diff options
author | Marius Bakke <mbakke@fastmail.com> | 2018-06-11 23:52:15 +0200 |
---|---|---|
committer | Marius Bakke <mbakke@fastmail.com> | 2018-06-11 23:52:15 +0200 |
commit | a032b4454b3fc67e11e9fc2d8c2345288065fa29 (patch) | |
tree | c208124b79dbd2224b68c52106aa72ff2ebfa7ab /gnu/packages/patches | |
parent | b5724230fed2d043206df20d12a45bb962b7ee77 (diff) | |
parent | 6321ce42ab4d9ab788d858cb19bde4aa7a0e3ecc (diff) | |
download | guix-a032b4454b3fc67e11e9fc2d8c2345288065fa29.tar.gz |
Merge branch 'master' into staging
Diffstat (limited to 'gnu/packages/patches')
82 files changed, 3404 insertions, 2478 deletions
diff --git a/gnu/packages/patches/adb-add-libraries.patch b/gnu/packages/patches/adb-add-libraries.patch new file mode 100644 index 0000000000..b014832f62 --- /dev/null +++ b/gnu/packages/patches/adb-add-libraries.patch @@ -0,0 +1,30 @@ +--- a/adb/Android.mk 2018-04-25 23:23:29.527198350 +0200 ++++ b/adb/Android.mk 2018-04-25 23:24:25.558632573 +0200 +@@ -226,7 +226,7 @@ + LOCAL_SRC_FILES := test_track_devices.cpp + LOCAL_SANITIZE := $(adb_host_sanitize) + LOCAL_SHARED_LIBRARIES := libbase +-LOCAL_STATIC_LIBRARIES := libadb libcrypto_static libcutils ++LOCAL_STATIC_LIBRARIES := libadb libbase libcrypto_static libcutils + LOCAL_LDLIBS += -lrt -ldl -lpthread + include $(BUILD_HOST_EXECUTABLE) + endif +@@ -278,6 +278,7 @@ + LOCAL_SANITIZE := $(adb_host_sanitize) + LOCAL_STATIC_LIBRARIES := \ + libadb \ ++ libcutils \ + libbase \ + libcrypto_static \ + libdiagnose_usb \ +--- a/adb/sysdeps_test.cpp 2018-05-09 23:58:46.583163684 +0200 ++++ b/adb/sysdeps_test.cpp 2018-05-09 23:56:41.356544648 +0200 +@@ -17,6 +17,8 @@ + #include <gtest/gtest.h> + #include <unistd.h> + #include <atomic> ++#include <climits> ++#include <mutex> + + #include "adb_io.h" + #include "sysdeps.h" diff --git a/gnu/packages/patches/alsa-lib-add-environment-variable.patch b/gnu/packages/patches/alsa-lib-add-environment-variable.patch new file mode 100644 index 0000000000..a468a7fc4f --- /dev/null +++ b/gnu/packages/patches/alsa-lib-add-environment-variable.patch @@ -0,0 +1,110 @@ +From 1822fb453128a1b5de93b4c590cd272d6488a077 Mon Sep 17 00:00:00 2001 +From: Julien Lepiller <julien@lepiller.eu> +Date: Fri, 25 May 2018 19:26:58 +0200 +Subject: [PATCH] Add support for a ALSA_PLUGIN_DIR environment variable. + +If it is not set, default to previous behavior. +--- + src/control/control.c | 6 +++++- + src/dlmisc.c | 9 +++++++-- + src/pcm/pcm.c | 9 +++++++-- + src/pcm/pcm_rate.c | 13 +++++++++---- + 4 files changed, 28 insertions(+), 9 deletions(-) + +diff --git a/src/control/control.c b/src/control/control.c +index 11f7815..9dba7dd 100644 +--- a/src/control/control.c ++++ b/src/control/control.c +@@ -1331,7 +1331,11 @@ static int snd_ctl_open_conf(snd_ctl_t **ctlp, const char *name, + build_in++; + } + if (*build_in == NULL) { +- buf1 = malloc(strlen(str) + sizeof(ALSA_PLUGIN_DIR) + 32); ++ char* plugdir = ALSA_PLUGIN_DIR; ++ char* envplugdir = getenv("ALSA_PLUGIN_DIR"); ++ if(envplugdir != NULL) ++ plugdir = envplugdir; ++ buf1 = malloc(strlen(str) + strlen(plugdir) + 32); + if (buf1 == NULL) { + err = -ENOMEM; + goto _err; +diff --git a/src/dlmisc.c b/src/dlmisc.c +index 3757d33..92aa864 100644 +--- a/src/dlmisc.c ++++ b/src/dlmisc.c +@@ -82,9 +82,14 @@ void *snd_dlopen(const char *name, int mode, char *errbuf, size_t errbuflen) + char *filename = NULL; + + if (name && name[0] != '/') { +- filename = alloca(sizeof(ALSA_PLUGIN_DIR) + 1 + strlen(name) + 1); ++ char* plugdir = ALSA_PLUGIN_DIR; ++ char* envplugdir = getenv("ALSA_PLUGIN_DIR"); ++ if(envplugdir != NULL) ++ plugdir = envplugdir; ++ ++ filename = malloc(strlen(plugdir) + 1 + strlen(name) + 1); + if (filename) { +- strcpy(filename, ALSA_PLUGIN_DIR); ++ strcpy(filename, plugdir); + strcat(filename, "/"); + strcat(filename, name); + handle = dlopen(filename, mode); +diff --git a/src/pcm/pcm.c b/src/pcm/pcm.c +index 11aec80..590e8b6 100644 +--- a/src/pcm/pcm.c ++++ b/src/pcm/pcm.c +@@ -2496,13 +2496,18 @@ static int snd_pcm_open_conf(snd_pcm_t **pcmp, const char *name, + build_in++; + } + if (*build_in == NULL) { +- buf1 = malloc(strlen(str) + sizeof(ALSA_PLUGIN_DIR) + 32); ++ char* plugdir = ALSA_PLUGIN_DIR; ++ char* envplugdir = getenv("ALSA_PLUGIN_DIR"); ++ if(envplugdir != NULL) ++ plugdir = envplugdir; ++ buf1 = malloc(strlen(str) + strlen(plugdir) + 32); ++ + if (buf1 == NULL) { + err = -ENOMEM; + goto _err; + } + lib = buf1; +- sprintf(buf1, "%s/libasound_module_pcm_%s.so", ALSA_PLUGIN_DIR, str); ++ sprintf(buf1, "%s/libasound_module_pcm_%s.so", plugdir, str); + } + } + #ifndef PIC +diff --git a/src/pcm/pcm_rate.c b/src/pcm/pcm_rate.c +index 4e0c7ca..8694a38 100644 +--- a/src/pcm/pcm_rate.c ++++ b/src/pcm/pcm_rate.c +@@ -1260,7 +1260,8 @@ static const char *const default_rate_plugins[] = { + + static int rate_open_func(snd_pcm_rate_t *rate, const char *type, const snd_config_t *converter_conf, int verbose) + { +- char open_name[64], open_conf_name[64], lib_name[128], *lib = NULL; ++ char open_name[64], open_conf_name[64], *lib = NULL; ++ char *buf1; + snd_pcm_rate_open_func_t open_func; + snd_pcm_rate_open_conf_func_t open_conf_func; + int err; +@@ -1268,9 +1269,13 @@ static int rate_open_func(snd_pcm_rate_t *rate, const char *type, const snd_conf + snprintf(open_name, sizeof(open_name), "_snd_pcm_rate_%s_open", type); + snprintf(open_conf_name, sizeof(open_conf_name), "_snd_pcm_rate_%s_open_conf", type); + if (!is_builtin_plugin(type)) { +- snprintf(lib_name, sizeof(lib_name), +- "%s/libasound_module_rate_%s.so", ALSA_PLUGIN_DIR, type); +- lib = lib_name; ++ char* plugdir = ALSA_PLUGIN_DIR; ++ char* envplugdir = getenv("ALSA_PLUGIN_DIR"); ++ if(envplugdir != NULL) ++ plugdir = envplugdir; ++ buf1 = malloc(strlen(type) + strlen(plugdir) + 32); ++ sprintf(buf1, "%s/libasound_module_rate_%s.so", plugdir, type); ++ lib = buf1; + } + + rate->rate_min = SND_PCM_PLUGIN_RATE_MIN; +-- +2.17.0 + diff --git a/gnu/packages/patches/amule-crypto-6.patch b/gnu/packages/patches/amule-crypto-6.patch new file mode 100644 index 0000000000..21a86ab0fa --- /dev/null +++ b/gnu/packages/patches/amule-crypto-6.patch @@ -0,0 +1,45 @@ +From d1d1368c7909ffd8423730afaa811ce7b6a3a8aa Mon Sep 17 00:00:00 2001 +From: Tommy Jerry Mairo <tommy.mairo@gmail.com> +Date: Sun, 4 Feb 2018 12:42:00 -0800 +Subject: [PATCH 1/2] Bugfix: API mismatch with crypto++ 6.0.0 + +--- + src/ClientCreditsList.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/ClientCreditsList.cpp b/src/ClientCreditsList.cpp +index 3bea9fe2d..a7ae1e34c 100644 +--- a/src/ClientCreditsList.cpp ++++ b/src/ClientCreditsList.cpp +@@ -312,7 +312,7 @@ void CClientCreditsList::InitalizeCrypting() + // calculate and store public key + CryptoPP::RSASSA_PKCS1v15_SHA_Verifier pubkey(*static_cast<CryptoPP::RSASSA_PKCS1v15_SHA_Signer *>(m_pSignkey)); + CryptoPP::ArraySink asink(m_abyMyPublicKey, 80); +- pubkey.DEREncode(asink); ++ pubkey.AccessMaterial().Save(asink); + m_nMyPublicKeyLen = asink.TotalPutLength(); + asink.MessageEnd(); + } catch (const CryptoPP::Exception& e) { + +From 88ba0ac952b78382445f2fff73c6792c0474dc62 Mon Sep 17 00:00:00 2001 +From: Tommy Jerry Mairo <tommy.mairo@gmail.com> +Date: Wed, 21 Mar 2018 11:56:28 -0700 +Subject: [PATCH 2/2] Update: Change AccessMaterial to GetMaterial + +--- + src/ClientCreditsList.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/ClientCreditsList.cpp b/src/ClientCreditsList.cpp +index a7ae1e34c..69e881fd8 100644 +--- a/src/ClientCreditsList.cpp ++++ b/src/ClientCreditsList.cpp +@@ -312,7 +312,7 @@ void CClientCreditsList::InitalizeCrypting() + // calculate and store public key + CryptoPP::RSASSA_PKCS1v15_SHA_Verifier pubkey(*static_cast<CryptoPP::RSASSA_PKCS1v15_SHA_Signer *>(m_pSignkey)); + CryptoPP::ArraySink asink(m_abyMyPublicKey, 80); +- pubkey.AccessMaterial().Save(asink); ++ pubkey.GetMaterial().Save(asink); + m_nMyPublicKeyLen = asink.TotalPutLength(); + asink.MessageEnd(); + } catch (const CryptoPP::Exception& e) { diff --git a/gnu/packages/patches/binutils-ld-new-dtags.patch b/gnu/packages/patches/binutils-ld-new-dtags.patch deleted file mode 100644 index 5f7a03fc38..0000000000 --- a/gnu/packages/patches/binutils-ld-new-dtags.patch +++ /dev/null @@ -1,16 +0,0 @@ -Turn on --enable-new-dtags by default to make the linker set RUNPATH -instead of RPATH on binaries. This is important because RUNPATH can -be overriden using LD_LIBRARY_PATH at runtime. - -Patch from Nixpkgs by Eelco Dolstra <eelco.dolstra@logicblox.com>. - ---- binutils/ld/ldmain.c -+++ binutils/ld/ldmain.c -@@ -296,6 +296,7 @@ main (int argc, char **argv) - - link_info.allow_undefined_version = TRUE; - link_info.keep_memory = TRUE; -+ link_info.new_dtags = TRUE; - link_info.combreloc = TRUE; - link_info.strip_discarded = TRUE; - link_info.callbacks = &link_callbacks; diff --git a/gnu/packages/patches/boost-fix-icu-build.patch b/gnu/packages/patches/boost-fix-icu-build.patch new file mode 100644 index 0000000000..556f91b8f7 --- /dev/null +++ b/gnu/packages/patches/boost-fix-icu-build.patch @@ -0,0 +1,53 @@ +Pass -std=c++11 when compiling files that include the ICU headers. Without +this flag, compilation fails and causes Boost's build system to remove ICU +support. Note that $(pkg-config --variable=CXXFLAGS icu-uc) includes +"-std=c++11", but Boost's build system does not use 'pkg-config'. + +--- boost_1_66_0/libs/locale/build/Jamfile.v2.orig 2017-12-13 18:56:44.000000000 -0500 ++++ boost_1_66_0/libs/locale/build/Jamfile.v2 2018-04-08 15:18:58.673025760 -0400 +@@ -65,8 +65,8 @@ + + if $(ICU_LINK) + { +- ICU_OPTS = <include>$(ICU_PATH)/include <linkflags>$(ICU_LINK) <dll-path>$(ICU_PATH)/bin <runtime-link>shared ; +- ICU64_OPTS = <include>$(ICU_PATH)/include <linkflags>$(ICU_LINK) <dll-path>$(ICU_PATH)/bin64 <runtime-link>shared ; ++ ICU_OPTS = <include>$(ICU_PATH)/include <cxxflags>-std=c++11 <linkflags>$(ICU_LINK) <dll-path>$(ICU_PATH)/bin <runtime-link>shared ; ++ ICU64_OPTS = <include>$(ICU_PATH)/include <cxxflags>-std=c++11 <linkflags>$(ICU_LINK) <dll-path>$(ICU_PATH)/bin64 <runtime-link>shared ; + } + else + { +@@ -121,6 +121,7 @@ + explicit icuuc icudt icuin ; + + ICU_OPTS = <include>$(ICU_PATH)/include ++ <cxxflags>-std=c++11 + <library>icuuc/<link>shared/<runtime-link>shared + <library>icudt/<link>shared/<runtime-link>shared + <library>icuin/<link>shared/<runtime-link>shared +@@ -180,6 +181,7 @@ + explicit icuuc_64 icudt_64 icuin_64 ; + + ICU64_OPTS = <include>$(ICU_PATH)/include ++ <cxxflags>-std=c++11 + <library>icuuc_64/<link>shared/<runtime-link>shared + <library>icudt_64/<link>shared/<runtime-link>shared + <library>icuin_64/<link>shared/<runtime-link>shared +--- boost_1_66_0/libs/regex/build/Jamfile.v2.orig 2017-12-13 18:56:48.000000000 -0500 ++++ boost_1_66_0/libs/regex/build/Jamfile.v2 2018-04-08 15:20:40.865532505 -0400 +@@ -44,7 +44,7 @@ + + if $(ICU_LINK) + { +- ICU_OPTS = <include>$(ICU_PATH)/include <linkflags>$(ICU_LINK) <dll-path>$(ICU_PATH)/bin <define>BOOST_HAS_ICU=1 <runtime-link>shared ; ++ ICU_OPTS = <include>$(ICU_PATH)/include <cxxflags>-std=c++11 <linkflags>$(ICU_LINK) <dll-path>$(ICU_PATH)/bin <define>BOOST_HAS_ICU=1 <runtime-link>shared ; + } + else + { +@@ -78,6 +78,7 @@ + + ICU_OPTS = + <include>$(ICU_PATH)/include ++ <cxxflags>-std=c++11 + <runtime-link>shared:<library>icuuc/<link>shared + <runtime-link>shared:<library>icudt/<link>shared + <runtime-link>shared:<library>icuin/<link>shared diff --git a/gnu/packages/patches/btrfs-progs-e-value-block.patch b/gnu/packages/patches/btrfs-progs-e-value-block.patch new file mode 100644 index 0000000000..6365146431 --- /dev/null +++ b/gnu/packages/patches/btrfs-progs-e-value-block.patch @@ -0,0 +1,37 @@ +From c78f59a971ce4b543f3177e383b677862b2d9fb5 Mon Sep 17 00:00:00 2001 +From: Qu Wenruo <wqu@suse.com> +Date: Wed, 14 Mar 2018 08:56:57 +0800 +Subject: [PATCH] btrfs-progs: convert/ext2: Remove check for + ext2_ext_attr_entry->e_value_block + +In latest e2fsprogs (1.44.0) definition of ext2_ext_attr_entry has +removed member e_value_block, as currently ext* doesn't support it set +anyway. + +So remove such check so that we can pass compile. + +Issue: #110 +Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199071 +Signed-off-by: Qu Wenruo <wqu@suse.com> +Signed-off-by: David Sterba <dsterba@suse.com> +--- + convert/source-ext2.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/convert/source-ext2.c b/convert/source-ext2.c +index b1492c78..070126ec 100644 +--- a/convert/source-ext2.c ++++ b/convert/source-ext2.c +@@ -422,8 +422,7 @@ static int ext2_xattr_check_entry(struct ext2_ext_attr_entry *entry, + { + size_t value_size = entry->e_value_size; + +- if (entry->e_value_block != 0 || value_size > size || +- entry->e_value_offs + value_size > size) ++ if (value_size > size || entry->e_value_offs + value_size > size) + return -EIO; + return 0; + } +-- +2.16.3 + diff --git a/gnu/packages/patches/cmake-fix-tests.patch b/gnu/packages/patches/cmake-fix-tests.patch deleted file mode 100644 index 732b0023ab..0000000000 --- a/gnu/packages/patches/cmake-fix-tests.patch +++ /dev/null @@ -1,120 +0,0 @@ -From af0a62dadfb3db25880bc653e2e4c97435a604c9 Mon Sep 17 00:00:00 2001 -From: Efraim Flashner <efraim@flashner.co.il> -Date: Mon, 29 Aug 2016 20:07:58 +0300 -Subject: [PATCH] cmake-fix-tests - ---- - Tests/CMakeLists.txt | 83 ++++++++++++++++++++++++++++------------------------ - 1 file changed, 44 insertions(+), 39 deletions(-) - -diff --git a/Tests/CMakeLists.txt b/Tests/CMakeLists.txt -index f21e430..56014a2 100644 ---- a/Tests/CMakeLists.txt -+++ b/Tests/CMakeLists.txt -@@ -416,10 +416,12 @@ if(BUILD_TESTING) - endif() - - # run test for BundleUtilities on supported platforms/compilers -- if(MSVC OR -- MINGW OR -- CMAKE_SYSTEM_NAME MATCHES "Linux" OR -- CMAKE_SYSTEM_NAME MATCHES "Darwin") -+# if(MSVC OR -+# MINGW OR -+# CMAKE_SYSTEM_NAME MATCHES "Linux" OR -+# CMAKE_SYSTEM_NAME MATCHES "Darwin") -+# This test fails on Guix: skip it. -+ if(FALSE) - if(NOT "${CMAKE_GENERATOR}" STREQUAL "Watcom WMake") - - add_test(BundleUtilities ${CMAKE_CTEST_COMMAND} -@@ -2481,30 +2483,32 @@ ${CMake_BINARY_DIR}/bin/cmake -DDIR=dev -P ${CMake_SOURCE_DIR}/Utilities/Release - PASS_REGULAR_EXPRESSION "Could not find executable" - FAIL_REGULAR_EXPRESSION "SegFault") - -- configure_file( -- "${CMake_SOURCE_DIR}/Tests/CTestTestUpload/test.cmake.in" -- "${CMake_BINARY_DIR}/Tests/CTestTestUpload/test.cmake" -- @ONLY ESCAPE_QUOTES) -- add_test(CTestTestUpload ${CMAKE_CTEST_COMMAND} -- -S "${CMake_BINARY_DIR}/Tests/CTestTestUpload/test.cmake" -V -- --output-log "${CMake_BINARY_DIR}/Tests/CTestTestUpload/testOut.log" -- ) -- set_tests_properties(CTestTestUpload PROPERTIES -- PASS_REGULAR_EXPRESSION "Upload\\.xml") -- -- configure_file( -- "${CMake_SOURCE_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake.in" -- "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake" -- @ONLY ESCAPE_QUOTES) -- add_test(CTestCoverageCollectGCOV ${CMAKE_CTEST_COMMAND} -- -C \${CTEST_CONFIGURATION_TYPE} -- -S "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake" -VV -- --output-log "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/testOut.log" -- ) -- set_tests_properties(CTestCoverageCollectGCOV PROPERTIES -- PASS_REGULAR_EXPRESSION -- "PASSED with correct output.*Testing/CoverageInfo/main.cpp.gcov") -- set_property(TEST CTestCoverageCollectGCOV PROPERTY ENVIRONMENT CTEST_PARALLEL_LEVEL=) -+# This test requires network connectivity: skip it. -+# configure_file( -+# "${CMake_SOURCE_DIR}/Tests/CTestTestUpload/test.cmake.in" -+# "${CMake_BINARY_DIR}/Tests/CTestTestUpload/test.cmake" -+# @ONLY ESCAPE_QUOTES) -+# add_test(CTestTestUpload ${CMAKE_CTEST_COMMAND} -+# -S "${CMake_BINARY_DIR}/Tests/CTestTestUpload/test.cmake" -V -+# --output-log "${CMake_BINARY_DIR}/Tests/CTestTestUpload/testOut.log" -+# ) -+# set_tests_properties(CTestTestUpload PROPERTIES -+# PASS_REGULAR_EXPRESSION "Upload\\.xml") -+ -+# This test times out -+# configure_file( -+# "${CMake_SOURCE_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake.in" -+# "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake" -+# @ONLY ESCAPE_QUOTES) -+# add_test(CTestCoverageCollectGCOV ${CMAKE_CTEST_COMMAND} -+# -C \${CTEST_CONFIGURATION_TYPE} -+# -S "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake" -VV -+# --output-log "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/testOut.log" -+# ) -+# set_tests_properties(CTestCoverageCollectGCOV PROPERTIES -+# PASS_REGULAR_EXPRESSION -+# "PASSED with correct output.*Testing/CoverageInfo/main.cpp.gcov") -+# set_property(TEST CTestCoverageCollectGCOV PROPERTY ENVIRONMENT CTEST_PARALLEL_LEVEL=) - - configure_file( - "${CMake_SOURCE_DIR}/Tests/CTestTestEmptyBinaryDirectory/test.cmake.in" -@@ -2860,17 +2864,18 @@ ${CMake_BINARY_DIR}/bin/cmake -DDIR=dev -P ${CMake_SOURCE_DIR}/Utilities/Release - set_tests_properties(CTestTestStopTime PROPERTIES - PASS_REGULAR_EXPRESSION "The stop time has been passed") - -- configure_file( -- "${CMake_SOURCE_DIR}/Tests/CTestTestSubdir/test.cmake.in" -- "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/test.cmake" -- @ONLY ESCAPE_QUOTES) -- add_test(CTestTestSubdir ${CMAKE_CTEST_COMMAND} -- -S "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/test.cmake" -V -- --output-log "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/testOutput.log" -- ) -- #make sure all 3 subdirs were added -- set_tests_properties(CTestTestSubdir PROPERTIES -- PASS_REGULAR_EXPRESSION "0 tests failed out of 3") -+# This test fails to build 2 of the 3 tests -+# configure_file( -+# "${CMake_SOURCE_DIR}/Tests/CTestTestSubdir/test.cmake.in" -+# "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/test.cmake" -+# @ONLY ESCAPE_QUOTES) -+# add_test(CTestTestSubdir ${CMAKE_CTEST_COMMAND} -+# -S "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/test.cmake" -V -+# --output-log "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/testOutput.log" -+# ) -+# #make sure all 3 subdirs were added -+# set_tests_properties(CTestTestSubdir PROPERTIES -+# PASS_REGULAR_EXPRESSION "0 tests failed out of 3") - - configure_file( - "${CMake_SOURCE_DIR}/Tests/CTestTestTimeout/test.cmake.in" --- -2.9.3 - diff --git a/gnu/packages/patches/doxygen-gcc-ice.patch b/gnu/packages/patches/doxygen-gcc-ice.patch new file mode 100644 index 0000000000..fbfedcb7ab --- /dev/null +++ b/gnu/packages/patches/doxygen-gcc-ice.patch @@ -0,0 +1,25 @@ +Work around this GCC ICE: <https://bugs.gnu.org/31708>. It shows up +only when doing native compiles on armhf-linux. + +Yes it's a terrible patch, but it does the job. + +--- doxygen-1.8.13/qtools/qutfcodec.cpp 1970-01-01 01:00:00.000000000 +0100 ++++ doxygen-1.8.13/qtools/qutfcodec.cpp 2018-06-08 14:14:29.614009929 +0200 +@@ -189,7 +189,7 @@ int QUtf16Codec::heuristicContentMatch(c + } + + +- ++volatile const void *bomPointer = &QChar::byteOrderMark; + + class QUtf16Encoder : public QTextEncoder { + bool headerdone; +@@ -209,7 +209,7 @@ public: + headerdone = TRUE; + len_in_out = (1+uc.length())*(int)sizeof(QChar); + QCString d(len_in_out); +- memcpy(d.rawData(),&QChar::byteOrderMark,sizeof(QChar)); ++ memcpy(d.rawData(),(void *)bomPointer,sizeof(QChar)); + memcpy(d.rawData()+sizeof(QChar),uc.unicode(),uc.length()*sizeof(QChar)); + return d; + } diff --git a/gnu/packages/patches/e2fsprogs-glibc-2.27.patch b/gnu/packages/patches/e2fsprogs-glibc-2.27.patch new file mode 100644 index 0000000000..f0bc7130c0 --- /dev/null +++ b/gnu/packages/patches/e2fsprogs-glibc-2.27.patch @@ -0,0 +1,56 @@ +Copied from: +https://github.com/openwrt/openwrt/blob/58a95f0f8ff768b43d68eed2b6a786e0f40f723b/tools/e2fsprogs/patches/005-misc-rename-copy_file_range-to-copy_file_chunk.patch + +From 01551bdba16ab16512a01affe02ade32c41ede8a Mon Sep 17 00:00:00 2001 +From: Palmer Dabbelt <palmer@dabbelt.com> +Date: Fri, 29 Dec 2017 10:19:51 -0800 +Subject: [PATCH] misc: rename copy_file_range to copy_file_chunk + +As of 2.27, glibc will have a copy_file_range library call to wrap the +new copy_file_range system call. This conflicts with the function in +misc/create_inode.c, which this patch renames _copy_file_range. + +Signed-off-by: Palmer Dabbelt <palmer@dabbelt.com> +Signed-off-by: Theodore Ts'o <tytso@mit.edu> +--- + misc/create_inode.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/misc/create_inode.c ++++ b/misc/create_inode.c +@@ -392,7 +392,7 @@ static ssize_t my_pread(int fd, void *bu + } + #endif /* !defined HAVE_PREAD64 && !defined HAVE_PREAD */ + +-static errcode_t copy_file_range(ext2_filsys fs, int fd, ext2_file_t e2_file, ++static errcode_t copy_file_chunk(ext2_filsys fs, int fd, ext2_file_t e2_file, + off_t start, off_t end, char *buf, + char *zerobuf) + { +@@ -466,7 +466,7 @@ static errcode_t try_lseek_copy(ext2_fil + + data_blk = data & ~(fs->blocksize - 1); + hole_blk = (hole + (fs->blocksize - 1)) & ~(fs->blocksize - 1); +- err = copy_file_range(fs, fd, e2_file, data_blk, hole_blk, buf, ++ err = copy_file_chunk(fs, fd, e2_file, data_blk, hole_blk, buf, + zerobuf); + if (err) + return err; +@@ -516,7 +516,7 @@ static errcode_t try_fiemap_copy(ext2_fi + } + for (i = 0, ext = ext_buf; i < fiemap_buf->fm_mapped_extents; + i++, ext++) { +- err = copy_file_range(fs, fd, e2_file, ext->fe_logical, ++ err = copy_file_chunk(fs, fd, e2_file, ext->fe_logical, + ext->fe_logical + ext->fe_length, + buf, zerobuf); + if (err) +@@ -569,7 +569,7 @@ static errcode_t copy_file(ext2_filsys f + goto out; + #endif + +- err = copy_file_range(fs, fd, e2_file, 0, statbuf->st_size, buf, ++ err = copy_file_chunk(fs, fd, e2_file, 0, statbuf->st_size, buf, + zerobuf); + out: + ext2fs_free_mem(&zerobuf); diff --git a/gnu/packages/patches/elogind-glibc-2.27.patch b/gnu/packages/patches/elogind-glibc-2.27.patch new file mode 100644 index 0000000000..4ade587b5e --- /dev/null +++ b/gnu/packages/patches/elogind-glibc-2.27.patch @@ -0,0 +1,22 @@ +Look for memfd_create in sys/mman.h instead of linux/memfd.h. +Needed to build with glibc-2.27. + +--- a/configure.ac 1969-12-31 19:00:00.000000000 -0500 ++++ b/configure.ac 2018-03-27 23:54:15.414589005 -0400 +@@ -360,7 +360,7 @@ + # ------------------------------------------------------------------------------ + + AC_CHECK_HEADERS([sys/capability.h], [], [AC_MSG_ERROR([*** POSIX caps headers not found])]) +-AC_CHECK_HEADERS([linux/memfd.h], [], []) ++AC_CHECK_HEADERS([sys/mman.h], [], []) + + AC_CHECK_HEADERS([printf.h], [have_printf_h=yes], [have_printf_h=no]) + AS_IF([test x$have_printf_h = xyes], [ +@@ -395,6 +395,7 @@ + [], [], [[ + #include <sys/types.h> + #include <unistd.h> ++#include <sys/mman.h> + #include <sys/mount.h> + #include <fcntl.h> + #include <sched.h> diff --git a/gnu/packages/patches/emacs-fix-scheme-indent-function.patch b/gnu/packages/patches/emacs-fix-scheme-indent-function.patch index c5a426802c..4b7904ea3b 100644 --- a/gnu/packages/patches/emacs-fix-scheme-indent-function.patch +++ b/gnu/packages/patches/emacs-fix-scheme-indent-function.patch @@ -14,16 +14,16 @@ The fix is made by Mark H Weaver <mhw@netris.org>: --- a/lisp/progmodes/scheme.el +++ b/lisp/progmodes/scheme.el -@@ -482,6 +482,12 @@ - (> (length function) 3) - (string-match "\\`def" function))) - (lisp-indent-defform state indent-point)) +@@ -494,6 +494,12 @@ indentation." + (> (length function) 3) + (string-match "\\`def" function))) + (lisp-indent-defform state indent-point)) + ((and (null method) + (> (length function) 1) + ;; The '#' in '#:' seems to get lost, not sure why + (string-match "\\`:" function)) + (let ((lisp-body-indent 1)) + (lisp-indent-defform state indent-point))) - ((integerp method) - (lisp-indent-specform method state - indent-point normal-indent)) + ((integerp method) + (lisp-indent-specform method state + indent-point normal-indent)) diff --git a/gnu/packages/patches/enlightenment-fix-setuid-path.patch b/gnu/packages/patches/enlightenment-fix-setuid-path.patch new file mode 100644 index 0000000000..90e16d3e67 --- /dev/null +++ b/gnu/packages/patches/enlightenment-fix-setuid-path.patch @@ -0,0 +1,168 @@ +diff --git a/src/bin/e_auth.c b/src/bin/e_auth.c +index 00b0e5d84..98ab4518f 100644 +--- a/src/bin/e_auth.c ++++ b/src/bin/e_auth.c +@@ -9,8 +9,7 @@ e_auth_begin(char *passwd) + + if (strlen(passwd) == 0) goto out; + +- snprintf(buf, sizeof(buf), "%s/enlightenment/utils/enlightenment_ckpasswd", +- e_prefix_lib_get()); ++ snprintf(buf, sizeof(buf), "/run/setuid-programs/enlightenment_ckpasswd"); + + exe = ecore_exe_pipe_run(buf, ECORE_EXE_PIPE_WRITE, NULL); + if (ecore_exe_send(exe, passwd, strlen(passwd)) != EINA_TRUE) goto out; +diff --git a/src/bin/e_backlight.c b/src/bin/e_backlight.c +index 2bced6766..208e583ba 100644 +--- a/src/bin/e_backlight.c ++++ b/src/bin/e_backlight.c +@@ -521,8 +521,8 @@ _bl_sys_level_set(double val) + } + // fprintf(stderr, "SET: %1.3f\n", val); + snprintf(buf, sizeof(buf), +- "%s/enlightenment/utils/enlightenment_backlight %i %s", +- e_prefix_lib_get(), (int)(val * 1000.0), bl_sysval); ++ "/run/setuid-programs/enlightenment_backlight %i %s", ++ (int)(val * 1000.0), bl_sysval); + bl_sys_set_exe = ecore_exe_run(buf, NULL); + } + #endif // HAVE_EEZE || __FreeBSD_kernel__ +diff --git a/src/bin/e_fm/e_fm_main_eeze.c b/src/bin/e_fm/e_fm_main_eeze.c +index b7d9e3eba..d8a9eb82c 100644 +--- a/src/bin/e_fm/e_fm_main_eeze.c ++++ b/src/bin/e_fm/e_fm_main_eeze.c +@@ -318,7 +318,7 @@ _e_fm_main_eeze_volume_eject(E_Volume *v) + { + char buf[PATH_MAX]; + +- snprintf(buf, sizeof(buf), "%s/enlightenment/utils/enlightenment_sys", eina_prefix_lib_get(pfx)); ++ snprintf(buf, sizeof(buf), "/run/setuid-programs/enlightenment_sys"); + eeze_disk_mount_wrapper_set(v->disk, buf); + } + v->guard = ecore_timer_loop_add(E_FM_EJECT_TIMEOUT, (Ecore_Task_Cb)_e_fm_main_eeze_vol_eject_timeout, v); +@@ -512,7 +512,7 @@ _e_fm_main_eeze_volume_unmount(E_Volume *v) + { + char buf[PATH_MAX]; + +- snprintf(buf, sizeof(buf), "%s/enlightenment/utils/enlightenment_sys", eina_prefix_lib_get(pfx)); ++ snprintf(buf, sizeof(buf), "/run/setuid-programs/enlightenment_sys"); + eeze_disk_mount_wrapper_set(v->disk, buf); + } + v->guard = ecore_timer_loop_add(E_FM_UNMOUNT_TIMEOUT, (Ecore_Task_Cb)_e_fm_main_eeze_vol_unmount_timeout, v); +@@ -548,7 +548,7 @@ _e_fm_main_eeze_volume_mount(E_Volume *v) + { + char buf2[PATH_MAX]; + +- snprintf(buf2, sizeof(buf2), "%s/enlightenment/utils/enlightenment_sys", eina_prefix_lib_get(pfx)); ++ snprintf(buf2, sizeof(buf2), "/run/setuid-programs/enlightenment_sys"); + eeze_disk_mount_wrapper_set(v->disk, buf2); + } + v->guard = ecore_timer_loop_add(E_FM_MOUNT_TIMEOUT, (Ecore_Task_Cb)_e_fm_main_eeze_vol_mount_timeout, v); +diff --git a/src/bin/e_sys.c b/src/bin/e_sys.c +index 6781a9b5a..8cd140f1b 100644 +--- a/src/bin/e_sys.c ++++ b/src/bin/e_sys.c +@@ -653,20 +653,16 @@ _e_sys_cb_timer(void *data EINA_UNUSED) + + e_init_status_set(_("Checking System Permissions")); + snprintf(buf, sizeof(buf), +- "%s/enlightenment/utils/enlightenment_sys -t halt", +- e_prefix_lib_get()); ++ "/run/setuid-programs/enlightenment_sys -t halt"); + _e_sys_halt_check_exe = ecore_exe_run(buf, NULL); + snprintf(buf, sizeof(buf), +- "%s/enlightenment/utils/enlightenment_sys -t reboot", +- e_prefix_lib_get()); ++ "/run/setuid-programs/enlightenment_sys -t reboot"); + _e_sys_reboot_check_exe = ecore_exe_run(buf, NULL); + snprintf(buf, sizeof(buf), +- "%s/enlightenment/utils/enlightenment_sys -t suspend", +- e_prefix_lib_get()); ++ "/run/setuid-programs/enlightenment_sys -t suspend"); + _e_sys_suspend_check_exe = ecore_exe_run(buf, NULL); + snprintf(buf, sizeof(buf), +- "%s/enlightenment/utils/enlightenment_sys -t hibernate", +- e_prefix_lib_get()); ++ "/run/setuid-programs/enlightenment_sys -t hibernate"); + _e_sys_hibernate_check_exe = ecore_exe_run(buf, NULL); + return ECORE_CALLBACK_CANCEL; + } +@@ -1079,8 +1075,7 @@ _e_sys_action_do(E_Sys_Action a, char *param EINA_UNUSED, Eina_Bool raw) + /* shutdown -h now */ + if (e_util_immortal_check()) return 0; + snprintf(buf, sizeof(buf), +- "%s/enlightenment/utils/enlightenment_sys halt", +- e_prefix_lib_get()); ++ "/run/setuid-programs/enlightenment_sys halt"); + if (_e_sys_exe) + { + if ((ecore_time_get() - _e_sys_begin_time) > 2.0) +@@ -1114,8 +1109,7 @@ _e_sys_action_do(E_Sys_Action a, char *param EINA_UNUSED, Eina_Bool raw) + /* shutdown -r now */ + if (e_util_immortal_check()) return 0; + snprintf(buf, sizeof(buf), +- "%s/enlightenment/utils/enlightenment_sys reboot", +- e_prefix_lib_get()); ++ "/run/setuid-programs/enlightenment_sys reboot"); + if (_e_sys_exe) + { + if ((ecore_time_get() - _e_sys_begin_time) > 2.0) +@@ -1148,8 +1142,7 @@ _e_sys_action_do(E_Sys_Action a, char *param EINA_UNUSED, Eina_Bool raw) + case E_SYS_SUSPEND: + /* /etc/acpi/sleep.sh force */ + snprintf(buf, sizeof(buf), +- "%s/enlightenment/utils/enlightenment_sys suspend", +- e_prefix_lib_get()); ++ "/run/setuid-programs/enlightenment_sys suspend"); + if (_e_sys_exe) + { + if ((ecore_time_get() - _e_sys_begin_time) > 2.0) +@@ -1208,8 +1201,7 @@ _e_sys_action_do(E_Sys_Action a, char *param EINA_UNUSED, Eina_Bool raw) + case E_SYS_HIBERNATE: + /* /etc/acpi/hibernate.sh force */ + snprintf(buf, sizeof(buf), +- "%s/enlightenment/utils/enlightenment_sys hibernate", +- e_prefix_lib_get()); ++ "/run/setuid-programs/enlightenment_sys hibernate"); + if (_e_sys_exe) + { + if ((ecore_time_get() - _e_sys_begin_time) > 2.0) +diff --git a/src/modules/bluez4/e_mod_main.c b/src/modules/bluez4/e_mod_main.c +index 4b5148634..47d34b07f 100644 +--- a/src/modules/bluez4/e_mod_main.c ++++ b/src/modules/bluez4/e_mod_main.c +@@ -49,8 +49,8 @@ _ebluez_l2ping_poller(void *data EINA_UNUSED) + + if (tmp) + { +- eina_strbuf_append_printf(buf, "%s/enlightenment/utils/enlightenment_sys l2ping %s", +- e_prefix_lib_get(), tmp); ++ eina_strbuf_append_printf(buf, "/run/setuid-programs/enlightenment_sys l2ping %s", ++ tmp); + autolock_exe = ecore_exe_run(eina_strbuf_string_get(buf), NULL); + } + +@@ -692,8 +692,7 @@ e_modapi_init(E_Module *m) + autolock_desklock = ecore_event_handler_add(E_EVENT_DESKLOCK, _ebluez_desklock, NULL); + + buf = eina_strbuf_new(); +- eina_strbuf_append_printf(buf, "%s/enlightenment/utils/enlightenment_sys -t l2ping", +- e_prefix_lib_get()); ++ eina_strbuf_append_printf(buf, "/run/setuid-programs/enlightenment_sys -t l2ping"); + autolock_exe = ecore_exe_run(eina_strbuf_string_get(buf), NULL); + eina_strbuf_free(buf); + +diff --git a/src/modules/cpufreq/e_mod_main.c b/src/modules/cpufreq/e_mod_main.c +index f4ba259b6..ae228bae3 100644 +--- a/src/modules/cpufreq/e_mod_main.c ++++ b/src/modules/cpufreq/e_mod_main.c +@@ -1450,8 +1450,7 @@ e_modapi_init(E_Module *m) + } + E_CONFIG_LIMIT(cpufreq_config->poll_interval, 1, 1024); + +- snprintf(buf, sizeof(buf), "%s/%s/freqset", +- e_module_dir_get(m), MODULE_ARCH); ++ snprintf(buf, sizeof(buf), "/run/setuid-programs/freqset"); + cpufreq_config->set_exe_path = strdup(buf); + + if (stat(buf, &st) < 0) diff --git a/gnu/packages/patches/fifo-map-fix-flags-for-gcc.patch b/gnu/packages/patches/fifo-map-fix-flags-for-gcc.patch new file mode 100644 index 0000000000..59b7105220 --- /dev/null +++ b/gnu/packages/patches/fifo-map-fix-flags-for-gcc.patch @@ -0,0 +1,39 @@ +From 0871db30bd73d112a434f54572d34cca28de61c5 Mon Sep 17 00:00:00 2001 +From: fis <ybbs.daans@hotmail.com> +Date: Sat, 26 May 2018 22:58:37 +0800 +Subject: [PATCH 2/2] * CMakeLists.txt: Fix flags for gcc. + +--- + CMakeLists.txt | 18 ++---------------- + 1 file changed, 2 insertions(+), 16 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index eba147b..d60dcef 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -6,20 +6,6 @@ add_executable(unit src/fifo_map.hpp test/unit.cpp) + + target_include_directories(unit PRIVATE "test" "src") + +-if(MSVC) +- set(CMAKE_CXX_FLAGS +- "/EHsc" +- ) ++set(CMAKE_CXX_FLAGS "-std=c++11 -fpermissive") + +- STRING(REPLACE "/O2" "/Od" CMAKE_CXX_FLAGS_RELEASE ${CMAKE_CXX_FLAGS_RELEASE}) +- +- add_definitions(-D_SCL_SECURE_NO_WARNINGS) +-else(MSVC) +- set(CMAKE_CXX_FLAGS +- "-std=c++11 -stdlib=libc++" +- ) +-endif(MSVC) +- +-include_directories( +- src test +-) ++include_directories(src test) +-- +2.14.3 + diff --git a/gnu/packages/patches/fifo-map-remove-catch.hpp.patch b/gnu/packages/patches/fifo-map-remove-catch.hpp.patch new file mode 100644 index 0000000000..be4efd3e9a --- /dev/null +++ b/gnu/packages/patches/fifo-map-remove-catch.hpp.patch @@ -0,0 +1,30 @@ +From 20dcf90fd02511f8d78ea7cc8ac82c121fd2f6cf Mon Sep 17 00:00:00 2001 +From: fis <ybbs.daans@hotmail.com> +Date: Sat, 26 May 2018 22:56:29 +0800 +Subject: [PATCH 1/2] * CMakeLists.txt: Remove catch.hpp. + +--- + CMakeLists.txt | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 6603c7f..eba147b 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -2,11 +2,9 @@ cmake_minimum_required(VERSION 2.8) + + project(fifo_map LANGUAGES CXX) + +-add_executable(unit +- src/fifo_map.hpp test/thirdparty/catch/catch.hpp test/unit.cpp +-) ++add_executable(unit src/fifo_map.hpp test/unit.cpp) + +-target_include_directories(unit PRIVATE "test" "src" "test/thirdparty") ++target_include_directories(unit PRIVATE "test" "src") + + if(MSVC) + set(CMAKE_CXX_FLAGS +-- +2.14.3 + diff --git a/gnu/packages/patches/fontconfig-remove-debug-printf.patch b/gnu/packages/patches/fontconfig-remove-debug-printf.patch deleted file mode 100644 index 04924a45a4..0000000000 --- a/gnu/packages/patches/fontconfig-remove-debug-printf.patch +++ /dev/null @@ -1,18 +0,0 @@ -Fontconfig 2.12.5 and 2.12.6 was released with a stray debugging statement. -See <https://lists.freedesktop.org/archives/fontconfig/2017-October/006079.html>. - -Patch copied from upstream source repository: -https://cgit.freedesktop.org/fontconfig/commit/?id=b56207a069be2574df455ede0a6ab61f44d5ca2b - -diff --git a/fc-query/fc-query.c b/fc-query/fc-query.c -index 842a8b6..6cd5abd 100644 ---- a/fc-query/fc-query.c -+++ b/fc-query/fc-query.c -@@ -170,7 +170,6 @@ main (int argc, char **argv) - FcPattern *pat; - - id = ((instance_num << 16) + face_num); -- printf("id %d\n", id); - if (FT_New_Face (ftLibrary, argv[i], id, &face)) - break; - num_faces = face->num_faces; diff --git a/gnu/packages/patches/gawk-shell.patch b/gnu/packages/patches/gawk-shell.patch index 80e9c65475..46ca5e451f 100644 --- a/gnu/packages/patches/gawk-shell.patch +++ b/gnu/packages/patches/gawk-shell.patch @@ -4,31 +4,39 @@ absolute file name of `sh'. --- gawk-4.1.3/io.c 2015-05-19 15:37:20.000000000 +0200 +++ gawk-4.1.3/io.c 2015-06-09 18:39:36.918414881 +0200 -@@ -1945,7 +1945,7 @@ two_way_open(const char *str, struct red +@@ -2025,7 +2025,7 @@ - signal(SIGPIPE, SIG_DFL); + set_sigpipe_to_default(); -- execl("/bin/sh", "sh", "-c", str, NULL); -+ execlp("sh", "sh", "-c", str, NULL); - _exit(errno == ENOENT ? 127 : 126); +- execl("/bin/sh", "sh", "-c", command, NULL); ++ execlp("sh", "sh", "-c", command, NULL); + _exit(errno == ENOENT ? 127 : 126); + + case -1: +@@ -2077,7 +2077,7 @@ - case -1: -@@ -2129,7 +2129,7 @@ use_pipes: + signal(SIGPIPE, SIG_DFL); + +- execl("/bin/sh", "sh", "-c", command, NULL); ++ execlp("sh", "sh", "-c", command, NULL); + _exit(errno == ENOENT ? 127 : 126); + + case -1: +@@ -2422,7 +2422,7 @@ fatal(_("close of pipe failed (%s)"), strerror(errno)); /* stderr does NOT get dup'ed onto child's stdout */ - signal(SIGPIPE, SIG_DFL); + set_sigpipe_to_default(); - execl("/bin/sh", "sh", "-c", str, NULL); + execlp("sh", "sh", "-c", str, NULL); _exit(errno == ENOENT ? 127 : 126); } #endif /* NOT __EMX__, NOT __MINGW32__ */ -@@ -2323,7 +2323,7 @@ gawk_popen(const char *cmd, struct redir +@@ -2659,7 +2659,7 @@ if (close(p[0]) == -1 || close(p[1]) == -1) fatal(_("close of pipe failed (%s)"), strerror(errno)); - signal(SIGPIPE, SIG_DFL); + set_sigpipe_to_default(); - execl("/bin/sh", "sh", "-c", cmd, NULL); + execlp("sh", "sh", "-c", cmd, NULL); _exit(errno == ENOENT ? 127 : 126); } #endif /* NOT __EMX__, NOT __MINGW32__ */ - diff --git a/gnu/packages/patches/gcc-strmov-store-file-names.patch b/gnu/packages/patches/gcc-strmov-store-file-names.patch index 7951b87616..9f9162855d 100644 --- a/gnu/packages/patches/gcc-strmov-store-file-names.patch +++ b/gnu/packages/patches/gcc-strmov-store-file-names.patch @@ -2,23 +2,43 @@ Make sure that statements such as: strcpy (dst, "/gnu/store/…"); +or + + static const char str[] = "/gnu/store/…"; + … + strcpy (dst, str); + do not result in chunked /gnu/store strings that are undetectable by -Guix's GC and its grafting code. See <http://bugs.gnu.org/24703>. +Guix's GC and its grafting code. See <https://bugs.gnu.org/24703> +and <https://bugs.gnu.org/30395>. + --- gcc-5.3.0/gcc/builtins.c 2016-10-18 10:50:46.080616285 +0200 +++ gcc-5.3.0/gcc/builtins.c 2016-11-09 15:26:43.693042737 +0100 -@@ -3192,6 +3192,42 @@ determine_block_size (tree len, rtx len_ +@@ -3192,6 +3192,54 @@ determine_block_size (tree len, rtx len_ GET_MODE_MASK (GET_MODE (len_rtx))); } ++extern void debug_tree (tree); ++ +/* Return true if STR contains the string "/gnu/store". */ + -+static bool ++bool +store_reference_p (tree str) +{ ++ if (getenv ("GUIX_GCC_DEBUG") != NULL) ++ debug_tree (str); ++ + if (TREE_CODE (str) == ADDR_EXPR) + str = TREE_OPERAND (str, 0); + ++ if (TREE_CODE (str) == VAR_DECL ++ && TREE_STATIC (str) ++ && TREE_READONLY (str)) ++ /* STR may be a 'static const' variable whose initial value ++ is a string constant. See <https://bugs.gnu.org/30395>. */ ++ str = DECL_INITIAL (str); ++ + if (TREE_CODE (str) != STRING_CST) + return false; + @@ -57,10 +77,32 @@ Guix's GC and its grafting code. See <http://bugs.gnu.org/24703>. + /* Do not emit block moves, which translate to the 'movabs' instruction on + x86_64, when SRC refers to store items. That way, store references + remain visible to the Guix GC and grafting code. See -+ <http://bugs.gnu.org/24703>. */ ++ <https://bugs.gnu.org/24703>. */ + if (store_reference_p (src)) + return NULL_RTX; + /* If DEST is not a pointer type, call the normal function. */ if (dest_align == 0) return NULL_RTX; + +--- gcc-5.5.0/gcc/gimple-fold.c 2018-03-20 11:36:16.709442004 +0100 ++++ gcc-5.5.0/gcc/gimple-fold.c 2018-03-20 11:46:43.838487065 +0100 +@@ -769,6 +769,8 @@ var_decl_component_p (tree var) + return SSA_VAR_P (inner); + } + ++extern bool store_reference_p (tree); ++ + /* Fold function call to builtin mem{{,p}cpy,move}. Return + false if no simplification can be made. + If ENDP is 0, return DEST (like memcpy). +@@ -1099,6 +1101,9 @@ gimple_fold_builtin_memory_op (gimple_st + if (!srctype) + return false; + ++ if (store_reference_p (src)) ++ return false; ++ + src_align = get_pointer_alignment (src); + dest_align = get_pointer_alignment (dest); + if (dest_align < TYPE_ALIGN (desttype) diff --git a/gnu/packages/patches/gegl-CVE-2012-4433.patch b/gnu/packages/patches/gegl-CVE-2012-4433.patch deleted file mode 100644 index 7352b78dba..0000000000 --- a/gnu/packages/patches/gegl-CVE-2012-4433.patch +++ /dev/null @@ -1,117 +0,0 @@ -From: Michael Gilbert <mgilbert@debian.org> -Date: Mon, 9 Sep 2013 17:34:32 +0200 -Subject: Fix_CVE-2012-4433 - -Multiple buffer overflow issues. - -Closes: #692435 ---- - operations/external/ppm-load.c | 62 ++++++++++++++++++++++++++++++++++++------ - 1 file changed, 53 insertions(+), 9 deletions(-) - -diff --git a/operations/external/ppm-load.c b/operations/external/ppm-load.c -index efe6d56..465096d 100644 ---- a/operations/external/ppm-load.c -+++ b/operations/external/ppm-load.c -@@ -36,6 +36,7 @@ gegl_chant_file_path (path, _("File"), "", _("Path of file to load.")) - #include "gegl-chant.h" - #include <stdio.h> - #include <stdlib.h> -+#include <errno.h> - - typedef enum { - PIXMAP_ASCII = 51, -@@ -44,8 +45,8 @@ typedef enum { - - typedef struct { - map_type type; -- gint width; -- gint height; -+ glong width; -+ glong height; - gsize numsamples; /* width * height * channels */ - gsize bpc; /* bytes per channel */ - guchar *data; -@@ -82,12 +83,33 @@ ppm_load_read_header(FILE *fp, - } - - /* Get Width and Height */ -- img->width = strtol (header,&ptr,0); -- img->height = atoi (ptr); -- img->numsamples = img->width * img->height * CHANNEL_COUNT; -+ errno = 0; -+ img->width = strtol (header,&ptr,10); -+ if (errno) -+ { -+ g_warning ("Error reading width: %s", strerror(errno)); -+ return FALSE; -+ } -+ else if (img->width < 0) -+ { -+ g_warning ("Error: width is negative"); -+ return FALSE; -+ } -+ -+ img->height = strtol (ptr,&ptr,10); -+ if (errno) -+ { -+ g_warning ("Error reading height: %s", strerror(errno)); -+ return FALSE; -+ } -+ else if (img->width < 0) -+ { -+ g_warning ("Error: height is negative"); -+ return FALSE; -+ } - - fgets (header,MAX_CHARS_IN_ROW,fp); -- maxval = strtol (header,&ptr,0); -+ maxval = strtol (header,&ptr,10); - - if ((maxval != 255) && (maxval != 65535)) - { -@@ -109,6 +131,16 @@ ppm_load_read_header(FILE *fp, - g_warning ("%s: Programmer stupidity error", G_STRLOC); - } - -+ /* Later on, img->numsamples is multiplied with img->bpc to allocate -+ * memory. Ensure it doesn't overflow. */ -+ if (!img->width || !img->height || -+ G_MAXSIZE / img->width / img->height / CHANNEL_COUNT < img->bpc) -+ { -+ g_warning ("Illegal width/height: %ld/%ld", img->width, img->height); -+ return FALSE; -+ } -+ img->numsamples = img->width * img->height * CHANNEL_COUNT; -+ - return TRUE; - } - -@@ -229,12 +261,24 @@ process (GeglOperation *operation, - if (!ppm_load_read_header (fp, &img)) - goto out; - -- rect.height = img.height; -- rect.width = img.width; -- - /* Allocating Array Size */ -+ -+ /* Should use g_try_malloc(), but this causes crashes elsewhere because the -+ * error signalled by returning FALSE isn't properly acted upon. Therefore -+ * g_malloc() is used here which aborts if the requested memory size can't be -+ * allocated causing a controlled crash. */ - img.data = (guchar*) g_malloc (img.numsamples * img.bpc); - -+ /* No-op without g_try_malloc(), see above. */ -+ if (! img.data) -+ { -+ g_warning ("Couldn't allocate %" G_GSIZE_FORMAT " bytes, giving up.", ((gsize)img.numsamples * img.bpc)); -+ goto out; -+ } -+ -+ rect.height = img.height; -+ rect.width = img.width; -+ - switch (img.bpc) - { - case 1: diff --git a/gnu/packages/patches/ghostscript-no-header-id.patch b/gnu/packages/patches/ghostscript-no-header-id.patch index 19b71aadb5..da1aa5530f 100644 --- a/gnu/packages/patches/ghostscript-no-header-id.patch +++ b/gnu/packages/patches/ghostscript-no-header-id.patch @@ -9,7 +9,7 @@ See: https://bugs.ghostscript.com/show_bug.cgi?id=698208 diff -ur orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c --- orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c 2017-07-09 23:30:28.960479189 +0200 +++ gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c 2017-07-09 23:34:34.306524488 +0200 -@@ -1580,8 +1580,11 @@ +@@ -1785,8 +1785,11 @@ * +1 for the linearisation dict and +1 for the primary hint stream. */ linear_params->FirsttrailerOffset = gp_ftell_64(linear_params->Lin_File.file); @@ -23,10 +23,10 @@ diff -ur orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c gnu-ghostscript-9. fwrite(LDict, strlen(LDict), 1, linear_params->Lin_File.file); /* Write document catalog (Part 4) */ -@@ -2102,8 +2105,11 @@ - * in the missing values. - */ - code = gp_fseek_64(linear_params->sfile, linear_params->FirsttrailerOffset, SEEK_SET); +@@ -2321,8 +2324,11 @@ + if (code != 0) + return_error(gs_error_ioerror); + - gs_sprintf(LDict, "\ntrailer\n<</Size %ld/Info %d 0 R/Root %d 0 R/ID[%s%s]/Prev %"PRId64">>\nstartxref\r\n0\n%%%%EOF\n", - linear_params->LastResource + 3, pdev->ResourceUsage[linear_params->Info_id].NewObjectNumber, pdev->ResourceUsage[linear_params->Catalog_id].NewObjectNumber, fileID, fileID, mainxref); + gs_sprintf(LDict, "\ntrailer\n<</Size %ld/Info %d 0 R/Root %d 0 R", @@ -37,7 +37,7 @@ diff -ur orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c gnu-ghostscript-9. fwrite(LDict, strlen(LDict), 1, linear_params->sfile); code = gp_fseek_64(linear_params->sfile, pdev->ResourceUsage[HintStreamObj].LinearisedOffset, SEEK_SET); -@@ -2674,10 +2680,12 @@ +@@ -3016,10 +3022,12 @@ stream_puts(s, "trailer\n"); pprintld3(s, "<< /Size %ld /Root %ld 0 R /Info %ld 0 R\n", pdev->next_id, Catalog_id, Info_id); @@ -54,4 +54,3 @@ diff -ur orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c gnu-ghostscript-9. if (pdev->OwnerPassword.size > 0) { pprintld1(s, "/Encrypt %ld 0 R ", Encrypt_id); } -Nur in gnu-ghostscript-9.14.0/devices/vector: gdevpdf.c.orig. diff --git a/gnu/packages/patches/gimp-CVE-2017-17784.patch b/gnu/packages/patches/gimp-CVE-2017-17784.patch deleted file mode 100644 index c791772fb5..0000000000 --- a/gnu/packages/patches/gimp-CVE-2017-17784.patch +++ /dev/null @@ -1,41 +0,0 @@ -Fix CVE-2017-17784: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17784 -https://bugzilla.gnome.org/show_bug.cgi?id=790784 - -Patch copied from upstream source repository: - -https://git.gnome.org/browse/gimp/commit/?id=c57f9dcf1934a9ab0cd67650f2dea18cb0902270 - -From c57f9dcf1934a9ab0cd67650f2dea18cb0902270 Mon Sep 17 00:00:00 2001 -From: Jehan <jehan@girinstud.io> -Date: Thu, 21 Dec 2017 12:25:32 +0100 -Subject: [PATCH] Bug 790784 - (CVE-2017-17784) heap overread in gbr parser / - load_image. - -We were assuming the input name was well formed, hence was -nul-terminated. As any data coming from external input, this has to be -thorougly checked. -Similar to commit 06d24a79af94837d615d0024916bb95a01bf3c59 but adapted -to older gimp-2-8 code. ---- - plug-ins/common/file-gbr.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/plug-ins/common/file-gbr.c b/plug-ins/common/file-gbr.c -index b028100bef..d3f01d9c56 100644 ---- a/plug-ins/common/file-gbr.c -+++ b/plug-ins/common/file-gbr.c -@@ -443,7 +443,8 @@ load_image (const gchar *filename, - { - gchar *temp = g_new (gchar, bn_size); - -- if ((read (fd, temp, bn_size)) < bn_size) -+ if ((read (fd, temp, bn_size)) < bn_size || -+ temp[bn_size - 1] != '\0') - { - g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, - _("Error in GIMP brush file '%s'"), --- -2.15.1 - diff --git a/gnu/packages/patches/gimp-CVE-2017-17785.patch b/gnu/packages/patches/gimp-CVE-2017-17785.patch deleted file mode 100644 index 939b01f214..0000000000 --- a/gnu/packages/patches/gimp-CVE-2017-17785.patch +++ /dev/null @@ -1,171 +0,0 @@ -Fix CVE-2017-17785: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17785 -https://bugzilla.gnome.org/show_bug.cgi?id=739133 - -Patch copied from upstream source repository: - -https://git.gnome.org/browse/gimp/commit/?id=1882bac996a20ab5c15c42b0c5e8f49033a1af54 - -From 1882bac996a20ab5c15c42b0c5e8f49033a1af54 Mon Sep 17 00:00:00 2001 -From: Tobias Stoeckmann <tobias@stoeckmann.org> -Date: Sun, 29 Oct 2017 15:19:41 +0100 -Subject: [PATCH] Bug 739133 - (CVE-2017-17785) Heap overflow while parsing FLI - files. - -It is possible to trigger a heap overflow while parsing FLI files. The -RLE decoder is vulnerable to out of boundary writes due to lack of -boundary checks. - -The variable "framebuf" points to a memory area which was allocated -with fli_header->width * fli_header->height bytes. The RLE decoder -therefore must never write beyond that limit. - -If an illegal frame is detected, the parser won't stop, which means -that the next valid sequence is properly parsed again. This should -allow GIMP to parse FLI files as good as possible even if they are -broken by an attacker or by accident. - -While at it, I changed the variable xc to be of type size_t, because -the multiplication of width and height could overflow a 16 bit type. - -Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> -(cherry picked from commit edb251a7ef1602d20a5afcbf23f24afb163de63b) ---- - plug-ins/file-fli/fli.c | 50 ++++++++++++++++++++++++++++++++++--------------- - 1 file changed, 35 insertions(+), 15 deletions(-) - -diff --git a/plug-ins/file-fli/fli.c b/plug-ins/file-fli/fli.c -index 313efeb977..ffb651e2af 100644 ---- a/plug-ins/file-fli/fli.c -+++ b/plug-ins/file-fli/fli.c -@@ -25,6 +25,8 @@ - - #include "config.h" - -+#include <glib/gstdio.h> -+ - #include <string.h> - #include <stdio.h> - -@@ -461,23 +463,27 @@ void fli_read_brun(FILE *f, s_fli_header *fli_header, unsigned char *framebuf) - unsigned short yc; - unsigned char *pos; - for (yc=0; yc < fli_header->height; yc++) { -- unsigned short xc, pc, pcnt; -+ unsigned short pc, pcnt; -+ size_t n, xc; - pc=fli_read_char(f); - xc=0; - pos=framebuf+(fli_header->width * yc); -+ n=(size_t)fli_header->width * (fli_header->height-yc); - for (pcnt=pc; pcnt>0; pcnt--) { - unsigned short ps; - ps=fli_read_char(f); - if (ps & 0x80) { - unsigned short len; -- for (len=-(signed char)ps; len>0; len--) { -+ for (len=-(signed char)ps; len>0 && xc<n; len--) { - pos[xc++]=fli_read_char(f); - } - } else { - unsigned char val; -+ size_t len; -+ len=MIN(n-xc,ps); - val=fli_read_char(f); -- memset(&(pos[xc]), val, ps); -- xc+=ps; -+ memset(&(pos[xc]), val, len); -+ xc+=len; - } - } - } -@@ -564,25 +570,34 @@ void fli_read_lc(FILE *f, s_fli_header *fli_header, unsigned char *old_framebuf, - memcpy(framebuf, old_framebuf, fli_header->width * fli_header->height); - firstline = fli_read_short(f); - numline = fli_read_short(f); -+ if (numline > fli_header->height || fli_header->height-numline < firstline) -+ return; -+ - for (yc=0; yc < numline; yc++) { -- unsigned short xc, pc, pcnt; -+ unsigned short pc, pcnt; -+ size_t n, xc; - pc=fli_read_char(f); - xc=0; - pos=framebuf+(fli_header->width * (firstline+yc)); -+ n=(size_t)fli_header->width * (fli_header->height-firstline-yc); - for (pcnt=pc; pcnt>0; pcnt--) { - unsigned short ps,skip; - skip=fli_read_char(f); - ps=fli_read_char(f); -- xc+=skip; -+ xc+=MIN(n-xc,skip); - if (ps & 0x80) { - unsigned char val; -+ size_t len; - ps=-(signed char)ps; - val=fli_read_char(f); -- memset(&(pos[xc]), val, ps); -- xc+=ps; -+ len=MIN(n-xc,ps); -+ memset(&(pos[xc]), val, len); -+ xc+=len; - } else { -- fread(&(pos[xc]), ps, 1, f); -- xc+=ps; -+ size_t len; -+ len=MIN(n-xc,ps); -+ fread(&(pos[xc]), len, 1, f); -+ xc+=len; - } - } - } -@@ -689,7 +704,8 @@ void fli_read_lc_2(FILE *f, s_fli_header *fli_header, unsigned char *old_framebu - yc=0; - numline = fli_read_short(f); - for (lc=0; lc < numline; lc++) { -- unsigned short xc, pc, pcnt, lpf, lpn; -+ unsigned short pc, pcnt, lpf, lpn; -+ size_t n, xc; - pc=fli_read_short(f); - lpf=0; lpn=0; - while (pc & 0x8000) { -@@ -700,26 +716,30 @@ void fli_read_lc_2(FILE *f, s_fli_header *fli_header, unsigned char *old_framebu - } - pc=fli_read_short(f); - } -+ yc=MIN(yc, fli_header->height); - xc=0; - pos=framebuf+(fli_header->width * yc); -+ n=(size_t)fli_header->width * (fli_header->height-yc); - for (pcnt=pc; pcnt>0; pcnt--) { - unsigned short ps,skip; - skip=fli_read_char(f); - ps=fli_read_char(f); -- xc+=skip; -+ xc+=MIN(n-xc,skip); - if (ps & 0x80) { - unsigned char v1,v2; - ps=-(signed char)ps; - v1=fli_read_char(f); - v2=fli_read_char(f); -- while (ps>0) { -+ while (ps>0 && xc+1<n) { - pos[xc++]=v1; - pos[xc++]=v2; - ps--; - } - } else { -- fread(&(pos[xc]), ps, 2, f); -- xc+=ps << 1; -+ size_t len; -+ len=MIN((n-xc)/2,ps); -+ fread(&(pos[xc]), len, 2, f); -+ xc+=len << 1; - } - } - if (lpf) pos[xc]=lpn; --- -2.15.1 - diff --git a/gnu/packages/patches/gimp-CVE-2017-17786.patch b/gnu/packages/patches/gimp-CVE-2017-17786.patch deleted file mode 100644 index 851227ac1d..0000000000 --- a/gnu/packages/patches/gimp-CVE-2017-17786.patch +++ /dev/null @@ -1,94 +0,0 @@ -Fix CVE-2017-17786: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17786 -https://bugzilla.gnome.org/show_bug.cgi?id=739134 - -Both patches copied from upstream source repository: - -https://git.gnome.org/browse/gimp/commit/?id=ef9c821fff8b637a2178eab1c78cae6764c50e12 -https://git.gnome.org/browse/gimp/commit/?id=22e2571c25425f225abdb11a566cc281fca6f366 - -From ef9c821fff8b637a2178eab1c78cae6764c50e12 Mon Sep 17 00:00:00 2001 -From: Jehan <jehan@girinstud.io> -Date: Wed, 20 Dec 2017 13:02:38 +0100 -Subject: [PATCH] Bug 739134 - (CVE-2017-17786) Out of bounds read / heap - overflow in... -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -... TGA importer. - -Be more thorough on valid TGA RGB and RGBA images. -In particular current TGA plug-in can import RGBA as 32 bits (8 bits per -channel) and 16 bits (5 bits per color channel and 1 bit for alpha), and -RGB as 15 and 24 bits. -Maybe there exist more variants, but if they do exist, we simply don't -support them yet. - -Thanks to Hanno Böck for the report and a first patch attempt. - -(cherry picked from commit 674b62ad45b6579ec6d7923dc3cb1ef4e8b5498b) ---- - plug-ins/common/file-tga.c | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/plug-ins/common/file-tga.c b/plug-ins/common/file-tga.c -index aef98702d4..426acc2925 100644 ---- a/plug-ins/common/file-tga.c -+++ b/plug-ins/common/file-tga.c -@@ -564,12 +564,16 @@ load_image (const gchar *filename, - } - break; - case TGA_TYPE_COLOR: -- if (info.bpp != 15 && info.bpp != 16 && -- info.bpp != 24 && info.bpp != 32) -+ if ((info.bpp != 15 && info.bpp != 16 && -+ info.bpp != 24 && info.bpp != 32) || -+ ((info.bpp == 15 || info.bpp == 24) && -+ info.alphaBits != 0) || -+ (info.bpp == 16 && info.alphaBits != 1) || -+ (info.bpp == 32 && info.alphaBits != 8)) - { -- g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u)", -+ g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u, alpha = %u)", - gimp_filename_to_utf8 (filename), -- info.imageType, info.bpp); -+ info.imageType, info.bpp, info.alphaBits); - return -1; - } - break; --- -2.15.1 - -From 22e2571c25425f225abdb11a566cc281fca6f366 Mon Sep 17 00:00:00 2001 -From: Jehan <jehan@girinstud.io> -Date: Wed, 20 Dec 2017 13:26:26 +0100 -Subject: [PATCH] plug-ins: TGA 16-bit RGB (without alpha bit) is also valid. - -According to some spec on the web, 16-bit RGB is also valid. In this -case, the last bit is simply ignored (at least that's how it is -implemented right now). - -(cherry picked from commit 8ea316667c8a3296bce2832b3986b58d0fdfc077) ---- - plug-ins/common/file-tga.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/plug-ins/common/file-tga.c b/plug-ins/common/file-tga.c -index 426acc2925..eb14a1dadc 100644 ---- a/plug-ins/common/file-tga.c -+++ b/plug-ins/common/file-tga.c -@@ -568,7 +568,8 @@ load_image (const gchar *filename, - info.bpp != 24 && info.bpp != 32) || - ((info.bpp == 15 || info.bpp == 24) && - info.alphaBits != 0) || -- (info.bpp == 16 && info.alphaBits != 1) || -+ (info.bpp == 16 && info.alphaBits != 1 && -+ info.alphaBits != 0) || - (info.bpp == 32 && info.alphaBits != 8)) - { - g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u, alpha = %u)", --- -2.15.1 - diff --git a/gnu/packages/patches/gimp-CVE-2017-17787.patch b/gnu/packages/patches/gimp-CVE-2017-17787.patch deleted file mode 100644 index b5310d33d9..0000000000 --- a/gnu/packages/patches/gimp-CVE-2017-17787.patch +++ /dev/null @@ -1,42 +0,0 @@ -Fix CVE-2017-17787: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17787 -https://bugzilla.gnome.org/show_bug.cgi?id=790853 - -Patch copied from upstream source repository: - -https://git.gnome.org/browse/gimp/commit/?id=87ba505fff85989af795f4ab6a047713f4d9381d - -From 87ba505fff85989af795f4ab6a047713f4d9381d Mon Sep 17 00:00:00 2001 -From: Jehan <jehan@girinstud.io> -Date: Thu, 21 Dec 2017 12:49:41 +0100 -Subject: [PATCH] Bug 790853 - (CVE-2017-17787) heap overread in psp importer. - -As any external data, we have to check that strings being read at fixed -length are properly nul-terminated. - -(cherry picked from commit eb2980683e6472aff35a3117587c4f814515c74d) ---- - plug-ins/common/file-psp.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c -index 4cbafe37b1..e350e4d88d 100644 ---- a/plug-ins/common/file-psp.c -+++ b/plug-ins/common/file-psp.c -@@ -890,6 +890,12 @@ read_creator_block (FILE *f, - g_free (string); - return -1; - } -+ if (string[length - 1] != '\0') -+ { -+ g_message ("Creator keyword data not nul-terminated"); -+ g_free (string); -+ return -1; -+ } - switch (keyword) - { - case PSP_CRTR_FLD_TITLE: --- -2.15.1 - diff --git a/gnu/packages/patches/gimp-CVE-2017-17789.patch b/gnu/packages/patches/gimp-CVE-2017-17789.patch deleted file mode 100644 index 6dfa435fd0..0000000000 --- a/gnu/packages/patches/gimp-CVE-2017-17789.patch +++ /dev/null @@ -1,48 +0,0 @@ -Fix CVE-2017-17789: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17789 -https://bugzilla.gnome.org/show_bug.cgi?id=790849 - -Patch copied from upstream source repository: - -https://git.gnome.org/browse/gimp/commit/?id=01898f10f87a094665a7fdcf7153990f4e511d3f - -From 01898f10f87a094665a7fdcf7153990f4e511d3f Mon Sep 17 00:00:00 2001 -From: Jehan <jehan@girinstud.io> -Date: Wed, 20 Dec 2017 16:44:20 +0100 -Subject: [PATCH] Bug 790849 - (CVE-2017-17789) CVE-2017-17789 Heap buffer - overflow... - -... in PSP importer. -Check if declared block length is valid (i.e. within the actual file) -before going further. -Consider the file as broken otherwise and fail loading it. - -(cherry picked from commit 28e95fbeb5720e6005a088fa811f5bf3c1af48b8) ---- - plug-ins/common/file-psp.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c -index ac0fff78f0..4cbafe37b1 100644 ---- a/plug-ins/common/file-psp.c -+++ b/plug-ins/common/file-psp.c -@@ -1771,6 +1771,15 @@ load_image (const gchar *filename, - { - block_start = ftell (f); - -+ if (block_start + block_total_len > st.st_size) -+ { -+ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, -+ _("Could not open '%s' for reading: %s"), -+ gimp_filename_to_utf8 (filename), -+ _("invalid block size")); -+ goto error; -+ } -+ - if (id == PSP_IMAGE_BLOCK) - { - if (block_number != 0) --- -2.15.1 - diff --git a/gnu/packages/patches/glib-respect-datadir.patch b/gnu/packages/patches/glib-respect-datadir.patch deleted file mode 100644 index 309ce9fc0b..0000000000 --- a/gnu/packages/patches/glib-respect-datadir.patch +++ /dev/null @@ -1,21 +0,0 @@ -On Guix, Python modules are in a different output from the executables, -so searching "../share/glib-2.0" will not work. - -This patch restores behaviour prior to this commit: -<https://git.gnome.org/browse/glib/commit/?id=fe2a9887a8ccb14f2386e01b14834e97a33bc2d7> - ---- a/gio/gdbus-2.0/codegen/gdbus-codegen.in -+++ b/gio/gdbus-2.0/codegen/gdbus-codegen.in -@@ -25,9 +25,12 @@ - - srcdir = os.getenv('UNINSTALLED_GLIB_SRCDIR', None) - filedir = os.path.dirname(__file__) -+datadir = os.path.join('@datadir@', 'glib-2.0') - - if srcdir is not None: - path = os.path.join(srcdir, 'gio', 'gdbus-2.0') -+elif os.path.exists(os.path.join(datadir, 'codegen')): -+ path = datadir - elif os.path.basename(filedir) == 'bin': - # Make the prefix containing gdbus-codegen 'relocatable' at runtime by - # adding /some/prefix/bin/../share/glib-2.0 to the python path diff --git a/gnu/packages/patches/glibc-2.27-git-fixes.patch b/gnu/packages/patches/glibc-2.27-git-fixes.patch new file mode 100644 index 0000000000..4ed67c7c25 --- /dev/null +++ b/gnu/packages/patches/glibc-2.27-git-fixes.patch @@ -0,0 +1,702 @@ +These commits are cherry-picked from the "release/2.27/master" branch. + +https://sourceware.org/git/?p=glibc.git;a=shortlog;h=refs/heads/release/2.27/master + +Currently, we have the following (with NEWS and ChangeLog entries omitted). + +56170e064e2b21ce204f0817733e92f1730541ea +516fa6080481a1433c173320b1c1432868e1e38a +f36553bf6a4f69070f99badbdab5802b43e6e211 +7c6304182b9f422b782ace1cdd3efbde056aec36 +78a90c2f74a2012dd3eff302189e47ff6779a757 +1e52d8e65a58c49a48549053a1b89c06240e0c6c +55ad82e45c313454de657931898e974a7a036cad + +From 56170e064e2b21ce204f0817733e92f1730541ea Mon Sep 17 00:00:00 2001 +From: Igor Gnatenko <ignatenko@redhat.com> +Date: Wed, 7 Feb 2018 13:53:10 +0100 +Subject: [PATCH] Linux: use reserved name __key in pkey_get [BZ #22797] + +_key is not reserved name and we should avoid using that. It seems that +it was simple typo when pkey_* was implemented. + +(cherry picked from commit 388ff7bd0d57d7061fdd39a2f26f65687e8058da) + +diff --git a/sysdeps/unix/sysv/linux/bits/mman-shared.h b/sysdeps/unix/sysv/linux/bits/mman-shared.h +index 7715e680ca..d15ba95c9d 100644 +--- a/sysdeps/unix/sysv/linux/bits/mman-shared.h ++++ b/sysdeps/unix/sysv/linux/bits/mman-shared.h +@@ -61,7 +61,7 @@ int pkey_set (int __key, unsigned int __access_rights) __THROW; + + /* Return the access rights for the current thread for KEY, which must + have been allocated using pkey_alloc. */ +-int pkey_get (int _key) __THROW; ++int pkey_get (int __key) __THROW; + + /* Free an allocated protection key, which must have been allocated + using pkey_alloc. */ + +From 516fa6080481a1433c173320b1c1432868e1e38a Mon Sep 17 00:00:00 2001 +From: "Dmitry V. Levin" <ldv@altlinux.org> +Date: Fri, 29 Dec 2017 23:19:32 +0000 +Subject: [PATCH] linux/aarch64: sync sys/ptrace.h with Linux 4.15 [BZ #22433] + +Remove compat-specific constants that were never exported by kernel +headers under these names. Before linux commit v3.7-rc1~16^2~1 they +were exported with COMPAT_ prefix, and since that commit they are not +exported at all. + +* sysdeps/unix/sysv/linux/aarch64/sys/ptrace.h (__ptrace_request): +Remove arm-specific PTRACE_GET_THREAD_AREA, PTRACE_GETHBPREGS, +and PTRACE_SETHBPREGS. + +(cherry picked from commit 2fd4bbaa1446f1be700e10c526cf585a796c4991) + +diff --git a/sysdeps/unix/sysv/linux/aarch64/sys/ptrace.h b/sysdeps/unix/sysv/linux/aarch64/sys/ptrace.h +index 4be45b95ff..444edbb702 100644 +--- a/sysdeps/unix/sysv/linux/aarch64/sys/ptrace.h ++++ b/sysdeps/unix/sysv/linux/aarch64/sys/ptrace.h +@@ -78,18 +78,10 @@ enum __ptrace_request + PTRACE_DETACH = 17, + #define PT_DETACH PTRACE_DETACH + +- PTRACE_GET_THREAD_AREA = 22, +- + /* Continue and stop at the next entry to or return from syscall. */ + PTRACE_SYSCALL = 24, + #define PT_SYSCALL PTRACE_SYSCALL + +- /* Get all hardware breakpoint registers. */ +- PTRACE_GETHBPREGS = 29, +- +- /* Set all hardware breakpoint registers. */ +- PTRACE_SETHBPREGS = 30, +- + /* Set ptrace filter options. */ + PTRACE_SETOPTIONS = 0x4200, + #define PT_SETOPTIONS PTRACE_SETOPTIONS + +From f36553bf6a4f69070f99badbdab5802b43e6e211 Mon Sep 17 00:00:00 2001 +From: Mike FABIAN <mfabian@redhat.com> +Date: Mon, 19 Feb 2018 21:59:30 +0100 +Subject: [PATCH] =?UTF-8?q?Add=20missing=20=E2=80=9Creorder-end=E2=80=9D?= + =?UTF-8?q?=20in=20LC=5FCOLLATE=20of=20et=5FEE=20[BZ=20#22517]?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + + [BZ #22517] + * localedata/locales/et_EE (LC_COLLATE): add missing “reorder-end” + +(cherry picked from commit 7ec5f9465e732e668d0dc94ac078ba68056d6d0a) + +diff --git a/localedata/locales/et_EE b/localedata/locales/et_EE +index 9cb55b568f..bab7493c98 100644 +--- a/localedata/locales/et_EE ++++ b/localedata/locales/et_EE +@@ -103,6 +103,8 @@ reorder-after <w> + <U00FC> <u-diaresis>;<BAS>;<MIN>;IGNORE % ü + <U00DC> <u-diaresis>;<BAS>;<CAP>;IGNORE % Ü + ++reorder-end ++ + END LC_COLLATE + + LC_CTYPE + +From 7c6304182b9f422b782ace1cdd3efbde056aec36 Mon Sep 17 00:00:00 2001 +From: DJ Delorie <dj@redhat.com> +Date: Thu, 1 Mar 2018 23:20:45 -0500 +Subject: [PATCH] [BZ #22342] Fix netgroup cache keys. + +Unlike other nscd caches, the netgroup cache contains two types of +records - those for "iterate through a netgroup" (i.e. setnetgrent()) +and those for "is this user in this netgroup" (i.e. innetgr()), +i.e. full and partial records. The timeout code assumes these records +have the same key for the group name, so that the collection of records +that is "this netgroup" can be expired as a unit. + +However, the keys are not the same, as the in-netgroup key is generated +by nscd rather than being passed to it from elsewhere, and is generated +without the trailing NUL. All other keys have the trailing NUL, and as +noted in the linked BZ, debug statements confirm that two keys for the +same netgroup are added to the cache with two different lengths. + +The result of this is that as records in the cache expire, the purge +code only cleans out one of the two types of entries, resulting in +stale, possibly incorrect, and possibly inconsistent cache data. + +The patch simply includes the existing NUL in the computation for the +key length ('key' points to the char after the NUL, and 'group' to the +first char of the group, so 'key-group' includes the first char to the +NUL, inclusive). + + [BZ #22342] + * nscd/netgroupcache.c (addinnetgrX): Include trailing NUL in + key value. + +Reviewed-by: Carlos O'Donell <carlos@redhat.com> +(cherry picked from commit 1c81d55fc4b07b51adf68558ba74ce975153e580) + +diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c +index b832c9315f..2f187b208c 100644 +--- a/nscd/netgroupcache.c ++++ b/nscd/netgroupcache.c +@@ -480,7 +480,7 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req, + { + const char *group = key; + key = (char *) rawmemchr (key, '\0') + 1; +- size_t group_len = key - group - 1; ++ size_t group_len = key - group; + const char *host = *key++ ? key : NULL; + if (host != NULL) + key = (char *) rawmemchr (key, '\0') + 1; + +From 78a90c2f74a2012dd3eff302189e47ff6779a757 Mon Sep 17 00:00:00 2001 +From: Andreas Schwab <schwab@linux-m68k.org> +Date: Fri, 2 Mar 2018 23:07:14 +0100 +Subject: [PATCH] Fix multiple definitions of __nss_*_database (bug 22918) + +(cherry picked from commit eaf6753f8aac33a36deb98c1031d1bad7b593d2d) + +diff --git a/nscd/gai.c b/nscd/gai.c +index d081747797..576fd0045b 100644 +--- a/nscd/gai.c ++++ b/nscd/gai.c +@@ -45,3 +45,6 @@ + #ifdef HAVE_LIBIDN + # include <libidn/idn-stub.c> + #endif ++ ++/* Some variables normally defined in libc. */ ++service_user *__nss_hosts_database attribute_hidden; +diff --git a/nss/nsswitch.c b/nss/nsswitch.c +index d5e655974f..b0f0c11a3e 100644 +--- a/nss/nsswitch.c ++++ b/nss/nsswitch.c +@@ -62,7 +62,7 @@ static service_library *nss_new_service (name_database *database, + + /* Declare external database variables. */ + #define DEFINE_DATABASE(name) \ +- extern service_user *__nss_##name##_database attribute_hidden; \ ++ service_user *__nss_##name##_database attribute_hidden; \ + weak_extern (__nss_##name##_database) + #include "databases.def" + #undef DEFINE_DATABASE +diff --git a/nss/nsswitch.h b/nss/nsswitch.h +index eccb535ef5..63573b9ebc 100644 +--- a/nss/nsswitch.h ++++ b/nss/nsswitch.h +@@ -226,10 +226,10 @@ libc_hidden_proto (__nss_hostname_digits_dots) + #define MAX_NR_ADDRS 48 + + /* Prototypes for __nss_*_lookup2 functions. */ +-#define DEFINE_DATABASE(arg) \ +- service_user *__nss_##arg##_database attribute_hidden; \ +- int __nss_##arg##_lookup2 (service_user **, const char *, \ +- const char *, void **); \ ++#define DEFINE_DATABASE(arg) \ ++ extern service_user *__nss_##arg##_database attribute_hidden; \ ++ int __nss_##arg##_lookup2 (service_user **, const char *, \ ++ const char *, void **); \ + libc_hidden_proto (__nss_##arg##_lookup2) + #include "databases.def" + #undef DEFINE_DATABASE +diff --git a/posix/tst-rfc3484-2.c b/posix/tst-rfc3484-2.c +index f509534ca9..8c64ac59ff 100644 +--- a/posix/tst-rfc3484-2.c ++++ b/posix/tst-rfc3484-2.c +@@ -58,6 +58,7 @@ _res_hconf_init (void) + #undef USE_NSCD + #include "../sysdeps/posix/getaddrinfo.c" + ++service_user *__nss_hosts_database attribute_hidden; + + /* This is the beginning of the real test code. The above defines + (among other things) the function rfc3484_sort. */ +diff --git a/posix/tst-rfc3484-3.c b/posix/tst-rfc3484-3.c +index ae44087a10..1c61aaf844 100644 +--- a/posix/tst-rfc3484-3.c ++++ b/posix/tst-rfc3484-3.c +@@ -58,6 +58,7 @@ _res_hconf_init (void) + #undef USE_NSCD + #include "../sysdeps/posix/getaddrinfo.c" + ++service_user *__nss_hosts_database attribute_hidden; + + /* This is the beginning of the real test code. The above defines + (among other things) the function rfc3484_sort. */ +diff --git a/posix/tst-rfc3484.c b/posix/tst-rfc3484.c +index 7f191abbbc..8f45848e44 100644 +--- a/posix/tst-rfc3484.c ++++ b/posix/tst-rfc3484.c +@@ -58,6 +58,7 @@ _res_hconf_init (void) + #undef USE_NSCD + #include "../sysdeps/posix/getaddrinfo.c" + ++service_user *__nss_hosts_database attribute_hidden; + + /* This is the beginning of the real test code. The above defines + (among other things) the function rfc3484_sort. */ + +From 1e52d8e65a58c49a48549053a1b89c06240e0c6c Mon Sep 17 00:00:00 2001 +From: Adhemerval Zanella <adhemerval.zanella@linaro.org> +Date: Fri, 17 Nov 2017 16:04:29 -0200 +Subject: [PATCH] i386: Fix i386 sigaction sa_restorer initialization + (BZ#21269) + +This patch fixes the i386 sa_restorer field initialization for sigaction +syscall for kernel with vDSO. As described in bug report, i386 Linux +(and compat on x86_64) interprets SA_RESTORER clear with nonzero +sa_restorer as a request for stack switching if the SS segment is 'funny'. +This means that anything that tries to mix glibc's signal handling with +segmentation (for instance through modify_ldt syscall) is randomly broken +depending on what values lands in sa_restorer. + +The testcase added is based on Linux test tools/testing/selftests/x86/ldt_gdt.c, +more specifically in do_multicpu_tests function. The main changes are: + + - C11 atomics instead of plain access. + + - Remove x86_64 support which simplifies the syscall handling and fallbacks. + + - Replicate only the test required to trigger the issue. + +Checked on i686-linux-gnu. + + [BZ #21269] + * sysdeps/unix/sysv/linux/i386/Makefile (tests): Add tst-bz21269. + * sysdeps/unix/sysv/linux/i386/sigaction.c (SET_SA_RESTORER): Clear + sa_restorer for vDSO case. + * sysdeps/unix/sysv/linux/i386/tst-bz21269.c: New file. + +(cherry picked from commit 68448be208ee06e76665918b37b0a57e3e00c8b4) + +diff --git a/sysdeps/unix/sysv/linux/i386/Makefile b/sysdeps/unix/sysv/linux/i386/Makefile +index 4080b8c966..da716e2c1b 100644 +--- a/sysdeps/unix/sysv/linux/i386/Makefile ++++ b/sysdeps/unix/sysv/linux/i386/Makefile +@@ -3,6 +3,9 @@ default-abi := 32 + + ifeq ($(subdir),misc) + sysdep_routines += ioperm iopl vm86 ++ ++tests += tst-bz21269 ++$(objpfx)tst-bz21269: $(shared-thread-library) + endif + + ifeq ($(subdir),elf) +diff --git a/sysdeps/unix/sysv/linux/i386/sigaction.c b/sysdeps/unix/sysv/linux/i386/sigaction.c +index a5eb9e0d3e..177ff60ee6 100644 +--- a/sysdeps/unix/sysv/linux/i386/sigaction.c ++++ b/sysdeps/unix/sysv/linux/i386/sigaction.c +@@ -42,7 +42,6 @@ extern void restore_rt (void) asm ("__restore_rt") attribute_hidden; + #endif + extern void restore (void) asm ("__restore") attribute_hidden; + +- + /* If ACT is not NULL, change the action for SIG to *ACT. + If OACT is not NULL, put the old action for SIG in *OACT. */ + int +@@ -65,6 +64,8 @@ __libc_sigaction (int sig, const struct sigaction *act, struct sigaction *oact) + kact.sa_restorer = ((act->sa_flags & SA_SIGINFO) + ? &restore_rt : &restore); + } ++ else ++ kact.sa_restorer = NULL; + } + + /* XXX The size argument hopefully will have to be changed to the +diff --git a/sysdeps/unix/sysv/linux/i386/tst-bz21269.c b/sysdeps/unix/sysv/linux/i386/tst-bz21269.c +new file mode 100644 +index 0000000000..353e36507d +--- /dev/null ++++ b/sysdeps/unix/sysv/linux/i386/tst-bz21269.c +@@ -0,0 +1,233 @@ ++/* Test for i386 sigaction sa_restorer handling (BZ#21269) ++ Copyright (C) 2017 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <http://www.gnu.org/licenses/>. */ ++ ++/* This is based on Linux test tools/testing/selftests/x86/ldt_gdt.c, ++ more specifically in do_multicpu_tests function. The main changes ++ are: ++ ++ - C11 atomics instead of plain access. ++ - Remove x86_64 support which simplifies the syscall handling ++ and fallbacks. ++ - Replicate only the test required to trigger the issue for the ++ BZ#21269. */ ++ ++#include <stdatomic.h> ++ ++#include <asm/ldt.h> ++#include <linux/futex.h> ++ ++#include <setjmp.h> ++#include <signal.h> ++#include <errno.h> ++#include <sys/syscall.h> ++#include <sys/mman.h> ++ ++#include <support/xunistd.h> ++#include <support/check.h> ++#include <support/xthread.h> ++ ++static int ++xset_thread_area (struct user_desc *u_info) ++{ ++ long ret = syscall (SYS_set_thread_area, u_info); ++ TEST_VERIFY_EXIT (ret == 0); ++ return ret; ++} ++ ++static void ++xmodify_ldt (int func, const void *ptr, unsigned long bytecount) ++{ ++ TEST_VERIFY_EXIT (syscall (SYS_modify_ldt, 1, ptr, bytecount) == 0); ++} ++ ++static int ++futex (int *uaddr, int futex_op, int val, void *timeout, int *uaddr2, ++ int val3) ++{ ++ return syscall (SYS_futex, uaddr, futex_op, val, timeout, uaddr2, val3); ++} ++ ++static void ++xsethandler (int sig, void (*handler)(int, siginfo_t *, void *), int flags) ++{ ++ struct sigaction sa = { 0 }; ++ sa.sa_sigaction = handler; ++ sa.sa_flags = SA_SIGINFO | flags; ++ TEST_VERIFY_EXIT (sigemptyset (&sa.sa_mask) == 0); ++ TEST_VERIFY_EXIT (sigaction (sig, &sa, 0) == 0); ++} ++ ++static jmp_buf jmpbuf; ++ ++static void ++sigsegv_handler (int sig, siginfo_t *info, void *ctx_void) ++{ ++ siglongjmp (jmpbuf, 1); ++} ++ ++/* Points to an array of 1024 ints, each holding its own index. */ ++static const unsigned int *counter_page; ++static struct user_desc *low_user_desc; ++static struct user_desc *low_user_desc_clear; /* Used to delete GDT entry. */ ++static int gdt_entry_num; ++ ++static void ++setup_counter_page (void) ++{ ++ long page_size = sysconf (_SC_PAGE_SIZE); ++ TEST_VERIFY_EXIT (page_size > 0); ++ unsigned int *page = xmmap (NULL, page_size, PROT_READ | PROT_WRITE, ++ MAP_ANONYMOUS | MAP_PRIVATE | MAP_32BIT, -1); ++ for (int i = 0; i < (page_size / sizeof (unsigned int)); i++) ++ page[i] = i; ++ counter_page = page; ++} ++ ++static void ++setup_low_user_desc (void) ++{ ++ low_user_desc = xmmap (NULL, 2 * sizeof (struct user_desc), ++ PROT_READ | PROT_WRITE, ++ MAP_ANONYMOUS | MAP_PRIVATE | MAP_32BIT, -1); ++ ++ low_user_desc->entry_number = -1; ++ low_user_desc->base_addr = (unsigned long) &counter_page[1]; ++ low_user_desc->limit = 0xffff; ++ low_user_desc->seg_32bit = 1; ++ low_user_desc->contents = 0; ++ low_user_desc->read_exec_only = 0; ++ low_user_desc->limit_in_pages = 1; ++ low_user_desc->seg_not_present = 0; ++ low_user_desc->useable = 0; ++ ++ xset_thread_area (low_user_desc); ++ ++ low_user_desc_clear = low_user_desc + 1; ++ low_user_desc_clear->entry_number = gdt_entry_num; ++ low_user_desc_clear->read_exec_only = 1; ++ low_user_desc_clear->seg_not_present = 1; ++} ++ ++/* Possible values of futex: ++ 0: thread is idle. ++ 1: thread armed. ++ 2: thread should clear LDT entry 0. ++ 3: thread should exit. */ ++static atomic_uint ftx; ++ ++static void * ++threadproc (void *ctx) ++{ ++ while (1) ++ { ++ futex ((int *) &ftx, FUTEX_WAIT, 1, NULL, NULL, 0); ++ while (atomic_load (&ftx) != 2) ++ { ++ if (atomic_load (&ftx) >= 3) ++ return NULL; ++ } ++ ++ /* clear LDT entry 0. */ ++ const struct user_desc desc = { 0 }; ++ xmodify_ldt (1, &desc, sizeof (desc)); ++ ++ /* If ftx == 2, set it to zero, If ftx == 100, quit. */ ++ if (atomic_fetch_add (&ftx, -2) != 2) ++ return NULL; ++ } ++} ++ ++ ++/* As described in testcase, for historical reasons x86_32 Linux (and compat ++ on x86_64) interprets SA_RESTORER clear with nonzero sa_restorer as a ++ request for stack switching if the SS segment is 'funny' (this is default ++ scenario for vDSO system). This means that anything that tries to mix ++ signal handling with segmentation should explicit clear the sa_restorer. ++ ++ This testcase check if sigaction in fact does it by changing the local ++ descriptor table (LDT) through the modify_ldt syscall and triggering ++ a synchronous segfault on iret fault by trying to install an invalid ++ segment. With a correct zeroed sa_restorer it should not trigger an ++ 'real' SEGSEGV and allows the siglongjmp in signal handler. */ ++ ++static int ++do_test (void) ++{ ++ setup_counter_page (); ++ setup_low_user_desc (); ++ ++ pthread_t thread; ++ unsigned short orig_ss; ++ ++ xsethandler (SIGSEGV, sigsegv_handler, 0); ++ /* 32-bit kernels send SIGILL instead of SIGSEGV on IRET faults. */ ++ xsethandler (SIGILL, sigsegv_handler, 0); ++ ++ thread = xpthread_create (0, threadproc, 0); ++ ++ asm volatile ("mov %%ss, %0" : "=rm" (orig_ss)); ++ ++ for (int i = 0; i < 5; i++) ++ { ++ if (sigsetjmp (jmpbuf, 1) != 0) ++ continue; ++ ++ /* Make sure the thread is ready after the last test. */ ++ while (atomic_load (&ftx) != 0) ++ ; ++ ++ struct user_desc desc = { ++ .entry_number = 0, ++ .base_addr = 0, ++ .limit = 0xffff, ++ .seg_32bit = 1, ++ .contents = 0, ++ .read_exec_only = 0, ++ .limit_in_pages = 1, ++ .seg_not_present = 0, ++ .useable = 0 ++ }; ++ ++ xmodify_ldt (0x11, &desc, sizeof (desc)); ++ ++ /* Arm the thread. */ ++ ftx = 1; ++ futex ((int*) &ftx, FUTEX_WAKE, 0, NULL, NULL, 0); ++ ++ asm volatile ("mov %0, %%ss" : : "r" (0x7)); ++ ++ /* Fire up thread modify_ldt call. */ ++ atomic_store (&ftx, 2); ++ ++ while (atomic_load (&ftx) != 0) ++ ; ++ ++ /* On success, modify_ldt will segfault us synchronously and we will ++ escape via siglongjmp. */ ++ support_record_failure (); ++ } ++ ++ atomic_store (&ftx, 100); ++ futex ((int*) &ftx, FUTEX_WAKE, 0, NULL, NULL, 0); ++ ++ xpthread_join (thread); ++ ++ return 0; ++} ++ ++#include <support/test-driver.c> + +From 55ad82e45c313454de657931898e974a7a036cad Mon Sep 17 00:00:00 2001 +From: Andrew Senkevich <andrew.n.senkevich@gmail.com> +Date: Fri, 23 Mar 2018 16:19:45 +0100 +Subject: [PATCH] Fix i386 memmove issue (bug 22644). + + [BZ #22644] + * sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S: Fixed + branch conditions. + * string/test-memmove.c (do_test2): New testcase. + +(cherry picked from commit cd66c0e584c6d692bc8347b5e72723d02b8a8ada) + +diff --git a/string/test-memmove.c b/string/test-memmove.c +index edc7a4c3bf..64e3651ba4 100644 +--- a/string/test-memmove.c ++++ b/string/test-memmove.c +@@ -24,6 +24,7 @@ + # define TEST_NAME "memmove" + #endif + #include "test-string.h" ++#include <support/test-driver.h> + + char *simple_memmove (char *, const char *, size_t); + +@@ -245,6 +246,60 @@ do_random_tests (void) + } + } + ++static void ++do_test2 (void) ++{ ++ size_t size = 0x20000000; ++ uint32_t * large_buf; ++ ++ large_buf = mmap ((void*) 0x70000000, size, PROT_READ | PROT_WRITE, ++ MAP_PRIVATE | MAP_ANON, -1, 0); ++ ++ if (large_buf == MAP_FAILED) ++ error (EXIT_UNSUPPORTED, errno, "Large mmap failed"); ++ ++ if ((uintptr_t) large_buf > 0x80000000 - 128 ++ || 0x80000000 - (uintptr_t) large_buf > 0x20000000) ++ { ++ error (0, 0, "Large mmap allocated improperly"); ++ ret = EXIT_UNSUPPORTED; ++ munmap ((void *) large_buf, size); ++ return; ++ } ++ ++ size_t bytes_move = 0x80000000 - (uintptr_t) large_buf; ++ size_t arr_size = bytes_move / sizeof (uint32_t); ++ size_t i; ++ ++ FOR_EACH_IMPL (impl, 0) ++ { ++ for (i = 0; i < arr_size; i++) ++ large_buf[i] = (uint32_t) i; ++ ++ uint32_t * dst = &large_buf[33]; ++ ++#ifdef TEST_BCOPY ++ CALL (impl, (char *) large_buf, (char *) dst, bytes_move); ++#else ++ CALL (impl, (char *) dst, (char *) large_buf, bytes_move); ++#endif ++ ++ for (i = 0; i < arr_size; i++) ++ { ++ if (dst[i] != (uint32_t) i) ++ { ++ error (0, 0, ++ "Wrong result in function %s dst \"%p\" src \"%p\" offset \"%zd\"", ++ impl->name, dst, large_buf, i); ++ ret = 1; ++ break; ++ } ++ } ++ } ++ ++ munmap ((void *) large_buf, size); ++} ++ + int + test_main (void) + { +@@ -284,6 +339,9 @@ test_main (void) + } + + do_random_tests (); ++ ++ do_test2 (); ++ + return ret; + } + +diff --git a/sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S b/sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S +index 9c3bbe7e17..9aa17de99c 100644 +--- a/sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S ++++ b/sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S +@@ -72,7 +72,7 @@ ENTRY (MEMCPY) + cmp %edx, %eax + + # ifdef USE_AS_MEMMOVE +- jg L(check_forward) ++ ja L(check_forward) + + L(mm_len_0_or_more_backward): + /* Now do checks for lengths. We do [0..16], [16..32], [32..64], [64..128] +@@ -81,7 +81,7 @@ L(mm_len_0_or_more_backward): + jbe L(mm_len_0_16_bytes_backward) + + cmpl $32, %ecx +- jg L(mm_len_32_or_more_backward) ++ ja L(mm_len_32_or_more_backward) + + /* Copy [0..32] and return. */ + movdqu (%eax), %xmm0 +@@ -92,7 +92,7 @@ L(mm_len_0_or_more_backward): + + L(mm_len_32_or_more_backward): + cmpl $64, %ecx +- jg L(mm_len_64_or_more_backward) ++ ja L(mm_len_64_or_more_backward) + + /* Copy [0..64] and return. */ + movdqu (%eax), %xmm0 +@@ -107,7 +107,7 @@ L(mm_len_32_or_more_backward): + + L(mm_len_64_or_more_backward): + cmpl $128, %ecx +- jg L(mm_len_128_or_more_backward) ++ ja L(mm_len_128_or_more_backward) + + /* Copy [0..128] and return. */ + movdqu (%eax), %xmm0 +@@ -132,7 +132,7 @@ L(mm_len_128_or_more_backward): + add %ecx, %eax + cmp %edx, %eax + movl SRC(%esp), %eax +- jle L(forward) ++ jbe L(forward) + PUSH (%esi) + PUSH (%edi) + PUSH (%ebx) +@@ -269,7 +269,7 @@ L(check_forward): + add %edx, %ecx + cmp %eax, %ecx + movl LEN(%esp), %ecx +- jle L(forward) ++ jbe L(forward) + + /* Now do checks for lengths. We do [0..16], [0..32], [0..64], [0..128] + separately. */ diff --git a/gnu/packages/patches/glibc-bootstrap-system.patch b/gnu/packages/patches/glibc-bootstrap-system.patch index 2f8e7da7e1..addeed6dbd 100644 --- a/gnu/packages/patches/glibc-bootstrap-system.patch +++ b/gnu/packages/patches/glibc-bootstrap-system.patch @@ -15,16 +15,16 @@ instead uses the hard-coded absolute file name of `bash'. } else if (pid < (pid_t) 0) ---- b/libio/iopopen.c 2012-06-30 21:12:34.000000000 +0200 -+++ b/libio/iopopen.c 2012-12-19 12:52:29.000000000 +0100 -@@ -226,7 +226,7 @@ _IO_new_proc_open (fp, command, mode) - _IO_close (fd); +--- a/libio/iopopen.c ++++ b/libio/iopopen.c +@@ -145,7 +145,7 @@ _IO_new_proc_open (fp, command, mode) + __close_nocancel (fd); } -- _IO_execl ("/bin/sh", "sh", "-c", command, (char *) 0); +- execl ("/bin/sh", "sh", "-c", command, (char *) 0); + execlp ("sh", "sh", "-c", command, (char *) 0); - _IO__exit (127); + _exit (127); } - _IO_close (child_end); + __close_nocancel (child_end); diff --git a/gnu/packages/patches/glibc-hidden-visibility-ldconfig.patch b/gnu/packages/patches/glibc-hidden-visibility-ldconfig.patch new file mode 100644 index 0000000000..c796946d7e --- /dev/null +++ b/gnu/packages/patches/glibc-hidden-visibility-ldconfig.patch @@ -0,0 +1,16 @@ +Fix a regression in glibc 2.27 when built without ldconfig. See +<https://sourceware.org/bugzilla/show_bug.cgi?id=22977> for details. + +diff --git a/include/libc-symbols.h b/include/libc-symbols.h +index 6137304b0b..7d630f36d8 100644 +--- a/include/libc-symbols.h ++++ b/include/libc-symbols.h +@@ -508,7 +508,7 @@ for linking") + # ifndef __ASSEMBLER__ + # if !defined SHARED && IS_IN (libc) && !defined LIBC_NONSHARED \ + && (!defined PIC || !defined NO_HIDDEN_EXTERN_FUNC_IN_PIE) \ +- && !defined NO_HIDDEN ++ && !defined NO_HIDDEN && defined USE_LDCONFIG + # define __hidden_proto_hiddenattr(attrs...) \ + __attribute__ ((visibility ("hidden"), ##attrs)) + # define hidden_proto(name, attrs...) \ diff --git a/gnu/packages/patches/glibc-locales.patch b/gnu/packages/patches/glibc-locales.patch index 3a125e845e..31ee6c1ff3 100644 --- a/gnu/packages/patches/glibc-locales.patch +++ b/gnu/packages/patches/glibc-locales.patch @@ -9,9 +9,9 @@ in a package separate from glibc. place, and because otherwise, 'localedef' fails with: "cannot write output files to `(null)'". ---- glibc-2.22/localedata/Makefile 1970-01-01 01:00:00.000000000 +0100 -+++ glibc-2.22/localedata/Makefile 2015-09-25 14:18:34.698941752 +0200 -@@ -195,7 +195,7 @@ INSTALL-SUPPORTED-LOCALES=$(addprefix in +--- glibc-2.27/localedata/Makefile ++++ glibc-2.27/localedata/Makefile +@@ -199,7 +199,7 @@ INSTALL-SUPPORTED-LOCALES=$(addprefix install-, $(SUPPORTED-LOCALES)) # Sometimes the whole collection of locale files should be installed. LOCALEDEF=I18NPATH=. GCONV_PATH=$(common-objpfx)iconvdata LC_ALL=C \ @@ -20,10 +20,10 @@ in a package separate from glibc. install-locales: $(INSTALL-SUPPORTED-LOCALES) install-locales-dir: -@@ -212,7 +212,7 @@ $(INSTALL-SUPPORTED-LOCALES): install-lo +@@ -224,7 +224,7 @@ $(INSTALL-SUPPORTED-LOCALES): install-locales-dir input=`echo $$locale | sed 's/\([^.]*\)[^@]*\(.*\)/\1\2/'`; \ - $(LOCALEDEF) --alias-file=../intl/locale.alias \ - -i locales/$$input -c -f charmaps/$$charset \ + $(LOCALEDEF) $$flags --alias-file=../intl/locale.alias \ + -i locales/$$input -f charmaps/$$charset \ - $(addprefix --prefix=,$(install_root)) $$locale \ + $(addprefix --prefix=,$(install_root)) $(inst_complocaledir)/$$locale \ && echo ' done'; \ diff --git a/gnu/packages/patches/glibc-reinstate-prlimit64-fallback.patch b/gnu/packages/patches/glibc-reinstate-prlimit64-fallback.patch new file mode 100644 index 0000000000..ccc153c12a --- /dev/null +++ b/gnu/packages/patches/glibc-reinstate-prlimit64-fallback.patch @@ -0,0 +1,127 @@ +This patch reinstates fallback code when the 'prlimit64' system call is +missing by reverting the relevant part of this upstream commit: + + commit 695d7d138eda449678a1650a8b8b58181033353f + Author: Joseph Myers <joseph@codesourcery.com> + Date: Tue May 9 14:05:09 2017 +0000 + + Assume prlimit64 is available. + +The fallback code is useful on systems that lack 'prlimit64', such as the +2.6.32-on-steroid kernel found on RHEL 6: + + <https://lists.gnu.org/archive/html/guix-devel/2018-03/msg00349.html> + +diff --git a/sysdeps/unix/sysv/linux/getrlimit64.c b/sysdeps/unix/sysv/linux/getrlimit64.c +index 37c173286f..56af3c0646 100644 +--- b/sysdeps/unix/sysv/linux/getrlimit64.c ++++ a/sysdeps/unix/sysv/linux/getrlimit64.c +@@ -35,7 +35,40 @@ + int + __getrlimit64 (enum __rlimit_resource resource, struct rlimit64 *rlimits) + { +- return INLINE_SYSCALL_CALL (prlimit64, 0, resource, NULL, rlimits); ++#ifdef __NR_prlimit64 ++ int res = INLINE_SYSCALL_CALL (prlimit64, 0, resource, NULL, rlimits); ++ if (res == 0 || errno != ENOSYS) ++ return res; ++#endif ++ ++/* The fallback code only makes sense if the platform supports either ++ __NR_ugetrlimit and/or __NR_getrlimit. */ ++#if defined (__NR_ugetrlimit) || defined (__NR_getrlimit) ++# ifndef __NR_ugetrlimit ++# define __NR_ugetrlimit __NR_getrlimit ++# endif ++# if __RLIM_T_MATCHES_RLIM64_T ++# define rlimits32 (*rlimits) ++# else ++ struct rlimit rlimits32; ++# endif ++ ++ if (INLINE_SYSCALL_CALL (ugetrlimit, resource, &rlimits32) < 0) ++ return -1; ++ ++# if !__RLIM_T_MATCHES_RLIM64_T ++ if (rlimits32.rlim_cur == RLIM_INFINITY) ++ rlimits->rlim_cur = RLIM64_INFINITY; ++ else ++ rlimits->rlim_cur = rlimits32.rlim_cur; ++ if (rlimits32.rlim_max == RLIM_INFINITY) ++ rlimits->rlim_max = RLIM64_INFINITY; ++ else ++ rlimits->rlim_max = rlimits32.rlim_max; ++# endif /* !__RLIM_T_MATCHES_RLIM64_T */ ++#endif /* defined (__NR_ugetrlimit) || defined (__NR_getrlimit) */ ++ ++ return 0; + } + libc_hidden_def (__getrlimit64) + +diff --git a/sysdeps/unix/sysv/linux/setrlimit.c b/sysdeps/unix/sysv/linux/setrlimit.c +index 01812ac355..8773c78236 100644 +--- b/sysdeps/unix/sysv/linux/setrlimit.c ++++ a/sysdeps/unix/sysv/linux/setrlimit.c +@@ -34,6 +34,7 @@ + int + __setrlimit (enum __rlimit_resource resource, const struct rlimit *rlim) + { ++# ifdef __NR_prlimit64 + struct rlimit64 rlim64; + + if (rlim->rlim_cur == RLIM_INFINITY) +@@ -45,7 +46,11 @@ + else + rlim64.rlim_max = rlim->rlim_max; + +- return INLINE_SYSCALL_CALL (prlimit64, 0, resource, &rlim64, NULL); ++ int res = INLINE_SYSCALL_CALL (prlimit64, 0, resource, &rlim64, NULL); ++ if (res == 0 || errno != ENOSYS) ++ return res; ++# endif ++ return INLINE_SYSCALL_CALL (setrlimit, resource, rlim); + } + + # if SHLIB_COMPAT (libc, GLIBC_2_0, GLIBC_2_2) +diff --git a/sysdeps/unix/sysv/linux/setrlimit64.c b/sysdeps/unix/sysv/linux/setrlimit64.c +index 2dd129d99e..db1960fc18 100644 +--- b/sysdeps/unix/sysv/linux/setrlimit64.c ++++ a/sysdeps/unix/sysv/linux/setrlimit64.c +@@ -36,7 +36,36 @@ + int + __setrlimit64 (enum __rlimit_resource resource, const struct rlimit64 *rlimits) + { +- return INLINE_SYSCALL_CALL (prlimit64, 0, resource, rlimits, NULL); ++ int res; ++ ++#ifdef __NR_prlimit64 ++ res = INLINE_SYSCALL_CALL (prlimit64, 0, resource, rlimits, NULL); ++ if (res == 0 || errno != ENOSYS) ++ return res; ++#endif ++ ++/* The fallback code only makes sense if the platform supports ++ __NR_setrlimit. */ ++#ifdef __NR_setrlimit ++# if !__RLIM_T_MATCHES_RLIM64_T ++ struct rlimit rlimits32; ++ ++ if (rlimits->rlim_cur >= RLIM_INFINITY) ++ rlimits32.rlim_cur = RLIM_INFINITY; ++ else ++ rlimits32.rlim_cur = rlimits->rlim_cur; ++ if (rlimits->rlim_max >= RLIM_INFINITY) ++ rlimits32.rlim_max = RLIM_INFINITY; ++ else ++ rlimits32.rlim_max = rlimits->rlim_max; ++# else ++# define rlimits32 (*rlimits) ++# endif ++ ++ res = INLINE_SYSCALL_CALL (setrlimit, resource, &rlimits32); ++#endif ++ ++ return res; + } + weak_alias (__setrlimit64, setrlimit64) + diff --git a/gnu/packages/patches/gnupg-1.4-CVE-2018-12020.patch b/gnu/packages/patches/gnupg-1.4-CVE-2018-12020.patch new file mode 100644 index 0000000000..306d4d348b --- /dev/null +++ b/gnu/packages/patches/gnupg-1.4-CVE-2018-12020.patch @@ -0,0 +1,50 @@ +Fix CVE-2018-12020: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12020 +https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html + +Patch copied from upstream source repository: + +https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2326851c60793653069494379b16d84e4c10a0ac + +From 2326851c60793653069494379b16d84e4c10a0ac Mon Sep 17 00:00:00 2001 +From: Werner Koch <wk@gnupg.org> +Date: Fri, 8 Jun 2018 10:45:21 +0200 +Subject: [PATCH] gpg: Sanitize diagnostic with the original file name. + +* g10/mainproc.c (proc_plaintext): Sanitize verbose output. +-- + +This fixes a forgotten sanitation of user supplied data in a verbose +mode diagnostic. The mention CVE is about using this to inject +status-fd lines into the stderr output. Other harm good as well be +done. Note that GPGME based applications are not affected because +GPGME does not fold status output into stderr. + +CVE-id: CVE-2018-12020 +GnuPG-bug-id: 4012 +(cherry picked from commit 13f135c7a252cc46cff96e75968d92b6dc8dce1b) +--- + g10/mainproc.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/g10/mainproc.c b/g10/mainproc.c +index 33a654b34..ffa7ef6d8 100644 +--- a/g10/mainproc.c ++++ b/g10/mainproc.c +@@ -638,7 +638,11 @@ proc_plaintext( CTX c, PACKET *pkt ) + if( pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8 ) ) + log_info(_("NOTE: sender requested \"for-your-eyes-only\"\n")); + else if( opt.verbose ) +- log_info(_("original file name='%.*s'\n"), pt->namelen, pt->name); ++ { ++ char *tmp = make_printable_string (pt->name, pt->namelen, 0); ++ log_info (_("original file name='%.*s'\n"), (int)strlen (tmp), tmp); ++ xfree (tmp); ++ } + free_md_filter_context( &c->mfx ); + c->mfx.md = md_open( 0, 0); + /* fixme: we may need to push the textfilter if we have sigclass 1 +-- +2.17.1 + diff --git a/gnu/packages/patches/graphite2-ffloat-store.patch b/gnu/packages/patches/graphite2-ffloat-store.patch deleted file mode 100644 index f6ee56973e..0000000000 --- a/gnu/packages/patches/graphite2-ffloat-store.patch +++ /dev/null @@ -1,34 +0,0 @@ -Fix test failures of awamicmp1 and awamicmp2. - -Debian bug report: - -https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855814 - -Patch adapted from upstream source repository: - -https://github.com/silnrsi/graphite/commit/f7bbdd87d510d587c872e314d6458160c0069c65 - -From f7bbdd87d510d587c872e314d6458160c0069c65 Mon Sep 17 00:00:00 2001 -From: Martin Hosken <martin_hosken@sil.org> -Date: Tue, 14 Feb 2017 17:00:03 +0000 -Subject: [PATCH] try -ffloat-store for fp stability. Remove nested const to - work around VS bug - ---- - src/CMakeLists.txt | 2 +- - src/inc/locale2lcid.h | 4 ++-- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt -index 4f1e7e5..5b61b5c 100644 ---- a/src/CMakeLists.txt -+++ b/src/CMakeLists.txt -@@ -108,7 +108,7 @@ set_target_properties(graphite2 PROPERTIES PUBLIC_HEADER "${GRAPHITE_HEADERS}" - - if (${CMAKE_SYSTEM_NAME} STREQUAL "Linux") - set_target_properties(graphite2 PROPERTIES -- COMPILE_FLAGS "-Wall -Wextra -Wno-unknown-pragmas -Wendif-labels -Wshadow -Wctor-dtor-privacy -Wnon-virtual-dtor -fno-rtti -fno-exceptions -fvisibility=hidden -fvisibility-inlines-hidden -fno-stack-protector" -+ COMPILE_FLAGS "-Wall -Wextra -Wno-unknown-pragmas -Wendif-labels -Wshadow -Wctor-dtor-privacy -Wnon-virtual-dtor -fno-rtti -fno-exceptions -fvisibility=hidden -fvisibility-inlines-hidden -fno-stack-protector -ffloat-store" - LINK_FLAGS "-nodefaultlibs ${GRAPHITE_LINK_FLAGS}" - LINKER_LANGUAGE C) - if (CMAKE_COMPILER_IS_GNUCXX) diff --git a/gnu/packages/patches/groovy-add-exceptionutilsgenerator.patch b/gnu/packages/patches/groovy-add-exceptionutilsgenerator.patch new file mode 100644 index 0000000000..df74bdbaba --- /dev/null +++ b/gnu/packages/patches/groovy-add-exceptionutilsgenerator.patch @@ -0,0 +1,98 @@ +From 3dbdc68093e90f0ef9b77b70490d8e0b1dcfbf8f Mon Sep 17 00:00:00 2001 +From: Julien Lepiller <julien@lepiller.eu> +Date: Sun, 17 Sep 2017 21:08:45 +0200 +Subject: [PATCH] Add ExceptionUtilsGenerator.java. + +A gradle task (in gradle/utils.gradle) is normally used to generate an +ExceptionUtils class. Since gradle depends on groovy, we cannot use it, so +we copy the code from the gradle task to a new file. Running this file then +generates the required class. +--- + .../codehaus/groovy/ExceptionUtilsGenerator.java | 75 ++++++++++++++++++++++ + 1 file changed, 75 insertions(+) + create mode 100644 config/ant/src/org/codehaus/groovy/ExceptionUtilsGenerator.java + +diff --git a/config/ant/src/org/codehaus/groovy/ExceptionUtilsGenerator.java b/config/ant/src/org/codehaus/groovy/ExceptionUtilsGenerator.java +new file mode 100644 +index 0000000..41f006d +--- /dev/null ++++ b/config/ant/src/org/codehaus/groovy/ExceptionUtilsGenerator.java +@@ -0,0 +1,75 @@ ++package org.codehaus.groovy; ++ ++import org.objectweb.asm.*; ++ ++import java.io.BufferedOutputStream; ++import java.io.File; ++import java.io.FileOutputStream; ++import java.io.IOException; ++import java.util.logging.Logger; ++ ++public class ExceptionUtilsGenerator implements Opcodes { ++ private final static Logger LOGGER = Logger.getLogger(ExceptionUtilsGenerator.class.getName()); ++ ++ public static void main(String... args) { ++ if (args==null || args.length==0) { ++ throw new IllegalArgumentException("You must specify at least one file"); ++ } ++ ++ ClassWriter cw = new ClassWriter(0); ++ MethodVisitor mv; ++ ++ cw.visit(V1_5, ACC_PUBLIC + ACC_SUPER, "org/codehaus/groovy/runtime/ExceptionUtils", null, "java/lang/Object", null); ++ ++ cw.visitSource("ExceptionUtils.java", null); ++ ++ mv = cw.visitMethod(ACC_PUBLIC, "<init>", "()V", null, null); ++ mv.visitCode(); ++ Label l0 = new Label(); ++ mv.visitLabel(l0); ++ mv.visitLineNumber(18, l0); ++ mv.visitVarInsn(ALOAD, 0); ++ mv.visitMethodInsn(INVOKESPECIAL, "java/lang/Object", "<init>", "()V"); ++ mv.visitInsn(RETURN); ++ Label l1 = new Label(); ++ mv.visitLabel(l1); ++ mv.visitLocalVariable("this", "Lorg/codehaus/groovy/runtime/ExceptionUtils;", null, l0, l1, 0); ++ mv.visitMaxs(1, 1); ++ mv.visitEnd(); ++ ++ mv = cw.visitMethod(ACC_PUBLIC + ACC_STATIC, "sneakyThrow", "(Ljava/lang/Throwable;)V", null, null); ++ mv.visitCode(); ++ Label l2 = new Label(); ++ mv.visitLabel(l2); ++ mv.visitLineNumber(20, l2); ++ mv.visitVarInsn(ALOAD, 0); ++ mv.visitInsn(ATHROW); ++ Label l3 = new Label(); ++ mv.visitLabel(l3); ++ mv.visitLocalVariable("e", "Ljava/lang/Throwable;", null, l2, l3, 0); ++ mv.visitMaxs(1, 1); ++ mv.visitEnd(); ++ ++ cw.visitEnd(); ++ ++ LOGGER.info("Generating ExceptionUtils"); ++ byte[] bytes = cw.toByteArray(); ++ for (String classFilePath : args) { ++ File classFile = new File(classFilePath); ++ if (classFile.getParentFile().exists() || classFile.getParentFile().mkdirs()) { ++ try { ++ if (classFile.exists()) { ++ classFile.delete(); ++ } ++ BufferedOutputStream bos = new BufferedOutputStream(new FileOutputStream(classFile)); ++ bos.write(bytes); ++ bos.close(); ++ } catch (IOException e) { ++ LOGGER.warning("Unable to write file "+classFile); ++ } ++ } else { ++ LOGGER.warning("Unable to create directory "+classFile.getParentFile()); ++ } ++ } ++ } ++} +-- +2.14.1 + diff --git a/gnu/packages/patches/guile-gdbm-ffi-support-gdbm-1.14.patch b/gnu/packages/patches/guile-gdbm-ffi-support-gdbm-1.14.patch new file mode 100644 index 0000000000..e6b578bdb7 --- /dev/null +++ b/gnu/packages/patches/guile-gdbm-ffi-support-gdbm-1.14.patch @@ -0,0 +1,53 @@ +From 1da99396dc65993ba34ac0370ca5d6acda6a3322 Mon Sep 17 00:00:00 2001 +From: Mark H Weaver <mhw@netris.org> +Date: Sun, 18 Mar 2018 07:02:37 -0400 +Subject: [PATCH] Add support for gdbm-1.14. + +As of gdbm-1.14, 'gdbm_errno' no longer exists as a binary interface. +It has been replaced by 'gdbm_errno_location', a function that returns +int*. We now use this new interface if it's available. +--- + gdbm.scm | 18 ++++++++++++++++-- + 1 file changed, 16 insertions(+), 2 deletions(-) + +diff --git a/gdbm.scm b/gdbm.scm +index b92992f..4d38cc3 100644 +--- a/gdbm.scm ++++ b/gdbm.scm +@@ -17,6 +17,9 @@ + ;; You should have received a copy of the GNU General Public License + ;; along with this program. If not, see <http://www.gnu.org/licenses/>. + ++;; Modified by Mark H Weaver <mhw@netris.org> in March 2018 to support ++;; gdbm-1.14 with its new 'gdbm_errno_location' interface. ++ + (define-module (gdbm) + #:use-module (system foreign) + #:use-module (rnrs bytevectors) +@@ -151,10 +154,21 @@ + + ;;; errors + +-(define %errno (dynamic-pointer "gdbm_errno" libgdbm)) ++(define %list-int ++ (list int)) ++ ++(define (dereference-int ptr) ++ (apply (lambda (errno) errno) ++ (parse-c-struct ptr %list-int))) ++ ++(define %errno-location ++ (or (false-if-exception ++ (let ((func (dynamic-func "gdbm_errno_location" libgdbm))) ++ (pointer->procedure '* func '()))) ++ (const (dynamic-pointer "gdbm_errno" libgdbm)))) + + (define (gdbm-errno) +- (pointer-address (dereference-pointer %errno))) ++ (dereference-int (%errno-location))) + + (define (gdbm-error) + (error (pointer->string (%gdbm-strerror (gdbm-errno))))) +-- +2.16.2 + diff --git a/gnu/packages/patches/heimdal-CVE-2017-11103.patch b/gnu/packages/patches/heimdal-CVE-2017-11103.patch deleted file mode 100644 index d76f0df369..0000000000 --- a/gnu/packages/patches/heimdal-CVE-2017-11103.patch +++ /dev/null @@ -1,45 +0,0 @@ -Fix CVE-2017-11103: - -https://orpheus-lyre.info/ -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11103 -https://security-tracker.debian.org/tracker/CVE-2017-11103 - -Patch lifted from upstream source repository: - -https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea - -From 6dd3eb836bbb80a00ffced4ad57077a1cdf227ea Mon Sep 17 00:00:00 2001 -From: Jeffrey Altman <jaltman@secure-endpoints.com> -Date: Wed, 12 Apr 2017 15:40:42 -0400 -Subject: [PATCH] CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation - -In _krb5_extract_ticket() the KDC-REP service name must be obtained from -encrypted version stored in 'enc_part' instead of the unencrypted version -stored in 'ticket'. Use of the unecrypted version provides an -opportunity for successful server impersonation and other attacks. - -Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams. - -Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c ---- - lib/krb5/ticket.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/lib/krb5/ticket.c b/lib/krb5/ticket.c -index d95d96d1b..b8d81c6ad 100644 ---- a/lib/krb5/ticket.c -+++ b/lib/krb5/ticket.c -@@ -705,8 +705,8 @@ _krb5_extract_ticket(krb5_context context, - /* check server referral and save principal */ - ret = _krb5_principalname2krb5_principal (context, - &tmp_principal, -- rep->kdc_rep.ticket.sname, -- rep->kdc_rep.ticket.realm); -+ rep->enc_part.sname, -+ rep->enc_part.srealm); - if (ret) - goto out; - if((flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH) == 0){ --- -2.13.3 - diff --git a/gnu/packages/patches/heimdal-CVE-2017-6594.patch b/gnu/packages/patches/heimdal-CVE-2017-6594.patch deleted file mode 100644 index 714af60304..0000000000 --- a/gnu/packages/patches/heimdal-CVE-2017-6594.patch +++ /dev/null @@ -1,85 +0,0 @@ -Fix CVE-2017-6594: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6594 -https://security-tracker.debian.org/tracker/CVE-2017-6594 - -Patch lifted from upstream source repository: - -https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837 - -To apply the patch to Heimdal 1.5.3 release tarball, the changes to 'NEWS' and -files in 'tests/' are removed, and hunk #4 of 'kdc/krb5tgs.c' is modified. - -From b1e699103f08d6a0ca46a122193c9da65f6cf837 Mon Sep 17 00:00:00 2001 -From: Viktor Dukhovni <viktor@twosigma.com> -Date: Wed, 10 Aug 2016 23:31:14 +0000 -Subject: [PATCH] Fix transit path validation CVE-2017-6594 - -Commit f469fc6 (2010-10-02) inadvertently caused the previous hop realm -to not be added to the transit path of issued tickets. This may, in -some cases, enable bypass of capath policy in Heimdal versions 1.5 -through 7.2. - -Note, this may break sites that rely on the bug. With the bug some -incomplete [capaths] worked, that should not have. These may now break -authentication in some cross-realm configurations. ---- - NEWS | 14 ++++++++++++++ - kdc/krb5tgs.c | 12 ++++++++++-- - tests/kdc/check-kdc.in | 17 +++++++++++++++++ - tests/kdc/krb5.conf.in | 4 ++++ - 4 files changed, 45 insertions(+), 2 deletions(-) - -diff --git a/kdc/krb5tgs.c b/kdc/krb5tgs.c -index 6048b9c55..98503812f 100644 ---- a/kdc/krb5tgs.c -+++ b/kdc/krb5tgs.c -@@ -655,8 +655,12 @@ fix_transited_encoding(krb5_context context, - "Decoding transited encoding"); - return ret; - } -+ -+ /* -+ * If the realm of the presented tgt is neither the client nor the server -+ * realm, it is a transit realm and must be added to transited set. -+ */ - if(strcmp(client_realm, tgt_realm) && strcmp(server_realm, tgt_realm)) { -- /* not us, so add the previous realm to transited set */ - if (num_realms + 1 > UINT_MAX/sizeof(*realms)) { - ret = ERANGE; - goto free_realms; -@@ -737,6 +741,7 @@ tgs_make_reply(krb5_context context, - const char *server_name, - hdb_entry_ex *client, - krb5_principal client_principal, -+ const char *tgt_realm, - hdb_entry_ex *krbtgt, - krb5_enctype krbtgt_etype, - krb5_principals spp, -@@ -798,7 +803,7 @@ tgs_make_reply(krb5_context context, - &tgt->transited, &et, - krb5_principal_get_realm(context, client_principal), - krb5_principal_get_realm(context, server->entry.principal), -- krb5_principal_get_realm(context, krbtgt->entry.principal)); -+ tgt_realm); - if(ret) - goto out; - -@@ -1519,4 +1524,6 @@ tgs_build_reply(krb5_context context, - krb5_keyblock sessionkey; - krb5_kvno kvno; - krb5_data rspac; -+ const char *tgt_realm = /* Realm of TGT issuer */ -+ krb5_principal_get_realm(context, krbtgt->entry.principal); - -@@ -2324,6 +2331,7 @@ server_lookup: - spn, - client, - cp, -+ tgt_realm, - krbtgt_out, - tkey_sign->key.keytype, - spp, --- -2.13.3 - diff --git a/gnu/packages/patches/icecat-CVE-2018-5157-and-CVE-2018-5158.patch b/gnu/packages/patches/icecat-CVE-2018-5157-and-CVE-2018-5158.patch new file mode 100644 index 0000000000..b776640133 --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2018-5157-and-CVE-2018-5158.patch @@ -0,0 +1,441 @@ +Based on <https://hg.mozilla.org/releases/mozilla-esr52/rev/608e76ec5ba2> +Adapted to apply cleanly to GNU IceCat. + +# HG changeset patch +# User Ryan VanderMeulen <ryanvm@gmail.com> +# Date 1523630807 14400 +# Node ID 608e76ec5ba25cec2271d2b400c7bce2d4c5ef79 +# Parent 10b7f43b536f93151201d44d304c991aa9af5d0c +Bug 1452075 - Backport some upstream pdf.js fixes to ESR52. r=bdahl, r=yury, a=RyanVM + +diff --git a/browser/extensions/pdfjs/content/PdfStreamConverter.jsm b/browser/extensions/pdfjs/content/PdfStreamConverter.jsm +--- a/browser/extensions/pdfjs/content/PdfStreamConverter.jsm ++++ b/browser/extensions/pdfjs/content/PdfStreamConverter.jsm +@@ -24,17 +24,18 @@ const Cc = Components.classes; + const Ci = Components.interfaces; + const Cr = Components.results; + const Cu = Components.utils; + // True only if this is the version of pdf.js that is included with icecat. + const MOZ_CENTRAL = JSON.parse('true'); + const PDFJS_EVENT_ID = 'pdf.js.message'; + const PDF_CONTENT_TYPE = 'application/pdf'; + const PREF_PREFIX = 'pdfjs'; +-const PDF_VIEWER_WEB_PAGE = 'resource://pdf.js/web/viewer.html'; ++const PDF_VIEWER_ORIGIN = "resource://pdf.js"; ++const PDF_VIEWER_WEB_PAGE = "resource://pdf.js/web/viewer.html"; + const MAX_NUMBER_OF_PREFS = 50; + const MAX_STRING_PREF_LENGTH = 128; + + Cu.import('resource://gre/modules/XPCOMUtils.jsm'); + Cu.import('resource://gre/modules/Services.jsm'); + Cu.import('resource://gre/modules/NetUtil.jsm'); + + XPCOMUtils.defineLazyModuleGetter(this, 'NetworkManager', +@@ -105,21 +106,25 @@ function log(aMsg) { + if (!getBoolPref(PREF_PREFIX + '.pdfBugEnabled', false)) { + return; + } + var msg = 'PdfStreamConverter.js: ' + (aMsg.join ? aMsg.join('') : aMsg); + Services.console.logStringMessage(msg); + dump(msg + '\n'); + } + +-function getDOMWindow(aChannel) { ++function getDOMWindow(aChannel, aPrincipal) { + var requestor = aChannel.notificationCallbacks ? + aChannel.notificationCallbacks : + aChannel.loadGroup.notificationCallbacks; + var win = requestor.getInterface(Components.interfaces.nsIDOMWindow); ++ // Ensure the window wasn't navigated to something that is not PDF.js. ++ if (!win.document.nodePrincipal.equals(aPrincipal)) { ++ return null; ++ } + return win; + } + + function getLocalizedStrings(path) { + var stringBundle = Cc['@mozilla.org/intl/stringbundle;1']. + getService(Ci.nsIStringBundleService). + createBundle('chrome://pdf.js/locale/' + path); + +@@ -627,31 +632,31 @@ var RangedChromeActions = (function Rang + data = this.dataListener.readData(); + + this.dataListener.onprogress = function (loaded, total) { + self.domWindow.postMessage({ + pdfjsLoadAction: 'progressiveRead', + loaded: loaded, + total: total, + chunk: self.dataListener.readData() +- }, '*'); ++ }, PDF_VIEWER_ORIGIN); + }; + this.dataListener.oncomplete = function () { + self.dataListener = null; + }; + } + + this.domWindow.postMessage({ + pdfjsLoadAction: 'supportsRangedLoading', + rangeEnabled: this.rangeEnabled, + streamingEnabled: this.streamingEnabled, + pdfUrl: this.pdfUrl, + length: this.contentLength, + data: data +- }, '*'); ++ }, PDF_VIEWER_ORIGIN); + + return true; + }; + + proto.requestDataRange = function RangedChromeActions_requestDataRange(args) { + if (!this.rangeEnabled) { + return; + } +@@ -663,23 +668,23 @@ var RangedChromeActions = (function Rang + // errors from chrome code for non-range requests, so this doesn't + // seem high-pri + this.networkManager.requestRange(begin, end, { + onDone: function RangedChromeActions_onDone(args) { + domWindow.postMessage({ + pdfjsLoadAction: 'range', + begin: args.begin, + chunk: args.chunk +- }, '*'); ++ }, PDF_VIEWER_ORIGIN); + }, + onProgress: function RangedChromeActions_onProgress(evt) { + domWindow.postMessage({ + pdfjsLoadAction: 'rangeProgress', + loaded: evt.loaded, +- }, '*'); ++ }, PDF_VIEWER_ORIGIN); + } + }); + }; + + proto.abortLoading = function RangedChromeActions_abortLoading() { + this.networkManager.abortAllRequests(); + if (this.originalRequest) { + this.originalRequest.cancel(Cr.NS_BINDING_ABORTED); +@@ -718,26 +723,26 @@ var StandardChromeActions = (function St + var self = this; + + this.dataListener.onprogress = function ChromeActions_dataListenerProgress( + loaded, total) { + self.domWindow.postMessage({ + pdfjsLoadAction: 'progress', + loaded: loaded, + total: total +- }, '*'); ++ }, PDF_VIEWER_ORIGIN); + }; + + this.dataListener.oncomplete = + function StandardChromeActions_dataListenerComplete(data, errorCode) { + self.domWindow.postMessage({ + pdfjsLoadAction: 'complete', + data: data, + errorCode: errorCode +- }, '*'); ++ }, PDF_VIEWER_ORIGIN); + + self.dataListener = null; + self.originalRequest = null; + }; + + return true; + }; + +@@ -972,31 +977,35 @@ PdfStreamConverter.prototype = { + var proxy = { + onStartRequest: function(request, context) { + listener.onStartRequest(aRequest, aContext); + }, + onDataAvailable: function(request, context, inputStream, offset, count) { + listener.onDataAvailable(aRequest, aContext, inputStream, + offset, count); + }, +- onStopRequest: function(request, context, statusCode) { +- // We get the DOM window here instead of before the request since it +- // may have changed during a redirect. +- var domWindow = getDOMWindow(channel); ++ onStopRequest(request, context, statusCode) { ++ var domWindow = getDOMWindow(channel, resourcePrincipal); ++ if (!Components.isSuccessCode(statusCode) || !domWindow) { ++ // The request may have been aborted and the document may have been ++ // replaced with something that is not PDF.js, abort attaching. ++ listener.onStopRequest(aRequest, context, statusCode); ++ return; ++ } + var actions; + if (rangeRequest || streamRequest) { + actions = new RangedChromeActions( + domWindow, contentDispositionFilename, aRequest, + rangeRequest, streamRequest, dataListener); + } else { + actions = new StandardChromeActions( + domWindow, contentDispositionFilename, aRequest, dataListener); + } + var requestListener = new RequestListener(actions); +- domWindow.addEventListener(PDFJS_EVENT_ID, function(event) { ++ domWindow.document.addEventListener(PDFJS_EVENT_ID, function(event) { + requestListener.receive(event); + }, false, true); + if (actions.supportsIntegratedFind()) { + var findEventManager = new FindEventManager(domWindow); + findEventManager.bind(); + } + listener.onStopRequest(aRequest, aContext, statusCode); + +diff --git a/browser/extensions/pdfjs/content/build/pdf.worker.js b/browser/extensions/pdfjs/content/build/pdf.worker.js +--- a/browser/extensions/pdfjs/content/build/pdf.worker.js ++++ b/browser/extensions/pdfjs/content/build/pdf.worker.js +@@ -41648,16 +41648,32 @@ + var error = sharedUtil.error; + var info = sharedUtil.info; + var isArray = sharedUtil.isArray; + var isBool = sharedUtil.isBool; + var isDict = corePrimitives.isDict; + var isStream = corePrimitives.isStream; + var PostScriptLexer = corePsParser.PostScriptLexer; + var PostScriptParser = corePsParser.PostScriptParser; ++ function toNumberArray(arr) { ++ if (!Array.isArray(arr)) { ++ return null; ++ } ++ var length = arr.length; ++ for (var i = 0; i < length; i++) { ++ if (typeof arr[i] !== 'number') { ++ var result = new Array(length); ++ for (var j = 0; j < length; j++) { ++ result[j] = +arr[j]; ++ } ++ return result; ++ } ++ } ++ return arr; ++ } + var PDFFunction = function PDFFunctionClosure() { + var CONSTRUCT_SAMPLED = 0; + var CONSTRUCT_INTERPOLATED = 2; + var CONSTRUCT_STICHED = 3; + var CONSTRUCT_POSTSCRIPT = 4; + return { + getSampleArray: function PDFFunction_getSampleArray(size, outputSize, bps, str) { + var i, ii; +@@ -41747,43 +41763,43 @@ + out[index] = [ + arr[i], + arr[i + 1] + ]; + ++index; + } + return out; + } +- var domain = dict.getArray('Domain'); +- var range = dict.getArray('Range'); ++ var domain = toNumberArray(dict.getArray('Domain')); ++ var range = toNumberArray(dict.getArray('Range')); + if (!domain || !range) { + error('No domain or range'); + } + var inputSize = domain.length / 2; + var outputSize = range.length / 2; + domain = toMultiArray(domain); + range = toMultiArray(range); +- var size = dict.get('Size'); ++ var size = toNumberArray(dict.get('Size')); + var bps = dict.get('BitsPerSample'); + var order = dict.get('Order') || 1; + if (order !== 1) { + // No description how cubic spline interpolation works in PDF32000:2008 + // As in poppler, ignoring order, linear interpolation may work as good + info('No support for cubic spline interpolation: ' + order); + } +- var encode = dict.getArray('Encode'); ++ var encode = toNumberArray(dict.getArray('Encode')); + if (!encode) { + encode = []; + for (var i = 0; i < inputSize; ++i) { +- encode.push(0); +- encode.push(size[i] - 1); +- } +- } +- encode = toMultiArray(encode); +- var decode = dict.getArray('Decode'); ++ encode.push([0, size[i] - 1]); ++ } ++ } else { ++ encode = toMultiArray(encode); ++ } ++ var decode = toNumberArray(dict.getArray('Decode')); + if (!decode) { + decode = range; + } else { + decode = toMultiArray(decode); + } + var samples = this.getSampleArray(size, outputSize, bps, str); + return [ + CONSTRUCT_SAMPLED, +@@ -41868,22 +41884,19 @@ + // Decode_2j, Decode_2j+1) + rj = interpolate(rj, 0, 1, decode[j][0], decode[j][1]); + // y_j = min(max(r_j, range_2j), range_2j+1) + dest[destOffset + j] = Math.min(Math.max(rj, range[j][0]), range[j][1]); + } + }; + }, + constructInterpolated: function PDFFunction_constructInterpolated(str, dict) { +- var c0 = dict.getArray('C0') || [0]; +- var c1 = dict.getArray('C1') || [1]; ++ var c0 = toNumberArray(dict.getArray('C0')) || [0]; ++ var c1 = toNumberArray(dict.getArray('C1')) || [1]; + var n = dict.get('N'); +- if (!isArray(c0) || !isArray(c1)) { +- error('Illegal dictionary for interpolated function'); +- } + var length = c0.length; + var diff = []; + for (var i = 0; i < length; ++i) { + diff.push(c1[i] - c0[i]); + } + return [ + CONSTRUCT_INTERPOLATED, + c0, +@@ -41899,49 +41912,45 @@ + return function constructInterpolatedFromIRResult(src, srcOffset, dest, destOffset) { + var x = n === 1 ? src[srcOffset] : Math.pow(src[srcOffset], n); + for (var j = 0; j < length; ++j) { + dest[destOffset + j] = c0[j] + x * diff[j]; + } + }; + }, + constructStiched: function PDFFunction_constructStiched(fn, dict, xref) { +- var domain = dict.getArray('Domain'); ++ var domain = toNumberArray(dict.getArray('Domain')); + if (!domain) { + error('No domain'); + } + var inputSize = domain.length / 2; + if (inputSize !== 1) { + error('Bad domain for stiched function'); + } + var fnRefs = dict.get('Functions'); + var fns = []; + for (var i = 0, ii = fnRefs.length; i < ii; ++i) { +- fns.push(PDFFunction.getIR(xref, xref.fetchIfRef(fnRefs[i]))); +- } +- var bounds = dict.getArray('Bounds'); +- var encode = dict.getArray('Encode'); ++ fns.push(PDFFunction.parse(xref, xref.fetchIfRef(fnRefs[i]))); ++ } ++ var bounds = toNumberArray(dict.getArray('Bounds')); ++ var encode = toNumberArray(dict.getArray('Encode')); + return [ + CONSTRUCT_STICHED, + domain, + bounds, + encode, + fns + ]; + }, + constructStichedFromIR: function PDFFunction_constructStichedFromIR(IR) { + var domain = IR[1]; + var bounds = IR[2]; + var encode = IR[3]; +- var fnsIR = IR[4]; +- var fns = []; ++ var fns = IR[4]; + var tmpBuf = new Float32Array(1); +- for (var i = 0, ii = fnsIR.length; i < ii; i++) { +- fns.push(PDFFunction.fromIR(fnsIR[i])); +- } + return function constructStichedFromIRResult(src, srcOffset, dest, destOffset) { + var clip = function constructStichedFromIRClip(v, min, max) { + if (v > max) { + v = max; + } else if (v < min) { + v = min; + } + return v; +@@ -41968,18 +41977,18 @@ + // Prevent the value from becoming NaN as a result + // of division by zero (fixes issue6113.pdf). + tmpBuf[0] = dmin === dmax ? rmin : rmin + (v - dmin) * (rmax - rmin) / (dmax - dmin); + // call the appropriate function + fns[i](tmpBuf, 0, dest, destOffset); + }; + }, + constructPostScript: function PDFFunction_constructPostScript(fn, dict, xref) { +- var domain = dict.getArray('Domain'); +- var range = dict.getArray('Range'); ++ var domain = toNumberArray(dict.getArray('Domain')); ++ var range = toNumberArray(dict.getArray('Range')); + if (!domain) { + error('No domain.'); + } + if (!range) { + error('No range.'); + } + var lexer = new PostScriptLexer(fn); + var parser = new PostScriptParser(lexer); +@@ -42928,18 +42937,18 @@ + case 'IndexedCS': + var baseIndexedCS = IR[1]; + var hiVal = IR[2]; + var lookup = IR[3]; + return new IndexedCS(ColorSpace.fromIR(baseIndexedCS), hiVal, lookup); + case 'AlternateCS': + var numComps = IR[1]; + var alt = IR[2]; +- var tintFnIR = IR[3]; +- return new AlternateCS(numComps, ColorSpace.fromIR(alt), PDFFunction.fromIR(tintFnIR)); ++ var tintFn = IR[3]; ++ return new AlternateCS(numComps, ColorSpace.fromIR(alt), tintFn); + case 'LabCS': + whitePoint = IR[1]; + blackPoint = IR[2]; + var range = IR[3]; + return new LabCS(whitePoint, blackPoint, range); + default: + error('Unknown name ' + name); + } +@@ -43067,22 +43076,22 @@ + var name = xref.fetchIfRef(cs[1]); + numComps = 1; + if (isName(name)) { + numComps = 1; + } else if (isArray(name)) { + numComps = name.length; + } + alt = ColorSpace.parseToIR(cs[2], xref, res); +- var tintFnIR = PDFFunction.getIR(xref, xref.fetchIfRef(cs[3])); ++ var tintFn = PDFFunction.parse(xref, xref.fetchIfRef(cs[3])); + return [ + 'AlternateCS', + numComps, + alt, +- tintFnIR ++ tintFn + ]; + case 'Lab': + params = xref.fetchIfRef(cs[1]); + whitePoint = params.getArray('WhitePoint'); + blackPoint = params.getArray('BlackPoint'); + var range = params.getArray('Range'); + return [ + 'LabCS', +@@ -52483,9 +52492,9 @@ + initializeWorker(); + } + exports.setPDFNetworkStreamClass = setPDFNetworkStreamClass; + exports.WorkerTask = WorkerTask; + exports.WorkerMessageHandler = WorkerMessageHandler; + })); + }.call(pdfjsLibs)); + exports.WorkerMessageHandler = pdfjsLibs.pdfjsCoreWorker.WorkerMessageHandler; +-})); +\ No newline at end of file ++})); + diff --git a/gnu/packages/patches/lcms-CVE-2016-10165.patch b/gnu/packages/patches/lcms-CVE-2016-10165.patch deleted file mode 100644 index fa4d75c9ee..0000000000 --- a/gnu/packages/patches/lcms-CVE-2016-10165.patch +++ /dev/null @@ -1,36 +0,0 @@ -Fix CVE-2016-10165, an out-of-bounds heap read in Type_MLU_Read(): - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10165 -http://seclists.org/oss-sec/2016/q3/288 -https://bugzilla.redhat.com/show_bug.cgi?id=1367357 -https://security-tracker.debian.org/tracker/CVE-2016-10165 - -Patch copied from upstream source repository: - -https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2 - -From 5ca71a7bc18b6897ab21d815d15e218e204581e2 Mon Sep 17 00:00:00 2001 -From: Marti <marti.maria@tktbrainpower.com> -Date: Mon, 15 Aug 2016 23:31:39 +0200 -Subject: [PATCH] Added an extra check to MLU bounds - -Thanks to Ibrahim el-sayed for spotting the bug ---- - src/cmstypes.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/cmstypes.c b/src/cmstypes.c -index cb61860..c7328b9 100644 ---- a/src/cmstypes.c -+++ b/src/cmstypes.c -@@ -1460,6 +1460,7 @@ void *Type_MLU_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU - - // Check for overflow - if (Offset < (SizeOfHeader + 8)) goto Error; -+ if ((Offset + Len) > SizeOfTag + 8) goto Error; - - // True begin of the string - BeginOfThisString = Offset - SizeOfHeader - 8; --- -2.11.0 - diff --git a/gnu/packages/patches/libgpg-error-aarch64-logging-fix.patch b/gnu/packages/patches/libgpg-error-aarch64-logging-fix.patch new file mode 100644 index 0000000000..d848d639b2 --- /dev/null +++ b/gnu/packages/patches/libgpg-error-aarch64-logging-fix.patch @@ -0,0 +1,58 @@ +https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgpg-error.git;a=patch;h=791177de023574223eddf7288eb7c5a0721ac623 + +From 791177de023574223eddf7288eb7c5a0721ac623 Mon Sep 17 00:00:00 2001 +From: Werner Koch <wk@gnupg.org> +Date: Sun, 18 Mar 2018 17:39:43 +0100 +Subject: [PATCH] core: Fix regression on arm64 due to invalid use of va_list. + +* src/logging.c (_gpgrt_log_printhex): Provide a dummy arg instead of +NULL. +-- + +Fix +Suggested-by: Jakub Wilk <jwilk@jwilk.net> + +Signed-off-by: Werner Koch <wk@gnupg.org> +--- + src/logging.c | 18 ++++++++++++++---- + 1 file changed, 14 insertions(+), 4 deletions(-) + +diff --git a/src/logging.c b/src/logging.c +index 1a4f620..d01f974 100644 +--- a/src/logging.c ++++ b/src/logging.c +@@ -1090,9 +1090,10 @@ _gpgrt_log_flush (void) + + + /* Print a hexdump of (BUFFER,LENGTH). With FMT passed as NULL print +- * just the raw dump, with FMT being an empty string, print a trailing +- * linefeed, otherwise print an entire debug line with the expanded +- * FMT followed by a possible wrapped hexdump and a final LF. */ ++ * just the raw dump (in this case ARG_PTR is not used), with FMT ++ * being an empty string, print a trailing linefeed, otherwise print ++ * an entire debug line with the expanded FMT followed by a possible ++ * wrapped hexdump and a final LF. */ + void + _gpgrt_logv_printhex (const void *buffer, size_t length, + const char *fmt, va_list arg_ptr) +@@ -1150,7 +1151,16 @@ _gpgrt_log_printhex (const void *buffer, size_t length, + va_end (arg_ptr); + } + else +- _gpgrt_logv_printhex (buffer, length, NULL, NULL); ++ { ++ /* va_list is not necessary a pointer and thus we can't use NULL ++ * because that would conflict with platforms using a straight ++ * struct for it (e.g. arm64). We use a dummy variable instead; ++ * the static is a simple way zero it out so to not get ++ * complains about uninitialized use. */ ++ static va_list dummy_argptr; ++ ++ _gpgrt_logv_printhex (buffer, length, NULL, dummy_argptr); ++ } + } + + +-- +2.8.0.rc3 + diff --git a/gnu/packages/patches/libmygpo-qt-fix-qt-5.11.patch b/gnu/packages/patches/libmygpo-qt-fix-qt-5.11.patch new file mode 100644 index 0000000000..69673c90ee --- /dev/null +++ b/gnu/packages/patches/libmygpo-qt-fix-qt-5.11.patch @@ -0,0 +1,78 @@ +From 1b53767b988b339aac8b353327a1542b2a0c0610 Mon Sep 17 00:00:00 2001 +From: Andreas Sturmlechner <andreas.sturmlechner@gmail.com> +Date: Sun, 15 Apr 2018 22:29:33 +0200 +Subject: [PATCH] Fix build with Qt 5.11_beta3 (dropping qt5_use_modules) + +--- + CMakeLists.txt | 3 --- + src/CMakeLists.txt | 8 ++++++-- + tests/CMakeLists.txt | 12 +++++++++--- + 3 files changed, 15 insertions(+), 8 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index eb006d9..fa4b0cb 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -34,9 +34,6 @@ else() + set( QT_DONT_USE_QTGUI TRUE ) + include( ${QT_USE_FILE} ) + +- macro(qt5_use_modules) +- endmacro() +- + macro(qt_wrap_cpp) + qt4_wrap_cpp(${ARGN}) + endmacro() +diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt +index 802125b..253e81e 100644 +--- a/src/CMakeLists.txt ++++ b/src/CMakeLists.txt +@@ -79,9 +79,13 @@ QT_WRAP_CPP(LIBMYGPO_QT_MOC_SRC ${LIBMYGPO_QT_MOC_H} ) + + add_library( ${MYGPO_QT_TARGET_NAME} SHARED ${LIBMYGPO_QT_SRC} ${LIBMYGPO_QT_MOC_SRC} ) + +-target_link_libraries( ${MYGPO_QT_TARGET_NAME} ${QJSON_LIBRARIES} ${QT_QTCORE_LIBRARY} ${QT_QTNETWORK_LIBRARY} ) + set_target_properties( ${MYGPO_QT_TARGET_NAME} PROPERTIES VERSION ${MYGPO_QT_VERSION} SOVERSION ${MYGPO_QT_SONAME} DEFINE_SYMBOL MYGPO_MAKEDLL) +-qt5_use_modules( ${MYGPO_QT_TARGET_NAME} Core Network ) ++ ++if( NOT BUILD_WITH_QT4 ) ++ target_link_libraries( ${MYGPO_QT_TARGET_NAME} Qt5::Core Qt5::Network) ++else() ++ target_link_libraries( ${MYGPO_QT_TARGET_NAME} ${QT_QTCORE_LIBRARY} ${QT_QTNETWORK_LIBRARY} ${QJSON_LIBRARIES}) ++endif() + + install( TARGETS ${MYGPO_QT_TARGET_NAME} EXPORT ${MYGPO_QT_TARGET_NAME}Export DESTINATION ${LIB_INSTALL_DIR} ) + +diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt +index a3e3223..4f77158 100644 +--- a/tests/CMakeLists.txt ++++ b/tests/CMakeLists.txt +@@ -11,11 +11,15 @@ include_directories( ${QJSON_INCLUDE_DIR} ${CMAKE_CURRENT_BINARY_DIR} ${CMAKE_CU + + # UrlBuilder library + add_library( UrlBuilder ${TESTOBJECTS_SRCDIR}/UrlBuilder.cpp ${TESTOBJECTS_SRCDIR}/Config.cpp ) +-qt5_use_modules( UrlBuilder Core ) ++if( NOT BUILD_WITH_QT4 ) ++ target_link_libraries( UrlBuilder Qt5::Core ) ++endif() + # JSONCreator library + QT_WRAP_CPP(LIBMYGPO_QT_MOC_SRC ${TESTOBJECTS_SRCDIR}/EpisodeAction.h ${TESTOBJECTS_SRCDIR}/EpisodeAction_p.h ) + add_library( JsonCreator ${TESTOBJECTS_SRCDIR}/JsonCreator.cpp ${TESTOBJECTS_SRCDIR}/EpisodeAction.cpp ${TESTOBJECTS_SRCDIR}/qjsonwrapper/Json.cpp ${LIBMYGPO_QT_MOC_SRC}) +-qt5_use_modules( JsonCreator Core Network ) ++if( NOT BUILD_WITH_QT4 ) ++ target_link_libraries( JsonCreator Qt5::Core Qt5::Network ) ++endif() + + set( EXECUTABLE_OUTPUT_PATH ${CMAKE_CURRENT_BINARY_DIR} ) + +@@ -25,7 +29,9 @@ macro(add_libmygpo_test _source) + add_executable(${_name} ${_source} ${${_name}_MOC_SRC}) + target_link_libraries(${_name} ${QT_QTCORE_LIBRARY} ${QT_QTTEST_LIBRARY} ${QT_QTNETWORK_LIBRARY}) + add_test(${_name}-test ${EXECUTABLE_OUTPUT_PATH}/${_name}) +- qt5_use_modules(${_name} Network Test) ++ if( NOT BUILD_WITH_QT4 ) ++ target_link_libraries(${_name} Qt5::Network Qt5::Test) ++ endif() + endmacro(add_libmygpo_test) + + add_libmygpo_test( UrlBuilderTest.cpp ) diff --git a/gnu/packages/patches/libmygpo-qt-missing-qt5-modules.patch b/gnu/packages/patches/libmygpo-qt-missing-qt5-modules.patch new file mode 100644 index 0000000000..aa9ed2c0f7 --- /dev/null +++ b/gnu/packages/patches/libmygpo-qt-missing-qt5-modules.patch @@ -0,0 +1,51 @@ +From 0d76d960727018bddf04c6cc89552af69aaa7e55 Mon Sep 17 00:00:00 2001 +From: Andreas Sturmlechner <andreas.sturmlechner@gmail.com> +Date: Sun, 15 Apr 2018 22:20:34 +0200 +Subject: [PATCH] Add missing Qt5Network, Qt5Test, make BUILD_WITH_QT4 more + strict + +--- + CMakeLists.txt | 22 +++++++++++----------- + 1 file changed, 11 insertions(+), 11 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 2a1f652..eb006d9 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -5,25 +5,25 @@ project( libmygpo-qt ) + set( CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} ${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules) + set( CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DQT_NO_CAST_FROM_ASCII -DQT_NO_CAST_TO_ASCII" ) + +-option(BUILD_WITH_QT4 "Build libmygpo-qt with Qt4 no matter if Qt5 was found" OFF) ++option(BUILD_WITH_QT4 "Build libmygpo-qt with Qt4" OFF) + + if( NOT BUILD_WITH_QT4 ) +- find_package(Qt5Core QUIET) +- if( Qt5Core_DIR ) +- set(MYGPO_QT_VERSION_SUFFIX 5) +- +- macro(qt_wrap_cpp) +- qt5_wrap_cpp(${ARGN}) +- endmacro() ++ if( MYGPO_BUILD_TESTS ) ++ find_package(Qt5 REQUIRED COMPONENTS Core Network Test CONFIG) ++ else() ++ find_package(Qt5 REQUIRED COMPONENTS Core Network CONFIG) + endif() ++ set(MYGPO_QT_VERSION_SUFFIX 5) ++ ++ macro(qt_wrap_cpp) ++ qt5_wrap_cpp(${ARGN}) ++ endmacro() + + # pkg-config names of QtCore and QtNetwork are Qt5Core and Qt5Network for + # Qt5 + set(MYGPO_QT_MAJOR_VERSION "5") + set(MYGPO_QT4_QJSON_DEP "") +-endif() +- +-if( NOT Qt5Core_DIR ) ++else() + message(STATUS "Could not find Qt5, searching for Qt4 instead...") + message(STATUS "Qt4 Support is deprecated, building with Qt4 is no longer officially supported") + if( MYGPO_BUILD_TESTS ) diff --git a/gnu/packages/patches/liboop-mips64-deplibs-fix.patch b/gnu/packages/patches/liboop-mips64-deplibs-fix.patch deleted file mode 100644 index b91754a8cc..0000000000 --- a/gnu/packages/patches/liboop-mips64-deplibs-fix.patch +++ /dev/null @@ -1,17 +0,0 @@ -Patch configure script to choose pass_all deplibs check method for -linux-gnu* systems on mips64. This is a temporary hack until liboop -bootstraps their build system with a newer libtool. - -Patch by Mark H Weaver <mhw@netris.org>. - ---- liboop/configure.orig 2003-10-26 11:41:19.000000000 -0500 -+++ liboop/configure 2013-11-02 18:09:11.079995796 -0400 -@@ -3395,7 +3395,7 @@ - # This must be Linux ELF. - linux*) - case $host_cpu in -- alpha* | hppa* | i*86 | ia64* | m68* | mips | mipsel | powerpc* | sparc* | s390* | sh*) -+ alpha* | hppa* | i*86 | ia64* | m68* | mips | mipsel | mips64 | mips64el | powerpc* | sparc* | s390* | sh*) - lt_cv_deplibs_check_method=pass_all ;; - *) - # glibc up to 2.1.1 does not perform some relocations on ARM diff --git a/gnu/packages/patches/libreoffice-icu.patch b/gnu/packages/patches/libreoffice-icu.patch new file mode 100644 index 0000000000..2985d564aa --- /dev/null +++ b/gnu/packages/patches/libreoffice-icu.patch @@ -0,0 +1,126 @@ +This patch fixes the build of Libreoffice 6.0.5 with icu 61.1. +It was downloaded from https://bugs.gentoo.org/651702. + +--- a/forms/source/xforms/datatypes.hxx ++++ a/forms/source/xforms/datatypes.hxx +@@ -36,6 +36,8 @@ + + #include <memory> + ++using icu::RegexMatcher; ++ + + namespace xforms + { +--- a/i18npool/inc/collator_unicode.hxx ++++ a/i18npool/inc/collator_unicode.hxx +@@ -26,6 +26,8 @@ + + #include <unicode/tblcoll.h> + ++using icu::RuleBasedCollator; ++ + // ---------------------------------------------------- + // class Collator_Unicode + // ---------------------------------------------------- +--- a/i18npool/source/breakiterator/breakiterator_unicode.cxx ++++ a/i18npool/source/breakiterator/breakiterator_unicode.cxx +@@ -30,6 +30,9 @@ + #include <rtl/ustring.hxx> + #include <string.h> + ++using icu::BreakIterator; ++using icu::RuleBasedBreakIterator; ++ + U_CDECL_BEGIN + extern const char OpenOffice_dat[]; + U_CDECL_END +--- a/i18npool/source/collator/collator_unicode.cxx ++++ a/i18npool/source/collator/collator_unicode.cxx +@@ -29,6 +29,8 @@ + #include <com/sun/star/i18n/CollatorOptions.hpp> + #include <cppuhelper/supportsservice.hxx> + ++using icu::Collator; ++ + using namespace ::com::sun::star; + using namespace ::com::sun::star::i18n; + using namespace ::com::sun::star::lang; +--- a/i18npool/source/collator/gencoll_rule.cxx ++++ a/i18npool/source/collator/gencoll_rule.cxx +@@ -31,6 +31,8 @@ + + #include <unicode/tblcoll.h> + ++using icu::RuleBasedCollator; ++ + /* Main Procedure */ + + void data_write(char* file, char* name, sal_uInt8 *data, sal_Int32 len) +--- a/i18npool/source/ordinalsuffix/ordinalsuffix.cxx ++++ a/i18npool/source/ordinalsuffix/ordinalsuffix.cxx +@@ -29,6 +29,8 @@ + #include <unicode/normlzr.h> + #include <memory> + ++using icu::NumberFormat; ++ + using namespace ::com::sun::star::i18n; + using namespace ::com::sun::star::uno; + using namespace ::com::sun::star; +--- a/i18npool/source/transliteration/ignoreDiacritics_CTL.cxx ++++ a/i18npool/source/transliteration/ignoreDiacritics_CTL.cxx +@@ -12,6 +12,8 @@ + #include <unicode/translit.h> + #include <unicode/uchar.h> + ++using icu::UnicodeString; ++ + namespace i18npool { + + ignoreDiacritics_CTL::ignoreDiacritics_CTL() +--- a/i18nutil/source/utility/unicode.cxx ++++ a/i18nutil/source/utility/unicode.cxx +@@ -34,6 +34,9 @@ + // which (obviously) breaks UnicodeType::CURRENCY_SYMBOL + #undef CURRENCY_SYMBOL + ++using icu::NumberFormat; ++using icu::UnicodeString; ++ + using namespace ::com::sun::star::i18n; + + template<class L, typename T> +--- a/lotuswordpro/source/filter/localtime.cxx ++++ a/lotuswordpro/source/filter/localtime.cxx +@@ -57,6 +57,8 @@ + #include <limits.h> + #include <unicode/timezone.h> + ++using icu::TimeZone; ++ + const long DAY_SEC =24 * 60 * 60; + const long YEAR_SEC = 365 * DAY_SEC; + const long FOURYEAR_SEC = 4 * YEAR_SEC + DAY_SEC; +--- a/opencl/source/openclconfig.cxx ++++ a/opencl/source/openclconfig.cxx +@@ -17,6 +17,8 @@ + #include <sal/log.hxx> + #include <sal/types.h> + ++using icu::RegexMatcher; ++ + OpenCLConfig::OpenCLConfig() : + mbUseOpenCL(true) + { +--- a/vcl/inc/scrptrun.h ++++ a/vcl/inc/scrptrun.h +@@ -45,6 +45,8 @@ + #include <unicode/uscript.h> + #include <vector> + ++using icu::UObject; ++ + namespace vcl { + + struct ParenStackEntry diff --git a/gnu/packages/patches/libtasn1-CVE-2017-10790.patch b/gnu/packages/patches/libtasn1-CVE-2017-10790.patch deleted file mode 100644 index 6cec0c8030..0000000000 --- a/gnu/packages/patches/libtasn1-CVE-2017-10790.patch +++ /dev/null @@ -1,63 +0,0 @@ -Fix CVE-2017-10790: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10790 - -Patch copied from upstream source repository: - -https://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=d8d805e1f2e6799bb2dff4871a8598dc83088a39 - -From d8d805e1f2e6799bb2dff4871a8598dc83088a39 Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: Thu, 22 Jun 2017 16:31:37 +0200 -Subject: [PATCH] _asn1_check_identifier: safer access to values read - -Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> ---- - lib/parser_aux.c | 17 ++++++++++++----- - 1 file changed, 12 insertions(+), 5 deletions(-) - -diff --git a/lib/parser_aux.c b/lib/parser_aux.c -index 976ab38..786ea64 100644 ---- a/lib/parser_aux.c -+++ b/lib/parser_aux.c -@@ -955,7 +955,7 @@ _asn1_check_identifier (asn1_node node) - if (p2 == NULL) - { - if (p->value) -- _asn1_strcpy (_asn1_identifierMissing, p->value); -+ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value); - else - _asn1_strcpy (_asn1_identifierMissing, "(null)"); - return ASN1_IDENTIFIER_NOT_FOUND; -@@ -968,9 +968,15 @@ _asn1_check_identifier (asn1_node node) - if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT)) - { - _asn1_str_cpy (name2, sizeof (name2), node->name); -- _asn1_str_cat (name2, sizeof (name2), "."); -- _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); -- _asn1_strcpy (_asn1_identifierMissing, p2->value); -+ if (p2->value) -+ { -+ _asn1_str_cat (name2, sizeof (name2), "."); -+ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); -+ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); -+ } -+ else -+ _asn1_strcpy (_asn1_identifierMissing, "(null)"); -+ - p2 = asn1_find_node (node, name2); - if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) || - !(p2->type & CONST_ASSIGN)) -@@ -990,7 +996,8 @@ _asn1_check_identifier (asn1_node node) - _asn1_str_cpy (name2, sizeof (name2), node->name); - _asn1_str_cat (name2, sizeof (name2), "."); - _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); -- _asn1_strcpy (_asn1_identifierMissing, p2->value); -+ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); -+ - p2 = asn1_find_node (node, name2); - if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) - || !(p2->type & CONST_ASSIGN)) --- -2.13.3 - diff --git a/gnu/packages/patches/libtasn1-CVE-2018-6003.patch b/gnu/packages/patches/libtasn1-CVE-2018-6003.patch deleted file mode 100644 index 3e6140518d..0000000000 --- a/gnu/packages/patches/libtasn1-CVE-2018-6003.patch +++ /dev/null @@ -1,73 +0,0 @@ -Fix CVE-2018-6003: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6003 -https://lists.gnu.org/archive/html/help-libtasn1/2018-01/msg00000.html - -Patch copied from upstream source repository: - -https://gitlab.com/gnutls/libtasn1/commit/c593ae84cfcde8fea45787e53950e0ac71e9ca97 - -From c593ae84cfcde8fea45787e53950e0ac71e9ca97 Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: Thu, 4 Jan 2018 10:52:05 +0100 -Subject: [PATCH] _asn1_decode_simple_ber: restrict the levels of recursion to 3 - -On indefinite string decoding, setting a maximum level of recursions -protects the BER decoder from a stack exhaustion due to large amounts -of recursion. - -Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> ---- - lib/decoding.c | 21 +++++++++++++++++++-- - 1 file changed, 19 insertions(+), 2 deletions(-) - -diff --git a/lib/decoding.c b/lib/decoding.c -index 2240b09..0ee35d3 100644 ---- a/lib/decoding.c -+++ b/lib/decoding.c -@@ -45,6 +45,13 @@ - - #define DECODE_FLAG_HAVE_TAG 1 - #define DECODE_FLAG_INDEFINITE (1<<1) -+/* On indefinite string decoding, allow this maximum levels -+ * of recursion. Allowing infinite recursion, makes the BER -+ * decoder susceptible to stack exhaustion due to that recursion. -+ */ -+#define DECODE_FLAG_LEVEL1 (1<<2) -+#define DECODE_FLAG_LEVEL2 (1<<3) -+#define DECODE_FLAG_LEVEL3 (1<<4) - - #define DECR_LEN(l, s) do { \ - l -= s; \ -@@ -2216,7 +2223,8 @@ _asn1_decode_simple_ber (unsigned int etype, const unsigned char *der, - } - - /* indefinite constructed */ -- if (((dflags & DECODE_FLAG_INDEFINITE) || class == ASN1_CLASS_STRUCTURED) && ETYPE_IS_STRING(etype)) -+ if ((((dflags & DECODE_FLAG_INDEFINITE) || class == ASN1_CLASS_STRUCTURED) && ETYPE_IS_STRING(etype)) && -+ !(dflags & DECODE_FLAG_LEVEL3)) - { - len_len = 1; - -@@ -2236,8 +2244,17 @@ _asn1_decode_simple_ber (unsigned int etype, const unsigned char *der, - do - { - unsigned tmp_len; -+ unsigned flags = DECODE_FLAG_HAVE_TAG; -+ -+ if (dflags & DECODE_FLAG_LEVEL1) -+ flags |= DECODE_FLAG_LEVEL2; -+ else if (dflags & DECODE_FLAG_LEVEL2) -+ flags |= DECODE_FLAG_LEVEL3; -+ else -+ flags |= DECODE_FLAG_LEVEL1; - -- result = asn1_decode_simple_ber(etype, p, der_len, &out, &out_len, &tmp_len); -+ result = _asn1_decode_simple_ber(etype, p, der_len, &out, &out_len, &tmp_len, -+ flags); - if (result != ASN1_SUCCESS) - { - warn(); --- -libgit2 0.26.0 - diff --git a/gnu/packages/patches/libusb-for-axoloti.patch b/gnu/packages/patches/libusb-for-axoloti.patch index 76a45e801d..fb94c489b0 100644 --- a/gnu/packages/patches/libusb-for-axoloti.patch +++ b/gnu/packages/patches/libusb-for-axoloti.patch @@ -1,8 +1,8 @@ -diff -rpu4 libusb-1.0.22.orig/libusb/descriptor.c libusb-1.0.22/libusb/descriptor.c ---- libusb-1.0.22.orig/libusb/descriptor.c 2018-03-17 08:23:37.000000000 +0100 -+++ libusb-1.0.22/libusb/descriptor.c 2018-03-29 10:36:09.968429473 +0200 -@@ -1173,9 +1173,9 @@ int API_EXPORTED libusb_get_string_descr - if (tbuf[1] != LIBUSB_DT_STRING) +diff --git a/libusb/descriptor.c b/libusb/descriptor.c +index 74d6de5..0b0e314 100644 +--- a/libusb/descriptor.c ++++ b/libusb/descriptor.c +@@ -1174,7 +1174,7 @@ int API_EXPORTED libusb_get_string_descriptor_ascii(libusb_device_handle *dev_ha return LIBUSB_ERROR_IO; if (tbuf[0] > r) @@ -11,4 +11,6 @@ diff -rpu4 libusb-1.0.22.orig/libusb/descriptor.c libusb-1.0.22/libusb/descripto di = 0; for (si = 2; si < tbuf[0]; si += 2) { - if (di >= (length - 1)) +-- +2.17.0 + diff --git a/gnu/packages/patches/libutils-add-includes.patch b/gnu/packages/patches/libutils-add-includes.patch new file mode 100644 index 0000000000..354c59b735 --- /dev/null +++ b/gnu/packages/patches/libutils-add-includes.patch @@ -0,0 +1,11 @@ +--- a/libutils/CallStack.cpp 2018-04-25 20:13:06.348665241 +0200 ++++ b/libutils/CallStack.cpp 2018-04-25 20:13:18.360510763 +0200 +@@ -17,7 +17,7 @@ + #define LOG_TAG "CallStack" + + #include <memory> +- ++#include <cstdlib> + #include <utils/CallStack.h> + #include <utils/Printer.h> + #include <utils/Errors.h> diff --git a/gnu/packages/patches/libutils-remove-damaging-includes.patch b/gnu/packages/patches/libutils-remove-damaging-includes.patch new file mode 100644 index 0000000000..7867dd3b80 --- /dev/null +++ b/gnu/packages/patches/libutils-remove-damaging-includes.patch @@ -0,0 +1,21 @@ +--- a/include/utils/StrongPointer.h 2018-04-25 18:42:34.321003602 +0200 ++++ b/include/utils/StrongPointer.h 2018-04-25 18:42:42.180912201 +0200 +@@ -17,8 +17,6 @@ + #ifndef ANDROID_STRONG_POINTER_H + #define ANDROID_STRONG_POINTER_H + +-#include <cutils/atomic.h> +- + #include <stdint.h> + #include <sys/types.h> + #include <stdlib.h> +--- a/libutils/Trace.cpp 2018-04-25 20:41:48.775049786 +0200 ++++ b/libutils/Trace.cpp 2018-04-25 20:42:13.674744182 +0200 +@@ -21,5 +21,7 @@ + + static void traceInit() + { ++#if defined(__ANDROID__) + ::android::add_sysprop_change_callback(atrace_update_tags, 0); ++#endif + } diff --git a/gnu/packages/patches/libvorbis-CVE-2017-14632.patch b/gnu/packages/patches/libvorbis-CVE-2017-14632.patch deleted file mode 100644 index 99debf2104..0000000000 --- a/gnu/packages/patches/libvorbis-CVE-2017-14632.patch +++ /dev/null @@ -1,63 +0,0 @@ -Fix CVE-2017-14632: - -https://gitlab.xiph.org/xiph/vorbis/issues/2328 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632 - -Patch copied from upstream source repository: - -https://gitlab.xiph.org/xiph/vorbis/commit/c1c2831fc7306d5fbd7bc800324efd12b28d327f - -From c1c2831fc7306d5fbd7bc800324efd12b28d327f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org> -Date: Wed, 15 Nov 2017 18:22:59 +0100 -Subject: [PATCH] CVE-2017-14632: vorbis_analysis_header_out: Don't clear opb - if not initialized - -If the number of channels is not within the allowed range -we call oggback_writeclear altough it's not initialized yet. - -This fixes - - =23371== Invalid free() / delete / delete[] / realloc() - ==23371== at 0x4C2CE1B: free (vg_replace_malloc.c:530) - ==23371== by 0x829CA31: oggpack_writeclear (in /usr/lib/x86_64-linux-gnu/libogg.so.0.8.2) - ==23371== by 0x84B96EE: vorbis_analysis_headerout (info.c:652) - ==23371== by 0x9FBCBCC: ??? (in /usr/lib/x86_64-linux-gnu/sox/libsox_fmt_vorbis.so) - ==23371== by 0x4E524F1: ??? (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1) - ==23371== by 0x4E52CCA: sox_open_write (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1) - ==23371== by 0x10D82A: open_output_file (sox.c:1556) - ==23371== by 0x10D82A: process (sox.c:1753) - ==23371== by 0x10D82A: main (sox.c:3012) - ==23371== Address 0x68768c8 is 488 bytes inside a block of size 880 alloc'd - ==23371== at 0x4C2BB1F: malloc (vg_replace_malloc.c:298) - ==23371== by 0x4C2DE9F: realloc (vg_replace_malloc.c:785) - ==23371== by 0x4E545C2: lsx_realloc (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1) - ==23371== by 0x9FBC9A0: ??? (in /usr/lib/x86_64-linux-gnu/sox/libsox_fmt_vorbis.so) - ==23371== by 0x4E524F1: ??? (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1) - ==23371== by 0x4E52CCA: sox_open_write (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1) - ==23371== by 0x10D82A: open_output_file (sox.c:1556) - ==23371== by 0x10D82A: process (sox.c:1753) - ==23371== by 0x10D82A: main (sox.c:3012) - -as seen when using the testcase from CVE-2017-11333 with -008d23b782be09c8d75ba8190b1794abd66c7121 applied. However the error was -there before. ---- - lib/info.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/lib/info.c b/lib/info.c -index 7bc4ea4..8d0b2ed 100644 ---- a/lib/info.c -+++ b/lib/info.c -@@ -589,6 +589,7 @@ int vorbis_analysis_headerout(vorbis_dsp_state *v, - private_state *b=v->backend_state; - - if(!b||vi->channels<=0||vi->channels>256){ -+ b = NULL; - ret=OV_EFAULT; - goto err_out; - } --- -2.15.1 - diff --git a/gnu/packages/patches/libvorbis-CVE-2017-14633.patch b/gnu/packages/patches/libvorbis-CVE-2017-14633.patch deleted file mode 100644 index ec6bf5265c..0000000000 --- a/gnu/packages/patches/libvorbis-CVE-2017-14633.patch +++ /dev/null @@ -1,43 +0,0 @@ -Fix CVE-2017-14633: - -https://gitlab.xiph.org/xiph/vorbis/issues/2329 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633 - -Patch copied from upstream source repository: - -https://gitlab.xiph.org/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993 - -From a79ec216cd119069c68b8f3542c6a425a74ab993 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org> -Date: Tue, 31 Oct 2017 18:32:46 +0100 -Subject: [PATCH] CVE-2017-14633: Don't allow for more than 256 channels - -Otherwise - - for(i=0;i<vi->channels;i++){ - /* the encoder setup assumes that all the modes used by any - specific bitrate tweaking use the same floor */ - int submap=info->chmuxlist[i]; - -overreads later in mapping0_forward since chmuxlist is a fixed array of -256 elements max. ---- - lib/info.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/info.c b/lib/info.c -index fe759ed..7bc4ea4 100644 ---- a/lib/info.c -+++ b/lib/info.c -@@ -588,7 +588,7 @@ int vorbis_analysis_headerout(vorbis_dsp_state *v, - oggpack_buffer opb; - private_state *b=v->backend_state; - -- if(!b||vi->channels<=0){ -+ if(!b||vi->channels<=0||vi->channels>256){ - ret=OV_EFAULT; - goto err_out; - } --- -2.15.1 - diff --git a/gnu/packages/patches/libxcb-python-3.5-compat.patch b/gnu/packages/patches/libxcb-python-3.5-compat.patch deleted file mode 100644 index f652498aad..0000000000 --- a/gnu/packages/patches/libxcb-python-3.5-compat.patch +++ /dev/null @@ -1,64 +0,0 @@ -Fix compatibility issue with Python 3.5. - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/xcb/libxcb/commit/?id=8740a288ca468433141341347aa115b9544891d3 - -From 8740a288ca468433141341347aa115b9544891d3 Mon Sep 17 00:00:00 2001 -From: Thomas Klausner <wiz@NetBSD.org> -Date: Thu, 19 May 2016 17:31:18 +0200 -Subject: [PATCH] Fix inconsistent use of tabs vs. space. - -Needed for at least python-3.5.x. - -Signed-off-by: Thomas Klausner <wiz@NetBSD.org> -Signed-off-by: Uli Schlachter <psychon@znc.in> ---- - src/c_client.py | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/src/c_client.py b/src/c_client.py -index 57de3fb..043338d 100644 ---- a/src/c_client.py -+++ b/src/c_client.py -@@ -1364,7 +1364,7 @@ def _c_serialize(context, self): - _c(' unsigned int xcb_align_to = 0;') - if self.is_switch: - _c(' unsigned int xcb_padding_offset = %d;', -- self.get_align_offset() ) -+ self.get_align_offset() ) - prefix = [('_aux', '->', self)] - aux_ptr = 'xcb_out' - -@@ -1390,7 +1390,7 @@ def _c_serialize(context, self): - _c(' unsigned int xcb_align_to = 0;') - if self.is_switch: - _c(' unsigned int xcb_padding_offset = %d;', -- self.get_align_offset() ) -+ self.get_align_offset() ) - - elif 'sizeof' == context: - param_names = [p[2] for p in params] -@@ -1930,14 +1930,14 @@ def _c_accessors_list(self, field): - # from the request size and divide that by the member size - return '(((R->length * 4) - sizeof('+ self.c_type + '))/'+'sizeof('+field.type.member.c_wiretype+'))' - else: -- # use the accessor to get the start of the list, then -- # compute the length of it by subtracting it from -+ # use the accessor to get the start of the list, then -+ # compute the length of it by subtracting it from - # the adress of the first byte after the end of the - # request -- after_end_of_request = '(((char*)R) + R->length * 4)' -- start_of_list = '%s(R)' % (field.c_accessor_name) -+ after_end_of_request = '(((char*)R) + R->length * 4)' -+ start_of_list = '%s(R)' % (field.c_accessor_name) - bytesize_of_list = '%s - (char*)(%s)' % (after_end_of_request, start_of_list) -- return '(%s) / sizeof(%s)' % (bytesize_of_list, field.type.member.c_wiretype) -+ return '(%s) / sizeof(%s)' % (bytesize_of_list, field.type.member.c_wiretype) - else: - raise Exception( - "lengthless lists with varsized members are not supported. Fieldname '%s'" --- -2.11.1 - diff --git a/gnu/packages/patches/libziparchive-add-includes.patch b/gnu/packages/patches/libziparchive-add-includes.patch new file mode 100644 index 0000000000..41137105a0 --- /dev/null +++ b/gnu/packages/patches/libziparchive-add-includes.patch @@ -0,0 +1,10 @@ +--- a/libziparchive/zip_writer.cc 2018-04-25 22:33:05.472674164 +0200 ++++ b/libziparchive/zip_writer.cc 2018-04-25 22:33:21.296519518 +0200 +@@ -22,6 +22,7 @@ + + #include <sys/param.h> + ++#include <cstring> + #include <cassert> + #include <cstdio> + #include <memory> diff --git a/gnu/packages/patches/make-glibc-compat.patch b/gnu/packages/patches/make-glibc-compat.patch new file mode 100644 index 0000000000..9ce7f2b5bf --- /dev/null +++ b/gnu/packages/patches/make-glibc-compat.patch @@ -0,0 +1,52 @@ +Work with the new glob interface in glibc 2.27. + +Taken from this upstream commit: +https://git.savannah.gnu.org/cgit/make.git/commit/?id=193f1e81edd6b1b56b0eb0ff8aa4b41c7b4257b4 + +diff --git a/dir.c b/dir.c +index adbb8a9..c343e4c 100644 +--- a/dir.c ++++ b/dir.c +@@ -1299,15 +1299,40 @@ local_stat (const char *path, struct stat *buf) + } + #endif + ++/* Similarly for lstat. */ ++#if !defined(lstat) && !defined(WINDOWS32) || defined(VMS) ++# ifndef VMS ++# ifndef HAVE_SYS_STAT_H ++int lstat (const char *path, struct stat *sbuf); ++# endif ++# else ++ /* We are done with the fake lstat. Go back to the real lstat */ ++# ifdef lstat ++# undef lstat ++# endif ++# endif ++# define local_lstat lstat ++#elif defined(WINDOWS32) ++/* Windows doesn't support lstat(). */ ++# define local_lstat local_stat ++#else ++static int ++local_lstat (const char *path, struct stat *buf) ++{ ++ int e; ++ EINTRLOOP (e, lstat (path, buf)); ++ return e; ++} ++#endif ++ + void + dir_setup_glob (glob_t *gl) + { + gl->gl_opendir = open_dirstream; + gl->gl_readdir = read_dirstream; + gl->gl_closedir = free; ++ gl->gl_lstat = local_lstat; + gl->gl_stat = local_stat; +- /* We don't bother setting gl_lstat, since glob never calls it. +- The slot is only there for compatibility with 4.4 BSD. */ + } + + void diff --git a/gnu/packages/patches/maven-generate-component-xml.patch b/gnu/packages/patches/maven-generate-component-xml.patch new file mode 100644 index 0000000000..6cb23c7858 --- /dev/null +++ b/gnu/packages/patches/maven-generate-component-xml.patch @@ -0,0 +1,171 @@ +From da9e282d834f0e2128501a8154128dc95b4c599d Mon Sep 17 00:00:00 2001 +From: Julien Lepiller <julien@lepiller.eu> +Date: Sat, 9 Sep 2017 20:34:38 +0200 +Subject: [PATCH] Add a script to generate component.xml files. + +plexus-component-metadata is normally used for this task, but it +depends on maven-core, which depends on maven-model-builder, which needs +plexus-component-metadata. This script is meant to break this dependency +cycle. +--- + components.sh | 132 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 132 insertions(+) + create mode 100755 components.sh + +diff --git a/components.sh b/components.sh +new file mode 100755 +index 0000000..c6748bd +--- /dev/null ++++ b/components.sh +@@ -0,0 +1,148 @@ ++## This script generates a rough plexus/components.xml file. It is meant to ++## replace plexus-component-metadata as it eventually has a recursive dependency ++## on itself. ++## ++## This script must be run in the source directory (usually src/main/java). ++ ++# Finds the complete name from a class name. ++function find_role() { ++ role=$1 ++ # Find role ++ case $role in ++ "SettingsWriter" | "SettingsReader") ++ role=org.apache.maven.settings.io.$role ++ ;; ++ "SecDispatcher") ++ role=org.sonatype.plexus.components.sec.dispatcher.$role ++ ;; ++ "SettingsDecrypter") ++ role=org.apache.maven.settings.crypto.$role ++ ;; ++ "SettingsBuilder") ++ role=org.apache.maven.settings.building.$role ++ ;; ++ "SettingsValidator") ++ role=org.apache.maven.settings.validation.$role ++ ;; ++ "LoggerFactory") ++ role=org.eclipse.aether.spi.log.$role ++ ;; ++ "RemoteRepositoryManager" | "VersionResolver" | "VersionRangeResolver" \ ++ | "ArtifactResolver" | "RepositoryEventDispatcher" | "MetadataResolver" \ ++ | "SyncContextFactory" | "MetadataGeneratorFactory" | "MetadatResolver" \ ++ | "ArtifactDescriptorReader") ++ role=org.eclipse.aether.impl.$role ++ ;; ++ "ModelBuilder" | "ModelProcessor") ++ role=org.apache.maven.model.building.$role ++ ;; ++ "ModelValidator") ++ role=org.apache.maven.model.validation.$role ++ ;; ++ "ProfileInjector" | "ProfileSelector") ++ role=org.apache.maven.model.profile.$role ++ ;; ++ "ProfileActivator") ++ role=org.apache.maven.model.profile.activation.$role ++ ;; ++ "SuperPomProvider") ++ role=org.apache.maven.model.superpom.$role ++ ;; ++ "ReportConfigurationExpander" | "PluginConfigurationExpander" \ ++ | "ReportingConverter" | "LifecycleBindingsInjector") ++ role=org.apache.maven.model.plugin.$role ++ ;; ++ "ModelLocator") ++ role=org.apache.maven.model.locator.$role ++ ;; ++ "ModelPathTranslator" | "PathTranslator" | "UrlNormalizer" | "ModelUrlNormalizer") ++ role=org.apache.maven.model.path.$role ++ ;; ++ "DependencyManagementInjector" | "PluginManagementInjector") ++ role=org.apache.maven.model.management.$role ++ ;; ++ "ModelWriter" | "ModelReader") ++ role=org.apache.maven.model.io.$role ++ ;; ++ "DependencyManagementImporter") ++ role=org.apache.maven.model.composition.$role ++ ;; ++ "ModelNormalizer") ++ role=org.apache.maven.model.normalization.$role ++ ;; ++ "ModelInterpolator") ++ role=org.apache.maven.model.interpolation.$role ++ ;; ++ "InheritanceAssembler") ++ role=org.apache.maven.model.inheritance.$role ++ ;; ++ *) ++ role=$role ++ ;; ++ esac ++ echo $role ++} ++ ++function generate_xml() { ++echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" ++echo "<component-set>" ++echo "<components>" ++ ++for file in `find -name '*.java'`; do ++ annot=`grep "@Component" $file` ++ if [ "$?" == "0" ]; then ++ # We have a component! ++ role=$(echo $annot | sed 's|.*role = \(.*\).class.*|\1|') ++ role_hint=$(echo $annot | sed 's|.*hint = "\(.*\)" .*|\1|') ++ if [ "$role_hint" = "$annot" ]; then ++ role_hint=default ++ fi ++ implem=$(echo $file | sed -e 's|^\./||' -e 's|\.java||' -e 's|/|.|g') ++ role=$(find_role $role) ++ ++ echo "<component>" ++ echo " <role>$role</role>" ++ echo " <role-hint>$role_hint</role-hint>" ++ echo " <implementation>$implem</implementation>" ++ echo " <description />" ++ echo " <isolated-realm>false</isolated-realm>" ++ echo " <requirements>" ++ reqn=1 ++ cont=true ++ while [ "$cont" = "true" ]; do ++ requirement=$(grep "@Requirement" $file -A1 | head -n ${reqn} | tail -1) ++ ((reqn++)) ++ property=$(grep "@Requirement" $file -A1 | head -n ${reqn} | tail -1) ++ if (echo $requirement | grep "@Requirement" >/dev/null); then ++ ((reqn++)) ++ ((reqn++)) ++ optional=$(echo $requirement | sed 's|.*optional = \(.*\) .*|\1|') ++ req_role=$(echo $requirement | sed 's|.*role = \(.*\).class .*|\1|') ++ if (echo $req_role | grep "@Requirement" >/dev/null); then ++ req_role=$(echo $property | sed 's|.*private \(.*\) .*|\1|') ++ fi ++ req_role=$(find_role $req_role) ++ req_name=$(echo $property | sed 's|[^ ]* [^ ]* \([^ ;]*\).*|\1|') ++ echo " <requirement>" ++ echo " <role>$req_role</role>" ++ echo " <field-name>$req_name</field-name>" ++ if (echo $optional | grep "@Requirement" >/dev/null); then ++ : ++ else ++ echo " <optional>$optional</optional>" ++ fi ++ echo " </requirement>" ++ else ++ cont=false ++ fi ++ done ++ echo " </requirements>" ++ echo "</component>" ++ fi ++done ++ ++echo "</components>" ++echo "</component-set>" ++} ++ ++(cd $1; generate_xml) > $2 +-- +2.14.1 + diff --git a/gnu/packages/patches/maven-generate-javax-inject-named.patch b/gnu/packages/patches/maven-generate-javax-inject-named.patch new file mode 100644 index 0000000000..b8eba5ab90 --- /dev/null +++ b/gnu/packages/patches/maven-generate-javax-inject-named.patch @@ -0,0 +1,31 @@ +From 1d20c0e403f1a38d4aca830e0eb4db03ba43efd3 Mon Sep 17 00:00:00 2001 +From: Julien Lepiller <julien@lepiller.eu> +Date: Tue, 19 Sep 2017 22:21:29 +0200 +Subject: [PATCH] Add sisu-maven-plugin replacement + +--- + sisu.sh | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + create mode 100755 sisu.sh + +diff --git a/sisu.sh b/sisu.sh +new file mode 100755 +index 0000000..979f373 +--- /dev/null ++++ b/sisu.sh +@@ -0,0 +1,12 @@ ++## This script generates a rough javax.inject.Named file. It is meant to ++## replace sisu-maven-plugin as it eventually has a recursive dependency ++## on maven. ++## ++## This script must be run in the source directory (usually src/main/java). ++ ++for file in `(cd $1; find -name '*.java')`; do ++ annot=`grep "^@Named" $1/$file` ++ if [ "$annot" != "" ]; then ++ echo $file | sed -e 's|^\./||' -e 's|\.java||' -e 's|/|.|g' ++ fi ++done > $2 +-- +2.14.1 + diff --git a/gnu/packages/patches/mumble-1.2.19-abs.patch b/gnu/packages/patches/mumble-1.2.19-abs.patch new file mode 100644 index 0000000000..683325f4bc --- /dev/null +++ b/gnu/packages/patches/mumble-1.2.19-abs.patch @@ -0,0 +1,31 @@ +From ea861fe86743c8402bbad77d8d1dd9de8dce447e Mon Sep 17 00:00:00 2001 +From: Mikkel Krautz <mikkel@krautz.dk> +Date: Fri, 29 Dec 2017 14:47:25 +0100 +Subject: [PATCH] AudioOutput: do not use non-existant template version of + std::abs. + +This change fixes AudioOutput to use the float overload of std::abs: + + float std::abs(float); + +instead of a non-existant template version (for newer Boost 1.66). + +Fixes mumble-voip/mumble#3281 + +--- + src/mumble/AudioOutput.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/mumble/AudioOutput.cpp b/src/mumble/AudioOutput.cpp +index cbe0c0e2b..7a0a5e2ab 100644 +--- a/src/mumble/AudioOutput.cpp ++++ b/src/mumble/AudioOutput.cpp +@@ -437,7 +437,7 @@ bool AudioOutput::mix(void *outbuff, unsigned int nsamp) { + top[2] = 0.0f; + } + +- if (std::abs<float>(front[0] * top[0] + front[1] * top[1] + front[2] * top[2]) > 0.01f) { ++ if (std::abs(front[0] * top[0] + front[1] * top[1] + front[2] * top[2]) > 0.01f) { + // Not perpendicular. Assume Y up and rotate 90 degrees. + + float azimuth = 0.0f; diff --git a/gnu/packages/patches/mupdf-CVE-2017-17858.patch b/gnu/packages/patches/mupdf-CVE-2017-17858.patch deleted file mode 100644 index 66df127509..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2017-17858.patch +++ /dev/null @@ -1,111 +0,0 @@ -Fix CVE-2017-17858: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17858 -https://bugs.ghostscript.com/show_bug.cgi?id=698819 -https://github.com/mzet-/Security-Advisories/blob/master/mzet-adv-2017-01.md - -Patch copied from upstream source repository: - -https://git.ghostscript.com/?p=mupdf.git;a=commit;h=55c3f68d638ac1263a386e0aaa004bb6e8bde731 - -From 55c3f68d638ac1263a386e0aaa004bb6e8bde731 Mon Sep 17 00:00:00 2001 -From: Sebastian Rasmussen <sebras@gmail.com> -Date: Mon, 11 Dec 2017 14:09:15 +0100 -Subject: [PATCH] Bugs 698804/698810/698811: Keep PDF object numbers below - limit. - -This ensures that: - * xref tables with objects pointers do not grow out of bounds. - * other readers, e.g. Adobe Acrobat can parse PDFs written by mupdf. ---- - include/mupdf/pdf/object.h | 3 +++ - source/pdf/pdf-repair.c | 5 +---- - source/pdf/pdf-xref.c | 21 ++++++++++++--------- - 3 files changed, 16 insertions(+), 13 deletions(-) - -diff --git a/include/mupdf/pdf/object.h b/include/mupdf/pdf/object.h -index 21ed8595..4177112b 100644 ---- a/include/mupdf/pdf/object.h -+++ b/include/mupdf/pdf/object.h -@@ -3,6 +3,9 @@ - - typedef struct pdf_document_s pdf_document; - -+/* Defined in PDF 1.7 according to Acrobat limit. */ -+#define PDF_MAX_OBJECT_NUMBER 8388607 -+ - /* - * Dynamic objects. - * The same type of objects as found in PDF and PostScript. -diff --git a/source/pdf/pdf-repair.c b/source/pdf/pdf-repair.c -index ca149bd3..0c29758e 100644 ---- a/source/pdf/pdf-repair.c -+++ b/source/pdf/pdf-repair.c -@@ -6,9 +6,6 @@ - - /* Scan file for objects and reconstruct xref table */ - --/* Define in PDF 1.7 to be 8388607, but mupdf is more lenient. */ --#define MAX_OBJECT_NUMBER (10 << 20) -- - struct entry - { - int num; -@@ -436,7 +433,7 @@ pdf_repair_xref(fz_context *ctx, pdf_document *doc) - break; - } - -- if (num <= 0 || num > MAX_OBJECT_NUMBER) -+ if (num <= 0 || num > PDF_MAX_OBJECT_NUMBER) - { - fz_warn(ctx, "ignoring object with invalid object number (%d %d R)", num, gen); - goto have_next_token; -diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c -index 00586dbd..6284e70b 100644 ---- a/source/pdf/pdf-xref.c -+++ b/source/pdf/pdf-xref.c -@@ -868,11 +868,12 @@ pdf_read_old_xref(fz_context *ctx, pdf_document *doc, pdf_lexbuf *buf) - fz_seek(ctx, file, -(2 + (int)strlen(s)), SEEK_CUR); - } - -- if (ofs < 0) -- fz_throw(ctx, FZ_ERROR_GENERIC, "out of range object num in xref: %d", (int)ofs); -- if (ofs > INT64_MAX - len) -- fz_throw(ctx, FZ_ERROR_GENERIC, "xref section object numbers too big"); -- -+ if (ofs < 0 || ofs > PDF_MAX_OBJECT_NUMBER -+ || len < 0 || len > PDF_MAX_OBJECT_NUMBER -+ || ofs + len - 1 > PDF_MAX_OBJECT_NUMBER) -+ { -+ fz_throw(ctx, FZ_ERROR_GENERIC, "xref subsection object numbers are out of range"); -+ } - /* broken pdfs where size in trailer undershoots entries in xref sections */ - if (ofs + len > xref_len) - { -@@ -933,10 +934,8 @@ pdf_read_new_xref_section(fz_context *ctx, pdf_document *doc, fz_stream *stm, in - pdf_xref_entry *table; - int i, n; - -- if (i0 < 0 || i1 < 0 || i0 > INT_MAX - i1) -- fz_throw(ctx, FZ_ERROR_GENERIC, "negative xref stream entry index"); -- //if (i0 + i1 > pdf_xref_len(ctx, doc)) -- // fz_throw(ctx, FZ_ERROR_GENERIC, "xref stream has too many entries"); -+ if (i0 < 0 || i0 > PDF_MAX_OBJECT_NUMBER || i1 < 0 || i1 > PDF_MAX_OBJECT_NUMBER || i0 + i1 - 1 > PDF_MAX_OBJECT_NUMBER) -+ fz_throw(ctx, FZ_ERROR_GENERIC, "xref subsection object numbers are out of range"); - - table = pdf_xref_find_subsection(ctx, doc, i0, i1); - for (i = i0; i < i0 + i1; i++) -@@ -2086,6 +2085,10 @@ pdf_create_object(fz_context *ctx, pdf_document *doc) - /* TODO: reuse free object slots by properly linking free object chains in the ofs field */ - pdf_xref_entry *entry; - int num = pdf_xref_len(ctx, doc); -+ -+ if (num > PDF_MAX_OBJECT_NUMBER) -+ fz_throw(ctx, FZ_ERROR_GENERIC, "too many objects stored in pdf"); -+ - entry = pdf_get_incremental_xref_entry(ctx, doc, num); - entry->type = 'f'; - entry->ofs = -1; --- -2.16.1 - diff --git a/gnu/packages/patches/mupdf-CVE-2018-1000051.patch b/gnu/packages/patches/mupdf-CVE-2018-1000051.patch deleted file mode 100644 index bb78c46f80..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2018-1000051.patch +++ /dev/null @@ -1,88 +0,0 @@ -Fix CVE-2018-1000051: - -https://bugs.ghostscript.com/show_bug.cgi?id=698873 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000051 - -Patch copied from upstream source repository: - -https://git.ghostscript.com/?p=mupdf.git;a=commit;h=321ba1de287016b0036bf4a56ce774ad11763384 - -From 321ba1de287016b0036bf4a56ce774ad11763384 Mon Sep 17 00:00:00 2001 -From: Sebastian Rasmussen <sebras@gmail.com> -Date: Tue, 19 Dec 2017 23:47:47 +0100 -Subject: [PATCH] Bug 698825: Do not drop borrowed colorspaces. - -Previously the borrowed colorspace was dropped when updating annotation -appearances, leading to use after free warnings from valgrind/ASAN. ---- - source/pdf/pdf-appearance.c | 8 ++------ - 1 file changed, 2 insertions(+), 6 deletions(-) - -diff --git a/source/pdf/pdf-appearance.c b/source/pdf/pdf-appearance.c -index 70f684f4..d7a1dddd 100644 ---- a/source/pdf/pdf-appearance.c -+++ b/source/pdf/pdf-appearance.c -@@ -2170,7 +2170,6 @@ void pdf_update_free_text_annot_appearance(fz_context *ctx, pdf_document *doc, p - fz_device *dev = NULL; - font_info font_rec; - fz_text *text = NULL; -- fz_colorspace *cs = NULL; - fz_matrix page_ctm; - - pdf_page_transform(ctx, annot->page, NULL, &page_ctm); -@@ -2184,11 +2183,11 @@ void pdf_update_free_text_annot_appearance(fz_context *ctx, pdf_document *doc, p - fz_var(dlist); - fz_var(dev); - fz_var(text); -- fz_var(cs); - fz_try(ctx) - { - char *contents = pdf_to_str_buf(ctx, pdf_dict_get(ctx, obj, PDF_NAME_Contents)); - char *da = pdf_to_str_buf(ctx, pdf_dict_get(ctx, obj, PDF_NAME_DA)); -+ fz_colorspace *cs; - fz_point pos; - fz_rect rect; - -@@ -2223,7 +2222,6 @@ void pdf_update_free_text_annot_appearance(fz_context *ctx, pdf_document *doc, p - fz_drop_display_list(ctx, dlist); - font_info_fin(ctx, &font_rec); - fz_drop_text(ctx, text); -- fz_drop_colorspace(ctx, cs); - } - fz_catch(ctx) - { -@@ -2359,7 +2357,6 @@ void pdf_set_signature_appearance(fz_context *ctx, pdf_document *doc, pdf_annot - fz_device *dev = NULL; - font_info font_rec; - fz_text *text = NULL; -- fz_colorspace *cs = NULL; - fz_path *path = NULL; - fz_buffer *fzbuf = NULL; - fz_matrix page_ctm; -@@ -2375,7 +2372,6 @@ void pdf_set_signature_appearance(fz_context *ctx, pdf_document *doc, pdf_annot - fz_var(dlist); - fz_var(dev); - fz_var(text); -- fz_var(cs); - fz_var(fzbuf); - fz_try(ctx) - { -@@ -2384,6 +2380,7 @@ void pdf_set_signature_appearance(fz_context *ctx, pdf_document *doc, pdf_annot - fz_rect logo_bounds; - fz_matrix logo_tm; - fz_rect rect; -+ fz_colorspace *cs = fz_device_rgb(ctx); /* Borrowed reference */ - - pdf_to_rect(ctx, pdf_dict_get(ctx, annot->obj, PDF_NAME_Rect), &annot_rect); - rect = annot_rect; -@@ -2396,7 +2393,6 @@ void pdf_set_signature_appearance(fz_context *ctx, pdf_document *doc, pdf_annot - fz_bound_path(ctx, path, NULL, &fz_identity, &logo_bounds); - center_rect_within_rect(&logo_bounds, &rect, &logo_tm); - fz_concat(&logo_tm, &logo_tm, &page_ctm); -- cs = fz_device_rgb(ctx); /* Borrowed reference */ - fz_fill_path(ctx, dev, path, 0, &logo_tm, cs, logo_color, 1.0f, NULL); - - get_font_info(ctx, doc, dr, da, &font_rec); --- -2.16.3 - diff --git a/gnu/packages/patches/mupdf-CVE-2018-6544.patch b/gnu/packages/patches/mupdf-CVE-2018-6544.patch deleted file mode 100644 index b2c8f849f3..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2018-6544.patch +++ /dev/null @@ -1,109 +0,0 @@ -Fix CVE-2018-6544: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6544 -https://bugs.ghostscript.com/show_bug.cgi?id=698830 -https://bugs.ghostscript.com/show_bug.cgi?id=698965 - -Patches copied from upstream source repository: - -https://git.ghostscript.com/?p=mupdf.git;h=26527eef77b3e51c2258c8e40845bfbc015e405d -https://git.ghostscript.com/?p=mupdf.git;h=b03def134988da8c800adac1a38a41a1f09a1d89 - -From b03def134988da8c800adac1a38a41a1f09a1d89 Mon Sep 17 00:00:00 2001 -From: Sebastian Rasmussen <sebras@gmail.com> -Date: Thu, 1 Feb 2018 16:36:14 +0100 -Subject: [PATCH] Bug 698830: Avoid recursion when loading object streams - objects. - -If there were indirect references in the object stream dictionary and -one of those indirect references referred to an object inside the object -stream itself, mupdf would previously enter recursion only bounded by the -exception stack. After this commit the object stream is checked if it is -marked immediately after being loaded. If it is marked then we terminate -the recursion at this point, if it is not marked then mark it and -attempt to load the desired object within. We also take care to unmark -the stream object when done or upon exception. ---- - source/pdf/pdf-xref.c | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - -diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c -index 723b543c..ed09094c 100644 ---- a/source/pdf/pdf-xref.c -+++ b/source/pdf/pdf-xref.c -@@ -1576,6 +1576,19 @@ pdf_load_obj_stm(fz_context *ctx, pdf_document *doc, int num, pdf_lexbuf *buf, i - { - objstm = pdf_load_object(ctx, doc, num); - -+ if (pdf_obj_marked(ctx, objstm)) -+ fz_throw(ctx, FZ_ERROR_GENERIC, "recursive object stream lookup"); -+ } -+ fz_catch(ctx) -+ { -+ pdf_drop_obj(ctx, objstm); -+ fz_rethrow(ctx); -+ } -+ -+ fz_try(ctx) -+ { -+ pdf_mark_obj(ctx, objstm); -+ - count = pdf_to_int(ctx, pdf_dict_get(ctx, objstm, PDF_NAME_N)); - first = pdf_to_int(ctx, pdf_dict_get(ctx, objstm, PDF_NAME_First)); - -@@ -1655,6 +1668,7 @@ pdf_load_obj_stm(fz_context *ctx, pdf_document *doc, int num, pdf_lexbuf *buf, i - fz_drop_stream(ctx, stm); - fz_free(ctx, ofsbuf); - fz_free(ctx, numbuf); -+ pdf_unmark_obj(ctx, objstm); - pdf_drop_obj(ctx, objstm); - } - fz_catch(ctx) --- -2.16.3 - -From 26527eef77b3e51c2258c8e40845bfbc015e405d Mon Sep 17 00:00:00 2001 -From: Sebastian Rasmussen <sebras@gmail.com> -Date: Mon, 29 Jan 2018 02:00:48 +0100 -Subject: [PATCH] Bug 698830: Don't drop unkept stream if running out of error - stack. - -Under normal conditions where fz_keep_stream() is called inside -fz_try() we may call fz_drop_stream() in fz_catch() upon exceptions. -The issue comes when fz_keep_stream() has not yet been called but is -dropped in fz_catch(). This happens in the PDF from the bug when -fz_try() runs out of exception stack, and next the code in fz_catch() -runs, dropping the caller's reference to the filter chain stream! - -The simplest way of fixing this it to always keep the filter chain -stream before fz_try() is called. That way fz_catch() may drop the -stream whether an exception has occurred or if the fz_try() ran out of -exception stack. ---- - source/pdf/pdf-stream.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/source/pdf/pdf-stream.c b/source/pdf/pdf-stream.c -index c89da5c4..c6ba7ad3 100644 ---- a/source/pdf/pdf-stream.c -+++ b/source/pdf/pdf-stream.c -@@ -303,14 +303,13 @@ pdf_open_raw_filter(fz_context *ctx, fz_stream *chain, pdf_document *doc, pdf_ob - *orig_gen = 0; - } - -- fz_var(chain); -+ chain = fz_keep_stream(ctx, chain); - - fz_try(ctx) - { - len = pdf_to_int(ctx, pdf_dict_get(ctx, stmobj, PDF_NAME_Length)); - -- /* don't close chain when we close this filter */ -- chain2 = fz_keep_stream(ctx, chain); -+ chain2 = chain; - chain = NULL; - chain = fz_open_null(ctx, chain2, len, offset); - --- -2.16.3 - diff --git a/gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch b/gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch deleted file mode 100644 index d5c9c60242..0000000000 --- a/gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch +++ /dev/null @@ -1,27 +0,0 @@ -Make it possible to build MuPDF with OpenJPEG 2.3, which is the latest -release series and contains many important bug fixes. - -Patch adapted from Debian: - -https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745246 - -And related to this upstream commit: - -http://git.ghostscript.com/?p=mupdf.git;a=commit;h=f88bfe2e62dbadb96d4f52d7aa025f0a516078da - -diff --git a/source/fitz/load-jpx.c b/source/fitz/load-jpx.c -index 65699ba..ea84778 100644 ---- a/source/fitz/load-jpx.c -+++ b/source/fitz/load-jpx.c -@@ -445,11 +445,6 @@ fz_load_jpx_info(fz_context *ctx, const unsigned char *data, size_t size, int *w - - #else /* HAVE_LURATECH */ - --#define OPJ_STATIC --#define OPJ_HAVE_INTTYPES_H --#if !defined(_MSC_VER) || _MSC_VER >= 1600 --#define OPJ_HAVE_STDINT_H --#endif - #define USE_JPIP - - #include <openjpeg.h> diff --git a/gnu/packages/patches/myrepos-CVE-2018-7032.patch b/gnu/packages/patches/myrepos-CVE-2018-7032.patch new file mode 100644 index 0000000000..ce9493e5f9 --- /dev/null +++ b/gnu/packages/patches/myrepos-CVE-2018-7032.patch @@ -0,0 +1,69 @@ +http://source.myrepos.branchable.com/?p=source.git;a=patch;h=40a3df21c73f1bb1b6915cc6fa503f50814664c8 +This can be removed with the next release. It was modified slightly to apply + +From 40a3df21c73f1bb1b6915cc6fa503f50814664c8 Mon Sep 17 00:00:00 2001 +From: Paul Wise <pabs3@bonedaddy.net> +Date: Sun, 11 Feb 2018 21:57:49 +0800 +Subject: [PATCH] Mitigate vulnerabilities caused by some git remotes being + able to execute code + +Set GIT_PROTOCOL_FROM_USER=0 with git versions newer than 2.12. + +Prevent remote websites from causing cloning of local repositories. + +Manually whitelist known-safe protocols (http, https, git, ssh) +when using git versions older than 2.12. + +Fixes: CVE-2018-7032 +Fixes: https://bugs.debian.org/840014 +Suggestions-by: Jakub Wilk <jwilk@jwilk.net> +Reported-by: Jakub Wilk <jwilk@jwilk.net> +--- + webcheckout | 22 +++++++++++++++++++++- + 1 file changed, 21 insertions(+), 1 deletion(-) + +diff --git a/webcheckout b/webcheckout +index e98da5c..de497ba 100755 +--- a/webcheckout ++++ b/webcheckout +@@ -71,6 +71,16 @@ use Getopt::Long; + use warnings; + use strict; + ++# Mitigate some git remote types being dangerous ++my $git_unsafe = 1; ++my $git_version = `git --version`; ++$git_version =~ s{^git version }{}; ++my ($major, $minor) = split(/\./, $git_version); ++if (int($major) >= 2 && int($minor) >= 12) { ++ $ENV{GIT_PROTOCOL_FROM_USER} = 0; ++ $git_unsafe = 0; ++} ++ + # What to download. + my $url; + +@@ -89,7 +99,17 @@ my $destdir; + + # how to perform checkouts + my %handlers=( +- git => sub { doit("git", "clone", shift, $destdir) }, +- svn => sub { doit("svn", "checkout", shift, $destdir) }, +- bzr => sub { doit("bzr", "branch", shift, $destdir) }, ++ git => sub { ++ my $git_url = shift; ++ # Reject unsafe URLs with older versions of git ++ # that do not already check the URL safety. ++ if ($git_unsafe && $git_url !~ m{^(?:(?:https?|git|ssh):[^:]|(?:[-_.A-Za-z0-9]+@)?[-_.A-Za-z0-9]+:(?!:|//))}) { ++ print STDERR "potentially unsafe git URL, may fail, touch local files or execute arbitrary code\n"; ++ return 1; ++ } ++ # Reject cloning local directories too, webcheckout is for remote repos ++ doit(qw(git -c protocol.file.allow=user clone --), $git_url, $destdir) ++ }, ++ svn => sub { doit(qw(svn checkout --), shift, $destdir) }, ++ bzr => sub { doit(qw(bzr branch --), shift, $destdir) }, + ); +-- +2.11.0 + diff --git a/gnu/packages/patches/opensmtpd-fix-crash.patch b/gnu/packages/patches/opensmtpd-fix-crash.patch new file mode 100644 index 0000000000..0030167533 --- /dev/null +++ b/gnu/packages/patches/opensmtpd-fix-crash.patch @@ -0,0 +1,44 @@ +From 9b5f70b93e038df5446bd37a4adac5a0380748e7 Mon Sep 17 00:00:00 2001 +From: johannes <johannes.brechtmann@gmail.com> +Date: Wed, 21 Feb 2018 23:57:11 +0100 +Subject: [PATCH] crypt_checkpass: include HAVE_CRYPT_H definition, add NULL + check + +--- + openbsd-compat/crypt_checkpass.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/openbsd-compat/crypt_checkpass.c b/openbsd-compat/crypt_checkpass.c +index dafd2dae..d10b3a57 100644 +--- a/openbsd-compat/crypt_checkpass.c ++++ b/openbsd-compat/crypt_checkpass.c +@@ -1,5 +1,6 @@ + /* OPENBSD ORIGINAL: lib/libc/crypt/cryptutil.c */ + ++#include "includes.h" + #include <errno.h> + #ifdef HAVE_CRYPT_H + #include <crypt.h> +@@ -10,6 +11,8 @@ + int + crypt_checkpass(const char *pass, const char *goodhash) + { ++ char *c; ++ + if (goodhash == NULL) + goto fail; + +@@ -17,7 +20,11 @@ crypt_checkpass(const char *pass, const char *goodhash) + if (strlen(goodhash) == 0 && strlen(pass) == 0) + return 0; + +- if (strcmp(crypt(pass, goodhash), goodhash) == 0) ++ c = crypt(pass, goodhash); ++ if (c == NULL) ++ goto fail; ++ ++ if (strcmp(c, goodhash) == 0) + return 0; + + fail: + diff --git a/gnu/packages/patches/patch-hurd-path-max.patch b/gnu/packages/patches/patch-hurd-path-max.patch index 81e37930c2..1845a5803b 100644 --- a/gnu/packages/patches/patch-hurd-path-max.patch +++ b/gnu/packages/patches/patch-hurd-path-max.patch @@ -13,7 +13,7 @@ Subject: [PATCH] Do not rely on PATH_MAX when reading a symlink target. 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/util.c b/src/util.c -index 82a7e37..c4c0f9d 100644 +index 1cc08ba..67dbd3a 100644 --- a/src/util.c +++ b/src/util.c @@ -460,12 +460,12 @@ move_file (char const *from, bool *from_needs_removal, @@ -31,18 +31,19 @@ index 82a7e37..c4c0f9d 100644 size += i; if (i != 0 || close (fd) != 0) read_fatal (); -@@ -610,9 +610,9 @@ copy_file (char const *from, char const *to, struct stat *tost, +@@ -610,10 +610,10 @@ copy_file (char const *from, char const *to, struct stat *tost, if (S_ISLNK (mode)) { -- char *buffer = xmalloc (PATH_MAX); +- char *buffer = xmalloc (PATH_MAX + 1); + char *buffer = xmalloc (tost->st_size + 1); + ssize_t r; -- if (safe_readlink (from, buffer, PATH_MAX) < 0) -+ if (safe_readlink (from, buffer, tost->st_size) < 0) +- if ((r = safe_readlink (from, buffer, PATH_MAX)) < 0) ++ if ((r = safe_readlink (from, buffer, tost->st_size)) < 0) pfatal ("Can't read %s %s", "symbolic link", from); + buffer[r] = '\0'; if (safe_symlink (buffer, to) != 0) - pfatal ("Can't create %s %s", "symbolic link", to); -- -2.4.2 +2.16.2 diff --git a/gnu/packages/patches/pcre2-CVE-2017-7186.patch b/gnu/packages/patches/pcre2-CVE-2017-7186.patch deleted file mode 100644 index 5c16955aaa..0000000000 --- a/gnu/packages/patches/pcre2-CVE-2017-7186.patch +++ /dev/null @@ -1,68 +0,0 @@ -Patch for <https://nvd.nist.gov/vuln/detail?vulnId=CVE-2017-7186> -taken from <https://vcs.pcre.org/pcre2?view=revision&revision=670>. - ---- trunk/src/pcre2_internal.h 2016/11/19 12:46:24 600 -+++ trunk/src/pcre2_internal.h 2017/02/24 18:25:32 670 -@@ -1774,10 +1774,17 @@ - /* UCD access macros */ - - #define UCD_BLOCK_SIZE 128 --#define GET_UCD(ch) (PRIV(ucd_records) + \ -+#define REAL_GET_UCD(ch) (PRIV(ucd_records) + \ - PRIV(ucd_stage2)[PRIV(ucd_stage1)[(int)(ch) / UCD_BLOCK_SIZE] * \ - UCD_BLOCK_SIZE + (int)(ch) % UCD_BLOCK_SIZE]) - -+#if PCRE2_CODE_UNIT_WIDTH == 32 -+#define GET_UCD(ch) ((ch > MAX_UTF_CODE_POINT)? \ -+ PRIV(dummy_ucd_record) : REAL_GET_UCD(ch)) -+#else -+#define GET_UCD(ch) REAL_GET_UCD(ch) -+#endif -+ - #define UCD_CHARTYPE(ch) GET_UCD(ch)->chartype - #define UCD_SCRIPT(ch) GET_UCD(ch)->script - #define UCD_CATEGORY(ch) PRIV(ucp_gentype)[UCD_CHARTYPE(ch)] -@@ -1834,6 +1841,9 @@ - #define _pcre2_default_compile_context PCRE2_SUFFIX(_pcre2_default_compile_context_) - #define _pcre2_default_match_context PCRE2_SUFFIX(_pcre2_default_match_context_) - #define _pcre2_default_tables PCRE2_SUFFIX(_pcre2_default_tables_) -+#if PCRE2_CODE_UNIT_WIDTH == 32 -+#define _pcre2_dummy_ucd_record PCRE2_SUFFIX(_pcre2_dummy_ucd_record_) -+#endif - #define _pcre2_hspace_list PCRE2_SUFFIX(_pcre2_hspace_list_) - #define _pcre2_vspace_list PCRE2_SUFFIX(_pcre2_vspace_list_) - #define _pcre2_ucd_caseless_sets PCRE2_SUFFIX(_pcre2_ucd_caseless_sets_) -@@ -1858,6 +1868,9 @@ - extern const uint32_t PRIV(vspace_list)[]; - extern const uint32_t PRIV(ucd_caseless_sets)[]; - extern const ucd_record PRIV(ucd_records)[]; -+#if PCRE2_CODE_UNIT_WIDTH == 32 -+extern const ucd_record PRIV(dummy_ucd_record)[]; -+#endif - extern const uint8_t PRIV(ucd_stage1)[]; - extern const uint16_t PRIV(ucd_stage2)[]; - extern const uint32_t PRIV(ucp_gbtable)[]; - ---- trunk/src/pcre2_ucd.c 2015/07/17 15:44:51 316 -+++ trunk/src/pcre2_ucd.c 2017/02/24 18:25:32 670 -@@ -41,6 +41,20 @@ - - const char *PRIV(unicode_version) = "8.0.0"; - -+/* If the 32-bit library is run in non-32-bit mode, character values -+greater than 0x10ffff may be encountered. For these we set up a -+special record. */ -+ -+#if PCRE2_CODE_UNIT_WIDTH == 32 -+const ucd_record PRIV(dummy_ucd_record)[] = {{ -+ ucp_Common, /* script */ -+ ucp_Cn, /* type unassigned */ -+ ucp_gbOther, /* grapheme break property */ -+ 0, /* case set */ -+ 0, /* other case */ -+ }}; -+#endif -+ - /* When recompiling tables with a new Unicode version, please check the - types in this structure definition from pcre2_internal.h (the actual - field names will be different): diff --git a/gnu/packages/patches/pcre2-CVE-2017-8786.patch b/gnu/packages/patches/pcre2-CVE-2017-8786.patch deleted file mode 100644 index 6071d58f07..0000000000 --- a/gnu/packages/patches/pcre2-CVE-2017-8786.patch +++ /dev/null @@ -1,155 +0,0 @@ -Fix CVE-2017-8786: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8786 -https://bugs.exim.org/show_bug.cgi?id=2079 -https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/ - -Patch copied from upstream source repository: - -https://vcs.pcre.org/pcre2?view=revision&revision=696 -https://vcs.pcre.org/pcre2?view=revision&revision=697 - ---- trunk/doc/pcre2api.3 2017/03/21 16:48:40 695 -+++ trunk/doc/pcre2api.3 2017/03/21 17:46:21 696 -@@ -1,4 +1,4 @@ --.TH PCRE2API 3 "24 December 2016" "PCRE2 10.23" -+.TH PCRE2API 3 "21 March 2017" "PCRE2 10.30" - .SH NAME - PCRE2 - Perl-compatible regular expressions (revised API) - .sp -@@ -2633,8 +2633,8 @@ - A text message for an error code from any PCRE2 function (compile, match, or - auxiliary) can be obtained by calling \fBpcre2_get_error_message()\fP. The code - is passed as the first argument, with the remaining two arguments specifying a --code unit buffer and its length, into which the text message is placed. Note --that the message is returned in code units of the appropriate width for the -+code unit buffer and its length in code units, into which the text message is -+placed. The message is returned in code units of the appropriate width for the - library that is being used. - .P - The returned message is terminated with a trailing zero, and the function -@@ -3321,6 +3321,6 @@ - .rs - .sp - .nf --Last updated: 23 December 2016 --Copyright (c) 1997-2016 University of Cambridge. -+Last updated: 21 March 2017 -+Copyright (c) 1997-2017 University of Cambridge. - .fi ---- trunk/src/pcre2_error.c 2017/03/21 16:48:40 695 -+++ trunk/src/pcre2_error.c 2017/03/21 17:46:21 696 -@@ -271,7 +271,7 @@ - Arguments: - enumber error number - buffer where to put the message (zero terminated) -- size size of the buffer -+ size size of the buffer in code units - - Returns: length of message if all is well - negative on error ---- trunk/src/pcre2test.c 2017/03/21 17:46:21 696 -+++ trunk/src/pcre2test.c 2017/03/21 18:36:13 697 -@@ -1017,9 +1017,9 @@ - if (test_mode == PCRE8_MODE) \ - r = pcre2_get_error_message_8(a,G(b,8),G(G(b,8),_size)); \ - else if (test_mode == PCRE16_MODE) \ -- r = pcre2_get_error_message_16(a,G(b,16),G(G(b,16),_size)); \ -+ r = pcre2_get_error_message_16(a,G(b,16),G(G(b,16),_size/2)); \ - else \ -- r = pcre2_get_error_message_32(a,G(b,32),G(G(b,32),_size)) -+ r = pcre2_get_error_message_32(a,G(b,32),G(G(b,32),_size/4)) - - #define PCRE2_GET_OVECTOR_COUNT(a,b) \ - if (test_mode == PCRE8_MODE) \ -@@ -1399,6 +1399,9 @@ - - /* ----- Common macros for two-mode cases ----- */ - -+#define BYTEONE (BITONE/8) -+#define BYTETWO (BITTWO/8) -+ - #define CASTFLD(t,a,b) \ - ((test_mode == G(G(PCRE,BITONE),_MODE))? (t)(G(a,BITONE)->b) : \ - (t)(G(a,BITTWO)->b)) -@@ -1481,9 +1484,9 @@ - - #define PCRE2_GET_ERROR_MESSAGE(r,a,b) \ - if (test_mode == G(G(PCRE,BITONE),_MODE)) \ -- r = G(pcre2_get_error_message_,BITONE)(a,G(b,BITONE),G(G(b,BITONE),_size)); \ -+ r = G(pcre2_get_error_message_,BITONE)(a,G(b,BITONE),G(G(b,BITONE),_size/BYTEONE)); \ - else \ -- r = G(pcre2_get_error_message_,BITTWO)(a,G(b,BITTWO),G(G(b,BITTWO),_size)) -+ r = G(pcre2_get_error_message_,BITTWO)(a,G(b,BITTWO),G(G(b,BITTWO),_size/BYTETWO)) - - #define PCRE2_GET_OVECTOR_COUNT(a,b) \ - if (test_mode == G(G(PCRE,BITONE),_MODE)) \ -@@ -1904,7 +1907,7 @@ - #define PCRE2_DFA_MATCH(a,b,c,d,e,f,g,h,i,j) \ - a = pcre2_dfa_match_16(G(b,16),(PCRE2_SPTR16)c,d,e,f,G(g,16),h,i,j) - #define PCRE2_GET_ERROR_MESSAGE(r,a,b) \ -- r = pcre2_get_error_message_16(a,G(b,16),G(G(b,16),_size)) -+ r = pcre2_get_error_message_16(a,G(b,16),G(G(b,16),_size/2)) - #define PCRE2_GET_OVECTOR_COUNT(a,b) a = pcre2_get_ovector_count_16(G(b,16)) - #define PCRE2_GET_STARTCHAR(a,b) a = pcre2_get_startchar_16(G(b,16)) - #define PCRE2_JIT_COMPILE(r,a,b) r = pcre2_jit_compile_16(G(a,16),b) -@@ -2000,7 +2003,7 @@ - #define PCRE2_DFA_MATCH(a,b,c,d,e,f,g,h,i,j) \ - a = pcre2_dfa_match_32(G(b,32),(PCRE2_SPTR32)c,d,e,f,G(g,32),h,i,j) - #define PCRE2_GET_ERROR_MESSAGE(r,a,b) \ -- r = pcre2_get_error_message_32(a,G(b,32),G(G(b,32),_size)) -+ r = pcre2_get_error_message_32(a,G(b,32),G(G(b,32),_size/4)) - #define PCRE2_GET_OVECTOR_COUNT(a,b) a = pcre2_get_ovector_count_32(G(b,32)) - #define PCRE2_GET_STARTCHAR(a,b) a = pcre2_get_startchar_32(G(b,32)) - #define PCRE2_JIT_COMPILE(r,a,b) r = pcre2_jit_compile_32(G(a,32),b) ---- trunk/src/pcre2test.c 2017/03/21 16:48:40 695 -+++ trunk/src/pcre2test.c 2017/03/21 17:46:21 696 -@@ -2889,7 +2889,7 @@ - { - if (pbuffer32 != NULL) free(pbuffer32); - pbuffer32_size = 4*len + 4; -- if (pbuffer32_size < 256) pbuffer32_size = 256; -+ if (pbuffer32_size < 512) pbuffer32_size = 512; - pbuffer32 = (uint32_t *)malloc(pbuffer32_size); - if (pbuffer32 == NULL) - { -@@ -7600,7 +7600,8 @@ - int errcode; - char *endptr; - --/* Ensure the relevant non-8-bit buffer is available. */ -+/* Ensure the relevant non-8-bit buffer is available. Ensure that it is at -+least 128 code units, because it is used for retrieving error messages. */ - - #ifdef SUPPORT_PCRE2_16 - if (test_mode == PCRE16_MODE) -@@ -7620,7 +7621,7 @@ - #ifdef SUPPORT_PCRE2_32 - if (test_mode == PCRE32_MODE) - { -- pbuffer32_size = 256; -+ pbuffer32_size = 512; - pbuffer32 = (uint32_t *)malloc(pbuffer32_size); - if (pbuffer32 == NULL) - { ---- trunk/testdata/testinput2 2017/03/21 16:48:40 695 -+++ trunk/testdata/testinput2 2017/03/21 17:46:21 696 -@@ -5017,4 +5017,6 @@ - - /(?<!\1((?U)1((?U))))(*F)/never_backslash_c,alt_bsux,anchored,extended - -+/\g{3/ -+ - # End of testinput2 ---- trunk/testdata/testoutput2 2017/03/21 16:48:40 695 -+++ trunk/testdata/testoutput2 2017/03/21 17:46:21 696 -@@ -15570,6 +15570,9 @@ - - /(?<!\1((?U)1((?U))))(*F)/never_backslash_c,alt_bsux,anchored,extended - -+/\g{3/ -+Failed: error 157 at offset 2: \g is not followed by a braced, angle-bracketed, or quoted name/number or by a plain number -+ - # End of testinput2 - Error -63: PCRE2_ERROR_BADDATA (unknown error number) - Error -62: bad serialized data diff --git a/gnu/packages/patches/perf-gcc-ice.patch b/gnu/packages/patches/perf-gcc-ice.patch new file mode 100644 index 0000000000..58ab5359c2 --- /dev/null +++ b/gnu/packages/patches/perf-gcc-ice.patch @@ -0,0 +1,13 @@ +Work around this GCC ICE: <https://bugs.gnu.org/31708>. + +--- linux-4.16.13/tools/perf/util/header.c 2018-06-04 11:30:39.368146035 +0200 ++++ linux-4.16.13/tools/perf/util/header.c 2018-06-04 11:34:04.667212378 +0200 +@@ -135,7 +135,7 @@ int do_write(struct feat_fd *ff, const v + int write_padded(struct feat_fd *ff, const void *bf, + size_t count, size_t count_aligned) + { +- static const char zero_buf[NAME_ALIGN]; ++ static const char zero_buf[NAME_ALIGN] = { 0 }; + int err = do_write(ff, bf, count); + + if (!err) diff --git a/gnu/packages/patches/pius.patch b/gnu/packages/patches/pius.patch new file mode 100644 index 0000000000..da39731d4d --- /dev/null +++ b/gnu/packages/patches/pius.patch @@ -0,0 +1,38 @@ +See https://github.com/jaymzh/pius/pull/96 + +commit 4dba0bf75ab351969622f7b9c38484657411a528 +Author: Martin Kletzander <nert.pinx+github@gmail.com> +Date: Thu May 17 17:55:27 2018 +0200 + + Don't fail on ENCRYPTION_COMPLIANCE_MODE line from too new GnuPG (#96) + + GnuPG started printing information about encryption compliance in [commit + f31dc2540acf](https://dev.gnupg.org/rGf31dc2540acf7cd7f09fd94658e815822222bfcb) + and since then signing with pius fails. + + Closes #95 + + Signed-off-by: Martin Kletzander <nert.pinx@gmail.com> + +diff --git a/libpius/signer.py b/libpius/signer.py +index 3c7262f..13013bb 100644 +--- a/libpius/signer.py ++++ b/libpius/signer.py +@@ -45,6 +45,7 @@ class PiusSigner(object): + GPG_PINENTRY_LAUNCHED = '[GNUPG:] PINENTRY_LAUNCHED' + GPG_KEY_CONSIDERED = '[GNUPG:] KEY_CONSIDERED' + GPG_WARN_VERSION = '[GNUPG:] WARNING server_version_mismatch' ++ GPG_ENC_COMPLIANT_MODE = '[GNUPG:] ENCRYPTION_COMPLIANCE_MODE' + + def __init__(self, signer, force_signer, mode, keyring, gpg_path, tmpdir, + outdir, encrypt_outfiles, mail, mailer, verbose, sort_keyring, +@@ -431,6 +432,9 @@ class PiusSigner(object): + if PiusSigner.GPG_ENC_BEG in line: + debug('Got GPG_ENC_BEG') + continue ++ elif PiusSigner.GPG_ENC_COMPLIANT_MODE in line: ++ debug('Got ENCRYPTION_COMPLIANCE_MODE') ++ continue + elif PiusSigner.GPG_ENC_END in line: + debug('Got GPG_ENC_END') + break diff --git a/gnu/packages/patches/pulseaudio-glibc-2.27.patch b/gnu/packages/patches/pulseaudio-glibc-2.27.patch new file mode 100644 index 0000000000..79d86abeee --- /dev/null +++ b/gnu/packages/patches/pulseaudio-glibc-2.27.patch @@ -0,0 +1,67 @@ +Copied from: +https://cgit.freedesktop.org/pulseaudio/pulseaudio/commit/?id=dfb0460fb4743aec047cdf755a660a9ac2d0f3fb + + +From dfb0460fb4743aec047cdf755a660a9ac2d0f3fb Mon Sep 17 00:00:00 2001 +From: Tanu Kaskinen <tanuk@iki.fi> +Date: Wed, 24 Jan 2018 03:51:49 +0200 +Subject: [PATCH] memfd-wrappers: only define memfd_create() if not already + defined + +glibc 2.27 is to be released soon, and it will provide memfd_create(). +If glibc provides the function, we must not define it ourselves, +otherwise building fails due to conflict between the two implementations +of the same function. + +BugLink: https://bugs.freedesktop.org/show_bug.cgi?id=104733 +--- + configure.ac | 3 +++ + src/pulsecore/memfd-wrappers.h | 7 ++++--- + 2 files changed, 7 insertions(+), 3 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 0084c86e..0eb44b08 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -610,6 +610,9 @@ AS_IF([test "x$enable_memfd" = "xyes" && test "x$HAVE_MEMFD" = "x0"], + [AC_MSG_ERROR([*** Your Linux kernel does not support memfd shared memory. + *** Use linux v3.17 or higher for such a feature.])]) + ++AS_IF([test "x$HAVE_MEMFD" = "x1"], ++ AC_CHECK_FUNCS([memfd_create])) ++ + AC_SUBST(HAVE_MEMFD) + AM_CONDITIONAL([HAVE_MEMFD], [test "x$HAVE_MEMFD" = x1]) + AS_IF([test "x$HAVE_MEMFD" = "x1"], AC_DEFINE([HAVE_MEMFD], 1, [Have memfd shared memory.])) +diff --git a/src/pulsecore/memfd-wrappers.h b/src/pulsecore/memfd-wrappers.h +index 3bed9b2b..c7aadfd3 100644 +--- a/src/pulsecore/memfd-wrappers.h ++++ b/src/pulsecore/memfd-wrappers.h +@@ -20,13 +20,14 @@ + License along with PulseAudio; if not, see <http://www.gnu.org/licenses/>. + ***/ + +-#ifdef HAVE_MEMFD ++#if defined(HAVE_MEMFD) && !defined(HAVE_MEMFD_CREATE) + + #include <sys/syscall.h> + #include <fcntl.h> + + /* +- * No glibc wrappers exist for memfd_create(2), so provide our own. ++ * Before glibc version 2.27 there was no wrapper for memfd_create(2), ++ * so we have to provide our own. + * + * Also define memfd fcntl sealing macros. While they are already + * defined in the kernel header file <linux/fcntl.h>, that file as +@@ -63,6 +64,6 @@ static inline int memfd_create(const char *name, unsigned int flags) { + #define F_SEAL_WRITE 0x0008 /* prevent writes */ + #endif + +-#endif /* HAVE_MEMFD */ ++#endif /* HAVE_MEMFD && !HAVE_MEMFD_CREATE */ + + #endif +-- +2.16.2 + diff --git a/gnu/packages/patches/pycairo-wscript.patch b/gnu/packages/patches/pycairo-wscript.patch deleted file mode 100644 index c49f0afcb3..0000000000 --- a/gnu/packages/patches/pycairo-wscript.patch +++ /dev/null @@ -1,31 +0,0 @@ -Update the wscript to work with waf-1.8.8. Based on: -http://cgit.freedesktop.org/pycairo/commit/?id=c57cd129407c904f8c2f752a59d0183df7b01a5e - - ---- pycairo-1.10.0.orig/wscript 2011-04-18 15:42:29.000000000 +0800 -+++ pycairo-1.10.0/wscript 2015-04-20 13:01:45.383756898 +0800 -@@ -13,18 +13,18 @@ - - def options(ctx): - print(' %s/options()' %d) -- ctx.tool_options('gnu_dirs') -- ctx.tool_options('compiler_cc') -- ctx.tool_options('python') # options for disabling pyc or pyo compilation -+ ctx.load('gnu_dirs') -+ ctx.load('compiler_c') -+ ctx.load('python') # options for disabling pyc or pyo compilation - - - def configure(ctx): - print(' %s/configure()' %d) - - env = ctx.env -- ctx.check_tool('gnu_dirs') -- ctx.check_tool('compiler_cc') -- ctx.check_tool('python') -+ ctx.load('gnu_dirs') -+ ctx.load('compiler_c') -+ ctx.load('python') - ctx.check_python_version((3,1,0)) - ctx.check_python_headers() - ctx.check_cfg(package='cairo', atleast_version=cairo_version_required, diff --git a/gnu/packages/patches/python-3-search-paths.patch b/gnu/packages/patches/python-3-search-paths.patch index 7feddb8e30..73e3f4ccf5 100644 --- a/gnu/packages/patches/python-3-search-paths.patch +++ b/gnu/packages/patches/python-3-search-paths.patch @@ -3,17 +3,14 @@ looking for headers and libraries. --- setup.py 2015-10-07 23:32:58.891329173 +0200 +++ setup.py 2015-10-07 23:46:29.653349924 +0200 -@@ -507,11 +507,8 @@ class PyBuildExt(build_ext): +@@ -575,8 +575,8 @@ # if a file is found in one of those directories, it can # be assumed that no additional -I,-L directives are needed. if not cross_compiling: -- lib_dirs = self.compiler.library_dirs + [ -- '/lib64', '/usr/lib64', -- '/lib', '/usr/lib', -- ] -- inc_dirs = self.compiler.include_dirs + ['/usr/include'] +- lib_dirs = self.compiler.library_dirs + system_lib_dirs +- inc_dirs = self.compiler.include_dirs + system_include_dirs + lib_dirs = os.getenv('LIBRARY_PATH', '').split(os.pathsep) + inc_dirs = os.getenv('C_INCLUDE_PATH', '').split(os.pathsep) else: - lib_dirs = self.compiler.library_dirs[:] - inc_dirs = self.compiler.include_dirs[:] + # Add the sysroot paths. 'sysroot' is a compiler option used to + # set the logical path of the standard system headers and diff --git a/gnu/packages/patches/python-statsmodels-fix-tests.patch b/gnu/packages/patches/python-statsmodels-fix-tests.patch deleted file mode 100644 index f910b4b5a5..0000000000 --- a/gnu/packages/patches/python-statsmodels-fix-tests.patch +++ /dev/null @@ -1,28 +0,0 @@ -This drops a test that fails with numpy 1.12. - -Upstream bug URL: https://github.com/statsmodels/statsmodels/issues/3541 - ---- a/statsmodels/discrete/tests/test_discrete.py 2017-03-06 15:29:19.947343331 +0000 -+++ b/statsmodels/discrete/tests/test_discrete.py 2017-03-06 15:29:37.759328845 +0000 -@@ -1329,21 +1329,6 @@ - res = mod.fit(start_params=-np.ones(4), method='newton', disp=0) - assert_(not res.mle_retvals['converged']) - --def test_issue_339(): -- # make sure MNLogit summary works for J != K. -- data = sm.datasets.anes96.load() -- exog = data.exog -- # leave out last exog column -- exog = exog[:,:-1] -- exog = sm.add_constant(exog, prepend=True) -- res1 = sm.MNLogit(data.endog, exog).fit(method="newton", disp=0) -- # strip the header from the test -- smry = "\n".join(res1.summary().as_text().split('\n')[9:]) -- cur_dir = os.path.dirname(os.path.abspath(__file__)) -- test_case_file = os.path.join(cur_dir, 'results', 'mn_logit_summary.txt') -- test_case = open(test_case_file, 'r').read() -- np.testing.assert_equal(smry, test_case[:-1]) -- - def test_issue_341(): - data = sm.datasets.anes96.load() - exog = data.exog diff --git a/gnu/packages/patches/qemu-glibc-2.27.patch b/gnu/packages/patches/qemu-glibc-2.27.patch new file mode 100644 index 0000000000..b1f354ac1c --- /dev/null +++ b/gnu/packages/patches/qemu-glibc-2.27.patch @@ -0,0 +1,55 @@ +From 75e5b70e6b5dcc4f2219992d7cffa462aa406af0 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini <pbonzini@redhat.com> +Date: Tue, 28 Nov 2017 11:51:27 +0100 +Subject: [PATCH] memfd: fix configure test +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +Recent glibc added memfd_create in sys/mman.h. This conflicts with +the definition in util/memfd.c: + + /builddir/build/BUILD/qemu-2.11.0-rc1/util/memfd.c:40:12: error: static declaration of memfd_create follows non-static declaration + +Fix the configure test, and remove the sys/memfd.h inclusion since the +file actually does not exist---it is a typo in the memfd_create(2) man +page. + +Cc: Marc-André Lureau <marcandre.lureau@redhat.com> +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> +--- + configure | 2 +- + util/memfd.c | 4 +--- + 2 files changed, 2 insertions(+), 4 deletions(-) + +diff --git a/configure b/configure +index 9c8aa5a..99ccc17 100755 +--- a/configure ++++ b/configure +@@ -3923,7 +3923,7 @@ fi + # check if memfd is supported + memfd=no + cat > $TMPC << EOF +-#include <sys/memfd.h> ++#include <sys/mman.h> + + int main(void) + { +diff --git a/util/memfd.c b/util/memfd.c +index 4571d1a..412e94a 100644 +--- a/util/memfd.c ++++ b/util/memfd.c +@@ -31,9 +31,7 @@ + + #include "qemu/memfd.h" + +-#ifdef CONFIG_MEMFD +-#include <sys/memfd.h> +-#elif defined CONFIG_LINUX ++#if defined CONFIG_LINUX && !defined CONFIG_MEMFD + #include <sys/syscall.h> + #include <asm/unistd.h> + +-- +1.8.3.1 + diff --git a/gnu/packages/patches/quassel-qt-5.11.patch b/gnu/packages/patches/quassel-qt-5.11.patch new file mode 100644 index 0000000000..545f8b7610 --- /dev/null +++ b/gnu/packages/patches/quassel-qt-5.11.patch @@ -0,0 +1,72 @@ +https://github.com/quassel/quassel/commit/92f4dca367c3a6f0536a1e0f3fbb44bb6ed4da62.patch +This can be removed after quassel 0.12.5. + +From 92f4dca367c3a6f0536a1e0f3fbb44bb6ed4da62 Mon Sep 17 00:00:00 2001 +From: Manuel Nickschas <sputnick@quassel-irc.org> +Date: Thu, 3 May 2018 23:19:34 +0200 +Subject: [PATCH] cmake: Fix build with Qt 5.11 + +Qt 5.11 removes the qt5_use_modules function, so add a copy. If +present, the Qt-provided function will be used instead. + +Closes GH-355. +--- + cmake/QuasselMacros.cmake | 38 ++++++++++++++++++++++++++++++++++++++ + 1 file changed, 38 insertions(+) + +diff --git a/cmake/QuasselMacros.cmake b/cmake/QuasselMacros.cmake +index 652c0042d..d77ba1cfb 100644 +--- a/cmake/QuasselMacros.cmake ++++ b/cmake/QuasselMacros.cmake +@@ -5,6 +5,9 @@ + # The qt4_use_modules function was taken from CMake's Qt4Macros.cmake: + # (C) 2005-2009 Kitware, Inc. + # ++# The qt5_use_modules function was taken from Qt 5.10.1 (and modified): ++# (C) 2005-2011 Kitware, Inc. ++# + # Redistribution and use is allowed according to the terms of the BSD license. + # For details see the accompanying COPYING-CMAKE-SCRIPTS file. + +@@ -43,6 +46,41 @@ function(qt4_use_modules _target _link_type) + endforeach() + endfunction() + ++# Qt 5.11 removed the qt5_use_modules function, so we need to provide it until we can switch to a modern CMake version. ++# If present, the Qt-provided version will be used automatically instead. ++function(qt5_use_modules _target _link_type) ++ if (NOT TARGET ${_target}) ++ message(FATAL_ERROR "The first argument to qt5_use_modules must be an existing target.") ++ endif() ++ if ("${_link_type}" STREQUAL "LINK_PUBLIC" OR "${_link_type}" STREQUAL "LINK_PRIVATE" ) ++ set(_qt5_modules ${ARGN}) ++ set(_qt5_link_type ${_link_type}) ++ else() ++ set(_qt5_modules ${_link_type} ${ARGN}) ++ endif() ++ ++ if ("${_qt5_modules}" STREQUAL "") ++ message(FATAL_ERROR "qt5_use_modules requires at least one Qt module to use.") ++ endif() ++ foreach(_module ${_qt5_modules}) ++ if (NOT Qt5${_module}_FOUND) ++ find_package(Qt5${_module} PATHS "${_Qt5_COMPONENT_PATH}" NO_DEFAULT_PATH) ++ if (NOT Qt5${_module}_FOUND) ++ message(FATAL_ERROR "Can not use \"${_module}\" module which has not yet been found.") ++ endif() ++ endif() ++ target_link_libraries(${_target} ${_qt5_link_type} ${Qt5${_module}_LIBRARIES}) ++ set_property(TARGET ${_target} APPEND PROPERTY INCLUDE_DIRECTORIES ${Qt5${_module}_INCLUDE_DIRS}) ++ set_property(TARGET ${_target} APPEND PROPERTY COMPILE_DEFINITIONS ${Qt5${_module}_COMPILE_DEFINITIONS}) ++ if (Qt5_POSITION_INDEPENDENT_CODE ++ AND (CMAKE_VERSION VERSION_LESS 2.8.12 ++ AND (NOT CMAKE_CXX_COMPILER_ID STREQUAL "GNU" ++ OR CMAKE_CXX_COMPILER_VERSION VERSION_LESS 5.0))) ++ set_property(TARGET ${_target} PROPERTY POSITION_INDEPENDENT_CODE ${Qt5_POSITION_INDEPENDENT_CODE}) ++ endif() ++ endforeach() ++endfunction() ++ + # Some wrappers for simplifying dual-Qt support + + function(qt_use_modules) diff --git a/gnu/packages/patches/sddm-fix-build-with-qt-5.11-1024.patch b/gnu/packages/patches/sddm-fix-build-with-qt-5.11-1024.patch new file mode 100644 index 0000000000..53c184230a --- /dev/null +++ b/gnu/packages/patches/sddm-fix-build-with-qt-5.11-1024.patch @@ -0,0 +1,28 @@ +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 2efc649..8903b52 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -93,7 +95,7 @@ + find_package(XKB REQUIRED) + + # Qt 5 +-find_package(Qt5 5.6.0 CONFIG REQUIRED Core DBus Gui Qml Quick LinguistTools) ++find_package(Qt5 5.8.0 CONFIG REQUIRED Core DBus Gui Qml Quick LinguistTools Test) + + # find qt5 imports dir + get_target_property(QMAKE_EXECUTABLE Qt5::qmake LOCATION) +diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt +index c9d935a..bb85ddd 100644 +--- a/test/CMakeLists.txt ++++ b/test/CMakeLists.txt +@@ -2,9 +2,8 @@ + + include_directories(../src/common) + +- + set(ConfigurationTest_SRCS ConfigurationTest.cpp ../src/common/ConfigReader.cpp) + add_executable(ConfigurationTest ${ConfigurationTest_SRCS}) + add_test(NAME Configuration COMMAND ConfigurationTest) + +-qt5_use_modules(ConfigurationTest Test) ++target_link_libraries(ConfigurationTest Qt5::Core Qt5::Test) diff --git a/gnu/packages/patches/shadow-CVE-2018-7169.patch b/gnu/packages/patches/shadow-CVE-2018-7169.patch deleted file mode 100644 index eeae5b9b71..0000000000 --- a/gnu/packages/patches/shadow-CVE-2018-7169.patch +++ /dev/null @@ -1,191 +0,0 @@ -Fix CVE-2018-7169: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169 - -Patch copied from upstream source repository: - -https://github.com/shadow-maint/shadow/commit/fb28c99b8a66ff2605c5cb96abc0a4d975f92de0 - -From fb28c99b8a66ff2605c5cb96abc0a4d975f92de0 Mon Sep 17 00:00:00 2001 -From: Aleksa Sarai <asarai@suse.de> -Date: Thu, 15 Feb 2018 23:49:40 +1100 -Subject: [PATCH] newgidmap: enforce setgroups=deny if self-mapping a group - -This is necessary to match the kernel-side policy of "self-mapping in a -user namespace is fine, but you cannot drop groups" -- a policy that was -created in order to stop user namespaces from allowing trivial privilege -escalation by dropping supplementary groups that were "blacklisted" from -certain paths. - -This is the simplest fix for the underlying issue, and effectively makes -it so that unless a user has a valid mapping set in /etc/subgid (which -only administrators can modify) -- and they are currently trying to use -that mapping -- then /proc/$pid/setgroups will be set to deny. This -workaround is only partial, because ideally it should be possible to set -an "allow_setgroups" or "deny_setgroups" flag in /etc/subgid to allow -administrators to further restrict newgidmap(1). - -We also don't write anything in the "allow" case because "allow" is the -default, and users may have already written "deny" even if they -technically are allowed to use setgroups. And we don't write anything if -the setgroups policy is already "deny". - -Ref: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357 -Fixes: CVE-2018-7169 -Reported-by: Craig Furman <craig.furman89@gmail.com> -Signed-off-by: Aleksa Sarai <asarai@suse.de> ---- - src/newgidmap.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++------ - 1 file changed, 80 insertions(+), 9 deletions(-) - -diff --git a/src/newgidmap.c b/src/newgidmap.c -index b1e33513..59a2e75c 100644 ---- a/src/newgidmap.c -+++ b/src/newgidmap.c -@@ -46,32 +46,37 @@ - */ - const char *Prog; - --static bool verify_range(struct passwd *pw, struct map_range *range) -+ -+static bool verify_range(struct passwd *pw, struct map_range *range, bool *allow_setgroups) - { - /* An empty range is invalid */ - if (range->count == 0) - return false; - -- /* Test /etc/subgid */ -- if (have_sub_gids(pw->pw_name, range->lower, range->count)) -+ /* Test /etc/subgid. If the mapping is valid then we allow setgroups. */ -+ if (have_sub_gids(pw->pw_name, range->lower, range->count)) { -+ *allow_setgroups = true; - return true; -+ } - -- /* Allow a process to map its own gid */ -- if ((range->count == 1) && (pw->pw_gid == range->lower)) -+ /* Allow a process to map its own gid. */ -+ if ((range->count == 1) && (pw->pw_gid == range->lower)) { -+ /* noop -- if setgroups is enabled already we won't disable it. */ - return true; -+ } - - return false; - } - - static void verify_ranges(struct passwd *pw, int ranges, -- struct map_range *mappings) -+ struct map_range *mappings, bool *allow_setgroups) - { - struct map_range *mapping; - int idx; - - mapping = mappings; - for (idx = 0; idx < ranges; idx++, mapping++) { -- if (!verify_range(pw, mapping)) { -+ if (!verify_range(pw, mapping, allow_setgroups)) { - fprintf(stderr, _( "%s: gid range [%lu-%lu) -> [%lu-%lu) not allowed\n"), - Prog, - mapping->upper, -@@ -89,6 +94,70 @@ static void usage(void) - exit(EXIT_FAILURE); - } - -+void write_setgroups(int proc_dir_fd, bool allow_setgroups) -+{ -+ int setgroups_fd; -+ char *policy, policy_buffer[4096]; -+ -+ /* -+ * Default is "deny", and any "allow" will out-rank a "deny". We don't -+ * forcefully write an "allow" here because the process we are writing -+ * mappings for may have already set themselves to "deny" (and "allow" -+ * is the default anyway). So allow_setgroups == true is a noop. -+ */ -+ policy = "deny\n"; -+ if (allow_setgroups) -+ return; -+ -+ setgroups_fd = openat(proc_dir_fd, "setgroups", O_RDWR|O_CLOEXEC); -+ if (setgroups_fd < 0) { -+ /* -+ * If it's an ENOENT then we are on too old a kernel for the setgroups -+ * code to exist. Emit a warning and bail on this. -+ */ -+ if (ENOENT == errno) { -+ fprintf(stderr, _("%s: kernel doesn't support setgroups restrictions\n"), Prog); -+ goto out; -+ } -+ fprintf(stderr, _("%s: couldn't open process setgroups: %s\n"), -+ Prog, -+ strerror(errno)); -+ exit(EXIT_FAILURE); -+ } -+ -+ /* -+ * Check whether the policy is already what we want. /proc/self/setgroups -+ * is write-once, so attempting to write after it's already written to will -+ * fail. -+ */ -+ if (read(setgroups_fd, policy_buffer, sizeof(policy_buffer)) < 0) { -+ fprintf(stderr, _("%s: failed to read setgroups: %s\n"), -+ Prog, -+ strerror(errno)); -+ exit(EXIT_FAILURE); -+ } -+ if (!strncmp(policy_buffer, policy, strlen(policy))) -+ goto out; -+ -+ /* Write the policy. */ -+ if (lseek(setgroups_fd, 0, SEEK_SET) < 0) { -+ fprintf(stderr, _("%s: failed to seek setgroups: %s\n"), -+ Prog, -+ strerror(errno)); -+ exit(EXIT_FAILURE); -+ } -+ if (dprintf(setgroups_fd, "%s", policy) < 0) { -+ fprintf(stderr, _("%s: failed to setgroups %s policy: %s\n"), -+ Prog, -+ policy, -+ strerror(errno)); -+ exit(EXIT_FAILURE); -+ } -+ -+out: -+ close(setgroups_fd); -+} -+ - /* - * newgidmap - Set the gid_map for the specified process - */ -@@ -103,6 +172,7 @@ int main(int argc, char **argv) - struct stat st; - struct passwd *pw; - int written; -+ bool allow_setgroups = false; - - Prog = Basename (argv[0]); - -@@ -145,7 +215,7 @@ int main(int argc, char **argv) - (unsigned long) getuid ())); - return EXIT_FAILURE; - } -- -+ - /* Get the effective uid and effective gid of the target process */ - if (fstat(proc_dir_fd, &st) < 0) { - fprintf(stderr, _("%s: Could not stat directory for target %u\n"), -@@ -177,8 +247,9 @@ int main(int argc, char **argv) - if (!mappings) - usage(); - -- verify_ranges(pw, ranges, mappings); -+ verify_ranges(pw, ranges, mappings, &allow_setgroups); - -+ write_setgroups(proc_dir_fd, allow_setgroups); - write_mapping(proc_dir_fd, ranges, mappings, "gid_map"); - sub_gid_close(); - --- -2.16.2 - diff --git a/gnu/packages/patches/strace-kernel-4.16.patch b/gnu/packages/patches/strace-kernel-4.16.patch new file mode 100644 index 0000000000..e86d3be439 --- /dev/null +++ b/gnu/packages/patches/strace-kernel-4.16.patch @@ -0,0 +1,92 @@ +Fix test failure when using Linux-Libre >= 4.16. + +Taken from upstream: +https://github.com/strace/strace/commit/bcff87c31c0f27c678a43d6b7f67dab363a974fa + +From bcff87c31c0f27c678a43d6b7f67dab363a974fa Mon Sep 17 00:00:00 2001 +From: Masatake YAMATO <yamato@redhat.com> +Date: Wed, 2 May 2018 17:11:07 +0900 +Subject: [PATCH] tests/ioctl_kvm_run.c: handle cpuid at the end of vcpu dentry + +Since Linux 4.16, kernel appends the cpuid as suffix to the entry +for a kvm vcpu in /proc/$pid/fd like: + + anon_inode:kvm-vcpu:0 + +That was + + anon_inode:kvm-vcpu + +This kernel change causes the test case failure on newer kernels. +Update the test to deal with the new name as well as the old one. + +* tests/ioctl_kvm_run.c: Include unistd.h for using readlink(2). +(vcpu_dev_should_have_cpuid): New function for detecting whether +a proc entry for given fd has the cpuid suffix or not. +(main): Trim vcpu_dev to remove the cpuid suffix if needed. +(vcpu_dev): Remove const modifier. +--- + tests/ioctl_kvm_run.c | 29 ++++++++++++++++++++++++++++- + 1 file changed, 28 insertions(+), 1 deletion(-) + +diff --git a/tests/ioctl_kvm_run.c b/tests/ioctl_kvm_run.c +index 179461430..e1bef5796 100644 +--- a/tests/ioctl_kvm_run.c ++++ b/tests/ioctl_kvm_run.c +@@ -40,6 +40,7 @@ + # include <string.h> + # include <sys/ioctl.h> + # include <sys/mman.h> ++# include <unistd.h> + # include <linux/kvm.h> + + static int +@@ -56,7 +57,7 @@ kvm_ioctl(int fd, unsigned long cmd, const char *cmd_str, void *arg) + + static const char dev[] = "/dev/kvm"; + static const char vm_dev[] = "anon_inode:kvm-vm"; +-static const char vcpu_dev[] = "anon_inode:kvm-vcpu"; ++static char vcpu_dev[] = "anon_inode:kvm-vcpu:0"; + static size_t page_size; + + extern const char code[]; +@@ -165,6 +166,23 @@ run_kvm(const int vcpu_fd, struct kvm_run *const run, const size_t mmap_size, + } + } + ++static int ++vcpu_dev_should_have_cpuid(int fd) ++{ ++ int r = 0; ++ char *filename = NULL; ++ char buf[sizeof(vcpu_dev)]; ++ ++ if (asprintf(&filename, "/proc/%d/fd/%d", getpid(), fd) < 0) ++ error_msg_and_fail("asprintf"); ++ ++ if (readlink(filename, buf, sizeof(buf)) == sizeof(buf) - 1 ++ && (memcmp(buf, vcpu_dev, sizeof(buf) - 1) == 0)) ++ r = 1; ++ free(filename); ++ return r; ++} ++ + int + main(void) + { +@@ -208,6 +226,15 @@ main(void) + (unsigned long) page_size, (unsigned long) page_size, mem); + + int vcpu_fd = KVM_IOCTL(vm_fd, KVM_CREATE_VCPU, NULL); ++ if (!vcpu_dev_should_have_cpuid(vcpu_fd)) ++ /* ++ * This is an older kernel that doesn't place a cpuid ++ * at the end of the dentry associated with vcpu_fd. ++ * Trim the cpuid part of vcpu_dev like: ++ * "anon_inode:kvm-vcpu:0" -> "anon_inode:kvm-vcpu" ++ */ ++ vcpu_dev[strlen (vcpu_dev) - 2] = '\0'; ++ + printf("ioctl(%d<%s>, KVM_CREATE_VCPU, 0) = %d<%s>\n", + vm_fd, vm_dev, vcpu_fd, vcpu_dev); + diff --git a/gnu/packages/patches/tar-CVE-2016-6321.patch b/gnu/packages/patches/tar-CVE-2016-6321.patch deleted file mode 100644 index b79be9bc94..0000000000 --- a/gnu/packages/patches/tar-CVE-2016-6321.patch +++ /dev/null @@ -1,51 +0,0 @@ -Fix CVE-2016-6321: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321 -https://security-tracker.debian.org/tracker/CVE-2016-6321 - -Patch adapted from upstream source repository (the changes to 'NEWS' -don't apply to the Tar 1.29 release tarball). - -http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d - -From 7340f67b9860ea0531c1450e5aa261c50f67165d Mon Sep 17 00:00:00 2001 -From: Paul Eggert <eggert@Penguin.CS.UCLA.EDU> -Date: Sat, 29 Oct 2016 21:04:40 -0700 -Subject: [PATCH] When extracting, skip ".." members - -* NEWS: Document this. -* src/extract.c (extract_archive): Skip members whose names -contain "..". ---- - NEWS | 8 +++++++- - src/extract.c | 8 ++++++++ - 2 files changed, 15 insertions(+), 1 deletion(-) - -diff --git a/src/extract.c b/src/extract.c -index f982433..7904148 100644 ---- a/src/extract.c -+++ b/src/extract.c -@@ -1629,12 +1629,20 @@ extract_archive (void) - { - char typeflag; - tar_extractor_t fun; -+ bool skip_dotdot_name; - - fatal_exit_hook = extract_finish; - - set_next_block_after (current_header); - -+ skip_dotdot_name = (!absolute_names_option -+ && contains_dot_dot (current_stat_info.orig_file_name)); -+ if (skip_dotdot_name) -+ ERROR ((0, 0, _("%s: Member name contains '..'"), -+ quotearg_colon (current_stat_info.orig_file_name))); -+ - if (!current_stat_info.file_name[0] -+ || skip_dotdot_name - || (interactive_option - && !confirm ("extract", current_stat_info.file_name))) - { --- -2.11.0 - diff --git a/gnu/packages/patches/tar-remove-wholesparse-check.patch b/gnu/packages/patches/tar-remove-wholesparse-check.patch new file mode 100644 index 0000000000..41f53e86aa --- /dev/null +++ b/gnu/packages/patches/tar-remove-wholesparse-check.patch @@ -0,0 +1,68 @@ +This patch is needed in order to build Guix on a Btrfs file system. + + +From da922703282b0d3b8837a99a9c7fdd32f1d20d49 Mon Sep 17 00:00:00 2001 +From: Mark H Weaver <mhw@netris.org> +Date: Tue, 9 Jan 2018 20:16:14 -0500 +Subject: [PATCH] Remove nonportable check for files containing only zeroes. + +This check benefitted only one unlikely case (large files containing +only zeroes, on systems that do not support SEEK_HOLE) and was based +on an assumption about file system behavior that is not mandated by +POSIX and no longer holds in practice, namely that for sufficiently +large files, (st_blocks == 0) implies that the file contains only +zeroes. Examples of file systems that violate this assumption include +Linux's /proc file system and Btrfs. + +* src/sparse.c (sparse_scan_file_wholesparse): Remove this function. +(sparse_scan_file_seek): Remove the initial check for files containing +only zeroes. +--- + src/sparse.c | 24 ------------------------ + 1 file changed, 24 deletions(-) + +diff --git a/src/sparse.c b/src/sparse.c +index d41c0ea..3de6560 100644 +--- a/src/sparse.c ++++ b/src/sparse.c +@@ -261,26 +261,6 @@ sparse_scan_file_raw (struct tar_sparse_file *file) + return tar_sparse_scan (file, scan_end, NULL); + } + +-static bool +-sparse_scan_file_wholesparse (struct tar_sparse_file *file) +-{ +- struct tar_stat_info *st = file->stat_info; +- struct sp_array sp = {0, 0}; +- +- /* Note that this function is called only for truly sparse files of size >= 1 +- block size (checked via ST_IS_SPARSE before). See the thread +- http://www.mail-archive.com/bug-tar@gnu.org/msg04209.html for more info */ +- if (ST_NBLOCKS (st->stat) == 0) +- { +- st->archive_file_size = 0; +- sp.offset = st->stat.st_size; +- sparse_add_map (st, &sp); +- return true; +- } +- +- return false; +-} +- + #ifdef SEEK_HOLE + /* Try to engage SEEK_HOLE/SEEK_DATA feature. */ + static bool +@@ -343,10 +323,6 @@ sparse_scan_file_seek (struct tar_sparse_file *file) + static bool + sparse_scan_file (struct tar_sparse_file *file) + { +- /* always check for completely sparse files */ +- if (sparse_scan_file_wholesparse (file)) +- return true; +- + switch (hole_detection) + { + case HOLE_DETECTION_DEFAULT: +-- +2.15.1 + diff --git a/gnu/packages/patches/util-linux-CVE-2018-7738.patch b/gnu/packages/patches/util-linux-CVE-2018-7738.patch deleted file mode 100644 index 080e2f56ba..0000000000 --- a/gnu/packages/patches/util-linux-CVE-2018-7738.patch +++ /dev/null @@ -1,49 +0,0 @@ -Fix CVE-2018-7738: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738 - -Patch copied from upstream source repository: - -https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55 - -From 75f03badd7ed9f1dd951863d75e756883d3acc55 Mon Sep 17 00:00:00 2001 -From: Karel Zak <kzak@redhat.com> -Date: Thu, 16 Nov 2017 16:27:32 +0100 -Subject: [PATCH] bash-completion: (umount) use findmnt, escape a space in - paths - - # mount /dev/sdc1 /mnt/test/foo\ bar - # umount <tab> - -has to return "/mnt/test/foo\ bar". - -Changes: - - * don't use mount | awk output, we have findmnt - * force compgen use \n as entries separator - -Addresses: https://github.com/karelzak/util-linux/issues/539 -Signed-off-by: Karel Zak <kzak@redhat.com> ---- - bash-completion/umount | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -diff --git a/bash-completion/umount b/bash-completion/umount -index d76cb9fff..98c90d61a 100644 ---- a/bash-completion/umount -+++ b/bash-completion/umount -@@ -40,9 +40,10 @@ _umount_module() - return 0 - ;; - esac -- local DEVS_MPOINTS -- DEVS_MPOINTS="$(mount | awk '{print $1, $3}')" -- COMPREPLY=( $(compgen -W "$DEVS_MPOINTS" -- $cur) ) -- return 0 -+ -+ local oldifs=$IFS -+ IFS=$'\n' -+ COMPREPLY=( $( compgen -W '$(findmnt -lno TARGET | sed "s/\([[:blank:]]\)/\\\\\1/g")' -- "$cur" ) ) -+ IFS=$oldifs - } - complete -F _umount_module umount diff --git a/gnu/packages/patches/util-linux-tests.patch b/gnu/packages/patches/util-linux-tests.patch index f436299b7f..bb5be66515 100644 --- a/gnu/packages/patches/util-linux-tests.patch +++ b/gnu/packages/patches/util-linux-tests.patch @@ -5,14 +5,14 @@ using 'getpwnam' in libmount. This doesn't work in the chroot because --- util-linux-2.25.2/tests/ts/libmount/optstr 2015-01-23 13:58:41.181151194 +0100 +++ util-linux-2.25.2/tests/ts/libmount/optstr 2015-01-23 13:58:42.829161716 +0100 -@@ -84,10 +84,6 @@ ts_init_subtest "apply-user" # add user, - ts_valgrind $TESTPROG --apply --user "noexec,nosuid,loop=/dev/looop0" 0x408 &> $TS_OUTPUT +@@ -108,10 +108,6 @@ + ts_run $TESTPROG --apply --user "noexec,nosuid,loop=/dev/looop0" 0x408 &> $TS_OUTPUT ts_finalize_subtest -ts_init_subtest "fix" --ts_valgrind $TESTPROG --fix "uid=root,gid=root" &> $TS_OUTPUT +-ts_run $TESTPROG --fix "uid=root,gid=root" &> $TS_OUTPUT -ts_finalize_subtest - ts_init_subtest "deduplicate" - ts_valgrind $TESTPROG --dedup bbb,ccc,AAA,xxx,AAA=a,AAA=bbb,ddd,AAA=ccc,fff=eee AAA &> $TS_OUTPUT + ts_run $TESTPROG --dedup bbb,ccc,AAA,xxx,AAA=a,AAA=bbb,ddd,AAA=ccc,fff=eee AAA &> $TS_OUTPUT ts_finalize_subtest diff --git a/gnu/packages/patches/xcb-proto-python3-print.patch b/gnu/packages/patches/xcb-proto-python3-print.patch deleted file mode 100644 index 7d5dc9bc27..0000000000 --- a/gnu/packages/patches/xcb-proto-python3-print.patch +++ /dev/null @@ -1,75 +0,0 @@ -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/xcb/proto/commit/?id=bea5e1c85bdc0950913790364e18228f20395a3d - -From bea5e1c85bdc0950913790364e18228f20395a3d Mon Sep 17 00:00:00 2001 -From: Thomas Klausner <wiz@NetBSD.org> -Date: Thu, 19 May 2016 17:30:05 +0200 -Subject: [PATCH] print() is a function and needs parentheses. - -Fixes build with python-3.x. - -Signed-off-by: Thomas Klausner <wiz@NetBSD.org> -Signed-off-by: Uli Schlachter <psychon@znc.in> ---- - xcbgen/xtypes.py | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/xcbgen/xtypes.py b/xcbgen/xtypes.py -index c3b5758..b83b119 100644 ---- a/xcbgen/xtypes.py -+++ b/xcbgen/xtypes.py -@@ -501,7 +501,7 @@ class ComplexType(Type): - int(required_start_align_element.get('align', "4"), 0), - int(required_start_align_element.get('offset', "0"), 0)) - if verbose_align_log: -- print "Explicit start-align for %s: %s\n" % (self, self.required_start_align) -+ print ("Explicit start-align for %s: %s\n" % (self, self.required_start_align)) - - def resolve(self, module): - if self.resolved: -@@ -592,7 +592,7 @@ class ComplexType(Type): - if verbose_align_log: - print ("calc_required_start_align: %s has start-align %s" - % (str(self), str(self.required_start_align))) -- print "Details:\n" + str(log) -+ print ("Details:\n" + str(log)) - if self.required_start_align.offset != 0: - print (("WARNING: %s\n\thas start-align with non-zero offset: %s" - + "\n\tsuggest to add explicit definition with:" -@@ -619,12 +619,12 @@ class ComplexType(Type): - for offset in range(0,align): - align_candidate = Alignment(align, offset) - if verbose_align_log: -- print "trying %s for %s" % (str(align_candidate), str(self)) -+ print ("trying %s for %s" % (str(align_candidate), str(self))) - my_log = AlignmentLog() - if self.is_possible_start_align(align_candidate, callstack, my_log): - log.append(my_log) - if verbose_align_log: -- print "found start-align %s for %s" % (str(align_candidate), str(self)) -+ print ("found start-align %s for %s" % (str(align_candidate), str(self))) - return align_candidate - else: - my_ok_count = my_log.ok_count() -@@ -641,7 +641,7 @@ class ComplexType(Type): - # none of the candidates applies - # this type has illegal internal aligns for all possible start_aligns - if verbose_align_log: -- print "didn't find start-align for %s" % str(self) -+ print ("didn't find start-align for %s" % str(self)) - log.append(best_log) - return None - -@@ -900,7 +900,7 @@ class SwitchType(ComplexType): - # aux function for unchecked_get_alignment_after - def get_align_for_selected_case_field(self, case_field, start_align, callstack, log): - if verbose_align_log: -- print "get_align_for_selected_case_field: %s, case_field = %s" % (str(self), str(case_field)) -+ print ("get_align_for_selected_case_field: %s, case_field = %s" % (str(self), str(case_field))) - total_align = start_align - for field in self.bitcases: - my_callstack = callstack[:] --- -2.11.1 - diff --git a/gnu/packages/patches/xcb-proto-python3-whitespace.patch b/gnu/packages/patches/xcb-proto-python3-whitespace.patch deleted file mode 100644 index f0509138b2..0000000000 --- a/gnu/packages/patches/xcb-proto-python3-whitespace.patch +++ /dev/null @@ -1,217 +0,0 @@ -Fixes compatibility issue with python > 3.5. - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/xcb/proto/commit/?id=ea7a3ac6c658164690e0febb55f4467cb9e0bcac - -From ea7a3ac6c658164690e0febb55f4467cb9e0bcac Mon Sep 17 00:00:00 2001 -From: Thomas Klausner <wiz@NetBSD.org> -Date: Thu, 19 May 2016 17:30:04 +0200 -Subject: [PATCH] Make whitespace use consistent. - -At least python-3.5.x complains about this forcefully. - -Signed-off-by: Thomas Klausner <wiz@NetBSD.org> -Signed-off-by: Uli Schlachter <psychon@znc.in> ---- - xcbgen/align.py | 96 ++++++++++++++++++++++++++++----------------------------- - 1 file changed, 48 insertions(+), 48 deletions(-) - -diff --git a/xcbgen/align.py b/xcbgen/align.py -index 5e31838..d4c12ee 100644 ---- a/xcbgen/align.py -+++ b/xcbgen/align.py -@@ -16,12 +16,12 @@ class Alignment(object): - return self.align == other.align and self.offset == other.offset - - def __str__(self): -- return "(align=%d, offset=%d)" % (self.align, self.offset) -+ return "(align=%d, offset=%d)" % (self.align, self.offset) - - @staticmethod - def for_primitive_type(size): -- # compute the required start_alignment based on the size of the type -- if size % 8 == 0: -+ # compute the required start_alignment based on the size of the type -+ if size % 8 == 0: - # do 8-byte primitives require 8-byte alignment in X11? - return Alignment(8,0) - elif size % 4 == 0: -@@ -33,7 +33,7 @@ class Alignment(object): - - - def align_after_fixed_size(self, size): -- new_offset = (self.offset + size) % self.align -+ new_offset = (self.offset + size) % self.align - return Alignment(self.align, new_offset) - - -@@ -41,7 +41,7 @@ class Alignment(object): - ''' - Assuming the given external_align, checks whether - self is fulfilled for all cases. -- Returns True if yes, False otherwise. -+ Returns True if yes, False otherwise. - ''' - if self.align == 1 and self.offset == 0: - # alignment 1 with offset 0 is always fulfilled -@@ -55,9 +55,9 @@ class Alignment(object): - # the external align guarantees less alignment -> not guaranteed - return False - -- if external_align.align % self.align != 0: -+ if external_align.align % self.align != 0: - # the external align cannot be divided by our align -- # -> not guaranteed -+ # -> not guaranteed - # (this can only happen if there are alignments that are not - # a power of 2, which is highly discouraged. But better be - # safe and check for it) -@@ -72,7 +72,7 @@ class Alignment(object): - - def combine_with(self, other): - # returns the alignment that is guaranteed when -- # both, self or other, can happen -+ # both, self or other, can happen - new_align = gcd(self.align, other.align) - new_offset_candidate1 = self.offset % new_align - new_offset_candidate2 = other.offset % new_align -@@ -83,8 +83,8 @@ class Alignment(object): - new_align = gcd(new_align, offset_diff) - new_offset_candidate1 = self.offset % new_align - new_offset_candidate2 = other.offset % new_align -- assert new_offset_candidate1 == new_offset_candidate2 -- new_offset = new_offset_candidate1 -+ assert new_offset_candidate1 == new_offset_candidate2 -+ new_offset = new_offset_candidate1 - # return the result - return Alignment(new_align, new_offset) - -@@ -92,44 +92,44 @@ class Alignment(object): - class AlignmentLog(object): - - def __init__(self): -- self.ok_list = [] -- self.fail_list = [] -- self.verbosity = 1 -+ self.ok_list = [] -+ self.fail_list = [] -+ self.verbosity = 1 - - def __str__(self): -- result = "" -+ result = "" - -- # output the OK-list -- for (align_before, field_name, type_obj, callstack, align_after) in self.ok_list: -- stacksize = len(callstack) -+ # output the OK-list -+ for (align_before, field_name, type_obj, callstack, align_after) in self.ok_list: -+ stacksize = len(callstack) - indent = ' ' * stacksize -- if self.ok_callstack_is_relevant(callstack): -+ if self.ok_callstack_is_relevant(callstack): - if field_name is None or field_name == "": -- result += (" %sok: %s:\n\t%sbefore: %s, after: %s\n" -- % (indent, str(type_obj), indent, str(align_before), str(align_after))) -- else: -- result += (" %sok: field \"%s\" in %s:\n\t%sbefore: %s, after: %s\n" -- % (indent, str(field_name), str(type_obj), -- indent, str(align_before), str(align_after))) -+ result += (" %sok: %s:\n\t%sbefore: %s, after: %s\n" -+ % (indent, str(type_obj), indent, str(align_before), str(align_after))) -+ else: -+ result += (" %sok: field \"%s\" in %s:\n\t%sbefore: %s, after: %s\n" -+ % (indent, str(field_name), str(type_obj), -+ indent, str(align_before), str(align_after))) - if self.verbosity >= 1: -- result += self.callstack_to_str(indent, callstack) -+ result += self.callstack_to_str(indent, callstack) - -- # output the fail-list -- for (align_before, field_name, type_obj, callstack, reason) in self.fail_list: -- stacksize = len(callstack) -+ # output the fail-list -+ for (align_before, field_name, type_obj, callstack, reason) in self.fail_list: -+ stacksize = len(callstack) - indent = ' ' * stacksize -- if field_name is None or field_name == "": -- result += (" %sfail: align %s is incompatible with\n\t%s%s\n\t%sReason: %s\n" -- % (indent, str(align_before), indent, str(type_obj), indent, reason)) -- else: -- result += (" %sfail: align %s is incompatible with\n\t%sfield \"%s\" in %s\n\t%sReason: %s\n" -- % (indent, str(align_before), indent, str(field_name), str(type_obj), indent, reason)) -+ if field_name is None or field_name == "": -+ result += (" %sfail: align %s is incompatible with\n\t%s%s\n\t%sReason: %s\n" -+ % (indent, str(align_before), indent, str(type_obj), indent, reason)) -+ else: -+ result += (" %sfail: align %s is incompatible with\n\t%sfield \"%s\" in %s\n\t%sReason: %s\n" -+ % (indent, str(align_before), indent, str(field_name), str(type_obj), indent, reason)) - - if self.verbosity >= 1: -- result += self.callstack_to_str(indent, callstack) -+ result += self.callstack_to_str(indent, callstack) - - -- return result -+ return result - - - def callstack_to_str(self, indent, callstack): -@@ -137,41 +137,41 @@ class AlignmentLog(object): - for stack_elem in callstack: - result += "\t %s%s\n" % (indent, str(stack_elem)) - result += "\t%s]\n" % indent -- return result -+ return result - - - def ok_callstack_is_relevant(self, ok_callstack): - # determine whether an ok callstack is relevant for logging -- if self.verbosity >= 2: -- return True -+ if self.verbosity >= 2: -+ return True - - # empty callstacks are always relevant -- if len(ok_callstack) == 0: -+ if len(ok_callstack) == 0: - return True - -- # check whether the ok_callstack is a subset or equal to a fail_callstack -+ # check whether the ok_callstack is a subset or equal to a fail_callstack - for (align_before, field_name, type_obj, fail_callstack, reason) in self.fail_list: - if len(ok_callstack) <= len(fail_callstack): - zipped = zip(ok_callstack, fail_callstack[:len(ok_callstack)]) -- is_subset = all([i == j for i, j in zipped]) -- if is_subset: -+ is_subset = all([i == j for i, j in zipped]) -+ if is_subset: - return True - - return False - - - def ok(self, align_before, field_name, type_obj, callstack, align_after): -- self.ok_list.append((align_before, field_name, type_obj, callstack, align_after)) -+ self.ok_list.append((align_before, field_name, type_obj, callstack, align_after)) - - def fail(self, align_before, field_name, type_obj, callstack, reason): -- self.fail_list.append((align_before, field_name, type_obj, callstack, reason)) -+ self.fail_list.append((align_before, field_name, type_obj, callstack, reason)) - - def append(self, other): -- self.ok_list.extend(other.ok_list) -- self.fail_list.extend(other.fail_list) -+ self.ok_list.extend(other.ok_list) -+ self.fail_list.extend(other.fail_list) - - def ok_count(self): -- return len(self.ok_list) -+ return len(self.ok_list) - - - --- -2.11.1 - |