summary refs log tree commit diff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2018-01-19 23:59:20 -0500
committerMark H Weaver <mhw@netris.org>2018-01-19 23:59:20 -0500
commite074a655dd6497daafbd62737e3b63f3d5aa7985 (patch)
tree2b198ba5c664cdd58e155f3c0113d1cebde0fc91 /gnu/packages/patches
parent6d7b26a39faf42c37f15dc64a30a77e5e194ea23 (diff)
parentccb5cac17be98aaa9c3225605d6170c675d8e8e6 (diff)
downloadguix-e074a655dd6497daafbd62737e3b63f3d5aa7985.tar.gz
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/dtc-32-bits-check.patch134
-rw-r--r--gnu/packages/patches/dtc-format-modifier.patch38
-rw-r--r--gnu/packages/patches/emacs-json-reformat-fix-tests.patch32
-rw-r--r--gnu/packages/patches/libexif-CVE-2016-6328.patch72
-rw-r--r--gnu/packages/patches/lxterminal-CVE-2016-10369.patch37
-rw-r--r--gnu/packages/patches/ninja-zero-mtime.patch19
-rw-r--r--gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch45
-rw-r--r--gnu/packages/patches/transmission-fix-dns-rebinding-vuln.patch302
-rw-r--r--gnu/packages/patches/webkitgtk-mitigate-spectre.patch107
9 files changed, 406 insertions, 380 deletions
diff --git a/gnu/packages/patches/dtc-32-bits-check.patch b/gnu/packages/patches/dtc-32-bits-check.patch
deleted file mode 100644
index cf15be3404..0000000000
--- a/gnu/packages/patches/dtc-32-bits-check.patch
+++ /dev/null
@@ -1,134 +0,0 @@
-This fixes tests on 32 bits platforms. Patch taken from upstream.
-
-commit f8872e29ce06d78d3db71b3ab26a7465fc8a9586
-Author: David Gibson <david@gibson.dropbear.id.au>
-Date:   Fri Oct 6 23:07:30 2017 +1100
-
-    tests: Avoid 64-bit arithmetic in assembler
-    
-    For testing we (ab)use the assembler to build us a sample dtb, independent
-    of the other tools (dtc and libfdt) that we're trying to test.  In a few
-    places this uses 64-bit arithmetic to decompose 64-bit constants into
-    the individual bytes in the blob.
-    
-    Unfortunately, it seems that some builds of GNU as don't support >32 bit
-    arithmetic, though it's not entirely clear to me which do and which don't
-    (Fedora i386 does support 64-bit, Debian arm32 doesn't).
-    
-    Anyway, to be safe, this avoids 64-bit arithmetic in assembler at the cost
-    of some extra awkwardness because we have to define the values in 32-bit
-    halves.
-    
-    Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
-
-diff --git a/tests/testdata.h b/tests/testdata.h
-index 3588778..f6bbe1d 100644
---- a/tests/testdata.h
-+++ b/tests/testdata.h
-@@ -4,15 +4,25 @@
- #define ASM_CONST_LL(x)	(x##ULL)
- #endif
- 
--#define TEST_ADDR_1	ASM_CONST_LL(0xdeadbeef00000000)
--#define TEST_SIZE_1	ASM_CONST_LL(0x100000)
--#define TEST_ADDR_2	ASM_CONST_LL(123456789)
--#define TEST_SIZE_2	ASM_CONST_LL(010000)
-+#define TEST_ADDR_1H	ASM_CONST_LL(0xdeadbeef)
-+#define TEST_ADDR_1L	ASM_CONST_LL(0x00000000)
-+#define TEST_ADDR_1	((TEST_ADDR_1H << 32) | TEST_ADDR_1L)
-+#define TEST_SIZE_1H	ASM_CONST_LL(0x00000000)
-+#define TEST_SIZE_1L	ASM_CONST_LL(0x00100000)
-+#define TEST_SIZE_1	((TEST_SIZE_1H << 32) | TEST_SIZE_1L)
-+#define TEST_ADDR_2H	ASM_CONST_LL(0)
-+#define TEST_ADDR_2L	ASM_CONST_LL(123456789)
-+#define TEST_ADDR_2	((TEST_ADDR_2H << 32) | TEST_ADDR_2L)
-+#define TEST_SIZE_2H	ASM_CONST_LL(0)
-+#define TEST_SIZE_2L	ASM_CONST_LL(010000)
-+#define TEST_SIZE_2	((TEST_SIZE_2H << 32) | TEST_SIZE_2L)
- 
- #define TEST_VALUE_1	0xdeadbeef
- #define TEST_VALUE_2	123456789
- 
--#define TEST_VALUE64_1	ASM_CONST_LL(0xdeadbeef01abcdef)
-+#define TEST_VALUE64_1H	ASM_CONST_LL(0xdeadbeef)
-+#define TEST_VALUE64_1L	ASM_CONST_LL(0x01abcdef)
-+#define TEST_VALUE64_1	((TEST_VALUE64_1H << 32) | TEST_VALUE64_1L)
- 
- #define PHANDLE_1	0x2000
- #define PHANDLE_2	0x2001
-diff --git a/tests/trees.S b/tests/trees.S
-index 9854d1d..9859914 100644
---- a/tests/trees.S
-+++ b/tests/trees.S
-@@ -7,16 +7,6 @@
- 	.byte	((val) >> 8) & 0xff ; \
- 	.byte	(val) & 0xff	;
- 
--#define FDTQUAD(val) \
--	.byte	((val) >> 56) & 0xff ; \
--	.byte	((val) >> 48) & 0xff ; \
--	.byte	((val) >> 40) & 0xff ; \
--	.byte	((val) >> 32) & 0xff ; \
--	.byte	((val) >> 24) & 0xff ; \
--	.byte	((val) >> 16) & 0xff ; \
--	.byte	((val) >> 8) & 0xff ; \
--	.byte	(val) & 0xff	;
--
- #define TREE_HDR(tree) \
- 	.balign	8		; \
- 	.globl	_##tree		; \
-@@ -33,14 +23,16 @@ tree:	\
- 	FDTLONG(tree##_strings_end - tree##_strings) ; \
- 	FDTLONG(tree##_struct_end - tree##_struct) ;
- 
--#define RSVMAP_ENTRY(addr, len) \
--	FDTQUAD(addr)		; \
--	FDTQUAD(len)		; \
-+#define RSVMAP_ENTRY(addrh, addrl, lenh, lenl) \
-+	FDTLONG(addrh)		; \
-+	FDTLONG(addrl)		; \
-+	FDTLONG(lenh)		; \
-+	FDTLONG(lenl)
- 
- #define EMPTY_RSVMAP(tree) \
- 	.balign	8		; \
- tree##_rsvmap:			; \
--	RSVMAP_ENTRY(0, 0) \
-+	RSVMAP_ENTRY(0, 0, 0, 0) \
- tree##_rsvmap_end:		;
- 
- #define PROPHDR(tree, name, len) \
-@@ -52,9 +44,10 @@ tree##_rsvmap_end:		;
- 	PROPHDR(tree, name, 4) \
- 	FDTLONG(val)		;
- 
--#define PROP_INT64(tree, name, val) \
-+#define PROP_INT64(tree, name, valh, vall) \
- 	PROPHDR(tree, name, 8) \
--	FDTQUAD(val)		;
-+	FDTLONG(valh)		; \
-+	FDTLONG(vall)		;
- 
- #define PROP_STR(tree, name, str) \
- 	PROPHDR(tree, name, 55f - 54f) \
-@@ -81,16 +74,16 @@ tree##_##name:			; \
- 
- 	.balign	8
- test_tree1_rsvmap:
--	RSVMAP_ENTRY(TEST_ADDR_1, TEST_SIZE_1)
--	RSVMAP_ENTRY(TEST_ADDR_2, TEST_SIZE_2)
--	RSVMAP_ENTRY(0, 0)
-+	RSVMAP_ENTRY(TEST_ADDR_1H, TEST_ADDR_1L, TEST_SIZE_1H, TEST_SIZE_1L)
-+	RSVMAP_ENTRY(TEST_ADDR_2H, TEST_ADDR_2L, TEST_SIZE_2H, TEST_SIZE_2L)
-+	RSVMAP_ENTRY(0, 0, 0, 0)
- test_tree1_rsvmap_end:
- 
- test_tree1_struct:
- 	BEGIN_NODE("")
- 	PROP_STR(test_tree1, compatible, "test_tree1")
- 	PROP_INT(test_tree1, prop_int, TEST_VALUE_1)
--	PROP_INT64(test_tree1, prop_int64, TEST_VALUE64_1)
-+	PROP_INT64(test_tree1, prop_int64, TEST_VALUE64_1H, TEST_VALUE64_1L)
- 	PROP_STR(test_tree1, prop_str, TEST_STRING_1)
- 	PROP_INT(test_tree1, address_cells, 1)
- 	PROP_INT(test_tree1, size_cells, 0)
diff --git a/gnu/packages/patches/dtc-format-modifier.patch b/gnu/packages/patches/dtc-format-modifier.patch
deleted file mode 100644
index c33d16857f..0000000000
--- a/gnu/packages/patches/dtc-format-modifier.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-This fixes build on 32 bits platforms. This patch is taken from upstream.
-
-commit 497432fd2131967f349e69dc5d259072151cc4b4
-Author: Thierry Reding <treding@nvidia.com>
-Date:   Wed Sep 27 15:04:09 2017 +0200
-
-    checks: Use proper format modifier for size_t
-    
-    The size of size_t can vary between architectures, so using %ld isn't
-    going to work on 32-bit builds. Use the %zu modifier to make sure it is
-    always correct.
-    
-    Signed-off-by: Thierry Reding <treding@nvidia.com>
-    Acked-by: Rob Herring <robh@kernel.org>
-    Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
-
-diff --git a/checks.c b/checks.c
-index 902f2e3..08a3a29 100644
---- a/checks.c
-+++ b/checks.c
-@@ -972,7 +972,7 @@ static void check_property_phandle_args(struct check *c,
- 	int cell, cellsize = 0;
- 
- 	if (prop->val.len % sizeof(cell_t)) {
--		FAIL(c, dti, "property '%s' size (%d) is invalid, expected multiple of %ld in node %s",
-+		FAIL(c, dti, "property '%s' size (%d) is invalid, expected multiple of %zu in node %s",
- 		     prop->name, prop->val.len, sizeof(cell_t), node->fullpath);
- 		return;
- 	}
-@@ -1163,7 +1163,7 @@ static void check_interrupts_property(struct check *c,
- 		return;
- 
- 	if (irq_prop->val.len % sizeof(cell_t))
--		FAIL(c, dti, "property '%s' size (%d) is invalid, expected multiple of %ld in node %s",
-+		FAIL(c, dti, "property '%s' size (%d) is invalid, expected multiple of %zu in node %s",
- 		     irq_prop->name, irq_prop->val.len, sizeof(cell_t),
- 		     node->fullpath);
- 
diff --git a/gnu/packages/patches/emacs-json-reformat-fix-tests.patch b/gnu/packages/patches/emacs-json-reformat-fix-tests.patch
new file mode 100644
index 0000000000..977e50fc68
--- /dev/null
+++ b/gnu/packages/patches/emacs-json-reformat-fix-tests.patch
@@ -0,0 +1,32 @@
+Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com>
+
+This patch fixes tests for Emacs 25.
+
+Upstream bug URL:
+
+https://github.com/gongo/json-reformat/issues/33
+
+diff --git a/test/json-reformat-test.el b/test/json-reformat-test.el
+index 7de3be1..b4a4dde 100644
+--- a/test/json-reformat-test.el
++++ b/test/json-reformat-test.el
+@@ -58,7 +58,7 @@
+ (ert-deftest json-reformat-test:string-to-string ()
+   (should (string= "\"foobar\"" (json-reformat:string-to-string "foobar")))
+   (should (string= "\"fo\\\"o\\nbar\"" (json-reformat:string-to-string "fo\"o\nbar")))
+-  (should (string= "\"\\u2661\"" (json-reformat:string-to-string "\u2661")))
++  (should (string= "\"♡\"" (json-reformat:string-to-string "\u2661")))
+ 
+   (should (string= "\"^(amq\\\\.gen.*|amq\\\\.default)$\"" (json-reformat:string-to-string "^(amq\\.gen.*|amq\\.default)$")))
+   )
+@@ -148,6 +148,6 @@ bar\"" (json-reformat:string-to-string "fo\"o\nbar")))
+ [{ foo : \"bar\" }, { \"foo\" : \"baz\" }]") ;; At 3 (line)
+         (json-reformat-region (point-min) (point-max)))
+       (should (string=
+-               "JSON parse error [Reason] Bad string format: \"doesn't start with '\\\"'!\" [Position] In buffer, line 3 (char 6)"
++               "JSON parse error [Reason] Bad string format: \"doesn't start with \`\\\"'!\" [Position] In buffer, line 3 (char 6)"
+                message-string))
+       )))
+-- 
+2.15.1
+
diff --git a/gnu/packages/patches/libexif-CVE-2016-6328.patch b/gnu/packages/patches/libexif-CVE-2016-6328.patch
new file mode 100644
index 0000000000..67fee0f528
--- /dev/null
+++ b/gnu/packages/patches/libexif-CVE-2016-6328.patch
@@ -0,0 +1,72 @@
+Fix CVE-2016-6328:
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1366239
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328
+
+Patch copied from upstream source repository:
+
+https://github.com/libexif/libexif/commit/41bd04234b104312f54d25822f68738ba8d7133d
+
+From 41bd04234b104312f54d25822f68738ba8d7133d Mon Sep 17 00:00:00 2001
+From: Marcus Meissner <marcus@jet.franken.de>
+Date: Tue, 25 Jul 2017 23:44:44 +0200
+Subject: [PATCH] fixes some (not all) buffer overreads during decoding pentax
+ makernote entries.
+
+This should fix:
+https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328
+---
+ libexif/pentax/mnote-pentax-entry.c | 16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c
+index d03d159..ea0429a 100644
+--- a/libexif/pentax/mnote-pentax-entry.c
++++ b/libexif/pentax/mnote-pentax-entry.c
+@@ -425,24 +425,34 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
+ 		case EXIF_FORMAT_SHORT:
+ 		  {
+ 			const unsigned char *data = entry->data;
+-		  	size_t k, len = strlen(val);
++		  	size_t k, len = strlen(val), sizeleft;
++
++			sizeleft = entry->size;
+ 		  	for(k=0; k<entry->components; k++) {
++				if (sizeleft < 2)
++					break;
+ 				vs = exif_get_short (data, entry->order);
+ 				snprintf (val+len, maxlen-len, "%i ", vs);
+ 				len = strlen(val);
+ 				data += 2;
++				sizeleft -= 2;
+ 			}
+ 		  }
+ 		  break;
+ 		case EXIF_FORMAT_LONG:
+ 		  {
+ 			const unsigned char *data = entry->data;
+-		  	size_t k, len = strlen(val);
++		  	size_t k, len = strlen(val), sizeleft;
++
++			sizeleft = entry->size;
+ 		  	for(k=0; k<entry->components; k++) {
++				if (sizeleft < 4)
++					break;
+ 				vl = exif_get_long (data, entry->order);
+ 				snprintf (val+len, maxlen-len, "%li", (long int) vl);
+ 				len = strlen(val);
+ 				data += 4;
++				sizeleft -= 4;
+ 			}
+ 		  }
+ 		  break;
+@@ -455,5 +465,5 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
+ 		break;
+ 	}
+ 
+-	return (val);
++	return val;
+ }
+-- 
+2.16.0
+
diff --git a/gnu/packages/patches/lxterminal-CVE-2016-10369.patch b/gnu/packages/patches/lxterminal-CVE-2016-10369.patch
deleted file mode 100644
index 809eef08da..0000000000
--- a/gnu/packages/patches/lxterminal-CVE-2016-10369.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Fix CVE-2016-10369:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10369
-
-Patch copied from upstream source repository:
-
-https://git.lxde.org/gitweb/?p=lxde/lxterminal.git;a=commit;h=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648
-
-From f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648 Mon Sep 17 00:00:00 2001
-From: Yao Wei <mwei@lxde.org>
-Date: Mon, 8 May 2017 00:47:55 +0800
-Subject: [PATCH] fix: use g_get_user_runtime_dir for socket directory
-
-This bug is pointed out by stackexchange user that putting socket file in
-/tmp is a potential risk. Putting the socket dir in user directory could
-mitigate the risk.
----
- src/unixsocket.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/unixsocket.c b/src/unixsocket.c
-index 4c660ac..f88284c 100644
---- a/src/unixsocket.c
-+++ b/src/unixsocket.c
-@@ -140,7 +140,8 @@ gboolean lxterminal_socket_initialize(LXTermWindow * lxtermwin, gint argc, gchar
-      * This function returns TRUE if this process should keep running and FALSE if it should exit. */
- 
-     /* Formulate the path for the Unix domain socket. */
--    gchar * socket_path = g_strdup_printf("/tmp/.lxterminal-socket%s-%s", gdk_display_get_name(gdk_display_get_default()), g_get_user_name());
-+    gchar * socket_path = g_strdup_printf("%s/.lxterminal-socket-%s", g_get_user_runtime_dir(), gdk_display_get_name(gdk_display_get_default()));
-+    printf("%s\n", socket_path);
- 
-     /* Create socket. */
-     int fd = socket(PF_UNIX, SOCK_STREAM, 0);
--- 
-2.1.4
-
diff --git a/gnu/packages/patches/ninja-zero-mtime.patch b/gnu/packages/patches/ninja-zero-mtime.patch
deleted file mode 100644
index c9b9e8d798..0000000000
--- a/gnu/packages/patches/ninja-zero-mtime.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-Work around a design defect in Ninja whereby a zero mtime is used to
-denote missing files (we happen to produce files that have a zero mtime
-and yet really do exist.)
-
---- ninja-1.5.3/src/disk_interface.cc	2014-11-24 18:37:47.000000000 +0100
-+++ ninja-1.5.3/src/disk_interface.cc	2015-07-18 23:20:38.572290139 +0200
-@@ -194,6 +194,12 @@ TimeStamp RealDiskInterface::Stat(const
-     }
-     return -1;
-   }
-+
-+  if (st.st_mtime == 0)
-+    // All the code assumes that mtime == 0 means "file missing".  Here we
-+    // know the file is not missing, so tweak the mtime.
-+    st.st_mtime = 1;
-+
-   return st.st_mtime;
- #endif
- }
diff --git a/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch b/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch
deleted file mode 100644
index 4092261f75..0000000000
--- a/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 49d83e24a8e66977056fc9920812265c16806500 Mon Sep 17 00:00:00 2001
-From: carolili <carolili@iki.fi>
-Date: Thu, 9 Feb 2017 19:24:49 +0000
-Subject: [PATCH] Removing contribs
-
----
- configure.ac | 22 ----------------------
- 1 file changed, 22 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 1cf1051..5d76b44 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -435,28 +435,6 @@ dnl All slurm Makefiles:
- 
- AC_CONFIG_FILES([Makefile
- 		 auxdir/Makefile
--		 contribs/Makefile
--		 contribs/cray/Makefile
--		 contribs/cray/csm/Makefile
--		 contribs/lua/Makefile
--		 contribs/mic/Makefile
--		 contribs/pam/Makefile
--		 contribs/pam_slurm_adopt/Makefile
--		 contribs/perlapi/Makefile
--		 contribs/perlapi/libslurm/Makefile
--		 contribs/perlapi/libslurm/perl/Makefile.PL
--		 contribs/perlapi/libslurmdb/Makefile
--		 contribs/perlapi/libslurmdb/perl/Makefile.PL
--		 contribs/seff/Makefile
--		 contribs/torque/Makefile
--		 contribs/openlava/Makefile
--		 contribs/phpext/Makefile
--		 contribs/phpext/slurm_php/config.m4
--		 contribs/sgather/Makefile
--		 contribs/sgi/Makefile
--		 contribs/sjobexit/Makefile
--		 contribs/slurmdb-direct/Makefile
--		 contribs/pmi2/Makefile
- 		 doc/Makefile
- 		 doc/man/Makefile
- 		 doc/man/man1/Makefile
--- 
-2.11.0
-
diff --git a/gnu/packages/patches/transmission-fix-dns-rebinding-vuln.patch b/gnu/packages/patches/transmission-fix-dns-rebinding-vuln.patch
new file mode 100644
index 0000000000..a3a0cf1608
--- /dev/null
+++ b/gnu/packages/patches/transmission-fix-dns-rebinding-vuln.patch
@@ -0,0 +1,302 @@
+Fix a weakness that allows remote code execution via the Transmission
+RPC server using DNS rebinding:
+
+https://bugs.chromium.org/p/project-zero/issues/detail?id=1447
+
+Patch adapted from Tavis Ormandy's patch on the Transmission master
+branch to the Transmission 2.92 release by Leo Famulari
+<leo@famulari.name>:
+
+https://github.com/transmission/transmission/pull/468/commits
+
+From fe2d3c6e75088f3d9b6040ce06da3d530358bc2f Mon Sep 17 00:00:00 2001
+From: Tavis Ormandy <taviso@google.com>
+Date: Thu, 11 Jan 2018 10:00:41 -0800
+Subject: [PATCH] mitigate dns rebinding attacks against daemon
+
+---
+ libtransmission/quark.c        |   2 + 
+ libtransmission/quark.h        |   2 + 
+ libtransmission/rpc-server.c   | 116 +++++++++++++++++++++++++++++++++++++----
+ libtransmission/rpc-server.h   |   4 ++
+ libtransmission/session.c      |   2 + 
+ libtransmission/transmission.h |   1 + 
+ libtransmission/web.c          |   3 ++
+ 7 files changed, 121 insertions(+), 9 deletions(-)
+
+diff --git a/libtransmission/quark.c b/libtransmission/quark.c
+index 30cc2bca4..b4fd7aabd 100644
+--- a/libtransmission/quark.c
++++ b/libtransmission/quark.c
+@@ -289,6 +289,8 @@ static const struct tr_key_struct my_static[] =
+   { "rpc-authentication-required", 27 },
+   { "rpc-bind-address", 16 },
+   { "rpc-enabled", 11 },
++  { "rpc-host-whitelist", 18 },
++  { "rpc-host-whitelist-enabled", 26 },
+   { "rpc-password", 12 },
+   { "rpc-port", 8 },
+   { "rpc-url", 7 },
+diff --git a/libtransmission/quark.h b/libtransmission/quark.h
+index 7f5212733..17464be8f 100644
+--- a/libtransmission/quark.h
++++ b/libtransmission/quark.h
+@@ -291,6 +291,8 @@ enum
+   TR_KEY_rpc_authentication_required,
+   TR_KEY_rpc_bind_address,
+   TR_KEY_rpc_enabled,
++  TR_KEY_rpc_host_whitelist,
++  TR_KEY_rpc_host_whitelist_enabled,
+   TR_KEY_rpc_password,
+   TR_KEY_rpc_port,
+   TR_KEY_rpc_url,
+diff --git a/libtransmission/rpc-server.c b/libtransmission/rpc-server.c
+index a3485f3fa..292cd5fce 100644
+--- a/libtransmission/rpc-server.c
++++ b/libtransmission/rpc-server.c
+@@ -52,6 +52,7 @@ struct tr_rpc_server
+     bool               isEnabled;
+     bool               isPasswordEnabled;
+     bool               isWhitelistEnabled;
++    bool               isHostWhitelistEnabled;
+     tr_port            port;
+     char             * url;
+     struct in_addr     bindAddress;
+@@ -63,6 +64,7 @@ struct tr_rpc_server
+     char             * password;
+     char             * whitelistStr;
+     tr_list          * whitelist;
++    tr_list          * hostWhitelist;
+ 
+     char             * sessionId;
+     time_t             sessionIdExpiresAt;
+@@ -588,6 +590,49 @@ isAddressAllowed (const tr_rpc_server * server, const char * address)
+   return false;
+ }
+ 
++static bool isHostnameAllowed(tr_rpc_server const* server, struct evhttp_request* req)
++{
++    /* If password auth is enabled, any hostname is permitted. */
++    if (server->isPasswordEnabled)
++    {
++        return true;
++    }
++
++    char const* const host = evhttp_find_header(req->input_headers, "Host");
++
++    // If whitelist is disabled, no restrictions.
++    if (!server->isHostWhitelistEnabled)
++        return true;
++
++    /* No host header, invalid request. */
++    if (host == NULL)
++    {
++        return false;
++    }
++
++    /* Host header might include the port. */
++    char* const hostname = tr_strndup(host, strcspn(host, ":"));
++
++    /* localhost or ipaddress is always acceptable. */
++    if (strcmp(hostname, "localhost") == 0 || strcmp(hostname, "localhost.") == 0 || tr_addressIsIP(hostname))
++    {
++        tr_free(hostname);
++        return true;
++    }
++
++    /* Otherwise, hostname must be whitelisted. */
++    for (tr_list* l = server->hostWhitelist; l != NULL; l = l->next) {
++        if (tr_wildmat(hostname, l->data))
++        {
++            tr_free(hostname);
++            return true;
++        }
++    }
++
++    tr_free(hostname);
++    return false;
++}
++
+ static bool
+ test_session_id (struct tr_rpc_server * server, struct evhttp_request * req)
+ {
+@@ -663,6 +708,23 @@ handle_request (struct evhttp_request * req, void * arg)
+           handle_upload (req, server);
+         }
+ #ifdef REQUIRE_SESSION_ID
++        else if (!isHostnameAllowed(server, req))
++        {
++            char* tmp = tr_strdup_printf(
++                "<p>Transmission received your request, but the hostname was unrecognized.</p>"
++                "<p>To fix this, choose one of the following options:"
++                "<ul>"
++                "<li>Enable password authentication, then any hostname is allowed.</li>"
++                "<li>Add the hostname you want to use to the whitelist in settings.</li>"
++                "</ul></p>"
++                "<p>If you're editing settings.json, see the 'rpc-host-whitelist' and 'rpc-host-whitelist-enabled' entries.</p>"
++                "<p>This requirement has been added to help prevent "
++                "<a href=\"https://en.wikipedia.org/wiki/DNS_rebinding\">DNS Rebinding</a> "
++                "attacks.</p>");
++            send_simple_response(req, 421, tmp);
++            tr_free(tmp);
++        }
++
+       else if (!test_session_id (server, req))
+         {
+           const char * sessionId = get_current_session_id (server);
+@@ -674,7 +736,7 @@ handle_request (struct evhttp_request * req, void * arg)
+             "<li> When you get this 409 error message, resend your request with the updated header"
+             "</ol></p>"
+             "<p>This requirement has been added to help prevent "
+-            "<a href=\"http://en.wikipedia.org/wiki/Cross-site_request_forgery\">CSRF</a> "
++            "<a href=\"https://en.wikipedia.org/wiki/Cross-site_request_forgery\">CSRF</a> "
+             "attacks.</p>"
+             "<p><code>%s: %s</code></p>",
+             TR_RPC_SESSION_ID_HEADER, sessionId);
+@@ -875,19 +937,14 @@ tr_rpcGetUrl (const tr_rpc_server * server)
+   return server->url ? server->url : "";
+ }
+ 
+-void
+-tr_rpcSetWhitelist (tr_rpc_server * server, const char * whitelistStr)
++static void
++tr_rpcSetList (char const* whitelistStr, tr_list** list)
+ {
+   void * tmp;
+   const char * walk;
+ 
+-  /* keep the string */
+-  tmp = server->whitelistStr;
+-  server->whitelistStr = tr_strdup (whitelistStr);
+-  tr_free (tmp);
+-
+   /* clear out the old whitelist entries */
+-  while ((tmp = tr_list_pop_front (&server->whitelist)))
++  while ((tmp = tr_list_pop_front (list)) != NULL)
+     tr_free (tmp);
+ 
+   /* build the new whitelist entries */
+@@ -896,7 +953,7 @@ tr_rpcSetWhitelist (tr_rpc_server * server, const char * whitelistStr)
+       const char * delimiters = " ,;";
+       const size_t len = strcspn (walk, delimiters);
+       char * token = tr_strndup (walk, len);
+-      tr_list_append (&server->whitelist, token);
++      tr_list_append (list, token);
+       if (strcspn (token, "+-") < len)
+         tr_logAddNamedInfo (MY_NAME, "Adding address to whitelist: %s (And it has a '+' or '-'!  Are you using an old ACL by mistake?)", token);
+       else
+@@ -909,6 +966,21 @@ tr_rpcSetWhitelist (tr_rpc_server * server, const char * whitelistStr)
+     }
+ }
+ 
++void tr_rpcSetHostWhitelist(tr_rpc_server* server, char const* whitelistStr)
++{
++    tr_rpcSetList(whitelistStr, &server->hostWhitelist);
++}
++
++void tr_rpcSetWhitelist(tr_rpc_server* server, char const* whitelistStr)
++{
++    /* keep the string */
++    char* const tmp = server->whitelistStr;
++    server->whitelistStr = tr_strdup(whitelistStr);
++    tr_free(tmp);
++
++    tr_rpcSetList(whitelistStr, &server->whitelist);
++}
++
+ const char*
+ tr_rpcGetWhitelist (const tr_rpc_server * server)
+ {
+@@ -930,6 +1002,11 @@ tr_rpcGetWhitelistEnabled (const tr_rpc_server * server)
+   return server->isWhitelistEnabled;
+ }
+ 
++void tr_rpcSetHostWhitelistEnabled(tr_rpc_server* server, bool isEnabled)
++{
++    server->isHostWhitelistEnabled = isEnabled;
++}
++
+ /****
+ *****  PASSWORD
+ ****/
+@@ -1063,6 +1140,28 @@ tr_rpcInit (tr_session  * session, tr_variant * settings)
+   else
+     tr_rpcSetWhitelistEnabled (s, boolVal);
+ 
++  key = TR_KEY_rpc_host_whitelist_enabled;
++
++  if (!tr_variantDictFindBool(settings, key, &boolVal))
++  {
++      missing_settings_key(key);
++  }
++  else
++  {
++      tr_rpcSetHostWhitelistEnabled(s, boolVal);
++  }
++
++  key = TR_KEY_rpc_host_whitelist;
++
++  if (!tr_variantDictFindStr(settings, key, &str, NULL) && str != NULL)
++  {
++      missing_settings_key(key);
++  }
++  else
++  {
++      tr_rpcSetHostWhitelist(s, str);
++  }
++
+   key = TR_KEY_rpc_authentication_required;
+   if (!tr_variantDictFindBool (settings, key, &boolVal))
+     missing_settings_key (key);
+diff --git a/libtransmission/rpc-server.h b/libtransmission/rpc-server.h
+index e0302c5ea..8c9e6b24e 100644
+--- a/libtransmission/rpc-server.h
++++ b/libtransmission/rpc-server.h
+@@ -49,6 +49,10 @@ void            tr_rpcSetWhitelist (tr_rpc_server * server,
+ 
+ const char*     tr_rpcGetWhitelist (const tr_rpc_server * server);
+ 
++void tr_rpcSetHostWhitelistEnabled(tr_rpc_server* server, bool isEnabled);
++
++void tr_rpcSetHostWhitelist(tr_rpc_server* server, char const* whitelist);
++
+ void            tr_rpcSetPassword (tr_rpc_server * server,
+                                    const char *    password);
+ 
+diff --git a/libtransmission/session.c b/libtransmission/session.c
+index 844cadba8..58b717913 100644
+--- a/libtransmission/session.c
++++ b/libtransmission/session.c
+@@ -359,6 +359,8 @@ tr_sessionGetDefaultSettings (tr_variant * d)
+   tr_variantDictAddStr  (d, TR_KEY_rpc_username,                    "");
+   tr_variantDictAddStr  (d, TR_KEY_rpc_whitelist,                   TR_DEFAULT_RPC_WHITELIST);
+   tr_variantDictAddBool (d, TR_KEY_rpc_whitelist_enabled,           true);
++  tr_variantDictAddStr(d, TR_KEY_rpc_host_whitelist, TR_DEFAULT_RPC_HOST_WHITELIST);
++  tr_variantDictAddBool(d, TR_KEY_rpc_host_whitelist_enabled, true);
+   tr_variantDictAddInt  (d, TR_KEY_rpc_port,                        atoi (TR_DEFAULT_RPC_PORT_STR));
+   tr_variantDictAddStr  (d, TR_KEY_rpc_url,                         TR_DEFAULT_RPC_URL_STR);
+   tr_variantDictAddBool (d, TR_KEY_scrape_paused_torrents_enabled,  true);
+diff --git a/libtransmission/transmission.h b/libtransmission/transmission.h
+index 4f76adfd6..e213a8f4e 100644
+--- a/libtransmission/transmission.h
++++ b/libtransmission/transmission.h
+@@ -123,6 +123,7 @@ const char* tr_getDefaultDownloadDir (void);
+ #define TR_DEFAULT_BIND_ADDRESS_IPV4        "0.0.0.0"
+ #define TR_DEFAULT_BIND_ADDRESS_IPV6             "::"
+ #define TR_DEFAULT_RPC_WHITELIST          "127.0.0.1"
++#define TR_DEFAULT_RPC_HOST_WHITELIST              ""
+ #define TR_DEFAULT_RPC_PORT_STR                "9091"
+ #define TR_DEFAULT_RPC_URL_STR       "/transmission/"
+ #define TR_DEFAULT_PEER_PORT_STR              "51413"
+diff --git a/libtransmission/web.c b/libtransmission/web.c
+index ee495e9fc..c7f062730 100644
+--- a/libtransmission/web.c
++++ b/libtransmission/web.c
+@@ -594,6 +594,7 @@ tr_webGetResponseStr (long code)
+       case 415: return "Unsupported Media Type";
+       case 416: return "Requested Range Not Satisfiable";
+       case 417: return "Expectation Failed";
++      case 421: return "Misdirected Request";
+       case 500: return "Internal Server Error";
+       case 501: return "Not Implemented";
+       case 502: return "Bad Gateway";
diff --git a/gnu/packages/patches/webkitgtk-mitigate-spectre.patch b/gnu/packages/patches/webkitgtk-mitigate-spectre.patch
deleted file mode 100644
index 3d983ede66..0000000000
--- a/gnu/packages/patches/webkitgtk-mitigate-spectre.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-Disable SharedArrayBuffers to mitigate Spectre.  Based on:
-
-  https://trac.webkit.org/changeset/226386/webkit
-
-Backported to webkitgtk-2.18.4 by Mark H Weaver <mhw@netris.org>
-
-
---- webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.h.orig	2017-12-19 02:23:07.000000000 -0500
-+++ webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.h	2018-01-06 19:28:55.985066986 -0500
-@@ -338,8 +338,10 @@
-     WriteBarrier<Structure> m_moduleLoaderStructure;
-     WriteBarrier<JSArrayBufferPrototype> m_arrayBufferPrototype;
-     WriteBarrier<Structure> m_arrayBufferStructure;
-+#if ENABLE(SHARED_ARRAY_BUFFER)
-     WriteBarrier<JSArrayBufferPrototype> m_sharedArrayBufferPrototype;
-     WriteBarrier<Structure> m_sharedArrayBufferStructure;
-+#endif
- 
- #define DEFINE_STORAGE_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \
-     WriteBarrier<capitalName ## Prototype> m_ ## lowerName ## Prototype; \
-@@ -670,8 +672,13 @@
-         switch (sharingMode) {
-         case ArrayBufferSharingMode::Default:
-             return m_arrayBufferPrototype.get();
-+#if ENABLE(SHARED_ARRAY_BUFFER)
-         case ArrayBufferSharingMode::Shared:
-             return m_sharedArrayBufferPrototype.get();
-+#else
-+        default:
-+            return m_arrayBufferPrototype.get();
-+#endif
-         }
-     }
-     Structure* arrayBufferStructure(ArrayBufferSharingMode sharingMode) const
-@@ -679,8 +686,13 @@
-         switch (sharingMode) {
-         case ArrayBufferSharingMode::Default:
-             return m_arrayBufferStructure.get();
-+#if ENABLE(SHARED_ARRAY_BUFFER)
-         case ArrayBufferSharingMode::Shared:
-             return m_sharedArrayBufferStructure.get();
-+#else
-+        default:
-+            return m_arrayBufferStructure.get();
-+#endif
-         }
-         RELEASE_ASSERT_NOT_REACHED();
-         return nullptr;
---- webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.cpp.orig	2017-12-19 02:23:07.000000000 -0500
-+++ webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.cpp	2018-01-06 19:27:16.628574304 -0500
-@@ -574,8 +574,10 @@
-     
-     m_arrayBufferPrototype.set(vm, this, JSArrayBufferPrototype::create(vm, this, JSArrayBufferPrototype::createStructure(vm, this, m_objectPrototype.get()), ArrayBufferSharingMode::Default));
-     m_arrayBufferStructure.set(vm, this, JSArrayBuffer::createStructure(vm, this, m_arrayBufferPrototype.get()));
-+#if ENABLE(SHARED_ARRAY_BUFFER)
-     m_sharedArrayBufferPrototype.set(vm, this, JSArrayBufferPrototype::create(vm, this, JSArrayBufferPrototype::createStructure(vm, this, m_objectPrototype.get()), ArrayBufferSharingMode::Shared));
-     m_sharedArrayBufferStructure.set(vm, this, JSArrayBuffer::createStructure(vm, this, m_sharedArrayBufferPrototype.get()));
-+#endif
- 
-     m_iteratorPrototype.set(vm, this, IteratorPrototype::create(vm, this, IteratorPrototype::createStructure(vm, this, m_objectPrototype.get())));
-     m_generatorPrototype.set(vm, this, GeneratorPrototype::create(vm, this, GeneratorPrototype::createStructure(vm, this, m_iteratorPrototype.get())));
-@@ -620,10 +622,11 @@
-     
-     JSArrayBufferConstructor* arrayBufferConstructor = JSArrayBufferConstructor::create(vm, JSArrayBufferConstructor::createStructure(vm, this, m_functionPrototype.get()), m_arrayBufferPrototype.get(), m_speciesGetterSetter.get(), ArrayBufferSharingMode::Default);
-     m_arrayBufferPrototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, arrayBufferConstructor, DontEnum);
-+#if ENABLE(SHARED_ARRAY_BUFFER)
-     JSArrayBufferConstructor* sharedArrayBufferConstructor = nullptr;
-     sharedArrayBufferConstructor = JSArrayBufferConstructor::create(vm, JSArrayBufferConstructor::createStructure(vm, this, m_functionPrototype.get()), m_sharedArrayBufferPrototype.get(), m_speciesGetterSetter.get(), ArrayBufferSharingMode::Shared);
-     m_sharedArrayBufferPrototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, sharedArrayBufferConstructor, DontEnum);
--    
-+#endif
- #define CREATE_CONSTRUCTOR_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \
- capitalName ## Constructor* lowerName ## Constructor = capitalName ## Constructor::create(vm, capitalName ## Constructor::createStructure(vm, this, m_functionPrototype.get()), m_ ## lowerName ## Prototype.get(), m_speciesGetterSetter.get()); \
- m_ ## lowerName ## Prototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, lowerName ## Constructor, DontEnum); \
-@@ -686,7 +689,9 @@
-     putDirectWithoutTransition(vm, vm.propertyNames->builtinNames().ArrayPrivateName(), arrayConstructor, DontEnum | DontDelete | ReadOnly);
- 
-     putDirectWithoutTransition(vm, vm.propertyNames->ArrayBuffer, arrayBufferConstructor, DontEnum);
-+#if ENABLE(SHARED_ARRAY_BUFFER)
-     putDirectWithoutTransition(vm, vm.propertyNames->SharedArrayBuffer, sharedArrayBufferConstructor, DontEnum);
-+#endif
- 
- #define PUT_CONSTRUCTOR_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \
- putDirectWithoutTransition(vm, vm.propertyNames-> jsName, lowerName ## Constructor, DontEnum); \
-@@ -1288,8 +1293,10 @@
-     
-     visitor.append(thisObject->m_arrayBufferPrototype);
-     visitor.append(thisObject->m_arrayBufferStructure);
-+#if ENABLE(SHARED_ARRAY_BUFFER)
-     visitor.append(thisObject->m_sharedArrayBufferPrototype);
-     visitor.append(thisObject->m_sharedArrayBufferStructure);
-+#endif
- 
- #define VISIT_SIMPLE_TYPE(CapitalName, lowerName, properName, instanceType, jsName, prototypeBase) \
-     visitor.append(thisObject->m_ ## lowerName ## Prototype); \
---- webkitgtk-2.18.4/Source/WTF/wtf/Platform.h.orig	2017-10-16 08:18:56.000000000 -0400
-+++ webkitgtk-2.18.4/Source/WTF/wtf/Platform.h	2018-01-06 19:29:52.897349199 -0500
-@@ -1190,6 +1190,9 @@
- #define HAVE_NS_ACTIVITY 1
- #endif
- 
-+/* Disable SharedArrayBuffers until Spectre security concerns are mitigated. */
-+#define ENABLE_SHARED_ARRAY_BUFFER 0
-+
- #if (OS(DARWIN) && USE(CG)) || (USE(FREETYPE) && !PLATFORM(GTK)) || (PLATFORM(WIN) && (USE(CG) || USE(CAIRO)))
- #undef ENABLE_OPENTYPE_MATH
- #define ENABLE_OPENTYPE_MATH 1