Merge branch 'staging'
This commit is contained in:
commit
4a990395d7
22
gnu/local.mk
22
gnu/local.mk
|
@ -661,6 +661,7 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/libcanberra-sound-theme-freedesktop.patch \
|
||||
%D%/packages/patches/libcmis-fix-test-onedrive.patch \
|
||||
%D%/packages/patches/libdrm-symbol-check.patch \
|
||||
%D%/packages/patches/libepoxy-gl-null-checks.patch \
|
||||
%D%/packages/patches/libevent-dns-tests.patch \
|
||||
%D%/packages/patches/libextractor-ffmpeg-3.patch \
|
||||
%D%/packages/patches/libjxr-fix-function-signature.patch \
|
||||
|
@ -675,16 +676,6 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/libssh-0.6.5-CVE-2016-0739.patch \
|
||||
%D%/packages/patches/libtar-CVE-2013-4420.patch \
|
||||
%D%/packages/patches/libtheora-config-guess.patch \
|
||||
%D%/packages/patches/libtiff-CVE-2015-8665+CVE-2015-8683.patch \
|
||||
%D%/packages/patches/libtiff-CVE-2016-3623.patch \
|
||||
%D%/packages/patches/libtiff-CVE-2016-3945.patch \
|
||||
%D%/packages/patches/libtiff-CVE-2016-3990.patch \
|
||||
%D%/packages/patches/libtiff-CVE-2016-3991.patch \
|
||||
%D%/packages/patches/libtiff-CVE-2016-5314.patch \
|
||||
%D%/packages/patches/libtiff-CVE-2016-5321.patch \
|
||||
%D%/packages/patches/libtiff-CVE-2016-5323.patch \
|
||||
%D%/packages/patches/libtiff-oob-accesses-in-decode.patch \
|
||||
%D%/packages/patches/libtiff-oob-write-in-nextdecode.patch \
|
||||
%D%/packages/patches/libtool-skip-tests2.patch \
|
||||
%D%/packages/patches/libunwind-CVE-2015-3239.patch \
|
||||
%D%/packages/patches/libupnp-CVE-2016-6255.patch \
|
||||
|
@ -735,16 +726,6 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/module-init-tools-moduledir.patch \
|
||||
%D%/packages/patches/mumps-build-parallelism.patch \
|
||||
%D%/packages/patches/mupdf-build-with-openjpeg-2.1.patch \
|
||||
%D%/packages/patches/mupdf-CVE-2016-6265.patch \
|
||||
%D%/packages/patches/mupdf-CVE-2016-6525.patch \
|
||||
%D%/packages/patches/mupdf-CVE-2016-7504.patch \
|
||||
%D%/packages/patches/mupdf-CVE-2016-7505.patch \
|
||||
%D%/packages/patches/mupdf-CVE-2016-7506.patch \
|
||||
%D%/packages/patches/mupdf-CVE-2016-7563.patch \
|
||||
%D%/packages/patches/mupdf-CVE-2016-7564.patch \
|
||||
%D%/packages/patches/mupdf-CVE-2016-8674.patch \
|
||||
%D%/packages/patches/mupdf-CVE-2016-9017.patch \
|
||||
%D%/packages/patches/mupdf-CVE-2016-9136.patch \
|
||||
%D%/packages/patches/mupen64plus-ui-console-notice.patch \
|
||||
%D%/packages/patches/musl-CVE-2016-8859.patch \
|
||||
%D%/packages/patches/mutt-store-references.patch \
|
||||
|
@ -854,7 +835,6 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/ruby-concurrent-ignore-broken-test.patch \
|
||||
%D%/packages/patches/ruby-puma-ignore-broken-test.patch \
|
||||
%D%/packages/patches/ruby-rack-ignore-failing-test.patch \
|
||||
%D%/packages/patches/ruby-symlinkfix.patch \
|
||||
%D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\
|
||||
%D%/packages/patches/ruby-yard-fix-skip-of-markdown-tests.patch \
|
||||
%D%/packages/patches/sed-hurd-path-max.patch \
|
||||
|
|
|
@ -544,7 +544,8 @@ a C program.")
|
|||
"1kwbx92ps0r7s2mqy7lxbxanslxdzj7dp7r7gmdkzv1j8yqf3kwf"))))
|
||||
(build-system gnu-build-system)
|
||||
(arguments
|
||||
'(#:configure-flags '("--enable-shared" "--enable-openmp")
|
||||
'(#:configure-flags
|
||||
'("--enable-shared" "--enable-openmp" "--enable-threads")
|
||||
#:phases (alist-cons-before
|
||||
'build 'no-native
|
||||
(lambda _
|
||||
|
|
|
@ -940,15 +940,15 @@ command.")
|
|||
(define-public tzdata
|
||||
(package
|
||||
(name "tzdata")
|
||||
(version "2016g")
|
||||
(version "2016j")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append
|
||||
"http://www.iana.org/time-zones/repository/releases/tzdata"
|
||||
"https://www.iana.org/time-zones/repository/releases/tzdata"
|
||||
version ".tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"1lgbh49bsbysibzr7imjsh1xa7pqmimphxvvwh6kncj7pjr3fw9w"))))
|
||||
"1j4xycpwhs57qnkcxwh3np8wnf3km69n3cf4w6p2yv2z247lxvpm"))))
|
||||
(build-system gnu-build-system)
|
||||
(arguments
|
||||
'(#:tests? #f
|
||||
|
@ -996,8 +996,8 @@ command.")
|
|||
version ".tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"0azsz436vd65bkdkdmjgsh7zhh0whnqqfliva45191krmm3hpy8z"))))))
|
||||
(home-page "http://www.iana.org/time-zones")
|
||||
"1dxhrk4z0n2di8p0yd6q00pa6bwyz5xqbrfbasiz8785ni7zrvxr"))))))
|
||||
(home-page "https://www.iana.org/time-zones")
|
||||
(synopsis "Database of current and historical time zones")
|
||||
(description "The Time Zone Database (often called tz or zoneinfo)
|
||||
contains code and data that represent the history of local time for many
|
||||
|
|
|
@ -132,14 +132,14 @@ by no means limited to these applications.) This package provides XML DTDs.")
|
|||
(define-public docbook-xsl
|
||||
(package
|
||||
(name "docbook-xsl")
|
||||
(version "1.78.1")
|
||||
(version "1.79.1")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "mirror://sourceforge/docbook/docbook-xsl/"
|
||||
version "/docbook-xsl-" version ".tar.bz2"))
|
||||
(sha256
|
||||
(base32
|
||||
"0rxl013ncmz1n6ymk2idvx3hix9pdabk8xn01cpcv32wmfb753y9"))))
|
||||
"0s59lihif2fr7rznckxr2kfyrvkirv76r1zvidp9b5mj28p4apvj"))))
|
||||
(build-system trivial-build-system)
|
||||
(arguments
|
||||
`(#:builder (let ((name-version (string-append ,name "-" ,version)))
|
||||
|
|
|
@ -196,7 +196,7 @@ also known as DXTn or DXTC) for Mesa.")
|
|||
(define-public mesa
|
||||
(package
|
||||
(name "mesa")
|
||||
(version "12.0.1")
|
||||
(version "13.0.2")
|
||||
(source
|
||||
(origin
|
||||
(method url-fetch)
|
||||
|
@ -204,7 +204,9 @@ also known as DXTn or DXTC) for Mesa.")
|
|||
version "/mesa-" version ".tar.xz"))
|
||||
(sha256
|
||||
(base32
|
||||
"12b3i59xdn2in2hchrkgh4fwij8zhznibx976l3pdj3qkyvlzcms"))))
|
||||
"1m8n8kd8kcs5ddyvldiw09wvpi5wwpfmmxlb87d63vgl8lk65vd6"))
|
||||
(patches
|
||||
(search-patches "mesa-wayland-egl-symbols-check-mips.patch"))))
|
||||
(build-system gnu-build-system)
|
||||
(propagated-inputs
|
||||
`(("glproto" ,glproto)
|
||||
|
@ -227,20 +229,10 @@ also known as DXTn or DXTC) for Mesa.")
|
|||
("makedepend" ,makedepend)
|
||||
("presentproto" ,presentproto)
|
||||
("s2tc" ,s2tc)
|
||||
("udev" ,eudev)
|
||||
("wayland" ,wayland)))
|
||||
(native-inputs
|
||||
`(("pkg-config" ,pkg-config)
|
||||
("python" ,python-2)
|
||||
|
||||
;; XXX To prevent a large number of rebuilds on other systems,
|
||||
;; apply the following patch on MIPS systems only. In the next
|
||||
;; core-updates cycle, this patch could be applied on all platforms.
|
||||
,@(if (string-prefix? "mips" (or (%current-target-system)
|
||||
(%current-system)))
|
||||
`(("mips-patch"
|
||||
,(search-patch "mesa-wayland-egl-symbols-check-mips.patch")))
|
||||
'())))
|
||||
("python" ,python-2)))
|
||||
(arguments
|
||||
`(#:configure-flags
|
||||
'(;; drop r300 from default gallium drivers, as it requires llvm
|
||||
|
@ -267,16 +259,6 @@ also known as DXTn or DXTC) for Mesa.")
|
|||
'("--with-dri-drivers=nouveau,r200,radeon,swrast"))))
|
||||
#:phases
|
||||
(modify-phases %standard-phases
|
||||
;; Add an 'apply-mips-patch' phase conditionally (see above.)
|
||||
,@(if (string-prefix? "mips" (or (%current-target-system)
|
||||
(%current-system)))
|
||||
`((add-after 'unpack 'apply-mips-patch
|
||||
(lambda* (#:key inputs #:allow-other-keys)
|
||||
(let ((patch (assoc-ref inputs "mips-patch")))
|
||||
(zero? (system* "patch" "-p1" "--force"
|
||||
"--input" patch))))))
|
||||
'())
|
||||
|
||||
(add-after
|
||||
'unpack 'patch-create_test_cases
|
||||
(lambda _
|
||||
|
@ -288,7 +270,6 @@ also known as DXTn or DXTC) for Mesa.")
|
|||
'build 'fix-dlopen-libnames
|
||||
(lambda* (#:key inputs outputs #:allow-other-keys)
|
||||
(let ((s2tc (assoc-ref inputs "s2tc"))
|
||||
(udev (assoc-ref inputs "udev"))
|
||||
(out (assoc-ref outputs "out")))
|
||||
;; Remain agnostic to .so.X.Y.Z versions while doing
|
||||
;; the substitutions so we're future-safe.
|
||||
|
@ -297,10 +278,6 @@ also known as DXTn or DXTC) for Mesa.")
|
|||
"src/mesa/main/texcompress_s3tc.c")
|
||||
(("\"libtxc_dxtn\\.so")
|
||||
(string-append "\"" s2tc "/lib/libtxc_dxtn.so")))
|
||||
(substitute* "src/loader/loader.c"
|
||||
(("udev_handle = dlopen\\(name")
|
||||
(string-append "udev_handle = dlopen(\""
|
||||
udev "/lib/libudev.so\"")))
|
||||
(substitute* "src/glx/dri_common.c"
|
||||
(("dlopen\\(\"libGL\\.so")
|
||||
(string-append "dlopen(\"" out "/lib/libGL.so")))
|
||||
|
@ -485,7 +462,8 @@ OpenGL graphics API.")
|
|||
(file-name (string-append name "-" version ".tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"1d1brhwfmlzgnphmdwlvn5wbcrxsdyzf1qfcf8nb89xqzznxs037"))))
|
||||
"1d1brhwfmlzgnphmdwlvn5wbcrxsdyzf1qfcf8nb89xqzznxs037"))
|
||||
(patches (search-patches "libepoxy-gl-null-checks.patch"))))
|
||||
(arguments
|
||||
`(#:phases
|
||||
(modify-phases %standard-phases
|
||||
|
|
|
@ -64,8 +64,7 @@
|
|||
(define dbus
|
||||
(package
|
||||
(name "dbus")
|
||||
(replacement dbus-1.10.12)
|
||||
(version "1.10.10")
|
||||
(version "1.10.14")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append
|
||||
|
@ -73,7 +72,7 @@
|
|||
version ".tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"0hwsfczhx2djmc9116vj5v230i7gpjihwh3vbljs1ldlk831v3wx"))
|
||||
"10x0wvv2ly4lyyfd42k4xw0ar5qdbi9cksw3l5fcwf1y6mq8y8r3"))
|
||||
(patches (search-patches "dbus-helper-search-path.patch"))))
|
||||
(build-system gnu-build-system)
|
||||
(arguments
|
||||
|
@ -132,21 +131,6 @@ or through unencrypted TCP/IP suitable for use behind a firewall with
|
|||
shared NFS home directories.")
|
||||
(license license:gpl2+))) ; or Academic Free License 2.1
|
||||
|
||||
(define dbus-1.10.12
|
||||
(package
|
||||
(inherit dbus)
|
||||
(name "dbus")
|
||||
(source
|
||||
(let ((version "1.10.12"))
|
||||
(origin
|
||||
(inherit (package-source dbus))
|
||||
(uri (string-append
|
||||
"https://dbus.freedesktop.org/releases/dbus/dbus-"
|
||||
version ".tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"0pa71vf5c0d7k3gni06iascmplj0j5g70wbc833ayvi71d1pj2i1")))))))
|
||||
|
||||
(define glib
|
||||
(package
|
||||
(name "glib")
|
||||
|
|
|
@ -681,14 +681,14 @@ update-desktop-database: updates the database containing a cache of MIME types
|
|||
(define-public shared-mime-info
|
||||
(package
|
||||
(name "shared-mime-info")
|
||||
(version "1.6")
|
||||
(version "1.7")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "https://freedesktop.org/~hadess/"
|
||||
"shared-mime-info-" version ".tar.xz"))
|
||||
(sha256
|
||||
(base32
|
||||
"0k637g047gci8g69bg4g19akylpfraxm40hd30j3i4v7cidziy5j"))))
|
||||
"0bjd2j1rqrj150mr04j7ib71lfdlgbf235fg8d70g8mszqf7ik7a"))))
|
||||
(build-system gnu-build-system)
|
||||
(arguments
|
||||
;; The build system appears not to be parallel-safe.
|
||||
|
@ -2140,7 +2140,7 @@ libxml to ease remote use of the RESTful API.")
|
|||
(define-public libsoup
|
||||
(package
|
||||
(name "libsoup")
|
||||
(version "2.54.1")
|
||||
(version "2.56.0")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "mirror://gnome/sources/libsoup/"
|
||||
|
@ -2148,7 +2148,7 @@ libxml to ease remote use of the RESTful API.")
|
|||
name "-" version ".tar.xz"))
|
||||
(sha256
|
||||
(base32
|
||||
"0cyn5pq4xl1gb8413h2p4d5wrn558dc054zhwmk4swrl40ijrd27"))))
|
||||
"1r8zz270qdg92gbsvy61d51y1cj7hp059h2f4xpvqiw2vrqnn8fq"))))
|
||||
(build-system gnu-build-system)
|
||||
(outputs '("out" "doc"))
|
||||
(arguments
|
||||
|
|
|
@ -102,7 +102,6 @@ tools have full access to view and control running applications.")
|
|||
(define-public cairo
|
||||
(package
|
||||
(name "cairo")
|
||||
(replacement cairo/fixed)
|
||||
(version "1.14.6")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
|
@ -110,7 +109,8 @@ tools have full access to view and control running applications.")
|
|||
version ".tar.xz"))
|
||||
(sha256
|
||||
(base32
|
||||
"0lmjlzmghmr27y615px9hkm552x7ap6pmq9mfbzr6smp8y2b6g31"))))
|
||||
"0lmjlzmghmr27y615px9hkm552x7ap6pmq9mfbzr6smp8y2b6g31"))
|
||||
(patches (search-patches "cairo-CVE-2016-9082.patch"))))
|
||||
(build-system gnu-build-system)
|
||||
(propagated-inputs
|
||||
`(("fontconfig" ,fontconfig)
|
||||
|
@ -156,10 +156,6 @@ affine transformation (scale, rotation, shear, etc.).")
|
|||
(package
|
||||
(inherit cairo)
|
||||
(name "cairo-xcb")
|
||||
(source (origin
|
||||
(inherit (package-source cairo))
|
||||
(patches (search-patches "cairo-CVE-2016-9082.patch"))))
|
||||
(replacement #f)
|
||||
(inputs
|
||||
`(("mesa" ,mesa)
|
||||
,@(package-inputs cairo)))
|
||||
|
@ -169,17 +165,10 @@ affine transformation (scale, rotation, shear, etc.).")
|
|||
'("--enable-xlib-xcb" "--enable-gl" "--enable-egl")))
|
||||
(synopsis "2D graphics library (with X11 support)")))
|
||||
|
||||
(define cairo/fixed
|
||||
(package
|
||||
(inherit cairo)
|
||||
(source (origin
|
||||
(inherit (package-source cairo))
|
||||
(patches (search-patches "cairo-CVE-2016-9082.patch"))))))
|
||||
|
||||
(define-public harfbuzz
|
||||
(package
|
||||
(name "harfbuzz")
|
||||
(version "1.2.4")
|
||||
(version "1.3.3")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "https://www.freedesktop.org/software/"
|
||||
|
@ -187,7 +176,7 @@ affine transformation (scale, rotation, shear, etc.).")
|
|||
version ".tar.bz2"))
|
||||
(sha256
|
||||
(base32
|
||||
"14g4kpph8hgplkm954daxiymxx0vicfq7b7svvdsx54g5bqvv7a4"))))
|
||||
"1jdkdjvci5d6r26vimsz24hz3xqqrk5xq40n693jn4m42mqrh816"))))
|
||||
(build-system gnu-build-system)
|
||||
(outputs '("out"
|
||||
"bin")) ; 160K, only hb-view depend on cairo
|
||||
|
@ -212,7 +201,7 @@ affine transformation (scale, rotation, shear, etc.).")
|
|||
"HarfBuzz is an OpenType text shaping engine.")
|
||||
(license (license:x11-style "file://COPYING"
|
||||
"See 'COPYING' in the distribution."))
|
||||
(home-page "http://www.freedesktop.org/wiki/Software/HarfBuzz/")))
|
||||
(home-page "https://www.freedesktop.org/wiki/Software/HarfBuzz/")))
|
||||
|
||||
(define-public pango
|
||||
(package
|
||||
|
|
|
@ -38,6 +38,8 @@
|
|||
#:use-module (gnu packages compression)
|
||||
#:use-module (gnu packages documentation)
|
||||
#:use-module (gnu packages fontutils)
|
||||
;; To provide gcc@5 and gcc@6, to work around <http://bugs.gnu.org/24703>.
|
||||
#:use-module (gnu packages gcc)
|
||||
#:use-module (gnu packages gettext)
|
||||
#:use-module (gnu packages ghostscript)
|
||||
#:use-module (gnu packages gl)
|
||||
|
@ -246,25 +248,14 @@ extracting icontainer icon files.")
|
|||
(define-public libtiff
|
||||
(package
|
||||
(name "libtiff")
|
||||
(replacement libtiff-4.0.7)
|
||||
(version "4.0.6")
|
||||
(version "4.0.7")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "ftp://ftp.remotesensing.org/pub/libtiff/tiff-"
|
||||
(uri (string-append "ftp://download.osgeo.org/libtiff/tiff-"
|
||||
version ".tar.gz"))
|
||||
(sha256 (base32
|
||||
"136nf1rj9dp5jgv1p7z4dk0xy3wki1w0vfjbk82f645m0w4samsd"))
|
||||
(patches (search-patches
|
||||
"libtiff-oob-accesses-in-decode.patch"
|
||||
"libtiff-oob-write-in-nextdecode.patch"
|
||||
"libtiff-CVE-2015-8665+CVE-2015-8683.patch"
|
||||
"libtiff-CVE-2016-3623.patch"
|
||||
"libtiff-CVE-2016-3945.patch"
|
||||
"libtiff-CVE-2016-3990.patch"
|
||||
"libtiff-CVE-2016-3991.patch"
|
||||
"libtiff-CVE-2016-5314.patch"
|
||||
"libtiff-CVE-2016-5321.patch"
|
||||
"libtiff-CVE-2016-5323.patch"))))
|
||||
(sha256
|
||||
(base32
|
||||
"06ghqhr4db1ssq0acyyz49gr8k41gzw6pqb6mbn5r7jqp77s4hwz"))))
|
||||
(build-system gnu-build-system)
|
||||
(outputs '("out"
|
||||
"doc")) ;1.3 MiB of HTML documentation
|
||||
|
@ -274,6 +265,9 @@ extracting icontainer icon files.")
|
|||
(assoc-ref %outputs "doc")
|
||||
"/share/doc/"
|
||||
,name "-" ,version))))
|
||||
;; Build with a patched GCC to work around <http://bugs.gnu.org/24703>.
|
||||
(native-inputs
|
||||
`(("gcc@5" ,gcc-5)))
|
||||
(inputs `(("zlib" ,zlib)
|
||||
("libjpeg" ,libjpeg)))
|
||||
(synopsis "Library for handling TIFF files")
|
||||
|
@ -284,19 +278,6 @@ Included are a library, libtiff, for reading and writing TIFF and a small
|
|||
collection of tools for doing simple manipulations of TIFF images.")
|
||||
(license (license:non-copyleft "file://COPYRIGHT"
|
||||
"See COPYRIGHT in the distribution."))
|
||||
(home-page "http://www.remotesensing.org/libtiff/")))
|
||||
|
||||
(define libtiff-4.0.7
|
||||
(package
|
||||
(inherit libtiff)
|
||||
(version "4.0.7")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "ftp://download.osgeo.org/libtiff/tiff-"
|
||||
version ".tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"06ghqhr4db1ssq0acyyz49gr8k41gzw6pqb6mbn5r7jqp77s4hwz"))))
|
||||
(home-page "http://www.simplesystems.org/libtiff/")))
|
||||
|
||||
(define-public libwmf
|
||||
|
|
|
@ -2503,7 +2503,7 @@ Bluetooth audio output devices like headphones or loudspeakers.")
|
|||
(define-public bluez
|
||||
(package
|
||||
(name "bluez")
|
||||
(version "5.40")
|
||||
(version "5.43")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append
|
||||
|
@ -2511,7 +2511,7 @@ Bluetooth audio output devices like headphones or loudspeakers.")
|
|||
version ".tar.xz"))
|
||||
(sha256
|
||||
(base32
|
||||
"09ywk3lvgis0nbi0d5z8d4qp5r33lzwnd6bdakacmbsm420qpnns"))))
|
||||
"05cdnpz0w2lwq2x5ba87q1h2wgb4lfnpbnbh6p7499hx59fw1j8n"))))
|
||||
(build-system gnu-build-system)
|
||||
(arguments
|
||||
'(#:configure-flags
|
||||
|
|
|
@ -0,0 +1,54 @@
|
|||
This patch from <https://bugzilla.redhat.com/show_bug.cgi?id=1395366> adds NULL
|
||||
checks to avoid crashes when GL support is missing, as is the case when running
|
||||
Xvfb.
|
||||
|
||||
Upstream issue: <https://github.com/anholt/libepoxy/issues/72>.
|
||||
|
||||
diff -ur libepoxy-1.3.1/src/dispatch_common.c libepoxy-1.3.1/src/dispatch_common.c
|
||||
--- libepoxy-1.3.1/src/dispatch_common.c 2015-07-15 19:46:36.000000000 -0400
|
||||
+++ libepoxy-1.3.1/src/dispatch_common.c 2016-11-16 09:03:52.809066247 -0500
|
||||
@@ -348,6 +348,8 @@
|
||||
epoxy_extension_in_string(const char *extension_list, const char *ext)
|
||||
{
|
||||
const char *ptr = extension_list;
|
||||
+ if (! ptr) return false;
|
||||
+ if (! ext) return false;
|
||||
int len = strlen(ext);
|
||||
|
||||
/* Make sure that don't just find an extension with our name as a prefix. */
|
||||
@@ -380,6 +382,7 @@
|
||||
|
||||
for (i = 0; i < num_extensions; i++) {
|
||||
const char *gl_ext = (const char *)glGetStringi(GL_EXTENSIONS, i);
|
||||
+ if (! gl_ext) return false;
|
||||
if (strcmp(ext, gl_ext) == 0)
|
||||
return true;
|
||||
}
|
||||
diff -ur libepoxy-1.3.1/src/dispatch_egl.c libepoxy-1.3.1/src/dispatch_egl.c
|
||||
--- libepoxy-1.3.1/src/dispatch_egl.c 2015-07-15 19:46:36.000000000 -0400
|
||||
+++ libepoxy-1.3.1/src/dispatch_egl.c 2016-11-16 08:40:34.069358709 -0500
|
||||
@@ -46,6 +46,7 @@
|
||||
int ret;
|
||||
|
||||
version_string = eglQueryString(dpy, EGL_VERSION);
|
||||
+ if (! version_string) return 0;
|
||||
ret = sscanf(version_string, "%d.%d", &major, &minor);
|
||||
assert(ret == 2);
|
||||
return major * 10 + minor;
|
||||
diff -ur libepoxy-1.3.1/src/dispatch_glx.c libepoxy-1.3.1/src/dispatch_glx.c
|
||||
--- libepoxy-1.3.1/src/dispatch_glx.c 2015-07-15 19:46:36.000000000 -0400
|
||||
+++ libepoxy-1.3.1/src/dispatch_glx.c 2016-11-16 08:41:03.065730370 -0500
|
||||
@@ -57,11 +57,13 @@
|
||||
int ret;
|
||||
|
||||
version_string = glXQueryServerString(dpy, screen, GLX_VERSION);
|
||||
+ if (! version_string) return 0;
|
||||
ret = sscanf(version_string, "%d.%d", &server_major, &server_minor);
|
||||
assert(ret == 2);
|
||||
server = server_major * 10 + server_minor;
|
||||
|
||||
version_string = glXGetClientString(dpy, GLX_VERSION);
|
||||
+ if (! version_string) return 0;
|
||||
ret = sscanf(version_string, "%d.%d", &client_major, &client_minor);
|
||||
assert(ret == 2);
|
||||
client = client_major * 10 + client_minor;
|
|
@ -1,107 +0,0 @@
|
|||
2015-12-26 Even Rouault <even.rouault at spatialys.com>
|
||||
|
||||
* libtiff/tif_getimage.c: fix out-of-bound reads in TIFFRGBAImage
|
||||
interface in case of unsupported values of SamplesPerPixel/ExtraSamples
|
||||
for LogLUV / CIELab. Add explicit call to TIFFRGBAImageOK() in
|
||||
TIFFRGBAImageBegin(). Fix CVE-2015-8665 reported by limingxing and
|
||||
CVE-2015-8683 reported by zzf of Alibaba.
|
||||
|
||||
diff -u -r1.93 -r1.94
|
||||
--- libtiff/libtiff/tif_getimage.c 22 Nov 2015 15:31:03 -0000 1.93
|
||||
+++ libtiff/libtiff/tif_getimage.c 26 Dec 2015 17:32:03 -0000 1.94
|
||||
@@ -182,20 +182,22 @@
|
||||
"Planarconfiguration", td->td_planarconfig);
|
||||
return (0);
|
||||
}
|
||||
- if( td->td_samplesperpixel != 3 )
|
||||
+ if( td->td_samplesperpixel != 3 || colorchannels != 3 )
|
||||
{
|
||||
sprintf(emsg,
|
||||
- "Sorry, can not handle image with %s=%d",
|
||||
- "Samples/pixel", td->td_samplesperpixel);
|
||||
+ "Sorry, can not handle image with %s=%d, %s=%d",
|
||||
+ "Samples/pixel", td->td_samplesperpixel,
|
||||
+ "colorchannels", colorchannels);
|
||||
return 0;
|
||||
}
|
||||
break;
|
||||
case PHOTOMETRIC_CIELAB:
|
||||
- if( td->td_samplesperpixel != 3 || td->td_bitspersample != 8 )
|
||||
+ if( td->td_samplesperpixel != 3 || colorchannels != 3 || td->td_bitspersample != 8 )
|
||||
{
|
||||
sprintf(emsg,
|
||||
- "Sorry, can not handle image with %s=%d and %s=%d",
|
||||
+ "Sorry, can not handle image with %s=%d, %s=%d and %s=%d",
|
||||
"Samples/pixel", td->td_samplesperpixel,
|
||||
+ "colorchannels", colorchannels,
|
||||
"Bits/sample", td->td_bitspersample);
|
||||
return 0;
|
||||
}
|
||||
@@ -255,6 +257,9 @@
|
||||
int colorchannels;
|
||||
uint16 *red_orig, *green_orig, *blue_orig;
|
||||
int n_color;
|
||||
+
|
||||
+ if( !TIFFRGBAImageOK(tif, emsg) )
|
||||
+ return 0;
|
||||
|
||||
/* Initialize to normal values */
|
||||
img->row_offset = 0;
|
||||
@@ -2509,29 +2514,33 @@
|
||||
case PHOTOMETRIC_RGB:
|
||||
switch (img->bitspersample) {
|
||||
case 8:
|
||||
- if (img->alpha == EXTRASAMPLE_ASSOCALPHA)
|
||||
+ if (img->alpha == EXTRASAMPLE_ASSOCALPHA &&
|
||||
+ img->samplesperpixel >= 4)
|
||||
img->put.contig = putRGBAAcontig8bittile;
|
||||
- else if (img->alpha == EXTRASAMPLE_UNASSALPHA)
|
||||
+ else if (img->alpha == EXTRASAMPLE_UNASSALPHA &&
|
||||
+ img->samplesperpixel >= 4)
|
||||
{
|
||||
if (BuildMapUaToAa(img))
|
||||
img->put.contig = putRGBUAcontig8bittile;
|
||||
}
|
||||
- else
|
||||
+ else if( img->samplesperpixel >= 3 )
|
||||
img->put.contig = putRGBcontig8bittile;
|
||||
break;
|
||||
case 16:
|
||||
- if (img->alpha == EXTRASAMPLE_ASSOCALPHA)
|
||||
+ if (img->alpha == EXTRASAMPLE_ASSOCALPHA &&
|
||||
+ img->samplesperpixel >=4 )
|
||||
{
|
||||
if (BuildMapBitdepth16To8(img))
|
||||
img->put.contig = putRGBAAcontig16bittile;
|
||||
}
|
||||
- else if (img->alpha == EXTRASAMPLE_UNASSALPHA)
|
||||
+ else if (img->alpha == EXTRASAMPLE_UNASSALPHA &&
|
||||
+ img->samplesperpixel >=4 )
|
||||
{
|
||||
if (BuildMapBitdepth16To8(img) &&
|
||||
BuildMapUaToAa(img))
|
||||
img->put.contig = putRGBUAcontig16bittile;
|
||||
}
|
||||
- else
|
||||
+ else if( img->samplesperpixel >=3 )
|
||||
{
|
||||
if (BuildMapBitdepth16To8(img))
|
||||
img->put.contig = putRGBcontig16bittile;
|
||||
@@ -2540,7 +2549,7 @@
|
||||
}
|
||||
break;
|
||||
case PHOTOMETRIC_SEPARATED:
|
||||
- if (buildMap(img)) {
|
||||
+ if (img->samplesperpixel >=4 && buildMap(img)) {
|
||||
if (img->bitspersample == 8) {
|
||||
if (!img->Map)
|
||||
img->put.contig = putRGBcontig8bitCMYKtile;
|
||||
@@ -2636,7 +2645,7 @@
|
||||
}
|
||||
break;
|
||||
case PHOTOMETRIC_CIELAB:
|
||||
- if (buildMap(img)) {
|
||||
+ if (img->samplesperpixel == 3 && buildMap(img)) {
|
||||
if (img->bitspersample == 8)
|
||||
img->put.contig = initCIELabConversion(img);
|
||||
break;
|
|
@ -1,30 +0,0 @@
|
|||
Fix CVE-2016-3623.
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3623
|
||||
http://bugzilla.maptools.org/show_bug.cgi?id=2569
|
||||
|
||||
Patch extracted from upstream CVS repo with:
|
||||
$ cvs diff -u -r1.16 -r1.17 tools/rgb2ycbcr.c
|
||||
|
||||
Index: tools/rgb2ycbcr.c
|
||||
===================================================================
|
||||
RCS file: /cvs/maptools/cvsroot/libtiff/tools/rgb2ycbcr.c,v
|
||||
retrieving revision 1.16
|
||||
retrieving revision 1.17
|
||||
diff -u -r1.16 -r1.17
|
||||
--- libtiff/tools/rgb2ycbcr.c 21 Jun 2015 01:09:10 -0000 1.16
|
||||
+++ libtiff/tools/rgb2ycbcr.c 15 Aug 2016 21:26:56 -0000 1.17
|
||||
@@ -95,9 +95,13 @@
|
||||
break;
|
||||
case 'h':
|
||||
horizSubSampling = atoi(optarg);
|
||||
+ if( horizSubSampling != 1 && horizSubSampling != 2 && horizSubSampling != 4 )
|
||||
+ usage(-1);
|
||||
break;
|
||||
case 'v':
|
||||
vertSubSampling = atoi(optarg);
|
||||
+ if( vertSubSampling != 1 && vertSubSampling != 2 && vertSubSampling != 4 )
|
||||
+ usage(-1);
|
||||
break;
|
||||
case 'r':
|
||||
rowsperstrip = atoi(optarg);
|
|
@ -1,94 +0,0 @@
|
|||
Fix CVE-2016-3945 (integer overflow in size of allocated
|
||||
buffer, when -b mode is enabled, that could result in out-of-bounds
|
||||
write).
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3945
|
||||
http://bugzilla.maptools.org/show_bug.cgi?id=2545
|
||||
|
||||
Patch extracted from upstream CVS repo with:
|
||||
$ cvs diff -u -r1.21 -r1.22 tools/tiff2rgba.c
|
||||
|
||||
Index: tools/tiff2rgba.c
|
||||
===================================================================
|
||||
RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2rgba.c,v
|
||||
retrieving revision 1.21
|
||||
retrieving revision 1.22
|
||||
diff -u -r1.21 -r1.22
|
||||
--- libtiff/tools/tiff2rgba.c 21 Jun 2015 01:09:10 -0000 1.21
|
||||
+++ libtiff/tools/tiff2rgba.c 15 Aug 2016 20:06:41 -0000 1.22
|
||||
@@ -147,6 +147,7 @@
|
||||
uint32 row, col;
|
||||
uint32 *wrk_line;
|
||||
int ok = 1;
|
||||
+ uint32 rastersize, wrk_linesize;
|
||||
|
||||
TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width);
|
||||
TIFFGetField(in, TIFFTAG_IMAGELENGTH, &height);
|
||||
@@ -163,7 +164,13 @@
|
||||
/*
|
||||
* Allocate tile buffer
|
||||
*/
|
||||
- raster = (uint32*)_TIFFmalloc(tile_width * tile_height * sizeof (uint32));
|
||||
+ rastersize = tile_width * tile_height * sizeof (uint32);
|
||||
+ if (tile_width != (rastersize / tile_height) / sizeof( uint32))
|
||||
+ {
|
||||
+ TIFFError(TIFFFileName(in), "Integer overflow when calculating raster buffer");
|
||||
+ exit(-1);
|
||||
+ }
|
||||
+ raster = (uint32*)_TIFFmalloc(rastersize);
|
||||
if (raster == 0) {
|
||||
TIFFError(TIFFFileName(in), "No space for raster buffer");
|
||||
return (0);
|
||||
@@ -173,7 +180,13 @@
|
||||
* Allocate a scanline buffer for swapping during the vertical
|
||||
* mirroring pass.
|
||||
*/
|
||||
- wrk_line = (uint32*)_TIFFmalloc(tile_width * sizeof (uint32));
|
||||
+ wrk_linesize = tile_width * sizeof (uint32);
|
||||
+ if (tile_width != wrk_linesize / sizeof (uint32))
|
||||
+ {
|
||||
+ TIFFError(TIFFFileName(in), "Integer overflow when calculating wrk_line buffer");
|
||||
+ exit(-1);
|
||||
+ }
|
||||
+ wrk_line = (uint32*)_TIFFmalloc(wrk_linesize);
|
||||
if (!wrk_line) {
|
||||
TIFFError(TIFFFileName(in), "No space for raster scanline buffer");
|
||||
ok = 0;
|
||||
@@ -249,6 +262,7 @@
|
||||
uint32 row;
|
||||
uint32 *wrk_line;
|
||||
int ok = 1;
|
||||
+ uint32 rastersize, wrk_linesize;
|
||||
|
||||
TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width);
|
||||
TIFFGetField(in, TIFFTAG_IMAGELENGTH, &height);
|
||||
@@ -263,7 +277,13 @@
|
||||
/*
|
||||
* Allocate strip buffer
|
||||
*/
|
||||
- raster = (uint32*)_TIFFmalloc(width * rowsperstrip * sizeof (uint32));
|
||||
+ rastersize = width * rowsperstrip * sizeof (uint32);
|
||||
+ if (width != (rastersize / rowsperstrip) / sizeof( uint32))
|
||||
+ {
|
||||
+ TIFFError(TIFFFileName(in), "Integer overflow when calculating raster buffer");
|
||||
+ exit(-1);
|
||||
+ }
|
||||
+ raster = (uint32*)_TIFFmalloc(rastersize);
|
||||
if (raster == 0) {
|
||||
TIFFError(TIFFFileName(in), "No space for raster buffer");
|
||||
return (0);
|
||||
@@ -273,7 +293,13 @@
|
||||
* Allocate a scanline buffer for swapping during the vertical
|
||||
* mirroring pass.
|
||||
*/
|
||||
- wrk_line = (uint32*)_TIFFmalloc(width * sizeof (uint32));
|
||||
+ wrk_linesize = width * sizeof (uint32);
|
||||
+ if (width != wrk_linesize / sizeof (uint32))
|
||||
+ {
|
||||
+ TIFFError(TIFFFileName(in), "Integer overflow when calculating wrk_line buffer");
|
||||
+ exit(-1);
|
||||
+ }
|
||||
+ wrk_line = (uint32*)_TIFFmalloc(wrk_linesize);
|
||||
if (!wrk_line) {
|
||||
TIFFError(TIFFFileName(in), "No space for raster scanline buffer");
|
||||
ok = 0;
|
|
@ -1,31 +0,0 @@
|
|||
Fix CVE-2016-3990 (write buffer overflow in PixarLogEncode if more input
|
||||
samples are provided than expected by PixarLogSetupEncode).
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3990
|
||||
http://bugzilla.maptools.org/show_bug.cgi?id=2544
|
||||
|
||||
Patch extracted from upstream CVS repo with:
|
||||
$ cvs diff -u -r1.45 -r1.46 libtiff/tif_pixarlog.c
|
||||
|
||||
Index: libtiff/tif_pixarlog.c
|
||||
===================================================================
|
||||
RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_pixarlog.c,v
|
||||
retrieving revision 1.45
|
||||
retrieving revision 1.46
|
||||
diff -u -r1.45 -r1.46
|
||||
--- libtiff/libtiff/tif_pixarlog.c 28 Jun 2016 15:37:33 -0000 1.45
|
||||
+++ libtiff/libtiff/tif_pixarlog.c 15 Aug 2016 20:49:48 -0000 1.46
|
||||
@@ -1141,6 +1141,13 @@
|
||||
}
|
||||
|
||||
llen = sp->stride * td->td_imagewidth;
|
||||
+ /* Check against the number of elements (of size uint16) of sp->tbuf */
|
||||
+ if( n > td->td_rowsperstrip * llen )
|
||||
+ {
|
||||
+ TIFFErrorExt(tif->tif_clientdata, module,
|
||||
+ "Too many input bytes provided");
|
||||
+ return 0;
|
||||
+ }
|
||||
|
||||
for (i = 0, up = sp->tbuf; i < n; i += llen, up += llen) {
|
||||
switch (sp->user_datafmt) {
|
|
@ -1,123 +0,0 @@
|
|||
Fix CVE-2016-3991 (out-of-bounds write in loadImage()).
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3991
|
||||
http://bugzilla.maptools.org/show_bug.cgi?id=2543
|
||||
|
||||
Patch extracted from upstream CVS repo with:
|
||||
$ cvs diff -u -r1.37 -r1.38 tools/tiffcrop.c
|
||||
|
||||
Index: tools/tiffcrop.c
|
||||
===================================================================
|
||||
RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v
|
||||
retrieving revision 1.37
|
||||
retrieving revision 1.38
|
||||
diff -u -r1.37 -r1.38
|
||||
--- libtiff/tools/tiffcrop.c 11 Jul 2016 21:38:31 -0000 1.37
|
||||
+++ libtiff/tools/tiffcrop.c 15 Aug 2016 21:05:40 -0000 1.38
|
||||
@@ -798,6 +798,11 @@
|
||||
}
|
||||
|
||||
tile_buffsize = tilesize;
|
||||
+ if (tilesize == 0 || tile_rowsize == 0)
|
||||
+ {
|
||||
+ TIFFError("readContigTilesIntoBuffer", "Tile size or tile rowsize is zero");
|
||||
+ exit(-1);
|
||||
+ }
|
||||
|
||||
if (tilesize < (tsize_t)(tl * tile_rowsize))
|
||||
{
|
||||
@@ -807,7 +812,12 @@
|
||||
tilesize, tl * tile_rowsize);
|
||||
#endif
|
||||
tile_buffsize = tl * tile_rowsize;
|
||||
- }
|
||||
+ if (tl != (tile_buffsize / tile_rowsize))
|
||||
+ {
|
||||
+ TIFFError("readContigTilesIntoBuffer", "Integer overflow when calculating buffer size.");
|
||||
+ exit(-1);
|
||||
+ }
|
||||
+ }
|
||||
|
||||
tilebuf = _TIFFmalloc(tile_buffsize);
|
||||
if (tilebuf == 0)
|
||||
@@ -1210,6 +1220,12 @@
|
||||
!TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps) )
|
||||
return 1;
|
||||
|
||||
+ if (tilesize == 0 || tile_rowsize == 0 || tl == 0 || tw == 0)
|
||||
+ {
|
||||
+ TIFFError("writeBufferToContigTiles", "Tile size, tile row size, tile width, or tile length is zero");
|
||||
+ exit(-1);
|
||||
+ }
|
||||
+
|
||||
tile_buffsize = tilesize;
|
||||
if (tilesize < (tsize_t)(tl * tile_rowsize))
|
||||
{
|
||||
@@ -1219,6 +1235,11 @@
|
||||
tilesize, tl * tile_rowsize);
|
||||
#endif
|
||||
tile_buffsize = tl * tile_rowsize;
|
||||
+ if (tl != tile_buffsize / tile_rowsize)
|
||||
+ {
|
||||
+ TIFFError("writeBufferToContigTiles", "Integer overflow when calculating buffer size");
|
||||
+ exit(-1);
|
||||
+ }
|
||||
}
|
||||
|
||||
tilebuf = _TIFFmalloc(tile_buffsize);
|
||||
@@ -5945,12 +5966,27 @@
|
||||
TIFFGetField(in, TIFFTAG_TILELENGTH, &tl);
|
||||
|
||||
tile_rowsize = TIFFTileRowSize(in);
|
||||
+ if (ntiles == 0 || tlsize == 0 || tile_rowsize == 0)
|
||||
+ {
|
||||
+ TIFFError("loadImage", "File appears to be tiled, but the number of tiles, tile size, or tile rowsize is zero.");
|
||||
+ exit(-1);
|
||||
+ }
|
||||
buffsize = tlsize * ntiles;
|
||||
+ if (tlsize != (buffsize / ntiles))
|
||||
+ {
|
||||
+ TIFFError("loadImage", "Integer overflow when calculating buffer size");
|
||||
+ exit(-1);
|
||||
+ }
|
||||
|
||||
-
|
||||
if (buffsize < (uint32)(ntiles * tl * tile_rowsize))
|
||||
{
|
||||
buffsize = ntiles * tl * tile_rowsize;
|
||||
+ if (ntiles != (buffsize / tl / tile_rowsize))
|
||||
+ {
|
||||
+ TIFFError("loadImage", "Integer overflow when calculating buffer size");
|
||||
+ exit(-1);
|
||||
+ }
|
||||
+
|
||||
#ifdef DEBUG2
|
||||
TIFFError("loadImage",
|
||||
"Tilesize %u is too small, using ntiles * tilelength * tilerowsize %lu",
|
||||
@@ -5969,8 +6005,25 @@
|
||||
TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rowsperstrip);
|
||||
stsize = TIFFStripSize(in);
|
||||
nstrips = TIFFNumberOfStrips(in);
|
||||
+ if (nstrips == 0 || stsize == 0)
|
||||
+ {
|
||||
+ TIFFError("loadImage", "File appears to be striped, but the number of stipes or stripe size is zero.");
|
||||
+ exit(-1);
|
||||
+ }
|
||||
+
|
||||
buffsize = stsize * nstrips;
|
||||
-
|
||||
+ if (stsize != (buffsize / nstrips))
|
||||
+ {
|
||||
+ TIFFError("loadImage", "Integer overflow when calculating buffer size");
|
||||
+ exit(-1);
|
||||
+ }
|
||||
+ uint32 buffsize_check;
|
||||
+ buffsize_check = ((length * width * spp * bps) + 7);
|
||||
+ if (length != ((buffsize_check - 7) / width / spp / bps))
|
||||
+ {
|
||||
+ TIFFError("loadImage", "Integer overflow detected.");
|
||||
+ exit(-1);
|
||||
+ }
|
||||
if (buffsize < (uint32) (((length * width * spp * bps) + 7) / 8))
|
||||
{
|
||||
buffsize = ((length * width * spp * bps) + 7) / 8;
|
|
@ -1,45 +0,0 @@
|
|||
Fix CVE-2016-5314.
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5314
|
||||
bugzilla.maptools.org/show_bug.cgi?id=2554
|
||||
|
||||
Patch extracted from upstream CVS repo with:
|
||||
$ cvs diff -u -r1.43 -r1.44 libtiff/tif_pixarlog.c
|
||||
|
||||
Index: libtiff/tif_pixarlog.c
|
||||
===================================================================
|
||||
RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_pixarlog.c,v
|
||||
retrieving revision 1.43
|
||||
retrieving revision 1.44
|
||||
diff -u -r1.43 -r1.44
|
||||
--- libtiff/libtiff/tif_pixarlog.c 27 Dec 2015 20:14:11 -0000 1.43
|
||||
+++ libtiff/libtiff/tif_pixarlog.c 28 Jun 2016 15:12:19 -0000 1.44
|
||||
@@ -459,6 +459,7 @@
|
||||
typedef struct {
|
||||
TIFFPredictorState predict;
|
||||
z_stream stream;
|
||||
+ tmsize_t tbuf_size; /* only set/used on reading for now */
|
||||
uint16 *tbuf;
|
||||
uint16 stride;
|
||||
int state;
|
||||
@@ -694,6 +695,7 @@
|
||||
sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size);
|
||||
if (sp->tbuf == NULL)
|
||||
return (0);
|
||||
+ sp->tbuf_size = tbuf_size;
|
||||
if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN)
|
||||
sp->user_datafmt = PixarLogGuessDataFmt(td);
|
||||
if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN) {
|
||||
@@ -783,6 +785,12 @@
|
||||
TIFFErrorExt(tif->tif_clientdata, module, "ZLib cannot deal with buffers this size");
|
||||
return (0);
|
||||
}
|
||||
+ /* Check that we will not fill more than what was allocated */
|
||||
+ if (sp->stream.avail_out > sp->tbuf_size)
|
||||
+ {
|
||||
+ TIFFErrorExt(tif->tif_clientdata, module, "sp->stream.avail_out > sp->tbuf_size");
|
||||
+ return (0);
|
||||
+ }
|
||||
do {
|
||||
int state = inflate(&sp->stream, Z_PARTIAL_FLUSH);
|
||||
if (state == Z_STREAM_END) {
|
|
@ -1,25 +0,0 @@
|
|||
Fix CVE-2016-5321.
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5321
|
||||
http://bugzilla.maptools.org/show_bug.cgi?id=2558
|
||||
|
||||
Patch extracted from upstream CVS repo with:
|
||||
$ cvs diff -u -r1.35 -r1.36 tools/tiffcrop.c
|
||||
|
||||
Index: tools/tiffcrop.c
|
||||
===================================================================
|
||||
RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v
|
||||
retrieving revision 1.35
|
||||
retrieving revision 1.36
|
||||
diff -u -r1.35 -r1.36
|
||||
--- libtiff/tools/tiffcrop.c 19 Aug 2015 02:31:04 -0000 1.35
|
||||
+++ libtiff/tools/tiffcrop.c 11 Jul 2016 21:26:03 -0000 1.36
|
||||
@@ -989,7 +989,7 @@
|
||||
nrow = (row + tl > imagelength) ? imagelength - row : tl;
|
||||
for (col = 0; col < imagewidth; col += tw)
|
||||
{
|
||||
- for (s = 0; s < spp; s++)
|
||||
+ for (s = 0; s < spp && s < MAX_SAMPLES; s++)
|
||||
{ /* Read each plane of a tile set into srcbuffs[s] */
|
||||
tbytes = TIFFReadTile(in, srcbuffs[s], col, row, 0, s);
|
||||
if (tbytes < 0 && !ignore)
|
|
@ -1,88 +0,0 @@
|
|||
Fix CVE-2016-5323.
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5323
|
||||
http://bugzilla.maptools.org/show_bug.cgi?id=2559
|
||||
|
||||
Patch extracted from upstream CVS repo with:
|
||||
$ cvs diff -u -r1.36 -r1.37 tools/tiffcrop.c
|
||||
|
||||
Index: tools/tiffcrop.c
|
||||
===================================================================
|
||||
RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v
|
||||
retrieving revision 1.36
|
||||
retrieving revision 1.37
|
||||
diff -u -r1.36 -r1.37
|
||||
--- libtiff/tools/tiffcrop.c 11 Jul 2016 21:26:03 -0000 1.36
|
||||
+++ libtiff/tools/tiffcrop.c 11 Jul 2016 21:38:31 -0000 1.37
|
||||
@@ -3738,7 +3738,7 @@
|
||||
|
||||
matchbits = maskbits << (8 - src_bit - bps);
|
||||
/* load up next sample from each plane */
|
||||
- for (s = 0; s < spp; s++)
|
||||
+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
|
||||
{
|
||||
src = in[s] + src_offset + src_byte;
|
||||
buff1 = ((*src) & matchbits) << (src_bit);
|
||||
@@ -3837,7 +3837,7 @@
|
||||
src_bit = bit_offset % 8;
|
||||
|
||||
matchbits = maskbits << (16 - src_bit - bps);
|
||||
- for (s = 0; s < spp; s++)
|
||||
+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
|
||||
{
|
||||
src = in[s] + src_offset + src_byte;
|
||||
if (little_endian)
|
||||
@@ -3947,7 +3947,7 @@
|
||||
src_bit = bit_offset % 8;
|
||||
|
||||
matchbits = maskbits << (32 - src_bit - bps);
|
||||
- for (s = 0; s < spp; s++)
|
||||
+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
|
||||
{
|
||||
src = in[s] + src_offset + src_byte;
|
||||
if (little_endian)
|
||||
@@ -4073,7 +4073,7 @@
|
||||
src_bit = bit_offset % 8;
|
||||
|
||||
matchbits = maskbits << (64 - src_bit - bps);
|
||||
- for (s = 0; s < spp; s++)
|
||||
+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
|
||||
{
|
||||
src = in[s] + src_offset + src_byte;
|
||||
if (little_endian)
|
||||
@@ -4263,7 +4263,7 @@
|
||||
|
||||
matchbits = maskbits << (8 - src_bit - bps);
|
||||
/* load up next sample from each plane */
|
||||
- for (s = 0; s < spp; s++)
|
||||
+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
|
||||
{
|
||||
src = in[s] + src_offset + src_byte;
|
||||
buff1 = ((*src) & matchbits) << (src_bit);
|
||||
@@ -4362,7 +4362,7 @@
|
||||
src_bit = bit_offset % 8;
|
||||
|
||||
matchbits = maskbits << (16 - src_bit - bps);
|
||||
- for (s = 0; s < spp; s++)
|
||||
+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
|
||||
{
|
||||
src = in[s] + src_offset + src_byte;
|
||||
if (little_endian)
|
||||
@@ -4471,7 +4471,7 @@
|
||||
src_bit = bit_offset % 8;
|
||||
|
||||
matchbits = maskbits << (32 - src_bit - bps);
|
||||
- for (s = 0; s < spp; s++)
|
||||
+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
|
||||
{
|
||||
src = in[s] + src_offset + src_byte;
|
||||
if (little_endian)
|
||||
@@ -4597,7 +4597,7 @@
|
||||
src_bit = bit_offset % 8;
|
||||
|
||||
matchbits = maskbits << (64 - src_bit - bps);
|
||||
- for (s = 0; s < spp; s++)
|
||||
+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
|
||||
{
|
||||
src = in[s] + src_offset + src_byte;
|
||||
if (little_endian)
|
|
@ -1,171 +0,0 @@
|
|||
2015-12-27 Even Rouault <even.rouault at spatialys.com>
|
||||
|
||||
* libtiff/tif_luv.c: fix potential out-of-bound writes in decode
|
||||
functions in non debug builds by replacing assert()s by regular if
|
||||
checks (bugzilla #2522).
|
||||
Fix potential out-of-bound reads in case of short input data.
|
||||
|
||||
diff -u -r1.40 -r1.41
|
||||
--- libtiff/libtiff/tif_luv.c 21 Jun 2015 01:09:09 -0000 1.40
|
||||
+++ libtiff/libtiff/tif_luv.c 27 Dec 2015 16:25:11 -0000 1.41
|
||||
@@ -1,4 +1,4 @@
|
||||
-/* $Id: tif_luv.c,v 1.40 2015-06-21 01:09:09 bfriesen Exp $ */
|
||||
+/* $Id: tif_luv.c,v 1.41 2015-12-27 16:25:11 erouault Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1997 Greg Ward Larson
|
||||
@@ -202,7 +202,11 @@
|
||||
if (sp->user_datafmt == SGILOGDATAFMT_16BIT)
|
||||
tp = (int16*) op;
|
||||
else {
|
||||
- assert(sp->tbuflen >= npixels);
|
||||
+ if(sp->tbuflen < npixels) {
|
||||
+ TIFFErrorExt(tif->tif_clientdata, module,
|
||||
+ "Translation buffer too short");
|
||||
+ return (0);
|
||||
+ }
|
||||
tp = (int16*) sp->tbuf;
|
||||
}
|
||||
_TIFFmemset((void*) tp, 0, npixels*sizeof (tp[0]));
|
||||
@@ -211,9 +215,11 @@
|
||||
cc = tif->tif_rawcc;
|
||||
/* get each byte string */
|
||||
for (shft = 2*8; (shft -= 8) >= 0; ) {
|
||||
- for (i = 0; i < npixels && cc > 0; )
|
||||
+ for (i = 0; i < npixels && cc > 0; ) {
|
||||
if (*bp >= 128) { /* run */
|
||||
- rc = *bp++ + (2-128); /* TODO: potential input buffer overrun when decoding corrupt or truncated data */
|
||||
+ if( cc < 2 )
|
||||
+ break;
|
||||
+ rc = *bp++ + (2-128);
|
||||
b = (int16)(*bp++ << shft);
|
||||
cc -= 2;
|
||||
while (rc-- && i < npixels)
|
||||
@@ -223,6 +229,7 @@
|
||||
while (--cc && rc-- && i < npixels)
|
||||
tp[i++] |= (int16)*bp++ << shft;
|
||||
}
|
||||
+ }
|
||||
if (i != npixels) {
|
||||
#if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
|
||||
TIFFErrorExt(tif->tif_clientdata, module,
|
||||
@@ -268,13 +275,17 @@
|
||||
if (sp->user_datafmt == SGILOGDATAFMT_RAW)
|
||||
tp = (uint32 *)op;
|
||||
else {
|
||||
- assert(sp->tbuflen >= npixels);
|
||||
+ if(sp->tbuflen < npixels) {
|
||||
+ TIFFErrorExt(tif->tif_clientdata, module,
|
||||
+ "Translation buffer too short");
|
||||
+ return (0);
|
||||
+ }
|
||||
tp = (uint32 *) sp->tbuf;
|
||||
}
|
||||
/* copy to array of uint32 */
|
||||
bp = (unsigned char*) tif->tif_rawcp;
|
||||
cc = tif->tif_rawcc;
|
||||
- for (i = 0; i < npixels && cc > 0; i++) {
|
||||
+ for (i = 0; i < npixels && cc >= 3; i++) {
|
||||
tp[i] = bp[0] << 16 | bp[1] << 8 | bp[2];
|
||||
bp += 3;
|
||||
cc -= 3;
|
||||
@@ -325,7 +336,11 @@
|
||||
if (sp->user_datafmt == SGILOGDATAFMT_RAW)
|
||||
tp = (uint32*) op;
|
||||
else {
|
||||
- assert(sp->tbuflen >= npixels);
|
||||
+ if(sp->tbuflen < npixels) {
|
||||
+ TIFFErrorExt(tif->tif_clientdata, module,
|
||||
+ "Translation buffer too short");
|
||||
+ return (0);
|
||||
+ }
|
||||
tp = (uint32*) sp->tbuf;
|
||||
}
|
||||
_TIFFmemset((void*) tp, 0, npixels*sizeof (tp[0]));
|
||||
@@ -334,11 +349,13 @@
|
||||
cc = tif->tif_rawcc;
|
||||
/* get each byte string */
|
||||
for (shft = 4*8; (shft -= 8) >= 0; ) {
|
||||
- for (i = 0; i < npixels && cc > 0; )
|
||||
+ for (i = 0; i < npixels && cc > 0; ) {
|
||||
if (*bp >= 128) { /* run */
|
||||
+ if( cc < 2 )
|
||||
+ break;
|
||||
rc = *bp++ + (2-128);
|
||||
b = (uint32)*bp++ << shft;
|
||||
- cc -= 2; /* TODO: potential input buffer overrun when decoding corrupt or truncated data */
|
||||
+ cc -= 2;
|
||||
while (rc-- && i < npixels)
|
||||
tp[i++] |= b;
|
||||
} else { /* non-run */
|
||||
@@ -346,6 +363,7 @@
|
||||
while (--cc && rc-- && i < npixels)
|
||||
tp[i++] |= (uint32)*bp++ << shft;
|
||||
}
|
||||
+ }
|
||||
if (i != npixels) {
|
||||
#if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
|
||||
TIFFErrorExt(tif->tif_clientdata, module,
|
||||
@@ -413,6 +431,7 @@
|
||||
static int
|
||||
LogL16Encode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
|
||||
{
|
||||
+ static const char module[] = "LogL16Encode";
|
||||
LogLuvState* sp = EncoderState(tif);
|
||||
int shft;
|
||||
tmsize_t i;
|
||||
@@ -433,7 +452,11 @@
|
||||
tp = (int16*) bp;
|
||||
else {
|
||||
tp = (int16*) sp->tbuf;
|
||||
- assert(sp->tbuflen >= npixels);
|
||||
+ if(sp->tbuflen < npixels) {
|
||||
+ TIFFErrorExt(tif->tif_clientdata, module,
|
||||
+ "Translation buffer too short");
|
||||
+ return (0);
|
||||
+ }
|
||||
(*sp->tfunc)(sp, bp, npixels);
|
||||
}
|
||||
/* compress each byte string */
|
||||
@@ -506,6 +529,7 @@
|
||||
static int
|
||||
LogLuvEncode24(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
|
||||
{
|
||||
+ static const char module[] = "LogLuvEncode24";
|
||||
LogLuvState* sp = EncoderState(tif);
|
||||
tmsize_t i;
|
||||
tmsize_t npixels;
|
||||
@@ -521,7 +545,11 @@
|
||||
tp = (uint32*) bp;
|
||||
else {
|
||||
tp = (uint32*) sp->tbuf;
|
||||
- assert(sp->tbuflen >= npixels);
|
||||
+ if(sp->tbuflen < npixels) {
|
||||
+ TIFFErrorExt(tif->tif_clientdata, module,
|
||||
+ "Translation buffer too short");
|
||||
+ return (0);
|
||||
+ }
|
||||
(*sp->tfunc)(sp, bp, npixels);
|
||||
}
|
||||
/* write out encoded pixels */
|
||||
@@ -553,6 +581,7 @@
|
||||
static int
|
||||
LogLuvEncode32(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
|
||||
{
|
||||
+ static const char module[] = "LogLuvEncode32";
|
||||
LogLuvState* sp = EncoderState(tif);
|
||||
int shft;
|
||||
tmsize_t i;
|
||||
@@ -574,7 +603,11 @@
|
||||
tp = (uint32*) bp;
|
||||
else {
|
||||
tp = (uint32*) sp->tbuf;
|
||||
- assert(sp->tbuflen >= npixels);
|
||||
+ if(sp->tbuflen < npixels) {
|
||||
+ TIFFErrorExt(tif->tif_clientdata, module,
|
||||
+ "Translation buffer too short");
|
||||
+ return (0);
|
||||
+ }
|
||||
(*sp->tfunc)(sp, bp, npixels);
|
||||
}
|
||||
/* compress each byte string */
|
|
@ -1,49 +0,0 @@
|
|||
2015-12-27 Even Rouault <even.rouault at spatialys.com>
|
||||
|
||||
* libtiff/tif_next.c: fix potential out-of-bound write in NeXTDecode()
|
||||
triggered by http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif
|
||||
(bugzilla #2508)
|
||||
|
||||
diff -u -r1.16 -r1.18
|
||||
--- libtiff/libtiff/tif_next.c 29 Dec 2014 12:09:11 -0000 1.16
|
||||
+++ libtiff/libtiff/tif_next.c 27 Dec 2015 17:14:52 -0000 1.18
|
||||
@@ -1,4 +1,4 @@
|
||||
-/* $Id: tif_next.c,v 1.16 2014-12-29 12:09:11 erouault Exp $ */
|
||||
+/* $Id: tif_next.c,v 1.18 2015-12-27 17:14:52 erouault Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1988-1997 Sam Leffler
|
||||
@@ -37,7 +37,7 @@
|
||||
case 0: op[0] = (unsigned char) ((v) << 6); break; \
|
||||
case 1: op[0] |= (v) << 4; break; \
|
||||
case 2: op[0] |= (v) << 2; break; \
|
||||
- case 3: *op++ |= (v); break; \
|
||||
+ case 3: *op++ |= (v); op_offset++; break; \
|
||||
} \
|
||||
}
|
||||
|
||||
@@ -103,6 +103,7 @@
|
||||
}
|
||||
default: {
|
||||
uint32 npixels = 0, grey;
|
||||
+ tmsize_t op_offset = 0;
|
||||
uint32 imagewidth = tif->tif_dir.td_imagewidth;
|
||||
if( isTiled(tif) )
|
||||
imagewidth = tif->tif_dir.td_tilewidth;
|
||||
@@ -122,10 +123,15 @@
|
||||
* bounds, potentially resulting in a security
|
||||
* issue.
|
||||
*/
|
||||
- while (n-- > 0 && npixels < imagewidth)
|
||||
+ while (n-- > 0 && npixels < imagewidth && op_offset < scanline)
|
||||
SETPIXEL(op, grey);
|
||||
if (npixels >= imagewidth)
|
||||
break;
|
||||
+ if (op_offset >= scanline ) {
|
||||
+ TIFFErrorExt(tif->tif_clientdata, module, "Invalid data for scanline %ld",
|
||||
+ (long) tif->tif_row);
|
||||
+ return (0);
|
||||
+ }
|
||||
if (cc == 0)
|
||||
goto bad;
|
||||
n = *bp++, cc--;
|
|
@ -1,30 +0,0 @@
|
|||
Fix CVE-2016-6265 (use after free in pdf_load_xref()).
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6265
|
||||
https://security-tracker.debian.org/tracker/CVE-2016-6265
|
||||
|
||||
Patch copied from upstream source repository:
|
||||
|
||||
http://git.ghostscript.com/?p=mupdf.git;h=fa1936405b6a84e5c9bb440912c23d532772f958
|
||||
|
||||
diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c
|
||||
index 576c315..3222599 100644
|
||||
--- a/source/pdf/pdf-xref.c
|
||||
+++ b/source/pdf/pdf-xref.c
|
||||
@@ -1184,8 +1184,14 @@ pdf_load_xref(fz_context *ctx, pdf_document *doc, pdf_lexbuf *buf)
|
||||
fz_throw(ctx, FZ_ERROR_GENERIC, "object offset out of range: %d (%d 0 R)", (int)entry->ofs, i);
|
||||
}
|
||||
if (entry->type == 'o')
|
||||
- if (entry->ofs <= 0 || entry->ofs >= xref_len || pdf_get_xref_entry(ctx, doc, entry->ofs)->type != 'n')
|
||||
- fz_throw(ctx, FZ_ERROR_GENERIC, "invalid reference to an objstm that does not exist: %d (%d 0 R)", (int)entry->ofs, i);
|
||||
+ {
|
||||
+ /* Read this into a local variable here, because pdf_get_xref_entry
|
||||
+ * may solidify the xref, hence invalidating "entry", meaning we
|
||||
+ * need a stashed value for the throw. */
|
||||
+ fz_off_t ofs = entry->ofs;
|
||||
+ if (ofs <= 0 || ofs >= xref_len || pdf_get_xref_entry(ctx, doc, ofs)->type != 'n')
|
||||
+ fz_throw(ctx, FZ_ERROR_GENERIC, "invalid reference to an objstm that does not exist: %d (%d 0 R)", (int)ofs, i);
|
||||
+ }
|
||||
}
|
||||
}
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
Fix CVE-2016-6525 (heap overflow in pdf_load_mesh_params()).
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6525
|
||||
https://security-tracker.debian.org/tracker/CVE-2016-6525
|
||||
|
||||
Patch copied from upstream source repository:
|
||||
http://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e
|
||||
|
||||
diff --git a/source/pdf/pdf-shade.c b/source/pdf/pdf-shade.c
|
||||
index 7815b3c..6e25efa 100644
|
||||
--- a/source/pdf/pdf-shade.c
|
||||
+++ b/source/pdf/pdf-shade.c
|
||||
@@ -206,7 +206,7 @@ pdf_load_mesh_params(fz_context *ctx, pdf_document *doc, fz_shade *shade, pdf_ob
|
||||
obj = pdf_dict_get(ctx, dict, PDF_NAME_Decode);
|
||||
if (pdf_array_len(ctx, obj) >= 6)
|
||||
{
|
||||
- n = (pdf_array_len(ctx, obj) - 4) / 2;
|
||||
+ n = fz_mini(FZ_MAX_COLORS, (pdf_array_len(ctx, obj) - 4) / 2);
|
||||
shade->u.m.x0 = pdf_to_real(ctx, pdf_array_get(ctx, obj, 0));
|
||||
shade->u.m.x1 = pdf_to_real(ctx, pdf_array_get(ctx, obj, 1));
|
||||
shade->u.m.y0 = pdf_to_real(ctx, pdf_array_get(ctx, obj, 2));
|
|
@ -1,99 +0,0 @@
|
|||
Fix CVE-2016-7504:
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7504
|
||||
http://bugs.ghostscript.com/show_bug.cgi?id=697142
|
||||
|
||||
Patch copied from upstream source repository:
|
||||
http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=5c337af4b3df80cf967e4f9f6a21522de84b392a
|
||||
|
||||
From 5c337af4b3df80cf967e4f9f6a21522de84b392a Mon Sep 17 00:00:00 2001
|
||||
From: Tor Andersson <tor.andersson@artifex.com>
|
||||
Date: Wed, 21 Sep 2016 16:01:08 +0200
|
||||
Subject: [PATCH] Fix bug 697142: Stale string pointer stored in regexp object.
|
||||
|
||||
Make sure to make a copy of the source pattern string.
|
||||
A case we missed when adding short and memory strings to the runtime.
|
||||
The code assumed all strings passed to it were either literal or interned.
|
||||
---
|
||||
jsgc.c | 4 +++-
|
||||
jsi.h | 1 +
|
||||
jsregexp.c | 2 +-
|
||||
jsrun.c | 8 ++++++++
|
||||
jsvalue.h | 2 +-
|
||||
5 files changed, 14 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/jsgc.c b/jsgc.c
|
||||
index 9bd6482..4f7e7dc 100644
|
||||
--- a/thirdparty/mujs/jsgc.c
|
||||
+++ b/thirdparty/mujs/jsgc.c
|
||||
@@ -44,8 +44,10 @@ static void jsG_freeobject(js_State *J, js_Object *obj)
|
||||
{
|
||||
if (obj->head)
|
||||
jsG_freeproperty(J, obj->head);
|
||||
- if (obj->type == JS_CREGEXP)
|
||||
+ if (obj->type == JS_CREGEXP) {
|
||||
+ js_free(J, obj->u.r.source);
|
||||
js_regfree(obj->u.r.prog);
|
||||
+ }
|
||||
if (obj->type == JS_CITERATOR)
|
||||
jsG_freeiterator(J, obj->u.iter.head);
|
||||
if (obj->type == JS_CUSERDATA && obj->u.user.finalize)
|
||||
diff --git a/jsi.h b/jsi.h
|
||||
index 7d9f7c7..e855045 100644
|
||||
--- a/thirdparty/mujs/jsi.h
|
||||
+++ b/thirdparty/mujs/jsi.h
|
||||
@@ -79,6 +79,7 @@ typedef unsigned short js_Instruction;
|
||||
|
||||
/* String interning */
|
||||
|
||||
+char *js_strdup(js_State *J, const char *s);
|
||||
const char *js_intern(js_State *J, const char *s);
|
||||
void jsS_dumpstrings(js_State *J);
|
||||
void jsS_freestrings(js_State *J);
|
||||
diff --git a/jsregexp.c b/jsregexp.c
|
||||
index 2a056b7..a2d5156 100644
|
||||
--- a/thirdparty/mujs/jsregexp.c
|
||||
+++ b/thirdparty/mujs/jsregexp.c
|
||||
@@ -21,7 +21,7 @@ void js_newregexp(js_State *J, const char *pattern, int flags)
|
||||
js_syntaxerror(J, "regular expression: %s", error);
|
||||
|
||||
obj->u.r.prog = prog;
|
||||
- obj->u.r.source = pattern;
|
||||
+ obj->u.r.source = js_strdup(J, pattern);
|
||||
obj->u.r.flags = flags;
|
||||
obj->u.r.last = 0;
|
||||
js_pushobject(J, obj);
|
||||
diff --git a/jsrun.c b/jsrun.c
|
||||
index 2648c4c..ee80845 100644
|
||||
--- a/thirdparty/mujs/jsrun.c
|
||||
+++ b/thirdparty/mujs/jsrun.c
|
||||
@@ -45,6 +45,14 @@ void *js_realloc(js_State *J, void *ptr, int size)
|
||||
return ptr;
|
||||
}
|
||||
|
||||
+char *js_strdup(js_State *J, const char *s)
|
||||
+{
|
||||
+ int n = strlen(s) + 1;
|
||||
+ char *p = js_malloc(J, n);
|
||||
+ memcpy(p, s, n);
|
||||
+ return p;
|
||||
+}
|
||||
+
|
||||
void js_free(js_State *J, void *ptr)
|
||||
{
|
||||
J->alloc(J->actx, ptr, 0);
|
||||
diff --git a/jsvalue.h b/jsvalue.h
|
||||
index 6cfbd89..8fb5016 100644
|
||||
--- a/thirdparty/mujs/jsvalue.h
|
||||
+++ b/thirdparty/mujs/jsvalue.h
|
||||
@@ -71,7 +71,7 @@ struct js_String
|
||||
struct js_Regexp
|
||||
{
|
||||
void *prog;
|
||||
- const char *source;
|
||||
+ char *source;
|
||||
unsigned short flags;
|
||||
unsigned short last;
|
||||
};
|
||||
--
|
||||
2.10.2
|
||||
|
|
@ -1,32 +0,0 @@
|
|||
Fix CVE-2016-7505:
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7505
|
||||
http://bugs.ghostscript.com/show_bug.cgi?id=697140
|
||||
|
||||
Patch copied from upstream source repository:
|
||||
http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=8c805b4eb19cf2af689c860b77e6111d2ee439d5
|
||||
|
||||
From 8c805b4eb19cf2af689c860b77e6111d2ee439d5 Mon Sep 17 00:00:00 2001
|
||||
From: Tor Andersson <tor.andersson@artifex.com>
|
||||
Date: Wed, 21 Sep 2016 15:21:04 +0200
|
||||
Subject: [PATCH] Fix bug 697140: Overflow check in ascii division in strtod.
|
||||
|
||||
---
|
||||
jsdtoa.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/jsdtoa.c b/jsdtoa.c
|
||||
index 2e52368..920c1a7 100644
|
||||
--- a/thirdparty/mujs/jsdtoa.c
|
||||
+++ b/thirdparty/mujs/jsdtoa.c
|
||||
@@ -735,6 +735,7 @@ xx:
|
||||
n -= c<<b;
|
||||
*p++ = c + '0';
|
||||
(*na)++;
|
||||
+ if (*na >= Ndig) break; /* abort if overflowing */
|
||||
}
|
||||
*p = 0;
|
||||
}
|
||||
--
|
||||
2.10.2
|
||||
|
|
@ -1,42 +0,0 @@
|
|||
Fix CVE-2016-7506:
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7506
|
||||
http://bugs.ghostscript.com/show_bug.cgi?id=697141
|
||||
|
||||
Patch copied from upstream source repository:
|
||||
http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=5000749f5afe3b956fc916e407309de840997f4a
|
||||
|
||||
From 5000749f5afe3b956fc916e407309de840997f4a Mon Sep 17 00:00:00 2001
|
||||
From: Tor Andersson <tor.andersson@artifex.com>
|
||||
Date: Wed, 21 Sep 2016 16:02:11 +0200
|
||||
Subject: [PATCH] Fix bug 697141: buffer overrun in regexp string substitution.
|
||||
|
||||
A '$' escape at the end of the string would read past the zero terminator
|
||||
when looking for the escaped character.
|
||||
---
|
||||
jsstring.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/jsstring.c b/jsstring.c
|
||||
index 66f6a89..0209a8e 100644
|
||||
--- a/thirdparty/mujs/jsstring.c
|
||||
+++ b/thirdparty/mujs/jsstring.c
|
||||
@@ -421,6 +421,7 @@ loop:
|
||||
while (*r) {
|
||||
if (*r == '$') {
|
||||
switch (*(++r)) {
|
||||
+ case 0: --r; /* end of string; back up and fall through */
|
||||
case '$': js_putc(J, &sb, '$'); break;
|
||||
case '`': js_putm(J, &sb, source, s); break;
|
||||
case '\'': js_puts(J, &sb, s + n); break;
|
||||
@@ -516,6 +517,7 @@ static void Sp_replace_string(js_State *J)
|
||||
while (*r) {
|
||||
if (*r == '$') {
|
||||
switch (*(++r)) {
|
||||
+ case 0: --r; /* end of string; back up and fall through */
|
||||
case '$': js_putc(J, &sb, '$'); break;
|
||||
case '&': js_putm(J, &sb, s, s + n); break;
|
||||
case '`': js_putm(J, &sb, source, s); break;
|
||||
--
|
||||
2.10.2
|
||||
|
|
@ -1,37 +0,0 @@
|
|||
Fix CVE-2016-7563:
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7563
|
||||
http://bugs.ghostscript.com/show_bug.cgi?id=697136
|
||||
|
||||
Patch copied from upstream source repository:
|
||||
http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=f8234d830e17fc5e8fe09eb76d86dad3f6233c59
|
||||
|
||||
From f8234d830e17fc5e8fe09eb76d86dad3f6233c59 Mon Sep 17 00:00:00 2001
|
||||
From: Tor Andersson <tor.andersson@artifex.com>
|
||||
Date: Tue, 20 Sep 2016 17:11:32 +0200
|
||||
Subject: [PATCH] Fix bug 697136.
|
||||
|
||||
We were unconditionally reading the next character if we encountered
|
||||
a '*' in a multi-line comment; possibly reading past the end of
|
||||
the input.
|
||||
---
|
||||
jslex.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/jslex.c b/jslex.c
|
||||
index 7b80800..cbd0eeb 100644
|
||||
--- a/thirdparty/mujs/jslex.c
|
||||
+++ b/thirdparty/mujs/jslex.c
|
||||
@@ -225,7 +225,8 @@ static int lexcomment(js_State *J)
|
||||
if (jsY_accept(J, '/'))
|
||||
return 0;
|
||||
}
|
||||
- jsY_next(J);
|
||||
+ else
|
||||
+ jsY_next(J);
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
--
|
||||
2.10.2
|
||||
|
|
@ -1,34 +0,0 @@
|
|||
Fix CVE-2016-7564:
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7564
|
||||
http://bugs.ghostscript.com/show_bug.cgi?id=697137
|
||||
|
||||
Patch copied from upstream source repository:
|
||||
http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=a3a4fe840b80706c706e86160352af5936f292d8
|
||||
|
||||
From a3a4fe840b80706c706e86160352af5936f292d8 Mon Sep 17 00:00:00 2001
|
||||
From: Tor Andersson <tor.andersson@artifex.com>
|
||||
Date: Tue, 20 Sep 2016 17:19:06 +0200
|
||||
Subject: [PATCH] Fix bug 697137: off by one in string length calculation.
|
||||
|
||||
We were not allocating space for the terminating zero byte.
|
||||
---
|
||||
jsfunction.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/jsfunction.c b/jsfunction.c
|
||||
index 8b5b18e..28f7aa7 100644
|
||||
--- a/thirdparty/mujs/jsfunction.c
|
||||
+++ b/thirdparty/mujs/jsfunction.c
|
||||
@@ -61,7 +61,7 @@ static void Fp_toString(js_State *J)
|
||||
n += strlen(F->name);
|
||||
for (i = 0; i < F->numparams; ++i)
|
||||
n += strlen(F->vartab[i]) + 1;
|
||||
- s = js_malloc(J, n);
|
||||
+ s = js_malloc(J, n + 1);
|
||||
strcpy(s, "function ");
|
||||
strcat(s, F->name);
|
||||
strcat(s, "(");
|
||||
--
|
||||
2.10.2
|
||||
|
|
@ -1,165 +0,0 @@
|
|||
Fix CVE-2016-8674 (use-after-free in pdf_to_num()).
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8674
|
||||
https://security-tracker.debian.org/tracker/CVE-2016-8674
|
||||
|
||||
Patch adapted from upstream source repository:
|
||||
http://git.ghostscript.com/?p=mupdf.git;h=1e03c06456d997435019fb3526fa2d4be7dbc6ec
|
||||
|
||||
diff --git a/include/mupdf/pdf/document.h b/include/mupdf/pdf/document.h
|
||||
index f8ef0cd..e8345b7 100644
|
||||
--- a/include/mupdf/pdf/document.h
|
||||
+++ b/include/mupdf/pdf/document.h
|
||||
@@ -258,6 +258,10 @@ struct pdf_document_s
|
||||
fz_font **type3_fonts;
|
||||
|
||||
pdf_resource_tables *resources;
|
||||
+
|
||||
+ int orphans_max;
|
||||
+ int orphans_count;
|
||||
+ pdf_obj **orphans;
|
||||
};
|
||||
|
||||
/*
|
||||
diff --git a/include/mupdf/pdf/object.h b/include/mupdf/pdf/object.h
|
||||
index 346a2f1..02d4119 100644
|
||||
--- a/include/mupdf/pdf/object.h
|
||||
+++ b/include/mupdf/pdf/object.h
|
||||
@@ -109,6 +109,7 @@ pdf_obj *pdf_dict_gets(fz_context *ctx, pdf_obj *dict, const char *key);
|
||||
pdf_obj *pdf_dict_getsa(fz_context *ctx, pdf_obj *dict, const char *key, const char *abbrev);
|
||||
void pdf_dict_put(fz_context *ctx, pdf_obj *dict, pdf_obj *key, pdf_obj *val);
|
||||
void pdf_dict_put_drop(fz_context *ctx, pdf_obj *dict, pdf_obj *key, pdf_obj *val);
|
||||
+void pdf_dict_get_put_drop(fz_context *ctx, pdf_obj *dict, pdf_obj *key, pdf_obj *val, pdf_obj **old_val);
|
||||
void pdf_dict_puts(fz_context *ctx, pdf_obj *dict, const char *key, pdf_obj *val);
|
||||
void pdf_dict_puts_drop(fz_context *ctx, pdf_obj *dict, const char *key, pdf_obj *val);
|
||||
void pdf_dict_putp(fz_context *ctx, pdf_obj *dict, const char *path, pdf_obj *val);
|
||||
diff --git a/source/pdf/pdf-object.c b/source/pdf/pdf-object.c
|
||||
index f2e4551..a0d0d8e 100644
|
||||
--- a/source/pdf/pdf-object.c
|
||||
+++ b/source/pdf/pdf-object.c
|
||||
@@ -1240,9 +1240,13 @@ pdf_dict_geta(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *abbrev)
|
||||
return pdf_dict_get(ctx, obj, abbrev);
|
||||
}
|
||||
|
||||
-void
|
||||
-pdf_dict_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val)
|
||||
+static void
|
||||
+pdf_dict_get_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val, pdf_obj **old_val)
|
||||
{
|
||||
+
|
||||
+ if (old_val)
|
||||
+ *old_val = NULL;
|
||||
+
|
||||
RESOLVE(obj);
|
||||
if (obj >= PDF_OBJ__LIMIT)
|
||||
{
|
||||
@@ -1282,7 +1286,10 @@ pdf_dict_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val)
|
||||
{
|
||||
pdf_obj *d = DICT(obj)->items[i].v;
|
||||
DICT(obj)->items[i].v = pdf_keep_obj(ctx, val);
|
||||
- pdf_drop_obj(ctx, d);
|
||||
+ if (old_val)
|
||||
+ *old_val = d;
|
||||
+ else
|
||||
+ pdf_drop_obj(ctx, d);
|
||||
}
|
||||
}
|
||||
else
|
||||
@@ -1305,10 +1312,27 @@ pdf_dict_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val)
|
||||
}
|
||||
|
||||
void
|
||||
+pdf_dict_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val)
|
||||
+{
|
||||
+ pdf_dict_get_put(ctx, obj, key, val, NULL);
|
||||
+}
|
||||
+
|
||||
+void
|
||||
pdf_dict_put_drop(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val)
|
||||
{
|
||||
fz_try(ctx)
|
||||
- pdf_dict_put(ctx, obj, key, val);
|
||||
+ pdf_dict_get_put(ctx, obj, key, val, NULL);
|
||||
+ fz_always(ctx)
|
||||
+ pdf_drop_obj(ctx, val);
|
||||
+ fz_catch(ctx)
|
||||
+ fz_rethrow(ctx);
|
||||
+}
|
||||
+
|
||||
+void
|
||||
+pdf_dict_get_put_drop(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val, pdf_obj **old_val)
|
||||
+{
|
||||
+ fz_try(ctx)
|
||||
+ pdf_dict_get_put(ctx, obj, key, val, old_val);
|
||||
fz_always(ctx)
|
||||
pdf_drop_obj(ctx, val);
|
||||
fz_catch(ctx)
|
||||
diff --git a/source/pdf/pdf-repair.c b/source/pdf/pdf-repair.c
|
||||
index fdd4648..212c8b7 100644
|
||||
--- a/source/pdf/pdf-repair.c
|
||||
+++ b/source/pdf/pdf-repair.c
|
||||
@@ -259,6 +259,27 @@ pdf_repair_obj_stm(fz_context *ctx, pdf_document *doc, int num, int gen)
|
||||
}
|
||||
}
|
||||
|
||||
+static void
|
||||
+orphan_object(fz_context *ctx, pdf_document *doc, pdf_obj *obj)
|
||||
+{
|
||||
+ if (doc->orphans_count == doc->orphans_max)
|
||||
+ {
|
||||
+ int new_max = (doc->orphans_max ? doc->orphans_max*2 : 32);
|
||||
+
|
||||
+ fz_try(ctx)
|
||||
+ {
|
||||
+ doc->orphans = fz_resize_array(ctx, doc->orphans, new_max, sizeof(*doc->orphans));
|
||||
+ doc->orphans_max = new_max;
|
||||
+ }
|
||||
+ fz_catch(ctx)
|
||||
+ {
|
||||
+ pdf_drop_obj(ctx, obj);
|
||||
+ fz_rethrow(ctx);
|
||||
+ }
|
||||
+ }
|
||||
+ doc->orphans[doc->orphans_count++] = obj;
|
||||
+}
|
||||
+
|
||||
void
|
||||
pdf_repair_xref(fz_context *ctx, pdf_document *doc)
|
||||
{
|
||||
@@ -520,12 +541,13 @@ pdf_repair_xref(fz_context *ctx, pdf_document *doc)
|
||||
/* correct stream length for unencrypted documents */
|
||||
if (!encrypt && list[i].stm_len >= 0)
|
||||
{
|
||||
+ pdf_obj *old_obj = NULL;
|
||||
dict = pdf_load_object(ctx, doc, list[i].num, list[i].gen);
|
||||
|
||||
length = pdf_new_int(ctx, doc, list[i].stm_len);
|
||||
- pdf_dict_put(ctx, dict, PDF_NAME_Length, length);
|
||||
- pdf_drop_obj(ctx, length);
|
||||
-
|
||||
+ pdf_dict_get_put_drop(ctx, dict, PDF_NAME_Length, length, &old_obj);
|
||||
+ if (old_obj)
|
||||
+ orphan_object(ctx, doc, old_obj);
|
||||
pdf_drop_obj(ctx, dict);
|
||||
}
|
||||
}
|
||||
diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c
|
||||
index 3de1cd2..6682741 100644
|
||||
--- a/source/pdf/pdf-xref.c
|
||||
+++ b/source/pdf/pdf-xref.c
|
||||
@@ -1626,6 +1626,12 @@ pdf_close_document(fz_context *ctx, pdf_document *doc)
|
||||
|
||||
pdf_drop_resource_tables(ctx, doc);
|
||||
|
||||
+ for (i = 0; i < doc->orphans_count; i++)
|
||||
+ {
|
||||
+ pdf_drop_obj(ctx, doc->orphans[i]);
|
||||
+ }
|
||||
+ fz_free(ctx, doc->orphans);
|
||||
+
|
||||
fz_free(ctx, doc);
|
||||
}
|
||||
|
||||
--
|
||||
2.10.1
|
||||
|
|
@ -1,46 +0,0 @@
|
|||
Fix CVE-2016-9017:
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9107
|
||||
http://bugs.ghostscript.com/show_bug.cgi?id=697171
|
||||
|
||||
Patch copied from upstream source repository:
|
||||
http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=a5c747f1d40e8d6659a37a8d25f13fb5acf8e767
|
||||
|
||||
From a5c747f1d40e8d6659a37a8d25f13fb5acf8e767 Mon Sep 17 00:00:00 2001
|
||||
From: Tor Andersson <tor.andersson@artifex.com>
|
||||
Date: Tue, 25 Oct 2016 14:08:27 +0200
|
||||
Subject: [PATCH] Fix 697171: missed an operand in the bytecode debugger dump.
|
||||
|
||||
---
|
||||
jscompile.h | 2 +-
|
||||
jsdump.c | 1 +
|
||||
2 files changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/jscompile.h b/jscompile.h
|
||||
index 802cc9e..3054d13 100644
|
||||
--- a/thirdparty/mujs/jscompile.h
|
||||
+++ b/thirdparty/mujs/jscompile.h
|
||||
@@ -21,7 +21,7 @@ enum js_OpCode
|
||||
|
||||
OP_NEWARRAY,
|
||||
OP_NEWOBJECT,
|
||||
- OP_NEWREGEXP,
|
||||
+ OP_NEWREGEXP, /* -S,opts- <regexp> */
|
||||
|
||||
OP_UNDEF,
|
||||
OP_NULL,
|
||||
diff --git a/jsdump.c b/jsdump.c
|
||||
index 1c51c29..37ad88c 100644
|
||||
--- a/thirdparty/mujs/jsdump.c
|
||||
+++ b/thirdparty/mujs/jsdump.c
|
||||
@@ -750,6 +750,7 @@ void jsC_dumpfunction(js_State *J, js_Function *F)
|
||||
case OP_INITVAR:
|
||||
case OP_DEFVAR:
|
||||
case OP_GETVAR:
|
||||
+ case OP_HASVAR:
|
||||
case OP_SETVAR:
|
||||
case OP_DELVAR:
|
||||
case OP_GETPROP_S:
|
||||
--
|
||||
2.10.2
|
||||
|
|
@ -1,32 +0,0 @@
|
|||
Fix CVE-2016-9136:
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9136
|
||||
http://bugs.ghostscript.com/show_bug.cgi?id=697244
|
||||
|
||||
Patch copied from upstream source repository:
|
||||
http://git.ghostscript.com/?p=mujs.git;a=commitdiff;h=a0ceaf5050faf419401fe1b83acfa950ec8a8a89
|
||||
From a0ceaf5050faf419401fe1b83acfa950ec8a8a89 Mon Sep 17 00:00:00 2001
|
||||
From: Tor Andersson <tor.andersson@artifex.com>
|
||||
Date: Mon, 31 Oct 2016 13:05:37 +0100
|
||||
Subject: [PATCH] Fix 697244: Check for incomplete escape sequence at end of
|
||||
input.
|
||||
|
||||
---
|
||||
jslex.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/jslex.c b/jslex.c
|
||||
index cbd0eeb..aaafdac 100644
|
||||
--- a/thirdparty/mujs/jslex.c
|
||||
+++ b/thirdparty/mujs/jslex.c
|
||||
@@ -377,6 +377,7 @@ static int lexescape(js_State *J)
|
||||
return 0;
|
||||
|
||||
switch (J->lexchar) {
|
||||
+ case 0: jsY_error(J, "unterminated escape sequence");
|
||||
case 'u':
|
||||
jsY_next(J);
|
||||
if (!jsY_ishex(J->lexchar)) return 1; else { x |= jsY_tohex(J->lexchar) << 12; jsY_next(J); }
|
||||
--
|
||||
2.10.2
|
||||
|
|
@ -27,12 +27,3 @@ index 6b92e5c..72dea50 100644
|
|||
#include <openjpeg.h>
|
||||
|
||||
static void fz_opj_error_callback(const char *msg, void *client_data)
|
||||
@@ -117,7 +109,7 @@ fz_load_jpx(fz_context *ctx, unsigned char *data, int size, fz_colorspace *defcs
|
||||
opj_stream_set_read_function(stream, fz_opj_stream_read);
|
||||
opj_stream_set_skip_function(stream, fz_opj_stream_skip);
|
||||
opj_stream_set_seek_function(stream, fz_opj_stream_seek);
|
||||
- opj_stream_set_user_data(stream, &sb);
|
||||
+ opj_stream_set_user_data(stream, &sb, NULL);
|
||||
/* Set the length to avoid an assert */
|
||||
opj_stream_set_user_data_length(stream, size);
|
||||
|
||||
|
|
|
@ -1,53 +0,0 @@
|
|||
Fix symlinks to '..' to fix rubygems improperly expanding symlinked
|
||||
paths. Without this fix, some gems fail to install. This patch is applied in
|
||||
rubygems 2.5.2, but ruby version 2.3.1 bundles an older version of rubygems
|
||||
(2.5.1).
|
||||
|
||||
--- a/lib/rubygems/package.rb
|
||||
+++ b/lib/rubygems/package.rb
|
||||
@@ -383,7 +383,7 @@ def extract_tar_gz io, destination_dir, pattern = "*" # :nodoc:
|
||||
FileUtils.chmod entry.header.mode, destination
|
||||
end if entry.file?
|
||||
|
||||
- File.symlink(install_location(entry.header.linkname, destination_dir), destination) if entry.symlink?
|
||||
+ File.symlink(entry.header.linkname, destination) if entry.symlink?
|
||||
|
||||
verbose destination
|
||||
end
|
||||
diff --git a/test/rubygems/test_gem_package.rb b/test/rubygems/test_gem_package.rb
|
||||
index 7848bc2..f287bd3 100644
|
||||
--- a/test/rubygems/test_gem_package.rb
|
||||
+++ b/test/rubygems/test_gem_package.rb
|
||||
@@ -428,19 +428,25 @@ def test_extract_tar_gz_absolute
|
||||
"#{@destination} is not allowed", e.message)
|
||||
end
|
||||
|
||||
- def test_extract_tar_gz_symlink_absolute
|
||||
+ def test_extract_tar_gz_symlink_relative_path
|
||||
+ skip 'symlink not supported' if Gem.win_platform?
|
||||
+
|
||||
package = Gem::Package.new @gem
|
||||
|
||||
tgz_io = util_tar_gz do |tar|
|
||||
- tar.add_symlink 'code.rb', '/absolute.rb', 0644
|
||||
+ tar.add_file 'relative.rb', 0644 do |io| io.write 'hi' end
|
||||
+ tar.mkdir 'lib', 0755
|
||||
+ tar.add_symlink 'lib/foo.rb', '../relative.rb', 0644
|
||||
end
|
||||
|
||||
- e = assert_raises Gem::Package::PathError do
|
||||
- package.extract_tar_gz tgz_io, @destination
|
||||
- end
|
||||
+ package.extract_tar_gz tgz_io, @destination
|
||||
|
||||
- assert_equal("installing into parent path /absolute.rb of " +
|
||||
- "#{@destination} is not allowed", e.message)
|
||||
+ extracted = File.join @destination, 'lib/foo.rb'
|
||||
+ assert_path_exists extracted
|
||||
+ assert_equal '../relative.rb',
|
||||
+ File.readlink(extracted)
|
||||
+ assert_equal 'hi',
|
||||
+ File.read(extracted)
|
||||
end
|
||||
|
||||
def test_extract_tar_gz_directory
|
|
@ -95,17 +95,6 @@
|
|||
;; To build poppler-glib (as needed by Evince), we need Cairo and
|
||||
;; GLib. But of course, that Cairo must not depend on Poppler.
|
||||
("cairo" ,(package (inherit cairo)
|
||||
(replacement
|
||||
(package
|
||||
(inherit cairo)
|
||||
(replacement #f)
|
||||
(source
|
||||
(origin
|
||||
(inherit (package-source cairo))
|
||||
(patches (search-patches
|
||||
"cairo-CVE-2016-9082.patch"))))
|
||||
(inputs (alist-delete "poppler"
|
||||
(package-inputs cairo)))))
|
||||
(inputs (alist-delete "poppler"
|
||||
(package-inputs cairo)))))
|
||||
("glib" ,glib)))
|
||||
|
@ -490,7 +479,7 @@ extracting content or merging files.")
|
|||
(define-public mupdf
|
||||
(package
|
||||
(name "mupdf")
|
||||
(version "1.9a")
|
||||
(version "1.10a")
|
||||
(source
|
||||
(origin
|
||||
(method url-fetch)
|
||||
|
@ -498,18 +487,8 @@ extracting content or merging files.")
|
|||
name "-" version "-source.tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"1k64pdapyj8a336jw3j61fhn0rp4q6az7d0dqp9r5n3d9rgwa5c0"))
|
||||
(patches (search-patches "mupdf-build-with-openjpeg-2.1.patch"
|
||||
"mupdf-CVE-2016-6265.patch"
|
||||
"mupdf-CVE-2016-6525.patch"
|
||||
"mupdf-CVE-2016-7504.patch"
|
||||
"mupdf-CVE-2016-7505.patch"
|
||||
"mupdf-CVE-2016-7506.patch"
|
||||
"mupdf-CVE-2016-7563.patch"
|
||||
"mupdf-CVE-2016-7564.patch"
|
||||
"mupdf-CVE-2016-8674.patch"
|
||||
"mupdf-CVE-2016-9017.patch"
|
||||
"mupdf-CVE-2016-9136.patch"))
|
||||
"0dm8wcs8i29aibzkqkrn8kcnk4q0kd1v66pg48h5c3qqp4v1zk5a"))
|
||||
(patches (search-patches "mupdf-build-with-openjpeg-2.1.patch"))
|
||||
(modules '((guix build utils)))
|
||||
(snippet
|
||||
;; Delete all the bundled libraries except for mujs, which is
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
;;; GNU Guix --- Functional package management for GNU
|
||||
;;; Copyright © 2014, 2015 Pjotr Prins <pjotr.guix@thebird.nl>
|
||||
;;; Copyright © 2014, 2015 Ludovic Courtès <ludo@gnu.org>
|
||||
;;; Copyright © 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
|
||||
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
|
||||
;;; Copyright © 2014, 2015 David Thompson <davet@gnu.org>
|
||||
;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
|
||||
|
@ -47,8 +47,7 @@
|
|||
(define-public ruby
|
||||
(package
|
||||
(name "ruby")
|
||||
(replacement ruby-2.3.3)
|
||||
(version "2.3.1")
|
||||
(version "2.3.3")
|
||||
(source
|
||||
(origin
|
||||
(method url-fetch)
|
||||
|
@ -57,9 +56,8 @@
|
|||
"/ruby-" version ".tar.xz"))
|
||||
(sha256
|
||||
(base32
|
||||
"0f3395q7pd2hrl2gv26bib80038sjawxgmhl9zn22fjs9m9va9b7"))
|
||||
"1p0rfk0blrbfjcnv0vb0ha4hxflgkfhv9zbzp4vvld2pi31ahkqs"))
|
||||
(modules '((guix build utils)))
|
||||
(patches (search-patches "ruby-symlinkfix.patch"))
|
||||
(snippet `(begin
|
||||
;; Remove bundled libffi
|
||||
(delete-file-recursively "ext/fiddle/libffi-3.2.1")
|
||||
|
@ -102,25 +100,6 @@ a focus on simplicity and productivity.")
|
|||
(home-page "https://ruby-lang.org")
|
||||
(license license:ruby)))
|
||||
|
||||
(define ruby-2.3.3
|
||||
(package
|
||||
(inherit ruby)
|
||||
(version "2.3.3")
|
||||
(source
|
||||
(origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "http://cache.ruby-lang.org/pub/ruby/"
|
||||
(version-major+minor version)
|
||||
"/ruby-" version ".tar.xz"))
|
||||
(sha256
|
||||
(base32
|
||||
"1p0rfk0blrbfjcnv0vb0ha4hxflgkfhv9zbzp4vvld2pi31ahkqs"))
|
||||
(modules '((guix build utils)))
|
||||
(snippet `(begin
|
||||
;; Remove bundled libffi
|
||||
(delete-file-recursively "ext/fiddle/libffi-3.2.1")
|
||||
#t))))))
|
||||
|
||||
(define-public ruby-2.2
|
||||
(package (inherit ruby)
|
||||
(replacement #f)
|
||||
|
@ -1447,8 +1426,8 @@ conversion to (X)HTML.")
|
|||
(add-before 'check 'use-latest-redcarpet
|
||||
(lambda _
|
||||
(substitute* "mocha.gemspec"
|
||||
(("<redcarpet>, \\[\"~> 1\"\\]")
|
||||
"<redcarpet>, [\">= 3\"]"))
|
||||
(("<redcarpet>.freeze, \\[\"~> 1\"\\]")
|
||||
"<redcarpet>.freeze, [\">= 3\"]"))
|
||||
#t))
|
||||
(add-before 'check 'hardcode-version
|
||||
(lambda _
|
||||
|
@ -2225,28 +2204,27 @@ current line in an external editor.")
|
|||
(define-public ruby-sdoc
|
||||
(package
|
||||
(name "ruby-sdoc")
|
||||
(version "0.4.1")
|
||||
(version "0.4.2")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (rubygems-uri "sdoc" version))
|
||||
(sha256
|
||||
(base32
|
||||
"16xyfair1j4irfkd6sxvmdcak957z71lwkvhglrznfpkalfnqyqp"))))
|
||||
"0qhvy10vnmrqcgh8494m13kd5ag9c3sczzhfasv8j0294ylk679n"))))
|
||||
(build-system ruby-build-system)
|
||||
(arguments
|
||||
`(#:phases
|
||||
(modify-phases %standard-phases
|
||||
(add-after 'build 'relax-minitest-requirement
|
||||
(add-before 'check 'set-rubylib
|
||||
(lambda _
|
||||
(substitute* "sdoc.gemspec"
|
||||
(("<minitest>, \\[\"~> 4\\.0\"\\]")
|
||||
"<minitest>, [\">= 4.0\"]"))
|
||||
(setenv "RUBYLIB" "lib")
|
||||
#t)))))
|
||||
(propagated-inputs
|
||||
`(("ruby-json" ,ruby-json)))
|
||||
(native-inputs
|
||||
`(("bundler" ,bundler)
|
||||
("ruby-minitest" ,ruby-minitest)))
|
||||
("ruby-minitest" ,ruby-minitest)
|
||||
("ruby-hoe" ,ruby-hoe)))
|
||||
(synopsis "Generate searchable RDoc documentation")
|
||||
(description
|
||||
"SDoc is an RDoc documentation generator to build searchable HTML
|
||||
|
@ -3514,7 +3492,7 @@ support to both Ruby and JRuby. It uses @code{unf_ext} on CRuby and
|
|||
"Bundler::GemHelper.gemspec.version"))
|
||||
;; Loosen unnecessarily strict test-unit version specification.
|
||||
(substitute* "domain_name.gemspec"
|
||||
(("<test-unit>, \\[\\\"~> 2.5.5") "<test-unit>, [\">0"))
|
||||
(("<test-unit>.freeze, \\[\\\"~> 2.5.5") "<test-unit>, [\">0"))
|
||||
#t)))))
|
||||
(propagated-inputs
|
||||
`(("ruby-unf" ,ruby-unf)))
|
||||
|
|
|
@ -31,7 +31,7 @@
|
|||
(define-public swig
|
||||
(package
|
||||
(name "swig")
|
||||
(version "3.0.5")
|
||||
(version "3.0.10")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "mirror://sourceforge/" name "/" name "/"
|
||||
|
@ -39,7 +39,7 @@
|
|||
name "-" version ".tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"0g1a69vrqxgsnr1wkx851ljn73a2x3jqzxa66s2l3w0kyblbjk4z"))))
|
||||
"0k7ljh07rla6223lhvljgg881b2qr7hmrfgic9a0j1pckpislf99"))))
|
||||
(build-system gnu-build-system)
|
||||
(native-inputs `(("boost" ,boost)
|
||||
("pcre" ,pcre "bin"))) ;for 'pcre-config'
|
||||
|
|
|
@ -241,7 +241,6 @@ following the mouse.")
|
|||
(package
|
||||
(name "pixman")
|
||||
(version "0.34.0")
|
||||
(replacement pixman/fixed)
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append
|
||||
|
@ -249,7 +248,8 @@ following the mouse.")
|
|||
version ".tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"13m842m9ffac3m9r0b4lvwjhwzg3w4353djkjpf00s0wnm4v5di1"))))
|
||||
"13m842m9ffac3m9r0b4lvwjhwzg3w4353djkjpf00s0wnm4v5di1"))
|
||||
(patches (search-patches "pixman-CVE-2016-5296.patch"))))
|
||||
(build-system gnu-build-system)
|
||||
(inputs
|
||||
`(("libpng" ,libpng)
|
||||
|
@ -263,14 +263,6 @@ manipulation, providing features such as image compositing and trapezoid
|
|||
rasterisation.")
|
||||
(license license:x11)))
|
||||
|
||||
(define pixman/fixed
|
||||
(package
|
||||
(inherit pixman)
|
||||
(source (origin
|
||||
(inherit (package-source pixman))
|
||||
(patches (search-patches "pixman-CVE-2016-5296.patch"))))))
|
||||
|
||||
|
||||
(define-public libdrm
|
||||
(package
|
||||
(name "libdrm")
|
||||
|
|
|
@ -4923,7 +4923,7 @@ new API's in libXft, or the legacy API's in libX11.")
|
|||
(define-public libxi
|
||||
(package
|
||||
(name "libxi")
|
||||
(version "1.7.7")
|
||||
(version "1.7.8")
|
||||
(source
|
||||
(origin
|
||||
(method url-fetch)
|
||||
|
@ -4933,7 +4933,7 @@ new API's in libXft, or the legacy API's in libX11.")
|
|||
".tar.bz2"))
|
||||
(sha256
|
||||
(base32
|
||||
"0c70n4aq0ba628wr88ih4740nci9d9f6y3v96sx376vvlm7q6vwr"))))
|
||||
"1fr7mi4nbcxsa88qin9g2ipmzh595ydxy9qnabzl270laf6zmwnq"))))
|
||||
(build-system gnu-build-system)
|
||||
(propagated-inputs
|
||||
`(("inputproto" ,inputproto)
|
||||
|
|
|
@ -66,6 +66,7 @@
|
|||
(define* (check #:key (tests? #t) (parallel-tests? #t) (test-target "test")
|
||||
#:allow-other-keys)
|
||||
(let ((gnu-check (assoc-ref gnu:%standard-phases 'check)))
|
||||
(setenv "CTEST_OUTPUT_ON_FAILURE" "1")
|
||||
(gnu-check #:tests? tests? #:test-target test-target
|
||||
#:parallel-tests? parallel-tests?)))
|
||||
|
||||
|
|
Loading…
Reference in New Issue