From d95bb2957d95f0a6bb5310c97960f4484b62b74a Mon Sep 17 00:00:00 2001
From: Tobias Geerinckx-Rice <me@tobias.gr>
Date: Fri, 12 Jan 2018 16:43:24 +0100
Subject: gnu: dtc: Update to 1.4.6.

* gnu/packages/bootloaders.scm (dtc): Update to 1.4.6.
[source]: Remove both patches.
* gnu/packages/patches/dtc-format-modifier.patch: Delete file.
* gnu/packages/patches/dtc-32-bits-check.patch: Likewise.
* gnu/local.mk (dist_patch_DATA): Remove both.
---
 gnu/local.mk | 2 --
 1 file changed, 2 deletions(-)

(limited to 'gnu/local.mk')

diff --git a/gnu/local.mk b/gnu/local.mk
index eec46af0d0..051a9bb656 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -608,8 +608,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/doc++-include-directives.patch		\
   %D%/packages/patches/doc++-segfault-fix.patch			\
   %D%/packages/patches/doxygen-test.patch			\
-  %D%/packages/patches/dtc-format-modifier.patch		\
-  %D%/packages/patches/dtc-32-bits-check.patch			\
   %D%/packages/patches/dvd+rw-tools-add-include.patch 		\
   %D%/packages/patches/eigen-arm-neon-fixes.patch		\
   %D%/packages/patches/elfutils-tests-ptrace.patch		\
-- 
cgit 1.4.1


From 6b433caed2c86bf41acfa65dd507292e8a0ab2ac Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Thu, 11 Jan 2018 15:18:04 -0800
Subject: gnu: transmission: Fix a DNS rebinding vulnerability that allows RCE.

* gnu/packages/patches/transmission-fix-dns-rebinding-vuln.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/bittorrent.scm (transmission)[source]: Use it.
---
 gnu/local.mk                                       |   1 +
 gnu/packages/bittorrent.scm                        |   1 +
 .../transmission-fix-dns-rebinding-vuln.patch      | 302 +++++++++++++++++++++
 3 files changed, 304 insertions(+)
 create mode 100644 gnu/packages/patches/transmission-fix-dns-rebinding-vuln.patch

(limited to 'gnu/local.mk')

diff --git a/gnu/local.mk b/gnu/local.mk
index 051a9bb656..6af8bfc4bd 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1105,6 +1105,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/tipp10-fix-compiling.patch		\
   %D%/packages/patches/tipp10-remove-license-code.patch		\
   %D%/packages/patches/tk-find-library.patch			\
+  %D%/packages/patches/transmission-fix-dns-rebinding-vuln.patch	\
   %D%/packages/patches/ttf2eot-cstddef.patch			\
   %D%/packages/patches/ttfautohint-source-date-epoch.patch	\
   %D%/packages/patches/tophat-build-with-later-seqan.patch	\
diff --git a/gnu/packages/bittorrent.scm b/gnu/packages/bittorrent.scm
index eca0646200..800a42eea5 100644
--- a/gnu/packages/bittorrent.scm
+++ b/gnu/packages/bittorrent.scm
@@ -66,6 +66,7 @@
               (uri (string-append
                     "https://transmission.cachefly.net/transmission-"
                     version ".tar.xz"))
+              (patches (search-patches "transmission-fix-dns-rebinding-vuln.patch"))
               (sha256
                (base32
                 "0pykmhi7pdmzq47glbj8i2im6iarp4wnj4l1pyvsrnba61f0939s"))))
diff --git a/gnu/packages/patches/transmission-fix-dns-rebinding-vuln.patch b/gnu/packages/patches/transmission-fix-dns-rebinding-vuln.patch
new file mode 100644
index 0000000000..a3a0cf1608
--- /dev/null
+++ b/gnu/packages/patches/transmission-fix-dns-rebinding-vuln.patch
@@ -0,0 +1,302 @@
+Fix a weakness that allows remote code execution via the Transmission
+RPC server using DNS rebinding:
+
+https://bugs.chromium.org/p/project-zero/issues/detail?id=1447
+
+Patch adapted from Tavis Ormandy's patch on the Transmission master
+branch to the Transmission 2.92 release by Leo Famulari
+<leo@famulari.name>:
+
+https://github.com/transmission/transmission/pull/468/commits
+
+From fe2d3c6e75088f3d9b6040ce06da3d530358bc2f Mon Sep 17 00:00:00 2001
+From: Tavis Ormandy <taviso@google.com>
+Date: Thu, 11 Jan 2018 10:00:41 -0800
+Subject: [PATCH] mitigate dns rebinding attacks against daemon
+
+---
+ libtransmission/quark.c        |   2 + 
+ libtransmission/quark.h        |   2 + 
+ libtransmission/rpc-server.c   | 116 +++++++++++++++++++++++++++++++++++++----
+ libtransmission/rpc-server.h   |   4 ++
+ libtransmission/session.c      |   2 + 
+ libtransmission/transmission.h |   1 + 
+ libtransmission/web.c          |   3 ++
+ 7 files changed, 121 insertions(+), 9 deletions(-)
+
+diff --git a/libtransmission/quark.c b/libtransmission/quark.c
+index 30cc2bca4..b4fd7aabd 100644
+--- a/libtransmission/quark.c
++++ b/libtransmission/quark.c
+@@ -289,6 +289,8 @@ static const struct tr_key_struct my_static[] =
+   { "rpc-authentication-required", 27 },
+   { "rpc-bind-address", 16 },
+   { "rpc-enabled", 11 },
++  { "rpc-host-whitelist", 18 },
++  { "rpc-host-whitelist-enabled", 26 },
+   { "rpc-password", 12 },
+   { "rpc-port", 8 },
+   { "rpc-url", 7 },
+diff --git a/libtransmission/quark.h b/libtransmission/quark.h
+index 7f5212733..17464be8f 100644
+--- a/libtransmission/quark.h
++++ b/libtransmission/quark.h
+@@ -291,6 +291,8 @@ enum
+   TR_KEY_rpc_authentication_required,
+   TR_KEY_rpc_bind_address,
+   TR_KEY_rpc_enabled,
++  TR_KEY_rpc_host_whitelist,
++  TR_KEY_rpc_host_whitelist_enabled,
+   TR_KEY_rpc_password,
+   TR_KEY_rpc_port,
+   TR_KEY_rpc_url,
+diff --git a/libtransmission/rpc-server.c b/libtransmission/rpc-server.c
+index a3485f3fa..292cd5fce 100644
+--- a/libtransmission/rpc-server.c
++++ b/libtransmission/rpc-server.c
+@@ -52,6 +52,7 @@ struct tr_rpc_server
+     bool               isEnabled;
+     bool               isPasswordEnabled;
+     bool               isWhitelistEnabled;
++    bool               isHostWhitelistEnabled;
+     tr_port            port;
+     char             * url;
+     struct in_addr     bindAddress;
+@@ -63,6 +64,7 @@ struct tr_rpc_server
+     char             * password;
+     char             * whitelistStr;
+     tr_list          * whitelist;
++    tr_list          * hostWhitelist;
+ 
+     char             * sessionId;
+     time_t             sessionIdExpiresAt;
+@@ -588,6 +590,49 @@ isAddressAllowed (const tr_rpc_server * server, const char * address)
+   return false;
+ }
+ 
++static bool isHostnameAllowed(tr_rpc_server const* server, struct evhttp_request* req)
++{
++    /* If password auth is enabled, any hostname is permitted. */
++    if (server->isPasswordEnabled)
++    {
++        return true;
++    }
++
++    char const* const host = evhttp_find_header(req->input_headers, "Host");
++
++    // If whitelist is disabled, no restrictions.
++    if (!server->isHostWhitelistEnabled)
++        return true;
++
++    /* No host header, invalid request. */
++    if (host == NULL)
++    {
++        return false;
++    }
++
++    /* Host header might include the port. */
++    char* const hostname = tr_strndup(host, strcspn(host, ":"));
++
++    /* localhost or ipaddress is always acceptable. */
++    if (strcmp(hostname, "localhost") == 0 || strcmp(hostname, "localhost.") == 0 || tr_addressIsIP(hostname))
++    {
++        tr_free(hostname);
++        return true;
++    }
++
++    /* Otherwise, hostname must be whitelisted. */
++    for (tr_list* l = server->hostWhitelist; l != NULL; l = l->next) {
++        if (tr_wildmat(hostname, l->data))
++        {
++            tr_free(hostname);
++            return true;
++        }
++    }
++
++    tr_free(hostname);
++    return false;
++}
++
+ static bool
+ test_session_id (struct tr_rpc_server * server, struct evhttp_request * req)
+ {
+@@ -663,6 +708,23 @@ handle_request (struct evhttp_request * req, void * arg)
+           handle_upload (req, server);
+         }
+ #ifdef REQUIRE_SESSION_ID
++        else if (!isHostnameAllowed(server, req))
++        {
++            char* tmp = tr_strdup_printf(
++                "<p>Transmission received your request, but the hostname was unrecognized.</p>"
++                "<p>To fix this, choose one of the following options:"
++                "<ul>"
++                "<li>Enable password authentication, then any hostname is allowed.</li>"
++                "<li>Add the hostname you want to use to the whitelist in settings.</li>"
++                "</ul></p>"
++                "<p>If you're editing settings.json, see the 'rpc-host-whitelist' and 'rpc-host-whitelist-enabled' entries.</p>"
++                "<p>This requirement has been added to help prevent "
++                "<a href=\"https://en.wikipedia.org/wiki/DNS_rebinding\">DNS Rebinding</a> "
++                "attacks.</p>");
++            send_simple_response(req, 421, tmp);
++            tr_free(tmp);
++        }
++
+       else if (!test_session_id (server, req))
+         {
+           const char * sessionId = get_current_session_id (server);
+@@ -674,7 +736,7 @@ handle_request (struct evhttp_request * req, void * arg)
+             "<li> When you get this 409 error message, resend your request with the updated header"
+             "</ol></p>"
+             "<p>This requirement has been added to help prevent "
+-            "<a href=\"http://en.wikipedia.org/wiki/Cross-site_request_forgery\">CSRF</a> "
++            "<a href=\"https://en.wikipedia.org/wiki/Cross-site_request_forgery\">CSRF</a> "
+             "attacks.</p>"
+             "<p><code>%s: %s</code></p>",
+             TR_RPC_SESSION_ID_HEADER, sessionId);
+@@ -875,19 +937,14 @@ tr_rpcGetUrl (const tr_rpc_server * server)
+   return server->url ? server->url : "";
+ }
+ 
+-void
+-tr_rpcSetWhitelist (tr_rpc_server * server, const char * whitelistStr)
++static void
++tr_rpcSetList (char const* whitelistStr, tr_list** list)
+ {
+   void * tmp;
+   const char * walk;
+ 
+-  /* keep the string */
+-  tmp = server->whitelistStr;
+-  server->whitelistStr = tr_strdup (whitelistStr);
+-  tr_free (tmp);
+-
+   /* clear out the old whitelist entries */
+-  while ((tmp = tr_list_pop_front (&server->whitelist)))
++  while ((tmp = tr_list_pop_front (list)) != NULL)
+     tr_free (tmp);
+ 
+   /* build the new whitelist entries */
+@@ -896,7 +953,7 @@ tr_rpcSetWhitelist (tr_rpc_server * server, const char * whitelistStr)
+       const char * delimiters = " ,;";
+       const size_t len = strcspn (walk, delimiters);
+       char * token = tr_strndup (walk, len);
+-      tr_list_append (&server->whitelist, token);
++      tr_list_append (list, token);
+       if (strcspn (token, "+-") < len)
+         tr_logAddNamedInfo (MY_NAME, "Adding address to whitelist: %s (And it has a '+' or '-'!  Are you using an old ACL by mistake?)", token);
+       else
+@@ -909,6 +966,21 @@ tr_rpcSetWhitelist (tr_rpc_server * server, const char * whitelistStr)
+     }
+ }
+ 
++void tr_rpcSetHostWhitelist(tr_rpc_server* server, char const* whitelistStr)
++{
++    tr_rpcSetList(whitelistStr, &server->hostWhitelist);
++}
++
++void tr_rpcSetWhitelist(tr_rpc_server* server, char const* whitelistStr)
++{
++    /* keep the string */
++    char* const tmp = server->whitelistStr;
++    server->whitelistStr = tr_strdup(whitelistStr);
++    tr_free(tmp);
++
++    tr_rpcSetList(whitelistStr, &server->whitelist);
++}
++
+ const char*
+ tr_rpcGetWhitelist (const tr_rpc_server * server)
+ {
+@@ -930,6 +1002,11 @@ tr_rpcGetWhitelistEnabled (const tr_rpc_server * server)
+   return server->isWhitelistEnabled;
+ }
+ 
++void tr_rpcSetHostWhitelistEnabled(tr_rpc_server* server, bool isEnabled)
++{
++    server->isHostWhitelistEnabled = isEnabled;
++}
++
+ /****
+ *****  PASSWORD
+ ****/
+@@ -1063,6 +1140,28 @@ tr_rpcInit (tr_session  * session, tr_variant * settings)
+   else
+     tr_rpcSetWhitelistEnabled (s, boolVal);
+ 
++  key = TR_KEY_rpc_host_whitelist_enabled;
++
++  if (!tr_variantDictFindBool(settings, key, &boolVal))
++  {
++      missing_settings_key(key);
++  }
++  else
++  {
++      tr_rpcSetHostWhitelistEnabled(s, boolVal);
++  }
++
++  key = TR_KEY_rpc_host_whitelist;
++
++  if (!tr_variantDictFindStr(settings, key, &str, NULL) && str != NULL)
++  {
++      missing_settings_key(key);
++  }
++  else
++  {
++      tr_rpcSetHostWhitelist(s, str);
++  }
++
+   key = TR_KEY_rpc_authentication_required;
+   if (!tr_variantDictFindBool (settings, key, &boolVal))
+     missing_settings_key (key);
+diff --git a/libtransmission/rpc-server.h b/libtransmission/rpc-server.h
+index e0302c5ea..8c9e6b24e 100644
+--- a/libtransmission/rpc-server.h
++++ b/libtransmission/rpc-server.h
+@@ -49,6 +49,10 @@ void            tr_rpcSetWhitelist (tr_rpc_server * server,
+ 
+ const char*     tr_rpcGetWhitelist (const tr_rpc_server * server);
+ 
++void tr_rpcSetHostWhitelistEnabled(tr_rpc_server* server, bool isEnabled);
++
++void tr_rpcSetHostWhitelist(tr_rpc_server* server, char const* whitelist);
++
+ void            tr_rpcSetPassword (tr_rpc_server * server,
+                                    const char *    password);
+ 
+diff --git a/libtransmission/session.c b/libtransmission/session.c
+index 844cadba8..58b717913 100644
+--- a/libtransmission/session.c
++++ b/libtransmission/session.c
+@@ -359,6 +359,8 @@ tr_sessionGetDefaultSettings (tr_variant * d)
+   tr_variantDictAddStr  (d, TR_KEY_rpc_username,                    "");
+   tr_variantDictAddStr  (d, TR_KEY_rpc_whitelist,                   TR_DEFAULT_RPC_WHITELIST);
+   tr_variantDictAddBool (d, TR_KEY_rpc_whitelist_enabled,           true);
++  tr_variantDictAddStr(d, TR_KEY_rpc_host_whitelist, TR_DEFAULT_RPC_HOST_WHITELIST);
++  tr_variantDictAddBool(d, TR_KEY_rpc_host_whitelist_enabled, true);
+   tr_variantDictAddInt  (d, TR_KEY_rpc_port,                        atoi (TR_DEFAULT_RPC_PORT_STR));
+   tr_variantDictAddStr  (d, TR_KEY_rpc_url,                         TR_DEFAULT_RPC_URL_STR);
+   tr_variantDictAddBool (d, TR_KEY_scrape_paused_torrents_enabled,  true);
+diff --git a/libtransmission/transmission.h b/libtransmission/transmission.h
+index 4f76adfd6..e213a8f4e 100644
+--- a/libtransmission/transmission.h
++++ b/libtransmission/transmission.h
+@@ -123,6 +123,7 @@ const char* tr_getDefaultDownloadDir (void);
+ #define TR_DEFAULT_BIND_ADDRESS_IPV4        "0.0.0.0"
+ #define TR_DEFAULT_BIND_ADDRESS_IPV6             "::"
+ #define TR_DEFAULT_RPC_WHITELIST          "127.0.0.1"
++#define TR_DEFAULT_RPC_HOST_WHITELIST              ""
+ #define TR_DEFAULT_RPC_PORT_STR                "9091"
+ #define TR_DEFAULT_RPC_URL_STR       "/transmission/"
+ #define TR_DEFAULT_PEER_PORT_STR              "51413"
+diff --git a/libtransmission/web.c b/libtransmission/web.c
+index ee495e9fc..c7f062730 100644
+--- a/libtransmission/web.c
++++ b/libtransmission/web.c
+@@ -594,6 +594,7 @@ tr_webGetResponseStr (long code)
+       case 415: return "Unsupported Media Type";
+       case 416: return "Requested Range Not Satisfiable";
+       case 417: return "Expectation Failed";
++      case 421: return "Misdirected Request";
+       case 500: return "Internal Server Error";
+       case 501: return "Not Implemented";
+       case 502: return "Bad Gateway";
-- 
cgit 1.4.1


From b0912e9fdbffab15d9a754b2922778cfbd1fac2a Mon Sep 17 00:00:00 2001
From: Oleg Pykhalov <go.wigust@gmail.com>
Date: Tue, 12 Dec 2017 01:41:08 +0300
Subject: gnu: Add emacs-json-reformat.

* gnu/packages/patches/emacs-json-reformat-fix-tests.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add this.
* gnu/packages/emacs.scm (emacs-json-reformat): New variable.
---
 gnu/local.mk                                       |  2 +
 gnu/packages/emacs.scm                             | 49 +++++++++++++++++++++-
 .../patches/emacs-json-reformat-fix-tests.patch    | 32 ++++++++++++++
 3 files changed, 82 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/emacs-json-reformat-fix-tests.patch

(limited to 'gnu/local.mk')

diff --git a/gnu/local.mk b/gnu/local.mk
index 6af8bfc4bd..fb4babfdbc 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -17,6 +17,7 @@
 # Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 # Copyright © 2017 Gábor Boskovits <boskovits@gmail.com>
 # Copyright © 2018 Amirouche Boubekki <amirouche@hypermove.net>
+# Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com>
 #
 # This file is part of GNU Guix.
 #
@@ -615,6 +616,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/einstein-build.patch			\
   %D%/packages/patches/emacs-exec-path.patch			\
   %D%/packages/patches/emacs-fix-scheme-indent-function.patch	\
+  %D%/packages/patches/emacs-json-reformat-fix-tests.patch	\
   %D%/packages/patches/emacs-highlight-stages-add-gexp.patch	\
   %D%/packages/patches/emacs-scheme-complete-scheme-r5rs-info.patch	\
   %D%/packages/patches/emacs-source-date-epoch.patch		\
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index f83e2fb890..0ae44d52bc 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -26,7 +26,7 @@
 ;;; Copyright © 2017 George Clemmer <myglc2@gmail.com>
 ;;; Copyright © 2017 Feng Shu <tumashu@163.com>
 ;;; Copyright © 2017 Jan Nieuwenhuizen <janneke@gnu.org>
-;;; Copyright © 2017 Oleg Pykhalov <go.wigust@gmail.com>
+;;; Copyright © 2017, 2018 Oleg Pykhalov <go.wigust@gmail.com>
 ;;; Copyright © 2017 Mekeor Melire <mekeor.melire@gmail.com>
 ;;; Copyright © 2017 Peter Mikkelsen <petermikkelsen10@gmail.com>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
@@ -5950,6 +5950,53 @@ pair of minor modes which suppress all mouse events by intercepting them and
 running a customisable handler command (@code{ignore} by default). ")
     (license license:gpl3+)))
 
+(define-public emacs-json-reformat
+  (package
+    (name "emacs-json-reformat")
+    (version "0.0.6")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/gongo/json-reformat/archive/"
+                           version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "11fbq4scrgr7m0iwnzcrn2g7xvqwm2gf82sa7zy1l0nil7265p28"))
+       (patches (search-patches "emacs-json-reformat-fix-tests.patch"))))
+    (build-system emacs-build-system)
+    (propagated-inputs `(("emacs-undercover" ,emacs-undercover)))
+    (inputs
+     `(("emacs-dash" ,emacs-dash)         ; for tests
+       ("emacs-shut-up" ,emacs-shut-up))) ; for tests
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-before 'install 'check
+           (lambda* (#:key inputs #:allow-other-keys)
+             (zero? (system* "emacs" "--batch" "-L" "."
+                             "-L" (string-append
+                                   (assoc-ref inputs "emacs-undercover")
+                                   "/share/emacs/site-lisp/guix.d/undercover-"
+                                   ,(package-version emacs-undercover))
+                             "-L" (string-append
+                                   (assoc-ref inputs "emacs-dash")
+                                   "/share/emacs/site-lisp/guix.d/dash-"
+                                   ,(package-version emacs-dash))
+                             "-L" (string-append
+                                   (assoc-ref inputs "emacs-shut-up")
+                                   "/share/emacs/site-lisp/guix.d/shut-up-"
+                                   ,(package-version emacs-shut-up))
+                             "-l" "test/test-helper.el"
+                             "-l" "test/json-reformat-test.el"
+                             "-f" "ert-run-tests-batch-and-exit"))
+             #t)))))
+    (home-page "https://github.com/gongo/json-reformat")
+    (synopsis "Reformatting tool for JSON")
+    (description "@code{json-reformat} provides a reformatting tool for
+@url{http://json.org/, JSON}.")
+    (license license:gpl3+)))
+
 (define-public emacs-json-snatcher
   (package
     (name "emacs-json-snatcher")
diff --git a/gnu/packages/patches/emacs-json-reformat-fix-tests.patch b/gnu/packages/patches/emacs-json-reformat-fix-tests.patch
new file mode 100644
index 0000000000..977e50fc68
--- /dev/null
+++ b/gnu/packages/patches/emacs-json-reformat-fix-tests.patch
@@ -0,0 +1,32 @@
+Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com>
+
+This patch fixes tests for Emacs 25.
+
+Upstream bug URL:
+
+https://github.com/gongo/json-reformat/issues/33
+
+diff --git a/test/json-reformat-test.el b/test/json-reformat-test.el
+index 7de3be1..b4a4dde 100644
+--- a/test/json-reformat-test.el
++++ b/test/json-reformat-test.el
+@@ -58,7 +58,7 @@
+ (ert-deftest json-reformat-test:string-to-string ()
+   (should (string= "\"foobar\"" (json-reformat:string-to-string "foobar")))
+   (should (string= "\"fo\\\"o\\nbar\"" (json-reformat:string-to-string "fo\"o\nbar")))
+-  (should (string= "\"\\u2661\"" (json-reformat:string-to-string "\u2661")))
++  (should (string= "\"♡\"" (json-reformat:string-to-string "\u2661")))
+ 
+   (should (string= "\"^(amq\\\\.gen.*|amq\\\\.default)$\"" (json-reformat:string-to-string "^(amq\\.gen.*|amq\\.default)$")))
+   )
+@@ -148,6 +148,6 @@ bar\"" (json-reformat:string-to-string "fo\"o\nbar")))
+ [{ foo : \"bar\" }, { \"foo\" : \"baz\" }]") ;; At 3 (line)
+         (json-reformat-region (point-min) (point-max)))
+       (should (string=
+-               "JSON parse error [Reason] Bad string format: \"doesn't start with '\\\"'!\" [Position] In buffer, line 3 (char 6)"
++               "JSON parse error [Reason] Bad string format: \"doesn't start with \`\\\"'!\" [Position] In buffer, line 3 (char 6)"
+                message-string))
+       )))
+-- 
+2.15.1
+
-- 
cgit 1.4.1


From 7c3f22e9c3311dcb27e9b8bd31c6fa6eb0a549d8 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Sat, 13 Jan 2018 09:16:07 -0800
Subject: gnu: libxml2: Fix CVE-2017-15412.

* gnu/packages/patches/libxml2-CVE-2017-15412.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/xml.scm (libxml2/fixed)[source]: Use it.
---
 gnu/local.mk                                      |  1 +
 gnu/packages/patches/libxml2-CVE-2017-15412.patch | 47 +++++++++++++++++++++++
 gnu/packages/xml.scm                              |  3 +-
 3 files changed, 50 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/libxml2-CVE-2017-15412.patch

(limited to 'gnu/local.mk')

diff --git a/gnu/local.mk b/gnu/local.mk
index fb4babfdbc..b89077e876 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -862,6 +862,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/libxml2-CVE-2017-7376.patch		\
   %D%/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch	\
   %D%/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch	\
+  %D%/packages/patches/libxml2-CVE-2017-15412.patch		\
   %D%/packages/patches/libxslt-generated-ids.patch		\
   %D%/packages/patches/libxslt-CVE-2016-4738.patch		\
   %D%/packages/patches/libxslt-CVE-2017-5029.patch		\
diff --git a/gnu/packages/patches/libxml2-CVE-2017-15412.patch b/gnu/packages/patches/libxml2-CVE-2017-15412.patch
new file mode 100644
index 0000000000..07fe190ed1
--- /dev/null
+++ b/gnu/packages/patches/libxml2-CVE-2017-15412.patch
@@ -0,0 +1,47 @@
+Fix CVE-2017-15412:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412
+https://bugs.chromium.org/p/chromium/issues/detail?id=727039
+https://bugzilla.redhat.com/show_bug.cgi?id=1523128
+https://bugzilla.gnome.org/show_bug.cgi?id=783160
+
+Patch copied from upstream source repository:
+
+https://git.gnome.org/browse/libxml2/commit/?id=0f3b843b3534784ef57a4f9b874238aa1fda5a73
+
+From 0f3b843b3534784ef57a4f9b874238aa1fda5a73 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Thu, 1 Jun 2017 23:12:19 +0200
+Subject: [PATCH] Fix XPath stack frame logic
+
+Move the calls to xmlXPathSetFrame and xmlXPathPopFrame around in
+xmlXPathCompOpEvalPositionalPredicate to make sure that the context
+object on the stack is actually protected. Otherwise, memory corruption
+can occur when calling sloppily coded XPath extension functions.
+
+Fixes bug 783160.
+---
+ xpath.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/xpath.c b/xpath.c
+index 94815075..b816bd36 100644
+--- a/xpath.c
++++ b/xpath.c
+@@ -11932,11 +11932,11 @@ xmlXPathCompOpEvalPositionalPredicate(xmlXPathParserContextPtr ctxt,
+ 		}
+ 	    }
+ 
+-            frame = xmlXPathSetFrame(ctxt);
+ 	    valuePush(ctxt, contextObj);
++            frame = xmlXPathSetFrame(ctxt);
+ 	    res = xmlXPathCompOpEvalToBoolean(ctxt, exprOp, 1);
+-            tmp = valuePop(ctxt);
+             xmlXPathPopFrame(ctxt, frame);
++            tmp = valuePop(ctxt);
+ 
+ 	    if ((ctxt->error != XPATH_EXPRESSION_OK) || (res == -1)) {
+                 while (tmp != contextObj) {
+-- 
+2.15.1
+
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 23b447502b..ce0d13a999 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -155,7 +155,8 @@ project (but it is usable outside of the Gnome platform).")
                         "libxml2-CVE-2017-7375.patch"
                         "libxml2-CVE-2017-7376.patch"
                         "libxml2-CVE-2017-9047+CVE-2017-9048.patch"
-                        "libxml2-CVE-2017-9049+CVE-2017-9050.patch")))))))
+                        "libxml2-CVE-2017-9049+CVE-2017-9050.patch"
+                        "libxml2-CVE-2017-15412.patch")))))))
 
 (define-public python-libxml2
   (package (inherit libxml2)
-- 
cgit 1.4.1


From b87bf3bbd4fbf064b2d22e4ba5a0727b1fb983b5 Mon Sep 17 00:00:00 2001
From: Tobias Geerinckx-Rice <me@tobias.gr>
Date: Thu, 18 Jan 2018 01:02:51 +0100
Subject: gnu: lxterminal: Update to 0.3.1.

* gnu/packages/lxde.scm (lxterminal): Update to 0.3.1.
[source]: Remove patch for fixed CVE.
[arguments]: No longer skip test suite which appear to be fixed.
* gnu/packages/patches/lxterminal-CVE-2016-10369.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
---
 gnu/local.mk                                       |  1 -
 gnu/packages/lxde.scm                              | 10 ++----
 .../patches/lxterminal-CVE-2016-10369.patch        | 37 ----------------------
 3 files changed, 3 insertions(+), 45 deletions(-)
 delete mode 100644 gnu/packages/patches/lxterminal-CVE-2016-10369.patch

(limited to 'gnu/local.mk')

diff --git a/gnu/local.mk b/gnu/local.mk
index b89077e876..5d43fac5ad 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -889,7 +889,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/luminance-hdr-qt-printer.patch		\
   %D%/packages/patches/lvm2-static-link.patch			\
   %D%/packages/patches/lxsession-use-gapplication.patch         \
-  %D%/packages/patches/lxterminal-CVE-2016-10369.patch		\
   %D%/packages/patches/make-impure-dirs.patch			\
   %D%/packages/patches/mars-install.patch			\
   %D%/packages/patches/mars-sfml-2.3.patch			\
diff --git a/gnu/packages/lxde.scm b/gnu/packages/lxde.scm
index c616917bb7..02dacd3e87 100644
--- a/gnu/packages/lxde.scm
+++ b/gnu/packages/lxde.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;; Copyright © 2017 Brendan Tildesley <brendan.tildesley@openmailbox.org>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -157,21 +158,16 @@ toolkit.  It allows users to monitor and control of running processes.")
 (define-public lxterminal
   (package
     (name "lxterminal")
-    (version "0.3.0")
+    (version "0.3.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/lxde/LXTerminal"
                                   "%20%28terminal%20emulator%29/LXTerminal%20"
                                   version "/" name "-" version ".tar.xz"))
-              (patches (search-patches "lxterminal-CVE-2016-10369.patch"))
               (sha256
                (base32
-                "1yf76s15zvfw0h42b0ay1slpq47khgjmcry8ki2z812zar9lchia"))))
+                "0jrc3m0hbxcmcgahwjlm46s2350gh80ggb6a90xy0h6xqa3z73fd"))))
     (build-system gnu-build-system)
-    (arguments
-     `(;; Tests for "po" fail with "No rule to make target '../src/encoding.c'
-       ;; needed by 'lxterminal.pot'. Stop."
-       #:tests? #f))
     (inputs `(("gtk+" ,gtk+-2)
               ("vte"  ,vte/gtk+-2)))
     (native-inputs `(("intltool"   ,intltool)
diff --git a/gnu/packages/patches/lxterminal-CVE-2016-10369.patch b/gnu/packages/patches/lxterminal-CVE-2016-10369.patch
deleted file mode 100644
index 809eef08da..0000000000
--- a/gnu/packages/patches/lxterminal-CVE-2016-10369.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Fix CVE-2016-10369:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10369
-
-Patch copied from upstream source repository:
-
-https://git.lxde.org/gitweb/?p=lxde/lxterminal.git;a=commit;h=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648
-
-From f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648 Mon Sep 17 00:00:00 2001
-From: Yao Wei <mwei@lxde.org>
-Date: Mon, 8 May 2017 00:47:55 +0800
-Subject: [PATCH] fix: use g_get_user_runtime_dir for socket directory
-
-This bug is pointed out by stackexchange user that putting socket file in
-/tmp is a potential risk. Putting the socket dir in user directory could
-mitigate the risk.
----
- src/unixsocket.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/unixsocket.c b/src/unixsocket.c
-index 4c660ac..f88284c 100644
---- a/src/unixsocket.c
-+++ b/src/unixsocket.c
-@@ -140,7 +140,8 @@ gboolean lxterminal_socket_initialize(LXTermWindow * lxtermwin, gint argc, gchar
-      * This function returns TRUE if this process should keep running and FALSE if it should exit. */
- 
-     /* Formulate the path for the Unix domain socket. */
--    gchar * socket_path = g_strdup_printf("/tmp/.lxterminal-socket%s-%s", gdk_display_get_name(gdk_display_get_default()), g_get_user_name());
-+    gchar * socket_path = g_strdup_printf("%s/.lxterminal-socket-%s", g_get_user_runtime_dir(), gdk_display_get_name(gdk_display_get_default()));
-+    printf("%s\n", socket_path);
- 
-     /* Create socket. */
-     int fd = socket(PF_UNIX, SOCK_STREAM, 0);
--- 
-2.1.4
-
-- 
cgit 1.4.1


From 5d5ad3da881566c2cfe01bd70e6d759f241fc73a Mon Sep 17 00:00:00 2001
From: Tobias Geerinckx-Rice <me@tobias.gr>
Date: Sat, 30 Dec 2017 11:13:54 +0000
Subject: gnu: Add sl.

* gnu/packages/toys.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
---
 gnu/local.mk          |  1 +
 gnu/packages/toys.scm | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 66 insertions(+)
 create mode 100644 gnu/packages/toys.scm

(limited to 'gnu/local.mk')

diff --git a/gnu/local.mk b/gnu/local.mk
index 5d43fac5ad..b78fb9bae9 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -346,6 +346,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/python.scm			\
   %D%/packages/python-crypto.scm		\
   %D%/packages/python-web.scm			\
+  %D%/packages/toys.scm				\
   %D%/packages/tryton.scm			\
   %D%/packages/qt.scm				\
   %D%/packages/ragel.scm			\
diff --git a/gnu/packages/toys.scm b/gnu/packages/toys.scm
new file mode 100644
index 0000000000..05e1dab983
--- /dev/null
+++ b/gnu/packages/toys.scm
@@ -0,0 +1,65 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages toys)
+  #:use-module (gnu packages ncurses)
+  #:use-module (guix build-system gnu)
+  #:use-module (guix download)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages))
+
+(define-public sl
+  (package
+    (name "sl")
+    (version "5.02")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/mtoyoda/" name
+                           "/archive/" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0fjnnnxxq7zh9bm3yzbj84fgap0rhblxi2m10br83747gxsrcn8y"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("ncurses" ,ncurses)))
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (delete 'configure)            ; no configure script
+         (delete 'check)                ; no tests
+         (replace 'install              ; no ‘make install’ target
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (bin (string-append out "/bin"))
+                    (man (string-append out "/share/man"))
+                    (man1 (string-append man "/man1"))
+                    (man1-ja (string-append man "/ja/man1")))
+               (install-file "sl" bin)
+               (install-file "sl.1" man1)
+               (mkdir-p man1-ja)
+               (copy-file "sl.1.ja" (string-append man1-ja "/sl.1"))
+               #t))))))
+    (home-page "http://www.tkl.iis.u-tokyo.ac.jp/~toyoda/index_e.html")
+    (synopsis "Joke command to correct typing \"sl\" by mistake")
+    (description
+     "@dfn{SL} (for Steam Locomotive) displays one of several animated trains
+on the text terminal.  It serves no useful purpose but to discourage mistakenly
+typing @command{sl} instead of @command{ls}.")
+    (license (license:non-copyleft "file://LICENSE"
+                                   "See LICENSE in the distribution."))))
-- 
cgit 1.4.1


From 4ff22ec3b16a90b140721aa10c94c595ccb2c390 Mon Sep 17 00:00:00 2001
From: Tobias Geerinckx-Rice <me@tobias.gr>
Date: Wed, 17 Jan 2018 19:18:26 +0100
Subject: gnu: slurm: Update to 17.11.2.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* gnu/packages/parallel.scm (slurm): Update to 17.11.2.
[source]: Replace patch with less fragile SUBSTITUTE* in a snippet.
[arguments]: Rename ‘autogen’ phase to ‘autoconf’.  Use INVOKE.
* gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch:
Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
---
 gnu/local.mk                                       |  1 -
 gnu/packages/parallel.scm                          | 13 ++++---
 .../slurm-configure-remove-nonfree-contribs.patch  | 45 ----------------------
 3 files changed, 7 insertions(+), 52 deletions(-)
 delete mode 100644 gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch

(limited to 'gnu/local.mk')

diff --git a/gnu/local.mk b/gnu/local.mk
index b78fb9bae9..f7ac56eeab 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1082,7 +1082,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/slim-sigusr1.patch			\
   %D%/packages/patches/slim-reset.patch				\
   %D%/packages/patches/slim-login.patch				\
-  %D%/packages/patches/slurm-configure-remove-nonfree-contribs.patch \
   %D%/packages/patches/sooperlooper-build-with-wx-30.patch 	\
   %D%/packages/patches/steghide-fixes.patch			\
   %D%/packages/patches/superlu-dist-scotchmetis.patch		\
diff --git a/gnu/packages/parallel.scm b/gnu/packages/parallel.scm
index cc6542e853..2ec866f5f6 100644
--- a/gnu/packages/parallel.scm
+++ b/gnu/packages/parallel.scm
@@ -7,6 +7,7 @@
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Ben Woodcroft <donttrustben@gmail.com>
 ;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -93,7 +94,7 @@ and they are executed on lists of files, hosts, users or other items.")
 (define-public slurm
   (package
    (name "slurm")
-   (version "16.05.11")
+   (version "17.11.2")
    (source (origin
             (method url-fetch)
             (uri (string-append
@@ -101,12 +102,12 @@ and they are executed on lists of files, hosts, users or other items.")
                   version ".tar.bz2"))
             (sha256
              (base32
-              "0c63mvh13wsp6jlydaz98v35iwg53mk94ynpx9dqn2z4gl53k5y7"))
-            (patches (search-patches
-                      "slurm-configure-remove-nonfree-contribs.patch"))
+              "18yakb8kmhb16n0cv3zhjv8ahvsk9p0max8mmr2flb2c65fawks6"))
             (modules '((guix build utils)))
             (snippet
              '(begin
+                (substitute* "configure.ac"
+                  (("^[[:space:]]+contribs/.*$") ""))
                 (delete-file-recursively "contribs")
                 #t))))
    ;; FIXME: More optional inputs could be added,
@@ -136,8 +137,8 @@ and they are executed on lists of files, hosts, users or other items.")
             (string-append "--with-ssl=" (assoc-ref %build-inputs "openssl")))
       #:phases
       (modify-phases %standard-phases
-        (add-after 'unpack 'autogen
-          (lambda _ (zero? (system* "autoconf"))))))) ; configure.ac was patched
+        (add-after 'unpack 'autoconf
+          (lambda _ (invoke "autoconf")))))) ; configure.ac was patched
    (home-page "http://slurm.schedmd.com/")
    (synopsis "Workload manager for cluster computing")
    (description
diff --git a/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch b/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch
deleted file mode 100644
index 4092261f75..0000000000
--- a/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 49d83e24a8e66977056fc9920812265c16806500 Mon Sep 17 00:00:00 2001
-From: carolili <carolili@iki.fi>
-Date: Thu, 9 Feb 2017 19:24:49 +0000
-Subject: [PATCH] Removing contribs
-
----
- configure.ac | 22 ----------------------
- 1 file changed, 22 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 1cf1051..5d76b44 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -435,28 +435,6 @@ dnl All slurm Makefiles:
- 
- AC_CONFIG_FILES([Makefile
- 		 auxdir/Makefile
--		 contribs/Makefile
--		 contribs/cray/Makefile
--		 contribs/cray/csm/Makefile
--		 contribs/lua/Makefile
--		 contribs/mic/Makefile
--		 contribs/pam/Makefile
--		 contribs/pam_slurm_adopt/Makefile
--		 contribs/perlapi/Makefile
--		 contribs/perlapi/libslurm/Makefile
--		 contribs/perlapi/libslurm/perl/Makefile.PL
--		 contribs/perlapi/libslurmdb/Makefile
--		 contribs/perlapi/libslurmdb/perl/Makefile.PL
--		 contribs/seff/Makefile
--		 contribs/torque/Makefile
--		 contribs/openlava/Makefile
--		 contribs/phpext/Makefile
--		 contribs/phpext/slurm_php/config.m4
--		 contribs/sgather/Makefile
--		 contribs/sgi/Makefile
--		 contribs/sjobexit/Makefile
--		 contribs/slurmdb-direct/Makefile
--		 contribs/pmi2/Makefile
- 		 doc/Makefile
- 		 doc/man/Makefile
- 		 doc/man/man1/Makefile
--- 
-2.11.0
-
-- 
cgit 1.4.1


From 846b8d7fa0f566d9801122f9ee8be270dcf0de42 Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Wed, 17 Jan 2018 23:38:59 -0500
Subject: gnu: webkitgtk: Update to 2.18.5.

* gnu/packages/webkit.scm (webkitgtk): Update to 2.18.5.
[source]: Remove patch.
* gnu/packages/patches/webkitgtk-mitigate-spectre.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
---
 gnu/local.mk                                       |   1 -
 .../patches/webkitgtk-mitigate-spectre.patch       | 107 ---------------------
 gnu/packages/webkit.scm                            |   5 +-
 3 files changed, 2 insertions(+), 111 deletions(-)
 delete mode 100644 gnu/packages/patches/webkitgtk-mitigate-spectre.patch

(limited to 'gnu/local.mk')

diff --git a/gnu/local.mk b/gnu/local.mk
index f7ac56eeab..29f0803fa5 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1140,7 +1140,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/vsearch-unbundle-cityhash.patch		\
   %D%/packages/patches/vte-CVE-2012-2738-pt1.patch			\
   %D%/packages/patches/vte-CVE-2012-2738-pt2.patch			\
-  %D%/packages/patches/webkitgtk-mitigate-spectre.patch		\
   %D%/packages/patches/weechat-python.patch			\
   %D%/packages/patches/wicd-bitrate-none-fix.patch		\
   %D%/packages/patches/wicd-get-selected-profile-fix.patch	\
diff --git a/gnu/packages/patches/webkitgtk-mitigate-spectre.patch b/gnu/packages/patches/webkitgtk-mitigate-spectre.patch
deleted file mode 100644
index 3d983ede66..0000000000
--- a/gnu/packages/patches/webkitgtk-mitigate-spectre.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-Disable SharedArrayBuffers to mitigate Spectre.  Based on:
-
-  https://trac.webkit.org/changeset/226386/webkit
-
-Backported to webkitgtk-2.18.4 by Mark H Weaver <mhw@netris.org>
-
-
---- webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.h.orig	2017-12-19 02:23:07.000000000 -0500
-+++ webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.h	2018-01-06 19:28:55.985066986 -0500
-@@ -338,8 +338,10 @@
-     WriteBarrier<Structure> m_moduleLoaderStructure;
-     WriteBarrier<JSArrayBufferPrototype> m_arrayBufferPrototype;
-     WriteBarrier<Structure> m_arrayBufferStructure;
-+#if ENABLE(SHARED_ARRAY_BUFFER)
-     WriteBarrier<JSArrayBufferPrototype> m_sharedArrayBufferPrototype;
-     WriteBarrier<Structure> m_sharedArrayBufferStructure;
-+#endif
- 
- #define DEFINE_STORAGE_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \
-     WriteBarrier<capitalName ## Prototype> m_ ## lowerName ## Prototype; \
-@@ -670,8 +672,13 @@
-         switch (sharingMode) {
-         case ArrayBufferSharingMode::Default:
-             return m_arrayBufferPrototype.get();
-+#if ENABLE(SHARED_ARRAY_BUFFER)
-         case ArrayBufferSharingMode::Shared:
-             return m_sharedArrayBufferPrototype.get();
-+#else
-+        default:
-+            return m_arrayBufferPrototype.get();
-+#endif
-         }
-     }
-     Structure* arrayBufferStructure(ArrayBufferSharingMode sharingMode) const
-@@ -679,8 +686,13 @@
-         switch (sharingMode) {
-         case ArrayBufferSharingMode::Default:
-             return m_arrayBufferStructure.get();
-+#if ENABLE(SHARED_ARRAY_BUFFER)
-         case ArrayBufferSharingMode::Shared:
-             return m_sharedArrayBufferStructure.get();
-+#else
-+        default:
-+            return m_arrayBufferStructure.get();
-+#endif
-         }
-         RELEASE_ASSERT_NOT_REACHED();
-         return nullptr;
---- webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.cpp.orig	2017-12-19 02:23:07.000000000 -0500
-+++ webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.cpp	2018-01-06 19:27:16.628574304 -0500
-@@ -574,8 +574,10 @@
-     
-     m_arrayBufferPrototype.set(vm, this, JSArrayBufferPrototype::create(vm, this, JSArrayBufferPrototype::createStructure(vm, this, m_objectPrototype.get()), ArrayBufferSharingMode::Default));
-     m_arrayBufferStructure.set(vm, this, JSArrayBuffer::createStructure(vm, this, m_arrayBufferPrototype.get()));
-+#if ENABLE(SHARED_ARRAY_BUFFER)
-     m_sharedArrayBufferPrototype.set(vm, this, JSArrayBufferPrototype::create(vm, this, JSArrayBufferPrototype::createStructure(vm, this, m_objectPrototype.get()), ArrayBufferSharingMode::Shared));
-     m_sharedArrayBufferStructure.set(vm, this, JSArrayBuffer::createStructure(vm, this, m_sharedArrayBufferPrototype.get()));
-+#endif
- 
-     m_iteratorPrototype.set(vm, this, IteratorPrototype::create(vm, this, IteratorPrototype::createStructure(vm, this, m_objectPrototype.get())));
-     m_generatorPrototype.set(vm, this, GeneratorPrototype::create(vm, this, GeneratorPrototype::createStructure(vm, this, m_iteratorPrototype.get())));
-@@ -620,10 +622,11 @@
-     
-     JSArrayBufferConstructor* arrayBufferConstructor = JSArrayBufferConstructor::create(vm, JSArrayBufferConstructor::createStructure(vm, this, m_functionPrototype.get()), m_arrayBufferPrototype.get(), m_speciesGetterSetter.get(), ArrayBufferSharingMode::Default);
-     m_arrayBufferPrototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, arrayBufferConstructor, DontEnum);
-+#if ENABLE(SHARED_ARRAY_BUFFER)
-     JSArrayBufferConstructor* sharedArrayBufferConstructor = nullptr;
-     sharedArrayBufferConstructor = JSArrayBufferConstructor::create(vm, JSArrayBufferConstructor::createStructure(vm, this, m_functionPrototype.get()), m_sharedArrayBufferPrototype.get(), m_speciesGetterSetter.get(), ArrayBufferSharingMode::Shared);
-     m_sharedArrayBufferPrototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, sharedArrayBufferConstructor, DontEnum);
--    
-+#endif
- #define CREATE_CONSTRUCTOR_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \
- capitalName ## Constructor* lowerName ## Constructor = capitalName ## Constructor::create(vm, capitalName ## Constructor::createStructure(vm, this, m_functionPrototype.get()), m_ ## lowerName ## Prototype.get(), m_speciesGetterSetter.get()); \
- m_ ## lowerName ## Prototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, lowerName ## Constructor, DontEnum); \
-@@ -686,7 +689,9 @@
-     putDirectWithoutTransition(vm, vm.propertyNames->builtinNames().ArrayPrivateName(), arrayConstructor, DontEnum | DontDelete | ReadOnly);
- 
-     putDirectWithoutTransition(vm, vm.propertyNames->ArrayBuffer, arrayBufferConstructor, DontEnum);
-+#if ENABLE(SHARED_ARRAY_BUFFER)
-     putDirectWithoutTransition(vm, vm.propertyNames->SharedArrayBuffer, sharedArrayBufferConstructor, DontEnum);
-+#endif
- 
- #define PUT_CONSTRUCTOR_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \
- putDirectWithoutTransition(vm, vm.propertyNames-> jsName, lowerName ## Constructor, DontEnum); \
-@@ -1288,8 +1293,10 @@
-     
-     visitor.append(thisObject->m_arrayBufferPrototype);
-     visitor.append(thisObject->m_arrayBufferStructure);
-+#if ENABLE(SHARED_ARRAY_BUFFER)
-     visitor.append(thisObject->m_sharedArrayBufferPrototype);
-     visitor.append(thisObject->m_sharedArrayBufferStructure);
-+#endif
- 
- #define VISIT_SIMPLE_TYPE(CapitalName, lowerName, properName, instanceType, jsName, prototypeBase) \
-     visitor.append(thisObject->m_ ## lowerName ## Prototype); \
---- webkitgtk-2.18.4/Source/WTF/wtf/Platform.h.orig	2017-10-16 08:18:56.000000000 -0400
-+++ webkitgtk-2.18.4/Source/WTF/wtf/Platform.h	2018-01-06 19:29:52.897349199 -0500
-@@ -1190,6 +1190,9 @@
- #define HAVE_NS_ACTIVITY 1
- #endif
- 
-+/* Disable SharedArrayBuffers until Spectre security concerns are mitigated. */
-+#define ENABLE_SHARED_ARRAY_BUFFER 0
-+
- #if (OS(DARWIN) && USE(CG)) || (USE(FREETYPE) && !PLATFORM(GTK)) || (PLATFORM(WIN) && (USE(CG) || USE(CAIRO)))
- #undef ENABLE_OPENTYPE_MATH
- #define ENABLE_OPENTYPE_MATH 1
diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm
index 7acc018632..2b003f5b3b 100644
--- a/gnu/packages/webkit.scm
+++ b/gnu/packages/webkit.scm
@@ -54,15 +54,14 @@
 (define-public webkitgtk
   (package
     (name "webkitgtk")
-    (version "2.18.4")
+    (version "2.18.5")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.webkitgtk.org/releases/"
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1f1j0r996l20cgkvbwpizn7d4yp58cy334b1pvn4kfb5c2dbpdl7"))
-              (patches (search-patches "webkitgtk-mitigate-spectre.patch"))))
+                "1f1rsp14gkb2r1mrrxn2cnbs45vg38da27q4cf02zlxmgv680v8c"))))
     (build-system cmake-build-system)
     (arguments
      '(#:tests? #f ; no tests
-- 
cgit 1.4.1


From 5bb12e1462c4ecfbed829b09ed011853dd74209d Mon Sep 17 00:00:00 2001
From: Tobias Geerinckx-Rice <me@tobias.gr>
Date: Fri, 19 Jan 2018 05:27:06 +0100
Subject: gnu: ninja: Update to 1.8.2.

* gnu/packages/ninja.scm (ninja): Update to 1.8.2.
[source]: Remove upstreamed patch.
[arguments]: Substitute INVOKE for SYSTEM*.  Use standard indentation.
* gnu/packages/patches/ninja-zero-mtime.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
---
 gnu/local.mk                                |  1 -
 gnu/packages/ninja.scm                      | 52 +++++++++++++----------------
 gnu/packages/patches/ninja-zero-mtime.patch | 19 -----------
 3 files changed, 24 insertions(+), 48 deletions(-)
 delete mode 100644 gnu/packages/patches/ninja-zero-mtime.patch

(limited to 'gnu/local.mk')

diff --git a/gnu/local.mk b/gnu/local.mk
index 29f0803fa5..855d9ca460 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -925,7 +925,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/netsurf-y2038-tests.patch		\
   %D%/packages/patches/netsurf-longer-test-timeout.patch	\
   %D%/packages/patches/ngircd-handle-zombies.patch		\
-  %D%/packages/patches/ninja-zero-mtime.patch			\
   %D%/packages/patches/node-test-http2-server-rst-stream.patch	\
   %D%/packages/patches/nss-increase-test-timeout.patch		\
   %D%/packages/patches/nss-pkgconfig.patch			\
diff --git a/gnu/packages/ninja.scm b/gnu/packages/ninja.scm
index 2a53a3f5b3..adb236484f 100644
--- a/gnu/packages/ninja.scm
+++ b/gnu/packages/ninja.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -29,7 +30,7 @@
 (define-public ninja
   (package
     (name "ninja")
-    (version "1.7.2")
+    (version "1.8.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/martine/ninja/"
@@ -37,38 +38,33 @@
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1n8n3g26ppwh7zwrc37n3alkbpbj0wki34ih53s3rkhs8ajs1p9f"))
-              (patches (search-patches "ninja-zero-mtime.patch"))))
+                "1x66q6494ml1p1f74mxzik1giakl4zj7rxig9jsc50087l671f46"))))
     (build-system gnu-build-system)
     (native-inputs `(("python" ,python-2)))
     (arguments
      '(#:phases
        (modify-phases %standard-phases
-         (replace
-          'configure
-          (lambda _
-            (substitute* "src/subprocess-posix.cc"
-              (("/bin/sh") (which "sh")))
-            #t))
-         (replace
-          'build
-          (lambda _
-            (zero? (system* "./configure.py" "--bootstrap"))))
-         (replace
-          'check
-          (lambda _
-            (and (zero? (system* "./configure.py"))
-                 (zero? (system* "./ninja" "ninja_test"))
-                 (zero? (system* "./ninja_test")))))
-         (replace
-          'install
-          (lambda* (#:key outputs #:allow-other-keys)
-            (let* ((out (assoc-ref outputs "out"))
-                   (bin (string-append out "/bin"))
-                   (doc (string-append out "/share/doc/ninja")))
-              (install-file "ninja" bin)
-              (install-file "doc/manual.asciidoc" doc)
-              #t))))))
+         (replace 'configure
+           (lambda _
+             (substitute* "src/subprocess-posix.cc"
+               (("/bin/sh") (which "sh")))
+             #t))
+         (replace 'build
+           (lambda _
+             (invoke "./configure.py" "--bootstrap")))
+         (replace 'check
+           (lambda _
+             (invoke "./configure.py")
+             (invoke "./ninja" "ninja_test")
+             (invoke "./ninja_test")))
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (bin (string-append out "/bin"))
+                    (doc (string-append out "/share/doc/ninja")))
+               (install-file "ninja" bin)
+               (install-file "doc/manual.asciidoc" doc)
+               #t))))))
     (home-page "https://ninja-build.org/")
     (synopsis "Small build system")
     (description
diff --git a/gnu/packages/patches/ninja-zero-mtime.patch b/gnu/packages/patches/ninja-zero-mtime.patch
deleted file mode 100644
index c9b9e8d798..0000000000
--- a/gnu/packages/patches/ninja-zero-mtime.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-Work around a design defect in Ninja whereby a zero mtime is used to
-denote missing files (we happen to produce files that have a zero mtime
-and yet really do exist.)
-
---- ninja-1.5.3/src/disk_interface.cc	2014-11-24 18:37:47.000000000 +0100
-+++ ninja-1.5.3/src/disk_interface.cc	2015-07-18 23:20:38.572290139 +0200
-@@ -194,6 +194,12 @@ TimeStamp RealDiskInterface::Stat(const
-     }
-     return -1;
-   }
-+
-+  if (st.st_mtime == 0)
-+    // All the code assumes that mtime == 0 means "file missing".  Here we
-+    // know the file is not missing, so tweak the mtime.
-+    st.st_mtime = 1;
-+
-   return st.st_mtime;
- #endif
- }
-- 
cgit 1.4.1


From ccb5cac17be98aaa9c3225605d6170c675d8e8e6 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Fri, 19 Jan 2018 17:49:02 -0800
Subject: gnu: libexif: Fix CVE-2016-6328.

* gnu/packages/patches/libexif-CVE-2016-6328.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/photo.scm (libexif)[source]: Use it.
---
 gnu/local.mk                                     |  1 +
 gnu/packages/patches/libexif-CVE-2016-6328.patch | 72 ++++++++++++++++++++++++
 gnu/packages/photo.scm                           |  3 +-
 3 files changed, 75 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/libexif-CVE-2016-6328.patch

(limited to 'gnu/local.mk')

diff --git a/gnu/local.mk b/gnu/local.mk
index 855d9ca460..240554fe4e 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -817,6 +817,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch	\
   %D%/packages/patches/libevent-2.1-dns-tests.patch		\
   %D%/packages/patches/libevent-2.1-skip-failing-test.patch	\
+  %D%/packages/patches/libexif-CVE-2016-6328.patch		\
   %D%/packages/patches/libexif-CVE-2017-7544.patch		\
   %D%/packages/patches/libgit2-0.25.1-mtime-0.patch		\
   %D%/packages/patches/libgdata-fix-tests.patch			\
diff --git a/gnu/packages/patches/libexif-CVE-2016-6328.patch b/gnu/packages/patches/libexif-CVE-2016-6328.patch
new file mode 100644
index 0000000000..67fee0f528
--- /dev/null
+++ b/gnu/packages/patches/libexif-CVE-2016-6328.patch
@@ -0,0 +1,72 @@
+Fix CVE-2016-6328:
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1366239
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328
+
+Patch copied from upstream source repository:
+
+https://github.com/libexif/libexif/commit/41bd04234b104312f54d25822f68738ba8d7133d
+
+From 41bd04234b104312f54d25822f68738ba8d7133d Mon Sep 17 00:00:00 2001
+From: Marcus Meissner <marcus@jet.franken.de>
+Date: Tue, 25 Jul 2017 23:44:44 +0200
+Subject: [PATCH] fixes some (not all) buffer overreads during decoding pentax
+ makernote entries.
+
+This should fix:
+https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328
+---
+ libexif/pentax/mnote-pentax-entry.c | 16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c
+index d03d159..ea0429a 100644
+--- a/libexif/pentax/mnote-pentax-entry.c
++++ b/libexif/pentax/mnote-pentax-entry.c
+@@ -425,24 +425,34 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
+ 		case EXIF_FORMAT_SHORT:
+ 		  {
+ 			const unsigned char *data = entry->data;
+-		  	size_t k, len = strlen(val);
++		  	size_t k, len = strlen(val), sizeleft;
++
++			sizeleft = entry->size;
+ 		  	for(k=0; k<entry->components; k++) {
++				if (sizeleft < 2)
++					break;
+ 				vs = exif_get_short (data, entry->order);
+ 				snprintf (val+len, maxlen-len, "%i ", vs);
+ 				len = strlen(val);
+ 				data += 2;
++				sizeleft -= 2;
+ 			}
+ 		  }
+ 		  break;
+ 		case EXIF_FORMAT_LONG:
+ 		  {
+ 			const unsigned char *data = entry->data;
+-		  	size_t k, len = strlen(val);
++		  	size_t k, len = strlen(val), sizeleft;
++
++			sizeleft = entry->size;
+ 		  	for(k=0; k<entry->components; k++) {
++				if (sizeleft < 4)
++					break;
+ 				vl = exif_get_long (data, entry->order);
+ 				snprintf (val+len, maxlen-len, "%li", (long int) vl);
+ 				len = strlen(val);
+ 				data += 4;
++				sizeleft -= 4;
+ 			}
+ 		  }
+ 		  break;
+@@ -455,5 +465,5 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
+ 		break;
+ 	}
+ 
+-	return (val);
++	return val;
+ }
+-- 
+2.16.0
+
diff --git a/gnu/packages/photo.scm b/gnu/packages/photo.scm
index e93e4651f3..d8a80acb36 100644
--- a/gnu/packages/photo.scm
+++ b/gnu/packages/photo.scm
@@ -91,7 +91,8 @@ cameras (CRW/CR2, NEF, RAF, DNG, and others).")
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/libexif/libexif/"
                                   version "/libexif-" version ".tar.bz2"))
-              (patches (search-patches "libexif-CVE-2017-7544.patch"))
+              (patches (search-patches "libexif-CVE-2016-6328.patch"
+                                       "libexif-CVE-2017-7544.patch"))
               (sha256
                (base32
                 "06nlsibr3ylfwp28w8f5466l6drgrnydgxrm4jmxzrmk5svaxk8n"))))
-- 
cgit 1.4.1