aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2018-02-09 01:46:34 -0500
committerMark H Weaver <mhw@netris.org>2018-02-09 01:46:34 -0500
commitefe2a2833c6d306d0c60127fdfebaff6dc415b4c (patch)
treebf842134e1a149770907e1956d28c3a6b207b3f7 /gnu/packages/patches
parent53f826cd0f429864d46fc3bf6305c14356d0b2ad (diff)
parent8d0edc8246389c0f2bb1c8e9c9190c312746a4b4 (diff)
downloadguix-efe2a2833c6d306d0c60127fdfebaff6dc415b4c.tar.gz
guix-efe2a2833c6d306d0c60127fdfebaff6dc415b4c.zip
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/gpsbabel-minizip.patch13
-rw-r--r--gnu/packages/patches/gpsbabel-qstring.patch69
-rw-r--r--gnu/packages/patches/hwloc-tests-without-sysfs.patch42
-rw-r--r--gnu/packages/patches/luajit-symlinks.patch25
-rw-r--r--gnu/packages/patches/mpv-CVE-2018-6360-1.patch138
-rw-r--r--gnu/packages/patches/mpv-CVE-2018-6360-2.patch59
-rw-r--r--gnu/packages/patches/mpv-CVE-2018-6360-3.patch84
-rw-r--r--gnu/packages/patches/mupdf-CVE-2017-17858.patch111
-rw-r--r--gnu/packages/patches/p7zip-CVE-2017-17969.patch35
9 files changed, 551 insertions, 25 deletions
diff --git a/gnu/packages/patches/gpsbabel-minizip.patch b/gnu/packages/patches/gpsbabel-minizip.patch
new file mode 100644
index 0000000000..8f3bb36f57
--- /dev/null
+++ b/gnu/packages/patches/gpsbabel-minizip.patch
@@ -0,0 +1,13 @@
+Patch taken from https://sources.debian.org/data/main/g/gpsbabel/1.5.3-2/debian/patches/use_minizip.
+
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -120,7 +120,7 @@ LIBOBJS = queue.o route.o waypt.o filter
+ src/core/usasciicodec.o\
+ src/core/ziparchive.o \
+ $(GARMIN) $(JEEPS) $(SHAPE) @ZLIB@ $(FMTS) $(FILTERS)
+-OBJS = main.o globals.o $(LIBOBJS) @FILEINFO@
++OBJS = main.o globals.o $(MINIZIP) $(LIBOBJS) @FILEINFO@
+
+ DEPFILES = $(OBJS:.o=.d)
+ \ No newline at end of file
diff --git a/gnu/packages/patches/gpsbabel-qstring.patch b/gnu/packages/patches/gpsbabel-qstring.patch
new file mode 100644
index 0000000000..8ba1a7213b
--- /dev/null
+++ b/gnu/packages/patches/gpsbabel-qstring.patch
@@ -0,0 +1,69 @@
+Extracted from following patch of gpsbabel:
+https://github.com/gpsbabel/gpsbabel/commit/604178aa8ad4d3c3ad218df24c1e9a6a1f683bb3
+
+From 604178aa8ad4d3c3ad218df24c1e9a6a1f683bb3 Mon Sep 17 00:00:00 2001
+From: Harel Mazor <harel.mazor@gmail.com>
+Date: Tue, 24 Jan 2017 00:35:04 +0200
+Subject: [PATCH] Added geojson read capablity, moved magic strings to
+ constants, fixed windows compilation issues.
+
+--- a/tef_xml.cc
++++ b/tef_xml.cc
+@@ -72,11 +72,11 @@ tef_start(xg_string args, const QXmlStreamAttributes* attrv)
+ bool valid = false;
+
+ foreach(QXmlStreamAttribute attr, *attrv) {
+- if (attr.name().compare("Comment", Qt::CaseInsensitive) == 0) {
+- if (attr.value().compare("TourExchangeFormat", Qt::CaseInsensitive) == 0) {
++ if (attr.name().compare(QString("Comment"), Qt::CaseInsensitive) == 0) {
++ if (attr.value().compare(QString("TourExchangeFormat"), Qt::CaseInsensitive) == 0) {
+ valid = true;
+ }
+- } else if (attr.name().compare("Version", Qt::CaseInsensitive) == 0) {
++ } else if (attr.name().compare(QString("Version"), Qt::CaseInsensitive) == 0) {
+ version = attr.value().toString().toDouble();
+ }
+ }
+@@ -95,9 +95,9 @@ tef_header(xg_string args, const QXmlStreamAttributes* attrv)
+ {
+ route = route_head_alloc();
+ foreach(QXmlStreamAttribute attr, *attrv) {
+- if (attr.name().compare("Name", Qt::CaseInsensitive) == 0) {
++ if (attr.name().compare(QString("Name"), Qt::CaseInsensitive) == 0) {
+ route->rte_name = attr.value().toString().trimmed();
+- } else if (attr.name().compare("Software", Qt::CaseInsensitive) == 0) {
++ } else if (attr.name().compare(QString("Software"), Qt::CaseInsensitive) == 0) {
+ route->rte_desc = attr.value().toString().trimmed();
+ }
+ }
+@@ -248,20 +248,20 @@ tef_item_start(xg_string args, const QXmlStreamAttributes* attrv)
+ QString attrstr = attr.value().toString();
+ QByteArray attrtext = attrstr.toUtf8();
+
+- if (attr.name().compare("SegDescription", Qt::CaseInsensitive) == 0) {
++ if (attr.name().compare(QString("SegDescription"), Qt::CaseInsensitive) == 0) {
+ wpt_tmp->shortname = attrstr.trimmed();
+- } else if (attr.name().compare("PointDescription", Qt::CaseInsensitive) == 0) {
++ } else if (attr.name().compare(QString("PointDescription"), Qt::CaseInsensitive) == 0) {
+ wpt_tmp->description = attrstr.trimmed();
+- } else if (attr.name().compare("ViaStation", Qt::CaseInsensitive) == 0 &&
+- attr.value().compare("true", Qt::CaseInsensitive) == 0) {
++ } else if (attr.name().compare(QString("ViaStation"), Qt::CaseInsensitive) == 0 &&
++ attr.value().compare(QString("true"), Qt::CaseInsensitive) == 0) {
+ wpt_tmp->wpt_flags.fmt_use = 1; /* only a flag */
+
+ /* new in TEF V2 */
+- } else if (attr.name().compare("Instruction", Qt::CaseInsensitive) == 0) {
++ } else if (attr.name().compare(QString("Instruction"), Qt::CaseInsensitive) == 0) {
+ wpt_tmp->description = attrstr.trimmed();
+- } else if (attr.name().compare("Altitude", Qt::CaseInsensitive) == 0) {
++ } else if (attr.name().compare(QString("Altitude"), Qt::CaseInsensitive) == 0) {
+ wpt_tmp->altitude = attrstr.toDouble();
+- } else if (attr.name().compare("TimeStamp", Qt::CaseInsensitive) == 0) {
++ } else if (attr.name().compare(QString("TimeStamp"), Qt::CaseInsensitive) == 0) {
+ /* nothing for the moment */
+ }
+ }
+--
+2.16.1
+
diff --git a/gnu/packages/patches/hwloc-tests-without-sysfs.patch b/gnu/packages/patches/hwloc-tests-without-sysfs.patch
new file mode 100644
index 0000000000..ea6ec41616
--- /dev/null
+++ b/gnu/packages/patches/hwloc-tests-without-sysfs.patch
@@ -0,0 +1,42 @@
+Fix a test failure in the build environment, where /sys is missing.
+From <https://github.com/bgoglin/hwloc/commit/a2cc4f2e2bf4a8bbdd61b578a62e27e7482799cf.patch>.
+
+From a2cc4f2e2bf4a8bbdd61b578a62e27e7482799cf Mon Sep 17 00:00:00 2001
+From: Brice Goglin <Brice.Goglin@inria.fr>
+Date: Tue, 6 Feb 2018 17:13:26 +0100
+Subject: [PATCH] linux: honor the filtering cores and packages when reading
+ topology from cpuinfo
+
+Caused a make check crash in lstopo --filter all:none in chroot without sysfs.
+
+Thanks to Ludovic Courtes for the report.
+
+Signed-off-by: Brice Goglin <Brice.Goglin@inria.fr>
+---
+ hwloc/topology-linux.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/hwloc/topology-linux.c b/hwloc/topology-linux.c
+index 290da0d72..e1bbf94e1 100644
+--- a/hwloc/topology-linux.c
++++ b/hwloc/topology-linux.c
+@@ -4101,7 +4101,8 @@ look_cpuinfo(struct hwloc_topology *topology,
+ }
+ /* create package objects */
+ hwloc_debug("%u pkgs%s\n", numpkgs, missingpkg ? ", but some missing package" : "");
+- if (!missingpkg && numpkgs>0) {
++ if (!missingpkg && numpkgs>0
++ && hwloc_filter_check_keep_object_type(topology, HWLOC_OBJ_PACKAGE)) {
+ for (i = 0; i < numpkgs; i++) {
+ struct hwloc_obj *obj = hwloc_alloc_setup_object(topology, HWLOC_OBJ_PACKAGE, Lpkg_to_Ppkg[i]);
+ int doneinfos = 0;
+@@ -4145,7 +4146,8 @@ look_cpuinfo(struct hwloc_topology *topology,
+ }
+ /* create Core objects */
+ hwloc_debug("%u cores%s\n", numcores, missingcore ? ", but some missing core" : "");
+- if (!missingcore && numcores>0) {
++ if (!missingcore && numcores>0
++ && hwloc_filter_check_keep_object_type(topology, HWLOC_OBJ_CORE)) {
+ for (i = 0; i < numcores; i++) {
+ struct hwloc_obj *obj = hwloc_alloc_setup_object(topology, HWLOC_OBJ_CORE, Lcore_to_Pcore[i]);
+ obj->cpuset = hwloc_bitmap_alloc();
diff --git a/gnu/packages/patches/luajit-symlinks.patch b/gnu/packages/patches/luajit-symlinks.patch
deleted file mode 100644
index 2466c34144..0000000000
--- a/gnu/packages/patches/luajit-symlinks.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 0a54a8f125d7ab508c7c88d5ad4ed1b0c63cb5b6 Mon Sep 17 00:00:00 2001
-From: =?utf8?q?Tom=C3=A1=C5=A1=20=C4=8Cech?= <sleep_walker@suse.cz>
-Date: Wed, 4 Feb 2015 11:32:55 +0100
-Subject: [PATCH 1/2] Provide two symlinks for dynamic library during install
-
----
- Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Makefile b/Makefile
-index 0891b71..343ecb5 100644
---- a/Makefile
-+++ b/Makefile
-@@ -56,7 +56,7 @@ INSTALL_PCNAME= luajit.pc
- INSTALL_STATIC= $(INSTALL_LIB)/$(INSTALL_ANAME)
- INSTALL_DYN= $(INSTALL_LIB)/$(INSTALL_SONAME)
- INSTALL_SHORT1= $(INSTALL_LIB)/$(INSTALL_SOSHORT)
--INSTALL_SHORT2= $(INSTALL_LIB)/$(INSTALL_SOSHORT)
-+INSTALL_SHORT2= $(INSTALL_LIB)/$(INSTALL_SOSHORT).$(MAJVER)
- INSTALL_T= $(INSTALL_BIN)/$(INSTALL_TNAME)
- INSTALL_TSYM= $(INSTALL_BIN)/$(INSTALL_TSYMNAME)
- INSTALL_PC= $(INSTALL_PKGCONFIG)/$(INSTALL_PCNAME)
---
-2.2.2
-
diff --git a/gnu/packages/patches/mpv-CVE-2018-6360-1.patch b/gnu/packages/patches/mpv-CVE-2018-6360-1.patch
new file mode 100644
index 0000000000..55fc7daaf3
--- /dev/null
+++ b/gnu/packages/patches/mpv-CVE-2018-6360-1.patch
@@ -0,0 +1,138 @@
+Fix CVE-2018-6360:
+
+https://github.com/mpv-player/mpv/issues/5456
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6360
+https://security-tracker.debian.org/tracker/CVE-2018-6360
+
+Patch copied from upstream source repository:
+
+https://github.com/mpv-player/mpv/commit/e6e6b0dcc7e9b0dbf35154a179b3dc1fcfcaff43
+
+To apply the patch to mpv 0.28.0 release tarball, hunk #4 is removed. Hunk #4
+checks if 'mpd_url' is safe, but the support for 'mpd_url' is not available
+for the 0.28.0 release. So it should be safe to remove hunk #4.
+
+From e6e6b0dcc7e9b0dbf35154a179b3dc1fcfcaff43 Mon Sep 17 00:00:00 2001
+From: Ricardo Constantino <wiiaboo@gmail.com>
+Date: Fri, 26 Jan 2018 01:19:04 +0000
+Subject: [PATCH] ytdl_hook: whitelist protocols from urls retrieved from
+ youtube-dl
+
+Not very clean since there's a lot of potential unsafe urls that youtube-dl
+can give us, depending on whether it's a single url, split tracks,
+playlists, segmented dash, etc.
+---
+ player/lua/ytdl_hook.lua | 54 +++++++++++++++++++++++++++++++++++++++++-------
+ 1 file changed, 47 insertions(+), 7 deletions(-)
+
+diff --git a/player/lua/ytdl_hook.lua b/player/lua/ytdl_hook.lua
+index dd96ecc01d..b480c21625 100644
+--- a/player/lua/ytdl_hook.lua
++++ b/player/lua/ytdl_hook.lua
+@@ -16,6 +16,18 @@ local ytdl = {
+
+ local chapter_list = {}
+
++function Set (t)
++ local set = {}
++ for _, v in pairs(t) do set[v] = true end
++ return set
++end
++
++local safe_protos = Set {
++ "http", "https", "ftp", "ftps",
++ "rtmp", "rtmps", "rtmpe", "rtmpt", "rtmpts", "rtmpte",
++ "data"
++}
++
+ local function exec(args)
+ local ret = utils.subprocess({args = args})
+ return ret.status, ret.stdout, ret
+@@ -183,6 +195,9 @@ local function edl_track_joined(fragments, protocol, is_live, base)
+
+ for i = offset, #fragments do
+ local fragment = fragments[i]
++ if not url_is_safe(join_url(base, fragment)) then
++ return nil
++ end
+ table.insert(parts, edl_escape(join_url(base, fragment)))
+ if fragment.duration then
+ parts[#parts] =
+@@ -208,6 +223,15 @@ local function proto_is_dash(json)
+ or json["protocol"] == "http_dash_segments"
+ end
+
++local function url_is_safe(url)
++ local proto = type(url) == "string" and url:match("^(.+)://") or nil
++ local safe = proto and safe_protos[proto]
++ if not safe then
++ msg.error(("Ignoring potentially unsafe url: '%s'"):format(url))
++ end
++ return safe
++end
++
+ local function add_single_video(json)
+ local streamurl = ""
+ local max_bitrate = 0
+@@ -238,14 +264,18 @@ local function add_single_video(json)
+ edl_track = edl_track_joined(track.fragments,
+ track.protocol, json.is_live,
+ track.fragment_base_url)
++ local url = edl_track or track.url
++ if not url_is_safe(url) then
++ return
++ end
+ if track.acodec and track.acodec ~= "none" then
+ -- audio track
+ mp.commandv("audio-add",
+- edl_track or track.url, "auto",
++ url, "auto",
+ track.format_note or "")
+ elseif track.vcodec and track.vcodec ~= "none" then
+ -- video track
+- streamurl = edl_track or track.url
++ streamurl = url
+ end
+ end
+
+@@ -264,7 +294,13 @@ local function add_single_video(json)
+
+ msg.debug("streamurl: " .. streamurl)
+
+- mp.set_property("stream-open-filename", streamurl:gsub("^data:", "data://", 1))
++ streamurl = streamurl:gsub("^data:", "data://", 1)
++
++ if not url_is_safe(streamurl) then
++ return
++ end
++
++ mp.set_property("stream-open-filename", streamurl)
+
+ mp.set_property("file-local-options/force-media-title", json.title)
+
+@@ -526,14 +562,18 @@ mp.add_hook(o.try_ytdl_first and "on_load" or "on_load_fail", 10, function ()
+ site = entry["webpage_url"]
+ end
+
+- if not (site:find("https?://") == 1) then
+- site = "ytdl://" .. site
++ -- links with only youtube id as returned by --flat-playlist
++ if not site:find("://") then
++ table.insert(playlist, "ytdl://" .. site)
++ elseif url_is_safe(site) then
++ table.insert(playlist, site)
+ end
+- table.insert(playlist, site)
+
+ end
+
+- mp.set_property("stream-open-filename", "memory://" .. table.concat(playlist, "\n"))
++ if #playlist > 0 then
++ mp.set_property("stream-open-filename", "memory://" .. table.concat(playlist, "\n"))
++ end
+ end
+
+ else -- probably a video
+--
+2.16.1
+
diff --git a/gnu/packages/patches/mpv-CVE-2018-6360-2.patch b/gnu/packages/patches/mpv-CVE-2018-6360-2.patch
new file mode 100644
index 0000000000..b37e33a641
--- /dev/null
+++ b/gnu/packages/patches/mpv-CVE-2018-6360-2.patch
@@ -0,0 +1,59 @@
+Fix CVE-2018-6360:
+
+https://github.com/mpv-player/mpv/issues/5456
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6360
+https://security-tracker.debian.org/tracker/CVE-2018-6360
+
+Patch copied from upstream source repository:
+
+https://github.com/mpv-player/mpv/commit/f8263e82cc74a9ac6530508bec39c7b0dc02568f
+
+From f8263e82cc74a9ac6530508bec39c7b0dc02568f Mon Sep 17 00:00:00 2001
+From: Ricardo Constantino <wiiaboo@gmail.com>
+Date: Fri, 26 Jan 2018 11:26:27 +0000
+Subject: [PATCH] ytdl_hook: move url_is_safe earlier in code
+
+lua isn't javascript.
+---
+ player/lua/ytdl_hook.lua | 18 +++++++++---------
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/player/lua/ytdl_hook.lua b/player/lua/ytdl_hook.lua
+index b480c21625..458c94af38 100644
+--- a/player/lua/ytdl_hook.lua
++++ b/player/lua/ytdl_hook.lua
+@@ -84,6 +84,15 @@ local function edl_escape(url)
+ return "%" .. string.len(url) .. "%" .. url
+ end
+
++local function url_is_safe(url)
++ local proto = type(url) == "string" and url:match("^(.+)://") or nil
++ local safe = proto and safe_protos[proto]
++ if not safe then
++ msg.error(("Ignoring potentially unsafe url: '%s'"):format(url))
++ end
++ return safe
++end
++
+ local function time_to_secs(time_string)
+ local ret
+
+@@ -223,15 +232,6 @@ local function proto_is_dash(json)
+ or json["protocol"] == "http_dash_segments"
+ end
+
+-local function url_is_safe(url)
+- local proto = type(url) == "string" and url:match("^(.+)://") or nil
+- local safe = proto and safe_protos[proto]
+- if not safe then
+- msg.error(("Ignoring potentially unsafe url: '%s'"):format(url))
+- end
+- return safe
+-end
+-
+ local function add_single_video(json)
+ local streamurl = ""
+ local max_bitrate = 0
+--
+2.16.1
+
diff --git a/gnu/packages/patches/mpv-CVE-2018-6360-3.patch b/gnu/packages/patches/mpv-CVE-2018-6360-3.patch
new file mode 100644
index 0000000000..dc3e272d37
--- /dev/null
+++ b/gnu/packages/patches/mpv-CVE-2018-6360-3.patch
@@ -0,0 +1,84 @@
+Fix CVE-2018-6360:
+
+https://github.com/mpv-player/mpv/issues/5456
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6360
+https://security-tracker.debian.org/tracker/CVE-2018-6360
+
+Patch copied from upstream source repository:
+
+https://github.com/mpv-player/mpv/commit/ce42a965330dfeb7d2f6c69ea42d35454105c828
+
+From ce42a965330dfeb7d2f6c69ea42d35454105c828 Mon Sep 17 00:00:00 2001
+From: Ricardo Constantino <wiiaboo@gmail.com>
+Date: Fri, 26 Jan 2018 18:54:17 +0000
+Subject: [PATCH] ytdl_hook: fix safe url checking with EDL urls
+
+---
+ player/lua/ytdl_hook.lua | 22 +++++++++++-----------
+ 1 file changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/player/lua/ytdl_hook.lua b/player/lua/ytdl_hook.lua
+index 458c94af38..6c8e78657d 100644
+--- a/player/lua/ytdl_hook.lua
++++ b/player/lua/ytdl_hook.lua
+@@ -264,18 +264,17 @@ local function add_single_video(json)
+ edl_track = edl_track_joined(track.fragments,
+ track.protocol, json.is_live,
+ track.fragment_base_url)
+- local url = edl_track or track.url
+- if not url_is_safe(url) then
++ if not edl_track and not url_is_safe(track.url) then
+ return
+ end
+ if track.acodec and track.acodec ~= "none" then
+ -- audio track
+ mp.commandv("audio-add",
+- url, "auto",
++ edl_track or track.url, "auto",
+ track.format_note or "")
+ elseif track.vcodec and track.vcodec ~= "none" then
+ -- video track
+- streamurl = url
++ streamurl = edl_track or track.url
+ end
+ end
+
+@@ -284,6 +283,9 @@ local function add_single_video(json)
+ edl_track = edl_track_joined(json.fragments, json.protocol,
+ json.is_live, json.fragment_base_url)
+
++ if not edl_track and not url_is_safe(json.url) then
++ return
++ end
+ -- normal video or single track
+ streamurl = edl_track or json.url
+ set_http_headers(json.http_headers)
+@@ -294,13 +296,7 @@ local function add_single_video(json)
+
+ msg.debug("streamurl: " .. streamurl)
+
+- streamurl = streamurl:gsub("^data:", "data://", 1)
+-
+- if not url_is_safe(streamurl) then
+- return
+- end
+-
+- mp.set_property("stream-open-filename", streamurl)
++ mp.set_property("stream-open-filename", streamurl:gsub("^data:", "data://", 1))
+
+ mp.set_property("file-local-options/force-media-title", json.title)
+
+@@ -499,6 +495,10 @@ mp.add_hook(o.try_ytdl_first and "on_load" or "on_load_fail", 10, function ()
+
+ msg.debug("EDL: " .. playlist)
+
++ if not playlist then
++ return
++ end
++
+ -- can't change the http headers for each entry, so use the 1st
+ if json.entries[1] then
+ set_http_headers(json.entries[1].http_headers)
+--
+2.16.1
+
diff --git a/gnu/packages/patches/mupdf-CVE-2017-17858.patch b/gnu/packages/patches/mupdf-CVE-2017-17858.patch
new file mode 100644
index 0000000000..66df127509
--- /dev/null
+++ b/gnu/packages/patches/mupdf-CVE-2017-17858.patch
@@ -0,0 +1,111 @@
+Fix CVE-2017-17858:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17858
+https://bugs.ghostscript.com/show_bug.cgi?id=698819
+https://github.com/mzet-/Security-Advisories/blob/master/mzet-adv-2017-01.md
+
+Patch copied from upstream source repository:
+
+https://git.ghostscript.com/?p=mupdf.git;a=commit;h=55c3f68d638ac1263a386e0aaa004bb6e8bde731
+
+From 55c3f68d638ac1263a386e0aaa004bb6e8bde731 Mon Sep 17 00:00:00 2001
+From: Sebastian Rasmussen <sebras@gmail.com>
+Date: Mon, 11 Dec 2017 14:09:15 +0100
+Subject: [PATCH] Bugs 698804/698810/698811: Keep PDF object numbers below
+ limit.
+
+This ensures that:
+ * xref tables with objects pointers do not grow out of bounds.
+ * other readers, e.g. Adobe Acrobat can parse PDFs written by mupdf.
+---
+ include/mupdf/pdf/object.h | 3 +++
+ source/pdf/pdf-repair.c | 5 +----
+ source/pdf/pdf-xref.c | 21 ++++++++++++---------
+ 3 files changed, 16 insertions(+), 13 deletions(-)
+
+diff --git a/include/mupdf/pdf/object.h b/include/mupdf/pdf/object.h
+index 21ed8595..4177112b 100644
+--- a/include/mupdf/pdf/object.h
++++ b/include/mupdf/pdf/object.h
+@@ -3,6 +3,9 @@
+
+ typedef struct pdf_document_s pdf_document;
+
++/* Defined in PDF 1.7 according to Acrobat limit. */
++#define PDF_MAX_OBJECT_NUMBER 8388607
++
+ /*
+ * Dynamic objects.
+ * The same type of objects as found in PDF and PostScript.
+diff --git a/source/pdf/pdf-repair.c b/source/pdf/pdf-repair.c
+index ca149bd3..0c29758e 100644
+--- a/source/pdf/pdf-repair.c
++++ b/source/pdf/pdf-repair.c
+@@ -6,9 +6,6 @@
+
+ /* Scan file for objects and reconstruct xref table */
+
+-/* Define in PDF 1.7 to be 8388607, but mupdf is more lenient. */
+-#define MAX_OBJECT_NUMBER (10 << 20)
+-
+ struct entry
+ {
+ int num;
+@@ -436,7 +433,7 @@ pdf_repair_xref(fz_context *ctx, pdf_document *doc)
+ break;
+ }
+
+- if (num <= 0 || num > MAX_OBJECT_NUMBER)
++ if (num <= 0 || num > PDF_MAX_OBJECT_NUMBER)
+ {
+ fz_warn(ctx, "ignoring object with invalid object number (%d %d R)", num, gen);
+ goto have_next_token;
+diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c
+index 00586dbd..6284e70b 100644
+--- a/source/pdf/pdf-xref.c
++++ b/source/pdf/pdf-xref.c
+@@ -868,11 +868,12 @@ pdf_read_old_xref(fz_context *ctx, pdf_document *doc, pdf_lexbuf *buf)
+ fz_seek(ctx, file, -(2 + (int)strlen(s)), SEEK_CUR);
+ }
+
+- if (ofs < 0)
+- fz_throw(ctx, FZ_ERROR_GENERIC, "out of range object num in xref: %d", (int)ofs);
+- if (ofs > INT64_MAX - len)
+- fz_throw(ctx, FZ_ERROR_GENERIC, "xref section object numbers too big");
+-
++ if (ofs < 0 || ofs > PDF_MAX_OBJECT_NUMBER
++ || len < 0 || len > PDF_MAX_OBJECT_NUMBER
++ || ofs + len - 1 > PDF_MAX_OBJECT_NUMBER)
++ {
++ fz_throw(ctx, FZ_ERROR_GENERIC, "xref subsection object numbers are out of range");
++ }
+ /* broken pdfs where size in trailer undershoots entries in xref sections */
+ if (ofs + len > xref_len)
+ {
+@@ -933,10 +934,8 @@ pdf_read_new_xref_section(fz_context *ctx, pdf_document *doc, fz_stream *stm, in
+ pdf_xref_entry *table;
+ int i, n;
+
+- if (i0 < 0 || i1 < 0 || i0 > INT_MAX - i1)
+- fz_throw(ctx, FZ_ERROR_GENERIC, "negative xref stream entry index");
+- //if (i0 + i1 > pdf_xref_len(ctx, doc))
+- // fz_throw(ctx, FZ_ERROR_GENERIC, "xref stream has too many entries");
++ if (i0 < 0 || i0 > PDF_MAX_OBJECT_NUMBER || i1 < 0 || i1 > PDF_MAX_OBJECT_NUMBER || i0 + i1 - 1 > PDF_MAX_OBJECT_NUMBER)
++ fz_throw(ctx, FZ_ERROR_GENERIC, "xref subsection object numbers are out of range");
+
+ table = pdf_xref_find_subsection(ctx, doc, i0, i1);
+ for (i = i0; i < i0 + i1; i++)
+@@ -2086,6 +2085,10 @@ pdf_create_object(fz_context *ctx, pdf_document *doc)
+ /* TODO: reuse free object slots by properly linking free object chains in the ofs field */
+ pdf_xref_entry *entry;
+ int num = pdf_xref_len(ctx, doc);
++
++ if (num > PDF_MAX_OBJECT_NUMBER)
++ fz_throw(ctx, FZ_ERROR_GENERIC, "too many objects stored in pdf");
++
+ entry = pdf_get_incremental_xref_entry(ctx, doc, num);
+ entry->type = 'f';
+ entry->ofs = -1;
+--
+2.16.1
+
diff --git a/gnu/packages/patches/p7zip-CVE-2017-17969.patch b/gnu/packages/patches/p7zip-CVE-2017-17969.patch
new file mode 100644
index 0000000000..51c24000e5
--- /dev/null
+++ b/gnu/packages/patches/p7zip-CVE-2017-17969.patch
@@ -0,0 +1,35 @@
+Fix CVE-2017-17969:
+
+https://sourceforge.net/p/p7zip/bugs/204/
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17969
+
+Patch copied from Debian.
+
+Subject: Heap-based buffer overflow in 7zip/Compress/ShrinkDecoder.cpp
+Origin: vendor, https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/27d7/attachment/CVE-2017-17969.patch
+Forwarded: https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/#27d7
+Bug: https://sourceforge.net/p/p7zip/bugs/204/
+Bug-Debian: https://bugs.debian.org/888297
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17969
+Author: Antoine Beaupré <anarcat@debian.org>
+Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2018-02-01
+Applied-Upstream: 18.00-beta
+
+--- a/CPP/7zip/Compress/ShrinkDecoder.cpp
++++ b/CPP/7zip/Compress/ShrinkDecoder.cpp
+@@ -121,8 +121,13 @@ HRESULT CDecoder::CodeReal(ISequentialIn
+ {
+ _stack[i++] = _suffixes[cur];
+ cur = _parents[cur];
++ if (cur >= kNumItems || i >= kNumItems)
++ break;
+ }
+-
++
++ if (cur >= kNumItems || i >= kNumItems)
++ break;
++
+ _stack[i++] = (Byte)cur;
+ lastChar2 = (Byte)cur;
+