diff options
Diffstat (limited to 'gnu/packages/patches')
61 files changed, 2944 insertions, 1594 deletions
diff --git a/gnu/packages/patches/clang-runtime-asan-build-fixes.patch b/gnu/packages/patches/clang-runtime-asan-build-fixes.patch new file mode 100644 index 0000000000..e9db57d7cb --- /dev/null +++ b/gnu/packages/patches/clang-runtime-asan-build-fixes.patch @@ -0,0 +1,92 @@ +This patch works around build issues in libsanitizer. Note that we carry the +same patches for GCC since it includes the same libsanitizer. + +Work around this build error on glibc 2.26: + + /tmp/guix-build-clang-runtime-3.5.2.drv-0/compiler-rt-3.5.2.src/lib/asan/asan_linux.cc: In function 'bool __asan::AsanInterceptsSignal(int)': + /tmp/guix-build-clang-runtime-3.5.2.drv-0/compiler-rt-3.5.2.src/lib/asan/asan_linux.cc:224:20: error: 'SIGSEGV' was not declared in this scope + +diff --git a/libsanitizer/asan/asan_linux.cc b/libsanitizer/asan/asan_linux.cc +index c504168..59087b9 100644 +--- a/lib/asan/asan_linux.cc ++++ b/lib/asan/asan_linux.cc +@@ -29,6 +29,7 @@ + #include <dlfcn.h> + #include <fcntl.h> + #include <pthread.h> ++#include <signal.h> + #include <stdio.h> + #include <unistd.h> + #include <unwind.h> + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Now, work around this other error: + + /tmp/guix-build-clang-runtime-3.5.2.drv-0/compiler-rt-3.5.2.src/lib/sanitizer_common/sanitizer_stoptheworld_linux_libcdep.cc: In function 'int __sanitizer::TracerThread(void*)': + /tmp/guix-build-clang-runtime-3.5.2.drv-0/compiler-rt-3.5.2.src/lib/sanitizer_common/sanitizer_stoptheworld_linux_libcdep.cc:239:22: error: aggregate 'sigaltstack handler_stack' has incomplete type and cannot be defined + + +diff --git a/lib/sanitizer_common/sanitizer_linux.cc b/lib/sanitizer_common/sanitizer_linux.cc +index 2cefa20..223d9c6 100644 +--- a/lib/sanitizer_common/sanitizer_linux.cc ++++ b/lib/sanitizer_common/sanitizer_linux.cc +@@ -546,8 +546,7 @@ uptr internal_prctl(int option, uptr arg2, uptr arg3, uptr arg4, uptr arg5) { + } + #endif + +-uptr internal_sigaltstack(const struct sigaltstack *ss, +- struct sigaltstack *oss) { ++uptr internal_sigaltstack(const void *ss, void *oss) { + return internal_syscall(SYSCALL(sigaltstack), (uptr)ss, (uptr)oss); + } + +diff --git a/lib/sanitizer_common/sanitizer_linux.h b/lib/sanitizer_common/sanitizer_linux.h +index 4497702..1594058 100644 +--- a/lib/sanitizer_common/sanitizer_linux.h ++++ b/lib/sanitizer_common/sanitizer_linux.h +@@ -19,7 +19,6 @@ + #include "sanitizer_platform_limits_posix.h" + + struct link_map; // Opaque type returned by dlopen(). +-struct sigaltstack; + + namespace __sanitizer { + // Dirent structure for getdents(). Note that this structure is different from +@@ -28,8 +27,7 @@ struct linux_dirent; + + // Syscall wrappers. + uptr internal_getdents(fd_t fd, struct linux_dirent *dirp, unsigned int count); +-uptr internal_sigaltstack(const struct sigaltstack* ss, +- struct sigaltstack* oss); ++uptr internal_sigaltstack(const void* ss, void* oss); + uptr internal_sigprocmask(int how, __sanitizer_sigset_t *set, + __sanitizer_sigset_t *oldset); + void internal_sigfillset(__sanitizer_sigset_t *set); +diff --git a/lib/sanitizer_common/sanitizer_stoptheworld_linux_libcdep.cc b/lib/sanitizer_common/sanitizer_stoptheworld_linux_libcdep.cc +index c919e4f..014162af 100644 +--- a/lib/sanitizer_common/sanitizer_stoptheworld_linux_libcdep.cc ++++ b/lib/sanitizer_common/sanitizer_stoptheworld_linux_libcdep.cc +@@ -267,7 +267,7 @@ static int TracerThread(void* argument) { + + // Alternate stack for signal handling. + InternalScopedBuffer<char> handler_stack_memory(kHandlerStackSize); +- struct sigaltstack handler_stack; ++ stack_t handler_stack; + internal_memset(&handler_stack, 0, sizeof(handler_stack)); + handler_stack.ss_sp = handler_stack_memory.data(); + handler_stack.ss_size = kHandlerStackSize; +diff --git a/lib/tsan/tsan_platform_linux.cc b/lib/tsan/tsan_platform_linux.cc +index 09cec5f..908f4fe 100644 +--- a/lib/tsan/rtl/tsan_platform_linux.cc ++++ b/lib/tsan/rtl/tsan_platform_linux.cc +@@ -291,7 +291,7 @@ bool IsGlobalVar(uptr addr) { + int ExtractResolvFDs(void *state, int *fds, int nfd) { + #if SANITIZER_LINUX + int cnt = 0; +- __res_state *statp = (__res_state*)state; ++ struct __res_state *statp = (struct __res_state*)state; + for (int i = 0; i < MAXNS && cnt < nfd; i++) { + if (statp->_u._ext.nsaddrs[i] && statp->_u._ext.nssocks[i] != -1) + fds[cnt++] = statp->_u._ext.nssocks[i]; +-- +2.9.3 diff --git a/gnu/packages/patches/clang-runtime-esan-build-fixes.patch b/gnu/packages/patches/clang-runtime-esan-build-fixes.patch new file mode 100644 index 0000000000..743051ac15 --- /dev/null +++ b/gnu/packages/patches/clang-runtime-esan-build-fixes.patch @@ -0,0 +1,19 @@ +Fix esan compilation against glibc 2.26: + + /tmp/guix-build-clang-runtime-3.9.1.drv-0/compiler-rt-3.9.1.src/lib/esan/esan_sideline_linux.cpp: In static member function ‘static int __esan::SidelineThread::runSideline(void*)’: + /tmp/guix-build-clang-runtime-3.9.1.drv-0/compiler-rt-3.9.1.src/lib/esan/esan_sideline_linux.cpp:73:22: error: aggregate ‘__esan::SidelineThread::runSideline(void*)::sigaltstack SigAltStack’ has incomplete type and cannot be defined + +Patch from <https://github.com/google/sanitizers/issues/822>. + +index d04f5909d..bc272dfe4 100644 +--- a/lib/esan/esan_sideline_linux.cpp ++++ b/lib/esan/esan_sideline_linux.cpp +@@ -70,7 +70,7 @@ int SidelineThread::runSideline(void *Arg) { + + // Set up a signal handler on an alternate stack for safety. + InternalScopedBuffer<char> StackMap(SigAltStackSize); +- struct sigaltstack SigAltStack; ++ stack_t SigAltStack; + SigAltStack.ss_sp = StackMap.data(); + SigAltStack.ss_size = SigAltStackSize; + SigAltStack.ss_flags = 0; diff --git a/gnu/packages/patches/clementine-remove-crypto++-dependency.patch b/gnu/packages/patches/clementine-remove-crypto++-dependency.patch new file mode 100644 index 0000000000..e7cf80ddee --- /dev/null +++ b/gnu/packages/patches/clementine-remove-crypto++-dependency.patch @@ -0,0 +1,19 @@ +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 3202b8b..473ecb9 100755 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -279,14 +279,6 @@ optional_component(LIBPULSE ON "Pulse audio integration" + + optional_component(VISUALISATIONS ON "Visualisations") + +-if(NOT HAVE_SPOTIFY_BLOB AND NOT CRYPTOPP_FOUND) +- message(FATAL_ERROR "Either crypto++ must be available or the non-GPL Spotify " +- "code must be compiled in") +-elseif(CRYPTOPP_FOUND) +- set(HAVE_CRYPTOPP ON) +- set(HAVE_SPOTIFY_DOWNLOADER ON) +-endif() +- + # Find DBus if it's enabled + if (HAVE_DBUS) + find_package(Qt5 COMPONENTS DBus) diff --git a/gnu/packages/patches/clisp-glibc-2.26.patch b/gnu/packages/patches/clisp-glibc-2.26.patch new file mode 100644 index 0000000000..c8920ceccc --- /dev/null +++ b/gnu/packages/patches/clisp-glibc-2.26.patch @@ -0,0 +1,20 @@ +This patch comes from Debian. + +Description: cfree is not present in glibc-2.26, stop wrapping it +Author: Adam Conrad <adconrad@ubuntu.com> +Bug: https://sourceforge.net/p/clisp/bugs/717/ +Bug-Debian: https://bugs.debian.org/880686 +Applied-Upstream: https://sourceforge.net/p/clisp/clisp/ci/3bc928712d150ff1e5f6b2bfb7838655f3ff52fa/ +Reviewed-By: Sébastien Villemot <sebastien@debian.org> +Last-Update: 2017-11-27 + +--- clisp-2.49.20170913.orig/modules/bindings/glibc/linux.lisp ++++ clisp-2.49.20170913/modules/bindings/glibc/linux.lisp +@@ -649,7 +649,6 @@ + (def-call-out calloc (:arguments (nmemb size_t) (size size_t)) + (:return-type c-pointer)) + (def-call-out free (:arguments (ptr c-pointer)) (:return-type nil)) +-(def-call-out cfree (:arguments (ptr c-pointer)) (:return-type nil)) + (def-call-out valloc (:arguments (size size_t)) (:return-type c-pointer)) + + (def-call-out abort (:arguments) (:return-type nil)) diff --git a/gnu/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch b/gnu/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch deleted file mode 100644 index 88b2e7f25a..0000000000 --- a/gnu/packages/patches/crypto++-fix-dos-in-asn.1-decoders.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 3d9181d7bdd8e491f745dbc9e34bd20b6f6da069 Mon Sep 17 00:00:00 2001 -From: Gergely Nagy <ngg@tresorit.com> -Date: Wed, 14 Dec 2016 13:19:01 +0100 -Subject: [PATCH] Fix possible DoS in ASN.1 decoders (CVE-2016-9939) - ---- - asn.cpp | 10 ++++++++++ - asn.h | 2 ++ - 2 files changed, 12 insertions(+) - -diff --git a/asn.cpp b/asn.cpp -index 297ff010..2e923ef7 100644 ---- a/asn.cpp -+++ b/asn.cpp -@@ -123,6 +123,8 @@ size_t BERDecodeOctetString(BufferedTransformation &bt, SecByteBlock &str) - size_t bc; - if (!BERLengthDecode(bt, bc)) - BERDecodeError(); -+ if (bc > bt.MaxRetrievable()) -+ BERDecodeError(); - - str.New(bc); - if (bc != bt.Get(str, bc)) -@@ -139,6 +141,8 @@ size_t BERDecodeOctetString(BufferedTransformation &bt, BufferedTransformation & - size_t bc; - if (!BERLengthDecode(bt, bc)) - BERDecodeError(); -+ if (bc > bt.MaxRetrievable()) -+ BERDecodeError(); - - bt.TransferTo(str, bc); - return bc; -@@ -161,6 +165,8 @@ size_t BERDecodeTextString(BufferedTransformation &bt, std::string &str, byte as - size_t bc; - if (!BERLengthDecode(bt, bc)) - BERDecodeError(); -+ if (bc > bt.MaxRetrievable()) -+ BERDecodeError(); - - SecByteBlock temp(bc); - if (bc != bt.Get(temp, bc)) -@@ -188,6 +194,10 @@ size_t BERDecodeBitString(BufferedTransformation &bt, SecByteBlock &str, unsigne - size_t bc; - if (!BERLengthDecode(bt, bc)) - BERDecodeError(); -+ if (bc == 0) -+ BERDecodeError(); -+ if (bc > bt.MaxRetrievable()) -+ BERDecodeError(); - - byte unused; - if (!bt.Get(unused)) -diff --git a/asn.h b/asn.h -index ed9de52c..33f0dd09 100644 ---- a/asn.h -+++ b/asn.h -@@ -498,6 +498,8 @@ void BERDecodeUnsigned(BufferedTransformation &in, T &w, byte asnTag = INTEGER, - bool definite = BERLengthDecode(in, bc); - if (!definite) - BERDecodeError(); -+ if (bc > in.MaxRetrievable()) -+ BERDecodeError(); - - SecByteBlock buf(bc); - diff --git a/gnu/packages/patches/dovecot-CVE-2017-15132.patch b/gnu/packages/patches/dovecot-CVE-2017-15132.patch new file mode 100644 index 0000000000..32666b8557 --- /dev/null +++ b/gnu/packages/patches/dovecot-CVE-2017-15132.patch @@ -0,0 +1,36 @@ +Fix CVE-2017-15132: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15132 + +Patch copied from upstream source repository: + +https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060 + +From 1a29ed2f96da1be22fa5a4d96c7583aa81b8b060 Mon Sep 17 00:00:00 2001 +From: Timo Sirainen <timo.sirainen@dovecot.fi> +Date: Mon, 18 Dec 2017 16:50:51 +0200 +Subject: [PATCH] lib-auth: Fix memory leak in auth_client_request_abort() + +This caused memory leaks when authentication was aborted. For example +with IMAP: + +a AUTHENTICATE PLAIN +* + +Broken by 9137c55411aa39d41c1e705ddc34d5bd26c65021 +--- + src/lib-auth/auth-client-request.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/lib-auth/auth-client-request.c b/src/lib-auth/auth-client-request.c +index 480fb42b30..046f7c307d 100644 +--- a/src/lib-auth/auth-client-request.c ++++ b/src/lib-auth/auth-client-request.c +@@ -186,6 +186,7 @@ void auth_client_request_abort(struct auth_client_request **_request) + + auth_client_send_cancel(request->conn->client, request->id); + call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL); ++ pool_unref(&request->pool); + } + + unsigned int auth_client_request_get_id(struct auth_client_request *request) diff --git a/gnu/packages/patches/dtc-32-bits-check.patch b/gnu/packages/patches/dtc-32-bits-check.patch deleted file mode 100644 index cf15be3404..0000000000 --- a/gnu/packages/patches/dtc-32-bits-check.patch +++ /dev/null @@ -1,134 +0,0 @@ -This fixes tests on 32 bits platforms. Patch taken from upstream. - -commit f8872e29ce06d78d3db71b3ab26a7465fc8a9586 -Author: David Gibson <david@gibson.dropbear.id.au> -Date: Fri Oct 6 23:07:30 2017 +1100 - - tests: Avoid 64-bit arithmetic in assembler - - For testing we (ab)use the assembler to build us a sample dtb, independent - of the other tools (dtc and libfdt) that we're trying to test. In a few - places this uses 64-bit arithmetic to decompose 64-bit constants into - the individual bytes in the blob. - - Unfortunately, it seems that some builds of GNU as don't support >32 bit - arithmetic, though it's not entirely clear to me which do and which don't - (Fedora i386 does support 64-bit, Debian arm32 doesn't). - - Anyway, to be safe, this avoids 64-bit arithmetic in assembler at the cost - of some extra awkwardness because we have to define the values in 32-bit - halves. - - Signed-off-by: David Gibson <david@gibson.dropbear.id.au> - -diff --git a/tests/testdata.h b/tests/testdata.h -index 3588778..f6bbe1d 100644 ---- a/tests/testdata.h -+++ b/tests/testdata.h -@@ -4,15 +4,25 @@ - #define ASM_CONST_LL(x) (x##ULL) - #endif - --#define TEST_ADDR_1 ASM_CONST_LL(0xdeadbeef00000000) --#define TEST_SIZE_1 ASM_CONST_LL(0x100000) --#define TEST_ADDR_2 ASM_CONST_LL(123456789) --#define TEST_SIZE_2 ASM_CONST_LL(010000) -+#define TEST_ADDR_1H ASM_CONST_LL(0xdeadbeef) -+#define TEST_ADDR_1L ASM_CONST_LL(0x00000000) -+#define TEST_ADDR_1 ((TEST_ADDR_1H << 32) | TEST_ADDR_1L) -+#define TEST_SIZE_1H ASM_CONST_LL(0x00000000) -+#define TEST_SIZE_1L ASM_CONST_LL(0x00100000) -+#define TEST_SIZE_1 ((TEST_SIZE_1H << 32) | TEST_SIZE_1L) -+#define TEST_ADDR_2H ASM_CONST_LL(0) -+#define TEST_ADDR_2L ASM_CONST_LL(123456789) -+#define TEST_ADDR_2 ((TEST_ADDR_2H << 32) | TEST_ADDR_2L) -+#define TEST_SIZE_2H ASM_CONST_LL(0) -+#define TEST_SIZE_2L ASM_CONST_LL(010000) -+#define TEST_SIZE_2 ((TEST_SIZE_2H << 32) | TEST_SIZE_2L) - - #define TEST_VALUE_1 0xdeadbeef - #define TEST_VALUE_2 123456789 - --#define TEST_VALUE64_1 ASM_CONST_LL(0xdeadbeef01abcdef) -+#define TEST_VALUE64_1H ASM_CONST_LL(0xdeadbeef) -+#define TEST_VALUE64_1L ASM_CONST_LL(0x01abcdef) -+#define TEST_VALUE64_1 ((TEST_VALUE64_1H << 32) | TEST_VALUE64_1L) - - #define PHANDLE_1 0x2000 - #define PHANDLE_2 0x2001 -diff --git a/tests/trees.S b/tests/trees.S -index 9854d1d..9859914 100644 ---- a/tests/trees.S -+++ b/tests/trees.S -@@ -7,16 +7,6 @@ - .byte ((val) >> 8) & 0xff ; \ - .byte (val) & 0xff ; - --#define FDTQUAD(val) \ -- .byte ((val) >> 56) & 0xff ; \ -- .byte ((val) >> 48) & 0xff ; \ -- .byte ((val) >> 40) & 0xff ; \ -- .byte ((val) >> 32) & 0xff ; \ -- .byte ((val) >> 24) & 0xff ; \ -- .byte ((val) >> 16) & 0xff ; \ -- .byte ((val) >> 8) & 0xff ; \ -- .byte (val) & 0xff ; -- - #define TREE_HDR(tree) \ - .balign 8 ; \ - .globl _##tree ; \ -@@ -33,14 +23,16 @@ tree: \ - FDTLONG(tree##_strings_end - tree##_strings) ; \ - FDTLONG(tree##_struct_end - tree##_struct) ; - --#define RSVMAP_ENTRY(addr, len) \ -- FDTQUAD(addr) ; \ -- FDTQUAD(len) ; \ -+#define RSVMAP_ENTRY(addrh, addrl, lenh, lenl) \ -+ FDTLONG(addrh) ; \ -+ FDTLONG(addrl) ; \ -+ FDTLONG(lenh) ; \ -+ FDTLONG(lenl) - - #define EMPTY_RSVMAP(tree) \ - .balign 8 ; \ - tree##_rsvmap: ; \ -- RSVMAP_ENTRY(0, 0) \ -+ RSVMAP_ENTRY(0, 0, 0, 0) \ - tree##_rsvmap_end: ; - - #define PROPHDR(tree, name, len) \ -@@ -52,9 +44,10 @@ tree##_rsvmap_end: ; - PROPHDR(tree, name, 4) \ - FDTLONG(val) ; - --#define PROP_INT64(tree, name, val) \ -+#define PROP_INT64(tree, name, valh, vall) \ - PROPHDR(tree, name, 8) \ -- FDTQUAD(val) ; -+ FDTLONG(valh) ; \ -+ FDTLONG(vall) ; - - #define PROP_STR(tree, name, str) \ - PROPHDR(tree, name, 55f - 54f) \ -@@ -81,16 +74,16 @@ tree##_##name: ; \ - - .balign 8 - test_tree1_rsvmap: -- RSVMAP_ENTRY(TEST_ADDR_1, TEST_SIZE_1) -- RSVMAP_ENTRY(TEST_ADDR_2, TEST_SIZE_2) -- RSVMAP_ENTRY(0, 0) -+ RSVMAP_ENTRY(TEST_ADDR_1H, TEST_ADDR_1L, TEST_SIZE_1H, TEST_SIZE_1L) -+ RSVMAP_ENTRY(TEST_ADDR_2H, TEST_ADDR_2L, TEST_SIZE_2H, TEST_SIZE_2L) -+ RSVMAP_ENTRY(0, 0, 0, 0) - test_tree1_rsvmap_end: - - test_tree1_struct: - BEGIN_NODE("") - PROP_STR(test_tree1, compatible, "test_tree1") - PROP_INT(test_tree1, prop_int, TEST_VALUE_1) -- PROP_INT64(test_tree1, prop_int64, TEST_VALUE64_1) -+ PROP_INT64(test_tree1, prop_int64, TEST_VALUE64_1H, TEST_VALUE64_1L) - PROP_STR(test_tree1, prop_str, TEST_STRING_1) - PROP_INT(test_tree1, address_cells, 1) - PROP_INT(test_tree1, size_cells, 0) diff --git a/gnu/packages/patches/dtc-format-modifier.patch b/gnu/packages/patches/dtc-format-modifier.patch deleted file mode 100644 index c33d16857f..0000000000 --- a/gnu/packages/patches/dtc-format-modifier.patch +++ /dev/null @@ -1,38 +0,0 @@ -This fixes build on 32 bits platforms. This patch is taken from upstream. - -commit 497432fd2131967f349e69dc5d259072151cc4b4 -Author: Thierry Reding <treding@nvidia.com> -Date: Wed Sep 27 15:04:09 2017 +0200 - - checks: Use proper format modifier for size_t - - The size of size_t can vary between architectures, so using %ld isn't - going to work on 32-bit builds. Use the %zu modifier to make sure it is - always correct. - - Signed-off-by: Thierry Reding <treding@nvidia.com> - Acked-by: Rob Herring <robh@kernel.org> - Signed-off-by: David Gibson <david@gibson.dropbear.id.au> - -diff --git a/checks.c b/checks.c -index 902f2e3..08a3a29 100644 ---- a/checks.c -+++ b/checks.c -@@ -972,7 +972,7 @@ static void check_property_phandle_args(struct check *c, - int cell, cellsize = 0; - - if (prop->val.len % sizeof(cell_t)) { -- FAIL(c, dti, "property '%s' size (%d) is invalid, expected multiple of %ld in node %s", -+ FAIL(c, dti, "property '%s' size (%d) is invalid, expected multiple of %zu in node %s", - prop->name, prop->val.len, sizeof(cell_t), node->fullpath); - return; - } -@@ -1163,7 +1163,7 @@ static void check_interrupts_property(struct check *c, - return; - - if (irq_prop->val.len % sizeof(cell_t)) -- FAIL(c, dti, "property '%s' size (%d) is invalid, expected multiple of %ld in node %s", -+ FAIL(c, dti, "property '%s' size (%d) is invalid, expected multiple of %zu in node %s", - irq_prop->name, irq_prop->val.len, sizeof(cell_t), - node->fullpath); - diff --git a/gnu/packages/patches/emacs-browse-at-remote-cgit-gnu.patch b/gnu/packages/patches/emacs-browse-at-remote-cgit-gnu.patch new file mode 100644 index 0000000000..b90017fdb4 --- /dev/null +++ b/gnu/packages/patches/emacs-browse-at-remote-cgit-gnu.patch @@ -0,0 +1,59 @@ +Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com> + +This patch adds a support for Git repositories hosted on git.savannah.gnu.org. + +Upstream bug URL: + +https://github.com/rmuslimov/browse-at-remote/pull/46 + +From cd2ccdaef8b1d97337d790175f71cc3dbcfcff64 Mon Sep 17 00:00:00 2001 +From: Oleg Pykhalov <go.wigust@gmail.com> +Date: Fri, 26 Jan 2018 00:05:30 +0300 +Subject: [PATCH] Add support for repositories that are hosted on gnu cgit + +--- + browse-at-remote.el | 21 ++++++++++++++++++++- + 1 file changed, 20 insertions(+), 1 deletion(-) + +diff --git a/browse-at-remote.el b/browse-at-remote.el +index 66967b3..e210d18 100644 +--- a/browse-at-remote.el ++++ b/browse-at-remote.el +@@ -44,7 +44,8 @@ + (defcustom browse-at-remote-remote-type-domains + '(("bitbucket.org" ."bitbucket") + ("github.com" . "github") +- ("gitlab.com" . "gitlab")) ++ ("gitlab.com" . "gitlab") ++ ("git.savannah.gnu.org" . "gnu")) + "Alist of domain patterns to remote types." + + :type '(alist :key-type (string :tag "Domain") +@@ -199,6 +200,24 @@ If HEAD is detached, return nil." + (if (fboundp formatter) + formatter nil))) + ++(defun browse-at-remote-gnu-format-url (repo-url) ++ "Get a gnu formatted URL." ++ (replace-regexp-in-string ++ (concat "https://" (car (rassoc "gnu" browse-at-remote-remote-type-domains)) ++ "/\\(git\\).*\\'") ++ "cgit" repo-url nil nil 1)) ++ ++(defun browse-at-remote--format-region-url-as-gnu (repo-url location filename &optional linestart lineend) ++ "URL formatter for gnu." ++ (let ((repo-url (browse-at-remote-gnu-format-url repo-url))) ++ (cond ++ (linestart (format "%s.git/tree/%s?h=%s#n%d" repo-url filename location linestart)) ++ (t (format "%s.git/tree/%s?h=%s" repo-url filename location))))) ++ ++(defun browse-at-remote--format-commit-url-as-gnu (repo-url commithash) ++ "Commit URL formatted for gnu" ++ (format "%s.git/commit/?id=%s" (browse-at-remote-gnu-format-url repo-url) commithash)) ++ + (defun browse-at-remote--format-region-url-as-github (repo-url location filename &optional linestart lineend) + "URL formatted for github." + (cond +-- +2.15.1 + diff --git a/gnu/packages/patches/emacs-json-reformat-fix-tests.patch b/gnu/packages/patches/emacs-json-reformat-fix-tests.patch new file mode 100644 index 0000000000..977e50fc68 --- /dev/null +++ b/gnu/packages/patches/emacs-json-reformat-fix-tests.patch @@ -0,0 +1,32 @@ +Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com> + +This patch fixes tests for Emacs 25. + +Upstream bug URL: + +https://github.com/gongo/json-reformat/issues/33 + +diff --git a/test/json-reformat-test.el b/test/json-reformat-test.el +index 7de3be1..b4a4dde 100644 +--- a/test/json-reformat-test.el ++++ b/test/json-reformat-test.el +@@ -58,7 +58,7 @@ + (ert-deftest json-reformat-test:string-to-string () + (should (string= "\"foobar\"" (json-reformat:string-to-string "foobar"))) + (should (string= "\"fo\\\"o\\nbar\"" (json-reformat:string-to-string "fo\"o\nbar"))) +- (should (string= "\"\\u2661\"" (json-reformat:string-to-string "\u2661"))) ++ (should (string= "\"♡\"" (json-reformat:string-to-string "\u2661"))) + + (should (string= "\"^(amq\\\\.gen.*|amq\\\\.default)$\"" (json-reformat:string-to-string "^(amq\\.gen.*|amq\\.default)$"))) + ) +@@ -148,6 +148,6 @@ bar\"" (json-reformat:string-to-string "fo\"o\nbar"))) + [{ foo : \"bar\" }, { \"foo\" : \"baz\" }]") ;; At 3 (line) + (json-reformat-region (point-min) (point-max))) + (should (string= +- "JSON parse error [Reason] Bad string format: \"doesn't start with '\\\"'!\" [Position] In buffer, line 3 (char 6)" ++ "JSON parse error [Reason] Bad string format: \"doesn't start with \`\\\"'!\" [Position] In buffer, line 3 (char 6)" + message-string)) + ))) +-- +2.15.1 + diff --git a/gnu/packages/patches/freetype-CVE-2018-6942.patch b/gnu/packages/patches/freetype-CVE-2018-6942.patch new file mode 100644 index 0000000000..680f357765 --- /dev/null +++ b/gnu/packages/patches/freetype-CVE-2018-6942.patch @@ -0,0 +1,31 @@ +Fix CVE-2018-6942: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6942 +https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6942.html + +Copied from upstream (ChangeLog section removed): +https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef + +diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c +index d855aaa..551f14a 100644 +--- a/src/truetype/ttinterp.c ++++ b/src/truetype/ttinterp.c +@@ -7532,8 +7532,16 @@ + return; + } + +- for ( i = 0; i < num_axes; i++ ) +- args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */ ++ if ( coords ) ++ { ++ for ( i = 0; i < num_axes; i++ ) ++ args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */ ++ } ++ else ++ { ++ for ( i = 0; i < num_axes; i++ ) ++ args[i] = 0; ++ } + } + + diff --git a/gnu/packages/patches/gcc-4.9-libsanitizer-fix.patch b/gnu/packages/patches/gcc-4.9-libsanitizer-fix.patch new file mode 100644 index 0000000000..e76caf3e11 --- /dev/null +++ b/gnu/packages/patches/gcc-4.9-libsanitizer-fix.patch @@ -0,0 +1,66 @@ +This is a backport of this patch from 6.5 to 4.9: + + https://gcc.gnu.org/git/?p=gcc.git;a=patch;h=8937b94d1a643fd9760714642296d034a45254a8 + +diff --git a/libsanitizer/sanitizer_common/sanitizer_linux.cc b/libsanitizer/sanitizer_common/sanitizer_linux.cc +index 69c9c10..8e53673 100644 +--- a/libsanitizer/sanitizer_common/sanitizer_linux.cc ++++ b/libsanitizer/sanitizer_common/sanitizer_linux.cc +@@ -599,8 +599,7 @@ uptr internal_prctl(int option, uptr arg2, uptr arg3, uptr arg4, uptr arg5) { + return internal_syscall(__NR_prctl, option, arg2, arg3, arg4, arg5); + } + +-uptr internal_sigaltstack(const struct sigaltstack *ss, +- struct sigaltstack *oss) { ++uptr internal_sigaltstack(const void *ss, void *oss) { + return internal_syscall(__NR_sigaltstack, (uptr)ss, (uptr)oss); + } + +diff --git a/libsanitizer/sanitizer_common/sanitizer_linux.h b/libsanitizer/sanitizer_common/sanitizer_linux.h +index 6422df1..8a8e526 100644 +--- a/libsanitizer/sanitizer_common/sanitizer_linux.h ++++ b/libsanitizer/sanitizer_common/sanitizer_linux.h +@@ -18,7 +18,6 @@ + #include "sanitizer_platform_limits_posix.h" + + struct link_map; // Opaque type returned by dlopen(). +-struct sigaltstack; + + namespace __sanitizer { + // Dirent structure for getdents(). Note that this structure is different from +@@ -28,8 +27,7 @@ struct linux_dirent; + // Syscall wrappers. + uptr internal_getdents(fd_t fd, struct linux_dirent *dirp, unsigned int count); + uptr internal_prctl(int option, uptr arg2, uptr arg3, uptr arg4, uptr arg5); +-uptr internal_sigaltstack(const struct sigaltstack* ss, +- struct sigaltstack* oss); ++uptr internal_sigaltstack(const void *ss, void *oss); + uptr internal_sigaction(int signum, const __sanitizer_kernel_sigaction_t *act, + __sanitizer_kernel_sigaction_t *oldact); + uptr internal_sigprocmask(int how, __sanitizer_kernel_sigset_t *set, +diff --git a/libsanitizer/sanitizer_common/sanitizer_stoptheworld_linux_libcdep.cc b/libsanitizer/sanitizer_common/sanitizer_stoptheworld_linux_libcdep.cc +index 6ee63ec..50c21a3 100644 +--- a/libsanitizer/sanitizer_common/sanitizer_stoptheworld_linux_libcdep.cc ++++ b/libsanitizer/sanitizer_common/sanitizer_stoptheworld_linux_libcdep.cc +@@ -238,7 +238,7 @@ static int TracerThread(void* argument) { + + // Alternate stack for signal handling. + InternalScopedBuffer<char> handler_stack_memory(kHandlerStackSize); +- struct sigaltstack handler_stack; ++ stack_t handler_stack; + internal_memset(&handler_stack, 0, sizeof(handler_stack)); + handler_stack.ss_sp = handler_stack_memory.data(); + handler_stack.ss_size = kHandlerStackSize; +diff --git a/libsanitizer/tsan/tsan_platform_linux.cc b/libsanitizer/tsan/tsan_platform_linux.cc +index fe69430..49f5270 100644 +--- a/libsanitizer/tsan/tsan_platform_linux.cc ++++ b/libsanitizer/tsan/tsan_platform_linux.cc +@@ -351,7 +351,7 @@ bool IsGlobalVar(uptr addr) { + // closes within glibc. The code is a pure hack. + int ExtractResolvFDs(void *state, int *fds, int nfd) { + int cnt = 0; +- __res_state *statp = (__res_state*)state; ++ struct __res_state *statp = (struct __res_state*)state; + for (int i = 0; i < MAXNS && cnt < nfd; i++) { + if (statp->_u._ext.nsaddrs[i] && statp->_u._ext.nssocks[i] != -1) + fds[cnt++] = statp->_u._ext.nssocks[i]; diff --git a/gnu/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch b/gnu/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch new file mode 100644 index 0000000000..1838c5bd35 --- /dev/null +++ b/gnu/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch @@ -0,0 +1,61 @@ +ghc runtime by default (otherwise depending on a "configure" option) +does memory allocation on their own by first mmapping a 1 TB range of +memory into the process and then parceling out chunks from it. + +If one of the chunks is not needed, the kernel needs to be informed - +otherwise the system would quickly run out of available RAM. + +ghc does that via madvise(2). + +There are two options when doing this informing: + +MADV_FREE - Means "I don't need this range or the data in it any more". +Kernel promises to fail later accesses to it. + +MADV_DONTNEED - Means "I don't need this range right now - and I don't +need the data in it anymore". Kernel promises to make later accesses to +it succeed (if necessary by providing a new page initialized with zeroes). + +MADV_FREE was introduced in Linux 4.5. +glibc 2.25 and later always define MADV_FREE. + +Unpatched ghc 8.0.2 will use either MADV_FREE or MADV_DONTNEED, determined +at ghc compile time. Which of them will actually succeed is determined +by the Linux kernel at run time. + +This patch makes ghc try MADV_FREE. If it doesn't work, it falls back to +MADV_DONTNEED. + +The end result is that ghc programs free their memory with Linux < 4.5 again. + +See https://git.haskell.org/ghc.git/commitdiff/6576bf83cdf4eac05eb88a24aa934a736c91e3da for more information. +--- a/rts/posix/OSMem.c ++++ b/rts/posix/OSMem.c +@@ -541,11 +541,24 @@ void osDecommitMemory(void *at, W_ size) + + #ifdef MADV_FREE + // Try MADV_FREE first, FreeBSD has both and MADV_DONTNEED +- // just swaps memory out ++ // just swaps memory out. Linux >= 4.5 has both DONTNEED and FREE; either ++ // will work as they both allow the system to free anonymous pages. ++ // It is important that we try both methods as the kernel which we were ++ // built on may differ from the kernel we are now running on. + r = madvise(at, size, MADV_FREE); +-#else +- r = madvise(at, size, MADV_DONTNEED); ++ if(r < 0) { ++ if (errno == EINVAL) { ++ // Perhaps the system doesn't support MADV_FREE; fall-through and ++ // try MADV_DONTNEED. ++ } else { ++ sysErrorBelch("unable to decommit memory"); ++ } ++ } else { ++ return; ++ } + #endif ++ ++ r = madvise(at, size, MADV_DONTNEED); + if(r < 0) + sysErrorBelch("unable to decommit memory"); + } diff --git a/gnu/packages/patches/gpsbabel-minizip.patch b/gnu/packages/patches/gpsbabel-minizip.patch new file mode 100644 index 0000000000..8f3bb36f57 --- /dev/null +++ b/gnu/packages/patches/gpsbabel-minizip.patch @@ -0,0 +1,13 @@ +Patch taken from https://sources.debian.org/data/main/g/gpsbabel/1.5.3-2/debian/patches/use_minizip. + +--- a/Makefile.in ++++ b/Makefile.in +@@ -120,7 +120,7 @@ LIBOBJS = queue.o route.o waypt.o filter + src/core/usasciicodec.o\ + src/core/ziparchive.o \ + $(GARMIN) $(JEEPS) $(SHAPE) @ZLIB@ $(FMTS) $(FILTERS) +-OBJS = main.o globals.o $(LIBOBJS) @FILEINFO@ ++OBJS = main.o globals.o $(MINIZIP) $(LIBOBJS) @FILEINFO@ + + DEPFILES = $(OBJS:.o=.d) + \ No newline at end of file diff --git a/gnu/packages/patches/gpsbabel-qstring.patch b/gnu/packages/patches/gpsbabel-qstring.patch new file mode 100644 index 0000000000..8ba1a7213b --- /dev/null +++ b/gnu/packages/patches/gpsbabel-qstring.patch @@ -0,0 +1,69 @@ +Extracted from following patch of gpsbabel: +https://github.com/gpsbabel/gpsbabel/commit/604178aa8ad4d3c3ad218df24c1e9a6a1f683bb3 + +From 604178aa8ad4d3c3ad218df24c1e9a6a1f683bb3 Mon Sep 17 00:00:00 2001 +From: Harel Mazor <harel.mazor@gmail.com> +Date: Tue, 24 Jan 2017 00:35:04 +0200 +Subject: [PATCH] Added geojson read capablity, moved magic strings to + constants, fixed windows compilation issues. + +--- a/tef_xml.cc ++++ b/tef_xml.cc +@@ -72,11 +72,11 @@ tef_start(xg_string args, const QXmlStreamAttributes* attrv) + bool valid = false; + + foreach(QXmlStreamAttribute attr, *attrv) { +- if (attr.name().compare("Comment", Qt::CaseInsensitive) == 0) { +- if (attr.value().compare("TourExchangeFormat", Qt::CaseInsensitive) == 0) { ++ if (attr.name().compare(QString("Comment"), Qt::CaseInsensitive) == 0) { ++ if (attr.value().compare(QString("TourExchangeFormat"), Qt::CaseInsensitive) == 0) { + valid = true; + } +- } else if (attr.name().compare("Version", Qt::CaseInsensitive) == 0) { ++ } else if (attr.name().compare(QString("Version"), Qt::CaseInsensitive) == 0) { + version = attr.value().toString().toDouble(); + } + } +@@ -95,9 +95,9 @@ tef_header(xg_string args, const QXmlStreamAttributes* attrv) + { + route = route_head_alloc(); + foreach(QXmlStreamAttribute attr, *attrv) { +- if (attr.name().compare("Name", Qt::CaseInsensitive) == 0) { ++ if (attr.name().compare(QString("Name"), Qt::CaseInsensitive) == 0) { + route->rte_name = attr.value().toString().trimmed(); +- } else if (attr.name().compare("Software", Qt::CaseInsensitive) == 0) { ++ } else if (attr.name().compare(QString("Software"), Qt::CaseInsensitive) == 0) { + route->rte_desc = attr.value().toString().trimmed(); + } + } +@@ -248,20 +248,20 @@ tef_item_start(xg_string args, const QXmlStreamAttributes* attrv) + QString attrstr = attr.value().toString(); + QByteArray attrtext = attrstr.toUtf8(); + +- if (attr.name().compare("SegDescription", Qt::CaseInsensitive) == 0) { ++ if (attr.name().compare(QString("SegDescription"), Qt::CaseInsensitive) == 0) { + wpt_tmp->shortname = attrstr.trimmed(); +- } else if (attr.name().compare("PointDescription", Qt::CaseInsensitive) == 0) { ++ } else if (attr.name().compare(QString("PointDescription"), Qt::CaseInsensitive) == 0) { + wpt_tmp->description = attrstr.trimmed(); +- } else if (attr.name().compare("ViaStation", Qt::CaseInsensitive) == 0 && +- attr.value().compare("true", Qt::CaseInsensitive) == 0) { ++ } else if (attr.name().compare(QString("ViaStation"), Qt::CaseInsensitive) == 0 && ++ attr.value().compare(QString("true"), Qt::CaseInsensitive) == 0) { + wpt_tmp->wpt_flags.fmt_use = 1; /* only a flag */ + + /* new in TEF V2 */ +- } else if (attr.name().compare("Instruction", Qt::CaseInsensitive) == 0) { ++ } else if (attr.name().compare(QString("Instruction"), Qt::CaseInsensitive) == 0) { + wpt_tmp->description = attrstr.trimmed(); +- } else if (attr.name().compare("Altitude", Qt::CaseInsensitive) == 0) { ++ } else if (attr.name().compare(QString("Altitude"), Qt::CaseInsensitive) == 0) { + wpt_tmp->altitude = attrstr.toDouble(); +- } else if (attr.name().compare("TimeStamp", Qt::CaseInsensitive) == 0) { ++ } else if (attr.name().compare(QString("TimeStamp"), Qt::CaseInsensitive) == 0) { + /* nothing for the moment */ + } + } +-- +2.16.1 + diff --git a/gnu/packages/patches/gzdoom-search-in-installed-share.patch b/gnu/packages/patches/gzdoom-search-in-installed-share.patch new file mode 100644 index 0000000000..f312686566 --- /dev/null +++ b/gnu/packages/patches/gzdoom-search-in-installed-share.patch @@ -0,0 +1,23 @@ +Lookup gzdoom pk3 files in the installed directory in +addition to the path that is stored in ~/.config/gzdoom/. + +Simply replacing the hardcoded /usr/share would leave the +configfile pointing to outdated guix builds, which could get +garbage collected and break the gzdoom installation. +This ensures that the files installed with the corresponding +build will be used. + +--- /src/d_main.cpp 2018-01-16 22:13:09.700602781 +0200 ++++ /src/d_main.cpp 2018-01-16 22:22:36.560617961 +0200 +@@ -1716,6 +1716,11 @@ + return wad; + } + ++ mysnprintf (wad, countof(wad), "%s/%s", GUIX_OUT_PK3, file); ++ if (DirEntryExists (wad)) { ++ return wad; ++ } ++ + if (GameConfig != NULL && GameConfig->SetSection ("FileSearch.Directories")) + { + const char *key; diff --git a/gnu/packages/patches/hwloc-tests-without-sysfs.patch b/gnu/packages/patches/hwloc-tests-without-sysfs.patch new file mode 100644 index 0000000000..ea6ec41616 --- /dev/null +++ b/gnu/packages/patches/hwloc-tests-without-sysfs.patch @@ -0,0 +1,42 @@ +Fix a test failure in the build environment, where /sys is missing. +From <https://github.com/bgoglin/hwloc/commit/a2cc4f2e2bf4a8bbdd61b578a62e27e7482799cf.patch>. + +From a2cc4f2e2bf4a8bbdd61b578a62e27e7482799cf Mon Sep 17 00:00:00 2001 +From: Brice Goglin <Brice.Goglin@inria.fr> +Date: Tue, 6 Feb 2018 17:13:26 +0100 +Subject: [PATCH] linux: honor the filtering cores and packages when reading + topology from cpuinfo + +Caused a make check crash in lstopo --filter all:none in chroot without sysfs. + +Thanks to Ludovic Courtes for the report. + +Signed-off-by: Brice Goglin <Brice.Goglin@inria.fr> +--- + hwloc/topology-linux.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/hwloc/topology-linux.c b/hwloc/topology-linux.c +index 290da0d72..e1bbf94e1 100644 +--- a/hwloc/topology-linux.c ++++ b/hwloc/topology-linux.c +@@ -4101,7 +4101,8 @@ look_cpuinfo(struct hwloc_topology *topology, + } + /* create package objects */ + hwloc_debug("%u pkgs%s\n", numpkgs, missingpkg ? ", but some missing package" : ""); +- if (!missingpkg && numpkgs>0) { ++ if (!missingpkg && numpkgs>0 ++ && hwloc_filter_check_keep_object_type(topology, HWLOC_OBJ_PACKAGE)) { + for (i = 0; i < numpkgs; i++) { + struct hwloc_obj *obj = hwloc_alloc_setup_object(topology, HWLOC_OBJ_PACKAGE, Lpkg_to_Ppkg[i]); + int doneinfos = 0; +@@ -4145,7 +4146,8 @@ look_cpuinfo(struct hwloc_topology *topology, + } + /* create Core objects */ + hwloc_debug("%u cores%s\n", numcores, missingcore ? ", but some missing core" : ""); +- if (!missingcore && numcores>0) { ++ if (!missingcore && numcores>0 ++ && hwloc_filter_check_keep_object_type(topology, HWLOC_OBJ_CORE)) { + for (i = 0; i < numcores; i++) { + struct hwloc_obj *obj = hwloc_alloc_setup_object(topology, HWLOC_OBJ_CORE, Lcore_to_Pcore[i]); + obj->cpuset = hwloc_bitmap_alloc(); diff --git a/gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch b/gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch deleted file mode 100644 index 6b088286cb..0000000000 --- a/gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch +++ /dev/null @@ -1,49 +0,0 @@ -Mitigate Spectre by reducing the resolution of performance.now() to 20 -microseconds. Based on: - - https://hg.mozilla.org/releases/mozilla-release/rev/afa87f9be3a8 - -For more details, see: - - https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/ - -This patch was modified to apply cleanly to GNU IceCat. - - -# HG changeset patch -# User Tom Ritter <tom@mozilla.com> -# Date 1514660820 21600 -# Node ID afa87f9be3a8852da3a30f286b15ae599c7874f6 -# Parent 6caa457ebedc915b43dc1d054b8fe22e82ca7447 -Bug 1427870 - Change resolution of .now() to 20us. r=bkelly, a=lizzard - -The comment about workers was introduced in Bug 1186489 but became obsolete some time after that -(definitely by Bug 1278838) - -diff --git a/dom/performance/Performance.cpp b/dom/performance/Performance.cpp ---- a/dom/performance/Performance.cpp -+++ b/dom/performance/Performance.cpp -@@ -234,20 +234,19 @@ Performance::ClearResourceTimings() - { - MOZ_ASSERT(NS_IsMainThread()); - mResourceEntries.Clear(); - } - - DOMHighResTimeStamp - Performance::RoundTime(double aTime) const - { -- // Round down to the nearest 5us, because if the timer is too accurate people -- // can do nasty timing attacks with it. See similar code in the worker -- // Performance implementation. -- const double maxResolutionMs = 0.005; -+ // Round down to the nearest 20us, because if the timer is too accurate people -+ // can do nasty timing attacks with it. -+ const double maxResolutionMs = 0.020; - return floor(aTime / maxResolutionMs) * maxResolutionMs; - } - - - void - Performance::Mark(const nsAString& aName, ErrorResult& aRv) - { - // Don't add the entry if the buffer is full. XXX should be removed by bug 1159003. diff --git a/gnu/packages/patches/icecat-glibc-2.26.patch b/gnu/packages/patches/icecat-glibc-2.26.patch deleted file mode 100644 index 45ebd5f700..0000000000 --- a/gnu/packages/patches/icecat-glibc-2.26.patch +++ /dev/null @@ -1,261 +0,0 @@ -Fix compilation with glibc 2.26. Patch found -at <https://aur.archlinux.org/cgit/aur.git/plain/glibc-2.26-fix.diff?h=firefox-esr>, -adjusted so that file names match. - -From 6a0b7c8ecf0734ba1bcdccf8e0ee97e721fd5420 Mon Sep 17 00:00:00 2001 -Message-Id: <6a0b7c8ecf0734ba1bcdccf8e0ee97e721fd5420.1505113337.git.jan.steffens@gmail.com> -From: =?UTF-8?q?Emilio=20Cobos=20=C3=81lvarez?= <emilio@crisal.io> -Date: Sat, 19 Aug 2017 20:14:25 +0200 -Subject: [PATCH] Fix use of struct ucontext (squash 2 commits) - -Needed for building with glibc 2.26. - -Bug 1385667: Use ucontext_t consistently in breakpad-client. r=ted -MozReview-Commit-ID: AJhzJdNXP0f - -Bug 1394149: Fix remaining uses of ucontext in breakpad-client. r=ted -MozReview-Commit-ID: 5tP7fXsI7dQ ---- - .../linux/dump_writer_common/ucontext_reader.cc | 30 +++++++++++----------- - .../linux/dump_writer_common/ucontext_reader.h | 10 ++++---- - .../linux/handler/exception_handler.cc | 10 ++++---- - .../linux/handler/exception_handler.h | 2 +- - .../linux/microdump_writer/microdump_writer.cc | 2 +- - .../linux/minidump_writer/minidump_writer.cc | 2 +- - 6 files changed, 28 insertions(+), 28 deletions(-) - -diff --git a/toolkit/crashreporter/google-breakpad/src/client/linux/dump_writer_common/ucontext_reader.cc b/toolkit/crashreporter/google-breakpad/src/client/linux/dump_writer_common/ucontext_reader.cc -index 999960912e459e1b..303c0ebd32b663c4 100644 ---- a/toolkit/crashreporter/google-breakpad/src/client/linux/dump_writer_common/ucontext_reader.cc -+++ b/toolkit/crashreporter/google-breakpad/src/client/linux/dump_writer_common/ucontext_reader.cc -@@ -40,15 +40,15 @@ namespace google_breakpad { - - #if defined(__i386__) - --uintptr_t UContextReader::GetStackPointer(const struct ucontext* uc) { -+uintptr_t UContextReader::GetStackPointer(const ucontext_t* uc) { - return uc->uc_mcontext.gregs[REG_ESP]; - } - --uintptr_t UContextReader::GetInstructionPointer(const struct ucontext* uc) { -+uintptr_t UContextReader::GetInstructionPointer(const ucontext_t* uc) { - return uc->uc_mcontext.gregs[REG_EIP]; - } - --void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc, -+void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext_t *uc, - const struct _libc_fpstate* fp) { - const greg_t* regs = uc->uc_mcontext.gregs; - -@@ -88,15 +88,15 @@ void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc, - - #elif defined(__x86_64) - --uintptr_t UContextReader::GetStackPointer(const struct ucontext* uc) { -+uintptr_t UContextReader::GetStackPointer(const ucontext_t* uc) { - return uc->uc_mcontext.gregs[REG_RSP]; - } - --uintptr_t UContextReader::GetInstructionPointer(const struct ucontext* uc) { -+uintptr_t UContextReader::GetInstructionPointer(const ucontext_t* uc) { - return uc->uc_mcontext.gregs[REG_RIP]; - } - --void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc, -+void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext_t *uc, - const struct _libc_fpstate* fpregs) { - const greg_t* regs = uc->uc_mcontext.gregs; - -@@ -145,15 +145,15 @@ void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc, - - #elif defined(__ARM_EABI__) - --uintptr_t UContextReader::GetStackPointer(const struct ucontext* uc) { -+uintptr_t UContextReader::GetStackPointer(const ucontext_t* uc) { - return uc->uc_mcontext.arm_sp; - } - --uintptr_t UContextReader::GetInstructionPointer(const struct ucontext* uc) { -+uintptr_t UContextReader::GetInstructionPointer(const ucontext_t* uc) { - return uc->uc_mcontext.arm_pc; - } - --void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc) { -+void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext_t *uc) { - out->context_flags = MD_CONTEXT_ARM_FULL; - - out->iregs[0] = uc->uc_mcontext.arm_r0; -@@ -184,41 +184,41 @@ void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc) { - - #elif defined(__aarch64__) - --uintptr_t UContextReader::GetStackPointer(const struct ucontext* uc) { -+uintptr_t UContextReader::GetStackPointer(const ucontext_t* uc) { - return uc->uc_mcontext.sp; - } - --uintptr_t UContextReader::GetInstructionPointer(const struct ucontext* uc) { -+uintptr_t UContextReader::GetInstructionPointer(const ucontext_t* uc) { - return uc->uc_mcontext.pc; - } - --void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc, -+void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext_t *uc, - const struct fpsimd_context* fpregs) { - out->context_flags = MD_CONTEXT_ARM64_FULL; - - out->cpsr = static_cast<uint32_t>(uc->uc_mcontext.pstate); - for (int i = 0; i < MD_CONTEXT_ARM64_REG_SP; ++i) - out->iregs[i] = uc->uc_mcontext.regs[i]; - out->iregs[MD_CONTEXT_ARM64_REG_SP] = uc->uc_mcontext.sp; - out->iregs[MD_CONTEXT_ARM64_REG_PC] = uc->uc_mcontext.pc; - - out->float_save.fpsr = fpregs->fpsr; - out->float_save.fpcr = fpregs->fpcr; - my_memcpy(&out->float_save.regs, &fpregs->vregs, - MD_FLOATINGSAVEAREA_ARM64_FPR_COUNT * 16); - } - - #elif defined(__mips__) - --uintptr_t UContextReader::GetStackPointer(const struct ucontext* uc) { -+uintptr_t UContextReader::GetStackPointer(const ucontext_t* uc) { - return uc->uc_mcontext.gregs[MD_CONTEXT_MIPS_REG_SP]; - } - --uintptr_t UContextReader::GetInstructionPointer(const struct ucontext* uc) { -+uintptr_t UContextReader::GetInstructionPointer(const ucontext_t* uc) { - return uc->uc_mcontext.pc; - } - --void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext *uc) { -+void UContextReader::FillCPUContext(RawContextCPU *out, const ucontext_t *uc) { - #if _MIPS_SIM == _ABI64 - out->context_flags = MD_CONTEXT_MIPS64_FULL; - #elif _MIPS_SIM == _ABIO32 -diff --git a/toolkit/crashreporter/google-breakpad/src/client/linux/dump_writer_common/ucontext_reader.h b/toolkit/crashreporter/google-breakpad/src/client/linux/dump_writer_common/ucontext_reader.h -index c533e28ba7441e83..039752a2dfb6e589 100644 ---- a/toolkit/crashreporter/google-breakpad/src/client/linux/dump_writer_common/ucontext_reader.h -+++ b/toolkit/crashreporter/google-breakpad/src/client/linux/dump_writer_common/ucontext_reader.h -@@ -41,21 +41,21 @@ namespace google_breakpad { - - // Wraps platform-dependent implementations of accessors to ucontext structs. - struct UContextReader { -- static uintptr_t GetStackPointer(const struct ucontext* uc); -+ static uintptr_t GetStackPointer(const ucontext_t* uc); - -- static uintptr_t GetInstructionPointer(const struct ucontext* uc); -+ static uintptr_t GetInstructionPointer(const ucontext_t* uc); - - // Juggle a arch-specific ucontext into a minidump format - // out: the minidump structure - // info: the collection of register structures. - #if defined(__i386__) || defined(__x86_64) -- static void FillCPUContext(RawContextCPU *out, const ucontext *uc, -+ static void FillCPUContext(RawContextCPU *out, const ucontext_t *uc, - const struct _libc_fpstate* fp); - #elif defined(__aarch64__) -- static void FillCPUContext(RawContextCPU *out, const ucontext *uc, -+ static void FillCPUContext(RawContextCPU *out, const ucontext_t *uc, - const struct fpsimd_context* fpregs); - #else -- static void FillCPUContext(RawContextCPU *out, const ucontext *uc); -+ static void FillCPUContext(RawContextCPU *out, const ucontext_t *uc); - #endif - }; - -diff --git a/toolkit/crashreporter/google-breakpad/src/client/linux/handler/exception_handler.cc b/toolkit/crashreporter/google-breakpad/src/client/linux/handler/exception_handler.cc -index 71a51a763938e39d..12df9bc96ec45fea 100644 ---- a/toolkit/crashreporter/google-breakpad/src/client/linux/handler/exception_handler.cc -+++ b/toolkit/crashreporter/google-breakpad/src/client/linux/handler/exception_handler.cc -@@ -439,44 +439,44 @@ bool ExceptionHandler::HandleSignal(int sig, siginfo_t* info, void* uc) { - // Fill in all the holes in the struct to make Valgrind happy. - memset(&g_crash_context_, 0, sizeof(g_crash_context_)); - memcpy(&g_crash_context_.siginfo, info, sizeof(siginfo_t)); -- memcpy(&g_crash_context_.context, uc, sizeof(struct ucontext)); -+ memcpy(&g_crash_context_.context, uc, sizeof(ucontext_t)); - #if defined(__aarch64__) -- struct ucontext* uc_ptr = (struct ucontext*)uc; -+ ucontext_t* uc_ptr = (ucontext_t*)uc; - struct fpsimd_context* fp_ptr = - (struct fpsimd_context*)&uc_ptr->uc_mcontext.__reserved; - if (fp_ptr->head.magic == FPSIMD_MAGIC) { - memcpy(&g_crash_context_.float_state, fp_ptr, - sizeof(g_crash_context_.float_state)); - } - #elif !defined(__ARM_EABI__) && !defined(__mips__) - // FP state is not part of user ABI on ARM Linux. -- // In case of MIPS Linux FP state is already part of struct ucontext -+ // In case of MIPS Linux FP state is already part of ucontext_t - // and 'float_state' is not a member of CrashContext. -- struct ucontext* uc_ptr = (struct ucontext*)uc; -+ ucontext_t* uc_ptr = (ucontext_t*)uc; - if (uc_ptr->uc_mcontext.fpregs) { - memcpy(&g_crash_context_.float_state, uc_ptr->uc_mcontext.fpregs, - sizeof(g_crash_context_.float_state)); - } - #endif - g_crash_context_.tid = syscall(__NR_gettid); - if (crash_handler_ != NULL) { - if (crash_handler_(&g_crash_context_, sizeof(g_crash_context_), - callback_context_)) { - return true; - } - } - return GenerateDump(&g_crash_context_); - } - - // This is a public interface to HandleSignal that allows the client to - // generate a crash dump. This function may run in a compromised context. - bool ExceptionHandler::SimulateSignalDelivery(int sig) { - siginfo_t siginfo = {}; - // Mimic a trusted signal to allow tracing the process (see - // ExceptionHandler::HandleSignal(). - siginfo.si_code = SI_USER; - siginfo.si_pid = getpid(); -- struct ucontext context; -+ ucontext_t context; - getcontext(&context); - return HandleSignal(sig, &siginfo, &context); - } -diff --git a/toolkit/crashreporter/google-breakpad/src/client/linux/handler/exception_handler.h b/toolkit/crashreporter/google-breakpad/src/client/linux/handler/exception_handler.h -index 711586fec7ddae59..be1880170e2826b0 100644 ---- a/toolkit/crashreporter/google-breakpad/src/client/linux/handler/exception_handler.h -+++ b/toolkit/crashreporter/google-breakpad/src/client/linux/handler/exception_handler.h -@@ -191,7 +191,7 @@ class ExceptionHandler { - struct CrashContext { - siginfo_t siginfo; - pid_t tid; // the crashing thread. -- struct ucontext context; -+ ucontext_t context; - #if !defined(__ARM_EABI__) && !defined(__mips__) - // #ifdef this out because FP state is not part of user ABI for Linux ARM. - // In case of MIPS Linux FP state is already part of struct -diff --git a/toolkit/crashreporter/google-breakpad/src/client/linux/microdump_writer/microdump_writer.cc b/toolkit/crashreporter/google-breakpad/src/client/linux/microdump_writer/microdump_writer.cc -index ff20bf36584c876b..a0b90e08fc5f0cff 100644 ---- a/toolkit/crashreporter/google-breakpad/src/client/linux/microdump_writer/microdump_writer.cc -+++ b/toolkit/crashreporter/google-breakpad/src/client/linux/microdump_writer/microdump_writer.cc -@@ -571,7 +571,7 @@ class MicrodumpWriter { - - void* Alloc(unsigned bytes) { return dumper_->allocator()->Alloc(bytes); } - -- const struct ucontext* const ucontext_; -+ const ucontext_t* const ucontext_; - #if !defined(__ARM_EABI__) && !defined(__mips__) - const google_breakpad::fpstate_t* const float_state_; - #endif -diff --git a/toolkit/crashreporter/google-breakpad/src/client/linux/minidump_writer/minidump_writer.cc b/toolkit/crashreporter/google-breakpad/src/client/linux/minidump_writer/minidump_writer.cc -index 0650bb95c179464a..6b5304bcd605ca3a 100644 ---- a/toolkit/crashreporter/google-breakpad/src/client/linux/minidump_writer/minidump_writer.cc -+++ b/toolkit/crashreporter/google-breakpad/src/client/linux/minidump_writer/minidump_writer.cc -@@ -1247,7 +1247,7 @@ class MinidumpWriter { - const int fd_; // File descriptor where the minidum should be written. - const char* path_; // Path to the file where the minidum should be written. - -- const struct ucontext* const ucontext_; // also from the signal handler -+ const ucontext_t* const ucontext_; // also from the signal handler - #if !defined(__ARM_EABI__) && !defined(__mips__) - const google_breakpad::fpstate_t* const float_state_; // ditto - #endif --- -2.14.1 diff --git a/gnu/packages/patches/icecat-use-system-graphite2.patch b/gnu/packages/patches/icecat-use-system-graphite2.patch new file mode 100644 index 0000000000..188fba2bc9 --- /dev/null +++ b/gnu/packages/patches/icecat-use-system-graphite2.patch @@ -0,0 +1,248 @@ +Copied from <https://reviewboard.mozilla.org/r/90218/diff/4> +See <https://bugzilla.mozilla.org/show_bug.cgi?id=847568> + +diff --git a/config/Makefile.in b/config/Makefile.in +--- a/config/Makefile.in ++++ b/config/Makefile.in +@@ -36,16 +36,17 @@ ifdef WRAP_SYSTEM_INCLUDES + export-preqs = \ + $(call mkdir_deps,system_wrappers) \ + $(NULL) + + export:: $(export-preqs) + $(PYTHON) -m mozbuild.action.preprocessor $(DEFINES) $(ACDEFINES) \ + -DMOZ_TREE_CAIRO=$(MOZ_TREE_CAIRO) \ + -DMOZ_TREE_PIXMAN=$(MOZ_TREE_PIXMAN) \ ++ -DMOZ_SYSTEM_GRAPHITE2=$(MOZ_SYSTEM_GRAPHITE2) \ + -DMOZ_SYSTEM_HARFBUZZ=$(MOZ_SYSTEM_HARFBUZZ) \ + -DMOZ_SYSTEM_HUNSPELL=$(MOZ_SYSTEM_HUNSPELL) \ + -DMOZ_SYSTEM_BZ2=$(MOZ_SYSTEM_BZ2) \ + -DMOZ_SYSTEM_ZLIB=$(MOZ_SYSTEM_ZLIB) \ + -DMOZ_SYSTEM_PNG=$(MOZ_SYSTEM_PNG) \ + -DMOZ_SYSTEM_JPEG=$(MOZ_SYSTEM_JPEG) \ + -DMOZ_SYSTEM_LIBEVENT=$(MOZ_SYSTEM_LIBEVENT) \ + -DMOZ_SYSTEM_LIBVPX=$(MOZ_SYSTEM_LIBVPX) \ +diff --git a/config/system-headers b/config/system-headers +--- a/config/system-headers ++++ b/config/system-headers +@@ -1260,16 +1260,20 @@ zlib.h + #ifdef MOZ_ENABLE_STARTUP_NOTIFICATION + libsn/sn.h + libsn/sn-common.h + libsn/sn-launchee.h + libsn/sn-launcher.h + libsn/sn-monitor.h + libsn/sn-util.h + #endif ++#if MOZ_SYSTEM_GRAPHITE2==1 ++graphite2/Font.h ++graphite2/Segment.h ++#endif + #if MOZ_SYSTEM_HARFBUZZ==1 + harfbuzz/hb-glib.h + harfbuzz/hb-ot.h + harfbuzz/hb.h + #endif + #if MOZ_SYSTEM_HUNSPELL==1 + hunspell.hxx + #endif +diff --git a/gfx/graphite2/moz-gr-update.sh b/gfx/graphite2/moz-gr-update.sh +--- a/gfx/graphite2/moz-gr-update.sh ++++ b/gfx/graphite2/moz-gr-update.sh +@@ -1,11 +1,12 @@ + #!/bin/bash + + # Script used to update the Graphite2 library in the mozilla source tree ++# and bump version for --with-system-graphite2 + + # This script lives in gfx/graphite2, along with the library source, + # but must be run from the top level of the mozilla-central tree. + + # Run as + # + # ./gfx/graphite2/moz-gr-update.sh RELEASE + # +@@ -32,22 +33,26 @@ echo "This directory contains the Graphi + echo "$TARBALL" >> gfx/graphite2/README.mozilla + echo "" + echo "See" $0 "for update procedure." >> gfx/graphite2/README.mozilla + + # fix up includes because of bug 721839 (cstdio) and bug 803066 (Windows.h) + #find gfx/graphite2/ -name "*.cpp" -exec perl -p -i -e "s/<cstdio>/<stdio.h>/;s/Windows.h/windows.h/;" {} \; + #find gfx/graphite2/ -name "*.h" -exec perl -p -i -e "s/<cstdio>/<stdio.h>/;s/Windows.h/windows.h/;" {} \; + ++# chase version for --with-system-graphite2 ++perl -p -i -e "s/[0-9]+\,[0-9]+\,[0-9]+/$RELEASE/ and tr/./,/ \ ++ if /GR2_VERSION_REQUIRE/" old-configure.in ++ + # summarize what's been touched + echo Updated to $RELEASE. + echo Here is what changed in the gfx/graphite2 directory: + echo + +-hg stat gfx/graphite2 ++hg stat old-configure.in gfx/graphite2 + + echo + echo If gfx/graphite2/src/files.mk has changed, please make corresponding + echo changes to gfx/graphite2/src/moz.build + echo + + echo + echo Now use hg commands to create a patch for the mozilla tree. +diff --git a/gfx/moz.build b/gfx/moz.build +--- a/gfx/moz.build ++++ b/gfx/moz.build +@@ -2,28 +2,30 @@ + # vim: set filetype=python: + # This Source Code Form is subject to the terms of the Mozilla Public + # License, v. 2.0. If a copy of the MPL was not distributed with this + # file, You can obtain one at http://mozilla.org/MPL/2.0/. + + if CONFIG['MOZ_TREE_CAIRO']: + DIRS += ['cairo'] + ++if not CONFIG['MOZ_SYSTEM_GRAPHITE2']: ++ DIRS += ['graphite2/src' ] ++ + if not CONFIG['MOZ_SYSTEM_HARFBUZZ']: + DIRS += ['harfbuzz/src'] + + DIRS += [ + '2d', + 'ycbcr', + 'angle', + 'src', + 'qcms', + 'gl', + 'layers', +- 'graphite2/src', + 'ots/src', + 'thebes', + 'ipc', + 'vr', + 'config', + ] + + if CONFIG['MOZ_ENABLE_SKIA']: +diff --git a/gfx/thebes/moz.build b/gfx/thebes/moz.build +--- a/gfx/thebes/moz.build ++++ b/gfx/thebes/moz.build +@@ -261,16 +261,19 @@ if CONFIG['MOZ_WIDGET_TOOLKIT'] in ('and + CXXFLAGS += CONFIG['CAIRO_FT_CFLAGS'] + + if CONFIG['MOZ_WIDGET_TOOLKIT'] in ('gtk2', 'gtk3'): + CXXFLAGS += CONFIG['MOZ_PANGO_CFLAGS'] + + LOCAL_INCLUDES += CONFIG['SKIA_INCLUDES'] + LOCAL_INCLUDES += ['/media/libyuv/include'] + +-DEFINES['GRAPHITE2_STATIC'] = True ++if CONFIG['MOZ_SYSTEM_GRAPHITE2']: ++ CXXFLAGS += CONFIG['MOZ_GRAPHITE2_CFLAGS'] ++else: ++ DEFINES['GRAPHITE2_STATIC'] = True + + if CONFIG['MOZ_SYSTEM_HARFBUZZ']: + CXXFLAGS += CONFIG['MOZ_HARFBUZZ_CFLAGS'] + + if CONFIG['CLANG_CXX']: + # Suppress warnings from Skia header files. + SOURCES['gfxPlatform.cpp'].flags += ['-Wno-implicit-fallthrough'] +diff --git a/moz.configure b/moz.configure +--- a/moz.configure ++++ b/moz.configure +@@ -260,16 +260,28 @@ def extra_programs(target): + + check_prog('DSYMUTIL', delayed_getattr(extra_programs, 'DSYMUTIL'), + allow_missing=True) + check_prog('GENISOIMAGE', delayed_getattr(extra_programs, 'GENISOIMAGE'), + allow_missing=True) + check_prog('RPMBUILD', delayed_getattr(extra_programs, 'RPMBUILD'), + allow_missing=True) + ++option('--with-system-graphite2', ++ help="Use system graphite2 (located with pkgconfig)") ++ ++@depends('--with-system-graphite2', compile_environment) ++def check_for_graphite2(value, compile_env): ++ return value and compile_env ++ ++system_graphite2 = pkg_check_modules('MOZ_GRAPHITE2', 'graphite2', ++ check_for_graphite2) ++ ++set_config('MOZ_SYSTEM_GRAPHITE2', depends_if(system_graphite2)(lambda _: True)) ++ + option('--with-system-harfbuzz', + help="Use system harfbuzz (located with pkgconfig)") + + @depends('--with-system-harfbuzz', compile_environment) + def check_for_harfbuzz(value, compile_env): + return value and compile_env + + system_harfbuzz = pkg_check_modules('MOZ_HARFBUZZ', 'harfbuzz >= 1.3.3', +diff --git a/old-configure.in b/old-configure.in +--- a/old-configure.in ++++ b/old-configure.in +@@ -5060,16 +5060,37 @@ if test "$USE_FC_FREETYPE"; then + CPPFLAGS="$CPPFLAGS $FT2_CFLAGS $XCFLAGS" + MOZ_CHECK_HEADERS([fontconfig/fcfreetype.h], , + [AC_MSG_ERROR(Can't find header fontconfig/fcfreetype.h.)], [#include <fontconfig/fontconfig.h>]) + CPPFLAGS="$_SAVE_CPPFLAGS" + fi + fi + + dnl ======================================================== ++dnl Check for graphite2 ++dnl ======================================================== ++if test -n "$MOZ_SYSTEM_GRAPHITE2"; then ++ dnl graphite2.pc has bogus version, check manually ++ _SAVE_CFLAGS=$CFLAGS ++ CFLAGS="$CFLAGS $MOZ_GRAPHITE2_CFLAGS" ++ AC_TRY_COMPILE([ #include <graphite2/Font.h> ++ #define GR2_VERSION_REQUIRE(major,minor,bugfix) \ ++ ( GR2_VERSION_MAJOR * 10000 + GR2_VERSION_MINOR \ ++ * 100 + GR2_VERSION_BUGFIX >= \ ++ (major) * 10000 + (minor) * 100 + (bugfix) ) ++ ], [ ++ #if !GR2_VERSION_REQUIRE(1,3,8) ++ #error "Insufficient graphite2 version." ++ #endif ++ ], [], ++ [AC_MSG_ERROR([--with-system-graphite2 requested but no working libgraphite2 found])]) ++ CFLAGS=$_SAVE_CFLAGS ++fi ++ ++dnl ======================================================== + dnl Check for pixman and cairo + dnl ======================================================== + + MOZ_TREE_CAIRO=1 + MOZ_ARG_ENABLE_BOOL(system-cairo, + [ --enable-system-cairo Use system cairo (located with pkgconfig)], + MOZ_TREE_CAIRO=, + MOZ_TREE_CAIRO=1 ) +diff --git a/toolkit/library/moz.build b/toolkit/library/moz.build +--- a/toolkit/library/moz.build ++++ b/toolkit/library/moz.build +@@ -221,16 +221,19 @@ if CONFIG['SERVO_TARGET_DIR']: + OS_LIBS += ['-L%s' % CONFIG['SERVO_TARGET_DIR'], '-lgeckoservo'] + + if CONFIG['MOZ_SYSTEM_JPEG']: + OS_LIBS += CONFIG['MOZ_JPEG_LIBS'] + + if CONFIG['MOZ_SYSTEM_PNG']: + OS_LIBS += CONFIG['MOZ_PNG_LIBS'] + ++if CONFIG['MOZ_SYSTEM_GRAPHITE2']: ++ OS_LIBS += CONFIG['MOZ_GRAPHITE2_LIBS'] ++ + if CONFIG['MOZ_SYSTEM_HARFBUZZ']: + OS_LIBS += CONFIG['MOZ_HARFBUZZ_LIBS'] + + if CONFIG['MOZ_SYSTEM_HUNSPELL']: + OS_LIBS += CONFIG['MOZ_HUNSPELL_LIBS'] + + if CONFIG['MOZ_SYSTEM_LIBEVENT']: + OS_LIBS += CONFIG['MOZ_LIBEVENT_LIBS'] + diff --git a/gnu/packages/patches/icecat-use-system-harfbuzz.patch b/gnu/packages/patches/icecat-use-system-harfbuzz.patch new file mode 100644 index 0000000000..083d404c13 --- /dev/null +++ b/gnu/packages/patches/icecat-use-system-harfbuzz.patch @@ -0,0 +1,279 @@ +Copied from <https://reviewboard.mozilla.org/r/35763/diff/9> +See <https://bugzilla.mozilla.org/show_bug.cgi?id=847568> + +diff --git a/config/Makefile.in b/config/Makefile.in +--- a/config/Makefile.in ++++ b/config/Makefile.in +@@ -36,16 +36,17 @@ ifdef WRAP_SYSTEM_INCLUDES + export-preqs = \ + $(call mkdir_deps,system_wrappers) \ + $(NULL) + + export:: $(export-preqs) + $(PYTHON) -m mozbuild.action.preprocessor $(DEFINES) $(ACDEFINES) \ + -DMOZ_TREE_CAIRO=$(MOZ_TREE_CAIRO) \ + -DMOZ_TREE_PIXMAN=$(MOZ_TREE_PIXMAN) \ ++ -DMOZ_SYSTEM_HARFBUZZ=$(MOZ_SYSTEM_HARFBUZZ) \ + -DMOZ_SYSTEM_HUNSPELL=$(MOZ_SYSTEM_HUNSPELL) \ + -DMOZ_SYSTEM_BZ2=$(MOZ_SYSTEM_BZ2) \ + -DMOZ_SYSTEM_ZLIB=$(MOZ_SYSTEM_ZLIB) \ + -DMOZ_SYSTEM_PNG=$(MOZ_SYSTEM_PNG) \ + -DMOZ_SYSTEM_JPEG=$(MOZ_SYSTEM_JPEG) \ + -DMOZ_SYSTEM_LIBEVENT=$(MOZ_SYSTEM_LIBEVENT) \ + -DMOZ_SYSTEM_LIBVPX=$(MOZ_SYSTEM_LIBVPX) \ + -DMOZ_SYSTEM_ICU=$(MOZ_SYSTEM_ICU) \ +diff --git a/config/system-headers b/config/system-headers +--- a/config/system-headers ++++ b/config/system-headers +@@ -1260,16 +1260,21 @@ zlib.h + #ifdef MOZ_ENABLE_STARTUP_NOTIFICATION + libsn/sn.h + libsn/sn-common.h + libsn/sn-launchee.h + libsn/sn-launcher.h + libsn/sn-monitor.h + libsn/sn-util.h + #endif ++#if MOZ_SYSTEM_HARFBUZZ==1 ++harfbuzz/hb-glib.h ++harfbuzz/hb-ot.h ++harfbuzz/hb.h ++#endif + #if MOZ_SYSTEM_HUNSPELL==1 + hunspell.hxx + #endif + #if MOZ_SYSTEM_BZ2==1 + bzlib.h + #endif + #ifdef MOZ_ENABLE_GIO + gio/gio.h +diff --git a/dom/base/moz.build b/dom/base/moz.build +--- a/dom/base/moz.build ++++ b/dom/base/moz.build +@@ -474,16 +474,19 @@ for var in ('MOZ_B2G_RIL'): + DEFINES[var] = True + + if CONFIG['MOZ_BUILD_APP'] in ['browser', 'mobile/android', 'xulrunner']: + DEFINES['HAVE_SIDEBAR'] = True + + if CONFIG['MOZ_X11']: + CXXFLAGS += CONFIG['TK_CFLAGS'] + ++if CONFIG['MOZ_SYSTEM_HARFBUZZ']: ++ CXXFLAGS += CONFIG['MOZ_HARFBUZZ_CFLAGS'] ++ + GENERATED_FILES += [ + 'PropertyUseCounterMap.inc', + 'UseCounterList.h', + ] + + countermap = GENERATED_FILES['PropertyUseCounterMap.inc'] + countermap.script = 'gen-usecounters.py:property_map' + countermap.inputs = ['UseCounters.conf'] +diff --git a/gfx/harfbuzz/README-mozilla b/gfx/harfbuzz/README-mozilla +--- a/gfx/harfbuzz/README-mozilla ++++ b/gfx/harfbuzz/README-mozilla +@@ -14,8 +14,13 @@ this file when updating harfbuzz, and ch + + The normal approach to updating harfbuzz, therefore, is to pull the latest HB + source into a scratch directory and do a local build; then copy the original + sources AND the generated header mentioned above from the build directory into + the mozilla tree. + + If the collection of source files changes, manual updates to moz.build may be + needed, as we don't use the upstream makefiles. ++ ++The in-tree copy may be omitted during build by --with-system-harfbuzz. ++Make sure to keep pkg-config version check within old-configure.in in sync ++with checkout version or increment latest tag by one if it's not based ++on upstream release. +diff --git a/gfx/moz.build b/gfx/moz.build +--- a/gfx/moz.build ++++ b/gfx/moz.build +@@ -2,26 +2,28 @@ + # vim: set filetype=python: + # This Source Code Form is subject to the terms of the Mozilla Public + # License, v. 2.0. If a copy of the MPL was not distributed with this + # file, You can obtain one at http://mozilla.org/MPL/2.0/. + + if CONFIG['MOZ_TREE_CAIRO']: + DIRS += ['cairo'] + ++if not CONFIG['MOZ_SYSTEM_HARFBUZZ']: ++ DIRS += ['harfbuzz/src'] ++ + DIRS += [ + '2d', + 'ycbcr', + 'angle', + 'src', + 'qcms', + 'gl', + 'layers', + 'graphite2/src', +- 'harfbuzz/src', + 'ots/src', + 'thebes', + 'ipc', + 'vr', + 'config', + ] + + if CONFIG['MOZ_ENABLE_SKIA']: +diff --git a/gfx/skia/generate_mozbuild.py b/gfx/skia/generate_mozbuild.py +--- a/gfx/skia/generate_mozbuild.py ++++ b/gfx/skia/generate_mozbuild.py +@@ -138,16 +138,19 @@ if CONFIG['GNU_CXX'] and not CONFIG['CLA + if CONFIG['CLANG_CXX'] or CONFIG['CLANG_CL']: + CXXFLAGS += [ + '-Wno-implicit-fallthrough', + '-Wno-inconsistent-missing-override', + '-Wno-macro-redefined', + '-Wno-unused-private-field', + ] + ++if CONFIG['MOZ_SYSTEM_HARFBUZZ']: ++ CXXFLAGS += CONFIG['MOZ_HARFBUZZ_CFLAGS'] ++ + if CONFIG['MOZ_WIDGET_TOOLKIT'] in ('gtk2', 'gtk3', 'android'): + CXXFLAGS += CONFIG['MOZ_CAIRO_CFLAGS'] + CXXFLAGS += CONFIG['CAIRO_FT_CFLAGS'] + + if CONFIG['MOZ_WIDGET_TOOLKIT'] in ('gtk2', 'gtk3'): + CXXFLAGS += CONFIG['MOZ_PANGO_CFLAGS'] + """ + +diff --git a/gfx/skia/moz.build b/gfx/skia/moz.build +--- a/gfx/skia/moz.build ++++ b/gfx/skia/moz.build +@@ -748,14 +748,17 @@ if CONFIG['GNU_CXX'] and not CONFIG['CLA + if CONFIG['CLANG_CXX'] or CONFIG['CLANG_CL']: + CXXFLAGS += [ + '-Wno-implicit-fallthrough', + '-Wno-inconsistent-missing-override', + '-Wno-macro-redefined', + '-Wno-unused-private-field', + ] + ++if CONFIG['MOZ_SYSTEM_HARFBUZZ']: ++ CXXFLAGS += CONFIG['MOZ_HARFBUZZ_CFLAGS'] ++ + if CONFIG['MOZ_WIDGET_TOOLKIT'] in ('gtk2', 'gtk3', 'android'): + CXXFLAGS += CONFIG['MOZ_CAIRO_CFLAGS'] + CXXFLAGS += CONFIG['CAIRO_FT_CFLAGS'] + + if CONFIG['MOZ_WIDGET_TOOLKIT'] in ('gtk2', 'gtk3'): + CXXFLAGS += CONFIG['MOZ_PANGO_CFLAGS'] +diff --git a/gfx/thebes/moz.build b/gfx/thebes/moz.build +--- a/gfx/thebes/moz.build ++++ b/gfx/thebes/moz.build +@@ -263,11 +263,14 @@ if CONFIG['MOZ_WIDGET_TOOLKIT'] in ('and + if CONFIG['MOZ_WIDGET_TOOLKIT'] in ('gtk2', 'gtk3'): + CXXFLAGS += CONFIG['MOZ_PANGO_CFLAGS'] + + LOCAL_INCLUDES += CONFIG['SKIA_INCLUDES'] + LOCAL_INCLUDES += ['/media/libyuv/include'] + + DEFINES['GRAPHITE2_STATIC'] = True + ++if CONFIG['MOZ_SYSTEM_HARFBUZZ']: ++ CXXFLAGS += CONFIG['MOZ_HARFBUZZ_CFLAGS'] ++ + if CONFIG['CLANG_CXX']: + # Suppress warnings from Skia header files. + SOURCES['gfxPlatform.cpp'].flags += ['-Wno-implicit-fallthrough'] +diff --git a/intl/unicharutil/util/moz.build b/intl/unicharutil/util/moz.build +--- a/intl/unicharutil/util/moz.build ++++ b/intl/unicharutil/util/moz.build +@@ -37,9 +37,12 @@ if CONFIG['_MSC_VER']: + DEFINES['_USE_ANSI_CPP'] = True + # Don't include directives about which CRT to use + CFLAGS += ['-Zl'] + CXXFLAGS += ['-Zl'] + + if CONFIG['ENABLE_INTL_API']: + USE_LIBS += ['icu'] + ++if CONFIG['MOZ_SYSTEM_HARFBUZZ']: ++ CXXFLAGS += CONFIG['MOZ_HARFBUZZ_CFLAGS'] ++ + DIST_INSTALL = True +diff --git a/moz.configure b/moz.configure +--- a/moz.configure ++++ b/moz.configure +@@ -260,16 +260,28 @@ def extra_programs(target): + + check_prog('DSYMUTIL', delayed_getattr(extra_programs, 'DSYMUTIL'), + allow_missing=True) + check_prog('GENISOIMAGE', delayed_getattr(extra_programs, 'GENISOIMAGE'), + allow_missing=True) + check_prog('RPMBUILD', delayed_getattr(extra_programs, 'RPMBUILD'), + allow_missing=True) + ++option('--with-system-harfbuzz', ++ help="Use system harfbuzz (located with pkgconfig)") ++ ++@depends('--with-system-harfbuzz', compile_environment) ++def check_for_harfbuzz(value, compile_env): ++ return value and compile_env ++ ++system_harfbuzz = pkg_check_modules('MOZ_HARFBUZZ', 'harfbuzz >= 1.3.3', ++ check_for_harfbuzz) ++ ++set_config('MOZ_SYSTEM_HARFBUZZ', depends_if(system_harfbuzz)(lambda _: True)) ++ + option('--enable-system-hunspell', + help="Use system hunspell (located with pkgconfig)") + + @depends('--enable-system-hunspell', compile_environment) + def check_for_hunspell(value, compile_env): + return value and compile_env + + system_hunspell = pkg_check_modules('MOZ_HUNSPELL', 'hunspell', +diff --git a/netwerk/dns/moz.build b/netwerk/dns/moz.build +--- a/netwerk/dns/moz.build ++++ b/netwerk/dns/moz.build +@@ -61,16 +61,19 @@ etld_data = GENERATED_FILES['etld_data.i + etld_data.script = 'prepare_tlds.py' + etld_data.inputs = ['effective_tld_names.dat'] + + # need to include etld_data.inc + LOCAL_INCLUDES += [ + '/netwerk/base', + ] + ++if CONFIG['MOZ_SYSTEM_HARFBUZZ']: ++ CXXFLAGS += CONFIG['MOZ_HARFBUZZ_CFLAGS'] ++ + if CONFIG['ENABLE_INTL_API']: + DEFINES['IDNA2008'] = True + USE_LIBS += ['icu'] + else: + UNIFIED_SOURCES += [ + 'nameprep.c', + ] + +diff --git a/toolkit/library/moz.build b/toolkit/library/moz.build +--- a/toolkit/library/moz.build ++++ b/toolkit/library/moz.build +@@ -221,16 +221,19 @@ if CONFIG['SERVO_TARGET_DIR']: + OS_LIBS += ['-L%s' % CONFIG['SERVO_TARGET_DIR'], '-lgeckoservo'] + + if CONFIG['MOZ_SYSTEM_JPEG']: + OS_LIBS += CONFIG['MOZ_JPEG_LIBS'] + + if CONFIG['MOZ_SYSTEM_PNG']: + OS_LIBS += CONFIG['MOZ_PNG_LIBS'] + ++if CONFIG['MOZ_SYSTEM_HARFBUZZ']: ++ OS_LIBS += CONFIG['MOZ_HARFBUZZ_LIBS'] ++ + if CONFIG['MOZ_SYSTEM_HUNSPELL']: + OS_LIBS += CONFIG['MOZ_HUNSPELL_LIBS'] + + if CONFIG['MOZ_SYSTEM_LIBEVENT']: + OS_LIBS += CONFIG['MOZ_LIBEVENT_LIBS'] + + if CONFIG['MOZ_SYSTEM_LIBVPX']: + OS_LIBS += CONFIG['MOZ_LIBVPX_LIBS'] + diff --git a/gnu/packages/patches/java-xerces-bootclasspath.patch b/gnu/packages/patches/java-xerces-bootclasspath.patch new file mode 100644 index 0000000000..efaa548a62 --- /dev/null +++ b/gnu/packages/patches/java-xerces-bootclasspath.patch @@ -0,0 +1,38 @@ +Based on https://anonscm.debian.org/viewvc/pkg-java/trunk/libxerces2-java/debian/patches/03_bootclasspath.patch?revision=14509, adopted for guix + +--- xerces-2_11_0/build.xml.orig 2010-11-26 21:42:11.000000000 +0100 ++++ xerces-2_11_0/build.xml 2017-03-28 14:04:41.946606996 +0200 +@@ -290,13 +290,14 @@ + destdir="${build.dest}" + source="${javac.source}" + target="${javac.target}" +- classpath="${build.dir}/classes:${tools.dir}/${jar.apis}:${tools.dir}/${jar.resolver}:${tools.dir}/${jar.serializer}" ++ classpath="${build.dir}/classes:${jar.jaxp}:${jar.apis-ext}:${jar.resolver}" + debug="${debug}" nowarn="true" + debuglevel="${debuglevel}" + deprecation="${deprecation}" + optimize="${optimize}" + includeAntRuntime="false" +- includeJavaRuntime="false" ++ includeJavaRuntime="true" ++ bootclasspath="${jar.jaxp}:${jar.apis-ext}:${jar.resolver}" + excludes="org/xml/sax/** + javax/xml/** + org/w3c/dom/* +@@ -1451,13 +1452,14 @@ + destdir="${build.dest}" + source="${javac.source}" + target="${javac.target}" +- classpath="${build.dir}/classes:${tools.dir}/${jar.apis}:${tools.dir}/${jar.resolver}:${tools.dir}/${jar.serializer}" ++ classpath="${build.dir}/classes:${jar.jaxp}:${jar.apis-ext}:${jar.resolver}" + debug="${debug}" + debuglevel="${debuglevel}" + deprecation="${deprecation}" + optimize="${optimize}" + includeAntRuntime="false" +- includeJavaRuntime="false" ++ includeJavaRuntime="true" ++ bootclasspath="${jar.jaxp}:${jar.apis-ext}:${jar.resolver}" + excludes="org/xml/sax/** + javax/xml/** + org/w3c/dom/* diff --git a/gnu/packages/patches/java-xerces-build_dont_unzip.patch b/gnu/packages/patches/java-xerces-build_dont_unzip.patch new file mode 100644 index 0000000000..2ff5628865 --- /dev/null +++ b/gnu/packages/patches/java-xerces-build_dont_unzip.patch @@ -0,0 +1,44 @@ +Don't unzip the sources which were bundled originally. Guix strips them from +the source and uses pre-build packages. + +Taken from https://anonscm.debian.org/viewvc/pkg-java/trunk/libxerces2-java/debian/patches/02_build_dont_unzip.patch?revision=14507 + +Index: b/build.xml +=================================================================== +--- a/build.xml ++++ b/build.xml +@@ -247,7 +247,7 @@ + <copy file="${src.dir}/org/apache/xerces/impl/xpath/regex/message.properties" + tofile="${build.src}/org/apache/xerces/impl/xpath/regex/message_en.properties"/> + +- <!-- now deal with API's: --> ++ <!-- not needed for Debian + <unzip src="${src.apis.zip}" dest="${build.src}"> + <patternset + includes="org/xml/sax/** +@@ -270,6 +270,7 @@ + org/w3c/dom/xpath/**" + /> + </unzip> ++ --> + + <!-- substitute tokens as needed --> + <replace file="${build.dir}/src/org/apache/xerces/impl/Version.java" +@@ -1232,7 +1233,7 @@ + <replace file="${build.dir}/src/org/apache/xerces/parsers/AbstractSAXParser.java" + token="return (fConfiguration instanceof XML11Configurable);" value="return false;"/> + +- <!-- now deal with API's: --> ++ <!-- not needed for Debian + <unzip src="${src.apis.zip}" dest="${build.src}"> + <patternset + includes="org/xml/sax/** +@@ -1255,7 +1256,7 @@ + org/w3c/dom/xpath/**" + /> + </unzip> +- ++ --> + + <!-- substitute tokens as needed --> + <replace file="${build.dir}/src/org/apache/xerces/impl/Version.java" diff --git a/gnu/packages/patches/java-xerces-xjavac_taskdef.patch b/gnu/packages/patches/java-xerces-xjavac_taskdef.patch new file mode 100644 index 0000000000..4f5d008c28 --- /dev/null +++ b/gnu/packages/patches/java-xerces-xjavac_taskdef.patch @@ -0,0 +1,45 @@ +This patch eliminates the need for providing "xjavac", which saves building a +package for the unmaintained "xerces-tools". + +Taken from https://anonscm.debian.org/viewvc/pkg-java/trunk/libxerces2-java/debian/patches/01_xjavac_taskdef.patch?revision=14507 + +Index: b/build.xml +=================================================================== +--- a/build.xml ++++ b/build.xml +@@ -39,7 +39,7 @@ + <property name="tools.dir" value="./tools"/> + + <!-- enable compilation under JDK 1.4 and above --> +- <taskdef name="xjavac" classname="org.apache.xerces.util.XJavac"> ++ <taskdef name="xjavac" classname="org.apache.tools.ant.taskdefs.Javac"> + <classpath> + <pathelement location="${tools.dir}/bin/xjavac.jar"/> + </classpath> +@@ -291,7 +291,7 @@ + source="${javac.source}" + target="${javac.target}" + classpath="${build.dir}/classes:${tools.dir}/${jar.apis}:${tools.dir}/${jar.resolver}:${tools.dir}/${jar.serializer}" +- debug="${debug}" ++ debug="${debug}" nowarn="true" + debuglevel="${debuglevel}" + deprecation="${deprecation}" + optimize="${optimize}" +@@ -359,7 +359,7 @@ + source="${javac.source}" + target="${javac.target}" + classpath="${build.dir}/classes:${tools.dir}/${jar.apis}" +- debug="${debug}" ++ debug="${debug}" nowarn="true" + debuglevel="${debuglevel}" + includeAntRuntime="false" + includeJavaRuntime="true"/> +@@ -379,7 +379,7 @@ + source="${javac.source}" + target="${javac.target}" + classpath="${tools.dir}/${jar.apis}:${build.dir}/classes:./tools/junit.jar" +- debug="${debug}" ++ debug="${debug}" nowarn="true" + debuglevel="${debuglevel}" + includeAntRuntime="false" + includeJavaRuntime="true"/> diff --git a/gnu/packages/patches/ktexteditor-5.39.0-autotests-dependencies.patch b/gnu/packages/patches/ktexteditor-5.39.0-autotests-dependencies.patch deleted file mode 100644 index 01a0e572cc..0000000000 --- a/gnu/packages/patches/ktexteditor-5.39.0-autotests-dependencies.patch +++ /dev/null @@ -1,49 +0,0 @@ -Add missing dependencies, see <https://phabricator.kde.org/D8577>. - -diff -r -U5 ktexteditor-5.39.0.orig/autotests/CMakeLists.txt ktexteditor-5.39.0/autotests/CMakeLists.txt ---- ktexteditor-5.39.0.orig/autotests/CMakeLists.txt 2017-10-31 16:28:45.018163060 +0100 -+++ ktexteditor-5.39.0/autotests/CMakeLists.txt 2017-10-31 16:28:16.439559888 +0100 -@@ -37,10 +37,11 @@ - set (KTEXTEDITOR_TEST_LINK_LIBS KF5TextEditor - KF5::I18n - KF5::IconThemes - KF5::GuiAddons - Qt5::Qml -+ Qt5::Script - ) - - include(ECMMarkAsTest) - - # test executable for encoding -diff -r -U5 ktexteditor-5.39.0.orig/CMakeLists.txt ktexteditor-5.39.0/CMakeLists.txt ---- ktexteditor-5.39.0.orig/CMakeLists.txt 2017-10-31 16:28:38.578252490 +0100 -+++ ktexteditor-5.39.0/CMakeLists.txt 2017-10-31 16:30:24.656778737 +0100 -@@ -38,11 +38,12 @@ - - # Dependencies - set(REQUIRED_QT_VERSION 5.7.0) - - # Required Qt5 components to build this framework --find_package(Qt5 ${REQUIRED_QT_VERSION} NO_MODULE REQUIRED Core Widgets Qml PrintSupport Xml XmlPatterns) -+find_package(Qt5 ${REQUIRED_QT_VERSION} NO_MODULE REQUIRED Core Widgets Qml -+ Script PrintSupport Xml XmlPatterns) - - find_package(KF5Archive ${KF5_DEP_VERSION} REQUIRED) - find_package(KF5Config ${KF5_DEP_VERSION} REQUIRED) - find_package(KF5GuiAddons ${KF5_DEP_VERSION} REQUIRED) - find_package(KF5I18n ${KF5_DEP_VERSION} REQUIRED) -diff -r -U5 ktexteditor-5.39.0/autotests/src/vimode/CMakeLists.txt ktexteditor-5.39.0.new/autotests/src/vimode/CMakeLists.txt ---- ktexteditor-5.39.0/autotests/src/vimode/CMakeLists.txt 1970-01-01 01:00:00.000000000 +0100 -+++ ktexteditor-5.39.0.new/autotests/src/vimode/CMakeLists.txt 2017-10-31 16:58:29.909003953 +0100 -@@ -4,10 +4,11 @@ - ${CMAKE_SOURCE_DIR}/src/vimode - ) - - set (VIMODE_TEST_LINK_LIBS KF5TextEditor - KF5::I18n -+ Qt5::Qml - Qt5::Test - ) - - macro(vimode_unit_test) - ecm_add_test(${ARGN} TEST_NAME "vimode_${ARGV0}" diff --git a/gnu/packages/patches/libexif-CVE-2016-6328.patch b/gnu/packages/patches/libexif-CVE-2016-6328.patch new file mode 100644 index 0000000000..67fee0f528 --- /dev/null +++ b/gnu/packages/patches/libexif-CVE-2016-6328.patch @@ -0,0 +1,72 @@ +Fix CVE-2016-6328: + +https://bugzilla.redhat.com/show_bug.cgi?id=1366239 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328 + +Patch copied from upstream source repository: + +https://github.com/libexif/libexif/commit/41bd04234b104312f54d25822f68738ba8d7133d + +From 41bd04234b104312f54d25822f68738ba8d7133d Mon Sep 17 00:00:00 2001 +From: Marcus Meissner <marcus@jet.franken.de> +Date: Tue, 25 Jul 2017 23:44:44 +0200 +Subject: [PATCH] fixes some (not all) buffer overreads during decoding pentax + makernote entries. + +This should fix: +https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328 +--- + libexif/pentax/mnote-pentax-entry.c | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c +index d03d159..ea0429a 100644 +--- a/libexif/pentax/mnote-pentax-entry.c ++++ b/libexif/pentax/mnote-pentax-entry.c +@@ -425,24 +425,34 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry, + case EXIF_FORMAT_SHORT: + { + const unsigned char *data = entry->data; +- size_t k, len = strlen(val); ++ size_t k, len = strlen(val), sizeleft; ++ ++ sizeleft = entry->size; + for(k=0; k<entry->components; k++) { ++ if (sizeleft < 2) ++ break; + vs = exif_get_short (data, entry->order); + snprintf (val+len, maxlen-len, "%i ", vs); + len = strlen(val); + data += 2; ++ sizeleft -= 2; + } + } + break; + case EXIF_FORMAT_LONG: + { + const unsigned char *data = entry->data; +- size_t k, len = strlen(val); ++ size_t k, len = strlen(val), sizeleft; ++ ++ sizeleft = entry->size; + for(k=0; k<entry->components; k++) { ++ if (sizeleft < 4) ++ break; + vl = exif_get_long (data, entry->order); + snprintf (val+len, maxlen-len, "%li", (long int) vl); + len = strlen(val); + data += 4; ++ sizeleft -= 4; + } + } + break; +@@ -455,5 +465,5 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry, + break; + } + +- return (val); ++ return val; + } +-- +2.16.0 + diff --git a/gnu/packages/patches/libgnomeui-utf8.patch b/gnu/packages/patches/libgnomeui-utf8.patch new file mode 100644 index 0000000000..304d74e1e2 --- /dev/null +++ b/gnu/packages/patches/libgnomeui-utf8.patch @@ -0,0 +1,51 @@ +Fixes build with Python >= 3.6: + +------ +Making all in libgnomeui +make[2]: Entering directory '/tmp/guix-build-libgnomeui-2.24.5.drv-0/libgnomeui-2.24.5/libgnomeui' + GEN stamp-gnome-marshal.h + GEN stamp-gnometypebuiltins.h +INFO: Reading ./gnome-marshal.list... + GEN gnome-marshal.h +Traceback (most recent call last): + File "/gnu/store/azh1is0xknn4xphwj33iqcb5ic9qhk8l-glib-2.54.2-bin/bin/glib-mkenums", line 688, in <module> + process_file(fname) + File "/gnu/store/azh1is0xknn4xphwj33iqcb5ic9qhk8l-glib-2.54.2-bin/bin/glib-mkenums", line 420, in process_file + line = curfile.readline() + File "/gnu/store/3lkypf5wnsnvkaidhw0pv7k3yjfh1r9g-python-3.6.3/lib/python3.6/codecs.py", line 321, in decode + (result, consumed) = self._buffer_decode(data, self.errors, final) +UnicodeDecodeError: 'utf-8' codec can't decode byte 0xf1 in position 1009: invalid continuation byte +make[2]: *** [Makefile:1109: stamp-gnometypebuiltins.h] Error 1 +make[2]: Leaving directory '/tmp/guix-build-libgnomeui-2.24.5.drv-0/libgnomeui-2.24.5/libgnomeui' +make[1]: *** [Makefile:369: all-recursive] Error 1 +make[1]: Leaving directory '/tmp/guix-build-libgnomeui-2.24.5.drv-0/libgnomeui-2.24.5' +make: *** [Makefile:296: all] Error 2 +------ + +Patch copied from upstream source repository: + +https://git.gnome.org/browse/libgnomeui/commit/?id=30334c28794ef85d8973f4ed0779b5ceed6594f2 + +From 30334c28794ef85d8973f4ed0779b5ceed6594f2 Mon Sep 17 00:00:00 2001 +From: Colin Walters <walters@verbum.org> +Date: Mon, 7 Aug 2017 13:15:26 -0400 +Subject: [PATCH] gnome-scores.h: Convert to UTF-8 + +The new Python `glib-mkenums` barfs on ISO-8859-1 input. +--- + libgnomeui/gnome-scores.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libgnomeui/gnome-scores.h b/libgnomeui/gnome-scores.h +index 911b12d1..4e641d22 100644 +--- a/libgnomeui/gnome-scores.h ++++ b/libgnomeui/gnome-scores.h +@@ -27,7 +27,7 @@ + * "High Scores" Widget + * + * AUTHOR: +- * Horacio J. Peña <horape@compendium.com.ar> ++ * Horacio J. Peña <horape@compendium.com.ar> + * + * This is free software (under the terms of the GNU LGPL) + * diff --git a/gnu/packages/patches/libsndfile-CVE-2017-12562.patch b/gnu/packages/patches/libsndfile-CVE-2017-12562.patch new file mode 100644 index 0000000000..58cb242b10 --- /dev/null +++ b/gnu/packages/patches/libsndfile-CVE-2017-12562.patch @@ -0,0 +1,97 @@ +Fix CVE-2017-12562: + +https://github.com/erikd/libsndfile/issues/292 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12562 + +Patch copied from upstream source repository: + +https://github.com/erikd/libsndfile/commit/cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8 + +From cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=B6rn=20Heusipp?= <osmanx@problemloesungsmaschine.de> +Date: Wed, 14 Jun 2017 12:25:40 +0200 +Subject: [PATCH] src/common.c: Fix heap buffer overflows when writing strings + in binheader + +Fixes the following problems: + 1. Case 's' only enlarges the buffer by 16 bytes instead of size bytes. + 2. psf_binheader_writef() enlarges the header buffer (if needed) prior to the + big switch statement by an amount (16 bytes) which is enough for all cases + where only a single value gets added. Cases 's', 'S', 'p' however + additionally write an arbitrary length block of data and again enlarge the + buffer to the required amount. However, the required space calculation does + not take into account the size of the length field which gets output before + the data. + 3. Buffer size requirement calculation in case 'S' does not account for the + padding byte ("size += (size & 1) ;" happens after the calculation which + uses "size"). + 4. Case 'S' can overrun the header buffer by 1 byte when no padding is + involved + ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ;" while + the buffer is only guaranteed to have "size" space available). + 5. "psf->header.ptr [psf->header.indx] = 0 ;" in case 'S' always writes 1 byte + beyond the space which is guaranteed to be allocated in the header buffer. + 6. Case 's' can overrun the provided source string by 1 byte if padding is + involved ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;" + where "size" is "strlen (strptr) + 1" (which includes the 0 terminator, + plus optionally another 1 which is padding and not guaranteed to be + readable via the source string pointer). + +Closes: https://github.com/erikd/libsndfile/issues/292 +--- + src/common.c | 15 +++++++-------- + 1 file changed, 7 insertions(+), 8 deletions(-) + +diff --git a/src/common.c b/src/common.c +index 1a6204ca..6b2a2ee9 100644 +--- a/src/common.c ++++ b/src/common.c +@@ -681,16 +681,16 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...) + /* Write a C string (guaranteed to have a zero terminator). */ + strptr = va_arg (argptr, char *) ; + size = strlen (strptr) + 1 ; +- size += (size & 1) ; + +- if (psf->header.indx + (sf_count_t) size >= psf->header.len && psf_bump_header_allocation (psf, 16)) ++ if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1))) + return count ; + + if (psf->rwf_endian == SF_ENDIAN_BIG) +- header_put_be_int (psf, size) ; ++ header_put_be_int (psf, size + (size & 1)) ; + else +- header_put_le_int (psf, size) ; ++ header_put_le_int (psf, size + (size & 1)) ; + memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ; ++ size += (size & 1) ; + psf->header.indx += size ; + psf->header.ptr [psf->header.indx - 1] = 0 ; + count += 4 + size ; +@@ -703,16 +703,15 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...) + */ + strptr = va_arg (argptr, char *) ; + size = strlen (strptr) ; +- if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size)) ++ if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1))) + return count ; + if (psf->rwf_endian == SF_ENDIAN_BIG) + header_put_be_int (psf, size) ; + else + header_put_le_int (psf, size) ; +- memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ; ++ memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + (size & 1)) ; + size += (size & 1) ; + psf->header.indx += size ; +- psf->header.ptr [psf->header.indx] = 0 ; + count += 4 + size ; + break ; + +@@ -724,7 +723,7 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...) + size = (size & 1) ? size : size + 1 ; + size = (size > 254) ? 254 : size ; + +- if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size)) ++ if (psf->header.indx + 1 + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, 1 + size)) + return count ; + + header_put_byte (psf, size) ; diff --git a/gnu/packages/patches/libtasn1-CVE-2018-6003.patch b/gnu/packages/patches/libtasn1-CVE-2018-6003.patch new file mode 100644 index 0000000000..3e6140518d --- /dev/null +++ b/gnu/packages/patches/libtasn1-CVE-2018-6003.patch @@ -0,0 +1,73 @@ +Fix CVE-2018-6003: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6003 +https://lists.gnu.org/archive/html/help-libtasn1/2018-01/msg00000.html + +Patch copied from upstream source repository: + +https://gitlab.com/gnutls/libtasn1/commit/c593ae84cfcde8fea45787e53950e0ac71e9ca97 + +From c593ae84cfcde8fea45787e53950e0ac71e9ca97 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos <nmav@redhat.com> +Date: Thu, 4 Jan 2018 10:52:05 +0100 +Subject: [PATCH] _asn1_decode_simple_ber: restrict the levels of recursion to 3 + +On indefinite string decoding, setting a maximum level of recursions +protects the BER decoder from a stack exhaustion due to large amounts +of recursion. + +Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> +--- + lib/decoding.c | 21 +++++++++++++++++++-- + 1 file changed, 19 insertions(+), 2 deletions(-) + +diff --git a/lib/decoding.c b/lib/decoding.c +index 2240b09..0ee35d3 100644 +--- a/lib/decoding.c ++++ b/lib/decoding.c +@@ -45,6 +45,13 @@ + + #define DECODE_FLAG_HAVE_TAG 1 + #define DECODE_FLAG_INDEFINITE (1<<1) ++/* On indefinite string decoding, allow this maximum levels ++ * of recursion. Allowing infinite recursion, makes the BER ++ * decoder susceptible to stack exhaustion due to that recursion. ++ */ ++#define DECODE_FLAG_LEVEL1 (1<<2) ++#define DECODE_FLAG_LEVEL2 (1<<3) ++#define DECODE_FLAG_LEVEL3 (1<<4) + + #define DECR_LEN(l, s) do { \ + l -= s; \ +@@ -2216,7 +2223,8 @@ _asn1_decode_simple_ber (unsigned int etype, const unsigned char *der, + } + + /* indefinite constructed */ +- if (((dflags & DECODE_FLAG_INDEFINITE) || class == ASN1_CLASS_STRUCTURED) && ETYPE_IS_STRING(etype)) ++ if ((((dflags & DECODE_FLAG_INDEFINITE) || class == ASN1_CLASS_STRUCTURED) && ETYPE_IS_STRING(etype)) && ++ !(dflags & DECODE_FLAG_LEVEL3)) + { + len_len = 1; + +@@ -2236,8 +2244,17 @@ _asn1_decode_simple_ber (unsigned int etype, const unsigned char *der, + do + { + unsigned tmp_len; ++ unsigned flags = DECODE_FLAG_HAVE_TAG; ++ ++ if (dflags & DECODE_FLAG_LEVEL1) ++ flags |= DECODE_FLAG_LEVEL2; ++ else if (dflags & DECODE_FLAG_LEVEL2) ++ flags |= DECODE_FLAG_LEVEL3; ++ else ++ flags |= DECODE_FLAG_LEVEL1; + +- result = asn1_decode_simple_ber(etype, p, der_len, &out, &out_len, &tmp_len); ++ result = _asn1_decode_simple_ber(etype, p, der_len, &out, &out_len, &tmp_len, ++ flags); + if (result != ASN1_SUCCESS) + { + warn(); +-- +libgit2 0.26.0 + diff --git a/gnu/packages/patches/libtiff-CVE-2017-18013.patch b/gnu/packages/patches/libtiff-CVE-2017-18013.patch new file mode 100644 index 0000000000..ba03c83847 --- /dev/null +++ b/gnu/packages/patches/libtiff-CVE-2017-18013.patch @@ -0,0 +1,45 @@ +Fix CVE-2017-18013: + +http://bugzilla.maptools.org/show_bug.cgi?id=2770 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18013 + +Patch copied from upstream source repository: + +https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01 + +From c6f41df7b581402dfba3c19a1e3df4454c551a01 Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Sun, 31 Dec 2017 15:09:41 +0100 +Subject: [PATCH] libtiff/tif_print.c: TIFFPrintDirectory(): fix null pointer + dereference on corrupted file. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2770 + +--- + libtiff/tif_print.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c +index 9959d353..8deceb2b 100644 +--- a/libtiff/tif_print.c ++++ b/libtiff/tif_print.c +@@ -665,13 +665,13 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags) + #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) + fprintf(fd, " %3lu: [%8I64u, %8I64u]\n", + (unsigned long) s, +- (unsigned __int64) td->td_stripoffset[s], +- (unsigned __int64) td->td_stripbytecount[s]); ++ td->td_stripoffset ? (unsigned __int64) td->td_stripoffset[s] : 0, ++ td->td_stripbytecount ? (unsigned __int64) td->td_stripbytecount[s] : 0); + #else + fprintf(fd, " %3lu: [%8llu, %8llu]\n", + (unsigned long) s, +- (unsigned long long) td->td_stripoffset[s], +- (unsigned long long) td->td_stripbytecount[s]); ++ td->td_stripoffset ? (unsigned long long) td->td_stripoffset[s] : 0, ++ td->td_stripbytecount ? (unsigned long long) td->td_stripbytecount[s] : 0); + #endif + } + } +-- +2.16.1 + diff --git a/gnu/packages/patches/libtiff-CVE-2017-9935.patch b/gnu/packages/patches/libtiff-CVE-2017-9935.patch new file mode 100644 index 0000000000..5685d81f68 --- /dev/null +++ b/gnu/packages/patches/libtiff-CVE-2017-9935.patch @@ -0,0 +1,162 @@ +Fix CVE-2017-9935 + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935 +http://bugzilla.maptools.org/show_bug.cgi?id=2704 + +Patch copied from upstream source repository: + +https://gitlab.com/libtiff/libtiff/commit/3dd8f6a357981a4090f126ab9025056c938b6940 + +From 3dd8f6a357981a4090f126ab9025056c938b6940 Mon Sep 17 00:00:00 2001 +From: Brian May <brian@linuxpenguins.xyz> +Date: Thu, 7 Dec 2017 07:46:47 +1100 +Subject: [PATCH] tiff2pdf: Fix CVE-2017-9935 + +Fix for http://bugzilla.maptools.org/show_bug.cgi?id=2704 + +This vulnerability - at least for the supplied test case - is because we +assume that a tiff will only have one transfer function that is the same +for all pages. This is not required by the TIFF standards. + +We than read the transfer function for every page. Depending on the +transfer function, we allocate either 2 or 4 bytes to the XREF buffer. +We allocate this memory after we read in the transfer function for the +page. + +For the first exploit - POC1, this file has 3 pages. For the first page +we allocate 2 extra extra XREF entries. Then for the next page 2 more +entries. Then for the last page the transfer function changes and we +allocate 4 more entries. + +When we read the file into memory, we assume we have 4 bytes extra for +each and every page (as per the last transfer function we read). Which +is not correct, we only have 2 bytes extra for the first 2 pages. As a +result, we end up writing past the end of the buffer. + +There are also some related issues that this also fixes. For example, +TIFFGetField can return uninitalized pointer values, and the logic to +detect a N=3 vs N=1 transfer function seemed rather strange. + +It is also strange that we declare the transfer functions to be of type +float, when the standard says they are unsigned 16 bit values. This is +fixed in another patch. + +This patch will check to ensure that the N value for every transfer +function is the same for every page. If this changes, we abort with an +error. In theory, we should perhaps check that the transfer function +itself is identical for every page, however we don't do that due to the +confusion of the type of the data in the transfer function. +--- + libtiff/tif_dir.c | 3 +++ + tools/tiff2pdf.c | 65 +++++++++++++++++++++++++++++++++++++------------------ + 2 files changed, 47 insertions(+), 21 deletions(-) + +diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c +index 2ccaf448..cbf2b693 100644 +--- a/libtiff/tif_dir.c ++++ b/libtiff/tif_dir.c +@@ -1065,6 +1065,9 @@ _TIFFVGetField(TIFF* tif, uint32 tag, va_list ap) + if (td->td_samplesperpixel - td->td_extrasamples > 1) { + *va_arg(ap, uint16**) = td->td_transferfunction[1]; + *va_arg(ap, uint16**) = td->td_transferfunction[2]; ++ } else { ++ *va_arg(ap, uint16**) = NULL; ++ *va_arg(ap, uint16**) = NULL; + } + break; + case TIFFTAG_REFERENCEBLACKWHITE: +diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c +index d1a9b095..c3ec0746 100644 +--- a/tools/tiff2pdf.c ++++ b/tools/tiff2pdf.c +@@ -1047,6 +1047,8 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){ + uint16 pagen=0; + uint16 paged=0; + uint16 xuint16=0; ++ uint16 tiff_transferfunctioncount=0; ++ float* tiff_transferfunction[3]; + + directorycount=TIFFNumberOfDirectories(input); + t2p->tiff_pages = (T2P_PAGE*) _TIFFmalloc(TIFFSafeMultiply(tmsize_t,directorycount,sizeof(T2P_PAGE))); +@@ -1147,26 +1149,48 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){ + } + #endif + if (TIFFGetField(input, TIFFTAG_TRANSFERFUNCTION, +- &(t2p->tiff_transferfunction[0]), +- &(t2p->tiff_transferfunction[1]), +- &(t2p->tiff_transferfunction[2]))) { +- if((t2p->tiff_transferfunction[1] != (float*) NULL) && +- (t2p->tiff_transferfunction[2] != (float*) NULL) && +- (t2p->tiff_transferfunction[1] != +- t2p->tiff_transferfunction[0])) { +- t2p->tiff_transferfunctioncount = 3; +- t2p->tiff_pages[i].page_extra += 4; +- t2p->pdf_xrefcount += 4; +- } else { +- t2p->tiff_transferfunctioncount = 1; +- t2p->tiff_pages[i].page_extra += 2; +- t2p->pdf_xrefcount += 2; +- } +- if(t2p->pdf_minorversion < 2) +- t2p->pdf_minorversion = 2; ++ &(tiff_transferfunction[0]), ++ &(tiff_transferfunction[1]), ++ &(tiff_transferfunction[2]))) { ++ ++ if((tiff_transferfunction[1] != (float*) NULL) && ++ (tiff_transferfunction[2] != (float*) NULL) ++ ) { ++ tiff_transferfunctioncount=3; ++ } else { ++ tiff_transferfunctioncount=1; ++ } + } else { +- t2p->tiff_transferfunctioncount=0; ++ tiff_transferfunctioncount=0; + } ++ ++ if (i > 0){ ++ if (tiff_transferfunctioncount != t2p->tiff_transferfunctioncount){ ++ TIFFError( ++ TIFF2PDF_MODULE, ++ "Different transfer function on page %d", ++ i); ++ t2p->t2p_error = T2P_ERR_ERROR; ++ return; ++ } ++ } ++ ++ t2p->tiff_transferfunctioncount = tiff_transferfunctioncount; ++ t2p->tiff_transferfunction[0] = tiff_transferfunction[0]; ++ t2p->tiff_transferfunction[1] = tiff_transferfunction[1]; ++ t2p->tiff_transferfunction[2] = tiff_transferfunction[2]; ++ if(tiff_transferfunctioncount == 3){ ++ t2p->tiff_pages[i].page_extra += 4; ++ t2p->pdf_xrefcount += 4; ++ if(t2p->pdf_minorversion < 2) ++ t2p->pdf_minorversion = 2; ++ } else if (tiff_transferfunctioncount == 1){ ++ t2p->tiff_pages[i].page_extra += 2; ++ t2p->pdf_xrefcount += 2; ++ if(t2p->pdf_minorversion < 2) ++ t2p->pdf_minorversion = 2; ++ } ++ + if( TIFFGetField( + input, + TIFFTAG_ICCPROFILE, +@@ -1828,9 +1852,8 @@ void t2p_read_tiff_data(T2P* t2p, TIFF* input){ + &(t2p->tiff_transferfunction[1]), + &(t2p->tiff_transferfunction[2]))) { + if((t2p->tiff_transferfunction[1] != (float*) NULL) && +- (t2p->tiff_transferfunction[2] != (float*) NULL) && +- (t2p->tiff_transferfunction[1] != +- t2p->tiff_transferfunction[0])) { ++ (t2p->tiff_transferfunction[2] != (float*) NULL) ++ ) { + t2p->tiff_transferfunctioncount=3; + } else { + t2p->tiff_transferfunctioncount=1; +-- +2.16.1 + diff --git a/gnu/packages/patches/luajit-symlinks.patch b/gnu/packages/patches/luajit-symlinks.patch deleted file mode 100644 index 2466c34144..0000000000 --- a/gnu/packages/patches/luajit-symlinks.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 0a54a8f125d7ab508c7c88d5ad4ed1b0c63cb5b6 Mon Sep 17 00:00:00 2001 -From: =?utf8?q?Tom=C3=A1=C5=A1=20=C4=8Cech?= <sleep_walker@suse.cz> -Date: Wed, 4 Feb 2015 11:32:55 +0100 -Subject: [PATCH 1/2] Provide two symlinks for dynamic library during install - ---- - Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Makefile b/Makefile -index 0891b71..343ecb5 100644 ---- a/Makefile -+++ b/Makefile -@@ -56,7 +56,7 @@ INSTALL_PCNAME= luajit.pc - INSTALL_STATIC= $(INSTALL_LIB)/$(INSTALL_ANAME) - INSTALL_DYN= $(INSTALL_LIB)/$(INSTALL_SONAME) - INSTALL_SHORT1= $(INSTALL_LIB)/$(INSTALL_SOSHORT) --INSTALL_SHORT2= $(INSTALL_LIB)/$(INSTALL_SOSHORT) -+INSTALL_SHORT2= $(INSTALL_LIB)/$(INSTALL_SOSHORT).$(MAJVER) - INSTALL_T= $(INSTALL_BIN)/$(INSTALL_TNAME) - INSTALL_TSYM= $(INSTALL_BIN)/$(INSTALL_TSYMNAME) - INSTALL_PC= $(INSTALL_PKGCONFIG)/$(INSTALL_PCNAME) --- -2.2.2 - diff --git a/gnu/packages/patches/lxterminal-CVE-2016-10369.patch b/gnu/packages/patches/lxterminal-CVE-2016-10369.patch deleted file mode 100644 index 809eef08da..0000000000 --- a/gnu/packages/patches/lxterminal-CVE-2016-10369.patch +++ /dev/null @@ -1,37 +0,0 @@ -Fix CVE-2016-10369: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10369 - -Patch copied from upstream source repository: - -https://git.lxde.org/gitweb/?p=lxde/lxterminal.git;a=commit;h=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648 - -From f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648 Mon Sep 17 00:00:00 2001 -From: Yao Wei <mwei@lxde.org> -Date: Mon, 8 May 2017 00:47:55 +0800 -Subject: [PATCH] fix: use g_get_user_runtime_dir for socket directory - -This bug is pointed out by stackexchange user that putting socket file in -/tmp is a potential risk. Putting the socket dir in user directory could -mitigate the risk. ---- - src/unixsocket.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/unixsocket.c b/src/unixsocket.c -index 4c660ac..f88284c 100644 ---- a/src/unixsocket.c -+++ b/src/unixsocket.c -@@ -140,7 +140,8 @@ gboolean lxterminal_socket_initialize(LXTermWindow * lxtermwin, gint argc, gchar - * This function returns TRUE if this process should keep running and FALSE if it should exit. */ - - /* Formulate the path for the Unix domain socket. */ -- gchar * socket_path = g_strdup_printf("/tmp/.lxterminal-socket%s-%s", gdk_display_get_name(gdk_display_get_default()), g_get_user_name()); -+ gchar * socket_path = g_strdup_printf("%s/.lxterminal-socket-%s", g_get_user_runtime_dir(), gdk_display_get_name(gdk_display_get_default())); -+ printf("%s\n", socket_path); - - /* Create socket. */ - int fd = socket(PF_UNIX, SOCK_STREAM, 0); --- -2.1.4 - diff --git a/gnu/packages/patches/mailutils-uninitialized-memory.patch b/gnu/packages/patches/mailutils-uninitialized-memory.patch new file mode 100644 index 0000000000..ef4daf94cb --- /dev/null +++ b/gnu/packages/patches/mailutils-uninitialized-memory.patch @@ -0,0 +1,87 @@ +Without this patch, the MH test suite would fail when building with +glibc 2.26, with 'ali' segfaulting like this: + + Core was generated by `/tmp/guix-build-mailutils-3.4.drv-0/mailutils-3.4/mh/.libs/ali -a ./Mail/mh_ali'. + Program terminated with signal SIGSEGV, Segmentation fault. + #0 0x00007f8eac263a14 in hash ( + name=0x72642e342e332d73 <error: Cannot access memory at address 0x72642e342e332d73>, hash_num=0) at assoc.c:102 + 102 for (i = 0; *name; name++) + (gdb) bt + #0 0x00007f8eac263a14 in hash ( + name=0x72642e342e332d73 <error: Cannot access memory at address 0x72642e342e332d73>, hash_num=0) at assoc.c:102 + #1 0x00007f8eac263e6b in assoc_find_slot (assoc=0xaa59e0, + name=0x72642e342e332d73 <error: Cannot access memory at address 0x72642e342e332d73>, install=0x0, slot=0x7ffcddcbf2b8) at assoc.c:219 + #2 0x00007f8eac264124 in mu_assoc_lookup (assoc=0xaa59e0, + name=0x72642e342e332d73 <error: Cannot access memory at address 0x72642e342e332d73>, dataptr=0x7ffcddcbf2e0) at assoc.c:308 + #3 0x00007f8eac29e8ac in mu_ident_deref ( + name=0x72642e342e332d73 <error: Cannot access memory at address 0x72642e342e332d73>) at ident.c:98 + #4 0x00007f8eac29f8a6 in mu_locus_point_deinit (pt=0xaa5718) at locus.c:48 + #5 0x00007f8eac29fa1b in mu_locus_range_deinit (lr=0xaa5718) at locus.c:99 + #6 0x00007f8eac29f9db in mu_locus_range_copy (dest=0xaa5718, + src=0x622be0 <ali_yylloc>) at locus.c:89 + #7 0x0000000000408a2a in push_source (name=0xaa74bc "mh_aliases2", fail=1) + at mh_alias_lex.l:170 + +commit b330af9008e4c9168b379867b854f5900a539ad7 +Author: Sergey Poznyakoff <gray@gnu.org> +Date: Sat Nov 18 10:15:48 2017 +0200 + + Fix the use of uninitialized memory + + * mh/mh_alias_lex.l (push_source): Initialize locus range prior to copying + to it. + * libmailutils/cfg/parser.y (mu_cfg_tree_create_node): Likewise. + * libmu_sieve/util.c: (mu_sieve_value_create): Likewise. + +diff --git a/libmailutils/cfg/parser.y b/libmailutils/cfg/parser.y +index 4503c7781..3436b8d90 100644 +--- a/libmailutils/cfg/parser.y ++++ b/libmailutils/cfg/parser.y +@@ -1134,10 +1134,9 @@ mu_cfg_tree_create_node (struct mu_cfg_tree *tree, + + np = mu_alloc (size); + np->type = type; ++ mu_locus_range_init (&np->locus); + if (loc) + mu_locus_range_copy (&np->locus, loc); +- else +- memset (&np->locus, 0, sizeof np->locus); + p = (char*) (np + 1); + np->tag = p; + strcpy (p, tag); +diff --git a/libmu_sieve/sieve-lex.l b/libmu_sieve/sieve-lex.l +index fd145bfe1..f14e80194 100644 +--- a/libmu_sieve/sieve-lex.l ++++ b/libmu_sieve/sieve-lex.l +@@ -190,6 +190,7 @@ push_source (const char *name) + { + ctx = mu_sieve_malloc (mu_sieve_machine, sizeof (*ctx)); + ctx->trk = trk; ++ mu_locus_range_init (&ctx->incl_range); + mu_locus_range_copy (&ctx->incl_range, &yylloc); + ctx->i_node = sieve_source_inode; + ctx->input = input_stream; +diff --git a/libmu_sieve/util.c b/libmu_sieve/util.c +index 8d62a60c2..7d71b5509 100644 +--- a/libmu_sieve/util.c ++++ b/libmu_sieve/util.c +@@ -55,6 +55,7 @@ mu_sieve_value_create (mu_sieve_machine_t mach, mu_sieve_data_type type, + val->locus.end.mu_line = locus->end.mu_line; + val->locus.end.mu_col = locus->end.mu_col; + ++ mu_locus_range_init (&val->locus); + mu_locus_range_copy (&val->locus, locus); + switch (type) + { +diff --git a/mh/mh_alias_lex.l b/mh/mh_alias_lex.l +index 371353ed3..b97264b38 100644 +--- a/mh/mh_alias_lex.l ++++ b/mh/mh_alias_lex.l +@@ -167,6 +167,7 @@ push_source (const char *name, int fail) + { + ctx = mu_alloc (sizeof (*ctx)); + ctx->trk = trk; ++ mu_locus_range_init (&ctx->incl_range); + mu_locus_range_copy (&ctx->incl_range, &yylloc); + ctx->exec_p = exec_p; + ctx->i_node = ali_source_inode; diff --git a/gnu/packages/patches/mupdf-CVE-2017-17858.patch b/gnu/packages/patches/mupdf-CVE-2017-17858.patch new file mode 100644 index 0000000000..66df127509 --- /dev/null +++ b/gnu/packages/patches/mupdf-CVE-2017-17858.patch @@ -0,0 +1,111 @@ +Fix CVE-2017-17858: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17858 +https://bugs.ghostscript.com/show_bug.cgi?id=698819 +https://github.com/mzet-/Security-Advisories/blob/master/mzet-adv-2017-01.md + +Patch copied from upstream source repository: + +https://git.ghostscript.com/?p=mupdf.git;a=commit;h=55c3f68d638ac1263a386e0aaa004bb6e8bde731 + +From 55c3f68d638ac1263a386e0aaa004bb6e8bde731 Mon Sep 17 00:00:00 2001 +From: Sebastian Rasmussen <sebras@gmail.com> +Date: Mon, 11 Dec 2017 14:09:15 +0100 +Subject: [PATCH] Bugs 698804/698810/698811: Keep PDF object numbers below + limit. + +This ensures that: + * xref tables with objects pointers do not grow out of bounds. + * other readers, e.g. Adobe Acrobat can parse PDFs written by mupdf. +--- + include/mupdf/pdf/object.h | 3 +++ + source/pdf/pdf-repair.c | 5 +---- + source/pdf/pdf-xref.c | 21 ++++++++++++--------- + 3 files changed, 16 insertions(+), 13 deletions(-) + +diff --git a/include/mupdf/pdf/object.h b/include/mupdf/pdf/object.h +index 21ed8595..4177112b 100644 +--- a/include/mupdf/pdf/object.h ++++ b/include/mupdf/pdf/object.h +@@ -3,6 +3,9 @@ + + typedef struct pdf_document_s pdf_document; + ++/* Defined in PDF 1.7 according to Acrobat limit. */ ++#define PDF_MAX_OBJECT_NUMBER 8388607 ++ + /* + * Dynamic objects. + * The same type of objects as found in PDF and PostScript. +diff --git a/source/pdf/pdf-repair.c b/source/pdf/pdf-repair.c +index ca149bd3..0c29758e 100644 +--- a/source/pdf/pdf-repair.c ++++ b/source/pdf/pdf-repair.c +@@ -6,9 +6,6 @@ + + /* Scan file for objects and reconstruct xref table */ + +-/* Define in PDF 1.7 to be 8388607, but mupdf is more lenient. */ +-#define MAX_OBJECT_NUMBER (10 << 20) +- + struct entry + { + int num; +@@ -436,7 +433,7 @@ pdf_repair_xref(fz_context *ctx, pdf_document *doc) + break; + } + +- if (num <= 0 || num > MAX_OBJECT_NUMBER) ++ if (num <= 0 || num > PDF_MAX_OBJECT_NUMBER) + { + fz_warn(ctx, "ignoring object with invalid object number (%d %d R)", num, gen); + goto have_next_token; +diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c +index 00586dbd..6284e70b 100644 +--- a/source/pdf/pdf-xref.c ++++ b/source/pdf/pdf-xref.c +@@ -868,11 +868,12 @@ pdf_read_old_xref(fz_context *ctx, pdf_document *doc, pdf_lexbuf *buf) + fz_seek(ctx, file, -(2 + (int)strlen(s)), SEEK_CUR); + } + +- if (ofs < 0) +- fz_throw(ctx, FZ_ERROR_GENERIC, "out of range object num in xref: %d", (int)ofs); +- if (ofs > INT64_MAX - len) +- fz_throw(ctx, FZ_ERROR_GENERIC, "xref section object numbers too big"); +- ++ if (ofs < 0 || ofs > PDF_MAX_OBJECT_NUMBER ++ || len < 0 || len > PDF_MAX_OBJECT_NUMBER ++ || ofs + len - 1 > PDF_MAX_OBJECT_NUMBER) ++ { ++ fz_throw(ctx, FZ_ERROR_GENERIC, "xref subsection object numbers are out of range"); ++ } + /* broken pdfs where size in trailer undershoots entries in xref sections */ + if (ofs + len > xref_len) + { +@@ -933,10 +934,8 @@ pdf_read_new_xref_section(fz_context *ctx, pdf_document *doc, fz_stream *stm, in + pdf_xref_entry *table; + int i, n; + +- if (i0 < 0 || i1 < 0 || i0 > INT_MAX - i1) +- fz_throw(ctx, FZ_ERROR_GENERIC, "negative xref stream entry index"); +- //if (i0 + i1 > pdf_xref_len(ctx, doc)) +- // fz_throw(ctx, FZ_ERROR_GENERIC, "xref stream has too many entries"); ++ if (i0 < 0 || i0 > PDF_MAX_OBJECT_NUMBER || i1 < 0 || i1 > PDF_MAX_OBJECT_NUMBER || i0 + i1 - 1 > PDF_MAX_OBJECT_NUMBER) ++ fz_throw(ctx, FZ_ERROR_GENERIC, "xref subsection object numbers are out of range"); + + table = pdf_xref_find_subsection(ctx, doc, i0, i1); + for (i = i0; i < i0 + i1; i++) +@@ -2086,6 +2085,10 @@ pdf_create_object(fz_context *ctx, pdf_document *doc) + /* TODO: reuse free object slots by properly linking free object chains in the ofs field */ + pdf_xref_entry *entry; + int num = pdf_xref_len(ctx, doc); ++ ++ if (num > PDF_MAX_OBJECT_NUMBER) ++ fz_throw(ctx, FZ_ERROR_GENERIC, "too many objects stored in pdf"); ++ + entry = pdf_get_incremental_xref_entry(ctx, doc, num); + entry->type = 'f'; + entry->ofs = -1; +-- +2.16.1 + diff --git a/gnu/packages/patches/ninja-zero-mtime.patch b/gnu/packages/patches/ninja-zero-mtime.patch deleted file mode 100644 index c9b9e8d798..0000000000 --- a/gnu/packages/patches/ninja-zero-mtime.patch +++ /dev/null @@ -1,19 +0,0 @@ -Work around a design defect in Ninja whereby a zero mtime is used to -denote missing files (we happen to produce files that have a zero mtime -and yet really do exist.) - ---- ninja-1.5.3/src/disk_interface.cc 2014-11-24 18:37:47.000000000 +0100 -+++ ninja-1.5.3/src/disk_interface.cc 2015-07-18 23:20:38.572290139 +0200 -@@ -194,6 +194,12 @@ TimeStamp RealDiskInterface::Stat(const - } - return -1; - } -+ -+ if (st.st_mtime == 0) -+ // All the code assumes that mtime == 0 means "file missing". Here we -+ // know the file is not missing, so tweak the mtime. -+ st.st_mtime = 1; -+ - return st.st_mtime; - #endif - } diff --git a/gnu/packages/patches/opencascade-oce-glibc-2.26.patch b/gnu/packages/patches/opencascade-oce-glibc-2.26.patch new file mode 100644 index 0000000000..ee5ed572c8 --- /dev/null +++ b/gnu/packages/patches/opencascade-oce-glibc-2.26.patch @@ -0,0 +1,62 @@ +Fix build with glibc 2.26: + +https://github.com/tpaviot/oce/issues/675 + +Patch copied from upstream source repository: + +https://github.com/tpaviot/oce/commit/aa1321e68cc004e3debe38d79ae74581a617c767 + +From aa1321e68cc004e3debe38d79ae74581a617c767 Mon Sep 17 00:00:00 2001 +From: Janus Weil <janus@gcc.gnu.org> +Date: Mon, 18 Dec 2017 11:27:55 +0100 +Subject: [PATCH] fix build errors with glibc 2.26+ due to missing xlocale.h + (issue #675) + +* check for the presence of xlocale.h via cmake +* remove related logic from Standard_CLocaleSentry.hxx +--- + CMakeLists.txt | 1 + + src/Standard/Standard_CLocaleSentry.hxx | 15 --------------- + 2 files changed, 1 insertion(+), 15 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index b782b4101..50e9500b2 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -616,6 +616,7 @@ if (NOT WIN32) + # compilation anywhere in OCE + include(CheckIncludeFile) + check_include_file(strings.h HAVE_STRINGS_H) ++ check_include_file(xlocale.h HAVE_XLOCALE_H) + include(CheckIncludeFileCXX) + check_include_file_cxx(mm_malloc.h HAVE_MM_MALLOC_H) + check_include_file_cxx(atomic.h OCE_HAVE_ATOMIC_H) +diff --git a/src/Standard/Standard_CLocaleSentry.hxx b/src/Standard/Standard_CLocaleSentry.hxx +index 2b226e7f3..1a4c1dadc 100644 +--- a/src/Standard/Standard_CLocaleSentry.hxx ++++ b/src/Standard/Standard_CLocaleSentry.hxx +@@ -20,21 +20,6 @@ + + #include <locale.h> + +-#ifndef HAVE_XLOCALE_H +- //! "xlocale.h" available in Mac OS X and glibc (Linux) for a long time as an extension +- //! and become part of POSIX since '2008. +- //! Notice that this is impossible to test (_POSIX_C_SOURCE >= 200809L) +- //! since POSIX didn't declared such identifier. +- #if defined(__APPLE__) +- #define HAVE_XLOCALE_H +- #endif +- +- //! We check _GNU_SOURCE for glibc extensions here and it is always defined by g++ compiler. +- #if defined(_GNU_SOURCE) && !defined(__ANDROID__) +- #define HAVE_XLOCALE_H +- #endif +-#endif // ifndef HAVE_LOCALE_H +- + #ifdef HAVE_XLOCALE_H + #include <xlocale.h> + #endif +-- +2.15.1 + diff --git a/gnu/packages/patches/p7zip-CVE-2017-17969.patch b/gnu/packages/patches/p7zip-CVE-2017-17969.patch new file mode 100644 index 0000000000..51c24000e5 --- /dev/null +++ b/gnu/packages/patches/p7zip-CVE-2017-17969.patch @@ -0,0 +1,35 @@ +Fix CVE-2017-17969: + +https://sourceforge.net/p/p7zip/bugs/204/ +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17969 + +Patch copied from Debian. + +Subject: Heap-based buffer overflow in 7zip/Compress/ShrinkDecoder.cpp +Origin: vendor, https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/27d7/attachment/CVE-2017-17969.patch +Forwarded: https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/#27d7 +Bug: https://sourceforge.net/p/p7zip/bugs/204/ +Bug-Debian: https://bugs.debian.org/888297 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17969 +Author: Antoine Beaupré <anarcat@debian.org> +Reviewed-by: Salvatore Bonaccorso <carnil@debian.org> +Last-Update: 2018-02-01 +Applied-Upstream: 18.00-beta + +--- a/CPP/7zip/Compress/ShrinkDecoder.cpp ++++ b/CPP/7zip/Compress/ShrinkDecoder.cpp +@@ -121,8 +121,13 @@ HRESULT CDecoder::CodeReal(ISequentialIn + { + _stack[i++] = _suffixes[cur]; + cur = _parents[cur]; ++ if (cur >= kNumItems || i >= kNumItems) ++ break; + } +- ++ ++ if (cur >= kNumItems || i >= kNumItems) ++ break; ++ + _stack[i++] = (Byte)cur; + lastChar2 = (Byte)cur; + diff --git a/gnu/packages/patches/policycoreutils-make-sepolicy-use-python3.patch b/gnu/packages/patches/policycoreutils-make-sepolicy-use-python3.patch deleted file mode 100644 index befe9fbb2a..0000000000 --- a/gnu/packages/patches/policycoreutils-make-sepolicy-use-python3.patch +++ /dev/null @@ -1,335 +0,0 @@ -Downloaded from https://anonscm.debian.org/cgit/selinux/policycoreutils.git/plain/debian/patches/policycoreutils-Make-sepolicy-work-with-python3.patch - -From 2d7ca0b862a35196d562f59bd098df011fd7f0e6 Mon Sep 17 00:00:00 2001 -From: Laurent Bigonville <bigon@bigon.be> -Date: Mon, 7 Nov 2016 10:51:08 +0100 -Subject: [PATCH] policycoreutils: Make sepolicy work with python3 - -Add python3 support for sepolicy - -Signed-off-by: Laurent Bigonville <bigon@bigon.be> ---- - policycoreutils/sepolicy/selinux_client.py | 6 ++-- - policycoreutils/sepolicy/sepolicy.py | 38 ++++++++++++------------ - policycoreutils/sepolicy/sepolicy/__init__.py | 16 ++++++---- - policycoreutils/sepolicy/sepolicy/communicate.py | 4 +-- - policycoreutils/sepolicy/sepolicy/generate.py | 30 +++++++++---------- - policycoreutils/sepolicy/sepolicy/interface.py | 14 ++++++--- - policycoreutils/sepolicy/sepolicy/manpage.py | 7 +++-- - 7 files changed, 65 insertions(+), 50 deletions(-) - -diff --git a/policycoreutils/sepolicy/selinux_client.py b/policycoreutils/sepolicy/selinux_client.py -index 7f4a91c..dc29f28 100644 ---- a/sepolicy/selinux_client.py -+++ b/sepolicy/selinux_client.py -@@ -39,6 +39,6 @@ if __name__ == "__main__": - try: - dbus_proxy = SELinuxDBus() - resp = dbus_proxy.customized() -- print convert_customization(resp) -- except dbus.DBusException, e: -- print e -+ print(convert_customization(resp)) -+ except dbus.DBusException as e: -+ print(e) -diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py -index 3e502a7..5bf9b52 100755 ---- a/sepolicy/sepolicy.py -+++ b/sepolicy/sepolicy.py -@@ -262,7 +262,7 @@ def _print_net(src, protocol, perm): - if len(portdict) > 0: - bold_start = "\033[1m" - bold_end = "\033[0;0m" -- print "\n" + bold_start + "%s: %s %s" % (src, protocol, perm) + bold_end -+ print("\n" + bold_start + "%s: %s %s" % (src, protocol, perm) + bold_end) - port_strings = [] - boolean_text = "" - for p in portdict: -@@ -275,7 +275,7 @@ def _print_net(src, protocol, perm): - port_strings.append("%s (%s)" % (", ".join(recs), t)) - port_strings.sort(numcmp) - for p in port_strings: -- print "\t" + p -+ print("\t" + p) - - - def network(args): -@@ -286,7 +286,7 @@ def network(args): - if i[0] not in all_ports: - all_ports.append(i[0]) - all_ports.sort() -- print "\n".join(all_ports) -+ print("\n".join(all_ports)) - - for port in args.port: - found = False -@@ -297,18 +297,18 @@ def network(args): - else: - range = "%s-%s" % (i[0], i[1]) - found = True -- print "%d: %s %s %s" % (port, i[2], portrecsbynum[i][0], range) -+ print("%d: %s %s %s" % (port, i[2], portrecsbynum[i][0], range)) - if not found: - if port < 500: -- print "Undefined reserved port type" -+ print("Undefined reserved port type") - else: -- print "Undefined port type" -+ print("Undefined port type") - - for t in args.type: - if (t, 'tcp') in portrecs.keys(): -- print "%s: tcp: %s" % (t, ",".join(portrecs[t, 'tcp'])) -+ print("%s: tcp: %s" % (t, ",".join(portrecs[t, 'tcp']))) - if (t, 'udp') in portrecs.keys(): -- print "%s: udp: %s" % (t, ",".join(portrecs[t, 'udp'])) -+ print( "%s: udp: %s" % (t, ",".join(portrecs[t, 'udp']))) - - for a in args.applications: - d = sepolicy.get_init_transtype(a) -@@ -357,7 +357,7 @@ def manpage(args): - - for domain in test_domains: - m = ManPage(domain, path, args.root, args.source_files, args.web) -- print m.get_man_page_path() -+ print(m.get_man_page_path()) - - if args.web: - HTMLManPages(manpage_roles, manpage_domains, path, args.os) -@@ -418,7 +418,7 @@ def communicate(args): - out = list(set(writable) & set(readable)) - - for t in out: -- print t -+ print(t) - - - def gen_communicate_args(parser): -@@ -445,7 +445,7 @@ def booleans(args): - args.booleans.sort() - - for b in args.booleans: -- print "%s=_(\"%s\")" % (b, boolean_desc(b)) -+ print("%s=_(\"%s\")" % (b, boolean_desc(b))) - - - def gen_booleans_args(parser): -@@ -484,16 +484,16 @@ def print_interfaces(interfaces, args, append=""): - for i in interfaces: - if args.verbose: - try: -- print get_interface_format_text(i + append) -+ print(get_interface_format_text(i + append)) - except KeyError: -- print i -+ print(i) - if args.compile: - try: - interface_compile_test(i) - except KeyError: -- print i -+ print(i) - else: -- print i -+ print(i) - - - def interface(args): -@@ -565,7 +565,7 @@ def generate(args): - if args.policytype in APPLICATIONS: - mypolicy.gen_writeable() - mypolicy.gen_symbols() -- print mypolicy.generate(args.path) -+ print(mypolicy.generate(args.path)) - - - def gen_interface_args(parser): -@@ -698,12 +698,12 @@ if __name__ == '__main__': - args = parser.parse_args(args=parser_args) - args.func(args) - sys.exit(0) -- except ValueError, e: -+ except ValueError as e: - sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e))) - sys.exit(1) -- except IOError, e: -+ except IOError as e: - sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e))) - sys.exit(1) - except KeyboardInterrupt: -- print "Out" -+ print("Out") - sys.exit(0) -diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py -index 8fbd5b4..fee6438 100644 ---- a/sepolicy/sepolicy/__init__.py -+++ b/sepolicy/sepolicy/__init__.py -@@ -695,7 +695,7 @@ def get_methods(): - # List of per_role_template interfaces - ifs = interfaces.InterfaceSet() - ifs.from_file(fd) -- methods = ifs.interfaces.keys() -+ methods = list(ifs.interfaces.keys()) - fd.close() - except: - sys.stderr.write("could not open interface info [%s]\n" % fn) -@@ -752,7 +752,10 @@ def get_all_entrypoint_domains(): - - - def gen_interfaces(): -- import commands -+ try: -+ from commands import getstatusoutput -+ except ImportError: -+ from subprocess import getstatusoutput - ifile = defaults.interface_info() - headers = defaults.headers() - try: -@@ -763,7 +766,7 @@ def gen_interfaces(): - - if os.getuid() != 0: - raise ValueError(_("You must regenerate interface info by running /usr/bin/sepolgen-ifgen")) -- print(commands.getstatusoutput("/usr/bin/sepolgen-ifgen")[1]) -+ print(getstatusoutput("/usr/bin/sepolgen-ifgen")[1]) - - - def gen_port_dict(): -@@ -1085,8 +1088,11 @@ def get_os_version(): - os_version = "" - pkg_name = "selinux-policy" - try: -- import commands -- rc, output = commands.getstatusoutput("rpm -q '%s'" % pkg_name) -+ try: -+ from commands import getstatusoutput -+ except ImportError: -+ from subprocess import getstatusoutput -+ rc, output = getstatusoutput("rpm -q '%s'" % pkg_name) - if rc == 0: - os_version = output.split(".")[-2] - except: -diff --git a/policycoreutils/sepolicy/sepolicy/communicate.py b/policycoreutils/sepolicy/sepolicy/communicate.py -index b96c4b9..299316e 100755 ---- a/sepolicy/sepolicy/communicate.py -+++ b/sepolicy/sepolicy/communicate.py -@@ -34,8 +34,8 @@ def usage(parser, msg): - - def expand_attribute(attribute): - try: -- return sepolicy.info(sepolicy.ATTRIBUTE, attribute)[0]["types"] -- except RuntimeError: -+ return list(next(sepolicy.info(sepolicy.ATTRIBUTE, attribute))["types"]) -+ except StopIteration: - return [attribute] - - -diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py -index 65b33b6..5696110 100644 ---- a/sepolicy/sepolicy/generate.py -+++ b/sepolicy/sepolicy/generate.py -@@ -31,21 +31,21 @@ import time - import types - import platform - --from templates import executable --from templates import boolean --from templates import etc_rw --from templates import unit_file --from templates import var_cache --from templates import var_spool --from templates import var_lib --from templates import var_log --from templates import var_run --from templates import tmp --from templates import rw --from templates import network --from templates import script --from templates import spec --from templates import user -+from .templates import executable -+from .templates import boolean -+from .templates import etc_rw -+from .templates import unit_file -+from .templates import var_cache -+from .templates import var_spool -+from .templates import var_lib -+from .templates import var_log -+from .templates import var_run -+from .templates import tmp -+from .templates import rw -+from .templates import network -+from .templates import script -+from .templates import spec -+from .templates import user - import sepolgen.interfaces as interfaces - import sepolgen.defaults as defaults - -diff --git a/policycoreutils/sepolicy/sepolicy/interface.py b/policycoreutils/sepolicy/sepolicy/interface.py -index c2cb971..8956f39 100644 ---- a/sepolicy/sepolicy/interface.py -+++ b/sepolicy/sepolicy/interface.py -@@ -192,10 +192,13 @@ def generate_compile_te(interface, idict, name="compiletest"): - def get_xml_file(if_file): - """ Returns xml format of interfaces for given .if policy file""" - import os -- import commands -+ try: -+ from commands import getstatusoutput -+ except ImportError: -+ from subprocess import getstatusoutput - basedir = os.path.dirname(if_file) + "/" - filename = os.path.basename(if_file).split(".")[0] -- rc, output = commands.getstatusoutput("python /usr/share/selinux/devel/include/support/segenxml.py -w -m %s" % basedir + filename) -+ rc, output = getstatusoutput("python /usr/share/selinux/devel/include/support/segenxml.py -w -m %s" % basedir + filename) - if rc != 0: - sys.stderr.write("\n Could not proceed selected interface file.\n") - sys.stderr.write("\n%s" % output) -@@ -208,7 +211,10 @@ def interface_compile_test(interface, path="/usr/share/selinux/devel/policy.xml" - exclude_interfaces = ["userdom", "kernel", "corenet", "files", "dev"] - exclude_interface_type = ["template"] - -- import commands -+ try: -+ from commands import getstatusoutput -+ except ImportError: -+ from subprocess import getstatusoutput - import os - policy_files = {'pp': "compiletest.pp", 'te': "compiletest.te", 'fc': "compiletest.fc", 'if': "compiletest.if"} - idict = get_interface_dict(path) -@@ -219,7 +225,7 @@ def interface_compile_test(interface, path="/usr/share/selinux/devel/policy.xml" - fd = open(policy_files['te'], "w") - fd.write(generate_compile_te(interface, idict)) - fd.close() -- rc, output = commands.getstatusoutput("make -f /usr/share/selinux/devel/Makefile %s" % policy_files['pp']) -+ rc, output = getstatusoutput("make -f /usr/share/selinux/devel/Makefile %s" % policy_files['pp']) - if rc != 0: - sys.stderr.write(output) - sys.stderr.write(_("\nCompile test for %s failed.\n") % interface) -diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py -index 7365f93..773a9ab 100755 ---- a/sepolicy/sepolicy/manpage.py -+++ b/sepolicy/sepolicy/manpage.py -@@ -27,7 +27,6 @@ __all__ = ['ManPage', 'HTMLManPages', 'manpage_domains', 'manpage_roles', 'gen_d - import string - import selinux - import sepolicy --import commands - import os - import time - -@@ -162,7 +161,11 @@ def get_alphabet_manpages(manpage_list): - - - def convert_manpage_to_html(html_manpage, manpage): -- rc, output = commands.getstatusoutput("/usr/bin/groff -man -Thtml %s 2>/dev/null" % manpage) -+ try: -+ from commands import getstatusoutput -+ except ImportError: -+ from subprocess import getstatusoutput -+ rc, output = getstatusoutput("/usr/bin/groff -man -Thtml %s 2>/dev/null" % manpage) - if rc == 0: - print(html_manpage, "has been created") - fd = open(html_manpage, 'w') --- -2.10.2 - diff --git a/gnu/packages/patches/python-axolotl-AES-fix.patch b/gnu/packages/patches/python-axolotl-AES-fix.patch new file mode 100644 index 0000000000..d34f4855cb --- /dev/null +++ b/gnu/packages/patches/python-axolotl-AES-fix.patch @@ -0,0 +1,24 @@ +Patch taken from the Debian package for python-axolotl-0.1.39. +See <https://bugs.gnu.org/29415>. + +Description: Removes IV paramenter from AES constructor, since it is not necessary for ctr mode. +Author: Josue Ortega <josue@debian.org> +Last-Update: 2017-04-13 + +--- a/axolotl/sessioncipher.py ++++ b/axolotl/sessioncipher.py +@@ -228,13 +228,7 @@ + # counterint = struct.unpack(">L", counterbytes)[0] + # counterint = int.from_bytes(counterbytes, byteorder='big') + ctr = Counter.new(128, initial_value=counter) +- +- # cipher = AES.new(key, AES.MODE_CTR, counter=ctr) +- ivBytes = bytearray(16) +- ByteUtil.intToByteArray(ivBytes, 0, counter) +- +- cipher = AES.new(key, AES.MODE_CTR, IV=bytes(ivBytes), counter=ctr) +- ++ cipher = AES.new(key, AES.MODE_CTR, counter=ctr) + return cipher + + diff --git a/gnu/packages/patches/python-pandas-skip-failing-tests.patch b/gnu/packages/patches/python-pandas-skip-failing-tests.patch deleted file mode 100644 index 8ac330c18f..0000000000 --- a/gnu/packages/patches/python-pandas-skip-failing-tests.patch +++ /dev/null @@ -1,49 +0,0 @@ -These tests fail on 32bit architectures. - -Upstream bug URL: https://github.com/pandas-dev/pandas/issues/14866 - ---- a/pandas/tests/indexes/common.py 2017-03-09 00:10:26.063996176 +0100 -+++ b/pandas/tests/indexes/common.py 2017-03-09 00:10:53.152844191 +0100 -@@ -119,20 +119,6 @@ - with tm.assertRaisesRegexp(ValueError, 'Invalid fill method'): - idx.get_indexer(idx, method='invalid') - -- def test_ndarray_compat_properties(self): -- -- idx = self.create_index() -- self.assertTrue(idx.T.equals(idx)) -- self.assertTrue(idx.transpose().equals(idx)) -- -- values = idx.values -- for prop in self._compat_props: -- self.assertEqual(getattr(idx, prop), getattr(values, prop)) -- -- # test for validity -- idx.nbytes -- idx.values.nbytes -- - def test_repr_roundtrip(self): - - idx = self.create_index() ---- a/pandas/tools/tests/test_tile.py 2017-03-08 17:47:39.762261841 +0100 -+++ b/pandas/tools/tests/test_tile.py 2017-03-08 17:48:26.831780495 +0100 -@@ -271,19 +271,6 @@ - np.array([0, 0, 1, 1], dtype=np.int8)) - tm.assert_numpy_array_equal(bins, np.array([0, 1.5, 3])) - -- def test_single_bin(self): -- # issue 14652 -- expected = Series([0, 0]) -- -- s = Series([9., 9.]) -- result = cut(s, 1, labels=False) -- tm.assert_series_equal(result, expected) -- -- s = Series([-9., -9.]) -- result = cut(s, 1, labels=False) -- tm.assert_series_equal(result, expected) -- -- - def curpath(): - pth, _ = os.path.split(os.path.abspath(__file__)) - return pth diff --git a/gnu/packages/patches/python-waitress-fix-tests.patch b/gnu/packages/patches/python-waitress-fix-tests.patch new file mode 100644 index 0000000000..110492a604 --- /dev/null +++ b/gnu/packages/patches/python-waitress-fix-tests.patch @@ -0,0 +1,29 @@ +Skip test that requires getaddrinfo(), which is not available in the build +environment. This package uses a regexp for finding tests (see runner.py), +so using @unittest.skip does not work. + +--- a/waitress/tests/test_adjustments.py ++++ b/waitress/tests/test_adjustments.py +@@ -185,22 +185,6 @@ + def test_bad_port(self): + self.assertRaises(ValueError, self._makeOne, listen='127.0.0.1:test') + +- def test_service_port(self): +- if WIN and PY2: # pragma: no cover +- # On Windows and Python 2 this is broken, so we raise a ValueError +- self.assertRaises( +- ValueError, +- self._makeOne, +- listen='127.0.0.1:http', +- ) +- return +- +- inst = self._makeOne(listen='127.0.0.1:http 0.0.0.0:https') +- +- bind_pairs = [sockaddr[:2] for (_, _, _, sockaddr) in inst.listen] +- +- self.assertEqual(bind_pairs, [('127.0.0.1', 80), ('0.0.0.0', 443)]) +- + def test_dont_mix_host_port_listen(self): + self.assertRaises( + ValueError, diff --git a/gnu/packages/patches/qtbase-use-TZDIR.patch b/gnu/packages/patches/qtbase-use-TZDIR.patch new file mode 100644 index 0000000000..11c737d844 --- /dev/null +++ b/gnu/packages/patches/qtbase-use-TZDIR.patch @@ -0,0 +1,39 @@ +Use $TZDIR to search for time-zone data. Thus avoid depending on package +"tzdata", which often introduces changes with near-immediate effects, so it's +important to be able to update it fast. + +Based on a patch fron NixOS. +=================================================================== +--- qtbase-opensource-src-5.9.4.orig/src/corelib/tools/qtimezoneprivate_tz.cpp ++++ qtbase-opensource-src-5.9.4/src/corelib/tools/qtimezoneprivate_tz.cpp +@@ -70,7 +70,11 @@ + // Parse zone.tab table, assume lists all installed zones, if not will need to read directories + static QTzTimeZoneHash loadTzTimeZones() + { +- QString path = QStringLiteral("/usr/share/zoneinfo/zone.tab"); ++ // Try TZDIR first, in case we're running on GuixSD. ++ QString path = QFile::decodeName(qgetenv("TZDIR")) + QStringLiteral("/zone.tab"); ++ // Fallback to traditional paths in case we are not on GuixSD. ++ if (!QFile::exists(path)) ++ path = QStringLiteral("/usr/share/zoneinfo/zone.tab"); + if (!QFile::exists(path)) + path = QStringLiteral("/usr/lib/zoneinfo/zone.tab"); + +@@ -645,6 +649,9 @@ + if (!tzif.open(QIODevice::ReadOnly)) + return; + } else { ++ // Try TZDIR first, in case we're running on GuixSD. ++ tzif.setFileName(QFile::decodeName(qgetenv("TZDIR")) + QStringLiteral("/") + QString::fromLocal8Bit(ianaId)); ++ if (!tzif.open(QIODevice::ReadOnly)) { + // Open named tz, try modern path first, if fails try legacy path + tzif.setFileName(QLatin1String("/usr/share/zoneinfo/") + QString::fromLocal8Bit(ianaId)); + if (!tzif.open(QIODevice::ReadOnly)) { +@@ -652,6 +659,7 @@ + if (!tzif.open(QIODevice::ReadOnly)) + return; + } ++ } + } + + QDataStream ds(&tzif); diff --git a/gnu/packages/patches/rct-add-missing-headers.patch b/gnu/packages/patches/rct-add-missing-headers.patch new file mode 100644 index 0000000000..4d133aa249 --- /dev/null +++ b/gnu/packages/patches/rct-add-missing-headers.patch @@ -0,0 +1,43 @@ +From: fis <ybbs.daans@hotmail.com> +Date: Sat, 20 Jan 2018 07:42:38 +0800 +Subject: [PATCH] rct.cmake: Add missing headers. + +--- + rct.cmake | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/rct.cmake b/rct.cmake +index 323e7b9..3e0ac6b 100644 +--- a/rct.cmake ++++ b/rct.cmake +@@ -339,7 +339,27 @@ if (NOT RCT_NO_INSTALL) + rct/Timer.h + rct/Value.h + rct/WriteLocker.h ++ rct/CpuUsage.h ++ rct/DataFile.h ++ rct/Date.h ++ rct/EmbeddedLinkedList.h ++ rct/FinishMessage.h ++ rct/Flags.h ++ rct/Hash.h ++ rct/LinkedList.h ++ rct/Map.h ++ rct/MemoryMappedFile.h ++ rct/OnDestruction.h ++ rct/QuitMessage.h ++ rct/ResponseMessage.h ++ rct/ScriptEngine.h ++ rct/StackBuffer.h ++ rct/WindowsUnicodeConversion.h + DESTINATION include/rct) + ++ install(FILES ++ json/json.hpp ++ DESTINATION include/rct/json) ++ + install(EXPORT "rct" DESTINATION lib/cmake) + endif () +-- +2.13.6 + diff --git a/gnu/packages/patches/reposurgeon-add-missing-docbook-files.patch b/gnu/packages/patches/reposurgeon-add-missing-docbook-files.patch new file mode 100644 index 0000000000..707d032744 --- /dev/null +++ b/gnu/packages/patches/reposurgeon-add-missing-docbook-files.patch @@ -0,0 +1,22 @@ +Author: Tobias Geerinckx-Rice <me@tobias.gr> +Upstream issue: <https://gitlab.com/esr/reposurgeon/merge_requests/101> + +Two files required to build the documentation (including man pages) are +not included in the latest reposurgeon release, breaking ‘make all’. + +Luckily, they are tiny: + +--- a/docbook-extra.xml 1970-01-01 01:00:00.000000000 +0100 ++++ b/docbook-extra.xml 2018-01-25 00:17:18.236727017 +0100 +@@ -0,0 +1,5 @@ ++<?xml version='1.0'?> ++<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0"> ++<xsl:param name="variablelist.term.separator"></xsl:param> ++<xsl:param name="variablelist.term.break.after">1</xsl:param> ++</xsl:stylesheet> +diff -Naur reposurgeon-3.43/nofooter.conf reposurgeon-3.43-b/nofooter.conf +--- a/nofooter.conf 1970-01-01 01:00:00.000000000 +0100 ++++ b/nofooter.conf 2018-01-25 00:23:15.384498847 +0100 +@@ -0,0 +1,2 @@ ++[footer-text] ++ diff --git a/gnu/packages/patches/rsync-CVE-2017-16548.patch b/gnu/packages/patches/rsync-CVE-2017-16548.patch deleted file mode 100644 index 52a75ea241..0000000000 --- a/gnu/packages/patches/rsync-CVE-2017-16548.patch +++ /dev/null @@ -1,31 +0,0 @@ -https://bugzilla.samba.org/show_bug.cgi?id=13112 -https://git.samba.org/rsync.git/?p=rsync.git;a=patch;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1 - -From 47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1 Mon Sep 17 00:00:00 2001 -From: Wayne Davison <wayned@samba.org> -Date: Sun, 5 Nov 2017 11:33:15 -0800 -Subject: [PATCH] Enforce trailing \0 when receiving xattr name values. Fixes - bug 13112. - ---- - xattrs.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/xattrs.c b/xattrs.c -index 68305d7..4867e6f 100644 ---- a/xattrs.c -+++ b/xattrs.c -@@ -824,6 +824,10 @@ void receive_xattr(int f, struct file_struct *file) - out_of_memory("receive_xattr"); - name = ptr + dget_len + extra_len; - read_buf(f, name, name_len); -+ if (name_len < 1 || name[name_len-1] != '\0') { -+ rprintf(FERROR, "Invalid xattr name received (missing trailing \\0).\n"); -+ exit_cleanup(RERR_FILEIO); -+ } - if (dget_len == datum_len) - read_buf(f, ptr, dget_len); - else { --- -1.9.1 - diff --git a/gnu/packages/patches/rsync-CVE-2017-17433-fix-tests.patch b/gnu/packages/patches/rsync-CVE-2017-17433-fix-tests.patch deleted file mode 100644 index 74bac0fc33..0000000000 --- a/gnu/packages/patches/rsync-CVE-2017-17433-fix-tests.patch +++ /dev/null @@ -1,42 +0,0 @@ -https://git.samba.org/?p=rsync.git;a=patch;h=f5e8a17e093065fb20fea00a29540fe2c7896441 -minor edits were made to get the patch to apply - -From f5e8a17e093065fb20fea00a29540fe2c7896441 Mon Sep 17 00:00:00 2001 -From: Wayne Davison <wayned@samba.org> -Date: Sun, 3 Dec 2017 15:49:56 -0800 -Subject: [PATCH] Fix issue with earlier path-check (fixes "make check") and - make a BOOL more explicit. - ---- - checksum.c | 2 +- - receiver.c | 10 +++++----- - 2 files changed, 6 insertions(+), 6 deletions(-) - -diff --git a/receiver.c b/receiver.c -index 9c46242..75cb00d 100644 ---- a/receiver.c -+++ b/receiver.c -@@ -574,15 +574,15 @@ int recv_files(int f_in, int f_out, char *local_name) - file = dir_flist->files[cur_flist->parent_ndx]; - fname = local_name ? local_name : f_name(file, fbuf); - -- if (daemon_filter_list.head -- && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) { -+ if (DEBUG_GTE(RECV, 1)) -+ rprintf(FINFO, "recv_files(%s)\n", fname); -+ -+ if (daemon_filter_list.head && (*fname != '.' || fname[1] != '\0') -+ && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) { - rprintf(FERROR, "attempt to hack rsync failed.\n"); - exit_cleanup(RERR_PROTOCOL); - } - -- if (DEBUG_GTE(RECV, 1)) -- rprintf(FINFO, "recv_files(%s)\n", fname); -- - #ifdef SUPPORT_XATTRS - if (preserve_xattrs && iflags & ITEM_REPORT_XATTR && do_xfers - && !(want_xattr_optim && BITS_SET(iflags, ITEM_XNAME_FOLLOWS|ITEM_LOCAL_CHANGE))) --- -1.9.1 - diff --git a/gnu/packages/patches/rsync-CVE-2017-17433.patch b/gnu/packages/patches/rsync-CVE-2017-17433.patch deleted file mode 100644 index 84e4067509..0000000000 --- a/gnu/packages/patches/rsync-CVE-2017-17433.patch +++ /dev/null @@ -1,45 +0,0 @@ -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17433 -https://git.samba.org/?p=rsync.git;a=patch;h=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51 - -From 3e06d40029cfdce9d0f73d87cfd4edaf54be9c51 Mon Sep 17 00:00:00 2001 -From: Jeriko One <jeriko.one@gmx.us> -Date: Thu, 2 Nov 2017 23:44:19 -0700 -Subject: [PATCH] Check fname in recv_files sooner. - ---- - receiver.c | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/receiver.c b/receiver.c -index baae3a9..9fdafa1 100644 ---- a/receiver.c -+++ b/receiver.c -@@ -574,6 +574,12 @@ int recv_files(int f_in, int f_out, char *local_name) - file = dir_flist->files[cur_flist->parent_ndx]; - fname = local_name ? local_name : f_name(file, fbuf); - -+ if (daemon_filter_list.head -+ && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) { -+ rprintf(FERROR, "attempt to hack rsync failed.\n"); -+ exit_cleanup(RERR_PROTOCOL); -+ } -+ - if (DEBUG_GTE(RECV, 1)) - rprintf(FINFO, "recv_files(%s)\n", fname); - -@@ -645,12 +651,6 @@ int recv_files(int f_in, int f_out, char *local_name) - - cleanup_got_literal = 0; - -- if (daemon_filter_list.head -- && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) { -- rprintf(FERROR, "attempt to hack rsync failed.\n"); -- exit_cleanup(RERR_PROTOCOL); -- } -- - if (read_batch) { - int wanted = redoing - ? we_want_redo(ndx) --- -1.9.1 - diff --git a/gnu/packages/patches/rsync-CVE-2017-17434-pt1.patch b/gnu/packages/patches/rsync-CVE-2017-17434-pt1.patch deleted file mode 100644 index 0d9298743d..0000000000 --- a/gnu/packages/patches/rsync-CVE-2017-17434-pt1.patch +++ /dev/null @@ -1,28 +0,0 @@ -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17434 -https://git.samba.org/?p=rsync.git;a=patch;h=5509597decdbd7b91994210f700329d8a35e70a1 - -From 5509597decdbd7b91994210f700329d8a35e70a1 Mon Sep 17 00:00:00 2001 -From: Jeriko One <jeriko.one@gmx.us> -Date: Thu, 16 Nov 2017 17:26:03 -0800 -Subject: [PATCH] Check daemon filter against fnamecmp in recv_files(). - ---- - receiver.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/receiver.c b/receiver.c -index 9fdafa1..9c46242 100644 ---- a/receiver.c -+++ b/receiver.c -@@ -722,7 +722,7 @@ int recv_files(int f_in, int f_out, char *local_name) - break; - } - if (!fnamecmp || (daemon_filter_list.head -- && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0)) { -+ && check_filter(&daemon_filter_list, FLOG, fnamecmp, 0) < 0)) { - fnamecmp = fname; - fnamecmp_type = FNAMECMP_FNAME; - } --- -1.9.1 - diff --git a/gnu/packages/patches/rsync-CVE-2017-17434-pt2.patch b/gnu/packages/patches/rsync-CVE-2017-17434-pt2.patch deleted file mode 100644 index fad19d01fb..0000000000 --- a/gnu/packages/patches/rsync-CVE-2017-17434-pt2.patch +++ /dev/null @@ -1,39 +0,0 @@ -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17434 -https://git.samba.org/?p=rsync.git;a=patch;h=70aeb5fddd1b2f8e143276f8d5a085db16c593b9 - -From 70aeb5fddd1b2f8e143276f8d5a085db16c593b9 Mon Sep 17 00:00:00 2001 -From: Jeriko One <jeriko.one@gmx.us> -Date: Thu, 16 Nov 2017 17:05:42 -0800 -Subject: [PATCH] Sanitize xname in read_ndx_and_attrs. - ---- - rsync.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/rsync.c b/rsync.c -index b82e598..a0945ba 100644 ---- a/rsync.c -+++ b/rsync.c -@@ -49,6 +49,7 @@ extern int flist_eof; - extern int file_old_total; - extern int keep_dirlinks; - extern int make_backups; -+extern int sanitize_paths; - extern struct file_list *cur_flist, *first_flist, *dir_flist; - extern struct chmod_mode_struct *daemon_chmod_modes; - #ifdef ICONV_OPTION -@@ -396,6 +397,11 @@ int read_ndx_and_attrs(int f_in, int f_out, int *iflag_ptr, uchar *type_ptr, - if (iflags & ITEM_XNAME_FOLLOWS) { - if ((len = read_vstring(f_in, buf, MAXPATHLEN)) < 0) - exit_cleanup(RERR_PROTOCOL); -+ -+ if (sanitize_paths) { -+ sanitize_path(buf, buf, "", 0, SP_DEFAULT); -+ len = strlen(buf); -+ } - } else { - *buf = '\0'; - len = -1; --- -1.9.1 - diff --git a/gnu/packages/patches/rtags-separate-rct.patch b/gnu/packages/patches/rtags-separate-rct.patch new file mode 100644 index 0000000000..533e28b02e --- /dev/null +++ b/gnu/packages/patches/rtags-separate-rct.patch @@ -0,0 +1,72 @@ +Unbundle RCT and use our own copy. + +--- rtags-2.16/src/CMakeLists.txt 2018-01-23 10:36:17.645855140 +0100 ++++ rtags-2.16/src/CMakeLists.txt 2018-01-23 10:38:14.605234740 +0100 +@@ -105,12 +105,6 @@ if (LUA_ENABLED) + CMAKE_ARGS -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=0 -DCMAKE_GENERATOR=${CMAKE_GENERATOR}) + endif () + +-set(RCT_RTTI_ENABLED 1) +-set(RCT_NO_INSTALL 1) +-set(RCT_NO_LIBRARY 1) +-# Everyting which as been set either in rct/rct.cmake or rct/compiler.cmake +-# doesn't need to be set in this file again. +-include(rct/rct.cmake) + + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wstrict-aliasing=2 -Wcast-qual -fPIC") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wstrict-aliasing=2 -Wcast-qual -fPIC") +@@ -128,8 +122,7 @@ add_definitions( + "-DRTAGS_SOURCE_DIR=${CMAKE_CURRENT_SOURCE_DIR}" + "-DCLANG_LIBDIR=${LIBCLANG_LIBDIR}" + "-DCLANG_VERSION=${LIBCLANG_VERSION_STRING}" +- "-DOS_${CMAKE_SYSTEM_NAME}" +- ${RCT_DEFINITIONS}) ++ "-DOS_${CMAKE_SYSTEM_NAME}") + + if (CMAKE_SYSTEM_NAME MATCHES "FreeBSD") + add_definitions(-D__LONG_LONG_SUPPORTED) +@@ -172,8 +165,7 @@ set(RTAGS_SOURCES + Symbol.cpp + SymbolInfoJob.cpp + Token.cpp +- TokensJob.cpp +- ${RCT_SOURCES}) ++ TokensJob.cpp) + + if (LUA_ENABLED) + list(APPEND RTAGS_SOURCES AST.cpp) +@@ -195,10 +187,10 @@ endif () + + include_directories( + ${CMAKE_CURRENT_LIST_DIR} +- ${RCT_INCLUDE_DIRS} + ${CMAKE_CURRENT_LIST_DIR}/selene/include + ${CMAKE_CURRENT_BINARY_DIR}/lua-prefix/src/lua-build +- ${CMAKE_CURRENT_LIST_DIR}/lua/src) ++ ${CMAKE_CURRENT_LIST_DIR}/lua/src ++ ${CMAKE_CURRENT_BINARY_DIR}/include) + + if (CMAKE_SYSTEM_NAME MATCHES "Darwin") + set(START_GROUP "") +@@ -223,17 +215,17 @@ else () + endif() + + # RCT_LIBRARIES and stdc++ library must be at the end +-set(RTAGS_LIBRARIES ${RTAGS_LIBRARIES} -lstdc++ ${RCT_LIBRARIES}) ++set(RTAGS_LIBRARIES ${RTAGS_LIBRARIES} -lstdc++) + add_executable(rc rc.cpp) +-target_link_libraries(rc ${RTAGS_LIBRARIES}) ++target_link_libraries(rc ${RTAGS_LIBRARIES} rct) + + add_executable(rdm rdm.cpp) +-target_link_libraries(rdm ${RTAGS_LIBRARIES}) ++target_link_libraries(rdm ${RTAGS_LIBRARIES} rct) + + set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${PROJECT_BINARY_DIR}/bin) + + add_executable(rp rp.cpp) +-target_link_libraries(rp ${RTAGS_LIBRARIES}) ++target_link_libraries(rp ${RTAGS_LIBRARIES} rct) + + if (CYGWIN) + EnsureLibraries(rdm rct) diff --git a/gnu/packages/patches/ruby-rubygems-276-for-ruby24.patch b/gnu/packages/patches/ruby-rubygems-276-for-ruby24.patch new file mode 100644 index 0000000000..0d0ed6b204 --- /dev/null +++ b/gnu/packages/patches/ruby-rubygems-276-for-ruby24.patch @@ -0,0 +1,605 @@ +diff --git lib/rubygems.rb lib/rubygems.rb +index 0685bcb3c6..a5a9202e56 100644 +--- ruby-2.4.3/lib/rubygems.rb ++++ ruby-2.4.3/lib/rubygems.rb +@@ -10,7 +10,7 @@ + require 'thread' + + module Gem +- VERSION = "2.6.14" ++ VERSION = "2.6.14.1" + end + + # Must be first since it unloads the prelude from 1.9.2 +diff --git lib/rubygems/commands/owner_command.rb lib/rubygems/commands/owner_command.rb +index 4b99434e87..2ee7f84462 100644 +--- ruby-2.4.3/lib/rubygems/commands/owner_command.rb ++++ ruby-2.4.3/lib/rubygems/commands/owner_command.rb +@@ -62,7 +62,7 @@ def show_owners name + end + + with_response response do |resp| +- owners = YAML.load resp.body ++ owners = Gem::SafeYAML.load resp.body + + say "Owners for gem: #{name}" + owners.each do |owner| +diff --git lib/rubygems/package.rb lib/rubygems/package.rb +index 77811ed5ec..b5a5fe2a26 100644 +--- ruby-2.4.3/lib/rubygems/package.rb ++++ ruby-2.4.3/lib/rubygems/package.rb +@@ -378,7 +378,7 @@ def extract_tar_gz io, destination_dir, pattern = "*" # :nodoc: + File.dirname destination + end + +- FileUtils.mkdir_p mkdir, mkdir_options ++ mkdir_p_safe mkdir, mkdir_options, destination_dir, entry.full_name + + open destination, 'wb' do |out| + out.write entry.read +@@ -416,20 +416,35 @@ def install_location filename, destination_dir # :nodoc: + raise Gem::Package::PathError.new(filename, destination_dir) if + filename.start_with? '/' + +- destination_dir = File.realpath destination_dir if +- File.respond_to? :realpath ++ destination_dir = realpath destination_dir + destination_dir = File.expand_path destination_dir + + destination = File.join destination_dir, filename + destination = File.expand_path destination + + raise Gem::Package::PathError.new(destination, destination_dir) unless +- destination.start_with? destination_dir ++ destination.start_with? destination_dir + '/' + + destination.untaint + destination + end + ++ def mkdir_p_safe mkdir, mkdir_options, destination_dir, file_name ++ destination_dir = realpath File.expand_path(destination_dir) ++ parts = mkdir.split(File::SEPARATOR) ++ parts.reduce do |path, basename| ++ path = realpath path unless path == "" ++ path = File.expand_path(path + File::SEPARATOR + basename) ++ lstat = File.lstat path rescue nil ++ if !lstat || !lstat.directory? ++ unless path.start_with? destination_dir and (FileUtils.mkdir path, mkdir_options rescue false) ++ raise Gem::Package::PathError.new(file_name, destination_dir) ++ end ++ end ++ path ++ end ++ end ++ + ## + # Loads a Gem::Specification from the TarEntry +entry+ + +@@ -603,6 +618,10 @@ def verify_files gem + raise Gem::Package::FormatError.new \ + 'package content (data.tar.gz) is missing', @gem + end ++ ++ if duplicates = @files.group_by {|f| f }.select {|k,v| v.size > 1 }.map(&:first) and duplicates.any? ++ raise Gem::Security::Exception, "duplicate files in the package: (#{duplicates.map(&:inspect).join(', ')})" ++ end + end + + ## +@@ -616,6 +635,16 @@ def verify_gz entry # :nodoc: + raise Gem::Package::FormatError.new(e.message, entry.full_name) + end + ++ if File.respond_to? :realpath ++ def realpath file ++ File.realpath file ++ end ++ else ++ def realpath file ++ file ++ end ++ end ++ + end + + require 'rubygems/package/digest_io' +diff --git lib/rubygems/package/tar_header.rb lib/rubygems/package/tar_header.rb +index c54bd14d57..d557357114 100644 +--- ruby-2.4.3/lib/rubygems/package/tar_header.rb ++++ ruby-2.4.3/lib/rubygems/package/tar_header.rb +@@ -104,25 +104,30 @@ def self.from(stream) + fields = header.unpack UNPACK_FORMAT + + new :name => fields.shift, +- :mode => fields.shift.oct, +- :uid => fields.shift.oct, +- :gid => fields.shift.oct, +- :size => fields.shift.oct, +- :mtime => fields.shift.oct, +- :checksum => fields.shift.oct, ++ :mode => strict_oct(fields.shift), ++ :uid => strict_oct(fields.shift), ++ :gid => strict_oct(fields.shift), ++ :size => strict_oct(fields.shift), ++ :mtime => strict_oct(fields.shift), ++ :checksum => strict_oct(fields.shift), + :typeflag => fields.shift, + :linkname => fields.shift, + :magic => fields.shift, +- :version => fields.shift.oct, ++ :version => strict_oct(fields.shift), + :uname => fields.shift, + :gname => fields.shift, +- :devmajor => fields.shift.oct, +- :devminor => fields.shift.oct, ++ :devmajor => strict_oct(fields.shift), ++ :devminor => strict_oct(fields.shift), + :prefix => fields.shift, + + :empty => empty + end + ++ def self.strict_oct(str) ++ return str.oct if str =~ /\A[0-7]*\z/ ++ raise ArgumentError, "#{str.inspect} is not an octal string" ++ end ++ + ## + # Creates a new TarHeader using +vals+ + +diff --git lib/rubygems/package/tar_writer.rb lib/rubygems/package/tar_writer.rb +index f68b8d4c5e..390f7851a3 100644 +--- ruby-2.4.3/lib/rubygems/package/tar_writer.rb ++++ ruby-2.4.3/lib/rubygems/package/tar_writer.rb +@@ -196,6 +196,8 @@ def add_file_signed name, mode, signer + digest_name == signer.digest_name + end + ++ raise "no #{signer.digest_name} in #{digests.values.compact}" unless signature_digest ++ + if signer.key then + signature = signer.sign signature_digest.digest + +diff --git lib/rubygems/server.rb lib/rubygems/server.rb +index df4eb566d3..a7b5243ba0 100644 +--- ruby-2.4.3/lib/rubygems/server.rb ++++ ruby-2.4.3/lib/rubygems/server.rb +@@ -631,6 +631,18 @@ def root(req, res) + executables = nil if executables.empty? + executables.last["is_last"] = true if executables + ++ # Pre-process spec homepage for safety reasons ++ begin ++ homepage_uri = URI.parse(spec.homepage) ++ if [URI::HTTP, URI::HTTPS].member? homepage_uri.class ++ homepage_uri = spec.homepage ++ else ++ homepage_uri = "." ++ end ++ rescue URI::InvalidURIError ++ homepage_uri = "." ++ end ++ + specs << { + "authors" => spec.authors.sort.join(", "), + "date" => spec.date.to_s, +@@ -640,7 +652,7 @@ def root(req, res) + "only_one_executable" => (executables && executables.size == 1), + "full_name" => spec.full_name, + "has_deps" => !deps.empty?, +- "homepage" => spec.homepage, ++ "homepage" => homepage_uri, + "name" => spec.name, + "rdoc_installed" => Gem::RDoc.new(spec).rdoc_installed?, + "ri_installed" => Gem::RDoc.new(spec).ri_installed?, +diff --git lib/rubygems/specification.rb lib/rubygems/specification.rb +index 40e3a70d47..0a154b9001 100644 +--- ruby-2.4.3/lib/rubygems/specification.rb ++++ ruby-2.4.3/lib/rubygems/specification.rb +@@ -15,6 +15,7 @@ + require 'rubygems/stub_specification' + require 'rubygems/util/list' + require 'stringio' ++require 'uri' + + ## + # The Specification class contains the information for a Gem. Typically +@@ -2813,10 +2814,16 @@ def validate packaging = true + raise Gem::InvalidSpecificationException, "#{lazy} is not a summary" + end + +- if homepage and not homepage.empty? and +- homepage !~ /\A[a-z][a-z\d+.-]*:/i then +- raise Gem::InvalidSpecificationException, +- "\"#{homepage}\" is not a URI" ++ # Make sure a homepage is valid HTTP/HTTPS URI ++ if homepage and not homepage.empty? ++ begin ++ homepage_uri = URI.parse(homepage) ++ unless [URI::HTTP, URI::HTTPS].member? homepage_uri.class ++ raise Gem::InvalidSpecificationException, "\"#{homepage}\" is not a valid HTTP URI" ++ end ++ rescue URI::InvalidURIError ++ raise Gem::InvalidSpecificationException, "\"#{homepage}\" is not a valid HTTP URI" ++ end + end + + # Warnings +diff --git test/rubygems/test_gem_commands_owner_command.rb test/rubygems/test_gem_commands_owner_command.rb +index 44652c1093..53cac4ce87 100644 +--- ruby-2.4.3/test/rubygems/test_gem_commands_owner_command.rb ++++ ruby-2.4.3/test/rubygems/test_gem_commands_owner_command.rb +@@ -43,6 +43,31 @@ def test_show_owners + assert_match %r{- 4}, @ui.output + end + ++ def test_show_owners_dont_load_objects ++ skip "testing a psych-only API" unless defined?(::Psych::DisallowedClass) ++ ++ response = <<EOF ++--- ++- email: !ruby/object:Object {} ++ id: 1 ++ handle: user1 ++- email: user2@example.com ++- id: 3 ++ handle: user3 ++- id: 4 ++EOF ++ ++ @fetcher.data["#{Gem.host}/api/v1/gems/freewill/owners.yaml"] = [response, 200, 'OK'] ++ ++ assert_raises Psych::DisallowedClass do ++ use_ui @ui do ++ @cmd.show_owners("freewill") ++ end ++ end ++ ++ end ++ ++ + def test_show_owners_setting_up_host_through_env_var + response = "- email: user1@example.com\n" + host = "http://rubygems.example" +diff --git test/rubygems/test_gem_package.rb test/rubygems/test_gem_package.rb +index 9d47f0dea4..5b93475314 100644 +--- ruby-2.4.3/test/rubygems/test_gem_package.rb ++++ ruby-2.4.3/test/rubygems/test_gem_package.rb +@@ -455,6 +455,31 @@ def test_extract_tar_gz_symlink_relative_path + File.read(extracted) + end + ++ def test_extract_symlink_parent ++ skip 'symlink not supported' if Gem.win_platform? ++ ++ package = Gem::Package.new @gem ++ ++ tgz_io = util_tar_gz do |tar| ++ tar.mkdir 'lib', 0755 ++ tar.add_symlink 'lib/link', '../..', 0644 ++ tar.add_file 'lib/link/outside.txt', 0644 do |io| io.write 'hi' end ++ end ++ ++ # Extract into a subdirectory of @destination; if this test fails it writes ++ # a file outside destination_subdir, but we want the file to remain inside ++ # @destination so it will be cleaned up. ++ destination_subdir = File.join @destination, 'subdir' ++ FileUtils.mkdir_p destination_subdir ++ ++ e = assert_raises Gem::Package::PathError do ++ package.extract_tar_gz tgz_io, destination_subdir ++ end ++ ++ assert_equal("installing into parent path lib/link/outside.txt of " + ++ "#{destination_subdir} is not allowed", e.message) ++ end ++ + def test_extract_tar_gz_directory + package = Gem::Package.new @gem + +@@ -566,6 +591,21 @@ def test_install_location_relative + "#{@destination} is not allowed", e.message) + end + ++ def test_install_location_suffix ++ package = Gem::Package.new @gem ++ ++ filename = "../#{File.basename(@destination)}suffix.rb" ++ ++ e = assert_raises Gem::Package::PathError do ++ package.install_location filename, @destination ++ end ++ ++ parent = File.expand_path File.join @destination, filename ++ ++ assert_equal("installing into parent path #{parent} of " + ++ "#{@destination} is not allowed", e.message) ++ end ++ + def test_load_spec + entry = StringIO.new Gem.gzip @spec.to_yaml + def entry.full_name() 'metadata.gz' end +@@ -723,6 +763,32 @@ def test_verify_nonexistent + assert_match %r%nonexistent.gem$%, e.message + end + ++ def test_verify_duplicate_file ++ FileUtils.mkdir_p 'lib' ++ FileUtils.touch 'lib/code.rb' ++ ++ build = Gem::Package.new @gem ++ build.spec = @spec ++ build.setup_signer ++ open @gem, 'wb' do |gem_io| ++ Gem::Package::TarWriter.new gem_io do |gem| ++ build.add_metadata gem ++ build.add_contents gem ++ ++ gem.add_file_simple 'a.sig', 0444, 0 ++ gem.add_file_simple 'a.sig', 0444, 0 ++ end ++ end ++ ++ package = Gem::Package.new @gem ++ ++ e = assert_raises Gem::Security::Exception do ++ package.verify ++ end ++ ++ assert_equal 'duplicate files in the package: ("a.sig")', e.message ++ end ++ + def test_verify_security_policy + skip 'openssl is missing' unless defined?(OpenSSL::SSL) + +@@ -780,7 +846,13 @@ def test_verify_security_policy_checksum_missing + + # write bogus data.tar.gz to foil signature + bogus_data = Gem.gzip 'hello' +- gem.add_file_simple 'data.tar.gz', 0444, bogus_data.length do |io| ++ fake_signer = Class.new do ++ def digest_name; 'SHA512'; end ++ def digest_algorithm; Digest(:SHA512); end ++ def key; 'key'; end ++ def sign(*); 'fake_sig'; end ++ end ++ gem.add_file_signed 'data2.tar.gz', 0444, fake_signer.new do |io| + io.write bogus_data + end + +diff --git test/rubygems/test_gem_package_tar_header.rb test/rubygems/test_gem_package_tar_header.rb +index d33877057d..43f508df45 100644 +--- ruby-2.4.3/test/rubygems/test_gem_package_tar_header.rb ++++ ruby-2.4.3/test/rubygems/test_gem_package_tar_header.rb +@@ -143,5 +143,26 @@ def test_update_checksum + assert_equal '012467', @tar_header.checksum + end + ++ def test_from_bad_octal ++ test_cases = [ ++ "00000006,44\000", # bogus character ++ "00000006789\000", # non-octal digit ++ "+0000001234\000", # positive sign ++ "-0000001000\000", # negative sign ++ "0x000123abc\000", # radix prefix ++ ] ++ ++ test_cases.each do |val| ++ header_s = @tar_header.to_s ++ # overwrite the size field ++ header_s[124, 12] = val ++ io = TempIO.new header_s ++ assert_raises ArgumentError do ++ new_header = Gem::Package::TarHeader.from io ++ end ++ io.close! if io.respond_to? :close! ++ end ++ end ++ + end + +diff --git test/rubygems/test_gem_server.rb test/rubygems/test_gem_server.rb +index 4873fac5b6..96ed9194e9 100644 +--- ruby-2.4.3/test/rubygems/test_gem_server.rb ++++ ruby-2.4.3/test/rubygems/test_gem_server.rb +@@ -336,6 +336,171 @@ def test_root_gemdirs + assert_match 'z 9', @res.body + end + ++ ++ def test_xss_homepage_fix_289313 ++ data = StringIO.new "GET / HTTP/1.0\r\n\r\n" ++ dir = "#{@gemhome}2" ++ ++ spec = util_spec 'xsshomepagegem', 1 ++ spec.homepage = "javascript:confirm(document.domain)" ++ ++ specs_dir = File.join dir, 'specifications' ++ FileUtils.mkdir_p specs_dir ++ ++ open File.join(specs_dir, spec.spec_name), 'w' do |io| ++ io.write spec.to_ruby ++ end ++ ++ server = Gem::Server.new dir, process_based_port, false ++ ++ @req.parse data ++ ++ server.root @req, @res ++ ++ assert_equal 200, @res.status ++ assert_match 'xsshomepagegem 1', @res.body ++ ++ # This verifies that the homepage for this spec is not displayed and is set to ".", because it's not a ++ # valid HTTP/HTTPS URL and could be unsafe in an HTML context. We would prefer to throw an exception here, ++ # but spec.homepage is currently free form and not currently required to be a URL, this behavior may be ++ # validated in future versions of Gem::Specification. ++ # ++ # There are two variant we're checking here, one where rdoc is not present, and one where rdoc is present in the same regex: ++ # ++ # Variant #1 - rdoc not installed ++ # ++ # <b>xsshomepagegem 1</b> ++ # ++ # ++ # <span title="rdoc not installed">[rdoc]</span> ++ # ++ # ++ # ++ # <a href="." title=".">[www]</a> ++ # ++ # Variant #2 - rdoc installed ++ # ++ # <b>xsshomepagegem 1</b> ++ # ++ # ++ # <a href="\/doc_root\/xsshomepagegem-1\/">\[rdoc\]<\/a> ++ # ++ # ++ # ++ # <a href="." title=".">[www]</a> ++ regex_match = /xsshomepagegem 1<\/b>[\n\s]+(<span title="rdoc not installed">\[rdoc\]<\/span>|<a href="\/doc_root\/xsshomepagegem-1\/">\[rdoc\]<\/a>)[\n\s]+<a href="\." title="\.">\[www\]<\/a>/ ++ assert_match regex_match, @res.body ++ end ++ ++ def test_invalid_homepage ++ data = StringIO.new "GET / HTTP/1.0\r\n\r\n" ++ dir = "#{@gemhome}2" ++ ++ spec = util_spec 'invalidhomepagegem', 1 ++ spec.homepage = "notavalidhomepageurl" ++ ++ specs_dir = File.join dir, 'specifications' ++ FileUtils.mkdir_p specs_dir ++ ++ open File.join(specs_dir, spec.spec_name), 'w' do |io| ++ io.write spec.to_ruby ++ end ++ ++ server = Gem::Server.new dir, process_based_port, false ++ ++ @req.parse data ++ ++ server.root @req, @res ++ ++ assert_equal 200, @res.status ++ assert_match 'invalidhomepagegem 1', @res.body ++ ++ # This verifies that the homepage for this spec is not displayed and is set to ".", because it's not a ++ # valid HTTP/HTTPS URL and could be unsafe in an HTML context. We would prefer to throw an exception here, ++ # but spec.homepage is currently free form and not currently required to be a URL, this behavior may be ++ # validated in future versions of Gem::Specification. ++ # ++ # There are two variant we're checking here, one where rdoc is not present, and one where rdoc is present in the same regex: ++ # ++ # Variant #1 - rdoc not installed ++ # ++ # <b>invalidhomepagegem 1</b> ++ # ++ # ++ # <span title="rdoc not installed">[rdoc]</span> ++ # ++ # ++ # ++ # <a href="." title=".">[www]</a> ++ # ++ # Variant #2 - rdoc installed ++ # ++ # <b>invalidhomepagegem 1</b> ++ # ++ # ++ # <a href="\/doc_root\/invalidhomepagegem-1\/">\[rdoc\]<\/a> ++ # ++ # ++ # ++ # <a href="." title=".">[www]</a> ++ regex_match = /invalidhomepagegem 1<\/b>[\n\s]+(<span title="rdoc not installed">\[rdoc\]<\/span>|<a href="\/doc_root\/invalidhomepagegem-1\/">\[rdoc\]<\/a>)[\n\s]+<a href="\." title="\.">\[www\]<\/a>/ ++ assert_match regex_match, @res.body ++ end ++ ++ def test_valid_homepage_http ++ data = StringIO.new "GET / HTTP/1.0\r\n\r\n" ++ dir = "#{@gemhome}2" ++ ++ spec = util_spec 'validhomepagegemhttp', 1 ++ spec.homepage = "http://rubygems.org" ++ ++ specs_dir = File.join dir, 'specifications' ++ FileUtils.mkdir_p specs_dir ++ ++ open File.join(specs_dir, spec.spec_name), 'w' do |io| ++ io.write spec.to_ruby ++ end ++ ++ server = Gem::Server.new dir, process_based_port, false ++ ++ @req.parse data ++ ++ server.root @req, @res ++ ++ assert_equal 200, @res.status ++ assert_match 'validhomepagegemhttp 1', @res.body ++ ++ regex_match = /validhomepagegemhttp 1<\/b>[\n\s]+(<span title="rdoc not installed">\[rdoc\]<\/span>|<a href="\/doc_root\/validhomepagegemhttp-1\/">\[rdoc\]<\/a>)[\n\s]+<a href="http:\/\/rubygems\.org" title="http:\/\/rubygems\.org">\[www\]<\/a>/ ++ assert_match regex_match, @res.body ++ end ++ ++ def test_valid_homepage_https ++ data = StringIO.new "GET / HTTP/1.0\r\n\r\n" ++ dir = "#{@gemhome}2" ++ ++ spec = util_spec 'validhomepagegemhttps', 1 ++ spec.homepage = "https://rubygems.org" ++ ++ specs_dir = File.join dir, 'specifications' ++ FileUtils.mkdir_p specs_dir ++ ++ open File.join(specs_dir, spec.spec_name), 'w' do |io| ++ io.write spec.to_ruby ++ end ++ ++ server = Gem::Server.new dir, process_based_port, false ++ ++ @req.parse data ++ ++ server.root @req, @res ++ ++ assert_equal 200, @res.status ++ assert_match 'validhomepagegemhttps 1', @res.body ++ ++ regex_match = /validhomepagegemhttps 1<\/b>[\n\s]+(<span title="rdoc not installed">\[rdoc\]<\/span>|<a href="\/doc_root\/validhomepagegemhttps-1\/">\[rdoc\]<\/a>)[\n\s]+<a href="https:\/\/rubygems\.org" title="https:\/\/rubygems\.org">\[www\]<\/a>/ ++ assert_match regex_match, @res.body ++ end ++ + def test_specs + data = StringIO.new "GET /specs.#{Gem.marshal_version} HTTP/1.0\r\n\r\n" + @req.parse data +diff --git test/rubygems/test_gem_specification.rb test/rubygems/test_gem_specification.rb +index 0fcc11e78f..1c68826fb3 100644 +--- ruby-2.4.3/test/rubygems/test_gem_specification.rb ++++ ruby-2.4.3/test/rubygems/test_gem_specification.rb +@@ -2890,7 +2890,22 @@ def test_validate_homepage + @a1.validate + end + +- assert_equal '"over at my cool site" is not a URI', e.message ++ assert_equal '"over at my cool site" is not a valid HTTP URI', e.message ++ ++ @a1.homepage = 'ftp://rubygems.org' ++ ++ e = assert_raises Gem::InvalidSpecificationException do ++ @a1.validate ++ end ++ ++ assert_equal '"ftp://rubygems.org" is not a valid HTTP URI', e.message ++ ++ @a1.homepage = 'http://rubygems.org' ++ assert_equal true, @a1.validate ++ ++ @a1.homepage = 'https://rubygems.org' ++ assert_equal true, @a1.validate ++ + end + end + diff --git a/gnu/packages/patches/shepherd-herd-status-sorted.patch b/gnu/packages/patches/shepherd-herd-status-sorted.patch new file mode 100644 index 0000000000..c6b9d870eb --- /dev/null +++ b/gnu/packages/patches/shepherd-herd-status-sorted.patch @@ -0,0 +1,79 @@ +From cc9564586729a5bb90dd5d2722b543fdde9ab821 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org> +Date: Sun, 4 Feb 2018 21:56:36 +0100 +Subject: [PATCH] herd: 'herd status' now sorts the result. + +Partly fixes <https://bugs.gnu.org/30299>. +Reported by Mark H Weaver <mhw@netris.org>. + +Previously 'tests/basic.sh' could occasionally fail on: + + test "`$herd status`" == "$pristine_status" + +because the order of stopped services were not always the same. Indeed, +those services come from 'service-list' on the shepherd side, which uses +'hash-fold' to traverse the service hash table, and the traversal order +of 'hash-fold' is undefined. + +* modules/shepherd/scripts/herd.scm (display-status-summary)[service<?]: +New procedure. +[display-services]: Call 'sort' and use the above. +--- + modules/shepherd/scripts/herd.scm | 8 ++++++-- + modules/shepherd/service.scm | 5 +++-- + 2 files changed, 9 insertions(+), 4 deletions(-) + +diff --git a/modules/shepherd/scripts/herd.scm b/modules/shepherd/scripts/herd.scm +index ebcd1e1..697446c 100644 +--- a/modules/shepherd/scripts/herd.scm ++++ b/modules/shepherd/scripts/herd.scm +@@ -1,5 +1,5 @@ + ;; herd.scm -- The program to herd the Shepherd. +-;; Copyright (C) 2013, 2014, 2016 Ludovic Courtès <ludo@gnu.org> ++;; Copyright (C) 2013, 2014, 2016, 2018 Ludovic Courtès <ludo@gnu.org> + ;; Copyright (C) 2002, 2003 Wolfgang Jährling <wolfgang@pro-linux.de> + ;; + ;; This file is part of the GNU Shepherd. +@@ -46,13 +46,17 @@ of pairs." + + (define (display-status-summary services) + "Display a summary of the status of all of SERVICES." ++ (define (service<? service1 service2) ++ (string<? (symbol->string (service-canonical-name service1)) ++ (symbol->string (service-canonical-name service2)))) ++ + (define (display-services header bullet services) + (unless (null? services) + (display header) + (for-each (lambda (service) + (format #t " ~a ~a~%" bullet + (service-canonical-name service))) +- services))) ++ (sort services service<?)))) ;get deterministic output + (call-with-values + (lambda () + (partition (match-lambda +diff --git a/modules/shepherd/service.scm b/modules/shepherd/service.scm +index 0ad28a0..83600e4 100644 +--- a/modules/shepherd/service.scm ++++ b/modules/shepherd/service.scm +@@ -1,5 +1,5 @@ + ;; service.scm -- Representation of services. +-;; Copyright (C) 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org> ++;; Copyright (C) 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org> + ;; Copyright (C) 2002, 2003 Wolfgang Järling <wolfgang@pro-linux.de> + ;; Copyright (C) 2014 Alex Sassmannshausen <alex.sassmannshausen@gmail.com> + ;; Copyright (C) 2016 Alex Kost <alezost@gmail.com> +@@ -949,7 +949,8 @@ Return #f if service is not found." + %services)) + + (define (service-list) +- "Return the list of services currently defined." ++ "Return the list of services currently defined. Note: The order of the list ++returned in unspecified." + (hash-fold (lambda (name services result) + (let ((service (lookup-canonical-service name services))) + (if service +-- +2.16.1 + diff --git a/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch b/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch deleted file mode 100644 index 4092261f75..0000000000 --- a/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 49d83e24a8e66977056fc9920812265c16806500 Mon Sep 17 00:00:00 2001 -From: carolili <carolili@iki.fi> -Date: Thu, 9 Feb 2017 19:24:49 +0000 -Subject: [PATCH] Removing contribs - ---- - configure.ac | 22 ---------------------- - 1 file changed, 22 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 1cf1051..5d76b44 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -435,28 +435,6 @@ dnl All slurm Makefiles: - - AC_CONFIG_FILES([Makefile - auxdir/Makefile -- contribs/Makefile -- contribs/cray/Makefile -- contribs/cray/csm/Makefile -- contribs/lua/Makefile -- contribs/mic/Makefile -- contribs/pam/Makefile -- contribs/pam_slurm_adopt/Makefile -- contribs/perlapi/Makefile -- contribs/perlapi/libslurm/Makefile -- contribs/perlapi/libslurm/perl/Makefile.PL -- contribs/perlapi/libslurmdb/Makefile -- contribs/perlapi/libslurmdb/perl/Makefile.PL -- contribs/seff/Makefile -- contribs/torque/Makefile -- contribs/openlava/Makefile -- contribs/phpext/Makefile -- contribs/phpext/slurm_php/config.m4 -- contribs/sgather/Makefile -- contribs/sgi/Makefile -- contribs/sjobexit/Makefile -- contribs/slurmdb-direct/Makefile -- contribs/pmi2/Makefile - doc/Makefile - doc/man/Makefile - doc/man/man1/Makefile --- -2.11.0 - diff --git a/gnu/packages/patches/webkitgtk-mitigate-spectre.patch b/gnu/packages/patches/webkitgtk-mitigate-spectre.patch deleted file mode 100644 index 3d983ede66..0000000000 --- a/gnu/packages/patches/webkitgtk-mitigate-spectre.patch +++ /dev/null @@ -1,107 +0,0 @@ -Disable SharedArrayBuffers to mitigate Spectre. Based on: - - https://trac.webkit.org/changeset/226386/webkit - -Backported to webkitgtk-2.18.4 by Mark H Weaver <mhw@netris.org> - - ---- webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.h.orig 2017-12-19 02:23:07.000000000 -0500 -+++ webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.h 2018-01-06 19:28:55.985066986 -0500 -@@ -338,8 +338,10 @@ - WriteBarrier<Structure> m_moduleLoaderStructure; - WriteBarrier<JSArrayBufferPrototype> m_arrayBufferPrototype; - WriteBarrier<Structure> m_arrayBufferStructure; -+#if ENABLE(SHARED_ARRAY_BUFFER) - WriteBarrier<JSArrayBufferPrototype> m_sharedArrayBufferPrototype; - WriteBarrier<Structure> m_sharedArrayBufferStructure; -+#endif - - #define DEFINE_STORAGE_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \ - WriteBarrier<capitalName ## Prototype> m_ ## lowerName ## Prototype; \ -@@ -670,8 +672,13 @@ - switch (sharingMode) { - case ArrayBufferSharingMode::Default: - return m_arrayBufferPrototype.get(); -+#if ENABLE(SHARED_ARRAY_BUFFER) - case ArrayBufferSharingMode::Shared: - return m_sharedArrayBufferPrototype.get(); -+#else -+ default: -+ return m_arrayBufferPrototype.get(); -+#endif - } - } - Structure* arrayBufferStructure(ArrayBufferSharingMode sharingMode) const -@@ -679,8 +686,13 @@ - switch (sharingMode) { - case ArrayBufferSharingMode::Default: - return m_arrayBufferStructure.get(); -+#if ENABLE(SHARED_ARRAY_BUFFER) - case ArrayBufferSharingMode::Shared: - return m_sharedArrayBufferStructure.get(); -+#else -+ default: -+ return m_arrayBufferStructure.get(); -+#endif - } - RELEASE_ASSERT_NOT_REACHED(); - return nullptr; ---- webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.cpp.orig 2017-12-19 02:23:07.000000000 -0500 -+++ webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.cpp 2018-01-06 19:27:16.628574304 -0500 -@@ -574,8 +574,10 @@ - - m_arrayBufferPrototype.set(vm, this, JSArrayBufferPrototype::create(vm, this, JSArrayBufferPrototype::createStructure(vm, this, m_objectPrototype.get()), ArrayBufferSharingMode::Default)); - m_arrayBufferStructure.set(vm, this, JSArrayBuffer::createStructure(vm, this, m_arrayBufferPrototype.get())); -+#if ENABLE(SHARED_ARRAY_BUFFER) - m_sharedArrayBufferPrototype.set(vm, this, JSArrayBufferPrototype::create(vm, this, JSArrayBufferPrototype::createStructure(vm, this, m_objectPrototype.get()), ArrayBufferSharingMode::Shared)); - m_sharedArrayBufferStructure.set(vm, this, JSArrayBuffer::createStructure(vm, this, m_sharedArrayBufferPrototype.get())); -+#endif - - m_iteratorPrototype.set(vm, this, IteratorPrototype::create(vm, this, IteratorPrototype::createStructure(vm, this, m_objectPrototype.get()))); - m_generatorPrototype.set(vm, this, GeneratorPrototype::create(vm, this, GeneratorPrototype::createStructure(vm, this, m_iteratorPrototype.get()))); -@@ -620,10 +622,11 @@ - - JSArrayBufferConstructor* arrayBufferConstructor = JSArrayBufferConstructor::create(vm, JSArrayBufferConstructor::createStructure(vm, this, m_functionPrototype.get()), m_arrayBufferPrototype.get(), m_speciesGetterSetter.get(), ArrayBufferSharingMode::Default); - m_arrayBufferPrototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, arrayBufferConstructor, DontEnum); -+#if ENABLE(SHARED_ARRAY_BUFFER) - JSArrayBufferConstructor* sharedArrayBufferConstructor = nullptr; - sharedArrayBufferConstructor = JSArrayBufferConstructor::create(vm, JSArrayBufferConstructor::createStructure(vm, this, m_functionPrototype.get()), m_sharedArrayBufferPrototype.get(), m_speciesGetterSetter.get(), ArrayBufferSharingMode::Shared); - m_sharedArrayBufferPrototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, sharedArrayBufferConstructor, DontEnum); -- -+#endif - #define CREATE_CONSTRUCTOR_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \ - capitalName ## Constructor* lowerName ## Constructor = capitalName ## Constructor::create(vm, capitalName ## Constructor::createStructure(vm, this, m_functionPrototype.get()), m_ ## lowerName ## Prototype.get(), m_speciesGetterSetter.get()); \ - m_ ## lowerName ## Prototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, lowerName ## Constructor, DontEnum); \ -@@ -686,7 +689,9 @@ - putDirectWithoutTransition(vm, vm.propertyNames->builtinNames().ArrayPrivateName(), arrayConstructor, DontEnum | DontDelete | ReadOnly); - - putDirectWithoutTransition(vm, vm.propertyNames->ArrayBuffer, arrayBufferConstructor, DontEnum); -+#if ENABLE(SHARED_ARRAY_BUFFER) - putDirectWithoutTransition(vm, vm.propertyNames->SharedArrayBuffer, sharedArrayBufferConstructor, DontEnum); -+#endif - - #define PUT_CONSTRUCTOR_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \ - putDirectWithoutTransition(vm, vm.propertyNames-> jsName, lowerName ## Constructor, DontEnum); \ -@@ -1288,8 +1293,10 @@ - - visitor.append(thisObject->m_arrayBufferPrototype); - visitor.append(thisObject->m_arrayBufferStructure); -+#if ENABLE(SHARED_ARRAY_BUFFER) - visitor.append(thisObject->m_sharedArrayBufferPrototype); - visitor.append(thisObject->m_sharedArrayBufferStructure); -+#endif - - #define VISIT_SIMPLE_TYPE(CapitalName, lowerName, properName, instanceType, jsName, prototypeBase) \ - visitor.append(thisObject->m_ ## lowerName ## Prototype); \ ---- webkitgtk-2.18.4/Source/WTF/wtf/Platform.h.orig 2017-10-16 08:18:56.000000000 -0400 -+++ webkitgtk-2.18.4/Source/WTF/wtf/Platform.h 2018-01-06 19:29:52.897349199 -0500 -@@ -1190,6 +1190,9 @@ - #define HAVE_NS_ACTIVITY 1 - #endif - -+/* Disable SharedArrayBuffers until Spectre security concerns are mitigated. */ -+#define ENABLE_SHARED_ARRAY_BUFFER 0 -+ - #if (OS(DARWIN) && USE(CG)) || (USE(FREETYPE) && !PLATFORM(GTK)) || (PLATFORM(WIN) && (USE(CG) || USE(CAIRO))) - #undef ENABLE_OPENTYPE_MATH - #define ENABLE_OPENTYPE_MATH 1 diff --git a/gnu/packages/patches/zziplib-CVE-2017-5974.patch b/gnu/packages/patches/zziplib-CVE-2017-5974.patch deleted file mode 100644 index 9ae02103e7..0000000000 --- a/gnu/packages/patches/zziplib-CVE-2017-5974.patch +++ /dev/null @@ -1,28 +0,0 @@ -Fix CVE-2017-5974: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5974 - -Patch copied from Debian. - -Index: zziplib-0.13.62/zzip/memdisk.c -=================================================================== ---- zziplib-0.13.62.orig/zzip/memdisk.c -+++ zziplib-0.13.62/zzip/memdisk.c -@@ -216,12 +216,12 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI - /* override sizes/offsets with zip64 values for largefile support */ - zzip_extra_zip64 *block = (zzip_extra_zip64 *) - zzip_mem_entry_extra_block(item, ZZIP_EXTRA_zip64); -- if (block) -+ if (block && ZZIP_GET16(block->z_datasize) >= (8 + 8 + 8 + 4)) - { -- item->zz_usize = __zzip_get64(block->z_usize); -- item->zz_csize = __zzip_get64(block->z_csize); -- item->zz_offset = __zzip_get64(block->z_offset); -- item->zz_diskstart = __zzip_get32(block->z_diskstart); -+ item->zz_usize = ZZIP_GET64(block->z_usize); -+ item->zz_csize = ZZIP_GET64(block->z_csize); -+ item->zz_offset = ZZIP_GET64(block->z_offset); -+ item->zz_diskstart = ZZIP_GET32(block->z_diskstart); - } - } - /* NOTE: diff --git a/gnu/packages/patches/zziplib-CVE-2017-5975.patch b/gnu/packages/patches/zziplib-CVE-2017-5975.patch deleted file mode 100644 index fad174b056..0000000000 --- a/gnu/packages/patches/zziplib-CVE-2017-5975.patch +++ /dev/null @@ -1,32 +0,0 @@ -Fix CVE-2017-5975: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5975 - -Patch copied from Debian. - -Index: zziplib-0.13.62/zzip/memdisk.c -=================================================================== ---- zziplib-0.13.62.orig/zzip/memdisk.c -+++ zziplib-0.13.62/zzip/memdisk.c -@@ -173,6 +173,8 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI - return 0; /* errno=ENOMEM; */ - ___ struct zzip_file_header *header = - zzip_disk_entry_to_file_header(disk, entry); -+ if (!header) -+ { free(item); return 0; } - /* there is a number of duplicated information in the file header - * or the disk entry block. Theoretically some part may be missing - * that exists in the other, ... but we will prefer the disk entry. -Index: zziplib-0.13.62/zzip/mmapped.c -=================================================================== ---- zziplib-0.13.62.orig/zzip/mmapped.c -+++ zziplib-0.13.62/zzip/mmapped.c -@@ -289,6 +289,8 @@ zzip_disk_entry_to_file_header(ZZIP_DISK - (disk->buffer + zzip_disk_entry_fileoffset(entry)); - if (disk->buffer > file_header || file_header >= disk->endbuf) - return 0; -+ if (ZZIP_GET32(file_header) != ZZIP_FILE_HEADER_MAGIC) -+ return 0; - return (struct zzip_file_header *) file_header; - } - diff --git a/gnu/packages/patches/zziplib-CVE-2017-5976.patch b/gnu/packages/patches/zziplib-CVE-2017-5976.patch deleted file mode 100644 index 17fc30e302..0000000000 --- a/gnu/packages/patches/zziplib-CVE-2017-5976.patch +++ /dev/null @@ -1,61 +0,0 @@ -Fix CVE-2017-5976: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5976 - -Patch copied from Debian. - -Index: zziplib-0.13.62/zzip/memdisk.c -=================================================================== ---- zziplib-0.13.62.orig/zzip/memdisk.c -+++ zziplib-0.13.62/zzip/memdisk.c -@@ -201,6 +201,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI - { - void *mem = malloc(ext1 + 2); - item->zz_ext[1] = mem; -+ item->zz_extlen[1] = ext1 + 2; - memcpy(mem, ptr1, ext1); - ((char *) (mem))[ext1 + 0] = 0; - ((char *) (mem))[ext1 + 1] = 0; -@@ -209,6 +210,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI - { - void *mem = malloc(ext2 + 2); - item->zz_ext[2] = mem; -+ item->zz_extlen[2] = ext2 + 2; - memcpy(mem, ptr2, ext2); - ((char *) (mem))[ext2 + 0] = 0; - ((char *) (mem))[ext2 + 1] = 0; -@@ -245,8 +247,10 @@ zzip_mem_entry_extra_block(ZZIP_MEM_ENTR - while (1) - { - ZZIP_EXTRA_BLOCK *ext = entry->zz_ext[i]; -- if (ext) -+ if (ext && (entry->zz_extlen[i] >= zzip_extra_block_headerlength)) - { -+ char *endblock = (char *)ext + entry->zz_extlen[i]; -+ - while (*(short *) (ext->z_datatype)) - { - if (datatype == zzip_extra_block_get_datatype(ext)) -@@ -257,6 +261,10 @@ zzip_mem_entry_extra_block(ZZIP_MEM_ENTR - e += zzip_extra_block_headerlength; - e += zzip_extra_block_get_datasize(ext); - ext = (void *) e; -+ if (e >= endblock) -+ { -+ break; -+ } - ____; - } - } -Index: zziplib-0.13.62/zzip/memdisk.h -=================================================================== ---- zziplib-0.13.62.orig/zzip/memdisk.h -+++ zziplib-0.13.62/zzip/memdisk.h -@@ -66,6 +66,7 @@ struct _zzip_mem_entry { - int zz_filetype; /* (from "z_filetype") */ - char* zz_comment; /* zero-terminated (from "comment") */ - ZZIP_EXTRA_BLOCK* zz_ext[3]; /* terminated by null in z_datatype */ -+ int zz_extlen[3]; /* length of zz_ext[i] in bytes */ - }; /* the extra blocks are NOT converted */ - - #define _zzip_mem_disk_findfirst(_d_) ((_d_)->list) diff --git a/gnu/packages/patches/zziplib-CVE-2017-5978.patch b/gnu/packages/patches/zziplib-CVE-2017-5978.patch deleted file mode 100644 index 452b14f804..0000000000 --- a/gnu/packages/patches/zziplib-CVE-2017-5978.patch +++ /dev/null @@ -1,37 +0,0 @@ -Fix CVE-2017-5978: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5978 - -Patch copied from Debian. - -Index: zziplib-0.13.62/zzip/memdisk.c -=================================================================== ---- zziplib-0.13.62.orig/zzip/memdisk.c -+++ zziplib-0.13.62/zzip/memdisk.c -@@ -180,7 +180,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI - * that exists in the other, ... but we will prefer the disk entry. - */ - item->zz_comment = zzip_disk_entry_strdup_comment(disk, entry); -- item->zz_name = zzip_disk_entry_strdup_name(disk, entry); -+ item->zz_name = zzip_disk_entry_strdup_name(disk, entry) ?: strdup(""); - item->zz_data = zzip_file_header_to_data(header); - item->zz_flags = zzip_disk_entry_get_flags(entry); - item->zz_compr = zzip_disk_entry_get_compr(entry); -@@ -197,7 +197,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI - int /* */ ext2 = zzip_file_header_get_extras(header); - char *_zzip_restrict ptr2 = zzip_file_header_to_extras(header); - -- if (ext1) -+ if (ext1 && ((ptr1 + ext1) < disk->endbuf)) - { - void *mem = malloc(ext1 + 2); - item->zz_ext[1] = mem; -@@ -206,7 +206,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI - ((char *) (mem))[ext1 + 0] = 0; - ((char *) (mem))[ext1 + 1] = 0; - } -- if (ext2) -+ if (ext2 && ((ptr2 + ext2) < disk->endbuf)) - { - void *mem = malloc(ext2 + 2); - item->zz_ext[2] = mem; diff --git a/gnu/packages/patches/zziplib-CVE-2017-5979.patch b/gnu/packages/patches/zziplib-CVE-2017-5979.patch deleted file mode 100644 index b38f50b172..0000000000 --- a/gnu/packages/patches/zziplib-CVE-2017-5979.patch +++ /dev/null @@ -1,19 +0,0 @@ -Fix CVE-2017-5979: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5979 - -Patch copied from Debian. - -Index: zziplib-0.13.62/zzip/fseeko.c -=================================================================== ---- zziplib-0.13.62.orig/zzip/fseeko.c -+++ zziplib-0.13.62/zzip/fseeko.c -@@ -255,7 +255,7 @@ zzip_entry_findfirst(FILE * disk) - return 0; - /* we read out chunks of 8 KiB in the hope to match disk granularity */ - ___ zzip_off_t pagesize = PAGESIZE; /* getpagesize() */ -- ___ ZZIP_ENTRY *entry = malloc(sizeof(*entry)); -+ ___ ZZIP_ENTRY *entry = calloc(1, sizeof(*entry)); - if (! entry) - return 0; - ___ unsigned char *buffer = malloc(pagesize); diff --git a/gnu/packages/patches/zziplib-CVE-2017-5981.patch b/gnu/packages/patches/zziplib-CVE-2017-5981.patch deleted file mode 100644 index ed82cb3b91..0000000000 --- a/gnu/packages/patches/zziplib-CVE-2017-5981.patch +++ /dev/null @@ -1,19 +0,0 @@ -Fix CVE-2017-5981: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5981 - -Patch copied from Debian. -Index: zziplib-0.13.62/zzip/fseeko.c -=================================================================== ---- zziplib-0.13.62.orig/zzip/fseeko.c -+++ zziplib-0.13.62/zzip/fseeko.c -@@ -311,7 +311,8 @@ zzip_entry_findfirst(FILE * disk) - } else - continue; - -- assert(0 <= root && root < mapsize); -+ if (root < 0 || root >= mapsize) -+ goto error; - if (fseeko(disk, root, SEEK_SET) == -1) - goto error; - if (fread(disk_(entry), 1, sizeof(*disk_(entry)), disk) |