summary refs log tree commit diff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/clisp-remove-failing-test.patch43
-rw-r--r--gnu/packages/patches/cube-nocheck.patch16
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-14649.patch210
-rw-r--r--gnu/packages/patches/ocaml-graph-honor-source-date-epoch.patch34
-rw-r--r--gnu/packages/patches/openocd-nrf52.patch64
-rw-r--r--gnu/packages/patches/python-nose-timer-drop-ordereddict.patch44
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-13711.patch89
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-14167.patch69
-rw-r--r--gnu/packages/patches/xorg-server-CVE-2017-10971.patch153
-rw-r--r--gnu/packages/patches/xorg-server-CVE-2017-10972.patch35
10 files changed, 371 insertions, 386 deletions
diff --git a/gnu/packages/patches/clisp-remove-failing-test.patch b/gnu/packages/patches/clisp-remove-failing-test.patch
new file mode 100644
index 0000000000..e44ce80f74
--- /dev/null
+++ b/gnu/packages/patches/clisp-remove-failing-test.patch
@@ -0,0 +1,43 @@
+This test doesn't ever complete or timeout
+
+---
+ tests/socket.tst | 24 ------------------------
+ 1 file changed, 24 deletions(-)
+
+diff --git a/tests/socket.tst b/tests/socket.tst
+index 93c6310..1d976ff 100644
+--- a/tests/socket.tst
++++ b/tests/socket.tst
+@@ -551,30 +551,6 @@ T
+           interfaces))
+ ("0.0.0.0" "127.0.0.1" "0.0.0.0" "127.0.0.1")
+ 
+-(multiple-value-bind (run args) (cmd-args)
+-  (let ((se (socket:socket-server)))
+-    (ext:run-program run :arguments (append args (list "-q" "-q" "-x" (format nil "(close (socket:socket-connect ~D))" (socket:socket-server-port se))))
+-                     :wait nil :input nil :output nil)
+-    (unwind-protect
+-         (with-open-stream (so (socket:socket-accept se))
+-           (list
+-            (socket:socket-status so)
+-            (write-line "foo" so)
+-            (socket:socket-status so)
+-            #+macos (handler-case (read-char so)
+-                      (end-of-file (c)
+-                        (princ 'read-char) (princ-error c) t))
+-            #-macos (check-os-error (read-char so) (:ECONNRESET 104))
+-            (null (member (socket:socket-status so) '(:EOF :APPEND)))
+-            #+macos (string= (write-line "bar" so) "bar")
+-            #-macos (check-os-error (write-line "bar" so) (:EPIPE 32))
+-            (null (member (socket:socket-status so) '(:EOF :APPEND)))
+-            (handler-case (read-char so)
+-              (end-of-file (c)
+-                (princ 'read-char) (princ-error c) 'end-of-file))))
+-      (socket:socket-server-close se))))
+-(:OUTPUT "foo" :OUTPUT T NIL T NIL END-OF-FILE)
+-
+ ;; https://sourceforge.net/p/clisp/feature-requests/46/
+ (check-os-error (socket:socket-connect 0)
+   #-(or win32 macos) (:ECONNREFUSED 111)
+-- 
+
diff --git a/gnu/packages/patches/cube-nocheck.patch b/gnu/packages/patches/cube-nocheck.patch
new file mode 100644
index 0000000000..576044e622
--- /dev/null
+++ b/gnu/packages/patches/cube-nocheck.patch
@@ -0,0 +1,16 @@
+Unconditionally disable network check for new versions (from Fedora).
+
+diff -u /home/dlove/rpmbuild/BUILD/cube-4.3.4/src/GUI-qt/display/VersionCheckWidget.cpp\~ /home/dlove/rpmbuild/BUILD/cube-4.3.4/src/GUI-qt/display/VersionCheckWidget.cpp
+--- cube-4.3.4/src/GUI-qt/display/VersionCheckWidget.cpp~	2016-04-03 00:05:37.942066948 +0100
++++ cube-4.3.4/src/GUI-qt/display/VersionCheckWidget.cpp	2016-05-06 17:16:31.648143908 +0100
+@@ -52,7 +52,8 @@
+     url              = QUrl( UPDATE_CHECK_URL );
+     download         = NULL;
+     update_Available = false;
+-    bool no_http = env_str2bool( getenv( "CUBE_DISABLE_HTTP_DOCS" ) );
++    // bool no_http = env_str2bool( getenv( "CUBE_DISABLE_HTTP_DOCS" ) );
++    bool no_http = true;
+     if ( !no_http )
+     {
+         updateDescription =   tr( "Check for update is not performed yet." );
+
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-14649.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-14649.patch
new file mode 100644
index 0000000000..8e1166ba7a
--- /dev/null
+++ b/gnu/packages/patches/graphicsmagick-CVE-2017-14649.patch
@@ -0,0 +1,210 @@
+http://hg.code.sf.net/p/graphicsmagick/code/rev/358608a46f0a
+http://www.openwall.com/lists/oss-security/2017/09/22/2
+
+Some changes were made to make the patch apply.
+
+Notably, the DestroyJNG() function in the upstream diff has been replaced by
+its equivalent, a series of calls to MagickFreeMemory(), DestroyImageInfo(),
+and DestroyImage(). See
+http://hg.code.sf.net/p/graphicsmagick/code/rev/d445af60a8d5.
+
+# HG changeset patch
+# User Glenn Randers-Pehrson <glennrp+bmo@gmail.com>
+# Date 1504014487 14400
+# Node ID 358608a46f0a9c55e9bb8b37d09bf1ac9bc87f06
+# Parent  38c362f0ae5e7a914c3fe822284c6953f8e6eee2
+Fix Issue 439
+
+diff -ru a/coders/png.c b/coders/png.c
+--- a/coders/png.c	1969-12-31 19:00:00.000000000 -0500
++++ b/coders/png.c	2017-09-30 08:20:16.218944991 -0400
+@@ -1176,15 +1176,15 @@
+   /* allocate space */
+   if (length == 0)
+     {
+-      (void) ThrowException2(&image->exception,CoderWarning,
+-                             "invalid profile length",(char *) NULL);
++      (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++          "invalid profile length");
+       return (MagickFail);
+     }
+   info=MagickAllocateMemory(unsigned char *,length);
+   if (info == (unsigned char *) NULL)
+     {
+-      (void) ThrowException2(&image->exception,CoderWarning,
+-                             "unable to copy profile",(char *) NULL);
++      (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++          "Unable to copy profile");
+       return (MagickFail);
+     }
+   /* copy profile, skipping white space and column 1 "=" signs */
+@@ -1197,8 +1197,8 @@
+           if (*sp == '\0')
+             {
+               MagickFreeMemory(info);
+-              (void) ThrowException2(&image->exception,CoderWarning,
+-                                     "ran out of profile data",(char *) NULL);
++              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                  "ran out of profile data");
+               return (MagickFail);
+             }
+           sp++;
+@@ -1234,8 +1234,9 @@
+   if(SetImageProfile(image,profile_name,info,length) == MagickFail)
+     {
+       MagickFreeMemory(info);
+-      (void) ThrowException(&image->exception,ResourceLimitError,
+-                            MemoryAllocationFailed,"unable to copy profile");
++      (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++           "unable to copy profile");
++      return MagickFail;
+     }
+   MagickFreeMemory(info);
+   return MagickTrue;
+@@ -3285,7 +3286,6 @@
+               if (status == MagickFalse)
+                 {
+                   DestroyJNGInfo(color_image_info,alpha_image_info);
+-                  DestroyImage(alpha_image);
+                   (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+                       "    could not allocate alpha_image blob");
+                   return ((Image *)NULL);
+@@ -3534,7 +3534,7 @@
+       CloseBlob(color_image);
+       if (logging)
+         (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+-                              "    Reading jng_image from color_blob.");
++            "    Reading jng_image from color_blob.");
+
+       FormatString(color_image_info->filename,"%.1024s",color_image->filename);
+
+@@ -3558,13 +3558,18 @@
+
+       if (logging)
+         (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+-                              "    Copying jng_image pixels to main image.");
++            "    Copying jng_image pixels to main image.");
+       image->rows=jng_height;
+       image->columns=jng_width;
+       length=image->columns*sizeof(PixelPacket);
++      if ((jng_height == 0 || jng_width == 0) && logging)
++        (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++            "    jng_width=%lu jng_height=%lu",
++            (unsigned long)jng_width,(unsigned long)jng_height);
+       for (y=0; y < (long) image->rows; y++)
+         {
+-          s=AcquireImagePixels(jng_image,0,y,image->columns,1,&image->exception);
++          s=AcquireImagePixels(jng_image,0,y,image->columns,1,
++             &image->exception);
+           q=SetImagePixels(image,0,y,image->columns,1);
+           (void) memcpy(q,s,length);
+           if (!SyncImagePixels(image))
+@@ -3589,45 +3594,79 @@
+               CloseBlob(alpha_image);
+               if (logging)
+                 (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+-                                      "    Reading opacity from alpha_blob.");
++                     "    Reading opacity from alpha_blob.");
+
+               FormatString(alpha_image_info->filename,"%.1024s",
+                            alpha_image->filename);
+
+               jng_image=ReadImage(alpha_image_info,exception);
+
+-              for (y=0; y < (long) image->rows; y++)
++              if (jng_image == (Image *)NULL)
+                 {
+-                  s=AcquireImagePixels(jng_image,0,y,image->columns,1,
+-                                       &image->exception);
+-                  if (image->matte)
+-                    {
+-                      q=SetImagePixels(image,0,y,image->columns,1);
+-                      for (x=(long) image->columns; x > 0; x--,q++,s++)
+-                        q->opacity=(Quantum) MaxRGB-s->red;
+-                    }
+-                  else
++                  (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                       "    jng_image is NULL.");
++                  if (color_image_info)
++                    DestroyImageInfo(color_image_info);
++                  if (alpha_image_info)
++                    DestroyImageInfo(alpha_image_info);
++                  if (color_image)
++                    DestroyImage(color_image);
++                  if (alpha_image)
++                    DestroyImage(alpha_image);
++                }
++              else
++                {
++
++                  if (logging)
+                     {
+-                      q=SetImagePixels(image,0,y,image->columns,1);
+-                      for (x=(long) image->columns; x > 0; x--,q++,s++)
+-                        {
+-                          q->opacity=(Quantum) MaxRGB-s->red;
+-                          if (q->opacity != OpaqueOpacity)
+-                            image->matte=MagickTrue;
+-                        }
++                      (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                          "    Read jng_image.");
++                      (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                          "      jng_image->width=%lu, jng_image->height=%lu",
++                          (unsigned long)jng_width,(unsigned long)jng_height);
++                      (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                          "      image->rows=%lu, image->columns=%lu",
++                         (unsigned long)image->rows,
++                         (unsigned long)image->columns);
+                     }
+-                  if (!SyncImagePixels(image))
+-                    break;
+-                }
+-              (void) LiberateUniqueFileResource(alpha_image->filename);
+-              DestroyImage(alpha_image);
+-              alpha_image = (Image *)NULL;
+-              DestroyImageInfo(alpha_image_info);
+-              alpha_image_info = (ImageInfo *)NULL;
+-              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+-                  " Destroy the JNG image");
+-              DestroyImage(jng_image);
+-              jng_image = (Image *)NULL;
++
++                  for (y=0; y < (long) image->rows; y++)
++                   {
++                     s=AcquireImagePixels(jng_image,0,y,image->columns,1,
++                                          &image->exception);
++                     if (image->matte)
++                       {
++                         q=SetImagePixels(image,0,y,image->columns,1);
++                         for (x=(long) image->columns; x > 0; x--,q++,s++)
++                           q->opacity=(Quantum) MaxRGB-s->red;
++                       }
++                     else
++                       {
++                         q=SetImagePixels(image,0,y,image->columns,1);
++                         for (x=(long) image->columns; x > 0; x--,q++,s++)
++                           {
++                             q->opacity=(Quantum) MaxRGB-s->red;
++                             if (q->opacity != OpaqueOpacity)
++                               image->matte=MagickTrue;
++                           }
++                       }
++                     if (!SyncImagePixels(image))
++                       break;
++                   }
++                 (void) LiberateUniqueFileResource(alpha_image->filename);
++                 if (color_image_info)
++                   DestroyImageInfo(color_image_info);
++                 if (alpha_image_info)
++                   DestroyImageInfo(alpha_image_info);
++                 if (color_image)
++                   DestroyImage(color_image);
++                 if (alpha_image)
++                   DestroyImage(alpha_image);
++                 (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                     " Destroy the JNG image");
++                 DestroyImage(jng_image);
++                 jng_image = (Image *)NULL;
++               }
+             }
+         }
diff --git a/gnu/packages/patches/ocaml-graph-honor-source-date-epoch.patch b/gnu/packages/patches/ocaml-graph-honor-source-date-epoch.patch
new file mode 100644
index 0000000000..9f8713e3d3
--- /dev/null
+++ b/gnu/packages/patches/ocaml-graph-honor-source-date-epoch.patch
@@ -0,0 +1,34 @@
+From 354ef78aac0b887fae3c10b28eb2b0d83f66bdfe Mon Sep 17 00:00:00 2001
+From: Julien Lepiller <julien@lepiller.eu>
+Date: Mon, 2 Jan 2017 17:05:24 +0100
+Subject: [PATCH] Honor SOURCE_DATE_EPOCH
+
+---
+ Makefile.in | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/Makefile.in b/Makefile.in
+index a32b4b8..ef4c174 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -113,11 +113,16 @@ graph.cmx: $(CMI) $(CMX)
+	$(OCAMLOPT) $(INCLUDES) -pack -o $@ $^
+ 
+ VERSION=1.8.7
++ifdef SOURCE_DATE_EPOCH
++BUILD_DATE=$(shell date -u -d "@$(SOURCE_DATE_EPOCH)" 2>/dev/null || date -u -r "$(SOURCE_DATE_EPOCH)" 2>/dev/null || date)
++else
++BUILD_DATE=$(shell date)
++endif
+ 
+ src/version.ml: Makefile
+	rm -f $@
+	echo "let version = \""$(VERSION)"\"" > $@
+-	echo "let date = \""`date`"\"" >> $@
++	echo "let date = \""$(BUILD_DATE)"\"" >> $@
+ 
+ # gtk2 graph editor
+ ###################
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/openocd-nrf52.patch b/gnu/packages/patches/openocd-nrf52.patch
index 792575df78..0ec4348cb4 100644
--- a/gnu/packages/patches/openocd-nrf52.patch
+++ b/gnu/packages/patches/openocd-nrf52.patch
@@ -21,19 +21,19 @@ Signed-off-by: Michael Dietz <mjdietzx@gmail.com>
 ---
 
 diff --git a/src/flash/nor/Makefile.am b/src/flash/nor/Makefile.am
-index c167e8f..b6a2be3 100644
+index 727e4f2..839667c 100644
 --- a/src/flash/nor/Makefile.am
 +++ b/src/flash/nor/Makefile.am
-@@ -37,6 +37,7 @@ NOR_DRIVERS = \
- 	niietcm4.c \
- 	non_cfi.c \
- 	nrf51.c \
-+	nrf52.c \
- 	numicro.c \
- 	ocl.c \
- 	pic32mx.c \
+@@ -36,6 +36,7 @@ NOR_DRIVERS = \
+ 	%D%/niietcm4.c \
+ 	%D%/non_cfi.c \
+ 	%D%/nrf51.c \
++	%D%/nrf52.c \
+ 	%D%/numicro.c \
+ 	%D%/ocl.c \
+ 	%D%/pic32mx.c \
 diff --git a/src/flash/nor/drivers.c b/src/flash/nor/drivers.c
-index 56a5cb2..3e071bd 100644
+index 56a5cb2..071273e 100644
 --- a/src/flash/nor/drivers.c
 +++ b/src/flash/nor/drivers.c
 @@ -48,6 +48,7 @@ extern struct flash_driver mdr_flash;
@@ -48,7 +48,7 @@ index 56a5cb2..3e071bd 100644
  	&mrvlqspi_flash,
  	&niietcm4_flash,
  	&nrf51_flash,
-+	&nrf52_flash,
++       &nrf52_flash,
  	&numicro_flash,
  	&ocl_flash,
  	&pic32mx_flash,
@@ -792,47 +792,31 @@ index 0000000..7f2bd35
 +	.protect_check	= nrf52_protect_check,
 +};
 diff --git a/tcl/target/nrf52.cfg b/tcl/target/nrf52.cfg
-index c1cbf1a..a2567ff 100644
+index c1cbf1a..41a22ff 100644
 --- a/tcl/target/nrf52.cfg
 +++ b/tcl/target/nrf52.cfg
-@@ -5,15 +5,22 @@
- source [find target/swj-dp.tcl]
+@@ -10,6 +10,13 @@ if { [info exists CHIPNAME] } {
+ 	set _CHIPNAME nrf52
+ }
  
- if { [info exists CHIPNAME] } {
--	set _CHIPNAME $CHIPNAME
-+   set _CHIPNAME $CHIPNAME
- } else {
--	set _CHIPNAME nrf52
-+   set _CHIPNAME nrf52
-+}
-+
 +# Work-area is a space in RAM used for flash programming, by default use 16kB.
 +if { [info exists WORKAREASIZE] } {
-+   set _WORKAREASIZE $WORKAREASIZE
++        set _WORKAREASIZE $WORKAREASIZE
 +} else {
-+   set _WORKAREASIZE 0x4000
- }
- 
++        set _WORKAREASIZE 0x4000
++}
++
  if { [info exists CPUTAPID] } {
--	set _CPUTAPID $CPUTAPID
-+   set _CPUTAPID $CPUTAPID
+ 	set _CPUTAPID $CPUTAPID
  } else {
--	set _CPUTAPID 0x2ba01477
-+   set _CPUTAPID 0x2ba01477
- }
- 
- swj_newdap $_CHIPNAME cpu -expected-id $_CPUTAPID
-@@ -21,8 +28,15 @@ swj_newdap $_CHIPNAME cpu -expected-id $_CPUTAPID
- set _TARGETNAME $_CHIPNAME.cpu
+@@ -22,7 +29,15 @@ set _TARGETNAME $_CHIPNAME.cpu
  target create $_TARGETNAME cortex_m -chain-position $_TARGETNAME
  
--adapter_khz 10000
+ adapter_khz 10000
 +$_TARGETNAME configure -work-area-phys 0x20000000 -work-area-size $_WORKAREASIZE -work-area-backup 0
  
--if { ![using_hla] } {
--	cortex_m reset_config sysresetreq
-+if {![using_hla]} {
-+   cortex_m reset_config sysresetreq
+ if { ![using_hla] } {
+ 	cortex_m reset_config sysresetreq
  }
 +
 +flash bank $_CHIPNAME.flash nrf52 0x00000000 0 1 1 $_TARGETNAME
diff --git a/gnu/packages/patches/python-nose-timer-drop-ordereddict.patch b/gnu/packages/patches/python-nose-timer-drop-ordereddict.patch
new file mode 100644
index 0000000000..e1e71a332a
--- /dev/null
+++ b/gnu/packages/patches/python-nose-timer-drop-ordereddict.patch
@@ -0,0 +1,44 @@
+From 700076019b5aff72aac7651cc830aaef21ee9a47 Mon Sep 17 00:00:00 2001
+From: jakirkham <jakirkham@gmail.com>
+Date: Fri, 7 Jul 2017 05:57:56 -0400
+Subject: [PATCH] Drop ordereddict requirement (#84)
+
+* Drop ordereddict requirement
+
+As Python 2.7 is the minimum Python supported, every version of Python
+should have `ordereddict` preincluded in the standard library one way or
+another. So we can drop this dependency and just handle the differences
+between Python 2 and Python 3.
+---
+ nosetimer/plugin.py | 5 +----
+ setup.py            | 1 -
+ 2 files changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/nosetimer/plugin.py b/nosetimer/plugin.py
+index ef28e11..d093a51 100644
+--- a/nosetimer/plugin.py
++++ b/nosetimer/plugin.py
+@@ -12,10 +12,7 @@
+ except ImportError:
+     import queue as Queue
+ 
+-try:
+-    from collections import OrderedDict
+-except ImportError:
+-    from ordereddict import OrderedDict
++from collections import OrderedDict
+ 
+ 
+ # define constants
+diff --git a/setup.py b/setup.py
+index 6a55b82..d249325 100755
+--- a/setup.py
++++ b/setup.py
+@@ -27,7 +27,6 @@
+     install_requires=[
+         'nose',
+         'termcolor',
+-        'ordereddict',
+     ],
+     license='MIT',
+     entry_points={
diff --git a/gnu/packages/patches/qemu-CVE-2017-13711.patch b/gnu/packages/patches/qemu-CVE-2017-13711.patch
deleted file mode 100644
index 4070115419..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-13711.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-Fix CVE-2017-13711:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13711
-
-Patch copied from upstream source repository:
-
-https://git.qemu.org/?p=qemu.git;a=commitdiff;h=1201d308519f1e915866d7583d5136d03cc1d384
-
-From 1201d308519f1e915866d7583d5136d03cc1d384 Mon Sep 17 00:00:00 2001
-From: Samuel Thibault <samuel.thibault@ens-lyon.org>
-Date: Fri, 25 Aug 2017 01:35:53 +0200
-Subject: [PATCH] slirp: fix clearing ifq_so from pending packets
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The if_fastq and if_batchq contain not only packets, but queues of packets
-for the same socket. When sofree frees a socket, it thus has to clear ifq_so
-from all the packets from the queues, not only the first.
-
-Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- slirp/socket.c | 39 +++++++++++++++++++++++----------------
- 1 file changed, 23 insertions(+), 16 deletions(-)
-
-diff --git a/slirp/socket.c b/slirp/socket.c
-index ecec0295a9..cb7b5b608d 100644
---- a/slirp/socket.c
-+++ b/slirp/socket.c
-@@ -59,6 +59,27 @@ socreate(Slirp *slirp)
-   return(so);
- }
- 
-+/*
-+ * Remove references to so from the given message queue.
-+ */
-+static void
-+soqfree(struct socket *so, struct quehead *qh)
-+{
-+    struct mbuf *ifq;
-+
-+    for (ifq = (struct mbuf *) qh->qh_link;
-+             (struct quehead *) ifq != qh;
-+             ifq = ifq->ifq_next) {
-+        if (ifq->ifq_so == so) {
-+            struct mbuf *ifm;
-+            ifq->ifq_so = NULL;
-+            for (ifm = ifq->ifs_next; ifm != ifq; ifm = ifm->ifs_next) {
-+                ifm->ifq_so = NULL;
-+            }
-+        }
-+    }
-+}
-+
- /*
-  * remque and free a socket, clobber cache
-  */
-@@ -66,23 +87,9 @@ void
- sofree(struct socket *so)
- {
-   Slirp *slirp = so->slirp;
--  struct mbuf *ifm;
- 
--  for (ifm = (struct mbuf *) slirp->if_fastq.qh_link;
--       (struct quehead *) ifm != &slirp->if_fastq;
--       ifm = ifm->ifq_next) {
--    if (ifm->ifq_so == so) {
--      ifm->ifq_so = NULL;
--    }
--  }
--
--  for (ifm = (struct mbuf *) slirp->if_batchq.qh_link;
--       (struct quehead *) ifm != &slirp->if_batchq;
--       ifm = ifm->ifq_next) {
--    if (ifm->ifq_so == so) {
--      ifm->ifq_so = NULL;
--    }
--  }
-+  soqfree(so, &slirp->if_fastq);
-+  soqfree(so, &slirp->if_batchq);
- 
-   if (so->so_emu==EMU_RSH && so->extra) {
- 	sofree(so->extra);
--- 
-2.14.1
-
diff --git a/gnu/packages/patches/qemu-CVE-2017-14167.patch b/gnu/packages/patches/qemu-CVE-2017-14167.patch
deleted file mode 100644
index a6007ac082..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-14167.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-Fix CVE-2017-14167:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14167
-http://seclists.org/oss-sec/2017/q3/407
-
-Patch copied from upstream development mailing list:
-
-https://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg01483.html
-
-From: Prasad J Pandit <address@hidden>
-
-While loading kernel via multiboot-v1 image, (flags & 0x00010000)
-indicates that multiboot header contains valid addresses to load
-the kernel image. These addresses are used to compute kernel
-size and kernel text offset in the OS image. Validate these
-address values to avoid an OOB access issue.
-
-This is CVE-2017-14167.
-
-Reported-by: Thomas Garnier <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
----
- hw/i386/multiboot.c | 19 +++++++++++++++++++
- 1 file changed, 19 insertions(+)
-
-Update: add CVE-ID to the commit message.
-
-diff --git a/hw/i386/multiboot.c b/hw/i386/multiboot.c
-index 6001f4caa2..c7b70c91d5 100644
---- a/hw/i386/multiboot.c
-+++ b/hw/i386/multiboot.c
-@@ -221,15 +221,34 @@ int load_multiboot(FWCfgState *fw_cfg,
-         uint32_t mh_header_addr = ldl_p(header+i+12);
-         uint32_t mh_load_end_addr = ldl_p(header+i+20);
-         uint32_t mh_bss_end_addr = ldl_p(header+i+24);
-+
-         mh_load_addr = ldl_p(header+i+16);
-+        if (mh_header_addr < mh_load_addr) {
-+            fprintf(stderr, "invalid mh_load_addr address\n");
-+            exit(1);
-+        }
-+
-         uint32_t mb_kernel_text_offset = i - (mh_header_addr - mh_load_addr);
-         uint32_t mb_load_size = 0;
-         mh_entry_addr = ldl_p(header+i+28);
- 
-         if (mh_load_end_addr) {
-+            if (mh_bss_end_addr < mh_load_addr) {
-+                fprintf(stderr, "invalid mh_bss_end_addr address\n");
-+                exit(1);
-+            }
-             mb_kernel_size = mh_bss_end_addr - mh_load_addr;
-+
-+            if (mh_load_end_addr < mh_load_addr) {
-+                fprintf(stderr, "invalid mh_load_end_addr address\n");
-+                exit(1);
-+            }
-             mb_load_size = mh_load_end_addr - mh_load_addr;
-         } else {
-+            if (kernel_file_size < mb_kernel_text_offset) {
-+                fprintf(stderr, "invalid kernel_file_size\n");
-+                exit(1);
-+            }
-             mb_kernel_size = kernel_file_size - mb_kernel_text_offset;
-             mb_load_size = mb_kernel_size;
-         }
--- 
-2.13.5
-
diff --git a/gnu/packages/patches/xorg-server-CVE-2017-10971.patch b/gnu/packages/patches/xorg-server-CVE-2017-10971.patch
deleted file mode 100644
index 2696033e58..0000000000
--- a/gnu/packages/patches/xorg-server-CVE-2017-10971.patch
+++ /dev/null
@@ -1,153 +0,0 @@
-From 215f894965df5fb0bb45b107d84524e700d2073c Mon Sep 17 00:00:00 2001
-From: Michal Srb <msrb@suse.com>
-Date: Wed, 24 May 2017 15:54:40 +0300
-Subject: dix: Disallow GenericEvent in SendEvent request.
-
-The SendEvent request holds xEvent which is exactly 32 bytes long, no more,
-no less. Both ProcSendEvent and SProcSendEvent verify that the received data
-exactly match the request size. However nothing stops the client from passing
-in event with xEvent::type = GenericEvent and any value of
-xGenericEvent::length.
-
-In the case of ProcSendEvent, the event will be eventually passed to
-WriteEventsToClient which will see that it is Generic event and copy the
-arbitrary length from the receive buffer (and possibly past it) and send it to
-the other client. This allows clients to copy unitialized heap memory out of X
-server or to crash it.
-
-In case of SProcSendEvent, it will attempt to swap the incoming event by
-calling a swapping function from the EventSwapVector array. The swapped event
-is written to target buffer, which in this case is local xEvent variable. The
-xEvent variable is 32 bytes long, but the swapping functions for GenericEvents
-expect that the target buffer has size matching the size of the source
-GenericEvent. This allows clients to cause stack buffer overflows.
-
-Signed-off-by: Michal Srb <msrb@suse.com>
-Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
-Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
-
-diff --git a/dix/events.c b/dix/events.c
-index 3e3a01e..d3a33ea 100644
---- a/dix/events.c
-+++ b/dix/events.c
-@@ -5366,6 +5366,12 @@ ProcSendEvent(ClientPtr client)
-         client->errorValue = stuff->event.u.u.type;
-         return BadValue;
-     }
-+    /* Generic events can have variable size, but SendEvent request holds
-+       exactly 32B of event data. */
-+    if (stuff->event.u.u.type == GenericEvent) {
-+        client->errorValue = stuff->event.u.u.type;
-+        return BadValue;
-+    }
-     if (stuff->event.u.u.type == ClientMessage &&
-         stuff->event.u.u.detail != 8 &&
-         stuff->event.u.u.detail != 16 && stuff->event.u.u.detail != 32) {
-diff --git a/dix/swapreq.c b/dix/swapreq.c
-index 719e9b8..6785059 100644
---- a/dix/swapreq.c
-+++ b/dix/swapreq.c
-@@ -292,6 +292,13 @@ SProcSendEvent(ClientPtr client)
-     swapl(&stuff->destination);
-     swapl(&stuff->eventMask);
- 
-+    /* Generic events can have variable size, but SendEvent request holds
-+       exactly 32B of event data. */
-+    if (stuff->event.u.u.type == GenericEvent) {
-+        client->errorValue = stuff->event.u.u.type;
-+        return BadValue;
-+    }
-+
-     /* Swap event */
-     proc = EventSwapVector[stuff->event.u.u.type & 0177];
-     if (!proc || proc == NotImplemented)        /* no swapping proc; invalid event type? */
--- 
-cgit v0.10.2
-
-From 8caed4df36b1f802b4992edcfd282cbeeec35d9d Mon Sep 17 00:00:00 2001
-From: Michal Srb <msrb@suse.com>
-Date: Wed, 24 May 2017 15:54:41 +0300
-Subject: Xi: Verify all events in ProcXSendExtensionEvent.
-
-The requirement is that events have type in range
-EXTENSION_EVENT_BASE..lastEvent, but it was tested
-only for first event of all.
-
-Signed-off-by: Michal Srb <msrb@suse.com>
-Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
-Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
-
-diff --git a/Xi/sendexev.c b/Xi/sendexev.c
-index 1cf118a..5e63bfc 100644
---- a/Xi/sendexev.c
-+++ b/Xi/sendexev.c
-@@ -117,7 +117,7 @@ SProcXSendExtensionEvent(ClientPtr client)
- int
- ProcXSendExtensionEvent(ClientPtr client)
- {
--    int ret;
-+    int ret, i;
-     DeviceIntPtr dev;
-     xEvent *first;
-     XEventClass *list;
-@@ -141,10 +141,12 @@ ProcXSendExtensionEvent(ClientPtr client)
-     /* The client's event type must be one defined by an extension. */
- 
-     first = ((xEvent *) &stuff[1]);
--    if (!((EXTENSION_EVENT_BASE <= first->u.u.type) &&
--          (first->u.u.type < lastEvent))) {
--        client->errorValue = first->u.u.type;
--        return BadValue;
-+    for (i = 0; i < stuff->num_events; i++) {
-+        if (!((EXTENSION_EVENT_BASE <= first[i].u.u.type) &&
-+            (first[i].u.u.type < lastEvent))) {
-+            client->errorValue = first[i].u.u.type;
-+            return BadValue;
-+        }
-     }
- 
-     list = (XEventClass *) (first + stuff->num_events);
--- 
-cgit v0.10.2
-
-From ba336b24052122b136486961c82deac76bbde455 Mon Sep 17 00:00:00 2001
-From: Michal Srb <msrb@suse.com>
-Date: Wed, 24 May 2017 15:54:42 +0300
-Subject: Xi: Do not try to swap GenericEvent.
-
-The SProcXSendExtensionEvent must not attempt to swap GenericEvent because
-it is assuming that the event has fixed size and gives the swapping function
-xEvent-sized buffer.
-
-A GenericEvent would be later rejected by ProcXSendExtensionEvent anyway.
-
-Signed-off-by: Michal Srb <msrb@suse.com>
-Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
-Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
-
-diff --git a/Xi/sendexev.c b/Xi/sendexev.c
-index 5e63bfc..5c2e0fc 100644
---- a/Xi/sendexev.c
-+++ b/Xi/sendexev.c
-@@ -95,9 +95,17 @@ SProcXSendExtensionEvent(ClientPtr client)
- 
-     eventP = (xEvent *) &stuff[1];
-     for (i = 0; i < stuff->num_events; i++, eventP++) {
-+        if (eventP->u.u.type == GenericEvent) {
-+            client->errorValue = eventP->u.u.type;
-+            return BadValue;
-+        }
-+
-         proc = EventSwapVector[eventP->u.u.type & 0177];
--        if (proc == NotImplemented)     /* no swapping proc; invalid event type? */
-+        /* no swapping proc; invalid event type? */
-+        if (proc == NotImplemented) {
-+            client->errorValue = eventP->u.u.type;
-             return BadValue;
-+        }
-         (*proc) (eventP, &eventT);
-         *eventP = eventT;
-     }
--- 
-cgit v0.10.2
-
diff --git a/gnu/packages/patches/xorg-server-CVE-2017-10972.patch b/gnu/packages/patches/xorg-server-CVE-2017-10972.patch
deleted file mode 100644
index f24e9c0ae6..0000000000
--- a/gnu/packages/patches/xorg-server-CVE-2017-10972.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 05442de962d3dc624f79fc1a00eca3ffc5489ced Mon Sep 17 00:00:00 2001
-From: Michal Srb <msrb@suse.com>
-Date: Wed, 24 May 2017 15:54:39 +0300
-Subject: Xi: Zero target buffer in SProcXSendExtensionEvent.
-
-Make sure that the xEvent eventT is initialized with zeros, the same way as
-in SProcSendEvent.
-
-Some event swapping functions do not overwrite all 32 bytes of xEvent
-structure, for example XSecurityAuthorizationRevoked. Two cooperating
-clients, one swapped and the other not, can send
-XSecurityAuthorizationRevoked event to each other to retrieve old stack data
-from X server. This can be potentialy misused to go around ASLR or
-stack-protector.
-
-Signed-off-by: Michal Srb <msrb@suse.com>
-Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
-Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
-
-diff --git a/Xi/sendexev.c b/Xi/sendexev.c
-index 11d8202..1cf118a 100644
---- a/Xi/sendexev.c
-+++ b/Xi/sendexev.c
-@@ -78,7 +78,7 @@ SProcXSendExtensionEvent(ClientPtr client)
- {
-     CARD32 *p;
-     int i;
--    xEvent eventT;
-+    xEvent eventT = { .u.u.type = 0 };
-     xEvent *eventP;
-     EventSwapPtr proc;
- 
--- 
-cgit v0.10.2
-