summary refs log tree commit diff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/avahi-CVE-2018-1000845.patch42
-rw-r--r--gnu/packages/patches/sbcl-graph-asdf-definitions.patch70
-rw-r--r--gnu/packages/patches/seahorse-gkr-use-0-on-empty-flags.patch32
-rw-r--r--gnu/packages/patches/weasyprint-library-paths.patch38
4 files changed, 182 insertions, 0 deletions
diff --git a/gnu/packages/patches/avahi-CVE-2018-1000845.patch b/gnu/packages/patches/avahi-CVE-2018-1000845.patch
new file mode 100644
index 0000000000..e5b13e0bee
--- /dev/null
+++ b/gnu/packages/patches/avahi-CVE-2018-1000845.patch
@@ -0,0 +1,42 @@
+From e111def44a7df4624a4aa3f85fe98054bffb6b4f Mon Sep 17 00:00:00 2001
+From: Trent Lloyd <trent@lloyd.id.au>
+Date: Sat, 22 Dec 2018 09:06:07 +0800
+Subject: [PATCH] Drop legacy unicast queries from address not on local link
+
+When handling legacy unicast queries, ensure that the source IP is
+inside a subnet on the local link, otherwise drop the packet.
+
+Fixes #145
+Fixes #203
+CVE-2017-6519
+CVE-2018-100084
+---
+ avahi-core/server.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/avahi-core/server.c b/avahi-core/server.c
+index a2cb19a8..a2580e38 100644
+--- a/avahi-core/server.c
++++ b/avahi-core/server.c
+@@ -930,6 +930,7 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
+ 
+     if (avahi_dns_packet_is_query(p)) {
+         int legacy_unicast = 0;
++        char t[AVAHI_ADDRESS_STR_MAX];
+ 
+         /* For queries EDNS0 might allow ARCOUNT != 0. We ignore the
+          * AR section completely here, so far. Until the day we add
+@@ -947,6 +948,13 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
+             legacy_unicast = 1;
+         }
+ 
++        if (!is_mdns_mcast_address(dst_address) &&
++            !avahi_interface_address_on_link(i, src_address)) {
++
++            avahi_log_debug("Received non-local unicast query from host %s on interface '%s.%i'.", avahi_address_snprint(t, sizeof(t), src_address), i->hardware->name, i->protocol);
++            return;
++        }
++
+         if (legacy_unicast)
+             reflect_legacy_unicast_query_packet(s, p, i, src_address, port);
+ 
diff --git a/gnu/packages/patches/sbcl-graph-asdf-definitions.patch b/gnu/packages/patches/sbcl-graph-asdf-definitions.patch
new file mode 100644
index 0000000000..a528ccfcc6
--- /dev/null
+++ b/gnu/packages/patches/sbcl-graph-asdf-definitions.patch
@@ -0,0 +1,70 @@
+commit 52ebece1243ae6900e414b6248b5145a28348eef
+Author: Guillaume Le Vaillant <glv@posteo.net>
+Date:   Fri Oct 18 15:41:23 2019 +0200
+
+    Use basic ASDF system definitions instead of package-inferred-system
+
+diff --git a/graph.asd b/graph.asd
+index 193b6e3..56afc8f 100644
+--- a/graph.asd
++++ b/graph.asd
+@@ -3,12 +3,10 @@
+   :version "0.0.0"
+   :author ("Eric Schulte <schulte.eric@gmail.com>" "Thomas Dye")
+   :licence "GPL V3"
+-  :class :package-inferred-system
+-  :defsystem-depends-on (:asdf-package-system)
++  :in-order-to ((test-op (test-op graph-test)))
+   :depends-on (alexandria
+                metabang-bind
+                named-readtables
+                curry-compose-reader-macros
+-               graph/graph))
+-
+-(register-system-packages "femlisp-matlisp" '(:fl.matlisp))
++               cl-heap)
++  :components ((:file "graph")))
+diff --git a/graph.dot.asd b/graph.dot.asd
+new file mode 100644
+index 0000000..12aec7e
+--- /dev/null
++++ b/graph.dot.asd
+@@ -0,0 +1,8 @@
++(defsystem :graph-dot
++  :depends-on (alexandria
++               metabang-bind
++               named-readtables
++               curry-compose-reader-macros
++               cl-ppcre
++               graph)
++  :components ((:file "dot")))
+diff --git a/graph.json.asd b/graph.json.asd
+new file mode 100644
+index 0000000..e7d091f
+--- /dev/null
++++ b/graph.json.asd
+@@ -0,0 +1,8 @@
++(defsystem :graph-json
++  :depends-on (alexandria
++               metabang-bind
++               named-readtables
++               curry-compose-reader-macros
++               yason
++               graph)
++  :components ((:file "json")))
+diff --git a/graph.test.asd b/graph.test.asd
+new file mode 100644
+index 0000000..1e811e1
+--- /dev/null
++++ b/graph.test.asd
+@@ -0,0 +1,10 @@
++(defsystem :graph-test
++  :depends-on (alexandria
++               metabang-bind
++               named-readtables
++               curry-compose-reader-macros
++               graph
++               stefil)
++  :perform (test-op (o s)
++             (uiop:symbol-call :graph/test 'test))
++  :components ((:file "test")))
diff --git a/gnu/packages/patches/seahorse-gkr-use-0-on-empty-flags.patch b/gnu/packages/patches/seahorse-gkr-use-0-on-empty-flags.patch
new file mode 100644
index 0000000000..55866d2973
--- /dev/null
+++ b/gnu/packages/patches/seahorse-gkr-use-0-on-empty-flags.patch
@@ -0,0 +1,32 @@
+Patch from <https://gitlab.gnome.org/GNOME/seahorse/commit/d9db29db567012b7c72e85e1be1fbf55fcc9b667>.
+
+From d9db29db567012b7c72e85e1be1fbf55fcc9b667 Mon Sep 17 00:00:00 2001
+From: Niels De Graef <nielsdegraef@gmail.com>
+Date: Sat, 11 May 2019 09:02:34 +0200
+Subject: [PATCH] gkr: Use 0 on empty flags
+
+A Flags-type variable without any flag set can be replaced with 0, so
+this is a safe thing to do. It also prevents us from having to deal with
+the accidental API break in libsecret (see
+https://gitlab.gnome.org/GNOME/libsecret/merge_requests/19)
+---
+ gkr/gkr-keyring-add.vala | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/gkr/gkr-keyring-add.vala b/gkr/gkr-keyring-add.vala
+index 4e92a520..f60c9a22 100644
+--- a/gkr/gkr-keyring-add.vala
++++ b/gkr/gkr-keyring-add.vala
+@@ -41,8 +41,7 @@ public class Seahorse.Gkr.KeyringAdd : Gtk.Dialog {
+ 
+         var cancellable = Dialog.begin_request(this);
+         var service = Backend.instance().service;
+-        Secret.Collection.create.begin(service, this.name_entry.text, null,
+-                                       Secret.CollectionCreateFlags.COLLECTION_CREATE_NONE,
++        Secret.Collection.create.begin(service, this.name_entry.text, null, 0,
+                                        cancellable, (obj, res) => {
+             /* Clear the operation without cancelling it since it is complete */
+             Dialog.complete_request(this, false);
+-- 
+2.23.0
+
diff --git a/gnu/packages/patches/weasyprint-library-paths.patch b/gnu/packages/patches/weasyprint-library-paths.patch
new file mode 100644
index 0000000000..eabbdbdcd6
--- /dev/null
+++ b/gnu/packages/patches/weasyprint-library-paths.patch
@@ -0,0 +1,38 @@
+diff --git a/weasyprint/fonts.py b/weasyprint/fonts.py
+index 377716c1..2016e01c 100644
+--- a/weasyprint/fonts.py
++++ b/weasyprint/fonts.py
+@@ -48,11 +48,8 @@ else:
+     # with OSError: dlopen() failed to load a library: cairo / cairo-2
+     # So let's hope we find the same file as cairo already did ;)
+     # Same applies to pangocairo requiring pangoft2
+-    fontconfig = dlopen(ffi, 'fontconfig', 'libfontconfig',
+-                        'libfontconfig-1.dll',
+-                        'libfontconfig.so.1', 'libfontconfig-1.dylib')
+-    pangoft2 = dlopen(ffi, 'pangoft2-1.0', 'libpangoft2-1.0-0',
+-                      'libpangoft2-1.0.so', 'libpangoft2-1.0.dylib')
++    fontconfig = dlopen(ffi, '@fontconfig@')
++    pangoft2 = dlopen(ffi, '@pangoft2@')
+ 
+     ffi.cdef('''
+         // FontConfig
+diff --git a/weasyprint/text.py b/weasyprint/text.py
+index 035074e9..08e40395 100644
+--- a/weasyprint/text.py
++++ b/weasyprint/text.py
+@@ -243,12 +243,9 @@ def dlopen(ffi, *names):
+     return ffi.dlopen(names[0])  # pragma: no cover
+ 
+ 
+-gobject = dlopen(ffi, 'gobject-2.0', 'libgobject-2.0-0', 'libgobject-2.0.so',
+-                 'libgobject-2.0.dylib')
+-pango = dlopen(ffi, 'pango-1.0', 'libpango-1.0-0', 'libpango-1.0.so',
+-               'libpango-1.0.dylib')
+-pangocairo = dlopen(ffi, 'pangocairo-1.0', 'libpangocairo-1.0-0',
+-                    'libpangocairo-1.0.so', 'libpangocairo-1.0.dylib')
++gobject = dlopen(ffi, '@gobject@')
++pango = dlopen(ffi, '@pango@')
++pangocairo = dlopen(ffi, '@pangocairo@')
+ 
+ gobject.g_type_init()
+