summaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2019-07-12 01:03:53 +0200
committerMarius Bakke <mbakke@fastmail.com>2019-07-12 01:03:53 +0200
commitfb9a23a3f3ad3d7b5b7f03b2007baf27684d6bbd (patch)
treeafbd3f4f33771c61254b0c3d977092542fbe8009 /gnu/packages/patches
parent1c4b72cb34640638e40c5190676e5c8c352d292d (diff)
parent5a836ce38c9c29e9c2bd306007347486b90c5064 (diff)
Merge branch 'master' into core-updates
Conflicts: gnu/local.mk gnu/packages/python-xyz.scm gnu/packages/xml.scm guix/gexp.scm po/guix/POTFILES.in
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/a2ps-CVE-2015-8107.patch80
-rw-r--r--gnu/packages/patches/clx-remove-demo.patch27
-rw-r--r--gnu/packages/patches/csvkit-fix-tests.patch45
-rw-r--r--gnu/packages/patches/cvs-CVE-2017-12836.patch (renamed from gnu/packages/patches/cvs-2017-12836.patch)0
-rw-r--r--gnu/packages/patches/expat-CVE-2018-20843.patch21
-rw-r--r--gnu/packages/patches/grub-binutils-compat.patch53
-rw-r--r--gnu/packages/patches/grub-check-error-efibootmgr.patch197
-rw-r--r--gnu/packages/patches/grub-efi-fat-serial-number.patch17
-rw-r--r--gnu/packages/patches/libexif-CVE-2018-20030.patch120
-rw-r--r--gnu/packages/patches/plib-CVE-2011-4620.patch13
-rw-r--r--gnu/packages/patches/plib-CVE-2012-4552.patch57
-rw-r--r--gnu/packages/patches/python-slugify-depend-on-unidecode.patch22
12 files changed, 367 insertions, 285 deletions
diff --git a/gnu/packages/patches/a2ps-CVE-2015-8107.patch b/gnu/packages/patches/a2ps-CVE-2015-8107.patch
new file mode 100644
index 0000000000..5ea35d45da
--- /dev/null
+++ b/gnu/packages/patches/a2ps-CVE-2015-8107.patch
@@ -0,0 +1,80 @@
+https://sources.debian.org/data/main/a/a2ps/1:4.14-2/debian/patches/fix-format-security.diff
+
+Index: b/lib/psgen.c
+===================================================================
+--- a/lib/psgen.c
++++ b/lib/psgen.c
+@@ -232,7 +232,7 @@
+ default:
+ *buf = '\0';
+ ps_escape_char (job, cp[i], buf);
+- output (jdiv, (char *) buf);
++ output (jdiv, "%s", (char *) buf);
+ break;
+ }
+ }
+Index: b/lib/output.c
+===================================================================
+--- a/lib/output.c
++++ b/lib/output.c
+@@ -525,7 +525,7 @@
+ expand_user_string (job, FIRST_FILE (job),
+ (const uchar *) "Expand: requirement",
+ (const uchar *) token));
+- output (dest, expansion);
++ output (dest, "%s", expansion);
+ continue;
+ }
+
+Index: b/lib/parseppd.y
+===================================================================
+--- a/lib/parseppd.y
++++ b/lib/parseppd.y
+@@ -154,7 +154,7 @@
+ void
+ yyerror (const char *msg)
+ {
+- error_at_line (1, 0, ppdfilename, ppdlineno, msg);
++ error_at_line (1, 0, ppdfilename, ppdlineno, "%s", msg);
+ }
+
+ /*
+Index: b/src/parsessh.y
+===================================================================
+--- a/src/parsessh.y
++++ b/src/parsessh.y
+@@ -740,7 +740,7 @@
+ void
+ yyerror (const char *msg)
+ {
+- error_at_line (1, 0, sshfilename, sshlineno, msg);
++ error_at_line (1, 0, sshfilename, sshlineno, "%s", msg);
+ }
+
+ /*
+Index: b/lib/parseppd.c
+===================================================================
+--- a/lib/parseppd.c
++++ b/lib/parseppd.c
+@@ -1707,7 +1707,7 @@
+ void
+ yyerror (const char *msg)
+ {
+- error_at_line (1, 0, ppdfilename, ppdlineno, msg);
++ error_at_line (1, 0, ppdfilename, ppdlineno, "%s", msg);
+ }
+
+ /*
+Index: b/src/parsessh.c
+===================================================================
+--- a/src/parsessh.c
++++ b/src/parsessh.c
+@@ -2639,7 +2639,7 @@
+ void
+ yyerror (const char *msg)
+ {
+- error_at_line (1, 0, sshfilename, sshlineno, msg);
++ error_at_line (1, 0, sshfilename, sshlineno, "%s", msg);
+ }
+
+ /*
diff --git a/gnu/packages/patches/clx-remove-demo.patch b/gnu/packages/patches/clx-remove-demo.patch
deleted file mode 100644
index c5fffea0d0..0000000000
--- a/gnu/packages/patches/clx-remove-demo.patch
+++ /dev/null
@@ -1,27 +0,0 @@
---- a/clx.asd 2016-02-16 00:06:48.161596976 -0500
-+++ b/clx.asd 2016-02-16 00:06:54.793774658 -0500
-@@ -79,24 +79,6 @@
- (:file "xtest")
- (:file "screensaver")
- (:file "xinerama")))
-- (:module demo
-- :default-component-class example-source-file
-- :components
-- ((:file "bezier")
-- ;; KLUDGE: this requires "bezier" for proper operation,
-- ;; but we don't declare that dependency here, because
-- ;; asdf doesn't load example files anyway.
-- (:file "beziertest")
-- (:file "clclock")
-- (:file "clipboard")
-- (:file "clx-demos")
-- (:file "gl-test")
-- ;; FIXME: compiling this generates 30-odd spurious code
-- ;; deletion notes. Find out why, and either fix or
-- ;; workaround the problem.
-- (:file "mandel")
-- (:file "menu")
-- (:file "zoid")))
- (:module test
- :default-component-class example-source-file
- :components
diff --git a/gnu/packages/patches/csvkit-fix-tests.patch b/gnu/packages/patches/csvkit-fix-tests.patch
new file mode 100644
index 0000000000..cb9ec39cb0
--- /dev/null
+++ b/gnu/packages/patches/csvkit-fix-tests.patch
@@ -0,0 +1,45 @@
+diff --git a/tests/test_utilities/test_csvsql.py b/tests/test_utilities/test_csvsql.py
+index e6ec4af..4f47980 100644
+--- a/tests/test_utilities/test_csvsql.py
++++ b/tests/test_utilities/test_csvsql.py
+@@ -197,7 +197,7 @@ class TestCSVSQL(CSVKitTestCase, EmptyFileTests):
+ utility.run()
+ output = output_file.getvalue()
+ output_file.close()
+- self.assertEqual(output, 'a,b,c\n1,2,3\n0,5,6\n')
++ self.assertEqual(output, 'a,b,c\n1,2.0,3.0\n0,5.0,6.0\n')
+
+ def test_no_prefix_unique_constraint(self):
+ self.get_output(['--db', 'sqlite:///' + self.db_file, '--insert', 'examples/dummy.csv', '--unique-constraint', 'a'])
+diff --git a/tests/test_utilities/test_sql2csv.py b/tests/test_utilities/test_sql2csv.py
+index a0c3d3e..babcfd6 100644
+--- a/tests/test_utilities/test_sql2csv.py
++++ b/tests/test_utilities/test_sql2csv.py
+@@ -121,23 +121,23 @@ class TestSQL2CSV(CSVKitTestCase, EmptyFileTests):
+ input_file.close()
+
+ def test_unicode(self):
+- expected = self.csvsql('examples/test_utf8.csv')
++ self.csvsql('examples/test_utf8.csv')
+ csv = self.get_output(['--db', 'sqlite:///' + self.db_file, '--query', 'select * from foo'])
+- self.assertEqual(csv.strip(), expected)
++ self.assertEqual(csv.strip(), 'foo,bar,baz\n1.0,2.0,3\n4.0,5.0,ʤ')
+
+ def test_no_header_row(self):
+ self.csvsql('examples/dummy.csv')
+ csv = self.get_output(['--db', 'sqlite:///' + self.db_file, '--no-header-row', '--query', 'select * from foo'])
+
+ self.assertTrue('a,b,c' not in csv)
+- self.assertTrue('1,2,3' in csv)
++ self.assertTrue('1,2.0,3.0' in csv)
+
+ def test_linenumbers(self):
+ self.csvsql('examples/dummy.csv')
+ csv = self.get_output(['--db', 'sqlite:///' + self.db_file, '--linenumbers', '--query', 'select * from foo'])
+
+ self.assertTrue('line_number,a,b,c' in csv)
+- self.assertTrue('1,1,2,3' in csv)
++ self.assertTrue('1,1,2.0,3.0' in csv)
+
+ def test_wildcard_on_sqlite(self):
+ self.csvsql('examples/iris.csv')
diff --git a/gnu/packages/patches/cvs-2017-12836.patch b/gnu/packages/patches/cvs-CVE-2017-12836.patch
index 507ab0f7d0..507ab0f7d0 100644
--- a/gnu/packages/patches/cvs-2017-12836.patch
+++ b/gnu/packages/patches/cvs-CVE-2017-12836.patch
diff --git a/gnu/packages/patches/expat-CVE-2018-20843.patch b/gnu/packages/patches/expat-CVE-2018-20843.patch
new file mode 100644
index 0000000000..216fbe9667
--- /dev/null
+++ b/gnu/packages/patches/expat-CVE-2018-20843.patch
@@ -0,0 +1,21 @@
+Fix extraction of namespace prefix from XML name.
+Fixes CVE-2018-20843
+
+This patch comes from upstream commit 11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
+https://github.com/libexpat/libexpat/commit/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
+
+CVE is https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843
+
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
+index 30d55c5..737d7cd 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -6071,7 +6071,7 @@ setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE *elementType)
+ else
+ poolDiscard(&dtd->pool);
+ elementType->prefix = prefix;
+-
++ break;
+ }
+ }
+ return 1;
diff --git a/gnu/packages/patches/grub-binutils-compat.patch b/gnu/packages/patches/grub-binutils-compat.patch
deleted file mode 100644
index 2107869314..0000000000
--- a/gnu/packages/patches/grub-binutils-compat.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-Fix a relocation issue that shows up with recent binutils.
-
-Patch taken from upstream:
-https://git.sv.gnu.org/cgit/grub.git/commit/?id=842c390469e2c2e10b5aa36700324cd3bde25875
-
-diff --git a/grub-core/efiemu/i386/loadcore64.c b/grub-core/efiemu/i386/loadcore64.c
-index e49d0b6..18facf4 100644
---- a/grub-core/efiemu/i386/loadcore64.c
-+++ b/grub-core/efiemu/i386/loadcore64.c
-@@ -98,6 +98,7 @@ grub_arch_efiemu_relocate_symbols64 (grub_efiemu_segment_t segs,
- break;
-
- case R_X86_64_PC32:
-+ case R_X86_64_PLT32:
- err = grub_efiemu_write_value (addr,
- *addr32 + rel->r_addend
- + sym.off
-diff --git a/grub-core/kern/x86_64/dl.c b/grub-core/kern/x86_64/dl.c
-index 4406906..3a73e6e 100644
---- a/grub-core/kern/x86_64/dl.c
-+++ b/grub-core/kern/x86_64/dl.c
-@@ -70,6 +70,7 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr,
- break;
-
- case R_X86_64_PC32:
-+ case R_X86_64_PLT32:
- {
- grub_int64_t value;
- value = ((grub_int32_t) *addr32) + rel->r_addend + sym->st_value -
-diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c
-index a2bb054..39d7efb 100644
---- a/util/grub-mkimagexx.c
-+++ b/util/grub-mkimagexx.c
-@@ -841,6 +841,7 @@ SUFFIX (relocate_addresses) (Elf_Ehdr *e, Elf_Shdr *sections,
- break;
-
- case R_X86_64_PC32:
-+ case R_X86_64_PLT32:
- {
- grub_uint32_t *t32 = (grub_uint32_t *) target;
- *t32 = grub_host_to_target64 (grub_target_to_host32 (*t32)
-diff --git a/util/grub-module-verifier.c b/util/grub-module-verifier.c
-index 9179285..a79271f 100644
---- a/util/grub-module-verifier.c
-+++ b/util/grub-module-verifier.c
-@@ -19,6 +19,7 @@ struct grub_module_verifier_arch archs[] = {
- -1
- }, (int[]){
- R_X86_64_PC32,
-+ R_X86_64_PLT32,
- -1
- }
- },
diff --git a/gnu/packages/patches/grub-check-error-efibootmgr.patch b/gnu/packages/patches/grub-check-error-efibootmgr.patch
deleted file mode 100644
index efeb20f213..0000000000
--- a/gnu/packages/patches/grub-check-error-efibootmgr.patch
+++ /dev/null
@@ -1,197 +0,0 @@
-Without this patch, GRUB may proceed to wipe all firmware boot entries
-and report a successful installation, even if efibootmgr hit an error.
-
-Origin URL:
-https://git.sv.gnu.org/cgit/grub.git/commit/?id=6400613ad0b463abc93362086a491cd2a5e99b0d
-
-From 6400613ad0b463abc93362086a491cd2a5e99b0d Mon Sep 17 00:00:00 2001
-From: Steve McIntyre <steve@einval.com>
-Date: Wed, 31 Jan 2018 21:49:36 +0000
-Subject: Make grub-install check for errors from efibootmgr
-
-Code is currently ignoring errors from efibootmgr, giving users
-clearly bogus output like:
-
- Setting up grub-efi-amd64 (2.02~beta3-4) ...
- Installing for x86_64-efi platform.
- Could not delete variable: No space left on device
- Could not prepare Boot variable: No space left on device
- Installation finished. No error reported.
-
-and then potentially unbootable systems. If efibootmgr fails, grub-install
-should know that and report it!
-
-We've been using similar patch in Debian now for some time, with no ill effects.
-
-diff --git a/grub-core/osdep/unix/platform.c b/grub-core/osdep/unix/platform.c
-index a3fcfca..ca448bc 100644
---- a/grub-core/osdep/unix/platform.c
-+++ b/grub-core/osdep/unix/platform.c
-@@ -78,19 +78,20 @@ get_ofpathname (const char *dev)
- dev);
- }
-
--static void
-+static int
- grub_install_remove_efi_entries_by_distributor (const char *efi_distributor)
- {
- int fd;
- pid_t pid = grub_util_exec_pipe ((const char * []){ "efibootmgr", NULL }, &fd);
- char *line = NULL;
- size_t len = 0;
-+ int rc;
-
- if (!pid)
- {
- grub_util_warn (_("Unable to open stream from %s: %s"),
- "efibootmgr", strerror (errno));
-- return;
-+ return errno;
- }
-
- FILE *fp = fdopen (fd, "r");
-@@ -98,7 +99,7 @@ grub_install_remove_efi_entries_by_distributor (const char *efi_distributor)
- {
- grub_util_warn (_("Unable to open stream from %s: %s"),
- "efibootmgr", strerror (errno));
-- return;
-+ return errno;
- }
-
- line = xmalloc (80);
-@@ -119,23 +120,25 @@ grub_install_remove_efi_entries_by_distributor (const char *efi_distributor)
- bootnum = line + sizeof ("Boot") - 1;
- bootnum[4] = '\0';
- if (!verbosity)
-- grub_util_exec ((const char * []){ "efibootmgr", "-q",
-+ rc = grub_util_exec ((const char * []){ "efibootmgr", "-q",
- "-b", bootnum, "-B", NULL });
- else
-- grub_util_exec ((const char * []){ "efibootmgr",
-+ rc = grub_util_exec ((const char * []){ "efibootmgr",
- "-b", bootnum, "-B", NULL });
- }
-
- free (line);
-+ return rc;
- }
-
--void
-+int
- grub_install_register_efi (grub_device_t efidir_grub_dev,
- const char *efifile_path,
- const char *efi_distributor)
- {
- const char * efidir_disk;
- int efidir_part;
-+ int ret;
- efidir_disk = grub_util_biosdisk_get_osdev (efidir_grub_dev->disk);
- efidir_part = efidir_grub_dev->disk->partition ? efidir_grub_dev->disk->partition->number + 1 : 1;
-
-@@ -151,23 +154,26 @@ grub_install_register_efi (grub_device_t efidir_grub_dev,
- grub_util_exec ((const char * []){ "modprobe", "-q", "efivars", NULL });
- #endif
- /* Delete old entries from the same distributor. */
-- grub_install_remove_efi_entries_by_distributor (efi_distributor);
-+ ret = grub_install_remove_efi_entries_by_distributor (efi_distributor);
-+ if (ret)
-+ return ret;
-
- char *efidir_part_str = xasprintf ("%d", efidir_part);
-
- if (!verbosity)
-- grub_util_exec ((const char * []){ "efibootmgr", "-q",
-+ ret = grub_util_exec ((const char * []){ "efibootmgr", "-q",
- "-c", "-d", efidir_disk,
- "-p", efidir_part_str, "-w",
- "-L", efi_distributor, "-l",
- efifile_path, NULL });
- else
-- grub_util_exec ((const char * []){ "efibootmgr",
-+ ret = grub_util_exec ((const char * []){ "efibootmgr",
- "-c", "-d", efidir_disk,
- "-p", efidir_part_str, "-w",
- "-L", efi_distributor, "-l",
- efifile_path, NULL });
- free (efidir_part_str);
-+ return ret;
- }
-
- void
-diff --git a/include/grub/util/install.h b/include/grub/util/install.h
-index 5910b0c..0dba8b6 100644
---- a/include/grub/util/install.h
-+++ b/include/grub/util/install.h
-@@ -210,7 +210,7 @@ grub_install_create_envblk_file (const char *name);
- const char *
- grub_install_get_default_x86_platform (void);
-
--void
-+int
- grub_install_register_efi (grub_device_t efidir_grub_dev,
- const char *efifile_path,
- const char *efi_distributor);
-diff --git a/util/grub-install.c b/util/grub-install.c
-index 5e4cdfd..690f180 100644
---- a/util/grub-install.c
-+++ b/util/grub-install.c
-@@ -1848,9 +1848,13 @@ main (int argc, char *argv[])
- if (!removable && update_nvram)
- {
- /* Try to make this image bootable using the EFI Boot Manager, if available. */
-- grub_install_register_efi (efidir_grub_dev,
-- "\\System\\Library\\CoreServices",
-- efi_distributor);
-+ int ret;
-+ ret = grub_install_register_efi (efidir_grub_dev,
-+ "\\System\\Library\\CoreServices",
-+ efi_distributor);
-+ if (ret)
-+ grub_util_error (_("efibootmgr failed to register the boot entry: %s"),
-+ strerror (ret));
- }
-
- grub_device_close (ins_dev);
-@@ -1871,6 +1875,7 @@ main (int argc, char *argv[])
- {
- char * efifile_path;
- char * part;
-+ int ret;
-
- /* Try to make this image bootable using the EFI Boot Manager, if available. */
- if (!efi_distributor || efi_distributor[0] == '\0')
-@@ -1887,7 +1892,10 @@ main (int argc, char *argv[])
- efidir_grub_dev->disk->name,
- (part ? ",": ""), (part ? : ""));
- grub_free (part);
-- grub_install_register_efi (efidir_grub_dev,
-- efifile_path, efi_distributor);
-+ ret = grub_install_register_efi (efidir_grub_dev,
-+ efifile_path, efi_distributor);
-+ if (ret)
-+ grub_util_error (_("efibootmgr failed to register the boot entry: %s"),
-+ strerror (ret));
- }
- break;
-
-
-Below is a followup to the patch above: the uninitialized variable could lead
-‘grub-install’ to error out when it shouldn’t (seen on an AArch64 box where
-‘grub_install_remove_efi_entries_by_distributor’ didn't have any entry to
-remove):
-
- grub-install: error: efibootmgr failed to register the boot entry: Unknown error 65535.
-
-See <http://lists.gnu.org/archive/html/bug-grub/2018-10/msg00006.html>.
-
---- grub-2.02/grub-core/osdep/unix/platform.c 2018-10-17 22:21:53.015284846 +0200
-+++ grub-2.02/grub-core/osdep/unix/platform.c 2018-10-17 22:21:55.595271222 +0200
-@@ -85,7 +85,7 @@ grub_install_remove_efi_entries_by_distr
- pid_t pid = grub_util_exec_pipe ((const char * []){ "efibootmgr", NULL }, &fd);
- char *line = NULL;
- size_t len = 0;
-- int rc;
-+ int rc = 0;
-
- if (!pid)
- {
diff --git a/gnu/packages/patches/grub-efi-fat-serial-number.patch b/gnu/packages/patches/grub-efi-fat-serial-number.patch
index ad92f9bc9e..aec37d68e2 100644
--- a/gnu/packages/patches/grub-efi-fat-serial-number.patch
+++ b/gnu/packages/patches/grub-efi-fat-serial-number.patch
@@ -4,22 +4,23 @@ serial number (instead of the randomly chosen one) to create EFI
images (the 'efi.img' file) that are reproducible bit-for-bit.
Patch by Ludovic Courtès <ludo@gnu.org>.
+Mangled (for GRUB 2.04) by Tobias Geerinckx-Rice <me@tobias.gr>.
---- grub-2.02/util/grub-mkrescue.c 2019-04-20 19:15:26.180242812 +0200
-+++ grub-2.02/util/grub-mkrescue.c 2019-04-20 21:56:34.672370849 +0200
-@@ -788,8 +788,15 @@ main (int argc, char *argv[])
+--- grub-2.04/util/grub-mkrescue.c 2019-05-20 13:01:11.000000000 +0200
++++ grub-2.04/util/grub-mkrescue.c 2019-07-08 23:57:36.912104652 +0200
+@@ -809,8 +809,15 @@
+ free (efidir_efi_boot);
efiimgfat = grub_util_path_concat (2, iso9660_dir, "efi.img");
- int rv;
- rv = grub_util_exec ((const char * []) { "mformat", "-C", "-f", "2880", "-L", "16", "-i",
- efiimgfat, "::", NULL });
+
+ const char *fat_serial_number = getenv ("GRUB_FAT_SERIAL_NUMBER");
+ const char *mformat_args[] =
-+ { "mformat", "-C", "-f", "2880", "-L", "16",
-+ fat_serial_number != NULL ? "-N" : "-C",
-+ fat_serial_number != NULL ? fat_serial_number : "-C",
-+ "-i", efiimgfat, "::", NULL };
++ { "mformat", "-C", "-f", "2880", "-L", "16",
++ fat_serial_number != NULL ? "-N" : "-C",
++ fat_serial_number != NULL ? fat_serial_number : "-C",
++ "-i", efiimgfat, "::", NULL };
+
+ rv = grub_util_exec (mformat_args);
if (rv != 0)
diff --git a/gnu/packages/patches/libexif-CVE-2018-20030.patch b/gnu/packages/patches/libexif-CVE-2018-20030.patch
new file mode 100644
index 0000000000..57e4746b58
--- /dev/null
+++ b/gnu/packages/patches/libexif-CVE-2018-20030.patch
@@ -0,0 +1,120 @@
+https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89.patch
+
+NEWS section was removed
+'12' -> '30' on line 79
+
+From 6aa11df549114ebda520dde4cdaea2f9357b2c89 Mon Sep 17 00:00:00 2001
+From: Dan Fandrich <dan@coneharvesters.com>
+Date: Fri, 12 Oct 2018 16:01:45 +0200
+Subject: [PATCH] Improve deep recursion detection in
+ exif_data_load_data_content.
+
+The existing detection was still vulnerable to pathological cases
+causing DoS by wasting CPU. The new algorithm takes the number of tags
+into account to make it harder to abuse by cases using shallow recursion
+but with a very large number of tags. This improves on commit 5d28011c
+which wasn't sufficient to counter this kind of case.
+
+The limitation in the previous fix was discovered by Laurent Delosieres,
+Secunia Research at Flexera (Secunia Advisory SA84652) and is assigned
+the identifier CVE-2018-20030.
+---
+ NEWS | 1 +
+ libexif/exif-data.c | 45 +++++++++++++++++++++++++++++++++++++--------
+ 2 files changed, 38 insertions(+), 8 deletions(-)
+
+diff --git a/libexif/exif-data.c b/libexif/exif-data.c
+index e35403d..a6f9c94 100644
+--- a/libexif/exif-data.c
++++ b/libexif/exif-data.c
+@@ -35,6 +35,7 @@
+ #include <libexif/olympus/exif-mnote-data-olympus.h>
+ #include <libexif/pentax/exif-mnote-data-pentax.h>
+
++#include <math.h>
+ #include <stdlib.h>
+ #include <stdio.h>
+ #include <string.h>
+@@ -350,6 +351,20 @@ if (data->ifd[(i)]->count) { \
+ break; \
+ }
+
++/*! Calculate the recursion cost added by one level of IFD loading.
++ *
++ * The work performed is related to the cost in the exponential relation
++ * work=1.1**cost
++ */
++static unsigned int
++level_cost(unsigned int n)
++{
++ static const double log_1_1 = 0.09531017980432493;
++
++ /* Adding 0.1 protects against the case where n==1 */
++ return ceil(log(n + 0.1)/log_1_1);
++}
++
+ /*! Load data for an IFD.
+ *
+ * \param[in,out] data #ExifData
+@@ -357,13 +372,13 @@ if (data->ifd[(i)]->count) { \
+ * \param[in] d pointer to buffer containing raw IFD data
+ * \param[in] ds size of raw data in buffer at \c d
+ * \param[in] offset offset into buffer at \c d at which IFD starts
+- * \param[in] recursion_depth number of times this function has been
+- * recursively called without returning
++ * \param[in] recursion_cost factor indicating how expensive this recursive
++ * call could be
+ */
+ static void
+ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
+ const unsigned char *d,
+- unsigned int ds, unsigned int offset, unsigned int recursion_depth)
++ unsigned int ds, unsigned int offset, unsigned int recursion_cost)
+ {
+ ExifLong o, thumbnail_offset = 0, thumbnail_length = 0;
+ ExifShort n;
+@@ -378,9 +393,20 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
+ if ((((int)ifd) < 0) || ( ((int)ifd) >= EXIF_IFD_COUNT))
+ return;
+
+- if (recursion_depth > 30) {
++ if (recursion_cost > 170) {
++ /*
++ * recursion_cost is a logarithmic-scale indicator of how expensive this
++ * recursive call might end up being. It is an indicator of the depth of
++ * recursion as well as the potential for worst-case future recursive
++ * calls. Since it's difficult to tell ahead of time how often recursion
++ * will occur, this assumes the worst by assuming every tag could end up
++ * causing recursion.
++ * The value of 170 was chosen to limit typical EXIF structures to a
++ * recursive depth of about 6, but pathological ones (those with very
++ * many tags) to only 2.
++ */
+ exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
+- "Deep recursion detected!");
++ "Deep/expensive recursion detected!");
+ return;
+ }
+
+@@ -422,15 +448,18 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
+ switch (tag) {
+ case EXIF_TAG_EXIF_IFD_POINTER:
+ CHECK_REC (EXIF_IFD_EXIF);
+- exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o, recursion_depth + 1);
++ exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o,
++ recursion_cost + level_cost(n));
+ break;
+ case EXIF_TAG_GPS_INFO_IFD_POINTER:
+ CHECK_REC (EXIF_IFD_GPS);
+- exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o, recursion_depth + 1);
++ exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o,
++ recursion_cost + level_cost(n));
+ break;
+ case EXIF_TAG_INTEROPERABILITY_IFD_POINTER:
+ CHECK_REC (EXIF_IFD_INTEROPERABILITY);
+- exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o, recursion_depth + 1);
++ exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o,
++ recursion_cost + level_cost(n));
+ break;
+ case EXIF_TAG_JPEG_INTERCHANGE_FORMAT:
+ thumbnail_offset = o;
diff --git a/gnu/packages/patches/plib-CVE-2011-4620.patch b/gnu/packages/patches/plib-CVE-2011-4620.patch
new file mode 100644
index 0000000000..c5a03bd0ca
--- /dev/null
+++ b/gnu/packages/patches/plib-CVE-2011-4620.patch
@@ -0,0 +1,13 @@
+https://sources.debian.org/data/main/p/plib/1.8.5-8/debian/patches/04_CVE-2011-4620.diff
+
+--- a/src/util/ulError.cxx
++++ b/src/util/ulError.cxx
+@@ -39,7 +39,7 @@
+ {
+ va_list argp;
+ va_start ( argp, fmt ) ;
+- vsprintf ( _ulErrorBuffer, fmt, argp ) ;
++ vsnprintf ( _ulErrorBuffer, sizeof(_ulErrorBuffer), fmt, argp ) ;
+ va_end ( argp ) ;
+
+ if ( _ulErrorCB )
diff --git a/gnu/packages/patches/plib-CVE-2012-4552.patch b/gnu/packages/patches/plib-CVE-2012-4552.patch
new file mode 100644
index 0000000000..7b697855d6
--- /dev/null
+++ b/gnu/packages/patches/plib-CVE-2012-4552.patch
@@ -0,0 +1,57 @@
+https://sources.debian.org/data/main/p/plib/1.8.5-8/debian/patches/05_CVE-2012-4552.diff
+
+diff -up plib-1.8.5/src/ssg/ssgParser.cxx~ plib-1.8.5/src/ssg/ssgParser.cxx
+--- plib-1.8.5/src/ssg/ssgParser.cxx~ 2008-03-11 03:06:23.000000000 +0100
++++ plib-1.8.5/src/ssg/ssgParser.cxx 2012-11-01 15:33:12.424483374 +0100
+@@ -57,18 +57,16 @@ void _ssgParser::error( const char *form
+ char msgbuff[ 255 ];
+ va_list argp;
+
+- char* msgptr = msgbuff;
+- if (linenum)
+- {
+- msgptr += sprintf ( msgptr,"%s, line %d: ",
+- path, linenum );
+- }
+-
+ va_start( argp, format );
+- vsprintf( msgptr, format, argp );
++ vsnprintf( msgbuff, sizeof(msgbuff), format, argp );
+ va_end( argp );
+
+- ulSetError ( UL_WARNING, "%s", msgbuff ) ;
++ if (linenum)
++ {
++ ulSetError ( UL_WARNING, "%s, line %d: %s", path, linenum, msgbuff ) ;
++ } else {
++ ulSetError ( UL_WARNING, "%s", msgbuff ) ;
++ }
+ }
+
+
+@@ -78,18 +76,16 @@ void _ssgParser::message( const char *fo
+ char msgbuff[ 255 ];
+ va_list argp;
+
+- char* msgptr = msgbuff;
+- if (linenum)
+- {
+- msgptr += sprintf ( msgptr,"%s, line %d: ",
+- path, linenum );
+- }
+-
+ va_start( argp, format );
+- vsprintf( msgptr, format, argp );
++ vsnprintf( msgbuff, sizeof(msgbuff), format, argp );
+ va_end( argp );
+
+- ulSetError ( UL_DEBUG, "%s", msgbuff ) ;
++ if (linenum)
++ {
++ ulSetError ( UL_DEBUG, "%s, line %d: %s", path, linenum, msgbuff ) ;
++ } else {
++ ulSetError ( UL_DEBUG, "%s", msgbuff ) ;
++ }
+ }
+
+ // Opens the file and does a few internal calculations based on the spec.
diff --git a/gnu/packages/patches/python-slugify-depend-on-unidecode.patch b/gnu/packages/patches/python-slugify-depend-on-unidecode.patch
new file mode 100644
index 0000000000..6038f432f1
--- /dev/null
+++ b/gnu/packages/patches/python-slugify-depend-on-unidecode.patch
@@ -0,0 +1,22 @@
+diff --git a/setup.py b/setup.py
+index 4800173..6bdd77f 100755
+--- a/setup.py
++++ b/setup.py
+@@ -14,8 +14,7 @@ url = 'https://github.com/un33k/python-slugify'
+ author = 'Val Neekman'
+ author_email = 'info@neekware.com'
+ license = 'MIT'
+-install_requires = ['text-unidecode==1.2']
+-extras_require = {'unidecode': ['Unidecode==1.0.23']}
++install_requires = ['Unidecode']
+
+ classifiers = [
+ 'Development Status :: 5 - Production/Stable',
+@@ -67,7 +66,6 @@ setup(
+ author_email=author_email,
+ packages=find_packages(exclude=EXCLUDE_FROM_PACKAGES),
+ install_requires=install_requires,
+- extras_require=extras_require,
+ classifiers=classifiers,
+ entry_points={'console_scripts': ['slugify=slugify.slugify:main']},
+ )