diff options
Diffstat (limited to 'gnu')
26 files changed, 45 insertions, 980 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 96689a7d60..c635a4792c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -670,16 +670,6 @@ dist_patch_DATA = \ %D%/packages/patches/libssh-0.6.5-CVE-2016-0739.patch \ %D%/packages/patches/libtar-CVE-2013-4420.patch \ %D%/packages/patches/libtheora-config-guess.patch \ - %D%/packages/patches/libtiff-CVE-2015-8665+CVE-2015-8683.patch \ - %D%/packages/patches/libtiff-CVE-2016-3623.patch \ - %D%/packages/patches/libtiff-CVE-2016-3945.patch \ - %D%/packages/patches/libtiff-CVE-2016-3990.patch \ - %D%/packages/patches/libtiff-CVE-2016-3991.patch \ - %D%/packages/patches/libtiff-CVE-2016-5314.patch \ - %D%/packages/patches/libtiff-CVE-2016-5321.patch \ - %D%/packages/patches/libtiff-CVE-2016-5323.patch \ - %D%/packages/patches/libtiff-oob-accesses-in-decode.patch \ - %D%/packages/patches/libtiff-oob-write-in-nextdecode.patch \ %D%/packages/patches/libtool-skip-tests2.patch \ %D%/packages/patches/libunwind-CVE-2015-3239.patch \ %D%/packages/patches/libupnp-CVE-2016-6255.patch \ @@ -847,7 +837,6 @@ dist_patch_DATA = \ %D%/packages/patches/ruby-concurrent-ignore-broken-test.patch \ %D%/packages/patches/ruby-puma-ignore-broken-test.patch \ %D%/packages/patches/ruby-rack-ignore-failing-test.patch \ - %D%/packages/patches/ruby-symlinkfix.patch \ %D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\ %D%/packages/patches/ruby-yard-fix-skip-of-markdown-tests.patch \ %D%/packages/patches/sed-hurd-path-max.patch \ diff --git a/gnu/packages/algebra.scm b/gnu/packages/algebra.scm index 4288913f78..8e3327eafe 100644 --- a/gnu/packages/algebra.scm +++ b/gnu/packages/algebra.scm @@ -544,7 +544,8 @@ a C program.") "1kwbx92ps0r7s2mqy7lxbxanslxdzj7dp7r7gmdkzv1j8yqf3kwf")))) (build-system gnu-build-system) (arguments - '(#:configure-flags '("--enable-shared" "--enable-openmp") + '(#:configure-flags + '("--enable-shared" "--enable-openmp" "--enable-threads") #:phases (alist-cons-before 'build 'no-native (lambda _ diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index 1c01874bb0..2dd17a9ebb 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -939,15 +939,15 @@ command.") (define-public tzdata (package (name "tzdata") - (version "2016g") + (version "2016j") (source (origin (method url-fetch) (uri (string-append - "http://www.iana.org/time-zones/repository/releases/tzdata" + "https://www.iana.org/time-zones/repository/releases/tzdata" version ".tar.gz")) (sha256 (base32 - "1lgbh49bsbysibzr7imjsh1xa7pqmimphxvvwh6kncj7pjr3fw9w")))) + "1j4xycpwhs57qnkcxwh3np8wnf3km69n3cf4w6p2yv2z247lxvpm")))) (build-system gnu-build-system) (arguments '(#:tests? #f @@ -995,8 +995,8 @@ command.") version ".tar.gz")) (sha256 (base32 - "0azsz436vd65bkdkdmjgsh7zhh0whnqqfliva45191krmm3hpy8z")))))) - (home-page "http://www.iana.org/time-zones") + "1dxhrk4z0n2di8p0yd6q00pa6bwyz5xqbrfbasiz8785ni7zrvxr")))))) + (home-page "https://www.iana.org/time-zones") (synopsis "Database of current and historical time zones") (description "The Time Zone Database (often called tz or zoneinfo) contains code and data that represent the history of local time for many diff --git a/gnu/packages/docbook.scm b/gnu/packages/docbook.scm index 46041c24d3..067ad1c3b0 100644 --- a/gnu/packages/docbook.scm +++ b/gnu/packages/docbook.scm @@ -132,14 +132,14 @@ by no means limited to these applications.) This package provides XML DTDs.") (define-public docbook-xsl (package (name "docbook-xsl") - (version "1.78.1") + (version "1.79.1") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/docbook/docbook-xsl/" version "/docbook-xsl-" version ".tar.bz2")) (sha256 (base32 - "0rxl013ncmz1n6ymk2idvx3hix9pdabk8xn01cpcv32wmfb753y9")))) + "0s59lihif2fr7rznckxr2kfyrvkirv76r1zvidp9b5mj28p4apvj")))) (build-system trivial-build-system) (arguments `(#:builder (let ((name-version (string-append ,name "-" ,version))) diff --git a/gnu/packages/gl.scm b/gnu/packages/gl.scm index 50b474c623..18d5d8166a 100644 --- a/gnu/packages/gl.scm +++ b/gnu/packages/gl.scm @@ -196,7 +196,7 @@ also known as DXTn or DXTC) for Mesa.") (define-public mesa (package (name "mesa") - (version "12.0.1") + (version "13.0.2") (source (origin (method url-fetch) @@ -204,7 +204,9 @@ also known as DXTn or DXTC) for Mesa.") version "/mesa-" version ".tar.xz")) (sha256 (base32 - "12b3i59xdn2in2hchrkgh4fwij8zhznibx976l3pdj3qkyvlzcms")))) + "1m8n8kd8kcs5ddyvldiw09wvpi5wwpfmmxlb87d63vgl8lk65vd6")) + (patches + (search-patches "mesa-wayland-egl-symbols-check-mips.patch")))) (build-system gnu-build-system) (propagated-inputs `(("glproto" ,glproto) @@ -227,20 +229,10 @@ also known as DXTn or DXTC) for Mesa.") ("makedepend" ,makedepend) ("presentproto" ,presentproto) ("s2tc" ,s2tc) - ("udev" ,eudev) ("wayland" ,wayland))) (native-inputs `(("pkg-config" ,pkg-config) - ("python" ,python-2) - - ;; XXX To prevent a large number of rebuilds on other systems, - ;; apply the following patch on MIPS systems only. In the next - ;; core-updates cycle, this patch could be applied on all platforms. - ,@(if (string-prefix? "mips" (or (%current-target-system) - (%current-system))) - `(("mips-patch" - ,(search-patch "mesa-wayland-egl-symbols-check-mips.patch"))) - '()))) + ("python" ,python-2))) (arguments `(#:configure-flags '(;; drop r300 from default gallium drivers, as it requires llvm @@ -267,16 +259,6 @@ also known as DXTn or DXTC) for Mesa.") '("--with-dri-drivers=nouveau,r200,radeon,swrast")))) #:phases (modify-phases %standard-phases - ;; Add an 'apply-mips-patch' phase conditionally (see above.) - ,@(if (string-prefix? "mips" (or (%current-target-system) - (%current-system))) - `((add-after 'unpack 'apply-mips-patch - (lambda* (#:key inputs #:allow-other-keys) - (let ((patch (assoc-ref inputs "mips-patch"))) - (zero? (system* "patch" "-p1" "--force" - "--input" patch)))))) - '()) - (add-after 'unpack 'patch-create_test_cases (lambda _ @@ -288,7 +270,6 @@ also known as DXTn or DXTC) for Mesa.") 'build 'fix-dlopen-libnames (lambda* (#:key inputs outputs #:allow-other-keys) (let ((s2tc (assoc-ref inputs "s2tc")) - (udev (assoc-ref inputs "udev")) (out (assoc-ref outputs "out"))) ;; Remain agnostic to .so.X.Y.Z versions while doing ;; the substitutions so we're future-safe. @@ -297,10 +278,6 @@ also known as DXTn or DXTC) for Mesa.") "src/mesa/main/texcompress_s3tc.c") (("\"libtxc_dxtn\\.so") (string-append "\"" s2tc "/lib/libtxc_dxtn.so"))) - (substitute* "src/loader/loader.c" - (("udev_handle = dlopen\\(name") - (string-append "udev_handle = dlopen(\"" - udev "/lib/libudev.so\""))) (substitute* "src/glx/dri_common.c" (("dlopen\\(\"libGL\\.so") (string-append "dlopen(\"" out "/lib/libGL.so"))) diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm index ba2184c6ad..a78b188af0 100644 --- a/gnu/packages/glib.scm +++ b/gnu/packages/glib.scm @@ -64,8 +64,7 @@ (define dbus (package (name "dbus") - (replacement dbus-1.10.12) - (version "1.10.10") + (version "1.10.14") (source (origin (method url-fetch) (uri (string-append @@ -73,7 +72,7 @@ version ".tar.gz")) (sha256 (base32 - "0hwsfczhx2djmc9116vj5v230i7gpjihwh3vbljs1ldlk831v3wx")) + "10x0wvv2ly4lyyfd42k4xw0ar5qdbi9cksw3l5fcwf1y6mq8y8r3")) (patches (search-patches "dbus-helper-search-path.patch")))) (build-system gnu-build-system) (arguments @@ -132,21 +131,6 @@ or through unencrypted TCP/IP suitable for use behind a firewall with shared NFS home directories.") (license license:gpl2+))) ; or Academic Free License 2.1 -(define dbus-1.10.12 - (package - (inherit dbus) - (name "dbus") - (source - (let ((version "1.10.12")) - (origin - (inherit (package-source dbus)) - (uri (string-append - "https://dbus.freedesktop.org/releases/dbus/dbus-" - version ".tar.gz")) - (sha256 - (base32 - "0pa71vf5c0d7k3gni06iascmplj0j5g70wbc833ayvi71d1pj2i1"))))))) - (define glib (package (name "glib") diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index e7798e9399..6f2a98b5b3 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -681,14 +681,14 @@ update-desktop-database: updates the database containing a cache of MIME types (define-public shared-mime-info (package (name "shared-mime-info") - (version "1.6") + (version "1.7") (source (origin (method url-fetch) (uri (string-append "https://freedesktop.org/~hadess/" "shared-mime-info-" version ".tar.xz")) (sha256 (base32 - "0k637g047gci8g69bg4g19akylpfraxm40hd30j3i4v7cidziy5j")))) + "0bjd2j1rqrj150mr04j7ib71lfdlgbf235fg8d70g8mszqf7ik7a")))) (build-system gnu-build-system) (arguments ;; The build system appears not to be parallel-safe. diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm index e9aaa461f2..fc4677c247 100644 --- a/gnu/packages/gtk.scm +++ b/gnu/packages/gtk.scm @@ -102,7 +102,6 @@ tools have full access to view and control running applications.") (define-public cairo (package (name "cairo") - (replacement cairo/fixed) (version "1.14.6") (source (origin (method url-fetch) @@ -110,7 +109,8 @@ tools have full access to view and control running applications.") version ".tar.xz")) (sha256 (base32 - "0lmjlzmghmr27y615px9hkm552x7ap6pmq9mfbzr6smp8y2b6g31")))) + "0lmjlzmghmr27y615px9hkm552x7ap6pmq9mfbzr6smp8y2b6g31")) + (patches (search-patches "cairo-CVE-2016-9082.patch")))) (build-system gnu-build-system) (propagated-inputs `(("fontconfig" ,fontconfig) @@ -156,10 +156,6 @@ affine transformation (scale, rotation, shear, etc.).") (package (inherit cairo) (name "cairo-xcb") - (source (origin - (inherit (package-source cairo)) - (patches (search-patches "cairo-CVE-2016-9082.patch")))) - (replacement #f) (inputs `(("mesa" ,mesa) ,@(package-inputs cairo))) @@ -169,17 +165,10 @@ affine transformation (scale, rotation, shear, etc.).") '("--enable-xlib-xcb" "--enable-gl" "--enable-egl"))) (synopsis "2D graphics library (with X11 support)"))) -(define cairo/fixed - (package - (inherit cairo) - (source (origin - (inherit (package-source cairo)) - (patches (search-patches "cairo-CVE-2016-9082.patch")))))) - (define-public harfbuzz (package (name "harfbuzz") - (version "1.2.4") + (version "1.3.3") (source (origin (method url-fetch) (uri (string-append "https://www.freedesktop.org/software/" @@ -187,7 +176,7 @@ affine transformation (scale, rotation, shear, etc.).") version ".tar.bz2")) (sha256 (base32 - "14g4kpph8hgplkm954daxiymxx0vicfq7b7svvdsx54g5bqvv7a4")))) + "1jdkdjvci5d6r26vimsz24hz3xqqrk5xq40n693jn4m42mqrh816")))) (build-system gnu-build-system) (outputs '("out" "bin")) ; 160K, only hb-view depend on cairo @@ -212,7 +201,7 @@ affine transformation (scale, rotation, shear, etc.).") "HarfBuzz is an OpenType text shaping engine.") (license (license:x11-style "file://COPYING" "See 'COPYING' in the distribution.")) - (home-page "http://www.freedesktop.org/wiki/Software/HarfBuzz/"))) + (home-page "https://www.freedesktop.org/wiki/Software/HarfBuzz/"))) (define-public pango (package diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 35abe9e911..7bf330be30 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -38,6 +38,8 @@ #:use-module (gnu packages compression) #:use-module (gnu packages documentation) #:use-module (gnu packages fontutils) + ;; To provide gcc@5 and gcc@6, to work around <http://bugs.gnu.org/24703>. + #:use-module (gnu packages gcc) #:use-module (gnu packages gettext) #:use-module (gnu packages ghostscript) #:use-module (gnu packages gl) @@ -246,25 +248,14 @@ extracting icontainer icon files.") (define-public libtiff (package (name "libtiff") - (replacement libtiff-4.0.7) - (version "4.0.6") + (version "4.0.7") (source (origin (method url-fetch) - (uri (string-append "ftp://ftp.remotesensing.org/pub/libtiff/tiff-" - version ".tar.gz")) - (sha256 (base32 - "136nf1rj9dp5jgv1p7z4dk0xy3wki1w0vfjbk82f645m0w4samsd")) - (patches (search-patches - "libtiff-oob-accesses-in-decode.patch" - "libtiff-oob-write-in-nextdecode.patch" - "libtiff-CVE-2015-8665+CVE-2015-8683.patch" - "libtiff-CVE-2016-3623.patch" - "libtiff-CVE-2016-3945.patch" - "libtiff-CVE-2016-3990.patch" - "libtiff-CVE-2016-3991.patch" - "libtiff-CVE-2016-5314.patch" - "libtiff-CVE-2016-5321.patch" - "libtiff-CVE-2016-5323.patch")))) + (uri (string-append "ftp://download.osgeo.org/libtiff/tiff-" + version ".tar.gz")) + (sha256 + (base32 + "06ghqhr4db1ssq0acyyz49gr8k41gzw6pqb6mbn5r7jqp77s4hwz")))) (build-system gnu-build-system) (outputs '("out" "doc")) ;1.3 MiB of HTML documentation @@ -274,6 +265,9 @@ extracting icontainer icon files.") (assoc-ref %outputs "doc") "/share/doc/" ,name "-" ,version)))) + ;; Build with a patched GCC to work around <http://bugs.gnu.org/24703>. + (native-inputs + `(("gcc@5" ,gcc-5))) (inputs `(("zlib" ,zlib) ("libjpeg" ,libjpeg))) (synopsis "Library for handling TIFF files") @@ -284,20 +278,7 @@ Included are a library, libtiff, for reading and writing TIFF and a small collection of tools for doing simple manipulations of TIFF images.") (license (license:non-copyleft "file://COPYRIGHT" "See COPYRIGHT in the distribution.")) - (home-page "http://www.remotesensing.org/libtiff/"))) - -(define libtiff-4.0.7 - (package - (inherit libtiff) - (version "4.0.7") - (source (origin - (method url-fetch) - (uri (string-append "ftp://download.osgeo.org/libtiff/tiff-" - version ".tar.gz")) - (sha256 - (base32 - "06ghqhr4db1ssq0acyyz49gr8k41gzw6pqb6mbn5r7jqp77s4hwz")))) - (home-page "http://www.simplesystems.org/libtiff/"))) + (home-page "http://www.simplesystems.org/libtiff/"))) (define-public libwmf (package diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 6d00efefac..fca86cf3f6 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -2503,7 +2503,7 @@ Bluetooth audio output devices like headphones or loudspeakers.") (define-public bluez (package (name "bluez") - (version "5.40") + (version "5.43") (source (origin (method url-fetch) (uri (string-append @@ -2511,7 +2511,7 @@ Bluetooth audio output devices like headphones or loudspeakers.") version ".tar.xz")) (sha256 (base32 - "09ywk3lvgis0nbi0d5z8d4qp5r33lzwnd6bdakacmbsm420qpnns")))) + "05cdnpz0w2lwq2x5ba87q1h2wgb4lfnpbnbh6p7499hx59fw1j8n")))) (build-system gnu-build-system) (arguments '(#:configure-flags diff --git a/gnu/packages/patches/libtiff-CVE-2015-8665+CVE-2015-8683.patch b/gnu/packages/patches/libtiff-CVE-2015-8665+CVE-2015-8683.patch deleted file mode 100644 index 811516dbe9..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2015-8665+CVE-2015-8683.patch +++ /dev/null @@ -1,107 +0,0 @@ -2015-12-26 Even Rouault <even.rouault at spatialys.com> - - * libtiff/tif_getimage.c: fix out-of-bound reads in TIFFRGBAImage - interface in case of unsupported values of SamplesPerPixel/ExtraSamples - for LogLUV / CIELab. Add explicit call to TIFFRGBAImageOK() in - TIFFRGBAImageBegin(). Fix CVE-2015-8665 reported by limingxing and - CVE-2015-8683 reported by zzf of Alibaba. - -diff -u -r1.93 -r1.94 ---- libtiff/libtiff/tif_getimage.c 22 Nov 2015 15:31:03 -0000 1.93 -+++ libtiff/libtiff/tif_getimage.c 26 Dec 2015 17:32:03 -0000 1.94 -@@ -182,20 +182,22 @@ - "Planarconfiguration", td->td_planarconfig); - return (0); - } -- if( td->td_samplesperpixel != 3 ) -+ if( td->td_samplesperpixel != 3 || colorchannels != 3 ) - { - sprintf(emsg, -- "Sorry, can not handle image with %s=%d", -- "Samples/pixel", td->td_samplesperpixel); -+ "Sorry, can not handle image with %s=%d, %s=%d", -+ "Samples/pixel", td->td_samplesperpixel, -+ "colorchannels", colorchannels); - return 0; - } - break; - case PHOTOMETRIC_CIELAB: -- if( td->td_samplesperpixel != 3 || td->td_bitspersample != 8 ) -+ if( td->td_samplesperpixel != 3 || colorchannels != 3 || td->td_bitspersample != 8 ) - { - sprintf(emsg, -- "Sorry, can not handle image with %s=%d and %s=%d", -+ "Sorry, can not handle image with %s=%d, %s=%d and %s=%d", - "Samples/pixel", td->td_samplesperpixel, -+ "colorchannels", colorchannels, - "Bits/sample", td->td_bitspersample); - return 0; - } -@@ -255,6 +257,9 @@ - int colorchannels; - uint16 *red_orig, *green_orig, *blue_orig; - int n_color; -+ -+ if( !TIFFRGBAImageOK(tif, emsg) ) -+ return 0; - - /* Initialize to normal values */ - img->row_offset = 0; -@@ -2509,29 +2514,33 @@ - case PHOTOMETRIC_RGB: - switch (img->bitspersample) { - case 8: -- if (img->alpha == EXTRASAMPLE_ASSOCALPHA) -+ if (img->alpha == EXTRASAMPLE_ASSOCALPHA && -+ img->samplesperpixel >= 4) - img->put.contig = putRGBAAcontig8bittile; -- else if (img->alpha == EXTRASAMPLE_UNASSALPHA) -+ else if (img->alpha == EXTRASAMPLE_UNASSALPHA && -+ img->samplesperpixel >= 4) - { - if (BuildMapUaToAa(img)) - img->put.contig = putRGBUAcontig8bittile; - } -- else -+ else if( img->samplesperpixel >= 3 ) - img->put.contig = putRGBcontig8bittile; - break; - case 16: -- if (img->alpha == EXTRASAMPLE_ASSOCALPHA) -+ if (img->alpha == EXTRASAMPLE_ASSOCALPHA && -+ img->samplesperpixel >=4 ) - { - if (BuildMapBitdepth16To8(img)) - img->put.contig = putRGBAAcontig16bittile; - } -- else if (img->alpha == EXTRASAMPLE_UNASSALPHA) -+ else if (img->alpha == EXTRASAMPLE_UNASSALPHA && -+ img->samplesperpixel >=4 ) - { - if (BuildMapBitdepth16To8(img) && - BuildMapUaToAa(img)) - img->put.contig = putRGBUAcontig16bittile; - } -- else -+ else if( img->samplesperpixel >=3 ) - { - if (BuildMapBitdepth16To8(img)) - img->put.contig = putRGBcontig16bittile; -@@ -2540,7 +2549,7 @@ - } - break; - case PHOTOMETRIC_SEPARATED: -- if (buildMap(img)) { -+ if (img->samplesperpixel >=4 && buildMap(img)) { - if (img->bitspersample == 8) { - if (!img->Map) - img->put.contig = putRGBcontig8bitCMYKtile; -@@ -2636,7 +2645,7 @@ - } - break; - case PHOTOMETRIC_CIELAB: -- if (buildMap(img)) { -+ if (img->samplesperpixel == 3 && buildMap(img)) { - if (img->bitspersample == 8) - img->put.contig = initCIELabConversion(img); - break; diff --git a/gnu/packages/patches/libtiff-CVE-2016-3623.patch b/gnu/packages/patches/libtiff-CVE-2016-3623.patch deleted file mode 100644 index 08705861e3..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-3623.patch +++ /dev/null @@ -1,30 +0,0 @@ -Fix CVE-2016-3623. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3623 -http://bugzilla.maptools.org/show_bug.cgi?id=2569 - -Patch extracted from upstream CVS repo with: -$ cvs diff -u -r1.16 -r1.17 tools/rgb2ycbcr.c - -Index: tools/rgb2ycbcr.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/rgb2ycbcr.c,v -retrieving revision 1.16 -retrieving revision 1.17 -diff -u -r1.16 -r1.17 ---- libtiff/tools/rgb2ycbcr.c 21 Jun 2015 01:09:10 -0000 1.16 -+++ libtiff/tools/rgb2ycbcr.c 15 Aug 2016 21:26:56 -0000 1.17 -@@ -95,9 +95,13 @@ - break; - case 'h': - horizSubSampling = atoi(optarg); -+ if( horizSubSampling != 1 && horizSubSampling != 2 && horizSubSampling != 4 ) -+ usage(-1); - break; - case 'v': - vertSubSampling = atoi(optarg); -+ if( vertSubSampling != 1 && vertSubSampling != 2 && vertSubSampling != 4 ) -+ usage(-1); - break; - case 'r': - rowsperstrip = atoi(optarg); diff --git a/gnu/packages/patches/libtiff-CVE-2016-3945.patch b/gnu/packages/patches/libtiff-CVE-2016-3945.patch deleted file mode 100644 index 8ec62bab99..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-3945.patch +++ /dev/null @@ -1,94 +0,0 @@ -Fix CVE-2016-3945 (integer overflow in size of allocated -buffer, when -b mode is enabled, that could result in out-of-bounds -write). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3945 -http://bugzilla.maptools.org/show_bug.cgi?id=2545 - -Patch extracted from upstream CVS repo with: -$ cvs diff -u -r1.21 -r1.22 tools/tiff2rgba.c - -Index: tools/tiff2rgba.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2rgba.c,v -retrieving revision 1.21 -retrieving revision 1.22 -diff -u -r1.21 -r1.22 ---- libtiff/tools/tiff2rgba.c 21 Jun 2015 01:09:10 -0000 1.21 -+++ libtiff/tools/tiff2rgba.c 15 Aug 2016 20:06:41 -0000 1.22 -@@ -147,6 +147,7 @@ - uint32 row, col; - uint32 *wrk_line; - int ok = 1; -+ uint32 rastersize, wrk_linesize; - - TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width); - TIFFGetField(in, TIFFTAG_IMAGELENGTH, &height); -@@ -163,7 +164,13 @@ - /* - * Allocate tile buffer - */ -- raster = (uint32*)_TIFFmalloc(tile_width * tile_height * sizeof (uint32)); -+ rastersize = tile_width * tile_height * sizeof (uint32); -+ if (tile_width != (rastersize / tile_height) / sizeof( uint32)) -+ { -+ TIFFError(TIFFFileName(in), "Integer overflow when calculating raster buffer"); -+ exit(-1); -+ } -+ raster = (uint32*)_TIFFmalloc(rastersize); - if (raster == 0) { - TIFFError(TIFFFileName(in), "No space for raster buffer"); - return (0); -@@ -173,7 +180,13 @@ - * Allocate a scanline buffer for swapping during the vertical - * mirroring pass. - */ -- wrk_line = (uint32*)_TIFFmalloc(tile_width * sizeof (uint32)); -+ wrk_linesize = tile_width * sizeof (uint32); -+ if (tile_width != wrk_linesize / sizeof (uint32)) -+ { -+ TIFFError(TIFFFileName(in), "Integer overflow when calculating wrk_line buffer"); -+ exit(-1); -+ } -+ wrk_line = (uint32*)_TIFFmalloc(wrk_linesize); - if (!wrk_line) { - TIFFError(TIFFFileName(in), "No space for raster scanline buffer"); - ok = 0; -@@ -249,6 +262,7 @@ - uint32 row; - uint32 *wrk_line; - int ok = 1; -+ uint32 rastersize, wrk_linesize; - - TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width); - TIFFGetField(in, TIFFTAG_IMAGELENGTH, &height); -@@ -263,7 +277,13 @@ - /* - * Allocate strip buffer - */ -- raster = (uint32*)_TIFFmalloc(width * rowsperstrip * sizeof (uint32)); -+ rastersize = width * rowsperstrip * sizeof (uint32); -+ if (width != (rastersize / rowsperstrip) / sizeof( uint32)) -+ { -+ TIFFError(TIFFFileName(in), "Integer overflow when calculating raster buffer"); -+ exit(-1); -+ } -+ raster = (uint32*)_TIFFmalloc(rastersize); - if (raster == 0) { - TIFFError(TIFFFileName(in), "No space for raster buffer"); - return (0); -@@ -273,7 +293,13 @@ - * Allocate a scanline buffer for swapping during the vertical - * mirroring pass. - */ -- wrk_line = (uint32*)_TIFFmalloc(width * sizeof (uint32)); -+ wrk_linesize = width * sizeof (uint32); -+ if (width != wrk_linesize / sizeof (uint32)) -+ { -+ TIFFError(TIFFFileName(in), "Integer overflow when calculating wrk_line buffer"); -+ exit(-1); -+ } -+ wrk_line = (uint32*)_TIFFmalloc(wrk_linesize); - if (!wrk_line) { - TIFFError(TIFFFileName(in), "No space for raster scanline buffer"); - ok = 0; diff --git a/gnu/packages/patches/libtiff-CVE-2016-3990.patch b/gnu/packages/patches/libtiff-CVE-2016-3990.patch deleted file mode 100644 index 7641c3073b..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-3990.patch +++ /dev/null @@ -1,31 +0,0 @@ -Fix CVE-2016-3990 (write buffer overflow in PixarLogEncode if more input -samples are provided than expected by PixarLogSetupEncode). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3990 -http://bugzilla.maptools.org/show_bug.cgi?id=2544 - -Patch extracted from upstream CVS repo with: -$ cvs diff -u -r1.45 -r1.46 libtiff/tif_pixarlog.c - -Index: libtiff/tif_pixarlog.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_pixarlog.c,v -retrieving revision 1.45 -retrieving revision 1.46 -diff -u -r1.45 -r1.46 ---- libtiff/libtiff/tif_pixarlog.c 28 Jun 2016 15:37:33 -0000 1.45 -+++ libtiff/libtiff/tif_pixarlog.c 15 Aug 2016 20:49:48 -0000 1.46 -@@ -1141,6 +1141,13 @@ - } - - llen = sp->stride * td->td_imagewidth; -+ /* Check against the number of elements (of size uint16) of sp->tbuf */ -+ if( n > td->td_rowsperstrip * llen ) -+ { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Too many input bytes provided"); -+ return 0; -+ } - - for (i = 0, up = sp->tbuf; i < n; i += llen, up += llen) { - switch (sp->user_datafmt) { diff --git a/gnu/packages/patches/libtiff-CVE-2016-3991.patch b/gnu/packages/patches/libtiff-CVE-2016-3991.patch deleted file mode 100644 index cb05f0007f..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-3991.patch +++ /dev/null @@ -1,123 +0,0 @@ -Fix CVE-2016-3991 (out-of-bounds write in loadImage()). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3991 -http://bugzilla.maptools.org/show_bug.cgi?id=2543 - -Patch extracted from upstream CVS repo with: -$ cvs diff -u -r1.37 -r1.38 tools/tiffcrop.c - -Index: tools/tiffcrop.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v -retrieving revision 1.37 -retrieving revision 1.38 -diff -u -r1.37 -r1.38 ---- libtiff/tools/tiffcrop.c 11 Jul 2016 21:38:31 -0000 1.37 -+++ libtiff/tools/tiffcrop.c 15 Aug 2016 21:05:40 -0000 1.38 -@@ -798,6 +798,11 @@ - } - - tile_buffsize = tilesize; -+ if (tilesize == 0 || tile_rowsize == 0) -+ { -+ TIFFError("readContigTilesIntoBuffer", "Tile size or tile rowsize is zero"); -+ exit(-1); -+ } - - if (tilesize < (tsize_t)(tl * tile_rowsize)) - { -@@ -807,7 +812,12 @@ - tilesize, tl * tile_rowsize); - #endif - tile_buffsize = tl * tile_rowsize; -- } -+ if (tl != (tile_buffsize / tile_rowsize)) -+ { -+ TIFFError("readContigTilesIntoBuffer", "Integer overflow when calculating buffer size."); -+ exit(-1); -+ } -+ } - - tilebuf = _TIFFmalloc(tile_buffsize); - if (tilebuf == 0) -@@ -1210,6 +1220,12 @@ - !TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps) ) - return 1; - -+ if (tilesize == 0 || tile_rowsize == 0 || tl == 0 || tw == 0) -+ { -+ TIFFError("writeBufferToContigTiles", "Tile size, tile row size, tile width, or tile length is zero"); -+ exit(-1); -+ } -+ - tile_buffsize = tilesize; - if (tilesize < (tsize_t)(tl * tile_rowsize)) - { -@@ -1219,6 +1235,11 @@ - tilesize, tl * tile_rowsize); - #endif - tile_buffsize = tl * tile_rowsize; -+ if (tl != tile_buffsize / tile_rowsize) -+ { -+ TIFFError("writeBufferToContigTiles", "Integer overflow when calculating buffer size"); -+ exit(-1); -+ } - } - - tilebuf = _TIFFmalloc(tile_buffsize); -@@ -5945,12 +5966,27 @@ - TIFFGetField(in, TIFFTAG_TILELENGTH, &tl); - - tile_rowsize = TIFFTileRowSize(in); -+ if (ntiles == 0 || tlsize == 0 || tile_rowsize == 0) -+ { -+ TIFFError("loadImage", "File appears to be tiled, but the number of tiles, tile size, or tile rowsize is zero."); -+ exit(-1); -+ } - buffsize = tlsize * ntiles; -+ if (tlsize != (buffsize / ntiles)) -+ { -+ TIFFError("loadImage", "Integer overflow when calculating buffer size"); -+ exit(-1); -+ } - -- - if (buffsize < (uint32)(ntiles * tl * tile_rowsize)) - { - buffsize = ntiles * tl * tile_rowsize; -+ if (ntiles != (buffsize / tl / tile_rowsize)) -+ { -+ TIFFError("loadImage", "Integer overflow when calculating buffer size"); -+ exit(-1); -+ } -+ - #ifdef DEBUG2 - TIFFError("loadImage", - "Tilesize %u is too small, using ntiles * tilelength * tilerowsize %lu", -@@ -5969,8 +6005,25 @@ - TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rowsperstrip); - stsize = TIFFStripSize(in); - nstrips = TIFFNumberOfStrips(in); -+ if (nstrips == 0 || stsize == 0) -+ { -+ TIFFError("loadImage", "File appears to be striped, but the number of stipes or stripe size is zero."); -+ exit(-1); -+ } -+ - buffsize = stsize * nstrips; -- -+ if (stsize != (buffsize / nstrips)) -+ { -+ TIFFError("loadImage", "Integer overflow when calculating buffer size"); -+ exit(-1); -+ } -+ uint32 buffsize_check; -+ buffsize_check = ((length * width * spp * bps) + 7); -+ if (length != ((buffsize_check - 7) / width / spp / bps)) -+ { -+ TIFFError("loadImage", "Integer overflow detected."); -+ exit(-1); -+ } - if (buffsize < (uint32) (((length * width * spp * bps) + 7) / 8)) - { - buffsize = ((length * width * spp * bps) + 7) / 8; diff --git a/gnu/packages/patches/libtiff-CVE-2016-5314.patch b/gnu/packages/patches/libtiff-CVE-2016-5314.patch deleted file mode 100644 index e5380f8639..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-5314.patch +++ /dev/null @@ -1,45 +0,0 @@ -Fix CVE-2016-5314. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5314 -bugzilla.maptools.org/show_bug.cgi?id=2554 - -Patch extracted from upstream CVS repo with: -$ cvs diff -u -r1.43 -r1.44 libtiff/tif_pixarlog.c - -Index: libtiff/tif_pixarlog.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_pixarlog.c,v -retrieving revision 1.43 -retrieving revision 1.44 -diff -u -r1.43 -r1.44 ---- libtiff/libtiff/tif_pixarlog.c 27 Dec 2015 20:14:11 -0000 1.43 -+++ libtiff/libtiff/tif_pixarlog.c 28 Jun 2016 15:12:19 -0000 1.44 -@@ -459,6 +459,7 @@ - typedef struct { - TIFFPredictorState predict; - z_stream stream; -+ tmsize_t tbuf_size; /* only set/used on reading for now */ - uint16 *tbuf; - uint16 stride; - int state; -@@ -694,6 +695,7 @@ - sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size); - if (sp->tbuf == NULL) - return (0); -+ sp->tbuf_size = tbuf_size; - if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN) - sp->user_datafmt = PixarLogGuessDataFmt(td); - if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN) { -@@ -783,6 +785,12 @@ - TIFFErrorExt(tif->tif_clientdata, module, "ZLib cannot deal with buffers this size"); - return (0); - } -+ /* Check that we will not fill more than what was allocated */ -+ if (sp->stream.avail_out > sp->tbuf_size) -+ { -+ TIFFErrorExt(tif->tif_clientdata, module, "sp->stream.avail_out > sp->tbuf_size"); -+ return (0); -+ } - do { - int state = inflate(&sp->stream, Z_PARTIAL_FLUSH); - if (state == Z_STREAM_END) { diff --git a/gnu/packages/patches/libtiff-CVE-2016-5321.patch b/gnu/packages/patches/libtiff-CVE-2016-5321.patch deleted file mode 100644 index 2afca18e1d..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-5321.patch +++ /dev/null @@ -1,25 +0,0 @@ -Fix CVE-2016-5321. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5321 -http://bugzilla.maptools.org/show_bug.cgi?id=2558 - -Patch extracted from upstream CVS repo with: -$ cvs diff -u -r1.35 -r1.36 tools/tiffcrop.c - -Index: tools/tiffcrop.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v -retrieving revision 1.35 -retrieving revision 1.36 -diff -u -r1.35 -r1.36 ---- libtiff/tools/tiffcrop.c 19 Aug 2015 02:31:04 -0000 1.35 -+++ libtiff/tools/tiffcrop.c 11 Jul 2016 21:26:03 -0000 1.36 -@@ -989,7 +989,7 @@ - nrow = (row + tl > imagelength) ? imagelength - row : tl; - for (col = 0; col < imagewidth; col += tw) - { -- for (s = 0; s < spp; s++) -+ for (s = 0; s < spp && s < MAX_SAMPLES; s++) - { /* Read each plane of a tile set into srcbuffs[s] */ - tbytes = TIFFReadTile(in, srcbuffs[s], col, row, 0, s); - if (tbytes < 0 && !ignore) diff --git a/gnu/packages/patches/libtiff-CVE-2016-5323.patch b/gnu/packages/patches/libtiff-CVE-2016-5323.patch deleted file mode 100644 index 8b2a043d29..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-5323.patch +++ /dev/null @@ -1,88 +0,0 @@ -Fix CVE-2016-5323. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5323 -http://bugzilla.maptools.org/show_bug.cgi?id=2559 - -Patch extracted from upstream CVS repo with: -$ cvs diff -u -r1.36 -r1.37 tools/tiffcrop.c - -Index: tools/tiffcrop.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v -retrieving revision 1.36 -retrieving revision 1.37 -diff -u -r1.36 -r1.37 ---- libtiff/tools/tiffcrop.c 11 Jul 2016 21:26:03 -0000 1.36 -+++ libtiff/tools/tiffcrop.c 11 Jul 2016 21:38:31 -0000 1.37 -@@ -3738,7 +3738,7 @@ - - matchbits = maskbits << (8 - src_bit - bps); - /* load up next sample from each plane */ -- for (s = 0; s < spp; s++) -+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) - { - src = in[s] + src_offset + src_byte; - buff1 = ((*src) & matchbits) << (src_bit); -@@ -3837,7 +3837,7 @@ - src_bit = bit_offset % 8; - - matchbits = maskbits << (16 - src_bit - bps); -- for (s = 0; s < spp; s++) -+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) - { - src = in[s] + src_offset + src_byte; - if (little_endian) -@@ -3947,7 +3947,7 @@ - src_bit = bit_offset % 8; - - matchbits = maskbits << (32 - src_bit - bps); -- for (s = 0; s < spp; s++) -+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) - { - src = in[s] + src_offset + src_byte; - if (little_endian) -@@ -4073,7 +4073,7 @@ - src_bit = bit_offset % 8; - - matchbits = maskbits << (64 - src_bit - bps); -- for (s = 0; s < spp; s++) -+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) - { - src = in[s] + src_offset + src_byte; - if (little_endian) -@@ -4263,7 +4263,7 @@ - - matchbits = maskbits << (8 - src_bit - bps); - /* load up next sample from each plane */ -- for (s = 0; s < spp; s++) -+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) - { - src = in[s] + src_offset + src_byte; - buff1 = ((*src) & matchbits) << (src_bit); -@@ -4362,7 +4362,7 @@ - src_bit = bit_offset % 8; - - matchbits = maskbits << (16 - src_bit - bps); -- for (s = 0; s < spp; s++) -+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) - { - src = in[s] + src_offset + src_byte; - if (little_endian) -@@ -4471,7 +4471,7 @@ - src_bit = bit_offset % 8; - - matchbits = maskbits << (32 - src_bit - bps); -- for (s = 0; s < spp; s++) -+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) - { - src = in[s] + src_offset + src_byte; - if (little_endian) -@@ -4597,7 +4597,7 @@ - src_bit = bit_offset % 8; - - matchbits = maskbits << (64 - src_bit - bps); -- for (s = 0; s < spp; s++) -+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) - { - src = in[s] + src_offset + src_byte; - if (little_endian) diff --git a/gnu/packages/patches/libtiff-oob-accesses-in-decode.patch b/gnu/packages/patches/libtiff-oob-accesses-in-decode.patch deleted file mode 100644 index 3fea745056..0000000000 --- a/gnu/packages/patches/libtiff-oob-accesses-in-decode.patch +++ /dev/null @@ -1,171 +0,0 @@ -2015-12-27 Even Rouault <even.rouault at spatialys.com> - - * libtiff/tif_luv.c: fix potential out-of-bound writes in decode - functions in non debug builds by replacing assert()s by regular if - checks (bugzilla #2522). - Fix potential out-of-bound reads in case of short input data. - -diff -u -r1.40 -r1.41 ---- libtiff/libtiff/tif_luv.c 21 Jun 2015 01:09:09 -0000 1.40 -+++ libtiff/libtiff/tif_luv.c 27 Dec 2015 16:25:11 -0000 1.41 -@@ -1,4 +1,4 @@ --/* $Id: tif_luv.c,v 1.40 2015-06-21 01:09:09 bfriesen Exp $ */ -+/* $Id: tif_luv.c,v 1.41 2015-12-27 16:25:11 erouault Exp $ */ - - /* - * Copyright (c) 1997 Greg Ward Larson -@@ -202,7 +202,11 @@ - if (sp->user_datafmt == SGILOGDATAFMT_16BIT) - tp = (int16*) op; - else { -- assert(sp->tbuflen >= npixels); -+ if(sp->tbuflen < npixels) { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Translation buffer too short"); -+ return (0); -+ } - tp = (int16*) sp->tbuf; - } - _TIFFmemset((void*) tp, 0, npixels*sizeof (tp[0])); -@@ -211,9 +215,11 @@ - cc = tif->tif_rawcc; - /* get each byte string */ - for (shft = 2*8; (shft -= 8) >= 0; ) { -- for (i = 0; i < npixels && cc > 0; ) -+ for (i = 0; i < npixels && cc > 0; ) { - if (*bp >= 128) { /* run */ -- rc = *bp++ + (2-128); /* TODO: potential input buffer overrun when decoding corrupt or truncated data */ -+ if( cc < 2 ) -+ break; -+ rc = *bp++ + (2-128); - b = (int16)(*bp++ << shft); - cc -= 2; - while (rc-- && i < npixels) -@@ -223,6 +229,7 @@ - while (--cc && rc-- && i < npixels) - tp[i++] |= (int16)*bp++ << shft; - } -+ } - if (i != npixels) { - #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) - TIFFErrorExt(tif->tif_clientdata, module, -@@ -268,13 +275,17 @@ - if (sp->user_datafmt == SGILOGDATAFMT_RAW) - tp = (uint32 *)op; - else { -- assert(sp->tbuflen >= npixels); -+ if(sp->tbuflen < npixels) { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Translation buffer too short"); -+ return (0); -+ } - tp = (uint32 *) sp->tbuf; - } - /* copy to array of uint32 */ - bp = (unsigned char*) tif->tif_rawcp; - cc = tif->tif_rawcc; -- for (i = 0; i < npixels && cc > 0; i++) { -+ for (i = 0; i < npixels && cc >= 3; i++) { - tp[i] = bp[0] << 16 | bp[1] << 8 | bp[2]; - bp += 3; - cc -= 3; -@@ -325,7 +336,11 @@ - if (sp->user_datafmt == SGILOGDATAFMT_RAW) - tp = (uint32*) op; - else { -- assert(sp->tbuflen >= npixels); -+ if(sp->tbuflen < npixels) { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Translation buffer too short"); -+ return (0); -+ } - tp = (uint32*) sp->tbuf; - } - _TIFFmemset((void*) tp, 0, npixels*sizeof (tp[0])); -@@ -334,11 +349,13 @@ - cc = tif->tif_rawcc; - /* get each byte string */ - for (shft = 4*8; (shft -= 8) >= 0; ) { -- for (i = 0; i < npixels && cc > 0; ) -+ for (i = 0; i < npixels && cc > 0; ) { - if (*bp >= 128) { /* run */ -+ if( cc < 2 ) -+ break; - rc = *bp++ + (2-128); - b = (uint32)*bp++ << shft; -- cc -= 2; /* TODO: potential input buffer overrun when decoding corrupt or truncated data */ -+ cc -= 2; - while (rc-- && i < npixels) - tp[i++] |= b; - } else { /* non-run */ -@@ -346,6 +363,7 @@ - while (--cc && rc-- && i < npixels) - tp[i++] |= (uint32)*bp++ << shft; - } -+ } - if (i != npixels) { - #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) - TIFFErrorExt(tif->tif_clientdata, module, -@@ -413,6 +431,7 @@ - static int - LogL16Encode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) - { -+ static const char module[] = "LogL16Encode"; - LogLuvState* sp = EncoderState(tif); - int shft; - tmsize_t i; -@@ -433,7 +452,11 @@ - tp = (int16*) bp; - else { - tp = (int16*) sp->tbuf; -- assert(sp->tbuflen >= npixels); -+ if(sp->tbuflen < npixels) { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Translation buffer too short"); -+ return (0); -+ } - (*sp->tfunc)(sp, bp, npixels); - } - /* compress each byte string */ -@@ -506,6 +529,7 @@ - static int - LogLuvEncode24(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) - { -+ static const char module[] = "LogLuvEncode24"; - LogLuvState* sp = EncoderState(tif); - tmsize_t i; - tmsize_t npixels; -@@ -521,7 +545,11 @@ - tp = (uint32*) bp; - else { - tp = (uint32*) sp->tbuf; -- assert(sp->tbuflen >= npixels); -+ if(sp->tbuflen < npixels) { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Translation buffer too short"); -+ return (0); -+ } - (*sp->tfunc)(sp, bp, npixels); - } - /* write out encoded pixels */ -@@ -553,6 +581,7 @@ - static int - LogLuvEncode32(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) - { -+ static const char module[] = "LogLuvEncode32"; - LogLuvState* sp = EncoderState(tif); - int shft; - tmsize_t i; -@@ -574,7 +603,11 @@ - tp = (uint32*) bp; - else { - tp = (uint32*) sp->tbuf; -- assert(sp->tbuflen >= npixels); -+ if(sp->tbuflen < npixels) { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Translation buffer too short"); -+ return (0); -+ } - (*sp->tfunc)(sp, bp, npixels); - } - /* compress each byte string */ diff --git a/gnu/packages/patches/libtiff-oob-write-in-nextdecode.patch b/gnu/packages/patches/libtiff-oob-write-in-nextdecode.patch deleted file mode 100644 index 50657b667c..0000000000 --- a/gnu/packages/patches/libtiff-oob-write-in-nextdecode.patch +++ /dev/null @@ -1,49 +0,0 @@ -2015-12-27 Even Rouault <even.rouault at spatialys.com> - - * libtiff/tif_next.c: fix potential out-of-bound write in NeXTDecode() - triggered by http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif - (bugzilla #2508) - -diff -u -r1.16 -r1.18 ---- libtiff/libtiff/tif_next.c 29 Dec 2014 12:09:11 -0000 1.16 -+++ libtiff/libtiff/tif_next.c 27 Dec 2015 17:14:52 -0000 1.18 -@@ -1,4 +1,4 @@ --/* $Id: tif_next.c,v 1.16 2014-12-29 12:09:11 erouault Exp $ */ -+/* $Id: tif_next.c,v 1.18 2015-12-27 17:14:52 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -37,7 +37,7 @@ - case 0: op[0] = (unsigned char) ((v) << 6); break; \ - case 1: op[0] |= (v) << 4; break; \ - case 2: op[0] |= (v) << 2; break; \ -- case 3: *op++ |= (v); break; \ -+ case 3: *op++ |= (v); op_offset++; break; \ - } \ - } - -@@ -103,6 +103,7 @@ - } - default: { - uint32 npixels = 0, grey; -+ tmsize_t op_offset = 0; - uint32 imagewidth = tif->tif_dir.td_imagewidth; - if( isTiled(tif) ) - imagewidth = tif->tif_dir.td_tilewidth; -@@ -122,10 +123,15 @@ - * bounds, potentially resulting in a security - * issue. - */ -- while (n-- > 0 && npixels < imagewidth) -+ while (n-- > 0 && npixels < imagewidth && op_offset < scanline) - SETPIXEL(op, grey); - if (npixels >= imagewidth) - break; -+ if (op_offset >= scanline ) { -+ TIFFErrorExt(tif->tif_clientdata, module, "Invalid data for scanline %ld", -+ (long) tif->tif_row); -+ return (0); -+ } - if (cc == 0) - goto bad; - n = *bp++, cc--; diff --git a/gnu/packages/patches/ruby-symlinkfix.patch b/gnu/packages/patches/ruby-symlinkfix.patch deleted file mode 100644 index 16beecc97a..0000000000 --- a/gnu/packages/patches/ruby-symlinkfix.patch +++ /dev/null @@ -1,53 +0,0 @@ -Fix symlinks to '..' to fix rubygems improperly expanding symlinked -paths. Without this fix, some gems fail to install. This patch is applied in -rubygems 2.5.2, but ruby version 2.3.1 bundles an older version of rubygems -(2.5.1). - ---- a/lib/rubygems/package.rb -+++ b/lib/rubygems/package.rb -@@ -383,7 +383,7 @@ def extract_tar_gz io, destination_dir, pattern = "*" # :nodoc: - FileUtils.chmod entry.header.mode, destination - end if entry.file? - -- File.symlink(install_location(entry.header.linkname, destination_dir), destination) if entry.symlink? -+ File.symlink(entry.header.linkname, destination) if entry.symlink? - - verbose destination - end -diff --git a/test/rubygems/test_gem_package.rb b/test/rubygems/test_gem_package.rb -index 7848bc2..f287bd3 100644 ---- a/test/rubygems/test_gem_package.rb -+++ b/test/rubygems/test_gem_package.rb -@@ -428,19 +428,25 @@ def test_extract_tar_gz_absolute - "#{@destination} is not allowed", e.message) - end - -- def test_extract_tar_gz_symlink_absolute -+ def test_extract_tar_gz_symlink_relative_path -+ skip 'symlink not supported' if Gem.win_platform? -+ - package = Gem::Package.new @gem - - tgz_io = util_tar_gz do |tar| -- tar.add_symlink 'code.rb', '/absolute.rb', 0644 -+ tar.add_file 'relative.rb', 0644 do |io| io.write 'hi' end -+ tar.mkdir 'lib', 0755 -+ tar.add_symlink 'lib/foo.rb', '../relative.rb', 0644 - end - -- e = assert_raises Gem::Package::PathError do -- package.extract_tar_gz tgz_io, @destination -- end -+ package.extract_tar_gz tgz_io, @destination - -- assert_equal("installing into parent path /absolute.rb of " + -- "#{@destination} is not allowed", e.message) -+ extracted = File.join @destination, 'lib/foo.rb' -+ assert_path_exists extracted -+ assert_equal '../relative.rb', -+ File.readlink(extracted) -+ assert_equal 'hi', -+ File.read(extracted) - end - - def test_extract_tar_gz_directory diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index b95fe5e0cf..d491642e49 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -95,17 +95,6 @@ ;; To build poppler-glib (as needed by Evince), we need Cairo and ;; GLib. But of course, that Cairo must not depend on Poppler. ("cairo" ,(package (inherit cairo) - (replacement - (package - (inherit cairo) - (replacement #f) - (source - (origin - (inherit (package-source cairo)) - (patches (search-patches - "cairo-CVE-2016-9082.patch")))) - (inputs (alist-delete "poppler" - (package-inputs cairo))))) (inputs (alist-delete "poppler" (package-inputs cairo))))) ("glib" ,glib))) diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm index baae553992..6471f2ff45 100644 --- a/gnu/packages/ruby.scm +++ b/gnu/packages/ruby.scm @@ -47,8 +47,7 @@ (define-public ruby (package (name "ruby") - (replacement ruby-2.3.3) - (version "2.3.1") + (version "2.3.3") (source (origin (method url-fetch) @@ -57,9 +56,8 @@ "/ruby-" version ".tar.xz")) (sha256 (base32 - "0f3395q7pd2hrl2gv26bib80038sjawxgmhl9zn22fjs9m9va9b7")) + "1p0rfk0blrbfjcnv0vb0ha4hxflgkfhv9zbzp4vvld2pi31ahkqs")) (modules '((guix build utils))) - (patches (search-patches "ruby-symlinkfix.patch")) (snippet `(begin ;; Remove bundled libffi (delete-file-recursively "ext/fiddle/libffi-3.2.1") @@ -102,25 +100,6 @@ a focus on simplicity and productivity.") (home-page "https://ruby-lang.org") (license license:ruby))) -(define ruby-2.3.3 - (package - (inherit ruby) - (version "2.3.3") - (source - (origin - (method url-fetch) - (uri (string-append "http://cache.ruby-lang.org/pub/ruby/" - (version-major+minor version) - "/ruby-" version ".tar.xz")) - (sha256 - (base32 - "1p0rfk0blrbfjcnv0vb0ha4hxflgkfhv9zbzp4vvld2pi31ahkqs")) - (modules '((guix build utils))) - (snippet `(begin - ;; Remove bundled libffi - (delete-file-recursively "ext/fiddle/libffi-3.2.1") - #t)))))) - (define-public ruby-2.2 (package (inherit ruby) (version "2.2.6") diff --git a/gnu/packages/swig.scm b/gnu/packages/swig.scm index a615796745..acf0529377 100644 --- a/gnu/packages/swig.scm +++ b/gnu/packages/swig.scm @@ -31,7 +31,7 @@ (define-public swig (package (name "swig") - (version "3.0.5") + (version "3.0.10") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/" name "/" name "/" @@ -39,7 +39,7 @@ name "-" version ".tar.gz")) (sha256 (base32 - "0g1a69vrqxgsnr1wkx851ljn73a2x3jqzxa66s2l3w0kyblbjk4z")))) + "0k7ljh07rla6223lhvljgg881b2qr7hmrfgic9a0j1pckpislf99")))) (build-system gnu-build-system) (native-inputs `(("boost" ,boost) ("pcre" ,pcre "bin"))) ;for 'pcre-config' diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm index 3d1108d42e..4633b5159e 100644 --- a/gnu/packages/xdisorg.scm +++ b/gnu/packages/xdisorg.scm @@ -241,7 +241,6 @@ following the mouse.") (package (name "pixman") (version "0.34.0") - (replacement pixman/fixed) (source (origin (method url-fetch) (uri (string-append @@ -249,7 +248,8 @@ following the mouse.") version ".tar.gz")) (sha256 (base32 - "13m842m9ffac3m9r0b4lvwjhwzg3w4353djkjpf00s0wnm4v5di1")))) + "13m842m9ffac3m9r0b4lvwjhwzg3w4353djkjpf00s0wnm4v5di1")) + (patches (search-patches "pixman-CVE-2016-5296.patch")))) (build-system gnu-build-system) (inputs `(("libpng" ,libpng) @@ -263,14 +263,6 @@ manipulation, providing features such as image compositing and trapezoid rasterisation.") (license license:x11))) -(define pixman/fixed - (package - (inherit pixman) - (source (origin - (inherit (package-source pixman)) - (patches (search-patches "pixman-CVE-2016-5296.patch")))))) - - (define-public libdrm (package (name "libdrm") diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm index 18271b5ed4..4d387f1c04 100644 --- a/gnu/packages/xorg.scm +++ b/gnu/packages/xorg.scm @@ -4923,7 +4923,7 @@ new API's in libXft, or the legacy API's in libX11.") (define-public libxi (package (name "libxi") - (version "1.7.7") + (version "1.7.8") (source (origin (method url-fetch) @@ -4933,7 +4933,7 @@ new API's in libXft, or the legacy API's in libX11.") ".tar.bz2")) (sha256 (base32 - "0c70n4aq0ba628wr88ih4740nci9d9f6y3v96sx376vvlm7q6vwr")))) + "1fr7mi4nbcxsa88qin9g2ipmzh595ydxy9qnabzl270laf6zmwnq")))) (build-system gnu-build-system) (propagated-inputs `(("inputproto" ,inputproto) |