7 files changed, 212 insertions, 199 deletions
diff --git a/gnu/packages/patches/cssc-gets-undeclared.patch b/gnu/packages/patches/cssc-gets-undeclared.patch
new file mode 100644
index 0000000000..68c607cf58
--- /dev/null
+++ b/gnu/packages/patches/cssc-gets-undeclared.patch
@@ -0,0 +1,17 @@
+CSSC uses a gets in a couple of places.  For security reasons, modern gnulib
+does not allow this.  This patch allows it again.
+--- CSSC-1.3.0/gl/lib/stdio.in.h	2010-05-15 00:15:35.000000000 +0200
++++ CSSC-1.3.0/gl/lib/stdio.in.h	2014-02-03 21:27:10.000000000 +0100
+@@ -135,12 +135,6 @@
+                  "use gnulib module fflush for portable POSIX compliance");
+ #endif
+ 
+-/* It is very rare that the developer ever has full control of stdin,
+-   so any use of gets warrants an unconditional warning.  Assume it is
+-   always declared, since it is required by C89.  */
+-#undef gets
+-_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
+-
+ #if @GNULIB_FOPEN@
+ # if @REPLACE_FOPEN@
+ #  if !(defined __cplusplus && defined GNULIB_NAMESPACE)
diff --git a/gnu/packages/patches/cssc-missing-include.patch b/gnu/packages/patches/cssc-missing-include.patch
new file mode 100644
index 0000000000..3cef9c15f1
--- /dev/null
+++ b/gnu/packages/patches/cssc-missing-include.patch
@@ -0,0 +1,12 @@
+Added a missing include file (necessary for gid_t and others).
+So far as I am aware, this has not been added upstream yet.
+--- CSSC-1.3.0/src/file.h	2010-05-16 19:31:33.000000000 +0200
++++ CSSC-1.3.0/src/file.h	2014-02-03 21:48:30.000000000 +0100
+@@ -30,6 +30,7 @@
+ #ifndef CSSC__FILE_H__
+ #define CSSC__FILE_H__
+ 
++#include <sys/types.h>
+ #include "filelock.h"
+ 
+ enum create_mode {
diff --git a/gnu/packages/patches/gtkglext-remove-pangox-dependency.patch b/gnu/packages/patches/gtkglext-remove-pangox-dependency.patch
deleted file mode 100644
index 4f03785322..0000000000
--- a/gnu/packages/patches/gtkglext-remove-pangox-dependency.patch
+++ /dev/null
@@ -1,132 +0,0 @@
-This patch removes the dependency on pangox which has been deprecated.  It
-achieves the same result as the upstream patch at 
-https://git.gnome.org/browse/gtkglext/commit/?id=df7a7b35b80b395d7ba411c7f727970a46fb0588
-Like the upstream patch, it removes the functions gdk_gl_font_use_pango_font,
-and gdk_gl_font_use_pango_font_for_display from the API.
-
-diff -r -U 3 a/configure b/configure
---- a/configure	2006-02-05 04:17:47.000000000 +0100
-+++ b/configure	2013-12-26 12:55:21.000000000 +0100
-@@ -19880,14 +19880,12 @@
- gtk+-2.0 >= 2.0.0 \\
- gdk-2.0 >= 2.0.0 \\
- pango >= 1.0.0 \\
--pangox >= 1.0.0 \\
- gmodule-2.0 >= 2.0.0 \\
- \"") >&5
-   ($PKG_CONFIG --exists --print-errors "\
- gtk+-2.0 >= 2.0.0 \
- gdk-2.0 >= 2.0.0 \
- pango >= 1.0.0 \
--pangox >= 1.0.0 \
- gmodule-2.0 >= 2.0.0 \
- ") 2>&5
-   ac_status=$?
-@@ -19897,7 +19895,6 @@
- gtk+-2.0 >= 2.0.0 \
- gdk-2.0 >= 2.0.0 \
- pango >= 1.0.0 \
--pangox >= 1.0.0 \
- gmodule-2.0 >= 2.0.0 \
- " 2>/dev/null`
- else
-@@ -19916,14 +19913,12 @@
- gtk+-2.0 >= 2.0.0 \\
- gdk-2.0 >= 2.0.0 \\
- pango >= 1.0.0 \\
--pangox >= 1.0.0 \\
- gmodule-2.0 >= 2.0.0 \\
- \"") >&5
-   ($PKG_CONFIG --exists --print-errors "\
- gtk+-2.0 >= 2.0.0 \
- gdk-2.0 >= 2.0.0 \
- pango >= 1.0.0 \
--pangox >= 1.0.0 \
- gmodule-2.0 >= 2.0.0 \
- ") 2>&5
-   ac_status=$?
-@@ -19933,7 +19928,6 @@
- gtk+-2.0 >= 2.0.0 \
- gdk-2.0 >= 2.0.0 \
- pango >= 1.0.0 \
--pangox >= 1.0.0 \
- gmodule-2.0 >= 2.0.0 \
- " 2>/dev/null`
- else
-@@ -19958,7 +19952,6 @@
- gtk+-2.0 >= 2.0.0 \
- gdk-2.0 >= 2.0.0 \
- pango >= 1.0.0 \
--pangox >= 1.0.0 \
- gmodule-2.0 >= 2.0.0 \
- "`
-         else
-@@ -19966,7 +19959,6 @@
- gtk+-2.0 >= 2.0.0 \
- gdk-2.0 >= 2.0.0 \
- pango >= 1.0.0 \
--pangox >= 1.0.0 \
- gmodule-2.0 >= 2.0.0 \
- "`
-         fi
-@@ -19977,7 +19969,6 @@
- gtk+-2.0 >= 2.0.0 \
- gdk-2.0 >= 2.0.0 \
- pango >= 1.0.0 \
--pangox >= 1.0.0 \
- gmodule-2.0 >= 2.0.0 \
- ) were not met:
- 
-@@ -19994,7 +19985,6 @@
- gtk+-2.0 >= 2.0.0 \
- gdk-2.0 >= 2.0.0 \
- pango >= 1.0.0 \
--pangox >= 1.0.0 \
- gmodule-2.0 >= 2.0.0 \
- ) were not met:
- 
-@@ -25420,7 +25410,7 @@
- # CFLAGS and LIBS
- ##################################################
- 
--GDKGLEXT_PACKAGES="gdk-2.0 pango pangox gmodule-2.0"
-+GDKGLEXT_PACKAGES="gdk-2.0 pango gmodule-2.0"
- GDKGLEXT_EXTRA_CFLAGS="$GL_CFLAGS $GDKGLEXT_WIN_CFLAGS"
- GDKGLEXT_EXTRA_LIBS="$GL_LIBS $GDKGLEXT_WIN_LIBS"
- GDKGLEXT_DEP_CFLAGS="$GDKGLEXT_EXTRA_CFLAGS `$PKG_CONFIG --cflags $GDKGLEXT_PACKAGES`"
-diff -r -U 3 a/gdk/x11/Makefile.in b/gdk/x11/Makefile.in
---- a/gdk/x11/Makefile.in	2006-02-05 04:17:42.000000000 +0100
-+++ b/gdk/x11/Makefile.in	2013-12-26 13:12:04.000000000 +0100
-@@ -257,7 +257,6 @@
- 	gdkgldrawable-x11.c	\
- 	gdkglpixmap-x11.c	\
- 	gdkglwindow-x11.c	\
--	gdkglfont-x11.c		\
- 	gdkglglxext.c
- 
- 
-@@ -288,7 +287,7 @@
- am__objects_1 =
- am__objects_2 = gdkglquery-x11.lo gdkglconfig-x11.lo gdkgloverlay-x11.lo \
- 	gdkglcontext-x11.lo gdkgldrawable-x11.lo gdkglpixmap-x11.lo \
--	gdkglwindow-x11.lo gdkglfont-x11.lo gdkglglxext.lo
-+	gdkglwindow-x11.lo gdkglglxext.lo
- am__objects_3 = $(am__objects_1) $(am__objects_2)
- am_libgdkglext_x11_la_OBJECTS = $(am__objects_3)
- libgdkglext_x11_la_OBJECTS = $(am_libgdkglext_x11_la_OBJECTS)
-@@ -299,7 +298,6 @@
- @AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/gdkglconfig-x11.Plo \
- @AMDEP_TRUE@	./$(DEPDIR)/gdkglcontext-x11.Plo \
- @AMDEP_TRUE@	./$(DEPDIR)/gdkgldrawable-x11.Plo \
--@AMDEP_TRUE@	./$(DEPDIR)/gdkglfont-x11.Plo \
- @AMDEP_TRUE@	./$(DEPDIR)/gdkglglxext.Plo \
- @AMDEP_TRUE@	./$(DEPDIR)/gdkgloverlay-x11.Plo \
- @AMDEP_TRUE@	./$(DEPDIR)/gdkglpixmap-x11.Plo \
-@@ -349,7 +347,6 @@
- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gdkglconfig-x11.Plo@am__quote@
- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gdkglcontext-x11.Plo@am__quote@
- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gdkgldrawable-x11.Plo@am__quote@
--@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gdkglfont-x11.Plo@am__quote@
- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gdkglglxext.Plo@am__quote@
- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gdkgloverlay-x11.Plo@am__quote@
- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gdkglpixmap-x11.Plo@am__quote@
diff --git a/gnu/packages/patches/module-init-tools-moduledir.patch b/gnu/packages/patches/module-init-tools-moduledir.patch
new file mode 100644
index 0000000000..68d7988f53
--- /dev/null
+++ b/gnu/packages/patches/module-init-tools-moduledir.patch
@@ -0,0 +1,168 @@
+This patch changes 'modprobe' & co. so they honor the 'LINUX_MODULE_DIRECTORY'
+environment variable, rather than looking for modules exclusively in
+/lib/modules.
+
+Patch by David Guibert, from Nixpkgs; adjusted to use 'LINUX_MODULE_DIRECTORY'
+rather than 'MODULE_DIR' as the variable name.
+
+commit cf2c95edb7918bc658f6cae93793c1949fc9cb6e
+Author: David Guibert <david.guibert@gmail.com>
+Date:   Fri Aug 5 14:20:12 2011 +0200
+
+    introduce module-dir
+
+diff --git a/depmod.c b/depmod.c
+index a1d2f8c..9362a35 100644
+--- a/depmod.c
++++ b/depmod.c
+@@ -48,9 +48,6 @@
+ 
+ #include "testing.h"
+ 
+-#ifndef MODULE_DIR
+-#define MODULE_DIR "/lib/modules/"
+-#endif
+ 
+ #ifndef MODULE_BUILTIN_KEY
+ #define MODULE_BUILTIN_KEY "built-in"
+@@ -1516,6 +1513,7 @@ static int parse_config_file(const char *filename,
+ 	char *line;
+ 	unsigned int linenum = 0;
+ 	FILE *cfile;
++ 	char *module_dir;
+ 
+ 	cfile = fopen(filename, "r");
+ 	if (!cfile) {
+@@ -1525,6 +1523,10 @@ static int parse_config_file(const char *filename,
+ 		return 0;
+ 	}
+ 
++        if((module_dir = getenv("LINUX_MODULE_DIRECTORY")) == NULL) {
++                module_dir = "/lib/modules/";
++        }
++
+ 	while ((line = getline_wrapped(cfile, &linenum)) != NULL) {
+ 		char *ptr = line;
+ 		char *cmd, *modname;
+@@ -1550,7 +1552,7 @@ static int parse_config_file(const char *filename,
+ 					continue;
+ 				}
+ 				nofail_asprintf(&dirname, "%s%s%s/%s", basedir,
+-					MODULE_DIR, kernelversion, search_path);
++					module_dir, kernelversion, search_path);
+ 				len = strlen(dirname);
+ 				*search = add_search(dirname, len, *search);
+ 				free(dirname);
+@@ -1565,7 +1567,7 @@ static int parse_config_file(const char *filename,
+ 				continue;
+ 
+ 			nofail_asprintf(&pathname, "%s%s%s/%s/%s.ko", basedir,
+-				MODULE_DIR, kernelversion, subdir, modname);
++				module_dir, kernelversion, subdir, modname);
+ 
+ 			*overrides = add_override(pathname, *overrides);
+ 			free(pathname);
+@@ -1737,6 +1739,7 @@ int main(int argc, char *argv[])
+ 	char *basedir = "", *dirname, *version;
+ 	char *system_map = NULL, *module_symvers = NULL;
+ 	int i;
++ 	char *module_dir;
+ 	const char *config = NULL;
+ 
+ 	if (native_endianness() == 0)
+@@ -1832,7 +1835,11 @@ int main(int argc, char *argv[])
+ 	if (optind == argc)
+ 		all = 1;
+ 
+-	nofail_asprintf(&dirname, "%s%s%s", basedir, MODULE_DIR, version);
++        if((module_dir = getenv("LINUX_MODULE_DIRECTORY")) == NULL) {
++                module_dir = "/lib/modules/";
++        }
++
++	nofail_asprintf(&dirname, "%s%s%s", basedir, module_dir, version);
+ 
+ 	if (maybe_all) {
+ 		if (!doing_stdout && !depfile_out_of_date(dirname))
+@@ -1850,7 +1857,7 @@ int main(int argc, char *argv[])
+ 		size_t len;
+ 
+ 		nofail_asprintf(&dirname, "%s%s%s/updates", basedir,
+-				MODULE_DIR, version);
++				module_dir, version);
+ 		len = strlen(dirname);
+ 		search = add_search(dirname, len, search);
+ 	}
+diff --git a/modinfo.c b/modinfo.c
+index 1dd8469..67b1041 100644
+--- a/modinfo.c
++++ b/modinfo.c
+@@ -19,9 +19,6 @@
+ #include "zlibsupport.h"
+ #include "testing.h"
+ 
+-#ifndef MODULE_DIR
+-#define MODULE_DIR "/lib/modules"
+-#endif
+ 
+ struct param
+ {
+@@ -193,6 +190,11 @@ static struct elf_file *grab_module(const char *name,
+ 	struct utsname buf;
+ 	char *depname, *p, *moddir;
+ 	struct elf_file *module;
++ 	char *module_dir;
++
++        if((module_dir = getenv("LINUX_MODULE_DIRECTORY")) == NULL) {
++                module_dir = "/lib/modules/";
++        }
+ 
+ 	if (strchr(name, '.') || strchr(name, '/')) {
+ 		module = grab_elf_file(name);
+@@ -207,9 +209,9 @@ static struct elf_file *grab_module(const char *name,
+ 		kernel = buf.release;
+ 	}
+ 	if (strlen(basedir))
+-		nofail_asprintf(&moddir, "%s/%s/%s", basedir, MODULE_DIR, kernel);
++		nofail_asprintf(&moddir, "%s/%s/%s", basedir, module_dir, kernel);
+ 	else
+-		nofail_asprintf(&moddir, "%s/%s", MODULE_DIR, kernel);
++		nofail_asprintf(&moddir, "%s/%s", module_dir, kernel);
+ 
+ 	/* Search for it in modules.dep. */
+ 	nofail_asprintf(&depname, "%s/%s", moddir, "modules.dep");
+diff --git a/modprobe.c b/modprobe.c
+index 5464f45..d9fbf9d 100644
+--- a/modprobe.c
++++ b/modprobe.c
+@@ -86,10 +86,6 @@ typedef enum
+ 
+ } modprobe_flags_t;
+ 
+-#ifndef MODULE_DIR
+-#define MODULE_DIR "/lib/modules"
+-#endif
+-
+ /**
+  * print_usage - output the prefered program usage
+  *
+@@ -2136,6 +2132,7 @@ int main(int argc, char *argv[])
+ 	struct modprobe_conf conf = {};
+ 
+ 	recursion_depth = 0;
++ 	char *module_dir = NULL;
+ 
+ 	/* Prepend options from environment. */
+ 	argv = merge_args(getenv("MODPROBE_OPTIONS"), argv, &argc);
+@@ -2233,7 +2230,11 @@ int main(int argc, char *argv[])
+ 	if (argc < optind + 1 && !dump_config && !list_only)
+ 		print_usage(argv[0]);
+ 
+-	nofail_asprintf(&dirname, "%s%s/%s", basedir, MODULE_DIR, buf.release);
++	if((module_dir = getenv("LINUX_MODULE_DIRECTORY")) == NULL) {
++		module_dir = "/lib/modules";
++	}
++
++	nofail_asprintf(&dirname, "%s%s/%s", basedir, module_dir, buf.release);
+ 
+ 	/* Old-style -t xxx wildcard?  Only with -l. */
+ 	if (list_only) {
diff --git a/gnu/packages/patches/openssl-CVE-2010-5298.patch b/gnu/packages/patches/openssl-CVE-2010-5298.patch
deleted file mode 100644
index 707a24dff0..0000000000
--- a/gnu/packages/patches/openssl-CVE-2010-5298.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From db978be7388852059cf54e42539a363d549c5bfd Mon Sep 17 00:00:00 2001
-From: Kurt Roeckx <kurt@roeckx.be>
-Date: Sun, 13 Apr 2014 15:05:30 +0200
-Subject: [PATCH] Don't release the buffer when there still is data in it
-
-RT: 2167, 3265
----
- ssl/s3_pkt.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
-index b9e45c7..32e9207 100644
---- a/ssl/s3_pkt.c
-+++ b/ssl/s3_pkt.c
-@@ -1055,7 +1055,8 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
- 				{
- 				s->rstate=SSL_ST_READ_HEADER;
- 				rr->off=0;
--				if (s->mode & SSL_MODE_RELEASE_BUFFERS)
-+				if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
-+					s->s3->rbuf.left == 0)
- 					ssl3_release_read_buffer(s);
- 				}
- 			}
--- 
-1.9.1
-
diff --git a/gnu/packages/patches/openssl-extension-checking-fixes.patch b/gnu/packages/patches/openssl-extension-checking-fixes.patch
deleted file mode 100644
index 3fdd893563..0000000000
--- a/gnu/packages/patches/openssl-extension-checking-fixes.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 300b9f0b704048f60776881f1d378c74d9c32fbd Mon Sep 17 00:00:00 2001
-From: "Dr. Stephen Henson" <steve@openssl.org>
-Date: Tue, 15 Apr 2014 18:48:54 +0100
-Subject: [PATCH] Extension checking fixes.
-
-When looking for an extension we need to set the last found
-position to -1 to properly search all extensions.
-
-PR#3309.
----
- crypto/x509v3/v3_purp.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
-index 6c40c7d..5f931db 100644
---- a/crypto/x509v3/v3_purp.c
-+++ b/crypto/x509v3/v3_purp.c
-@@ -389,8 +389,8 @@ static void x509v3_cache_extensions(X509 *x)
- 	/* Handle proxy certificates */
- 	if((pci=X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) {
- 		if (x->ex_flags & EXFLAG_CA
--		    || X509_get_ext_by_NID(x, NID_subject_alt_name, 0) >= 0
--		    || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) {
-+		    || X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0
-+		    || X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) {
- 			x->ex_flags |= EXFLAG_INVALID;
- 		}
- 		if (pci->pcPathLengthConstraint) {
-@@ -670,7 +670,7 @@ static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
- 		return 0;
- 
- 	/* Extended Key Usage MUST be critical */
--	i_ext = X509_get_ext_by_NID((X509 *) x, NID_ext_key_usage, 0);
-+	i_ext = X509_get_ext_by_NID((X509 *) x, NID_ext_key_usage, -1);
- 	if (i_ext >= 0)
- 		{
- 		X509_EXTENSION *ext = X509_get_ext((X509 *) x, i_ext);
--- 
-1.9.1
-
diff --git a/gnu/packages/patches/util-linux-perl.patch b/gnu/packages/patches/util-linux-perl.patch
new file mode 100644
index 0000000000..c657a1b5ae
--- /dev/null
+++ b/gnu/packages/patches/util-linux-perl.patch
@@ -0,0 +1,15 @@
+Use this common trick that exploits similarities between sh and Perl syntax
+to avoid a hard dependency on Perl.  Instead, this script will work only
+when 'perl' is available in $PATH.
+
+--- util-linux-2.21.2/misc-utils/chkdupexe.pl	2012-05-15 13:51:45.000000000 +0200
++++ util-linux-2.21.2/misc-utils/chkdupexe.pl	2014-06-01 22:46:06.000000000 +0200
+@@ -1,5 +1,6 @@
+-#!@PERL@ -w
+-#
++eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}'
++  & eval 'exec perl -wS "$0" $argv:q'
++    if 0;
+ # chkdupexe version 2.1.1
+ #
+ # Simple script to look for and list duplicate executables and dangling