diff options
author | Mark H Weaver <mhw@netris.org> | 2016-10-23 14:16:39 -0400 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2016-10-23 14:16:39 -0400 |
commit | ca0635b4ba1af6f4ef1f54cb13fe6cedd8c5aff3 (patch) | |
tree | 1b3e014c4e0398ecb63d1b88ee06b09d0c0c5a56 /gnu/packages/patches | |
parent | f08add0c5a3f1f7200b0a00e17ed880692d2244b (diff) | |
parent | 903276d066ab9733c253d2a15b7ae135ef2ef836 (diff) | |
download | guix-ca0635b4ba1af6f4ef1f54cb13fe6cedd8c5aff3.tar.gz |
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/hop-bigloo-4.0b.patch | 122 | ||||
-rw-r--r-- | gnu/packages/patches/lftp-dont-save-unknown-host-fingerprint.patch | 81 | ||||
-rw-r--r-- | gnu/packages/patches/linux-libre-4.1-CVE-2016-5195.patch | 99 | ||||
-rw-r--r-- | gnu/packages/patches/notmuch-emacs-25-compatibility-fix.patch | 46 | ||||
-rw-r--r-- | gnu/packages/patches/openssh-memory-exhaustion.patch | 39 | ||||
-rw-r--r-- | gnu/packages/patches/slim-login.patch | 35 | ||||
-rw-r--r-- | gnu/packages/patches/slim-reset.patch | 33 |
7 files changed, 252 insertions, 203 deletions
diff --git a/gnu/packages/patches/hop-bigloo-4.0b.patch b/gnu/packages/patches/hop-bigloo-4.0b.patch deleted file mode 100644 index 312bfdd117..0000000000 --- a/gnu/packages/patches/hop-bigloo-4.0b.patch +++ /dev/null @@ -1,122 +0,0 @@ -Bigloo 4.0b removes `xml-attribute-encode', which leads to a build failure -in Hop. - -This patch allows Hop to be compiled with Bigloo 4.0b. - - -changeset: 3327:3515f7f1aef2 -branch: 2.4.x -user: Manuel Serrano <Manuel.Serrano@inria.fr> -date: Wed Jul 31 12:41:10 2013 +0200 -summary: Fix serialization bug - -diff -r 7244c4d30ad4 -r 3515f7f1aef2 runtime/js_comp.scm ---- a/runtime/js_comp.scm Fri Jul 19 08:28:13 2013 +0200 -+++ b/runtime/js_comp.scm Wed Jul 31 12:41:10 2013 +0200 -@@ -143,10 +143,17 @@ - (display "{ " op) - (display-seq fields op - (lambda (f op) -+ (let ((iv (class-field-info f))) - (display "'" op) - (display (class-field-name f) op) - (display "': " op) -- (compile ((class-field-accessor f) obj) op))) -+ (cond -+ ((and (pair? iv) (memq :client iv)) -+ => -+ (lambda (x) -+ (compile (when (pair? (cdr x)) (cadr x)) op))) -+ (else -+ (compile ((class-field-accessor f) obj) op)))))) - (display "}" op)) - - (let ((klass (object-class obj))) -diff -r 7244c4d30ad4 -r 3515f7f1aef2 runtime/xml.scm ---- a/runtime/xml.scm Fri Jul 19 08:28:13 2013 +0200 -+++ b/runtime/xml.scm Wed Jul 31 12:41:10 2013 +0200 -@@ -55,6 +55,7 @@ - (generic xml-write-attribute ::obj ::obj ::output-port ::xml-backend) - (generic xml-write-expression ::obj ::output-port) - (xml-write-attributes ::pair-nil ::output-port ::xml-backend) -+ (xml-attribute-encode obj) - - (xml->string ::obj ::xml-backend) - -@@ -613,6 +614,52 @@ - (display ">" p)))) - - ;*---------------------------------------------------------------------*/ -+;* xml-attribute-encode ... */ -+;*---------------------------------------------------------------------*/ -+(define (xml-attribute-encode obj) -+ (if (not (string? obj)) -+ obj -+ (let ((ol (string-length obj))) -+ (define (count str ol) -+ (let loop ((i 0) -+ (j 0)) -+ (if (=fx i ol) -+ j -+ (let ((c (string-ref str i))) -+ ;; attribute values should escape &#... -+ (if (or (char=? c #\') (char=? c #\&)) -+ (loop (+fx i 1) (+fx j 5)) -+ (loop (+fx i 1) (+fx j 1))))))) -+ (define (encode str ol nl) -+ (if (=fx nl ol) -+ obj -+ (let ((nstr (make-string nl))) -+ (let loop ((i 0) -+ (j 0)) -+ (if (=fx j nl) -+ nstr -+ (let ((c (string-ref str i))) -+ (case c -+ ((#\') -+ (string-set! nstr j #\&) -+ (string-set! nstr (+fx j 1) #\#) -+ (string-set! nstr (+fx j 2) #\3) -+ (string-set! nstr (+fx j 3) #\9) -+ (string-set! nstr (+fx j 4) #\;) -+ (loop (+fx i 1) (+fx j 5))) -+ ((#\&) -+ (string-set! nstr j #\&) -+ (string-set! nstr (+fx j 1) #\#) -+ (string-set! nstr (+fx j 2) #\3) -+ (string-set! nstr (+fx j 3) #\8) -+ (string-set! nstr (+fx j 4) #\;) -+ (loop (+fx i 1) (+fx j 5))) -+ (else -+ (string-set! nstr j c) -+ (loop (+fx i 1) (+fx j 1)))))))))) -+ (encode obj ol (count obj ol))))) -+ -+;*---------------------------------------------------------------------*/ - ;* xml-write-attributes ... */ - ;*---------------------------------------------------------------------*/ - (define (xml-write-attributes attr p backend) -diff -r 7244c4d30ad4 -r 3515f7f1aef2 share/hop-serialize.js ---- a/share/hop-serialize.js Fri Jul 19 08:28:13 2013 +0200 -+++ b/share/hop-serialize.js Wed Jul 31 12:41:10 2013 +0200 -@@ -942,7 +942,7 @@ - case 0x2e /* . */: return null; - case 0x3c /* < */: return read_cnst(); - case 0x22 /* " */: return read_string( s ); -- case 0x25 /* " */: return decodeURIComponent( read_string( s ) ); -+ case 0x25 /* % */: return decodeURIComponent( read_string( s ) ); - case 0x55 /* U */: return read_string( s ); - case 0x5b /* [ */: return read_vector( read_size( s ) ); - case 0x28 /* ( */: return read_list( read_size( s ) ); -diff -r 7244c4d30ad4 -r 3515f7f1aef2 src/main.scm ---- a/src/main.scm Fri Jul 19 08:28:13 2013 +0200 -+++ b/src/main.scm Wed Jul 31 12:41:10 2013 +0200 -@@ -59,8 +59,6 @@ - (for-each register-srfi! (cons 'hop-server (hop-srfis))) - ;; set the library load path - (bigloo-library-path-set! (hop-library-path)) -- ;; define the Hop macros -- (hop-install-expanders!) - ;; setup the hop readers - (bigloo-load-reader-set! hop-read) - (bigloo-load-module-set! diff --git a/gnu/packages/patches/lftp-dont-save-unknown-host-fingerprint.patch b/gnu/packages/patches/lftp-dont-save-unknown-host-fingerprint.patch deleted file mode 100644 index e170d11308..0000000000 --- a/gnu/packages/patches/lftp-dont-save-unknown-host-fingerprint.patch +++ /dev/null @@ -1,81 +0,0 @@ -Fixes "saves unknown host's fingerprint in known_hosts without any prompt". -See: - - https://github.com/lavv17/lftp/issues/116 - https://bugs.debian.org/774769 - -From bc7b476e782d77839765f56bbdb4cee9f36b54ec Mon Sep 17 00:00:00 2001 -From: "Alexander V. Lukyanov" <lavv17f@gmail.com> -Date: Tue, 13 Jan 2015 15:33:54 +0300 -Subject: [PATCH] add settings fish:auto-confirm and sftp:auto-confirm - -New host keys are now not confirmed by default, this should improve security. -Suggested by Marcin Szewczyk <Marcin.Szewczyk@wodny.org> ---- - doc/lftp.1 | 8 ++++++++ - src/SSH_Access.cc | 5 +++-- - src/resource.cc | 2 ++ - 3 files changed, 13 insertions(+), 2 deletions(-) - -diff --git a/doc/lftp.1 b/doc/lftp.1 -index cabc1be..ed6c388 100644 ---- a/doc/lftp.1 -+++ b/doc/lftp.1 -@@ -1384,6 +1384,10 @@ address family in dns:order. - .BR file:charset \ (string) - local character set. It is set from current locale initially. - .TP -+.BR fish:auto-confirm \ (boolean) -+when true, lftp answers ``yes'' to all ssh questions, in particular to the -+question about a new host key. Otherwise it answers ``no''. -+.TP - .BR fish:charset \ (string) - the character set used by fish server in requests, replies and file listings. - Default is empty which means the same as local. -@@ -1952,6 +1956,10 @@ minimal chunk size to split the file to. - save pget transfer status this often. Set to `never' to disable saving of the status file. - The status is saved to a file with suffix \fI.lftp-pget-status\fP. - .TP -+.BR sftp:auto-confirm \ (boolean) -+when true, lftp answers ``yes'' to all ssh questions, in particular to the -+question about a new host key. Otherwise it answers ``no''. -+.TP - .BR sftp:charset \ (string) - the character set used by SFTP server in file names and file listings. - Default is empty which means the same as local. This setting is only used -diff --git a/src/SSH_Access.cc b/src/SSH_Access.cc -index 706fc6a..17c716d 100644 ---- a/src/SSH_Access.cc -+++ b/src/SSH_Access.cc -@@ -72,8 +72,9 @@ int SSH_Access::HandleSSHMessage() - } - if(s>=y_len && !strncasecmp(b+s-y_len,y,y_len)) - { -- pty_recv_buf->Put("yes\n"); -- pty_send_buf->Put("yes\n"); -+ const char *answer=QueryBool("auto-confirm",hostname)?"yes\n":"no\n"; -+ pty_recv_buf->Put(answer); -+ pty_send_buf->Put(answer); - return m; - } - if(!received_greeting && recv_buf->Size()>0) -diff --git a/src/resource.cc b/src/resource.cc -index 91b2e60..3a5e8b9 100644 ---- a/src/resource.cc -+++ b/src/resource.cc -@@ -339,6 +339,7 @@ static ResType lftp_vars[] = { - {"mirror:no-empty-dirs", "no", ResMgr::BoolValidate,ResMgr::NoClosure}, - {"mirror:require-source", "no", ResMgr::BoolValidate,ResMgr::NoClosure}, - -+ {"sftp:auto-confirm", "no", ResMgr::BoolValidate,0}, - {"sftp:max-packets-in-flight","16", ResMgr::UNumberValidate,0}, - {"sftp:protocol-version", "6", ResMgr::UNumberValidate,0}, - {"sftp:size-read", "32k", ResMgr::UNumberValidate,0}, -@@ -367,6 +368,7 @@ static ResType lftp_vars[] = { - {"dns:strict-dnssec", "no", ResMgr::BoolValidate,0}, - #endif - -+ {"fish:auto-confirm", "no", ResMgr::BoolValidate,0}, - {"fish:shell", "/bin/sh",0,0}, - {"fish:connect-program", "ssh -a -x",0,0}, - {"fish:charset", "", ResMgr::CharsetValidate,0}, diff --git a/gnu/packages/patches/linux-libre-4.1-CVE-2016-5195.patch b/gnu/packages/patches/linux-libre-4.1-CVE-2016-5195.patch new file mode 100644 index 0000000000..37a41f61e4 --- /dev/null +++ b/gnu/packages/patches/linux-libre-4.1-CVE-2016-5195.patch @@ -0,0 +1,99 @@ +Fix CVE-2016-5195, a.k.a. Dirty COW. +Backported to linux-libre-4.1.x by Mark H Weaver <mhw@netris.org>. + +From 18652320ea99913c95e7130d654be7f1da6b694f Mon Sep 17 00:00:00 2001 +From: Linus Torvalds <torvalds@linux-foundation.org> +Date: Thu, 13 Oct 2016 13:07:36 -0700 +Subject: [PATCH] mm: remove gup_flags FOLL_WRITE games from __get_user_pages() + +commit 19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619 upstream. + +This is an ancient bug that was actually attempted to be fixed once +(badly) by me eleven years ago in commit 4ceb5db9757a ("Fix +get_user_pages() race for write access") but that was then undone due to +problems on s390 by commit f33ea7f404e5 ("fix get_user_pages bug"). + +In the meantime, the s390 situation has long been fixed, and we can now +fix it by checking the pte_dirty() bit properly (and do it better). The +s390 dirty bit was implemented in abf09bed3cce ("s390/mm: implement +software dirty bits") which made it into v3.9. Earlier kernels will +have to look at the page state itself. + +Also, the VM has become more scalable, and what used a purely +theoretical race back then has become easier to trigger. + +To fix it, we introduce a new internal FOLL_COW flag to mark the "yes, +we already did a COW" rather than play racy games with FOLL_WRITE that +is very fundamental, and then use the pte dirty flag to validate that +the FOLL_COW flag is still valid. + +Reported-and-tested-by: Phil "not Paul" Oester <kernel@linuxace.com> +Acked-by: Hugh Dickins <hughd@google.com> +Reviewed-by: Michal Hocko <mhocko@suse.com> +Cc: Andy Lutomirski <luto@kernel.org> +Cc: Kees Cook <keescook@chromium.org> +Cc: Oleg Nesterov <oleg@redhat.com> +Cc: Willy Tarreau <w@1wt.eu> +Cc: Nick Piggin <npiggin@gmail.com> +Cc: Greg Thelen <gthelen@google.com> +Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + include/linux/mm.h | 1 + + mm/gup.c | 14 ++++++++++++-- + 2 files changed, 13 insertions(+), 2 deletions(-) + +diff --git a/include/linux/mm.h b/include/linux/mm.h +index 6b85ec6..7cadf0a 100644 +--- a/include/linux/mm.h ++++ b/include/linux/mm.h +@@ -2064,6 +2064,7 @@ static inline struct page *follow_page(struct vm_area_struct *vma, + #define FOLL_NUMA 0x200 /* force NUMA hinting page fault */ + #define FOLL_MIGRATION 0x400 /* wait for page to replace migration entry */ + #define FOLL_TRIED 0x800 /* a retry, previous pass started an IO */ ++#define FOLL_COW 0x4000 /* internal GUP flag */ + + typedef int (*pte_fn_t)(pte_t *pte, pgtable_t token, unsigned long addr, + void *data); +diff --git a/mm/gup.c b/mm/gup.c +index 6297f6b..e6de9e7 100644 +--- a/mm/gup.c ++++ b/mm/gup.c +@@ -32,6 +32,16 @@ static struct page *no_page_table(struct vm_area_struct *vma, + return NULL; + } + ++/* ++ * FOLL_FORCE can write to even unwritable pte's, but only ++ * after we've gone through a COW cycle and they are dirty. ++ */ ++static inline bool can_follow_write_pte(pte_t pte, unsigned int flags) ++{ ++ return pte_write(pte) || ++ ((flags & FOLL_FORCE) && (flags & FOLL_COW) && pte_dirty(pte)); ++} ++ + static struct page *follow_page_pte(struct vm_area_struct *vma, + unsigned long address, pmd_t *pmd, unsigned int flags) + { +@@ -66,7 +76,7 @@ retry: + } + if ((flags & FOLL_NUMA) && pte_protnone(pte)) + goto no_page; +- if ((flags & FOLL_WRITE) && !pte_write(pte)) { ++ if ((flags & FOLL_WRITE) && !can_follow_write_pte(pte, flags)) { + pte_unmap_unlock(ptep, ptl); + return NULL; + } +@@ -315,7 +325,7 @@ static int faultin_page(struct task_struct *tsk, struct vm_area_struct *vma, + * reCOWed by userspace write). + */ + if ((ret & VM_FAULT_WRITE) && !(vma->vm_flags & VM_WRITE)) +- *flags &= ~FOLL_WRITE; ++ *flags |= FOLL_COW; + return 0; + } + +-- +2.10.1 + diff --git a/gnu/packages/patches/notmuch-emacs-25-compatibility-fix.patch b/gnu/packages/patches/notmuch-emacs-25-compatibility-fix.patch new file mode 100644 index 0000000000..9ddfd4fe10 --- /dev/null +++ b/gnu/packages/patches/notmuch-emacs-25-compatibility-fix.patch @@ -0,0 +1,46 @@ +This fixes a test failure with emacs-25. Picked from +https://git.notmuchmail.org/git?p=notmuch;a=commit;h=f575a346df09c82691bb9e7c462836d982fe31f7 + +From f575a346df09c82691bb9e7c462836d982fe31f7 Mon Sep 17 00:00:00 2001 +From: David Bremner <david@tethera.net> +Date: Sun, 9 Oct 2016 19:30:44 -0300 +Subject: [PATCH] emacs/show: force notmuch-show-buttonise-links to act on + lines + +This seems to fix a problem with emacs 25 creating partial buttons by +calling n-s-b-l with a region that does not include the whole button. +I'm not 100% sure it's legit to act outside the region passed by +jit-lock, but goto-address-fontify-region (where I borrowed the code +from) already does this, so this patch to not make things worse. +--- + emacs/notmuch-show.el | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el +index 641398d..e7d16f8 100644 +--- a/emacs/notmuch-show.el ++++ b/emacs/notmuch-show.el +@@ -1174,13 +1174,15 @@ This also turns id:\"<message id>\"-parts and mid: links into + buttons for a corresponding notmuch search." + (goto-address-fontify-region start end) + (save-excursion +- (let (links) +- (goto-char start) +- (while (re-search-forward notmuch-id-regexp end t) ++ (let (links ++ (beg-line (progn (goto-char start) (line-beginning-position))) ++ (end-line (progn (goto-char end) (line-end-position)))) ++ (goto-char beg-line) ++ (while (re-search-forward notmuch-id-regexp end-line t) + (push (list (match-beginning 0) (match-end 0) + (match-string-no-properties 0)) links)) +- (goto-char start) +- (while (re-search-forward notmuch-mid-regexp end t) ++ (goto-char beg-line) ++ (while (re-search-forward notmuch-mid-regexp end-line t) + (let* ((mid-cid (match-string-no-properties 1)) + (mid (save-match-data + (string-match "^[^/]*" mid-cid) +-- +2.10.1 + diff --git a/gnu/packages/patches/openssh-memory-exhaustion.patch b/gnu/packages/patches/openssh-memory-exhaustion.patch new file mode 100644 index 0000000000..91fe294ca4 --- /dev/null +++ b/gnu/packages/patches/openssh-memory-exhaustion.patch @@ -0,0 +1,39 @@ +Fix a memory exhaustion bug in the key exchange, whereby an unauthenticated user +could potentially consume 38400 MB of memory on the server: + +http://seclists.org/oss-sec/2016/q4/185 + +Patch adapted from upstream source repository: + +https://github.com/openssh/openssh-portable/commit/ec165c392ca54317dbe3064a8c200de6531e89ad + +From ec165c392ca54317dbe3064a8c200de6531e89ad Mon Sep 17 00:00:00 2001 +From: "markus@openbsd.org" <markus@openbsd.org> +Date: Mon, 10 Oct 2016 19:28:48 +0000 +Subject: [PATCH] upstream commit + +Unregister the KEXINIT handler after message has been +received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause +allocation of up to 128MB -- until the connection is closed. Reported by +shilei-c at 360.cn + +Upstream-ID: 43649ae12a27ef94290db16d1a98294588b75c05 +--- + kex.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/kex.c b/kex.c +index 3f97f8c..6a94bc5 100644 +--- a/kex.c ++++ b/kex.c +@@ -481,6 +481,7 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt) + if (kex == NULL) + return SSH_ERR_INVALID_ARGUMENT; + ++ ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL); + ptr = sshpkt_ptr(ssh, &dlen); + if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0) + return r; +-- +2.10.1 + diff --git a/gnu/packages/patches/slim-login.patch b/gnu/packages/patches/slim-login.patch new file mode 100644 index 0000000000..515573c6fa --- /dev/null +++ b/gnu/packages/patches/slim-login.patch @@ -0,0 +1,35 @@ +Display configurable login message after successful authentication. + +Patch by E. Bavier + +--- slim-1.3.6/panel.cpp.orig 1969-12-31 18:00:00.000000000 -0600 ++++ slim-1.3.6/panel.cpp 2016-10-17 17:00:07.259649063 -0500 +@@ -260,6 +260,7 @@ + + void Panel::ClosePanel() { + XUngrabKeyboard(Dpy, CurrentTime); ++ XClearWindow(Dpy, Root); + XUnmapWindow(Dpy, Win); + XDestroyWindow(Dpy, Win); + XFlush(Dpy); +--- slim-1.3.6/cfg.cpp.orig 2016-10-17 17:08:06.767666139 -0500 ++++ slim-1.3.6/cfg.cpp 2016-10-17 17:06:53.115663516 -0500 +@@ -52,6 +52,7 @@ + options.insert(option("lockfile","/var/run/slim.lock")); + options.insert(option("logfile","/var/log/slim.log")); + options.insert(option("authfile","/var/run/slim.auth")); ++ options.insert(option("login_msg","Logging in...")); + options.insert(option("shutdown_msg","The system is halting...")); + options.insert(option("reboot_msg","The system is rebooting...")); + options.insert(option("sessiondir","")); +--- slim-1.3.6/app.cpp.orig 2016-10-17 17:08:41.731667384 -0500 ++++ slim-1.3.6/app.cpp 2016-10-17 17:07:48.415665486 -0500 +@@ -520,6 +520,8 @@ + struct passwd *pw; + pid_t pid; + ++ LoginPanel->Message((char*)cfg->getOption("login_msg").c_str()); ++ + #ifdef USE_PAM + try{ + pam.open_session(); diff --git a/gnu/packages/patches/slim-reset.patch b/gnu/packages/patches/slim-reset.patch new file mode 100644 index 0000000000..eebee6b7b5 --- /dev/null +++ b/gnu/packages/patches/slim-reset.patch @@ -0,0 +1,33 @@ +Do not reset chosen session and maintain the session-choser dialog after a +failed login attempt. + +Patch by E. Bavier + +--- slim-1.3.6/panel.cpp.orig 1969-12-31 18:00:00.000000000 -0600 ++++ slim-1.3.6/panel.cpp 2016-10-17 17:00:07.259649063 -0500 +@@ -260,13 +260,12 @@ + } + + void Panel::ClearPanel() { +- session_name = ""; +- session_exec = ""; + Reset(); + XClearWindow(Dpy, Root); + XClearWindow(Dpy, Win); + Cursor(SHOW); + ShowText(); ++ ShowSession(); + XFlush(Dpy); + } + +@@ -760,9 +760,7 @@ + pair<string,string> ses = cfg->nextSession(); + session_name = ses.first; + session_exec = ses.second; +- if (session_name.size() > 0) { +- ShowSession(); +- } ++ ShowSession(); + } + + /* Display session type on the screen */ |