Merge master into closure-size

The kde-5 stuff still didn't merge well. I hand-fixed what I saw, but there may be more problems.
author: Vladimír Čunát <vcunat@gmail.com> 2016-03-08 09:57:58 +0100
committer: Vladimír Čunát <vcunat@gmail.com> 2016-03-08 09:58:19 +0100
commit: 09af15654f0c8091f1b9e0bbb2e523cdee194442 (patch)
tree: e648edef1ce4c64c533f2593aa22b8015cf0e506 /pkgs/tools/archivers
parent: f306e67e15bdbe9a8358c9f81319fc4fcbadc2eb (diff)
parent: 0ee75214f336474e127c2e3546c0406a0c4d5fa7 (diff)
download: nixlib-09af15654f0c8091f1b9e0bbb2e523cdee194442.tar
nixlib-09af15654f0c8091f1b9e0bbb2e523cdee194442.tar.gz
nixlib-09af15654f0c8091f1b9e0bbb2e523cdee194442.tar.bz2
nixlib-09af15654f0c8091f1b9e0bbb2e523cdee194442.tar.lz
nixlib-09af15654f0c8091f1b9e0bbb2e523cdee194442.tar.xz
nixlib-09af15654f0c8091f1b9e0bbb2e523cdee194442.tar.zst
nixlib-09af15654f0c8091f1b9e0bbb2e523cdee194442.zip
5 files changed, 75 insertions, 7 deletions
diff --git a/pkgs/tools/archivers/cpio/CVE-2016-2037-out-of-bounds-write.patch b/pkgs/tools/archivers/cpio/CVE-2016-2037-out-of-bounds-write.patch
new file mode 100644
index 000000000000..90ddeff9790e
--- /dev/null
+++ b/pkgs/tools/archivers/cpio/CVE-2016-2037-out-of-bounds-write.patch
@@ -0,0 +1,29 @@
+diff --git a/src/copyin.c b/src/copyin.c
+index cde911e..032d35f 100644
+--- a/src/copyin.c
++++ b/src/copyin.c
+@@ -1385,6 +1385,8 @@ process_copy_in ()
+          break;
+        }
+
++      if (file_hdr.c_namesize <= 1)
++        file_hdr.c_name = xrealloc(file_hdr.c_name, 2);
+       cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag,
+                              false);
+
+diff --git a/src/util.c b/src/util.c
+index 6ff6032..2763ac1 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -1411,7 +1411,10 @@ set_file_times (int fd,
+ }
+
+ /* Do we have to ignore absolute paths, and if so, does the filename
+-   have an absolute path?  */
++   have an absolute path?
++   Before calling this function make sure that the allocated NAME buffer has
++   capacity at least 2 bytes to allow us to store the "." string inside.  */
++
+ void
+ cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names,
+                        bool strip_leading_dots)
diff --git a/pkgs/tools/archivers/cpio/default.nix b/pkgs/tools/archivers/cpio/default.nix
index 570f1904ee21..2313f27f2e54 100644
--- a/pkgs/tools/archivers/cpio/default.nix
+++ b/pkgs/tools/archivers/cpio/default.nix
@@ -19,6 +19,10 @@ in stdenv.mkDerivation {
         + "CVE-2015-1197-cpio-2.12.patch";
       sha256 = "0ph43m4lavwkc4gnl5h9p3da4kb1pnhwk5l2qsky70dqri8pcr8v";
     })
+
+    # Report: http://www.openwall.com/lists/oss-security/2016/01/19/4
+    # Patch from https://lists.gnu.org/archive/html/bug-cpio/2016-01/msg00005.html
+    ./CVE-2016-2037-out-of-bounds-write.patch
   ];
 
   preConfigure = if stdenv.isCygwin then ''
diff --git a/pkgs/tools/archivers/undmg/default.nix b/pkgs/tools/archivers/undmg/default.nix
new file mode 100644
index 000000000000..5cb7bf2c62fc
--- /dev/null
+++ b/pkgs/tools/archivers/undmg/default.nix
@@ -0,0 +1,27 @@
+{ stdenv, fetchFromGitHub, zlib, bzip2 }:
+
+stdenv.mkDerivation rec {
+  version = "1.0.2";
+  name = "undmg-${version}";
+
+  src = fetchFromGitHub {
+    owner = "matthewbauer";
+    repo = "undmg";
+    rev = "refs/tags/v${version}";
+    sha256 = "0w9vwvj9zbpsjkg251bwv9y10wjyjmh54q2piklz74w64rlbqblr";
+    name = "undmg-${version}";
+  };
+
+  buildInputs = [ zlib bzip2 ];
+
+  setupHook = ./setup-hook.sh;
+
+  installFlags = "PREFIX=\${out}";
+
+  meta = {
+    homepage = https://github.com/matthewbauer/undmg;
+    description = "Extract a DMG file";
+    license = stdenv.lib.licenses.gpl3;
+    platforms = stdenv.lib.platforms.all;
+  };
+}
diff --git a/pkgs/tools/archivers/undmg/setup-hook.sh b/pkgs/tools/archivers/undmg/setup-hook.sh
new file mode 100644
index 000000000000..e5c8dda23b6a
--- /dev/null
+++ b/pkgs/tools/archivers/undmg/setup-hook.sh
@@ -0,0 +1,5 @@
+unpackCmdHooks+=(_tryUnpackDmg)
+_tryUnpackDmg() {
+    if ! [[ "$curSrc" =~ \.dmg$ ]]; then return 1; fi
+    undmg < "$curSrc"
+}
diff --git a/pkgs/tools/archivers/unrar/default.nix b/pkgs/tools/archivers/unrar/default.nix
index 86ad4a4c1453..769f20c41111 100644
--- a/pkgs/tools/archivers/unrar/default.nix
+++ b/pkgs/tools/archivers/unrar/default.nix
@@ -1,18 +1,18 @@
 {stdenv, fetchurl}:
 
-let
-  version = "5.3.9";
-in
-stdenv.mkDerivation {
+stdenv.mkDerivation rec {
   name = "unrar-${version}";
+  version = "5.3.11";
 
   src = fetchurl {
     url = "http://www.rarlab.com/rar/unrarsrc-${version}.tar.gz";
-    sha256 = "0nsxwg1zp3s34wyjznwmy2cc5929yk7m5smq11cqdb6hmql3fngz";
+    sha256 = "0qw77gvr57azjbn76cjlm4sv1hf2hh90g7n7n33gfvlpnbs7mf3p";
   };
 
-  preBuild = ''
-    export buildFlags="CXX=$CXX"
+  buildPhase = ''
+    make unrar
+    make clean
+    make lib
   '';
 
   installPhase = ''
@@ -21,6 +21,9 @@ stdenv.mkDerivation {
     mkdir -p $out/share/doc/unrar
     cp acknow.txt license.txt \
         $out/share/doc/unrar
+
+    install -Dm755 libunrar.so $out/lib/libunrar.so
+    install -D dll.hpp $out/include/unrar/dll.hpp
   '';
 
   setupHook = ./setup-hook.sh;
author	Vladimír Čunát <vcunat@gmail.com>	2016-03-08 09:57:58 +0100
committer	Vladimír Čunát <vcunat@gmail.com>	2016-03-08 09:58:19 +0100
commit	09af15654f0c8091f1b9e0bbb2e523cdee194442 (patch)
tree	e648edef1ce4c64c533f2593aa22b8015cf0e506 /pkgs/tools/archivers
parent	f306e67e15bdbe9a8358c9f81319fc4fcbadc2eb (diff)
parent	0ee75214f336474e127c2e3546c0406a0c4d5fa7 (diff)
download	nixlib-09af15654f0c8091f1b9e0bbb2e523cdee194442.tar nixlib-09af15654f0c8091f1b9e0bbb2e523cdee194442.tar.gz nixlib-09af15654f0c8091f1b9e0bbb2e523cdee194442.tar.bz2 nixlib-09af15654f0c8091f1b9e0bbb2e523cdee194442.tar.lz nixlib-09af15654f0c8091f1b9e0bbb2e523cdee194442.tar.xz nixlib-09af15654f0c8091f1b9e0bbb2e523cdee194442.tar.zst nixlib-09af15654f0c8091f1b9e0bbb2e523cdee194442.zip