diff options
Diffstat (limited to 'gnu/packages/patches')
| -rw-r--r-- | gnu/packages/patches/expat-CVE-2015-1283.patch | 89 | ||||
| -rw-r--r-- | gnu/packages/patches/gcc-libiberty-printf-decl.patch | 28 | ||||
| -rw-r--r-- | gnu/packages/patches/glibc-CVE-2015-7547.patch | 559 | ||||
| -rw-r--r-- | gnu/packages/patches/glibc-locale-incompatibility.patch | 23 | ||||
| -rw-r--r-- | gnu/packages/patches/libarchive-CVE-2013-0211.patch | 21 | ||||
| -rw-r--r-- | gnu/packages/patches/libarchive-CVE-2016-1541.patch | 67 | ||||
| -rw-r--r-- | gnu/packages/patches/libarchive-bsdtar-test.patch | 74 | ||||
| -rw-r--r-- | gnu/packages/patches/libarchive-fix-lzo-test-case.patch | 83 | ||||
| -rw-r--r-- | gnu/packages/patches/libarchive-mtree-filename-length-fix.patch | 18 | ||||
| -rw-r--r-- | gnu/packages/patches/libxslt-generated-ids.patch | 173 | ||||
| -rw-r--r-- | gnu/packages/patches/libxslt-remove-date-timestamps.patch | 66 | ||||
| -rw-r--r-- | gnu/packages/patches/procps-non-linux.patch | 40 | ||||
| -rw-r--r-- | gnu/packages/patches/tar-d_ino_in_dirent-fix.patch | 33 |
13 files changed, 307 insertions, 967 deletions
diff --git a/gnu/packages/patches/expat-CVE-2015-1283.patch b/gnu/packages/patches/expat-CVE-2015-1283.patch deleted file mode 100644 index f9065bea16..0000000000 --- a/gnu/packages/patches/expat-CVE-2015-1283.patch +++ /dev/null @@ -1,89 +0,0 @@ -Copied from Debian. - -Description: fix multiple integer overflows in the XML_GetBuffer function - Multiple integer overflows in the XML_GetBuffer function in Expat through - 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, - allow remote attackers to cause a denial of service (heap-based buffer - overflow) or possibly have unspecified other impact via crafted XML data, - a related issue to CVE-2015-2716. -Origin: Mozilla, https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c -Author: Eric Rahm <erahm@mozilla.com> -Forwarded: not-needed -Last-Update: 2015-07-24 - -diff --git a/lib/xmlparse.c b/lib/xmlparse.c ---- a/lib/xmlparse.c -+++ b/lib/xmlparse.c -@@ -1673,29 +1673,40 @@ XML_ParseBuffer(XML_Parser parser, int l - XmlUpdatePosition(encoding, positionPtr, bufferPtr, &position); - positionPtr = bufferPtr; - return result; - } - - void * XMLCALL - XML_GetBuffer(XML_Parser parser, int len) - { -+/* BEGIN MOZILLA CHANGE (sanity check len) */ -+ if (len < 0) { -+ errorCode = XML_ERROR_NO_MEMORY; -+ return NULL; -+ } -+/* END MOZILLA CHANGE */ - switch (ps_parsing) { - case XML_SUSPENDED: - errorCode = XML_ERROR_SUSPENDED; - return NULL; - case XML_FINISHED: - errorCode = XML_ERROR_FINISHED; - return NULL; - default: ; - } - - if (len > bufferLim - bufferEnd) { -- /* FIXME avoid integer overflow */ - int neededSize = len + (int)(bufferEnd - bufferPtr); -+/* BEGIN MOZILLA CHANGE (sanity check neededSize) */ -+ if (neededSize < 0) { -+ errorCode = XML_ERROR_NO_MEMORY; -+ return NULL; -+ } -+/* END MOZILLA CHANGE */ - #ifdef XML_CONTEXT_BYTES - int keep = (int)(bufferPtr - buffer); - - if (keep > XML_CONTEXT_BYTES) - keep = XML_CONTEXT_BYTES; - neededSize += keep; - #endif /* defined XML_CONTEXT_BYTES */ - if (neededSize <= bufferLim - buffer) { -@@ -1714,17 +1725,25 @@ XML_GetBuffer(XML_Parser parser, int len - } - else { - char *newBuf; - int bufferSize = (int)(bufferLim - bufferPtr); - if (bufferSize == 0) - bufferSize = INIT_BUFFER_SIZE; - do { - bufferSize *= 2; -- } while (bufferSize < neededSize); -+/* BEGIN MOZILLA CHANGE (prevent infinite loop on overflow) */ -+ } while (bufferSize < neededSize && bufferSize > 0); -+/* END MOZILLA CHANGE */ -+/* BEGIN MOZILLA CHANGE (sanity check bufferSize) */ -+ if (bufferSize <= 0) { -+ errorCode = XML_ERROR_NO_MEMORY; -+ return NULL; -+ } -+/* END MOZILLA CHANGE */ - newBuf = (char *)MALLOC(bufferSize); - if (newBuf == 0) { - errorCode = XML_ERROR_NO_MEMORY; - return NULL; - } - bufferLim = newBuf + bufferSize; - #ifdef XML_CONTEXT_BYTES - if (bufferPtr) { - - - - diff --git a/gnu/packages/patches/gcc-libiberty-printf-decl.patch b/gnu/packages/patches/gcc-libiberty-printf-decl.patch new file mode 100644 index 0000000000..a612c9e00e --- /dev/null +++ b/gnu/packages/patches/gcc-libiberty-printf-decl.patch @@ -0,0 +1,28 @@ +This patch makes the exeception specifier of libiberty's 'asprintf' +and 'vasprintf' declarations match those of glibc to work around the +problem described at <https://gcc.gnu.org/ml/gcc-help/2016-04/msg00039.html>. + +The problem in part stems from the fact that libiberty is configured +without _GNU_SOURCE (thus, it sets HAVE_DECL_ASPRINTF to 0), whereas libcc1 +is configured and built with _GNU_SOURCE, hence the conflicting declarations. + +--- gcc-5.3.0/include/libiberty.h 2016-04-23 22:45:46.262709079 +0200 ++++ gcc-5.3.0/include/libiberty.h 2016-04-23 22:45:37.110635439 +0200 +@@ -625,7 +625,7 @@ extern int pwait (int, int *, int); + /* Like sprintf but provides a pointer to malloc'd storage, which must + be freed by the caller. */ + +-extern int asprintf (char **, const char *, ...) ATTRIBUTE_PRINTF_2; ++extern int asprintf (char **, const char *, ...) __THROWNL ATTRIBUTE_PRINTF_2; + #endif + + /* Like asprintf but allocates memory without fail. This works like +@@ -637,7 +637,7 @@ extern char *xasprintf (const char *, .. + /* Like vsprintf but provides a pointer to malloc'd storage, which + must be freed by the caller. */ + +-extern int vasprintf (char **, const char *, va_list) ATTRIBUTE_PRINTF(2,0); ++extern int vasprintf (char **, const char *, va_list) __THROWNL ATTRIBUTE_PRINTF(2,0); + #endif + + /* Like vasprintf but allocates memory without fail. This works like diff --git a/gnu/packages/patches/glibc-CVE-2015-7547.patch b/gnu/packages/patches/glibc-CVE-2015-7547.patch deleted file mode 100644 index 9a0909af74..0000000000 --- a/gnu/packages/patches/glibc-CVE-2015-7547.patch +++ /dev/null @@ -1,559 +0,0 @@ -Copied from Fedora: -http://pkgs.fedoraproject.org/cgit/rpms/glibc.git/tree/glibc-CVE-2015-7547.patch?h=f23&id=9f1734eb6ce3257b788d6e9203572e8204c6c584 - -Adapted to apply cleanly to glibc-2.22. - -Index: b/resolv/nss_dns/dns-host.c -=================================================================== ---- a/resolv/nss_dns/dns-host.c -+++ b/resolv/nss_dns/dns-host.c -@@ -1031,7 +1031,10 @@ gaih_getanswer_slice (const querybuf *an - int h_namelen = 0; - - if (ancount == 0) -- return NSS_STATUS_NOTFOUND; -+ { -+ *h_errnop = HOST_NOT_FOUND; -+ return NSS_STATUS_NOTFOUND; -+ } - - while (ancount-- > 0 && cp < end_of_message && had_error == 0) - { -@@ -1208,7 +1211,14 @@ gaih_getanswer_slice (const querybuf *an - /* Special case here: if the resolver sent a result but it only - contains a CNAME while we are looking for a T_A or T_AAAA record, - we fail with NOTFOUND instead of TRYAGAIN. */ -- return canon == NULL ? NSS_STATUS_TRYAGAIN : NSS_STATUS_NOTFOUND; -+ if (canon != NULL) -+ { -+ *h_errnop = HOST_NOT_FOUND; -+ return NSS_STATUS_NOTFOUND; -+ } -+ -+ *h_errnop = NETDB_INTERNAL; -+ return NSS_STATUS_TRYAGAIN; - } - - -@@ -1222,11 +1232,101 @@ gaih_getanswer (const querybuf *answer1, - - enum nss_status status = NSS_STATUS_NOTFOUND; - -+ /* Combining the NSS status of two distinct queries requires some -+ compromise and attention to symmetry (A or AAAA queries can be -+ returned in any order). What follows is a breakdown of how this -+ code is expected to work and why. We discuss only SUCCESS, -+ TRYAGAIN, NOTFOUND and UNAVAIL, since they are the only returns -+ that apply (though RETURN and MERGE exist). We make a distinction -+ between TRYAGAIN (recoverable) and TRYAGAIN' (not-recoverable). -+ A recoverable TRYAGAIN is almost always due to buffer size issues -+ and returns ERANGE in errno and the caller is expected to retry -+ with a larger buffer. -+ -+ Lastly, you may be tempted to make significant changes to the -+ conditions in this code to bring about symmetry between responses. -+ Please don't change anything without due consideration for -+ expected application behaviour. Some of the synthesized responses -+ aren't very well thought out and sometimes appear to imply that -+ IPv4 responses are always answer 1, and IPv6 responses are always -+ answer 2, but that's not true (see the implemetnation of send_dg -+ and send_vc to see response can arrive in any order, particlarly -+ for UDP). However, we expect it holds roughly enough of the time -+ that this code works, but certainly needs to be fixed to make this -+ a more robust implementation. -+ -+ ---------------------------------------------- -+ | Answer 1 Status / | Synthesized | Reason | -+ | Answer 2 Status | Status | | -+ |--------------------------------------------| -+ | SUCCESS/SUCCESS | SUCCESS | [1] | -+ | SUCCESS/TRYAGAIN | TRYAGAIN | [5] | -+ | SUCCESS/TRYAGAIN' | SUCCESS | [1] | -+ | SUCCESS/NOTFOUND | SUCCESS | [1] | -+ | SUCCESS/UNAVAIL | SUCCESS | [1] | -+ | TRYAGAIN/SUCCESS | TRYAGAIN | [2] | -+ | TRYAGAIN/TRYAGAIN | TRYAGAIN | [2] | -+ | TRYAGAIN/TRYAGAIN' | TRYAGAIN | [2] | -+ | TRYAGAIN/NOTFOUND | TRYAGAIN | [2] | -+ | TRYAGAIN/UNAVAIL | TRYAGAIN | [2] | -+ | TRYAGAIN'/SUCCESS | SUCCESS | [3] | -+ | TRYAGAIN'/TRYAGAIN | TRYAGAIN | [3] | -+ | TRYAGAIN'/TRYAGAIN' | TRYAGAIN' | [3] | -+ | TRYAGAIN'/NOTFOUND | TRYAGAIN' | [3] | -+ | TRYAGAIN'/UNAVAIL | UNAVAIL | [3] | -+ | NOTFOUND/SUCCESS | SUCCESS | [3] | -+ | NOTFOUND/TRYAGAIN | TRYAGAIN | [3] | -+ | NOTFOUND/TRYAGAIN' | TRYAGAIN' | [3] | -+ | NOTFOUND/NOTFOUND | NOTFOUND | [3] | -+ | NOTFOUND/UNAVAIL | UNAVAIL | [3] | -+ | UNAVAIL/SUCCESS | UNAVAIL | [4] | -+ | UNAVAIL/TRYAGAIN | UNAVAIL | [4] | -+ | UNAVAIL/TRYAGAIN' | UNAVAIL | [4] | -+ | UNAVAIL/NOTFOUND | UNAVAIL | [4] | -+ | UNAVAIL/UNAVAIL | UNAVAIL | [4] | -+ ---------------------------------------------- -+ -+ [1] If the first response is a success we return success. -+ This ignores the state of the second answer and in fact -+ incorrectly sets errno and h_errno to that of the second -+ answer. However because the response is a success we ignore -+ *errnop and *h_errnop (though that means you touched errno on -+ success). We are being conservative here and returning the -+ likely IPv4 response in the first answer as a success. -+ -+ [2] If the first response is a recoverable TRYAGAIN we return -+ that instead of looking at the second response. The -+ expectation here is that we have failed to get an IPv4 response -+ and should retry both queries. -+ -+ [3] If the first response was not a SUCCESS and the second -+ response is not NOTFOUND (had a SUCCESS, need to TRYAGAIN, -+ or failed entirely e.g. TRYAGAIN' and UNAVAIL) then use the -+ result from the second response, otherwise the first responses -+ status is used. Again we have some odd side-effects when the -+ second response is NOTFOUND because we overwrite *errnop and -+ *h_errnop that means that a first answer of NOTFOUND might see -+ its *errnop and *h_errnop values altered. Whether it matters -+ in practice that a first response NOTFOUND has the wrong -+ *errnop and *h_errnop is undecided. -+ -+ [4] If the first response is UNAVAIL we return that instead of -+ looking at the second response. The expectation here is that -+ it will have failed similarly e.g. configuration failure. -+ -+ [5] Testing this code is complicated by the fact that truncated -+ second response buffers might be returned as SUCCESS if the -+ first answer is a SUCCESS. To fix this we add symmetry to -+ TRYAGAIN with the second response. If the second response -+ is a recoverable error we now return TRYAGIN even if the first -+ response was SUCCESS. */ -+ - if (anslen1 > 0) - status = gaih_getanswer_slice(answer1, anslen1, qname, - &pat, &buffer, &buflen, - errnop, h_errnop, ttlp, - &first); -+ - if ((status == NSS_STATUS_SUCCESS || status == NSS_STATUS_NOTFOUND - || (status == NSS_STATUS_TRYAGAIN - /* We want to look at the second answer in case of an -@@ -1242,8 +1342,15 @@ gaih_getanswer (const querybuf *answer1, - &pat, &buffer, &buflen, - errnop, h_errnop, ttlp, - &first); -+ /* Use the second response status in some cases. */ - if (status != NSS_STATUS_SUCCESS && status2 != NSS_STATUS_NOTFOUND) - status = status2; -+ /* Do not return a truncated second response (unless it was -+ unavoidable e.g. unrecoverable TRYAGAIN). */ -+ if (status == NSS_STATUS_SUCCESS -+ && (status2 == NSS_STATUS_TRYAGAIN -+ && *errnop == ERANGE && *h_errnop != NO_RECOVERY)) -+ status = NSS_STATUS_TRYAGAIN; - } - - return status; -Index: b/resolv/res_query.c -=================================================================== ---- a/resolv/res_query.c -+++ b/resolv/res_query.c -@@ -396,6 +396,7 @@ __libc_res_nsearch(res_state statp, - { - free (*answerp2); - *answerp2 = NULL; -+ *nanswerp2 = 0; - *answerp2_malloced = 0; - } - } -@@ -447,6 +448,7 @@ __libc_res_nsearch(res_state statp, - { - free (*answerp2); - *answerp2 = NULL; -+ *nanswerp2 = 0; - *answerp2_malloced = 0; - } - -@@ -521,6 +523,7 @@ __libc_res_nsearch(res_state statp, - { - free (*answerp2); - *answerp2 = NULL; -+ *nanswerp2 = 0; - *answerp2_malloced = 0; - } - if (saved_herrno != -1) -Index: b/resolv/res_send.c -=================================================================== ---- a/resolv/res_send.c -+++ b/resolv/res_send.c -@@ -1,3 +1,20 @@ -+/* Copyright (C) 2016 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ <http://www.gnu.org/licenses/>. */ -+ - /* - * Copyright (c) 1985, 1989, 1993 - * The Regents of the University of California. All rights reserved. -@@ -361,6 +378,8 @@ __libc_res_nsend(res_state statp, const - #ifdef USE_HOOKS - if (__glibc_unlikely (statp->qhook || statp->rhook)) { - if (anssiz < MAXPACKET && ansp) { -+ /* Always allocate MAXPACKET, callers expect -+ this specific size. */ - u_char *buf = malloc (MAXPACKET); - if (buf == NULL) - return (-1); -@@ -660,6 +679,77 @@ libresolv_hidden_def (res_nsend) - - /* Private */ - -+/* The send_vc function is responsible for sending a DNS query over TCP -+ to the nameserver numbered NS from the res_state STATP i.e. -+ EXT(statp).nssocks[ns]. The function supports sending both IPv4 and -+ IPv6 queries at the same serially on the same socket. -+ -+ Please note that for TCP there is no way to disable sending both -+ queries, unlike UDP, which honours RES_SNGLKUP and RES_SNGLKUPREOP -+ and sends the queries serially and waits for the result after each -+ sent query. This implemetnation should be corrected to honour these -+ options. -+ -+ Please also note that for TCP we send both queries over the same -+ socket one after another. This technically violates best practice -+ since the server is allowed to read the first query, respond, and -+ then close the socket (to service another client). If the server -+ does this, then the remaining second query in the socket data buffer -+ will cause the server to send the client an RST which will arrive -+ asynchronously and the client's OS will likely tear down the socket -+ receive buffer resulting in a potentially short read and lost -+ response data. This will force the client to retry the query again, -+ and this process may repeat until all servers and connection resets -+ are exhausted and then the query will fail. It's not known if this -+ happens with any frequency in real DNS server implementations. This -+ implementation should be corrected to use two sockets by default for -+ parallel queries. -+ -+ The query stored in BUF of BUFLEN length is sent first followed by -+ the query stored in BUF2 of BUFLEN2 length. Queries are sent -+ serially on the same socket. -+ -+ Answers to the query are stored firstly in *ANSP up to a max of -+ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP -+ is non-NULL (to indicate that modifying the answer buffer is allowed) -+ then malloc is used to allocate a new response buffer and ANSCP and -+ ANSP will both point to the new buffer. If more than *ANSSIZP bytes -+ are needed but ANSCP is NULL, then as much of the response as -+ possible is read into the buffer, but the results will be truncated. -+ When truncation happens because of a small answer buffer the DNS -+ packets header feild TC will bet set to 1, indicating a truncated -+ message and the rest of the socket data will be read and discarded. -+ -+ Answers to the query are stored secondly in *ANSP2 up to a max of -+ *ANSSIZP2 bytes, with the actual response length stored in -+ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2 -+ is non-NULL (required for a second query) then malloc is used to -+ allocate a new response buffer, *ANSSIZP2 is set to the new buffer -+ size and *ANSP2_MALLOCED is set to 1. -+ -+ The ANSP2_MALLOCED argument will eventually be removed as the -+ change in buffer pointer can be used to detect the buffer has -+ changed and that the caller should use free on the new buffer. -+ -+ Note that the answers may arrive in any order from the server and -+ therefore the first and second answer buffers may not correspond to -+ the first and second queries. -+ -+ It is not supported to call this function with a non-NULL ANSP2 -+ but a NULL ANSCP. Put another way, you can call send_vc with a -+ single unmodifiable buffer or two modifiable buffers, but no other -+ combination is supported. -+ -+ It is the caller's responsibility to free the malloc allocated -+ buffers by detecting that the pointers have changed from their -+ original values i.e. *ANSCP or *ANSP2 has changed. -+ -+ If errors are encountered then *TERRNO is set to an appropriate -+ errno value and a zero result is returned for a recoverable error, -+ and a less-than zero result is returned for a non-recoverable error. -+ -+ If no errors are encountered then *TERRNO is left unmodified and -+ a the length of the first response in bytes is returned. */ - static int - send_vc(res_state statp, - const u_char *buf, int buflen, const u_char *buf2, int buflen2, -@@ -669,11 +759,7 @@ send_vc(res_state statp, - { - const HEADER *hp = (HEADER *) buf; - const HEADER *hp2 = (HEADER *) buf2; -- u_char *ans = *ansp; -- int orig_anssizp = *anssizp; -- // XXX REMOVE -- // int anssiz = *anssizp; -- HEADER *anhp = (HEADER *) ans; -+ HEADER *anhp = (HEADER *) *ansp; - struct sockaddr *nsap = get_nsaddr (statp, ns); - int truncating, connreset, n; - /* On some architectures compiler might emit a warning indicating -@@ -766,6 +852,8 @@ send_vc(res_state statp, - * Receive length & response - */ - int recvresp1 = 0; -+ /* Skip the second response if there is no second query. -+ To do that we mark the second response as received. */ - int recvresp2 = buf2 == NULL; - uint16_t rlen16; - read_len: -@@ -802,40 +890,14 @@ send_vc(res_state statp, - u_char **thisansp; - int *thisresplenp; - if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) { -+ /* We have not received any responses -+ yet or we only have one response to -+ receive. */ - thisanssizp = anssizp; - thisansp = anscp ?: ansp; - assert (anscp != NULL || ansp2 == NULL); - thisresplenp = &resplen; - } else { -- if (*anssizp != MAXPACKET) { -- /* No buffer allocated for the first -- reply. We can try to use the rest -- of the user-provided buffer. */ --#if __GNUC_PREREQ (4, 7) -- DIAG_PUSH_NEEDS_COMMENT; -- DIAG_IGNORE_NEEDS_COMMENT (5, "-Wmaybe-uninitialized"); --#endif --#if _STRING_ARCH_unaligned -- *anssizp2 = orig_anssizp - resplen; -- *ansp2 = *ansp + resplen; --#else -- int aligned_resplen -- = ((resplen + __alignof__ (HEADER) - 1) -- & ~(__alignof__ (HEADER) - 1)); -- *anssizp2 = orig_anssizp - aligned_resplen; -- *ansp2 = *ansp + aligned_resplen; --#endif --#if __GNUC_PREREQ (4, 7) -- DIAG_POP_NEEDS_COMMENT; --#endif -- } else { -- /* The first reply did not fit into the -- user-provided buffer. Maybe the second -- answer will. */ -- *anssizp2 = orig_anssizp; -- *ansp2 = *ansp; -- } -- - thisanssizp = anssizp2; - thisansp = ansp2; - thisresplenp = resplen2; -@@ -843,10 +905,14 @@ send_vc(res_state statp, - anhp = (HEADER *) *thisansp; - - *thisresplenp = rlen; -- if (rlen > *thisanssizp) { -- /* Yes, we test ANSCP here. If we have two buffers -- both will be allocatable. */ -- if (__glibc_likely (anscp != NULL)) { -+ /* Is the answer buffer too small? */ -+ if (*thisanssizp < rlen) { -+ /* If the current buffer is non-NULL and it's not -+ pointing at the static user-supplied buffer then -+ we can reallocate it. */ -+ if (thisansp != NULL && thisansp != ansp) { -+ /* Always allocate MAXPACKET, callers expect -+ this specific size. */ - u_char *newp = malloc (MAXPACKET); - if (newp == NULL) { - *terrno = ENOMEM; -@@ -858,6 +924,9 @@ send_vc(res_state statp, - if (thisansp == ansp2) - *ansp2_malloced = 1; - anhp = (HEADER *) newp; -+ /* A uint16_t can't be larger than MAXPACKET -+ thus it's safe to allocate MAXPACKET but -+ read RLEN bytes instead. */ - len = rlen; - } else { - Dprint(statp->options & RES_DEBUG, -@@ -1021,6 +1090,66 @@ reopen (res_state statp, int *terrno, in - return 1; - } - -+/* The send_dg function is responsible for sending a DNS query over UDP -+ to the nameserver numbered NS from the res_state STATP i.e. -+ EXT(statp).nssocks[ns]. The function supports IPv4 and IPv6 queries -+ along with the ability to send the query in parallel for both stacks -+ (default) or serially (RES_SINGLKUP). It also supports serial lookup -+ with a close and reopen of the socket used to talk to the server -+ (RES_SNGLKUPREOP) to work around broken name servers. -+ -+ The query stored in BUF of BUFLEN length is sent first followed by -+ the query stored in BUF2 of BUFLEN2 length. Queries are sent -+ in parallel (default) or serially (RES_SINGLKUP or RES_SNGLKUPREOP). -+ -+ Answers to the query are stored firstly in *ANSP up to a max of -+ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP -+ is non-NULL (to indicate that modifying the answer buffer is allowed) -+ then malloc is used to allocate a new response buffer and ANSCP and -+ ANSP will both point to the new buffer. If more than *ANSSIZP bytes -+ are needed but ANSCP is NULL, then as much of the response as -+ possible is read into the buffer, but the results will be truncated. -+ When truncation happens because of a small answer buffer the DNS -+ packets header feild TC will bet set to 1, indicating a truncated -+ message, while the rest of the UDP packet is discarded. -+ -+ Answers to the query are stored secondly in *ANSP2 up to a max of -+ *ANSSIZP2 bytes, with the actual response length stored in -+ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2 -+ is non-NULL (required for a second query) then malloc is used to -+ allocate a new response buffer, *ANSSIZP2 is set to the new buffer -+ size and *ANSP2_MALLOCED is set to 1. -+ -+ The ANSP2_MALLOCED argument will eventually be removed as the -+ change in buffer pointer can be used to detect the buffer has -+ changed and that the caller should use free on the new buffer. -+ -+ Note that the answers may arrive in any order from the server and -+ therefore the first and second answer buffers may not correspond to -+ the first and second queries. -+ -+ It is not supported to call this function with a non-NULL ANSP2 -+ but a NULL ANSCP. Put another way, you can call send_vc with a -+ single unmodifiable buffer or two modifiable buffers, but no other -+ combination is supported. -+ -+ It is the caller's responsibility to free the malloc allocated -+ buffers by detecting that the pointers have changed from their -+ original values i.e. *ANSCP or *ANSP2 has changed. -+ -+ If an answer is truncated because of UDP datagram DNS limits then -+ *V_CIRCUIT is set to 1 and the return value non-zero to indicate to -+ the caller to retry with TCP. The value *GOTSOMEWHERE is set to 1 -+ if any progress was made reading a response from the nameserver and -+ is used by the caller to distinguish between ECONNREFUSED and -+ ETIMEDOUT (the latter if *GOTSOMEWHERE is 1). -+ -+ If errors are encountered then *TERRNO is set to an appropriate -+ errno value and a zero result is returned for a recoverable error, -+ and a less-than zero result is returned for a non-recoverable error. -+ -+ If no errors are encountered then *TERRNO is left unmodified and -+ a the length of the first response in bytes is returned. */ - static int - send_dg(res_state statp, - const u_char *buf, int buflen, const u_char *buf2, int buflen2, -@@ -1030,8 +1159,6 @@ send_dg(res_state statp, - { - const HEADER *hp = (HEADER *) buf; - const HEADER *hp2 = (HEADER *) buf2; -- u_char *ans = *ansp; -- int orig_anssizp = *anssizp; - struct timespec now, timeout, finish; - struct pollfd pfd[1]; - int ptimeout; -@@ -1064,6 +1191,8 @@ send_dg(res_state statp, - int need_recompute = 0; - int nwritten = 0; - int recvresp1 = 0; -+ /* Skip the second response if there is no second query. -+ To do that we mark the second response as received. */ - int recvresp2 = buf2 == NULL; - pfd[0].fd = EXT(statp).nssocks[ns]; - pfd[0].events = POLLOUT; -@@ -1227,55 +1356,56 @@ send_dg(res_state statp, - int *thisresplenp; - - if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) { -+ /* We have not received any responses -+ yet or we only have one response to -+ receive. */ - thisanssizp = anssizp; - thisansp = anscp ?: ansp; - assert (anscp != NULL || ansp2 == NULL); - thisresplenp = &resplen; - } else { -- if (*anssizp != MAXPACKET) { -- /* No buffer allocated for the first -- reply. We can try to use the rest -- of the user-provided buffer. */ --#if _STRING_ARCH_unaligned -- *anssizp2 = orig_anssizp - resplen; -- *ansp2 = *ansp + resplen; --#else -- int aligned_resplen -- = ((resplen + __alignof__ (HEADER) - 1) -- & ~(__alignof__ (HEADER) - 1)); -- *anssizp2 = orig_anssizp - aligned_resplen; -- *ansp2 = *ansp + aligned_resplen; --#endif -- } else { -- /* The first reply did not fit into the -- user-provided buffer. Maybe the second -- answer will. */ -- *anssizp2 = orig_anssizp; -- *ansp2 = *ansp; -- } -- - thisanssizp = anssizp2; - thisansp = ansp2; - thisresplenp = resplen2; - } - - if (*thisanssizp < MAXPACKET -- /* Yes, we test ANSCP here. If we have two buffers -- both will be allocatable. */ -- && anscp -+ /* If the current buffer is non-NULL and it's not -+ pointing at the static user-supplied buffer then -+ we can reallocate it. */ -+ && (thisansp != NULL && thisansp != ansp) - #ifdef FIONREAD -+ /* Is the size too small? */ - && (ioctl (pfd[0].fd, FIONREAD, thisresplenp) < 0 - || *thisanssizp < *thisresplenp) - #endif - ) { -+ /* Always allocate MAXPACKET, callers expect -+ this specific size. */ - u_char *newp = malloc (MAXPACKET); - if (newp != NULL) { -- *anssizp = MAXPACKET; -- *thisansp = ans = newp; -+ *thisanssizp = MAXPACKET; -+ *thisansp = newp; - if (thisansp == ansp2) - *ansp2_malloced = 1; - } - } -+ /* We could end up with truncation if anscp was NULL -+ (not allowed to change caller's buffer) and the -+ response buffer size is too small. This isn't a -+ reliable way to detect truncation because the ioctl -+ may be an inaccurate report of the UDP message size. -+ Therefore we use this only to issue debug output. -+ To do truncation accurately with UDP we need -+ MSG_TRUNC which is only available on Linux. We -+ can abstract out the Linux-specific feature in the -+ future to detect truncation. */ -+ if (__glibc_unlikely (*thisanssizp < *thisresplenp)) { -+ Dprint(statp->options & RES_DEBUG, -+ (stdout, ";; response may be truncated (UDP)\n") -+ ); -+ } -+ - HEADER *anhp = (HEADER *) *thisansp; - socklen_t fromlen = sizeof(struct sockaddr_in6); - assert (sizeof(from) <= fromlen); diff --git a/gnu/packages/patches/glibc-locale-incompatibility.patch b/gnu/packages/patches/glibc-locale-incompatibility.patch deleted file mode 100644 index baf30a79a7..0000000000 --- a/gnu/packages/patches/glibc-locale-incompatibility.patch +++ /dev/null @@ -1,23 +0,0 @@ -This patch avoids an assertion failure when incompatible locale data -is encountered: - - https://sourceware.org/ml/libc-alpha/2015-09/msg00575.html - ---- glibc-2.22/locale/loadlocale.c 2015-09-22 17:16:02.321981548 +0200 -+++ glibc-2.22/locale/loadlocale.c 2015-09-22 17:17:34.814659064 +0200 -@@ -120,10 +120,11 @@ - _nl_value_type_LC_XYZ array. There are all pointers. */ - switch (category) - { --#define CATTEST(cat) \ -- case LC_##cat: \ -- assert (cnt < (sizeof (_nl_value_type_LC_##cat) \ -- / sizeof (_nl_value_type_LC_##cat[0]))); \ -+#define CATTEST(cat) \ -+ case LC_##cat: \ -+ if (cnt >= (sizeof (_nl_value_type_LC_##cat) \ -+ / sizeof (_nl_value_type_LC_##cat[0]))) \ -+ goto puntdata; \ - break - CATTEST (NUMERIC); - CATTEST (TIME); diff --git a/gnu/packages/patches/libarchive-CVE-2013-0211.patch b/gnu/packages/patches/libarchive-CVE-2013-0211.patch deleted file mode 100644 index b024a7d4a8..0000000000 --- a/gnu/packages/patches/libarchive-CVE-2013-0211.patch +++ /dev/null @@ -1,21 +0,0 @@ -Description: Fix CVE-2013-0211: read buffer overflow on 64-bit systems -Origin: upstream -Bug-Debian: http://bugs.debian.org/703957 -Forwarded: not-needed - ---- libarchive-3.0.4.orig/libarchive/archive_write.c -+++ libarchive-3.0.4/libarchive/archive_write.c -@@ -665,8 +665,13 @@ static ssize_t - _archive_write_data(struct archive *_a, const void *buff, size_t s) - { - struct archive_write *a = (struct archive_write *)_a; -+ const size_t max_write = INT_MAX; -+ - archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC, - ARCHIVE_STATE_DATA, "archive_write_data"); -+ /* In particular, this catches attempts to pass negative values. */ -+ if (s > max_write) -+ s = max_write; - archive_clear_error(&a->archive); - return ((a->format_write_data)(a, buff, s)); - } diff --git a/gnu/packages/patches/libarchive-CVE-2016-1541.patch b/gnu/packages/patches/libarchive-CVE-2016-1541.patch deleted file mode 100644 index 6ac8773244..0000000000 --- a/gnu/packages/patches/libarchive-CVE-2016-1541.patch +++ /dev/null @@ -1,67 +0,0 @@ -Fix CVE-2016-1541 (buffer overflow zip_read_mac_metadata) - -Taken from upstream source repository: -https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7 - -When reading OS X metadata entries in Zip archives that were stored -without compression, libarchive would use the uncompressed entry size -to allocate a buffer but would use the compressed entry size to limit -the amount of data copied into that buffer. Since the compressed -and uncompressed sizes are provided by data in the archive itself, -an attacker could manipulate these values to write data beyond -the end of the allocated buffer. - -This fix provides three new checks to guard against such -manipulation and to make libarchive generally more robust when -handling this type of entry: - 1. If an OS X metadata entry is stored without compression, - abort the entire archive if the compressed and uncompressed - data sizes do not match. - 2. When sanity-checking the size of an OS X metadata entry, - abort this entry if either the compressed or uncompressed - size is larger than 4MB. - 3. When copying data into the allocated buffer, check the copy - size against both the compressed entry size and uncompressed - entry size. ---- - libarchive/archive_read_support_format_zip.c | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - -diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c -index 0f8262c..0a0be96 100644 ---- a/libarchive/archive_read_support_format_zip.c -+++ b/libarchive/archive_read_support_format_zip.c -@@ -2778,6 +2778,11 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry, - - switch(rsrc->compression) { - case 0: /* No compression. */ -+ if (rsrc->uncompressed_size != rsrc->compressed_size) { -+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, -+ "Malformed OS X metadata entry: inconsistent size"); -+ return (ARCHIVE_FATAL); -+ } - #ifdef HAVE_ZLIB_H - case 8: /* Deflate compression. */ - #endif -@@ -2798,6 +2803,12 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry, - (intmax_t)rsrc->uncompressed_size); - return (ARCHIVE_WARN); - } -+ if (rsrc->compressed_size > (4 * 1024 * 1024)) { -+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, -+ "Mac metadata is too large: %jd > 4M bytes", -+ (intmax_t)rsrc->compressed_size); -+ return (ARCHIVE_WARN); -+ } - - metadata = malloc((size_t)rsrc->uncompressed_size); - if (metadata == NULL) { -@@ -2836,6 +2847,8 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry, - bytes_avail = remaining_bytes; - switch(rsrc->compression) { - case 0: /* No compression. */ -+ if ((size_t)bytes_avail > metadata_bytes) -+ bytes_avail = metadata_bytes; - memcpy(mp, p, bytes_avail); - bytes_used = (size_t)bytes_avail; - metadata_bytes -= bytes_used; diff --git a/gnu/packages/patches/libarchive-bsdtar-test.patch b/gnu/packages/patches/libarchive-bsdtar-test.patch deleted file mode 100644 index 6a533a9a07..0000000000 --- a/gnu/packages/patches/libarchive-bsdtar-test.patch +++ /dev/null @@ -1,74 +0,0 @@ -commit b539b2e597b566fe3c4b49cb61c9eef83e5e052d -Author: Pavel Raiskup <praiskup@redhat.com> -Date: Thu Jun 27 16:01:30 2013 +0200 - - Use ustar format in the test_option_b test - - .. because the ustar archive does not store SELinux context. As the default - format for bsdtar is "restricted pax" (trying to store xattrs and other - things by default), the test failed on Fedora because our files have by - default SELinux context set. This results in additional data in tested - archive ~> and the test failed because the archive was unexpectedly big: - - tar/test/test_option_b.c:41: File archive1.tar has size 3072, expected 2048 - - Reviewed by Konrad Kleine <konrad.wilhelm.kleine@gmail.com> - -diff --git a/tar/test/test_option_b.c b/tar/test/test_option_b.c -index be2ae65..6fea474 100644 ---- a/tar/test/test_option_b.c -+++ b/tar/test/test_option_b.c -@@ -25,8 +25,14 @@ - #include "test.h" - __FBSDID("$FreeBSD$"); - -+#define USTAR_OPT " --format=ustar" -+ - DEFINE_TEST(test_option_b) - { -+ char *testprog_ustar = malloc(strlen(testprog) + sizeof(USTAR_OPT) + 1); -+ strcpy(testprog_ustar, testprog); -+ strcat(testprog_ustar, USTAR_OPT); -+ - assertMakeFile("file1", 0644, "file1"); - if (systemf("cat file1 > test_cat.out 2> test_cat.err") != 0) { - skipping("Platform doesn't have cat"); -@@ -36,7 +42,7 @@ DEFINE_TEST(test_option_b) - /* - * Bsdtar does not pad if the output is going directly to a disk file. - */ -- assertEqualInt(0, systemf("%s -cf archive1.tar file1 >test1.out 2>test1.err", testprog)); -+ assertEqualInt(0, systemf("%s -cf archive1.tar file1 >test1.out 2>test1.err", testprog_ustar)); - failure("bsdtar does not pad archives written directly to regular files"); - assertFileSize("archive1.tar", 2048); - assertEmptyFile("test1.out"); -@@ -46,24 +52,24 @@ DEFINE_TEST(test_option_b) - * Bsdtar does pad to the block size if the output is going to a socket. - */ - /* Default is -b 20 */ -- assertEqualInt(0, systemf("%s -cf - file1 2>test2.err | cat >archive2.tar ", testprog)); -+ assertEqualInt(0, systemf("%s -cf - file1 2>test2.err | cat >archive2.tar ", testprog_ustar)); - failure("bsdtar does pad archives written to pipes"); - assertFileSize("archive2.tar", 10240); - assertEmptyFile("test2.err"); - -- assertEqualInt(0, systemf("%s -cf - -b 20 file1 2>test3.err | cat >archive3.tar ", testprog)); -+ assertEqualInt(0, systemf("%s -cf - -b 20 file1 2>test3.err | cat >archive3.tar ", testprog_ustar)); - assertFileSize("archive3.tar", 10240); - assertEmptyFile("test3.err"); - -- assertEqualInt(0, systemf("%s -cf - -b 10 file1 2>test4.err | cat >archive4.tar ", testprog)); -+ assertEqualInt(0, systemf("%s -cf - -b 10 file1 2>test4.err | cat >archive4.tar ", testprog_ustar)); - assertFileSize("archive4.tar", 5120); - assertEmptyFile("test4.err"); - -- assertEqualInt(0, systemf("%s -cf - -b 1 file1 2>test5.err | cat >archive5.tar ", testprog)); -+ assertEqualInt(0, systemf("%s -cf - -b 1 file1 2>test5.err | cat >archive5.tar ", testprog_ustar)); - assertFileSize("archive5.tar", 2048); - assertEmptyFile("test5.err"); - -- assertEqualInt(0, systemf("%s -cf - -b 8192 file1 2>test6.err | cat >archive6.tar ", testprog)); -+ assertEqualInt(0, systemf("%s -cf - -b 8192 file1 2>test6.err | cat >archive6.tar ", testprog_ustar)); - assertFileSize("archive6.tar", 4194304); - assertEmptyFile("test6.err"); - diff --git a/gnu/packages/patches/libarchive-fix-lzo-test-case.patch b/gnu/packages/patches/libarchive-fix-lzo-test-case.patch deleted file mode 100644 index ffdc0db922..0000000000 --- a/gnu/packages/patches/libarchive-fix-lzo-test-case.patch +++ /dev/null @@ -1,83 +0,0 @@ -Description: This patch fixes test cases for LZO write support in various - architectures, such as armhf. Writing a certain amount of files would - cause the LZO compressor level 9 to produce a bigger archive than the - default compressor level. -Author: Andres Mejia <amejia@debian.org> - ---- a/libarchive/test/test_write_filter_lzop.c -+++ b/libarchive/test/test_write_filter_lzop.c -@@ -39,7 +39,7 @@ - size_t buffsize, datasize; - char path[16]; - size_t used1, used2; -- int i, r, use_prog = 0; -+ int i, r, use_prog = 0, filecount; - - assert((a = archive_write_new()) != NULL); - r = archive_write_add_filter_lzop(a); -@@ -58,9 +58,10 @@ - - datasize = 10000; - assert(NULL != (data = (char *)calloc(1, datasize))); -+ filecount = 10; - - /* -- * Write a 100 files and read them all back. -+ * Write a filecount files and read them all back. - */ - assert((a = archive_write_new()) != NULL); - assertEqualIntA(a, ARCHIVE_OK, archive_write_set_format_ustar(a)); -@@ -77,7 +78,7 @@ - assert((ae = archive_entry_new()) != NULL); - archive_entry_set_filetype(ae, AE_IFREG); - archive_entry_set_size(ae, datasize); -- for (i = 0; i < 100; i++) { -+ for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); - archive_entry_copy_pathname(ae, path); - assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae)); -@@ -97,7 +98,7 @@ - } else { - assertEqualIntA(a, ARCHIVE_OK, - archive_read_open_memory(a, buff, used1)); -- for (i = 0; i < 100; i++) { -+ for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); - if (!assertEqualInt(ARCHIVE_OK, - archive_read_next_header(a, &ae))) -@@ -133,7 +134,7 @@ - archive_write_set_options(a, "lzop:compression-level=9")); - assertEqualIntA(a, ARCHIVE_OK, - archive_write_open_memory(a, buff, buffsize, &used2)); -- for (i = 0; i < 100; i++) { -+ for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); - assert((ae = archive_entry_new()) != NULL); - archive_entry_copy_pathname(ae, path); -@@ -161,7 +162,7 @@ - archive_read_support_filter_all(a)); - assertEqualIntA(a, ARCHIVE_OK, - archive_read_open_memory(a, buff, used2)); -- for (i = 0; i < 100; i++) { -+ for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); - if (!assertEqualInt(ARCHIVE_OK, - archive_read_next_header(a, &ae))) -@@ -186,7 +187,7 @@ - archive_write_set_filter_option(a, NULL, "compression-level", "1")); - assertEqualIntA(a, ARCHIVE_OK, - archive_write_open_memory(a, buff, buffsize, &used2)); -- for (i = 0; i < 100; i++) { -+ for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); - assert((ae = archive_entry_new()) != NULL); - archive_entry_copy_pathname(ae, path); -@@ -216,7 +217,7 @@ - } else { - assertEqualIntA(a, ARCHIVE_OK, - archive_read_open_memory(a, buff, used2)); -- for (i = 0; i < 100; i++) { -+ for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); - if (!assertEqualInt(ARCHIVE_OK, - archive_read_next_header(a, &ae))) diff --git a/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch b/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch deleted file mode 100644 index ad94592c05..0000000000 --- a/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch +++ /dev/null @@ -1,18 +0,0 @@ -Description: Patch to fix filename length calculation when writing mtree archives. -Author: Dave Reisner <dreisner@archlinux.org> -Origin: upstream - ---- a/libarchive/archive_write_set_format_mtree.c -+++ b/libarchive/archive_write_set_format_mtree.c -@@ -1855,9 +1855,9 @@ - return (ret); - } - -- /* Make a basename from dirname and slash */ -+ /* Make a basename from file->parentdir.s and slash */ - *slash = '\0'; -- file->parentdir.length = slash - dirname; -+ file->parentdir.length = slash - file->parentdir.s; - archive_strcpy(&(file->basename), slash + 1); - return (ret); - } diff --git a/gnu/packages/patches/libxslt-generated-ids.patch b/gnu/packages/patches/libxslt-generated-ids.patch new file mode 100644 index 0000000000..4273875c7c --- /dev/null +++ b/gnu/packages/patches/libxslt-generated-ids.patch @@ -0,0 +1,173 @@ +This makes generated IDs deterministic. + +Written by Daniel Veillard. + +This should be fixed in next release (2.29). +See https://bugzilla.gnome.org/show_bug.cgi?id=751621. + +diff --git a/libxslt/functions.c b/libxslt/functions.c +index 6448bde..5b00a6d 100644 +--- a/libxslt/functions.c ++++ b/libxslt/functions.c +@@ -651,6 +651,63 @@ xsltFormatNumberFunction(xmlXPathParserContextPtr ctxt, int nargs) + } + + /** ++ * xsltCleanupIds: ++ * @ctxt: the transformation context ++ * @root: the root of the resulting document ++ * ++ * This clean up ids which may have been saved in Element contents ++ * by xsltGenerateIdFunction() to provide stable IDs on elements. ++ * ++ * Returns the number of items cleaned or -1 in case of error ++ */ ++int ++xsltCleanupIds(xsltTransformContextPtr ctxt, xmlNodePtr root) { ++ xmlNodePtr cur; ++ int count = 0; ++ ++ if ((ctxt == NULL) || (root == NULL)) ++ return(-1); ++ if (root->type != XML_ELEMENT_NODE) ++ return(-1); ++ ++ cur = root; ++ while (cur != NULL) { ++ if (cur->type == XML_ELEMENT_NODE) { ++ if (cur->content != NULL) { ++ cur->content = NULL; ++ count++; ++ } ++ if (cur->children != NULL) { ++ cur = cur->children; ++ continue; ++ } ++ } ++ if (cur->next != NULL) { ++ cur = cur->next; ++ continue; ++ } ++ do { ++ cur = cur->parent; ++ if (cur == NULL) ++ break; ++ if (cur == (xmlNodePtr) root) { ++ cur = NULL; ++ break; ++ } ++ if (cur->next != NULL) { ++ cur = cur->next; ++ break; ++ } ++ } while (cur != NULL); ++ } ++ ++fprintf(stderr, "Attributed %d IDs for element, cleaned up %d\n", ++ ctxt->nextid, count); ++ ++ return(count); ++} ++ ++/** + * xsltGenerateIdFunction: + * @ctxt: the XPath Parser context + * @nargs: the number of arguments +@@ -701,7 +758,39 @@ xsltGenerateIdFunction(xmlXPathParserContextPtr ctxt, int nargs){ + if (obj) + xmlXPathFreeObject(obj); + +- val = (long)((char *)cur - (char *)&base_address); ++ /* ++ * Try to provide stable ID for generated document: ++ * - usually ID are computed to be placed on elements via attributes ++ * so using the element as the node for the ID ++ * - the cur->content should be a correct placeholder for this, we use ++ * it to hold element node numbers in xmlXPathOrderDocElems to ++ * speed up XPath too ++ * - xsltCleanupIds() clean them up before handing the XSLT output ++ * to the API client. ++ * - other nodes types use the node address method but that should ++ * not end up in resulting document ID ++ * - we can enable this by default without risk of performance issues ++ * only the one pass xsltCleanupIds() is added ++ */ ++ if (cur->type == XML_ELEMENT_NODE) { ++ if (cur->content == NULL) { ++ xsltTransformContextPtr tctxt; ++ ++ tctxt = xsltXPathGetTransformContext(ctxt); ++ if (tctxt == NULL) { ++ val = (long)((char *)cur - (char *)&base_address); ++ } else { ++ tctxt->nextid++; ++ val = tctxt->nextid; ++ cur->content = (void *) (val); ++ } ++ } else { ++ val = (long) cur->content; ++ } ++ } else { ++ val = (long)((char *)cur - (char *)&base_address); ++ } ++ + if (val >= 0) { + sprintf((char *)str, "idp%ld", val); + } else { +diff --git a/libxslt/functions.h b/libxslt/functions.h +index e0e0bf9..4a1e163 100644 +--- a/libxslt/functions.h ++++ b/libxslt/functions.h +@@ -64,6 +64,13 @@ XSLTPUBFUN void XSLTCALL + int nargs); + + /* ++ * Cleanup for ID generation ++ */ ++XSLTPUBFUN int XSLTCALL ++ xsltCleanupIds (xsltTransformContextPtr ctxt, ++ xmlNodePtr root); ++ ++/* + * And the registration + */ + +diff --git a/libxslt/transform.c b/libxslt/transform.c +index 24f9eb2..2bdf6bf 100644 +--- a/libxslt/transform.c ++++ b/libxslt/transform.c +@@ -700,6 +700,7 @@ xsltNewTransformContext(xsltStylesheetPtr style, xmlDocPtr doc) { + cur->traceCode = (unsigned long*) &xsltDefaultTrace; + cur->xinclude = xsltGetXIncludeDefault(); + cur->keyInitLevel = 0; ++ cur->nextid = 0; + + return(cur); + +@@ -6092,6 +6093,13 @@ xsltApplyStylesheetInternal(xsltStylesheetPtr style, xmlDocPtr doc, + if (root != NULL) { + const xmlChar *doctype = NULL; + ++ /* ++ * cleanup ids which may have been saved in Elements content ptrs ++ */ ++ if (ctxt->nextid != 0) { ++ xsltCleanupIds(ctxt, root); ++ } ++ + if ((root->ns != NULL) && (root->ns->prefix != NULL)) + doctype = xmlDictQLookup(ctxt->dict, root->ns->prefix, root->name); + if (doctype == NULL) +diff --git a/libxslt/xsltInternals.h b/libxslt/xsltInternals.h +index 95e8fe6..8eedae4 100644 +--- a/libxslt/xsltInternals.h ++++ b/libxslt/xsltInternals.h +@@ -1786,6 +1786,8 @@ struct _xsltTransformContext { + int funcLevel; /* Needed to catch recursive functions issues */ + int maxTemplateDepth; + int maxTemplateVars; ++ ++ unsigned long nextid;/* for generating stable ids */ + }; + + /** diff --git a/gnu/packages/patches/libxslt-remove-date-timestamps.patch b/gnu/packages/patches/libxslt-remove-date-timestamps.patch new file mode 100644 index 0000000000..51470d0847 --- /dev/null +++ b/gnu/packages/patches/libxslt-remove-date-timestamps.patch @@ -0,0 +1,66 @@ +Use deterministic SOURCE_DATE_EPOCH for embedded timestamps in generated documentation. + +Written by Eduard Sanou. + +https://bugzilla.gnome.org/show_bug.cgi?id=758148 + +--- libxslt-1.1.28.orig/libexslt/date.c ++++ libxslt-1.1.28/libexslt/date.c +@@ -46,6 +46,7 @@ + #include "exslt.h" + + #include <string.h> ++#include <errno.h> + + #ifdef HAVE_MATH_H + #include <math.h> +@@ -747,21 +748,46 @@ static exsltDateValPtr + exsltDateCurrent (void) + { + struct tm localTm, gmTm; ++ struct tm *tb = NULL; + time_t secs; + int local_s, gm_s; + exsltDateValPtr ret; ++ char *source_date_epoch; + + ret = exsltDateCreateDate(XS_DATETIME); + if (ret == NULL) + return NULL; + +- /* get current time */ + secs = time(NULL); ++ /* ++ * Allow the date and time to be set externally by an exported ++ * environment variable to enable reproducible builds. ++ */ ++ source_date_epoch = getenv("SOURCE_DATE_EPOCH"); ++ if (source_date_epoch) { ++ errno = 0; ++ secs = (time_t) strtol (source_date_epoch, NULL, 10); ++ if (errno == 0) { ++ tb = gmtime(&secs); ++ if (tb == NULL) { ++ /* SOURCE_DATE_EPOCH is not a valid date */ ++ return NULL; ++ } else { ++ localTm = *tb; ++ } ++ } else { ++ /* SOURCE_DATE_EPOCH is not a valid number */ ++ return NULL; ++ } ++ } else { ++ /* get current time */ + #if HAVE_LOCALTIME_R +- localtime_r(&secs, &localTm); ++ localtime_r(&secs, &localTm); + #else +- localTm = *localtime(&secs); ++ localTm = *localtime(&secs); + #endif ++ } ++ + + /* get real year, not years since 1900 */ + ret->value.date.year = localTm.tm_year + 1900; diff --git a/gnu/packages/patches/procps-non-linux.patch b/gnu/packages/patches/procps-non-linux.patch new file mode 100644 index 0000000000..9d369aeb2c --- /dev/null +++ b/gnu/packages/patches/procps-non-linux.patch @@ -0,0 +1,40 @@ +From aa9bd38d0a6fe53aff7f78fb2d9f61e55677c7b5 Mon Sep 17 00:00:00 2001 +From: Craig Small <csmall@enc.com.au> +Date: Sun, 17 Apr 2016 09:09:41 +1000 +Subject: [PATCH] tests: Conditionally add prctl to test process + +prctl was already bypassed on Cygwin systems. This extends to +non-Linux systems such as kFreeBSD and Hurd. + +--- + lib/test_process.c | 4 ++-- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/lib/test_process.c b/lib/test_process.c +index 6e652ed..6a4776c 100644 +--- a/lib/test_process.c ++++ b/lib/test_process.c +@@ -21,7 +21,9 @@ + #include <stdlib.h> + #include <unistd.h> + #include <signal.h> ++#ifdef __linux__ + #include <sys/prctl.h> ++#endif + #include "c.h" + + #define DEFAULT_SLEEPTIME 300 +@@ -78,8 +80,10 @@ + sigaction(SIGUSR1, &signal_action, NULL); + sigaction(SIGUSR2, &signal_action, NULL); + ++#ifdef __linux__ + /* set process name */ + prctl(PR_SET_NAME, MY_NAME, NULL, NULL, NULL); ++#endif + + while (sleep_time > 0) { + sleep_time = sleep(sleep_time); +-- +2.8.2 + diff --git a/gnu/packages/patches/tar-d_ino_in_dirent-fix.patch b/gnu/packages/patches/tar-d_ino_in_dirent-fix.patch deleted file mode 100644 index 39d8e2b20a..0000000000 --- a/gnu/packages/patches/tar-d_ino_in_dirent-fix.patch +++ /dev/null @@ -1,33 +0,0 @@ -commit e9ddc08da0982f36581ae5a8c7763453ff41cfe8 -Author: Sergey Poznyakoff <gray@gnu.org> -Date: Thu Sep 25 00:22:16 2014 +0300 - - Bugfixes. - - * doc/tar.1: Fix typo in font spec. - * src/tar.c (sort_mode_arg, sort_mode_flag): Protect "inode" - (SAVEDIR_SORT_INODE) with D_INO_IN_DIRENT - -diff --git a/src/tar.c b/src/tar.c -index 225c624..f8102e0 100644 ---- a/src/tar.c -+++ b/src/tar.c -@@ -1341,14 +1341,18 @@ static char filename_terminator; - static char const *const sort_mode_arg[] = { - "none", - "name", -+#if D_INO_IN_DIRENT - "inode", -+#endif - NULL - }; - - static int sort_mode_flag[] = { - SAVEDIR_SORT_NONE, - SAVEDIR_SORT_NAME, -+#if D_INO_IN_DIRENT - SAVEDIR_SORT_INODE -+#endif - }; - - ARGMATCH_VERIFY (sort_mode_arg, sort_mode_flag); \ No newline at end of file |