From a893dc2f484f89d9f0ba21d44bdac3b792872781 Mon Sep 17 00:00:00 2001 From: Fis Trivial Date: Sun, 21 Jan 2018 19:31:16 +0000 Subject: gnu: rct: Add missing headers, enable RTTI. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/patches/rct-add-missing-headers.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/cpp.scm (rct): Use the patch, enable RTTI. [source]: Use the patch to add missing headers from installation. [arguments]: Enable RTTI in configure-flags. Signed-off-by: Ludovic Courtès --- gnu/packages/patches/rct-add-missing-headers.patch | 43 ++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 gnu/packages/patches/rct-add-missing-headers.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/rct-add-missing-headers.patch b/gnu/packages/patches/rct-add-missing-headers.patch new file mode 100644 index 0000000000..4d133aa249 --- /dev/null +++ b/gnu/packages/patches/rct-add-missing-headers.patch @@ -0,0 +1,43 @@ +From: fis +Date: Sat, 20 Jan 2018 07:42:38 +0800 +Subject: [PATCH] rct.cmake: Add missing headers. + +--- + rct.cmake | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/rct.cmake b/rct.cmake +index 323e7b9..3e0ac6b 100644 +--- a/rct.cmake ++++ b/rct.cmake +@@ -339,7 +339,27 @@ if (NOT RCT_NO_INSTALL) + rct/Timer.h + rct/Value.h + rct/WriteLocker.h ++ rct/CpuUsage.h ++ rct/DataFile.h ++ rct/Date.h ++ rct/EmbeddedLinkedList.h ++ rct/FinishMessage.h ++ rct/Flags.h ++ rct/Hash.h ++ rct/LinkedList.h ++ rct/Map.h ++ rct/MemoryMappedFile.h ++ rct/OnDestruction.h ++ rct/QuitMessage.h ++ rct/ResponseMessage.h ++ rct/ScriptEngine.h ++ rct/StackBuffer.h ++ rct/WindowsUnicodeConversion.h + DESTINATION include/rct) + ++ install(FILES ++ json/json.hpp ++ DESTINATION include/rct/json) ++ + install(EXPORT "rct" DESTINATION lib/cmake) + endif () +-- +2.13.6 + -- cgit v1.2.3 From 457fc22dd3c406d77375eccbd889b15eddb50fba Mon Sep 17 00:00:00 2001 From: Fis Trivial Date: Sun, 21 Jan 2018 19:32:56 +0000 Subject: gnu: rtags: Fix the bundling issue. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/patches/rtags-separate-rct.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/code.scm (rtags): Dependencies no longer bundled. [source]: Use tarball release. Use the patch to link rct. Substitute corresponding headers. [native-inputs]: Add new dependencies. [inputs]: Likewise. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 1 + gnu/packages/code.scm | 53 +++++++++++++------- gnu/packages/patches/rtags-separate-rct.patch | 72 +++++++++++++++++++++++++++ 3 files changed, 108 insertions(+), 18 deletions(-) create mode 100644 gnu/packages/patches/rtags-separate-rct.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 65369bc609..7c2cffa511 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1067,6 +1067,7 @@ dist_patch_DATA = \ %D%/packages/patches/rsync-CVE-2017-17433-fix-tests.patch \ %D%/packages/patches/rsync-CVE-2017-17434-pt1.patch \ %D%/packages/patches/rsync-CVE-2017-17434-pt2.patch \ + %D%/packages/patches/rtags-separate-rct.patch \ %D%/packages/patches/ruby-concurrent-ignore-broken-test.patch \ %D%/packages/patches/ruby-concurrent-test-arm.patch \ %D%/packages/patches/ruby-rack-ignore-failing-test.patch \ diff --git a/gnu/packages/code.scm b/gnu/packages/code.scm index 042ea73a8c..a267688626 100644 --- a/gnu/packages/code.scm +++ b/gnu/packages/code.scm @@ -26,12 +26,13 @@ (define-module (gnu packages code) #:use-module (guix packages) #:use-module (guix download) - #:use-module (guix git-download) #:use-module ((guix licenses) #:prefix license:) #:use-module (guix build-system gnu) #:use-module (guix build-system cmake) + #:use-module (gnu packages) #:use-module (gnu packages base) #:use-module (gnu packages compression) + #:use-module (gnu packages cpp) #:use-module (gnu packages databases) #:use-module (gnu packages emacs) #:use-module (gnu packages gcc) @@ -43,6 +44,7 @@ #:use-module (gnu packages ncurses) #:use-module (gnu packages autotools) #:use-module (gnu packages llvm) + #:use-module (gnu packages lua) #:use-module (gnu packages bash)) ;;; Tools to deal with source code: metrics, cross-references, etc. @@ -393,28 +395,43 @@ functionality such as HTML output.") (name "rtags") (version "2.16") (home-page "https://github.com/Andersbakken/rtags") - (source (origin - (method git-fetch) - (uri (git-reference - (url home-page) - (commit "8ef7554852541eced514c56d5e39d6073f7a2ef9") - - ;; FIXME: This fetches bundled copies of Lua, RCT, and - ;; Selene. - (recursive? #t))) - (sha256 - (base32 - "12r7lsqdmcbs9864a6dpblvifqvmfxhvxippyhfnnm2ai5ra80nc")) - (file-name (git-file-name name version)))) + (source + (origin + (method url-fetch) + (uri + (string-append home-page "/archive/v" version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (patches (search-patches "rtags-separate-rct.patch")) + (modules '((guix build utils))) + (snippet + ;; Part of spliting rct with rtags. + ;; Substitute #include "rct/header.h" with #include . + '(with-directory-excursion "src" + (delete-file-recursively "rct") ;remove bundled copy + (let ((files (find-files "." ".*\\.cpp|.*\\.h"))) + (substitute* files + (("#include ?\"rct/(.*.h)\"" all header) + (string-append "#include ")))))) + (sha256 + (base32 + "17rkci3mmiw93qc32b9x76pg57b0lx80avr6wnmh190jx8n3v3wy")))) (build-system cmake-build-system) (arguments - '(#:configure-flags '("-DBUILD_TESTING=FALSE" - "-DRTAGS_NO_ELISP_FILES=1") + '(#:configure-flags + '("-DRTAGS_NO_ELISP_FILES=1" + "-DCMAKE_BUILD_TYPE=RelWithDebInfo" + "-DCMAKE_CXX_FLAGS=-std=c++11" + "-DBUILD_TESTING=FALSE") #:tests? #f)) + (native-inputs + `(("pkg-config" ,pkg-config))) (inputs - `(("clang" ,clang) + `(("bash-completion" ,bash-completion) + ("clang" ,clang) ("llvm" ,llvm) - ("bash-completion" ,bash-completion))) + ("lua" ,lua) + ("rct" ,rct) + ("selene" ,selene))) (synopsis "Indexer for the C language family with Emacs integration") (description "RTags is a client/server application that indexes C/C++ code and keeps a diff --git a/gnu/packages/patches/rtags-separate-rct.patch b/gnu/packages/patches/rtags-separate-rct.patch new file mode 100644 index 0000000000..533e28b02e --- /dev/null +++ b/gnu/packages/patches/rtags-separate-rct.patch @@ -0,0 +1,72 @@ +Unbundle RCT and use our own copy. + +--- rtags-2.16/src/CMakeLists.txt 2018-01-23 10:36:17.645855140 +0100 ++++ rtags-2.16/src/CMakeLists.txt 2018-01-23 10:38:14.605234740 +0100 +@@ -105,12 +105,6 @@ if (LUA_ENABLED) + CMAKE_ARGS -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=0 -DCMAKE_GENERATOR=${CMAKE_GENERATOR}) + endif () + +-set(RCT_RTTI_ENABLED 1) +-set(RCT_NO_INSTALL 1) +-set(RCT_NO_LIBRARY 1) +-# Everyting which as been set either in rct/rct.cmake or rct/compiler.cmake +-# doesn't need to be set in this file again. +-include(rct/rct.cmake) + + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wstrict-aliasing=2 -Wcast-qual -fPIC") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wstrict-aliasing=2 -Wcast-qual -fPIC") +@@ -128,8 +122,7 @@ add_definitions( + "-DRTAGS_SOURCE_DIR=${CMAKE_CURRENT_SOURCE_DIR}" + "-DCLANG_LIBDIR=${LIBCLANG_LIBDIR}" + "-DCLANG_VERSION=${LIBCLANG_VERSION_STRING}" +- "-DOS_${CMAKE_SYSTEM_NAME}" +- ${RCT_DEFINITIONS}) ++ "-DOS_${CMAKE_SYSTEM_NAME}") + + if (CMAKE_SYSTEM_NAME MATCHES "FreeBSD") + add_definitions(-D__LONG_LONG_SUPPORTED) +@@ -172,8 +165,7 @@ set(RTAGS_SOURCES + Symbol.cpp + SymbolInfoJob.cpp + Token.cpp +- TokensJob.cpp +- ${RCT_SOURCES}) ++ TokensJob.cpp) + + if (LUA_ENABLED) + list(APPEND RTAGS_SOURCES AST.cpp) +@@ -195,10 +187,10 @@ endif () + + include_directories( + ${CMAKE_CURRENT_LIST_DIR} +- ${RCT_INCLUDE_DIRS} + ${CMAKE_CURRENT_LIST_DIR}/selene/include + ${CMAKE_CURRENT_BINARY_DIR}/lua-prefix/src/lua-build +- ${CMAKE_CURRENT_LIST_DIR}/lua/src) ++ ${CMAKE_CURRENT_LIST_DIR}/lua/src ++ ${CMAKE_CURRENT_BINARY_DIR}/include) + + if (CMAKE_SYSTEM_NAME MATCHES "Darwin") + set(START_GROUP "") +@@ -223,17 +215,17 @@ else () + endif() + + # RCT_LIBRARIES and stdc++ library must be at the end +-set(RTAGS_LIBRARIES ${RTAGS_LIBRARIES} -lstdc++ ${RCT_LIBRARIES}) ++set(RTAGS_LIBRARIES ${RTAGS_LIBRARIES} -lstdc++) + add_executable(rc rc.cpp) +-target_link_libraries(rc ${RTAGS_LIBRARIES}) ++target_link_libraries(rc ${RTAGS_LIBRARIES} rct) + + add_executable(rdm rdm.cpp) +-target_link_libraries(rdm ${RTAGS_LIBRARIES}) ++target_link_libraries(rdm ${RTAGS_LIBRARIES} rct) + + set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${PROJECT_BINARY_DIR}/bin) + + add_executable(rp rp.cpp) +-target_link_libraries(rp ${RTAGS_LIBRARIES}) ++target_link_libraries(rp ${RTAGS_LIBRARIES} rct) + + if (CYGWIN) + EnsureLibraries(rdm rct) -- cgit v1.2.3 From c73a00a3763aef0045dd30c252d93ce4d12e76f8 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 19 Jan 2018 18:06:08 -0800 Subject: gnu: libsndfile: Fix CVE-2017-12562. * gnu/packages/patches/libsndfile-CVE-2017-12562.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/pulseaudio.scm (libsndfile)[replacement]: New field. (libsndfile/fixed): New variable. --- gnu/local.mk | 1 + .../patches/libsndfile-CVE-2017-12562.patch | 97 ++++++++++++++++++++++ gnu/packages/pulseaudio.scm | 10 +++ 3 files changed, 108 insertions(+) create mode 100644 gnu/packages/patches/libsndfile-CVE-2017-12562.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 7c2cffa511..b72c586e37 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -837,6 +837,7 @@ dist_patch_DATA = \ %D%/packages/patches/libsndfile-armhf-type-checks.patch \ %D%/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch \ %D%/packages/patches/libsndfile-CVE-2017-8362.patch \ + %D%/packages/patches/libsndfile-CVE-2017-12562.patch \ %D%/packages/patches/libssh-hostname-parser-bug.patch \ %D%/packages/patches/libssh2-fix-build-failure-with-gcrypt.patch \ %D%/packages/patches/libtar-CVE-2013-4420.patch \ diff --git a/gnu/packages/patches/libsndfile-CVE-2017-12562.patch b/gnu/packages/patches/libsndfile-CVE-2017-12562.patch new file mode 100644 index 0000000000..58cb242b10 --- /dev/null +++ b/gnu/packages/patches/libsndfile-CVE-2017-12562.patch @@ -0,0 +1,97 @@ +Fix CVE-2017-12562: + +https://github.com/erikd/libsndfile/issues/292 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12562 + +Patch copied from upstream source repository: + +https://github.com/erikd/libsndfile/commit/cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8 + +From cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=B6rn=20Heusipp?= +Date: Wed, 14 Jun 2017 12:25:40 +0200 +Subject: [PATCH] src/common.c: Fix heap buffer overflows when writing strings + in binheader + +Fixes the following problems: + 1. Case 's' only enlarges the buffer by 16 bytes instead of size bytes. + 2. psf_binheader_writef() enlarges the header buffer (if needed) prior to the + big switch statement by an amount (16 bytes) which is enough for all cases + where only a single value gets added. Cases 's', 'S', 'p' however + additionally write an arbitrary length block of data and again enlarge the + buffer to the required amount. However, the required space calculation does + not take into account the size of the length field which gets output before + the data. + 3. Buffer size requirement calculation in case 'S' does not account for the + padding byte ("size += (size & 1) ;" happens after the calculation which + uses "size"). + 4. Case 'S' can overrun the header buffer by 1 byte when no padding is + involved + ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ;" while + the buffer is only guaranteed to have "size" space available). + 5. "psf->header.ptr [psf->header.indx] = 0 ;" in case 'S' always writes 1 byte + beyond the space which is guaranteed to be allocated in the header buffer. + 6. Case 's' can overrun the provided source string by 1 byte if padding is + involved ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;" + where "size" is "strlen (strptr) + 1" (which includes the 0 terminator, + plus optionally another 1 which is padding and not guaranteed to be + readable via the source string pointer). + +Closes: https://github.com/erikd/libsndfile/issues/292 +--- + src/common.c | 15 +++++++-------- + 1 file changed, 7 insertions(+), 8 deletions(-) + +diff --git a/src/common.c b/src/common.c +index 1a6204ca..6b2a2ee9 100644 +--- a/src/common.c ++++ b/src/common.c +@@ -681,16 +681,16 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...) + /* Write a C string (guaranteed to have a zero terminator). */ + strptr = va_arg (argptr, char *) ; + size = strlen (strptr) + 1 ; +- size += (size & 1) ; + +- if (psf->header.indx + (sf_count_t) size >= psf->header.len && psf_bump_header_allocation (psf, 16)) ++ if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1))) + return count ; + + if (psf->rwf_endian == SF_ENDIAN_BIG) +- header_put_be_int (psf, size) ; ++ header_put_be_int (psf, size + (size & 1)) ; + else +- header_put_le_int (psf, size) ; ++ header_put_le_int (psf, size + (size & 1)) ; + memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ; ++ size += (size & 1) ; + psf->header.indx += size ; + psf->header.ptr [psf->header.indx - 1] = 0 ; + count += 4 + size ; +@@ -703,16 +703,15 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...) + */ + strptr = va_arg (argptr, char *) ; + size = strlen (strptr) ; +- if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size)) ++ if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1))) + return count ; + if (psf->rwf_endian == SF_ENDIAN_BIG) + header_put_be_int (psf, size) ; + else + header_put_le_int (psf, size) ; +- memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ; ++ memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + (size & 1)) ; + size += (size & 1) ; + psf->header.indx += size ; +- psf->header.ptr [psf->header.indx] = 0 ; + count += 4 + size ; + break ; + +@@ -724,7 +723,7 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...) + size = (size & 1) ? size : size + 1 ; + size = (size > 254) ? 254 : size ; + +- if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size)) ++ if (psf->header.indx + 1 + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, 1 + size)) + return count ; + + header_put_byte (psf, size) ; diff --git a/gnu/packages/pulseaudio.scm b/gnu/packages/pulseaudio.scm index ba288aa441..39f54437cb 100644 --- a/gnu/packages/pulseaudio.scm +++ b/gnu/packages/pulseaudio.scm @@ -47,6 +47,7 @@ (define-public libsndfile (package (name "libsndfile") + (replacement libsndfile/fixed) (version "1.0.28") (source (origin (method url-fetch) @@ -80,6 +81,15 @@ SPARC. Hopefully the design of the library will also make it easy to extend for reading and writing new sound file formats.") (license l:gpl2+))) +(define libsndfile/fixed + (package + (inherit libsndfile) + (source (origin + (inherit (package-source libsndfile)) + (patches (append + (origin-patches (package-source libsndfile)) + (search-patches "libsndfile-CVE-2017-12562.patch"))))))) + (define-public libsamplerate (package (name "libsamplerate") ; aka. Secret Rabbit Code (SRC) -- cgit v1.2.3