From fc381a33255a0be734ddb5c6c5e2215aad4afc6f Mon Sep 17 00:00:00 2001 From: Thomas Danckaert Date: Fri, 14 Oct 2016 13:27:23 +0200 Subject: [PATCH 1/8] gnu: Add qwt. * gnu/packages/qt.scm (qwt): New variable. Signed-off-by: Marius Bakke --- gnu/packages/qt.scm | 50 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/gnu/packages/qt.scm b/gnu/packages/qt.scm index a1e5fdef96..3353dc9c6a 100644 --- a/gnu/packages/qt.scm +++ b/gnu/packages/qt.scm @@ -4,6 +4,7 @@ ;;; Copyright © 2015 Ludovic Courtès ;;; Copyright © 2015, 2016 Efraim Flashner ;;; Copyright © 2016 ng0 +;;; Copyright © 2016 Thomas Danckaert ;;; ;;; This file is part of GNU Guix. ;;; @@ -1112,3 +1113,52 @@ contain over 620 classes.") "QtKeychain is a Qt library to store passwords and other secret data securely. It will not store any data unencrypted unless explicitly requested.") (license license:bsd-3))) + +(define-public qwt + (package + (name "qwt") + (version "6.1.3") + (source + (origin + (method url-fetch) + (uri + (string-append "mirror://sourceforge/qwt/qwt/" + version "/qwt-" version ".tar.bz2")) + (sha256 + (base32 "0cwp63s03dw351xavb3pzbjlqvx7kj88wv7v4a2b18m9f97d7v7k")))) + (build-system gnu-build-system) + (inputs + `(("qtbase" ,qtbase) + ("qtsvg" ,qtsvg) + ("qttools" ,qttools))) + (arguments + `(#:phases + (modify-phases %standard-phases + (replace 'configure + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (substitute* '("qwtconfig.pri") + (("/usr/local/qwt-\\$\\$QWT\\_VERSION") out)) + (zero? (system* "qmake"))))) + (add-after 'install 'install-documentation + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (man (string-append out "/share/man"))) + ;; Remove some incomplete manual pages. + (for-each delete-file (find-files "doc/man/man3" "^_tmp.*")) + (mkdir-p man) + (copy-recursively "doc/man" man) + #t)))))) + (home-page "http://qwt.sourceforge.net") + (synopsis "Qt widgets for plots, scales, dials and other technical software +GUI components") + (description + "The Qwt library contains widgets and components which are primarily useful +for technical and scientific purposes. It includes a 2-D plotting widget, +different kinds of sliders, and much more.") + (license + (list + ;; The Qwt license is LGPL2.1 with some exceptions. + (license:non-copyleft "http://qwt.sourceforge.net/qwtlicense.html") + ;; textengines/mathml/qwt_mml_document.{cpp,h} is dual LGPL2.1/GPL3 (either). + license:lgpl2.1 license:gpl3)))) From 36e5d103875bb849d674be0cf01ee76ddfbe9a8d Mon Sep 17 00:00:00 2001 From: Roel Janssen Date: Fri, 28 Oct 2016 19:29:35 +0200 Subject: [PATCH 2/8] gnu: Add emacs-request. * gnu/packages/emacs.scm (emacs-request): New variable. --- gnu/packages/emacs.scm | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm index 2a275d0672..5131628178 100644 --- a/gnu/packages/emacs.scm +++ b/gnu/packages/emacs.scm @@ -2228,6 +2228,26 @@ perspective only its buffers are available by default.") ;; the Expat license. (license license:gpl3+))) +(define-public emacs-request + (package + (name "emacs-request") + (version "0.2.0") + (source (origin + (method url-fetch) + (uri (string-append + "https://github.com/tkf/emacs-request/archive/v" + version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 "0sll9g9x15jxrdr58pdxx4iz74rnjd43q521iqm890i6hmkrgwap")))) + (build-system emacs-build-system) + (home-page "https://github.com/tkf/emacs-request") + (synopsis "Package for speaking HTTP in Emacs Lisp") + (description "This package provides a HTTP request library with multiple +backends. It supports url.el which is shipped with Emacs and the curl command +line program.") + (license license:gpl3+))) + (define-public emacs-rudel (package (name "emacs-rudel") From b2ed5ca7aac31636551faeb71e94ea44ee2e6e5e Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Thu, 27 Oct 2016 23:27:35 -0400 Subject: [PATCH 3/8] gnu: libwebp: Update to 0.5.1. * gnu/packages/image.scm (libwebp): Update to 0.5.1. --- gnu/packages/image.scm | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 4e1c10f16b..6d781879bb 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -669,7 +669,7 @@ multi-dimensional image processing.") (define-public libwebp (package (name "libwebp") - (version "0.4.3") + (version "0.5.1") (source (origin (method url-fetch) @@ -677,7 +677,8 @@ multi-dimensional image processing.") "http://downloads.webmproject.org/releases/webp/libwebp-" version ".tar.gz")) (sha256 - (base32 "1i4hfczjm3b1qj1g4cc9hgb69l47f3nkgf6hk7nz4dm9zmc0vgpg")))) + (base32 + "1pqki1g8nzi8qgciysypd5r38zccv81np1dn43g27830rmpnrmka")))) (build-system gnu-build-system) (inputs `(("freeglut" ,freeglut) From 95bff4f697ca3d1a95a0ae6b41b445355f4307c3 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Thu, 27 Oct 2016 23:34:24 -0400 Subject: [PATCH 4/8] gnu: libwebp: Fix CVE-2016-9085. * gnu/packages/patches/libwebp-CVE-2016-9085.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/image.scm (libwebp)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/image.scm | 1 + .../patches/libwebp-CVE-2016-9085.patch | 144 ++++++++++++++++++ 3 files changed, 146 insertions(+) create mode 100644 gnu/packages/patches/libwebp-CVE-2016-9085.patch diff --git a/gnu/local.mk b/gnu/local.mk index f306180694..a64b7ec04b 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -663,6 +663,7 @@ dist_patch_DATA = \ %D%/packages/patches/libunwind-CVE-2015-3239.patch \ %D%/packages/patches/libupnp-CVE-2016-6255.patch \ %D%/packages/patches/libvpx-CVE-2016-2818.patch \ + %D%/packages/patches/libwebp-CVE-2016-9085.patch \ %D%/packages/patches/libwmf-CAN-2004-0941.patch \ %D%/packages/patches/libwmf-CVE-2006-3376.patch \ %D%/packages/patches/libwmf-CVE-2007-0455.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 6d781879bb..873a7f23c6 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -676,6 +676,7 @@ multi-dimensional image processing.") (uri (string-append "http://downloads.webmproject.org/releases/webp/libwebp-" version ".tar.gz")) + (patches (search-patches "libwebp-CVE-2016-9085.patch")) (sha256 (base32 "1pqki1g8nzi8qgciysypd5r38zccv81np1dn43g27830rmpnrmka")))) diff --git a/gnu/packages/patches/libwebp-CVE-2016-9085.patch b/gnu/packages/patches/libwebp-CVE-2016-9085.patch new file mode 100644 index 0000000000..e40b353303 --- /dev/null +++ b/gnu/packages/patches/libwebp-CVE-2016-9085.patch @@ -0,0 +1,144 @@ +Fix CVE-2016-9085 (several integer overflows): + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9085 +http://seclists.org/oss-sec/2016/q4/253 + +Patch copied from upstream source repository: + +https://chromium.googlesource.com/webm/libwebp/+/e2affacc35f1df6cc3b1a9fa0ceff5ce2d0cce83 + +From e2affacc35f1df6cc3b1a9fa0ceff5ce2d0cce83 Mon Sep 17 00:00:00 2001 +From: Pascal Massimino +Date: Mon, 10 Oct 2016 11:48:39 +0200 +Subject: [PATCH] fix potential overflow when width * height * 4 >= (1<<32) + +Mostly: avoid doing calculation like: ptr + j * stride +when stride is 'int'. Rather use size_t, or pointer increments (ptr += stride) +when possible. + +BUG=webp:314 + +Change-Id: I81c684b515dd1ec4f601f32d50a6e821c4e46e20 +--- + examples/gifdec.c | 56 +++++++++++++++++++++++++++++++------------------------ + 1 file changed, 32 insertions(+), 24 deletions(-) + +diff --git a/examples/gifdec.c b/examples/gifdec.c +index 83c3d82..7df176f 100644 +--- a/examples/gifdec.c ++++ b/examples/gifdec.c +@@ -20,6 +20,7 @@ + + #include "webp/encode.h" + #include "webp/mux_types.h" ++#include "webp/format_constants.h" + + #define GIF_TRANSPARENT_COLOR 0x00000000 + #define GIF_WHITE_COLOR 0xffffffff +@@ -103,12 +104,19 @@ int GIFReadFrame(GifFileType* const gif, int transparent_index, + const GifImageDesc* const image_desc = &gif->Image; + uint32_t* dst = NULL; + uint8_t* tmp = NULL; +- int ok = 0; +- GIFFrameRect rect = { ++ const GIFFrameRect rect = { + image_desc->Left, image_desc->Top, image_desc->Width, image_desc->Height + }; ++ const uint64_t memory_needed = 4 * rect.width * (uint64_t)rect.height; ++ int ok = 0; + *gif_rect = rect; + ++ if (memory_needed != (size_t)memory_needed || ++ memory_needed > 4 * MAX_IMAGE_AREA) { ++ fprintf(stderr, "Image is too large (%d x %d).", rect.width, rect.height); ++ return 0; ++ } ++ + // Use a view for the sub-picture: + if (!WebPPictureView(picture, rect.x_offset, rect.y_offset, + rect.width, rect.height, &sub_image)) { +@@ -132,15 +140,15 @@ int GIFReadFrame(GifFileType* const gif, int transparent_index, + y += interlace_jumps[pass]) { + if (DGifGetLine(gif, tmp, rect.width) == GIF_ERROR) goto End; + Remap(gif, tmp, rect.width, transparent_index, +- dst + y * sub_image.argb_stride); ++ dst + y * (size_t)sub_image.argb_stride); + } + } + } else { // Non-interlaced image. + int y; +- for (y = 0; y < rect.height; ++y) { ++ uint32_t* ptr = dst; ++ for (y = 0; y < rect.height; ++y, ptr += sub_image.argb_stride) { + if (DGifGetLine(gif, tmp, rect.width) == GIF_ERROR) goto End; +- Remap(gif, tmp, rect.width, transparent_index, +- dst + y * sub_image.argb_stride); ++ Remap(gif, tmp, rect.width, transparent_index, ptr); + } + } + ok = 1; +@@ -216,13 +224,11 @@ int GIFReadMetadata(GifFileType* const gif, GifByteType** const buf, + + static void ClearRectangle(WebPPicture* const picture, + int left, int top, int width, int height) { +- int j; +- for (j = top; j < top + height; ++j) { +- uint32_t* const dst = picture->argb + j * picture->argb_stride; +- int i; +- for (i = left; i < left + width; ++i) { +- dst[i] = GIF_TRANSPARENT_COLOR; +- } ++ int i, j; ++ const size_t stride = picture->argb_stride; ++ uint32_t* dst = picture->argb + top * stride + left; ++ for (j = 0; j < height; ++j, dst += stride) { ++ for (i = 0; i < width; ++i) dst[i] = GIF_TRANSPARENT_COLOR; + } + } + +@@ -246,29 +252,31 @@ void GIFDisposeFrame(GIFDisposeMethod dispose, const GIFFrameRect* const rect, + if (dispose == GIF_DISPOSE_BACKGROUND) { + GIFClearPic(curr_canvas, rect); + } else if (dispose == GIF_DISPOSE_RESTORE_PREVIOUS) { +- const int src_stride = prev_canvas->argb_stride; +- const uint32_t* const src = +- prev_canvas->argb + rect->x_offset + rect->y_offset * src_stride; +- const int dst_stride = curr_canvas->argb_stride; +- uint32_t* const dst = +- curr_canvas->argb + rect->x_offset + rect->y_offset * dst_stride; ++ const size_t src_stride = prev_canvas->argb_stride; ++ const uint32_t* const src = prev_canvas->argb + rect->x_offset ++ + rect->y_offset * src_stride; ++ const size_t dst_stride = curr_canvas->argb_stride; ++ uint32_t* const dst = curr_canvas->argb + rect->x_offset ++ + rect->y_offset * dst_stride; + assert(prev_canvas != NULL); +- WebPCopyPlane((uint8_t*)src, 4 * src_stride, (uint8_t*)dst, 4 * dst_stride, ++ WebPCopyPlane((uint8_t*)src, (int)(4 * src_stride), ++ (uint8_t*)dst, (int)(4 * dst_stride), + 4 * rect->width, rect->height); + } + } + + void GIFBlendFrames(const WebPPicture* const src, + const GIFFrameRect* const rect, WebPPicture* const dst) { +- int j; ++ int i, j; ++ const size_t src_stride = src->argb_stride; ++ const size_t dst_stride = dst->argb_stride; + assert(src->width == dst->width && src->height == dst->height); + for (j = rect->y_offset; j < rect->y_offset + rect->height; ++j) { +- int i; + for (i = rect->x_offset; i < rect->x_offset + rect->width; ++i) { +- const uint32_t src_pixel = src->argb[j * src->argb_stride + i]; ++ const uint32_t src_pixel = src->argb[j * src_stride + i]; + const int src_alpha = src_pixel >> 24; + if (src_alpha != 0) { +- dst->argb[j * dst->argb_stride + i] = src_pixel; ++ dst->argb[j * dst_stride + i] = src_pixel; + } + } + } +-- +2.10.1 + From 92c3ef2cf3b297f5469658ef6c0d94e78255d27d Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 28 Oct 2016 12:46:02 -0400 Subject: [PATCH 5/8] gnu: python-feedparser: Disable the test suite. The tests were silently skipped with Python 3.4. With Python 3.5, this caused the build of python-feedparser to fail. * gnu/packages/python.scm (python-feedparser, python2-feedparser)[arguments]: Disable the tests. --- gnu/packages/web.scm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index 30d0677c1b..976820171b 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -3161,6 +3161,8 @@ their web site.") (base32 "00hb4qg2am06g81mygfi1jsbx8830024jm45g6qp9g8fr6am91yf")))) (build-system python-build-system) + (arguments + '(#:tests? #f)) (home-page "https://github.com/kurtmckee/feedparser") (synopsis "Parse feeds in Python") From 5f37f0b66e301210698ab0c0af24453c826ba18a Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 28 Oct 2016 13:09:56 -0400 Subject: [PATCH 6/8] gnu: python-beautifulsoup4: Run the test suite. * gnu/packages/python.scm (python-beautifulsoup4)[arguments]: Add field run python-2 -> python-3 conversion script and test suite. (python2-beautifulsoup4)[arguments]: Specify use of python-2. --- gnu/packages/python.scm | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index f33a2fa11f..1ede56f10a 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -4823,6 +4823,16 @@ libxml2 and libxslt.") (base32 "1rf94360s8pmn37vxqjl0g74krq2p6nj3wbn6pj94ik6ny44q24f")))) (build-system python-build-system) + (arguments + `(#:phases + (modify-phases %standard-phases + ;; The Python 2 source is the definitive source of beautifulsoup4. We + ;; must use this conversion script when building with Python 3. The + ;; conversion script also runs the tests. + ;; For more information, see the file 'convert-py3k' in the source + ;; distribution. + (replace 'check + (lambda _ (zero? (system* "./convert-py3k"))))))) (home-page "http://www.crummy.com/software/BeautifulSoup/bs4/") (synopsis @@ -4840,7 +4850,8 @@ converts incoming documents to Unicode and outgoing documents to UTF-8.") (package (inherit (package-with-python2 (strip-python2-variant python-beautifulsoup4))) - (native-inputs `(("python2-setuptools" ,python2-setuptools))))) + (native-inputs `(("python2-setuptools" ,python2-setuptools))) + (arguments `(#:python ,python-2)))) (define-public python2-cssutils (package From 67fd4a12cb5aa71f8e5943e88ffc3c18900d6963 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 28 Oct 2016 13:11:40 -0400 Subject: [PATCH 7/8] gnu: python-beautifulsoup4: Update to 4.5.1. * gnu/packages/python.scm (python-beautifulsoup4, python2-beautifulsoup4): Update to 4.5.1. --- gnu/packages/python.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 1ede56f10a..8e04909333 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -4814,14 +4814,14 @@ libxml2 and libxslt.") (define-public python-beautifulsoup4 (package (name "python-beautifulsoup4") - (version "4.5.0") + (version "4.5.1") (source (origin (method url-fetch) (uri (pypi-uri "beautifulsoup4" version)) (sha256 (base32 - "1rf94360s8pmn37vxqjl0g74krq2p6nj3wbn6pj94ik6ny44q24f")))) + "1qgmhw65ncsgccjhslgkkszif47q6gvxwqv4mim17agxd81p951w")))) (build-system python-build-system) (arguments `(#:phases From e359b31a60b29209a202a4012069f551bae8870f Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 28 Oct 2016 13:26:57 -0400 Subject: [PATCH 8/8] gnu: python-wsgiproxy2: Disable the test suite. * gnu/packages/python.scm (python-wsgiproxy2, python2-wsgiproxy2)[arguments]: Disable the tests. --- gnu/packages/python.scm | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 8e04909333..f7485ad014 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -8129,6 +8129,11 @@ server with very acceptable performance.") (base32 "13kf9bdxrc95y9vriaz0viry3ah11nz4rlrykcfvb8nlqpx3dcm4")))) (build-system python-build-system) + (arguments + '(;; Wsgiproxy2's test suite requires Restkit, which does not yet fully + ;; support Python 3: + ;; https://github.com/benoitc/restkit/issues/140 + #:tests? #f)) (native-inputs `(("unzip" ,unzip) ("python-nose" ,python-nose)