Merge branch 'master' into staging

7 files changed, 264 insertions, 135 deletions

diff --git a/gnu/packages/patches/beets-python-3.7-fix.patch b/gnu/packages/patches/beets-python-3.7-fix.patch
new file mode 100644
index 0000000000..43707cd9d0
--- /dev/null
+++ b/gnu/packages/patches/beets-python-3.7-fix.patch
@@ -0,0 +1,57 @@
+Fix compatibility issue with Python 3.7:
+
+https://github.com/beetbox/beets/issues/2978
+
+Patch copied from upstream source repository:
+
+https://github.com/beetbox/beets/commit/15d44f02a391764da1ce1f239caef819f08beed8
+
+From 15d44f02a391764da1ce1f239caef819f08beed8 Mon Sep 17 00:00:00 2001
+From: Adrian Sampson <adrian@radbox.org>
+Date: Sun, 22 Jul 2018 12:34:19 -0400
+Subject: [PATCH] Fix Python 3.7 compatibility (#2978)
+
+---
+ beets/autotag/hooks.py | 8 +++++++-
+ docs/changelog.rst     | 2 ++
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/beets/autotag/hooks.py b/beets/autotag/hooks.py
+index 3615a9333..1c62a54c5 100644
+--- a/beets/autotag/hooks.py
++++ b/beets/autotag/hooks.py
+@@ -31,6 +31,12 @@
+ 
+ log = logging.getLogger('beets')
+ 
++# The name of the type for patterns in re changed in Python 3.7.
++try:
++    Pattern = re._pattern_type
++except AttributeError:
++    Pattern = re.Pattern
++
+ 
+ # Classes used to represent candidate options.
+ 
+@@ -433,7 +439,7 @@ def _eq(self, value1, value2):
+         be a compiled regular expression, in which case it will be
+         matched against `value2`.
+         """
+-        if isinstance(value1, re._pattern_type):
++        if isinstance(value1, Pattern):
+             return bool(value1.match(value2))
+         return value1 == value2
+ 
+#diff --git a/docs/changelog.rst b/docs/changelog.rst
+#index be6de2904..d487f31f5 100644
+#--- a/docs/changelog.rst
+#+++ b/docs/changelog.rst
+#@@ -19,6 +19,8 @@ New features:
+# 
+# Fixes:
+# 
+#+* Fix compatibility Python 3.7 and its change to a name in the ``re`` module.
+#+  :bug:`2978`
+# * R128 normalization tags are now properly deleted from files when the values
+#   are missing.
+#   Thanks to :user:`autrimpo`.
diff --git a/gnu/packages/patches/elogind-glibc-2.27.patch b/gnu/packages/patches/elogind-glibc-2.27.patch
deleted file mode 100644
index 4ade587b5e..0000000000
--- a/gnu/packages/patches/elogind-glibc-2.27.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-Look for memfd_create in sys/mman.h instead of linux/memfd.h.
-Needed to build with glibc-2.27.
-
---- a/configure.ac	1969-12-31 19:00:00.000000000 -0500
-+++ b/configure.ac	2018-03-27 23:54:15.414589005 -0400
-@@ -360,7 +360,7 @@
- # ------------------------------------------------------------------------------
- 
- AC_CHECK_HEADERS([sys/capability.h], [], [AC_MSG_ERROR([*** POSIX caps headers not found])])
--AC_CHECK_HEADERS([linux/memfd.h], [], [])
-+AC_CHECK_HEADERS([sys/mman.h], [], [])
- 
- AC_CHECK_HEADERS([printf.h], [have_printf_h=yes], [have_printf_h=no])
- AS_IF([test x$have_printf_h = xyes], [
-@@ -395,6 +395,7 @@
-                 [], [], [[
- #include <sys/types.h>
- #include <unistd.h>
-+#include <sys/mman.h>
- #include <sys/mount.h>
- #include <fcntl.h>
- #include <sched.h>
diff --git a/gnu/packages/patches/gcc-libsanitizer-fix.patch b/gnu/packages/patches/gcc-libsanitizer-fix.patch
deleted file mode 100644
index 67aa44bed4..0000000000
--- a/gnu/packages/patches/gcc-libsanitizer-fix.patch
+++ /dev/null
@@ -1,113 +0,0 @@
-https://gcc.gnu.org/git/?p=gcc.git;a=patch;h=8937b94d1a643fd9760714642296d034a45254a8
-https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81066
-
-This patch can be removed when gcc-6.5.0 is released
-
-From 8937b94d1a643fd9760714642296d034a45254a8 Mon Sep 17 00:00:00 2001
-From: doko <doko@138bc75d-0d04-0410-961f-82ee72b054a4>
-Date: Thu, 7 Sep 2017 07:15:24 +0000
-Subject: [PATCH] 2017-09-07  Matthias Klose  <doko@ubuntu.com>
-
-        Backported from mainline
-        2017-07-14  Jakub Jelinek  <jakub@redhat.com>
-
-        PR sanitizer/81066
-        * sanitizer_common/sanitizer_linux.h: Cherry-pick upstream r307969.
-        * sanitizer_common/sanitizer_linux.cc: Likewise.
-        * sanitizer_common/sanitizer_stoptheworld_linux_libcdep.cc: Likewise.
-        * tsan/tsan_platform_linux.cc: Likewise.
-
-
-git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/branches/gcc-6-branch@251828 138bc75d-0d04-0410-961f-82ee72b054a4
----
- libsanitizer/ChangeLog                                        | 11 +++++++++++
- libsanitizer/sanitizer_common/sanitizer_linux.cc              |  3 +--
- libsanitizer/sanitizer_common/sanitizer_linux.h               |  4 +---
- .../sanitizer_common/sanitizer_stoptheworld_linux_libcdep.cc  |  2 +-
- libsanitizer/tsan/tsan_platform_linux.cc                      |  2 +-
- 5 files changed, 15 insertions(+), 7 deletions(-)
-
-diff --git a/libsanitizer/ChangeLog b/libsanitizer/ChangeLog
-index 252cd09..d988b28 100644
---- a/libsanitizer/ChangeLog
-+++ b/libsanitizer/ChangeLog
-@@ -1,3 +1,14 @@
-+2017-09-07  Matthias Klose  <doko@ubuntu.com>
-+
-+	Backported from mainline
-+	2017-07-14  Jakub Jelinek  <jakub@redhat.com>
-+
-+	PR sanitizer/81066
-+	* sanitizer_common/sanitizer_linux.h: Cherry-pick upstream r307969.
-+	* sanitizer_common/sanitizer_linux.cc: Likewise.
-+	* sanitizer_common/sanitizer_stoptheworld_linux_libcdep.cc: Likewise.
-+	* tsan/tsan_platform_linux.cc: Likewise.
-+
- 2017-07-04  Release Manager
- 
- 	* GCC 6.4.0 released.
-diff --git a/libsanitizer/sanitizer_common/sanitizer_linux.cc b/libsanitizer/sanitizer_common/sanitizer_linux.cc
-index 2cefa20..223d9c6 100644
---- a/libsanitizer/sanitizer_common/sanitizer_linux.cc
-+++ b/libsanitizer/sanitizer_common/sanitizer_linux.cc
-@@ -546,8 +546,7 @@ uptr internal_prctl(int option, uptr arg2, uptr arg3, uptr arg4, uptr arg5) {
- }
- #endif
- 
--uptr internal_sigaltstack(const struct sigaltstack *ss,
--                         struct sigaltstack *oss) {
-+uptr internal_sigaltstack(const void *ss, void *oss) {
-   return internal_syscall(SYSCALL(sigaltstack), (uptr)ss, (uptr)oss);
- }
- 
-diff --git a/libsanitizer/sanitizer_common/sanitizer_linux.h b/libsanitizer/sanitizer_common/sanitizer_linux.h
-index 4497702..1594058 100644
---- a/libsanitizer/sanitizer_common/sanitizer_linux.h
-+++ b/libsanitizer/sanitizer_common/sanitizer_linux.h
-@@ -19,7 +19,6 @@
- #include "sanitizer_platform_limits_posix.h"
- 
- struct link_map;  // Opaque type returned by dlopen().
--struct sigaltstack;
- 
- namespace __sanitizer {
- // Dirent structure for getdents(). Note that this structure is different from
-@@ -28,8 +27,7 @@ struct linux_dirent;
- 
- // Syscall wrappers.
- uptr internal_getdents(fd_t fd, struct linux_dirent *dirp, unsigned int count);
--uptr internal_sigaltstack(const struct sigaltstack* ss,
--                          struct sigaltstack* oss);
-+uptr internal_sigaltstack(const void* ss, void* oss);
- uptr internal_sigprocmask(int how, __sanitizer_sigset_t *set,
-     __sanitizer_sigset_t *oldset);
- void internal_sigfillset(__sanitizer_sigset_t *set);
-diff --git a/libsanitizer/sanitizer_common/sanitizer_stoptheworld_linux_libcdep.cc b/libsanitizer/sanitizer_common/sanitizer_stoptheworld_linux_libcdep.cc
-index c919e4f..014162af 100644
---- a/libsanitizer/sanitizer_common/sanitizer_stoptheworld_linux_libcdep.cc
-+++ b/libsanitizer/sanitizer_common/sanitizer_stoptheworld_linux_libcdep.cc
-@@ -267,7 +267,7 @@ static int TracerThread(void* argument) {
- 
-   // Alternate stack for signal handling.
-   InternalScopedBuffer<char> handler_stack_memory(kHandlerStackSize);
--  struct sigaltstack handler_stack;
-+  stack_t handler_stack;
-   internal_memset(&handler_stack, 0, sizeof(handler_stack));
-   handler_stack.ss_sp = handler_stack_memory.data();
-   handler_stack.ss_size = kHandlerStackSize;
-diff --git a/libsanitizer/tsan/tsan_platform_linux.cc b/libsanitizer/tsan/tsan_platform_linux.cc
-index 09cec5f..908f4fe 100644
---- a/libsanitizer/tsan/tsan_platform_linux.cc
-+++ b/libsanitizer/tsan/tsan_platform_linux.cc
-@@ -291,7 +291,7 @@ bool IsGlobalVar(uptr addr) {
- int ExtractResolvFDs(void *state, int *fds, int nfd) {
- #if SANITIZER_LINUX
-   int cnt = 0;
--  __res_state *statp = (__res_state*)state;
-+  struct __res_state *statp = (struct __res_state*)state;
-   for (int i = 0; i < MAXNS && cnt < nfd; i++) {
-     if (statp->_u._ext.nsaddrs[i] && statp->_u._ext.nssocks[i] != -1)
-       fds[cnt++] = statp->_u._ext.nssocks[i];
--- 
-2.9.3
-
diff --git a/gnu/packages/patches/qemu-CVE-2018-16847.patch b/gnu/packages/patches/qemu-CVE-2018-16847.patch
new file mode 100644
index 0000000000..c76bdf764a
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2018-16847.patch
@@ -0,0 +1,158 @@
+Fix CVE-2018-16847:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16847
+
+Patch copied from upstream source repository:
+
+https://git.qemu.org/?p=qemu.git;a=commitdiff;h=87ad860c622cc8f8916b5232bd8728c08f938fce
+
+From 87ad860c622cc8f8916b5232bd8728c08f938fce Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Tue, 20 Nov 2018 19:41:48 +0100
+Subject: [PATCH] nvme: fix out-of-bounds access to the CMB
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Because the CMB BAR has a min_access_size of 2, if you read the last
+byte it will try to memcpy *2* bytes from n->cmbuf, causing an off-by-one
+error.  This is CVE-2018-16847.
+
+Another way to fix this might be to register the CMB as a RAM memory
+region, which would also be more efficient.  However, that might be a
+change for big-endian machines; I didn't think this through and I don't
+know how real hardware works.  Add a basic testcase for the CMB in case
+somebody does this change later on.
+
+Cc: Keith Busch <keith.busch@intel.com>
+Cc: qemu-block@nongnu.org
+Reported-by: Li Qiang <liq3ea@gmail.com>
+Reviewed-by: Li Qiang <liq3ea@gmail.com>
+Tested-by: Li Qiang <liq3ea@gmail.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+---
+ hw/block/nvme.c        |  2 +-
+ tests/Makefile.include |  2 +-
+ tests/nvme-test.c      | 68 +++++++++++++++++++++++++++++++++++-------
+ 3 files changed, 60 insertions(+), 12 deletions(-)
+
+diff --git a/hw/block/nvme.c b/hw/block/nvme.c
+index 28d284346dd..8c35cab2b43 100644
+--- a/hw/block/nvme.c
++++ b/hw/block/nvme.c
+@@ -1201,7 +1201,7 @@ static const MemoryRegionOps nvme_cmb_ops = {
+     .write = nvme_cmb_write,
+     .endianness = DEVICE_LITTLE_ENDIAN,
+     .impl = {
+-        .min_access_size = 2,
++        .min_access_size = 1,
+         .max_access_size = 8,
+     },
+ };
+diff --git a/tests/Makefile.include b/tests/Makefile.include
+index 613242bc6ef..fb0b449c02a 100644
+--- a/tests/Makefile.include
++++ b/tests/Makefile.include
+@@ -730,7 +730,7 @@ tests/test-hmp$(EXESUF): tests/test-hmp.o
+ tests/machine-none-test$(EXESUF): tests/machine-none-test.o
+ tests/drive_del-test$(EXESUF): tests/drive_del-test.o $(libqos-virtio-obj-y)
+ tests/qdev-monitor-test$(EXESUF): tests/qdev-monitor-test.o $(libqos-pc-obj-y)
+-tests/nvme-test$(EXESUF): tests/nvme-test.o
++tests/nvme-test$(EXESUF): tests/nvme-test.o $(libqos-pc-obj-y)
+ tests/pvpanic-test$(EXESUF): tests/pvpanic-test.o
+ tests/i82801b11-test$(EXESUF): tests/i82801b11-test.o
+ tests/ac97-test$(EXESUF): tests/ac97-test.o
+diff --git a/tests/nvme-test.c b/tests/nvme-test.c
+index 7674a446e4f..2700ba838aa 100644
+--- a/tests/nvme-test.c
++++ b/tests/nvme-test.c
+@@ -8,25 +8,73 @@
+  */
+ 
+ #include "qemu/osdep.h"
++#include "qemu/units.h"
+ #include "libqtest.h"
++#include "libqos/libqos-pc.h"
++
++static QOSState *qnvme_start(const char *extra_opts)
++{
++    QOSState *qs;
++    const char *arch = qtest_get_arch();
++    const char *cmd = "-drive id=drv0,if=none,file=null-co://,format=raw "
++                      "-device nvme,addr=0x4.0,serial=foo,drive=drv0 %s";
++
++    if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) {
++        qs = qtest_pc_boot(cmd, extra_opts ? : "");
++        global_qtest = qs->qts;
++        return qs;
++    }
++
++    g_printerr("nvme tests are only available on x86\n");
++    exit(EXIT_FAILURE);
++}
++
++static void qnvme_stop(QOSState *qs)
++{
++    qtest_shutdown(qs);
++}
+ 
+-/* Tests only initialization so far. TODO: Replace with functional tests */
+ static void nop(void)
+ {
++    QOSState *qs;
++
++    qs = qnvme_start(NULL);
++    qnvme_stop(qs);
+ }
+ 
+-int main(int argc, char **argv)
++static void nvmetest_cmb_test(void)
+ {
+-    int ret;
++    const int cmb_bar_size = 2 * MiB;
++    QOSState *qs;
++    QPCIDevice *pdev;
++    QPCIBar bar;
+ 
+-    g_test_init(&argc, &argv, NULL);
+-    qtest_add_func("/nvme/nop", nop);
++    qs = qnvme_start("-global nvme.cmb_size_mb=2");
++    pdev = qpci_device_find(qs->pcibus, QPCI_DEVFN(4,0));
++    g_assert(pdev != NULL);
++
++    qpci_device_enable(pdev);
++    bar = qpci_iomap(pdev, 2, NULL);
++
++    qpci_io_writel(pdev, bar, 0, 0xccbbaa99);
++    g_assert_cmpint(qpci_io_readb(pdev, bar, 0), ==, 0x99);
++    g_assert_cmpint(qpci_io_readw(pdev, bar, 0), ==, 0xaa99);
++
++    /* Test partially out-of-bounds accesses.  */
++    qpci_io_writel(pdev, bar, cmb_bar_size - 1, 0x44332211);
++    g_assert_cmpint(qpci_io_readb(pdev, bar, cmb_bar_size - 1), ==, 0x11);
++    g_assert_cmpint(qpci_io_readw(pdev, bar, cmb_bar_size - 1), !=, 0x2211);
++    g_assert_cmpint(qpci_io_readl(pdev, bar, cmb_bar_size - 1), !=, 0x44332211);
++    g_free(pdev);
+ 
+-    qtest_start("-drive id=drv0,if=none,file=null-co://,format=raw "
+-                "-device nvme,drive=drv0,serial=foo");
+-    ret = g_test_run();
++    qnvme_stop(qs);
++}
+ 
+-    qtest_end();
++int main(int argc, char **argv)
++{
++    g_test_init(&argc, &argv, NULL);
++    qtest_add_func("/nvme/nop", nop);
++    qtest_add_func("/nvme/cmb_test", nvmetest_cmb_test);
+ 
+-    return ret;
++    return g_test_run();
+ }
+-- 
+2.19.2
+
diff --git a/gnu/packages/patches/qemu-CVE-2018-16867.patch b/gnu/packages/patches/qemu-CVE-2018-16867.patch
new file mode 100644
index 0000000000..1403d8e0f8
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2018-16867.patch
@@ -0,0 +1,49 @@
+Fix CVE-2018-16867:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16867
+https://seclists.org/oss-sec/2018/q4/202
+
+Patch copied from upstream source repository:
+
+https://git.qemu.org/?p=qemu.git;a=commitdiff;h=c52d46e041b42bb1ee6f692e00a0abe37a9659f6
+
+From c52d46e041b42bb1ee6f692e00a0abe37a9659f6 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Mon, 3 Dec 2018 11:10:45 +0100
+Subject: [PATCH] usb-mtp: outlaw slashes in filenames
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Slash is unix directory separator, so they are not allowed in filenames.
+Note this also stops the classic escape via "../".
+
+Fixes: CVE-2018-16867
+Reported-by: Michael Hanselmann <public@hansmi.ch>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Message-id: 20181203101045.27976-3-kraxel@redhat.com
+---
+ hw/usb/dev-mtp.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
+index 0f6a9702ef1..100b7171f4e 100644
+--- a/hw/usb/dev-mtp.c
++++ b/hw/usb/dev-mtp.c
+@@ -1719,6 +1719,12 @@ static void usb_mtp_write_metadata(MTPState *s)
+ 
+     filename = utf16_to_str(dataset->length, dataset->filename);
+ 
++    if (strchr(filename, '/')) {
++        usb_mtp_queue_result(s, RES_PARAMETER_NOT_SUPPORTED, d->trans,
++                             0, 0, 0, 0);
++        return;
++    }
++
+     o = usb_mtp_object_lookup_name(p, filename, dataset->length);
+     if (o != NULL) {
+         next_handle = o->handle;
+-- 
+2.19.2
+
diff --git a/gnu/packages/patches/quilt-compat-getopt-fix-option-with-nondigit-param.patch b/gnu/packages/patches/quilt-getopt-nondigit-param.patch
index 6bbec67e75..6bbec67e75 100644
--- a/gnu/packages/patches/quilt-compat-getopt-fix-option-with-nondigit-param.patch
+++ b/gnu/packages/patches/quilt-getopt-nondigit-param.patch
diff --git a/gnu/packages/patches/quilt-compat-getopt-fix-second-separator.patch b/gnu/packages/patches/quilt-getopt-second-separator.patch
index cde2c8d41c..cde2c8d41c 100644
--- a/gnu/packages/patches/quilt-compat-getopt-fix-second-separator.patch
+++ b/gnu/packages/patches/quilt-getopt-second-separator.patch