Skip to content

slapos
slapos
Commit 7c87afa6 authored by Alain Takoudjou's avatar Alain Takoudjou
Browse files
Options

Merge branch 'master' into 1.0

parents ea1bce1f e1a9a751
Hide whitespace changes
Inline Side-by-side
Showing with 463 additions and 2158 deletions
CHANGES.rst
View file @ 7c87afa6
Changes
=======
1.0.44 (2016-12-30)
-------------------
* pbs: handles the fact that some parameters are not present when slaves are down
* recipe: allow usage of pidfile in wrapper recipe
* sshd: fix generation of authorized_keys
1.0.43 (2016-11-24)
-------------------
......
component/ca-certificates/buildout.cfg
View file @ 7c87afa6
......@@ -11,9 +11,9 @@ parts =
[ca-certificates]
recipe = slapos.recipe.cmmi
url = http://http.debian.net/debian/pool/main/c/ca-certificates/ca-certificates_20160104.tar.xz
url = http://http.debian.net/debian/pool/main/c/ca-certificates/ca-certificates_20161130.tar.xz
patch-binary = ${patch:location}/bin/patch
md5sum = d9665a83d0d3ef8176a38e6aa20458e9
md5sum = 1a0a3a1b3390dc83affed4b0c2ae1c05
patches =
${:_profile_base_location_}/ca-certificates-any-python.patch#087b5e860c7a4b8ff6656c95c5835ee2
${:_profile_base_location_}/ca-certificates-sbin-dir.patch#0b4e7d82ce768823c01954ee41ef177b
......
component/garbage-collector/buildout.cfg
View file @ 7c87afa6
......@@ -6,8 +6,8 @@ parts = garbage-collector
[garbage-collector]
recipe = slapos.recipe.cmmi
md5sum = 5e230029f802d0ac633b1d9b3d4934c9
url = http://www.hboehm.info/gc/gc_source/gc-7.2e.tar.gz
md5sum = 6f77f9fff5fb5bf96adfc1e93cd035b6
url = http://www.hboehm.info/gc/gc_source/gc-7.2g.tar.gz
configure-options =
--enable-cplusplus
--disable-gcj-support
......
component/git/buildout.cfg
View file @ 7c87afa6
......@@ -17,8 +17,8 @@ parts =
[git]
recipe = slapos.recipe.cmmi
url = https://www.kernel.org/pub/software/scm/git/git-2.9.2.tar.xz
md5sum = dc5eb7ff2ca4641c6038f51ae49cad0f
url = https://www.kernel.org/pub/software/scm/git/git-2.11.0.tar.xz
md5sum = dd4e3360e28aec5bb902fb34dd7fce3b
configure-options =
--with-curl=${curl:location}
--with-openssl=${openssl:location}
......
component/groonga/buildout.cfg
View file @ 7c87afa6
......@@ -14,8 +14,8 @@ extends =
[groonga]
recipe = slapos.recipe.cmmi
url = http://packages.groonga.org/source/groonga/groonga-6.0.9.tar.gz
md5sum = 792d6a70536c888b2007f6ef55e9e1c0
url = http://packages.groonga.org/source/groonga/groonga-6.1.1.tar.gz
md5sum = f2dedb4b1a536a5e11a2b9a35664125b
# temporary patch to respect more tokens in natural language mode.
patches =
${:_profile_base_location_}/groonga.patch#9ed02fbe8400402d3eab47eee149978b
......
component/icu/buildout.cfg
View file @ 7c87afa6
......@@ -5,8 +5,8 @@ parts = icu4c
[icu4c]
recipe = slapos.recipe.cmmi
location = ${buildout:parts-directory}/${:_buildout_section_name_}
url = http://download.icu-project.org/files/icu4c/4.8.1.1/icu4c-4_8_1_1-src.tgz
md5sum = ea93970a0275be6b42f56953cd332c17
url = http://download.icu-project.org/files/icu4c/58.2/icu4c-58_2-src.tgz
md5sum = fac212b32b7ec7ab007a12dff1f3aea1
configure-command = source/configure
configure-options =
--prefix=${:location}
......
component/libtiff/buildout.cfg
View file @ 7c87afa6
......@@ -2,7 +2,6 @@
extends =
../libjpeg/buildout.cfg
../jbigkit/buildout.cfg
../patch/buildout.cfg
../zlib/buildout.cfg
parts =
......@@ -10,12 +9,8 @@ parts =
[libtiff]
recipe = slapos.recipe.cmmi
version = 4.0.3
url = http://www.imagemagick.org/download/delegates/tiff-${:version}.tar.gz
md5sum = 051c1068e6a0627f461948c365290410
patch-options = -p1
patches =
${:_profile_base_location_}/tiff_4.0.3-12.3.debian.patch#c246dc095f57f869b35cf40a32aa8366
url = http://download.osgeo.org/libtiff/tiff-4.0.7.tar.gz
md5sum = 77ae928d2c6b7fb46a21c3a29325157b
configure-options =
--disable-static
--without-x
......
component/libtiff/tiff_4.0.3-12.3.debian.patch deleted 100644 → 0
View file @ ea1bce1f
Description: call glFlush() in tiffgt
Author: Micksa (micksa-launchpad)
Bug: http://bugzilla.maptools.org/show_bug.cgi?id=2401
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/797166
Index: tiff-4.0.3/tools/tiffgt.c
===================================================================
--- tiff-4.0.3.orig/tools/tiffgt.c 2013-06-23 10:36:50.575629499 -0400
+++ tiff-4.0.3/tools/tiffgt.c 2013-06-23 10:36:50.571629497 -0400
@@ -287,6 +287,7 @@
raster_draw(void)
{
glDrawPixels(img.width, img.height, GL_RGBA, GL_UNSIGNED_BYTE, (const GLvoid *) raster);
+ glFlush();
}
static void
Index: tiff-4.0.3/tools/ppm2tiff.c
===================================================================
--- tiff-4.0.3.orig/tools/ppm2tiff.c 2013-06-23 10:36:50.779629492 -0400
+++ tiff-4.0.3/tools/ppm2tiff.c 2013-06-23 10:36:50.775629494 -0400
@@ -89,6 +89,7 @@
int c;
extern int optind;
extern char* optarg;
+ tmsize_t scanline_size;
if (argc < 2) {
fprintf(stderr, "%s: Too few arguments\n", argv[0]);
@@ -237,8 +238,16 @@
}
if (TIFFScanlineSize(out) > linebytes)
buf = (unsigned char *)_TIFFmalloc(linebytes);
- else
- buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
+ else {
+ scanline_size = TIFFScanlineSize(out);
+ if (scanline_size != 0)
+ buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
+ else {
+ fprintf(stderr, "%s: scanline size overflow\n",infile);
+ (void) TIFFClose(out);
+ exit(-2);
+ }
+ }
if (resolution > 0) {
TIFFSetField(out, TIFFTAG_XRESOLUTION, resolution);
TIFFSetField(out, TIFFTAG_YRESOLUTION, resolution);
Index: tiff-4.0.3/tools/tiff2pdf.c
===================================================================
--- tiff-4.0.3.orig/tools/tiff2pdf.c 2013-06-23 10:36:50.979629486 -0400
+++ tiff-4.0.3/tools/tiff2pdf.c 2013-06-23 10:36:50.975629486 -0400
@@ -3341,33 +3341,56 @@
uint32 height){
tsize_t i=0;
- uint16 ri =0;
- uint16 v_samp=1;
- uint16 h_samp=1;
- int j=0;
-
- i++;
-
- while(i<(*striplength)){
+
+ while (i < *striplength) {
+ tsize_t datalen;
+ uint16 ri;
+ uint16 v_samp;
+ uint16 h_samp;
+ int j;
+ int ncomp;
+
+ /* marker header: one or more FFs */
+ if (strip[i] != 0xff)
+ return(0);
+ i++;
+ while (i < *striplength && strip[i] == 0xff)
+ i++;
+ if (i >= *striplength)
+ return(0);
+ /* SOI is the only pre-SOS marker without a length word */
+ if (strip[i] == 0xd8)
+ datalen = 0;
+ else {
+ if ((*striplength - i) <= 2)
+ return(0);
+ datalen = (strip[i+1] << 8) | strip[i+2];
+ if (datalen < 2 || datalen >= (*striplength - i))
+ return(0);
+ }
switch( strip[i] ){
- case 0xd8:
- /* SOI - start of image */
+ case 0xd8: /* SOI - start of image */
_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), 2);
*bufferoffset+=2;
- i+=2;
break;
- case 0xc0:
- case 0xc1:
- case 0xc3:
- case 0xc9:
- case 0xca:
+ case 0xc0: /* SOF0 */
+ case 0xc1: /* SOF1 */
+ case 0xc3: /* SOF3 */
+ case 0xc9: /* SOF9 */
+ case 0xca: /* SOF10 */
if(no==0){
- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
- for(j=0;j<buffer[*bufferoffset+9];j++){
- if( (buffer[*bufferoffset+11+(2*j)]>>4) > h_samp)
- h_samp = (buffer[*bufferoffset+11+(2*j)]>>4);
- if( (buffer[*bufferoffset+11+(2*j)] & 0x0f) > v_samp)
- v_samp = (buffer[*bufferoffset+11+(2*j)] & 0x0f);
+ _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
+ ncomp = buffer[*bufferoffset+9];
+ if (ncomp < 1 || ncomp > 4)
+ return(0);
+ v_samp=1;
+ h_samp=1;
+ for(j=0;j<ncomp;j++){
+ uint16 samp = buffer[*bufferoffset+11+(3*j)];
+ if( (samp>>4) > h_samp)
+ h_samp = (samp>>4);
+ if( (samp & 0x0f) > v_samp)
+ v_samp = (samp & 0x0f);
}
v_samp*=8;
h_samp*=8;
@@ -3381,45 +3404,43 @@
(unsigned char) ((height>>8) & 0xff);
buffer[*bufferoffset+6]=
(unsigned char) (height & 0xff);
- *bufferoffset+=strip[i+2]+2;
- i+=strip[i+2]+2;
-
+ *bufferoffset+=datalen+2;
+ /* insert a DRI marker */
buffer[(*bufferoffset)++]=0xff;
buffer[(*bufferoffset)++]=0xdd;
buffer[(*bufferoffset)++]=0x00;
buffer[(*bufferoffset)++]=0x04;
buffer[(*bufferoffset)++]=(ri >> 8) & 0xff;
buffer[(*bufferoffset)++]= ri & 0xff;
- } else {
- i+=strip[i+2]+2;
}
break;
- case 0xc4:
- case 0xdb:
- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
- *bufferoffset+=strip[i+2]+2;
- i+=strip[i+2]+2;
+ case 0xc4: /* DHT */
+ case 0xdb: /* DQT */
+ _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
+ *bufferoffset+=datalen+2;
break;
- case 0xda:
+ case 0xda: /* SOS */
if(no==0){
- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
- *bufferoffset+=strip[i+2]+2;
- i+=strip[i+2]+2;
+ _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
+ *bufferoffset+=datalen+2;
} else {
buffer[(*bufferoffset)++]=0xff;
buffer[(*bufferoffset)++]=
(unsigned char)(0xd0 | ((no-1)%8));
- i+=strip[i+2]+2;
}
- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), (*striplength)-i-1);
- *bufferoffset+=(*striplength)-i-1;
+ i += datalen + 1;
+ /* copy remainder of strip */
+ _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i]), *striplength - i);
+ *bufferoffset+= *striplength - i;
return(1);
default:
- i+=strip[i+2]+2;
+ /* ignore any other marker */
+ break;
}
+ i += datalen + 1;
}
-
+ /* failed to find SOS marker */
return(0);
}
#endif
Index: tiff-4.0.3/contrib/dbs/xtiff/xtiff.c
===================================================================
--- tiff-4.0.3.orig/contrib/dbs/xtiff/xtiff.c 2013-06-23 10:36:51.163629483 -0400
+++ tiff-4.0.3/contrib/dbs/xtiff/xtiff.c 2013-06-23 10:36:51.147629484 -0400
@@ -512,9 +512,9 @@
Arg args[1];
if (tfMultiPage)
- sprintf(buffer, "%s - page %d", fileName, tfDirectory);
+ snprintf(buffer, sizeof(buffer), "%s - page %d", fileName, tfDirectory);
else
- strcpy(buffer, fileName);
+ snprintf(buffer, sizeof(buffer), "%s", fileName);
XtSetArg(args[0], XtNlabel, buffer);
XtSetValues(labelWidget, args, 1);
}
Index: tiff-4.0.3/libtiff/tif_dirinfo.c
===================================================================
--- tiff-4.0.3.orig/libtiff/tif_dirinfo.c 2013-06-23 10:36:51.163629483 -0400
+++ tiff-4.0.3/libtiff/tif_dirinfo.c 2013-06-23 10:36:51.147629484 -0400
@@ -711,7 +711,7 @@
* note that this name is a special sign to TIFFClose() and
* _TIFFSetupFields() to free the field
*/
- sprintf(fld->field_name, "Tag %d", (int) tag);
+ snprintf(fld->field_name, 32, "Tag %d", (int) tag);
return fld;
}
Index: tiff-4.0.3/libtiff/tif_codec.c
===================================================================
--- tiff-4.0.3.orig/libtiff/tif_codec.c 2013-06-23 10:36:51.163629483 -0400
+++ tiff-4.0.3/libtiff/tif_codec.c 2013-06-23 10:36:51.151629482 -0400
@@ -108,7 +108,8 @@
const TIFFCodec* c = TIFFFindCODEC(tif->tif_dir.td_compression);
char compression_code[20];
- sprintf( compression_code, "%d", tif->tif_dir.td_compression );
+ snprintf(compression_code, sizeof(compression_code), "%d",
+ tif->tif_dir.td_compression );
TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
"%s compression support is not configured",
c ? c->name : compression_code );
Index: tiff-4.0.3/tools/tiffdither.c
===================================================================
--- tiff-4.0.3.orig/tools/tiffdither.c 2013-06-23 10:36:51.163629483 -0400
+++ tiff-4.0.3/tools/tiffdither.c 2013-06-23 10:36:51.151629482 -0400
@@ -260,7 +260,7 @@
TIFFSetField(out, TIFFTAG_FILLORDER, fillorder);
else
CopyField(TIFFTAG_FILLORDER, shortv);
- sprintf(thing, "Dithered B&W version of %s", argv[optind]);
+ snprintf(thing, sizeof(thing), "Dithered B&W version of %s", argv[optind]);
TIFFSetField(out, TIFFTAG_IMAGEDESCRIPTION, thing);
CopyField(TIFFTAG_PHOTOMETRIC, shortv);
CopyField(TIFFTAG_ORIENTATION, shortv);
Index: tiff-4.0.3/tools/rgb2ycbcr.c
===================================================================
--- tiff-4.0.3.orig/tools/rgb2ycbcr.c 2013-06-23 10:36:51.163629483 -0400
+++ tiff-4.0.3/tools/rgb2ycbcr.c 2013-06-23 10:36:51.151629482 -0400
@@ -332,7 +332,8 @@
TIFFSetField(out, TIFFTAG_PLANARCONFIG, PLANARCONFIG_CONTIG);
{ char buf[2048];
char *cp = strrchr(TIFFFileName(in), '/');
- sprintf(buf, "YCbCr conversion of %s", cp ? cp+1 : TIFFFileName(in));
+ snprintf(buf, sizeof(buf), "YCbCr conversion of %s",
+ cp ? cp+1 : TIFFFileName(in));
TIFFSetField(out, TIFFTAG_IMAGEDESCRIPTION, buf);
}
TIFFSetField(out, TIFFTAG_SOFTWARE, TIFFGetVersion());
Index: tiff-4.0.3/tools/tiff2pdf.c
===================================================================
--- tiff-4.0.3.orig/tools/tiff2pdf.c 2013-06-23 10:36:51.163629483 -0400
+++ tiff-4.0.3/tools/tiff2pdf.c 2013-06-23 10:36:51.151629482 -0400
@@ -3630,7 +3630,9 @@
char buffer[16];
int buflen=0;
- buflen=sprintf(buffer, "%%PDF-%u.%u ", t2p->pdf_majorversion&0xff, t2p->pdf_minorversion&0xff);
+ buflen = snprintf(buffer, sizeof(buffer), "%%PDF-%u.%u ",
+ t2p->pdf_majorversion&0xff,
+ t2p->pdf_minorversion&0xff);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t)"\n%\342\343\317\323\n", 7);
@@ -3644,10 +3646,10 @@
tsize_t t2p_write_pdf_obj_start(uint32 number, TIFF* output){
tsize_t written=0;
- char buffer[16];
+ char buffer[32];
int buflen=0;
- buflen=sprintf(buffer, "%lu", (unsigned long)number);
+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)number);
written += t2pWriteFile(output, (tdata_t) buffer, buflen );
written += t2pWriteFile(output, (tdata_t) " 0 obj\n", 7);
@@ -3686,13 +3688,13 @@
written += t2pWriteFile(output, (tdata_t) "/", 1);
for (i=0;i<namelen;i++){
if ( ((unsigned char)name[i]) < 0x21){
- sprintf(buffer, "#%.2X", name[i]);
+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
buffer[sizeof(buffer) - 1] = '\0';
written += t2pWriteFile(output, (tdata_t) buffer, 3);
nextchar=1;
}
if ( ((unsigned char)name[i]) > 0x7E){
- sprintf(buffer, "#%.2X", name[i]);
+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
buffer[sizeof(buffer) - 1] = '\0';
written += t2pWriteFile(output, (tdata_t) buffer, 3);
nextchar=1;
@@ -3700,57 +3702,57 @@
if (nextchar==0){
switch (name[i]){
case 0x23:
- sprintf(buffer, "#%.2X", name[i]);
+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
buffer[sizeof(buffer) - 1] = '\0';
written += t2pWriteFile(output, (tdata_t) buffer, 3);
break;
case 0x25:
- sprintf(buffer, "#%.2X", name[i]);
+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
buffer[sizeof(buffer) - 1] = '\0';
written += t2pWriteFile(output, (tdata_t) buffer, 3);
break;
case 0x28:
- sprintf(buffer, "#%.2X", name[i]);
+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
buffer[sizeof(buffer) - 1] = '\0';
written += t2pWriteFile(output, (tdata_t) buffer, 3);
break;
case 0x29:
- sprintf(buffer, "#%.2X", name[i]);
+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
buffer[sizeof(buffer) - 1] = '\0';
written += t2pWriteFile(output, (tdata_t) buffer, 3);
break;
case 0x2F:
- sprintf(buffer, "#%.2X", name[i]);
+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
buffer[sizeof(buffer) - 1] = '\0';
written += t2pWriteFile(output, (tdata_t) buffer, 3);
break;
case 0x3C:
- sprintf(buffer, "#%.2X", name[i]);
+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
buffer[sizeof(buffer) - 1] = '\0';
written += t2pWriteFile(output, (tdata_t) buffer, 3);
break;
case 0x3E:
- sprintf(buffer, "#%.2X", name[i]);
+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
buffer[sizeof(buffer) - 1] = '\0';
written += t2pWriteFile(output, (tdata_t) buffer, 3);
break;
case 0x5B:
- sprintf(buffer, "#%.2X", name[i]);
+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
buffer[sizeof(buffer) - 1] = '\0';
written += t2pWriteFile(output, (tdata_t) buffer, 3);
break;
case 0x5D:
- sprintf(buffer, "#%.2X", name[i]);
+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
buffer[sizeof(buffer) - 1] = '\0';
written += t2pWriteFile(output, (tdata_t) buffer, 3);
break;
case 0x7B:
- sprintf(buffer, "#%.2X", name[i]);
+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
buffer[sizeof(buffer) - 1] = '\0';
written += t2pWriteFile(output, (tdata_t) buffer, 3);
break;
case 0x7D:
- sprintf(buffer, "#%.2X", name[i]);
+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
buffer[sizeof(buffer) - 1] = '\0';
written += t2pWriteFile(output, (tdata_t) buffer, 3);
break;
@@ -3865,14 +3867,14 @@
tsize_t t2p_write_pdf_stream_dict(tsize_t len, uint32 number, TIFF* output){
tsize_t written=0;
- char buffer[16];
+ char buffer[32];
int buflen=0;
written += t2pWriteFile(output, (tdata_t) "/Length ", 8);
if(len!=0){
written += t2p_write_pdf_stream_length(len, output);
} else {
- buflen=sprintf(buffer, "%lu", (unsigned long)number);
+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)number);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) " 0 R \n", 6);
}
@@ -3913,10 +3915,10 @@
tsize_t t2p_write_pdf_stream_length(tsize_t len, TIFF* output){
tsize_t written=0;
- char buffer[16];
+ char buffer[32];
int buflen=0;
- buflen=sprintf(buffer, "%lu", (unsigned long)len);
+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)len);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) "\n", 1);
@@ -3930,7 +3932,7 @@
tsize_t t2p_write_pdf_catalog(T2P* t2p, TIFF* output)
{
tsize_t written = 0;
- char buffer[16];
+ char buffer[32];
int buflen = 0;
written += t2pWriteFile(output,
@@ -3969,7 +3971,6 @@
written += t2p_write_pdf_string(t2p->pdf_datetime, output);
}
written += t2pWriteFile(output, (tdata_t) "\n/Producer ", 11);
- _TIFFmemset((tdata_t)buffer, 0x00, sizeof(buffer));
snprintf(buffer, sizeof(buffer), "libtiff / tiff2pdf - %d", TIFFLIB_VERSION);
written += t2p_write_pdf_string(buffer, output);
written += t2pWriteFile(output, (tdata_t) "\n", 1);
@@ -4110,7 +4111,7 @@
{
tsize_t written=0;
tdir_t i=0;
- char buffer[16];
+ char buffer[32];
int buflen=0;
int page=0;
@@ -4118,7 +4119,7 @@
(tdata_t) "<< \n/Type /Pages \n/Kids [ ", 26);
page = t2p->pdf_pages+1;
for (i=0;i<t2p->tiff_pagecount;i++){
- buflen=sprintf(buffer, "%d", page);
+ buflen=snprintf(buffer, sizeof(buffer), "%d", page);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
if ( ((i+1)%8)==0 ) {
@@ -4133,8 +4134,7 @@
}
}
written += t2pWriteFile(output, (tdata_t) "] \n/Count ", 10);
- _TIFFmemset(buffer, 0x00, 16);
- buflen=sprintf(buffer, "%d", t2p->tiff_pagecount);
+ buflen=snprintf(buffer, sizeof(buffer), "%d", t2p->tiff_pagecount);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) " \n>> \n", 6);
@@ -4149,28 +4149,28 @@
unsigned int i=0;
tsize_t written=0;
- char buffer[16];
+ char buffer[256];
int buflen=0;
written += t2pWriteFile(output, (tdata_t) "<<\n/Type /Page \n/Parent ", 24);
- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_pages);
+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_pages);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) " 0 R \n", 6);
written += t2pWriteFile(output, (tdata_t) "/MediaBox [", 11);
- buflen=sprintf(buffer, "%.4f",t2p->pdf_mediabox.x1);
+ buflen=snprintf(buffer, sizeof(buffer), "%.4f",t2p->pdf_mediabox.x1);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) " ", 1);
- buflen=sprintf(buffer, "%.4f",t2p->pdf_mediabox.y1);
+ buflen=snprintf(buffer, sizeof(buffer), "%.4f",t2p->pdf_mediabox.y1);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) " ", 1);
- buflen=sprintf(buffer, "%.4f",t2p->pdf_mediabox.x2);
+ buflen=snprintf(buffer, sizeof(buffer), "%.4f",t2p->pdf_mediabox.x2);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) " ", 1);
- buflen=sprintf(buffer, "%.4f",t2p->pdf_mediabox.y2);
+ buflen=snprintf(buffer, sizeof(buffer), "%.4f",t2p->pdf_mediabox.y2);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) "] \n", 3);
written += t2pWriteFile(output, (tdata_t) "/Contents ", 10);
- buflen=sprintf(buffer, "%lu", (unsigned long)(object + 1));
+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)(object + 1));
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) " 0 R \n", 6);
written += t2pWriteFile(output, (tdata_t) "/Resources << \n", 15);
@@ -4178,15 +4178,13 @@
written += t2pWriteFile(output, (tdata_t) "/XObject <<\n", 12);
for(i=0;i<t2p->tiff_tiles[t2p->pdf_page].tiles_tilecount;i++){
written += t2pWriteFile(output, (tdata_t) "/Im", 3);
- buflen = sprintf(buffer, "%u", t2p->pdf_page+1);
+ buflen = snprintf(buffer, sizeof(buffer), "%u", t2p->pdf_page+1);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) "_", 1);
- buflen = sprintf(buffer, "%u", i+1);
+ buflen = snprintf(buffer, sizeof(buffer), "%u", i+1);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) " ", 1);
- buflen = sprintf(
- buffer,
- "%lu",
+ buflen = snprintf(buffer, sizeof(buffer), "%lu",
(unsigned long)(object+3+(2*i)+t2p->tiff_pages[t2p->pdf_page].page_extra));
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
@@ -4198,12 +4196,10 @@
} else {
written += t2pWriteFile(output, (tdata_t) "/XObject <<\n", 12);
written += t2pWriteFile(output, (tdata_t) "/Im", 3);
- buflen = sprintf(buffer, "%u", t2p->pdf_page+1);
+ buflen = snprintf(buffer, sizeof(buffer), "%u", t2p->pdf_page+1);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) " ", 1);
- buflen = sprintf(
- buffer,
- "%lu",
+ buflen = snprintf(buffer, sizeof(buffer), "%lu",
(unsigned long)(object+3+(2*i)+t2p->tiff_pages[t2p->pdf_page].page_extra));
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
@@ -4212,9 +4208,7 @@
if(t2p->tiff_transferfunctioncount != 0) {
written += t2pWriteFile(output, (tdata_t) "/ExtGState <<", 13);
t2pWriteFile(output, (tdata_t) "/GS1 ", 5);
- buflen = sprintf(
- buffer,
- "%lu",
+ buflen = snprintf(buffer, sizeof(buffer), "%lu",
(unsigned long)(object + 3));
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
@@ -4587,7 +4581,7 @@
if(t2p->tiff_tiles[t2p->pdf_page].tiles_tilecount>0){
for(i=0;i<t2p->tiff_tiles[t2p->pdf_page].tiles_tilecount; i++){
box=t2p->tiff_tiles[t2p->pdf_page].tiles_tiles[i].tile_box;
- buflen=sprintf(buffer,
+ buflen=snprintf(buffer, sizeof(buffer),
"q %s %.4f %.4f %.4f %.4f %.4f %.4f cm /Im%d_%ld Do Q\n",
t2p->tiff_transferfunctioncount?"/GS1 gs ":"",
box.mat[0],
@@ -4602,7 +4596,7 @@
}
} else {
box=t2p->pdf_imagebox;
- buflen=sprintf(buffer,
+ buflen=snprintf(buffer, sizeof(buffer),
"q %s %.4f %.4f %.4f %.4f %.4f %.4f cm /Im%d Do Q\n",
t2p->tiff_transferfunctioncount?"/GS1 gs ":"",
box.mat[0],
@@ -4627,59 +4621,48 @@
TIFF* output){
tsize_t written=0;
- char buffer[16];
+ char buffer[32];
int buflen=0;
written += t2p_write_pdf_stream_dict(0, t2p->pdf_xrefcount+1, output);
written += t2pWriteFile(output,
(tdata_t) "/Type /XObject \n/Subtype /Image \n/Name /Im",
42);
- buflen=sprintf(buffer, "%u", t2p->pdf_page+1);
+ buflen=snprintf(buffer, sizeof(buffer), "%u", t2p->pdf_page+1);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
if(tile != 0){
written += t2pWriteFile(output, (tdata_t) "_", 1);
- buflen=sprintf(buffer, "%lu", (unsigned long)tile);
+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)tile);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
}
written += t2pWriteFile(output, (tdata_t) "\n/Width ", 8);
- _TIFFmemset((tdata_t)buffer, 0x00, 16);
if(tile==0){
- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->tiff_width);
+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->tiff_width);
} else {
if(t2p_tile_is_right_edge(t2p->tiff_tiles[t2p->pdf_page], tile-1)!=0){
- buflen=sprintf(
- buffer,
- "%lu",
+ buflen=snprintf(buffer, sizeof(buffer), "%lu",
(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_edgetilewidth);
} else {
- buflen=sprintf(
- buffer,
- "%lu",
+ buflen=snprintf(buffer, sizeof(buffer), "%lu",
(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_tilewidth);
}
}
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) "\n/Height ", 9);
- _TIFFmemset((tdata_t)buffer, 0x00, 16);
if(tile==0){
- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->tiff_length);
+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->tiff_length);
} else {
if(t2p_tile_is_bottom_edge(t2p->tiff_tiles[t2p->pdf_page], tile-1)!=0){
- buflen=sprintf(
- buffer,
- "%lu",
+ buflen=snprintf(buffer, sizeof(buffer), "%lu",
(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_edgetilelength);
} else {
- buflen=sprintf(
- buffer,
- "%lu",
+ buflen=snprintf(buffer, sizeof(buffer), "%lu",
(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_tilelength);
}
}
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) "\n/BitsPerComponent ", 19);
- _TIFFmemset((tdata_t)buffer, 0x00, 16);
- buflen=sprintf(buffer, "%u", t2p->tiff_bitspersample);
+ buflen=snprintf(buffer, sizeof(buffer), "%u", t2p->tiff_bitspersample);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) "\n/ColorSpace ", 13);
written += t2p_write_pdf_xobject_cs(t2p, output);
@@ -4723,11 +4706,10 @@
t2p->pdf_colorspace ^= T2P_CS_PALETTE;
written += t2p_write_pdf_xobject_cs(t2p, output);
t2p->pdf_colorspace |= T2P_CS_PALETTE;
- buflen=sprintf(buffer, "%u", (0x0001 << t2p->tiff_bitspersample)-1 );
+ buflen=snprintf(buffer, sizeof(buffer), "%u", (0x0001 << t2p->tiff_bitspersample)-1 );
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) " ", 1);
- _TIFFmemset(buffer, 0x00, 16);
- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_palettecs );
+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_palettecs );
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) " 0 R ]\n", 7);
return(written);
@@ -4761,10 +4743,10 @@
X_W /= Y_W;
Z_W /= Y_W;
Y_W = 1.0F;
- buflen=sprintf(buffer, "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W);
+ buflen=snprintf(buffer, sizeof(buffer), "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) "/Range ", 7);
- buflen=sprintf(buffer, "[%d %d %d %d] \n",
+ buflen=snprintf(buffer, sizeof(buffer), "[%d %d %d %d] \n",
t2p->pdf_labrange[0],
t2p->pdf_labrange[1],
t2p->pdf_labrange[2],
@@ -4780,26 +4762,26 @@
tsize_t t2p_write_pdf_transfer(T2P* t2p, TIFF* output){
tsize_t written=0;
- char buffer[16];
+ char buffer[32];
int buflen=0;
written += t2pWriteFile(output, (tdata_t) "<< /Type /ExtGState \n/TR ", 25);
if(t2p->tiff_transferfunctioncount == 1){
- buflen=sprintf(buffer, "%lu",
+ buflen=snprintf(buffer, sizeof(buffer), "%lu",
(unsigned long)(t2p->pdf_xrefcount + 1));
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
} else {
written += t2pWriteFile(output, (tdata_t) "[ ", 2);
- buflen=sprintf(buffer, "%lu",
+ buflen=snprintf(buffer, sizeof(buffer), "%lu",
(unsigned long)(t2p->pdf_xrefcount + 1));
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
- buflen=sprintf(buffer, "%lu",
+ buflen=snprintf(buffer, sizeof(buffer), "%lu",
(unsigned long)(t2p->pdf_xrefcount + 2));
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
- buflen=sprintf(buffer, "%lu",
+ buflen=snprintf(buffer, sizeof(buffer), "%lu",
(unsigned long)(t2p->pdf_xrefcount + 3));
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
@@ -4821,7 +4803,7 @@
written += t2pWriteFile(output, (tdata_t) "/FunctionType 0 \n", 17);
written += t2pWriteFile(output, (tdata_t) "/Domain [0.0 1.0] \n", 19);
written += t2pWriteFile(output, (tdata_t) "/Range [0.0 1.0] \n", 18);
- buflen=sprintf(buffer, "/Size [%u] \n", (1<<t2p->tiff_bitspersample));
+ buflen=snprintf(buffer, sizeof(buffer), "/Size [%u] \n", (1<<t2p->tiff_bitspersample));
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) "/BitsPerSample 16 \n", 19);
written += t2p_write_pdf_stream_dict(((tsize_t)1)<<(t2p->tiff_bitspersample+1), 0, output);
@@ -4848,7 +4830,7 @@
tsize_t t2p_write_pdf_xobject_calcs(T2P* t2p, TIFF* output){
tsize_t written=0;
- char buffer[128];
+ char buffer[256];
int buflen=0;
float X_W=0.0;
@@ -4916,16 +4898,16 @@
written += t2pWriteFile(output, (tdata_t) "<< \n", 4);
if(t2p->pdf_colorspace & T2P_CS_CALGRAY){
written += t2pWriteFile(output, (tdata_t) "/WhitePoint ", 12);
- buflen=sprintf(buffer, "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W);
+ buflen=snprintf(buffer, sizeof(buffer), "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) "/Gamma 2.2 \n", 12);
}
if(t2p->pdf_colorspace & T2P_CS_CALRGB){
written += t2pWriteFile(output, (tdata_t) "/WhitePoint ", 12);
- buflen=sprintf(buffer, "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W);
+ buflen=snprintf(buffer, sizeof(buffer), "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) "/Matrix ", 8);
- buflen=sprintf(buffer, "[%.4f %.4f %.4f %.4f %.4f %.4f %.4f %.4f %.4f] \n",
+ buflen=snprintf(buffer, sizeof(buffer), "[%.4f %.4f %.4f %.4f %.4f %.4f %.4f %.4f %.4f] \n",
X_R, Y_R, Z_R,
X_G, Y_G, Z_G,
X_B, Y_B, Z_B);
@@ -4944,11 +4926,11 @@
tsize_t t2p_write_pdf_xobject_icccs(T2P* t2p, TIFF* output){
tsize_t written=0;
- char buffer[16];
+ char buffer[32];
int buflen=0;
written += t2pWriteFile(output, (tdata_t) "[/ICCBased ", 11);
- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_icccs);
+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_icccs);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) " 0 R] \n", 7);
@@ -4958,11 +4940,11 @@
tsize_t t2p_write_pdf_xobject_icccs_dict(T2P* t2p, TIFF* output){
tsize_t written=0;
- char buffer[16];
+ char buffer[32];
int buflen=0;
written += t2pWriteFile(output, (tdata_t) "/N ", 3);
- buflen=sprintf(buffer, "%u \n", t2p->tiff_samplesperpixel);
+ buflen=snprintf(buffer, sizeof(buffer), "%u \n", t2p->tiff_samplesperpixel);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) "/Alternate ", 11);
t2p->pdf_colorspace ^= T2P_CS_ICCBASED;
@@ -5027,7 +5009,7 @@
tsize_t t2p_write_pdf_xobject_stream_filter(ttile_t tile, T2P* t2p, TIFF* output){
tsize_t written=0;
- char buffer[16];
+ char buffer[32];
int buflen=0;
if(t2p->pdf_compression==T2P_COMPRESS_NONE){
@@ -5042,41 +5024,33 @@
written += t2pWriteFile(output, (tdata_t) "<< /K -1 ", 9);
if(tile==0){
written += t2pWriteFile(output, (tdata_t) "/Columns ", 9);
- buflen=sprintf(buffer, "%lu",
+ buflen=snprintf(buffer, sizeof(buffer), "%lu",
(unsigned long)t2p->tiff_width);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) " /Rows ", 7);
- buflen=sprintf(buffer, "%lu",
+ buflen=snprintf(buffer, sizeof(buffer), "%lu",
(unsigned long)t2p->tiff_length);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
} else {
if(t2p_tile_is_right_edge(t2p->tiff_tiles[t2p->pdf_page], tile-1)==0){
written += t2pWriteFile(output, (tdata_t) "/Columns ", 9);
- buflen=sprintf(
- buffer,
- "%lu",
+ buflen=snprintf(buffer, sizeof(buffer), "%lu",
(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_tilewidth);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
} else {
written += t2pWriteFile(output, (tdata_t) "/Columns ", 9);
- buflen=sprintf(
- buffer,
- "%lu",
+ buflen=snprintf(buffer, sizeof(buffer), "%lu",
(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_edgetilewidth);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
}
if(t2p_tile_is_bottom_edge(t2p->tiff_tiles[t2p->pdf_page], tile-1)==0){
written += t2pWriteFile(output, (tdata_t) " /Rows ", 7);
- buflen=sprintf(
- buffer,
- "%lu",
+ buflen=snprintf(buffer, sizeof(buffer), "%lu",
(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_tilelength);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
} else {
written += t2pWriteFile(output, (tdata_t) " /Rows ", 7);
- buflen=sprintf(
- buffer,
- "%lu",
+ buflen=snprintf(buffer, sizeof(buffer), "%lu",
(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_edgetilelength);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
}
@@ -5103,21 +5077,17 @@
if(t2p->pdf_compressionquality%100){
written += t2pWriteFile(output, (tdata_t) "/DecodeParms ", 13);
written += t2pWriteFile(output, (tdata_t) "<< /Predictor ", 14);
- _TIFFmemset(buffer, 0x00, 16);
- buflen=sprintf(buffer, "%u", t2p->pdf_compressionquality%100);
+ buflen=snprintf(buffer, sizeof(buffer), "%u", t2p->pdf_compressionquality%100);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) " /Columns ", 10);
- _TIFFmemset(buffer, 0x00, 16);
- buflen = sprintf(buffer, "%lu",
+ buflen = snprintf(buffer, sizeof(buffer), "%lu",
(unsigned long)t2p->tiff_width);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) " /Colors ", 9);
- _TIFFmemset(buffer, 0x00, 16);
- buflen=sprintf(buffer, "%u", t2p->tiff_samplesperpixel);
+ buflen=snprintf(buffer, sizeof(buffer), "%u", t2p->tiff_samplesperpixel);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) " /BitsPerComponent ", 19);
- _TIFFmemset(buffer, 0x00, 16);
- buflen=sprintf(buffer, "%u", t2p->tiff_bitspersample);
+ buflen=snprintf(buffer, sizeof(buffer), "%u", t2p->tiff_bitspersample);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) ">>\n", 3);
}
@@ -5137,16 +5107,16 @@
tsize_t t2p_write_pdf_xreftable(T2P* t2p, TIFF* output){
tsize_t written=0;
- char buffer[21];
+ char buffer[64];
int buflen=0;
uint32 i=0;
written += t2pWriteFile(output, (tdata_t) "xref\n0 ", 7);
- buflen=sprintf(buffer, "%lu", (unsigned long)(t2p->pdf_xrefcount + 1));
+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)(t2p->pdf_xrefcount + 1));
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
written += t2pWriteFile(output, (tdata_t) " \n0000000000 65535 f \n", 22);
for (i=0;i<t2p->pdf_xrefcount;i++){
- sprintf(buffer, "%.10lu 00000 n \n",
+ snprintf(buffer, sizeof(buffer), "%.10lu 00000 n \n",
(unsigned long)t2p->pdf_xrefoffsets[i]);
written += t2pWriteFile(output, (tdata_t) buffer, 20);
}
@@ -5170,17 +5140,14 @@
snprintf(t2p->pdf_fileid + i, 9, "%.8X", rand());
written += t2pWriteFile(output, (tdata_t) "trailer\n<<\n/Size ", 17);
- buflen = sprintf(buffer, "%lu", (unsigned long)(t2p->pdf_xrefcount+1));
+ buflen = snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)(t2p->pdf_xrefcount+1));
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- _TIFFmemset(buffer, 0x00, 32);
written += t2pWriteFile(output, (tdata_t) "\n/Root ", 7);
- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_catalog);
+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_catalog);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- _TIFFmemset(buffer, 0x00, 32);
written += t2pWriteFile(output, (tdata_t) " 0 R \n/Info ", 12);
- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_info);
+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_info);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- _TIFFmemset(buffer, 0x00, 32);
written += t2pWriteFile(output, (tdata_t) " 0 R \n/ID[<", 11);
written += t2pWriteFile(output, (tdata_t) t2p->pdf_fileid,
sizeof(t2p->pdf_fileid) - 1);
@@ -5188,9 +5155,8 @@
written += t2pWriteFile(output, (tdata_t) t2p->pdf_fileid,
sizeof(t2p->pdf_fileid) - 1);
written += t2pWriteFile(output, (tdata_t) ">]\n>>\nstartxref\n", 16);
- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_startxref);
+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_startxref);
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
- _TIFFmemset(buffer, 0x00, 32);
written += t2pWriteFile(output, (tdata_t) "\n%%EOF\n", 7);
return(written);
Index: tiff-4.0.3/tools/tiff2ps.c
===================================================================
--- tiff-4.0.3.orig/tools/tiff2ps.c 2013-06-23 10:36:51.163629483 -0400
+++ tiff-4.0.3/tools/tiff2ps.c 2013-06-23 10:36:51.155629481 -0400
@@ -1781,8 +1781,8 @@
imageOp = "imagemask";
(void)strcpy(im_x, "0");
- (void)sprintf(im_y, "%lu", (long) h);
- (void)sprintf(im_h, "%lu", (long) h);
+ (void)snprintf(im_y, sizeof(im_y), "%lu", (long) h);
+ (void)snprintf(im_h, sizeof(im_h), "%lu", (long) h);
tile_width = w;
tile_height = h;
if (TIFFIsTiled(tif)) {
@@ -1803,7 +1803,7 @@
}
if (tile_height < h) {
fputs("/im_y 0 def\n", fd);
- (void)sprintf(im_y, "%lu im_y sub", (unsigned long) h);
+ (void)snprintf(im_y, sizeof(im_y), "%lu im_y sub", (unsigned long) h);
}
} else {
repeat_count = tf_numberstrips;
@@ -1815,7 +1815,7 @@
fprintf(fd, "/im_h %lu def\n",
(unsigned long) tile_height);
(void)strcpy(im_h, "im_h");
- (void)sprintf(im_y, "%lu im_y sub", (unsigned long) h);
+ (void)snprintf(im_y, sizeof(im_y), "%lu im_y sub", (unsigned long) h);
}
}
Index: tiff-4.0.3/tools/tiffcrop.c
===================================================================
--- tiff-4.0.3.orig/tools/tiffcrop.c 2013-06-23 10:36:51.163629483 -0400
+++ tiff-4.0.3/tools/tiffcrop.c 2013-06-23 10:36:51.159629481 -0400
@@ -2077,7 +2077,7 @@
return 1;
}
- sprintf (filenum, "-%03d%s", findex, export_ext);
+ snprintf(filenum, sizeof(filenum), "-%03d%s", findex, export_ext);
filenum[14] = '\0';
strncat (exportname, filenum, 15);
}
@@ -2230,8 +2230,8 @@
/* dump.infilename is guaranteed to be NUL termimated and have 20 bytes
fewer than PATH_MAX */
- memset (temp_filename, '\0', PATH_MAX + 1);
- sprintf (temp_filename, "%s-read-%03d.%s", dump.infilename, dump_images,
+ snprintf(temp_filename, sizeof(temp_filename), "%s-read-%03d.%s",
+ dump.infilename, dump_images,
(dump.format == DUMP_TEXT) ? "txt" : "raw");
if ((dump.infile = fopen(temp_filename, dump.mode)) == NULL)
{
@@ -2249,8 +2249,8 @@
/* dump.outfilename is guaranteed to be NUL termimated and have 20 bytes
fewer than PATH_MAX */
- memset (temp_filename, '\0', PATH_MAX + 1);
- sprintf (temp_filename, "%s-write-%03d.%s", dump.outfilename, dump_images,
+ snprintf(temp_filename, sizeof(temp_filename), "%s-write-%03d.%s",
+ dump.outfilename, dump_images,
(dump.format == DUMP_TEXT) ? "txt" : "raw");
if ((dump.outfile = fopen(temp_filename, dump.mode)) == NULL)
{
Index: tiff-4.0.3/tools/tiff2bw.c
===================================================================
--- tiff-4.0.3.orig/tools/tiff2bw.c 2013-06-23 10:36:51.163629483 -0400
+++ tiff-4.0.3/tools/tiff2bw.c 2013-06-23 10:36:51.159629481 -0400
@@ -205,7 +205,7 @@
}
}
TIFFSetField(out, TIFFTAG_PHOTOMETRIC, PHOTOMETRIC_MINISBLACK);
- sprintf(thing, "B&W version of %s", argv[optind]);
+ snprintf(thing, sizeof(thing), "B&W version of %s", argv[optind]);
TIFFSetField(out, TIFFTAG_IMAGEDESCRIPTION, thing);
TIFFSetField(out, TIFFTAG_SOFTWARE, "tiff2bw");
outbuf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
Description: Buffer overflow in gif2tiff
Bug: http://bugzilla.maptools.org/show_bug.cgi?id=2450
Bug-Debian: http://bugs.debian.org/719303
Index: tiff-4.0.3/tools/gif2tiff.c
===================================================================
--- tiff-4.0.3.orig/tools/gif2tiff.c 2013-08-22 11:46:11.960846910 -0400
+++ tiff-4.0.3/tools/gif2tiff.c 2013-08-22 11:46:11.956846910 -0400
@@ -333,6 +333,8 @@
int status = 1;
datasize = getc(infile);
+ if (datasize > 12)
+ return 0;
clear = 1 << datasize;
eoi = clear + 1;
avail = clear + 2;
Description: use after free in tiff2pdf
Bug: http://bugzilla.maptools.org/show_bug.cgi?id=2449
Bug-Debian: http://bugs.debian.org/719303
Index: tiff-4.0.3/tools/tiff2pdf.c
===================================================================
--- tiff-4.0.3.orig/tools/tiff2pdf.c 2013-08-22 11:46:37.292847242 -0400
+++ tiff-4.0.3/tools/tiff2pdf.c 2013-08-22 11:46:37.292847242 -0400
@@ -2461,7 +2461,8 @@
(unsigned long) t2p->tiff_datasize,
TIFFFileName(input));
t2p->t2p_error = T2P_ERR_ERROR;
- _TIFFfree(buffer);
+ _TIFFfree(buffer);
+ return(0);
} else {
buffer=samplebuffer;
t2p->tiff_datasize *= t2p->tiff_samplesperpixel;
Description: OOB write in gif2tiff
Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=996468
Index: tiff-4.0.3/tools/gif2tiff.c
===================================================================
--- tiff-4.0.3.orig/tools/gif2tiff.c 2013-08-24 11:17:13.546447901 -0400
+++ tiff-4.0.3/tools/gif2tiff.c 2013-08-24 11:17:13.546447901 -0400
@@ -400,6 +400,10 @@
}
if (oldcode == -1) {
+ if (code >= clear) {
+ fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
+ return 0;
+ }
*(*fill)++ = suffix[code];
firstchar = oldcode = code;
return 1;
Index: tiff/tools/gif2tiff.c
===================================================================
--- tiff.orig/tools/gif2tiff.c
+++ tiff/tools/gif2tiff.c
@@ -280,6 +280,10 @@ readgifimage(char* mode)
fprintf(stderr, "no colormap present for image\n");
return (0);
}
+ if (width == 0 || height == 0) {
+ fprintf(stderr, "Invalid value of width or height\n");
+ return(0);
+ }
if ((raster = (unsigned char*) _TIFFmalloc(width*height+EXTRAFUDGE)) == NULL) {
fprintf(stderr, "not enough memory for image\n");
return (0);
@@ -404,6 +408,10 @@ process(register int code, unsigned char
fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
return 0;
}
+ if (*fill >= raster + width*height) {
+ fprintf(stderr, "raster full before eoi code\n");
+ return 0;
+ }
*(*fill)++ = suffix[code];
firstchar = oldcode = code;
return 1;
@@ -434,6 +442,10 @@ process(register int code, unsigned char
}
oldcode = incode;
do {
+ if (*fill >= raster + width*height) {
+ fprintf(stderr, "raster full before eoi code\n");
+ return 0;
+ }
*(*fill)++ = *--stackp;
} while (stackp > stack);
return 1;
Description: fix for Debian bug #741451
tiffcp crashes when converting JPEG-encoded TIFF to a different
encoding (like none or lzw). For example this will probably fail:
.
tiffcp -c none jpeg_encoded_file.tif output.tif
.
The reason is that when the input file contains JPEG data,
the tiffcp code forces conversion to RGB space. However,
the output normally inherits YCbCr subsampling parameters
from the input, which leads to a smaller working buffer
than necessary. The buffer is subsequently overrun inside
cpStripToTile() (called from writeBufferToContigTiles).
Note that the resulting TIFF file would be scrambled even
if tiffcp wouldn't crash, since the output file would contain
RGB data intepreted as subsampled YCbCr values.
.
This patch fixes the problem by forcing RGB space on the output
TIF if the input is JPEG-encoded and output is *not* JPEG-encoded.
Origin: upstream, http://bugzilla.maptools.org/show_bug.cgi?id=2480
Author: Tomasz Buchert <tomasz.buchert@inria.fr>
Bug: http://bugzilla.maptools.org/show_bug.cgi?id=2480
Bug-Debian: http://bugs.debian.org/741451
--- a/tools/tiffcp.c
+++ b/tools/tiffcp.c
@@ -629,6 +629,12 @@
TIFFSetField(out, TIFFTAG_PHOTOMETRIC,
samplesperpixel == 1 ?
PHOTOMETRIC_LOGL : PHOTOMETRIC_LOGLUV);
+ else if (input_compression == COMPRESSION_JPEG &&
+ samplesperpixel == 3) {
+ /* RGB conversion was forced above
+ hence the output will be of the same type */
+ TIFFSetField(out, TIFFTAG_PHOTOMETRIC, PHOTOMETRIC_RGB);
+ }
else
CopyTag(TIFFTAG_PHOTOMETRIC, 1, TIFF_SHORT);
if (fillorder != 0)
Description: CVE-2014-9330
Integer overflow in bmp2tiff
Origin: upstream, http://bugzilla.maptools.org/show_bug.cgi?id=2494
Bug: http://bugzilla.maptools.org/show_bug.cgi?id=2494
Bug-Debian: http://bugs.debian.org/773987
Index: tiff/tools/bmp2tiff.c
===================================================================
--- tiff.orig/tools/bmp2tiff.c
+++ tiff/tools/bmp2tiff.c
@@ -1,4 +1,4 @@
-/* $Id: bmp2tiff.c,v 1.23 2010-03-10 18:56:49 bfriesen Exp $
+/* $Id: bmp2tiff.c,v 1.24 2014-12-21 15:15:32 erouault Exp $
*
* Project: libtiff tools
* Purpose: Convert Windows BMP files in TIFF.
@@ -403,6 +403,13 @@ main(int argc, char* argv[])
width = info_hdr.iWidth;
length = (info_hdr.iHeight > 0) ? info_hdr.iHeight : -info_hdr.iHeight;
+ if( width <= 0 || length <= 0 )
+ {
+ TIFFError(infilename,
+ "Invalid dimensions of BMP file" );
+ close(fd);
+ return -1;
+ }
switch (info_hdr.iBitCount)
{
@@ -593,6 +600,14 @@ main(int argc, char* argv[])
compr_size = file_hdr.iSize - file_hdr.iOffBits;
uncompr_size = width * length;
+ /* Detect int overflow */
+ if( uncompr_size / width != length )
+ {
+ TIFFError(infilename,
+ "Invalid dimensions of BMP file" );
+ close(fd);
+ return -1;
+ }
comprbuf = (unsigned char *) _TIFFmalloc( compr_size );
if (!comprbuf) {
TIFFError(infilename,
From 0782c759084daaf9e4de7ee6be7543081823455e Mon Sep 17 00:00:00 2001
From: erouault <erouault>
Date: Sun, 21 Dec 2014 20:58:29 +0000
Subject: [PATCH] * tools/tiff2bw.c: when Photometric=RGB, the utility only
works if SamplesPerPixel = 3. Enforce that
http://bugzilla.maptools.org/show_bug.cgi?id=2485 (CVE-2014-8127)
---
ChangeLog | 6 ++++++
tools/tiff2bw.c | 5 +++++
2 files changed, 11 insertions(+)
diff --git a/tools/tiff2bw.c b/tools/tiff2bw.c
index 22467cd..94b8e31 100644
--- a/tools/tiff2bw.c
+++ b/tools/tiff2bw.c
@@ -171,6 +171,11 @@ main(int argc, char* argv[])
argv[optind], samplesperpixel);
return (-1);
}
+ if( photometric == PHOTOMETRIC_RGB && samplesperpixel != 3) {
+ fprintf(stderr, "%s: Bad samples/pixel %u for PHOTOMETRIC_RGB.\n",
+ argv[optind], samplesperpixel);
+ return (-1);
+ }
TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bitspersample);
if (bitspersample != 8) {
fprintf(stderr,
From 3996fa0f84f4a8b7e65fe4b8f0681711022034ea Mon Sep 17 00:00:00 2001
From: erouault <erouault>
Date: Sun, 21 Dec 2014 20:04:31 +0000
Subject: [PATCH] * tools/pal2rgb.c, tools/thumbnail.c: fix crash by disabling
TIFFTAG_INKNAMES copying. The right fix would be to properly copy it, but not
worth the burden for those esoteric utilities.
http://bugzilla.maptools.org/show_bug.cgi?id=2484 (CVE-2014-8127)
---
ChangeLog | 7 +++++++
tools/pal2rgb.c | 2 +-
tools/thumbnail.c | 2 +-
3 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/tools/pal2rgb.c b/tools/pal2rgb.c
index bfe7899..3fc3de3 100644
--- a/tools/pal2rgb.c
+++ b/tools/pal2rgb.c
@@ -372,7 +372,7 @@ static struct cpTag {
{ TIFFTAG_CLEANFAXDATA, 1, TIFF_SHORT },
{ TIFFTAG_CONSECUTIVEBADFAXLINES, 1, TIFF_LONG },
{ TIFFTAG_INKSET, 1, TIFF_SHORT },
- { TIFFTAG_INKNAMES, 1, TIFF_ASCII },
+ /*{ TIFFTAG_INKNAMES, 1, TIFF_ASCII },*/ /* Needs much more complicated logic. See tiffcp */
{ TIFFTAG_DOTRANGE, 2, TIFF_SHORT },
{ TIFFTAG_TARGETPRINTER, 1, TIFF_ASCII },
{ TIFFTAG_SAMPLEFORMAT, 1, TIFF_SHORT },
diff --git a/tools/thumbnail.c b/tools/thumbnail.c
index c50bbff..73f9c34 100644
--- a/tools/thumbnail.c
+++ b/tools/thumbnail.c
@@ -257,7 +257,7 @@ static struct cpTag {
{ TIFFTAG_CLEANFAXDATA, 1, TIFF_SHORT },
{ TIFFTAG_CONSECUTIVEBADFAXLINES, 1, TIFF_LONG },
{ TIFFTAG_INKSET, 1, TIFF_SHORT },
- { TIFFTAG_INKNAMES, 1, TIFF_ASCII },
+ /*{ TIFFTAG_INKNAMES, 1, TIFF_ASCII },*/ /* Needs much more complicated logic. See tiffcp */
{ TIFFTAG_DOTRANGE, 2, TIFF_SHORT },
{ TIFFTAG_TARGETPRINTER, 1, TIFF_ASCII },
{ TIFFTAG_SAMPLEFORMAT, 1, TIFF_SHORT },
From 1f7359b00663804d96c3a102bcb6ead9812c1509 Mon Sep 17 00:00:00 2001
From: erouault <erouault>
Date: Tue, 23 Dec 2014 10:15:35 +0000
Subject: [PATCH] * libtiff/tif_read.c: fix several invalid comparisons of a
uint64 value with <= 0 by casting it to int64 first. This solves crashing bug
on corrupted images generated by afl.
---
ChangeLog | 6 ++++++
libtiff/tif_read.c | 6 +++---
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/libtiff/tif_read.c b/libtiff/tif_read.c
index 2ba822a..dfc5b07 100644
--- a/libtiff/tif_read.c
+++ b/libtiff/tif_read.c
@@ -458,7 +458,7 @@ TIFFReadRawStrip(TIFF* tif, uint32 strip, void* buf, tmsize_t size)
return ((tmsize_t)(-1));
}
bytecount = td->td_stripbytecount[strip];
- if (bytecount <= 0) {
+ if ((int64)bytecount <= 0) {
#if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
TIFFErrorExt(tif->tif_clientdata, module,
"%I64u: Invalid strip byte count, strip %lu",
@@ -498,7 +498,7 @@ TIFFFillStrip(TIFF* tif, uint32 strip)
if ((tif->tif_flags&TIFF_NOREADRAW)==0)
{
uint64 bytecount = td->td_stripbytecount[strip];
- if (bytecount <= 0) {
+ if ((int64)bytecount <= 0) {
#if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
TIFFErrorExt(tif->tif_clientdata, module,
"Invalid strip byte count %I64u, strip %lu",
@@ -801,7 +801,7 @@ TIFFFillTile(TIFF* tif, uint32 tile)
if ((tif->tif_flags&TIFF_NOREADRAW)==0)
{
uint64 bytecount = td->td_stripbytecount[tile];
- if (bytecount <= 0) {
+ if ((int64)bytecount <= 0) {
#if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
TIFFErrorExt(tif->tif_clientdata, module,
"%I64u: Invalid tile byte count, tile %lu",
From 662f74445b2fea2eeb759c6524661118aef567ca Mon Sep 17 00:00:00 2001
From: erouault <erouault>
Date: Sun, 21 Dec 2014 15:15:31 +0000
Subject: [PATCH] Fix various crasher bugs on fuzzed images. *
libtiff/tif_dir.c: TIFFSetField(): refuse to set negative values for
TIFFTAG_XRESOLUTION and TIFFTAG_YRESOLUTION that cause asserts when writing
the directory * libtiff/tif_dirread.c: TIFFReadDirectory(): refuse to read
ColorMap or TransferFunction if BitsPerSample has not yet been read,
otherwise reading it later will cause user code to crash if BitsPerSample > 1
* libtiff/tif_getimage.c: TIFFRGBAImageOK(): return FALSE if LOGLUV with
SamplesPerPixel != 3, or if CIELAB with SamplesPerPixel != 3 or BitsPerSample
!= 8 * libtiff/tif_next.c: in the "run mode", use tilewidth for tiled images
instead of imagewidth to avoid crash * tools/bmp2tiff.c: fix crash due to int
overflow related to input BMP dimensions * tools/tiff2pdf.c: fix crash due to
invalid tile count (should likely be checked by libtiff too). Detect invalid
settings of BitsPerSample/SamplesPerPixel for CIELAB / ITULAB *
tools/tiffcrop.c: fix crash due to invalid TileWidth/TileHeight *
tools/tiffdump.c: fix crash due to overflow of entry count.
---
ChangeLog | 19 +++++++++++++++++++
libtiff/tif_dir.c | 21 +++++++++++++++++++--
libtiff/tif_dirread.c | 17 +++++++++++++++++
libtiff/tif_getimage.c | 15 +++++++++++++++
libtiff/tif_next.c | 2 ++
tools/bmp2tiff.c | 15 +++++++++++++++
tools/tiff2pdf.c | 41 +++++++++++++++++++++++++++++++++++++++++
tools/tiffcrop.c | 7 ++++---
tools/tiffdump.c | 9 ++++++---
9 files changed, 138 insertions(+), 8 deletions(-)
diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
index 98cf66d..ab43a28 100644
--- a/libtiff/tif_dir.c
+++ b/libtiff/tif_dir.c
@@ -160,6 +160,7 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
TIFFDirectory* td = &tif->tif_dir;
int status = 1;
uint32 v32, i, v;
+ double dblval;
char* s;
const TIFFField *fip = TIFFFindField(tif, tag, TIFF_ANY);
uint32 standard_tag = tag;
@@ -284,10 +285,16 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
setDoubleArrayOneValue(&td->td_smaxsamplevalue, va_arg(ap, double), td->td_samplesperpixel);
break;
case TIFFTAG_XRESOLUTION:
- td->td_xresolution = (float) va_arg(ap, double);
+ dblval = va_arg(ap, double);
+ if( dblval < 0 )
+ goto badvaluedouble;
+ td->td_xresolution = (float) dblval;
break;
case TIFFTAG_YRESOLUTION:
- td->td_yresolution = (float) va_arg(ap, double);
+ dblval = va_arg(ap, double);
+ if( dblval < 0 )
+ goto badvaluedouble;
+ td->td_yresolution = (float) dblval;
break;
case TIFFTAG_PLANARCONFIG:
v = (uint16) va_arg(ap, uint16_vap);
@@ -694,6 +701,16 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
va_end(ap);
}
return (0);
+badvaluedouble:
+ {
+ const TIFFField* fip=TIFFFieldWithTag(tif,tag);
+ TIFFErrorExt(tif->tif_clientdata, module,
+ "%s: Bad value %f for \"%s\" tag",
+ tif->tif_name, dblval,
+ fip ? fip->field_name : "Unknown");
+ va_end(ap);
+ }
+ return (0);
}
/*
diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
index 391c823..f66c9a7 100644
--- a/libtiff/tif_dirread.c
+++ b/libtiff/tif_dirread.c
@@ -3430,6 +3430,8 @@ TIFFReadDirectory(TIFF* tif)
const TIFFField* fip;
uint32 fii=FAILED_FII;
toff_t nextdiroff;
+ int bitspersample_read = FALSE;
+
tif->tif_diroff=tif->tif_nextdiroff;
if (!TIFFCheckDirOffset(tif,tif->tif_nextdiroff))
return 0; /* last offset or bad offset (IFD looping) */
@@ -3706,6 +3708,8 @@ TIFFReadDirectory(TIFF* tif)
}
if (!TIFFSetField(tif,dp->tdir_tag,value))
goto bad;
+ if( dp->tdir_tag == TIFFTAG_BITSPERSAMPLE )
+ bitspersample_read = TRUE;
}
break;
case TIFFTAG_SMINSAMPLEVALUE:
@@ -3763,6 +3767,19 @@ TIFFReadDirectory(TIFF* tif)
uint32 countrequired;
uint32 incrementpersample;
uint16* value=NULL;
+ /* It would be dangerous to instanciate those tag values */
+ /* since if td_bitspersample has not yet been read (due to */
+ /* unordered tags), it could be read afterwards with a */
+ /* values greater than the default one (1), which may cause */
+ /* crashes in user code */
+ if( !bitspersample_read )
+ {
+ fip = TIFFFieldWithTag(tif,dp->tdir_tag);
+ TIFFWarningExt(tif->tif_clientdata,module,
+ "Ignoring %s since BitsPerSample tag not found",
+ fip ? fip->field_name : "unknown tagname");
+ continue;
+ }
countpersample=(1L<<tif->tif_dir.td_bitspersample);
if ((dp->tdir_tag==TIFFTAG_TRANSFERFUNCTION)&&(dp->tdir_count==(uint64)countpersample))
{
diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c
index 074d32a..396ad08 100644
--- a/libtiff/tif_getimage.c
+++ b/libtiff/tif_getimage.c
@@ -182,8 +182,23 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
"Planarconfiguration", td->td_planarconfig);
return (0);
}
+ if( td->td_samplesperpixel != 3 )
+ {
+ sprintf(emsg,
+ "Sorry, can not handle image with %s=%d",
+ "Samples/pixel", td->td_samplesperpixel);
+ return 0;
+ }
break;
case PHOTOMETRIC_CIELAB:
+ if( td->td_samplesperpixel != 3 || td->td_bitspersample != 8 )
+ {
+ sprintf(emsg,
+ "Sorry, can not handle image with %s=%d and %s=%d",
+ "Samples/pixel", td->td_samplesperpixel,
+ "Bits/sample", td->td_bitspersample);
+ return 0;
+ }
break;
default:
sprintf(emsg, "Sorry, can not handle image with %s=%d",
diff --git a/libtiff/tif_next.c b/libtiff/tif_next.c
index 55e2537..a53c716 100644
--- a/libtiff/tif_next.c
+++ b/libtiff/tif_next.c
@@ -102,6 +102,8 @@ NeXTDecode(TIFF* tif, uint8* buf, tmsize_t occ, uint16 s)
default: {
uint32 npixels = 0, grey;
uint32 imagewidth = tif->tif_dir.td_imagewidth;
+ if( isTiled(tif) )
+ imagewidth = tif->tif_dir.td_tilewidth;
/*
* The scanline is composed of a sequence of constant
diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c
index dfda963..f202b41 100644
--- a/tools/tiff2pdf.c
+++ b/tools/tiff2pdf.c
@@ -1167,6 +1167,15 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){
if( (TIFFGetField(input, TIFFTAG_PLANARCONFIG, &xuint16) != 0)
&& (xuint16 == PLANARCONFIG_SEPARATE ) ){
TIFFGetField(input, TIFFTAG_SAMPLESPERPIXEL, &xuint16);
+ if( (t2p->tiff_tiles[i].tiles_tilecount % xuint16) != 0 )
+ {
+ TIFFError(
+ TIFF2PDF_MODULE,
+ "Invalid tile count, %s",
+ TIFFFileName(input));
+ t2p->t2p_error = T2P_ERR_ERROR;
+ return;
+ }
t2p->tiff_tiles[i].tiles_tilecount/= xuint16;
}
if( t2p->tiff_tiles[i].tiles_tilecount > 0){
@@ -1552,6 +1561,22 @@ void t2p_read_tiff_data(T2P* t2p, TIFF* input){
#endif
break;
case PHOTOMETRIC_CIELAB:
+ if( t2p->tiff_samplesperpixel != 3){
+ TIFFError(
+ TIFF2PDF_MODULE,
+ "Unsupported samplesperpixel = %d for CIELAB",
+ t2p->tiff_samplesperpixel);
+ t2p->t2p_error = T2P_ERR_ERROR;
+ return;
+ }
+ if( t2p->tiff_bitspersample != 8){
+ TIFFError(
+ TIFF2PDF_MODULE,
+ "Invalid bitspersample = %d for CIELAB",
+ t2p->tiff_bitspersample);
+ t2p->t2p_error = T2P_ERR_ERROR;
+ return;
+ }
t2p->pdf_labrange[0]= -127;
t2p->pdf_labrange[1]= 127;
t2p->pdf_labrange[2]= -127;
@@ -1567,6 +1592,22 @@ void t2p_read_tiff_data(T2P* t2p, TIFF* input){
t2p->pdf_colorspace=T2P_CS_LAB;
break;
case PHOTOMETRIC_ITULAB:
+ if( t2p->tiff_samplesperpixel != 3){
+ TIFFError(
+ TIFF2PDF_MODULE,
+ "Unsupported samplesperpixel = %d for ITULAB",
+ t2p->tiff_samplesperpixel);
+ t2p->t2p_error = T2P_ERR_ERROR;
+ return;
+ }
+ if( t2p->tiff_bitspersample != 8){
+ TIFFError(
+ TIFF2PDF_MODULE,
+ "Invalid bitspersample = %d for ITULAB",
+ t2p->tiff_bitspersample);
+ t2p->t2p_error = T2P_ERR_ERROR;
+ return;
+ }
t2p->pdf_labrange[0]=-85;
t2p->pdf_labrange[1]=85;
t2p->pdf_labrange[2]=-75;
diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
index f5530bb..4088463 100644
--- a/tools/tiffcrop.c
+++ b/tools/tiffcrop.c
@@ -1205,9 +1205,10 @@ static int writeBufferToContigTiles (TIFF* out, uint8* buf, uint32 imagelength,
tsize_t tilesize = TIFFTileSize(out);
unsigned char *tilebuf = NULL;
- TIFFGetField(out, TIFFTAG_TILELENGTH, &tl);
- TIFFGetField(out, TIFFTAG_TILEWIDTH, &tw);
- TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps);
+ if( !TIFFGetField(out, TIFFTAG_TILELENGTH, &tl) ||
+ !TIFFGetField(out, TIFFTAG_TILEWIDTH, &tw) ||
+ !TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps) )
+ return 1;
tile_buffsize = tilesize;
if (tilesize < (tsize_t)(tl * tile_rowsize))
diff --git a/tools/tiffdump.c b/tools/tiffdump.c
index cf5d62f..8247765 100644
--- a/tools/tiffdump.c
+++ b/tools/tiffdump.c
@@ -374,6 +374,8 @@ ReadDirectory(int fd, unsigned int ix, uint64 off)
void* datamem;
uint64 dataoffset;
int datatruncated;
+ int datasizeoverflow;
+
tag = *(uint16*)dp;
if (swabflag)
TIFFSwabShort(&tag);
@@ -412,13 +414,14 @@ ReadDirectory(int fd, unsigned int ix, uint64 off)
else
typewidth = datawidth[type];
datasize = count*typewidth;
+ datasizeoverflow = (typewidth > 0 && datasize / typewidth != count);
datafits = 1;
datamem = dp;
dataoffset = 0;
datatruncated = 0;
if (!bigtiff)
{
- if (datasize>4)
+ if (datasizeoverflow || datasize>4)
{
uint32 dataoffset32;
datafits = 0;
@@ -432,7 +435,7 @@ ReadDirectory(int fd, unsigned int ix, uint64 off)
}
else
{
- if (datasize>8)
+ if (datasizeoverflow || datasize>8)
{
datafits = 0;
datamem = NULL;
@@ -442,7 +445,7 @@ ReadDirectory(int fd, unsigned int ix, uint64 off)
}
dp += sizeof(uint64);
}
- if (datasize>0x10000)
+ if (datasizeoverflow || datasize>0x10000)
{
datatruncated = 1;
count = 0x10000/typewidth;
From 3206e0c752a62da1ae606867113ed3bf9bf73306 Mon Sep 17 00:00:00 2001
From: erouault <erouault>
Date: Sun, 21 Dec 2014 19:53:59 +0000
Subject: [PATCH] * tools/thumbnail.c: fix out-of-buffer write
http://bugzilla.maptools.org/show_bug.cgi?id=2489 (CVE-2014-8128)
---
ChangeLog | 5 +++++
tools/thumbnail.c | 8 +++++++-
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/tools/thumbnail.c b/tools/thumbnail.c
index fab63f6..c50bbff 100644
--- a/tools/thumbnail.c
+++ b/tools/thumbnail.c
@@ -568,7 +568,13 @@ setImage1(const uint8* br, uint32 rw, uint32 rh)
err -= limit;
sy++;
if (err >= limit)
- rows[nrows++] = br + bpr*sy;
+ {
+ /* We should perhaps error loudly, but I can't make sense of that */
+ /* code... */
+ if( nrows == 256 )
+ break;
+ rows[nrows++] = br + bpr*sy;
+ }
}
setrow(row, nrows, rows);
row += tnw;
From 8b6e80fca434525497e5a31c3309a3bab5b3c1c8 Mon Sep 17 00:00:00 2001
From: erouault <erouault>
Date: Sun, 21 Dec 2014 18:52:42 +0000
Subject: [PATCH] * tools/thumbnail.c, tools/tiffcmp.c: only read/write
TIFFTAG_GROUP3OPTIONS or TIFFTAG_GROUP4OPTIONS if compression is
COMPRESSION_CCITTFAX3 or COMPRESSION_CCITTFAX4
http://bugzilla.maptools.org/show_bug.cgi?id=2493 (CVE-2014-8128)
---
ChangeLog | 7 +++++++
tools/thumbnail.c | 21 ++++++++++++++++++++-
tools/tiffcmp.c | 17 +++++++++++++++--
3 files changed, 42 insertions(+), 3 deletions(-)
diff --git a/tools/thumbnail.c b/tools/thumbnail.c
index a98a881..fab63f6 100644
--- a/tools/thumbnail.c
+++ b/tools/thumbnail.c
@@ -274,7 +274,26 @@ cpTags(TIFF* in, TIFF* out)
{
struct cpTag *p;
for (p = tags; p < &tags[NTAGS]; p++)
- cpTag(in, out, p->tag, p->count, p->type);
+ {
+ /* Horrible: but TIFFGetField() expects 2 arguments to be passed */
+ /* if we request a tag that is defined in a codec, but that codec */
+ /* isn't used */
+ if( p->tag == TIFFTAG_GROUP3OPTIONS )
+ {
+ uint16 compression;
+ if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) ||
+ compression != COMPRESSION_CCITTFAX3 )
+ continue;
+ }
+ if( p->tag == TIFFTAG_GROUP4OPTIONS )
+ {
+ uint16 compression;
+ if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) ||
+ compression != COMPRESSION_CCITTFAX4 )
+ continue;
+ }
+ cpTag(in, out, p->tag, p->count, p->type);
+ }
}
#undef NTAGS
diff --git a/tools/tiffcmp.c b/tools/tiffcmp.c
index 508a461..d6392af 100644
--- a/tools/tiffcmp.c
+++ b/tools/tiffcmp.c
@@ -260,6 +260,7 @@ tiffcmp(TIFF* tif1, TIFF* tif2)
static int
cmptags(TIFF* tif1, TIFF* tif2)
{
+ uint16 compression1, compression2;
CmpLongField(TIFFTAG_SUBFILETYPE, "SubFileType");
CmpLongField(TIFFTAG_IMAGEWIDTH, "ImageWidth");
CmpLongField(TIFFTAG_IMAGELENGTH, "ImageLength");
@@ -276,8 +277,20 @@ cmptags(TIFF* tif1, TIFF* tif2)
CmpShortField(TIFFTAG_SAMPLEFORMAT, "SampleFormat");
CmpFloatField(TIFFTAG_XRESOLUTION, "XResolution");
CmpFloatField(TIFFTAG_YRESOLUTION, "YResolution");
- CmpLongField(TIFFTAG_GROUP3OPTIONS, "Group3Options");
- CmpLongField(TIFFTAG_GROUP4OPTIONS, "Group4Options");
+ if( TIFFGetField(tif1, TIFFTAG_COMPRESSION, &compression1) &&
+ compression1 == COMPRESSION_CCITTFAX3 &&
+ TIFFGetField(tif2, TIFFTAG_COMPRESSION, &compression2) &&
+ compression2 == COMPRESSION_CCITTFAX3 )
+ {
+ CmpLongField(TIFFTAG_GROUP3OPTIONS, "Group3Options");
+ }
+ if( TIFFGetField(tif1, TIFFTAG_COMPRESSION, &compression1) &&
+ compression1 == COMPRESSION_CCITTFAX4 &&
+ TIFFGetField(tif2, TIFFTAG_COMPRESSION, &compression2) &&
+ compression2 == COMPRESSION_CCITTFAX4 )
+ {
+ CmpLongField(TIFFTAG_GROUP4OPTIONS, "Group4Options");
+ }
CmpShortField(TIFFTAG_RESOLUTIONUNIT, "ResolutionUnit");
CmpShortField(TIFFTAG_PLANARCONFIG, "PlanarConfiguration");
CmpLongField(TIFFTAG_ROWSPERSTRIP, "RowsPerStrip");
From 266bc48054b018a2f1d74562aa48eb2f509436d5 Mon Sep 17 00:00:00 2001
From: erouault <erouault>
Date: Sun, 21 Dec 2014 17:36:36 +0000
Subject: [PATCH] * tools/tiff2pdf.c: check return code of TIFFGetField() when
reading TIFFTAG_SAMPLESPERPIXEL
---
ChangeLog | 5 +++++
tools/tiff2pdf.c | 10 +++++++++-
2 files changed, 14 insertions(+), 1 deletion(-)
Index: tiff-4.0.3/tools/tiff2pdf.c
===================================================================
--- tiff-4.0.3.orig/tools/tiff2pdf.c
+++ tiff-4.0.3/tools/tiff2pdf.c
@@ -1164,7 +1164,15 @@ void t2p_read_tiff_init(T2P* t2p, TIFF*
t2p->tiff_pages[i].page_tilecount;
if( (TIFFGetField(input, TIFFTAG_PLANARCONFIG, &xuint16) != 0)
&& (xuint16 == PLANARCONFIG_SEPARATE ) ){
- TIFFGetField(input, TIFFTAG_SAMPLESPERPIXEL, &xuint16);
+ if( !TIFFGetField(input, TIFFTAG_SAMPLESPERPIXEL, &xuint16) )
+ {
+ TIFFError(
+ TIFF2PDF_MODULE,
+ "Missing SamplesPerPixel, %s",
+ TIFFFileName(input));
+ t2p->t2p_error = T2P_ERR_ERROR;
+ return;
+ }
if( (t2p->tiff_tiles[i].tiles_tilecount % xuint16) != 0 )
{
TIFFError(
From cd82b5267ad4c10eb91e4ee8a716a81362cf851c Mon Sep 17 00:00:00 2001
From: erouault <erouault>
Date: Sun, 21 Dec 2014 18:07:48 +0000
Subject: [PATCH] * libtiff/tif_next.c: check that BitsPerSample = 2. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2487 (CVE-2014-8129)
---
ChangeLog | 5 +++++
libtiff/tif_next.c | 17 +++++++++++++++++
2 files changed, 22 insertions(+)
diff --git a/libtiff/tif_next.c b/libtiff/tif_next.c
index a53c716..d834196 100644
--- a/libtiff/tif_next.c
+++ b/libtiff/tif_next.c
@@ -141,10 +141,27 @@ NeXTDecode(TIFF* tif, uint8* buf, tmsize_t occ, uint16 s)
return (0);
}
+static int
+NeXTPreDecode(TIFF* tif, uint16 s)
+{
+ static const char module[] = "NeXTPreDecode";
+ TIFFDirectory *td = &tif->tif_dir;
+ (void)s;
+
+ if( td->td_bitspersample != 2 )
+ {
+ TIFFErrorExt(tif->tif_clientdata, module, "Unsupported BitsPerSample = %d",
+ td->td_bitspersample);
+ return (0);
+ }
+ return (1);
+}
+
int
TIFFInitNeXT(TIFF* tif, int scheme)
{
(void) scheme;
+ tif->tif_predecode = NeXTPreDecode;
tif->tif_decoderow = NeXTDecode;
tif->tif_decodestrip = NeXTDecode;
tif->tif_decodetile = NeXTDecode;
From 40a5955cbf0df62b1f9e9bd7d9657b0070725d19 Mon Sep 17 00:00:00 2001
From: erouault <erouault>
Date: Mon, 29 Dec 2014 12:09:11 +0000
Subject: [PATCH] * libtiff/tif_next.c: add new tests to check that we don't
read outside of the compressed input stream buffer.
* libtiff/tif_getimage.c: in OJPEG case, fix checks on strile width/height
---
ChangeLog | 9 +++++++++
libtiff/tif_getimage.c | 12 +++++++-----
libtiff/tif_next.c | 4 +++-
3 files changed, 19 insertions(+), 6 deletions(-)
diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c
index a4f46d9..3ad8ee7 100644
--- a/libtiff/tif_getimage.c
+++ b/libtiff/tif_getimage.c
@@ -1871,7 +1871,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr42tile)
(void) y;
fromskew = (fromskew * 10) / 4;
- if ((h & 3) == 0 && (w & 1) == 0) {
+ if ((w & 3) == 0 && (h & 1) == 0) {
for (; h >= 2; h -= 2) {
x = w>>2;
do {
@@ -1948,7 +1948,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr41tile)
/* XXX adjust fromskew */
do {
x = w>>2;
- do {
+ while(x>0) {
int32 Cb = pp[4];
int32 Cr = pp[5];
@@ -1959,7 +1959,8 @@ DECLAREContigPutFunc(putcontig8bitYCbCr41tile)
cp += 4;
pp += 6;
- } while (--x);
+ x--;
+ }
if( (w&3) != 0 )
{
@@ -2050,7 +2051,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr21tile)
fromskew = (fromskew * 4) / 2;
do {
x = w>>1;
- do {
+ while(x>0) {
int32 Cb = pp[2];
int32 Cr = pp[3];
@@ -2059,7 +2060,8 @@ DECLAREContigPutFunc(putcontig8bitYCbCr21tile)
cp += 2;
pp += 4;
- } while (--x);
+ x --;
+ }
if( (w&1) != 0 )
{
diff --git a/libtiff/tif_next.c b/libtiff/tif_next.c
index d834196..dd669cc 100644
--- a/libtiff/tif_next.c
+++ b/libtiff/tif_next.c
@@ -71,7 +71,7 @@ NeXTDecode(TIFF* tif, uint8* buf, tmsize_t occ, uint16 s)
TIFFErrorExt(tif->tif_clientdata, module, "Fractional scanlines cannot be read");
return (0);
}
- for (row = buf; occ > 0; occ -= scanline, row += scanline) {
+ for (row = buf; cc > 0 && occ > 0; occ -= scanline, row += scanline) {
n = *bp++, cc--;
switch (n) {
case LITERALROW:
@@ -90,6 +90,8 @@ NeXTDecode(TIFF* tif, uint8* buf, tmsize_t occ, uint16 s)
* The scanline has a literal span that begins at some
* offset.
*/
+ if( cc < 4 )
+ goto bad;
off = (bp[0] * 256) + bp[1];
n = (bp[2] * 256) + bp[3];
if (cc < 4+n || off+n > scanline)
Picked from CVE: diff -u -r1.14 -r1.15
http://bugzilla.maptools.org/show_bug.cgi?id=2501
Author: Even Rouault <even.rouault@spatialys.com>
--- tiff-4.0.3.orig/tools/tiffdither.c
+++ tiff-4.0.3/tools/tiffdither.c
@@ -39,6 +39,7 @@
#endif
#include "tiffio.h"
+#include "tiffiop.h"
#define streq(a,b) (strcmp(a,b) == 0)
#define strneq(a,b,n) (strncmp(a,b,n) == 0)
@@ -56,7 +57,7 @@ static void usage(void);
* Floyd-Steinberg error propragation with threshold.
* This code is stolen from tiffmedian.
*/
-static void
+static int
fsdither(TIFF* in, TIFF* out)
{
unsigned char *outline, *inputline, *inptr;
@@ -68,14 +69,19 @@ fsdither(TIFF* in, TIFF* out)
int lastline, lastpixel;
int bit;
tsize_t outlinesize;
+ int errcode = 0;
imax = imagelength - 1;
jmax = imagewidth - 1;
inputline = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(in));
- thisline = (short *)_TIFFmalloc(imagewidth * sizeof (short));
- nextline = (short *)_TIFFmalloc(imagewidth * sizeof (short));
+ thisline = (short *)_TIFFmalloc(TIFFSafeMultiply(tmsize_t, imagewidth, sizeof (short)));
+ nextline = (short *)_TIFFmalloc(TIFFSafeMultiply(tmsize_t, imagewidth, sizeof (short)));
outlinesize = TIFFScanlineSize(out);
outline = (unsigned char *) _TIFFmalloc(outlinesize);
+ if (! (inputline && thisline && nextline && outline)) {
+ fprintf(stderr, "Out of memory.\n");
+ goto skip_on_error;
+ }
/*
* Get first line
@@ -93,7 +99,7 @@ fsdither(TIFF* in, TIFF* out)
nextline = tmpptr;
lastline = (i == imax);
if (TIFFReadScanline(in, inputline, i, 0) <= 0)
- break;
+ goto skip_on_error;
inptr = inputline;
nextptr = nextline;
for (j = 0; j < imagewidth; ++j)
@@ -131,13 +137,18 @@ fsdither(TIFF* in, TIFF* out)
}
}
if (TIFFWriteScanline(out, outline, i-1, 0) < 0)
- break;
+ goto skip_on_error;
}
+ goto exit_label;
+
skip_on_error:
+ errcode = 1;
+ exit_label:
_TIFFfree(inputline);
_TIFFfree(thisline);
_TIFFfree(nextline);
_TIFFfree(outline);
+ return errcode;
}
static uint16 compression = COMPRESSION_PACKBITS;
Patches by Petr Gajdos (pgajdos@suse.cz) from
http://bugzilla.maptools.org/show_bug.cgi?id=2499
--- tiff-4.0.3.orig/libtiff/tif_dirinfo.c
+++ tiff-4.0.3/libtiff/tif_dirinfo.c
@@ -141,6 +141,8 @@ tiffFields[] = {
{ TIFFTAG_FAXDCS, -1, -1, TIFF_ASCII, 0, TIFF_SETGET_ASCII, TIFF_SETGET_ASCII, FIELD_CUSTOM, TRUE, FALSE, "FaxDcs", NULL },
{ TIFFTAG_STONITS, 1, 1, TIFF_DOUBLE, 0, TIFF_SETGET_DOUBLE, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "StoNits", NULL },
{ TIFFTAG_INTEROPERABILITYIFD, 1, 1, TIFF_IFD8, 0, TIFF_SETGET_UNDEFINED, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "InteroperabilityIFDOffset", NULL },
+ { TIFFTAG_CONSECUTIVEBADFAXLINES, 1, 1, TIFF_LONG, 0, TIFF_SETGET_UINT32, TIFF_SETGET_UINT32, FIELD_CUSTOM, TRUE, FALSE, "ConsecutiveBadFaxLines", NULL },
+ { TIFFTAG_PREDICTOR, 1, 1, TIFF_SHORT, 0, TIFF_SETGET_UINT16, TIFF_SETGET_UINT16, FIELD_CUSTOM, FALSE, FALSE, "Predictor", NULL },
/* begin DNG tags */
{ TIFFTAG_DNGVERSION, 4, 4, TIFF_BYTE, 0, TIFF_SETGET_C0_UINT8, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "DNGVersion", NULL },
{ TIFFTAG_DNGBACKWARDVERSION, 4, 4, TIFF_BYTE, 0, TIFF_SETGET_C0_UINT8, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "DNGBackwardVersion", NULL },
component/mariadb/buildout.cfg
View file @ 7c87afa6
......@@ -22,9 +22,9 @@ parts =
[mariadb]
recipe = slapos.recipe.cmmi
version = 10.1.19
version = 10.1.20
url = https://downloads.mariadb.org/f/mariadb-${:version}/source/mariadb-${:version}.tar.gz/from/http:/ftp.osuosl.org/pub/mariadb/?serve
md5sum = e22e491eb3766bc3151cc0e96a7531c2
md5sum = 623226918fd711e414ad240287284b5b
location = ${buildout:parts-directory}/${:_buildout_section_name_}
patch-options = -p0
patches =
......@@ -70,8 +70,8 @@ post-install =
# mroonga - a storage engine for MySQL. It provides fast fulltext search feature to all MySQL users.
# http://mroonga.github.com/
recipe = slapos.recipe.cmmi
url = http://packages.groonga.org/source/mroonga/mroonga-6.09.tar.gz
md5sum = ac8672d81d6a8ceb13c2a9092f19541f
url = http://packages.groonga.org/source/mroonga/mroonga-6.11.tar.gz
md5sum = 1c30bb6d89dbee0cc2f9b0a5cfaaccf0
pre-configure =
mkdir fake_mariadb_source &&
ln -s ${mariadb:location}/include/mysql/private fake_mariadb_source/sql
......
component/openssh/buildout.cfg
View file @ 7c87afa6
......@@ -15,8 +15,8 @@ parts =
[openssh]
recipe = slapos.recipe.cmmi
md5sum = dfadd9f035d38ce5d58a3bf130b86d08
url = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.3p1.tar.gz
md5sum = b2db2a83caf66a208bb78d6d287cdaa3
url = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.4p1.tar.gz
patch-binary = ${patch:location}/bin/patch
#patch-options = -p1
patches =
......
component/openvpn/buildout.cfg
View file @ 7c87afa6
......@@ -10,8 +10,8 @@ parts =
[openvpn]
recipe = slapos.recipe.cmmi
url = https://swupdate.openvpn.org/community/releases/openvpn-2.3.12.tar.xz
md5sum = 63326bab2ebb9efe3c7becaa4f15e1c1
url = https://swupdate.openvpn.org/community/releases/openvpn-2.3.14.tar.xz
md5sum = 70fc1e9c74ba2e6d7f7e320313dc3a7b
configure-options =
--disable-dependency-tracking
--disable-plugin-auth-pam
......@@ -19,9 +19,9 @@ environment =
PATH=${xz-utils:location}/bin:%(PATH)s
LZO_LIBS=-L${lzo:location}/lib -llzo2
LZO_CFLAGS=-I${lzo:location}/include
OPENSSL_SSL_LIBS="-L${openssl:location}/lib -lssl"
OPENSSL_SSL_CFLAGS="-I${openssl:location}/include/"
OPENSSL_CRYPTO_LIBS="-L${openssl:location}/lib -lcrypto"
OPENSSL_CRYPTO_CFLAGS="-I${openssl:location}/include"
OPENSSL_SSL_LIBS=-L${openssl:location}/lib -lssl
OPENSSL_SSL_CFLAGS=-I${openssl:location}/include
OPENSSL_CRYPTO_LIBS=-L${openssl:location}/lib -lcrypto
OPENSSL_CRYPTO_CFLAGS=-I${openssl:location}/include
LDFLAGS =-Wl,-rpath=${lzo:location}/lib -Wl,-rpath=${flex:location}/lib -Wl,-rpath=${openssl:location}/lib
CPPFLAGS=-I${lzo:location}/include -I${flex:location}/include
component/python-2.7/buildout.cfg
View file @ 7c87afa6
......@@ -28,9 +28,9 @@ python = python2.7
[python2.7]
recipe = slapos.recipe.cmmi
package_version = 2.7.12
package_version = 2.7.13
package_version_suffix =
md5sum = 57dffcee9cee8bb2ab5f82af1d8e9a69
md5sum = 53b43534153bb2a0363f08bae8b9d990
# This is actually the default setting for prefix, but we can't use it in
# other settings in this part if we don't set it explicitly here.
......
component/qemu-kvm/buildout.cfg
View file @ 7c87afa6
......@@ -19,8 +19,8 @@ extends =
[kvm]
recipe = slapos.recipe.cmmi
# qemu-kvm and qemu are now the same since 1.3.
url = http://wiki.qemu-project.org/download/qemu-2.7.0.tar.bz2
md5sum = 08d4d06d1cb598efecd796137f4844ab
url = http://wiki.qemu-project.org/download/qemu-2.8.0.tar.bz2
md5sum = 17940dce063b6ce450a12e719a6c9c43
configure-options =
--target-list="$(uname -m 2>/dev/null|sed 's,^i[456]86$,i386,')-softmmu"
--enable-system
......
component/rina-tools/buildout.cfg
View file @ 7c87afa6
......@@ -10,7 +10,7 @@ parts = rina-tools
[irati-stack]
recipe = slapos.recipe.build:gitclone
repository = https://github.com/jmuchemb/irati-stack.git
revision = af3cd8350ec43ab2d309c785daf0dd16d3835005
revision = 2e1cdbcb497f9b088fa5a9ff9489df2f59d81d07
git-executable = ${git:location}/bin/git
[rina-tools]
......
component/wkhtmltopdf/buildout.cfg
View file @ 7c87afa6
......@@ -2,21 +2,23 @@
extends =
../fontconfig/buildout.cfg
../tar/buildout.cfg
../xorg/buildout.cfg
parts =
tar
wkhtmltopdf
[wkhtmltopdf]
recipe = slapos.recipe.build
# here, two %s are used, first one is for directory name (eg. x86_64), and second one is for filename (eg. x86-64).
url_x86-64 = http://wkhtmltopdf.googlecode.com/files/wkhtmltopdf-0.11.0_rc1-static-amd64.tar.bz2
url_x86 = http://wkhtmltopdf.googlecode.com/files/wkhtmltopdf-0.11.0_rc1-static-i386.tar.bz2
url_x86-64 = http://download.gna.org/wkhtmltopdf/0.12/0.12.4/wkhtmltox-0.12.4_linux-generic-amd64.tar.xz
url_x86 = http://download.gna.org/wkhtmltopdf/0.12/0.12.4/wkhtmltox-0.12.4_linux-generic-i386.tar.xz
# supported architectures md5sums
md5sum_x86 = d796cfb66e45673d8f6728b61f34d5e0
md5sum_x86-64 = 02a2c6963728b69b8e329dcbf1f4c7e1
md5sum_x86 = ce1a2c0b2cf786ccc5d5828c42c99ddd
md5sum_x86-64 = 96b7306cebb9e65355f69f7ab63df68b
# script to install.
script =
......@@ -28,14 +30,19 @@ script =
platform = guessPlatform()
url = self.options['url_' + platform]
md5sum = self.options['md5sum_' + platform]
extract_dir = self.extract(self.download(url, md5sum))
shutil.move(extract_dir, location)
path = self.download(url, md5sum)
import tempfile
extract_dir = tempfile.mkdtemp(self.name)
self.cleanup_dir_list.append(extract_dir)
self.logger.debug('Created working directory ' + repr(extract_dir))
call(["${tar:location}/bin/tar", "xJf", path, "-C", extract_dir])
shutil.move(os.path.join(extract_dir, "wkhtmltox"), location)
wrapper_location = os.path.join("%(location)s", "wkhtmltopdf")
wrapper = open(wrapper_location, 'w')
wrapper.write("""#!${dash:location}/bin/dash
cd %(location)s
export LD_LIBRARY_PATH=%(location)s:${libXrender:location}/lib/:${fontconfig:location}/lib/:${libX11:location}/lib/:${libXext:location}/lib/
export LD_LIBRARY_PATH=%(location)s/lib/:${libXrender:location}/lib/:${fontconfig:location}/lib/:${libX11:location}/lib/:${libXext:location}/lib/
export PATH=${fontconfig:location}/bin:$PATH
exec %(location)s/wkhtmltopdf-""" + WK_SUFIX_MAP[platform]+ """ $*""")
exec %(location)s/bin/wkhtmltopdf "$@"
""")
wrapper.close()
os.chmod(wrapper_location, 0755)
setup.py
View file @ 7c87afa6
......@@ -28,7 +28,7 @@ from setuptools import setup, find_packages
import glob
import os
version = '1.0.43'
version = '1.0.44'
name = 'slapos.cookbook'
long_description = open("README.rst").read() + "\n" + \
open("CHANGES.rst").read() + "\n"
......
slapos/recipe/dropbear.py
View file @ 7c87afa6
......@@ -24,8 +24,7 @@
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
import os
import itertools
import errno, os
from slapos.recipe.librecipe import GenericBaseRecipe
class KnownHostsFile(dict):
......@@ -55,40 +54,6 @@ class KnownHostsFile(dict):
def __exit__(self, exc_type, exc_value, traceback):
self._dump()
class AuthorizedKeysFile(object):
def __init__(self, filename):
self.filename = filename
def append(self, key):
"""Append the key to the file if the key's not in the file
"""
# Create the file it it does not exist
try:
file_ = os.open(self.filename, os.O_CREAT | os.O_EXCL)
os.close(file_)
except:
pass
with open(self.filename, 'r') as keyfile:
# itertools.imap avoid loading all the authorized_keys file in
# memory which would be counterproductive.
present = (key.strip() in itertools.imap(lambda k: k.strip(),
keyfile))
try:
keyfile.seek(-1, os.SEEK_END)
ended_by_newline = (keyfile.read() == '\n')
except IOError:
ended_by_newline = True
if not present:
with open(self.filename, 'a') as keyfile:
if not ended_by_newline:
keyfile.write('\n')
keyfile.write(key.strip())
class Recipe(GenericBaseRecipe):
def install(self):
......@@ -164,37 +129,29 @@ class Client(GenericBaseRecipe):
return [wrapper]
def keysplit(s):
"""
Split a string like "ssh-rsa AKLFKJSL..... ssh-rsa AAAASAF...."
and return the individual key_type + key strings.
TODO: handle comments in ssh keys, which are generated
by default at key creation.
"""
s = s.replace('\n', ' ')
si = iter(s.split(' '))
while True:
key_type = next(si)
if key_type == '':
continue
try:
key_value = next(si)
except StopIteration:
# odd number of elements, should not happen
break
yield '%s %s' % (key_type, key_value)
class AddAuthorizedKey(GenericBaseRecipe):
def install(self):
key = self.options['key']
ssh = self.createDirectory(self.options['home'], '.ssh')
authorized_keys = AuthorizedKeysFile(os.path.join(ssh, 'authorized_keys'))
for key in keysplit(self.options['key']):
# XXX key might actually be the string 'None' or 'null'
authorized_keys.append(key)
return [authorized_keys.filename]
filename = os.path.join(ssh, 'authorized_keys')
try:
with open(filename) as f:
if f.read() == key:
return [filename]
except IOError as e:
if e.errno != errno.ENOENT:
raise
# Atomic update.
tmp = filename + '.new'
try:
with open(tmp, 'w') as f:
f.write(key)
os.rename(tmp, filename)
finally:
try:
os.remove(tmp)
except OSError as e:
if e.errno != errno.ENOENT:
raise
return [filename]
slapos/recipe/neoppod.py
View file @ 7c87afa6
......@@ -43,7 +43,6 @@ class NeoBaseRecipe(GenericBaseRecipe):
# useful, as per NEO deploying constraints.
raise UserError('"masters" parameter is mandatory')
option_list = [
options['binary'],
'-l', options['logfile'],
'-m', options['masters'],
'-b', self._getBindingAddress(),
......@@ -59,9 +58,9 @@ class NeoBaseRecipe(GenericBaseRecipe):
'--key', etc + 'neo.key',
)
option_list.extend(self._getOptionList())
return [self.createPythonScript(
return [self.createWrapper(
options['wrapper'],
'slapos.recipe.librecipe.execute.execute',
options['binary'],
option_list
)]
......
slapos/recipe/pbs.py
View file @ 7c87afa6
......@@ -65,6 +65,7 @@ def promise(args):
class Recipe(GenericSlapRecipe, Notify, Callback):
def _options(self, options):
options['rdiff-backup-data-folder'] = ""
if 'slave-instance-list' in options:
for slave in json.loads(options['slave-instance-list']):
if slave['type'] == 'pull':
......@@ -87,9 +88,7 @@ class Recipe(GenericSlapRecipe, Notify, Callback):
--restore-as-of now \\
--force \\
%(local_dir)s \\
%(remote_dir)s; do
echo "repeating rdiff-backup..."
sleep 10
%(remote_dir)s
""")
template_dict = {
......
slapos/recipe/wrapper.py
View file @ 7c87afa6
......@@ -37,6 +37,7 @@ class Recipe(GenericBaseRecipe):
wait_files = self.options.get('wait-for-files')
environment = self.options.get('environment')
parameters_extra = self.options.get('parameters-extra')
pidfile = self.options.get('pidfile')
if not wait_files and not environment:
# Create a simple wrapper as shell script
......@@ -45,6 +46,7 @@ class Recipe(GenericBaseRecipe):
command=command_line[0],
parameters=command_line[1:],
parameters_extra=parameters_extra,
pidfile=pidfile,
)]
# More complex needs: create a Python script as wrapper
......@@ -72,5 +74,7 @@ class Recipe(GenericBaseRecipe):
name=wrapper_path,
command=python_script,
parameters=[],
parameters_extra=parameters_extra) ]
parameters_extra=parameters_extra,
pidfile=pidfile,
)]
slapos/test/recipe/test_dropbear.py deleted 100644 → 0
View file @ ea1bce1f
import unittest
from slapos.recipe.dropbear import keysplit
class TestAuthorizedKey(unittest.TestCase):
def test_keysplit_on_2_keys(self):
given_key_list = [
"""ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDX0juuOAibEjr3K116XZy/kc+6TrxsduaiAKSKgq+ktlgL2hbLmDKaXXbF6xbp8qUNUH3rkMXY3ujFRVGP+MMNkasaxlRBS/rXVwj4uQvSkOQXLWCOkHlwIsrS4xZ3yBXzYDz3yOXL4wQn2wzXrbR3ByxtAoZ/puLGJNvYC3i+LH33cif/SUkEWCyTT5fbLDb5rswjWgrf3v+MzXxuRYZl0rjvi31Ku/mIpLl7Jb7K8a71iQD7xUbEd6GxUORzWNbTrn4rQbUhybOOFc8PnMQJ6wb5vYvwr3UraJq64rH9WRhHak8a25mmBN00h4izEVC+AyrrdZ7Txfa0F2vGxyj/MM56NMAQW4dTkKLju71AXWZkhg2I5kiBgjGmGWyXDgxoKjJVHMJziKf9tqg1pFeDlHI0Q38zmYgCaORNpC+1nG2ydx1/gB9kTky+risJmrc81YlWtZ7lEjpCtSmcAEFIGDHvy0MbZu8UwvykKpGWASIgi4gTapPXjgcvb47cO0JOSZlCwzqrmB3qv/PChOsrpdUljRoB0r1ciWAlHWq2vMEWGQD3uJu6KQ3Dxl7eQp4IFlO65uqtyxkz/t72JeoEAn7lHFd19gGn2QikaD0MPNVL1y/py49WDCPG5tvPubJE6IDky0IrFCFuKegSUtQ0N9BAUAAmesTddSzIPVbr5Q==
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDm2q2ROZIatffz8f1d/9poPlFwflQwDv3EM8Ey674I9GFO9tHQTl2Y8Cp8KlJEGIwiSHJH4J+0F/MrqmwbShHA/R+ocoTAv3nubWGqdKll4o7/wMfHh/7l9H1nqvY3McXO+yjbjbpA2fGFEzQX+Z+j6g+mzrlcYnPB0Bjpc/sPGeOSCfTGmw+BjsxkkwQEvYarZriM1eCz9i7aYJ87OSFgDyo96Dj9ke7EHOESYV0LzxN2WLN/3pYGTdr3Dg18krupCP+X3FAdgd+WP9TXKEcMFHcVs6y7Lyzis52irgEpSysqoOImQ8hdyLs/0oamXCnePoAzzHeTlw8IpUvhpTSYYtWMtCv9velIvxHsnSu87k3HD1jsZ/SZtsrrUwEFMs/9Z8wZQ6q5/GAKo6LRsXxv+BXpXNwc6K3qqxMi5D4TD0p7GBOuz6xmpzScr9eQVn1OqoekDvkdzeXmkOZC01XrJJfD1GA8fjUk7M2OTWeINNSNFiL3ovgz6cMDSuJq39vMPeH2CBW9ozjtMmODlmwEot4FHu3mq5eoajrJnpmpi7oJ6ks8icafs3GTIJDg6sAF3M3oxMXfVVKEUaqvYihq0u9T1qBjU4/raTWjUj2/DhVDNa0gX6OE/xUIdMZMqeeVHndFqb1lkORiPoXcTrD734HNvrmW73rI5TBWMK86RQ==""",
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDX0juuOAibEjr3K116XZy/kc+6TrxsduaiAKSKgq+ktlgL2hbLmDKaXXbF6xbp8qUNUH3rkMXY3ujFRVGP+MMNkasaxlRBS/rXVwj4uQvSkOQXLWCOkHlwIsrS4xZ3yBXzYDz3yOXL4wQn2wzXrbR3ByxtAoZ/puLGJNvYC3i+LH33cif/SUkEWCyTT5fbLDb5rswjWgrf3v+MzXxuRYZl0rjvi31Ku/mIpLl7Jb7K8a71iQD7xUbEd6GxUORzWNbTrn4rQbUhybOOFc8PnMQJ6wb5vYvwr3UraJq64rH9WRhHak8a25mmBN00h4izEVC+AyrrdZ7Txfa0F2vGxyj/MM56NMAQW4dTkKLju71AXWZkhg2I5kiBgjGmGWyXDgxoKjJVHMJziKf9tqg1pFeDlHI0Q38zmYgCaORNpC+1nG2ydx1/gB9kTky+risJmrc81YlWtZ7lEjpCtSmcAEFIGDHvy0MbZu8UwvykKpGWASIgi4gTapPXjgcvb47cO0JOSZlCwzqrmB3qv/PChOsrpdUljRoB0r1ciWAlHWq2vMEWGQD3uJu6KQ3Dxl7eQp4IFlO65uqtyxkz/t72JeoEAn7lHFd19gGn2QikaD0MPNVL1y/py49WDCPG5tvPubJE6IDky0IrFCFuKegSUtQ0N9BAUAAmesTddSzIPVbr5Q== ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDm2q2ROZIatffz8f1d/9poPlFwflQwDv3EM8Ey674I9GFO9tHQTl2Y8Cp8KlJEGIwiSHJH4J+0F/MrqmwbShHA/R+ocoTAv3nubWGqdKll4o7/wMfHh/7l9H1nqvY3McXO+yjbjbpA2fGFEzQX+Z+j6g+mzrlcYnPB0Bjpc/sPGeOSCfTGmw+BjsxkkwQEvYarZriM1eCz9i7aYJ87OSFgDyo96Dj9ke7EHOESYV0LzxN2WLN/3pYGTdr3Dg18krupCP+X3FAdgd+WP9TXKEcMFHcVs6y7Lyzis52irgEpSysqoOImQ8hdyLs/0oamXCnePoAzzHeTlw8IpUvhpTSYYtWMtCv9velIvxHsnSu87k3HD1jsZ/SZtsrrUwEFMs/9Z8wZQ6q5/GAKo6LRsXxv+BXpXNwc6K3qqxMi5D4TD0p7GBOuz6xmpzScr9eQVn1OqoekDvkdzeXmkOZC01XrJJfD1GA8fjUk7M2OTWeINNSNFiL3ovgz6cMDSuJq39vMPeH2CBW9ozjtMmODlmwEot4FHu3mq5eoajrJnpmpi7oJ6ks8icafs3GTIJDg6sAF3M3oxMXfVVKEUaqvYihq0u9T1qBjU4/raTWjUj2/DhVDNa0gX6OE/xUIdMZMqeeVHndFqb1lkORiPoXcTrD734HNvrmW73rI5TBWMK86RQ==",
]
expected_result = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDX0juuOAibEjr3K116XZy/kc+6TrxsduaiAKSKgq+ktlgL2hbLmDKaXXbF6xbp8qUNUH3rkMXY3ujFRVGP+MMNkasaxlRBS/rXVwj4uQvSkOQXLWCOkHlwIsrS4xZ3yBXzYDz3yOXL4wQn2wzXrbR3ByxtAoZ/puLGJNvYC3i+LH33cif/SUkEWCyTT5fbLDb5rswjWgrf3v+MzXxuRYZl0rjvi31Ku/mIpLl7Jb7K8a71iQD7xUbEd6GxUORzWNbTrn4rQbUhybOOFc8PnMQJ6wb5vYvwr3UraJq64rH9WRhHak8a25mmBN00h4izEVC+AyrrdZ7Txfa0F2vGxyj/MM56NMAQW4dTkKLju71AXWZkhg2I5kiBgjGmGWyXDgxoKjJVHMJziKf9tqg1pFeDlHI0Q38zmYgCaORNpC+1nG2ydx1/gB9kTky+risJmrc81YlWtZ7lEjpCtSmcAEFIGDHvy0MbZu8UwvykKpGWASIgi4gTapPXjgcvb47cO0JOSZlCwzqrmB3qv/PChOsrpdUljRoB0r1ciWAlHWq2vMEWGQD3uJu6KQ3Dxl7eQp4IFlO65uqtyxkz/t72JeoEAn7lHFd19gGn2QikaD0MPNVL1y/py49WDCPG5tvPubJE6IDky0IrFCFuKegSUtQ0N9BAUAAmesTddSzIPVbr5Q==", "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDm2q2ROZIatffz8f1d/9poPlFwflQwDv3EM8Ey674I9GFO9tHQTl2Y8Cp8KlJEGIwiSHJH4J+0F/MrqmwbShHA/R+ocoTAv3nubWGqdKll4o7/wMfHh/7l9H1nqvY3McXO+yjbjbpA2fGFEzQX+Z+j6g+mzrlcYnPB0Bjpc/sPGeOSCfTGmw+BjsxkkwQEvYarZriM1eCz9i7aYJ87OSFgDyo96Dj9ke7EHOESYV0LzxN2WLN/3pYGTdr3Dg18krupCP+X3FAdgd+WP9TXKEcMFHcVs6y7Lyzis52irgEpSysqoOImQ8hdyLs/0oamXCnePoAzzHeTlw8IpUvhpTSYYtWMtCv9velIvxHsnSu87k3HD1jsZ/SZtsrrUwEFMs/9Z8wZQ6q5/GAKo6LRsXxv+BXpXNwc6K3qqxMi5D4TD0p7GBOuz6xmpzScr9eQVn1OqoekDvkdzeXmkOZC01XrJJfD1GA8fjUk7M2OTWeINNSNFiL3ovgz6cMDSuJq39vMPeH2CBW9ozjtMmODlmwEot4FHu3mq5eoajrJnpmpi7oJ6ks8icafs3GTIJDg6sAF3M3oxMXfVVKEUaqvYihq0u9T1qBjU4/raTWjUj2/DhVDNa0gX6OE/xUIdMZMqeeVHndFqb1lkORiPoXcTrD734HNvrmW73rI5TBWMK86RQ=="]
for given_key in given_key_list:
tested_result = []
for key in keysplit(given_key):
tested_result.append(key)
self.assertEqual(tested_result, expected_result)
if __name__ == '__main__':
unittest.main()
software/agent/software.cfg
View file @ 7c87afa6
......@@ -51,29 +51,29 @@ pycrypto = 2.6.1
pycurl = 7.43.0
slapos.recipe.download = 1.0
slapos.recipe.template = 2.8
slapos.toolbox = 0.61
slapos.toolbox = 0.62
smmap = 0.9.0
# Required by:
# slapos.toolbox = 0.61
# slapos.toolbox = 0.62
GitPython = 2.0.8
# Required by:
# slapos.toolbox = 0.61
# slapos.toolbox = 0.62
atomize = 0.2.0
# Required by:
# slapos.toolbox = 0.61
# slapos.toolbox = 0.62
feedparser = 5.2.1
# Required by:
# slapos.toolbox = 0.61
# slapos.toolbox = 0.62
lockfile = 0.12.2
# Required by:
# slapos.toolbox = 0.61
# slapos.toolbox = 0.62
paramiko = 2.0.1
# Required by:
# slapos.toolbox = 0.61
# slapos.toolbox = 0.62
rpdb = 0.1.5
software/apache-frontend/common.cfg
View file @ 7c87afa6
......@@ -20,6 +20,9 @@ extends =
# Monitoring stack (keep on bottom)
../../stack/monitor/buildout.cfg
extensions -=
buildout-versions
parts +=
template
template-apache-frontend
......@@ -66,7 +69,7 @@ mode = 0644
[template-slave-list]
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/templates/apache-custom-slave-list.cfg.in
md5sum = 6828096d9ec4333b8c72a2e2ab768ea0
md5sum = 377aa36899c963ac65558b4888f8264b
mode = 640
[template-slave-configuration]
......
software/apache-frontend/instance-apache-input-schema.json
View file @ 7c87afa6
......@@ -49,6 +49,12 @@
"type": "string",
"pattern": "^([a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?\\.)+[a-zA-Z]{2,6}$"
},
"nginx-domain": {
"title": "Nginx Domain",
"description": "Base Domain for create subdomains (ie.: example2.com) for websocket, notebook and eventsource.",
"type": "string",
"pattern": "^([a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?\\.)+[a-zA-Z]{2,6}$"
},
"-frontend-quantity": {
"title": "Frontend Replication Quantity",
"description": "Quantity of Frontends Replicate.",
......
software/apache-frontend/software.cfg
View file @ 7c87afa6
......@@ -2,6 +2,10 @@
extends = common.cfg
[versions]
setuptools = 28.8.0
zc.buildout = 2.5.2+slapos005
zc.recipe.egg = 2.0.3+slapos002
PyRSS2Gen = 1.1
apache-libcloud = 0.19.0
cns.recipe.symlink = 0.2.3
......@@ -11,7 +15,7 @@ plone.recipe.command = 1.1
pycrypto = 2.6.1
rdiff-backup = 1.0.5
slapos.recipe.template = 2.8
slapos.toolbox = 0.61
slapos.toolbox = 0.62
smmap = 0.9.0
numpy = 1.11.2
......@@ -30,29 +34,29 @@ erp5.util = 0.4.46
passlib = 1.6.5
# Required by:
# slapos.toolbox = 0.61
# slapos.toolbox = 0.62
GitPython = 2.0.8
# Required by:
# slapos.toolbox = 0.61
# slapos.toolbox = 0.62
atomize = 0.2.0
# Required by:
# slapos.toolbox = 0.61
# slapos.toolbox = 0.62
feedparser = 5.2.1
# Required by:
# slapos.toolbox = 0.61
# slapos.toolbox = 0.62
lockfile = 0.12.2
# Required by:
# slapos.toolbox = 0.61
# slapos.toolbox = 0.62
paramiko = 2.0.1
# Required by:
# slapos.toolbox = 0.61
# slapos.toolbox = 0.62
pycurl = 7.43.0
# Required by:
# slapos.toolbox = 0.61
# slapos.toolbox = 0.62
rpdb = 0.1.5
software/apache-frontend/software.cfg.json
View file @ 7c87afa6
......@@ -23,7 +23,7 @@
"title": "Default",
"software-type": "default",
"description": "Default",
"request": "instance-slave-apache-input-schema.json",
"request": "instance-apache-input-schema.json",
"response": "instance-output-schema.json",
"index": 3
},
......@@ -33,8 +33,8 @@
"description": "Default",
"request": "instance-slave-apache-input-schema.json",
"response": "instance-output-schema.json",
"index": 3,
"shared": true
"index": 4,
"shared": true
}
}
}
software/apache-frontend/templates/apache-custom-slave-list.cfg.in
View file @ 7c87afa6
......@@ -71,7 +71,12 @@ crl = {{ custom_ssl_directory }}/crl/
{# Set slave domain if none was defined #}
{% if slave_instance.get('custom_domain', None) == None -%}
{% do slave_instance.__setitem__('custom_domain', "%s.%s" % (slave_instance.get('slave_reference').replace("-", "").lower(), slapparameter_dict.get('domain'))) -%}
{% set domain_prefix = slave_instance.get('slave_reference').replace("-", "").lower() -%}
{% if slave_type in NGINX_TYPE_LIST -%}
{% do slave_instance.__setitem__('custom_domain', "%s.%s" % (domain_prefix, slapparameter_dict.get('nginx-domain', slapparameter_dict.get('domain')))) -%}
{% else -%}
{% do slave_instance.__setitem__('custom_domain', "%s.%s" % (domain_prefix, slapparameter_dict.get('domain'))) -%}
{% endif -%}
{% endif -%}
{% set enable_cache = (('' ~ slave_instance.get('enable_cache', '')).lower() in TRUE_VALUES and slave_type != 'redirect') -%}
......
software/build-rina/build.cfg
View file @ 7c87afa6
......@@ -109,9 +109,6 @@ install =
extends = /mnt/slapos/software/hellorina/software.cfg
develop = /mnt/slapos
download-cache = /mnt/download-cache
# Required for recent buildout.
extensions -=
buildout-versions
[slapos-cookbook-develop]
recipe =
setup =
......@@ -121,10 +118,8 @@ install =
[versions]
slapos.cookbook =
EOF
:||{ # https://github.com/pypa/setuptools/pull/846
python -S /mnt/buildout/bin/buildout bootstrap
MAKEFLAGS=-j${:smp} bin/buildout
}
arch=`dpkg-architecture -qDEB_HOST_ARCH`
sudo sh -c "/mnt/slapos.package/playbook/roles/rina/gen-ipcm-conf
......
software/build-rina/software.cfg
View file @ 7c87afa6
......@@ -77,8 +77,10 @@ packages +=
git ca-certificates python
# biggest and common build-deps for RINA
dh-autoreconf pkg-config doxygen maven xmlto
# hellorina (shouldn't parts like lxml-python depend on the python of the SR?)
python-dev
[versions]
setuptools = 28.8.0
setuptools = 30.1.0
zc.buildout = 2.5.2+slapos005
zc.recipe.egg = 2.0.3+slapos002
software/gitlab/gitlab-export.in 0 → 100644
View file @ 7c87afa6
#!{{ bash.location }}/bin/bash -e
# export gitlab site via `gitlab-backup pull` to a "for-export" git-backup repository
# gitlab-export <exportto-repo>
#
# NOTE gitlab-backup, gitlab-rails, ... all have to be on $PATH.
# which site to export is determined by which gitlab-rails is on $PATH.
if [ "$#" -ne 1 ]; then
echo "Usage: gitlab-export <exportto-repo>" 1>&2
exit 1
fi
exportto_repo="$1"
# create / setup export repository if it does not exist yet
mkdir -p "$exportto_repo"
cd "$exportto_repo"
# verify we are in a git repository
if ! git rev-parse --is-inside-git-dir ; then
git init --bare
fi
exec gitlab-backup pull
software/gitlab/gitlab-parameters.cfg
View file @ 7c87afa6
......@@ -6,7 +6,7 @@
#
# TODO better autogenerate from ^^^ (?)
#
# (last updated for omnibus-gitlab 8.7.9+ce.1-0-gf589ad7)
# (last updated for omnibus-gitlab 8.8.9+ce.0-g25376053)
[gitlab-parameters]
configuration.external_url = http://lab.example.com
......
software/gitlab/instance-gitlab-export.cfg.in 0 → 100644
View file @ 7c87afa6
# GitLab instance + site export support
[buildout]
extends = {{ instance_gitlab_cfg }}
# TODO + ${pbsready-export:output}
parts +=
cron-entry-gitlab-backup
# -export specific instance parameters
[instance-parameter]
# cron frequency for gitlab backup (default: every 4h)
configuration.backup_frequency = 0 */4 * * *
[gitlab-backup-directory]
recipe = slapos.cookbook:mkdirectory
srv = ${buildout:directory}/srv
backup = ${:srv}/backup
backup-gitlab.git = ${:backup}/backup-gitlab.git
var = ${buildout:directory}/var
pid = ${:var}/pid
# instance exporter script
[exporter]
recipe = slapos.cookbook:wrapper
wrapper-path = ${buildout:directory}/bin/gitlab-exporter
command-line = {{ xnice_repository_location }}/bin/xnice {{ gitlab_export }} ${gitlab-backup-directory:backup-gitlab.git}
pidfile = ${gitlab-backup-directory:pid}/gitlab-exporter.pid
environment =
# XXX: `/usr/bin` has to be in the PATH environment variable to be able to use
# `which` command in gitlab-backup, `chrt` in xnice, ...
# and `/bin` for `sed` command in gitlab-backup restore
PATH=/bin:/usr/bin:${buildout:directory}/bin:{{ coreutils_location }}/bin:{{ grep_location }}/bin:{{ tar_location }}/bin:{{ gzip_location }}/bin:{{ gopath_bin }}:{{ git_location }}/bin
[cron-entry-gitlab-backup]
<= cron-entry
# run backup script on a regular basis (given as instance parameter)
frequency = ${instance-parameter:configuration.backup_frequency}
command = ${exporter:wrapper-path}
software/gitlab/instance-gitlab.cfg.in
View file @ 7c87afa6
......@@ -537,7 +537,7 @@ depend =
[promise-gitlab-workhorse]
<= promise-byurl
url = --unix-socket ${gitlab-workhorse:socket} http:/static.css
url = --unix-socket ${gitlab-workhorse:socket} http://localhost/static.css
# gitlab-workhorse logs to stdout/stderr - logs are handled by slapos not us
......@@ -579,7 +579,7 @@ depend =
[promise-unicorn]
<= promise-byurl
url = --unix-socket ${unicorn:socket} http:/
url = --unix-socket ${unicorn:socket} http://localhost/
[promise-rakebase]
recipe = slapos.cookbook:wrapper
......@@ -627,7 +627,7 @@ log = ${sidekiq-dir:log}
# NOTE see queue list here:
# https://gitlab.com/gitlab-org/gitlab-ce/blob/master/Procfile
# https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/sv-sidekiq-run.erb
# (last updated for omnibus-gitlab 8.7.9+ce.1-0-gf589ad7)
# (last updated for omnibus-gitlab 8.8.9+ce.0-g25376053)
[service-sidekiq]
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:service}/sidekiq
......
software/gitlab/instance.cfg.in
View file @ 7c87afa6
......@@ -10,15 +10,17 @@ offline = true
[switch-softwaretype]
recipe = slapos.cookbook:softwaretype
default = $${instance-gitlab.cfg:rendered}
# TODO -export, -import, -pull-backup
gitlab = $${instance-gitlab.cfg:rendered}
gitlab-export = $${instance-gitlab-export.cfg:rendered}
default = $${:gitlab}
# TODO -import, -pull-backup
[instance-gitlab.cfg]
# macro: render instance-*.cfg from instance-*.cfg.in
[instance-cfg]
recipe = slapos.recipe.template:jinja2
mode = 0644
template= ${instance-gitlab.cfg.in:target}
rendered= $${buildout:directory}/instance-gitlab.cfg
rendered= $${buildout:directory}/$${:_buildout_section_name_}
context =
import os os
import pwd pwd
......@@ -33,12 +35,16 @@ context =
raw bash_bin ${bash:location}/bin/bash
raw bzip2_location ${bzip2:location}
raw bundler_4gitlab ${bundler-4gitlab:bundle}
raw coreutils_location ${coreutils:location}
raw curl_bin ${curl:location}/bin/curl
raw dcron_bin ${dcron-output:crond}
raw git ${git:location}/bin/git
raw git_location ${git:location}
raw gitlab_export ${gitlab-export:rendered}
raw gitlab_workhorse ${gitlab-workhorse:location}/gitlab-workhorse
raw gopath_bin ${gopath:bin}
raw gunzip_bin ${gzip:location}/bin/gunzip
raw grep_location ${grep:location}
raw gzip_bin ${gzip:location}/bin/gzip
raw gzip_location ${gzip:location}
raw logrotate_bin ${logrotate:location}/usr/sbin/logrotate
......@@ -48,7 +54,9 @@ context =
raw postgresql_location ${postgresql92:location}
raw redis_binprefix ${redis28:location}/bin
raw ruby_location ${bundler-4gitlab:ruby-location}
raw tar_location ${tar:location}
raw watcher_sigkill ${watcher-sigkill:rendered}
raw xnice_repository_location ${xnice-repository:location}
# config files
raw database_yml_in ${database.yml.in:target}
......@@ -64,3 +72,16 @@ context =
raw resque_yml_in ${resque.yml.in:target}
raw smtp_settings_rb_in ${smtp_settings.rb.in:target}
raw unicorn_rb_in ${unicorn.rb.in:target}
$${:context-extra}
context-extra =
[instance-gitlab.cfg]
<= instance-cfg
template= ${instance-gitlab.cfg.in:target}
[instance-gitlab-export.cfg]
<= instance-cfg
template= ${instance-gitlab-export.cfg.in:target}
context-extra =
raw instance_gitlab_cfg $${instance-gitlab.cfg:rendered}
software/gitlab/software.cfg
View file @ 7c87afa6
......@@ -14,9 +14,12 @@ extends =
../../component/nginx/buildout.cfg
# for instance
../../component/coreutils/buildout.cfg
../../component/bash/buildout.cfg
../../component/grep/buildout.cfg
../../component/bzip2/buildout.cfg
../../component/curl/buildout.cfg
../../component/tar/buildout.cfg
../../component/gzip/buildout.cfg
../../component/dcron/buildout.cfg
../../component/logrotate/buildout.cfg
......@@ -36,20 +39,29 @@ parts =
gitlab-shell/vendor
gitlab/vendor/bundle
gitlab-workhorse
git-backup
# for instance
instance.cfg
# TODO stop using slapos.cookbook-develop once 571d6514 gets into released
# slapos.cookbook egg
slapos-cookbook-develop
slapos-cookbook
eggs
bash
curl
watcher-sigkill
gitlab-export
gzip
dcron-output
logrotate
[slapos.cookbook-repository]
revision = 571d6514f7290e8faa9439c4b86aa2f6c87df261
############################
# Software compilation #
......@@ -113,15 +125,15 @@ git-executable = ${git:location}/bin/git
<= git-repository
#repository = https://gitlab.com/gitlab-org/gitlab-ce.git
repository = https://lab.nexedi.com/nexedi/gitlab-ce.git
# 8.7.X + NXD patches:
revision = v8.7.9-10-g7728df66b90483dac467df95948a532783e782c8
# 8.8.X + NXD patches:
revision = v8.8.9-10-g967afbdc3a2d2bcc58ed31ca50d5293fa2a2e9ed
location = ${buildout:parts-directory}/gitlab
[gitlab-shell-repository]
<= git-repository
#repository = https://gitlab.com/gitlab-org/gitlab-shell.git
repository = https://lab.nexedi.com/nexedi/gitlab-shell.git
# gitlab 8.7 wants gitlab-shell 2.7.2
# gitlab 8.8 wants gitlab-shell 2.7.2
# 2.7.2 + NXD patches
revision = v2.6.10-50-gfbca95be784816349abc5930324659151eca50d1
location = ${buildout:parts-directory}/gitlab-shell
......@@ -130,7 +142,7 @@ location = ${buildout:parts-directory}/gitlab-shell
<= git-repository
#repository = https://gitlab.com/gitlab-org/gitlab-workhorse.git
repository = https://lab.nexedi.com/nexedi/gitlab-workhorse.git
# gitlab 8.7 wants gitlab-workhorse 0.7.1
# gitlab 8.8 wants gitlab-workhorse 0.7.1
# 0.7.1 + NXD patches
revision = v0.7.1-5-gd23a3247829fc3200e3dc784dcd57b5a0febac48
location = ${buildout:parts-directory}/gitlab-workhorse
......@@ -151,6 +163,52 @@ make-binary =
make-targets= cd ${:path} &&
${:bundle} install --deployment --without development test mysql kerberos
# directories and repositories required by gitlab-backup
[gopath]
directory = ${buildout:directory}/go.work
src = ${:directory}/src
bin = ${:directory}/bin
[go-git-repository]
<= git-repository
repository = https://${:go.importpath}.git
location = ${gopath:src}/${:go.importpath}
[git2go-repository]
<= go-git-repository
go.importpath = github.com/libgit2/git2go
# branch 'next' is required by git-backup
revision = next-g53594d7581617dbae7bb5960b4ac5f0ff513c184
[git-backup-repository]
<= go-git-repository
go.importpath = lab.nexedi.com/kirr/git-backup
revision = 3ba6cf73ba224c40f67f1fb87c855b915eb91f58
[git-backup]
# install git2go, git-backup, gitlab-backup in <gopath>/bin
recipe = slapos.recipe.cmmi
path = ${git-backup-repository:location}
configure-command = :
make-binary =
make-targets= cd ${git2go-repository:location}
&& git submodule update --init
&& make install
&& install -d ${gopath:bin}
&& go install ${git-backup-repository:go.importpath}
&& cp -a ${git-backup-repository:location}/contrib/gitlab-backup ${gopath:bin}
environment =
PATH=${cmake:location}/bin:${pkgconfig:location}/bin:${git:location}/bin:${golang16:location}/bin:${buildout:bin-directory}:%(PATH)s
GOPATH=${gopath:directory}
[xnice-repository]
# to get kirr's misc repo containing xnice script for executing processes
# with lower priority (used for backup script inside the cron)
<= git-repository
repository = https://lab.nexedi.com/kirr/misc.git
revision = 4073572ea700bf1b115f3a135aebebe5b3b824e4
location = ${buildout:parts-directory}/misc
# build needed-by-gitlab-shell gems via bundler
# ( there is not vendor/ dir in gitlab-shell, so to avoid having buildout error
......@@ -194,17 +252,26 @@ eggs =
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg.in
output = ${buildout:directory}/instance.cfg
md5sum = ef85f02c4f6070c586d773b859a2f4e2
md5sum = b99a99b161c0b292845002fc3fee50cd
[watcher-sigkill]
# macro: download a shell script and put it rendered into <software>/bin/
[binsh]
recipe = slapos.recipe.template:jinja2
template= ${:_profile_base_location_}/${:_buildout_section_name_}.in
rendered= ${buildout:bin-directory}/${:_buildout_section_name_}
mode = 0755
md5sum = 2986dcb006dc9e8508ff81f646656131
context =
section bash bash
[watcher-sigkill]
<= binsh
md5sum = 2986dcb006dc9e8508ff81f646656131
[gitlab-export]
<= binsh
md5sum = a7b32680e80f34276f0a32a5e22dad50
# macro: download a file named as section name
#
......@@ -232,7 +299,7 @@ md5sum = eb1230fee50067924ba89f4dc6e82fa9
[gitlab-parameters.cfg]
<= download-file
md5sum = 3edd435a984b51b94539ea1d4f1b3994
md5sum = a74670934ec0190cc212d1f3468c11ed
[gitlab-shell-config.yml.in]
<= download-template
......@@ -244,11 +311,15 @@ md5sum = a9cb347f60aad3465932fd36cd4fe25d
[gitlab.yml.in]
<= download-template
md5sum = 735a78d0733fd6617d3b5f3d91bfae8c
md5sum = 176939a6428a7aca4767a36421b0af2b
[instance-gitlab.cfg.in]
<= download-file
md5sum = ba83f01fd7a313b984766c50d6e48e54
md5sum = 89914e4a225f6cdebfa196d46359f6f2
[instance-gitlab-export.cfg.in]
<= download-file
md5sum = 00bd4ddf75a40a9d18d8243289f68ee9
[macrolib.cfg.in]
<= download-file
......@@ -260,11 +331,11 @@ md5sum = a11b50d2ff2b1fa842ba4aa20041e2fe
[nginx.conf.in]
<= download-template
md5sum = 7da68dba86fff79eb93c27aa1aaf1055
md5sum = 1374f38ab6f295b850d45ea0019ec05d
[rack_attack.rb.in]
<= download-template
md5sum = bc1a7c1e83b7329d97bff6724f2bec3e
md5sum = 7d0e6dc6b826f6df6b20d8574a29e2f8
[resque.yml.in]
<= download-template
......@@ -272,7 +343,7 @@ md5sum = 7c89a730889e3224548d9abe51a2d719
[smtp_settings.rb.in]
<= download-template
md5sum = d66a424516ffacea34303e2f512a7d94
md5sum = c67ea492e17f774d0e18f1217338a55f
[unicorn.rb.in]
<= download-template
......
software/gitlab/template/gitlab.yml.in
View file @ 7c87afa6
......@@ -2,7 +2,7 @@
# see:
# https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/gitlab.yml.example
# https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/gitlab.yml.erb
# (last updated for omnibus-gitlab 8.7.9+ce.1-0-gf589ad7)
# (last updated for omnibus-gitlab 8.8.9+ce.0-g25376053)
{% from 'macrolib.cfg.in' import cfg, cfg_https, external_url with context %}
......@@ -86,6 +86,7 @@ production: &base
wiki: {{ cfg('default_projects_features.wiki') }}
snippets: {{ cfg('default_projects_features.snippets') }}
builds: false {# builds not supported yet <%= @gitlab_default_projects_features_builds %> #}
{# container_registry: <%= @gitlab_default_projects_features_container_registry %> #}
## Webhook settings
# Number of seconds to wait for HTTP response after sending webhook HTTP POST request (default: 10)
......@@ -145,6 +146,18 @@ production: &base
storage_path: <%= @lfs_storage_path %>
#}
{# we do not support container registry
## Container Registry
registry:
enabled: <%= @registry_enabled %>
host: <%= @registry_host %>
port: <%= @registry_port %>
api_url: <%= @registry_api_url %> # internal address to the registry, will be used by GitLab to directly communicate with API
path: <%= @registry_path %>
key: <%= @registry_key_path %>
issuer: <%= @registry_issuer %>
#}
{# we do not support Pages
## GitLab Pages (EE only)
pages:
......
software/gitlab/template/nginx.conf.in
View file @ 7c87afa6
......@@ -2,7 +2,7 @@
# see:
# https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/gitlab-ssl
# https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/nginx.conf.erb
# (last updated for omnibus-gitlab 8.7.9+ce.1-0-gf589ad7)
# (last updated for omnibus-gitlab 8.8.9+ce.0-g25376053)
{% from 'macrolib.cfg.in' import cfg with context %}
......@@ -50,9 +50,11 @@ http {
include {{ nginx_gitlab_http_conf }};
{# we don't need: ci, pages, mattermost
{# we don't need: ci, pages, mattermost, registry
include <%= @gitlab_ci_http_config %>
include <%= @gitlab_pages_http_config %>;
include <%= @gitlab_mattermost_http_config %>
include <%= @gitlab_registry_http_config %>;
#}
}
software/gitlab/template/rack_attack.rb.in
View file @ 7c87afa6
......@@ -2,7 +2,7 @@
# see:
# https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/initializers/rack_attack.rb.example
# https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/rack_attack.rb.erb
# (last updated for omnibus-gitlab 8.7.9+ce.1-0-gf589ad7)
# (last updated for omnibus-gitlab 8.8.9+ce.0-g25376053)
{% from 'macrolib.cfg.in' import cfg with context %}
......@@ -24,8 +24,9 @@ paths_to_be_protected = [
# Create one big regular expression that matches strings starting with any of
# the paths_to_be_protected.
paths_regex = Regexp.union(paths_to_be_protected.map { |path| /\A#{Regexp.escape(path)}/ })
rack_attack_enabled = Gitlab.config.rack_attack.git_basic_auth['enabled']
unless Rails.env.test?
unless Rails.env.test? || !rack_attack_enabled
Rack::Attack.throttle('protected paths', limit: {{ cfg('rate_limit_requests_per_period') }}, period: {{ cfg('rate_limit_period') }}.seconds) do |req|
if req.post? && req.path =~ paths_regex
req.ip
......
software/gitlab/template/smtp_settings.rb.in
View file @ 7c87afa6
......@@ -2,7 +2,7 @@
# see:
# https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/initializers/smtp_settings.rb.sample
# https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/smtp_settings.rb.erb
# (last updated for omnibus-gitlab 8.7.9+ce.1-0-gf589ad7)
# (last updated for omnibus-gitlab 8.8.9+ce.0-g25376053)
{% from 'macrolib.cfg.in' import cfg, cfg_bool with context %}
......
software/hellorina/software.cfg
View file @ 7c87afa6
......@@ -6,6 +6,10 @@ parts =
slapos-cookbook
template
# Required for recent buildout.
extensions -=
buildout-versions
[template]
recipe = slapos.recipe.template:jinja2
template = ${:_profile_base_location_}/instance.cfg.in
......@@ -40,3 +44,8 @@ recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/${:_buildout_section_name_}
mode = 755
md5sum = 78b77a6bda9958f547f7d89b747731e3
[versions]
setuptools = 30.1.0
zc.buildout = 2.5.2+slapos005
zc.recipe.egg = 2.0.3+slapos002
software/kvm/instance-for-erp5testnode.cfg.in
View file @ 7c87afa6
......@@ -5,6 +5,8 @@ parts =
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
extends = ${template-resilient-templates:output}
[switch-softwaretype]
recipe = slapos.cookbook:softwaretype
default = $${:test}
......@@ -120,7 +122,7 @@ context =
key eggs_directory buildout:eggs-directory
raw kvm_template $${dynamic-template-kvm:rendered}
raw template_kvm_export ${template-kvm-export-script:location}/${template-kvm-export-script:filename}
raw pbsready_export_template ${pbsready-export:output}
key pbsready_export_template template-pbsready-export:rendered
raw gzip_binary ${gzip:location}/bin/gzip
key slapparameter_dict slap-configuration:configuration
mode = 0644
......
software/kvm/software-for-erp5testnode.cfg
View file @ 7c87afa6
......@@ -5,6 +5,6 @@ extends = development.cfg
[template]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-for-erp5testnode.cfg.in
md5sum = 61414eefb6641f74d5f2b4ffc23af393
md5sum = 9e026495cbb0f5ea43adb2afb8574475
output = ${buildout:directory}/template.cfg
mode = 0644
\ No newline at end of file
mode = 0644
software/kvm/software.cfg
View file @ 7c87afa6
......@@ -5,7 +5,7 @@ extends = common.cfg
# XXX - use websockify = 0.5.1 for compatibility with kvm frontend
websockify = 0.5.1
slapos.toolbox = 0.61
slapos.toolbox = 0.62
erp5.util = 0.4.46
apache-libcloud = 1.1.0
collective.recipe.environment = 0.2.0
......
software/neoppod/instance-neo-admin.cfg.in
View file @ 7c87afa6
......@@ -2,6 +2,7 @@
parts +=
neo-admin-promise
logrotate-admin
neoctl
[neo-admin]
recipe = slapos.cookbook:neoppod.admin
......@@ -27,3 +28,15 @@ backup = ${logrotate:backup}
name = neo-admin
log = ${neo-admin:logfile}
post = {{ bin_directory }}/slapos-kill -n neoadmin -s RTMIN+1 ${:log}
[neoctl]
recipe = slapos.cookbook:wrapper
command-line =
{{bin_directory}}/neoctl -a ${neo-admin:ip}:${neo-admin:port}
{%- if slapparameter_dict['ssl'] %}
--ca ${directory:etc}/ca.crt
--cert ${directory:etc}/neo.crt
--key ${directory:etc}/neo.key
{%- endif %}
parameters-extra = True
wrapper-path = ${directory:bin}/neoctl
software/neoppod/my.cnf.in
View file @ 7c87afa6
......@@ -33,7 +33,7 @@ innodb_locks_unsafe_for_binlog = 1
{{x}}sync_frm = 0
# Extra parameters.
{%- do extra_dict.setdefault('innodb_file_per_table', '0') %}
{%- do extra_dict.setdefault('innodb_file_per_table', '1') %}
{%- for k, v in extra_dict.iteritems() %}
{%- do assert('-' not in k) %}
{{ k }} = {{ v }}
......
software/neoppod/software-common.cfg
View file @ 7c87afa6
......@@ -17,7 +17,7 @@ extends =
../../component/pycurl/buildout.cfg
parts =
# keep neoppod first so that ZODB3 is built correctly,
# keep neoppod first so that ZODB is built correctly,
# before any other section that would depend on it
neoppod-develop
neoppod
......@@ -40,9 +40,13 @@ environment = neoppod-setup-env
[neoppod]
recipe = zc.recipe.egg
eggs = neoppod[admin, ctl, master, storage-importer, storage-mysqldb, tests]
eggs = neoppod[admin, ctl, master, storage-mysqldb]
${python-mysqlclient:egg}
ZODB3
psutil
BTrees
ZODB
zope.testing
zodbtools
[slapos-deps-eggs]
recipe = zc.recipe.egg
......@@ -85,7 +89,7 @@ md5sum = f3259726bd5d824c569dc7db6b7d26a0
[instance-neo-admin]
<= download-base-neo
md5sum = f030a25d320f2edf0186b69bfa521228
md5sum = ec1e2d9d2a1da092621f1b01ce6af322
[instance-neo-master]
<= download-base-neo
......@@ -98,13 +102,19 @@ md5sum = cd2a978a09c5686205592923866f6584
[template-neo-my-cnf]
<= download-base-neo
url = ${:_profile_base_location_}/my.cnf.in
md5sum = 81ab5e842ecf8385b12d735585497cc8
md5sum = cfdd59d42ae540563a964ccaf8fec232
[versions]
slapos.recipe.template = 2.9
ZODB3 = 3.10.7
# Required by slapos.toolbox = 0.61
slapos.toolbox = 0.61
ZODB = 4.4.4
BTrees = 4.3.1
persistent = 4.2.2
transaction = 1.7.0
zdaemon = 4.1.0
zodbpickle = 0.6.0
zodbtools = 0.0.0.dev3
# Required by slapos.toolbox = 0.62
slapos.toolbox = 0.62
PyRSS2Gen = 1.1
apache-libcloud = 1.2.1
atomize = 0.2.0
......
software/neoppod/software-zodb3.cfg 0 → 100644
View file @ 7c87afa6
[buildout]
extends = software.cfg
[neoppod]
eggs = neoppod[admin, ctl, master, storage-importer, storage-mysqldb, tests]
${python-mysqlclient:egg}
ZODB3
patch-binary = ${patch:location}/bin/patch
ZODB3-patch-options = -p1
ZODB3-patches =
${neoppod-repository:location}/ZODB3.patch
[versions]
ZODB3 = 3.10.7+SlapOSPatched001
transaction = 1.1.1
zdaemon = 2.0.7
software/neoppod/software-zodb4.cfg deleted 100644 → 0
View file @ ea1bce1f
[buildout]
extends = software.cfg
[neoppod]
eggs = neoppod
${python-mysqlclient:egg}
psutil
ZODB
zope.testing
[versions]
ZODB = 4.4.3
transaction =
zdaemon =
software/neoppod/software.cfg
View file @ 7c87afa6
......@@ -33,19 +33,12 @@ recipe = zc.recipe.egg
eggs = erp5.util
interpreter = ${:_buildout_section_name_}
[neoppod]
patch-binary = ${patch:location}/bin/patch
ZODB3-patch-options = -p1
ZODB3-patches +=
${neoppod-repository:location}/ZODB3.patch
[versions]
ZODB3 = 3.10.7+SlapOSPatched001
erp5.util = 0.4.46
# To match ERP5
transaction = 1.1.1
ZConfig = 2.9.3
zc.lockfile = 1.0.2
zdaemon = 2.0.7
zope.event = 3.5.2
zope.exceptions = 3.6.2
zope.testing = 3.9.7
##
software/re6stnet/software.cfg
View file @ 7c87afa6
......@@ -115,15 +115,15 @@ plone.recipe.command = 1.1
pycrypto = 2.6.1
pycurl = 7.43.0
slapos.recipe.template = 2.7
slapos.toolbox = 0.61
slapos.toolbox = 0.62
smmap = 0.9.0
# Required by:
# slapos.toolbox = 0.61
# slapos.toolbox = 0.62
GitPython = 2.0.8
# Required by:
# slapos.toolbox = 0.61
# slapos.toolbox = 0.62
atomize = 0.2.0
# Required by:
......@@ -131,11 +131,11 @@ atomize = 0.2.0
backports.ssl-match-hostname = 3.4.0.2
# Required by:
# slapos.toolbox = 0.61
# slapos.toolbox = 0.62
feedparser = 5.1.3
# Required by:
# slapos.toolbox = 0.61
# slapos.toolbox = 0.62
lockfile = 0.12.2
# Required by:
......@@ -143,10 +143,10 @@ lockfile = 0.12.2
miniupnpc = 1.9
# Required by:
# slapos.toolbox = 0.61
# slapos.toolbox = 0.62
paramiko = 2.0.1
# Required by:
# slapos.toolbox = 0.61
# slapos.toolbox = 0.62
rpdb = 0.1.5
software/slaprunner/common.cfg
View file @ 7c87afa6
......@@ -60,7 +60,7 @@ mode = 0644
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-runner.cfg
output = ${buildout:directory}/template-runner.cfg.in
md5sum = 0b3561ee4ef8d687fa95f2915fe9923b
md5sum = 07905ec872e84bc42c6ab089f5270ac2
mode = 0644
[template-runner-import-script]
......@@ -68,7 +68,7 @@ recipe = hexagonit.recipe.download
ignore-existing = true
url = ${:_profile_base_location_}/template/runner-import.sh.jinja2
download-only = true
md5sum = 275ae222cd9a560c08748d7502824885
md5sum = 5db39d7f56fd1f96ce6466e9055841a1
filename = runner-import.sh.jinja2
mode = 0644
......@@ -84,7 +84,7 @@ recipe = hexagonit.recipe.download
ignore-existing = true
url = ${:_profile_base_location_}/template/runner-export.sh.jinja2
download-only = true
md5sum = c835dff22a1e3de3dacb325acb691299
md5sum = e2d472ade09c11c70dbea080932e80bd
filename = runner-export.sh.jinja2
mode = 0644
......@@ -125,7 +125,7 @@ recipe = hexagonit.recipe.download
ignore-existing = true
url = ${:_profile_base_location_}/httpd_conf.in
download-only = true
md5sum = 112cf8ada9e5c4172fa6fc464df0fd3a
md5sum = 40825ef2d259ae3b86dfd2f28f597d3a
filename = httpd_conf.in
mode = 0644
......
software/slaprunner/httpd_conf.in
View file @ 7c87afa6
......@@ -85,6 +85,12 @@ Alias /share {{ parameters.runner_home }}
AuthType Basic
AuthName "Webrunner Dav"
AuthUserFile "{{ parameters.htpasswd_file }}"
# Prevent using the web browser cache if requesting the same document
# from different domains or with different users
Header set Cache-Control "private, max-age=0, must-revalidate"
Header set Vary "Origin,Cookie,Authorization"
<LimitExcept OPTIONS>
Require valid-user
</LimitExcept>
......
software/slaprunner/instance-runner.cfg
View file @ 7c87afa6
......@@ -196,9 +196,11 @@ auto_deploy = True
[runtestsuite]
recipe = slapos.cookbook:wrapper
command-line = ${buildout:directory}/bin/slaprunnertest
arguments = --server_url=$${slap-connection:server-url} --key_file=$${slap-connection:key-file} --cert_file=$${slap-connection:cert-file} --computer_id=$${slap-connection:computer-id} --partition_id=$${slap-connection:partition-id}
command-line = ${buildout:directory}/bin/slaprunnertest $${:arguments}
wrapper-path = $${directory:bin}/runTestSuite
environment = RUNNER_CONFIG=$${slapos-cfg:rendered}
parameters-extra = true
# Deploy openssh-server
[runner-sshd-port]
......
software/slaprunner/software.cfg
View file @ 7c87afa6
......@@ -17,7 +17,7 @@ gunicorn = 19.4.5
prettytable = 0.7.2
pycurl = 7.43.0
slapos.recipe.template = 2.9
slapos.toolbox = 0.61
slapos.toolbox = 0.62
smmap = 0.9.0
# Required by:
......
software/slaprunner/template/runner-export.sh.jinja2
View file @ 7c87afa6
......@@ -61,3 +61,36 @@ if [ -d {{ directory['backup'] }}/runner/software ]; then
fi
cd {{ directory['backup'] }} && find -type f ! -name backup.signature -print0 | xargs -P4 -0 sha256sum | LC_ALL=C sort -k 66 > backup.signature
# Check that export didn't happen during backup of instances
tmp_backup_sum=$(mktemp -p {{ directory['tmp'] }})
tmp_filtered_signature=$(mktemp -p {{ directory['tmp'] }})
remove_tmp_files () {
rm $tmp_backup_sum
rm $tmp_filtered_signature
}
trap remove_tmp_files EXIT
cd $srv_directory
backup_directory_path=$(find . -path "./runner/instance/slappart*/srv/backup/*" -type f)
# If no backup found, it's over
if [ -z "$backup_directory_path" ]; then
exit 0
fi
sleep 5
sha256sum $backup_directory_path | LC_ALL=C sort -k 66 > $tmp_backup_sum
cat {{ directory['backup'] }}/backup.signature | egrep "instance/slappart.*/srv/backup/" > $tmp_filtered_signature
# If the diff fails, then the notifier will restart this script
diff_status=0
diff $tmp_backup_sum $tmp_filtered_signature || diff_status=1
if [ $diff_status -ne 0 ]; then
echo "ERROR: Some backups are not consistents, exporter should be re-run."
echo "Let's sleep 10 minutes, to let the backup end..."
sleep 10m
exit 1
fi
software/slaprunner/template/runner-import.sh.jinja2
View file @ 7c87afa6
......@@ -15,6 +15,7 @@ ERROR_MESSAGE=""
fail_with_exit_code () {
echo 1 > $RESTORE_EXIT_CODE_FILE
echo -e "Failure during step : $ERROR_MESSAGE" > $RESTORE_ERROR_MESSAGE_FILE
exit 1
}
trap fail_with_exit_code ERR
......@@ -55,18 +56,18 @@ cp -r {{ directory['backup'] }}/etc/.??* {{ directory['etc'] }};
# Invoke arbitrary script to perform specific restoration
# procedure.
RESTORE_EXIT_CODE=0
runner_import_restore=$srv_directory/runner-import-restore
if [ ! -e "$runner_import_restore" ]; then
touch $runner_import_restore
chmod +x $runner_import_restore
fi
log_message "Running $runner_import_restore..."
$srv_directory/runner-import-restore || RESTORE_EXIT_CODE=$?
$srv_directory/runner-import-restore
# If no "etc/.project" neither "srv/runner/proxy.db", we can safely assume
# that there is no instnace deployed on runner0
if [ ! -f "directory['etc']/.project" ] && [ ! -f "$srv_directory/runner/proxy.db" ]; then
log_message "No Software Requested... Writing status file... End"
echo 0 > $RESTORE_EXIT_CODE_FILE
exit 0
fi
......@@ -121,8 +122,8 @@ for partition in $srv_directory/runner/instance/slappart*/
do
script=$partition/srv/runner-import-restore
if [ -e "$script" ]; then
log_message "Running $script..."
$script || RESTORE_EXIT_CODE=$?
log_message "Running custom instance script : $script..."
$script
fi
done
......@@ -132,5 +133,5 @@ $SQLITE3 $DATABASE "update partition11 set requested_state='started';"
# Write exit code to an arbitrary file that will be checked by promise/monitor
log_message "Writing status file... End"
echo $RESTORE_EXIT_CODE > $RESTORE_EXIT_CODE_FILE
exit $RESTORE_EXIT_CODE
echo 0 > $RESTORE_EXIT_CODE_FILE
exit 0
stack/erp5/buildout.cfg
View file @ 7c87afa6
......@@ -466,10 +466,9 @@ initialization =
[eggs]
<= neoppod
eggs =
eggs = ${neoppod:eggs}
${numpy:egg}
${matplotlib:egg}
${python-mysqlclient:egg}
${lxml-python:egg}
${pandas:egg}
${pillow-python:egg}
......@@ -524,12 +523,12 @@ eggs =
pylint
pytracemalloc
neoppod[client]
# Zope
ZODB3
Zope2
# Zope acquisition patch
Acquisition
# for runzeo
ZEO
# Other Zope 2 packages
Products.PluggableAuthService
......@@ -683,6 +682,8 @@ PyXML = 0.8.5
Pympler = 0.4.3
StructuredText = 2.11.1
WSGIUtils = 0.7
ZEO = 4.2.1
ZODB3 = 3.11.0
Zope2 = 2.13.24
astor = 0.5
# astroid 1.4.1 breaks testDynamicClassGeneration
......
stack/monitor/buildout.cfg
View file @ 7c87afa6
......@@ -96,7 +96,7 @@ recipe = slapos.recipe.template:jinja2
filename = template-monitor.cfg
template = ${:_profile_base_location_}/instance-monitor.cfg.jinja2.in
rendered = ${buildout:directory}/template-monitor.cfg
md5sum = 266f23bc836a938ac69ce0bc674f34fe
md5sum = 5b6b7a96bfa1e0ca83310caa48ed7b20
context =
key apache_location apache:location
key gzip_location gzip:location
......@@ -125,5 +125,5 @@ depends =
PyRSS2Gen = 1.1
cns.recipe.symlink = 0.2.3
pycurl = 7.43.0
slapos.toolbox = 0.61
slapos.toolbox = 0.62
stack/monitor/instance-monitor.cfg.jinja2.in
View file @ 7c87afa6
......@@ -293,7 +293,7 @@ wrapper-path = ${directory:bin}/monitor-globalstate
[monitor-configurator-wrapper]
recipe = slapos.cookbook:wrapper
# XXX - hard coded path
command-line = {{ monitor_configwrite }} --config_folder '${monitor-conf-parameters:private-folder}/config/.jio_documents' --output_cfg_file '${monitor-instance-parameter:configuration-file-path}' --htpasswd_bin '{{ apache_location }}/bin/htpasswd'
command-line = {{ monitor_configwrite }} --config_folder '${monitor-conf-parameters:private-folder}/config/.jio_documents' --output_cfg_file '${monitor-instance-parameter:configuration-file-path}' --htpasswd_bin '{{ apache_location }}/bin/htpasswd' --monitor_https_cors {{ monitor_https_cors }}
wrapper-path = ${directory:bin}/monitor-configurator
[monitor-globalstate-cron-entry]
......@@ -374,10 +374,12 @@ recipe = collective.recipe.template
file = ${monitor-conf-parameters:promise-output-file}
input = inline:#!{{ dash_executable_location }}
pidfile=${monitor-conf-parameters:pid-file}
COMMAND=monitor.bootstrap
if [ -s $pidfile ]; then
for i in {1..20}; do
if pid=`pgrep -F $pidfile -f "$COMMAND" 2>/dev/null`; then
COUNTER=0
# Wait until max 20 seconds, the limit promise timeout
while [ $COUNTER -lt 20 ]; do
if [ -n "$(ps -p $(cat $pidfile) -o pid=)" ]; then
((COUNTER=COUNTER+1))
sleep 0.5
else
break
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7