From 6ca15c9ef615979862a07c02bd316e7f12a0c7ca Mon Sep 17 00:00:00 2001 From: Pierre Langlois Date: Thu, 8 Feb 2018 09:57:41 +0000 Subject: gnu: crypto++: Update to 6.0.0. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/crypto.scm (crypto++): Update to 6.0.0. * gnu/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. Signed-off-by: Ludovic Courtès --- .../crypto++-fix-dos-in-asn.1-decoders.patch | 65 ---------------------- 1 file changed, 65 deletions(-) delete mode 100644 gnu/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch b/gnu/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch deleted file mode 100644 index 88b2e7f25a..0000000000 --- a/gnu/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 3d9181d7bdd8e491f745dbc9e34bd20b6f6da069 Mon Sep 17 00:00:00 2001 -From: Gergely Nagy -Date: Wed, 14 Dec 2016 13:19:01 +0100 -Subject: [PATCH] Fix possible DoS in ASN.1 decoders (CVE-2016-9939) - ---- - asn.cpp | 10 ++++++++++ - asn.h | 2 ++ - 2 files changed, 12 insertions(+) - -diff --git a/asn.cpp b/asn.cpp -index 297ff010..2e923ef7 100644 ---- a/asn.cpp -+++ b/asn.cpp -@@ -123,6 +123,8 @@ size_t BERDecodeOctetString(BufferedTransformation &bt, SecByteBlock &str) - size_t bc; - if (!BERLengthDecode(bt, bc)) - BERDecodeError(); -+ if (bc > bt.MaxRetrievable()) -+ BERDecodeError(); - - str.New(bc); - if (bc != bt.Get(str, bc)) -@@ -139,6 +141,8 @@ size_t BERDecodeOctetString(BufferedTransformation &bt, BufferedTransformation & - size_t bc; - if (!BERLengthDecode(bt, bc)) - BERDecodeError(); -+ if (bc > bt.MaxRetrievable()) -+ BERDecodeError(); - - bt.TransferTo(str, bc); - return bc; -@@ -161,6 +165,8 @@ size_t BERDecodeTextString(BufferedTransformation &bt, std::string &str, byte as - size_t bc; - if (!BERLengthDecode(bt, bc)) - BERDecodeError(); -+ if (bc > bt.MaxRetrievable()) -+ BERDecodeError(); - - SecByteBlock temp(bc); - if (bc != bt.Get(temp, bc)) -@@ -188,6 +194,10 @@ size_t BERDecodeBitString(BufferedTransformation &bt, SecByteBlock &str, unsigne - size_t bc; - if (!BERLengthDecode(bt, bc)) - BERDecodeError(); -+ if (bc == 0) -+ BERDecodeError(); -+ if (bc > bt.MaxRetrievable()) -+ BERDecodeError(); - - byte unused; - if (!bt.Get(unused)) -diff --git a/asn.h b/asn.h -index ed9de52c..33f0dd09 100644 ---- a/asn.h -+++ b/asn.h -@@ -498,6 +498,8 @@ void BERDecodeUnsigned(BufferedTransformation &in, T &w, byte asnTag = INTEGER, - bool definite = BERLengthDecode(in, bc); - if (!definite) - BERDecodeError(); -+ if (bc > in.MaxRetrievable()) -+ BERDecodeError(); - - SecByteBlock buf(bc); - -- cgit v1.2.3 From a124e4258ad911e1a65edb6c7d7d8f095249db5f Mon Sep 17 00:00:00 2001 From: Danny Milosavljevic Date: Thu, 15 Feb 2018 17:19:28 +0100 Subject: gnu: ghc: Make memory allocator decommit memory on Linux < 4.5. * gnu/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/haskell.scm (ghc-8): Use it. --- gnu/local.mk | 1 + gnu/packages/haskell.scm | 3 +- .../ghc-8.0-fall-back-to-madv_dontneed.patch | 61 ++++++++++++++++++++++ 3 files changed, 64 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 4a258dd3cd..7fe374208b 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -679,6 +679,7 @@ dist_patch_DATA = \ %D%/packages/patches/geoclue-config.patch \ %D%/packages/patches/gettext-multi-core.patch \ %D%/packages/patches/gettext-gnulib-multi-core.patch \ + %D%/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch \ %D%/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch \ %D%/packages/patches/ghostscript-CVE-2017-8291.patch \ %D%/packages/patches/ghostscript-no-header-id.patch \ diff --git a/gnu/packages/haskell.scm b/gnu/packages/haskell.scm index 2fc05596b9..426939ec5b 100644 --- a/gnu/packages/haskell.scm +++ b/gnu/packages/haskell.scm @@ -325,7 +325,8 @@ (define-public ghc-8 (base32 "1c8qc4fhkycynk4g1f9hvk53dj6a1vvqi6bklqznns6hw59m8qhi")) (patches (search-patches - "ghc-dont-pass-linker-flags-via-response-files.patch")))) + "ghc-dont-pass-linker-flags-via-response-files.patch" + "ghc-8.0-fall-back-to-madv_dontneed.patch")))) (build-system gnu-build-system) (supported-systems '("i686-linux" "x86_64-linux")) (outputs '("out" "doc")) diff --git a/gnu/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch b/gnu/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch new file mode 100644 index 0000000000..1838c5bd35 --- /dev/null +++ b/gnu/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch @@ -0,0 +1,61 @@ +ghc runtime by default (otherwise depending on a "configure" option) +does memory allocation on their own by first mmapping a 1 TB range of +memory into the process and then parceling out chunks from it. + +If one of the chunks is not needed, the kernel needs to be informed - +otherwise the system would quickly run out of available RAM. + +ghc does that via madvise(2). + +There are two options when doing this informing: + +MADV_FREE - Means "I don't need this range or the data in it any more". +Kernel promises to fail later accesses to it. + +MADV_DONTNEED - Means "I don't need this range right now - and I don't +need the data in it anymore". Kernel promises to make later accesses to +it succeed (if necessary by providing a new page initialized with zeroes). + +MADV_FREE was introduced in Linux 4.5. +glibc 2.25 and later always define MADV_FREE. + +Unpatched ghc 8.0.2 will use either MADV_FREE or MADV_DONTNEED, determined +at ghc compile time. Which of them will actually succeed is determined +by the Linux kernel at run time. + +This patch makes ghc try MADV_FREE. If it doesn't work, it falls back to +MADV_DONTNEED. + +The end result is that ghc programs free their memory with Linux < 4.5 again. + +See https://git.haskell.org/ghc.git/commitdiff/6576bf83cdf4eac05eb88a24aa934a736c91e3da for more information. +--- a/rts/posix/OSMem.c ++++ b/rts/posix/OSMem.c +@@ -541,11 +541,24 @@ void osDecommitMemory(void *at, W_ size) + + #ifdef MADV_FREE + // Try MADV_FREE first, FreeBSD has both and MADV_DONTNEED +- // just swaps memory out ++ // just swaps memory out. Linux >= 4.5 has both DONTNEED and FREE; either ++ // will work as they both allow the system to free anonymous pages. ++ // It is important that we try both methods as the kernel which we were ++ // built on may differ from the kernel we are now running on. + r = madvise(at, size, MADV_FREE); +-#else +- r = madvise(at, size, MADV_DONTNEED); ++ if(r < 0) { ++ if (errno == EINVAL) { ++ // Perhaps the system doesn't support MADV_FREE; fall-through and ++ // try MADV_DONTNEED. ++ } else { ++ sysErrorBelch("unable to decommit memory"); ++ } ++ } else { ++ return; ++ } + #endif ++ ++ r = madvise(at, size, MADV_DONTNEED); + if(r < 0) + sysErrorBelch("unable to decommit memory"); + } -- cgit v1.2.3