diff options
Diffstat (limited to 'gnu/packages/patches')
| -rw-r--r-- | gnu/packages/patches/emacs-exwm-fix-fullscreen-issue.patch | 27 | ||||
| -rw-r--r-- | gnu/packages/patches/irrlicht-use-system-libs.patch | 202 | ||||
| -rw-r--r-- | gnu/packages/patches/lxc-CVE-2018-6556.patch | 116 | ||||
| -rw-r--r-- | gnu/packages/patches/mariadb-client-test-32bit.patch | 37 | ||||
| -rw-r--r-- | gnu/packages/patches/meson-for-build-rpath.patch | 3 | ||||
| -rw-r--r-- | gnu/packages/patches/openblas-fix-tests-i686.patch | 35 | ||||
| -rw-r--r-- | gnu/packages/patches/polkit-drop-test.patch | 18 | ||||
| -rw-r--r-- | gnu/packages/patches/pulseaudio-glibc-2.27.patch | 67 | ||||
| -rw-r--r-- | gnu/packages/patches/wpa-supplicant-CVE-2018-14526.patch | 53 | ||||
| -rw-r--r-- | gnu/packages/patches/xorg-server-rotate-fb.patch | 35 |
10 files changed, 436 insertions, 157 deletions
diff --git a/gnu/packages/patches/emacs-exwm-fix-fullscreen-issue.patch b/gnu/packages/patches/emacs-exwm-fix-fullscreen-issue.patch new file mode 100644 index 0000000000..5c9bd36598 --- /dev/null +++ b/gnu/packages/patches/emacs-exwm-fix-fullscreen-issue.patch @@ -0,0 +1,27 @@ +From 13a14579cc1bb772735f895dd5b4b90c6812f3ee Mon Sep 17 00:00:00 2001 +From: Chris Feng <chris.w.feng@gmail.com> +Date: Sun, 29 Jul 2018 00:00:00 +0000 +Subject: [PATCH] Fix issues with destroying full screen X windows + +* exwm-manage.el (exwm-manage--unmanage-window): Set the Emacs window +of an full screen X window as non-dedicated before killing its buffer +so as not to cause other side effects. +--- + exwm-manage.el | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/exwm-manage.el b/exwm-manage.el +index a0a9e05..349157f 100644 +--- a/exwm-manage.el ++++ b/exwm-manage.el +@@ -392,6 +392,10 @@ manager is shutting down." + :window window :parent exwm--root :x 0 :y 0)) + (xcb:+request exwm--connection + (make-instance 'xcb:DestroyWindow :window container)))) ++ (when (exwm-layout--fullscreen-p) ++ (let ((window (get-buffer-window))) ++ (when window ++ (set-window-dedicated-p window nil)))) + (exwm-manage--set-client-list) + (xcb:flush exwm--connection)) + (let ((kill-buffer-func diff --git a/gnu/packages/patches/irrlicht-use-system-libs.patch b/gnu/packages/patches/irrlicht-use-system-libs.patch new file mode 100644 index 0000000000..e764f411d3 --- /dev/null +++ b/gnu/packages/patches/irrlicht-use-system-libs.patch @@ -0,0 +1,202 @@ +This patch is a combination of the two following patches with minor +changes to the install code +https://sources.debian.org/src/irrlicht/1.8.4+dfsg1-1/debian/patches/debian/link-against-needed-libs.diff/ +https://sources.debian.org/src/irrlicht/1.8.4+dfsg1-1/debian/patches/debian/use-system-libs.diff/ + + +--- + include/IrrCompileConfig.h | 26 +++++++++------------ + source/Irrlicht/CIrrDeviceLinux.h | 2 +- + source/Irrlicht/COpenGLExtensionHandler.h | 8 +++---- + source/Irrlicht/COpenGLSLMaterialRenderer.h | 2 +- + source/Irrlicht/Makefile | 15 ++++++------ + 5 files changed, 25 insertions(+), 28 deletions(-) + +diff --git a/include/IrrCompileConfig.h b/include/IrrCompileConfig.h +index 6bb0589..2216353 100644 +--- a/include/IrrCompileConfig.h ++++ b/include/IrrCompileConfig.h +@@ -238,6 +238,17 @@ for Windows based systems. You also have to set #define UNICODE for this to comp + #undef _IRR_WCHAR_FILESYSTEM + #endif + ++//! Define _IRR_COMPILE_WITH_ZLIB_ to enable compiling the engine using zlib. ++/** This enables the engine to read from compressed .zip archives. If you ++disable this feature, the engine can still read archives, but only uncompressed ++ones. */ ++#define _IRR_COMPILE_WITH_ZLIB_ ++ ++//! Define _IRR_USE_NON_SYSTEM_ZLIB_ to let irrlicht use the zlib which comes with irrlicht. ++/** If this is commented out, Irrlicht will try to compile using the zlib installed in the system. ++ This is only used when _IRR_COMPILE_WITH_ZLIB_ is defined. */ ++#undef _IRR_USE_NON_SYSTEM_ZLIB_ ++ + //! Define _IRR_COMPILE_WITH_JPEGLIB_ to enable compiling the engine using libjpeg. + /** This enables the engine to read jpeg images. If you comment this out, + the engine will no longer read .jpeg images. */ +@@ -249,10 +260,7 @@ the engine will no longer read .jpeg images. */ + //! Define _IRR_USE_NON_SYSTEM_JPEG_LIB_ to let irrlicht use the jpeglib which comes with irrlicht. + /** If this is commented out, Irrlicht will try to compile using the jpeg lib installed in the system. + This is only used when _IRR_COMPILE_WITH_LIBJPEG_ is defined. */ +-#define _IRR_USE_NON_SYSTEM_JPEG_LIB_ +-#ifdef NO_IRR_USE_NON_SYSTEM_JPEG_LIB_ + #undef _IRR_USE_NON_SYSTEM_JPEG_LIB_ +-#endif + + //! Define _IRR_COMPILE_WITH_LIBPNG_ to enable compiling the engine using libpng. + /** This enables the engine to read png images. If you comment this out, +@@ -265,10 +273,7 @@ the engine will no longer read .png images. */ + //! Define _IRR_USE_NON_SYSTEM_LIBPNG_ to let irrlicht use the libpng which comes with irrlicht. + /** If this is commented out, Irrlicht will try to compile using the libpng installed in the system. + This is only used when _IRR_COMPILE_WITH_LIBPNG_ is defined. */ +-#define _IRR_USE_NON_SYSTEM_LIB_PNG_ +-#ifdef NO_IRR_USE_NON_SYSTEM_LIB_PNG_ + #undef _IRR_USE_NON_SYSTEM_LIB_PNG_ +-#endif + + //! Define _IRR_D3D_NO_SHADER_DEBUGGING to disable shader debugging in D3D9 + /** If _IRR_D3D_NO_SHADER_DEBUGGING is undefined in IrrCompileConfig.h, +@@ -602,10 +607,7 @@ ones. */ + /** If this is commented out, Irrlicht will try to compile using the zlib + installed on the system. This is only used when _IRR_COMPILE_WITH_ZLIB_ is + defined. */ +-#define _IRR_USE_NON_SYSTEM_ZLIB_ +-#ifdef NO_IRR_USE_NON_SYSTEM_ZLIB_ + #undef _IRR_USE_NON_SYSTEM_ZLIB_ +-#endif + //! Define _IRR_COMPILE_WITH_ZIP_ENCRYPTION_ if you want to read AES-encrypted ZIP archives + #define _IRR_COMPILE_WITH_ZIP_ENCRYPTION_ + #ifdef NO_IRR_COMPILE_WITH_ZIP_ENCRYPTION_ +@@ -623,18 +625,12 @@ library. */ + /** If this is commented out, Irrlicht will try to compile using the bzlib + installed on the system. This is only used when _IRR_COMPILE_WITH_BZLIB_ is + defined. */ +-#define _IRR_USE_NON_SYSTEM_BZLIB_ +-#ifdef NO_IRR_USE_NON_SYSTEM_BZLIB_ + #undef _IRR_USE_NON_SYSTEM_BZLIB_ +-#endif + //! Define _IRR_COMPILE_WITH_LZMA_ if you want to use LZMA compressed zip files. + /** LZMA is a very efficient compression code, known from 7zip. Irrlicht + currently only supports zip archives, though. */ +-#define _IRR_COMPILE_WITH_LZMA_ +-#ifdef NO_IRR_COMPILE_WITH_LZMA_ + #undef _IRR_COMPILE_WITH_LZMA_ + #endif +-#endif + + //! Define __IRR_COMPILE_WITH_MOUNT_ARCHIVE_LOADER_ if you want to mount folders as archives + #define __IRR_COMPILE_WITH_MOUNT_ARCHIVE_LOADER_ +diff --git a/source/Irrlicht/CIrrDeviceLinux.h b/source/Irrlicht/CIrrDeviceLinux.h +index 4d2a2c6..8cf24ba 100644 +--- a/source/Irrlicht/CIrrDeviceLinux.h ++++ b/source/Irrlicht/CIrrDeviceLinux.h +@@ -22,7 +22,7 @@ + #define GLX_GLXEXT_LEGACY 1 + #include <GL/glx.h> + #ifdef _IRR_OPENGL_USE_EXTPOINTER_ +-#include "glxext.h" ++#include <GL/glxext.h> + #endif + #endif + +diff --git a/source/Irrlicht/COpenGLExtensionHandler.h b/source/Irrlicht/COpenGLExtensionHandler.h +index 1b77bad..3886a0e 100644 +--- a/source/Irrlicht/COpenGLExtensionHandler.h ++++ b/source/Irrlicht/COpenGLExtensionHandler.h +@@ -35,7 +35,7 @@ + #endif + #include <OpenGL/gl.h> + #if defined(_IRR_OPENGL_USE_EXTPOINTER_) +- #include "glext.h" ++ #include <GL/glext.h> + #endif + #elif defined(_IRR_COMPILE_WITH_SDL_DEVICE_) && !defined(_IRR_COMPILE_WITH_X11_DEVICE_) + #if defined(_IRR_OPENGL_USE_EXTPOINTER_) +@@ -48,7 +48,7 @@ + #define NO_SDL_GLEXT + #include <SDL/SDL_video.h> + #include <SDL/SDL_opengl.h> +- #include "glext.h" ++ #include <GL/glext.h> + #else + #if defined(_IRR_OPENGL_USE_EXTPOINTER_) + #define GL_GLEXT_LEGACY 1 +@@ -60,9 +60,9 @@ + #include <GL/gl.h> + #include <GL/glx.h> + #if defined(_IRR_OPENGL_USE_EXTPOINTER_) +- #include "glext.h" ++ #include <GL/glext.h> + #undef GLX_ARB_get_proc_address // avoid problems with local glxext.h +- #include "glxext.h" ++ #include <GL/glxext.h> + #endif + #endif + +diff --git a/source/Irrlicht/COpenGLSLMaterialRenderer.h b/source/Irrlicht/COpenGLSLMaterialRenderer.h +index ff71150..f8a6007 100644 +--- a/source/Irrlicht/COpenGLSLMaterialRenderer.h ++++ b/source/Irrlicht/COpenGLSLMaterialRenderer.h +@@ -25,7 +25,7 @@ + #include <GL/gl.h> + #endif + #if defined(_IRR_OPENGL_USE_EXTPOINTER_) +- #include "glext.h" ++ #include <GL/glext.h> + #endif + #endif + +diff --git a/source/Irrlicht/Makefile b/source/Irrlicht/Makefile +index 67a3899..d9ea7f3 100644 +--- a/source/Irrlicht/Makefile ++++ b/source/Irrlicht/Makefile +@@ -43,7 +43,7 @@ IRRIMAGEOBJ = CColorConverter.o CImage.o CImageLoaderBMP.o CImageLoaderDDS.o CIm + CImageWriterBMP.o CImageWriterJPG.o CImageWriterPCX.o CImageWriterPNG.o CImageWriterPPM.o CImageWriterPSD.o CImageWriterTGA.o + IRRVIDEOOBJ = CVideoModeList.o CFPSCounter.o $(IRRDRVROBJ) $(IRRIMAGEOBJ) + IRRSWRENDEROBJ = CSoftwareDriver.o CSoftwareTexture.o CTRFlat.o CTRFlatWire.o CTRGouraud.o CTRGouraudWire.o CTRNormalMap.o CTRStencilShadow.o CTRTextureFlat.o CTRTextureFlatWire.o CTRTextureGouraud.o CTRTextureGouraudAdd.o CTRTextureGouraudNoZ.o CTRTextureGouraudWire.o CZBuffer.o CTRTextureGouraudVertexAlpha2.o CTRTextureGouraudNoZ2.o CTRTextureLightMap2_M2.o CTRTextureLightMap2_M4.o CTRTextureLightMap2_M1.o CSoftwareDriver2.o CSoftwareTexture2.o CTRTextureGouraud2.o CTRGouraud2.o CTRGouraudAlpha2.o CTRGouraudAlphaNoZ2.o CTRTextureDetailMap2.o CTRTextureGouraudAdd2.o CTRTextureGouraudAddNoZ2.o CTRTextureWire2.o CTRTextureLightMap2_Add.o CTRTextureLightMapGouraud2_M4.o IBurningShader.o CTRTextureBlend.o CTRTextureGouraudAlpha.o CTRTextureGouraudAlphaNoZ.o CDepthBuffer.o CBurningShader_Raster_Reference.o +-IRRIOOBJ = CFileList.o CFileSystem.o CLimitReadFile.o CMemoryFile.o CReadFile.o CWriteFile.o CXMLReader.o CXMLWriter.o CWADReader.o CZipReader.o CPakReader.o CNPKReader.o CTarReader.o CMountPointReader.o irrXML.o CAttributes.o lzma/LzmaDec.o ++IRRIOOBJ = CFileList.o CFileSystem.o CLimitReadFile.o CMemoryFile.o CReadFile.o CWriteFile.o CXMLReader.o CXMLWriter.o CWADReader.o CZipReader.o CPakReader.o CNPKReader.o CTarReader.o CMountPointReader.o irrXML.o CAttributes.o + IRROTHEROBJ = CIrrDeviceSDL.o CIrrDeviceLinux.o CIrrDeviceConsole.o CIrrDeviceStub.o CIrrDeviceWin32.o CIrrDeviceFB.o CLogger.o COSOperator.o Irrlicht.o os.o + IRRGUIOBJ = CGUIButton.o CGUICheckBox.o CGUIComboBox.o CGUIContextMenu.o CGUIEditBox.o CGUIEnvironment.o CGUIFileOpenDialog.o CGUIFont.o CGUIImage.o CGUIInOutFader.o CGUIListBox.o CGUIMenu.o CGUIMeshViewer.o CGUIMessageBox.o CGUIModalScreen.o CGUIScrollBar.o CGUISpinBox.o CGUISkin.o CGUIStaticText.o CGUITabControl.o CGUITable.o CGUIToolBar.o CGUIWindow.o CGUIColorSelectDialog.o CDefaultGUIElementFactory.o CGUISpriteBank.o CGUIImageList.o CGUITreeView.o + ZLIBOBJ = zlib/adler32.o zlib/compress.o zlib/crc32.o zlib/deflate.o zlib/inffast.o zlib/inflate.o zlib/inftrees.o zlib/trees.o zlib/uncompr.o zlib/zutil.o +@@ -56,14 +56,14 @@ BZIP2OBJ = bzip2/blocksort.o bzip2/huffman.o bzip2/crctable.o bzip2/randtable.o + EXTRAOBJ = + LINKOBJ = $(IRRMESHOBJ) $(IRROBJ) $(IRRPARTICLEOBJ) $(IRRANIMOBJ) \ + $(IRRVIDEOOBJ) $(IRRSWRENDEROBJ) $(IRRIOOBJ) $(IRROTHEROBJ) \ +- $(IRRGUIOBJ) $(ZLIBOBJ) $(JPEGLIBOBJ) $(LIBPNGOBJ) $(LIBAESGM) \ +- $(BZIP2OBJ) $(EXTRAOBJ) ++ $(IRRGUIOBJ) $(LIBAESGM) \ ++ $(EXTRAOBJ) + + ############### + #Compiler flags +-CXXINCS = -I../../include -Izlib -Ijpeglib -Ilibpng ++CXXINCS = -I../../include # -Izlib -Ijpeglib -Ilibpng + CPPFLAGS += $(CXXINCS) -DIRRLICHT_EXPORTS=1 +-CXXFLAGS += -Wall -pipe -fno-exceptions -fno-rtti -fstrict-aliasing ++CXXFLAGS += -Wall -pipe -fno-exceptions -fstrict-aliasing + ifndef NDEBUG + CXXFLAGS += -g -D_DEBUG + else +@@ -88,7 +88,7 @@ STATIC_LIB = libIrrlicht.a + LIB_PATH = ../../lib/$(SYSTEM) + INSTALL_DIR = /usr/local/lib + sharedlib install: SHARED_LIB = libIrrlicht.so +-sharedlib: LDFLAGS += -L/usr/X11R6/lib$(LIBSELECT) -lGL -lXxf86vm ++staticlib sharedlib: LDFLAGS += -L/usr/X11R6/lib$(LIBSELECT) -lGL -lXxf86vm -lX11 -lz -lpng -ljpeg -lbz2 + staticlib sharedlib: CXXINCS += -I/usr/X11R6/include + + #OSX specific options +@@ -153,7 +153,8 @@ install install_osx: + $(RM) -r $(INSTALL_DIR)/../include/irrlicht + mkdir -p $(INSTALL_DIR)/../include/irrlicht + cp ../../include/*.h $(INSTALL_DIR)/../include/irrlicht/ +- cp $(LIB_PATH)/$(SHARED_FULLNAME) $(INSTALL_DIR) ++ cp $(LIB_PATH)/$(SHARED_FULLNAME) $(INSTALL_DIR) || true ++ cp $(LIB_PATH)/$(STATIC_LIB) $(INSTALL_DIR) || true + cd $(INSTALL_DIR) && ln -s -f $(SHARED_FULLNAME) $(SONAME) + cd $(INSTALL_DIR) && ln -s -f $(SONAME) $(SHARED_LIB) + # ldconfig -n $(INSTALL_DIR) +-- +2.18.0 + diff --git a/gnu/packages/patches/lxc-CVE-2018-6556.patch b/gnu/packages/patches/lxc-CVE-2018-6556.patch new file mode 100644 index 0000000000..7eab7101f1 --- /dev/null +++ b/gnu/packages/patches/lxc-CVE-2018-6556.patch @@ -0,0 +1,116 @@ +Fix CVE-2018-6556: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6556 +https://bugzilla.suse.com/show_bug.cgi?id=988348#c8 + +Patch copied from upstream source repository: + +https://github.com/lxc/lxc/commit/c1cf54ebf251fdbad1e971679614e81649f1c032 + +From c1cf54ebf251fdbad1e971679614e81649f1c032 Mon Sep 17 00:00:00 2001 +From: Christian Brauner <christian.brauner@ubuntu.com> +Date: Wed, 25 Jul 2018 19:56:54 +0200 +Subject: [PATCH] CVE 2018-6556: verify netns fd in lxc-user-nic + +Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> +--- + src/lxc/cmd/lxc_user_nic.c | 35 ++++++++++++++++++++++++++++++++--- + src/lxc/utils.c | 12 ++++++++++++ + src/lxc/utils.h | 5 +++++ + 3 files changed, 49 insertions(+), 3 deletions(-) + +diff --git a/src/lxc/cmd/lxc_user_nic.c b/src/lxc/cmd/lxc_user_nic.c +index ec9cd97e0..c5beb6c8d 100644 +--- a/src/lxc/cmd/lxc_user_nic.c ++++ b/src/lxc/cmd/lxc_user_nic.c +@@ -1179,12 +1179,41 @@ int main(int argc, char *argv[]) + exit(EXIT_FAILURE); + } + } else if (request == LXC_USERNIC_DELETE) { +- netns_fd = open(args.pid, O_RDONLY); ++ char opath[LXC_PROC_PID_FD_LEN]; ++ ++ /* Open the path with O_PATH which will not trigger an actual ++ * open(). Don't report an errno to the caller to not leak ++ * information whether the path exists or not. ++ * When stracing setuid is stripped so this is not a concern ++ * either. ++ */ ++ netns_fd = open(args.pid, O_PATH | O_CLOEXEC); + if (netns_fd < 0) { +- usernic_error("Could not open \"%s\": %s\n", args.pid, +- strerror(errno)); ++ usernic_error("Failed to open \"%s\"\n", args.pid); ++ exit(EXIT_FAILURE); ++ } ++ ++ if (!fhas_fs_type(netns_fd, NSFS_MAGIC)) { ++ usernic_error("Path \"%s\" does not refer to a network namespace path\n", args.pid); ++ close(netns_fd); ++ exit(EXIT_FAILURE); ++ } ++ ++ ret = snprintf(opath, sizeof(opath), "/proc/self/fd/%d", netns_fd); ++ if (ret < 0 || (size_t)ret >= sizeof(opath)) { ++ close(netns_fd); ++ exit(EXIT_FAILURE); ++ } ++ ++ /* Now get an fd that we can use in setns() calls. */ ++ ret = open(opath, O_RDONLY | O_CLOEXEC); ++ if (ret < 0) { ++ usernic_error("Failed to open \"%s\": %s\n", args.pid, strerror(errno)); ++ close(netns_fd); + exit(EXIT_FAILURE); + } ++ close(netns_fd); ++ netns_fd = ret; + } + + if (!create_db_dir(LXC_USERNIC_DB)) { +diff --git a/src/lxc/utils.c b/src/lxc/utils.c +index 530b1f81a..3b854e35b 100644 +--- a/src/lxc/utils.c ++++ b/src/lxc/utils.c +@@ -2544,6 +2544,18 @@ bool has_fs_type(const char *path, fs_type_magic magic_val) + return has_type; + } + ++bool fhas_fs_type(int fd, fs_type_magic magic_val) ++{ ++ int ret; ++ struct statfs sb; ++ ++ ret = fstatfs(fd, &sb); ++ if (ret < 0) ++ return false; ++ ++ return is_fs_type(&sb, magic_val); ++} ++ + bool lxc_nic_exists(char *nic) + { + #define __LXC_SYS_CLASS_NET_LEN 15 + IFNAMSIZ + 1 +diff --git a/src/lxc/utils.h b/src/lxc/utils.h +index 6a0bebded..0805f5d0d 100644 +--- a/src/lxc/utils.h ++++ b/src/lxc/utils.h +@@ -95,6 +95,10 @@ + #define CGROUP2_SUPER_MAGIC 0x63677270 + #endif + ++#ifndef NSFS_MAGIC ++#define NSFS_MAGIC 0x6e736673 ++#endif ++ + /* Useful macros */ + /* Maximum number for 64 bit integer is a string with 21 digits: 2^64 - 1 = 21 */ + #define LXC_NUMSTRLEN64 21 +@@ -580,6 +584,7 @@ extern void *must_realloc(void *orig, size_t sz); + /* __typeof__ should be safe to use with all compilers. */ + typedef __typeof__(((struct statfs *)NULL)->f_type) fs_type_magic; + extern bool has_fs_type(const char *path, fs_type_magic magic_val); ++extern bool fhas_fs_type(int fd, fs_type_magic magic_val); + extern bool is_fs_type(const struct statfs *fs, fs_type_magic magic_val); + extern bool lxc_nic_exists(char *nic); + extern int lxc_make_tmpfile(char *template, bool rm); diff --git a/gnu/packages/patches/mariadb-client-test-32bit.patch b/gnu/packages/patches/mariadb-client-test-32bit.patch new file mode 100644 index 0000000000..02017e324d --- /dev/null +++ b/gnu/packages/patches/mariadb-client-test-32bit.patch @@ -0,0 +1,37 @@ +From 93efa48a7b972fc463406603574a4d508eefe792 Mon Sep 17 00:00:00 2001 +From: Sergei Golubchik <serg@mariadb.org> +Date: Sun, 13 May 2018 18:50:21 +0200 +Subject: [PATCH] fix failing main.mysql_client_test test on 32bit + +in `ulonglong=ulong*uint` multiplication +is done in ulong, wrapping around on 32bit. + +This became visible after C/C changed the +default charset to utf8, thus changing +mbmaxlem from 1 to 3. +--- + tests/mysql_client_fw.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tests/mysql_client_fw.c b/tests/mysql_client_fw.c +index f69eb28a2871..4d036887629a 100644 +--- a/tests/mysql_client_fw.c ++++ b/tests/mysql_client_fw.c +@@ -768,7 +768,7 @@ static void do_verify_prepare_field(MYSQL_RES *result, + { + MYSQL_FIELD *field; + CHARSET_INFO *cs; +- ulonglong expected_field_length; ++ ulonglong expected_field_length= length; + + if (!(field= mysql_fetch_field_direct(result, no))) + { +@@ -777,7 +777,7 @@ static void do_verify_prepare_field(MYSQL_RES *result, + } + cs= get_charset(field->charsetnr, 0); + DIE_UNLESS(cs); +- if ((expected_field_length= length * cs->mbmaxlen) > UINT_MAX32) ++ if ((expected_field_length*= cs->mbmaxlen) > UINT_MAX32) + expected_field_length= UINT_MAX32; + if (!opt_silent) + { diff --git a/gnu/packages/patches/meson-for-build-rpath.patch b/gnu/packages/patches/meson-for-build-rpath.patch index 04c07d05bf..ef9a73f07c 100644 --- a/gnu/packages/patches/meson-for-build-rpath.patch +++ b/gnu/packages/patches/meson-for-build-rpath.patch @@ -2,8 +2,7 @@ This patch removes a part of meson that clears the rpath upon installation. This will only be applied to a special version of meson, used for the meson-build-system. -Patch for Meson 0.42.0 by Peter Mikkelsen <petermikkelsen10@gmail.com> -Adjusted for Meson 0.47.1 by Ricardo Wurmus <rekado@elephly.net> +Original patch for Meson 0.42.0 by Peter Mikkelsen <petermikkelsen10@gmail.com> --- meson-0.47.1/mesonbuild/minstall.py.old 2018-08-10 11:01:27.812327013 +0200 +++ meson-0.47.1/mesonbuild/minstall.py 2018-08-10 11:01:51.940368505 +0200 diff --git a/gnu/packages/patches/openblas-fix-tests-i686.patch b/gnu/packages/patches/openblas-fix-tests-i686.patch deleted file mode 100644 index 3325546ea3..0000000000 --- a/gnu/packages/patches/openblas-fix-tests-i686.patch +++ /dev/null @@ -1,35 +0,0 @@ -Fix a test failure on some i686 systems: - -https://github.com/xianyi/OpenBLAS/issues/1575 - -This patch is a squashed version of these commits: - -https://github.com/xianyi/OpenBLAS/pull/1583 - -diff --git a/kernel/x86/KERNEL.NEHALEM b/kernel/x86/KERNEL.NEHALEM -index 835520ef..65b03ae5 100644 ---- a/kernel/x86/KERNEL.NEHALEM -+++ b/kernel/x86/KERNEL.NEHALEM -@@ -1,3 +1 @@ - include $(KERNELDIR)/KERNEL.PENRYN --SSWAPKERNEL = ../arm/swap.c --DSWAPKERNEL = ../arm/swap.c -diff --git a/kernel/x86/swap.S b/kernel/x86/swap.S -index 54b00b33..e30c2789 100644 ---- a/kernel/x86/swap.S -+++ b/kernel/x86/swap.S -@@ -138,6 +138,14 @@ - /* INCX != 1 or INCY != 1 */ - - .L14: -+ cmpl $0, %ebx -+ jne .L141 -+ cmpl $0, %ecx -+ jne .L141 -+/* INCX == 0 and INCY == 0 */ -+ jmp .L27 -+ -+.L141: - movl %edx, %eax - sarl $2, %eax - jle .L28 diff --git a/gnu/packages/patches/polkit-drop-test.patch b/gnu/packages/patches/polkit-drop-test.patch deleted file mode 100644 index 2fd0c8bdf6..0000000000 --- a/gnu/packages/patches/polkit-drop-test.patch +++ /dev/null @@ -1,18 +0,0 @@ -Drop test failing with the following message: -FAIL: polkitbackendjsauthoritytest -================================== -/PolkitBackendJsAuthority/get_admin_identities: Error getting system bus: Could not connect: No such file or directoryError loading /var/run/ConsoleKit/database: Error statting file /var/run/ConsoleKit/database: No such file or directory - - -diff -ru polkit-0.112.old/test/Makefile.in polkit-0.112/test/Makefile.in ---- polkit-0.112.old/test/Makefile.in 2013-07-08 22:52:13.000000000 +0200 -+++ polkit-0.112/test/Makefile.in 2014-11-09 18:43:47.000000000 +0100 -@@ -388,7 +388,7 @@ - top_build_prefix = @top_build_prefix@ - top_builddir = @top_builddir@ - top_srcdir = @top_srcdir@ --SUBDIRS = mocklibc . polkit polkitbackend -+SUBDIRS = mocklibc . polkit - AM_CFLAGS = $(GLIB_CFLAGS) - noinst_LTLIBRARIES = libpolkit-test-helper.la - libpolkit_test_helper_la_SOURCES = polkittesthelper.c polkittesthelper.h diff --git a/gnu/packages/patches/pulseaudio-glibc-2.27.patch b/gnu/packages/patches/pulseaudio-glibc-2.27.patch deleted file mode 100644 index 79d86abeee..0000000000 --- a/gnu/packages/patches/pulseaudio-glibc-2.27.patch +++ /dev/null @@ -1,67 +0,0 @@ -Copied from: -https://cgit.freedesktop.org/pulseaudio/pulseaudio/commit/?id=dfb0460fb4743aec047cdf755a660a9ac2d0f3fb - - -From dfb0460fb4743aec047cdf755a660a9ac2d0f3fb Mon Sep 17 00:00:00 2001 -From: Tanu Kaskinen <tanuk@iki.fi> -Date: Wed, 24 Jan 2018 03:51:49 +0200 -Subject: [PATCH] memfd-wrappers: only define memfd_create() if not already - defined - -glibc 2.27 is to be released soon, and it will provide memfd_create(). -If glibc provides the function, we must not define it ourselves, -otherwise building fails due to conflict between the two implementations -of the same function. - -BugLink: https://bugs.freedesktop.org/show_bug.cgi?id=104733 ---- - configure.ac | 3 +++ - src/pulsecore/memfd-wrappers.h | 7 ++++--- - 2 files changed, 7 insertions(+), 3 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 0084c86e..0eb44b08 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -610,6 +610,9 @@ AS_IF([test "x$enable_memfd" = "xyes" && test "x$HAVE_MEMFD" = "x0"], - [AC_MSG_ERROR([*** Your Linux kernel does not support memfd shared memory. - *** Use linux v3.17 or higher for such a feature.])]) - -+AS_IF([test "x$HAVE_MEMFD" = "x1"], -+ AC_CHECK_FUNCS([memfd_create])) -+ - AC_SUBST(HAVE_MEMFD) - AM_CONDITIONAL([HAVE_MEMFD], [test "x$HAVE_MEMFD" = x1]) - AS_IF([test "x$HAVE_MEMFD" = "x1"], AC_DEFINE([HAVE_MEMFD], 1, [Have memfd shared memory.])) -diff --git a/src/pulsecore/memfd-wrappers.h b/src/pulsecore/memfd-wrappers.h -index 3bed9b2b..c7aadfd3 100644 ---- a/src/pulsecore/memfd-wrappers.h -+++ b/src/pulsecore/memfd-wrappers.h -@@ -20,13 +20,14 @@ - License along with PulseAudio; if not, see <http://www.gnu.org/licenses/>. - ***/ - --#ifdef HAVE_MEMFD -+#if defined(HAVE_MEMFD) && !defined(HAVE_MEMFD_CREATE) - - #include <sys/syscall.h> - #include <fcntl.h> - - /* -- * No glibc wrappers exist for memfd_create(2), so provide our own. -+ * Before glibc version 2.27 there was no wrapper for memfd_create(2), -+ * so we have to provide our own. - * - * Also define memfd fcntl sealing macros. While they are already - * defined in the kernel header file <linux/fcntl.h>, that file as -@@ -63,6 +64,6 @@ static inline int memfd_create(const char *name, unsigned int flags) { - #define F_SEAL_WRITE 0x0008 /* prevent writes */ - #endif - --#endif /* HAVE_MEMFD */ -+#endif /* HAVE_MEMFD && !HAVE_MEMFD_CREATE */ - - #endif --- -2.16.2 - diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2018-14526.patch b/gnu/packages/patches/wpa-supplicant-CVE-2018-14526.patch new file mode 100644 index 0000000000..d3d5cbc46a --- /dev/null +++ b/gnu/packages/patches/wpa-supplicant-CVE-2018-14526.patch @@ -0,0 +1,53 @@ +Fix CVE-2018-14526: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14526 +https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt + +Patch downloaded from upstream: + +https://w1.fi/security/2018-1/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch + +From 3e34cfdff6b192fe337c6fb3f487f73e96582961 Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> +Date: Sun, 15 Jul 2018 01:25:53 +0200 +Subject: [PATCH] WPA: Ignore unauthenticated encrypted EAPOL-Key data + +Ignore unauthenticated encrypted EAPOL-Key data in supplicant +processing. When using WPA2, these are frames that have the Encrypted +flag set, but not the MIC flag. + +When using WPA2, EAPOL-Key frames that had the Encrypted flag set but +not the MIC flag, had their data field decrypted without first verifying +the MIC. In case the data field was encrypted using RC4 (i.e., when +negotiating TKIP as the pairwise cipher), this meant that +unauthenticated but decrypted data would then be processed. An adversary +could abuse this as a decryption oracle to recover sensitive information +in the data field of EAPOL-Key messages (e.g., the group key). +(CVE-2018-14526) + +Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> +--- + src/rsn_supp/wpa.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff -upr wpa_supplicant-2.6.orig/src/rsn_supp/wpa.c wpa_supplicant-2.6/src/rsn_supp/wpa.c +--- wpa_supplicant-2.6.orig/src/rsn_supp/wpa.c 2016-10-02 21:51:11.000000000 +0300 ++++ wpa_supplicant-2.6/src/rsn_supp/wpa.c 2018-08-08 16:55:11.506831029 +0300 +@@ -2016,6 +2016,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, c + + if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) && + (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { ++ /* ++ * Only decrypt the Key Data field if the frame's authenticity ++ * was verified. When using AES-SIV (FILS), the MIC flag is not ++ * set, so this check should only be performed if mic_len != 0 ++ * which is the case in this code branch. ++ */ ++ if (!(key_info & WPA_KEY_INFO_MIC)) { ++ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, ++ "WPA: Ignore EAPOL-Key with encrypted but unauthenticated data"); ++ goto out; ++ } + if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data, + &key_data_len)) + goto out; diff --git a/gnu/packages/patches/xorg-server-rotate-fb.patch b/gnu/packages/patches/xorg-server-rotate-fb.patch deleted file mode 100644 index f47036b2a7..0000000000 --- a/gnu/packages/patches/xorg-server-rotate-fb.patch +++ /dev/null @@ -1,35 +0,0 @@ -commit a85e94a50c94b07574c8701a3ff3c1243f4257f4 -Author: Olivier Fourdan <ofourdan@redhat.com> -Date: Fri Jun 15 08:57:12 2018 +0200 - - modesetting: use drmmode_bo_import() for rotate_fb - - drmmode_shadow_allocate() still uses drmModeAddFB() which may fail if - the format is not as expected, preventing from using a rotated output. - - Change it to use the new function drmmode_bo_import() which takes care - of calling the drmModeAddFB2() API. - - Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=106715 - Signed-off-by: Olivier Fourdan <ofourdan@redhat.com> - Tested-by: Tomas Pelka <tpelka@redhat.com> - Reviewed-by: Lyude Paul <lyude@redhat.com> - -diff --git a/hw/xfree86/drivers/modesetting/drmmode_display.c b/hw/xfree86/drivers/modesetting/drmmode_display.c -index 859a21a9d..ec11b3f56 100644 ---- a/hw/xfree86/drivers/modesetting/drmmode_display.c -+++ b/hw/xfree86/drivers/modesetting/drmmode_display.c -@@ -1794,11 +1794,8 @@ drmmode_shadow_allocate(xf86CrtcPtr crtc, int width, int height) - return NULL; - } - -- ret = drmModeAddFB(drmmode->fd, width, height, crtc->scrn->depth, -- drmmode->kbpp, -- drmmode_bo_get_pitch(&drmmode_crtc->rotate_bo), -- drmmode_bo_get_handle(&drmmode_crtc->rotate_bo), -- &drmmode_crtc->rotate_fb_id); -+ ret = drmmode_bo_import(drmmode, &drmmode_crtc->rotate_bo, -+ &drmmode_crtc->rotate_fb_id); - - if (ret) { - ErrorF("failed to add rotate fb\n"); |