aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/beignet-correct-file-names.patch32
-rw-r--r--gnu/packages/patches/emacs-browse-at-remote-cgit-gnu.patch59
-rw-r--r--gnu/packages/patches/gcc-8-strmov-store-file-names.patch110
-rw-r--r--gnu/packages/patches/icecat-bug-1413868-pt1.patch663
-rw-r--r--gnu/packages/patches/libtiff-CVE-2018-10963.patch40
-rw-r--r--gnu/packages/patches/libtiff-CVE-2018-8905.patch61
-rw-r--r--gnu/packages/patches/qtoctave-qt-5.11-fix.patch26
7 files changed, 932 insertions, 59 deletions
diff --git a/gnu/packages/patches/beignet-correct-file-names.patch b/gnu/packages/patches/beignet-correct-file-names.patch
new file mode 100644
index 0000000000..2c5d0bbaea
--- /dev/null
+++ b/gnu/packages/patches/beignet-correct-file-names.patch
@@ -0,0 +1,32 @@
+Help CMake find Clang's libraries.
+Have it install the ICD file in the right place.
+
+diff --git a/CMake/FindLLVM.cmake b/CMake/FindLLVM.cmake
+index 5457f248..e8e8f94a 100644
+--- a/CMake/FindLLVM.cmake
++++ b/CMake/FindLLVM.cmake
+@@ -107,7 +107,7 @@ endif (LLVM_VERSION_NODOT VERSION_GREATER 34)
+ macro(add_one_lib name)
+ FIND_LIBRARY(CLANG_LIB
+ NAMES ${name}
+- PATHS ${LLVM_LIBRARY_DIR} NO_DEFAULT_PATH)
++ PATHS ${CLANG_LIBRARY_DIR} NO_DEFAULT_PATH)
+ set(CLANG_LIBRARIES ${CLANG_LIBRARIES} ${CLANG_LIB})
+ unset(CLANG_LIB CACHE)
+ endmacro()
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index c11acbb2..fb99e5c8 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -217,7 +217,7 @@ IF(OCLIcd_FOUND)
+ "intel-beignet.icd.in"
+ "${ICD_FILE_NAME}"
+ )
+- install (FILES ${CMAKE_CURRENT_BINARY_DIR}/${ICD_FILE_NAME} DESTINATION /etc/OpenCL/vendors)
++ install (FILES ${CMAKE_CURRENT_BINARY_DIR}/${ICD_FILE_NAME} DESTINATION etc/OpenCL/vendors COMPONENT config)
+ ELSE(OCLIcd_FOUND)
+ MESSAGE(STATUS "Looking for OCL ICD header file - not found")
+ MESSAGE(FATAL_ERROR "OCL ICD loader miss. If you really want to disable OCL ICD support, please run cmake with option -DOCLICD_COMPAT=0.")
+--
+2.14.3
+
diff --git a/gnu/packages/patches/emacs-browse-at-remote-cgit-gnu.patch b/gnu/packages/patches/emacs-browse-at-remote-cgit-gnu.patch
deleted file mode 100644
index b90017fdb4..0000000000
--- a/gnu/packages/patches/emacs-browse-at-remote-cgit-gnu.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com>
-
-This patch adds a support for Git repositories hosted on git.savannah.gnu.org.
-
-Upstream bug URL:
-
-https://github.com/rmuslimov/browse-at-remote/pull/46
-
-From cd2ccdaef8b1d97337d790175f71cc3dbcfcff64 Mon Sep 17 00:00:00 2001
-From: Oleg Pykhalov <go.wigust@gmail.com>
-Date: Fri, 26 Jan 2018 00:05:30 +0300
-Subject: [PATCH] Add support for repositories that are hosted on gnu cgit
-
----
- browse-at-remote.el | 21 ++++++++++++++++++++-
- 1 file changed, 20 insertions(+), 1 deletion(-)
-
-diff --git a/browse-at-remote.el b/browse-at-remote.el
-index 66967b3..e210d18 100644
---- a/browse-at-remote.el
-+++ b/browse-at-remote.el
-@@ -44,7 +44,8 @@
- (defcustom browse-at-remote-remote-type-domains
- '(("bitbucket.org" ."bitbucket")
- ("github.com" . "github")
-- ("gitlab.com" . "gitlab"))
-+ ("gitlab.com" . "gitlab")
-+ ("git.savannah.gnu.org" . "gnu"))
- "Alist of domain patterns to remote types."
-
- :type '(alist :key-type (string :tag "Domain")
-@@ -199,6 +200,24 @@ If HEAD is detached, return nil."
- (if (fboundp formatter)
- formatter nil)))
-
-+(defun browse-at-remote-gnu-format-url (repo-url)
-+ "Get a gnu formatted URL."
-+ (replace-regexp-in-string
-+ (concat "https://" (car (rassoc "gnu" browse-at-remote-remote-type-domains))
-+ "/\\(git\\).*\\'")
-+ "cgit" repo-url nil nil 1))
-+
-+(defun browse-at-remote--format-region-url-as-gnu (repo-url location filename &optional linestart lineend)
-+ "URL formatter for gnu."
-+ (let ((repo-url (browse-at-remote-gnu-format-url repo-url)))
-+ (cond
-+ (linestart (format "%s.git/tree/%s?h=%s#n%d" repo-url filename location linestart))
-+ (t (format "%s.git/tree/%s?h=%s" repo-url filename location)))))
-+
-+(defun browse-at-remote--format-commit-url-as-gnu (repo-url commithash)
-+ "Commit URL formatted for gnu"
-+ (format "%s.git/commit/?id=%s" (browse-at-remote-gnu-format-url repo-url) commithash))
-+
- (defun browse-at-remote--format-region-url-as-github (repo-url location filename &optional linestart lineend)
- "URL formatted for github."
- (cond
---
-2.15.1
-
diff --git a/gnu/packages/patches/gcc-8-strmov-store-file-names.patch b/gnu/packages/patches/gcc-8-strmov-store-file-names.patch
new file mode 100644
index 0000000000..f8e6b951b2
--- /dev/null
+++ b/gnu/packages/patches/gcc-8-strmov-store-file-names.patch
@@ -0,0 +1,110 @@
+Make sure that statements such as:
+
+ strcpy (dst, "/gnu/store/…");
+
+or
+
+ static const char str[] = "/gnu/store/…";
+ …
+ strcpy (dst, str);
+
+do not result in chunked /gnu/store strings that are undetectable by
+Guix's GC and its grafting code. See <https://bugs.gnu.org/24703>
+and <https://bugs.gnu.org/30395>.
+
+--- gcc-5.3.0/gcc/builtins.c 2016-10-18 10:50:46.080616285 +0200
++++ gcc-5.3.0/gcc/builtins.c 2016-11-09 15:26:43.693042737 +0100
+@@ -3012,6 +3012,58 @@ determine_block_size (tree len, rtx len_rtx,
+ GET_MODE_MASK (GET_MODE (len_rtx)));
+ }
+
++extern void debug_tree (tree);
++
++/* Return true if STR contains the string "/gnu/store". */
++
++bool
++store_reference_p (tree str)
++{
++ if (getenv ("GUIX_GCC_DEBUG") != NULL)
++ debug_tree (str);
++
++ if (TREE_CODE (str) == ADDR_EXPR)
++ str = TREE_OPERAND (str, 0);
++
++ if (TREE_CODE (str) == VAR_DECL
++ && TREE_STATIC (str)
++ && TREE_READONLY (str))
++ {
++ /* STR may be a 'static const' variable whose initial value
++ is a string constant. See <https://bugs.gnu.org/30395>. */
++ str = DECL_INITIAL (str);
++ if (str == NULL_TREE)
++ return false;
++ }
++
++ if (TREE_CODE (str) != STRING_CST)
++ return false;
++
++ int len;
++ const char *store;
++
++ store = getenv ("NIX_STORE") ? getenv ("NIX_STORE") : "/gnu/store";
++ len = strlen (store);
++
++ /* Size of the hash part of store file names, including leading slash and
++ trailing hyphen. */
++ const int hash_len = 34;
++
++ if (TREE_STRING_LENGTH (str) < len + hash_len)
++ return false;
++
++ /* We cannot use 'strstr' because 'TREE_STRING_POINTER' returns a string
++ that is not necessarily NUL-terminated. */
++
++ for (int i = 0; i < TREE_STRING_LENGTH (str) - (len + hash_len); i++)
++ {
++ if (strncmp (TREE_STRING_POINTER (str) + i, store, len) == 0)
++ return true;
++ }
++
++ return false;
++}
++
+ /* Try to verify that the sizes and lengths of the arguments to a string
+ manipulation function given by EXP are within valid bounds and that
+ the operation does not lead to buffer overflow or read past the end.
+@@ -3605,6 +3657,13 @@ expand_builtin_memory_copy_args (tree dest, tree src, tree len,
+ unsigned HOST_WIDE_INT max_size;
+ unsigned HOST_WIDE_INT probable_max_size;
+
++ /* Do not emit block moves, which translate to the 'movabs' instruction on
++ x86_64, when SRC refers to store items. That way, store references
++ remain visible to the Guix GC and grafting code. See
++ <https://bugs.gnu.org/24703>. */
++ if (store_reference_p (src))
++ return NULL_RTX;
++
+ /* If DEST is not a pointer type, call the normal function. */
+ if (dest_align == 0)
+ return NULL_RTX;
+--- gcc-5.5.0/gcc/gimple-fold.c 2018-03-20 11:36:16.709442004 +0100
++++ gcc-5.5.0/gcc/gimple-fold.c 2018-03-20 11:46:43.838487065 +0100
+@@ -635,6 +635,8 @@ var_decl_component_p (tree var)
+ return SSA_VAR_P (inner);
+ }
+
++extern bool store_reference_p (tree);
++
+ /* If the SIZE argument representing the size of an object is in a range
+ of values of which exactly one is valid (and that is zero), return
+ true, otherwise false. */
+@@ -742,6 +744,9 @@ gimple_fold_builtin_memory_op (gimple_stmt_iterator *gsi,
+ off0 = build_int_cst (build_pointer_type_for_mode (char_type_node,
+ ptr_mode, true), 0);
+
++ if (store_reference_p (src))
++ return false;
++
+ /* If we can perform the copy efficiently with first doing all loads
+ and then all stores inline it that way. Currently efficiently
+ means that we can load all the memory into a single integer
diff --git a/gnu/packages/patches/icecat-bug-1413868-pt1.patch b/gnu/packages/patches/icecat-bug-1413868-pt1.patch
new file mode 100644
index 0000000000..18382dc33a
--- /dev/null
+++ b/gnu/packages/patches/icecat-bug-1413868-pt1.patch
@@ -0,0 +1,663 @@
+Based on <https://hg.mozilla.org/releases/mozilla-esr52/rev/431fa5dd4016>
+Adapted to apply cleanly to GNU IceCat.
+
+# HG changeset patch
+# User Honza Bambas <honzab.moz@firemni.cz>
+# Date 1528830658 14400
+# Node ID 431fa5dd4016bdab7e4bb0d3c4df85468fe337b0
+# Parent e8e9e1ef79f2a18c61ec1b87cfb214c8d4960f8e
+Bug 1413868. r=valentin, a=RyanVM
+
+diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp
+--- a/toolkit/xre/nsAppRunner.cpp
++++ b/toolkit/xre/nsAppRunner.cpp
+@@ -4,16 +4,17 @@
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+ #include "mozilla/dom/ContentParent.h"
+ #include "mozilla/dom/ContentChild.h"
+ #include "mozilla/ipc/GeckoChildProcessHost.h"
+
+ #include "mozilla/ArrayUtils.h"
+ #include "mozilla/Attributes.h"
++#include "mozilla/FilePreferences.h"
+ #include "mozilla/ChaosMode.h"
+ #include "mozilla/IOInterposer.h"
+ #include "mozilla/Likely.h"
+ #include "mozilla/MemoryChecking.h"
+ #include "mozilla/Poison.h"
+ #include "mozilla/Preferences.h"
+ #include "mozilla/ScopeExit.h"
+ #include "mozilla/Services.h"
+@@ -4304,16 +4305,20 @@ XREMain::XRE_mainRun()
+ // Need to write out the fact that the profile has been removed and potentially
+ // that the selected/default profile changed.
+ mProfileSvc->Flush();
+ }
+ }
+
+ mDirProvider.DoStartup();
+
++ // As FilePreferences need the profile directory, we must initialize right here.
++ mozilla::FilePreferences::InitDirectoriesWhitelist();
++ mozilla::FilePreferences::InitPrefs();
++
+ OverrideDefaultLocaleIfNeeded();
+
+ #ifdef MOZ_CRASHREPORTER
+ nsCString userAgentLocale;
+ // Try a localized string first. This pref is always a localized string in
+ // IceCatMobile, and might be elsewhere, too.
+ if (NS_SUCCEEDED(Preferences::GetLocalizedCString("general.useragent.locale", &userAgentLocale))) {
+ CrashReporter::AnnotateCrashReport(NS_LITERAL_CSTRING("useragent_locale"), userAgentLocale);
+diff --git a/toolkit/xre/nsEmbedFunctions.cpp b/toolkit/xre/nsEmbedFunctions.cpp
+--- a/toolkit/xre/nsEmbedFunctions.cpp
++++ b/toolkit/xre/nsEmbedFunctions.cpp
+@@ -46,16 +46,17 @@
+ #include "nsX11ErrorHandler.h"
+ #include "nsGDKErrorHandler.h"
+ #include "base/at_exit.h"
+ #include "base/command_line.h"
+ #include "base/message_loop.h"
+ #include "base/process_util.h"
+ #include "chrome/common/child_process.h"
+
++#include "mozilla/FilePreferences.h"
+ #include "mozilla/ipc/BrowserProcessSubThread.h"
+ #include "mozilla/ipc/GeckoChildProcessHost.h"
+ #include "mozilla/ipc/IOThreadChild.h"
+ #include "mozilla/ipc/ProcessChild.h"
+ #include "ScopedXREEmbed.h"
+
+ #include "mozilla/plugins/PluginProcessChild.h"
+ #include "mozilla/dom/ContentProcess.h"
+@@ -680,16 +681,18 @@ XRE_InitChildProcess(int aArgc,
+ ::SetProcessShutdownParameters(0x280 - 1, SHUTDOWN_NORETRY);
+ #endif
+
+ #if defined(MOZ_SANDBOX) && defined(XP_WIN)
+ // We need to do this after the process has been initialised, as
+ // InitLoggingIfRequired may need access to prefs.
+ mozilla::sandboxing::InitLoggingIfRequired(aChildData->ProvideLogFunction);
+ #endif
++ mozilla::FilePreferences::InitDirectoriesWhitelist();
++ mozilla::FilePreferences::InitPrefs();
+
+ OverrideDefaultLocaleIfNeeded();
+
+ #if defined(MOZ_CRASHREPORTER)
+ #if defined(MOZ_CONTENT_SANDBOX) && !defined(MOZ_WIDGET_GONK)
+ AddContentSandboxLevelAnnotation();
+ #endif
+ #endif
+diff --git a/xpcom/io/FilePreferences.cpp b/xpcom/io/FilePreferences.cpp
+new file mode 100644
+--- /dev/null
++++ b/xpcom/io/FilePreferences.cpp
+@@ -0,0 +1,271 @@
++/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
++/* vim: set ts=8 sts=2 et sw=2 tw=80: */
++/* This Source Code Form is subject to the terms of the Mozilla Public
++* License, v. 2.0. If a copy of the MPL was not distributed with this
++* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
++
++#include "FilePreferences.h"
++
++#include "mozilla/Preferences.h"
++#include "nsAppDirectoryServiceDefs.h"
++#include "nsDirectoryServiceDefs.h"
++#include "nsDirectoryServiceUtils.h"
++
++namespace mozilla {
++namespace FilePreferences {
++
++static bool sBlockUNCPaths = false;
++typedef nsTArray<nsString> Paths;
++
++static Paths& PathArray()
++{
++ static Paths sPaths;
++ return sPaths;
++}
++
++static void AllowDirectory(char const* directory)
++{
++ nsCOMPtr<nsIFile> file;
++ NS_GetSpecialDirectory(directory, getter_AddRefs(file));
++ if (!file) {
++ return;
++ }
++
++ nsString path;
++ if (NS_FAILED(file->GetTarget(path))) {
++ return;
++ }
++
++ // The whitelist makes sense only for UNC paths, because this code is used
++ // to block only UNC paths, hence, no need to add non-UNC directories here
++ // as those would never pass the check.
++ if (!StringBeginsWith(path, NS_LITERAL_STRING("\\\\"))) {
++ return;
++ }
++
++ if (!PathArray().Contains(path)) {
++ PathArray().AppendElement(path);
++ }
++}
++
++void InitPrefs()
++{
++ sBlockUNCPaths = Preferences::GetBool("network.file.disable_unc_paths", false);
++}
++
++void InitDirectoriesWhitelist()
++{
++ // NS_GRE_DIR is the installation path where the binary resides.
++ AllowDirectory(NS_GRE_DIR);
++ // NS_APP_USER_PROFILE_50_DIR and NS_APP_USER_PROFILE_LOCAL_50_DIR are the two
++ // parts of the profile we store permanent and local-specific data.
++ AllowDirectory(NS_APP_USER_PROFILE_50_DIR);
++ AllowDirectory(NS_APP_USER_PROFILE_LOCAL_50_DIR);
++}
++
++namespace { // anon
++
++class Normalizer
++{
++public:
++ Normalizer(const nsAString& aFilePath, const char16_t aSeparator);
++ bool Get(nsAString& aNormalizedFilePath);
++
++private:
++ bool ConsumeItem();
++ bool ConsumeSeparator();
++ bool IsEOF() { return mFilePathCursor == mFilePathEnd; }
++
++ bool ConsumeName();
++ bool CheckParentDir();
++ bool CheckCurrentDir();
++
++ nsString::const_char_iterator mFilePathCursor;
++ nsString::const_char_iterator mFilePathEnd;
++
++ nsDependentSubstring mItem;
++ char16_t const mSeparator;
++ nsTArray<nsDependentSubstring> mStack;
++};
++
++Normalizer::Normalizer(const nsAString& aFilePath, const char16_t aSeparator)
++ : mFilePathCursor(aFilePath.BeginReading())
++ , mFilePathEnd(aFilePath.EndReading())
++ , mSeparator(aSeparator)
++{
++}
++
++bool Normalizer::ConsumeItem()
++{
++ if (IsEOF()) {
++ return false;
++ }
++
++ nsString::const_char_iterator nameBegin = mFilePathCursor;
++ while (mFilePathCursor != mFilePathEnd) {
++ if (*mFilePathCursor == mSeparator) {
++ break; // don't include the separator
++ }
++ ++mFilePathCursor;
++ }
++
++ mItem.Rebind(nameBegin, mFilePathCursor);
++ return true;
++}
++
++bool Normalizer::ConsumeSeparator()
++{
++ if (IsEOF()) {
++ return false;
++ }
++
++ if (*mFilePathCursor != mSeparator) {
++ return false;
++ }
++
++ ++mFilePathCursor;
++ return true;
++}
++
++bool Normalizer::Get(nsAString& aNormalizedFilePath)
++{
++ aNormalizedFilePath.Truncate();
++
++ if (IsEOF()) {
++ return true;
++ }
++ if (ConsumeSeparator()) {
++ aNormalizedFilePath.Append(mSeparator);
++ }
++
++ if (IsEOF()) {
++ return true;
++ }
++ if (ConsumeSeparator()) {
++ aNormalizedFilePath.Append(mSeparator);
++ }
++
++ while (!IsEOF()) {
++ if (!ConsumeName()) {
++ return false;
++ }
++ }
++
++ for (auto const& name : mStack) {
++ aNormalizedFilePath.Append(name);
++ }
++
++ return true;
++}
++
++bool Normalizer::ConsumeName()
++{
++ if (!ConsumeItem()) {
++ return true;
++ }
++
++ if (CheckCurrentDir()) {
++ return true;
++ }
++
++ if (CheckParentDir()) {
++ if (!mStack.Length()) {
++ // This means there are more \.. than valid names
++ return false;
++ }
++
++ mStack.RemoveElementAt(mStack.Length() - 1);
++ return true;
++ }
++
++ if (mItem.IsEmpty()) {
++ // this means an empty name (a lone slash), which is illegal
++ return false;
++ }
++
++ if (ConsumeSeparator()) {
++ mItem.Rebind(mItem.BeginReading(), mFilePathCursor);
++ }
++ mStack.AppendElement(mItem);
++
++ return true;
++}
++
++bool Normalizer::CheckCurrentDir()
++{
++ if (mItem == NS_LITERAL_STRING(".")) {
++ ConsumeSeparator();
++ // EOF is acceptable
++ return true;
++ }
++
++ return false;
++}
++
++bool Normalizer::CheckParentDir()
++{
++ if (mItem == NS_LITERAL_STRING("..")) {
++ ConsumeSeparator();
++ // EOF is acceptable
++ return true;
++ }
++
++ return false;
++}
++
++} // anon
++
++bool IsBlockedUNCPath(const nsAString& aFilePath)
++{
++ if (!sBlockUNCPaths) {
++ return false;
++ }
++
++ if (!StringBeginsWith(aFilePath, NS_LITERAL_STRING("\\\\"))) {
++ return false;
++ }
++
++ nsAutoString normalized;
++ if (!Normalizer(aFilePath, L'\\').Get(normalized)) {
++ // Broken paths are considered invalid and thus inaccessible
++ return true;
++ }
++
++ for (const auto& allowedPrefix : PathArray()) {
++ if (StringBeginsWith(normalized, allowedPrefix)) {
++ if (normalized.Length() == allowedPrefix.Length()) {
++ return false;
++ }
++ if (normalized[allowedPrefix.Length()] == L'\\') {
++ return false;
++ }
++
++ // When we are here, the path has a form "\\path\prefixevil"
++ // while we have an allowed prefix of "\\path\prefix".
++ // Note that we don't want to add a slash to the end of a prefix
++ // so that opening the directory (no slash at the end) still works.
++ break;
++ }
++ }
++
++ return true;
++}
++
++void testing::SetBlockUNCPaths(bool aBlock)
++{
++ sBlockUNCPaths = aBlock;
++}
++
++void testing::AddDirectoryToWhitelist(nsAString const & aPath)
++{
++ PathArray().AppendElement(aPath);
++}
++
++bool testing::NormalizePath(nsAString const & aPath, nsAString & aNormalized)
++{
++ Normalizer normalizer(aPath, L'\\');
++ return normalizer.Get(aNormalized);
++}
++
++} // ::FilePreferences
++} // ::mozilla
+diff --git a/xpcom/io/FilePreferences.h b/xpcom/io/FilePreferences.h
+new file mode 100644
+--- /dev/null
++++ b/xpcom/io/FilePreferences.h
+@@ -0,0 +1,25 @@
++/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
++/* vim: set ts=8 sts=2 et sw=2 tw=80: */
++/* This Source Code Form is subject to the terms of the Mozilla Public
++* License, v. 2.0. If a copy of the MPL was not distributed with this
++* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
++
++#include "nsIObserver.h"
++
++namespace mozilla {
++namespace FilePreferences {
++
++void InitPrefs();
++void InitDirectoriesWhitelist();
++bool IsBlockedUNCPath(const nsAString& aFilePath);
++
++namespace testing {
++
++void SetBlockUNCPaths(bool aBlock);
++void AddDirectoryToWhitelist(nsAString const& aPath);
++bool NormalizePath(nsAString const & aPath, nsAString & aNormalized);
++
++}
++
++} // FilePreferences
++} // mozilla
+diff --git a/xpcom/io/moz.build b/xpcom/io/moz.build
+--- a/xpcom/io/moz.build
++++ b/xpcom/io/moz.build
+@@ -79,24 +79,26 @@ EXPORTS += [
+ 'nsUnicharInputStream.h',
+ 'nsWildCard.h',
+ 'SlicedInputStream.h',
+ 'SpecialSystemDirectory.h',
+ ]
+
+ EXPORTS.mozilla += [
+ 'Base64.h',
++ 'FilePreferences.h',
+ 'SnappyCompressOutputStream.h',
+ 'SnappyFrameUtils.h',
+ 'SnappyUncompressInputStream.h',
+ ]
+
+ UNIFIED_SOURCES += [
+ 'Base64.cpp',
+ 'crc32c.c',
++ 'FilePreferences.cpp',
+ 'nsAnonymousTemporaryFile.cpp',
+ 'nsAppFileLocationProvider.cpp',
+ 'nsBinaryStream.cpp',
+ 'nsDirectoryService.cpp',
+ 'nsEscape.cpp',
+ 'nsInputStreamTee.cpp',
+ 'nsIOUtil.cpp',
+ 'nsLinebreakConverter.cpp',
+diff --git a/xpcom/io/nsLocalFileWin.cpp b/xpcom/io/nsLocalFileWin.cpp
+--- a/xpcom/io/nsLocalFileWin.cpp
++++ b/xpcom/io/nsLocalFileWin.cpp
+@@ -41,16 +41,17 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <mbstring.h>
+
+ #include "nsXPIDLString.h"
+ #include "prproces.h"
+ #include "prlink.h"
+
++#include "mozilla/FilePreferences.h"
+ #include "mozilla/Mutex.h"
+ #include "SpecialSystemDirectory.h"
+
+ #include "nsTraceRefcnt.h"
+ #include "nsXPCOMCIDInternal.h"
+ #include "nsThreadUtils.h"
+ #include "nsXULAppAPI.h"
+
+@@ -1162,16 +1163,20 @@ nsLocalFile::InitWithPath(const nsAStrin
+ char16_t secondChar = *(++begin);
+
+ // just do a sanity check. if it has any forward slashes, it is not a Native path
+ // on windows. Also, it must have a colon at after the first char.
+ if (FindCharInReadable(L'/', begin, end)) {
+ return NS_ERROR_FILE_UNRECOGNIZED_PATH;
+ }
+
++ if (FilePreferences::IsBlockedUNCPath(aFilePath)) {
++ return NS_ERROR_FILE_ACCESS_DENIED;
++ }
++
+ if (secondChar != L':' && (secondChar != L'\\' || firstChar != L'\\')) {
+ return NS_ERROR_FILE_UNRECOGNIZED_PATH;
+ }
+
+ if (secondChar == L':') {
+ // Make sure we have a valid drive, later code assumes the drive letter
+ // is a single char a-z or A-Z.
+ if (PathGetDriveNumberW(aFilePath.Data()) == -1) {
+@@ -1974,16 +1979,20 @@ nsLocalFile::CopySingleFile(nsIFile* aSo
+ bool path1Remote, path2Remote;
+ if (!IsRemoteFilePath(filePath.get(), path1Remote) ||
+ !IsRemoteFilePath(destPath.get(), path2Remote) ||
+ path1Remote || path2Remote) {
+ dwCopyFlags |= COPY_FILE_NO_BUFFERING;
+ }
+ }
+
++ if (FilePreferences::IsBlockedUNCPath(destPath)) {
++ return NS_ERROR_FILE_ACCESS_DENIED;
++ }
++
+ if (!move) {
+ copyOK = ::CopyFileExW(filePath.get(), destPath.get(), nullptr,
+ nullptr, nullptr, dwCopyFlags);
+ } else {
+ copyOK = ::MoveFileExW(filePath.get(), destPath.get(),
+ MOVEFILE_REPLACE_EXISTING);
+
+ // Check if copying the source file to a different volume,
+diff --git a/xpcom/tests/gtest/TestFilePreferencesWin.cpp b/xpcom/tests/gtest/TestFilePreferencesWin.cpp
+new file mode 100644
+--- /dev/null
++++ b/xpcom/tests/gtest/TestFilePreferencesWin.cpp
+@@ -0,0 +1,141 @@
++#include "gtest/gtest.h"
++
++#include "mozilla/FilePreferences.h"
++#include "nsIFile.h"
++#include "nsXPCOMCID.h"
++
++TEST(FilePreferencesWin, Normalization)
++{
++ nsAutoString normalized;
++
++ mozilla::FilePreferences::testing::NormalizePath(
++ NS_LITERAL_STRING("foo"), normalized);
++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("foo"));
++
++ mozilla::FilePreferences::testing::NormalizePath(
++ NS_LITERAL_STRING("\\foo"), normalized);
++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\foo"));
++
++ mozilla::FilePreferences::testing::NormalizePath(
++ NS_LITERAL_STRING("\\\\foo"), normalized);
++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo"));
++
++ mozilla::FilePreferences::testing::NormalizePath(
++ NS_LITERAL_STRING("foo\\some"), normalized);
++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("foo\\some"));
++
++ mozilla::FilePreferences::testing::NormalizePath(
++ NS_LITERAL_STRING("\\\\.\\foo"), normalized);
++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo"));
++
++ mozilla::FilePreferences::testing::NormalizePath(
++ NS_LITERAL_STRING("\\\\."), normalized);
++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\"));
++
++ mozilla::FilePreferences::testing::NormalizePath(
++ NS_LITERAL_STRING("\\\\.\\"), normalized);
++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\"));
++
++ mozilla::FilePreferences::testing::NormalizePath(
++ NS_LITERAL_STRING("\\\\.\\."), normalized);
++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\"));
++
++ mozilla::FilePreferences::testing::NormalizePath(
++ NS_LITERAL_STRING("\\\\foo\\bar"), normalized);
++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo\\bar"));
++
++ mozilla::FilePreferences::testing::NormalizePath(
++ NS_LITERAL_STRING("\\\\foo\\bar\\"), normalized);
++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo\\bar\\"));
++
++ mozilla::FilePreferences::testing::NormalizePath(
++ NS_LITERAL_STRING("\\\\foo\\bar\\."), normalized);
++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo\\bar\\"));
++
++ mozilla::FilePreferences::testing::NormalizePath(
++ NS_LITERAL_STRING("\\\\foo\\bar\\.\\"), normalized);
++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo\\bar\\"));
++
++ mozilla::FilePreferences::testing::NormalizePath(
++ NS_LITERAL_STRING("\\\\foo\\bar\\..\\"), normalized);
++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo\\"));
++
++ mozilla::FilePreferences::testing::NormalizePath(
++ NS_LITERAL_STRING("\\\\foo\\bar\\.."), normalized);
++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo\\"));
++
++ mozilla::FilePreferences::testing::NormalizePath(
++ NS_LITERAL_STRING("\\\\foo\\..\\bar\\..\\"), normalized);
++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\"));
++
++ mozilla::FilePreferences::testing::NormalizePath(
++ NS_LITERAL_STRING("\\\\foo\\..\\bar"), normalized);
++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\bar"));
++
++ mozilla::FilePreferences::testing::NormalizePath(
++ NS_LITERAL_STRING("\\\\foo\\bar\\..\\..\\"), normalized);
++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\"));
++
++ mozilla::FilePreferences::testing::NormalizePath(
++ NS_LITERAL_STRING("\\\\foo\\bar\\.\\..\\.\\..\\"), normalized);
++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\"));
++
++ bool result;
++
++ result = mozilla::FilePreferences::testing::NormalizePath(
++ NS_LITERAL_STRING("\\\\.."), normalized);
++ ASSERT_FALSE(result);
++
++ result = mozilla::FilePreferences::testing::NormalizePath(
++ NS_LITERAL_STRING("\\\\..\\"), normalized);
++ ASSERT_FALSE(result);
++
++ result = mozilla::FilePreferences::testing::NormalizePath(
++ NS_LITERAL_STRING("\\\\.\\..\\"), normalized);
++ ASSERT_FALSE(result);
++
++ result = mozilla::FilePreferences::testing::NormalizePath(
++ NS_LITERAL_STRING("\\\\foo\\\\bar"), normalized);
++ ASSERT_FALSE(result);
++
++ result = mozilla::FilePreferences::testing::NormalizePath(
++ NS_LITERAL_STRING("\\\\foo\\bar\\..\\..\\..\\..\\"), normalized);
++ ASSERT_FALSE(result);
++
++ result = mozilla::FilePreferences::testing::NormalizePath(
++ NS_LITERAL_STRING("\\\\\\"), normalized);
++ ASSERT_FALSE(result);
++
++ result = mozilla::FilePreferences::testing::NormalizePath(
++ NS_LITERAL_STRING("\\\\.\\\\"), normalized);
++ ASSERT_FALSE(result);
++
++ result = mozilla::FilePreferences::testing::NormalizePath(
++ NS_LITERAL_STRING("\\\\..\\\\"), normalized);
++ ASSERT_FALSE(result);
++}
++
++TEST(FilePreferencesWin, AccessUNC)
++{
++ nsCOMPtr<nsIFile> lf = do_CreateInstance(NS_LOCAL_FILE_CONTRACTID);
++
++ nsresult rv;
++
++ mozilla::FilePreferences::testing::SetBlockUNCPaths(false);
++
++ rv = lf->InitWithPath(NS_LITERAL_STRING("\\\\nice\\..\\evil\\share"));
++ ASSERT_EQ(rv, NS_OK);
++
++ mozilla::FilePreferences::testing::SetBlockUNCPaths(true);
++
++ rv = lf->InitWithPath(NS_LITERAL_STRING("\\\\nice\\..\\evil\\share"));
++ ASSERT_EQ(rv, NS_ERROR_FILE_ACCESS_DENIED);
++
++ mozilla::FilePreferences::testing::AddDirectoryToWhitelist(NS_LITERAL_STRING("\\\\nice"));
++
++ rv = lf->InitWithPath(NS_LITERAL_STRING("\\\\nice\\share"));
++ ASSERT_EQ(rv, NS_OK);
++
++ rv = lf->InitWithPath(NS_LITERAL_STRING("\\\\nice\\..\\evil\\share"));
++ ASSERT_EQ(rv, NS_ERROR_FILE_ACCESS_DENIED);
++}
+diff --git a/xpcom/tests/gtest/moz.build b/xpcom/tests/gtest/moz.build
+--- a/xpcom/tests/gtest/moz.build
++++ b/xpcom/tests/gtest/moz.build
+@@ -51,16 +51,21 @@ UNIFIED_SOURCES += [
+ if CONFIG['MOZ_DEBUG'] and CONFIG['OS_ARCH'] not in ('WINNT') and CONFIG['OS_TARGET'] != 'Android':
+ # FIXME bug 523392: TestDeadlockDetector doesn't like Windows
+ # Bug 1054249: Doesn't work on Android
+ UNIFIED_SOURCES += [
+ 'TestDeadlockDetector.cpp',
+ 'TestDeadlockDetectorScalability.cpp',
+ ]
+
++if CONFIG['OS_TARGET'] == 'WINNT':
++ UNIFIED_SOURCES += [
++ 'TestFilePreferencesWin.cpp',
++ ]
++
+ if CONFIG['WRAP_STL_INCLUDES'] and not CONFIG['CLANG_CL']:
+ UNIFIED_SOURCES += [
+ 'TestSTLWrappers.cpp',
+ ]
+
+ # Compile TestAllocReplacement separately so Windows headers don't pollute
+ # the global namespace for other files.
+ SOURCES += [
+
diff --git a/gnu/packages/patches/libtiff-CVE-2018-10963.patch b/gnu/packages/patches/libtiff-CVE-2018-10963.patch
new file mode 100644
index 0000000000..d31c12399d
--- /dev/null
+++ b/gnu/packages/patches/libtiff-CVE-2018-10963.patch
@@ -0,0 +1,40 @@
+Fix CVE-2018-10963:
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2795
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963
+
+Patch copied from upstream source repository:
+
+https://gitlab.com/libtiff/libtiff/commit/de144fd228e4be8aa484c3caf3d814b6fa88c6d9
+
+From de144fd228e4be8aa484c3caf3d814b6fa88c6d9 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sat, 12 May 2018 14:24:15 +0200
+Subject: [PATCH] TIFFWriteDirectorySec: avoid assertion. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2795. CVE-2018-10963
+
+---
+ libtiff/tif_dirwrite.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
+index 2430de6d..c15a28db 100644
+--- a/libtiff/tif_dirwrite.c
++++ b/libtiff/tif_dirwrite.c
+@@ -695,8 +695,11 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64* pdiroff)
+ }
+ break;
+ default:
+- assert(0); /* we should never get here */
+- break;
++ TIFFErrorExt(tif->tif_clientdata,module,
++ "Cannot write tag %d (%s)",
++ TIFFFieldTag(o),
++ o->field_name ? o->field_name : "unknown");
++ goto bad;
+ }
+ }
+ }
+--
+2.17.0
+
diff --git a/gnu/packages/patches/libtiff-CVE-2018-8905.patch b/gnu/packages/patches/libtiff-CVE-2018-8905.patch
new file mode 100644
index 0000000000..f49815789e
--- /dev/null
+++ b/gnu/packages/patches/libtiff-CVE-2018-8905.patch
@@ -0,0 +1,61 @@
+Fix CVE-2018-8095:
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2780
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905
+
+Patch copied from upstream source repository:
+
+https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d
+
+From 58a898cb4459055bb488ca815c23b880c242a27d Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sat, 12 May 2018 15:32:31 +0200
+Subject: [PATCH] LZWDecodeCompat(): fix potential index-out-of-bounds write.
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2780 / CVE-2018-8905
+
+The fix consists in using the similar code LZWDecode() to validate we
+don't write outside of the output buffer.
+---
+ libtiff/tif_lzw.c | 18 ++++++++++++------
+ 1 file changed, 12 insertions(+), 6 deletions(-)
+
+diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c
+index 4ccb443c..94d85e38 100644
+--- a/libtiff/tif_lzw.c
++++ b/libtiff/tif_lzw.c
+@@ -602,6 +602,7 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
+ char *tp;
+ unsigned char *bp;
+ int code, nbits;
++ int len;
+ long nextbits, nextdata, nbitsmask;
+ code_t *codep, *free_entp, *maxcodep, *oldcodep;
+
+@@ -753,13 +754,18 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
+ } while (--occ);
+ break;
+ }
+- assert(occ >= codep->length);
+- op += codep->length;
+- occ -= codep->length;
+- tp = op;
++ len = codep->length;
++ tp = op + len;
+ do {
+- *--tp = codep->value;
+- } while( (codep = codep->next) != NULL );
++ int t;
++ --tp;
++ t = codep->value;
++ codep = codep->next;
++ *tp = (char)t;
++ } while (codep && tp > op);
++ assert(occ >= len);
++ op += len;
++ occ -= len;
+ } else {
+ *op++ = (char)code;
+ occ--;
+--
+2.17.0
+
diff --git a/gnu/packages/patches/qtoctave-qt-5.11-fix.patch b/gnu/packages/patches/qtoctave-qt-5.11-fix.patch
new file mode 100644
index 0000000000..67317d1b36
--- /dev/null
+++ b/gnu/packages/patches/qtoctave-qt-5.11-fix.patch
@@ -0,0 +1,26 @@
+This patch comes from upstream:
+https://hg.savannah.gnu.org/hgweb/octave/rev/cdaa884568b1.
+
+# HG changeset patch
+# User Mike Miller <mtmiller@octave.org>
+# Date 1527214835 25200
+# Node ID cdaa884568b159549bd373f04386ff62417f6df9
+# Parent 9e39a53b4e007d3f79f88b711ab9fa5f2f24fbc9
+add Qt include needed to build against Qt 5.11 (bug #53978)
+
+* settings-dialog.cc: Add missing include for <QButtonGroup> to fix build
+failure with Qt 5.11.
+
+diff --git a/libgui/src/settings-dialog.cc b/libgui/src/settings-dialog.cc
+--- a/libgui/src/settings-dialog.cc
++++ b/libgui/src/settings-dialog.cc
+@@ -34,6 +34,8 @@
+ #include "workspace-model.h"
+ #include "settings-dialog.h"
+ #include "ui-settings-dialog.h"
++
++#include <QButtonGroup>
+ #include <QDir>
+ #include <QFileInfo>
+ #include <QFileDialog>
+