diff options
Diffstat (limited to 'gnu/packages/patches')
| -rw-r--r-- | gnu/packages/patches/btrfs-progs-e-value-block.patch | 37 | ||||
| -rw-r--r-- | gnu/packages/patches/e2fsprogs-glibc-2.27.patch | 56 | ||||
| -rw-r--r-- | gnu/packages/patches/eigen-arm-neon-fixes.patch | 245 | ||||
| -rw-r--r-- | gnu/packages/patches/extundelete-e2fsprogs-1.44.patch | 23 | ||||
| -rw-r--r-- | gnu/packages/patches/gcc-4.8-libsanitizer-fix.patch | 15 | ||||
| -rw-r--r-- | gnu/packages/patches/lxc-CVE-2018-6556.patch | 116 | ||||
| -rw-r--r-- | gnu/packages/patches/openssh-CVE-2018-15473.patch | 165 | ||||
| -rw-r--r-- | gnu/packages/patches/qtoctave-qt-5.11-fix.patch | 26 | ||||
| -rw-r--r-- | gnu/packages/patches/racket-fix-xform-issue.patch | 63 | ||||
| -rw-r--r-- | gnu/packages/patches/racket-store-checksum-override.patch | 19 |
10 files changed, 216 insertions, 549 deletions
diff --git a/gnu/packages/patches/btrfs-progs-e-value-block.patch b/gnu/packages/patches/btrfs-progs-e-value-block.patch deleted file mode 100644 index 6365146431..0000000000 --- a/gnu/packages/patches/btrfs-progs-e-value-block.patch +++ /dev/null @@ -1,37 +0,0 @@ -From c78f59a971ce4b543f3177e383b677862b2d9fb5 Mon Sep 17 00:00:00 2001 -From: Qu Wenruo <wqu@suse.com> -Date: Wed, 14 Mar 2018 08:56:57 +0800 -Subject: [PATCH] btrfs-progs: convert/ext2: Remove check for - ext2_ext_attr_entry->e_value_block - -In latest e2fsprogs (1.44.0) definition of ext2_ext_attr_entry has -removed member e_value_block, as currently ext* doesn't support it set -anyway. - -So remove such check so that we can pass compile. - -Issue: #110 -Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199071 -Signed-off-by: Qu Wenruo <wqu@suse.com> -Signed-off-by: David Sterba <dsterba@suse.com> ---- - convert/source-ext2.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/convert/source-ext2.c b/convert/source-ext2.c -index b1492c78..070126ec 100644 ---- a/convert/source-ext2.c -+++ b/convert/source-ext2.c -@@ -422,8 +422,7 @@ static int ext2_xattr_check_entry(struct ext2_ext_attr_entry *entry, - { - size_t value_size = entry->e_value_size; - -- if (entry->e_value_block != 0 || value_size > size || -- entry->e_value_offs + value_size > size) -+ if (value_size > size || entry->e_value_offs + value_size > size) - return -EIO; - return 0; - } --- -2.16.3 - diff --git a/gnu/packages/patches/e2fsprogs-glibc-2.27.patch b/gnu/packages/patches/e2fsprogs-glibc-2.27.patch deleted file mode 100644 index f0bc7130c0..0000000000 --- a/gnu/packages/patches/e2fsprogs-glibc-2.27.patch +++ /dev/null @@ -1,56 +0,0 @@ -Copied from: -https://github.com/openwrt/openwrt/blob/58a95f0f8ff768b43d68eed2b6a786e0f40f723b/tools/e2fsprogs/patches/005-misc-rename-copy_file_range-to-copy_file_chunk.patch - -From 01551bdba16ab16512a01affe02ade32c41ede8a Mon Sep 17 00:00:00 2001 -From: Palmer Dabbelt <palmer@dabbelt.com> -Date: Fri, 29 Dec 2017 10:19:51 -0800 -Subject: [PATCH] misc: rename copy_file_range to copy_file_chunk - -As of 2.27, glibc will have a copy_file_range library call to wrap the -new copy_file_range system call. This conflicts with the function in -misc/create_inode.c, which this patch renames _copy_file_range. - -Signed-off-by: Palmer Dabbelt <palmer@dabbelt.com> -Signed-off-by: Theodore Ts'o <tytso@mit.edu> ---- - misc/create_inode.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - ---- a/misc/create_inode.c -+++ b/misc/create_inode.c -@@ -392,7 +392,7 @@ static ssize_t my_pread(int fd, void *bu - } - #endif /* !defined HAVE_PREAD64 && !defined HAVE_PREAD */ - --static errcode_t copy_file_range(ext2_filsys fs, int fd, ext2_file_t e2_file, -+static errcode_t copy_file_chunk(ext2_filsys fs, int fd, ext2_file_t e2_file, - off_t start, off_t end, char *buf, - char *zerobuf) - { -@@ -466,7 +466,7 @@ static errcode_t try_lseek_copy(ext2_fil - - data_blk = data & ~(fs->blocksize - 1); - hole_blk = (hole + (fs->blocksize - 1)) & ~(fs->blocksize - 1); -- err = copy_file_range(fs, fd, e2_file, data_blk, hole_blk, buf, -+ err = copy_file_chunk(fs, fd, e2_file, data_blk, hole_blk, buf, - zerobuf); - if (err) - return err; -@@ -516,7 +516,7 @@ static errcode_t try_fiemap_copy(ext2_fi - } - for (i = 0, ext = ext_buf; i < fiemap_buf->fm_mapped_extents; - i++, ext++) { -- err = copy_file_range(fs, fd, e2_file, ext->fe_logical, -+ err = copy_file_chunk(fs, fd, e2_file, ext->fe_logical, - ext->fe_logical + ext->fe_length, - buf, zerobuf); - if (err) -@@ -569,7 +569,7 @@ static errcode_t copy_file(ext2_filsys f - goto out; - #endif - -- err = copy_file_range(fs, fd, e2_file, 0, statbuf->st_size, buf, -+ err = copy_file_chunk(fs, fd, e2_file, 0, statbuf->st_size, buf, - zerobuf); - out: - ext2fs_free_mem(&zerobuf); diff --git a/gnu/packages/patches/eigen-arm-neon-fixes.patch b/gnu/packages/patches/eigen-arm-neon-fixes.patch deleted file mode 100644 index 0838f30463..0000000000 --- a/gnu/packages/patches/eigen-arm-neon-fixes.patch +++ /dev/null @@ -1,245 +0,0 @@ -# HG changeset patch -# User Gael Guennebaud <g.gael@free.fr> -# Date 1497514590 -7200 -# Node ID d781c1de98342c5ca29c2fe719d8d3c96a35dcd4 -# Parent 48cd83b2b459aa9f3f5dca135d38760fe0b02a2f -Bug 1436: fix compilation of Jacobi rotations with ARM NEON, some specializations of internal::conj_helper were missing. - -diff --git a/Eigen/Core b/Eigen/Core ---- a/Eigen/Core -+++ b/Eigen/Core -@@ -371,6 +371,7 @@ - #include "src/Core/MathFunctions.h" - #include "src/Core/GenericPacketMath.h" - #include "src/Core/MathFunctionsImpl.h" -+#include "src/Core/arch/Default/ConjHelper.h" - - #if defined EIGEN_VECTORIZE_AVX512 - #include "src/Core/arch/SSE/PacketMath.h" -diff --git a/Eigen/src/Core/arch/AVX/Complex.h b/Eigen/src/Core/arch/AVX/Complex.h ---- a/Eigen/src/Core/arch/AVX/Complex.h -+++ b/Eigen/src/Core/arch/AVX/Complex.h -@@ -204,23 +204,7 @@ - } - }; - --template<> struct conj_helper<Packet8f, Packet4cf, false,false> --{ -- EIGEN_STRONG_INLINE Packet4cf pmadd(const Packet8f& x, const Packet4cf& y, const Packet4cf& c) const -- { return padd(c, pmul(x,y)); } -- -- EIGEN_STRONG_INLINE Packet4cf pmul(const Packet8f& x, const Packet4cf& y) const -- { return Packet4cf(Eigen::internal::pmul(x, y.v)); } --}; -- --template<> struct conj_helper<Packet4cf, Packet8f, false,false> --{ -- EIGEN_STRONG_INLINE Packet4cf pmadd(const Packet4cf& x, const Packet8f& y, const Packet4cf& c) const -- { return padd(c, pmul(x,y)); } -- -- EIGEN_STRONG_INLINE Packet4cf pmul(const Packet4cf& x, const Packet8f& y) const -- { return Packet4cf(Eigen::internal::pmul(x.v, y)); } --}; -+EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet4cf,Packet8f) - - template<> EIGEN_STRONG_INLINE Packet4cf pdiv<Packet4cf>(const Packet4cf& a, const Packet4cf& b) - { -@@ -400,23 +384,7 @@ - } - }; - --template<> struct conj_helper<Packet4d, Packet2cd, false,false> --{ -- EIGEN_STRONG_INLINE Packet2cd pmadd(const Packet4d& x, const Packet2cd& y, const Packet2cd& c) const -- { return padd(c, pmul(x,y)); } -- -- EIGEN_STRONG_INLINE Packet2cd pmul(const Packet4d& x, const Packet2cd& y) const -- { return Packet2cd(Eigen::internal::pmul(x, y.v)); } --}; -- --template<> struct conj_helper<Packet2cd, Packet4d, false,false> --{ -- EIGEN_STRONG_INLINE Packet2cd pmadd(const Packet2cd& x, const Packet4d& y, const Packet2cd& c) const -- { return padd(c, pmul(x,y)); } -- -- EIGEN_STRONG_INLINE Packet2cd pmul(const Packet2cd& x, const Packet4d& y) const -- { return Packet2cd(Eigen::internal::pmul(x.v, y)); } --}; -+EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet2cd,Packet4d) - - template<> EIGEN_STRONG_INLINE Packet2cd pdiv<Packet2cd>(const Packet2cd& a, const Packet2cd& b) - { -diff --git a/Eigen/src/Core/arch/AltiVec/Complex.h b/Eigen/src/Core/arch/AltiVec/Complex.h ---- a/Eigen/src/Core/arch/AltiVec/Complex.h -+++ b/Eigen/src/Core/arch/AltiVec/Complex.h -@@ -224,23 +224,7 @@ - } - }; - --template<> struct conj_helper<Packet4f, Packet2cf, false,false> --{ -- EIGEN_STRONG_INLINE Packet2cf pmadd(const Packet4f& x, const Packet2cf& y, const Packet2cf& c) const -- { return padd(c, pmul(x,y)); } -- -- EIGEN_STRONG_INLINE Packet2cf pmul(const Packet4f& x, const Packet2cf& y) const -- { return Packet2cf(internal::pmul<Packet4f>(x, y.v)); } --}; -- --template<> struct conj_helper<Packet2cf, Packet4f, false,false> --{ -- EIGEN_STRONG_INLINE Packet2cf pmadd(const Packet2cf& x, const Packet4f& y, const Packet2cf& c) const -- { return padd(c, pmul(x,y)); } -- -- EIGEN_STRONG_INLINE Packet2cf pmul(const Packet2cf& x, const Packet4f& y) const -- { return Packet2cf(internal::pmul<Packet4f>(x.v, y)); } --}; -+EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet2cf,Packet4f) - - template<> EIGEN_STRONG_INLINE Packet2cf pdiv<Packet2cf>(const Packet2cf& a, const Packet2cf& b) - { -@@ -416,23 +400,8 @@ - return pconj(internal::pmul(a, b)); - } - }; --template<> struct conj_helper<Packet2d, Packet1cd, false,false> --{ -- EIGEN_STRONG_INLINE Packet1cd pmadd(const Packet2d& x, const Packet1cd& y, const Packet1cd& c) const -- { return padd(c, pmul(x,y)); } - -- EIGEN_STRONG_INLINE Packet1cd pmul(const Packet2d& x, const Packet1cd& y) const -- { return Packet1cd(internal::pmul<Packet2d>(x, y.v)); } --}; -- --template<> struct conj_helper<Packet1cd, Packet2d, false,false> --{ -- EIGEN_STRONG_INLINE Packet1cd pmadd(const Packet1cd& x, const Packet2d& y, const Packet1cd& c) const -- { return padd(c, pmul(x,y)); } -- -- EIGEN_STRONG_INLINE Packet1cd pmul(const Packet1cd& x, const Packet2d& y) const -- { return Packet1cd(internal::pmul<Packet2d>(x.v, y)); } --}; -+EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet1cd,Packet2d) - - template<> EIGEN_STRONG_INLINE Packet1cd pdiv<Packet1cd>(const Packet1cd& a, const Packet1cd& b) - { -diff --git a/Eigen/src/Core/arch/Default/ConjHelper.h b/Eigen/src/Core/arch/Default/ConjHelper.h -new file mode 100644 ---- /dev/null -+++ b/Eigen/src/Core/arch/Default/ConjHelper.h -@@ -0,0 +1,29 @@ -+ -+// This file is part of Eigen, a lightweight C++ template library -+// for linear algebra. -+// -+// Copyright (C) 2017 Gael Guennebaud <gael.guennebaud@inria.fr> -+// -+// This Source Code Form is subject to the terms of the Mozilla -+// Public License v. 2.0. If a copy of the MPL was not distributed -+// with this file, You can obtain one at http://mozilla.org/MPL/2.0/. -+ -+#ifndef EIGEN_ARCH_CONJ_HELPER_H -+#define EIGEN_ARCH_CONJ_HELPER_H -+ -+#define EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(PACKET_CPLX, PACKET_REAL) \ -+ template<> struct conj_helper<PACKET_REAL, PACKET_CPLX, false,false> { \ -+ EIGEN_STRONG_INLINE PACKET_CPLX pmadd(const PACKET_REAL& x, const PACKET_CPLX& y, const PACKET_CPLX& c) const \ -+ { return padd(c, pmul(x,y)); } \ -+ EIGEN_STRONG_INLINE PACKET_CPLX pmul(const PACKET_REAL& x, const PACKET_CPLX& y) const \ -+ { return PACKET_CPLX(Eigen::internal::pmul<PACKET_REAL>(x, y.v)); } \ -+ }; \ -+ \ -+ template<> struct conj_helper<PACKET_CPLX, PACKET_REAL, false,false> { \ -+ EIGEN_STRONG_INLINE PACKET_CPLX pmadd(const PACKET_CPLX& x, const PACKET_REAL& y, const PACKET_CPLX& c) const \ -+ { return padd(c, pmul(x,y)); } \ -+ EIGEN_STRONG_INLINE PACKET_CPLX pmul(const PACKET_CPLX& x, const PACKET_REAL& y) const \ -+ { return PACKET_CPLX(Eigen::internal::pmul<PACKET_REAL>(x.v, y)); } \ -+ }; -+ -+#endif // EIGEN_ARCH_CONJ_HELPER_H -diff --git a/Eigen/src/Core/arch/NEON/Complex.h b/Eigen/src/Core/arch/NEON/Complex.h ---- a/Eigen/src/Core/arch/NEON/Complex.h -+++ b/Eigen/src/Core/arch/NEON/Complex.h -@@ -265,6 +265,8 @@ - } - }; - -+EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet2cf,Packet4f) -+ - template<> EIGEN_STRONG_INLINE Packet2cf pdiv<Packet2cf>(const Packet2cf& a, const Packet2cf& b) - { - // TODO optimize it for NEON -@@ -456,6 +458,8 @@ - } - }; - -+EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet1cd,Packet2d) -+ - template<> EIGEN_STRONG_INLINE Packet1cd pdiv<Packet1cd>(const Packet1cd& a, const Packet1cd& b) - { - // TODO optimize it for NEON -diff --git a/Eigen/src/Core/arch/SSE/Complex.h b/Eigen/src/Core/arch/SSE/Complex.h ---- a/Eigen/src/Core/arch/SSE/Complex.h -+++ b/Eigen/src/Core/arch/SSE/Complex.h -@@ -229,23 +229,7 @@ - } - }; - --template<> struct conj_helper<Packet4f, Packet2cf, false,false> --{ -- EIGEN_STRONG_INLINE Packet2cf pmadd(const Packet4f& x, const Packet2cf& y, const Packet2cf& c) const -- { return padd(c, pmul(x,y)); } -- -- EIGEN_STRONG_INLINE Packet2cf pmul(const Packet4f& x, const Packet2cf& y) const -- { return Packet2cf(Eigen::internal::pmul<Packet4f>(x, y.v)); } --}; -- --template<> struct conj_helper<Packet2cf, Packet4f, false,false> --{ -- EIGEN_STRONG_INLINE Packet2cf pmadd(const Packet2cf& x, const Packet4f& y, const Packet2cf& c) const -- { return padd(c, pmul(x,y)); } -- -- EIGEN_STRONG_INLINE Packet2cf pmul(const Packet2cf& x, const Packet4f& y) const -- { return Packet2cf(Eigen::internal::pmul<Packet4f>(x.v, y)); } --}; -+EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet2cf,Packet4f) - - template<> EIGEN_STRONG_INLINE Packet2cf pdiv<Packet2cf>(const Packet2cf& a, const Packet2cf& b) - { -@@ -430,23 +414,7 @@ - } - }; - --template<> struct conj_helper<Packet2d, Packet1cd, false,false> --{ -- EIGEN_STRONG_INLINE Packet1cd pmadd(const Packet2d& x, const Packet1cd& y, const Packet1cd& c) const -- { return padd(c, pmul(x,y)); } -- -- EIGEN_STRONG_INLINE Packet1cd pmul(const Packet2d& x, const Packet1cd& y) const -- { return Packet1cd(Eigen::internal::pmul<Packet2d>(x, y.v)); } --}; -- --template<> struct conj_helper<Packet1cd, Packet2d, false,false> --{ -- EIGEN_STRONG_INLINE Packet1cd pmadd(const Packet1cd& x, const Packet2d& y, const Packet1cd& c) const -- { return padd(c, pmul(x,y)); } -- -- EIGEN_STRONG_INLINE Packet1cd pmul(const Packet1cd& x, const Packet2d& y) const -- { return Packet1cd(Eigen::internal::pmul<Packet2d>(x.v, y)); } --}; -+EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet1cd,Packet2d) - - template<> EIGEN_STRONG_INLINE Packet1cd pdiv<Packet1cd>(const Packet1cd& a, const Packet1cd& b) - { -diff --git a/Eigen/src/Core/arch/ZVector/Complex.h b/Eigen/src/Core/arch/ZVector/Complex.h ---- a/Eigen/src/Core/arch/ZVector/Complex.h -+++ b/Eigen/src/Core/arch/ZVector/Complex.h -@@ -336,6 +336,9 @@ - } - }; - -+EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet2cf,Packet4f) -+EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet1cd,Packet2d) -+ - template<> EIGEN_STRONG_INLINE Packet1cd pdiv<Packet1cd>(const Packet1cd& a, const Packet1cd& b) - { - // TODO optimize it for AltiVec diff --git a/gnu/packages/patches/extundelete-e2fsprogs-1.44.patch b/gnu/packages/patches/extundelete-e2fsprogs-1.44.patch new file mode 100644 index 0000000000..5a93a39b23 --- /dev/null +++ b/gnu/packages/patches/extundelete-e2fsprogs-1.44.patch @@ -0,0 +1,23 @@ +From: Tobias Geerinckx-Rice <me@tobias.gr> +Date: Thu, 16 Aug 2018 21:12:30 +0200 +Subject: extundelete: Fix build with e2fsprogs 1.44. + +The ‘inode.i_file_acl’ field was replaced with ‘inode.i_size_high’. I'm +not sure the field name is still accurate or useful, so don't print it +at all. + +Based on this[0] patch by ‘conikost’[1]. + +[0]: https://sourceforge.net/p/extundelete/tickets/5/ +[1]: https://sourceforge.net/u/conikost + +--- a/src/insertionops.cc 2012-12-30 18:23:32.000000000 +0100 ++++ b/src/insertionops.cc 2018-05-07 22:58:13.065868723 +0200 +@@ -33,7 +33,6 @@ + os << "File flags: " << inode.i_flags << std::endl; + os << "File version (for NFS): " << inode.i_generation << std::endl; + os << "File ACL: " << inode.i_file_acl << std::endl; +- os << "Directory ACL: " << inode.i_dir_acl << std::endl; + os << "Fragment address: " << inode.i_faddr << std::endl; + os << "Direct blocks: "; + for (int n = 0; n < EXT2_NDIR_BLOCKS; n++) diff --git a/gnu/packages/patches/gcc-4.8-libsanitizer-fix.patch b/gnu/packages/patches/gcc-4.8-libsanitizer-fix.patch new file mode 100644 index 0000000000..86a3ee912d --- /dev/null +++ b/gnu/packages/patches/gcc-4.8-libsanitizer-fix.patch @@ -0,0 +1,15 @@ +This is a backport of part of this patch from 6.5 to 4.8: + + https://gcc.gnu.org/git/?p=gcc.git;a=patch;h=8937b94d1a643fd9760714642296d034a45254a8 + +--- a/libsanitizer/tsan/tsan_platform_linux.cc ++++ b/libsanitizer/tsan/tsan_platform_linux.cc +@@ -351,7 +351,7 @@ bool IsGlobalVar(uptr addr) { + // closes within glibc. The code is a pure hack. + int ExtractResolvFDs(void *state, int *fds, int nfd) { + int cnt = 0; +- __res_state *statp = (__res_state*)state; ++ struct __res_state *statp = (struct __res_state*)state; + for (int i = 0; i < MAXNS && cnt < nfd; i++) { + if (statp->_u._ext.nsaddrs[i] && statp->_u._ext.nssocks[i] != -1) + fds[cnt++] = statp->_u._ext.nssocks[i]; diff --git a/gnu/packages/patches/lxc-CVE-2018-6556.patch b/gnu/packages/patches/lxc-CVE-2018-6556.patch deleted file mode 100644 index 7eab7101f1..0000000000 --- a/gnu/packages/patches/lxc-CVE-2018-6556.patch +++ /dev/null @@ -1,116 +0,0 @@ -Fix CVE-2018-6556: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6556 -https://bugzilla.suse.com/show_bug.cgi?id=988348#c8 - -Patch copied from upstream source repository: - -https://github.com/lxc/lxc/commit/c1cf54ebf251fdbad1e971679614e81649f1c032 - -From c1cf54ebf251fdbad1e971679614e81649f1c032 Mon Sep 17 00:00:00 2001 -From: Christian Brauner <christian.brauner@ubuntu.com> -Date: Wed, 25 Jul 2018 19:56:54 +0200 -Subject: [PATCH] CVE 2018-6556: verify netns fd in lxc-user-nic - -Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> ---- - src/lxc/cmd/lxc_user_nic.c | 35 ++++++++++++++++++++++++++++++++--- - src/lxc/utils.c | 12 ++++++++++++ - src/lxc/utils.h | 5 +++++ - 3 files changed, 49 insertions(+), 3 deletions(-) - -diff --git a/src/lxc/cmd/lxc_user_nic.c b/src/lxc/cmd/lxc_user_nic.c -index ec9cd97e0..c5beb6c8d 100644 ---- a/src/lxc/cmd/lxc_user_nic.c -+++ b/src/lxc/cmd/lxc_user_nic.c -@@ -1179,12 +1179,41 @@ int main(int argc, char *argv[]) - exit(EXIT_FAILURE); - } - } else if (request == LXC_USERNIC_DELETE) { -- netns_fd = open(args.pid, O_RDONLY); -+ char opath[LXC_PROC_PID_FD_LEN]; -+ -+ /* Open the path with O_PATH which will not trigger an actual -+ * open(). Don't report an errno to the caller to not leak -+ * information whether the path exists or not. -+ * When stracing setuid is stripped so this is not a concern -+ * either. -+ */ -+ netns_fd = open(args.pid, O_PATH | O_CLOEXEC); - if (netns_fd < 0) { -- usernic_error("Could not open \"%s\": %s\n", args.pid, -- strerror(errno)); -+ usernic_error("Failed to open \"%s\"\n", args.pid); -+ exit(EXIT_FAILURE); -+ } -+ -+ if (!fhas_fs_type(netns_fd, NSFS_MAGIC)) { -+ usernic_error("Path \"%s\" does not refer to a network namespace path\n", args.pid); -+ close(netns_fd); -+ exit(EXIT_FAILURE); -+ } -+ -+ ret = snprintf(opath, sizeof(opath), "/proc/self/fd/%d", netns_fd); -+ if (ret < 0 || (size_t)ret >= sizeof(opath)) { -+ close(netns_fd); -+ exit(EXIT_FAILURE); -+ } -+ -+ /* Now get an fd that we can use in setns() calls. */ -+ ret = open(opath, O_RDONLY | O_CLOEXEC); -+ if (ret < 0) { -+ usernic_error("Failed to open \"%s\": %s\n", args.pid, strerror(errno)); -+ close(netns_fd); - exit(EXIT_FAILURE); - } -+ close(netns_fd); -+ netns_fd = ret; - } - - if (!create_db_dir(LXC_USERNIC_DB)) { -diff --git a/src/lxc/utils.c b/src/lxc/utils.c -index 530b1f81a..3b854e35b 100644 ---- a/src/lxc/utils.c -+++ b/src/lxc/utils.c -@@ -2544,6 +2544,18 @@ bool has_fs_type(const char *path, fs_type_magic magic_val) - return has_type; - } - -+bool fhas_fs_type(int fd, fs_type_magic magic_val) -+{ -+ int ret; -+ struct statfs sb; -+ -+ ret = fstatfs(fd, &sb); -+ if (ret < 0) -+ return false; -+ -+ return is_fs_type(&sb, magic_val); -+} -+ - bool lxc_nic_exists(char *nic) - { - #define __LXC_SYS_CLASS_NET_LEN 15 + IFNAMSIZ + 1 -diff --git a/src/lxc/utils.h b/src/lxc/utils.h -index 6a0bebded..0805f5d0d 100644 ---- a/src/lxc/utils.h -+++ b/src/lxc/utils.h -@@ -95,6 +95,10 @@ - #define CGROUP2_SUPER_MAGIC 0x63677270 - #endif - -+#ifndef NSFS_MAGIC -+#define NSFS_MAGIC 0x6e736673 -+#endif -+ - /* Useful macros */ - /* Maximum number for 64 bit integer is a string with 21 digits: 2^64 - 1 = 21 */ - #define LXC_NUMSTRLEN64 21 -@@ -580,6 +584,7 @@ extern void *must_realloc(void *orig, size_t sz); - /* __typeof__ should be safe to use with all compilers. */ - typedef __typeof__(((struct statfs *)NULL)->f_type) fs_type_magic; - extern bool has_fs_type(const char *path, fs_type_magic magic_val); -+extern bool fhas_fs_type(int fd, fs_type_magic magic_val); - extern bool is_fs_type(const struct statfs *fs, fs_type_magic magic_val); - extern bool lxc_nic_exists(char *nic); - extern int lxc_make_tmpfile(char *template, bool rm); diff --git a/gnu/packages/patches/openssh-CVE-2018-15473.patch b/gnu/packages/patches/openssh-CVE-2018-15473.patch new file mode 100644 index 0000000000..26b2dc59c3 --- /dev/null +++ b/gnu/packages/patches/openssh-CVE-2018-15473.patch @@ -0,0 +1,165 @@ +Fix CVE-2018-15473, a method by which remote clients can enumerate +usernames on the server: + +http://seclists.org/oss-sec/2018/q3/124 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15473 + +Patch adapted from upstream source repository: + +https://anongit.mindrot.org/openssh.git/commit/?id=74287f5df9966a0648b4a68417451dd18f079ab8 + +From 74287f5df9966a0648b4a68417451dd18f079ab8 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" <djm@openbsd.org> +Date: Tue, 31 Jul 2018 03:10:27 +0000 +Subject: [PATCH] upstream: delay bailout for invalid authentic + +=?UTF-8?q?ating=20user=20until=20after=20the=20packet=20containing=20the?= +=?UTF-8?q?=20request=20has=20been=20fully=20parsed.=20Reported=20by=20Dar?= +=?UTF-8?q?iusz=20Tytko=20and=20Micha=C5=82=20Sajdak;=20ok=20deraadt?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +OpenBSD-Commit-ID: b4891882fbe413f230fe8ac8a37349b03bd0b70d +--- + auth2-gss.c | 11 +++++++---- + auth2-hostbased.c | 11 ++++++----- + auth2-pubkey.c | 25 +++++++++++++++---------- + 3 files changed, 28 insertions(+), 19 deletions(-) + +# Adapted from upstream to apply to OpenSSH 7.7p1. +diff --git a/auth2-gss.c b/auth2-gss.c +index 589283b7..1d7cfb39 100644 +--- a/auth2-gss.c ++++ b/auth2-gss.c +@@ -69,9 +69,6 @@ userauth_gssapi(struct ssh *ssh) + u_int len; + u_char *doid = NULL; + +- if (!authctxt->valid || authctxt->user == NULL) +- return (0); +- + mechs = packet_get_int(); + if (mechs == 0) { + debug("Mechanism negotiation is not supported"); +diff --git a/auth2-gss.c b/auth2-gss.c +index 47308c5c..9351e042 100644 +--- a/auth2-gss.c ++++ b/auth2-gss.c +@@ -106,6 +103,12 @@ userauth_gssapi(struct ssh *ssh) + return (0); + } + ++ if (!authctxt->valid || authctxt->user == NULL) { ++ debug2("%s: disabled because of invalid user", __func__); ++ free(doid); ++ return (0); ++ } ++ + if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) { + if (ctxt != NULL) + ssh_gssapi_delete_ctx(&ctxt); +diff --git a/auth2-hostbased.c b/auth2-hostbased.c +index 60159a56..35939329 100644 +--- a/auth2-hostbased.c ++++ b/auth2-hostbased.c +@@ -67,10 +67,6 @@ userauth_hostbased(struct ssh *ssh) + size_t alen, blen, slen; + int r, pktype, authenticated = 0; + +- if (!authctxt->valid) { +- debug2("%s: disabled because of invalid user", __func__); +- return 0; +- } + /* XXX use sshkey_froms() */ + if ((r = sshpkt_get_cstring(ssh, &pkalg, &alen)) != 0 || + (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0 || +@@ -117,6 +113,11 @@ userauth_hostbased(struct ssh *ssh) + goto done; + } + ++ if (!authctxt->valid || authctxt->user == NULL) { ++ debug2("%s: disabled because of invalid user", __func__); ++ goto done; ++ } ++ + if ((b = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + /* reconstruct packet */ +diff --git a/auth2-pubkey.c b/auth2-pubkey.c +index c4d0f790..e1c15040 100644 +--- a/auth2-pubkey.c ++++ b/auth2-pubkey.c +@@ -89,19 +89,15 @@ userauth_pubkey(struct ssh *ssh) + { + Authctxt *authctxt = ssh->authctxt; + struct passwd *pw = authctxt->pw; +- struct sshbuf *b; ++ struct sshbuf *b = NULL; + struct sshkey *key = NULL; +- char *pkalg, *userstyle = NULL, *key_s = NULL, *ca_s = NULL; +- u_char *pkblob, *sig, have_sig; ++ char *pkalg = NULL, *userstyle = NULL, *key_s = NULL, *ca_s = NULL; ++ u_char *pkblob = NULL, *sig = NULL, have_sig; + size_t blen, slen; + int r, pktype; + int authenticated = 0; + struct sshauthopt *authopts = NULL; + +- if (!authctxt->valid) { +- debug2("%s: disabled because of invalid user", __func__); +- return 0; +- } + if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 || + (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 || + (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0) +@@ -167,6 +163,11 @@ userauth_pubkey(struct ssh *ssh) + fatal("%s: sshbuf_put_string session id: %s", + __func__, ssh_err(r)); + } ++ if (!authctxt->valid || authctxt->user == NULL) { ++ debug2("%s: disabled because of invalid user", ++ __func__); ++ goto done; ++ } + /* reconstruct packet */ + xasprintf(&userstyle, "%s%s%s", authctxt->user, + authctxt->style ? ":" : "", +@@ -183,7 +184,6 @@ userauth_pubkey(struct ssh *ssh) + #ifdef DEBUG_PK + sshbuf_dump(b, stderr); + #endif +- + /* test for correct signature */ + authenticated = 0; + if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) && +@@ -194,7 +194,6 @@ userauth_pubkey(struct ssh *ssh) + authenticated = 1; + } + sshbuf_free(b); +- free(sig); + auth2_record_key(authctxt, authenticated, key); + } else { + debug("%s: test pkalg %s pkblob %s%s%s", +@@ -205,6 +204,11 @@ userauth_pubkey(struct ssh *ssh) + if ((r = sshpkt_get_end(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + ++ if (!authctxt->valid || authctxt->user == NULL) { ++ debug2("%s: disabled because of invalid user", ++ __func__); ++ goto done; ++ } + /* XXX fake reply and always send PK_OK ? */ + /* + * XXX this allows testing whether a user is allowed +@@ -238,6 +242,7 @@ done: + free(pkblob); + free(key_s); + free(ca_s); ++ free(sig); + return authenticated; + } + +-- +2.18.0 diff --git a/gnu/packages/patches/qtoctave-qt-5.11-fix.patch b/gnu/packages/patches/qtoctave-qt-5.11-fix.patch deleted file mode 100644 index 67317d1b36..0000000000 --- a/gnu/packages/patches/qtoctave-qt-5.11-fix.patch +++ /dev/null @@ -1,26 +0,0 @@ -This patch comes from upstream: -https://hg.savannah.gnu.org/hgweb/octave/rev/cdaa884568b1. - -# HG changeset patch -# User Mike Miller <mtmiller@octave.org> -# Date 1527214835 25200 -# Node ID cdaa884568b159549bd373f04386ff62417f6df9 -# Parent 9e39a53b4e007d3f79f88b711ab9fa5f2f24fbc9 -add Qt include needed to build against Qt 5.11 (bug #53978) - -* settings-dialog.cc: Add missing include for <QButtonGroup> to fix build -failure with Qt 5.11. - -diff --git a/libgui/src/settings-dialog.cc b/libgui/src/settings-dialog.cc ---- a/libgui/src/settings-dialog.cc -+++ b/libgui/src/settings-dialog.cc -@@ -34,6 +34,8 @@ - #include "workspace-model.h" - #include "settings-dialog.h" - #include "ui-settings-dialog.h" -+ -+#include <QButtonGroup> - #include <QDir> - #include <QFileInfo> - #include <QFileDialog> - diff --git a/gnu/packages/patches/racket-fix-xform-issue.patch b/gnu/packages/patches/racket-fix-xform-issue.patch deleted file mode 100644 index 0a1640ee51..0000000000 --- a/gnu/packages/patches/racket-fix-xform-issue.patch +++ /dev/null @@ -1,63 +0,0 @@ -050cdb59839896b41431791f8ee0ef2564231b8f -Author: Matthew Flatt <mflatt@racket-lang.org> -AuthorDate: Tue Mar 6 09:05:08 2018 -0700 -Commit: Matthew Flatt <mflatt@racket-lang.org> -CommitDate: Tue Mar 6 09:05:08 2018 -0700 - -Parent: efb9a919fc ffi docs: clarification on `unsafe-socket->port` -Containing: master -Follows: v5.0.1 (21612) - -xform: avoid problems with `__signbitf128` - -Closes #1962 and uses the suggested patch there, among other changes. - -2 files changed, 6 insertions(+), 3 deletions(-) -racket/collects/compiler/private/xform.rkt | 2 +- -racket/src/racket/src/number.c | 7 +++++-- - -diff --git a/racket/collects/compiler/private/xform.rkt b/racket/collects/compiler/private/xform.rkt -index 28a425c057..89ae848f9c 100644 ---- a/collects/compiler/private/xform.rkt -+++ b/collects/compiler/private/xform.rkt -@@ -904,7 +904,7 @@ - - strlen cos cosl sin sinl exp expl pow powl log logl sqrt sqrtl atan2 atan2l frexp - isnan isinf fpclass signbit _signbit _fpclass __fpclassify __fpclassifyf __fpclassifyl -- _isnan __isfinited __isnanl __isnan __signbit __signbitf __signbitd __signbitl -+ _isnan __isfinited __isnanl __isnan __signbit __signbitf __signbitd __signbitl __signbitf128 - __isinff __isinfl isnanf isinff __isinfd __isnanf __isnand __isinf __isinff128 - __inline_isnanl __inline_isnan __inline_signbit __inline_signbitf __inline_signbitd __inline_signbitl - __builtin_popcount __builtin_clz __builtin_isnan __builtin_isinf __builtin_signbit -diff --git a/racket/src/racket/src/number.c b/racket/src/racket/src/number.c -index 71f42aaf3c..3bbad3ba83 100644 ---- a/src/racket/src/number.c -+++ b/src/racket/src/number.c -@@ -1796,6 +1796,7 @@ double scheme_real_to_double(Scheme_Object *r) - } - - XFORM_NONGCING static MZ_INLINE int minus_zero_p(double d) -+ XFORM_SKIP_PROC - { - #ifdef MZ_IS_NEG_ZERO - return MZ_IS_NEG_ZERO(d); -@@ -1809,7 +1810,9 @@ int scheme_minus_zero_p(double d) - return minus_zero_p(d); - } - --static int rational_dbl_p(double f) { -+XFORM_NONGCING static int rational_dbl_p(double f) -+ XFORM_SKIP_PROC -+{ - return !(MZ_IS_NAN(f) - || MZ_IS_INFINITY(f)); - } -@@ -1955,7 +1958,7 @@ real_p(int argc, Scheme_Object *argv[]) - return (SCHEME_REALP(o) ? scheme_true : scheme_false); - } - --static int is_rational(const Scheme_Object *o) -+XFORM_NONGCING static int is_rational(const Scheme_Object *o) - { - if (SCHEME_FLOATP(o)) - return rational_dbl_p(SCHEME_FLOAT_VAL(o)); \ No newline at end of file diff --git a/gnu/packages/patches/racket-store-checksum-override.patch b/gnu/packages/patches/racket-store-checksum-override.patch index b22facca0d..6c9cd5198a 100644 --- a/gnu/packages/patches/racket-store-checksum-override.patch +++ b/gnu/packages/patches/racket-store-checksum-override.patch @@ -7,19 +7,23 @@ because the store is immutable. This patch makes Racket ignore checksums for files in the store. See <https://debbugs.gnu.org/30680> for details. +--- + collects/compiler/private/cm-minimal.rkt | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) -diff -ruN racket-6.12/collects/compiler/cm.rkt racket-6.12-patched/collects/compiler/cm.rkt ---- racket-6.12/collects/compiler/cm.rkt 1969-12-31 19:00:00.000000000 -0500 -+++ racket-6.12-patched/collects/compiler/cm.rkt 2018-08-12 06:36:46.061142149 -0400 +diff --git a/collects/compiler/private/cm-minimal.rkt b/collects/compiler/private/cm-minimal.rkt +index a5a5407..15af6b8 100644 +--- a/collects/compiler/private/cm-minimal.rkt ++++ b/collects/compiler/private/cm-minimal.rkt @@ -7,6 +7,7 @@ racket/list racket/path racket/promise + racket/string openssl/sha1 - racket/place setup/collects -@@ -627,6 +628,10 @@ + compiler/compilation-path +@@ -543,6 +544,10 @@ #f (list src-hash recorded-hash))) @@ -30,7 +34,7 @@ diff -ruN racket-6.12/collects/compiler/cm.rkt racket-6.12-patched/collects/comp (define (rkt->ss p) (if (path-has-extension? p #".rkt") (path-replace-extension p #".ss") -@@ -679,7 +684,8 @@ +@@ -595,7 +600,8 @@ (trace-printf "newer src... ~a > ~a" path-time path-zo-time) ;; If `sha1-only?', then `maybe-compile-zo' returns a #f or thunk: (maybe-compile-zo sha1-only? deps path->mode roots path orig-path read-src-syntax up-to-date collection-cache new-seen)] @@ -40,3 +44,6 @@ diff -ruN racket-6.12/collects/compiler/cm.rkt racket-6.12-patched/collects/comp => (lambda (difference) (trace-printf "different src hash... ~a" difference) ;; If `sha1-only?', then `maybe-compile-zo' returns a #f or thunk: +-- +2.18.0 + |