summary refs log tree commit diff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2019-06-05 19:46:16 +0200
committerMarius Bakke <mbakke@fastmail.com>2019-06-05 19:46:16 +0200
commitd4721ff1017b64e5242b09fd7b430665ec580524 (patch)
tree1bd9ce1a339f5b348e780e4bb7f53a4333bfce01 /gnu/packages/patches
parent30e12b9664d774aca3948b1fa2e0aee6af09ca40 (diff)
parentc0f6eebb6d9f6ca9b62344f32ce5f82dab601d53 (diff)
downloadguix-d4721ff1017b64e5242b09fd7b430665ec580524.tar.gz
Merge branch 'master' into staging
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/borg-fix-hard-link-preloading.patch157
-rw-r--r--gnu/packages/patches/icecat-makeicecat.patch56
-rw-r--r--gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch41
-rw-r--r--gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch41
-rw-r--r--gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch39
-rw-r--r--gnu/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch38
-rw-r--r--gnu/packages/patches/libevent-dns-tests.patch16
-rw-r--r--gnu/packages/patches/polkit-CVE-2018-19788.patch197
8 files changed, 6 insertions, 579 deletions
diff --git a/gnu/packages/patches/borg-fix-hard-link-preloading.patch b/gnu/packages/patches/borg-fix-hard-link-preloading.patch
deleted file mode 100644
index 92a4e22674..0000000000
--- a/gnu/packages/patches/borg-fix-hard-link-preloading.patch
+++ /dev/null
@@ -1,157 +0,0 @@
-Fix a bug that would cause the test suite to hang:
-
-https://github.com/borgbackup/borg/issues/4350
-
-Patch copied from upstream source repository:
-
-https://github.com/borgbackup/borg/commit/18242ab9e2f26c450b8507aa1d5eceadab8ad027
-
-From 18242ab9e2f26c450b8507aa1d5eceadab8ad027 Mon Sep 17 00:00:00 2001
-From: Thomas Waldmann <tw@waldmann-edv.de>
-Date: Thu, 2 May 2019 21:02:26 +0200
-Subject: [PATCH] preload chunks for hardlink slaves w/o preloaded master,
- fixes #4350
-
-also split the hardlink extraction test into 2 tests.
-
-(cherry picked from commit f33f318d816505161d1449a02ddfdeb97d6fe80a)
----
- src/borg/archive.py            | 42 +++++++++++++++++++++++++++++-----
- src/borg/archiver.py           |  5 ++--
- src/borg/testsuite/archiver.py | 20 +++++++++-------
- 3 files changed, 51 insertions(+), 16 deletions(-)
-
-diff --git a/src/borg/archive.py b/src/borg/archive.py
-index adc1f42c..0793672a 100644
---- a/src/borg/archive.py
-+++ b/src/borg/archive.py
-@@ -192,7 +192,7 @@ def __init__(self, repository, key):
-         self.repository = repository
-         self.key = key
- 
--    def unpack_many(self, ids, filter=None, preload=False):
-+    def unpack_many(self, ids, filter=None, partial_extract=False, preload=False, hardlink_masters=None):
-         """
-         Return iterator of items.
- 
-@@ -209,12 +209,40 @@ def unpack_many(self, ids, filter=None, preload=False):
-             for item in items:
-                 if 'chunks' in item:
-                     item.chunks = [ChunkListEntry(*e) for e in item.chunks]
-+
-+            def preload(chunks):
-+                self.repository.preload([c.id for c in chunks])
-+
-             if filter:
-                 items = [item for item in items if filter(item)]
-+
-             if preload:
--                for item in items:
--                    if 'chunks' in item:
--                        self.repository.preload([c.id for c in item.chunks])
-+                if filter and partial_extract:
-+                    # if we do only a partial extraction, it gets a bit
-+                    # complicated with computing the preload items: if a hardlink master item is not
-+                    # selected (== not extracted), we will still need to preload its chunks if a
-+                    # corresponding hardlink slave is selected (== is extracted).
-+                    # due to a side effect of the filter() call, we now have hardlink_masters dict populated.
-+                    masters_preloaded = set()
-+                    for item in items:
-+                        if 'chunks' in item:  # regular file, maybe a hardlink master
-+                            preload(item.chunks)
-+                            # if this is a hardlink master, remember that we already preloaded it:
-+                            if 'source' not in item and hardlinkable(item.mode) and item.get('hardlink_master', True):
-+                                masters_preloaded.add(item.path)
-+                        elif 'source' in item and hardlinkable(item.mode):  # hardlink slave
-+                            source = item.source
-+                            if source not in masters_preloaded:
-+                                # we only need to preload *once* (for the 1st selected slave)
-+                                chunks, _ = hardlink_masters[source]
-+                                preload(chunks)
-+                                masters_preloaded.add(source)
-+                else:
-+                    # easy: we do not have a filter, thus all items are selected, thus we need to preload all chunks.
-+                    for item in items:
-+                        if 'chunks' in item:
-+                            preload(item.chunks)
-+
-             for item in items:
-                 yield item
- 
-@@ -433,8 +461,10 @@ def item_filter(self, item, filter=None):
-             return False
-         return filter(item) if filter else True
- 
--    def iter_items(self, filter=None, preload=False):
--        for item in self.pipeline.unpack_many(self.metadata.items, preload=preload,
-+    def iter_items(self, filter=None, partial_extract=False, preload=False, hardlink_masters=None):
-+        assert not (filter and partial_extract and preload) or hardlink_masters is not None
-+        for item in self.pipeline.unpack_many(self.metadata.items, partial_extract=partial_extract,
-+                                              preload=preload, hardlink_masters=hardlink_masters,
-                                               filter=lambda item: self.item_filter(item, filter)):
-             yield item
- 
-diff --git a/src/borg/archiver.py b/src/borg/archiver.py
-index 957959d6..dcc20455 100644
---- a/src/borg/archiver.py
-+++ b/src/borg/archiver.py
-@@ -755,7 +755,8 @@ def peek_and_store_hardlink_masters(item, matched):
-         else:
-             pi = None
- 
--        for item in archive.iter_items(filter, preload=True):
-+        for item in archive.iter_items(filter, partial_extract=partial_extract,
-+                                       preload=True, hardlink_masters=hardlink_masters):
-             orig_path = item.path
-             if strip_components:
-                 item.path = os.sep.join(orig_path.split(os.sep)[strip_components:])
-@@ -997,7 +998,7 @@ def item_to_tarinfo(item, original_path):
-                 return None, stream
-             return tarinfo, stream
- 
--        for item in archive.iter_items(filter, preload=True):
-+        for item in archive.iter_items(filter, preload=True, hardlink_masters=hardlink_masters):
-             orig_path = item.path
-             if strip_components:
-                 item.path = os.sep.join(orig_path.split(os.sep)[strip_components:])
-diff --git a/src/borg/testsuite/archiver.py b/src/borg/testsuite/archiver.py
-index c35ad800..935b3d79 100644
---- a/src/borg/testsuite/archiver.py
-+++ b/src/borg/testsuite/archiver.py
-@@ -823,7 +823,18 @@ def test_mount_hardlinks(self):
-             assert open('input/dir1/subdir/hardlink', 'rb').read() == b'123456'
- 
-     @requires_hardlinks
--    def test_extract_hardlinks(self):
-+    def test_extract_hardlinks1(self):
-+        self._extract_hardlinks_setup()
-+        with changedir('output'):
-+            self.cmd('extract', self.repository_location + '::test')
-+            assert os.stat('input/source').st_nlink == 4
-+            assert os.stat('input/abba').st_nlink == 4
-+            assert os.stat('input/dir1/hardlink').st_nlink == 4
-+            assert os.stat('input/dir1/subdir/hardlink').st_nlink == 4
-+            assert open('input/dir1/subdir/hardlink', 'rb').read() == b'123456'
-+
-+    @requires_hardlinks
-+    def test_extract_hardlinks2(self):
-         self._extract_hardlinks_setup()
-         with changedir('output'):
-             self.cmd('extract', self.repository_location + '::test', '--strip-components', '2')
-@@ -839,13 +850,6 @@ def test_extract_hardlinks(self):
-             assert open('input/dir1/subdir/hardlink', 'rb').read() == b'123456'
-             assert os.stat('input/dir1/aaaa').st_nlink == 2
-             assert os.stat('input/dir1/source2').st_nlink == 2
--        with changedir('output'):
--            self.cmd('extract', self.repository_location + '::test')
--            assert os.stat('input/source').st_nlink == 4
--            assert os.stat('input/abba').st_nlink == 4
--            assert os.stat('input/dir1/hardlink').st_nlink == 4
--            assert os.stat('input/dir1/subdir/hardlink').st_nlink == 4
--            assert open('input/dir1/subdir/hardlink', 'rb').read() == b'123456'
- 
-     def test_extract_include_exclude(self):
-         self.cmd('init', '--encryption=repokey', self.repository_location)
--- 
-2.21.0
-
diff --git a/gnu/packages/patches/icecat-makeicecat.patch b/gnu/packages/patches/icecat-makeicecat.patch
index 2a11bf0b70..7d4f774c83 100644
--- a/gnu/packages/patches/icecat-makeicecat.patch
+++ b/gnu/packages/patches/icecat-makeicecat.patch
@@ -3,10 +3,10 @@ in a snippet without network access.  After this patch is applied, some
 additional changes will be made using 'substitute*'.
 
 diff --git a/makeicecat b/makeicecat
-index aa46b94..db27a86 100644
+index 5a4390b..fcfa143 100644
 --- a/makeicecat
 +++ b/makeicecat
-@@ -36,75 +36,75 @@ export DEBFULLNAME="Ruben Rodriguez"
+@@ -29,55 +29,55 @@ SOURCEDIR=icecat-$FFVERSION
  
  DATA="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"/data
  
@@ -25,6 +25,7 @@ index aa46b94..db27a86 100644
 -wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz.asc
 -gpg --recv-keys --keyserver keyserver.ubuntu.com 24C6F355
 -gpg --verify firefox-${FFVERSION}esr.source.tar.xz.asc
+-echo -n 0a5f0c1d8d1e9443d85083d37fec32e5cc15c1001ea992d49745490065b4a023 firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c -
 -
 -echo Extracting Firefox tarball
 -tar -xf firefox-${FFVERSION}esr.source.tar.xz
@@ -36,6 +37,7 @@ index aa46b94..db27a86 100644
 +# wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz.asc
 +# gpg --recv-keys --keyserver keyserver.ubuntu.com 24C6F355
 +# gpg --verify firefox-${FFVERSION}esr.source.tar.xz.asc
++# echo -n 0a5f0c1d8d1e9443d85083d37fec32e5cc15c1001ea992d49745490065b4a023 firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c -
 +# 
 +# echo Extracting Firefox tarball
 +# tar -xf firefox-${FFVERSION}esr.source.tar.xz
@@ -43,43 +45,6 @@ index aa46b94..db27a86 100644
 +# mv firefox-${FFVERSION} $SOURCEDIR
  
  ###############################################################################
- # Retrieve /debian from Ubuntu
- ###############################################################################
- 
--rm -rf firefox.$CODENAME
--bzr branch https://code.launchpad.net/~mozillateam/firefox/firefox.$CODENAME
--cd firefox.$CODENAME
--bzr revert -r$REVISION
--echo '3.0 (native)' > debian/source/format
--
--for PATCH in ubuntu-bookmarks.patch ubuntu-ua-string-changes.patch unity-menubar.patch ubuntu-search-defaults.patch fix-make-package-tests-without-webrtc.patch revert-upstream-search-engine-changes.patch
--do
--  rm debian/patches/$PATCH
--  sed "/$PATCH/d" -i debian/patches/series
--done
--sed "/test-/d" -i debian/patches/series
--cd ..
--
--mv firefox.$CODENAME/debian $SOURCEDIR
--rm -rf firefox.$CODENAME
-+# rm -rf firefox.$CODENAME
-+# bzr branch https://code.launchpad.net/~mozillateam/firefox/firefox.$CODENAME
-+# cd firefox.$CODENAME
-+# bzr revert -r$REVISION
-+# echo '3.0 (native)' > debian/source/format
-+# 
-+# for PATCH in ubuntu-bookmarks.patch ubuntu-ua-string-changes.patch unity-menubar.patch ubuntu-search-defaults.patch fix-make-package-tests-without-webrtc.patch revert-upstream-search-engine-changes.patch
-+# do
-+#   rm debian/patches/$PATCH
-+#   sed "/$PATCH/d" -i debian/patches/series
-+# done
-+# sed "/test-/d" -i debian/patches/series
-+# cd ..
-+# 
-+# mv firefox.$CODENAME/debian $SOURCEDIR
-+# rm -rf firefox.$CODENAME
- 
- ###############################################################################
  # Retrieve l10n
  ###############################################################################
  
@@ -133,19 +98,10 @@ index aa46b94..db27a86 100644
  
  #for patch in $DATA/patches/*; do
  #    echo Patching with file: $patch
-@@ -720,7 +720,7 @@ debian/rules debian/control
- touch -d "yesterday" debian/control
- debian/rules debian/control
- 
--echo | dch -b -D stable -v "$ICECATVERSION"  "Converted into IceCat (http://www.gnu.org/software/gnuzilla/)"
-+# echo | dch -b -D stable -v "$ICECATVERSION"  "Converted into IceCat (http://www.gnu.org/software/gnuzilla/)"
- sed "1s/firefox/icecat/" -i debian/changelog
- 
- touch configure js/src/configure
-@@ -734,6 +734,6 @@ sed 's/777/755/;' -i toolkit/crashreporter/google-breakpad/Makefile.in
+@@ -590,6 +590,6 @@ sed 's/777/755/;' -i toolkit/crashreporter/google-breakpad/Makefile.in
+ # Fix CVE-2012-3386
  /bin/sed 's/chmod a+w/chmod u+w/' -i ./js/src/ctypes/libffi/Makefile.in ./toolkit/crashreporter/google-breakpad/Makefile.in ./toolkit/crashreporter/google-breakpad/src/third_party/glog/Makefile.in || true
  
- 
 -cd ..
 -echo Packaging tarball
 -tar cfj icecat-$ICECATVERSION.tar.bz2 $SOURCEDIR
diff --git a/gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch b/gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch
deleted file mode 100644
index bffe2c454c..0000000000
--- a/gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-Fix CVE-2016-10195 (buffer overread in libevent's DNS code):
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10195
-https://github.com/libevent/libevent/issues/317
-
-Patch copied from upstream source repository:
-
-https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d
-
-From 3c570970516f48da35f42fef98276531fcc0abaa Mon Sep 17 00:00:00 2001
-From: Azat Khuzhin <a3at.mail@gmail.com>
-Date: Mon, 1 Feb 2016 17:32:09 +0300
-Subject: [PATCH] evdns: name_parse(): fix remote stack overread
-
----
- evdns.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/evdns.c b/evdns.c
-index 60b10485..137c24ea 100644
---- a/evdns.c
-+++ b/evdns.c
-@@ -960,7 +960,6 @@ name_parse(u8 *packet, int length, int *idx, char *name_out, int name_out_len) {
- 
- 	for (;;) {
- 		u8 label_len;
--		if (j >= length) return -1;
- 		GET8(label_len);
- 		if (!label_len) break;
- 		if (label_len & 0xc0) {
-@@ -981,6 +980,7 @@ name_parse(u8 *packet, int length, int *idx, char *name_out, int name_out_len) {
- 			*cp++ = '.';
- 		}
- 		if (cp + label_len >= end) return -1;
-+		if (j + label_len > length) return -1;
- 		memcpy(cp, packet + j, label_len);
- 		cp += label_len;
- 		j += label_len;
--- 
-2.11.0
-
diff --git a/gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch b/gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch
deleted file mode 100644
index 03f96e938b..0000000000
--- a/gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-Fix CVE-2016-10196 (buffer overflow in evutil):
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10196
-https://github.com/libevent/libevent/issues/318
-
-Patch copied from upstream source repository:
-
-https://github.com/libevent/libevent/commit/329acc18a0768c21ba22522f01a5c7f46cacc4d5
-
-From 28bdc2f3f62259d21ccaf7be2b60ef0a53e6f342 Mon Sep 17 00:00:00 2001
-From: Azat Khuzhin <a3at.mail@gmail.com>
-Date: Sun, 31 Jan 2016 00:57:16 +0300
-Subject: [PATCH] evutil_parse_sockaddr_port(): fix buffer overflow
-
----
- evutil.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/evutil.c b/evutil.c
-index 33445170..e2dfe6e4 100644
---- a/evutil.c
-+++ b/evutil.c
-@@ -1808,12 +1808,12 @@ evutil_parse_sockaddr_port(const char *ip_as_string, struct sockaddr *out, int *
- 
- 	cp = strchr(ip_as_string, ':');
- 	if (*ip_as_string == '[') {
--		int len;
-+		size_t len;
- 		if (!(cp = strchr(ip_as_string, ']'))) {
- 			return -1;
- 		}
--		len = (int) ( cp-(ip_as_string + 1) );
--		if (len > (int)sizeof(buf)-1) {
-+		len = ( cp-(ip_as_string + 1) );
-+		if (len > sizeof(buf)-1) {
- 			return -1;
- 		}
- 		memcpy(buf, ip_as_string+1, len);
--- 
-2.11.0
-
diff --git a/gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch b/gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch
deleted file mode 100644
index c62a328627..0000000000
--- a/gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-Fix CVE-2016-10197 (out of bounds read on empty hostnames in evdns):
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10197
-https://github.com/libevent/libevent/issues/332
-
-Patch copied from upstream source repository:
-
-https://github.com/libevent/libevent/commit/ec65c42052d95d2c23d1d837136d1cf1d9ecef9e
-
-From a0305cec166a5bc89f1eb362510cc4cd25ecc0bc Mon Sep 17 00:00:00 2001
-From: Azat Khuzhin <a3at.mail@gmail.com>
-Date: Fri, 25 Mar 2016 00:33:47 +0300
-Subject: [PATCH] evdns: fix searching empty hostnames
-
----
- evdns.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/evdns.c b/evdns.c
-index 137c24ea..6191c677 100644
---- a/evdns.c
-+++ b/evdns.c
-@@ -3122,9 +3122,12 @@ search_set_from_hostname(struct evdns_base *base) {
- static char *
- search_make_new(const struct search_state *const state, int n, const char *const base_name) {
- 	const size_t base_len = strlen(base_name);
--	const char need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1;
-+	char need_to_append_dot;
- 	struct search_domain *dom;
- 
-+	if (!base_len) return NULL;
-+	need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1;
-+
- 	for (dom = state->head; dom; dom = dom->next) {
- 		if (!n--) {
- 			/* this is the postfix we want */
--- 
-2.11.0
-
diff --git a/gnu/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch b/gnu/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch
deleted file mode 100644
index 0253700bf6..0000000000
--- a/gnu/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From a8769ef12d7e223e33fc47bed03fba2bfa2f3536 Mon Sep 17 00:00:00 2001
-From: Marcus Sundberg <marcus@marcussundberg.com>
-Date: Sat, 26 Mar 2016 20:11:43 +0100
-Subject: [PATCH] evbuffer_add: Use last_with_datap if set, not last.
-
-evbuffer_add() would always put data in the last chain, even if there
-was available space in a previous chain, and in doing so it also
-failed to update last_with_datap, causing subsequent calls to other
-functions that do look at last_with_datap to add data in the middle
-of the evbuffer instead of at the end.
-
-Fixes the evbuffer_add() part of issue #335, and the evbuffer/add2 and
-evbuffer/add3 tests, and also prevents wasting space available in the
-chain pointed to by last_with_datap.
----
- buffer.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/buffer.c b/buffer.c
-index 7cca0e8a..f378b731 100644
---- a/buffer.c
-+++ b/buffer.c
-@@ -1732,7 +1732,11 @@ evbuffer_add(struct evbuffer *buf, const void *data_in, size_t datlen)
- 		goto done;
- 	}
- 
--	chain = buf->last;
-+	if (*buf->last_with_datap == NULL) {
-+		chain = buf->last;
-+	} else {
-+		chain = *buf->last_with_datap;
-+	}
- 
- 	/* If there are no chains allocated for this buffer, allocate one
- 	 * big enough to hold all the data. */
--- 
-2.12.0
-
diff --git a/gnu/packages/patches/libevent-dns-tests.patch b/gnu/packages/patches/libevent-dns-tests.patch
deleted file mode 100644
index 6ff8aaaa7b..0000000000
--- a/gnu/packages/patches/libevent-dns-tests.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-Disable tests that rely on usable DNS lookups, which aren't available
-in build chroots.
-
---- libevent-2.0.21-stable/test/regress_dns.c	2013-01-20 22:32:09.000000000 +0100
-+++ libevent-2.0.21-stable/test/regress_dns.c	2013-01-20 22:32:30.000000000 +0100
-@@ -1827,10 +1827,6 @@ end:
- 
- struct testcase_t dns_testcases[] = {
- 	DNS_LEGACY(server, TT_FORK|TT_NEED_BASE),
--	DNS_LEGACY(gethostbyname, TT_FORK|TT_NEED_BASE|TT_NEED_DNS),
--	DNS_LEGACY(gethostbyname6, TT_FORK|TT_NEED_BASE|TT_NEED_DNS),
--	DNS_LEGACY(gethostbyaddr, TT_FORK|TT_NEED_BASE|TT_NEED_DNS),
--	{ "resolve_reverse", dns_resolve_reverse, TT_FORK, NULL, NULL },
- 	{ "search", dns_search_test, TT_FORK|TT_NEED_BASE, &basic_setup, NULL },
- 	{ "search_cancel", dns_search_cancel_test,
- 	  TT_FORK|TT_NEED_BASE, &basic_setup, NULL },
diff --git a/gnu/packages/patches/polkit-CVE-2018-19788.patch b/gnu/packages/patches/polkit-CVE-2018-19788.patch
deleted file mode 100644
index 58cde6c5dc..0000000000
--- a/gnu/packages/patches/polkit-CVE-2018-19788.patch
+++ /dev/null
@@ -1,197 +0,0 @@
-Fix CVE-2018-19788:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19788
-https://gitlab.freedesktop.org/polkit/polkit/issues/74
-
-Patch copied from upstream source repository:
-
-https://gitlab.freedesktop.org/polkit/polkit/commit/2cb40c4d5feeaa09325522bd7d97910f1b59e379
-
-From 2cb40c4d5feeaa09325522bd7d97910f1b59e379 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Mon, 3 Dec 2018 10:28:58 +0100
-Subject: [PATCH] Allow negative uids/gids in PolkitUnixUser and Group objects
-
-(uid_t) -1 is still used as placeholder to mean "unset". This is OK, since
-there should be no users with such number, see
-https://systemd.io/UIDS-GIDS#special-linux-uids.
-
-(uid_t) -1 is used as the default value in class initialization.
-
-When a user or group above INT32_MAX is created, the numeric uid or
-gid wraps around to negative when the value is assigned to gint, and
-polkit gets confused. Let's accept such gids, except for -1.
-
-A nicer fix would be to change the underlying type to e.g. uint32 to
-not have negative values. But this cannot be done without breaking the
-API, so likely new functions will have to be added (a
-polkit_unix_user_new variant that takes a unsigned, and the same for
-_group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will
-require a bigger patch.
-
-Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74.
----
- src/polkit/polkitunixgroup.c   | 15 +++++++++++----
- src/polkit/polkitunixprocess.c | 12 ++++++++----
- src/polkit/polkitunixuser.c    | 13 ++++++++++---
- 3 files changed, 29 insertions(+), 11 deletions(-)
-
-diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c
-index c57a1aa..309f689 100644
---- a/src/polkit/polkitunixgroup.c
-+++ b/src/polkit/polkitunixgroup.c
-@@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT,
- static void
- polkit_unix_group_init (PolkitUnixGroup *unix_group)
- {
-+  unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */
- }
- 
- static void
-@@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject      *object,
-                                GParamSpec   *pspec)
- {
-   PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object);
-+  gint val;
- 
-   switch (prop_id)
-     {
-     case PROP_GID:
--      unix_group->gid = g_value_get_int (value);
-+      val = g_value_get_int (value);
-+      g_return_if_fail (val != -1);
-+      unix_group->gid = val;
-       break;
- 
-     default:
-@@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass)
-                                    g_param_spec_int ("gid",
-                                                      "Group ID",
-                                                      "The UNIX group ID",
--                                                     0,
-+                                                     G_MININT,
-                                                      G_MAXINT,
--                                                     0,
-+                                                     -1,
-                                                      G_PARAM_CONSTRUCT |
-                                                      G_PARAM_READWRITE |
-                                                      G_PARAM_STATIC_NAME |
-@@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group)
-  */
- void
- polkit_unix_group_set_gid (PolkitUnixGroup *group,
--                          gint gid)
-+                           gint gid)
- {
-   g_return_if_fail (POLKIT_IS_UNIX_GROUP (group));
-+  g_return_if_fail (gid != -1);
-   group->gid = gid;
- }
- 
-@@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group,
- PolkitIdentity *
- polkit_unix_group_new (gint gid)
- {
-+  g_return_val_if_fail (gid != -1, NULL);
-+
-   return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP,
-                                        "gid", gid,
-                                        NULL));
-diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
-index 972b777..b02b258 100644
---- a/src/polkit/polkitunixprocess.c
-+++ b/src/polkit/polkitunixprocess.c
-@@ -159,9 +159,14 @@ polkit_unix_process_set_property (GObject      *object,
-       polkit_unix_process_set_pid (unix_process, g_value_get_int (value));
-       break;
- 
--    case PROP_UID:
--      polkit_unix_process_set_uid (unix_process, g_value_get_int (value));
-+    case PROP_UID: {
-+      gint val;
-+
-+      val = g_value_get_int (value);
-+      g_return_if_fail (val != -1);
-+      polkit_unix_process_set_uid (unix_process, val);
-       break;
-+    }
- 
-     case PROP_START_TIME:
-       polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value));
-@@ -239,7 +244,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
-                                    g_param_spec_int ("uid",
-                                                      "User ID",
-                                                      "The UNIX user ID",
--                                                     -1,
-+                                                     G_MININT,
-                                                      G_MAXINT,
-                                                      -1,
-                                                      G_PARAM_CONSTRUCT |
-@@ -303,7 +308,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process,
-                              gint               uid)
- {
-   g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process));
--  g_return_if_fail (uid >= -1);
-   process->uid = uid;
- }
- 
-diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c
-index 8bfd3a1..234a697 100644
---- a/src/polkit/polkitunixuser.c
-+++ b/src/polkit/polkitunixuser.c
-@@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT,
- static void
- polkit_unix_user_init (PolkitUnixUser *unix_user)
- {
-+  unix_user->uid = -1;  /* (uid_t) -1 is not a valid UID under Linux */
-   unix_user->name = NULL;
- }
- 
-@@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject      *object,
-                                GParamSpec   *pspec)
- {
-   PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object);
-+  gint val;
- 
-   switch (prop_id)
-     {
-     case PROP_UID:
--      unix_user->uid = g_value_get_int (value);
-+      val = g_value_get_int (value);
-+      g_return_if_fail (val != -1);
-+      unix_user->uid = val;
-       break;
- 
-     default:
-@@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass)
-                                    g_param_spec_int ("uid",
-                                                      "User ID",
-                                                      "The UNIX user ID",
--                                                     0,
-+                                                     G_MININT,
-                                                      G_MAXINT,
--                                                     0,
-+                                                     -1,
-                                                      G_PARAM_CONSTRUCT |
-                                                      G_PARAM_READWRITE |
-                                                      G_PARAM_STATIC_NAME |
-@@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user,
-                           gint uid)
- {
-   g_return_if_fail (POLKIT_IS_UNIX_USER (user));
-+  g_return_if_fail (uid != -1);
-   user->uid = uid;
- }
- 
-@@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user,
- PolkitIdentity *
- polkit_unix_user_new (gint uid)
- {
-+  g_return_val_if_fail (uid != -1, NULL);
-+
-   return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER,
-                                         "uid", uid,
-                                         NULL));
--- 
-2.18.1
-