From fdc9170bc1d9a57aa9a542c307b15b5b965d2f4b Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Tue, 13 Mar 2018 20:31:01 +0100 Subject: gnu: Add java-groovy-bootstrap. * gnu/packages/groovy.scm: New file. * gnu/packages/patches/groovy-add-exceptionutilsgenerator.patch: New file. * gnu/local.mk (GNU_SYSTEM_MODULES, dist_patch_DATA): Add them. --- gnu/local.mk | 2 ++ 1 file changed, 2 insertions(+) (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 6d6663f8b8..cacc146e4a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -202,6 +202,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/graphics.scm \ %D%/packages/graphviz.scm \ %D%/packages/groff.scm \ + %D%/packages/groovy.scm \ %D%/packages/gsasl.scm \ %D%/packages/gstreamer.scm \ %D%/packages/gtk.scm \ @@ -744,6 +745,7 @@ dist_patch_DATA = \ %D%/packages/patches/graphite2-ffloat-store.patch \ %D%/packages/patches/grep-timing-sensitive-test.patch \ %D%/packages/patches/groff-source-date-epoch.patch \ + %D%/packages/patches/groovy-add-exceptionutilsgenerator.patch \ %D%/packages/patches/gsl-test-i686.patch \ %D%/packages/patches/gspell-dash-test.patch \ %D%/packages/patches/guile-1.8-cpp-4.5.patch \ -- cgit v1.2.3 From f6e75b0db28bf3ba0e402069b0fc173411d414af Mon Sep 17 00:00:00 2001 From: Danny Milosavljevic Date: Thu, 26 Apr 2018 02:15:59 +0200 Subject: gnu: adb: Use android-ndk-build-system. * gnu/packages/android.scm (adb)[build-system]: Switch to android-ndk-build-system. [arguments]<#:tests?>: Disable. [arguments]<#:phases>[create-Makefile]: Delete phase. [arguments]<#:phases>[fix-clang]: Delete phase. [arguments]<#:phases>[fix-main]: Delete phase. [arguments]<#:phases>[make-libs-available]: New phase. [arguments]<#:phases>[install-headers]: New phase. [arguments]<#:make-flags]: Add CFLAGS, CXXFLAGS. [inputs]: Add liblog. [source]: Add patch "adb-add-libraries.patch". * gnu/packages/patches/adb-add-libraries.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/android.scm | 87 ++++++---------------------- gnu/packages/patches/adb-add-libraries.patch | 19 ++++++ 3 files changed, 39 insertions(+), 68 deletions(-) create mode 100644 gnu/packages/patches/adb-add-libraries.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index cacc146e4a..0e1d686a6c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -553,6 +553,7 @@ dist_patch_DATA = \ %D%/packages/patches/abiword-black-drawing-with-gtk322.patch \ %D%/packages/patches/acl-fix-perl-regex.patch \ %D%/packages/patches/acl-hurd-path-max.patch \ + %D%/packages/patches/adb-add-libraries.patch \ %D%/packages/patches/aegis-constness-error.patch \ %D%/packages/patches/aegis-perl-tempdir1.patch \ %D%/packages/patches/aegis-perl-tempdir2.patch \ diff --git a/gnu/packages/android.scm b/gnu/packages/android.scm index 09426058e4..085bf41aeb 100644 --- a/gnu/packages/android.scm +++ b/gnu/packages/android.scm @@ -201,82 +201,33 @@ (define-public adb (inherit (android-platform-system-core version)) (patches (search-patches "libbase-use-own-logging.patch" - "libbase-fix-includes.patch")))) - (build-system gnu-build-system) + "libbase-fix-includes.patch" + "adb-add-libraries.patch")))) + (build-system android-ndk-build-system) (arguments - `(#:phases + `(#:tests? #f ; TODO. + #:make-flags + (list "CFLAGS=-Wno-error" + "CXXFLAGS=-fpermissive -Wno-error -std=gnu++14 -D_Nonnull= -D_Nullable= -I ." + (string-append "LDFLAGS=-Wl,-rpath=" (assoc-ref %outputs "out") "/lib " + "-Wl,-rpath=" (assoc-ref %build-inputs "openssl") "/lib -L .")) + #:phases (modify-phases %standard-phases (add-after 'unpack 'enter-source (lambda _ (chdir "adb") #t)) - (add-before 'build 'fix-clang - (lambda _ - ;; adb_client.h contains _Nonnull and _Nullable attributes, that - ;; are not understood by gcc. - (substitute* "adb_client.h" - (("_Nonnull") "") - (("_Nullable") "")) - #t)) - (add-before 'build 'fix-main - (lambda _ - ;; main.cpp used to be adb_main.cpp in the current directory - ;; rather than in its own subdirectory, but it was not fixed. - ;; This leads to some header files not being found anymore. - (copy-file "client/main.cpp" "adb_main.cpp") + (add-after 'enter-source 'make-libs-available + (lambda* (#:key inputs outputs #:allow-other-keys) + (substitute* "Android.mk" + (("libcrypto_static") "libcrypto")) #t)) - (add-after 'enter-source 'create-Makefile - (lambda* (#:key outputs #:allow-other-keys) - ;; No useful makefile is shipped, so we create one. - (with-output-to-file "Makefile" - (lambda _ - (display - (string-append - ;; Common for all components. - "CXXFLAGS += -std=gnu++14 -fpermissive\n" - "CPPFLAGS += -I../include -I../base/include -I. -DADB_HOST=1 " - "-DADB_REVISION='\"" ,version "\"' -fPIC\n" - "LDFLAGS += -lcrypto -lpthread -lbase -lcutils -L. -ladb\n" - - ;; Libadb specifics. - "LIBADB_SOURCES = adb.cpp adb_auth.cpp adb_io.cpp " - "adb_listeners.cpp adb_trace.cpp adb_utils.cpp fdevent.cpp " - "sockets.cpp transport.cpp transport_local.cpp transport_usb.cpp " - "get_my_path_linux.cpp sysdeps_unix.cpp usb_linux.cpp " - "adb_auth_host.cpp diagnose_usb.cpp services.cpp " - "shell_service_protocol.cpp bugreport.cpp line_printer.cpp\n" - - "LIBADB_LDFLAGS += -shared -Wl,-soname,libadb.so.0 " - "-lcrypto -lpthread -lbase\n" - - ;; Adb specifics. - "ADB_SOURCES = adb_main.cpp console.cpp commandline.cpp " - "adb_client.cpp file_sync_client.cpp\n" - "ADB_LDFLAGS += -Wl,-rpath=" (assoc-ref outputs "out") "/lib\n" - - "build: libadb $(ADB_SOURCES)\n" - " $(CXX) $(ADB_SOURCES) -o adb $(CXXFLAGS) $(CPPFLAGS) " - "$(ADB_LDFLAGS) $(LDFLAGS)\n" - - "libadb: $(LIBADB_SOURCES)\n" - " $(CXX) $^ -o libadb.so.0 $(CXXFLAGS) $(CPPFLAGS) " - "$(LIBADB_LDFLAGS)\n" - " ln -sv libadb.so.0 libadb.so\n")) - #t)))) - (delete 'configure) - (replace 'install - (lambda* (#:key outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (lib (string-append out "/lib")) - (bin (string-append out "/bin"))) - (install-file "libadb.so.0" lib) - (install-file "adb" bin) - (with-directory-excursion lib - (symlink "libadb.so.0" "libadb.so")) - #t)))) - ;; Test suite must be run with attached devices - #:tests? #f)) + (add-after 'install 'install-headers + (lambda* (#:key inputs outputs #:allow-other-keys) + (install-file "diagnose_usb.h" (string-append (assoc-ref outputs "out") "/include")) + #t))))) (inputs `(("libbase" ,libbase) ("libcutils" ,libcutils) + ("liblog" ,liblog) ("openssl" ,openssl))) (home-page "https://developer.android.com/studio/command-line/adb.html") (synopsis "Android Debug Bridge") diff --git a/gnu/packages/patches/adb-add-libraries.patch b/gnu/packages/patches/adb-add-libraries.patch new file mode 100644 index 0000000000..06b3ec3764 --- /dev/null +++ b/gnu/packages/patches/adb-add-libraries.patch @@ -0,0 +1,19 @@ +--- a/adb/Android.mk 2018-04-25 23:23:29.527198350 +0200 ++++ b/adb/Android.mk 2018-04-25 23:24:25.558632573 +0200 +@@ -226,7 +226,7 @@ + LOCAL_SRC_FILES := test_track_devices.cpp + LOCAL_SANITIZE := $(adb_host_sanitize) + LOCAL_SHARED_LIBRARIES := libbase +-LOCAL_STATIC_LIBRARIES := libadb libcrypto_static libcutils ++LOCAL_STATIC_LIBRARIES := libadb libbase libcrypto_static libcutils + LOCAL_LDLIBS += -lrt -ldl -lpthread + include $(BUILD_HOST_EXECUTABLE) + endif +@@ -278,6 +278,7 @@ + LOCAL_SANITIZE := $(adb_host_sanitize) + LOCAL_STATIC_LIBRARIES := \ + libadb \ ++ libcutils \ + libbase \ + libcrypto_static \ + libdiagnose_usb \ -- cgit v1.2.3 From 16c2be0b42c68371802b12b9687d7d720751c64d Mon Sep 17 00:00:00 2001 From: Danny Milosavljevic Date: Thu, 26 Apr 2018 02:23:29 +0200 Subject: gnu: Add android-libziparchive. * gnu/packages/android.scm (android-libziparchive): New variable. * gnu/packages/patches/libziparchive-add-includes.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/android.scm | 32 +++++++++++++++++++++- .../patches/libziparchive-add-includes.patch | 10 +++++++ 3 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/libziparchive-add-includes.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 0e1d686a6c..5acc9fb136 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -805,6 +805,7 @@ dist_patch_DATA = \ %D%/packages/patches/jq-CVE-2015-8863.patch \ %D%/packages/patches/kdbusaddons-kinit-file-name.patch \ %D%/packages/patches/khmer-use-libraries.patch \ + %D%/packages/patches/libziparchive-add-includes.patch \ %D%/packages/patches/kiki-level-selection-crash.patch \ %D%/packages/patches/kiki-makefile.patch \ %D%/packages/patches/kiki-missing-includes.patch \ diff --git a/gnu/packages/android.scm b/gnu/packages/android.scm index ec32a5cfdf..ea225fa900 100644 --- a/gnu/packages/android.scm +++ b/gnu/packages/android.scm @@ -33,6 +33,7 @@ (define-module (gnu packages android) #:use-module ((guix licenses) #:prefix license:) #:use-module (gnu packages) #:use-module (gnu packages check) + #:use-module (gnu packages compression) #:use-module (gnu packages gnupg) #:use-module (gnu packages python) #:use-module (gnu packages ssh) @@ -99,7 +100,8 @@ (define (android-platform-system-core version) (patches (search-patches "libbase-use-own-logging.patch" "libbase-fix-includes.patch" - "adb-add-libraries.patch")))) + "adb-add-libraries.patch" + "libziparchive-add-includes.patch")))) (define liblog (package @@ -193,6 +195,34 @@ (define libcutils various Android core host applications.") (license license:asl2.0))) +(define-public android-libziparchive + (package + (name "android-libziparchive") + (version (android-platform-version)) + (source (android-platform-system-core version)) + (build-system android-ndk-build-system) + (arguments + `(#:tests? #f ; TODO. + #:make-flags '("CFLAGS=-Wno-error" + "CXXFLAGS=-fpermissive -Wno-error -std=gnu++11") + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'enter-source + (lambda _ (chdir "libziparchive") #t)) + (add-after 'install 'install-headers + (lambda* (#:key inputs outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (copy-recursively "../include/ziparchive" + (string-append out "/include/ziparchive")) + #t)))))) + (inputs + `(("zlib" ,zlib))) + (home-page "https://developer.android.com/") + (synopsis "Android platform ZIP library") + (description "@code{android-libziparchive} is a library in common use by the +various Android core host applications.") + (license license:asl2.0))) + (define-public adb (package (name "adb") diff --git a/gnu/packages/patches/libziparchive-add-includes.patch b/gnu/packages/patches/libziparchive-add-includes.patch new file mode 100644 index 0000000000..41137105a0 --- /dev/null +++ b/gnu/packages/patches/libziparchive-add-includes.patch @@ -0,0 +1,10 @@ +--- a/libziparchive/zip_writer.cc 2018-04-25 22:33:05.472674164 +0200 ++++ b/libziparchive/zip_writer.cc 2018-04-25 22:33:21.296519518 +0200 +@@ -22,6 +22,7 @@ + + #include + ++#include + #include + #include + #include -- cgit v1.2.3 From be906ad16e9bf5ab322cc2a79cf934d37a06dcc7 Mon Sep 17 00:00:00 2001 From: Danny Milosavljevic Date: Wed, 9 May 2018 20:11:30 +0200 Subject: gnu: Add android-libutils. * gnu/packages/patches/libutils-add-includes.patch: New file. * gnu/packages/patches/libutils-remove-damaging-includes.patch: New file. * gnu/packages/android.scm (android-platform-system-core): Use them. (android-libutils): New variable. * gnu/local.mk: Add them. --- gnu/local.mk | 2 ++ gnu/packages/android.scm | 29 ++++++++++++++++++++++ gnu/packages/patches/libutils-add-includes.patch | 11 ++++++++ .../libutils-remove-damaging-includes.patch | 21 ++++++++++++++++ 4 files changed, 63 insertions(+) create mode 100644 gnu/packages/patches/libutils-add-includes.patch create mode 100644 gnu/packages/patches/libutils-remove-damaging-includes.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 5acc9fb136..789e97f482 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -875,6 +875,8 @@ dist_patch_DATA = \ %D%/packages/patches/libtool-skip-tests2.patch \ %D%/packages/patches/libusb-0.1-disable-tests.patch \ %D%/packages/patches/libusb-for-axoloti.patch \ + %D%/packages/patches/libutils-add-includes.patch \ + %D%/packages/patches/libutils-remove-damaging-includes.patch \ %D%/packages/patches/libvdpau-va-gl-unbundle.patch \ %D%/packages/patches/libvorbis-CVE-2017-14632.patch \ %D%/packages/patches/libvorbis-CVE-2017-14633.patch \ diff --git a/gnu/packages/android.scm b/gnu/packages/android.scm index 21b0c7c64c..34525f1eca 100644 --- a/gnu/packages/android.scm +++ b/gnu/packages/android.scm @@ -102,6 +102,8 @@ (define (android-platform-system-core version) (patches (search-patches "libbase-use-own-logging.patch" "libbase-fix-includes.patch" + "libutils-remove-damaging-includes.patch" + "libutils-add-includes.patch" "adb-add-libraries.patch" "libziparchive-add-includes.patch")))) @@ -536,6 +538,33 @@ (define-public android-f2fs-utils Android core.") (license license:asl2.0))) +(define-public android-libutils + (package + (name "android-libutils") + (version (android-platform-version)) + (source (android-platform-system-core version)) + (build-system android-ndk-build-system) + (arguments + `(#:tests? #f ; TODO + #:make-flags '("CXXFLAGS=-std=gnu++11 -Wno-error") + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'enter-source + (lambda _ (chdir "libutils") #t)) + + (add-after 'install 'install-headers + (lambda* (#:key inputs outputs #:allow-other-keys) + (copy-recursively "../include/utils" (string-append (assoc-ref outputs "out") "/include/utils"))))))) + (inputs + `(("android-safe-iop" ,android-safe-iop) + ("libcutils" ,libcutils))) + (native-inputs + `(("android-bionic-uapi" ,android-bionic-uapi))) + (home-page "https://developer.android.com/") + (synopsis "Android utility library") + (description "@code{android-libutils} provides utilities for Android NDK developers.") + (license license:asl2.0))) + (define-public android-udev-rules (package (name "android-udev-rules") diff --git a/gnu/packages/patches/libutils-add-includes.patch b/gnu/packages/patches/libutils-add-includes.patch new file mode 100644 index 0000000000..354c59b735 --- /dev/null +++ b/gnu/packages/patches/libutils-add-includes.patch @@ -0,0 +1,11 @@ +--- a/libutils/CallStack.cpp 2018-04-25 20:13:06.348665241 +0200 ++++ b/libutils/CallStack.cpp 2018-04-25 20:13:18.360510763 +0200 +@@ -17,7 +17,7 @@ + #define LOG_TAG "CallStack" + + #include +- ++#include + #include + #include + #include diff --git a/gnu/packages/patches/libutils-remove-damaging-includes.patch b/gnu/packages/patches/libutils-remove-damaging-includes.patch new file mode 100644 index 0000000000..7867dd3b80 --- /dev/null +++ b/gnu/packages/patches/libutils-remove-damaging-includes.patch @@ -0,0 +1,21 @@ +--- a/include/utils/StrongPointer.h 2018-04-25 18:42:34.321003602 +0200 ++++ b/include/utils/StrongPointer.h 2018-04-25 18:42:42.180912201 +0200 +@@ -17,8 +17,6 @@ + #ifndef ANDROID_STRONG_POINTER_H + #define ANDROID_STRONG_POINTER_H + +-#include +- + #include + #include + #include +--- a/libutils/Trace.cpp 2018-04-25 20:41:48.775049786 +0200 ++++ b/libutils/Trace.cpp 2018-04-25 20:42:13.674744182 +0200 +@@ -21,5 +21,7 @@ + + static void traceInit() + { ++#if defined(__ANDROID__) + ::android::add_sysprop_change_callback(atrace_update_tags, 0); ++#endif + } -- cgit v1.2.3 From d2cebbf694a820997b8e0a3f77dd1ec110add3a5 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Fri, 11 May 2018 03:53:51 -0400 Subject: gnu: icecat: Relabel patches to reflect CVE assignments. Document the fact that we include fixes for CVE-2018-5154, CVE-2018-5155, CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5168, CVE-2018-5178, and 9/10 changesets for CVE-2018-5150. * gnu/packages/gnuzilla.scm (icecat)[source]: Relabel patches to reflect CVE assignments. * gnu/packages/patches/icecat-bug-1452075.patch: Rename to... * gnu/packages/patches/icecat-CVE-2018-5157-and-CVE-2018-5158.patch: ...this. * gnu/local.mk (dist_patch_DATA): Rename it. --- gnu/local.mk | 2 +- gnu/packages/gnuzilla.scm | 30 +- .../icecat-CVE-2018-5157-and-CVE-2018-5158.patch | 441 +++++++++++++++++++++ gnu/packages/patches/icecat-bug-1452075.patch | 441 --------------------- 4 files changed, 457 insertions(+), 457 deletions(-) create mode 100644 gnu/packages/patches/icecat-CVE-2018-5157-and-CVE-2018-5158.patch delete mode 100644 gnu/packages/patches/icecat-bug-1452075.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 789e97f482..3ca7d45bde 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -784,7 +784,7 @@ dist_patch_DATA = \ %D%/packages/patches/hurd-fix-eth-multiplexer-dependency.patch \ %D%/packages/patches/hydra-disable-darcs-test.patch \ %D%/packages/patches/icecat-avoid-bundled-libraries.patch \ - %D%/packages/patches/icecat-bug-1452075.patch \ + %D%/packages/patches/icecat-CVE-2018-5157-and-CVE-2018-5158.patch \ %D%/packages/patches/icecat-use-system-graphite2.patch \ %D%/packages/patches/icecat-use-system-harfbuzz.patch \ %D%/packages/patches/id3lib-CVE-2007-4460.patch \ diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index 1b365448f2..d32dbc7852 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -454,25 +454,25 @@ (define-public icecat (mozilla-patch "icecat-CVE-2018-5146.patch" "494e5d5278ba" "1yb4lxjw499ppwhk31vz0vzl0cfqvj9d4jwqag7ayj53ybwsqgjr") (mozilla-patch "icecat-CVE-2018-5147.patch" "5cd5586a2f48" "10s774pwvj6xfk3kk6ivnhp2acc8x9sqq6na8z47nkhgwl2712i5") (mozilla-patch "icecat-CVE-2018-5148.patch" "c3e447e07077" "0gmwy631f8ip4gr1mpbjk8bx1n1748wdls5zq4y8hpmpnq5g1wyx") - (mozilla-patch "icecat-bug-1443891.patch" "17201199b18d" "1d0hcim1fwh0bklwpmnal1mv9d9kmyif1m15aj1nqkf1n3x4xc37") + (mozilla-patch "icecat-CVE-2018-5178.patch" "17201199b18d" "1d0hcim1fwh0bklwpmnal1mv9d9kmyif1m15aj1nqkf1n3x4xc37") (mozilla-patch "icecat-bug-1361699.patch" "a07d6c3ff262" "1z8mjg2487r8pxi0x951v6fwwr696q84f6hlzimc3r7bn5ds9r83") - (mozilla-patch "icecat-bug-1433609.patch" "7127ccf8f88c" "0m4my7aflpp0wlqilr2m4axd7k2fyrs7jqdcz2rrz5pwivz1anvd") + (mozilla-patch "icecat-CVE-2018-5150-pt01.patch" "7127ccf8f88c" "0m4my7aflpp0wlqilr2m4axd7k2fyrs7jqdcz2rrz5pwivz1anvd") (mozilla-patch "icecat-bug-1444231.patch" "57bd35fa8618" "0pl6x5amc5x6nhwl7qnmnff3jjjxmbs8r365bfzj58g7q5ihqwvf") - (mozilla-patch "icecat-bug-1409440.patch" "2f3e1ccf1661" "0azl8g81kpc0w2xpjpgm1154ll12g0a8n6i7bl3s9nnrk2i26n74") - (mozilla-patch "icecat-bug-1441941.patch" "8ff2c4d68e36" "0kz1rqhnz8ca4z20hnpcafidhsrwhnm0h2gmlgchni33h8pisr1f") - (mozilla-patch "icecat-bug-1443092.patch" "b8c430253efd" "1arjcaps9axhxh5ff84n9bydhhzrihn7hbq7v69nvqwqrjp3lgg9") - (mozilla-patch "icecat-bug-1448774.patch" "05cadfa3ac39" "0q0vh7vy7x0l8jp6376fn10qljfp4mnp4m9zfn90j4m19pfl86a0") - (mozilla-patch "icecat-bug-1449548.patch" "48a678d7cb81" "1yfh7kxxxvqck2hpn98pwag4splyc6c9brc5haq28fp8x9r9qvlk") - (mozilla-patch "icecat-bug-1448705.patch" "112032576872" "1x1hxyggbxlnlj0n9cbp03hjnfvm6cq8nqj0jizrd8cfyd5aig8p") - (mozilla-patch "icecat-bug-1388020.patch" "ad9a885b0df4" "1hrk1q9mk59jww55g4lqmaflznk87x3vvjn2mxfgfbbjs8l1cyz4") + (mozilla-patch "icecat-CVE-2018-5150-pt02.patch" "2f3e1ccf1661" "0azl8g81kpc0w2xpjpgm1154ll12g0a8n6i7bl3s9nnrk2i26n74") + (mozilla-patch "icecat-CVE-2018-5159.patch" "8ff2c4d68e36" "0kz1rqhnz8ca4z20hnpcafidhsrwhnm0h2gmlgchni33h8pisr1f") + (mozilla-patch "icecat-CVE-2018-5154.patch" "b8c430253efd" "1arjcaps9axhxh5ff84n9bydhhzrihn7hbq7v69nvqwqrjp3lgg9") + (mozilla-patch "icecat-CVE-2018-5155.patch" "05cadfa3ac39" "0q0vh7vy7x0l8jp6376fn10qljfp4mnp4m9zfn90j4m19pfl86a0") + (mozilla-patch "icecat-CVE-2018-5168.patch" "48a678d7cb81" "1yfh7kxxxvqck2hpn98pwag4splyc6c9brc5haq28fp8x9r9qvlk") + (mozilla-patch "icecat-CVE-2018-5150-pt03.patch" "112032576872" "1x1hxyggbxlnlj0n9cbp03hjnfvm6cq8nqj0jizrd8cfyd5aig8p") + (mozilla-patch "icecat-CVE-2018-5150-pt04.patch" "ad9a885b0df4" "1hrk1q9mk59jww55g4lqmaflznk87x3vvjn2mxfgfbbjs8l1cyz4") (mozilla-patch "icecat-bug-1452416.patch" "f89ab96a2532" "1dqchxdyznhgyxhfq0hm0vg1p597hjqflfzigc7j3s5vxf9rg2nv") - (mozilla-patch "icecat-bug-1451376.patch" "af885a1bd293" "1wfpqhm2dp4fsx6zbrncngsqz7g2x09b625zcighixrbpvybyww3") - (mozilla-patch "icecat-bug-1444668.patch" "666fc84ec72d" "0lml2wqd4yqidhi364x8r90f78397k2y0kq5z5bv8l8j4bhcnb9v") - (search-patch "icecat-bug-1452075.patch") - (mozilla-patch "icecat-bug-1393367.patch" "1ab40761a856" "1kgwypy7k5b33jwkni4025za4kcnv5m6klsx4wsswlixmljmkbc7") + (mozilla-patch "icecat-CVE-2018-5150-pt05.patch" "af885a1bd293" "1wfpqhm2dp4fsx6zbrncngsqz7g2x09b625zcighixrbpvybyww3") + (mozilla-patch "icecat-CVE-2018-5150-pt06.patch" "666fc84ec72d" "0lml2wqd4yqidhi364x8r90f78397k2y0kq5z5bv8l8j4bhcnb9v") + (search-patch "icecat-CVE-2018-5157-and-CVE-2018-5158.patch") + (mozilla-patch "icecat-CVE-2018-5150-pt07.patch" "1ab40761a856" "1kgwypy7k5b33jwkni4025za4kcnv5m6klsx4wsswlixmljmkbc7") (mozilla-patch "icecat-bug-1453339.patch" "0edb8dca7087" "0b30pipqryh311sc97rcmwnx9n8qdlbbz90b2hkybjnprmbhfxrm") - (mozilla-patch "icecat-bug-1452202.patch" "134c728799c1" "16hbwx6fx1hrddsyjjbd3z954ql3pg348xs13h9riyblq8crzmam") - (mozilla-patch "icecat-bug-1411415.patch" "14eab155eaa8" "0wr4xgblxzk4c2gvlnpl7ic1196mrhry1hgwdl1jivq0ji5cbvbd") + (mozilla-patch "icecat-CVE-2018-5150-pt08.patch" "134c728799c1" "16hbwx6fx1hrddsyjjbd3z954ql3pg348xs13h9riyblq8crzmam") + (mozilla-patch "icecat-CVE-2018-5150-pt09.patch" "14eab155eaa8" "0wr4xgblxzk4c2gvlnpl7ic1196mrhry1hgwdl1jivq0ji5cbvbd") (mozilla-patch "icecat-bug-1452619.patch" "2b75d55ccf0e" "1g87aybw6ggv6hyk385bplv0lx63n020gwyq0d6d4pqld48hsm1i") (mozilla-patch "icecat-bug-1453127.patch" "89857f35df29" "0gzi47svrw5ajdlm3i12193psm702zx70x5h1rwp4gb7gxh4m4d9"))) (modules '((guix build utils))) diff --git a/gnu/packages/patches/icecat-CVE-2018-5157-and-CVE-2018-5158.patch b/gnu/packages/patches/icecat-CVE-2018-5157-and-CVE-2018-5158.patch new file mode 100644 index 0000000000..b776640133 --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2018-5157-and-CVE-2018-5158.patch @@ -0,0 +1,441 @@ +Based on +Adapted to apply cleanly to GNU IceCat. + +# HG changeset patch +# User Ryan VanderMeulen +# Date 1523630807 14400 +# Node ID 608e76ec5ba25cec2271d2b400c7bce2d4c5ef79 +# Parent 10b7f43b536f93151201d44d304c991aa9af5d0c +Bug 1452075 - Backport some upstream pdf.js fixes to ESR52. r=bdahl, r=yury, a=RyanVM + +diff --git a/browser/extensions/pdfjs/content/PdfStreamConverter.jsm b/browser/extensions/pdfjs/content/PdfStreamConverter.jsm +--- a/browser/extensions/pdfjs/content/PdfStreamConverter.jsm ++++ b/browser/extensions/pdfjs/content/PdfStreamConverter.jsm +@@ -24,17 +24,18 @@ const Cc = Components.classes; + const Ci = Components.interfaces; + const Cr = Components.results; + const Cu = Components.utils; + // True only if this is the version of pdf.js that is included with icecat. + const MOZ_CENTRAL = JSON.parse('true'); + const PDFJS_EVENT_ID = 'pdf.js.message'; + const PDF_CONTENT_TYPE = 'application/pdf'; + const PREF_PREFIX = 'pdfjs'; +-const PDF_VIEWER_WEB_PAGE = 'resource://pdf.js/web/viewer.html'; ++const PDF_VIEWER_ORIGIN = "resource://pdf.js"; ++const PDF_VIEWER_WEB_PAGE = "resource://pdf.js/web/viewer.html"; + const MAX_NUMBER_OF_PREFS = 50; + const MAX_STRING_PREF_LENGTH = 128; + + Cu.import('resource://gre/modules/XPCOMUtils.jsm'); + Cu.import('resource://gre/modules/Services.jsm'); + Cu.import('resource://gre/modules/NetUtil.jsm'); + + XPCOMUtils.defineLazyModuleGetter(this, 'NetworkManager', +@@ -105,21 +106,25 @@ function log(aMsg) { + if (!getBoolPref(PREF_PREFIX + '.pdfBugEnabled', false)) { + return; + } + var msg = 'PdfStreamConverter.js: ' + (aMsg.join ? aMsg.join('') : aMsg); + Services.console.logStringMessage(msg); + dump(msg + '\n'); + } + +-function getDOMWindow(aChannel) { ++function getDOMWindow(aChannel, aPrincipal) { + var requestor = aChannel.notificationCallbacks ? + aChannel.notificationCallbacks : + aChannel.loadGroup.notificationCallbacks; + var win = requestor.getInterface(Components.interfaces.nsIDOMWindow); ++ // Ensure the window wasn't navigated to something that is not PDF.js. ++ if (!win.document.nodePrincipal.equals(aPrincipal)) { ++ return null; ++ } + return win; + } + + function getLocalizedStrings(path) { + var stringBundle = Cc['@mozilla.org/intl/stringbundle;1']. + getService(Ci.nsIStringBundleService). + createBundle('chrome://pdf.js/locale/' + path); + +@@ -627,31 +632,31 @@ var RangedChromeActions = (function Rang + data = this.dataListener.readData(); + + this.dataListener.onprogress = function (loaded, total) { + self.domWindow.postMessage({ + pdfjsLoadAction: 'progressiveRead', + loaded: loaded, + total: total, + chunk: self.dataListener.readData() +- }, '*'); ++ }, PDF_VIEWER_ORIGIN); + }; + this.dataListener.oncomplete = function () { + self.dataListener = null; + }; + } + + this.domWindow.postMessage({ + pdfjsLoadAction: 'supportsRangedLoading', + rangeEnabled: this.rangeEnabled, + streamingEnabled: this.streamingEnabled, + pdfUrl: this.pdfUrl, + length: this.contentLength, + data: data +- }, '*'); ++ }, PDF_VIEWER_ORIGIN); + + return true; + }; + + proto.requestDataRange = function RangedChromeActions_requestDataRange(args) { + if (!this.rangeEnabled) { + return; + } +@@ -663,23 +668,23 @@ var RangedChromeActions = (function Rang + // errors from chrome code for non-range requests, so this doesn't + // seem high-pri + this.networkManager.requestRange(begin, end, { + onDone: function RangedChromeActions_onDone(args) { + domWindow.postMessage({ + pdfjsLoadAction: 'range', + begin: args.begin, + chunk: args.chunk +- }, '*'); ++ }, PDF_VIEWER_ORIGIN); + }, + onProgress: function RangedChromeActions_onProgress(evt) { + domWindow.postMessage({ + pdfjsLoadAction: 'rangeProgress', + loaded: evt.loaded, +- }, '*'); ++ }, PDF_VIEWER_ORIGIN); + } + }); + }; + + proto.abortLoading = function RangedChromeActions_abortLoading() { + this.networkManager.abortAllRequests(); + if (this.originalRequest) { + this.originalRequest.cancel(Cr.NS_BINDING_ABORTED); +@@ -718,26 +723,26 @@ var StandardChromeActions = (function St + var self = this; + + this.dataListener.onprogress = function ChromeActions_dataListenerProgress( + loaded, total) { + self.domWindow.postMessage({ + pdfjsLoadAction: 'progress', + loaded: loaded, + total: total +- }, '*'); ++ }, PDF_VIEWER_ORIGIN); + }; + + this.dataListener.oncomplete = + function StandardChromeActions_dataListenerComplete(data, errorCode) { + self.domWindow.postMessage({ + pdfjsLoadAction: 'complete', + data: data, + errorCode: errorCode +- }, '*'); ++ }, PDF_VIEWER_ORIGIN); + + self.dataListener = null; + self.originalRequest = null; + }; + + return true; + }; + +@@ -972,31 +977,35 @@ PdfStreamConverter.prototype = { + var proxy = { + onStartRequest: function(request, context) { + listener.onStartRequest(aRequest, aContext); + }, + onDataAvailable: function(request, context, inputStream, offset, count) { + listener.onDataAvailable(aRequest, aContext, inputStream, + offset, count); + }, +- onStopRequest: function(request, context, statusCode) { +- // We get the DOM window here instead of before the request since it +- // may have changed during a redirect. +- var domWindow = getDOMWindow(channel); ++ onStopRequest(request, context, statusCode) { ++ var domWindow = getDOMWindow(channel, resourcePrincipal); ++ if (!Components.isSuccessCode(statusCode) || !domWindow) { ++ // The request may have been aborted and the document may have been ++ // replaced with something that is not PDF.js, abort attaching. ++ listener.onStopRequest(aRequest, context, statusCode); ++ return; ++ } + var actions; + if (rangeRequest || streamRequest) { + actions = new RangedChromeActions( + domWindow, contentDispositionFilename, aRequest, + rangeRequest, streamRequest, dataListener); + } else { + actions = new StandardChromeActions( + domWindow, contentDispositionFilename, aRequest, dataListener); + } + var requestListener = new RequestListener(actions); +- domWindow.addEventListener(PDFJS_EVENT_ID, function(event) { ++ domWindow.document.addEventListener(PDFJS_EVENT_ID, function(event) { + requestListener.receive(event); + }, false, true); + if (actions.supportsIntegratedFind()) { + var findEventManager = new FindEventManager(domWindow); + findEventManager.bind(); + } + listener.onStopRequest(aRequest, aContext, statusCode); + +diff --git a/browser/extensions/pdfjs/content/build/pdf.worker.js b/browser/extensions/pdfjs/content/build/pdf.worker.js +--- a/browser/extensions/pdfjs/content/build/pdf.worker.js ++++ b/browser/extensions/pdfjs/content/build/pdf.worker.js +@@ -41648,16 +41648,32 @@ + var error = sharedUtil.error; + var info = sharedUtil.info; + var isArray = sharedUtil.isArray; + var isBool = sharedUtil.isBool; + var isDict = corePrimitives.isDict; + var isStream = corePrimitives.isStream; + var PostScriptLexer = corePsParser.PostScriptLexer; + var PostScriptParser = corePsParser.PostScriptParser; ++ function toNumberArray(arr) { ++ if (!Array.isArray(arr)) { ++ return null; ++ } ++ var length = arr.length; ++ for (var i = 0; i < length; i++) { ++ if (typeof arr[i] !== 'number') { ++ var result = new Array(length); ++ for (var j = 0; j < length; j++) { ++ result[j] = +arr[j]; ++ } ++ return result; ++ } ++ } ++ return arr; ++ } + var PDFFunction = function PDFFunctionClosure() { + var CONSTRUCT_SAMPLED = 0; + var CONSTRUCT_INTERPOLATED = 2; + var CONSTRUCT_STICHED = 3; + var CONSTRUCT_POSTSCRIPT = 4; + return { + getSampleArray: function PDFFunction_getSampleArray(size, outputSize, bps, str) { + var i, ii; +@@ -41747,43 +41763,43 @@ + out[index] = [ + arr[i], + arr[i + 1] + ]; + ++index; + } + return out; + } +- var domain = dict.getArray('Domain'); +- var range = dict.getArray('Range'); ++ var domain = toNumberArray(dict.getArray('Domain')); ++ var range = toNumberArray(dict.getArray('Range')); + if (!domain || !range) { + error('No domain or range'); + } + var inputSize = domain.length / 2; + var outputSize = range.length / 2; + domain = toMultiArray(domain); + range = toMultiArray(range); +- var size = dict.get('Size'); ++ var size = toNumberArray(dict.get('Size')); + var bps = dict.get('BitsPerSample'); + var order = dict.get('Order') || 1; + if (order !== 1) { + // No description how cubic spline interpolation works in PDF32000:2008 + // As in poppler, ignoring order, linear interpolation may work as good + info('No support for cubic spline interpolation: ' + order); + } +- var encode = dict.getArray('Encode'); ++ var encode = toNumberArray(dict.getArray('Encode')); + if (!encode) { + encode = []; + for (var i = 0; i < inputSize; ++i) { +- encode.push(0); +- encode.push(size[i] - 1); +- } +- } +- encode = toMultiArray(encode); +- var decode = dict.getArray('Decode'); ++ encode.push([0, size[i] - 1]); ++ } ++ } else { ++ encode = toMultiArray(encode); ++ } ++ var decode = toNumberArray(dict.getArray('Decode')); + if (!decode) { + decode = range; + } else { + decode = toMultiArray(decode); + } + var samples = this.getSampleArray(size, outputSize, bps, str); + return [ + CONSTRUCT_SAMPLED, +@@ -41868,22 +41884,19 @@ + // Decode_2j, Decode_2j+1) + rj = interpolate(rj, 0, 1, decode[j][0], decode[j][1]); + // y_j = min(max(r_j, range_2j), range_2j+1) + dest[destOffset + j] = Math.min(Math.max(rj, range[j][0]), range[j][1]); + } + }; + }, + constructInterpolated: function PDFFunction_constructInterpolated(str, dict) { +- var c0 = dict.getArray('C0') || [0]; +- var c1 = dict.getArray('C1') || [1]; ++ var c0 = toNumberArray(dict.getArray('C0')) || [0]; ++ var c1 = toNumberArray(dict.getArray('C1')) || [1]; + var n = dict.get('N'); +- if (!isArray(c0) || !isArray(c1)) { +- error('Illegal dictionary for interpolated function'); +- } + var length = c0.length; + var diff = []; + for (var i = 0; i < length; ++i) { + diff.push(c1[i] - c0[i]); + } + return [ + CONSTRUCT_INTERPOLATED, + c0, +@@ -41899,49 +41912,45 @@ + return function constructInterpolatedFromIRResult(src, srcOffset, dest, destOffset) { + var x = n === 1 ? src[srcOffset] : Math.pow(src[srcOffset], n); + for (var j = 0; j < length; ++j) { + dest[destOffset + j] = c0[j] + x * diff[j]; + } + }; + }, + constructStiched: function PDFFunction_constructStiched(fn, dict, xref) { +- var domain = dict.getArray('Domain'); ++ var domain = toNumberArray(dict.getArray('Domain')); + if (!domain) { + error('No domain'); + } + var inputSize = domain.length / 2; + if (inputSize !== 1) { + error('Bad domain for stiched function'); + } + var fnRefs = dict.get('Functions'); + var fns = []; + for (var i = 0, ii = fnRefs.length; i < ii; ++i) { +- fns.push(PDFFunction.getIR(xref, xref.fetchIfRef(fnRefs[i]))); +- } +- var bounds = dict.getArray('Bounds'); +- var encode = dict.getArray('Encode'); ++ fns.push(PDFFunction.parse(xref, xref.fetchIfRef(fnRefs[i]))); ++ } ++ var bounds = toNumberArray(dict.getArray('Bounds')); ++ var encode = toNumberArray(dict.getArray('Encode')); + return [ + CONSTRUCT_STICHED, + domain, + bounds, + encode, + fns + ]; + }, + constructStichedFromIR: function PDFFunction_constructStichedFromIR(IR) { + var domain = IR[1]; + var bounds = IR[2]; + var encode = IR[3]; +- var fnsIR = IR[4]; +- var fns = []; ++ var fns = IR[4]; + var tmpBuf = new Float32Array(1); +- for (var i = 0, ii = fnsIR.length; i < ii; i++) { +- fns.push(PDFFunction.fromIR(fnsIR[i])); +- } + return function constructStichedFromIRResult(src, srcOffset, dest, destOffset) { + var clip = function constructStichedFromIRClip(v, min, max) { + if (v > max) { + v = max; + } else if (v < min) { + v = min; + } + return v; +@@ -41968,18 +41977,18 @@ + // Prevent the value from becoming NaN as a result + // of division by zero (fixes issue6113.pdf). + tmpBuf[0] = dmin === dmax ? rmin : rmin + (v - dmin) * (rmax - rmin) / (dmax - dmin); + // call the appropriate function + fns[i](tmpBuf, 0, dest, destOffset); + }; + }, + constructPostScript: function PDFFunction_constructPostScript(fn, dict, xref) { +- var domain = dict.getArray('Domain'); +- var range = dict.getArray('Range'); ++ var domain = toNumberArray(dict.getArray('Domain')); ++ var range = toNumberArray(dict.getArray('Range')); + if (!domain) { + error('No domain.'); + } + if (!range) { + error('No range.'); + } + var lexer = new PostScriptLexer(fn); + var parser = new PostScriptParser(lexer); +@@ -42928,18 +42937,18 @@ + case 'IndexedCS': + var baseIndexedCS = IR[1]; + var hiVal = IR[2]; + var lookup = IR[3]; + return new IndexedCS(ColorSpace.fromIR(baseIndexedCS), hiVal, lookup); + case 'AlternateCS': + var numComps = IR[1]; + var alt = IR[2]; +- var tintFnIR = IR[3]; +- return new AlternateCS(numComps, ColorSpace.fromIR(alt), PDFFunction.fromIR(tintFnIR)); ++ var tintFn = IR[3]; ++ return new AlternateCS(numComps, ColorSpace.fromIR(alt), tintFn); + case 'LabCS': + whitePoint = IR[1]; + blackPoint = IR[2]; + var range = IR[3]; + return new LabCS(whitePoint, blackPoint, range); + default: + error('Unknown name ' + name); + } +@@ -43067,22 +43076,22 @@ + var name = xref.fetchIfRef(cs[1]); + numComps = 1; + if (isName(name)) { + numComps = 1; + } else if (isArray(name)) { + numComps = name.length; + } + alt = ColorSpace.parseToIR(cs[2], xref, res); +- var tintFnIR = PDFFunction.getIR(xref, xref.fetchIfRef(cs[3])); ++ var tintFn = PDFFunction.parse(xref, xref.fetchIfRef(cs[3])); + return [ + 'AlternateCS', + numComps, + alt, +- tintFnIR ++ tintFn + ]; + case 'Lab': + params = xref.fetchIfRef(cs[1]); + whitePoint = params.getArray('WhitePoint'); + blackPoint = params.getArray('BlackPoint'); + var range = params.getArray('Range'); + return [ + 'LabCS', +@@ -52483,9 +52492,9 @@ + initializeWorker(); + } + exports.setPDFNetworkStreamClass = setPDFNetworkStreamClass; + exports.WorkerTask = WorkerTask; + exports.WorkerMessageHandler = WorkerMessageHandler; + })); + }.call(pdfjsLibs)); + exports.WorkerMessageHandler = pdfjsLibs.pdfjsCoreWorker.WorkerMessageHandler; +-})); +\ No newline at end of file ++})); + diff --git a/gnu/packages/patches/icecat-bug-1452075.patch b/gnu/packages/patches/icecat-bug-1452075.patch deleted file mode 100644 index b776640133..0000000000 --- a/gnu/packages/patches/icecat-bug-1452075.patch +++ /dev/null @@ -1,441 +0,0 @@ -Based on -Adapted to apply cleanly to GNU IceCat. - -# HG changeset patch -# User Ryan VanderMeulen -# Date 1523630807 14400 -# Node ID 608e76ec5ba25cec2271d2b400c7bce2d4c5ef79 -# Parent 10b7f43b536f93151201d44d304c991aa9af5d0c -Bug 1452075 - Backport some upstream pdf.js fixes to ESR52. r=bdahl, r=yury, a=RyanVM - -diff --git a/browser/extensions/pdfjs/content/PdfStreamConverter.jsm b/browser/extensions/pdfjs/content/PdfStreamConverter.jsm ---- a/browser/extensions/pdfjs/content/PdfStreamConverter.jsm -+++ b/browser/extensions/pdfjs/content/PdfStreamConverter.jsm -@@ -24,17 +24,18 @@ const Cc = Components.classes; - const Ci = Components.interfaces; - const Cr = Components.results; - const Cu = Components.utils; - // True only if this is the version of pdf.js that is included with icecat. - const MOZ_CENTRAL = JSON.parse('true'); - const PDFJS_EVENT_ID = 'pdf.js.message'; - const PDF_CONTENT_TYPE = 'application/pdf'; - const PREF_PREFIX = 'pdfjs'; --const PDF_VIEWER_WEB_PAGE = 'resource://pdf.js/web/viewer.html'; -+const PDF_VIEWER_ORIGIN = "resource://pdf.js"; -+const PDF_VIEWER_WEB_PAGE = "resource://pdf.js/web/viewer.html"; - const MAX_NUMBER_OF_PREFS = 50; - const MAX_STRING_PREF_LENGTH = 128; - - Cu.import('resource://gre/modules/XPCOMUtils.jsm'); - Cu.import('resource://gre/modules/Services.jsm'); - Cu.import('resource://gre/modules/NetUtil.jsm'); - - XPCOMUtils.defineLazyModuleGetter(this, 'NetworkManager', -@@ -105,21 +106,25 @@ function log(aMsg) { - if (!getBoolPref(PREF_PREFIX + '.pdfBugEnabled', false)) { - return; - } - var msg = 'PdfStreamConverter.js: ' + (aMsg.join ? aMsg.join('') : aMsg); - Services.console.logStringMessage(msg); - dump(msg + '\n'); - } - --function getDOMWindow(aChannel) { -+function getDOMWindow(aChannel, aPrincipal) { - var requestor = aChannel.notificationCallbacks ? - aChannel.notificationCallbacks : - aChannel.loadGroup.notificationCallbacks; - var win = requestor.getInterface(Components.interfaces.nsIDOMWindow); -+ // Ensure the window wasn't navigated to something that is not PDF.js. -+ if (!win.document.nodePrincipal.equals(aPrincipal)) { -+ return null; -+ } - return win; - } - - function getLocalizedStrings(path) { - var stringBundle = Cc['@mozilla.org/intl/stringbundle;1']. - getService(Ci.nsIStringBundleService). - createBundle('chrome://pdf.js/locale/' + path); - -@@ -627,31 +632,31 @@ var RangedChromeActions = (function Rang - data = this.dataListener.readData(); - - this.dataListener.onprogress = function (loaded, total) { - self.domWindow.postMessage({ - pdfjsLoadAction: 'progressiveRead', - loaded: loaded, - total: total, - chunk: self.dataListener.readData() -- }, '*'); -+ }, PDF_VIEWER_ORIGIN); - }; - this.dataListener.oncomplete = function () { - self.dataListener = null; - }; - } - - this.domWindow.postMessage({ - pdfjsLoadAction: 'supportsRangedLoading', - rangeEnabled: this.rangeEnabled, - streamingEnabled: this.streamingEnabled, - pdfUrl: this.pdfUrl, - length: this.contentLength, - data: data -- }, '*'); -+ }, PDF_VIEWER_ORIGIN); - - return true; - }; - - proto.requestDataRange = function RangedChromeActions_requestDataRange(args) { - if (!this.rangeEnabled) { - return; - } -@@ -663,23 +668,23 @@ var RangedChromeActions = (function Rang - // errors from chrome code for non-range requests, so this doesn't - // seem high-pri - this.networkManager.requestRange(begin, end, { - onDone: function RangedChromeActions_onDone(args) { - domWindow.postMessage({ - pdfjsLoadAction: 'range', - begin: args.begin, - chunk: args.chunk -- }, '*'); -+ }, PDF_VIEWER_ORIGIN); - }, - onProgress: function RangedChromeActions_onProgress(evt) { - domWindow.postMessage({ - pdfjsLoadAction: 'rangeProgress', - loaded: evt.loaded, -- }, '*'); -+ }, PDF_VIEWER_ORIGIN); - } - }); - }; - - proto.abortLoading = function RangedChromeActions_abortLoading() { - this.networkManager.abortAllRequests(); - if (this.originalRequest) { - this.originalRequest.cancel(Cr.NS_BINDING_ABORTED); -@@ -718,26 +723,26 @@ var StandardChromeActions = (function St - var self = this; - - this.dataListener.onprogress = function ChromeActions_dataListenerProgress( - loaded, total) { - self.domWindow.postMessage({ - pdfjsLoadAction: 'progress', - loaded: loaded, - total: total -- }, '*'); -+ }, PDF_VIEWER_ORIGIN); - }; - - this.dataListener.oncomplete = - function StandardChromeActions_dataListenerComplete(data, errorCode) { - self.domWindow.postMessage({ - pdfjsLoadAction: 'complete', - data: data, - errorCode: errorCode -- }, '*'); -+ }, PDF_VIEWER_ORIGIN); - - self.dataListener = null; - self.originalRequest = null; - }; - - return true; - }; - -@@ -972,31 +977,35 @@ PdfStreamConverter.prototype = { - var proxy = { - onStartRequest: function(request, context) { - listener.onStartRequest(aRequest, aContext); - }, - onDataAvailable: function(request, context, inputStream, offset, count) { - listener.onDataAvailable(aRequest, aContext, inputStream, - offset, count); - }, -- onStopRequest: function(request, context, statusCode) { -- // We get the DOM window here instead of before the request since it -- // may have changed during a redirect. -- var domWindow = getDOMWindow(channel); -+ onStopRequest(request, context, statusCode) { -+ var domWindow = getDOMWindow(channel, resourcePrincipal); -+ if (!Components.isSuccessCode(statusCode) || !domWindow) { -+ // The request may have been aborted and the document may have been -+ // replaced with something that is not PDF.js, abort attaching. -+ listener.onStopRequest(aRequest, context, statusCode); -+ return; -+ } - var actions; - if (rangeRequest || streamRequest) { - actions = new RangedChromeActions( - domWindow, contentDispositionFilename, aRequest, - rangeRequest, streamRequest, dataListener); - } else { - actions = new StandardChromeActions( - domWindow, contentDispositionFilename, aRequest, dataListener); - } - var requestListener = new RequestListener(actions); -- domWindow.addEventListener(PDFJS_EVENT_ID, function(event) { -+ domWindow.document.addEventListener(PDFJS_EVENT_ID, function(event) { - requestListener.receive(event); - }, false, true); - if (actions.supportsIntegratedFind()) { - var findEventManager = new FindEventManager(domWindow); - findEventManager.bind(); - } - listener.onStopRequest(aRequest, aContext, statusCode); - -diff --git a/browser/extensions/pdfjs/content/build/pdf.worker.js b/browser/extensions/pdfjs/content/build/pdf.worker.js ---- a/browser/extensions/pdfjs/content/build/pdf.worker.js -+++ b/browser/extensions/pdfjs/content/build/pdf.worker.js -@@ -41648,16 +41648,32 @@ - var error = sharedUtil.error; - var info = sharedUtil.info; - var isArray = sharedUtil.isArray; - var isBool = sharedUtil.isBool; - var isDict = corePrimitives.isDict; - var isStream = corePrimitives.isStream; - var PostScriptLexer = corePsParser.PostScriptLexer; - var PostScriptParser = corePsParser.PostScriptParser; -+ function toNumberArray(arr) { -+ if (!Array.isArray(arr)) { -+ return null; -+ } -+ var length = arr.length; -+ for (var i = 0; i < length; i++) { -+ if (typeof arr[i] !== 'number') { -+ var result = new Array(length); -+ for (var j = 0; j < length; j++) { -+ result[j] = +arr[j]; -+ } -+ return result; -+ } -+ } -+ return arr; -+ } - var PDFFunction = function PDFFunctionClosure() { - var CONSTRUCT_SAMPLED = 0; - var CONSTRUCT_INTERPOLATED = 2; - var CONSTRUCT_STICHED = 3; - var CONSTRUCT_POSTSCRIPT = 4; - return { - getSampleArray: function PDFFunction_getSampleArray(size, outputSize, bps, str) { - var i, ii; -@@ -41747,43 +41763,43 @@ - out[index] = [ - arr[i], - arr[i + 1] - ]; - ++index; - } - return out; - } -- var domain = dict.getArray('Domain'); -- var range = dict.getArray('Range'); -+ var domain = toNumberArray(dict.getArray('Domain')); -+ var range = toNumberArray(dict.getArray('Range')); - if (!domain || !range) { - error('No domain or range'); - } - var inputSize = domain.length / 2; - var outputSize = range.length / 2; - domain = toMultiArray(domain); - range = toMultiArray(range); -- var size = dict.get('Size'); -+ var size = toNumberArray(dict.get('Size')); - var bps = dict.get('BitsPerSample'); - var order = dict.get('Order') || 1; - if (order !== 1) { - // No description how cubic spline interpolation works in PDF32000:2008 - // As in poppler, ignoring order, linear interpolation may work as good - info('No support for cubic spline interpolation: ' + order); - } -- var encode = dict.getArray('Encode'); -+ var encode = toNumberArray(dict.getArray('Encode')); - if (!encode) { - encode = []; - for (var i = 0; i < inputSize; ++i) { -- encode.push(0); -- encode.push(size[i] - 1); -- } -- } -- encode = toMultiArray(encode); -- var decode = dict.getArray('Decode'); -+ encode.push([0, size[i] - 1]); -+ } -+ } else { -+ encode = toMultiArray(encode); -+ } -+ var decode = toNumberArray(dict.getArray('Decode')); - if (!decode) { - decode = range; - } else { - decode = toMultiArray(decode); - } - var samples = this.getSampleArray(size, outputSize, bps, str); - return [ - CONSTRUCT_SAMPLED, -@@ -41868,22 +41884,19 @@ - // Decode_2j, Decode_2j+1) - rj = interpolate(rj, 0, 1, decode[j][0], decode[j][1]); - // y_j = min(max(r_j, range_2j), range_2j+1) - dest[destOffset + j] = Math.min(Math.max(rj, range[j][0]), range[j][1]); - } - }; - }, - constructInterpolated: function PDFFunction_constructInterpolated(str, dict) { -- var c0 = dict.getArray('C0') || [0]; -- var c1 = dict.getArray('C1') || [1]; -+ var c0 = toNumberArray(dict.getArray('C0')) || [0]; -+ var c1 = toNumberArray(dict.getArray('C1')) || [1]; - var n = dict.get('N'); -- if (!isArray(c0) || !isArray(c1)) { -- error('Illegal dictionary for interpolated function'); -- } - var length = c0.length; - var diff = []; - for (var i = 0; i < length; ++i) { - diff.push(c1[i] - c0[i]); - } - return [ - CONSTRUCT_INTERPOLATED, - c0, -@@ -41899,49 +41912,45 @@ - return function constructInterpolatedFromIRResult(src, srcOffset, dest, destOffset) { - var x = n === 1 ? src[srcOffset] : Math.pow(src[srcOffset], n); - for (var j = 0; j < length; ++j) { - dest[destOffset + j] = c0[j] + x * diff[j]; - } - }; - }, - constructStiched: function PDFFunction_constructStiched(fn, dict, xref) { -- var domain = dict.getArray('Domain'); -+ var domain = toNumberArray(dict.getArray('Domain')); - if (!domain) { - error('No domain'); - } - var inputSize = domain.length / 2; - if (inputSize !== 1) { - error('Bad domain for stiched function'); - } - var fnRefs = dict.get('Functions'); - var fns = []; - for (var i = 0, ii = fnRefs.length; i < ii; ++i) { -- fns.push(PDFFunction.getIR(xref, xref.fetchIfRef(fnRefs[i]))); -- } -- var bounds = dict.getArray('Bounds'); -- var encode = dict.getArray('Encode'); -+ fns.push(PDFFunction.parse(xref, xref.fetchIfRef(fnRefs[i]))); -+ } -+ var bounds = toNumberArray(dict.getArray('Bounds')); -+ var encode = toNumberArray(dict.getArray('Encode')); - return [ - CONSTRUCT_STICHED, - domain, - bounds, - encode, - fns - ]; - }, - constructStichedFromIR: function PDFFunction_constructStichedFromIR(IR) { - var domain = IR[1]; - var bounds = IR[2]; - var encode = IR[3]; -- var fnsIR = IR[4]; -- var fns = []; -+ var fns = IR[4]; - var tmpBuf = new Float32Array(1); -- for (var i = 0, ii = fnsIR.length; i < ii; i++) { -- fns.push(PDFFunction.fromIR(fnsIR[i])); -- } - return function constructStichedFromIRResult(src, srcOffset, dest, destOffset) { - var clip = function constructStichedFromIRClip(v, min, max) { - if (v > max) { - v = max; - } else if (v < min) { - v = min; - } - return v; -@@ -41968,18 +41977,18 @@ - // Prevent the value from becoming NaN as a result - // of division by zero (fixes issue6113.pdf). - tmpBuf[0] = dmin === dmax ? rmin : rmin + (v - dmin) * (rmax - rmin) / (dmax - dmin); - // call the appropriate function - fns[i](tmpBuf, 0, dest, destOffset); - }; - }, - constructPostScript: function PDFFunction_constructPostScript(fn, dict, xref) { -- var domain = dict.getArray('Domain'); -- var range = dict.getArray('Range'); -+ var domain = toNumberArray(dict.getArray('Domain')); -+ var range = toNumberArray(dict.getArray('Range')); - if (!domain) { - error('No domain.'); - } - if (!range) { - error('No range.'); - } - var lexer = new PostScriptLexer(fn); - var parser = new PostScriptParser(lexer); -@@ -42928,18 +42937,18 @@ - case 'IndexedCS': - var baseIndexedCS = IR[1]; - var hiVal = IR[2]; - var lookup = IR[3]; - return new IndexedCS(ColorSpace.fromIR(baseIndexedCS), hiVal, lookup); - case 'AlternateCS': - var numComps = IR[1]; - var alt = IR[2]; -- var tintFnIR = IR[3]; -- return new AlternateCS(numComps, ColorSpace.fromIR(alt), PDFFunction.fromIR(tintFnIR)); -+ var tintFn = IR[3]; -+ return new AlternateCS(numComps, ColorSpace.fromIR(alt), tintFn); - case 'LabCS': - whitePoint = IR[1]; - blackPoint = IR[2]; - var range = IR[3]; - return new LabCS(whitePoint, blackPoint, range); - default: - error('Unknown name ' + name); - } -@@ -43067,22 +43076,22 @@ - var name = xref.fetchIfRef(cs[1]); - numComps = 1; - if (isName(name)) { - numComps = 1; - } else if (isArray(name)) { - numComps = name.length; - } - alt = ColorSpace.parseToIR(cs[2], xref, res); -- var tintFnIR = PDFFunction.getIR(xref, xref.fetchIfRef(cs[3])); -+ var tintFn = PDFFunction.parse(xref, xref.fetchIfRef(cs[3])); - return [ - 'AlternateCS', - numComps, - alt, -- tintFnIR -+ tintFn - ]; - case 'Lab': - params = xref.fetchIfRef(cs[1]); - whitePoint = params.getArray('WhitePoint'); - blackPoint = params.getArray('BlackPoint'); - var range = params.getArray('Range'); - return [ - 'LabCS', -@@ -52483,9 +52492,9 @@ - initializeWorker(); - } - exports.setPDFNetworkStreamClass = setPDFNetworkStreamClass; - exports.WorkerTask = WorkerTask; - exports.WorkerMessageHandler = WorkerMessageHandler; - })); - }.call(pdfjsLibs)); - exports.WorkerMessageHandler = pdfjsLibs.pdfjsCoreWorker.WorkerMessageHandler; --})); -\ No newline at end of file -+})); - -- cgit v1.2.3 From d801cd0509c9c9523300c41582ec3d8e59e15539 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Sun, 13 May 2018 13:28:55 +0200 Subject: gnu: Add Robocut. * gnu/packages/printers.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. --- gnu/local.mk | 1 + gnu/packages/printers.scm | 69 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 70 insertions(+) create mode 100644 gnu/packages/printers.scm (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 3ca7d45bde..cce950b5bc 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -344,6 +344,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/plotutils.scm \ %D%/packages/polkit.scm \ %D%/packages/popt.scm \ + %D%/packages/printers.scm \ %D%/packages/profiling.scm \ %D%/packages/pth.scm \ %D%/packages/pulseaudio.scm \ diff --git a/gnu/packages/printers.scm b/gnu/packages/printers.scm new file mode 100644 index 0000000000..2e58018282 --- /dev/null +++ b/gnu/packages/printers.scm @@ -0,0 +1,69 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2018 Ludovic Courtès +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages printers) + #:use-module (guix packages) + #:use-module (guix download) + #:use-module (guix build-system gnu) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (gnu packages libusb) + #:use-module (gnu packages pkg-config) + #:use-module (gnu packages qt)) + +;; This is a module for packages related to printer-like devices, but not +;; related to CUPS. + +(define-public robocut + (package + (name "robocut") + (version "1.0.11") + (source (origin + (method url-fetch) + (uri (string-append + "https://github.com/Timmmm/robocut/archive/v" + version ".tar.gz")) + (sha256 + (base32 + "0nmr1plq1f6sarxwqwy4vzbxkljlx8y4xalm7r05vx4lrdai5pad")) + (file-name (string-append name "-" version ".tar.gz")))) + (build-system gnu-build-system) + (arguments + '(#:phases (modify-phases %standard-phases + (replace 'configure + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (substitute* "Robocut.pro" + (("/usr/") + (string-append out "/"))) + + (invoke "qmake" + (string-append "PREFIX=" out)) + #t)))))) + (inputs + `(("libusb" ,libusb) + ("qt" ,qtbase) + ("qtsvg" ,qtsvg))) + (native-inputs + `(("pkg-config" ,pkg-config) + ("qmake" ,qttools))) + (synopsis "Graphical program to drive plotting cutters") + (description + "Robocut is a simple graphical program that allows you to cut graphics +with Graphtec and Sihouette plotting cutters using an SVG file as its input.") + (home-page "http://robocut.org") + (license license:gpl3+))) -- cgit v1.2.3 From aa8ac0294421d465f60e18c8271f971ec8407a95 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Sun, 13 May 2018 20:39:36 +0300 Subject: gnu: myrepos: Fix CVE-2018-7032. * gnu/packages/version-control.scm (myrepos)[source]: Add patch. * gnu/packages/patches/myrepos-CVE-2018-7032.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/patches/myrepos-CVE-2018-7032.patch | 69 ++++++++++++++++++++++++ gnu/packages/version-control.scm | 3 +- 3 files changed, 72 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/myrepos-CVE-2018-7032.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index cce950b5bc..7987f8ad91 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -939,6 +939,7 @@ dist_patch_DATA = \ %D%/packages/patches/mupen64plus-ui-console-notice.patch \ %D%/packages/patches/mupen64plus-video-z64-glew-correct-path.patch \ %D%/packages/patches/mutt-store-references.patch \ + %D%/packages/patches/myrepos-CVE-2018-7032.patch \ %D%/packages/patches/net-tools-bitrot.patch \ %D%/packages/patches/netcdf-date-time.patch \ %D%/packages/patches/netcdf-tst_h_par.patch \ diff --git a/gnu/packages/patches/myrepos-CVE-2018-7032.patch b/gnu/packages/patches/myrepos-CVE-2018-7032.patch new file mode 100644 index 0000000000..ce9493e5f9 --- /dev/null +++ b/gnu/packages/patches/myrepos-CVE-2018-7032.patch @@ -0,0 +1,69 @@ +http://source.myrepos.branchable.com/?p=source.git;a=patch;h=40a3df21c73f1bb1b6915cc6fa503f50814664c8 +This can be removed with the next release. It was modified slightly to apply + +From 40a3df21c73f1bb1b6915cc6fa503f50814664c8 Mon Sep 17 00:00:00 2001 +From: Paul Wise +Date: Sun, 11 Feb 2018 21:57:49 +0800 +Subject: [PATCH] Mitigate vulnerabilities caused by some git remotes being + able to execute code + +Set GIT_PROTOCOL_FROM_USER=0 with git versions newer than 2.12. + +Prevent remote websites from causing cloning of local repositories. + +Manually whitelist known-safe protocols (http, https, git, ssh) +when using git versions older than 2.12. + +Fixes: CVE-2018-7032 +Fixes: https://bugs.debian.org/840014 +Suggestions-by: Jakub Wilk +Reported-by: Jakub Wilk +--- + webcheckout | 22 +++++++++++++++++++++- + 1 file changed, 21 insertions(+), 1 deletion(-) + +diff --git a/webcheckout b/webcheckout +index e98da5c..de497ba 100755 +--- a/webcheckout ++++ b/webcheckout +@@ -71,6 +71,16 @@ use Getopt::Long; + use warnings; + use strict; + ++# Mitigate some git remote types being dangerous ++my $git_unsafe = 1; ++my $git_version = `git --version`; ++$git_version =~ s{^git version }{}; ++my ($major, $minor) = split(/\./, $git_version); ++if (int($major) >= 2 && int($minor) >= 12) { ++ $ENV{GIT_PROTOCOL_FROM_USER} = 0; ++ $git_unsafe = 0; ++} ++ + # What to download. + my $url; + +@@ -89,7 +99,17 @@ my $destdir; + + # how to perform checkouts + my %handlers=( +- git => sub { doit("git", "clone", shift, $destdir) }, +- svn => sub { doit("svn", "checkout", shift, $destdir) }, +- bzr => sub { doit("bzr", "branch", shift, $destdir) }, ++ git => sub { ++ my $git_url = shift; ++ # Reject unsafe URLs with older versions of git ++ # that do not already check the URL safety. ++ if ($git_unsafe && $git_url !~ m{^(?:(?:https?|git|ssh):[^:]|(?:[-_.A-Za-z0-9]+@)?[-_.A-Za-z0-9]+:(?!:|//))}) { ++ print STDERR "potentially unsafe git URL, may fail, touch local files or execute arbitrary code\n"; ++ return 1; ++ } ++ # Reject cloning local directories too, webcheckout is for remote repos ++ doit(qw(git -c protocol.file.allow=user clone --), $git_url, $destdir) ++ }, ++ svn => sub { doit(qw(svn checkout --), shift, $destdir) }, ++ bzr => sub { doit(qw(bzr branch --), shift, $destdir) }, + ); +-- +2.11.0 + diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm index 848660bdd7..b41529d4f8 100644 --- a/gnu/packages/version-control.scm +++ b/gnu/packages/version-control.scm @@ -1573,7 +1573,8 @@ (define-public myrepos (commit version))) (file-name (string-append name "-" version "-checkout")) (sha256 - (base32 "10q7lpx152xnkk701fscn4dq99q9znnmv3bc2482khhjg7z8rps0")))) + (base32 "10q7lpx152xnkk701fscn4dq99q9znnmv3bc2482khhjg7z8rps0")) + (patches (search-patches "myrepos-CVE-2018-7032.patch")))) (build-system gnu-build-system) (inputs `(("perl" ,perl))) -- cgit v1.2.3 From 2b79c6833d5b6728edf859f7e885ed397b77bedc Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Mon, 14 May 2018 12:04:30 +0300 Subject: gnu: mupdf: Update to 1.13.0. * gnu/packages/pdf.scm (mupdf): Update to 1.13.0. [source]: Remove patches. * gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch, gnu/packages/patches/mupdf-CVE-2017-17858.patch, gnu/packages/patches/mupdf-CVE-2018-6544.patch, gnu/packages/patches/mupdf-CVE-2018-1000051.patch: Remove files. * gnu/local.mk (dist_patch_DATA): Remove them. --- gnu/local.mk | 4 - gnu/packages/patches/mupdf-CVE-2017-17858.patch | 111 --------------------- gnu/packages/patches/mupdf-CVE-2018-1000051.patch | 88 ---------------- gnu/packages/patches/mupdf-CVE-2018-6544.patch | 109 -------------------- .../patches/mupdf-build-with-latest-openjpeg.patch | 27 ----- gnu/packages/pdf.scm | 12 +-- 6 files changed, 4 insertions(+), 347 deletions(-) delete mode 100644 gnu/packages/patches/mupdf-CVE-2017-17858.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2018-1000051.patch delete mode 100644 gnu/packages/patches/mupdf-CVE-2018-6544.patch delete mode 100644 gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 7987f8ad91..d55276fb33 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -932,10 +932,6 @@ dist_patch_DATA = \ %D%/packages/patches/mozjs38-tracelogger.patch \ %D%/packages/patches/mozjs38-version-detection.patch \ %D%/packages/patches/mumps-build-parallelism.patch \ - %D%/packages/patches/mupdf-build-with-latest-openjpeg.patch \ - %D%/packages/patches/mupdf-CVE-2017-17858.patch \ - %D%/packages/patches/mupdf-CVE-2018-6544.patch \ - %D%/packages/patches/mupdf-CVE-2018-1000051.patch \ %D%/packages/patches/mupen64plus-ui-console-notice.patch \ %D%/packages/patches/mupen64plus-video-z64-glew-correct-path.patch \ %D%/packages/patches/mutt-store-references.patch \ diff --git a/gnu/packages/patches/mupdf-CVE-2017-17858.patch b/gnu/packages/patches/mupdf-CVE-2017-17858.patch deleted file mode 100644 index 66df127509..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2017-17858.patch +++ /dev/null @@ -1,111 +0,0 @@ -Fix CVE-2017-17858: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17858 -https://bugs.ghostscript.com/show_bug.cgi?id=698819 -https://github.com/mzet-/Security-Advisories/blob/master/mzet-adv-2017-01.md - -Patch copied from upstream source repository: - -https://git.ghostscript.com/?p=mupdf.git;a=commit;h=55c3f68d638ac1263a386e0aaa004bb6e8bde731 - -From 55c3f68d638ac1263a386e0aaa004bb6e8bde731 Mon Sep 17 00:00:00 2001 -From: Sebastian Rasmussen -Date: Mon, 11 Dec 2017 14:09:15 +0100 -Subject: [PATCH] Bugs 698804/698810/698811: Keep PDF object numbers below - limit. - -This ensures that: - * xref tables with objects pointers do not grow out of bounds. - * other readers, e.g. Adobe Acrobat can parse PDFs written by mupdf. ---- - include/mupdf/pdf/object.h | 3 +++ - source/pdf/pdf-repair.c | 5 +---- - source/pdf/pdf-xref.c | 21 ++++++++++++--------- - 3 files changed, 16 insertions(+), 13 deletions(-) - -diff --git a/include/mupdf/pdf/object.h b/include/mupdf/pdf/object.h -index 21ed8595..4177112b 100644 ---- a/include/mupdf/pdf/object.h -+++ b/include/mupdf/pdf/object.h -@@ -3,6 +3,9 @@ - - typedef struct pdf_document_s pdf_document; - -+/* Defined in PDF 1.7 according to Acrobat limit. */ -+#define PDF_MAX_OBJECT_NUMBER 8388607 -+ - /* - * Dynamic objects. - * The same type of objects as found in PDF and PostScript. -diff --git a/source/pdf/pdf-repair.c b/source/pdf/pdf-repair.c -index ca149bd3..0c29758e 100644 ---- a/source/pdf/pdf-repair.c -+++ b/source/pdf/pdf-repair.c -@@ -6,9 +6,6 @@ - - /* Scan file for objects and reconstruct xref table */ - --/* Define in PDF 1.7 to be 8388607, but mupdf is more lenient. */ --#define MAX_OBJECT_NUMBER (10 << 20) -- - struct entry - { - int num; -@@ -436,7 +433,7 @@ pdf_repair_xref(fz_context *ctx, pdf_document *doc) - break; - } - -- if (num <= 0 || num > MAX_OBJECT_NUMBER) -+ if (num <= 0 || num > PDF_MAX_OBJECT_NUMBER) - { - fz_warn(ctx, "ignoring object with invalid object number (%d %d R)", num, gen); - goto have_next_token; -diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c -index 00586dbd..6284e70b 100644 ---- a/source/pdf/pdf-xref.c -+++ b/source/pdf/pdf-xref.c -@@ -868,11 +868,12 @@ pdf_read_old_xref(fz_context *ctx, pdf_document *doc, pdf_lexbuf *buf) - fz_seek(ctx, file, -(2 + (int)strlen(s)), SEEK_CUR); - } - -- if (ofs < 0) -- fz_throw(ctx, FZ_ERROR_GENERIC, "out of range object num in xref: %d", (int)ofs); -- if (ofs > INT64_MAX - len) -- fz_throw(ctx, FZ_ERROR_GENERIC, "xref section object numbers too big"); -- -+ if (ofs < 0 || ofs > PDF_MAX_OBJECT_NUMBER -+ || len < 0 || len > PDF_MAX_OBJECT_NUMBER -+ || ofs + len - 1 > PDF_MAX_OBJECT_NUMBER) -+ { -+ fz_throw(ctx, FZ_ERROR_GENERIC, "xref subsection object numbers are out of range"); -+ } - /* broken pdfs where size in trailer undershoots entries in xref sections */ - if (ofs + len > xref_len) - { -@@ -933,10 +934,8 @@ pdf_read_new_xref_section(fz_context *ctx, pdf_document *doc, fz_stream *stm, in - pdf_xref_entry *table; - int i, n; - -- if (i0 < 0 || i1 < 0 || i0 > INT_MAX - i1) -- fz_throw(ctx, FZ_ERROR_GENERIC, "negative xref stream entry index"); -- //if (i0 + i1 > pdf_xref_len(ctx, doc)) -- // fz_throw(ctx, FZ_ERROR_GENERIC, "xref stream has too many entries"); -+ if (i0 < 0 || i0 > PDF_MAX_OBJECT_NUMBER || i1 < 0 || i1 > PDF_MAX_OBJECT_NUMBER || i0 + i1 - 1 > PDF_MAX_OBJECT_NUMBER) -+ fz_throw(ctx, FZ_ERROR_GENERIC, "xref subsection object numbers are out of range"); - - table = pdf_xref_find_subsection(ctx, doc, i0, i1); - for (i = i0; i < i0 + i1; i++) -@@ -2086,6 +2085,10 @@ pdf_create_object(fz_context *ctx, pdf_document *doc) - /* TODO: reuse free object slots by properly linking free object chains in the ofs field */ - pdf_xref_entry *entry; - int num = pdf_xref_len(ctx, doc); -+ -+ if (num > PDF_MAX_OBJECT_NUMBER) -+ fz_throw(ctx, FZ_ERROR_GENERIC, "too many objects stored in pdf"); -+ - entry = pdf_get_incremental_xref_entry(ctx, doc, num); - entry->type = 'f'; - entry->ofs = -1; --- -2.16.1 - diff --git a/gnu/packages/patches/mupdf-CVE-2018-1000051.patch b/gnu/packages/patches/mupdf-CVE-2018-1000051.patch deleted file mode 100644 index bb78c46f80..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2018-1000051.patch +++ /dev/null @@ -1,88 +0,0 @@ -Fix CVE-2018-1000051: - -https://bugs.ghostscript.com/show_bug.cgi?id=698873 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000051 - -Patch copied from upstream source repository: - -https://git.ghostscript.com/?p=mupdf.git;a=commit;h=321ba1de287016b0036bf4a56ce774ad11763384 - -From 321ba1de287016b0036bf4a56ce774ad11763384 Mon Sep 17 00:00:00 2001 -From: Sebastian Rasmussen -Date: Tue, 19 Dec 2017 23:47:47 +0100 -Subject: [PATCH] Bug 698825: Do not drop borrowed colorspaces. - -Previously the borrowed colorspace was dropped when updating annotation -appearances, leading to use after free warnings from valgrind/ASAN. ---- - source/pdf/pdf-appearance.c | 8 ++------ - 1 file changed, 2 insertions(+), 6 deletions(-) - -diff --git a/source/pdf/pdf-appearance.c b/source/pdf/pdf-appearance.c -index 70f684f4..d7a1dddd 100644 ---- a/source/pdf/pdf-appearance.c -+++ b/source/pdf/pdf-appearance.c -@@ -2170,7 +2170,6 @@ void pdf_update_free_text_annot_appearance(fz_context *ctx, pdf_document *doc, p - fz_device *dev = NULL; - font_info font_rec; - fz_text *text = NULL; -- fz_colorspace *cs = NULL; - fz_matrix page_ctm; - - pdf_page_transform(ctx, annot->page, NULL, &page_ctm); -@@ -2184,11 +2183,11 @@ void pdf_update_free_text_annot_appearance(fz_context *ctx, pdf_document *doc, p - fz_var(dlist); - fz_var(dev); - fz_var(text); -- fz_var(cs); - fz_try(ctx) - { - char *contents = pdf_to_str_buf(ctx, pdf_dict_get(ctx, obj, PDF_NAME_Contents)); - char *da = pdf_to_str_buf(ctx, pdf_dict_get(ctx, obj, PDF_NAME_DA)); -+ fz_colorspace *cs; - fz_point pos; - fz_rect rect; - -@@ -2223,7 +2222,6 @@ void pdf_update_free_text_annot_appearance(fz_context *ctx, pdf_document *doc, p - fz_drop_display_list(ctx, dlist); - font_info_fin(ctx, &font_rec); - fz_drop_text(ctx, text); -- fz_drop_colorspace(ctx, cs); - } - fz_catch(ctx) - { -@@ -2359,7 +2357,6 @@ void pdf_set_signature_appearance(fz_context *ctx, pdf_document *doc, pdf_annot - fz_device *dev = NULL; - font_info font_rec; - fz_text *text = NULL; -- fz_colorspace *cs = NULL; - fz_path *path = NULL; - fz_buffer *fzbuf = NULL; - fz_matrix page_ctm; -@@ -2375,7 +2372,6 @@ void pdf_set_signature_appearance(fz_context *ctx, pdf_document *doc, pdf_annot - fz_var(dlist); - fz_var(dev); - fz_var(text); -- fz_var(cs); - fz_var(fzbuf); - fz_try(ctx) - { -@@ -2384,6 +2380,7 @@ void pdf_set_signature_appearance(fz_context *ctx, pdf_document *doc, pdf_annot - fz_rect logo_bounds; - fz_matrix logo_tm; - fz_rect rect; -+ fz_colorspace *cs = fz_device_rgb(ctx); /* Borrowed reference */ - - pdf_to_rect(ctx, pdf_dict_get(ctx, annot->obj, PDF_NAME_Rect), &annot_rect); - rect = annot_rect; -@@ -2396,7 +2393,6 @@ void pdf_set_signature_appearance(fz_context *ctx, pdf_document *doc, pdf_annot - fz_bound_path(ctx, path, NULL, &fz_identity, &logo_bounds); - center_rect_within_rect(&logo_bounds, &rect, &logo_tm); - fz_concat(&logo_tm, &logo_tm, &page_ctm); -- cs = fz_device_rgb(ctx); /* Borrowed reference */ - fz_fill_path(ctx, dev, path, 0, &logo_tm, cs, logo_color, 1.0f, NULL); - - get_font_info(ctx, doc, dr, da, &font_rec); --- -2.16.3 - diff --git a/gnu/packages/patches/mupdf-CVE-2018-6544.patch b/gnu/packages/patches/mupdf-CVE-2018-6544.patch deleted file mode 100644 index b2c8f849f3..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2018-6544.patch +++ /dev/null @@ -1,109 +0,0 @@ -Fix CVE-2018-6544: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6544 -https://bugs.ghostscript.com/show_bug.cgi?id=698830 -https://bugs.ghostscript.com/show_bug.cgi?id=698965 - -Patches copied from upstream source repository: - -https://git.ghostscript.com/?p=mupdf.git;h=26527eef77b3e51c2258c8e40845bfbc015e405d -https://git.ghostscript.com/?p=mupdf.git;h=b03def134988da8c800adac1a38a41a1f09a1d89 - -From b03def134988da8c800adac1a38a41a1f09a1d89 Mon Sep 17 00:00:00 2001 -From: Sebastian Rasmussen -Date: Thu, 1 Feb 2018 16:36:14 +0100 -Subject: [PATCH] Bug 698830: Avoid recursion when loading object streams - objects. - -If there were indirect references in the object stream dictionary and -one of those indirect references referred to an object inside the object -stream itself, mupdf would previously enter recursion only bounded by the -exception stack. After this commit the object stream is checked if it is -marked immediately after being loaded. If it is marked then we terminate -the recursion at this point, if it is not marked then mark it and -attempt to load the desired object within. We also take care to unmark -the stream object when done or upon exception. ---- - source/pdf/pdf-xref.c | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - -diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c -index 723b543c..ed09094c 100644 ---- a/source/pdf/pdf-xref.c -+++ b/source/pdf/pdf-xref.c -@@ -1576,6 +1576,19 @@ pdf_load_obj_stm(fz_context *ctx, pdf_document *doc, int num, pdf_lexbuf *buf, i - { - objstm = pdf_load_object(ctx, doc, num); - -+ if (pdf_obj_marked(ctx, objstm)) -+ fz_throw(ctx, FZ_ERROR_GENERIC, "recursive object stream lookup"); -+ } -+ fz_catch(ctx) -+ { -+ pdf_drop_obj(ctx, objstm); -+ fz_rethrow(ctx); -+ } -+ -+ fz_try(ctx) -+ { -+ pdf_mark_obj(ctx, objstm); -+ - count = pdf_to_int(ctx, pdf_dict_get(ctx, objstm, PDF_NAME_N)); - first = pdf_to_int(ctx, pdf_dict_get(ctx, objstm, PDF_NAME_First)); - -@@ -1655,6 +1668,7 @@ pdf_load_obj_stm(fz_context *ctx, pdf_document *doc, int num, pdf_lexbuf *buf, i - fz_drop_stream(ctx, stm); - fz_free(ctx, ofsbuf); - fz_free(ctx, numbuf); -+ pdf_unmark_obj(ctx, objstm); - pdf_drop_obj(ctx, objstm); - } - fz_catch(ctx) --- -2.16.3 - -From 26527eef77b3e51c2258c8e40845bfbc015e405d Mon Sep 17 00:00:00 2001 -From: Sebastian Rasmussen -Date: Mon, 29 Jan 2018 02:00:48 +0100 -Subject: [PATCH] Bug 698830: Don't drop unkept stream if running out of error - stack. - -Under normal conditions where fz_keep_stream() is called inside -fz_try() we may call fz_drop_stream() in fz_catch() upon exceptions. -The issue comes when fz_keep_stream() has not yet been called but is -dropped in fz_catch(). This happens in the PDF from the bug when -fz_try() runs out of exception stack, and next the code in fz_catch() -runs, dropping the caller's reference to the filter chain stream! - -The simplest way of fixing this it to always keep the filter chain -stream before fz_try() is called. That way fz_catch() may drop the -stream whether an exception has occurred or if the fz_try() ran out of -exception stack. ---- - source/pdf/pdf-stream.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/source/pdf/pdf-stream.c b/source/pdf/pdf-stream.c -index c89da5c4..c6ba7ad3 100644 ---- a/source/pdf/pdf-stream.c -+++ b/source/pdf/pdf-stream.c -@@ -303,14 +303,13 @@ pdf_open_raw_filter(fz_context *ctx, fz_stream *chain, pdf_document *doc, pdf_ob - *orig_gen = 0; - } - -- fz_var(chain); -+ chain = fz_keep_stream(ctx, chain); - - fz_try(ctx) - { - len = pdf_to_int(ctx, pdf_dict_get(ctx, stmobj, PDF_NAME_Length)); - -- /* don't close chain when we close this filter */ -- chain2 = fz_keep_stream(ctx, chain); -+ chain2 = chain; - chain = NULL; - chain = fz_open_null(ctx, chain2, len, offset); - --- -2.16.3 - diff --git a/gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch b/gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch deleted file mode 100644 index d5c9c60242..0000000000 --- a/gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch +++ /dev/null @@ -1,27 +0,0 @@ -Make it possible to build MuPDF with OpenJPEG 2.3, which is the latest -release series and contains many important bug fixes. - -Patch adapted from Debian: - -https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745246 - -And related to this upstream commit: - -http://git.ghostscript.com/?p=mupdf.git;a=commit;h=f88bfe2e62dbadb96d4f52d7aa025f0a516078da - -diff --git a/source/fitz/load-jpx.c b/source/fitz/load-jpx.c -index 65699ba..ea84778 100644 ---- a/source/fitz/load-jpx.c -+++ b/source/fitz/load-jpx.c -@@ -445,11 +445,6 @@ fz_load_jpx_info(fz_context *ctx, const unsigned char *data, size_t size, int *w - - #else /* HAVE_LURATECH */ - --#define OPJ_STATIC --#define OPJ_HAVE_INTTYPES_H --#if !defined(_MSC_VER) || _MSC_VER >= 1600 --#define OPJ_HAVE_STDINT_H --#endif - #define USE_JPIP - - #include diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index 9e5af5f011..fd494739c3 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -5,7 +5,7 @@ ;;; Copyright © 2015 Paul van der Walt ;;; Copyright © 2016 Roel Janssen ;;; Copyright © 2016 Nils Gillmann -;;; Copyright © 2016, 2017 Efraim Flashner +;;; Copyright © 2016, 2017, 2018 Efraim Flashner ;;; Copyright © 2016, 2017 Marius Bakke ;;; Copyright © 2016, 2017 Ludovic Courtès ;;; Copyright © 2016 Julien Lepiller @@ -597,21 +597,17 @@ (define-public podofo (define-public mupdf (package (name "mupdf") - (version "1.12.0") + (version "1.13.0") (source (origin (method url-fetch) (uri (string-append "https://mupdf.com/downloads/archive/" name "-" version "-source.tar.xz")) - (patches (search-patches "mupdf-build-with-latest-openjpeg.patch" - "mupdf-CVE-2017-17858.patch" - "mupdf-CVE-2018-6544.patch" - "mupdf-CVE-2018-1000051.patch")) (sha256 (base32 - "0b9j0gqbc3jhmx87r6idcsh8lnb30840c3hyx6dk2gdjqqh3hysp")) + "0129k92bav692l6lyw10ryldx7h2f9khjpgnp3f3n4fdsph9hrkl")) (modules '((guix build utils))) - (snippet '(delete-file-recursively "thirdparty")))) + (snippet '(begin (delete-file-recursively "thirdparty") #t)))) (build-system gnu-build-system) (inputs `(("curl" ,curl) -- cgit v1.2.3 From cbd2e3d52dcf0e2f20de7be067a54361042ef01d Mon Sep 17 00:00:00 2001 From: Arun Isaac Date: Tue, 15 May 2018 14:33:31 +0530 Subject: gnu: wesnoth: Update to 1.14.1. * gnu/packages/games.scm (wesnoth): Update to 1.14.1. [source]: Remove wesnoth-fix-std-bad-cast.patch. * gnu/packages/patches/wesnoth-fix-std-bad-cast.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Unregister it. --- gnu/local.mk | 1 - gnu/packages/games.scm | 5 +- .../patches/wesnoth-fix-std-bad-cast.patch | 67 ---------------------- 3 files changed, 2 insertions(+), 71 deletions(-) delete mode 100644 gnu/packages/patches/wesnoth-fix-std-bad-cast.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index d55276fb33..0205b8c3e0 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1162,7 +1162,6 @@ dist_patch_DATA = \ %D%/packages/patches/wavpack-CVE-2018-7253.patch \ %D%/packages/patches/wavpack-CVE-2018-7254.patch \ %D%/packages/patches/weechat-python.patch \ - %D%/packages/patches/wesnoth-fix-std-bad-cast.patch \ %D%/packages/patches/wicd-bitrate-none-fix.patch \ %D%/packages/patches/wicd-get-selected-profile-fix.patch \ %D%/packages/patches/wicd-urwid-1.3.patch \ diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm index b2d106e907..bc4abd7b71 100644 --- a/gnu/packages/games.scm +++ b/gnu/packages/games.scm @@ -1809,7 +1809,7 @@ (define-public gnujump (define-public wesnoth (package (name "wesnoth") - (version "1.14.0") + (version "1.14.1") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/wesnoth/wesnoth-" @@ -1818,8 +1818,7 @@ (define-public wesnoth name "-" version ".tar.bz2")) (sha256 (base32 - "09niq53y17faizhmd98anx3dha7hvacvj9a0a64lg8wn915cm0bw")) - (patches (search-patches "wesnoth-fix-std-bad-cast.patch")))) + "1mzrnbv71b4s41c5x8clhb53l8lidiwzny1hl828228pvys5bxkb")))) (build-system cmake-build-system) (arguments `(#:tests? #f)) ; no check target diff --git a/gnu/packages/patches/wesnoth-fix-std-bad-cast.patch b/gnu/packages/patches/wesnoth-fix-std-bad-cast.patch deleted file mode 100644 index 18328ed018..0000000000 --- a/gnu/packages/patches/wesnoth-fix-std-bad-cast.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 18e5ea50a7136cb3686c5a7c51c111ccce73dc54 Mon Sep 17 00:00:00 2001 -From: Iris Morelle -Date: Sun, 6 May 2018 16:10:42 -0300 -Subject: [PATCH] i18n: Blind fix attempt for std::bad_cast being thrown on - Windows - -Several reports on Steam and our forums point at std::bad_cast being -thrown when accessing Preferences and the Multiplayer menu amongst -others. It's possible that the locale configuration on those systems is -not quite right, and compare() and icompare() are able to throw -std::bad_cast when this happens as they both use std::use_facet(). - -Note that much like the macOS/iOS version of icompare(), this stopgap -patch doesn't attempt to provide any form of case-insensitive fallback -and just uses a case-sensitive comparison instead. ---- - src/gettext_boost.cpp | 29 +++++++++++++++++++++++++++-- - 1 file changed, 27 insertions(+), 2 deletions(-) - -diff --git a/src/gettext_boost.cpp b/src/gettext_boost.cpp -index 3cc7690d5ef..fb04ffeea90 100644 ---- a/src/gettext_boost.cpp -+++ b/src/gettext_boost.cpp -@@ -423,7 +423,19 @@ void set_language(const std::string& language, const std::vector* / - int compare(const std::string& s1, const std::string& s2) - { - std::lock_guard lock(get_mutex()); -- return std::use_facet>(get_manager().get_locale()).compare(s1.c_str(), s1.c_str() + s1.size(), s2.c_str(), s2.c_str() + s2.size()); -+ -+ try { -+ return std::use_facet>(get_manager().get_locale()).compare(s1.c_str(), s1.c_str() + s1.size(), s2.c_str(), s2.c_str() + s2.size()); -+ } catch(const std::bad_cast&) { -+ static bool bad_cast_once = false; -+ -+ if(!bad_cast_once) { -+ ERR_G << "locale set-up for compare() is broken, falling back to std::string::compare()\n"; -+ bad_cast_once = true; -+ } -+ -+ return s1.compare(s2); -+ } - } - - int icompare(const std::string& s1, const std::string& s2) -@@ -433,8 +445,21 @@ int icompare(const std::string& s1, const std::string& s2) - return compare(s1, s2); - #else - std::lock_guard lock(get_mutex()); -- return std::use_facet>(get_manager().get_locale()).compare( -+ -+ try { -+ return std::use_facet>(get_manager().get_locale()).compare( - bl::collator_base::secondary, s1, s2); -+ } catch(const std::bad_cast&) { -+ static bool bad_cast_once = false; -+ -+ if(!bad_cast_once) { -+ ERR_G << "locale set-up for icompare() is broken, falling back to std::string::compare()\n"; -+ bad_cast_once = true; -+ } -+ -+ // FIXME: not even lazily case-insensitive -+ return s1.compare(s2); -+ } - #endif - } - -- cgit v1.2.3 From 4eeed444f116e371cc7f4cc6ebd8be044c074e51 Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Wed, 16 May 2018 04:38:09 +0200 Subject: gnu: python-statsmodels: Fix build. * gnu/packages/patches/python-statsmodels-fix-tests.patch: Remove patch. * gnu/local.mk (dist_patch_DATA): Remove it. * gnu/packages/statistics.scm (python-statsmodels)[source]: Remove patches. [arguments]: Disable tests; adjust build phases; add build phase "patch-for-scipy" to fix runtime error. --- gnu/local.mk | 1 - .../patches/python-statsmodels-fix-tests.patch | 28 -------------------- gnu/packages/statistics.scm | 30 ++++++++++++---------- 3 files changed, 17 insertions(+), 42 deletions(-) delete mode 100644 gnu/packages/patches/python-statsmodels-fix-tests.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 0205b8c3e0..fbdb309896 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1044,7 +1044,6 @@ dist_patch_DATA = \ %D%/packages/patches/python-nose-timer-drop-ordereddict.patch \ %D%/packages/patches/python-pillow-fix-failing-tests.patch \ %D%/packages/patches/python2-rdflib-drop-sparqlwrapper.patch \ - %D%/packages/patches/python-statsmodels-fix-tests.patch \ %D%/packages/patches/python-scikit-learn-fix-test-non-determinism.patch \ %D%/packages/patches/python-configobj-setuptools.patch \ %D%/packages/patches/python-faker-fix-build-32bit.patch \ diff --git a/gnu/packages/patches/python-statsmodels-fix-tests.patch b/gnu/packages/patches/python-statsmodels-fix-tests.patch deleted file mode 100644 index f910b4b5a5..0000000000 --- a/gnu/packages/patches/python-statsmodels-fix-tests.patch +++ /dev/null @@ -1,28 +0,0 @@ -This drops a test that fails with numpy 1.12. - -Upstream bug URL: https://github.com/statsmodels/statsmodels/issues/3541 - ---- a/statsmodels/discrete/tests/test_discrete.py 2017-03-06 15:29:19.947343331 +0000 -+++ b/statsmodels/discrete/tests/test_discrete.py 2017-03-06 15:29:37.759328845 +0000 -@@ -1329,21 +1329,6 @@ - res = mod.fit(start_params=-np.ones(4), method='newton', disp=0) - assert_(not res.mle_retvals['converged']) - --def test_issue_339(): -- # make sure MNLogit summary works for J != K. -- data = sm.datasets.anes96.load() -- exog = data.exog -- # leave out last exog column -- exog = exog[:,:-1] -- exog = sm.add_constant(exog, prepend=True) -- res1 = sm.MNLogit(data.endog, exog).fit(method="newton", disp=0) -- # strip the header from the test -- smry = "\n".join(res1.summary().as_text().split('\n')[9:]) -- cur_dir = os.path.dirname(os.path.abspath(__file__)) -- test_case_file = os.path.join(cur_dir, 'results', 'mn_logit_summary.txt') -- test_case = open(test_case_file, 'r').read() -- np.testing.assert_equal(smry, test_case[:-1]) -- - def test_issue_341(): - data = sm.datasets.anes96.load() - exog = data.exog diff --git a/gnu/packages/statistics.scm b/gnu/packages/statistics.scm index 485fecaf9a..b1f0237072 100644 --- a/gnu/packages/statistics.scm +++ b/gnu/packages/statistics.scm @@ -1824,14 +1824,15 @@ (define-public python-statsmodels (uri (pypi-uri "statsmodels" version)) (sha256 (base32 - "0j30v3932shnj9368c9jr3svkyrvfj90h2l7nxnqkbpv0svilhr6")) - (patches (search-patches "python-statsmodels-fix-tests.patch")))) + "0j30v3932shnj9368c9jr3svkyrvfj90h2l7nxnqkbpv0svilhr6")))) (build-system python-build-system) (arguments - `(#:phases + `(;; The test suite is very large and rather brittle. Tests often fail + ;; because of minor changes in dependencies that upstream hasn't fixed + ;; in a new release. + #:tests? #f + #:phases (modify-phases %standard-phases - ;; tests must be run after installation - (delete 'check) (add-after 'unpack 'set-matplotlib-backend-to-agg (lambda _ ;; Set the matplotlib backend to Agg to avoid problems using the @@ -1843,14 +1844,17 @@ (define-public python-statsmodels (string-append "import matplotlib;matplotlib.use('Agg');" line))) #t)) - (add-after 'install 'check - (lambda* (#:key inputs outputs #:allow-other-keys) - ;; Make installed package available for running the tests - (add-installed-pythonpath inputs outputs) - (with-directory-excursion "/tmp" - (zero? (system* "nosetests" - "--stop" - "-v" "statsmodels")))))))) + ;; FIXME: This is a bug in version 0.8 since the upgrade to scipy 1.0. + ;; See https://github.com/statsmodels/statsmodels/issues/3931 + ;; This has been fixed in version 0.9. + (add-after 'unpack 'patch-for-scipy + (lambda _ + (substitute* "statsmodels/discrete/discrete_model.py" + (("return stats.chisqprob" match) + (string-append + "stats.chisqprob = lambda chisq, df: stats.chi2.sf(chisq, df);" + match))) + #t))))) (propagated-inputs `(("python-numpy" ,python-numpy) ("python-scipy" ,python-scipy) -- cgit v1.2.3