Commit a19c90c0 authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki

Merge branch 'erp5-component' into erp5

parents b80c72ff 259aa9be
......@@ -18,23 +18,26 @@ extends =
[apr]
recipe = hexagonit.recipe.download
version = 1.5.0
url = http://mir2.ovh.net/ftp.apache.org/dist/apr/apr-${:version}.tar.bz2
md5sum = cc93bd2c12d0d037f68e21cc6385dc31
url = https://archive.apache.org/dist/apr/apr-${:version}.tar.bz2
[apr-util]
recipe = hexagonit.recipe.download
version = 1.5.3
url = http://mir2.ovh.net/ftp.apache.org/dist/apr/apr-util-${:version}.tar.bz2
url = https://archive.apache.org/dist/apr/apr-util-${:version}.tar.bz2
md5sum = 6f3417691c7a27090f36e7cf4d94b36e
[apache]
# apache-antiloris should be rebuilt when apache is rebuilt. to
# achieve this, please modify 'revision' value below each time you
# modify anything (but version) in [apache] target.
# inspired on http://old.aclark.net/team/aclark/blog/a-lamp-buildout-for-wordpress-and-other-php-apps/
recipe = slapos.recipe.cmmi
depends =
${gdbm:version}
version = 2.4.10
revision = 1
url = http://mir2.ovh.net/ftp.apache.org/dist/httpd/httpd-${:version}.tar.bz2
revision = 2
url = https://archive.apache.org/dist/httpd/httpd-${:version}.tar.bz2
md5sum = 44543dff14a4ebc1e9e2d86780507156
configure-command = cp -ar ${apr:location}/apr-${apr:version} srclib/apr/; cp -ar ${apr-util:location}/apr-util-${apr-util:version} srclib/apr-util; ./configure
configure-options = --prefix=${buildout:parts-directory}/${:_buildout_section_name_}
......@@ -114,10 +117,14 @@ make-options = -i -a -n antiloris mod_antiloris.la
make-targets =
[apache-2.2]
# apache-antiloris-apache-2.2 should be rebuilt when apache-2.2 is
# rebuilt. to achieve this, please modify 'revision' value below each
# time you modify anything (but version) in [apache] target.
# inspired on http://old.aclark.net/team/aclark/blog/a-lamp-buildout-for-wordpress-and-other-php-apps/
recipe = slapos.recipe.cmmi
version = 2.2.27
url = http://mir2.ovh.net/ftp.apache.org/dist/httpd/httpd-${:version}.tar.bz2
revision = 1
url = https://archive.apache.org/dist/httpd/httpd-${:version}.tar.bz2
md5sum = 8faef0decf3fa7e69b2568eb2105a3d8
patch-options = -p1
configure-options = --disable-static
......@@ -181,6 +188,7 @@ url = http://downloads.sourceforge.net/project/mod-antiloris/mod_antiloris-0.4.t
md5sum = 66862bf10e9be3a023e475604a28a0b4
depends =
${apache-2.2:version}
${apache-2.2:revision}
configure-command = ${apache-2.2:location}/bin/apxs
configure-options = -c mod_antiloris.c
make-binary = ${:configure-command}
......
......@@ -6,8 +6,8 @@ parts =
[coreutils]
recipe = slapos.recipe.cmmi
url = http://ftp.gnu.org/gnu/coreutils/coreutils-8.21.tar.xz
md5sum = 065ba41828644eca5dd8163446de5d64
url = http://ftp.gnu.org/gnu/coreutils/coreutils-8.23.tar.xz
md5sum = abed135279f87ad6762ce57ff6d89c41
configure-options =
--prefix=${buildout:parts-directory}/${:_buildout_section_name_} --enable-install-program=tr,basename,uname,cat,cp,ls
environment =
......
......@@ -9,8 +9,8 @@ extends =
# for now we build and install library and header files only.
[cups]
recipe = slapos.recipe.cmmi
url = http://www.cups.org/software/1.7.1/cups-1.7.1-source.tar.bz2
md5sum = 55277c40fd4b7183dc3671d39c5c42b7
url = http://www.cups.org/software/1.7.4/cups-1.7.4-source.tar.bz2
md5sum = 1a2295c2b2d2f422db2e50f40ed2fb99
configure-options =
--disable-static
--disable-dbus
......
......@@ -10,8 +10,8 @@ extends =
[gettext]
recipe = slapos.recipe.cmmi
url = http://ftp.gnu.org/pub/gnu/gettext/gettext-0.19.1.tar.xz
md5sum = b52987f49bc99fa8b410270d47a9d52b
url = http://ftp.gnu.org/pub/gnu/gettext/gettext-0.19.2.tar.xz
md5sum = 1e6a827f5fbd98b3d40bd16b803acc44
configure-options =
--disable-static
......
......@@ -17,7 +17,7 @@ pkg_config_depends = ${glib:location}/lib/pkgconfig:${libsigc:location}/lib/pkgc
configure-options =
--disable-documentation
environment =
PATH=${perl:location}/bin:${pkgconfig:location}/bin:${xz-utils:location}/bin:%(PATH)s
PATH=${perl:location}/bin:${pkgconfig:location}/bin:${xz-utils:location}/bin:${glib:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${:pkg_config_depends}
CPPFLAGS=-I${gettext:location}/include
LDFLAGS=-L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib
......@@ -11,9 +11,9 @@ extends =
[groonga]
recipe = slapos.recipe.cmmi
version = 4.0.3
version = 4.0.4
url = http://packages.groonga.org/source/groonga/groonga-${:version}.tar.gz
md5sum = 6f0cb64c0643fc2dd61df6fc542e17e2
md5sum = b00411d2efae3ddf03eb1ecb8575177f
configure-options =
--disable-static
--disable-glibtest
......
[buildout]
extends =
../autoconf/buildout.cfg
../libtool/buildout.cfg
../automake/buildout.cfg
../bzip2/buildout.cfg
../fontconfig/buildout.cfg
../freetype/buildout.cfg
......@@ -26,6 +29,11 @@ md5sum = a1304edcdc99282f478b995ee5f8f854
depends =
${libpng:so_version}
pkg_config_depends = ${libXext:location}/lib/pkgconfig:${libXext:pkg_config_depends}:${libpng:location}/lib/pkgconfig:${fontconfig:location}/lib/pkgconfig:${fontconfig:pkg_config_depends}:${pixman:location}/lib/pkgconfig:${glib:location}/lib/pkgconfig
patch-options = -p1
patches =
${:_profile_base_location_}/cairo-fix_gcc4.9_ftbfs.patch#d4c843a655be8f1df548c9492d253359
pre-configure =
autoreconf -vfi
configure-options =
--disable-static
--disable-gtk-doc-html
......@@ -35,8 +43,9 @@ configure-options =
--disable-xcb
--enable-ft
--enable-fc
--disable-lto
environment =
PATH=${freetype:location}/bin:${pkgconfig:location}/bin:${xz-utils:location}/bin:%(PATH)s
PATH=${freetype:location}/bin:${pkgconfig:location}/bin:${xz-utils:location}/bin:${autoconf:location}/bin:${automake:location}/bin:${libtool:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${:pkg_config_depends}
CPPFLAGS=-I${zlib:location}/include
LDFLAGS=-L${bzip2:location}/lib -Wl,-rpath=${bzip2:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
......
From c3645d97ebd24c6f7ad850785d585aebc706a11c Mon Sep 17 00:00:00 2001
From: Bryce Harrington <b.harrington@samsung.com>
Date: Tue, 08 Jul 2014 20:14:20 +0000
Subject: configure.ac: Add a --disable-lto configure option
Link-Time Optimization seems to be stable enough with gcc 4.8 and 4.9,
but has proven to be an issue in the past for many cairo users (webkit,
efl, ubuntu, opensuse, gentoo, arch...) who carry patches to disable it.
Gentoo's patch[1] adds a --disable-lto option to leave it enabled by
default but give users the ability to work around lto related build
problems (c.f. fdo #77060). Patch appears to have been authored by
Alexandre Rostovtsev[2].
1: sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/x11-libs/cairo/files/cairo-1.12.16-lto-optional.patch
2: https://bugs.gentoo.org/show_bug.cgi?id=509552
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=60852
Signed-off-by: Bryce Harrington <b.harrington@samsung.com>
Reviewed-by: Uli Schlachter <psychon@znc.in>
---
diff --git a/build/configure.ac.warnings b/build/configure.ac.warnings
index f984eb2..a72d948 100644
--- a/build/configure.ac.warnings
+++ b/build/configure.ac.warnings
@@ -38,13 +38,18 @@ dnl options. Namely, the following:
dnl -flto working really needs a test link, not just a compile
-safe_MAYBE_WARN="$MAYBE_WARN"
-MAYBE_WARN="$MAYBE_WARN -flto"
-AC_TRY_LINK([],[
+AC_ARG_ENABLE(lto,
+ AS_HELP_STRING([--disable-lto],
+ [Do not try to use Link-Time Optimization]))
+if test "x$enable_lto" != "xno"; then
+ safe_MAYBE_WARN="$MAYBE_WARN"
+ MAYBE_WARN="$MAYBE_WARN -flto"
+ AC_TRY_LINK([],[
int main(int argc, char **argv) { return 0; }
-],[],[
+ ],[],[
MAYBE_WARN="$safe_MAYBE_WARN"
-])
+ ])
+fi
MAYBE_WARN="$MAYBE_WARN -fno-strict-aliasing -fno-common"
--
cgit v0.9.0.2-2-gbebe
......@@ -11,8 +11,8 @@ parts = haproxy
[haproxy]
recipe = slapos.recipe.cmmi
url = http://www.haproxy.org/download/1.5/src/haproxy-1.5.2.tar.gz
md5sum = e854fed32ea751d6db7f366cb910225a
url = http://www.haproxy.org/download/1.5/src/haproxy-1.5.3.tar.gz
md5sum = e999a547d57445d5a5ab7eb6a06df9a1
configure-command = true
# If the system is running on Linux 2.6, we use "linux26" as the TARGET,
# otherwise use "generic".
......
......@@ -25,7 +25,7 @@ extends =
[imagemagick]
recipe = slapos.recipe.cmmi
version = 6.8.9-1
url = http://ftp.vim.org/ImageMagick/ImageMagick-${:version}.tar.xz
url = http://ftp.sunet.se/pub/multimedia/graphics/ImageMagick/ImageMagick-${:version}.tar.xz
md5sum = bde038ae05fb20d29cebf88ab9cbdce5
depends =
${libtiff:version}
......
Description: Fix for CVE-2011-4516 and CVE-2011-4517
This patch fixes a possible denial of service and code execution via
heap-based buffer overflows.
Author: Michael Gilbert <michael.s.gilbert@gmail.com>
Origin: Patch thanks to Red Hat
Bug-Debian: http://bugs.debian.org/652649
Index: jasper-1.900.1/src/libjasper/jpc/jpc_cs.c
===================================================================
--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_cs.c 2011-12-19 09:35:34.186909298 -0500
+++ jasper-1.900.1/src/libjasper/jpc/jpc_cs.c 2011-12-19 09:35:51.198909832 -0500
@@ -744,6 +744,10 @@
return -1;
}
compparms->numrlvls = compparms->numdlvls + 1;
+ if (compparms->numrlvls > JPC_MAXRLVLS) {
+ jpc_cox_destroycompparms(compparms);
+ return -1;
+ }
if (prtflag) {
for (i = 0; i < compparms->numrlvls; ++i) {
if (jpc_getuint8(in, &tmp)) {
@@ -1331,7 +1335,7 @@
jpc_crgcomp_t *comp;
uint_fast16_t compno;
crg->numcomps = cstate->numcomps;
- if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(uint_fast16_t)))) {
+ if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(jpc_crgcomp_t)))) {
return -1;
}
for (compno = 0, comp = crg->comps; compno < cstate->numcomps;
......@@ -8,6 +8,11 @@ parts =
recipe = slapos.recipe.cmmi
url = http://www.ece.uvic.ca/~mdadams/jasper/software/jasper-1.900.1.zip
md5sum = a342b2b4495b3e1394e161eb5d85d754
patch-options = -p1
patches =
${:_profile_base_location_}/misc-fixes.patch#1202be8418907dfe58f819f7b47da24f
${:_profile_base_location_}/fix-filename-buffer-overflow.patch#38403f9c82a18547beca16c9c6f4ce7a
${:_profile_base_location_}/CVE-2011-4516-and-CVE-2011-4517.patch#a9676718ed016f66a3c76acf764c9e72
# jasper configure script is not executable by default
configure-command =
/bin/sh ./configure --prefix=${buildout:parts-directory}/${:_buildout_section_name_} --disable-static --enable-shared --disable-opengl
......
Description: Filename buffer overflow fix
This patch fixes a security hole by a bad buffer size handling.
Author: Roland Stigge <stigge@antcom.de>
Bug-Debian: http://bugs.debian.org/645118
--- a/src/libjasper/include/jasper/jas_stream.h
+++ b/src/libjasper/include/jasper/jas_stream.h
@@ -77,6 +77,7 @@
#include <jasper/jas_config.h>
#include <stdio.h>
+#include <limits.h>
#if defined(HAVE_FCNTL_H)
#include <fcntl.h>
#endif
@@ -99,6 +100,12 @@ extern "C" {
#define O_BINARY 0
#endif
+#ifdef PATH_MAX
+#define JAS_PATH_MAX PATH_MAX
+#else
+#define JAS_PATH_MAX 4096
+#endif
+
/*
* Stream open flags.
*/
@@ -251,7 +258,7 @@ typedef struct {
typedef struct {
int fd;
int flags;
- char pathname[L_tmpnam + 1];
+ char pathname[JAS_PATH_MAX + 1];
} jas_stream_fileobj_t;
#define JAS_STREAM_FILEOBJ_DELONCLOSE 0x01
This diff is collapsed.
......@@ -8,26 +8,14 @@ extends =
parts = kumo
find-links = http://www.nexedi.org/static/packages/source/
[kumo-hooks-download]
url = ${:_profile_base_location_}/${:filename}
md5sum = 958a595a02de75624728f8d65e39d800
recipe = hexagonit.recipe.download
download-only=true
filename = kumo-hooks.py
[kumo-ipv6-multiip-patch-download]
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/${:filename}
filename = kumofs-0.4.13_ipv6support_multiiplistenfix.patch
md5sum = 53af9f1f1375940841c589a6cbe11425
download-only = true
[kumo]
pre-configure-hook = ${kumo-hooks-download:location}/${kumo-hooks-download:filename}:pre_configure_hook
recipe = erp5.recipe.cmmiforcei686
recipe = slapos.recipe.cmmi
url = https://github.com/downloads/etolabo/kumofs/kumofs-0.4.13.tar.gz
md5sum = 46148e9536222d0ad2ef36777c55714d
patches = ${kumo-ipv6-multiip-patch-download:location}/${kumo-ipv6-multiip-patch-download:filename}
pre-configure-hook = ${:_profile_base_location_}/kumo-hooks.py#958a595a02de75624728f8d65e39d800:pre_configure_hook
patches =
${:_profile_base_location_}/kumofs-0.4.13_ipv6support_multiiplistenfix.patch#53af9f1f1375940841c589a6cbe11425
${:_profile_base_location_}/kumofs-0.4.13_fix_gcc-4.9_ftbfs.patch#c09e04c620ce11c3fdd4afc3459cd355
patch-options = -p1
configure-options =
--enable-tcadb
......
--- kumofs-0.4.13/src/logic/gateway/mod_store.cc 2010-12-14 12:42:27.000000000 +0900
+++ kumofs-0.4.13/src/logic/gateway/mod_store.cc 2014-07-24 09:56:52.445251606 +0900
@@ -262,19 +262,19 @@
#define GATEWAY_CATCH(NAME, response_type) \
catch (msgpack::type_error& e) { \
LOG_ERROR(#NAME " FAILED: type error"); \
- response_type res; \
- res.error = 1; \
- try { (*callback)(user, res, z); } catch (...) { } \
+ response_type r; \
+ r.error = 1; \
+ try { (*callback)(user, r, z); } catch (...) { } \
} catch (std::exception& e) { \
LOG_WARN(#NAME " FAILED: ",e.what()); \
- response_type res; \
- res.error = 1; \
- try { (*callback)(user, res, z); } catch (...) { } \
+ response_type r; \
+ r.error = 1; \
+ try { (*callback)(user, r, z); } catch (...) { } \
} catch (...) { \
LOG_WARN(#NAME " FAILED: unknown error"); \
- response_type res; \
- res.error = 1; \
- try { (*callback)(user, res, z); } catch (...) { } \
+ response_type r; \
+ r.error = 1; \
+ try { (*callback)(user, r, z); } catch (...) { } \
}
......@@ -4,8 +4,8 @@ parts =
[libtasn1]
recipe = slapos.recipe.cmmi
url = ftp://ftp.gnu.org/gnu/libtasn1/libtasn1-3.6.tar.gz
md5sum = 6ed38e161e11013054f2a2bb4c4da449
url = ftp://ftp.gnu.org/gnu/libtasn1/libtasn1-4.0.tar.gz
md5sum = d3d2d9bce3b6668b9827a9df52635be1
configure-options =
--disable-static
--disable-gtk-doc-html
Index: tiff-4.0.3/tools/ppm2tiff.c
===================================================================
--- tiff-4.0.3.orig/tools/ppm2tiff.c 2013-06-23 10:36:50.779629492 -0400
+++ tiff-4.0.3/tools/ppm2tiff.c 2013-06-23 10:36:50.775629494 -0400
@@ -89,6 +89,7 @@
int c;
extern int optind;
extern char* optarg;
+ tmsize_t scanline_size;
if (argc < 2) {
fprintf(stderr, "%s: Too few arguments\n", argv[0]);
@@ -237,8 +238,16 @@
}
if (TIFFScanlineSize(out) > linebytes)
buf = (unsigned char *)_TIFFmalloc(linebytes);
- else
- buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
+ else {
+ scanline_size = TIFFScanlineSize(out);
+ if (scanline_size != 0)
+ buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
+ else {
+ fprintf(stderr, "%s: scanline size overflow\n",infile);
+ (void) TIFFClose(out);
+ exit(-2);
+ }
+ }
if (resolution > 0) {
TIFFSetField(out, TIFFTAG_XRESOLUTION, resolution);
TIFFSetField(out, TIFFTAG_YRESOLUTION, resolution);
Index: tiff-4.0.3/tools/tiff2pdf.c
===================================================================
--- tiff-4.0.3.orig/tools/tiff2pdf.c 2013-06-23 10:36:50.979629486 -0400
+++ tiff-4.0.3/tools/tiff2pdf.c 2013-06-23 10:36:50.975629486 -0400
@@ -3341,33 +3341,56 @@
uint32 height){
tsize_t i=0;
- uint16 ri =0;
- uint16 v_samp=1;
- uint16 h_samp=1;
- int j=0;
-
- i++;
-
- while(i<(*striplength)){
+
+ while (i < *striplength) {
+ tsize_t datalen;
+ uint16 ri;
+ uint16 v_samp;
+ uint16 h_samp;
+ int j;
+ int ncomp;
+
+ /* marker header: one or more FFs */
+ if (strip[i] != 0xff)
+ return(0);
+ i++;
+ while (i < *striplength && strip[i] == 0xff)
+ i++;
+ if (i >= *striplength)
+ return(0);
+ /* SOI is the only pre-SOS marker without a length word */
+ if (strip[i] == 0xd8)
+ datalen = 0;
+ else {
+ if ((*striplength - i) <= 2)
+ return(0);
+ datalen = (strip[i+1] << 8) | strip[i+2];
+ if (datalen < 2 || datalen >= (*striplength - i))
+ return(0);
+ }
switch( strip[i] ){
- case 0xd8:
- /* SOI - start of image */
+ case 0xd8: /* SOI - start of image */
_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), 2);
*bufferoffset+=2;
- i+=2;
break;
- case 0xc0:
- case 0xc1:
- case 0xc3:
- case 0xc9:
- case 0xca:
+ case 0xc0: /* SOF0 */
+ case 0xc1: /* SOF1 */
+ case 0xc3: /* SOF3 */
+ case 0xc9: /* SOF9 */
+ case 0xca: /* SOF10 */
if(no==0){
- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
- for(j=0;j<buffer[*bufferoffset+9];j++){
- if( (buffer[*bufferoffset+11+(2*j)]>>4) > h_samp)
- h_samp = (buffer[*bufferoffset+11+(2*j)]>>4);
- if( (buffer[*bufferoffset+11+(2*j)] & 0x0f) > v_samp)
- v_samp = (buffer[*bufferoffset+11+(2*j)] & 0x0f);
+ _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
+ ncomp = buffer[*bufferoffset+9];
+ if (ncomp < 1 || ncomp > 4)
+ return(0);
+ v_samp=1;
+ h_samp=1;
+ for(j=0;j<ncomp;j++){
+ uint16 samp = buffer[*bufferoffset+11+(3*j)];
+ if( (samp>>4) > h_samp)
+ h_samp = (samp>>4);
+ if( (samp & 0x0f) > v_samp)
+ v_samp = (samp & 0x0f);
}
v_samp*=8;
h_samp*=8;
@@ -3381,45 +3404,43 @@
(unsigned char) ((height>>8) & 0xff);
buffer[*bufferoffset+6]=
(unsigned char) (height & 0xff);
- *bufferoffset+=strip[i+2]+2;
- i+=strip[i+2]+2;
-
+ *bufferoffset+=datalen+2;
+ /* insert a DRI marker */
buffer[(*bufferoffset)++]=0xff;
buffer[(*bufferoffset)++]=0xdd;
buffer[(*bufferoffset)++]=0x00;
buffer[(*bufferoffset)++]=0x04;
buffer[(*bufferoffset)++]=(ri >> 8) & 0xff;
buffer[(*bufferoffset)++]= ri & 0xff;
- } else {
- i+=strip[i+2]+2;
}
break;
- case 0xc4:
- case 0xdb:
- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
- *bufferoffset+=strip[i+2]+2;
- i+=strip[i+2]+2;
+ case 0xc4: /* DHT */
+ case 0xdb: /* DQT */
+ _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
+ *bufferoffset+=datalen+2;
break;
- case 0xda:
+ case 0xda: /* SOS */
if(no==0){
- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
- *bufferoffset+=strip[i+2]+2;
- i+=strip[i+2]+2;
+ _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
+ *bufferoffset+=datalen+2;
} else {
buffer[(*bufferoffset)++]=0xff;
buffer[(*bufferoffset)++]=
(unsigned char)(0xd0 | ((no-1)%8));
- i+=strip[i+2]+2;
}
- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), (*striplength)-i-1);
- *bufferoffset+=(*striplength)-i-1;
+ i += datalen + 1;
+ /* copy remainder of strip */
+ _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i]), *striplength - i);
+ *bufferoffset+= *striplength - i;
return(1);
default:
- i+=strip[i+2]+2;
+ /* ignore any other marker */
+ break;
}
+ i += datalen + 1;
}
-
+ /* failed to find SOS marker */
return(0);
}
#endif
This diff is collapsed.
Description: Buffer overflow in gif2tiff
Bug: http://bugzilla.maptools.org/show_bug.cgi?id=2450
Bug-Debian: http://bugs.debian.org/719303
Index: tiff-4.0.3/tools/gif2tiff.c
===================================================================
--- tiff-4.0.3.orig/tools/gif2tiff.c 2013-08-22 11:46:11.960846910 -0400
+++ tiff-4.0.3/tools/gif2tiff.c 2013-08-22 11:46:11.956846910 -0400
@@ -333,6 +333,8 @@
int status = 1;
datasize = getc(infile);
+ if (datasize > 12)
+ return 0;
clear = 1 << datasize;
eoi = clear + 1;
avail = clear + 2;
Description: use after free in tiff2pdf
Bug: http://bugzilla.maptools.org/show_bug.cgi?id=2449
Bug-Debian: http://bugs.debian.org/719303
Index: tiff-4.0.3/tools/tiff2pdf.c
===================================================================
--- tiff-4.0.3.orig/tools/tiff2pdf.c 2013-08-22 11:46:37.292847242 -0400
+++ tiff-4.0.3/tools/tiff2pdf.c 2013-08-22 11:46:37.292847242 -0400
@@ -2461,7 +2461,8 @@
(unsigned long) t2p->tiff_datasize,
TIFFFileName(input));
t2p->t2p_error = T2P_ERR_ERROR;
- _TIFFfree(buffer);
+ _TIFFfree(buffer);
+ return(0);
} else {
buffer=samplebuffer;
t2p->tiff_datasize *= t2p->tiff_samplesperpixel;
Description: OOB write in gif2tiff
Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=996468
Index: tiff-4.0.3/tools/gif2tiff.c
===================================================================
--- tiff-4.0.3.orig/tools/gif2tiff.c 2013-08-24 11:17:13.546447901 -0400
+++ tiff-4.0.3/tools/gif2tiff.c 2013-08-24 11:17:13.546447901 -0400
@@ -400,6 +400,10 @@
}
if (oldcode == -1) {
+ if (code >= clear) {
+ fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
+ return 0;
+ }
*(*fill)++ = suffix[code];
firstchar = oldcode = code;
return 1;
......@@ -12,6 +12,14 @@ recipe = slapos.recipe.cmmi
version = 4.0.3
url = http://www.imagemagick.org/download/delegates/tiff-${:version}.tar.gz
md5sum = 051c1068e6a0627f461948c365290410
patch-options = -p1
patches =
${:_profile_base_location_}/CVE-2012-4564.patch#45667ee618dbe78acce1129706556124
${:_profile_base_location_}/CVE-2013-1960.patch#21a3d119cd3eeadd35ccc355fbd748cf
${:_profile_base_location_}/CVE-2013-1961.patch#bb219740a815b9b47698b83d0ae9f82a
${:_profile_base_location_}/CVE-2013-4231.patch#f6ff024c8df861a6dbb5a0ecd8a0f853
${:_profile_base_location_}/CVE-2013-4232.patch#b439184b3a5f434a3e3235f611b54a89
${:_profile_base_location_}/CVE-2013-4244.patch#2acff059c6156953aadb436b475e5acb
configure-options =
--disable-static
--without-x
......
......@@ -18,9 +18,12 @@ parts =
mariadb
[mariadb]
# mroonga-mariadb should be rebuilt when mariadb is rebuilt. to
# achieve this, please modify 'revision' value below each time you
# modify anything (but version) in [mariadb] target.
recipe = slapos.recipe.cmmi
version = 10.0.12
revision = 1
revision = 2
url = https://downloads.mariadb.org/f/mariadb-${:version}/source/mariadb-${:version}.tar.gz/from/http:/ftp.osuosl.org/pub/mariadb
md5sum = 6e9a7c075526f8f2f83ad8e0933bab2f
# compile directory is required to build mysql plugins.
......@@ -46,6 +49,7 @@ configure-options =
-DCMAKE_C_FLAGS="-I${libaio:location}/include -I${libxml2:location}/include -I${ncurses:location}/include -I${openssl:location}/include -I${readline5:location}/include -I${zlib:location}/include"
-DCMAKE_CXX_FLAGS="-I${libaio:location}/include -I${libxml2:location}/include -I${ncurses:location}/include -I${openssl:location}/include -I${readline5:location}/include -I${zlib:location}/include"
-DCMAKE_INSTALL_RPATH=${libaio:location}/lib:${libxml2:location}/lib:${ncurses:location}/lib:${openssl:location}/lib:${readline5:location}/lib:${zlib:location}/lib
-DWITHOUT_TOKUDB=true
environment =
CMAKE_PROGRAM_PATH=${cmake:location}/bin
CMAKE_INCLUDE_PATH=${libaio:location}/include:${libxml2:location}/include:${ncurses:location}/include:${openssl:location}/include:${readline5:location}/include:${zlib:location}/include
......@@ -56,8 +60,8 @@ environment =
# mroonga - a storage engine for MySQL. It provides fast fulltext search feature to all MySQL users.
# http://mroonga.github.com/
recipe = slapos.recipe.cmmi
url = http://packages.groonga.org/source/mroonga/mroonga-4.03.tar.gz
md5sum = 19ab2721d2d41c234e018a879f392990
url = http://packages.groonga.org/source/mroonga/mroonga-4.04.tar.gz
md5sum = a89987dad7b3e1d99014492e6135eec6
configure-options =
--with-mysql-source=${mariadb:location}__compile__/mariadb-${mariadb:version}
--with-mysql-config=${mariadb:location}/bin/mysql_config
......
......@@ -3,7 +3,7 @@ parts = messagepack
find-links = http://www.nexedi.org/static/packages/source/
[messagepack]
recipe = erp5.recipe.cmmiforcei686
recipe = slapos.recipe.cmmi
url = http://downloads.sourceforge.net/project/msgpack/msgpack/cpp/msgpack-0.5.4.tar.gz
md5sum = 18d96a3178f7cad73c0ca44f6284ae7d
configure-options =
......
......@@ -16,8 +16,8 @@ parts =
[openssl]
recipe = slapos.recipe.cmmi
url = https://www.openssl.org/source/openssl-1.0.1h.tar.gz
md5sum = 8d6d684a9430d5cc98a62a5d8fbda8cf
url = https://www.openssl.org/source/openssl-1.0.1i.tar.gz
md5sum = c8dc151a671b9b92ff3e4c118b174972
depends =
${ca-certificates:version}
patch-binary = ${patch:location}/bin/patch
......
......@@ -11,7 +11,7 @@ parts =
recipe = zc.recipe.egg:custom
egg = PIL
include-dirs =
${freetype:location}/include
${freetype:location}/include/freetype2
${libjpeg:location}/include
${zlib:location}/include
library-dirs =
......
[buildout]
extends =
../autoconf/buildout.cfg
../automake/buildout.cfg
../bison/buildout.cfg
../flex/buildout.cfg
../gcc/buildout.cfg
../git/buildout.cfg
../boost-lib/buildout.cfg
../libtool/buildout.cfg
../make/buildout.cfg
../mariadb/buildout.cfg
../pkgconfig/buildout.cfg
../ragel/buildout.cfg
../zlib/buildout.cfg
parts =
powerdns
[powerdns]
recipe = slapos.recipe.cmmi
url = http://downloads.powerdns.com/releases/pdns-3.3.1.tar.gz
md5sum = 074e2ff211fd12ecad25b5c1cc190dd4
configure-options =
--prefix=${buildout:parts-directory}/${:_buildout_section_name_}
--with-modules="geo"
--with-dynmodules=""
--without-lua
environment =
PATH=${make:location}/bin:${libtool:location}/bin:${pkgconfig:location}/bin:${bison:location}/bin:${flex:location}/bin:${git:location}/bin:${ragel:location}/bin:%(PATH)s
LDFLAGS = -L${boost-lib:location}/lib -Wl,-rpath=${boost-lib:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -lz
CPPFLAGS=-I${boost-lib:location}/include
make-target =
install
......@@ -39,6 +39,10 @@ prefix = ${buildout:parts-directory}/${:_buildout_section_name_}
version = 2.7
executable = ${:prefix}/bin/python${:version}
patch-options = -p1
patches =