diff options
author | Marius Bakke <mbakke@fastmail.com> | 2017-09-20 18:49:26 +0200 |
---|---|---|
committer | Marius Bakke <mbakke@fastmail.com> | 2017-09-20 18:49:26 +0200 |
commit | 58366883f2f1516a4a02f5b4e2a70e86481827b5 (patch) | |
tree | fa67d714c4596164b341118132728a48135f4759 /gnu/packages/patches | |
parent | f40aef6b3b56e1e5fb6e6ac29bd372000e13982f (diff) | |
parent | 9a1c4a981bdd7eeca76aaf73a57d6841918821c2 (diff) | |
download | guix-58366883f2f1516a4a02f5b4e2a70e86481827b5.tar.gz guix-58366883f2f1516a4a02f5b4e2a70e86481827b5.zip |
Merge branch 'master' into staging
Diffstat (limited to 'gnu/packages/patches')
27 files changed, 1238 insertions, 1616 deletions
diff --git a/gnu/packages/patches/bluez-CVE-2017-1000250.patch b/gnu/packages/patches/bluez-CVE-2017-1000250.patch new file mode 100644 index 0000000000..81f209d7b2 --- /dev/null +++ b/gnu/packages/patches/bluez-CVE-2017-1000250.patch @@ -0,0 +1,42 @@ +Description: CVE-2017-1000250: information disclosure vulnerability in service_search_attr_req +Origin: vendor +Bug-Debian: https://bugs.debian.org/875633 +Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1489446 +Bug-SuSE: https://bugzilla.suse.com/show_bug.cgi?id=1057342 +Forwarded: no +Author: Armis Security <security@armis.com> +Reviewed-by: Salvatore Bonaccorso <carnil@debian.org> +Last-Update: 2017-09-13 + +--- a/src/sdpd-request.c ++++ b/src/sdpd-request.c +@@ -918,15 +918,20 @@ static int service_search_attr_req(sdp_r + /* continuation State exists -> get from cache */ + sdp_buf_t *pCache = sdp_get_cached_rsp(cstate); + if (pCache) { +- uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent); +- pResponse = pCache->data; +- memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent); +- buf->data_size += sent; +- cstate->cStateValue.maxBytesSent += sent; +- if (cstate->cStateValue.maxBytesSent == pCache->data_size) +- cstate_size = sdp_set_cstate_pdu(buf, NULL); +- else +- cstate_size = sdp_set_cstate_pdu(buf, cstate); ++ if (cstate->cStateValue.maxBytesSent >= pCache->data_size) { ++ status = SDP_INVALID_CSTATE; ++ SDPDBG("Got bad cstate with invalid size"); ++ } else { ++ uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent); ++ pResponse = pCache->data; ++ memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent); ++ buf->data_size += sent; ++ cstate->cStateValue.maxBytesSent += sent; ++ if (cstate->cStateValue.maxBytesSent == pCache->data_size) ++ cstate_size = sdp_set_cstate_pdu(buf, NULL); ++ else ++ cstate_size = sdp_set_cstate_pdu(buf, cstate); ++ } + } else { + status = SDP_INVALID_CSTATE; + SDPDBG("Non-null continuation state, but null cache buffer"); diff --git a/gnu/packages/patches/calibre-drop-unrar.patch b/gnu/packages/patches/calibre-drop-unrar.patch deleted file mode 100644 index adf977b183..0000000000 --- a/gnu/packages/patches/calibre-drop-unrar.patch +++ /dev/null @@ -1,49 +0,0 @@ -Recreated old debian patch on the latest calibre version - -From 6764e4c211e50d4f4633dbabfba7cbc3089c51dc Mon Sep 17 00:00:00 2001 -From: Brendan Tildesley <brendan.tildesley@openmailbox.org> -Date: Sat, 13 May 2017 21:12:12 +1000 -Subject: [PATCH] Remove unrar extension - ---- - setup/extensions.json | 11 ----------- - src/calibre/ebooks/metadata/archive.py | 2 +- - 2 files changed, 1 insertion(+), 12 deletions(-) - -diff --git a/setup/extensions.json b/setup/extensions.json -index 1f6d1fb5fd..127390450f 100644 ---- a/setup/extensions.json -+++ b/setup/extensions.json -@@ -211,16 +211,5 @@ - "sources": "calibre/devices/mtp/unix/devices.c calibre/devices/mtp/unix/libmtp.c", - "headers": "calibre/devices/mtp/unix/devices.h calibre/devices/mtp/unix/upstream/music-players.h calibre/devices/mtp/unix/upstream/device-flags.h", - "libraries": "mtp" -- }, -- { -- "name": "unrar", -- "sources": "unrar/rar.cpp unrar/strlist.cpp unrar/strfn.cpp unrar/pathfn.cpp unrar/savepos.cpp unrar/smallfn.cpp unrar/global.cpp unrar/file.cpp unrar/filefn.cpp unrar/filcreat.cpp unrar/archive.cpp unrar/arcread.cpp unrar/unicode.cpp unrar/system.cpp unrar/isnt.cpp unrar/crypt.cpp unrar/crc.cpp unrar/rawread.cpp unrar/encname.cpp unrar/resource.cpp unrar/match.cpp unrar/timefn.cpp unrar/rdwrfn.cpp unrar/consio.cpp unrar/options.cpp unrar/ulinks.cpp unrar/errhnd.cpp unrar/rarvm.cpp unrar/secpassword.cpp unrar/rijndael.cpp unrar/getbits.cpp unrar/sha1.cpp unrar/extinfo.cpp unrar/extract.cpp unrar/volume.cpp unrar/list.cpp unrar/find.cpp unrar/unpack.cpp unrar/cmddata.cpp unrar/filestr.cpp unrar/scantree.cpp calibre/utils/unrar.cpp", -- "inc_dirs": "unrar", -- "defines": "SILENT RARDLL UNRAR _FILE_OFFSET_BITS=64 _LARGEFILE_SOURCE", -- "windows_defines": "SILENT RARDLL UNRAR", -- "haiku_defines": "LITTLE_ENDIAN SILENT RARDLL UNRAR _FILE_OFFSET_BITS=64 _LARGEFILE_SOURCE _BSD_SOURCE", -- "haiku_libraries": "bsd", -- "optimize_level": 2, -- "windows_libraries": "User32 Advapi32 kernel32 Shell32" - } - ] -diff --git a/src/calibre/ebooks/metadata/archive.py b/src/calibre/ebooks/metadata/archive.py -index f5c0b7bed3..32257dcdae 100644 ---- a/src/calibre/ebooks/metadata/archive.py -+++ b/src/calibre/ebooks/metadata/archive.py -@@ -44,7 +44,7 @@ class ArchiveExtract(FileTypePlugin): - description = _('Extract common e-book formats from archive files ' - '(ZIP/RAR). Also try to autodetect if they are actually ' - 'CBZ/CBR files.') -- file_types = set(['zip', 'rar']) -+ file_types = set(['zip']) - supported_platforms = ['windows', 'osx', 'linux'] - on_import = True - --- -2.12.2 - diff --git a/gnu/packages/patches/csound-header-ordering.patch b/gnu/packages/patches/csound-header-ordering.patch deleted file mode 100644 index 3640d123dd..0000000000 --- a/gnu/packages/patches/csound-header-ordering.patch +++ /dev/null @@ -1,20 +0,0 @@ -Prevent compilation issues with boost-1.60.0. - -Reported upstream at https://github.com/csound/csound/issues/570 - ---- Csound6.05/Opcodes/chua/ChuaOscillator.cpp 2015-04-25 14:06:22.995646234 -0500 -+++ Csound6.05/Opcodes/chua/ChuaOscillator.cpp 2015-12-21 10:31:58.182362640 -0600 -@@ -117,11 +117,12 @@ - // d = sys_variables(12); - // gnor = a*(x.^3) + b*(x.^2) + c*x + d; - --#include <OpcodeBase.hpp> - #include <boost/numeric/ublas/vector.hpp> - using namespace boost::numeric; - #include <cmath> - -+#include <OpcodeBase.hpp> -+ - #undef CS_KSMPS - #define CS_KSMPS (opds.insdshead->ksmps) - diff --git a/gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch b/gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch new file mode 100644 index 0000000000..7e45d30129 --- /dev/null +++ b/gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch @@ -0,0 +1,85 @@ +This patch fixes a remote code execution vulnerability reported here: + + https://bugs.gnu.org/28350 + http://www.openwall.com/lists/oss-security/2017/09/11/1 + +From 9ad0fcc54442a9a01d41be19880250783426db70 Mon Sep 17 00:00:00 2001 +From: Lars Ingebrigtsen <larsi@gnus.org> +Date: Fri, 8 Sep 2017 20:23:31 -0700 +Subject: Remove unsafe enriched mode translations + +* lisp/gnus/mm-view.el (mm-inline-text): +Do not worry about enriched or richtext type. +* lisp/textmodes/enriched.el (enriched-translations): +Remove translations for FUNCTION, display (Bug#28350). +(enriched-handle-display-prop, enriched-decode-display-prop): Remove. +--- + lisp/gnus/mm-view.el | 4 ---- + lisp/textmodes/enriched.el | 32 -------------------------------- + 2 files changed, 36 deletions(-) + +diff --git a/lisp/gnus/mm-view.el b/lisp/gnus/mm-view.el +index e5859d0..77ad271 100644 +--- a/lisp/gnus/mm-view.el ++++ b/lisp/gnus/mm-view.el +@@ -383,10 +383,6 @@ + (goto-char (point-max)))) + (save-restriction + (narrow-to-region b (point)) +- (when (member type '("enriched" "richtext")) +- (set-text-properties (point-min) (point-max) nil) +- (ignore-errors +- (enriched-decode (point-min) (point-max)))) + (mm-handle-set-undisplayer + handle + `(lambda () +diff --git a/lisp/textmodes/enriched.el b/lisp/textmodes/enriched.el +index beb6c6d..a8f0d38 100644 +--- a/lisp/textmodes/enriched.el ++++ b/lisp/textmodes/enriched.el +@@ -117,12 +117,7 @@ expression, which is evaluated to get the string to insert.") + (full "flushboth") + (center "center")) + (PARAMETER (t "param")) ; Argument of preceding annotation +- ;; The following are not part of the standard: +- (FUNCTION (enriched-decode-foreground "x-color") +- (enriched-decode-background "x-bg-color") +- (enriched-decode-display-prop "x-display")) + (read-only (t "x-read-only")) +- (display (nil enriched-handle-display-prop)) + (unknown (nil format-annotate-value)) + ; (font-size (2 "bigger") ; unimplemented + ; (-2 "smaller")) +@@ -477,32 +472,5 @@ Return value is \(begin end name positive-p), or nil if none was found." + (message "Warning: no color specified for <x-bg-color>") + nil)) + +-;;; Handling the `display' property. +- +- +-(defun enriched-handle-display-prop (old new) +- "Return a list of annotations for a change in the `display' property. +-OLD is the old value of the property, NEW is the new value. Value +-is a list `(CLOSE OPEN)', where CLOSE is a list of annotations to +-close and OPEN a list of annotations to open. Each of these lists +-has the form `(ANNOTATION PARAM ...)'." +- (let ((annotation "x-display") +- (param (prin1-to-string (or old new)))) +- (if (null old) +- (cons nil (list (list annotation param))) +- (cons (list (list annotation param)) nil)))) +- +-(defun enriched-decode-display-prop (start end &optional param) +- "Decode a `display' property for text between START and END. +-PARAM is a `<param>' found for the property. +-Value is a list `(START END SYMBOL VALUE)' with START and END denoting +-the range of text to assign text property SYMBOL with value VALUE." +- (let ((prop (when (stringp param) +- (condition-case () +- (car (read-from-string param)) +- (error nil))))) +- (unless prop +- (message "Warning: invalid <x-display> parameter %s" param)) +- (list start end 'display prop))) + + ;;; enriched.el ends here diff --git a/gnu/packages/patches/file-CVE-2017-1000249.patch b/gnu/packages/patches/file-CVE-2017-1000249.patch new file mode 100644 index 0000000000..505acf1592 --- /dev/null +++ b/gnu/packages/patches/file-CVE-2017-1000249.patch @@ -0,0 +1,27 @@ +https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793.patch +http://openwall.com/lists/oss-security/2017/09/05/3 + +The patch is minorly modified to apply to file-5.30 + +From 35c94dc6acc418f1ad7f6241a6680e5327495793 Mon Sep 17 00:00:00 2001 +From: Christos Zoulas <christos@zoulas.com> +Date: Sun, 27 Aug 2017 07:55:02 +0000 +Subject: [PATCH] Fix always true condition (Thomas Jarosch) + +--- + src/readelf.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/readelf.c b/src/readelf.c +index 81451827..5f425c97 100644 +--- a/src/readelf.c ++++ b/src/readelf.c +@@ -511,7 +511,7 @@ do_bid_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type, + size_t noff, size_t doff, int *flags) + { + if (namesz == 4 && strcmp((char *)&nbuf[noff], "GNU") == 0 && +- type == NT_GNU_BUILD_ID && (descsz >= 4 || descsz <= 20)) { ++ type == NT_GNU_BUILD_ID && (descsz >= 4 && descsz <= 20)) { + uint8_t desc[20]; + const char *btype; + uint32_t i; diff --git a/gnu/packages/patches/foomatic-filters-CVE-2015-8327.patch b/gnu/packages/patches/foomatic-filters-CVE-2015-8327.patch new file mode 100644 index 0000000000..d9f0cc1212 --- /dev/null +++ b/gnu/packages/patches/foomatic-filters-CVE-2015-8327.patch @@ -0,0 +1,14 @@ +Fix for <https://nvd.nist.gov/vuln/detail?vulnId=CVE-2015-8327>. + +--- a/util.c 2014-06-20 19:26:18 +0000 ++++ b/util.c 2015-10-30 15:45:03 +0000 +@@ -31,7 +31,7 @@ + #include <assert.h> + + +-const char* shellescapes = "|<>&!$\'\"#*?()[]{}"; ++const char* shellescapes = "|<>&!$\'\"`#*?()[]{}"; + + const char * temp_dir() + { + diff --git a/gnu/packages/patches/foomatic-filters-CVE-2015-8560.patch b/gnu/packages/patches/foomatic-filters-CVE-2015-8560.patch new file mode 100644 index 0000000000..d3c3024220 --- /dev/null +++ b/gnu/packages/patches/foomatic-filters-CVE-2015-8560.patch @@ -0,0 +1,13 @@ +Fix for <https://nvd.nist.gov/vuln/detail?vulnId=CVE-2015-8560>. + +--- a/util.c 2015-10-30 15:45:03 +0000 ++++ b/util.c 2015-12-12 23:27:21 +0000 +@@ -31,7 +31,7 @@ + #include <assert.h> + + +-const char* shellescapes = "|<>&!$\'\"`#*?()[]{}"; ++const char* shellescapes = "|;<>&!$\'\"`#*?()[]{}"; + + const char * temp_dir() + { diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch new file mode 100644 index 0000000000..dbcaea1343 --- /dev/null +++ b/gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch @@ -0,0 +1,137 @@ +http://www.openwall.com/lists/oss-security/2017/09/01/6 + +CVE-2017-11403: +http://hg.code.sf.net/p/graphicsmagick/code/rev/d0a76868ca37 + +CVE-2017-14103: +http://hg.code.sf.net/p/graphicsmagick/code/rev/98721124e51f + +some changes were made to make the patch apply + +# HG changeset patch +# User Glenn Randers-Pehrson <glennrp+bmo@gmail.com> +# Date 1503875721 14400 +# Node ID 98721124e51fd5ec0c6fba64bce2e218869632d2 +# Parent f0f2ea85a2930f3b6dcd72352719adb9660f2aad +Attempt to fix Issue 440. + +diff -ru a/coders/png.c b/coders/png.c +--- a/coders/png.c 1969-12-31 19:00:00.000000000 -0500 ++++ b/coders/png.c 2017-09-10 11:31:56.543194173 -0400 +@@ -3106,7 +3106,9 @@ + if (length > PNG_MAX_UINT || count == 0) + { + DestroyJNGInfo(color_image_info,alpha_image_info); +- ThrowReaderException(CorruptImageError,CorruptImage,image); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ "chunk length (%lu) > PNG_MAX_UINT",length); ++ return ((Image*)NULL); + } + + chunk=(unsigned char *) NULL; +@@ -3117,13 +3119,16 @@ + if (chunk == (unsigned char *) NULL) + { + DestroyJNGInfo(color_image_info,alpha_image_info); +- ThrowReaderException(ResourceLimitError,MemoryAllocationFailed, +- image); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " Could not allocate chunk memory"); ++ return ((Image*)NULL); + } + if (ReadBlob(image,length,chunk) < length) + { + DestroyJNGInfo(color_image_info,alpha_image_info); +- ThrowReaderException(CorruptImageError,CorruptImage,image); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " chunk reading was incomplete"); ++ return ((Image*)NULL); + } + p=chunk; + } +@@ -3198,7 +3203,7 @@ + jng_width, jng_height); + MagickFreeMemory(chunk); + DestroyJNGInfo(color_image_info,alpha_image_info); +- ThrowReaderException(CorruptImageError,ImproperImageHeader,image); ++ return ((Image *)NULL); + } + + /* Temporarily set width and height resources to match JHDR */ +@@ -3233,8 +3238,9 @@ + if (color_image == (Image *) NULL) + { + DestroyJNGInfo(color_image_info,alpha_image_info); +- ThrowReaderException(ResourceLimitError,MemoryAllocationFailed, +- image); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " could not open color_image blob"); ++ return ((Image *)NULL); + } + if (logging) + (void) LogMagickEvent(CoderEvent,GetMagickModule(), +@@ -3245,7 +3251,9 @@ + if (status == MagickFalse) + { + DestroyJNGInfo(color_image_info,alpha_image_info); +- ThrowReaderException(CoderError,UnableToOpenBlob,color_image); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " could not open color_image blob"); ++ return ((Image *)NULL); + } + + if (!image_info->ping && jng_color_type >= 12) +@@ -3255,17 +3263,18 @@ + if (alpha_image_info == (ImageInfo *) NULL) + { + DestroyJNGInfo(color_image_info,alpha_image_info); +- ThrowReaderException(ResourceLimitError, +- MemoryAllocationFailed, image); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " could not allocate alpha_image_info",length); ++ return ((Image *)NULL); + } + GetImageInfo(alpha_image_info); + alpha_image=AllocateImage(alpha_image_info); + if (alpha_image == (Image *) NULL) + { + DestroyJNGInfo(color_image_info,alpha_image_info); +- ThrowReaderException(ResourceLimitError, +- MemoryAllocationFailed, +- alpha_image); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " could not allocate alpha_image"); ++ return ((Image *)NULL); + } + if (logging) + (void) LogMagickEvent(CoderEvent,GetMagickModule(), +@@ -3277,7 +3286,9 @@ + { + DestroyJNGInfo(color_image_info,alpha_image_info); + DestroyImage(alpha_image); +- ThrowReaderException(CoderError,UnableToOpenBlob,image); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " could not allocate alpha_image blob"); ++ return ((Image *)NULL); + } + if (jng_alpha_compression_method == 0) + { +@@ -3613,6 +3624,8 @@ + alpha_image = (Image *)NULL; + DestroyImageInfo(alpha_image_info); + alpha_image_info = (ImageInfo *)NULL; ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " Destroy the JNG image"); + DestroyImage(jng_image); + jng_image = (Image *)NULL; + } +@@ -5146,8 +5159,8 @@ + + if (image == (Image *) NULL) + { +- DestroyImageList(previous); + CloseBlob(previous); ++ DestroyImageList(previous); + MngInfoFreeStruct(mng_info,&have_mng_structure); + return((Image *) NULL); + } diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch new file mode 100644 index 0000000000..46f6b032c7 --- /dev/null +++ b/gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch @@ -0,0 +1,80 @@ +http://openwall.com/lists/oss-security/2017/08/28/5 +http://hg.code.sf.net/p/graphicsmagick/code/rev/3bbf7a13643d + +some changes were made to make the patch apply + +# HG changeset patch +# User Bob Friesenhahn <bfriesen@GraphicsMagick.org> +# Date 1503268616 18000 +# Node ID 3bbf7a13643df3be76b0e19088a6cc632eea2072 +# Parent 83a5b946180835f260bcb91e3d06327a8e2577e3 +PNM: For binary formats, verify sufficient backing file data before memory request. + +diff -r 83a5b9461808 -r 3bbf7a13643d coders/pnm.c +--- a/coders/pnm.c Sun Aug 20 17:31:35 2017 -0500 ++++ b/coders/pnm.c Sun Aug 20 17:36:56 2017 -0500 +@@ -569,7 +569,7 @@ + (void) LogMagickEvent(CoderEvent,GetMagickModule(),"Colors: %u", + image->colors); + } +- number_pixels=image->columns*image->rows; ++ number_pixels=MagickArraySize(image->columns,image->rows); + if (number_pixels == 0) + ThrowReaderException(CorruptImageError,NegativeOrZeroImageSize,image); + if (image->storage_class == PseudoClass) +@@ -858,14 +858,14 @@ + if (1 == bits_per_sample) + { + /* PBM */ +- bytes_per_row=((image->columns+7) >> 3); ++ bytes_per_row=((image->columns+7U) >> 3); + import_options.grayscale_miniswhite=MagickTrue; + quantum_type=GrayQuantum; + } + else + { + /* PGM & XV_332 */ +- bytes_per_row=((bits_per_sample+7)/8)*image->columns; ++ bytes_per_row=MagickArraySize(((bits_per_sample+7U)/8U),image->columns); + if (XV_332_Format == format) + { + quantum_type=IndexQuantum; +@@ -878,7 +878,8 @@ + } + else + { +- bytes_per_row=(((bits_per_sample+7)/8)*samples_per_pixel)*image->columns; ++ bytes_per_row=MagickArraySize((((bits_per_sample+7)/8)*samples_per_pixel), ++ image->columns); + if (3 == samples_per_pixel) + { + /* PPM */ +@@ -915,6 +916,28 @@ + is_monochrome=MagickFalse; + } + } ++ ++ /* Validate file size before allocating memory */ ++ if (BlobIsSeekable(image)) ++ { ++ const magick_off_t file_size = GetBlobSize(image); ++ const magick_off_t current_offset = TellBlob(image); ++ if ((file_size > 0) && ++ (current_offset > 0) && ++ (file_size > current_offset)) ++ { ++ const magick_off_t remaining = file_size-current_offset; ++ const magick_off_t needed = (magick_off_t) image->rows * ++ (magick_off_t) bytes_per_row; ++ if ((remaining < (magick_off_t) bytes_per_row) || ++ (remaining < needed)) ++ { ++ ThrowException(exception,CorruptImageError,UnexpectedEndOfFile, ++ image->filename); ++ break; ++ } ++ } ++ } + + scanline_set=AllocateThreadViewDataArray(image,exception,bytes_per_row,1); + if (scanline_set == (ThreadViewDataSet *) NULL) diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch new file mode 100644 index 0000000000..1f55d90d38 --- /dev/null +++ b/gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch @@ -0,0 +1,72 @@ +http://hg.code.sf.net/p/graphicsmagick/code/raw-rev/493da54370aa +http://openwall.com/lists/oss-security/2017/09/06/4 + +some changes were made to make the patch apply + +# HG changeset patch +# User Bob Friesenhahn <bfriesen@GraphicsMagick.org> +# Date 1503257388 18000 +# Node ID 493da54370aa42cb430c52a69eb75db0001a5589 +# Parent f8724674907902b7bc37c04f252fe30fbdd88e6f +SUN: Verify that file header data length, and file length are sufficient for claimed image dimensions. + +diff -r f87246749079 -r 493da54370aa coders/sun.c +--- a/coders/sun.c Sun Aug 20 12:21:03 2017 +0200 ++++ b/coders/sun.c Sun Aug 20 14:29:48 2017 -0500 +@@ -498,6 +498,12 @@ + if (sun_info.depth < 8) + image->depth=sun_info.depth; + ++ if (image_info->ping) ++ { ++ CloseBlob(image); ++ return(image); ++ } ++ + /* + Compute bytes per line and bytes per image for an unencoded + image. +@@ -522,15 +528,37 @@ + if (bytes_per_image > sun_info.length) + ThrowReaderException(CorruptImageError,ImproperImageHeader,image); + +- if (image_info->ping) +- { +- CloseBlob(image); +- return(image); +- } + if (sun_info.type == RT_ENCODED) + sun_data_length=(size_t) sun_info.length; + else + sun_data_length=bytes_per_image; ++ ++ /* ++ Verify that data length claimed by header is supported by file size ++ */ ++ if (sun_info.type == RT_ENCODED) ++ { ++ if (sun_data_length < bytes_per_image/255U) ++ { ++ ThrowReaderException(CorruptImageError,ImproperImageHeader,image); ++ } ++ } ++ if (BlobIsSeekable(image)) ++ { ++ const magick_off_t file_size = GetBlobSize(image); ++ const magick_off_t current_offset = TellBlob(image); ++ if ((file_size > 0) && ++ (current_offset > 0) && ++ (file_size > current_offset)) ++ { ++ const magick_off_t remaining = file_size-current_offset; ++ if (remaining < (magick_off_t) sun_data_length) ++ { ++ ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image); ++ } ++ } ++ } ++ + sun_data=MagickAllocateMemory(unsigned char *,sun_data_length); + if (sun_data == (unsigned char *) NULL) + ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,image); + diff --git a/gnu/packages/patches/httpd-CVE-2017-9798.patch b/gnu/packages/patches/httpd-CVE-2017-9798.patch new file mode 100644 index 0000000000..8391a3db4a --- /dev/null +++ b/gnu/packages/patches/httpd-CVE-2017-9798.patch @@ -0,0 +1,22 @@ +Fixes "options bleed", aka. CVE-2017-9798: + + https://nvd.nist.gov/vuln/detail/CVE-2017-9798 + https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html + +From <https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch>. + +--- a/server/core.c 2017/08/16 16:50:29 1805223 ++++ b/server/core.c 2017/09/08 13:13:11 1807754 +@@ -2266,6 +2266,12 @@ + /* method has not been registered yet, but resource restriction + * is always checked before method handling, so register it. + */ ++ if (cmd->pool == cmd->temp_pool) { ++ /* In .htaccess, we can't globally register new methods. */ ++ return apr_psprintf(cmd->pool, "Could not register method '%s' " ++ "for %s from .htaccess configuration", ++ method, cmd->cmd->name); ++ } + methnum = ap_method_register(cmd->pool, + apr_pstrdup(cmd->pool, method)); + } diff --git a/gnu/packages/patches/libarchive-CVE-2017-14166.patch b/gnu/packages/patches/libarchive-CVE-2017-14166.patch new file mode 100644 index 0000000000..a122848440 --- /dev/null +++ b/gnu/packages/patches/libarchive-CVE-2017-14166.patch @@ -0,0 +1,45 @@ +Fix CVE-2017-14166: + +https://github.com/libarchive/libarchive/issues/935 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166 + +Patch copied from upstream source repository: + +https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71 + +From fa7438a0ff4033e4741c807394a9af6207940d71 Mon Sep 17 00:00:00 2001 +From: Joerg Sonnenberger <joerg@bec.de> +Date: Tue, 5 Sep 2017 18:12:19 +0200 +Subject: [PATCH] Do something sensible for empty strings to make fuzzers + happy. + +--- + libarchive/archive_read_support_format_xar.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c +index 7a22beb9d..93eeacc5e 100644 +--- a/libarchive/archive_read_support_format_xar.c ++++ b/libarchive/archive_read_support_format_xar.c +@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt) + uint64_t l; + int digit; + ++ if (char_cnt == 0) ++ return (0); ++ + l = 0; + digit = *p - '0'; + while (digit >= 0 && digit < 10 && char_cnt-- > 0) { +@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt) + { + int64_t l; + int digit; +- ++ ++ if (char_cnt == 0) ++ return (0); ++ + l = 0; + while (char_cnt-- > 0) { + if (*p >= '0' && *p <= '7') diff --git a/gnu/packages/patches/libzip-CVE-2017-12858.patch b/gnu/packages/patches/libzip-CVE-2017-12858.patch deleted file mode 100644 index 8125173f95..0000000000 --- a/gnu/packages/patches/libzip-CVE-2017-12858.patch +++ /dev/null @@ -1,45 +0,0 @@ -Fix CVE-2017-12858: - -http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12858 - -Patch copied from upstream source repository: - -https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796 - -From 2217022b7d1142738656d891e00b3d2d9179b796 Mon Sep 17 00:00:00 2001 -From: Thomas Klausner <tk@giga.or.at> -Date: Mon, 14 Aug 2017 10:55:44 +0200 -Subject: [PATCH] Fix double free(). - -Found by Brian 'geeknik' Carpenter using AFL. ---- - THANKS | 1 + - lib/zip_dirent.c | 3 --- - 2 files changed, 1 insertion(+), 3 deletions(-) - -diff --git a/THANKS b/THANKS -index be0cca9..a80ee1d 100644 ---- a/THANKS -+++ b/THANKS -@@ -12,6 +12,7 @@ BALATON Zoltan <balaton@eik.bme.hu> - Benjamin Gilbert <bgilbert@backtick.net> - Boaz Stolk <bstolk@aweta.nl> - Bogdan <bogiebog@gmail.com> -+Brian 'geeknik' Carpenter <geeknik@protonmail.ch> - Chris Nehren <cnehren+libzip@pobox.com> - Coverity <info@coverity.com> - Dane Springmeyer <dane.springmeyer@gmail.com> -diff --git a/lib/zip_dirent.c b/lib/zip_dirent.c -index a369900..e5a7cc9 100644 ---- a/lib/zip_dirent.c -+++ b/lib/zip_dirent.c -@@ -579,9 +579,6 @@ _zip_dirent_read(zip_dirent_t *zde, zip_source_t *src, zip_buffer_t *buffer, boo - } - - if (!_zip_dirent_process_winzip_aes(zde, error)) { -- if (!from_buffer) { -- _zip_buffer_free(buffer); -- } - return -1; - } - diff --git a/gnu/packages/patches/meson-for-build-rpath.patch b/gnu/packages/patches/meson-for-build-rpath.patch new file mode 100644 index 0000000000..4e20c9aed3 --- /dev/null +++ b/gnu/packages/patches/meson-for-build-rpath.patch @@ -0,0 +1,24 @@ +This patch removes a part of meson that clears the rpath upon installation. +This will only be applied to a special version of meson, used for the +meson-build-system. + +Patch by Peter Mikkelsen <petermikkelsen10@gmail.com> + +--- meson-0.42.0/mesonbuild/scripts/meson_install.py.orig 2017-09-09 01:49:39.147374148 +0200 ++++ meson-0.42.0/mesonbuild/scripts/meson_install.py 2017-09-09 01:51:01.209134717 +0200 +@@ -345,15 +345,6 @@ + print("Symlink creation does not work on this platform. " + "Skipping all symlinking.") + printed_symlink_error = True +- if is_elf_platform() and os.path.isfile(outname): +- try: +- e = depfixer.Elf(outname, False) +- e.fix_rpath(install_rpath) +- except SystemExit as e: +- if isinstance(e.code, int) and e.code == 0: +- pass +- else: +- raise + + def run(args): + global install_log_file diff --git a/gnu/packages/patches/newsbeuter-CVE-2017-14500.patch b/gnu/packages/patches/newsbeuter-CVE-2017-14500.patch new file mode 100644 index 0000000000..449105e42a --- /dev/null +++ b/gnu/packages/patches/newsbeuter-CVE-2017-14500.patch @@ -0,0 +1,43 @@ +https://github.com/akrennmair/newsbeuter/commit/26f5a4350f3ab5507bb8727051c87bb04660f333.patch +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14500 + +From 26f5a4350f3ab5507bb8727051c87bb04660f333 Mon Sep 17 00:00:00 2001 +From: Alexander Batischev <eual.jp@gmail.com> +Date: Sat, 16 Sep 2017 19:31:43 +0300 +Subject: [PATCH] Work around shell code in podcast names (#598) + +--- + src/pb_controller.cpp | 6 +++--- + src/queueloader.cpp | 2 +- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/pb_controller.cpp b/src/pb_controller.cpp +index 09b5e897..213216cd 100644 +--- a/src/pb_controller.cpp ++++ b/src/pb_controller.cpp +@@ -306,9 +306,9 @@ void pb_controller::play_file(const std::string& file) { + if (player == "") + return; + cmdline.append(player); +- cmdline.append(" \""); +- cmdline.append(utils::replace_all(file,"\"", "\\\"")); +- cmdline.append("\""); ++ cmdline.append(" \'"); ++ cmdline.append(utils::replace_all(file,"'", "%27")); ++ cmdline.append("\'"); + stfl::reset(); + LOG(LOG_DEBUG, "pb_controller::play_file: running `%s'", cmdline.c_str()); + ::system(cmdline.c_str()); +diff --git a/src/queueloader.cpp b/src/queueloader.cpp +index c1dabdd8..ae725e04 100644 +--- a/src/queueloader.cpp ++++ b/src/queueloader.cpp +@@ -130,7 +130,7 @@ std::string queueloader::get_filename(const std::string& str) { + strftime(lbuf, sizeof(lbuf), "%Y-%b-%d-%H%M%S.unknown", localtime(&t)); + fn.append(lbuf); + } else { +- fn.append(base); ++ fn.append(utils::replace_all(base, "'", "%27")); + } + return fn; + } diff --git a/gnu/packages/patches/openfoam-4.1-cleanup.patch b/gnu/packages/patches/openfoam-4.1-cleanup.patch new file mode 100644 index 0000000000..37effa5c9c --- /dev/null +++ b/gnu/packages/patches/openfoam-4.1-cleanup.patch @@ -0,0 +1,243 @@ +# This patch removes all need for the ThirdParty files of OpenFOAM. + +# Derived from EasyBuild patch by Ward Poelmans <wpoely86@gmail.com>. +# Modified for GNU Guix by Paul Garlick <pgarlick@tourbillion-technology.com>. + +diff -ur OpenFOAM-4.x-version-4.1.org/applications/utilities/mesh/manipulation/setSet/Allwmake OpenFOAM-4.x-version-4.1/applications/utilities/mesh/manipulation/setSet/Allwmake +--- OpenFOAM-4.x-version-4.1.org/applications/utilities/mesh/manipulation/setSet/Allwmake ++++ OpenFOAM-4.x-version-4.1/applications/utilities/mesh/manipulation/setSet/Allwmake +@@ -9,7 +9,7 @@ + # + # use readline if available + # +-if [ -f /usr/include/readline/readline.h ] ++if true + then + echo "Found <readline/readline.h> -- enabling readline support." + export COMP_FLAGS="-DHAS_READLINE" +diff -ur OpenFOAM-4.x-version-4.1.org/etc/bashrc OpenFOAM-4.x-version-4.1/etc/bashrc +--- OpenFOAM-4.x-version-4.1.org/etc/bashrc ++++ OpenFOAM-4.x-version-4.1/etc/bashrc +@@ -43,8 +43,10 @@ + # Please set to the appropriate path if the default is not correct. + # + [ $BASH_SOURCE ] && \ +-export FOAM_INST_DIR=$(cd ${BASH_SOURCE%/*/*/*} && pwd -P) || \ ++export FOAM_INST_DIR=$(cd $(dirname $BASH_SOURCE)/../.. && pwd -P) || \ + export FOAM_INST_DIR=$HOME/$WM_PROJECT ++# For GNU Guix: set initially for build then re-set at runtime ++# + # export FOAM_INST_DIR=~$WM_PROJECT + # export FOAM_INST_DIR=/opt/$WM_PROJECT + # export FOAM_INST_DIR=/usr/local/$WM_PROJECT +diff -ur OpenFOAM-4.x-version-4.1.org/etc/config.sh/CGAL OpenFOAM-4.x-version-4.1/etc/config.sh/CGAL +--- OpenFOAM-4.x-version-4.1.org/etc/config.sh/CGAL ++++ OpenFOAM-4.x-version-4.1/etc/config.sh/CGAL +@@ -36,37 +36,7 @@ + # + #------------------------------------------------------------------------------ + +-boost_version=boost-system +-cgal_version=cgal-system +-#cgal_version=CGAL-4.8 +- +-if [ -z "$SOURCE_CGAL_VERSIONS_ONLY" ] +-then +- +- common_path=$WM_THIRD_PARTY_DIR/platforms/$WM_ARCH$WM_COMPILER +- +- export BOOST_ARCH_PATH=$common_path/$boost_version +- export CGAL_ARCH_PATH=$common_path/$cgal_version +- +- if [ "$FOAM_VERBOSE" -a "$PS1" ] +- then +- echo "Using CGAL and boost" 1>&2 +- echo " $cgal_version at $CGAL_ARCH_PATH" 1>&2 +- echo " $boost_version at $BOOST_ARCH_PATH" 1>&2 +- fi +- +- if [ -d "$CGAL_ARCH_PATH" -a "$cgal_version" != "cgal-system" ] +- then +- _foamAddLib $CGAL_ARCH_PATH/lib +- fi +- +- if [ -d "$BOOST_ARCH_PATH" -a "$boost_version" != "boost-system" ] +- then +- _foamAddLib $BOOST_ARCH_PATH/lib +- fi +- +- unset boost_version cgal_version common_path +- +-fi ++export CGAL_ARCH_PATH=$CGAL_ROOT ++export BOOST_ARCH_PATH=$BOOST_ROOT + + #------------------------------------------------------------------------------ +diff -ur OpenFOAM-4.x-version-4.1.org/etc/config.sh/gperftools OpenFOAM-4.x-version-4.1/etc/config.sh/gperftools +--- OpenFOAM-4.x-version-4.1.org/etc/config.sh/gperftools ++++ OpenFOAM-4.x-version-4.1/etc/config.sh/gperftools +@@ -29,13 +29,5 @@ + # + #------------------------------------------------------------------------------ + +-version=svn +-gperftools_install=$WM_THIRD_PARTY_DIR/platforms/$WM_ARCH$WM_COMPILER +- +-GPERFTOOLS_VERSION=gperftools-$version +-GPERFTOOLS_ARCH_PATH=$gperftools_install/$GPERFTOOLS_VERSION +- +-export PATH=$GPERFTOOLS_ARCH_PATH/bin:$PATH +-export LD_LIBRARY_PATH=$GPERFTOOLS_ARCH_PATH/lib:$LD_LIBRARY_PATH + + #------------------------------------------------------------------------------ +diff -ur OpenFOAM-4.x-version-4.1.org/etc/config.sh/metis OpenFOAM-4.x-version-4.1/etc/config.sh/metis +--- OpenFOAM-4.x-version-4.1.org/etc/config.sh/metis ++++ OpenFOAM-4.x-version-4.1/etc/config.sh/metis +@@ -34,7 +34,7 @@ + # + #------------------------------------------------------------------------------ + +-export METIS_VERSION=metis-5.1.0 +-export METIS_ARCH_PATH=$WM_THIRD_PARTY_DIR/platforms/$WM_ARCH$WM_COMPILER$WM_PRECISION_OPTION$WM_LABEL_OPTION/$METIS_VERSION ++export METIS_VERSION=metis-$METISVERSION ++export METIS_ARCH_PATH=$METIS_ROOT + + #------------------------------------------------------------------------------ +diff -ur OpenFOAM-4.x-version-4.1.org/etc/config.sh/scotch OpenFOAM-4.x-version-4.1/etc/config.sh/scotch +--- OpenFOAM-4.x-version-4.1.org/etc/config.sh/scotch ++++ OpenFOAM-4.x-version-4.1/etc/config.sh/scotch +@@ -37,7 +37,7 @@ + # + #------------------------------------------------------------------------------ + +-export SCOTCH_VERSION=scotch_6.0.3 +-export SCOTCH_ARCH_PATH=$WM_THIRD_PARTY_DIR/platforms/$WM_ARCH$WM_COMPILER$WM_PRECISION_OPTION$WM_LABEL_OPTION/$SCOTCH_VERSION ++export SCOTCH_VERSION=scotch_$SCOTCHVERSION ++export SCOTCH_ARCH_PATH=$SCOTCH_ROOT + + #------------------------------------------------------------------------------ +diff -ur OpenFOAM-4.x-version-4.1.org/etc/config.sh/settings OpenFOAM-4.x-version-4.1/etc/config.sh/settings +--- OpenFOAM-4.x-version-4.1.org/etc/config.sh/settings ++++ OpenFOAM-4.x-version-4.1/etc/config.sh/settings +@@ -279,6 +279,9 @@ + ;; + system) + # Use system compiler ++ # Use system GMP and MPFR packages ++ export GMP_ARCH_PATH=$GMP_ROOT ++ export MPFR_ARCH_PATH=$MPFR_ROOT + ;; + *) + echo "Warn: WM_COMPILER_TYPE='$WM_COMPILER_TYPE' is unsupported" 1>&2 +diff -ur OpenFOAM-4.x-version-4.1.org/src/parallel/decompose/ptscotchDecomp/Make/options OpenFOAM-4.x-version-4.1/src/parallel/decompose/ptscotchDecomp/Make/options +--- OpenFOAM-4.x-version-4.1.org/src/parallel/decompose/ptscotchDecomp/Make/options ++++ OpenFOAM-4.x-version-4.1/src/parallel/decompose/ptscotchDecomp/Make/options +@@ -5,8 +5,7 @@ + $(PFLAGS) $(PINC) \ + -I$(SCOTCH_ROOT)/include \ + -I$(SCOTCH_ARCH_PATH)/include/$(FOAM_MPI) \ +- -I/usr/include/scotch \ + -I../decompositionMethods/lnInclude + + LIB_LIBS = \ +- -L$(SCOTCH_ROOT)/lib -L$(FOAM_EXT_LIBBIN)/$(FOAM_MPI) -lptscotch -lptscotcherrexit -lscotch ${LINK_FLAGS} -lrt ++ -L$(SCOTCH_ROOT)/lib -L$(MPI_ARCH_PATH)/lib -lptscotch -lptscotcherrexit -lscotch ${LINK_FLAGS} -lrt +diff -ur OpenFOAM-4.x-version-4.1.org/src/parallel/decompose/scotchDecomp/Make/options OpenFOAM-4.x-version-4.1/src/parallel/decompose/scotchDecomp/Make/options +--- OpenFOAM-4.x-version-4.1.org/src/parallel/decompose/scotchDecomp/Make/options ++++ OpenFOAM-4.x-version-4.1/src/parallel/decompose/scotchDecomp/Make/options +@@ -9,8 +9,7 @@ + $(PFLAGS) $(PINC) \ + -I$(SCOTCH_ROOT)/include \ + -I$(SCOTCH_ARCH_PATH)/include \ +- -I/usr/include/scotch \ + -I../decompositionMethods/lnInclude + + LIB_LIBS = \ +- -L$(SCOTCH_ROOT)/lib -L$(FOAM_EXT_LIBBIN) -lscotch -lscotcherrexit -lrt ++ -L$(SCOTCH_ROOT)/lib -lscotch -lscotcherrexit -lrt +diff -ur OpenFOAM-4.x-version-4.1.org/wmake/makefiles/general OpenFOAM-4.x-version-4.1/wmake/makefiles/general +--- OpenFOAM-4.x-version-4.1.org/wmake/makefiles/general ++++ OpenFOAM-4.x-version-4.1/wmake/makefiles/general +@@ -33,7 +33,6 @@ + # The Makefile uses a POSIX shell + #------------------------------------------------------------------------------ + +-SHELL = /bin/sh + + + #------------------------------------------------------------------------------ +diff -ur OpenFOAM-4.x-version-4.1.org/wmake/wmake OpenFOAM-4.x-version-4.1/wmake/wmake +--- OpenFOAM-4.x-version-4.1.org/wmake/wmake ++++ OpenFOAM-4.x-version-4.1/wmake/wmake +@@ -163,7 +163,7 @@ + then + if [ "$WM_NCOMPPROCS" -gt 1 -a ! "$MAKEFLAGS" ] + then +- lockDir=$HOME/.$WM_PROJECT/.wmake ++ lockDir=$(cd $(dirname $BASH_SOURCE)/../.. && pwd -P)/.$WM_PROJECT/.wmake + + if [ -d $lockDir ] + then +diff -ur OpenFOAM-4.x-version-4.1.org/wmake/wmakeScheduler OpenFOAM-4.x-version-4.1/wmake/wmakeScheduler +--- OpenFOAM-4.x-version-4.1.org/wmake/wmakeScheduler ++++ OpenFOAM-4.x-version-4.1/wmake/wmakeScheduler +@@ -53,7 +53,7 @@ + # csh sets HOST, bash sets HOSTNAME + : ${HOST:=$HOSTNAME} + +-lockDir=$HOME/.$WM_PROJECT/.wmake ++lockDir=$(cd $(dirname $BASH_SOURCE)/../.. && pwd -P)/.$WM_PROJECT/.wmake + + # Fallback - 1 core on current host + : ${WM_HOSTS:=$HOST:1} +diff -ur OpenFOAM-4.x-version-4.1.org/wmake/wmakeSchedulerUptime OpenFOAM-4.x-version-4.1/wmake/wmakeSchedulerUptime +--- OpenFOAM-4.x-version-4.1.org/wmake/wmakeSchedulerUptime ++++ OpenFOAM-4.x-version-4.1/wmake/wmakeSchedulerUptime +@@ -53,7 +53,7 @@ + # csh sets HOST, bash sets HOSTNAME + : ${HOST:=$HOSTNAME} + +-lockDir=$HOME/.$WM_PROJECT/.wmake ++lockDir=$(cd $(dirname $BASH_SOURCE)/../.. && pwd -P)/.$WM_PROJECT/.wmake + # Fallback - 1 core on current host + : ${WM_HOSTS:=$HOST:1} + +diff -ur OpenFOAM-4.x-version-4.1.org/src/parallel/decompose/metisDecomp/metisDecomp.C OpenFOAM-4.x-version-4.1/src/parallel/decompose/metisDecomp/metisDecomp.C +--- OpenFOAM-4.x-version-4.1.org/src/parallel/decompose/metisDecomp/metisDecomp.C ++++ OpenFOAM-4.x-version-4.1/src/parallel/decompose/metisDecomp/metisDecomp.C +@@ -67,7 +67,7 @@ + + // Processor weights initialised with no size, only used if specified in + // a file +- Field<scalar> processorWeights; ++ Field<floatScalar> processorWeights; + + // Cell weights (so on the vertices of the dual) + List<label> cellWeights; +diff -ur OpenFOAM-4.x-version-4.1.org/wmake/rules/General/CGAL OpenFOAM-4.x-version-4.1/wmake/rules/General/CGAL +--- OpenFOAM-4.x-version-4.1.org/wmake/rules/General/CGAL ++++ OpenFOAM-4.x-version-4.1/wmake/rules/General/CGAL +@@ -6,9 +6,10 @@ + -I/usr/include + + CGAL_LIBS = \ +- -L$(MPFR_ARCH_PATH)/lib$(WM_COMPILER_LIB_ARCH) \ +- -L$(GMP_ARCH_PATH)/lib$(WM_COMPILER_LIB_ARCH) \ ++ -L$(MPFR_ARCH_PATH)/lib \ ++ -L$(GMP_ARCH_PATH)/lib \ + -L$(BOOST_ARCH_PATH)/lib \ + -L$(CGAL_ARCH_PATH)/lib \ + -lCGAL \ ++ -lgmp \ + -lmpfr +diff -ur OpenFOAM-4.x-version-4.1.org/wmake/rules/linux64Gcc/c++ OpenFOAM-4.x-version-4.1/wmake/rules/linux64Gcc/c++ +--- OpenFOAM-4.x-version-4.1.org/wmake/rules/linux64Gcc/c++ ++++ OpenFOAM-4.x-version-4.1/wmake/rules/linux64Gcc/c++ +@@ -20,5 +20,5 @@ + + LINK_LIBS = $(c++DBUG) + +-LINKLIBSO = $(CC) $(c++FLAGS) -shared -Xlinker --add-needed -Xlinker --no-as-needed +-LINKEXE = $(CC) $(c++FLAGS) -Xlinker --add-needed -Xlinker --no-as-needed ++LINKLIBSO = $(CC) $(c++FLAGS) $(LDFLAGS) -shared -Xlinker --add-needed -Xlinker --no-as-needed ++LINKEXE = $(CC) $(c++FLAGS) $(LDFLAGS) -Xlinker --add-needed -Xlinker --no-as-needed diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14151.patch b/gnu/packages/patches/openjpeg-CVE-2017-14151.patch new file mode 100644 index 0000000000..4fcf6af6db --- /dev/null +++ b/gnu/packages/patches/openjpeg-CVE-2017-14151.patch @@ -0,0 +1,46 @@ +https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9.patch +http://openwall.com/lists/oss-security/2017/09/06/1 + +From afb308b9ccbe129608c9205cf3bb39bbefad90b9 Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Mon, 14 Aug 2017 17:20:37 +0200 +Subject: [PATCH] Encoder: grow buffer size in + opj_tcd_code_block_enc_allocate_data() to avoid write heap buffer overflow in + opj_mqc_flush (#982) + +--- + src/lib/openjp2/tcd.c | 7 +++++-- + tests/nonregression/test_suite.ctest.in | 2 ++ + 2 files changed, 7 insertions(+), 2 deletions(-) + +diff --git a/src/lib/openjp2/tcd.c b/src/lib/openjp2/tcd.c +index 301c7213e..53cdcf64d 100644 +--- a/src/lib/openjp2/tcd.c ++++ b/src/lib/openjp2/tcd.c +@@ -1187,8 +1187,11 @@ static OPJ_BOOL opj_tcd_code_block_enc_allocate_data(opj_tcd_cblk_enc_t * + { + OPJ_UINT32 l_data_size; + +- /* The +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */ +- l_data_size = 1 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * ++ /* +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */ ++ /* and actually +2 required for https://github.com/uclouvain/openjpeg/issues/982 */ ++ /* TODO: is there a theoretical upper-bound for the compressed code */ ++ /* block size ? */ ++ l_data_size = 2 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * + (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32)); + + if (l_data_size > p_code_block->data_size) { +diff --git a/tests/nonregression/test_suite.ctest.in b/tests/nonregression/test_suite.ctest.in +index aaf40d7d0..ffd964c2a 100644 +--- a/tests/nonregression/test_suite.ctest.in ++++ b/tests/nonregression/test_suite.ctest.in +@@ -169,6 +169,8 @@ opj_compress -i @INPUT_NR_PATH@/Bretagne2.ppm -o @TEMP_PATH@/Bretagne2_empty_ban + # Same rate as Bretagne2_4.j2k + opj_compress -i @INPUT_NR_PATH@/Bretagne2.ppm -o @TEMP_PATH@/Bretagne2_empty_band_r800.j2k -t 2591,1943 -n 2 -r 800 + ++opj_compress -i @INPUT_NR_PATH@/issue982.bmp -o @TEMP_PATH@/issue982.j2k -n 1 ++ + # DECODER TEST SUITE + opj_decompress -i @INPUT_NR_PATH@/Bretagne2.j2k -o @TEMP_PATH@/Bretagne2.j2k.pgx + opj_decompress -i @INPUT_NR_PATH@/_00042.j2k -o @TEMP_PATH@/_00042.j2k.pgx diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14152.patch b/gnu/packages/patches/openjpeg-CVE-2017-14152.patch new file mode 100644 index 0000000000..6c083be123 --- /dev/null +++ b/gnu/packages/patches/openjpeg-CVE-2017-14152.patch @@ -0,0 +1,38 @@ +https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154.patch +http://openwall.com/lists/oss-security/2017/09/06/2 + +From 4241ae6fbbf1de9658764a80944dc8108f2b4154 Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Tue, 15 Aug 2017 11:55:58 +0200 +Subject: [PATCH] Fix assertion in debug mode / heap-based buffer overflow in + opj_write_bytes_LE for Cinema profiles with numresolutions = 1 (#985) + +--- + src/lib/openjp2/j2k.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c +index a2521ebbc..54b490a8c 100644 +--- a/src/lib/openjp2/j2k.c ++++ b/src/lib/openjp2/j2k.c +@@ -6573,10 +6573,16 @@ static void opj_j2k_set_cinema_parameters(opj_cparameters_t *parameters, + + /* Precincts */ + parameters->csty |= 0x01; +- parameters->res_spec = parameters->numresolution - 1; +- for (i = 0; i < parameters->res_spec; i++) { +- parameters->prcw_init[i] = 256; +- parameters->prch_init[i] = 256; ++ if (parameters->numresolution == 1) { ++ parameters->res_spec = 1; ++ parameters->prcw_init[0] = 128; ++ parameters->prch_init[0] = 128; ++ } else { ++ parameters->res_spec = parameters->numresolution - 1; ++ for (i = 0; i < parameters->res_spec; i++) { ++ parameters->prcw_init[i] = 256; ++ parameters->prch_init[i] = 256; ++ } + } + + /* The progression order shall be CPRL */ diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14164.patch b/gnu/packages/patches/openjpeg-CVE-2017-14164.patch new file mode 100644 index 0000000000..2bfc5a6a85 --- /dev/null +++ b/gnu/packages/patches/openjpeg-CVE-2017-14164.patch @@ -0,0 +1,89 @@ +https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a.patch +http://openwall.com/lists/oss-security/2017/09/06/3 + +From dcac91b8c72f743bda7dbfa9032356bc8110098a Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Wed, 16 Aug 2017 17:09:10 +0200 +Subject: [PATCH] opj_j2k_write_sot(): fix potential write heap buffer overflow + (#991) + +--- + src/lib/openjp2/j2k.c | 25 ++++++++++++++++++++----- + 1 file changed, 20 insertions(+), 5 deletions(-) + +diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c +index 54b490a8c..16915452e 100644 +--- a/src/lib/openjp2/j2k.c ++++ b/src/lib/openjp2/j2k.c +@@ -832,13 +832,15 @@ static OPJ_BOOL opj_j2k_write_tlm(opj_j2k_t *p_j2k, + * Writes the SOT marker (Start of tile-part) + * + * @param p_j2k J2K codec. +- * @param p_data FIXME DOC +- * @param p_data_written FIXME DOC ++ * @param p_data Output buffer ++ * @param p_total_data_size Output buffer size ++ * @param p_data_written Number of bytes written into stream + * @param p_stream the stream to write data to. + * @param p_manager the user event manager. + */ + static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k, + OPJ_BYTE * p_data, ++ OPJ_UINT32 p_total_data_size, + OPJ_UINT32 * p_data_written, + const opj_stream_private_t *p_stream, + opj_event_mgr_t * p_manager); +@@ -4201,6 +4203,7 @@ static OPJ_BOOL opj_j2k_write_tlm(opj_j2k_t *p_j2k, + + static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k, + OPJ_BYTE * p_data, ++ OPJ_UINT32 p_total_data_size, + OPJ_UINT32 * p_data_written, + const opj_stream_private_t *p_stream, + opj_event_mgr_t * p_manager +@@ -4214,6 +4217,12 @@ static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k, + OPJ_UNUSED(p_stream); + OPJ_UNUSED(p_manager); + ++ if (p_total_data_size < 12) { ++ opj_event_msg(p_manager, EVT_ERROR, ++ "Not enough bytes in output buffer to write SOT marker\n"); ++ return OPJ_FALSE; ++ } ++ + opj_write_bytes(p_data, J2K_MS_SOT, + 2); /* SOT */ + p_data += 2; +@@ -11480,7 +11489,8 @@ static OPJ_BOOL opj_j2k_write_first_tile_part(opj_j2k_t *p_j2k, + + l_current_nb_bytes_written = 0; + l_begin_data = p_data; +- if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream, ++ if (! opj_j2k_write_sot(p_j2k, p_data, p_total_data_size, ++ &l_current_nb_bytes_written, p_stream, + p_manager)) { + return OPJ_FALSE; + } +@@ -11572,7 +11582,10 @@ static OPJ_BOOL opj_j2k_write_all_tile_parts(opj_j2k_t *p_j2k, + l_part_tile_size = 0; + l_begin_data = p_data; + +- if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream, ++ if (! opj_j2k_write_sot(p_j2k, p_data, ++ p_total_data_size, ++ &l_current_nb_bytes_written, ++ p_stream, + p_manager)) { + return OPJ_FALSE; + } +@@ -11615,7 +11628,9 @@ static OPJ_BOOL opj_j2k_write_all_tile_parts(opj_j2k_t *p_j2k, + l_part_tile_size = 0; + l_begin_data = p_data; + +- if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream, ++ if (! opj_j2k_write_sot(p_j2k, p_data, ++ p_total_data_size, ++ &l_current_nb_bytes_written, p_stream, + p_manager)) { + return OPJ_FALSE; + } diff --git a/gnu/packages/patches/perl-text-markdown-discount-use-system-markdown.patch b/gnu/packages/patches/perl-text-markdown-discount-use-system-markdown.patch new file mode 100644 index 0000000000..e0df632a04 --- /dev/null +++ b/gnu/packages/patches/perl-text-markdown-discount-use-system-markdown.patch @@ -0,0 +1,32 @@ +Description: Use the markdown library provided by the libmarkdown2 package. +Author: Alessandro Ghedini <al3xbio@gmail.com> +Origin: vendor +Forwarded: not-needed +Last-Update: 2012-01-01 + +--- a/Makefile.PL ++++ b/Makefile.PL +@@ -57,12 +57,6 @@ + + + +-sub MY::postamble { +- return sprintf(' +-$(MYEXTLIB): +- %s +-', qq{( cd $extdir; CC='cc -fPIC' sh configure.sh; make )\n}); +-} + + WriteMakefile( + NAME => 'Text::Markdown::Discount', +@@ -71,8 +65,6 @@ + ($] >= 5.005 ? + (ABSTRACT_FROM => 'lib/Text/Markdown/Discount.pm', + AUTHOR => 'Masayoshi Sekimura <sekimura@cpan.org>') : ()), +- LIBS => '-L' . $extdir, +- INC => '-I. -I' . $extdir, +- MYEXTLIB => $myextlib, +- clean => { FILES => $clean_files }, ++ LIBS => '-lmarkdown', ++ INC => '-I.', + ); diff --git a/gnu/packages/patches/python-acme-dont-use-openssl-rand.patch b/gnu/packages/patches/python-acme-dont-use-openssl-rand.patch new file mode 100644 index 0000000000..78920629c0 --- /dev/null +++ b/gnu/packages/patches/python-acme-dont-use-openssl-rand.patch @@ -0,0 +1,28 @@ +Fix build with PyOpenSSL > 17.2.0. + +See <https://github.com/certbot/certbot/issues/5111>. + +Patch copied from upstream source repository: +https://github.com/certbot/certbot/commit/f6be07da74c664b57ac8c053585f919c79f9af44 + +diff --git a/acme/crypto_util.py b/acme/crypto_util.py +index de15284c03..b8fba03488 100644 +--- a/acme/crypto_util.py ++++ b/acme/crypto_util.py +@@ -2,6 +2,7 @@ + import binascii + import contextlib + import logging ++import os + import re + import socket + import sys +@@ -243,7 +244,7 @@ def gen_ss_cert(key, domains, not_before=None, + """ + assert domains, "Must provide one or more hostnames for the cert." + cert = OpenSSL.crypto.X509() +- cert.set_serial_number(int(binascii.hexlify(OpenSSL.rand.bytes(16)), 16)) ++ cert.set_serial_number(int(binascii.hexlify(os.urandom(16)), 16)) + cert.set_version(2) + + extensions = [ diff --git a/gnu/packages/patches/qemu-CVE-2017-13711.patch b/gnu/packages/patches/qemu-CVE-2017-13711.patch new file mode 100644 index 0000000000..4070115419 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-13711.patch @@ -0,0 +1,89 @@ +Fix CVE-2017-13711: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13711 + +Patch copied from upstream source repository: + +https://git.qemu.org/?p=qemu.git;a=commitdiff;h=1201d308519f1e915866d7583d5136d03cc1d384 + +From 1201d308519f1e915866d7583d5136d03cc1d384 Mon Sep 17 00:00:00 2001 +From: Samuel Thibault <samuel.thibault@ens-lyon.org> +Date: Fri, 25 Aug 2017 01:35:53 +0200 +Subject: [PATCH] slirp: fix clearing ifq_so from pending packets +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The if_fastq and if_batchq contain not only packets, but queues of packets +for the same socket. When sofree frees a socket, it thus has to clear ifq_so +from all the packets from the queues, not only the first. + +Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> +Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> +Cc: qemu-stable@nongnu.org +Signed-off-by: Peter Maydell <peter.maydell@linaro.org> +--- + slirp/socket.c | 39 +++++++++++++++++++++++---------------- + 1 file changed, 23 insertions(+), 16 deletions(-) + +diff --git a/slirp/socket.c b/slirp/socket.c +index ecec0295a9..cb7b5b608d 100644 +--- a/slirp/socket.c ++++ b/slirp/socket.c +@@ -59,6 +59,27 @@ socreate(Slirp *slirp) + return(so); + } + ++/* ++ * Remove references to so from the given message queue. ++ */ ++static void ++soqfree(struct socket *so, struct quehead *qh) ++{ ++ struct mbuf *ifq; ++ ++ for (ifq = (struct mbuf *) qh->qh_link; ++ (struct quehead *) ifq != qh; ++ ifq = ifq->ifq_next) { ++ if (ifq->ifq_so == so) { ++ struct mbuf *ifm; ++ ifq->ifq_so = NULL; ++ for (ifm = ifq->ifs_next; ifm != ifq; ifm = ifm->ifs_next) { ++ ifm->ifq_so = NULL; ++ } ++ } ++ } ++} ++ + /* + * remque and free a socket, clobber cache + */ +@@ -66,23 +87,9 @@ void + sofree(struct socket *so) + { + Slirp *slirp = so->slirp; +- struct mbuf *ifm; + +- for (ifm = (struct mbuf *) slirp->if_fastq.qh_link; +- (struct quehead *) ifm != &slirp->if_fastq; +- ifm = ifm->ifq_next) { +- if (ifm->ifq_so == so) { +- ifm->ifq_so = NULL; +- } +- } +- +- for (ifm = (struct mbuf *) slirp->if_batchq.qh_link; +- (struct quehead *) ifm != &slirp->if_batchq; +- ifm = ifm->ifq_next) { +- if (ifm->ifq_so == so) { +- ifm->ifq_so = NULL; +- } +- } ++ soqfree(so, &slirp->if_fastq); ++ soqfree(so, &slirp->if_batchq); + + if (so->so_emu==EMU_RSH && so->extra) { + sofree(so->extra); +-- +2.14.1 + diff --git a/gnu/packages/patches/qemu-CVE-2017-14167.patch b/gnu/packages/patches/qemu-CVE-2017-14167.patch new file mode 100644 index 0000000000..a6007ac082 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-14167.patch @@ -0,0 +1,69 @@ +Fix CVE-2017-14167: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14167 +http://seclists.org/oss-sec/2017/q3/407 + +Patch copied from upstream development mailing list: + +https://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg01483.html + +From: Prasad J Pandit <address@hidden> + +While loading kernel via multiboot-v1 image, (flags & 0x00010000) +indicates that multiboot header contains valid addresses to load +the kernel image. These addresses are used to compute kernel +size and kernel text offset in the OS image. Validate these +address values to avoid an OOB access issue. + +This is CVE-2017-14167. + +Reported-by: Thomas Garnier <address@hidden> +Signed-off-by: Prasad J Pandit <address@hidden> +--- + hw/i386/multiboot.c | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +Update: add CVE-ID to the commit message. + +diff --git a/hw/i386/multiboot.c b/hw/i386/multiboot.c +index 6001f4caa2..c7b70c91d5 100644 +--- a/hw/i386/multiboot.c ++++ b/hw/i386/multiboot.c +@@ -221,15 +221,34 @@ int load_multiboot(FWCfgState *fw_cfg, + uint32_t mh_header_addr = ldl_p(header+i+12); + uint32_t mh_load_end_addr = ldl_p(header+i+20); + uint32_t mh_bss_end_addr = ldl_p(header+i+24); ++ + mh_load_addr = ldl_p(header+i+16); ++ if (mh_header_addr < mh_load_addr) { ++ fprintf(stderr, "invalid mh_load_addr address\n"); ++ exit(1); ++ } ++ + uint32_t mb_kernel_text_offset = i - (mh_header_addr - mh_load_addr); + uint32_t mb_load_size = 0; + mh_entry_addr = ldl_p(header+i+28); + + if (mh_load_end_addr) { ++ if (mh_bss_end_addr < mh_load_addr) { ++ fprintf(stderr, "invalid mh_bss_end_addr address\n"); ++ exit(1); ++ } + mb_kernel_size = mh_bss_end_addr - mh_load_addr; ++ ++ if (mh_load_end_addr < mh_load_addr) { ++ fprintf(stderr, "invalid mh_load_end_addr address\n"); ++ exit(1); ++ } + mb_load_size = mh_load_end_addr - mh_load_addr; + } else { ++ if (kernel_file_size < mb_kernel_text_offset) { ++ fprintf(stderr, "invalid kernel_file_size\n"); ++ exit(1); ++ } + mb_kernel_size = kernel_file_size - mb_kernel_text_offset; + mb_load_size = mb_kernel_size; + } +-- +2.13.5 + diff --git a/gnu/packages/patches/ruby-2.2.7-rubygems-2613-ruby22.patch b/gnu/packages/patches/ruby-2.2.7-rubygems-2613-ruby22.patch deleted file mode 100644 index d68b836c71..0000000000 --- a/gnu/packages/patches/ruby-2.2.7-rubygems-2613-ruby22.patch +++ /dev/null @@ -1,355 +0,0 @@ -diff --git lib/rubygems.rb lib/rubygems.rb -index f48496aa31..0e1855b148 100644 ---- ruby-2.2.7/lib/rubygems.rb -+++ ruby-2.2.7/lib/rubygems.rb -@@ -9,7 +9,7 @@ require 'rbconfig' - require 'thread' - - module Gem -- VERSION = '2.4.5.2' -+ VERSION = '2.4.5.3' - end - - # Must be first since it unloads the prelude from 1.9.2 -diff --git lib/rubygems/commands/query_command.rb lib/rubygems/commands/query_command.rb -index 432250e033..44364cfab2 100644 ---- ruby-2.2.7/lib/rubygems/commands/query_command.rb -+++ ruby-2.2.7/lib/rubygems/commands/query_command.rb -@@ -218,7 +218,7 @@ is too hard to use. - end - end - -- output << make_entry(matching_tuples, platforms) -+ output << clean_text(make_entry(matching_tuples, platforms)) - end - end - -@@ -336,7 +336,8 @@ is too hard to use. - end - - def spec_summary entry, spec -- entry << "\n\n" << format_text(spec.summary, 68, 4) -+ summary = truncate_text(spec.summary, "the summary for #{spec.full_name}") -+ entry << "\n\n" << format_text(summary, 68, 4) - end - - end -diff --git lib/rubygems/installer.rb lib/rubygems/installer.rb -index 10fc1a34a5..a27569fe2e 100644 ---- ruby-2.2.7/lib/rubygems/installer.rb -+++ ruby-2.2.7/lib/rubygems/installer.rb -@@ -646,6 +646,11 @@ class Gem::Installer - unpack or File.writable?(gem_home) - end - -+ def verify_spec_name -+ return if spec.name =~ Gem::Specification::VALID_NAME_PATTERN -+ raise Gem::InstallError, "#{spec} has an invalid name" -+ end -+ - ## - # Return the text for an application file. - -@@ -771,6 +776,8 @@ TEXT - - ensure_loadable_spec - -+ verify_spec_name -+ - if options[:install_as_default] - Gem.ensure_default_gem_subdirectories gem_home - else -diff --git lib/rubygems/remote_fetcher.rb lib/rubygems/remote_fetcher.rb -index b1f6dd17fc..2b9d61c0a1 100644 ---- ruby-2.2.7/lib/rubygems/remote_fetcher.rb -+++ ruby-2.2.7/lib/rubygems/remote_fetcher.rb -@@ -96,7 +96,7 @@ class Gem::RemoteFetcher - else - target = res.target.to_s.strip - -- if /\.#{Regexp.quote(host)}\z/ =~ target -+ if URI("http://" + target).host.end_with?(".#{host}") - return URI.parse "#{uri.scheme}://#{target}#{uri.path}" - end - -diff --git lib/rubygems/specification.rb lib/rubygems/specification.rb -index ab1cd92270..faca837128 100644 ---- ruby-2.2.7/lib/rubygems/specification.rb -+++ ruby-2.2.7/lib/rubygems/specification.rb -@@ -106,6 +106,8 @@ class Gem::Specification < Gem::BasicSpecification - - private_constant :LOAD_CACHE if defined? private_constant - -+ VALID_NAME_PATTERN = /\A[a-zA-Z0-9\.\-\_]+\z/ # :nodoc: -+ - # :startdoc: - - ## -@@ -2477,9 +2479,15 @@ class Gem::Specification < Gem::BasicSpecification - end - end - -- unless String === name then -+ if !name.is_a?(String) then - raise Gem::InvalidSpecificationException, -- "invalid value for attribute name: \"#{name.inspect}\"" -+ "invalid value for attribute name: \"#{name.inspect}\" must be a string" -+ elsif name !~ /[a-zA-Z]/ then -+ raise Gem::InvalidSpecificationException, -+ "invalid value for attribute name: #{name.dump} must include at least one letter" -+ elsif name !~ VALID_NAME_PATTERN then -+ raise Gem::InvalidSpecificationException, -+ "invalid value for attribute name: #{name.dump} can only include letters, numbers, dashes, and underscores" - end - - if raw_require_paths.empty? then -diff --git lib/rubygems/text.rb lib/rubygems/text.rb -index 5c9287ad2e..86a722ffc0 100644 ---- ruby-2.2.7/lib/rubygems/text.rb -+++ ruby-2.2.7/lib/rubygems/text.rb -@@ -5,13 +5,26 @@ require 'rubygems' - - module Gem::Text - -+ ## -+ # Remove any non-printable characters and make the text suitable for -+ # printing. -+ def clean_text(text) -+ text.gsub(/[\000-\b\v-\f\016-\037\177]/, ".".freeze) -+ end -+ -+ def truncate_text(text, description, max_length = 100_000) -+ raise ArgumentError, "max_length must be positive" unless max_length > 0 -+ return text if text.size <= max_length -+ "Truncating #{description} to #{max_length.to_s.reverse.gsub(/...(?=.)/,'\&,').reverse} characters:\n" + text[0, max_length] -+ end -+ - ## - # Wraps +text+ to +wrap+ characters and optionally indents by +indent+ - # characters - - def format_text(text, wrap, indent=0) - result = [] -- work = text.dup -+ work = clean_text(text) - - while work.length > wrap do - if work =~ /^(.{0,#{wrap}})[ \n]/ then -diff --git test/rubygems/test_gem_commands_query_command.rb test/rubygems/test_gem_commands_query_command.rb -index 43fa82571d..ccd2621874 100644 ---- ruby-2.2.7/test/rubygems/test_gem_commands_query_command.rb -+++ ruby-2.2.7/test/rubygems/test_gem_commands_query_command.rb -@@ -147,6 +147,86 @@ a (2) - This is a lot of text. This is a lot of text. This is a lot of text. - This is a lot of text. - -+pl (1) -+ Platform: i386-linux -+ Author: A User -+ Homepage: http://example.com -+ -+ this is a summary -+ EOF -+ -+ assert_equal expected, @ui.output -+ assert_equal '', @ui.error -+ end -+ -+ def test_execute_details_cleans_text -+ spec_fetcher do |fetcher| -+ fetcher.spec 'a', 2 do |s| -+ s.summary = 'This is a lot of text. ' * 4 -+ s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"] -+ s.homepage = "http://a.example.com/\x03" -+ end -+ -+ fetcher.legacy_platform -+ end -+ -+ @cmd.handle_options %w[-r -d] -+ -+ use_ui @ui do -+ @cmd.execute -+ end -+ -+ expected = <<-EOF -+ -+*** REMOTE GEMS *** -+ -+a (2) -+ Authors: Abraham Lincoln ., . Hirohito -+ Homepage: http://a.example.com/. -+ -+ This is a lot of text. This is a lot of text. This is a lot of text. -+ This is a lot of text. -+ -+pl (1) -+ Platform: i386-linux -+ Author: A User -+ Homepage: http://example.com -+ -+ this is a summary -+ EOF -+ -+ assert_equal expected, @ui.output -+ assert_equal '', @ui.error -+ end -+ -+ def test_execute_details_truncates_summary -+ spec_fetcher do |fetcher| -+ fetcher.spec 'a', 2 do |s| -+ s.summary = 'This is a lot of text. ' * 10_000 -+ s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"] -+ s.homepage = "http://a.example.com/\x03" -+ end -+ -+ fetcher.legacy_platform -+ end -+ -+ @cmd.handle_options %w[-r -d] -+ -+ use_ui @ui do -+ @cmd.execute -+ end -+ -+ expected = <<-EOF -+ -+*** REMOTE GEMS *** -+ -+a (2) -+ Authors: Abraham Lincoln ., . Hirohito -+ Homepage: http://a.example.com/. -+ -+ Truncating the summary for a-2 to 100,000 characters: -+#{" This is a lot of text. This is a lot of text. This is a lot of text.\n" * 1449} This is a lot of te -+ - pl (1) - Platform: i386-linux - Author: A User -diff --git test/rubygems/test_gem_installer.rb test/rubygems/test_gem_installer.rb -index 6f8012feb8..aba73af181 100644 ---- ruby-2.2.7/test/rubygems/test_gem_installer.rb -+++ ruby-2.2.7/test/rubygems/test_gem_installer.rb -@@ -1214,6 +1214,26 @@ gem 'other', version - end - end - -+ def test_pre_install_checks_malicious_name -+ spec = util_spec '../malicious', '1' -+ def spec.full_name # so the spec is buildable -+ "malicious-1" -+ end -+ def spec.validate; end -+ -+ util_build_gem spec -+ -+ gem = File.join(@gemhome, 'cache', spec.file_name) -+ -+ use_ui @ui do -+ @installer = Gem::Installer.at gem -+ e = assert_raises Gem::InstallError do -+ @installer.pre_install_checks -+ end -+ assert_equal '#<Gem::Specification name=../malicious version=1> has an invalid name', e.message -+ end -+ end -+ - def test_shebang - util_make_exec @spec, "#!/usr/bin/ruby" - -diff --git test/rubygems/test_gem_remote_fetcher.rb test/rubygems/test_gem_remote_fetcher.rb -index 63dd8feb38..ca4627810b 100644 ---- ruby-2.2.7/test/rubygems/test_gem_remote_fetcher.rb -+++ ruby-2.2.7/test/rubygems/test_gem_remote_fetcher.rb -@@ -181,6 +181,21 @@ gems: - dns.verify - end - -+ def test_api_endpoint_ignores_trans_domain_values_that_end_with_original_in_path -+ uri = URI.parse "http://example.com/foo" -+ target = MiniTest::Mock.new -+ target.expect :target, "evil.com/a.example.com" -+ -+ dns = MiniTest::Mock.new -+ dns.expect :getresource, target, [String, Object] -+ -+ fetch = Gem::RemoteFetcher.new nil, dns -+ assert_equal URI.parse("http://example.com/foo"), fetch.api_endpoint(uri) -+ -+ target.verify -+ dns.verify -+ end -+ - def test_api_endpoint_ignores_trans_domain_values - uri = URI.parse "http://gems.example.com/foo" - target = MiniTest::Mock.new -diff --git test/rubygems/test_gem_specification.rb test/rubygems/test_gem_specification.rb -index 3cadc55d5d..4f7076a03a 100644 ---- ruby-2.2.7/test/rubygems/test_gem_specification.rb -+++ ruby-2.2.7/test/rubygems/test_gem_specification.rb -@@ -2610,7 +2610,37 @@ http://opensource.org/licenses/alphabetical - @a1.validate - end - -- assert_equal 'invalid value for attribute name: ":json"', e.message -+ assert_equal 'invalid value for attribute name: ":json" must be a string', e.message -+ -+ @a1.name = [] -+ e = assert_raises Gem::InvalidSpecificationException do -+ @a1.validate -+ end -+ assert_equal "invalid value for attribute name: \"[]\" must be a string", e.message -+ -+ @a1.name = "" -+ e = assert_raises Gem::InvalidSpecificationException do -+ @a1.validate -+ end -+ assert_equal "invalid value for attribute name: \"\" must include at least one letter", e.message -+ -+ @a1.name = "12345" -+ e = assert_raises Gem::InvalidSpecificationException do -+ @a1.validate -+ end -+ assert_equal "invalid value for attribute name: \"12345\" must include at least one letter", e.message -+ -+ @a1.name = "../malicious" -+ e = assert_raises Gem::InvalidSpecificationException do -+ @a1.validate -+ end -+ assert_equal "invalid value for attribute name: \"../malicious\" can only include letters, numbers, dashes, and underscores", e.message -+ -+ @a1.name = "\ba\t" -+ e = assert_raises Gem::InvalidSpecificationException do -+ @a1.validate -+ end -+ assert_equal "invalid value for attribute name: \"\\ba\\t\" can only include letters, numbers, dashes, and underscores", e.message - end - - def test_validate_non_nil -diff --git test/rubygems/test_gem_text.rb test/rubygems/test_gem_text.rb -index e5cfc41e61..9b270b481b 100644 ---- ruby-2.2.7/test/rubygems/test_gem_text.rb -+++ ruby-2.2.7/test/rubygems/test_gem_text.rb -@@ -35,6 +35,10 @@ Without the wrapping, the text might not look good in the RSS feed. - assert_equal expected, format_text(text, 78) - end - -+ def test_format_removes_nonprintable_characters -+ assert_equal "text with weird .. stuff .", format_text("text with weird \x1b\x02 stuff \x7f", 40) -+ end -+ - def test_min3 - assert_equal 1, min3(1, 1, 1) - assert_equal 1, min3(1, 1, 2) -@@ -71,4 +75,11 @@ Without the wrapping, the text might not look good in the RSS feed. - assert_equal 7, levenshtein_distance("xxxxxxx", "ZenTest") - assert_equal 7, levenshtein_distance("zentest", "xxxxxxx") - end -+ -+ def test_truncate_text -+ assert_equal "abc", truncate_text("abc", "desc") -+ assert_equal "Truncating desc to 2 characters:\nab", truncate_text("abc", "desc", 2) -+ s = "ab" * 500_001 -+ assert_equal "Truncating desc to 1,000,000 characters:\n#{s[0, 1_000_000]}", truncate_text(s, "desc", 1_000_000) -+ end - end diff --git a/gnu/packages/patches/ruby-2.3.4-rubygems-2613-ruby23.patch b/gnu/packages/patches/ruby-2.3.4-rubygems-2613-ruby23.patch deleted file mode 100644 index 8f4758293e..0000000000 --- a/gnu/packages/patches/ruby-2.3.4-rubygems-2613-ruby23.patch +++ /dev/null @@ -1,355 +0,0 @@ -diff --git lib/rubygems.rb lib/rubygems.rb -index 04031c765c..9c0219ce06 100644 ---- ruby-2.3.4/lib/rubygems.rb -+++ ruby-2.3.4/lib/rubygems.rb -@@ -10,7 +10,7 @@ - require 'thread' - - module Gem -- VERSION = '2.5.2' -+ VERSION = '2.5.2.1' - end - - # Must be first since it unloads the prelude from 1.9.2 -diff --git lib/rubygems/commands/query_command.rb lib/rubygems/commands/query_command.rb -index d6196b44ed..61e9808860 100644 ---- ruby-2.3.4/lib/rubygems/commands/query_command.rb -+++ ruby-2.3.4/lib/rubygems/commands/query_command.rb -@@ -226,7 +226,7 @@ def output_versions output, versions - end - end - -- output << make_entry(matching_tuples, platforms) -+ output << clean_text(make_entry(matching_tuples, platforms)) - end - end - -@@ -344,7 +344,8 @@ def spec_platforms entry, platforms - end - - def spec_summary entry, spec -- entry << "\n\n" << format_text(spec.summary, 68, 4) -+ summary = truncate_text(spec.summary, "the summary for #{spec.full_name}") -+ entry << "\n\n" << format_text(summary, 68, 4) - end - - end -diff --git lib/rubygems/installer.rb lib/rubygems/installer.rb -index 85358e0d1a..709b77d126 100644 ---- ruby-2.3.4/lib/rubygems/installer.rb -+++ ruby-2.3.4/lib/rubygems/installer.rb -@@ -693,6 +693,11 @@ def verify_gem_home(unpack = false) # :nodoc: - unpack or File.writable?(gem_home) - end - -+ def verify_spec_name -+ return if spec.name =~ Gem::Specification::VALID_NAME_PATTERN -+ raise Gem::InstallError, "#{spec} has an invalid name" -+ end -+ - ## - # Return the text for an application file. - -@@ -812,6 +817,8 @@ def pre_install_checks - - ensure_loadable_spec - -+ verify_spec_name -+ - if options[:install_as_default] - Gem.ensure_default_gem_subdirectories gem_home - else -diff --git lib/rubygems/remote_fetcher.rb lib/rubygems/remote_fetcher.rb -index fda1e067ef..254bebfadf 100644 ---- ruby-2.3.4/lib/rubygems/remote_fetcher.rb -+++ ruby-2.3.4/lib/rubygems/remote_fetcher.rb -@@ -104,7 +104,7 @@ def api_endpoint(uri) - else - target = res.target.to_s.strip - -- if /\.#{Regexp.quote(host)}\z/ =~ target -+ if URI("http://" + target).host.end_with?(".#{host}") - return URI.parse "#{uri.scheme}://#{target}#{uri.path}" - end - -diff --git lib/rubygems/specification.rb lib/rubygems/specification.rb -index 8e2557cdb2..dd4fde1776 100644 ---- ruby-2.3.4/lib/rubygems/specification.rb -+++ ruby-2.3.4/lib/rubygems/specification.rb -@@ -108,6 +108,8 @@ class Gem::Specification < Gem::BasicSpecification - - private_constant :LOAD_CACHE if defined? private_constant - -+ VALID_NAME_PATTERN = /\A[a-zA-Z0-9\.\-\_]+\z/ # :nodoc: -+ - # :startdoc: - - ## -@@ -2665,9 +2667,15 @@ def validate packaging = true - end - end - -- unless String === name then -+ if !name.is_a?(String) then - raise Gem::InvalidSpecificationException, -- "invalid value for attribute name: \"#{name.inspect}\"" -+ "invalid value for attribute name: \"#{name.inspect}\" must be a string" -+ elsif name !~ /[a-zA-Z]/ then -+ raise Gem::InvalidSpecificationException, -+ "invalid value for attribute name: #{name.dump} must include at least one letter" -+ elsif name !~ VALID_NAME_PATTERN then -+ raise Gem::InvalidSpecificationException, -+ "invalid value for attribute name: #{name.dump} can only include letters, numbers, dashes, and underscores" - end - - if raw_require_paths.empty? then -diff --git lib/rubygems/text.rb lib/rubygems/text.rb -index 732f1b99f2..b944b62c27 100644 ---- ruby-2.3.4/lib/rubygems/text.rb -+++ ruby-2.3.4/lib/rubygems/text.rb -@@ -6,13 +6,26 @@ - - module Gem::Text - -+ ## -+ # Remove any non-printable characters and make the text suitable for -+ # printing. -+ def clean_text(text) -+ text.gsub(/[\000-\b\v-\f\016-\037\177]/, ".".freeze) -+ end -+ -+ def truncate_text(text, description, max_length = 100_000) -+ raise ArgumentError, "max_length must be positive" unless max_length > 0 -+ return text if text.size <= max_length -+ "Truncating #{description} to #{max_length.to_s.reverse.gsub(/...(?=.)/,'\&,').reverse} characters:\n" + text[0, max_length] -+ end -+ - ## - # Wraps +text+ to +wrap+ characters and optionally indents by +indent+ - # characters - - def format_text(text, wrap, indent=0) - result = [] -- work = text.dup -+ work = clean_text(text) - - while work.length > wrap do - if work =~ /^(.{0,#{wrap}})[ \n]/ then -diff --git test/rubygems/test_gem_commands_query_command.rb test/rubygems/test_gem_commands_query_command.rb -index 78c15a1770..9ec715492f 100644 ---- ruby-2.3.4/test/rubygems/test_gem_commands_query_command.rb -+++ ruby-2.3.4/test/rubygems/test_gem_commands_query_command.rb -@@ -116,6 +116,86 @@ def test_execute_details - This is a lot of text. This is a lot of text. This is a lot of text. - This is a lot of text. - -+pl (1) -+ Platform: i386-linux -+ Author: A User -+ Homepage: http://example.com -+ -+ this is a summary -+ EOF -+ -+ assert_equal expected, @ui.output -+ assert_equal '', @ui.error -+ end -+ -+ def test_execute_details_cleans_text -+ spec_fetcher do |fetcher| -+ fetcher.spec 'a', 2 do |s| -+ s.summary = 'This is a lot of text. ' * 4 -+ s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"] -+ s.homepage = "http://a.example.com/\x03" -+ end -+ -+ fetcher.legacy_platform -+ end -+ -+ @cmd.handle_options %w[-r -d] -+ -+ use_ui @ui do -+ @cmd.execute -+ end -+ -+ expected = <<-EOF -+ -+*** REMOTE GEMS *** -+ -+a (2) -+ Authors: Abraham Lincoln ., . Hirohito -+ Homepage: http://a.example.com/. -+ -+ This is a lot of text. This is a lot of text. This is a lot of text. -+ This is a lot of text. -+ -+pl (1) -+ Platform: i386-linux -+ Author: A User -+ Homepage: http://example.com -+ -+ this is a summary -+ EOF -+ -+ assert_equal expected, @ui.output -+ assert_equal '', @ui.error -+ end -+ -+ def test_execute_details_truncates_summary -+ spec_fetcher do |fetcher| -+ fetcher.spec 'a', 2 do |s| -+ s.summary = 'This is a lot of text. ' * 10_000 -+ s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"] -+ s.homepage = "http://a.example.com/\x03" -+ end -+ -+ fetcher.legacy_platform -+ end -+ -+ @cmd.handle_options %w[-r -d] -+ -+ use_ui @ui do -+ @cmd.execute -+ end -+ -+ expected = <<-EOF -+ -+*** REMOTE GEMS *** -+ -+a (2) -+ Authors: Abraham Lincoln ., . Hirohito -+ Homepage: http://a.example.com/. -+ -+ Truncating the summary for a-2 to 100,000 characters: -+#{" This is a lot of text. This is a lot of text. This is a lot of text.\n" * 1449} This is a lot of te -+ - pl (1) - Platform: i386-linux - Author: A User -diff --git test/rubygems/test_gem_installer.rb test/rubygems/test_gem_installer.rb -index 5ec71d0a01..1092a0c68f 100644 ---- ruby-2.3.4/test/rubygems/test_gem_installer.rb -+++ ruby-2.3.4/test/rubygems/test_gem_installer.rb -@@ -1227,6 +1227,26 @@ def test_pre_install_checks_wrong_rubygems_version - end - end - -+ def test_pre_install_checks_malicious_name -+ spec = util_spec '../malicious', '1' -+ def spec.full_name # so the spec is buildable -+ "malicious-1" -+ end -+ def spec.validate; end -+ -+ util_build_gem spec -+ -+ gem = File.join(@gemhome, 'cache', spec.file_name) -+ -+ use_ui @ui do -+ @installer = Gem::Installer.at gem -+ e = assert_raises Gem::InstallError do -+ @installer.pre_install_checks -+ end -+ assert_equal '#<Gem::Specification name=../malicious version=1> has an invalid name', e.message -+ end -+ end -+ - def test_shebang - util_make_exec @spec, "#!/usr/bin/ruby" - -diff --git test/rubygems/test_gem_remote_fetcher.rb test/rubygems/test_gem_remote_fetcher.rb -index 49b6b6656c..a3919c8ef2 100644 ---- ruby-2.3.4/test/rubygems/test_gem_remote_fetcher.rb -+++ ruby-2.3.4/test/rubygems/test_gem_remote_fetcher.rb -@@ -253,6 +253,21 @@ def test_api_endpoint_ignores_trans_domain_values_that_end_with_original - dns.verify - end - -+ def test_api_endpoint_ignores_trans_domain_values_that_end_with_original_in_path -+ uri = URI.parse "http://example.com/foo" -+ target = MiniTest::Mock.new -+ target.expect :target, "evil.com/a.example.com" -+ -+ dns = MiniTest::Mock.new -+ dns.expect :getresource, target, [String, Object] -+ -+ fetch = Gem::RemoteFetcher.new nil, dns -+ assert_equal URI.parse("http://example.com/foo"), fetch.api_endpoint(uri) -+ -+ target.verify -+ dns.verify -+ end -+ - def test_api_endpoint_timeout_warning - uri = URI.parse "http://gems.example.com/foo" - -diff --git test/rubygems/test_gem_specification.rb test/rubygems/test_gem_specification.rb -index bc1c8d2ca7..9a49bbbf59 100644 ---- ruby-2.3.4/test/rubygems/test_gem_specification.rb -+++ ruby-2.3.4/test/rubygems/test_gem_specification.rb -@@ -2974,7 +2974,37 @@ def test_validate_name - @a1.validate - end - -- assert_equal 'invalid value for attribute name: ":json"', e.message -+ assert_equal 'invalid value for attribute name: ":json" must be a string', e.message -+ -+ @a1.name = [] -+ e = assert_raises Gem::InvalidSpecificationException do -+ @a1.validate -+ end -+ assert_equal "invalid value for attribute name: \"[]\" must be a string", e.message -+ -+ @a1.name = "" -+ e = assert_raises Gem::InvalidSpecificationException do -+ @a1.validate -+ end -+ assert_equal "invalid value for attribute name: \"\" must include at least one letter", e.message -+ -+ @a1.name = "12345" -+ e = assert_raises Gem::InvalidSpecificationException do -+ @a1.validate -+ end -+ assert_equal "invalid value for attribute name: \"12345\" must include at least one letter", e.message -+ -+ @a1.name = "../malicious" -+ e = assert_raises Gem::InvalidSpecificationException do -+ @a1.validate -+ end -+ assert_equal "invalid value for attribute name: \"../malicious\" can only include letters, numbers, dashes, and underscores", e.message -+ -+ @a1.name = "\ba\t" -+ e = assert_raises Gem::InvalidSpecificationException do -+ @a1.validate -+ end -+ assert_equal "invalid value for attribute name: \"\\ba\\t\" can only include letters, numbers, dashes, and underscores", e.message - end - - def test_validate_non_nil -diff --git test/rubygems/test_gem_text.rb test/rubygems/test_gem_text.rb -index a6e22e04da..04f3f605e8 100644 ---- ruby-2.3.4/test/rubygems/test_gem_text.rb -+++ ruby-2.3.4/test/rubygems/test_gem_text.rb -@@ -36,6 +36,10 @@ def test_format_text_trailing # for two spaces after . - assert_equal expected, format_text(text, 78) - end - -+ def test_format_removes_nonprintable_characters -+ assert_equal "text with weird .. stuff .", format_text("text with weird \x1b\x02 stuff \x7f", 40) -+ end -+ - def test_min3 - assert_equal 1, min3(1, 1, 1) - assert_equal 1, min3(1, 1, 2) -@@ -74,4 +78,11 @@ def test_levenshtein_distance_replace - assert_equal 7, levenshtein_distance("xxxxxxx", "ZenTest") - assert_equal 7, levenshtein_distance("zentest", "xxxxxxx") - end -+ -+ def test_truncate_text -+ assert_equal "abc", truncate_text("abc", "desc") -+ assert_equal "Truncating desc to 2 characters:\nab", truncate_text("abc", "desc", 2) -+ s = "ab" * 500_001 -+ assert_equal "Truncating desc to 1,000,000 characters:\n#{s[0, 1_000_000]}", truncate_text(s, "desc", 1_000_000) -+ end - end diff --git a/gnu/packages/patches/ruby-rubygems-2612-ruby24.patch b/gnu/packages/patches/ruby-rubygems-2612-ruby24.patch deleted file mode 100644 index 8ee32c0c6e..0000000000 --- a/gnu/packages/patches/ruby-rubygems-2612-ruby24.patch +++ /dev/null @@ -1,437 +0,0 @@ -diff --git lib/rubygems.rb lib/rubygems.rb -index 5cd1a4c47a..bc5bf9b4c2 100644 ---- ruby-2.4.1/lib/rubygems.rb -+++ ruby-2.4.1/lib/rubygems.rb -@@ -10,7 +10,7 @@ - require 'thread' - - module Gem -- VERSION = "2.6.11" -+ VERSION = "2.6.12" - end - - # Must be first since it unloads the prelude from 1.9.2 -@@ -234,6 +234,7 @@ def self.needs - - def self.finish_resolve(request_set=Gem::RequestSet.new) - request_set.import Gem::Specification.unresolved_deps.values -+ request_set.import Gem.loaded_specs.values.map {|s| Gem::Dependency.new(s.name, s.version) } - - request_set.resolve_current.each do |s| - s.full_spec.activate -diff --git lib/rubygems/commands/open_command.rb lib/rubygems/commands/open_command.rb -index a89b7421e3..059635e835 100644 ---- ruby-2.4.1/lib/rubygems/commands/open_command.rb -+++ ruby-2.4.1/lib/rubygems/commands/open_command.rb -@@ -72,7 +72,7 @@ def open_editor path - end - - def spec_for name -- spec = Gem::Specification.find_all_by_name(name, @version).last -+ spec = Gem::Specification.find_all_by_name(name, @version).first - - return spec if spec - -diff --git lib/rubygems/commands/query_command.rb lib/rubygems/commands/query_command.rb -index f25d120b88..70f8127292 100644 ---- ruby-2.4.1/lib/rubygems/commands/query_command.rb -+++ ruby-2.4.1/lib/rubygems/commands/query_command.rb -@@ -86,7 +86,7 @@ def execute - name = Array(options[:name]) - else - args = options[:args].to_a -- name = options[:exact] ? args : args.map{|arg| /#{arg}/i } -+ name = options[:exact] ? args.map{|arg| /\A#{Regexp.escape(arg)}\Z/ } : args.map{|arg| /#{arg}/i } - end - - prerelease = options[:prerelease] -diff --git lib/rubygems/commands/sources_command.rb lib/rubygems/commands/sources_command.rb -index 9832afd214..7e46963a4c 100644 ---- ruby-2.4.1/lib/rubygems/commands/sources_command.rb -+++ ruby-2.4.1/lib/rubygems/commands/sources_command.rb -@@ -44,7 +44,7 @@ def add_source source_uri # :nodoc: - source = Gem::Source.new source_uri - - begin -- if Gem.sources.include? source_uri then -+ if Gem.sources.include? source then - say "source #{source_uri} already present in the cache" - else - source.load_specs :released -diff --git lib/rubygems/dependency_list.rb lib/rubygems/dependency_list.rb -index 35fe7c4c1a..d8314eaf60 100644 ---- ruby-2.4.1/lib/rubygems/dependency_list.rb -+++ ruby-2.4.1/lib/rubygems/dependency_list.rb -@@ -104,7 +104,7 @@ def find_name(full_name) - end - - def inspect # :nodoc: -- "#<%s:0x%x %p>" % [self.class, object_id, map { |s| s.full_name }] -+ "%s %p>" % [super[0..-2], map { |s| s.full_name }] - end - - ## -diff --git lib/rubygems/installer.rb lib/rubygems/installer.rb -index f4d3e728de..967543c2d1 100644 ---- ruby-2.4.1/lib/rubygems/installer.rb -+++ ruby-2.4.1/lib/rubygems/installer.rb -@@ -214,7 +214,7 @@ def check_executable_overwrite filename # :nodoc: - - ruby_executable = true - existing = io.read.slice(%r{ -- ^( -+ ^\s*( - gem \s | - load \s Gem\.bin_path\( | - load \s Gem\.activate_bin_path\( -@@ -701,6 +701,8 @@ def verify_gem_home(unpack = false) # :nodoc: - # Return the text for an application file. - - def app_script_text(bin_file_name) -+ # note that the `load` lines cannot be indented, as old RG versions match -+ # against the beginning of the line - return <<-TEXT - #{shebang bin_file_name} - # -@@ -723,7 +725,12 @@ def app_script_text(bin_file_name) - end - end - -+if Gem.respond_to?(:activate_bin_path) - load Gem.activate_bin_path('#{spec.name}', '#{bin_file_name}', version) -+else -+gem #{spec.name.dump}, version -+load Gem.bin_path(#{spec.name.dump}, #{bin_file_name.dump}, version) -+end - TEXT - end - -diff --git lib/rubygems/platform.rb lib/rubygems/platform.rb -index d22d91ae54..2dd9ed5782 100644 ---- ruby-2.4.1/lib/rubygems/platform.rb -+++ ruby-2.4.1/lib/rubygems/platform.rb -@@ -112,7 +112,7 @@ def initialize(arch) - end - - def inspect -- "#<%s:0x%x @cpu=%p, @os=%p, @version=%p>" % [self.class, object_id, *to_a] -+ "%s @cpu=%p, @os=%p, @version=%p>" % [super[0..-2], *to_a] - end - - def to_a -diff --git lib/rubygems/security.rb lib/rubygems/security.rb -index 119d6d56f7..6963ca156f 100644 ---- ruby-2.4.1/lib/rubygems/security.rb -+++ ruby-2.4.1/lib/rubygems/security.rb -@@ -455,7 +455,7 @@ def self.create_cert_self_signed subject, key, age = ONE_YEAR, - - ## - # Creates a new key pair of the specified +length+ and +algorithm+. The -- # default is a 2048 bit RSA key. -+ # default is a 3072 bit RSA key. - - def self.create_key length = KEY_LENGTH, algorithm = KEY_ALGORITHM - algorithm.new length -diff --git lib/rubygems/server.rb lib/rubygems/server.rb -index 81df0e608e..df4eb566d3 100644 ---- ruby-2.4.1/lib/rubygems/server.rb -+++ ruby-2.4.1/lib/rubygems/server.rb -@@ -657,7 +657,7 @@ def root(req, res) - "only_one_executable" => true, - "full_name" => "rubygems-#{Gem::VERSION}", - "has_deps" => false, -- "homepage" => "http://docs.rubygems.org/", -+ "homepage" => "http://guides.rubygems.org/", - "name" => 'rubygems', - "ri_installed" => true, - "summary" => "RubyGems itself", -diff --git lib/rubygems/specification.rb lib/rubygems/specification.rb -index a2f289d162..500f0af768 100644 ---- ruby-2.4.1/lib/rubygems/specification.rb -+++ ruby-2.4.1/lib/rubygems/specification.rb -@@ -2105,7 +2105,7 @@ def inspect # :nodoc: - if $DEBUG - super - else -- "#<#{self.class}:0x#{__id__.to_s(16)} #{full_name}>" -+ "#{super[0..-2]} #{full_name}>" - end - end - -diff --git lib/rubygems/test_case.rb lib/rubygems/test_case.rb -index 86b68e1efb..4e48f1eb4c 100644 ---- ruby-2.4.1/lib/rubygems/test_case.rb -+++ ruby-2.4.1/lib/rubygems/test_case.rb -@@ -484,7 +484,7 @@ def git_gem name = 'a', version = 1 - - system @git, 'add', gemspec - system @git, 'commit', '-a', '-m', 'a non-empty commit message', '--quiet' -- head = Gem::Util.popen('git', 'rev-parse', 'master').strip -+ head = Gem::Util.popen(@git, 'rev-parse', 'master').strip - end - - return name, git_spec.version, directory, head -@@ -1498,6 +1498,8 @@ def self.key_path key_name - begin - gem 'rdoc' - require 'rdoc' -+ -+ require 'rubygems/rdoc' - rescue LoadError, Gem::LoadError - end - -@@ -1514,3 +1516,4 @@ def self.key_path key_name - pid = $$ - END {tmpdirs.each {|dir| Dir.rmdir(dir)} if $$ == pid} - Gem.clear_paths -+Gem.loaded_specs.clear -diff --git test/rubygems/test_gem.rb test/rubygems/test_gem.rb -index a605f9cdfe..62b36dfd41 100644 ---- ruby-2.4.1/test/rubygems/test_gem.rb -+++ ruby-2.4.1/test/rubygems/test_gem.rb -@@ -75,6 +75,29 @@ def test_self_finish_resolve_wtf - end - end - -+ def test_self_finish_resolve_respects_loaded_specs -+ save_loaded_features do -+ a1 = new_spec "a", "1", "b" => "> 0" -+ b1 = new_spec "b", "1", "c" => ">= 1" -+ b2 = new_spec "b", "2", "c" => ">= 2" -+ c1 = new_spec "c", "1" -+ c2 = new_spec "c", "2" -+ -+ install_specs c1, c2, b1, b2, a1 -+ -+ a1.activate -+ c1.activate -+ -+ assert_equal %w(a-1 c-1), loaded_spec_names -+ assert_equal ["b (> 0)"], unresolved_names -+ -+ Gem.finish_resolve -+ -+ assert_equal %w(a-1 b-1 c-1), loaded_spec_names -+ assert_equal [], unresolved_names -+ end -+ end -+ - def test_self_install - spec_fetcher do |f| - f.gem 'a', 1 -@@ -492,7 +515,7 @@ def test_self_find_files_with_gemfile - skip if RUBY_VERSION <= "1.8.7" - - cwd = File.expand_path("test/rubygems", @@project_dir) -- $LOAD_PATH.unshift cwd -+ actual_load_path = $LOAD_PATH.unshift(cwd).dup - - discover_path = File.join 'lib', 'sff', 'discover.rb' - -@@ -518,12 +541,12 @@ def test_self_find_files_with_gemfile - expected = [ - File.expand_path('test/rubygems/sff/discover.rb', @@project_dir), - File.join(foo1.full_gem_path, discover_path) -- ] -+ ].sort - -- assert_equal expected, Gem.find_files('sff/discover') -- assert_equal expected, Gem.find_files('sff/**.rb'), '[ruby-core:31730]' -+ assert_equal expected, Gem.find_files('sff/discover').sort -+ assert_equal expected, Gem.find_files('sff/**.rb').sort, '[ruby-core:31730]' - ensure -- assert_equal cwd, $LOAD_PATH.shift unless RUBY_VERSION <= "1.8.7" -+ assert_equal cwd, actual_load_path.shift unless RUBY_VERSION <= "1.8.7" - end - - def test_self_find_latest_files -diff --git test/rubygems/test_gem_commands_open_command.rb test/rubygems/test_gem_commands_open_command.rb -index 3ec38972e6..a96fa6ea23 100644 ---- ruby-2.4.1/test/rubygems/test_gem_commands_open_command.rb -+++ ruby-2.4.1/test/rubygems/test_gem_commands_open_command.rb -@@ -24,7 +24,8 @@ def test_execute - @cmd.options[:args] = %w[foo] - @cmd.options[:editor] = "#{Gem.ruby} -e0 --" - -- spec = gem 'foo' -+ gem 'foo', '1.0.0' -+ spec = gem 'foo', '1.0.1' - mock = MiniTest::Mock.new - mock.expect(:call, true, [spec.full_gem_path]) - -diff --git test/rubygems/test_gem_commands_query_command.rb test/rubygems/test_gem_commands_query_command.rb -index 223f205b2d..d8d682b136 100644 ---- ruby-2.4.1/test/rubygems/test_gem_commands_query_command.rb -+++ ruby-2.4.1/test/rubygems/test_gem_commands_query_command.rb -@@ -642,7 +642,7 @@ def test_execute_local_details - assert_equal expected, @ui.output - end - -- def test_execute_exact -+ def test_execute_exact_remote - spec_fetcher do |fetcher| - fetcher.spec 'coolgem-omg', 3 - fetcher.spec 'coolgem', '4.2.1' -@@ -665,6 +665,60 @@ def test_execute_exact - assert_equal expected, @ui.output - end - -+ def test_execute_exact_local -+ spec_fetcher do |fetcher| -+ fetcher.spec 'coolgem-omg', 3 -+ fetcher.spec 'coolgem', '4.2.1' -+ fetcher.spec 'wow_coolgem', 1 -+ end -+ -+ @cmd.handle_options %w[--exact coolgem] -+ -+ use_ui @ui do -+ @cmd.execute -+ end -+ -+ expected = <<-EOF -+ -+*** LOCAL GEMS *** -+ -+coolgem (4.2.1) -+ EOF -+ -+ assert_equal expected, @ui.output -+ end -+ -+ def test_execute_exact_multiple -+ spec_fetcher do |fetcher| -+ fetcher.spec 'coolgem-omg', 3 -+ fetcher.spec 'coolgem', '4.2.1' -+ fetcher.spec 'wow_coolgem', 1 -+ -+ fetcher.spec 'othergem-omg', 3 -+ fetcher.spec 'othergem', '1.2.3' -+ fetcher.spec 'wow_othergem', 1 -+ end -+ -+ @cmd.handle_options %w[--exact coolgem othergem] -+ -+ use_ui @ui do -+ @cmd.execute -+ end -+ -+ expected = <<-EOF -+ -+*** LOCAL GEMS *** -+ -+coolgem (4.2.1) -+ -+*** LOCAL GEMS *** -+ -+othergem (1.2.3) -+ EOF -+ -+ assert_equal expected, @ui.output -+ end -+ - private - - def add_gems_to_fetcher -diff --git test/rubygems/test_gem_commands_sources_command.rb test/rubygems/test_gem_commands_sources_command.rb -index 014b4b4c12..d5b6d99419 100644 ---- ruby-2.4.1/test/rubygems/test_gem_commands_sources_command.rb -+++ ruby-2.4.1/test/rubygems/test_gem_commands_sources_command.rb -@@ -108,6 +108,58 @@ def test_execute_add_redundant_source - assert_equal '', @ui.error - end - -+ def test_execute_add_redundant_source_trailing_slash -+ # Remove pre-existing gem source (w/ slash) -+ repo_with_slash = "http://gems.example.com/" -+ @cmd.handle_options %W[--remove #{repo_with_slash}] -+ use_ui @ui do -+ @cmd.execute -+ end -+ source = Gem::Source.new repo_with_slash -+ assert_equal false, Gem.sources.include?(source) -+ -+ expected = <<-EOF -+#{repo_with_slash} removed from sources -+ EOF -+ -+ assert_equal expected, @ui.output -+ assert_equal '', @ui.error -+ -+ # Re-add pre-existing gem source (w/o slash) -+ repo_without_slash = "http://gems.example.com" -+ @cmd.handle_options %W[--add #{repo_without_slash}] -+ use_ui @ui do -+ @cmd.execute -+ end -+ source = Gem::Source.new repo_without_slash -+ assert_equal true, Gem.sources.include?(source) -+ -+ expected = <<-EOF -+http://gems.example.com/ removed from sources -+http://gems.example.com added to sources -+ EOF -+ -+ assert_equal expected, @ui.output -+ assert_equal '', @ui.error -+ -+ # Re-add original gem source (w/ slash) -+ @cmd.handle_options %W[--add #{repo_with_slash}] -+ use_ui @ui do -+ @cmd.execute -+ end -+ source = Gem::Source.new repo_with_slash -+ assert_equal true, Gem.sources.include?(source) -+ -+ expected = <<-EOF -+http://gems.example.com/ removed from sources -+http://gems.example.com added to sources -+source http://gems.example.com/ already present in the cache -+ EOF -+ -+ assert_equal expected, @ui.output -+ assert_equal '', @ui.error -+ end -+ - def test_execute_add_http_rubygems_org - http_rubygems_org = 'http://rubygems.org' - -diff --git test/rubygems/test_gem_installer.rb test/rubygems/test_gem_installer.rb -index 6ceb2c6dfc..882981d344 100644 ---- ruby-2.4.1/test/rubygems/test_gem_installer.rb -+++ ruby-2.4.1/test/rubygems/test_gem_installer.rb -@@ -62,7 +62,12 @@ def test_app_script_text - end - end - -+if Gem.respond_to?(:activate_bin_path) - load Gem.activate_bin_path('a', 'executable', version) -+else -+gem "a", version -+load Gem.bin_path("a", "executable", version) -+end - EOF - - wrapper = @installer.app_script_text 'executable' -diff --git test/rubygems/test_require.rb test/rubygems/test_require.rb -index dd606e44d4..936f78fb2a 100644 ---- ruby-2.4.1/test/rubygems/test_require.rb -+++ ruby-2.4.1/test/rubygems/test_require.rb -@@ -301,6 +301,17 @@ def test_default_gem_only - assert_equal %w(default-2.0.0.0), loaded_spec_names - end - -+ def test_realworld_default_gem -+ skip "no default gems on ruby < 2.0" unless RUBY_VERSION >= "2" -+ cmd = <<-RUBY -+ $stderr = $stdout -+ require "json" -+ puts Gem.loaded_specs["json"].default_gem? -+ RUBY -+ output = Gem::Util.popen(Gem.ruby, "-e", cmd).strip -+ assert_equal "true", output -+ end -+ - def test_default_gem_and_normal_gem - default_gem_spec = new_default_spec("default", "2.0.0.0", - nil, "default/gem.rb") diff --git a/gnu/packages/patches/ruby-rubygems-2613-ruby24.patch b/gnu/packages/patches/ruby-rubygems-2613-ruby24.patch deleted file mode 100644 index c253cc912d..0000000000 --- a/gnu/packages/patches/ruby-rubygems-2613-ruby24.patch +++ /dev/null @@ -1,355 +0,0 @@ -diff --git lib/rubygems.rb lib/rubygems.rb -index bc5bf9b4c2..55aa85b8b2 100644 ---- ruby-2.4.1/lib/rubygems.rb -+++ ruby-2.4.1/lib/rubygems.rb -@@ -10,7 +10,7 @@ - require 'thread' - - module Gem -- VERSION = "2.6.12" -+ VERSION = "2.6.13" - end - - # Must be first since it unloads the prelude from 1.9.2 -diff --git lib/rubygems/commands/query_command.rb lib/rubygems/commands/query_command.rb -index 70f8127292..44144203e0 100644 ---- ruby-2.4.1/lib/rubygems/commands/query_command.rb -+++ ruby-2.4.1/lib/rubygems/commands/query_command.rb -@@ -226,7 +226,7 @@ def output_versions output, versions - end - end - -- output << make_entry(matching_tuples, platforms) -+ output << clean_text(make_entry(matching_tuples, platforms)) - end - end - -@@ -353,7 +353,8 @@ def spec_platforms entry, platforms - end - - def spec_summary entry, spec -- entry << "\n\n" << format_text(spec.summary, 68, 4) -+ summary = truncate_text(spec.summary, "the summary for #{spec.full_name}") -+ entry << "\n\n" << format_text(summary, 68, 4) - end - - end -diff --git lib/rubygems/installer.rb lib/rubygems/installer.rb -index 967543c2d1..6fd3399dd4 100644 ---- ruby-2.4.1/lib/rubygems/installer.rb -+++ ruby-2.4.1/lib/rubygems/installer.rb -@@ -697,6 +697,11 @@ def verify_gem_home(unpack = false) # :nodoc: - unpack or File.writable?(gem_home) - end - -+ def verify_spec_name -+ return if spec.name =~ Gem::Specification::VALID_NAME_PATTERN -+ raise Gem::InstallError, "#{spec} has an invalid name" -+ end -+ - ## - # Return the text for an application file. - -@@ -823,6 +828,8 @@ def pre_install_checks - - ensure_loadable_spec - -+ verify_spec_name -+ - if options[:install_as_default] - Gem.ensure_default_gem_subdirectories gem_home - else -diff --git lib/rubygems/remote_fetcher.rb lib/rubygems/remote_fetcher.rb -index e6a13d4b8c..8f0cf0b402 100644 ---- ruby-2.4.1/lib/rubygems/remote_fetcher.rb -+++ ruby-2.4.1/lib/rubygems/remote_fetcher.rb -@@ -110,7 +110,7 @@ def api_endpoint(uri) - else - target = res.target.to_s.strip - -- if /\.#{Regexp.quote(host)}\z/ =~ target -+ if URI("http://" + target).host.end_with?(".#{host}") - return URI.parse "#{uri.scheme}://#{target}#{uri.path}" - end - -diff --git lib/rubygems/specification.rb lib/rubygems/specification.rb -index 500f0af768..88e320c05a 100644 ---- ruby-2.4.1/lib/rubygems/specification.rb -+++ ruby-2.4.1/lib/rubygems/specification.rb -@@ -108,6 +108,8 @@ class Gem::Specification < Gem::BasicSpecification - - private_constant :LOAD_CACHE if defined? private_constant - -+ VALID_NAME_PATTERN = /\A[a-zA-Z0-9\.\-\_]+\z/ # :nodoc: -+ - # :startdoc: - - ## -@@ -2671,9 +2673,15 @@ def validate packaging = true - end - end - -- unless String === name then -+ if !name.is_a?(String) then - raise Gem::InvalidSpecificationException, -- "invalid value for attribute name: \"#{name.inspect}\"" -+ "invalid value for attribute name: \"#{name.inspect}\" must be a string" -+ elsif name !~ /[a-zA-Z]/ then -+ raise Gem::InvalidSpecificationException, -+ "invalid value for attribute name: #{name.dump} must include at least one letter" -+ elsif name !~ VALID_NAME_PATTERN then -+ raise Gem::InvalidSpecificationException, -+ "invalid value for attribute name: #{name.dump} can only include letters, numbers, dashes, and underscores" - end - - if raw_require_paths.empty? then -diff --git lib/rubygems/text.rb lib/rubygems/text.rb -index 732f1b99f2..b944b62c27 100644 ---- ruby-2.4.1/lib/rubygems/text.rb -+++ ruby-2.4.1/lib/rubygems/text.rb -@@ -6,13 +6,26 @@ - - module Gem::Text - -+ ## -+ # Remove any non-printable characters and make the text suitable for -+ # printing. -+ def clean_text(text) -+ text.gsub(/[\000-\b\v-\f\016-\037\177]/, ".".freeze) -+ end -+ -+ def truncate_text(text, description, max_length = 100_000) -+ raise ArgumentError, "max_length must be positive" unless max_length > 0 -+ return text if text.size <= max_length -+ "Truncating #{description} to #{max_length.to_s.reverse.gsub(/...(?=.)/,'\&,').reverse} characters:\n" + text[0, max_length] -+ end -+ - ## - # Wraps +text+ to +wrap+ characters and optionally indents by +indent+ - # characters - - def format_text(text, wrap, indent=0) - result = [] -- work = text.dup -+ work = clean_text(text) - - while work.length > wrap do - if work =~ /^(.{0,#{wrap}})[ \n]/ then -diff --git test/rubygems/test_gem_commands_query_command.rb test/rubygems/test_gem_commands_query_command.rb -index d8d682b136..469223c6c0 100644 ---- ruby-2.4.1/test/rubygems/test_gem_commands_query_command.rb -+++ ruby-2.4.1/test/rubygems/test_gem_commands_query_command.rb -@@ -116,6 +116,86 @@ def test_execute_details - This is a lot of text. This is a lot of text. This is a lot of text. - This is a lot of text. - -+pl (1) -+ Platform: i386-linux -+ Author: A User -+ Homepage: http://example.com -+ -+ this is a summary -+ EOF -+ -+ assert_equal expected, @ui.output -+ assert_equal '', @ui.error -+ end -+ -+ def test_execute_details_cleans_text -+ spec_fetcher do |fetcher| -+ fetcher.spec 'a', 2 do |s| -+ s.summary = 'This is a lot of text. ' * 4 -+ s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"] -+ s.homepage = "http://a.example.com/\x03" -+ end -+ -+ fetcher.legacy_platform -+ end -+ -+ @cmd.handle_options %w[-r -d] -+ -+ use_ui @ui do -+ @cmd.execute -+ end -+ -+ expected = <<-EOF -+ -+*** REMOTE GEMS *** -+ -+a (2) -+ Authors: Abraham Lincoln ., . Hirohito -+ Homepage: http://a.example.com/. -+ -+ This is a lot of text. This is a lot of text. This is a lot of text. -+ This is a lot of text. -+ -+pl (1) -+ Platform: i386-linux -+ Author: A User -+ Homepage: http://example.com -+ -+ this is a summary -+ EOF -+ -+ assert_equal expected, @ui.output -+ assert_equal '', @ui.error -+ end -+ -+ def test_execute_details_truncates_summary -+ spec_fetcher do |fetcher| -+ fetcher.spec 'a', 2 do |s| -+ s.summary = 'This is a lot of text. ' * 10_000 -+ s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"] -+ s.homepage = "http://a.example.com/\x03" -+ end -+ -+ fetcher.legacy_platform -+ end -+ -+ @cmd.handle_options %w[-r -d] -+ -+ use_ui @ui do -+ @cmd.execute -+ end -+ -+ expected = <<-EOF -+ -+*** REMOTE GEMS *** -+ -+a (2) -+ Authors: Abraham Lincoln ., . Hirohito -+ Homepage: http://a.example.com/. -+ -+ Truncating the summary for a-2 to 100,000 characters: -+#{" This is a lot of text. This is a lot of text. This is a lot of text.\n" * 1449} This is a lot of te -+ - pl (1) - Platform: i386-linux - Author: A User -diff --git test/rubygems/test_gem_installer.rb test/rubygems/test_gem_installer.rb -index 882981d344..dd049214fb 100644 ---- ruby-2.4.1/test/rubygems/test_gem_installer.rb -+++ ruby-2.4.1/test/rubygems/test_gem_installer.rb -@@ -1448,6 +1448,26 @@ def test_pre_install_checks_wrong_rubygems_version - end - end - -+ def test_pre_install_checks_malicious_name -+ spec = util_spec '../malicious', '1' -+ def spec.full_name # so the spec is buildable -+ "malicious-1" -+ end -+ def spec.validate; end -+ -+ util_build_gem spec -+ -+ gem = File.join(@gemhome, 'cache', spec.file_name) -+ -+ use_ui @ui do -+ @installer = Gem::Installer.at gem -+ e = assert_raises Gem::InstallError do -+ @installer.pre_install_checks -+ end -+ assert_equal '#<Gem::Specification name=../malicious version=1> has an invalid name', e.message -+ end -+ end -+ - def test_shebang - util_make_exec @spec, "#!/usr/bin/ruby" - -diff --git test/rubygems/test_gem_remote_fetcher.rb test/rubygems/test_gem_remote_fetcher.rb -index cb994462cd..fbb7d89019 100644 ---- ruby-2.4.1/test/rubygems/test_gem_remote_fetcher.rb -+++ ruby-2.4.1/test/rubygems/test_gem_remote_fetcher.rb -@@ -241,6 +241,21 @@ def test_api_endpoint_ignores_trans_domain_values_that_end_with_original - dns.verify - end - -+ def test_api_endpoint_ignores_trans_domain_values_that_end_with_original_in_path -+ uri = URI.parse "http://example.com/foo" -+ target = MiniTest::Mock.new -+ target.expect :target, "evil.com/a.example.com" -+ -+ dns = MiniTest::Mock.new -+ dns.expect :getresource, target, [String, Object] -+ -+ fetch = Gem::RemoteFetcher.new nil, dns -+ assert_equal URI.parse("http://example.com/foo"), fetch.api_endpoint(uri) -+ -+ target.verify -+ dns.verify -+ end -+ - def test_api_endpoint_timeout_warning - uri = URI.parse "http://gems.example.com/foo" - -diff --git test/rubygems/test_gem_specification.rb test/rubygems/test_gem_specification.rb -index d43289d745..0fcc11e78f 100644 ---- ruby-2.4.1/test/rubygems/test_gem_specification.rb -+++ ruby-2.4.1/test/rubygems/test_gem_specification.rb -@@ -2985,7 +2985,37 @@ def test_validate_name - @a1.validate - end - -- assert_equal 'invalid value for attribute name: ":json"', e.message -+ assert_equal 'invalid value for attribute name: ":json" must be a string', e.message -+ -+ @a1.name = [] -+ e = assert_raises Gem::InvalidSpecificationException do -+ @a1.validate -+ end -+ assert_equal "invalid value for attribute name: \"[]\" must be a string", e.message -+ -+ @a1.name = "" -+ e = assert_raises Gem::InvalidSpecificationException do -+ @a1.validate -+ end -+ assert_equal "invalid value for attribute name: \"\" must include at least one letter", e.message -+ -+ @a1.name = "12345" -+ e = assert_raises Gem::InvalidSpecificationException do -+ @a1.validate -+ end -+ assert_equal "invalid value for attribute name: \"12345\" must include at least one letter", e.message -+ -+ @a1.name = "../malicious" -+ e = assert_raises Gem::InvalidSpecificationException do -+ @a1.validate -+ end -+ assert_equal "invalid value for attribute name: \"../malicious\" can only include letters, numbers, dashes, and underscores", e.message -+ -+ @a1.name = "\ba\t" -+ e = assert_raises Gem::InvalidSpecificationException do -+ @a1.validate -+ end -+ assert_equal "invalid value for attribute name: \"\\ba\\t\" can only include letters, numbers, dashes, and underscores", e.message - end - - def test_validate_non_nil -diff --git test/rubygems/test_gem_text.rb test/rubygems/test_gem_text.rb -index a6e22e04da..04f3f605e8 100644 ---- ruby-2.4.1/test/rubygems/test_gem_text.rb -+++ ruby-2.4.1/test/rubygems/test_gem_text.rb -@@ -36,6 +36,10 @@ def test_format_text_trailing # for two spaces after . - assert_equal expected, format_text(text, 78) - end - -+ def test_format_removes_nonprintable_characters -+ assert_equal "text with weird .. stuff .", format_text("text with weird \x1b\x02 stuff \x7f", 40) -+ end -+ - def test_min3 - assert_equal 1, min3(1, 1, 1) - assert_equal 1, min3(1, 1, 2) -@@ -74,4 +78,11 @@ def test_levenshtein_distance_replace - assert_equal 7, levenshtein_distance("xxxxxxx", "ZenTest") - assert_equal 7, levenshtein_distance("zentest", "xxxxxxx") - end -+ -+ def test_truncate_text -+ assert_equal "abc", truncate_text("abc", "desc") -+ assert_equal "Truncating desc to 2 characters:\nab", truncate_text("abc", "desc", 2) -+ s = "ab" * 500_001 -+ assert_equal "Truncating desc to 1,000,000 characters:\n#{s[0, 1_000_000]}", truncate_text(s, "desc", 1_000_000) -+ end - end |