diff options
Diffstat (limited to 'gnu/packages/patches')
25 files changed, 826 insertions, 724 deletions
diff --git a/gnu/packages/patches/automake-regexp-syntax.patch b/gnu/packages/patches/automake-regexp-syntax.patch new file mode 100644 index 0000000000..2e965c8c50 --- /dev/null +++ b/gnu/packages/patches/automake-regexp-syntax.patch @@ -0,0 +1,34 @@ +From <https://lists.gnu.org/archive/html/automake-patches/2015-07/msg00000.html>. +See also <http://bugs.gnu.org/22372>. + +From 34163794a58b5bd91c5d6bd9adf5437571c7a479 Mon Sep 17 00:00:00 2001 +From: Pavel Raiskup <praiskup@redhat.com> +Date: Tue, 7 Jul 2015 10:54:24 +0200 +Subject: [PATCH] bin/automake: escape '{' in regexp pattern + +Based on perlre(1) documentation: +.. in Perl v5.26, literal uses of a curly bracket will be required +to be escaped, say by preceding them with a backslash ("\{" ) or +enclosing them within square brackets ("[{]") .. + +References: +https://bugzilla.redhat.com/1239379 + +* bin/automake.in (substitute_ac_subst_variables): Escape the +occurrence of '{' character. +--- + bin/automake.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/bin/automake.in b/bin/automake.in +index 0c29184..c294ced 100644 +--- a/bin/automake.in ++++ b/bin/automake.in +@@ -3898,7 +3898,7 @@ sub substitute_ac_subst_variables_worker + sub substitute_ac_subst_variables + { + my ($text) = @_; +- $text =~ s/\${([^ \t=:+{}]+)}/substitute_ac_subst_variables_worker ($1)/ge; ++ $text =~ s/\$\{([^ \t=:+{}]+)}/substitute_ac_subst_variables_worker ($1)/ge; + return $text; + } diff --git a/gnu/packages/patches/doxygen-test.patch b/gnu/packages/patches/doxygen-test.patch index 7a7f4e963f..5ac063adbf 100644 --- a/gnu/packages/patches/doxygen-test.patch +++ b/gnu/packages/patches/doxygen-test.patch @@ -31,8 +31,8 @@ diff -u -r doxygen-1.8.7.orig/testing/012/indexpage.xml doxygen-1.8.7/testing/01 <title>My Project</title> <detaileddescription> - <para>See <ref refid="citelist_1CITEREF_knuth79" kindref="member">[1]</ref> for more info. </para> -+ <para>See <ref refid="citelist_1CITEREF_knuth79" kindref="member">knuth79</ref> for more info. </para> ++ <para>See knuth79 for more info. </para> </detaileddescription> </compounddef> </doxygen> -Nur in doxygen-1.8.7/testing: test_output_012. + diff --git a/gnu/packages/patches/doxygen-tmake.patch b/gnu/packages/patches/doxygen-tmake.patch deleted file mode 100644 index 3579243702..0000000000 --- a/gnu/packages/patches/doxygen-tmake.patch +++ /dev/null @@ -1,24 +0,0 @@ -Fix the `check_unix' function, which looks for `/bin/uname' to determine -whether we're on a Unix-like system. -Taken from nixpkgs. - ---- doxygen-1.5.8/tmake/bin/tmake 2008-12-06 14:16:20.000000000 +0100 -+++ doxygen-1.5.8/tmake/bin/tmake 2009-03-05 11:29:55.000000000 +0100 -@@ -234,17 +234,7 @@ sub tmake_verb { - # - - sub check_unix { -- my($r); -- $r = 0; -- if ( -f "/bin/uname" ) { -- $r = 1; -- (-f "\\bin\\uname") && ($r = 0); -- } -- if ( -f "/usr/bin/uname" ) { -- $r = 1; -- (-f "\\usr\\bin\\uname") && ($r = 0); -- } -- return $r; -+ return 1; - } - diff --git a/gnu/packages/patches/emacs-source-date-epoch.patch b/gnu/packages/patches/emacs-source-date-epoch.patch new file mode 100644 index 0000000000..41c03ef514 --- /dev/null +++ b/gnu/packages/patches/emacs-source-date-epoch.patch @@ -0,0 +1,20 @@ +Honor SOURCE_DATE_EPOCH variable to avoid non-determinism in generated +"autoloads" files. + +--- a/lisp/emacs-lisp/autoload.el ++++ b/lisp/emacs-lisp/autoload.el +@@ -378,8 +378,12 @@ + "Insert the section-header line, + which lists the file name and which functions are in it, etc." + (insert generate-autoload-section-header) +- (prin1 `(autoloads ,autoloads ,load-name ,file ,time) +- outbuf) ++ (let* ((env (getenv "SOURCE_DATE_EPOCH")) ++ (time (if env ++ (seconds-to-time (string-to-number env)) ++ time))) ++ (prin1 `(autoloads ,autoloads ,load-name ,file ,time) ++ outbuf)) + (terpri outbuf) + ;; Break that line at spaces, to avoid very long lines. + ;; Make each sub-line into a comment. diff --git a/gnu/packages/patches/findutils-absolute-paths.patch b/gnu/packages/patches/findutils-absolute-paths.patch deleted file mode 100644 index 96341e281f..0000000000 --- a/gnu/packages/patches/findutils-absolute-paths.patch +++ /dev/null @@ -1,29 +0,0 @@ -Fix use of LFS-style absolute paths. - -Patches from Nixpkgs by Armijn Hemel <armijn@gpl-violations.org> -and Wouter den Breejen <uu@denbreejen.net>. - -diff -ruN findutils-4.2.20/locate/updatedb.sh findutils-4.2.20.new/locate/updatedb.sh ---- findutils-4.2.20/locate/updatedb.sh 2005-01-24 17:12:35.000000000 +0100 -+++ findutils-4.2.20.new/locate/updatedb.sh 2005-08-23 14:37:10.000000000 +0200 -@@ -141,7 +141,7 @@ - : ${code:=${LIBEXECDIR}/@code@} - - --PATH=/bin:/usr/bin:${BINDIR}; export PATH -+PATH=/bin:/usr/bin:${BINDIR}:${PATH}; export PATH - - : ${PRUNEFS="nfs NFS proc afs proc smbfs autofs iso9660 ncpfs coda devpts ftpfs devfs mfs sysfs shfs"} - -diff -Naur findutils-4.2.30/xargs/xargs.c findutils-4.2.30_new/xargs/xargs.c ---- findutils-4.2.30/xargs/xargs.c 2007-02-27 11:21:08.000000000 +0100 -+++ findutils-4.2.30_new/xargs/xargs.c 2007-07-17 19:02:05.000000000 +0200 -@@ -402,7 +402,7 @@ - int show_limits = 0; /* --show-limits */ - int always_run_command = 1; - char *input_file = "-"; /* "-" is stdin */ -- char *default_cmd = "/bin/echo"; -+ char *default_cmd = "echo"; - int (*read_args) PARAMS ((void)) = read_line; - void (*act_on_init_result)(void) = noop; - int env_too_big = 0; diff --git a/gnu/packages/patches/findutils-test-xargs.patch b/gnu/packages/patches/findutils-test-xargs.patch new file mode 100644 index 0000000000..10c7bed28d --- /dev/null +++ b/gnu/packages/patches/findutils-test-xargs.patch @@ -0,0 +1,22 @@ +This test relies on 'xargs' being available in $PATH, which is not +the case when we build the initial Findutils doing bootstrapping. +Reported at <https://savannah.gnu.org/bugs/index.php?46786>. + +--- findutils-4.6.0/find/testsuite/sv-34976-execdir-fd-leak.sh 2015-12-31 19:37:59.401526288 +0100 ++++ findutils-4.6.0/find/testsuite/sv-34976-execdir-fd-leak.sh 2015-12-31 19:38:36.061770693 +0100 +@@ -50,13 +50,14 @@ die() { + # Create test files, each 98 in the directories ".", "one" and "two". + make_test_data() { + d="$1" ++ xargs="`cd ../../xargs; pwd -P`/xargs" + ( + cd "$1" || exit 1 + mkdir one two || exit 1 + for i in ${three_to_hundred} ; do + printf "./%03d one/%03d two/%03d " $i $i $i + done \ +- | xargs touch || exit 1 ++ | "$xargs" touch || exit 1 + ) \ + || die "failed to set up the test in ${outdir}" + } diff --git a/gnu/packages/patches/flex-bison-tests.patch b/gnu/packages/patches/flex-bison-tests.patch deleted file mode 100644 index 0f372f83bf..0000000000 --- a/gnu/packages/patches/flex-bison-tests.patch +++ /dev/null @@ -1,24 +0,0 @@ -The `test-bison-yyl{loc,val}' tests fail with "conflicting types for -'testparse'" because `YYPARSE_PARAM' is undefined; work around that. - ---- flex-2.5.37/tests/test-bison-yylloc/main.c 2012-11-22 18:17:01.000000000 +0100 -+++ flex-2.5.37/tests/test-bison-yylloc/main.c 2012-11-22 18:17:07.000000000 +0100 -@@ -21,6 +21,7 @@ - * PURPOSE. - */ - -+#define YYPARSE_PARAM scanner - #include "parser.h" - #include "scanner.h" - - ---- flex-2.5.37/tests/test-bison-yylval/main.c 2012-11-22 18:17:42.000000000 +0100 -+++ flex-2.5.37/tests/test-bison-yylval/main.c 2012-11-22 18:17:49.000000000 +0100 -@@ -21,6 +21,7 @@ - * PURPOSE. - */ - -+#define YYPARSE_PARAM scanner - #include "parser.h" - #include "scanner.h" - diff --git a/gnu/packages/patches/gawk-fts-test.patch b/gnu/packages/patches/gawk-fts-test.patch new file mode 100644 index 0000000000..de1f5c431c --- /dev/null +++ b/gnu/packages/patches/gawk-fts-test.patch @@ -0,0 +1,51 @@ +This is upstream commit c9a018c. We have observed random failures of +this test on i686 that seem related to load. + +2015-05-21 Arnold D. Robbins <arnold@skeeve.com> + + * fts.awk: Really remove atime from the output. + This avoids spurious failures on heavily loaded systems. + +diff --git a/test/fts.awk b/test/fts.awk +index b1df060..dea5b68 100644 +--- a/test/fts.awk ++++ b/test/fts.awk +@@ -50,6 +50,11 @@ function sort_traverse(data, sorted, i) + { + asorti(data, sorted) + for (i = 1; i in sorted; i++) { ++ # 5/2015: skip for atime, since there can ++ # occasionally be small differences. ++ if (sorted[i] == "atime") ++ continue ++ + indent() + printf("%s --> %s\n", sorted[i], data[sorted[i]]) > output + } +@@ -63,17 +68,20 @@ function traverse(data, i) + printf("%s:\n", i) > output + + Level++ +- if (("mtime" in data[i]) && ! isarray(data[i][mtime])) { ++ if (("mtime" in data[i]) && ! isarray(data[i]["mtime"])) { + sort_traverse(data[i]) + } else { + traverse(data[i]) + } + Level-- +- } else if (data[i] != "atime") { +- # 4/2015: skip for atime, since there can +- # occasionally be small differences. +- indent() +- printf("%s --> %s\n", i, data[i]) > output ++# } else { ++# JUNK = 1 ++# if (i != "atime") { ++# # 4/2015: skip for atime, since there can ++# # occasionally be small differences. ++# indent() ++# printf("%s --> %s\n", i, data[i]) > output ++# } + } + } + } diff --git a/gnu/packages/patches/gnutls-doc-fix.patch b/gnu/packages/patches/gnutls-doc-fix.patch deleted file mode 100644 index 170d2468bc..0000000000 --- a/gnu/packages/patches/gnutls-doc-fix.patch +++ /dev/null @@ -1,546 +0,0 @@ -diff -ru gnutls-3.4.4/doc/invoke-certtool.texi gnutls-3.4.4.1/doc/invoke-certtool.texi ---- gnutls-3.4.4.1/doc/invoke-certtool.texi 2015-08-10 13:43:52.000000000 -0400 -+++ gnutls-3.4.4/doc/invoke-certtool.texi 2015-07-31 15:44:21.000000000 -0400 -@@ -41,7 +41,97 @@ - - @exampleindent 0 - @example --certtool is unavailable - no --help -+certtool - GnuTLS certificate tool -+Usage: certtool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... -+ -+ -d, --debug=num Enable debugging -+ - it must be in the range: -+ 0 to 9999 -+ -V, --verbose More verbose output -+ - may appear multiple times -+ --infile=file Input file -+ - file must pre-exist -+ --outfile=str Output file -+ -s, --generate-self-signed Generate a self-signed certificate -+ -c, --generate-certificate Generate a signed certificate -+ --generate-proxy Generates a proxy certificate -+ --generate-crl Generate a CRL -+ -u, --update-certificate Update a signed certificate -+ -p, --generate-privkey Generate a private key -+ -q, --generate-request Generate a PKCS #10 certificate request -+ - prohibits the option 'infile' -+ -e, --verify-chain Verify a PEM encoded certificate chain -+ --verify Verify a PEM encoded certificate chain using a trusted list -+ --verify-crl Verify a CRL using a trusted list -+ - requires the option 'load-ca-certificate' -+ --generate-dh-params Generate PKCS #3 encoded Diffie-Hellman parameters -+ --get-dh-params Get the included PKCS #3 encoded Diffie-Hellman parameters -+ --dh-info Print information PKCS #3 encoded Diffie-Hellman parameters -+ --load-privkey=str Loads a private key file -+ --load-pubkey=str Loads a public key file -+ --load-request=str Loads a certificate request file -+ --load-certificate=str Loads a certificate file -+ --load-ca-privkey=str Loads the certificate authority's private key file -+ --load-ca-certificate=str Loads the certificate authority's certificate file -+ --password=str Password to use -+ --null-password Enforce a NULL password -+ --empty-password Enforce an empty password -+ --hex-numbers Print big number in an easier format to parse -+ --cprint In certain operations it prints the information in C-friendly format -+ -i, --certificate-info Print information on the given certificate -+ --certificate-pubkey Print certificate's public key -+ --pgp-certificate-info Print information on the given OpenPGP certificate -+ --pgp-ring-info Print information on the given OpenPGP keyring structure -+ -l, --crl-info Print information on the given CRL structure -+ --crq-info Print information on the given certificate request -+ --no-crq-extensions Do not use extensions in certificate requests -+ --p12-info Print information on a PKCS #12 structure -+ --p12-name=str The PKCS #12 friendly name to use -+ --p7-info Print information on a PKCS #7 structure -+ --smime-to-p7 Convert S/MIME to PKCS #7 structure -+ -k, --key-info Print information on a private key -+ --pgp-key-info Print information on an OpenPGP private key -+ --pubkey-info Print information on a public key -+ --v1 Generate an X.509 version 1 certificate (with no extensions) -+ -!, --to-p12 Generate a PKCS #12 structure -+ - requires the option 'load-certificate' -+ -", --to-p8 Generate a PKCS #8 structure -+ -8, --pkcs8 Use PKCS #8 format for private keys -+ -#, --rsa Generate RSA key -+ -$, --dsa Generate DSA key -+ -%, --ecc Generate ECC (ECDSA) key -+ -&, --ecdsa an alias for the 'ecc' option -+ -', --hash=str Hash algorithm to use for signing -+ -(, --inder Use DER format for input certificates, private keys, and DH parameters -+ - disabled as '--no-inder' -+ -), --inraw an alias for the 'inder' option -+ -*, --outder Use DER format for output certificates, private keys, and DH parameters -+ - disabled as '--no-outder' -+ -+, --outraw an alias for the 'outder' option -+ -,, --bits=num Specify the number of bits for key generate -+ --, --curve=str Specify the curve used for EC key generation -+ -., --sec-param=str Specify the security level [low, legacy, medium, high, ultra] -+ -/, --disable-quick-random No effect -+ -0, --template=str Template file to use for non-interactive operation -+ -1, --stdout-info Print information to stdout instead of stderr -+ -2, --ask-pass Enable interaction for entering password when in batch mode. -+ -3, --pkcs-cipher=str Cipher to use for PKCS #8 and #12 operations -+ -4, --provider=str Specify the PKCS #11 provider library -+ -v, --version[=arg] output version information and exit -+ -h, --help display extended usage information and exit -+ -!, --more-help extended usage information passed thru pager -+ -+Options are specified by doubled hyphens and their name or by a single -+hyphen and the flag character. -+ -+Tool to parse and generate X.509 certificates, requests and private keys. -+It can be used interactively or non interactively by specifying the -+template command line option. -+ -+The tool accepts files or URLs supported by GnuTLS. In case PIN is -+required for the URL access you can provide it using the environment -+variables GNUTLS_PIN and GNUTLS_SO_PIN. -+ - @end example - @exampleindent 4 - -diff -ru gnutls-3.4.4/doc/invoke-gnutls-cli-debug.texi gnutls-3.4.4.1/doc/invoke-gnutls-cli-debug.texi ---- gnutls-3.4.4.1/doc/invoke-gnutls-cli-debug.texi 2015-08-10 13:43:50.000000000 -0400 -+++ gnutls-3.4.4/doc/invoke-gnutls-cli-debug.texi 2015-07-31 15:44:18.000000000 -0400 -@@ -40,7 +40,34 @@ - - @exampleindent 0 - @example --gnutls-cli-debug is unavailable - no --help -+gnutls-cli-debug - GnuTLS debug client -+Usage: gnutls-cli-debug [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... -+ -+ -d, --debug=num Enable debugging -+ - it must be in the range: -+ 0 to 9999 -+ -V, --verbose More verbose output -+ - may appear multiple times -+ -p, --port=num The port to connect to -+ - it must be in the range: -+ 0 to 65536 -+ --app-proto=str The application protocol to be used to obtain the server's certificate -+(https, ftp, smtp, imap) -+ -v, --version[=arg] output version information and exit -+ -h, --help display extended usage information and exit -+ -!, --more-help extended usage information passed thru pager -+ -+Options are specified by doubled hyphens and their name or by a single -+hyphen and the flag character. -+Operands and options may be intermixed. They will be reordered. -+ -+TLS debug client. It sets up multiple TLS connections to a server and -+queries its capabilities. It was created to assist in debugging GnuTLS, -+but it might be useful to extract a TLS server's capabilities. It connects -+to a TLS server, performs tests and print the server's capabilities. If -+called with the `-v' parameter more checks will be performed. Can be used -+to check for servers with special needs or bugs. -+ - @end example - @exampleindent 4 - -diff -ru gnutls-3.4.4/doc/invoke-gnutls-cli.texi gnutls-3.4.4.1/doc/invoke-gnutls-cli.texi ---- gnutls-3.4.4.1/doc/invoke-gnutls-cli.texi 2015-08-10 13:43:49.000000000 -0400 -+++ gnutls-3.4.4/doc/invoke-gnutls-cli.texi 2015-07-31 15:44:17.000000000 -0400 -@@ -36,7 +36,95 @@ - - @exampleindent 0 - @example --gnutls-cli is unavailable - no --help -+gnutls-cli - GnuTLS client -+Usage: gnutls-cli [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [hostname] -+ -+ -d, --debug=num Enable debugging -+ - it must be in the range: -+ 0 to 9999 -+ -V, --verbose More verbose output -+ - may appear multiple times -+ --tofu Enable trust on first use authentication -+ - disabled as '--no-tofu' -+ --strict-tofu Fail to connect if a known certificate has changed -+ - disabled as '--no-strict-tofu' -+ --dane Enable DANE certificate verification (DNSSEC) -+ - disabled as '--no-dane' -+ --local-dns Use the local DNS server for DNSSEC resolving -+ - disabled as '--no-local-dns' -+ --ca-verification Disable CA certificate verification -+ - disabled as '--no-ca-verification' -+ - enabled by default -+ --ocsp Enable OCSP certificate verification -+ - disabled as '--no-ocsp' -+ -r, --resume Establish a session and resume -+ -e, --rehandshake Establish a session and rehandshake -+ -s, --starttls Connect, establish a plain session and start TLS -+ --app-proto=str an alias for the 'starttls-proto' option -+ --starttls-proto=str The application protocol to be used to obtain the server's certificate -+(https, ftp, smtp, imap) -+ - prohibits the option 'starttls' -+ -u, --udp Use DTLS (datagram TLS) over UDP -+ --mtu=num Set MTU for datagram TLS -+ - it must be in the range: -+ 0 to 17000 -+ --crlf Send CR LF instead of LF -+ --x509fmtder Use DER format for certificates to read from -+ -f, --fingerprint Send the openpgp fingerprint, instead of the key -+ --print-cert Print peer's certificate in PEM format -+ --dh-bits=num The minimum number of bits allowed for DH -+ --priority=str Priorities string -+ --x509cafile=str Certificate file or PKCS #11 URL to use -+ --x509crlfile=file CRL file to use -+ - file must pre-exist -+ --pgpkeyfile=file PGP Key file to use -+ - file must pre-exist -+ --pgpkeyring=file PGP Key ring file to use -+ - file must pre-exist -+ --pgpcertfile=file PGP Public Key (certificate) file to use -+ - file must pre-exist -+ --x509keyfile=str X.509 key file or PKCS #11 URL to use -+ --x509certfile=str X.509 Certificate file or PKCS #11 URL to use -+ --pgpsubkey=str PGP subkey to use (hex or auto) -+ --srpusername=str SRP username to use -+ --srppasswd=str SRP password to use -+ --pskusername=str PSK username to use -+ --pskkey=str PSK key (in hex) to use -+ -p, --port=str The port or service to connect to -+ --insecure Don't abort program if server certificate can't be validated -+ --ranges Use length-hiding padding to prevent traffic analysis -+ --benchmark-ciphers Benchmark individual ciphers -+ --benchmark-tls-kx Benchmark TLS key exchange methods -+ --benchmark-tls-ciphers Benchmark TLS ciphers -+ -l, --list Print a list of the supported algorithms and modes -+ - prohibits the option 'port' -+ --noticket Don't allow session tickets -+ -!, --srtp-profiles=str Offer SRTP profiles -+ -", --alpn=str Application layer protocol -+ - may appear multiple times -+ -b, --heartbeat Activate heartbeat support -+ -#, --recordsize=num The maximum record size to advertize -+ - it must be in the range: -+ 0 to 4096 -+ -$, --disable-sni Do not send a Server Name Indication (SNI) -+ -%, --disable-extensions Disable all the TLS extensions -+ -&, --inline-commands Inline commands of the form ^<cmd>^ -+ -', --inline-commands-prefix=str Change the default delimiter for inline commands. -+ -(, --provider=file Specify the PKCS #11 provider library -+ - file must pre-exist -+ -), --fips140-mode Reports the status of the FIPS140-2 mode in gnutls library -+ -v, --version[=arg] output version information and exit -+ -h, --help display extended usage information and exit -+ -!, --more-help extended usage information passed thru pager -+ -+Options are specified by doubled hyphens and their name or by a single -+hyphen and the flag character. -+Operands and options may be intermixed. They will be reordered. -+ -+Simple client program to set up a TLS connection to some other computer. It -+sets up a TLS connection and forwards data from the standard input to the -+secured socket and vice versa. -+ - @end example - @exampleindent 4 - -diff -ru gnutls-3.4.4/doc/invoke-gnutls-serv.texi gnutls-3.4.4.1/doc/invoke-gnutls-serv.texi ---- gnutls-3.4.4.1/doc/invoke-gnutls-serv.texi 2015-08-10 13:43:51.000000000 -0400 -+++ gnutls-3.4.4/doc/invoke-gnutls-serv.texi 2015-07-31 15:44:20.000000000 -0400 -@@ -35,7 +35,69 @@ - - @exampleindent 0 - @example --gnutls-serv is unavailable - no --help -+gnutls-serv - GnuTLS server -+Usage: gnutls-serv [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... -+ -+ -d, --debug=num Enable debugging -+ - it must be in the range: -+ 0 to 9999 -+ --noticket Don't accept session tickets -+ -g, --generate Generate Diffie-Hellman and RSA-export parameters -+ -q, --quiet Suppress some messages -+ --nodb Do not use a resumption database -+ --http Act as an HTTP server -+ --echo Act as an Echo server -+ -u, --udp Use DTLS (datagram TLS) over UDP -+ --mtu=num Set MTU for datagram TLS -+ - it must be in the range: -+ 0 to 17000 -+ --srtp-profiles=str Offer SRTP profiles -+ -a, --disable-client-cert Do not request a client certificate -+ -r, --require-client-cert Require a client certificate -+ --verify-client-cert If a client certificate is sent then verify it. -+ -b, --heartbeat Activate heartbeat support -+ --x509fmtder Use DER format for certificates to read from -+ --priority=str Priorities string -+ --dhparams=file DH params file to use -+ - file must pre-exist -+ --x509cafile=str Certificate file or PKCS #11 URL to use -+ --x509crlfile=file CRL file to use -+ - file must pre-exist -+ --pgpkeyfile=file PGP Key file to use -+ - file must pre-exist -+ --pgpkeyring=file PGP Key ring file to use -+ - file must pre-exist -+ --pgpcertfile=file PGP Public Key (certificate) file to use -+ - file must pre-exist -+ --x509keyfile=str X.509 key file or PKCS #11 URL to use -+ --x509certfile=str X.509 Certificate file or PKCS #11 URL to use -+ --x509dsakeyfile=str Alternative X.509 key file or PKCS #11 URL to use -+ --x509dsacertfile=str Alternative X.509 Certificate file or PKCS #11 URL to use -+ --x509ecckeyfile=str Alternative X.509 key file or PKCS #11 URL to use -+ --x509ecccertfile=str Alternative X.509 Certificate file or PKCS #11 URL to use -+ --pgpsubkey=str PGP subkey to use (hex or auto) -+ --srppasswd=file SRP password file to use -+ - file must pre-exist -+ --srppasswdconf=file SRP password configuration file to use -+ - file must pre-exist -+ --pskpasswd=file PSK password file to use -+ - file must pre-exist -+ --pskhint=str PSK identity hint to use -+ --ocsp-response=file The OCSP response to send to client -+ - file must pre-exist -+ -p, --port=num The port to connect to -+ -l, --list Print a list of the supported algorithms and modes -+ --provider=file Specify the PKCS #11 provider library -+ - file must pre-exist -+ -v, --version[=arg] output version information and exit -+ -h, --help display extended usage information and exit -+ -!, --more-help extended usage information passed thru pager -+ -+Options are specified by doubled hyphens and their name or by a single -+hyphen and the flag character. -+ -+Server program that listens to incoming TLS connections. -+ - @end example - @exampleindent 4 - -diff -ru gnutls-3.4.4/doc/invoke-ocsptool.texi gnutls-3.4.4.1/doc/invoke-ocsptool.texi ---- gnutls-3.4.4.1/doc/invoke-ocsptool.texi 2015-08-10 13:43:53.000000000 -0400 -+++ gnutls-3.4.4/doc/invoke-ocsptool.texi 2015-07-31 15:44:22.000000000 -0400 -@@ -37,7 +37,53 @@ - - @exampleindent 0 - @example --ocsptool is unavailable - no --help -+ocsptool - GnuTLS OCSP tool -+Usage: ocsptool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... -+ -+ -d, --debug=num Enable debugging -+ - it must be in the range: -+ 0 to 9999 -+ -V, --verbose More verbose output -+ - may appear multiple times -+ --infile=file Input file -+ - file must pre-exist -+ --outfile=str Output file -+ --ask[=arg] Ask an OCSP/HTTP server on a certificate validity -+ - requires these options: -+ load-cert -+ load-issuer -+ -e, --verify-response Verify response -+ -i, --request-info Print information on a OCSP request -+ -j, --response-info Print information on a OCSP response -+ -q, --generate-request Generate an OCSP request -+ --nonce Use (or not) a nonce to OCSP request -+ - disabled as '--no-nonce' -+ --load-issuer=file Read issuer certificate from file -+ - file must pre-exist -+ --load-cert=file Read certificate to check from file -+ - file must pre-exist -+ --load-trust=file Read OCSP trust anchors from file -+ - prohibits the option 'load-signer' -+ - file must pre-exist -+ --load-signer=file Read OCSP response signer from file -+ - prohibits the option 'load-trust' -+ - file must pre-exist -+ --inder Use DER format for input certificates and private keys -+ - disabled as '--no-inder' -+ -Q, --load-request=file Read DER encoded OCSP request from file -+ - file must pre-exist -+ -S, --load-response=file Read DER encoded OCSP response from file -+ - file must pre-exist -+ -v, --version[=arg] output version information and exit -+ -h, --help display extended usage information and exit -+ -!, --more-help extended usage information passed thru pager -+ -+Options are specified by doubled hyphens and their name or by a single -+hyphen and the flag character. -+ -+Ocsptool is a program that can parse and print information about OCSP -+requests/responses, generate requests and verify responses. -+ - @end example - @exampleindent 4 - -diff -ru gnutls-3.4.4/doc/invoke-p11tool.texi gnutls-3.4.4.1/doc/invoke-p11tool.texi ---- gnutls-3.4.4.1/doc/invoke-p11tool.texi 2015-08-10 13:43:58.000000000 -0400 -+++ gnutls-3.4.4/doc/invoke-p11tool.texi 2015-07-31 15:44:26.000000000 -0400 -@@ -45,7 +45,97 @@ - - @exampleindent 0 - @example --p11tool is unavailable - no --help -+p11tool - GnuTLS PKCS #11 tool -+Usage: p11tool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [url] -+ -+ -d, --debug=num Enable debugging -+ - it must be in the range: -+ 0 to 9999 -+ --outfile=str Output file -+ --list-tokens List all available tokens -+ --export Export the object specified by the URL -+ --export-chain Export the certificate specified by the URL and its chain of trust -+ --list-mechanisms List all available mechanisms in a token -+ --info List information on an available object in a token -+ --list-all List all available objects in a token -+ --list-all-certs List all available certificates in a token -+ --list-certs List all certificates that have an associated private key -+ --list-all-privkeys List all available private keys in a token -+ --list-privkeys an alias for the 'list-all-privkeys' option -+ --list-keys an alias for the 'list-all-privkeys' option -+ --list-all-trusted List all available certificates marked as trusted -+ --write Writes the loaded objects to a PKCS #11 token -+ --delete Deletes the objects matching the PKCS #11 URL -+ --generate-random=num Generate random data -+ --generate-rsa Generate an RSA private-public key pair -+ --generate-dsa Generate an RSA private-public key pair -+ --generate-ecc Generate an RSA private-public key pair -+ --export-pubkey Export the public key for a private key -+ --label=str Sets a label for the write operation -+ --mark-wrap Marks the generated key to be a wrapping key -+ - disabled as '--no-mark-wrap' -+ --mark-trusted Marks the object to be written as trusted -+ - disabled as '--no-mark-trusted' -+ --mark-ca Marks the object to be written as a CA -+ - disabled as '--no-mark-ca' -+ --mark-private Marks the object to be written as private -+ - disabled as '--no-mark-private' -+ - enabled by default -+ --trusted an alias for the 'mark-trusted' option -+ --ca an alias for the 'mark-ca' option -+ --private an alias for the 'mark-private' option -+ - enabled by default -+ --login Force (user) login to token -+ - disabled as '--no-login' -+ --so-login Force security officer login to token -+ - disabled as '--no-so-login' -+ --admin-login an alias for the 'so-login' option -+ --detailed-url Print detailed URLs -+ - disabled as '--no-detailed-url' -+ -!, --secret-key=str Provide a hex encoded secret key -+ -", --load-privkey=file Private key file to use -+ - file must pre-exist -+ -#, --load-pubkey=file Public key file to use -+ - file must pre-exist -+ -$, --load-certificate=file Certificate file to use -+ - file must pre-exist -+ -8, --pkcs8 Use PKCS #8 format for private keys -+ -%, --bits=num Specify the number of bits for key generate -+ -&, --curve=str Specify the curve used for EC key generation -+ -', --sec-param=str Specify the security level -+ -(, --inder Use DER/RAW format for input -+ - disabled as '--no-inder' -+ -), --inraw an alias for the 'inder' option -+ -*, --outder Use DER format for output certificates, private keys, and DH parameters -+ - disabled as '--no-outder' -+ -+, --outraw an alias for the 'outder' option -+ -,, --initialize Initializes a PKCS #11 token -+ --, --set-pin=str Specify the PIN to use on token initialization -+ -., --set-so-pin=str Specify the Security Officer's PIN to use on token initialization -+ -/, --provider=file Specify the PKCS #11 provider library -+ - file must pre-exist -+ -0, --batch Disable all interaction with the tool. All parameters need to be -+specified on command line. -+ -v, --version[=arg] output version information and exit -+ -h, --help display extended usage information and exit -+ -!, --more-help extended usage information passed thru pager -+ -+Options are specified by doubled hyphens and their name or by a single -+hyphen and the flag character. -+Operands and options may be intermixed. They will be reordered. -+ -+Program that allows operations on PKCS #11 smart cards and security -+modules. -+ -+To use PKCS #11 tokens with GnuTLS the p11-kit configuration files need to -+be setup. That is create a .module file in /etc/pkcs11/modules with the -+contents 'module: /path/to/pkcs11.so'. Alternatively the configuration -+file /etc/gnutls/pkcs11.conf has to exist and contain a number of lines of -+the form 'load=/usr/lib/opensc-pkcs11.so'. -+ -+You can provide the PIN to be used for the PKCS #11 operations with the -+environment variables GNUTLS_PIN and GNUTLS_SO_PIN. -+ - @end example - @exampleindent 4 - -diff -ru gnutls-3.4.4/doc/invoke-psktool.texi gnutls-3.4.4.1/doc/invoke-psktool.texi ---- gnutls-3.4.4.1/doc/invoke-psktool.texi 2015-08-10 13:43:57.000000000 -0400 -+++ gnutls-3.4.4/doc/invoke-psktool.texi 2015-07-31 15:44:25.000000000 -0400 -@@ -36,7 +36,27 @@ - - @exampleindent 0 - @example --psktool is unavailable - no --help -+psktool - GnuTLS PSK tool -+Usage: psktool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... -+ -+ -d, --debug=num Enable debugging -+ - it must be in the range: -+ 0 to 9999 -+ -s, --keysize=num specify the key size in bytes -+ - it must be in the range: -+ 0 to 512 -+ -u, --username=str specify a username -+ -p, --passwd=str specify a password file -+ -v, --version[=arg] output version information and exit -+ -h, --help display extended usage information and exit -+ -!, --more-help extended usage information passed thru pager -+ -+Options are specified by doubled hyphens and their name or by a single -+hyphen and the flag character. -+ -+Program that generates random keys for use with TLS-PSK. The keys are -+stored in hexadecimal format in a key file. -+ - @end example - @exampleindent 4 - -diff -ru gnutls-3.4.4/doc/invoke-srptool.texi gnutls-3.4.4.1/doc/invoke-srptool.texi ---- gnutls-3.4.4.1/doc/invoke-srptool.texi 2015-08-10 13:43:56.000000000 -0400 -+++ gnutls-3.4.4/doc/invoke-srptool.texi 2015-07-31 15:44:24.000000000 -0400 -@@ -41,7 +41,34 @@ - - @exampleindent 0 - @example --srptool is unavailable - no --help -+srptool - GnuTLS SRP tool -+Usage: srptool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... -+ -+ -d, --debug=num Enable debugging -+ - it must be in the range: -+ 0 to 9999 -+ -i, --index=num specify the index of the group parameters in tpasswd.conf to use -+ -u, --username=str specify a username -+ -p, --passwd=str specify a password file -+ -s, --salt=num specify salt size -+ --verify just verify the password. -+ -v, --passwd-conf=str specify a password conf file. -+ --create-conf=str Generate a password configuration file. -+ -v, --version[=arg] output version information and exit -+ -h, --help display extended usage information and exit -+ -!, --more-help extended usage information passed thru pager -+ -+Options are specified by doubled hyphens and their name or by a single -+hyphen and the flag character. -+ -+Simple program that emulates the programs in the Stanford SRP (Secure -+Remote Password) libraries using GnuTLS. It is intended for use in places -+where you don't expect SRP authentication to be the used for system users. -+ -+In brief, to use SRP you need to create two files. These are the password -+file that holds the users and the verifiers associated with them and the -+configuration file to hold the group parameters (called tpasswd.conf). -+ - @end example - @exampleindent 4 - diff --git a/gnu/packages/patches/grep-CVE-2015-1345.patch b/gnu/packages/patches/grep-CVE-2015-1345.patch deleted file mode 100644 index b0d0c8e5dc..0000000000 --- a/gnu/packages/patches/grep-CVE-2015-1345.patch +++ /dev/null @@ -1,17 +0,0 @@ -Fix CVE-2015-1345. From upstream commit -83a95bd8c8561875b948cadd417c653dbe7ef2e2 -by Yuliy Pisetsky <ypisetsky@fb.com>. - -diff --git a/src/kwset.c b/src/kwset.c -index 4003c8d..376f7c3 100644 ---- a/src/kwset.c -+++ b/src/kwset.c -@@ -643,6 +643,8 @@ bmexec_trans (kwset_t kwset, char const *text, size_t size) - if (! tp) - return -1; - tp++; -+ if (ep <= tp) -+ break; - } - } - } diff --git a/gnu/packages/patches/grep-timing-sensitive-test.patch b/gnu/packages/patches/grep-timing-sensitive-test.patch new file mode 100644 index 0000000000..8cfcc848bc --- /dev/null +++ b/gnu/packages/patches/grep-timing-sensitive-test.patch @@ -0,0 +1,15 @@ +Skip this performance regression test. + +The test measures things on the order of 20ms. On a loaded machine, we +have seen enough variation that the test would fail. + +--- grep-2.22/tests/long-pattern-perf 2016-01-03 12:52:38.491575007 +0100 ++++ grep-2.22/tests/long-pattern-perf 2016-01-03 12:53:39.768464687 +0100 +@@ -16,6 +16,7 @@ + # You should have received a copy of the GNU General Public License + # along with this program. If not, see <http://www.gnu.org/licenses/>. + ++exit 77 + . "${srcdir=.}/init.sh"; path_prepend_ ../src + + fail=0 diff --git a/gnu/packages/patches/libarchive-bsdtar-test.patch b/gnu/packages/patches/libarchive-bsdtar-test.patch new file mode 100644 index 0000000000..6a533a9a07 --- /dev/null +++ b/gnu/packages/patches/libarchive-bsdtar-test.patch @@ -0,0 +1,74 @@ +commit b539b2e597b566fe3c4b49cb61c9eef83e5e052d +Author: Pavel Raiskup <praiskup@redhat.com> +Date: Thu Jun 27 16:01:30 2013 +0200 + + Use ustar format in the test_option_b test + + .. because the ustar archive does not store SELinux context. As the default + format for bsdtar is "restricted pax" (trying to store xattrs and other + things by default), the test failed on Fedora because our files have by + default SELinux context set. This results in additional data in tested + archive ~> and the test failed because the archive was unexpectedly big: + + tar/test/test_option_b.c:41: File archive1.tar has size 3072, expected 2048 + + Reviewed by Konrad Kleine <konrad.wilhelm.kleine@gmail.com> + +diff --git a/tar/test/test_option_b.c b/tar/test/test_option_b.c +index be2ae65..6fea474 100644 +--- a/tar/test/test_option_b.c ++++ b/tar/test/test_option_b.c +@@ -25,8 +25,14 @@ + #include "test.h" + __FBSDID("$FreeBSD$"); + ++#define USTAR_OPT " --format=ustar" ++ + DEFINE_TEST(test_option_b) + { ++ char *testprog_ustar = malloc(strlen(testprog) + sizeof(USTAR_OPT) + 1); ++ strcpy(testprog_ustar, testprog); ++ strcat(testprog_ustar, USTAR_OPT); ++ + assertMakeFile("file1", 0644, "file1"); + if (systemf("cat file1 > test_cat.out 2> test_cat.err") != 0) { + skipping("Platform doesn't have cat"); +@@ -36,7 +42,7 @@ DEFINE_TEST(test_option_b) + /* + * Bsdtar does not pad if the output is going directly to a disk file. + */ +- assertEqualInt(0, systemf("%s -cf archive1.tar file1 >test1.out 2>test1.err", testprog)); ++ assertEqualInt(0, systemf("%s -cf archive1.tar file1 >test1.out 2>test1.err", testprog_ustar)); + failure("bsdtar does not pad archives written directly to regular files"); + assertFileSize("archive1.tar", 2048); + assertEmptyFile("test1.out"); +@@ -46,24 +52,24 @@ DEFINE_TEST(test_option_b) + * Bsdtar does pad to the block size if the output is going to a socket. + */ + /* Default is -b 20 */ +- assertEqualInt(0, systemf("%s -cf - file1 2>test2.err | cat >archive2.tar ", testprog)); ++ assertEqualInt(0, systemf("%s -cf - file1 2>test2.err | cat >archive2.tar ", testprog_ustar)); + failure("bsdtar does pad archives written to pipes"); + assertFileSize("archive2.tar", 10240); + assertEmptyFile("test2.err"); + +- assertEqualInt(0, systemf("%s -cf - -b 20 file1 2>test3.err | cat >archive3.tar ", testprog)); ++ assertEqualInt(0, systemf("%s -cf - -b 20 file1 2>test3.err | cat >archive3.tar ", testprog_ustar)); + assertFileSize("archive3.tar", 10240); + assertEmptyFile("test3.err"); + +- assertEqualInt(0, systemf("%s -cf - -b 10 file1 2>test4.err | cat >archive4.tar ", testprog)); ++ assertEqualInt(0, systemf("%s -cf - -b 10 file1 2>test4.err | cat >archive4.tar ", testprog_ustar)); + assertFileSize("archive4.tar", 5120); + assertEmptyFile("test4.err"); + +- assertEqualInt(0, systemf("%s -cf - -b 1 file1 2>test5.err | cat >archive5.tar ", testprog)); ++ assertEqualInt(0, systemf("%s -cf - -b 1 file1 2>test5.err | cat >archive5.tar ", testprog_ustar)); + assertFileSize("archive5.tar", 2048); + assertEmptyFile("test5.err"); + +- assertEqualInt(0, systemf("%s -cf - -b 8192 file1 2>test6.err | cat >archive6.tar ", testprog)); ++ assertEqualInt(0, systemf("%s -cf - -b 8192 file1 2>test6.err | cat >archive6.tar ", testprog_ustar)); + assertFileSize("archive6.tar", 4194304); + assertEmptyFile("test6.err"); + diff --git a/gnu/packages/patches/librsvg-tests.patch b/gnu/packages/patches/librsvg-tests.patch deleted file mode 100644 index dc5b94e185..0000000000 --- a/gnu/packages/patches/librsvg-tests.patch +++ /dev/null @@ -1,27 +0,0 @@ -From e06fc71a57156123e4e50a39957100a651ab632b Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?=E5=AE=8B=E6=96=87=E6=AD=A6?= <iyzsong@gmail.com> -Date: Sat, 17 Oct 2015 10:20:33 +0800 -Subject: [PATCH] tests/styles: Don't duplicate test names. - ---- - tests/styles.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/tests/styles.c b/tests/styles.c -index d09b1f2..a938835 100644 ---- a/tests/styles.c -+++ b/tests/styles.c -@@ -97,8 +97,8 @@ static const FixtureData fixtures[] = - {"/styles/selectors/2 or more selectors (stroke)", "592207", "styles/bug592207.svg", "#target", "stroke", .expected.color = 0xff0000ff}, - {"/styles/svg-element-style", "615701", "styles/svg-class.svg", "#svg", "fill", .expected.color = 0xff0000ff}, - {"/styles/presentation attribute in svg element", "620693", "styles/bug620693.svg", "#svg", "stroke", .expected.color = 0xffff0000}, -- {"/styles/!important", "379629", "styles/bug379629.svg", "#base_shadow", "stroke", .expected.color = 0xffffc0cb /* pink */}, -- {"/styles/!important", "379629", "styles/bug379629.svg", "#base_shadow", "stroke-width", .expected.length = {POINTS_LENGTH(5.), 'i'}}, -+ {"/styles/!important/1", "379629", "styles/bug379629.svg", "#base_shadow", "stroke", .expected.color = 0xffffc0cb /* pink */}, -+ {"/styles/!important/2", "379629", "styles/bug379629.svg", "#base_shadow", "stroke-width", .expected.length = {POINTS_LENGTH(5.), 'i'}}, - {"/styles/!important/class", "614606", "styles/bug614606.svg", "#path6306", "fill", .expected.color = 0xffff0000 /* red */ }, - {"/styles/!important/element", "614606", "styles/bug614606.svg", "#path6308", "fill", .expected.color = 0xff000000}, - {"/styles/!important/#id prior than class", NULL, "styles/important.svg", "#red", "fill", .expected.color = 0xffff0000 }, --- -2.5.0 - diff --git a/gnu/packages/patches/libtiff-CVE-2015-8665+CVE-2015-8683.patch b/gnu/packages/patches/libtiff-CVE-2015-8665+CVE-2015-8683.patch new file mode 100644 index 0000000000..811516dbe9 --- /dev/null +++ b/gnu/packages/patches/libtiff-CVE-2015-8665+CVE-2015-8683.patch @@ -0,0 +1,107 @@ +2015-12-26 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_getimage.c: fix out-of-bound reads in TIFFRGBAImage + interface in case of unsupported values of SamplesPerPixel/ExtraSamples + for LogLUV / CIELab. Add explicit call to TIFFRGBAImageOK() in + TIFFRGBAImageBegin(). Fix CVE-2015-8665 reported by limingxing and + CVE-2015-8683 reported by zzf of Alibaba. + +diff -u -r1.93 -r1.94 +--- libtiff/libtiff/tif_getimage.c 22 Nov 2015 15:31:03 -0000 1.93 ++++ libtiff/libtiff/tif_getimage.c 26 Dec 2015 17:32:03 -0000 1.94 +@@ -182,20 +182,22 @@ + "Planarconfiguration", td->td_planarconfig); + return (0); + } +- if( td->td_samplesperpixel != 3 ) ++ if( td->td_samplesperpixel != 3 || colorchannels != 3 ) + { + sprintf(emsg, +- "Sorry, can not handle image with %s=%d", +- "Samples/pixel", td->td_samplesperpixel); ++ "Sorry, can not handle image with %s=%d, %s=%d", ++ "Samples/pixel", td->td_samplesperpixel, ++ "colorchannels", colorchannels); + return 0; + } + break; + case PHOTOMETRIC_CIELAB: +- if( td->td_samplesperpixel != 3 || td->td_bitspersample != 8 ) ++ if( td->td_samplesperpixel != 3 || colorchannels != 3 || td->td_bitspersample != 8 ) + { + sprintf(emsg, +- "Sorry, can not handle image with %s=%d and %s=%d", ++ "Sorry, can not handle image with %s=%d, %s=%d and %s=%d", + "Samples/pixel", td->td_samplesperpixel, ++ "colorchannels", colorchannels, + "Bits/sample", td->td_bitspersample); + return 0; + } +@@ -255,6 +257,9 @@ + int colorchannels; + uint16 *red_orig, *green_orig, *blue_orig; + int n_color; ++ ++ if( !TIFFRGBAImageOK(tif, emsg) ) ++ return 0; + + /* Initialize to normal values */ + img->row_offset = 0; +@@ -2509,29 +2514,33 @@ + case PHOTOMETRIC_RGB: + switch (img->bitspersample) { + case 8: +- if (img->alpha == EXTRASAMPLE_ASSOCALPHA) ++ if (img->alpha == EXTRASAMPLE_ASSOCALPHA && ++ img->samplesperpixel >= 4) + img->put.contig = putRGBAAcontig8bittile; +- else if (img->alpha == EXTRASAMPLE_UNASSALPHA) ++ else if (img->alpha == EXTRASAMPLE_UNASSALPHA && ++ img->samplesperpixel >= 4) + { + if (BuildMapUaToAa(img)) + img->put.contig = putRGBUAcontig8bittile; + } +- else ++ else if( img->samplesperpixel >= 3 ) + img->put.contig = putRGBcontig8bittile; + break; + case 16: +- if (img->alpha == EXTRASAMPLE_ASSOCALPHA) ++ if (img->alpha == EXTRASAMPLE_ASSOCALPHA && ++ img->samplesperpixel >=4 ) + { + if (BuildMapBitdepth16To8(img)) + img->put.contig = putRGBAAcontig16bittile; + } +- else if (img->alpha == EXTRASAMPLE_UNASSALPHA) ++ else if (img->alpha == EXTRASAMPLE_UNASSALPHA && ++ img->samplesperpixel >=4 ) + { + if (BuildMapBitdepth16To8(img) && + BuildMapUaToAa(img)) + img->put.contig = putRGBUAcontig16bittile; + } +- else ++ else if( img->samplesperpixel >=3 ) + { + if (BuildMapBitdepth16To8(img)) + img->put.contig = putRGBcontig16bittile; +@@ -2540,7 +2549,7 @@ + } + break; + case PHOTOMETRIC_SEPARATED: +- if (buildMap(img)) { ++ if (img->samplesperpixel >=4 && buildMap(img)) { + if (img->bitspersample == 8) { + if (!img->Map) + img->put.contig = putRGBcontig8bitCMYKtile; +@@ -2636,7 +2645,7 @@ + } + break; + case PHOTOMETRIC_CIELAB: +- if (buildMap(img)) { ++ if (img->samplesperpixel == 3 && buildMap(img)) { + if (img->bitspersample == 8) + img->put.contig = initCIELabConversion(img); + break; diff --git a/gnu/packages/patches/libtiff-oob-accesses-in-decode.patch b/gnu/packages/patches/libtiff-oob-accesses-in-decode.patch new file mode 100644 index 0000000000..3fea745056 --- /dev/null +++ b/gnu/packages/patches/libtiff-oob-accesses-in-decode.patch @@ -0,0 +1,171 @@ +2015-12-27 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_luv.c: fix potential out-of-bound writes in decode + functions in non debug builds by replacing assert()s by regular if + checks (bugzilla #2522). + Fix potential out-of-bound reads in case of short input data. + +diff -u -r1.40 -r1.41 +--- libtiff/libtiff/tif_luv.c 21 Jun 2015 01:09:09 -0000 1.40 ++++ libtiff/libtiff/tif_luv.c 27 Dec 2015 16:25:11 -0000 1.41 +@@ -1,4 +1,4 @@ +-/* $Id: tif_luv.c,v 1.40 2015-06-21 01:09:09 bfriesen Exp $ */ ++/* $Id: tif_luv.c,v 1.41 2015-12-27 16:25:11 erouault Exp $ */ + + /* + * Copyright (c) 1997 Greg Ward Larson +@@ -202,7 +202,11 @@ + if (sp->user_datafmt == SGILOGDATAFMT_16BIT) + tp = (int16*) op; + else { +- assert(sp->tbuflen >= npixels); ++ if(sp->tbuflen < npixels) { ++ TIFFErrorExt(tif->tif_clientdata, module, ++ "Translation buffer too short"); ++ return (0); ++ } + tp = (int16*) sp->tbuf; + } + _TIFFmemset((void*) tp, 0, npixels*sizeof (tp[0])); +@@ -211,9 +215,11 @@ + cc = tif->tif_rawcc; + /* get each byte string */ + for (shft = 2*8; (shft -= 8) >= 0; ) { +- for (i = 0; i < npixels && cc > 0; ) ++ for (i = 0; i < npixels && cc > 0; ) { + if (*bp >= 128) { /* run */ +- rc = *bp++ + (2-128); /* TODO: potential input buffer overrun when decoding corrupt or truncated data */ ++ if( cc < 2 ) ++ break; ++ rc = *bp++ + (2-128); + b = (int16)(*bp++ << shft); + cc -= 2; + while (rc-- && i < npixels) +@@ -223,6 +229,7 @@ + while (--cc && rc-- && i < npixels) + tp[i++] |= (int16)*bp++ << shft; + } ++ } + if (i != npixels) { + #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) + TIFFErrorExt(tif->tif_clientdata, module, +@@ -268,13 +275,17 @@ + if (sp->user_datafmt == SGILOGDATAFMT_RAW) + tp = (uint32 *)op; + else { +- assert(sp->tbuflen >= npixels); ++ if(sp->tbuflen < npixels) { ++ TIFFErrorExt(tif->tif_clientdata, module, ++ "Translation buffer too short"); ++ return (0); ++ } + tp = (uint32 *) sp->tbuf; + } + /* copy to array of uint32 */ + bp = (unsigned char*) tif->tif_rawcp; + cc = tif->tif_rawcc; +- for (i = 0; i < npixels && cc > 0; i++) { ++ for (i = 0; i < npixels && cc >= 3; i++) { + tp[i] = bp[0] << 16 | bp[1] << 8 | bp[2]; + bp += 3; + cc -= 3; +@@ -325,7 +336,11 @@ + if (sp->user_datafmt == SGILOGDATAFMT_RAW) + tp = (uint32*) op; + else { +- assert(sp->tbuflen >= npixels); ++ if(sp->tbuflen < npixels) { ++ TIFFErrorExt(tif->tif_clientdata, module, ++ "Translation buffer too short"); ++ return (0); ++ } + tp = (uint32*) sp->tbuf; + } + _TIFFmemset((void*) tp, 0, npixels*sizeof (tp[0])); +@@ -334,11 +349,13 @@ + cc = tif->tif_rawcc; + /* get each byte string */ + for (shft = 4*8; (shft -= 8) >= 0; ) { +- for (i = 0; i < npixels && cc > 0; ) ++ for (i = 0; i < npixels && cc > 0; ) { + if (*bp >= 128) { /* run */ ++ if( cc < 2 ) ++ break; + rc = *bp++ + (2-128); + b = (uint32)*bp++ << shft; +- cc -= 2; /* TODO: potential input buffer overrun when decoding corrupt or truncated data */ ++ cc -= 2; + while (rc-- && i < npixels) + tp[i++] |= b; + } else { /* non-run */ +@@ -346,6 +363,7 @@ + while (--cc && rc-- && i < npixels) + tp[i++] |= (uint32)*bp++ << shft; + } ++ } + if (i != npixels) { + #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) + TIFFErrorExt(tif->tif_clientdata, module, +@@ -413,6 +431,7 @@ + static int + LogL16Encode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) + { ++ static const char module[] = "LogL16Encode"; + LogLuvState* sp = EncoderState(tif); + int shft; + tmsize_t i; +@@ -433,7 +452,11 @@ + tp = (int16*) bp; + else { + tp = (int16*) sp->tbuf; +- assert(sp->tbuflen >= npixels); ++ if(sp->tbuflen < npixels) { ++ TIFFErrorExt(tif->tif_clientdata, module, ++ "Translation buffer too short"); ++ return (0); ++ } + (*sp->tfunc)(sp, bp, npixels); + } + /* compress each byte string */ +@@ -506,6 +529,7 @@ + static int + LogLuvEncode24(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) + { ++ static const char module[] = "LogLuvEncode24"; + LogLuvState* sp = EncoderState(tif); + tmsize_t i; + tmsize_t npixels; +@@ -521,7 +545,11 @@ + tp = (uint32*) bp; + else { + tp = (uint32*) sp->tbuf; +- assert(sp->tbuflen >= npixels); ++ if(sp->tbuflen < npixels) { ++ TIFFErrorExt(tif->tif_clientdata, module, ++ "Translation buffer too short"); ++ return (0); ++ } + (*sp->tfunc)(sp, bp, npixels); + } + /* write out encoded pixels */ +@@ -553,6 +581,7 @@ + static int + LogLuvEncode32(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) + { ++ static const char module[] = "LogLuvEncode32"; + LogLuvState* sp = EncoderState(tif); + int shft; + tmsize_t i; +@@ -574,7 +603,11 @@ + tp = (uint32*) bp; + else { + tp = (uint32*) sp->tbuf; +- assert(sp->tbuflen >= npixels); ++ if(sp->tbuflen < npixels) { ++ TIFFErrorExt(tif->tif_clientdata, module, ++ "Translation buffer too short"); ++ return (0); ++ } + (*sp->tfunc)(sp, bp, npixels); + } + /* compress each byte string */ diff --git a/gnu/packages/patches/libtiff-oob-write-in-nextdecode.patch b/gnu/packages/patches/libtiff-oob-write-in-nextdecode.patch new file mode 100644 index 0000000000..50657b667c --- /dev/null +++ b/gnu/packages/patches/libtiff-oob-write-in-nextdecode.patch @@ -0,0 +1,49 @@ +2015-12-27 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_next.c: fix potential out-of-bound write in NeXTDecode() + triggered by http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif + (bugzilla #2508) + +diff -u -r1.16 -r1.18 +--- libtiff/libtiff/tif_next.c 29 Dec 2014 12:09:11 -0000 1.16 ++++ libtiff/libtiff/tif_next.c 27 Dec 2015 17:14:52 -0000 1.18 +@@ -1,4 +1,4 @@ +-/* $Id: tif_next.c,v 1.16 2014-12-29 12:09:11 erouault Exp $ */ ++/* $Id: tif_next.c,v 1.18 2015-12-27 17:14:52 erouault Exp $ */ + + /* + * Copyright (c) 1988-1997 Sam Leffler +@@ -37,7 +37,7 @@ + case 0: op[0] = (unsigned char) ((v) << 6); break; \ + case 1: op[0] |= (v) << 4; break; \ + case 2: op[0] |= (v) << 2; break; \ +- case 3: *op++ |= (v); break; \ ++ case 3: *op++ |= (v); op_offset++; break; \ + } \ + } + +@@ -103,6 +103,7 @@ + } + default: { + uint32 npixels = 0, grey; ++ tmsize_t op_offset = 0; + uint32 imagewidth = tif->tif_dir.td_imagewidth; + if( isTiled(tif) ) + imagewidth = tif->tif_dir.td_tilewidth; +@@ -122,10 +123,15 @@ + * bounds, potentially resulting in a security + * issue. + */ +- while (n-- > 0 && npixels < imagewidth) ++ while (n-- > 0 && npixels < imagewidth && op_offset < scanline) + SETPIXEL(op, grey); + if (npixels >= imagewidth) + break; ++ if (op_offset >= scanline ) { ++ TIFFErrorExt(tif->tif_clientdata, module, "Invalid data for scanline %ld", ++ (long) tif->tif_row); ++ return (0); ++ } + if (cc == 0) + goto bad; + n = *bp++, cc--; diff --git a/gnu/packages/patches/perl-CVE-2015-8607.patch b/gnu/packages/patches/perl-CVE-2015-8607.patch new file mode 100644 index 0000000000..4c25d41740 --- /dev/null +++ b/gnu/packages/patches/perl-CVE-2015-8607.patch @@ -0,0 +1,68 @@ +From 3a629609084d147838368262171b923f0770e564 Mon Sep 17 00:00:00 2001 +From: Tony Cook <tony@develop-help.com> +Date: Tue, 15 Dec 2015 10:56:54 +1100 +Subject: ensure File::Spec::canonpath() preserves taint + +Previously the unix specific XS implementation of canonpath() would +return an untainted path when supplied a tainted path. + +For the empty string case, newSVpvs() already sets taint as needed on +its result. + +This issue was assigned CVE-2015-8607. + +Bug: https://rt.perl.org/Ticket/Display.html?id=126862 +Bug-Debian: https://bugs.debian.org/810719 +Origin: upstream +Patch-Name: fixes/CVE-2015-8607_file_spec_taint_fix.diff +--- + dist/PathTools/Cwd.xs | 1 + + dist/PathTools/t/taint.t | 19 ++++++++++++++++++- + 2 files changed, 19 insertions(+), 1 deletion(-) + +diff --git a/dist/PathTools/Cwd.xs b/dist/PathTools/Cwd.xs +index 9d4dcf0..3d018dc 100644 +--- a/dist/PathTools/Cwd.xs ++++ b/dist/PathTools/Cwd.xs +@@ -535,6 +535,7 @@ THX_unix_canonpath(pTHX_ SV *path) + *o = 0; + SvPOK_on(retval); + SvCUR_set(retval, o - SvPVX(retval)); ++ SvTAINT(retval); + return retval; + } + +diff --git a/dist/PathTools/t/taint.t b/dist/PathTools/t/taint.t +index 309b3e5..48f8c5b 100644 +--- a/dist/PathTools/t/taint.t ++++ b/dist/PathTools/t/taint.t +@@ -12,7 +12,7 @@ use Test::More; + BEGIN { + plan( + ${^TAINT} +- ? (tests => 17) ++ ? (tests => 21) + : (skip_all => "A perl without taint support") + ); + } +@@ -34,3 +34,20 @@ foreach my $func (@Functions) { + + # Previous versions of Cwd tainted $^O + is !tainted($^O), 1, "\$^O should not be tainted"; ++ ++{ ++ # [perl #126862] canonpath() loses taint ++ my $tainted = substr($ENV{PATH}, 0, 0); ++ # yes, getcwd()'s result should be tainted, and is tested above ++ # but be sure ++ ok tainted(File::Spec->canonpath($tainted . Cwd::getcwd)), ++ "canonpath() keeps taint on non-empty string"; ++ ok tainted(File::Spec->canonpath($tainted)), ++ "canonpath() keeps taint on empty string"; ++ ++ (Cwd::getcwd() =~ /^(.*)/); ++ my $untainted = $1; ++ ok !tainted($untainted), "make sure our untainted value is untainted"; ++ ok !tainted(File::Spec->canonpath($untainted)), ++ "canonpath() doesn't add taint to untainted string"; ++} diff --git a/gnu/packages/patches/perl-deterministic-ordering.patch b/gnu/packages/patches/perl-deterministic-ordering.patch new file mode 100644 index 0000000000..92e33ef135 --- /dev/null +++ b/gnu/packages/patches/perl-deterministic-ordering.patch @@ -0,0 +1,29 @@ +From <https://bugs.debian.org/801523>. + +From c01f602d1926b0671fd2c8d91f7e52c4e4c9fb24 Mon Sep 17 00:00:00 2001 +From: Niko Tyni <ntyni@debian.org> +Date: Sun, 11 Oct 2015 19:27:56 +0300 +Subject: [PATCH] Sort the list of XS code files when generating RealPPPort.xs + +all_files_in_dir() uses readdir() ordering to make the list of +input files. This can vary between build systems, breaking build +reproducibility. +--- + cpan/Devel-PPPort/PPPort_xs.PL | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/cpan/Devel-PPPort/PPPort_xs.PL b/cpan/Devel-PPPort/PPPort_xs.PL +index 5f18940..149f2fe 100644 +--- a/cpan/Devel-PPPort/PPPort_xs.PL ++++ b/cpan/Devel-PPPort/PPPort_xs.PL +@@ -38,7 +38,7 @@ END + my $file; + my $sec; + +-for $file (all_files_in_dir('parts/inc')) { ++for $file (sort(all_files_in_dir('parts/inc'))) { + my $spec = parse_partspec($file); + + my $msg = 0; +-- +2.5.1 diff --git a/gnu/packages/patches/perl-module-pluggable-search.patch b/gnu/packages/patches/perl-module-pluggable-search.patch index bb2a57f7e5..ec51abc35d 100644..100755 --- a/gnu/packages/patches/perl-module-pluggable-search.patch +++ b/gnu/packages/patches/perl-module-pluggable-search.patch @@ -1,19 +1,19 @@ -Fix core Perl module Module::Pluggable such that it can find plugins that live -in symlinked directories. +Fix Perl module Module::Pluggable such that it can find plugins that live in +symlinked directories. Patch borrowed/adapted from Nixpkgs. ---- perl-5.16.1/cpan/Module-Pluggable/lib/Module/Pluggable/Object.pm 2015-04-08 23:28:48.120164135 -0500 -+++ perl-5.16.1/cpan/Module-Pluggable/lib/Module/Pluggable/Object.pm 2015-04-08 23:30:27.032166704 -0500 +--- Module-Pluggable-5.2/lib/Module/Pluggable/Object.pm 2015-04-08 23:28:48.120164135 -0500 ++++ Module-Pluggable-5.2/lib/Module/Pluggable/Object.pm 2015-04-08 23:30:27.032166704 -0500 @@ -164,7 +164,7 @@ my $sp = catdir($dir, (split /::/, $searchpath)); - + # if it doesn't exist or it's not a dir then skip it - next unless ( -e $sp && -d _ ); # Use the cached stat the second time + next unless ( -e $sp ); - + my @files = $self->find_files($sp); - + @@ -279,7 +279,7 @@ (my $path = $File::Find::name) =~ s#^\\./##; push @files, $path; @@ -22,4 +22,4 @@ Patch borrowed/adapted from Nixpkgs. + }, "$search_path/." ); } #chdir $cwd; - return @files; + return @files; \ No newline at end of file diff --git a/gnu/packages/patches/perl-no-build-time.patch b/gnu/packages/patches/perl-no-build-time.patch new file mode 100644 index 0000000000..5d78e8f462 --- /dev/null +++ b/gnu/packages/patches/perl-no-build-time.patch @@ -0,0 +1,26 @@ +Do not record the configuration and build time so that builds can be +reproduced bit-for-bit. + +--- perl-5.22.0/Configure 1970-01-01 01:00:00.000000000 +0100 ++++ perl-5.22.0/Configure 2015-12-13 00:14:43.148165080 +0100 +@@ -3834,6 +3817,7 @@ esac + + : who configured the system + cf_time=`LC_ALL=C; LANGUAGE=C; export LC_ALL; export LANGUAGE; $date 2>&1` ++cf_time='Thu Jan 1 00:00:01 UTC 1970' + case "$cf_by" in + "") + cf_by=`(logname) 2>/dev/null` + +--- perl-5.22.0/perl.c 2015-12-13 00:25:30.269156627 +0100 ++++ perl-5.22.0/perl.c 2015-12-13 00:25:38.265218175 +0100 +@@ -1795,7 +1795,7 @@ S_Internals_V(pTHX_ CV *cv) + PUSHs(Perl_newSVpvn_flags(aTHX_ non_bincompat_options, + sizeof(non_bincompat_options) - 1, SVs_TEMP)); + +-#ifdef __DATE__ ++#if 0 + # ifdef __TIME__ + PUSHs(Perl_newSVpvn_flags(aTHX_ + STR_WITH_LEN("Compiled at " __DATE__ " " __TIME__), + diff --git a/gnu/packages/patches/perl-no-sys-dirs.patch b/gnu/packages/patches/perl-no-sys-dirs.patch index 3aba4d7529..da91fef3b4 100644 --- a/gnu/packages/patches/perl-no-sys-dirs.patch +++ b/gnu/packages/patches/perl-no-sys-dirs.patch @@ -1,10 +1,10 @@ -Don't long for headers and libraries in "traditional" locations. +Don't look for headers and libraries in "traditional" locations. Patch from Nixpkgs by Eelco Dolstra <eelco.dolstra@logicblox.com>. -diff -ru -x '*~' perl-5.14.2-orig/Configure perl-5.14.2/Configure ---- perl-5.14.2-orig/Configure 2011-09-26 11:44:34.000000000 +0200 -+++ perl-5.14.2/Configure 2012-01-20 17:05:23.089223129 +0100 +diff -ru -x '*~' -x '*.rej' perl-5.20.0-orig/Configure perl-5.20.0/Configure +--- perl-5.20.0-orig/Configure 2014-05-26 15:34:18.000000000 +0200 ++++ perl-5.20.0/Configure 2014-06-25 10:43:35.368285986 +0200 @@ -106,15 +106,7 @@ fi @@ -22,7 +22,7 @@ diff -ru -x '*~' perl-5.14.2-orig/Configure perl-5.14.2/Configure for p in $paths do -@@ -1311,8 +1303,7 @@ +@@ -1337,8 +1329,7 @@ archname='' : Possible local include directories to search. : Set locincpth to "" in a hint file to defeat local include searches. @@ -32,8 +32,8 @@ diff -ru -x '*~' perl-5.14.2-orig/Configure perl-5.14.2/Configure : : no include file wanted by default inclwanted='' -@@ -1328,17 +1319,12 @@ - archobjs='' +@@ -1349,17 +1340,12 @@ + libnames='' : change the next line if compiling for Xenix/286 on Xenix/386 -xlibpth='/usr/lib/386 /lib/386' @@ -53,7 +53,7 @@ diff -ru -x '*~' perl-5.14.2-orig/Configure perl-5.14.2/Configure : Private path used by Configure to find libraries. Its value : is prepended to libpth. This variable takes care of special -@@ -1371,8 +1357,6 @@ +@@ -1391,8 +1377,6 @@ libswanted="$libswanted m crypt sec util c cposix posix ucb bsd BSD" : We probably want to search /usr/shlib before most other libraries. : This is only used by the lib/ExtUtils/MakeMaker.pm routine extliblist. @@ -62,27 +62,27 @@ diff -ru -x '*~' perl-5.14.2-orig/Configure perl-5.14.2/Configure : Do not use vfork unless overridden by a hint file. usevfork=false -@@ -2380,7 +2364,6 @@ +@@ -2446,7 +2430,6 @@ zip " pth=`echo $PATH | sed -e "s/$p_/ /g"` --pth="$pth /lib /usr/lib" +-pth="$pth $sysroot/lib $sysroot/usr/lib" for file in $loclist; do eval xxx=\$$file case "$xxx" in -@@ -4785,7 +4768,7 @@ +@@ -4936,7 +4919,7 @@ : Set private lib path case "$plibpth" in '') if ./mips; then -- plibpth="$incpath/usr/lib /usr/local/lib /usr/ccs/lib" -+ plibpth="$incpath/usr/lib" - fi;; +- plibpth="$incpath/usr/lib $sysroot/usr/local/lib $sysroot/usr/ccs/lib" ++ plibpth="$incpath/usr/lib" + fi;; esac case "$libpth" in -@@ -8390,13 +8373,8 @@ +@@ -8600,13 +8583,8 @@ echo " " case "$sysman" in - '') + '') - syspath='/usr/share/man/man1 /usr/man/man1' - syspath="$syspath /usr/man/mann /usr/man/manl /usr/man/local/man1" - syspath="$syspath /usr/man/u_man/man1" @@ -95,7 +95,7 @@ diff -ru -x '*~' perl-5.14.2-orig/Configure perl-5.14.2/Configure ;; esac if $test -d "$sysman"; then -@@ -19721,9 +19699,10 @@ +@@ -19900,9 +19878,10 @@ case "$full_ar" in '') full_ar=$ar ;; esac @@ -107,10 +107,11 @@ diff -ru -x '*~' perl-5.14.2-orig/Configure perl-5.14.2/Configure : see what type gids are declared as in the kernel echo " " -diff -ru -x '*~' perl-5.14.2-orig/ext/Errno/Errno_pm.PL perl-5.14.2/ext/Errno/Errno_pm.PL ---- perl-5.14.2-orig/ext/Errno/Errno_pm.PL 2011-09-26 11:44:34.000000000 +0200 -+++ perl-5.14.2/ext/Errno/Errno_pm.PL 2012-01-20 17:02:07.938138311 +0100 -@@ -137,11 +137,7 @@ +Only in perl-5.20.0/: Configure.orig +diff -ru -x '*~' -x '*.rej' perl-5.20.0-orig/ext/Errno/Errno_pm.PL perl-5.20.0/ext/Errno/Errno_pm.PL +--- perl-5.20.0-orig/ext/Errno/Errno_pm.PL 2014-05-26 15:34:20.000000000 +0200 ++++ perl-5.20.0/ext/Errno/Errno_pm.PL 2014-06-25 10:31:24.317970047 +0200 +@@ -126,11 +126,7 @@ if ($dep =~ /(\S+errno\.h)/) { $file{$1} = 1; } @@ -120,13 +121,14 @@ diff -ru -x '*~' perl-5.14.2-orig/ext/Errno/Errno_pm.PL perl-5.14.2/ext/Errno/Er - # might be using, say, Intel's icc - ) { + } elsif (0) { + # When cross-compiling we may store a path for gcc's "sysroot" option: + my $sysroot = $Config{sysroot} || ''; # Some Linuxes have weird errno.hs which generate - # no #file or #line directives - my $linux_errno_h = -e '/usr/include/errno.h' ? -diff -ru -x '*~' perl-5.14.2-orig/hints/freebsd.sh perl-5.14.2/hints/freebsd.sh ---- perl-5.14.2-orig/hints/freebsd.sh 2011-09-19 15:18:22.000000000 +0200 -+++ perl-5.14.2/hints/freebsd.sh 2012-01-20 17:10:37.267924044 +0100 -@@ -118,21 +118,21 @@ +Only in perl-5.20.0/ext/Errno: Errno_pm.PL.orig +diff -ru -x '*~' -x '*.rej' perl-5.20.0-orig/hints/freebsd.sh perl-5.20.0/hints/freebsd.sh +--- perl-5.20.0-orig/hints/freebsd.sh 2014-01-31 22:55:51.000000000 +0100 ++++ perl-5.20.0/hints/freebsd.sh 2014-06-25 10:25:53.263964680 +0200 +@@ -119,21 +119,21 @@ objformat=`/usr/bin/objformat` if [ x$objformat = xaout ]; then if [ -e /usr/lib/aout ]; then @@ -154,3 +156,99 @@ diff -ru -x '*~' perl-5.14.2-orig/hints/freebsd.sh perl-5.14.2/hints/freebsd.sh ldflags="-Wl,-E " lddlflags="-shared " cccdlflags='-DPIC -fPIC' +diff -ru -x '*~' -x '*.rej' perl-5.20.0-orig/hints/linux.sh perl-5.20.0/hints/linux.sh +--- perl-5.20.0-orig/hints/linux.sh 2014-05-26 15:34:20.000000000 +0200 ++++ perl-5.20.0/hints/linux.sh 2014-06-25 10:33:47.354883843 +0200 +@@ -150,25 +150,6 @@ + ;; + esac + +-# Ubuntu 11.04 (and later, presumably) doesn't keep most libraries +-# (such as -lm) in /lib or /usr/lib. So we have to ask gcc to tell us +-# where to look. We don't want gcc's own libraries, however, so we +-# filter those out. +-# This could be conditional on Unbuntu, but other distributions may +-# follow suit, and this scheme seems to work even on rather old gcc's. +-# This unconditionally uses gcc because even if the user is using another +-# compiler, we still need to find the math library and friends, and I don't +-# know how other compilers will cope with that situation. +-# Morever, if the user has their own gcc earlier in $PATH than the system gcc, +-# we don't want its libraries. So we try to prefer the system gcc +-# Still, as an escape hatch, allow Configure command line overrides to +-# plibpth to bypass this check. +-if [ -x /usr/bin/gcc ] ; then +- gcc=/usr/bin/gcc +-else +- gcc=gcc +-fi +- + case "$plibpth" in + '') plibpth=`LANG=C LC_ALL=C $gcc $ccflags $ldflags -print-search-dirs | grep libraries | + cut -f2- -d= | tr ':' $trnl | grep -v 'gcc' | sed -e 's:/$::'` +@@ -178,32 +159,6 @@ + ;; + esac + +-case "$libc" in +-'') +-# If you have glibc, then report the version for ./myconfig bug reporting. +-# (Configure doesn't need to know the specific version since it just uses +-# gcc to load the library for all tests.) +-# We don't use __GLIBC__ and __GLIBC_MINOR__ because they +-# are insufficiently precise to distinguish things like +-# libc-2.0.6 and libc-2.0.7. +- for p in $plibpth +- do +- for trylib in libc.so.6 libc.so +- do +- if $test -e $p/$trylib; then +- libc=`ls -l $p/$trylib | awk '{print $NF}'` +- if $test "X$libc" != X; then +- break +- fi +- fi +- done +- if $test "X$libc" != X; then +- break +- fi +- done +- ;; +-esac +- + # Are we using ELF? Thanks to Kenneth Albanowski <kjahds@kjahds.com> + # for this test. + cat >try.c <<'EOM' +@@ -367,33 +322,6 @@ + ;; + esac + +-# SuSE8.2 has /usr/lib/libndbm* which are ld scripts rather than +-# true libraries. The scripts cause binding against static +-# version of -lgdbm which is a bad idea. So if we have 'nm' +-# make sure it can read the file +-# NI-S 2003/08/07 +-case "$nm" in +- '') ;; +- *) +- for p in $plibpth +- do +- if $test -r $p/libndbm.so; then +- if $nm $p/libndbm.so >/dev/null 2>&1 ; then +- echo 'Your shared -lndbm seems to be a real library.' +- _libndbm_real=1 +- break +- fi +- fi +- done +- if $test "X$_libndbm_real" = X; then +- echo 'Your shared -lndbm is not a real library.' +- set `echo X "$libswanted "| sed -e 's/ ndbm / /'` +- shift +- libswanted="$*" +- fi +- ;; +-esac +- + # Linux on Synology. + if [ -f /etc/synoinfo.conf -a -d /usr/syno ]; then + # Tested on Synology DS213 and DS413 diff --git a/gnu/packages/patches/perl-source-date-epoch.patch b/gnu/packages/patches/perl-source-date-epoch.patch new file mode 100644 index 0000000000..37330c9537 --- /dev/null +++ b/gnu/packages/patches/perl-source-date-epoch.patch @@ -0,0 +1,19 @@ +Adapted from <https://bugs.debian.org/801621>. +Make Pod::Man honor the SOURCE_DATE_EPOCH environment variable. + +--- perl-5.22.0/cpan/podlators/lib/Pod/Man.pm 2015-12-12 22:33:03.321787590 +0100 ++++ perl-5.22.0/cpan/podlators/lib/Pod/Man.pm 2015-12-12 22:36:33.367361338 +0100 +@@ -884,7 +884,12 @@ sub devise_date { + my ($self) = @_; + my $input = $self->source_filename; + my $time; +- if ($input) { ++ ++ if (defined($ENV{SOURCE_DATE_EPOCH}) && ++ $ENV{SOURCE_DATE_EPOCH} !~ /\D/) { ++ $time = $ENV{SOURCE_DATE_EPOCH}; ++ } ++ elsif ($input) { + $time = (stat $input)[9] || time; + } else { + $time = time; diff --git a/gnu/packages/patches/procps-make-3.82.patch b/gnu/packages/patches/procps-make-3.82.patch deleted file mode 100644 index 7bf53e2ccc..0000000000 --- a/gnu/packages/patches/procps-make-3.82.patch +++ /dev/null @@ -1,14 +0,0 @@ -Fix compilation with GNU Make 3.82 (patch from Nixpkgs). - -diff --git a/Makefile b/Makefile -index 09fb3ed..59eba16 100644 ---- a/Makefile -+++ b/Makefile -@@ -174,7 +174,7 @@ INSTALL := $(BINFILES) $(MANFILES) - # want this rule first, use := on ALL, and ALL not filled in yet - all: do_all - ---include */module.mk -+-include proc/module.mk ps/module.mk - - do_all: $(ALL) diff --git a/gnu/packages/patches/python-2.7-search-paths.patch b/gnu/packages/patches/python-2.7-search-paths.patch index 6e5339f3a6..ba7235df27 100644 --- a/gnu/packages/patches/python-2.7-search-paths.patch +++ b/gnu/packages/patches/python-2.7-search-paths.patch @@ -1,5 +1,5 @@ -Make sure the build system honors CPATH and LIBRARY_PATH when looking for -headers and libraries. +Make sure the build system honors C_INCLUDE_PATH and LIBRARY_PATH when +looking for headers and libraries. --- Python-2.7.10/setup.py 2015-10-07 18:33:18.125153186 +0200 +++ Python-2.7.10/setup.py 2015-10-07 18:33:47.497347552 +0200 @@ -9,7 +9,7 @@ headers and libraries. + # Always honor these variables. + lib_dirs += os.getenv('LIBRARY_PATH', '').split(os.pathsep) -+ inc_dirs += os.getenv('CPATH', '').split(os.pathsep) ++ inc_dirs += os.getenv('C_INCLUDE_PATH', '').split(os.pathsep) + # OSF/1 and Unixware have some stuff in /usr/ccs/lib (like -ldb) if host_platform in ['osf1', 'unixware7', 'openunix8']: diff --git a/gnu/packages/patches/python-3-search-paths.patch b/gnu/packages/patches/python-3-search-paths.patch index 547feae1b9..7feddb8e30 100644 --- a/gnu/packages/patches/python-3-search-paths.patch +++ b/gnu/packages/patches/python-3-search-paths.patch @@ -1,5 +1,5 @@ -Make sure the build system honors CPATH and LIBRARY_PATH when looking for -headers and libraries. +Make sure the build system honors C_INCLUDE_PATH and LIBRARY_PATH when +looking for headers and libraries. --- setup.py 2015-10-07 23:32:58.891329173 +0200 +++ setup.py 2015-10-07 23:46:29.653349924 +0200 @@ -13,7 +13,7 @@ headers and libraries. - ] - inc_dirs = self.compiler.include_dirs + ['/usr/include'] + lib_dirs = os.getenv('LIBRARY_PATH', '').split(os.pathsep) -+ inc_dirs = os.getenv('CPATH', '').split(os.pathsep) ++ inc_dirs = os.getenv('C_INCLUDE_PATH', '').split(os.pathsep) else: lib_dirs = self.compiler.library_dirs[:] inc_dirs = self.compiler.include_dirs[:] |