From d95bb2957d95f0a6bb5310c97960f4484b62b74a Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Fri, 12 Jan 2018 16:43:24 +0100 Subject: gnu: dtc: Update to 1.4.6. * gnu/packages/bootloaders.scm (dtc): Update to 1.4.6. [source]: Remove both patches. * gnu/packages/patches/dtc-format-modifier.patch: Delete file. * gnu/packages/patches/dtc-32-bits-check.patch: Likewise. * gnu/local.mk (dist_patch_DATA): Remove both. --- gnu/packages/patches/dtc-32-bits-check.patch | 134 ------------------------- gnu/packages/patches/dtc-format-modifier.patch | 38 ------- 2 files changed, 172 deletions(-) delete mode 100644 gnu/packages/patches/dtc-32-bits-check.patch delete mode 100644 gnu/packages/patches/dtc-format-modifier.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/dtc-32-bits-check.patch b/gnu/packages/patches/dtc-32-bits-check.patch deleted file mode 100644 index cf15be3404..0000000000 --- a/gnu/packages/patches/dtc-32-bits-check.patch +++ /dev/null @@ -1,134 +0,0 @@ -This fixes tests on 32 bits platforms. Patch taken from upstream. - -commit f8872e29ce06d78d3db71b3ab26a7465fc8a9586 -Author: David Gibson -Date: Fri Oct 6 23:07:30 2017 +1100 - - tests: Avoid 64-bit arithmetic in assembler - - For testing we (ab)use the assembler to build us a sample dtb, independent - of the other tools (dtc and libfdt) that we're trying to test. In a few - places this uses 64-bit arithmetic to decompose 64-bit constants into - the individual bytes in the blob. - - Unfortunately, it seems that some builds of GNU as don't support >32 bit - arithmetic, though it's not entirely clear to me which do and which don't - (Fedora i386 does support 64-bit, Debian arm32 doesn't). - - Anyway, to be safe, this avoids 64-bit arithmetic in assembler at the cost - of some extra awkwardness because we have to define the values in 32-bit - halves. - - Signed-off-by: David Gibson - -diff --git a/tests/testdata.h b/tests/testdata.h -index 3588778..f6bbe1d 100644 ---- a/tests/testdata.h -+++ b/tests/testdata.h -@@ -4,15 +4,25 @@ - #define ASM_CONST_LL(x) (x##ULL) - #endif - --#define TEST_ADDR_1 ASM_CONST_LL(0xdeadbeef00000000) --#define TEST_SIZE_1 ASM_CONST_LL(0x100000) --#define TEST_ADDR_2 ASM_CONST_LL(123456789) --#define TEST_SIZE_2 ASM_CONST_LL(010000) -+#define TEST_ADDR_1H ASM_CONST_LL(0xdeadbeef) -+#define TEST_ADDR_1L ASM_CONST_LL(0x00000000) -+#define TEST_ADDR_1 ((TEST_ADDR_1H << 32) | TEST_ADDR_1L) -+#define TEST_SIZE_1H ASM_CONST_LL(0x00000000) -+#define TEST_SIZE_1L ASM_CONST_LL(0x00100000) -+#define TEST_SIZE_1 ((TEST_SIZE_1H << 32) | TEST_SIZE_1L) -+#define TEST_ADDR_2H ASM_CONST_LL(0) -+#define TEST_ADDR_2L ASM_CONST_LL(123456789) -+#define TEST_ADDR_2 ((TEST_ADDR_2H << 32) | TEST_ADDR_2L) -+#define TEST_SIZE_2H ASM_CONST_LL(0) -+#define TEST_SIZE_2L ASM_CONST_LL(010000) -+#define TEST_SIZE_2 ((TEST_SIZE_2H << 32) | TEST_SIZE_2L) - - #define TEST_VALUE_1 0xdeadbeef - #define TEST_VALUE_2 123456789 - --#define TEST_VALUE64_1 ASM_CONST_LL(0xdeadbeef01abcdef) -+#define TEST_VALUE64_1H ASM_CONST_LL(0xdeadbeef) -+#define TEST_VALUE64_1L ASM_CONST_LL(0x01abcdef) -+#define TEST_VALUE64_1 ((TEST_VALUE64_1H << 32) | TEST_VALUE64_1L) - - #define PHANDLE_1 0x2000 - #define PHANDLE_2 0x2001 -diff --git a/tests/trees.S b/tests/trees.S -index 9854d1d..9859914 100644 ---- a/tests/trees.S -+++ b/tests/trees.S -@@ -7,16 +7,6 @@ - .byte ((val) >> 8) & 0xff ; \ - .byte (val) & 0xff ; - --#define FDTQUAD(val) \ -- .byte ((val) >> 56) & 0xff ; \ -- .byte ((val) >> 48) & 0xff ; \ -- .byte ((val) >> 40) & 0xff ; \ -- .byte ((val) >> 32) & 0xff ; \ -- .byte ((val) >> 24) & 0xff ; \ -- .byte ((val) >> 16) & 0xff ; \ -- .byte ((val) >> 8) & 0xff ; \ -- .byte (val) & 0xff ; -- - #define TREE_HDR(tree) \ - .balign 8 ; \ - .globl _##tree ; \ -@@ -33,14 +23,16 @@ tree: \ - FDTLONG(tree##_strings_end - tree##_strings) ; \ - FDTLONG(tree##_struct_end - tree##_struct) ; - --#define RSVMAP_ENTRY(addr, len) \ -- FDTQUAD(addr) ; \ -- FDTQUAD(len) ; \ -+#define RSVMAP_ENTRY(addrh, addrl, lenh, lenl) \ -+ FDTLONG(addrh) ; \ -+ FDTLONG(addrl) ; \ -+ FDTLONG(lenh) ; \ -+ FDTLONG(lenl) - - #define EMPTY_RSVMAP(tree) \ - .balign 8 ; \ - tree##_rsvmap: ; \ -- RSVMAP_ENTRY(0, 0) \ -+ RSVMAP_ENTRY(0, 0, 0, 0) \ - tree##_rsvmap_end: ; - - #define PROPHDR(tree, name, len) \ -@@ -52,9 +44,10 @@ tree##_rsvmap_end: ; - PROPHDR(tree, name, 4) \ - FDTLONG(val) ; - --#define PROP_INT64(tree, name, val) \ -+#define PROP_INT64(tree, name, valh, vall) \ - PROPHDR(tree, name, 8) \ -- FDTQUAD(val) ; -+ FDTLONG(valh) ; \ -+ FDTLONG(vall) ; - - #define PROP_STR(tree, name, str) \ - PROPHDR(tree, name, 55f - 54f) \ -@@ -81,16 +74,16 @@ tree##_##name: ; \ - - .balign 8 - test_tree1_rsvmap: -- RSVMAP_ENTRY(TEST_ADDR_1, TEST_SIZE_1) -- RSVMAP_ENTRY(TEST_ADDR_2, TEST_SIZE_2) -- RSVMAP_ENTRY(0, 0) -+ RSVMAP_ENTRY(TEST_ADDR_1H, TEST_ADDR_1L, TEST_SIZE_1H, TEST_SIZE_1L) -+ RSVMAP_ENTRY(TEST_ADDR_2H, TEST_ADDR_2L, TEST_SIZE_2H, TEST_SIZE_2L) -+ RSVMAP_ENTRY(0, 0, 0, 0) - test_tree1_rsvmap_end: - - test_tree1_struct: - BEGIN_NODE("") - PROP_STR(test_tree1, compatible, "test_tree1") - PROP_INT(test_tree1, prop_int, TEST_VALUE_1) -- PROP_INT64(test_tree1, prop_int64, TEST_VALUE64_1) -+ PROP_INT64(test_tree1, prop_int64, TEST_VALUE64_1H, TEST_VALUE64_1L) - PROP_STR(test_tree1, prop_str, TEST_STRING_1) - PROP_INT(test_tree1, address_cells, 1) - PROP_INT(test_tree1, size_cells, 0) diff --git a/gnu/packages/patches/dtc-format-modifier.patch b/gnu/packages/patches/dtc-format-modifier.patch deleted file mode 100644 index c33d16857f..0000000000 --- a/gnu/packages/patches/dtc-format-modifier.patch +++ /dev/null @@ -1,38 +0,0 @@ -This fixes build on 32 bits platforms. This patch is taken from upstream. - -commit 497432fd2131967f349e69dc5d259072151cc4b4 -Author: Thierry Reding -Date: Wed Sep 27 15:04:09 2017 +0200 - - checks: Use proper format modifier for size_t - - The size of size_t can vary between architectures, so using %ld isn't - going to work on 32-bit builds. Use the %zu modifier to make sure it is - always correct. - - Signed-off-by: Thierry Reding - Acked-by: Rob Herring - Signed-off-by: David Gibson - -diff --git a/checks.c b/checks.c -index 902f2e3..08a3a29 100644 ---- a/checks.c -+++ b/checks.c -@@ -972,7 +972,7 @@ static void check_property_phandle_args(struct check *c, - int cell, cellsize = 0; - - if (prop->val.len % sizeof(cell_t)) { -- FAIL(c, dti, "property '%s' size (%d) is invalid, expected multiple of %ld in node %s", -+ FAIL(c, dti, "property '%s' size (%d) is invalid, expected multiple of %zu in node %s", - prop->name, prop->val.len, sizeof(cell_t), node->fullpath); - return; - } -@@ -1163,7 +1163,7 @@ static void check_interrupts_property(struct check *c, - return; - - if (irq_prop->val.len % sizeof(cell_t)) -- FAIL(c, dti, "property '%s' size (%d) is invalid, expected multiple of %ld in node %s", -+ FAIL(c, dti, "property '%s' size (%d) is invalid, expected multiple of %zu in node %s", - irq_prop->name, irq_prop->val.len, sizeof(cell_t), - node->fullpath); - -- cgit v1.2.3 From 6b433caed2c86bf41acfa65dd507292e8a0ab2ac Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Thu, 11 Jan 2018 15:18:04 -0800 Subject: gnu: transmission: Fix a DNS rebinding vulnerability that allows RCE. * gnu/packages/patches/transmission-fix-dns-rebinding-vuln.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/bittorrent.scm (transmission)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/bittorrent.scm | 1 + .../transmission-fix-dns-rebinding-vuln.patch | 302 +++++++++++++++++++++ 3 files changed, 304 insertions(+) create mode 100644 gnu/packages/patches/transmission-fix-dns-rebinding-vuln.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 051a9bb656..6af8bfc4bd 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1105,6 +1105,7 @@ dist_patch_DATA = \ %D%/packages/patches/tipp10-fix-compiling.patch \ %D%/packages/patches/tipp10-remove-license-code.patch \ %D%/packages/patches/tk-find-library.patch \ + %D%/packages/patches/transmission-fix-dns-rebinding-vuln.patch \ %D%/packages/patches/ttf2eot-cstddef.patch \ %D%/packages/patches/ttfautohint-source-date-epoch.patch \ %D%/packages/patches/tophat-build-with-later-seqan.patch \ diff --git a/gnu/packages/bittorrent.scm b/gnu/packages/bittorrent.scm index eca0646200..800a42eea5 100644 --- a/gnu/packages/bittorrent.scm +++ b/gnu/packages/bittorrent.scm @@ -66,6 +66,7 @@ (uri (string-append "https://transmission.cachefly.net/transmission-" version ".tar.xz")) + (patches (search-patches "transmission-fix-dns-rebinding-vuln.patch")) (sha256 (base32 "0pykmhi7pdmzq47glbj8i2im6iarp4wnj4l1pyvsrnba61f0939s")))) diff --git a/gnu/packages/patches/transmission-fix-dns-rebinding-vuln.patch b/gnu/packages/patches/transmission-fix-dns-rebinding-vuln.patch new file mode 100644 index 0000000000..a3a0cf1608 --- /dev/null +++ b/gnu/packages/patches/transmission-fix-dns-rebinding-vuln.patch @@ -0,0 +1,302 @@ +Fix a weakness that allows remote code execution via the Transmission +RPC server using DNS rebinding: + +https://bugs.chromium.org/p/project-zero/issues/detail?id=1447 + +Patch adapted from Tavis Ormandy's patch on the Transmission master +branch to the Transmission 2.92 release by Leo Famulari +: + +https://github.com/transmission/transmission/pull/468/commits + +From fe2d3c6e75088f3d9b6040ce06da3d530358bc2f Mon Sep 17 00:00:00 2001 +From: Tavis Ormandy +Date: Thu, 11 Jan 2018 10:00:41 -0800 +Subject: [PATCH] mitigate dns rebinding attacks against daemon + +--- + libtransmission/quark.c | 2 + + libtransmission/quark.h | 2 + + libtransmission/rpc-server.c | 116 +++++++++++++++++++++++++++++++++++++---- + libtransmission/rpc-server.h | 4 ++ + libtransmission/session.c | 2 + + libtransmission/transmission.h | 1 + + libtransmission/web.c | 3 ++ + 7 files changed, 121 insertions(+), 9 deletions(-) + +diff --git a/libtransmission/quark.c b/libtransmission/quark.c +index 30cc2bca4..b4fd7aabd 100644 +--- a/libtransmission/quark.c ++++ b/libtransmission/quark.c +@@ -289,6 +289,8 @@ static const struct tr_key_struct my_static[] = + { "rpc-authentication-required", 27 }, + { "rpc-bind-address", 16 }, + { "rpc-enabled", 11 }, ++ { "rpc-host-whitelist", 18 }, ++ { "rpc-host-whitelist-enabled", 26 }, + { "rpc-password", 12 }, + { "rpc-port", 8 }, + { "rpc-url", 7 }, +diff --git a/libtransmission/quark.h b/libtransmission/quark.h +index 7f5212733..17464be8f 100644 +--- a/libtransmission/quark.h ++++ b/libtransmission/quark.h +@@ -291,6 +291,8 @@ enum + TR_KEY_rpc_authentication_required, + TR_KEY_rpc_bind_address, + TR_KEY_rpc_enabled, ++ TR_KEY_rpc_host_whitelist, ++ TR_KEY_rpc_host_whitelist_enabled, + TR_KEY_rpc_password, + TR_KEY_rpc_port, + TR_KEY_rpc_url, +diff --git a/libtransmission/rpc-server.c b/libtransmission/rpc-server.c +index a3485f3fa..292cd5fce 100644 +--- a/libtransmission/rpc-server.c ++++ b/libtransmission/rpc-server.c +@@ -52,6 +52,7 @@ struct tr_rpc_server + bool isEnabled; + bool isPasswordEnabled; + bool isWhitelistEnabled; ++ bool isHostWhitelistEnabled; + tr_port port; + char * url; + struct in_addr bindAddress; +@@ -63,6 +64,7 @@ struct tr_rpc_server + char * password; + char * whitelistStr; + tr_list * whitelist; ++ tr_list * hostWhitelist; + + char * sessionId; + time_t sessionIdExpiresAt; +@@ -588,6 +590,49 @@ isAddressAllowed (const tr_rpc_server * server, const char * address) + return false; + } + ++static bool isHostnameAllowed(tr_rpc_server const* server, struct evhttp_request* req) ++{ ++ /* If password auth is enabled, any hostname is permitted. */ ++ if (server->isPasswordEnabled) ++ { ++ return true; ++ } ++ ++ char const* const host = evhttp_find_header(req->input_headers, "Host"); ++ ++ // If whitelist is disabled, no restrictions. ++ if (!server->isHostWhitelistEnabled) ++ return true; ++ ++ /* No host header, invalid request. */ ++ if (host == NULL) ++ { ++ return false; ++ } ++ ++ /* Host header might include the port. */ ++ char* const hostname = tr_strndup(host, strcspn(host, ":")); ++ ++ /* localhost or ipaddress is always acceptable. */ ++ if (strcmp(hostname, "localhost") == 0 || strcmp(hostname, "localhost.") == 0 || tr_addressIsIP(hostname)) ++ { ++ tr_free(hostname); ++ return true; ++ } ++ ++ /* Otherwise, hostname must be whitelisted. */ ++ for (tr_list* l = server->hostWhitelist; l != NULL; l = l->next) { ++ if (tr_wildmat(hostname, l->data)) ++ { ++ tr_free(hostname); ++ return true; ++ } ++ } ++ ++ tr_free(hostname); ++ return false; ++} ++ + static bool + test_session_id (struct tr_rpc_server * server, struct evhttp_request * req) + { +@@ -663,6 +708,23 @@ handle_request (struct evhttp_request * req, void * arg) + handle_upload (req, server); + } + #ifdef REQUIRE_SESSION_ID ++ else if (!isHostnameAllowed(server, req)) ++ { ++ char* tmp = tr_strdup_printf( ++ "

Transmission received your request, but the hostname was unrecognized.

" ++ "

To fix this, choose one of the following options:" ++ "

    " ++ "
  • Enable password authentication, then any hostname is allowed.
    • " ++ "
  • Add the hostname you want to use to the whitelist in settings.
    • " ++ "

" ++ "

If you're editing settings.json, see the 'rpc-host-whitelist' and 'rpc-host-whitelist-enabled' entries.

" ++ "

This requirement has been added to help prevent " ++ "DNS Rebinding " ++ "attacks.

"); ++ send_simple_response(req, 421, tmp); ++ tr_free(tmp); ++ } ++ + else if (!test_session_id (server, req)) + { + const char * sessionId = get_current_session_id (server); +@@ -674,7 +736,7 @@ handle_request (struct evhttp_request * req, void * arg) + "
  • When you get this 409 error message, resend your request with the updated header" + "

    " + "

    This requirement has been added to help prevent " +- "CSRF " ++ "CSRF " + "attacks.

    " + "

    %s: %s

    ", + TR_RPC_SESSION_ID_HEADER, sessionId); +@@ -875,19 +937,14 @@ tr_rpcGetUrl (const tr_rpc_server * server) + return server->url ? server->url : ""; + } + +-void +-tr_rpcSetWhitelist (tr_rpc_server * server, const char * whitelistStr) ++static void ++tr_rpcSetList (char const* whitelistStr, tr_list** list) + { + void * tmp; + const char * walk; + +- /* keep the string */ +- tmp = server->whitelistStr; +- server->whitelistStr = tr_strdup (whitelistStr); +- tr_free (tmp); +- + /* clear out the old whitelist entries */ +- while ((tmp = tr_list_pop_front (&server->whitelist))) ++ while ((tmp = tr_list_pop_front (list)) != NULL) + tr_free (tmp); + + /* build the new whitelist entries */ +@@ -896,7 +953,7 @@ tr_rpcSetWhitelist (tr_rpc_server * server, const char * whitelistStr) + const char * delimiters = " ,;"; + const size_t len = strcspn (walk, delimiters); + char * token = tr_strndup (walk, len); +- tr_list_append (&server->whitelist, token); ++ tr_list_append (list, token); + if (strcspn (token, "+-") < len) + tr_logAddNamedInfo (MY_NAME, "Adding address to whitelist: %s (And it has a '+' or '-'! Are you using an old ACL by mistake?)", token); + else +@@ -909,6 +966,21 @@ tr_rpcSetWhitelist (tr_rpc_server * server, const char * whitelistStr) + } + } + ++void tr_rpcSetHostWhitelist(tr_rpc_server* server, char const* whitelistStr) ++{ ++ tr_rpcSetList(whitelistStr, &server->hostWhitelist); ++} ++ ++void tr_rpcSetWhitelist(tr_rpc_server* server, char const* whitelistStr) ++{ ++ /* keep the string */ ++ char* const tmp = server->whitelistStr; ++ server->whitelistStr = tr_strdup(whitelistStr); ++ tr_free(tmp); ++ ++ tr_rpcSetList(whitelistStr, &server->whitelist); ++} ++ + const char* + tr_rpcGetWhitelist (const tr_rpc_server * server) + { +@@ -930,6 +1002,11 @@ tr_rpcGetWhitelistEnabled (const tr_rpc_server * server) + return server->isWhitelistEnabled; + } + ++void tr_rpcSetHostWhitelistEnabled(tr_rpc_server* server, bool isEnabled) ++{ ++ server->isHostWhitelistEnabled = isEnabled; ++} ++ + /**** + ***** PASSWORD + ****/ +@@ -1063,6 +1140,28 @@ tr_rpcInit (tr_session * session, tr_variant * settings) + else + tr_rpcSetWhitelistEnabled (s, boolVal); + ++ key = TR_KEY_rpc_host_whitelist_enabled; ++ ++ if (!tr_variantDictFindBool(settings, key, &boolVal)) ++ { ++ missing_settings_key(key); ++ } ++ else ++ { ++ tr_rpcSetHostWhitelistEnabled(s, boolVal); ++ } ++ ++ key = TR_KEY_rpc_host_whitelist; ++ ++ if (!tr_variantDictFindStr(settings, key, &str, NULL) && str != NULL) ++ { ++ missing_settings_key(key); ++ } ++ else ++ { ++ tr_rpcSetHostWhitelist(s, str); ++ } ++ + key = TR_KEY_rpc_authentication_required; + if (!tr_variantDictFindBool (settings, key, &boolVal)) + missing_settings_key (key); +diff --git a/libtransmission/rpc-server.h b/libtransmission/rpc-server.h +index e0302c5ea..8c9e6b24e 100644 +--- a/libtransmission/rpc-server.h ++++ b/libtransmission/rpc-server.h +@@ -49,6 +49,10 @@ void tr_rpcSetWhitelist (tr_rpc_server * server, + + const char* tr_rpcGetWhitelist (const tr_rpc_server * server); + ++void tr_rpcSetHostWhitelistEnabled(tr_rpc_server* server, bool isEnabled); ++ ++void tr_rpcSetHostWhitelist(tr_rpc_server* server, char const* whitelist); ++ + void tr_rpcSetPassword (tr_rpc_server * server, + const char * password); + +diff --git a/libtransmission/session.c b/libtransmission/session.c +index 844cadba8..58b717913 100644 +--- a/libtransmission/session.c ++++ b/libtransmission/session.c +@@ -359,6 +359,8 @@ tr_sessionGetDefaultSettings (tr_variant * d) + tr_variantDictAddStr (d, TR_KEY_rpc_username, ""); + tr_variantDictAddStr (d, TR_KEY_rpc_whitelist, TR_DEFAULT_RPC_WHITELIST); + tr_variantDictAddBool (d, TR_KEY_rpc_whitelist_enabled, true); ++ tr_variantDictAddStr(d, TR_KEY_rpc_host_whitelist, TR_DEFAULT_RPC_HOST_WHITELIST); ++ tr_variantDictAddBool(d, TR_KEY_rpc_host_whitelist_enabled, true); + tr_variantDictAddInt (d, TR_KEY_rpc_port, atoi (TR_DEFAULT_RPC_PORT_STR)); + tr_variantDictAddStr (d, TR_KEY_rpc_url, TR_DEFAULT_RPC_URL_STR); + tr_variantDictAddBool (d, TR_KEY_scrape_paused_torrents_enabled, true); +diff --git a/libtransmission/transmission.h b/libtransmission/transmission.h +index 4f76adfd6..e213a8f4e 100644 +--- a/libtransmission/transmission.h ++++ b/libtransmission/transmission.h +@@ -123,6 +123,7 @@ const char* tr_getDefaultDownloadDir (void); + #define TR_DEFAULT_BIND_ADDRESS_IPV4 "0.0.0.0" + #define TR_DEFAULT_BIND_ADDRESS_IPV6 "::" + #define TR_DEFAULT_RPC_WHITELIST "127.0.0.1" ++#define TR_DEFAULT_RPC_HOST_WHITELIST "" + #define TR_DEFAULT_RPC_PORT_STR "9091" + #define TR_DEFAULT_RPC_URL_STR "/transmission/" + #define TR_DEFAULT_PEER_PORT_STR "51413" +diff --git a/libtransmission/web.c b/libtransmission/web.c +index ee495e9fc..c7f062730 100644 +--- a/libtransmission/web.c ++++ b/libtransmission/web.c +@@ -594,6 +594,7 @@ tr_webGetResponseStr (long code) + case 415: return "Unsupported Media Type"; + case 416: return "Requested Range Not Satisfiable"; + case 417: return "Expectation Failed"; ++ case 421: return "Misdirected Request"; + case 500: return "Internal Server Error"; + case 501: return "Not Implemented"; + case 502: return "Bad Gateway"; -- cgit v1.2.3 From b0912e9fdbffab15d9a754b2922778cfbd1fac2a Mon Sep 17 00:00:00 2001 From: Oleg Pykhalov Date: Tue, 12 Dec 2017 01:41:08 +0300 Subject: gnu: Add emacs-json-reformat. * gnu/packages/patches/emacs-json-reformat-fix-tests.patch: New file. * gnu/local.mk (dist_patch_DATA): Add this. * gnu/packages/emacs.scm (emacs-json-reformat): New variable. --- gnu/local.mk | 2 + gnu/packages/emacs.scm | 49 +++++++++++++++++++++- .../patches/emacs-json-reformat-fix-tests.patch | 32 ++++++++++++++ 3 files changed, 82 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/emacs-json-reformat-fix-tests.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 6af8bfc4bd..fb4babfdbc 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -17,6 +17,7 @@ # Copyright © 2017 Mathieu Othacehe # Copyright © 2017 Gábor Boskovits # Copyright © 2018 Amirouche Boubekki +# Copyright © 2018 Oleg Pykhalov # # This file is part of GNU Guix. # @@ -615,6 +616,7 @@ dist_patch_DATA = \ %D%/packages/patches/einstein-build.patch \ %D%/packages/patches/emacs-exec-path.patch \ %D%/packages/patches/emacs-fix-scheme-indent-function.patch \ + %D%/packages/patches/emacs-json-reformat-fix-tests.patch \ %D%/packages/patches/emacs-highlight-stages-add-gexp.patch \ %D%/packages/patches/emacs-scheme-complete-scheme-r5rs-info.patch \ %D%/packages/patches/emacs-source-date-epoch.patch \ diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm index f83e2fb890..0ae44d52bc 100644 --- a/gnu/packages/emacs.scm +++ b/gnu/packages/emacs.scm @@ -26,7 +26,7 @@ ;;; Copyright © 2017 George Clemmer ;;; Copyright © 2017 Feng Shu ;;; Copyright © 2017 Jan Nieuwenhuizen -;;; Copyright © 2017 Oleg Pykhalov +;;; Copyright © 2017, 2018 Oleg Pykhalov ;;; Copyright © 2017 Mekeor Melire ;;; Copyright © 2017 Peter Mikkelsen ;;; Copyright © 2017 Tobias Geerinckx-Rice @@ -5950,6 +5950,53 @@ pair of minor modes which suppress all mouse events by intercepting them and running a customisable handler command (@code{ignore} by default). ") (license license:gpl3+))) +(define-public emacs-json-reformat + (package + (name "emacs-json-reformat") + (version "0.0.6") + (source + (origin + (method url-fetch) + (uri (string-append "https://github.com/gongo/json-reformat/archive/" + version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "11fbq4scrgr7m0iwnzcrn2g7xvqwm2gf82sa7zy1l0nil7265p28")) + (patches (search-patches "emacs-json-reformat-fix-tests.patch")))) + (build-system emacs-build-system) + (propagated-inputs `(("emacs-undercover" ,emacs-undercover))) + (inputs + `(("emacs-dash" ,emacs-dash) ; for tests + ("emacs-shut-up" ,emacs-shut-up))) ; for tests + (arguments + `(#:phases + (modify-phases %standard-phases + (add-before 'install 'check + (lambda* (#:key inputs #:allow-other-keys) + (zero? (system* "emacs" "--batch" "-L" "." + "-L" (string-append + (assoc-ref inputs "emacs-undercover") + "/share/emacs/site-lisp/guix.d/undercover-" + ,(package-version emacs-undercover)) + "-L" (string-append + (assoc-ref inputs "emacs-dash") + "/share/emacs/site-lisp/guix.d/dash-" + ,(package-version emacs-dash)) + "-L" (string-append + (assoc-ref inputs "emacs-shut-up") + "/share/emacs/site-lisp/guix.d/shut-up-" + ,(package-version emacs-shut-up)) + "-l" "test/test-helper.el" + "-l" "test/json-reformat-test.el" + "-f" "ert-run-tests-batch-and-exit")) + #t))))) + (home-page "https://github.com/gongo/json-reformat") + (synopsis "Reformatting tool for JSON") + (description "@code{json-reformat} provides a reformatting tool for +@url{http://json.org/, JSON}.") + (license license:gpl3+))) + (define-public emacs-json-snatcher (package (name "emacs-json-snatcher") diff --git a/gnu/packages/patches/emacs-json-reformat-fix-tests.patch b/gnu/packages/patches/emacs-json-reformat-fix-tests.patch new file mode 100644 index 0000000000..977e50fc68 --- /dev/null +++ b/gnu/packages/patches/emacs-json-reformat-fix-tests.patch @@ -0,0 +1,32 @@ +Copyright © 2018 Oleg Pykhalov + +This patch fixes tests for Emacs 25. + +Upstream bug URL: + +https://github.com/gongo/json-reformat/issues/33 + +diff --git a/test/json-reformat-test.el b/test/json-reformat-test.el +index 7de3be1..b4a4dde 100644 +--- a/test/json-reformat-test.el ++++ b/test/json-reformat-test.el +@@ -58,7 +58,7 @@ + (ert-deftest json-reformat-test:string-to-string () + (should (string= "\"foobar\"" (json-reformat:string-to-string "foobar"))) + (should (string= "\"fo\\\"o\\nbar\"" (json-reformat:string-to-string "fo\"o\nbar"))) +- (should (string= "\"\\u2661\"" (json-reformat:string-to-string "\u2661"))) ++ (should (string= "\"♡\"" (json-reformat:string-to-string "\u2661"))) + + (should (string= "\"^(amq\\\\.gen.*|amq\\\\.default)$\"" (json-reformat:string-to-string "^(amq\\.gen.*|amq\\.default)$"))) + ) +@@ -148,6 +148,6 @@ bar\"" (json-reformat:string-to-string "fo\"o\nbar"))) + [{ foo : \"bar\" }, { \"foo\" : \"baz\" }]") ;; At 3 (line) + (json-reformat-region (point-min) (point-max))) + (should (string= +- "JSON parse error [Reason] Bad string format: \"doesn't start with '\\\"'!\" [Position] In buffer, line 3 (char 6)" ++ "JSON parse error [Reason] Bad string format: \"doesn't start with \`\\\"'!\" [Position] In buffer, line 3 (char 6)" + message-string)) + ))) +-- +2.15.1 + -- cgit v1.2.3 From 7c3f22e9c3311dcb27e9b8bd31c6fa6eb0a549d8 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sat, 13 Jan 2018 09:16:07 -0800 Subject: gnu: libxml2: Fix CVE-2017-15412. * gnu/packages/patches/libxml2-CVE-2017-15412.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/xml.scm (libxml2/fixed)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/patches/libxml2-CVE-2017-15412.patch | 47 +++++++++++++++++++++++ gnu/packages/xml.scm | 3 +- 3 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/libxml2-CVE-2017-15412.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index fb4babfdbc..b89077e876 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -862,6 +862,7 @@ dist_patch_DATA = \ %D%/packages/patches/libxml2-CVE-2017-7376.patch \ %D%/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch \ %D%/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch \ + %D%/packages/patches/libxml2-CVE-2017-15412.patch \ %D%/packages/patches/libxslt-generated-ids.patch \ %D%/packages/patches/libxslt-CVE-2016-4738.patch \ %D%/packages/patches/libxslt-CVE-2017-5029.patch \ diff --git a/gnu/packages/patches/libxml2-CVE-2017-15412.patch b/gnu/packages/patches/libxml2-CVE-2017-15412.patch new file mode 100644 index 0000000000..07fe190ed1 --- /dev/null +++ b/gnu/packages/patches/libxml2-CVE-2017-15412.patch @@ -0,0 +1,47 @@ +Fix CVE-2017-15412: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412 +https://bugs.chromium.org/p/chromium/issues/detail?id=727039 +https://bugzilla.redhat.com/show_bug.cgi?id=1523128 +https://bugzilla.gnome.org/show_bug.cgi?id=783160 + +Patch copied from upstream source repository: + +https://git.gnome.org/browse/libxml2/commit/?id=0f3b843b3534784ef57a4f9b874238aa1fda5a73 + +From 0f3b843b3534784ef57a4f9b874238aa1fda5a73 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Thu, 1 Jun 2017 23:12:19 +0200 +Subject: [PATCH] Fix XPath stack frame logic + +Move the calls to xmlXPathSetFrame and xmlXPathPopFrame around in +xmlXPathCompOpEvalPositionalPredicate to make sure that the context +object on the stack is actually protected. Otherwise, memory corruption +can occur when calling sloppily coded XPath extension functions. + +Fixes bug 783160. +--- + xpath.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/xpath.c b/xpath.c +index 94815075..b816bd36 100644 +--- a/xpath.c ++++ b/xpath.c +@@ -11932,11 +11932,11 @@ xmlXPathCompOpEvalPositionalPredicate(xmlXPathParserContextPtr ctxt, + } + } + +- frame = xmlXPathSetFrame(ctxt); + valuePush(ctxt, contextObj); ++ frame = xmlXPathSetFrame(ctxt); + res = xmlXPathCompOpEvalToBoolean(ctxt, exprOp, 1); +- tmp = valuePop(ctxt); + xmlXPathPopFrame(ctxt, frame); ++ tmp = valuePop(ctxt); + + if ((ctxt->error != XPATH_EXPRESSION_OK) || (res == -1)) { + while (tmp != contextObj) { +-- +2.15.1 + diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index 23b447502b..ce0d13a999 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -155,7 +155,8 @@ project (but it is usable outside of the Gnome platform).") "libxml2-CVE-2017-7375.patch" "libxml2-CVE-2017-7376.patch" "libxml2-CVE-2017-9047+CVE-2017-9048.patch" - "libxml2-CVE-2017-9049+CVE-2017-9050.patch"))))))) + "libxml2-CVE-2017-9049+CVE-2017-9050.patch" + "libxml2-CVE-2017-15412.patch"))))))) (define-public python-libxml2 (package (inherit libxml2) -- cgit v1.2.3 From b87bf3bbd4fbf064b2d22e4ba5a0727b1fb983b5 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Thu, 18 Jan 2018 01:02:51 +0100 Subject: gnu: lxterminal: Update to 0.3.1. * gnu/packages/lxde.scm (lxterminal): Update to 0.3.1. [source]: Remove patch for fixed CVE. [arguments]: No longer skip test suite which appear to be fixed. * gnu/packages/patches/lxterminal-CVE-2016-10369.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/lxde.scm | 10 ++---- .../patches/lxterminal-CVE-2016-10369.patch | 37 ---------------------- 3 files changed, 3 insertions(+), 45 deletions(-) delete mode 100644 gnu/packages/patches/lxterminal-CVE-2016-10369.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index b89077e876..5d43fac5ad 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -889,7 +889,6 @@ dist_patch_DATA = \ %D%/packages/patches/luminance-hdr-qt-printer.patch \ %D%/packages/patches/lvm2-static-link.patch \ %D%/packages/patches/lxsession-use-gapplication.patch \ - %D%/packages/patches/lxterminal-CVE-2016-10369.patch \ %D%/packages/patches/make-impure-dirs.patch \ %D%/packages/patches/mars-install.patch \ %D%/packages/patches/mars-sfml-2.3.patch \ diff --git a/gnu/packages/lxde.scm b/gnu/packages/lxde.scm index c616917bb7..02dacd3e87 100644 --- a/gnu/packages/lxde.scm +++ b/gnu/packages/lxde.scm @@ -4,6 +4,7 @@ ;;; Copyright © 2017 ng0 ;;; Copyright © 2017 Mathieu Othacehe ;;; Copyright © 2017 Brendan Tildesley +;;; Copyright © 2018 Tobias Geerinckx-Rice ;;; ;;; This file is part of GNU Guix. ;;; @@ -157,21 +158,16 @@ toolkit. It allows users to monitor and control of running processes.") (define-public lxterminal (package (name "lxterminal") - (version "0.3.0") + (version "0.3.1") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/lxde/LXTerminal" "%20%28terminal%20emulator%29/LXTerminal%20" version "/" name "-" version ".tar.xz")) - (patches (search-patches "lxterminal-CVE-2016-10369.patch")) (sha256 (base32 - "1yf76s15zvfw0h42b0ay1slpq47khgjmcry8ki2z812zar9lchia")))) + "0jrc3m0hbxcmcgahwjlm46s2350gh80ggb6a90xy0h6xqa3z73fd")))) (build-system gnu-build-system) - (arguments - `(;; Tests for "po" fail with "No rule to make target '../src/encoding.c' - ;; needed by 'lxterminal.pot'. Stop." - #:tests? #f)) (inputs `(("gtk+" ,gtk+-2) ("vte" ,vte/gtk+-2))) (native-inputs `(("intltool" ,intltool) diff --git a/gnu/packages/patches/lxterminal-CVE-2016-10369.patch b/gnu/packages/patches/lxterminal-CVE-2016-10369.patch deleted file mode 100644 index 809eef08da..0000000000 --- a/gnu/packages/patches/lxterminal-CVE-2016-10369.patch +++ /dev/null @@ -1,37 +0,0 @@ -Fix CVE-2016-10369: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10369 - -Patch copied from upstream source repository: - -https://git.lxde.org/gitweb/?p=lxde/lxterminal.git;a=commit;h=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648 - -From f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648 Mon Sep 17 00:00:00 2001 -From: Yao Wei -Date: Mon, 8 May 2017 00:47:55 +0800 -Subject: [PATCH] fix: use g_get_user_runtime_dir for socket directory - -This bug is pointed out by stackexchange user that putting socket file in -/tmp is a potential risk. Putting the socket dir in user directory could -mitigate the risk. ---- - src/unixsocket.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/unixsocket.c b/src/unixsocket.c -index 4c660ac..f88284c 100644 ---- a/src/unixsocket.c -+++ b/src/unixsocket.c -@@ -140,7 +140,8 @@ gboolean lxterminal_socket_initialize(LXTermWindow * lxtermwin, gint argc, gchar - * This function returns TRUE if this process should keep running and FALSE if it should exit. */ - - /* Formulate the path for the Unix domain socket. */ -- gchar * socket_path = g_strdup_printf("/tmp/.lxterminal-socket%s-%s", gdk_display_get_name(gdk_display_get_default()), g_get_user_name()); -+ gchar * socket_path = g_strdup_printf("%s/.lxterminal-socket-%s", g_get_user_runtime_dir(), gdk_display_get_name(gdk_display_get_default())); -+ printf("%s\n", socket_path); - - /* Create socket. */ - int fd = socket(PF_UNIX, SOCK_STREAM, 0); --- -2.1.4 - -- cgit v1.2.3 From 4ff22ec3b16a90b140721aa10c94c595ccb2c390 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Wed, 17 Jan 2018 19:18:26 +0100 Subject: gnu: slurm: Update to 17.11.2. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/parallel.scm (slurm): Update to 17.11.2. [source]: Replace patch with less fragile SUBSTITUTE* in a snippet. [arguments]: Rename ‘autogen’ phase to ‘autoconf’. Use INVOKE. * gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/parallel.scm | 13 ++++--- .../slurm-configure-remove-nonfree-contribs.patch | 45 ---------------------- 3 files changed, 7 insertions(+), 52 deletions(-) delete mode 100644 gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index b78fb9bae9..f7ac56eeab 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1082,7 +1082,6 @@ dist_patch_DATA = \ %D%/packages/patches/slim-sigusr1.patch \ %D%/packages/patches/slim-reset.patch \ %D%/packages/patches/slim-login.patch \ - %D%/packages/patches/slurm-configure-remove-nonfree-contribs.patch \ %D%/packages/patches/sooperlooper-build-with-wx-30.patch \ %D%/packages/patches/steghide-fixes.patch \ %D%/packages/patches/superlu-dist-scotchmetis.patch \ diff --git a/gnu/packages/parallel.scm b/gnu/packages/parallel.scm index cc6542e853..2ec866f5f6 100644 --- a/gnu/packages/parallel.scm +++ b/gnu/packages/parallel.scm @@ -7,6 +7,7 @@ ;;; Copyright © 2016 Ricardo Wurmus ;;; Copyright © 2016 Ben Woodcroft ;;; Copyright © 2017 Rutger Helling +;;; Copyright © 2018 Tobias Geerinckx-Rice ;;; ;;; This file is part of GNU Guix. ;;; @@ -93,7 +94,7 @@ and they are executed on lists of files, hosts, users or other items.") (define-public slurm (package (name "slurm") - (version "16.05.11") + (version "17.11.2") (source (origin (method url-fetch) (uri (string-append @@ -101,12 +102,12 @@ and they are executed on lists of files, hosts, users or other items.") version ".tar.bz2")) (sha256 (base32 - "0c63mvh13wsp6jlydaz98v35iwg53mk94ynpx9dqn2z4gl53k5y7")) - (patches (search-patches - "slurm-configure-remove-nonfree-contribs.patch")) + "18yakb8kmhb16n0cv3zhjv8ahvsk9p0max8mmr2flb2c65fawks6")) (modules '((guix build utils))) (snippet '(begin + (substitute* "configure.ac" + (("^[[:space:]]+contribs/.*$") "")) (delete-file-recursively "contribs") #t)))) ;; FIXME: More optional inputs could be added, @@ -136,8 +137,8 @@ and they are executed on lists of files, hosts, users or other items.") (string-append "--with-ssl=" (assoc-ref %build-inputs "openssl"))) #:phases (modify-phases %standard-phases - (add-after 'unpack 'autogen - (lambda _ (zero? (system* "autoconf"))))))) ; configure.ac was patched + (add-after 'unpack 'autoconf + (lambda _ (invoke "autoconf")))))) ; configure.ac was patched (home-page "http://slurm.schedmd.com/") (synopsis "Workload manager for cluster computing") (description diff --git a/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch b/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch deleted file mode 100644 index 4092261f75..0000000000 --- a/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 49d83e24a8e66977056fc9920812265c16806500 Mon Sep 17 00:00:00 2001 -From: carolili -Date: Thu, 9 Feb 2017 19:24:49 +0000 -Subject: [PATCH] Removing contribs - ---- - configure.ac | 22 ---------------------- - 1 file changed, 22 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 1cf1051..5d76b44 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -435,28 +435,6 @@ dnl All slurm Makefiles: - - AC_CONFIG_FILES([Makefile - auxdir/Makefile -- contribs/Makefile -- contribs/cray/Makefile -- contribs/cray/csm/Makefile -- contribs/lua/Makefile -- contribs/mic/Makefile -- contribs/pam/Makefile -- contribs/pam_slurm_adopt/Makefile -- contribs/perlapi/Makefile -- contribs/perlapi/libslurm/Makefile -- contribs/perlapi/libslurm/perl/Makefile.PL -- contribs/perlapi/libslurmdb/Makefile -- contribs/perlapi/libslurmdb/perl/Makefile.PL -- contribs/seff/Makefile -- contribs/torque/Makefile -- contribs/openlava/Makefile -- contribs/phpext/Makefile -- contribs/phpext/slurm_php/config.m4 -- contribs/sgather/Makefile -- contribs/sgi/Makefile -- contribs/sjobexit/Makefile -- contribs/slurmdb-direct/Makefile -- contribs/pmi2/Makefile - doc/Makefile - doc/man/Makefile - doc/man/man1/Makefile --- -2.11.0 - -- cgit v1.2.3 From 846b8d7fa0f566d9801122f9ee8be270dcf0de42 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Wed, 17 Jan 2018 23:38:59 -0500 Subject: gnu: webkitgtk: Update to 2.18.5. * gnu/packages/webkit.scm (webkitgtk): Update to 2.18.5. [source]: Remove patch. * gnu/packages/patches/webkitgtk-mitigate-spectre.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - .../patches/webkitgtk-mitigate-spectre.patch | 107 --------------------- gnu/packages/webkit.scm | 5 +- 3 files changed, 2 insertions(+), 111 deletions(-) delete mode 100644 gnu/packages/patches/webkitgtk-mitigate-spectre.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index f7ac56eeab..29f0803fa5 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1140,7 +1140,6 @@ dist_patch_DATA = \ %D%/packages/patches/vsearch-unbundle-cityhash.patch \ %D%/packages/patches/vte-CVE-2012-2738-pt1.patch \ %D%/packages/patches/vte-CVE-2012-2738-pt2.patch \ - %D%/packages/patches/webkitgtk-mitigate-spectre.patch \ %D%/packages/patches/weechat-python.patch \ %D%/packages/patches/wicd-bitrate-none-fix.patch \ %D%/packages/patches/wicd-get-selected-profile-fix.patch \ diff --git a/gnu/packages/patches/webkitgtk-mitigate-spectre.patch b/gnu/packages/patches/webkitgtk-mitigate-spectre.patch deleted file mode 100644 index 3d983ede66..0000000000 --- a/gnu/packages/patches/webkitgtk-mitigate-spectre.patch +++ /dev/null @@ -1,107 +0,0 @@ -Disable SharedArrayBuffers to mitigate Spectre. Based on: - - https://trac.webkit.org/changeset/226386/webkit - -Backported to webkitgtk-2.18.4 by Mark H Weaver - - ---- webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.h.orig 2017-12-19 02:23:07.000000000 -0500 -+++ webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.h 2018-01-06 19:28:55.985066986 -0500 -@@ -338,8 +338,10 @@ - WriteBarrier m_moduleLoaderStructure; - WriteBarrier m_arrayBufferPrototype; - WriteBarrier m_arrayBufferStructure; -+#if ENABLE(SHARED_ARRAY_BUFFER) - WriteBarrier m_sharedArrayBufferPrototype; - WriteBarrier m_sharedArrayBufferStructure; -+#endif - - #define DEFINE_STORAGE_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \ - WriteBarrier m_ ## lowerName ## Prototype; \ -@@ -670,8 +672,13 @@ - switch (sharingMode) { - case ArrayBufferSharingMode::Default: - return m_arrayBufferPrototype.get(); -+#if ENABLE(SHARED_ARRAY_BUFFER) - case ArrayBufferSharingMode::Shared: - return m_sharedArrayBufferPrototype.get(); -+#else -+ default: -+ return m_arrayBufferPrototype.get(); -+#endif - } - } - Structure* arrayBufferStructure(ArrayBufferSharingMode sharingMode) const -@@ -679,8 +686,13 @@ - switch (sharingMode) { - case ArrayBufferSharingMode::Default: - return m_arrayBufferStructure.get(); -+#if ENABLE(SHARED_ARRAY_BUFFER) - case ArrayBufferSharingMode::Shared: - return m_sharedArrayBufferStructure.get(); -+#else -+ default: -+ return m_arrayBufferStructure.get(); -+#endif - } - RELEASE_ASSERT_NOT_REACHED(); - return nullptr; ---- webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.cpp.orig 2017-12-19 02:23:07.000000000 -0500 -+++ webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.cpp 2018-01-06 19:27:16.628574304 -0500 -@@ -574,8 +574,10 @@ - - m_arrayBufferPrototype.set(vm, this, JSArrayBufferPrototype::create(vm, this, JSArrayBufferPrototype::createStructure(vm, this, m_objectPrototype.get()), ArrayBufferSharingMode::Default)); - m_arrayBufferStructure.set(vm, this, JSArrayBuffer::createStructure(vm, this, m_arrayBufferPrototype.get())); -+#if ENABLE(SHARED_ARRAY_BUFFER) - m_sharedArrayBufferPrototype.set(vm, this, JSArrayBufferPrototype::create(vm, this, JSArrayBufferPrototype::createStructure(vm, this, m_objectPrototype.get()), ArrayBufferSharingMode::Shared)); - m_sharedArrayBufferStructure.set(vm, this, JSArrayBuffer::createStructure(vm, this, m_sharedArrayBufferPrototype.get())); -+#endif - - m_iteratorPrototype.set(vm, this, IteratorPrototype::create(vm, this, IteratorPrototype::createStructure(vm, this, m_objectPrototype.get()))); - m_generatorPrototype.set(vm, this, GeneratorPrototype::create(vm, this, GeneratorPrototype::createStructure(vm, this, m_iteratorPrototype.get()))); -@@ -620,10 +622,11 @@ - - JSArrayBufferConstructor* arrayBufferConstructor = JSArrayBufferConstructor::create(vm, JSArrayBufferConstructor::createStructure(vm, this, m_functionPrototype.get()), m_arrayBufferPrototype.get(), m_speciesGetterSetter.get(), ArrayBufferSharingMode::Default); - m_arrayBufferPrototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, arrayBufferConstructor, DontEnum); -+#if ENABLE(SHARED_ARRAY_BUFFER) - JSArrayBufferConstructor* sharedArrayBufferConstructor = nullptr; - sharedArrayBufferConstructor = JSArrayBufferConstructor::create(vm, JSArrayBufferConstructor::createStructure(vm, this, m_functionPrototype.get()), m_sharedArrayBufferPrototype.get(), m_speciesGetterSetter.get(), ArrayBufferSharingMode::Shared); - m_sharedArrayBufferPrototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, sharedArrayBufferConstructor, DontEnum); -- -+#endif - #define CREATE_CONSTRUCTOR_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \ - capitalName ## Constructor* lowerName ## Constructor = capitalName ## Constructor::create(vm, capitalName ## Constructor::createStructure(vm, this, m_functionPrototype.get()), m_ ## lowerName ## Prototype.get(), m_speciesGetterSetter.get()); \ - m_ ## lowerName ## Prototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, lowerName ## Constructor, DontEnum); \ -@@ -686,7 +689,9 @@ - putDirectWithoutTransition(vm, vm.propertyNames->builtinNames().ArrayPrivateName(), arrayConstructor, DontEnum | DontDelete | ReadOnly); - - putDirectWithoutTransition(vm, vm.propertyNames->ArrayBuffer, arrayBufferConstructor, DontEnum); -+#if ENABLE(SHARED_ARRAY_BUFFER) - putDirectWithoutTransition(vm, vm.propertyNames->SharedArrayBuffer, sharedArrayBufferConstructor, DontEnum); -+#endif - - #define PUT_CONSTRUCTOR_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \ - putDirectWithoutTransition(vm, vm.propertyNames-> jsName, lowerName ## Constructor, DontEnum); \ -@@ -1288,8 +1293,10 @@ - - visitor.append(thisObject->m_arrayBufferPrototype); - visitor.append(thisObject->m_arrayBufferStructure); -+#if ENABLE(SHARED_ARRAY_BUFFER) - visitor.append(thisObject->m_sharedArrayBufferPrototype); - visitor.append(thisObject->m_sharedArrayBufferStructure); -+#endif - - #define VISIT_SIMPLE_TYPE(CapitalName, lowerName, properName, instanceType, jsName, prototypeBase) \ - visitor.append(thisObject->m_ ## lowerName ## Prototype); \ ---- webkitgtk-2.18.4/Source/WTF/wtf/Platform.h.orig 2017-10-16 08:18:56.000000000 -0400 -+++ webkitgtk-2.18.4/Source/WTF/wtf/Platform.h 2018-01-06 19:29:52.897349199 -0500 -@@ -1190,6 +1190,9 @@ - #define HAVE_NS_ACTIVITY 1 - #endif - -+/* Disable SharedArrayBuffers until Spectre security concerns are mitigated. */ -+#define ENABLE_SHARED_ARRAY_BUFFER 0 -+ - #if (OS(DARWIN) && USE(CG)) || (USE(FREETYPE) && !PLATFORM(GTK)) || (PLATFORM(WIN) && (USE(CG) || USE(CAIRO))) - #undef ENABLE_OPENTYPE_MATH - #define ENABLE_OPENTYPE_MATH 1 diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm index 7acc018632..2b003f5b3b 100644 --- a/gnu/packages/webkit.scm +++ b/gnu/packages/webkit.scm @@ -54,15 +54,14 @@ (define-public webkitgtk (package (name "webkitgtk") - (version "2.18.4") + (version "2.18.5") (source (origin (method url-fetch) (uri (string-append "https://www.webkitgtk.org/releases/" name "-" version ".tar.xz")) (sha256 (base32 - "1f1j0r996l20cgkvbwpizn7d4yp58cy334b1pvn4kfb5c2dbpdl7")) - (patches (search-patches "webkitgtk-mitigate-spectre.patch")))) + "1f1rsp14gkb2r1mrrxn2cnbs45vg38da27q4cf02zlxmgv680v8c")))) (build-system cmake-build-system) (arguments '(#:tests? #f ; no tests -- cgit v1.2.3 From 5bb12e1462c4ecfbed829b09ed011853dd74209d Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Fri, 19 Jan 2018 05:27:06 +0100 Subject: gnu: ninja: Update to 1.8.2. * gnu/packages/ninja.scm (ninja): Update to 1.8.2. [source]: Remove upstreamed patch. [arguments]: Substitute INVOKE for SYSTEM*. Use standard indentation. * gnu/packages/patches/ninja-zero-mtime.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/ninja.scm | 52 +++++++++++++---------------- gnu/packages/patches/ninja-zero-mtime.patch | 19 ----------- 3 files changed, 24 insertions(+), 48 deletions(-) delete mode 100644 gnu/packages/patches/ninja-zero-mtime.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 29f0803fa5..855d9ca460 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -925,7 +925,6 @@ dist_patch_DATA = \ %D%/packages/patches/netsurf-y2038-tests.patch \ %D%/packages/patches/netsurf-longer-test-timeout.patch \ %D%/packages/patches/ngircd-handle-zombies.patch \ - %D%/packages/patches/ninja-zero-mtime.patch \ %D%/packages/patches/node-test-http2-server-rst-stream.patch \ %D%/packages/patches/nss-increase-test-timeout.patch \ %D%/packages/patches/nss-pkgconfig.patch \ diff --git a/gnu/packages/ninja.scm b/gnu/packages/ninja.scm index 2a53a3f5b3..adb236484f 100644 --- a/gnu/packages/ninja.scm +++ b/gnu/packages/ninja.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2015 Sou Bunnbu ;;; Copyright © 2015 Mark H Weaver ;;; Copyright © 2016 Efraim Flashner +;;; Copyright © 2018 Tobias Geerinckx-Rice ;;; ;;; This file is part of GNU Guix. ;;; @@ -29,7 +30,7 @@ (define-public ninja (package (name "ninja") - (version "1.7.2") + (version "1.8.2") (source (origin (method url-fetch) (uri (string-append "https://github.com/martine/ninja/" @@ -37,38 +38,33 @@ (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "1n8n3g26ppwh7zwrc37n3alkbpbj0wki34ih53s3rkhs8ajs1p9f")) - (patches (search-patches "ninja-zero-mtime.patch")))) + "1x66q6494ml1p1f74mxzik1giakl4zj7rxig9jsc50087l671f46")))) (build-system gnu-build-system) (native-inputs `(("python" ,python-2))) (arguments '(#:phases (modify-phases %standard-phases - (replace - 'configure - (lambda _ - (substitute* "src/subprocess-posix.cc" - (("/bin/sh") (which "sh"))) - #t)) - (replace - 'build - (lambda _ - (zero? (system* "./configure.py" "--bootstrap")))) - (replace - 'check - (lambda _ - (and (zero? (system* "./configure.py")) - (zero? (system* "./ninja" "ninja_test")) - (zero? (system* "./ninja_test"))))) - (replace - 'install - (lambda* (#:key outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (bin (string-append out "/bin")) - (doc (string-append out "/share/doc/ninja"))) - (install-file "ninja" bin) - (install-file "doc/manual.asciidoc" doc) - #t)))))) + (replace 'configure + (lambda _ + (substitute* "src/subprocess-posix.cc" + (("/bin/sh") (which "sh"))) + #t)) + (replace 'build + (lambda _ + (invoke "./configure.py" "--bootstrap"))) + (replace 'check + (lambda _ + (invoke "./configure.py") + (invoke "./ninja" "ninja_test") + (invoke "./ninja_test"))) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (bin (string-append out "/bin")) + (doc (string-append out "/share/doc/ninja"))) + (install-file "ninja" bin) + (install-file "doc/manual.asciidoc" doc) + #t)))))) (home-page "https://ninja-build.org/") (synopsis "Small build system") (description diff --git a/gnu/packages/patches/ninja-zero-mtime.patch b/gnu/packages/patches/ninja-zero-mtime.patch deleted file mode 100644 index c9b9e8d798..0000000000 --- a/gnu/packages/patches/ninja-zero-mtime.patch +++ /dev/null @@ -1,19 +0,0 @@ -Work around a design defect in Ninja whereby a zero mtime is used to -denote missing files (we happen to produce files that have a zero mtime -and yet really do exist.) - ---- ninja-1.5.3/src/disk_interface.cc 2014-11-24 18:37:47.000000000 +0100 -+++ ninja-1.5.3/src/disk_interface.cc 2015-07-18 23:20:38.572290139 +0200 -@@ -194,6 +194,12 @@ TimeStamp RealDiskInterface::Stat(const - } - return -1; - } -+ -+ if (st.st_mtime == 0) -+ // All the code assumes that mtime == 0 means "file missing". Here we -+ // know the file is not missing, so tweak the mtime. -+ st.st_mtime = 1; -+ - return st.st_mtime; - #endif - } -- cgit v1.2.3 From ccb5cac17be98aaa9c3225605d6170c675d8e8e6 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 19 Jan 2018 17:49:02 -0800 Subject: gnu: libexif: Fix CVE-2016-6328. * gnu/packages/patches/libexif-CVE-2016-6328.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/photo.scm (libexif)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/patches/libexif-CVE-2016-6328.patch | 72 ++++++++++++++++++++++++ gnu/packages/photo.scm | 3 +- 3 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/libexif-CVE-2016-6328.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 855d9ca460..240554fe4e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -817,6 +817,7 @@ dist_patch_DATA = \ %D%/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch \ %D%/packages/patches/libevent-2.1-dns-tests.patch \ %D%/packages/patches/libevent-2.1-skip-failing-test.patch \ + %D%/packages/patches/libexif-CVE-2016-6328.patch \ %D%/packages/patches/libexif-CVE-2017-7544.patch \ %D%/packages/patches/libgit2-0.25.1-mtime-0.patch \ %D%/packages/patches/libgdata-fix-tests.patch \ diff --git a/gnu/packages/patches/libexif-CVE-2016-6328.patch b/gnu/packages/patches/libexif-CVE-2016-6328.patch new file mode 100644 index 0000000000..67fee0f528 --- /dev/null +++ b/gnu/packages/patches/libexif-CVE-2016-6328.patch @@ -0,0 +1,72 @@ +Fix CVE-2016-6328: + +https://bugzilla.redhat.com/show_bug.cgi?id=1366239 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328 + +Patch copied from upstream source repository: + +https://github.com/libexif/libexif/commit/41bd04234b104312f54d25822f68738ba8d7133d + +From 41bd04234b104312f54d25822f68738ba8d7133d Mon Sep 17 00:00:00 2001 +From: Marcus Meissner +Date: Tue, 25 Jul 2017 23:44:44 +0200 +Subject: [PATCH] fixes some (not all) buffer overreads during decoding pentax + makernote entries. + +This should fix: +https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328 +--- + libexif/pentax/mnote-pentax-entry.c | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c +index d03d159..ea0429a 100644 +--- a/libexif/pentax/mnote-pentax-entry.c ++++ b/libexif/pentax/mnote-pentax-entry.c +@@ -425,24 +425,34 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry, + case EXIF_FORMAT_SHORT: + { + const unsigned char *data = entry->data; +- size_t k, len = strlen(val); ++ size_t k, len = strlen(val), sizeleft; ++ ++ sizeleft = entry->size; + for(k=0; kcomponents; k++) { ++ if (sizeleft < 2) ++ break; + vs = exif_get_short (data, entry->order); + snprintf (val+len, maxlen-len, "%i ", vs); + len = strlen(val); + data += 2; ++ sizeleft -= 2; + } + } + break; + case EXIF_FORMAT_LONG: + { + const unsigned char *data = entry->data; +- size_t k, len = strlen(val); ++ size_t k, len = strlen(val), sizeleft; ++ ++ sizeleft = entry->size; + for(k=0; kcomponents; k++) { ++ if (sizeleft < 4) ++ break; + vl = exif_get_long (data, entry->order); + snprintf (val+len, maxlen-len, "%li", (long int) vl); + len = strlen(val); + data += 4; ++ sizeleft -= 4; + } + } + break; +@@ -455,5 +465,5 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry, + break; + } + +- return (val); ++ return val; + } +-- +2.16.0 + diff --git a/gnu/packages/photo.scm b/gnu/packages/photo.scm index e93e4651f3..d8a80acb36 100644 --- a/gnu/packages/photo.scm +++ b/gnu/packages/photo.scm @@ -91,7 +91,8 @@ cameras (CRW/CR2, NEF, RAF, DNG, and others).") (method url-fetch) (uri (string-append "mirror://sourceforge/libexif/libexif/" version "/libexif-" version ".tar.bz2")) - (patches (search-patches "libexif-CVE-2017-7544.patch")) + (patches (search-patches "libexif-CVE-2016-6328.patch" + "libexif-CVE-2017-7544.patch")) (sha256 (base32 "06nlsibr3ylfwp28w8f5466l6drgrnydgxrm4jmxzrmk5svaxk8n")))) -- cgit v1.2.3