guix-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/02: Merge branch 'master' into core-updates


From: Leo Famulari
Subject: 01/02: Merge branch 'master' into core-updates
Date: Mon, 13 Jun 2016 02:09:58 +0000 (UTC)

lfam pushed a commit to branch core-updates
in repository guix.

commit ee86e7e14859533045e1f7727ae731ba6ba72daf
Merge: 8af5cac fe585be
Author: Leo Famulari <address@hidden>
Date:   Sun Jun 12 22:02:04 2016 -0400

    Merge branch 'master' into core-updates

 doc/guix.texi                                      |   14 +-
 gnu/local.mk                                       |   19 ++
 gnu/packages/admin.scm                             |   38 +++
 gnu/packages/check.scm                             |   61 +++++
 gnu/packages/crypto.scm                            |    4 +-
 gnu/packages/databases.scm                         |   61 +++++
 gnu/packages/emacs.scm                             |   23 ++
 gnu/packages/fish.scm                              |    4 +-
 gnu/packages/fonts.scm                             |   55 ++++
 gnu/packages/games.scm                             |  110 +++++++-
 gnu/packages/gnome.scm                             |  100 ++++++++
 gnu/packages/gnucash.scm                           |   96 ++++++-
 gnu/packages/gnunet.scm                            |    5 +-
 gnu/packages/gnuzilla.scm                          |   16 +-
 gnu/packages/guile.scm                             |   10 +
 gnu/packages/imagemagick.scm                       |    4 +-
 gnu/packages/irc.scm                               |    5 +-
 gnu/packages/java.scm                              |   34 ++-
 gnu/packages/linux.scm                             |   12 +-
 gnu/packages/networking.scm                        |   41 ++-
 gnu/packages/ocaml.scm                             |    8 +-
 gnu/packages/owncloud.scm                          |    4 +-
 .../expat-CVE-2012-6702-and-CVE-2016-5300.patch    |  142 +++++++++++
 .../patches/expat-CVE-2015-1283-refix.patch        |   27 +-
 .../patches/higan-remove-march-native-flag.patch   |   13 +
 .../patches/icecat-CVE-2016-2818-pt1.patch         |   62 +++++
 .../patches/icecat-CVE-2016-2818-pt2.patch         |   29 +++
 .../patches/icecat-CVE-2016-2818-pt3.patch         |   18 ++
 .../patches/icecat-CVE-2016-2818-pt4.patch         |   61 +++++
 .../patches/icecat-CVE-2016-2818-pt5.patch         |  266 +++++++++++++++++++
 .../patches/icecat-CVE-2016-2818-pt6.patch         |   17 ++
 .../patches/icecat-CVE-2016-2818-pt7.patch         |   33 +++
 .../patches/icecat-CVE-2016-2818-pt8.patch         |  267 ++++++++++++++++++++
 .../patches/icecat-CVE-2016-2818-pt9.patch         |  188 ++++++++++++++
 gnu/packages/patches/icecat-CVE-2016-2819.patch    |  102 ++++++++
 gnu/packages/patches/icecat-CVE-2016-2821.patch    |   16 ++
 gnu/packages/patches/icecat-CVE-2016-2824.patch    |   85 +++++++
 gnu/packages/patches/icecat-CVE-2016-2828.patch    |  185 ++++++++++++++
 gnu/packages/patches/icecat-CVE-2016-2831.patch    |  120 +++++++++
 gnu/packages/patches/libvpx-CVE-2016-2818.patch    |   36 +++
 .../ruby-concurrent-ignore-broken-test.patch       |   16 ++
 .../ruby-tzinfo-data-ignore-broken-test.patch      |   13 +
 gnu/packages/python.scm                            |  117 +++++++++
 gnu/packages/qt.scm                                |    4 +-
 gnu/packages/ruby.scm                              |  128 +++++++++-
 gnu/packages/suckless.scm                          |    5 +-
 gnu/packages/tls.scm                               |    4 +-
 gnu/packages/version-control.scm                   |    6 +-
 gnu/packages/video.scm                             |   19 +-
 gnu/packages/web.scm                               |   38 +++
 gnu/packages/xml.scm                               |   10 +-
 guix/gnu-maintenance.scm                           |   15 +-
 guix/import/gnu.scm                                |   10 +-
 guix/profiles.scm                                  |   31 +--
 guix/scripts/publish.scm                           |   39 ++-
 guix/serialization.scm                             |   78 +++---
 guix/ui.scm                                        |   10 +-
 tests/nar.scm                                      |   42 ++-
 tests/publish.scm                                  |   45 ++++
 tests/ui.scm                                       |    6 +-
 60 files changed, 2872 insertions(+), 155 deletions(-)

diff --cc gnu/local.mk
index ef7b4df,73aef0a..15c5138
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@@ -480,6 -480,8 +480,7 @@@ dist_patch_DATA =                                  
        
    %D%/packages/patches/emacs-source-date-epoch.patch          \
    %D%/packages/patches/eudev-rules-directory.patch            \
    %D%/packages/patches/evilwm-lost-focus-bug.patch            \
+   %D%/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch    \
 -  %D%/packages/patches/expat-CVE-2015-1283.patch              \
    %D%/packages/patches/expat-CVE-2015-1283-refix.patch                \
    %D%/packages/patches/expat-CVE-2016-0718.patch              \
    %D%/packages/patches/fastcap-mulGlobal.patch                        \
diff --cc gnu/packages/patches/expat-CVE-2015-1283-refix.patch
index af5e3bc,af5e3bc..fc8d629
--- a/gnu/packages/patches/expat-CVE-2015-1283-refix.patch
+++ b/gnu/packages/patches/expat-CVE-2015-1283-refix.patch
@@@ -1,42 -1,42 +1,39 @@@
--Update previous fix for CVE-2015-1283 to not rely on undefined behavior.
++Follow-up upstream fix for CVE-2015-1283 to not rely on undefined
++behavior.
  
--Copied from Debian, as found in Debian package version 2.1.0-6+deb8u2.
++Adapted from a patch from Debian (found in Debian package version
++2.1.0-6+deb8u2) to apply to upstream code:
  
  
https://sources.debian.net/src/expat/2.1.0-6%2Bdeb8u2/debian/patches/CVE-2015-1283-refix.patch/
  
--From 29a11774d8ebbafe8418b4a5ffb4cc1160b194a1 Mon Sep 17 00:00:00 2001
--From: Pascal Cuoq <address@hidden>
--Date: Sun, 15 May 2016 09:05:46 +0200
--Subject: [PATCH] Avoid relying on undefined behavior in CVE-2015-1283 fix.
--
  ---
-- expat/lib/xmlparse.c | 6 ++++--
++ lib/xmlparse.c | 6 ++++--
   1 file changed, 4 insertions(+), 2 deletions(-)
  
  diff --git a/lib/xmlparse.c b/lib/xmlparse.c
--index 13e080d..cdb12ef 100644
++index 0f6f4cd..5c70c17 100644
  --- a/lib/xmlparse.c
  +++ b/lib/xmlparse.c
--@@ -1695,7 +1695,8 @@ XML_GetBuffer(XML_Parser parser, int len
++@@ -1727,7 +1727,8 @@ XML_GetBuffer(XML_Parser parser, int len)
     }
   
     if (len > bufferLim - bufferEnd) {
  -    int neededSize = len + (int)(bufferEnd - bufferPtr);
  +    /* Do not invoke signed arithmetic overflow: */
  +    int neededSize = (int) ((unsigned)len + (unsigned)(bufferEnd - 
bufferPtr));
-- /* BEGIN MOZILLA CHANGE (sanity check neededSize) */
       if (neededSize < 0) {
         errorCode = XML_ERROR_NO_MEMORY;
--@@ -1729,7 +1730,8 @@ XML_GetBuffer(XML_Parser parser, int len
++       return NULL;
++@@ -1759,7 +1760,8 @@ XML_GetBuffer(XML_Parser parser, int len)
         if (bufferSize == 0)
           bufferSize = INIT_BUFFER_SIZE;
         do {
  -        bufferSize *= 2;
  +        /* Do not invoke signed arithmetic overflow: */
  +        bufferSize = (int) (2U * (unsigned) bufferSize);
-- /* BEGIN MOZILLA CHANGE (prevent infinite loop on overflow) */
         } while (bufferSize < neededSize && bufferSize > 0);
-- /* END MOZILLA CHANGE */
++       if (bufferSize <= 0) {
++         errorCode = XML_ERROR_NO_MEMORY;
  -- 
--2.8.2
++2.8.3
  
diff --cc gnu/packages/xml.scm
index a860f98,e62bfa7..e0d795b
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@@ -3,11 -3,10 +3,11 @@@
  ;;; Copyright © 2013, 2015 Andreas Enge <address@hidden>
  ;;; Copyright © 2015 Eric Bavier <address@hidden>
  ;;; Copyright © 2015 Sou Bunnbu <address@hidden>
- ;;; Copyright © 2015 Ricardo Wurmus <address@hidden>
+ ;;; Copyright © 2015, 2016 Ricardo Wurmus <address@hidden>
 -;;; Copyright © 2015 Mark H Weaver <address@hidden>
 +;;; Copyright © 2015, 2016 Mark H Weaver <address@hidden>
  ;;; Copyright © 2015 Efraim Flashner <address@hidden>
  ;;; Copyright © 2015 Raimon Grau <address@hidden>
 +;;; Copyright © 2016 Mathieu Lirzin <address@hidden>
  ;;; Copyright © 2016 Leo Famulari <address@hidden>
  ;;;
  ;;; This file is part of GNU Guix.
@@@ -50,10 -51,11 +51,13 @@@
      (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/expat/expat/"
 -                                 version "/expat-" version ".tar.gz"))
 +                                 version "/expat-" version ".tar.bz2"))
++             (patches (search-patches 
"expat-CVE-2012-6702-and-CVE-2016-5300.patch"
++                                      "expat-CVE-2015-1283-refix.patch"
++                                      "expat-CVE-2016-0718.patch"))
               (sha256
                (base32
 -               "11pblz61zyxh68s5pdcbhc30ha1b2vfjd83aiwfg4vc15x3hadw2"))
 -             (patches (search-patches "expat-CVE-2015-1283.patch"))))
 +               "0ryyjgvy7jq0qb7a9mhc1giy3bzn56aiwrs8dpydqngplbjq9xdg"))))
      (build-system gnu-build-system)
      (home-page "http://www.libexpat.org/";)
      (synopsis "Stream-oriented XML parser library written in C")



reply via email to

[Prev in Thread] Current Thread [Next in Thread]