Merge branch 'master' into core-updates.

4 files changed, 109 insertions, 14 deletions

diff --git a/gnu/packages/patches/gitolite-openssh-6.8-compat.patch b/gnu/packages/patches/gitolite-openssh-6.8-compat.patch
new file mode 100644
index 0000000000..d7fc2e6b12
--- /dev/null
+++ b/gnu/packages/patches/gitolite-openssh-6.8-compat.patch
@@ -0,0 +1,25 @@
+From ed807a40c6683960e357bc995b3acf721ec088b4 Mon Sep 17 00:00:00 2001
+From: Sitaram Chamarty <sitaram@atc.tcs.com>
+Date: Thu, 19 Mar 2015 05:17:59 +0530
+Subject: [PATCH] openssh 6.8 compat
+
+---
+ src/triggers/post-compile/ssh-authkeys | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/triggers/post-compile/ssh-authkeys b/src/triggers/post-compile/ssh-authkeys
+index 84dda73..d5f5d8b 100755
+--- a/src/triggers/post-compile/ssh-authkeys
++++ b/src/triggers/post-compile/ssh-authkeys
+@@ -115,7 +115,7 @@ sub fp_file {
+     my $f  = shift;
+     my $fp = `ssh-keygen -l -f '$f'`;
+     chomp($fp);
+-    _die "fingerprinting failed for '$f'" unless $fp =~ /([0-9a-f][0-9a-f](:[0-9a-f][0-9a-f])+)/;
++    _die "fingerprinting failed for '$f'" unless $fp =~ /([0-9a-f][0-9a-f](:[0-9a-f][0-9a-f])+)/ or $fp =~ m(SHA256:([A-ZA-z0-9+/]+));
+     $fp = $1;
+     return $fp;
+ }
+--
+2.2.1
+
diff --git a/gnu/packages/patches/gobject-introspection-cc.patch b/gnu/packages/patches/gobject-introspection-cc.patch
index 38b919a746..d9cacf4ca7 100644
--- a/gnu/packages/patches/gobject-introspection-cc.patch
+++ b/gnu/packages/patches/gobject-introspection-cc.patch
@@ -1,14 +1,11 @@
---- a/giscanner/sourcescanner.py	2013-12-15 23:03:54.002937000 +0100
-+++ b/giscanner/sourcescanner.py	2013-12-15 23:04:50.322937000 +0100
-@@ -277,6 +277,11 @@
-         defines = ['__GI_SCANNER__']
-         undefs = []
-         cpp_args = os.environ.get('CC', 'cc').split()  # support CC="ccache gcc"
-+        if (cpp_args == ['cc'] and
-+            not any(map(lambda x: os.access(os.path.join(x, 'cc'), os.X_OK),
-+                        os.environ.get('PATH').split(':')))):
-+            cpp_args = ['GUIX_GCC_PATH']
-+
-         if 'cl' in cpp_args:
-             # The Microsoft compiler/preprocessor (cl) does not accept
-             # source input from stdin (the '-' flag), so we need
+Use gcc as the default C compiler if CC is not set.
+
+
+--- gobject-introspection-1.44.0.orig/giscanner/__init__.py	2014-08-04 22:37:07.000000000 +0800
++++ gobject-introspection-1.44.0/giscanner/__init__.py	2015-04-20 17:30:26.507697234 +0800
+@@ -22,3 +22,5 @@
+ builddir = os.environ.get('UNINSTALLED_INTROSPECTION_BUILDDIR')
+ if builddir is not None:
+     __path__.append(os.path.join(builddir, 'giscanner'))
++if not 'CC' in os.environ:
++    os.environ['CC'] = 'gcc'
diff --git a/gnu/packages/patches/pycairo-wscript.patch b/gnu/packages/patches/pycairo-wscript.patch
new file mode 100644
index 0000000000..c49f0afcb3
--- /dev/null
+++ b/gnu/packages/patches/pycairo-wscript.patch
@@ -0,0 +1,31 @@
+Update the wscript to work with waf-1.8.8.  Based on:
+http://cgit.freedesktop.org/pycairo/commit/?id=c57cd129407c904f8c2f752a59d0183df7b01a5e
+
+
+--- pycairo-1.10.0.orig/wscript	2011-04-18 15:42:29.000000000 +0800
++++ pycairo-1.10.0/wscript	2015-04-20 13:01:45.383756898 +0800
+@@ -13,18 +13,18 @@
+ 
+ def options(ctx):
+   print('  %s/options()' %d)
+-  ctx.tool_options('gnu_dirs')
+-  ctx.tool_options('compiler_cc')
+-  ctx.tool_options('python') # options for disabling pyc or pyo compilation
++  ctx.load('gnu_dirs')
++  ctx.load('compiler_c')
++  ctx.load('python') # options for disabling pyc or pyo compilation
+ 
+ 
+ def configure(ctx):
+   print('  %s/configure()' %d)
+ 
+   env = ctx.env
+-  ctx.check_tool('gnu_dirs')
+-  ctx.check_tool('compiler_cc')
+-  ctx.check_tool('python')
++  ctx.load('gnu_dirs')
++  ctx.load('compiler_c')
++  ctx.load('python')
+   ctx.check_python_version((3,1,0))
+   ctx.check_python_headers()
+   ctx.check_cfg(package='cairo', atleast_version=cairo_version_required,
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2015-1863.patch b/gnu/packages/patches/wpa-supplicant-CVE-2015-1863.patch
new file mode 100644
index 0000000000..de1964ca76
--- /dev/null
+++ b/gnu/packages/patches/wpa-supplicant-CVE-2015-1863.patch
@@ -0,0 +1,42 @@
+From 9ed4eee345f85e3025c33c6e20aa25696e341ccd Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@qca.qualcomm.com>
+Date: Tue, 7 Apr 2015 11:32:11 +0300
+Subject: [PATCH] P2P: Validate SSID element length before copying it
+ (CVE-2015-1863)
+
+This fixes a possible memcpy overflow for P2P dev->oper_ssid in
+p2p_add_device(). The length provided by the peer device (0..255 bytes)
+was used without proper bounds checking and that could have resulted in
+arbitrary data of up to 223 bytes being written beyond the end of the
+dev->oper_ssid[] array (of which about 150 bytes would be beyond the
+heap allocation) when processing a corrupted management frame for P2P
+peer discovery purposes.
+
+This could result in corrupted state in heap, unexpected program
+behavior due to corrupted P2P peer device information, denial of service
+due to process crash, exposure of memory contents during GO Negotiation,
+and potentially arbitrary code execution.
+
+Thanks to Google security team for reporting this issue and smart
+hardware research group of Alibaba security team for discovering it.
+
+Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
+---
+ src/p2p/p2p.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
+index f584fae..a45fe73 100644
+--- a/src/p2p/p2p.c
++++ b/src/p2p/p2p.c
+@@ -778,6 +778,7 @@ int p2p_add_device(struct p2p_data *p2p, const u8 *addr, int freq,
+ 	if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0)
+ 		os_memcpy(dev->interface_addr, addr, ETH_ALEN);
+ 	if (msg.ssid &&
++	    msg.ssid[1] <= sizeof(dev->oper_ssid) &&
+ 	    (msg.ssid[1] != P2P_WILDCARD_SSID_LEN ||
+ 	     os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN)
+ 	     != 0)) {
+-- 
+1.9.1
+