Merge branch 'master' into staging

This commit is contained in:
Marius Bakke 2017-10-06 11:03:27 +02:00
commit 6a317919cf
No known key found for this signature in database
GPG Key ID: A2A06DF2A33A54FA
27 changed files with 291 additions and 363 deletions

View File

@ -415,12 +415,12 @@ was READ is = to the given value."
(partition-predicate read-partition-label string=?))
(define partition-uuid-predicate
(partition-predicate read-partition-uuid bytevector=?))
(partition-predicate read-partition-uuid uuid=?))
(define luks-partition-uuid-predicate
(partition-predicate
(partition-field-reader read-luks-header luks-header-uuid)
bytevector=?))
uuid=?))
(define (find-partition predicate)
"Return the first partition found that matches PREDICATE, or #f if none

View File

@ -900,12 +900,6 @@ dist_patch_DATA = \
%D%/packages/patches/openscenegraph-ffmpeg3.patch \
%D%/packages/patches/openexr-missing-samples.patch \
%D%/packages/patches/openfoam-4.1-cleanup.patch \
%D%/packages/patches/openjpeg-CVE-2017-12982.patch \
%D%/packages/patches/openjpeg-CVE-2017-14040.patch \
%D%/packages/patches/openjpeg-CVE-2017-14041.patch \
%D%/packages/patches/openjpeg-CVE-2017-14151.patch \
%D%/packages/patches/openjpeg-CVE-2017-14152.patch \
%D%/packages/patches/openjpeg-CVE-2017-14164.patch \
%D%/packages/patches/openldap-CVE-2017-9287.patch \
%D%/packages/patches/openocd-nrf52.patch \
%D%/packages/patches/openssl-runpath.patch \

View File

@ -103,14 +103,14 @@ debugging information in STABS, DWARF 2, and CodeView 8 formats.")
(define-public lightning
(package
(name "lightning")
(version "2.1.0")
(version "2.1.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/lightning/lightning-"
version ".tar.gz"))
(sha256
(base32
"19j9nwl88k660045s40cbz5zrl1wpd2mcxnnc8qqnnaj311a58qz"))))
"0sbs2lm8b9in2m8d52zf0x9gpp40x6r7sl6sha92yq3pr78rwa4v"))))
(build-system gnu-build-system)
(native-inputs `(("zlib" ,zlib)))
(synopsis "Library for generating assembly code at runtime")

View File

@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2016, 2017 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2017 Dave Love <fx@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@ -24,8 +25,10 @@
#:use-module (gnu packages compression)
#:use-module (gnu packages linux)
#:use-module (gnu packages maths)
#:use-module (gnu packages mpi)
#:use-module (gnu packages python)
#:use-module (gnu packages storage))
#:use-module (gnu packages storage)
#:use-module (ice-9 match))
(define-public fio
(package
@ -103,3 +106,65 @@ is to write a job file matching the I/O load one wants to simulate.")
;; are covered by other licenses.
(license (list license:gpl2 license:gpl2+ license:bsd-2
license:public-domain))))
;; Parameterized in anticipation of m(va)pich support
(define (imb mpi)
(package
(name (string-append "imb-" (package-name mpi)))
(version "2017.2")
(source
(origin
(method url-fetch)
(uri (match (string-split version #\.)
((major minor)
(string-append
"https://software.intel.com/sites/default/files/managed/76/6c/IMB_"
major "_Update" minor ".tgz"))))
(sha256 (base32 "11nczxm686rsppmw9gjc2p2sxc0jniv5kv18yxm1lzp5qfh5rqyb"))))
(build-system gnu-build-system)
(inputs
`(("mpi" ,mpi)))
(arguments
`(#:phases
(modify-phases %standard-phases
(delete 'configure)
(delete 'check)
(replace 'build
(lambda* (#:key inputs #:allow-other-keys)
(let ((mpi-home (assoc-ref inputs "mpi")))
(zero?
;; Not safe for parallel build
(system* "make" "-C" "imb/src" "-f" "make_mpich" "SHELL=sh"
(string-append "MPI_HOME=" mpi-home))))))
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
(doc (string-append out "/share/doc/" ,name))
(bin (string-append out "/bin")))
(with-directory-excursion "imb/src"
(for-each
(lambda (file)
(install-file file bin))
'("IMB-IO" "IMB-EXT" "IMB-MPI1" "IMB-NBC" "IMB-RMA")))
(mkdir-p doc)
(with-directory-excursion "imb"
(copy-recursively "license" doc)))
#t)))))
(home-page "https://software.intel.com/en-us/articles/intel-mpi-benchmarks")
(synopsis "Intel MPI Benchmarks")
(description
"This package provides benchmarks for implementations of the @dfn{Message
Passing Interface} (MPI). It contains MPI performance measurements for
point-to-point and global communication, and file, operations for a range of
message sizes. The generated benchmark data fully characterize:
@itemize
@item
Performance of a cluster system, including node performance, network latency,
and throughput;
@item
Efficiency of the MPI implementation.
@end itemize")
(license license:cpl1.0)))
(define-public imb-openmpi (imb openmpi))

View File

@ -43,6 +43,7 @@
(package
(name "curl")
(version "7.55.1")
(replacement curl-7.56.0)
(source (origin
(method url-fetch)
(uri (string-append "https://curl.haxx.se/download/curl-"
@ -121,3 +122,16 @@ tunneling, and so on.")
(license (license:non-copyleft "file://COPYING"
"See COPYING in the distribution."))
(home-page "https://curl.haxx.se/")))
(define-public curl-7.56.0
(package
(inherit curl)
(version "7.56.0")
(source
(origin
(method url-fetch)
(uri (string-append "https://curl.haxx.se/download/curl-"
version ".tar.xz"))
(sha256
(base32
"0wni3zkw7jyrwgwkqnrkf2x2b7c78wsp7p4z6a246hz9l367nhrj"))))))

View File

@ -1055,7 +1055,7 @@ API add-ons to make GTK+ widgets OpenGL-capable.")
(define-public glade3
(package
(name "glade")
(version "3.20.0")
(version "3.20.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@ -1063,7 +1063,7 @@ API add-ons to make GTK+ widgets OpenGL-capable.")
name "-" version ".tar.xz"))
(sha256
(base32
"1zhqvhagy0m85p54jfiayfl0v9af7g0lj7glw8sfwh7cbp56vnc2"))))
"1pxikhzdzd092d4x3nacf5gfzi3mvhywrhcfqc07xakbsinnfr40"))))
(build-system glib-or-gtk-build-system)
(arguments
`(#:tests? #f ; needs X, GL, and software rendering
@ -2050,7 +2050,7 @@ editors, IDEs, etc.")
(package
(inherit vte)
(name "vte-ng")
(version "0.50.0.a")
(version "0.50.1.a")
(native-inputs
`(("gtk-doc" ,gtk-doc)
("gperf" ,gperf)
@ -2065,7 +2065,7 @@ editors, IDEs, etc.")
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"0h5ifg6xpix074k445bmnd39mc75llrfkrsr9vw98dxa4rffxrgf"))))
"1r70jysdrc7r1vyn3mikpc8hh7rm4lpr0psakj8yssy11p451pja"))))
(arguments
`(#:configure-flags '("CXXFLAGS=-Wformat=0")
#:phases (modify-phases %standard-phases
@ -2169,7 +2169,7 @@ and RDP protocols.")
(define-public dconf
(package
(name "dconf")
(version "0.26.0")
(version "0.26.1")
(source (origin
(method url-fetch)
(uri (string-append
@ -2178,7 +2178,7 @@ and RDP protocols.")
name "-" version ".tar.xz"))
(sha256
(base32
"1jaqsr1r0grpd25rbsc2v3vb0sc51lia9w31wlqswgqsncp2k0w6"))))
"0da587hpiqy8h3pswn1102h4b905x8k6mk3ajpi7kf4kzkvv30ym"))))
(build-system glib-or-gtk-build-system)
(inputs
`(("gtk+" ,gtk+)

View File

@ -204,7 +204,7 @@ sequential processes (CSP) concurrent programming features added.")
(package
(inherit go-1.4)
(name "go")
(version "1.9")
(version "1.9.1")
(source
(origin
(method url-fetch)
@ -212,7 +212,7 @@ sequential processes (CSP) concurrent programming features added.")
name version ".src.tar.gz"))
(sha256
(base32
"14z9azh8pk5cwyl2qdk893j68lk0cca7a9b8k2hpn5pd52825ax4"))))
"03jmrgqq852wqyphvd8p46i32f72xki3bmylhkxf0kynqyfzqjm8"))))
(arguments
(substitute-keyword-arguments (package-arguments go-1.4)
((#:phases phases)

View File

@ -280,10 +280,10 @@ developers consider to have good quality code and correct functionality.")
(modify-phases %standard-phases
(add-after 'unpack 'patch-openjpeg-reference
(lambda _
;; Remove hard-coded openjpeg-2.1 path. 2.2 is API- and
;; Remove hard-coded openjpeg-2.2 path. 2.3 is API- and
;; ABI-compatible.
(substitute* "ext/openjpeg/gstopenjpeg.h"
(("<openjpeg-2\\.1/") "<openjpeg-2.2/"))
(("<openjpeg-2\\.2/") "<openjpeg-2.3/"))
#t)))))
(propagated-inputs
`(("gst-plugins-base" ,gst-plugins-base)))

View File

@ -167,7 +167,7 @@ APNG patch provides APNG support to libpng.")
(define-public libpng-1.2
(package
(inherit libpng)
(version "1.2.57")
(version "1.2.59")
(source
(origin
(method url-fetch)
@ -180,7 +180,8 @@ APNG patch provides APNG support to libpng.")
"ftp://ftp.simplesystems.org/pub/libpng/png/src/history"
"/libpng12/libpng-" version ".tar.xz")))
(sha256
(base32 "1n2lrzjkm5jhfg2bs10q398lkwbbx742fi27zgdgx0x23zhj0ihg"))))))
(base32
"1izw9ybm27llk8531w6h4jp4rk2rxy2s9vil16nwik5dp0amyqxl"))))))
(define-public r-png
(package
@ -509,7 +510,7 @@ work.")
(define-public openjpeg
(package
(name "openjpeg")
(version "2.2.0")
(version "2.3.0")
(source
(origin
(method url-fetch)
@ -519,13 +520,7 @@ work.")
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"0yvfghxwfm3dcqr9krkw63pcd76hzkknc3fh7bh11s8qlvjvrpbg"))
(patches (search-patches "openjpeg-CVE-2017-12982.patch"
"openjpeg-CVE-2017-14040.patch"
"openjpeg-CVE-2017-14041.patch"
"openjpeg-CVE-2017-14151.patch"
"openjpeg-CVE-2017-14152.patch"
"openjpeg-CVE-2017-14164.patch"))))
"06npqzkg20avnygdwaqpap91r7qpdqgrn39adj2bl8v0pg0qgirx"))))
(build-system cmake-build-system)
(arguments
;; Trying to run `$ make check' results in a no rule fault.

View File

@ -46,14 +46,14 @@
;; The 7 release series has an incompatible API, while the 6 series is still
;; maintained. Don't update to 7 until we've made sure that the ImageMagick
;; users are ready for the 7-series API.
(version "6.9.9-17")
(version "6.9.9-18")
(source (origin
(method url-fetch)
(uri (string-append "mirror://imagemagick/ImageMagick-"
version ".tar.xz"))
(sha256
(base32
"0y39jcd6358dph51ch5w43sqk9lv079jhgg3l7g5mks6m25f49gz"))))
"1d70dvrgcasa3cla4c1dag4mw7vq4jk1nzbd604fk20l0l6xa78j"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags '("--with-frozenpaths" "--without-gcc-arch")

View File

@ -19,6 +19,7 @@
;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
;;; Copyright © 2017 Ben Woodcroft <donttrustben@gmail.com>
;;; Copyright © 2017 Theodoros Foradis <theodoros@foradis.org>
;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
;;;
;;; This file is part of GNU Guix.
;;;
@ -1127,7 +1128,7 @@ can solve two kinds of problems:
(license license:bsd-3)))
;; For a fully featured Octave, users are strongly recommended also to install
;; the following packages: texinfo, less, ghostscript, gnuplot.
;; the following packages: less, ghostscript, gnuplot.
(define-public octave
(package
(name "octave")
@ -1159,6 +1160,7 @@ can solve two kinds of problems:
("glu" ,glu)
("zlib" ,zlib)
("curl" ,curl)
("texinfo" ,texinfo)
("graphicsmagick" ,graphicsmagick)))
(native-inputs
`(("lzip" ,lzip)
@ -1173,14 +1175,23 @@ can solve two kinds of problems:
;; will still run without them, albeit without the features they
;; provide.
("less" ,less)
("texinfo" ,texinfo)
("ghostscript" ,ghostscript)
("gnuplot" ,gnuplot)))
(arguments
`(#:configure-flags
(list (string-append "--with-shell="
(assoc-ref %build-inputs "bash")
"/bin/sh"))))
"/bin/sh"))
#:phases
(modify-phases %standard-phases
(add-after 'configure 'configure-makeinfo
(lambda* (#:key inputs #:allow-other-keys)
(substitute* "libinterp/corefcn/help.cc"
(("Vmakeinfo_program = \"makeinfo\"")
(string-append "Vmakeinfo_program = \""
(assoc-ref inputs "texinfo")
"/bin/makeinfo\"")))
#t)))))
(home-page "https://www.gnu.org/software/octave/")
(synopsis "High-level language for numerical computation")
(description "GNU Octave is a high-level interpreted language that is

View File

@ -1,28 +0,0 @@
http://openwall.com/lists/oss-security/2017/08/21/1
https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7.patch
From baf0c1ad4572daa89caa3b12985bdd93530f0dd7 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Mon, 14 Aug 2017 17:26:58 +0200
Subject: [PATCH] bmp_read_info_header(): reject bmp files with biBitCount == 0
(#983)
---
src/bin/jp2/convertbmp.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c
index b49e7a080..2715fdf24 100644
--- a/src/bin/jp2/convertbmp.c
+++ b/src/bin/jp2/convertbmp.c
@@ -392,6 +392,10 @@ static OPJ_BOOL bmp_read_info_header(FILE* IN, OPJ_BITMAPINFOHEADER* header)
header->biBitCount = (OPJ_UINT16)getc(IN);
header->biBitCount |= (OPJ_UINT16)((OPJ_UINT32)getc(IN) << 8);
+ if (header->biBitCount == 0) {
+ fprintf(stderr, "Error, invalid biBitCount %d\n", 0);
+ return OPJ_FALSE;
+ }
if (header->biSize >= 40U) {
header->biCompression = (OPJ_UINT32)getc(IN);

View File

@ -1,83 +0,0 @@
http://openwall.com/lists/oss-security/2017/08/28/3
https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281.patch
From 2cd30c2b06ce332dede81cccad8b334cde997281 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Thu, 17 Aug 2017 11:47:40 +0200
Subject: [PATCH] tgatoimage(): avoid excessive memory allocation attempt, and
fixes unaligned load (#995)
---
src/bin/jp2/convert.c | 39 +++++++++++++++++++++++++++------------
1 file changed, 27 insertions(+), 12 deletions(-)
diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c
index a4eb81f6a..73dfc8d5f 100644
--- a/src/bin/jp2/convert.c
+++ b/src/bin/jp2/convert.c
@@ -580,13 +580,10 @@ struct tga_header {
};
#endif /* INFORMATION_ONLY */
-static unsigned short get_ushort(const unsigned char *data)
+/* Returns a ushort from a little-endian serialized value */
+static unsigned short get_tga_ushort(const unsigned char *data)
{
- unsigned short val = *(const unsigned short *)data;
-#ifdef OPJ_BIG_ENDIAN
- val = ((val & 0xffU) << 8) | (val >> 8);
-#endif
- return val;
+ return data[0] | (data[1] << 8);
}
#define TGA_HEADER_SIZE 18
@@ -613,17 +610,17 @@ static int tga_readheader(FILE *fp, unsigned int *bits_per_pixel,
id_len = tga[0];
/*cmap_type = tga[1];*/
image_type = tga[2];
- /*cmap_index = get_ushort(&tga[3]);*/
- cmap_len = get_ushort(&tga[5]);
+ /*cmap_index = get_tga_ushort(&tga[3]);*/
+ cmap_len = get_tga_ushort(&tga[5]);
cmap_entry_size = tga[7];
#if 0
- x_origin = get_ushort(&tga[8]);
- y_origin = get_ushort(&tga[10]);
+ x_origin = get_tga_ushort(&tga[8]);
+ y_origin = get_tga_ushort(&tga[10]);
#endif
- image_w = get_ushort(&tga[12]);
- image_h = get_ushort(&tga[14]);
+ image_w = get_tga_ushort(&tga[12]);
+ image_h = get_tga_ushort(&tga[14]);
pixel_depth = tga[16];
image_desc = tga[17];
@@ -817,6 +814,24 @@ opj_image_t* tgatoimage(const char *filename, opj_cparameters_t *parameters)
color_space = OPJ_CLRSPC_SRGB;
}
+ /* If the declared file size is > 10 MB, check that the file is big */
+ /* enough to avoid excessive memory allocations */
+ if (image_height != 0 && image_width > 10000000 / image_height / numcomps) {
+ char ch;
+ OPJ_UINT64 expected_file_size =
+ (OPJ_UINT64)image_width * image_height * numcomps;
+ long curpos = ftell(f);
+ if (expected_file_size > (OPJ_UINT64)INT_MAX) {
+ expected_file_size = (OPJ_UINT64)INT_MAX;
+ }
+ fseek(f, (long)expected_file_size - 1, SEEK_SET);
+ if (fread(&ch, 1, 1, f) != 1) {
+ fclose(f);
+ return NULL;
+ }
+ fseek(f, curpos, SEEK_SET);
+ }
+
subsampling_dx = parameters->subsampling_dx;
subsampling_dy = parameters->subsampling_dy;

View File

@ -1,25 +0,0 @@
http://openwall.com/lists/oss-security/2017/08/28/4
https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9.patch
From e5285319229a5d77bf316bb0d3a6cbd3cb8666d9 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Fri, 18 Aug 2017 13:39:20 +0200
Subject: [PATCH] pgxtoimage(): fix write stack buffer overflow (#997)
---
src/bin/jp2/convert.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c
index 5459f7d44..e606c9be7 100644
--- a/src/bin/jp2/convert.c
+++ b/src/bin/jp2/convert.c
@@ -1185,7 +1185,7 @@ opj_image_t* pgxtoimage(const char *filename, opj_cparameters_t *parameters)
}
fseek(f, 0, SEEK_SET);
- if (fscanf(f, "PG%[ \t]%c%c%[ \t+-]%d%[ \t]%d%[ \t]%d", temp, &endian1,
+ if (fscanf(f, "PG%31[ \t]%c%c%31[ \t+-]%d%31[ \t]%d%31[ \t]%d", temp, &endian1,
&endian2, signtmp, &prec, temp, &w, temp, &h) != 9) {
fclose(f);
fprintf(stderr,

View File

@ -1,46 +0,0 @@
https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9.patch
http://openwall.com/lists/oss-security/2017/09/06/1
From afb308b9ccbe129608c9205cf3bb39bbefad90b9 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Mon, 14 Aug 2017 17:20:37 +0200
Subject: [PATCH] Encoder: grow buffer size in
opj_tcd_code_block_enc_allocate_data() to avoid write heap buffer overflow in
opj_mqc_flush (#982)
---
src/lib/openjp2/tcd.c | 7 +++++--
tests/nonregression/test_suite.ctest.in | 2 ++
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/lib/openjp2/tcd.c b/src/lib/openjp2/tcd.c
index 301c7213e..53cdcf64d 100644
--- a/src/lib/openjp2/tcd.c
+++ b/src/lib/openjp2/tcd.c
@@ -1187,8 +1187,11 @@ static OPJ_BOOL opj_tcd_code_block_enc_allocate_data(opj_tcd_cblk_enc_t *
{
OPJ_UINT32 l_data_size;
- /* The +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */
- l_data_size = 1 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) *
+ /* +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */
+ /* and actually +2 required for https://github.com/uclouvain/openjpeg/issues/982 */
+ /* TODO: is there a theoretical upper-bound for the compressed code */
+ /* block size ? */
+ l_data_size = 2 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) *
(p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32));
if (l_data_size > p_code_block->data_size) {
diff --git a/tests/nonregression/test_suite.ctest.in b/tests/nonregression/test_suite.ctest.in
index aaf40d7d0..ffd964c2a 100644
--- a/tests/nonregression/test_suite.ctest.in
+++ b/tests/nonregression/test_suite.ctest.in
@@ -169,6 +169,8 @@ opj_compress -i @INPUT_NR_PATH@/Bretagne2.ppm -o @TEMP_PATH@/Bretagne2_empty_ban
# Same rate as Bretagne2_4.j2k
opj_compress -i @INPUT_NR_PATH@/Bretagne2.ppm -o @TEMP_PATH@/Bretagne2_empty_band_r800.j2k -t 2591,1943 -n 2 -r 800
+opj_compress -i @INPUT_NR_PATH@/issue982.bmp -o @TEMP_PATH@/issue982.j2k -n 1
+
# DECODER TEST SUITE
opj_decompress -i @INPUT_NR_PATH@/Bretagne2.j2k -o @TEMP_PATH@/Bretagne2.j2k.pgx
opj_decompress -i @INPUT_NR_PATH@/_00042.j2k -o @TEMP_PATH@/_00042.j2k.pgx

View File

@ -1,38 +0,0 @@
https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154.patch
http://openwall.com/lists/oss-security/2017/09/06/2
From 4241ae6fbbf1de9658764a80944dc8108f2b4154 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Tue, 15 Aug 2017 11:55:58 +0200
Subject: [PATCH] Fix assertion in debug mode / heap-based buffer overflow in
opj_write_bytes_LE for Cinema profiles with numresolutions = 1 (#985)
---
src/lib/openjp2/j2k.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
index a2521ebbc..54b490a8c 100644
--- a/src/lib/openjp2/j2k.c
+++ b/src/lib/openjp2/j2k.c
@@ -6573,10 +6573,16 @@ static void opj_j2k_set_cinema_parameters(opj_cparameters_t *parameters,
/* Precincts */
parameters->csty |= 0x01;
- parameters->res_spec = parameters->numresolution - 1;
- for (i = 0; i < parameters->res_spec; i++) {
- parameters->prcw_init[i] = 256;
- parameters->prch_init[i] = 256;
+ if (parameters->numresolution == 1) {
+ parameters->res_spec = 1;
+ parameters->prcw_init[0] = 128;
+ parameters->prch_init[0] = 128;
+ } else {
+ parameters->res_spec = parameters->numresolution - 1;
+ for (i = 0; i < parameters->res_spec; i++) {
+ parameters->prcw_init[i] = 256;
+ parameters->prch_init[i] = 256;
+ }
}
/* The progression order shall be CPRL */

View File

@ -1,89 +0,0 @@
https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a.patch
http://openwall.com/lists/oss-security/2017/09/06/3
From dcac91b8c72f743bda7dbfa9032356bc8110098a Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Wed, 16 Aug 2017 17:09:10 +0200
Subject: [PATCH] opj_j2k_write_sot(): fix potential write heap buffer overflow
(#991)
---
src/lib/openjp2/j2k.c | 25 ++++++++++++++++++++-----
1 file changed, 20 insertions(+), 5 deletions(-)
diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
index 54b490a8c..16915452e 100644
--- a/src/lib/openjp2/j2k.c
+++ b/src/lib/openjp2/j2k.c
@@ -832,13 +832,15 @@ static OPJ_BOOL opj_j2k_write_tlm(opj_j2k_t *p_j2k,
* Writes the SOT marker (Start of tile-part)
*
* @param p_j2k J2K codec.
- * @param p_data FIXME DOC
- * @param p_data_written FIXME DOC
+ * @param p_data Output buffer
+ * @param p_total_data_size Output buffer size
+ * @param p_data_written Number of bytes written into stream
* @param p_stream the stream to write data to.
* @param p_manager the user event manager.
*/
static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k,
OPJ_BYTE * p_data,
+ OPJ_UINT32 p_total_data_size,
OPJ_UINT32 * p_data_written,
const opj_stream_private_t *p_stream,
opj_event_mgr_t * p_manager);
@@ -4201,6 +4203,7 @@ static OPJ_BOOL opj_j2k_write_tlm(opj_j2k_t *p_j2k,
static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k,
OPJ_BYTE * p_data,
+ OPJ_UINT32 p_total_data_size,
OPJ_UINT32 * p_data_written,
const opj_stream_private_t *p_stream,
opj_event_mgr_t * p_manager
@@ -4214,6 +4217,12 @@ static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k,
OPJ_UNUSED(p_stream);
OPJ_UNUSED(p_manager);
+ if (p_total_data_size < 12) {
+ opj_event_msg(p_manager, EVT_ERROR,
+ "Not enough bytes in output buffer to write SOT marker\n");
+ return OPJ_FALSE;
+ }
+
opj_write_bytes(p_data, J2K_MS_SOT,
2); /* SOT */
p_data += 2;
@@ -11480,7 +11489,8 @@ static OPJ_BOOL opj_j2k_write_first_tile_part(opj_j2k_t *p_j2k,
l_current_nb_bytes_written = 0;
l_begin_data = p_data;
- if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream,
+ if (! opj_j2k_write_sot(p_j2k, p_data, p_total_data_size,
+ &l_current_nb_bytes_written, p_stream,
p_manager)) {
return OPJ_FALSE;
}
@@ -11572,7 +11582,10 @@ static OPJ_BOOL opj_j2k_write_all_tile_parts(opj_j2k_t *p_j2k,
l_part_tile_size = 0;
l_begin_data = p_data;
- if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream,
+ if (! opj_j2k_write_sot(p_j2k, p_data,
+ p_total_data_size,
+ &l_current_nb_bytes_written,
+ p_stream,
p_manager)) {
return OPJ_FALSE;
}
@@ -11615,7 +11628,9 @@ static OPJ_BOOL opj_j2k_write_all_tile_parts(opj_j2k_t *p_j2k,
l_part_tile_size = 0;
l_begin_data = p_data;
- if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream,
+ if (! opj_j2k_write_sot(p_j2k, p_data,
+ p_total_data_size,
+ &l_current_nb_bytes_written, p_stream,
p_manager)) {
return OPJ_FALSE;
}

View File

@ -3714,24 +3714,27 @@ producing implementations of dynamic languages, emphasizing a clean separation
between language specification and implementation aspects.")
(license license:expat)))
;; NOTE: when upgrading numpy please make sure that python-pandas and
;; python-scipy still build, as these three packages are often used together.
(define-public python-numpy
(package
(name "python-numpy")
(version "1.13.1")
(version "1.12.0")
(source
(origin
(method url-fetch)
(uri (pypi-uri "numpy" version ".zip"))
(uri (string-append
"https://github.com/numpy/numpy/archive/v" version ".tar.gz"))
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"1fsgkhh1vdkhmlz8vmdgxnj9n9yaanckxxzz9s0b4p08fqvjic69"))))
"025d4j4aakcp8w5i5diqh812cbbjgac7jszx1j56ivrbi1i8vv7d"))))
(build-system python-build-system)
(inputs
`(("openblas" ,openblas)
("lapack" ,lapack)))
(native-inputs
`(("unzip" ,unzip)
("python-cython" ,python-cython)
`(("python-cython" ,python-cython)
("python-nose" ,python-nose)
("gfortran" ,gfortran)))
(arguments
@ -3789,6 +3792,26 @@ capabilities.")
(define-public python2-numpy
(package-with-python2 python-numpy))
(define-public python-numpy-next
(package (inherit python-numpy)
(name "python-numpy-next")
(version "1.13.1")
(source
(origin
(method url-fetch)
(uri (pypi-uri "numpy" version ".zip"))
(sha256
(base32
"1fsgkhh1vdkhmlz8vmdgxnj9n9yaanckxxzz9s0b4p08fqvjic69"))))
(native-inputs
`(("unzip" ,unzip)
("python-cython" ,python-cython)
("python-nose" ,python-nose)
("gfortran" ,gfortran)))))
(define-public python2-numpy-next
(package-with-python2 python-numpy-next))
(define-public python-munch
(package
(name "python-munch")

View File

@ -8,6 +8,7 @@
;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org>
;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017 Stefan Reichör <stefan@xsteve.at>
;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
;;;
;;; This file is part of GNU Guix.
;;;
@ -603,3 +604,40 @@ monitor it, restarting it as necessary should it die or stop passing traffic.")
;; copy of this license in their headers, but there's no separate file
;; with that information.
(license:non-copyleft "file://autossh.c"))))
(define-public pdsh
(package
(name "pdsh")
(version "2.29")
(source
(origin
(method url-fetch)
(uri (string-append "https://storage.googleapis.com/"
"google-code-archive-downloads/v2/code.google.com/"
"pdsh/pdsh-" version ".tar.bz2"))
(sha256
(base32 "1kvzz01fyaxfqmbh53f4ljfsgvxdykh5jyr6fh4f1bw2ywxr1w2p"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
(list "--with-ssh")
#:phases
(modify-phases %standard-phases
(add-after 'unpack 'patch-/bin/sh
(lambda _
(substitute* '("tests/runtests.sh"
"tests/test-lib.sh"
"tests/test-modules/pcptest.c")
(("/bin/sh") (which "bash")))
#t)))))
(inputs
`(("openssh" ,openssh)
("mit-krb5" ,mit-krb5)
("perl" ,perl)))
(home-page "https://code.google.com/archive/p/pdsh")
(synopsis "Parallel distributed shell")
(description "Pdsh is a an efficient, multithreaded remote shell client
which executes commands on multiple remote hosts in parallel. Pdsh implements
dynamically loadable modules for extended functionality such as new remote
shell services and remote host selection.")
(license license:gpl2+)))

View File

@ -498,13 +498,13 @@ netcat implementation that supports TLS.")
(package
(name "python-acme")
;; Remember to update the hash of certbot when updating python-acme.
(version "0.18.2")
(version "0.19.0")
(source (origin
(method url-fetch)
(uri (pypi-uri "acme" version))
(sha256
(base32
"1xiy8m7501g5l9kpdmyvyz72nfnl72l19qkrf76fyvby7adzm3ki"))))
"08p8w50zciqlhgn3ab0wbbvi1zyg3x37r1gywq0z1allsij3v8hz"))))
(build-system python-build-system)
(arguments
`(#:phases
@ -552,7 +552,7 @@ netcat implementation that supports TLS.")
(uri (pypi-uri name version))
(sha256
(base32
"16lw4n7kwnkvh9sz2f97c7ad1wwp33mg5fc332lpy5n17zpfc8h1"))))
"0lwxqz3r0fg3dy06fgba1dfs7n6ribc25z0rh5rqbl7mvy8hf8x7"))))
(build-system python-build-system)
(arguments
`(,@(substitute-keyword-arguments (package-arguments python-acme)

View File

@ -35,6 +35,7 @@
#:use-module (gnu packages linux)
#:use-module (gnu packages compression)
#:use-module (gnu packages pcre)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages python)
#:use-module (gnu packages qt)
#:use-module (gnu packages autotools)
@ -57,12 +58,15 @@
`(#:configure-flags (list "--enable-gcc-hardening"
"--enable-linker-hardening")))
(native-inputs
`(("python" ,python-2))) ; for tests
`(("pkg-config" ,pkg-config)
("python" ,python-2))) ; for tests
(inputs
`(("zlib" ,zlib)
("openssl" ,openssl)
("libevent" ,libevent)
("libseccomp", libseccomp)))
("libseccomp" ,libseccomp)
("xz" ,xz)
("zstd" ,zstd)))
(home-page "https://www.torproject.org/")
(synopsis "Anonymous network router to improve privacy on the Internet")
(description

View File

@ -38,6 +38,7 @@
file-system-check?
file-system-create-mount-point?
file-system-dependencies
file-system-location
file-system-type-predicate
@ -101,7 +102,10 @@
(create-mount-point? file-system-create-mount-point? ; Boolean
(default #f))
(dependencies file-system-dependencies ; list of <file-system>
(default '()))) ; or <mapped-device>
(default '())) ; or <mapped-device>
(location file-system-location
(default (current-source-location))
(innate)))
;; Note: This module is used both on the build side and on the host side.
;; Arrange not to pull (guix store) and (guix config) because the latter

View File

@ -29,6 +29,7 @@
uuid?
uuid-type
uuid-bytevector
uuid=?
bytevector->uuid
@ -281,3 +282,15 @@ corresponding bytevector; otherwise return #f."
((_ . (? procedure? unparse)) (unparse bv))))
(((? uuid? uuid))
(uuid->string (uuid-bytevector uuid) (uuid-type uuid)))))
(define uuid=?
;; Return true if A is equal to B, comparing only the actual bits.
(match-lambda*
(((? bytevector? a) (? bytevector? b))
(bytevector=? a b))
(((? uuid? a) (? bytevector? b))
(bytevector=? (uuid-bytevector a) b))
(((? uuid? a) (? uuid? b))
(bytevector=? (uuid-bytevector a) (uuid-bytevector b)))
((a b)
(uuid=? b a))))

View File

@ -484,9 +484,11 @@ requested using POOL."
#:buffer-size (* 128 1024))
(rename-file (string-append nar ".tmp") nar))
('none
;; When compression is disabled, we retrieve files directly from the
;; store; no need to cache them.
#t))
;; Cache nars even when compression is disabled so that we can
;; guarantee the TTL (see <https://bugs.gnu.org/28664>.)
(with-atomic-file-output nar
(lambda (port)
(write-file item port)))))
(mkdir-p (dirname narinfo))
(with-atomic-file-output narinfo
@ -788,8 +790,11 @@ blocking."
;; /nar/<store-item>
((components ... store-item)
(if (nar-path? components)
(render-nar store request store-item
#:compression %no-compression)
(if cache
(render-nar/cached store cache request store-item
#:compression %no-compression)
(render-nar store request store-item
#:compression %no-compression))
(not-found request)))
(x (not-found request)))

View File

@ -37,6 +37,8 @@
#:use-module (guix scripts graph)
#:use-module (guix build utils)
#:use-module (gnu build install)
#:autoload (gnu build file-systems)
(find-partition-by-label find-partition-by-uuid)
#:use-module (gnu system)
#:use-module (gnu bootloader)
#:use-module (gnu system file-systems)
@ -404,6 +406,7 @@ NUMBERS, which is a list of generation numbers."
"Roll back the system profile to its previous generation. STORE is an open
connection to the store."
(switch-to-system-generation store "-1"))
;;;
;;; Switch generations.
@ -554,6 +557,61 @@ PATTERN, a string. When PATTERN is #f, display all the system generations."
(else
(leave (G_ "invalid syntax: ~a~%") pattern))))
;;;
;;; File system declaration checks.
;;;
(define (check-file-system-availability file-systems)
"Check whether the UUIDs or partition labels that FILE-SYSTEMS refer to, if
any, are available. Raise an error if they're not."
(define relevant
(filter (lambda (fs)
(and (file-system-mount? fs)
(not (string=? "tmpfs" (file-system-type fs)))
(not (memq 'bind-mount (file-system-flags fs)))))
file-systems))
(define labeled
(filter (lambda (fs)
(eq? (file-system-title fs) 'label))
relevant))
(define uuid
(filter (lambda (fs)
(eq? (file-system-title fs) 'uuid))
relevant))
(define fail? #f)
(define (file-system-location* fs)
(location->string
(source-properties->location
(file-system-location fs))))
(let-syntax ((error (syntax-rules ()
((_ args ...)
(begin
(set! fail? #t)
(format (current-error-port)
args ...))))))
(for-each (lambda (fs)
(unless (find-partition-by-label (file-system-device fs))
(error (G_ "~a: error: file system with label '~a' not found~%")
(file-system-location* fs)
(file-system-device fs))))
labeled)
(for-each (lambda (fs)
(unless (find-partition-by-uuid (file-system-device fs))
(error (G_ "~a: error: file system with UUID '~a' not found~%")
(file-system-location* fs)
(uuid->string (file-system-device fs)))))
uuid)
(when fail?
;; Better be safe than sorry.
(exit 1))))
;;;
;;; Action.
@ -637,6 +695,13 @@ output when building a system derivation, such as a disk image."
(when (eq? action 'reconfigure)
(maybe-suggest-running-guix-pull))
;; Check whether the declared file systems exist. This is better than
;; instantiating a broken configuration. Assume that we can only check if
;; running as root.
(when (and (memq action '(init reconfigure))
(zero? (getuid)))
(check-file-system-availability (operating-system-file-systems os)))
(mlet* %store-monad
((sys (system-derivation-for-action os action
#:file-system-type file-system-type

View File

@ -340,7 +340,7 @@ FileSize: ~a~%"
200 ;nar/gzip/…
#t ;Content-Length
#t ;FileSize
200) ;nar/…
404) ;nar/…
(call-with-temporary-directory
(lambda (cache)
(let ((thread (with-separate-output-ports
@ -393,7 +393,7 @@ FileSize: ~a~%"
(let ((item (add-text-to-store %store "fake-compressed-thing.tar.gz"
(random-text))))
(test-equal "with cache, uncompressed"
(list #f
(list #t
`(("StorePath" . ,item)
("URL" . ,(string-append "nar/" (basename item)))
("Compression" . "none"))

View File

@ -57,4 +57,10 @@
"1234-ABCD"
(uuid->string (uuid "1234-abcd" 'fat32)))
(test-equal "uuid=?"
(and (uuid=? (uuid-bytevector (uuid "1234-abcd" 'fat32))
(uuid "1234-abcd" 'fat32))
(uuid=? (uuid "1234-abcd" 'fat32)
(uuid "1234-abcd" 'fat))))
(test-end)