Merge branch 'master' into staging

8 files changed, 249 insertions, 367 deletions

diff --git a/gnu/packages/patches/aegisub-icu59-include-unistr.patch b/gnu/packages/patches/aegisub-icu59-include-unistr.patch
new file mode 100644
index 0000000000..78414741be
--- /dev/null
+++ b/gnu/packages/patches/aegisub-icu59-include-unistr.patch
@@ -0,0 +1,12 @@
+This patch adds an include needed since icu59:
+Source: https://git.archlinux.org/svntogit/community.git/plain/trunk/icu59.patch?h=packages/aegisub
+--- aegisub-3.2.2/src/utils.cpp	2014-12-08 02:07:09.000000000 +0200
++++ aegisub-3.2.2/src/utils.cpp	2017-04-26 11:11:15.438239182 +0300
+@@ -44,6 +44,7 @@
+ #include <boost/filesystem/path.hpp>
+ #include <map>
+ #include <unicode/locid.h>
++#include <unicode/unistr.h>
+ #include <wx/clipbrd.h>
+ #include <wx/filedlg.h>
+ #include <wx/stdpaths.h>
diff --git a/gnu/packages/patches/clementine-fix-sqlite.patch b/gnu/packages/patches/clementine-fix-sqlite.patch
new file mode 100644
index 0000000000..f9d44f9074
--- /dev/null
+++ b/gnu/packages/patches/clementine-fix-sqlite.patch
@@ -0,0 +1,23 @@
+Patch downloaded from https://github.com/clementine-player/Clementine/pull/5669 .
+
+diff -ruN clementine-1.3.1.565.gd20c2244a.orig/src/core/database.cpp clementine-1.3.1.565.gd20c2244a/src/core/database.cpp
+--- clementine-1.3.1.565.gd20c2244a.orig/src/core/database.cpp	2018-07-07 23:59:24.018540126 +0200
++++ clementine-1.3.1.565.gd20c2244a/src/core/database.cpp	2018-07-08 00:04:47.991551728 +0200
+@@ -265,6 +265,17 @@
+   StaticInit();
+ 
+   {
++
++#ifdef SQLITE_DBCONFIG_ENABLE_FTS3_TOKENIZER
++    // In case sqlite>=3.12 is compiled without -DSQLITE_ENABLE_FTS3_TOKENIZER
++    // (generally a good idea  due to security reasons) the fts3 support should be enabled explicitly.
++    QVariant v = db.driver()->handle();
++    if (v.isValid() && qstrcmp(v.typeName(), "sqlite3*") == 0) {
++      sqlite3 *handle = *static_cast<sqlite3**>(v.data());
++      if (handle) sqlite3_db_config(handle, SQLITE_DBCONFIG_ENABLE_FTS3_TOKENIZER, 1, NULL);
++    }
++#endif
++
+     QSqlQuery set_fts_tokenizer(db);
+     set_fts_tokenizer.prepare("SELECT fts3_tokenizer(:name, :pointer)");
+     set_fts_tokenizer.bindValue(":name", "unicode");
diff --git a/gnu/packages/patches/gdm-CVE-2018-14424.patch b/gnu/packages/patches/gdm-CVE-2018-14424.patch
new file mode 100644
index 0000000000..88a71f4151
--- /dev/null
+++ b/gnu/packages/patches/gdm-CVE-2018-14424.patch
@@ -0,0 +1,172 @@
+Fix CVE-2018-14424:
+
+https://gitlab.gnome.org/GNOME/gdm/issues/401
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14424
+
+Patch copied from upstream source repository:
+
+https://gitlab.gnome.org/GNOME/gdm/commit/1ac1697b3b019f50729a6e992065959586e170da
+
+From 1ac1697b3b019f50729a6e992065959586e170da Mon Sep 17 00:00:00 2001
+From: Chris Coulson <chris.coulson@canonical.com>
+Date: Thu, 19 Jul 2018 18:26:05 +0100
+Subject: [PATCH] display-store: Pass the display object rather than the id in
+ the removed signal
+
+By the time GdmDisplayStore emits the "display-removed" signal, the display
+is no longer in the store and gdm_display_store_lookup will not work in
+signal handlers.
+
+Change the "display-removed" parameter from the display id to the GdmDisplay
+object, so that signal handers can perform any cleanup they need to do
+
+CVE-2018-14424
+
+Closes: https://gitlab.gnome.org/GNOME/gdm/issues/401
+---
+ daemon/gdm-display-store.c         | 11 +++--------
+ daemon/gdm-display-store.h         |  2 +-
+ daemon/gdm-local-display-factory.c | 13 +++----------
+ daemon/gdm-manager.c               | 19 +++++++++----------
+ daemon/gdm-manager.h               |  3 ++-
+ 5 files changed, 18 insertions(+), 30 deletions(-)
+
+diff --git a/daemon/gdm-display-store.c b/daemon/gdm-display-store.c
+index af76f519..fd24334e 100644
+--- a/daemon/gdm-display-store.c
++++ b/daemon/gdm-display-store.c
+@@ -76,15 +76,10 @@ stored_display_new (GdmDisplayStore *store,
+ static void
+ stored_display_free (StoredDisplay *stored_display)
+ {
+-        char *id;
+-
+-        gdm_display_get_id (stored_display->display, &id, NULL);
+-
+         g_signal_emit (G_OBJECT (stored_display->store),
+                        signals[DISPLAY_REMOVED],
+                        0,
+-                       id);
+-        g_free (id);
++                       stored_display->display);
+ 
+         g_debug ("GdmDisplayStore: Unreffing display: %p",
+                  stored_display->display);
+@@ -281,9 +276,9 @@ gdm_display_store_class_init (GdmDisplayStoreClass *klass)
+                               G_STRUCT_OFFSET (GdmDisplayStoreClass, display_removed),
+                               NULL,
+                               NULL,
+-                              g_cclosure_marshal_VOID__STRING,
++                              g_cclosure_marshal_VOID__OBJECT,
+                               G_TYPE_NONE,
+-                              1, G_TYPE_STRING);
++                              1, G_TYPE_OBJECT);
+ 
+         g_type_class_add_private (klass, sizeof (GdmDisplayStorePrivate));
+ }
+diff --git a/daemon/gdm-display-store.h b/daemon/gdm-display-store.h
+index 28359933..0aff8ee2 100644
+--- a/daemon/gdm-display-store.h
++++ b/daemon/gdm-display-store.h
+@@ -49,7 +49,7 @@ typedef struct
+         void          (* display_added)    (GdmDisplayStore *display_store,
+                                             const char      *id);
+         void          (* display_removed)  (GdmDisplayStore *display_store,
+-                                            const char      *id);
++                                            GdmDisplay      *display);
+ } GdmDisplayStoreClass;
+ 
+ typedef enum
+diff --git a/daemon/gdm-local-display-factory.c b/daemon/gdm-local-display-factory.c
+index 5f1ae89e..39f3e30a 100644
+--- a/daemon/gdm-local-display-factory.c
++++ b/daemon/gdm-local-display-factory.c
+@@ -805,18 +805,11 @@ on_display_added (GdmDisplayStore        *display_store,
+ 
+ static void
+ on_display_removed (GdmDisplayStore        *display_store,
+-                    const char             *id,
++                    GdmDisplay             *display,
+                     GdmLocalDisplayFactory *factory)
+ {
+-        GdmDisplay *display;
+-
+-        display = gdm_display_store_lookup (display_store, id);
+-
+-        if (display != NULL) {
+-                g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), factory);
+-                g_object_weak_unref (G_OBJECT (display), (GWeakNotify)on_display_disposed, factory);
+-
+-        }
++        g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), factory);
++        g_object_weak_unref (G_OBJECT (display), (GWeakNotify)on_display_disposed, factory);
+ }
+ 
+ static gboolean
+diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c
+index f17bd1a5..f6684a8b 100644
+--- a/daemon/gdm-manager.c
++++ b/daemon/gdm-manager.c
+@@ -1541,19 +1541,18 @@ on_display_status_changed (GdmDisplay *display,
+ 
+ static void
+ on_display_removed (GdmDisplayStore *display_store,
+-                    const char      *id,
++                    GdmDisplay      *display,
+                     GdmManager      *manager)
+ {
+-        GdmDisplay *display;
++        char    *id;
+ 
+-        display = gdm_display_store_lookup (display_store, id);
+-        if (display != NULL) {
+-                g_dbus_object_manager_server_unexport (manager->priv->object_manager, id);
++        gdm_display_get_id (display, &id, NULL);
++        g_dbus_object_manager_server_unexport (manager->priv->object_manager, id);
++        g_free (id);
+ 
+-                g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), manager);
++        g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), manager);
+ 
+-                g_signal_emit (manager, signals[DISPLAY_REMOVED], 0, id);
+-        }
++        g_signal_emit (manager, signals[DISPLAY_REMOVED], 0, display);
+ }
+ 
+ static void
+@@ -2535,9 +2534,9 @@ gdm_manager_class_init (GdmManagerClass *klass)
+                               G_STRUCT_OFFSET (GdmManagerClass, display_removed),
+                               NULL,
+                               NULL,
+-                              g_cclosure_marshal_VOID__STRING,
++                              g_cclosure_marshal_VOID__OBJECT,
+                               G_TYPE_NONE,
+-                              1, G_TYPE_STRING);
++                              1, G_TYPE_OBJECT);
+ 
+         g_object_class_install_property (object_class,
+                                          PROP_XDMCP_ENABLED,
+diff --git a/daemon/gdm-manager.h b/daemon/gdm-manager.h
+index 41c68a7a..c8fb3f22 100644
+--- a/daemon/gdm-manager.h
++++ b/daemon/gdm-manager.h
+@@ -24,6 +24,7 @@
+ 
+ #include <glib-object.h>
+ 
++#include "gdm-display.h"
+ #include "gdm-manager-glue.h"
+ 
+ G_BEGIN_DECLS
+@@ -50,7 +51,7 @@ typedef struct
+         void          (* display_added)    (GdmManager      *manager,
+                                             const char      *id);
+         void          (* display_removed)  (GdmManager      *manager,
+-                                            const char      *id);
++                                            GdmDisplay      *display);
+ } GdmManagerClass;
+ 
+ typedef enum
+-- 
+2.17.1
+
diff --git a/gnu/packages/patches/openssl-1.1.0-CVE-2018-0495.patch b/gnu/packages/patches/openssl-1.1.0-CVE-2018-0495.patch
deleted file mode 100644
index 15dedbcbd0..0000000000
--- a/gnu/packages/patches/openssl-1.1.0-CVE-2018-0495.patch
+++ /dev/null
@@ -1,152 +0,0 @@
-Fix CVE-2018-0495:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495
-https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/
-
-Patch copied from upstream source repository:
-
-https://github.com/openssl/openssl/commit/0c27d793745c7837b13646302b6890a556b7017a
-
-From 0c27d793745c7837b13646302b6890a556b7017a Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Fri, 25 May 2018 12:10:13 +0100
-Subject: [PATCH] Add blinding to an ECDSA signature
-
-Keegan Ryan (NCC Group) has demonstrated a side channel attack on an
-ECDSA signature operation. During signing the signer calculates:
-
-s:= k^-1 * (m + r * priv_key) mod order
-
-The addition operation above provides a sufficient signal for a
-flush+reload attack to derive the private key given sufficient signature
-operations.
-
-As a mitigation (based on a suggestion from Keegan) we add blinding to
-the operation so that:
-
-s := k^-1 * blind^-1 (blind * m + blind * r * priv_key) mod order
-
-Since this attack is a localhost side channel only no CVE is assigned.
-
-Reviewed-by: Rich Salz <rsalz@openssl.org>
----
- CHANGES                |  4 +++
- crypto/ec/ecdsa_ossl.c | 70 +++++++++++++++++++++++++++++++++++++-----
- 2 files changed, 67 insertions(+), 7 deletions(-)
-
-diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c
-index 72e2f0f28b..449be0e92a 100644
---- a/crypto/ec/ecdsa_ossl.c
-+++ b/crypto/ec/ecdsa_ossl.c
-@@ -210,7 +210,8 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
-                                EC_KEY *eckey)
- {
-     int ok = 0, i;
--    BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL;
-+    BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL, *blind = NULL;
-+    BIGNUM *blindm = NULL;
-     const BIGNUM *order, *ckinv;
-     BN_CTX *ctx = NULL;
-     const EC_GROUP *group;
-@@ -243,8 +244,18 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
-     }
-     s = ret->s;
- 
--    if ((ctx = BN_CTX_new()) == NULL ||
--        (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) {
-+    ctx = BN_CTX_secure_new();
-+    if (ctx == NULL) {
-+        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
-+        goto err;
-+    }
-+
-+    BN_CTX_start(ctx);
-+    tmp = BN_CTX_get(ctx);
-+    m = BN_CTX_get(ctx);
-+    blind = BN_CTX_get(ctx);
-+    blindm = BN_CTX_get(ctx);
-+    if (blindm == NULL) {
-         ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
-         goto err;
-     }
-@@ -284,18 +295,64 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
-             }
-         }
- 
--        if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) {
-+        /*
-+         * The normal signature calculation is:
-+         *
-+         *   s := k^-1 * (m + r * priv_key) mod order
-+         *
-+         * We will blind this to protect against side channel attacks
-+         *
-+         *   s := k^-1 * blind^-1 * (blind * m + blind * r * priv_key) mod order
-+         */
-+
-+        /* Generate a blinding value */
-+        do {
-+            if (!BN_rand(blind, BN_num_bits(order) - 1, BN_RAND_TOP_ANY,
-+                         BN_RAND_BOTTOM_ANY))
-+                goto err;
-+        } while (BN_is_zero(blind));
-+        BN_set_flags(blind, BN_FLG_CONSTTIME);
-+        BN_set_flags(blindm, BN_FLG_CONSTTIME);
-+        BN_set_flags(tmp, BN_FLG_CONSTTIME);
-+
-+        /* tmp := blind * priv_key * r mod order */
-+        if (!BN_mod_mul(tmp, blind, priv_key, order, ctx)) {
-             ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
-             goto err;
-         }
--        if (!BN_mod_add_quick(s, tmp, m, order)) {
-+        if (!BN_mod_mul(tmp, tmp, ret->r, order, ctx)) {
-             ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
-             goto err;
-         }
-+
-+        /* blindm := blind * m mod order */
-+        if (!BN_mod_mul(blindm, blind, m, order, ctx)) {
-+            ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
-+            goto err;
-+        }
-+
-+        /* s : = (blind * priv_key * r) + (blind * m) mod order */
-+        if (!BN_mod_add_quick(s, tmp, blindm, order)) {
-+            ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
-+            goto err;
-+        }
-+
-+        /* s:= s * blind^-1 mod order */
-+        if (BN_mod_inverse(blind, blind, order, ctx) == NULL) {
-+            ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
-+            goto err;
-+        }
-+        if (!BN_mod_mul(s, s, blind, order, ctx)) {
-+            ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
-+            goto err;
-+        }
-+
-+        /* s := s * k^-1 mod order */
-         if (!BN_mod_mul(s, s, ckinv, order, ctx)) {
-             ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
-             goto err;
-         }
-+
-         if (BN_is_zero(s)) {
-             /*
-              * if kinv and r have been supplied by the caller don't to
-@@ -317,9 +374,8 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
-         ECDSA_SIG_free(ret);
-         ret = NULL;
-     }
-+    BN_CTX_end(ctx);
-     BN_CTX_free(ctx);
--    BN_clear_free(m);
--    BN_clear_free(tmp);
-     BN_clear_free(kinv);
-     return ret;
- }
--- 
-2.17.1
-
diff --git a/gnu/packages/patches/openssl-1.1.0-CVE-2018-0732.patch b/gnu/packages/patches/openssl-1.1.0-CVE-2018-0732.patch
deleted file mode 100644
index dfea6e7d06..0000000000
--- a/gnu/packages/patches/openssl-1.1.0-CVE-2018-0732.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-Fix CVE-2018-0732:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732
-
-Patch copied from upstream source repository:
-
-https://github.com/openssl/openssl/commit/ea7abeeabf92b7aca160bdd0208636d4da69f4f4
-
-From ea7abeeabf92b7aca160bdd0208636d4da69f4f4 Mon Sep 17 00:00:00 2001
-From: Guido Vranken <guidovranken@gmail.com>
-Date: Mon, 11 Jun 2018 19:38:54 +0200
-Subject: [PATCH] Reject excessively large primes in DH key generation.
-
-CVE-2018-0732
-
-Signed-off-by: Guido Vranken <guidovranken@gmail.com>
-
-(cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe)
-
-Reviewed-by: Tim Hudson <tjh@openssl.org>
-Reviewed-by: Matt Caswell <matt@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/6457)
----
- crypto/dh/dh_key.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
-index fce9ff47f3..58003d7087 100644
---- a/crypto/dh/dh_key.c
-+++ b/crypto/dh/dh_key.c
-@@ -78,10 +78,15 @@ static int generate_key(DH *dh)
-     int ok = 0;
-     int generate_new_key = 0;
-     unsigned l;
--    BN_CTX *ctx;
-+    BN_CTX *ctx = NULL;
-     BN_MONT_CTX *mont = NULL;
-     BIGNUM *pub_key = NULL, *priv_key = NULL;
- 
-+    if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
-+        DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
-+        return 0;
-+    }
-+
-     ctx = BN_CTX_new();
-     if (ctx == NULL)
-         goto err;
--- 
-2.17.1
-
diff --git a/gnu/packages/patches/qemu-CVE-2018-11806.patch b/gnu/packages/patches/qemu-CVE-2018-11806.patch
deleted file mode 100644
index f021dfa747..0000000000
--- a/gnu/packages/patches/qemu-CVE-2018-11806.patch
+++ /dev/null
@@ -1,105 +0,0 @@
-Fix CVE-2018-11806:
-
-https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11806
-
-Patch copied from upstream source repository:
-
-https://git.qemu.org/?p=qemu.git;a=commitdiff;h=864036e251f54c99d31df124aad7f34f01f5344c
-
-From 864036e251f54c99d31df124aad7f34f01f5344c Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Tue, 5 Jun 2018 23:38:35 +0530
-Subject: [PATCH] slirp: correct size computation while concatenating mbuf
-
-While reassembling incoming fragmented datagrams, 'm_cat' routine
-extends the 'mbuf' buffer, if it has insufficient room. It computes
-a wrong buffer size, which leads to overwriting adjacent heap buffer
-area. Correct this size computation in m_cat.
-
-Reported-by: ZDI Disclosures <zdi-disclosures@trendmicro.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
----
- slirp/mbuf.c | 11 +++++------
- slirp/mbuf.h |  8 +++-----
- 2 files changed, 8 insertions(+), 11 deletions(-)
-
-diff --git a/slirp/mbuf.c b/slirp/mbuf.c
-index 5ff24559fd..18cbf759a7 100644
---- a/slirp/mbuf.c
-+++ b/slirp/mbuf.c
-@@ -138,7 +138,7 @@ m_cat(struct mbuf *m, struct mbuf *n)
- 	 * If there's no room, realloc
- 	 */
- 	if (M_FREEROOM(m) < n->m_len)
--		m_inc(m,m->m_size+MINCSIZE);
-+		m_inc(m, m->m_len + n->m_len);
- 
- 	memcpy(m->m_data+m->m_len, n->m_data, n->m_len);
- 	m->m_len += n->m_len;
-@@ -147,7 +147,7 @@ m_cat(struct mbuf *m, struct mbuf *n)
- }
- 
- 
--/* make m size bytes large */
-+/* make m 'size' bytes large from m_data */
- void
- m_inc(struct mbuf *m, int size)
- {
-@@ -158,12 +158,12 @@ m_inc(struct mbuf *m, int size)
- 
-         if (m->m_flags & M_EXT) {
- 	  datasize = m->m_data - m->m_ext;
--          m->m_ext = g_realloc(m->m_ext, size);
-+	  m->m_ext = g_realloc(m->m_ext, size + datasize);
- 	  m->m_data = m->m_ext + datasize;
-         } else {
- 	  char *dat;
- 	  datasize = m->m_data - m->m_dat;
--          dat = g_malloc(size);
-+	  dat = g_malloc(size + datasize);
- 	  memcpy(dat, m->m_dat, m->m_size);
- 
- 	  m->m_ext = dat;
-@@ -171,8 +171,7 @@ m_inc(struct mbuf *m, int size)
- 	  m->m_flags |= M_EXT;
-         }
- 
--        m->m_size = size;
--
-+        m->m_size = size + datasize;
- }
- 
- 
-diff --git a/slirp/mbuf.h b/slirp/mbuf.h
-index 893601ff9d..33b84485d6 100644
---- a/slirp/mbuf.h
-+++ b/slirp/mbuf.h
-@@ -33,8 +33,6 @@
- #ifndef MBUF_H
- #define MBUF_H
- 
--#define MINCSIZE 4096	/* Amount to increase mbuf if too small */
--
- /*
-  * Macros for type conversion
-  * mtod(m,t) -	convert mbuf pointer to data pointer of correct type
-@@ -72,11 +70,11 @@ struct mbuf {
- 	struct	mbuf *m_prevpkt;	/* Flags aren't used in the output queue */
- 	int	m_flags;		/* Misc flags */
- 
--	int	m_size;			/* Size of data */
-+	int	m_size;			/* Size of mbuf, from m_dat or m_ext */
- 	struct	socket *m_so;
- 
--	caddr_t	m_data;			/* Location of data */
--	int	m_len;			/* Amount of data in this mbuf */
-+	caddr_t	m_data;			/* Current location of data */
-+	int	m_len;			/* Amount of data in this mbuf, from m_data */
- 
- 	Slirp *slirp;
- 	bool	resolution_requested;
--- 
-2.17.1
-
diff --git a/gnu/packages/patches/racket-store-checksum-override.patch b/gnu/packages/patches/racket-store-checksum-override.patch
new file mode 100644
index 0000000000..b22facca0d
--- /dev/null
+++ b/gnu/packages/patches/racket-store-checksum-override.patch
@@ -0,0 +1,42 @@
+Racket uses checksums to test if it needs to recompile its source
+files to bytecode.  If Racket is updated by grafting, the source and
+bytecode files get updated, but the checksum stays the same.  Since
+the checksum no longer matches the source file, Racket tries to
+regenerate the bytecode and write it to the store, causing errors
+because the store is immutable.  This patch makes Racket ignore
+checksums for files in the store.
+
+See <https://debbugs.gnu.org/30680> for details.
+
+diff -ruN racket-6.12/collects/compiler/cm.rkt racket-6.12-patched/collects/compiler/cm.rkt
+--- racket-6.12/collects/compiler/cm.rkt	1969-12-31 19:00:00.000000000 -0500
++++ racket-6.12-patched/collects/compiler/cm.rkt	2018-08-12 06:36:46.061142149 -0400
+@@ -7,6 +7,7 @@
+          racket/list
+          racket/path
+          racket/promise
++         racket/string
+          openssl/sha1
+          racket/place
+          setup/collects
+@@ -627,6 +628,10 @@
+       #f
+       (list src-hash recorded-hash)))
+ 
++(define (store-reference? path)
++  (let ([store-prefix (or (getenv "NIX_STORE") "/gnu/store")])
++    (string-prefix? (path->string path) store-prefix)))
++
+ (define (rkt->ss p)
+   (if (path-has-extension? p #".rkt")
+       (path-replace-extension p #".ss")
+@@ -679,7 +684,8 @@
+               (trace-printf "newer src... ~a > ~a" path-time path-zo-time)
+               ;; If `sha1-only?', then `maybe-compile-zo' returns a #f or thunk:
+               (maybe-compile-zo sha1-only? deps path->mode roots path orig-path read-src-syntax up-to-date collection-cache new-seen)]
+-             [(different-source-sha1-and-dep-recorded path deps)
++             [(and (not (store-reference? path))
++                   (different-source-sha1-and-dep-recorded path deps))
+               => (lambda (difference)
+                    (trace-printf "different src hash... ~a" difference)
+                    ;; If `sha1-only?', then `maybe-compile-zo' returns a #f or thunk:
diff --git a/gnu/packages/patches/translate-shell-fix-curl-tests.patch b/gnu/packages/patches/translate-shell-fix-curl-tests.patch
deleted file mode 100644
index 33731462b8..0000000000
--- a/gnu/packages/patches/translate-shell-fix-curl-tests.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-This patch fixes Curl related tests for 'translate-shell'.
-
-Upstream bug URL:
-
-https://github.com/soimort/translate-shell/issues/221
-
-From bb9f32d3145125ba664b6b05bf0a2fd34108e9d2 Mon Sep 17 00:00:00 2001
-From: Mort Yao <soi@mort.ninja>
-Date: Sun, 25 Mar 2018 03:14:33 +0200
-Subject: [PATCH] TestUtils: perform curl-related tests only if NETWORK_ACCESS
- is set to yes (#221)
-
----
- test/TestUtils.awk | 32 +++++++++++++++++---------------
- 1 file changed, 17 insertions(+), 15 deletions(-)
-
-diff --git a/test/TestUtils.awk b/test/TestUtils.awk
-index 08bb2e9..1c141e5 100644
---- a/test/TestUtils.awk
-+++ b/test/TestUtils.awk
-@@ -30,22 +30,24 @@ BEGIN {
-         assertTrue(newerVersion("2", "1.9.9999"))
-     }
- 
--    T("curl()", 1)
--    {
--        delete tokens; delete ast
--        tokenize(tokens, curl("https://httpbin.org/get"))
--        parseJson(ast, tokens)
--        assertEqual(unparameterize(ast[0 SUBSEP "url"]),
--                    "https://httpbin.org/get")
--    }
-+    if (yn(ENVIRON["NETWORK_ACCESS"])) { # if network access enabled
-+        T("curl()", 1)
-+        {
-+            delete tokens; delete ast
-+            tokenize(tokens, curl("https://httpbin.org/get"))
-+            parseJson(ast, tokens)
-+            assertEqual(unparameterize(ast[0 SUBSEP "url"]),
-+                        "https://httpbin.org/get")
-+        }
- 
--    T("curlPost()", 1)
--    {
--        delete tokens; delete ast
--        tokenize(tokens, curlPost("https://httpbin.org/post", "fizz=buzz"))
--        parseJson(ast, tokens)
--        assertEqual(unparameterize(ast[0 SUBSEP "url"]),
--                    "https://httpbin.org/post")
-+        T("curlPost()", 1)
-+        {
-+            delete tokens; delete ast
-+            tokenize(tokens, curlPost("https://httpbin.org/post", "fizz=buzz"))
-+            parseJson(ast, tokens)
-+            assertEqual(unparameterize(ast[0 SUBSEP "url"]),
-+                        "https://httpbin.org/post")
-+        }
-     }
- 
-     T("dump()", 3)