From f813750a4aa07797e0120babdd5efbe17f1d3911 Mon Sep 17 00:00:00 2001 From: Vagrant Cascadian Date: Thu, 11 Feb 2021 18:57:38 -0800 Subject: gnu: diffoscope: Update to 166. * gnu/packages/diffoscope.scm (diffoscope): Update to 166. [source]: Add patch to use magic.open compatibility interface. * gnu/packages/patches/diffoscope-revert-to-magic-open.patch: New file. * gnu/local.mk [dist_patch_DATA]: New patch. --- .../patches/diffoscope-revert-to-magic-open.patch | 70 ++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 gnu/packages/patches/diffoscope-revert-to-magic-open.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/diffoscope-revert-to-magic-open.patch b/gnu/packages/patches/diffoscope-revert-to-magic-open.patch new file mode 100644 index 0000000000..d52b26ead5 --- /dev/null +++ b/gnu/packages/patches/diffoscope-revert-to-magic-open.patch @@ -0,0 +1,70 @@ +From b658c3a6819ccb9a104b13e973132c66f0965965 Mon Sep 17 00:00:00 2001 +From: Vagrant Cascadian +Date: Thu, 11 Feb 2021 17:28:21 -0800 +Subject: [PATCH] Revert "Prefer to use magic.Magic over the magic.open + compatibility interface. (Closes: reproducible-builds/diffoscope#236)" + +This reverts commit c72c30f29ea3760eb4c785644dc7cd4c26833740. +--- + diffoscope/comparators/utils/file.py | 28 ++++++++++++++-------------- + 1 file changed, 14 insertions(+), 14 deletions(-) + +diff --git a/diffoscope/comparators/utils/file.py b/diffoscope/comparators/utils/file.py +index fb3b4316..32700f02 100644 +--- a/diffoscope/comparators/utils/file.py ++++ b/diffoscope/comparators/utils/file.py +@@ -65,37 +65,37 @@ def _run_tests(fold, tests): + + + class File(metaclass=abc.ABCMeta): +- if hasattr(magic, "Magic"): # use python-magic ++ if hasattr(magic, "open"): # use Magic-file-extensions from file + + @classmethod + def guess_file_type(cls, path): + if not hasattr(cls, "_mimedb"): +- cls._mimedb = magic.Magic() +- return maybe_decode(cls._mimedb.from_file(path)) ++ cls._mimedb = magic.open(magic.NONE) ++ cls._mimedb.load() ++ return cls._mimedb.file( ++ path.encode("utf-8", errors="surrogateescape") ++ ) + + @classmethod + def guess_encoding(cls, path): + if not hasattr(cls, "_mimedb_encoding"): +- cls._mimedb_encoding = magic.Magic(mime_encoding=True) +- return maybe_decode(cls._mimedb_encoding.from_file(path)) ++ cls._mimedb_encoding = magic.open(magic.MAGIC_MIME_ENCODING) ++ cls._mimedb_encoding.load() ++ return cls._mimedb_encoding.file(path) + +- else: # use Magic-file-extensions from file ++ else: # use python-magic + + @classmethod + def guess_file_type(cls, path): + if not hasattr(cls, "_mimedb"): +- cls._mimedb = magic.open(magic.NONE) +- cls._mimedb.load() +- return cls._mimedb.file( +- path.encode("utf-8", errors="surrogateescape") +- ) ++ cls._mimedb = magic.Magic() ++ return maybe_decode(cls._mimedb.from_file(path)) + + @classmethod + def guess_encoding(cls, path): + if not hasattr(cls, "_mimedb_encoding"): +- cls._mimedb_encoding = magic.open(magic.MAGIC_MIME_ENCODING) +- cls._mimedb_encoding.load() +- return cls._mimedb_encoding.file(path) ++ cls._mimedb_encoding = magic.Magic(mime_encoding=True) ++ return maybe_decode(cls._mimedb_encoding.from_file(path)) + + def __init__(self, container=None): + self._comments = [] +-- +2.30.0 + -- cgit v1.2.3 From d588cc8fa96e4a4bce56fac2ba3bbaaeaaed0047 Mon Sep 17 00:00:00 2001 From: Vagrant Cascadian Date: Fri, 12 Feb 2021 15:53:45 -0800 Subject: gnu: diffoscope: Update to use python-magic. Fixes: https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/238 * gnu/packages/patches/diffoscope-revert-to-magic-open.patch: Remove file. * gnu/local.mk [dist_patch_DATA]: Update. * gnu/packages/diffoscope.scm (diffoscope)[source]: Remove patch. [inputs]: Remove python-file. --- gnu/local.mk | 1 - gnu/packages/diffoscope.scm | 5 +- .../patches/diffoscope-revert-to-magic-open.patch | 70 ---------------------- 3 files changed, 1 insertion(+), 75 deletions(-) delete mode 100644 gnu/packages/patches/diffoscope-revert-to-magic-open.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 0625c6c5eb..ad6e02116e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -927,7 +927,6 @@ dist_patch_DATA = \ %D%/packages/patches/desmume-gcc6-fixes.patch \ %D%/packages/patches/desmume-gcc7-fixes.patch \ %D%/packages/patches/dfu-programmer-fix-libusb.patch \ - %D%/packages/patches/diffoscope-revert-to-magic-open.patch \ %D%/packages/patches/diffutils-gets-undeclared.patch \ %D%/packages/patches/dkimproxy-add-ipv6-support.patch \ %D%/packages/patches/docbook-xsl-nonrecursive-string-subst.patch \ diff --git a/gnu/packages/diffoscope.scm b/gnu/packages/diffoscope.scm index a31ac485c2..feb0324db2 100644 --- a/gnu/packages/diffoscope.scm +++ b/gnu/packages/diffoscope.scm @@ -81,9 +81,7 @@ (file-name (git-file-name name version)) (sha256 (base32 - "0vc4a38ii6b10af4c7cxfkvj4lk4ihx1xs4q5lshnkyg74gmm21b")) - (patches (search-patches - "diffoscope-revert-to-magic-open.patch")))) + "0vc4a38ii6b10af4c7cxfkvj4lk4ihx1xs4q5lshnkyg74gmm21b")))) (build-system python-build-system) (arguments `(#:phases (modify-phases %standard-phases @@ -137,7 +135,6 @@ (install-file "doc/diffoscope.1" man) #t)))))) (inputs `(("rpm" ,rpm) ;for rpm-python - ("python-file" ,python-file) ("python-debian" ,python-debian) ("python-libarchive-c" ,python-libarchive-c) ("python-magic" ,python-magic) diff --git a/gnu/packages/patches/diffoscope-revert-to-magic-open.patch b/gnu/packages/patches/diffoscope-revert-to-magic-open.patch deleted file mode 100644 index d52b26ead5..0000000000 --- a/gnu/packages/patches/diffoscope-revert-to-magic-open.patch +++ /dev/null @@ -1,70 +0,0 @@ -From b658c3a6819ccb9a104b13e973132c66f0965965 Mon Sep 17 00:00:00 2001 -From: Vagrant Cascadian -Date: Thu, 11 Feb 2021 17:28:21 -0800 -Subject: [PATCH] Revert "Prefer to use magic.Magic over the magic.open - compatibility interface. (Closes: reproducible-builds/diffoscope#236)" - -This reverts commit c72c30f29ea3760eb4c785644dc7cd4c26833740. ---- - diffoscope/comparators/utils/file.py | 28 ++++++++++++++-------------- - 1 file changed, 14 insertions(+), 14 deletions(-) - -diff --git a/diffoscope/comparators/utils/file.py b/diffoscope/comparators/utils/file.py -index fb3b4316..32700f02 100644 ---- a/diffoscope/comparators/utils/file.py -+++ b/diffoscope/comparators/utils/file.py -@@ -65,37 +65,37 @@ def _run_tests(fold, tests): - - - class File(metaclass=abc.ABCMeta): -- if hasattr(magic, "Magic"): # use python-magic -+ if hasattr(magic, "open"): # use Magic-file-extensions from file - - @classmethod - def guess_file_type(cls, path): - if not hasattr(cls, "_mimedb"): -- cls._mimedb = magic.Magic() -- return maybe_decode(cls._mimedb.from_file(path)) -+ cls._mimedb = magic.open(magic.NONE) -+ cls._mimedb.load() -+ return cls._mimedb.file( -+ path.encode("utf-8", errors="surrogateescape") -+ ) - - @classmethod - def guess_encoding(cls, path): - if not hasattr(cls, "_mimedb_encoding"): -- cls._mimedb_encoding = magic.Magic(mime_encoding=True) -- return maybe_decode(cls._mimedb_encoding.from_file(path)) -+ cls._mimedb_encoding = magic.open(magic.MAGIC_MIME_ENCODING) -+ cls._mimedb_encoding.load() -+ return cls._mimedb_encoding.file(path) - -- else: # use Magic-file-extensions from file -+ else: # use python-magic - - @classmethod - def guess_file_type(cls, path): - if not hasattr(cls, "_mimedb"): -- cls._mimedb = magic.open(magic.NONE) -- cls._mimedb.load() -- return cls._mimedb.file( -- path.encode("utf-8", errors="surrogateescape") -- ) -+ cls._mimedb = magic.Magic() -+ return maybe_decode(cls._mimedb.from_file(path)) - - @classmethod - def guess_encoding(cls, path): - if not hasattr(cls, "_mimedb_encoding"): -- cls._mimedb_encoding = magic.open(magic.MAGIC_MIME_ENCODING) -- cls._mimedb_encoding.load() -- return cls._mimedb_encoding.file(path) -+ cls._mimedb_encoding = magic.Magic(mime_encoding=True) -+ return maybe_decode(cls._mimedb_encoding.from_file(path)) - - def __init__(self, container=None): - self._comments = [] --- -2.30.0 - -- cgit v1.2.3 From 301d1bacc1f33ed5f2f546488c3a1dbc66cc3f4f Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Wed, 17 Feb 2021 16:06:12 +0200 Subject: gnu: ruby-rubocop: Update to 1.10.0. * gnu/packages/ruby.scm (ruby-rubocop): Update to 1.10.0. [source]: Remove patch. [arguments]: Remove custom 'remove-problematic-tests, 'disable-bundler, 'replace-git-ls-files phases. Add custom 'check phase. [native-inputs]: Add ruby-memory-profiler, ruby-rake, ruby-rubocop-minimal, ruby-rubocop-performance-minimal, ruby-rubocop-rspec-minimal, ruby-simplecov, ruby-stackprof. Replace ruby-webmock-2 with ruby-webmock. (ruby-rubocop-minimal, ruby-rubocop-performance-minimal, ruby-rubocop-rspec-minimal): New variables. * gnu/packages/patches/ruby-rubocop-break-dependency-cycle.patch: Remove file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - .../ruby-rubocop-break-dependency-cycle.patch | 101 --------------------- gnu/packages/ruby.scm | 78 ++++++++++------ 3 files changed, 49 insertions(+), 131 deletions(-) delete mode 100644 gnu/packages/patches/ruby-rubocop-break-dependency-cycle.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 250901f6d9..c3398c62fd 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1597,7 +1597,6 @@ dist_patch_DATA = \ %D%/packages/patches/rnp-disable-ruby-rnp-tests.patch \ %D%/packages/patches/rnp-unbundle-googletest.patch \ %D%/packages/patches/ruby-rack-ignore-failing-test.patch \ - %D%/packages/patches/ruby-rubocop-break-dependency-cycle.patch\ %D%/packages/patches/ruby-sanitize-system-libxml.patch \ %D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\ %D%/packages/patches/runc-CVE-2019-5736.patch \ diff --git a/gnu/packages/patches/ruby-rubocop-break-dependency-cycle.patch b/gnu/packages/patches/ruby-rubocop-break-dependency-cycle.patch deleted file mode 100644 index 035a98fa33..0000000000 --- a/gnu/packages/patches/ruby-rubocop-break-dependency-cycle.patch +++ /dev/null @@ -1,101 +0,0 @@ -From ff3f00b7f33332ebf1c3c05abc4a781684775b3c Mon Sep 17 00:00:00 2001 -From: Maxim Cournoyer -Date: Tue, 14 Jul 2020 11:50:12 -0400 -Subject: [PATCH] config: Drop rubocop-performance, rubocop-rspec requirements. - -This patch removes Rubocop extensions from Rubocop's closure to break -a dependency cycle with itself. - -* .rubocop.yml: Remove rubocop-performance and rubocop-rspec and their -corresponding directives. -* .rubocop_todo.yml: Likewise. ---- - .rubocop.yml | 15 --------------- - .rubocop_todo.yml | 44 -------------------------------------------- - 2 files changed, 59 deletions(-) - -diff --git a/.rubocop.yml b/.rubocop.yml -index 4f05d5be2..f12ef7c06 100644 ---- a/.rubocop.yml -+++ b/.rubocop.yml -@@ -3,8 +3,6 @@ - inherit_from: .rubocop_todo.yml - require: - - rubocop/cop/internal_affairs -- - rubocop-performance -- - rubocop-rspec - - AllCops: - NewCops: enable -@@ -106,16 +104,3 @@ Metrics/ClassLength: - Metrics/ModuleLength: - Exclude: - - 'spec/**/*.rb' -- --RSpec/FilePath: -- Exclude: -- - spec/rubocop/formatter/junit_formatter_spec.rb -- --RSpec/PredicateMatcher: -- EnforcedStyle: explicit -- --RSpec/MessageSpies: -- EnforcedStyle: receive -- --RSpec/NestedGroups: -- Max: 7 -diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml -index 3f72042d1..fa637cd42 100644 ---- a/.rubocop_todo.yml -+++ b/.rubocop_todo.yml -@@ -24,47 +24,3 @@ Metrics/MethodLength: - # Configuration parameters: CountComments. - Metrics/ModuleLength: - Max: 132 -- --# Offense count: 10 --RSpec/AnyInstance: -- Exclude: -- - 'spec/rubocop/cli_spec.rb' -- - 'spec/rubocop/cop/lint/duplicate_methods_spec.rb' -- - 'spec/rubocop/cop/team_spec.rb' -- - 'spec/rubocop/target_finder_spec.rb' -- --# Offense count: 981 --# Configuration parameters: Prefixes. --# Prefixes: when, with, without --RSpec/ContextWording: -- Enabled: false -- --# Offense count: 3810 --# Configuration parameters: Max. --RSpec/ExampleLength: -- Enabled: false -- --# Offense count: 38 --RSpec/ExpectOutput: -- Exclude: -- - 'spec/rubocop/cli/cli_auto_gen_config_spec.rb' -- - 'spec/rubocop/cli/cli_options_spec.rb' -- - 'spec/rubocop/config_spec.rb' -- - 'spec/rubocop/cop/cop_spec.rb' -- - 'spec/rubocop/formatter/disabled_config_formatter_spec.rb' -- - 'spec/rubocop/formatter/formatter_set_spec.rb' -- - 'spec/rubocop/options_spec.rb' -- - 'spec/rubocop/rake_task_spec.rb' -- - 'spec/rubocop/result_cache_spec.rb' -- - 'spec/rubocop/target_finder_spec.rb' -- --# Offense count: 434 --RSpec/MultipleExpectations: -- Max: 25 -- --# Offense count: 5 --RSpec/SubjectStub: -- Exclude: -- - 'spec/rubocop/config_spec.rb' -- - 'spec/rubocop/formatter/json_formatter_spec.rb' -- - 'spec/rubocop/formatter/progress_formatter_spec.rb' --- -2.27.0 - diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm index 58614a61ac..6c9583b3cf 100644 --- a/gnu/packages/ruby.scm +++ b/gnu/packages/ruby.scm @@ -1584,6 +1584,16 @@ enforcing & linting tool.") (home-page "https://github.com/rubocop-hq/rubocop-rspec") (license license:expat))) +(define-public ruby-rubocop-rspec-minimal + (hidden-package + (package + (inherit ruby-rubocop-rspec) + (arguments + (substitute-keyword-arguments (package-arguments ruby-rubocop-rspec) + ((#:tests? _ #f) #f))) + (propagated-inputs '()) + (native-inputs '())))) + (define-public ruby-rubocop-performance (package (name "ruby-rubocop-performance") @@ -1625,6 +1635,16 @@ for performance optimizations in Ruby code.") (home-page "https://docs.rubocop.org/rubocop-performance/") (license license:expat))) +(define-public ruby-rubocop-performance-minimal + (hidden-package + (package + (inherit ruby-rubocop-performance) + (arguments + (substitute-keyword-arguments (package-arguments ruby-rubocop-performance) + ((#:tests? _ #f) #f))) + (propagated-inputs '()) + (native-inputs '())))) + (define-public ruby-gimme (let ((revision "1") (commit "4e71f0236f1271871916dd403261d26533db34c0")) @@ -7270,7 +7290,7 @@ run.") (define-public ruby-rubocop (package (name "ruby-rubocop") - (version "0.88.0") + (version "1.10.0") (source (origin (method git-fetch) ;no tests in distributed gem @@ -7280,42 +7300,25 @@ run.") (file-name (git-file-name name version)) (sha256 (base32 - "1d06893jp8pd85fvgp5d16vqcf31bafi430v4f4y746ihyvhzz5r")) - (patches (search-patches "ruby-rubocop-break-dependency-cycle.patch")))) + "0wjw9vpzr4f3nf1zf010bag71w4hdi0haybdn7r5rlmw45pmim29")))) (build-system ruby-build-system) (arguments '(#:test-target "default" #:phases (modify-phases %standard-phases - (add-after 'unpack 'remove-problematic-tests - ;; These tests depend on Rubocop extensions, which cannot be - ;; included as they cause a dependency cycle with Rubocop itself. - (lambda _ - (delete-file "spec/rubocop/config_loader_spec.rb") - (substitute* "Gemfile" - ((".*'rubocop-performance'.*") "") - ((".*'rubocop-rspec'.*") "")) - ;; Prevent "Unnecessary disabling of RSpec/* (unknown cop)" - ;; errors. - (substitute* (find-files "spec/rubocop/cop/" "_spec\\.rb$") - (("# (rubocop:(enable|disable) RSpec.*)" _ what) - (string-append "# Disabled: " what))) - #t)) - (add-after 'unpack 'disable-bundler - (lambda _ - (substitute* "Rakefile" - (("Bundler\\.setup.*") "nil\n")) - #t)) - (replace 'replace-git-ls-files - (lambda _ - (substitute* "rubocop.gemspec" - (("`git ls-files(.*)`" _ files) - (format #f "`find ~a -type f| sort`" files))) - #t)) (add-before 'check 'set-home (lambda _ (setenv "HOME" (getcwd)) #t)) + ;; Rubocop depends on itself for tests, directly and indirectly. By + ;; regenerating the TODO list we test rubocop against itself and + ;; forgo adjusting the test suite to our environment each release. + (replace 'check + (lambda* (#:key tests? #:allow-other-keys) + (when tests? + (make-file-writable ".rubocop_todo.yml") + (invoke "./exe/rubocop" "--auto-gen-config")) + #t)) (add-before 'check 'make-adoc-files-writable (lambda _ (let ((adoc-files (find-files "docs/modules/ROOT/pages" @@ -7324,10 +7327,17 @@ run.") #t))))) (native-inputs `(("ruby-bump" ,ruby-bump) + ("ruby-memory-profiler" ,ruby-memory-profiler) ("ruby-pry" ,ruby-pry) + ("ruby-rake" ,ruby-rake) ("ruby-rspec" ,ruby-rspec) + ("ruby-rubocop-minimal" ,ruby-rubocop-minimal) + ("ruby-rubocop-performance-minimal" ,ruby-rubocop-performance-minimal) + ("ruby-rubocop-rspec-minimal" ,ruby-rubocop-rspec-minimal) + ("ruby-simplecov" ,ruby-simplecov) + ("ruby-stackprof" ,ruby-stackprof) ("ruby-test-queue" ,ruby-test-queue) - ("ruby-webmock" ,ruby-webmock-2) + ("ruby-webmock" ,ruby-webmock) ("ruby-yard" ,ruby-yard))) (propagated-inputs `(("ruby-parallel" ,ruby-parallel) @@ -7345,6 +7355,16 @@ the community-driven Ruby Style Guide.") (home-page "https://github.com/rubocop-hq/rubocop") (license license:expat))) +(define-public ruby-rubocop-minimal + (hidden-package + (package + (inherit ruby-rubocop) + (arguments + (substitute-keyword-arguments (package-arguments ruby-rubocop) + ((#:tests? _ #f) #f))) + (propagated-inputs '()) + (native-inputs '())))) + (define-public ruby-contest (package (name "ruby-contest") -- cgit v1.2.3 From f08c7cb0c75e7d5305c82d6a4af68ddf74fb08b1 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 19 Feb 2021 17:45:05 -0500 Subject: gnu: Python 3.9: Fix CVE-2021-3177. * gnu/packages/patches/python-3.9-CVE-2021-3177.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/python.scm (python-3.9)[source]: Use it. --- gnu/local.mk | 1 + .../patches/python-3.9-CVE-2021-3177.patch | 194 +++++++++++++++++++++ gnu/packages/python.scm | 3 +- 3 files changed, 197 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/python-3.9-CVE-2021-3177.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 0dd5fc2a29..5588cda2e1 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1527,6 +1527,7 @@ dist_patch_DATA = \ %D%/packages/patches/python-3-fix-tests.patch \ %D%/packages/patches/python-3.8-fix-tests.patch \ %D%/packages/patches/python-3.9-fix-tests.patch \ + %D%/packages/patches/python-3.9-CVE-2021-3177.patch \ %D%/packages/patches/python-CVE-2018-14647.patch \ %D%/packages/patches/python-CVE-2020-26116.patch \ %D%/packages/patches/python-aionotify-0.2.0-py3.8.patch \ diff --git a/gnu/packages/patches/python-3.9-CVE-2021-3177.patch b/gnu/packages/patches/python-3.9-CVE-2021-3177.patch new file mode 100644 index 0000000000..155f17deca --- /dev/null +++ b/gnu/packages/patches/python-3.9-CVE-2021-3177.patch @@ -0,0 +1,194 @@ +Fix CVE-2021-3177 for Python 3.9: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177 + +Patch copied from upstream source repository: + +https://github.com/python/cpython/commit/c347cbe694743cee120457aa6626712f7799a932 + +From c347cbe694743cee120457aa6626712f7799a932 Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Mon, 18 Jan 2021 13:29:31 -0800 +Subject: [PATCH] closes bpo-42938: Replace snprintf with Python unicode + formatting in ctypes param reprs. (GH-24247) + +(cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7) + +Co-authored-by: Benjamin Peterson + +Co-authored-by: Benjamin Peterson +--- + Lib/ctypes/test/test_parameters.py | 43 ++++++++++++++++ + .../2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst | 2 + + Modules/_ctypes/callproc.c | 51 +++++++------------ + 3 files changed, 64 insertions(+), 32 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst + +diff --git a/Lib/ctypes/test/test_parameters.py b/Lib/ctypes/test/test_parameters.py +index e4c25fd880cef..531894fdec838 100644 +--- a/Lib/ctypes/test/test_parameters.py ++++ b/Lib/ctypes/test/test_parameters.py +@@ -201,6 +201,49 @@ def __dict__(self): + with self.assertRaises(ZeroDivisionError): + WorseStruct().__setstate__({}, b'foo') + ++ def test_parameter_repr(self): ++ from ctypes import ( ++ c_bool, ++ c_char, ++ c_wchar, ++ c_byte, ++ c_ubyte, ++ c_short, ++ c_ushort, ++ c_int, ++ c_uint, ++ c_long, ++ c_ulong, ++ c_longlong, ++ c_ulonglong, ++ c_float, ++ c_double, ++ c_longdouble, ++ c_char_p, ++ c_wchar_p, ++ c_void_p, ++ ) ++ self.assertRegex(repr(c_bool.from_param(True)), r"^$") ++ self.assertEqual(repr(c_char.from_param(97)), "") ++ self.assertRegex(repr(c_wchar.from_param('a')), r"^$") ++ self.assertEqual(repr(c_byte.from_param(98)), "") ++ self.assertEqual(repr(c_ubyte.from_param(98)), "") ++ self.assertEqual(repr(c_short.from_param(511)), "") ++ self.assertEqual(repr(c_ushort.from_param(511)), "") ++ self.assertRegex(repr(c_int.from_param(20000)), r"^$") ++ self.assertRegex(repr(c_uint.from_param(20000)), r"^$") ++ self.assertRegex(repr(c_long.from_param(20000)), r"^$") ++ self.assertRegex(repr(c_ulong.from_param(20000)), r"^$") ++ self.assertRegex(repr(c_longlong.from_param(20000)), r"^$") ++ self.assertRegex(repr(c_ulonglong.from_param(20000)), r"^$") ++ self.assertEqual(repr(c_float.from_param(1.5)), "") ++ self.assertEqual(repr(c_double.from_param(1.5)), "") ++ self.assertEqual(repr(c_double.from_param(1e300)), "") ++ self.assertRegex(repr(c_longdouble.from_param(1.5)), r"^$") ++ self.assertRegex(repr(c_char_p.from_param(b'hihi')), "^$") ++ self.assertRegex(repr(c_wchar_p.from_param('hihi')), "^$") ++ self.assertRegex(repr(c_void_p.from_param(0x12)), r"^$") ++ + ################################################################ + + if __name__ == '__main__': +diff --git a/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst +new file mode 100644 +index 0000000000000..7df65a156feab +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst +@@ -0,0 +1,2 @@ ++Avoid static buffers when computing the repr of :class:`ctypes.c_double` and ++:class:`ctypes.c_longdouble` values. +diff --git a/Modules/_ctypes/callproc.c b/Modules/_ctypes/callproc.c +index b0a36a30248f7..f2506de54498e 100644 +--- a/Modules/_ctypes/callproc.c ++++ b/Modules/_ctypes/callproc.c +@@ -489,58 +489,47 @@ is_literal_char(unsigned char c) + static PyObject * + PyCArg_repr(PyCArgObject *self) + { +- char buffer[256]; + switch(self->tag) { + case 'b': + case 'B': +- sprintf(buffer, "", ++ return PyUnicode_FromFormat("", + self->tag, self->value.b); +- break; + case 'h': + case 'H': +- sprintf(buffer, "", ++ return PyUnicode_FromFormat("", + self->tag, self->value.h); +- break; + case 'i': + case 'I': +- sprintf(buffer, "", ++ return PyUnicode_FromFormat("", + self->tag, self->value.i); +- break; + case 'l': + case 'L': +- sprintf(buffer, "", ++ return PyUnicode_FromFormat("", + self->tag, self->value.l); +- break; + + case 'q': + case 'Q': +- sprintf(buffer, +-#ifdef MS_WIN32 +- "", +-#else +- "", +-#endif ++ return PyUnicode_FromFormat("", + self->tag, self->value.q); +- break; + case 'd': +- sprintf(buffer, "", +- self->tag, self->value.d); +- break; +- case 'f': +- sprintf(buffer, "", +- self->tag, self->value.f); +- break; +- ++ case 'f': { ++ PyObject *f = PyFloat_FromDouble((self->tag == 'f') ? self->value.f : self->value.d); ++ if (f == NULL) { ++ return NULL; ++ } ++ PyObject *result = PyUnicode_FromFormat("", self->tag, f); ++ Py_DECREF(f); ++ return result; ++ } + case 'c': + if (is_literal_char((unsigned char)self->value.c)) { +- sprintf(buffer, "", ++ return PyUnicode_FromFormat("", + self->tag, self->value.c); + } + else { +- sprintf(buffer, "", ++ return PyUnicode_FromFormat("", + self->tag, (unsigned char)self->value.c); + } +- break; + + /* Hm, are these 'z' and 'Z' codes useful at all? + Shouldn't they be replaced by the functionality of c_string +@@ -549,22 +538,20 @@ PyCArg_repr(PyCArgObject *self) + case 'z': + case 'Z': + case 'P': +- sprintf(buffer, "", ++ return PyUnicode_FromFormat("", + self->tag, self->value.p); + break; + + default: + if (is_literal_char((unsigned char)self->tag)) { +- sprintf(buffer, "", ++ return PyUnicode_FromFormat("", + (unsigned char)self->tag, (void *)self); + } + else { +- sprintf(buffer, "", ++ return PyUnicode_FromFormat("", + (unsigned char)self->tag, (void *)self); + } +- break; + } +- return PyUnicode_FromString(buffer); + } + + static PyMemberDef PyCArgType_members[] = { diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 27e9b70432..730c371fda 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -11,7 +11,7 @@ ;;; Copyright © 2015, 2016 Christopher Allan Webber ;;; Copyright © 2015 Eric Dvorsak ;;; Copyright © 2015, 2016 David Thompson -;;; Copyright © 2015, 2016, 2017 Leo Famulari +;;; Copyright © 2015, 2016, 2017, 2021 Leo Famulari ;;; Copyright © 2015, 2017 Ben Woodcroft ;;; Copyright © 2015, 2016 Erik Edrosa ;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020 Efraim Flashner @@ -531,6 +531,7 @@ data types.") version "/Python-" version ".tar.xz")) (patches (search-patches "python-3.9-fix-tests.patch" + "python-3.9-CVE-2021-3177.patch" "python-3-deterministic-build-info.patch" "python-3-search-paths.patch")) (sha256 -- cgit v1.2.3 From 51697aab42f3dea316b5b396ebd342b44b65193d Mon Sep 17 00:00:00 2001 From: Vincent Legoll Date: Fri, 19 Feb 2021 18:46:46 +0100 Subject: gnu: lrzip: Update to 0.640. * gnu/packages/compression.scm (lrzip): Update to 0.640. [source]: Remove obsolete patch 'lrzip-CVE-2017-8842.patch'. [inputs]: Add lz4. * gnu/packages/patches/lrzip-CVE-2017-8842.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. Signed-off-by: Leo Famulari --- gnu/local.mk | 1 - gnu/packages/compression.scm | 9 +++++---- gnu/packages/patches/lrzip-CVE-2017-8842.patch | 23 ----------------------- 3 files changed, 5 insertions(+), 28 deletions(-) delete mode 100644 gnu/packages/patches/lrzip-CVE-2017-8842.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 5588cda2e1..33da7b979a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1328,7 +1328,6 @@ dist_patch_DATA = \ %D%/packages/patches/llvm-9-fix-scev-miscompilation.patch \ %D%/packages/patches/lm-sensors-hwmon-attrs.patch \ %D%/packages/patches/lrcalc-includes.patch \ - %D%/packages/patches/lrzip-CVE-2017-8842.patch \ %D%/packages/patches/lsh-fix-x11-forwarding.patch \ %D%/packages/patches/lsof-fatal-test-failures.patch \ %D%/packages/patches/lua-CVE-2014-5461.patch \ diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index 89107141ec..1db8b093a3 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -31,6 +31,7 @@ ;;; Copyright © 2020 Guillaume Le Vaillant ;;; Copyright © 2020 Léo Le Bouter ;;; Copyright © 2021 Antoine Côté +;;; Copyright © 2021 Vincent Legoll ;;; ;;; This file is part of GNU Guix. ;;; @@ -1109,16 +1110,15 @@ human-readable output.") (define-public lrzip (package (name "lrzip") - (version "0.631") + (version "0.640") (source (origin (method url-fetch) (uri (string-append - "http://ck.kolivas.org/apps/lrzip/lrzip-" version ".tar.bz2")) + "http://ck.kolivas.org/apps/lrzip/lrzip-" version ".tar.xz")) (sha256 (base32 - "0mb449vmmwpkalq732jdyginvql57nxyd31sszb108yps1lf448d")) - (patches (search-patches "lrzip-CVE-2017-8842.patch")))) + "175466drfpz8rsfr0pzfn5rqrj3wmcmcs3i2sfmw366w2kbjm4j9")))) (build-system gnu-build-system) (native-inputs `(;; nasm is only required when building for 32-bit x86 platforms @@ -1129,6 +1129,7 @@ human-readable output.") ("perl" ,perl))) (inputs `(("bzip2" ,bzip2) + ("lz4" ,lz4) ("lzo" ,lzo) ("zlib" ,zlib))) (home-page "http://ck.kolivas.org/apps/lrzip/") diff --git a/gnu/packages/patches/lrzip-CVE-2017-8842.patch b/gnu/packages/patches/lrzip-CVE-2017-8842.patch deleted file mode 100644 index 89b4f2f5d9..0000000000 --- a/gnu/packages/patches/lrzip-CVE-2017-8842.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 38386bd482c0a8102a79958cb3eddcb97a167ca3 Mon Sep 17 00:00:00 2001 -From: Con Kolivas -Date: Fri, 9 Mar 2018 17:39:40 +1100 -Subject: [PATCH] CVE-2017-8842 Fix divide-by-zero in bufRead::get - ---- - libzpaq/libzpaq.h | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/libzpaq/libzpaq.h b/libzpaq/libzpaq.h -index 93387da..cbe211d 100644 ---- a/libzpaq/libzpaq.h -+++ b/libzpaq/libzpaq.h -@@ -465,7 +465,8 @@ struct bufRead: public libzpaq::Reader { - - int get() { - if (progress && !(*s_len % 128)) { -- int pct = (total_len - *s_len) * 100 / total_len; -+ int pct = (total_len > 0) ? -+ (total_len - *s_len) * 100 / total_len : 100; - - if (pct / 10 != *last_pct / 10) { - int i; -- cgit v1.2.3 From ae1f36f2a8b78dfac9ee1aaf7d9aa9f0e7ce8e51 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Sun, 21 Feb 2021 10:44:15 +0200 Subject: gnu: screen: Patch CVE-2021-26937. * gnu/packages/screen.scm (screen)[source]: Add patch. * gnu/packages/patches/screen-CVE-2021-26937.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/patches/screen-CVE-2021-26937.patch | 66 ++++++++++++++++++++++++ gnu/packages/screen.scm | 5 +- 3 files changed, 70 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/screen-CVE-2021-26937.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 33da7b979a..8191c6917a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1619,6 +1619,7 @@ dist_patch_DATA = \ %D%/packages/patches/scheme48-tests.patch \ %D%/packages/patches/scotch-build-parallelism.patch \ %D%/packages/patches/scotch-integer-declarations.patch \ + %D%/packages/patches/screen-CVE-2021-26937.patch \ %D%/packages/patches/screen-hurd-path-max.patch \ %D%/packages/patches/sdl-libx11-1.6.patch \ %D%/packages/patches/seed-webkit.patch \ diff --git a/gnu/packages/patches/screen-CVE-2021-26937.patch b/gnu/packages/patches/screen-CVE-2021-26937.patch new file mode 100644 index 0000000000..d87a54a83f --- /dev/null +++ b/gnu/packages/patches/screen-CVE-2021-26937.patch @@ -0,0 +1,66 @@ +https://salsa.debian.org/debian/screen/-/raw/debian/4.8.0-5/debian/patches/99_CVE-2021-26937.patch + +Description: [CVE-2021-26937] Fix out of bounds array access +Author: Michael Schröder +Bug-Debian: https://bugs.debian.org/982435 +Bug: https://savannah.gnu.org/bugs/?60030 +Bug: https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html +Bug-OSS-Security: https://www.openwall.com/lists/oss-security/2021/02/09/3 +Origin: https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00010.html + +--- a/encoding.c ++++ b/encoding.c +@@ -43,7 +43,7 @@ + # ifdef UTF8 + static int recode_char __P((int, int, int)); + static int recode_char_to_encoding __P((int, int)); +-static void comb_tofront __P((int, int)); ++static void comb_tofront __P((int)); + # ifdef DW_CHARS + static int recode_char_dw __P((int, int *, int, int)); + static int recode_char_dw_to_encoding __P((int, int *, int)); +@@ -1263,6 +1263,8 @@ + {0x30000, 0x3FFFD}, + }; + ++ if (c >= 0xdf00 && c <= 0xdfff) ++ return 1; /* dw combining sequence */ + return ((bisearch(c, wide, sizeof(wide) / sizeof(struct interval) - 1)) || + (cjkwidth && + bisearch(c, ambiguous, +@@ -1330,11 +1332,12 @@ + } + + static void +-comb_tofront(root, i) +-int root, i; ++comb_tofront(i) ++int i; + { + for (;;) + { ++ int root = i >= 0x700 ? 0x801 : 0x800; + debug1("bring to front: %x\n", i); + combchars[combchars[i]->prev]->next = combchars[i]->next; + combchars[combchars[i]->next]->prev = combchars[i]->prev; +@@ -1396,9 +1399,9 @@ + { + /* full, recycle old entry */ + if (c1 >= 0xd800 && c1 < 0xe000) +- comb_tofront(root, c1 - 0xd800); ++ comb_tofront(c1 - 0xd800); + i = combchars[root]->prev; +- if (c1 == i + 0xd800) ++ if (i == 0x800 || i == 0x801 || c1 == i + 0xd800) + { + /* completely full, can't recycle */ + debug("utf8_handle_comp: completely full!\n"); +@@ -1422,7 +1425,7 @@ + mc->font = (i >> 8) + 0xd8; + mc->fontx = 0; + debug3("combinig char %x %x -> %x\n", c1, c, i + 0xd800); +- comb_tofront(root, i); ++ comb_tofront(i); + } + + #else /* !UTF8 */ diff --git a/gnu/packages/screen.scm b/gnu/packages/screen.scm index 0491731e20..4426d9d562 100644 --- a/gnu/packages/screen.scm +++ b/gnu/packages/screen.scm @@ -2,7 +2,7 @@ ;;; Copyright © 2013 Cyril Roelandt ;;; Copyright © 2014 Mark H Weaver ;;; Copyright © 2015, 2017 Eric Bavier -;;; Copyright © 2016, 2017, 2019, 2020 Efraim Flashner +;;; Copyright © 2016, 2017, 2019, 2020, 2021 Efraim Flashner ;;; Copyright © 2016 Alex Griffin ;;; Copyright © 2017 Mathieu Othacehe ;;; Copyright © 2017, 2018, 2019, 2020 Tobias Geerinckx-Rice @@ -44,7 +44,8 @@ (method url-fetch) (uri (string-append "mirror://gnu/screen/screen-" version ".tar.gz")) - (patches (search-patches "screen-hurd-path-max.patch")) + (patches (search-patches "screen-hurd-path-max.patch" + "screen-CVE-2021-26937.patch")) (sha256 (base32 "18ascpjzsy70h6hk7wpg8zmzjwgdyrdr7c6z4pg5z4l9hhyv24bf")))) (build-system gnu-build-system) -- cgit v1.2.3 From 0c6f1b1a6d78f1a59c030378a25d0346333bd40b Mon Sep 17 00:00:00 2001 From: Nicolas Goaziou Date: Sun, 21 Feb 2021 10:35:43 +0100 Subject: gnu: exiv2-0.26: Remove variable. * gnu/packages/image.scm (exiv2-0.26): Remove variable. * gnu/packages/patches/exiv2-CVE-2017-14859-14862-14864.patch: * gnu/packages/patches/exiv2-CVE-2017-14860.patch: Remove files. * gnu/local.mk (dist_patch_DATA): Apply removal. --- gnu/local.mk | 2 - gnu/packages/image.scm | 28 --------- .../patches/exiv2-CVE-2017-14859-14862-14864.patch | 66 ---------------------- gnu/packages/patches/exiv2-CVE-2017-14860.patch | 48 ---------------- 4 files changed, 144 deletions(-) delete mode 100644 gnu/packages/patches/exiv2-CVE-2017-14859-14862-14864.patch delete mode 100644 gnu/packages/patches/exiv2-CVE-2017-14860.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 8191c6917a..95d5835fa4 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -972,8 +972,6 @@ dist_patch_DATA = \ %D%/packages/patches/evolution-data-server-locales.patch \ %D%/packages/patches/evolution-data-server-libical-compat.patch \ %D%/packages/patches/exercism-disable-self-update.patch \ - %D%/packages/patches/exiv2-CVE-2017-14860.patch \ - %D%/packages/patches/exiv2-CVE-2017-14859-14862-14864.patch \ %D%/packages/patches/extempore-unbundle-external-dependencies.patch \ %D%/packages/patches/extundelete-e2fsprogs-1.44.patch \ %D%/packages/patches/farstream-make.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 68221afff1..2d83313d9e 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -1352,34 +1352,6 @@ and XMP metadata of images in various formats.") ;; . (license license:gpl2+))) -(define-public exiv2-0.26 - (package - (inherit exiv2) - (version "0.26") - (source (origin - (method url-fetch) - (uri (list (string-append "https://www.exiv2.org/builds/exiv2-" - version "-trunk.tar.gz") - (string-append "https://www.exiv2.org/exiv2-" - version ".tar.gz") - (string-append "https://fossies.org/linux/misc/exiv2-" - version ".tar.gz"))) - (patches (search-patches "exiv2-CVE-2017-14860.patch" - "exiv2-CVE-2017-14859-14862-14864.patch")) - (sha256 - (base32 - "1yza317qxd8yshvqnay164imm0ks7cvij8y8j86p1gqi1153qpn7")))) - (build-system gnu-build-system) - (arguments '(#:tests? #f)) ; no `check' target - (propagated-inputs - `(("expat" ,expat) - ("zlib" ,zlib))) - (native-inputs - `(("intltool" ,intltool))) - - ;; People should rely on the newer version, so don't expose it. - (properties `((hidden? . #t))))) - (define-public devil (package (name "devil") diff --git a/gnu/packages/patches/exiv2-CVE-2017-14859-14862-14864.patch b/gnu/packages/patches/exiv2-CVE-2017-14859-14862-14864.patch deleted file mode 100644 index 69e65aeb6b..0000000000 --- a/gnu/packages/patches/exiv2-CVE-2017-14859-14862-14864.patch +++ /dev/null @@ -1,66 +0,0 @@ -Fix CVE-2017-14859, CVE-2017-14862 and CVE-2017-14864. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14859 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14862 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14864 - -Copied from upstream: - -https://github.com/Exiv2/exiv2/commit/8a586c74bbe3fbca64e86e42a42282c73f427607 - -From 8a586c74bbe3fbca64e86e42a42282c73f427607 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= -Date: Sat, 7 Oct 2017 23:08:36 +0200 -Subject: [PATCH] Fix for CVE-2017-14864, CVE-2017-14862 and CVE-2017-14859 - -The invalid memory dereference in -Exiv2::getULong()/Exiv2::StringValueBase::read()/Exiv2::DataValue::read() -is caused further up the call-stack, by -v->read(pData, size, byteOrder) in TiffReader::readTiffEntry() -passing an invalid pData pointer (pData points outside of the Tiff -file). pData can be set out of bounds in the (size > 4) branch where -baseOffset() and offset are added to pData_ without checking whether -the result is still in the file. As offset comes from an untrusted -source, an attacker can craft an arbitrarily large offset into the -file. - -This commit adds a check into the problematic branch, whether the -result of the addition would be out of bounds of the Tiff -file. Furthermore the whole operation is checked for possible -overflows. ---- - src/tiffvisitor.cpp | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - -diff --git a/src/tiffvisitor.cpp b/src/tiffvisitor.cpp -index 4ab733d4..ef13542e 100644 ---- a/src/tiffvisitor.cpp -+++ b/src/tiffvisitor.cpp -@@ -47,6 +47,7 @@ EXIV2_RCSID("@(#) $Id$") - #include - #include - #include -+#include - - // ***************************************************************************** - namespace { -@@ -1517,7 +1518,19 @@ namespace Exiv2 { - size = 0; - } - if (size > 4) { -+ // setting pData to pData_ + baseOffset() + offset can result in pData pointing to invalid memory, -+ // as offset can be arbitrarily large -+ if ((static_cast(baseOffset()) > std::numeric_limits::max() - static_cast(offset)) -+ || (static_cast(baseOffset() + offset) > std::numeric_limits::max() - reinterpret_cast(pData_))) -+ { -+ throw Error(59); -+ } -+ if (pData_ + static_cast(baseOffset()) + static_cast(offset) > pLast_) { -+ throw Error(58); -+ } - pData = const_cast(pData_) + baseOffset() + offset; -+ -+ // check for size being invalid - if (size > static_cast(pLast_ - pData)) { - #ifndef SUPPRESS_WARNINGS - EXV_ERROR << "Upper boundary of data for " diff --git a/gnu/packages/patches/exiv2-CVE-2017-14860.patch b/gnu/packages/patches/exiv2-CVE-2017-14860.patch deleted file mode 100644 index 43e6076b71..0000000000 --- a/gnu/packages/patches/exiv2-CVE-2017-14860.patch +++ /dev/null @@ -1,48 +0,0 @@ -Fix CVE-2017-14860. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14860 -https://nvd.nist.gov/vuln/detail/CVE-2017-14860 - -Copied from upstream: - -https://github.com/Exiv2/exiv2/commit/ff18fec24b119579df26fd2ebb8bb012cde102ce - -From ff18fec24b119579df26fd2ebb8bb012cde102ce Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= -Date: Fri, 6 Oct 2017 23:09:08 +0200 -Subject: [PATCH] Fix for CVE-2017-14860 - -A heap buffer overflow could occur in memcpy when icc.size_ is larger -than data.size_ - pad, as then memcpy would read out of bounds of data. - -This commit adds a sanity check to iccLength (= icc.size_): if it is -larger than data.size_ - pad (i.e. an overflow would be caused) an -exception is thrown. - -This fixes #71. ---- - src/jp2image.cpp | 9 +++++++-- - 1 file changed, 7 insertions(+), 2 deletions(-) - -diff --git a/src/jp2image.cpp b/src/jp2image.cpp -index 747145cf..748d39b5 100644 ---- a/src/jp2image.cpp -+++ b/src/jp2image.cpp -@@ -269,10 +269,15 @@ namespace Exiv2 - std::cout << "Exiv2::Jp2Image::readMetadata: " - << "Color data found" << std::endl; - #endif -- long pad = 3 ; // 3 padding bytes 2 0 0 -+ const long pad = 3 ; // 3 padding bytes 2 0 0 - DataBuf data(subBox.length+8); - io_->read(data.pData_,data.size_); -- long iccLength = getULong(data.pData_+pad, bigEndian); -+ const long iccLength = getULong(data.pData_+pad, bigEndian); -+ // subtracting pad from data.size_ is safe: -+ // size_ is at least 8 and pad = 3 -+ if (iccLength > data.size_ - pad) { -+ throw Error(58); -+ } - DataBuf icc(iccLength); - ::memcpy(icc.pData_,data.pData_+pad,icc.size_); - #ifdef DEBUG -- cgit v1.2.3 From ebd8e447e99c4847bc5cdb5738ac5413a7278ba2 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Tue, 23 Feb 2021 15:15:02 +0200 Subject: gnu: ruby-tzinfo-data: Update to 1.2021.1. * gnu/packages/ruby.scm (ruby-tzinfo-data): Update to 1.2021.1. [source]: Remove patch. [arguments]: Add custom 'patch-source, 'pre-check phases. [native-inputs]: Add IANA timezone data files. * gnu/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch: Remove file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - .../ruby-tzinfo-data-ignore-broken-test.patch | 13 ----- gnu/packages/ruby.scm | 61 +++++++++++++++++++--- 3 files changed, 54 insertions(+), 21 deletions(-) delete mode 100644 gnu/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index b8bccc1b7c..3591295f0c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1598,7 +1598,6 @@ dist_patch_DATA = \ %D%/packages/patches/rnp-unbundle-googletest.patch \ %D%/packages/patches/ruby-rack-ignore-failing-test.patch \ %D%/packages/patches/ruby-sanitize-system-libxml.patch \ - %D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\ %D%/packages/patches/runc-CVE-2019-5736.patch \ %D%/packages/patches/rust-1.19-mrustc.patch \ %D%/packages/patches/rust-1.25-accept-more-detailed-gdb-lines.patch \ diff --git a/gnu/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch b/gnu/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch deleted file mode 100644 index 5d1f04b994..0000000000 --- a/gnu/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/test/tc_definitions.rb b/test/tc_definitions.rb -index 7b20a3d..75b9798 100644 ---- a/test/tc_definitions.rb -+++ b/test/tc_definitions.rb -@@ -58,7 +58,7 @@ class TCDefinitions < Minitest::Test - identifier = $3.to_sym - is_dst = $4 == '1' - -- if utc && local -+ if utc && local && !line.match(/Sun Oct 25 01:59:59 2037 UT = Sun Oct 25 02:59:59 2037 WEST isdst=1 gmtoff=3600/) - tzi_local = zone.utc_to_local(utc) - tzi_period = zone.period_for_utc(utc) - tzi_identifier = tzi_period.zone_identifier diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm index dc38171176..bd25bd5373 100644 --- a/gnu/packages/ruby.scm +++ b/gnu/packages/ruby.scm @@ -78,6 +78,7 @@ #:use-module (guix packages) #:use-module (guix download) #:use-module (guix git-download) + #:use-module (guix gexp) #:use-module (guix utils) #:use-module (guix build-system gnu) #:use-module (gnu packages xml) @@ -5817,7 +5818,7 @@ aware transformations between times in different time zones.") (define-public ruby-tzinfo-data (package (name "ruby-tzinfo-data") - (version "1.2017.3") + (version "1.2021.1") (source (origin (method git-fetch) @@ -5829,15 +5830,61 @@ aware transformations between times in different time zones.") (file-name (git-file-name name version)) (sha256 (base32 - "0v3phl5l3jrm6waxcszqmj2dkjhqawxfsxb6mss7vkp1hlckqcdp")) - ;; Remove the known test failure. - ;; https://github.com/tzinfo/tzinfo-data/issues/10 - ;; https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1587128 - (patches (search-patches - "ruby-tzinfo-data-ignore-broken-test.patch")))) + "0yzyr3rf8qaw6kxfc0gwpxsb7gl3rhfpx9g1c2z15vapyminhi60")))) (build-system ruby-build-system) + (arguments + `(#:phases + (modify-phases %standard-phases + (add-after 'unpack 'patch-source + (lambda* (#:key inputs #:allow-other-keys) + (substitute* "Rakefile" + (("https://data.iana.org/time-zones/releases") + (assoc-ref inputs "tzdata"))) + #t)) + (add-before 'check 'pre-check + (lambda _ + (setenv "HOME" (getcwd)) + (substitute* "Rakefile" + ;; Don't need gpg, and it may break after a time. + (("gpg ") "echo ") + ((" sh\\(\\\"make -C" text) + (string-append " sh(\"sed -i 's@/bin/sh@sh@' #{tzdb_combined_path}/Makefile \")\n" + " sh(\"sed -i 's@cc=@cc?=@' #{tzdb_combined_path}/Makefile \")\n" text))) + (setenv "cc" ,(cc-for-target)) + #t))))) (propagated-inputs `(("ruby-tzinfo" ,ruby-tzinfo))) + (native-inputs + `(("tzdata" + ,(file-union "tzdata-for-ruby-tzdata-info" + `(("tzdata2021a.tar.gz" + ,(origin + (method url-fetch) + (uri "https://data.iana.org/time-zones/releases/tzdata2021a.tar.gz") + (sha256 + (base32 + "022fn6gkmp7pamlgab04x0dm5hnyn2m2fcnyr3pvm36612xd5rrr")))) + ("tzdata2021a.tar.gz.asc" + ,(origin + (method url-fetch) + (uri "https://data.iana.org/time-zones/releases/tzdata2021a.tar.gz.asc") + (sha256 + (base32 + "0n7h2w8ji1lrxpk0d44wyfshlhr7c9jmwj6lqbxlyvqnfi3gbicx")))) + ("tzcode2021a.tar.gz" + ,(origin + (method url-fetch) + (uri "https://data.iana.org/time-zones/releases/tzcode2021a.tar.gz") + (sha256 + (base32 + "1l02b0jiwp3fl0xd6227i69d26rmx3yrnq0ssq9vvdmm4jhvyipb")))) + ("tzcode2021a.tar.gz.asc" + ,(origin + (method url-fetch) + (uri "https://data.iana.org/time-zones/releases/tzcode2021a.tar.gz.asc") + (sha256 + (base32 + "1qhlj4lr810s47s1lwcvv1sgvg2sflf98w4sbg1lc8wzv5qxxv7g"))))))))) (synopsis "Data from the IANA Time Zone database") (description "This library provides @code{TZInfo::Data}, which contains data from the -- cgit v1.2.3 From c2fdc528dde477c74a59954b925b69c12a3f208c Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Tue, 23 Feb 2021 15:29:13 +0200 Subject: gnu: ruby-rack: Update to 2.2.3. * gnu/packages/ruby.scm (ruby-rack): Update to 2.2.3. [source]: Remove patch. Add snippet. [arguments]: Adjust custom 'fix-tests phase. Remove 'make-files-writable phase. [native-inputs]: Remove ruby-minitest-sprint, which. Add ruby-minitest-global-expectations. [propagated-inputs]: Remove ruby-concurrent. * gnu/packages/patches/ruby-rack-ignore-failing-test.patch: Remove file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - .../patches/ruby-rack-ignore-failing-test.patch | 13 --------- gnu/packages/ruby.scm | 34 +++++++++------------- 3 files changed, 13 insertions(+), 35 deletions(-) delete mode 100644 gnu/packages/patches/ruby-rack-ignore-failing-test.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 3591295f0c..a9294047eb 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1596,7 +1596,6 @@ dist_patch_DATA = \ %D%/packages/patches/rnp-add-version.cmake.patch \ %D%/packages/patches/rnp-disable-ruby-rnp-tests.patch \ %D%/packages/patches/rnp-unbundle-googletest.patch \ - %D%/packages/patches/ruby-rack-ignore-failing-test.patch \ %D%/packages/patches/ruby-sanitize-system-libxml.patch \ %D%/packages/patches/runc-CVE-2019-5736.patch \ %D%/packages/patches/rust-1.19-mrustc.patch \ diff --git a/gnu/packages/patches/ruby-rack-ignore-failing-test.patch b/gnu/packages/patches/ruby-rack-ignore-failing-test.patch deleted file mode 100644 index f50d68c9c4..0000000000 --- a/gnu/packages/patches/ruby-rack-ignore-failing-test.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/test/spec_server.rb b/test/spec_server.rb -index a3690bc..16c9536 100644 ---- a/test/spec_server.rb -+++ b/test/spec_server.rb -@@ -161,7 +161,7 @@ describe Rack::Server do - it "check pid file presence and not owned process" do - pidfile = Tempfile.open('pidfile') { |f| f.write(1); break f }.path - server = Rack::Server.new(:pid => pidfile) -- server.send(:pidfile_process_status).must_equal :not_owned -+ #server.send(:pidfile_process_status).must_equal :not_owned - end - - it "not write pid file when it is created after check" do diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm index 1a86862ebd..8f3166ff31 100644 --- a/gnu/packages/ruby.scm +++ b/gnu/packages/ruby.scm @@ -45,7 +45,6 @@ (define-module (gnu packages ruby) #:use-module ((guix licenses) #:prefix license:) #:use-module (gnu packages) - #:use-module (gnu packages base) #:use-module (gnu packages bison) #:use-module (gnu packages c) #:use-module (gnu packages check) @@ -6890,21 +6889,25 @@ generates Ruby program.") (define-public ruby-rack (package (name "ruby-rack") - (version "2.0.6") + (version "2.2.3") (source (origin (method git-fetch) - ;; Download from GitHub so that the patch can be applied. + ;; Download from GitHub so that the snippet can be applied and tests run. (uri (git-reference (url "https://github.com/rack/rack") (commit version))) (file-name (git-file-name name version)) (sha256 (base32 - "1n7z4g1x6yxip096cdc04wq7yk7ywpinq28g2xjb46r4nlv5h0j6")) + "1qrm5z5v586738bnkr9188dvz0s25nryw6sgvx18jjlkizayw1g4")) ;; Ignore test which fails inside the build environment but works ;; outside. - (patches (search-patches "ruby-rack-ignore-failing-test.patch")))) + (modules '((guix build utils))) + (snippet + '(begin (substitute* "test/spec_files.rb" + (("res.body.must_equal expected_body") "")) + #t)))) (build-system ruby-build-system) (arguments '(#:phases @@ -6918,30 +6921,19 @@ generates Ruby program.") ;; "/gnu/store". (let ((size-diff (- (string-length (which "ruby")) (string-length "/usr/bin/env ruby")))) - (substitute* '("test/spec_file.rb") - (("193") - (number->string (+ 193 size-diff))) + (substitute* '("test/spec_files.rb") + (("208" bytes) + (number->string (+ (string->number bytes) size-diff))) (("bytes(.)22-33" all delimiter) (string-append "bytes" delimiter (number->string (+ 22 size-diff)) "-" (number->string (+ 33 size-diff)))))) - #t)) - (add-before 'reset-gzip-timestamps 'make-files-writable - (lambda* (#:key outputs #:allow-other-keys) - ;; Make sure .gz files are writable so that the - ;; 'reset-gzip-timestamps' phase can do its work. - (let ((out (assoc-ref outputs "out"))) - (for-each make-file-writable - (find-files out "\\.gz$")) - #t)))))) + #t))))) (native-inputs `(("ruby-minitest" ,ruby-minitest) - ("ruby-minitest-sprint" ,ruby-minitest-sprint) - ("which" ,which))) - (propagated-inputs - `(("ruby-concurrent" ,ruby-concurrent))) + ("ruby-minitest-global-expectations" ,ruby-minitest-global-expectations))) (synopsis "Unified web application interface for Ruby") (description "Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses, -- cgit v1.2.3 From 84e082e31706411e7f9c3189a83f8ed0b4016fe7 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 19 Feb 2021 18:09:57 -0500 Subject: gnu: Python: Fix CVE-2021-3177. * gnu/packages/patches/python-3.8-CVE-2021-3177.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/python.scm (python-3.8)[replacement]: New field. (python-3.8/fixed): New variable. --- gnu/local.mk | 1 + .../patches/python-3.8-CVE-2021-3177.patch | 194 +++++++++++++++++++++ gnu/packages/python.scm | 9 + 3 files changed, 204 insertions(+) create mode 100644 gnu/packages/patches/python-3.8-CVE-2021-3177.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index a9294047eb..ae5a65cfcf 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1524,6 +1524,7 @@ dist_patch_DATA = \ %D%/packages/patches/python-3-search-paths.patch \ %D%/packages/patches/python-3-fix-tests.patch \ %D%/packages/patches/python-3.8-fix-tests.patch \ + %D%/packages/patches/python-3.8-CVE-2021-3177.patch \ %D%/packages/patches/python-3.9-fix-tests.patch \ %D%/packages/patches/python-3.9-CVE-2021-3177.patch \ %D%/packages/patches/python-CVE-2018-14647.patch \ diff --git a/gnu/packages/patches/python-3.8-CVE-2021-3177.patch b/gnu/packages/patches/python-3.8-CVE-2021-3177.patch new file mode 100644 index 0000000000..01f6b52865 --- /dev/null +++ b/gnu/packages/patches/python-3.8-CVE-2021-3177.patch @@ -0,0 +1,194 @@ +Fix CVE-2021-3177 for Python 3.8: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177 + +Patch copied from upstream source repository: + +https://github.com/python/cpython/commit/ece5dfd403dac211f8d3c72701fe7ba7b7aa5b5f + +From ece5dfd403dac211f8d3c72701fe7ba7b7aa5b5f Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Mon, 18 Jan 2021 13:28:52 -0800 +Subject: [PATCH] closes bpo-42938: Replace snprintf with Python unicode + formatting in ctypes param reprs. (GH-24248) + +(cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7) + +Co-authored-by: Benjamin Peterson + +Co-authored-by: Benjamin Peterson +--- + Lib/ctypes/test/test_parameters.py | 43 ++++++++++++++++ + .../2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst | 2 + + Modules/_ctypes/callproc.c | 51 +++++++------------ + 3 files changed, 64 insertions(+), 32 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst + +diff --git a/Lib/ctypes/test/test_parameters.py b/Lib/ctypes/test/test_parameters.py +index e4c25fd880cef..531894fdec838 100644 +--- a/Lib/ctypes/test/test_parameters.py ++++ b/Lib/ctypes/test/test_parameters.py +@@ -201,6 +201,49 @@ def __dict__(self): + with self.assertRaises(ZeroDivisionError): + WorseStruct().__setstate__({}, b'foo') + ++ def test_parameter_repr(self): ++ from ctypes import ( ++ c_bool, ++ c_char, ++ c_wchar, ++ c_byte, ++ c_ubyte, ++ c_short, ++ c_ushort, ++ c_int, ++ c_uint, ++ c_long, ++ c_ulong, ++ c_longlong, ++ c_ulonglong, ++ c_float, ++ c_double, ++ c_longdouble, ++ c_char_p, ++ c_wchar_p, ++ c_void_p, ++ ) ++ self.assertRegex(repr(c_bool.from_param(True)), r"^$") ++ self.assertEqual(repr(c_char.from_param(97)), "") ++ self.assertRegex(repr(c_wchar.from_param('a')), r"^$") ++ self.assertEqual(repr(c_byte.from_param(98)), "") ++ self.assertEqual(repr(c_ubyte.from_param(98)), "") ++ self.assertEqual(repr(c_short.from_param(511)), "") ++ self.assertEqual(repr(c_ushort.from_param(511)), "") ++ self.assertRegex(repr(c_int.from_param(20000)), r"^$") ++ self.assertRegex(repr(c_uint.from_param(20000)), r"^$") ++ self.assertRegex(repr(c_long.from_param(20000)), r"^$") ++ self.assertRegex(repr(c_ulong.from_param(20000)), r"^$") ++ self.assertRegex(repr(c_longlong.from_param(20000)), r"^$") ++ self.assertRegex(repr(c_ulonglong.from_param(20000)), r"^$") ++ self.assertEqual(repr(c_float.from_param(1.5)), "") ++ self.assertEqual(repr(c_double.from_param(1.5)), "") ++ self.assertEqual(repr(c_double.from_param(1e300)), "") ++ self.assertRegex(repr(c_longdouble.from_param(1.5)), r"^$") ++ self.assertRegex(repr(c_char_p.from_param(b'hihi')), "^$") ++ self.assertRegex(repr(c_wchar_p.from_param('hihi')), "^$") ++ self.assertRegex(repr(c_void_p.from_param(0x12)), r"^$") ++ + ################################################################ + + if __name__ == '__main__': +#diff --git a/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst +#new file mode 100644 +#index 0000000000000..7df65a156feab +#--- /dev/null +#+++ b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst +#@@ -0,0 +1,2 @@ +#+Avoid static buffers when computing the repr of :class:`ctypes.c_double` and +#+:class:`ctypes.c_longdouble` values. +diff --git a/Modules/_ctypes/callproc.c b/Modules/_ctypes/callproc.c +index a9b8675cd951b..de75918d49f37 100644 +--- a/Modules/_ctypes/callproc.c ++++ b/Modules/_ctypes/callproc.c +@@ -484,58 +484,47 @@ is_literal_char(unsigned char c) + static PyObject * + PyCArg_repr(PyCArgObject *self) + { +- char buffer[256]; + switch(self->tag) { + case 'b': + case 'B': +- sprintf(buffer, "", ++ return PyUnicode_FromFormat("", + self->tag, self->value.b); +- break; + case 'h': + case 'H': +- sprintf(buffer, "", ++ return PyUnicode_FromFormat("", + self->tag, self->value.h); +- break; + case 'i': + case 'I': +- sprintf(buffer, "", ++ return PyUnicode_FromFormat("", + self->tag, self->value.i); +- break; + case 'l': + case 'L': +- sprintf(buffer, "", ++ return PyUnicode_FromFormat("", + self->tag, self->value.l); +- break; + + case 'q': + case 'Q': +- sprintf(buffer, +-#ifdef MS_WIN32 +- "", +-#else +- "", +-#endif ++ return PyUnicode_FromFormat("", + self->tag, self->value.q); +- break; + case 'd': +- sprintf(buffer, "", +- self->tag, self->value.d); +- break; +- case 'f': +- sprintf(buffer, "", +- self->tag, self->value.f); +- break; +- ++ case 'f': { ++ PyObject *f = PyFloat_FromDouble((self->tag == 'f') ? self->value.f : self->value.d); ++ if (f == NULL) { ++ return NULL; ++ } ++ PyObject *result = PyUnicode_FromFormat("", self->tag, f); ++ Py_DECREF(f); ++ return result; ++ } + case 'c': + if (is_literal_char((unsigned char)self->value.c)) { +- sprintf(buffer, "", ++ return PyUnicode_FromFormat("", + self->tag, self->value.c); + } + else { +- sprintf(buffer, "", ++ return PyUnicode_FromFormat("", + self->tag, (unsigned char)self->value.c); + } +- break; + + /* Hm, are these 'z' and 'Z' codes useful at all? + Shouldn't they be replaced by the functionality of c_string +@@ -544,22 +533,20 @@ PyCArg_repr(PyCArgObject *self) + case 'z': + case 'Z': + case 'P': +- sprintf(buffer, "", ++ return PyUnicode_FromFormat("", + self->tag, self->value.p); + break; + + default: + if (is_literal_char((unsigned char)self->tag)) { +- sprintf(buffer, "", ++ return PyUnicode_FromFormat("", + (unsigned char)self->tag, (void *)self); + } + else { +- sprintf(buffer, "", ++ return PyUnicode_FromFormat("", + (unsigned char)self->tag, (void *)self); + } +- break; + } +- return PyUnicode_FromString(buffer); + } + + static PyMemberDef PyCArgType_members[] = { diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 730c371fda..5c5be0d78c 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -364,6 +364,7 @@ data types.") (define-public python-3.8 (package (inherit python-2) (name "python") + (replacement python-3.8/fixed) (version "3.8.2") (source (origin (method url-fetch) @@ -521,6 +522,14 @@ data types.") (version-major+minor version) "/site-packages")))))))) +(define python-3.8/fixed + (package + (inherit python-3.8) + (source (origin + (inherit (package-source python-3.8)) + (patches (append (search-patches "python-3.8-CVE-2021-3177.patch") + (origin-patches (package-source python-3.8)))))))) + (define-public python-3.9 (package (inherit python-3.8) (name "python-next") -- cgit v1.2.3 From 66fa2d318a1e4da3679fa1c5a70cd3972dc0efbf Mon Sep 17 00:00:00 2001 From: Jelle Licht Date: Tue, 16 Feb 2021 23:28:58 +0100 Subject: gnu: http-parser: Update to 2.9.4-1.ec8b5ee [fixes CVE-2020-8287]. Fixes CVE-2020-8287. * gnu/packages/web.scm (http-parser): Update to 2.9.4-1.ec8b5ee. [source]: Add patch to mitigate CVE. * gnu/packages/patches/patches/http-parser-CVE-2020-8287.patch: New file. * gnu/local.mk [dist_patch_DATA]: New patch. --- gnu/local.mk | 1 + .../patches/http-parser-CVE-2020-8287.patch | 75 ++++++++++++ gnu/packages/web.scm | 136 +++++++++++---------- 3 files changed, 146 insertions(+), 66 deletions(-) create mode 100644 gnu/packages/patches/http-parser-CVE-2020-8287.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index ae5a65cfcf..ab0c1b0e97 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1164,6 +1164,7 @@ dist_patch_DATA = \ %D%/packages/patches/hdf-eos5-remove-gctp.patch \ %D%/packages/patches/hdf-eos5-fix-szip.patch \ %D%/packages/patches/hdf-eos5-fortrantests.patch \ + %D%/packages/patches/http-parser-CVE-2020-8287.patch \ %D%/packages/patches/http-parser-fix-assertion-on-armhf.patch \ %D%/packages/patches/hubbub-sort-entities.patch \ %D%/packages/patches/hurd-cross.patch \ diff --git a/gnu/packages/patches/http-parser-CVE-2020-8287.patch b/gnu/packages/patches/http-parser-CVE-2020-8287.patch new file mode 100644 index 0000000000..580f773099 --- /dev/null +++ b/gnu/packages/patches/http-parser-CVE-2020-8287.patch @@ -0,0 +1,75 @@ +From fc70ce08f5818a286fb5899a1bc3aff5965a745e Mon Sep 17 00:00:00 2001 +From: Fedor Indutny +Date: Wed, 18 Nov 2020 20:50:21 -0800 +Subject: [PATCH] http: unset `F_CHUNKED` on new `Transfer-Encoding` + +Duplicate `Transfer-Encoding` header should be a treated as a single, +but with original header values concatenated with a comma separator. In +the light of this, even if the past `Transfer-Encoding` ended with +`chunked`, we should be not let the `F_CHUNKED` to leak into the next +header, because mere presence of another header indicates that `chunked` +is not the last transfer-encoding token. + +CVE-ID: CVE-2020-8287 +PR-URL: https://github.com/nodejs-private/node-private/pull/235 +Reviewed-By: Fedor Indutny +--- + http_parser.c | 7 +++++++ + test.c | 26 ++++++++++++++++++++++++++ + 2 files changed, 33 insertions(+) + +diff --git a/http_parser.c b/http_parser.c +index 9be003e7322..e9b2b9e83b9 100644 +--- a/http_parser.c ++++ b/http_parser.c +@@ -1344,6 +1344,13 @@ size_t http_parser_execute (http_parser *parser, + } else if (parser->index == sizeof(TRANSFER_ENCODING)-2) { + parser->header_state = h_transfer_encoding; + parser->uses_transfer_encoding = 1; ++ ++ /* Multiple `Transfer-Encoding` headers should be treated as ++ * one, but with values separate by a comma. ++ * ++ * See: https://tools.ietf.org/html/rfc7230#section-3.2.2 ++ */ ++ parser->flags &= ~F_CHUNKED; + } + break; + +diff --git a/test.c b/test.c +index 3f7c77b3494..2e5a9ebd678 100644 +--- a/test.c ++++ b/test.c +@@ -2154,6 +2154,32 @@ const struct message responses[] = + ,.body= "2\r\nOK\r\n0\r\n\r\n" + ,.num_chunks_complete= 0 + } ++#define HTTP_200_DUPLICATE_TE_NOT_LAST_CHUNKED 30 ++, {.name= "HTTP 200 response with `chunked` and duplicate Transfer-Encoding" ++ ,.type= HTTP_RESPONSE ++ ,.raw= "HTTP/1.1 200 OK\r\n" ++ "Transfer-Encoding: chunked\r\n" ++ "Transfer-Encoding: identity\r\n" ++ "\r\n" ++ "2\r\n" ++ "OK\r\n" ++ "0\r\n" ++ "\r\n" ++ ,.should_keep_alive= FALSE ++ ,.message_complete_on_eof= TRUE ++ ,.http_major= 1 ++ ,.http_minor= 1 ++ ,.status_code= 200 ++ ,.response_status= "OK" ++ ,.content_length= -1 ++ ,.num_headers= 2 ++ ,.headers= ++ { { "Transfer-Encoding", "chunked" } ++ , { "Transfer-Encoding", "identity" } ++ } ++ ,.body= "2\r\nOK\r\n0\r\n\r\n" ++ ,.num_chunks_complete= 0 ++ } + }; + + /* strnlen() is a POSIX.2008 addition. Can't rely on it being available so diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index e4ba0d5bf9..010e01debb 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -6162,78 +6162,82 @@ into your tests. It automatically starts up a HTTP server in a separate thread (license license:expat))) (define-public http-parser - (package - (name "http-parser") - (version "2.9.4") - (home-page "https://github.com/nodejs/http-parser") - (source - (origin - (method git-fetch) - (uri (git-reference (url home-page) - (commit (string-append "v" version)))) - (sha256 - (base32 "1vda4dp75pjf5fcph73sy0ifm3xrssrmf927qd1x8g3q46z0cv6c")) - (file-name (git-file-name name version)) - (patches - (list - (origin - ;; Treat an empty port (e.g. `http://hostname:/`) when parsing - ;; URLs as if no port were specified. This patch is applied - ;; to Fedora's http-parser and to libgit2's bundled version. - (method url-fetch) - (uri (string-append - "https://src.fedoraproject.org/rpms/http-parser/raw/" - "e89b4c4e2874c19079a5a1a2d2ccc61b551aa289/" - "f/0001-url-treat-empty-port-as-default.patch")) - (sha256 - (base32 - "0pbxf2nq9pcn299k2b2ls8ldghaqln9glnp79gi57mamx4iy0f6g"))))))) - (build-system gnu-build-system) - (arguments - `(#:test-target "test" - #:make-flags - (list (string-append "PREFIX=" - (assoc-ref %outputs "out")) - "library" - ,@(if (%current-target-system) - '() - '("CC=gcc"))) - #:phases - (modify-phases %standard-phases - ,@(match (%current-system) + (let ((commit "ec8b5ee63f0e51191ea43bb0c6eac7bfbff3141d") + (revision "1")) + (package + (name "http-parser") + (version (git-version "2.9.4" revision commit)) + (home-page "https://github.com/nodejs/http-parser") + (source + (origin + (method git-fetch) + (uri (git-reference (url home-page) + (commit commit))) + (sha256 + (base32 "0f297hrbx0kvy3qwgm9rhmbnjww6iljlcz9grsc9d4km1qj1071i")) + (file-name (git-file-name name version)) + (patches + (append + (search-patches "http-parser-CVE-2020-8287.patch") + (list + (origin + ;; Treat an empty port (e.g. `http://hostname:/`) when parsing + ;; URLs as if no port were specified. This patch is applied + ;; to Fedora's http-parser and to libgit2's bundled version. + (method url-fetch) + (uri (string-append + "https://src.fedoraproject.org/rpms/http-parser/raw/" + "e89b4c4e2874c19079a5a1a2d2ccc61b551aa289/" + "f/0001-url-treat-empty-port-as-default.patch")) + (sha256 + (base32 + "0pbxf2nq9pcn299k2b2ls8ldghaqln9glnp79gi57mamx4iy0f6g")))))))) + (build-system gnu-build-system) + (arguments + `(#:test-target "test" + #:make-flags + (list (string-append "PREFIX=" + (assoc-ref %outputs "out")) + "library" + ,@(if (%current-target-system) + '() + '("CC=gcc"))) + #:phases + (modify-phases %standard-phases + ,@(match (%current-system) + ("armhf-linux" + '((add-before 'check 'apply-assertion.patch + (lambda* (#:key inputs #:allow-other-keys) + (let ((patch (assoc-ref inputs "assertion.patch"))) + (invoke "patch" "-p1" "-i" patch) + #t))))) + (_ '())) + ,@(if (%current-target-system) + '((replace 'configure + (lambda* (#:key target #:allow-other-keys) + (substitute* (find-files "." "Makefile") + (("CC\\?=.*$") + (string-append "CC=" target "-gcc\n")) + (("AR\\?=.*$") + (string-append "AR=" target "-ar\n"))) + #t))) + '((delete 'configure)))))) + (native-inputs + `(,@(match (%current-system) ("armhf-linux" - '((add-before 'check 'apply-assertion.patch - (lambda* (#:key inputs #:allow-other-keys) - (let ((patch (assoc-ref inputs "assertion.patch"))) - (invoke "patch" "-p1" "-i" patch) - #t))))) - (_ '())) - ,@(if (%current-target-system) - '((replace 'configure - (lambda* (#:key target #:allow-other-keys) - (substitute* (find-files "." "Makefile") - (("CC\\?=.*$") - (string-append "CC=" target "-gcc\n")) - (("AR\\?=.*$") - (string-append "AR=" target "-ar\n"))) - #t))) - '((delete 'configure)))))) - (native-inputs - `(,@(match (%current-system) - ("armhf-linux" - ;; A fix for which in turn - ;; breaks i686-linux builds. - `(("assertion.patch" - ,@(search-patches "http-parser-fix-assertion-on-armhf.patch")))) - (_ '())))) - (synopsis "HTTP request/response parser for C") - (description "This is a parser for HTTP messages written in C. It parses + ;; A fix for which in turn + ;; breaks i686-linux builds. + `(("assertion.patch" + ,@(search-patches "http-parser-fix-assertion-on-armhf.patch")))) + (_ '())))) + (synopsis "HTTP request/response parser for C") + (description "This is a parser for HTTP messages written in C. It parses both requests and responses. The parser is designed to be used in high-performance HTTP applications. It does not make any syscalls nor allocations, it does not buffer data, it can be interrupted at anytime. Depending on your architecture, it only requires about 40 bytes of data per message stream (in a web server that is per connection).") - (license license:expat))) + (license license:expat)))) (define-public python-httpretty (package -- cgit v1.2.3 From b5586c666e13988ce7ec983907ffb06a564f1d4f Mon Sep 17 00:00:00 2001 From: Mathieu Othacehe Date: Wed, 24 Feb 2021 16:33:18 +0100 Subject: gnu: http-server: Fix build on i686-linux. * gnu/packages/patches/http-parser-fix-assertion-on-armhf.patch: Remove it. * gnu/local.mk (dist_patch_DATA): Update it. * gnu/packages/web.scm (http-parser)[source]: Remove a test assertion failing on i686-linux. [arguments]: Remove the "assertion.patch" that is merged upstream. [native-inputs]: Ditto. [synopsis]: Wrap it. --- gnu/local.mk | 1 - .../http-parser-fix-assertion-on-armhf.patch | 39 ---------------------- gnu/packages/web.scm | 30 ++++++----------- 3 files changed, 11 insertions(+), 59 deletions(-) delete mode 100644 gnu/packages/patches/http-parser-fix-assertion-on-armhf.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index ab0c1b0e97..8d46cda639 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1165,7 +1165,6 @@ dist_patch_DATA = \ %D%/packages/patches/hdf-eos5-fix-szip.patch \ %D%/packages/patches/hdf-eos5-fortrantests.patch \ %D%/packages/patches/http-parser-CVE-2020-8287.patch \ - %D%/packages/patches/http-parser-fix-assertion-on-armhf.patch \ %D%/packages/patches/hubbub-sort-entities.patch \ %D%/packages/patches/hurd-cross.patch \ %D%/packages/patches/hurd-xattr.patch \ diff --git a/gnu/packages/patches/http-parser-fix-assertion-on-armhf.patch b/gnu/packages/patches/http-parser-fix-assertion-on-armhf.patch deleted file mode 100644 index 79bd3e8dbc..0000000000 --- a/gnu/packages/patches/http-parser-fix-assertion-on-armhf.patch +++ /dev/null @@ -1,39 +0,0 @@ -From: Tobias Geerinckx-Rice -Date: Wed, 20 May 2020 19:17:13 +0200 -Subject: [PATCH] gnu: http-client: Fix assertion on armhf-linux. - -Copied verbatim from [0] to fix guix pull[1] on ARM systems. - -[0]: https://github.com/nodejs/http-parser/pull/510 -[1]: https://issues.guix.gnu.org/40604 - -From 0e5868aebb9eb92b078d27bb2774c2154dc167e2 Mon Sep 17 00:00:00 2001 -From: Ben Noordhuis -Date: Thu, 30 Apr 2020 11:22:50 +0200 -Subject: [PATCH] Fix sizeof(http_parser) assert - -The result should be 32 on both 32 bits and 64 bits architectures -because of struct padding. - -Fixes: https://github.com/nodejs/http-parser/issues/507 ---- - test.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/test.c b/test.c -index 7983424..f60a84f 100644 ---- a/test.c -+++ b/test.c -@@ -4220,8 +4220,11 @@ main (void) - patch = version & 255; - printf("http_parser v%u.%u.%u (0x%06lx)\n", major, minor, patch, version); - -+ /* Should be 32 on both 32 bits and 64 bits architectures because of -+ * struct padding, see https://github.com/nodejs/http-parser/issues/507. -+ */ - printf("sizeof(http_parser) = %u\n", (unsigned int)sizeof(http_parser)); -- assert(sizeof(http_parser) == 4 + 4 + 8 + 2 + 2 + 4 + sizeof(void *)); -+ assert(sizeof(http_parser) == 32); - - //// API - test_preserve_data(); diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index b3c0831ac4..e9a17f3b78 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -6191,7 +6191,15 @@ into your tests. It automatically starts up a HTTP server in a separate thread "f/0001-url-treat-empty-port-as-default.patch")) (sha256 (base32 - "0pbxf2nq9pcn299k2b2ls8ldghaqln9glnp79gi57mamx4iy0f6g")))))))) + "0pbxf2nq9pcn299k2b2ls8ldghaqln9glnp79gi57mamx4iy0f6g")))))) + (modules '((guix build utils))) + (snippet + '(begin + ;; This assertion fails when building for i686-linux. + (substitute* "test.c" + (("assert\\(sizeof\\(http_parser\\) == 32\\);") + "assert(1);")) + #t)))) (build-system gnu-build-system) (arguments `(#:test-target "test" @@ -6204,14 +6212,6 @@ into your tests. It automatically starts up a HTTP server in a separate thread '("CC=gcc"))) #:phases (modify-phases %standard-phases - ,@(match (%current-system) - ("armhf-linux" - '((add-before 'check 'apply-assertion.patch - (lambda* (#:key inputs #:allow-other-keys) - (let ((patch (assoc-ref inputs "assertion.patch"))) - (invoke "patch" "-p1" "-i" patch) - #t))))) - (_ '())) ,@(if (%current-target-system) '((replace 'configure (lambda* (#:key target #:allow-other-keys) @@ -6222,17 +6222,9 @@ into your tests. It automatically starts up a HTTP server in a separate thread (string-append "AR=" target "-ar\n"))) #t))) '((delete 'configure)))))) - (native-inputs - `(,@(match (%current-system) - ("armhf-linux" - ;; A fix for which in turn - ;; breaks i686-linux builds. - `(("assertion.patch" - ,@(search-patches "http-parser-fix-assertion-on-armhf.patch")))) - (_ '())))) (synopsis "HTTP request/response parser for C") - (description "This is a parser for HTTP messages written in C. It parses -both requests and responses. The parser is designed to be used in + (description "This is a parser for HTTP messages written in C. It +parses both requests and responses. The parser is designed to be used in high-performance HTTP applications. It does not make any syscalls nor allocations, it does not buffer data, it can be interrupted at anytime. Depending on your architecture, it only requires about 40 bytes of data per -- cgit v1.2.3 From 10b909a0249fd53d589890b357232db4165690f5 Mon Sep 17 00:00:00 2001 From: Greg Hogan Date: Wed, 24 Feb 2021 14:12:28 +0000 Subject: gnu: Python 3.9: Update to 3.9.2. * gnu/packages/python.scm (python-3.9): Update to 3.9.2. [source]: Remove obsolete patch. * gnu/packages/patches/python-3.9-CVE-2021-3177.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. Signed-off-by: Leo Famulari --- gnu/local.mk | 1 - .../patches/python-3.9-CVE-2021-3177.patch | 194 --------------------- gnu/packages/python.scm | 6 +- 3 files changed, 3 insertions(+), 198 deletions(-) delete mode 100644 gnu/packages/patches/python-3.9-CVE-2021-3177.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 8d46cda639..8d1465158a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1526,7 +1526,6 @@ dist_patch_DATA = \ %D%/packages/patches/python-3.8-fix-tests.patch \ %D%/packages/patches/python-3.8-CVE-2021-3177.patch \ %D%/packages/patches/python-3.9-fix-tests.patch \ - %D%/packages/patches/python-3.9-CVE-2021-3177.patch \ %D%/packages/patches/python-CVE-2018-14647.patch \ %D%/packages/patches/python-CVE-2020-26116.patch \ %D%/packages/patches/python-aionotify-0.2.0-py3.8.patch \ diff --git a/gnu/packages/patches/python-3.9-CVE-2021-3177.patch b/gnu/packages/patches/python-3.9-CVE-2021-3177.patch deleted file mode 100644 index 155f17deca..0000000000 --- a/gnu/packages/patches/python-3.9-CVE-2021-3177.patch +++ /dev/null @@ -1,194 +0,0 @@ -Fix CVE-2021-3177 for Python 3.9: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177 - -Patch copied from upstream source repository: - -https://github.com/python/cpython/commit/c347cbe694743cee120457aa6626712f7799a932 - -From c347cbe694743cee120457aa6626712f7799a932 Mon Sep 17 00:00:00 2001 -From: "Miss Islington (bot)" - <31488909+miss-islington@users.noreply.github.com> -Date: Mon, 18 Jan 2021 13:29:31 -0800 -Subject: [PATCH] closes bpo-42938: Replace snprintf with Python unicode - formatting in ctypes param reprs. (GH-24247) - -(cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7) - -Co-authored-by: Benjamin Peterson - -Co-authored-by: Benjamin Peterson ---- - Lib/ctypes/test/test_parameters.py | 43 ++++++++++++++++ - .../2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst | 2 + - Modules/_ctypes/callproc.c | 51 +++++++------------ - 3 files changed, 64 insertions(+), 32 deletions(-) - create mode 100644 Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst - -diff --git a/Lib/ctypes/test/test_parameters.py b/Lib/ctypes/test/test_parameters.py -index e4c25fd880cef..531894fdec838 100644 ---- a/Lib/ctypes/test/test_parameters.py -+++ b/Lib/ctypes/test/test_parameters.py -@@ -201,6 +201,49 @@ def __dict__(self): - with self.assertRaises(ZeroDivisionError): - WorseStruct().__setstate__({}, b'foo') - -+ def test_parameter_repr(self): -+ from ctypes import ( -+ c_bool, -+ c_char, -+ c_wchar, -+ c_byte, -+ c_ubyte, -+ c_short, -+ c_ushort, -+ c_int, -+ c_uint, -+ c_long, -+ c_ulong, -+ c_longlong, -+ c_ulonglong, -+ c_float, -+ c_double, -+ c_longdouble, -+ c_char_p, -+ c_wchar_p, -+ c_void_p, -+ ) -+ self.assertRegex(repr(c_bool.from_param(True)), r"^$") -+ self.assertEqual(repr(c_char.from_param(97)), "") -+ self.assertRegex(repr(c_wchar.from_param('a')), r"^$") -+ self.assertEqual(repr(c_byte.from_param(98)), "") -+ self.assertEqual(repr(c_ubyte.from_param(98)), "") -+ self.assertEqual(repr(c_short.from_param(511)), "") -+ self.assertEqual(repr(c_ushort.from_param(511)), "") -+ self.assertRegex(repr(c_int.from_param(20000)), r"^$") -+ self.assertRegex(repr(c_uint.from_param(20000)), r"^$") -+ self.assertRegex(repr(c_long.from_param(20000)), r"^$") -+ self.assertRegex(repr(c_ulong.from_param(20000)), r"^$") -+ self.assertRegex(repr(c_longlong.from_param(20000)), r"^$") -+ self.assertRegex(repr(c_ulonglong.from_param(20000)), r"^$") -+ self.assertEqual(repr(c_float.from_param(1.5)), "") -+ self.assertEqual(repr(c_double.from_param(1.5)), "") -+ self.assertEqual(repr(c_double.from_param(1e300)), "") -+ self.assertRegex(repr(c_longdouble.from_param(1.5)), r"^$") -+ self.assertRegex(repr(c_char_p.from_param(b'hihi')), "^$") -+ self.assertRegex(repr(c_wchar_p.from_param('hihi')), "^$") -+ self.assertRegex(repr(c_void_p.from_param(0x12)), r"^$") -+ - ################################################################ - - if __name__ == '__main__': -diff --git a/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst -new file mode 100644 -index 0000000000000..7df65a156feab ---- /dev/null -+++ b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst -@@ -0,0 +1,2 @@ -+Avoid static buffers when computing the repr of :class:`ctypes.c_double` and -+:class:`ctypes.c_longdouble` values. -diff --git a/Modules/_ctypes/callproc.c b/Modules/_ctypes/callproc.c -index b0a36a30248f7..f2506de54498e 100644 ---- a/Modules/_ctypes/callproc.c -+++ b/Modules/_ctypes/callproc.c -@@ -489,58 +489,47 @@ is_literal_char(unsigned char c) - static PyObject * - PyCArg_repr(PyCArgObject *self) - { -- char buffer[256]; - switch(self->tag) { - case 'b': - case 'B': -- sprintf(buffer, "", -+ return PyUnicode_FromFormat("", - self->tag, self->value.b); -- break; - case 'h': - case 'H': -- sprintf(buffer, "", -+ return PyUnicode_FromFormat("", - self->tag, self->value.h); -- break; - case 'i': - case 'I': -- sprintf(buffer, "", -+ return PyUnicode_FromFormat("", - self->tag, self->value.i); -- break; - case 'l': - case 'L': -- sprintf(buffer, "", -+ return PyUnicode_FromFormat("", - self->tag, self->value.l); -- break; - - case 'q': - case 'Q': -- sprintf(buffer, --#ifdef MS_WIN32 -- "", --#else -- "", --#endif -+ return PyUnicode_FromFormat("", - self->tag, self->value.q); -- break; - case 'd': -- sprintf(buffer, "", -- self->tag, self->value.d); -- break; -- case 'f': -- sprintf(buffer, "", -- self->tag, self->value.f); -- break; -- -+ case 'f': { -+ PyObject *f = PyFloat_FromDouble((self->tag == 'f') ? self->value.f : self->value.d); -+ if (f == NULL) { -+ return NULL; -+ } -+ PyObject *result = PyUnicode_FromFormat("", self->tag, f); -+ Py_DECREF(f); -+ return result; -+ } - case 'c': - if (is_literal_char((unsigned char)self->value.c)) { -- sprintf(buffer, "", -+ return PyUnicode_FromFormat("", - self->tag, self->value.c); - } - else { -- sprintf(buffer, "", -+ return PyUnicode_FromFormat("", - self->tag, (unsigned char)self->value.c); - } -- break; - - /* Hm, are these 'z' and 'Z' codes useful at all? - Shouldn't they be replaced by the functionality of c_string -@@ -549,22 +538,20 @@ PyCArg_repr(PyCArgObject *self) - case 'z': - case 'Z': - case 'P': -- sprintf(buffer, "", -+ return PyUnicode_FromFormat("", - self->tag, self->value.p); - break; - - default: - if (is_literal_char((unsigned char)self->tag)) { -- sprintf(buffer, "", -+ return PyUnicode_FromFormat("", - (unsigned char)self->tag, (void *)self); - } - else { -- sprintf(buffer, "", -+ return PyUnicode_FromFormat("", - (unsigned char)self->tag, (void *)self); - } -- break; - } -- return PyUnicode_FromString(buffer); - } - - static PyMemberDef PyCArgType_members[] = { diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 5c5be0d78c..9d97050c66 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -59,6 +59,7 @@ ;;; Copyright © 2018 Vagrant Cascadian ;;; Copyright © 2019 Tanguy Le Carrour ;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen +;;; Copyright © 2021 Greg Hogan ;;; ;;; This file is part of GNU Guix. ;;; @@ -533,19 +534,18 @@ data types.") (define-public python-3.9 (package (inherit python-3.8) (name "python-next") - (version "3.9.1") + (version "3.9.2") (source (origin (method url-fetch) (uri (string-append "https://www.python.org/ftp/python/" version "/Python-" version ".tar.xz")) (patches (search-patches "python-3.9-fix-tests.patch" - "python-3.9-CVE-2021-3177.patch" "python-3-deterministic-build-info.patch" "python-3-search-paths.patch")) (sha256 (base32 - "1zq3k4ymify5ig739zyvx9s2ainvchxb1zpy139z74krr653y74r")) + "0z94vv5qhlwvcgc4sy9sdiqs0220s84wx3b62vslh5419z2k881w")) (modules '((guix build utils))) (snippet '(begin -- cgit v1.2.3 From 83a614b6c3dfebee653e656c62635e65faf9e15a Mon Sep 17 00:00:00 2001 From: Léo Le Bouter Date: Sun, 28 Feb 2021 03:03:39 +0100 Subject: gnu: wpa-supplicant, hostapd: Fix CVE-2021-27803. See . * gnu/packages/patches/wpa-supplicant-CVE-2021-27803.patch: New patch. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/admin.scm (wpa-supplicant-minimal, hostapd): Apply it. --- gnu/local.mk | 1 + gnu/packages/admin.scm | 8 +++- .../patches/wpa-supplicant-CVE-2021-27803.patch | 50 ++++++++++++++++++++++ 3 files changed, 57 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/wpa-supplicant-CVE-2021-27803.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 8d1465158a..f8ff065242 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1730,6 +1730,7 @@ dist_patch_DATA = \ %D%/packages/patches/wordnet-CVE-2008-2149.patch \ %D%/packages/patches/wordnet-CVE-2008-3908-pt1.patch \ %D%/packages/patches/wordnet-CVE-2008-3908-pt2.patch \ + %D%/packages/patches/wpa-supplicant-CVE-2021-27803.patch \ %D%/packages/patches/x265-arm-flags.patch \ %D%/packages/patches/xf86-video-ark-remove-mibstore.patch \ %D%/packages/patches/xf86-video-mach64-glibc-2.20.patch \ diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index cf27eea084..2ca99774b8 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -1656,7 +1656,9 @@ features of sudo with a fraction of the codebase.") ;; Disable D-Bus to save ~14MiB on the closure size. (("^CONFIG_CTRL_IFACE_DBUS" line _) (string-append "#" line))) - #t)))) + #t)) + (patches + (search-patches "wpa-supplicant-CVE-2021-27803.patch")))) (build-system gnu-build-system) (arguments `(#:phases @@ -1820,7 +1822,9 @@ command.") ".tar.gz")) (sha256 (base32 - "1mrbvg4v7vm7mknf0n29mf88k3s4a4qj6r4d51wq8hmjj1m7s7c8")))) + "1mrbvg4v7vm7mknf0n29mf88k3s4a4qj6r4d51wq8hmjj1m7s7c8")) + (patches + (search-patches "wpa-supplicant-CVE-2021-27803.patch")))) (build-system gnu-build-system) (arguments `(#:phases diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2021-27803.patch b/gnu/packages/patches/wpa-supplicant-CVE-2021-27803.patch new file mode 100644 index 0000000000..1942bb3d55 --- /dev/null +++ b/gnu/packages/patches/wpa-supplicant-CVE-2021-27803.patch @@ -0,0 +1,50 @@ +From 8460e3230988ef2ec13ce6b69b687e941f6cdb32 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Tue, 8 Dec 2020 23:52:50 +0200 +Subject: [PATCH] P2P: Fix a corner case in peer addition based on PD Request + +p2p_add_device() may remove the oldest entry if there is no room in the +peer table for a new peer. This would result in any pointer to that +removed entry becoming stale. A corner case with an invalid PD Request +frame could result in such a case ending up using (read+write) freed +memory. This could only by triggered when the peer table has reached its +maximum size and the PD Request frame is received from the P2P Device +Address of the oldest remaining entry and the frame has incorrect P2P +Device Address in the payload. + +Fix this by fetching the dev pointer again after having called +p2p_add_device() so that the stale pointer cannot be used. + +Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request") +Signed-off-by: Jouni Malinen +--- + src/p2p/p2p_pd.c | 12 +++++------- + 1 file changed, 5 insertions(+), 7 deletions(-) + +diff --git a/src/p2p/p2p_pd.c b/src/p2p/p2p_pd.c +index 3994ec03f86b..05fd593494ef 100644 +--- a/src/p2p/p2p_pd.c ++++ b/src/p2p/p2p_pd.c +@@ -595,14 +595,12 @@ void p2p_process_prov_disc_req(struct p2p_data *p2p, const u8 *sa, + goto out; + } + ++ dev = p2p_get_device(p2p, sa); + if (!dev) { +- dev = p2p_get_device(p2p, sa); +- if (!dev) { +- p2p_dbg(p2p, +- "Provision Discovery device not found " +- MACSTR, MAC2STR(sa)); +- goto out; +- } ++ p2p_dbg(p2p, ++ "Provision Discovery device not found " ++ MACSTR, MAC2STR(sa)); ++ goto out; + } + } else if (msg.wfd_subelems) { + wpabuf_free(dev->info.wfd_subelems); +-- +2.25.1 + -- cgit v1.2.3 From 9c30f26b8dca1be5b0cdaeea04a3484905cfd4f2 Mon Sep 17 00:00:00 2001 From: 宋文武 Date: Wed, 17 Feb 2021 19:50:33 +0800 Subject: gnu: retroarch: Update to 1.9.0. * gnu/packages/emulators.scm (retroarch): Update to 1.9.0. [source]: Remove 'retroarch-disable-online-updater.patch' and snippet. Add 'retroarch-LIBRETRO_DIRECTORY.patch'. [native-search-paths]: New field. * gnu/packages/patches/retroarch-disable-online-updater.patch: Remove file. * gnu/packages/patches/retroarch-LIBRETRO_DIRECTORY: New file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. --- gnu/local.mk | 2 +- gnu/packages/emulators.scm | 24 ++++++------- .../patches/retroarch-LIBRETRO_DIRECTORY.patch | 32 +++++++++++++++++ .../patches/retroarch-disable-online-updater.patch | 41 ---------------------- 4 files changed, 44 insertions(+), 55 deletions(-) create mode 100644 gnu/packages/patches/retroarch-LIBRETRO_DIRECTORY.patch delete mode 100644 gnu/packages/patches/retroarch-disable-online-updater.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index f8ff065242..76bb7ef1f0 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1592,7 +1592,7 @@ dist_patch_DATA = \ %D%/packages/patches/rtags-separate-rct.patch \ %D%/packages/patches/racket-store-checksum-override.patch \ %D%/packages/patches/remake-impure-dirs.patch \ - %D%/packages/patches/retroarch-disable-online-updater.patch \ + %D%/packages/patches/retroarch-LIBRETRO_DIRECTORY.patch \ %D%/packages/patches/rnp-add-version.cmake.patch \ %D%/packages/patches/rnp-disable-ruby-rnp-tests.patch \ %D%/packages/patches/rnp-unbundle-googletest.patch \ diff --git a/gnu/packages/emulators.scm b/gnu/packages/emulators.scm index 6c044e3397..dcbffa0a28 100644 --- a/gnu/packages/emulators.scm +++ b/gnu/packages/emulators.scm @@ -1273,7 +1273,7 @@ as RetroArch.") (define-public retroarch (package (name "retroarch") - (version "1.8.1") + (version "1.9.0") (source (origin (method git-fetch) @@ -1282,18 +1282,9 @@ as RetroArch.") (commit (string-append "v" version)))) (file-name (git-file-name name version)) (sha256 - (base32 "0y7rcpz7psf8k3agsrq277jdm651vbnn9xpqvmj2in1a786idya7")) + (base32 "1n0dcv85vqrdr79psnf009hi4r2mvsgsjbghrrc9pm5g7ywwwcvp")) (patches - (search-patches "retroarch-disable-online-updater.patch")) - (modules '((guix build utils))) - (snippet - '(begin - ;; Don't suggest using the Online Updater if available: it never - ;; is. This disables translation of this particular message. - (substitute* (find-files "menu/drivers" "\\.c$") - (("msg_hash_to_str\\(MSG_MISSING_ASSETS\\)") - "\"Warning: Missing assets, go get some\"")) - #t)))) + (search-patches "retroarch-LIBRETRO_DIRECTORY.patch")))) (build-system gnu-build-system) (arguments `(#:tests? #f ; no tests @@ -1328,7 +1319,9 @@ as RetroArch.") '("--enable-neon" "--enable-floathard") '()) (string-append "--prefix=" out) - (string-append "--global-config-dir=" etc) + ;; Non-free software are available through the core updater, + ;; disable it. See . + "--disable-update_cores" "--disable-builtinminiupnpc"))))))) (inputs `(("alsa-lib" ,alsa-lib) @@ -1354,6 +1347,11 @@ as RetroArch.") `(("pkg-config" ,pkg-config) ("wayland-protocols" ,wayland-protocols) ("which" ,which))) + (native-search-paths + (list (search-path-specification + (variable "LIBRETRO_DIRECTORY") + (separator #f) ; single entry + (files '("lib/libretro"))))) (home-page "https://www.libretro.com/") (synopsis "Reference frontend for the libretro API") (description diff --git a/gnu/packages/patches/retroarch-LIBRETRO_DIRECTORY.patch b/gnu/packages/patches/retroarch-LIBRETRO_DIRECTORY.patch new file mode 100644 index 0000000000..30515cbe48 --- /dev/null +++ b/gnu/packages/patches/retroarch-LIBRETRO_DIRECTORY.patch @@ -0,0 +1,32 @@ +From f308dc91660954ab88bb41868c0b9809592923e6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=E5=AE=8B=E6=96=87=E6=AD=A6?= +Date: Sat, 20 Feb 2021 20:37:39 +0800 +Subject: [PATCH] Allow set libretro_directory via environment variable + +--- + retroarch.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/retroarch.c b/retroarch.c +index 6a88c3108e..6807c12b5b 100644 +--- a/retroarch.c ++++ b/retroarch.c +@@ -36038,6 +36038,15 @@ static void retroarch_parse_input_and_config( + #endif + config_load(&p_rarch->g_extern); + ++ /* Override settings via environment variables */ ++ if (getenv("LIBRETRO_DIRECTORY")) { ++ settings_t *settings = p_rarch->configuration_settings; ++ retroarch_override_setting_set(RARCH_OVERRIDE_SETTING_LIBRETRO_DIRECTORY, NULL); ++ configuration_set_string(settings, ++ settings->paths.directory_libretro, ++ getenv("LIBRETRO_DIRECTORY")); ++ } ++ + /* Second pass: All other arguments override the config file */ + optind = 1; + +-- +2.30.0 + diff --git a/gnu/packages/patches/retroarch-disable-online-updater.patch b/gnu/packages/patches/retroarch-disable-online-updater.patch deleted file mode 100644 index ea74cc5409..0000000000 --- a/gnu/packages/patches/retroarch-disable-online-updater.patch +++ /dev/null @@ -1,41 +0,0 @@ -From: Tobias Geerinckx-Rice -Date: Fri, 29 Nov 2019 20:32:54 +0100 -Subject: [PATCH]: gnu: retroarch: Disable the on-line updater. - -This disables the entire ‘Online Updater’ sub-menu to address -. Perhaps that is more than is -necessary. - -diff -Naur a/menu/menu_displaylist.c b/menu/menu_displaylist.c ---- a/menu/menu_displaylist.c 1970-01-01 01:00:01.000000000 +0100 -+++ b/menu/menu_displaylist.c 2019-11-29 18:35:27.467948854 +0100 -@@ -8444,11 +8444,6 @@ - MENU_ENUM_LABEL_NETPLAY, - PARSE_ACTION, false) == 0) - count++; -- if (settings->bools.menu_show_online_updater) -- if (menu_displaylist_parse_settings_enum(info->list, -- MENU_ENUM_LABEL_ONLINE_UPDATER, -- PARSE_ACTION, false) == 0) -- count++; - if (menu_displaylist_parse_settings_enum(info->list, - MENU_ENUM_LABEL_SETTINGS, PARSE_ACTION, false) == 0) - count++; -diff -Naur retroarch.a/menu/menu_setting.c retroarch.c/menu/menu_setting.c ---- a/menu/menu_setting.c 1970-01-01 01:00:01.000000000 +0100 -+++ b/menu/menu_setting.c 2019-11-29 18:35:35.753957312 +0100 -@@ -7291,14 +7291,6 @@ - &group_info, - &subgroup_info, - parent_group); -- -- CONFIG_ACTION( -- list, list_info, -- MENU_ENUM_LABEL_ONLINE_UPDATER, -- MENU_ENUM_LABEL_VALUE_ONLINE_UPDATER, -- &group_info, -- &subgroup_info, -- parent_group); - #endif - - CONFIG_ACTION( -- cgit v1.2.3 From e05c0b334d55d1399303ce097f70eaa2ca3ad7df Mon Sep 17 00:00:00 2001 From: Léo Le Bouter Date: Sun, 28 Feb 2021 04:40:05 +0100 Subject: gnu: qemu: Fix CVE-2021-20203. * gnu/packages/patches/qemu-CVE-2021-20203.patch: New patch. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/virtualization.scm (qemu): Apply it. --- gnu/local.mk | 1 + gnu/packages/patches/qemu-CVE-2021-20203.patch | 172 +++++++++++++++++++++++++ gnu/packages/virtualization.scm | 3 +- 3 files changed, 175 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/qemu-CVE-2021-20203.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 76bb7ef1f0..83753e6b4e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1561,6 +1561,7 @@ dist_patch_DATA = \ %D%/packages/patches/python-waitress-fix-tests.patch \ %D%/packages/patches/pypy3-7.3.1-fix-tests.patch \ %D%/packages/patches/qemu-build-info-manual.patch \ + %D%/packages/patches/qemu-CVE-2021-20203.patch \ %D%/packages/patches/qemu-glibc-2.27.patch \ %D%/packages/patches/qpdfview-qt515-compat.patch \ %D%/packages/patches/qrcodegen-cpp-make-install.patch \ diff --git a/gnu/packages/patches/qemu-CVE-2021-20203.patch b/gnu/packages/patches/qemu-CVE-2021-20203.patch new file mode 100644 index 0000000000..9d2ceaa649 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2021-20203.patch @@ -0,0 +1,172 @@ +From mboxrd@z Thu Jan 1 00:00:00 1970 +Return-Path: +X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on + aws-us-west-2-korg-lkml-1.web.codeaurora.org +X-Spam-Level: +X-Spam-Status: No, score=-10.8 required=3.0 tests=BAYES_00,DKIM_INVALID, + DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, + MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,UNWANTED_LANGUAGE_BODY, + URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 +Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) + by smtp.lore.kernel.org (Postfix) with ESMTP id 87556C433E0 + for ; Sat, 30 Jan 2021 13:20:40 +0000 (UTC) +Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) + (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) + (No client certificate requested) + by mail.kernel.org (Postfix) with ESMTPS id EF26964DE1 + for ; Sat, 30 Jan 2021 13:20:39 +0000 (UTC) +DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org EF26964DE1 +Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com +Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org +Received: from localhost ([::1]:42488 helo=lists1p.gnu.org) + by lists.gnu.org with esmtp (Exim 4.90_1) + (envelope-from ) + id 1l5qB3-0008CX-02 + for qemu-devel@archiver.kernel.org; Sat, 30 Jan 2021 08:20:37 -0500 +Received: from eggs.gnu.org ([2001:470:142:3::10]:45174) + by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) + (Exim 4.90_1) (envelope-from ) + id 1l5q9q-0007ld-1c + for qemu-devel@nongnu.org; Sat, 30 Jan 2021 08:19:22 -0500 +Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:42898) + by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) + (Exim 4.90_1) (envelope-from ) + id 1l5q9k-0007Ia-TV + for qemu-devel@nongnu.org; Sat, 30 Jan 2021 08:19:21 -0500 +DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; + s=mimecast20190719; t=1612012753; + h=from:from:reply-to:subject:subject:date:date:message-id:message-id: + to:to:cc:cc:mime-version:mime-version:content-type:content-type: + content-transfer-encoding:content-transfer-encoding; + bh=7vu4z8M+bFjhFzEuAYsQG4i3APx7aMqv7tFxRRO5+8Q=; + b=egCsTdgVBnRlHnVN84HsSpNOUl/NkqEnGuv9rRdG2AZ1Fee5ZatpJm5zJ7YUW2HvzB4rtO + EaDIKaN1wzf/yHf0CsJ60TPGG3DqQSC/EsTSr2l/GNGq4prDYTXVrS3rXFu9ofByUVvzwU + q9Iy1X1Bh3S21m7jXY0AYx4Tu9Ikq9w= +Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com + [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id + us-mta-588-1JF7mzMfP1KpRpNKj4cAWQ-1; Sat, 30 Jan 2021 08:19:08 -0500 +X-MC-Unique: 1JF7mzMfP1KpRpNKj4cAWQ-1 +Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com + [10.5.11.22]) + (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) + (No client certificate requested) + by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 8F0F439380; + Sat, 30 Jan 2021 13:19:07 +0000 (UTC) +Received: from localhost.localdomain (unknown [10.33.36.2]) + by smtp.corp.redhat.com (Postfix) with ESMTPS id 17D581002C11; + Sat, 30 Jan 2021 13:19:04 +0000 (UTC) +From: P J P +To: Dmitry Fleytman +Subject: [PATCH] net: vmxnet3: validate configuration values during activate + (CVE-2021-20203) +Date: Sat, 30 Jan 2021 18:46:52 +0530 +Message-Id: <20210130131652.954143-1-ppandit@redhat.com> +MIME-Version: 1.0 +X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 +Authentication-Results: relay.mimecast.com; + auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=ppandit@redhat.com +X-Mimecast-Spam-Score: 0 +X-Mimecast-Originator: redhat.com +Content-Transfer-Encoding: 8bit +Content-Type: text/plain; charset="US-ASCII" +Received-SPF: pass client-ip=63.128.21.124; envelope-from=ppandit@redhat.com; + helo=us-smtp-delivery-124.mimecast.com +X-Spam_score_int: -30 +X-Spam_score: -3.1 +X-Spam_bar: --- +X-Spam_report: (-3.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.255, + DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, + RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, + SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no +X-Spam_action: no action +X-BeenThere: qemu-devel@nongnu.org +X-Mailman-Version: 2.1.23 +Precedence: list +List-Id: +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +Cc: Gaoning Pan , QEMU Developers , + Prasad J Pandit +Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org +Sender: "Qemu-devel" + +Archived-At: +List-Archive: + +From: Prasad J Pandit + +While activating device in vmxnet3_acticate_device(), it does not +validate guest supplied configuration values against predefined +minimum - maximum limits. This may lead to integer overflow or +OOB access issues. Add checks to avoid it. + +Fixes: CVE-2021-20203 +Buglink: https://bugs.launchpad.net/qemu/+bug/1913873 +Reported-by: Gaoning Pan +Signed-off-by: Prasad J Pandit +--- + hw/net/vmxnet3.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c +index eff299f629..4a910ca971 100644 +--- a/hw/net/vmxnet3.c ++++ b/hw/net/vmxnet3.c +@@ -1420,6 +1420,7 @@ static void vmxnet3_activate_device(VMXNET3State *s) + vmxnet3_setup_rx_filtering(s); + /* Cache fields from shared memory */ + s->mtu = VMXNET3_READ_DRV_SHARED32(d, s->drv_shmem, devRead.misc.mtu); ++ assert(VMXNET3_MIN_MTU <= s->mtu && s->mtu < VMXNET3_MAX_MTU); + VMW_CFPRN("MTU is %u", s->mtu); + + s->max_rx_frags = +@@ -1473,6 +1474,9 @@ static void vmxnet3_activate_device(VMXNET3State *s) + /* Read rings memory locations for TX queues */ + pa = VMXNET3_READ_TX_QUEUE_DESCR64(d, qdescr_pa, conf.txRingBasePA); + size = VMXNET3_READ_TX_QUEUE_DESCR32(d, qdescr_pa, conf.txRingSize); ++ if (size > VMXNET3_TX_RING_MAX_SIZE) { ++ size = VMXNET3_TX_RING_MAX_SIZE; ++ } + + vmxnet3_ring_init(d, &s->txq_descr[i].tx_ring, pa, size, + sizeof(struct Vmxnet3_TxDesc), false); +@@ -1483,6 +1487,9 @@ static void vmxnet3_activate_device(VMXNET3State *s) + /* TXC ring */ + pa = VMXNET3_READ_TX_QUEUE_DESCR64(d, qdescr_pa, conf.compRingBasePA); + size = VMXNET3_READ_TX_QUEUE_DESCR32(d, qdescr_pa, conf.compRingSize); ++ if (size > VMXNET3_TC_RING_MAX_SIZE) { ++ size = VMXNET3_TC_RING_MAX_SIZE; ++ } + vmxnet3_ring_init(d, &s->txq_descr[i].comp_ring, pa, size, + sizeof(struct Vmxnet3_TxCompDesc), true); + VMXNET3_RING_DUMP(VMW_CFPRN, "TXC", i, &s->txq_descr[i].comp_ring); +@@ -1524,6 +1531,9 @@ static void vmxnet3_activate_device(VMXNET3State *s) + /* RX rings */ + pa = VMXNET3_READ_RX_QUEUE_DESCR64(d, qd_pa, conf.rxRingBasePA[j]); + size = VMXNET3_READ_RX_QUEUE_DESCR32(d, qd_pa, conf.rxRingSize[j]); ++ if (size > VMXNET3_RX_RING_MAX_SIZE) { ++ size = VMXNET3_RX_RING_MAX_SIZE; ++ } + vmxnet3_ring_init(d, &s->rxq_descr[i].rx_ring[j], pa, size, + sizeof(struct Vmxnet3_RxDesc), false); + VMW_CFPRN("RX queue %d:%d: Base: %" PRIx64 ", Size: %d", +@@ -1533,6 +1543,9 @@ static void vmxnet3_activate_device(VMXNET3State *s) + /* RXC ring */ + pa = VMXNET3_READ_RX_QUEUE_DESCR64(d, qd_pa, conf.compRingBasePA); + size = VMXNET3_READ_RX_QUEUE_DESCR32(d, qd_pa, conf.compRingSize); ++ if (size > VMXNET3_RC_RING_MAX_SIZE) { ++ size = VMXNET3_RC_RING_MAX_SIZE; ++ } + vmxnet3_ring_init(d, &s->rxq_descr[i].comp_ring, pa, size, + sizeof(struct Vmxnet3_RxCompDesc), true); + VMW_CFPRN("RXC queue %d: Base: %" PRIx64 ", Size: %d", i, pa, size); +-- +2.29.2 + + + diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index 8da57cf6ab..1f8c3beea0 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -141,7 +141,8 @@ (sha256 (base32 "1rd41wwlvp0vpialjp2czs6i3lsc338xc72l3zkbb7ixjfslw5y9")) - (patches (search-patches "qemu-build-info-manual.patch")) + (patches (search-patches "qemu-build-info-manual.patch" + "qemu-CVE-2021-20203.patch")) (modules '((guix build utils))) (snippet '(begin -- cgit v1.2.3 From 3505d86502c80fa390d2c6db103697307d596b0e Mon Sep 17 00:00:00 2001 From: Léo Le Bouter Date: Mon, 1 Mar 2021 02:56:51 +0100 Subject: gnu: openscad: Update to 2021.01 [maybe fixes TALOS-2020-1222, TALOS-2020-1223]. TALOS-2020-1222 has yet to be disclosed and has no known CVE number. TALOS-2020-1223 has CVE-2020-28599 assigned. * gnu/packages/engineering.scm (openscad): Update to 2021.01. [patches]: Remove. Boost 1.72 is supported now upstream. [arguments]: In replacement 'check phase, disable some tests requiring experimental "lazy-union" feature. Also disable PDF-related tests requiring ghostscript and failing either way. * gnu/local.mk (dist_patch_DATA): Remove patch. * gnu/packages/patches/openscad-parser-boost-1.72.patch: Ditto. --- gnu/local.mk | 1 - gnu/packages/engineering.scm | 18 ++++++++++----- .../patches/openscad-parser-boost-1.72.patch | 26 ---------------------- 3 files changed, 13 insertions(+), 32 deletions(-) delete mode 100644 gnu/packages/patches/openscad-parser-boost-1.72.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 83753e6b4e..0954158d4c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1429,7 +1429,6 @@ dist_patch_DATA = \ %D%/packages/patches/openssh-fix-ssh-copy-id.patch \ %D%/packages/patches/openssh-hurd.patch \ %D%/packages/patches/openresolv-restartcmd-guix.patch \ - %D%/packages/patches/openscad-parser-boost-1.72.patch \ %D%/packages/patches/opensles-add-license-file.patch \ %D%/packages/patches/openssl-runpath.patch \ %D%/packages/patches/openssl-1.1-c-rehash-in.patch \ diff --git a/gnu/packages/engineering.scm b/gnu/packages/engineering.scm index fb6895f911..8517d2abde 100644 --- a/gnu/packages/engineering.scm +++ b/gnu/packages/engineering.scm @@ -2476,7 +2476,7 @@ specification can be downloaded at @url{http://3mf.io/specification/}.") (define-public openscad (package (name "openscad") - (version "2019.05") + (version "2021.01") (source (origin (method url-fetch) @@ -2484,9 +2484,7 @@ specification can be downloaded at @url{http://3mf.io/specification/}.") ".src.tar.gz")) (sha256 (base32 - "0nbgk5q5pgnw53la0kccdcpz2f4xf6d6076rkn0q08z57hkc85ha")) - (patches (search-patches - "openscad-parser-boost-1.72.patch")))) + "0n83szr88h8snccjrslr96mgw3f65x3sq726n6x5vxp5wybw4f6r")))) (build-system cmake-build-system) (inputs `(("boost" ,boost) @@ -2529,7 +2527,17 @@ specification can be downloaded at @url{http://3mf.io/specification/}.") (with-directory-excursion "tests" (invoke "cmake" ".") (invoke "make") - (invoke "ctest")) + (invoke "ctest" "--exclude-regex" + (string-join + (list + "astdumptest_allexpressions" + "echotest_function-literal-compare" + "echotest_function-literal-tests" + "echotest_allexpressions" + "lazyunion-*" + "pdfexporttest_centered" + "pdfexporttest_simple-pdf") + "|"))) ;; strip python test files since lib dir ends up in out/share (for-each delete-file (find-files "libraries/MCAD" ".*\\.py")) diff --git a/gnu/packages/patches/openscad-parser-boost-1.72.patch b/gnu/packages/patches/openscad-parser-boost-1.72.patch deleted file mode 100644 index 35311e6173..0000000000 --- a/gnu/packages/patches/openscad-parser-boost-1.72.patch +++ /dev/null @@ -1,26 +0,0 @@ -https://github.com/openscad/openscad/commit/b6c170cc5d.patch - -From b6c170cc5dd1bc677176ee732cdb0ddae57e5cf0 Mon Sep 17 00:00:00 2001 -From: Jan Beich -Date: Fri, 25 Oct 2019 15:10:26 +0000 -Subject: [PATCH] Add missing header bootlegged by Boost < 1.72 - -src/parser.y:76:6: error: no template named 'stack' in namespace 'std' -std::stack scope_stack; -~~~~~^ ---- - src/parser.y | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/parser.y b/src/parser.y -index 7f4fd56ca7..4c77c989ea 100644 ---- a/src/parser.y -+++ b/src/parser.y -@@ -46,6 +46,7 @@ - #include "printutils.h" - #include "memory.h" - #include -+#include - #include - #include "boost-utils.h" - #include "feature.h" -- cgit v1.2.3 From c48c69194fee468d2ac16ccc25f012312083bf89 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Tue, 2 Mar 2021 18:08:27 +0100 Subject: gnu: python-matplotlib: Fix running under Wayland with GTK3. * gnu/packages/python-xyz.scm (python-matplotlib)[source]: Add patch. * gnu/packages/patches/python-matplotlib-run-under-wayland-gtk3.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + .../python-matplotlib-run-under-wayland-gtk3.patch | 31 ++++++++++++++++++++++ gnu/packages/python-xyz.scm | 5 ++-- 3 files changed, 35 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/python-matplotlib-run-under-wayland-gtk3.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 0954158d4c..81ca759503 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1539,6 +1539,7 @@ dist_patch_DATA = \ %D%/packages/patches/python-pyfakefs-remove-bad-test.patch \ %D%/packages/patches/python-flint-includes.patch \ %D%/packages/patches/python-libxml2-utf8.patch \ + %D%/packages/patches/python-matplotlib-run-under-wayland-gtk3.patch \ %D%/packages/patches/python-mediafile-wavpack.patch \ %D%/packages/patches/python-memcached-syntax-warnings.patch \ %D%/packages/patches/python-mox3-python3.6-compat.patch \ diff --git a/gnu/packages/patches/python-matplotlib-run-under-wayland-gtk3.patch b/gnu/packages/patches/python-matplotlib-run-under-wayland-gtk3.patch new file mode 100644 index 0000000000..6f067763b5 --- /dev/null +++ b/gnu/packages/patches/python-matplotlib-run-under-wayland-gtk3.patch @@ -0,0 +1,31 @@ +From: Tobias Geerinckx-Rice +Date: Tue, 02 Mar 2021 18:04:33 +0100 +Subject: [PATCH] gnu: python-matplotlib: Run under Wayland with GTK3. + +Adopted from upstream's fix[0] for +. + +[0]: https://github.com/liuyun88/matplotlib/commit/3d5000463bd23cb046681220f5511f07743f7d82 + +--- +diff -Naur a/lib/matplotlib/backends/backend_gtk3.py b/lib/matplotlib/backends/backend_gtk3.py +--- a/lib/matplotlib/backends/backend_gtk3.py 2019-11-21 23:47:05.000000000 +0100 ++++ b/lib/matplotlib/backends/backend_gtk3.py 2021-03-02 18:00:57.479929766 +0100 +@@ -42,11 +42,12 @@ + + try: ++ _display = Gdk.Display.get_default() + cursord = { +- cursors.MOVE : Gdk.Cursor.new(Gdk.CursorType.FLEUR), +- cursors.HAND : Gdk.Cursor.new(Gdk.CursorType.HAND2), +- cursors.POINTER : Gdk.Cursor.new(Gdk.CursorType.LEFT_PTR), +- cursors.SELECT_REGION : Gdk.Cursor.new(Gdk.CursorType.TCROSS), +- cursors.WAIT : Gdk.Cursor.new(Gdk.CursorType.WATCH), ++ cursors.MOVE : Gdk.Cursor.new_from_name(_display, "move"), ++ cursors.HAND : Gdk.Cursor.new_from_name(_display, "pointer"), ++ cursors.POINTER : Gdk.Cursor.new_from_name(_display, "default"), ++ cursors.SELECT_REGION : Gdk.Cursor.new_from_name(_display, "crosshair"), ++ cursors.WAIT : Gdk.Cursor.new_from_name(_display, "wait"), + } + except TypeError as exc: + # Happens when running headless. Convert to ImportError to cooperate with diff --git a/gnu/packages/python-xyz.scm b/gnu/packages/python-xyz.scm index 01f1e66258..456cfea5c6 100644 --- a/gnu/packages/python-xyz.scm +++ b/gnu/packages/python-xyz.scm @@ -5131,8 +5131,9 @@ convert between colorspaces like sRGB, XYZ, CIEL*a*b*, CIECAM02, CAM02-UCS, etc. (method url-fetch) (uri (pypi-uri "matplotlib" version)) (sha256 - (base32 - "1nmshfqh7wyg15i16hx1yiylcvzkws29ivn66n3i0wyqwcpjr3lf")))) + (base32 "1nmshfqh7wyg15i16hx1yiylcvzkws29ivn66n3i0wyqwcpjr3lf")) + (patches + (search-patches "python-matplotlib-run-under-wayland-gtk3.patch")))) (build-system python-build-system) (propagated-inputs ; the following packages are all needed at run time `(("python-cycler" ,python-cycler) -- cgit v1.2.3 From 3905580180d8f8ed1eec07baa307b4bff0d726d6 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Mon, 1 Mar 2021 13:35:19 -0500 Subject: gnu: Python 2: Fix CVE-2021-3177. * gnu/packages/patches/python-2.7-CVE-2021-3177.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/python.scm (python-2.7)[replacement]: New field. (python-2.7/fixed): New variable. --- gnu/local.mk | 1 + .../patches/python-2.7-CVE-2021-3177.patch | 157 +++++++++++++++++++++ gnu/packages/python.scm | 9 ++ 3 files changed, 167 insertions(+) create mode 100644 gnu/packages/patches/python-2.7-CVE-2021-3177.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 81ca759503..47294d6e23 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1518,6 +1518,7 @@ dist_patch_DATA = \ %D%/packages/patches/python-2.7-search-paths.patch \ %D%/packages/patches/python-2.7-site-prefixes.patch \ %D%/packages/patches/python-2.7-source-date-epoch.patch \ + %D%/packages/patches/python-2.7-CVE-2021-3177.patch \ %D%/packages/patches/python-3-arm-alignment.patch \ %D%/packages/patches/python-3-deterministic-build-info.patch \ %D%/packages/patches/python-3-search-paths.patch \ diff --git a/gnu/packages/patches/python-2.7-CVE-2021-3177.patch b/gnu/packages/patches/python-2.7-CVE-2021-3177.patch new file mode 100644 index 0000000000..9f2032ad4a --- /dev/null +++ b/gnu/packages/patches/python-2.7-CVE-2021-3177.patch @@ -0,0 +1,157 @@ +Fix CVE-2021-3177 for Python 2.7: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177 + +Patch copied from Debian: + +https://salsa.debian.org/cpython-team/python2/-/blob/e54f3303884f1362f3311ec36f070b40603dd76e/debian/patches/CVE-2021-3177.diff + +bpo-42938: Replace snprintf with Python unicode formatting in ctypes param reprs. +--- a/Lib/ctypes/test/test_parameters.py ++++ b/Lib/ctypes/test/test_parameters.py +@@ -206,6 +206,49 @@ class SimpleTypesTestCase(unittest.TestC + with self.assertRaises(ZeroDivisionError): + WorseStruct().__setstate__({}, b'foo') + ++ def test_parameter_repr(self): ++ from ctypes import ( ++ c_bool, ++ c_char, ++ c_wchar, ++ c_byte, ++ c_ubyte, ++ c_short, ++ c_ushort, ++ c_int, ++ c_uint, ++ c_long, ++ c_ulong, ++ c_longlong, ++ c_ulonglong, ++ c_float, ++ c_double, ++ c_longdouble, ++ c_char_p, ++ c_wchar_p, ++ c_void_p, ++ ) ++ self.assertRegexpMatches(repr(c_bool.from_param(True)), r"^$") ++ self.assertEqual(repr(c_char.from_param('a')), "") ++ self.assertRegexpMatches(repr(c_wchar.from_param('a')), r"^$") ++ self.assertEqual(repr(c_byte.from_param(98)), "") ++ self.assertEqual(repr(c_ubyte.from_param(98)), "") ++ self.assertEqual(repr(c_short.from_param(511)), "") ++ self.assertEqual(repr(c_ushort.from_param(511)), "") ++ self.assertRegexpMatches(repr(c_int.from_param(20000)), r"^$") ++ self.assertRegexpMatches(repr(c_uint.from_param(20000)), r"^$") ++ self.assertRegexpMatches(repr(c_long.from_param(20000)), r"^$") ++ self.assertRegexpMatches(repr(c_ulong.from_param(20000)), r"^$") ++ self.assertRegexpMatches(repr(c_longlong.from_param(20000)), r"^$") ++ self.assertRegexpMatches(repr(c_ulonglong.from_param(20000)), r"^$") ++ self.assertEqual(repr(c_float.from_param(1.5)), "") ++ self.assertEqual(repr(c_double.from_param(1.5)), "") ++ self.assertEqual(repr(c_double.from_param(1e300)), "") ++ self.assertRegexpMatches(repr(c_longdouble.from_param(1.5)), r"^$") ++ self.assertRegexpMatches(repr(c_char_p.from_param(b'hihi')), "^$") ++ self.assertRegexpMatches(repr(c_wchar_p.from_param('hihi')), "^$") ++ self.assertRegexpMatches(repr(c_void_p.from_param(0x12)), r"^$") ++ + ################################################################ + + if __name__ == '__main__': +--- a/Modules/_ctypes/callproc.c ++++ b/Modules/_ctypes/callproc.c +@@ -460,50 +460,53 @@ PyCArg_dealloc(PyCArgObject *self) + static PyObject * + PyCArg_repr(PyCArgObject *self) + { +- char buffer[256]; + switch(self->tag) { + case 'b': + case 'B': +- sprintf(buffer, "", ++ return PyString_FromFormat("", + self->tag, self->value.b); +- break; + case 'h': + case 'H': +- sprintf(buffer, "", ++ return PyString_FromFormat("", + self->tag, self->value.h); +- break; + case 'i': + case 'I': +- sprintf(buffer, "", ++ return PyString_FromFormat("", + self->tag, self->value.i); +- break; + case 'l': + case 'L': +- sprintf(buffer, "", ++ return PyString_FromFormat("", + self->tag, self->value.l); +- break; + + #ifdef HAVE_LONG_LONG + case 'q': + case 'Q': +- sprintf(buffer, +- "", ++ return PyString_FromFormat("", + self->tag, self->value.q); +- break; + #endif + case 'd': +- sprintf(buffer, "", +- self->tag, self->value.d); +- break; +- case 'f': +- sprintf(buffer, "", +- self->tag, self->value.f); +- break; ++ case 'f': { ++ PyObject *f = PyFloat_FromDouble((self->tag == 'f') ? self->value.f : self->value.d); ++ if (f == NULL) { ++ return NULL; ++ } ++ PyObject *r = PyObject_Repr(f); ++ Py_DECREF(f); ++ if (r == NULL) { ++ return NULL; ++ } ++ char *value = PyString_AsString(r); ++ if (value == NULL) { ++ return NULL; ++ } ++ PyObject *result = PyString_FromFormat("", self->tag, value); ++ Py_DECREF(r); ++ return result; ++ } + + case 'c': +- sprintf(buffer, "", ++ return PyString_FromFormat("", + self->tag, self->value.c); +- break; + + /* Hm, are these 'z' and 'Z' codes useful at all? + Shouldn't they be replaced by the functionality of c_string +@@ -512,16 +515,13 @@ PyCArg_repr(PyCArgObject *self) + case 'z': + case 'Z': + case 'P': +- sprintf(buffer, "", ++ return PyString_FromFormat("", + self->tag, self->value.p); +- break; + + default: +- sprintf(buffer, "", ++ return PyString_FromFormat("", + self->tag, self); +- break; + } +- return PyString_FromString(buffer); + } + + static PyMemberDef PyCArgType_members[] = { diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 9d97050c66..e05c91b3d0 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -107,6 +107,7 @@ (define-public python-2.7 (package (name "python2") + (replacement python-2.7/fixed) (version "2.7.17") (source (origin @@ -350,6 +351,14 @@ data types.") (properties '((cpe-name . "python"))) (license license:psfl))) +(define python-2.7/fixed + (package + (inherit python-2.7) + (source (origin + (inherit (package-source python-2.7)) + (patches (append (search-patches "python-2.7-CVE-2021-3177.patch") + (origin-patches (package-source python-2.7)))))))) + ;; Current 2.x version. (define-public python-2 python-2.7) -- cgit v1.2.3 From 759a526f5fdd49b9136a639269afd77e2599dcb6 Mon Sep 17 00:00:00 2001 From: Léo Le Bouter Date: Wed, 3 Mar 2021 06:39:37 +0100 Subject: gnu: openssh: Update to 8.5p1. * gnu/packages/patches/openssh-fix-ssh-copy-id.patch: Remove patch. * gnu/local.mk (dist_patch_DATA): Also unregister it. * gnu/packages/ssh.scm (openssh): Update to 8.5p1. --- gnu/local.mk | 1 - gnu/packages/patches/openssh-fix-ssh-copy-id.patch | 38 ---------------------- gnu/packages/ssh.scm | 7 ++-- 3 files changed, 3 insertions(+), 43 deletions(-) delete mode 100644 gnu/packages/patches/openssh-fix-ssh-copy-id.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 47294d6e23..3557d9f429 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1426,7 +1426,6 @@ dist_patch_DATA = \ %D%/packages/patches/openfoam-4.1-cleanup.patch \ %D%/packages/patches/openjdk-10-idlj-reproducibility.patch \ %D%/packages/patches/openmpi-mtl-priorities.patch \ - %D%/packages/patches/openssh-fix-ssh-copy-id.patch \ %D%/packages/patches/openssh-hurd.patch \ %D%/packages/patches/openresolv-restartcmd-guix.patch \ %D%/packages/patches/opensles-add-license-file.patch \ diff --git a/gnu/packages/patches/openssh-fix-ssh-copy-id.patch b/gnu/packages/patches/openssh-fix-ssh-copy-id.patch deleted file mode 100644 index 6adba639a3..0000000000 --- a/gnu/packages/patches/openssh-fix-ssh-copy-id.patch +++ /dev/null @@ -1,38 +0,0 @@ -Fix a bug where ssh-copy-id would fail with "EOF: command not found": - -https://github.com/openssh/openssh-portable/pull/206 - -Patch copied from upstream source repository: - -https://github.com/openssh/openssh-portable/commit/d9e727dcc04a52caaac87543ea1d230e9e6b5604 - -From d9e727dcc04a52caaac87543ea1d230e9e6b5604 Mon Sep 17 00:00:00 2001 -From: Oleg -Date: Thu, 1 Oct 2020 12:09:08 +0300 -Subject: [PATCH] Fix `EOF: command not found` error in ssh-copy-id - ---- - contrib/ssh-copy-id | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id -index 392f64f94..a76907717 100644 ---- a/contrib/ssh-copy-id -+++ b/contrib/ssh-copy-id -@@ -247,7 +247,7 @@ installkeys_sh() { - # the -z `tail ...` checks for a trailing newline. The echo adds one if was missing - # the cat adds the keys we're getting via STDIN - # and if available restorecon is used to restore the SELinux context -- INSTALLKEYS_SH=$(tr '\t\n' ' ' <<-EOF) -+ INSTALLKEYS_SH=$(tr '\t\n' ' ' <<-EOF - cd; - umask 077; - mkdir -p $(dirname "${AUTH_KEY_FILE}") && -@@ -258,6 +258,7 @@ installkeys_sh() { - restorecon -F .ssh ${AUTH_KEY_FILE}; - fi - EOF -+ ) - - # to defend against quirky remote shells: use 'exec sh -c' to get POSIX; - printf "exec sh -c '%s'" "${INSTALLKEYS_SH}" diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm index c94631036b..b73e9633ea 100644 --- a/gnu/packages/ssh.scm +++ b/gnu/packages/ssh.scm @@ -186,16 +186,15 @@ a server that supports the SSH-2 protocol.") (define-public openssh (package (name "openssh") - (version "8.4p1") + (version "8.5p1") (source (origin (method url-fetch) (uri (string-append "mirror://openbsd/OpenSSH/portable/" "openssh-" version ".tar.gz")) - (patches (search-patches "openssh-hurd.patch" - "openssh-fix-ssh-copy-id.patch")) + (patches (search-patches "openssh-hurd.patch")) (sha256 (base32 - "091b3pxdlj47scxx6kkf4agkx8c8sdacdxx8m1dw1cby80pd40as")))) + "09gc8rv7728chxraab85dzkdikaw4aph1wlcwcc9kai9si0kybzm")))) (build-system gnu-build-system) (native-inputs `(("groff" ,groff) ("pkg-config" ,pkg-config))) -- cgit v1.2.3 From 6891f95739c733df217ceaf5d0787cbed380ec1c Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Thu, 4 Mar 2021 19:43:17 -0500 Subject: gnu: mupdf: Fix CVE-2021-3407. * gnu/packages/pdf.scm (mupdf)[source]: Add patch. * gnu/packages/patches/mupdf-CVE-2021-3407.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/patches/mupdf-CVE-2021-3407.patch | 51 ++++++++++++++++++++++++++ gnu/packages/pdf.scm | 3 +- 3 files changed, 54 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/mupdf-CVE-2021-3407.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 3557d9f429..25afb99618 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1382,6 +1382,7 @@ dist_patch_DATA = \ %D%/packages/patches/mumps-shared-mumps.patch \ %D%/packages/patches/mumps-shared-pord.patch \ %D%/packages/patches/mupdf-fix-linkage.patch \ + %D%/packages/patches/mupdf-CVE-2021-3407.patch \ %D%/packages/patches/mupen64plus-ui-console-notice.patch \ %D%/packages/patches/mupen64plus-video-z64-glew-correct-path.patch \ %D%/packages/patches/musl-cross-locale.patch \ diff --git a/gnu/packages/patches/mupdf-CVE-2021-3407.patch b/gnu/packages/patches/mupdf-CVE-2021-3407.patch new file mode 100644 index 0000000000..9f901517c5 --- /dev/null +++ b/gnu/packages/patches/mupdf-CVE-2021-3407.patch @@ -0,0 +1,51 @@ +This patch came from https://git.ghostscript.com/?p=mupdf.git;a=patch;h=cee7cefc610d42fd383b3c80c12cbc675443176a +and fixes CVE-2021-3407. + +From cee7cefc610d42fd383b3c80c12cbc675443176a Mon Sep 17 00:00:00 2001 +From: Robin Watts +Date: Fri, 22 Jan 2021 17:05:15 +0000 +Subject: [PATCH] Bug 703366: Fix double free of object during linearization. + +This appears to happen because we parse an illegal object from +a broken file and assign it to object 0, which is defined to +be free. + +Here, we fix the parsing code so this can't happen. +--- + source/pdf/pdf-parse.c | 6 ++++++ + source/pdf/pdf-xref.c | 2 ++ + 2 files changed, 8 insertions(+) + +diff --git a/source/pdf/pdf-parse.c b/source/pdf/pdf-parse.c +index 7abc8c3d4..5761c3351 100644 +--- a/source/pdf/pdf-parse.c ++++ b/source/pdf/pdf-parse.c +@@ -749,6 +749,12 @@ pdf_parse_ind_obj(fz_context *ctx, pdf_document *doc, + fz_throw(ctx, FZ_ERROR_SYNTAX, "expected generation number (%d ? obj)", num); + } + gen = buf->i; ++ if (gen < 0 || gen >= 65536) ++ { ++ if (try_repair) ++ *try_repair = 1; ++ fz_throw(ctx, FZ_ERROR_SYNTAX, "invalid generation number (%d)", gen); ++ } + + tok = pdf_lex(ctx, file, buf); + if (tok != PDF_TOK_OBJ) +diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c +index 1b2bdcd59..30197b4b8 100644 +--- a/source/pdf/pdf-xref.c ++++ b/source/pdf/pdf-xref.c +@@ -1190,6 +1190,8 @@ pdf_read_new_xref(fz_context *ctx, pdf_document *doc, pdf_lexbuf *buf) + { + ofs = fz_tell(ctx, doc->file); + trailer = pdf_parse_ind_obj(ctx, doc, doc->file, buf, &num, &gen, &stm_ofs, NULL); ++ if (num == 0) ++ fz_throw(ctx, FZ_ERROR_GENERIC, "Trailer object number cannot be 0\n"); + } + fz_catch(ctx) + { +-- +2.17.1 + diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index daea7ee8ad..e81c3caf87 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -724,7 +724,8 @@ extracting content or merging files.") "mupdf-" version "-source.tar.xz")) (sha256 (base32 "16m5sksil22sshxy70xkslsb2qhvcqb1d95i9savnhds1xn4ybar")) - (patches (search-patches "mupdf-fix-linkage.patch")) + (patches (search-patches "mupdf-fix-linkage.patch" + "mupdf-CVE-2021-3407.patch")) (modules '((guix build utils))) (snippet '(begin -- cgit v1.2.3