (pair? (cdr x)) (pair? (cddr x)) (not (eq? x obj))) + (display "(?:" out) (for-each lp (cdr x)) (display ")" out)) + (else (for-each lp (cdr x))))) + ((submatch) +diff -ur "a/manual-html/Unit irregex.html" "b/manual-html/Unit irregex.html" +--- "a/manual-html/Unit irregex.html" 2016-09-11 19:10:47.000000000 -0400 ++++ "b/manual-html/Unit irregex.html" 2017-01-01 22:26:05.000000000 -0500 +@@ -353,6 +353,6 @@ + <dd class="defsig"><p>Returns an optimized SRE matching any of the literal strings in the list, like Emacs' <tt>regexp-opt</tt>. Note this optimization doesn't help when irregex is able to build a DFA.</p></dd> + </dl> + <h5 id="sec:sre-.3estring"><a href="#sec:sre-.3estring">sre->string</a></h5><dl class="defsig"><dt class="defsig" id="def:sre-.3estring"><span class="sig"><tt>(sre->string <sre>)</tt></span> <span class="type">procedure</span></dt> +-<dd class="defsig"><p>Convert an SRE to a POSIX-style regular expression string, if possible.</p></dd> ++<dd class="defsig"><p>Convert an SRE to a PCRE-style regular expression string, if possible.</p></dd> + </dl> +-<hr /><p>Previous: <a href="Unit%20extras.html">Unit extras</a></p><p>Next: <a href="Unit%20srfi-1.html">Unit srfi-1</a></p></div></div></body> +\ No newline at end of file ++<hr /><p>Previous: <a href="Unit%20extras.html">Unit extras</a></p><p>Next: <a href="Unit%20srfi-1.html">Unit srfi-1</a></p></div></div></body> diff --git a/gnu/packages/patches/cssc-gets-undeclared.patch b/gnu/packages/patches/cssc-gets-undeclared.patch deleted file mode 100644 index 68c607cf58..0000000000 --- a/gnu/packages/patches/cssc-gets-undeclared.patch +++ /dev/null @@ -1,17 +0,0 @@ -CSSC uses a gets in a couple of places. For security reasons, modern gnulib -does not allow this. This patch allows it again. ---- CSSC-1.3.0/gl/lib/stdio.in.h 2010-05-15 00:15:35.000000000 +0200 -+++ CSSC-1.3.0/gl/lib/stdio.in.h 2014-02-03 21:27:10.000000000 +0100 -@@ -135,12 +135,6 @@ - "use gnulib module fflush for portable POSIX compliance"); - #endif - --/* It is very rare that the developer ever has full control of stdin, -- so any use of gets warrants an unconditional warning. Assume it is -- always declared, since it is required by C89. */ --#undef gets --_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead"); -- - #if @GNULIB_FOPEN@ - # if @REPLACE_FOPEN@ - # if !(defined __cplusplus && defined GNULIB_NAMESPACE) diff --git a/gnu/packages/patches/cssc-missing-include.patch b/gnu/packages/patches/cssc-missing-include.patch deleted file mode 100644 index 3cef9c15f1..0000000000 --- a/gnu/packages/patches/cssc-missing-include.patch +++ /dev/null @@ -1,12 +0,0 @@ -Added a missing include file (necessary for gid_t and others). -So far as I am aware, this has not been added upstream yet. ---- CSSC-1.3.0/src/file.h 2010-05-16 19:31:33.000000000 +0200 -+++ CSSC-1.3.0/src/file.h 2014-02-03 21:48:30.000000000 +0100 -@@ -30,6 +30,7 @@ - #ifndef CSSC__FILE_H__ - #define CSSC__FILE_H__ - -+#include <sys/types.h> - #include "filelock.h" - - enum create_mode { diff --git a/gnu/packages/patches/fcgi-2.4.0-gcc44-fixes.patch b/gnu/packages/patches/fcgi-2.4.0-gcc44-fixes.patch new file mode 100644 index 0000000000..0f921b120b --- /dev/null +++ b/gnu/packages/patches/fcgi-2.4.0-gcc44-fixes.patch @@ -0,0 +1,14 @@ +Taken from http://pkgs.fedoraproject.org/cgit/rpms/fcgi.git/plain/fcgi-2.4.0-gcc44_fixes.patch. +Fixes compilation with GCC 4.4 and later. + +diff -up fcgi-2.4.0/libfcgi/fcgio.cpp.gcc44_fixes fcgi-2.4.0/libfcgi/fcgio.cpp +--- fcgi-2.4.0/libfcgi/fcgio.cpp.gcc44_fixes 2002-02-24 21:12:22.000000000 +0100 ++++ fcgi-2.4.0/libfcgi/fcgio.cpp 2009-02-15 11:35:18.000000000 +0100 +@@ -23,6 +23,7 @@ + #endif + + #include <limits.h> ++#include <cstdio> + #include "fcgio.h" + + using std::streambuf; diff --git a/gnu/packages/patches/fcgi-2.4.0-poll.patch b/gnu/packages/patches/fcgi-2.4.0-poll.patch new file mode 100644 index 0000000000..73be6a0a08 --- /dev/null +++ b/gnu/packages/patches/fcgi-2.4.0-poll.patch @@ -0,0 +1,89 @@ +Taken from http://pkgs.fedoraproject.org/cgit/rpms/fcgi.git/plain/fcgi-2.4.0-poll.patch +Fixes CVE-2012-6687. + +Author: Anton Kortunov <toshic.toshic@gmail.com> +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libfcgi/+bug/933417 +Description: use poll in os_unix.c instead of select to avoid problem with > 1024 connections +Forwarded: yes, fastcgi-developers@mailman.fastcgi.com + +diff --git a/libfcgi/os_unix.c b/libfcgi/os_unix.c +index 73e6a7f..af35aee 100755 +--- a/libfcgi/os_unix.c ++++ b/libfcgi/os_unix.c +@@ -42,6 +42,7 @@ static const char rcsid[] = "$Id: os_unix.c,v 1.37 2002/03/05 19:14:49 robs Exp + #include <sys/time.h> + #include <sys/un.h> + #include <signal.h> ++#include <poll.h> + + #ifdef HAVE_NETDB_H + #include <netdb.h> +@@ -103,6 +104,9 @@ static int volatile maxFd = -1; + static int shutdownPending = FALSE; + static int shutdownNow = FALSE; + ++static int libfcgiOsClosePollTimeout = 2000; ++static int libfcgiIsAfUnixKeeperPollTimeout = 2000; ++ + void OS_ShutdownPending() + { + shutdownPending = TRUE; +@@ -168,6 +172,16 @@ int OS_LibInit(int stdioFds[3]) + if(libInitialized) + return 0; + ++ char *libfcgiOsClosePollTimeoutStr = getenv( "LIBFCGI_OS_CLOSE_POLL_TIMEOUT" ); ++ if(libfcgiOsClosePollTimeoutStr) { ++ libfcgiOsClosePollTimeout = atoi(libfcgiOsClosePollTimeoutStr); ++ } ++ ++ char *libfcgiIsAfUnixKeeperPollTimeoutStr = getenv( "LIBFCGI_IS_AF_UNIX_KEEPER_POLL_TIMEOUT" ); ++ if(libfcgiIsAfUnixKeeperPollTimeoutStr) { ++ libfcgiIsAfUnixKeeperPollTimeout = atoi(libfcgiIsAfUnixKeeperPollTimeoutStr); ++ } ++ + asyncIoTable = (AioInfo *)malloc(asyncIoTableSize * sizeof(AioInfo)); + if(asyncIoTable == NULL) { + errno = ENOMEM; +@@ -755,19 +769,16 @@ int OS_Close(int fd) + + if (shutdown(fd, 1) == 0) + { +- struct timeval tv; +- fd_set rfds; ++ struct pollfd pfd; + int rv; + char trash[1024]; + +- FD_ZERO(&rfds); ++ pfd.fd = fd; ++ pfd.events = POLLIN; + + do + { +- FD_SET(fd, &rfds); +- tv.tv_sec = 2; +- tv.tv_usec = 0; +- rv = select(fd + 1, &rfds, NULL, NULL, &tv); ++ rv = poll(&pfd, 1, libfcgiOsClosePollTimeout); + } + while (rv > 0 && read(fd, trash, sizeof(trash)) > 0); + } +@@ -1116,13 +1127,11 @@ static int is_reasonable_accept_errno (const int error) + */ + static int is_af_unix_keeper(const int fd) + { +- struct timeval tval = { READABLE_UNIX_FD_DROP_DEAD_TIMEVAL }; +- fd_set read_fds; +- +- FD_ZERO(&read_fds); +- FD_SET(fd, &read_fds); ++ struct pollfd pfd; ++ pfd.fd = fd; ++ pfd.events = POLLIN; + +- return select(fd + 1, &read_fds, NULL, NULL, &tval) >= 0 && FD_ISSET(fd, &read_fds); ++ return poll(&pfd, 1, libfcgiIsAfUnixKeeperPollTimeout) >= 0 && (pfd.revents & POLLIN); + } + + /* diff --git a/gnu/packages/patches/gcc-4.9.3-mingw-gthr-default.patch b/gnu/packages/patches/gcc-4.9.3-mingw-gthr-default.patch new file mode 100644 index 0000000000..0ea008a7cb --- /dev/null +++ b/gnu/packages/patches/gcc-4.9.3-mingw-gthr-default.patch @@ -0,0 +1,11 @@ +--- a/libgcc/config/i386/gthr-win32.h 2016-03-30 07:45:33.388684463 +0200 ++++ b/libgcc/config/i386/gthr-win32.h 2016-03-30 15:51:24.123896436 +0200 +@@ -30,7 +30,7 @@ + + /* Make sure CONST_CAST2 (origin in system.h) is declared. */ + #ifndef CONST_CAST2 +-#define CONST_CAST2(TOTYPE,FROMTYPE,X) ((__extension__(union {FROMTYPE _q; TOTYPE _nq;})(X))._nq) ++#define CONST_CAST2(TOTYPE,FROMTYPE,X) ((TOTYPE)X) + #endif + + /* Windows32 threads specific definitions. The windows32 threading model diff --git a/gnu/packages/patches/gcj-arm-mode.patch b/gnu/packages/patches/gcj-arm-mode.patch new file mode 100644 index 0000000000..a3f999f7e9 --- /dev/null +++ b/gnu/packages/patches/gcj-arm-mode.patch @@ -0,0 +1,36 @@ +Taken from +https://sources.debian.net/data/main/g/gcc-4.9/4.9.2-10/debian/patches/gcj-arm-mode.diff + +# DP: For armhf, force arm mode instead of thumb mode + +--- a/libjava/configure.host ++++ b/libjava/configure.host +@@ -66,6 +66,9 @@ + ;; + esac + ++# on armhf force arm mode ++libgcj_flags="${libgcj_flags} -marm" ++ + AM_RUNTESTFLAGS= + + # Set any host dependent compiler flags. +--- a/gcc/java/lang-specs.h ++++ b/gcc/java/lang-specs.h +@@ -47,7 +47,7 @@ + %{.class|.zip|.jar|!fsyntax-only:jc1 \ + %{.java|fsaw-java-file:%U.jar -fsource-filename=%i %<ffilelist-file} \ + %{.class|.zip|.jar|ffilelist-file|fcompile-resource*:%i} \ +- %(jc1) %(cc1_options) %{I*} %{!findirect-dispatch:-faux-classpath %U.zip} \ ++ %(jc1) %(cc1_options) -marm %{I*} %{!findirect-dispatch:-faux-classpath %U.zip} \ + %{MD:-MD_} %{MMD:-MMD_} %{M} %{MM} %{MA} %{MT*} %{MF*}\ + %(invoke_as)}", + 0, 0, 0}, +--- a/libjava/libgcj.spec.in ++++ b/libjava/libgcj.spec.in +@@ -9,4 +9,4 @@ + %rename lib liborig + *lib: @LD_START_STATIC_SPEC@ @LIBGCJ_SPEC@ @LD_FINISH_STATIC_SPEC@ @LIBMATHSPEC@ @LDLIBICONV@ @GCSPEC@ @THREADSPEC@ @ZLIBSPEC@ @SYSTEMSPEC@ %(libgcc) @LIBSTDCXXSPEC@ %(liborig) + +-*jc1: @HASH_SYNC_SPEC@ @DIVIDESPEC@ @CHECKREFSPEC@ @JC1GCSPEC@ @EXCEPTIONSPEC@ @BACKTRACESPEC@ @IEEESPEC@ @ATOMICSPEC@ @LIBGCJ_BC_SPEC@ -fkeep-inline-functions ++*jc1: @HASH_SYNC_SPEC@ @DIVIDESPEC@ @CHECKREFSPEC@ @JC1GCSPEC@ @EXCEPTIONSPEC@ @BACKTRACESPEC@ @IEEESPEC@ @ATOMICSPEC@ @LIBGCJ_BC_SPEC@ -fkeep-inline-functions -marm diff --git a/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch b/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch new file mode 100644 index 0000000000..79bb41caaa --- /dev/null +++ b/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch @@ -0,0 +1,40 @@ +This fixes a segfault on 32-bit architectures. Upstream discussion: + +https://lists.gnupg.org/pipermail/gnupg-devel/2016-December/032364.html + +Guix thread: https://lists.gnu.org/archive/html/guix-devel/2016-12/msg00631.html + +Patch copied from upstream source repository: + +https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=6e96cdd41a0e55b672309431062f37c4a4a9f485 + +From 6e96cdd41a0e55b672309431062f37c4a4a9f485 Mon Sep 17 00:00:00 2001 +From: Justus Winter <justus@g10code.com> +Date: Wed, 21 Dec 2016 16:14:45 +0100 +Subject: [PATCH] gpgscm: Guard use of union member. + +* tests/gpgscm/scheme.c (opexe_5): Check that we have a file port +before accessing filename. Fixes a crash on 32-bit architectures. + +Fixes-commit: e7429b1ced0c69fa7901f888f8dc25f00fc346a4 +Signed-off-by: Justus Winter <justus@g10code.com> +--- + tests/gpgscm/scheme.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c +index a5b7691..2844545 100644 +--- a/tests/gpgscm/scheme.c ++++ b/tests/gpgscm/scheme.c +@@ -4838,7 +4838,7 @@ static pointer opexe_5(scheme *sc, enum scheme_opcodes op) { + } else { + sc->nesting_stack[sc->file_i]++; + #if USE_TAGS && SHOW_ERROR_LINE +- { ++ if (sc->load_stack[sc->file_i].kind & port_file) { + const char *filename = + sc->load_stack[sc->file_i].rep.stdio.filename; + int lineno = +-- +2.8.0.rc3 + diff --git a/gnu/packages/patches/gst-plugins-good-fix-crashes.patch b/gnu/packages/patches/gst-plugins-good-fix-crashes.patch deleted file mode 100644 index c36a595608..0000000000 --- a/gnu/packages/patches/gst-plugins-good-fix-crashes.patch +++ /dev/null @@ -1,1047 +0,0 @@ -Fixes upstream bug #774859 (flic decoder: Invalid memory read in -flx_decode_chunks): - -https://bugzilla.gnome.org/show_bug.cgi?id=774859 - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=be670f0daf67304fb92c76aa09c30cae0bfd1fe4 - -From be670f0daf67304fb92c76aa09c30cae0bfd1fe4 Mon Sep 17 00:00:00 2001 -From: Matthew Waters <matthew@centricular.com> -Date: Wed, 23 Nov 2016 07:09:06 +1100 -Subject: [PATCH] flxdec: rewrite logic based on GstByteReader/Writer - -Solves overreading/writing the given arrays and will error out if the -streams asks to do that. - -Also does more error checking that the stream is valid and won't -overrun any allocated arrays. Also mitigate integer overflow errors -calculating allocation sizes. - -https://bugzilla.gnome.org/show_bug.cgi?id=774859 ---- - gst/flx/flx_color.c | 1 - - gst/flx/flx_fmt.h | 72 ------- - gst/flx/gstflxdec.c | 610 ++++++++++++++++++++++++++++++++++++---------------- - gst/flx/gstflxdec.h | 4 +- - 4 files changed, 427 insertions(+), 260 deletions(-) - -diff --git a/gst/flx/flx_color.c b/gst/flx/flx_color.c -index 047bfdf..3a58135 100644 ---- a/gst/flx/flx_color.c -+++ b/gst/flx/flx_color.c -@@ -101,7 +101,6 @@ flx_set_palette_vector (FlxColorSpaceConverter * flxpal, guint start, guint num, - } else { - memcpy (&flxpal->palvec[start * 3], newpal, grab * 3); - } -- - } - - void -diff --git a/gst/flx/flx_fmt.h b/gst/flx/flx_fmt.h -index 9ab31ba..abff200 100644 ---- a/gst/flx/flx_fmt.h -+++ b/gst/flx/flx_fmt.h -@@ -123,78 +123,6 @@ typedef struct _FlxFrameType - } FlxFrameType; - #define FlxFrameTypeSize 10 - --#if G_BYTE_ORDER == G_BIG_ENDIAN --#define LE_TO_BE_16(i16) ((guint16) (((i16) << 8) | ((i16) >> 8))) --#define LE_TO_BE_32(i32) \ -- (((guint32) (LE_TO_BE_16((guint16) (i32))) << 16) | (LE_TO_BE_16((i32) >> 16))) -- --#define FLX_FRAME_TYPE_FIX_ENDIANNESS(frm_type_p) \ -- do { \ -- (frm_type_p)->chunks = LE_TO_BE_16((frm_type_p)->chunks); \ -- (frm_type_p)->delay = LE_TO_BE_16((frm_type_p)->delay); \ -- } while(0) -- --#define FLX_HUFFMAN_TABLE_FIX_ENDIANNESS(hffmn_table_p) \ -- do { \ -- (hffmn_table_p)->codelength = \ -- LE_TO_BE_16((hffmn_table_p)->codelength); \ -- (hffmn_table_p)->numcodes = LE_TO_BE_16((hffmn_table_p)->numcodes); \ -- } while(0) -- --#define FLX_SEGMENT_TABLE_FIX_ENDIANNESS(sgmnt_table_p) \ -- ((sgmnt_table_p)->segments = LE_TO_BE_16((sgmnt_table_p)->segments)) -- --#define FLX_PREFIX_CHUNK_FIX_ENDIANNESS(prfx_chnk_p) \ -- do { \ -- (prfx_chnk_p)->chunks = LE_TO_BE_16((prfx_chnk_p)->chunks); \ -- } while(0) -- --#define FLX_FRAME_CHUNK_FIX_ENDIANNESS(frm_chnk_p) \ -- do { \ -- (frm_chnk_p)->size = LE_TO_BE_32((frm_chnk_p)->size); \ -- (frm_chnk_p)->id = LE_TO_BE_16((frm_chnk_p)->id); \ -- } while(0) -- --#define FLX_HDR_FIX_ENDIANNESS(hdr_p) \ -- do { \ -- (hdr_p)->size = LE_TO_BE_32((hdr_p)->size); \ -- (hdr_p)->type = LE_TO_BE_16((hdr_p)->type); \ -- (hdr_p)->frames = LE_TO_BE_16((hdr_p)->frames); \ -- (hdr_p)->width = LE_TO_BE_16((hdr_p)->width); \ -- (hdr_p)->height = LE_TO_BE_16((hdr_p)->height); \ -- (hdr_p)->depth = LE_TO_BE_16((hdr_p)->depth); \ -- (hdr_p)->flags = LE_TO_BE_16((hdr_p)->flags); \ -- (hdr_p)->speed = LE_TO_BE_32((hdr_p)->speed); \ -- (hdr_p)->reserved1 = LE_TO_BE_16((hdr_p)->reserved1); \ -- (hdr_p)->created = LE_TO_BE_32((hdr_p)->created); \ -- (hdr_p)->creator = LE_TO_BE_32((hdr_p)->creator); \ -- (hdr_p)->updated = LE_TO_BE_32((hdr_p)->updated); \ -- (hdr_p)->updater = LE_TO_BE_32((hdr_p)->updater); \ -- (hdr_p)->aspect_dx = LE_TO_BE_16((hdr_p)->aspect_dx); \ -- (hdr_p)->aspect_dy = LE_TO_BE_16((hdr_p)->aspect_dy); \ -- (hdr_p)->ext_flags = LE_TO_BE_16((hdr_p)->ext_flags); \ -- (hdr_p)->keyframes = LE_TO_BE_16((hdr_p)->keyframes); \ -- (hdr_p)->totalframes = LE_TO_BE_16((hdr_p)->totalframes); \ -- (hdr_p)->req_memory = LE_TO_BE_32((hdr_p)->req_memory); \ -- (hdr_p)->max_regions = LE_TO_BE_16((hdr_p)->max_regions); \ -- (hdr_p)->transp_num = LE_TO_BE_16((hdr_p)->transp_num); \ -- (hdr_p)->oframe1 = LE_TO_BE_32((hdr_p)->oframe1); \ -- (hdr_p)->oframe2 = LE_TO_BE_32((hdr_p)->oframe2); \ -- } while(0) --#else -- --#define LE_TO_BE_16(i16) ((i16)) --#define LE_TO_BE_32(i32) ((i32)) -- --#define FLX_FRAME_TYPE_FIX_ENDIANNESS(frm_type_p) --#define FLX_HUFFMAN_TABLE_FIX_ENDIANNESS(hffmn_table_p) --#define FLX_SEGMENT_TABLE_FIX_ENDIANNESS(sgmnt_table_p) --#define FLX_PREFIX_CHUNK_FIX_ENDIANNESS(prfx_chnk_p) --#define FLX_FRAME_CHUNK_FIX_ENDIANNESS(frm_chnk_p) --#define FLX_HDR_FIX_ENDIANNESS(hdr_p) -- --#endif /* G_BYTE_ORDER == G_BIG_ENDIAN */ -- - G_END_DECLS - - #endif /* __GST_FLX_FMT_H__ */ -diff --git a/gst/flx/gstflxdec.c b/gst/flx/gstflxdec.c -index a237976..aa1bed5 100644 ---- a/gst/flx/gstflxdec.c -+++ b/gst/flx/gstflxdec.c -@@ -1,5 +1,6 @@ - /* GStreamer - * Copyright (C) <1999> Erik Walthinsen <omega@temple-baptist.com> -+ * Copyright (C) <2016> Matthew Waters <matthew@centricular.com> - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public -@@ -24,6 +25,7 @@ - /* - * http://www.coolutils.com/Formats/FLI - * http://woodshole.er.usgs.gov/operations/modeling/flc.html -+ * http://www.compuphase.com/flic.htm - */ - - #ifdef HAVE_CONFIG_H -@@ -73,10 +75,14 @@ static GstStateChangeReturn gst_flxdec_change_state (GstElement * element, - static gboolean gst_flxdec_src_query_handler (GstPad * pad, GstObject * parent, - GstQuery * query); - --static void flx_decode_color (GstFlxDec *, guchar *, guchar *, gint); --static gboolean flx_decode_brun (GstFlxDec *, guchar *, guchar *); --static gboolean flx_decode_delta_fli (GstFlxDec *, guchar *, guchar *); --static gboolean flx_decode_delta_flc (GstFlxDec *, guchar *, guchar *); -+static gboolean flx_decode_color (GstFlxDec * flxdec, GstByteReader * reader, -+ GstByteWriter * writer, gint scale); -+static gboolean flx_decode_brun (GstFlxDec * flxdec, -+ GstByteReader * reader, GstByteWriter * writer); -+static gboolean flx_decode_delta_fli (GstFlxDec * flxdec, -+ GstByteReader * reader, GstByteWriter * writer); -+static gboolean flx_decode_delta_flc (GstFlxDec * flxdec, -+ GstByteReader * reader, GstByteWriter * writer); - - #define rndalign(off) ((off) + ((off) & 1)) - -@@ -204,57 +210,59 @@ gst_flxdec_sink_event_handler (GstPad * pad, GstObject * parent, - } - - static gboolean --flx_decode_chunks (GstFlxDec * flxdec, gulong count, guchar * data, -- guchar * dest) -+flx_decode_chunks (GstFlxDec * flxdec, gulong n_chunks, GstByteReader * reader, -+ GstByteWriter * writer) - { -- FlxFrameChunk *hdr; - gboolean ret = TRUE; - -- g_return_val_if_fail (data != NULL, FALSE); -- -- while (count--) { -- hdr = (FlxFrameChunk *) data; -- FLX_FRAME_CHUNK_FIX_ENDIANNESS (hdr); -- data += FlxFrameChunkSize; -+ while (n_chunks--) { -+ GstByteReader chunk; -+ guint32 size; -+ guint16 type; -+ -+ if (!gst_byte_reader_get_uint32_le (reader, &size)) -+ goto parse_error; -+ if (!gst_byte_reader_get_uint16_le (reader, &type)) -+ goto parse_error; -+ GST_LOG_OBJECT (flxdec, "chunk has type 0x%02x size %d", type, size); -+ -+ if (!gst_byte_reader_get_sub_reader (reader, &chunk, -+ size - FlxFrameChunkSize)) { -+ GST_ERROR_OBJECT (flxdec, "Incorrect size in the chunk header"); -+ goto error; -+ } - -- switch (hdr->id) { -+ switch (type) { - case FLX_COLOR64: -- flx_decode_color (flxdec, data, dest, 2); -- data += rndalign (hdr->size) - FlxFrameChunkSize; -+ ret = flx_decode_color (flxdec, &chunk, writer, 2); - break; - - case FLX_COLOR256: -- flx_decode_color (flxdec, data, dest, 0); -- data += rndalign (hdr->size) - FlxFrameChunkSize; -+ ret = flx_decode_color (flxdec, &chunk, writer, 0); - break; - - case FLX_BRUN: -- ret = flx_decode_brun (flxdec, data, dest); -- data += rndalign (hdr->size) - FlxFrameChunkSize; -+ ret = flx_decode_brun (flxdec, &chunk, writer); - break; - - case FLX_LC: -- ret = flx_decode_delta_fli (flxdec, data, dest); -- data += rndalign (hdr->size) - FlxFrameChunkSize; -+ ret = flx_decode_delta_fli (flxdec, &chunk, writer); - break; - - case FLX_SS2: -- ret = flx_decode_delta_flc (flxdec, data, dest); -- data += rndalign (hdr->size) - FlxFrameChunkSize; -+ ret = flx_decode_delta_flc (flxdec, &chunk, writer); - break; - - case FLX_BLACK: -- memset (dest, 0, flxdec->size); -+ ret = gst_byte_writer_fill (writer, 0, flxdec->size); - break; - - case FLX_MINI: -- data += rndalign (hdr->size) - FlxFrameChunkSize; - break; - - default: -- GST_WARNING ("Unimplented chunk type: 0x%02x size: %d - skipping", -- hdr->id, hdr->size); -- data += rndalign (hdr->size) - FlxFrameChunkSize; -+ GST_WARNING ("Unimplemented chunk type: 0x%02x size: %d - skipping", -+ type, size); - break; - } - -@@ -263,43 +271,60 @@ flx_decode_chunks (GstFlxDec * flxdec, gulong count, guchar * data, - } - - return ret; -+ -+parse_error: -+ GST_ERROR_OBJECT (flxdec, "Failed to decode chunk"); -+error: -+ return FALSE; - } - - --static void --flx_decode_color (GstFlxDec * flxdec, guchar * data, guchar * dest, gint scale) -+static gboolean -+flx_decode_color (GstFlxDec * flxdec, GstByteReader * reader, -+ GstByteWriter * writer, gint scale) - { -- guint packs, count, indx; -+ guint8 count, indx; -+ guint16 packs; - -- g_return_if_fail (flxdec != NULL); -- -- packs = (data[0] + (data[1] << 8)); -- -- data += 2; -+ if (!gst_byte_reader_get_uint16_le (reader, &packs)) -+ goto error; - indx = 0; - -- GST_LOG ("GstFlxDec: cmap packs: %d", packs); -+ GST_LOG ("GstFlxDec: cmap packs: %d", (guint) packs); - while (packs--) { -+ const guint8 *data; -+ guint16 actual_count; -+ - /* color map index + skip count */ -- indx += *data++; -+ if (!gst_byte_reader_get_uint8 (reader, &indx)) -+ goto error; - - /* number of rgb triplets */ -- count = *data++ & 0xff; -- if (count == 0) -- count = 256; -+ if (!gst_byte_reader_get_uint8 (reader, &count)) -+ goto error; - -- GST_LOG ("GstFlxDec: cmap count: %d (indx: %d)", count, indx); -- flx_set_palette_vector (flxdec->converter, indx, count, data, scale); -+ actual_count = count == 0 ? 256 : count; - -- data += (count * 3); -+ if (!gst_byte_reader_get_data (reader, count * 3, &data)) -+ goto error; -+ -+ GST_LOG_OBJECT (flxdec, "cmap count: %d (indx: %d)", actual_count, indx); -+ flx_set_palette_vector (flxdec->converter, indx, actual_count, -+ (guchar *) data, scale); - } -+ -+ return TRUE; -+ -+error: -+ GST_ERROR_OBJECT (flxdec, "Error decoding color palette"); -+ return FALSE; - } - - static gboolean --flx_decode_brun (GstFlxDec * flxdec, guchar * data, guchar * dest) -+flx_decode_brun (GstFlxDec * flxdec, GstByteReader * reader, -+ GstByteWriter * writer) - { -- gulong count, lines, row; -- guchar x; -+ gulong lines, row; - - g_return_val_if_fail (flxdec != NULL, FALSE); - -@@ -310,82 +335,125 @@ flx_decode_brun (GstFlxDec * flxdec, guchar * data, guchar * dest) - * contain more then 255 RLE packets. we use the frame - * width instead. - */ -- data++; -+ if (!gst_byte_reader_skip (reader, 1)) -+ goto error; - - row = flxdec->hdr.width; - while (row) { -- count = *data++; -+ gint8 count; -+ -+ if (!gst_byte_reader_get_int8 (reader, &count)) -+ goto error; -+ -+ if (count <= 0) { -+ const guint8 *data; - -- if (count > 0x7f) { - /* literal run */ -- count = 0x100 - count; -- if ((glong) row - (glong) count < 0) { -- GST_ERROR_OBJECT (flxdec, "Invalid BRUN packet detected."); -+ count = ABS (count); -+ -+ GST_LOG_OBJECT (flxdec, "have literal run of size %d", count); -+ -+ if (count > row) { -+ GST_ERROR_OBJECT (flxdec, "Invalid BRUN line detected. " -+ "bytes to write exceeds the end of the row"); - return FALSE; - } - row -= count; - -- while (count--) -- *dest++ = *data++; -- -+ if (!gst_byte_reader_get_data (reader, count, &data)) -+ goto error; -+ if (!gst_byte_writer_put_data (writer, data, count)) -+ goto error; - } else { -- if ((glong) row - (glong) count < 0) { -- GST_ERROR_OBJECT (flxdec, "Invalid BRUN packet detected."); -+ guint8 x; -+ -+ GST_LOG_OBJECT (flxdec, "have replicate run of size %d", count); -+ -+ if (count > row) { -+ GST_ERROR_OBJECT (flxdec, "Invalid BRUN packet detected." -+ "bytes to write exceeds the end of the row"); - return FALSE; - } - - /* replicate run */ - row -= count; -- x = *data++; - -- while (count--) -- *dest++ = x; -+ if (!gst_byte_reader_get_uint8 (reader, &x)) -+ goto error; -+ if (!gst_byte_writer_fill (writer, x, count)) -+ goto error; - } - } - } - - return TRUE; -+ -+error: -+ GST_ERROR_OBJECT (flxdec, "Failed to decode BRUN packet"); -+ return FALSE; - } - - static gboolean --flx_decode_delta_fli (GstFlxDec * flxdec, guchar * data, guchar * dest) -+flx_decode_delta_fli (GstFlxDec * flxdec, GstByteReader * reader, -+ GstByteWriter * writer) - { -- gulong count, packets, lines, start_line; -- guchar *start_p, x; -+ guint16 start_line, lines; -+ guint line_start_i; - - g_return_val_if_fail (flxdec != NULL, FALSE); - g_return_val_if_fail (flxdec->delta_data != NULL, FALSE); - - /* use last frame for delta */ -- memcpy (dest, flxdec->delta_data, flxdec->size); -+ if (!gst_byte_writer_put_data (writer, flxdec->delta_data, flxdec->size)) -+ goto error; -+ -+ if (!gst_byte_reader_get_uint16_le (reader, &start_line)) -+ goto error; -+ if (!gst_byte_reader_get_uint16_le (reader, &lines)) -+ goto error; -+ GST_LOG_OBJECT (flxdec, "height %d start line %d line count %d", -+ flxdec->hdr.height, start_line, lines); - -- start_line = (data[0] + (data[1] << 8)); -- lines = (data[2] + (data[3] << 8)); - if (start_line + lines > flxdec->hdr.height) { - GST_ERROR_OBJECT (flxdec, "Invalid FLI packet detected. too many lines."); - return FALSE; - } -- data += 4; - -- /* start position of delta */ -- dest += (flxdec->hdr.width * start_line); -- start_p = dest; -+ line_start_i = flxdec->hdr.width * start_line; -+ if (!gst_byte_writer_set_pos (writer, line_start_i)) -+ goto error; - - while (lines--) { -+ guint8 packets; -+ - /* packet count */ -- packets = *data++; -+ if (!gst_byte_reader_get_uint8 (reader, &packets)) -+ goto error; -+ GST_LOG_OBJECT (flxdec, "have %d packets", packets); - - while (packets--) { - /* skip count */ -- guchar skip = *data++; -- dest += skip; -+ guint8 skip; -+ gint8 count; -+ if (!gst_byte_reader_get_uint8 (reader, &skip)) -+ goto error; -+ -+ /* skip bytes */ -+ if (!gst_byte_writer_set_pos (writer, -+ gst_byte_writer_get_pos (writer) + skip)) -+ goto error; - - /* RLE count */ -- count = *data++; -+ if (!gst_byte_reader_get_int8 (reader, &count)) -+ goto error; -+ -+ if (count < 0) { -+ guint8 x; - -- if (count > 0x7f) { - /* literal run */ -- count = 0x100 - count; -+ count = ABS (count); -+ GST_LOG_OBJECT (flxdec, "have literal run of size %d at offset %d", -+ count, skip); - - if (skip + count > flxdec->hdr.width) { - GST_ERROR_OBJECT (flxdec, "Invalid FLI packet detected. " -@@ -393,11 +461,16 @@ flx_decode_delta_fli (GstFlxDec * flxdec, guchar * data, guchar * dest) - return FALSE; - } - -- x = *data++; -- while (count--) -- *dest++ = x; -- -+ if (!gst_byte_reader_get_uint8 (reader, &x)) -+ goto error; -+ if (!gst_byte_writer_fill (writer, x, count)) -+ goto error; - } else { -+ const guint8 *data; -+ -+ GST_LOG_OBJECT (flxdec, "have replicate run of size %d at offset %d", -+ count, skip); -+ - if (skip + count > flxdec->hdr.width) { - GST_ERROR_OBJECT (flxdec, "Invalid FLI packet detected. " - "line too long."); -@@ -405,45 +478,60 @@ flx_decode_delta_fli (GstFlxDec * flxdec, guchar * data, guchar * dest) - } - - /* replicate run */ -- while (count--) -- *dest++ = *data++; -+ if (!gst_byte_reader_get_data (reader, count, &data)) -+ goto error; -+ if (!gst_byte_writer_put_data (writer, data, count)) -+ goto error; - } - } -- start_p += flxdec->hdr.width; -- dest = start_p; -+ line_start_i += flxdec->hdr.width; -+ if (!gst_byte_writer_set_pos (writer, line_start_i)) -+ goto error; - } - - return TRUE; -+ -+error: -+ GST_ERROR_OBJECT (flxdec, "Failed to decode FLI packet"); -+ return FALSE; - } - - static gboolean --flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest) -+flx_decode_delta_flc (GstFlxDec * flxdec, GstByteReader * reader, -+ GstByteWriter * writer) - { -- gulong count, lines, start_l, opcode; -- guchar *start_p; -+ guint16 lines, start_l; - - g_return_val_if_fail (flxdec != NULL, FALSE); - g_return_val_if_fail (flxdec->delta_data != NULL, FALSE); - - /* use last frame for delta */ -- memcpy (dest, flxdec->delta_data, flxdec->size); -+ if (!gst_byte_writer_put_data (writer, flxdec->delta_data, flxdec->size)) -+ goto error; -+ if (!gst_byte_reader_get_uint16_le (reader, &lines)) -+ goto error; - -- lines = (data[0] + (data[1] << 8)); - if (lines > flxdec->hdr.height) { - GST_ERROR_OBJECT (flxdec, "Invalid FLC packet detected. too many lines."); - return FALSE; - } -- data += 2; - -- start_p = dest; - start_l = lines; - - while (lines) { -- dest = start_p + (flxdec->hdr.width * (start_l - lines)); -+ guint16 opcode; -+ -+ if (!gst_byte_writer_set_pos (writer, -+ flxdec->hdr.width * (start_l - lines))) -+ goto error; - - /* process opcode(s) */ -- while ((opcode = (data[0] + (data[1] << 8))) & 0xc000) { -- data += 2; -+ while (TRUE) { -+ if (!gst_byte_reader_get_uint16_le (reader, &opcode)) -+ goto error; -+ if ((opcode & 0xc000) == 0) -+ break; -+ - if ((opcode & 0xc000) == 0xc000) { - /* line skip count */ - gulong skip = (0x10000 - opcode); -@@ -453,27 +541,44 @@ flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest) - return FALSE; - } - start_l += skip; -- dest += flxdec->hdr.width * skip; -+ if (!gst_byte_writer_set_pos (writer, -+ gst_byte_writer_get_pos (writer) + flxdec->hdr.width * skip)) -+ goto error; - } else { - /* last pixel */ -- dest += flxdec->hdr.width; -- *dest++ = (opcode & 0xff); -+ if (!gst_byte_writer_set_pos (writer, -+ gst_byte_writer_get_pos (writer) + flxdec->hdr.width)) -+ goto error; -+ if (!gst_byte_writer_put_uint8 (writer, opcode & 0xff)) -+ goto error; - } - } -- data += 2; - - /* last opcode is the packet count */ -+ GST_LOG_OBJECT (flxdec, "have %d packets", opcode); - while (opcode--) { - /* skip count */ -- guchar skip = *data++; -- dest += skip; -+ guint8 skip; -+ gint8 count; -+ -+ if (!gst_byte_reader_get_uint8 (reader, &skip)) -+ goto error; -+ if (!gst_byte_writer_set_pos (writer, -+ gst_byte_writer_get_pos (writer) + skip)) -+ goto error; - - /* RLE count */ -- count = *data++; -+ if (!gst_byte_reader_get_int8 (reader, &count)) -+ goto error; -+ -+ if (count < 0) { -+ guint16 x; - -- if (count > 0x7f) { - /* replicate word run */ -- count = 0x100 - count; -+ count = ABS (count); -+ -+ GST_LOG_OBJECT (flxdec, "have replicate run of size %d at offset %d", -+ count, skip); - - if (skip + count > flxdec->hdr.width) { - GST_ERROR_OBJECT (flxdec, "Invalid FLC packet detected. " -@@ -481,22 +586,31 @@ flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest) - return FALSE; - } - -+ if (!gst_byte_reader_get_uint16_le (reader, &x)) -+ goto error; -+ - while (count--) { -- *dest++ = data[0]; -- *dest++ = data[1]; -+ if (!gst_byte_writer_put_uint16_le (writer, x)) { -+ goto error; -+ } - } -- data += 2; - } else { -+ GST_LOG_OBJECT (flxdec, "have literal run of size %d at offset %d", -+ count, skip); -+ - if (skip + count > flxdec->hdr.width) { - GST_ERROR_OBJECT (flxdec, "Invalid FLC packet detected. " - "line too long."); - return FALSE; - } - -- /* literal word run */ - while (count--) { -- *dest++ = *data++; -- *dest++ = *data++; -+ guint16 x; -+ -+ if (!gst_byte_reader_get_uint16_le (reader, &x)) -+ goto error; -+ if (!gst_byte_writer_put_uint16_le (writer, x)) -+ goto error; - } - } - } -@@ -504,13 +618,91 @@ flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest) - } - - return TRUE; -+ -+error: -+ GST_ERROR_OBJECT (flxdec, "Failed to decode FLI packet"); -+ return FALSE; -+} -+ -+static gboolean -+_read_flx_header (GstFlxDec * flxdec, GstByteReader * reader, FlxHeader * flxh) -+{ -+ memset (flxh, 0, sizeof (*flxh)); -+ -+ if (!gst_byte_reader_get_uint32_le (reader, &flxh->size)) -+ goto error; -+ if (flxh->size < FlxHeaderSize) { -+ GST_ERROR_OBJECT (flxdec, "Invalid file size in the header"); -+ return FALSE; -+ } -+ -+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->type)) -+ goto error; -+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->frames)) -+ goto error; -+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->width)) -+ goto error; -+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->height)) -+ goto error; -+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->depth)) -+ goto error; -+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->flags)) -+ goto error; -+ if (!gst_byte_reader_get_uint32_le (reader, &flxh->speed)) -+ goto error; -+ if (!gst_byte_reader_skip (reader, 2)) /* reserved */ -+ goto error; -+ /* FLC */ -+ if (!gst_byte_reader_get_uint32_le (reader, &flxh->created)) -+ goto error; -+ if (!gst_byte_reader_get_uint32_le (reader, &flxh->creator)) -+ goto error; -+ if (!gst_byte_reader_get_uint32_le (reader, &flxh->updated)) -+ goto error; -+ if (!gst_byte_reader_get_uint32_le (reader, &flxh->updater)) -+ goto error; -+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->aspect_dx)) -+ goto error; -+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->aspect_dy)) -+ goto error; -+ /* EGI */ -+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->ext_flags)) -+ goto error; -+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->keyframes)) -+ goto error; -+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->totalframes)) -+ goto error; -+ if (!gst_byte_reader_get_uint32_le (reader, &flxh->req_memory)) -+ goto error; -+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->max_regions)) -+ goto error; -+ if (!gst_byte_reader_get_uint16_le (reader, &flxh->transp_num)) -+ goto error; -+ if (!gst_byte_reader_skip (reader, 24)) /* reserved */ -+ goto error; -+ /* FLC */ -+ if (!gst_byte_reader_get_uint32_le (reader, &flxh->oframe1)) -+ goto error; -+ if (!gst_byte_reader_get_uint32_le (reader, &flxh->oframe2)) -+ goto error; -+ if (!gst_byte_reader_skip (reader, 40)) /* reserved */ -+ goto error; -+ -+ return TRUE; -+ -+error: -+ GST_ERROR_OBJECT (flxdec, "Error reading file header"); -+ return FALSE; - } - - static GstFlowReturn - gst_flxdec_chain (GstPad * pad, GstObject * parent, GstBuffer * buf) - { -+ GstByteReader reader; -+ GstBuffer *input; -+ GstMapInfo map_info; - GstCaps *caps; -- guint avail; -+ guint available; - GstFlowReturn res = GST_FLOW_OK; - - GstFlxDec *flxdec; -@@ -521,31 +713,50 @@ gst_flxdec_chain (GstPad * pad, GstObject * parent, GstBuffer * buf) - g_return_val_if_fail (flxdec != NULL, GST_FLOW_ERROR); - - gst_adapter_push (flxdec->adapter, buf); -- avail = gst_adapter_available (flxdec->adapter); -+ available = gst_adapter_available (flxdec->adapter); -+ input = gst_adapter_get_buffer (flxdec->adapter, available); -+ if (!gst_buffer_map (input, &map_info, GST_MAP_READ)) { -+ GST_ELEMENT_ERROR (flxdec, STREAM, DECODE, -+ ("%s", "Failed to map buffer"), (NULL)); -+ goto error; -+ } -+ gst_byte_reader_init (&reader, map_info.data, map_info.size); - - if (flxdec->state == GST_FLXDEC_READ_HEADER) { -- if (avail >= FlxHeaderSize) { -- const guint8 *data = gst_adapter_map (flxdec->adapter, FlxHeaderSize); -+ if (available >= FlxHeaderSize) { -+ GstByteReader header; - GstCaps *templ; - -- memcpy ((gchar *) & flxdec->hdr, data, FlxHeaderSize); -- FLX_HDR_FIX_ENDIANNESS (&(flxdec->hdr)); -- gst_adapter_unmap (flxdec->adapter); -+ if (!gst_byte_reader_get_sub_reader (&reader, &header, FlxHeaderSize)) { -+ GST_ELEMENT_ERROR (flxdec, STREAM, DECODE, -+ ("%s", "Could not read header"), (NULL)); -+ goto unmap_input_error; -+ } - gst_adapter_flush (flxdec->adapter, FlxHeaderSize); -+ available -= FlxHeaderSize; -+ -+ if (!_read_flx_header (flxdec, &header, &flxdec->hdr)) { -+ GST_ELEMENT_ERROR (flxdec, STREAM, DECODE, -+ ("%s", "Failed to parse header"), (NULL)); -+ goto unmap_input_error; -+ } - - flxh = &flxdec->hdr; - - /* check header */ - if (flxh->type != FLX_MAGICHDR_FLI && -- flxh->type != FLX_MAGICHDR_FLC && flxh->type != FLX_MAGICHDR_FLX) -- goto wrong_type; -+ flxh->type != FLX_MAGICHDR_FLC && flxh->type != FLX_MAGICHDR_FLX) { -+ GST_ELEMENT_ERROR (flxdec, STREAM, WRONG_TYPE, (NULL), -+ ("not a flx file (type %x)", flxh->type)); -+ goto unmap_input_error; -+ } - -- GST_LOG ("size : %d", flxh->size); -- GST_LOG ("frames : %d", flxh->frames); -- GST_LOG ("width : %d", flxh->width); -- GST_LOG ("height : %d", flxh->height); -- GST_LOG ("depth : %d", flxh->depth); -- GST_LOG ("speed : %d", flxh->speed); -+ GST_INFO_OBJECT (flxdec, "size : %d", flxh->size); -+ GST_INFO_OBJECT (flxdec, "frames : %d", flxh->frames); -+ GST_INFO_OBJECT (flxdec, "width : %d", flxh->width); -+ GST_INFO_OBJECT (flxdec, "height : %d", flxh->height); -+ GST_INFO_OBJECT (flxdec, "depth : %d", flxh->depth); -+ GST_INFO_OBJECT (flxdec, "speed : %d", flxh->speed); - - flxdec->next_time = 0; - -@@ -573,18 +784,32 @@ gst_flxdec_chain (GstPad * pad, GstObject * parent, GstBuffer * buf) - gst_pad_set_caps (flxdec->srcpad, caps); - gst_caps_unref (caps); - -- if (flxh->depth <= 8) -- flxdec->converter = -- flx_colorspace_converter_new (flxh->width, flxh->height); -+ /* zero means 8 */ -+ if (flxh->depth == 0) -+ flxh->depth = 8; -+ -+ if (flxh->depth != 8) { -+ GST_ELEMENT_ERROR (flxdec, STREAM, WRONG_TYPE, -+ ("%s", "Don't know how to decode non 8 bit depth streams"), (NULL)); -+ goto unmap_input_error; -+ } -+ -+ flxdec->converter = -+ flx_colorspace_converter_new (flxh->width, flxh->height); - - if (flxh->type == FLX_MAGICHDR_FLC || flxh->type == FLX_MAGICHDR_FLX) { -- GST_LOG ("(FLC) aspect_dx : %d", flxh->aspect_dx); -- GST_LOG ("(FLC) aspect_dy : %d", flxh->aspect_dy); -- GST_LOG ("(FLC) oframe1 : 0x%08x", flxh->oframe1); -- GST_LOG ("(FLC) oframe2 : 0x%08x", flxh->oframe2); -+ GST_INFO_OBJECT (flxdec, "(FLC) aspect_dx : %d", flxh->aspect_dx); -+ GST_INFO_OBJECT (flxdec, "(FLC) aspect_dy : %d", flxh->aspect_dy); -+ GST_INFO_OBJECT (flxdec, "(FLC) oframe1 : 0x%08x", flxh->oframe1); -+ GST_INFO_OBJECT (flxdec, "(FLC) oframe2 : 0x%08x", flxh->oframe2); - } - - flxdec->size = ((guint) flxh->width * (guint) flxh->height); -+ if (flxdec->size >= G_MAXSIZE / 4) { -+ GST_ELEMENT_ERROR (flxdec, STREAM, DECODE, -+ ("%s", "Cannot allocate required memory"), (NULL)); -+ goto unmap_input_error; -+ } - - /* create delta and output frame */ - flxdec->frame_data = g_malloc (flxdec->size); -@@ -596,55 +821,66 @@ gst_flxdec_chain (GstPad * pad, GstObject * parent, GstBuffer * buf) - GstBuffer *out; - - /* while we have enough data in the adapter */ -- while (avail >= FlxFrameChunkSize && res == GST_FLOW_OK) { -- FlxFrameChunk flxfh; -- guchar *chunk; -- const guint8 *data; -- GstMapInfo map; -- -- chunk = NULL; -- data = gst_adapter_map (flxdec->adapter, FlxFrameChunkSize); -- memcpy (&flxfh, data, FlxFrameChunkSize); -- FLX_FRAME_CHUNK_FIX_ENDIANNESS (&flxfh); -- gst_adapter_unmap (flxdec->adapter); -- -- switch (flxfh.id) { -- case FLX_FRAME_TYPE: -- /* check if we have the complete frame */ -- if (avail < flxfh.size) -- goto need_more_data; -- -- /* flush header */ -- gst_adapter_flush (flxdec->adapter, FlxFrameChunkSize); -- -- chunk = gst_adapter_take (flxdec->adapter, -- flxfh.size - FlxFrameChunkSize); -- FLX_FRAME_TYPE_FIX_ENDIANNESS ((FlxFrameType *) chunk); -- if (((FlxFrameType *) chunk)->chunks == 0) -- break; -+ while (available >= FlxFrameChunkSize && res == GST_FLOW_OK) { -+ guint32 size; -+ guint16 type; - -- /* create 32 bits output frame */ --// res = gst_pad_alloc_buffer_and_set_caps (flxdec->srcpad, --// GST_BUFFER_OFFSET_NONE, --// flxdec->size * 4, GST_PAD_CAPS (flxdec->srcpad), &out); --// if (res != GST_FLOW_OK) --// break; -+ if (!gst_byte_reader_get_uint32_le (&reader, &size)) -+ goto parse_error; -+ if (available < size) -+ goto need_more_data; - -- out = gst_buffer_new_and_alloc (flxdec->size * 4); -+ available -= size; -+ gst_adapter_flush (flxdec->adapter, size); -+ -+ if (!gst_byte_reader_get_uint16_le (&reader, &type)) -+ goto parse_error; -+ -+ switch (type) { -+ case FLX_FRAME_TYPE:{ -+ GstByteReader chunks; -+ GstByteWriter writer; -+ guint16 n_chunks; -+ GstMapInfo map; -+ -+ GST_LOG_OBJECT (flxdec, "Have frame type 0x%02x of size %d", type, -+ size); -+ -+ if (!gst_byte_reader_get_sub_reader (&reader, &chunks, -+ size - FlxFrameChunkSize)) -+ goto parse_error; -+ -+ if (!gst_byte_reader_get_uint16_le (&chunks, &n_chunks)) -+ goto parse_error; -+ GST_LOG_OBJECT (flxdec, "Have %d chunks", n_chunks); -+ -+ if (n_chunks == 0) -+ break; -+ if (!gst_byte_reader_skip (&chunks, 8)) /* reserved */ -+ goto parse_error; -+ -+ gst_byte_writer_init_with_data (&writer, flxdec->frame_data, -+ flxdec->size, TRUE); - - /* decode chunks */ -- if (!flx_decode_chunks (flxdec, -- ((FlxFrameType *) chunk)->chunks, -- chunk + FlxFrameTypeSize, flxdec->frame_data)) { -+ if (!flx_decode_chunks (flxdec, n_chunks, &chunks, &writer)) { - GST_ELEMENT_ERROR (flxdec, STREAM, DECODE, - ("%s", "Could not decode chunk"), NULL); -- return GST_FLOW_ERROR; -+ goto unmap_input_error; - } -+ gst_byte_writer_reset (&writer); - - /* save copy of the current frame for possible delta. */ - memcpy (flxdec->delta_data, flxdec->frame_data, flxdec->size); - -- gst_buffer_map (out, &map, GST_MAP_WRITE); -+ out = gst_buffer_new_and_alloc (flxdec->size * 4); -+ if (!gst_buffer_map (out, &map, GST_MAP_WRITE)) { -+ GST_ELEMENT_ERROR (flxdec, STREAM, DECODE, -+ ("%s", "Could not map output buffer"), NULL); -+ gst_buffer_unref (out); -+ goto unmap_input_error; -+ } -+ - /* convert current frame. */ - flx_colorspace_convert (flxdec->converter, flxdec->frame_data, - map.data); -@@ -655,30 +891,32 @@ gst_flxdec_chain (GstPad * pad, GstObject * parent, GstBuffer * buf) - - res = gst_pad_push (flxdec->srcpad, out); - break; -+ } - default: -- /* check if we have the complete frame */ -- if (avail < flxfh.size) -- goto need_more_data; -- -- gst_adapter_flush (flxdec->adapter, flxfh.size); -+ GST_DEBUG_OBJECT (flxdec, "Unknown frame type 0x%02x, skipping %d", -+ type, size); -+ if (!gst_byte_reader_skip (&reader, size - FlxFrameChunkSize)) -+ goto parse_error; - break; - } -- -- g_free (chunk); -- -- avail = gst_adapter_available (flxdec->adapter); - } - } -+ -+ gst_buffer_unmap (input, &map_info); -+ gst_buffer_unref (input); -+ - need_more_data: - return res; - - /* ERRORS */ --wrong_type: -- { -- GST_ELEMENT_ERROR (flxdec, STREAM, WRONG_TYPE, (NULL), -- ("not a flx file (type %x)", flxh->type)); -- return GST_FLOW_ERROR; -- } -+parse_error: -+ GST_ELEMENT_ERROR (flxdec, STREAM, DECODE, -+ ("%s", "Failed to parse stream"), (NULL)); -+unmap_input_error: -+ gst_buffer_unmap (input, &map_info); -+ gst_buffer_unref (input); -+error: -+ return GST_FLOW_ERROR; - } - - static GstStateChangeReturn -diff --git a/gst/flx/gstflxdec.h b/gst/flx/gstflxdec.h -index 3f9a0aa..4fd8dfd 100644 ---- a/gst/flx/gstflxdec.h -+++ b/gst/flx/gstflxdec.h -@@ -23,6 +23,8 @@ - #include <gst/gst.h> - - #include <gst/base/gstadapter.h> -+#include <gst/base/gstbytereader.h> -+#include <gst/base/gstbytewriter.h> - #include "flx_color.h" - - G_BEGIN_DECLS -@@ -45,7 +47,7 @@ struct _GstFlxDec { - - guint8 *delta_data, *frame_data; - GstAdapter *adapter; -- gulong size; -+ gsize size; - GstFlxDecState state; - gint64 frame_time; - gint64 next_time; --- -2.10.2 - diff --git a/gnu/packages/patches/gst-plugins-good-fix-invalid-read.patch b/gnu/packages/patches/gst-plugins-good-fix-invalid-read.patch deleted file mode 100644 index 1daaa2ae15..0000000000 --- a/gnu/packages/patches/gst-plugins-good-fix-invalid-read.patch +++ /dev/null @@ -1,37 +0,0 @@ -Fixes upstream bug #774897 (flxdec: Unreferences itself one time too many on -invalid files): - -https://bugzilla.gnome.org/show_bug.cgi?id=774897 - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=b31c504645a814c59d91d49e4fe218acaf93f4ca - -From b31c504645a814c59d91d49e4fe218acaf93f4ca Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> -Date: Wed, 23 Nov 2016 11:20:49 +0200 -Subject: [PATCH] flxdec: Don't unref() parent in the chain function - -We don't own the reference here, it is owned by the caller and given to -us for the scope of this function. Leftover mistake from 0.10 porting. - -https://bugzilla.gnome.org/show_bug.cgi?id=774897 ---- - gst/flx/gstflxdec.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/gst/flx/gstflxdec.c b/gst/flx/gstflxdec.c -index e675c99..a237976 100644 ---- a/gst/flx/gstflxdec.c -+++ b/gst/flx/gstflxdec.c -@@ -677,7 +677,6 @@ wrong_type: - { - GST_ELEMENT_ERROR (flxdec, STREAM, WRONG_TYPE, (NULL), - ("not a flx file (type %x)", flxh->type)); -- gst_object_unref (flxdec); - return GST_FLOW_ERROR; - } - } --- -2.10.2 - diff --git a/gnu/packages/patches/gst-plugins-good-fix-signedness.patch b/gnu/packages/patches/gst-plugins-good-fix-signedness.patch deleted file mode 100644 index a3e20e19dd..0000000000 --- a/gnu/packages/patches/gst-plugins-good-fix-signedness.patch +++ /dev/null @@ -1,58 +0,0 @@ -This is a followup fix for upstream bug #774834 (flic decoder: Buffer overflow -in flx_decode_delta_fli): - -https://bugzilla.gnome.org/show_bug.cgi?id=774834#c2 - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=1ab2b26193861b124426e2f8eb62b75b59ec5488 - -From 1ab2b26193861b124426e2f8eb62b75b59ec5488 Mon Sep 17 00:00:00 2001 -From: Matthew Waters <matthew@centricular.com> -Date: Tue, 22 Nov 2016 23:46:00 +1100 -Subject: [PATCH] flxdec: fix some warnings comparing unsigned < 0 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -bf43f44fcfada5ec4a3ce60cb374340486fe9fac was comparing an unsigned -expression to be < 0 which was always false. - -gstflxdec.c: In function ‘flx_decode_brun’: -gstflxdec.c:322:33: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits] - if ((glong) row - count < 0) { - ^ -gstflxdec.c:332:33: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits] - if ((glong) row - count < 0) { - ^ - -https://bugzilla.gnome.org/show_bug.cgi?id=774834 ---- - gst/flx/gstflxdec.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/gst/flx/gstflxdec.c b/gst/flx/gstflxdec.c -index d51a8e6..e675c99 100644 ---- a/gst/flx/gstflxdec.c -+++ b/gst/flx/gstflxdec.c -@@ -319,7 +319,7 @@ flx_decode_brun (GstFlxDec * flxdec, guchar * data, guchar * dest) - if (count > 0x7f) { - /* literal run */ - count = 0x100 - count; -- if ((glong) row - count < 0) { -+ if ((glong) row - (glong) count < 0) { - GST_ERROR_OBJECT (flxdec, "Invalid BRUN packet detected."); - return FALSE; - } -@@ -329,7 +329,7 @@ flx_decode_brun (GstFlxDec * flxdec, guchar * data, guchar * dest) - *dest++ = *data++; - - } else { -- if ((glong) row - count < 0) { -+ if ((glong) row - (glong) count < 0) { - GST_ERROR_OBJECT (flxdec, "Invalid BRUN packet detected."); - return FALSE; - } --- -2.10.2 - diff --git a/gnu/packages/patches/gst-plugins-good-flic-bounds-check.patch b/gnu/packages/patches/gst-plugins-good-flic-bounds-check.patch deleted file mode 100644 index f77dca2cd6..0000000000 --- a/gnu/packages/patches/gst-plugins-good-flic-bounds-check.patch +++ /dev/null @@ -1,319 +0,0 @@ -Fix CVE-2016-{9634,9635,9636}. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9634 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9635 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9636 - -This fixes upstream bug #774834 (flic decoder: Buffer overflow in -flx_decode_delta_fli): - -https://bugzilla.gnome.org/show_bug.cgi?id=774834 - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=2e203a79b7d9af4029307c1a845b3c148d5f5e62 - -From 2e203a79b7d9af4029307c1a845b3c148d5f5e62 Mon Sep 17 00:00:00 2001 -From: Matthew Waters <matthew@centricular.com> -Date: Tue, 22 Nov 2016 19:05:00 +1100 -Subject: [PATCH] flxdec: add some write bounds checking - -Without checking the bounds of the frame we are writing into, we can -write off the end of the destination buffer. - -https://scarybeastsecurity.blogspot.dk/2016/11/0day-exploit-advancing-exploitation.html - -https://bugzilla.gnome.org/show_bug.cgi?id=774834 ---- - gst/flx/gstflxdec.c | 116 +++++++++++++++++++++++++++++++++++++++++----------- - 1 file changed, 91 insertions(+), 25 deletions(-) - -diff --git a/gst/flx/gstflxdec.c b/gst/flx/gstflxdec.c -index 604be2f..d51a8e6 100644 ---- a/gst/flx/gstflxdec.c -+++ b/gst/flx/gstflxdec.c -@@ -74,9 +74,9 @@ static gboolean gst_flxdec_src_query_handler (GstPad * pad, GstObject * parent, - GstQuery * query); - - static void flx_decode_color (GstFlxDec *, guchar *, guchar *, gint); --static void flx_decode_brun (GstFlxDec *, guchar *, guchar *); --static void flx_decode_delta_fli (GstFlxDec *, guchar *, guchar *); --static void flx_decode_delta_flc (GstFlxDec *, guchar *, guchar *); -+static gboolean flx_decode_brun (GstFlxDec *, guchar *, guchar *); -+static gboolean flx_decode_delta_fli (GstFlxDec *, guchar *, guchar *); -+static gboolean flx_decode_delta_flc (GstFlxDec *, guchar *, guchar *); - - #define rndalign(off) ((off) + ((off) & 1)) - -@@ -203,13 +203,14 @@ gst_flxdec_sink_event_handler (GstPad * pad, GstObject * parent, - return ret; - } - --static void -+static gboolean - flx_decode_chunks (GstFlxDec * flxdec, gulong count, guchar * data, - guchar * dest) - { - FlxFrameChunk *hdr; -+ gboolean ret = TRUE; - -- g_return_if_fail (data != NULL); -+ g_return_val_if_fail (data != NULL, FALSE); - - while (count--) { - hdr = (FlxFrameChunk *) data; -@@ -228,17 +229,17 @@ flx_decode_chunks (GstFlxDec * flxdec, gulong count, guchar * data, - break; - - case FLX_BRUN: -- flx_decode_brun (flxdec, data, dest); -+ ret = flx_decode_brun (flxdec, data, dest); - data += rndalign (hdr->size) - FlxFrameChunkSize; - break; - - case FLX_LC: -- flx_decode_delta_fli (flxdec, data, dest); -+ ret = flx_decode_delta_fli (flxdec, data, dest); - data += rndalign (hdr->size) - FlxFrameChunkSize; - break; - - case FLX_SS2: -- flx_decode_delta_flc (flxdec, data, dest); -+ ret = flx_decode_delta_flc (flxdec, data, dest); - data += rndalign (hdr->size) - FlxFrameChunkSize; - break; - -@@ -256,7 +257,12 @@ flx_decode_chunks (GstFlxDec * flxdec, gulong count, guchar * data, - data += rndalign (hdr->size) - FlxFrameChunkSize; - break; - } -+ -+ if (!ret) -+ break; - } -+ -+ return ret; - } - - -@@ -289,13 +295,13 @@ flx_decode_color (GstFlxDec * flxdec, guchar * data, guchar * dest, gint scale) - } - } - --static void -+static gboolean - flx_decode_brun (GstFlxDec * flxdec, guchar * data, guchar * dest) - { - gulong count, lines, row; - guchar x; - -- g_return_if_fail (flxdec != NULL); -+ g_return_val_if_fail (flxdec != NULL, FALSE); - - lines = flxdec->hdr.height; - while (lines--) { -@@ -313,12 +319,21 @@ flx_decode_brun (GstFlxDec * flxdec, guchar * data, guchar * dest) - if (count > 0x7f) { - /* literal run */ - count = 0x100 - count; -+ if ((glong) row - count < 0) { -+ GST_ERROR_OBJECT (flxdec, "Invalid BRUN packet detected."); -+ return FALSE; -+ } - row -= count; - - while (count--) - *dest++ = *data++; - - } else { -+ if ((glong) row - count < 0) { -+ GST_ERROR_OBJECT (flxdec, "Invalid BRUN packet detected."); -+ return FALSE; -+ } -+ - /* replicate run */ - row -= count; - x = *data++; -@@ -328,22 +343,28 @@ flx_decode_brun (GstFlxDec * flxdec, guchar * data, guchar * dest) - } - } - } -+ -+ return TRUE; - } - --static void -+static gboolean - flx_decode_delta_fli (GstFlxDec * flxdec, guchar * data, guchar * dest) - { - gulong count, packets, lines, start_line; - guchar *start_p, x; - -- g_return_if_fail (flxdec != NULL); -- g_return_if_fail (flxdec->delta_data != NULL); -+ g_return_val_if_fail (flxdec != NULL, FALSE); -+ g_return_val_if_fail (flxdec->delta_data != NULL, FALSE); - - /* use last frame for delta */ - memcpy (dest, flxdec->delta_data, flxdec->size); - - start_line = (data[0] + (data[1] << 8)); - lines = (data[2] + (data[3] << 8)); -+ if (start_line + lines > flxdec->hdr.height) { -+ GST_ERROR_OBJECT (flxdec, "Invalid FLI packet detected. too many lines."); -+ return FALSE; -+ } - data += 4; - - /* start position of delta */ -@@ -356,7 +377,8 @@ flx_decode_delta_fli (GstFlxDec * flxdec, guchar * data, guchar * dest) - - while (packets--) { - /* skip count */ -- dest += *data++; -+ guchar skip = *data++; -+ dest += skip; - - /* RLE count */ - count = *data++; -@@ -364,12 +386,24 @@ flx_decode_delta_fli (GstFlxDec * flxdec, guchar * data, guchar * dest) - if (count > 0x7f) { - /* literal run */ - count = 0x100 - count; -- x = *data++; - -+ if (skip + count > flxdec->hdr.width) { -+ GST_ERROR_OBJECT (flxdec, "Invalid FLI packet detected. " -+ "line too long."); -+ return FALSE; -+ } -+ -+ x = *data++; - while (count--) - *dest++ = x; - - } else { -+ if (skip + count > flxdec->hdr.width) { -+ GST_ERROR_OBJECT (flxdec, "Invalid FLI packet detected. " -+ "line too long."); -+ return FALSE; -+ } -+ - /* replicate run */ - while (count--) - *dest++ = *data++; -@@ -378,21 +412,27 @@ flx_decode_delta_fli (GstFlxDec * flxdec, guchar * data, guchar * dest) - start_p += flxdec->hdr.width; - dest = start_p; - } -+ -+ return TRUE; - } - --static void -+static gboolean - flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest) - { - gulong count, lines, start_l, opcode; - guchar *start_p; - -- g_return_if_fail (flxdec != NULL); -- g_return_if_fail (flxdec->delta_data != NULL); -+ g_return_val_if_fail (flxdec != NULL, FALSE); -+ g_return_val_if_fail (flxdec->delta_data != NULL, FALSE); - - /* use last frame for delta */ - memcpy (dest, flxdec->delta_data, flxdec->size); - - lines = (data[0] + (data[1] << 8)); -+ if (lines > flxdec->hdr.height) { -+ GST_ERROR_OBJECT (flxdec, "Invalid FLC packet detected. too many lines."); -+ return FALSE; -+ } - data += 2; - - start_p = dest; -@@ -405,9 +445,15 @@ flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest) - while ((opcode = (data[0] + (data[1] << 8))) & 0xc000) { - data += 2; - if ((opcode & 0xc000) == 0xc000) { -- /* skip count */ -- start_l += (0x10000 - opcode); -- dest += flxdec->hdr.width * (0x10000 - opcode); -+ /* line skip count */ -+ gulong skip = (0x10000 - opcode); -+ if (skip > flxdec->hdr.height) { -+ GST_ERROR_OBJECT (flxdec, "Invalid FLC packet detected. " -+ "skip line count too big."); -+ return FALSE; -+ } -+ start_l += skip; -+ dest += flxdec->hdr.width * skip; - } else { - /* last pixel */ - dest += flxdec->hdr.width; -@@ -419,7 +465,8 @@ flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest) - /* last opcode is the packet count */ - while (opcode--) { - /* skip count */ -- dest += *data++; -+ guchar skip = *data++; -+ dest += skip; - - /* RLE count */ - count = *data++; -@@ -427,12 +474,25 @@ flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest) - if (count > 0x7f) { - /* replicate word run */ - count = 0x100 - count; -+ -+ if (skip + count > flxdec->hdr.width) { -+ GST_ERROR_OBJECT (flxdec, "Invalid FLC packet detected. " -+ "line too long."); -+ return FALSE; -+ } -+ - while (count--) { - *dest++ = data[0]; - *dest++ = data[1]; - } - data += 2; - } else { -+ if (skip + count > flxdec->hdr.width) { -+ GST_ERROR_OBJECT (flxdec, "Invalid FLC packet detected. " -+ "line too long."); -+ return FALSE; -+ } -+ - /* literal word run */ - while (count--) { - *dest++ = *data++; -@@ -442,6 +502,8 @@ flx_decode_delta_flc (GstFlxDec * flxdec, guchar * data, guchar * dest) - } - lines--; - } -+ -+ return TRUE; - } - - static GstFlowReturn -@@ -571,9 +633,13 @@ gst_flxdec_chain (GstPad * pad, GstObject * parent, GstBuffer * buf) - out = gst_buffer_new_and_alloc (flxdec->size * 4); - - /* decode chunks */ -- flx_decode_chunks (flxdec, -- ((FlxFrameType *) chunk)->chunks, -- chunk + FlxFrameTypeSize, flxdec->frame_data); -+ if (!flx_decode_chunks (flxdec, -+ ((FlxFrameType *) chunk)->chunks, -+ chunk + FlxFrameTypeSize, flxdec->frame_data)) { -+ GST_ELEMENT_ERROR (flxdec, STREAM, DECODE, -+ ("%s", "Could not decode chunk"), NULL); -+ return GST_FLOW_ERROR; -+ } - - /* save copy of the current frame for possible delta. */ - memcpy (flxdec->delta_data, flxdec->frame_data, flxdec->size); --- -2.10.2 - diff --git a/gnu/packages/patches/httpd-CVE-2016-8740.patch b/gnu/packages/patches/httpd-CVE-2016-8740.patch new file mode 100644 index 0000000000..17ba323ccf --- /dev/null +++ b/gnu/packages/patches/httpd-CVE-2016-8740.patch @@ -0,0 +1,36 @@ +This patch applies against httpd-2.4.23 and shouldn't be needed in later releases +http://openwall.com/lists/oss-security/2016/12/05/17 +Index: modules/http2/h2_stream.c +=================================================================== +--- modules/http2/h2_stream.c (revision 1771866) ++++ modules/http2/h2_stream.c (working copy) +@@ -322,18 +322,18 @@ + HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE); + } + } +- } +- +- if (h2_stream_is_scheduled(stream)) { +- return h2_request_add_trailer(stream->request, stream->pool, +- name, nlen, value, vlen); +- } +- else { +- if (!input_open(stream)) { +- return APR_ECONNRESET; ++ ++ if (h2_stream_is_scheduled(stream)) { ++ return h2_request_add_trailer(stream->request, stream->pool, ++ name, nlen, value, vlen); + } +- return h2_request_add_header(stream->request, stream->pool, +- name, nlen, value, vlen); ++ else { ++ if (!input_open(stream)) { ++ return APR_ECONNRESET; ++ } ++ return h2_request_add_header(stream->request, stream->pool, ++ name, nlen, value, vlen); ++ } + } + } + diff --git a/gnu/packages/patches/icecat-CVE-2016-9064.patch b/gnu/packages/patches/icecat-CVE-2016-9064.patch deleted file mode 100644 index a5393815e0..0000000000 --- a/gnu/packages/patches/icecat-CVE-2016-9064.patch +++ /dev/null @@ -1,996 +0,0 @@ -Copied from -<https://hg.mozilla.org/releases/mozilla-esr45/raw-rev/00c2b7baaa0b> -but with one hunk omitted: the git binary patch for -toolkit/mozapps/extensions/test/addons/test_update_multi2/addon.xpi -which is not present in the IceCat sources. - -# HG changeset patch -# User Andrew Swan <aswan@mozilla.com> -# Date 1474063218 25200 -# Node ID 00c2b7baaa0b4bfb7d5f1aac31c094ea6b255e1f -# Parent 46b07bdbf8b20cf3fdc28104add57ff58a55832b -Bug 1303418 - Don't allow upgrades that change the addon ID. r=mossop, a=lizzard - -MozReview-Commit-ID: JHINo8ShmeI - -diff --git a/toolkit/mozapps/extensions/AddonManager.jsm b/toolkit/mozapps/extensions/AddonManager.jsm ---- a/toolkit/mozapps/extensions/AddonManager.jsm -+++ b/toolkit/mozapps/extensions/AddonManager.jsm -@@ -2956,16 +2956,18 @@ this.AddonManager = { - // The downloaded file seems to be corrupted in some way. - ERROR_CORRUPT_FILE: -3, - // An error occured trying to write to the filesystem. - ERROR_FILE_ACCESS: -4, - // The add-on must be signed and isn't. - ERROR_SIGNEDSTATE_REQUIRED: -5, - // The downloaded add-on had a different type than expected. - ERROR_UNEXPECTED_ADDON_TYPE: -6, -+ // The addon did not have the expected ID -+ ERROR_INCORRECT_ID: -7, - - // These must be kept in sync with AddonUpdateChecker. - // No error was encountered. - UPDATE_STATUS_NO_ERROR: 0, - // The update check timed out - UPDATE_STATUS_TIMEOUT: -1, - // There was an error while downloading the update information. - UPDATE_STATUS_DOWNLOAD_ERROR: -2, -diff --git a/toolkit/mozapps/extensions/internal/XPIProvider.jsm b/toolkit/mozapps/extensions/internal/XPIProvider.jsm ---- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm -+++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm -@@ -5473,16 +5473,37 @@ AddonInstall.prototype = { - // loadManifestFromZipReader performs the certificate verification for us - this.addon = yield loadManifestFromZipReader(zipreader, this.installLocation); - } - catch (e) { - zipreader.close(); - return Promise.reject([AddonManager.ERROR_CORRUPT_FILE, e]); - } - -+ if (this.existingAddon) { -+ // Check various conditions related to upgrades -+ if (this.addon.id != this.existingAddon.id) { -+ zipreader.close(); -+ return Promise.reject([AddonManager.ERROR_INCORRECT_ID, -+ `Refusing to upgrade addon ${this.existingAddon.id} to different ID ${this.addon.id}`]); -+ } -+ -+ if (this.addon.type == "multipackage") { -+ zipreader.close(); -+ return Promise.reject([AddonManager.ERROR_UNEXPECTED_ADDON_TYPE, -+ `Refusing to upgrade addon ${this.existingAddon.id} to a multi-package xpi`]); -+ } -+ -+ if (this.existingAddon.type == "webextension" && this.addon.type != "webextension") { -+ zipreader.close(); -+ return Promise.reject([AddonManager.ERROR_UNEXPECTED_ADDON_TYPE, -+ "Webextensions may not be updated to other extension types"]); -+ } -+ } -+ - if (mustSign(this.addon.type)) { - if (this.addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) { - // This add-on isn't properly signed by a signature that chains to the - // trusted root. - let state = this.addon.signedState; - this.addon = null; - zipreader.close(); - -@@ -5510,23 +5531,16 @@ AddonInstall.prototype = { - } else { - zipreader.close(); - return Promise.reject([AddonManager.ERROR_CORRUPT_FILE, - "XPI is incorrectly signed"]); - } - } - } - -- if (this.existingAddon && this.existingAddon.type == "webextension" && -- this.addon.type != "webextension") { -- zipreader.close(); -- return Promise.reject([AddonManager.ERROR_UNEXPECTED_ADDON_TYPE, -- "WebExtensions may not be upated to other extension types"]); -- } -- - if (this.addon.type == "multipackage") - return this._loadMultipackageManifests(zipreader); - - zipreader.close(); - - this.updateAddonURIs(); - - this.addon._install = this; -@@ -5791,16 +5805,17 @@ AddonInstall.prototype = { - else { - // TODO Should we send some event here (bug 557716)? - this.state = AddonManager.STATE_CHECKING; - new UpdateChecker(this.addon, { - onUpdateFinished: aAddon => this.downloadCompleted(), - }, AddonManager.UPDATE_WHEN_ADDON_INSTALLED); - } - }, ([error, message]) => { -+ this.removeTemporaryFile(); - this.downloadFailed(error, message); - }); - } - else { - if (aRequest instanceof Ci.nsIHttpChannel) - this.downloadFailed(AddonManager.ERROR_NETWORK_FAILURE, - aRequest.responseStatus + " " + - aRequest.responseStatusText); -diff --git a/toolkit/mozapps/extensions/test/addons/test_update_multi1/bootstrap.js b/toolkit/mozapps/extensions/test/addons/test_update_multi1/bootstrap.js -new file mode 100644 ---- /dev/null -+++ b/toolkit/mozapps/extensions/test/addons/test_update_multi1/bootstrap.js -@@ -0,0 +1,5 @@ -+ -+function install(data, reason) {} -+function startup(data, reason) {} -+function shutdown(data, reason) {} -+function uninstall(data, reason) {} -diff --git a/toolkit/mozapps/extensions/test/addons/test_update_multi1/install.rdf b/toolkit/mozapps/extensions/test/addons/test_update_multi1/install.rdf -new file mode 100644 ---- /dev/null -+++ b/toolkit/mozapps/extensions/test/addons/test_update_multi1/install.rdf -@@ -0,0 +1,16 @@ -+<?xml version="1.0"?> -+<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" -+ xmlns:em="http://www.mozilla.org/2004/em-rdf#"> -+<Description about="urn:mozilla:install-manifest"> -+ <em:id>updatemulti@tests.mozilla.org</em:id> -+ <em:version>1.0</em:version> -+ <em:updateURL>http://localhost:4444/data/test_update_multi.rdf</em:updateURL> -+ <em:bootstrap>true</em:bootstrap> -+ <em:name>Test Addon 1</em:name> -+<em:targetApplication><Description> -+ <em:id>xpcshell@tests.mozilla.org</em:id> -+ <em:minVersion>1</em:minVersion> -+ <em:maxVersion>1</em:maxVersion> -+</Description></em:targetApplication> -+</Description> -+</RDF> -diff --git a/toolkit/mozapps/extensions/test/addons/test_update_multi2/install.rdf b/toolkit/mozapps/extensions/test/addons/test_update_multi2/install.rdf -new file mode 100644 ---- /dev/null -+++ b/toolkit/mozapps/extensions/test/addons/test_update_multi2/install.rdf -@@ -0,0 +1,9 @@ -+<?xml version="1.0"?> -+<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" -+ xmlns:em="http://www.mozilla.org/2004/em-rdf#"> -+<Description about="urn:mozilla:install-manifest"> -+ <em:id>updatemulti@tests.mozilla.org</em:id> -+ <em:type>32</em:type> -+ <em:version>2.0</em:version> -+</Description> -+</RDF> -diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid1/bootstrap.js b/toolkit/mozapps/extensions/test/addons/test_updateid1/bootstrap.js -new file mode 100644 ---- /dev/null -+++ b/toolkit/mozapps/extensions/test/addons/test_updateid1/bootstrap.js -@@ -0,0 +1,5 @@ -+ -+function install(data, reason) {} -+function startup(data, reason) {} -+function shutdown(data, reason) {} -+function uninstall(data, reason) {} -diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid1/install.rdf b/toolkit/mozapps/extensions/test/addons/test_updateid1/install.rdf -new file mode 100644 ---- /dev/null -+++ b/toolkit/mozapps/extensions/test/addons/test_updateid1/install.rdf -@@ -0,0 +1,16 @@ -+<?xml version="1.0"?> -+<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" -+ xmlns:em="http://www.mozilla.org/2004/em-rdf#"> -+<Description about="urn:mozilla:install-manifest"> -+ <em:id>addon1@tests.mozilla.org</em:id> -+ <em:version>1.0</em:version> -+ <em:updateURL>http://localhost:4444/data/test_updateid.rdf</em:updateURL> -+ <em:bootstrap>true</em:bootstrap> -+ <em:name>Test Addon 1</em:name> -+<em:targetApplication><Description> -+ <em:id>xpcshell@tests.mozilla.org</em:id> -+ <em:minVersion>1</em:minVersion> -+ <em:maxVersion>1</em:maxVersion> -+</Description></em:targetApplication> -+</Description> -+</RDF> -diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid2/bootstrap.js b/toolkit/mozapps/extensions/test/addons/test_updateid2/bootstrap.js -new file mode 100644 ---- /dev/null -+++ b/toolkit/mozapps/extensions/test/addons/test_updateid2/bootstrap.js -@@ -0,0 +1,5 @@ -+ -+function install(data, reason) {} -+function startup(data, reason) {} -+function shutdown(data, reason) {} -+function uninstall(data, reason) {} -diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid2/install.rdf b/toolkit/mozapps/extensions/test/addons/test_updateid2/install.rdf -new file mode 100644 ---- /dev/null -+++ b/toolkit/mozapps/extensions/test/addons/test_updateid2/install.rdf -@@ -0,0 +1,16 @@ -+<?xml version="1.0"?> -+<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" -+ xmlns:em="http://www.mozilla.org/2004/em-rdf#"> -+<Description about="urn:mozilla:install-manifest"> -+ <em:id>addon1.changed@tests.mozilla.org</em:id> -+ <em:version>2.0</em:version> -+ <em:updateURL>http://localhost:4444/data/test_updateid.rdf</em:updateURL> -+ <em:bootstrap>true</em:bootstrap> -+ <em:name>Test Addon 1</em:name> -+<em:targetApplication><Description> -+ <em:id>xpcshell@tests.mozilla.org</em:id> -+ <em:minVersion>1</em:minVersion> -+ <em:maxVersion>1</em:maxVersion> -+</Description></em:targetApplication> -+</Description> -+</RDF> -diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid2_2/install.rdf b/toolkit/mozapps/extensions/test/addons/test_updateid2_2/install.rdf -deleted file mode 100644 ---- a/toolkit/mozapps/extensions/test/addons/test_updateid2_2/install.rdf -+++ /dev/null -@@ -1,24 +0,0 @@ --<?xml version="1.0"?> -- --<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" -- xmlns:em="http://www.mozilla.org/2004/em-rdf#"> -- -- <Description about="urn:mozilla:install-manifest"> -- <em:id>addon2@tests.mozilla.org</em:id> -- <em:version>2.0</em:version> -- <em:updateURL>http://localhost:4444/data/test_updateid.rdf</em:updateURL> -- -- <!-- Front End MetaData --> -- <em:name>Test 2</em:name> -- <em:description>Test Description</em:description> -- -- <em:targetApplication> -- <Description> -- <em:id>xpcshell@tests.mozilla.org</em:id> -- <em:minVersion>1</em:minVersion> -- <em:maxVersion>1</em:maxVersion> -- </Description> -- </em:targetApplication> -- -- </Description> --</RDF> -diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid2_5/install.rdf b/toolkit/mozapps/extensions/test/addons/test_updateid2_5/install.rdf -deleted file mode 100644 ---- a/toolkit/mozapps/extensions/test/addons/test_updateid2_5/install.rdf -+++ /dev/null -@@ -1,24 +0,0 @@ --<?xml version="1.0"?> -- --<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" -- xmlns:em="http://www.mozilla.org/2004/em-rdf#"> -- -- <Description about="urn:mozilla:install-manifest"> -- <em:id>addon2@tests.mozilla.org</em:id> -- <em:version>5.0</em:version> -- <em:updateURL>http://localhost:4444/data/test_updateid.rdf</em:updateURL> -- -- <!-- Front End MetaData --> -- <em:name>Test 2</em:name> -- <em:description>Test Description</em:description> -- -- <em:targetApplication> -- <Description> -- <em:id>xpcshell@tests.mozilla.org</em:id> -- <em:minVersion>1</em:minVersion> -- <em:maxVersion>1</em:maxVersion> -- </Description> -- </em:targetApplication> -- -- </Description> --</RDF> -diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid3_3/bootstrap.js b/toolkit/mozapps/extensions/test/addons/test_updateid3_3/bootstrap.js -deleted file mode 100644 ---- a/toolkit/mozapps/extensions/test/addons/test_updateid3_3/bootstrap.js -+++ /dev/null -@@ -1,21 +0,0 @@ --Components.utils.import("resource://gre/modules/Services.jsm"); -- --function install(data, reason) { -- Services.prefs.setIntPref("bootstraptest.installed_version", 3); -- Services.prefs.setIntPref("bootstraptest.install_reason", reason); --} -- --function startup(data, reason) { -- Services.prefs.setIntPref("bootstraptest.active_version", 3); -- Services.prefs.setIntPref("bootstraptest.startup_reason", reason); --} -- --function shutdown(data, reason) { -- Services.prefs.setIntPref("bootstraptest.active_version", 0); -- Services.prefs.setIntPref("bootstraptest.shutdown_reason", reason); --} -- --function uninstall(data, reason) { -- Services.prefs.setIntPref("bootstraptest.installed_version", 0); -- Services.prefs.setIntPref("bootstraptest.uninstall_reason", reason); --} -diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid3_3/install.rdf b/toolkit/mozapps/extensions/test/addons/test_updateid3_3/install.rdf -deleted file mode 100644 ---- a/toolkit/mozapps/extensions/test/addons/test_updateid3_3/install.rdf -+++ /dev/null -@@ -1,25 +0,0 @@ --<?xml version="1.0"?> -- --<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" -- xmlns:em="http://www.mozilla.org/2004/em-rdf#"> -- -- <Description about="urn:mozilla:install-manifest"> -- <em:id>addon3@tests.mozilla.org</em:id> -- <em:version>3.0</em:version> -- <em:updateURL>http://localhost:4444/data/test_updateid.rdf</em:updateURL> -- <em:bootstrap>true</em:bootstrap> -- -- <!-- Front End MetaData --> -- <em:name>Test 3</em:name> -- <em:description>Test Description</em:description> -- -- <em:targetApplication> -- <Description> -- <em:id>xpcshell@tests.mozilla.org</em:id> -- <em:minVersion>1</em:minVersion> -- <em:maxVersion>1</em:maxVersion> -- </Description> -- </em:targetApplication> -- -- </Description> --</RDF> -diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid4_4/bootstrap.js b/toolkit/mozapps/extensions/test/addons/test_updateid4_4/bootstrap.js -deleted file mode 100644 ---- a/toolkit/mozapps/extensions/test/addons/test_updateid4_4/bootstrap.js -+++ /dev/null -@@ -1,21 +0,0 @@ --Components.utils.import("resource://gre/modules/Services.jsm"); -- --function install(data, reason) { -- Services.prefs.setIntPref("bootstraptest.installed_version", 4); -- Services.prefs.setIntPref("bootstraptest.install_reason", reason); --} -- --function startup(data, reason) { -- Services.prefs.setIntPref("bootstraptest.active_version", 4); -- Services.prefs.setIntPref("bootstraptest.startup_reason", reason); --} -- --function shutdown(data, reason) { -- Services.prefs.setIntPref("bootstraptest.active_version", 0); -- Services.prefs.setIntPref("bootstraptest.shutdown_reason", reason); --} -- --function uninstall(data, reason) { -- Services.prefs.setIntPref("bootstraptest.installed_version", 0); -- Services.prefs.setIntPref("bootstraptest.uninstall_reason", reason); --} -diff --git a/toolkit/mozapps/extensions/test/addons/test_updateid4_4/install.rdf b/toolkit/mozapps/extensions/test/addons/test_updateid4_4/install.rdf -deleted file mode 100644 ---- a/toolkit/mozapps/extensions/test/addons/test_updateid4_4/install.rdf -+++ /dev/null -@@ -1,25 +0,0 @@ --<?xml version="1.0"?> -- --<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" -- xmlns:em="http://www.mozilla.org/2004/em-rdf#"> -- -- <Description about="urn:mozilla:install-manifest"> -- <em:id>addon4@tests.mozilla.org</em:id> -- <em:version>4.0</em:version> -- <em:updateURL>http://localhost:4444/data/test_updateid.rdf</em:updateURL> -- <em:bootstrap>true</em:bootstrap> -- -- <!-- Front End MetaData --> -- <em:name>Test 4</em:name> -- <em:description>Test Description</em:description> -- -- <em:targetApplication> -- <Description> -- <em:id>xpcshell@tests.mozilla.org</em:id> -- <em:minVersion>1</em:minVersion> -- <em:maxVersion>1</em:maxVersion> -- </Description> -- </em:targetApplication> -- -- </Description> --</RDF> -diff --git a/toolkit/mozapps/extensions/test/xpcshell/data/test_update_multi.rdf b/toolkit/mozapps/extensions/test/xpcshell/data/test_update_multi.rdf -new file mode 100644 ---- /dev/null -+++ b/toolkit/mozapps/extensions/test/xpcshell/data/test_update_multi.rdf -@@ -0,0 +1,26 @@ -+<?xml version="1.0" encoding="UTF-8"?> -+ -+<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" -+ xmlns:em="http://www.mozilla.org/2004/em-rdf#"> -+ -+ <Description about="urn:mozilla:extension:updatemulti@tests.mozilla.org"> -+ <em:updates> -+ <Seq> -+ <li> -+ <Description> -+ <em:version>2.0</em:version> -+ <em:targetApplication> -+ <Description> -+ <em:id>xpcshell@tests.mozilla.org</em:id> -+ <em:minVersion>1</em:minVersion> -+ <em:maxVersion>1</em:maxVersion> -+ <em:updateLink>http://localhost:4444/addons/test_update_multi2.xpi</em:updateLink> -+ </Description> -+ </em:targetApplication> -+ </Description> -+ </li> -+ </Seq> -+ </em:updates> -+ </Description> -+ -+</RDF> -diff --git a/toolkit/mozapps/extensions/test/xpcshell/data/test_updateid.rdf b/toolkit/mozapps/extensions/test/xpcshell/data/test_updateid.rdf ---- a/toolkit/mozapps/extensions/test/xpcshell/data/test_updateid.rdf -+++ b/toolkit/mozapps/extensions/test/xpcshell/data/test_updateid.rdf -@@ -9,77 +9,17 @@ - <li> - <Description> - <em:version>2.0</em:version> - <em:targetApplication> - <Description> - <em:id>xpcshell@tests.mozilla.org</em:id> - <em:minVersion>1</em:minVersion> - <em:maxVersion>1</em:maxVersion> -- <em:updateLink>http://localhost:4444/addons/test_updateid2_2.xpi</em:updateLink> -- </Description> -- </em:targetApplication> -- </Description> -- </li> -- </Seq> -- </em:updates> -- </Description> -- -- <Description about="urn:mozilla:extension:addon2@tests.mozilla.org"> -- <em:updates> -- <Seq> -- <li> -- <Description> -- <em:version>3.0</em:version> -- <em:targetApplication> -- <Description> -- <em:id>xpcshell@tests.mozilla.org</em:id> -- <em:minVersion>1</em:minVersion> -- <em:maxVersion>1</em:maxVersion> -- <em:updateLink>http://localhost:4444/addons/test_updateid3_3.xpi</em:updateLink> -- </Description> -- </em:targetApplication> -- </Description> -- </li> -- </Seq> -- </em:updates> -- </Description> -- -- <Description about="urn:mozilla:extension:addon3@tests.mozilla.org"> -- <em:updates> -- <Seq> -- <li> -- <Description> -- <em:version>4.0</em:version> -- <em:targetApplication> -- <Description> -- <em:id>xpcshell@tests.mozilla.org</em:id> -- <em:minVersion>1</em:minVersion> -- <em:maxVersion>1</em:maxVersion> -- <em:updateLink>http://localhost:4444/addons/test_updateid4_4.xpi</em:updateLink> -- </Description> -- </em:targetApplication> -- </Description> -- </li> -- </Seq> -- </em:updates> -- </Description> -- -- <Description about="urn:mozilla:extension:addon4@tests.mozilla.org"> -- <em:updates> -- <Seq> -- <li> -- <Description> -- <em:version>5.0</em:version> -- <em:targetApplication> -- <Description> -- <em:id>xpcshell@tests.mozilla.org</em:id> -- <em:minVersion>1</em:minVersion> -- <em:maxVersion>1</em:maxVersion> -- <em:updateLink>http://localhost:4444/addons/test_updateid2_5.xpi</em:updateLink> -+ <em:updateLink>http://localhost:4444/addons/test_updateid2.xpi</em:updateLink> - </Description> - </em:targetApplication> - </Description> - </li> - </Seq> - </em:updates> - </Description> - -diff --git a/toolkit/mozapps/extensions/test/xpcshell/test_updateid.js b/toolkit/mozapps/extensions/test/xpcshell/test_updateid.js ---- a/toolkit/mozapps/extensions/test/xpcshell/test_updateid.js -+++ b/toolkit/mozapps/extensions/test/xpcshell/test_updateid.js -@@ -2,421 +2,85 @@ - * http://creativecommons.org/publicdomain/zero/1.0/ - */ - - // This verifies that updating an add-on to a new ID works - - // The test extension uses an insecure update url. - Services.prefs.setBoolPref("extensions.checkUpdateSecurity", false); - --Components.utils.import("resource://testing-common/httpd.js"); --var testserver; - const profileDir = gProfD.clone(); - profileDir.append("extensions"); - --function resetPrefs() { -- Services.prefs.setIntPref("bootstraptest.active_version", -1); -- Services.prefs.setIntPref("bootstraptest.installed_version", -1); -- Services.prefs.setIntPref("bootstraptest.startup_reason", -1); -- Services.prefs.setIntPref("bootstraptest.shutdown_reason", -1); -- Services.prefs.setIntPref("bootstraptest.install_reason", -1); -- Services.prefs.setIntPref("bootstraptest.uninstall_reason", -1); --} -- --function getActiveVersion() { -- return Services.prefs.getIntPref("bootstraptest.active_version"); --} -- --function getInstalledVersion() { -- return Services.prefs.getIntPref("bootstraptest.installed_version"); --} -- --function run_test() { -- createAppInfo("xpcshell@tests.mozilla.org", "XPCShell", "1", "1.9.2"); -- -- // Create and configure the HTTP server. -- testserver = new HttpServer(); -- testserver.registerDirectory("/data/", do_get_file("data")); -- testserver.registerDirectory("/addons/", do_get_file("addons")); -- testserver.start(4444); -- -- do_test_pending(); -- run_test_1(); --} -- --function end_test() { -- testserver.stop(do_test_finished); --} -- --function installUpdate(aInstall, aCallback) { -- aInstall.addListener({ -- onInstallEnded: function(aInstall) { -- // give the startup time to run -- do_execute_soon(function() { -- aCallback(aInstall); -- }); -- } -- }); -- -- aInstall.install(); --} -- --// Verify that an update to an add-on with a new ID uninstalls the old add-on --function run_test_1() { -- writeInstallRDFForExtension({ -- id: "addon1@tests.mozilla.org", -- version: "1.0", -- updateURL: "http://localhost:4444/data/test_updateid.rdf", -- targetApplications: [{ -- id: "xpcshell@tests.mozilla.org", -- minVersion: "1", -- maxVersion: "1" -- }], -- name: "Test Addon 1", -- }, profileDir); -- -- startupManager(); -- -- AddonManager.getAddonByID("addon1@tests.mozilla.org", function(a1) { -- do_check_neq(a1, null); -- do_check_eq(a1.version, "1.0"); -+function promiseInstallUpdate(install) { -+ return new Promise((resolve, reject) => { -+ install.addListener({ -+ onDownloadFailed: () => { -+ let err = new Error("download error"); -+ err.code = install.error; -+ reject(err); -+ }, -+ onInstallFailed: () => { -+ let err = new Error("install error"); -+ err.code = install.error; -+ reject(err); -+ }, -+ onInstallEnded: resolve, -+ }); - -- a1.findUpdates({ -- onUpdateAvailable: function(addon, install) { -- do_check_eq(install.name, addon.name); -- do_check_eq(install.version, "2.0"); -- do_check_eq(install.state, AddonManager.STATE_AVAILABLE); -- do_check_eq(install.existingAddon, a1); -- -- installUpdate(install, check_test_1); -- } -- }, AddonManager.UPDATE_WHEN_USER_REQUESTED); -- }); --} -- --function check_test_1(install) { -- AddonManager.getAddonByID("addon1@tests.mozilla.org", callback_soon(function(a1) { -- // Existing add-on should have a pending upgrade -- do_check_neq(a1.pendingUpgrade, null); -- do_check_eq(a1.pendingUpgrade.id, "addon2@tests.mozilla.org"); -- do_check_eq(a1.pendingUpgrade.install.existingAddon, a1); -- do_check_neq(a1.syncGUID); -- -- let a1SyncGUID = a1.syncGUID; -- -- restartManager(); -- -- AddonManager.getAddonsByIDs(["addon1@tests.mozilla.org", -- "addon2@tests.mozilla.org"], function([a1, a2]) { -- // Should have uninstalled the old and installed the new -- do_check_eq(a1, null); -- do_check_neq(a2, null); -- do_check_neq(a2.syncGUID, null); -- -- // The Sync GUID should change when the ID changes -- do_check_neq(a1SyncGUID, a2.syncGUID); -- -- a2.uninstall(); -- -- do_execute_soon(run_test_2); -- }); -- })); --} -- --// Test that when the new add-on already exists we just upgrade that --function run_test_2() { -- restartManager(); -- shutdownManager(); -- -- writeInstallRDFForExtension({ -- id: "addon1@tests.mozilla.org", -- version: "1.0", -- updateURL: "http://localhost:4444/data/test_updateid.rdf", -- targetApplications: [{ -- id: "xpcshell@tests.mozilla.org", -- minVersion: "1", -- maxVersion: "1" -- }], -- name: "Test Addon 1", -- }, profileDir); -- writeInstallRDFForExtension({ -- id: "addon2@tests.mozilla.org", -- version: "1.0", -- targetApplications: [{ -- id: "xpcshell@tests.mozilla.org", -- minVersion: "1", -- maxVersion: "1" -- }], -- name: "Test Addon 2", -- }, profileDir); -- -- startupManager(); -- -- AddonManager.getAddonByID("addon1@tests.mozilla.org", function(a1) { -- do_check_neq(a1, null); -- do_check_eq(a1.version, "1.0"); -- -- a1.findUpdates({ -- onUpdateAvailable: function(addon, install) { -- installUpdate(install, check_test_2); -- } -- }, AddonManager.UPDATE_WHEN_USER_REQUESTED); -+ install.install(); - }); - } - --function check_test_2(install) { -- AddonManager.getAddonsByIDs(["addon1@tests.mozilla.org", -- "addon2@tests.mozilla.org"], -- callback_soon(function([a1, a2]) { -- do_check_eq(a1.pendingUpgrade, null); -- // Existing add-on should have a pending upgrade -- do_check_neq(a2.pendingUpgrade, null); -- do_check_eq(a2.pendingUpgrade.id, "addon2@tests.mozilla.org"); -- do_check_eq(a2.pendingUpgrade.install.existingAddon, a2); -- -- restartManager(); -- -- AddonManager.getAddonsByIDs(["addon1@tests.mozilla.org", -- "addon2@tests.mozilla.org"], function([a1, a2]) { -- // Should have uninstalled the old and installed the new -- do_check_neq(a1, null); -- do_check_neq(a2, null); -- -- a1.uninstall(); -- a2.uninstall(); -- -- do_execute_soon(run_test_3); -- }); -- })); --} -- --// Test that we rollback correctly when removing the old add-on fails --function run_test_3() { -- restartManager(); -- shutdownManager(); -- -- // This test only works on Windows -- if (!("nsIWindowsRegKey" in AM_Ci)) { -- run_test_4(); -- return; -- } -- -- writeInstallRDFForExtension({ -- id: "addon1@tests.mozilla.org", -- version: "1.0", -- updateURL: "http://localhost:4444/data/test_updateid.rdf", -- targetApplications: [{ -- id: "xpcshell@tests.mozilla.org", -- minVersion: "1", -- maxVersion: "1" -- }], -- name: "Test Addon 1", -- }, profileDir); -- -- startupManager(); -+// Create and configure the HTTP server. -+let testserver = createHttpServer(4444); -+testserver.registerDirectory("/data/", do_get_file("data")); -+testserver.registerDirectory("/addons/", do_get_file("addons")); - -- AddonManager.getAddonByID("addon1@tests.mozilla.org", function(a1) { -- do_check_neq(a1, null); -- do_check_eq(a1.version, "1.0"); -- -- a1.findUpdates({ -- onUpdateAvailable: function(addon, install) { -- installUpdate(install, check_test_3); -- } -- }, AddonManager.UPDATE_WHEN_USER_REQUESTED); -- }); --} -- --function check_test_3(install) { -- AddonManager.getAddonByID("addon1@tests.mozilla.org", callback_soon(function(a1) { -- // Existing add-on should have a pending upgrade -- do_check_neq(a1.pendingUpgrade, null); -- do_check_eq(a1.pendingUpgrade.id, "addon2@tests.mozilla.org"); -- do_check_eq(a1.pendingUpgrade.install.existingAddon, a1); -- -- // Lock the old add-on open so it can't be uninstalled -- var file = profileDir.clone(); -- file.append("addon1@tests.mozilla.org"); -- if (!file.exists()) -- file.leafName += ".xpi"; -- else -- file.append("install.rdf"); -- -- var fstream = AM_Cc["@mozilla.org/network/file-output-stream;1"]. -- createInstance(AM_Ci.nsIFileOutputStream); -- fstream.init(file, FileUtils.MODE_APPEND | FileUtils.MODE_WRONLY, FileUtils.PERMS_FILE, 0); -- -- restartManager(); -- -- fstream.close(); -- -- AddonManager.getAddonsByIDs(["addon1@tests.mozilla.org", -- "addon2@tests.mozilla.org"], -- callback_soon(function([a1, a2]) { -- // Should not have installed the new add-on but it should still be -- // pending install -- do_check_neq(a1, null); -- do_check_eq(a2, null); -- -- restartManager(); -- -- AddonManager.getAddonsByIDs(["addon1@tests.mozilla.org", -- "addon2@tests.mozilla.org"], function([a1, a2]) { -- // Should have installed the new add-on -- do_check_eq(a1, null); -- do_check_neq(a2, null); -- -- a2.uninstall(); -- -- do_execute_soon(run_test_4); -- }); -- })); -- })); -+function run_test() { -+ createAppInfo("xpcshell@tests.mozilla.org", "XPCShell", "1", "1.9.2"); -+ startupManager(); -+ run_next_test(); - } - --// Tests that upgrading to a bootstrapped add-on works but requires a restart --function run_test_4() { -- restartManager(); -- shutdownManager(); -- -- writeInstallRDFForExtension({ -- id: "addon2@tests.mozilla.org", -- version: "2.0", -- updateURL: "http://localhost:4444/data/test_updateid.rdf", -- targetApplications: [{ -- id: "xpcshell@tests.mozilla.org", -- minVersion: "1", -- maxVersion: "1" -- }], -- name: "Test Addon 2", -- }, profileDir); -- -- startupManager(); -- -- resetPrefs(); -- -- AddonManager.getAddonByID("addon2@tests.mozilla.org", function(a2) { -- do_check_neq(a2, null); -- do_check_neq(a2.syncGUID, null); -- do_check_eq(a2.version, "2.0"); -- -- a2.findUpdates({ -- onUpdateAvailable: function(addon, install) { -- installUpdate(install, check_test_4); -- } -- }, AddonManager.UPDATE_WHEN_USER_REQUESTED); -- }); --} -- --function check_test_4() { -- AddonManager.getAddonsByIDs(["addon2@tests.mozilla.org", -- "addon3@tests.mozilla.org"], -- callback_soon(function([a2, a3]) { -- // Should still be pending install even though the new add-on is restartless -- do_check_neq(a2, null); -- do_check_eq(a3, null); -- -- do_check_neq(a2.pendingUpgrade, null); -- do_check_eq(a2.pendingUpgrade.id, "addon3@tests.mozilla.org"); -- -- do_check_eq(getInstalledVersion(), -1); -- do_check_eq(getActiveVersion(), -1); -- -- restartManager(); -- -- AddonManager.getAddonsByIDs(["addon2@tests.mozilla.org", -- "addon3@tests.mozilla.org"], function([a2, a3]) { -- // Should have updated -- do_check_eq(a2, null); -- do_check_neq(a3, null); -- -- do_check_eq(getInstalledVersion(), 3); -- do_check_eq(getActiveVersion(), 3); -- -- do_execute_soon(run_test_5); -- }); -- })); --} -- --// Tests that upgrading to another bootstrapped add-on works without a restart --function run_test_5() { -- AddonManager.getAddonByID("addon3@tests.mozilla.org", function(a3) { -- do_check_neq(a3, null); -- do_check_eq(a3.version, "3.0"); -+// Verify that an update to an add-on with a new ID fails -+add_task(function* test_update_new_id() { -+ yield promiseInstallAllFiles([do_get_addon("test_updateid1")]); - -- a3.findUpdates({ -- onUpdateAvailable: function(addon, install) { -- installUpdate(install, check_test_5); -- } -- }, AddonManager.UPDATE_WHEN_USER_REQUESTED); -- }); --} -- --function check_test_5() { -- AddonManager.getAddonsByIDs(["addon3@tests.mozilla.org", -- "addon4@tests.mozilla.org"], -- callback_soon(function([a3, a4]) { -- // Should have updated -- do_check_eq(a3, null); -- do_check_neq(a4, null); -- -- do_check_eq(getInstalledVersion(), 4); -- do_check_eq(getActiveVersion(), 4); -- -- restartManager(); -- -- AddonManager.getAddonsByIDs(["addon3@tests.mozilla.org", -- "addon4@tests.mozilla.org"], function([a3, a4]) { -- // Should still be gone -- do_check_eq(a3, null); -- do_check_neq(a4, null); -- -- do_check_eq(getInstalledVersion(), 4); -- do_check_eq(getActiveVersion(), 4); -- -- run_test_6(); -- }); -- })); --} -+ let addon = yield promiseAddonByID("addon1@tests.mozilla.org"); -+ do_check_neq(addon, null); -+ do_check_eq(addon.version, "1.0"); - --// Tests that upgrading to a non-bootstrapped add-on works but requires a restart --function run_test_6() { -- AddonManager.getAddonByID("addon4@tests.mozilla.org", function(a4) { -- do_check_neq(a4, null); -- do_check_eq(a4.version, "4.0"); -- -- a4.findUpdates({ -- onUpdateAvailable: function(addon, install) { -- installUpdate(install, check_test_6); -- } -- }, AddonManager.UPDATE_WHEN_USER_REQUESTED); -- }); --} -+ let update = yield promiseFindAddonUpdates(addon, AddonManager.UPDATE_WHEN_USER_REQUESTED); -+ let install = update.updateAvailable; -+ do_check_eq(install.name, addon.name); -+ do_check_eq(install.version, "2.0"); -+ do_check_eq(install.state, AddonManager.STATE_AVAILABLE); -+ do_check_eq(install.existingAddon, addon); - --function check_test_6() { -- AddonManager.getAddonsByIDs(["addon4@tests.mozilla.org", -- "addon2@tests.mozilla.org"], -- callback_soon(function([a4, a2]) { -- // Should still be pending install even though the old add-on is restartless -- do_check_neq(a4, null); -- do_check_eq(a2, null); -- -- do_check_neq(a4.pendingUpgrade, null); -- do_check_eq(a4.pendingUpgrade.id, "addon2@tests.mozilla.org"); -- -- do_check_eq(getInstalledVersion(), 4); -- do_check_eq(getActiveVersion(), 4); -+ yield Assert.rejects(promiseInstallUpdate(install), -+ function(err) { return err.code == AddonManager.ERROR_INCORRECT_ID }, -+ "Upgrade to a different ID fails"); - -- restartManager(); -+ addon.uninstall(); -+}); - -- AddonManager.getAddonsByIDs(["addon4@tests.mozilla.org", -- "addon2@tests.mozilla.org"], function([a4, a2]) { -- // Should have updated -- do_check_eq(a4, null); -- do_check_neq(a2, null); -+// Verify that an update to a multi-package xpi fails -+add_task(function* test_update_new_id() { -+ yield promiseInstallAllFiles([do_get_addon("test_update_multi1")]); - -- do_check_eq(getInstalledVersion(), 0); -- do_check_eq(getActiveVersion(), 0); -+ let addon = yield promiseAddonByID("updatemulti@tests.mozilla.org"); -+ do_check_neq(addon, null); -+ do_check_eq(addon.version, "1.0"); - -- end_test(); -- }); -- })); --} -+ let update = yield promiseFindAddonUpdates(addon, AddonManager.UPDATE_WHEN_USER_REQUESTED); -+ let install = update.updateAvailable; -+ do_check_eq(install.name, addon.name); -+ do_check_eq(install.version, "2.0"); -+ do_check_eq(install.state, AddonManager.STATE_AVAILABLE); -+ do_check_eq(install.existingAddon, addon); -+ -+ yield Assert.rejects(promiseInstallUpdate(install), -+ function(err) { return err.code == AddonManager.ERROR_UNEXPECTED_ADDON_TYPE }, -+ "Upgrade to a multipackage xpi fails"); -+ -+ addon.uninstall(); -+}); - diff --git a/gnu/packages/patches/inkscape-drop-wait-for-targets.patch b/gnu/packages/patches/inkscape-drop-wait-for-targets.patch deleted file mode 100644 index 3dbe6641e2..0000000000 --- a/gnu/packages/patches/inkscape-drop-wait-for-targets.patch +++ /dev/null @@ -1,68 +0,0 @@ -Copied from Fedora. - -http://pkgs.fedoraproject.org/cgit/rpms/inkscape.git/plain/inkscape-0.91-drop-wait-for-targets.patch?id=eb5340800b563d6b05aa5f11a2f24f2cc0d8c80e - -=== modified file 'src/ui/clipboard.cpp' ---- src/ui/clipboard.cpp 2016-04-02 15:15:43 +0000 -+++ src/ui/clipboard.cpp 2016-04-07 16:30:32 +0000 -@@ -146,8 +146,6 @@ - void _setClipboardColor(guint32); - void _userWarn(SPDesktop *, char const *); - -- void _inkscape_wait_for_targets(std::list<Glib::ustring> &); -- - // private properites - SPDocument *_clipboardSPDoc; ///< Document that stores the clipboard until someone requests it - Inkscape::XML::Node *_defs; ///< Reference to the clipboard document's defs node -@@ -1302,9 +1300,7 @@ - */ - Glib::ustring ClipboardManagerImpl::_getBestTarget() - { -- // GTKmm's wait_for_targets() is broken, see the comment in _inkscape_wait_for_targets() -- std::list<Glib::ustring> targets; // = _clipboard->wait_for_targets(); -- _inkscape_wait_for_targets(targets); -+ std::list<Glib::ustring> targets = _clipboard->wait_for_targets(); - - // clipboard target debugging snippet - /* -@@ -1456,39 +1452,6 @@ - desktop->messageStack()->flash(Inkscape::WARNING_MESSAGE, msg); - } - -- --// GTKMM's clipboard::wait_for_targets is buggy and might return bogus, see --// --// https://bugs.launchpad.net/inkscape/+bug/296778 --// http://mail.gnome.org/archives/gtk-devel-list/2009-June/msg00062.html --// --// for details. Until this has been fixed upstream we will use our own implementation --// of this method, as copied from /gtkmm-2.16.0/gtk/gtkmm/clipboard.cc. --void ClipboardManagerImpl::_inkscape_wait_for_targets(std::list<Glib::ustring> &listTargets) --{ -- //Get a newly-allocated array of atoms: -- GdkAtom* targets = NULL; -- gint n_targets = 0; -- gboolean test = gtk_clipboard_wait_for_targets( gtk_clipboard_get(GDK_SELECTION_CLIPBOARD), &targets, &n_targets ); -- if (!test || (targets == NULL)) { -- return; -- } -- -- //Add the targets to the C++ container: -- for (int i = 0; i < n_targets; i++) -- { -- //Convert the atom to a string: -- gchar* const atom_name = gdk_atom_name(targets[i]); -- -- Glib::ustring target; -- if (atom_name) { -- target = Glib::ScopedPtr<char>(atom_name).get(); //This frees the gchar*. -- } -- -- listTargets.push_back(target); -- } --} -- - /* ####################################### - ClipboardManager class - ####################################### */ - diff --git a/gnu/packages/patches/kdbusaddons-kinit-file-name.patch b/gnu/packages/patches/kdbusaddons-kinit-file-name.patch new file mode 100644 index 0000000000..ffed88e043 --- /dev/null +++ b/gnu/packages/patches/kdbusaddons-kinit-file-name.patch @@ -0,0 +1,15 @@ +Add placeholder for kinit's store file name. + +diff --git a/src/kdeinitinterface.cpp b/src/kdeinitinterface.cpp +index 22fa5e5..3d40937 100644 +--- a/src/kdeinitinterface.cpp ++++ b/src/kdeinitinterface.cpp +@@ -52,7 +52,7 @@ void KDEInitInterface::ensureKdeinitRunning() + // If not found in system paths, search other paths + if (srv.isEmpty()) { + const QStringList searchPaths = QStringList() +- << QCoreApplication::applicationDirPath() // then look where our application binary is located ++ << QString::fromUtf8("@SUBSTITUTEME@/bin") // using QStringLiteral would be more efficient, but breaks guix store reference detection. + << QLibraryInfo::location(QLibraryInfo::BinariesPath); // look where exec path is (can be set in qt.conf) + srv = QStandardPaths::findExecutable(QStringLiteral("kdeinit5"), searchPaths); + if (srv.isEmpty()) { diff --git a/gnu/packages/patches/khal-disable-failing-tests.patch b/gnu/packages/patches/khal-disable-failing-tests.patch new file mode 100644 index 0000000000..e2c65df8ce --- /dev/null +++ b/gnu/packages/patches/khal-disable-failing-tests.patch @@ -0,0 +1,33 @@ +Disable some tests that are known to fail: + +https://github.com/pimutils/khal/issues/546 +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844081 + +diff --git a/tests/khalendar_test.py b/tests/khalendar_test.py +index fd8dcc6..17732bf 100644 +--- a/tests/khalendar_test.py ++++ b/tests/khalendar_test.py +@@ -65,6 +65,7 @@ class TestCalendar(object): + else: + mtimes[cal] = mtime + ++ @pytest.mark.xfail + def test_db_needs_update(self, coll_vdirs): + coll, vdirs = coll_vdirs + +@@ -321,6 +322,7 @@ class TestDbCreation(object): + CalendarCollection(calendars, dbpath=dbpath, locale=aux.locale) + + ++@pytest.mark.xfail + def test_default_calendar(coll_vdirs): + """test if an update to the vdir is detected by the CalendarCollection""" + coll, vdirs = coll_vdirs +@@ -341,6 +343,7 @@ def test_default_calendar(coll_vdirs): + assert len(list(coll.get_events_on(today))) == 0 + + ++@pytest.mark.xfail + def test_only_update_old_event(coll_vdirs, monkeypatch): + coll, vdirs = coll_vdirs + diff --git a/gnu/packages/patches/libepoxy-gl-null-checks.patch b/gnu/packages/patches/libepoxy-gl-null-checks.patch new file mode 100644 index 0000000000..bdc4b05989 --- /dev/null +++ b/gnu/packages/patches/libepoxy-gl-null-checks.patch @@ -0,0 +1,54 @@ +This patch from <https://bugzilla.redhat.com/show_bug.cgi?id=1395366> adds NULL +checks to avoid crashes when GL support is missing, as is the case when running +Xvfb. + +Upstream issue: <https://github.com/anholt/libepoxy/issues/72>. + +diff -ur libepoxy-1.3.1/src/dispatch_common.c libepoxy-1.3.1/src/dispatch_common.c +--- libepoxy-1.3.1/src/dispatch_common.c 2015-07-15 19:46:36.000000000 -0400 ++++ libepoxy-1.3.1/src/dispatch_common.c 2016-11-16 09:03:52.809066247 -0500 +@@ -348,6 +348,8 @@ + epoxy_extension_in_string(const char *extension_list, const char *ext) + { + const char *ptr = extension_list; ++ if (! ptr) return false; ++ if (! ext) return false; + int len = strlen(ext); + + /* Make sure that don't just find an extension with our name as a prefix. */ +@@ -380,6 +382,7 @@ + + for (i = 0; i < num_extensions; i++) { + const char *gl_ext = (const char *)glGetStringi(GL_EXTENSIONS, i); ++ if (! gl_ext) return false; + if (strcmp(ext, gl_ext) == 0) + return true; + } +diff -ur libepoxy-1.3.1/src/dispatch_egl.c libepoxy-1.3.1/src/dispatch_egl.c +--- libepoxy-1.3.1/src/dispatch_egl.c 2015-07-15 19:46:36.000000000 -0400 ++++ libepoxy-1.3.1/src/dispatch_egl.c 2016-11-16 08:40:34.069358709 -0500 +@@ -46,6 +46,7 @@ + int ret; + + version_string = eglQueryString(dpy, EGL_VERSION); ++ if (! version_string) return 0; + ret = sscanf(version_string, "%d.%d", &major, &minor); + assert(ret == 2); + return major * 10 + minor; +diff -ur libepoxy-1.3.1/src/dispatch_glx.c libepoxy-1.3.1/src/dispatch_glx.c +--- libepoxy-1.3.1/src/dispatch_glx.c 2015-07-15 19:46:36.000000000 -0400 ++++ libepoxy-1.3.1/src/dispatch_glx.c 2016-11-16 08:41:03.065730370 -0500 +@@ -57,11 +57,13 @@ + int ret; + + version_string = glXQueryServerString(dpy, screen, GLX_VERSION); ++ if (! version_string) return 0; + ret = sscanf(version_string, "%d.%d", &server_major, &server_minor); + assert(ret == 2); + server = server_major * 10 + server_minor; + + version_string = glXGetClientString(dpy, GLX_VERSION); ++ if (! version_string) return 0; + ret = sscanf(version_string, "%d.%d", &client_major, &client_minor); + assert(ret == 2); + client = client_major * 10 + client_minor; diff --git a/gnu/packages/patches/libpng-CVE-2016-10087.patch b/gnu/packages/patches/libpng-CVE-2016-10087.patch new file mode 100644 index 0000000000..8093b3e448 --- /dev/null +++ b/gnu/packages/patches/libpng-CVE-2016-10087.patch @@ -0,0 +1,37 @@ +Fix CVE-2016-10087, a null pointer dereference in png_set_text_2(): + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087 +http://seclists.org/oss-sec/2016/q4/777 + +Patch adapted from upstream source repository: + +https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb/ + +From 812768d7a9c973452222d454634496b25ed415eb Mon Sep 17 00:00:00 2001 +From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net> +Date: Thu, 29 Dec 2016 07:51:33 -0600 +Subject: [PATCH] [libpng16] Fixed a potential null pointer dereference in + png_set_text_2() + +(bug report and patch by Patrick Keshishian). +--- + ANNOUNCE | 2 ++ + CHANGES | 2 ++ + png.c | 1 + + 3 files changed, 5 insertions(+) + +diff --git a/png.c b/png.c +index 8afc28fc2..2e05de159 100644 +--- a/png.c ++++ b/png.c +@@ -477,6 +477,7 @@ png_free_data(png_const_structrp png_ptr, png_inforp info_ptr, png_uint_32 mask, + png_free(png_ptr, info_ptr->text); + info_ptr->text = NULL; + info_ptr->num_text = 0; ++ info_ptr->max_text = 0; + } + } + #endif +-- +2.11.0 + diff --git a/gnu/packages/patches/libupnp-CVE-2016-8863.patch b/gnu/packages/patches/libupnp-CVE-2016-8863.patch new file mode 100644 index 0000000000..9978b39487 --- /dev/null +++ b/gnu/packages/patches/libupnp-CVE-2016-8863.patch @@ -0,0 +1,72 @@ +Fix CVE-2016-8863: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8863 +https://sourceforge.net/p/pupnp/bugs/133/ + +Patch copied from upstream source repository: + +https://sourceforge.net/p/pupnp/code/ci/9c099c2923ab4d98530ab5204af1738be5bddba7/ + +From 9c099c2923ab4d98530ab5204af1738be5bddba7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= <ukleinek@debian.org> +Date: Thu, 8 Dec 2016 17:11:53 +0100 +Subject: [PATCH] Fix out-of-bound access in create_url_list() (CVE-2016-8863) + +If there is an invalid URL in URLS->buf after a valid one, uri_parse is +called with out pointing after the allocated memory. As uri_parse writes +to *out before returning an error the loop in create_url_list must be +stopped early to prevent an out-of-bound access + +Bug: https://sourceforge.net/p/pupnp/bugs/133/ +Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8863 +Bug-Debian: https://bugs.debian.org/842093 +Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=1388771 +(cherry picked from commit a0f6e719bc03c4d2fe6a4a42ef6b8761446f520b) +--- + upnp/src/gena/gena_device.c | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +diff --git a/upnp/src/gena/gena_device.c b/upnp/src/gena/gena_device.c +index fb04a29..245c56b 100644 +--- a/upnp/src/gena/gena_device.c ++++ b/upnp/src/gena/gena_device.c +@@ -1113,7 +1113,7 @@ static int create_url_list( + /*! [out] . */ + URL_list *out) + { +- size_t URLcount = 0; ++ size_t URLcount = 0, URLcount2 = 0; + size_t i; + int return_code = 0; + uri_type temp; +@@ -1155,16 +1155,23 @@ static int create_url_list( + } + memcpy( out->URLs, URLS->buff, URLS->size ); + out->URLs[URLS->size] = 0; +- URLcount = 0; + for( i = 0; i < URLS->size; i++ ) { + if( ( URLS->buff[i] == '<' ) && ( i + 1 < URLS->size ) ) { + if( ( ( return_code = + parse_uri( &out->URLs[i + 1], URLS->size - i + 1, +- &out->parsedURLs[URLcount] ) ) == ++ &out->parsedURLs[URLcount2] ) ) == + HTTP_SUCCESS ) +- && ( out->parsedURLs[URLcount].hostport.text.size != ++ && ( out->parsedURLs[URLcount2].hostport.text.size != + 0 ) ) { +- URLcount++; ++ URLcount2++; ++ if (URLcount2 >= URLcount) ++ /* ++ * break early here in case there is a bogus URL that ++ * was skipped above. This prevents to access ++ * out->parsedURLs[URLcount] which is beyond the ++ * allocation. ++ */ ++ break; + } else { + if( return_code == UPNP_E_OUTOF_MEMORY ) { + free( out->URLs ); +-- +2.11.0 + diff --git a/gnu/packages/patches/libxml2-CVE-2016-4658.patch b/gnu/packages/patches/libxml2-CVE-2016-4658.patch new file mode 100644 index 0000000000..a4e1f31fae --- /dev/null +++ b/gnu/packages/patches/libxml2-CVE-2016-4658.patch @@ -0,0 +1,257 @@ +Fix CVE-2016-4658: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658 + +Patch copied from upstream source repository: + +https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b + +From c1d1f7121194036608bf555f08d3062a36fd344b Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Tue, 28 Jun 2016 18:34:52 +0200 +Subject: [PATCH] Disallow namespace nodes in XPointer ranges + +Namespace nodes must be copied to avoid use-after-free errors. +But they don't necessarily have a physical representation in a +document, so simply disallow them in XPointer ranges. + +Found with afl-fuzz. + +Fixes CVE-2016-4658. +--- + xpointer.c | 149 +++++++++++++++++++++++-------------------------------------- + 1 file changed, 56 insertions(+), 93 deletions(-) + +diff --git a/xpointer.c b/xpointer.c +index a7b03fbd..694d120e 100644 +--- a/xpointer.c ++++ b/xpointer.c +@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) { + } + + /** ++ * xmlXPtrNewRangeInternal: ++ * @start: the starting node ++ * @startindex: the start index ++ * @end: the ending point ++ * @endindex: the ending index ++ * ++ * Internal function to create a new xmlXPathObjectPtr of type range ++ * ++ * Returns the newly created object. ++ */ ++static xmlXPathObjectPtr ++xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex, ++ xmlNodePtr end, int endindex) { ++ xmlXPathObjectPtr ret; ++ ++ /* ++ * Namespace nodes must be copied (see xmlXPathNodeSetDupNs). ++ * Disallow them for now. ++ */ ++ if ((start != NULL) && (start->type == XML_NAMESPACE_DECL)) ++ return(NULL); ++ if ((end != NULL) && (end->type == XML_NAMESPACE_DECL)) ++ return(NULL); ++ ++ ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); ++ if (ret == NULL) { ++ xmlXPtrErrMemory("allocating range"); ++ return(NULL); ++ } ++ memset(ret, 0, sizeof(xmlXPathObject)); ++ ret->type = XPATH_RANGE; ++ ret->user = start; ++ ret->index = startindex; ++ ret->user2 = end; ++ ret->index2 = endindex; ++ return(ret); ++} ++ ++/** + * xmlXPtrNewRange: + * @start: the starting node + * @startindex: the start index +@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex, + if (endindex < 0) + return(NULL); + +- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); +- if (ret == NULL) { +- xmlXPtrErrMemory("allocating range"); +- return(NULL); +- } +- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); +- ret->type = XPATH_RANGE; +- ret->user = start; +- ret->index = startindex; +- ret->user2 = end; +- ret->index2 = endindex; ++ ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex); + xmlXPtrRangeCheckOrder(ret); + return(ret); + } +@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) { + if (end->type != XPATH_POINT) + return(NULL); + +- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); +- if (ret == NULL) { +- xmlXPtrErrMemory("allocating range"); +- return(NULL); +- } +- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); +- ret->type = XPATH_RANGE; +- ret->user = start->user; +- ret->index = start->index; +- ret->user2 = end->user; +- ret->index2 = end->index; ++ ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user, ++ end->index); + xmlXPtrRangeCheckOrder(ret); + return(ret); + } +@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) { + if (start->type != XPATH_POINT) + return(NULL); + +- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); +- if (ret == NULL) { +- xmlXPtrErrMemory("allocating range"); +- return(NULL); +- } +- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); +- ret->type = XPATH_RANGE; +- ret->user = start->user; +- ret->index = start->index; +- ret->user2 = end; +- ret->index2 = -1; ++ ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1); + xmlXPtrRangeCheckOrder(ret); + return(ret); + } +@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) { + if (end->type != XPATH_POINT) + return(NULL); + +- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); +- if (ret == NULL) { +- xmlXPtrErrMemory("allocating range"); +- return(NULL); +- } +- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); +- ret->type = XPATH_RANGE; +- ret->user = start; +- ret->index = -1; +- ret->user2 = end->user; +- ret->index2 = end->index; ++ ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index); + xmlXPtrRangeCheckOrder(ret); + return(ret); + } +@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) { + if (end == NULL) + return(NULL); + +- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); +- if (ret == NULL) { +- xmlXPtrErrMemory("allocating range"); +- return(NULL); +- } +- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); +- ret->type = XPATH_RANGE; +- ret->user = start; +- ret->index = -1; +- ret->user2 = end; +- ret->index2 = -1; ++ ret = xmlXPtrNewRangeInternal(start, -1, end, -1); + xmlXPtrRangeCheckOrder(ret); + return(ret); + } +@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) { + if (start == NULL) + return(NULL); + +- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); +- if (ret == NULL) { +- xmlXPtrErrMemory("allocating range"); +- return(NULL); +- } +- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); +- ret->type = XPATH_RANGE; +- ret->user = start; +- ret->index = -1; +- ret->user2 = NULL; +- ret->index2 = -1; ++ ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1); + return(ret); + } + +@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) { + */ + xmlXPathObjectPtr + xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { ++ xmlNodePtr endNode; ++ int endIndex; + xmlXPathObjectPtr ret; + + if (start == NULL) +@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { + return(NULL); + switch (end->type) { + case XPATH_POINT: ++ endNode = end->user; ++ endIndex = end->index; ++ break; + case XPATH_RANGE: ++ endNode = end->user2; ++ endIndex = end->index2; + break; + case XPATH_NODESET: + /* +@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { + */ + if (end->nodesetval->nodeNr <= 0) + return(NULL); ++ endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1]; ++ endIndex = -1; + break; + default: + /* TODO */ + return(NULL); + } + +- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); +- if (ret == NULL) { +- xmlXPtrErrMemory("allocating range"); +- return(NULL); +- } +- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); +- ret->type = XPATH_RANGE; +- ret->user = start; +- ret->index = -1; +- switch (end->type) { +- case XPATH_POINT: +- ret->user2 = end->user; +- ret->index2 = end->index; +- break; +- case XPATH_RANGE: +- ret->user2 = end->user2; +- ret->index2 = end->index2; +- break; +- case XPATH_NODESET: { +- ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1]; +- ret->index2 = -1; +- break; +- } +- default: +- STRANGE +- return(NULL); +- } ++ ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex); + xmlXPtrRangeCheckOrder(ret); + return(ret); + } +-- +2.11.0 + diff --git a/gnu/packages/patches/libxml2-CVE-2016-5131.patch b/gnu/packages/patches/libxml2-CVE-2016-5131.patch new file mode 100644 index 0000000000..38938c8e3e --- /dev/null +++ b/gnu/packages/patches/libxml2-CVE-2016-5131.patch @@ -0,0 +1,218 @@ +Fix CVE-2016-5131: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131 + +Patches copied from upstream source repository (the test suite fails +without the 2nd patch): + +https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e +https://git.gnome.org/browse/libxml2/commit/?id=a005199330b86dada19d162cae15ef9bdcb6baa8 + +From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Tue, 28 Jun 2016 14:22:23 +0200 +Subject: [PATCH] Fix XPointer paths beginning with range-to + +The old code would invoke the broken xmlXPtrRangeToFunction. range-to +isn't really a function but a special kind of location step. Remove +this function and always handle range-to in the XPath code. + +The old xmlXPtrRangeToFunction could also be abused to trigger a +use-after-free error with the potential for remote code execution. + +Found with afl-fuzz. + +Fixes CVE-2016-5131. +--- + result/XPath/xptr/vidbase | 13 ++++++++ + test/XPath/xptr/vidbase | 1 + + xpath.c | 7 ++++- + xpointer.c | 76 ++++------------------------------------------- + 4 files changed, 26 insertions(+), 71 deletions(-) + +diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase +index 8b9e92d6..f19193e7 100644 +--- a/result/XPath/xptr/vidbase ++++ b/result/XPath/xptr/vidbase +@@ -17,3 +17,16 @@ Object is a Location Set: + To node + ELEMENT p + ++ ++======================== ++Expression: xpointer(range-to(id('chapter2'))) ++Object is a Location Set: ++1 : Object is a range : ++ From node ++ / ++ To node ++ ELEMENT chapter ++ ATTRIBUTE id ++ TEXT ++ content=chapter2 ++ +diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase +index b1463830..884b1065 100644 +--- a/test/XPath/xptr/vidbase ++++ b/test/XPath/xptr/vidbase +@@ -1,2 +1,3 @@ + xpointer(id('chapter1')/p) + xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2])) ++xpointer(range-to(id('chapter2'))) +diff --git a/xpath.c b/xpath.c +index d992841e..5a01b1b3 100644 +--- a/xpath.c ++++ b/xpath.c +@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) { + lc = 1; + break; + } else if ((NXT(len) == '(')) { +- /* Note Type or Function */ ++ /* Node Type or Function */ + if (xmlXPathIsNodeType(name)) { + #ifdef DEBUG_STEP + xmlGenericError(xmlGenericErrorContext, + "PathExpr: Type search\n"); + #endif + lc = 1; ++#ifdef LIBXML_XPTR_ENABLED ++ } else if (ctxt->xptr && ++ xmlStrEqual(name, BAD_CAST "range-to")) { ++ lc = 1; ++#endif + } else { + #ifdef DEBUG_STEP + xmlGenericError(xmlGenericErrorContext, +diff --git a/xpointer.c b/xpointer.c +index 676c5105..d74174a3 100644 +--- a/xpointer.c ++++ b/xpointer.c +@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) { + ret->here = here; + ret->origin = origin; + +- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to", +- xmlXPtrRangeToFunction); + xmlXPathRegisterFunc(ret, (xmlChar *)"range", + xmlXPtrRangeFunction); + xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside", +@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) { + * @nargs: the number of args + * + * Implement the range-to() XPointer function ++ * ++ * Obsolete. range-to is not a real function but a special type of location ++ * step which is handled in xpath.c. + */ + void +-xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) { +- xmlXPathObjectPtr range; +- const xmlChar *cur; +- xmlXPathObjectPtr res, obj; +- xmlXPathObjectPtr tmp; +- xmlLocationSetPtr newset = NULL; +- xmlNodeSetPtr oldset; +- int i; +- +- if (ctxt == NULL) return; +- CHECK_ARITY(1); +- /* +- * Save the expression pointer since we will have to evaluate +- * it multiple times. Initialize the new set. +- */ +- CHECK_TYPE(XPATH_NODESET); +- obj = valuePop(ctxt); +- oldset = obj->nodesetval; +- ctxt->context->node = NULL; +- +- cur = ctxt->cur; +- newset = xmlXPtrLocationSetCreate(NULL); +- +- for (i = 0; i < oldset->nodeNr; i++) { +- ctxt->cur = cur; +- +- /* +- * Run the evaluation with a node list made of a single item +- * in the nodeset. +- */ +- ctxt->context->node = oldset->nodeTab[i]; +- tmp = xmlXPathNewNodeSet(ctxt->context->node); +- valuePush(ctxt, tmp); +- +- xmlXPathEvalExpr(ctxt); +- CHECK_ERROR; +- +- /* +- * The result of the evaluation need to be tested to +- * decided whether the filter succeeded or not +- */ +- res = valuePop(ctxt); +- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res); +- if (range != NULL) { +- xmlXPtrLocationSetAdd(newset, range); +- } +- +- /* +- * Cleanup +- */ +- if (res != NULL) +- xmlXPathFreeObject(res); +- if (ctxt->value == tmp) { +- res = valuePop(ctxt); +- xmlXPathFreeObject(res); +- } +- +- ctxt->context->node = NULL; +- } +- +- /* +- * The result is used as the new evaluation set. +- */ +- xmlXPathFreeObject(obj); +- ctxt->context->node = NULL; +- ctxt->context->contextSize = -1; +- ctxt->context->proximityPosition = -1; +- valuePush(ctxt, xmlXPtrWrapLocationSet(newset)); ++xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, ++ int nargs ATTRIBUTE_UNUSED) { ++ XP_ERROR(XPATH_EXPR_ERROR); + } + + /** +-- +2.11.0 + +From a005199330b86dada19d162cae15ef9bdcb6baa8 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Tue, 28 Jun 2016 14:19:58 +0200 +Subject: [PATCH] Fix comparison with root node in xmlXPathCmpNodes + +This change has already been made in xmlXPathCmpNodesExt but not in +xmlXPathCmpNodes. +--- + xpath.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/xpath.c b/xpath.c +index 751665b8..d992841e 100644 +--- a/xpath.c ++++ b/xpath.c +@@ -3342,13 +3342,13 @@ xmlXPathCmpNodes(xmlNodePtr node1, xmlNodePtr node2) { + * compute depth to root + */ + for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) { +- if (cur == node1) ++ if (cur->parent == node1) + return(1); + depth2++; + } + root = cur; + for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) { +- if (cur == node2) ++ if (cur->parent == node2) + return(-1); + depth1++; + } +-- +2.11.0 + diff --git a/gnu/packages/patches/mcrypt-CVE-2012-4409.patch b/gnu/packages/patches/mcrypt-CVE-2012-4409.patch index 60cf8e0430..3089f962f7 100644 --- a/gnu/packages/patches/mcrypt-CVE-2012-4409.patch +++ b/gnu/packages/patches/mcrypt-CVE-2012-4409.patch @@ -3,30 +3,17 @@ From: Tom Callaway <spot@fedoraproject.org> Date: Fri, 7 Sep 2012 11:39:29 -0400 Subject: apply fix for CVE-2012-4409 (thanks to Raphael Geissert) ---- - mcrypt-CVE-2012-4409.patch | 12 ++++++++++++ - mcrypt.spec | 10 +++++++++- - 2 files changed, 21 insertions(+), 1 deletion(-) - create mode 100644 mcrypt-CVE-2012-4409.patch - -diff --git a/mcrypt-CVE-2012-4409.patch b/mcrypt-CVE-2012-4409.patch -new file mode 100644 -index 0000000..747f428 ---- /dev/null -+++ b/mcrypt-CVE-2012-4409.patch -@@ -0,0 +1,12 @@ -+diff -up mcrypt-2.6.8/src/extra.c.CVE-2012-4409 mcrypt-2.6.8/src/extra.c -+--- mcrypt-2.6.8/src/extra.c.CVE-2012-4409 2012-09-07 11:00:55.906870746 -0400 -++++ mcrypt-2.6.8/src/extra.c 2012-09-07 11:00:27.967858365 -0400 -+@@ -242,6 +242,8 @@ int check_file_head(FILE * fstream, char -+ if (m_getbit(0, sflag) != 0) { /* if the first bit is set */ -+ *salt_size = m_setbit(0, sflag, 0); -+ if (*salt_size > 0) { -++ if (*salt_size > sizeof(tmp_buf)) -++ err_quit(_("Salt is too long\n")); -+ fread(tmp_buf, 1, *salt_size, -+ fstream); -+ memmove(salt, tmp_buf, *salt_size); +--- mcrypt-2.6.8/src/extra.c.CVE-2012-4409 2012-09-07 11:00:55.906870746 -0400 ++++ mcrypt-2.6.8/src/extra.c 2012-09-07 11:00:27.967858365 -0400 +@@ -242,6 +242,8 @@ int check_file_head(FILE * fstream, char + if (m_getbit(0, sflag) != 0) { /* if the first bit is set */ + *salt_size = m_setbit(0, sflag, 0); + if (*salt_size > 0) { ++ if (*salt_size > sizeof(tmp_buf)) ++ err_quit(_("Salt is too long\n")); + fread(tmp_buf, 1, *salt_size, + fstream); + memmove(salt, tmp_buf, *salt_size); -- cgit v0.12 diff --git a/gnu/packages/patches/mcrypt-CVE-2012-4527.patch b/gnu/packages/patches/mcrypt-CVE-2012-4527.patch index d931dd174b..dfbf048583 100644 --- a/gnu/packages/patches/mcrypt-CVE-2012-4527.patch +++ b/gnu/packages/patches/mcrypt-CVE-2012-4527.patch @@ -3,109 +3,97 @@ From: Tom Callaway <spot@fedoraproject.org> Date: Tue, 30 Oct 2012 15:39:24 -0400 Subject: apply workaround to CVE-2012-4527 ---- - mcrypt-CVE-2012-4527-80-width-patch | 91 +++++++++++++++++++++++++++++++++++++ - mcrypt.spec | 10 +++- - 2 files changed, 100 insertions(+), 1 deletion(-) - create mode 100644 mcrypt-CVE-2012-4527-80-width-patch - -diff --git a/mcrypt-CVE-2012-4527-80-width-patch b/mcrypt-CVE-2012-4527-80-width-patch -new file mode 100644 -index 0000000..0eb94d8 ---- /dev/null -+++ b/mcrypt-CVE-2012-4527-80-width-patch -@@ -0,0 +1,91 @@ -+--- mcrypt-2.6.8.orig/src/mcrypt.c -++++ mcrypt-2.6.8/src/mcrypt.c -+@@ -41,6 +41,8 @@ -+ # include <time.h> -+ #endif -+ -++#define WIDTH 80 -++ -+ static char rcsid[] = -+ "$Id: mcrypt.c,v 1.2 2007/11/07 17:10:21 nmav Exp $"; -+ -+@@ -482,7 +484,7 @@ -+ #ifdef HAVE_STAT -+ if (stream_flag == FALSE) { -+ if (is_normal_file(file[i]) == FALSE) { -+- sprintf(tmperr, -++ snprintf(tmperr, WIDTH, -+ _ -+ ("%s: %s is not a regular file. Skipping...\n"), -+ program_name, file[i]); -+@@ -501,7 +503,7 @@ -+ dinfile = file[i]; -+ if ((isatty(fileno((FILE *) (stdin))) == 1) -+ && (stream_flag == TRUE) && (force == 0)) { /* not a tty */ -+- sprintf(tmperr, -++ snprintf(tmperr, WIDTH, -+ _ -+ ("%s: Encrypted data will not be read from a terminal.\n"), -+ program_name); -+@@ -520,7 +522,7 @@ -+ einfile = file[i]; -+ if ((isatty(fileno((FILE *) (stdout))) == 1) -+ && (stream_flag == TRUE) && (force == 0)) { /* not a tty */ -+- sprintf(tmperr, -++ snprintf(tmperr, WIDTH, -+ _ -+ ("%s: Encrypted data will not be written to a terminal.\n"), -+ program_name); -+@@ -544,7 +546,7 @@ -+ strcpy(outfile, einfile); -+ /* if file has already the .nc ignore it */ -+ if (strstr(outfile, ".nc") != NULL) { -+- sprintf(tmperr, -++ snprintf(tmperr, WIDTH, -+ _ -+ ("%s: file %s has the .nc suffix... skipping...\n"), -+ program_name, outfile); -+@@ -590,10 +592,10 @@ -+ -+ if (x == 0) { -+ if (stream_flag == FALSE) { -+- sprintf(tmperr, _("File %s was decrypted.\n"), dinfile); -++ snprintf(tmperr, WIDTH, _("File %s was decrypted.\n"), dinfile); -+ err_warn(tmperr); -+ } else { -+- sprintf(tmperr, _("Stdin was decrypted.\n")); -++ snprintf(tmperr, WIDTH, _("Stdin was decrypted.\n")); -+ err_warn(tmperr); -+ } -+ #ifdef HAVE_STAT -+@@ -610,7 +612,7 @@ -+ -+ } else { -+ if (stream_flag == FALSE) { -+- sprintf(tmperr, -++ snprintf(tmperr, WIDTH, -+ _ -+ ("File %s was NOT decrypted successfully.\n"), -+ dinfile); -+@@ -636,10 +638,10 @@ -+ -+ if (x == 0) { -+ if (stream_flag == FALSE) { -+- sprintf(tmperr, _("File %s was encrypted.\n"), einfile); -++ snprintf(tmperr, WIDTH, _("File %s was encrypted.\n"), einfile); -+ err_warn(tmperr); -+ } else { -+- sprintf(tmperr, _("Stdin was encrypted.\n")); -++ snprintf(tmperr, WIDTH, _("Stdin was encrypted.\n")); -+ err_warn(tmperr); -+ } -+ #ifdef HAVE_STAT -+@@ -655,7 +657,7 @@ -+ -+ } else { -+ if (stream_flag == FALSE) { -+- sprintf(tmperr, -++ snprintf(tmperr, WIDTH, -+ _ -+ ("File %s was NOT encrypted successfully.\n"), -+ einfile); --- -cgit v0.12 +--- mcrypt-2.6.8.orig/src/mcrypt.c ++++ mcrypt-2.6.8/src/mcrypt.c +@@ -41,6 +41,8 @@ + # include <time.h> + #endif + ++#define WIDTH 80 ++ + static char rcsid[] = + "$Id: mcrypt.c,v 1.2 2007/11/07 17:10:21 nmav Exp $"; + +@@ -482,7 +484,7 @@ + #ifdef HAVE_STAT + if (stream_flag == FALSE) { + if (is_normal_file(file[i]) == FALSE) { +- sprintf(tmperr, ++ snprintf(tmperr, WIDTH, + _ + ("%s: %s is not a regular file. Skipping...\n"), + program_name, file[i]); +@@ -501,7 +503,7 @@ + dinfile = file[i]; + if ((isatty(fileno((FILE *) (stdin))) == 1) + && (stream_flag == TRUE) && (force == 0)) { /* not a tty */ +- sprintf(tmperr, ++ snprintf(tmperr, WIDTH, + _ + ("%s: Encrypted data will not be read from a terminal.\n"), + program_name); +@@ -520,7 +522,7 @@ + einfile = file[i]; + if ((isatty(fileno((FILE *) (stdout))) == 1) + && (stream_flag == TRUE) && (force == 0)) { /* not a tty */ +- sprintf(tmperr, ++ snprintf(tmperr, WIDTH, + _ + ("%s: Encrypted data will not be written to a terminal.\n"), + program_name); +@@ -544,7 +546,7 @@ + strcpy(outfile, einfile); + /* if file has already the .nc ignore it */ + if (strstr(outfile, ".nc") != NULL) { +- sprintf(tmperr, ++ snprintf(tmperr, WIDTH, + _ + ("%s: file %s has the .nc suffix... skipping...\n"), + program_name, outfile); +@@ -590,10 +592,10 @@ + + if (x == 0) { + if (stream_flag == FALSE) { +- sprintf(tmperr, _("File %s was decrypted.\n"), dinfile); ++ snprintf(tmperr, WIDTH, _("File %s was decrypted.\n"), dinfile); + err_warn(tmperr); + } else { +- sprintf(tmperr, _("Stdin was decrypted.\n")); ++ snprintf(tmperr, WIDTH, _("Stdin was decrypted.\n")); + err_warn(tmperr); + } + #ifdef HAVE_STAT +@@ -610,7 +612,7 @@ + + } else { + if (stream_flag == FALSE) { +- sprintf(tmperr, ++ snprintf(tmperr, WIDTH, + _ + ("File %s was NOT decrypted successfully.\n"), + dinfile); +@@ -636,10 +638,10 @@ + + if (x == 0) { + if (stream_flag == FALSE) { +- sprintf(tmperr, _("File %s was encrypted.\n"), einfile); ++ snprintf(tmperr, WIDTH, _("File %s was encrypted.\n"), einfile); + err_warn(tmperr); + } else { +- sprintf(tmperr, _("Stdin was encrypted.\n")); ++ snprintf(tmperr, WIDTH, _("Stdin was encrypted.\n")); + err_warn(tmperr); + } + #ifdef HAVE_STAT +@@ -655,7 +657,7 @@ + + } else { + if (stream_flag == FALSE) { +- sprintf(tmperr, ++ snprintf(tmperr, WIDTH, + _ + ("File %s was NOT encrypted successfully.\n"), + einfile); +- +git v0.12 diff --git a/gnu/packages/patches/mingw-w64-5.0rc2-gcc-4.9.3.patch b/gnu/packages/patches/mingw-w64-5.0rc2-gcc-4.9.3.patch new file mode 100644 index 0000000000..e8f841c4fd --- /dev/null +++ b/gnu/packages/patches/mingw-w64-5.0rc2-gcc-4.9.3.patch @@ -0,0 +1,218 @@ +This patch includes + + * mingw-w64-headers/include/winnt.h: compile fixes for1 gcc-4.9.3 + * mingw-w64-headers/crt/math.h: Likewise + * mingw-w64-headers/crt/float.h (FLT_EPSILON,DBL_EPSILON,LDBL_EPSILON): Add + symbols. + * mingw-w64-headers/crt/stat.h (S_ISLNK,S_ISSOCK,S_ISUID,S_ISGID,S_ISLINK): + Add symbols. + (lstat): Add function. + * mingw-w64-headers/crt/_mingw_stat64.h: Likewise + * mingw-w64-headers/crt/stdlib.h (realpath): Add function. + +Needed for building with gcc-4.9.3 and using with cross-libtool-2.4.6. + +Upstream status: not yet presented upstream. + +index 9c5cf87..74a8541 100644 +--- a/mingw-w64-crt/misc/dirname.c ++++ b/mingw-w64-crt/misc/dirname.c +@@ -29,6 +29,12 @@ + #define __cdecl /* this may not be defined. */ + #endif + ++char *__cdecl ++realpath(const char *name, char *resolved) ++{ ++ return resolved ? strcpy (resolved, name) : strdup (name); ++} ++ + char * __cdecl + dirname(char *path) + { +diff --git a/mingw-w64-headers/crt/_mingw_stat64.h b/mingw-w64-headers/crt/_mingw_stat64.h +index 17e754c..7d2339b 100644 +--- a/mingw-w64-headers/crt/_mingw_stat64.h ++++ b/mingw-w64-headers/crt/_mingw_stat64.h +@@ -2,13 +2,17 @@ + + #ifdef _USE_32BIT_TIME_T + #define _fstat32 _fstat ++#define _lstat32 _lstat + #define _stat32 _stat + #define _wstat32 _wstat + #define _fstat32i64 _fstati64 ++#define _lstat32i64 _lstati64 + #define _stat32i64 _stati64 + #define _wstat32i64 _wstati64 + #else + #define _fstat _fstat64i32 ++#define _lstat _lstat64i32 ++#define _lstati64 _lstat64 + #define _fstati64 _fstat64 + #define _stat _stat64i32 + #define _stati64 _stat64 +diff --git a/mingw-w64-headers/crt/float.h b/mingw-w64-headers/crt/float.h +index 5874f4e..bdf4ead 100644 +--- a/mingw-w64-headers/crt/float.h ++++ b/mingw-w64-headers/crt/float.h +@@ -22,6 +22,15 @@ + #if (__GNUC__ < 4) + #error Corrupt install of gcc-s internal headers, or search order was changed. + #else ++ ++ /* From gcc-4.9.3 float.h. */ ++ #undef FLT_EPSILON ++ #undef DBL_EPSILON ++ #undef LDBL_EPSILON ++ #define FLT_EPSILON __FLT_EPSILON__ ++ #define DBL_EPSILON __DBL_EPSILON__ ++ #define LDBL_EPSILON __LDBL_EPSILON__ ++ + /* #include_next <float_ginclude.h> */ + + /* Number of decimal digits, q, such that any floating-point number with q +diff --git a/mingw-w64-headers/crt/math.h b/mingw-w64-headers/crt/math.h +index 1e970f4..99a332f 100644 +--- a/mingw-w64-headers/crt/math.h ++++ b/mingw-w64-headers/crt/math.h +@@ -216,6 +216,7 @@ extern "C" { + #endif + } + ++#if 0 + __CRT_INLINE long double __cdecl fabsl (long double x) + { + #ifdef __arm__ +@@ -226,6 +227,7 @@ extern "C" { + return res; + #endif + } ++#endif + + __CRT_INLINE double __cdecl fabs (double x) + { +@@ -905,7 +907,7 @@ __mingw_choose_expr ( \ + /* 7.12.7.3 */ + extern double __cdecl hypot (double, double) __MINGW_ATTRIB_DEPRECATED_MSVC2005; /* in libmoldname.a */ + extern float __cdecl hypotf (float x, float y); +-#ifndef __CRT__NO_INLINE ++#if 0 //ndef __CRT__NO_INLINE + __CRT_INLINE float __cdecl hypotf (float x, float y) { return (float) hypot ((double)x, (double)y);} + #endif + extern long double __cdecl hypotl (long double, long double); +diff --git a/mingw-w64-headers/crt/stdlib.h b/mingw-w64-headers/crt/stdlib.h +index dfc5ae4..6f0fee3 100644 +--- a/mingw-w64-headers/crt/stdlib.h ++++ b/mingw-w64-headers/crt/stdlib.h +@@ -8,6 +8,7 @@ + + #include <crtdefs.h> + #include <limits.h> ++#include <string.h> + + #if defined (__USE_MINGW_ANSI_STDIO) && ((__USE_MINGW_ANSI_STDIO + 0) != 0) && !defined (__USE_MINGW_STRTOX) + #define __USE_MINGW_STRTOX 1 +@@ -676,6 +677,8 @@ unsigned long __cdecl _lrotr(unsigned long,int); + + #endif /* !__NO_ISOCEXT */ + ++char *__cdecl realpath (const char *name, char *resolved); ++ + #ifdef __cplusplus + } + #endif +diff --git a/mingw-w64-headers/crt/sys/stat.h b/mingw-w64-headers/crt/sys/stat.h +index ed60219..d88b4f1 100644 +--- a/mingw-w64-headers/crt/sys/stat.h ++++ b/mingw-w64-headers/crt/sys/stat.h +@@ -58,16 +58,21 @@ extern "C" { + #include <_mingw_stat64.h> + + #define _S_IFMT 0xF000 ++#define _S_IFLNK 0xA000 ++#define _S_IFSOCK 0xC000 + #define _S_IFDIR 0x4000 + #define _S_IFCHR 0x2000 + #define _S_IFIFO 0x1000 + #define _S_IFREG 0x8000 ++#define _S_ISUID 0x0400 ++#define _S_ISGID 0x0200 + #define _S_IREAD 0x0100 + #define _S_IWRITE 0x0080 + #define _S_IEXEC 0x0040 + + _CRTIMP int __cdecl _fstat32(int _FileDes,struct _stat32 *_Stat); + _CRTIMP int __cdecl _stat32(const char *_Name,struct _stat32 *_Stat); ++ static inline int __cdecl _lstat32(const char *_Name,struct _stat32 *_Stat) {return _stat32(_Name, _Stat);} + _CRTIMP int __cdecl _fstat64(int _FileDes,struct _stat64 *_Stat); + _CRTIMP int __cdecl _fstat32i64(int _FileDes,struct _stat32i64 *_Stat); + int __cdecl _fstat64i32(int _FileDes,struct _stat64i32 *_Stat); +@@ -97,6 +102,9 @@ extern "C" { + _CRTIMP int __cdecl _stat64(const char *_Name,struct _stat64 *_Stat); + _CRTIMP int __cdecl _stat32i64(const char *_Name,struct _stat32i64 *_Stat); + int __cdecl _stat64i32(const char *_Name,struct _stat64i32 *_Stat); ++ static inline int __cdecl _lstat64(const char *_Name,struct _stat64 *_Stat) {return _stat64(_Name, _Stat);} ++ static inline int __cdecl _lstat32i64(const char *_Name,struct _stat32i64 *_Stat) {return _stat32i64(_Name, _Stat);} ++ static inline int __cdecl _lstat64i32(const char *_Name,struct _stat64i32 *_Stat) {return _stat64i32(_Name, _Stat);} + #ifndef __CRT__NO_INLINE + __CRT_INLINE int __cdecl _stat64i32(const char *_Name,struct _stat64i32 *_Stat) + { +@@ -132,6 +140,8 @@ extern "C" { + #ifndef NO_OLDNAMES + #define _S_IFBLK 0x3000 /* Block: Is this ever set under w32? */ + ++#define S_IFLNK _S_IFLNK ++#define S_IFSOCK _S_IFSOCK + #define S_IFMT _S_IFMT + #define S_IFDIR _S_IFDIR + #define S_IFCHR _S_IFCHR +@@ -162,6 +172,11 @@ extern "C" { + #define S_IXOTH (S_IXGRP >> 3) + #define S_IRWXO (S_IRWXG >> 3) + ++#define S_ISUID _S_ISUID ++#define S_ISGID _S_ISGID ++ ++#define S_ISLNK(m) (((m) & S_IFMT) == S_IFLNK) ++#define S_ISSOCK(m) (((m) & S_IFMT) == S_IFSOCK) + #define S_ISDIR(m) (((m) & S_IFMT) == S_IFDIR) + #define S_ISFIFO(m) (((m) & S_IFMT) == S_IFIFO) + #define S_ISCHR(m) (((m) & S_IFMT) == S_IFCHR) +@@ -174,6 +189,7 @@ extern "C" { + int __cdecl stat(const char *_Filename,struct stat *_Stat); + int __cdecl fstat(int _Desc,struct stat *_Stat); + int __cdecl wstat(const wchar_t *_Filename,struct stat *_Stat); ++static inline int __cdecl lstat(const char *_Filename,struct stat *_Stat){return stat(_Filename, _Stat);} + + #ifndef __CRT__NO_INLINE + #ifdef _USE_32BIT_TIME_T +@@ -262,9 +278,11 @@ __CRT_INLINE int __cdecl + + #if defined(_FILE_OFFSET_BITS) && (_FILE_OFFSET_BITS == 64) + #ifdef _USE_32BIT_TIME_T ++#define lstat _lstat32i64 + #define stat _stat32i64 + #define fstat _fstat32i64 + #else ++#define lstat _lstat64 + #define stat _stat64 + #define fstat _fstat64 + #endif +diff --git a/mingw-w64-headers/include/winnt.h b/mingw-w64-headers/include/winnt.h +index 52af29b..8626396 100644 +--- a/mingw-w64-headers/include/winnt.h ++++ b/mingw-w64-headers/include/winnt.h +@@ -6895,7 +6895,12 @@ __buildmemorybarrier() + DWORD Reg : 3; + DWORD R : 1; + DWORD L : 1; ++/* C is used as a const specifier */ ++#define save_C C ++#undef C + DWORD C : 1; ++#define C save_C ++#undef save_C + DWORD StackAdjust : 10; + } DUMMYSTRUCTNAME; + } DUMMYUNIONNAME; diff --git a/gnu/packages/patches/multiqc-fix-git-subprocess-error.patch b/gnu/packages/patches/multiqc-fix-git-subprocess-error.patch new file mode 100644 index 0000000000..87be6142f4 --- /dev/null +++ b/gnu/packages/patches/multiqc-fix-git-subprocess-error.patch @@ -0,0 +1,16 @@ +Without this patch, the incorrect exception is caught when 'git' is not in +PATH. See https://github.com/ewels/MultiQC/pull/377. + +diff --git a/multiqc/utils/config.py b/multiqc/utils/config.py +index 01fa554..4a11793 100755 +--- a/multiqc/utils/config.py ++++ b/multiqc/utils/config.py +@@ -28,7 +28,7 @@ try: + git_hash = subprocess.check_output(['git', 'rev-parse', 'HEAD'], stderr=subprocess.STDOUT) + git_hash_short = git_hash[:7] + version = '{} ({})'.format(version, git_hash_short) +-except subprocess.CalledProcessError: ++except (subprocess.CalledProcessError, FileNotFoundError): + pass + os.chdir(cwd) + diff --git a/gnu/packages/patches/mupdf-CVE-2016-6265.patch b/gnu/packages/patches/mupdf-CVE-2016-6265.patch deleted file mode 100644 index 58f5c3726c..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-6265.patch +++ /dev/null @@ -1,30 +0,0 @@ -Fix CVE-2016-6265 (use after free in pdf_load_xref()). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6265 -https://security-tracker.debian.org/tracker/CVE-2016-6265 - -Patch copied from upstream source repository: - -http://git.ghostscript.com/?p=mupdf.git;h=fa1936405b6a84e5c9bb440912c23d532772f958 - -diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c -index 576c315..3222599 100644 ---- a/source/pdf/pdf-xref.c -+++ b/source/pdf/pdf-xref.c -@@ -1184,8 +1184,14 @@ pdf_load_xref(fz_context *ctx, pdf_document *doc, pdf_lexbuf *buf) - fz_throw(ctx, FZ_ERROR_GENERIC, "object offset out of range: %d (%d 0 R)", (int)entry->ofs, i); - } - if (entry->type == 'o') -- if (entry->ofs <= 0 || entry->ofs >= xref_len || pdf_get_xref_entry(ctx, doc, entry->ofs)->type != 'n') -- fz_throw(ctx, FZ_ERROR_GENERIC, "invalid reference to an objstm that does not exist: %d (%d 0 R)", (int)entry->ofs, i); -+ { -+ /* Read this into a local variable here, because pdf_get_xref_entry -+ * may solidify the xref, hence invalidating "entry", meaning we -+ * need a stashed value for the throw. */ -+ fz_off_t ofs = entry->ofs; -+ if (ofs <= 0 || ofs >= xref_len || pdf_get_xref_entry(ctx, doc, ofs)->type != 'n') -+ fz_throw(ctx, FZ_ERROR_GENERIC, "invalid reference to an objstm that does not exist: %d (%d 0 R)", (int)ofs, i); -+ } - } - } - diff --git a/gnu/packages/patches/mupdf-CVE-2016-6525.patch b/gnu/packages/patches/mupdf-CVE-2016-6525.patch deleted file mode 100644 index 370af5ade6..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-6525.patch +++ /dev/null @@ -1,21 +0,0 @@ -Fix CVE-2016-6525 (heap overflow in pdf_load_mesh_params()). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6525 -https://security-tracker.debian.org/tracker/CVE-2016-6525 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e - -diff --git a/source/pdf/pdf-shade.c b/source/pdf/pdf-shade.c -index 7815b3c..6e25efa 100644 ---- a/source/pdf/pdf-shade.c -+++ b/source/pdf/pdf-shade.c -@@ -206,7 +206,7 @@ pdf_load_mesh_params(fz_context *ctx, pdf_document *doc, fz_shade *shade, pdf_ob - obj = pdf_dict_get(ctx, dict, PDF_NAME_Decode); - if (pdf_array_len(ctx, obj) >= 6) - { -- n = (pdf_array_len(ctx, obj) - 4) / 2; -+ n = fz_mini(FZ_MAX_COLORS, (pdf_array_len(ctx, obj) - 4) / 2); - shade->u.m.x0 = pdf_to_real(ctx, pdf_array_get(ctx, obj, 0)); - shade->u.m.x1 = pdf_to_real(ctx, pdf_array_get(ctx, obj, 1)); - shade->u.m.y0 = pdf_to_real(ctx, pdf_array_get(ctx, obj, 2)); diff --git a/gnu/packages/patches/mupdf-CVE-2016-7504.patch b/gnu/packages/patches/mupdf-CVE-2016-7504.patch deleted file mode 100644 index 4bbb4411c0..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-7504.patch +++ /dev/null @@ -1,99 +0,0 @@ -Fix CVE-2016-7504: -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7504 -http://bugs.ghostscript.com/show_bug.cgi?id=697142 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=5c337af4b3df80cf967e4f9f6a21522de84b392a - -From 5c337af4b3df80cf967e4f9f6a21522de84b392a Mon Sep 17 00:00:00 2001 -From: Tor Andersson <tor.andersson@artifex.com> -Date: Wed, 21 Sep 2016 16:01:08 +0200 -Subject: [PATCH] Fix bug 697142: Stale string pointer stored in regexp object. - -Make sure to make a copy of the source pattern string. -A case we missed when adding short and memory strings to the runtime. -The code assumed all strings passed to it were either literal or interned. ---- - jsgc.c | 4 +++- - jsi.h | 1 + - jsregexp.c | 2 +- - jsrun.c | 8 ++++++++ - jsvalue.h | 2 +- - 5 files changed, 14 insertions(+), 3 deletions(-) - -diff --git a/jsgc.c b/jsgc.c -index 9bd6482..4f7e7dc 100644 ---- a/thirdparty/mujs/jsgc.c -+++ b/thirdparty/mujs/jsgc.c -@@ -44,8 +44,10 @@ static void jsG_freeobject(js_State *J, js_Object *obj) - { - if (obj->head) - jsG_freeproperty(J, obj->head); -- if (obj->type == JS_CREGEXP) -+ if (obj->type == JS_CREGEXP) { -+ js_free(J, obj->u.r.source); - js_regfree(obj->u.r.prog); -+ } - if (obj->type == JS_CITERATOR) - jsG_freeiterator(J, obj->u.iter.head); - if (obj->type == JS_CUSERDATA && obj->u.user.finalize) -diff --git a/jsi.h b/jsi.h -index 7d9f7c7..e855045 100644 ---- a/thirdparty/mujs/jsi.h -+++ b/thirdparty/mujs/jsi.h -@@ -79,6 +79,7 @@ typedef unsigned short js_Instruction; - - /* String interning */ - -+char *js_strdup(js_State *J, const char *s); - const char *js_intern(js_State *J, const char *s); - void jsS_dumpstrings(js_State *J); - void jsS_freestrings(js_State *J); -diff --git a/jsregexp.c b/jsregexp.c -index 2a056b7..a2d5156 100644 ---- a/thirdparty/mujs/jsregexp.c -+++ b/thirdparty/mujs/jsregexp.c -@@ -21,7 +21,7 @@ void js_newregexp(js_State *J, const char *pattern, int flags) - js_syntaxerror(J, "regular expression: %s", error); - - obj->u.r.prog = prog; -- obj->u.r.source = pattern; -+ obj->u.r.source = js_strdup(J, pattern); - obj->u.r.flags = flags; - obj->u.r.last = 0; - js_pushobject(J, obj); -diff --git a/jsrun.c b/jsrun.c -index 2648c4c..ee80845 100644 ---- a/thirdparty/mujs/jsrun.c -+++ b/thirdparty/mujs/jsrun.c -@@ -45,6 +45,14 @@ void *js_realloc(js_State *J, void *ptr, int size) - return ptr; - } - -+char *js_strdup(js_State *J, const char *s) -+{ -+ int n = strlen(s) + 1; -+ char *p = js_malloc(J, n); -+ memcpy(p, s, n); -+ return p; -+} -+ - void js_free(js_State *J, void *ptr) - { - J->alloc(J->actx, ptr, 0); -diff --git a/jsvalue.h b/jsvalue.h -index 6cfbd89..8fb5016 100644 ---- a/thirdparty/mujs/jsvalue.h -+++ b/thirdparty/mujs/jsvalue.h -@@ -71,7 +71,7 @@ struct js_String - struct js_Regexp - { - void *prog; -- const char *source; -+ char *source; - unsigned short flags; - unsigned short last; - }; --- -2.10.2 - diff --git a/gnu/packages/patches/mupdf-CVE-2016-7505.patch b/gnu/packages/patches/mupdf-CVE-2016-7505.patch deleted file mode 100644 index 15e4f374d6..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-7505.patch +++ /dev/null @@ -1,32 +0,0 @@ -Fix CVE-2016-7505: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7505 -http://bugs.ghostscript.com/show_bug.cgi?id=697140 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=8c805b4eb19cf2af689c860b77e6111d2ee439d5 - -From 8c805b4eb19cf2af689c860b77e6111d2ee439d5 Mon Sep 17 00:00:00 2001 -From: Tor Andersson <tor.andersson@artifex.com> -Date: Wed, 21 Sep 2016 15:21:04 +0200 -Subject: [PATCH] Fix bug 697140: Overflow check in ascii division in strtod. - ---- - jsdtoa.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/jsdtoa.c b/jsdtoa.c -index 2e52368..920c1a7 100644 ---- a/thirdparty/mujs/jsdtoa.c -+++ b/thirdparty/mujs/jsdtoa.c -@@ -735,6 +735,7 @@ xx: - n -= c<<b; - *p++ = c + '0'; - (*na)++; -+ if (*na >= Ndig) break; /* abort if overflowing */ - } - *p = 0; - } --- -2.10.2 - diff --git a/gnu/packages/patches/mupdf-CVE-2016-7506.patch b/gnu/packages/patches/mupdf-CVE-2016-7506.patch deleted file mode 100644 index 733249acaa..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-7506.patch +++ /dev/null @@ -1,42 +0,0 @@ -Fix CVE-2016-7506: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7506 -http://bugs.ghostscript.com/show_bug.cgi?id=697141 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=5000749f5afe3b956fc916e407309de840997f4a - -From 5000749f5afe3b956fc916e407309de840997f4a Mon Sep 17 00:00:00 2001 -From: Tor Andersson <tor.andersson@artifex.com> -Date: Wed, 21 Sep 2016 16:02:11 +0200 -Subject: [PATCH] Fix bug 697141: buffer overrun in regexp string substitution. - -A '$' escape at the end of the string would read past the zero terminator -when looking for the escaped character. ---- - jsstring.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/jsstring.c b/jsstring.c -index 66f6a89..0209a8e 100644 ---- a/thirdparty/mujs/jsstring.c -+++ b/thirdparty/mujs/jsstring.c -@@ -421,6 +421,7 @@ loop: - while (*r) { - if (*r == '$') { - switch (*(++r)) { -+ case 0: --r; /* end of string; back up and fall through */ - case '$': js_putc(J, &sb, '$'); break; - case '`': js_putm(J, &sb, source, s); break; - case '\'': js_puts(J, &sb, s + n); break; -@@ -516,6 +517,7 @@ static void Sp_replace_string(js_State *J) - while (*r) { - if (*r == '$') { - switch (*(++r)) { -+ case 0: --r; /* end of string; back up and fall through */ - case '$': js_putc(J, &sb, '$'); break; - case '&': js_putm(J, &sb, s, s + n); break; - case '`': js_putm(J, &sb, source, s); break; --- -2.10.2 - diff --git a/gnu/packages/patches/mupdf-CVE-2016-7563.patch b/gnu/packages/patches/mupdf-CVE-2016-7563.patch deleted file mode 100644 index 288c9ab2df..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-7563.patch +++ /dev/null @@ -1,37 +0,0 @@ -Fix CVE-2016-7563: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7563 -http://bugs.ghostscript.com/show_bug.cgi?id=697136 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=f8234d830e17fc5e8fe09eb76d86dad3f6233c59 - -From f8234d830e17fc5e8fe09eb76d86dad3f6233c59 Mon Sep 17 00:00:00 2001 -From: Tor Andersson <tor.andersson@artifex.com> -Date: Tue, 20 Sep 2016 17:11:32 +0200 -Subject: [PATCH] Fix bug 697136. - -We were unconditionally reading the next character if we encountered -a '*' in a multi-line comment; possibly reading past the end of -the input. ---- - jslex.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/jslex.c b/jslex.c -index 7b80800..cbd0eeb 100644 ---- a/thirdparty/mujs/jslex.c -+++ b/thirdparty/mujs/jslex.c -@@ -225,7 +225,8 @@ static int lexcomment(js_State *J) - if (jsY_accept(J, '/')) - return 0; - } -- jsY_next(J); -+ else -+ jsY_next(J); - } - return -1; - } --- -2.10.2 - diff --git a/gnu/packages/patches/mupdf-CVE-2016-7564.patch b/gnu/packages/patches/mupdf-CVE-2016-7564.patch deleted file mode 100644 index c2ce33d1df..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-7564.patch +++ /dev/null @@ -1,34 +0,0 @@ -Fix CVE-2016-7564: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7564 -http://bugs.ghostscript.com/show_bug.cgi?id=697137 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=a3a4fe840b80706c706e86160352af5936f292d8 - -From a3a4fe840b80706c706e86160352af5936f292d8 Mon Sep 17 00:00:00 2001 -From: Tor Andersson <tor.andersson@artifex.com> -Date: Tue, 20 Sep 2016 17:19:06 +0200 -Subject: [PATCH] Fix bug 697137: off by one in string length calculation. - -We were not allocating space for the terminating zero byte. ---- - jsfunction.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/jsfunction.c b/jsfunction.c -index 8b5b18e..28f7aa7 100644 ---- a/thirdparty/mujs/jsfunction.c -+++ b/thirdparty/mujs/jsfunction.c -@@ -61,7 +61,7 @@ static void Fp_toString(js_State *J) - n += strlen(F->name); - for (i = 0; i < F->numparams; ++i) - n += strlen(F->vartab[i]) + 1; -- s = js_malloc(J, n); -+ s = js_malloc(J, n + 1); - strcpy(s, "function "); - strcat(s, F->name); - strcat(s, "("); --- -2.10.2 - diff --git a/gnu/packages/patches/mupdf-CVE-2016-8674.patch b/gnu/packages/patches/mupdf-CVE-2016-8674.patch deleted file mode 100644 index 2a35619761..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-8674.patch +++ /dev/null @@ -1,165 +0,0 @@ -Fix CVE-2016-8674 (use-after-free in pdf_to_num()). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8674 -https://security-tracker.debian.org/tracker/CVE-2016-8674 - -Patch adapted from upstream source repository: -http://git.ghostscript.com/?p=mupdf.git;h=1e03c06456d997435019fb3526fa2d4be7dbc6ec - -diff --git a/include/mupdf/pdf/document.h b/include/mupdf/pdf/document.h -index f8ef0cd..e8345b7 100644 ---- a/include/mupdf/pdf/document.h -+++ b/include/mupdf/pdf/document.h -@@ -258,6 +258,10 @@ struct pdf_document_s - fz_font **type3_fonts; - - pdf_resource_tables *resources; -+ -+ int orphans_max; -+ int orphans_count; -+ pdf_obj **orphans; - }; - - /* -diff --git a/include/mupdf/pdf/object.h b/include/mupdf/pdf/object.h -index 346a2f1..02d4119 100644 ---- a/include/mupdf/pdf/object.h -+++ b/include/mupdf/pdf/object.h -@@ -109,6 +109,7 @@ pdf_obj *pdf_dict_gets(fz_context *ctx, pdf_obj *dict, const char *key); - pdf_obj *pdf_dict_getsa(fz_context *ctx, pdf_obj *dict, const char *key, const char *abbrev); - void pdf_dict_put(fz_context *ctx, pdf_obj *dict, pdf_obj *key, pdf_obj *val); - void pdf_dict_put_drop(fz_context *ctx, pdf_obj *dict, pdf_obj *key, pdf_obj *val); -+void pdf_dict_get_put_drop(fz_context *ctx, pdf_obj *dict, pdf_obj *key, pdf_obj *val, pdf_obj **old_val); - void pdf_dict_puts(fz_context *ctx, pdf_obj *dict, const char *key, pdf_obj *val); - void pdf_dict_puts_drop(fz_context *ctx, pdf_obj *dict, const char *key, pdf_obj *val); - void pdf_dict_putp(fz_context *ctx, pdf_obj *dict, const char *path, pdf_obj *val); -diff --git a/source/pdf/pdf-object.c b/source/pdf/pdf-object.c -index f2e4551..a0d0d8e 100644 ---- a/source/pdf/pdf-object.c -+++ b/source/pdf/pdf-object.c -@@ -1240,9 +1240,13 @@ pdf_dict_geta(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *abbrev) - return pdf_dict_get(ctx, obj, abbrev); - } - --void --pdf_dict_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val) -+static void -+pdf_dict_get_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val, pdf_obj **old_val) - { -+ -+ if (old_val) -+ *old_val = NULL; -+ - RESOLVE(obj); - if (obj >= PDF_OBJ__LIMIT) - { -@@ -1282,7 +1286,10 @@ pdf_dict_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val) - { - pdf_obj *d = DICT(obj)->items[i].v; - DICT(obj)->items[i].v = pdf_keep_obj(ctx, val); -- pdf_drop_obj(ctx, d); -+ if (old_val) -+ *old_val = d; -+ else -+ pdf_drop_obj(ctx, d); - } - } - else -@@ -1305,10 +1312,27 @@ pdf_dict_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val) - } - - void -+pdf_dict_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val) -+{ -+ pdf_dict_get_put(ctx, obj, key, val, NULL); -+} -+ -+void - pdf_dict_put_drop(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val) - { - fz_try(ctx) -- pdf_dict_put(ctx, obj, key, val); -+ pdf_dict_get_put(ctx, obj, key, val, NULL); -+ fz_always(ctx) -+ pdf_drop_obj(ctx, val); -+ fz_catch(ctx) -+ fz_rethrow(ctx); -+} -+ -+void -+pdf_dict_get_put_drop(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val, pdf_obj **old_val) -+{ -+ fz_try(ctx) -+ pdf_dict_get_put(ctx, obj, key, val, old_val); - fz_always(ctx) - pdf_drop_obj(ctx, val); - fz_catch(ctx) -diff --git a/source/pdf/pdf-repair.c b/source/pdf/pdf-repair.c -index fdd4648..212c8b7 100644 ---- a/source/pdf/pdf-repair.c -+++ b/source/pdf/pdf-repair.c -@@ -259,6 +259,27 @@ pdf_repair_obj_stm(fz_context *ctx, pdf_document *doc, int num, int gen) - } - } - -+static void -+orphan_object(fz_context *ctx, pdf_document *doc, pdf_obj *obj) -+{ -+ if (doc->orphans_count == doc->orphans_max) -+ { -+ int new_max = (doc->orphans_max ? doc->orphans_max*2 : 32); -+ -+ fz_try(ctx) -+ { -+ doc->orphans = fz_resize_array(ctx, doc->orphans, new_max, sizeof(*doc->orphans)); -+ doc->orphans_max = new_max; -+ } -+ fz_catch(ctx) -+ { -+ pdf_drop_obj(ctx, obj); -+ fz_rethrow(ctx); -+ } -+ } -+ doc->orphans[doc->orphans_count++] = obj; -+} -+ - void - pdf_repair_xref(fz_context *ctx, pdf_document *doc) - { -@@ -520,12 +541,13 @@ pdf_repair_xref(fz_context *ctx, pdf_document *doc) - /* correct stream length for unencrypted documents */ - if (!encrypt && list[i].stm_len >= 0) - { -+ pdf_obj *old_obj = NULL; - dict = pdf_load_object(ctx, doc, list[i].num, list[i].gen); - - length = pdf_new_int(ctx, doc, list[i].stm_len); -- pdf_dict_put(ctx, dict, PDF_NAME_Length, length); -- pdf_drop_obj(ctx, length); -- -+ pdf_dict_get_put_drop(ctx, dict, PDF_NAME_Length, length, &old_obj); -+ if (old_obj) -+ orphan_object(ctx, doc, old_obj); - pdf_drop_obj(ctx, dict); - } - } -diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c -index 3de1cd2..6682741 100644 ---- a/source/pdf/pdf-xref.c -+++ b/source/pdf/pdf-xref.c -@@ -1626,6 +1626,12 @@ pdf_close_document(fz_context *ctx, pdf_document *doc) - - pdf_drop_resource_tables(ctx, doc); - -+ for (i = 0; i < doc->orphans_count; i++) -+ { -+ pdf_drop_obj(ctx, doc->orphans[i]); -+ } -+ fz_free(ctx, doc->orphans); -+ - fz_free(ctx, doc); - } - --- -2.10.1 - diff --git a/gnu/packages/patches/mupdf-CVE-2016-9017.patch b/gnu/packages/patches/mupdf-CVE-2016-9017.patch deleted file mode 100644 index 1e2b7c3258..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-9017.patch +++ /dev/null @@ -1,46 +0,0 @@ -Fix CVE-2016-9017: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9107 -http://bugs.ghostscript.com/show_bug.cgi?id=697171 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=a5c747f1d40e8d6659a37a8d25f13fb5acf8e767 - -From a5c747f1d40e8d6659a37a8d25f13fb5acf8e767 Mon Sep 17 00:00:00 2001 -From: Tor Andersson <tor.andersson@artifex.com> -Date: Tue, 25 Oct 2016 14:08:27 +0200 -Subject: [PATCH] Fix 697171: missed an operand in the bytecode debugger dump. - ---- - jscompile.h | 2 +- - jsdump.c | 1 + - 2 files changed, 2 insertions(+), 1 deletion(-) - -diff --git a/jscompile.h b/jscompile.h -index 802cc9e..3054d13 100644 ---- a/thirdparty/mujs/jscompile.h -+++ b/thirdparty/mujs/jscompile.h -@@ -21,7 +21,7 @@ enum js_OpCode - - OP_NEWARRAY, - OP_NEWOBJECT, -- OP_NEWREGEXP, -+ OP_NEWREGEXP, /* -S,opts- <regexp> */ - - OP_UNDEF, - OP_NULL, -diff --git a/jsdump.c b/jsdump.c -index 1c51c29..37ad88c 100644 ---- a/thirdparty/mujs/jsdump.c -+++ b/thirdparty/mujs/jsdump.c -@@ -750,6 +750,7 @@ void jsC_dumpfunction(js_State *J, js_Function *F) - case OP_INITVAR: - case OP_DEFVAR: - case OP_GETVAR: -+ case OP_HASVAR: - case OP_SETVAR: - case OP_DELVAR: - case OP_GETPROP_S: --- -2.10.2 - diff --git a/gnu/packages/patches/mupdf-CVE-2016-9136.patch b/gnu/packages/patches/mupdf-CVE-2016-9136.patch deleted file mode 100644 index 1f68839a52..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-9136.patch +++ /dev/null @@ -1,32 +0,0 @@ -Fix CVE-2016-9136: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9136 -http://bugs.ghostscript.com/show_bug.cgi?id=697244 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=a0ceaf5050faf419401fe1b83acfa950ec8a8a89 -From a0ceaf5050faf419401fe1b83acfa950ec8a8a89 Mon Sep 17 00:00:00 2001 -From: Tor Andersson <tor.andersson@artifex.com> -Date: Mon, 31 Oct 2016 13:05:37 +0100 -Subject: [PATCH] Fix 697244: Check for incomplete escape sequence at end of - input. - ---- - jslex.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/jslex.c b/jslex.c -index cbd0eeb..aaafdac 100644 ---- a/thirdparty/mujs/jslex.c -+++ b/thirdparty/mujs/jslex.c -@@ -377,6 +377,7 @@ static int lexescape(js_State *J) - return 0; - - switch (J->lexchar) { -+ case 0: jsY_error(J, "unterminated escape sequence"); - case 'u': - jsY_next(J); - if (!jsY_ishex(J->lexchar)) return 1; else { x |= jsY_tohex(J->lexchar) << 12; jsY_next(J); } --- -2.10.2 - diff --git a/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch b/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch index cd8136b701..d97c1cb348 100644 --- a/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch +++ b/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch @@ -27,12 +27,3 @@ index 6b92e5c..72dea50 100644 #include <openjpeg.h> static void fz_opj_error_callback(const char *msg, void *client_data) -@@ -117,7 +109,7 @@ fz_load_jpx(fz_context *ctx, unsigned char *data, int size, fz_colorspace *defcs - opj_stream_set_read_function(stream, fz_opj_stream_read); - opj_stream_set_skip_function(stream, fz_opj_stream_skip); - opj_stream_set_seek_function(stream, fz_opj_stream_seek); -- opj_stream_set_user_data(stream, &sb); -+ opj_stream_set_user_data(stream, &sb, NULL); - /* Set the length to avoid an assert */ - opj_stream_set_user_data_length(stream, size); - diff --git a/gnu/packages/patches/nasm-no-ps-pdf.patch b/gnu/packages/patches/nasm-no-ps-pdf.patch deleted file mode 100644 index b03b57a6ed..0000000000 --- a/gnu/packages/patches/nasm-no-ps-pdf.patch +++ /dev/null @@ -1,20 +0,0 @@ -Avoid building PS and PDF docs, which do not build bit-reproducible. NASM -already installs doc in info and html. - ---- nasm-2.12.01/doc/Makefile.in.orig 2016-06-21 18:02:59.483484829 +0200 -+++ nasm-2.12.01/doc/Makefile.in 2016-06-21 18:03:46.700151410 +0200 -@@ -27,7 +27,7 @@ - PS2PDF = @PS2PDF@ # Part of GhostScript - - SRCS = nasmdoc.src inslist.src changes.src --OUT = info html nasmdoc.txt nasmdoc.ps nasmdoc.pdf -+OUT = info html nasmdoc.txt - - # exports - export srcdir -@@ -100,4 +100,4 @@ - $(INSTALL_DATA) info/* $(INSTALLROOT)$(infodir) - mkdir -p $(INSTALLROOT)$(docdir)/html - $(INSTALL_DATA) html/* $(INSTALLROOT)$(docdir)/html -- $(INSTALL_DATA) nasmdoc.ps nasmdoc.pdf nasmdoc.txt $(INSTALLROOT)$(docdir) -+ $(INSTALL_DATA) nasmdoc.txt $(INSTALLROOT)$(docdir) diff --git a/gnu/packages/patches/netcdf-config-date.patch b/gnu/packages/patches/netcdf-config-date.patch deleted file mode 100644 index 5054612e95..0000000000 --- a/gnu/packages/patches/netcdf-config-date.patch +++ /dev/null @@ -1,47 +0,0 @@ -Honor SOURCE_DATE_EPOCH when exporting configuration date. -Autoconf-level patch submitted upstream on Fri Apr 15 23:07:42 UTC 2016 - ---- a/configure -+++ b/configure -@@ -2866,7 +2866,17 @@ - - - # Configuration Date -- CONFIG_DATE="`date`" -+ CONFIG_DATE="`date -u`" -+if test -n "$SOURCE_DATE_EPOCH"; then -+ CONFIG_DATE=`date -u -d "@$SOURCE_DATE_EPOCH" 2>/dev/null \ -+ || date -u -r "$SOURCE_DATE_EPOCH" 2>/dev/null` -+ if test -z "$CONFIG_DATE"; then -+ as_fn_error $? "malformed SOURCE_DATE_EPOCH" "$LINENO" 5 -+ fi -+fi -+cat >>confdefs.h <<_ACEOF -+#define CONFIG_DATE "$CONFIG_DATE" -+_ACEOF - - # Find out about the host we're building on. - ac_aux_dir= ---- a/libdispatch/derror.c -+++ b/libdispatch/derror.c -@@ -13,7 +13,7 @@ - #endif - - /* Tell the user the version of netCDF. */ --static const char nc_libvers[] = PACKAGE_VERSION " of "__DATE__" "__TIME__" $"; -+static const char nc_libvers[] = PACKAGE_VERSION " of "CONFIG_DATE" $"; - - /** - \defgroup lib_version Library Version ---- a/config.h.in -+++ b/config.h.in -@@ -393,6 +393,9 @@ - /* Define to the version of this package. */ - #undef PACKAGE_VERSION - -+/* Define to the configuration date */ -+#undef CONFIG_DATE -+ - /* The size of `double', as computed by sizeof. */ - #undef SIZEOF_DOUBLE - diff --git a/gnu/packages/patches/netcdf-date-time.patch b/gnu/packages/patches/netcdf-date-time.patch new file mode 100644 index 0000000000..a4e7925aa1 --- /dev/null +++ b/gnu/packages/patches/netcdf-date-time.patch @@ -0,0 +1,11 @@ +--- a/libdispatch/derror.c ++++ b/libdispatch/derror.c +@@ -13,7 +13,7 @@ + #endif + + /* Tell the user the version of netCDF. */ +-static const char nc_libvers[] = PACKAGE_VERSION " of "__DATE__" "__TIME__" $"; ++static const char nc_libvers[] = PACKAGE_VERSION" $"; + + /** + \defgroup lib_version Library Version diff --git a/gnu/packages/patches/netcdf-tst_h_par.patch b/gnu/packages/patches/netcdf-tst_h_par.patch new file mode 100644 index 0000000000..ac14a4c0a2 --- /dev/null +++ b/gnu/packages/patches/netcdf-tst_h_par.patch @@ -0,0 +1,21 @@ +From a83702834938b23cc2e843589aa223e2024a7e6f Mon Sep 17 00:00:00 2001 +From: Orion Poplawski <orion@cora.nwra.com> +Date: Tue, 29 Nov 2016 11:48:01 -0700 +Subject: [PATCH] Add missing #include "err_macros.h" to tst_h_par.c + +--- + h5_test/tst_h_par.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/h5_test/tst_h_par.c b/h5_test/tst_h_par.c +index c3da7f4..a419d55 100644 +--- a/h5_test/tst_h_par.c ++++ b/h5_test/tst_h_par.c +@@ -11,6 +11,7 @@ + $Id: tst_h_par.c,v 1.15 2010/05/25 13:53:04 ed Exp $ + */ + #include <nc_tests.h> ++#include "err_macros.h" + #include <hdf5.h> + + /* Defining USE_MPE causes the MPE trace library to be used (and you diff --git a/gnu/packages/patches/ocaml-Add-a-.file-directive.patch b/gnu/packages/patches/ocaml-Add-a-.file-directive.patch new file mode 100644 index 0000000000..07842e9c32 --- /dev/null +++ b/gnu/packages/patches/ocaml-Add-a-.file-directive.patch @@ -0,0 +1,96 @@ +From: Stephane Glondu <steph@glondu.net> +Date: Sun, 16 Aug 2015 20:59:14 +0200 +Subject: Add a .file directive to generated .s files + +When no .file directive is given, the toolchain records the filename +of the .o file, which is sometimes random, making generated objects +non-deterministic. + +We use Location.input_name for adding .file directives to assembly +files. Note: when the file is preprocessed, this reference holds the +name of the temporary file. Hence, files compiled with -pp are still +not deterministic. + +Bug-Debian: https://bugs.debian.org/795784 +Bug-Debian: https://bugs.debian.org/796336 +--- + asmcomp/amd64/emit.mlp | 1 + + asmcomp/arm/emit.mlp | 1 + + asmcomp/arm64/emit.mlp | 1 + + asmcomp/i386/emit.mlp | 1 + + asmcomp/power/emit.mlp | 1 + + asmcomp/sparc/emit.mlp | 1 + + 6 files changed, 6 insertions(+) + +diff --git a/asmcomp/amd64/emit.mlp b/asmcomp/amd64/emit.mlp +index d56d0f5..4d7aa30 100644 +--- a/asmcomp/amd64/emit.mlp ++++ b/asmcomp/amd64/emit.mlp +@@ -794,6 +794,7 @@ let data l = + let begin_assembly() = + reset_debug_info(); (* PR#5603 *) + float_constants := []; ++ ` .file \"{emit_string (String.escaped !Location.input_name)}\"\n`; + if !Clflags.dlcode then begin + (* from amd64.S; could emit these constants on demand *) + if macosx then +diff --git a/asmcomp/arm/emit.mlp b/asmcomp/arm/emit.mlp +index 4948fb2..6f30fba 100644 +--- a/asmcomp/arm/emit.mlp ++++ b/asmcomp/arm/emit.mlp +@@ -892,6 +892,7 @@ let data l = + + let begin_assembly() = + reset_debug_info(); ++ ` .file \"{emit_string (String.escaped !Location.input_name)}\"\n`; + ` .syntax unified\n`; + begin match !arch with + | ARMv4 -> ` .arch armv4t\n` +diff --git a/asmcomp/arm64/emit.mlp b/asmcomp/arm64/emit.mlp +index 750c2b2..5afbb8a 100644 +--- a/asmcomp/arm64/emit.mlp ++++ b/asmcomp/arm64/emit.mlp +@@ -942,6 +942,7 @@ let data l = + + let begin_assembly() = + reset_debug_info(); ++ ` .file \"{emit_string (String.escaped !Location.input_name)}\"\n`; + let lbl_begin = Compilenv.make_symbol (Some "data_begin") in + ` .data\n`; + ` .globl {emit_symbol lbl_begin}\n`; +diff --git a/asmcomp/i386/emit.mlp b/asmcomp/i386/emit.mlp +index 98df5f9..531150f 100644 +--- a/asmcomp/i386/emit.mlp ++++ b/asmcomp/i386/emit.mlp +@@ -986,6 +986,7 @@ let data l = + let begin_assembly() = + reset_debug_info(); (* PR#5603 *) + float_constants := []; ++ ` .file \"{emit_string (String.escaped !Location.input_name)}\"\n`; + let lbl_begin = Compilenv.make_symbol (Some "data_begin") in + ` .data\n`; + ` .globl {emit_symbol lbl_begin}\n`; +diff --git a/asmcomp/power/emit.mlp b/asmcomp/power/emit.mlp +index 4344085..343132b 100644 +--- a/asmcomp/power/emit.mlp ++++ b/asmcomp/power/emit.mlp +@@ -887,6 +887,7 @@ let data l = + let begin_assembly() = + defined_functions := StringSet.empty; + external_functions := StringSet.empty; ++ ` .file \"{emit_string (String.escaped !Location.input_name)}\"\n`; + (* Emit the beginning of the segments *) + let lbl_begin = Compilenv.make_symbol (Some "data_begin") in + emit_string data_space; +diff --git a/asmcomp/sparc/emit.mlp b/asmcomp/sparc/emit.mlp +index 877a3d5..7b041e9 100644 +--- a/asmcomp/sparc/emit.mlp ++++ b/asmcomp/sparc/emit.mlp +@@ -727,6 +727,7 @@ let data l = + (* Beginning / end of an assembly file *) + + let begin_assembly() = ++ ` .file \"{emit_string (String.escaped !Location.input_name)}\"\n`; + let lbl_begin = Compilenv.make_symbol (Some "data_begin") in + ` .data\n`; + ` .global {emit_symbol lbl_begin}\n`; diff --git a/gnu/packages/patches/ocaml-bisect-fix-camlp4-in-another-directory.patch b/gnu/packages/patches/ocaml-bisect-fix-camlp4-in-another-directory.patch new file mode 100644 index 0000000000..2056b42356 --- /dev/null +++ b/gnu/packages/patches/ocaml-bisect-fix-camlp4-in-another-directory.patch @@ -0,0 +1,125 @@ +From 26cac62fe0154cf65c06faaee10805531e9dade8 Mon Sep 17 00:00:00 2001 +From: Julien Lepiller <julien@lepiller.eu> +Date: Wed, 14 Dec 2016 14:14:59 +0100 +Subject: [PATCH] fix camlp4 in another directory + +--- + Makefile | 11 ++++++----- + configure | 13 ++++++++++++- + myocamlbuild.ml | 2 +- + 3 files changed, 19 insertions(+), 7 deletions(-) + +diff --git a/Makefile b/Makefile +index 4a8ce17..d94a6d5 100644 +--- a/Makefile ++++ b/Makefile +@@ -25,7 +25,7 @@ PATH_BUILD=$(PATH_BASE)/_build + PATH_OCAMLDOC=$(PATH_BASE)/ocamldoc + PATH_SRC=$(PATH_BASE)/src + PATH_TESTS=$(PATH_BASE)/tests +-PATH_INSTALL=$(PATH_OCAML_PREFIX)/lib/ocaml/bisect ++PATH_INSTALL=$(PREFIX)/lib/ocaml/bisect + + + # DEFINITIONS +@@ -33,7 +33,8 @@ PATH_INSTALL=$(PATH_OCAML_PREFIX)/lib/ocaml/bisect + PROJECT_NAME=bisect + OCAMLBUILD=$(PATH_OCAML_PREFIX)/bin/ocamlbuild + OCAMLBUILD_ENV=WARNINGS=$(WARNINGS) PATH_OCAML_PREFIX=$(PATH_OCAML_PREFIX) +-OCAMLBUILD_FLAGS=-classic-display -no-links ++CAMLP4_INCLUDE=$(shell test -z $(CAMLP4_LIBDIR) || echo "-cflags -I,$(CAMLP4_LIBDIR)") ++OCAMLBUILD_FLAGS=-classic-display -no-links $(CAMLP4_INCLUDE) + MODULES_ODOCL=$(PROJECT_NAME).odocl + MODULES_MLPACK=$(PROJECT_NAME).mlpack + MODULES_MLPACK_PP=$(PROJECT_NAME)_pp.mlpack +@@ -80,11 +81,11 @@ veryclean: clean + rm -f $(PATH_OCAMLDOC)/*.html $(PATH_OCAMLDOC)/*.css + + install: FORCE +- cp $(PATH_BUILD)/src/report/report.byte $(PATH_OCAML_PREFIX)/bin/bisect-report; \ ++ cp $(PATH_BUILD)/src/report/report.byte $(PREFIX)/bin/bisect-report; \ + if [ "$(PPX)" = "TRUE" ]; then \ +- cp $(PATH_BUILD)/src/syntax/bisect_ppx.byte $(PATH_OCAML_PREFIX)/bin; \ ++ cp $(PATH_BUILD)/src/syntax/bisect_ppx.byte $(PREFIX)/bin; \ + fi; \ +- (test -x $(PATH_OCAML_PREFIX)/bin/ocamlopt && cp $(PATH_BUILD)/src/report/report.native $(PATH_OCAML_PREFIX)/bin/bisect-report.opt || true); \ ++ (test -x $(PATH_OCAML_PREFIX)/bin/ocamlopt && cp $(PATH_BUILD)/src/report/report.native $(PREFIX)/bin/bisect-report.opt || true); \ + if [ -x "$(PATH_OCAMLFIND)" ]; then \ + $(PATH_OCAMLFIND) query $(PROJECT_NAME) && $(PATH_OCAMLFIND) remove $(PROJECT_NAME) || true; \ + $(PATH_OCAMLFIND) install $(PROJECT_NAME) META -optional \ +diff --git a/configure b/configure +index bb7ebf4..61a3095 100755 +--- a/configure ++++ b/configure +@@ -21,7 +21,9 @@ + # default values + ocamlbuild=`which ocamlbuild || echo '/usr/local/bin/ocamlbuild'` + bin_path=`dirname $ocamlbuild` ++prefix='' + ocaml_prefix=`dirname $bin_path` ++camlp4_prefix=`dirname $(dirname $(which camlp4of))` + ocamlfind=`which ocamlfind 2> /dev/null || echo ''` + native_dynlink='TRUE' + devel='FALSE' +@@ -32,8 +34,12 @@ ppx='FALSE' + while [ $# -gt 0 ] + do + case "$1" in ++ -prefix) ++ prefix="$2"; shift;; + -ocaml-prefix) + ocaml_prefix="$2"; shift;; ++ -camlp4-prefix) ++ camlp4_prefix="$2"; shift;; + -ocamlfind) + ocamlfind="$2"; shift;; + -no-native-dynlink) +@@ -45,7 +51,7 @@ do + -ppx) + ppx='TRUE';; + *) +- echo "usage: $0 [-ocaml-prefix <path>] [-ocamlfind <path>] [-no-native-dynlink] [-devel]"; ++ echo "usage: $0 [-prefix <path>] [-ocaml-prefix <path>] [-ocamlfind <path>] [-no-native-dynlink] [-devel]"; + exit 1;; + esac + shift +@@ -57,6 +63,9 @@ if [ "$no_camlp4" = "TRUE" -a "$ppx" = "FALSE" ]; then + exit 1 + fi + ++# prefix default value ++test -z $prefix && prefix=$ocaml_prefix ++ + # make options + make_quiet=`make -f - <<EOF + default: gnumake +@@ -67,11 +76,13 @@ EOF` + # file creation + echo "# timestamp: `date`" > Makefile.config + echo "PATH_OCAML_PREFIX=$ocaml_prefix" >> Makefile.config ++echo "PATH_CAMLP4_PREFIX=$camlp4_prefix" >> Makefile.config + echo "PATH_OCAMLFIND=$ocamlfind" >> Makefile.config + echo "NATIVE_DYNLINK=$native_dynlink" >> Makefile.config + echo "WARNINGS=$devel" >> Makefile.config + echo "NO_CAMLP4=$no_camlp4" >> Makefile.config + echo "PPX=$ppx" >> Makefile.config + echo "MAKE_QUIET=$make_quiet" >> Makefile.config ++echo "PREFIX=$prefix" >> Makefile.config + echo "" >> Makefile.config + echo 'Makefile.config successfully created' +diff --git a/myocamlbuild.ml b/myocamlbuild.ml +index 8aa25fd..09a7d48 100644 +--- a/myocamlbuild.ml ++++ b/myocamlbuild.ml +@@ -70,7 +70,7 @@ let () = + | After_rules -> + let camlp4of = + try +- let path_bin = Filename.concat (Sys.getenv "PATH_OCAML_PREFIX") "bin" in ++ let path_bin = Filename.concat (Sys.getenv "PATH_CAMLP4_PREFIX") "bin" in + Filename.concat path_bin "camlp4of" + with _ -> "camlp4of" in + flag ["ocaml"; "compile"; "pp_camlp4of"] (S[A"-pp"; A camlp4of]); +-- +2.7.4 + diff --git a/gnu/packages/patches/ocaml-bitstring-fix-configure.patch b/gnu/packages/patches/ocaml-bitstring-fix-configure.patch new file mode 100644 index 0000000000..c358bf3d6b --- /dev/null +++ b/gnu/packages/patches/ocaml-bitstring-fix-configure.patch @@ -0,0 +1,53 @@ +From 0aaddfceeea3e89df196ab1846da54d09713a512 Mon Sep 17 00:00:00 2001 +From: Julien Lepiller <julien@lepiller.eu> +Date: Thu, 15 Dec 2016 21:17:31 +0100 +Subject: [PATCH] fix configure + +--- + Makefile.in | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/Makefile.in b/Makefile.in +index d040f4c..85e0b38 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -32,6 +32,7 @@ BISECT_REPORT = @BISECT_REPORT@ + BYTESWAP_H = @BYTESWAP_H@ + + OCAMLLIB = @OCAMLLIB@ ++BISECTLIB = $(shell if test -z $${BISECTLIB}; then echo $(OCAMLLIB); else echo $${BISECTLIB}; fi) + top_srcdir = @top_srcdir@ + + pkg_cil = @OCAML_PKG_cil@ +@@ -47,9 +48,9 @@ OCAMLOPTPACKAGES = $(OCAMLCPACKAGES) + OCAMLOPTLIBS = -linkpkg + + ifneq ($(enable_coverage),no) +-OCAMLCFLAGS += -I +bisect -pp 'camlp4o $(OCAMLLIB)/bisect/instrument.cma' ++OCAMLCFLAGS += -I +bisect -pp 'camlp4o $(BISECTLIB)/bisect/instrument.cma' + OCAMLCLIBS += -I +bisect bisect.cma +-OCAMLOPTFLAGS += -I +bisect -pp 'camlp4o $(OCAMLLIB)/bisect/instrument.cma' ++OCAMLOPTFLAGS += -I +bisect -pp 'camlp4o $(BISECTLIB)/bisect/instrument.cma' + OCAMLOPTLIBS += -I +bisect bisect.cmxa + endif + +@@ -110,7 +111,7 @@ bitstring_persistent.cmi: bitstring_persistent.mli + -I +camlp4 -pp camlp4of -c $< + + pa_bitstring.cmo: pa_bitstring.ml bitstring.cma bitstring_persistent.cma +- $(OCAMLFIND) ocamlc bitstring.cma -I +camlp4 dynlink.cma camlp4lib.cma \ ++ $(OCAMLFIND) ocamlc $(OCAMLCFLAGS) bitstring.cma -I +camlp4 dynlink.cma camlp4lib.cma \ + -pp camlp4of -c $< -o $@ + + bitstring-objinfo: bitstring_objinfo.cmo bitstring.cma bitstring_persistent.cma +@@ -133,7 +134,7 @@ byteswap.h: byteswap.in.h + ifeq ($(enable_coverage),no) + PP = -pp 'camlp4o bitstring.cma bitstring_persistent.cma pa_bitstring.cmo' + else +-PP = -pp 'camlp4o $(OCAMLLIB)/bisect/bisect.cma bitstring.cma bitstring_persistent.cma pa_bitstring.cmo' ++PP = -pp 'camlp4o $(BISECTLIB)/bisect/bisect.cma bitstring.cma bitstring_persistent.cma pa_bitstring.cmo' + endif + + check: test +-- +2.11.0 diff --git a/gnu/packages/patches/onionshare-fix-install-paths.patch b/gnu/packages/patches/onionshare-fix-install-paths.patch deleted file mode 100644 index 721b89f04b..0000000000 --- a/gnu/packages/patches/onionshare-fix-install-paths.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 7afdd3366711a0c508bfb9323af8f4268ab77c9b Mon Sep 17 00:00:00 2001 -From: Efraim Flashner <efraim@flashner.co.il> -Date: Thu, 21 Jul 2016 13:22:45 +0300 -Subject: [PATCH] patch - ---- - setup.py | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/setup.py b/setup.py -index 8ae56fe..8b245c9 100644 ---- a/setup.py -+++ b/setup.py -@@ -91,15 +91,15 @@ setup( - include_package_data=True, - scripts=['install/scripts/onionshare', 'install/scripts/onionshare-gui'], - data_files=[ -- (os.path.join(sys.prefix, 'share/applications'), ['install/onionshare.desktop']), -- (os.path.join(sys.prefix, 'share/appdata'), ['install/onionshare.appdata.xml']), -- (os.path.join(sys.prefix, 'share/pixmaps'), ['install/onionshare80.xpm']), -- (os.path.join(sys.prefix, 'share/onionshare'), [ -+ ('share/applications', ['install/onionshare.desktop']), -+ ('share/appdata', ['install/onionshare.appdata.xml']), -+ ('share/pixmaps', ['install/onionshare80.xpm']), -+ ('share/onionshare', [ - 'resources/version.txt', - 'resources/wordlist.txt' - ]), -- (os.path.join(sys.prefix, 'share/onionshare/images'), images), -- (os.path.join(sys.prefix, 'share/onionshare/locale'), locale), -- (os.path.join(sys.prefix, 'share/onionshare/html'), html) -+ ('share/onionshare/images', images), -+ ('share/onionshare/locale', locale), -+ ('share/onionshare/html', html) - ] - ) --- -2.9.1 - diff --git a/gnu/packages/patches/openjpeg-CVE-2015-6581.patch b/gnu/packages/patches/openjpeg-CVE-2015-6581.patch deleted file mode 100644 index 7ce03501f4..0000000000 --- a/gnu/packages/patches/openjpeg-CVE-2015-6581.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 0fa5a17c98c4b8f9ee2286f4f0a50cf52a5fccb0 Mon Sep 17 00:00:00 2001 -From: Matthieu Darbois <mayeut@users.noreply.github.com> -Date: Tue, 19 May 2015 21:57:27 +0000 -Subject: [PATCH] [trunk] Correct potential double free on malloc failure in - opj_j2k_copy_default_tcp_and_create_tcp (fixes issue 492) - ---- - src/lib/openjp2/j2k.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c -index 8c62a39..cbdd368 100644 ---- a/src/lib/openjp2/j2k.c -+++ b/src/lib/openjp2/j2k.c -@@ -7365,6 +7365,12 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd ( opj_j2k_t * p_j2 - l_tcp->cod = 0; - l_tcp->ppt = 0; - l_tcp->ppt_data = 00; -+ /* Remove memory not owned by this tile in case of early error return. */ -+ l_tcp->m_mct_decoding_matrix = 00; -+ l_tcp->m_nb_max_mct_records = 0; -+ l_tcp->m_mct_records = 00; -+ l_tcp->m_nb_max_mcc_records = 0; -+ l_tcp->m_mcc_records = 00; - /* Reconnect the tile-compo coding parameters pointer to the current tile coding parameters*/ - l_tcp->tccps = l_current_tccp; - -@@ -7402,6 +7408,8 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd ( opj_j2k_t * p_j2 - - ++l_src_mct_rec; - ++l_dest_mct_rec; -+ /* Update with each pass to free exactly what has been allocated on early return. */ -+ l_tcp->m_nb_max_mct_records += 1; - } - - /* Get the mcc_record of the dflt_tile_cp and copy them into the current tile cp*/ -@@ -7411,6 +7419,7 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd ( opj_j2k_t * p_j2 - return OPJ_FALSE; - } - memcpy(l_tcp->m_mcc_records,l_default_tcp->m_mcc_records,l_mcc_records_size); -+ l_tcp->m_nb_max_mcc_records = l_default_tcp->m_nb_max_mcc_records; - - /* Copy the mcc record data from dflt_tile_cp to the current tile*/ - l_src_mcc_rec = l_default_tcp->m_mcc_records; --- -2.5.0 - diff --git a/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch b/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch new file mode 100644 index 0000000000..3f637fa88b --- /dev/null +++ b/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch @@ -0,0 +1,245 @@ +From cadff5fb6e73398de26a92e96d3d7cac893af255 Mon Sep 17 00:00:00 2001 +From: szukw000 <szukw000@arcor.de> +Date: Fri, 9 Dec 2016 08:29:55 +0100 +Subject: [PATCH] These changes repair bugs of #871 and #872 + +email from http://openwall.com/lists/oss-security/2016/12/09/4 +patch is against openjpeg-2.1.2, applies cleanly to 2.1.1. + +--- + src/bin/jp2/converttif.c | 107 +++++++++++++++++++++++++++++++---------------- + 1 file changed, 70 insertions(+), 37 deletions(-) + +diff --git a/src/bin/jp2/converttif.c b/src/bin/jp2/converttif.c +index 143d3be..c690f8b 100644 +--- a/src/bin/jp2/converttif.c ++++ b/src/bin/jp2/converttif.c +@@ -553,20 +553,18 @@ static void tif_32sto16u(const OPJ_INT32* pSrc, OPJ_UINT16* pDst, OPJ_SIZE_T len + + int imagetotif(opj_image_t * image, const char *outfile) + { +- int width, height; +- int bps,adjust, sgnd; +- int tiPhoto; ++ uint32 width, height, bps, tiPhoto; ++ int adjust, sgnd; + TIFF *tif; + tdata_t buf; +- tsize_t strip_size; ++ tmsize_t strip_size, rowStride; + OPJ_UINT32 i, numcomps; +- OPJ_SIZE_T rowStride; + OPJ_INT32* buffer32s = NULL; + OPJ_INT32 const* planes[4]; + convert_32s_PXCX cvtPxToCx = NULL; + convert_32sXXx_C1R cvt32sToTif = NULL; + +- bps = (int)image->comps[0].prec; ++ bps = (uint32)image->comps[0].prec; + planes[0] = image->comps[0].data; + + numcomps = image->numcomps; +@@ -674,13 +672,13 @@ int imagetotif(opj_image_t * image, const char *outfile) + break; + } + sgnd = (int)image->comps[0].sgnd; +- adjust = sgnd ? 1 << (image->comps[0].prec - 1) : 0; +- width = (int)image->comps[0].w; +- height = (int)image->comps[0].h; ++ adjust = sgnd ? (int)(1 << (image->comps[0].prec - 1)) : 0; ++ width = (uint32)image->comps[0].w; ++ height = (uint32)image->comps[0].h; + + TIFFSetField(tif, TIFFTAG_IMAGEWIDTH, width); + TIFFSetField(tif, TIFFTAG_IMAGELENGTH, height); +- TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, numcomps); ++ TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, (uint32)numcomps); + TIFFSetField(tif, TIFFTAG_BITSPERSAMPLE, bps); + TIFFSetField(tif, TIFFTAG_ORIENTATION, ORIENTATION_TOPLEFT); + TIFFSetField(tif, TIFFTAG_PLANARCONFIG, PLANARCONFIG_CONTIG); +@@ -688,8 +686,8 @@ int imagetotif(opj_image_t * image, const char *outfile) + TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, 1); + + strip_size = TIFFStripSize(tif); +- rowStride = ((OPJ_SIZE_T)width * numcomps * (OPJ_SIZE_T)bps + 7U) / 8U; +- if (rowStride != (OPJ_SIZE_T)strip_size) { ++ rowStride = (width * numcomps * bps + 7U) / 8U; ++ if (rowStride != strip_size) { + fprintf(stderr, "Invalid TIFF strip size\n"); + TIFFClose(tif); + return 1; +@@ -699,7 +697,7 @@ int imagetotif(opj_image_t * image, const char *outfile) + TIFFClose(tif); + return 1; + } +- buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)width * numcomps * sizeof(OPJ_INT32)); ++ buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(width * numcomps * sizeof(OPJ_INT32))); + if (buffer32s == NULL) { + _TIFFfree(buf); + TIFFClose(tif); +@@ -1211,20 +1209,19 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) + TIFF *tif; + tdata_t buf; + tstrip_t strip; +- tsize_t strip_size; ++ tmsize_t strip_size; + int j, currentPlane, numcomps = 0, w, h; + OPJ_COLOR_SPACE color_space = OPJ_CLRSPC_UNKNOWN; + opj_image_cmptparm_t cmptparm[4]; /* RGBA */ + opj_image_t *image = NULL; + int has_alpha = 0; +- unsigned short tiBps, tiPhoto, tiSf, tiSpp, tiPC; +- unsigned int tiWidth, tiHeight; ++ uint32 tiBps, tiPhoto, tiSf, tiSpp, tiPC, tiWidth, tiHeight; + OPJ_BOOL is_cinema = OPJ_IS_CINEMA(parameters->rsiz); + convert_XXx32s_C1R cvtTifTo32s = NULL; + convert_32s_CXPX cvtCxToPx = NULL; + OPJ_INT32* buffer32s = NULL; + OPJ_INT32* planes[4]; +- OPJ_SIZE_T rowStride; ++ tmsize_t rowStride; + + tif = TIFFOpen(filename, "r"); + +@@ -1243,22 +1240,35 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) + TIFFGetField(tif, TIFFTAG_SAMPLESPERPIXEL, &tiSpp); + TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &tiPhoto); + TIFFGetField(tif, TIFFTAG_PLANARCONFIG, &tiPC); +- w= (int)tiWidth; +- h= (int)tiHeight; +- +- if(tiBps > 16U) { +- fprintf(stderr,"tiftoimage: Bits=%d, Only 1 to 16 bits implemented\n",tiBps); +- fprintf(stderr,"\tAborting\n"); ++ ++ if(tiSpp == 0 || tiSpp > 4) { /* should be 1 ... 4 */ ++ fprintf(stderr,"tiftoimage: Bad value for samples per pixel == %hu.\n" ++ "\tAborting.\n", tiSpp); ++ TIFFClose(tif); ++ return NULL; ++ } ++ if(tiBps > 16U || tiBps == 0) { ++ fprintf(stderr,"tiftoimage: Bad values for Bits == %d.\n" ++ "\tMax. 16 Bits are allowed here.\n\tAborting.\n",tiBps); + TIFFClose(tif); + return NULL; + } + if(tiPhoto != PHOTOMETRIC_MINISBLACK && tiPhoto != PHOTOMETRIC_RGB) { +- fprintf(stderr,"tiftoimage: Bad color format %d.\n\tOnly RGB(A) and GRAY(A) has been implemented\n",(int) tiPhoto); ++ fprintf(stderr,"tiftoimage: Bad color format %d.\n" ++ "\tOnly RGB(A) and GRAY(A) has been implemented\n",(int) tiPhoto); + fprintf(stderr,"\tAborting\n"); + TIFFClose(tif); + return NULL; + } +- ++ if(tiWidth == 0 || tiHeight == 0) { ++ fprintf(stderr,"tiftoimage: Bad values for width(%u) " ++ "and/or height(%u)\n\tAborting.\n",tiWidth,tiHeight); ++ TIFFClose(tif); ++ return NULL; ++ } ++ w= (int)tiWidth; ++ h= (int)tiHeight; ++ + switch (tiBps) { + case 1: + case 2: +@@ -1312,7 +1322,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) + + TIFFGetFieldDefaulted(tif, TIFFTAG_EXTRASAMPLES, + &extrasamples, &sampleinfo); +- ++ + if(extrasamples >= 1) + { + switch(sampleinfo[0]) +@@ -1333,7 +1343,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) + else /* extrasamples == 0 */ + if(tiSpp == 4 || tiSpp == 2) has_alpha = 1; + } +- ++ + /* initialize image components */ + memset(&cmptparm[0], 0, 4 * sizeof(opj_image_cmptparm_t)); + +@@ -1346,7 +1356,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) + } else { + is_cinema = 0U; + } +- ++ + if(tiPhoto == PHOTOMETRIC_RGB) /* RGB(A) */ + { + numcomps = 3 + has_alpha; +@@ -1384,10 +1394,24 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) + image->x0 = (OPJ_UINT32)parameters->image_offset_x0; + image->y0 = (OPJ_UINT32)parameters->image_offset_y0; + image->x1 = !image->x0 ? (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1 : +- image->x0 + (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1; ++ image->x0 + (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1; ++ if(image->x1 <= image->x0) { ++ fprintf(stderr,"tiftoimage: Bad value for image->x1(%d) vs. " ++ "image->x0(%d)\n\tAborting.\n",image->x1,image->x0); ++ TIFFClose(tif); ++ opj_image_destroy(image); ++ return NULL; ++ } + image->y1 = !image->y0 ? (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1 : +- image->y0 + (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1; +- ++ image->y0 + (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1; ++ if(image->y1 <= image->y0) { ++ fprintf(stderr,"tiftoimage: Bad value for image->y1(%d) vs. " ++ "image->y0(%d)\n\tAborting.\n",image->y1,image->y0); ++ TIFFClose(tif); ++ opj_image_destroy(image); ++ return NULL; ++ } ++ + for(j = 0; j < numcomps; j++) + { + planes[j] = image->comps[j].data; +@@ -1395,15 +1419,15 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) + image->comps[numcomps - 1].alpha = (OPJ_UINT16)(1 - (numcomps & 1)); + + strip_size = TIFFStripSize(tif); +- ++ + buf = _TIFFmalloc(strip_size); + if (buf == NULL) { + TIFFClose(tif); + opj_image_destroy(image); + return NULL; + } +- rowStride = ((OPJ_SIZE_T)w * tiSpp * tiBps + 7U) / 8U; +- buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)w * tiSpp * sizeof(OPJ_INT32)); ++ rowStride = (w * tiSpp * tiBps + 7U) / 8U; ++ buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(w * tiSpp * sizeof(OPJ_INT32))); + if (buffer32s == NULL) { + _TIFFfree(buf); + TIFFClose(tif); +@@ -1421,11 +1445,20 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) + for(; (h > 0) && (strip < TIFFNumberOfStrips(tif)); strip++) + { + const OPJ_UINT8 *dat8; +- OPJ_SIZE_T ssize; ++ tmsize_t ssize; + +- ssize = (OPJ_SIZE_T)TIFFReadEncodedStrip(tif, strip, buf, strip_size); ++ ssize = TIFFReadEncodedStrip(tif, strip, buf, strip_size); ++ if(ssize < 1 || ssize > strip_size) { ++ fprintf(stderr,"tiftoimage: Bad value for ssize(%ld) " ++ "vs. strip_size(%ld).\n\tAborting.\n",ssize,strip_size); ++ _TIFFfree(buf); ++ _TIFFfree(buffer32s); ++ TIFFClose(tif); ++ opj_image_destroy(image); ++ return NULL; ++ } + dat8 = (const OPJ_UINT8*)buf; +- ++ + while (ssize >= rowStride) { + cvtTifTo32s(dat8, buffer32s, (OPJ_SIZE_T)w * tiSpp); + cvtCxToPx(buffer32s, planes, (OPJ_SIZE_T)w); diff --git a/gnu/packages/patches/openssh-memory-exhaustion.patch b/gnu/packages/patches/openssh-memory-exhaustion.patch deleted file mode 100644 index 91fe294ca4..0000000000 --- a/gnu/packages/patches/openssh-memory-exhaustion.patch +++ /dev/null @@ -1,39 +0,0 @@ -Fix a memory exhaustion bug in the key exchange, whereby an unauthenticated user -could potentially consume 38400 MB of memory on the server: - -http://seclists.org/oss-sec/2016/q4/185 - -Patch adapted from upstream source repository: - -https://github.com/openssh/openssh-portable/commit/ec165c392ca54317dbe3064a8c200de6531e89ad - -From ec165c392ca54317dbe3064a8c200de6531e89ad Mon Sep 17 00:00:00 2001 -From: "markus@openbsd.org" <markus@openbsd.org> -Date: Mon, 10 Oct 2016 19:28:48 +0000 -Subject: [PATCH] upstream commit - -Unregister the KEXINIT handler after message has been -received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause -allocation of up to 128MB -- until the connection is closed. Reported by -shilei-c at 360.cn - -Upstream-ID: 43649ae12a27ef94290db16d1a98294588b75c05 ---- - kex.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/kex.c b/kex.c -index 3f97f8c..6a94bc5 100644 ---- a/kex.c -+++ b/kex.c -@@ -481,6 +481,7 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt) - if (kex == NULL) - return SSH_ERR_INVALID_ARGUMENT; - -+ ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL); - ptr = sshpkt_ptr(ssh, &dlen); - if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0) - return r; --- -2.10.1 - diff --git a/gnu/packages/patches/python-2.7-site-prefixes.patch b/gnu/packages/patches/python-2.7-site-prefixes.patch new file mode 100644 index 0000000000..9e3066508f --- /dev/null +++ b/gnu/packages/patches/python-2.7-site-prefixes.patch @@ -0,0 +1,26 @@ +Add all /gnu/store/ prefixes found in PYTHONPATH to the prefixes where +site-packages (and .pth files) are searched. + +*** Python-2.7.11/Lib/site.py.orig 2016-10-17 23:27:23.746149690 +0200 +--- Python-2.7.11/Lib/site.py 2016-10-17 23:44:51.930871644 +0200 +*************** +*** 65,70 **** +--- 65,82 ---- + + # Prefixes for site-packages; add additional prefixes like /usr/local here + PREFIXES = [sys.prefix, sys.exec_prefix] ++ # Guix: Add all /gnu/store-paths in PYTHONPATH--these are all ++ # "prefixes". This is required to search .pth files in all python ++ # packages contained in /gnu/store which is required to make ++ # .pth-defined namespace packages work. ++ # This is necessary if the packages are not merged into a single ++ # `site-packages` directory (like when using `guix environment`) but ++ # listed in PYTHONPATH (like when running `guix build`). ++ for p in sys.path: ++ if p.startswith('/gnu/store/'): ++ PREFIXES.append(p[:p.find('/', 44)]) # find first pathsep after hash ++ del p ++ + # Enable per user site-packages directory + # set it to False to disable the feature or True to force the feature + ENABLE_USER_SITE = None diff --git a/gnu/packages/patches/python-dendropy-exclude-failing-tests.patch b/gnu/packages/patches/python-dendropy-exclude-failing-tests.patch deleted file mode 100644 index 288a58b06f..0000000000 --- a/gnu/packages/patches/python-dendropy-exclude-failing-tests.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff --git a/dendropy/test/test_phylogenetic_distance_matrix.py b/dendropy/test/test_phylogenetic_distance_matrix.py -index 10c05f5..a18ba52 100644 ---- a/dendropy/test/test_phylogenetic_distance_matrix.py -+++ b/dendropy/test/test_phylogenetic_distance_matrix.py -@@ -793,7 +793,7 @@ class PdmUpgmaTree(PdmTreeChecker, unittest.TestCase): - expected_tree=expected_tree) - - class NodeToNodeDistancesTest(unittest.TestCase): -- -+ @unittest.expectedFailure - def test_distances(self): - ## get distances from ape - # library(ape) -@@ -825,6 +825,7 @@ class NodeToNodeDistancesTest(unittest.TestCase): - e = reference_table[nd1.label, nd2.label] - self.assertAlmostEqual(d, e) - -+ @unittest.expectedFailure - def test_mrca(self): - test_runs = [ - "hiv1.newick", diff --git a/gnu/packages/patches/python-pycrypto-CVE-2013-7459.patch b/gnu/packages/patches/python-pycrypto-CVE-2013-7459.patch new file mode 100644 index 0000000000..3570b94e9b --- /dev/null +++ b/gnu/packages/patches/python-pycrypto-CVE-2013-7459.patch @@ -0,0 +1,97 @@ +Fix CVE-2013-7459: + +https://github.com/dlitz/pycrypto/issues/176 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7459 + +Copied from Debian: + +https://anonscm.debian.org/cgit/collab-maint/python-crypto.git/commit/?id=0de2243837ed369a086f15c50cca2be85bdfab9d + +Debian adapts this upstream commit: + +https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4 + +From 8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4 Mon Sep 17 00:00:00 2001 +From: Legrandin <helderijs@gmail.com> +Date: Sun, 22 Dec 2013 22:24:46 +0100 +Subject: [PATCH] Throw exception when IV is used with ECB or CTR + +The IV parameter is currently ignored when initializing +a cipher in ECB or CTR mode. + +For CTR mode, it is confusing: it takes some time to see +that a different parameter is needed (the counter). + +For ECB mode, it is outright dangerous. + +This patch forces an exception to be raised. +--- + lib/Crypto/SelfTest/Cipher/common.py | 31 +++++++++++++++++++++++-------- + src/block_template.c | 11 +++++++++++ + 2 files changed, 34 insertions(+), 8 deletions(-) + +--- a/lib/Crypto/SelfTest/Cipher/common.py ++++ b/lib/Crypto/SelfTest/Cipher/common.py +@@ -239,19 +239,34 @@ class RoundtripTest(unittest.TestCase): + return """%s .decrypt() output of .encrypt() should not be garbled""" % (self.module_name,) + + def runTest(self): +- for mode in (self.module.MODE_ECB, self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_OFB, self.module.MODE_OPENPGP): ++ ++ ## ECB mode ++ mode = self.module.MODE_ECB ++ encryption_cipher = self.module.new(a2b_hex(self.key), mode) ++ ciphertext = encryption_cipher.encrypt(self.plaintext) ++ decryption_cipher = self.module.new(a2b_hex(self.key), mode) ++ decrypted_plaintext = decryption_cipher.decrypt(ciphertext) ++ self.assertEqual(self.plaintext, decrypted_plaintext) ++ ++ ## OPENPGP mode ++ mode = self.module.MODE_OPENPGP ++ encryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv) ++ eiv_ciphertext = encryption_cipher.encrypt(self.plaintext) ++ eiv = eiv_ciphertext[:self.module.block_size+2] ++ ciphertext = eiv_ciphertext[self.module.block_size+2:] ++ decryption_cipher = self.module.new(a2b_hex(self.key), mode, eiv) ++ decrypted_plaintext = decryption_cipher.decrypt(ciphertext) ++ self.assertEqual(self.plaintext, decrypted_plaintext) ++ ++ ## All other non-AEAD modes (but CTR) ++ for mode in (self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_OFB): + encryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv) + ciphertext = encryption_cipher.encrypt(self.plaintext) +- +- if mode != self.module.MODE_OPENPGP: +- decryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv) +- else: +- eiv = ciphertext[:self.module.block_size+2] +- ciphertext = ciphertext[self.module.block_size+2:] +- decryption_cipher = self.module.new(a2b_hex(self.key), mode, eiv) ++ decryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv) + decrypted_plaintext = decryption_cipher.decrypt(ciphertext) + self.assertEqual(self.plaintext, decrypted_plaintext) + ++ + class PGPTest(unittest.TestCase): + def __init__(self, module, params): + unittest.TestCase.__init__(self) +--- a/src/block_template.c ++++ b/src/block_template.c +@@ -170,6 +170,17 @@ ALGnew(PyObject *self, PyObject *args, P + "Key cannot be the null string"); + return NULL; + } ++ if (IVlen != 0 && mode == MODE_ECB) ++ { ++ PyErr_Format(PyExc_ValueError, "ECB mode does not use IV"); ++ return NULL; ++ } ++ if (IVlen != 0 && mode == MODE_CTR) ++ { ++ PyErr_Format(PyExc_ValueError, ++ "CTR mode needs counter parameter, not IV"); ++ return NULL; ++ } + if (IVlen != BLOCK_SIZE && mode != MODE_ECB && mode != MODE_CTR) + { + PyErr_Format(PyExc_ValueError, diff --git a/gnu/packages/patches/python-rarfile-fix-tests.patch b/gnu/packages/patches/python-rarfile-fix-tests.patch deleted file mode 100644 index 8ae8894009..0000000000 --- a/gnu/packages/patches/python-rarfile-fix-tests.patch +++ /dev/null @@ -1,14 +0,0 @@ -There is no test.sh, but there are test1.sh and test2.sh. - -diff --git a/test/Makefile b/test/Makefile -index 027bc5f..5383db3 100644 ---- a/test/Makefile -+++ b/test/Makefile -@@ -1,5 +1,6 @@ - test: -- ./test.sh -+ ./test1.sh -+ ./test2.sh - - clean: - rm -rf __pycache__ diff --git a/gnu/packages/patches/qemu-CVE-2016-8576.patch b/gnu/packages/patches/qemu-CVE-2016-8576.patch deleted file mode 100644 index 5031b59d81..0000000000 --- a/gnu/packages/patches/qemu-CVE-2016-8576.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 20009bdaf95d10bf748fa69b104672d3cfaceddf Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann <kraxel@redhat.com> -Date: Fri, 7 Oct 2016 10:15:29 +0200 -Subject: [PATCH] xhci: limit the number of link trbs we are willing to process - -Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> ---- - hw/usb/hcd-xhci.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c -index 726435c..ee4fa48 100644 ---- a/hw/usb/hcd-xhci.c -+++ b/hw/usb/hcd-xhci.c -@@ -54,6 +54,8 @@ - * to the specs when it gets them */ - #define ER_FULL_HACK - -+#define TRB_LINK_LIMIT 4 -+ - #define LEN_CAP 0x40 - #define LEN_OPER (0x400 + 0x10 * MAXPORTS) - #define LEN_RUNTIME ((MAXINTRS + 1) * 0x20) -@@ -1000,6 +1002,7 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb, - dma_addr_t *addr) - { - PCIDevice *pci_dev = PCI_DEVICE(xhci); -+ uint32_t link_cnt = 0; - - while (1) { - TRBType type; -@@ -1026,6 +1029,9 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb, - ring->dequeue += TRB_SIZE; - return type; - } else { -+ if (++link_cnt > TRB_LINK_LIMIT) { -+ return 0; -+ } - ring->dequeue = xhci_mask64(trb->parameter); - if (trb->control & TRB_LK_TC) { - ring->ccs = !ring->ccs; -@@ -1043,6 +1049,7 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring) - bool ccs = ring->ccs; - /* hack to bundle together the two/three TDs that make a setup transfer */ - bool control_td_set = 0; -+ uint32_t link_cnt = 0; - - while (1) { - TRBType type; -@@ -1058,6 +1065,9 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring) - type = TRB_TYPE(trb); - - if (type == TR_LINK) { -+ if (++link_cnt > TRB_LINK_LIMIT) { -+ return -length; -+ } - dequeue = xhci_mask64(trb.parameter); - if (trb.control & TRB_LK_TC) { - ccs = !ccs; --- -1.8.3.1 - diff --git a/gnu/packages/patches/qemu-CVE-2016-8577.patch b/gnu/packages/patches/qemu-CVE-2016-8577.patch deleted file mode 100644 index c4132d2fb1..0000000000 --- a/gnu/packages/patches/qemu-CVE-2016-8577.patch +++ /dev/null @@ -1,36 +0,0 @@ -Subject: [Qemu-devel] [PATCH] 9pfs: fix potential host memory leak in v9fs_read -From: Li Qiang <liq3ea@gmail.com> - -In 9pfs read dispatch function, it doesn't free two QEMUIOVector -object thus causing potential memory leak. This patch avoid this. - -Signed-off-by: Li Qiang <liq3ea@gmail.com> ---- - hw/9pfs/9p.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c -index 119ee58..543a791 100644 ---- a/hw/9pfs/9p.c -+++ b/hw/9pfs/9p.c -@@ -1826,14 +1826,15 @@ static void v9fs_read(void *opaque) - if (len < 0) { - /* IO error return the error */ - err = len; -- goto out; -+ goto out_free_iovec; - } - } while (count < max_count && len > 0); - err = pdu_marshal(pdu, offset, "d", count); - if (err < 0) { -- goto out; -+ goto out_free_iovec; - } - err += offset + count; -+out_free_iovec: - qemu_iovec_destroy(&qiov); - qemu_iovec_destroy(&qiov_full); - } else if (fidp->fid_type == P9_FID_XATTR) { --- -1.8.3.1 - diff --git a/gnu/packages/patches/qemu-CVE-2016-8578.patch b/gnu/packages/patches/qemu-CVE-2016-8578.patch deleted file mode 100644 index 92ba365727..0000000000 --- a/gnu/packages/patches/qemu-CVE-2016-8578.patch +++ /dev/null @@ -1,27 +0,0 @@ -From: Li Qiang <liq3ea@gmail.com> - -In 9pfs function v9fs_iov_vunmarshal, it will not allocate space -for empty string. This will cause several NULL pointer dereference -issues. this patch fix this issue. - -Signed-off-by: Li Qiang <liq3ea@gmail.com> ---- - fsdev/9p-iov-marshal.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/fsdev/9p-iov-marshal.c b/fsdev/9p-iov-marshal.c -index 663cad5..1d16f8d 100644 ---- a/fsdev/9p-iov-marshal.c -+++ b/fsdev/9p-iov-marshal.c -@@ -125,7 +125,7 @@ ssize_t v9fs_iov_vunmarshal(struct iovec *out_sg, int out_num, size_t offset, - str->data = g_malloc(str->size + 1); - copied = v9fs_unpack(str->data, out_sg, out_num, offset, - str->size); -- if (copied > 0) { -+ if (copied >= 0) { - str->data[str->size] = 0; - } else { - v9fs_string_free(str); --- -1.8.3.1 - diff --git a/gnu/packages/patches/readline-7.0-mingw.patch b/gnu/packages/patches/readline-7.0-mingw.patch new file mode 100644 index 0000000000..1dc491d556 --- /dev/null +++ b/gnu/packages/patches/readline-7.0-mingw.patch @@ -0,0 +1,28 @@ +Configure checks for chown; add missing shields in code. + +Upstream status: not yet presented upstream. + +--- readline-7.0/histfile.c.orig 2016-12-06 20:04:10.058901731 +0100 ++++ readline-7.0/histfile.c 2016-12-06 20:05:09.220083801 +0100 +@@ -610,8 +610,10 @@ + user is running this, it's a no-op. If the shell is running after sudo + with a shared history file, we don't want to leave the history file + owned by root. */ ++#if HAVE_CHOWN + if (rv == 0 && exists) + r = chown (filename, finfo.st_uid, finfo.st_gid); ++#endif + + xfree (filename); + FREE (tempname); +@@ -757,8 +759,10 @@ + user is running this, it's a no-op. If the shell is running after sudo + with a shared history file, we don't want to leave the history file + owned by root. */ ++#if HAVE_CHOWN + if (rv == 0 && exists) + mode = chown (histname, finfo.st_uid, finfo.st_gid); ++#endif + + FREE (histname); + FREE (tempname); diff --git a/gnu/packages/patches/ruby-symlinkfix.patch b/gnu/packages/patches/ruby-symlinkfix.patch deleted file mode 100644 index 16beecc97a..0000000000 --- a/gnu/packages/patches/ruby-symlinkfix.patch +++ /dev/null @@ -1,53 +0,0 @@ -Fix symlinks to '..' to fix rubygems improperly expanding symlinked -paths. Without this fix, some gems fail to install. This patch is applied in -rubygems 2.5.2, but ruby version 2.3.1 bundles an older version of rubygems -(2.5.1). - ---- a/lib/rubygems/package.rb -+++ b/lib/rubygems/package.rb -@@ -383,7 +383,7 @@ def extract_tar_gz io, destination_dir, pattern = "*" # :nodoc: - FileUtils.chmod entry.header.mode, destination - end if entry.file? - -- File.symlink(install_location(entry.header.linkname, destination_dir), destination) if entry.symlink? -+ File.symlink(entry.header.linkname, destination) if entry.symlink? - - verbose destination - end -diff --git a/test/rubygems/test_gem_package.rb b/test/rubygems/test_gem_package.rb -index 7848bc2..f287bd3 100644 ---- a/test/rubygems/test_gem_package.rb -+++ b/test/rubygems/test_gem_package.rb -@@ -428,19 +428,25 @@ def test_extract_tar_gz_absolute - "#{@destination} is not allowed", e.message) - end - -- def test_extract_tar_gz_symlink_absolute -+ def test_extract_tar_gz_symlink_relative_path -+ skip 'symlink not supported' if Gem.win_platform? -+ - package = Gem::Package.new @gem - - tgz_io = util_tar_gz do |tar| -- tar.add_symlink 'code.rb', '/absolute.rb', 0644 -+ tar.add_file 'relative.rb', 0644 do |io| io.write 'hi' end -+ tar.mkdir 'lib', 0755 -+ tar.add_symlink 'lib/foo.rb', '../relative.rb', 0644 - end - -- e = assert_raises Gem::Package::PathError do -- package.extract_tar_gz tgz_io, @destination -- end -+ package.extract_tar_gz tgz_io, @destination - -- assert_equal("installing into parent path /absolute.rb of " + -- "#{@destination} is not allowed", e.message) -+ extracted = File.join @destination, 'lib/foo.rb' -+ assert_path_exists extracted -+ assert_equal '../relative.rb', -+ File.readlink(extracted) -+ assert_equal 'hi', -+ File.read(extracted) - end - - def test_extract_tar_gz_directory diff --git a/gnu/packages/patches/seq24-rename-mutex.patch b/gnu/packages/patches/seq24-rename-mutex.patch new file mode 100644 index 0000000000..ddc5910119 --- /dev/null +++ b/gnu/packages/patches/seq24-rename-mutex.patch @@ -0,0 +1,124 @@ +The custom mutex definition in Seq24 clashes with the mutex defined in gtkmm. +This patch renames the custom definition. + +See https://bugs.launchpad.net/seq24/+bug/1647614 for upstream bug report. + +diff --git a/src/midibus.h b/src/midibus.h +index 2cdf8e8..1bb02bd 100644 +--- a/src/midibus.h ++++ b/src/midibus.h +@@ -90,7 +90,7 @@ class midibus + + + /* locking */ +- mutex m_mutex; ++ seq24mutex m_mutex; + + /* mutex */ + void lock(); +@@ -208,7 +208,7 @@ class mastermidibus + sequence *m_seq; + + /* locking */ +- mutex m_mutex; ++ seq24mutex m_mutex; + + /* mutex */ + void lock(); +diff --git a/src/midibus_portmidi.h b/src/midibus_portmidi.h +index 0119e9c..8c6a27a 100644 +--- a/src/midibus_portmidi.h ++++ b/src/midibus_portmidi.h +@@ -65,7 +65,7 @@ class midibus + long m_lasttick; + + /* locking */ +- mutex m_mutex; ++ seq24mutex m_mutex; + + /* mutex */ + void lock(); +@@ -164,7 +164,7 @@ class mastermidibus + sequence *m_seq; + + /* locking */ +- mutex m_mutex; ++ seq24mutex m_mutex; + + /* mutex */ + void lock(); +diff --git a/src/mutex.cpp b/src/mutex.cpp +index b3f23fd..914114f 100644 +--- a/src/mutex.cpp ++++ b/src/mutex.cpp +@@ -20,23 +20,23 @@ + + #include "mutex.h" + +-const pthread_mutex_t mutex::recmutex = PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP; ++const pthread_mutex_t seq24mutex::recmutex = PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP; + const pthread_cond_t condition_var::cond = PTHREAD_COND_INITIALIZER; + +-mutex::mutex( ) ++seq24mutex::seq24mutex( ) + { + m_mutex_lock = recmutex; + } + + void +-mutex::lock( ) ++seq24mutex::lock( ) + { + pthread_mutex_lock( &m_mutex_lock ); + } + + + void +-mutex::unlock( ) ++seq24mutex::unlock( ) + { + pthread_mutex_unlock( &m_mutex_lock ); + } +diff --git a/src/mutex.h b/src/mutex.h +index 399f8a3..4f1b867 100644 +--- a/src/mutex.h ++++ b/src/mutex.h +@@ -24,7 +24,7 @@ + + #include <pthread.h> + +-class mutex { ++class seq24mutex { + + private: + +@@ -37,14 +37,14 @@ protected: + + public: + +- mutex(); ++ seq24mutex(); + + void lock(); + void unlock(); + + }; + +-class condition_var : public mutex { ++class condition_var : public seq24mutex { + + private: + +diff --git a/src/sequence.h b/src/sequence.h +index 2943946..9da8700 100644 +--- a/src/sequence.h ++++ b/src/sequence.h +@@ -153,7 +153,7 @@ class sequence + long m_rec_vol; + + /* locking */ +- mutex m_mutex; ++ seq24mutex m_mutex; + + /* used to idenfity which events are ours in the out queue */ + //unsigned char m_tag; diff --git a/gnu/packages/patches/slock-CVE-2016-6866.patch b/gnu/packages/patches/slock-CVE-2016-6866.patch deleted file mode 100644 index 2f94b8c1a9..0000000000 --- a/gnu/packages/patches/slock-CVE-2016-6866.patch +++ /dev/null @@ -1,51 +0,0 @@ -Fix CVE-2016-6866. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6866 -https://security-tracker.debian.org/tracker/CVE-2016-6866 - -Copied from upstream source repository: -http://git.suckless.org/slock/commit/?id=d8bec0f6fdc8a246d78cb488a0068954b46fcb29 - -From d8bec0f6fdc8a246d78cb488a0068954b46fcb29 Mon Sep 17 00:00:00 2001 -From: Markus Teich <markus.teich@stusta.mhn.de> -Date: Tue, 30 Aug 2016 22:59:06 +0000 -Subject: fix CVE-2016-6866 - ---- -diff --git a/slock.c b/slock.c -index 847b328..8ed59ca 100644 ---- a/slock.c -+++ b/slock.c -@@ -123,7 +123,7 @@ readpw(Display *dpy) - readpw(Display *dpy, const char *pws) - #endif - { -- char buf[32], passwd[256]; -+ char buf[32], passwd[256], *encrypted; - int num, screen; - unsigned int len, color; - KeySym ksym; -@@ -159,7 +159,11 @@ readpw(Display *dpy, const char *pws) - #ifdef HAVE_BSD_AUTH - running = !auth_userokay(getlogin(), NULL, "auth-slock", passwd); - #else -- running = !!strcmp(crypt(passwd, pws), pws); -+ errno = 0; -+ if (!(encrypted = crypt(passwd, pws))) -+ fprintf(stderr, "slock: crypt: %s\n", strerror(errno)); -+ else -+ running = !!strcmp(encrypted, pws); - #endif - if (running) { - XBell(dpy, 100); -@@ -312,6 +316,8 @@ main(int argc, char **argv) { - - #ifndef HAVE_BSD_AUTH - pws = getpw(); -+ if (strlen(pws) < 2) -+ die("slock: failed to get user password hash.\n"); - #endif - - if (!(dpy = XOpenDisplay(NULL))) --- -cgit v0.9.0.3-65-g4555 diff --git a/gnu/packages/patches/tcsh-fix-out-of-bounds-read.patch b/gnu/packages/patches/tcsh-fix-out-of-bounds-read.patch new file mode 100644 index 0000000000..48c294f78e --- /dev/null +++ b/gnu/packages/patches/tcsh-fix-out-of-bounds-read.patch @@ -0,0 +1,31 @@ +Fix out-of-bounds read in c_substitute(): + +http://seclists.org/oss-sec/2016/q4/612 + +Patch copied from upstream source repository: + +https://github.com/tcsh-org/tcsh/commit/6a542dc4fb2ba26518a47e9b3a9bcd6a91b94596 + +From 6a542dc4fb2ba26518a47e9b3a9bcd6a91b94596 Mon Sep 17 00:00:00 2001 +From: christos <christos> +Date: Fri, 2 Dec 2016 16:59:28 +0000 +Subject: [PATCH] Fix out of bounds read (Brooks Davis) (reproduce by starting + tcsh and hitting tab at the prompt) + +--- + ed.chared.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ed.chared.c b/ed.chared.c +index 1277e53..310393e 100644 +--- ed.chared.c ++++ ed.chared.c +@@ -750,7 +750,7 @@ c_substitute(void) + /* + * If we found a history character, go expand it. + */ +- if (HIST != '\0' && *p == HIST) ++ if (p >= InputBuf && HIST != '\0' && *p == HIST) + nr_exp = c_excl(p); + else + nr_exp = 0; diff --git a/gnu/packages/patches/unrtf-CVE-2016-10091.patch b/gnu/packages/patches/unrtf-CVE-2016-10091.patch new file mode 100644 index 0000000000..badd1b8ed6 --- /dev/null +++ b/gnu/packages/patches/unrtf-CVE-2016-10091.patch @@ -0,0 +1,189 @@ +Fix CVE-2016-10091 (stack-based buffer overflows in cmd_* functions): + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10091 +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849705 +http://seclists.org/oss-sec/2016/q4/787 + +Patch adapted from Debian: + +https://anonscm.debian.org/cgit/collab-maint/unrtf.git/commit/?h=jessie&id=7500a48fb0fbad3ab963fb17560b2f90a8a485c8 + +The Debian patch adapts this upstream commit so that it can be applied +to the 0.21.9 release tarball: + +http://hg.savannah.gnu.org/hgweb/unrtf/rev/3b16893a6406 + +From 7dd568ed8a6a5acb6c04f2b40f457d63a00435f3 Mon Sep 17 00:00:00 2001 +From: Willi Mann <willi@debian.org> +Date: Sat, 31 Dec 2016 20:31:38 +0100 +Subject: [PATCH] Add patch from upstream to fix CVE-2016-10091 (buffer + overflow in various cmd_ functions) + +diff --git a/src/attr.c b/src/attr.c +index 02b5c81..e2951ea 100644 +--- a/src/attr.c ++++ b/src/attr.c +@@ -746,7 +746,7 @@ char * + assemble_string(char *string, int nr) + { + +- char *s, tmp[12];/* Number of characters that can be in int type (including '\0') - AF */ ++ char *s, tmp[20]; + int i = 0, j = 0; + + if (string == NULL) +@@ -762,7 +762,7 @@ assemble_string(char *string, int nr) + } + + if (string[i] != '\0') { +- sprintf(tmp, "%d", nr); ++ snprintf(tmp, 20, "%d", nr); + strcpy(&s[j], tmp); + j = j + strlen(tmp); + } +diff --git a/src/convert.c b/src/convert.c +index c76d7d6..8eacdcb 100644 +--- a/src/convert.c ++++ b/src/convert.c +@@ -472,7 +472,7 @@ static const int fcharsetparmtocp(int parm) + } + + // Translate code page to encoding name hopefully suitable as iconv input +-static char *cptoencoding(parm) ++static char *cptoencoding(int parm) + { + // Note that CP0 is supposed to mean current system default, which does + // not make any sense as a stored value, we don't handle it. +@@ -964,7 +964,7 @@ cmd_cf (Word *w, int align, char has_param, int num) + } + else + { +- sprintf(str,"#%02x%02x%02x", ++ snprintf(str, 40, "#%02x%02x%02x", + color_table[num].r, + color_table[num].g, + color_table[num].b); +@@ -993,7 +993,7 @@ cmd_cb (Word *w, int align, char has_param, int num) + } + else + { +- sprintf(str,"#%02x%02x%02x", ++ snprintf(str, 40, "#%02x%02x%02x", + color_table[num].r, + color_table[num].g, + color_table[num].b); +@@ -1018,7 +1018,7 @@ cmd_fs (Word *w, int align, char has_param, int points) { + /* Note, fs20 means 10pt */ + points /= 2; + +- sprintf(str,"%d",points); ++ snprintf(str, 20, "%d", points); + attr_push(ATTR_FONTSIZE,str); + + return FALSE; +@@ -1166,7 +1166,7 @@ cmd_f (Word *w, int align, char has_param, int num) + { + // TOBEDONE: WHAT'S THIS ??? + name = my_malloc(12); +- sprintf(name, "%d", num); ++ snprintf(name, 12, "%d", num); + } + + /* we are going to output entities, so should not output font */ +@@ -1218,7 +1218,7 @@ cmd_highlight (Word *w, int align, char has_param, int num) + } + else + { +- sprintf(str,"#%02x%02x%02x", ++ snprintf(str, 40, "#%02x%02x%02x", + color_table[num].r, + color_table[num].g, + color_table[num].b); +@@ -1373,9 +1373,9 @@ cmd_ftech (Word *w, int align, char has_param, int param) { + + static int + cmd_expand (Word *w, int align, char has_param, int param) { +- char str[10]; ++ char str[20]; + if (has_param) { +- sprintf(str, "%d", param/4); ++ snprintf(str, 20, "%d", param / 4); + if (!param) + attr_pop(ATTR_EXPAND); + else +@@ -1394,7 +1394,7 @@ cmd_expand (Word *w, int align, char has_param, int param) { + + static int + cmd_emboss (Word *w, int align, char has_param, int param) { +- char str[10]; ++ char str[20]; + if (has_param && !param) + #ifdef SUPPORT_UNNESTED + attr_find_pop(ATTR_EMBOSS); +@@ -1403,7 +1403,7 @@ cmd_emboss (Word *w, int align, char has_param, int param) { + #endif + else + { +- sprintf(str, "%d", param); ++ snprintf(str, 20, "%d", param); + attr_push(ATTR_EMBOSS, str); + } + return FALSE; +@@ -1419,12 +1419,12 @@ cmd_emboss (Word *w, int align, char has_param, int param) { + + static int + cmd_engrave (Word *w, int align, char has_param, int param) { +- char str[10]; ++ char str[20]; + if (has_param && !param) + attr_pop(ATTR_ENGRAVE); + else + { +- sprintf(str, "%d", param); ++ snprintf(str, 20, "%d", param); + attr_push(ATTR_ENGRAVE, str); + } + return FALSE; +@@ -1976,7 +1976,7 @@ static int cmd_u (Word *w, int align, char has_param, int param) { + + short done=0; + long unicode_number = (long) param; /* On 16bit architectures int is too small to store unicode characters. - AF */ +- char tmp[12]; /* Number of characters that can be in int type (including '\0'). If int size is greater than 4 bytes change this value. - AF */ ++ char tmp[20]; /* Number of characters that can be in int type (including '\0'). If int size is greater than 4 bytes change this value. - AF */ + const char *alias; + #define DEBUG 0 + #if DEBUG +@@ -2006,7 +2006,7 @@ static int cmd_u (Word *w, int align, char has_param, int param) { + /* RTF spec: Unicode values beyond 32767 are represented by negative numbers */ + unicode_number += 65536; + } +- sprintf(tmp, "%ld", unicode_number); ++ snprintf(tmp, 20, "%ld", unicode_number); + + if (safe_printf(1, op->unisymbol_print, tmp)) fprintf(stderr, TOO_MANY_ARGS, "unisymbol_print"); + done++; +diff --git a/src/output.c b/src/output.c +index 86d8b5c..4cdbfa6 100644 +--- a/src/output.c ++++ b/src/output.c +@@ -320,7 +320,7 @@ op_begin_std_fontsize (OutputPersonality *op, int size) + if (!found_std_expr) { + if (op->fontsize_begin) { + char expr[16]; +- sprintf (expr, "%d", size); ++ snprintf(expr, 16, "%d", size); + if (safe_printf (1, op->fontsize_begin, expr)) fprintf(stderr, TOO_MANY_ARGS, "fontsize_begin"); + } else { + /* If we cannot write out a change for the exact +@@ -440,7 +440,7 @@ op_end_std_fontsize (OutputPersonality *op, int size) + if (!found_std_expr) { + if (op->fontsize_end) { + char expr[16]; +- sprintf (expr, "%d", size); ++ snprintf(expr, 16, "%d", size); + if (safe_printf(1, op->fontsize_end, expr)) fprintf(stderr, TOO_MANY_ARGS, "fontsize_end"); + } else { + /* If we cannot write out a change for the exact +- +.11.0 + diff --git a/gnu/packages/patches/vtk-mesa-10.patch b/gnu/packages/patches/vtk-mesa-10.patch deleted file mode 100644 index bc60af68c4..0000000000 --- a/gnu/packages/patches/vtk-mesa-10.patch +++ /dev/null @@ -1,36 +0,0 @@ -Fix build against new mesa. See: - - https://bugs.freedesktop.org/show_bug.cgi?id=83631 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765938 - -Description: fixes FTBFS against new libjpeg-turbo -Author: Ondřej Surý <ondrej@debian.org> -Bug-Debian: https://bugs.debian.org/765938 -Reviewed-By: Anton Gladky <gladk@debian.org> -Last-Update: 2014-10-22 - -Index: vtk6-6.1.0+dfsg2/Rendering/OpenGL/vtkOpenGL.h -=================================================================== ---- vtk6-6.1.0+dfsg2.orig/Rendering/OpenGL/vtkOpenGL.h -+++ vtk6-6.1.0+dfsg2/Rendering/OpenGL/vtkOpenGL.h -@@ -20,6 +20,7 @@ - - // To prevent gl.h to include glext.h provided by the system - #define GL_GLEXT_LEGACY -+#define GLX_GLEXT_LEGACY - #if defined(__APPLE__) && (defined(VTK_USE_CARBON) || defined(VTK_USE_COCOA)) - # include <OpenGL/gl.h> // Include OpenGL API. - #else -Index: vtk6-6.1.0+dfsg2/Rendering/OpenGL/vtkXOpenGLRenderWindow.cxx -=================================================================== ---- vtk6-6.1.0+dfsg2.orig/Rendering/OpenGL/vtkXOpenGLRenderWindow.cxx -+++ vtk6-6.1.0+dfsg2/Rendering/OpenGL/vtkXOpenGLRenderWindow.cxx -@@ -27,7 +27,7 @@ - - // define GLX_GLXEXT_LEGACY to prevent glx.h to include glxext.h provided by - // the system --//#define GLX_GLXEXT_LEGACY -+#define GLX_GLXEXT_LEGACY - #include "GL/glx.h" - - #include "vtkgl.h" |