diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2017-03-09 16:35:41 +0100 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2017-03-09 16:35:41 +0100 |
| commit | e90e0fad1b3ba79d81f02424e143ee6f4f736e8b (patch) | |
| tree | 2c26190fd9114199b0ef79303e18a61100cab4af /gnu/packages/patches | |
| parent | 8ea0700d231a8819fc7e8332e9685f0ce15c174e (diff) | |
| parent | 9ec2a4d3fec44f08a55df9f5f3d1a04b83e7fcf6 (diff) | |
| download | guix-e90e0fad1b3ba79d81f02424e143ee6f4f736e8b.tar.gz | |
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches')
27 files changed, 924 insertions, 629 deletions
diff --git a/gnu/packages/patches/arb-ldconfig.patch b/gnu/packages/patches/arb-ldconfig.patch deleted file mode 100644 index 478ec5a6f0..0000000000 --- a/gnu/packages/patches/arb-ldconfig.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff -u -r arb-2.8.1.orig/configure arb-2.8.1/configure ---- arb-2.8.1.orig/configure 2015-12-31 17:30:01.000000000 +0100 -+++ arb-2.8.1/configure 2016-01-20 16:41:41.336726596 +0100 -@@ -647,6 +647,7 @@ - echo "ARB_SHARED=$SHARED" >> Makefile - echo "ARB_LIB=$ARB_LIB" >> Makefile - echo "ARB_LIBNAME=$ARB_LIBNAME" >> Makefile -+echo "ARB_MAJOR=$ARB_MAJOR" >> Makefile - echo "ARB_SOLIB=$ARB_SOLIB" >> Makefile - echo "EXEEXT=$EXEEXT" >> Makefile - echo "PREFIX=$PREFIX" >> Makefile -diff -u -r arb-2.8.1.orig/Makefile.in arb-2.8.1/Makefile.in ---- arb-2.8.1.orig/Makefile.in 2015-12-31 17:30:01.000000000 +0100 -+++ arb-2.8.1/Makefile.in 2016-01-20 16:30:32.575298517 +0100 -@@ -101,6 +101,7 @@ - $(LDCONFIG) -n "$(CURDIR)"; \ - fi - ln -sf "$(ARB_LIB)" "$(ARB_LIBNAME)"; \ -+ ln -sf "$(ARB_LIB)" "$(ARB_LIBNAME).$(ARB_MAJOR)"; \ - - libarb.a: $(OBJS) $(LIB_SOURCES) $(EXT_SOURCES) $(HEADERS) $(EXT_HEADERS) | build build/interfaces - $(AT)$(foreach ext, $(EXTENSIONS), $(foreach dir, $(patsubst $(ext)/%.h, %, $(wildcard $(ext)/*.h)), mkdir -p build/$(dir); BUILD_DIR=$(CURDIR)/build/$(dir); export BUILD_DIR; MOD_DIR=$(dir); export MOD_DIR; $(MAKE) -f $(CURDIR)/Makefile.subdirs -C $(ext)/$(dir) static || exit $$?;)) diff --git a/gnu/packages/patches/gnupg-2.1-fix-Y2038-test-failure.patch b/gnu/packages/patches/gnupg-2.1-fix-Y2038-test-failure.patch new file mode 100644 index 0000000000..b3a198c499 --- /dev/null +++ b/gnu/packages/patches/gnupg-2.1-fix-Y2038-test-failure.patch @@ -0,0 +1,67 @@ +Fix a Y2038 test failure on systems where time_t is a signed 32-bit value: + +https://bugs.gnupg.org/gnupg/issue2988 + +Patch copied from upstream source repository: + +https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=de3838372ae3cdecbd83eea2c53c8e2656d93052 + +From de3838372ae3cdecbd83eea2c53c8e2656d93052 Mon Sep 17 00:00:00 2001 +From: Justus Winter <justus@g10code.com> +Date: Tue, 7 Mar 2017 12:18:59 +0100 +Subject: [PATCH] tests: Avoid overflowing signed 32 bit time_t. + +* tests/openpgp/quick-key-manipulation.scm: Use expiration times in +the year 2038 instead of 2105 to avoid overflowing 32 bit time_t. +time_t is used internally to parse the expiraton time from the iso +timestamp. + +GnuPG-bug-id: 2988 +Signed-off-by: Justus Winter <justus@g10code.com> +--- + tests/openpgp/quick-key-manipulation.scm | 15 +++++++++++---- + 1 file changed, 11 insertions(+), 4 deletions(-) + +diff --git a/tests/openpgp/quick-key-manipulation.scm b/tests/openpgp/quick-key-manipulation.scm +index 10f0bfe21..08ef62613 100755 +--- a/tests/openpgp/quick-key-manipulation.scm ++++ b/tests/openpgp/quick-key-manipulation.scm +@@ -125,8 +125,13 @@ + (default default never) + (rsa "sign auth encr" "seconds=600") ;; GPGME uses this + (rsa "auth,encr" "2") ;; "without a letter, days is assumed" +- (rsa "sign" "2105-01-01") ;; "last year GnuPG can represent is 2105" +- (rsa "sign" "21050101T115500") ;; "last year GnuPG can represent is 2105" ++ ;; Sadly, the timestamp is truncated by the use of time_t on ++ ;; systems where time_t is a signed 32 bit value. ++ (rsa "sign" "2038-01-01") ;; unix millennium ++ (rsa "sign" "20380101T115500") ;; unix millennium ++ ;; Once fixed, we can use later timestamps: ++ ;; (rsa "sign" "2105-01-01") ;; "last year GnuPG can represent is 2105" ++ ;; (rsa "sign" "21050101T115500") ;; "last year GnuPG can represent is 2105" + (rsa sign "2d") + (rsa1024 sign "2w") + (rsa2048 encr "2m") +@@ -157,7 +162,8 @@ + (lambda (subkey) + (assert (= 1 (:alg subkey))) + (assert (string-contains? (:cap subkey) "s")) +- (assert (time-matches? 4260207600 ;; 2105-01-01 ++ (assert (time-matches? 2145916800 ;; 2038-01-01 ++ ;; 4260207600 ;; 2105-01-01 + (string->number (:expire subkey)) + ;; This is off by 12h, but I guess it just + ;; choses the middle of the day. +@@ -165,7 +171,8 @@ + (lambda (subkey) + (assert (= 1 (:alg subkey))) + (assert (string-contains? (:cap subkey) "s")) +- (assert (time-matches? 4260254100 ;; UTC 2105-01-01 11:55:00 ++ (assert (time-matches? 2145959700 ;; UTC 2038-01-01 11:55:00 ++ ;; 4260254100 ;; UTC 2105-01-01 11:55:00 + (string->number (:expire subkey)) + (minutes->seconds 5)))) + (lambda (subkey) +-- +2.12.0 + diff --git a/gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch b/gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch deleted file mode 100644 index 4c6c7ed06e..0000000000 --- a/gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch +++ /dev/null @@ -1,32 +0,0 @@ -This fixes a test failure on i686. - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=5e2e111627871c566ffc6607eda8f4ef4699d040 - -From 5e2e111627871c566ffc6607eda8f4ef4699d040 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> -Date: Thu, 2 Feb 2017 14:56:39 +0200 -Subject: [PATCH] multifdsink: Make sure to use a 64 bit integer for the - units-max property - ---- - tests/check/elements/multifdsink.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tests/check/elements/multifdsink.c b/tests/check/elements/multifdsink.c -index af138cc92..951b1b9fa 100644 ---- a/tests/check/elements/multifdsink.c -+++ b/tests/check/elements/multifdsink.c -@@ -869,7 +869,7 @@ GST_START_TEST (test_client_kick) - gint i, initial_buffers = 3, num_buffers = 0; - - sink = setup_multifdsink (); -- g_object_set (sink, "units-max", initial_buffers, NULL); -+ g_object_set (sink, "units-max", (gint64) initial_buffers, NULL); - - fail_if (pipe (pfd1) == -1); - fail_if (pipe (pfd2) == -1); --- -2.11.0 - diff --git a/gnu/packages/patches/jacal-fix-texinfo.patch b/gnu/packages/patches/jacal-fix-texinfo.patch new file mode 100644 index 0000000000..83e44a3164 --- /dev/null +++ b/gnu/packages/patches/jacal-fix-texinfo.patch @@ -0,0 +1,92 @@ +Fix the broken Texinfo in the Jacal package documentation + +--- jacal/jacal.texi,orig 2017-02-23 20:35:55.303980444 +0100 ++++ jacal/jacal.texi 2017-02-23 20:53:14.539024674 +0100 +@@ -343,7 +343,7 @@ + + With the standard input grammar, the precedence of @samp{-} as a prefix + behaves strangely. @code{a^-b*c} becomes @code{a^(-b*c)} while +-@code{@result{a^b*c} (a^b)*c}. ++@code{a^b*c @result{} (a^b)*c}. + + Using @code{divide} to divide a polynomial by an integer does not work. + +@@ -675,8 +675,9 @@ + e1: --------- + a + @end example ++@end deffn + +-@deffnx Command suchthat var exp ++@deffn Command suchthat var exp + + If an expression rather than an equation is given to @code{suchthat}, it + is as though the equation @code{@var{exp}=0} was given. +@@ -688,8 +689,9 @@ + e2: --------- + a + @end example ++@end deffn + +-@deffnx Operator | var exp_or_eqn ++@deffn Operator | var exp_or_eqn + + An alternative infix notation is also available for @code{suchthat}. + +@@ -857,8 +859,9 @@ + + Returns the degree of polynomial or equation @var{poly} in variable + @var{var}. ++@end deffn + +-@deffnx Operator degree poly ++@deffn Operator degree poly + + Returns the total-degree, the degree of its highest degree monomial, + of polynomial or equation @var{poly}. +@@ -1016,10 +1019,12 @@ + Returns @var{poly1} reduced with respect to @var{poly2} (or @var{eqn}) + and @var{var}. If @var{poly2} is univariate, the third argument is not + needed. ++@end deffn + +-@deffnx Command mod poly1 n ++@deffn Command mod poly1 n + Returns @var{poly1} with all the coefficients taken modulo @var{n}. +-@deffnx Command mod poly1 ++@end deffn ++@deffn Command mod poly1 + Returns @var{poly1} with all the coefficients taken modulo the + current modulus. + +@@ -1220,8 +1225,9 @@ + e1: -1 2 3 5 + @end group + @end example ++@end deffn + +-@deffnx Command factor polyratio ++@deffn Command factor polyratio + Given a univariate ratio of polynomials @var{polyratio}, returns a + matrix of factors and exponents. + +@@ -2028,7 +2034,7 @@ + formed from the pair-wise products of components of the inputs. For + example, for the input tensors @code{x[a,b]} and @code{y[c]} + @example +-@result{z:tmult(x,y);} z[a,b,c] = x[a,b]*y[c] ++z:tmult(x,y); @result{} z[a,b,c] = x[a,b]*y[c] + @end example + + With an additional argument, @code{tmult} will produce the inner product +@@ -2464,8 +2470,9 @@ + If you do not wish to return to Jacal but really want to terminate the + session and return to the operating system, then after typing + @code{qed();}, type @code{(slib:exit)} or use @code{quit}. ++@end deffn + +-@deffnx Command quit ++@deffn Command quit + Exit directly from Jacal to the operating system. You will not be able + to continue your Jacal session. + diff --git a/gnu/packages/patches/kio-CVE-2017-6410.patch b/gnu/packages/patches/kio-CVE-2017-6410.patch new file mode 100644 index 0000000000..748636f806 --- /dev/null +++ b/gnu/packages/patches/kio-CVE-2017-6410.patch @@ -0,0 +1,53 @@ +Fix CVE-2017-6410, "Information Leak when accessing https when using a +malicious PAC file": + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6410 +https://www.kde.org/info/security/advisory-20170228-1.txt + +Patch copied from upstream source repository: + +https://cgit.kde.org/kio.git/commit/?id=f9d0cb47cf94e209f6171ac0e8d774e68156a6e4 + +From f9d0cb47cf94e209f6171ac0e8d774e68156a6e4 Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid <aacid@kde.org> +Date: Tue, 28 Feb 2017 19:00:48 +0100 +Subject: Sanitize URLs before passing them to FindProxyForURL + +Remove user/password information +For https: remove path and query + +Thanks to safebreach.com for reporting the problem + +CCMAIL: yoni.fridburg@safebreach.com +CCMAIL: amit.klein@safebreach.com +CCMAIL: itzik.kotler@safebreach.com +--- + src/kpac/script.cpp | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/src/kpac/script.cpp b/src/kpac/script.cpp +index a0235f7..2485c54 100644 +--- a/src/kpac/script.cpp ++++ b/src/kpac/script.cpp +@@ -754,9 +754,16 @@ QString Script::evaluate(const QUrl &url) + } + } + ++ QUrl cleanUrl = url; ++ cleanUrl.setUserInfo(QString()); ++ if (cleanUrl.scheme() == QLatin1String("https")) { ++ cleanUrl.setPath(QString()); ++ cleanUrl.setQuery(QString()); ++ } ++ + QScriptValueList args; +- args << url.url(); +- args << url.host(); ++ args << cleanUrl.url(); ++ args << cleanUrl.host(); + + QScriptValue result = func.call(QScriptValue(), args); + if (result.isError()) { +-- +cgit v0.11.2 + diff --git a/gnu/packages/patches/libssh-0.6.5-CVE-2016-0739.patch b/gnu/packages/patches/libssh-0.6.5-CVE-2016-0739.patch deleted file mode 100644 index a5fdd7ffff..0000000000 --- a/gnu/packages/patches/libssh-0.6.5-CVE-2016-0739.patch +++ /dev/null @@ -1,77 +0,0 @@ -Fix CVE-2016-0739 (Weak Diffie-Hellman secret generation in -dh_generate_x() and dh_generate_y()). - -"Due to a byte/bit confusion, the DH secret was too short. This file was -completely reworked and will be commited in a future version." -Source: -https://git.libssh.org/projects/libssh.git/commit/?id=f8d0026c65fc8a55748ae481758e2cf376c26c86 - -This patch was created by upstream for libssh-0.7.3, but applied without -modification to libssh-0.6.3 by Debian. In Guix, we apply it without -modification to libssh-0.6.5. - -References: -https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0739 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0739 -https://security-tracker.debian.org/tracker/CVE-2016-0739 - ---- - src/dh.c | 22 +++++++++++++++++----- - 1 file changed, 17 insertions(+), 5 deletions(-) - -diff --git a/src/dh.c b/src/dh.c -index e489a1d..d27b66e 100644 ---- a/src/dh.c -+++ b/src/dh.c -@@ -227,15 +227,21 @@ void ssh_crypto_finalize(void) { - } - - int dh_generate_x(ssh_session session) { -+ int keysize; -+ if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) { -+ keysize = 1023; -+ } else { -+ keysize = 2047; -+ } - session->next_crypto->x = bignum_new(); - if (session->next_crypto->x == NULL) { - return -1; - } - - #ifdef HAVE_LIBGCRYPT -- bignum_rand(session->next_crypto->x, 128); -+ bignum_rand(session->next_crypto->x, keysize); - #elif defined HAVE_LIBCRYPTO -- bignum_rand(session->next_crypto->x, 128, 0, -1); -+ bignum_rand(session->next_crypto->x, keysize, -1, 0); - #endif - - /* not harder than this */ -@@ -248,15 +254,21 @@ int dh_generate_x(ssh_session session) { - - /* used by server */ - int dh_generate_y(ssh_session session) { -- session->next_crypto->y = bignum_new(); -+ int keysize; -+ if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) { -+ keysize = 1023; -+ } else { -+ keysize = 2047; -+ } -+ session->next_crypto->y = bignum_new(); - if (session->next_crypto->y == NULL) { - return -1; - } - - #ifdef HAVE_LIBGCRYPT -- bignum_rand(session->next_crypto->y, 128); -+ bignum_rand(session->next_crypto->y, keysize); - #elif defined HAVE_LIBCRYPTO -- bignum_rand(session->next_crypto->y, 128, 0, -1); -+ bignum_rand(session->next_crypto->y, keysize, -1, 0); - #endif - - /* not harder than this */ --- -cgit v0.12 - diff --git a/gnu/packages/patches/matplotlib-setupext-tk.patch b/gnu/packages/patches/matplotlib-setupext-tk.patch deleted file mode 100644 index 37c3d686e0..0000000000 --- a/gnu/packages/patches/matplotlib-setupext-tk.patch +++ /dev/null @@ -1,34 +0,0 @@ -Use 'pkg-config' instead of heuristics to find 'tk' flags. - ---- matplotlib-1.4.3/setupext.py.orig 2015-12-01 14:21:19.554417453 +0100 -+++ matplotlib-1.4.3/setupext.py 2015-12-02 10:39:47.282363530 +0100 -@@ -1457,7 +1457,7 @@ - p = subprocess.Popen( - '. %s ; eval echo ${%s}' % (file, varname), - shell=True, -- executable="/bin/sh", -+ executable="sh", - stdout=subprocess.PIPE) - result = p.communicate()[0] - return result.decode('ascii') -@@ -1601,8 +1601,19 @@ - # of distros. - - # Query Tcl/Tk system for library paths and version string -+ def getoutput(s): -+ ret = os.popen(s).read().strip() -+ return ret - try: -- tcl_lib_dir, tk_lib_dir, tk_ver = self.query_tcltk() -+ pkg_config_libs = getoutput('pkg-config --libs-only-L tk').split() -+ # drop '-L' part of strings -+ pkg_config_libs = [s[2:] for s in pkg_config_libs] -+ pkg_config_ver = getoutput('pkg-config --modversion tk') -+ tk_ver = re.match(r"(\d+.\d+)[\d.]*", pkg_config_ver).group(1) -+ tcl_lib_dir = next(s for s in pkg_config_libs -+ if re.match(r".*-tcl-.*", s)) + '/tcl' + tk_ver -+ tk_lib_dir = next(s for s in pkg_config_libs -+ if re.match(r".*-tk-.*", s)) + '/tk' + tk_ver - except: - tk_ver = '' - result = self.hardcoded_tcl_config() diff --git a/gnu/packages/patches/mupdf-CVE-2017-5896.patch b/gnu/packages/patches/mupdf-CVE-2017-5896.patch new file mode 100644 index 0000000000..1537ecc896 --- /dev/null +++ b/gnu/packages/patches/mupdf-CVE-2017-5896.patch @@ -0,0 +1,63 @@ +Fix CVE-2017-5896: + +https://bugs.ghostscript.com/show_bug.cgi?id=697515 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5896 +http://www.openwall.com/lists/oss-security/2017/02/10/1 +https://security-tracker.debian.org/tracker/CVE-2017-5896 +https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/ + +Patch lifted from upstream source repository: + +http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27 + +From 2c4e5867ee699b1081527bc6c6ea0e99a35a5c27 Mon Sep 17 00:00:00 2001 +From: Robin Watts <Robin.Watts@artifex.com> +Date: Thu, 9 Feb 2017 07:12:16 -0800 +Subject: [PATCH] bug 697515: Fix out of bounds read in fz_subsample_pixmap + +Pointer arithmetic for final special case was going wrong. +--- + source/fitz/pixmap.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/source/fitz/pixmap.c b/source/fitz/pixmap.c +index a8317127..f1291dc2 100644 +--- a/source/fitz/pixmap.c ++++ b/source/fitz/pixmap.c +@@ -1104,6 +1104,7 @@ fz_subsample_pixmap_ARM(unsigned char *ptr, int w, int h, int f, int factor, + "@STACK:r1,<9>,factor,n,fwd,back,back2,fwd2,divX,back4,fwd4,fwd3,divY,back5,divXY\n" + "ldr r4, [r13,#4*22] @ r4 = divXY \n" + "ldr r5, [r13,#4*11] @ for (nn = n; nn > 0; n--) { \n" ++ "ldr r8, [r13,#4*17] @ r8 = back4 \n" + "18: @ \n" + "mov r14,#0 @ r14= v = 0 \n" + "sub r5, r5, r1, LSL #8 @ for (xx = x; xx > 0; x--) { \n" +@@ -1120,7 +1121,7 @@ fz_subsample_pixmap_ARM(unsigned char *ptr, int w, int h, int f, int factor, + "mul r14,r4, r14 @ r14= v *= divX \n" + "mov r14,r14,LSR #16 @ r14= v >>= 16 \n" + "strb r14,[r9], #1 @ *d++ = r14 \n" +- "sub r0, r0, r8 @ s -= back2 \n" ++ "sub r0, r0, r8 @ s -= back4 \n" + "subs r5, r5, #1 @ n-- \n" + "bgt 18b @ } \n" + "21: @ \n" +@@ -1249,6 +1250,7 @@ fz_subsample_pixmap(fz_context *ctx, fz_pixmap *tile, int factor) + x += f; + if (x > 0) + { ++ int back4 = x * n - 1; + div = x * y; + for (nn = n; nn > 0; nn--) + { +@@ -1263,7 +1265,7 @@ fz_subsample_pixmap(fz_context *ctx, fz_pixmap *tile, int factor) + s -= back5; + } + *d++ = v / div; +- s -= back2; ++ s -= back4; + } + } + } +-- +2.12.0 + diff --git a/gnu/packages/patches/mupdf-CVE-2017-5991.patch b/gnu/packages/patches/mupdf-CVE-2017-5991.patch new file mode 100644 index 0000000000..1fa6dc3466 --- /dev/null +++ b/gnu/packages/patches/mupdf-CVE-2017-5991.patch @@ -0,0 +1,101 @@ +Fix CVE-2017-5991: + +https://bugs.ghostscript.com/show_bug.cgi?id=697500 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5991 +https://security-tracker.debian.org/tracker/CVE-2017-5991 + +Patch lifted from upstream source repository: + +http://git.ghostscript.com/?p=mupdf.git;h=1912de5f08e90af1d9d0a9791f58ba3afdb9d465 + +From 1912de5f08e90af1d9d0a9791f58ba3afdb9d465 Mon Sep 17 00:00:00 2001 +From: Robin Watts <robin.watts@artifex.com> +Date: Thu, 9 Feb 2017 15:49:15 +0000 +Subject: [PATCH] Bug 697500: Fix NULL ptr access. + +Cope better with errors during rendering - avoid letting the +gstate stack get out of sync. + +This avoids us ever getting into the situation of popping +a clip when we should be popping a mask or a group. This was +causing an unexpected case in the painting. +--- + source/pdf/pdf-op-run.c | 26 ++++++++++++++++++-------- + 1 file changed, 18 insertions(+), 8 deletions(-) + +diff --git a/source/pdf/pdf-op-run.c b/source/pdf/pdf-op-run.c +index a3ea895d..f1eac8d3 100644 +--- a/source/pdf/pdf-op-run.c ++++ b/source/pdf/pdf-op-run.c +@@ -1213,6 +1213,7 @@ pdf_run_xobject(fz_context *ctx, pdf_run_processor *proc, pdf_xobject *xobj, pdf + pdf_run_processor *pr = (pdf_run_processor *)proc; + pdf_gstate *gstate = NULL; + int oldtop = 0; ++ int oldbot = -1; + fz_matrix local_transform = *transform; + softmask_save softmask = { NULL }; + int gparent_save; +@@ -1232,16 +1233,17 @@ pdf_run_xobject(fz_context *ctx, pdf_run_processor *proc, pdf_xobject *xobj, pdf + fz_var(cleanup_state); + fz_var(gstate); + fz_var(oldtop); ++ fz_var(oldbot); + + gparent_save = pr->gparent; + pr->gparent = pr->gtop; ++ oldtop = pr->gtop; + + fz_try(ctx) + { + pdf_gsave(ctx, pr); + + gstate = pr->gstate + pr->gtop; +- oldtop = pr->gtop; + + pdf_xobject_bbox(ctx, xobj, &xobj_bbox); + pdf_xobject_matrix(ctx, xobj, &xobj_matrix); +@@ -1302,12 +1304,25 @@ pdf_run_xobject(fz_context *ctx, pdf_run_processor *proc, pdf_xobject *xobj, pdf + + doc = pdf_get_bound_document(ctx, xobj->obj); + ++ oldbot = pr->gbot; ++ pr->gbot = pr->gtop; ++ + pdf_process_contents(ctx, (pdf_processor*)pr, doc, resources, xobj->obj, NULL); + } + fz_always(ctx) + { ++ /* Undo any gstate mismatches due to the pdf_process_contents call */ ++ if (oldbot != -1) ++ { ++ while (pr->gtop > pr->gbot) ++ { ++ pdf_grestore(ctx, pr); ++ } ++ pr->gbot = oldbot; ++ } ++ + if (cleanup_state >= 3) +- pdf_grestore(ctx, pr); /* Remove the clippath */ ++ pdf_grestore(ctx, pr); /* Remove the state we pushed for the clippath */ + + /* wrap up transparency stacks */ + if (transparency) +@@ -1341,13 +1356,8 @@ pdf_run_xobject(fz_context *ctx, pdf_run_processor *proc, pdf_xobject *xobj, pdf + pr->gstate[pr->gparent].ctm = gparent_save_ctm; + pr->gparent = gparent_save; + +- if (gstate) +- { +- while (oldtop < pr->gtop) +- pdf_grestore(ctx, pr); +- ++ while (oldtop < pr->gtop) + pdf_grestore(ctx, pr); +- } + + pdf_unmark_obj(ctx, xobj->obj); + } +-- +2.12.0 + diff --git a/gnu/packages/patches/nss-pkgconfig.patch b/gnu/packages/patches/nss-pkgconfig.patch index e611f69bea..a33e05fcf2 100644 --- a/gnu/packages/patches/nss-pkgconfig.patch +++ b/gnu/packages/patches/nss-pkgconfig.patch @@ -221,5 +221,5 @@ Later adapted to apply cleanly to nss-3.21. RELEASE = nss --DIRS = coreconf lib cmd external_tests -+DIRS = coreconf lib cmd external_tests config +-DIRS = coreconf lib cmd gtests ++DIRS = coreconf lib cmd gtests config diff --git a/gnu/packages/patches/pcre2-CVE-2016-3191.patch b/gnu/packages/patches/pcre2-CVE-2016-3191.patch deleted file mode 100644 index 80f9d3d4f1..0000000000 --- a/gnu/packages/patches/pcre2-CVE-2016-3191.patch +++ /dev/null @@ -1,179 +0,0 @@ -Fixes CVE-2016-3191 (remote execution of arbitrary code or denial of -service (stack-based buffer overflow) via a crafted regular expression). - -See <https://bugzilla.redhat.com/show_bug.cgi?id=1311503>. - -This is svn r489 at <svn://vcs.exim.org/pcre2/code>, omitting the -changes to 'testdata/testoutput8-16-4', which does not exist in the -source tarball. - -git-svn-id: svn://vcs.exim.org/pcre2/code/trunk@489 6239d852-aaf2-0410-a92c-79f79f948069 ---- - ChangeLog | 4 ++++ - src/pcre2_compile.c | 16 ++++++++++++++-- - testdata/testinput8 | 2 ++ - testdata/testoutput8-16-2 | 3 +++ - testdata/testoutput8-16-3 | 3 +++ - testdata/testoutput8-16-4 | 3 +++ - testdata/testoutput8-32-2 | 3 +++ - testdata/testoutput8-32-3 | 3 +++ - testdata/testoutput8-32-4 | 3 +++ - testdata/testoutput8-8-2 | 3 +++ - testdata/testoutput8-8-3 | 3 +++ - testdata/testoutput8-8-4 | 3 +++ - 12 files changed, 47 insertions(+), 2 deletions(-) - -diff --git a/ChangeLog b/ChangeLog -index 3ce0207..65e333e 100644 ---- a/ChangeLog -+++ b/ChangeLog -@@ -58,6 +58,10 @@ some head-scratching the next time this happens. - assertion, caused pcre2test to output a very large number of spaces when the - callout was taken, making the program appearing to loop. - -+12. A pattern that included (*ACCEPT) in the middle of a sufficiently deeply -+nested set of parentheses of sufficient size caused an overflow of the -+compiling workspace (which was diagnosed, but of course is not desirable). -+ - - Version 10.21 12-January-2016 - ----------------------------- -diff --git a/src/pcre2_compile.c b/src/pcre2_compile.c -index e33d620..887fbfd 100644 ---- a/src/pcre2_compile.c -+++ b/src/pcre2_compile.c -@@ -5901,10 +5901,22 @@ for (;; ptr++) - goto FAILED; - } - cb->had_accept = TRUE; -+ -+ /* In the first pass, just accumulate the length required; -+ otherwise hitting (*ACCEPT) inside many nested parentheses can -+ cause workspace overflow. */ -+ - for (oc = cb->open_caps; oc != NULL; oc = oc->next) - { -- *code++ = OP_CLOSE; -- PUT2INC(code, 0, oc->number); -+ if (lengthptr != NULL) -+ { -+ *lengthptr += CU2BYTES(1) + IMM2_SIZE; -+ } -+ else -+ { -+ *code++ = OP_CLOSE; -+ PUT2INC(code, 0, oc->number); -+ } - } - setverb = *code++ = - (cb->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT; -diff --git a/testdata/testinput8 b/testdata/testinput8 -index ca3b1b9..7e2a1f0 100644 ---- a/testdata/testinput8 -+++ b/testdata/testinput8 -@@ -182,4 +182,6 @@ - - /((?1)(?2)(?3)(?4)(?5)(?6)(?7)(?8)(?9)(?9)(?8)(?7)(?6)(?5)(?4)(?3)(?2)(?1)(?0)){2,}()()()()()()()()()/debug - -+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/ -+ - # End of testinput8 -diff --git a/testdata/testoutput8-16-2 b/testdata/testoutput8-16-2 -index 05669bb..a5e8dec 100644 ---- a/testdata/testoutput8-16-2 -+++ b/testdata/testoutput8-16-2 -@@ -1027,4 +1027,7 @@ Capturing subpattern count = 10 - May match empty string - Subject length lower bound = 0 - -+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/ -+Failed: error 186 at offset 490: regular expression is too complicated -+ - # End of testinput8 -diff --git a/testdata/testoutput8-16-3 b/testdata/testoutput8-16-3 -index 31884e1..36133b3 100644 ---- a/testdata/testoutput8-16-3 -+++ b/testdata/testoutput8-16-3 -@@ -1023,4 +1023,7 @@ Capturing subpattern count = 10 - May match empty string - Subject length lower bound = 0 - -+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/ -+Failed: error 114 at offset 509: missing closing parenthesis -+ - # End of testinput8 -diff --git a/testdata/testoutput8-32-2 b/testdata/testoutput8-32-2 -index babd0c7..99c4fad 100644 ---- a/testdata/testoutput8-32-2 -+++ b/testdata/testoutput8-32-2 -@@ -1023,4 +1023,7 @@ Capturing subpattern count = 10 - May match empty string - Subject length lower bound = 0 - -+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/ -+Failed: error 114 at offset 509: missing closing parenthesis -+ - # End of testinput8 -diff --git a/testdata/testoutput8-32-3 b/testdata/testoutput8-32-3 -index babd0c7..99c4fad 100644 ---- a/testdata/testoutput8-32-3 -+++ b/testdata/testoutput8-32-3 -@@ -1023,4 +1023,7 @@ Capturing subpattern count = 10 - May match empty string - Subject length lower bound = 0 - -+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/ -+Failed: error 114 at offset 509: missing closing parenthesis -+ - # End of testinput8 -diff --git a/testdata/testoutput8-32-4 b/testdata/testoutput8-32-4 -index babd0c7..99c4fad 100644 ---- a/testdata/testoutput8-32-4 -+++ b/testdata/testoutput8-32-4 -@@ -1023,4 +1023,7 @@ Capturing subpattern count = 10 - May match empty string - Subject length lower bound = 0 - -+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/ -+Failed: error 114 at offset 509: missing closing parenthesis -+ - # End of testinput8 -diff --git a/testdata/testoutput8-8-2 b/testdata/testoutput8-8-2 -index 6a9aa0a..6dc1f42 100644 ---- a/testdata/testoutput8-8-2 -+++ b/testdata/testoutput8-8-2 -@@ -1026,4 +1026,7 @@ Capturing subpattern count = 10 - May match empty string - Subject length lower bound = 0 - -+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/ -+Failed: error 114 at offset 509: missing closing parenthesis -+ - # End of testinput8 -diff --git a/testdata/testoutput8-8-3 b/testdata/testoutput8-8-3 -index 2fe1168..ae14946 100644 ---- a/testdata/testoutput8-8-3 -+++ b/testdata/testoutput8-8-3 -@@ -1024,4 +1024,7 @@ Capturing subpattern count = 10 - May match empty string - Subject length lower bound = 0 - -+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/ -+Failed: error 114 at offset 509: missing closing parenthesis -+ - # End of testinput8 -diff --git a/testdata/testoutput8-8-4 b/testdata/testoutput8-8-4 -index 91993b2..6c79956 100644 ---- a/testdata/testoutput8-8-4 -+++ b/testdata/testoutput8-8-4 -@@ -1022,4 +1022,7 @@ Capturing subpattern count = 10 - May match empty string - Subject length lower bound = 0 - -+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/ -+Failed: error 114 at offset 509: missing closing parenthesis -+ - # End of testinput8 --- -2.8.3 - diff --git a/gnu/packages/patches/python-dendropy-fix-tests.patch b/gnu/packages/patches/python-dendropy-fix-tests.patch new file mode 100644 index 0000000000..30ab618ff1 --- /dev/null +++ b/gnu/packages/patches/python-dendropy-fix-tests.patch @@ -0,0 +1,41 @@ +This patch fixes two test failures. It was downloaded from: +https://github.com/jeetsukumaran/DendroPy/commit/93f984bba7a6c588a28ca87f4e557ce283809453 + +From 93f984bba7a6c588a28ca87f4e557ce283809453 Mon Sep 17 00:00:00 2001 +From: jeetsukumaran <jeetsukumaran@gmail.com> +Date: Tue, 21 Feb 2017 16:41:01 -0500 +Subject: [PATCH] Update to Python 3 container and iteration semantics + +--- + dendropy/dataio/newickreader.py | 3 ++- + dendropy/datamodel/treemodel.py | 3 +++ + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/dendropy/dataio/newickreader.py b/dendropy/dataio/newickreader.py +index 6dcf3c5..f978729 100644 +--- a/dendropy/dataio/newickreader.py ++++ b/dendropy/dataio/newickreader.py +@@ -303,7 +303,8 @@ def tree_iter(self, + taxon_symbol_map_fn=taxon_symbol_mapper.require_taxon_for_symbol) + yield tree + if tree is None: +- raise StopIteration ++ # raise StopIteration ++ return + + def _read(self, + stream, +diff --git a/dendropy/datamodel/treemodel.py b/dendropy/datamodel/treemodel.py +index 0ecfe31..73146f0 100644 +--- a/dendropy/datamodel/treemodel.py ++++ b/dendropy/datamodel/treemodel.py +@@ -772,6 +772,9 @@ def __hash__(self): + def __eq__(self, other): + return self is other + ++ def __lt__(self, other): ++ return id(self) < id(other) ++ + ########################################################################### + ### Basic Structure + diff --git a/gnu/packages/patches/python-fake-factory-fix-build-32bit.patch b/gnu/packages/patches/python-fake-factory-fix-build-32bit.patch new file mode 100644 index 0000000000..cb60896fad --- /dev/null +++ b/gnu/packages/patches/python-fake-factory-fix-build-32bit.patch @@ -0,0 +1,36 @@ +These tests fail on 32-bit due to an overflow. + +Upstream bug URL: https://github.com/joke2k/faker/issues/408 + +diff --git a/faker/tests/__init__.py b/faker/tests/__init__.py +index 6026772..58b6b83 100644 +--- a/faker/tests/__init__.py ++++ b/faker/tests/__init__.py +@@ -384,7 +384,6 @@ class FactoryTestCase(unittest.TestCase): + provider = Provider + # test century + self.assertTrue(self._datetime_to_time(provider.date_time_this_century(after_now=False)) <= self._datetime_to_time(datetime.datetime.now())) +- self.assertTrue(self._datetime_to_time(provider.date_time_this_century(before_now=False, after_now=True)) >= self._datetime_to_time(datetime.datetime.now())) + # test decade + self.assertTrue(self._datetime_to_time(provider.date_time_this_decade(after_now=False)) <= self._datetime_to_time(datetime.datetime.now())) + self.assertTrue(self._datetime_to_time(provider.date_time_this_decade(before_now=False, after_now=True)) >= self._datetime_to_time(datetime.datetime.now())) +@@ -413,8 +412,6 @@ class FactoryTestCase(unittest.TestCase): + + # ensure all methods provide timezone aware datetimes + with self.assertRaises(TypeError): +- provider.date_time_this_century(before_now=False, after_now=True, tzinfo=utc) >= datetime.datetime.now() +- with self.assertRaises(TypeError): + provider.date_time_this_decade(after_now=False, tzinfo=utc) <= datetime.datetime.now() + with self.assertRaises(TypeError): + provider.date_time_this_year(after_now=False, tzinfo=utc) <= datetime.datetime.now() +@@ -423,7 +420,6 @@ class FactoryTestCase(unittest.TestCase): + + # test century + self.assertTrue(provider.date_time_this_century(after_now=False, tzinfo=utc) <= datetime.datetime.now(utc)) +- self.assertTrue(provider.date_time_this_century(before_now=False, after_now=True, tzinfo=utc) >= datetime.datetime.now(utc)) + # test decade + self.assertTrue(provider.date_time_this_decade(after_now=False, tzinfo=utc) <= datetime.datetime.now(utc)) + self.assertTrue(provider.date_time_this_decade(before_now=False, after_now=True, tzinfo=utc) >= datetime.datetime.now(utc)) +-- +2.11.1 + diff --git a/gnu/packages/patches/python-faker-fix-build-32bit.patch b/gnu/packages/patches/python-faker-fix-build-32bit.patch new file mode 100644 index 0000000000..466b289012 --- /dev/null +++ b/gnu/packages/patches/python-faker-fix-build-32bit.patch @@ -0,0 +1,36 @@ +These tests fail on 32-bit due to an overflow. + +Upstream bug URL: https://github.com/joke2k/faker/issues/408 + +diff --git a/tests/__init__.py b/tests/__init__.py +index 6026772..58b6b83 100644 +--- a/tests/__init__.py ++++ b/tests/__init__.py +@@ -384,7 +384,6 @@ class FactoryTestCase(unittest.TestCase): + provider = Provider + # test century + self.assertTrue(self._datetime_to_time(provider.date_time_this_century(after_now=False)) <= self._datetime_to_time(datetime.datetime.now())) +- self.assertTrue(self._datetime_to_time(provider.date_time_this_century(before_now=False, after_now=True)) >= self._datetime_to_time(datetime.datetime.now())) + # test decade + self.assertTrue(self._datetime_to_time(provider.date_time_this_decade(after_now=False)) <= self._datetime_to_time(datetime.datetime.now())) + self.assertTrue(self._datetime_to_time(provider.date_time_this_decade(before_now=False, after_now=True)) >= self._datetime_to_time(datetime.datetime.now())) +@@ -413,8 +412,6 @@ class FactoryTestCase(unittest.TestCase): + + # ensure all methods provide timezone aware datetimes + with self.assertRaises(TypeError): +- provider.date_time_this_century(before_now=False, after_now=True, tzinfo=utc) >= datetime.datetime.now() +- with self.assertRaises(TypeError): + provider.date_time_this_decade(after_now=False, tzinfo=utc) <= datetime.datetime.now() + with self.assertRaises(TypeError): + provider.date_time_this_year(after_now=False, tzinfo=utc) <= datetime.datetime.now() +@@ -423,7 +420,6 @@ class FactoryTestCase(unittest.TestCase): + + # test century + self.assertTrue(provider.date_time_this_century(after_now=False, tzinfo=utc) <= datetime.datetime.now(utc)) +- self.assertTrue(provider.date_time_this_century(before_now=False, after_now=True, tzinfo=utc) >= datetime.datetime.now(utc)) + # test decade + self.assertTrue(provider.date_time_this_decade(after_now=False, tzinfo=utc) <= datetime.datetime.now(utc)) + self.assertTrue(provider.date_time_this_decade(before_now=False, after_now=True, tzinfo=utc) >= datetime.datetime.now(utc)) +-- +2.11.1 + diff --git a/gnu/packages/patches/python-pandas-skip-failing-tests.patch b/gnu/packages/patches/python-pandas-skip-failing-tests.patch new file mode 100644 index 0000000000..31fc912d00 --- /dev/null +++ b/gnu/packages/patches/python-pandas-skip-failing-tests.patch @@ -0,0 +1,59 @@ +These tests fail on 32bit architectures. + +Upstream bug URL: https://github.com/pandas-dev/pandas/issues/14866 + +--- a/pandas/tests/test_base.py 2017-03-08 17:49:44.422282717 +0100 ++++ b/pandas/tests/test_base.py 2017-03-08 17:50:59.476701799 +0100 +@@ -363,30 +363,6 @@ + self.assertFalse(result.iat[0]) + self.assertFalse(result.iat[1]) + +- def test_ndarray_compat_properties(self): +- +- for o in self.objs: +- +- # check that we work +- for p in ['shape', 'dtype', 'flags', 'T', 'strides', 'itemsize', +- 'nbytes']: +- self.assertIsNotNone(getattr(o, p, None)) +- self.assertTrue(hasattr(o, 'base')) +- +- # if we have a datetimelike dtype then needs a view to work +- # but the user is responsible for that +- try: +- self.assertIsNotNone(o.data) +- except ValueError: +- pass +- +- self.assertRaises(ValueError, o.item) # len > 1 +- self.assertEqual(o.ndim, 1) +- self.assertEqual(o.size, len(o)) +- +- self.assertEqual(Index([1]).item(), 1) +- self.assertEqual(Series([1]).item(), 1) +- + def test_ops(self): + for op in ['max', 'min']: + for o in self.objs: +--- a/pandas/tools/tests/test_tile.py 2017-03-08 17:47:39.762261841 +0100 ++++ b/pandas/tools/tests/test_tile.py 2017-03-08 17:48:26.831780495 +0100 +@@ -271,19 +271,6 @@ + np.array([0, 0, 1, 1], dtype=np.int8)) + tm.assert_numpy_array_equal(bins, np.array([0, 1.5, 3])) + +- def test_single_bin(self): +- # issue 14652 +- expected = Series([0, 0]) +- +- s = Series([9., 9.]) +- result = cut(s, 1, labels=False) +- tm.assert_series_equal(result, expected) +- +- s = Series([-9., -9.]) +- result = cut(s, 1, labels=False) +- tm.assert_series_equal(result, expected) +- +- + def curpath(): + pth, _ = os.path.split(os.path.abspath(__file__)) + return pth diff --git a/gnu/packages/patches/python-pbr-fix-man-page-support.patch b/gnu/packages/patches/python-pbr-fix-man-page-support.patch new file mode 100644 index 0000000000..b9036f5b01 --- /dev/null +++ b/gnu/packages/patches/python-pbr-fix-man-page-support.patch @@ -0,0 +1,28 @@ +See: https://bugs.launchpad.net/oslosphinx/+bug/1661861 +diff -ur orig/pbr-1.10.0/pbr/builddoc.py pbr-1.10.0/pbr/builddoc.py +--- orig/pbr-1.10.0/pbr/builddoc.py 2016-05-23 21:38:18.000000000 +0200 ++++ pbr-1.10.0/pbr/builddoc.py 2017-02-18 14:01:37.424434317 +0100 +@@ -138,7 +138,8 @@ + sphinx_config.init_values(warnings.warn) + else: + sphinx_config.init_values() +- if self.builder == 'man' and len(sphinx_config.man_pages) == 0: ++ if self.builder == 'man' and len( ++ getattr(sphinx_config, 'man_pages', '')) == 0: + return + app = application.Sphinx( + self.source_dir, self.config_dir, +diff -ur orig/pbr-1.10.0/pbr/util.py pbr-1.10.0/pbr/util.py +--- orig/pbr-1.10.0/pbr/util.py 2016-05-23 21:38:18.000000000 +0200 ++++ pbr-1.10.0/pbr/util.py 2017-02-18 15:36:32.951196795 +0100 +@@ -211,7 +211,9 @@ + parser.read(path) + config = {} + for section in parser.sections(): +- config[section] = dict(parser.items(section)) ++ config[section] = dict() ++ for k, value in parser.items(section): ++ config[section][k.replace('-', '_')] = value + + # Run setup_hooks, if configured + setup_hooks = has_get_option(config, 'global', 'setup_hooks') diff --git a/gnu/packages/patches/python-pygit2-disable-network-tests.patch b/gnu/packages/patches/python-pygit2-disable-network-tests.patch new file mode 100644 index 0000000000..e46d244807 --- /dev/null +++ b/gnu/packages/patches/python-pygit2-disable-network-tests.patch @@ -0,0 +1,64 @@ +Disable tests trying to look up remote servers. + +diff --git a/test/test_credentials.py b/test/test_credentials.py +index 92482d9..9a281e5 100644 +--- a/test/test_credentials.py ++++ b/test/test_credentials.py +@@ -68,39 +68,5 @@ class CredentialCreateTest(utils.NoRepoTestCase): + self.assertEqual((username, None, None, None), cred.credential_tuple) + + +-class CredentialCallback(utils.RepoTestCase): +- def test_callback(self): +- class MyCallbacks(pygit2.RemoteCallbacks): +- @staticmethod +- def credentials(url, username, allowed): +- self.assertTrue(allowed & GIT_CREDTYPE_USERPASS_PLAINTEXT) +- raise Exception("I don't know the password") +- +- url = "https://github.com/github/github" +- remote = self.repo.create_remote("github", url) +- +- self.assertRaises(Exception, lambda: remote.fetch(callbacks=MyCallbacks())) +- +- def test_bad_cred_type(self): +- class MyCallbacks(pygit2.RemoteCallbacks): +- @staticmethod +- def credentials(url, username, allowed): +- self.assertTrue(allowed & GIT_CREDTYPE_USERPASS_PLAINTEXT) +- return Keypair("git", "foo.pub", "foo", "sekkrit") +- +- url = "https://github.com/github/github" +- remote = self.repo.create_remote("github", url) +- self.assertRaises(TypeError, lambda: remote.fetch(callbacks=MyCallbacks())) +- +-class CallableCredentialTest(utils.RepoTestCase): +- +- def test_user_pass(self): +- credentials = UserPass("libgit2", "libgit2") +- callbacks = pygit2.RemoteCallbacks(credentials=credentials) +- +- url = "https://bitbucket.org/libgit2/testgitrepository.git" +- remote = self.repo.create_remote("bb", url) +- remote.fetch(callbacks=callbacks) +- + if __name__ == '__main__': + unittest.main() +diff --git a/test/test_repository.py b/test/test_repository.py +index cfdf01e..c0d8de4 100644 +--- a/test/test_repository.py ++++ b/test/test_repository.py +@@ -538,13 +538,6 @@ class CloneRepositoryTest(utils.NoRepoTestCase): + self.assertTrue('refs/remotes/custom_remote/master' in repo.listall_references()) + self.assertIsNotNone(repo.remotes["custom_remote"]) + +- def test_clone_with_credentials(self): +- repo = clone_repository( +- "https://bitbucket.org/libgit2/testgitrepository.git", +- self._temp_dir, callbacks=pygit2.RemoteCallbacks(credentials=pygit2.UserPass("libgit2", "libgit2"))) +- +- self.assertFalse(repo.is_empty) +- + def test_clone_with_checkout_branch(self): + # create a test case which isolates the remote + test_repo = clone_repository('./test/data/testrepo.git', diff --git a/gnu/packages/patches/python-pyopenssl-skip-network-test.patch b/gnu/packages/patches/python-pyopenssl-skip-network-test.patch new file mode 100644 index 0000000000..a24eaf69a0 --- /dev/null +++ b/gnu/packages/patches/python-pyopenssl-skip-network-test.patch @@ -0,0 +1,50 @@ +This test tries connecting to an external server which is not supported +in the build environment. See discussion at: + +https://lists.gnu.org/archive/html/guix-devel/2016-12/msg00650.html + +diff --git a/tests/test_ssl.py b/tests/test_ssl.py +index ee849fd..60048b8 100644 +--- a/tests/test_ssl.py ++++ b/tests/test_ssl.py +@@ -1180,40 +1180,6 @@ class ContextTests(TestCase, _LoopbackMixin): + TypeError, context.load_verify_locations, None, None, None + ) + +- @pytest.mark.skipif( +- platform == "win32", +- reason="set_default_verify_paths appears not to work on Windows. " +- "See LP#404343 and LP#404344." +- ) +- def test_set_default_verify_paths(self): +- """ +- :py:obj:`Context.set_default_verify_paths` causes the +- platform-specific CA certificate locations to be used for +- verification purposes. +- """ +- # Testing this requires a server with a certificate signed by one +- # of the CAs in the platform CA location. Getting one of those +- # costs money. Fortunately (or unfortunately, depending on your +- # perspective), it's easy to think of a public server on the +- # internet which has such a certificate. Connecting to the network +- # in a unit test is bad, but it's the only way I can think of to +- # really test this. -exarkun +- +- # Arg, verisign.com doesn't speak anything newer than TLS 1.0 +- context = Context(SSLv23_METHOD) +- context.set_default_verify_paths() +- context.set_verify( +- VERIFY_PEER, +- lambda conn, cert, errno, depth, preverify_ok: preverify_ok) +- +- client = socket() +- client.connect(("encrypted.google.com", 443)) +- clientSSL = Connection(context, client) +- clientSSL.set_connect_state() +- clientSSL.do_handshake() +- clientSSL.send(b"GET / HTTP/1.0\r\n\r\n") +- self.assertTrue(clientSSL.recv(1024)) +- + def test_set_default_verify_paths_signature(self): + """ + :py:obj:`Context.set_default_verify_paths` takes no arguments and diff --git a/gnu/packages/patches/python-statsmodels-fix-tests.patch b/gnu/packages/patches/python-statsmodels-fix-tests.patch index 3315ddbd5f..f910b4b5a5 100644 --- a/gnu/packages/patches/python-statsmodels-fix-tests.patch +++ b/gnu/packages/patches/python-statsmodels-fix-tests.patch @@ -1,196 +1,28 @@ -This patch fixes a couple of test failures introduced by changes to the pandas -package. It was extracted from this pull request: - -https://github.com/statsmodels/statsmodels/pull/2675 - - -From c9ef60a7bc4407766ab9e9f12c8a6b89013046ee Mon Sep 17 00:00:00 2001 -From: Ralf Gommers <ralf.gommers@gmail.com> -Date: Tue, 20 Oct 2015 07:34:11 +0200 -Subject: [PATCH 1/4] MAINT: fix use of old_behavior kw for numpy.correlate. - Was removed in 1.10.0 - -Numpy PR that removed it: https://github.com/numpy/numpy/pull/5991 - -Closes gh-2667. ---- - statsmodels/tsa/ar_model.py | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - -diff --git a/statsmodels/tsa/ar_model.py b/statsmodels/tsa/ar_model.py -index 087a9e0..02984bd 100644 ---- a/statsmodels/tsa/ar_model.py -+++ b/statsmodels/tsa/ar_model.py -@@ -261,10 +261,8 @@ def _presample_varcov(self, params): - - Vpinv = np.zeros((p, p), dtype=params.dtype) - for i in range(1, p1): -- Vpinv[i-1, i-1:] = np.correlate(params0, params0[:i], -- old_behavior=False)[:-1] -- Vpinv[i-1, i-1:] -= np.correlate(params0[-i:], params0, -- old_behavior=False)[:-1] -+ Vpinv[i-1, i-1:] = np.correlate(params0, params0[:i],)[:-1] -+ Vpinv[i-1, i-1:] -= np.correlate(params0[-i:], params0,)[:-1] - - Vpinv = Vpinv + Vpinv.T - np.diag(Vpinv.diagonal()) - return Vpinv - -From f1dc8979b09bc1736149993f895943b3158ee2db Mon Sep 17 00:00:00 2001 -From: Ralf Gommers <ralf.gommers@gmail.com> -Date: Wed, 21 Oct 2015 22:05:52 +0200 -Subject: [PATCH 2/4] MAINT: fix graphics module for changes in recent pandas - versions. - ---- - statsmodels/graphics/tests/test_mosaicplot.py | 2 +- - statsmodels/graphics/tests/test_tsaplots.py | 6 +++--- - statsmodels/graphics/tsaplots.py | 2 +- - 3 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/statsmodels/graphics/tests/test_mosaicplot.py b/statsmodels/graphics/tests/test_mosaicplot.py -index cb9bbbe..e41020e 100644 ---- a/statsmodels/graphics/tests/test_mosaicplot.py -+++ b/statsmodels/graphics/tests/test_mosaicplot.py -@@ -113,7 +113,7 @@ def test_mosaic(): - # sort by the marriage quality and give meaningful name - # [rate_marriage, age, yrs_married, children, - # religious, educ, occupation, occupation_husb] -- datas = datas.sort(['rate_marriage', 'religious']) -+ datas = datas.sort_values(by=['rate_marriage', 'religious']) - num_to_desc = {1: 'awful', 2: 'bad', 3: 'intermediate', - 4: 'good', 5: 'wonderful'} - datas['rate_marriage'] = datas['rate_marriage'].map(num_to_desc) -diff --git a/statsmodels/graphics/tests/test_tsaplots.py b/statsmodels/graphics/tests/test_tsaplots.py -index 511f18f..365be82 100644 ---- a/statsmodels/graphics/tests/test_tsaplots.py -+++ b/statsmodels/graphics/tests/test_tsaplots.py -@@ -1,4 +1,4 @@ --from statsmodels.compat.python import lmap, lzip, map -+from statsmodels.compat.python import lmap, map - import numpy as np - import pandas as pd - from numpy.testing import dec -@@ -51,8 +51,8 @@ def test_plot_month(): - dta = sm.datasets.elnino.load_pandas().data - dta['YEAR'] = dta.YEAR.astype(int).apply(str) - dta = dta.set_index('YEAR').T.unstack() -- dates = lmap(lambda x : pd.datetools.parse('1 '+' '.join(x)), -- dta.index.values) -+ dates = lmap(lambda x : pd.datetools.parse_time_string('1 '+' '.join(x))[0], -+ dta.index.values) - - # test dates argument - fig = month_plot(dta.values, dates=dates, ylabel='el nino') -diff --git a/statsmodels/graphics/tsaplots.py b/statsmodels/graphics/tsaplots.py -index 3d04692..94626c9 100644 ---- a/statsmodels/graphics/tsaplots.py -+++ b/statsmodels/graphics/tsaplots.py -@@ -200,7 +200,7 @@ def seasonal_plot(grouped_x, xticklabels, ylabel=None, ax=None): - ticks = [] - for season, df in grouped_x: - df = df.copy() # or sort balks for series. may be better way -- df.sort() -+ df.sort_values(inplace=True) - nobs = len(df) - x_plot = np.arange(start, start + nobs) - ticks.append(x_plot.mean()) - -From 4cfbef6af137629c6953f1f025d9cfc781874256 Mon Sep 17 00:00:00 2001 -From: Ralf Gommers <ralf.gommers@gmail.com> -Date: Wed, 21 Oct 2015 22:15:25 +0200 -Subject: [PATCH 3/4] MAINT: work around pandas breaking backwards compat for - pandas.version - ---- - setup.py | 5 ++++- - statsmodels/tools/testing.py | 6 ++---- - 2 files changed, 6 insertions(+), 5 deletions(-) - -diff --git a/setup.py b/setup.py -index 0002840..74aefb8 100644 ---- a/setup.py -+++ b/setup.py -@@ -134,7 +134,10 @@ def check_dependency_versions(min_versions): - (spversion, min_versions['scipy'])) - - try: -- from pandas.version import short_version as pversion -+ import pandas -+ #FIXME: this will break for pandas 1.0.0. Needs elaborate parsing now, -+ # due to pandas removing version.short_version -+ pversion = pandas.__version__[:6] - except ImportError: - install_requires.append('pandas') - else: -diff --git a/statsmodels/tools/testing.py b/statsmodels/tools/testing.py -index e207e44..643f79f 100644 ---- a/statsmodels/tools/testing.py -+++ b/statsmodels/tools/testing.py -@@ -16,10 +16,8 @@ def strip_rc(version): - - - def is_pandas_min_version(min_version): -- '''check whether pandas is at least min_version -- ''' -- from pandas.version import short_version as pversion -- return StrictVersion(strip_rc(pversion)) >= min_version -+ '''check whether pandas is at least min_version ''' -+ return StrictVersion((pandas.__version__[:6])) >= min_version - - - # local copies, all unchanged - -From c894c3f4882d570efb517950069d83afa9794db8 Mon Sep 17 00:00:00 2001 -From: Ralf Gommers <ralf.gommers@gmail.com> -Date: Mon, 26 Oct 2015 20:47:51 +0100 -Subject: [PATCH 4/4] BUG: fix use of Series.sort_values for older pandas. - -Some failing tests in the previous commits because older ``pandas`` versions -don't have ``Series.sort_values``. That method was only added in pandas 0.17, -in https://github.com/pydata/pandas/pull/10726 ---- - statsmodels/graphics/tests/test_mosaicplot.py | 6 +++++- - statsmodels/graphics/tsaplots.py | 6 +++++- - 2 files changed, 10 insertions(+), 2 deletions(-) - -diff --git a/statsmodels/graphics/tests/test_mosaicplot.py b/statsmodels/graphics/tests/test_mosaicplot.py -index e41020e..2a873e7 100644 ---- a/statsmodels/graphics/tests/test_mosaicplot.py -+++ b/statsmodels/graphics/tests/test_mosaicplot.py -@@ -113,7 +113,11 @@ def test_mosaic(): - # sort by the marriage quality and give meaningful name - # [rate_marriage, age, yrs_married, children, - # religious, educ, occupation, occupation_husb] -- datas = datas.sort_values(by=['rate_marriage', 'religious']) -+ if pandas.__version__ < '0.17.0': -+ datas = datas.sort(['rate_marriage', 'religious']) -+ else: -+ datas = datas.sort_values(by=['rate_marriage', 'religious']) -+ - num_to_desc = {1: 'awful', 2: 'bad', 3: 'intermediate', - 4: 'good', 5: 'wonderful'} - datas['rate_marriage'] = datas['rate_marriage'].map(num_to_desc) -diff --git a/statsmodels/graphics/tsaplots.py b/statsmodels/graphics/tsaplots.py -index 94626c9..217724f 100644 ---- a/statsmodels/graphics/tsaplots.py -+++ b/statsmodels/graphics/tsaplots.py -@@ -2,6 +2,7 @@ - - - import numpy as np -+import pandas - - from statsmodels.graphics import utils - from statsmodels.tsa.stattools import acf, pacf -@@ -200,7 +201,10 @@ def seasonal_plot(grouped_x, xticklabels, ylabel=None, ax=None): - ticks = [] - for season, df in grouped_x: - df = df.copy() # or sort balks for series. may be better way -- df.sort_values(inplace=True) -+ if pandas.__version__ < '0.17.0': -+ df.sort() -+ else: -+ df.sort_values(inplace=True) - nobs = len(df) - x_plot = np.arange(start, start + nobs) - ticks.append(x_plot.mean()) +This drops a test that fails with numpy 1.12. + +Upstream bug URL: https://github.com/statsmodels/statsmodels/issues/3541 + +--- a/statsmodels/discrete/tests/test_discrete.py 2017-03-06 15:29:19.947343331 +0000 ++++ b/statsmodels/discrete/tests/test_discrete.py 2017-03-06 15:29:37.759328845 +0000 +@@ -1329,21 +1329,6 @@ + res = mod.fit(start_params=-np.ones(4), method='newton', disp=0) + assert_(not res.mle_retvals['converged']) + +-def test_issue_339(): +- # make sure MNLogit summary works for J != K. +- data = sm.datasets.anes96.load() +- exog = data.exog +- # leave out last exog column +- exog = exog[:,:-1] +- exog = sm.add_constant(exog, prepend=True) +- res1 = sm.MNLogit(data.endog, exog).fit(method="newton", disp=0) +- # strip the header from the test +- smry = "\n".join(res1.summary().as_text().split('\n')[9:]) +- cur_dir = os.path.dirname(os.path.abspath(__file__)) +- test_case_file = os.path.join(cur_dir, 'results', 'mn_logit_summary.txt') +- test_case = open(test_case_file, 'r').read() +- np.testing.assert_equal(smry, test_case[:-1]) +- + def test_issue_341(): + data = sm.datasets.anes96.load() + exog = data.exog diff --git a/gnu/packages/patches/python2-subprocess32-disable-input-test.patch b/gnu/packages/patches/python2-subprocess32-disable-input-test.patch new file mode 100644 index 0000000000..05b4eef1ba --- /dev/null +++ b/gnu/packages/patches/python2-subprocess32-disable-input-test.patch @@ -0,0 +1,18 @@ +This test tries to send a KeyboardInterrupt, which does +not work in the build environment. + +--- a/test_subprocess32.py 2017-03-06 22:21:49.334045485 +0100 ++++ b/test_subprocess32.py 2017-03-06 22:22:02.490439949 +0100 +@@ -1299,12 +1299,6 @@ + getattr(p, method)(*args) + return p + +- def test_send_signal(self): +- p = self._kill_process('send_signal', signal.SIGINT) +- _, stderr = p.communicate() +- self.assertIn('KeyboardInterrupt', stderr) +- self.assertNotEqual(p.wait(), 0) +- + def test_kill(self): + p = self._kill_process('kill') + _, stderr = p.communicate() diff --git a/gnu/packages/patches/screen-CVE-2017-5618.patch b/gnu/packages/patches/screen-CVE-2017-5618.patch deleted file mode 100644 index 1b95e428c8..0000000000 --- a/gnu/packages/patches/screen-CVE-2017-5618.patch +++ /dev/null @@ -1,40 +0,0 @@ -Fixes CVE-2017-5618 (privilege escalation via opening the logfile when -screen is installed setuid root): - -https://savannah.gnu.org/bugs/?50142 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5618 - -This patch reverts the upstream commit that introduced the bug: - -https://git.savannah.gnu.org/cgit/screen.git/commit/?id=5460f5d28c01a9a58e021eb1dffef2965e629d58 - -From f55b0cc29a0ac2a1c54e8a5e886b7393edd4a76c Mon Sep 17 00:00:00 2001 -From: Leo Famulari <leo@famulari.name> -Date: Sat, 11 Feb 2017 22:40:24 -0500 -Subject: [PATCH] Revert "adding permissions check for the logfile name" - -This reverts commit 5460f5d28c01a9a58e021eb1dffef2965e629d58. ---- - src/screen.c | 6 ------ - 1 file changed, 6 deletions(-) - -diff --git a/src/screen.c b/src/screen.c -index 64650e9..283c305 100644 ---- a/src/screen.c -+++ b/src/screen.c -@@ -673,12 +673,6 @@ int main(int ac, char** av) - Panic(0, "-L: logfile name can not start with \"-\" symbol"); - if (strlen(screenlogfile) > PATH_MAX) - Panic(0, "-L: logfile name too long. (max. %d char)", PATH_MAX); -- -- FILE *w_check; -- if ((w_check = fopen(screenlogfile, "w")) == NULL) -- Panic(0, "-L: logfile name access problem"); -- else -- fclose(w_check); - } - nwin_options.Lflag = 1; - break; --- -2.11.1 - diff --git a/gnu/packages/patches/shadow-CVE-2017-2616.patch b/gnu/packages/patches/shadow-CVE-2017-2616.patch new file mode 100644 index 0000000000..f88aac40bc --- /dev/null +++ b/gnu/packages/patches/shadow-CVE-2017-2616.patch @@ -0,0 +1,72 @@ +Fix CVE-2017-2616: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616 +http://seclists.org/oss-sec/2017/q1/490 +http://seclists.org/oss-sec/2017/q1/474 + +Patch copied from upstream source repository: + +https://github.com/shadow-maint/shadow/commit/08fd4b69e84364677a10e519ccb25b71710ee686 + +From 08fd4b69e84364677a10e519ccb25b71710ee686 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann <tobias@stoeckmann.org> +Date: Thu, 23 Feb 2017 09:47:29 -0600 +Subject: [PATCH] su: properly clear child PID + +If su is compiled with PAM support, it is possible for any local user +to send SIGKILL to other processes with root privileges. There are +only two conditions. First, the user must be able to perform su with +a successful login. This does NOT have to be the root user, even using +su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL +can only be sent to processes which were executed after the su process. +It is not possible to send SIGKILL to processes which were already +running. I consider this as a security vulnerability, because I was +able to write a proof of concept which unlocked a screen saver of +another user this way. +--- + src/su.c | 19 +++++++++++++++++-- + 1 file changed, 17 insertions(+), 2 deletions(-) + +diff --git a/src/su.c b/src/su.c +index f20d230..d86aa86 100644 +--- a/src/su.c ++++ b/src/su.c +@@ -379,11 +379,13 @@ static void prepare_pam_close_session (void) + /* wake child when resumed */ + kill (pid, SIGCONT); + stop = false; ++ } else { ++ pid_child = 0; + } + } while (!stop); + } + +- if (0 != caught) { ++ if (0 != caught && 0 != pid_child) { + (void) fputs ("\n", stderr); + (void) fputs (_("Session terminated, terminating shell..."), + stderr); +@@ -393,9 +395,22 @@ static void prepare_pam_close_session (void) + snprintf (wait_msg, sizeof wait_msg, _(" ...waiting for child to terminate.\n")); + + (void) signal (SIGALRM, kill_child); ++ (void) signal (SIGCHLD, catch_signals); + (void) alarm (2); + +- (void) wait (&status); ++ sigemptyset (&ourset); ++ if ((sigaddset (&ourset, SIGALRM) != 0) ++ || (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0)) { ++ fprintf (stderr, _("%s: signal masking malfunction\n"), Prog); ++ kill_child (0); ++ } else { ++ while (0 == waitpid (pid_child, &status, WNOHANG)) { ++ sigsuspend (&ourset); ++ } ++ pid_child = 0; ++ (void) sigprocmask (SIG_UNBLOCK, &ourset, NULL); ++ } ++ + (void) fputs (_(" ...terminated.\n"), stderr); + } + diff --git a/gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch b/gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch new file mode 100644 index 0000000000..3a9ae993f6 --- /dev/null +++ b/gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch @@ -0,0 +1,18 @@ +Fix CVE-2016-10243: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10243 + +Patch adapted from upstream commit: + +https://www.tug.org/svn/texlive?view=revision&revision=42605 + +--- trunk/Master/texmf-dist/web2c/texmf.cnf 2016/11/29 23:10:33 42604 ++++ trunk/Master/texmf-dist/web2c/texmf.cnf 2016/11/29 23:27:53 42605 +@@ -568,7 +568,6 @@ extractbb,\ + gregorio,\ + kpsewhich,\ + makeindex,\ +-mpost,\ + repstopdf,\ + + % we'd like to allow: diff --git a/gnu/packages/patches/util-linux-CVE-2017-2616.patch b/gnu/packages/patches/util-linux-CVE-2017-2616.patch new file mode 100644 index 0000000000..2c82fb06d2 --- /dev/null +++ b/gnu/packages/patches/util-linux-CVE-2017-2616.patch @@ -0,0 +1,65 @@ +Fix CVE-2017-2616: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616 +http://seclists.org/oss-sec/2017/q1/474 + +Patch copied from upstream source repository: + +https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=dffab154d29a288aa171ff50263ecc8f2e14a891 + +From b018571132cb8c9fece3d75ed240cc74cdb5f0f7 Mon Sep 17 00:00:00 2001 +From: Karel Zak <kzak@redhat.com> +Date: Wed, 1 Feb 2017 11:58:09 +0100 +Subject: [PATCH] su: properly clear child PID +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Reported-by: Tobias Stöckmann <tobias@stoeckmann.org> +Signed-off-by: Karel Zak <kzak@redhat.com> +--- + login-utils/su-common.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/login-utils/su-common.c b/login-utils/su-common.c +index 0ea4e40bd..b1720f037 100644 +--- a/login-utils/su-common.c ++++ b/login-utils/su-common.c +@@ -376,6 +376,9 @@ create_watching_parent (void) + } + else + status = WEXITSTATUS (status); ++ ++ /* child is gone, don't use the PID anymore */ ++ child = (pid_t) -1; + } + else if (caught_signal) + status = caught_signal + 128; +@@ -385,7 +388,7 @@ create_watching_parent (void) + else + status = 1; + +- if (caught_signal) ++ if (caught_signal && child != (pid_t)-1) + { + fprintf (stderr, _("\nSession terminated, killing shell...")); + kill (child, SIGTERM); +@@ -395,9 +398,12 @@ create_watching_parent (void) + + if (caught_signal) + { +- sleep (2); +- kill (child, SIGKILL); +- fprintf (stderr, _(" ...killed.\n")); ++ if (child != (pid_t)-1) ++ { ++ sleep (2); ++ kill (child, SIGKILL); ++ fprintf (stderr, _(" ...killed.\n")); ++ } + + /* Let's terminate itself with the received signal. + * +-- +2.11.1 + diff --git a/gnu/packages/patches/vdirsyncer-test-suite-slow-machines.patch b/gnu/packages/patches/vdirsyncer-test-suite-slow-machines.patch deleted file mode 100644 index 03093e8330..0000000000 --- a/gnu/packages/patches/vdirsyncer-test-suite-slow-machines.patch +++ /dev/null @@ -1,42 +0,0 @@ -Fix test failures caused by some build machines running more slowly than -expected, which manifest like this: - ------- -> raise FailedHealthCheck(message) -E hypothesis.errors.FailedHealthCheck: Data generation is extremely slow: Only produced 4 valid examples in 1.08 seconds (1 invalid ones and 0 exceeded maximum size). Try decreasing size of the data you're generating (with e.g.average_size or max_leaves parameters). -E See http://hypothesis.readthedocs.org/en/latest/healthchecks.html for more information about this. If you want to disable just this health check, add HealthCheck.too_slowto the suppress_health_check settings for this test. - -/gnu/store/b8d1r8bilvm3jkncgrpvmg3dni9cgcr1-python-hypothesis-3.1.0/lib/python3.5/site-packages/hypothesis/core.py:296: FailedHealthCheck ------- - -Patch copied from upstream source repository: - -https://github.com/pimutils/vdirsyncer/commit/10490a12f13f03495e0945eb9d45d7aed9ab0a6c - -From 10490a12f13f03495e0945eb9d45d7aed9ab0a6c Mon Sep 17 00:00:00 2001 -From: Markus Unterwaditzer <markus@unterwaditzer.net> -Date: Sat, 18 Feb 2017 15:45:06 +0100 -Subject: [PATCH] Unconditionally disable HealthCheck.too_slow - ---- - tests/conftest.py | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/tests/conftest.py b/tests/conftest.py -index e0a07d5..3afd7cd 100644 ---- a/tests/conftest.py -+++ b/tests/conftest.py -@@ -26,10 +26,12 @@ def benchmark(): - else: - del pytest_benchmark - -+ -+settings.suppress_health_check = [HealthCheck.too_slow] -+ - settings.register_profile("ci", settings( - max_examples=1000, - verbosity=Verbosity.verbose, -- suppress_health_check=[HealthCheck.too_slow] - )) - settings.register_profile("deterministic", settings( - derandomize=True, diff --git a/gnu/packages/patches/vim-CVE-2017-5953.patch b/gnu/packages/patches/vim-CVE-2017-5953.patch index 7b66f1bf16..070f98c2cb 100644 --- a/gnu/packages/patches/vim-CVE-2017-5953.patch +++ b/gnu/packages/patches/vim-CVE-2017-5953.patch @@ -3,20 +3,28 @@ Fix CVE-2017-5953: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5953 https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY -Patch adapted from upstream commit, correcting the transcription error -in the bounds check: +This change is adapted from the upstream source repository: -https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d +https://github.com/vim/vim/commit/6d3c8586fc81b022e9f06c611b9926108fb878c7 diff --git a/src/spellfile.c b/src/spellfile.c -index c7d87c6..8b1a3a6 100644 +index c7d87c6..00ef019 100644 --- a/src/spellfile.c +++ b/src/spellfile.c +@@ -1585,7 +1585,7 @@ spell_read_tree( + int prefixtree, /* TRUE for the prefix tree */ + int prefixcnt) /* when "prefixtree" is TRUE: prefix count */ + { +- int len; ++ long len; + int idx; + char_u *bp; + idx_T *ip; @@ -1595,6 +1595,9 @@ spell_read_tree( len = get4c(fd); if (len < 0) return SP_TRUNCERROR; -+ if (len >= 0x3fffffff) ++ if (len >= LONG_MAX / (long)sizeof(int)) + /* Invalid length, multiply with sizeof(int) would overflow. */ + return SP_FORMERROR; if (len > 0) diff --git a/gnu/packages/patches/wxwidgets-fix-windowGTK.patch b/gnu/packages/patches/wxwidgets-fix-windowGTK.patch new file mode 100644 index 0000000000..1255835d01 --- /dev/null +++ b/gnu/packages/patches/wxwidgets-fix-windowGTK.patch @@ -0,0 +1,18 @@ +This patch allow Filezilla client to resize window. +The patch was adapted from upstream source repository: +'<http://trac.wxwidgets.org/changeset/4793e5b0a4e189e492287305859b278fed780080/git-wxWidgets>' + +--- a/src/gtk/toplevel.cpp 2014-10-06 16:33:44.000000000 -0500 ++++ b/src/gtk/toplevel.cpp 2017-02-16 21:33:27.779907810 -0600 +@@ -1216,8 +1216,9 @@ + int hints_mask = GDK_HINT_MIN_SIZE | GDK_HINT_MAX_SIZE; + hints.min_width = 1; + hints.min_height = 1; +- hints.max_width = INT_MAX; +- hints.max_height = INT_MAX; ++ // using INT_MAX for size will lead to integer overflow with HiDPI scaling ++ hints.max_width = INT_MAX / 16; ++ hints.max_height = INT_MAX / 16; + const int decorSize_x = m_decorSize.left + m_decorSize.right; + const int decorSize_y = m_decorSize.top + m_decorSize.bottom; + if (minSize.x > decorSize_x) |