From 75cc8fe9ea4016336b049b2ecd6cdf58327f01dd Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sun, 11 Jun 2017 15:34:58 +0200 Subject: gnu: libextractor: Update to 1.4. * gnu/packages/gnunet.scm (libextractor): Update to 1.4. [source]: Remove obsolete patch and snippet. * gnu/packages/patches/libextractor-ffmpeg-3.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/packages/patches/libextractor-ffmpeg-3.patch | 360 ----------------------- 1 file changed, 360 deletions(-) delete mode 100644 gnu/packages/patches/libextractor-ffmpeg-3.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/libextractor-ffmpeg-3.patch b/gnu/packages/patches/libextractor-ffmpeg-3.patch deleted file mode 100644 index d0f83f624ce..00000000000 --- a/gnu/packages/patches/libextractor-ffmpeg-3.patch +++ /dev/null @@ -1,360 +0,0 @@ -Fix build with ffmpeg-3, based on upstream revisions r35548 and r35549 by LRN -and r36975 by Christian Grothoff, and backported to libextractor-1.3 by -Mark H Weaver - ---- libextractor-1.3/src/plugins/thumbnailffmpeg_extractor.c.orig 2013-12-21 11:04:41.000000000 -0500 -+++ libextractor-1.3/src/plugins/thumbnailffmpeg_extractor.c 2016-04-04 23:38:46.429041081 -0400 -@@ -59,6 +59,12 @@ - #include - #endif - -+#ifdef PIX_FMT_RGB24 -+#define PIX_OUTPUT_FORMAT PIX_FMT_RGB24 -+#else -+#define PIX_OUTPUT_FORMAT AV_PIX_FMT_RGB24 -+#endif -+ - /** - * Set to 1 to enable debug output. - */ -@@ -153,7 +159,7 @@ - static size_t - create_thumbnail (int src_width, int src_height, - int src_stride[], -- enum PixelFormat src_pixfmt, -+ enum AVPixelFormat src_pixfmt, - const uint8_t * const src_data[], - int dst_width, int dst_height, - uint8_t **output_data, -@@ -189,7 +195,8 @@ - if (NULL == - (scaler_ctx = - sws_getContext (src_width, src_height, src_pixfmt, -- dst_width, dst_height, PIX_FMT_RGB24, -+ dst_width, dst_height, -+ PIX_OUTPUT_FORMAT, - SWS_BILINEAR, NULL, NULL, NULL))) - { - #if DEBUG -@@ -199,7 +206,12 @@ - return 0; - } - -- if (NULL == (dst_frame = avcodec_alloc_frame ())) -+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1) -+ dst_frame = av_frame_alloc (); -+#else -+ dst_frame = avcodec_alloc_frame(); -+#endif -+ if (NULL == dst_frame) - { - #if DEBUG - fprintf (stderr, -@@ -209,18 +221,24 @@ - return 0; - } - if (NULL == (dst_buffer = -- av_malloc (avpicture_get_size (PIX_FMT_RGB24, dst_width, dst_height)))) -+ av_malloc (avpicture_get_size (PIX_OUTPUT_FORMAT, -+ dst_width, dst_height)))) - { - #if DEBUG - fprintf (stderr, - "Failed to allocate the destination image buffer\n"); - #endif -- av_free (dst_frame); -+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1) -+ av_frame_free (&dst_frame); -+#else -+ avcodec_free_frame (&dst_frame); -+#endif - sws_freeContext (scaler_ctx); - return 0; - } - avpicture_fill ((AVPicture *) dst_frame, dst_buffer, -- PIX_FMT_RGB24, dst_width, dst_height); -+ PIX_OUTPUT_FORMAT, -+ dst_width, dst_height); - sws_scale (scaler_ctx, - src_data, - src_stride, -@@ -236,7 +254,11 @@ - "Failed to allocate the encoder output buffer\n"); - #endif - av_free (dst_buffer); -- av_free (dst_frame); -+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1) -+ av_frame_free (&dst_frame); -+#else -+ avcodec_free_frame (&dst_frame); -+#endif - sws_freeContext (scaler_ctx); - return 0; - } -@@ -249,13 +271,17 @@ - #endif - av_free (encoder_output_buffer); - av_free (dst_buffer); -- av_free (dst_frame); -+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1) -+ av_frame_free (&dst_frame); -+#else -+ avcodec_free_frame (&dst_frame); -+#endif - sws_freeContext (scaler_ctx); - return 0; - } - encoder_codec_ctx->width = dst_width; - encoder_codec_ctx->height = dst_height; -- encoder_codec_ctx->pix_fmt = PIX_FMT_RGB24; -+ encoder_codec_ctx->pix_fmt = PIX_OUTPUT_FORMAT; - opts = NULL; - if (avcodec_open2 (encoder_codec_ctx, encoder_codec, &opts) < 0) - { -@@ -263,10 +289,14 @@ - fprintf (stderr, - "Failed to open the encoder\n"); - #endif -- av_free (encoder_codec_ctx); -+ avcodec_free_context (&encoder_codec_ctx); - av_free (encoder_output_buffer); - av_free (dst_buffer); -- av_free (dst_frame); -+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1) -+ av_frame_free (&dst_frame); -+#else -+ avcodec_free_frame (&dst_frame); -+#endif - sws_freeContext (scaler_ctx); - return 0; - } -@@ -295,9 +325,13 @@ - cleanup: - av_dict_free (&opts); - avcodec_close (encoder_codec_ctx); -- av_free (encoder_codec_ctx); -+ avcodec_free_context (&encoder_codec_ctx); - av_free (dst_buffer); -- av_free (dst_frame); -+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1) -+ av_frame_free (&dst_frame); -+#else -+ avcodec_free_frame (&dst_frame); -+#endif - sws_freeContext (scaler_ctx); - *output_data = encoder_output_buffer; - -@@ -406,18 +440,23 @@ - fprintf (stderr, - "Failed to open image codec\n"); - #endif -- av_free (codec_ctx); -+ avcodec_free_context (&codec_ctx); - return; - } - av_dict_free (&opts); -- if (NULL == (frame = avcodec_alloc_frame ())) -+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1) -+ frame = av_frame_alloc (); -+#else -+ frame = avcodec_alloc_frame(); -+#endif -+ if (NULL == frame) - { - #if DEBUG - fprintf (stderr, - "Failed to allocate frame\n"); - #endif - avcodec_close (codec_ctx); -- av_free (codec_ctx); -+ avcodec_free_context (&codec_ctx); - return; - } - -@@ -441,9 +480,13 @@ - fprintf (stderr, - "Failed to decode a complete frame\n"); - #endif -- av_free (frame); -+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1) -+ av_frame_free (&frame); -+#else -+ avcodec_free_frame (&frame); -+#endif - avcodec_close (codec_ctx); -- av_free (codec_ctx); -+ avcodec_free_context (&codec_ctx); - return; - } - calculate_thumbnail_dimensions (codec_ctx->width, codec_ctx->height, -@@ -467,9 +510,13 @@ - err); - av_free (encoded_thumbnail); - } -- av_free (frame); -+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1) -+ av_frame_free (&frame); -+#else -+ avcodec_free_frame (&frame); -+#endif - avcodec_close (codec_ctx); -- av_free (codec_ctx); -+ avcodec_free_context (&codec_ctx); - } - - -@@ -563,7 +610,12 @@ - return; - } - -- if (NULL == (frame = avcodec_alloc_frame ())) -+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1) -+ frame = av_frame_alloc (); -+#else -+ frame = avcodec_alloc_frame(); -+#endif -+ if (NULL == frame) - { - #if DEBUG - fprintf (stderr, -@@ -616,7 +668,11 @@ - fprintf (stderr, - "Failed to decode a complete frame\n"); - #endif -- av_free (frame); -+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1) -+ av_frame_free (&frame); -+#else -+ avcodec_free_frame (&frame); -+#endif - avcodec_close (codec_ctx); - avformat_close_input (&format_ctx); - av_free (io_ctx); -@@ -643,7 +699,11 @@ - err); - av_free (encoded_thumbnail); - } -- av_free (frame); -+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1) -+ av_frame_free (&frame); -+#else -+ avcodec_free_frame (&frame); -+#endif - avcodec_close (codec_ctx); - avformat_close_input (&format_ctx); - av_free (io_ctx); ---- libextractor-1.3/src/plugins/previewopus_extractor.c.orig 2013-12-22 17:44:18.000000000 -0500 -+++ libextractor-1.3/src/plugins/previewopus_extractor.c 2016-04-04 23:39:41.377720710 -0400 -@@ -296,8 +296,13 @@ - /** Initialize one audio frame for reading from the input file */ - static int init_input_frame(AVFrame **frame) - { -- if (!(*frame = avcodec_alloc_frame())) { -- #if DEBUG -+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1) -+ *frame = av_frame_alloc (); -+#else -+ *frame = avcodec_alloc_frame(); -+#endif -+ if (NULL == *frame) { -+#if DEBUG - fprintf(stderr, "Could not allocate input frame\n"); - #endif - return AVERROR(ENOMEM); -@@ -655,7 +660,11 @@ - av_freep(&converted_input_samples[0]); - free(converted_input_samples); - } -+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1) -+ av_frame_free (&input_frame); -+#else - avcodec_free_frame(&input_frame); -+#endif - - return ret; - } -@@ -671,10 +680,15 @@ - int error; - - /** Create a new frame to store the audio samples. */ -- if (!(*frame = avcodec_alloc_frame())) { -- #if DEBUG -+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1) -+ *frame = av_frame_alloc (); -+#else -+ *frame = avcodec_alloc_frame(); -+#endif -+ if (NULL == *frame) { -+#if DEBUG - fprintf(stderr, "Could not allocate output frame\n"); -- #endif -+#endif - return AVERROR_EXIT; - } - -@@ -699,10 +713,14 @@ - * sure that the audio frame can hold as many samples as specified. - */ - if ((error = av_frame_get_buffer(*frame, 0)) < 0) { -- #if DEBUG -+#if DEBUG - fprintf(stderr, "Could allocate output frame samples (error '%s')\n", get_error_text(error)); -- #endif -+#endif -+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1) -+ av_frame_free (frame); -+#else - avcodec_free_frame(frame); -+#endif - return error; - } - -@@ -780,20 +798,32 @@ - * The samples are stored in the frame temporarily. - */ - if (av_audio_fifo_read(fifo, (void **)output_frame->data, frame_size) < frame_size) { -- #if DEBUG -+#if DEBUG - fprintf(stderr, "Could not read data from FIFO\n"); -- #endif -+#endif -+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1) -+ av_frame_free (&output_frame); -+#else - avcodec_free_frame(&output_frame); -+#endif - return AVERROR_EXIT; - } - - /** Encode one frame worth of audio samples. */ - if (encode_audio_frame(output_frame, output_format_context, - output_codec_context, &data_written)) { -+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1) -+ av_frame_free (&output_frame); -+#else - avcodec_free_frame(&output_frame); -+#endif - return AVERROR_EXIT; - } -+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1) -+ av_frame_free (&output_frame); -+#else - avcodec_free_frame(&output_frame); -+#endif - return 0; - } - /** Write the trailer of the output file container. */ -@@ -907,7 +937,12 @@ - return; - } - -- if (NULL == (frame = avcodec_alloc_frame ())) -+#if LIBAVCODEC_VERSION_INT >= AV_VERSION_INT(55,28,1) -+ frame = av_frame_alloc (); -+#else -+ frame = avcodec_alloc_frame(); -+#endif -+ if (NULL == frame) - { - #if DEBUG - fprintf (stderr, -- cgit v1.2.3 From 34a0984e57e549ba441997dce474140ef85b5a43 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sun, 11 Jun 2017 22:18:53 -0400 Subject: gnu: libmwaw: Fix CVE-2017-9433. * gnu/packages/patches/libmwaw-CVE-2017-9433.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/libreoffice.scm (libmwaw)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/libreoffice.scm | 1 + gnu/packages/patches/libmwaw-CVE-2017-9433.patch | 33 ++++++++++++++++++++++++ 3 files changed, 35 insertions(+) create mode 100644 gnu/packages/patches/libmwaw-CVE-2017-9433.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 128cca84e54..c2a7ba761ba 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -742,6 +742,7 @@ dist_patch_DATA = \ %D%/packages/patches/libmad-armv7-thumb-pt2.patch \ %D%/packages/patches/libmad-frame-length.patch \ %D%/packages/patches/libmad-mips-newgcc.patch \ + %D%/packages/patches/libmwaw-CVE-2017-9433.patch \ %D%/packages/patches/libsndfile-armhf-type-checks.patch \ %D%/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch \ %D%/packages/patches/libsndfile-CVE-2017-8362.patch \ diff --git a/gnu/packages/libreoffice.scm b/gnu/packages/libreoffice.scm index afaf8002d84..809e28e27b5 100644 --- a/gnu/packages/libreoffice.scm +++ b/gnu/packages/libreoffice.scm @@ -590,6 +590,7 @@ text documents, vector drawings, presentations and spreadsheets.") (method url-fetch) (uri (string-append "mirror://sourceforge/" name "/" name "/" name "-" version "/" name "-" version ".tar.xz")) + (patches (search-patches "libmwaw-CVE-2017-9433.patch")) (sha256 (base32 "16i9s9p4sjpdpbm3gq6jkc9r3nyfy47ggkdlgh7vr0mydccklj2b")))) (build-system gnu-build-system) diff --git a/gnu/packages/patches/libmwaw-CVE-2017-9433.patch b/gnu/packages/patches/libmwaw-CVE-2017-9433.patch new file mode 100644 index 00000000000..502a11d2a88 --- /dev/null +++ b/gnu/packages/patches/libmwaw-CVE-2017-9433.patch @@ -0,0 +1,33 @@ +Fix CVE-2017-9433: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9433 + +Patch copied from upstream source repository: + +https://sourceforge.net/p/libmwaw/libmwaw/ci/68b3b74569881248bfb6cbb4266177cc253b292f + +From 68b3b74569881248bfb6cbb4266177cc253b292f Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Sat, 8 Apr 2017 14:03:29 +0200 +Subject: [PATCH] ofz#1037 resize vector correctly + +--- + src/lib/MsWrd1Parser.cxx | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/lib/MsWrd1Parser.cxx b/src/lib/MsWrd1Parser.cxx +index 63547e6..3626064 100644 +--- a/src/lib/MsWrd1Parser.cxx ++++ b/src/lib/MsWrd1Parser.cxx +@@ -902,7 +902,7 @@ bool MsWrd1Parser::readFootnoteCorrespondance(MWAWVec2i limits) + int id = fIt++->second; + fPos[1] = fIt==footnoteMap.end() ? m_state->m_eot : fIt->first; + if (id >= int(m_state->m_footnotesList.size())) +- m_state->m_footnotesList.resize(size_t(id),MWAWVec2l(0,0)); ++ m_state->m_footnotesList.resize(size_t(id)+1,MWAWVec2l(0,0)); + m_state->m_footnotesList[size_t(id)]=fPos; + } + ascii().addDelimiter(input->tell(),'|'); +-- +2.13.1 + -- cgit v1.2.3 From 1243aaac732abc9b02f7dd3788b45e5f8f7b8cf7 Mon Sep 17 00:00:00 2001 From: nee Date: Sat, 10 Jun 2017 20:27:58 +0200 Subject: gnu: crawl: Fix savegame upgrades. * gnu/packages/patches/crawl-upgrade-saves.patch: New file. * gnu/local.mk (dist_patch_DATA): Add patch. * gnu/packages/games.scm (crawl)[source]: Apply patch. Signed-off-by: Arun Isaac --- gnu/local.mk | 1 + gnu/packages/games.scm | 6 +- gnu/packages/patches/crawl-upgrade-saves.patch | 83 ++++++++++++++++++++++++++ 3 files changed, 89 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/crawl-upgrade-saves.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index c2a7ba761ba..892d1ee26ea 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -550,6 +550,7 @@ dist_patch_DATA = \ %D%/packages/patches/cpufrequtils-fix-aclocal.patch \ %D%/packages/patches/cracklib-CVE-2016-6318.patch \ %D%/packages/patches/cracklib-fix-buffer-overflow.patch \ + %D%/packages/patches/crawl-upgrade-saves.patch \ %D%/packages/patches/crda-optional-gcrypt.patch \ %D%/packages/patches/crossmap-allow-system-pysam.patch \ %D%/packages/patches/csound-header-ordering.patch \ diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm index a76ab1ddc22..9bbf5d02202 100644 --- a/gnu/packages/games.scm +++ b/gnu/packages/games.scm @@ -4049,7 +4049,8 @@ fish. The whole game is accompanied by quiet, comforting music.") version "-nodeps.tar.xz"))) (sha256 (base32 - "0127dgldij2h4m7cf32yy9ndv4vcz03g4km71lmxrsi5mw7ljgpd")))) + "0127dgldij2h4m7cf32yy9ndv4vcz03g4km71lmxrsi5mw7ljgpd")) + (patches (search-patches "crawl-upgrade-saves.patch")))) (build-system gnu-build-system) (inputs `(("lua51" ,lua-5.1) @@ -4101,6 +4102,9 @@ fabulous Orb of Zot.") license:zlib license:asl2.0)))) +;; The linter here claims that patch file names should start with the package +;; name. But, in this case, the patches are inherited from crawl with the +;; "crawl-" prefix instead of "crawl-tiles-". (define-public crawl-tiles (package (inherit crawl) diff --git a/gnu/packages/patches/crawl-upgrade-saves.patch b/gnu/packages/patches/crawl-upgrade-saves.patch new file mode 100644 index 00000000000..301942dc303 --- /dev/null +++ b/gnu/packages/patches/crawl-upgrade-saves.patch @@ -0,0 +1,83 @@ +Store the crawl version in the textdatabases in SAVEDIR and +upgrade the databases when the crawl version changes. + +By default crawl checks for a mtime difference on files in DATADIR to see if an +upgrade is required, but guix nulls all file dates, +and crawl would never upgrade saves. + +--- a/source/database.cc 2016-05-31 09:56:08.000000000 +0200 ++++ a/source/database.cc 2017-06-05 03:00:19.270632107 +0200 +@@ -25,6 +25,7 @@ + #include "syscalls.h" + #include "threads.h" + #include "unicode.h" ++#include "version.h" + + // TextDB handles dependency checking the db vs text files, creating the + // db, loading, and destroying the DB. +@@ -55,6 +56,7 @@ + vector _input_files; + DBM* _db; + string timestamp; ++ string version; + TextDB *_parent; + const char* lang() { return _parent ? Options.lang_name : 0; } + public: +@@ -165,7 +167,7 @@ + + TextDB::TextDB(const char* db_name, const char* dir, ...) + : _db_name(db_name), _directory(dir), +- _db(nullptr), timestamp(""), _parent(0), translation(0) ++ _db(nullptr), timestamp(""), version(""), _parent(0), translation(0) + { + va_list args; + va_start(args, dir); +@@ -187,7 +189,7 @@ + : _db_name(parent->_db_name), + _directory(parent->_directory + Options.lang_name + "/"), + _input_files(parent->_input_files), // FIXME: pointless copy +- _db(nullptr), timestamp(""), _parent(parent), translation(nullptr) ++ _db(nullptr), timestamp(""), version(""), _parent(parent), translation(nullptr) + { + } + +@@ -202,6 +204,9 @@ + return false; + + timestamp = _query_database(*this, "TIMESTAMP", false, false, true); ++ version = _query_database(*this, "VERSION", false, false, true); ++ if (version.empty()) ++ return false; + if (timestamp.empty()) + return false; + +@@ -245,6 +250,9 @@ + string ts; + bool no_files = true; + ++ if (string(Version::Long) != version) ++ return true; ++ + for (const string &file : _input_files) + { + string full_input_path = _directory + file; +@@ -261,7 +269,7 @@ + ts += buf; + } + +- if (no_files && timestamp.empty()) ++ if (no_files && timestamp.empty() && version.empty()) + { + // No point in empty databases, although for simplicity keep ones + // for disappeared translations for now. +@@ -321,7 +329,10 @@ + _store_text_db(full_input_path, _db); + } + } ++ ++ string current_version = string(Version::Long); + _add_entry(_db, "TIMESTAMP", ts); ++ _add_entry(_db, "VERSION", current_version); + + dbm_close(_db); + _db = 0; -- cgit v1.2.3 From a10040e09b29eef72404c1f757fa7e20eb501dbb Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Mon, 12 Jun 2017 19:27:02 +0200 Subject: gnu: nss, nss-certs: Update to 3.31. Release notes: * gnu/packages/certs.scm (nss-certs): Update to 3.31. * gnu/packages/gnuzilla.scm (nss): Likewise. [source]: Remove upstream 'nss-disable-long-b64-tests' patch. [arguments]<#:phases>: Move armhf timeout substitution ... * gnu/packages/patches/nss-increase-test-timeout.patch: ... here. * gnu/packages/patches/nss-disable-long-b64-tests.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/certs.scm | 4 +-- gnu/packages/gnuzilla.scm | 15 ++-------- .../patches/nss-disable-long-b64-tests.patch | 34 ---------------------- .../patches/nss-increase-test-timeout.patch | 6 ++-- 5 files changed, 7 insertions(+), 53 deletions(-) delete mode 100644 gnu/packages/patches/nss-disable-long-b64-tests.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 892d1ee26ea..f761ad21e46 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -852,7 +852,6 @@ dist_patch_DATA = \ %D%/packages/patches/ngircd-handle-zombies.patch \ %D%/packages/patches/ninja-zero-mtime.patch \ %D%/packages/patches/node-9077.patch \ - %D%/packages/patches/nss-disable-long-b64-tests.patch \ %D%/packages/patches/nss-increase-test-timeout.patch \ %D%/packages/patches/nss-pkgconfig.patch \ %D%/packages/patches/ntfs-3g-CVE-2017-0358.patch \ diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm index 85a8badc557..2441de6631a 100644 --- a/gnu/packages/certs.scm +++ b/gnu/packages/certs.scm @@ -74,7 +74,7 @@ (define-public nss-certs (package (name "nss-certs") - (version "3.30.2") + (version "3.31") (source (origin (method url-fetch) (uri (let ((version-with-underscores @@ -85,7 +85,7 @@ "nss-" version ".tar.gz"))) (sha256 (base32 - "096frzvyp3z257x84rxknscfgsbavzh2a0gyibx7kvmw4vzpfjhd")))) + "0pd643a8ns7q5az5ai3ascrw666i2kbfiyy1c9hlhw9jd8jn21g9")))) (build-system gnu-build-system) (outputs '("out")) (native-inputs diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index 23d8d73a7e2..e0f80a18687 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -282,7 +282,7 @@ in the Mozilla clients.") (define-public nss (package (name "nss") - (version "3.30.2") + (version "3.31") (source (origin (method url-fetch) (uri (let ((version-with-underscores @@ -293,10 +293,9 @@ in the Mozilla clients.") "nss-" version ".tar.gz"))) (sha256 (base32 - "096frzvyp3z257x84rxknscfgsbavzh2a0gyibx7kvmw4vzpfjhd")) + "0pd643a8ns7q5az5ai3ascrw666i2kbfiyy1c9hlhw9jd8jn21g9")) ;; Create nss.pc and nss-config. (patches (search-patches "nss-pkgconfig.patch" - "nss-disable-long-b64-tests.patch" "nss-increase-test-timeout.patch")))) (build-system gnu-build-system) (outputs '("out" "bin")) @@ -329,16 +328,6 @@ in the Mozilla clients.") `((setenv "USE_64" "1"))) (_ '())) - ;; The timeout values in "increase-test-timeouts" are still - ;; too low, so apply this workaround on armhf for now to avoid - ;; rebuilding on all platforms. This should be incorporated in - ;; the patch for the next update. - ;; https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00472.html - ,@(if (string-prefix? "armhf" (or (%current-target-system) - (%current-system))) - `((substitute* "nss/gtests/ssl_gtest/tls_connect.cc" - (("25000\\);") "300000);"))) - '()) #t)) (replace 'check (lambda _ diff --git a/gnu/packages/patches/nss-disable-long-b64-tests.patch b/gnu/packages/patches/nss-disable-long-b64-tests.patch deleted file mode 100644 index 612d94128d1..00000000000 --- a/gnu/packages/patches/nss-disable-long-b64-tests.patch +++ /dev/null @@ -1,34 +0,0 @@ -Disable long b64 tests, which consistently fail on armhf. -This is based on an excerpt of the following upstream patch: - - https://hg.mozilla.org/projects/nss/rev/00b2cc2b33c7 - -(we exclude the part of the upstream patch that reverts -an earlier failed attempt, and adapt the file names) - -diff --git a/gtests/util_gtest/util_b64_unittest.cc b/gtests/util_gtest/util_b64_unittest.cc ---- a/nss/gtests/util_gtest/util_b64_unittest.cc -+++ b/nss/gtests/util_gtest/util_b64_unittest.cc -@@ -63,17 +63,19 @@ TEST_F(B64EncodeDecodeTest, EncDecTest) - - TEST_F(B64EncodeDecodeTest, FakeDecTest) { EXPECT_TRUE(TestFakeDecode(100)); } - - TEST_F(B64EncodeDecodeTest, FakeEncDecTest) { - EXPECT_TRUE(TestFakeEncode(100)); - } - - // These takes a while ... --TEST_F(B64EncodeDecodeTest, LongFakeDecTest1) { -+TEST_F(B64EncodeDecodeTest, DISABLED_LongFakeDecTest1) { - EXPECT_TRUE(TestFakeDecode(0x66666666)); - } --TEST_F(B64EncodeDecodeTest, LongFakeEncDecTest1) { TestFakeEncode(0x3fffffff); } --TEST_F(B64EncodeDecodeTest, LongFakeEncDecTest2) { -+TEST_F(B64EncodeDecodeTest, DISABLED_LongFakeEncDecTest1) { -+ TestFakeEncode(0x3fffffff); -+} -+TEST_F(B64EncodeDecodeTest, DISABLED_LongFakeEncDecTest2) { - EXPECT_FALSE(TestFakeEncode(0x40000000)); - } - - } // namespace nss_test diff --git a/gnu/packages/patches/nss-increase-test-timeout.patch b/gnu/packages/patches/nss-increase-test-timeout.patch index 1e24940322c..55117c02e9d 100644 --- a/gnu/packages/patches/nss-increase-test-timeout.patch +++ b/gnu/packages/patches/nss-increase-test-timeout.patch @@ -1,4 +1,4 @@ -We've seen some tests take more than 20s to complete on a busy armhf +We've seen some tests take up to 60s to complete on a busy armhf machine. Even a busy x86_64 machine can use more than 5s on some tests. Increase timeouts to increase chances of a successful build. @@ -10,7 +10,7 @@ Increase timeouts to increase chances of a successful build. ASSERT_TRUE_WAIT((client_->state() != TlsAgent::STATE_CONNECTING) && (server_->state() != TlsAgent::STATE_CONNECTING), - 5000); -+ 25000); ++ 300000); } void TlsConnectTestBase::EnableExtendedMasterSecret() { @@ -19,7 +19,7 @@ Increase timeouts to increase chances of a successful build. failing_agent = client_; } - ASSERT_TRUE_WAIT(failing_agent->state() == TlsAgent::STATE_ERROR, 5000); -+ ASSERT_TRUE_WAIT(failing_agent->state() == TlsAgent::STATE_ERROR, 25000); ++ ASSERT_TRUE_WAIT(failing_agent->state() == TlsAgent::STATE_ERROR, 300000); } void TlsConnectTestBase::ConfigureVersion(uint16_t version) { -- cgit v1.2.3 From 8e469b67f95cfe5b95405b503b8ee315fdf8ce66 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 13 Jun 2017 23:20:25 +0200 Subject: gnu: guile-ssh: Close RREPL channel ports before they are finalized. Partly fixes . * gnu/packages/patches/guile-ssh-channel-finalization.patch: New file. * gnu/packages/ssh.scm (guile-ssh)[source](patches): Use it. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 3 ++- .../patches/guile-ssh-channel-finalization.patch | 28 ++++++++++++++++++++++ gnu/packages/ssh.scm | 3 ++- 3 files changed, 32 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/guile-ssh-channel-finalization.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index f761ad21e46..608ded75790 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -656,8 +656,9 @@ dist_patch_DATA = \ %D%/packages/patches/guile-present-coding.patch \ %D%/packages/patches/guile-relocatable.patch \ %D%/packages/patches/guile-rsvg-pkgconfig.patch \ - %D%/packages/patches/guile-ssh-rexec-bug.patch \ + gnu/packages/patches/guile-ssh-channel-finalization.patch \ %D%/packages/patches/guile-ssh-double-free.patch \ + %D%/packages/patches/guile-ssh-rexec-bug.patch \ %D%/packages/patches/gtk2-respect-GUIX_GTK2_PATH.patch \ %D%/packages/patches/gtk2-respect-GUIX_GTK2_IM_MODULE_FILE.patch \ %D%/packages/patches/gtk2-theme-paths.patch \ diff --git a/gnu/packages/patches/guile-ssh-channel-finalization.patch b/gnu/packages/patches/guile-ssh-channel-finalization.patch new file mode 100644 index 00000000000..54b5055a20b --- /dev/null +++ b/gnu/packages/patches/guile-ssh-channel-finalization.patch @@ -0,0 +1,28 @@ +Avoid asynchronous channel finalization, which could lead to segfaults due to +libssh not being thread-safe: . + +--- guile-ssh-0.11.0/modules/ssh/dist/node.scm 2017-06-13 14:37:44.861671297 +0200 ++++ guile-ssh-0.11.0/modules/ssh/dist/node.scm 2017-06-13 14:38:02.841580565 +0200 +@@ -391,11 +391,18 @@ listens on an expected port, return #f o + "Evaluate QUOTED-EXP on the node and return the evaluated result." + (let ((repl-channel (node-open-rrepl node))) + (rrepl-skip-to-prompt repl-channel) +- (call-with-values (lambda () (rrepl-eval repl-channel quoted-exp)) +- (lambda vals +- (and (node-stop-repl-server? node) ++ (dynamic-wind ++ (const #t) ++ (lambda () ++ (rrepl-eval repl-channel quoted-exp)) ++ (lambda () ++ (when (node-stop-repl-server? node) + (node-stop-server node)) +- (apply values vals))))) ++ ++ ;; Close REPL-CHANNEL right away to prevent finalization from ++ ;; happening in another thread at the wrong time (see ++ ;; .) ++ (close-port repl-channel))))) + + (define (node-eval-1 node quoted-exp) + "Evaluate QUOTED-EXP on the node and return the evaluated result. The diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm index d79663a2b59..d03686c11c8 100644 --- a/gnu/packages/ssh.scm +++ b/gnu/packages/ssh.scm @@ -229,7 +229,8 @@ Additionally, various channel-specific options can be negotiated.") (base32 "0r261i8kc3avbmbwgyzak2vnqwssjlgz37g2y2fwm80w9bmn2m7j")) (patches (search-patches "guile-ssh-rexec-bug.patch" - "guile-ssh-double-free.patch")) + "guile-ssh-double-free.patch" + "guile-ssh-channel-finalization.patch")) (modules '((guix build utils))) (snippet ;; 'configure.ac' mistakenly tries to link files from examples/ -- cgit v1.2.3 From 75072795bd5239f8f57daf946b4918c3acd37d27 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Wed, 14 Jun 2017 13:15:31 -0400 Subject: gnu: osip: Fix CVE-2017-7853. * gnu/packages/patches/osip-CVE-2017-7853.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/telephony.scm (osip)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/patches/osip-CVE-2017-7853.patch | 40 +++++++++++++++++++++++++++ gnu/packages/telephony.scm | 1 + 3 files changed, 42 insertions(+) create mode 100644 gnu/packages/patches/osip-CVE-2017-7853.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 608ded75790..8fcd2cab22a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -876,6 +876,7 @@ dist_patch_DATA = \ %D%/packages/patches/openssl-1.1.0-c-rehash-in.patch \ %D%/packages/patches/openssl-c-rehash-in.patch \ %D%/packages/patches/orpheus-cast-errors-and-includes.patch \ + %D%/packages/patches/osip-CVE-2017-7853.patch \ %D%/packages/patches/ots-no-include-missing-file.patch \ %D%/packages/patches/p7zip-CVE-2016-9296.patch \ %D%/packages/patches/p7zip-remove-unused-code.patch \ diff --git a/gnu/packages/patches/osip-CVE-2017-7853.patch b/gnu/packages/patches/osip-CVE-2017-7853.patch new file mode 100644 index 00000000000..33d95cdb0e0 --- /dev/null +++ b/gnu/packages/patches/osip-CVE-2017-7853.patch @@ -0,0 +1,40 @@ +Fix CVE-2017-7853: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7853 +https://savannah.gnu.org/support/index.php?109265 + +Patch copied from upstream source repository: + +https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1ae06daf3b2375c34af23083394a6f010be24a45 + +From 1ae06daf3b2375c34af23083394a6f010be24a45 Mon Sep 17 00:00:00 2001 +From: Aymeric Moizard +Date: Tue, 21 Feb 2017 17:16:26 +0100 +Subject: [PATCH] * fix bug report: sr #109265: SIP message body length + underflow in libosip2-4.1.0 https://savannah.gnu.org/support/?109265 + also applicable to current latest version + +--- + src/osipparser2/osip_message_parse.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/osipparser2/osip_message_parse.c b/src/osipparser2/osip_message_parse.c +index 1628c60..aa35446 100644 +--- a/src/osipparser2/osip_message_parse.c ++++ b/src/osipparser2/osip_message_parse.c +@@ -784,6 +784,12 @@ msg_osip_body_parse (osip_message_t * sip, const char *start_of_buf, const char + if ('\n' == start_of_body[0] || '\r' == start_of_body[0]) + start_of_body++; + ++ /* if message body is empty or contains a single CR/LF */ ++ if (end_of_body <= start_of_body) { ++ osip_free (sep_boundary); ++ return OSIP_SYNTAXERROR; ++ } ++ + body_len = end_of_body - start_of_body; + + /* Skip CR before end boundary. */ +-- +2.13.1 + diff --git a/gnu/packages/telephony.scm b/gnu/packages/telephony.scm index 601bfd62a29..c3bf2036028 100644 --- a/gnu/packages/telephony.scm +++ b/gnu/packages/telephony.scm @@ -124,6 +124,7 @@ packet-manipulation library.") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/osip/libosip2-" version ".tar.gz")) + (patches (search-patches "osip-CVE-2017-7853.patch")) (sha256 (base32 "00yznbrm9q04wgd4b831km8iwlvwvsnwv87igf79g5vj9yakr88q")))) -- cgit v1.2.3 From db90eb8c2bd447ab53bed80e5b0ea5105a928cdf Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Thu, 15 Jun 2017 17:06:47 +0200 Subject: gnu: Add propeller-gcc-4. * gnu/packages/embedded.scm (propeller-gcc-4): New variable. * gnu/packages/patches/gcc-4.6-gnu-inline.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/embedded.scm | 22 +++++++++ gnu/packages/patches/gcc-4.6-gnu-inline.patch | 65 +++++++++++++++++++++++++++ 3 files changed, 88 insertions(+) create mode 100644 gnu/packages/patches/gcc-4.6-gnu-inline.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 8fcd2cab22a..37a4fa5baa9 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -606,6 +606,7 @@ dist_patch_DATA = \ %D%/packages/patches/gcc-cross-environment-variables.patch \ %D%/packages/patches/gcc-libvtv-runpath.patch \ %D%/packages/patches/gcc-strmov-store-file-names.patch \ + %D%/packages/patches/gcc-4.6-gnu-inline.patch \ %D%/packages/patches/gcc-4.9.3-mingw-gthr-default.patch \ %D%/packages/patches/gcc-5.0-libvtv-runpath.patch \ %D%/packages/patches/gcc-5-source-date-epoch-1.patch \ diff --git a/gnu/packages/embedded.scm b/gnu/packages/embedded.scm index 70541540e5c..3b93b18d3d8 100644 --- a/gnu/packages/embedded.scm +++ b/gnu/packages/embedded.scm @@ -488,6 +488,28 @@ with a layered architecture of JTAG interface and TAP support.") (home-page "https://github.com/totalspectrum/gcc-propeller") (synopsis "GCC for the Parallax Propeller")))) +(define-public propeller-gcc-4 + (let ((xgcc propeller-gcc) + (commit "f1b01001b760d691a91ff1db4830d41bb712557f") + (revision "1")) + (package (inherit xgcc) + (name "propeller-gcc") + (version (string-append "4.6.1-" revision "." (string-take commit 9))) + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/dbetz/propgcc-gcc.git") + (commit commit))) + (file-name (string-append name "-" commit "-checkout")) + (sha256 + (base32 + "15mxrhk2v4vqmdkvcqy33ag1wrg9x9q20kx2w33kkw8pkrijknbi")) + (patches + (append + (origin-patches (package-source gcc-4.7)) + (search-patches "gcc-4.6-gnu-inline.patch"))))) + (home-page "https://github.com/dbetz/propgcc-gcc")))) + ;; There is no release, so we take the latest version as referenced from here: ;; https://github.com/dbetz/propeller-gcc (define-public proplib diff --git a/gnu/packages/patches/gcc-4.6-gnu-inline.patch b/gnu/packages/patches/gcc-4.6-gnu-inline.patch new file mode 100644 index 00000000000..710d358a8b6 --- /dev/null +++ b/gnu/packages/patches/gcc-4.6-gnu-inline.patch @@ -0,0 +1,65 @@ +This patch was taken from https://gcc.gnu.org/ml/gcc-patches/2015-08/msg00375.html. +It is used by propeller-gcc-4. + +Since the 3.0.3 release of gperf (made in May 2007), the generated func +has had the gnu_inline attribute applied to it. The gcc source however +has not been updated to include that which has lead to a mismatch. + +In practice, this hasn't been an issue for two reasons: +(1) Before gcc-5, the default standard was (gnu) C89, and gcc does not +warn or throw an error in this mode. +(2) Starting with gcc-4.8, the compiler driver used to build gcc was +changed to C++, and g++ does not warn or throw an error in this mode. + +This error does show up though when using gcc-5 to build gcc-4.7 or +older as then the default is (gnu) C11 and the C compiler driver is +used. That failure looks like: +In file included from .../gcc-4.7.4/gcc/cp/except.c:990:0: +cfns.gperf: At top level: +cfns.gperf:101:1: error: 'gnu_inline' attribute present on 'libc_name_p' +cfns.gperf:26:14: error: but not here + +Whether the compiler should always emit this error regardless of the +active standard or compiler driver is debatable (I think it should be +consistent -- either always do it or never do it). + +2015-08-06 Mike Frysinger + + * cfns.gperf [__GNUC__, __GNUC_STDC_INLINE__]: Apply the + __gnu_inline__ attribute. + * cfns.h: Regenerated. +--- + gcc/cp/cfns.gperf | 3 +++ + gcc/cp/cfns.h | 3 +++ + 2 files changed, 6 insertions(+) + +diff --git a/gcc/cp/cfns.gperf b/gcc/cp/cfns.gperf +index 68acd3d..953262f 100644 +--- a/gcc/cp/cfns.gperf ++++ b/gcc/cp/cfns.gperf +@@ -22,6 +22,9 @@ __inline + static unsigned int hash (const char *, unsigned int); + #ifdef __GNUC__ + __inline ++#ifdef __GNUC_STDC_INLINE__ ++__attribute__ ((__gnu_inline__)) ++#endif + #endif + const char * libc_name_p (const char *, unsigned int); + %} +diff --git a/gcc/cp/cfns.h b/gcc/cp/cfns.h +index 1c6665d..6d00c0e 100644 +--- a/gcc/cp/cfns.h ++++ b/gcc/cp/cfns.h +@@ -53,6 +53,9 @@ __inline + static unsigned int hash (const char *, unsigned int); + #ifdef __GNUC__ + __inline ++#ifdef __GNUC_STDC_INLINE__ ++__attribute__ ((__gnu_inline__)) ++#endif + #endif + const char * libc_name_p (const char *, unsigned int); + /* maximum key range = 391, duplicates = 0 */ +-- +2.4.4 -- cgit v1.2.3 From 0c5a8007fe3cfc792bf5f692342a84165f706441 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Wed, 14 Jun 2017 16:34:10 -0400 Subject: gnu: zziplib: Fix CVE-2017-{5974,5975,5976,5978,5979,5981}. * gnu/packages/patches/zziplib-CVE-2017-5974.patch, gnu/packages/patches/zziplib-CVE-2017-5975.patch, gnu/packages/patches/zziplib-CVE-2017-5976.patch, gnu/packages/patches/zziplib-CVE-2017-5978.patch, gnu/packages/patches/zziplib-CVE-2017-5979.patch, gnu/packages/patches/zziplib-CVE-2017-5981.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/zip.scm (zziplib)[source]: Use them. --- gnu/local.mk | 8 +++- gnu/packages/patches/zziplib-CVE-2017-5974.patch | 28 +++++++++++ gnu/packages/patches/zziplib-CVE-2017-5975.patch | 32 +++++++++++++ gnu/packages/patches/zziplib-CVE-2017-5976.patch | 61 ++++++++++++++++++++++++ gnu/packages/patches/zziplib-CVE-2017-5978.patch | 37 ++++++++++++++ gnu/packages/patches/zziplib-CVE-2017-5979.patch | 19 ++++++++ gnu/packages/patches/zziplib-CVE-2017-5981.patch | 19 ++++++++ gnu/packages/zip.scm | 6 +++ 8 files changed, 209 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/zziplib-CVE-2017-5974.patch create mode 100644 gnu/packages/patches/zziplib-CVE-2017-5975.patch create mode 100644 gnu/packages/patches/zziplib-CVE-2017-5976.patch create mode 100644 gnu/packages/patches/zziplib-CVE-2017-5978.patch create mode 100644 gnu/packages/patches/zziplib-CVE-2017-5979.patch create mode 100644 gnu/packages/patches/zziplib-CVE-2017-5981.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 37a4fa5baa9..1fa952b294a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1086,7 +1086,13 @@ dist_patch_DATA = \ %D%/packages/patches/xinetd-CVE-2013-4342.patch \ %D%/packages/patches/xmodmap-asprintf.patch \ %D%/packages/patches/libyaml-CVE-2014-9130.patch \ - %D%/packages/patches/zathura-plugindir-environment-variable.patch + %D%/packages/patches/zathura-plugindir-environment-variable.patch \ + %D%/packages/patches/zziplib-CVE-2017-5974.patch \ + %D%/packages/patches/zziplib-CVE-2017-5975.patch \ + %D%/packages/patches/zziplib-CVE-2017-5976.patch \ + %D%/packages/patches/zziplib-CVE-2017-5978.patch \ + %D%/packages/patches/zziplib-CVE-2017-5979.patch \ + %D%/packages/patches/zziplib-CVE-2017-5981.patch MISC_DISTRO_FILES = \ %D%/packages/ld-wrapper.in diff --git a/gnu/packages/patches/zziplib-CVE-2017-5974.patch b/gnu/packages/patches/zziplib-CVE-2017-5974.patch new file mode 100644 index 00000000000..9ae02103e7d --- /dev/null +++ b/gnu/packages/patches/zziplib-CVE-2017-5974.patch @@ -0,0 +1,28 @@ +Fix CVE-2017-5974: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5974 + +Patch copied from Debian. + +Index: zziplib-0.13.62/zzip/memdisk.c +=================================================================== +--- zziplib-0.13.62.orig/zzip/memdisk.c ++++ zziplib-0.13.62/zzip/memdisk.c +@@ -216,12 +216,12 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI + /* override sizes/offsets with zip64 values for largefile support */ + zzip_extra_zip64 *block = (zzip_extra_zip64 *) + zzip_mem_entry_extra_block(item, ZZIP_EXTRA_zip64); +- if (block) ++ if (block && ZZIP_GET16(block->z_datasize) >= (8 + 8 + 8 + 4)) + { +- item->zz_usize = __zzip_get64(block->z_usize); +- item->zz_csize = __zzip_get64(block->z_csize); +- item->zz_offset = __zzip_get64(block->z_offset); +- item->zz_diskstart = __zzip_get32(block->z_diskstart); ++ item->zz_usize = ZZIP_GET64(block->z_usize); ++ item->zz_csize = ZZIP_GET64(block->z_csize); ++ item->zz_offset = ZZIP_GET64(block->z_offset); ++ item->zz_diskstart = ZZIP_GET32(block->z_diskstart); + } + } + /* NOTE: diff --git a/gnu/packages/patches/zziplib-CVE-2017-5975.patch b/gnu/packages/patches/zziplib-CVE-2017-5975.patch new file mode 100644 index 00000000000..fad174b056a --- /dev/null +++ b/gnu/packages/patches/zziplib-CVE-2017-5975.patch @@ -0,0 +1,32 @@ +Fix CVE-2017-5975: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5975 + +Patch copied from Debian. + +Index: zziplib-0.13.62/zzip/memdisk.c +=================================================================== +--- zziplib-0.13.62.orig/zzip/memdisk.c ++++ zziplib-0.13.62/zzip/memdisk.c +@@ -173,6 +173,8 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI + return 0; /* errno=ENOMEM; */ + ___ struct zzip_file_header *header = + zzip_disk_entry_to_file_header(disk, entry); ++ if (!header) ++ { free(item); return 0; } + /* there is a number of duplicated information in the file header + * or the disk entry block. Theoretically some part may be missing + * that exists in the other, ... but we will prefer the disk entry. +Index: zziplib-0.13.62/zzip/mmapped.c +=================================================================== +--- zziplib-0.13.62.orig/zzip/mmapped.c ++++ zziplib-0.13.62/zzip/mmapped.c +@@ -289,6 +289,8 @@ zzip_disk_entry_to_file_header(ZZIP_DISK + (disk->buffer + zzip_disk_entry_fileoffset(entry)); + if (disk->buffer > file_header || file_header >= disk->endbuf) + return 0; ++ if (ZZIP_GET32(file_header) != ZZIP_FILE_HEADER_MAGIC) ++ return 0; + return (struct zzip_file_header *) file_header; + } + diff --git a/gnu/packages/patches/zziplib-CVE-2017-5976.patch b/gnu/packages/patches/zziplib-CVE-2017-5976.patch new file mode 100644 index 00000000000..17fc30e302c --- /dev/null +++ b/gnu/packages/patches/zziplib-CVE-2017-5976.patch @@ -0,0 +1,61 @@ +Fix CVE-2017-5976: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5976 + +Patch copied from Debian. + +Index: zziplib-0.13.62/zzip/memdisk.c +=================================================================== +--- zziplib-0.13.62.orig/zzip/memdisk.c ++++ zziplib-0.13.62/zzip/memdisk.c +@@ -201,6 +201,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI + { + void *mem = malloc(ext1 + 2); + item->zz_ext[1] = mem; ++ item->zz_extlen[1] = ext1 + 2; + memcpy(mem, ptr1, ext1); + ((char *) (mem))[ext1 + 0] = 0; + ((char *) (mem))[ext1 + 1] = 0; +@@ -209,6 +210,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI + { + void *mem = malloc(ext2 + 2); + item->zz_ext[2] = mem; ++ item->zz_extlen[2] = ext2 + 2; + memcpy(mem, ptr2, ext2); + ((char *) (mem))[ext2 + 0] = 0; + ((char *) (mem))[ext2 + 1] = 0; +@@ -245,8 +247,10 @@ zzip_mem_entry_extra_block(ZZIP_MEM_ENTR + while (1) + { + ZZIP_EXTRA_BLOCK *ext = entry->zz_ext[i]; +- if (ext) ++ if (ext && (entry->zz_extlen[i] >= zzip_extra_block_headerlength)) + { ++ char *endblock = (char *)ext + entry->zz_extlen[i]; ++ + while (*(short *) (ext->z_datatype)) + { + if (datatype == zzip_extra_block_get_datatype(ext)) +@@ -257,6 +261,10 @@ zzip_mem_entry_extra_block(ZZIP_MEM_ENTR + e += zzip_extra_block_headerlength; + e += zzip_extra_block_get_datasize(ext); + ext = (void *) e; ++ if (e >= endblock) ++ { ++ break; ++ } + ____; + } + } +Index: zziplib-0.13.62/zzip/memdisk.h +=================================================================== +--- zziplib-0.13.62.orig/zzip/memdisk.h ++++ zziplib-0.13.62/zzip/memdisk.h +@@ -66,6 +66,7 @@ struct _zzip_mem_entry { + int zz_filetype; /* (from "z_filetype") */ + char* zz_comment; /* zero-terminated (from "comment") */ + ZZIP_EXTRA_BLOCK* zz_ext[3]; /* terminated by null in z_datatype */ ++ int zz_extlen[3]; /* length of zz_ext[i] in bytes */ + }; /* the extra blocks are NOT converted */ + + #define _zzip_mem_disk_findfirst(_d_) ((_d_)->list) diff --git a/gnu/packages/patches/zziplib-CVE-2017-5978.patch b/gnu/packages/patches/zziplib-CVE-2017-5978.patch new file mode 100644 index 00000000000..452b14f8043 --- /dev/null +++ b/gnu/packages/patches/zziplib-CVE-2017-5978.patch @@ -0,0 +1,37 @@ +Fix CVE-2017-5978: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5978 + +Patch copied from Debian. + +Index: zziplib-0.13.62/zzip/memdisk.c +=================================================================== +--- zziplib-0.13.62.orig/zzip/memdisk.c ++++ zziplib-0.13.62/zzip/memdisk.c +@@ -180,7 +180,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI + * that exists in the other, ... but we will prefer the disk entry. + */ + item->zz_comment = zzip_disk_entry_strdup_comment(disk, entry); +- item->zz_name = zzip_disk_entry_strdup_name(disk, entry); ++ item->zz_name = zzip_disk_entry_strdup_name(disk, entry) ?: strdup(""); + item->zz_data = zzip_file_header_to_data(header); + item->zz_flags = zzip_disk_entry_get_flags(entry); + item->zz_compr = zzip_disk_entry_get_compr(entry); +@@ -197,7 +197,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI + int /* */ ext2 = zzip_file_header_get_extras(header); + char *_zzip_restrict ptr2 = zzip_file_header_to_extras(header); + +- if (ext1) ++ if (ext1 && ((ptr1 + ext1) < disk->endbuf)) + { + void *mem = malloc(ext1 + 2); + item->zz_ext[1] = mem; +@@ -206,7 +206,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI + ((char *) (mem))[ext1 + 0] = 0; + ((char *) (mem))[ext1 + 1] = 0; + } +- if (ext2) ++ if (ext2 && ((ptr2 + ext2) < disk->endbuf)) + { + void *mem = malloc(ext2 + 2); + item->zz_ext[2] = mem; diff --git a/gnu/packages/patches/zziplib-CVE-2017-5979.patch b/gnu/packages/patches/zziplib-CVE-2017-5979.patch new file mode 100644 index 00000000000..b38f50b1721 --- /dev/null +++ b/gnu/packages/patches/zziplib-CVE-2017-5979.patch @@ -0,0 +1,19 @@ +Fix CVE-2017-5979: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5979 + +Patch copied from Debian. + +Index: zziplib-0.13.62/zzip/fseeko.c +=================================================================== +--- zziplib-0.13.62.orig/zzip/fseeko.c ++++ zziplib-0.13.62/zzip/fseeko.c +@@ -255,7 +255,7 @@ zzip_entry_findfirst(FILE * disk) + return 0; + /* we read out chunks of 8 KiB in the hope to match disk granularity */ + ___ zzip_off_t pagesize = PAGESIZE; /* getpagesize() */ +- ___ ZZIP_ENTRY *entry = malloc(sizeof(*entry)); ++ ___ ZZIP_ENTRY *entry = calloc(1, sizeof(*entry)); + if (! entry) + return 0; + ___ unsigned char *buffer = malloc(pagesize); diff --git a/gnu/packages/patches/zziplib-CVE-2017-5981.patch b/gnu/packages/patches/zziplib-CVE-2017-5981.patch new file mode 100644 index 00000000000..ed82cb3b915 --- /dev/null +++ b/gnu/packages/patches/zziplib-CVE-2017-5981.patch @@ -0,0 +1,19 @@ +Fix CVE-2017-5981: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5981 + +Patch copied from Debian. +Index: zziplib-0.13.62/zzip/fseeko.c +=================================================================== +--- zziplib-0.13.62.orig/zzip/fseeko.c ++++ zziplib-0.13.62/zzip/fseeko.c +@@ -311,7 +311,8 @@ zzip_entry_findfirst(FILE * disk) + } else + continue; + +- assert(0 <= root && root < mapsize); ++ if (root < 0 || root >= mapsize) ++ goto error; + if (fseeko(disk, root, SEEK_SET) == -1) + goto error; + if (fread(disk_(entry), 1, sizeof(*disk_(entry)), disk) diff --git a/gnu/packages/zip.scm b/gnu/packages/zip.scm index 8feb4fea217..018891359b6 100644 --- a/gnu/packages/zip.scm +++ b/gnu/packages/zip.scm @@ -136,6 +136,12 @@ recreates the stored directory structure by default.") (uri (string-append "mirror://sourceforge/zziplib/zziplib13/" version "/zziplib-" version ".tar.bz2")) + (patches (search-patches "zziplib-CVE-2017-5974.patch" + "zziplib-CVE-2017-5975.patch" + "zziplib-CVE-2017-5976.patch" + "zziplib-CVE-2017-5978.patch" + "zziplib-CVE-2017-5979.patch" + "zziplib-CVE-2017-5981.patch")) (sha256 (base32 "0nsjqxw017hiyp524p9316283jlf5piixc1091gkimhz38zh7f51")))) -- cgit v1.2.3 From 8d138ea087104479dc7f4b72e6ad16e212106cfd Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Wed, 14 Jun 2017 22:26:15 -0400 Subject: gnu: libtiff: Fix several bugs related to improper codec usage [security fixes]. Fixes CVE-2014-8128, CVE-2015-7554, CVE-2016-5318, CVE-2016-10095, and the other bugs listed in 'libtiff-tiffgetfield-bugs.patch'. * gnu/packages/patches/libtiff-tiffgetfield-bugs.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/image.scm (libtiff-4.0.8)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/image.scm | 1 + .../patches/libtiff-tiffgetfield-bugs.patch | 201 +++++++++++++++++++++ 3 files changed, 203 insertions(+) create mode 100644 gnu/packages/patches/libtiff-tiffgetfield-bugs.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 1fa952b294a..148ba12d68f 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -770,6 +770,7 @@ dist_patch_DATA = \ %D%/packages/patches/libtiff-invalid-read.patch \ %D%/packages/patches/libtiff-null-dereference.patch \ %D%/packages/patches/libtiff-tiffcp-underflow.patch \ + %D%/packages/patches/libtiff-tiffgetfield-bugs.patch \ %D%/packages/patches/libtirpc-CVE-2017-8779.patch \ %D%/packages/patches/libtorrent-rasterbar-boost-compat.patch \ %D%/packages/patches/libtool-skip-tests2.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index abac17d6d72..b94c006b156 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -393,6 +393,7 @@ collection of tools for doing simple manipulations of TIFF images.") (method url-fetch) (uri (string-append "ftp://download.osgeo.org/libtiff/tiff-" version ".tar.gz")) + (patches (search-patches "libtiff-tiffgetfield-bugs.patch")) (sha256 (base32 "0419mh6kkhz5fkyl77gv0in8x4d2jpdpfs147y8mj86rrjlabmsr")))))) diff --git a/gnu/packages/patches/libtiff-tiffgetfield-bugs.patch b/gnu/packages/patches/libtiff-tiffgetfield-bugs.patch new file mode 100644 index 00000000000..84566ca23e8 --- /dev/null +++ b/gnu/packages/patches/libtiff-tiffgetfield-bugs.patch @@ -0,0 +1,201 @@ +Fix several bugs in libtiff related to use of TIFFGetField(): + +http://bugzilla.maptools.org/show_bug.cgi?id=2580 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8128 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7554 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5318 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10095 + +Patch copied from upstream CVS. 3rd-party Git reference: +https://github.com/vadz/libtiff/commit/4d4fa0b68ae9ae038959ee4f69ebe288ec892f06 + +2017-06-01 Even Rouault + +* libtiff/tif_dirinfo.c, tif_dirread.c: add _TIFFCheckFieldIsValidForCodec(), +and use it in TIFFReadDirectory() so as to ignore fields whose tag is a +codec-specified tag but this codec is not enabled. This avoids TIFFGetField() +to behave differently depending on whether the codec is enabled or not, and +thus can avoid stack based buffer overflows in a number of TIFF utilities +such as tiffsplit, tiffcmp, thumbnail, etc. +Patch derived from 0063-Handle-properly-CODEC-specific-tags.patch +(http://bugzilla.maptools.org/show_bug.cgi?id=2580) by Raphaël Hertzog. +Fixes: +http://bugzilla.maptools.org/show_bug.cgi?id=2580 +http://bugzilla.maptools.org/show_bug.cgi?id=2693 +http://bugzilla.maptools.org/show_bug.cgi?id=2625 (CVE-2016-10095) +http://bugzilla.maptools.org/show_bug.cgi?id=2564 (CVE-2015-7554) +http://bugzilla.maptools.org/show_bug.cgi?id=2561 (CVE-2016-5318) +http://bugzilla.maptools.org/show_bug.cgi?id=2499 (CVE-2014-8128) +http://bugzilla.maptools.org/show_bug.cgi?id=2441 +http://bugzilla.maptools.org/show_bug.cgi?id=2433 +Index: libtiff/libtiff/tif_dirread.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v +retrieving revision 1.208 +retrieving revision 1.209 +diff -u -r1.208 -r1.209 +--- libtiff/libtiff/tif_dirread.c 27 Apr 2017 15:46:22 -0000 1.208 ++++ libtiff/libtiff/tif_dirread.c 1 Jun 2017 12:44:04 -0000 1.209 +@@ -1,4 +1,4 @@ +-/* $Id: tif_dirread.c,v 1.208 2017-04-27 15:46:22 erouault Exp $ */ ++/* $Id: tif_dirread.c,v 1.209 2017-06-01 12:44:04 erouault Exp $ */ + + /* + * Copyright (c) 1988-1997 Sam Leffler +@@ -3580,6 +3580,10 @@ + goto bad; + dp->tdir_tag=IGNORE; + break; ++ default: ++ if( !_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag) ) ++ dp->tdir_tag=IGNORE; ++ break; + } + } + } +Index: libtiff/libtiff/tif_dirinfo.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirinfo.c,v +retrieving revision 1.126 +retrieving revision 1.127 +diff -u -r1.126 -r1.127 +--- libtiff/libtiff/tif_dirinfo.c 18 Nov 2016 02:52:13 -0000 1.126 ++++ libtiff/libtiff/tif_dirinfo.c 1 Jun 2017 12:44:04 -0000 1.127 +@@ -1,4 +1,4 @@ +-/* $Id: tif_dirinfo.c,v 1.126 2016-11-18 02:52:13 bfriesen Exp $ */ ++/* $Id: tif_dirinfo.c,v 1.127 2017-06-01 12:44:04 erouault Exp $ */ + + /* + * Copyright (c) 1988-1997 Sam Leffler +@@ -956,6 +956,109 @@ + return 0; + } + ++int ++_TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag) ++{ ++ /* Filter out non-codec specific tags */ ++ switch (tag) { ++ /* Shared tags */ ++ case TIFFTAG_PREDICTOR: ++ /* JPEG tags */ ++ case TIFFTAG_JPEGTABLES: ++ /* OJPEG tags */ ++ case TIFFTAG_JPEGIFOFFSET: ++ case TIFFTAG_JPEGIFBYTECOUNT: ++ case TIFFTAG_JPEGQTABLES: ++ case TIFFTAG_JPEGDCTABLES: ++ case TIFFTAG_JPEGACTABLES: ++ case TIFFTAG_JPEGPROC: ++ case TIFFTAG_JPEGRESTARTINTERVAL: ++ /* CCITT* */ ++ case TIFFTAG_BADFAXLINES: ++ case TIFFTAG_CLEANFAXDATA: ++ case TIFFTAG_CONSECUTIVEBADFAXLINES: ++ case TIFFTAG_GROUP3OPTIONS: ++ case TIFFTAG_GROUP4OPTIONS: ++ break; ++ default: ++ return 1; ++ } ++ /* Check if codec specific tags are allowed for the current ++ * compression scheme (codec) */ ++ switch (tif->tif_dir.td_compression) { ++ case COMPRESSION_LZW: ++ if (tag == TIFFTAG_PREDICTOR) ++ return 1; ++ break; ++ case COMPRESSION_PACKBITS: ++ /* No codec-specific tags */ ++ break; ++ case COMPRESSION_THUNDERSCAN: ++ /* No codec-specific tags */ ++ break; ++ case COMPRESSION_NEXT: ++ /* No codec-specific tags */ ++ break; ++ case COMPRESSION_JPEG: ++ if (tag == TIFFTAG_JPEGTABLES) ++ return 1; ++ break; ++ case COMPRESSION_OJPEG: ++ switch (tag) { ++ case TIFFTAG_JPEGIFOFFSET: ++ case TIFFTAG_JPEGIFBYTECOUNT: ++ case TIFFTAG_JPEGQTABLES: ++ case TIFFTAG_JPEGDCTABLES: ++ case TIFFTAG_JPEGACTABLES: ++ case TIFFTAG_JPEGPROC: ++ case TIFFTAG_JPEGRESTARTINTERVAL: ++ return 1; ++ } ++ break; ++ case COMPRESSION_CCITTRLE: ++ case COMPRESSION_CCITTRLEW: ++ case COMPRESSION_CCITTFAX3: ++ case COMPRESSION_CCITTFAX4: ++ switch (tag) { ++ case TIFFTAG_BADFAXLINES: ++ case TIFFTAG_CLEANFAXDATA: ++ case TIFFTAG_CONSECUTIVEBADFAXLINES: ++ return 1; ++ case TIFFTAG_GROUP3OPTIONS: ++ if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX3) ++ return 1; ++ break; ++ case TIFFTAG_GROUP4OPTIONS: ++ if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX4) ++ return 1; ++ break; ++ } ++ break; ++ case COMPRESSION_JBIG: ++ /* No codec-specific tags */ ++ break; ++ case COMPRESSION_DEFLATE: ++ case COMPRESSION_ADOBE_DEFLATE: ++ if (tag == TIFFTAG_PREDICTOR) ++ return 1; ++ break; ++ case COMPRESSION_PIXARLOG: ++ if (tag == TIFFTAG_PREDICTOR) ++ return 1; ++ break; ++ case COMPRESSION_SGILOG: ++ case COMPRESSION_SGILOG24: ++ /* No codec-specific tags */ ++ break; ++ case COMPRESSION_LZMA: ++ if (tag == TIFFTAG_PREDICTOR) ++ return 1; ++ break; ++ ++ } ++ return 0; ++} ++ + /* vim: set ts=8 sts=8 sw=8 noet: */ + + /* +Index: libtiff/libtiff/tif_dir.h +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.h,v +retrieving revision 1.54 +retrieving revision 1.55 +diff -u -r1.54 -r1.55 +--- libtiff/libtiff/tif_dir.h 18 Feb 2011 20:53:05 -0000 1.54 ++++ libtiff/libtiff/tif_dir.h 1 Jun 2017 12:44:04 -0000 1.55 +@@ -1,4 +1,4 @@ +-/* $Id: tif_dir.h,v 1.54 2011-02-18 20:53:05 fwarmerdam Exp $ */ ++/* $Id: tif_dir.h,v 1.55 2017-06-01 12:44:04 erouault Exp $ */ + + /* + * Copyright (c) 1988-1997 Sam Leffler +@@ -291,6 +291,7 @@ + extern int _TIFFMergeFields(TIFF*, const TIFFField[], uint32); + extern const TIFFField* _TIFFFindOrRegisterField(TIFF *, uint32, TIFFDataType); + extern TIFFField* _TIFFCreateAnonField(TIFF *, uint32, TIFFDataType); ++extern int _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag); + + #if defined(__cplusplus) + } -- cgit v1.2.3 From f54efbdc46be99e7bf0f2d31a766cfb2b5dab996 Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Thu, 15 Jun 2017 21:52:57 -0400 Subject: gnu: gspell: Update to 1.4.1. * gnu/packages/gnome.scm (gspell): Update to 1.4.1. * gnu/packages/patches/gspell-dash-test.patch: Adjust accordingly. --- gnu/packages/gnome.scm | 4 ++-- gnu/packages/patches/gspell-dash-test.patch | 20 +++++++++++++------- 2 files changed, 15 insertions(+), 9 deletions(-) (limited to 'gnu/packages/patches') diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index e14abcfa37a..25d8580a80a 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -6221,7 +6221,7 @@ that support the Assistive Technology Service Provider Interface (AT-SPI).") (define-public gspell (package (name "gspell") - (version "1.3.2") + (version "1.4.1") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -6229,7 +6229,7 @@ that support the Assistive Technology Service Provider Interface (AT-SPI).") name "-" version ".tar.xz")) (sha256 (base32 - "1n4kd5i11l79h8bpvx3cz79ww0b4z89y99h4czvyg80qlarn585w")) + "1ghh1xdzf04mfgb13zqpj88krpa44xv2vbyhm6k017kzrpz8hbs4")) (patches (search-patches "gspell-dash-test.patch")))) (build-system glib-or-gtk-build-system) (arguments diff --git a/gnu/packages/patches/gspell-dash-test.patch b/gnu/packages/patches/gspell-dash-test.patch index e737921c4b2..1c9d77cfbaa 100644 --- a/gnu/packages/patches/gspell-dash-test.patch +++ b/gnu/packages/patches/gspell-dash-test.patch @@ -1,16 +1,22 @@ Somehow, Aspell 0.60.6.1 and aspell-dict-en-2016.11.20-0 don't consider this a valid spelling. Skip it. ---- gspell-1.3.2/testsuite/test-checker.c 2017-05-17 16:02:40.832415940 +0200 -+++ gspell-1.3.2/testsuite/test-checker.c 2017-05-17 16:02:50.768351895 +0200 -@@ -101,9 +101,6 @@ test_dashes (void) - - checker = gspell_checker_new (lang); - +TODO: Migrate to using hunspell. According to upstream, this bug won't be fixed. +See https://bugzilla.gnome.org/show_bug.cgi?id=772406. +--- a/testsuite/test-checker.c 2017-03-24 09:50:50.000000000 -0400 ++++ b/testsuite/test-checker.c 2017-06-15 21:47:07.116173895 -0400 +@@ -105,10 +105,11 @@ + * be considered deprecated, it is better to use hunspell, so WONTFIX. + * For more details, see: + * https://bugzilla.gnome.org/show_bug.cgi?id=772406 ++ * ++ * correctly_spelled = gspell_checker_check_word (checker, "spell-checking", -1, &error); ++ * g_assert_no_error (error); ++ * g_assert (correctly_spelled); + */ - correctly_spelled = gspell_checker_check_word (checker, "spell-checking", -1, &error); - g_assert_no_error (error); - g_assert (correctly_spelled); correctly_spelled = gspell_checker_check_word (checker, "nrst-auie", -1, &error); g_assert_no_error (error); - -- cgit v1.2.3