From 165259593a21c6586125a5f93c20ee199deefbe3 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Mon, 23 Jan 2017 22:32:20 -0500 Subject: gnu: libupnp: Update to 1.6.21. * gnu/packages/libupnp.scm (libupnp): Update to 1.6.21. [source]: Remove obsolete patches. * gnu/packages/patches/libupnp-CVE-2016-6255.patch, gnu/packages/patches/libupnp-CVE-2016-8863.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. --- gnu/local.mk | 2 -- 1 file changed, 2 deletions(-) (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 26933d4a28..27f6c92688 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -703,8 +703,6 @@ dist_patch_DATA = \ %D%/packages/patches/libtiff-tiffcp-underflow.patch \ %D%/packages/patches/libtool-skip-tests2.patch \ %D%/packages/patches/libunwind-CVE-2015-3239.patch \ - %D%/packages/patches/libupnp-CVE-2016-6255.patch \ - %D%/packages/patches/libupnp-CVE-2016-8863.patch \ %D%/packages/patches/libvpx-CVE-2016-2818.patch \ %D%/packages/patches/libwebp-CVE-2016-9085.patch \ %D%/packages/patches/libwmf-CAN-2004-0941.patch \ -- cgit v1.2.3 From b2725c53dd4cce2421845736df7940289c32f8a7 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Tue, 24 Jan 2017 01:59:07 -0500 Subject: gnu: khal: Update to 0.9.0. * gnu/packages/calendar.scm (khal): Update to 0.9.0 [source]: Remove obsolete patch. * gnu/packages/patches/khal-disable-failing-tests.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 - gnu/packages/calendar.scm | 5 ++-- .../patches/khal-disable-failing-tests.patch | 33 ---------------------- 3 files changed, 2 insertions(+), 37 deletions(-) delete mode 100644 gnu/packages/patches/khal-disable-failing-tests.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 27f6c92688..3963b97b71 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -645,7 +645,6 @@ dist_patch_DATA = \ %D%/packages/patches/jbig2dec-ignore-testtest.patch \ %D%/packages/patches/jq-CVE-2015-8863.patch \ %D%/packages/patches/kdbusaddons-kinit-file-name.patch \ - %D%/packages/patches/khal-disable-failing-tests.patch \ %D%/packages/patches/khmer-use-libraries.patch \ %D%/packages/patches/kmod-module-directory.patch \ %D%/packages/patches/kobodeluxe-paths.patch \ diff --git a/gnu/packages/calendar.scm b/gnu/packages/calendar.scm index 70bf8f9573..03898dd263 100644 --- a/gnu/packages/calendar.scm +++ b/gnu/packages/calendar.scm @@ -84,14 +84,13 @@ data units.") (define-public khal (package (name "khal") - (version "0.8.4") + (version "0.9.0") (source (origin (method url-fetch) (uri (pypi-uri "khal" version)) - (patches (search-patches "khal-disable-failing-tests.patch")) (sha256 (base32 - "03vy4dp9n43w51mwqjjy08dr5nj7wxqnb085visz3j43vzm42p1f")))) + "138gxynw7zavwqqaw5nzmj8sbpkymmb95xzgxqbdi9fiiqm9kamr")))) (build-system python-build-system) (arguments `(#:phases (modify-phases %standard-phases diff --git a/gnu/packages/patches/khal-disable-failing-tests.patch b/gnu/packages/patches/khal-disable-failing-tests.patch deleted file mode 100644 index e2c65df8ce..0000000000 --- a/gnu/packages/patches/khal-disable-failing-tests.patch +++ /dev/null @@ -1,33 +0,0 @@ -Disable some tests that are known to fail: - -https://github.com/pimutils/khal/issues/546 -https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844081 - -diff --git a/tests/khalendar_test.py b/tests/khalendar_test.py -index fd8dcc6..17732bf 100644 ---- a/tests/khalendar_test.py -+++ b/tests/khalendar_test.py -@@ -65,6 +65,7 @@ class TestCalendar(object): - else: - mtimes[cal] = mtime - -+ @pytest.mark.xfail - def test_db_needs_update(self, coll_vdirs): - coll, vdirs = coll_vdirs - -@@ -321,6 +322,7 @@ class TestDbCreation(object): - CalendarCollection(calendars, dbpath=dbpath, locale=aux.locale) - - -+@pytest.mark.xfail - def test_default_calendar(coll_vdirs): - """test if an update to the vdir is detected by the CalendarCollection""" - coll, vdirs = coll_vdirs -@@ -341,6 +343,7 @@ def test_default_calendar(coll_vdirs): - assert len(list(coll.get_events_on(today))) == 0 - - -+@pytest.mark.xfail - def test_only_update_old_event(coll_vdirs, monkeypatch): - coll, vdirs = coll_vdirs - -- cgit v1.2.3 From 23d57f74dcaddc39b2fe57fc0eabcd5907318882 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Tue, 24 Jan 2017 21:48:01 +0100 Subject: gnu: gnupg: Update to 2.1.18. * gnu/packages/gnupg.scm (gnupg): Update to 2.1.18. [source]: Remove patch. * gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/gnupg.scm | 8 ++--- .../gnupg-test-segfault-on-32bit-arch.patch | 40 ---------------------- 3 files changed, 2 insertions(+), 47 deletions(-) delete mode 100644 gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 3963b97b71..37d82fa716 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -593,7 +593,6 @@ dist_patch_DATA = \ %D%/packages/patches/gmp-faulty-test.patch \ %D%/packages/patches/gnome-tweak-tool-search-paths.patch \ %D%/packages/patches/gnucash-price-quotes-perl.patch \ - %D%/packages/patches/gnupg-test-segfault-on-32bit-arch.patch \ %D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \ %D%/packages/patches/gobject-introspection-cc.patch \ %D%/packages/patches/gobject-introspection-girepository.patch \ diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index b19d764e25..df9eb4cba5 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -217,18 +217,14 @@ compatible to GNU Pth.") (define-public gnupg (package (name "gnupg") - (version "2.1.17") + (version "2.1.18") (source (origin (method url-fetch) (uri (string-append "mirror://gnupg/gnupg/gnupg-" version ".tar.bz2")) (sha256 (base32 - "1js308b46ifx1gim0c9nivr5yxhans7iq1yvkf7zl2928gdm9p65")) - (patches - ;; This fixes a test failure on 32bit. Remove for next version. - ;; https://lists.gnu.org/archive/html/guix-devel/2016-12/msg00869.html - (search-patches "gnupg-test-segfault-on-32bit-arch.patch")))) + "157rrv3ly9j2k0acz43nhiba5hfl6h7048jvj55wwqjmgsmnyk6h")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) diff --git a/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch b/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch deleted file mode 100644 index 79bb41caaa..0000000000 --- a/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch +++ /dev/null @@ -1,40 +0,0 @@ -This fixes a segfault on 32-bit architectures. Upstream discussion: - -https://lists.gnupg.org/pipermail/gnupg-devel/2016-December/032364.html - -Guix thread: https://lists.gnu.org/archive/html/guix-devel/2016-12/msg00631.html - -Patch copied from upstream source repository: - -https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=6e96cdd41a0e55b672309431062f37c4a4a9f485 - -From 6e96cdd41a0e55b672309431062f37c4a4a9f485 Mon Sep 17 00:00:00 2001 -From: Justus Winter -Date: Wed, 21 Dec 2016 16:14:45 +0100 -Subject: [PATCH] gpgscm: Guard use of union member. - -* tests/gpgscm/scheme.c (opexe_5): Check that we have a file port -before accessing filename. Fixes a crash on 32-bit architectures. - -Fixes-commit: e7429b1ced0c69fa7901f888f8dc25f00fc346a4 -Signed-off-by: Justus Winter ---- - tests/gpgscm/scheme.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c -index a5b7691..2844545 100644 ---- a/tests/gpgscm/scheme.c -+++ b/tests/gpgscm/scheme.c -@@ -4838,7 +4838,7 @@ static pointer opexe_5(scheme *sc, enum scheme_opcodes op) { - } else { - sc->nesting_stack[sc->file_i]++; - #if USE_TAGS && SHOW_ERROR_LINE -- { -+ if (sc->load_stack[sc->file_i].kind & port_file) { - const char *filename = - sc->load_stack[sc->file_i].rep.stdio.filename; - int lineno = --- -2.8.0.rc3 - -- cgit v1.2.3 From 0769cea6970444dd5f5db75f9863ec6ff428e7cb Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Mon, 23 Jan 2017 18:33:21 -0500 Subject: gnu: openjpeg: Fix CVE-2016-{9572,9573}. * gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/image.scm (openjpeg-2.1.2)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/image.scm | 3 +- .../openjpeg-CVE-2016-9572-CVE-2016-9573.patch | 233 +++++++++++++++++++++ 3 files changed, 236 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 37d82fa716..59fc1a82c0 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -780,6 +780,7 @@ dist_patch_DATA = \ %D%/packages/patches/openjpeg-CVE-2016-5157.patch \ %D%/packages/patches/openjpeg-CVE-2016-7163.patch \ %D%/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch \ + %D%/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch \ %D%/packages/patches/openjpeg-use-after-free-fix.patch \ %D%/packages/patches/openocd-nrf52.patch \ %D%/packages/patches/openssl-runpath.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 637819947c..54b7dd6e22 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -498,7 +498,8 @@ error-resilience, a Java-viewer for j2k-images, ...") (base32 "19yz4g0c45sm8y1z01j9djsrl1mkz3pmw7fykc6hkvrqymp7prsc")) (patches - (search-patches "openjpeg-CVE-2016-9850-CVE-2016-9851.patch")))))) + (search-patches "openjpeg-CVE-2016-9850-CVE-2016-9851.patch" + "openjpeg-CVE-2016-9572-CVE-2016-9573.patch")))))) (define-public openjpeg-1 (package (inherit openjpeg) diff --git a/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch b/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch new file mode 100644 index 0000000000..545b5d0a71 --- /dev/null +++ b/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch @@ -0,0 +1,233 @@ +Fix CVE-2016-9572 and CVE-2016-9573: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9572 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9573 +https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572 +https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9573 + +Patch copied from 3rd-party repository: + +https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d + +From 7b28bd2b723df6be09fe7791eba33147c1c47d0d Mon Sep 17 00:00:00 2001 +From: szukw000 +Date: Mon, 28 Nov 2016 21:57:20 +0100 +Subject: [PATCH] Changes for issues #863 and #862 + +--- + src/bin/jp2/convert.c | 59 +++++++++++++++++++++++++++++++++++++++----- + src/bin/jp2/convertbmp.c | 29 +++++++++++++++++++++- + src/bin/jp2/opj_decompress.c | 2 +- + src/lib/openjp2/j2k.c | 11 ++++++--- + 4 files changed, 90 insertions(+), 11 deletions(-) + +diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c +index deee4f6..6a3f65b 100644 +--- a/src/bin/jp2/convert.c ++++ b/src/bin/jp2/convert.c +@@ -906,7 +906,8 @@ int imagetotga(opj_image_t * image, const char *outfile) { + for (i = 0; i < image->numcomps-1; i++) { + if ((image->comps[0].dx != image->comps[i+1].dx) + ||(image->comps[0].dy != image->comps[i+1].dy) +- ||(image->comps[0].prec != image->comps[i+1].prec)) { ++ ||(image->comps[0].prec != image->comps[i+1].prec) ++ ||(image->comps[0].sgnd != image->comps[i+1].sgnd)) { + fclose(fdest); + fprintf(stderr, "Unable to create a tga file with such J2K image charateristics."); + return 1; +@@ -1743,7 +1744,7 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split) + int *red, *green, *blue, *alpha; + int wr, hr, max; + int i; +- unsigned int compno, ncomp; ++ unsigned int compno, ncomp, ui; + int adjustR, adjustG, adjustB, adjustA; + int fails, two, want_gray, has_alpha, triple; + int prec, v; +@@ -1768,6 +1769,27 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split) + + if(want_gray) ncomp = 1; + ++ for (ui = 1; ui < ncomp; ++ui) { ++ if (image->comps[0].dx != image->comps[ui].dx) { ++ break; ++ } ++ if (image->comps[0].dy != image->comps[ui].dy) { ++ break; ++ } ++ if (image->comps[0].prec != image->comps[ui].prec) { ++ break; ++ } ++ if (image->comps[0].sgnd != image->comps[ui].sgnd) { ++ break; ++ } ++ } ++ if (ui != ncomp) { ++ fprintf(stderr,"imagetopnm: All components\n shall have " ++ "the same subsampling, same bit depth, same sign.\n" ++ " Aborting\n"); ++ return 1; ++ } ++ + if ((force_split == 0) && + (ncomp == 2 /* GRAYA */ + || (ncomp > 2 /* RGB, RGBA */ +@@ -2126,7 +2148,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL + { + FILE *rawFile = NULL; + size_t res; +- unsigned int compno; ++ unsigned int compno, numcomps; + int w, h, fails; + int line, row, curr, mask; + int *ptr; +@@ -2139,6 +2161,31 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL + return 1; + } + ++ numcomps = image->numcomps; ++ ++ if (numcomps > 4) { ++ numcomps = 4; ++ } ++ for (compno = 1; compno < numcomps; ++compno) { ++ if (image->comps[0].dx != image->comps[compno].dx) { ++ break; ++ } ++ if (image->comps[0].dy != image->comps[compno].dy) { ++ break; ++ } ++ if (image->comps[0].prec != image->comps[compno].prec) { ++ break; ++ } ++ if (image->comps[0].sgnd != image->comps[compno].sgnd) { ++ break; ++ } ++ } ++ if (compno != numcomps) { ++ fprintf(stderr,"imagetoraw_common: All components shall have the same subsampling, same bit depth, same sign.\n"); ++ fprintf(stderr,"\tAborting\n"); ++ return 1; ++ } ++ + rawFile = fopen(outfile, "wb"); + if (!rawFile) { + fprintf(stderr, "Failed to open %s for writing !!\n", outfile); +@@ -2146,9 +2193,9 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL + } + + fails = 1; +- fprintf(stdout,"Raw image characteristics: %d components\n", image->numcomps); ++ fprintf(stdout,"Raw image characteristics: %d components\n", numcomps); + +- for(compno = 0; compno < image->numcomps; compno++) ++ for(compno = 0; compno < numcomps; compno++) + { + fprintf(stdout,"Component %u characteristics: %dx%dx%d %s\n", compno, image->comps[compno].w, + image->comps[compno].h, image->comps[compno].prec, image->comps[compno].sgnd==1 ? "signed": "unsigned"); +@@ -2238,7 +2285,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL + } + else if (image->comps[compno].prec <= 32) + { +- fprintf(stderr,"More than 16 bits per component no handled yet\n"); ++ fprintf(stderr,"More than 16 bits per component not handled yet\n"); + goto fin; + } + else +diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c +index ae83077..8017ba8 100644 +--- a/src/bin/jp2/convertbmp.c ++++ b/src/bin/jp2/convertbmp.c +@@ -806,8 +806,35 @@ int imagetobmp(opj_image_t * image, const char *outfile) { + FILE *fdest = NULL; + int adjustR, adjustG, adjustB; + ++ { ++ unsigned int ui, ncomp = image->numcomps; ++ ++ if (ncomp > 4) { /* RGBA in bmpmask32toimage */ ++ ncomp = 4; ++ } ++ for (ui = 1; ui < ncomp; ++ui) { ++ if (image->comps[0].dx != image->comps[ui].dx) { ++ break; ++ } ++ if (image->comps[0].dy != image->comps[ui].dy) { ++ break; ++ } ++ if (image->comps[0].prec != image->comps[ui].prec) { ++ break; ++ } ++ if (image->comps[0].sgnd != image->comps[ui].sgnd) { ++ break; ++ } ++ } ++ if (ui != ncomp) { ++ fprintf(stderr,"imagetobmp: All components shall have the same subsampling, same bit depth, same sign.\n"); ++ fprintf(stderr,"\tAborting\n"); ++ return 1; ++ } ++ ++ } + if (image->comps[0].prec < 8) { +- fprintf(stderr, "Unsupported number of components: %d\n", image->comps[0].prec); ++ fprintf(stderr, "imagetobmp: Unsupported precision: %d\n", image->comps[0].prec); + return 1; + } + if (image->numcomps >= 3 && image->comps[0].dx == image->comps[1].dx +diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c +index 83160c3..c30079b 100644 +--- a/src/bin/jp2/opj_decompress.c ++++ b/src/bin/jp2/opj_decompress.c +@@ -1607,7 +1607,7 @@ int main(int argc, char **argv) + if(dirptr->filename_buf) free(dirptr->filename_buf); + free(dirptr); + } +- if (numDecompressedImages) { ++ if (numDecompressedImages && !failed) { + fprintf(stdout, "decode time: %d ms\n", (int)( (tCumulative * 1000.0) / (OPJ_FLOAT64)numDecompressedImages)); + } + return failed ? EXIT_FAILURE : EXIT_SUCCESS; +diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c +index 66802bb..b6daa32 100644 +--- a/src/lib/openjp2/j2k.c ++++ b/src/lib/openjp2/j2k.c +@@ -2158,7 +2158,7 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k, + i, l_img_comp->dx, l_img_comp->dy); + return OPJ_FALSE; + } +- if( l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */ ++ if( l_img_comp->prec < 1 || l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */ + opj_event_msg(p_manager, EVT_ERROR, + "Invalid values for comp = %d : prec=%u (should be between 1 and 38 according to the JPEG2000 norm)\n", + i, l_img_comp->prec); +@@ -10029,7 +10029,11 @@ OPJ_BOOL opj_j2k_decode(opj_j2k_t * p_j2k, + /* Move data and copy one information from codec to output image*/ + for (compno = 0; compno < p_image->numcomps; compno++) { + p_image->comps[compno].resno_decoded = p_j2k->m_output_image->comps[compno].resno_decoded; +- p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data; ++ p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data; ++ ++ if(p_image->comps[compno].data == NULL) return OPJ_FALSE; ++ ++ p_j2k->m_output_image->comps[compno].data = NULL; + #if 0 + char fn[256]; + sprintf( fn, "/tmp/%d.raw", compno ); +@@ -10037,7 +10041,6 @@ OPJ_BOOL opj_j2k_decode(opj_j2k_t * p_j2k, + fwrite( p_image->comps[compno].data, sizeof(OPJ_INT32), p_image->comps[compno].w * p_image->comps[compno].h, debug ); + fclose( debug ); + #endif +- p_j2k->m_output_image->comps[compno].data = NULL; + } + + return OPJ_TRUE; +@@ -10131,6 +10134,8 @@ OPJ_BOOL opj_j2k_get_tile( opj_j2k_t *p_j2k, + + p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data; + ++ if (p_image->comps[compno].data == NULL) return OPJ_FALSE; ++ + p_j2k->m_output_image->comps[compno].data = NULL; + } + -- cgit v1.2.3