summary refs log tree commit diff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/amule-crypto-6.patch45
-rw-r--r--gnu/packages/patches/gegl-CVE-2012-4433.patch117
-rw-r--r--gnu/packages/patches/gimp-CVE-2017-17784.patch41
-rw-r--r--gnu/packages/patches/gimp-CVE-2017-17785.patch171
-rw-r--r--gnu/packages/patches/gimp-CVE-2017-17786.patch94
-rw-r--r--gnu/packages/patches/gimp-CVE-2017-17787.patch42
-rw-r--r--gnu/packages/patches/gimp-CVE-2017-17789.patch48
-rw-r--r--gnu/packages/patches/liboop-mips64-deplibs-fix.patch17
-rw-r--r--gnu/packages/patches/shadow-CVE-2018-7169.patch191
9 files changed, 45 insertions, 721 deletions
diff --git a/gnu/packages/patches/amule-crypto-6.patch b/gnu/packages/patches/amule-crypto-6.patch
new file mode 100644
index 0000000000..21a86ab0fa
--- /dev/null
+++ b/gnu/packages/patches/amule-crypto-6.patch
@@ -0,0 +1,45 @@
+From d1d1368c7909ffd8423730afaa811ce7b6a3a8aa Mon Sep 17 00:00:00 2001
+From: Tommy Jerry Mairo <tommy.mairo@gmail.com>
+Date: Sun, 4 Feb 2018 12:42:00 -0800
+Subject: [PATCH 1/2] Bugfix: API mismatch with crypto++ 6.0.0
+
+---
+ src/ClientCreditsList.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/ClientCreditsList.cpp b/src/ClientCreditsList.cpp
+index 3bea9fe2d..a7ae1e34c 100644
+--- a/src/ClientCreditsList.cpp
++++ b/src/ClientCreditsList.cpp
+@@ -312,7 +312,7 @@ void CClientCreditsList::InitalizeCrypting()
+ 		// calculate and store public key
+ 		CryptoPP::RSASSA_PKCS1v15_SHA_Verifier pubkey(*static_cast<CryptoPP::RSASSA_PKCS1v15_SHA_Signer *>(m_pSignkey));
+ 		CryptoPP::ArraySink asink(m_abyMyPublicKey, 80);
+-		pubkey.DEREncode(asink);
++		pubkey.AccessMaterial().Save(asink);
+ 		m_nMyPublicKeyLen = asink.TotalPutLength();
+ 		asink.MessageEnd();
+ 	} catch (const CryptoPP::Exception& e) {
+
+From 88ba0ac952b78382445f2fff73c6792c0474dc62 Mon Sep 17 00:00:00 2001
+From: Tommy Jerry Mairo <tommy.mairo@gmail.com>
+Date: Wed, 21 Mar 2018 11:56:28 -0700
+Subject: [PATCH 2/2] Update: Change AccessMaterial to GetMaterial
+
+---
+ src/ClientCreditsList.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/ClientCreditsList.cpp b/src/ClientCreditsList.cpp
+index a7ae1e34c..69e881fd8 100644
+--- a/src/ClientCreditsList.cpp
++++ b/src/ClientCreditsList.cpp
+@@ -312,7 +312,7 @@ void CClientCreditsList::InitalizeCrypting()
+ 		// calculate and store public key
+ 		CryptoPP::RSASSA_PKCS1v15_SHA_Verifier pubkey(*static_cast<CryptoPP::RSASSA_PKCS1v15_SHA_Signer *>(m_pSignkey));
+ 		CryptoPP::ArraySink asink(m_abyMyPublicKey, 80);
+-		pubkey.AccessMaterial().Save(asink);
++		pubkey.GetMaterial().Save(asink);
+ 		m_nMyPublicKeyLen = asink.TotalPutLength();
+ 		asink.MessageEnd();
+ 	} catch (const CryptoPP::Exception& e) {
diff --git a/gnu/packages/patches/gegl-CVE-2012-4433.patch b/gnu/packages/patches/gegl-CVE-2012-4433.patch
deleted file mode 100644
index 7352b78dba..0000000000
--- a/gnu/packages/patches/gegl-CVE-2012-4433.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-From: Michael Gilbert <mgilbert@debian.org>
-Date: Mon, 9 Sep 2013 17:34:32 +0200
-Subject: Fix_CVE-2012-4433
-
-Multiple buffer overflow issues.
-
-Closes: #692435
----
- operations/external/ppm-load.c | 62 ++++++++++++++++++++++++++++++++++++------
- 1 file changed, 53 insertions(+), 9 deletions(-)
-
-diff --git a/operations/external/ppm-load.c b/operations/external/ppm-load.c
-index efe6d56..465096d 100644
---- a/operations/external/ppm-load.c
-+++ b/operations/external/ppm-load.c
-@@ -36,6 +36,7 @@ gegl_chant_file_path (path, _("File"), "", _("Path of file to load."))
- #include "gegl-chant.h"
- #include <stdio.h>
- #include <stdlib.h>
-+#include <errno.h>
- 
- typedef enum {
-   PIXMAP_ASCII  = 51,
-@@ -44,8 +45,8 @@ typedef enum {
- 
- typedef struct {
- 	map_type   type;
--	gint       width;
--	gint       height;
-+	glong      width;
-+	glong      height;
-         gsize      numsamples; /* width * height * channels */
-         gsize      bpc;        /* bytes per channel */
- 	guchar    *data;
-@@ -82,12 +83,33 @@ ppm_load_read_header(FILE       *fp,
-       }
- 
-     /* Get Width and Height */
--    img->width  = strtol (header,&ptr,0);
--    img->height = atoi (ptr);
--    img->numsamples = img->width * img->height * CHANNEL_COUNT;
-+    errno = 0;
-+    img->width  = strtol (header,&ptr,10);
-+    if (errno)
-+      {
-+        g_warning ("Error reading width: %s", strerror(errno));
-+        return FALSE;
-+      }
-+    else if (img->width < 0)
-+      {
-+        g_warning ("Error: width is negative");
-+        return FALSE;
-+      }
-+
-+    img->height = strtol (ptr,&ptr,10);
-+    if (errno)
-+      {
-+        g_warning ("Error reading height: %s", strerror(errno));
-+        return FALSE;
-+      }
-+    else if (img->width < 0)
-+      {
-+        g_warning ("Error: height is negative");
-+        return FALSE;
-+      }
- 
-     fgets (header,MAX_CHARS_IN_ROW,fp);
--    maxval = strtol (header,&ptr,0);
-+    maxval = strtol (header,&ptr,10);
- 
-     if ((maxval != 255) && (maxval != 65535))
-       {
-@@ -109,6 +131,16 @@ ppm_load_read_header(FILE       *fp,
-       g_warning ("%s: Programmer stupidity error", G_STRLOC);
-     }
- 
-+    /* Later on, img->numsamples is multiplied with img->bpc to allocate
-+     * memory. Ensure it doesn't overflow. */
-+    if (!img->width || !img->height ||
-+        G_MAXSIZE / img->width / img->height / CHANNEL_COUNT < img->bpc)
-+      {
-+        g_warning ("Illegal width/height: %ld/%ld", img->width, img->height);
-+        return FALSE;
-+      }
-+    img->numsamples = img->width * img->height * CHANNEL_COUNT;
-+
-     return TRUE;
- }
- 
-@@ -229,12 +261,24 @@ process (GeglOperation       *operation,
-   if (!ppm_load_read_header (fp, &img))
-     goto out;
- 
--  rect.height = img.height;
--  rect.width = img.width;
--
-   /* Allocating Array Size */
-+
-+  /* Should use g_try_malloc(), but this causes crashes elsewhere because the
-+   * error signalled by returning FALSE isn't properly acted upon. Therefore
-+   * g_malloc() is used here which aborts if the requested memory size can't be
-+   * allocated causing a controlled crash. */
-   img.data = (guchar*) g_malloc (img.numsamples * img.bpc);
- 
-+  /* No-op without g_try_malloc(), see above. */
-+  if (! img.data)
-+    {
-+      g_warning ("Couldn't allocate %" G_GSIZE_FORMAT " bytes, giving up.", ((gsize)img.numsamples * img.bpc));
-+      goto out;
-+    }
-+
-+  rect.height = img.height;
-+  rect.width = img.width;
-+
-   switch (img.bpc)
-     {
-     case 1:
diff --git a/gnu/packages/patches/gimp-CVE-2017-17784.patch b/gnu/packages/patches/gimp-CVE-2017-17784.patch
deleted file mode 100644
index c791772fb5..0000000000
--- a/gnu/packages/patches/gimp-CVE-2017-17784.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-Fix CVE-2017-17784:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17784
-https://bugzilla.gnome.org/show_bug.cgi?id=790784
-
-Patch copied from upstream source repository:
-
-https://git.gnome.org/browse/gimp/commit/?id=c57f9dcf1934a9ab0cd67650f2dea18cb0902270
-
-From c57f9dcf1934a9ab0cd67650f2dea18cb0902270 Mon Sep 17 00:00:00 2001
-From: Jehan <jehan@girinstud.io>
-Date: Thu, 21 Dec 2017 12:25:32 +0100
-Subject: [PATCH] Bug 790784 - (CVE-2017-17784) heap overread in gbr parser /
- load_image.
-
-We were assuming the input name was well formed, hence was
-nul-terminated. As any data coming from external input, this has to be
-thorougly checked.
-Similar to commit 06d24a79af94837d615d0024916bb95a01bf3c59 but adapted
-to older gimp-2-8 code.
----
- plug-ins/common/file-gbr.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/plug-ins/common/file-gbr.c b/plug-ins/common/file-gbr.c
-index b028100bef..d3f01d9c56 100644
---- a/plug-ins/common/file-gbr.c
-+++ b/plug-ins/common/file-gbr.c
-@@ -443,7 +443,8 @@ load_image (const gchar  *filename,
-     {
-       gchar *temp = g_new (gchar, bn_size);
- 
--      if ((read (fd, temp, bn_size)) < bn_size)
-+      if ((read (fd, temp, bn_size)) < bn_size ||
-+          temp[bn_size - 1] != '\0')
-         {
-           g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
-                        _("Error in GIMP brush file '%s'"),
--- 
-2.15.1
-
diff --git a/gnu/packages/patches/gimp-CVE-2017-17785.patch b/gnu/packages/patches/gimp-CVE-2017-17785.patch
deleted file mode 100644
index 939b01f214..0000000000
--- a/gnu/packages/patches/gimp-CVE-2017-17785.patch
+++ /dev/null
@@ -1,171 +0,0 @@
-Fix CVE-2017-17785:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17785
-https://bugzilla.gnome.org/show_bug.cgi?id=739133
-
-Patch copied from upstream source repository:
-
-https://git.gnome.org/browse/gimp/commit/?id=1882bac996a20ab5c15c42b0c5e8f49033a1af54
-
-From 1882bac996a20ab5c15c42b0c5e8f49033a1af54 Mon Sep 17 00:00:00 2001
-From: Tobias Stoeckmann <tobias@stoeckmann.org>
-Date: Sun, 29 Oct 2017 15:19:41 +0100
-Subject: [PATCH] Bug 739133 - (CVE-2017-17785) Heap overflow while parsing FLI
- files.
-
-It is possible to trigger a heap overflow while parsing FLI files. The
-RLE decoder is vulnerable to out of boundary writes due to lack of
-boundary checks.
-
-The variable "framebuf" points to a memory area which was allocated
-with fli_header->width * fli_header->height bytes. The RLE decoder
-therefore must never write beyond that limit.
-
-If an illegal frame is detected, the parser won't stop, which means
-that the next valid sequence is properly parsed again. This should
-allow GIMP to parse FLI files as good as possible even if they are
-broken by an attacker or by accident.
-
-While at it, I changed the variable xc to be of type size_t, because
-the multiplication of width and height could overflow a 16 bit type.
-
-Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
-(cherry picked from commit edb251a7ef1602d20a5afcbf23f24afb163de63b)
----
- plug-ins/file-fli/fli.c | 50 ++++++++++++++++++++++++++++++++++---------------
- 1 file changed, 35 insertions(+), 15 deletions(-)
-
-diff --git a/plug-ins/file-fli/fli.c b/plug-ins/file-fli/fli.c
-index 313efeb977..ffb651e2af 100644
---- a/plug-ins/file-fli/fli.c
-+++ b/plug-ins/file-fli/fli.c
-@@ -25,6 +25,8 @@
- 
- #include "config.h"
- 
-+#include <glib/gstdio.h>
-+
- #include <string.h>
- #include <stdio.h>
- 
-@@ -461,23 +463,27 @@ void fli_read_brun(FILE *f, s_fli_header *fli_header, unsigned char *framebuf)
- 	unsigned short yc;
- 	unsigned char *pos;
- 	for (yc=0; yc < fli_header->height; yc++) {
--		unsigned short xc, pc, pcnt;
-+		unsigned short pc, pcnt;
-+		size_t n, xc;
- 		pc=fli_read_char(f);
- 		xc=0;
- 		pos=framebuf+(fli_header->width * yc);
-+		n=(size_t)fli_header->width * (fli_header->height-yc);
- 		for (pcnt=pc; pcnt>0; pcnt--) {
- 			unsigned short ps;
- 			ps=fli_read_char(f);
- 			if (ps & 0x80) {
- 				unsigned short len;
--				for (len=-(signed char)ps; len>0; len--) {
-+				for (len=-(signed char)ps; len>0 && xc<n; len--) {
- 					pos[xc++]=fli_read_char(f);
- 				}
- 			} else {
- 				unsigned char val;
-+				size_t len;
-+				len=MIN(n-xc,ps);
- 				val=fli_read_char(f);
--				memset(&(pos[xc]), val, ps);
--				xc+=ps;
-+				memset(&(pos[xc]), val, len);
-+				xc+=len;
- 			}
- 		}
- 	}
-@@ -564,25 +570,34 @@ void fli_read_lc(FILE *f, s_fli_header *fli_header, unsigned char *old_framebuf,
- 	memcpy(framebuf, old_framebuf, fli_header->width * fli_header->height);
- 	firstline = fli_read_short(f);
- 	numline = fli_read_short(f);
-+	if (numline > fli_header->height || fli_header->height-numline < firstline)
-+		return;
-+
- 	for (yc=0; yc < numline; yc++) {
--		unsigned short xc, pc, pcnt;
-+		unsigned short pc, pcnt;
-+		size_t n, xc;
- 		pc=fli_read_char(f);
- 		xc=0;
- 		pos=framebuf+(fli_header->width * (firstline+yc));
-+		n=(size_t)fli_header->width * (fli_header->height-firstline-yc);
- 		for (pcnt=pc; pcnt>0; pcnt--) {
- 			unsigned short ps,skip;
- 			skip=fli_read_char(f);
- 			ps=fli_read_char(f);
--			xc+=skip;
-+			xc+=MIN(n-xc,skip);
- 			if (ps & 0x80) {
- 				unsigned char val;
-+				size_t len;
- 				ps=-(signed char)ps;
- 				val=fli_read_char(f);
--				memset(&(pos[xc]), val, ps);
--				xc+=ps;
-+				len=MIN(n-xc,ps);
-+				memset(&(pos[xc]), val, len);
-+				xc+=len;
- 			} else {
--				fread(&(pos[xc]), ps, 1, f);
--				xc+=ps;
-+				size_t len;
-+				len=MIN(n-xc,ps);
-+				fread(&(pos[xc]), len, 1, f);
-+				xc+=len;
- 			}
- 		}
- 	}
-@@ -689,7 +704,8 @@ void fli_read_lc_2(FILE *f, s_fli_header *fli_header, unsigned char *old_framebu
- 	yc=0;
- 	numline = fli_read_short(f);
- 	for (lc=0; lc < numline; lc++) {
--		unsigned short xc, pc, pcnt, lpf, lpn;
-+		unsigned short pc, pcnt, lpf, lpn;
-+		size_t n, xc;
- 		pc=fli_read_short(f);
- 		lpf=0; lpn=0;
- 		while (pc & 0x8000) {
-@@ -700,26 +716,30 @@ void fli_read_lc_2(FILE *f, s_fli_header *fli_header, unsigned char *old_framebu
- 			}
- 			pc=fli_read_short(f);
- 		}
-+		yc=MIN(yc, fli_header->height);
- 		xc=0;
- 		pos=framebuf+(fli_header->width * yc);
-+		n=(size_t)fli_header->width * (fli_header->height-yc);
- 		for (pcnt=pc; pcnt>0; pcnt--) {
- 			unsigned short ps,skip;
- 			skip=fli_read_char(f);
- 			ps=fli_read_char(f);
--			xc+=skip;
-+			xc+=MIN(n-xc,skip);
- 			if (ps & 0x80) {
- 				unsigned char v1,v2;
- 				ps=-(signed char)ps;
- 				v1=fli_read_char(f);
- 				v2=fli_read_char(f);
--				while (ps>0) {
-+				while (ps>0 && xc+1<n) {
- 					pos[xc++]=v1;
- 					pos[xc++]=v2;
- 					ps--;
- 				}
- 			} else {
--				fread(&(pos[xc]), ps, 2, f);
--				xc+=ps << 1;
-+				size_t len;
-+				len=MIN((n-xc)/2,ps);
-+				fread(&(pos[xc]), len, 2, f);
-+				xc+=len << 1;
- 			}
- 		}
- 		if (lpf) pos[xc]=lpn;
--- 
-2.15.1
-
diff --git a/gnu/packages/patches/gimp-CVE-2017-17786.patch b/gnu/packages/patches/gimp-CVE-2017-17786.patch
deleted file mode 100644
index 851227ac1d..0000000000
--- a/gnu/packages/patches/gimp-CVE-2017-17786.patch
+++ /dev/null
@@ -1,94 +0,0 @@
-Fix CVE-2017-17786:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17786
-https://bugzilla.gnome.org/show_bug.cgi?id=739134
-
-Both patches copied from upstream source repository:
-
-https://git.gnome.org/browse/gimp/commit/?id=ef9c821fff8b637a2178eab1c78cae6764c50e12
-https://git.gnome.org/browse/gimp/commit/?id=22e2571c25425f225abdb11a566cc281fca6f366
-
-From ef9c821fff8b637a2178eab1c78cae6764c50e12 Mon Sep 17 00:00:00 2001
-From: Jehan <jehan@girinstud.io>
-Date: Wed, 20 Dec 2017 13:02:38 +0100
-Subject: [PATCH] Bug 739134 - (CVE-2017-17786) Out of bounds read / heap
- overflow in...
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-... TGA importer.
-
-Be more thorough on valid TGA RGB and RGBA images.
-In particular current TGA plug-in can import RGBA as 32 bits (8 bits per
-channel) and 16 bits (5 bits per color channel and 1 bit for alpha), and
-RGB as 15 and 24 bits.
-Maybe there exist more variants, but if they do exist, we simply don't
-support them yet.
-
-Thanks to Hanno Böck for the report and a first patch attempt.
-
-(cherry picked from commit 674b62ad45b6579ec6d7923dc3cb1ef4e8b5498b)
----
- plug-ins/common/file-tga.c | 12 ++++++++----
- 1 file changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/plug-ins/common/file-tga.c b/plug-ins/common/file-tga.c
-index aef98702d4..426acc2925 100644
---- a/plug-ins/common/file-tga.c
-+++ b/plug-ins/common/file-tga.c
-@@ -564,12 +564,16 @@ load_image (const gchar  *filename,
-           }
-         break;
-       case TGA_TYPE_COLOR:
--        if (info.bpp != 15 && info.bpp != 16 &&
--            info.bpp != 24 && info.bpp != 32)
-+        if ((info.bpp != 15 && info.bpp != 16 &&
-+             info.bpp != 24 && info.bpp != 32)      ||
-+            ((info.bpp == 15 || info.bpp == 24) &&
-+             info.alphaBits != 0)                   ||
-+            (info.bpp == 16 && info.alphaBits != 1) ||
-+            (info.bpp == 32 && info.alphaBits != 8))
-           {
--            g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u)",
-+            g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u, alpha = %u)",
-                        gimp_filename_to_utf8 (filename),
--                       info.imageType, info.bpp);
-+                       info.imageType, info.bpp, info.alphaBits);
-             return -1;
-           }
-         break;
--- 
-2.15.1
-
-From 22e2571c25425f225abdb11a566cc281fca6f366 Mon Sep 17 00:00:00 2001
-From: Jehan <jehan@girinstud.io>
-Date: Wed, 20 Dec 2017 13:26:26 +0100
-Subject: [PATCH] plug-ins: TGA 16-bit RGB (without alpha bit) is also valid.
-
-According to some spec on the web, 16-bit RGB is also valid. In this
-case, the last bit is simply ignored (at least that's how it is
-implemented right now).
-
-(cherry picked from commit 8ea316667c8a3296bce2832b3986b58d0fdfc077)
----
- plug-ins/common/file-tga.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/plug-ins/common/file-tga.c b/plug-ins/common/file-tga.c
-index 426acc2925..eb14a1dadc 100644
---- a/plug-ins/common/file-tga.c
-+++ b/plug-ins/common/file-tga.c
-@@ -568,7 +568,8 @@ load_image (const gchar  *filename,
-              info.bpp != 24 && info.bpp != 32)      ||
-             ((info.bpp == 15 || info.bpp == 24) &&
-              info.alphaBits != 0)                   ||
--            (info.bpp == 16 && info.alphaBits != 1) ||
-+            (info.bpp == 16 && info.alphaBits != 1 &&
-+             info.alphaBits != 0)                   ||
-             (info.bpp == 32 && info.alphaBits != 8))
-           {
-             g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u, alpha = %u)",
--- 
-2.15.1
-
diff --git a/gnu/packages/patches/gimp-CVE-2017-17787.patch b/gnu/packages/patches/gimp-CVE-2017-17787.patch
deleted file mode 100644
index b5310d33d9..0000000000
--- a/gnu/packages/patches/gimp-CVE-2017-17787.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Fix CVE-2017-17787:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17787
-https://bugzilla.gnome.org/show_bug.cgi?id=790853
-
-Patch copied from upstream source repository:
-
-https://git.gnome.org/browse/gimp/commit/?id=87ba505fff85989af795f4ab6a047713f4d9381d
-
-From 87ba505fff85989af795f4ab6a047713f4d9381d Mon Sep 17 00:00:00 2001
-From: Jehan <jehan@girinstud.io>
-Date: Thu, 21 Dec 2017 12:49:41 +0100
-Subject: [PATCH] Bug 790853 - (CVE-2017-17787) heap overread in psp importer.
-
-As any external data, we have to check that strings being read at fixed
-length are properly nul-terminated.
-
-(cherry picked from commit eb2980683e6472aff35a3117587c4f814515c74d)
----
- plug-ins/common/file-psp.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c
-index 4cbafe37b1..e350e4d88d 100644
---- a/plug-ins/common/file-psp.c
-+++ b/plug-ins/common/file-psp.c
-@@ -890,6 +890,12 @@ read_creator_block (FILE     *f,
-               g_free (string);
-               return -1;
-             }
-+          if (string[length - 1] != '\0')
-+            {
-+              g_message ("Creator keyword data not nul-terminated");
-+              g_free (string);
-+              return -1;
-+            }
-           switch (keyword)
-             {
-             case PSP_CRTR_FLD_TITLE:
--- 
-2.15.1
-
diff --git a/gnu/packages/patches/gimp-CVE-2017-17789.patch b/gnu/packages/patches/gimp-CVE-2017-17789.patch
deleted file mode 100644
index 6dfa435fd0..0000000000
--- a/gnu/packages/patches/gimp-CVE-2017-17789.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-Fix CVE-2017-17789:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17789
-https://bugzilla.gnome.org/show_bug.cgi?id=790849
-
-Patch copied from upstream source repository:
-
-https://git.gnome.org/browse/gimp/commit/?id=01898f10f87a094665a7fdcf7153990f4e511d3f
-
-From 01898f10f87a094665a7fdcf7153990f4e511d3f Mon Sep 17 00:00:00 2001
-From: Jehan <jehan@girinstud.io>
-Date: Wed, 20 Dec 2017 16:44:20 +0100
-Subject: [PATCH] Bug 790849 - (CVE-2017-17789) CVE-2017-17789 Heap buffer
- overflow...
-
-... in PSP importer.
-Check if declared block length is valid (i.e. within the actual file)
-before going further.
-Consider the file as broken otherwise and fail loading it.
-
-(cherry picked from commit 28e95fbeb5720e6005a088fa811f5bf3c1af48b8)
----
- plug-ins/common/file-psp.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c
-index ac0fff78f0..4cbafe37b1 100644
---- a/plug-ins/common/file-psp.c
-+++ b/plug-ins/common/file-psp.c
-@@ -1771,6 +1771,15 @@ load_image (const gchar  *filename,
-     {
-       block_start = ftell (f);
- 
-+      if (block_start + block_total_len > st.st_size)
-+        {
-+          g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
-+                       _("Could not open '%s' for reading: %s"),
-+                       gimp_filename_to_utf8 (filename),
-+                       _("invalid block size"));
-+          goto error;
-+        }
-+
-       if (id == PSP_IMAGE_BLOCK)
-         {
-           if (block_number != 0)
--- 
-2.15.1
-
diff --git a/gnu/packages/patches/liboop-mips64-deplibs-fix.patch b/gnu/packages/patches/liboop-mips64-deplibs-fix.patch
deleted file mode 100644
index b91754a8cc..0000000000
--- a/gnu/packages/patches/liboop-mips64-deplibs-fix.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-Patch configure script to choose pass_all deplibs check method for
-linux-gnu* systems on mips64.  This is a temporary hack until liboop
-bootstraps their build system with a newer libtool.
-
-Patch by Mark H Weaver <mhw@netris.org>.
-
---- liboop/configure.orig	2003-10-26 11:41:19.000000000 -0500
-+++ liboop/configure	2013-11-02 18:09:11.079995796 -0400
-@@ -3395,7 +3395,7 @@
- # This must be Linux ELF.
- linux*)
-   case $host_cpu in
--  alpha* | hppa* | i*86 | ia64* | m68* | mips | mipsel | powerpc* | sparc* | s390* | sh*)
-+  alpha* | hppa* | i*86 | ia64* | m68* | mips | mipsel | mips64 | mips64el | powerpc* | sparc* | s390* | sh*)
-     lt_cv_deplibs_check_method=pass_all ;;
-   *)
-     # glibc up to 2.1.1 does not perform some relocations on ARM
diff --git a/gnu/packages/patches/shadow-CVE-2018-7169.patch b/gnu/packages/patches/shadow-CVE-2018-7169.patch
deleted file mode 100644
index eeae5b9b71..0000000000
--- a/gnu/packages/patches/shadow-CVE-2018-7169.patch
+++ /dev/null
@@ -1,191 +0,0 @@
-Fix CVE-2018-7169:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169
-
-Patch copied from upstream source repository:
-
-https://github.com/shadow-maint/shadow/commit/fb28c99b8a66ff2605c5cb96abc0a4d975f92de0
-
-From fb28c99b8a66ff2605c5cb96abc0a4d975f92de0 Mon Sep 17 00:00:00 2001
-From: Aleksa Sarai <asarai@suse.de>
-Date: Thu, 15 Feb 2018 23:49:40 +1100
-Subject: [PATCH] newgidmap: enforce setgroups=deny if self-mapping a group
-
-This is necessary to match the kernel-side policy of "self-mapping in a
-user namespace is fine, but you cannot drop groups" -- a policy that was
-created in order to stop user namespaces from allowing trivial privilege
-escalation by dropping supplementary groups that were "blacklisted" from
-certain paths.
-
-This is the simplest fix for the underlying issue, and effectively makes
-it so that unless a user has a valid mapping set in /etc/subgid (which
-only administrators can modify) -- and they are currently trying to use
-that mapping -- then /proc/$pid/setgroups will be set to deny. This
-workaround is only partial, because ideally it should be possible to set
-an "allow_setgroups" or "deny_setgroups" flag in /etc/subgid to allow
-administrators to further restrict newgidmap(1).
-
-We also don't write anything in the "allow" case because "allow" is the
-default, and users may have already written "deny" even if they
-technically are allowed to use setgroups. And we don't write anything if
-the setgroups policy is already "deny".
-
-Ref: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357
-Fixes: CVE-2018-7169
-Reported-by: Craig Furman <craig.furman89@gmail.com>
-Signed-off-by: Aleksa Sarai <asarai@suse.de>
----
- src/newgidmap.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++------
- 1 file changed, 80 insertions(+), 9 deletions(-)
-
-diff --git a/src/newgidmap.c b/src/newgidmap.c
-index b1e33513..59a2e75c 100644
---- a/src/newgidmap.c
-+++ b/src/newgidmap.c
-@@ -46,32 +46,37 @@
-  */
- const char *Prog;
- 
--static bool verify_range(struct passwd *pw, struct map_range *range)
-+
-+static bool verify_range(struct passwd *pw, struct map_range *range, bool *allow_setgroups)
- {
- 	/* An empty range is invalid */
- 	if (range->count == 0)
- 		return false;
- 
--	/* Test /etc/subgid */
--	if (have_sub_gids(pw->pw_name, range->lower, range->count))
-+	/* Test /etc/subgid. If the mapping is valid then we allow setgroups. */
-+	if (have_sub_gids(pw->pw_name, range->lower, range->count)) {
-+		*allow_setgroups = true;
- 		return true;
-+	}
- 
--	/* Allow a process to map its own gid */
--	if ((range->count == 1) && (pw->pw_gid == range->lower))
-+	/* Allow a process to map its own gid. */
-+	if ((range->count == 1) && (pw->pw_gid == range->lower)) {
-+		/* noop -- if setgroups is enabled already we won't disable it. */
- 		return true;
-+	}
- 
- 	return false;
- }
- 
- static void verify_ranges(struct passwd *pw, int ranges,
--	struct map_range *mappings)
-+	struct map_range *mappings, bool *allow_setgroups)
- {
- 	struct map_range *mapping;
- 	int idx;
- 
- 	mapping = mappings;
- 	for (idx = 0; idx < ranges; idx++, mapping++) {
--		if (!verify_range(pw, mapping)) {
-+		if (!verify_range(pw, mapping, allow_setgroups)) {
- 			fprintf(stderr, _( "%s: gid range [%lu-%lu) -> [%lu-%lu) not allowed\n"),
- 				Prog,
- 				mapping->upper,
-@@ -89,6 +94,70 @@ static void usage(void)
- 	exit(EXIT_FAILURE);
- }
- 
-+void write_setgroups(int proc_dir_fd, bool allow_setgroups)
-+{
-+	int setgroups_fd;
-+	char *policy, policy_buffer[4096];
-+
-+	/*
-+	 * Default is "deny", and any "allow" will out-rank a "deny". We don't
-+	 * forcefully write an "allow" here because the process we are writing
-+	 * mappings for may have already set themselves to "deny" (and "allow"
-+	 * is the default anyway). So allow_setgroups == true is a noop.
-+	 */
-+	policy = "deny\n";
-+	if (allow_setgroups)
-+		return;
-+
-+	setgroups_fd = openat(proc_dir_fd, "setgroups", O_RDWR|O_CLOEXEC);
-+	if (setgroups_fd < 0) {
-+		/*
-+		 * If it's an ENOENT then we are on too old a kernel for the setgroups
-+		 * code to exist. Emit a warning and bail on this.
-+		 */
-+		if (ENOENT == errno) {
-+			fprintf(stderr, _("%s: kernel doesn't support setgroups restrictions\n"), Prog);
-+			goto out;
-+		}
-+		fprintf(stderr, _("%s: couldn't open process setgroups: %s\n"),
-+			Prog,
-+			strerror(errno));
-+		exit(EXIT_FAILURE);
-+	}
-+
-+	/*
-+	 * Check whether the policy is already what we want. /proc/self/setgroups
-+	 * is write-once, so attempting to write after it's already written to will
-+	 * fail.
-+	 */
-+	if (read(setgroups_fd, policy_buffer, sizeof(policy_buffer)) < 0) {
-+		fprintf(stderr, _("%s: failed to read setgroups: %s\n"),
-+			Prog,
-+			strerror(errno));
-+		exit(EXIT_FAILURE);
-+	}
-+	if (!strncmp(policy_buffer, policy, strlen(policy)))
-+		goto out;
-+
-+	/* Write the policy. */
-+	if (lseek(setgroups_fd, 0, SEEK_SET) < 0) {
-+		fprintf(stderr, _("%s: failed to seek setgroups: %s\n"),
-+			Prog,
-+			strerror(errno));
-+		exit(EXIT_FAILURE);
-+	}
-+	if (dprintf(setgroups_fd, "%s", policy) < 0) {
-+		fprintf(stderr, _("%s: failed to setgroups %s policy: %s\n"),
-+			Prog,
-+			policy,
-+			strerror(errno));
-+		exit(EXIT_FAILURE);
-+	}
-+
-+out:
-+	close(setgroups_fd);
-+}
-+
- /*
-  * newgidmap - Set the gid_map for the specified process
-  */
-@@ -103,6 +172,7 @@ int main(int argc, char **argv)
- 	struct stat st;
- 	struct passwd *pw;
- 	int written;
-+	bool allow_setgroups = false;
- 
- 	Prog = Basename (argv[0]);
- 
-@@ -145,7 +215,7 @@ int main(int argc, char **argv)
- 				(unsigned long) getuid ()));
- 		return EXIT_FAILURE;
- 	}
--	
-+
- 	/* Get the effective uid and effective gid of the target process */
- 	if (fstat(proc_dir_fd, &st) < 0) {
- 		fprintf(stderr, _("%s: Could not stat directory for target %u\n"),
-@@ -177,8 +247,9 @@ int main(int argc, char **argv)
- 	if (!mappings)
- 		usage();
- 
--	verify_ranges(pw, ranges, mappings);
-+	verify_ranges(pw, ranges, mappings, &allow_setgroups);
- 
-+	write_setgroups(proc_dir_fd, allow_setgroups);
- 	write_mapping(proc_dir_fd, ranges, mappings, "gid_map");
- 	sub_gid_close();
- 
--- 
-2.16.2
-