7 files changed, 252 insertions, 203 deletions
diff --git a/gnu/packages/patches/hop-bigloo-4.0b.patch b/gnu/packages/patches/hop-bigloo-4.0b.patch
deleted file mode 100644
index 312bfdd117..0000000000
--- a/gnu/packages/patches/hop-bigloo-4.0b.patch
+++ /dev/null
@@ -1,122 +0,0 @@
-Bigloo 4.0b removes `xml-attribute-encode', which leads to a build failure
-in Hop.
-
-This patch allows Hop to be compiled with Bigloo 4.0b.
-
-
-changeset:   3327:3515f7f1aef2
-branch:      2.4.x
-user:        Manuel Serrano <Manuel.Serrano@inria.fr>
-date:        Wed Jul 31 12:41:10 2013 +0200
-summary:     Fix serialization bug
-
-diff -r 7244c4d30ad4 -r 3515f7f1aef2 runtime/js_comp.scm
---- a/runtime/js_comp.scm	Fri Jul 19 08:28:13 2013 +0200
-+++ b/runtime/js_comp.scm	Wed Jul 31 12:41:10 2013 +0200
-@@ -143,10 +143,17 @@
-       (display "{ " op)
-       (display-seq fields op
- 	 (lambda (f op)
-+	    (let ((iv (class-field-info f)))
- 	    (display "'" op)
- 	    (display (class-field-name f) op)
- 	    (display "': " op)
--	    (compile ((class-field-accessor f) obj) op)))
-+	       (cond
-+		  ((and (pair? iv) (memq :client iv))
-+		   =>
-+		   (lambda (x)
-+		      (compile (when (pair? (cdr x)) (cadr x)) op)))
-+		  (else 
-+		   (compile ((class-field-accessor f) obj) op))))))
-       (display "}" op))
-    
-    (let ((klass (object-class obj)))
-diff -r 7244c4d30ad4 -r 3515f7f1aef2 runtime/xml.scm
---- a/runtime/xml.scm	Fri Jul 19 08:28:13 2013 +0200
-+++ b/runtime/xml.scm	Wed Jul 31 12:41:10 2013 +0200
-@@ -55,6 +55,7 @@
- 	    (generic xml-write-attribute ::obj ::obj ::output-port ::xml-backend)
- 	    (generic xml-write-expression ::obj ::output-port)
- 	    (xml-write-attributes ::pair-nil ::output-port ::xml-backend)
-+	    (xml-attribute-encode obj)
- 
- 	    (xml->string ::obj ::xml-backend)
- 	    
-@@ -613,6 +614,52 @@
- 	 (display ">" p))))
- 
- ;*---------------------------------------------------------------------*/
-+;*    xml-attribute-encode ...                                         */
-+;*---------------------------------------------------------------------*/
-+(define (xml-attribute-encode obj)
-+   (if (not (string? obj))
-+       obj
-+       (let ((ol (string-length obj)))
-+	  (define (count str ol)
-+	     (let loop ((i 0)
-+			(j 0))
-+		(if (=fx i ol)
-+		    j
-+		    (let ((c (string-ref str i)))
-+		       ;; attribute values should escape &#...
-+		       (if (or (char=? c #\') (char=? c #\&))
-+			   (loop (+fx i 1) (+fx j 5))
-+			   (loop (+fx i 1) (+fx j 1)))))))
-+	  (define (encode str ol nl)
-+	     (if (=fx nl ol)
-+		 obj
-+		 (let ((nstr (make-string nl)))
-+		    (let loop ((i 0)
-+			       (j 0))
-+		       (if (=fx j nl)
-+			   nstr
-+			   (let ((c (string-ref str i)))
-+			      (case c
-+				 ((#\')
-+				  (string-set! nstr j #\&)
-+				  (string-set! nstr (+fx j 1) #\#)
-+				  (string-set! nstr (+fx j 2) #\3)
-+				  (string-set! nstr (+fx j 3) #\9)
-+				  (string-set! nstr (+fx j 4) #\;)
-+				  (loop (+fx i 1) (+fx j 5)))
-+				 ((#\&)
-+				  (string-set! nstr j #\&)
-+				  (string-set! nstr (+fx j 1) #\#)
-+				  (string-set! nstr (+fx j 2) #\3)
-+				  (string-set! nstr (+fx j 3) #\8)
-+				  (string-set! nstr (+fx j 4) #\;)
-+				  (loop (+fx i 1) (+fx j 5)))
-+				 (else
-+				  (string-set! nstr j c)
-+				  (loop (+fx i 1) (+fx j 1))))))))))
-+	  (encode obj ol (count obj ol)))))
-+
-+;*---------------------------------------------------------------------*/
- ;*    xml-write-attributes ...                                         */
- ;*---------------------------------------------------------------------*/
- (define (xml-write-attributes attr p backend)
-diff -r 7244c4d30ad4 -r 3515f7f1aef2 share/hop-serialize.js
---- a/share/hop-serialize.js	Fri Jul 19 08:28:13 2013 +0200
-+++ b/share/hop-serialize.js	Wed Jul 31 12:41:10 2013 +0200
-@@ -942,7 +942,7 @@
- 	 case 0x2e /* . */: return null;
- 	 case 0x3c /* < */: return read_cnst();
-          case 0x22 /* " */: return read_string( s );
--         case 0x25 /* " */: return decodeURIComponent( read_string( s ) );
-+         case 0x25 /* % */: return decodeURIComponent( read_string( s ) );
-          case 0x55 /* U */: return read_string( s );
- 	 case 0x5b /* [ */: return read_vector( read_size( s ) );
- 	 case 0x28 /* ( */: return read_list( read_size( s ) );
-diff -r 7244c4d30ad4 -r 3515f7f1aef2 src/main.scm
---- a/src/main.scm	Fri Jul 19 08:28:13 2013 +0200
-+++ b/src/main.scm	Wed Jul 31 12:41:10 2013 +0200
-@@ -59,8 +59,6 @@
-    (for-each register-srfi! (cons 'hop-server (hop-srfis)))
-    ;; set the library load path
-    (bigloo-library-path-set! (hop-library-path))
--   ;; define the Hop macros
--   (hop-install-expanders!)
-    ;; setup the hop readers
-    (bigloo-load-reader-set! hop-read)
-    (bigloo-load-module-set!
diff --git a/gnu/packages/patches/lftp-dont-save-unknown-host-fingerprint.patch b/gnu/packages/patches/lftp-dont-save-unknown-host-fingerprint.patch
deleted file mode 100644
index e170d11308..0000000000
--- a/gnu/packages/patches/lftp-dont-save-unknown-host-fingerprint.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-Fixes "saves unknown host's fingerprint in known_hosts without any prompt".
-See:
-
-  https://github.com/lavv17/lftp/issues/116
-  https://bugs.debian.org/774769
-
-From bc7b476e782d77839765f56bbdb4cee9f36b54ec Mon Sep 17 00:00:00 2001
-From: "Alexander V. Lukyanov" <lavv17f@gmail.com>
-Date: Tue, 13 Jan 2015 15:33:54 +0300
-Subject: [PATCH] add settings fish:auto-confirm and sftp:auto-confirm
-
-New host keys are now not confirmed by default, this should improve security.
-Suggested by Marcin Szewczyk <Marcin.Szewczyk@wodny.org>
----
- doc/lftp.1        | 8 ++++++++
- src/SSH_Access.cc | 5 +++--
- src/resource.cc   | 2 ++
- 3 files changed, 13 insertions(+), 2 deletions(-)
-
-diff --git a/doc/lftp.1 b/doc/lftp.1
-index cabc1be..ed6c388 100644
---- a/doc/lftp.1
-+++ b/doc/lftp.1
-@@ -1384,6 +1384,10 @@ address family in dns:order.
- .BR file:charset \ (string)
- local character set. It is set from current locale initially.
- .TP
-+.BR fish:auto-confirm \ (boolean)
-+when true, lftp answers ``yes'' to all ssh questions, in particular to the
-+question about a new host key. Otherwise it answers ``no''.
-+.TP
- .BR fish:charset \ (string)
- the character set used by fish server in requests, replies and file listings.
- Default is empty which means the same as local.
-@@ -1952,6 +1956,10 @@ minimal chunk size to split the file to.
- save pget transfer status this often. Set to `never' to disable saving of the status file.
- The status is saved to a file with suffix \fI.lftp-pget-status\fP.
- .TP
-+.BR sftp:auto-confirm \ (boolean)
-+when true, lftp answers ``yes'' to all ssh questions, in particular to the
-+question about a new host key. Otherwise it answers ``no''.
-+.TP
- .BR sftp:charset \ (string)
- the character set used by SFTP server in file names and file listings.
- Default is empty which means the same as local. This setting is only used
-diff --git a/src/SSH_Access.cc b/src/SSH_Access.cc
-index 706fc6a..17c716d 100644
---- a/src/SSH_Access.cc
-+++ b/src/SSH_Access.cc
-@@ -72,8 +72,9 @@ int SSH_Access::HandleSSHMessage()
-       }
-       if(s>=y_len && !strncasecmp(b+s-y_len,y,y_len))
-       {
--	 pty_recv_buf->Put("yes\n");
--	 pty_send_buf->Put("yes\n");
-+	 const char *answer=QueryBool("auto-confirm",hostname)?"yes\n":"no\n";
-+	 pty_recv_buf->Put(answer);
-+	 pty_send_buf->Put(answer);
- 	 return m;
-       }
-       if(!received_greeting && recv_buf->Size()>0)
-diff --git a/src/resource.cc b/src/resource.cc
-index 91b2e60..3a5e8b9 100644
---- a/src/resource.cc
-+++ b/src/resource.cc
-@@ -339,6 +339,7 @@ static ResType lftp_vars[] = {
-    {"mirror:no-empty-dirs",	 "no",	  ResMgr::BoolValidate,ResMgr::NoClosure},
-    {"mirror:require-source",	 "no",	  ResMgr::BoolValidate,ResMgr::NoClosure},
- 
-+   {"sftp:auto-confirm",	 "no",	  ResMgr::BoolValidate,0},
-    {"sftp:max-packets-in-flight","16",	  ResMgr::UNumberValidate,0},
-    {"sftp:protocol-version",	 "6",	  ResMgr::UNumberValidate,0},
-    {"sftp:size-read",		 "32k",	  ResMgr::UNumberValidate,0},
-@@ -367,6 +368,7 @@ static ResType lftp_vars[] = {
-    {"dns:strict-dnssec",	 "no",	  ResMgr::BoolValidate,0},
- #endif
- 
-+   {"fish:auto-confirm",	 "no",	  ResMgr::BoolValidate,0},
-    {"fish:shell",		 "/bin/sh",0,0},
-    {"fish:connect-program",	 "ssh -a -x",0,0},
-    {"fish:charset",		 "",	  ResMgr::CharsetValidate,0},
diff --git a/gnu/packages/patches/linux-libre-4.1-CVE-2016-5195.patch b/gnu/packages/patches/linux-libre-4.1-CVE-2016-5195.patch
new file mode 100644
index 0000000000..37a41f61e4
--- /dev/null
+++ b/gnu/packages/patches/linux-libre-4.1-CVE-2016-5195.patch
@@ -0,0 +1,99 @@
+Fix CVE-2016-5195, a.k.a. Dirty COW.
+Backported to linux-libre-4.1.x by Mark H Weaver <mhw@netris.org>.
+
+From 18652320ea99913c95e7130d654be7f1da6b694f Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Thu, 13 Oct 2016 13:07:36 -0700
+Subject: [PATCH] mm: remove gup_flags FOLL_WRITE games from __get_user_pages()
+
+commit 19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619 upstream.
+
+This is an ancient bug that was actually attempted to be fixed once
+(badly) by me eleven years ago in commit 4ceb5db9757a ("Fix
+get_user_pages() race for write access") but that was then undone due to
+problems on s390 by commit f33ea7f404e5 ("fix get_user_pages bug").
+
+In the meantime, the s390 situation has long been fixed, and we can now
+fix it by checking the pte_dirty() bit properly (and do it better).  The
+s390 dirty bit was implemented in abf09bed3cce ("s390/mm: implement
+software dirty bits") which made it into v3.9.  Earlier kernels will
+have to look at the page state itself.
+
+Also, the VM has become more scalable, and what used a purely
+theoretical race back then has become easier to trigger.
+
+To fix it, we introduce a new internal FOLL_COW flag to mark the "yes,
+we already did a COW" rather than play racy games with FOLL_WRITE that
+is very fundamental, and then use the pte dirty flag to validate that
+the FOLL_COW flag is still valid.
+
+Reported-and-tested-by: Phil "not Paul" Oester <kernel@linuxace.com>
+Acked-by: Hugh Dickins <hughd@google.com>
+Reviewed-by: Michal Hocko <mhocko@suse.com>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Kees Cook <keescook@chromium.org>
+Cc: Oleg Nesterov <oleg@redhat.com>
+Cc: Willy Tarreau <w@1wt.eu>
+Cc: Nick Piggin <npiggin@gmail.com>
+Cc: Greg Thelen <gthelen@google.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/linux/mm.h |  1 +
+ mm/gup.c           | 14 ++++++++++++--
+ 2 files changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/include/linux/mm.h b/include/linux/mm.h
+index 6b85ec6..7cadf0a 100644
+--- a/include/linux/mm.h
++++ b/include/linux/mm.h
+@@ -2064,6 +2064,7 @@ static inline struct page *follow_page(struct vm_area_struct *vma,
+ #define FOLL_NUMA	0x200	/* force NUMA hinting page fault */
+ #define FOLL_MIGRATION	0x400	/* wait for page to replace migration entry */
+ #define FOLL_TRIED	0x800	/* a retry, previous pass started an IO */
++#define FOLL_COW	0x4000	/* internal GUP flag */
+ 
+ typedef int (*pte_fn_t)(pte_t *pte, pgtable_t token, unsigned long addr,
+ 			void *data);
+diff --git a/mm/gup.c b/mm/gup.c
+index 6297f6b..e6de9e7 100644
+--- a/mm/gup.c
++++ b/mm/gup.c
+@@ -32,6 +32,16 @@ static struct page *no_page_table(struct vm_area_struct *vma,
+ 	return NULL;
+ }
+ 
++/*
++ * FOLL_FORCE can write to even unwritable pte's, but only
++ * after we've gone through a COW cycle and they are dirty.
++ */
++static inline bool can_follow_write_pte(pte_t pte, unsigned int flags)
++{
++	return pte_write(pte) ||
++		((flags & FOLL_FORCE) && (flags & FOLL_COW) && pte_dirty(pte));
++}
++
+ static struct page *follow_page_pte(struct vm_area_struct *vma,
+ 		unsigned long address, pmd_t *pmd, unsigned int flags)
+ {
+@@ -66,7 +76,7 @@ retry:
+ 	}
+ 	if ((flags & FOLL_NUMA) && pte_protnone(pte))
+ 		goto no_page;
+-	if ((flags & FOLL_WRITE) && !pte_write(pte)) {
++	if ((flags & FOLL_WRITE) && !can_follow_write_pte(pte, flags)) {
+ 		pte_unmap_unlock(ptep, ptl);
+ 		return NULL;
+ 	}
+@@ -315,7 +325,7 @@ static int faultin_page(struct task_struct *tsk, struct vm_area_struct *vma,
+ 	 * reCOWed by userspace write).
+ 	 */
+ 	if ((ret & VM_FAULT_WRITE) && !(vma->vm_flags & VM_WRITE))
+-		*flags &= ~FOLL_WRITE;
++	        *flags |= FOLL_COW;
+ 	return 0;
+ }
+ 
+-- 
+2.10.1
+
diff --git a/gnu/packages/patches/notmuch-emacs-25-compatibility-fix.patch b/gnu/packages/patches/notmuch-emacs-25-compatibility-fix.patch
new file mode 100644
index 0000000000..9ddfd4fe10
--- /dev/null
+++ b/gnu/packages/patches/notmuch-emacs-25-compatibility-fix.patch
@@ -0,0 +1,46 @@
+This fixes a test failure with emacs-25. Picked from
+https://git.notmuchmail.org/git?p=notmuch;a=commit;h=f575a346df09c82691bb9e7c462836d982fe31f7
+
+From f575a346df09c82691bb9e7c462836d982fe31f7 Mon Sep 17 00:00:00 2001
+From: David Bremner <david@tethera.net>
+Date: Sun, 9 Oct 2016 19:30:44 -0300
+Subject: [PATCH] emacs/show: force notmuch-show-buttonise-links to act on
+ lines
+
+This seems to fix a problem with emacs 25 creating partial buttons by
+calling n-s-b-l with a region that does not include the whole button.
+I'm not 100% sure it's legit to act outside the region passed by
+jit-lock, but goto-address-fontify-region (where I borrowed the code
+from) already does this, so this patch to not make things worse.
+---
+ emacs/notmuch-show.el | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el
+index 641398d..e7d16f8 100644
+--- a/emacs/notmuch-show.el
++++ b/emacs/notmuch-show.el
+@@ -1174,13 +1174,15 @@ This also turns id:\"<message id>\"-parts and mid: links into
+ buttons for a corresponding notmuch search."
+   (goto-address-fontify-region start end)
+   (save-excursion
+-    (let (links)
+-      (goto-char start)
+-      (while (re-search-forward notmuch-id-regexp end t)
++    (let (links
++	  (beg-line (progn (goto-char start) (line-beginning-position)))
++	  (end-line (progn (goto-char end) (line-end-position))))
++      (goto-char beg-line)
++      (while (re-search-forward notmuch-id-regexp end-line t)
+ 	(push (list (match-beginning 0) (match-end 0)
+ 		    (match-string-no-properties 0)) links))
+-      (goto-char start)
+-      (while (re-search-forward notmuch-mid-regexp end t)
++      (goto-char beg-line)
++      (while (re-search-forward notmuch-mid-regexp end-line t)
+ 	(let* ((mid-cid (match-string-no-properties 1))
+ 	       (mid (save-match-data
+ 		      (string-match "^[^/]*" mid-cid)
+-- 
+2.10.1
+
diff --git a/gnu/packages/patches/openssh-memory-exhaustion.patch b/gnu/packages/patches/openssh-memory-exhaustion.patch
new file mode 100644
index 0000000000..91fe294ca4
--- /dev/null
+++ b/gnu/packages/patches/openssh-memory-exhaustion.patch
@@ -0,0 +1,39 @@
+Fix a memory exhaustion bug in the key exchange, whereby an unauthenticated user
+could potentially consume 38400 MB of memory on the server:
+
+http://seclists.org/oss-sec/2016/q4/185
+
+Patch adapted from upstream source repository:
+
+https://github.com/openssh/openssh-portable/commit/ec165c392ca54317dbe3064a8c200de6531e89ad
+
+From ec165c392ca54317dbe3064a8c200de6531e89ad Mon Sep 17 00:00:00 2001
+From: "markus@openbsd.org" <markus@openbsd.org>
+Date: Mon, 10 Oct 2016 19:28:48 +0000
+Subject: [PATCH] upstream commit
+
+Unregister the KEXINIT handler after message has been
+received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause
+allocation of up to 128MB -- until the connection is closed. Reported by
+shilei-c at 360.cn
+
+Upstream-ID: 43649ae12a27ef94290db16d1a98294588b75c05
+---
+ kex.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/kex.c b/kex.c
+index 3f97f8c..6a94bc5 100644
+--- a/kex.c
++++ b/kex.c
+@@ -481,6 +481,7 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
+ 	if (kex == NULL)
+ 		return SSH_ERR_INVALID_ARGUMENT;
+ 
++	ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL);
+ 	ptr = sshpkt_ptr(ssh, &dlen);
+ 	if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0)
+ 		return r;
+-- 
+2.10.1
+
diff --git a/gnu/packages/patches/slim-login.patch b/gnu/packages/patches/slim-login.patch
new file mode 100644
index 0000000000..515573c6fa
--- /dev/null
+++ b/gnu/packages/patches/slim-login.patch
@@ -0,0 +1,35 @@
+Display configurable login message after successful authentication.
+
+Patch by E. Bavier
+
+--- slim-1.3.6/panel.cpp.orig	1969-12-31 18:00:00.000000000 -0600
++++ slim-1.3.6/panel.cpp	2016-10-17 17:00:07.259649063 -0500
+@@ -260,6 +260,7 @@
+ 
+ void Panel::ClosePanel() {
+ 	XUngrabKeyboard(Dpy, CurrentTime);
++	XClearWindow(Dpy, Root);
+ 	XUnmapWindow(Dpy, Win);
+ 	XDestroyWindow(Dpy, Win);
+ 	XFlush(Dpy);
+--- slim-1.3.6/cfg.cpp.orig	2016-10-17 17:08:06.767666139 -0500
++++ slim-1.3.6/cfg.cpp	2016-10-17 17:06:53.115663516 -0500
+@@ -52,6 +52,7 @@
+ 	options.insert(option("lockfile","/var/run/slim.lock"));
+ 	options.insert(option("logfile","/var/log/slim.log"));
+ 	options.insert(option("authfile","/var/run/slim.auth"));
++	options.insert(option("login_msg","Logging in..."));
+ 	options.insert(option("shutdown_msg","The system is halting..."));
+ 	options.insert(option("reboot_msg","The system is rebooting..."));
+ 	options.insert(option("sessiondir",""));
+--- slim-1.3.6/app.cpp.orig	2016-10-17 17:08:41.731667384 -0500
++++ slim-1.3.6/app.cpp	2016-10-17 17:07:48.415665486 -0500
+@@ -520,6 +520,8 @@
+ 	struct passwd *pw;
+ 	pid_t pid;
+ 
++	LoginPanel->Message((char*)cfg->getOption("login_msg").c_str());
++
+ #ifdef USE_PAM
+ 	try{
+ 		pam.open_session();
diff --git a/gnu/packages/patches/slim-reset.patch b/gnu/packages/patches/slim-reset.patch
new file mode 100644
index 0000000000..eebee6b7b5
--- /dev/null
+++ b/gnu/packages/patches/slim-reset.patch
@@ -0,0 +1,33 @@
+Do not reset chosen session and maintain the session-choser dialog after a
+failed login attempt.
+
+Patch by E. Bavier
+
+--- slim-1.3.6/panel.cpp.orig	1969-12-31 18:00:00.000000000 -0600
++++ slim-1.3.6/panel.cpp	2016-10-17 17:00:07.259649063 -0500
+@@ -260,13 +260,12 @@
+ }
+ 
+ void Panel::ClearPanel() {
+-	session_name = "";
+-    session_exec = "";
+ 	Reset();
+ 	XClearWindow(Dpy, Root);
+ 	XClearWindow(Dpy, Win);
+ 	Cursor(SHOW);
+ 	ShowText();
++	ShowSession();
+ 	XFlush(Dpy);
+ }
+ 
+@@ -760,9 +760,7 @@
+         pair<string,string> ses = cfg->nextSession();
+         session_name = ses.first;
+         session_exec = ses.second;
+-        if (session_name.size() > 0) {
+-                ShowSession();
+-        }
++        ShowSession();
+  }
+ 
+ /* Display session type on the screen */