diff options
Diffstat (limited to 'gnu/packages/patches')
37 files changed, 1068 insertions, 1802 deletions
diff --git a/gnu/packages/patches/binutils-mips-bash-bug.patch b/gnu/packages/patches/binutils-mips-bash-bug.patch deleted file mode 100644 index 08d3a79749..0000000000 --- a/gnu/packages/patches/binutils-mips-bash-bug.patch +++ /dev/null @@ -1,22 +0,0 @@ -Bash 4.2.0(1)-release, which we use during bootstrap, does not yield the -"x" case in: - - case x"$EMULATION_NAME" in x) ;; *) ;; esac - -when 'EMULATION_NAME' is undefined. Bash 4.3.30(1)-release doesn't have this -problem. Work around it. - -This Bash bug was fixed -in <http://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-007>. - ---- a/ld/emulparams/elf32bmipn32-defs.sh -+++ b/ld/emulparams/elf32bmipn32-defs.sh -@@ -13,7 +13,7 @@ LITTLE_OUTPUT_FORMAT="elf32-littlemips" - TEMPLATE_NAME=elf32 - EXTRA_EM_FILE=mipself - --case x"$EMULATION_NAME" in -+case "x$EMULATION_NAME" in - xelf32*n32*) ELFSIZE=32 ;; - xelf64*) ELFSIZE=64 ;; - x) ;; diff --git a/gnu/packages/patches/coreutils-cut-huge-range-test.patch b/gnu/packages/patches/coreutils-cut-huge-range-test.patch index 0be2cef2b8..e3a0ef28eb 100644 --- a/gnu/packages/patches/coreutils-cut-huge-range-test.patch +++ b/gnu/packages/patches/coreutils-cut-huge-range-test.patch @@ -1,22 +1,33 @@ This patch fixes 100% reproducible test failures on arm-linux-gnueabihf in our -the build environment chroot, as reported at <https://bugs.gnu.org/26253>. -It is a followup to this upstream patch: +the build environment chroot, as reported at <https://bugs.gnu.org/26253>, +and now on x86_64-linux-gnu as well. It is a variant of this upstream patch: - commit 28803c8a3144d5d4363cdbd148bbe067af1a67c2 - Author: Pádraig Brady <P@draigBrady.com> - Date: Fri Mar 3 00:25:54 2017 -0800 + commit f5422009389678680dba9ff4ecb7d33632ee3383 + Author: Ludovic Courtès <ludo@gnu.org> + Date: Mon Mar 27 20:34:39 2017 -0700 - tests: avoid a spurious failure on older debian + tests: avoid false ulimit failure on some systems + + * tests/misc/cut-huge-range.sh: On some systems returns_ may + use more memory, so incorporate that in the determination + of the ulimit value to use. Noticed on ARMv7 with bash-4.4.12, + and x86_64 with bash-4.2.37. + Fixes http://bugs.gnu.org/26253 ... which appeared to be insufficient. +diff --git a/tests/misc/cut-huge-range.sh b/tests/misc/cut-huge-range.sh +index 6b3c5b6ed..55b7b640e 100755 --- a/tests/misc/cut-huge-range.sh +++ b/tests/misc/cut-huge-range.sh -@@ -22,6 +22,7 @@ getlimits_ +@@ -20,9 +20,9 @@ + print_ver_ cut + getlimits_ - vm=$(get_min_ulimit_v_ cut -b1 /dev/null) \ +-vm=$(get_min_ulimit_v_ cut -b1 /dev/null) \ ++vm=$(get_min_ulimit_v_ sh -c 'cut -b1 /dev/null') \ || skip_ "this shell lacks ulimit support" -+vm=$(($vm + $(getconf PAGESIZE))) # avoid spurious failures + vm=$(($vm + 1000)) # avoid spurious failures # sed script to subtract one from the input. # Each input line should consist of a positive decimal number. diff --git a/gnu/packages/patches/coreutils-fix-cross-compilation.patch b/gnu/packages/patches/coreutils-fix-cross-compilation.patch deleted file mode 100644 index 3f0d35c33e..0000000000 --- a/gnu/packages/patches/coreutils-fix-cross-compilation.patch +++ /dev/null @@ -1,15 +0,0 @@ -Coreutils fails to cross compile for other platforms because cu_install_program -is not being evaluated properly. This patch fixes it. -See <https://lists.gnu.org/archive/html/coreutils/2017-01/msg00039.html> ---- a/Makefile.in -+++ b/Makefile.in -@@ -5023,7 +5023,7 @@ pr = progs-readme - @CROSS_COMPILING_FALSE@cu_install_program = src/ginstall - - # Use the just-built 'ginstall', when not cross-compiling. --@CROSS_COMPILING_TRUE@cu_install_program = @INSTALL_PROGRAM@ -+@CROSS_COMPILING_TRUE@cu_install_program := @INSTALL@ - info_TEXINFOS = doc/coreutils.texi - doc_coreutils_TEXINFOS = \ - doc/perm.texi \ - diff --git a/gnu/packages/patches/findutils-gnulib-multi-core.patch b/gnu/packages/patches/findutils-gnulib-multi-core.patch new file mode 100644 index 0000000000..5a37f4f1f9 --- /dev/null +++ b/gnu/packages/patches/findutils-gnulib-multi-core.patch @@ -0,0 +1,294 @@ +This patch fixes performance problems on multi-core machines +as reported at <https://bugs.gnu.org/26441>. + +See commit 480d374e596a0ee3fed168ab42cd84c313ad3c89 in Gnulib +by Bruno Haible <bruno@clisp.org>. + +diff --git a/tests/test-lock.c b/tests/test-lock.c +index a992f64..fb18dee 100644 +--- a/tests/test-lock.c ++++ b/tests/test-lock.c +@@ -1,5 +1,5 @@ + /* Test of locking in multithreaded situations. +- Copyright (C) 2005, 2008-2015 Free Software Foundation, Inc. ++ Copyright (C) 2005, 2008-2017 Free Software Foundation, Inc. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +@@ -50,6 +50,28 @@ + Uncomment this to see if the operating system has a fair scheduler. */ + #define EXPLICIT_YIELD 1 + ++/* Whether to use 'volatile' on some variables that communicate information ++ between threads. If set to 0, a semaphore or a lock is used to protect ++ these variables. If set to 1, 'volatile' is used; this is theoretically ++ equivalent but can lead to much slower execution (e.g. 30x slower total ++ run time on a 40-core machine), because 'volatile' does not imply any ++ synchronization/communication between different CPUs. */ ++#define USE_VOLATILE 0 ++ ++#if USE_POSIX_THREADS && HAVE_SEMAPHORE_H ++/* Whether to use a semaphore to communicate information between threads. ++ If set to 0, a lock is used. If set to 1, a semaphore is used. ++ Uncomment this to reduce the dependencies of this test. */ ++# define USE_SEMAPHORE 1 ++/* Mac OS X provides only named semaphores (sem_open); its facility for ++ unnamed semaphores (sem_init) does not work. */ ++# if defined __APPLE__ && defined __MACH__ ++# define USE_NAMED_SEMAPHORE 1 ++# else ++# define USE_UNNAMED_SEMAPHORE 1 ++# endif ++#endif ++ + /* Whether to print debugging messages. */ + #define ENABLE_DEBUGGING 0 + +@@ -90,6 +112,12 @@ + + #include "glthread/thread.h" + #include "glthread/yield.h" ++#if USE_SEMAPHORE ++# include <errno.h> ++# include <fcntl.h> ++# include <semaphore.h> ++# include <unistd.h> ++#endif + + #if ENABLE_DEBUGGING + # define dbgprintf printf +@@ -103,6 +131,132 @@ + # define yield() + #endif + ++#if USE_VOLATILE ++struct atomic_int { ++ volatile int value; ++}; ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++} ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ return ai->value; ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ ai->value = new_value; ++} ++#elif USE_SEMAPHORE ++/* This atomic_int implementation can only support the values 0 and 1. ++ It is initially 0 and can be set to 1 only once. */ ++# if USE_UNNAMED_SEMAPHORE ++struct atomic_int { ++ sem_t semaphore; ++}; ++#define atomic_int_semaphore(ai) (&(ai)->semaphore) ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++ sem_init (&ai->semaphore, 0, 0); ++} ++# endif ++# if USE_NAMED_SEMAPHORE ++struct atomic_int { ++ sem_t *semaphore; ++}; ++#define atomic_int_semaphore(ai) ((ai)->semaphore) ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++ sem_t *s; ++ unsigned int count; ++ for (count = 0; ; count++) ++ { ++ char name[80]; ++ /* Use getpid() in the name, so that different processes running at the ++ same time will not interfere. Use ai in the name, so that different ++ atomic_int in the same process will not interfere. Use a count in ++ the name, so that even in the (unlikely) case that a semaphore with ++ the specified name already exists, we can try a different name. */ ++ sprintf (name, "test-lock-%lu-%p-%u", ++ (unsigned long) getpid (), ai, count); ++ s = sem_open (name, O_CREAT | O_EXCL, 0600, 0); ++ if (s == SEM_FAILED) ++ { ++ if (errno == EEXIST) ++ /* Retry with a different name. */ ++ continue; ++ else ++ { ++ perror ("sem_open failed"); ++ abort (); ++ } ++ } ++ else ++ { ++ /* Try not to leave a semaphore hanging around on the file system ++ eternally, if we can avoid it. */ ++ sem_unlink (name); ++ break; ++ } ++ } ++ ai->semaphore = s; ++} ++# endif ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ if (sem_trywait (atomic_int_semaphore (ai)) == 0) ++ { ++ if (sem_post (atomic_int_semaphore (ai))) ++ abort (); ++ return 1; ++ } ++ else if (errno == EAGAIN) ++ return 0; ++ else ++ abort (); ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ if (new_value == 0) ++ /* It's already initialized with 0. */ ++ return; ++ /* To set the value 1: */ ++ if (sem_post (atomic_int_semaphore (ai))) ++ abort (); ++} ++#else ++struct atomic_int { ++ gl_lock_define (, lock) ++ int value; ++}; ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++ gl_lock_init (ai->lock); ++} ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ gl_lock_lock (ai->lock); ++ int ret = ai->value; ++ gl_lock_unlock (ai->lock); ++ return ret; ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ gl_lock_lock (ai->lock); ++ ai->value = new_value; ++ gl_lock_unlock (ai->lock); ++} ++#endif ++ + #define ACCOUNT_COUNT 4 + + static int account[ACCOUNT_COUNT]; +@@ -170,12 +324,12 @@ lock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int lock_checker_done; ++static struct atomic_int lock_checker_done; + + static void * + lock_checker_thread (void *arg) + { +- while (!lock_checker_done) ++ while (get_atomic_int_value (&lock_checker_done) == 0) + { + dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); + gl_lock_lock (my_lock); +@@ -200,7 +354,8 @@ test_lock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- lock_checker_done = 0; ++ init_atomic_int (&lock_checker_done); ++ set_atomic_int_value (&lock_checker_done, 0); + + /* Spawn the threads. */ + checkerthread = gl_thread_create (lock_checker_thread, NULL); +@@ -210,7 +365,7 @@ test_lock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- lock_checker_done = 1; ++ set_atomic_int_value (&lock_checker_done, 1); + gl_thread_join (checkerthread, NULL); + check_accounts (); + } +@@ -254,12 +409,12 @@ rwlock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int rwlock_checker_done; ++static struct atomic_int rwlock_checker_done; + + static void * + rwlock_checker_thread (void *arg) + { +- while (!rwlock_checker_done) ++ while (get_atomic_int_value (&rwlock_checker_done) == 0) + { + dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ()); + gl_rwlock_rdlock (my_rwlock); +@@ -284,7 +439,8 @@ test_rwlock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- rwlock_checker_done = 0; ++ init_atomic_int (&rwlock_checker_done); ++ set_atomic_int_value (&rwlock_checker_done, 0); + + /* Spawn the threads. */ + for (i = 0; i < THREAD_COUNT; i++) +@@ -295,7 +451,7 @@ test_rwlock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- rwlock_checker_done = 1; ++ set_atomic_int_value (&rwlock_checker_done, 1); + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (checkerthreads[i], NULL); + check_accounts (); +@@ -356,12 +512,12 @@ reclock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int reclock_checker_done; ++static struct atomic_int reclock_checker_done; + + static void * + reclock_checker_thread (void *arg) + { +- while (!reclock_checker_done) ++ while (get_atomic_int_value (&reclock_checker_done) == 0) + { + dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); + gl_recursive_lock_lock (my_reclock); +@@ -386,7 +542,8 @@ test_recursive_lock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- reclock_checker_done = 0; ++ init_atomic_int (&reclock_checker_done); ++ set_atomic_int_value (&reclock_checker_done, 0); + + /* Spawn the threads. */ + checkerthread = gl_thread_create (reclock_checker_thread, NULL); +@@ -396,7 +553,7 @@ test_recursive_lock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- reclock_checker_done = 1; ++ set_atomic_int_value (&reclock_checker_done, 1); + gl_thread_join (checkerthread, NULL); + check_accounts (); + } diff --git a/gnu/packages/patches/freetype-CVE-2017-8105.patch b/gnu/packages/patches/freetype-CVE-2017-8105.patch deleted file mode 100644 index 1891c4ab5f..0000000000 --- a/gnu/packages/patches/freetype-CVE-2017-8105.patch +++ /dev/null @@ -1,56 +0,0 @@ -Fix CVE-2017-8105: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105 -https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935 - -Patch copied from upstream source repository: - -https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee431bef8d4d466b40c9cb2d4dbcb7791 - -From f958c48ee431bef8d4d466b40c9cb2d4dbcb7791 Mon Sep 17 00:00:00 2001 -From: Werner Lemberg <wl@gnu.org> -Date: Fri, 24 Mar 2017 09:15:10 +0100 -Subject: [PATCH] [psaux] Better protect `flex' handling. - -Reported as - - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935 - -* src/psaux/t1decode.c (t1_decoder_parse_charstrings) -<callothersubr>: Since there is not a single flex operator but a -series of subroutine calls, malformed fonts can call arbitrary other -operators after the start of a flex, possibly adding points. For -this reason we have to check the available number of points before -inserting a point. ---- - ChangeLog | 15 +++++++++++++++ - src/psaux/t1decode.c | 9 +++++++++ - 2 files changed, 24 insertions(+) - -diff --git a/src/psaux/t1decode.c b/src/psaux/t1decode.c -index af7b465e..7dd45135 100644 ---- a/src/psaux/t1decode.c -+++ b/src/psaux/t1decode.c -@@ -780,10 +780,19 @@ - /* point without adding any point to the outline */ - idx = decoder->num_flex_vectors++; - if ( idx > 0 && idx < 7 ) -+ { -+ /* in malformed fonts it is possible to have other */ -+ /* opcodes in the middle of a flex (which don't */ -+ /* increase `num_flex_vectors'); we thus have to */ -+ /* check whether we can add a point */ -+ if ( FT_SET_ERROR( t1_builder_check_points( builder, 1 ) ) ) -+ goto Syntax_Error; -+ - t1_builder_add_point( builder, - x, - y, - (FT_Byte)( idx == 3 || idx == 6 ) ); -+ } - } - break; - --- -2.12.2 - diff --git a/gnu/packages/patches/freetype-CVE-2017-8287.patch b/gnu/packages/patches/freetype-CVE-2017-8287.patch deleted file mode 100644 index d1145a87ee..0000000000 --- a/gnu/packages/patches/freetype-CVE-2017-8287.patch +++ /dev/null @@ -1,44 +0,0 @@ -Fix CVE-2017-8287: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287 -https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941 - -Patch copied from upstream source repository: -https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0 - -From 3774fc08b502c3e685afca098b6e8a195aded6a0 Mon Sep 17 00:00:00 2001 -From: Werner Lemberg <wl@gnu.org> -Date: Sun, 26 Mar 2017 08:32:09 +0200 -Subject: [PATCH] * src/psaux/psobjs.c (t1_builder_close_contour): Add safety - guard. - -Reported as - - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941 ---- - ChangeLog | 8 ++++++++ - src/psaux/psobjs.c | 8 ++++++++ - 2 files changed, 16 insertions(+) - -diff --git a/src/psaux/psobjs.c b/src/psaux/psobjs.c -index d18e821a..0baf8368 100644 ---- a/src/psaux/psobjs.c -+++ b/src/psaux/psobjs.c -@@ -1718,6 +1718,14 @@ - first = outline->n_contours <= 1 - ? 0 : outline->contours[outline->n_contours - 2] + 1; - -+ /* in malformed fonts it can happen that a contour was started */ -+ /* but no points were added */ -+ if ( outline->n_contours && first == outline->n_points ) -+ { -+ outline->n_contours--; -+ return; -+ } -+ - /* We must not include the last point in the path if it */ - /* is located on the first point. */ - if ( outline->n_points > 1 ) --- -2.12.2 - diff --git a/gnu/packages/patches/gettext-gnulib-multi-core.patch b/gnu/packages/patches/gettext-gnulib-multi-core.patch new file mode 100644 index 0000000000..5ccdbe4ca1 --- /dev/null +++ b/gnu/packages/patches/gettext-gnulib-multi-core.patch @@ -0,0 +1,178 @@ +This patch fixes performance problems on multi-core machines +as reported at <https://bugs.gnu.org/26441>. + +See commit 480d374e596a0ee3fed168ab42cd84c313ad3c89 in Gnulib +by Bruno Haible <bruno@clisp.org>. + +diff --git a/gettext-tools/gnulib-tests/test-lock.c b/gettext-tools/gnulib-tests/test-lock.c +index cb734b4e6..aa6de2739 100644 +--- a/gettext-tools/gnulib-tests/test-lock.c ++++ b/gettext-tools/gnulib-tests/test-lock.c +@@ -50,6 +50,13 @@ + Uncomment this to see if the operating system has a fair scheduler. */ + #define EXPLICIT_YIELD 1 + ++/* Whether to use 'volatile' on some variables that communicate information ++ between threads. If set to 0, a lock is used to protect these variables. ++ If set to 1, 'volatile' is used; this is theoretically equivalent but can ++ lead to much slower execution (e.g. 30x slower total run time on a 40-core ++ machine. */ ++#define USE_VOLATILE 0 ++ + /* Whether to print debugging messages. */ + #define ENABLE_DEBUGGING 0 + +@@ -103,6 +110,51 @@ + # define yield() + #endif + ++#if USE_VOLATILE ++struct atomic_int { ++ volatile int value; ++}; ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++} ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ return ai->value; ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ ai->value = new_value; ++} ++#else ++struct atomic_int { ++ gl_lock_define (, lock) ++ int value; ++}; ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++ gl_lock_init (ai->lock); ++} ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ gl_lock_lock (ai->lock); ++ int ret = ai->value; ++ gl_lock_unlock (ai->lock); ++ return ret; ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ gl_lock_lock (ai->lock); ++ ai->value = new_value; ++ gl_lock_unlock (ai->lock); ++} ++#endif ++ + #define ACCOUNT_COUNT 4 + + static int account[ACCOUNT_COUNT]; +@@ -170,12 +222,12 @@ lock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int lock_checker_done; ++static struct atomic_int lock_checker_done; + + static void * + lock_checker_thread (void *arg) + { +- while (!lock_checker_done) ++ while (get_atomic_int_value (&lock_checker_done) == 0) + { + dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); + gl_lock_lock (my_lock); +@@ -200,7 +252,8 @@ test_lock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- lock_checker_done = 0; ++ init_atomic_int (&lock_checker_done); ++ set_atomic_int_value (&lock_checker_done, 0); + + /* Spawn the threads. */ + checkerthread = gl_thread_create (lock_checker_thread, NULL); +@@ -210,7 +263,7 @@ test_lock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- lock_checker_done = 1; ++ set_atomic_int_value (&lock_checker_done, 1); + gl_thread_join (checkerthread, NULL); + check_accounts (); + } +@@ -254,12 +307,12 @@ rwlock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int rwlock_checker_done; ++static struct atomic_int rwlock_checker_done; + + static void * + rwlock_checker_thread (void *arg) + { +- while (!rwlock_checker_done) ++ while (get_atomic_int_value (&rwlock_checker_done) == 0) + { + dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ()); + gl_rwlock_rdlock (my_rwlock); +@@ -284,7 +337,8 @@ test_rwlock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- rwlock_checker_done = 0; ++ init_atomic_int (&rwlock_checker_done); ++ set_atomic_int_value (&rwlock_checker_done, 0); + + /* Spawn the threads. */ + for (i = 0; i < THREAD_COUNT; i++) +@@ -295,7 +349,7 @@ test_rwlock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- rwlock_checker_done = 1; ++ set_atomic_int_value (&rwlock_checker_done, 1); + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (checkerthreads[i], NULL); + check_accounts (); +@@ -356,12 +410,12 @@ reclock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int reclock_checker_done; ++static struct atomic_int reclock_checker_done; + + static void * + reclock_checker_thread (void *arg) + { +- while (!reclock_checker_done) ++ while (get_atomic_int_value (&reclock_checker_done) == 0) + { + dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); + gl_recursive_lock_lock (my_reclock); +@@ -386,7 +440,8 @@ test_recursive_lock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- reclock_checker_done = 0; ++ init_atomic_int (&reclock_checker_done); ++ set_atomic_int_value (&reclock_checker_done, 0); + + /* Spawn the threads. */ + checkerthread = gl_thread_create (reclock_checker_thread, NULL); +@@ -396,7 +451,7 @@ test_recursive_lock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- reclock_checker_done = 1; ++ set_atomic_int_value (&reclock_checker_done, 1); + gl_thread_join (checkerthread, NULL); + check_accounts (); + } diff --git a/gnu/packages/patches/gettext-multi-core.patch b/gnu/packages/patches/gettext-multi-core.patch new file mode 100644 index 0000000000..31a378cfd0 --- /dev/null +++ b/gnu/packages/patches/gettext-multi-core.patch @@ -0,0 +1,185 @@ +This patch fixes performance problems on multi-core machines +as reported at <https://bugs.gnu.org/26441>. + +See commit 1afbcb06fded2a427b761dd1615b1e48e1e853cc in Gettext +by Bruno Haible <bruno@clisp.org>. + +diff --git a/gettext-runtime/tests/test-lock.c b/gettext-runtime/tests/test-lock.c +index d279d1d60..51cec3d6b 100644 +--- a/gettext-runtime/tests/test-lock.c ++++ b/gettext-runtime/tests/test-lock.c +@@ -1,5 +1,5 @@ + /* Test of locking in multithreaded situations. +- Copyright (C) 2005, 2008-2016 Free Software Foundation, Inc. ++ Copyright (C) 2005, 2008-2017 Free Software Foundation, Inc. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as published by +@@ -50,6 +50,13 @@ + Uncomment this to see if the operating system has a fair scheduler. */ + #define EXPLICIT_YIELD 1 + ++/* Whether to use 'volatile' on some variables that communicate information ++ between threads. If set to 0, a lock is used to protect these variables. ++ If set to 1, 'volatile' is used; this is theoretically equivalent but can ++ lead to much slower execution (e.g. 30x slower total run time on a 40-core ++ machine. */ ++#define USE_VOLATILE 0 ++ + /* Whether to print debugging messages. */ + #define ENABLE_DEBUGGING 0 + +@@ -214,6 +221,51 @@ static inline void * gl_thread_self_pointer (void) + # define yield() + #endif + ++#if USE_VOLATILE ++struct atomic_int { ++ volatile int value; ++}; ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++} ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ return ai->value; ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ ai->value = new_value; ++} ++#else ++struct atomic_int { ++ gl_lock_define (, lock) ++ int value; ++}; ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++ gl_lock_init (ai->lock); ++} ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ gl_lock_lock (ai->lock); ++ int ret = ai->value; ++ gl_lock_unlock (ai->lock); ++ return ret; ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ gl_lock_lock (ai->lock); ++ ai->value = new_value; ++ gl_lock_unlock (ai->lock); ++} ++#endif ++ + #define ACCOUNT_COUNT 4 + + static int account[ACCOUNT_COUNT]; +@@ -281,12 +333,12 @@ lock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int lock_checker_done; ++static struct atomic_int lock_checker_done; + + static void * + lock_checker_thread (void *arg) + { +- while (!lock_checker_done) ++ while (get_atomic_int_value (&lock_checker_done) == 0) + { + dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); + gl_lock_lock (my_lock); +@@ -311,7 +363,8 @@ test_lock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- lock_checker_done = 0; ++ init_atomic_int (&lock_checker_done); ++ set_atomic_int_value (&lock_checker_done, 0); + + /* Spawn the threads. */ + checkerthread = gl_thread_create (lock_checker_thread, NULL); +@@ -321,7 +374,7 @@ test_lock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- lock_checker_done = 1; ++ set_atomic_int_value (&lock_checker_done, 1); + gl_thread_join (checkerthread, NULL); + check_accounts (); + } +@@ -365,12 +418,12 @@ rwlock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int rwlock_checker_done; ++static struct atomic_int rwlock_checker_done; + + static void * + rwlock_checker_thread (void *arg) + { +- while (!rwlock_checker_done) ++ while (get_atomic_int_value (&rwlock_checker_done) == 0) + { + dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ()); + gl_rwlock_rdlock (my_rwlock); +@@ -395,7 +448,8 @@ test_rwlock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- rwlock_checker_done = 0; ++ init_atomic_int (&rwlock_checker_done); ++ set_atomic_int_value (&rwlock_checker_done, 0); + + /* Spawn the threads. */ + for (i = 0; i < THREAD_COUNT; i++) +@@ -406,7 +460,7 @@ test_rwlock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- rwlock_checker_done = 1; ++ set_atomic_int_value (&rwlock_checker_done, 1); + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (checkerthreads[i], NULL); + check_accounts (); +@@ -467,12 +521,12 @@ reclock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int reclock_checker_done; ++static struct atomic_int reclock_checker_done; + + static void * + reclock_checker_thread (void *arg) + { +- while (!reclock_checker_done) ++ while (get_atomic_int_value (&reclock_checker_done) == 0) + { + dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); + gl_recursive_lock_lock (my_reclock); +@@ -497,7 +551,8 @@ test_recursive_lock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- reclock_checker_done = 0; ++ init_atomic_int (&reclock_checker_done); ++ set_atomic_int_value (&reclock_checker_done, 0); + + /* Spawn the threads. */ + checkerthread = gl_thread_create (reclock_checker_thread, NULL); +@@ -507,7 +562,7 @@ test_recursive_lock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- reclock_checker_done = 1; ++ set_atomic_int_value (&reclock_checker_done, 1); + gl_thread_join (checkerthread, NULL); + check_accounts (); + } diff --git a/gnu/packages/patches/ghostscript-CVE-2013-5653.patch b/gnu/packages/patches/ghostscript-CVE-2013-5653.patch deleted file mode 100644 index 622266b176..0000000000 --- a/gnu/packages/patches/ghostscript-CVE-2013-5653.patch +++ /dev/null @@ -1,85 +0,0 @@ -The following patch was adapted for GNU Ghostscript -by Mark H Weaver <mhw@netris.org> based on: - -http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ab109aaeb3ddba59518b036fb288402a65cf7ce8 - -From ab109aaeb3ddba59518b036fb288402a65cf7ce8 Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Sat, 5 Mar 2016 14:56:03 -0800 -Subject: [PATCH] Bug 694724: Have filenameforall and getenv honor SAFER - ---- - Resource/Init/gs_init.ps | 2 ++ - psi/zfile.c | 36 ++++++++++++++++++++---------------- - 2 files changed, 22 insertions(+), 16 deletions(-) - -diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps -index fa33d88..99888ac 100644 ---- a/Resource/Init/gs_init.ps -+++ b/Resource/Init/gs_init.ps -@@ -2018,6 +2018,7 @@ readonly def - - /.locksafe { - .locksafe_userparams -+ systemdict /getenv {pop //false} put - % setpagedevice has the side effect of clearing the page, but - % we will just document that. Using setpagedevice keeps the device - % properties and pagedevice .LockSafetyParams in agreement even -@@ -2036,6 +2037,7 @@ readonly def - %% - /.locksafeglobal { - .locksafe_userparams -+ systemdict /getenv {pop //false} put - % setpagedevice has the side effect of clearing the page, but - % we will just document that. Using setpagedevice keeps the device - % properties and pagedevice .LockSafetyParams in agreement even -diff --git a/psi/zfile.c b/psi/zfile.c -index 320ecd5..0b9f299 100644 ---- a/psi/zfile.c -+++ b/psi/zfile.c -@@ -371,22 +371,26 @@ file_continue(i_ctx_t *i_ctx_p) - - if (len < devlen) - return_error(e_rangecheck); /* not even room for device len */ -- memcpy((char *)pscratch->value.bytes, iodev->dname, devlen); -- code = iodev->procs.enumerate_next(pfen, (char *)pscratch->value.bytes + devlen, -- len - devlen); -- if (code == ~(uint) 0) { /* all done */ -- esp -= 5; /* pop proc, pfen, devlen, iodev , mark */ -- return o_pop_estack; -- } else if (code > len) /* overran string */ -- return_error(e_rangecheck); -- else { -- push(1); -- ref_assign(op, pscratch); -- r_set_size(op, code + devlen); -- push_op_estack(file_continue); /* come again */ -- *++esp = pscratch[2]; /* proc */ -- return o_push_estack; -- } -+ -+ do { -+ memcpy((char *)pscratch->value.bytes, iodev->dname, devlen); -+ code = iodev->procs.enumerate_next(pfen, (char *)pscratch->value.bytes + devlen, -+ len - devlen); -+ if (code == ~(uint) 0) { /* all done */ -+ esp -= 5; /* pop proc, pfen, devlen, iodev , mark */ -+ return o_pop_estack; -+ } else if (code > len) /* overran string */ -+ return_error(e_rangecheck); -+ else if (iodev != iodev_default(imemory) -+ || (check_file_permissions_reduced(i_ctx_p, (char *)pscratch->value.bytes, code + devlen, "PermitFileReading")) == 0) { -+ push(1); -+ ref_assign(op, pscratch); -+ r_set_size(op, code + devlen); -+ push_op_estack(file_continue); /* come again */ -+ *++esp = pscratch[2]; /* proc */ -+ return o_push_estack; -+ } -+ } while(1); - } - /* Cleanup procedure for enumerating files */ - static int --- -2.9.1 - diff --git a/gnu/packages/patches/ghostscript-CVE-2015-3228.patch b/gnu/packages/patches/ghostscript-CVE-2015-3228.patch deleted file mode 100644 index c19fdb1d43..0000000000 --- a/gnu/packages/patches/ghostscript-CVE-2015-3228.patch +++ /dev/null @@ -1,32 +0,0 @@ -The file names in the upstream patch below were modified to apply to GNU -ghostscript. - -From 0c0b0859ae1aba64861599f0e7f74f143f305932 Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Tue, 7 Jul 2015 16:57:41 +0100 -Subject: [PATCH] Bug 696041: sanity check for memory allocation. - -In gs_heap_alloc_bytes(), add a sanity check to ensure we don't overflow the -variable holding the actual number of bytes we allocate. - -No cluster differences ---- - gs/base/gsmalloc.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/base/gsmalloc.c b/base/gsmalloc.c -index 624552d..cad79c2 100644 ---- a/base/gsmalloc.c -+++ b/base/gsmalloc.c -@@ -178,7 +178,7 @@ gs_heap_alloc_bytes(gs_memory_t * mem, uint size, client_name_t cname) - } else { - uint added = size + sizeof(gs_malloc_block_t); - -- if (mmem->limit - added < mmem->used) -+ if (added <= size || mmem->limit - added < mmem->used) - set_msg("exceeded limit"); - else if ((ptr = (byte *) Memento_label(malloc(added), cname)) == 0) - set_msg("failed"); --- -2.4.6 - diff --git a/gnu/packages/patches/ghostscript-CVE-2016-7976.patch b/gnu/packages/patches/ghostscript-CVE-2016-7976.patch deleted file mode 100644 index 0a09f89016..0000000000 --- a/gnu/packages/patches/ghostscript-CVE-2016-7976.patch +++ /dev/null @@ -1,185 +0,0 @@ -The following patch was adapted for GNU Ghostscript -by Mark H Weaver <mhw@netris.org> based on: - -http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=6d444c273da5499a4cd72f21cb6d4c9a5256807d - -From 6d444c273da5499a4cd72f21cb6d4c9a5256807d Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Wed, 5 Oct 2016 09:55:55 +0100 -Subject: [PATCH] Bug 697178: Add a file permissions callback - -For the rare occasions when the graphics library directly opens a file -(currently for reading), this allows us to apply any restrictions on -file access normally applied in the interpteter. ---- - base/gsicc_manage.c | 10 ++++++---- - base/gslibctx.c | 12 +++++++++++- - base/gslibctx.h | 7 +++++++ - psi/imain.c | 2 ++ - psi/int.mak | 2 +- - psi/zfile.c | 19 +++++++++++++++++++ - psi/zfile.h | 7 +++++++ - 7 files changed, 53 insertions(+), 6 deletions(-) - -diff --git a/base/gsicc_manage.c b/base/gsicc_manage.c -index 931c2a6..e9c09c3 100644 ---- a/base/gsicc_manage.c -+++ b/base/gsicc_manage.c -@@ -1028,10 +1028,12 @@ gsicc_open_search(const char* pname, int namelen, gs_memory_t *mem_gc, - } - - /* First just try it like it is */ -- str = sfopen(pname, "rb", mem_gc); -- if (str != NULL) { -- *strp = str; -- return 0; -+ if (gs_check_file_permission(mem_gc, pname, namelen, "r") >= 0) { -+ str = sfopen(pname, "rb", mem_gc); -+ if (str != NULL) { -+ *strp = str; -+ return 0; -+ } - } - - /* If that fails, try %rom% */ /* FIXME: Not sure this is needed or correct */ -diff --git a/base/gslibctx.c b/base/gslibctx.c -index eaa0458..37ce1ca 100644 ---- a/base/gslibctx.c -+++ b/base/gslibctx.c -@@ -121,7 +121,7 @@ int gs_lib_ctx_init( gs_memory_t *mem ) - mem->gs_lib_ctx = NULL; - return -1; - } -- -+ pio->client_check_file_permission = NULL; - gp_get_realtime(pio->real_time_0); - - return 0; -@@ -262,3 +262,13 @@ void errflush(const gs_memory_t *mem) - fflush(mem->gs_lib_ctx->fstderr); - /* else nothing to flush */ - } -+ -+int -+gs_check_file_permission (gs_memory_t *mem, const char *fname, const int len, const char *permission) -+{ -+ int code = 0; -+ if (mem->gs_lib_ctx->client_check_file_permission != NULL) { -+ code = mem->gs_lib_ctx->client_check_file_permission(mem, fname, len, permission); -+ } -+ return code; -+} -diff --git a/base/gslibctx.h b/base/gslibctx.h -index 7a4e110..020e2d9 100644 ---- a/base/gslibctx.h -+++ b/base/gslibctx.h -@@ -32,6 +32,9 @@ typedef struct gs_fapi_server_s gs_fapi_server; - # define gs_font_dir_DEFINED - typedef struct gs_font_dir_s gs_font_dir; - #endif -+ -+typedef int (*client_check_file_permission_t) (gs_memory_t *mem, const char *fname, const int len, const char *permission); -+ - typedef struct gs_lib_ctx_s - { - gs_memory_t *memory; /* mem->gs_lib_ctx->memory == mem */ -@@ -59,6 +62,7 @@ typedef struct gs_lib_ctx_s - bool dict_auto_expand; /* ps dictionary: false level 1 true level 2 or 3 */ - /* A table of local copies of the IODevices */ - struct gx_io_device_s **io_device_table; -+ client_check_file_permission_t client_check_file_permission; - /* Define the default value of AccurateScreens that affects setscreen - and setcolorscreen. */ - bool screen_accurate_screens; -@@ -108,6 +112,9 @@ int - void gs_lib_ctx_set_icc_directory(const gs_memory_t *mem_gc, const char* pname, - int dir_namelen); - -+int -+gs_check_file_permission (gs_memory_t *mem, const char *fname, const int len, const char *permission); -+ - #define IS_LIBCTX_STDOUT(mem, f) (f == mem->gs_lib_ctx->fstdout) - #define IS_LIBCTX_STDERR(mem, f) (f == mem->gs_lib_ctx->fstderr) - -diff --git a/psi/imain.c b/psi/imain.c -index 9a9bb5d..6874128 100644 ---- a/psi/imain.c -+++ b/psi/imain.c -@@ -57,6 +57,7 @@ - #include "ivmspace.h" - #include "idisp.h" /* for setting display device callback */ - #include "iplugin.h" -+#include "zfile.h" - - #ifdef PACIFY_VALGRIND - #include "valgrind.h" -@@ -215,6 +216,7 @@ gs_main_init1(gs_main_instance * minst) - "the_gs_name_table"); - if (code < 0) - return code; -+ mem->gs_lib_ctx->client_check_file_permission = z_check_file_permissions; - } - code = obj_init(&minst->i_ctx_p, &idmem); /* requires name_init */ - if (code < 0) -diff --git a/psi/int.mak b/psi/int.mak -index 4654afc..bb30d51 100644 ---- a/psi/int.mak -+++ b/psi/int.mak -@@ -1868,7 +1868,7 @@ $(PSOBJ)imain.$(OBJ) : $(PSSRC)imain.c $(GH) $(memory__h) $(string__h)\ - $(ialloc_h) $(iconf_h) $(idebug_h) $(idict_h) $(idisp_h) $(iinit_h)\ - $(iname_h) $(interp_h) $(iplugin_h) $(isave_h) $(iscan_h) $(ivmspace_h)\ - $(iinit_h) $(main_h) $(oper_h) $(ostack_h)\ -- $(sfilter_h) $(store_h) $(stream_h) $(strimpl_h) -+ $(sfilter_h) $(store_h) $(stream_h) $(strimpl_h) $(zfile_h) - $(PSCC) $(PSO_)imain.$(OBJ) $(C_) $(PSSRC)imain.c - - #****** $(CCINT) interp.c -diff --git a/psi/zfile.c b/psi/zfile.c -index 2c6c958..2f27f82 100644 ---- a/psi/zfile.c -+++ b/psi/zfile.c -@@ -197,6 +197,25 @@ check_file_permissions(i_ctx_t *i_ctx_p, const char *fname, int len, - return check_file_permissions_reduced(i_ctx_p, fname_reduced, rlen, permitgroup); - } - -+/* z_check_file_permissions: see zfile.h for explanation -+ */ -+int -+z_check_file_permissions(gs_memory_t *mem, const char *fname, const int len, const char *permission) -+{ -+ i_ctx_t *i_ctx_p = get_minst_from_memory(mem)->i_ctx_p; -+ gs_parsed_file_name_t pname; -+ const char *permitgroup = permission[0] == 'r' ? "PermitFileReading" : "PermitFileWriting"; -+ int code = gs_parse_file_name(&pname, fname, len, imemory); -+ if (code < 0) -+ return code; -+ -+ if (pname.iodev && i_ctx_p->LockFilePermissions && strcmp(pname.iodev->dname, "%pipe%") == 0) -+ return e_invalidfileaccess; -+ -+ code = check_file_permissions(i_ctx_p, fname, len, permitgroup); -+ return code; -+} -+ - /* <name_string> <access_string> file <file> */ - int /* exported for zsysvm.c */ - zfile(i_ctx_t *i_ctx_p) -diff --git a/psi/zfile.h b/psi/zfile.h -index fdf1373..a9399c7 100644 ---- a/psi/zfile.h -+++ b/psi/zfile.h -@@ -22,4 +22,11 @@ - int zopen_file(i_ctx_t *i_ctx_p, const gs_parsed_file_name_t *pfn, - const char *file_access, stream **ps, gs_memory_t *mem); - -+/* z_check_file_permissions: a callback (via mem->gs_lib_ctx->client_check_file_permission) -+ * to allow applying the above permissions checks when opening file(s) from -+ * the graphics library -+ */ -+int -+z_check_file_permissions(gs_memory_t *mem, const char *fname, -+ const int len, const char *permission); - #endif --- -2.9.1 - diff --git a/gnu/packages/patches/ghostscript-CVE-2016-7978.patch b/gnu/packages/patches/ghostscript-CVE-2016-7978.patch deleted file mode 100644 index 81cb26e9ed..0000000000 --- a/gnu/packages/patches/ghostscript-CVE-2016-7978.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 6f749c0c44e7b9e09737b9f29edf29925a34f0cf Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Wed, 5 Oct 2016 09:59:25 +0100 -Subject: [PATCH] Bug 697179: Reference count device icc profile - -when copying a device ---- - base/gsdevice.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/base/gsdevice.c b/base/gsdevice.c -index 778106f..aea986a 100644 ---- a/base/gsdevice.c -+++ b/base/gsdevice.c -@@ -614,6 +614,7 @@ gx_device_init(gx_device * dev, const gx_device * proto, gs_memory_t * mem, - dev->memory = mem; - dev->retained = !internal; - rc_init(dev, mem, (internal ? 0 : 1)); -+ rc_increment(dev->icc_struct); - } - - void --- -2.9.1 - diff --git a/gnu/packages/patches/ghostscript-CVE-2016-7979.patch b/gnu/packages/patches/ghostscript-CVE-2016-7979.patch deleted file mode 100644 index a557adfdea..0000000000 --- a/gnu/packages/patches/ghostscript-CVE-2016-7979.patch +++ /dev/null @@ -1,48 +0,0 @@ -The following patch was adapted for GNU Ghostscript -by Mark H Weaver <mhw@netris.org> based on: - -http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=875a0095f37626a721c7ff57d606a0f95af03913 - -From 875a0095f37626a721c7ff57d606a0f95af03913 Mon Sep 17 00:00:00 2001 -From: Ken Sharp <ken.sharp@artifex.com> -Date: Wed, 5 Oct 2016 10:10:58 +0100 -Subject: [PATCH] DSC parser - validate parameters - -Bug #697190 ".initialize_dsc_parser doesn't validate the parameter is a dict type before using it." - -Regardless of any security implications, its simply wrong for a PostScript -operator not to validate its parameter(s). - -No differences expected. ---- - psi/zdscpars.c | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -diff --git a/psi/zdscpars.c b/psi/zdscpars.c -index c05e154..9b4b605 100644 ---- a/psi/zdscpars.c -+++ b/psi/zdscpars.c -@@ -150,11 +150,16 @@ zinitialize_dsc_parser(i_ctx_t *i_ctx_p) - ref local_ref; - int code; - os_ptr const op = osp; -- dict * const pdict = op->value.pdict; -- gs_memory_t * const mem = (gs_memory_t *)dict_memory(pdict); -- dsc_data_t * const data = -- gs_alloc_struct(mem, dsc_data_t, &st_dsc_data_t, "DSC parser init"); -+ dict *pdict; -+ gs_memory_t *mem; -+ dsc_data_t *data; - -+ check_read_type(*op, t_dictionary); -+ -+ pdict = op->value.pdict; -+ mem = (gs_memory_t *)dict_memory(pdict); -+ -+ data = gs_alloc_struct(mem, dsc_data_t, &st_dsc_data_t, "DSC parser init"); - if (!data) - return_error(e_VMerror); - data->document_level = 0; --- -2.9.1 - diff --git a/gnu/packages/patches/ghostscript-CVE-2016-8602.patch b/gnu/packages/patches/ghostscript-CVE-2016-8602.patch deleted file mode 100644 index aaf20b6c6c..0000000000 --- a/gnu/packages/patches/ghostscript-CVE-2016-8602.patch +++ /dev/null @@ -1,47 +0,0 @@ -The following patch was adapted for GNU Ghostscript -by Mark H Weaver <mhw@netris.org> based on: - -http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78 - -From f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78 Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Sat, 8 Oct 2016 16:10:27 +0100 -Subject: [PATCH] Bug 697203: check for sufficient params in .sethalftone5 - -and param types ---- - psi/zht2.c | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - -diff --git a/psi/zht2.c b/psi/zht2.c -index fb4a264..dfa27a4 100644 ---- a/psi/zht2.c -+++ b/psi/zht2.c -@@ -82,14 +82,22 @@ zsethalftone5(i_ctx_t *i_ctx_p) - gs_memory_t *mem; - uint edepth = ref_stack_count(&e_stack); - int npop = 2; -- int dict_enum = dict_first(op); -+ int dict_enum; - ref rvalue[2]; - int cname, colorant_number; - byte * pname; - uint name_size; - int halftonetype, type = 0; - gs_state *pgs = igs; -- int space_index = r_space_index(op - 1); -+ int space_index; -+ -+ if (ref_stack_count(&o_stack) < 2) -+ return_error(e_stackunderflow); -+ check_type(*op, t_dictionary); -+ check_type(*(op - 1), t_dictionary); -+ -+ dict_enum = dict_first(op); -+ space_index = r_space_index(op - 1); - - mem = (gs_memory_t *) idmemory->spaces_indexed[space_index]; - --- -2.9.1 - diff --git a/gnu/packages/patches/ghostscript-CVE-2017-8291.patch b/gnu/packages/patches/ghostscript-CVE-2017-8291.patch index db80b6ddec..d38bd593c0 100644 --- a/gnu/packages/patches/ghostscript-CVE-2017-8291.patch +++ b/gnu/packages/patches/ghostscript-CVE-2017-8291.patch @@ -1,15 +1,60 @@ Fix CVE-2017-8291: -https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8291 +https://bugs.ghostscript.com/show_bug.cgi?id=697799 +https://bugs.ghostscript.com/show_bug.cgi?id=697808 (duplicate) +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8291 -This patch is adapted from these two Artifex Ghostscript commits by Leo -Famulari <leo@famulari.name>: +Patches copied from upstream source repository: -https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce174eed24edec7ad5b920eb93db4d47d;hp=4f83478c88c2e05d6e8d79ca4557eb039354d2f3 -https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3;hp=5603e8fc3e59c435318877efe627967ee6baebb8 +https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3 +https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce174eed24edec7ad5b920eb93db4d47d +https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=57f20719e1cfaea77b67cb26e26de7fe4d7f9b2e +https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad + +From 4f83478c88c2e05d6e8d79ca4557eb039354d2f3 Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Thu, 27 Apr 2017 13:03:33 +0100 +Subject: [PATCH] Bug 697799: have .eqproc check its parameters + +The Ghostscript custom operator .eqproc was not check the number or type of +the parameters it was given. +--- + psi/zmisc3.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/psi/zmisc3.c b/psi/zmisc3.c +index 54b304246..37293ff4b 100644 +--- a/psi/zmisc3.c ++++ b/psi/zmisc3.c +@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p) + ref2_t stack[MAX_DEPTH + 1]; + ref2_t *top = stack; + ++ if (ref_stack_count(&o_stack) < 2) ++ return_error(gs_error_stackunderflow); ++ if (!r_is_array(op - 1) || !r_is_array(op)) { ++ return_error(gs_error_typecheck); ++ } ++ + make_array(&stack[0].proc1, 0, 1, op - 1); + make_array(&stack[0].proc2, 0, 1, op); + for (;;) { +-- +2.13.0 + +From 04b37bbce174eed24edec7ad5b920eb93db4d47d Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Thu, 27 Apr 2017 13:21:31 +0100 +Subject: [PATCH] Bug 697799: have .rsdparams check its parameters + +The Ghostscript internal operator .rsdparams wasn't checking the number or +type of the operands it was being passed. Do so. +--- + psi/zfrsd.c | 22 +++++++++++++++------- + 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/psi/zfrsd.c b/psi/zfrsd.c -index fb4bce9..2629afa 100644 +index 191107d8a..950588d69 100644 --- a/psi/zfrsd.c +++ b/psi/zfrsd.c @@ -49,13 +49,20 @@ zrsdparams(i_ctx_t *i_ctx_p) @@ -24,9 +69,9 @@ index fb4bce9..2629afa 100644 + int code = 0; + + if (ref_stack_count(&o_stack) < 1) -+ return_error(e_stackunderflow); ++ return_error(gs_error_stackunderflow); + if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) { -+ return_error(e_typecheck); ++ return_error(gs_error_typecheck); + } make_empty_array(&empty_array, a_readonly); @@ -35,15 +80,15 @@ index fb4bce9..2629afa 100644 + && dict_find_string(op, "Filter", &pFilter) > 0) { if (!r_is_array(pFilter)) { if (!r_has_type(pFilter, t_name)) - return_error(e_typecheck); + return_error(gs_error_typecheck); @@ -94,12 +101,13 @@ zrsdparams(i_ctx_t *i_ctx_p) - return_error(e_typecheck); + return_error(gs_error_typecheck); } } - code = dict_int_param(op, "Intent", 0, 3, 0, &Intent); + if (r_has_type(op, t_dictionary)) + code = dict_int_param(op, "Intent", 0, 3, 0, &Intent); - if (code < 0 && code != e_rangecheck) /* out-of-range int is ok, use 0 */ + if (code < 0 && code != gs_error_rangecheck) /* out-of-range int is ok, use 0 */ return code; - if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0 - ) @@ -54,20 +99,97 @@ index fb4bce9..2629afa 100644 push(1); op[-1] = *pFilter; if (pDecodeParms) +-- +2.13.0 + +From 57f20719e1cfaea77b67cb26e26de7fe4d7f9b2e Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Wed, 3 May 2017 12:05:45 +0100 +Subject: [PATCH] Bug 697846: revision to commit 4f83478c88 (.eqproc) + +When using the "DELAYBIND" feature, it turns out that .eqproc can be called with +parameters that are not both procedures. In this case, it turns out, the +expectation is for the operator to return 'false', rather than throw an error. +--- + psi/zmisc3.c | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + diff --git a/psi/zmisc3.c b/psi/zmisc3.c -index 54b3042..0d357f1 100644 +index 37293ff4b..3f01d39a3 100644 --- a/psi/zmisc3.c +++ b/psi/zmisc3.c -@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p) - ref2_t stack[MAX_DEPTH + 1]; - ref2_t *top = stack; +@@ -38,6 +38,15 @@ zcliprestore(i_ctx_t *i_ctx_p) + return gs_cliprestore(igs); + } -+ if (ref_stack_count(&o_stack) < 2) -+ return_error(e_stackunderflow); -+ if (!r_is_array(op - 1) || !r_is_array(op)) { -+ return_error(e_typecheck); -+ } ++static inline bool ++eqproc_check_type(ref *r) ++{ ++ return r_has_type(r, t_array) ++ || r_has_type(r, t_mixedarray) ++ || r_has_type(r, t_shortarray) ++ || r_has_type(r, t_oparray); ++} + + /* <proc1> <proc2> .eqproc <bool> */ + /* + * Test whether two procedures are equal to depth 10. +@@ -58,8 +67,10 @@ zeqproc(i_ctx_t *i_ctx_p) + + if (ref_stack_count(&o_stack) < 2) + return_error(gs_error_stackunderflow); +- if (!r_is_array(op - 1) || !r_is_array(op)) { +- return_error(gs_error_typecheck); ++ if (!eqproc_check_type(op -1) || !eqproc_check_type(op)) { ++ make_false(op - 1); ++ pop(1); ++ return 0; + } + make_array(&stack[0].proc1, 0, 1, op - 1); - make_array(&stack[0].proc2, 0, 1, op); - for (;;) { +-- +2.13.0 + +From ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Thu, 11 May 2017 14:07:48 +0100 +Subject: [PATCH] Bug 697892: fix check for op stack underflow. + +In the original fix, I used the wrong method to check for stack underflow, this +is using the correct method. +--- + psi/zfrsd.c | 3 +-- + psi/zmisc3.c | 3 +-- + 2 files changed, 2 insertions(+), 4 deletions(-) + +diff --git a/psi/zfrsd.c b/psi/zfrsd.c +index 950588d69..9c035b96d 100644 +--- a/psi/zfrsd.c ++++ b/psi/zfrsd.c +@@ -54,8 +54,7 @@ zrsdparams(i_ctx_t *i_ctx_p) + uint i; + int code = 0; + +- if (ref_stack_count(&o_stack) < 1) +- return_error(gs_error_stackunderflow); ++ check_op(1); + if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) { + return_error(gs_error_typecheck); + } +diff --git a/psi/zmisc3.c b/psi/zmisc3.c +index 3f01d39a3..43803b55b 100644 +--- a/psi/zmisc3.c ++++ b/psi/zmisc3.c +@@ -65,8 +65,7 @@ zeqproc(i_ctx_t *i_ctx_p) + ref2_t stack[MAX_DEPTH + 1]; + ref2_t *top = stack; + +- if (ref_stack_count(&o_stack) < 2) +- return_error(gs_error_stackunderflow); ++ check_op(2); + if (!eqproc_check_type(op -1) || !eqproc_check_type(op)) { + make_false(op - 1); + pop(1); +-- +2.13.0 + diff --git a/gnu/packages/patches/ghostscript-runpath.patch b/gnu/packages/patches/ghostscript-runpath.patch index c7dcfd4529..9f161e45b3 100644 --- a/gnu/packages/patches/ghostscript-runpath.patch +++ b/gnu/packages/patches/ghostscript-runpath.patch @@ -1,17 +1,18 @@ -This patch adds $(libdir) to the RUNPATH of 'gsc' and 'gsx'. - ---- gnu-ghostscript-9.14.0/base/unix-dll.mak 2015-04-05 15:12:45.386957927 +0200 -+++ gnu-ghostscript-9.14.0/base/unix-dll.mak 2015-04-05 15:12:49.222982359 +0200 -@@ -91,11 +91,11 @@ $(GS_SO_MAJOR): $(GS_SO_MAJOR_MINOR) +diff --git a/base/unix-dll.mak b/base/unix-dll.mak +index 9d57a99..36ef1ff 100644 +--- a/base/unix-dll.mak ++++ b/base/unix-dll.mak +@@ -171,11 +171,11 @@ gpdl-so-links-subtarget: $(GPDL_SO) $(UNIX_DLL_MAK) $(MAKEDIRS) # Build the small Ghostscript loaders, with Gtk+ and without - $(GSSOC_XE): $(GS_SO) $(PSSRC)$(SOC_LOADER) + $(GSSOC_XE): gs-so-links-subtarget $(PSSRC)$(SOC_LOADER) $(UNIX_DLL_MAK) $(MAKEDIRS) $(GLCC) -g -o $(GSSOC_XE) $(PSSRC)dxmainc.c \ - -L$(BINDIR) -l$(GS_SO_BASE) + -L$(BINDIR) -l$(GS_SO_BASE) -Wl,-rpath=$(libdir) - $(GSSOX_XE): $(GS_SO) $(PSSRC)$(SOC_LOADER) + $(GSSOX_XE): gs-so-links-subtarget $(PSSRC)$(SOC_LOADER) $(UNIX_DLL_MAK) $(MAKEDIRS) $(GLCC) -g $(SOC_CFLAGS) -o $(GSSOX_XE) $(PSSRC)$(SOC_LOADER) \ - -L$(BINDIR) -l$(GS_SO_BASE) $(SOC_LIBS) + -L$(BINDIR) -l$(GS_SO_BASE) $(SOC_LIBS) -Wl,-rpath=$(libdir) - # ------------------------- Recursive make targets ------------------------- # + $(PCLSOC_XE): gpcl6-so-links-subtarget $(PLSRC)$(REALMAIN_SRC).c $(UNIX_DLL_MAK) $(MAKEDIRS) + $(GLCC) -g -o $(PCLSOC_XE) $(PLSRC)$(REALMAIN_SRC).c -L$(BINDIR) -l$(PCL_SO_BASE) diff --git a/gnu/packages/patches/grep-gnulib-lock.patch b/gnu/packages/patches/grep-gnulib-lock.patch new file mode 100644 index 0000000000..68c33f1031 --- /dev/null +++ b/gnu/packages/patches/grep-gnulib-lock.patch @@ -0,0 +1,32 @@ +This patch fix error on 'gnulib' library required to build +'grep' package on GNU/Hurd. +The patch was adapted from upstream source repository: +'<http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commit;h=4084b3a1094372b960ce4a97634e08f4538c8bdd>' + +Commit: 4084b3a1094372b960ce4a97634e08f4538c8bdd + +diff --git a/lib/glthread/lock.c b/lib/glthread/lock.c +index 061562b..afc86f4 100644 +--- a/lib/glthread/lock.c ++++ b/lib/glthread/lock.c +@@ -30,7 +30,7 @@ + + /* ------------------------- gl_rwlock_t datatype ------------------------- */ + +-# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (__GNU_LIBRARY__ > 1)) ++# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (defined PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP && (__GNU_LIBRARY__ > 1))) + + # ifdef PTHREAD_RWLOCK_INITIALIZER + +diff --git a/lib/glthread/lock.h b/lib/glthread/lock.h +index ec16d39..67932aa 100644 +--- a/lib/glthread/lock.h ++++ b/lib/glthread/lock.h +@@ -179,7 +179,7 @@ typedef pthread_mutex_t gl_lock_t; + + /* ------------------------- gl_rwlock_t datatype ------------------------- */ + +-# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (__GNU_LIBRARY__ > 1)) ++# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (defined PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP && (__GNU_LIBRARY__ > 1))) + + # ifdef PTHREAD_RWLOCK_INITIALIZER diff --git a/gnu/packages/patches/libffi-3.2.1-complex-alpha.patch b/gnu/packages/patches/libffi-3.2.1-complex-alpha.patch new file mode 100644 index 0000000000..ebbc0635a5 --- /dev/null +++ b/gnu/packages/patches/libffi-3.2.1-complex-alpha.patch @@ -0,0 +1,28 @@ +The patch fixes build failure of form: + ../src/alpha/osf.S:298:2: error: #error "osf.S out of sync with ffi.h" +Upstream fixed the bug in a more invasive way +but didn't have releases since 3.2.1. + +The patch is taken from Gentoo: +https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-libs/libffi/files/libffi-3.2.1-complex_alpha.patch + +--- libffi-3.2.1/src/alpha/osf.S 2015-01-16 10:46:15.000000000 +0100 ++++ libffi-3.2.1/src/alpha/osf.S 2015-01-16 10:46:24.000000000 +0100 +@@ -279,6 +279,7 @@ + .gprel32 $load_64 # FFI_TYPE_SINT64 + .gprel32 $load_none # FFI_TYPE_STRUCT + .gprel32 $load_64 # FFI_TYPE_POINTER ++ .gprel32 $load_none # FFI_TYPE_COMPLEX + + /* Assert that the table above is in sync with ffi.h. */ + +@@ -294,7 +295,8 @@ + || FFI_TYPE_SINT64 != 12 \ + || FFI_TYPE_STRUCT != 13 \ + || FFI_TYPE_POINTER != 14 \ +- || FFI_TYPE_LAST != 14 ++ || FFI_TYPE_COMPLEX != 15 \ ++ || FFI_TYPE_LAST != 15 + #error "osf.S out of sync with ffi.h" + #endif + diff --git a/gnu/packages/patches/libtasn1-CVE-2017-6891.patch b/gnu/packages/patches/libtasn1-CVE-2017-6891.patch deleted file mode 100644 index 1f847ed025..0000000000 --- a/gnu/packages/patches/libtasn1-CVE-2017-6891.patch +++ /dev/null @@ -1,51 +0,0 @@ -Fix CVE-2017-6891: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891 - -Patch copied from upstream source repository: - -https://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=5520704d075802df25ce4ffccc010ba1641bd484 - -From 5520704d075802df25ce4ffccc010ba1641bd484 Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: Thu, 18 May 2017 18:03:34 +0200 -Subject: [PATCH] asn1_find_node: added safety check on asn1_find_node() - -This prevents a stack overflow in asn1_find_node() which -is triggered by too long variable names in the definitions -files. That means that applications have to deliberately -pass a too long 'name' constant to asn1_write_value() -and friends. Reported by Jakub Jirasek. - -Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> ---- - lib/parser_aux.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/lib/parser_aux.c b/lib/parser_aux.c -index b4a7370..976ab38 100644 ---- a/lib/parser_aux.c -+++ b/lib/parser_aux.c -@@ -120,6 +120,9 @@ asn1_find_node (asn1_node pointer, const char *name) - if (n_end) - { - nsize = n_end - n_start; -+ if (nsize >= sizeof(n)) -+ return NULL; -+ - memcpy (n, n_start, nsize); - n[nsize] = 0; - n_start = n_end; -@@ -158,6 +161,9 @@ asn1_find_node (asn1_node pointer, const char *name) - if (n_end) - { - nsize = n_end - n_start; -+ if (nsize >= sizeof(n)) -+ return NULL; -+ - memcpy (n, n_start, nsize); - n[nsize] = 0; - n_start = n_end; --- -2.13.0 - diff --git a/gnu/packages/patches/libtiff-CVE-2016-10092.patch b/gnu/packages/patches/libtiff-CVE-2016-10092.patch deleted file mode 100644 index d5fd796169..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-10092.patch +++ /dev/null @@ -1,42 +0,0 @@ -Fix CVE-2016-10092: - -http://bugzilla.maptools.org/show_bug.cgi?id=2620 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10092 -https://security-tracker.debian.org/tracker/CVE-2016-10092 - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * tools/tiffcrop.c: fix readContigStripsIntoBuffer() in -i (ignore) - mode so that the output buffer is correctly incremented to avoid write - outside bounds. - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2620 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1178; previous revision: 1.1177 -/cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v <-- tools/tiffcrop.c -new revision: 1.47; previous revision: 1.46 - -Index: libtiff/tools/tiffcrop.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v -retrieving revision 1.46 -retrieving revision 1.47 -diff -u -r1.46 -r1.47 ---- libtiff/tools/tiffcrop.c 18 Nov 2016 14:58:46 -0000 1.46 -+++ libtiff/tools/tiffcrop.c 3 Dec 2016 11:35:56 -0000 1.47 -@@ -1,4 +1,4 @@ --/* $Id: tiffcrop.c,v 1.46 2016-11-18 14:58:46 erouault Exp $ */ -+/* $Id: tiffcrop.c,v 1.47 2016-12-03 11:35:56 erouault Exp $ */ - - /* tiffcrop.c -- a port of tiffcp.c extended to include manipulations of - * the image data through additional options listed below -@@ -3698,7 +3698,7 @@ - (unsigned long) strip, (unsigned long)rows); - return 0; - } -- bufp += bytes_read; -+ bufp += stripsize; - } - - return 1; diff --git a/gnu/packages/patches/libtiff-CVE-2016-10093.patch b/gnu/packages/patches/libtiff-CVE-2016-10093.patch deleted file mode 100644 index 5897ec1029..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-10093.patch +++ /dev/null @@ -1,53 +0,0 @@ -Fix CVE-2016-10093: - -http://bugzilla.maptools.org/show_bug.cgi?id=2610 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10093 -https://security-tracker.debian.org/tracker/CVE-2016-10093 - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * tools/tiffcp.c: fix uint32 underflow/overflow that can cause - heap-based buffer overflow. - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2610 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1187; previous revision: 1.1186 -/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v <-- tools/tiffcp.c -new revision: 1.59; previous revision: 1.58 - -Index: libtiff/tools/tiffcp.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v -retrieving revision 1.58 -retrieving revision 1.59 -diff -u -r1.58 -r1.59 ---- libtiff/tools/tiffcp.c 3 Dec 2016 15:44:15 -0000 1.58 -+++ libtiff/tools/tiffcp.c 3 Dec 2016 16:40:01 -0000 1.59 -@@ -1163,7 +1163,7 @@ - - static void - cpStripToTile(uint8* out, uint8* in, -- uint32 rows, uint32 cols, int outskew, int inskew) -+ uint32 rows, uint32 cols, int outskew, int64 inskew) - { - while (rows-- > 0) { - uint32 j = cols; -@@ -1320,7 +1320,7 @@ - tdata_t tilebuf; - uint32 imagew = TIFFScanlineSize(in); - uint32 tilew = TIFFTileRowSize(in); -- int iskew = imagew - tilew; -+ int64 iskew = (int64)imagew - (int64)tilew; - uint8* bufp = (uint8*) buf; - uint32 tw, tl; - uint32 row; -@@ -1348,7 +1348,7 @@ - status = 0; - goto done; - } -- if (colb + tilew > imagew) { -+ if (colb > iskew) { - uint32 width = imagew - colb; - uint32 oskew = tilew - width; - cpStripToTile(bufp + colb, diff --git a/gnu/packages/patches/libtiff-CVE-2016-10094.patch b/gnu/packages/patches/libtiff-CVE-2016-10094.patch deleted file mode 100644 index 9018773565..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-10094.patch +++ /dev/null @@ -1,34 +0,0 @@ -Fix CVE-2016-10094: - -http://bugzilla.maptools.org/show_bug.cgi?id=2640 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10094 -https://security-tracker.debian.org/tracker/CVE-2016-10094 - -2016-12-20 Even Rouault <even.rouault at spatialys.com> - - * tools/tiff2pdf.c: avoid potential heap-based overflow in - t2p_readwrite_pdf_image_tile(). - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2640 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1199; previous revision: 1.1198 -/cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v <-- tools/tiff2pdf.c -new revision: 1.101; previous revision: 1.100 - -Index: libtiff/tools/tiff2pdf.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v -retrieving revision 1.100 -retrieving revision 1.101 -diff -u -r1.100 -r1.101 ---- libtiff/tools/tiff2pdf.c 20 Dec 2016 17:24:35 -0000 1.100 -+++ libtiff/tools/tiff2pdf.c 20 Dec 2016 17:28:17 -0000 1.101 -@@ -2895,7 +2895,7 @@ - return(0); - } - if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) { -- if (count >= 4) { -+ if (count > 4) { - int retTIFFReadRawTile; - /* Ignore EOI marker of JpegTables */ - _TIFFmemcpy(buffer, jpt, count - 2); diff --git a/gnu/packages/patches/libtiff-CVE-2017-5225.patch b/gnu/packages/patches/libtiff-CVE-2017-5225.patch deleted file mode 100644 index 3158b49360..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2017-5225.patch +++ /dev/null @@ -1,86 +0,0 @@ -Fix CVE-2017-5225 (Heap based buffer overflow in tools/tiffcp): - -http://bugzilla.maptools.org/show_bug.cgi?id=2656 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5225 -https://security-tracker.debian.org/tracker/CVE-2017-5225 - -2017-01-11 Even Rouault <even.rouault at spatialys.com> - - * tools/tiffcp.c: error out cleanly in cpContig2SeparateByRow and - cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based -overflow. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2656 and - http://bugzilla.maptools.org/show_bug.cgi?id=2657 - - -less C/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1210; previous revision: 1.1209 -/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v <-- tools/tiffcp.c -new revision: 1.61; previous revision: 1.60 - -Index: libtiff/tools/tiffcp.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v -retrieving revision 1.60 -retrieving revision 1.61 -diff -u -r1.60 -r1.61 ---- libtiff/tools/tiffcp.c 3 Dec 2016 16:50:02 -0000 1.60 -+++ libtiff/tools/tiffcp.c 11 Jan 2017 19:26:14 -0000 1.61 -#@@ -1,4 +1,4 @@ -#-/* $Id: tiffcp.c,v 1.60 2016-12-03 16:50:02 erouault Exp $ */ -#+/* $Id: tiffcp.c,v 1.61 2017-01-11 19:26:14 erouault Exp $ */ -# -# /* -# * Copyright (c) 1988-1997 Sam Leffler -@@ -591,7 +591,7 @@ - static int - tiffcp(TIFF* in, TIFF* out) - { -- uint16 bitspersample, samplesperpixel = 1; -+ uint16 bitspersample = 1, samplesperpixel = 1; - uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK; - copyFunc cf; - uint32 width, length; -@@ -1067,6 +1067,16 @@ - register uint32 n; - uint32 row; - tsample_t s; -+ uint16 bps = 0; -+ -+ (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps); -+ if( bps != 8 ) -+ { -+ TIFFError(TIFFFileName(in), -+ "Error, can only handle BitsPerSample=8 in %s", -+ "cpContig2SeparateByRow"); -+ return 0; -+ } - - inbuf = _TIFFmalloc(scanlinesizein); - outbuf = _TIFFmalloc(scanlinesizeout); -@@ -1120,6 +1130,16 @@ - register uint32 n; - uint32 row; - tsample_t s; -+ uint16 bps = 0; -+ -+ (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps); -+ if( bps != 8 ) -+ { -+ TIFFError(TIFFFileName(in), -+ "Error, can only handle BitsPerSample=8 in %s", -+ "cpSeparate2ContigByRow"); -+ return 0; -+ } - - inbuf = _TIFFmalloc(scanlinesizein); - outbuf = _TIFFmalloc(scanlinesizeout); -@@ -1784,7 +1804,7 @@ - uint32 w, l, tw, tl; - int bychunk; - -- (void) TIFFGetField(in, TIFFTAG_PLANARCONFIG, &shortv); -+ (void) TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &shortv); - if (shortv != config && bitspersample != 8 && samplesperpixel > 1) { - fprintf(stderr, - "%s: Cannot handle different planar configuration w/ bits/sample != 8\n", diff --git a/gnu/packages/patches/libtiff-assertion-failure.patch b/gnu/packages/patches/libtiff-assertion-failure.patch deleted file mode 100644 index ef747fbdd7..0000000000 --- a/gnu/packages/patches/libtiff-assertion-failure.patch +++ /dev/null @@ -1,60 +0,0 @@ -Fix assertion failure in readSeparateTilesIntoBuffer(): - -http://bugzilla.maptools.org/show_bug.cgi?id=2605 - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * tools/tiffcp.c: replace assert( (bps % 8) == 0 ) by a non assert -check. - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2605 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1188; previous revision: 1.1187 -/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v <-- tools/tiffcp.c -new revision: 1.60; previous revision: 1.59 - -Index: libtiff/tools/tiffcp.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v -retrieving revision 1.59 -retrieving revision 1.60 -diff -u -r1.59 -r1.60 ---- libtiff/tools/tiffcp.c 3 Dec 2016 16:40:01 -0000 1.59 -+++ libtiff/tools/tiffcp.c 3 Dec 2016 16:50:02 -0000 1.60 -@@ -45,7 +45,6 @@ - #include <string.h> - - #include <ctype.h> --#include <assert.h> - - #ifdef HAVE_UNISTD_H - # include <unistd.h> -@@ -1393,7 +1392,12 @@ - status = 0; - goto done; - } -- assert( bps % 8 == 0 ); -+ if( (bps % 8) != 0 ) -+ { -+ TIFFError(TIFFFileName(in), "Error, cannot handle BitsPerSample that is not a multiple of 8"); -+ status = 0; -+ goto done; -+ } - bytes_per_sample = bps/8; - - for (row = 0; row < imagelength; row += tl) { -@@ -1584,7 +1588,12 @@ - _TIFFfree(obuf); - return 0; - } -- assert( bps % 8 == 0 ); -+ if( (bps % 8) != 0 ) -+ { -+ TIFFError(TIFFFileName(out), "Error, cannot handle BitsPerSample that is not a multiple of 8"); -+ _TIFFfree(obuf); -+ return 0; -+ } - bytes_per_sample = bps/8; - - for (row = 0; row < imagelength; row += tl) { diff --git a/gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch b/gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch deleted file mode 100644 index 2a96b68521..0000000000 --- a/gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch +++ /dev/null @@ -1,63 +0,0 @@ -Fix divide-by-zero in OJPEGDecodeRaw(): - -http://bugzilla.maptools.org/show_bug.cgi?id=2611 - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * libtiff/tif_ojpeg.c: make OJPEGDecode() early exit in case of failure -in - OJPEGPreDecode(). This will avoid a divide by zero, and potential other -issues. - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2611 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1177; previous revision: 1.1176 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v <-- libtiff/tif_ojpeg.c -new revision: 1.66; previous revision: 1.65 - -Index: libtiff/libtiff/tif_ojpeg.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v -retrieving revision 1.65 -retrieving revision 1.66 -diff -u -r1.65 -r1.66 ---- libtiff/libtiff/tif_ojpeg.c 4 Sep 2016 21:32:56 -0000 1.65 -+++ libtiff/libtiff/tif_ojpeg.c 3 Dec 2016 11:15:18 -0000 1.66 -@@ -1,4 +1,4 @@ --/* $Id: tif_ojpeg.c,v 1.65 2016-09-04 21:32:56 erouault Exp $ */ -+/* $Id: tif_ojpeg.c,v 1.66 2016-12-03 11:15:18 erouault Exp $ */ - - /* WARNING: The type of JPEG encapsulation defined by the TIFF Version 6.0 - specification is now totally obsolete and deprecated for new applications and -@@ -244,6 +244,7 @@ - - typedef struct { - TIFF* tif; -+ int decoder_ok; - #ifndef LIBJPEG_ENCAP_EXTERNAL - JMP_BUF exit_jmpbuf; - #endif -@@ -722,6 +723,7 @@ - } - sp->write_curstrile++; - } -+ sp->decoder_ok = 1; - return(1); - } - -@@ -784,8 +786,14 @@ - static int - OJPEGDecode(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s) - { -+ static const char module[]="OJPEGDecode"; - OJPEGState* sp=(OJPEGState*)tif->tif_data; - (void)s; -+ if( !sp->decoder_ok ) -+ { -+ TIFFErrorExt(tif->tif_clientdata,module,"Cannot decode: decoder not correctly initialized"); -+ return 0; -+ } - if (sp->libjpeg_jpeg_query_style==0) - { - if (OJPEGDecodeRaw(tif,buf,cc)==0) diff --git a/gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch b/gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch deleted file mode 100644 index d3f1c2b60e..0000000000 --- a/gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch +++ /dev/null @@ -1,104 +0,0 @@ -Fix two divide-by-zero bugs in readSeparateTilesIntoBuffer(): - -http://bugzilla.maptools.org/show_bug.cgi?id=2597 -http://bugzilla.maptools.org/show_bug.cgi?id=2607 - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * tools/tiffcp.c: avoid potential division by zero is BitsPerSamples -tag is - missing. - Reported by Agostino sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2597 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1183; previous revision: 1.1182 -/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v <-- tools/tiffcp.c -new revision: 1.57; previous revision: 1.56 - -Index: libtiff/tools/tiffcp.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v -retrieving revision 1.56 -retrieving revision 1.57 -diff -u -r1.56 -r1.57 ---- libtiff/tools/tiffcp.c 2 Dec 2016 22:13:32 -0000 1.56 -+++ libtiff/tools/tiffcp.c 3 Dec 2016 14:42:40 -0000 1.57 -@@ -1,4 +1,4 @@ --/* $Id: tiffcp.c,v 1.56 2016-12-02 22:13:32 erouault Exp $ */ -+/* $Id: tiffcp.c,v 1.57 2016-12-03 14:42:40 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -1378,7 +1378,7 @@ - uint8* bufp = (uint8*) buf; - uint32 tw, tl; - uint32 row; -- uint16 bps, bytes_per_sample; -+ uint16 bps = 0, bytes_per_sample; - - tilebuf = _TIFFmalloc(tilesize); - if (tilebuf == 0) -@@ -1387,6 +1387,12 @@ - (void) TIFFGetField(in, TIFFTAG_TILEWIDTH, &tw); - (void) TIFFGetField(in, TIFFTAG_TILELENGTH, &tl); - (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps); -+ if( bps == 0 ) -+ { -+ TIFFError(TIFFFileName(in), "Error, cannot read BitsPerSample"); -+ status = 0; -+ goto done; -+ } - assert( bps % 8 == 0 ); - bytes_per_sample = bps/8; - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * tools/tiffcp.c: avoid potential division by zero is BitsPerSamples -tag is - missing. - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2607 - - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1186; previous revision: 1.1185 -/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v <-- tools/tiffcp.c -new revision: 1.58; previous revision: 1.57 - -Index: libtiff/tools/tiffcp.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v -retrieving revision 1.57 -retrieving revision 1.58 -diff -u -r1.57 -r1.58 ---- libtiff/tools/tiffcp.c 3 Dec 2016 14:42:40 -0000 1.57 -+++ libtiff/tools/tiffcp.c 3 Dec 2016 15:44:15 -0000 1.58 -@@ -1,4 +1,4 @@ --/* $Id: tiffcp.c,v 1.57 2016-12-03 14:42:40 erouault Exp $ */ -+/* $Id: tiffcp.c,v 1.58 2016-12-03 15:44:15 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -1569,7 +1569,7 @@ - uint8* bufp = (uint8*) buf; - uint32 tl, tw; - uint32 row; -- uint16 bps, bytes_per_sample; -+ uint16 bps = 0, bytes_per_sample; - - obuf = _TIFFmalloc(TIFFTileSize(out)); - if (obuf == NULL) -@@ -1578,6 +1578,12 @@ - (void) TIFFGetField(out, TIFFTAG_TILELENGTH, &tl); - (void) TIFFGetField(out, TIFFTAG_TILEWIDTH, &tw); - (void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps); -+ if( bps == 0 ) -+ { -+ TIFFError(TIFFFileName(out), "Error, cannot read BitsPerSample"); -+ _TIFFfree(obuf); -+ return 0; -+ } - assert( bps % 8 == 0 ); - bytes_per_sample = bps/8; - diff --git a/gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch b/gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch deleted file mode 100644 index 823293f1cf..0000000000 --- a/gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch +++ /dev/null @@ -1,57 +0,0 @@ -Fix divide-by-zero in readSeparateStripsIntoBuffer(): - -http://bugzilla.maptools.org/show_bug.cgi?id=2619 - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * tools/tiffcrop.c: fix integer division by zero when BitsPerSample is -missing. - Reported by Agostina Sarubo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2619 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1180; previous revision: 1.1179 -/cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v <-- tools/tiffcrop.c -new revision: 1.49; previous revision: 1.48 - -Index: libtiff/tools/tiffcrop.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v -retrieving revision 1.48 -retrieving revision 1.49 -diff -u -r1.48 -r1.49 ---- libtiff/tools/tiffcrop.c 3 Dec 2016 12:19:32 -0000 1.48 -+++ libtiff/tools/tiffcrop.c 3 Dec 2016 13:00:04 -0000 1.49 -@@ -1,4 +1,4 @@ --/* $Id: tiffcrop.c,v 1.48 2016-12-03 12:19:32 erouault Exp $ */ -+/* $Id: tiffcrop.c,v 1.49 2016-12-03 13:00:04 erouault Exp $ */ - - /* tiffcrop.c -- a port of tiffcp.c extended to include manipulations of - * the image data through additional options listed below -@@ -1164,7 +1164,7 @@ - tdata_t obuf; - - (void) TIFFGetFieldDefaulted(out, TIFFTAG_ROWSPERSTRIP, &rowsperstrip); -- (void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps); -+ (void) TIFFGetFieldDefaulted(out, TIFFTAG_BITSPERSAMPLE, &bps); - bytes_per_sample = (bps + 7) / 8; - if( width == 0 || - (uint32)bps * (uint32)spp > TIFF_UINT32_MAX / width || -@@ -4760,7 +4760,7 @@ - int i, bytes_per_sample, bytes_per_pixel, shift_width, result = 1; - uint32 j; - int32 bytes_read = 0; -- uint16 bps, planar; -+ uint16 bps = 0, planar; - uint32 nstrips; - uint32 strips_per_sample; - uint32 src_rowsize, dst_rowsize, rows_processed, rps; -@@ -4780,7 +4780,7 @@ - } - - memset (srcbuffs, '\0', sizeof(srcbuffs)); -- TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps); -+ TIFFGetFieldDefaulted(in, TIFFTAG_BITSPERSAMPLE, &bps); - TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &planar); - TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rps); - if (rps > length) diff --git a/gnu/packages/patches/libtiff-divide-by-zero.patch b/gnu/packages/patches/libtiff-divide-by-zero.patch deleted file mode 100644 index 6dbd4666cd..0000000000 --- a/gnu/packages/patches/libtiff-divide-by-zero.patch +++ /dev/null @@ -1,67 +0,0 @@ -Fix an integer overflow in TIFFReadEncodedStrip() that led to division-by-zero: - -http://bugzilla.maptools.org/show_bug.cgi?id=2596 - -2016-12-02 Even Rouault <even.rouault at spatialys.com> - - * libtiff/tif_read.c, libtiff/tiffiop.h: fix uint32 overflow in - TIFFReadEncodedStrip() that caused an integer division by zero. - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2596 - - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1173; previous revision: 1.1172 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v <-- libtiff/tif_read.c -new revision: 1.50; previous revision: 1.49 -/cvs/maptools/cvsroot/libtiff/libtiff/tiffiop.h,v <-- libtiff/tiffiop.h -new revision: 1.90; previous revision: 1.89 - -Index: libtiff/libtiff/tif_read.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v -retrieving revision 1.49 -retrieving revision 1.50 -diff -u -r1.49 -r1.50 ---- libtiff/libtiff/tif_read.c 10 Jul 2016 18:00:21 -0000 1.49 -+++ libtiff/libtiff/tif_read.c 2 Dec 2016 21:56:56 -0000 1.50 -@@ -1,4 +1,4 @@ --/* $Id: tif_read.c,v 1.49 2016-07-10 18:00:21 erouault Exp $ */ -+/* $Id: tif_read.c,v 1.50 2016-12-02 21:56:56 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -346,7 +346,7 @@ - rowsperstrip=td->td_rowsperstrip; - if (rowsperstrip>td->td_imagelength) - rowsperstrip=td->td_imagelength; -- stripsperplane=((td->td_imagelength+rowsperstrip-1)/rowsperstrip); -+ stripsperplane= TIFFhowmany_32_maxuint_compat(td->td_imagelength, rowsperstrip); - stripinplane=(strip%stripsperplane); - plane=(uint16)(strip/stripsperplane); - rows=td->td_imagelength-stripinplane*rowsperstrip; -Index: libtiff/libtiff/tiffiop.h -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tiffiop.h,v -retrieving revision 1.89 -retrieving revision 1.90 -diff -u -r1.89 -r1.90 ---- libtiff/libtiff/tiffiop.h 23 Jan 2016 21:20:34 -0000 1.89 -+++ libtiff/libtiff/tiffiop.h 2 Dec 2016 21:56:56 -0000 1.90 -@@ -1,4 +1,4 @@ --/* $Id: tiffiop.h,v 1.89 2016-01-23 21:20:34 erouault Exp $ */ -+/* $Id: tiffiop.h,v 1.90 2016-12-02 21:56:56 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -250,6 +250,10 @@ - #define TIFFhowmany_32(x, y) (((uint32)x < (0xffffffff - (uint32)(y-1))) ? \ - ((((uint32)(x))+(((uint32)(y))-1))/((uint32)(y))) : \ - 0U) -+/* Variant of TIFFhowmany_32() that doesn't return 0 if x close to MAXUINT. */ -+/* Caution: TIFFhowmany_32_maxuint_compat(x,y)*y might overflow */ -+#define TIFFhowmany_32_maxuint_compat(x, y) \ -+ (((uint32)(x) / (uint32)(y)) + ((((uint32)(x) % (uint32)(y)) != 0) ? 1 : 0)) - #define TIFFhowmany8_32(x) (((x)&0x07)?((uint32)(x)>>3)+1:(uint32)(x)>>3) - #define TIFFroundup_32(x, y) (TIFFhowmany_32(x,y)*(y)) - #define TIFFhowmany_64(x, y) ((((uint64)(x))+(((uint64)(y))-1))/((uint64)(y))) diff --git a/gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch b/gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch deleted file mode 100644 index 2d5e23586d..0000000000 --- a/gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch +++ /dev/null @@ -1,131 +0,0 @@ -Fix heap-based buffer overflow in _TIFFmemcpy(): - -http://bugzilla.maptools.org/show_bug.cgi?id=2604 - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * libtiff/tif_pixarlog.c, libtiff/tif_luv.c: fix heap-based buffer - overflow on generation of PixarLog / LUV compressed files, with - ColorMap, TransferFunction attached and nasty plays with bitspersample. - The fix for LUV has not been tested, but suffers from the same kind - of issue of PixarLog. - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2604 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1175; previous revision: 1.1174 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_luv.c,v <-- libtiff/tif_luv.c -new revision: 1.44; previous revision: 1.43 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_pixarlog.c,v <-- -libtiff/tif_pixarlog.c -new revision: 1.49; previous revision: 1.48 - -Index: libtiff/libtiff/tif_luv.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_luv.c,v -retrieving revision 1.43 -retrieving revision 1.44 -diff -u -r1.43 -r1.44 ---- libtiff/libtiff/tif_luv.c 4 Sep 2016 21:32:56 -0000 1.43 -+++ libtiff/libtiff/tif_luv.c 2 Dec 2016 23:05:51 -0000 1.44 -@@ -1,4 +1,4 @@ --/* $Id: tif_luv.c,v 1.43 2016-09-04 21:32:56 erouault Exp $ */ -+/* $Id: tif_luv.c,v 1.44 2016-12-02 23:05:51 erouault Exp $ */ - - /* - * Copyright (c) 1997 Greg Ward Larson -@@ -158,6 +158,7 @@ - typedef struct logLuvState LogLuvState; - - struct logLuvState { -+ int encoder_state; /* 1 if encoder correctly initialized */ - int user_datafmt; /* user data format */ - int encode_meth; /* encoding method */ - int pixel_size; /* bytes per pixel */ -@@ -1552,6 +1553,7 @@ - td->td_photometric, "must be either LogLUV or LogL"); - break; - } -+ sp->encoder_state = 1; - return (1); - notsupported: - TIFFErrorExt(tif->tif_clientdata, module, -@@ -1563,19 +1565,27 @@ - static void - LogLuvClose(TIFF* tif) - { -+ LogLuvState* sp = (LogLuvState*) tif->tif_data; - TIFFDirectory *td = &tif->tif_dir; - -+ assert(sp != 0); - /* - * For consistency, we always want to write out the same - * bitspersample and sampleformat for our TIFF file, - * regardless of the data format being used by the application. - * Since this routine is called after tags have been set but - * before they have been recorded in the file, we reset them here. -+ * Note: this is really a nasty approach. See PixarLogClose - */ -- td->td_samplesperpixel = -- (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3; -- td->td_bitspersample = 16; -- td->td_sampleformat = SAMPLEFORMAT_INT; -+ if( sp->encoder_state ) -+ { -+ /* See PixarLogClose. Might avoid issues with tags whose size depends -+ * on those below, but not completely sure this is enough. */ -+ td->td_samplesperpixel = -+ (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3; -+ td->td_bitspersample = 16; -+ td->td_sampleformat = SAMPLEFORMAT_INT; -+ } - } - - static void -Index: libtiff/libtiff/tif_pixarlog.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_pixarlog.c,v -retrieving revision 1.48 -retrieving revision 1.49 -diff -u -r1.48 -r1.49 ---- libtiff/libtiff/tif_pixarlog.c 23 Sep 2016 22:12:18 -0000 1.48 -+++ libtiff/libtiff/tif_pixarlog.c 2 Dec 2016 23:05:51 -0000 1.49 -@@ -1,4 +1,4 @@ --/* $Id: tif_pixarlog.c,v 1.48 2016-09-23 22:12:18 erouault Exp $ */ -+/* $Id: tif_pixarlog.c,v 1.49 2016-12-02 23:05:51 erouault Exp $ */ - - /* - * Copyright (c) 1996-1997 Sam Leffler -@@ -1233,8 +1233,10 @@ - static void - PixarLogClose(TIFF* tif) - { -+ PixarLogState* sp = (PixarLogState*) tif->tif_data; - TIFFDirectory *td = &tif->tif_dir; - -+ assert(sp != 0); - /* In a really sneaky (and really incorrect, and untruthful, and - * troublesome, and error-prone) maneuver that completely goes against - * the spirit of TIFF, and breaks TIFF, on close, we covertly -@@ -1243,8 +1245,19 @@ - * readers that don't know about PixarLog, or how to set - * the PIXARLOGDATFMT pseudo-tag. - */ -- td->td_bitspersample = 8; -- td->td_sampleformat = SAMPLEFORMAT_UINT; -+ -+ if (sp->state&PLSTATE_INIT) { -+ /* We test the state to avoid an issue such as in -+ * http://bugzilla.maptools.org/show_bug.cgi?id=2604 -+ * What appends in that case is that the bitspersample is 1 and -+ * a TransferFunction is set. The size of the TransferFunction -+ * depends on 1<<bitspersample. So if we increase it, an access -+ * out of the buffer will happen at directory flushing. -+ * Another option would be to clear those targs. -+ */ -+ td->td_bitspersample = 8; -+ td->td_sampleformat = SAMPLEFORMAT_UINT; -+ } - } - - static void diff --git a/gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch b/gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch deleted file mode 100644 index 68889b121b..0000000000 --- a/gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch +++ /dev/null @@ -1,132 +0,0 @@ -Fix heap-based buffer overflow in TIFFFillStrip(): - -http://bugzilla.maptools.org/show_bug.cgi?id=2608 - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * libtiff/tif_dirread.c: modify ChopUpSingleUncompressedStrip() to - instanciate compute ntrips as TIFFhowmany_32(td->td_imagelength, -rowsperstrip), - instead of a logic based on the total size of data. Which is faulty is - the total size of data is not sufficient to fill the whole image, and -thus - results in reading outside of the StripByCounts/StripOffsets arrays -when - using TIFFReadScanline(). - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2608. - - * libtiff/tif_strip.c: revert the change in TIFFNumberOfStrips() done - for http://bugzilla.maptools.org/show_bug.cgi?id=2587 / CVE-2016-9273 -since - the above change is a better fix that makes it unnecessary. - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1176; previous revision: 1.1175 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v <-- -libtiff/tif_dirread.c -new revision: 1.205; previous revision: 1.204 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_strip.c,v <-- libtiff/tif_strip.c -new revision: 1.38; previous revision: 1.37 - -Index: libtiff/libtiff/tif_dirread.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v -retrieving revision 1.204 -retrieving revision 1.205 -diff -u -r1.204 -r1.205 ---- libtiff/libtiff/tif_dirread.c 16 Nov 2016 15:14:15 -0000 1.204 -+++ libtiff/libtiff/tif_dirread.c 3 Dec 2016 11:02:15 -0000 1.205 -@@ -1,4 +1,4 @@ --/* $Id: tif_dirread.c,v 1.204 2016-11-16 15:14:15 erouault Exp $ */ -+/* $Id: tif_dirread.c,v 1.205 2016-12-03 11:02:15 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -5502,8 +5502,7 @@ - uint64 rowblockbytes; - uint64 stripbytes; - uint32 strip; -- uint64 nstrips64; -- uint32 nstrips32; -+ uint32 nstrips; - uint32 rowsperstrip; - uint64* newcounts; - uint64* newoffsets; -@@ -5534,18 +5533,17 @@ - return; - - /* -- * never increase the number of strips in an image -+ * never increase the number of rows per strip - */ - if (rowsperstrip >= td->td_rowsperstrip) - return; -- nstrips64 = TIFFhowmany_64(bytecount, stripbytes); -- if ((nstrips64==0)||(nstrips64>0xFFFFFFFF)) /* something is wonky, do nothing. */ -- return; -- nstrips32 = (uint32)nstrips64; -+ nstrips = TIFFhowmany_32(td->td_imagelength, rowsperstrip); -+ if( nstrips == 0 ) -+ return; - -- newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64), -+ newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64), - "for chopped \"StripByteCounts\" array"); -- newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64), -+ newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64), - "for chopped \"StripOffsets\" array"); - if (newcounts == NULL || newoffsets == NULL) { - /* -@@ -5562,18 +5560,18 @@ - * Fill the strip information arrays with new bytecounts and offsets - * that reflect the broken-up format. - */ -- for (strip = 0; strip < nstrips32; strip++) { -+ for (strip = 0; strip < nstrips; strip++) { - if (stripbytes > bytecount) - stripbytes = bytecount; - newcounts[strip] = stripbytes; -- newoffsets[strip] = offset; -+ newoffsets[strip] = stripbytes ? offset : 0; - offset += stripbytes; - bytecount -= stripbytes; - } - /* - * Replace old single strip info with multi-strip info. - */ -- td->td_stripsperimage = td->td_nstrips = nstrips32; -+ td->td_stripsperimage = td->td_nstrips = nstrips; - TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, rowsperstrip); - - _TIFFfree(td->td_stripbytecount); -Index: libtiff/libtiff/tif_strip.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_strip.c,v -retrieving revision 1.37 -retrieving revision 1.38 -diff -u -r1.37 -r1.38 ---- libtiff/libtiff/tif_strip.c 9 Nov 2016 23:00:49 -0000 1.37 -+++ libtiff/libtiff/tif_strip.c 3 Dec 2016 11:02:15 -0000 1.38 -@@ -1,4 +1,4 @@ --/* $Id: tif_strip.c,v 1.37 2016-11-09 23:00:49 erouault Exp $ */ -+/* $Id: tif_strip.c,v 1.38 2016-12-03 11:02:15 erouault Exp $ */ - - /* - * Copyright (c) 1991-1997 Sam Leffler -@@ -63,15 +63,6 @@ - TIFFDirectory *td = &tif->tif_dir; - uint32 nstrips; - -- /* If the value was already computed and store in td_nstrips, then return it, -- since ChopUpSingleUncompressedStrip might have altered and resized the -- since the td_stripbytecount and td_stripoffset arrays to the new value -- after the initial affectation of td_nstrips = TIFFNumberOfStrips() in -- tif_dirread.c ~line 3612. -- See http://bugzilla.maptools.org/show_bug.cgi?id=2587 */ -- if( td->td_nstrips ) -- return td->td_nstrips; -- - nstrips = (td->td_rowsperstrip == (uint32) -1 ? 1 : - TIFFhowmany_32(td->td_imagelength, td->td_rowsperstrip)); - if (td->td_planarconfig == PLANARCONFIG_SEPARATE) diff --git a/gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch b/gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch deleted file mode 100644 index f0fef08bf3..0000000000 --- a/gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch +++ /dev/null @@ -1,67 +0,0 @@ -Fix heap buffer overflow in tiffcp when parsing number of inks: - -http://bugzilla.maptools.org/show_bug.cgi?id=2599 - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * tools/tif_dir.c: when TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) is -called, - limit the return number of inks to SamplesPerPixel, so that code that -parses - ink names doesn't go past the end of the buffer. - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2599 - - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1184; previous revision: 1.1183 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.c,v <-- libtiff/tif_dir.c -new revision: 1.128; previous revision: 1.127 - -Index: libtiff/libtiff/tif_dir.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.c,v -retrieving revision 1.127 -retrieving revision 1.128 -diff -u -r1.127 -r1.128 ---- libtiff/libtiff/tif_dir.c 25 Oct 2016 21:35:15 -0000 1.127 -+++ libtiff/libtiff/tif_dir.c 3 Dec 2016 15:30:31 -0000 1.128 -@@ -1,4 +1,4 @@ --/* $Id: tif_dir.c,v 1.127 2016-10-25 21:35:15 erouault Exp $ */ -+/* $Id: tif_dir.c,v 1.128 2016-12-03 15:30:31 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -854,6 +854,32 @@ - if( fip == NULL ) /* cannot happen since TIFFGetField() already checks it */ - return 0; - -+ if( tag == TIFFTAG_NUMBEROFINKS ) -+ { -+ int i; -+ for (i = 0; i < td->td_customValueCount; i++) { -+ uint16 val; -+ TIFFTagValue *tv = td->td_customValues + i; -+ if (tv->info->field_tag != tag) -+ continue; -+ val = *(uint16 *)tv->value; -+ /* Truncate to SamplesPerPixel, since the */ -+ /* setting code for INKNAMES assume that there are SamplesPerPixel */ -+ /* inknames. */ -+ /* Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2599 */ -+ if( val > td->td_samplesperpixel ) -+ { -+ TIFFWarningExt(tif->tif_clientdata,"_TIFFVGetField", -+ "Truncating NumberOfInks from %u to %u", -+ val, td->td_samplesperpixel); -+ val = td->td_samplesperpixel; -+ } -+ *va_arg(ap, uint16*) = val; -+ return 1; -+ } -+ return 0; -+ } -+ - /* - * We want to force the custom code to be used for custom - * fields even if the tag happens to match a well known diff --git a/gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch b/gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch deleted file mode 100644 index 8166c55758..0000000000 --- a/gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch +++ /dev/null @@ -1,60 +0,0 @@ -Fix heap-based buffer overflow in combineSeparateSamples16bits(): - -http://bugzilla.maptools.org/show_bug.cgi?id=2621 - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * tools/tiffcrop.c: add 3 extra bytes at end of strip buffer in - readSeparateStripsIntoBuffer() to avoid read outside of heap allocated -buffer. - Reported by Agostina Sarubo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2621 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1179; previous revision: 1.1178 -/cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v <-- tools/tiffcrop.c -new revision: 1.48; previous revision: 1.47 - -Index: libtiff/tools/tiffcrop.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v -retrieving revision 1.47 -retrieving revision 1.48 -diff -u -r1.47 -r1.48 ---- libtiff/tools/tiffcrop.c 3 Dec 2016 11:35:56 -0000 1.47 -+++ libtiff/tools/tiffcrop.c 3 Dec 2016 12:19:32 -0000 1.48 -@@ -1,4 +1,4 @@ --/* $Id: tiffcrop.c,v 1.47 2016-12-03 11:35:56 erouault Exp $ */ -+/* $Id: tiffcrop.c,v 1.48 2016-12-03 12:19:32 erouault Exp $ */ - - /* tiffcrop.c -- a port of tiffcp.c extended to include manipulations of - * the image data through additional options listed below -@@ -4815,10 +4815,17 @@ - nstrips = TIFFNumberOfStrips(in); - strips_per_sample = nstrips /spp; - -+ /* Add 3 padding bytes for combineSeparateSamples32bits */ -+ if( (size_t) stripsize > 0xFFFFFFFFU - 3U ) -+ { -+ TIFFError("readSeparateStripsIntoBuffer", "Integer overflow when calculating buffer size."); -+ exit(-1); -+ } -+ - for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) - { - srcbuffs[s] = NULL; -- buff = _TIFFmalloc(stripsize); -+ buff = _TIFFmalloc(stripsize + 3); - if (!buff) - { - TIFFError ("readSeparateStripsIntoBuffer", -@@ -4827,6 +4834,9 @@ - _TIFFfree (srcbuffs[i]); - return 0; - } -+ buff[stripsize] = 0; -+ buff[stripsize+1] = 0; -+ buff[stripsize+2] = 0; - srcbuffs[s] = buff; - } - diff --git a/gnu/packages/patches/libtiff-invalid-read.patch b/gnu/packages/patches/libtiff-invalid-read.patch deleted file mode 100644 index 92742d8757..0000000000 --- a/gnu/packages/patches/libtiff-invalid-read.patch +++ /dev/null @@ -1,64 +0,0 @@ -Fix invalid read in t2p_writeproc(): - -http://bugzilla.maptools.org/show_bug.cgi?id=2639 - -2016-12-20 Even Rouault <even.rouault at spatialys.com> - - * tools/tiff2pdf.c: avoid potential invalid memory read in - t2p_writeproc. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2639 - - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1198; previous revision: 1.1197 -/cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v <-- tools/tiff2pdf.c -new revision: 1.100; previous revision: 1.99 - -Index: libtiff/tools/tiff2pdf.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v -retrieving revision 1.99 -retrieving revision 1.100 -diff -u -r1.99 -r1.100 ---- libtiff/tools/tiff2pdf.c 20 Dec 2016 17:13:26 -0000 1.99 -+++ libtiff/tools/tiff2pdf.c 20 Dec 2016 17:24:35 -0000 1.100 -@@ -2896,6 +2896,7 @@ - } - if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) { - if (count >= 4) { -+ int retTIFFReadRawTile; - /* Ignore EOI marker of JpegTables */ - _TIFFmemcpy(buffer, jpt, count - 2); - bufferoffset += count - 2; -@@ -2903,22 +2904,23 @@ - table_end[0] = buffer[bufferoffset-2]; - table_end[1] = buffer[bufferoffset-1]; - xuint32 = bufferoffset; -- bufferoffset -= 2; -- bufferoffset += TIFFReadRawTile( -+ bufferoffset -= 2; -+ retTIFFReadRawTile= TIFFReadRawTile( - input, - tile, - (tdata_t) &(((unsigned char*)buffer)[bufferoffset]), - -1); -+ if( retTIFFReadRawTile < 0 ) -+ { -+ _TIFFfree(buffer); -+ t2p->t2p_error = T2P_ERR_ERROR; -+ return(0); -+ } -+ bufferoffset += retTIFFReadRawTile; - /* Overwrite SOI marker of image scan with previously */ - /* saved end of JpegTables */ - buffer[xuint32-2]=table_end[0]; - buffer[xuint32-1]=table_end[1]; -- } else { -- bufferoffset += TIFFReadRawTile( -- input, -- tile, -- (tdata_t) &(((unsigned char*)buffer)[bufferoffset]), -- -1); - } - } - t2pWriteFile(output, (tdata_t) buffer, bufferoffset); diff --git a/gnu/packages/patches/libtiff-null-dereference.patch b/gnu/packages/patches/libtiff-null-dereference.patch deleted file mode 100644 index 8c6345b804..0000000000 --- a/gnu/packages/patches/libtiff-null-dereference.patch +++ /dev/null @@ -1,42 +0,0 @@ -Fix NULL pointer dereference in TIFFReadRawData(): - -http://bugzilla.maptools.org/show_bug.cgi?id=2594 - - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * tools/tiffinfo.c: fix null pointer dereference in -r mode when - * the -image has - no StripByteCount tag. - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2594 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1182; previous revision: 1.1181 -/cvs/maptools/cvsroot/libtiff/tools/tiffinfo.c,v <-- tools/tiffinfo.c -new revision: 1.26; previous revision: 1.25 - -Index: libtiff/tools/tiffinfo.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffinfo.c,v -retrieving revision 1.25 -retrieving revision 1.26 -diff -u -r1.25 -r1.26 ---- libtiff/tools/tiffinfo.c 12 Nov 2016 20:06:05 -0000 1.25 -+++ libtiff/tools/tiffinfo.c 3 Dec 2016 14:18:49 -0000 1.26 -@@ -1,4 +1,4 @@ --/* $Id: tiffinfo.c,v 1.25 2016-11-12 20:06:05 bfriesen Exp $ */ -+/* $Id: tiffinfo.c,v 1.26 2016-12-03 14:18:49 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -417,7 +417,7 @@ - uint64* stripbc=NULL; - - TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &stripbc); -- if (nstrips > 0) { -+ if (stripbc != NULL && nstrips > 0) { - uint32 bufsize = (uint32) stripbc[0]; - tdata_t buf = _TIFFmalloc(bufsize); - tstrip_t s; diff --git a/gnu/packages/patches/libtiff-tiffcp-underflow.patch b/gnu/packages/patches/libtiff-tiffcp-underflow.patch deleted file mode 100644 index 5615cbb3e1..0000000000 --- a/gnu/packages/patches/libtiff-tiffcp-underflow.patch +++ /dev/null @@ -1,41 +0,0 @@ -Fix a integer underflow in tiffcp that led to heap overflows in -TIFFReverseBits(): - -http://bugzilla.maptools.org/show_bug.cgi?id=2598 - -2016-12-02 Even Rouault <even.rouault at spatialys.com> - - * tools/tiffcp.c: avoid uint32 underflow in cpDecodedStrips that - can cause various issues, such as buffer overflows in the library. - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2598 - - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1174; previous revision: 1.1173 -/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v <-- tools/tiffcp.c -new revision: 1.56; previous revision: 1.55 - -Index: libtiff/tools/tiffcp.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v -retrieving revision 1.55 -retrieving revision 1.56 -diff -u -r1.55 -r1.56 ---- libtiff/tools/tiffcp.c 8 Oct 2016 15:54:57 -0000 1.55 -+++ libtiff/tools/tiffcp.c 2 Dec 2016 22:13:32 -0000 1.56 -@@ -1,4 +1,4 @@ --/* $Id: tiffcp.c,v 1.55 2016-10-08 15:54:57 erouault Exp $ */ -+/* $Id: tiffcp.c,v 1.56 2016-12-02 22:13:32 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -985,7 +985,7 @@ - tstrip_t s, ns = TIFFNumberOfStrips(in); - uint32 row = 0; - _TIFFmemset(buf, 0, stripsize); -- for (s = 0; s < ns; s++) { -+ for (s = 0; s < ns && row < imagelength; s++) { - tsize_t cc = (row + rowsperstrip > imagelength) ? - TIFFVStripSize(in, imagelength - row) : stripsize; - if (TIFFReadEncodedStrip(in, s, buf, cc) < 0 diff --git a/gnu/packages/patches/libunistring-gnulib-multi-core.patch b/gnu/packages/patches/libunistring-gnulib-multi-core.patch new file mode 100644 index 0000000000..709b20c6d2 --- /dev/null +++ b/gnu/packages/patches/libunistring-gnulib-multi-core.patch @@ -0,0 +1,178 @@ +This patch fixes performance problems on multi-core machines +as reported at <https://bugs.gnu.org/26441>. + +See commit 480d374e596a0ee3fed168ab42cd84c313ad3c89 in Gnulib +by Bruno Haible <bruno@clisp.org>. + +diff --git a/tests/test-lock.c b/tests/test-lock.c +index cb734b4e6..aa6de2739 100644 +--- a/tests/test-lock.c ++++ b/tests/test-lock.c +@@ -50,6 +50,13 @@ + Uncomment this to see if the operating system has a fair scheduler. */ + #define EXPLICIT_YIELD 1 + ++/* Whether to use 'volatile' on some variables that communicate information ++ between threads. If set to 0, a lock is used to protect these variables. ++ If set to 1, 'volatile' is used; this is theoretically equivalent but can ++ lead to much slower execution (e.g. 30x slower total run time on a 40-core ++ machine. */ ++#define USE_VOLATILE 0 ++ + /* Whether to print debugging messages. */ + #define ENABLE_DEBUGGING 0 + +@@ -103,6 +110,51 @@ + # define yield() + #endif + ++#if USE_VOLATILE ++struct atomic_int { ++ volatile int value; ++}; ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++} ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ return ai->value; ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ ai->value = new_value; ++} ++#else ++struct atomic_int { ++ gl_lock_define (, lock) ++ int value; ++}; ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++ gl_lock_init (ai->lock); ++} ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ gl_lock_lock (ai->lock); ++ int ret = ai->value; ++ gl_lock_unlock (ai->lock); ++ return ret; ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ gl_lock_lock (ai->lock); ++ ai->value = new_value; ++ gl_lock_unlock (ai->lock); ++} ++#endif ++ + #define ACCOUNT_COUNT 4 + + static int account[ACCOUNT_COUNT]; +@@ -170,12 +222,12 @@ lock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int lock_checker_done; ++static struct atomic_int lock_checker_done; + + static void * + lock_checker_thread (void *arg) + { +- while (!lock_checker_done) ++ while (get_atomic_int_value (&lock_checker_done) == 0) + { + dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); + gl_lock_lock (my_lock); +@@ -200,7 +252,8 @@ test_lock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- lock_checker_done = 0; ++ init_atomic_int (&lock_checker_done); ++ set_atomic_int_value (&lock_checker_done, 0); + + /* Spawn the threads. */ + checkerthread = gl_thread_create (lock_checker_thread, NULL); +@@ -210,7 +263,7 @@ test_lock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- lock_checker_done = 1; ++ set_atomic_int_value (&lock_checker_done, 1); + gl_thread_join (checkerthread, NULL); + check_accounts (); + } +@@ -254,12 +307,12 @@ rwlock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int rwlock_checker_done; ++static struct atomic_int rwlock_checker_done; + + static void * + rwlock_checker_thread (void *arg) + { +- while (!rwlock_checker_done) ++ while (get_atomic_int_value (&rwlock_checker_done) == 0) + { + dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ()); + gl_rwlock_rdlock (my_rwlock); +@@ -284,7 +337,8 @@ test_rwlock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- rwlock_checker_done = 0; ++ init_atomic_int (&rwlock_checker_done); ++ set_atomic_int_value (&rwlock_checker_done, 0); + + /* Spawn the threads. */ + for (i = 0; i < THREAD_COUNT; i++) +@@ -295,7 +349,7 @@ test_rwlock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- rwlock_checker_done = 1; ++ set_atomic_int_value (&rwlock_checker_done, 1); + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (checkerthreads[i], NULL); + check_accounts (); +@@ -356,12 +410,12 @@ reclock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int reclock_checker_done; ++static struct atomic_int reclock_checker_done; + + static void * + reclock_checker_thread (void *arg) + { +- while (!reclock_checker_done) ++ while (get_atomic_int_value (&reclock_checker_done) == 0) + { + dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); + gl_recursive_lock_lock (my_reclock); +@@ -386,7 +440,8 @@ test_recursive_lock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- reclock_checker_done = 0; ++ init_atomic_int (&reclock_checker_done); ++ set_atomic_int_value (&reclock_checker_done, 0); + + /* Spawn the threads. */ + checkerthread = gl_thread_create (reclock_checker_thread, NULL); +@@ -396,7 +451,7 @@ test_recursive_lock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- reclock_checker_done = 1; ++ set_atomic_int_value (&reclock_checker_done, 1); + gl_thread_join (checkerthread, NULL); + check_accounts (); + } diff --git a/gnu/packages/patches/python-file-double-encoding-bug.patch b/gnu/packages/patches/python-file-double-encoding-bug.patch deleted file mode 100644 index bbe825c36a..0000000000 --- a/gnu/packages/patches/python-file-double-encoding-bug.patch +++ /dev/null @@ -1,50 +0,0 @@ -Fix bug that breaks file's Python bindings when using Python 3. This patch -should not be applied when using Python 2. - -Copied from upstream source repository: - -https://github.com/file/file/commit/73e043d2a986234b187a00ed0c8d1f7bf83df372 - -From 73e043d2a986234b187a00ed0c8d1f7bf83df372 Mon Sep 17 00:00:00 2001 -From: Christos Zoulas <christos@zoulas.com> -Date: Tue, 28 Jun 2016 17:10:22 +0000 -Subject: [PATCH] PR/562: Reiner Herrmann: Avoid double encoding with python3 - ---- - python/magic.py | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/python/magic.py b/python/magic.py -index c48f7d5..b0f7a17 100644 ---- a/python/magic.py -+++ b/python/magic.py -@@ -134,7 +134,7 @@ class Magic(object): - if isinstance(r, str): - return r - else: -- return str(r).encode('utf-8') -+ return str(r, 'utf-8') - - def descriptor(self, fd): - """ -@@ -152,7 +152,7 @@ class Magic(object): - if isinstance(r, str): - return r - else: -- return str(r).encode('utf-8') -+ return str(r, 'utf-8') - - def error(self): - """ -@@ -163,7 +163,7 @@ class Magic(object): - if isinstance(e, str): - return e - else: -- return str(e).encode('utf-8') -+ return str(e, 'utf-8') - - def setflags(self, flags): - """ --- -2.10.1 - |