From 6d01a7f4c45716e72bab1231c4cb8c07e4e3fbd7 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Tue, 2 Apr 2019 14:49:47 -0400 Subject: gnu: ntfs-3g: Fix CVE-2019-9755. * gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/linux.scm (ntfs-3g)[source]: Use it. --- gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch | 72 ++++++++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch b/gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch new file mode 100644 index 0000000000..a7794aed47 --- /dev/null +++ b/gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch @@ -0,0 +1,72 @@ +Fix CVE-2019-9755: + +https://security-tracker.debian.org/tracker/CVE-2019-9755 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9755 + +Patch copied from upstream source repository: + +https://sourceforge.net/p/ntfs-3g/ntfs-3g/ci/85c1634a26faa572d3c558d4cf8aaaca5202d4e9/ + +From 85c1634a26faa572d3c558d4cf8aaaca5202d4e9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= +Date: Wed, 19 Dec 2018 15:57:50 +0100 +Subject: [PATCH] Fixed reporting an error when failed to build the mountpoint + +The size check was inefficient because getcwd() uses an unsigned int +argument. +--- + src/lowntfs-3g.c | 6 +++++- + src/ntfs-3g.c | 6 +++++- + 2 files changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/lowntfs-3g.c b/src/lowntfs-3g.c +index 993867fa..0660439b 100644 +--- a/src/lowntfs-3g.c ++++ b/src/lowntfs-3g.c +@@ -4411,7 +4411,8 @@ int main(int argc, char *argv[]) + else { + ctx->abs_mnt_point = (char*)ntfs_malloc(PATH_MAX); + if (ctx->abs_mnt_point) { +- if (getcwd(ctx->abs_mnt_point, ++ if ((strlen(opts.mnt_point) < PATH_MAX) ++ && getcwd(ctx->abs_mnt_point, + PATH_MAX - strlen(opts.mnt_point) - 1)) { + strcat(ctx->abs_mnt_point, "/"); + strcat(ctx->abs_mnt_point, opts.mnt_point); +@@ -4419,6 +4420,9 @@ int main(int argc, char *argv[]) + /* Solaris also wants the absolute mount point */ + opts.mnt_point = ctx->abs_mnt_point; + #endif /* defined(__sun) && defined (__SVR4) */ ++ } else { ++ free(ctx->abs_mnt_point); ++ ctx->abs_mnt_point = (char*)NULL; + } + } + } +diff --git a/src/ntfs-3g.c b/src/ntfs-3g.c +index 6ce89fef..4e0912ae 100644 +--- a/src/ntfs-3g.c ++++ b/src/ntfs-3g.c +@@ -4148,7 +4148,8 @@ int main(int argc, char *argv[]) + else { + ctx->abs_mnt_point = (char*)ntfs_malloc(PATH_MAX); + if (ctx->abs_mnt_point) { +- if (getcwd(ctx->abs_mnt_point, ++ if ((strlen(opts.mnt_point) < PATH_MAX) ++ && getcwd(ctx->abs_mnt_point, + PATH_MAX - strlen(opts.mnt_point) - 1)) { + strcat(ctx->abs_mnt_point, "/"); + strcat(ctx->abs_mnt_point, opts.mnt_point); +@@ -4156,6 +4157,9 @@ int main(int argc, char *argv[]) + /* Solaris also wants the absolute mount point */ + opts.mnt_point = ctx->abs_mnt_point; + #endif /* defined(__sun) && defined (__SVR4) */ ++ } else { ++ free(ctx->abs_mnt_point); ++ ctx->abs_mnt_point = (char*)NULL; + } + } + } +-- +2.21.0 + -- cgit v1.2.3 From 9859800f5df8827ad7dba6acf32888fa5dc41442 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Fri, 5 Apr 2019 05:48:19 +0200 Subject: gnu: ledger: Update to 3.1.3. The patch applies but has been unnecessary since 3.1.2. * gnu/packages/finance.scm (ledger): Update to 3.1.3. [source]: Remove obsolete patch. * gnu/packages/patches/ledger-fix-uninitialized.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/finance.scm | 7 +++--- .../patches/ledger-fix-uninitialized.patch | 27 ---------------------- 3 files changed, 3 insertions(+), 32 deletions(-) delete mode 100644 gnu/packages/patches/ledger-fix-uninitialized.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index f9fd5d8fbc..31e07deef4 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -957,7 +957,6 @@ dist_patch_DATA = \ %D%/packages/patches/laby-make-install.patch \ %D%/packages/patches/ldc-bootstrap-disable-tests.patch \ %D%/packages/patches/ldc-disable-phobos-tests.patch \ - %D%/packages/patches/ledger-fix-uninitialized.patch \ %D%/packages/patches/liba52-enable-pic.patch \ %D%/packages/patches/liba52-link-with-libm.patch \ %D%/packages/patches/liba52-set-soname.patch \ diff --git a/gnu/packages/finance.scm b/gnu/packages/finance.scm index 3fe0f92849..575569d3aa 100644 --- a/gnu/packages/finance.scm +++ b/gnu/packages/finance.scm @@ -6,7 +6,7 @@ ;;; Copyright © 2017 Carlo Zancanaro ;;; Copyright © 2017 Theodoros Foradis ;;; Copyright © 2017 Vasile Dumitrascu -;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice +;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice ;;; Copyright © 2018 Eric Bavier ;;; Copyright © 2018 Adriano Peluso ;;; Copyright © 2018, 2019 Nicolas Goaziou @@ -139,7 +139,7 @@ line client and a client based on Qt.") (define-public ledger (package (name "ledger") - (version "3.1.2") + (version "3.1.3") (source (origin (method git-fetch) @@ -148,8 +148,7 @@ line client and a client based on Qt.") (commit (string-append "v" version)))) (file-name (git-file-name name version)) (sha256 - (base32 "0hwnipj2m9p95hhyv6kyq54m27g14r58gnsy2my883kxhpcyb2vc")) - (patches (search-patches "ledger-fix-uninitialized.patch")))) + (base32 "0bfnrqrd6wqgsngfpqi30xh6yy86pwl25iwzrqy44q31r0zl4mm3")))) (build-system cmake-build-system) (arguments `(#:configure-flags diff --git a/gnu/packages/patches/ledger-fix-uninitialized.patch b/gnu/packages/patches/ledger-fix-uninitialized.patch deleted file mode 100644 index 128c90ec13..0000000000 --- a/gnu/packages/patches/ledger-fix-uninitialized.patch +++ /dev/null @@ -1,27 +0,0 @@ -This fixes failures of tests "BaseLine_opt-datetime-format" and -"BaseLine_opt-time-report", which were printing an unexpected trailing '*' on -the last line of output, e.g.: - - @@ -5,4 +5,4 @@ - 04/05/13 12:00 PM 04/05/13 01:30 PM 1.50h Lunch - 04/05/13 11:30 AM 04/05/13 12:00 PM 30.0m Walk - -------------------------------------------------- - - - + * - -Reported upstream at -https://groups.google.com/d/msg/ledger-cli/EeJUrUk8YDc/pIR-LOTVEAAJ - -diff --git a/src/account.h b/src/account.h -index 1b97463d..f2555593 100644 ---- a/src/account.h -+++ b/src/account.h -@@ -187,7 +187,7 @@ public: - - datetime_t earliest_checkin; - datetime_t latest_checkout; -- bool latest_checkout_cleared; -+ bool latest_checkout_cleared = false; - - std::set filenames; - std::set accounts_referenced; -- cgit v1.2.3 From 2beca2a55c76ed56bcc6b718bd807126e904dee1 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Thu, 4 Apr 2019 22:15:04 +0300 Subject: gnu: flac: Fix CVE-2017-6888. * gnu/packages/xiph.scm (flac)[replacement]: New field. (flac/fixed): New variable. * gnu/packages/patches/flac-CVE-2017-6888.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/patches/flac-CVE-2017-6888.patch | 29 +++++++++++++++++++++++++++ gnu/packages/xiph.scm | 11 +++++++++- 3 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/flac-CVE-2017-6888.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 31e07deef4..cafea31e2f 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -777,6 +777,7 @@ dist_patch_DATA = \ %D%/packages/patches/findutils-localstatedir.patch \ %D%/packages/patches/findutils-makedev.patch \ %D%/packages/patches/findutils-test-xargs.patch \ + %D%/packages/patches/flac-CVE-2017-6888.patch \ %D%/packages/patches/flann-cmake-3.11.patch \ %D%/packages/patches/flint-ldconfig.patch \ %D%/packages/patches/foomatic-filters-CVE-2015-8327.patch \ diff --git a/gnu/packages/patches/flac-CVE-2017-6888.patch b/gnu/packages/patches/flac-CVE-2017-6888.patch new file mode 100644 index 0000000000..d2583201b4 --- /dev/null +++ b/gnu/packages/patches/flac-CVE-2017-6888.patch @@ -0,0 +1,29 @@ +https://git.xiph.org/?p=flac.git;a=patch;h=4f47b63e9c971e6391590caf00a0f2a5ed612e67 + +From 4f47b63e9c971e6391590caf00a0f2a5ed612e67 Mon Sep 17 00:00:00 2001 +From: Erik de Castro Lopo +Date: Sat, 8 Apr 2017 18:34:49 +1000 +Subject: [PATCH] stream_decoder.c: Fix a memory leak + +Leak reported by Secunia Research. +--- + src/libFLAC/stream_decoder.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c +index 14d5fe7f..a5527511 100644 +--- a/src/libFLAC/stream_decoder.c ++++ b/src/libFLAC/stream_decoder.c +@@ -1753,6 +1753,9 @@ FLAC__bool read_metadata_vorbiscomment_(FLAC__StreamDecoder *decoder, FLAC__Stre + } + memset (obj->comments[i].entry, 0, obj->comments[i].length) ; + if (!FLAC__bitreader_read_byte_block_aligned_no_crc(decoder->private_->input, obj->comments[i].entry, obj->comments[i].length)) { ++ /* Current i-th entry is bad, so we delete it. */ ++ free (obj->comments[i].entry) ; ++ obj->comments[i].entry = NULL ; + obj->num_comments = i; + goto skip; + } +-- +2.11.0 + diff --git a/gnu/packages/xiph.scm b/gnu/packages/xiph.scm index 43b0d2723a..49d23bf6d5 100644 --- a/gnu/packages/xiph.scm +++ b/gnu/packages/xiph.scm @@ -5,7 +5,7 @@ ;;; Copyright © 2014 Sree Harsha Totakura ;;; Copyright © 2014 Mark H Weaver ;;; Copyright © 2015 Paul van der Walt -;;; Copyright © 2015, 2016, 2017 Efraim Flashner +;;; Copyright © 2015, 2016, 2017, 2019 Efraim Flashner ;;; Copyright © 2017, 2018 Marius Bakke ;;; Copyright © 2018 Tobias Geerinckx-Rice ;;; Copyright © 2018 Leo Famulari @@ -235,6 +235,7 @@ It currently supports: (define flac (package (name "flac") + (replacement flac/fixed) (version "1.3.2") (source (origin (method url-fetch) @@ -256,6 +257,14 @@ meaning that audio is compressed in FLAC without any loss in quality.") "See COPYING in the distribution.")) ; and LGPL and GPL (home-page "https://xiph.org/flac/"))) +(define flac/fixed + (package + (inherit flac) + (source + (origin + (inherit (package-source flac)) + (patches (search-patches "flac-CVE-2017-6888.patch")))))) + (define libkate (package (name "libkate") -- cgit v1.2.3 From f63861b5a61b2a9d2c17dbf88b24b5e8f0c5c111 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 2 Apr 2019 22:33:22 +0200 Subject: gnu: Add localed, extracted from systemd. * gnu/packages/freedesktop.scm (localed): New variable. * gnu/packages/patches/localed-xorg-keyboard.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/freedesktop.scm | 146 ++++++++++ gnu/packages/patches/localed-xorg-keyboard.patch | 322 +++++++++++++++++++++++ 3 files changed, 469 insertions(+) create mode 100644 gnu/packages/patches/localed-xorg-keyboard.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index cafea31e2f..54882b3571 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -937,6 +937,7 @@ dist_patch_DATA = \ %D%/packages/patches/kdbusaddons-kinit-file-name.patch \ %D%/packages/patches/khmer-use-libraries.patch \ %D%/packages/patches/libziparchive-add-includes.patch \ + %D%/packages/patches/localed-xorg-keyboard.patch \ %D%/packages/patches/kiki-level-selection-crash.patch \ %D%/packages/patches/kiki-makefile.patch \ %D%/packages/patches/kiki-missing-includes.patch \ diff --git a/gnu/packages/freedesktop.scm b/gnu/packages/freedesktop.scm index 46971e03cb..e3cf88b2f8 100644 --- a/gnu/packages/freedesktop.scm +++ b/gnu/packages/freedesktop.scm @@ -307,6 +307,152 @@ the org.freedesktop.login1 interface over the system bus, allowing other parts of a the system to know what users are logged in, and where.") (license license:lgpl2.1+))) +(define-public localed + ;; XXX: This package is extracted from systemd but we retain so little of it + ;; that it would make more sense to maintain a fork of the bits we need. + (package + (name "localed") + (version "241") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/systemd/systemd") + (commit (string-append "v" version)))) + (sha256 + (base32 + "0sy91flzbhpq58k7v0294pa2gxpr0bk27rcnxlbhk2fi6nc51d28")) + (file-name (git-file-name name version)) + (modules '((guix build utils))) + (snippet + '(begin + ;; Connect to the right location for our D-Bus daemon. + (substitute* '("src/basic/def.h" + "src/libsystemd/sd-bus/sd-bus.c" + "src/stdio-bridge/stdio-bridge.c") + (("/run/dbus/system_bus_socket") + "/var/run/dbus/system_bus_socket")) + + ;; Don't insist on having systemd as PID 1 (otherwise + ;; 'localectl' would exit without doing anything.) + (substitute* "src/shared/bus-util.c" + (("sd_booted\\(\\)") + "(1)")) + #t)) + (patches (search-patches "localed-xorg-keyboard.patch")))) + (build-system meson-build-system) + (arguments + ;; Try to build as little as possible (list of components taken from the + ;; top-level 'meson.build' file.) + (let ((components '("utmp" + "hibernate" + "environment-d" + "binfmt" + "coredump" + "resolve" + "logind" + "hostnamed" + "localed" + "machined" + "portabled" + "networkd" + "timedated" + "timesyncd" + "firstboot" + "randomseed" + "backlight" + "vconsole" + "quotacheck" + "sysusers" + "tmpfiles" + "hwdb" + "rfkill" + "ldconfig" + "efi" + "tpm" + "ima" + "smack" + "gshadow" + "idn" + "nss-myhostname" + "nss-systemd"))) + `(#:configure-flags ',(map (lambda (component) + (string-append "-D" component "=false")) + (delete "localed" components)) + + ;; It doesn't make sense to test all of systemd. + #:tests? #f + + #:phases (modify-phases %standard-phases + (add-after 'unpack 'set-xkeyboard-config-file-name + (lambda* (#:key inputs #:allow-other-keys) + ;; Set the file name to xkeyboard-config and kbd. + ;; This is used by 'localectl list-x11-keymap-layouts' + ;; and similar functions. + (let ((xkb (assoc-ref inputs "xkeyboard-config")) + (kbd (assoc-ref inputs "kbd"))) + (substitute* "src/locale/localectl.c" + (("/usr/share/X11/xkb/rules") + (string-append xkb "/share/X11/xkb/rules"))) + (substitute* "src/basic/def.h" + (("/usr/share/keymaps") + (string-append kbd "/share/keymaps"))) + #t))) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + ;; Install 'localed', the D-Bus and polkit files, and + ;; 'localectl'. + (let* ((out (assoc-ref outputs "out")) + (libexec (string-append out "/libexec/localed")) + (bin (string-append out "/bin")) + (lib (string-append out "/lib")) + (dbus (string-append out + "/share/dbus-1/system-services")) + (conf (string-append out + "/etc/dbus-1/system.d/")) + (polkit (string-append out + "/share/polkit-1/actions")) + (data (string-append out "/share/systemd"))) + (define (source-file regexp) + (car (find-files ".." regexp))) + + (mkdir-p libexec) + (copy-file "systemd-localed" + (string-append libexec "/localed")) + (install-file "localectl" bin) + + (let ((service-file (source-file + "\\.locale1\\.service$"))) + (substitute* service-file + (("^Exec=.*$") + (string-append "Exec=" libexec "/localed\n"))) + (install-file service-file dbus)) + (install-file (source-file "\\.locale1\\.policy$") + polkit) + (install-file (source-file "\\.locale1\\.conf$") + conf) + (for-each (lambda (file) + (install-file file lib)) + (find-files "src/shared" + "libsystemd-shared.*\\.so")) + + (for-each (lambda (map) + (install-file map data)) + (find-files ".." "^(kbd-model-map|language-fallback-map)$")) + #t))))))) + (native-inputs (package-native-inputs elogind)) + (inputs `(("libmount" ,util-linux) + ("xkeyboard-config" ,xkeyboard-config) + ("kbd" ,kbd) + ,@(package-inputs elogind))) + (home-page "https://www.freedesktop.org/wiki/Software/systemd/localed/") + (synopsis "Control the system locale and keyboard layout") + (description + "Localed is a tiny daemon that can be used to control the system locale +and keyboard mapping from user programs. It is used among other things by the +GNOME Shell. The @command{localectl} command-line tool allows you to interact +with localed. This package is extracted from the broader systemd package.") + (license license:lgpl2.1+))) + (define-public packagekit (package (name "packagekit") diff --git a/gnu/packages/patches/localed-xorg-keyboard.patch b/gnu/packages/patches/localed-xorg-keyboard.patch new file mode 100644 index 0000000000..9a9071ba0a --- /dev/null +++ b/gnu/packages/patches/localed-xorg-keyboard.patch @@ -0,0 +1,322 @@ +Normally localed would do an approximate parsing of the Xorg config file +to determine the XKB keyboard layout. This doesn't make sense on Guix +where there's no such file in /etc, and where the keyboard layout is +known statically at configuration time. + +This patch removes the XOrg configuration parsing and expects to read the +configuration from environment variables instead. It also removes the +stateful bits that would write configuration to /etc/vconsole.conf +and /etc/X11, which are unused in Guix anyway. + +Patch by Ludovic Courtès . + +diff --git a/src/locale/keymap-util.c b/src/locale/keymap-util.c +index 6b6b32a591..46aab472b0 100644 +--- a/src/locale/keymap-util.c ++++ b/src/locale/keymap-util.c +@@ -174,32 +174,16 @@ int vconsole_read_data(Context *c, sd_bus_message *m) { + c->vc_cache = sd_bus_message_ref(m); + } + +- if (stat("/etc/vconsole.conf", &st) < 0) { +- if (errno != ENOENT) +- return -errno; +- +- c->vc_mtime = USEC_INFINITY; +- context_free_vconsole(c); +- return 0; +- } +- +- /* If mtime is not changed, then we do not need to re-read */ +- t = timespec_load(&st.st_mtim); +- if (c->vc_mtime != USEC_INFINITY && t == c->vc_mtime) +- return 0; +- +- c->vc_mtime = t; ++ c->vc_mtime = USEC_INFINITY; + context_free_vconsole(c); +- +- r = parse_env_file(NULL, "/etc/vconsole.conf", +- "KEYMAP", &c->vc_keymap, +- "KEYMAP_TOGGLE", &c->vc_keymap_toggle); +- if (r < 0) +- return r; +- + return 0; + } + ++static char *getenv_strdup(const char *variable) { ++ const char *value = getenv(variable); ++ return value == NULL ? NULL : strdup(value); ++} ++ + int x11_read_data(Context *c, sd_bus_message *m) { + _cleanup_fclose_ FILE *f = NULL; + bool in_section = false; +@@ -216,258 +200,27 @@ int x11_read_data(Context *c, sd_bus_message *m) { + c->x11_cache = sd_bus_message_ref(m); + } + +- if (stat("/etc/X11/xorg.conf.d/00-keyboard.conf", &st) < 0) { +- if (errno != ENOENT) +- return -errno; +- +- c->x11_mtime = USEC_INFINITY; +- context_free_x11(c); +- return 0; +- } +- +- /* If mtime is not changed, then we do not need to re-read */ +- t = timespec_load(&st.st_mtim); +- if (c->x11_mtime != USEC_INFINITY && t == c->x11_mtime) +- return 0; +- +- c->x11_mtime = t; ++ c->x11_mtime = 0; + context_free_x11(c); + +- f = fopen("/etc/X11/xorg.conf.d/00-keyboard.conf", "re"); +- if (!f) +- return -errno; +- +- for (;;) { +- _cleanup_free_ char *line = NULL; +- char *l; +- +- r = read_line(f, LONG_LINE_MAX, &line); +- if (r < 0) +- return r; +- if (r == 0) +- break; +- +- l = strstrip(line); +- if (IN_SET(l[0], 0, '#')) +- continue; +- +- if (in_section && first_word(l, "Option")) { +- _cleanup_strv_free_ char **a = NULL; +- +- r = strv_split_extract(&a, l, WHITESPACE, EXTRACT_QUOTES); +- if (r < 0) +- return r; +- +- if (strv_length(a) == 3) { +- char **p = NULL; +- +- if (streq(a[1], "XkbLayout")) +- p = &c->x11_layout; +- else if (streq(a[1], "XkbModel")) +- p = &c->x11_model; +- else if (streq(a[1], "XkbVariant")) +- p = &c->x11_variant; +- else if (streq(a[1], "XkbOptions")) +- p = &c->x11_options; +- +- if (p) { +- free_and_replace(*p, a[2]); +- } +- } +- +- } else if (!in_section && first_word(l, "Section")) { +- _cleanup_strv_free_ char **a = NULL; +- +- r = strv_split_extract(&a, l, WHITESPACE, EXTRACT_QUOTES); +- if (r < 0) +- return -ENOMEM; +- +- if (strv_length(a) == 2 && streq(a[1], "InputClass")) +- in_section = true; +- +- } else if (in_section && first_word(l, "EndSection")) +- in_section = false; +- } ++ c->x11_layout = getenv_strdup("GUIX_XKB_LAYOUT"); ++ c->x11_model = getenv_strdup("GUIX_XKB_MODEL"); ++ c->x11_variant = getenv_strdup("GUIX_XKB_VARIANT"); ++ c->x11_options = getenv_strdup("GUIX_XKB_OPTIONS"); + + return 0; + } + + int locale_write_data(Context *c, char ***settings) { +- _cleanup_strv_free_ char **l = NULL; +- struct stat st; +- int r, p; +- +- /* Set values will be returned as strv in *settings on success. */ +- +- for (p = 0; p < _VARIABLE_LC_MAX; p++) { +- _cleanup_free_ char *t = NULL; +- char **u; +- const char *name; +- +- name = locale_variable_to_string(p); +- assert(name); +- +- if (isempty(c->locale[p])) +- continue; +- +- if (asprintf(&t, "%s=%s", name, c->locale[p]) < 0) +- return -ENOMEM; +- +- u = strv_env_set(l, t); +- if (!u) +- return -ENOMEM; +- +- strv_free_and_replace(l, u); +- } +- +- if (strv_isempty(l)) { +- if (unlink("/etc/locale.conf") < 0) +- return errno == ENOENT ? 0 : -errno; +- +- c->locale_mtime = USEC_INFINITY; +- return 0; +- } +- +- r = write_env_file_label("/etc/locale.conf", l); +- if (r < 0) +- return r; +- +- *settings = TAKE_PTR(l); +- +- if (stat("/etc/locale.conf", &st) >= 0) +- c->locale_mtime = timespec_load(&st.st_mtim); +- +- return 0; ++ return -ENOSYS; + } + + int vconsole_write_data(Context *c) { +- _cleanup_strv_free_ char **l = NULL; +- struct stat st; +- int r; +- +- r = load_env_file(NULL, "/etc/vconsole.conf", &l); +- if (r < 0 && r != -ENOENT) +- return r; +- +- if (isempty(c->vc_keymap)) +- l = strv_env_unset(l, "KEYMAP"); +- else { +- _cleanup_free_ char *s = NULL; +- char **u; +- +- s = strappend("KEYMAP=", c->vc_keymap); +- if (!s) +- return -ENOMEM; +- +- u = strv_env_set(l, s); +- if (!u) +- return -ENOMEM; +- +- strv_free_and_replace(l, u); +- } +- +- if (isempty(c->vc_keymap_toggle)) +- l = strv_env_unset(l, "KEYMAP_TOGGLE"); +- else { +- _cleanup_free_ char *s = NULL; +- char **u; +- +- s = strappend("KEYMAP_TOGGLE=", c->vc_keymap_toggle); +- if (!s) +- return -ENOMEM; +- +- u = strv_env_set(l, s); +- if (!u) +- return -ENOMEM; +- +- strv_free_and_replace(l, u); +- } +- +- if (strv_isempty(l)) { +- if (unlink("/etc/vconsole.conf") < 0) +- return errno == ENOENT ? 0 : -errno; +- +- c->vc_mtime = USEC_INFINITY; +- return 0; +- } +- +- r = write_env_file_label("/etc/vconsole.conf", l); +- if (r < 0) +- return r; +- +- if (stat("/etc/vconsole.conf", &st) >= 0) +- c->vc_mtime = timespec_load(&st.st_mtim); +- +- return 0; ++ return -ENOSYS; + } + + int x11_write_data(Context *c) { +- _cleanup_fclose_ FILE *f = NULL; +- _cleanup_free_ char *temp_path = NULL; +- struct stat st; +- int r; +- +- if (isempty(c->x11_layout) && +- isempty(c->x11_model) && +- isempty(c->x11_variant) && +- isempty(c->x11_options)) { +- +- if (unlink("/etc/X11/xorg.conf.d/00-keyboard.conf") < 0) +- return errno == ENOENT ? 0 : -errno; +- +- c->vc_mtime = USEC_INFINITY; +- return 0; +- } +- +- mkdir_p_label("/etc/X11/xorg.conf.d", 0755); +- +- r = fopen_temporary("/etc/X11/xorg.conf.d/00-keyboard.conf", &f, &temp_path); +- if (r < 0) +- return r; +- +- (void) __fsetlocking(f, FSETLOCKING_BYCALLER); +- (void) fchmod(fileno(f), 0644); +- +- fputs("# Written by systemd-localed(8), read by systemd-localed and Xorg. It's\n" +- "# probably wise not to edit this file manually. Use localectl(1) to\n" +- "# instruct systemd-localed to update it.\n" +- "Section \"InputClass\"\n" +- " Identifier \"system-keyboard\"\n" +- " MatchIsKeyboard \"on\"\n", f); +- +- if (!isempty(c->x11_layout)) +- fprintf(f, " Option \"XkbLayout\" \"%s\"\n", c->x11_layout); +- +- if (!isempty(c->x11_model)) +- fprintf(f, " Option \"XkbModel\" \"%s\"\n", c->x11_model); +- +- if (!isempty(c->x11_variant)) +- fprintf(f, " Option \"XkbVariant\" \"%s\"\n", c->x11_variant); +- +- if (!isempty(c->x11_options)) +- fprintf(f, " Option \"XkbOptions\" \"%s\"\n", c->x11_options); +- +- fputs("EndSection\n", f); +- +- r = fflush_sync_and_check(f); +- if (r < 0) +- goto fail; +- +- if (rename(temp_path, "/etc/X11/xorg.conf.d/00-keyboard.conf") < 0) { +- r = -errno; +- goto fail; +- } +- +- if (stat("/etc/X11/xorg.conf.d/00-keyboard.conf", &st) >= 0) +- c->x11_mtime = timespec_load(&st.st_mtim); +- +- return 0; +- +-fail: +- if (temp_path) +- (void) unlink(temp_path); +- +- return r; ++ return -ENOSYS; + } + + static int read_next_mapping(const char* filename, -- cgit v1.2.3 From 3dbd240937a7fb4322db21bc1bf6189a1a512223 Mon Sep 17 00:00:00 2001 From: Brian Leung Date: Thu, 28 Mar 2019 05:30:06 +0100 Subject: gnu: Add emacs-undohist-el. * gnu/packages/patches/emacs-undohist-ignored.patch: New file. * gnu/local.mk (dist_patch_DATA): Add this. * gnu/packages/emacs-xyz.scm (emacs-undohist-el): New variable. Signed-off-by: Oleg Pykhalov --- gnu/local.mk | 1 + gnu/packages/emacs-xyz.scm | 23 +++++++++++++++++++ gnu/packages/patches/emacs-undohist-ignored.patch | 27 +++++++++++++++++++++++ 3 files changed, 51 insertions(+) create mode 100644 gnu/packages/patches/emacs-undohist-ignored.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 54882b3571..cec746bcb1 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -751,6 +751,7 @@ dist_patch_DATA = \ %D%/packages/patches/emacs-scheme-complete-scheme-r5rs-info.patch \ %D%/packages/patches/emacs-source-date-epoch.patch \ %D%/packages/patches/emacs-realgud-fix-configure-ac.patch \ + %D%/packages/patches/emacs-undohist-ignored.patch \ %D%/packages/patches/emacs-wordnut-require-adaptive-wrap.patch \ %D%/packages/patches/emacs-zones-called-interactively.patch \ %D%/packages/patches/enlightenment-fix-setuid-path.patch \ diff --git a/gnu/packages/emacs-xyz.scm b/gnu/packages/emacs-xyz.scm index 17cbbf4166..6de4fc4d20 100644 --- a/gnu/packages/emacs-xyz.scm +++ b/gnu/packages/emacs-xyz.scm @@ -4535,6 +4535,29 @@ Emacs default configuration in uncontroversial ways that nearly everyone can agree upon.") (license license:gpl3+))) +(define-public emacs-undohist-el + (let ((commit "d2239a5f736724ceb9e3b6bcaa86f4064805cda0") + (revision "1")) + (package + (name "emacs-undohist-el") + (version (git-version "0" revision commit)) + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/m2ym/undohist-el") + (commit commit))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "1c0daw246ky7b1x5b8h55x79pl1pjqk1k348l487bdd8zdj4w9wx")))) + (build-system emacs-build-system) + (home-page "https://github.com/m2ym/undohist-el") + (synopsis "Save undo history between sessions") + (description "This package allows persistent use of undo history for +individual file buffers.") + (license license:gpl3+)))) + (define-public emacs-eprime (let ((commit "17a481af26496be91c07139a9bfc05cfe722506f")) (package diff --git a/gnu/packages/patches/emacs-undohist-ignored.patch b/gnu/packages/patches/emacs-undohist-ignored.patch new file mode 100644 index 0000000000..c1ad827a26 --- /dev/null +++ b/gnu/packages/patches/emacs-undohist-ignored.patch @@ -0,0 +1,27 @@ +From 52bfd419bf9022726048f818d955b8ea10a16d5c Mon Sep 17 00:00:00 2001 +From: Patrick Mosby +Date: Mon, 7 Sep 2015 09:05:56 +0200 +Subject: [PATCH] Don't save undo file for ignored files. + +This fixes #4. +--- + undohist.el | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/undohist.el b/undohist.el +index b184a26..de60356 100644 +--- a/undohist.el ++++ b/undohist.el +@@ -164,7 +164,8 @@ To use undohist, you just call this function." + undohist-ignored-files))) + + (defun undohist-save-1 () +- (when (consp buffer-undo-list) ++ (when (and (consp buffer-undo-list) ++ (undohist-recover-file-p (buffer-file-name (current-buffer)))) + (let ((file (make-undohist-file-name (buffer-file-name))) + (contents `((digest . ,(md5 (current-buffer))) + (undo-list . ,(undohist-encode buffer-undo-list))))) +-- +2.21.0 + -- cgit v1.2.3 From 8a3bb34c5e9aa4bc2042da8541e6cb74de7066f7 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Sun, 7 Apr 2019 21:10:26 +0300 Subject: gnu: lcms: Fix CVE-2018-16435. * gnu/packages/ghostscript.scm (lcms)[replacement]: New field. (lcms/fixed): New variable. * gnu/packages/patches/lcms-CVE-2018-16435.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/ghostscript.scm | 11 +- gnu/packages/patches/lcms-CVE-2018-16435.patch | 171 +++++++++++++++++++++++++ 3 files changed, 182 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/lcms-CVE-2018-16435.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index cec746bcb1..bab2a9bbc2 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -958,6 +958,7 @@ dist_patch_DATA = \ %D%/packages/patches/kobodeluxe-graphics-window-signed-char.patch \ %D%/packages/patches/kodi-skip-test-449.patch \ %D%/packages/patches/laby-make-install.patch \ + %D%/packages/patches/lcms-CVE-2018-16435.patch \ %D%/packages/patches/ldc-bootstrap-disable-tests.patch \ %D%/packages/patches/ldc-disable-phobos-tests.patch \ %D%/packages/patches/liba52-enable-pic.patch \ diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm index d8c0050513..53a9b60fdb 100644 --- a/gnu/packages/ghostscript.scm +++ b/gnu/packages/ghostscript.scm @@ -4,7 +4,7 @@ ;;; Copyright © 2015 Ricardo Wurmus ;;; Copyright © 2013, 2015, 2016, 2017 Ludovic Courtès ;;; Copyright © 2017 Alex Vong -;;; Copyright © 2017, 2018 Efraim Flashner +;;; Copyright © 2017, 2018, 2019 Efraim Flashner ;;; Copyright © 2017 Leo Famulari ;;; Copyright © 2018 Tobias Geerinckx-Rice ;;; Copyright © 2018 Marius Bakke @@ -47,6 +47,7 @@ (define-public lcms (package (name "lcms") + (replacement lcms/fixed) (version "2.9") (source (origin (method url-fetch) @@ -67,6 +68,14 @@ Consortium standard (ICC), approved as ISO 15076-1.") (home-page "http://www.littlecms.com/") (properties '((cpe-name . "little_cms_color_engine"))))) +(define lcms/fixed + (package + (inherit lcms) + (source + (origin + (inherit (package-source lcms)) + (patches (search-patches "lcms-CVE-2018-16435.patch")))))) + (define-public libpaper (package (name "libpaper") diff --git a/gnu/packages/patches/lcms-CVE-2018-16435.patch b/gnu/packages/patches/lcms-CVE-2018-16435.patch new file mode 100644 index 0000000000..60228e73af --- /dev/null +++ b/gnu/packages/patches/lcms-CVE-2018-16435.patch @@ -0,0 +1,171 @@ +https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8.patch + +From 768f70ca405cd3159d990e962d54456773bb8cf8 Mon Sep 17 00:00:00 2001 +From: Marti Maria +Date: Wed, 15 Aug 2018 20:07:56 +0200 +Subject: [PATCH] Upgrade Visual studio 2017 15.8 + +- Upgrade to 15.8 +- Add check on CGATS memory allocation (thanks to Quang Nguyen for +pointing out this) +--- + Projects/VC2017/jpegicc/jpegicc.vcxproj | 1 + + Projects/VC2017/lcms2_DLL/lcms2_DLL.vcxproj | 2 +- + Projects/VC2017/lcms2_static/lcms2_static.vcxproj | 2 +- + Projects/VC2017/linkicc/linkicc.vcxproj | 2 +- + Projects/VC2017/psicc/psicc.vcxproj | 2 +- + Projects/VC2017/testbed/testbed.vcxproj | 2 +- + Projects/VC2017/tiffdiff/tiffdiff.vcxproj | 2 +- + Projects/VC2017/tifficc/tifficc.vcxproj | 2 +- + Projects/VC2017/transicc/transicc.vcxproj | 1 + + src/cmscgats.c | 14 ++++++++++---- + 10 files changed, 19 insertions(+), 11 deletions(-) + +diff --git a/Projects/VC2017/jpegicc/jpegicc.vcxproj b/Projects/VC2017/jpegicc/jpegicc.vcxproj +index ab26a53..39cfd00 100644 +--- a/Projects/VC2017/jpegicc/jpegicc.vcxproj ++++ b/Projects/VC2017/jpegicc/jpegicc.vcxproj +@@ -22,6 +22,7 @@ + {62812507-F926-4968-96A9-17678460AD90} + jpegicc + Win32Proj ++ 10.0.17134.0 + + + +diff --git a/Projects/VC2017/lcms2_DLL/lcms2_DLL.vcxproj b/Projects/VC2017/lcms2_DLL/lcms2_DLL.vcxproj +index 4c8aa3f..d1bf3eb 100644 +--- a/Projects/VC2017/lcms2_DLL/lcms2_DLL.vcxproj ++++ b/Projects/VC2017/lcms2_DLL/lcms2_DLL.vcxproj +@@ -22,7 +22,7 @@ + {8C51BE48-ADB8-4089-A9EC-F6BF993A0548} + lcms2_DLL + Win32Proj +- 8.1 ++ 10.0.17134.0 + + + +diff --git a/Projects/VC2017/lcms2_static/lcms2_static.vcxproj b/Projects/VC2017/lcms2_static/lcms2_static.vcxproj +index 2a9988a..9fc05ce 100644 +--- a/Projects/VC2017/lcms2_static/lcms2_static.vcxproj ++++ b/Projects/VC2017/lcms2_static/lcms2_static.vcxproj +@@ -22,7 +22,7 @@ + {71DEDE59-3F1E-486B-A899-4283000F76B5} + lcms2_static + Win32Proj +- 8.1 ++ 10.0.17134.0 + + + +diff --git a/Projects/VC2017/linkicc/linkicc.vcxproj b/Projects/VC2017/linkicc/linkicc.vcxproj +index 30c2b4e..51586dd 100644 +--- a/Projects/VC2017/linkicc/linkicc.vcxproj ++++ b/Projects/VC2017/linkicc/linkicc.vcxproj +@@ -22,7 +22,7 @@ + {FBFBE1DC-DB84-4BA1-9552-B4780F457849} + linkicc + Win32Proj +- 8.1 ++ 10.0.17134.0 + + + +diff --git a/Projects/VC2017/psicc/psicc.vcxproj b/Projects/VC2017/psicc/psicc.vcxproj +index 9dcf89a..8f26e12 100644 +--- a/Projects/VC2017/psicc/psicc.vcxproj ++++ b/Projects/VC2017/psicc/psicc.vcxproj +@@ -22,7 +22,7 @@ + {EF6A8851-65FE-46F5-B9EF-14F0B671F693} + psicc + Win32Proj +- 8.1 ++ 10.0.17134.0 + + + +diff --git a/Projects/VC2017/testbed/testbed.vcxproj b/Projects/VC2017/testbed/testbed.vcxproj +index 0af3762..3f6aea3 100644 +--- a/Projects/VC2017/testbed/testbed.vcxproj ++++ b/Projects/VC2017/testbed/testbed.vcxproj +@@ -22,7 +22,7 @@ + {928A3A2B-46EF-4279-959C-513B3652FF0E} + testbed + Win32Proj +- 8.1 ++ 10.0.17134.0 + + + +diff --git a/Projects/VC2017/tiffdiff/tiffdiff.vcxproj b/Projects/VC2017/tiffdiff/tiffdiff.vcxproj +index 7edfe28..3a6d837 100644 +--- a/Projects/VC2017/tiffdiff/tiffdiff.vcxproj ++++ b/Projects/VC2017/tiffdiff/tiffdiff.vcxproj +@@ -22,7 +22,7 @@ + {75B91835-CCD7-48BE-A606-A9C997D5DBEE} + tiffdiff + Win32Proj +- 8.1 ++ 10.0.17134.0 + + + +diff --git a/Projects/VC2017/tifficc/tifficc.vcxproj b/Projects/VC2017/tifficc/tifficc.vcxproj +index cd9f04c..5ef954f 100644 +--- a/Projects/VC2017/tifficc/tifficc.vcxproj ++++ b/Projects/VC2017/tifficc/tifficc.vcxproj +@@ -22,7 +22,7 @@ + {2256DE16-ED92-4A6F-9C54-F65BB61E64A2} + tifficc + Win32Proj +- 8.1 ++ 10.0.17134.0 + + + +diff --git a/Projects/VC2017/transicc/transicc.vcxproj b/Projects/VC2017/transicc/transicc.vcxproj +index d9b77c6..b3173d8 100644 +--- a/Projects/VC2017/transicc/transicc.vcxproj ++++ b/Projects/VC2017/transicc/transicc.vcxproj +@@ -22,6 +22,7 @@ + {9EE22D66-C849-474C-9ED5-C3E141DAB160} + transicc + Win32Proj ++ 10.0.17134.0 + + + +diff --git a/src/cmscgats.c b/src/cmscgats.c +index 1a87613..8c3e96d 100644 +--- a/src/cmscgats.c ++++ b/src/cmscgats.c +@@ -1,7 +1,7 @@ + //--------------------------------------------------------------------------------- + // + // Little Color Management System +-// Copyright (c) 1998-2017 Marti Maria Saguer ++// Copyright (c) 1998-2018 Marti Maria Saguer + // + // Permission is hereby granted, free of charge, to any person obtaining + // a copy of this software and associated documentation files (the "Software"), +@@ -1506,10 +1506,16 @@ void AllocateDataSet(cmsIT8* it8) + t-> nSamples = atoi(cmsIT8GetProperty(it8, "NUMBER_OF_FIELDS")); + t-> nPatches = atoi(cmsIT8GetProperty(it8, "NUMBER_OF_SETS")); + +- t-> Data = (char**)AllocChunk (it8, ((cmsUInt32Number) t->nSamples + 1) * ((cmsUInt32Number) t->nPatches + 1) *sizeof (char*)); +- if (t->Data == NULL) { ++ if (t -> nSamples < 0 || t->nSamples > 0x7ffe || t->nPatches < 0 || t->nPatches > 0x7ffe) ++ { ++ SynError(it8, "AllocateDataSet: too much data"); ++ } ++ else { ++ t->Data = (char**)AllocChunk(it8, ((cmsUInt32Number)t->nSamples + 1) * ((cmsUInt32Number)t->nPatches + 1) * sizeof(char*)); ++ if (t->Data == NULL) { + +- SynError(it8, "AllocateDataSet: Unable to allocate data array"); ++ SynError(it8, "AllocateDataSet: Unable to allocate data array"); ++ } + } + + } -- cgit v1.2.3