From 514c2f480643c3481498b4a3ad32d6e6351260ff Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Tue, 5 Sep 2017 12:56:00 -0400 Subject: gnu: tcpdump: Fix CVE-2017-[11541,11542,11543]. * gnu/packages/patches/tcpdump-CVE-2017-11541.patch, gnu/packages/patches/tcpdump-CVE-2017-11542.patch gnu/packages/patches/tcpdump-CVE-2017-11543.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/admin.scm (tcpdump)[source]: Use them. --- gnu/local.mk | 3 +++ 1 file changed, 3 insertions(+) (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 643a88db81..edfecc7783 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1031,6 +1031,9 @@ dist_patch_DATA = \ %D%/packages/patches/tar-skip-unreliable-tests.patch \ %D%/packages/patches/tcl-mkindex-deterministic.patch \ %D%/packages/patches/tclxml-3.2-install.patch \ + %D%/packages/patches/tcpdump-CVE-2017-11541.patch \ + %D%/packages/patches/tcpdump-CVE-2017-11542.patch \ + %D%/packages/patches/tcpdump-CVE-2017-11543.patch \ %D%/packages/patches/tcsh-fix-autotest.patch \ %D%/packages/patches/tcsh-fix-out-of-bounds-read.patch \ %D%/packages/patches/teensy-loader-cli-help.patch \ -- cgit v1.2.3 From f1597427f220b0799b9c8847768d2f5a93fe3730 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Tue, 5 Sep 2017 23:02:56 +0300 Subject: gnu: file: Fix CVE-2017-1000249. * gnu/packages/file.scm (file)[replacement]: New field. (file/fixed): New variable. * gnu/packages/commencement.scm (file-boot0): Use package/inherit. * gnu/packages/patches/file-CVE-2017-1000249.patch. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/commencement.scm | 3 +-- gnu/packages/file.scm | 11 ++++++++-- gnu/packages/patches/file-CVE-2017-1000249.patch | 27 ++++++++++++++++++++++++ 4 files changed, 38 insertions(+), 4 deletions(-) create mode 100644 gnu/packages/patches/file-CVE-2017-1000249.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index edfecc7783..445d126c1b 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -603,6 +603,7 @@ dist_patch_DATA = \ %D%/packages/patches/fasthenry-spFactor.patch \ %D%/packages/patches/fcgi-2.4.0-gcc44-fixes.patch \ %D%/packages/patches/fcgi-2.4.0-poll.patch \ + %D%/packages/patches/file-CVE-2017-1000249.patch \ %D%/packages/patches/findutils-localstatedir.patch \ %D%/packages/patches/findutils-gnulib-multi-core.patch \ %D%/packages/patches/findutils-test-xargs.patch \ diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm index 2b67881ede..7bbe1becd9 100644 --- a/gnu/packages/commencement.scm +++ b/gnu/packages/commencement.scm @@ -112,8 +112,7 @@ (define findutils-boot0 (define file-boot0 (package-with-bootstrap-guile - (package-with-explicit-inputs (package - (inherit file) + (package-with-explicit-inputs (package/inherit file (name "file-boot0")) `(("make" ,gnu-make-boot0) ,@%bootstrap-inputs) diff --git a/gnu/packages/file.scm b/gnu/packages/file.scm index 050e6715b1..3bc8e1dcfe 100644 --- a/gnu/packages/file.scm +++ b/gnu/packages/file.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013 Andreas Enge ;;; Copyright © 2014, 2015 Mark H Weaver -;;; Copyright © 2016 Efraim Flashner +;;; Copyright © 2016, 2017 Efraim Flashner ;;; ;;; This file is part of GNU Guix. ;;; @@ -27,7 +27,8 @@ (define-module (gnu packages file) (define-public file (package - (name "file") + (replacement file/fixed) + (name "file") (version "5.30") (source (origin (method url-fetch) @@ -51,3 +52,9 @@ (define-public file (license bsd-2) (home-page "http://www.darwinsys.com/file/"))) +(define file/fixed + (package + (inherit file) + (source (origin + (inherit (package-source file)) + (patches (search-patches "file-CVE-2017-1000249.patch")))))) diff --git a/gnu/packages/patches/file-CVE-2017-1000249.patch b/gnu/packages/patches/file-CVE-2017-1000249.patch new file mode 100644 index 0000000000..505acf1592 --- /dev/null +++ b/gnu/packages/patches/file-CVE-2017-1000249.patch @@ -0,0 +1,27 @@ +https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793.patch +http://openwall.com/lists/oss-security/2017/09/05/3 + +The patch is minorly modified to apply to file-5.30 + +From 35c94dc6acc418f1ad7f6241a6680e5327495793 Mon Sep 17 00:00:00 2001 +From: Christos Zoulas +Date: Sun, 27 Aug 2017 07:55:02 +0000 +Subject: [PATCH] Fix always true condition (Thomas Jarosch) + +--- + src/readelf.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/readelf.c b/src/readelf.c +index 81451827..5f425c97 100644 +--- a/src/readelf.c ++++ b/src/readelf.c +@@ -511,7 +511,7 @@ do_bid_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type, + size_t noff, size_t doff, int *flags) + { + if (namesz == 4 && strcmp((char *)&nbuf[noff], "GNU") == 0 && +- type == NT_GNU_BUILD_ID && (descsz >= 4 || descsz <= 20)) { ++ type == NT_GNU_BUILD_ID && (descsz >= 4 && descsz <= 20)) { + uint8_t desc[20]; + const char *btype; + uint32_t i; -- cgit v1.2.3 From 026ebc141ff9eb6147c9538f004119193d4cfe49 Mon Sep 17 00:00:00 2001 From: Roel Janssen Date: Fri, 25 Aug 2017 20:15:40 +0200 Subject: gnu: Update calibre to 3.6.0. * gnu/local.mk: Remove calibre-drop-unrar.patch * gnu/packages/ebook.scm (calibre): Update to 3.6.0. Add python-html5-parser input. * gnu/packages/patches/calibre-drop-unrar.patch: Remove file. --- gnu/local.mk | 1 - gnu/packages/ebook.scm | 12 ++++--- gnu/packages/patches/calibre-drop-unrar.patch | 49 --------------------------- 3 files changed, 7 insertions(+), 55 deletions(-) delete mode 100644 gnu/packages/patches/calibre-drop-unrar.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 445d126c1b..73efaba64e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -536,7 +536,6 @@ dist_patch_DATA = \ %D%/packages/patches/blast+-fix-makefile.patch \ %D%/packages/patches/byobu-writable-status.patch \ %D%/packages/patches/cairo-CVE-2016-9082.patch \ - %D%/packages/patches/calibre-drop-unrar.patch \ %D%/packages/patches/calibre-no-updates-dialog.patch \ %D%/packages/patches/calibre-use-packaged-feedparser.patch \ %D%/packages/patches/catdoc-CVE-2017-11110.patch \ diff --git a/gnu/packages/ebook.scm b/gnu/packages/ebook.scm index 38abf47c87..4bcaa0abfe 100644 --- a/gnu/packages/ebook.scm +++ b/gnu/packages/ebook.scm @@ -72,7 +72,7 @@ (define-public chmlib (define-public calibre (package (name "calibre") - (version "3.0.0") + (version "3.6.0") (source (origin (method url-fetch) @@ -81,21 +81,19 @@ (define-public calibre version ".tar.xz")) (sha256 (base32 - "1zhk7bvgr973dd18x4wp48kzai29qqqi5qcy72sxc4wcbk2sbnkw")) + "0vp2nds4b5xbchsh1rpc1q7093gd26dnw7mgbnax97dcchvlc4sc")) ;; Remove non-free or doubtful code, see ;; https://lists.gnu.org/archive/html/guix-devel/2015-02/msg00478.html (modules '((guix build utils))) (snippet '(begin (delete-file-recursively "src/calibre/ebooks/markdown") - (delete-file-recursively "src/unrar") (delete-file "src/odf/thumbnail.py") (delete-file-recursively "resources/fonts/liberation") (substitute* (find-files "." "\\.py") (("calibre\\.ebooks\\.markdown") "markdown")) #t)) - (patches (search-patches "calibre-drop-unrar.patch" - "calibre-use-packaged-feedparser.patch" + (patches (search-patches "calibre-use-packaged-feedparser.patch" "calibre-no-updates-dialog.patch")))) (build-system python-build-system) (native-inputs @@ -129,6 +127,7 @@ (define-public calibre ("python2-dbus" ,python2-dbus) ("python2-dnspython" ,python2-dnspython) ("python2-feedparser" ,python2-feedparser) + ("python2-html5-parser" ,python2-html5-parser) ("python2-lxml" ,python2-lxml) ("python2-markdown" ,python2-markdown) ("python2-mechanize" ,python2-mechanize) @@ -140,6 +139,9 @@ (define-public calibre ("python2-pyqt" ,python2-pyqt) ("python2-sip" ,python2-sip) ("python2-regex" ,python2-regex) + ;; python2-unrardll is needed for decompressing RAR files. + ;; A program called 'pdf2html' is needed for reading PDF books + ;; in the web interface. ("sqlite" ,sqlite))) (arguments `(#:python ,python-2 diff --git a/gnu/packages/patches/calibre-drop-unrar.patch b/gnu/packages/patches/calibre-drop-unrar.patch deleted file mode 100644 index adf977b183..0000000000 --- a/gnu/packages/patches/calibre-drop-unrar.patch +++ /dev/null @@ -1,49 +0,0 @@ -Recreated old debian patch on the latest calibre version - -From 6764e4c211e50d4f4633dbabfba7cbc3089c51dc Mon Sep 17 00:00:00 2001 -From: Brendan Tildesley -Date: Sat, 13 May 2017 21:12:12 +1000 -Subject: [PATCH] Remove unrar extension - ---- - setup/extensions.json | 11 ----------- - src/calibre/ebooks/metadata/archive.py | 2 +- - 2 files changed, 1 insertion(+), 12 deletions(-) - -diff --git a/setup/extensions.json b/setup/extensions.json -index 1f6d1fb5fd..127390450f 100644 ---- a/setup/extensions.json -+++ b/setup/extensions.json -@@ -211,16 +211,5 @@ - "sources": "calibre/devices/mtp/unix/devices.c calibre/devices/mtp/unix/libmtp.c", - "headers": "calibre/devices/mtp/unix/devices.h calibre/devices/mtp/unix/upstream/music-players.h calibre/devices/mtp/unix/upstream/device-flags.h", - "libraries": "mtp" -- }, -- { -- "name": "unrar", -- "sources": "unrar/rar.cpp unrar/strlist.cpp unrar/strfn.cpp unrar/pathfn.cpp unrar/savepos.cpp unrar/smallfn.cpp unrar/global.cpp unrar/file.cpp unrar/filefn.cpp unrar/filcreat.cpp unrar/archive.cpp unrar/arcread.cpp unrar/unicode.cpp unrar/system.cpp unrar/isnt.cpp unrar/crypt.cpp unrar/crc.cpp unrar/rawread.cpp unrar/encname.cpp unrar/resource.cpp unrar/match.cpp unrar/timefn.cpp unrar/rdwrfn.cpp unrar/consio.cpp unrar/options.cpp unrar/ulinks.cpp unrar/errhnd.cpp unrar/rarvm.cpp unrar/secpassword.cpp unrar/rijndael.cpp unrar/getbits.cpp unrar/sha1.cpp unrar/extinfo.cpp unrar/extract.cpp unrar/volume.cpp unrar/list.cpp unrar/find.cpp unrar/unpack.cpp unrar/cmddata.cpp unrar/filestr.cpp unrar/scantree.cpp calibre/utils/unrar.cpp", -- "inc_dirs": "unrar", -- "defines": "SILENT RARDLL UNRAR _FILE_OFFSET_BITS=64 _LARGEFILE_SOURCE", -- "windows_defines": "SILENT RARDLL UNRAR", -- "haiku_defines": "LITTLE_ENDIAN SILENT RARDLL UNRAR _FILE_OFFSET_BITS=64 _LARGEFILE_SOURCE _BSD_SOURCE", -- "haiku_libraries": "bsd", -- "optimize_level": 2, -- "windows_libraries": "User32 Advapi32 kernel32 Shell32" - } - ] -diff --git a/src/calibre/ebooks/metadata/archive.py b/src/calibre/ebooks/metadata/archive.py -index f5c0b7bed3..32257dcdae 100644 ---- a/src/calibre/ebooks/metadata/archive.py -+++ b/src/calibre/ebooks/metadata/archive.py -@@ -44,7 +44,7 @@ class ArchiveExtract(FileTypePlugin): - description = _('Extract common e-book formats from archive files ' - '(ZIP/RAR). Also try to autodetect if they are actually ' - 'CBZ/CBR files.') -- file_types = set(['zip', 'rar']) -+ file_types = set(['zip']) - supported_platforms = ['windows', 'osx', 'linux'] - on_import = True - --- -2.12.2 - -- cgit v1.2.3 From f049e79dc34c112fca244946256920a5ce2e9db0 Mon Sep 17 00:00:00 2001 From: Nicolas Goaziou Date: Wed, 6 Sep 2017 12:51:59 +0200 Subject: gnu: csound: Update to 6.09.1. * gnu/packages/audio.scm (csound): Update to 6.09.1. Change source URI. * gnu/packages/patches/csound-header-ordering.patch: Remove patch. * gnu/local.mk (dist_patch_DATA): Remove reference to patch above. --- gnu/local.mk | 1 - gnu/packages/audio.scm | 16 +++++----------- gnu/packages/patches/csound-header-ordering.patch | 20 -------------------- 3 files changed, 5 insertions(+), 32 deletions(-) delete mode 100644 gnu/packages/patches/csound-header-ordering.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 73efaba64e..2975c0208e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -566,7 +566,6 @@ dist_patch_DATA = \ %D%/packages/patches/crawl-upgrade-saves.patch \ %D%/packages/patches/crda-optional-gcrypt.patch \ %D%/packages/patches/crossmap-allow-system-pysam.patch \ - %D%/packages/patches/csound-header-ordering.patch \ %D%/packages/patches/clucene-contribs-lib.patch \ %D%/packages/patches/curl-bounds-check.patch \ %D%/packages/patches/cursynth-wave-rand.patch \ diff --git a/gnu/packages/audio.scm b/gnu/packages/audio.scm index e27c13bed4..1b7950cf00 100644 --- a/gnu/packages/audio.scm +++ b/gnu/packages/audio.scm @@ -568,23 +568,17 @@ (define-public swh-plugins-lv2 (define-public csound (package (name "csound") - (version "6.05") + (version "6.09.1") (source (origin (method url-fetch) (uri (string-append - "mirror://sourceforge/csound/csound6/Csound" - version "/Csound" version ".tar.gz")) + "https://github.com/csound/csound/archive/" + version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "0a1sni6lr7qpwywpggbkp0ia3h9bwwgf9i87gsag8ra2h30v82hd")) - (patches (search-patches "csound-header-ordering.patch")))) + "0f67vyy3r29hn26qkkcwnizrnzzy8p7gmg3say5q3wjhxns3b5yl")))) (build-system cmake-build-system) - (arguments - ;; Work around this error on x86_64 with libc 2.22+: - ;; libmvec.so.1: error adding symbols: DSO missing from command line - (if (string-prefix? "x86_64" (or (%current-target-system) (%current-system))) - '(#:configure-flags '("-DCMAKE_EXE_LINKER_FLAGS=-lmvec")) - '())) (inputs `(("alsa-lib" ,alsa-lib) ("boost" ,boost) diff --git a/gnu/packages/patches/csound-header-ordering.patch b/gnu/packages/patches/csound-header-ordering.patch deleted file mode 100644 index 3640d123dd..0000000000 --- a/gnu/packages/patches/csound-header-ordering.patch +++ /dev/null @@ -1,20 +0,0 @@ -Prevent compilation issues with boost-1.60.0. - -Reported upstream at https://github.com/csound/csound/issues/570 - ---- Csound6.05/Opcodes/chua/ChuaOscillator.cpp 2015-04-25 14:06:22.995646234 -0500 -+++ Csound6.05/Opcodes/chua/ChuaOscillator.cpp 2015-12-21 10:31:58.182362640 -0600 -@@ -117,11 +117,12 @@ - // d = sys_variables(12); - // gnor = a*(x.^3) + b*(x.^2) + c*x + d; - --#include - #include - using namespace boost::numeric; - #include - -+#include -+ - #undef CS_KSMPS - #define CS_KSMPS (opds.insdshead->ksmps) - -- cgit v1.2.3 From 3b7c606965656e95725e9cd5f1c7cfc4d0ea18cf Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Wed, 6 Sep 2017 13:17:45 +0300 Subject: gnu: openjpeg: Fix CVE-2017-14151, CVE-2017-14152. * gnu/packages/image.scm (openjpeg)[source]: Add patches. * gnu/packages/patches/openjpeg-CVE-2017-14151.patch, gnu/packages/patches/openjpeg-CVE-2017-14152.patch: New files. * gnu/local.mk (dist_patch_DATA): Register them. --- gnu/local.mk | 2 + gnu/packages/image.scm | 4 +- gnu/packages/patches/openjpeg-CVE-2017-14151.patch | 46 ++++++++++++++++++++++ gnu/packages/patches/openjpeg-CVE-2017-14152.patch | 38 ++++++++++++++++++ 4 files changed, 89 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/openjpeg-CVE-2017-14151.patch create mode 100644 gnu/packages/patches/openjpeg-CVE-2017-14152.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 2975c0208e..19dfa13449 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -888,6 +888,8 @@ dist_patch_DATA = \ %D%/packages/patches/openjpeg-CVE-2017-12982.patch \ %D%/packages/patches/openjpeg-CVE-2017-14040.patch \ %D%/packages/patches/openjpeg-CVE-2017-14041.patch \ + %D%/packages/patches/openjpeg-CVE-2017-14151.patch \ + %D%/packages/patches/openjpeg-CVE-2017-14152.patch \ %D%/packages/patches/openldap-CVE-2017-9287.patch \ %D%/packages/patches/openocd-nrf52.patch \ %D%/packages/patches/openssl-runpath.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 5d062b107b..3bb8de15c4 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -522,7 +522,9 @@ (define-public openjpeg "0yvfghxwfm3dcqr9krkw63pcd76hzkknc3fh7bh11s8qlvjvrpbg")) (patches (search-patches "openjpeg-CVE-2017-12982.patch" "openjpeg-CVE-2017-14040.patch" - "openjpeg-CVE-2017-14041.patch")))) + "openjpeg-CVE-2017-14041.patch" + "openjpeg-CVE-2017-14151.patch" + "openjpeg-CVE-2017-14152.patch")))) (build-system cmake-build-system) (arguments ;; Trying to run `$ make check' results in a no rule fault. diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14151.patch b/gnu/packages/patches/openjpeg-CVE-2017-14151.patch new file mode 100644 index 0000000000..4fcf6af6db --- /dev/null +++ b/gnu/packages/patches/openjpeg-CVE-2017-14151.patch @@ -0,0 +1,46 @@ +https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9.patch +http://openwall.com/lists/oss-security/2017/09/06/1 + +From afb308b9ccbe129608c9205cf3bb39bbefad90b9 Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Mon, 14 Aug 2017 17:20:37 +0200 +Subject: [PATCH] Encoder: grow buffer size in + opj_tcd_code_block_enc_allocate_data() to avoid write heap buffer overflow in + opj_mqc_flush (#982) + +--- + src/lib/openjp2/tcd.c | 7 +++++-- + tests/nonregression/test_suite.ctest.in | 2 ++ + 2 files changed, 7 insertions(+), 2 deletions(-) + +diff --git a/src/lib/openjp2/tcd.c b/src/lib/openjp2/tcd.c +index 301c7213e..53cdcf64d 100644 +--- a/src/lib/openjp2/tcd.c ++++ b/src/lib/openjp2/tcd.c +@@ -1187,8 +1187,11 @@ static OPJ_BOOL opj_tcd_code_block_enc_allocate_data(opj_tcd_cblk_enc_t * + { + OPJ_UINT32 l_data_size; + +- /* The +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */ +- l_data_size = 1 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * ++ /* +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */ ++ /* and actually +2 required for https://github.com/uclouvain/openjpeg/issues/982 */ ++ /* TODO: is there a theoretical upper-bound for the compressed code */ ++ /* block size ? */ ++ l_data_size = 2 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * + (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32)); + + if (l_data_size > p_code_block->data_size) { +diff --git a/tests/nonregression/test_suite.ctest.in b/tests/nonregression/test_suite.ctest.in +index aaf40d7d0..ffd964c2a 100644 +--- a/tests/nonregression/test_suite.ctest.in ++++ b/tests/nonregression/test_suite.ctest.in +@@ -169,6 +169,8 @@ opj_compress -i @INPUT_NR_PATH@/Bretagne2.ppm -o @TEMP_PATH@/Bretagne2_empty_ban + # Same rate as Bretagne2_4.j2k + opj_compress -i @INPUT_NR_PATH@/Bretagne2.ppm -o @TEMP_PATH@/Bretagne2_empty_band_r800.j2k -t 2591,1943 -n 2 -r 800 + ++opj_compress -i @INPUT_NR_PATH@/issue982.bmp -o @TEMP_PATH@/issue982.j2k -n 1 ++ + # DECODER TEST SUITE + opj_decompress -i @INPUT_NR_PATH@/Bretagne2.j2k -o @TEMP_PATH@/Bretagne2.j2k.pgx + opj_decompress -i @INPUT_NR_PATH@/_00042.j2k -o @TEMP_PATH@/_00042.j2k.pgx diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14152.patch b/gnu/packages/patches/openjpeg-CVE-2017-14152.patch new file mode 100644 index 0000000000..6c083be123 --- /dev/null +++ b/gnu/packages/patches/openjpeg-CVE-2017-14152.patch @@ -0,0 +1,38 @@ +https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154.patch +http://openwall.com/lists/oss-security/2017/09/06/2 + +From 4241ae6fbbf1de9658764a80944dc8108f2b4154 Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Tue, 15 Aug 2017 11:55:58 +0200 +Subject: [PATCH] Fix assertion in debug mode / heap-based buffer overflow in + opj_write_bytes_LE for Cinema profiles with numresolutions = 1 (#985) + +--- + src/lib/openjp2/j2k.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c +index a2521ebbc..54b490a8c 100644 +--- a/src/lib/openjp2/j2k.c ++++ b/src/lib/openjp2/j2k.c +@@ -6573,10 +6573,16 @@ static void opj_j2k_set_cinema_parameters(opj_cparameters_t *parameters, + + /* Precincts */ + parameters->csty |= 0x01; +- parameters->res_spec = parameters->numresolution - 1; +- for (i = 0; i < parameters->res_spec; i++) { +- parameters->prcw_init[i] = 256; +- parameters->prch_init[i] = 256; ++ if (parameters->numresolution == 1) { ++ parameters->res_spec = 1; ++ parameters->prcw_init[0] = 128; ++ parameters->prch_init[0] = 128; ++ } else { ++ parameters->res_spec = parameters->numresolution - 1; ++ for (i = 0; i < parameters->res_spec; i++) { ++ parameters->prcw_init[i] = 256; ++ parameters->prch_init[i] = 256; ++ } + } + + /* The progression order shall be CPRL */ -- cgit v1.2.3 From 98df3a88b5e323087db6097094f119fa4663f6d3 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Wed, 6 Sep 2017 14:19:50 +0300 Subject: gnu: libzip: Update to 1.3.0 (fixes CVE-2017-14107). * gnu/packages/compression.scm (libzip): Update to 1.3.0. [source]: Remove patch. [arguments]: Remove custom 'patch-perl phase. * gnu/packages/patches/libzip-CVE-2017-12858.patch: Remove file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/compression.scm | 14 ++------ gnu/packages/patches/libzip-CVE-2017-12858.patch | 45 ------------------------ 3 files changed, 3 insertions(+), 57 deletions(-) delete mode 100644 gnu/packages/patches/libzip-CVE-2017-12858.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 19dfa13449..a38e4e2d5a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -812,7 +812,6 @@ dist_patch_DATA = \ %D%/packages/patches/libxslt-generated-ids.patch \ %D%/packages/patches/libxslt-CVE-2016-4738.patch \ %D%/packages/patches/libxt-guix-search-paths.patch \ - %D%/packages/patches/libzip-CVE-2017-12858.patch \ %D%/packages/patches/lierolibre-check-unaligned-access.patch \ %D%/packages/patches/lierolibre-is-free-software.patch \ %D%/packages/patches/lierolibre-newer-libconfig.patch \ diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index a6758e9471..499c13a291 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -1542,22 +1542,14 @@ (define-public perl-zip (define-public libzip (package (name "libzip") - (version "1.2.0") + (version "1.3.0") (source (origin (method url-fetch) (uri (string-append - "https://nih.at/libzip/libzip-" version ".tar.gz")) - (patches (search-patches "libzip-CVE-2017-12858.patch")) + "https://nih.at/libzip/libzip-" version ".tar.xz")) (sha256 (base32 - "17vxj2ffsxwh8lkc6801ppmwj15jp8q58rin76znxfbx88789ybc")))) - (arguments - `(#:phases - (modify-phases %standard-phases - (add-before 'configure 'patch-perl - (lambda _ - (substitute* "regress/runtest.in" - (("/usr/bin/env perl") (which "perl")))))))) + "0wykw0q9dwdzx0gssi2dpgckx9ggr2spzc1amjnff6wi6kz6x4xa")))) (native-inputs `(("perl" ,perl))) (inputs diff --git a/gnu/packages/patches/libzip-CVE-2017-12858.patch b/gnu/packages/patches/libzip-CVE-2017-12858.patch deleted file mode 100644 index 8125173f95..0000000000 --- a/gnu/packages/patches/libzip-CVE-2017-12858.patch +++ /dev/null @@ -1,45 +0,0 @@ -Fix CVE-2017-12858: - -http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12858 - -Patch copied from upstream source repository: - -https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796 - -From 2217022b7d1142738656d891e00b3d2d9179b796 Mon Sep 17 00:00:00 2001 -From: Thomas Klausner -Date: Mon, 14 Aug 2017 10:55:44 +0200 -Subject: [PATCH] Fix double free(). - -Found by Brian 'geeknik' Carpenter using AFL. ---- - THANKS | 1 + - lib/zip_dirent.c | 3 --- - 2 files changed, 1 insertion(+), 3 deletions(-) - -diff --git a/THANKS b/THANKS -index be0cca9..a80ee1d 100644 ---- a/THANKS -+++ b/THANKS -@@ -12,6 +12,7 @@ BALATON Zoltan - Benjamin Gilbert - Boaz Stolk - Bogdan -+Brian 'geeknik' Carpenter - Chris Nehren - Coverity - Dane Springmeyer -diff --git a/lib/zip_dirent.c b/lib/zip_dirent.c -index a369900..e5a7cc9 100644 ---- a/lib/zip_dirent.c -+++ b/lib/zip_dirent.c -@@ -579,9 +579,6 @@ _zip_dirent_read(zip_dirent_t *zde, zip_source_t *src, zip_buffer_t *buffer, boo - } - - if (!_zip_dirent_process_winzip_aes(zde, error)) { -- if (!from_buffer) { -- _zip_buffer_free(buffer); -- } - return -1; - } - -- cgit v1.2.3 From 94d671f673d184691cb13d36203e109c13cd4859 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Wed, 6 Sep 2017 15:43:30 -0400 Subject: gnu: libarchive: Replace with libarchive 3.3.2 and fix CVE-2017-14166. * gnu/packages/backup.scm (libarchive)[replacement]: New field. (libarchive-3.3.2): New variable. * gnu/packages/patches/libarchive-CVE-2017-14166.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/backup.scm | 9 +++-- .../patches/libarchive-CVE-2017-14166.patch | 45 ++++++++++++++++++++++ 3 files changed, 51 insertions(+), 4 deletions(-) create mode 100644 gnu/packages/patches/libarchive-CVE-2017-14166.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index a38e4e2d5a..60e9ff29f1 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -752,6 +752,7 @@ dist_patch_DATA = \ %D%/packages/patches/liba52-link-with-libm.patch \ %D%/packages/patches/liba52-set-soname.patch \ %D%/packages/patches/liba52-use-mtune-not-mcpu.patch \ + %D%/packages/patches/libarchive-CVE-2017-14166.patch \ %D%/packages/patches/libbase-fix-includes.patch \ %D%/packages/patches/libbase-use-own-logging.patch \ %D%/packages/patches/libbonobo-activation-test-race.patch \ diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm index eca69bebed..006d00ef0c 100644 --- a/gnu/packages/backup.scm +++ b/gnu/packages/backup.scm @@ -184,6 +184,7 @@ (define-public hdup (define-public libarchive (package (name "libarchive") + (replacement libarchive-3.3.2) (version "3.3.1") (source (origin @@ -239,19 +240,19 @@ (define-public libarchive random access nor for in-place modification.") (license license:bsd-2))) -(define libarchive-3.3.1 +(define libarchive-3.3.2 (package (inherit libarchive) - (name "libarchive") - (version "3.3.1") + (version "3.3.2") (source (origin (method url-fetch) (uri (string-append "http://libarchive.org/downloads/libarchive-" version ".tar.gz")) + (patches (search-patches "libarchive-CVE-2017-14166.patch")) (sha256 (base32 - "1rr40hxlm9vy5z2zb5w7pyfkgd1a4s061qapm83s19accb8mpji9")))))) + "1km0mzfl6in7l5vz9kl09a88ajx562rw93ng9h2jqavrailvsbgd")))))) (define-public rdup (package diff --git a/gnu/packages/patches/libarchive-CVE-2017-14166.patch b/gnu/packages/patches/libarchive-CVE-2017-14166.patch new file mode 100644 index 0000000000..a122848440 --- /dev/null +++ b/gnu/packages/patches/libarchive-CVE-2017-14166.patch @@ -0,0 +1,45 @@ +Fix CVE-2017-14166: + +https://github.com/libarchive/libarchive/issues/935 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166 + +Patch copied from upstream source repository: + +https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71 + +From fa7438a0ff4033e4741c807394a9af6207940d71 Mon Sep 17 00:00:00 2001 +From: Joerg Sonnenberger +Date: Tue, 5 Sep 2017 18:12:19 +0200 +Subject: [PATCH] Do something sensible for empty strings to make fuzzers + happy. + +--- + libarchive/archive_read_support_format_xar.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c +index 7a22beb9d..93eeacc5e 100644 +--- a/libarchive/archive_read_support_format_xar.c ++++ b/libarchive/archive_read_support_format_xar.c +@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt) + uint64_t l; + int digit; + ++ if (char_cnt == 0) ++ return (0); ++ + l = 0; + digit = *p - '0'; + while (digit >= 0 && digit < 10 && char_cnt-- > 0) { +@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt) + { + int64_t l; + int digit; +- ++ ++ if (char_cnt == 0) ++ return (0); ++ + l = 0; + while (char_cnt-- > 0) { + if (*p >= '0' && *p <= '7') -- cgit v1.2.3 From 6a7bd25bf29f886ac2700c99d5e84ee004ee488e Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Thu, 7 Sep 2017 14:44:45 -0400 Subject: gnu: qemu: Fix CVE-2017-{13711,14167}. * gnu/packages/patches/qemu-CVE-2017-14167.patch gnu/packages/patches/qemu-CVE-2017-13711.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/virtualization.scm (qemu)[source]: Use them. --- gnu/local.mk | 2 + gnu/packages/patches/qemu-CVE-2017-13711.patch | 89 ++++++++++++++++++++++++++ gnu/packages/patches/qemu-CVE-2017-14167.patch | 69 ++++++++++++++++++++ gnu/packages/virtualization.scm | 2 + 4 files changed, 162 insertions(+) create mode 100644 gnu/packages/patches/qemu-CVE-2017-13711.patch create mode 100644 gnu/packages/patches/qemu-CVE-2017-14167.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 60e9ff29f1..9df17110b6 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -978,6 +978,8 @@ dist_patch_DATA = \ %D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \ %D%/packages/patches/python-pygpgme-fix-pinentry-tests.patch \ %D%/packages/patches/python2-subprocess32-disable-input-test.patch \ + %D%/packages/patches/qemu-CVE-2017-13711.patch \ + %D%/packages/patches/qemu-CVE-2017-14167.patch \ %D%/packages/patches/qt4-ldflags.patch \ %D%/packages/patches/qtscript-disable-tests.patch \ %D%/packages/patches/quagga-reproducible-build.patch \ diff --git a/gnu/packages/patches/qemu-CVE-2017-13711.patch b/gnu/packages/patches/qemu-CVE-2017-13711.patch new file mode 100644 index 0000000000..4070115419 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-13711.patch @@ -0,0 +1,89 @@ +Fix CVE-2017-13711: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13711 + +Patch copied from upstream source repository: + +https://git.qemu.org/?p=qemu.git;a=commitdiff;h=1201d308519f1e915866d7583d5136d03cc1d384 + +From 1201d308519f1e915866d7583d5136d03cc1d384 Mon Sep 17 00:00:00 2001 +From: Samuel Thibault +Date: Fri, 25 Aug 2017 01:35:53 +0200 +Subject: [PATCH] slirp: fix clearing ifq_so from pending packets +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The if_fastq and if_batchq contain not only packets, but queues of packets +for the same socket. When sofree frees a socket, it thus has to clear ifq_so +from all the packets from the queues, not only the first. + +Signed-off-by: Samuel Thibault +Reviewed-by: Philippe Mathieu-Daudé +Cc: qemu-stable@nongnu.org +Signed-off-by: Peter Maydell +--- + slirp/socket.c | 39 +++++++++++++++++++++++---------------- + 1 file changed, 23 insertions(+), 16 deletions(-) + +diff --git a/slirp/socket.c b/slirp/socket.c +index ecec0295a9..cb7b5b608d 100644 +--- a/slirp/socket.c ++++ b/slirp/socket.c +@@ -59,6 +59,27 @@ socreate(Slirp *slirp) + return(so); + } + ++/* ++ * Remove references to so from the given message queue. ++ */ ++static void ++soqfree(struct socket *so, struct quehead *qh) ++{ ++ struct mbuf *ifq; ++ ++ for (ifq = (struct mbuf *) qh->qh_link; ++ (struct quehead *) ifq != qh; ++ ifq = ifq->ifq_next) { ++ if (ifq->ifq_so == so) { ++ struct mbuf *ifm; ++ ifq->ifq_so = NULL; ++ for (ifm = ifq->ifs_next; ifm != ifq; ifm = ifm->ifs_next) { ++ ifm->ifq_so = NULL; ++ } ++ } ++ } ++} ++ + /* + * remque and free a socket, clobber cache + */ +@@ -66,23 +87,9 @@ void + sofree(struct socket *so) + { + Slirp *slirp = so->slirp; +- struct mbuf *ifm; + +- for (ifm = (struct mbuf *) slirp->if_fastq.qh_link; +- (struct quehead *) ifm != &slirp->if_fastq; +- ifm = ifm->ifq_next) { +- if (ifm->ifq_so == so) { +- ifm->ifq_so = NULL; +- } +- } +- +- for (ifm = (struct mbuf *) slirp->if_batchq.qh_link; +- (struct quehead *) ifm != &slirp->if_batchq; +- ifm = ifm->ifq_next) { +- if (ifm->ifq_so == so) { +- ifm->ifq_so = NULL; +- } +- } ++ soqfree(so, &slirp->if_fastq); ++ soqfree(so, &slirp->if_batchq); + + if (so->so_emu==EMU_RSH && so->extra) { + sofree(so->extra); +-- +2.14.1 + diff --git a/gnu/packages/patches/qemu-CVE-2017-14167.patch b/gnu/packages/patches/qemu-CVE-2017-14167.patch new file mode 100644 index 0000000000..a6007ac082 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-14167.patch @@ -0,0 +1,69 @@ +Fix CVE-2017-14167: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14167 +http://seclists.org/oss-sec/2017/q3/407 + +Patch copied from upstream development mailing list: + +https://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg01483.html + +From: Prasad J Pandit + +While loading kernel via multiboot-v1 image, (flags & 0x00010000) +indicates that multiboot header contains valid addresses to load +the kernel image. These addresses are used to compute kernel +size and kernel text offset in the OS image. Validate these +address values to avoid an OOB access issue. + +This is CVE-2017-14167. + +Reported-by: Thomas Garnier +Signed-off-by: Prasad J Pandit +--- + hw/i386/multiboot.c | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +Update: add CVE-ID to the commit message. + +diff --git a/hw/i386/multiboot.c b/hw/i386/multiboot.c +index 6001f4caa2..c7b70c91d5 100644 +--- a/hw/i386/multiboot.c ++++ b/hw/i386/multiboot.c +@@ -221,15 +221,34 @@ int load_multiboot(FWCfgState *fw_cfg, + uint32_t mh_header_addr = ldl_p(header+i+12); + uint32_t mh_load_end_addr = ldl_p(header+i+20); + uint32_t mh_bss_end_addr = ldl_p(header+i+24); ++ + mh_load_addr = ldl_p(header+i+16); ++ if (mh_header_addr < mh_load_addr) { ++ fprintf(stderr, "invalid mh_load_addr address\n"); ++ exit(1); ++ } ++ + uint32_t mb_kernel_text_offset = i - (mh_header_addr - mh_load_addr); + uint32_t mb_load_size = 0; + mh_entry_addr = ldl_p(header+i+28); + + if (mh_load_end_addr) { ++ if (mh_bss_end_addr < mh_load_addr) { ++ fprintf(stderr, "invalid mh_bss_end_addr address\n"); ++ exit(1); ++ } + mb_kernel_size = mh_bss_end_addr - mh_load_addr; ++ ++ if (mh_load_end_addr < mh_load_addr) { ++ fprintf(stderr, "invalid mh_load_end_addr address\n"); ++ exit(1); ++ } + mb_load_size = mh_load_end_addr - mh_load_addr; + } else { ++ if (kernel_file_size < mb_kernel_text_offset) { ++ fprintf(stderr, "invalid kernel_file_size\n"); ++ exit(1); ++ } + mb_kernel_size = kernel_file_size - mb_kernel_text_offset; + mb_load_size = mb_kernel_size; + } +-- +2.13.5 + diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index 6cb4331b1f..8fd3230895 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -77,6 +77,8 @@ (define-public qemu (method url-fetch) (uri (string-append "https://download.qemu.org/qemu-" version ".tar.xz")) + (patches (search-patches "qemu-CVE-2017-13711.patch" + "qemu-CVE-2017-14167.patch")) (sha256 (base32 "0dgk7zcni41nf1jp84y0m6dk2nb4frnh571m8hkiv0m4hz4imn2m")))) -- cgit v1.2.3 From 81635ad03ecb3a51b5248db65919621bde9039f4 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Tue, 5 Sep 2017 14:57:21 -0400 Subject: gnu: tcpdump: Update to 4.9.2 [security fixes]. Fixes CVE-2017-{12893,12894,12895,12896,12897,12898,12899,12900,12901,12902, 12985,12986,12987,12988,12989,12990,12991,12992,12993,12994,12995,12996,12997, 12998,12999,13000,13001,13002,13003,13004,13005,13006,13007,13008,13009,13010, 13012,13013,13014,13015,13016,13017,13018,13019,13020,13021,13022,13023,13024, 13025,13026,13027,13028,13029,13030,13031,13032,13033,13034,13035,13036,13037, 13038,13039,13040,13041,13042,13043,13044,13045,13046,13047,13048,13049,13050, 13051,13052,13053,13054,13055,13687,13688,13689,13690,13725}. * gnu/packages/admin.scm (tcpdump): Update to 4.9.2. [source]: Remove patches and add alternate source URL. * gnu/packages/patches/tcpdump-CVE-2017-11541.patch, gnu/packages/patches/tcpdump-CVE-2017-11542.patch, gnu/packages/patches/tcpdump-CVE-2017-11543.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. --- gnu/local.mk | 3 - gnu/packages/admin.scm | 17 +++-- gnu/packages/patches/tcpdump-CVE-2017-11541.patch | 47 -------------- gnu/packages/patches/tcpdump-CVE-2017-11542.patch | 37 ----------- gnu/packages/patches/tcpdump-CVE-2017-11543.patch | 79 ----------------------- 5 files changed, 10 insertions(+), 173 deletions(-) delete mode 100644 gnu/packages/patches/tcpdump-CVE-2017-11541.patch delete mode 100644 gnu/packages/patches/tcpdump-CVE-2017-11542.patch delete mode 100644 gnu/packages/patches/tcpdump-CVE-2017-11543.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 9df17110b6..2f85510767 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1034,9 +1034,6 @@ dist_patch_DATA = \ %D%/packages/patches/tar-skip-unreliable-tests.patch \ %D%/packages/patches/tcl-mkindex-deterministic.patch \ %D%/packages/patches/tclxml-3.2-install.patch \ - %D%/packages/patches/tcpdump-CVE-2017-11541.patch \ - %D%/packages/patches/tcpdump-CVE-2017-11542.patch \ - %D%/packages/patches/tcpdump-CVE-2017-11543.patch \ %D%/packages/patches/tcsh-fix-autotest.patch \ %D%/packages/patches/tcsh-fix-out-of-bounds-read.patch \ %D%/packages/patches/teensy-loader-cli-help.patch \ diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index f047bcaef3..c67491c534 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -661,17 +661,20 @@ (define-public libpcap (define-public tcpdump (package (name "tcpdump") - (version "4.9.1") + (version "4.9.2") (source (origin (method url-fetch) - (uri (string-append "http://www.tcpdump.org/release/tcpdump-" - version ".tar.gz")) - (patches (search-patches "tcpdump-CVE-2017-11541.patch" - "tcpdump-CVE-2017-11542.patch" - "tcpdump-CVE-2017-11543.patch")) + (uri (list (string-append "http://www.tcpdump.org/release/tcpdump-" + version ".tar.gz") + ;; The tarball is not yet distributed from tcpdump.org, + ;; so we fetch it from Arch. For more information see + ;; . + (string-append "https://sources.archlinux.org/other/" + "packages/tcpdump/tcpdump-" version + ".tar.gz"))) (sha256 (base32 - "1wyqbg7bkmgqyslf1ns0xx9fcqi66hvcfm9nf77rl15jvvs8qi7r")))) + "0ygy0layzqaj838r5xd613iraz09wlfgpyh7pc6cwclql8v3b2vr")))) (build-system gnu-build-system) (inputs `(("libpcap" ,libpcap) ("openssl" ,openssl))) diff --git a/gnu/packages/patches/tcpdump-CVE-2017-11541.patch b/gnu/packages/patches/tcpdump-CVE-2017-11541.patch deleted file mode 100644 index a9fc632dc2..0000000000 --- a/gnu/packages/patches/tcpdump-CVE-2017-11541.patch +++ /dev/null @@ -1,47 +0,0 @@ -Fix CVE-2017-11541 - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11541 - -Patch copied from upstream source repository: - -https://github.com/the-tcpdump-group/tcpdump/commit/21d702a136c5c16882e368af7c173df728242280 - -From 21d702a136c5c16882e368af7c173df728242280 Mon Sep 17 00:00:00 2001 -From: Guy Harris -Date: Tue, 7 Feb 2017 11:40:36 -0800 -Subject: [PATCH] CVE-2017-11541: In safeputs(), check the length before - checking for a NUL terminator. - -safeputs() doesn't do packet bounds checking of its own; it assumes that -the caller has checked the availability in the packet data of all maxlen -bytes of data. This means we should check that we're within the -specified limit before looking at the byte. - -This fixes a buffer over-read discovered by Kamil Frankowicz. - -Add a test using the capture file supplied by the reporter(s). ---- - tests/TESTLIST | 1 + - tests/hoobr_safeputs.out | 2 ++ - tests/hoobr_safeputs.pcap | Bin 0 -> 88 bytes - util-print.c | 2 +- - 4 files changed, 4 insertions(+), 1 deletion(-) - create mode 100644 tests/hoobr_safeputs.out - create mode 100644 tests/hoobr_safeputs.pcap - -diff --git a/util-print.c b/util-print.c -index 394e7d59..ec3e8de8 100644 ---- a/util-print.c -+++ b/util-print.c -@@ -904,7 +904,7 @@ safeputs(netdissect_options *ndo, - { - u_int idx = 0; - -- while (*s && idx < maxlen) { -+ while (idx < maxlen && *s) { - safeputchar(ndo, *s); - idx++; - s++; --- -2.14.1 - diff --git a/gnu/packages/patches/tcpdump-CVE-2017-11542.patch b/gnu/packages/patches/tcpdump-CVE-2017-11542.patch deleted file mode 100644 index 24849d5187..0000000000 --- a/gnu/packages/patches/tcpdump-CVE-2017-11542.patch +++ /dev/null @@ -1,37 +0,0 @@ -Fix CVE-2017-11542: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11542 - -Patch copied from upstream source repository: - -https://github.com/the-tcpdump-group/tcpdump/commit/bed48062a64fca524156d7684af19f5b4a116fae - -From bed48062a64fca524156d7684af19f5b4a116fae Mon Sep 17 00:00:00 2001 -From: Guy Harris -Date: Tue, 7 Feb 2017 11:10:04 -0800 -Subject: [PATCH] CVE-2017-11542/PIMv1: Add a bounds check. - -This fixes a buffer over-read discovered by Kamil Frankowicz. - -Add a test using the capture file supplied by the reporter(s). ---- - print-pim.c | 1 + - tests/TESTLIST | 1 + - tests/hoobr_pimv1.out | 25 +++++++++++++++++++++++++ - tests/hoobr_pimv1.pcap | Bin 0 -> 3321 bytes - 4 files changed, 27 insertions(+) - create mode 100644 tests/hoobr_pimv1.out - create mode 100644 tests/hoobr_pimv1.pcap - -diff --git a/print-pim.c b/print-pim.c -index 25525953..ed880ae7 100644 ---- a/print-pim.c -+++ b/print-pim.c -@@ -306,6 +306,7 @@ pimv1_print(netdissect_options *ndo, - pimv1_join_prune_print(ndo, &bp[8], len - 8); - break; - } -+ ND_TCHECK(bp[4]); - if ((bp[4] >> 4) != 1) - ND_PRINT((ndo, " [v%d]", bp[4] >> 4)); - return; diff --git a/gnu/packages/patches/tcpdump-CVE-2017-11543.patch b/gnu/packages/patches/tcpdump-CVE-2017-11543.patch deleted file mode 100644 index c973503983..0000000000 --- a/gnu/packages/patches/tcpdump-CVE-2017-11543.patch +++ /dev/null @@ -1,79 +0,0 @@ -Fix CVE-2017-11543: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11543 - -Patch copied from upstream source repository: - -https://github.com/the-tcpdump-group/tcpdump/commit/7039327875525278d17edee59720e29a3e76b7b3 - -From 7039327875525278d17edee59720e29a3e76b7b3 Mon Sep 17 00:00:00 2001 -From: Guy Harris -Date: Fri, 17 Mar 2017 12:49:04 -0700 -Subject: [PATCH] CVE-2017-11543/Make sure the SLIP direction octet is valid. - -Report if it's not, and don't use it as an out-of-bounds index into an -array. - -This fixes a buffer overflow discovered by Wilfried Kirsch. - -Add a test using the capture file supplied by the reporter(s), modified -so the capture file won't be rejected as an invalid capture. ---- - print-sl.c | 25 +++++++++++++++++++++++-- - tests/TESTLIST | 3 +++ - tests/slip-bad-direction.out | 1 + - tests/slip-bad-direction.pcap | Bin 0 -> 79 bytes - 4 files changed, 27 insertions(+), 2 deletions(-) - create mode 100644 tests/slip-bad-direction.out - create mode 100644 tests/slip-bad-direction.pcap - -diff --git a/print-sl.c b/print-sl.c -index 3fd7e898..a02077b3 100644 ---- a/print-sl.c -+++ b/print-sl.c -@@ -131,8 +131,21 @@ sliplink_print(netdissect_options *ndo, - u_int hlen; - - dir = p[SLX_DIR]; -- ND_PRINT((ndo, dir == SLIPDIR_IN ? "I " : "O ")); -+ switch (dir) { - -+ case SLIPDIR_IN: -+ ND_PRINT((ndo, "I ")); -+ break; -+ -+ case SLIPDIR_OUT: -+ ND_PRINT((ndo, "O ")); -+ break; -+ -+ default: -+ ND_PRINT((ndo, "Invalid direction %d ", dir)); -+ dir = -1; -+ break; -+ } - if (ndo->ndo_nflag) { - /* XXX just dump the header */ - register int i; -@@ -155,13 +168,21 @@ sliplink_print(netdissect_options *ndo, - * has restored the IP header copy to IPPROTO_TCP. - */ - lastconn = ((const struct ip *)&p[SLX_CHDR])->ip_p; -+ ND_PRINT((ndo, "utcp %d: ", lastconn)); -+ if (dir == -1) { -+ /* Direction is bogus, don't use it */ -+ return; -+ } - hlen = IP_HL(ip); - hlen += TH_OFF((const struct tcphdr *)&((const int *)ip)[hlen]); - lastlen[dir][lastconn] = length - (hlen << 2); -- ND_PRINT((ndo, "utcp %d: ", lastconn)); - break; - - default: -+ if (dir == -1) { -+ /* Direction is bogus, don't use it */ -+ return; -+ } - if (p[SLX_CHDR] & TYPE_COMPRESSED_TCP) { - compressed_sl_print(ndo, &p[SLX_CHDR], ip, - length, dir); -- cgit v1.2.3 From cd1ad27e6cdf90230d07efc18a8fcfe45494aad0 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Thu, 7 Sep 2017 23:59:51 +0200 Subject: gnu: elogind: Use itself as the cgroup controller. Fixes a regression introduced in fa67d5654176b4b815832eaf259188e1486c65ab whereby elogind would fail to start with: Cannot determine cgroup we are running in: No data available Out of memory. thereby preventing log-in altogether. * gnu/packages/freedesktop.scm (elogind)[arguments]: Pass "--with-cgroup-controller=elogind". * gnu/tests/desktop.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. --- gnu/local.mk | 1 + gnu/packages/freedesktop.scm | 6 +++ gnu/tests/desktop.scm | 105 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 112 insertions(+) create mode 100644 gnu/tests/desktop.scm (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 2f85510767..1ac9d5efea 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -487,6 +487,7 @@ GNU_SYSTEM_MODULES = \ %D%/tests/audio.scm \ %D%/tests/base.scm \ %D%/tests/databases.scm \ + %D%/tests/desktop.scm \ %D%/tests/dict.scm \ %D%/tests/nfs.scm \ %D%/tests/install.scm \ diff --git a/gnu/packages/freedesktop.scm b/gnu/packages/freedesktop.scm index 3307a4ae80..606859771a 100644 --- a/gnu/packages/freedesktop.scm +++ b/gnu/packages/freedesktop.scm @@ -227,6 +227,12 @@ (define-public elogind (list (string-append "--with-udevrulesdir=" (assoc-ref %outputs "out") "/lib/udev/rules.d") + + ;; Let elogind be its own cgroup controller, rather than relying + ;; on systemd or OpenRC. By default, 'configure' makes an + ;; incorrect guess. + "--with-cgroup-controller=elogind" + (string-append "--with-rootprefix=" (assoc-ref %outputs "out")) (string-append "--with-rootlibexecdir=" diff --git a/gnu/tests/desktop.scm b/gnu/tests/desktop.scm new file mode 100644 index 0000000000..be64c4e7e5 --- /dev/null +++ b/gnu/tests/desktop.scm @@ -0,0 +1,105 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 Ludovic Courtès +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu tests desktop) + #:use-module (gnu tests) + #:use-module (gnu services) + #:use-module (gnu services dbus) + #:use-module (gnu services desktop) + #:use-module (gnu system vm) + #:use-module (guix gexp) + #:use-module (srfi srfi-1) + #:export (%test-elogind)) + + +;;; +;;; Elogind. +;;; + +(define (run-elogind-test vm) + (define test + (with-imported-modules '((gnu build marionette) + (guix build syscalls)) + #~(begin + (use-modules (gnu build marionette) + (guix build syscalls) + (srfi srfi-64)) + + (define marionette + (make-marionette '(#$vm))) + + (mkdir #$output) + (chdir #$output) + + (test-begin "elogind") + + ;; Log in as root on tty1, and check what 'loginctl' returns. + (test-equal "login on tty1" + '(("c1" "0" "root" "seat0" "/dev/tty1") ;session + ("seat0") ;seat + ("0" "root")) ;user + + (begin + ;; Wait for tty1. + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (start-service 'term-tty1)) + marionette) + (marionette-control "sendkey ctrl-alt-f1" marionette) + + ;; Now we can type. + (marionette-type "root\n" marionette) + (marionette-type "loginctl list-users --no-legend > users\n" + marionette) + (marionette-type "loginctl list-seats --no-legend > seats\n" + marionette) + (marionette-type "loginctl list-sessions --no-legend > sessions\n" + marionette) + + + ;; Read the three files. + (marionette-eval '(use-modules (rnrs io ports)) marionette) + (let ((guest-file (lambda (file) + (string-tokenize + (wait-for-file file marionette + #:read 'get-string-all))))) + (list (guest-file "/root/sessions") + (guest-file "/root/seats") + (guest-file "/root/users"))))) + + (test-end) + (exit (= (test-runner-fail-count (test-runner-current)) 0))))) + + (gexp->derivation "elogind" test)) + +(define %test-elogind + (system-test + (name "elogind") + (description + "Test whether we can log in when elogind is enabled, and whether +'loginctl' reports accurate user, session, and seat information.") + (value + (let ((os (marionette-operating-system + (simple-operating-system + (service elogind-service-type) + (service polkit-service-type) + (service dbus-root-service-type)) + #:imported-modules '((gnu services herd) + (guix combinators))))) + (run-elogind-test (virtual-machine os)))))) -- cgit v1.2.3 From 67a37c63118519ccc5c24f3325bad6f29ab21e59 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Sun, 10 Sep 2017 12:00:25 +0200 Subject: gnu: foomatic-filters: Add missing patches. This is a followup to commit d02aabaf1b57eda3ef052c70df1322f915e7c736. * gnu/packages/patches/foomatic-filters-CVE-2015-8327.patch: New file. * gnu/packages/patches/foomatic-filters-CVE-2015-8560.patch: New file. * gnu/local.mk (dist_patch_DATA): Add them. --- gnu/local.mk | 2 ++ gnu/packages/patches/foomatic-filters-CVE-2015-8327.patch | 14 ++++++++++++++ gnu/packages/patches/foomatic-filters-CVE-2015-8560.patch | 13 +++++++++++++ 3 files changed, 29 insertions(+) create mode 100644 gnu/packages/patches/foomatic-filters-CVE-2015-8327.patch create mode 100644 gnu/packages/patches/foomatic-filters-CVE-2015-8560.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 1ac9d5efea..8ffa13b3ee 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -610,6 +610,8 @@ dist_patch_DATA = \ %D%/packages/patches/fltk-shared-lib-defines.patch \ %D%/packages/patches/fltk-xfont-on-demand.patch \ %D%/packages/patches/fontforge-svg-modtime.patch \ + %D%/packages/patches/foomatic-filters-CVE-2015-8327.patch \ + %D%/packages/patches/foomatic-filters-CVE-2015-8560.patch \ %D%/packages/patches/freeimage-CVE-2015-0852.patch \ %D%/packages/patches/freeimage-CVE-2016-5684.patch \ %D%/packages/patches/freeimage-fix-build-with-gcc-5.patch \ diff --git a/gnu/packages/patches/foomatic-filters-CVE-2015-8327.patch b/gnu/packages/patches/foomatic-filters-CVE-2015-8327.patch new file mode 100644 index 0000000000..d9f0cc1212 --- /dev/null +++ b/gnu/packages/patches/foomatic-filters-CVE-2015-8327.patch @@ -0,0 +1,14 @@ +Fix for . + +--- a/util.c 2014-06-20 19:26:18 +0000 ++++ b/util.c 2015-10-30 15:45:03 +0000 +@@ -31,7 +31,7 @@ + #include + + +-const char* shellescapes = "|<>&!$\'\"#*?()[]{}"; ++const char* shellescapes = "|<>&!$\'\"`#*?()[]{}"; + + const char * temp_dir() + { + diff --git a/gnu/packages/patches/foomatic-filters-CVE-2015-8560.patch b/gnu/packages/patches/foomatic-filters-CVE-2015-8560.patch new file mode 100644 index 0000000000..d3c3024220 --- /dev/null +++ b/gnu/packages/patches/foomatic-filters-CVE-2015-8560.patch @@ -0,0 +1,13 @@ +Fix for . + +--- a/util.c 2015-10-30 15:45:03 +0000 ++++ b/util.c 2015-12-12 23:27:21 +0000 +@@ -31,7 +31,7 @@ + #include + + +-const char* shellescapes = "|<>&!$\'\"`#*?()[]{}"; ++const char* shellescapes = "|;<>&!$\'\"`#*?()[]{}"; + + const char * temp_dir() + { -- cgit v1.2.3 From 2cc752c0b0ab801509574d601c1024b73aed0dab Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Sat, 9 Sep 2017 09:41:28 -0400 Subject: gnu: graphicsmagick: Fix CVE-2017-14042. * gnu/packages/imagemagick.scm (graphicsmagick)[source]: Add patch. * gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch: New files. * gnu/local.mk (dist_patch_DATA): Register them. --- gnu/local.mk | 1 + gnu/packages/imagemagick.scm | 3 +- .../patches/graphicsmagick-CVE-2017-14042.patch | 80 ++++++++++++++++++++++ 3 files changed, 83 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 8ffa13b3ee..64b1b1c14d 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -680,6 +680,7 @@ dist_patch_DATA = \ %D%/packages/patches/graphicsmagick-CVE-2017-12937.patch \ %D%/packages/patches/graphicsmagick-CVE-2017-13775.patch \ %D%/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch \ + %D%/packages/patches/graphicsmagick-CVE-2017-14042.patch \ %D%/packages/patches/graphite2-ffloat-store.patch \ %D%/packages/patches/grep-gnulib-lock.patch \ %D%/packages/patches/grep-timing-sensitive-test.patch \ diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm index 57ac7fda97..632be70349 100644 --- a/gnu/packages/imagemagick.scm +++ b/gnu/packages/imagemagick.scm @@ -182,7 +182,8 @@ (define-public graphicsmagick "graphicsmagick-CVE-2017-12936.patch" "graphicsmagick-CVE-2017-12937.patch" "graphicsmagick-CVE-2017-13775.patch" - "graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch")))) + "graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch" + "graphicsmagick-CVE-2017-14042.patch")))) (build-system gnu-build-system) (arguments `(#:configure-flags diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch new file mode 100644 index 0000000000..46f6b032c7 --- /dev/null +++ b/gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch @@ -0,0 +1,80 @@ +http://openwall.com/lists/oss-security/2017/08/28/5 +http://hg.code.sf.net/p/graphicsmagick/code/rev/3bbf7a13643d + +some changes were made to make the patch apply + +# HG changeset patch +# User Bob Friesenhahn +# Date 1503268616 18000 +# Node ID 3bbf7a13643df3be76b0e19088a6cc632eea2072 +# Parent 83a5b946180835f260bcb91e3d06327a8e2577e3 +PNM: For binary formats, verify sufficient backing file data before memory request. + +diff -r 83a5b9461808 -r 3bbf7a13643d coders/pnm.c +--- a/coders/pnm.c Sun Aug 20 17:31:35 2017 -0500 ++++ b/coders/pnm.c Sun Aug 20 17:36:56 2017 -0500 +@@ -569,7 +569,7 @@ + (void) LogMagickEvent(CoderEvent,GetMagickModule(),"Colors: %u", + image->colors); + } +- number_pixels=image->columns*image->rows; ++ number_pixels=MagickArraySize(image->columns,image->rows); + if (number_pixels == 0) + ThrowReaderException(CorruptImageError,NegativeOrZeroImageSize,image); + if (image->storage_class == PseudoClass) +@@ -858,14 +858,14 @@ + if (1 == bits_per_sample) + { + /* PBM */ +- bytes_per_row=((image->columns+7) >> 3); ++ bytes_per_row=((image->columns+7U) >> 3); + import_options.grayscale_miniswhite=MagickTrue; + quantum_type=GrayQuantum; + } + else + { + /* PGM & XV_332 */ +- bytes_per_row=((bits_per_sample+7)/8)*image->columns; ++ bytes_per_row=MagickArraySize(((bits_per_sample+7U)/8U),image->columns); + if (XV_332_Format == format) + { + quantum_type=IndexQuantum; +@@ -878,7 +878,8 @@ + } + else + { +- bytes_per_row=(((bits_per_sample+7)/8)*samples_per_pixel)*image->columns; ++ bytes_per_row=MagickArraySize((((bits_per_sample+7)/8)*samples_per_pixel), ++ image->columns); + if (3 == samples_per_pixel) + { + /* PPM */ +@@ -915,6 +916,28 @@ + is_monochrome=MagickFalse; + } + } ++ ++ /* Validate file size before allocating memory */ ++ if (BlobIsSeekable(image)) ++ { ++ const magick_off_t file_size = GetBlobSize(image); ++ const magick_off_t current_offset = TellBlob(image); ++ if ((file_size > 0) && ++ (current_offset > 0) && ++ (file_size > current_offset)) ++ { ++ const magick_off_t remaining = file_size-current_offset; ++ const magick_off_t needed = (magick_off_t) image->rows * ++ (magick_off_t) bytes_per_row; ++ if ((remaining < (magick_off_t) bytes_per_row) || ++ (remaining < needed)) ++ { ++ ThrowException(exception,CorruptImageError,UnexpectedEndOfFile, ++ image->filename); ++ break; ++ } ++ } ++ } + + scanline_set=AllocateThreadViewDataArray(image,exception,bytes_per_row,1); + if (scanline_set == (ThreadViewDataSet *) NULL) -- cgit v1.2.3 From 224bb4b6f9fa7c14fbbaac682ec0b5d1a48c616d Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Sun, 10 Sep 2017 21:40:17 +0300 Subject: gnu: graphicsmagick: Fix CVE-2017-14165. * gnu/packages/imagemagick.scm (graphicsmagick)[source]: Add patch. * gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/imagemagick.scm | 3 +- .../patches/graphicsmagick-CVE-2017-14165.patch | 72 ++++++++++++++++++++++ 3 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 64b1b1c14d..43eac7717a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -681,6 +681,7 @@ dist_patch_DATA = \ %D%/packages/patches/graphicsmagick-CVE-2017-13775.patch \ %D%/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch \ %D%/packages/patches/graphicsmagick-CVE-2017-14042.patch \ + %D%/packages/patches/graphicsmagick-CVE-2017-14165.patch \ %D%/packages/patches/graphite2-ffloat-store.patch \ %D%/packages/patches/grep-gnulib-lock.patch \ %D%/packages/patches/grep-timing-sensitive-test.patch \ diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm index 632be70349..502dc43acf 100644 --- a/gnu/packages/imagemagick.scm +++ b/gnu/packages/imagemagick.scm @@ -183,7 +183,8 @@ (define-public graphicsmagick "graphicsmagick-CVE-2017-12937.patch" "graphicsmagick-CVE-2017-13775.patch" "graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch" - "graphicsmagick-CVE-2017-14042.patch")))) + "graphicsmagick-CVE-2017-14042.patch" + "graphicsmagick-CVE-2017-14165.patch")))) (build-system gnu-build-system) (arguments `(#:configure-flags diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch new file mode 100644 index 0000000000..1f55d90d38 --- /dev/null +++ b/gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch @@ -0,0 +1,72 @@ +http://hg.code.sf.net/p/graphicsmagick/code/raw-rev/493da54370aa +http://openwall.com/lists/oss-security/2017/09/06/4 + +some changes were made to make the patch apply + +# HG changeset patch +# User Bob Friesenhahn +# Date 1503257388 18000 +# Node ID 493da54370aa42cb430c52a69eb75db0001a5589 +# Parent f8724674907902b7bc37c04f252fe30fbdd88e6f +SUN: Verify that file header data length, and file length are sufficient for claimed image dimensions. + +diff -r f87246749079 -r 493da54370aa coders/sun.c +--- a/coders/sun.c Sun Aug 20 12:21:03 2017 +0200 ++++ b/coders/sun.c Sun Aug 20 14:29:48 2017 -0500 +@@ -498,6 +498,12 @@ + if (sun_info.depth < 8) + image->depth=sun_info.depth; + ++ if (image_info->ping) ++ { ++ CloseBlob(image); ++ return(image); ++ } ++ + /* + Compute bytes per line and bytes per image for an unencoded + image. +@@ -522,15 +528,37 @@ + if (bytes_per_image > sun_info.length) + ThrowReaderException(CorruptImageError,ImproperImageHeader,image); + +- if (image_info->ping) +- { +- CloseBlob(image); +- return(image); +- } + if (sun_info.type == RT_ENCODED) + sun_data_length=(size_t) sun_info.length; + else + sun_data_length=bytes_per_image; ++ ++ /* ++ Verify that data length claimed by header is supported by file size ++ */ ++ if (sun_info.type == RT_ENCODED) ++ { ++ if (sun_data_length < bytes_per_image/255U) ++ { ++ ThrowReaderException(CorruptImageError,ImproperImageHeader,image); ++ } ++ } ++ if (BlobIsSeekable(image)) ++ { ++ const magick_off_t file_size = GetBlobSize(image); ++ const magick_off_t current_offset = TellBlob(image); ++ if ((file_size > 0) && ++ (current_offset > 0) && ++ (file_size > current_offset)) ++ { ++ const magick_off_t remaining = file_size-current_offset; ++ if (remaining < (magick_off_t) sun_data_length) ++ { ++ ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image); ++ } ++ } ++ } ++ + sun_data=MagickAllocateMemory(unsigned char *,sun_data_length); + if (sun_data == (unsigned char *) NULL) + ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,image); + -- cgit v1.2.3 From 338b58e0ea880f7cccbe43de21eccbf1440ac6af Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Sun, 10 Sep 2017 22:00:35 +0300 Subject: gnu: openjpeg: Fix CVE-2017-14164. * gnu/packages/image.scm (openjpeg)[source]: Add patch. * gnu/packages/patches/openjpeg-CVE-2017-14164.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/image.scm | 3 +- gnu/packages/patches/openjpeg-CVE-2017-14164.patch | 89 ++++++++++++++++++++++ 3 files changed, 92 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/openjpeg-CVE-2017-14164.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 43eac7717a..c92b93dbd2 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -895,6 +895,7 @@ dist_patch_DATA = \ %D%/packages/patches/openjpeg-CVE-2017-14041.patch \ %D%/packages/patches/openjpeg-CVE-2017-14151.patch \ %D%/packages/patches/openjpeg-CVE-2017-14152.patch \ + %D%/packages/patches/openjpeg-CVE-2017-14164.patch \ %D%/packages/patches/openldap-CVE-2017-9287.patch \ %D%/packages/patches/openocd-nrf52.patch \ %D%/packages/patches/openssl-runpath.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 3bb8de15c4..d45f08d9df 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -524,7 +524,8 @@ (define-public openjpeg "openjpeg-CVE-2017-14040.patch" "openjpeg-CVE-2017-14041.patch" "openjpeg-CVE-2017-14151.patch" - "openjpeg-CVE-2017-14152.patch")))) + "openjpeg-CVE-2017-14152.patch" + "openjpeg-CVE-2017-14164.patch")))) (build-system cmake-build-system) (arguments ;; Trying to run `$ make check' results in a no rule fault. diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14164.patch b/gnu/packages/patches/openjpeg-CVE-2017-14164.patch new file mode 100644 index 0000000000..2bfc5a6a85 --- /dev/null +++ b/gnu/packages/patches/openjpeg-CVE-2017-14164.patch @@ -0,0 +1,89 @@ +https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a.patch +http://openwall.com/lists/oss-security/2017/09/06/3 + +From dcac91b8c72f743bda7dbfa9032356bc8110098a Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Wed, 16 Aug 2017 17:09:10 +0200 +Subject: [PATCH] opj_j2k_write_sot(): fix potential write heap buffer overflow + (#991) + +--- + src/lib/openjp2/j2k.c | 25 ++++++++++++++++++++----- + 1 file changed, 20 insertions(+), 5 deletions(-) + +diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c +index 54b490a8c..16915452e 100644 +--- a/src/lib/openjp2/j2k.c ++++ b/src/lib/openjp2/j2k.c +@@ -832,13 +832,15 @@ static OPJ_BOOL opj_j2k_write_tlm(opj_j2k_t *p_j2k, + * Writes the SOT marker (Start of tile-part) + * + * @param p_j2k J2K codec. +- * @param p_data FIXME DOC +- * @param p_data_written FIXME DOC ++ * @param p_data Output buffer ++ * @param p_total_data_size Output buffer size ++ * @param p_data_written Number of bytes written into stream + * @param p_stream the stream to write data to. + * @param p_manager the user event manager. + */ + static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k, + OPJ_BYTE * p_data, ++ OPJ_UINT32 p_total_data_size, + OPJ_UINT32 * p_data_written, + const opj_stream_private_t *p_stream, + opj_event_mgr_t * p_manager); +@@ -4201,6 +4203,7 @@ static OPJ_BOOL opj_j2k_write_tlm(opj_j2k_t *p_j2k, + + static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k, + OPJ_BYTE * p_data, ++ OPJ_UINT32 p_total_data_size, + OPJ_UINT32 * p_data_written, + const opj_stream_private_t *p_stream, + opj_event_mgr_t * p_manager +@@ -4214,6 +4217,12 @@ static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k, + OPJ_UNUSED(p_stream); + OPJ_UNUSED(p_manager); + ++ if (p_total_data_size < 12) { ++ opj_event_msg(p_manager, EVT_ERROR, ++ "Not enough bytes in output buffer to write SOT marker\n"); ++ return OPJ_FALSE; ++ } ++ + opj_write_bytes(p_data, J2K_MS_SOT, + 2); /* SOT */ + p_data += 2; +@@ -11480,7 +11489,8 @@ static OPJ_BOOL opj_j2k_write_first_tile_part(opj_j2k_t *p_j2k, + + l_current_nb_bytes_written = 0; + l_begin_data = p_data; +- if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream, ++ if (! opj_j2k_write_sot(p_j2k, p_data, p_total_data_size, ++ &l_current_nb_bytes_written, p_stream, + p_manager)) { + return OPJ_FALSE; + } +@@ -11572,7 +11582,10 @@ static OPJ_BOOL opj_j2k_write_all_tile_parts(opj_j2k_t *p_j2k, + l_part_tile_size = 0; + l_begin_data = p_data; + +- if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream, ++ if (! opj_j2k_write_sot(p_j2k, p_data, ++ p_total_data_size, ++ &l_current_nb_bytes_written, ++ p_stream, + p_manager)) { + return OPJ_FALSE; + } +@@ -11615,7 +11628,9 @@ static OPJ_BOOL opj_j2k_write_all_tile_parts(opj_j2k_t *p_j2k, + l_part_tile_size = 0; + l_begin_data = p_data; + +- if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream, ++ if (! opj_j2k_write_sot(p_j2k, p_data, ++ p_total_data_size, ++ &l_current_nb_bytes_written, p_stream, + p_manager)) { + return OPJ_FALSE; + } -- cgit v1.2.3 From 66ae958c5bee27266bce2a573812db7fec7c3111 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 11 Sep 2017 14:46:13 +0200 Subject: gnu: emacs: Patch message-mode enriched text translation [security fix]. * gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch: New file. * gnu/packages/emacs.scm (emacs)[source](patches): Add it. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/emacs.scm | 3 +- .../emacs-unsafe-enriched-mode-translations.patch | 85 ++++++++++++++++++++++ 3 files changed, 88 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index c92b93dbd2..e98ee6d7fe 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -589,6 +589,7 @@ dist_patch_DATA = \ %D%/packages/patches/emacs-fix-scheme-indent-function.patch \ %D%/packages/patches/emacs-scheme-complete-scheme-r5rs-info.patch \ %D%/packages/patches/emacs-source-date-epoch.patch \ + %D%/packages/patches/emacs-unsafe-enriched-mode-translations.patch \ %D%/packages/patches/erlang-man-path.patch \ %D%/packages/patches/eudev-rules-directory.patch \ %D%/packages/patches/evilwm-lost-focus-bug.patch \ diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm index 2277edcece..c6d5766cbd 100644 --- a/gnu/packages/emacs.scm +++ b/gnu/packages/emacs.scm @@ -113,7 +113,8 @@ (define-public emacs "1ykkq0xl28ljdg61bm6gzy04ww86ajms98gix72qg6cpr6a53dar")) (patches (search-patches "emacs-exec-path.patch" "emacs-fix-scheme-indent-function.patch" - "emacs-source-date-epoch.patch")) + "emacs-source-date-epoch.patch" + "emacs-unsafe-enriched-mode-translations.patch")) (modules '((guix build utils))) (snippet ;; Delete the bundled byte-compiled elisp files and diff --git a/gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch b/gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch new file mode 100644 index 0000000000..7e45d30129 --- /dev/null +++ b/gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch @@ -0,0 +1,85 @@ +This patch fixes a remote code execution vulnerability reported here: + + https://bugs.gnu.org/28350 + http://www.openwall.com/lists/oss-security/2017/09/11/1 + +From 9ad0fcc54442a9a01d41be19880250783426db70 Mon Sep 17 00:00:00 2001 +From: Lars Ingebrigtsen +Date: Fri, 8 Sep 2017 20:23:31 -0700 +Subject: Remove unsafe enriched mode translations + +* lisp/gnus/mm-view.el (mm-inline-text): +Do not worry about enriched or richtext type. +* lisp/textmodes/enriched.el (enriched-translations): +Remove translations for FUNCTION, display (Bug#28350). +(enriched-handle-display-prop, enriched-decode-display-prop): Remove. +--- + lisp/gnus/mm-view.el | 4 ---- + lisp/textmodes/enriched.el | 32 -------------------------------- + 2 files changed, 36 deletions(-) + +diff --git a/lisp/gnus/mm-view.el b/lisp/gnus/mm-view.el +index e5859d0..77ad271 100644 +--- a/lisp/gnus/mm-view.el ++++ b/lisp/gnus/mm-view.el +@@ -383,10 +383,6 @@ + (goto-char (point-max)))) + (save-restriction + (narrow-to-region b (point)) +- (when (member type '("enriched" "richtext")) +- (set-text-properties (point-min) (point-max) nil) +- (ignore-errors +- (enriched-decode (point-min) (point-max)))) + (mm-handle-set-undisplayer + handle + `(lambda () +diff --git a/lisp/textmodes/enriched.el b/lisp/textmodes/enriched.el +index beb6c6d..a8f0d38 100644 +--- a/lisp/textmodes/enriched.el ++++ b/lisp/textmodes/enriched.el +@@ -117,12 +117,7 @@ expression, which is evaluated to get the string to insert.") + (full "flushboth") + (center "center")) + (PARAMETER (t "param")) ; Argument of preceding annotation +- ;; The following are not part of the standard: +- (FUNCTION (enriched-decode-foreground "x-color") +- (enriched-decode-background "x-bg-color") +- (enriched-decode-display-prop "x-display")) + (read-only (t "x-read-only")) +- (display (nil enriched-handle-display-prop)) + (unknown (nil format-annotate-value)) + ; (font-size (2 "bigger") ; unimplemented + ; (-2 "smaller")) +@@ -477,32 +472,5 @@ Return value is \(begin end name positive-p), or nil if none was found." + (message "Warning: no color specified for ") + nil)) + +-;;; Handling the `display' property. +- +- +-(defun enriched-handle-display-prop (old new) +- "Return a list of annotations for a change in the `display' property. +-OLD is the old value of the property, NEW is the new value. Value +-is a list `(CLOSE OPEN)', where CLOSE is a list of annotations to +-close and OPEN a list of annotations to open. Each of these lists +-has the form `(ANNOTATION PARAM ...)'." +- (let ((annotation "x-display") +- (param (prin1-to-string (or old new)))) +- (if (null old) +- (cons nil (list (list annotation param))) +- (cons (list (list annotation param)) nil)))) +- +-(defun enriched-decode-display-prop (start end &optional param) +- "Decode a `display' property for text between START and END. +-PARAM is a `' found for the property. +-Value is a list `(START END SYMBOL VALUE)' with START and END denoting +-the range of text to assign text property SYMBOL with value VALUE." +- (let ((prop (when (stringp param) +- (condition-case () +- (car (read-from-string param)) +- (error nil))))) +- (unless prop +- (message "Warning: invalid parameter %s" param)) +- (list start end 'display prop))) + + ;;; enriched.el ends here -- cgit v1.2.3 From 47cef4ecad54d112aa3b4bc509194d3d49a10785 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 5 Sep 2017 21:51:12 +0200 Subject: file-systems: Introduce (gnu system uuid). * gnu/build/file-systems.scm (sub-bytevector) (latin1->string, %fat32-endianness, fat32-uuid->string) (%iso9660-uuid-rx, string->iso9660-uuid) (iso9660-uuid->string, %network-byte-order) (dce-uuid->string, %uuid-rx, string->dce-uuid) (string->ext2-uuid, string->ext3-uuid, string->ext4-uuid) (vhashq, %uuid-parsers, %uuid-printers, string->uuid) (uuid->string): Move to... * gnu/system/uuid.scm: ... here. New file. * gnu/system/file-systems.scm (uuid): Move to the above file. * gnu/system/vm.scm: Adjust accordingly. * gnu/local.mk (GNU_SYSTEM_MODULES): Add uuid.scm. --- gnu/build/file-systems.scm | 167 +------------------------------- gnu/build/vm.scm | 2 +- gnu/local.mk | 1 + gnu/system/file-systems.scm | 22 +---- gnu/system/uuid.scm | 227 ++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 234 insertions(+), 185 deletions(-) create mode 100644 gnu/system/uuid.scm (limited to 'gnu/local.mk') diff --git a/gnu/build/file-systems.scm b/gnu/build/file-systems.scm index fbaf158951..32885f1d2e 100644 --- a/gnu/build/file-systems.scm +++ b/gnu/build/file-systems.scm @@ -19,6 +19,7 @@ ;;; along with GNU Guix. If not, see . (define-module (gnu build file-systems) + #:use-module (gnu system uuid) #:use-module (guix build utils) #:use-module (guix build bournish) #:use-module (guix build syscalls) @@ -26,9 +27,6 @@ (define-module (gnu build file-systems) #:use-module (rnrs bytevectors) #:use-module (ice-9 match) #:use-module (ice-9 rdelim) - #:use-module (ice-9 format) - #:use-module (ice-9 regex) - #:use-module (ice-9 vlist) #:use-module (system foreign) #:autoload (system repl repl) (start-repl) #:use-module (srfi srfi-1) @@ -42,17 +40,6 @@ (define-module (gnu build file-systems) find-partition-by-luks-uuid canonicalize-device-spec - uuid->string - dce-uuid->string - string->uuid - string->dce-uuid - string->iso9660-uuid - string->ext2-uuid - string->ext3-uuid - string->ext4-uuid - string->btrfs-uuid - iso9660-uuid->string - bind-mount mount-flags->bit-mask @@ -98,20 +85,6 @@ (define (read-superblock device offset size magic?) (and (magic? block) block))))))))) -(define (sub-bytevector bv start size) - "Return a copy of the SIZE bytes of BV starting from offset START." - (let ((result (make-bytevector size))) - (bytevector-copy! bv start result 0 size) - result)) - -(define (latin1->string bv terminator) - "Return a string of BV, a latin1 bytevector, or #f. TERMINATOR is a predicate -that takes a number and returns #t when a termination character is found." - (let ((bytes (take-while (negate terminator) (bytevector->u8-list bv)))) - (if (null? bytes) - #f - (list->string (map integer->char bytes))))) - (define null-terminated-latin1->string (cut latin1->string <> zero?)) @@ -199,10 +172,6 @@ (define (check-btrfs-file-system device) ;; . -(define-syntax %fat32-endianness - ;; Endianness of fat file systems. - (identifier-syntax (endianness little))) - (define (fat32-superblock? sblock) "Return #t when SBLOCK is a fat32 superblock." (bytevector=? (sub-bytevector sblock 82 8) @@ -217,12 +186,6 @@ (define (fat32-superblock-uuid sblock) "Return the Volume ID of a fat superblock SBLOCK as a 4-byte bytevector." (sub-bytevector sblock 67 4)) -(define (fat32-uuid->string uuid) - "Convert fat32 UUID, a 4-byte bytevector, to its string representation." - (let ((high (bytevector-uint-ref uuid 0 %fat32-endianness 2)) - (low (bytevector-uint-ref uuid 2 %fat32-endianness 2))) - (format #f "~:@(~x-~x~)" low high))) - (define (fat32-superblock-volume-name sblock) "Return the volume name of SBLOCK as a string of at most 11 characters, or #f if SBLOCK has no volume name. The volume name is a latin1 string. @@ -244,27 +207,6 @@ (define (check-fat32-file-system device) ;; . -(define %iso9660-uuid-rx - ;; Y m d H M S ss - (make-regexp "^([[:digit:]]{4})-([[:digit:]]{2})-([[:digit:]]{2})-([[:digit:]]{2})-([[:digit:]]{2})-([[:digit:]]{2})-([[:digit:]]{2})$")) - -(define (string->iso9660-uuid str) - "Parse STR as a ISO9660 UUID (which is really a timestamp - see /dev/disk/by-uuid). -Return its contents as a 16-byte bytevector. Return #f if STR is not a valid -ISO9660 UUID representation." - (and=> (regexp-exec %iso9660-uuid-rx str) - (lambda (match) - (letrec-syntax ((match-numerals - (syntax-rules () - ((_ index (name rest ...) body) - (let ((name (match:substring match index))) - (match-numerals (+ 1 index) (rest ...) body))) - ((_ index () body) - body)))) - (match-numerals 1 (year month day hour minute second hundredths) - (string->utf8 (string-append year month day - hour minute second hundredths))))))) - (define (iso9660-superblock? sblock) "Return #t when SBLOCK is an iso9660 volume descriptor." (bytevector=? (sub-bytevector sblock 1 6) @@ -311,20 +253,6 @@ (define (iso9660-superblock-uuid sblock) modification-time))) (sub-bytevector time 0 16))) ; strips GMT offset. -(define (iso9660-uuid->string uuid) - "Given an UUID bytevector, return its timestamp string." - (define (digits->string bytes) - (latin1->string bytes (lambda (c) #f))) - (let* ((year (sub-bytevector uuid 0 4)) - (month (sub-bytevector uuid 4 2)) - (day (sub-bytevector uuid 6 2)) - (hour (sub-bytevector uuid 8 2)) - (minute (sub-bytevector uuid 10 2)) - (second (sub-bytevector uuid 12 2)) - (hundredths (sub-bytevector uuid 14 2)) - (parts (list year month day hour minute second hundredths))) - (string-append (string-join (map digits->string parts) "-")))) - (define (iso9660-superblock-volume-name sblock) "Return the volume name of SBLOCK as a string. The volume name is an ASCII string. Trailing spaces are trimmed." @@ -511,99 +439,6 @@ (define find-partition-by-uuid (define find-partition-by-luks-uuid (find-partition luks-partition-uuid-predicate)) - -;;; -;;; UUIDs. -;;; - -(define-syntax %network-byte-order - (identifier-syntax (endianness big))) - -(define (dce-uuid->string uuid) - "Convert UUID, a 16-byte bytevector, to its string representation, something -like \"6b700d61-5550-48a1-874c-a3d86998990e\"." - ;; See . - (let ((time-low (bytevector-uint-ref uuid 0 %network-byte-order 4)) - (time-mid (bytevector-uint-ref uuid 4 %network-byte-order 2)) - (time-hi (bytevector-uint-ref uuid 6 %network-byte-order 2)) - (clock-seq (bytevector-uint-ref uuid 8 %network-byte-order 2)) - (node (bytevector-uint-ref uuid 10 %network-byte-order 6))) - (format #f "~8,'0x-~4,'0x-~4,'0x-~4,'0x-~12,'0x" - time-low time-mid time-hi clock-seq node))) - -(define %uuid-rx - ;; The regexp of a UUID. - (make-regexp "^([[:xdigit:]]{8})-([[:xdigit:]]{4})-([[:xdigit:]]{4})-([[:xdigit:]]{4})-([[:xdigit:]]{12})$")) - -(define (string->dce-uuid str) - "Parse STR as a DCE UUID (see ) and -return its contents as a 16-byte bytevector. Return #f if STR is not a valid -UUID representation." - (and=> (regexp-exec %uuid-rx str) - (lambda (match) - (letrec-syntax ((hex->number - (syntax-rules () - ((_ index) - (string->number (match:substring match index) - 16)))) - (put! - (syntax-rules () - ((_ bv index (number len) rest ...) - (begin - (bytevector-uint-set! bv index number - (endianness big) len) - (put! bv (+ index len) rest ...))) - ((_ bv index) - bv)))) - (let ((time-low (hex->number 1)) - (time-mid (hex->number 2)) - (time-hi (hex->number 3)) - (clock-seq (hex->number 4)) - (node (hex->number 5)) - (uuid (make-bytevector 16))) - (put! uuid 0 - (time-low 4) (time-mid 2) (time-hi 2) - (clock-seq 2) (node 6))))))) - -(define string->ext2-uuid string->dce-uuid) -(define string->ext3-uuid string->dce-uuid) -(define string->ext4-uuid string->dce-uuid) -(define string->btrfs-uuid string->dce-uuid) - -(define-syntax vhashq - (syntax-rules (=>) - ((_) - vlist-null) - ((_ (key others ... => value) rest ...) - (vhash-consq key value - (vhashq (others ... => value) rest ...))) - ((_ (=> value) rest ...) - (vhashq rest ...)))) - -(define %uuid-parsers - (vhashq - ('dce 'ext2 'ext3 'ext4 'btrfs 'luks => string->dce-uuid) - ('iso9660 => string->iso9660-uuid))) - -(define %uuid-printers - (vhashq - ('dce 'ext2 'ext3 'ext4 'btrfs 'luks => dce-uuid->string) - ('iso9660 => iso9660-uuid->string) - ('fat32 'fat => fat32-uuid->string))) - -(define* (string->uuid str #:key (type 'dce)) - "Parse STR as a UUID of the given TYPE. On success, return the -corresponding bytevector; otherwise return #f." - (match (vhash-assq type %uuid-parsers) - (#f #f) - ((_ . (? procedure? parse)) (parse str)))) - -(define* (uuid->string bv #:key (type 'dce)) - "Convert BV, a bytevector, to the UUID string representation for TYPE." - (match (vhash-assq type %uuid-printers) - (#f #f) - ((_ . (? procedure? unparse)) (unparse bv)))) - (define* (canonicalize-device-spec spec #:optional (title 'any)) "Return the device name corresponding to SPEC. TITLE is a symbol, one of diff --git a/gnu/build/vm.scm b/gnu/build/vm.scm index ad67a3727f..6da4fa654e 100644 --- a/gnu/build/vm.scm +++ b/gnu/build/vm.scm @@ -26,7 +26,7 @@ (define-module (gnu build vm) #:use-module (guix build syscalls) #:use-module (gnu build linux-boot) #:use-module (gnu build install) - #:use-module (gnu build file-systems) + #:use-module (gnu system uuid) #:use-module (guix records) #:use-module ((guix combinators) #:select (fold2)) #:use-module (ice-9 format) diff --git a/gnu/local.mk b/gnu/local.mk index e98ee6d7fe..c1bc391101 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -468,6 +468,7 @@ GNU_SYSTEM_MODULES = \ %D%/system/nss.scm \ %D%/system/pam.scm \ %D%/system/shadow.scm \ + %D%/system/uuid.scm \ %D%/system/vm.scm \ \ %D%/build/activation.scm \ diff --git a/gnu/system/file-systems.scm b/gnu/system/file-systems.scm index bbac23fbdf..dd30559d7e 100644 --- a/gnu/system/file-systems.scm +++ b/gnu/system/file-systems.scm @@ -20,9 +20,10 @@ (define-module (gnu system file-systems) #:use-module (ice-9 match) #:use-module (srfi srfi-1) #:use-module (guix records) - #:use-module ((gnu build file-systems) - #:select (string->uuid uuid->string)) - #:re-export (string->uuid + #:use-module ((gnu system uuid) + #:select (uuid string->uuid uuid->string)) + #:re-export (uuid ;backward compatibility + string->uuid uuid->string) #:export ( file-system @@ -44,7 +45,6 @@ (define-module (gnu system file-systems) file-system->spec spec->file-system specification->file-system-mapping - uuid %fuse-control-file-system %binary-format-file-system @@ -186,20 +186,6 @@ (define (specification->file-system-mapping spec writable?) (target spec) (writable? writable?))))) -(define-syntax uuid - (lambda (s) - "Return the bytevector corresponding to the given UUID representation." - (syntax-case s () - ((_ str) - (string? (syntax->datum #'str)) - ;; A literal string: do the conversion at expansion time. - (let ((bv (string->uuid (syntax->datum #'str)))) - (unless bv - (syntax-violation 'uuid "invalid UUID" s)) - (datum->syntax #'str bv))) - ((_ str) - #'(string->uuid str))))) - ;;; ;;; Common file systems. diff --git a/gnu/system/uuid.scm b/gnu/system/uuid.scm new file mode 100644 index 0000000000..64dad5a374 --- /dev/null +++ b/gnu/system/uuid.scm @@ -0,0 +1,227 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2016, 2017 Ludovic Courtès +;;; Copyright © 2017 Danny Milosavljevic +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu system uuid) + #:use-module (srfi srfi-1) + #:use-module (rnrs bytevectors) + #:use-module (ice-9 match) + #:use-module (ice-9 vlist) + #:use-module (ice-9 regex) + #:use-module (ice-9 format) + #:export (uuid + uuid->string + dce-uuid->string + string->uuid + string->dce-uuid + string->iso9660-uuid + string->ext2-uuid + string->ext3-uuid + string->ext4-uuid + string->btrfs-uuid + iso9660-uuid->string + + ;; XXX: For lack of a better place. + sub-bytevector + latin1->string)) + + +;;; +;;; Tools that lack a better place. +;;; + +(define (sub-bytevector bv start size) + "Return a copy of the SIZE bytes of BV starting from offset START." + (let ((result (make-bytevector size))) + (bytevector-copy! bv start result 0 size) + result)) + +(define (latin1->string bv terminator) + "Return a string of BV, a latin1 bytevector, or #f. TERMINATOR is a predicate +that takes a number and returns #t when a termination character is found." + (let ((bytes (take-while (negate terminator) (bytevector->u8-list bv)))) + (if (null? bytes) + #f + (list->string (map integer->char bytes))))) + + +;;; +;;; DCE UUIDs. +;;; + +(define-syntax %network-byte-order + (identifier-syntax (endianness big))) + +(define (dce-uuid->string uuid) + "Convert UUID, a 16-byte bytevector, to its string representation, something +like \"6b700d61-5550-48a1-874c-a3d86998990e\"." + ;; See . + (let ((time-low (bytevector-uint-ref uuid 0 %network-byte-order 4)) + (time-mid (bytevector-uint-ref uuid 4 %network-byte-order 2)) + (time-hi (bytevector-uint-ref uuid 6 %network-byte-order 2)) + (clock-seq (bytevector-uint-ref uuid 8 %network-byte-order 2)) + (node (bytevector-uint-ref uuid 10 %network-byte-order 6))) + (format #f "~8,'0x-~4,'0x-~4,'0x-~4,'0x-~12,'0x" + time-low time-mid time-hi clock-seq node))) + +(define %uuid-rx + ;; The regexp of a UUID. + (make-regexp "^([[:xdigit:]]{8})-([[:xdigit:]]{4})-([[:xdigit:]]{4})-([[:xdigit:]]{4})-([[:xdigit:]]{12})$")) + +(define (string->dce-uuid str) + "Parse STR as a DCE UUID (see ) and +return its contents as a 16-byte bytevector. Return #f if STR is not a valid +UUID representation." + (and=> (regexp-exec %uuid-rx str) + (lambda (match) + (letrec-syntax ((hex->number + (syntax-rules () + ((_ index) + (string->number (match:substring match index) + 16)))) + (put! + (syntax-rules () + ((_ bv index (number len) rest ...) + (begin + (bytevector-uint-set! bv index number + (endianness big) len) + (put! bv (+ index len) rest ...))) + ((_ bv index) + bv)))) + (let ((time-low (hex->number 1)) + (time-mid (hex->number 2)) + (time-hi (hex->number 3)) + (clock-seq (hex->number 4)) + (node (hex->number 5)) + (uuid (make-bytevector 16))) + (put! uuid 0 + (time-low 4) (time-mid 2) (time-hi 2) + (clock-seq 2) (node 6))))))) + + +;;; +;;; ISO-9660. +;;; + +;; . + +(define %iso9660-uuid-rx + ;; Y m d H M S ss + (make-regexp "^([[:digit:]]{4})-([[:digit:]]{2})-([[:digit:]]{2})-([[:digit:]]{2})-([[:digit:]]{2})-([[:digit:]]{2})-([[:digit:]]{2})$")) +(define (string->iso9660-uuid str) + "Parse STR as a ISO9660 UUID (which is really a timestamp - see /dev/disk/by-uuid). +Return its contents as a 16-byte bytevector. Return #f if STR is not a valid +ISO9660 UUID representation." + (and=> (regexp-exec %iso9660-uuid-rx str) + (lambda (match) + (letrec-syntax ((match-numerals + (syntax-rules () + ((_ index (name rest ...) body) + (let ((name (match:substring match index))) + (match-numerals (+ 1 index) (rest ...) body))) + ((_ index () body) + body)))) + (match-numerals 1 (year month day hour minute second hundredths) + (string->utf8 (string-append year month day + hour minute second hundredths))))))) +(define (iso9660-uuid->string uuid) + "Given an UUID bytevector, return its timestamp string." + (define (digits->string bytes) + (latin1->string bytes (lambda (c) #f))) + (let* ((year (sub-bytevector uuid 0 4)) + (month (sub-bytevector uuid 4 2)) + (day (sub-bytevector uuid 6 2)) + (hour (sub-bytevector uuid 8 2)) + (minute (sub-bytevector uuid 10 2)) + (second (sub-bytevector uuid 12 2)) + (hundredths (sub-bytevector uuid 14 2)) + (parts (list year month day hour minute second hundredths))) + (string-append (string-join (map digits->string parts) "-")))) + + +;;; +;;; FAT32. +;;; + +(define-syntax %fat32-endianness + ;; Endianness of FAT file systems. + (identifier-syntax (endianness little))) + +(define (fat32-uuid->string uuid) + "Convert fat32 UUID, a 4-byte bytevector, to its string representation." + (let ((high (bytevector-uint-ref uuid 0 %fat32-endianness 2)) + (low (bytevector-uint-ref uuid 2 %fat32-endianness 2))) + (format #f "~:@(~x-~x~)" low high))) + + +;;; +;;; Generic interface. +;;; + +(define string->ext2-uuid string->dce-uuid) +(define string->ext3-uuid string->dce-uuid) +(define string->ext4-uuid string->dce-uuid) +(define string->btrfs-uuid string->dce-uuid) + +(define-syntax vhashq + (syntax-rules (=>) + ((_) + vlist-null) + ((_ (key others ... => value) rest ...) + (vhash-consq key value + (vhashq (others ... => value) rest ...))) + ((_ (=> value) rest ...) + (vhashq rest ...)))) + +(define %uuid-parsers + (vhashq + ('dce 'ext2 'ext3 'ext4 'btrfs 'luks => string->dce-uuid) + ('iso9660 => string->iso9660-uuid))) + +(define %uuid-printers + (vhashq + ('dce 'ext2 'ext3 'ext4 'btrfs 'luks => dce-uuid->string) + ('iso9660 => iso9660-uuid->string) + ('fat32 'fat => fat32-uuid->string))) + +(define* (string->uuid str #:key (type 'dce)) + "Parse STR as a UUID of the given TYPE. On success, return the +corresponding bytevector; otherwise return #f." + (match (vhash-assq type %uuid-parsers) + (#f #f) + ((_ . (? procedure? parse)) (parse str)))) + +(define* (uuid->string bv #:key (type 'dce)) + "Convert BV, a bytevector, to the UUID string representation for TYPE." + (match (vhash-assq type %uuid-printers) + (#f #f) + ((_ . (? procedure? unparse)) (unparse bv)))) + +(define-syntax uuid + (lambda (s) + "Return the bytevector corresponding to the given UUID representation." + (syntax-case s () + ((_ str) + (string? (syntax->datum #'str)) + ;; A literal string: do the conversion at expansion time. + (let ((bv (string->uuid (syntax->datum #'str)))) + (unless bv + (syntax-violation 'uuid "invalid UUID" s)) + (datum->syntax #'str bv))) + ((_ str) + #'(string->uuid str))))) -- cgit v1.2.3 From 27236a43486b8fbb9d55d533e558165bab07d020 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Wed, 13 Sep 2017 10:30:47 -0400 Subject: gnu: bluez: Add replacement to fix CVE-2017-1000250. * gnu/packages/patches/bluez-CVE-2017-1000250.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/linux.scm (bluez)[replacement]: New field. (bluez/fixed): New variable. --- gnu/local.mk | 1 + gnu/packages/linux.scm | 15 ++++++++ gnu/packages/patches/bluez-CVE-2017-1000250.patch | 42 +++++++++++++++++++++++ 3 files changed, 58 insertions(+) create mode 100644 gnu/packages/patches/bluez-CVE-2017-1000250.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index c1bc391101..1f55e52bfd 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -536,6 +536,7 @@ dist_patch_DATA = \ %D%/packages/patches/binutils-ld-new-dtags.patch \ %D%/packages/patches/binutils-loongson-workaround.patch \ %D%/packages/patches/blast+-fix-makefile.patch \ + %D%/packages/patches/bluez-CVE-2017-1000250.patch \ %D%/packages/patches/byobu-writable-status.patch \ %D%/packages/patches/cairo-CVE-2016-9082.patch \ %D%/packages/patches/calibre-no-updates-dialog.patch \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 22f22c036c..28a5e5b885 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -3013,6 +3013,7 @@ (define-public bluez (package (name "bluez") (version "5.45") + (replacement bluez/fixed) (source (origin (method url-fetch) (uri (string-append @@ -3074,6 +3075,20 @@ (define-public bluez is flexible, efficient and uses a modular implementation.") (license license:gpl2+))) +(define bluez/fixed + (package + (inherit bluez) + (version "5.45") + (source (origin + (method url-fetch) + (uri (string-append + "mirror://kernel.org/linux/bluetooth/bluez-" + version ".tar.xz")) + (sha256 + (base32 + "1sb4aflgyrl7apricjipa8wx95qm69yja0lmn2f19g560c3v1b2c")) + (patches (search-patches "bluez-CVE-2017-1000250.patch")))))) + (define-public fuse-exfat (package (name "fuse-exfat") diff --git a/gnu/packages/patches/bluez-CVE-2017-1000250.patch b/gnu/packages/patches/bluez-CVE-2017-1000250.patch new file mode 100644 index 0000000000..81f209d7b2 --- /dev/null +++ b/gnu/packages/patches/bluez-CVE-2017-1000250.patch @@ -0,0 +1,42 @@ +Description: CVE-2017-1000250: information disclosure vulnerability in service_search_attr_req +Origin: vendor +Bug-Debian: https://bugs.debian.org/875633 +Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1489446 +Bug-SuSE: https://bugzilla.suse.com/show_bug.cgi?id=1057342 +Forwarded: no +Author: Armis Security +Reviewed-by: Salvatore Bonaccorso +Last-Update: 2017-09-13 + +--- a/src/sdpd-request.c ++++ b/src/sdpd-request.c +@@ -918,15 +918,20 @@ static int service_search_attr_req(sdp_r + /* continuation State exists -> get from cache */ + sdp_buf_t *pCache = sdp_get_cached_rsp(cstate); + if (pCache) { +- uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent); +- pResponse = pCache->data; +- memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent); +- buf->data_size += sent; +- cstate->cStateValue.maxBytesSent += sent; +- if (cstate->cStateValue.maxBytesSent == pCache->data_size) +- cstate_size = sdp_set_cstate_pdu(buf, NULL); +- else +- cstate_size = sdp_set_cstate_pdu(buf, cstate); ++ if (cstate->cStateValue.maxBytesSent >= pCache->data_size) { ++ status = SDP_INVALID_CSTATE; ++ SDPDBG("Got bad cstate with invalid size"); ++ } else { ++ uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent); ++ pResponse = pCache->data; ++ memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent); ++ buf->data_size += sent; ++ cstate->cStateValue.maxBytesSent += sent; ++ if (cstate->cStateValue.maxBytesSent == pCache->data_size) ++ cstate_size = sdp_set_cstate_pdu(buf, NULL); ++ else ++ cstate_size = sdp_set_cstate_pdu(buf, cstate); ++ } + } else { + status = SDP_INVALID_CSTATE; + SDPDBG("Non-null continuation state, but null cache buffer"); -- cgit v1.2.3 From db7f7eb8ca670ee5d76e3bad3ada29e87e3f6a10 Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Sun, 10 Sep 2017 12:19:06 -0400 Subject: gnu: graphicsmagick: Fix CVE-2017-{11403,14103}. * gnu/packages/imagemagick.scm (graphicsmagick)[source]: Add patch. * gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/imagemagick.scm | 3 +- ...phicsmagick-CVE-2017-11403+CVE-2017-14103.patch | 137 +++++++++++++++++++++ 3 files changed, 140 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 1f55e52bfd..4fefa3b10b 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -678,6 +678,7 @@ dist_patch_DATA = \ %D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \ %D%/packages/patches/gobject-introspection-cc.patch \ %D%/packages/patches/gobject-introspection-girepository.patch \ + %D%/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch \ %D%/packages/patches/graphicsmagick-CVE-2017-12935.patch \ %D%/packages/patches/graphicsmagick-CVE-2017-12936.patch \ %D%/packages/patches/graphicsmagick-CVE-2017-12937.patch \ diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm index 72b4643735..5f3e3ad96d 100644 --- a/gnu/packages/imagemagick.scm +++ b/gnu/packages/imagemagick.scm @@ -178,7 +178,8 @@ (define-public graphicsmagick (base32 "122zgs96dqrys62mnh8x5yvfff6km4d3yrnvaxzg3mg5sprib87v")) (patches - (search-patches "graphicsmagick-CVE-2017-12935.patch" + (search-patches "graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch" + "graphicsmagick-CVE-2017-12935.patch" "graphicsmagick-CVE-2017-12936.patch" "graphicsmagick-CVE-2017-12937.patch" "graphicsmagick-CVE-2017-13775.patch" diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch new file mode 100644 index 0000000000..dbcaea1343 --- /dev/null +++ b/gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch @@ -0,0 +1,137 @@ +http://www.openwall.com/lists/oss-security/2017/09/01/6 + +CVE-2017-11403: +http://hg.code.sf.net/p/graphicsmagick/code/rev/d0a76868ca37 + +CVE-2017-14103: +http://hg.code.sf.net/p/graphicsmagick/code/rev/98721124e51f + +some changes were made to make the patch apply + +# HG changeset patch +# User Glenn Randers-Pehrson +# Date 1503875721 14400 +# Node ID 98721124e51fd5ec0c6fba64bce2e218869632d2 +# Parent f0f2ea85a2930f3b6dcd72352719adb9660f2aad +Attempt to fix Issue 440. + +diff -ru a/coders/png.c b/coders/png.c +--- a/coders/png.c 1969-12-31 19:00:00.000000000 -0500 ++++ b/coders/png.c 2017-09-10 11:31:56.543194173 -0400 +@@ -3106,7 +3106,9 @@ + if (length > PNG_MAX_UINT || count == 0) + { + DestroyJNGInfo(color_image_info,alpha_image_info); +- ThrowReaderException(CorruptImageError,CorruptImage,image); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ "chunk length (%lu) > PNG_MAX_UINT",length); ++ return ((Image*)NULL); + } + + chunk=(unsigned char *) NULL; +@@ -3117,13 +3119,16 @@ + if (chunk == (unsigned char *) NULL) + { + DestroyJNGInfo(color_image_info,alpha_image_info); +- ThrowReaderException(ResourceLimitError,MemoryAllocationFailed, +- image); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " Could not allocate chunk memory"); ++ return ((Image*)NULL); + } + if (ReadBlob(image,length,chunk) < length) + { + DestroyJNGInfo(color_image_info,alpha_image_info); +- ThrowReaderException(CorruptImageError,CorruptImage,image); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " chunk reading was incomplete"); ++ return ((Image*)NULL); + } + p=chunk; + } +@@ -3198,7 +3203,7 @@ + jng_width, jng_height); + MagickFreeMemory(chunk); + DestroyJNGInfo(color_image_info,alpha_image_info); +- ThrowReaderException(CorruptImageError,ImproperImageHeader,image); ++ return ((Image *)NULL); + } + + /* Temporarily set width and height resources to match JHDR */ +@@ -3233,8 +3238,9 @@ + if (color_image == (Image *) NULL) + { + DestroyJNGInfo(color_image_info,alpha_image_info); +- ThrowReaderException(ResourceLimitError,MemoryAllocationFailed, +- image); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " could not open color_image blob"); ++ return ((Image *)NULL); + } + if (logging) + (void) LogMagickEvent(CoderEvent,GetMagickModule(), +@@ -3245,7 +3251,9 @@ + if (status == MagickFalse) + { + DestroyJNGInfo(color_image_info,alpha_image_info); +- ThrowReaderException(CoderError,UnableToOpenBlob,color_image); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " could not open color_image blob"); ++ return ((Image *)NULL); + } + + if (!image_info->ping && jng_color_type >= 12) +@@ -3255,17 +3263,18 @@ + if (alpha_image_info == (ImageInfo *) NULL) + { + DestroyJNGInfo(color_image_info,alpha_image_info); +- ThrowReaderException(ResourceLimitError, +- MemoryAllocationFailed, image); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " could not allocate alpha_image_info",length); ++ return ((Image *)NULL); + } + GetImageInfo(alpha_image_info); + alpha_image=AllocateImage(alpha_image_info); + if (alpha_image == (Image *) NULL) + { + DestroyJNGInfo(color_image_info,alpha_image_info); +- ThrowReaderException(ResourceLimitError, +- MemoryAllocationFailed, +- alpha_image); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " could not allocate alpha_image"); ++ return ((Image *)NULL); + } + if (logging) + (void) LogMagickEvent(CoderEvent,GetMagickModule(), +@@ -3277,7 +3286,9 @@ + { + DestroyJNGInfo(color_image_info,alpha_image_info); + DestroyImage(alpha_image); +- ThrowReaderException(CoderError,UnableToOpenBlob,image); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " could not allocate alpha_image blob"); ++ return ((Image *)NULL); + } + if (jng_alpha_compression_method == 0) + { +@@ -3613,6 +3624,8 @@ + alpha_image = (Image *)NULL; + DestroyImageInfo(alpha_image_info); + alpha_image_info = (ImageInfo *)NULL; ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " Destroy the JNG image"); + DestroyImage(jng_image); + jng_image = (Image *)NULL; + } +@@ -5146,8 +5159,8 @@ + + if (image == (Image *) NULL) + { +- DestroyImageList(previous); + CloseBlob(previous); ++ DestroyImageList(previous); + MngInfoFreeStruct(mng_info,&have_mng_structure); + return((Image *) NULL); + } -- cgit v1.2.3 From 2206bd340b6d55b69779acc894d122eeea421339 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Thu, 14 Sep 2017 19:32:36 +0300 Subject: gnu: Add gnucobol. * gnu/packages/cobol.scm (gnucobol): New variable. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. --- gnu/local.mk | 1 + gnu/packages/cobol.scm | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+) create mode 100644 gnu/packages/cobol.scm (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 4fefa3b10b..f2feca0524 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -88,6 +88,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/chez.scm \ %D%/packages/ci.scm \ %D%/packages/cmake.scm \ + %D%/packages/cobol.scm \ %D%/packages/code.scm \ %D%/packages/commencement.scm \ %D%/packages/compression.scm \ diff --git a/gnu/packages/cobol.scm b/gnu/packages/cobol.scm new file mode 100644 index 0000000000..f8f35928a7 --- /dev/null +++ b/gnu/packages/cobol.scm @@ -0,0 +1,59 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 Efraim Flashner +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages cobol) + #:use-module (gnu packages) + #:use-module (guix build-system gnu) + #:use-module (guix licenses) + #:use-module (guix packages) + #:use-module (guix download) + #:use-module (gnu packages databases) + #:use-module (gnu packages multiprecision) + #:use-module (gnu packages ncurses)) + +(define-public gnucobol + (package + (name "gnucobol") + (version "2.2") + (source + (origin + (method url-fetch) + (uri (string-append + "mirror://gnu/gnucobol/gnucobol-" + version ".tar.xz")) + (sha256 + (base32 + "1814s1n95xax2dz938cf4fkcp0q94nkj1gjbdblbzpk9q92zq66w")))) + (arguments + '(#:configure-flags (list (string-append "LDFLAGS=-Wl,-rpath=" + (assoc-ref %outputs "out") + "/lib")))) + (inputs + `(("bdb" ,bdb) + ("gmp" ,gmp) + ("ncurses" ,ncurses))) + (build-system gnu-build-system) + (home-page "https://savannah.gnu.org/projects/gnucobol/") + (synopsis "A modern COBOL compiler") + (description "GnuCOBOL is a free, modern COBOL compiler. GnuCOBOL +implements a substantial part of the COBOL 85, COBOL 2002 and COBOL 2014 +standards and X/Open COBOL, as well as many extensions included in other +COBOL compilers (IBM COBOL, MicroFocus COBOL, ACUCOBOL-GT and others). +GnuCOBOL translates COBOL into C and compiles the translated code using +a native C compiler.") + (license gpl3+))) -- cgit v1.2.3 From 8f21aa22bf4b731ed0e5631c371846028e5cec0d Mon Sep 17 00:00:00 2001 From: Paul Garlick Date: Thu, 14 Sep 2017 16:46:21 +0100 Subject: gnu: Add openfoam. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit *gnu/packages/patches/openfoam-4.1-cleanup.patch: New file *gnu/packages/simulation.scm: New file *gnu/local.mk (GNU_SYSTEM_MODULES): Add module. (dist_patch_DATA): Add patch. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 2 + gnu/packages/patches/openfoam-4.1-cleanup.patch | 243 ++++++++++++++++++++++++ gnu/packages/simulation.scm | 212 +++++++++++++++++++++ 3 files changed, 457 insertions(+) create mode 100644 gnu/packages/patches/openfoam-4.1-cleanup.patch create mode 100644 gnu/packages/simulation.scm (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index f2feca0524..c906f34a3e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -364,6 +364,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/shells.scm \ %D%/packages/shellutils.scm \ %D%/packages/simh.scm \ + %D%/packages/simulation.scm \ %D%/packages/skarnet.scm \ %D%/packages/skribilo.scm \ %D%/packages/slang.scm \ @@ -895,6 +896,7 @@ dist_patch_DATA = \ %D%/packages/patches/ola-readdir-r.patch \ %D%/packages/patches/openscenegraph-ffmpeg3.patch \ %D%/packages/patches/openexr-missing-samples.patch \ + %D%/packages/patches/openfoam-4.1-cleanup.patch \ %D%/packages/patches/openjpeg-CVE-2017-12982.patch \ %D%/packages/patches/openjpeg-CVE-2017-14040.patch \ %D%/packages/patches/openjpeg-CVE-2017-14041.patch \ diff --git a/gnu/packages/patches/openfoam-4.1-cleanup.patch b/gnu/packages/patches/openfoam-4.1-cleanup.patch new file mode 100644 index 0000000000..37effa5c9c --- /dev/null +++ b/gnu/packages/patches/openfoam-4.1-cleanup.patch @@ -0,0 +1,243 @@ +# This patch removes all need for the ThirdParty files of OpenFOAM. + +# Derived from EasyBuild patch by Ward Poelmans . +# Modified for GNU Guix by Paul Garlick . + +diff -ur OpenFOAM-4.x-version-4.1.org/applications/utilities/mesh/manipulation/setSet/Allwmake OpenFOAM-4.x-version-4.1/applications/utilities/mesh/manipulation/setSet/Allwmake +--- OpenFOAM-4.x-version-4.1.org/applications/utilities/mesh/manipulation/setSet/Allwmake ++++ OpenFOAM-4.x-version-4.1/applications/utilities/mesh/manipulation/setSet/Allwmake +@@ -9,7 +9,7 @@ + # + # use readline if available + # +-if [ -f /usr/include/readline/readline.h ] ++if true + then + echo "Found -- enabling readline support." + export COMP_FLAGS="-DHAS_READLINE" +diff -ur OpenFOAM-4.x-version-4.1.org/etc/bashrc OpenFOAM-4.x-version-4.1/etc/bashrc +--- OpenFOAM-4.x-version-4.1.org/etc/bashrc ++++ OpenFOAM-4.x-version-4.1/etc/bashrc +@@ -43,8 +43,10 @@ + # Please set to the appropriate path if the default is not correct. + # + [ $BASH_SOURCE ] && \ +-export FOAM_INST_DIR=$(cd ${BASH_SOURCE%/*/*/*} && pwd -P) || \ ++export FOAM_INST_DIR=$(cd $(dirname $BASH_SOURCE)/../.. && pwd -P) || \ + export FOAM_INST_DIR=$HOME/$WM_PROJECT ++# For GNU Guix: set initially for build then re-set at runtime ++# + # export FOAM_INST_DIR=~$WM_PROJECT + # export FOAM_INST_DIR=/opt/$WM_PROJECT + # export FOAM_INST_DIR=/usr/local/$WM_PROJECT +diff -ur OpenFOAM-4.x-version-4.1.org/etc/config.sh/CGAL OpenFOAM-4.x-version-4.1/etc/config.sh/CGAL +--- OpenFOAM-4.x-version-4.1.org/etc/config.sh/CGAL ++++ OpenFOAM-4.x-version-4.1/etc/config.sh/CGAL +@@ -36,37 +36,7 @@ + # + #------------------------------------------------------------------------------ + +-boost_version=boost-system +-cgal_version=cgal-system +-#cgal_version=CGAL-4.8 +- +-if [ -z "$SOURCE_CGAL_VERSIONS_ONLY" ] +-then +- +- common_path=$WM_THIRD_PARTY_DIR/platforms/$WM_ARCH$WM_COMPILER +- +- export BOOST_ARCH_PATH=$common_path/$boost_version +- export CGAL_ARCH_PATH=$common_path/$cgal_version +- +- if [ "$FOAM_VERBOSE" -a "$PS1" ] +- then +- echo "Using CGAL and boost" 1>&2 +- echo " $cgal_version at $CGAL_ARCH_PATH" 1>&2 +- echo " $boost_version at $BOOST_ARCH_PATH" 1>&2 +- fi +- +- if [ -d "$CGAL_ARCH_PATH" -a "$cgal_version" != "cgal-system" ] +- then +- _foamAddLib $CGAL_ARCH_PATH/lib +- fi +- +- if [ -d "$BOOST_ARCH_PATH" -a "$boost_version" != "boost-system" ] +- then +- _foamAddLib $BOOST_ARCH_PATH/lib +- fi +- +- unset boost_version cgal_version common_path +- +-fi ++export CGAL_ARCH_PATH=$CGAL_ROOT ++export BOOST_ARCH_PATH=$BOOST_ROOT + + #------------------------------------------------------------------------------ +diff -ur OpenFOAM-4.x-version-4.1.org/etc/config.sh/gperftools OpenFOAM-4.x-version-4.1/etc/config.sh/gperftools +--- OpenFOAM-4.x-version-4.1.org/etc/config.sh/gperftools ++++ OpenFOAM-4.x-version-4.1/etc/config.sh/gperftools +@@ -29,13 +29,5 @@ + # + #------------------------------------------------------------------------------ + +-version=svn +-gperftools_install=$WM_THIRD_PARTY_DIR/platforms/$WM_ARCH$WM_COMPILER +- +-GPERFTOOLS_VERSION=gperftools-$version +-GPERFTOOLS_ARCH_PATH=$gperftools_install/$GPERFTOOLS_VERSION +- +-export PATH=$GPERFTOOLS_ARCH_PATH/bin:$PATH +-export LD_LIBRARY_PATH=$GPERFTOOLS_ARCH_PATH/lib:$LD_LIBRARY_PATH + + #------------------------------------------------------------------------------ +diff -ur OpenFOAM-4.x-version-4.1.org/etc/config.sh/metis OpenFOAM-4.x-version-4.1/etc/config.sh/metis +--- OpenFOAM-4.x-version-4.1.org/etc/config.sh/metis ++++ OpenFOAM-4.x-version-4.1/etc/config.sh/metis +@@ -34,7 +34,7 @@ + # + #------------------------------------------------------------------------------ + +-export METIS_VERSION=metis-5.1.0 +-export METIS_ARCH_PATH=$WM_THIRD_PARTY_DIR/platforms/$WM_ARCH$WM_COMPILER$WM_PRECISION_OPTION$WM_LABEL_OPTION/$METIS_VERSION ++export METIS_VERSION=metis-$METISVERSION ++export METIS_ARCH_PATH=$METIS_ROOT + + #------------------------------------------------------------------------------ +diff -ur OpenFOAM-4.x-version-4.1.org/etc/config.sh/scotch OpenFOAM-4.x-version-4.1/etc/config.sh/scotch +--- OpenFOAM-4.x-version-4.1.org/etc/config.sh/scotch ++++ OpenFOAM-4.x-version-4.1/etc/config.sh/scotch +@@ -37,7 +37,7 @@ + # + #------------------------------------------------------------------------------ + +-export SCOTCH_VERSION=scotch_6.0.3 +-export SCOTCH_ARCH_PATH=$WM_THIRD_PARTY_DIR/platforms/$WM_ARCH$WM_COMPILER$WM_PRECISION_OPTION$WM_LABEL_OPTION/$SCOTCH_VERSION ++export SCOTCH_VERSION=scotch_$SCOTCHVERSION ++export SCOTCH_ARCH_PATH=$SCOTCH_ROOT + + #------------------------------------------------------------------------------ +diff -ur OpenFOAM-4.x-version-4.1.org/etc/config.sh/settings OpenFOAM-4.x-version-4.1/etc/config.sh/settings +--- OpenFOAM-4.x-version-4.1.org/etc/config.sh/settings ++++ OpenFOAM-4.x-version-4.1/etc/config.sh/settings +@@ -279,6 +279,9 @@ + ;; + system) + # Use system compiler ++ # Use system GMP and MPFR packages ++ export GMP_ARCH_PATH=$GMP_ROOT ++ export MPFR_ARCH_PATH=$MPFR_ROOT + ;; + *) + echo "Warn: WM_COMPILER_TYPE='$WM_COMPILER_TYPE' is unsupported" 1>&2 +diff -ur OpenFOAM-4.x-version-4.1.org/src/parallel/decompose/ptscotchDecomp/Make/options OpenFOAM-4.x-version-4.1/src/parallel/decompose/ptscotchDecomp/Make/options +--- OpenFOAM-4.x-version-4.1.org/src/parallel/decompose/ptscotchDecomp/Make/options ++++ OpenFOAM-4.x-version-4.1/src/parallel/decompose/ptscotchDecomp/Make/options +@@ -5,8 +5,7 @@ + $(PFLAGS) $(PINC) \ + -I$(SCOTCH_ROOT)/include \ + -I$(SCOTCH_ARCH_PATH)/include/$(FOAM_MPI) \ +- -I/usr/include/scotch \ + -I../decompositionMethods/lnInclude + + LIB_LIBS = \ +- -L$(SCOTCH_ROOT)/lib -L$(FOAM_EXT_LIBBIN)/$(FOAM_MPI) -lptscotch -lptscotcherrexit -lscotch ${LINK_FLAGS} -lrt ++ -L$(SCOTCH_ROOT)/lib -L$(MPI_ARCH_PATH)/lib -lptscotch -lptscotcherrexit -lscotch ${LINK_FLAGS} -lrt +diff -ur OpenFOAM-4.x-version-4.1.org/src/parallel/decompose/scotchDecomp/Make/options OpenFOAM-4.x-version-4.1/src/parallel/decompose/scotchDecomp/Make/options +--- OpenFOAM-4.x-version-4.1.org/src/parallel/decompose/scotchDecomp/Make/options ++++ OpenFOAM-4.x-version-4.1/src/parallel/decompose/scotchDecomp/Make/options +@@ -9,8 +9,7 @@ + $(PFLAGS) $(PINC) \ + -I$(SCOTCH_ROOT)/include \ + -I$(SCOTCH_ARCH_PATH)/include \ +- -I/usr/include/scotch \ + -I../decompositionMethods/lnInclude + + LIB_LIBS = \ +- -L$(SCOTCH_ROOT)/lib -L$(FOAM_EXT_LIBBIN) -lscotch -lscotcherrexit -lrt ++ -L$(SCOTCH_ROOT)/lib -lscotch -lscotcherrexit -lrt +diff -ur OpenFOAM-4.x-version-4.1.org/wmake/makefiles/general OpenFOAM-4.x-version-4.1/wmake/makefiles/general +--- OpenFOAM-4.x-version-4.1.org/wmake/makefiles/general ++++ OpenFOAM-4.x-version-4.1/wmake/makefiles/general +@@ -33,7 +33,6 @@ + # The Makefile uses a POSIX shell + #------------------------------------------------------------------------------ + +-SHELL = /bin/sh + + + #------------------------------------------------------------------------------ +diff -ur OpenFOAM-4.x-version-4.1.org/wmake/wmake OpenFOAM-4.x-version-4.1/wmake/wmake +--- OpenFOAM-4.x-version-4.1.org/wmake/wmake ++++ OpenFOAM-4.x-version-4.1/wmake/wmake +@@ -163,7 +163,7 @@ + then + if [ "$WM_NCOMPPROCS" -gt 1 -a ! "$MAKEFLAGS" ] + then +- lockDir=$HOME/.$WM_PROJECT/.wmake ++ lockDir=$(cd $(dirname $BASH_SOURCE)/../.. && pwd -P)/.$WM_PROJECT/.wmake + + if [ -d $lockDir ] + then +diff -ur OpenFOAM-4.x-version-4.1.org/wmake/wmakeScheduler OpenFOAM-4.x-version-4.1/wmake/wmakeScheduler +--- OpenFOAM-4.x-version-4.1.org/wmake/wmakeScheduler ++++ OpenFOAM-4.x-version-4.1/wmake/wmakeScheduler +@@ -53,7 +53,7 @@ + # csh sets HOST, bash sets HOSTNAME + : ${HOST:=$HOSTNAME} + +-lockDir=$HOME/.$WM_PROJECT/.wmake ++lockDir=$(cd $(dirname $BASH_SOURCE)/../.. && pwd -P)/.$WM_PROJECT/.wmake + + # Fallback - 1 core on current host + : ${WM_HOSTS:=$HOST:1} +diff -ur OpenFOAM-4.x-version-4.1.org/wmake/wmakeSchedulerUptime OpenFOAM-4.x-version-4.1/wmake/wmakeSchedulerUptime +--- OpenFOAM-4.x-version-4.1.org/wmake/wmakeSchedulerUptime ++++ OpenFOAM-4.x-version-4.1/wmake/wmakeSchedulerUptime +@@ -53,7 +53,7 @@ + # csh sets HOST, bash sets HOSTNAME + : ${HOST:=$HOSTNAME} + +-lockDir=$HOME/.$WM_PROJECT/.wmake ++lockDir=$(cd $(dirname $BASH_SOURCE)/../.. && pwd -P)/.$WM_PROJECT/.wmake + # Fallback - 1 core on current host + : ${WM_HOSTS:=$HOST:1} + +diff -ur OpenFOAM-4.x-version-4.1.org/src/parallel/decompose/metisDecomp/metisDecomp.C OpenFOAM-4.x-version-4.1/src/parallel/decompose/metisDecomp/metisDecomp.C +--- OpenFOAM-4.x-version-4.1.org/src/parallel/decompose/metisDecomp/metisDecomp.C ++++ OpenFOAM-4.x-version-4.1/src/parallel/decompose/metisDecomp/metisDecomp.C +@@ -67,7 +67,7 @@ + + // Processor weights initialised with no size, only used if specified in + // a file +- Field processorWeights; ++ Field processorWeights; + + // Cell weights (so on the vertices of the dual) + List