From f210f057a7eb3ce20a969858a26b247fb2a52247 Mon Sep 17 00:00:00 2001 From: 宋文武 Date: Mon, 20 Apr 2015 13:45:43 +0800 Subject: gnu: python-pycairo: Fix build with with python-3.4.3. * gnu/packages/patches/pycairo-wscript.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. * gnu/packages/gtk.scm (python-pycairo)[source]: Use it. [build-system]: Use waf-build-system. [native-inputs]: Add python-waf. [arguments]<#:phases>: Use 'modify-phases'. Add 'patch-waf phase. * gnu/packages/gtk.scm (python2-pycairo): Adjust accordingly. --- gnu-system.am | 1 + 1 file changed, 1 insertion(+) (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index b11706cb99..723d25116b 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -514,6 +514,7 @@ dist_patch_DATA = \ gnu/packages/patches/procps-make-3.82.patch \ gnu/packages/patches/pulseaudio-fix-mult-test.patch \ gnu/packages/patches/pulseaudio-longer-test-timeout.patch \ + gnu/packages/patches/pycairo-wscript.patch \ gnu/packages/patches/pybugz-encode-error.patch \ gnu/packages/patches/pybugz-stty.patch \ gnu/packages/patches/pyqt-configure.patch \ -- cgit v1.2.3 From 23d00fb0ed96a6d913c47cf36e249523bcba88d1 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Thu, 23 Apr 2015 20:31:05 -0400 Subject: gnu: wpa-supplicant: Add fix for CVE-2015-1863. * gnu/packages/patches/wpa-supplicant-CVE-2015-1863.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. * gnu/packages/admin.scm (wpa-supplicant): Add patch. --- gnu-system.am | 1 + gnu/packages/admin.scm | 4 ++- .../patches/wpa-supplicant-CVE-2015-1863.patch | 42 ++++++++++++++++++++++ 3 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/wpa-supplicant-CVE-2015-1863.patch (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index 723d25116b..13d06fb920 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -555,6 +555,7 @@ dist_patch_DATA = \ gnu/packages/patches/weex-vacopy.patch \ gnu/packages/patches/wicd-urwid-1.3.patch \ gnu/packages/patches/wmctrl-64-fix.patch \ + gnu/packages/patches/wpa-supplicant-CVE-2015-1863.patch \ gnu/packages/patches/xf86-video-ark-remove-mibstore.patch \ gnu/packages/patches/xf86-video-ast-remove-mibstore.patch \ gnu/packages/patches/xf86-video-geode-glibc-2.20.patch \ diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index 3a0361299e..ffaf6b4fc7 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -702,7 +702,9 @@ commands and their arguments.") ".tar.gz")) (sha256 (base32 - "0skvkl6c10ls4s48b2wmf47h9j1y40nlzxnzn8hyaw2j0prmpapa")))) + "0skvkl6c10ls4s48b2wmf47h9j1y40nlzxnzn8hyaw2j0prmpapa")) + (patches + (list (search-patch "wpa-supplicant-CVE-2015-1863.patch"))))) (build-system gnu-build-system) (arguments '(#:phases (alist-replace diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2015-1863.patch b/gnu/packages/patches/wpa-supplicant-CVE-2015-1863.patch new file mode 100644 index 0000000000..de1964ca76 --- /dev/null +++ b/gnu/packages/patches/wpa-supplicant-CVE-2015-1863.patch @@ -0,0 +1,42 @@ +From 9ed4eee345f85e3025c33c6e20aa25696e341ccd Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Tue, 7 Apr 2015 11:32:11 +0300 +Subject: [PATCH] P2P: Validate SSID element length before copying it + (CVE-2015-1863) + +This fixes a possible memcpy overflow for P2P dev->oper_ssid in +p2p_add_device(). The length provided by the peer device (0..255 bytes) +was used without proper bounds checking and that could have resulted in +arbitrary data of up to 223 bytes being written beyond the end of the +dev->oper_ssid[] array (of which about 150 bytes would be beyond the +heap allocation) when processing a corrupted management frame for P2P +peer discovery purposes. + +This could result in corrupted state in heap, unexpected program +behavior due to corrupted P2P peer device information, denial of service +due to process crash, exposure of memory contents during GO Negotiation, +and potentially arbitrary code execution. + +Thanks to Google security team for reporting this issue and smart +hardware research group of Alibaba security team for discovering it. + +Signed-off-by: Jouni Malinen +--- + src/p2p/p2p.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c +index f584fae..a45fe73 100644 +--- a/src/p2p/p2p.c ++++ b/src/p2p/p2p.c +@@ -778,6 +778,7 @@ int p2p_add_device(struct p2p_data *p2p, const u8 *addr, int freq, + if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0) + os_memcpy(dev->interface_addr, addr, ETH_ALEN); + if (msg.ssid && ++ msg.ssid[1] <= sizeof(dev->oper_ssid) && + (msg.ssid[1] != P2P_WILDCARD_SSID_LEN || + os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN) + != 0)) { +-- +1.9.1 + -- cgit v1.2.3 From 378b01dc09f50afa32dcb5c77cb6be56bfc419a3 Mon Sep 17 00:00:00 2001 From: David Thompson Date: Thu, 16 Apr 2015 03:23:52 -0400 Subject: gnu: Add gitolite. * gnu/packages/version-control.scm (gitolite): New variable. * gnu/packages/patches/gitolite-openssh-6.8-compat.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. --- gnu-system.am | 1 + .../patches/gitolite-openssh-6.8-compat.patch | 25 +++++++++ gnu/packages/version-control.scm | 60 ++++++++++++++++++++++ 3 files changed, 86 insertions(+) create mode 100644 gnu/packages/patches/gitolite-openssh-6.8-compat.patch (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index 13d06fb920..ae6b4e2bab 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -422,6 +422,7 @@ dist_patch_DATA = \ gnu/packages/patches/gcc-cross-environment-variables.patch \ gnu/packages/patches/geoclue-config.patch \ gnu/packages/patches/ghostscript-runpath.patch \ + gnu/packages/patches/gitolite-openssh-6.8-compat.patch \ gnu/packages/patches/glib-tests-desktop.patch \ gnu/packages/patches/glib-tests-homedir.patch \ gnu/packages/patches/glib-tests-prlimit.patch \ diff --git a/gnu/packages/patches/gitolite-openssh-6.8-compat.patch b/gnu/packages/patches/gitolite-openssh-6.8-compat.patch new file mode 100644 index 0000000000..d7fc2e6b12 --- /dev/null +++ b/gnu/packages/patches/gitolite-openssh-6.8-compat.patch @@ -0,0 +1,25 @@ +From ed807a40c6683960e357bc995b3acf721ec088b4 Mon Sep 17 00:00:00 2001 +From: Sitaram Chamarty +Date: Thu, 19 Mar 2015 05:17:59 +0530 +Subject: [PATCH] openssh 6.8 compat + +--- + src/triggers/post-compile/ssh-authkeys | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/triggers/post-compile/ssh-authkeys b/src/triggers/post-compile/ssh-authkeys +index 84dda73..d5f5d8b 100755 +--- a/src/triggers/post-compile/ssh-authkeys ++++ b/src/triggers/post-compile/ssh-authkeys +@@ -115,7 +115,7 @@ sub fp_file { + my $f = shift; + my $fp = `ssh-keygen -l -f '$f'`; + chomp($fp); +- _die "fingerprinting failed for '$f'" unless $fp =~ /([0-9a-f][0-9a-f](:[0-9a-f][0-9a-f])+)/; ++ _die "fingerprinting failed for '$f'" unless $fp =~ /([0-9a-f][0-9a-f](:[0-9a-f][0-9a-f])+)/ or $fp =~ m(SHA256:([A-ZA-z0-9+/]+)); + $fp = $1; + return $fp; + } +-- +2.2.1 + diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm index 2094ec0554..3cbd12f635 100644 --- a/gnu/packages/version-control.scm +++ b/gnu/packages/version-control.scm @@ -48,6 +48,7 @@ #:use-module (gnu packages nano) #:use-module (gnu packages ncurses) #:use-module (gnu packages openssl) + #:use-module (gnu packages ssh) #:use-module (gnu packages perl) #:use-module (gnu packages pkg-config) #:use-module (gnu packages python) @@ -401,6 +402,65 @@ linear. It will test every change between two points in the DAG. It will also walk each side of a merge and test those changes individually.") (license (x11-style "file://LICENSE"))))) +(define-public gitolite + (package + (name "gitolite") + (version "3.6.2") + (source (origin + (method url-fetch) + (uri (string-append + "https://github.com/sitaramc/gitolite/archive/v" + version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + ;; Commit ed807a4 upstream + (patches + (list (search-patch "gitolite-openssh-6.8-compat.patch"))) + (sha256 + (base32 + "1gsgzi9ayb4rablki3mqr11b0h8db4xg43df660marfpacmkfb01")))) + (build-system gnu-build-system) + (arguments + '(#:tests? #f ; no tests + #:phases (modify-phases %standard-phases + (delete 'configure) + (delete 'build) + (add-before 'install 'patch-scripts + (lambda* (#:key inputs #:allow-other-keys) + (let ((perl (string-append (assoc-ref inputs "perl") + "/bin/perl"))) + ;; This seems to take care of every shell script that + ;; invokes Perl. + (substitute* (find-files "." ".*") + ((" perl -") + (string-append " " perl " -")))))) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let* ((output (assoc-ref outputs "out")) + (sharedir (string-append output "/share/gitolite")) + (bindir (string-append output "/bin"))) + (mkdir-p sharedir) + (mkdir-p bindir) + (system* "./install" "-to" sharedir) + ;; Create symlinks for executable scripts in /bin. + (for-each (lambda (script) + (symlink (string-append sharedir "/" script) + (string-append bindir "/" script))) + '("gitolite" "gitolite-shell")) + #t)))))) + (inputs + `(("perl" ,perl))) + ;; git and openssh are propagated because trying to patch the source via + ;; regexp matching is too brittle and prone to false positives. + (propagated-inputs + `(("git" ,git) + ("openssh" ,openssh))) + (home-page "http://gitolite.com") + (synopsis "Git access control layer") + (description + "Gitolite is an access control layer on top of Git, providing fine access +control to Git repositories.") + (license gpl2))) + (define-public mercurial (package (name "mercurial") -- cgit v1.2.3