From 86f4e9d76a75c405b3b6c5b3f1717df0e45f4e68 Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Sun, 6 Nov 2016 18:58:22 +0100 Subject: gnu: fftw: Build threads library. * gnu/packages/algebra.scm (fftw)[arguments]: Add "--enable-threads" to configure flags. --- gnu/packages/algebra.scm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'gnu/packages') diff --git a/gnu/packages/algebra.scm b/gnu/packages/algebra.scm index 8e9695da51..e21277525c 100644 --- a/gnu/packages/algebra.scm +++ b/gnu/packages/algebra.scm @@ -544,7 +544,8 @@ a C program.") "1kwbx92ps0r7s2mqy7lxbxanslxdzj7dp7r7gmdkzv1j8yqf3kwf")))) (build-system gnu-build-system) (arguments - '(#:configure-flags '("--enable-shared" "--enable-openmp") + '(#:configure-flags + '("--enable-shared" "--enable-openmp" "--enable-threads") #:phases (alist-cons-before 'build 'no-native (lambda _ -- cgit v1.2.3 From 66b1bac355dbe57625891e08c82056b567e42e65 Mon Sep 17 00:00:00 2001 From: Ben J Woodcroft Date: Sat, 19 Nov 2016 07:35:21 +1000 Subject: gnu: ruby: Update to 2.3.2. * gnu/packages/ruby.scm (ruby): Update to 2.3.2. [replacement]: Remove field. [origin]: Remove patch. * gnu/packages/patches/ruby-symlinkfix.patch: Remove file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/patches/ruby-symlinkfix.patch | 53 ------------------------------ gnu/packages/ruby.scm | 5 ++- 3 files changed, 2 insertions(+), 57 deletions(-) delete mode 100644 gnu/packages/patches/ruby-symlinkfix.patch (limited to 'gnu/packages') diff --git a/gnu/local.mk b/gnu/local.mk index 08f99c4836..9a455e5ede 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -834,7 +834,6 @@ dist_patch_DATA = \ %D%/packages/patches/ruby-concurrent-ignore-broken-test.patch \ %D%/packages/patches/ruby-puma-ignore-broken-test.patch \ %D%/packages/patches/ruby-rack-ignore-failing-test.patch \ - %D%/packages/patches/ruby-symlinkfix.patch \ %D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\ %D%/packages/patches/ruby-yard-fix-skip-of-markdown-tests.patch \ %D%/packages/patches/sed-hurd-path-max.patch \ diff --git a/gnu/packages/patches/ruby-symlinkfix.patch b/gnu/packages/patches/ruby-symlinkfix.patch deleted file mode 100644 index 16beecc97a..0000000000 --- a/gnu/packages/patches/ruby-symlinkfix.patch +++ /dev/null @@ -1,53 +0,0 @@ -Fix symlinks to '..' to fix rubygems improperly expanding symlinked -paths. Without this fix, some gems fail to install. This patch is applied in -rubygems 2.5.2, but ruby version 2.3.1 bundles an older version of rubygems -(2.5.1). - ---- a/lib/rubygems/package.rb -+++ b/lib/rubygems/package.rb -@@ -383,7 +383,7 @@ def extract_tar_gz io, destination_dir, pattern = "*" # :nodoc: - FileUtils.chmod entry.header.mode, destination - end if entry.file? - -- File.symlink(install_location(entry.header.linkname, destination_dir), destination) if entry.symlink? -+ File.symlink(entry.header.linkname, destination) if entry.symlink? - - verbose destination - end -diff --git a/test/rubygems/test_gem_package.rb b/test/rubygems/test_gem_package.rb -index 7848bc2..f287bd3 100644 ---- a/test/rubygems/test_gem_package.rb -+++ b/test/rubygems/test_gem_package.rb -@@ -428,19 +428,25 @@ def test_extract_tar_gz_absolute - "#{@destination} is not allowed", e.message) - end - -- def test_extract_tar_gz_symlink_absolute -+ def test_extract_tar_gz_symlink_relative_path -+ skip 'symlink not supported' if Gem.win_platform? -+ - package = Gem::Package.new @gem - - tgz_io = util_tar_gz do |tar| -- tar.add_symlink 'code.rb', '/absolute.rb', 0644 -+ tar.add_file 'relative.rb', 0644 do |io| io.write 'hi' end -+ tar.mkdir 'lib', 0755 -+ tar.add_symlink 'lib/foo.rb', '../relative.rb', 0644 - end - -- e = assert_raises Gem::Package::PathError do -- package.extract_tar_gz tgz_io, @destination -- end -+ package.extract_tar_gz tgz_io, @destination - -- assert_equal("installing into parent path /absolute.rb of " + -- "#{@destination} is not allowed", e.message) -+ extracted = File.join @destination, 'lib/foo.rb' -+ assert_path_exists extracted -+ assert_equal '../relative.rb', -+ File.readlink(extracted) -+ assert_equal 'hi', -+ File.read(extracted) - end - - def test_extract_tar_gz_directory diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm index 42beda3d44..0f9b0d29ba 100644 --- a/gnu/packages/ruby.scm +++ b/gnu/packages/ruby.scm @@ -47,7 +47,7 @@ (define-public ruby (package (name "ruby") - (version "2.3.1") + (version "2.3.2") (source (origin (method url-fetch) @@ -56,9 +56,8 @@ "/ruby-" version ".tar.xz")) (sha256 (base32 - "0f3395q7pd2hrl2gv26bib80038sjawxgmhl9zn22fjs9m9va9b7")) + "031g76zxb2wp6988dmrpbqd98i17xi6l8q1115h83r2w0h8z6y2w")) (modules '((guix build utils))) - (patches (search-patches "ruby-symlinkfix.patch")) (snippet `(begin ;; Remove bundled libffi (delete-file-recursively "ext/fiddle/libffi-3.2.1") -- cgit v1.2.3 From 6305b81fedd503aef8bb92bfab2cfbb6d4f76935 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sun, 20 Nov 2016 23:51:54 -0500 Subject: gnu: swig: Update to 3.0.10. * gnu/packages/swig.scm (swig): Update to 3.0.10. --- gnu/packages/swig.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages') diff --git a/gnu/packages/swig.scm b/gnu/packages/swig.scm index a615796745..acf0529377 100644 --- a/gnu/packages/swig.scm +++ b/gnu/packages/swig.scm @@ -31,7 +31,7 @@ (define-public swig (package (name "swig") - (version "3.0.5") + (version "3.0.10") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/" name "/" name "/" @@ -39,7 +39,7 @@ name "-" version ".tar.gz")) (sha256 (base32 - "0g1a69vrqxgsnr1wkx851ljn73a2x3jqzxa66s2l3w0kyblbjk4z")))) + "0k7ljh07rla6223lhvljgg881b2qr7hmrfgic9a0j1pckpislf99")))) (build-system gnu-build-system) (native-inputs `(("boost" ,boost) ("pcre" ,pcre "bin"))) ;for 'pcre-config' -- cgit v1.2.3 From 856f30b0009dbb65446de7d62f0497e31eedd88c Mon Sep 17 00:00:00 2001 From: Hartmut Goebel Date: Sun, 20 Nov 2016 21:10:56 +0100 Subject: gnu: shared-mime-info: Update to 1.7 * gnu/packages/gnome.scm (shared-mime-info): Update to 1.7. --- gnu/packages/gnome.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages') diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index ae79d625be..dd6a6819ea 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -682,14 +682,14 @@ update-desktop-database: updates the database containing a cache of MIME types (define-public shared-mime-info (package (name "shared-mime-info") - (version "1.6") + (version "1.7") (source (origin (method url-fetch) (uri (string-append "https://freedesktop.org/~hadess/" "shared-mime-info-" version ".tar.xz")) (sha256 (base32 - "0k637g047gci8g69bg4g19akylpfraxm40hd30j3i4v7cidziy5j")))) + "0bjd2j1rqrj150mr04j7ib71lfdlgbf235fg8d70g8mszqf7ik7a")))) (build-system gnu-build-system) (arguments ;; The build system appears not to be parallel-safe. -- cgit v1.2.3 From f4a8081d2485944fd6fe6dc412e8b25f7de709d3 Mon Sep 17 00:00:00 2001 From: Ben Woodcroft Date: Tue, 22 Nov 2016 21:35:58 +1000 Subject: gnu: ruby: Update to 2.3.3. * gnu/packages/ruby.scm (ruby): Update to 2.3.3. --- gnu/packages/ruby.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages') diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm index 0f9b0d29ba..31eb8dfc6a 100644 --- a/gnu/packages/ruby.scm +++ b/gnu/packages/ruby.scm @@ -47,7 +47,7 @@ (define-public ruby (package (name "ruby") - (version "2.3.2") + (version "2.3.3") (source (origin (method url-fetch) @@ -56,7 +56,7 @@ "/ruby-" version ".tar.xz")) (sha256 (base32 - "031g76zxb2wp6988dmrpbqd98i17xi6l8q1115h83r2w0h8z6y2w")) + "1p0rfk0blrbfjcnv0vb0ha4hxflgkfhv9zbzp4vvld2pi31ahkqs")) (modules '((guix build utils))) (snippet `(begin ;; Remove bundled libffi -- cgit v1.2.3 From 61320932edb42e78fb377b5d11cd6ecb32e2f9e6 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Tue, 22 Nov 2016 18:26:59 +0100 Subject: gnu: harfbuzz: Update to 1.3.3. * gnu/packages/gtk.scm (harfbuzz): Update to 1.3.3. [home-page]: Use HTTPS. --- gnu/packages/gtk.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'gnu/packages') diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm index 7fa7e12b1b..bf0d00b616 100644 --- a/gnu/packages/gtk.scm +++ b/gnu/packages/gtk.scm @@ -165,7 +165,7 @@ affine transformation (scale, rotation, shear, etc.).") (define-public harfbuzz (package (name "harfbuzz") - (version "1.2.4") + (version "1.3.3") (source (origin (method url-fetch) (uri (string-append "https://www.freedesktop.org/software/" @@ -173,7 +173,7 @@ affine transformation (scale, rotation, shear, etc.).") version ".tar.bz2")) (sha256 (base32 - "14g4kpph8hgplkm954daxiymxx0vicfq7b7svvdsx54g5bqvv7a4")))) + "1jdkdjvci5d6r26vimsz24hz3xqqrk5xq40n693jn4m42mqrh816")))) (build-system gnu-build-system) (outputs '("out" "bin")) ; 160K, only hb-view depend on cairo @@ -198,7 +198,7 @@ affine transformation (scale, rotation, shear, etc.).") "HarfBuzz is an OpenType text shaping engine.") (license (license:x11-style "file://COPYING" "See 'COPYING' in the distribution.")) - (home-page "http://www.freedesktop.org/wiki/Software/HarfBuzz/"))) + (home-page "https://www.freedesktop.org/wiki/Software/HarfBuzz/"))) (define-public pango (package -- cgit v1.2.3 From 0bd1097c50950d47954b4dc136654dfbde45d5b1 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Wed, 23 Nov 2016 00:14:29 -0500 Subject: gnu: libtiff: Update to 4.0.7. * gnu/packages/image.scm (libtiff): Update to 4.0.7. [source]: Update URL and remove obsolete patches. [home-page]: Update URL. [native-inputs]: Add gcc-5. (libtiff-4.0.7): Delete variable. * gnu/packages/patches/libtiff-CVE-2015-8665+CVE-2015-8683.patch, gnu/packages/patches/libtiff-CVE-2016-3623.patch, gnu/packages/patches/libtiff-CVE-2016-3945.patch, gnu/packages/patches/libtiff-CVE-2016-3990.patch, gnu/packages/patches/libtiff-CVE-2016-3991.patch, gnu/packages/patches/libtiff-CVE-2016-5314.patch, gnu/packages/patches/libtiff-CVE-2016-5321.patch, gnu/packages/patches/libtiff-CVE-2016-5323.patch, gnu/packages/patches/libtiff-oob-accesses-in-decode.patch, gnu/packages/patches/libtiff-oob-write-in-nextdecode.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. --- gnu/local.mk | 10 -- gnu/packages/image.scm | 43 ++---- .../libtiff-CVE-2015-8665+CVE-2015-8683.patch | 107 ------------- gnu/packages/patches/libtiff-CVE-2016-3623.patch | 30 ---- gnu/packages/patches/libtiff-CVE-2016-3945.patch | 94 ----------- gnu/packages/patches/libtiff-CVE-2016-3990.patch | 31 ---- gnu/packages/patches/libtiff-CVE-2016-3991.patch | 123 --------------- gnu/packages/patches/libtiff-CVE-2016-5314.patch | 45 ------ gnu/packages/patches/libtiff-CVE-2016-5321.patch | 25 --- gnu/packages/patches/libtiff-CVE-2016-5323.patch | 88 ----------- .../patches/libtiff-oob-accesses-in-decode.patch | 171 --------------------- .../patches/libtiff-oob-write-in-nextdecode.patch | 49 ------ 12 files changed, 12 insertions(+), 804 deletions(-) delete mode 100644 gnu/packages/patches/libtiff-CVE-2015-8665+CVE-2015-8683.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2016-3623.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2016-3945.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2016-3990.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2016-3991.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2016-5314.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2016-5321.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2016-5323.patch delete mode 100644 gnu/packages/patches/libtiff-oob-accesses-in-decode.patch delete mode 100644 gnu/packages/patches/libtiff-oob-write-in-nextdecode.patch (limited to 'gnu/packages') diff --git a/gnu/local.mk b/gnu/local.mk index a0269ab56d..0d274d39e5 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -664,16 +664,6 @@ dist_patch_DATA = \ %D%/packages/patches/libssh-0.6.5-CVE-2016-0739.patch \ %D%/packages/patches/libtar-CVE-2013-4420.patch \ %D%/packages/patches/libtheora-config-guess.patch \ - %D%/packages/patches/libtiff-CVE-2015-8665+CVE-2015-8683.patch \ - %D%/packages/patches/libtiff-CVE-2016-3623.patch \ - %D%/packages/patches/libtiff-CVE-2016-3945.patch \ - %D%/packages/patches/libtiff-CVE-2016-3990.patch \ - %D%/packages/patches/libtiff-CVE-2016-3991.patch \ - %D%/packages/patches/libtiff-CVE-2016-5314.patch \ - %D%/packages/patches/libtiff-CVE-2016-5321.patch \ - %D%/packages/patches/libtiff-CVE-2016-5323.patch \ - %D%/packages/patches/libtiff-oob-accesses-in-decode.patch \ - %D%/packages/patches/libtiff-oob-write-in-nextdecode.patch \ %D%/packages/patches/libtool-skip-tests2.patch \ %D%/packages/patches/libunwind-CVE-2015-3239.patch \ %D%/packages/patches/libupnp-CVE-2016-6255.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 526c87cf86..611ac71572 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -36,6 +36,8 @@ #:use-module (gnu packages compression) #:use-module (gnu packages documentation) #:use-module (gnu packages fontutils) + ;; To provide gcc@5 and gcc@6, to work around . + #:use-module (gnu packages gcc) #:use-module (gnu packages gettext) #:use-module (gnu packages ghostscript) #:use-module (gnu packages gl) @@ -243,25 +245,14 @@ extracting icontainer icon files.") (define-public libtiff (package (name "libtiff") - (replacement libtiff-4.0.7) - (version "4.0.6") + (version "4.0.7") (source (origin (method url-fetch) - (uri (string-append "ftp://ftp.remotesensing.org/pub/libtiff/tiff-" - version ".tar.gz")) - (sha256 (base32 - "136nf1rj9dp5jgv1p7z4dk0xy3wki1w0vfjbk82f645m0w4samsd")) - (patches (search-patches - "libtiff-oob-accesses-in-decode.patch" - "libtiff-oob-write-in-nextdecode.patch" - "libtiff-CVE-2015-8665+CVE-2015-8683.patch" - "libtiff-CVE-2016-3623.patch" - "libtiff-CVE-2016-3945.patch" - "libtiff-CVE-2016-3990.patch" - "libtiff-CVE-2016-3991.patch" - "libtiff-CVE-2016-5314.patch" - "libtiff-CVE-2016-5321.patch" - "libtiff-CVE-2016-5323.patch")))) + (uri (string-append "ftp://download.osgeo.org/libtiff/tiff-" + version ".tar.gz")) + (sha256 + (base32 + "06ghqhr4db1ssq0acyyz49gr8k41gzw6pqb6mbn5r7jqp77s4hwz")))) (build-system gnu-build-system) (outputs '("out" "doc")) ;1.3 MiB of HTML documentation @@ -271,6 +262,9 @@ extracting icontainer icon files.") (assoc-ref %outputs "doc") "/share/doc/" ,name "-" ,version)))) + ;; Build with a patched GCC to work around . + (native-inputs + `(("gcc@5" ,gcc-5))) (inputs `(("zlib" ,zlib) ("libjpeg" ,libjpeg))) (synopsis "Library for handling TIFF files") @@ -281,20 +275,7 @@ Included are a library, libtiff, for reading and writing TIFF and a small collection of tools for doing simple manipulations of TIFF images.") (license (license:non-copyleft "file://COPYRIGHT" "See COPYRIGHT in the distribution.")) - (home-page "http://www.remotesensing.org/libtiff/"))) - -(define libtiff-4.0.7 - (package - (inherit libtiff) - (version "4.0.7") - (source (origin - (method url-fetch) - (uri (string-append "ftp://download.osgeo.org/libtiff/tiff-" - version ".tar.gz")) - (sha256 - (base32 - "06ghqhr4db1ssq0acyyz49gr8k41gzw6pqb6mbn5r7jqp77s4hwz")))) - (home-page "http://www.simplesystems.org/libtiff/"))) + (home-page "http://www.simplesystems.org/libtiff/"))) (define-public libwmf (package diff --git a/gnu/packages/patches/libtiff-CVE-2015-8665+CVE-2015-8683.patch b/gnu/packages/patches/libtiff-CVE-2015-8665+CVE-2015-8683.patch deleted file mode 100644 index 811516dbe9..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2015-8665+CVE-2015-8683.patch +++ /dev/null @@ -1,107 +0,0 @@ -2015-12-26 Even Rouault - - * libtiff/tif_getimage.c: fix out-of-bound reads in TIFFRGBAImage - interface in case of unsupported values of SamplesPerPixel/ExtraSamples - for LogLUV / CIELab. Add explicit call to TIFFRGBAImageOK() in - TIFFRGBAImageBegin(). Fix CVE-2015-8665 reported by limingxing and - CVE-2015-8683 reported by zzf of Alibaba. - -diff -u -r1.93 -r1.94 ---- libtiff/libtiff/tif_getimage.c 22 Nov 2015 15:31:03 -0000 1.93 -+++ libtiff/libtiff/tif_getimage.c 26 Dec 2015 17:32:03 -0000 1.94 -@@ -182,20 +182,22 @@ - "Planarconfiguration", td->td_planarconfig); - return (0); - } -- if( td->td_samplesperpixel != 3 ) -+ if( td->td_samplesperpixel != 3 || colorchannels != 3 ) - { - sprintf(emsg, -- "Sorry, can not handle image with %s=%d", -- "Samples/pixel", td->td_samplesperpixel); -+ "Sorry, can not handle image with %s=%d, %s=%d", -+ "Samples/pixel", td->td_samplesperpixel, -+ "colorchannels", colorchannels); - return 0; - } - break; - case PHOTOMETRIC_CIELAB: -- if( td->td_samplesperpixel != 3 || td->td_bitspersample != 8 ) -+ if( td->td_samplesperpixel != 3 || colorchannels != 3 || td->td_bitspersample != 8 ) - { - sprintf(emsg, -- "Sorry, can not handle image with %s=%d and %s=%d", -+ "Sorry, can not handle image with %s=%d, %s=%d and %s=%d", - "Samples/pixel", td->td_samplesperpixel, -+ "colorchannels", colorchannels, - "Bits/sample", td->td_bitspersample); - return 0; - } -@@ -255,6 +257,9 @@ - int colorchannels; - uint16 *red_orig, *green_orig, *blue_orig; - int n_color; -+ -+ if( !TIFFRGBAImageOK(tif, emsg) ) -+ return 0; - - /* Initialize to normal values */ - img->row_offset = 0; -@@ -2509,29 +2514,33 @@ - case PHOTOMETRIC_RGB: - switch (img->bitspersample) { - case 8: -- if (img->alpha == EXTRASAMPLE_ASSOCALPHA) -+ if (img->alpha == EXTRASAMPLE_ASSOCALPHA && -+ img->samplesperpixel >= 4) - img->put.contig = putRGBAAcontig8bittile; -- else if (img->alpha == EXTRASAMPLE_UNASSALPHA) -+ else if (img->alpha == EXTRASAMPLE_UNASSALPHA && -+ img->samplesperpixel >= 4) - { - if (BuildMapUaToAa(img)) - img->put.contig = putRGBUAcontig8bittile; - } -- else -+ else if( img->samplesperpixel >= 3 ) - img->put.contig = putRGBcontig8bittile; - break; - case 16: -- if (img->alpha == EXTRASAMPLE_ASSOCALPHA) -+ if (img->alpha == EXTRASAMPLE_ASSOCALPHA && -+ img->samplesperpixel >=4 ) - { - if (BuildMapBitdepth16To8(img)) - img->put.contig = putRGBAAcontig16bittile; - } -- else if (img->alpha == EXTRASAMPLE_UNASSALPHA) -+ else if (img->alpha == EXTRASAMPLE_UNASSALPHA && -+ img->samplesperpixel >=4 ) - { - if (BuildMapBitdepth16To8(img) && - BuildMapUaToAa(img)) - img->put.contig = putRGBUAcontig16bittile; - } -- else -+ else if( img->samplesperpixel >=3 ) - { - if (BuildMapBitdepth16To8(img)) - img->put.contig = putRGBcontig16bittile; -@@ -2540,7 +2549,7 @@ - } - break; - case PHOTOMETRIC_SEPARATED: -- if (buildMap(img)) { -+ if (img->samplesperpixel >=4 && buildMap(img)) { - if (img->bitspersample == 8) { - if (!img->Map) - img->put.contig = putRGBcontig8bitCMYKtile; -@@ -2636,7 +2645,7 @@ - } - break; - case PHOTOMETRIC_CIELAB: -- if (buildMap(img)) { -+ if (img->samplesperpixel == 3 && buildMap(img)) { - if (img->bitspersample == 8) - img->put.contig = initCIELabConversion(img); - break; diff --git a/gnu/packages/patches/libtiff-CVE-2016-3623.patch b/gnu/packages/patches/libtiff-CVE-2016-3623.patch deleted file mode 100644 index 08705861e3..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-3623.patch +++ /dev/null @@ -1,30 +0,0 @@ -Fix CVE-2016-3623. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3623 -http://bugzilla.maptools.org/show_bug.cgi?id=2569 - -Patch extracted from upstream CVS repo with: -$ cvs diff -u -r1.16 -r1.17 tools/rgb2ycbcr.c - -Index: tools/rgb2ycbcr.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/rgb2ycbcr.c,v -retrieving revision 1.16 -retrieving revision 1.17 -diff -u -r1.16 -r1.17 ---- libtiff/tools/rgb2ycbcr.c 21 Jun 2015 01:09:10 -0000 1.16 -+++ libtiff/tools/rgb2ycbcr.c 15 Aug 2016 21:26:56 -0000 1.17 -@@ -95,9 +95,13 @@ - break; - case 'h': - horizSubSampling = atoi(optarg); -+ if( horizSubSampling != 1 && horizSubSampling != 2 && horizSubSampling != 4 ) -+ usage(-1); - break; - case 'v': - vertSubSampling = atoi(optarg); -+ if( vertSubSampling != 1 && vertSubSampling != 2 && vertSubSampling != 4 ) -+ usage(-1); - break; - case 'r': - rowsperstrip = atoi(optarg); diff --git a/gnu/packages/patches/libtiff-CVE-2016-3945.patch b/gnu/packages/patches/libtiff-CVE-2016-3945.patch deleted file mode 100644 index 8ec62bab99..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-3945.patch +++ /dev/null @@ -1,94 +0,0 @@ -Fix CVE-2016-3945 (integer overflow in size of allocated -buffer, when -b mode is enabled, that could result in out-of-bounds -write). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3945 -http://bugzilla.maptools.org/show_bug.cgi?id=2545 - -Patch extracted from upstream CVS repo with: -$ cvs diff -u -r1.21 -r1.22 tools/tiff2rgba.c - -Index: tools/tiff2rgba.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2rgba.c,v -retrieving revision 1.21 -retrieving revision 1.22 -diff -u -r1.21 -r1.22 ---- libtiff/tools/tiff2rgba.c 21 Jun 2015 01:09:10 -0000 1.21 -+++ libtiff/tools/tiff2rgba.c 15 Aug 2016 20:06:41 -0000 1.22 -@@ -147,6 +147,7 @@ - uint32 row, col; - uint32 *wrk_line; - int ok = 1; -+ uint32 rastersize, wrk_linesize; - - TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width); - TIFFGetField(in, TIFFTAG_IMAGELENGTH, &height); -@@ -163,7 +164,13 @@ - /* - * Allocate tile buffer - */ -- raster = (uint32*)_TIFFmalloc(tile_width * tile_height * sizeof (uint32)); -+ rastersize = tile_width * tile_height * sizeof (uint32); -+ if (tile_width != (rastersize / tile_height) / sizeof( uint32)) -+ { -+ TIFFError(TIFFFileName(in), "Integer overflow when calculating raster buffer"); -+ exit(-1); -+ } -+ raster = (uint32*)_TIFFmalloc(rastersize); - if (raster == 0) { - TIFFError(TIFFFileName(in), "No space for raster buffer"); - return (0); -@@ -173,7 +180,13 @@ - * Allocate a scanline buffer for swapping during the vertical - * mirroring pass. - */ -- wrk_line = (uint32*)_TIFFmalloc(tile_width * sizeof (uint32)); -+ wrk_linesize = tile_width * sizeof (uint32); -+ if (tile_width != wrk_linesize / sizeof (uint32)) -+ { -+ TIFFError(TIFFFileName(in), "Integer overflow when calculating wrk_line buffer"); -+ exit(-1); -+ } -+ wrk_line = (uint32*)_TIFFmalloc(wrk_linesize); - if (!wrk_line) { - TIFFError(TIFFFileName(in), "No space for raster scanline buffer"); - ok = 0; -@@ -249,6 +262,7 @@ - uint32 row; - uint32 *wrk_line; - int ok = 1; -+ uint32 rastersize, wrk_linesize; - - TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width); - TIFFGetField(in, TIFFTAG_IMAGELENGTH, &height); -@@ -263,7 +277,13 @@ - /* - * Allocate strip buffer - */ -- raster = (uint32*)_TIFFmalloc(width * rowsperstrip * sizeof (uint32)); -+ rastersize = width * rowsperstrip * sizeof (uint32); -+ if (width != (rastersize / rowsperstrip) / sizeof( uint32)) -+ { -+ TIFFError(TIFFFileName(in), "Integer overflow when calculating raster buffer"); -+ exit(-1); -+ } -+ raster = (uint32*)_TIFFmalloc(rastersize); - if (raster == 0) { - TIFFError(TIFFFileName(in), "No space for raster buffer"); - return (0); -@@ -273,7 +293,13 @@ - * Allocate a scanline buffer for swapping during the vertical - * mirroring pass. - */ -- wrk_line = (uint32*)_TIFFmalloc(width * sizeof (uint32)); -+ wrk_linesize = width * sizeof (uint32); -+ if (width != wrk_linesize / sizeof (uint32)) -+ { -+ TIFFError(TIFFFileName(in), "Integer overflow when calculating wrk_line buffer"); -+ exit(-1); -+ } -+ wrk_line = (uint32*)_TIFFmalloc(wrk_linesize); - if (!wrk_line) { - TIFFError(TIFFFileName(in), "No space for raster scanline buffer"); - ok = 0; diff --git a/gnu/packages/patches/libtiff-CVE-2016-3990.patch b/gnu/packages/patches/libtiff-CVE-2016-3990.patch deleted file mode 100644 index 7641c3073b..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-3990.patch +++ /dev/null @@ -1,31 +0,0 @@ -Fix CVE-2016-3990 (write buffer overflow in PixarLogEncode if more input -samples are provided than expected by PixarLogSetupEncode). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3990 -http://bugzilla.maptools.org/show_bug.cgi?id=2544 - -Patch extracted from upstream CVS repo with: -$ cvs diff -u -r1.45 -r1.46 libtiff/tif_pixarlog.c - -Index: libtiff/tif_pixarlog.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_pixarlog.c,v -retrieving revision 1.45 -retrieving revision 1.46 -diff -u -r1.45 -r1.46 ---- libtiff/libtiff/tif_pixarlog.c 28 Jun 2016 15:37:33 -0000 1.45 -+++ libtiff/libtiff/tif_pixarlog.c 15 Aug 2016 20:49:48 -0000 1.46 -@@ -1141,6 +1141,13 @@ - } - - llen = sp->stride * td->td_imagewidth; -+ /* Check against the number of elements (of size uint16) of sp->tbuf */ -+ if( n > td->td_rowsperstrip * llen ) -+ { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Too many input bytes provided"); -+ return 0; -+ } - - for (i = 0, up = sp->tbuf; i < n; i += llen, up += llen) { - switch (sp->user_datafmt) { diff --git a/gnu/packages/patches/libtiff-CVE-2016-3991.patch b/gnu/packages/patches/libtiff-CVE-2016-3991.patch deleted file mode 100644 index cb05f0007f..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-3991.patch +++ /dev/null @@ -1,123 +0,0 @@ -Fix CVE-2016-3991 (out-of-bounds write in loadImage()). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3991 -http://bugzilla.maptools.org/show_bug.cgi?id=2543 - -Patch extracted from upstream CVS repo with: -$ cvs diff -u -r1.37 -r1.38 tools/tiffcrop.c - -Index: tools/tiffcrop.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v -retrieving revision 1.37 -retrieving revision 1.38 -diff -u -r1.37 -r1.38 ---- libtiff/tools/tiffcrop.c 11 Jul 2016 21:38:31 -0000 1.37 -+++ libtiff/tools/tiffcrop.c 15 Aug 2016 21:05:40 -0000 1.38 -@@ -798,6 +798,11 @@ - } - - tile_buffsize = tilesize; -+ if (tilesize == 0 || tile_rowsize == 0) -+ { -+ TIFFError("readContigTilesIntoBuffer", "Tile size or tile rowsize is zero"); -+ exit(-1); -+ } - - if (tilesize < (tsize_t)(tl * tile_rowsize)) - { -@@ -807,7 +812,12 @@ - tilesize, tl * tile_rowsize); - #endif - tile_buffsize = tl * tile_rowsize; -- } -+ if (tl != (tile_buffsize / tile_rowsize)) -+ { -+ TIFFError("readContigTilesIntoBuffer", "Integer overflow when calculating buffer size."); -+ exit(-1); -+ } -+ } - - tilebuf = _TIFFmalloc(tile_buffsize); - if (tilebuf == 0) -@@ -1210,6 +1220,12 @@ - !TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps) ) - return 1; - -+ if (tilesize == 0 || tile_rowsize == 0 || tl == 0 || tw == 0) -+ { -+ TIFFError("writeBufferToContigTiles", "Tile size, tile row size, tile width, or tile length is zero"); -+ exit(-1); -+ } -+ - tile_buffsize = tilesize; - if (tilesize < (tsize_t)(tl * tile_rowsize)) - { -@@ -1219,6 +1235,11 @@ - tilesize, tl * tile_rowsize); - #endif - tile_buffsize = tl * tile_rowsize; -+ if (tl != tile_buffsize / tile_rowsize) -+ { -+ TIFFError("writeBufferToContigTiles", "Integer overflow when calculating buffer size"); -+ exit(-1); -+ } - } - - tilebuf = _TIFFmalloc(tile_buffsize); -@@ -5945,12 +5966,27 @@ - TIFFGetField(in, TIFFTAG_TILELENGTH, &tl); - - tile_rowsize = TIFFTileRowSize(in); -+ if (ntiles == 0 || tlsize == 0 || tile_rowsize == 0) -+ { -+ TIFFError("loadImage", "File appears to be tiled, but the number of tiles, tile size, or tile rowsize is zero."); -+ exit(-1); -+ } - buffsize = tlsize * ntiles; -+ if (tlsize != (buffsize / ntiles)) -+ { -+ TIFFError("loadImage", "Integer overflow when calculating buffer size"); -+ exit(-1); -+ } - -- - if (buffsize < (uint32)(ntiles * tl * tile_rowsize)) - { - buffsize = ntiles * tl * tile_rowsize; -+ if (ntiles != (buffsize / tl / tile_rowsize)) -+ { -+ TIFFError("loadImage", "Integer overflow when calculating buffer size"); -+ exit(-1); -+ } -+ - #ifdef DEBUG2 - TIFFError("loadImage", - "Tilesize %u is too small, using ntiles * tilelength * tilerowsize %lu", -@@ -5969,8 +6005,25 @@ - TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rowsperstrip); - stsize = TIFFStripSize(in); - nstrips = TIFFNumberOfStrips(in); -+ if (nstrips == 0 || stsize == 0) -+ { -+ TIFFError("loadImage", "File appears to be striped, but the number of stipes or stripe size is zero."); -+ exit(-1); -+ } -+ - buffsize = stsize * nstrips; -- -+ if (stsize != (buffsize / nstrips)) -+ { -+ TIFFError("loadImage", "Integer overflow when calculating buffer size"); -+ exit(-1); -+ } -+ uint32 buffsize_check; -+ buffsize_check = ((length * width * spp * bps) + 7); -+ if (length != ((buffsize_check - 7) / width / spp / bps)) -+ { -+ TIFFError("loadImage", "Integer overflow detected."); -+ exit(-1); -+ } - if (buffsize < (uint32) (((length * width * spp * bps) + 7) / 8)) - { - buffsize = ((length * width * spp * bps) + 7) / 8; diff --git a/gnu/packages/patches/libtiff-CVE-2016-5314.patch b/gnu/packages/patches/libtiff-CVE-2016-5314.patch deleted file mode 100644 index e5380f8639..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-5314.patch +++ /dev/null @@ -1,45 +0,0 @@ -Fix CVE-2016-5314. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5314 -bugzilla.maptools.org/show_bug.cgi?id=2554 - -Patch extracted from upstream CVS repo with: -$ cvs diff -u -r1.43 -r1.44 libtiff/tif_pixarlog.c - -Index: libtiff/tif_pixarlog.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_pixarlog.c,v -retrieving revision 1.43 -retrieving revision 1.44 -diff -u -r1.43 -r1.44 ---- libtiff/libtiff/tif_pixarlog.c 27 Dec 2015 20:14:11 -0000 1.43 -+++ libtiff/libtiff/tif_pixarlog.c 28 Jun 2016 15:12:19 -0000 1.44 -@@ -459,6 +459,7 @@ - typedef struct { - TIFFPredictorState predict; - z_stream stream; -+ tmsize_t tbuf_size; /* only set/used on reading for now */ - uint16 *tbuf; - uint16 stride; - int state; -@@ -694,6 +695,7 @@ - sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size); - if (sp->tbuf == NULL) - return (0); -+ sp->tbuf_size = tbuf_size; - if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN) - sp->user_datafmt = PixarLogGuessDataFmt(td); - if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN) { -@@ -783,6 +785,12 @@ - TIFFErrorExt(tif->tif_clientdata, module, "ZLib cannot deal with buffers this size"); - return (0); - } -+ /* Check that we will not fill more than what was allocated */ -+ if (sp->stream.avail_out > sp->tbuf_size) -+ { -+ TIFFErrorExt(tif->tif_clientdata, module, "sp->stream.avail_out > sp->tbuf_size"); -+ return (0); -+ } - do { - int state = inflate(&sp->stream, Z_PARTIAL_FLUSH); - if (state == Z_STREAM_END) { diff --git a/gnu/packages/patches/libtiff-CVE-2016-5321.patch b/gnu/packages/patches/libtiff-CVE-2016-5321.patch deleted file mode 100644 index 2afca18e1d..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-5321.patch +++ /dev/null @@ -1,25 +0,0 @@ -Fix CVE-2016-5321. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5321 -http://bugzilla.maptools.org/show_bug.cgi?id=2558 - -Patch extracted from upstream CVS repo with: -$ cvs diff -u -r1.35 -r1.36 tools/tiffcrop.c - -Index: tools/tiffcrop.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v -retrieving revision 1.35 -retrieving revision 1.36 -diff -u -r1.35 -r1.36 ---- libtiff/tools/tiffcrop.c 19 Aug 2015 02:31:04 -0000 1.35 -+++ libtiff/tools/tiffcrop.c 11 Jul 2016 21:26:03 -0000 1.36 -@@ -989,7 +989,7 @@ - nrow = (row + tl > imagelength) ? imagelength - row : tl; - for (col = 0; col < imagewidth; col += tw) - { -- for (s = 0; s < spp; s++) -+ for (s = 0; s < spp && s < MAX_SAMPLES; s++) - { /* Read each plane of a tile set into srcbuffs[s] */ - tbytes = TIFFReadTile(in, srcbuffs[s], col, row, 0, s); - if (tbytes < 0 && !ignore) diff --git a/gnu/packages/patches/libtiff-CVE-2016-5323.patch b/gnu/packages/patches/libtiff-CVE-2016-5323.patch deleted file mode 100644 index 8b2a043d29..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-5323.patch +++ /dev/null @@ -1,88 +0,0 @@ -Fix CVE-2016-5323. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5323 -http://bugzilla.maptools.org/show_bug.cgi?id=2559 - -Patch extracted from upstream CVS repo with: -$ cvs diff -u -r1.36 -r1.37 tools/tiffcrop.c - -Index: tools/tiffcrop.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v -retrieving revision 1.36 -retrieving revision 1.37 -diff -u -r1.36 -r1.37 ---- libtiff/tools/tiffcrop.c 11 Jul 2016 21:26:03 -0000 1.36 -+++ libtiff/tools/tiffcrop.c 11 Jul 2016 21:38:31 -0000 1.37 -@@ -3738,7 +3738,7 @@ - - matchbits = maskbits << (8 - src_bit - bps); - /* load up next sample from each plane */ -- for (s = 0; s < spp; s++) -+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) - { - src = in[s] + src_offset + src_byte; - buff1 = ((*src) & matchbits) << (src_bit); -@@ -3837,7 +3837,7 @@ - src_bit = bit_offset % 8; - - matchbits = maskbits << (16 - src_bit - bps); -- for (s = 0; s < spp; s++) -+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) - { - src = in[s] + src_offset + src_byte; - if (little_endian) -@@ -3947,7 +3947,7 @@ - src_bit = bit_offset % 8; - - matchbits = maskbits << (32 - src_bit - bps); -- for (s = 0; s < spp; s++) -+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) - { - src = in[s] + src_offset + src_byte; - if (little_endian) -@@ -4073,7 +4073,7 @@ - src_bit = bit_offset % 8; - - matchbits = maskbits << (64 - src_bit - bps); -- for (s = 0; s < spp; s++) -+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) - { - src = in[s] + src_offset + src_byte; - if (little_endian) -@@ -4263,7 +4263,7 @@ - - matchbits = maskbits << (8 - src_bit - bps); - /* load up next sample from each plane */ -- for (s = 0; s < spp; s++) -+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) - { - src = in[s] + src_offset + src_byte; - buff1 = ((*src) & matchbits) << (src_bit); -@@ -4362,7 +4362,7 @@ - src_bit = bit_offset % 8; - - matchbits = maskbits << (16 - src_bit - bps); -- for (s = 0; s < spp; s++) -+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) - { - src = in[s] + src_offset + src_byte; - if (little_endian) -@@ -4471,7 +4471,7 @@ - src_bit = bit_offset % 8; - - matchbits = maskbits << (32 - src_bit - bps); -- for (s = 0; s < spp; s++) -+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) - { - src = in[s] + src_offset + src_byte; - if (little_endian) -@@ -4597,7 +4597,7 @@ - src_bit = bit_offset % 8; - - matchbits = maskbits << (64 - src_bit - bps); -- for (s = 0; s < spp; s++) -+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) - { - src = in[s] + src_offset + src_byte; - if (little_endian) diff --git a/gnu/packages/patches/libtiff-oob-accesses-in-decode.patch b/gnu/packages/patches/libtiff-oob-accesses-in-decode.patch deleted file mode 100644 index 3fea745056..0000000000 --- a/gnu/packages/patches/libtiff-oob-accesses-in-decode.patch +++ /dev/null @@ -1,171 +0,0 @@ -2015-12-27 Even Rouault - - * libtiff/tif_luv.c: fix potential out-of-bound writes in decode - functions in non debug builds by replacing assert()s by regular if - checks (bugzilla #2522). - Fix potential out-of-bound reads in case of short input data. - -diff -u -r1.40 -r1.41 ---- libtiff/libtiff/tif_luv.c 21 Jun 2015 01:09:09 -0000 1.40 -+++ libtiff/libtiff/tif_luv.c 27 Dec 2015 16:25:11 -0000 1.41 -@@ -1,4 +1,4 @@ --/* $Id: tif_luv.c,v 1.40 2015-06-21 01:09:09 bfriesen Exp $ */ -+/* $Id: tif_luv.c,v 1.41 2015-12-27 16:25:11 erouault Exp $ */ - - /* - * Copyright (c) 1997 Greg Ward Larson -@@ -202,7 +202,11 @@ - if (sp->user_datafmt == SGILOGDATAFMT_16BIT) - tp = (int16*) op; - else { -- assert(sp->tbuflen >= npixels); -+ if(sp->tbuflen < npixels) { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Translation buffer too short"); -+ return (0); -+ } - tp = (int16*) sp->tbuf; - } - _TIFFmemset((void*) tp, 0, npixels*sizeof (tp[0])); -@@ -211,9 +215,11 @@ - cc = tif->tif_rawcc; - /* get each byte string */ - for (shft = 2*8; (shft -= 8) >= 0; ) { -- for (i = 0; i < npixels && cc > 0; ) -+ for (i = 0; i < npixels && cc > 0; ) { - if (*bp >= 128) { /* run */ -- rc = *bp++ + (2-128); /* TODO: potential input buffer overrun when decoding corrupt or truncated data */ -+ if( cc < 2 ) -+ break; -+ rc = *bp++ + (2-128); - b = (int16)(*bp++ << shft); - cc -= 2; - while (rc-- && i < npixels) -@@ -223,6 +229,7 @@ - while (--cc && rc-- && i < npixels) - tp[i++] |= (int16)*bp++ << shft; - } -+ } - if (i != npixels) { - #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) - TIFFErrorExt(tif->tif_clientdata, module, -@@ -268,13 +275,17 @@ - if (sp->user_datafmt == SGILOGDATAFMT_RAW) - tp = (uint32 *)op; - else { -- assert(sp->tbuflen >= npixels); -+ if(sp->tbuflen < npixels) { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Translation buffer too short"); -+ return (0); -+ } - tp = (uint32 *) sp->tbuf; - } - /* copy to array of uint32 */ - bp = (unsigned char*) tif->tif_rawcp; - cc = tif->tif_rawcc; -- for (i = 0; i < npixels && cc > 0; i++) { -+ for (i = 0; i < npixels && cc >= 3; i++) { - tp[i] = bp[0] << 16 | bp[1] << 8 | bp[2]; - bp += 3; - cc -= 3; -@@ -325,7 +336,11 @@ - if (sp->user_datafmt == SGILOGDATAFMT_RAW) - tp = (uint32*) op; - else { -- assert(sp->tbuflen >= npixels); -+ if(sp->tbuflen < npixels) { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Translation buffer too short"); -+ return (0); -+ } - tp = (uint32*) sp->tbuf; - } - _TIFFmemset((void*) tp, 0, npixels*sizeof (tp[0])); -@@ -334,11 +349,13 @@ - cc = tif->tif_rawcc; - /* get each byte string */ - for (shft = 4*8; (shft -= 8) >= 0; ) { -- for (i = 0; i < npixels && cc > 0; ) -+ for (i = 0; i < npixels && cc > 0; ) { - if (*bp >= 128) { /* run */ -+ if( cc < 2 ) -+ break; - rc = *bp++ + (2-128); - b = (uint32)*bp++ << shft; -- cc -= 2; /* TODO: potential input buffer overrun when decoding corrupt or truncated data */ -+ cc -= 2; - while (rc-- && i < npixels) - tp[i++] |= b; - } else { /* non-run */ -@@ -346,6 +363,7 @@ - while (--cc && rc-- && i < npixels) - tp[i++] |= (uint32)*bp++ << shft; - } -+ } - if (i != npixels) { - #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) - TIFFErrorExt(tif->tif_clientdata, module, -@@ -413,6 +431,7 @@ - static int - LogL16Encode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) - { -+ static const char module[] = "LogL16Encode"; - LogLuvState* sp = EncoderState(tif); - int shft; - tmsize_t i; -@@ -433,7 +452,11 @@ - tp = (int16*) bp; - else { - tp = (int16*) sp->tbuf; -- assert(sp->tbuflen >= npixels); -+ if(sp->tbuflen < npixels) { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Translation buffer too short"); -+ return (0); -+ } - (*sp->tfunc)(sp, bp, npixels); - } - /* compress each byte string */ -@@ -506,6 +529,7 @@ - static int - LogLuvEncode24(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) - { -+ static const char module[] = "LogLuvEncode24"; - LogLuvState* sp = EncoderState(tif); - tmsize_t i; - tmsize_t npixels; -@@ -521,7 +545,11 @@ - tp = (uint32*) bp; - else { - tp = (uint32*) sp->tbuf; -- assert(sp->tbuflen >= npixels); -+ if(sp->tbuflen < npixels) { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Translation buffer too short"); -+ return (0); -+ } - (*sp->tfunc)(sp, bp, npixels); - } - /* write out encoded pixels */ -@@ -553,6 +581,7 @@ - static int - LogLuvEncode32(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) - { -+ static const char module[] = "LogLuvEncode32"; - LogLuvState* sp = EncoderState(tif); - int shft; - tmsize_t i; -@@ -574,7 +603,11 @@ - tp = (uint32*) bp; - else { - tp = (uint32*) sp->tbuf; -- assert(sp->tbuflen >= npixels); -+ if(sp->tbuflen < npixels) { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Translation buffer too short"); -+ return (0); -+ } - (*sp->tfunc)(sp, bp, npixels); - } - /* compress each byte string */ diff --git a/gnu/packages/patches/libtiff-oob-write-in-nextdecode.patch b/gnu/packages/patches/libtiff-oob-write-in-nextdecode.patch deleted file mode 100644 index 50657b667c..0000000000 --- a/gnu/packages/patches/libtiff-oob-write-in-nextdecode.patch +++ /dev/null @@ -1,49 +0,0 @@ -2015-12-27 Even Rouault - - * libtiff/tif_next.c: fix potential out-of-bound write in NeXTDecode() - triggered by http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif - (bugzilla #2508) - -diff -u -r1.16 -r1.18 ---- libtiff/libtiff/tif_next.c 29 Dec 2014 12:09:11 -0000 1.16 -+++ libtiff/libtiff/tif_next.c 27 Dec 2015 17:14:52 -0000 1.18 -@@ -1,4 +1,4 @@ --/* $Id: tif_next.c,v 1.16 2014-12-29 12:09:11 erouault Exp $ */ -+/* $Id: tif_next.c,v 1.18 2015-12-27 17:14:52 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -37,7 +37,7 @@ - case 0: op[0] = (unsigned char) ((v) << 6); break; \ - case 1: op[0] |= (v) << 4; break; \ - case 2: op[0] |= (v) << 2; break; \ -- case 3: *op++ |= (v); break; \ -+ case 3: *op++ |= (v); op_offset++; break; \ - } \ - } - -@@ -103,6 +103,7 @@ - } - default: { - uint32 npixels = 0, grey; -+ tmsize_t op_offset = 0; - uint32 imagewidth = tif->tif_dir.td_imagewidth; - if( isTiled(tif) ) - imagewidth = tif->tif_dir.td_tilewidth; -@@ -122,10 +123,15 @@ - * bounds, potentially resulting in a security - * issue. - */ -- while (n-- > 0 && npixels < imagewidth) -+ while (n-- > 0 && npixels < imagewidth && op_offset < scanline) - SETPIXEL(op, grey); - if (npixels >= imagewidth) - break; -+ if (op_offset >= scanline ) { -+ TIFFErrorExt(tif->tif_clientdata, module, "Invalid data for scanline %ld", -+ (long) tif->tif_row); -+ return (0); -+ } - if (cc == 0) - goto bad; - n = *bp++, cc--; -- cgit v1.2.3 From cf7daaf5dae5d0ac4bbc4eda39db041f22b67cf4 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sun, 27 Nov 2016 09:49:15 +0100 Subject: gnu: docbook-xsl: Update to 1.79.1. * gnu/packages/docbook.scm (docbook-xsl): Update to 1.79.1. --- gnu/packages/docbook.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages') diff --git a/gnu/packages/docbook.scm b/gnu/packages/docbook.scm index 3d18d459bd..fe183a18e0 100644 --- a/gnu/packages/docbook.scm +++ b/gnu/packages/docbook.scm @@ -132,14 +132,14 @@ by no means limited to these applications.) This package provides XML DTDs.") (define-public docbook-xsl (package (name "docbook-xsl") - (version "1.78.1") + (version "1.79.1") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/docbook/docbook-xsl/" version "/docbook-xsl-" version ".tar.bz2")) (sha256 (base32 - "0rxl013ncmz1n6ymk2idvx3hix9pdabk8xn01cpcv32wmfb753y9")))) + "0s59lihif2fr7rznckxr2kfyrvkirv76r1zvidp9b5mj28p4apvj")))) (build-system trivial-build-system) (arguments `(#:builder (let ((name-version (string-append ,name "-" ,version))) -- cgit v1.2.3 From 3084a9908434e4e7123d2fd3881c798977abedb9 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Tue, 29 Nov 2016 19:15:06 +0100 Subject: gnu: libxi: Update to 1.7.8. * gnu/packages/xorg.scm (libxi): Update to 1.7.8. --- gnu/packages/xorg.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages') diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm index 9f9549b6b9..47f7eb8db6 100644 --- a/gnu/packages/xorg.scm +++ b/gnu/packages/xorg.scm @@ -4884,7 +4884,7 @@ new API's in libXft, or the legacy API's in libX11.") (define-public libxi (package (name "libxi") - (version "1.7.7") + (version "1.7.8") (source (origin (method url-fetch) @@ -4894,7 +4894,7 @@ new API's in libXft, or the legacy API's in libX11.") ".tar.bz2")) (sha256 (base32 - "0c70n4aq0ba628wr88ih4740nci9d9f6y3v96sx376vvlm7q6vwr")))) + "1fr7mi4nbcxsa88qin9g2ipmzh595ydxy9qnabzl270laf6zmwnq")))) (build-system gnu-build-system) (propagated-inputs `(("inputproto" ,inputproto) -- cgit v1.2.3 From 35bbe88b3c12402bd0648f1ce15a2977742f70a2 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Wed, 30 Nov 2016 17:58:22 +0100 Subject: gnu: pixman: Eliminate graft. * gnu/packages/xdisorg.scm (pixman)[replacement]: Remove field. [source]: Add patch from 'pixman/fixed'. (pixman/fixed): Remove variable. --- gnu/packages/xdisorg.scm | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) (limited to 'gnu/packages') diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm index 3d1108d42e..4633b5159e 100644 --- a/gnu/packages/xdisorg.scm +++ b/gnu/packages/xdisorg.scm @@ -241,7 +241,6 @@ following the mouse.") (package (name "pixman") (version "0.34.0") - (replacement pixman/fixed) (source (origin (method url-fetch) (uri (string-append @@ -249,7 +248,8 @@ following the mouse.") version ".tar.gz")) (sha256 (base32 - "13m842m9ffac3m9r0b4lvwjhwzg3w4353djkjpf00s0wnm4v5di1")))) + "13m842m9ffac3m9r0b4lvwjhwzg3w4353djkjpf00s0wnm4v5di1")) + (patches (search-patches "pixman-CVE-2016-5296.patch")))) (build-system gnu-build-system) (inputs `(("libpng" ,libpng) @@ -263,14 +263,6 @@ manipulation, providing features such as image compositing and trapezoid rasterisation.") (license license:x11))) -(define pixman/fixed - (package - (inherit pixman) - (source (origin - (inherit (package-source pixman)) - (patches (search-patches "pixman-CVE-2016-5296.patch")))))) - - (define-public libdrm (package (name "libdrm") -- cgit v1.2.3 From 86cf191426534ba5eac15e02ae20b1a0ba7f0bf4 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Wed, 30 Nov 2016 18:07:03 +0100 Subject: gnu: dbus: Eliminate graft. * gnu/packages/glib.scm (dbus)[replacement]: Remove field. [version]: Update to 1.10.12. [source]: Update hash. (dbus-1.10.12): Remove variable. --- gnu/packages/glib.scm | 20 ++------------------ 1 file changed, 2 insertions(+), 18 deletions(-) (limited to 'gnu/packages') diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm index 2b57f85d75..e7419fd88b 100644 --- a/gnu/packages/glib.scm +++ b/gnu/packages/glib.scm @@ -64,8 +64,7 @@ (define dbus (package (name "dbus") - (replacement dbus-1.10.12) - (version "1.10.10") + (version "1.10.12") (source (origin (method url-fetch) (uri (string-append @@ -73,7 +72,7 @@ version ".tar.gz")) (sha256 (base32 - "0hwsfczhx2djmc9116vj5v230i7gpjihwh3vbljs1ldlk831v3wx")) + "0pa71vf5c0d7k3gni06iascmplj0j5g70wbc833ayvi71d1pj2i1")) (patches (search-patches "dbus-helper-search-path.patch")))) (build-system gnu-build-system) (arguments @@ -132,21 +131,6 @@ or through unencrypted TCP/IP suitable for use behind a firewall with shared NFS home directories.") (license license:gpl2+))) ; or Academic Free License 2.1 -(define dbus-1.10.12 - (package - (inherit dbus) - (name "dbus") - (source - (let ((version "1.10.12")) - (origin - (inherit (package-source dbus)) - (uri (string-append - "https://dbus.freedesktop.org/releases/dbus/dbus-" - version ".tar.gz")) - (sha256 - (base32 - "0pa71vf5c0d7k3gni06iascmplj0j5g70wbc833ayvi71d1pj2i1"))))))) - (define glib (package (name "glib") -- cgit v1.2.3 From 8b6aee5f82461f43a3ff4f12ccb84ae87413b112 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Wed, 30 Nov 2016 18:09:41 +0100 Subject: gnu: dbus: Update to 1.10.14. * gnu/packages/glib.scm (dbus): Update to 1.10.14. --- gnu/packages/glib.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages') diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm index e7419fd88b..3683068dc4 100644 --- a/gnu/packages/glib.scm +++ b/gnu/packages/glib.scm @@ -64,7 +64,7 @@ (define dbus (package (name "dbus") - (version "1.10.12") + (version "1.10.14") (source (origin (method url-fetch) (uri (string-append @@ -72,7 +72,7 @@ version ".tar.gz")) (sha256 (base32 - "0pa71vf5c0d7k3gni06iascmplj0j5g70wbc833ayvi71d1pj2i1")) + "10x0wvv2ly4lyyfd42k4xw0ar5qdbi9cksw3l5fcwf1y6mq8y8r3")) (patches (search-patches "dbus-helper-search-path.patch")))) (build-system gnu-build-system) (arguments -- cgit v1.2.3 From bc118f1a0367036128a6acfdc9fe34c8554009ac Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Wed, 30 Nov 2016 18:31:37 +0100 Subject: gnu: cairo: Eliminate graft. * gnu/packages/gtk.scm (cairo)[replacement]: Remove field. [source]: Add patch from 'cairo/fixed'. (cairo-xcb)[source]: Inherit from cairo. [replacement]: Remove field. (cairo/fixed): Remove variable. * gnu/packages/pdf.scm (poppler)[inputs]: Remove cairo replacement. --- gnu/packages/gtk.scm | 15 ++------------- gnu/packages/pdf.scm | 11 ----------- 2 files changed, 2 insertions(+), 24 deletions(-) (limited to 'gnu/packages') diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm index 224e33e711..b1a8e272db 100644 --- a/gnu/packages/gtk.scm +++ b/gnu/packages/gtk.scm @@ -100,7 +100,6 @@ tools have full access to view and control running applications.") (define-public cairo (package (name "cairo") - (replacement cairo/fixed) (version "1.14.6") (source (origin (method url-fetch) @@ -108,7 +107,8 @@ tools have full access to view and control running applications.") version ".tar.xz")) (sha256 (base32 - "0lmjlzmghmr27y615px9hkm552x7ap6pmq9mfbzr6smp8y2b6g31")))) + "0lmjlzmghmr27y615px9hkm552x7ap6pmq9mfbzr6smp8y2b6g31")) + (patches (search-patches "cairo-CVE-2016-9082.patch")))) (build-system gnu-build-system) (propagated-inputs `(("fontconfig" ,fontconfig) @@ -154,10 +154,6 @@ affine transformation (scale, rotation, shear, etc.).") (package (inherit cairo) (name "cairo-xcb") - (source (origin - (inherit (package-source cairo)) - (patches (search-patches "cairo-CVE-2016-9082.patch")))) - (replacement #f) (inputs `(("mesa" ,mesa) ,@(package-inputs cairo))) @@ -167,13 +163,6 @@ affine transformation (scale, rotation, shear, etc.).") '("--enable-xlib-xcb" "--enable-gl" "--enable-egl"))) (synopsis "2D graphics library (with X11 support)"))) -(define cairo/fixed - (package - (inherit cairo) - (source (origin - (inherit (package-source cairo)) - (patches (search-patches "cairo-CVE-2016-9082.patch")))))) - (define-public harfbuzz (package (name "harfbuzz") diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index b95fe5e0cf..d491642e49 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -95,17 +95,6 @@ ;; To build poppler-glib (as needed by Evince), we need Cairo and ;; GLib. But of course, that Cairo must not depend on Poppler. ("cairo" ,(package (inherit cairo) - (replacement - (package - (inherit cairo) - (replacement #f) - (source - (origin - (inherit (package-source cairo)) - (patches (search-patches - "cairo-CVE-2016-9082.patch")))) - (inputs (alist-delete "poppler" - (package-inputs cairo))))) (inputs (alist-delete "poppler" (package-inputs cairo))))) ("glib" ,glib))) -- cgit v1.2.3 From 17f2b485b156611e8c8e0715df39d023ca937549 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Wed, 30 Nov 2016 01:46:17 +0100 Subject: gnu: mesa: Update to 13.0.2. * gnu/packages/gl.scm (mesa): Update to 13.0.2. [inputs]: Remove eudev. [native-inputs]: Move 'mesa-wayland-egl-symbols-check-mips.patch' to ... [source]: ... here. [arguments]: Don't apply patch. Remove udev substitution. --- gnu/packages/gl.scm | 33 +++++---------------------------- 1 file changed, 5 insertions(+), 28 deletions(-) (limited to 'gnu/packages') diff --git a/gnu/packages/gl.scm b/gnu/packages/gl.scm index 50b474c623..18d5d8166a 100644 --- a/gnu/packages/gl.scm +++ b/gnu/packages/gl.scm @@ -196,7 +196,7 @@ also known as DXTn or DXTC) for Mesa.") (define-public mesa (package (name "mesa") - (version "12.0.1") + (version "13.0.2") (source (origin (method url-fetch) @@ -204,7 +204,9 @@ also known as DXTn or DXTC) for Mesa.") version "/mesa-" version ".tar.xz")) (sha256 (base32 - "12b3i59xdn2in2hchrkgh4fwij8zhznibx976l3pdj3qkyvlzcms")))) + "1m8n8kd8kcs5ddyvldiw09wvpi5wwpfmmxlb87d63vgl8lk65vd6")) + (patches + (search-patches "mesa-wayland-egl-symbols-check-mips.patch")))) (build-system gnu-build-system) (propagated-inputs `(("glproto" ,glproto) @@ -227,20 +229,10 @@ also known as DXTn or DXTC) for Mesa.") ("makedepend" ,makedepend) ("presentproto" ,presentproto) ("s2tc" ,s2tc) - ("udev" ,eudev) ("wayland" ,wayland))) (native-inputs `(("pkg-config" ,pkg-config) - ("python" ,python-2) - - ;; XXX To prevent a large number of rebuilds on other systems, - ;; apply the following patch on MIPS systems only. In the next - ;; core-updates cycle, this patch could be applied on all platforms. - ,@(if (string-prefix? "mips" (or (%current-target-system) - (%current-system))) - `(("mips-patch" - ,(search-patch "mesa-wayland-egl-symbols-check-mips.patch"))) - '()))) + ("python" ,python-2))) (arguments `(#:configure-flags '(;; drop r300 from default gallium drivers, as it requires llvm @@ -267,16 +259,6 @@ also known as DXTn or DXTC) for Mesa.") '("--with-dri-drivers=nouveau,r200,radeon,swrast")))) #:phases (modify-phases %standard-phases - ;; Add an 'apply-mips-patch' phase conditionally (see above.) - ,@(if (string-prefix? "mips" (or (%current-target-system) - (%current-system))) - `((add-after 'unpack 'apply-mips-patch - (lambda* (#:key inputs #:allow-other-keys) - (let ((patch (assoc-ref inputs "mips-patch"))) - (zero? (system* "patch" "-p1" "--force" - "--input" patch)))))) - '()) - (add-after 'unpack 'patch-create_test_cases (lambda _ @@ -288,7 +270,6 @@ also known as DXTn or DXTC) for Mesa.") 'build 'fix-dlopen-libnames (lambda* (#:key inputs outputs #:allow-other-keys) (let ((s2tc (assoc-ref inputs "s2tc")) - (udev (assoc-ref inputs "udev")) (out (assoc-ref outputs "out"))) ;; Remain agnostic to .so.X.Y.Z versions while doing ;; the substitutions so we're future-safe. @@ -297,10 +278,6 @@ also known as DXTn or DXTC) for Mesa.") "src/mesa/main/texcompress_s3tc.c") (("\"libtxc_dxtn\\.so") (string-append "\"" s2tc "/lib/libtxc_dxtn.so"))) - (substitute* "src/loader/loader.c" - (("udev_handle = dlopen\\(name") - (string-append "udev_handle = dlopen(\"" - udev "/lib/libudev.so\""))) (substitute* "src/glx/dri_common.c" (("dlopen\\(\"libGL\\.so") (string-append "dlopen(\"" out "/lib/libGL.so"))) -- cgit v1.2.3 From a189ac715d9ba1e0191593edb8420f68972868f7 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Fri, 2 Dec 2016 13:07:29 +0100 Subject: gnu: bluez: Update to 5.43. * gnu/packages/linux.scm (bluez): Update to 5.43. --- gnu/packages/linux.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages') diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 2c3c9cf01b..853c92e7c6 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -2503,7 +2503,7 @@ Bluetooth audio output devices like headphones or loudspeakers.") (define-public bluez (package (name "bluez") - (version "5.40") + (version "5.43") (source (origin (method url-fetch) (uri (string-append @@ -2511,7 +2511,7 @@ Bluetooth audio output devices like headphones or loudspeakers.") version ".tar.xz")) (sha256 (base32 - "09ywk3lvgis0nbi0d5z8d4qp5r33lzwnd6bdakacmbsm420qpnns")))) + "05cdnpz0w2lwq2x5ba87q1h2wgb4lfnpbnbh6p7499hx59fw1j8n")))) (build-system gnu-build-system) (arguments '(#:configure-flags -- cgit v1.2.3 From 80b63e670ef4fe1fd40a903bcd4ee47a11415bd9 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 2 Dec 2016 03:48:03 -0500 Subject: gnu: tzdata: Update to 2016j. * gnu/packages/base.scm (tzdata): Update to 2016j. [source]: Use HTTPS URL. [home-page]: Use HTTPS URL. --- gnu/packages/base.scm | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'gnu/packages') diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index 1c01874bb0..2dd17a9ebb 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -939,15 +939,15 @@ command.") (define-public tzdata (package (name "tzdata") - (version "2016g") + (version "2016j") (source (origin (method url-fetch) (uri (string-append - "http://www.iana.org/time-zones/repository/releases/tzdata" + "https://www.iana.org/time-zones/repository/releases/tzdata" version ".tar.gz")) (sha256 (base32 - "1lgbh49bsbysibzr7imjsh1xa7pqmimphxvvwh6kncj7pjr3fw9w")))) + "1j4xycpwhs57qnkcxwh3np8wnf3km69n3cf4w6p2yv2z247lxvpm")))) (build-system gnu-build-system) (arguments '(#:tests? #f @@ -995,8 +995,8 @@ command.") version ".tar.gz")) (sha256 (base32 - "0azsz436vd65bkdkdmjgsh7zhh0whnqqfliva45191krmm3hpy8z")))))) - (home-page "http://www.iana.org/time-zones") + "1dxhrk4z0n2di8p0yd6q00pa6bwyz5xqbrfbasiz8785ni7zrvxr")))))) + (home-page "https://www.iana.org/time-zones") (synopsis "Database of current and historical time zones") (description "The Time Zone Database (often called tz or zoneinfo) contains code and data that represent the history of local time for many -- cgit v1.2.3 From 76bbce6af2baed0c2fa7dddd43ecc2ffe6482c41 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sat, 3 Dec 2016 21:39:55 +0100 Subject: gnu: mupdf: Update to 1.10a. * gnu/packages/patches/mupdf-CVE-2016-6265.patch: Delete file. * gnu/packages/patches/mupdf-CVE-2016-6525.patch: Likewise. * gnu/packages/patches/mupdf-CVE-2016-7504.patch: Likewise. * gnu/packages/patches/mupdf-CVE-2016-7505.patch: Likewise. * gnu/packages/patches/mupdf-CVE-2016-7506.patch: Likewise. * gnu/packages/patches/mupdf-CVE-2016-7563.patch: Likewise. * gnu/packages/patches/mupdf-CVE-2016-7564.patch: Likewise. * gnu/packages/patches/mupdf-CVE-2016-8674.patch: Likewise. * gnu/packages/patches/mupdf-CVE-2016-9017.patch: Likewise. * gnu/packages/patches/mupdf-CVE-2016-9136.patch: Likewise. * gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch: Adjust to 1.10a. * gnu/local.mk (dist_patch_DATA): Remove deleted patches. * gnu/packages/pdf.scm (mupdf): Update to 1.10a. [source]: Remove patches. --- gnu/local.mk | 10 -- gnu/packages/patches/mupdf-CVE-2016-6265.patch | 30 ---- gnu/packages/patches/mupdf-CVE-2016-6525.patch | 21 --- gnu/packages/patches/mupdf-CVE-2016-7504.patch | 99 ------------- gnu/packages/patches/mupdf-CVE-2016-7505.patch | 32 ---- gnu/packages/patches/mupdf-CVE-2016-7506.patch | 42 ------ gnu/packages/patches/mupdf-CVE-2016-7563.patch | 37 ----- gnu/packages/patches/mupdf-CVE-2016-7564.patch | 34 ----- gnu/packages/patches/mupdf-CVE-2016-8674.patch | 165 --------------------- gnu/packages/patches/mupdf-CVE-2016-9017.patch | 46 ------ gnu/packages/patches/mupdf-CVE-2016-9136.patch | 32 ---- .../patches/mupdf-build-with-openjpeg-2.1.patch | 9 -- gnu/packages/pdf.scm | 16 +- 13 files changed, 3 insertions(+), 570 deletions(-) delete mode 100644 gnu/packages/patches/mupdf-CVE-2016-6265.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2016-6525.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2016-7504.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2016-7505.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2016-7506.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2016-7563.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2016-7564.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2016-8674.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2016-9017.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2016-9136.patch (limited to 'gnu/packages') diff --git a/gnu/local.mk b/gnu/local.mk index c635a4792c..30f7b59f12 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -719,16 +719,6 @@ dist_patch_DATA = \ %D%/packages/patches/module-init-tools-moduledir.patch \ %D%/packages/patches/mumps-build-parallelism.patch \ %D%/packages/patches/mupdf-build-with-openjpeg-2.1.patch \ - %D%/packages/patches/mupdf-CVE-2016-6265.patch \ - %D%/packages/patches/mupdf-CVE-2016-6525.patch \ - %D%/packages/patches/mupdf-CVE-2016-7504.patch \ - %D%/packages/patches/mupdf-CVE-2016-7505.patch \ - %D%/packages/patches/mupdf-CVE-2016-7506.patch \ - %D%/packages/patches/mupdf-CVE-2016-7563.patch \ - %D%/packages/patches/mupdf-CVE-2016-7564.patch \ - %D%/packages/patches/mupdf-CVE-2016-8674.patch \ - %D%/packages/patches/mupdf-CVE-2016-9017.patch \ - %D%/packages/patches/mupdf-CVE-2016-9136.patch \ %D%/packages/patches/mupen64plus-ui-console-notice.patch \ %D%/packages/patches/musl-CVE-2016-8859.patch \ %D%/packages/patches/mutt-store-references.patch \ diff --git a/gnu/packages/patches/mupdf-CVE-2016-6265.patch b/gnu/packages/patches/mupdf-CVE-2016-6265.patch deleted file mode 100644 index 58f5c3726c..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-6265.patch +++ /dev/null @@ -1,30 +0,0 @@ -Fix CVE-2016-6265 (use after free in pdf_load_xref()). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6265 -https://security-tracker.debian.org/tracker/CVE-2016-6265 - -Patch copied from upstream source repository: - -http://git.ghostscript.com/?p=mupdf.git;h=fa1936405b6a84e5c9bb440912c23d532772f958 - -diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c -index 576c315..3222599 100644 ---- a/source/pdf/pdf-xref.c -+++ b/source/pdf/pdf-xref.c -@@ -1184,8 +1184,14 @@ pdf_load_xref(fz_context *ctx, pdf_document *doc, pdf_lexbuf *buf) - fz_throw(ctx, FZ_ERROR_GENERIC, "object offset out of range: %d (%d 0 R)", (int)entry->ofs, i); - } - if (entry->type == 'o') -- if (entry->ofs <= 0 || entry->ofs >= xref_len || pdf_get_xref_entry(ctx, doc, entry->ofs)->type != 'n') -- fz_throw(ctx, FZ_ERROR_GENERIC, "invalid reference to an objstm that does not exist: %d (%d 0 R)", (int)entry->ofs, i); -+ { -+ /* Read this into a local variable here, because pdf_get_xref_entry -+ * may solidify the xref, hence invalidating "entry", meaning we -+ * need a stashed value for the throw. */ -+ fz_off_t ofs = entry->ofs; -+ if (ofs <= 0 || ofs >= xref_len || pdf_get_xref_entry(ctx, doc, ofs)->type != 'n') -+ fz_throw(ctx, FZ_ERROR_GENERIC, "invalid reference to an objstm that does not exist: %d (%d 0 R)", (int)ofs, i); -+ } - } - } - diff --git a/gnu/packages/patches/mupdf-CVE-2016-6525.patch b/gnu/packages/patches/mupdf-CVE-2016-6525.patch deleted file mode 100644 index 370af5ade6..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-6525.patch +++ /dev/null @@ -1,21 +0,0 @@ -Fix CVE-2016-6525 (heap overflow in pdf_load_mesh_params()). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6525 -https://security-tracker.debian.org/tracker/CVE-2016-6525 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e - -diff --git a/source/pdf/pdf-shade.c b/source/pdf/pdf-shade.c -index 7815b3c..6e25efa 100644 ---- a/source/pdf/pdf-shade.c -+++ b/source/pdf/pdf-shade.c -@@ -206,7 +206,7 @@ pdf_load_mesh_params(fz_context *ctx, pdf_document *doc, fz_shade *shade, pdf_ob - obj = pdf_dict_get(ctx, dict, PDF_NAME_Decode); - if (pdf_array_len(ctx, obj) >= 6) - { -- n = (pdf_array_len(ctx, obj) - 4) / 2; -+ n = fz_mini(FZ_MAX_COLORS, (pdf_array_len(ctx, obj) - 4) / 2); - shade->u.m.x0 = pdf_to_real(ctx, pdf_array_get(ctx, obj, 0)); - shade->u.m.x1 = pdf_to_real(ctx, pdf_array_get(ctx, obj, 1)); - shade->u.m.y0 = pdf_to_real(ctx, pdf_array_get(ctx, obj, 2)); diff --git a/gnu/packages/patches/mupdf-CVE-2016-7504.patch b/gnu/packages/patches/mupdf-CVE-2016-7504.patch deleted file mode 100644 index 4bbb4411c0..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-7504.patch +++ /dev/null @@ -1,99 +0,0 @@ -Fix CVE-2016-7504: -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7504 -http://bugs.ghostscript.com/show_bug.cgi?id=697142 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=5c337af4b3df80cf967e4f9f6a21522de84b392a - -From 5c337af4b3df80cf967e4f9f6a21522de84b392a Mon Sep 17 00:00:00 2001 -From: Tor Andersson -Date: Wed, 21 Sep 2016 16:01:08 +0200 -Subject: [PATCH] Fix bug 697142: Stale string pointer stored in regexp object. - -Make sure to make a copy of the source pattern string. -A case we missed when adding short and memory strings to the runtime. -The code assumed all strings passed to it were either literal or interned. ---- - jsgc.c | 4 +++- - jsi.h | 1 + - jsregexp.c | 2 +- - jsrun.c | 8 ++++++++ - jsvalue.h | 2 +- - 5 files changed, 14 insertions(+), 3 deletions(-) - -diff --git a/jsgc.c b/jsgc.c -index 9bd6482..4f7e7dc 100644 ---- a/thirdparty/mujs/jsgc.c -+++ b/thirdparty/mujs/jsgc.c -@@ -44,8 +44,10 @@ static void jsG_freeobject(js_State *J, js_Object *obj) - { - if (obj->head) - jsG_freeproperty(J, obj->head); -- if (obj->type == JS_CREGEXP) -+ if (obj->type == JS_CREGEXP) { -+ js_free(J, obj->u.r.source); - js_regfree(obj->u.r.prog); -+ } - if (obj->type == JS_CITERATOR) - jsG_freeiterator(J, obj->u.iter.head); - if (obj->type == JS_CUSERDATA && obj->u.user.finalize) -diff --git a/jsi.h b/jsi.h -index 7d9f7c7..e855045 100644 ---- a/thirdparty/mujs/jsi.h -+++ b/thirdparty/mujs/jsi.h -@@ -79,6 +79,7 @@ typedef unsigned short js_Instruction; - - /* String interning */ - -+char *js_strdup(js_State *J, const char *s); - const char *js_intern(js_State *J, const char *s); - void jsS_dumpstrings(js_State *J); - void jsS_freestrings(js_State *J); -diff --git a/jsregexp.c b/jsregexp.c -index 2a056b7..a2d5156 100644 ---- a/thirdparty/mujs/jsregexp.c -+++ b/thirdparty/mujs/jsregexp.c -@@ -21,7 +21,7 @@ void js_newregexp(js_State *J, const char *pattern, int flags) - js_syntaxerror(J, "regular expression: %s", error); - - obj->u.r.prog = prog; -- obj->u.r.source = pattern; -+ obj->u.r.source = js_strdup(J, pattern); - obj->u.r.flags = flags; - obj->u.r.last = 0; - js_pushobject(J, obj); -diff --git a/jsrun.c b/jsrun.c -index 2648c4c..ee80845 100644 ---- a/thirdparty/mujs/jsrun.c -+++ b/thirdparty/mujs/jsrun.c -@@ -45,6 +45,14 @@ void *js_realloc(js_State *J, void *ptr, int size) - return ptr; - } - -+char *js_strdup(js_State *J, const char *s) -+{ -+ int n = strlen(s) + 1; -+ char *p = js_malloc(J, n); -+ memcpy(p, s, n); -+ return p; -+} -+ - void js_free(js_State *J, void *ptr) - { - J->alloc(J->actx, ptr, 0); -diff --git a/jsvalue.h b/jsvalue.h -index 6cfbd89..8fb5016 100644 ---- a/thirdparty/mujs/jsvalue.h -+++ b/thirdparty/mujs/jsvalue.h -@@ -71,7 +71,7 @@ struct js_String - struct js_Regexp - { - void *prog; -- const char *source; -+ char *source; - unsigned short flags; - unsigned short last; - }; --- -2.10.2 - diff --git a/gnu/packages/patches/mupdf-CVE-2016-7505.patch b/gnu/packages/patches/mupdf-CVE-2016-7505.patch deleted file mode 100644 index 15e4f374d6..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-7505.patch +++ /dev/null @@ -1,32 +0,0 @@ -Fix CVE-2016-7505: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7505 -http://bugs.ghostscript.com/show_bug.cgi?id=697140 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=8c805b4eb19cf2af689c860b77e6111d2ee439d5 - -From 8c805b4eb19cf2af689c860b77e6111d2ee439d5 Mon Sep 17 00:00:00 2001 -From: Tor Andersson -Date: Wed, 21 Sep 2016 15:21:04 +0200 -Subject: [PATCH] Fix bug 697140: Overflow check in ascii division in strtod. - ---- - jsdtoa.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/jsdtoa.c b/jsdtoa.c -index 2e52368..920c1a7 100644 ---- a/thirdparty/mujs/jsdtoa.c -+++ b/thirdparty/mujs/jsdtoa.c -@@ -735,6 +735,7 @@ xx: - n -= c<= Ndig) break; /* abort if overflowing */ - } - *p = 0; - } --- -2.10.2 - diff --git a/gnu/packages/patches/mupdf-CVE-2016-7506.patch b/gnu/packages/patches/mupdf-CVE-2016-7506.patch deleted file mode 100644 index 733249acaa..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-7506.patch +++ /dev/null @@ -1,42 +0,0 @@ -Fix CVE-2016-7506: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7506 -http://bugs.ghostscript.com/show_bug.cgi?id=697141 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=5000749f5afe3b956fc916e407309de840997f4a - -From 5000749f5afe3b956fc916e407309de840997f4a Mon Sep 17 00:00:00 2001 -From: Tor Andersson -Date: Wed, 21 Sep 2016 16:02:11 +0200 -Subject: [PATCH] Fix bug 697141: buffer overrun in regexp string substitution. - -A '$' escape at the end of the string would read past the zero terminator -when looking for the escaped character. ---- - jsstring.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/jsstring.c b/jsstring.c -index 66f6a89..0209a8e 100644 ---- a/thirdparty/mujs/jsstring.c -+++ b/thirdparty/mujs/jsstring.c -@@ -421,6 +421,7 @@ loop: - while (*r) { - if (*r == '$') { - switch (*(++r)) { -+ case 0: --r; /* end of string; back up and fall through */ - case '$': js_putc(J, &sb, '$'); break; - case '`': js_putm(J, &sb, source, s); break; - case '\'': js_puts(J, &sb, s + n); break; -@@ -516,6 +517,7 @@ static void Sp_replace_string(js_State *J) - while (*r) { - if (*r == '$') { - switch (*(++r)) { -+ case 0: --r; /* end of string; back up and fall through */ - case '$': js_putc(J, &sb, '$'); break; - case '&': js_putm(J, &sb, s, s + n); break; - case '`': js_putm(J, &sb, source, s); break; --- -2.10.2 - diff --git a/gnu/packages/patches/mupdf-CVE-2016-7563.patch b/gnu/packages/patches/mupdf-CVE-2016-7563.patch deleted file mode 100644 index 288c9ab2df..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-7563.patch +++ /dev/null @@ -1,37 +0,0 @@ -Fix CVE-2016-7563: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7563 -http://bugs.ghostscript.com/show_bug.cgi?id=697136 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=f8234d830e17fc5e8fe09eb76d86dad3f6233c59 - -From f8234d830e17fc5e8fe09eb76d86dad3f6233c59 Mon Sep 17 00:00:00 2001 -From: Tor Andersson -Date: Tue, 20 Sep 2016 17:11:32 +0200 -Subject: [PATCH] Fix bug 697136. - -We were unconditionally reading the next character if we encountered -a '*' in a multi-line comment; possibly reading past the end of -the input. ---- - jslex.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/jslex.c b/jslex.c -index 7b80800..cbd0eeb 100644 ---- a/thirdparty/mujs/jslex.c -+++ b/thirdparty/mujs/jslex.c -@@ -225,7 +225,8 @@ static int lexcomment(js_State *J) - if (jsY_accept(J, '/')) - return 0; - } -- jsY_next(J); -+ else -+ jsY_next(J); - } - return -1; - } --- -2.10.2 - diff --git a/gnu/packages/patches/mupdf-CVE-2016-7564.patch b/gnu/packages/patches/mupdf-CVE-2016-7564.patch deleted file mode 100644 index c2ce33d1df..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-7564.patch +++ /dev/null @@ -1,34 +0,0 @@ -Fix CVE-2016-7564: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7564 -http://bugs.ghostscript.com/show_bug.cgi?id=697137 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=a3a4fe840b80706c706e86160352af5936f292d8 - -From a3a4fe840b80706c706e86160352af5936f292d8 Mon Sep 17 00:00:00 2001 -From: Tor Andersson -Date: Tue, 20 Sep 2016 17:19:06 +0200 -Subject: [PATCH] Fix bug 697137: off by one in string length calculation. - -We were not allocating space for the terminating zero byte. ---- - jsfunction.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/jsfunction.c b/jsfunction.c -index 8b5b18e..28f7aa7 100644 ---- a/thirdparty/mujs/jsfunction.c -+++ b/thirdparty/mujs/jsfunction.c -@@ -61,7 +61,7 @@ static void Fp_toString(js_State *J) - n += strlen(F->name); - for (i = 0; i < F->numparams; ++i) - n += strlen(F->vartab[i]) + 1; -- s = js_malloc(J, n); -+ s = js_malloc(J, n + 1); - strcpy(s, "function "); - strcat(s, F->name); - strcat(s, "("); --- -2.10.2 - diff --git a/gnu/packages/patches/mupdf-CVE-2016-8674.patch b/gnu/packages/patches/mupdf-CVE-2016-8674.patch deleted file mode 100644 index 2a35619761..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-8674.patch +++ /dev/null @@ -1,165 +0,0 @@ -Fix CVE-2016-8674 (use-after-free in pdf_to_num()). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8674 -https://security-tracker.debian.org/tracker/CVE-2016-8674 - -Patch adapted from upstream source repository: -http://git.ghostscript.com/?p=mupdf.git;h=1e03c06456d997435019fb3526fa2d4be7dbc6ec - -diff --git a/include/mupdf/pdf/document.h b/include/mupdf/pdf/document.h -index f8ef0cd..e8345b7 100644 ---- a/include/mupdf/pdf/document.h -+++ b/include/mupdf/pdf/document.h -@@ -258,6 +258,10 @@ struct pdf_document_s - fz_font **type3_fonts; - - pdf_resource_tables *resources; -+ -+ int orphans_max; -+ int orphans_count; -+ pdf_obj **orphans; - }; - - /* -diff --git a/include/mupdf/pdf/object.h b/include/mupdf/pdf/object.h -index 346a2f1..02d4119 100644 ---- a/include/mupdf/pdf/object.h -+++ b/include/mupdf/pdf/object.h -@@ -109,6 +109,7 @@ pdf_obj *pdf_dict_gets(fz_context *ctx, pdf_obj *dict, const char *key); - pdf_obj *pdf_dict_getsa(fz_context *ctx, pdf_obj *dict, const char *key, const char *abbrev); - void pdf_dict_put(fz_context *ctx, pdf_obj *dict, pdf_obj *key, pdf_obj *val); - void pdf_dict_put_drop(fz_context *ctx, pdf_obj *dict, pdf_obj *key, pdf_obj *val); -+void pdf_dict_get_put_drop(fz_context *ctx, pdf_obj *dict, pdf_obj *key, pdf_obj *val, pdf_obj **old_val); - void pdf_dict_puts(fz_context *ctx, pdf_obj *dict, const char *key, pdf_obj *val); - void pdf_dict_puts_drop(fz_context *ctx, pdf_obj *dict, const char *key, pdf_obj *val); - void pdf_dict_putp(fz_context *ctx, pdf_obj *dict, const char *path, pdf_obj *val); -diff --git a/source/pdf/pdf-object.c b/source/pdf/pdf-object.c -index f2e4551..a0d0d8e 100644 ---- a/source/pdf/pdf-object.c -+++ b/source/pdf/pdf-object.c -@@ -1240,9 +1240,13 @@ pdf_dict_geta(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *abbrev) - return pdf_dict_get(ctx, obj, abbrev); - } - --void --pdf_dict_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val) -+static void -+pdf_dict_get_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val, pdf_obj **old_val) - { -+ -+ if (old_val) -+ *old_val = NULL; -+ - RESOLVE(obj); - if (obj >= PDF_OBJ__LIMIT) - { -@@ -1282,7 +1286,10 @@ pdf_dict_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val) - { - pdf_obj *d = DICT(obj)->items[i].v; - DICT(obj)->items[i].v = pdf_keep_obj(ctx, val); -- pdf_drop_obj(ctx, d); -+ if (old_val) -+ *old_val = d; -+ else -+ pdf_drop_obj(ctx, d); - } - } - else -@@ -1305,10 +1312,27 @@ pdf_dict_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val) - } - - void -+pdf_dict_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val) -+{ -+ pdf_dict_get_put(ctx, obj, key, val, NULL); -+} -+ -+void - pdf_dict_put_drop(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val) - { - fz_try(ctx) -- pdf_dict_put(ctx, obj, key, val); -+ pdf_dict_get_put(ctx, obj, key, val, NULL); -+ fz_always(ctx) -+ pdf_drop_obj(ctx, val); -+ fz_catch(ctx) -+ fz_rethrow(ctx); -+} -+ -+void -+pdf_dict_get_put_drop(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val, pdf_obj **old_val) -+{ -+ fz_try(ctx) -+ pdf_dict_get_put(ctx, obj, key, val, old_val); - fz_always(ctx) - pdf_drop_obj(ctx, val); - fz_catch(ctx) -diff --git a/source/pdf/pdf-repair.c b/source/pdf/pdf-repair.c -index fdd4648..212c8b7 100644 ---- a/source/pdf/pdf-repair.c -+++ b/source/pdf/pdf-repair.c -@@ -259,6 +259,27 @@ pdf_repair_obj_stm(fz_context *ctx, pdf_document *doc, int num, int gen) - } - } - -+static void -+orphan_object(fz_context *ctx, pdf_document *doc, pdf_obj *obj) -+{ -+ if (doc->orphans_count == doc->orphans_max) -+ { -+ int new_max = (doc->orphans_max ? doc->orphans_max*2 : 32); -+ -+ fz_try(ctx) -+ { -+ doc->orphans = fz_resize_array(ctx, doc->orphans, new_max, sizeof(*doc->orphans)); -+ doc->orphans_max = new_max; -+ } -+ fz_catch(ctx) -+ { -+ pdf_drop_obj(ctx, obj); -+ fz_rethrow(ctx); -+ } -+ } -+ doc->orphans[doc->orphans_count++] = obj; -+} -+ - void - pdf_repair_xref(fz_context *ctx, pdf_document *doc) - { -@@ -520,12 +541,13 @@ pdf_repair_xref(fz_context *ctx, pdf_document *doc) - /* correct stream length for unencrypted documents */ - if (!encrypt && list[i].stm_len >= 0) - { -+ pdf_obj *old_obj = NULL; - dict = pdf_load_object(ctx, doc, list[i].num, list[i].gen); - - length = pdf_new_int(ctx, doc, list[i].stm_len); -- pdf_dict_put(ctx, dict, PDF_NAME_Length, length); -- pdf_drop_obj(ctx, length); -- -+ pdf_dict_get_put_drop(ctx, dict, PDF_NAME_Length, length, &old_obj); -+ if (old_obj) -+ orphan_object(ctx, doc, old_obj); - pdf_drop_obj(ctx, dict); - } - } -diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c -index 3de1cd2..6682741 100644 ---- a/source/pdf/pdf-xref.c -+++ b/source/pdf/pdf-xref.c -@@ -1626,6 +1626,12 @@ pdf_close_document(fz_context *ctx, pdf_document *doc) - - pdf_drop_resource_tables(ctx, doc); - -+ for (i = 0; i < doc->orphans_count; i++) -+ { -+ pdf_drop_obj(ctx, doc->orphans[i]); -+ } -+ fz_free(ctx, doc->orphans); -+ - fz_free(ctx, doc); - } - --- -2.10.1 - diff --git a/gnu/packages/patches/mupdf-CVE-2016-9017.patch b/gnu/packages/patches/mupdf-CVE-2016-9017.patch deleted file mode 100644 index 1e2b7c3258..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-9017.patch +++ /dev/null @@ -1,46 +0,0 @@ -Fix CVE-2016-9017: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9107 -http://bugs.ghostscript.com/show_bug.cgi?id=697171 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=a5c747f1d40e8d6659a37a8d25f13fb5acf8e767 - -From a5c747f1d40e8d6659a37a8d25f13fb5acf8e767 Mon Sep 17 00:00:00 2001 -From: Tor Andersson -Date: Tue, 25 Oct 2016 14:08:27 +0200 -Subject: [PATCH] Fix 697171: missed an operand in the bytecode debugger dump. - ---- - jscompile.h | 2 +- - jsdump.c | 1 + - 2 files changed, 2 insertions(+), 1 deletion(-) - -diff --git a/jscompile.h b/jscompile.h -index 802cc9e..3054d13 100644 ---- a/thirdparty/mujs/jscompile.h -+++ b/thirdparty/mujs/jscompile.h -@@ -21,7 +21,7 @@ enum js_OpCode - - OP_NEWARRAY, - OP_NEWOBJECT, -- OP_NEWREGEXP, -+ OP_NEWREGEXP, /* -S,opts- */ - - OP_UNDEF, - OP_NULL, -diff --git a/jsdump.c b/jsdump.c -index 1c51c29..37ad88c 100644 ---- a/thirdparty/mujs/jsdump.c -+++ b/thirdparty/mujs/jsdump.c -@@ -750,6 +750,7 @@ void jsC_dumpfunction(js_State *J, js_Function *F) - case OP_INITVAR: - case OP_DEFVAR: - case OP_GETVAR: -+ case OP_HASVAR: - case OP_SETVAR: - case OP_DELVAR: - case OP_GETPROP_S: --- -2.10.2 - diff --git a/gnu/packages/patches/mupdf-CVE-2016-9136.patch b/gnu/packages/patches/mupdf-CVE-2016-9136.patch deleted file mode 100644 index 1f68839a52..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2016-9136.patch +++ /dev/null @@ -1,32 +0,0 @@ -Fix CVE-2016-9136: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9136 -http://bugs.ghostscript.com/show_bug.cgi?id=697244 - -Patch copied from upstream source repository: -http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=a0ceaf5050faf419401fe1b83acfa950ec8a8a89 -From a0ceaf5050faf419401fe1b83acfa950ec8a8a89 Mon Sep 17 00:00:00 2001 -From: Tor Andersson -Date: Mon, 31 Oct 2016 13:05:37 +0100 -Subject: [PATCH] Fix 697244: Check for incomplete escape sequence at end of - input. - ---- - jslex.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/jslex.c b/jslex.c -index cbd0eeb..aaafdac 100644 ---- a/thirdparty/mujs/jslex.c -+++ b/thirdparty/mujs/jslex.c -@@ -377,6 +377,7 @@ static int lexescape(js_State *J) - return 0; - - switch (J->lexchar) { -+ case 0: jsY_error(J, "unterminated escape sequence"); - case 'u': - jsY_next(J); - if (!jsY_ishex(J->lexchar)) return 1; else { x |= jsY_tohex(J->lexchar) << 12; jsY_next(J); } --- -2.10.2 - diff --git a/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch b/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch index cd8136b701..d97c1cb348 100644 --- a/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch +++ b/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch @@ -27,12 +27,3 @@ index 6b92e5c..72dea50 100644 #include static void fz_opj_error_callback(const char *msg, void *client_data) -@@ -117,7 +109,7 @@ fz_load_jpx(fz_context *ctx, unsigned char *data, int size, fz_colorspace *defcs - opj_stream_set_read_function(stream, fz_opj_stream_read); - opj_stream_set_skip_function(stream, fz_opj_stream_skip); - opj_stream_set_seek_function(stream, fz_opj_stream_seek); -- opj_stream_set_user_data(stream, &sb); -+ opj_stream_set_user_data(stream, &sb, NULL); - /* Set the length to avoid an assert */ - opj_stream_set_user_data_length(stream, size); - diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index d491642e49..3f329c5426 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -479,7 +479,7 @@ extracting content or merging files.") (define-public mupdf (package (name "mupdf") - (version "1.9a") + (version "1.10a") (source (origin (method url-fetch) @@ -487,18 +487,8 @@ extracting content or merging files.") name "-" version "-source.tar.gz")) (sha256 (base32 - "1k64pdapyj8a336jw3j61fhn0rp4q6az7d0dqp9r5n3d9rgwa5c0")) - (patches (search-patches "mupdf-build-with-openjpeg-2.1.patch" - "mupdf-CVE-2016-6265.patch" - "mupdf-CVE-2016-6525.patch" - "mupdf-CVE-2016-7504.patch" - "mupdf-CVE-2016-7505.patch" - "mupdf-CVE-2016-7506.patch" - "mupdf-CVE-2016-7563.patch" - "mupdf-CVE-2016-7564.patch" - "mupdf-CVE-2016-8674.patch" - "mupdf-CVE-2016-9017.patch" - "mupdf-CVE-2016-9136.patch")) + "0dm8wcs8i29aibzkqkrn8kcnk4q0kd1v66pg48h5c3qqp4v1zk5a")) + (patches (search-patches "mupdf-build-with-openjpeg-2.1.patch")) (modules '((guix build utils))) (snippet ;; Delete all the bundled libraries except for mujs, which is -- cgit v1.2.3 From d99ee3d923b822828394167b51a1178ec0996a27 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Fri, 9 Dec 2016 15:39:13 +0100 Subject: gnu: ruby-sdoc: Really relax minitest version requirement. * gnu/packages/ruby.scm (ruby-sdoc)[arguments]: Adjust pattern in 'relax-minitest-requirement'. --- gnu/packages/ruby.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'gnu/packages') diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm index 6471f2ff45..c57b09ec2d 100644 --- a/gnu/packages/ruby.scm +++ b/gnu/packages/ruby.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2014, 2015 Pjotr Prins -;;; Copyright © 2014, 2015 Ludovic Courtès +;;; Copyright © 2014, 2015, 2016 Ludovic Courtès ;;; Copyright © 2014, 2015 Mark H Weaver ;;; Copyright © 2014, 2015 David Thompson ;;; Copyright © 2015 Ricardo Wurmus @@ -2215,8 +2215,8 @@ current line in an external editor.") (add-after 'build 'relax-minitest-requirement (lambda _ (substitute* "sdoc.gemspec" - ((", \\[\"~> 4\\.0\"\\]") - ", [\">= 4.0\"]")) + (("\\.freeze, \\[\"~> 4\\.0\"\\]") + ".freeze, [\">= 4.0\"]")) #t))))) (propagated-inputs `(("ruby-json" ,ruby-json))) -- cgit v1.2.3 From 13b5f44b475aa385d580f7e19b907210bc1d6d99 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Fri, 9 Dec 2016 18:09:43 +0100 Subject: gnu: libepoxy: Add patch to avoid segfault when GL support is missing. * gnu/packages/patches/libepoxy-gl-null-checks.patch: New file. * gnu/packages/gl.scm (libepoxy)[source]: Add it. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/gl.scm | 3 +- gnu/packages/patches/libepoxy-gl-null-checks.patch | 54 ++++++++++++++++++++++ 3 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/libepoxy-gl-null-checks.patch (limited to 'gnu/packages') diff --git a/gnu/local.mk b/gnu/local.mk index 30f7b59f12..9b78e0a742 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -656,6 +656,7 @@ dist_patch_DATA = \ %D%/packages/patches/libcanberra-sound-theme-freedesktop.patch \ %D%/packages/patches/libcmis-fix-test-onedrive.patch \ %D%/packages/patches/libdrm-symbol-check.patch \ + %D%/packages/patches/libepoxy-gl-null-checks.patch \ %D%/packages/patches/libevent-dns-tests.patch \ %D%/packages/patches/libextractor-ffmpeg-3.patch \ %D%/packages/patches/libjxr-fix-function-signature.patch \ diff --git a/gnu/packages/gl.scm b/gnu/packages/gl.scm index 18d5d8166a..0e9b5ddb5f 100644 --- a/gnu/packages/gl.scm +++ b/gnu/packages/gl.scm @@ -462,7 +462,8 @@ OpenGL graphics API.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "1d1brhwfmlzgnphmdwlvn5wbcrxsdyzf1qfcf8nb89xqzznxs037")))) + "1d1brhwfmlzgnphmdwlvn5wbcrxsdyzf1qfcf8nb89xqzznxs037")) + (patches (search-patches "libepoxy-gl-null-checks.patch")))) (arguments `(#:phases (modify-phases %standard-phases diff --git a/gnu/packages/patches/libepoxy-gl-null-checks.patch b/gnu/packages/patches/libepoxy-gl-null-checks.patch new file mode 100644 index 0000000000..bdc4b05989 --- /dev/null +++ b/gnu/packages/patches/libepoxy-gl-null-checks.patch @@ -0,0 +1,54 @@ +This patch from adds NULL +checks to avoid crashes when GL support is missing, as is the case when running +Xvfb. + +Upstream issue: . + +diff -ur libepoxy-1.3.1/src/dispatch_common.c libepoxy-1.3.1/src/dispatch_common.c +--- libepoxy-1.3.1/src/dispatch_common.c 2015-07-15 19:46:36.000000000 -0400 ++++ libepoxy-1.3.1/src/dispatch_common.c 2016-11-16 09:03:52.809066247 -0500 +@@ -348,6 +348,8 @@ + epoxy_extension_in_string(const char *extension_list, const char *ext) + { + const char *ptr = extension_list; ++ if (! ptr) return false; ++ if (! ext) return false; + int len = strlen(ext); + + /* Make sure that don't just find an extension with our name as a prefix. */ +@@ -380,6 +382,7 @@ + + for (i = 0; i < num_extensions; i++) { + const char *gl_ext = (const char *)glGetStringi(GL_EXTENSIONS, i); ++ if (! gl_ext) return false; + if (strcmp(ext, gl_ext) == 0) + return true; + } +diff -ur libepoxy-1.3.1/src/dispatch_egl.c libepoxy-1.3.1/src/dispatch_egl.c +--- libepoxy-1.3.1/src/dispatch_egl.c 2015-07-15 19:46:36.000000000 -0400 ++++ libepoxy-1.3.1/src/dispatch_egl.c 2016-11-16 08:40:34.069358709 -0500 +@@ -46,6 +46,7 @@ + int ret; + + version_string = eglQueryString(dpy, EGL_VERSION); ++ if (! version_string) return 0; + ret = sscanf(version_string, "%d.%d", &major, &minor); + assert(ret == 2); + return major * 10 + minor; +diff -ur libepoxy-1.3.1/src/dispatch_glx.c libepoxy-1.3.1/src/dispatch_glx.c +--- libepoxy-1.3.1/src/dispatch_glx.c 2015-07-15 19:46:36.000000000 -0400 ++++ libepoxy-1.3.1/src/dispatch_glx.c 2016-11-16 08:41:03.065730370 -0500 +@@ -57,11 +57,13 @@ + int ret; + + version_string = glXQueryServerString(dpy, screen, GLX_VERSION); ++ if (! version_string) return 0; + ret = sscanf(version_string, "%d.%d", &server_major, &server_minor); + assert(ret == 2); + server = server_major * 10 + server_minor; + + version_string = glXGetClientString(dpy, GLX_VERSION); ++ if (! version_string) return 0; + ret = sscanf(version_string, "%d.%d", &client_major, &client_minor); + assert(ret == 2); + client = client_major * 10 + client_minor; -- cgit v1.2.3 From 71596c3ce66ef9269c21d85f815e2f473ab6c7a1 Mon Sep 17 00:00:00 2001 From: Ben Woodcroft Date: Sat, 10 Dec 2016 07:40:47 +1000 Subject: gnu: Adjust gemspec modifications for ruby-2.3.2. * gnu/packages/ruby.scm (ruby-mocha)[arguments]: Adjust 'substitute*' of gemspec. (ruby-domain-name)[arguments]: Likewise. --- gnu/packages/ruby.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'gnu/packages') diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm index 276aa5bba8..eb554c4d2f 100644 --- a/gnu/packages/ruby.scm +++ b/gnu/packages/ruby.scm @@ -1426,8 +1426,8 @@ conversion to (X)HTML.") (add-before 'check 'use-latest-redcarpet (lambda _ (substitute* "mocha.gemspec" - ((", \\[\"~> 1\"\\]") - ", [\">= 3\"]")) + ((".freeze, \\[\"~> 1\"\\]") + ".freeze, [\">= 3\"]")) #t)) (add-before 'check 'hardcode-version (lambda _ @@ -3493,7 +3493,7 @@ support to both Ruby and JRuby. It uses @code{unf_ext} on CRuby and "Bundler::GemHelper.gemspec.version")) ;; Loosen unnecessarily strict test-unit version specification. (substitute* "domain_name.gemspec" - ((", \\[\\\"~> 2.5.5") ", [\">0")) + ((".freeze, \\[\\\"~> 2.5.5") ", [\">0")) #t))))) (propagated-inputs `(("ruby-unf" ,ruby-unf))) -- cgit v1.2.3 From fdf3a68d9e95ed1b70cc9751b9a2ce26babfce33 Mon Sep 17 00:00:00 2001 From: Ben Woodcroft Date: Fri, 9 Dec 2016 19:27:12 +1000 Subject: gnu: ruby-sdoc: Update to 0.4.2. * gnu/packages/ruby.scm (ruby-sdoc): Update to 0.4.2. [arguments]: Remove 'relax-minitest-requirement' phase, Add 'set-rubylib' phase. [native-inputs]: Add ruby-hoe. --- gnu/packages/ruby.scm | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'gnu/packages') diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm index eb554c4d2f..c87f8b309f 100644 --- a/gnu/packages/ruby.scm +++ b/gnu/packages/ruby.scm @@ -2204,28 +2204,27 @@ current line in an external editor.") (define-public ruby-sdoc (package (name "ruby-sdoc") - (version "0.4.1") + (version "0.4.2") (source (origin (method url-fetch) (uri (rubygems-uri "sdoc" version)) (sha256 (base32 - "16xyfair1j4irfkd6sxvmdcak957z71lwkvhglrznfpkalfnqyqp")))) + "0qhvy10vnmrqcgh8494m13kd5ag9c3sczzhfasv8j0294ylk679n")))) (build-system ruby-build-system) (arguments `(#:phases (modify-phases %standard-phases - (add-after 'build 'relax-minitest-requirement + (add-before 'check 'set-rubylib (lambda _ - (substitute* "sdoc.gemspec" - (("\\.freeze, \\[\"~> 4\\.0\"\\]") - ".freeze, [\">= 4.0\"]")) + (setenv "RUBYLIB" "lib") #t))))) (propagated-inputs `(("ruby-json" ,ruby-json))) (native-inputs `(("bundler" ,bundler) - ("ruby-minitest" ,ruby-minitest))) + ("ruby-minitest" ,ruby-minitest) + ("ruby-hoe" ,ruby-hoe))) (synopsis "Generate searchable RDoc documentation") (description "SDoc is an RDoc documentation generator to build searchable HTML -- cgit v1.2.3 From 72c0b687800a617b891565f5a85bb06c1e1ba015 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Sat, 10 Dec 2016 00:10:30 +0100 Subject: gnu: libsoup: Update to 2.56.0. * gnu/packages/gnome.scm (libsoup): Update to 2.56.0. --- gnu/packages/gnome.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages') diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index fe38b841ee..1762381cf0 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -2140,7 +2140,7 @@ libxml to ease remote use of the RESTful API.") (define-public libsoup (package (name "libsoup") - (version "2.54.1") + (version "2.56.0") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/libsoup/" @@ -2148,7 +2148,7 @@ libxml to ease remote use of the RESTful API.") name "-" version ".tar.xz")) (sha256 (base32 - "0cyn5pq4xl1gb8413h2p4d5wrn558dc054zhwmk4swrl40ijrd27")))) + "1r8zz270qdg92gbsvy61d51y1cj7hp059h2f4xpvqiw2vrqnn8fq")))) (build-system gnu-build-system) (outputs '("out" "doc")) (arguments -- cgit v1.2.3