Merge branch 'master' into staging

author: Marius Bakke <mbakke@fastmail.com> 2019-04-23 19:43:59 +0200
committer: Marius Bakke <mbakke@fastmail.com> 2019-04-23 19:43:59 +0200
commit: 37da4fbe1562583589eeddb4be8e11bece80fd35 (patch)
tree: 4d8a454b27e62f9b8d7b0fe641a9f6aa6de2402c /gnu/packages/patches
parent: 73326e742d82b6706333885eca770f7518636b1f (diff)
parent: e01bd1a67447c1f2a2b5b03e8ea8fbbccd2cd5bd (diff)
download: guix-37da4fbe1562583589eeddb4be8e11bece80fd35.tar.gz
5 files changed, 47 insertions, 44 deletions
diff --git a/gnu/packages/patches/grub-efi-fat-serial-number.patch b/gnu/packages/patches/grub-efi-fat-serial-number.patch
new file mode 100644
index 0000000000..ad92f9bc9e
--- /dev/null
+++ b/gnu/packages/patches/grub-efi-fat-serial-number.patch
@@ -0,0 +1,27 @@
+Change 'grub-mkrescue' to honor the 'GRUB_FAT_SERIAL_NUMBER'
+environment variable.  That way, the caller can specify a fixed
+serial number (instead of the randomly chosen one) to create EFI
+images (the 'efi.img' file) that are reproducible bit-for-bit.
+
+Patch by Ludovic Courtès <ludo@gnu.org>.
+
+--- grub-2.02/util/grub-mkrescue.c	2019-04-20 19:15:26.180242812 +0200
++++ grub-2.02/util/grub-mkrescue.c	2019-04-20 21:56:34.672370849 +0200
+@@ -788,8 +788,15 @@ main (int argc, char *argv[])
+ 
+       efiimgfat = grub_util_path_concat (2, iso9660_dir, "efi.img");
+       int rv;
+-      rv = grub_util_exec ((const char * []) { "mformat", "-C", "-f", "2880", "-L", "16", "-i",
+-	    efiimgfat, "::", NULL });
++
++      const char *fat_serial_number = getenv ("GRUB_FAT_SERIAL_NUMBER");
++      const char *mformat_args[] =
++	{ "mformat", "-C", "-f", "2880", "-L", "16",
++	  fat_serial_number != NULL ? "-N" : "-C",
++	  fat_serial_number != NULL ? fat_serial_number : "-C",
++	  "-i", efiimgfat, "::", NULL };
++
++      rv = grub_util_exec (mformat_args);
+       if (rv != 0)
+ 	grub_util_error ("`%s` invocation failed\n", "mformat");
+       rv = grub_util_exec ((const char * []) { "mcopy", "-s", "-i", efiimgfat, efidir_efi, "::/", NULL });
diff --git a/gnu/packages/patches/linkchecker-mark-more-tests-that-require-the-network.patch b/gnu/packages/patches/linkchecker-tests-require-network.patch
index f3e488cec2..f3e488cec2 100644
--- a/gnu/packages/patches/linkchecker-mark-more-tests-that-require-the-network.patch
+++ b/gnu/packages/patches/linkchecker-tests-require-network.patch
diff --git a/gnu/packages/patches/mtools-mformat-uninitialized.patch b/gnu/packages/patches/mtools-mformat-uninitialized.patch
new file mode 100644
index 0000000000..ae69d45c99
--- /dev/null
+++ b/gnu/packages/patches/mtools-mformat-uninitialized.patch
@@ -0,0 +1,20 @@
+Fix a bug whereby 'mformat' could end up passing uninitialized bytes
+to write(2).  This could be reproduced with:
+
+  mformat -C -f 1440 -L 16  -N 77777777 -i  /tmp/x ::
+
+where the output of /tmp/x would be non-deterministic.
+
+Patch by Ludovic Courtès <ludo@gnu.org>.
+
+--- mtools-4.0.23/mformat.c	2019-04-21 00:12:01.496116195 +0200
++++ mtools-4.0.23/mformat.c	2019-04-21 00:12:36.675967157 +0200
+@@ -927,6 +927,7 @@ void mformat(int argc, char **argv, int
+ 	
+ 	char *endptr;
+ 
++	memset(&boot.bytes, '\0', sizeof boot);
+ 	hs = hs_set = 0;
+ 	argtracks = 0;
+ 	argheads = 0;
+
diff --git a/gnu/packages/patches/ocaml-dose3-Add-unix-as-dependency-to-dose3.common-in-META.in.patch b/gnu/packages/patches/ocaml-dose3-add-unix-dependency.patch
index d2cc44c784..d2cc44c784 100644
--- a/gnu/packages/patches/ocaml-dose3-Add-unix-as-dependency-to-dose3.common-in-META.in.patch
+++ b/gnu/packages/patches/ocaml-dose3-add-unix-dependency.patch
diff --git a/gnu/packages/patches/openssh-CVE-2018-20685.patch b/gnu/packages/patches/openssh-CVE-2018-20685.patch
deleted file mode 100644
index 463c08a9d4..0000000000
--- a/gnu/packages/patches/openssh-CVE-2018-20685.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-Fix CVE-2018-20685:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685
-
-Patch copied from upstream source repository:
-
-https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2
-
-From 6010c0303a422a9c5fa8860c061bf7105eb7f8b2 Mon Sep 17 00:00:00 2001
-From: "djm@openbsd.org" <djm@openbsd.org>
-Date: Fri, 16 Nov 2018 03:03:10 +0000
-Subject: [PATCH] upstream: disallow empty incoming filename or ones that refer
- to the
-
-current directory; based on report/patch from Harry Sintonen
-
-OpenBSD-Commit-ID: f27651b30eaee2df49540ab68d030865c04f6de9
----
- scp.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/scp.c b/scp.c
-index 60682c68..4f3fdcd3 100644
---- a/scp.c
-+++ b/scp.c
-#@@ -1,4 +1,4 @@
-#-/* $OpenBSD: scp.c,v 1.197 2018/06/01 04:31:48 dtucker Exp $ */
-#+/* $OpenBSD: scp.c,v 1.198 2018/11/16 03:03:10 djm Exp $ */
-# /*
-#  * scp - secure remote copy.  This is basically patched BSD rcp which
-#  * uses ssh to do the data transfer (instead of using rcmd).
-@@ -1106,7 +1106,8 @@ sink(int argc, char **argv)
- 			SCREWUP("size out of range");
- 		size = (off_t)ull;
- 
--		if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
-+		if (*cp == '\0' || strchr(cp, '/') != NULL ||
-+		    strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
- 			run_err("error: unexpected filename: %s", cp);
- 			exit(1);
- 		}
--- 
-2.20.1
-
author	Marius Bakke <mbakke@fastmail.com>	2019-04-23 19:43:59 +0200
committer	Marius Bakke <mbakke@fastmail.com>	2019-04-23 19:43:59 +0200
commit	37da4fbe1562583589eeddb4be8e11bece80fd35 (patch)
tree	4d8a454b27e62f9b8d7b0fe641a9f6aa6de2402c /gnu/packages/patches
parent	73326e742d82b6706333885eca770f7518636b1f (diff)
parent	e01bd1a67447c1f2a2b5b03e8ea8fbbccd2cd5bd (diff)
download	guix-37da4fbe1562583589eeddb4be8e11bece80fd35.tar.gz