From dbe607925a32f0dfc47550a4ddc3ec15bcb1115e Mon Sep 17 00:00:00 2001 From: Lars-Dominik Braun Date: Mon, 7 Jun 2021 09:31:03 +0200 Subject: gnu: xpra: Update to 4.2. Fixes . * gnu/packages/xorg.scm (xpra): Update to 4.2. [source]: Switch to ".tar.gz" archive and update patch file. [native-inputs]: Add pandoc. [arguments]: Adjust custom 'fix-paths phase for changes in source. * gnu/packages/patches/xpra-4.2-systemd-run.patch: Adapt to new version and rename file. * gnu/local.mk (dist_patch_DATA): Rename file. Signed-off-by: Lars-Dominik Braun --- gnu/local.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 153f6ee8d7..0599df8968 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1830,7 +1830,7 @@ dist_patch_DATA = \ %D%/packages/patches/xplanet-1.3.1-libdisplay_DisplayOutput.cpp.patch \ %D%/packages/patches/xplanet-1.3.1-libimage_gif.c.patch \ %D%/packages/patches/xplanet-1.3.1-xpUtil-Add2017LeapSecond.cpp.patch \ - %D%/packages/patches/xpra-4.0.1-systemd-run.patch \ + %D%/packages/patches/xpra-4.2-systemd-run.patch \ %D%/packages/patches/xsane-fix-memory-leak.patch \ %D%/packages/patches/xsane-fix-pdf-floats.patch \ %D%/packages/patches/xsane-fix-snprintf-buffer-length.patch \ -- cgit 1.4.1 From 9178566954cc7f34d2d991d31df4565adad93508 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 8 Jun 2021 10:43:10 +0200 Subject: gnu: polkit: Add replacement for CVE-2021-3560. * gnu/packages/patches/polkit-CVE-2021-3560.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/polkit.scm (polkit/fixed): New variable. (polkit)[replacement]: New field. --- gnu/local.mk | 1 + gnu/packages/patches/polkit-CVE-2021-3560.patch | 21 +++++++++++++++++++++ gnu/packages/polkit.scm | 8 ++++++++ 3 files changed, 30 insertions(+) create mode 100644 gnu/packages/patches/polkit-CVE-2021-3560.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 0599df8968..42c5ee0d31 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1555,6 +1555,7 @@ dist_patch_DATA = \ %D%/packages/patches/plib-CVE-2011-4620.patch \ %D%/packages/patches/plib-CVE-2012-4552.patch \ %D%/packages/patches/plotutils-spline-test.patch \ + %D%/packages/patches/polkit-CVE-2021-3560.patch \ %D%/packages/patches/portaudio-audacity-compat.patch \ %D%/packages/patches/portmidi-modular-build.patch \ %D%/packages/patches/postgresql-disable-resolve_symlinks.patch \ diff --git a/gnu/packages/patches/polkit-CVE-2021-3560.patch b/gnu/packages/patches/polkit-CVE-2021-3560.patch new file mode 100644 index 0000000000..9aa0373fda --- /dev/null +++ b/gnu/packages/patches/polkit-CVE-2021-3560.patch @@ -0,0 +1,21 @@ +This patch fixes CVE-2021-3560, "local privilege escalation using +polkit_system_bus_name_get_creds_sync()": + + https://www.openwall.com/lists/oss-security/2021/06/03/1 + +Patch from . + +diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c +index 8daa12cb9093c1d765c7b83654a2b8d0d382378e..8ed13631508dd96624898df90ee2ece4dcf3e1e5 100644 +--- a/src/polkit/polkitsystembusname.c ++++ b/src/polkit/polkitsystembusname.c +@@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus + while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) + g_main_context_iteration (tmp_context, TRUE); + ++ if (data.caught_error) ++ goto out; ++ + if (out_uid) + *out_uid = data.uid; + if (out_pid) diff --git a/gnu/packages/polkit.scm b/gnu/packages/polkit.scm index d868aceec2..40aa523b23 100644 --- a/gnu/packages/polkit.scm +++ b/gnu/packages/polkit.scm @@ -44,6 +44,7 @@ (package (name "polkit") (version "0.116") + (replacement polkit/fixed) (source (origin (method url-fetch) (uri (string-append @@ -135,6 +136,13 @@ making process with respect to granting access to privileged operations for unprivileged applications.") (license lgpl2.0+))) +(define polkit/fixed + (package + (inherit polkit) + (source (origin + (inherit (package-source polkit)) + (patches (search-patches "polkit-CVE-2021-3560.patch")))))) + (define-public polkit-qt (package (name "polkit-qt") -- cgit 1.4.1 From 2d115ea7edd4d5d85df18424e1e691935184a8c8 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Fri, 11 Jun 2021 02:05:33 +0200 Subject: gnu: grub: Update to 2.06. [source]: Remove upstreamed patches. * gnu/packages/patches/grub-setup-root.patch: Update patch. * gnu/packages/patches/grub-verifiers-Blocklist-fallout-cleanup.patch, gnu/packages/patches/grub-cross-system-i686.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. --- gnu/local.mk | 2 - gnu/packages/bootloaders.scm | 8 +- gnu/packages/patches/grub-cross-system-i686.patch | 96 --------------------- gnu/packages/patches/grub-setup-root.patch | 99 ++++++++++++---------- .../grub-verifiers-Blocklist-fallout-cleanup.patch | 41 --------- 5 files changed, 57 insertions(+), 189 deletions(-) delete mode 100644 gnu/packages/patches/grub-cross-system-i686.patch delete mode 100644 gnu/packages/patches/grub-verifiers-Blocklist-fallout-cleanup.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 42c5ee0d31..73556cc184 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1171,10 +1171,8 @@ dist_patch_DATA = \ %D%/packages/patches/grocsvs-dont-use-admiral.patch \ %D%/packages/patches/gromacs-tinyxml2.patch \ %D%/packages/patches/groovy-add-exceptionutilsgenerator.patch \ - %D%/packages/patches/grub-cross-system-i686.patch \ %D%/packages/patches/grub-efi-fat-serial-number.patch \ %D%/packages/patches/grub-setup-root.patch \ - %D%/packages/patches/grub-verifiers-Blocklist-fallout-cleanup.patch \ %D%/packages/patches/gspell-dash-test.patch \ %D%/packages/patches/gst-libav-64channels-stack-corruption.patch \ %D%/packages/patches/gst-plugins-bad-fix-overflow.patch \ diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm index ae3752cec3..79ea9ea345 100644 --- a/gnu/packages/bootloaders.scm +++ b/gnu/packages/bootloaders.scm @@ -88,18 +88,16 @@ (define-public grub (package (name "grub") - (version "2.04") + (version "2.06") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/grub/grub-" version ".tar.xz")) (sha256 (base32 - "0zgp5m3hmc9jh8wpjx6czzkh5id2y8n1k823x2mjvm2sk6b28ag5")) + "1qbycnxkx07arj9f2nlsi9kp0dyldspbv07ysdyd34qvz55a97mp")) (patches (search-patches "grub-efi-fat-serial-number.patch" - "grub-setup-root.patch" - "grub-verifiers-Blocklist-fallout-cleanup.patch" - "grub-cross-system-i686.patch")))) + "grub-setup-root.patch")))) (build-system gnu-build-system) (arguments `(#:configure-flags diff --git a/gnu/packages/patches/grub-cross-system-i686.patch b/gnu/packages/patches/grub-cross-system-i686.patch deleted file mode 100644 index 2715345d63..0000000000 --- a/gnu/packages/patches/grub-cross-system-i686.patch +++ /dev/null @@ -1,96 +0,0 @@ -Not upstreamed. -Fixes cross-build for the Hurd, from i686-linux, -see . - -From 17b242e7b80108f1467037e15b605595e4823b2e Mon Sep 17 00:00:00 2001 -From: "Jan (janneke) Nieuwenhuizen" -Date: Sun, 21 Jun 2020 15:10:40 +0200 -Subject: [PATCH v2] grub-core: Build fixes for i386 -Content-Transfer-Encoding: 8bit -Content-Type: text/plain; charset=UTF-8 - -* grub-core/lib/i386/relocator64.S: Avoid x86_64 instructions on i386. ---- - grub-core/lib/i386/relocator64.S | 33 +++++++++++++++++++++++++++++++- - 1 file changed, 32 insertions(+), 1 deletion(-) - -diff --git a/grub-core/lib/i386/relocator64.S b/grub-core/lib/i386/relocator64.S -index 148f38adb..ea39908c1 100644 ---- a/grub-core/lib/i386/relocator64.S -+++ b/grub-core/lib/i386/relocator64.S -@@ -63,7 +63,9 @@ VARIABLE(grub_relocator64_cr3) - movq %rax, %cr3 - #endif - -+#ifdef __x86_64__ - .code64 -+#endif - - /* mov imm64, %rax */ - .byte 0x48 -@@ -71,7 +73,14 @@ VARIABLE(grub_relocator64_cr3) - VARIABLE(grub_relocator64_rsp) - .quad 0 - -+#ifndef __x86_64__ -+ /* movq %rax, %rsp */ -+ .byte 0x48 -+ .byte 0x89 -+ .byte 0xc4 -+#else - movq %rax, %rsp -+#endif - - #ifdef GRUB_MACHINE_EFI - jmp LOCAL(skip_efi_stack_align) -@@ -85,7 +94,14 @@ VARIABLE(grub_relocator64_rsp) - */ - VARIABLE(grub_relocator64_efi_start) - /* Align the stack as UEFI spec requires. */ -+#ifndef __x86_64__ -+ .byte 0x48 -+ .byte 0x83 -+ .byte 0xe4 -+ .byte 0xf0 -+#else - andq $~15, %rsp -+#endif - - LOCAL(skip_efi_stack_align): - #endif -@@ -95,8 +111,15 @@ LOCAL(skip_efi_stack_align): - VARIABLE(grub_relocator64_rsi) - .quad 0 - -+#ifndef __x86_64__ -+ /* movq %rax, %rsi */ -+ .byte 0x48 -+ .byte 0x89 -+ .byte 0xc6 -+#else - movq %rax, %rsi -- -+#endif -+ - /* mov imm64, %rax */ - .byte 0x48 - .byte 0xb8 -@@ -128,6 +151,14 @@ VARIABLE(grub_relocator64_rdx) - #ifdef __APPLE__ - .byte 0xff, 0x25 - .quad 0 -+#elif !defined (__x86_64__) -+ /* jmp *LOCAL(jump_addr) (%rip) */ -+ .byte 0xff -+ .byte 0x25 -+ .byte 0 -+ .byte 0 -+ .byte 0 -+ .byte 0 - #else - jmp *LOCAL(jump_addr) (%rip) - #endif --- -Jan Nieuwenhuizen | GNU LilyPond http://lilypond.org -Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com - diff --git a/gnu/packages/patches/grub-setup-root.patch b/gnu/packages/patches/grub-setup-root.patch index 1abe9c383a..e64a7dd6be 100644 --- a/gnu/packages/patches/grub-setup-root.patch +++ b/gnu/packages/patches/grub-setup-root.patch @@ -1,9 +1,53 @@ This patch is taken from OpenWrt, see: -https://github.com/openwrt/openwrt/blob/master/package/boot/grub2/patches/100-grub_setup_root.patch. +https://github.com/openwrt/openwrt/blob/master/package/boot/grub2/patches/100-grub_setup_root.patch + +nckx changed `char *root' to lazily pacify -Werror=discarded-qualifiers. It allows to use grub-bios-setup on a raw disk-images, without root permissions. +--- a/include/grub/util/install.h ++++ b/include/grub/util/install.h +@@ -198,13 +198,13 @@ grub_install_get_image_target (const char *arg); + void + grub_util_bios_setup (const char *dir, + const char *boot_file, const char *core_file, +- const char *dest, int force, ++ char *root, const char *dest, int force, + int fs_probe, int allow_floppy, + int add_rs_codes, int warn_short_mbr_gap); + void + grub_util_sparc_setup (const char *dir, + const char *boot_file, const char *core_file, +- const char *dest, int force, ++ char *root, const char *dest, int force, + int fs_probe, int allow_floppy, + int add_rs_codes, int warn_short_mbr_gap); + +diff --git a/util/grub-install.c b/util/grub-install.c +index 0fbe7f78c..7f06aa1e3 100644 +--- a/util/grub-install.c ++++ b/util/grub-install.c +@@ -1721,7 +1721,7 @@ main (int argc, char *argv[]) + if (install_bootsector) + { + grub_util_bios_setup (platdir, "boot.img", "core.img", +- install_drive, force, ++ NULL, install_drive, force, + fs_probe, allow_floppy, add_rs_codes, + !grub_install_is_short_mbrgap_supported ()); + +@@ -1752,7 +1752,7 @@ main (int argc, char *argv[]) + if (install_bootsector) + { + grub_util_sparc_setup (platdir, "boot.img", "core.img", +- install_drive, force, ++ NULL, install_drive, force, + fs_probe, allow_floppy, + 0 /* unused */, 0 /* unused */ ); + +diff --git a/util/grub-setup.c b/util/grub-setup.c +index 1783224dd..48cde4950 100644 --- a/util/grub-setup.c +++ b/util/grub-setup.c @@ -87,6 +87,8 @@ static struct argp_option options[] = { @@ -23,7 +67,7 @@ It allows to use grub-bios-setup on a raw disk-images, without root permissions. int force; int fs_probe; int allow_floppy; -@@ -178,6 +181,13 @@ argp_parser (int key, char *arg, struct +@@ -178,6 +181,13 @@ argp_parser (int key, char *arg, struct argp_state *state) arguments->dev_map = xstrdup (arg); break; @@ -44,18 +88,21 @@ It allows to use grub-bios-setup on a raw disk-images, without root permissions. - dest_dev, arguments.force, + arguments.root_dev, dest_dev, arguments.force, arguments.fs_probe, arguments.allow_floppy, - arguments.add_rs_codes); + arguments.add_rs_codes, 0); +diff --git a/util/setup.c b/util/setup.c +index da5f2c07f..193745a9c 100644 --- a/util/setup.c +++ b/util/setup.c -@@ -252,13 +252,12 @@ identify_partmap (grub_disk_t disk __att +@@ -252,14 +252,13 @@ identify_partmap (grub_disk_t disk __attribute__ ((unused)), void SETUP (const char *dir, const char *boot_file, const char *core_file, - const char *dest, int force, + char *root, const char *dest, int force, int fs_probe, int allow_floppy, - int add_rs_codes __attribute__ ((unused))) /* unused on sparc64 */ + int add_rs_codes __attribute__ ((unused)), /* unused on sparc64 */ + int warn_small) { char *core_path; char *boot_img, *core_img, *boot_path; @@ -63,7 +110,7 @@ It allows to use grub-bios-setup on a raw disk-images, without root permissions. size_t boot_size, core_size; grub_uint16_t core_sectors; grub_device_t root_dev = 0, dest_dev, core_dev; -@@ -307,7 +306,10 @@ SETUP (const char *dir, +@@ -311,7 +310,10 @@ SETUP (const char *dir, core_dev = dest_dev; @@ -75,7 +122,7 @@ It allows to use grub-bios-setup on a raw disk-images, without root permissions. char **root_devices = grub_guess_root_devices (dir); char **cur; int found = 0; -@@ -320,6 +322,8 @@ SETUP (const char *dir, +@@ -324,6 +326,8 @@ SETUP (const char *dir, char *drive; grub_device_t try_dev; @@ -84,41 +131,3 @@ It allows to use grub-bios-setup on a raw disk-images, without root permissions. drive = grub_util_get_grub_dev (*cur); if (!drive) continue; ---- a/include/grub/util/install.h -+++ b/include/grub/util/install.h -@@ -191,13 +191,13 @@ grub_install_get_image_target (const cha - void - grub_util_bios_setup (const char *dir, - const char *boot_file, const char *core_file, -- const char *dest, int force, -+ char *root, const char *dest, int force, - int fs_probe, int allow_floppy, - int add_rs_codes); - void - grub_util_sparc_setup (const char *dir, - const char *boot_file, const char *core_file, -- const char *dest, int force, -+ char *root, const char *dest, int force, - int fs_probe, int allow_floppy, - int add_rs_codes); - ---- a/util/grub-install.c -+++ b/util/grub-install.c -@@ -1712,7 +1712,7 @@ main (int argc, char *argv[]) - /* Now perform the installation. */ - if (install_bootsector) - grub_util_bios_setup (platdir, "boot.img", "core.img", -- install_drive, force, -+ NULL, install_drive, force, - fs_probe, allow_floppy, add_rs_codes); - break; - } -@@ -1738,7 +1738,7 @@ main (int argc, char *argv[]) - /* Now perform the installation. */ - if (install_bootsector) - grub_util_sparc_setup (platdir, "boot.img", "core.img", -- install_drive, force, -+ NULL, install_drive, force, - fs_probe, allow_floppy, - 0 /* unused */ ); - break; diff --git a/gnu/packages/patches/grub-verifiers-Blocklist-fallout-cleanup.patch b/gnu/packages/patches/grub-verifiers-Blocklist-fallout-cleanup.patch deleted file mode 100644 index 2bea74ea95..0000000000 --- a/gnu/packages/patches/grub-verifiers-Blocklist-fallout-cleanup.patch +++ /dev/null @@ -1,41 +0,0 @@ -This patch is needed to build Grub on the Hurd. - -Taken from upstream: https://git.savannah.gnu.org/cgit/grub.git/commit//?id=dabdfa1c6a80639197d05f683a445fa8615517fe - -From 7606547586b2d6ca1b384e15e0358d3a3ddc48a6 Mon Sep 17 00:00:00 2001 -From: David Michael -Date: Fri, 5 Jul 2019 07:45:59 -0400 -Subject: verifiers: Blocklist fallout cleanup - -Blocklist fallout cleanup after commit 5c6f9bc15 (generic/blocklist: Fix -implicit declaration of function grub_file_filter_disable_compression()). - -Signed-off-by: David Michael -Reviewed-by: Daniel Kiper - ---- - grub-core/osdep/generic/blocklist.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/grub-core/osdep/generic/blocklist.c b/grub-core/osdep/generic/blocklist.c -index ea2a511b6..2d9040302 100644 ---- a/grub-core/osdep/generic/blocklist.c -+++ b/grub-core/osdep/generic/blocklist.c -@@ -59,7 +59,7 @@ grub_install_get_blocklist (grub_device_t root_dev, - - grub_disk_cache_invalidate_all (); - -- file = grub_file_open (core_path_dev, GRUB_FILE_TYPE_NONE | FILE_TYPE_NO_DECOMPRESS); -+ file = grub_file_open (core_path_dev, GRUB_FILE_TYPE_NONE | GRUB_FILE_TYPE_NO_DECOMPRESS); - if (file) - { - if (grub_file_size (file) != core_size) -@@ -116,7 +116,7 @@ grub_install_get_blocklist (grub_device_t root_dev, - - grub_file_t file; - /* Now read the core image to determine where the sectors are. */ -- file = grub_file_open (core_path_dev, GRUB_FILE_TYPE_NONE | FILE_TYPE_NO_DECOMPRESS); -+ file = grub_file_open (core_path_dev, GRUB_FILE_TYPE_NONE | GRUB_FILE_TYPE_NO_DECOMPRESS); - if (! file) - grub_util_error ("%s", grub_errmsg); - -- cgit 1.4.1 From 84b238c8f23a9379fccdede66034836ef8a29e1d Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sun, 13 Jun 2021 14:52:08 +0200 Subject: gnu: libcacard: Update to 2.8.0. * gnu/packages/patches/libcacard-unknown-variable.patch: New file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/spice.scm (libcacard): Update to 2.8.0. [source](patches): New field. [arguments]: Remove trailing #t. --- gnu/local.mk | 1 + .../patches/libcacard-unknown-variable.patch | 50 ++++++++++++++++++++++ gnu/packages/spice.scm | 12 +++--- 3 files changed, 57 insertions(+), 6 deletions(-) create mode 100644 gnu/packages/patches/libcacard-unknown-variable.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 73556cc184..db6cd96a40 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1324,6 +1324,7 @@ dist_patch_DATA = \ %D%/packages/patches/libbonobo-activation-test-race.patch \ %D%/packages/patches/libcaca-CVE-2021-3410-pt1.patch \ %D%/packages/patches/libcaca-CVE-2021-3410-pt2.patch \ + %D%/packages/patches/libcacard-unknown-variable.patch \ %D%/packages/patches/libcanberra-sound-theme-freedesktop.patch \ %D%/packages/patches/libcanberra-wayland-crash.patch \ %D%/packages/patches/libcroco-CVE-2020-12825.patch \ diff --git a/gnu/packages/patches/libcacard-unknown-variable.patch b/gnu/packages/patches/libcacard-unknown-variable.patch new file mode 100644 index 0000000000..830a3ee8c0 --- /dev/null +++ b/gnu/packages/patches/libcacard-unknown-variable.patch @@ -0,0 +1,50 @@ +Fix Meson error when test dependencies are missing. + +Based on this upstream commit, with some adjustments to apply on 2.8.0: +https://gitlab.freedesktop.org/spice/libcacard/-/commit/cf6121deb47e437aa566cfeb29a03da93c432394 + +diff --git a/tests/meson.build b/tests/meson.build +index 87945a2..baefaf5 100644 +--- a/tests/meson.build ++++ b/tests/meson.build +@@ -9,15 +9,6 @@ modutil_dep = find_program('modutil', required: false) + openssl_dep = find_program('openssl', required: false) + softhsm_util_dep = find_program('softhsm2-util', required: false) + +-if pkcs11_tool_dep.found() and p11tool_dep.found() and modutil_dep.found() and openssl_dep.found() and softhsm_util_dep.found() +- softhsm = custom_target( +- 'softhsm2.conf', +- command: find_program('setup-softhsm2.sh'), +- capture: true, +- output: 'setup-softhsm2.log', +- ) +-endif +- + libcacard_test = executable( + 'libcacard', + ['libcacard.c', 'common.c'], +@@ -64,9 +55,18 @@ hwtests_test = executable( + dependencies: [libcacard_dep], + ) + +-test( +- 'hwtests', +- hwtests_test, +- depends: [softhsm], +- env: env, +-) ++if pkcs11_tool_dep.found() and p11tool_dep.found() and modutil_dep.found() and openssl_dep.found() and softhsm_util_dep.found() ++ softhsm = custom_target( ++ 'softhsm2.conf', ++ command: find_program('setup-softhsm2.sh'), ++ capture: true, ++ output: 'setup-softhsm2.log', ++ ) ++ ++ test( ++ 'hwtests', ++ hwtests_test, ++ depends: [softhsm], ++ env: env, ++ ) ++endif diff --git a/gnu/packages/spice.scm b/gnu/packages/spice.scm index 9833ddaf05..561f4e4ca5 100644 --- a/gnu/packages/spice.scm +++ b/gnu/packages/spice.scm @@ -329,17 +329,18 @@ resolution scaling on graphical console window resize.") (define-public libcacard (package (name "libcacard") - (version "2.7.0") + (version "2.8.0") (source (origin (method url-fetch) (uri (string-append "https://gitlab.freedesktop.org/spice/libcacard/uploads/" - "56cb2499198e78e560a1d4c716cd8ab1" + "9d8f24b131bcbbd7846727ea92952cb5" "/libcacard-" version ".tar.xz")) + (patches (search-patches "libcacard-unknown-variable.patch")) (sha256 (base32 - "0vyvkk4b6xjwq1ccggql13c1x7g4y90clpkqw28257azgn2a1c8n")))) - (build-system gnu-build-system) + "0azj3rqr2smg0lai24xrn3zr628xmjfrzcggay877zrr64ybj1c0")))) + (build-system meson-build-system) (arguments '(#:tests? #f ; TODO Tests require gnutls built with ; p11-kit @@ -350,8 +351,7 @@ resolution scaling on graphical console window resize.") (substitute* "tests/setup-softhsm2.sh" (("\\/usr\\/lib64\\/pkcs11\\/libsofthsm2\\.so") (string-append (assoc-ref inputs "softhsm") - "/lib/softhsm/libsofthsm2.so"))) - #t))))) + "/lib/softhsm/libsofthsm2.so")))))))) (propagated-inputs `(("glib" ,glib) ; Requires: in the pkg-config file ("nss" ,nss))) ; Requires.private: in the pkg-config -- cgit 1.4.1 From 628a6c51d40158b92a6d7027f20d9ea2a8db0cca Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sun, 13 Jun 2021 15:07:13 +0200 Subject: gnu: QEMU: Fix compatibility with Meson 0.58. * gnu/packages/patches/qemu-meson-compat.patch: New file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/virtualization.scm (qemu)[source](patches): Add it. --- gnu/local.mk | 1 + gnu/packages/patches/qemu-meson-compat.patch | 27 +++++++++++++++++++++++++++ gnu/packages/virtualization.scm | 1 + 3 files changed, 29 insertions(+) create mode 100644 gnu/packages/patches/qemu-meson-compat.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index db6cd96a40..94a65ea443 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1623,6 +1623,7 @@ dist_patch_DATA = \ %D%/packages/patches/pypy3-7.3.1-fix-tests.patch \ %D%/packages/patches/qemu-build-info-manual.patch \ %D%/packages/patches/qemu-CVE-2021-20203.patch \ + %D%/packages/patches/qemu-meson-compat.patch \ %D%/packages/patches/qemu-glibc-2.27.patch \ %D%/packages/patches/qemu-glibc-2.30.patch \ %D%/packages/patches/qpdfview-qt515-compat.patch \ diff --git a/gnu/packages/patches/qemu-meson-compat.patch b/gnu/packages/patches/qemu-meson-compat.patch new file mode 100644 index 0000000000..e6968c57dc --- /dev/null +++ b/gnu/packages/patches/qemu-meson-compat.patch @@ -0,0 +1,27 @@ +Fix a build failure that occurs with newer versions of Meson when +gdbus-codegen is unavailable. + +Taken from upstream: +https://gitlab.com/qemu-project/qemu/-/commit/5ecfb76ccc056eb6127e44268e475827ae73b9e0 + +diff --git a/configure b/configure +--- a/configure ++++ b/configure +@@ -3341,7 +3341,7 @@ if ! test "$gio" = "no"; then + gio_cflags=$($pkg_config --cflags gio-2.0) + gio_libs=$($pkg_config --libs gio-2.0) + gdbus_codegen=$($pkg_config --variable=gdbus_codegen gio-2.0) +- if [ ! -x "$gdbus_codegen" ]; then ++ if ! has "$gdbus_codegen"; then + gdbus_codegen= + fi + # Check that the libraries actually work -- Ubuntu 18.04 ships +@@ -5704,6 +5704,8 @@ if test "$gio" = "yes" ; then + echo "CONFIG_GIO=y" >> $config_host_mak + echo "GIO_CFLAGS=$gio_cflags" >> $config_host_mak + echo "GIO_LIBS=$gio_libs" >> $config_host_mak ++fi ++if test "$gdbus_codegen" != "" ; then + echo "GDBUS_CODEGEN=$gdbus_codegen" >> $config_host_mak + fi + echo "CONFIG_TLS_PRIORITY=\"$tls_priority\"" >> $config_host_mak diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index 56be98c8f5..a38d1c5aa1 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -152,6 +152,7 @@ (base32 "1f9hz8rf12jm8baa7kda34yl4hyl0xh0c4ap03krfjx23i3img47")) (patches (search-patches "qemu-CVE-2021-20203.patch" + "qemu-meson-compat.patch" "qemu-build-info-manual.patch")) (modules '((guix build utils))) (snippet -- cgit 1.4.1 From ee48e784b9c5f77338224114fd1e27a1a63103aa Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sun, 13 Jun 2021 14:44:16 -0400 Subject: gnu: connman: Fix CVE-2021-33833. * gnu/packages/patches/connman-CVE-2021-33833.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/connman.scm (connman)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/connman.scm | 5 +- gnu/packages/patches/connman-CVE-2021-33833.patch | 74 +++++++++++++++++++++++ 3 files changed, 78 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/connman-CVE-2021-33833.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 94a65ea443..fdbf2272ed 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -920,6 +920,7 @@ dist_patch_DATA = \ %D%/packages/patches/collectd-5.11.0-noinstallvar.patch \ %D%/packages/patches/combinatorial-blas-awpm.patch \ %D%/packages/patches/combinatorial-blas-io-fix.patch \ + %D%/packages/patches/connman-CVE-2021-33833.patch \ %D%/packages/patches/coreutils-ls.patch \ %D%/packages/patches/cpufrequtils-fix-aclocal.patch \ %D%/packages/patches/crawl-upgrade-saves.patch \ diff --git a/gnu/packages/connman.scm b/gnu/packages/connman.scm index e6d97db0fd..74db5fc919 100644 --- a/gnu/packages/connman.scm +++ b/gnu/packages/connman.scm @@ -50,8 +50,9 @@ (method url-fetch) (uri (string-append "mirror://kernel.org/linux/network/connman/" "connman-" version ".tar.xz")) - (sha256 - (base32 "1wqs307vjphhh73qbqk25zxhhqwn1mdk6bpzl5qcd4blkcbafqlz")))) + (patches (search-patches "connman-CVE-2021-33833.patch")) + (sha256 + (base32 "1wqs307vjphhh73qbqk25zxhhqwn1mdk6bpzl5qcd4blkcbafqlz")))) (build-system gnu-build-system) (arguments `(#:configure-flags diff --git a/gnu/packages/patches/connman-CVE-2021-33833.patch b/gnu/packages/patches/connman-CVE-2021-33833.patch new file mode 100644 index 0000000000..3e1a19d961 --- /dev/null +++ b/gnu/packages/patches/connman-CVE-2021-33833.patch @@ -0,0 +1,74 @@ +Fix CVE-2021-33833: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33833 + +Patch copied from upstream source repository: + +https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=eceb2e8d2341c041df55a5e2f047d9a8c491463c + +From eceb2e8d2341c041df55a5e2f047d9a8c491463c Mon Sep 17 00:00:00 2001 +From: Valery Kashcheev +Date: Mon, 7 Jun 2021 18:58:24 +0200 +Subject: [PATCH] dnsproxy: Check the length of buffers before memcpy + +Fix using a stack-based buffer overflow attack by checking the length of +the ptr and uptr buffers. + +Fix debug message output. + +Fixes: CVE-2021-33833 +--- + src/dnsproxy.c | 20 +++++++++++--------- + 1 file changed, 11 insertions(+), 9 deletions(-) + +diff --git a/src/dnsproxy.c b/src/dnsproxy.c +index de52df5a..38dbdd71 100644 +--- a/src/dnsproxy.c ++++ b/src/dnsproxy.c +@@ -1788,17 +1788,15 @@ static char *uncompress(int16_t field_count, char *start, char *end, + * tmp buffer. + */ + +- debug("pos %d ulen %d left %d name %s", pos, ulen, +- (int)(uncomp_len - (uptr - uncompressed)), uptr); +- +- ulen = strlen(name); +- if ((uptr + ulen + 1) > uncomp_end) { ++ ulen = strlen(name) + 1; ++ if ((uptr + ulen) > uncomp_end) + goto out; +- } +- strncpy(uptr, name, uncomp_len - (uptr - uncompressed)); ++ strncpy(uptr, name, ulen); ++ ++ debug("pos %d ulen %d left %d name %s", pos, ulen, ++ (int)(uncomp_end - (uptr + ulen)), uptr); + + uptr += ulen; +- *uptr++ = '\0'; + + ptr += pos; + +@@ -1841,7 +1839,7 @@ static char *uncompress(int16_t field_count, char *start, char *end, + } else if (dns_type == ns_t_a || dns_type == ns_t_aaaa) { + dlen = uptr[-2] << 8 | uptr[-1]; + +- if (ptr + dlen > end) { ++ if ((ptr + dlen) > end || (uptr + dlen) > uncomp_end) { + debug("data len %d too long", dlen); + goto out; + } +@@ -1880,6 +1878,10 @@ static char *uncompress(int16_t field_count, char *start, char *end, + * refresh interval, retry interval, expiration + * limit and minimum ttl). They are 20 bytes long. + */ ++ if ((uptr + 20) > uncomp_end || (ptr + 20) > end) { ++ debug("soa record too long"); ++ goto out; ++ } + memcpy(uptr, ptr, 20); + uptr += 20; + ptr += 20; +-- +2.32.0 + -- cgit 1.4.1 From 3abaca2aaed87927b18d80381fe64897ac889f8c Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Sun, 13 Jun 2021 20:03:29 -0400 Subject: gnu: nettle-3.5: Add replacement to fix CVE-2021-3580 et al. * gnu/packages/patches/nettle-3.5-check-_pkcs1_sec_decrypt-msg-len.patch, gnu/packages/patches/nettle-3.5-CVE-2021-3580-pt1.patch, gnu/packages/patches/nettle-3.5-CVE-2021-3580-pt2.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/nettle.scm (nettle)[replacement]: New field. (nettle-3.5/fixed): New variable. --- gnu/local.mk | 3 + gnu/packages/nettle.scm | 11 +- .../patches/nettle-3.5-CVE-2021-3580-pt1.patch | 276 +++++++++++++++++++++ .../patches/nettle-3.5-CVE-2021-3580-pt2.patch | 163 ++++++++++++ ...ttle-3.5-check-_pkcs1_sec_decrypt-msg-len.patch | 78 ++++++ 5 files changed, 530 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/nettle-3.5-CVE-2021-3580-pt1.patch create mode 100644 gnu/packages/patches/nettle-3.5-CVE-2021-3580-pt2.patch create mode 100644 gnu/packages/patches/nettle-3.5-check-_pkcs1_sec_decrypt-msg-len.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index fdbf2272ed..f1a6d69bf6 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1462,6 +1462,9 @@ dist_patch_DATA = \ %D%/packages/patches/netsurf-system-utf8proc.patch \ %D%/packages/patches/netsurf-y2038-tests.patch \ %D%/packages/patches/netsurf-longer-test-timeout.patch \ + %D%/packages/patches/nettle-3.5-check-_pkcs1_sec_decrypt-msg-len.patch \ + %D%/packages/patches/nettle-3.5-CVE-2021-3580-pt1.patch \ + %D%/packages/patches/nettle-3.5-CVE-2021-3580-pt2.patch \ %D%/packages/patches/nfs4-acl-tools-0.3.7-fixpaths.patch \ %D%/packages/patches/ngircd-handle-zombies.patch \ %D%/packages/patches/network-manager-plugin-path.patch \ diff --git a/gnu/packages/nettle.scm b/gnu/packages/nettle.scm index 753e2d6e7e..3d394dc746 100644 --- a/gnu/packages/nettle.scm +++ b/gnu/packages/nettle.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès -;;; Copyright © 2016 Mark H Weaver +;;; Copyright © 2016, 2021 Mark H Weaver ;;; Copyright © 2017 Efraim Flashner ;;; Copyright © 2021 Maxim Cournoyer ;;; @@ -25,6 +25,7 @@ #:use-module (guix packages) #:use-module (guix download) #:use-module (guix build-system gnu) + #:use-module (gnu packages) #:use-module (gnu packages multiprecision) #:use-module (gnu packages m4)) @@ -77,6 +78,7 @@ themselves.") ;; cannot use it yet. So keep it separate. (package (inherit nettle-2) (version "3.5.1") + (replacement nettle-3.5/fixed) (source (origin (method url-fetch) (uri (string-append "mirror://gnu/nettle/nettle-" @@ -91,6 +93,13 @@ themselves.") ;; at run time based on CPU features (starting from 3.1.) `(cons "--enable-fat" ,flags)))))) +(define nettle-3.5/fixed + (package-with-extra-patches + nettle-3.5 + (search-patches "nettle-3.5-check-_pkcs1_sec_decrypt-msg-len.patch" + "nettle-3.5-CVE-2021-3580-pt1.patch" + "nettle-3.5-CVE-2021-3580-pt2.patch"))) + (define-public nettle-3.7 (package (inherit nettle-3.5) (version "3.7.2") diff --git a/gnu/packages/patches/nettle-3.5-CVE-2021-3580-pt1.patch b/gnu/packages/patches/nettle-3.5-CVE-2021-3580-pt1.patch new file mode 100644 index 0000000000..4343c87795 --- /dev/null +++ b/gnu/packages/patches/nettle-3.5-CVE-2021-3580-pt1.patch @@ -0,0 +1,276 @@ +Copied from upstream nettle git repository. +Removed changes to ChangeLog, to allow this patch to apply to nettle-3.5. + +From 485b5e2820a057e873b1ba812fdb39cae4adf98c Mon Sep 17 00:00:00 2001 +From: Niels Möller +Date: Mon, 17 May 2021 20:55:26 +0200 +Subject: [PATCH 1/2] Change _rsa_sec_compute_root_tr to take a fix input size. + +Improves consistency with _rsa_sec_compute_root, and fixes zero-input bug. +--- + ChangeLog | 15 +++++++++ + rsa-decrypt-tr.c | 7 ++--- + rsa-internal.h | 4 +-- + rsa-sec-decrypt.c | 9 ++++-- + rsa-sign-tr.c | 61 +++++++++++++++++------------------- + testsuite/rsa-encrypt-test.c | 14 ++++++++- + 6 files changed, 68 insertions(+), 42 deletions(-) + +diff --git a/rsa-decrypt-tr.c b/rsa-decrypt-tr.c +index 0224c0b7..927a8915 100644 +--- a/rsa-decrypt-tr.c ++++ b/rsa-decrypt-tr.c +@@ -52,14 +52,13 @@ rsa_decrypt_tr(const struct rsa_public_key *pub, + mp_size_t key_limb_size; + int res; + +- key_limb_size = NETTLE_OCTET_SIZE_TO_LIMB_SIZE(key->size); ++ key_limb_size = mpz_size(pub->n); + + TMP_GMP_ALLOC (m, key_limb_size); + TMP_GMP_ALLOC (em, key->size); ++ mpz_limbs_copy(m, gibberish, key_limb_size); + +- res = _rsa_sec_compute_root_tr (pub, key, random_ctx, random, m, +- mpz_limbs_read(gibberish), +- mpz_size(gibberish)); ++ res = _rsa_sec_compute_root_tr (pub, key, random_ctx, random, m, m); + + mpn_get_base256 (em, key->size, m, key_limb_size); + +diff --git a/rsa-internal.h b/rsa-internal.h +index b828e451..f66a7df0 100644 +--- a/rsa-internal.h ++++ b/rsa-internal.h +@@ -78,11 +78,11 @@ _rsa_sec_compute_root(const struct rsa_private_key *key, + mp_limb_t *scratch); + + /* Safe side-channel silent variant, using RSA blinding, and checking the +- * result after CRT. */ ++ * result after CRT. In-place calls, with x == m, is allowed. */ + int + _rsa_sec_compute_root_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, +- mp_limb_t *x, const mp_limb_t *m, size_t mn); ++ mp_limb_t *x, const mp_limb_t *m); + + #endif /* NETTLE_RSA_INTERNAL_H_INCLUDED */ +diff --git a/rsa-sec-decrypt.c b/rsa-sec-decrypt.c +index 6866e7c8..fc4757a0 100644 +--- a/rsa-sec-decrypt.c ++++ b/rsa-sec-decrypt.c +@@ -58,9 +58,12 @@ rsa_sec_decrypt(const struct rsa_public_key *pub, + TMP_GMP_ALLOC (m, mpz_size(pub->n)); + TMP_GMP_ALLOC (em, key->size); + +- res = _rsa_sec_compute_root_tr (pub, key, random_ctx, random, m, +- mpz_limbs_read(gibberish), +- mpz_size(gibberish)); ++ /* We need a copy because m can be shorter than key_size, ++ * but _rsa_sec_compute_root_tr expect all inputs to be ++ * normalized to a key_size long buffer length */ ++ mpz_limbs_copy(m, gibberish, mpz_size(pub->n)); ++ ++ res = _rsa_sec_compute_root_tr (pub, key, random_ctx, random, m, m); + + mpn_get_base256 (em, key->size, m, mpz_size(pub->n)); + +diff --git a/rsa-sign-tr.c b/rsa-sign-tr.c +index f824c4ca..9e137c7a 100644 +--- a/rsa-sign-tr.c ++++ b/rsa-sign-tr.c +@@ -131,35 +131,34 @@ int + _rsa_sec_compute_root_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, +- mp_limb_t *x, const mp_limb_t *m, size_t mn) ++ mp_limb_t *x, const mp_limb_t *m) + { ++ mp_size_t nn; + mpz_t mz; + mpz_t xz; + int res; + +- mpz_init(mz); + mpz_init(xz); + +- mpn_copyi(mpz_limbs_write(mz, mn), m, mn); +- mpz_limbs_finish(mz, mn); ++ nn = mpz_size (pub->n); + +- res = rsa_compute_root_tr(pub, key, random_ctx, random, xz, mz); ++ res = rsa_compute_root_tr(pub, key, random_ctx, random, xz, ++ mpz_roinit_n(mz, m, nn)); + + if (res) +- mpz_limbs_copy(x, xz, mpz_size(pub->n)); ++ mpz_limbs_copy(x, xz, nn); + +- mpz_clear(mz); + mpz_clear(xz); + return res; + } + #else + /* Blinds m, by computing c = m r^e (mod n), for a random r. Also +- returns the inverse (ri), for use by rsa_unblind. */ ++ returns the inverse (ri), for use by rsa_unblind. Must have c != m, ++ no in-place operation.*/ + static void + rsa_sec_blind (const struct rsa_public_key *pub, + void *random_ctx, nettle_random_func *random, +- mp_limb_t *c, mp_limb_t *ri, const mp_limb_t *m, +- mp_size_t mn) ++ mp_limb_t *c, mp_limb_t *ri, const mp_limb_t *m) + { + const mp_limb_t *ep = mpz_limbs_read (pub->e); + const mp_limb_t *np = mpz_limbs_read (pub->n); +@@ -177,15 +176,15 @@ rsa_sec_blind (const struct rsa_public_key *pub, + + /* c = m*(r^e) mod n */ + itch = mpn_sec_powm_itch(nn, ebn, nn); +- i2 = mpn_sec_mul_itch(nn, mn); ++ i2 = mpn_sec_mul_itch(nn, nn); + itch = MAX(itch, i2); +- i2 = mpn_sec_div_r_itch(nn + mn, nn); ++ i2 = mpn_sec_div_r_itch(2*nn, nn); + itch = MAX(itch, i2); + i2 = mpn_sec_invert_itch(nn); + itch = MAX(itch, i2); + +- TMP_GMP_ALLOC (tp, nn + mn + itch); +- scratch = tp + nn + mn; ++ TMP_GMP_ALLOC (tp, 2*nn + itch); ++ scratch = tp + 2*nn; + + /* ri = r^(-1) */ + do +@@ -198,9 +197,8 @@ rsa_sec_blind (const struct rsa_public_key *pub, + while (!mpn_sec_invert (ri, tp, np, nn, 2 * nn * GMP_NUMB_BITS, scratch)); + + mpn_sec_powm (c, rp, nn, ep, ebn, np, nn, scratch); +- /* normally mn == nn, but m can be smaller in some cases */ +- mpn_sec_mul (tp, c, nn, m, mn, scratch); +- mpn_sec_div_r (tp, nn + mn, np, nn, scratch); ++ mpn_sec_mul (tp, c, nn, m, nn, scratch); ++ mpn_sec_div_r (tp, 2*nn, np, nn, scratch); + mpn_copyi(c, tp, nn); + + TMP_GMP_FREE (r); +@@ -208,7 +206,7 @@ rsa_sec_blind (const struct rsa_public_key *pub, + TMP_GMP_FREE (tp); + } + +-/* m = c ri mod n */ ++/* m = c ri mod n. Allows x == c. */ + static void + rsa_sec_unblind (const struct rsa_public_key *pub, + mp_limb_t *x, mp_limb_t *ri, const mp_limb_t *c) +@@ -299,7 +297,7 @@ int + _rsa_sec_compute_root_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, +- mp_limb_t *x, const mp_limb_t *m, size_t mn) ++ mp_limb_t *x, const mp_limb_t *m) + { + TMP_GMP_DECL (c, mp_limb_t); + TMP_GMP_DECL (ri, mp_limb_t); +@@ -307,7 +305,7 @@ _rsa_sec_compute_root_tr(const struct rsa_public_key *pub, + size_t key_limb_size; + int ret; + +- key_limb_size = NETTLE_OCTET_SIZE_TO_LIMB_SIZE(key->size); ++ key_limb_size = mpz_size(pub->n); + + /* mpz_powm_sec handles only odd moduli. If p, q or n is even, the + key is invalid and rejected by rsa_private_key_prepare. However, +@@ -321,19 +319,18 @@ _rsa_sec_compute_root_tr(const struct rsa_public_key *pub, + } + + assert(mpz_size(pub->n) == key_limb_size); +- assert(mn <= key_limb_size); + + TMP_GMP_ALLOC (c, key_limb_size); + TMP_GMP_ALLOC (ri, key_limb_size); + TMP_GMP_ALLOC (scratch, _rsa_sec_compute_root_itch(key)); + +- rsa_sec_blind (pub, random_ctx, random, x, ri, m, mn); ++ rsa_sec_blind (pub, random_ctx, random, c, ri, m); + +- _rsa_sec_compute_root(key, c, x, scratch); ++ _rsa_sec_compute_root(key, x, c, scratch); + +- ret = rsa_sec_check_root(pub, c, x); ++ ret = rsa_sec_check_root(pub, x, c); + +- rsa_sec_unblind(pub, x, ri, c); ++ rsa_sec_unblind(pub, x, ri, x); + + cnd_mpn_zero(1 - ret, x, key_limb_size); + +@@ -357,17 +354,17 @@ rsa_compute_root_tr(const struct rsa_public_key *pub, + mpz_t x, const mpz_t m) + { + TMP_GMP_DECL (l, mp_limb_t); ++ mp_size_t nn = mpz_size(pub->n); + int res; + +- mp_size_t l_size = NETTLE_OCTET_SIZE_TO_LIMB_SIZE(key->size); +- TMP_GMP_ALLOC (l, l_size); ++ TMP_GMP_ALLOC (l, nn); ++ mpz_limbs_copy(l, m, nn); + +- res = _rsa_sec_compute_root_tr (pub, key, random_ctx, random, l, +- mpz_limbs_read(m), mpz_size(m)); ++ res = _rsa_sec_compute_root_tr (pub, key, random_ctx, random, l, l); + if (res) { +- mp_limb_t *xp = mpz_limbs_write (x, l_size); +- mpn_copyi (xp, l, l_size); +- mpz_limbs_finish (x, l_size); ++ mp_limb_t *xp = mpz_limbs_write (x, nn); ++ mpn_copyi (xp, l, nn); ++ mpz_limbs_finish (x, nn); + } + + TMP_GMP_FREE (l); +diff --git a/testsuite/rsa-encrypt-test.c b/testsuite/rsa-encrypt-test.c +index 87525f78..d3bc374b 100644 +--- a/testsuite/rsa-encrypt-test.c ++++ b/testsuite/rsa-encrypt-test.c +@@ -19,6 +19,7 @@ test_main(void) + uint8_t after; + + mpz_t gibberish; ++ mpz_t zero; + + rsa_private_key_init(&key); + rsa_public_key_init(&pub); +@@ -101,6 +102,17 @@ test_main(void) + ASSERT(decrypted[decrypted_length] == after); + ASSERT(decrypted[0] == 'A'); + ++ /* Test zero input. */ ++ mpz_init_set_ui (zero, 0); ++ decrypted_length = msg_length; ++ ASSERT(!rsa_decrypt(&key, &decrypted_length, decrypted, zero)); ++ ASSERT(!rsa_decrypt_tr(&pub, &key, ++ &lfib, (nettle_random_func *) knuth_lfib_random, ++ &decrypted_length, decrypted, zero)); ++ ASSERT(!rsa_sec_decrypt(&pub, &key, ++ &lfib, (nettle_random_func *) knuth_lfib_random, ++ decrypted_length, decrypted, zero)); ++ ASSERT(decrypted_length == msg_length); + + /* Test invalid key. */ + mpz_add_ui (key.q, key.q, 2); +@@ -112,6 +124,6 @@ test_main(void) + rsa_private_key_clear(&key); + rsa_public_key_clear(&pub); + mpz_clear(gibberish); ++ mpz_clear(zero); + free(decrypted); + } +- +-- +2.31.1 + diff --git a/gnu/packages/patches/nettle-3.5-CVE-2021-3580-pt2.patch b/gnu/packages/patches/nettle-3.5-CVE-2021-3580-pt2.patch new file mode 100644 index 0000000000..5f19bd80d3 --- /dev/null +++ b/gnu/packages/patches/nettle-3.5-CVE-2021-3580-pt2.patch @@ -0,0 +1,163 @@ +Copied from upstream nettle git repository. +Removed changes to ChangeLog, to allow this patch to apply to nettle-3.5. + +From 0ad0b5df315665250dfdaa4a1e087f4799edaefe Mon Sep 17 00:00:00 2001 +From: Niels Möller +Date: Mon, 17 May 2021 22:02:47 +0200 +Subject: [PATCH 2/2] Add input check to rsa_decrypt family of functions. + +--- + ChangeLog | 8 ++++++++ + rsa-decrypt-tr.c | 4 ++++ + rsa-decrypt.c | 10 ++++++++++ + rsa-sec-decrypt.c | 4 ++++ + rsa.h | 5 +++-- + testsuite/rsa-encrypt-test.c | 38 ++++++++++++++++++++++++++++++------ + 6 files changed, 61 insertions(+), 8 deletions(-) + +diff --git a/rsa-decrypt-tr.c b/rsa-decrypt-tr.c +index 927a8915..4a9e9d74 100644 +--- a/rsa-decrypt-tr.c ++++ b/rsa-decrypt-tr.c +@@ -52,6 +52,10 @@ rsa_decrypt_tr(const struct rsa_public_key *pub, + mp_size_t key_limb_size; + int res; + ++ /* First check that input is in range. */ ++ if (mpz_sgn (gibberish) < 0 || mpz_cmp (gibberish, pub->n) >= 0) ++ return 0; ++ + key_limb_size = mpz_size(pub->n); + + TMP_GMP_ALLOC (m, key_limb_size); +diff --git a/rsa-decrypt.c b/rsa-decrypt.c +index 7681439d..540d8baa 100644 +--- a/rsa-decrypt.c ++++ b/rsa-decrypt.c +@@ -48,6 +48,16 @@ rsa_decrypt(const struct rsa_private_key *key, + int res; + + mpz_init(m); ++ ++ /* First check that input is in range. Since we don't have the ++ public key available here, we need to reconstruct n. */ ++ mpz_mul (m, key->p, key->q); ++ if (mpz_sgn (gibberish) < 0 || mpz_cmp (gibberish, m) >= 0) ++ { ++ mpz_clear (m); ++ return 0; ++ } ++ + rsa_compute_root(key, m, gibberish); + + res = pkcs1_decrypt (key->size, m, length, message); +diff --git a/rsa-sec-decrypt.c b/rsa-sec-decrypt.c +index fc4757a0..4c98958d 100644 +--- a/rsa-sec-decrypt.c ++++ b/rsa-sec-decrypt.c +@@ -55,6 +55,10 @@ rsa_sec_decrypt(const struct rsa_public_key *pub, + TMP_GMP_DECL (em, uint8_t); + int res; + ++ /* First check that input is in range. */ ++ if (mpz_sgn (gibberish) < 0 || mpz_cmp (gibberish, pub->n) >= 0) ++ return 0; ++ + TMP_GMP_ALLOC (m, mpz_size(pub->n)); + TMP_GMP_ALLOC (em, key->size); + +diff --git a/rsa.h b/rsa.h +index 3b10155f..2dd35a2d 100644 +--- a/rsa.h ++++ b/rsa.h +@@ -428,13 +428,14 @@ rsa_sec_decrypt(const struct rsa_public_key *pub, + size_t length, uint8_t *message, + const mpz_t gibberish); + +-/* Compute x, the e:th root of m. Calling it with x == m is allowed. */ ++/* Compute x, the e:th root of m. Calling it with x == m is allowed. ++ It is required that 0 <= m < n. */ + void + rsa_compute_root(const struct rsa_private_key *key, + mpz_t x, const mpz_t m); + + /* Safer variant, using RSA blinding, and checking the result after +- CRT. */ ++ CRT. It is required that 0 <= m < n. */ + int + rsa_compute_root_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, +diff --git a/testsuite/rsa-encrypt-test.c b/testsuite/rsa-encrypt-test.c +index d3bc374b..d1a440f6 100644 +--- a/testsuite/rsa-encrypt-test.c ++++ b/testsuite/rsa-encrypt-test.c +@@ -19,11 +19,12 @@ test_main(void) + uint8_t after; + + mpz_t gibberish; +- mpz_t zero; ++ mpz_t bad_input; + + rsa_private_key_init(&key); + rsa_public_key_init(&pub); + mpz_init(gibberish); ++ mpz_init(bad_input); + + knuth_lfib_init(&lfib, 17); + +@@ -103,15 +104,40 @@ test_main(void) + ASSERT(decrypted[0] == 'A'); + + /* Test zero input. */ +- mpz_init_set_ui (zero, 0); ++ mpz_set_ui (bad_input, 0); + decrypted_length = msg_length; +- ASSERT(!rsa_decrypt(&key, &decrypted_length, decrypted, zero)); ++ ASSERT(!rsa_decrypt(&key, &decrypted_length, decrypted, bad_input)); + ASSERT(!rsa_decrypt_tr(&pub, &key, + &lfib, (nettle_random_func *) knuth_lfib_random, +- &decrypted_length, decrypted, zero)); ++ &decrypted_length, decrypted, bad_input)); + ASSERT(!rsa_sec_decrypt(&pub, &key, + &lfib, (nettle_random_func *) knuth_lfib_random, +- decrypted_length, decrypted, zero)); ++ decrypted_length, decrypted, bad_input)); ++ ASSERT(decrypted_length == msg_length); ++ ++ /* Test input that is slightly larger than n */ ++ mpz_add(bad_input, gibberish, pub.n); ++ decrypted_length = msg_length; ++ ASSERT(!rsa_decrypt(&key, &decrypted_length, decrypted, bad_input)); ++ ASSERT(!rsa_decrypt_tr(&pub, &key, ++ &lfib, (nettle_random_func *) knuth_lfib_random, ++ &decrypted_length, decrypted, bad_input)); ++ ASSERT(!rsa_sec_decrypt(&pub, &key, ++ &lfib, (nettle_random_func *) knuth_lfib_random, ++ decrypted_length, decrypted, bad_input)); ++ ASSERT(decrypted_length == msg_length); ++ ++ /* Test input that is considerably larger than n */ ++ mpz_mul_2exp (bad_input, pub.n, 100); ++ mpz_add (bad_input, bad_input, gibberish); ++ decrypted_length = msg_length; ++ ASSERT(!rsa_decrypt(&key, &decrypted_length, decrypted, bad_input)); ++ ASSERT(!rsa_decrypt_tr(&pub, &key, ++ &lfib, (nettle_random_func *) knuth_lfib_random, ++ &decrypted_length, decrypted, bad_input)); ++ ASSERT(!rsa_sec_decrypt(&pub, &key, ++ &lfib, (nettle_random_func *) knuth_lfib_random, ++ decrypted_length, decrypted, bad_input)); + ASSERT(decrypted_length == msg_length); + + /* Test invalid key. */ +@@ -124,6 +150,6 @@ test_main(void) + rsa_private_key_clear(&key); + rsa_public_key_clear(&pub); + mpz_clear(gibberish); +- mpz_clear(zero); ++ mpz_clear(bad_input); + free(decrypted); + } +-- +2.31.1 + diff --git a/gnu/packages/patches/nettle-3.5-check-_pkcs1_sec_decrypt-msg-len.patch b/gnu/packages/patches/nettle-3.5-check-_pkcs1_sec_decrypt-msg-len.patch new file mode 100644 index 0000000000..297816e698 --- /dev/null +++ b/gnu/packages/patches/nettle-3.5-check-_pkcs1_sec_decrypt-msg-len.patch @@ -0,0 +1,78 @@ +Copied from upstream nettle git repository. +Removed changes to ChangeLog, to allow this patch to apply to nettle-3.5. + +From 7616541e6eff73353bf682c62e3a68e4fe696707 Mon Sep 17 00:00:00 2001 +From: Niels Möller +Date: Thu, 6 May 2021 21:29:56 +0200 +Subject: [PATCH] Add check that message length to _pkcs1_sec_decrypt is valid. + +* pkcs1-sec-decrypt.c (_pkcs1_sec_decrypt): Check that message +length is valid, for given key size. +* testsuite/rsa-sec-decrypt-test.c (test_main): Add test cases for +calls to rsa_sec_decrypt specifying a too large message length. +--- + ChangeLog | 7 +++++++ + pkcs1-sec-decrypt.c | 4 +++- + testsuite/rsa-sec-decrypt-test.c | 17 ++++++++++++++++- + 3 files changed, 26 insertions(+), 2 deletions(-) + +diff --git a/pkcs1-sec-decrypt.c b/pkcs1-sec-decrypt.c +index 4f13080e..16833691 100644 +--- a/pkcs1-sec-decrypt.c ++++ b/pkcs1-sec-decrypt.c +@@ -63,7 +63,9 @@ _pkcs1_sec_decrypt (size_t length, uint8_t *message, + volatile int ok; + size_t i, t; + +- assert (padded_message_length >= length); ++ /* Message independent branch */ ++ if (length + 11 > padded_message_length) ++ return 0; + + t = padded_message_length - length - 1; + +diff --git a/testsuite/rsa-sec-decrypt-test.c b/testsuite/rsa-sec-decrypt-test.c +index fb0ed3a1..3419322e 100644 +--- a/testsuite/rsa-sec-decrypt-test.c ++++ b/testsuite/rsa-sec-decrypt-test.c +@@ -55,6 +55,7 @@ rsa_decrypt_for_test(const struct rsa_public_key *pub, + #endif + + #define PAYLOAD_SIZE 50 ++#define DECRYPTED_SIZE 256 + void + test_main(void) + { +@@ -63,7 +64,7 @@ test_main(void) + struct knuth_lfib_ctx random_ctx; + + uint8_t plaintext[PAYLOAD_SIZE]; +- uint8_t decrypted[PAYLOAD_SIZE]; ++ uint8_t decrypted[DECRYPTED_SIZE]; + uint8_t verifybad[PAYLOAD_SIZE]; + unsigned n_size = 1024; + mpz_t gibberish; +@@ -99,6 +100,20 @@ test_main(void) + PAYLOAD_SIZE, decrypted, gibberish) == 1); + ASSERT (MEMEQ (PAYLOAD_SIZE, plaintext, decrypted)); + ++ ASSERT (pub.size > 10); ++ ASSERT (pub.size <= DECRYPTED_SIZE); ++ ++ /* Check that too large message length is rejected, largest ++ valid size is pub.size - 11. */ ++ ASSERT (!rsa_decrypt_for_test (&pub, &key, &random_ctx, ++ (nettle_random_func *) knuth_lfib_random, ++ pub.size - 10, decrypted, gibberish)); ++ ++ /* This case used to result in arithmetic underflow and a crash. */ ++ ASSERT (!rsa_decrypt_for_test (&pub, &key, &random_ctx, ++ (nettle_random_func *) knuth_lfib_random, ++ pub.size, decrypted, gibberish)); ++ + /* bad one */ + memcpy(decrypted, verifybad, PAYLOAD_SIZE); + nettle_mpz_random_size(garbage, &random_ctx, +-- +2.31.1 + -- cgit 1.4.1 From b2f0271c64d68d79ad4371de0f7b510fd40addb5 Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Fri, 23 Apr 2021 16:32:00 +0200 Subject: gnu: Add irods. * gnu/packages/irods.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. --- gnu/local.mk | 1 + gnu/packages/irods.scm | 167 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 168 insertions(+) create mode 100644 gnu/packages/irods.scm (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index f1a6d69bf6..c59fa0f5be 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -297,6 +297,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/installers.scm \ %D%/packages/ipfs.scm \ %D%/packages/irc.scm \ + %D%/packages/irods.scm \ %D%/packages/iso-codes.scm \ %D%/packages/jami.scm \ %D%/packages/java.scm \ diff --git a/gnu/packages/irods.scm b/gnu/packages/irods.scm new file mode 100644 index 0000000000..ffd8ac4b5f --- /dev/null +++ b/gnu/packages/irods.scm @@ -0,0 +1,167 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2021 Ricardo Wurmus +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages irods) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (guix packages) + #:use-module (guix download) + #:use-module (guix build-system cmake) + #:use-module (guix utils) + #:use-module (gnu packages) + #:use-module (gnu packages backup) + #:use-module (gnu packages boost) + #:use-module (gnu packages check) + #:use-module (gnu packages compression) + #:use-module (gnu packages cpp) + #:use-module (gnu packages databases) + #:use-module (gnu packages gcc) + #:use-module (gnu packages kerberos) + #:use-module (gnu packages linux) + #:use-module (gnu packages llvm) + #:use-module (gnu packages logging) + #:use-module (gnu packages networking) + #:use-module (gnu packages pretty-print) + #:use-module (gnu packages python) + #:use-module (gnu packages serialization) + #:use-module (gnu packages tls) + #:use-module (srfi srfi-1)) + +(define-public irods + (package + (name "irods") + (version "4.2.8") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/irods/irods/releases/download/" + version "/irods-" version ".tar.gz")) + (sha256 + (base32 + "0ny54c3r0j692rvbr4iibg7xgd2i7g9x8yyrw04j889bywix14rc")))) + (build-system cmake-build-system) + (arguments + `(#:configure-flags + (list + "-DCMAKE_BUILD_TYPE=Release" + (string-append "-DCMAKE_MODULE_LINKER_FLAGS=-Wl,-rpath=" + (assoc-ref %outputs "out") "/lib") + (string-append "-DCMAKE_SHARED_LINKER_FLAGS=-Wl,-rpath=" + (assoc-ref %outputs "out") "/lib") + (string-append "-DCMAKE_EXE_LINKER_FLAGS=-Wl,-rpath=" + (assoc-ref %outputs "out") "/lib") + + ;; Configuration aborts if no generator format is set + "-DCPACK_GENERATOR=TGZ" + + ;; Configuration attempts to guess the distribution with Python. + "-DIRODS_LINUX_DISTRIBUTION_NAME=guix" + "-DIRODS_LINUX_DISTRIBUTION_VERSION_MAJOR=1" + + (string-append "-DIRODS_EXTERNALS_FULLPATH_CLANG=" + (assoc-ref %build-inputs "clang")) + (string-append "-DIRODS_EXTERNALS_FULLPATH_CLANG_RUNTIME=" + (assoc-ref %build-inputs "clang-runtime")) + (string-append "-DIRODS_EXTERNALS_FULLPATH_CPPZMQ=" + (assoc-ref %build-inputs "cppzmq")) + (string-append "-DIRODS_EXTERNALS_FULLPATH_ARCHIVE=" + (assoc-ref %build-inputs "libarchive")) + (string-append "-DIRODS_EXTERNALS_FULLPATH_AVRO=" + (assoc-ref %build-inputs "avro-cpp")) + (string-append "-DIRODS_EXTERNALS_FULLPATH_BOOST=" + (assoc-ref %build-inputs "boost")) + (string-append "-DIRODS_EXTERNALS_FULLPATH_ZMQ=" + (assoc-ref %build-inputs "zeromq")) + (string-append "-DIRODS_EXTERNALS_FULLPATH_JSON=" + (assoc-ref %build-inputs "json")) + (string-append "-DIRODS_EXTERNALS_FULLPATH_CATCH2=" + (assoc-ref %build-inputs "catch2")) + (string-append "-DIRODS_EXTERNALS_FULLPATH_NANODBC=" + (assoc-ref %build-inputs "nanodbc")) + (string-append "-DIRODS_EXTERNALS_FULLPATH_FMT=" + (assoc-ref %build-inputs "fmt"))) + + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'unset-Werror + (lambda _ + ;; -Werror kills the build due to a comparison REQUIRE(errs.size() == err->len); + ;; in unit_tests/src/test_irods_lifetime_manager.cpp + (substitute* "CMakeLists.txt" + (("-Werror") "")))) + (add-after 'unpack 'remove-FHS-and-prefix-assumptions + (lambda* (#:key inputs #:allow-other-keys) + (substitute* '("CMakeLists.txt" + "cmake/server.cmake" + "cmake/development_library.cmake" + "cmake/runtime_library.cmake") + (("usr/") "")) + (substitute* "lib/core/src/irods_default_paths.cpp" + (("path.append\\(\"usr\"\\)") "path") + (("path.remove_filename\\(\\).remove_filename\\(\\).remove_filename\\(\\)") + "path.remove_filename().remove_filename()")) + (substitute* "scripts/irods/paths.py" + (("'usr', 'lib', 'irods'") "'lib', 'irods'")) + (substitute* "scripts/irods/pypyodbc.py" + (("\"/usr/lib/libodbc.so\"") + (string-append (assoc-ref inputs "unixodbc") "/lib/libodbc.so"))))) + (add-after 'set-paths 'adjust-CPLUS_INCLUDE_PATH + (lambda* (#:key inputs #:allow-other-keys) + (let ((gcc (assoc-ref inputs "gcc"))) + (setenv "CPLUS_INCLUDE_PATH" + (string-join + (cons* (string-append (assoc-ref inputs "libcxx+libcxxabi") + "/include/c++/v1") + (string-append (assoc-ref inputs "catch2") + "/include/catch2") + (string-append (assoc-ref inputs "json") + "/include/nlohmann") + ;; Hide GCC's C++ headers so that they do not interfere with + ;; the Clang headers. + (delete (string-append gcc "/include/c++") + (string-split (getenv "CPLUS_INCLUDE_PATH") + #\:))) + ":")) + (format #true + "environment variable `CPLUS_INCLUDE_PATH' changed to ~a~%" + (getenv "CPLUS_INCLUDE_PATH")))))))) + (inputs + `(("avro-cpp" ,avro-cpp-1.9-for-irods) + ("boost" ,boost-for-irods) + ("cppzmq" ,cppzmq) + ("fmt" ,fmt-for-irods) + ("json" ,json-modern-cxx) + ("libarchive" ,libarchive) + ("libcxxabi" ,libcxxabi-6) ; we need this for linking with -lc++abi + ("linux-pam" ,linux-pam) + ("mit-krb5" ,mit-krb5) + ("nanodbc" ,nanodbc-for-irods) + ("openssl" ,openssl) + ("python" ,python-wrapper) + ("unixodbc" ,unixodbc) + ("zeromq" ,zeromq))) + (native-inputs + `(("catch2" ,catch-framework2) + ("clang" ,clang-toolchain-6) + ("clang-runtime" ,clang-runtime-6) + ("libcxx+libcxxabi" ,libcxx+libcxxabi-6))) + (home-page "https://irods.org") + (synopsis "Data management software") + (description "The Integrated Rule-Oriented Data System (iRODS) is data +management software. iRODS virtualizes data storage resources, so users can +take control of their data, regardless of where and on what device the data is +stored.") + (license license:bsd-3))) -- cgit 1.4.1 From 83d9e2ee56cb0ca2a644074ad232503e25ac7116 Mon Sep 17 00:00:00 2001 From: Carl Dong Date: Fri, 28 May 2021 16:23:01 -0400 Subject: gnu: gcc-8: Make static libs reproducible This fixes the nonreproducibility in gcc documented here: https://reproducible-builds.org/docs/archives/#gnu-libtool * gnu/packages/patches/gcc-8-sort-libtool-find-output.patch: New patch. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/gcc.scm (gcc-8)[source]: Apply it. --- gnu/local.mk | 1 + gnu/packages/gcc.scm | 3 +- .../patches/gcc-8-sort-libtool-find-output.patch | 399 +++++++++++++++++++++ 3 files changed, 402 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/gcc-8-sort-libtool-find-output.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index c59fa0f5be..1e79b42eee 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1067,6 +1067,7 @@ dist_patch_DATA = \ %D%/packages/patches/gcc-7-cross-environment-variables.patch \ %D%/packages/patches/gcc-7-cross-toolexeclibdir.patch \ %D%/packages/patches/gcc-8-cross-environment-variables.patch \ + %D%/packages/patches/gcc-8-sort-libtool-find-output.patch \ %D%/packages/patches/gcc-8-strmov-store-file-names.patch \ %D%/packages/patches/gcc-9-asan-fix-limits-include.patch \ %D%/packages/patches/gcc-9-strmov-store-file-names.patch \ diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm index 1fd5710e57..0a394615b5 100644 --- a/gnu/packages/gcc.scm +++ b/gnu/packages/gcc.scm @@ -563,7 +563,8 @@ It also includes runtime support libraries for these languages."))) (base32 "0l7d4m9jx124xsk6xardchgy2k5j5l2b15q322k31f0va4d8826k")) (patches (search-patches "gcc-8-strmov-store-file-names.patch" - "gcc-5.0-libvtv-runpath.patch")))))) + "gcc-5.0-libvtv-runpath.patch" + "gcc-8-sort-libtool-find-output.patch")))))) (define-public gcc-9 (package diff --git a/gnu/packages/patches/gcc-8-sort-libtool-find-output.patch b/gnu/packages/patches/gcc-8-sort-libtool-find-output.patch new file mode 100644 index 0000000000..5bdb15a1c4 --- /dev/null +++ b/gnu/packages/patches/gcc-8-sort-libtool-find-output.patch @@ -0,0 +1,399 @@ +Sort find output in autotool files to ensure reproducibility. + +Without sorting find output, static archives (such as libstdc++.a) are +unreproducible as wildcard find output has no ordering guarantees. + +Documented here: https://reproducible-builds.org/docs/archives/#gnu-libtool + +diff --git a/gcc/configure b/gcc/configure +index 97ba7d7d69c..e37a96f0c0c 100755 +--- a/gcc/configure ++++ b/gcc/configure +@@ -19720,20 +19720,20 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi + prelink_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ +- compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"' ++ compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"' + old_archive_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ +- $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~ ++ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~ + $RANLIB $oldlib' + archive_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ +- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' ++ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' + archive_expsym_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ +- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' ++ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' + ;; + *) # Version 6 and above use weak symbols + archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' +diff --git a/libcc1/configure b/libcc1/configure +index f53a121611c..5740ca90cab 100755 +--- a/libcc1/configure ++++ b/libcc1/configure +@@ -12221,20 +12221,20 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi + prelink_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ +- compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"' ++ compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"' + old_archive_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ +- $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~ ++ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~ + $RANLIB $oldlib' + archive_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ +- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' ++ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' + archive_expsym_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ +- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' ++ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' + ;; + *) # Version 6 and above use weak symbols + archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' +diff --git a/libffi/configure b/libffi/configure +index 790a291011f..54b1ac18306 100755 +--- a/libffi/configure ++++ b/libffi/configure +@@ -12661,20 +12661,20 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi + prelink_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ +- compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"' ++ compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"' + old_archive_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ +- $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~ ++ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~ + $RANLIB $oldlib' + archive_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ +- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' ++ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' + archive_expsym_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ +- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' ++ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' + ;; + *) # Version 6 and above use weak symbols + archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' +diff --git a/libgo/config/libtool.m4 b/libgo/config/libtool.m4 +index f7005947454..8a84417b828 100644 +--- a/libgo/config/libtool.m4 ++++ b/libgo/config/libtool.m4 +@@ -6010,20 +6010,20 @@ if test "$_lt_caught_CXX_error" != yes; then + _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ +- compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"' ++ compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"' + _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ +- $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~ ++ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~ + $RANLIB $oldlib' + _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ +- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' ++ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ +- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' ++ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' + ;; + *) # Version 6 and above use weak symbols + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' +diff --git a/libgo/config/ltmain.sh b/libgo/config/ltmain.sh +index ce66b44906a..0f81c401407 100644 +--- a/libgo/config/ltmain.sh ++++ b/libgo/config/ltmain.sh +@@ -2917,7 +2917,7 @@ func_extract_archives () + darwin_file= + darwin_files= + for darwin_file in $darwin_filelist; do +- darwin_files=`find unfat-$$ -name $darwin_file -print | $NL2SP` ++ darwin_files=`find unfat-$$ -name $darwin_file -print | sort | $NL2SP` + $LIPO -create -output "$darwin_file" $darwin_files + done # $darwin_filelist + $RM -rf unfat-$$ +@@ -2932,7 +2932,7 @@ func_extract_archives () + func_extract_an_archive "$my_xdir" "$my_xabs" + ;; + esac +- my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | $NL2SP` ++ my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | sort | $NL2SP` + done + + func_extract_archives_result="$my_oldobjs" +diff --git a/libhsail-rt/configure b/libhsail-rt/configure +index a4fcc10c1f9..8e671229fcd 100755 +--- a/libhsail-rt/configure ++++ b/libhsail-rt/configure +@@ -12244,20 +12244,20 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi + prelink_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ +- compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"' ++ compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"' + old_archive_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ +- $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~ ++ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~ + $RANLIB $oldlib' + archive_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ +- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' ++ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' + archive_expsym_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ +- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' ++ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' + ;; + *) # Version 6 and above use weak symbols + archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' +diff --git a/libitm/configure b/libitm/configure +index dbf386db434..29d4f10611f 100644 +--- a/libitm/configure ++++ b/libitm/configure +@@ -13067,20 +13067,20 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi + prelink_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ +- compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"' ++ compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"' + old_archive_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ +- $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~ ++ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~ + $RANLIB $oldlib' + archive_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ +- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' ++ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' + archive_expsym_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ +- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' ++ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' + ;; + *) # Version 6 and above use weak symbols + archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' +diff --git a/liboffloadmic/configure b/liboffloadmic/configure +index f873716991b..7aa9186b10e 100644 +--- a/liboffloadmic/configure ++++ b/liboffloadmic/configure +@@ -12379,20 +12379,20 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi + prelink_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ +- compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"' ++ compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"' + old_archive_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ +- $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~ ++ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~ + $RANLIB $oldlib' + archive_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ +- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' ++ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' + archive_expsym_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ +- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' ++ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' + ;; + *) # Version 6 and above use weak symbols + archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' +diff --git a/liboffloadmic/plugin/configure b/liboffloadmic/plugin/configure +index c031eb3e7fa..67fc7368f21 100644 +--- a/liboffloadmic/plugin/configure ++++ b/liboffloadmic/plugin/configure +@@ -12086,20 +12086,20 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi + prelink_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ +- compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"' ++ compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"' + old_archive_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ +- $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~ ++ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~ + $RANLIB $oldlib' + archive_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ +- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' ++ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' + archive_expsym_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ +- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' ++ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' + ;; + *) # Version 6 and above use weak symbols + archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' +diff --git a/libsanitizer/configure b/libsanitizer/configure +index 4695bc7d4f7..cb7d25c07e6 100755 +--- a/libsanitizer/configure ++++ b/libsanitizer/configure +@@ -13308,20 +13308,20 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi + prelink_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ +- compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"' ++ compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"' + old_archive_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ +- $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~ ++ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~ + $RANLIB $oldlib' + archive_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ +- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' ++ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' + archive_expsym_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ +- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' ++ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' + ;; + *) # Version 6 and above use weak symbols + archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' +diff --git a/libstdc++-v3/configure b/libstdc++-v3/configure +index 61457e940ec..21ef1f61e41 100755 +--- a/libstdc++-v3/configure ++++ b/libstdc++-v3/configure +@@ -13087,20 +13087,20 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi + prelink_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ +- compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"' ++ compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"' + old_archive_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ +- $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~ ++ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~ + $RANLIB $oldlib' + archive_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ +- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' ++ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' + archive_expsym_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ +- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' ++ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' + ;; + *) # Version 6 and above use weak symbols + archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' +diff --git a/libtool.m4 b/libtool.m4 +index 24d13f34409..940faaa161d 100644 +--- a/libtool.m4 ++++ b/libtool.m4 +@@ -6005,20 +6005,20 @@ if test "$_lt_caught_CXX_error" != yes; then + _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ +- compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"' ++ compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"' + _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ +- $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~ ++ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~ + $RANLIB $oldlib' + _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ +- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' ++ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ +- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' ++ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' + ;; + *) # Version 6 and above use weak symbols + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' +diff --git a/libvtv/configure b/libvtv/configure +index a197f750453..31ab3a0637b 100755 +--- a/libvtv/configure ++++ b/libvtv/configure +@@ -13339,20 +13339,20 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi + prelink_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ +- compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"' ++ compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"' + old_archive_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ +- $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~ ++ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~ + $RANLIB $oldlib' + archive_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ +- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' ++ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' + archive_expsym_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ +- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' ++ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' + ;; + *) # Version 6 and above use weak symbols + archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' +diff --git a/ltmain.sh b/ltmain.sh +index 9503ec85d70..79f9ba89af5 100644 +--- a/ltmain.sh ++++ b/ltmain.sh +@@ -2917,7 +2917,7 @@ func_extract_archives () + darwin_file= + darwin_files= + for darwin_file in $darwin_filelist; do +- darwin_files=`find unfat-$$ -name $darwin_file -print | $NL2SP` ++ darwin_files=`find unfat-$$ -name $darwin_file -print | sort | $NL2SP` + $LIPO -create -output "$darwin_file" $darwin_files + done # $darwin_filelist + $RM -rf unfat-$$ +@@ -2932,7 +2932,7 @@ func_extract_archives () + func_extract_an_archive "$my_xdir" "$my_xabs" + ;; + esac +- my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | $NL2SP` ++ my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | sort | $NL2SP` + done + + func_extract_archives_result="$my_oldobjs" -- cgit 1.4.1 From e7aac78ee906e799623419ea993e1eefbfec5733 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Mon, 14 Jun 2021 23:15:39 +0200 Subject: gnu: tor: Update to 0.4.6.5. * gnu/packages/tor.scm (tor): Update to 0.4.6.5. [source]: Add a patch to fix building with GCC 7. * gnu/packages/patches/tor-fix-build-with-gcc-7.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + .../patches/tor-fix-build-with-gcc-7.patch | 30 ++++++++++++++++++++++ gnu/packages/tor.scm | 5 ++-- 3 files changed, 34 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/tor-fix-build-with-gcc-7.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 1e79b42eee..24949c143f 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1745,6 +1745,7 @@ dist_patch_DATA = \ %D%/packages/patches/tipp10-qt5.patch \ %D%/packages/patches/tk-find-library.patch \ %D%/packages/patches/tla2tools-build-xml.patch \ + %D%/packages/patches/tor-fix-build-with-gcc-7.patch \ %D%/packages/patches/transcode-ffmpeg.patch \ %D%/packages/patches/transmission-honor-localedir.patch \ %D%/packages/patches/ttf2eot-cstddef.patch \ diff --git a/gnu/packages/patches/tor-fix-build-with-gcc-7.patch b/gnu/packages/patches/tor-fix-build-with-gcc-7.patch new file mode 100644 index 0000000000..5481695a63 --- /dev/null +++ b/gnu/packages/patches/tor-fix-build-with-gcc-7.patch @@ -0,0 +1,30 @@ +From 810c0616d59809b89f5144d4afdbf70391df7a7f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Alexander=20F=C3=A6r=C3=B8y?= +Date: Thu, 10 Jun 2021 20:04:13 +0000 +Subject: [PATCH] Fix compilation on OpenSUSE. + +This patch fixes a build error with GCC 7.x which doesn't seem to accept +const int's as constants in macro initialization. + +See: tpo/core/tor#40410 +--- + src/feature/dirclient/dirclient.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/feature/dirclient/dirclient.c b/src/feature/dirclient/dirclient.c +index 74c6452061..a2b20621a0 100644 +--- a/src/feature/dirclient/dirclient.c ++++ b/src/feature/dirclient/dirclient.c +@@ -1907,8 +1907,7 @@ dir_client_decompress_response_body(char **bodyp, size_t *bodylenp, + /* If we're pretty sure that we have a compressed directory, and + * we didn't manage to uncompress it, then warn and bail. */ + if (!plausible && !new_body) { +- const int LOG_INTERVAL = 3600; +- static ratelim_t warning_limit = RATELIM_INIT(LOG_INTERVAL); ++ static ratelim_t warning_limit = RATELIM_INIT(60 * 60); + log_fn_ratelim(&warning_limit, LOG_WARN, LD_HTTP, + "Unable to decompress HTTP body (tried %s%s%s, on %s).", + description1, +-- +GitLab + diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm index 6e65c23e62..b18e057977 100644 --- a/gnu/packages/tor.scm +++ b/gnu/packages/tor.scm @@ -54,14 +54,15 @@ (define-public tor (package (name "tor") - (version "0.4.5.9") + (version "0.4.6.5") (source (origin (method url-fetch) (uri (string-append "https://dist.torproject.org/tor-" version ".tar.gz")) (sha256 (base32 - "0mh8yz6l7sl6kh9max76nk6rhlsq2lhwwvpiwlwnrlif21bf817k")))) + "1yacd7h7wg8n6wwrjmx2g9xjj24kj08j5sai9g7fm4cp1m73avbv")) + (patches (search-patches "tor-fix-build-with-gcc-7.patch")))) (build-system gnu-build-system) (arguments `(#:configure-flags -- cgit 1.4.1 From ae31d80d0062402a9f879cadc2cbe4e08a799aae Mon Sep 17 00:00:00 2001 From: Nicolas Goaziou Date: Tue, 15 Jun 2021 22:19:54 +0200 Subject: gnu: Add rust-ndarray-0.13. * gnu/packages/crates-io.scm (rust-ndarray-0.13): New variable. (rust-ndarray-0.12): Inherit from above. * gnu/packages/patches/rust-ndarray-0.13-remove-blas-src.patch: New file. * gnu/local.mk: Register new file. --- gnu/local.mk | 1 + gnu/packages/crates-io.scm | 49 ++++++++++++++++++---- .../rust-ndarray-0.13-remove-blas-src.patch | 28 +++++++++++++ 3 files changed, 70 insertions(+), 8 deletions(-) create mode 100644 gnu/packages/patches/rust-ndarray-0.13-remove-blas-src.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 24949c143f..953bff96d4 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1674,6 +1674,7 @@ dist_patch_DATA = \ %D%/packages/patches/rust-bootstrap-stage0-test.patch \ %D%/packages/patches/rust-coresimd-doctest.patch \ %D%/packages/patches/rust-ndarray-remove-blas-src-dep.patch \ + %D%/packages/patches/rust-ndarray-0.13-remove-blas-src.patch \ %D%/packages/patches/rust-nettle-disable-vendor.patch \ %D%/packages/patches/rust-nettle-sys-disable-vendor.patch \ %D%/packages/patches/rust-reproducible-builds.patch \ diff --git a/gnu/packages/crates-io.scm b/gnu/packages/crates-io.scm index a279f40653..111b4fa34b 100644 --- a/gnu/packages/crates-io.scm +++ b/gnu/packages/crates-io.scm @@ -27125,8 +27125,48 @@ established.") library.") (license license:expat))) +(define-public rust-ndarray-0.13 + (package + (name "rust-ndarray") + (version "0.13.1") + (source + (origin + (method url-fetch) + (uri (crate-uri "ndarray" version)) + (file-name + (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "02dbwj3b7d0cpy29nhw31n51h3cwm4s1q6narl7fwiigxh1xn1mc")) + (patches + (search-patches "rust-ndarray-0.13-remove-blas-src.patch")))) + (build-system cargo-build-system) + (arguments + `(#:skip-build? #t + #:cargo-inputs + (("rust-approx" ,rust-approx-0.3) + ("rust-cblas-sys" ,rust-cblas-sys-0.1) + ("rust-matrixmultiply" ,rust-matrixmultiply-0.2) + ("rust-num-complex" ,rust-num-complex-0.2) + ("rust-num-integer" ,rust-num-integer-0.1) + ("rust-num-traits" ,rust-num-traits-0.2) + ("rust-rawpointer" ,rust-rawpointer-0.2) + ("rust-rayon" ,rust-rayon-1) + ("rust-serde" ,rust-serde-1)) + #:cargo-development-inputs + (("rust-defmac" ,rust-defmac-0.2) + ("rust-itertools" ,rust-itertools-0.8) + ("rust-quickcheck" ,rust-quickcheck-0.9)))) + (home-page "https://github.com/rust-ndarray/ndarray") + (synopsis "N-dimensional container for general elements and for numerics") + (description "@code{ndarray} implements an n-dimensional container for +general elements and for numerics.") + (license (list license:asl2.0 + license:expat)))) + (define-public rust-ndarray-0.12 (package + (inherit rust-ndarray-0.13) (name "rust-ndarray") (version "0.12.1") (source @@ -27138,7 +27178,6 @@ library.") (base32 "0a5rfwcbqnvbwi3nw5sfz6kf0flhmjxs64s0b4kxc6lhmyl81wvw")) (patches (search-patches "rust-ndarray-remove-blas-src-dep.patch")))) - (build-system cargo-build-system) (arguments `(#:cargo-inputs (("rust-itertools" ,rust-itertools-0.7) @@ -27150,13 +27189,7 @@ library.") #:cargo-development-inputs (("rust-defmac" ,rust-defmac-0.1) ("rust-quickcheck" ,rust-quickcheck-0.7) - ("rust-rawpointer" ,rust-rawpointer-0.1)))) - (home-page "https://github.com/rust-ndarray/ndarray") - (synopsis "N-dimensional container for general elements and for numerics") - (description "@code{ndarray} implements an n-dimensional container for -general elements and for numerics.") - (license (list license:asl2.0 - license:expat)))) + ("rust-rawpointer" ,rust-rawpointer-0.1)))))) (define-public rust-ndk-0.2 (package diff --git a/gnu/packages/patches/rust-ndarray-0.13-remove-blas-src.patch b/gnu/packages/patches/rust-ndarray-0.13-remove-blas-src.patch new file mode 100644 index 0000000000..936c099ce4 --- /dev/null +++ b/gnu/packages/patches/rust-ndarray-0.13-remove-blas-src.patch @@ -0,0 +1,28 @@ + Cargo.toml | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +diff --git a/Cargo.toml b/Cargo.toml +index 1f3e1b6..36bc816 100644 +--- a/Cargo.toml ++++ b/Cargo.toml +@@ -43,11 +43,6 @@ + version = "0.3.2" + optional = true + +-[dependencies.blas-src] +-version = "0.2.0" +-optional = true +-default-features = false +- + [dependencies.cblas-sys] + version = "0.1.4" + optional = true +@@ -91,7 +86,7 @@ + default-features = false + + [features] +-blas = ["cblas-sys", "blas-src"] ++blas = ["cblas-sys"] + docs = ["approx", "serde", "rayon"] + serde-1 = ["serde"] + test = ["test-blas-openblas-sys"] -- cgit 1.4.1 From e26efac68cb460bd70642668d35c806199888173 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Tue, 15 Jun 2021 10:12:42 -0400 Subject: gnu: HexChat: Add Libera Chat to the list of networks. * gnu/packages/patches/hexchat-add-libera-chat.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/messaging.scm (hexchat)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/messaging.scm | 1 + gnu/packages/patches/hexchat-add-libera-chat.patch | 76 ++++++++++++++++++++++ 3 files changed, 78 insertions(+) create mode 100644 gnu/packages/patches/hexchat-add-libera-chat.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 953bff96d4..500973f9fe 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1220,6 +1220,7 @@ dist_patch_DATA = \ %D%/packages/patches/hdf-eos5-remove-gctp.patch \ %D%/packages/patches/hdf-eos5-fix-szip.patch \ %D%/packages/patches/hdf-eos5-fortrantests.patch \ + %D%/packages/patches/hexchat-add-libera-chat.patch \ %D%/packages/patches/http-parser-CVE-2020-8287.patch \ %D%/packages/patches/hubbub-sort-entities.patch \ %D%/packages/patches/hurd-cross.patch \ diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm index 499b7a8f3a..fe678d89fd 100644 --- a/gnu/packages/messaging.scm +++ b/gnu/packages/messaging.scm @@ -677,6 +677,7 @@ used by Pidgin and Bitlbee, among others, to access (method url-fetch) (uri (string-append "https://dl.hexchat.net/hexchat/hexchat-" version ".tar.xz")) + (patches (search-patches "hexchat-add-libera-chat.patch")) (sha256 (base32 "10p829jm1r6kidkgf5lhqhyqc5mxdcq96q3zhadsckasvc9rs6lh")))) diff --git a/gnu/packages/patches/hexchat-add-libera-chat.patch b/gnu/packages/patches/hexchat-add-libera-chat.patch new file mode 100644 index 0000000000..2bbb3137ba --- /dev/null +++ b/gnu/packages/patches/hexchat-add-libera-chat.patch @@ -0,0 +1,76 @@ +Add libera.chat to the list of available networks and make it the +default. + +Patches copied from upstream source repository: + +https://github.com/hexchat/hexchat/commit/a25f2381689d2c2279a0e43b33f6c0ec8305a096 +https://github.com/hexchat/hexchat/commit/d3545f37cd5f551ed8bc0ab7b20e5c8140adc0a6 + +From a25f2381689d2c2279a0e43b33f6c0ec8305a096 Mon Sep 17 00:00:00 2001 +From: Panagiotis Vasilopoulos +Date: Wed, 19 May 2021 16:25:16 +0300 +Subject: [PATCH] Add Libera Chat to network list + +--- + src/common/servlist.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/common/servlist.c b/src/common/servlist.c +index e44a3f2df..33bd80f2d 100644 +--- a/src/common/servlist.c ++++ b/src/common/servlist.c +@@ -239,6 +239,9 @@ static const struct defaultserver def[] = + /* Self signed */ + {0, "irc.librairc.net"}, + ++ {"Libera Chat", 0, 0, 0, LOGIN_SASL, 0, TRUE}, ++ {0, "irc.libera.chat"}, ++ + #ifdef USE_OPENSSL + {"LinkNet", 0}, + {0, "irc.link-net.org/+7000"}, +From d3545f37cd5f551ed8bc0ab7b20e5c8140adc0a6 Mon Sep 17 00:00:00 2001 +From: Patrick Griffis +Date: Sun, 23 May 2021 21:15:43 -0500 +Subject: [PATCH] Change default network to Libera.Chat + +--- + src/common/servlist.c | 4 ++-- + src/fe-gtk/joind.c | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/common/servlist.c b/src/common/servlist.c +index de75c8b9a..93557f975 100644 +--- a/src/common/servlist.c ++++ b/src/common/servlist.c +@@ -240,7 +240,7 @@ static const struct defaultserver def[] = + /* Self signed */ + {0, "irc.librairc.net"}, + +- {"Libera Chat", 0, 0, 0, LOGIN_SASL, 0, TRUE}, ++ {"Libera.Chat", 0, 0, 0, LOGIN_SASL, 0, TRUE}, + {0, "irc.libera.chat"}, + + #ifdef USE_OPENSSL +@@ -942,7 +942,7 @@ servlist_load_defaults (void) + { + int i = 0, j = 0; + ircnet *net = NULL; +- guint def_hash = g_str_hash ("freenode"); ++ guint def_hash = g_str_hash ("Libera.Chat"); + + while (1) + { +diff --git a/src/fe-gtk/joind.c b/src/fe-gtk/joind.c +index f1d3da504..ce3cbcaec 100644 +--- a/src/fe-gtk/joind.c ++++ b/src/fe-gtk/joind.c +@@ -247,7 +247,7 @@ joind_show_dialog (server *serv) + G_CALLBACK (joind_ok_cb), serv); + + if (serv->network) +- if (g_ascii_strcasecmp(((ircnet*)serv->network)->name, "freenode") == 0) ++ if (g_ascii_strcasecmp(((ircnet*)serv->network)->name, "Libera.Chat") == 0) + { + gtk_entry_set_text (GTK_ENTRY (entry1), "#hexchat"); + } -- cgit 1.4.1 From db87a223fe9f982ef9adf67fe7f24339eac70fcd Mon Sep 17 00:00:00 2001 From: Brice Waegeneire Date: Fri, 4 Jun 2021 20:42:28 +0200 Subject: gnu: brightnessctl: Add elogind support. * gnu/packages/patches/brightnessctl-elogind-support.patch: New patch. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/linux.scm (brightnessctl)[source]: Apply it. [make-flags]: Enable logind support. [native-inputs]: Add pkg-config. [inputs]: Add elogind. --- gnu/local.mk | 1 + gnu/packages/linux.scm | 13 +++++++++---- gnu/packages/patches/brightnessctl-elogind-support.patch | 13 +++++++++++++ 3 files changed, 23 insertions(+), 4 deletions(-) create mode 100644 gnu/packages/patches/brightnessctl-elogind-support.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 500973f9fe..ac292334b5 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -852,6 +852,7 @@ dist_patch_DATA = \ %D%/packages/patches/bazaar-CVE-2017-14176.patch \ %D%/packages/patches/bc-fix-cross-compilation.patch \ %D%/packages/patches/bear-disable-preinstall-tests.patch \ + %D%/packages/patches/brightnessctl-elogind-support.patch \ %D%/packages/patches/bsdiff-CVE-2014-9862.patch \ %D%/packages/patches/bsd-games-2.17-64bit.patch \ %D%/packages/patches/bsd-games-add-configure-config.patch \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 2b0c32666c..c8917f1830 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -36,14 +36,13 @@ ;;; Copyright © 2019, 2020 Maxim Cournoyer ;;; Copyright © 2019 Stefan Stefanović ;;; Copyright © 2019 Pierre Langlois -;;; Copyright © 2019, 2020 Brice Waegeneire +;;; Copyright © 2019, 2020, 2021 Brice Waegeneire ;;; Copyright © 2019 Kei Kebreau ;;; Copyright © 2020 Oleg Pykhalov ;;; Copyright © 2020 Pierre Neidhardt ;;; Copyright © 2020 Chris Marusich ;;; Copyright © 2020 Vincent Legoll ;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen -;;; Copyright © 2020 Brice Waegeneire ;;; Copyright © 2020 Morgan Smith ;;; Copyright © 2020 John Soo ;;; Copyright © 2020 Michael Rohleder @@ -6413,13 +6412,15 @@ set the screen to be pitch black at a value of 0 (or higher). (file-name (git-file-name name version)) (sha256 (base32 - "0immxc7almmpg80n3bdn834p3nrrz7bspl2syhb04s3lawa5y2lq")))) + "0immxc7almmpg80n3bdn834p3nrrz7bspl2syhb04s3lawa5y2lq")) + (patches (search-patches "brightnessctl-elogind-support.patch")))) (build-system gnu-build-system) (arguments `(#:tests? #f ; no tests #:make-flags (list (string-append "CC=" ,(cc-for-target)) (string-append "PREFIX=" %output) - (string-append "UDEVDIR=" %output "/lib/udev/rules.d/")) + (string-append "UDEVDIR=" %output "/lib/udev/rules.d/") + "ENABLE_SYSTEMD=1") #:phases (modify-phases %standard-phases (delete 'configure) @@ -6428,6 +6429,10 @@ set the screen to be pitch black at a value of 0 (or higher). (substitute* "90-brightnessctl.rules" (("/bin/") "/run/current-system/profile/bin/")) #t))))) + (native-inputs + `(("pkg-config" ,pkg-config))) + (inputs + `(("elogind" ,elogind))) (synopsis "Backlight and LED brightness control") (description "This program allows you read and control device brightness. Devices diff --git a/gnu/packages/patches/brightnessctl-elogind-support.patch b/gnu/packages/patches/brightnessctl-elogind-support.patch new file mode 100644 index 0000000000..8125f1c459 --- /dev/null +++ b/gnu/packages/patches/brightnessctl-elogind-support.patch @@ -0,0 +1,13 @@ +From https://github.com/Hummer12007/brightnessctl/issues/67 + +--- a/Makefile ++++ b/Makefile +@@ -18,6 +18,8 @@ MODE = ${MODE_${INSTALL_UDEV_RULES}} + ifdef ENABLE_SYSTEMD + CFLAGS += ${shell pkg-config --cflags libsystemd} + LDLIBS += ${shell pkg-config --libs libsystemd} ++ CFLAGS += ${shell pkg-config --cflags libelogind} ++ LDLIBS += ${shell pkg-config --libs libelogind} + CPPFLAGS += -DENABLE_SYSTEMD + INSTALL_UDEV_RULES=0 + MODE = 0755 -- cgit 1.4.1 From 624a6b60b5f4051ec38829e9c9d2adbc54a093f9 Mon Sep 17 00:00:00 2001 From: "Boris A. Dekshteyn" Date: Tue, 15 Jun 2021 01:27:44 +1200 Subject: gnu: inkscape: Update to version 1.1. * gnu/packages/patches/inkscape-1.1-fix-build-witch-gcc7.5.patch: New file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/inkscape.scm (inkscape-1.0) Rename to inkscape-1.1. * gnu/packages/inkscape.scm (inkscape-1.1) Update to version 1.1. Signed-off-by: Nicolas Goaziou --- gnu/local.mk | 1 + gnu/packages/inkscape.scm | 9 ++++---- .../inkscape-1.1-fix-build-witch-gcc7.5.patch | 24 ++++++++++++++++++++++ 3 files changed, 30 insertions(+), 4 deletions(-) create mode 100644 gnu/packages/patches/inkscape-1.1-fix-build-witch-gcc7.5.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index ac292334b5..918c8515ac 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1245,6 +1245,7 @@ dist_patch_DATA = \ %D%/packages/patches/imagemagick-WriteTHUMBNAILImage-fix.patch \ %D%/packages/patches/inetutils-hurd.patch \ %D%/packages/patches/inkscape-poppler-0.76.patch \ + %D%/packages/patches/inkscape-1.1-fix-build-witch-gcc7.5.patch \ %D%/packages/patches/intel-xed-fix-nondeterminism.patch \ %D%/packages/patches/intltool-perl-compatibility.patch \ %D%/packages/patches/iputils-libcap-compat.patch \ diff --git a/gnu/packages/inkscape.scm b/gnu/packages/inkscape.scm index 075f901b2d..46c8c4cc34 100644 --- a/gnu/packages/inkscape.scm +++ b/gnu/packages/inkscape.scm @@ -117,19 +117,20 @@ apart is its use of Scalable Vector Graphics (SVG), an XML-based W3C standard, as the native format.") (license license:gpl2+))) -(define-public inkscape-1.0 +(define-public inkscape-1.1 (package (name "inkscape") - (version "1.0.2") + (version "1.1") (source (origin (method url-fetch) (uri (string-append "https://media.inkscape.org/dl/" "resources/file/" "inkscape-" version ".tar.xz")) + (patches (search-patches "inkscape-1.1-fix-build-witch-gcc7.5.patch")) (sha256 (base32 - "12krl97a00gdcxxibsb7g2lgx5458mhx2437x0hvz350242j6gns")) + "1rlm2wqg8bgdxkdvnadh49wfp0mrbrk7d8n4vdcjyw6z7z7firki")) (modules '((guix build utils) (ice-9 format))) (snippet @@ -188,7 +189,7 @@ endif()~%~%" (string-append "#include " quote (basename source-dir))) ...)))))) - (unbundle ("2geom" "src/2geom" #t) + (unbundle ("2geom" "src/3rdparty/2geom" #t) ;; libcroco cannot be unbundled as it is heavily ;; modified (see: ;; https://gitlab.com/inkscape/inkscape/issues/876#note_276114904). diff --git a/gnu/packages/patches/inkscape-1.1-fix-build-witch-gcc7.5.patch b/gnu/packages/patches/inkscape-1.1-fix-build-witch-gcc7.5.patch new file mode 100644 index 0000000000..bd7b01f856 --- /dev/null +++ b/gnu/packages/patches/inkscape-1.1-fix-build-witch-gcc7.5.patch @@ -0,0 +1,24 @@ +From 0ae15d7e89b984f72780ff7afa8e57dd6ae7765a Mon Sep 17 00:00:00 2001 +From: "Boris A. Dekshteyn" +Date: Mon, 14 Jun 2021 23:52:16 +1200 +Subject: [PATCH] Fix build witch GCC@7.5. + +--- + src/object/sp-use-reference.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/object/sp-use-reference.h b/src/object/sp-use-reference.h +index 5958632059..f07c2a3721 100644 +--- a/src/object/sp-use-reference.h ++++ b/src/object/sp-use-reference.h +@@ -14,6 +14,7 @@ + + #include "sp-item.h" + #include "uri-references.h" ++#include "display/curve.h" + + #include + +-- +2.32.0 + -- cgit 1.4.1 From caf4a7a2770ef4d05a6e18f40d602e51da749ddc Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Fri, 18 Jun 2021 15:43:12 +0200 Subject: gnu: curl@7.77.0: Provide a correct TLS priority string. Fixes . * gnu/packages/patches/curl-7.77-tls-priority-string.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/curl.scm (curl-7.77.0)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/curl.scm | 5 +- .../patches/curl-7.77-tls-priority-string.patch | 98 ++++++++++++++++++++++ 3 files changed, 102 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/curl-7.77-tls-priority-string.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 918c8515ac..fec88aa3a2 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -931,6 +931,7 @@ dist_patch_DATA = \ %D%/packages/patches/cube-nocheck.patch \ %D%/packages/patches/curl-use-ssl-cert-env.patch \ %D%/packages/patches/curl-7.76-use-ssl-cert-env.patch \ + %D%/packages/patches/curl-7.77-tls-priority-string.patch \ %D%/packages/patches/cursynth-wave-rand.patch \ %D%/packages/patches/cvs-CVE-2017-12836.patch \ %D%/packages/patches/cyrus-sasl-ac-try-run-fix.patch \ diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index 76b9b9840c..d368c4140e 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -2,7 +2,7 @@ ;;; Copyright © 2013, 2014, 2015 Andreas Enge ;;; Copyright © 2015 Mark H Weaver ;;; Copyright © 2015 Tomáš Čech -;;; Copyright © 2015, 2020 Ludovic Courtès +;;; Copyright © 2015, 2020, 2021 Ludovic Courtès ;;; Copyright © 2016, 2017, 2019 Leo Famulari ;;; Copyright © 2017, 2019, 2020 Marius Bakke ;;; Copyright © 2017 Efraim Flashner @@ -161,7 +161,8 @@ tunneling, and so on.") (inherit (package-source curl)) (uri (string-append "https://curl.haxx.se/download/curl-" version ".tar.xz")) - (patches (search-patches "curl-7.76-use-ssl-cert-env.patch")) + (patches (search-patches "curl-7.76-use-ssl-cert-env.patch" + "curl-7.77-tls-priority-string.patch")) (sha256 (base32 "0jsrc97vbghvljic997r9nypc9qqddcil2lzvv032br8ahn5hr0g")))))) diff --git a/gnu/packages/patches/curl-7.77-tls-priority-string.patch b/gnu/packages/patches/curl-7.77-tls-priority-string.patch new file mode 100644 index 0000000000..bf1bfa8aaa --- /dev/null +++ b/gnu/packages/patches/curl-7.77-tls-priority-string.patch @@ -0,0 +1,98 @@ +cURL 7.77.0 would use a bogus TLS priority string favoring older TLS +protocol versions, which in turn would prevent access to bitbucket.org: + + https://issues.guix.gnu.org/49035 + https://github.com/curl/curl/pull/7278 + +This patch fixes it. +From . + +From b98f79f6ecdb708c67f9a0cec56ce48952a54556 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Fri, 18 Jun 2021 14:54:07 +0200 +Subject: [PATCH] gnutls: set the prefer ciphers in correct order + +Reported-by: civodul on github +Assisted-by: Nikos Mavrogiannopoulos +Fixes #7277 +--- + lib/vtls/gtls.c | 30 +++++++++++++----------------- + 1 file changed, 13 insertions(+), 17 deletions(-) + +diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c +index d9bc5611e8f9..da2af64955c3 100644 +--- a/lib/vtls/gtls.c ++++ b/lib/vtls/gtls.c +@@ -330,6 +330,9 @@ set_ssl_version_min_max(struct Curl_easy *data, + ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_2; + } + } ++ else if(ssl_version_max == CURL_SSLVERSION_MAX_DEFAULT) { ++ ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_3; ++ } + + switch(ssl_version | ssl_version_max) { + case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_0: +@@ -338,11 +341,11 @@ set_ssl_version_min_max(struct Curl_easy *data, + return CURLE_OK; + case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_1: + *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" +- "+VERS-TLS1.0:+VERS-TLS1.1"; ++ "+VERS-TLS1.1:+VERS-TLS1.0"; + return CURLE_OK; + case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_2: + *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" +- "+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2"; ++ "+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0"; + return CURLE_OK; + case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_TLSv1_1: + *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" +@@ -350,7 +353,7 @@ set_ssl_version_min_max(struct Curl_easy *data, + return CURLE_OK; + case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_TLSv1_2: + *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" +- "+VERS-TLS1.1:+VERS-TLS1.2"; ++ "+VERS-TLS1.2:+VERS-TLS1.1"; + return CURLE_OK; + case CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_TLSv1_2: + *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" +@@ -360,25 +363,17 @@ set_ssl_version_min_max(struct Curl_easy *data, + *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" + "+VERS-TLS1.3"; + return CURLE_OK; +- case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_DEFAULT: +- *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" +- "+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2" +- ":+VERS-TLS1.3"; ++ case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_3: ++ *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0"; + return CURLE_OK; +- case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_DEFAULT: ++ case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_TLSv1_3: + *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" +- "+VERS-TLS1.1:+VERS-TLS1.2" +- ":+VERS-TLS1.3"; ++ "+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1"; + return CURLE_OK; +- case CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_DEFAULT: ++ case CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_TLSv1_3: + *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" +- "+VERS-TLS1.2" +- ":+VERS-TLS1.3"; ++ "+VERS-TLS1.3:+VERS-TLS1.2"; + return CURLE_OK; +- case CURL_SSLVERSION_TLSv1_3 | CURL_SSLVERSION_MAX_DEFAULT: +- *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" +- "+VERS-TLS1.2" +- ":+VERS-TLS1.3"; + return CURLE_OK; + } + +@@ -608,6 +603,7 @@ gtls_connect_step1(struct Curl_easy *data, + } + else { + #endif ++ infof(data, "GnuTLS ciphers: %s\n", prioritylist); + rc = gnutls_priority_set_direct(session, prioritylist, &err); + #ifdef HAVE_GNUTLS_SRP + } -- cgit 1.4.1 From 2b2ecbace4cf404cc4541be16bdc04d2d9ba88c3 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Thu, 17 Jun 2021 19:17:17 +0200 Subject: gnu: QEMU: Adjust for Sphinx 4.0. * gnu/packages/patches/qemu-sphinx-compat.patch: New file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/virtualization.scm (qemu)[source](patches): Add it. --- gnu/local.mk | 1 + gnu/packages/patches/qemu-sphinx-compat.patch | 18 ++++++++++++++++++ gnu/packages/virtualization.scm | 1 + 3 files changed, 20 insertions(+) create mode 100644 gnu/packages/patches/qemu-sphinx-compat.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index fec88aa3a2..4d9afd5354 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1634,6 +1634,7 @@ dist_patch_DATA = \ %D%/packages/patches/qemu-build-info-manual.patch \ %D%/packages/patches/qemu-CVE-2021-20203.patch \ %D%/packages/patches/qemu-meson-compat.patch \ + %D%/packages/patches/qemu-sphinx-compat.patch \ %D%/packages/patches/qemu-glibc-2.27.patch \ %D%/packages/patches/qemu-glibc-2.30.patch \ %D%/packages/patches/qpdfview-qt515-compat.patch \ diff --git a/gnu/packages/patches/qemu-sphinx-compat.patch b/gnu/packages/patches/qemu-sphinx-compat.patch new file mode 100644 index 0000000000..7342ebee4e --- /dev/null +++ b/gnu/packages/patches/qemu-sphinx-compat.patch @@ -0,0 +1,18 @@ +Prevent Sphinx 4 and later from creating subdirectories, which +the build scripts are not equipped to deal with. + +Taken from upstream: +https://gitlab.com/qemu-project/qemu/-/issues/256 +https://gitlab.com/qemu-project/qemu/-/commit/269a7e97865cb863c9ca19e5f2e6a40ac9eddf82 + +diff --git a/docs/conf.py b/docs/conf.py +--- a/docs/conf.py ++++ b/docs/conf.py +@@ -279,6 +279,7 @@ + ['Stefan Hajnoczi ', + 'Masayoshi Mizuma '], 1), + ] ++man_make_section_directory = False + + # -- Options for Texinfo output ------------------------------------------- + diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index e34fb2d738..600e4f401a 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -153,6 +153,7 @@ "1f9hz8rf12jm8baa7kda34yl4hyl0xh0c4ap03krfjx23i3img47")) (patches (search-patches "qemu-CVE-2021-20203.patch" "qemu-meson-compat.patch" + "qemu-sphinx-compat.patch" "qemu-build-info-manual.patch")) (modules '((guix build utils))) (snippet -- cgit 1.4.1 From 5b6d264f12da118d77ff3b10dd98470d5c712115 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Fri, 18 Jun 2021 23:52:14 +0200 Subject: gnu: ath9k-htc-firmware: Adjust for GCC 10. * gnu/packages/patches/ath9k-htc-firmware-gcc-compat.patch: New file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/firmware.scm (ath9k-htc-firmware)[source](patches): Add it. --- gnu/local.mk | 1 + gnu/packages/firmware.scm | 3 ++- .../patches/ath9k-htc-firmware-gcc-compat.patch | 29 ++++++++++++++++++++++ 3 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/ath9k-htc-firmware-gcc-compat.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 4d9afd5354..cd76ba88cf 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -818,6 +818,7 @@ dist_patch_DATA = \ %D%/packages/patches/aspell-default-dict-dir.patch \ %D%/packages/patches/ath9k-htc-firmware-binutils.patch \ %D%/packages/patches/ath9k-htc-firmware-gcc.patch \ + %D%/packages/patches/ath9k-htc-firmware-gcc-compat.patch \ %D%/packages/patches/ath9k-htc-firmware-objcopy.patch \ %D%/packages/patches/audacity-build-with-system-portaudio.patch \ %D%/packages/patches/audacity-add-include.patch \ diff --git a/gnu/packages/firmware.scm b/gnu/packages/firmware.scm index c9a68f5a93..ebcb89923c 100644 --- a/gnu/packages/firmware.scm +++ b/gnu/packages/firmware.scm @@ -56,7 +56,8 @@ (base32 "16jbj8avg5jkgvq5lxm0hdxxn4c3zn7fx8b4nxllvr024apk9w23")) (file-name (git-file-name name version)) - (patches (search-patches "ath9k-htc-firmware-objcopy.patch")))) + (patches (search-patches "ath9k-htc-firmware-objcopy.patch" + "ath9k-htc-firmware-gcc-compat.patch")))) (build-system gnu-build-system) (arguments '(#:phases diff --git a/gnu/packages/patches/ath9k-htc-firmware-gcc-compat.patch b/gnu/packages/patches/ath9k-htc-firmware-gcc-compat.patch new file mode 100644 index 0000000000..ceada2fa24 --- /dev/null +++ b/gnu/packages/patches/ath9k-htc-firmware-gcc-compat.patch @@ -0,0 +1,29 @@ +Fixes for compiling with -fno-common, default in GCC 10. + +Taken from upstream: +https://github.com/qca/open-ath9k-htc-firmware/commit/559e3eba3b4cf103da6b8d022f3e1387278b9db8 + +diff --git a/target_firmware/magpie_fw_dev/target/init/app_start.c b/target_firmware/magpie_fw_dev/target/init/app_start.c +--- a/target_firmware/magpie_fw_dev/target/init/app_start.c ++++ b/target_firmware/magpie_fw_dev/target/init/app_start.c +@@ -52,6 +52,8 @@ + #define ALLOCRAM_START ( ((unsigned int)&_fw_image_end) + 4) + #define ALLOCRAM_SIZE ( SYS_RAM_SZIE - ( ALLOCRAM_START - SYS_D_RAM_REGION_0_BASE) - SYS_D_RAM_STACK_SIZE) + ++void (* _assfail_ori)(struct register_dump_s *); ++ + // support for more than 64 bytes on command pipe + extern void usb_reg_out_patch(void); + extern int _HIFusb_get_max_msg_len_patch(hif_handle_t handle, int pipe); +diff --git a/target_firmware/magpie_fw_dev/target/init/init.h b/target_firmware/magpie_fw_dev/target/init/init.h +--- a/target_firmware/magpie_fw_dev/target/init/init.h ++++ b/target_firmware/magpie_fw_dev/target/init/init.h +@@ -46,7 +46,7 @@ + void AR6002_fatal_exception_handler_patch(CPU_exception_frame_t *exc_frame); + void exception_reset(struct register_dump_s *dump); + +-void (* _assfail_ori)(struct register_dump_s *); ++extern void (* _assfail_ori)(struct register_dump_s *); + void HTCMsgRecvHandler_patch(adf_nbuf_t hdr_buf, adf_nbuf_t buffer, void *context); + void HTCControlSvcProcessMsg_patch(HTC_ENDPOINT_ID EndpointID, adf_nbuf_t hdr_buf, + adf_nbuf_t pBuffers, void *arg); -- cgit 1.4.1 From e4d5b509fe48a6285afc6a465ee7b1d01955bd12 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Fri, 18 Jun 2021 23:53:53 +0200 Subject: gnu: isc-dhcp: Adjust for GCC 10. * gnu/packages/patches/isc-dhcp-gcc-compat.patch: New file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/admin.scm (isc-dhcp)[source](patches): New field. --- gnu/local.mk | 1 + gnu/packages/admin.scm | 1 + gnu/packages/patches/isc-dhcp-gcc-compat.patch | 72 ++++++++++++++++++++++++++ 3 files changed, 74 insertions(+) create mode 100644 gnu/packages/patches/isc-dhcp-gcc-compat.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index cd76ba88cf..7dd3d9ed38 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1253,6 +1253,7 @@ dist_patch_DATA = \ %D%/packages/patches/iputils-libcap-compat.patch \ %D%/packages/patches/ipxe-reproducible-geniso.patch \ %D%/packages/patches/irrlicht-use-system-libs.patch \ + %D%/packages/patches/isc-dhcp-gcc-compat.patch \ %D%/packages/patches/isl-0.11.1-aarch64-support.patch \ %D%/packages/patches/json-c-CVE-2020-12762.patch \ %D%/packages/patches/json-c-0.13-CVE-2020-12762.patch \ diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index 52851c9d80..f97be3c735 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -1152,6 +1152,7 @@ connection alive.") (method url-fetch) (uri (string-append "https://ftp.isc.org/isc/dhcp/" version "/dhcp-" version ".tar.gz")) + (patches (search-patches "isc-dhcp-gcc-compat.patch")) (sha256 (base32 "06jsr0cg5rsmyibshrpcb9za0qgwvqccashdma7mlm1rflrh8pmh")))) diff --git a/gnu/packages/patches/isc-dhcp-gcc-compat.patch b/gnu/packages/patches/isc-dhcp-gcc-compat.patch new file mode 100644 index 0000000000..82cb572d17 --- /dev/null +++ b/gnu/packages/patches/isc-dhcp-gcc-compat.patch @@ -0,0 +1,72 @@ +Add minor fixes for compiling with GCC 10. + +Taken from upstream: +https://gitlab.isc.org/isc-projects/dhcp/-/commit/6c7e61578b1b449272dbb40dd8b98d03dad8a57a + +diff --git a/client/dhclient.c b/client/dhclient.c +--- a/client/dhclient.c ++++ b/client/dhclient.c +@@ -83,8 +83,9 @@ static const char message [] = "Internet Systems Consortium DHCP Client"; + static const char url [] = "For info, please visit https://www.isc.org/software/dhcp/"; + #endif /* UNIT_TEST */ + +-u_int16_t local_port = 0; +-u_int16_t remote_port = 0; ++extern u_int16_t local_port; ++extern u_int16_t remote_port; ++ + #if defined(DHCPv6) && defined(DHCP4o6) + int dhcp4o6_state = -1; /* -1 = stopped, 0 = polling, 1 = started */ + #endif +diff --git a/common/discover.c b/common/discover.c +--- a/common/discover.c ++++ b/common/discover.c +@@ -45,8 +45,8 @@ struct interface_info *fallback_interface = 0; + + int interfaces_invalidated; + int quiet_interface_discovery; +-u_int16_t local_port; +-u_int16_t remote_port; ++u_int16_t local_port = 0; ++u_int16_t remote_port = 0; + u_int16_t relay_port = 0; + int dhcpv4_over_dhcpv6 = 0; + int (*dhcp_interface_setup_hook) (struct interface_info *, struct iaddr *); +diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c +--- a/relay/dhcrelay.c ++++ b/relay/dhcrelay.c +@@ -95,8 +95,8 @@ enum { forward_and_append, /* Forward and append our own relay option. */ + forward_untouched, /* Forward without changes. */ + discard } agent_relay_mode = forward_and_replace; + +-u_int16_t local_port; +-u_int16_t remote_port; ++extern u_int16_t local_port; ++extern u_int16_t remote_port; + + /* Relay agent server list. */ + struct server_list { +diff --git a/server/mdb.c b/server/mdb.c +--- a/server/mdb.c ++++ b/server/mdb.c +@@ -67,7 +67,7 @@ static host_id_info_t *host_id_info = NULL; + + int numclasseswritten; + +-omapi_object_type_t *dhcp_type_host; ++extern omapi_object_type_t *dhcp_type_host; + + isc_result_t enter_class(cd, dynamicp, commit) + struct class *cd; +diff --git a/server/mdb6.c b/server/mdb6.c +--- a/server/mdb6.c ++++ b/server/mdb6.c +@@ -1945,7 +1945,7 @@ create_prefix6(struct ipv6_pool *pool, struct iasubopt **pref, + } + new_ds.data = new_ds.buffer->data; + memcpy(new_ds.buffer->data, ds.data, ds.len); +- memcpy(new_ds.buffer->data + ds.len, &tmp, sizeof(tmp)); ++ memcpy(&new_ds.buffer->data[0] + ds.len, &tmp, sizeof(tmp)); + data_string_forget(&ds, MDL); + data_string_copy(&ds, &new_ds, MDL); + data_string_forget(&new_ds, MDL); -- cgit 1.4.1 From fbee3e134bc2ac22f6680d35a443b34c9606059e Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sat, 19 Jun 2021 00:21:54 +0200 Subject: gnu: jfsutils: Adjust for GCC 10. * gnu/packages/patches/jfsutils-gcc-compat.patch: New file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/file-systems.scm (jfsutils)[source](patches): Add it. --- gnu/local.mk | 1 + gnu/packages/file-systems.scm | 1 + gnu/packages/patches/jfsutils-gcc-compat.patch | 72 ++++++++++++++++++++++++++ 3 files changed, 74 insertions(+) create mode 100644 gnu/packages/patches/jfsutils-gcc-compat.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 7dd3d9ed38..a26ddd4edb 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1278,6 +1278,7 @@ dist_patch_DATA = \ %D%/packages/patches/java-xerces-build_dont_unzip.patch \ %D%/packages/patches/java-xerces-xjavac_taskdef.patch \ %D%/packages/patches/jfsutils-add-sysmacros.patch \ + %D%/packages/patches/jfsutils-gcc-compat.patch \ %D%/packages/patches/jfsutils-include-systypes.patch \ %D%/packages/patches/jsoncpp-fix-inverted-case.patch \ %D%/packages/patches/julia-SOURCE_DATE_EPOCH-mtime.patch \ diff --git a/gnu/packages/file-systems.scm b/gnu/packages/file-systems.scm index eb424224b9..e2335b8a86 100644 --- a/gnu/packages/file-systems.scm +++ b/gnu/packages/file-systems.scm @@ -576,6 +576,7 @@ single file can be mounted.") (sha256 (base32 "0kbsy2sk1jv4m82rxyl25gwrlkzvl3hzdga9gshkxkhm83v1aji4")) (patches (search-patches "jfsutils-add-sysmacros.patch" + "jfsutils-gcc-compat.patch" "jfsutils-include-systypes.patch")))) (build-system gnu-build-system) (inputs diff --git a/gnu/packages/patches/jfsutils-gcc-compat.patch b/gnu/packages/patches/jfsutils-gcc-compat.patch new file mode 100644 index 0000000000..45b6ec25a1 --- /dev/null +++ b/gnu/packages/patches/jfsutils-gcc-compat.patch @@ -0,0 +1,72 @@ +Various fixes for building with GCC 10. + +Taken from Debian: +https://sources.debian.org/patches/jfsutils/1.1.15-5/gcc10_fix-1.patch/ + +--- jfsutils-1.1.15.old/fscklog/display.c 2005-11-22 21:43:54.000000000 +0100 ++++ jfsutils-1.1.15.new/fscklog/display.c 2020-05-21 18:15:13.410617620 +0200 +@@ -54,7 +54,7 @@ + * output: fsck extracted service log I/O buffer + * + */ +-char xchklog_buffer[XCHKLOG_BUFSIZE]; ++static char xchklog_buffer[XCHKLOG_BUFSIZE]; + + /* + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + * +diff -ur --exclude '*.o' --exclude '*.a' jfsutils-1.1.15.old/libfs/logredo.c jfsutils-1.1.15.new/libfs/logredo.c +--- jfsutils-1.1.15.old/libfs/logredo.c 2005-11-22 21:43:55.000000000 +0100 ++++ jfsutils-1.1.15.new/libfs/logredo.c 2020-05-21 18:19:44.927703271 +0200 +@@ -87,9 +87,9 @@ + * S T U F F F O R T H E L O G + * + */ +-struct logsuper logsup; /* log super block */ +-int32_t numdoblk; /* number of do blocks used */ +-int32_t numnodofile; /* number of nodo file blocks used */ ++static struct logsuper logsup; /* log super block */ ++static int32_t numdoblk; /* number of do blocks used */ ++static int32_t numnodofile; /* number of nodo file blocks used */ + int32_t numExtDtPg = 0; /* number of extended dtpage blocks used */ + + /* +@@ -129,7 +129,7 @@ + */ + + /* buffer header table */ +-struct bufhdr { ++static struct bufhdr { + int16_t next; /* 2: next on free/lru list */ + int16_t prev; /* 2: previous on free/lru list */ + int16_t hnext; /* 2: next on hash chain */ +@@ -142,7 +142,7 @@ + } bufhdr[NBUFPOOL]; /* (24) */ + + /* buffer table */ +-struct bufpool { ++static struct bufpool { + char bytes[PSIZE]; + } buffer[NBUFPOOL - 1]; + +@@ -151,15 +151,16 @@ + * + * log has its own 4 page buffer pool. + */ +-uint8_t afterdata[LOGPSIZE * 2]; /* buffer to read in redopage data */ ++static uint8_t afterdata[LOGPSIZE * 2]; /* buffer to read in redopage data */ + + /* + * Miscellaneous + */ +-caddr_t prog; /* Program name */ +-int32_t mntcnt, bufsize; +-char *mntinfo; +-int32_t retcode; /* return code from logredo */ ++static caddr_t prog; /* Program name */ ++extern int32_t mntcnt; ++static int32_t bufsize; ++static char *mntinfo; ++static int32_t retcode; /* return code from logredo */ + int end_of_transaction = 0; + + /* -- cgit 1.4.1 From 657aaa7be48c924333be70fac9f1224a26abc484 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sat, 19 Jun 2021 14:17:52 +0200 Subject: gnu: efivar: Adjust for GCC 10. * gnu/packages/patches/efivar-gcc-compat.patch: New file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/linux.scm (efivar)[source](patches, modules, snippet): New fields. [arguments]: Use CC-FOR-TARGET while at it. --- gnu/local.mk | 1 + gnu/packages/linux.scm | 14 ++- gnu/packages/patches/efivar-gcc-compat.patch | 177 +++++++++++++++++++++++++++ 3 files changed, 190 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/efivar-gcc-compat.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index a26ddd4edb..5d84b3c33c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -970,6 +970,7 @@ dist_patch_DATA = \ %D%/packages/patches/ecl-16-ignore-stderr-write-error.patch \ %D%/packages/patches/ecl-16-libffi.patch \ %D%/packages/patches/efibootmgr-remove-extra-decl.patch \ + %D%/packages/patches/efivar-gcc-compat.patch \ %D%/packages/patches/eigen-remove-openmp-error-counting.patch \ %D%/packages/patches/eigen-stabilise-sparseqr-test.patch \ %D%/packages/patches/einstein-build.patch \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 49c29fa470..699a01ee41 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -6262,16 +6262,26 @@ under OpenGL graphics workloads.") (uri (string-append "https://github.com/rhboot/" name "/releases/download/" version "/" name "-" version ".tar.bz2")) + (patches (search-patches "efivar-gcc-compat.patch")) (sha256 (base32 - "17vvfivhsrszh7q39b6npjsrhrhsjf1cmmcpp3xrh6wh7ywzwrrw")))) + "17vvfivhsrszh7q39b6npjsrhrhsjf1cmmcpp3xrh6wh7ywzwrrw")) + (modules '((guix build utils))) + (snippet + '(begin + ;; Compile everything within a single LTO partition + ;; to work around ordering issues in the code. Try + ;; removing this for versions > 37. + (substitute* "Make.defaults" + (("-flto") + "-flto -flto-partition=one")))))) (build-system gnu-build-system) (arguments `(;; Tests require a UEFI system and is not detected in the chroot. #:tests? #f #:make-flags (list (string-append "prefix=" %output) (string-append "libdir=" %output "/lib") - "CC_FOR_BUILD=gcc" + (string-append "CC_FOR_BUILD=" ,(cc-for-target)) (string-append "LDFLAGS=-Wl,-rpath=" %output "/lib")) #:phases (modify-phases %standard-phases diff --git a/gnu/packages/patches/efivar-gcc-compat.patch b/gnu/packages/patches/efivar-gcc-compat.patch new file mode 100644 index 0000000000..fd1a3dc90a --- /dev/null +++ b/gnu/packages/patches/efivar-gcc-compat.patch @@ -0,0 +1,177 @@ +Fix build with -Werror=address-of-packed-member, which is default since +GCC 9. + +This is a combination of three upstream commits: + + https://github.com/rhboot/efivar/commit/b98ba8921010d03f46704a476c69861515deb1ca + https://github.com/rhboot/efivar/commit/c3c553db85ff10890209d0fe48fb4856ad68e4e0 + https://github.com/rhboot/efivar/commit/0dad6d78a7fb5f6c5fb4a1d646040539db6cf865 + +diff --git a/src/dp-media.c b/src/dp-media.c +index 96a576f..be691c4 100644 +--- a/src/dp-media.c ++++ b/src/dp-media.c +@@ -46,8 +46,7 @@ _format_media_dn(char *buf, size_t size, const_efidp dp) + break; + case EFIDP_HD_SIGNATURE_GUID: + format(buf, size, off, "HD", "GPT,"); +- format_guid(buf, size, off, "HD", +- (efi_guid_t *)dp->hd.signature); ++ format_guid(buf, size, off, "HD", dp->hd.signature); + format(buf, size, off, "HD", + ",0x%"PRIx64",0x%"PRIx64")", + dp->hd.start, dp->hd.size); +diff --git a/src/dp-message.c b/src/dp-message.c +index 3724e5f..6b8e907 100644 +--- a/src/dp-message.c ++++ b/src/dp-message.c +@@ -364,7 +364,7 @@ _format_message_dn(char *buf, size_t size, const_efidp dp) + dp->infiniband.port_gid[1], + dp->infiniband.port_gid[0]); + format_guid(buf, size, off, "Infiniband", +- (efi_guid_t *)&dp->infiniband.ioc_guid); ++ &dp->infiniband.ioc_guid); + format(buf, size, off, "Infiniband", + ",%"PRIu64",%"PRIu64")", + dp->infiniband.target_port_id, +@@ -620,11 +620,13 @@ _format_message_dn(char *buf, size_t size, const_efidp dp) + ) / sizeof(efi_ip_addr_t); + format(buf, size, off, "Dns", "Dns("); + for (int i=0; i < end; i++) { +- const efi_ip_addr_t *addr = &dp->dns.addrs[i]; ++ efi_ip_addr_t addr; ++ ++ memcpy(&addr, &dp->dns.addrs[i], sizeof(addr)); + if (i != 0) + format(buf, size, off, "Dns", ","); + format_ip_addr(buf, size, off, "Dns", +- dp->dns.is_ipv6, addr); ++ dp->dns.is_ipv6, &addr); + } + format(buf, size, off, "Dns", ")"); + break; +diff --git a/src/dp.h b/src/dp.h +index aa4e390..1f921d5 100644 +--- a/src/dp.h ++++ b/src/dp.h +@@ -70,8 +70,11 @@ + #define format_guid(buf, size, off, dp_type, guid) ({ \ + int _rc; \ + char *_guidstr = NULL; \ ++ efi_guid_t _guid; \ ++ const efi_guid_t * const _guid_p = &_guid; \ + \ +- _rc = efi_guid_to_str(guid, &_guidstr); \ ++ memmove(&_guid, guid, sizeof(_guid)); \ ++ _rc = efi_guid_to_str(_guid_p, &_guidstr); \ + if (_rc < 0) { \ + efi_error("could not build %s GUID DP string", \ + dp_type); \ +@@ -79,7 +82,7 @@ + _guidstr = onstack(_guidstr, \ + strlen(_guidstr)+1); \ + _rc = format(buf, size, off, dp_type, "%s", \ +- _guidstr); \ ++ _guidstr); \ + } \ + _rc; \ + }) +diff --git a/src/guid.c b/src/guid.c +index 306c9ff..3156b3b 100644 +--- a/src/guid.c ++++ b/src/guid.c +@@ -31,7 +31,7 @@ + extern const efi_guid_t efi_guid_zero; + + int NONNULL(1, 2) PUBLIC +-efi_guid_cmp(const efi_guid_t *a, const efi_guid_t *b) ++efi_guid_cmp(const void * const a, const void * const b) + { + return memcmp(a, b, sizeof (efi_guid_t)); + } +diff --git a/src/include/efivar/efivar.h b/src/include/efivar/efivar.h +index 316891c..ad6449d 100644 +--- a/src/include/efivar/efivar.h ++++ b/src/include/efivar/efivar.h +@@ -128,7 +128,7 @@ extern int efi_symbol_to_guid(const char *symbol, efi_guid_t *guid) + + extern int efi_guid_is_zero(const efi_guid_t *guid); + extern int efi_guid_is_empty(const efi_guid_t *guid); +-extern int efi_guid_cmp(const efi_guid_t *a, const efi_guid_t *b); ++extern int efi_guid_cmp(const void * const a, const void * const b); + + /* import / export functions */ + typedef struct efi_variable efi_variable_t; +diff --git a/src/ucs2.h b/src/ucs2.h +index dbb5900..edd8367 100644 +--- a/src/ucs2.h ++++ b/src/ucs2.h +@@ -23,16 +23,21 @@ + (((val) & ((mask) << (shift))) >> (shift)) + + static inline size_t UNUSED +-ucs2len(const uint16_t * const s, ssize_t limit) ++ucs2len(const void *vs, ssize_t limit) + { + ssize_t i; +- for (i = 0; i < (limit >= 0 ? limit : i+1) && s[i] != (uint16_t)0; i++) ++ const uint16_t *s = vs; ++ const uint8_t *s8 = vs; ++ ++ for (i = 0; ++ i < (limit >= 0 ? limit : i+1) && s8[0] != 0 && s8[1] != 0; ++ i++, s8 += 2, s++) + ; + return i; + } + + static inline size_t UNUSED +-ucs2size(const uint16_t * const s, ssize_t limit) ++ucs2size(const void *s, ssize_t limit) + { + size_t rc = ucs2len(s, limit); + rc *= sizeof (uint16_t); +@@ -69,10 +74,11 @@ utf8size(uint8_t *s, ssize_t limit) + } + + static inline unsigned char * UNUSED +-ucs2_to_utf8(const uint16_t * const chars, ssize_t limit) ++ucs2_to_utf8(const void * const voidchars, ssize_t limit) + { + ssize_t i, j; + unsigned char *ret; ++ const uint16_t * const chars = voidchars; + + if (limit < 0) + limit = ucs2len(chars, -1); +@@ -124,10 +130,12 @@ ucs2_to_utf8(const uint16_t * const chars, ssize_t limit) + } + + static inline ssize_t UNUSED NONNULL(4) +-utf8_to_ucs2(uint16_t *ucs2, ssize_t size, int terminate, uint8_t *utf8) ++utf8_to_ucs2(void *ucs2void, ssize_t size, int terminate, uint8_t *utf8) + { + ssize_t req; + ssize_t i, j; ++ uint16_t *ucs2 = ucs2void; ++ uint16_t val16; + + if (!ucs2 && size > 0) { + errno = EINVAL; +@@ -162,10 +170,13 @@ utf8_to_ucs2(uint16_t *ucs2, ssize_t size, int terminate, uint8_t *utf8) + val = utf8[i] & 0x7f; + i += 1; + } +- ucs2[j] = val; ++ val16 = val; ++ ucs2[j] = val16; ++ } ++ if (terminate) { ++ val16 = 0; ++ ucs2[j++] = val16; + } +- if (terminate) +- ucs2[j++] = (uint16_t)0; + return j; + }; + -- cgit 1.4.1 From dece03e2b98fc1c2428c2448ce5792f813eb79bf Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sat, 19 Jun 2021 17:17:02 +0200 Subject: gnu: Remove bsdiff traces. This is a follow-up to 373c7b5791acd8f377455be47260948b843dd5db. * gnu/packages/patches/bsdiff-CVE-2014-9862.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. --- gnu/local.mk | 1 - gnu/packages/patches/bsdiff-CVE-2014-9862.patch | 15 --------------- 2 files changed, 16 deletions(-) delete mode 100644 gnu/packages/patches/bsdiff-CVE-2014-9862.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 5d84b3c33c..da86c66cda 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -854,7 +854,6 @@ dist_patch_DATA = \ %D%/packages/patches/bc-fix-cross-compilation.patch \ %D%/packages/patches/bear-disable-preinstall-tests.patch \ %D%/packages/patches/brightnessctl-elogind-support.patch \ - %D%/packages/patches/bsdiff-CVE-2014-9862.patch \ %D%/packages/patches/bsd-games-2.17-64bit.patch \ %D%/packages/patches/bsd-games-add-configure-config.patch \ %D%/packages/patches/bsd-games-add-wrapper.patch \ diff --git a/gnu/packages/patches/bsdiff-CVE-2014-9862.patch b/gnu/packages/patches/bsdiff-CVE-2014-9862.patch deleted file mode 100644 index 7aab818090..0000000000 --- a/gnu/packages/patches/bsdiff-CVE-2014-9862.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/bspatch.c b/bspatch.c -index 8d95633..ab77722 100644 ---- a/bspatch.c -+++ b/bspatch.c - -@@ -187,6 +187,10 @@ - }; - - /* Sanity-check */ -+ if ((ctrl[0] < 0) || (ctrl[1] < 0)) -+ errx(1,"Corrupt patch\n"); -+ -+ /* Sanity-check */ - if(newpos+ctrl[0]>newsize) - errx(1,"Corrupt patch\n"); -- cgit 1.4.1