From 455859a50f88f625d13fc2f304111f02369b366b Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 1 Aug 2016 23:30:52 +0200 Subject: Merge branch 'core-updates' --- .../patches/automake-test-gzip-warning.patch | 17 + gnu/packages/patches/dealii-p4est-interface.patch | 62 --- gnu/packages/patches/dico-idxgcide-bug.patch | 21 + .../patches/expat-CVE-2015-1283-refix.patch | 27 +- gnu/packages/patches/expat-CVE-2015-1283.patch | 89 ---- gnu/packages/patches/glibc-CVE-2015-7547.patch | 559 -------------------- .../patches/glibc-hurd-extern-inline.patch | 35 -- .../patches/glibc-locale-incompatibility.patch | 23 - gnu/packages/patches/glibc-locales.patch | 6 +- .../patches/libarchive-CVE-2013-0211.patch | 21 - .../patches/libarchive-CVE-2016-1541.patch | 67 --- gnu/packages/patches/libarchive-bsdtar-test.patch | 74 --- .../patches/libarchive-fix-lzo-test-case.patch | 83 --- .../libarchive-mtree-filename-length-fix.patch | 18 - .../patches/libpthread-glibc-preparation.patch | 146 ------ gnu/packages/patches/libxslt-CVE-2015-7995.patch | 29 -- gnu/packages/patches/libxslt-generated-ids.patch | 173 +++++++ gnu/packages/patches/mit-krb5-CVE-2015-8629.patch | 51 -- gnu/packages/patches/mit-krb5-CVE-2015-8630.patch | 81 --- gnu/packages/patches/mit-krb5-CVE-2015-8631.patch | 576 --------------------- .../mit-krb5-init-context-null-spnego.patch | 49 -- gnu/packages/patches/procps-non-linux.patch | 40 ++ gnu/packages/patches/rapicorn-isnan.patch | 87 ++++ gnu/packages/patches/tar-d_ino_in_dirent-fix.patch | 33 -- 24 files changed, 353 insertions(+), 2014 deletions(-) create mode 100644 gnu/packages/patches/automake-test-gzip-warning.patch delete mode 100644 gnu/packages/patches/dealii-p4est-interface.patch create mode 100644 gnu/packages/patches/dico-idxgcide-bug.patch delete mode 100644 gnu/packages/patches/expat-CVE-2015-1283.patch delete mode 100644 gnu/packages/patches/glibc-CVE-2015-7547.patch delete mode 100644 gnu/packages/patches/glibc-hurd-extern-inline.patch delete mode 100644 gnu/packages/patches/glibc-locale-incompatibility.patch delete mode 100644 gnu/packages/patches/libarchive-CVE-2013-0211.patch delete mode 100644 gnu/packages/patches/libarchive-CVE-2016-1541.patch delete mode 100644 gnu/packages/patches/libarchive-bsdtar-test.patch delete mode 100644 gnu/packages/patches/libarchive-fix-lzo-test-case.patch delete mode 100644 gnu/packages/patches/libarchive-mtree-filename-length-fix.patch delete mode 100644 gnu/packages/patches/libpthread-glibc-preparation.patch delete mode 100644 gnu/packages/patches/libxslt-CVE-2015-7995.patch create mode 100644 gnu/packages/patches/libxslt-generated-ids.patch delete mode 100644 gnu/packages/patches/mit-krb5-CVE-2015-8629.patch delete mode 100644 gnu/packages/patches/mit-krb5-CVE-2015-8630.patch delete mode 100644 gnu/packages/patches/mit-krb5-CVE-2015-8631.patch delete mode 100644 gnu/packages/patches/mit-krb5-init-context-null-spnego.patch create mode 100644 gnu/packages/patches/procps-non-linux.patch create mode 100644 gnu/packages/patches/rapicorn-isnan.patch delete mode 100644 gnu/packages/patches/tar-d_ino_in_dirent-fix.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/automake-test-gzip-warning.patch b/gnu/packages/patches/automake-test-gzip-warning.patch new file mode 100644 index 0000000000..bcc9c207ae --- /dev/null +++ b/gnu/packages/patches/automake-test-gzip-warning.patch @@ -0,0 +1,17 @@ +Adjust test to ignore gzip 1.8+ warnings. + +--- automake-1.15/t/distcheck-no-prefix-or-srcdir-override.sh 2016-06-14 00:36:26.554218552 +0200 ++++ automake-1.15/t/distcheck-no-prefix-or-srcdir-override.sh 2016-06-14 00:37:52.903157770 +0200 +@@ -49,7 +49,11 @@ grep "cannot find sources.* in foobar" s + + ./configure + run_make -E -O distcheck +-test ! -s stderr ++ ++# Gzip 1.8+ emits warnings like "gzip: warning: GZIP environment ++# variable is deprecated"; filter them out. ++test `grep -v '^gzip: warning' stderr | wc -l` -eq 0 ++ + # Sanity check: the flags have been actually seen. + $PERL -e 'undef $/; $_ = <>; s/ \\\n/ /g; print;' t + grep '/configure .* --srcdir am-src' t || exit 99 diff --git a/gnu/packages/patches/dealii-p4est-interface.patch b/gnu/packages/patches/dealii-p4est-interface.patch deleted file mode 100644 index 4c4125d16c..0000000000 --- a/gnu/packages/patches/dealii-p4est-interface.patch +++ /dev/null @@ -1,62 +0,0 @@ -From upstream commit f764598c. - -The p4est_connectivity_load function used to take an unsigned long as argument, -but this has been changed to size_t in p4est 1.0. This makes no difference on -64 bit systems, but leads to compiler errors on 32 bit systems. Fix this. - ---- a/source/distributed/tria.cc -+++ b/source/distributed/tria.cc -@@ -204,7 +204,11 @@ namespace internal - static - int (&connectivity_is_valid) (types<2>::connectivity *connectivity); - --#if DEAL_II_P4EST_VERSION_GTE(0,3,4,3) -+#if DEAL_II_P4EST_VERSION_GTE(1,0,0,0) -+ static -+ types<2>::connectivity *(&connectivity_load) (const char *filename, -+ size_t *length); -+#elif DEAL_II_P4EST_VERSION_GTE(0,3,4,3) - static - types<2>::connectivity *(&connectivity_load) (const char *filename, - long unsigned *length); -@@ -384,7 +388,12 @@ namespace internal - *connectivity) - = p4est_connectivity_is_valid; - --#if DEAL_II_P4EST_VERSION_GTE(0,3,4,3) -+#if DEAL_II_P4EST_VERSION_GTE(1,0,0,0) -+ types<2>::connectivity * -+ (&functions<2>::connectivity_load) (const char *filename, -+ size_t *length) -+ = p4est_connectivity_load; -+#elif DEAL_II_P4EST_VERSION_GTE(0,3,4,3) - types<2>::connectivity * - (&functions<2>::connectivity_load) (const char *filename, - long unsigned *length) -@@ -564,7 +573,11 @@ namespace internal - static - int (&connectivity_is_valid) (types<3>::connectivity *connectivity); - --#if DEAL_II_P4EST_VERSION_GTE(0,3,4,3) -+#if DEAL_II_P4EST_VERSION_GTE(1,0,0,0) -+ static -+ types<3>::connectivity *(&connectivity_load) (const char *filename, -+ size_t *length); -+#elif DEAL_II_P4EST_VERSION_GTE(0,3,4,3) - static - types<3>::connectivity *(&connectivity_load) (const char *filename, - long unsigned *length); -@@ -747,7 +760,12 @@ namespace internal - *connectivity) - = p8est_connectivity_is_valid; - --#if DEAL_II_P4EST_VERSION_GTE(0,3,4,3) -+#if DEAL_II_P4EST_VERSION_GTE(1,0,0,0) -+ types<3>::connectivity * -+ (&functions<3>::connectivity_load) (const char *filename, -+ size_t *length) -+ = p8est_connectivity_load; -+#elif DEAL_II_P4EST_VERSION_GTE(0,3,4,3) - types<3>::connectivity * - (&functions<3>::connectivity_load) (const char *filename, - long unsigned *length) diff --git a/gnu/packages/patches/dico-idxgcide-bug.patch b/gnu/packages/patches/dico-idxgcide-bug.patch new file mode 100644 index 0000000000..28cc8a6a08 --- /dev/null +++ b/gnu/packages/patches/dico-idxgcide-bug.patch @@ -0,0 +1,21 @@ +Reported at . +Patch the .c file to avoid depending on Flex. + +commit 4599abbda3b5979367138ea098e435c919fe93fc +Author: Sergey Poznyakoff +Date: Thu Jul 28 14:09:58 2016 +0300 + + Bugfix + + * modules/gcide/idxgcide.l (main): Initialize ipg_header. + +--- dico-2.2/modules/gcide/idxgcide.c 2016-07-28 14:15:07.823587004 +0200 ++++ dico-2.2/modules/gcide/idxgcide.c 2016-07-28 14:15:09.435600549 +0200 +@@ -2497,6 +2497,7 @@ main(int argc, char **argv) + dico_log(L_ERR, 0, _("not enough memory")); + exit(EX_UNAVAILABLE); + } ++ idx_page->ipg_header.hdr.phdr_numentries = 0; + idx_page->ipg_header.hdr.phdr_text_offset = idx_header.ihdr_pagesize / 2; + + idx_header.ihdr_maxpageref = idx_header.ihdr_pagesize / 2 / diff --git a/gnu/packages/patches/expat-CVE-2015-1283-refix.patch b/gnu/packages/patches/expat-CVE-2015-1283-refix.patch index af5e3bcc3e..fc8d6291f5 100644 --- a/gnu/packages/patches/expat-CVE-2015-1283-refix.patch +++ b/gnu/packages/patches/expat-CVE-2015-1283-refix.patch @@ -1,42 +1,39 @@ -Update previous fix for CVE-2015-1283 to not rely on undefined behavior. +Follow-up upstream fix for CVE-2015-1283 to not rely on undefined +behavior. -Copied from Debian, as found in Debian package version 2.1.0-6+deb8u2. +Adapted from a patch from Debian (found in Debian package version +2.1.0-6+deb8u2) to apply to upstream code: https://sources.debian.net/src/expat/2.1.0-6%2Bdeb8u2/debian/patches/CVE-2015-1283-refix.patch/ -From 29a11774d8ebbafe8418b4a5ffb4cc1160b194a1 Mon Sep 17 00:00:00 2001 -From: Pascal Cuoq -Date: Sun, 15 May 2016 09:05:46 +0200 -Subject: [PATCH] Avoid relying on undefined behavior in CVE-2015-1283 fix. - --- - expat/lib/xmlparse.c | 6 ++++-- + lib/xmlparse.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/xmlparse.c b/lib/xmlparse.c -index 13e080d..cdb12ef 100644 +index 0f6f4cd..5c70c17 100644 --- a/lib/xmlparse.c +++ b/lib/xmlparse.c -@@ -1695,7 +1695,8 @@ XML_GetBuffer(XML_Parser parser, int len +@@ -1727,7 +1727,8 @@ XML_GetBuffer(XML_Parser parser, int len) } if (len > bufferLim - bufferEnd) { - int neededSize = len + (int)(bufferEnd - bufferPtr); + /* Do not invoke signed arithmetic overflow: */ + int neededSize = (int) ((unsigned)len + (unsigned)(bufferEnd - bufferPtr)); - /* BEGIN MOZILLA CHANGE (sanity check neededSize) */ if (neededSize < 0) { errorCode = XML_ERROR_NO_MEMORY; -@@ -1729,7 +1730,8 @@ XML_GetBuffer(XML_Parser parser, int len + return NULL; +@@ -1759,7 +1760,8 @@ XML_GetBuffer(XML_Parser parser, int len) if (bufferSize == 0) bufferSize = INIT_BUFFER_SIZE; do { - bufferSize *= 2; + /* Do not invoke signed arithmetic overflow: */ + bufferSize = (int) (2U * (unsigned) bufferSize); - /* BEGIN MOZILLA CHANGE (prevent infinite loop on overflow) */ } while (bufferSize < neededSize && bufferSize > 0); - /* END MOZILLA CHANGE */ + if (bufferSize <= 0) { + errorCode = XML_ERROR_NO_MEMORY; -- -2.8.2 +2.8.3 diff --git a/gnu/packages/patches/expat-CVE-2015-1283.patch b/gnu/packages/patches/expat-CVE-2015-1283.patch deleted file mode 100644 index f9065bea16..0000000000 --- a/gnu/packages/patches/expat-CVE-2015-1283.patch +++ /dev/null @@ -1,89 +0,0 @@ -Copied from Debian. - -Description: fix multiple integer overflows in the XML_GetBuffer function - Multiple integer overflows in the XML_GetBuffer function in Expat through - 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, - allow remote attackers to cause a denial of service (heap-based buffer - overflow) or possibly have unspecified other impact via crafted XML data, - a related issue to CVE-2015-2716. -Origin: Mozilla, https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c -Author: Eric Rahm -Forwarded: not-needed -Last-Update: 2015-07-24 - -diff --git a/lib/xmlparse.c b/lib/xmlparse.c ---- a/lib/xmlparse.c -+++ b/lib/xmlparse.c -@@ -1673,29 +1673,40 @@ XML_ParseBuffer(XML_Parser parser, int l - XmlUpdatePosition(encoding, positionPtr, bufferPtr, &position); - positionPtr = bufferPtr; - return result; - } - - void * XMLCALL - XML_GetBuffer(XML_Parser parser, int len) - { -+/* BEGIN MOZILLA CHANGE (sanity check len) */ -+ if (len < 0) { -+ errorCode = XML_ERROR_NO_MEMORY; -+ return NULL; -+ } -+/* END MOZILLA CHANGE */ - switch (ps_parsing) { - case XML_SUSPENDED: - errorCode = XML_ERROR_SUSPENDED; - return NULL; - case XML_FINISHED: - errorCode = XML_ERROR_FINISHED; - return NULL; - default: ; - } - - if (len > bufferLim - bufferEnd) { -- /* FIXME avoid integer overflow */ - int neededSize = len + (int)(bufferEnd - bufferPtr); -+/* BEGIN MOZILLA CHANGE (sanity check neededSize) */ -+ if (neededSize < 0) { -+ errorCode = XML_ERROR_NO_MEMORY; -+ return NULL; -+ } -+/* END MOZILLA CHANGE */ - #ifdef XML_CONTEXT_BYTES - int keep = (int)(bufferPtr - buffer); - - if (keep > XML_CONTEXT_BYTES) - keep = XML_CONTEXT_BYTES; - neededSize += keep; - #endif /* defined XML_CONTEXT_BYTES */ - if (neededSize <= bufferLim - buffer) { -@@ -1714,17 +1725,25 @@ XML_GetBuffer(XML_Parser parser, int len - } - else { - char *newBuf; - int bufferSize = (int)(bufferLim - bufferPtr); - if (bufferSize == 0) - bufferSize = INIT_BUFFER_SIZE; - do { - bufferSize *= 2; -- } while (bufferSize < neededSize); -+/* BEGIN MOZILLA CHANGE (prevent infinite loop on overflow) */ -+ } while (bufferSize < neededSize && bufferSize > 0); -+/* END MOZILLA CHANGE */ -+/* BEGIN MOZILLA CHANGE (sanity check bufferSize) */ -+ if (bufferSize <= 0) { -+ errorCode = XML_ERROR_NO_MEMORY; -+ return NULL; -+ } -+/* END MOZILLA CHANGE */ - newBuf = (char *)MALLOC(bufferSize); - if (newBuf == 0) { - errorCode = XML_ERROR_NO_MEMORY; - return NULL; - } - bufferLim = newBuf + bufferSize; - #ifdef XML_CONTEXT_BYTES - if (bufferPtr) { - - - - diff --git a/gnu/packages/patches/glibc-CVE-2015-7547.patch b/gnu/packages/patches/glibc-CVE-2015-7547.patch deleted file mode 100644 index 9a0909af74..0000000000 --- a/gnu/packages/patches/glibc-CVE-2015-7547.patch +++ /dev/null @@ -1,559 +0,0 @@ -Copied from Fedora: -http://pkgs.fedoraproject.org/cgit/rpms/glibc.git/tree/glibc-CVE-2015-7547.patch?h=f23&id=9f1734eb6ce3257b788d6e9203572e8204c6c584 - -Adapted to apply cleanly to glibc-2.22. - -Index: b/resolv/nss_dns/dns-host.c -=================================================================== ---- a/resolv/nss_dns/dns-host.c -+++ b/resolv/nss_dns/dns-host.c -@@ -1031,7 +1031,10 @@ gaih_getanswer_slice (const querybuf *an - int h_namelen = 0; - - if (ancount == 0) -- return NSS_STATUS_NOTFOUND; -+ { -+ *h_errnop = HOST_NOT_FOUND; -+ return NSS_STATUS_NOTFOUND; -+ } - - while (ancount-- > 0 && cp < end_of_message && had_error == 0) - { -@@ -1208,7 +1211,14 @@ gaih_getanswer_slice (const querybuf *an - /* Special case here: if the resolver sent a result but it only - contains a CNAME while we are looking for a T_A or T_AAAA record, - we fail with NOTFOUND instead of TRYAGAIN. */ -- return canon == NULL ? NSS_STATUS_TRYAGAIN : NSS_STATUS_NOTFOUND; -+ if (canon != NULL) -+ { -+ *h_errnop = HOST_NOT_FOUND; -+ return NSS_STATUS_NOTFOUND; -+ } -+ -+ *h_errnop = NETDB_INTERNAL; -+ return NSS_STATUS_TRYAGAIN; - } - - -@@ -1222,11 +1232,101 @@ gaih_getanswer (const querybuf *answer1, - - enum nss_status status = NSS_STATUS_NOTFOUND; - -+ /* Combining the NSS status of two distinct queries requires some -+ compromise and attention to symmetry (A or AAAA queries can be -+ returned in any order). What follows is a breakdown of how this -+ code is expected to work and why. We discuss only SUCCESS, -+ TRYAGAIN, NOTFOUND and UNAVAIL, since they are the only returns -+ that apply (though RETURN and MERGE exist). We make a distinction -+ between TRYAGAIN (recoverable) and TRYAGAIN' (not-recoverable). -+ A recoverable TRYAGAIN is almost always due to buffer size issues -+ and returns ERANGE in errno and the caller is expected to retry -+ with a larger buffer. -+ -+ Lastly, you may be tempted to make significant changes to the -+ conditions in this code to bring about symmetry between responses. -+ Please don't change anything without due consideration for -+ expected application behaviour. Some of the synthesized responses -+ aren't very well thought out and sometimes appear to imply that -+ IPv4 responses are always answer 1, and IPv6 responses are always -+ answer 2, but that's not true (see the implemetnation of send_dg -+ and send_vc to see response can arrive in any order, particlarly -+ for UDP). However, we expect it holds roughly enough of the time -+ that this code works, but certainly needs to be fixed to make this -+ a more robust implementation. -+ -+ ---------------------------------------------- -+ | Answer 1 Status / | Synthesized | Reason | -+ | Answer 2 Status | Status | | -+ |--------------------------------------------| -+ | SUCCESS/SUCCESS | SUCCESS | [1] | -+ | SUCCESS/TRYAGAIN | TRYAGAIN | [5] | -+ | SUCCESS/TRYAGAIN' | SUCCESS | [1] | -+ | SUCCESS/NOTFOUND | SUCCESS | [1] | -+ | SUCCESS/UNAVAIL | SUCCESS | [1] | -+ | TRYAGAIN/SUCCESS | TRYAGAIN | [2] | -+ | TRYAGAIN/TRYAGAIN | TRYAGAIN | [2] | -+ | TRYAGAIN/TRYAGAIN' | TRYAGAIN | [2] | -+ | TRYAGAIN/NOTFOUND | TRYAGAIN | [2] | -+ | TRYAGAIN/UNAVAIL | TRYAGAIN | [2] | -+ | TRYAGAIN'/SUCCESS | SUCCESS | [3] | -+ | TRYAGAIN'/TRYAGAIN | TRYAGAIN | [3] | -+ | TRYAGAIN'/TRYAGAIN' | TRYAGAIN' | [3] | -+ | TRYAGAIN'/NOTFOUND | TRYAGAIN' | [3] | -+ | TRYAGAIN'/UNAVAIL | UNAVAIL | [3] | -+ | NOTFOUND/SUCCESS | SUCCESS | [3] | -+ | NOTFOUND/TRYAGAIN | TRYAGAIN | [3] | -+ | NOTFOUND/TRYAGAIN' | TRYAGAIN' | [3] | -+ | NOTFOUND/NOTFOUND | NOTFOUND | [3] | -+ | NOTFOUND/UNAVAIL | UNAVAIL | [3] | -+ | UNAVAIL/SUCCESS | UNAVAIL | [4] | -+ | UNAVAIL/TRYAGAIN | UNAVAIL | [4] | -+ | UNAVAIL/TRYAGAIN' | UNAVAIL | [4] | -+ | UNAVAIL/NOTFOUND | UNAVAIL | [4] | -+ | UNAVAIL/UNAVAIL | UNAVAIL | [4] | -+ ---------------------------------------------- -+ -+ [1] If the first response is a success we return success. -+ This ignores the state of the second answer and in fact -+ incorrectly sets errno and h_errno to that of the second -+ answer. However because the response is a success we ignore -+ *errnop and *h_errnop (though that means you touched errno on -+ success). We are being conservative here and returning the -+ likely IPv4 response in the first answer as a success. -+ -+ [2] If the first response is a recoverable TRYAGAIN we return -+ that instead of looking at the second response. The -+ expectation here is that we have failed to get an IPv4 response -+ and should retry both queries. -+ -+ [3] If the first response was not a SUCCESS and the second -+ response is not NOTFOUND (had a SUCCESS, need to TRYAGAIN, -+ or failed entirely e.g. TRYAGAIN' and UNAVAIL) then use the -+ result from the second response, otherwise the first responses -+ status is used. Again we have some odd side-effects when the -+ second response is NOTFOUND because we overwrite *errnop and -+ *h_errnop that means that a first answer of NOTFOUND might see -+ its *errnop and *h_errnop values altered. Whether it matters -+ in practice that a first response NOTFOUND has the wrong -+ *errnop and *h_errnop is undecided. -+ -+ [4] If the first response is UNAVAIL we return that instead of -+ looking at the second response. The expectation here is that -+ it will have failed similarly e.g. configuration failure. -+ -+ [5] Testing this code is complicated by the fact that truncated -+ second response buffers might be returned as SUCCESS if the -+ first answer is a SUCCESS. To fix this we add symmetry to -+ TRYAGAIN with the second response. If the second response -+ is a recoverable error we now return TRYAGIN even if the first -+ response was SUCCESS. */ -+ - if (anslen1 > 0) - status = gaih_getanswer_slice(answer1, anslen1, qname, - &pat, &buffer, &buflen, - errnop, h_errnop, ttlp, - &first); -+ - if ((status == NSS_STATUS_SUCCESS || status == NSS_STATUS_NOTFOUND - || (status == NSS_STATUS_TRYAGAIN - /* We want to look at the second answer in case of an -@@ -1242,8 +1342,15 @@ gaih_getanswer (const querybuf *answer1, - &pat, &buffer, &buflen, - errnop, h_errnop, ttlp, - &first); -+ /* Use the second response status in some cases. */ - if (status != NSS_STATUS_SUCCESS && status2 != NSS_STATUS_NOTFOUND) - status = status2; -+ /* Do not return a truncated second response (unless it was -+ unavoidable e.g. unrecoverable TRYAGAIN). */ -+ if (status == NSS_STATUS_SUCCESS -+ && (status2 == NSS_STATUS_TRYAGAIN -+ && *errnop == ERANGE && *h_errnop != NO_RECOVERY)) -+ status = NSS_STATUS_TRYAGAIN; - } - - return status; -Index: b/resolv/res_query.c -=================================================================== ---- a/resolv/res_query.c -+++ b/resolv/res_query.c -@@ -396,6 +396,7 @@ __libc_res_nsearch(res_state statp, - { - free (*answerp2); - *answerp2 = NULL; -+ *nanswerp2 = 0; - *answerp2_malloced = 0; - } - } -@@ -447,6 +448,7 @@ __libc_res_nsearch(res_state statp, - { - free (*answerp2); - *answerp2 = NULL; -+ *nanswerp2 = 0; - *answerp2_malloced = 0; - } - -@@ -521,6 +523,7 @@ __libc_res_nsearch(res_state statp, - { - free (*answerp2); - *answerp2 = NULL; -+ *nanswerp2 = 0; - *answerp2_malloced = 0; - } - if (saved_herrno != -1) -Index: b/resolv/res_send.c -=================================================================== ---- a/resolv/res_send.c -+++ b/resolv/res_send.c -@@ -1,3 +1,20 @@ -+/* Copyright (C) 2016 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ - /* - * Copyright (c) 1985, 1989, 1993 - * The Regents of the University of California. All rights reserved. -@@ -361,6 +378,8 @@ __libc_res_nsend(res_state statp, const - #ifdef USE_HOOKS - if (__glibc_unlikely (statp->qhook || statp->rhook)) { - if (anssiz < MAXPACKET && ansp) { -+ /* Always allocate MAXPACKET, callers expect -+ this specific size. */ - u_char *buf = malloc (MAXPACKET); - if (buf == NULL) - return (-1); -@@ -660,6 +679,77 @@ libresolv_hidden_def (res_nsend) - - /* Private */ - -+/* The send_vc function is responsible for sending a DNS query over TCP -+ to the nameserver numbered NS from the res_state STATP i.e. -+ EXT(statp).nssocks[ns]. The function supports sending both IPv4 and -+ IPv6 queries at the same serially on the same socket. -+ -+ Please note that for TCP there is no way to disable sending both -+ queries, unlike UDP, which honours RES_SNGLKUP and RES_SNGLKUPREOP -+ and sends the queries serially and waits for the result after each -+ sent query. This implemetnation should be corrected to honour these -+ options. -+ -+ Please also note that for TCP we send both queries over the same -+ socket one after another. This technically violates best practice -+ since the server is allowed to read the first query, respond, and -+ then close the socket (to service another client). If the server -+ does this, then the remaining second query in the socket data buffer -+ will cause the server to send the client an RST which will arrive -+ asynchronously and the client's OS will likely tear down the socket -+ receive buffer resulting in a potentially short read and lost -+ response data. This will force the client to retry the query again, -+ and this process may repeat until all servers and connection resets -+ are exhausted and then the query will fail. It's not known if this -+ happens with any frequency in real DNS server implementations. This -+ implementation should be corrected to use two sockets by default for -+ parallel queries. -+ -+ The query stored in BUF of BUFLEN length is sent first followed by -+ the query stored in BUF2 of BUFLEN2 length. Queries are sent -+ serially on the same socket. -+ -+ Answers to the query are stored firstly in *ANSP up to a max of -+ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP -+ is non-NULL (to indicate that modifying the answer buffer is allowed) -+ then malloc is used to allocate a new response buffer and ANSCP and -+ ANSP will both point to the new buffer. If more than *ANSSIZP bytes -+ are needed but ANSCP is NULL, then as much of the response as -+ possible is read into the buffer, but the results will be truncated. -+ When truncation happens because of a small answer buffer the DNS -+ packets header feild TC will bet set to 1, indicating a truncated -+ message and the rest of the socket data will be read and discarded. -+ -+ Answers to the query are stored secondly in *ANSP2 up to a max of -+ *ANSSIZP2 bytes, with the actual response length stored in -+ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2 -+ is non-NULL (required for a second query) then malloc is used to -+ allocate a new response buffer, *ANSSIZP2 is set to the new buffer -+ size and *ANSP2_MALLOCED is set to 1. -+ -+ The ANSP2_MALLOCED argument will eventually be removed as the -+ change in buffer pointer can be used to detect the buffer has -+ changed and that the caller should use free on the new buffer. -+ -+ Note that the answers may arrive in any order from the server and -+ therefore the first and second answer buffers may not correspond to -+ the first and second queries. -+ -+ It is not supported to call this function with a non-NULL ANSP2 -+ but a NULL ANSCP. Put another way, you can call send_vc with a -+ single unmodifiable buffer or two modifiable buffers, but no other -+ combination is supported. -+ -+ It is the caller's responsibility to free the malloc allocated -+ buffers by detecting that the pointers have changed from their -+ original values i.e. *ANSCP or *ANSP2 has changed. -+ -+ If errors are encountered then *TERRNO is set to an appropriate -+ errno value and a zero result is returned for a recoverable error, -+ and a less-than zero result is returned for a non-recoverable error. -+ -+ If no errors are encountered then *TERRNO is left unmodified and -+ a the length of the first response in bytes is returned. */ - static int - send_vc(res_state statp, - const u_char *buf, int buflen, const u_char *buf2, int buflen2, -@@ -669,11 +759,7 @@ send_vc(res_state statp, - { - const HEADER *hp = (HEADER *) buf; - const HEADER *hp2 = (HEADER *) buf2; -- u_char *ans = *ansp; -- int orig_anssizp = *anssizp; -- // XXX REMOVE -- // int anssiz = *anssizp; -- HEADER *anhp = (HEADER *) ans; -+ HEADER *anhp = (HEADER *) *ansp; - struct sockaddr *nsap = get_nsaddr (statp, ns); - int truncating, connreset, n; - /* On some architectures compiler might emit a warning indicating -@@ -766,6 +852,8 @@ send_vc(res_state statp, - * Receive length & response - */ - int recvresp1 = 0; -+ /* Skip the second response if there is no second query. -+ To do that we mark the second response as received. */ - int recvresp2 = buf2 == NULL; - uint16_t rlen16; - read_len: -@@ -802,40 +890,14 @@ send_vc(res_state statp, - u_char **thisansp; - int *thisresplenp; - if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) { -+ /* We have not received any responses -+ yet or we only have one response to -+ receive. */ - thisanssizp = anssizp; - thisansp = anscp ?: ansp; - assert (anscp != NULL || ansp2 == NULL); - thisresplenp = &resplen; - } else { -- if (*anssizp != MAXPACKET) { -- /* No buffer allocated for the first -- reply. We can try to use the rest -- of the user-provided buffer. */ --#if __GNUC_PREREQ (4, 7) -- DIAG_PUSH_NEEDS_COMMENT; -- DIAG_IGNORE_NEEDS_COMMENT (5, "-Wmaybe-uninitialized"); --#endif --#if _STRING_ARCH_unaligned -- *anssizp2 = orig_anssizp - resplen; -- *ansp2 = *ansp + resplen; --#else -- int aligned_resplen -- = ((resplen + __alignof__ (HEADER) - 1) -- & ~(__alignof__ (HEADER) - 1)); -- *anssizp2 = orig_anssizp - aligned_resplen; -- *ansp2 = *ansp + aligned_resplen; --#endif --#if __GNUC_PREREQ (4, 7) -- DIAG_POP_NEEDS_COMMENT; --#endif -- } else { -- /* The first reply did not fit into the -- user-provided buffer. Maybe the second -- answer will. */ -- *anssizp2 = orig_anssizp; -- *ansp2 = *ansp; -- } -- - thisanssizp = anssizp2; - thisansp = ansp2; - thisresplenp = resplen2; -@@ -843,10 +905,14 @@ send_vc(res_state statp, - anhp = (HEADER *) *thisansp; - - *thisresplenp = rlen; -- if (rlen > *thisanssizp) { -- /* Yes, we test ANSCP here. If we have two buffers -- both will be allocatable. */ -- if (__glibc_likely (anscp != NULL)) { -+ /* Is the answer buffer too small? */ -+ if (*thisanssizp < rlen) { -+ /* If the current buffer is non-NULL and it's not -+ pointing at the static user-supplied buffer then -+ we can reallocate it. */ -+ if (thisansp != NULL && thisansp != ansp) { -+ /* Always allocate MAXPACKET, callers expect -+ this specific size. */ - u_char *newp = malloc (MAXPACKET); - if (newp == NULL) { - *terrno = ENOMEM; -@@ -858,6 +924,9 @@ send_vc(res_state statp, - if (thisansp == ansp2) - *ansp2_malloced = 1; - anhp = (HEADER *) newp; -+ /* A uint16_t can't be larger than MAXPACKET -+ thus it's safe to allocate MAXPACKET but -+ read RLEN bytes instead. */ - len = rlen; - } else { - Dprint(statp->options & RES_DEBUG, -@@ -1021,6 +1090,66 @@ reopen (res_state statp, int *terrno, in - return 1; - } - -+/* The send_dg function is responsible for sending a DNS query over UDP -+ to the nameserver numbered NS from the res_state STATP i.e. -+ EXT(statp).nssocks[ns]. The function supports IPv4 and IPv6 queries -+ along with the ability to send the query in parallel for both stacks -+ (default) or serially (RES_SINGLKUP). It also supports serial lookup -+ with a close and reopen of the socket used to talk to the server -+ (RES_SNGLKUPREOP) to work around broken name servers. -+ -+ The query stored in BUF of BUFLEN length is sent first followed by -+ the query stored in BUF2 of BUFLEN2 length. Queries are sent -+ in parallel (default) or serially (RES_SINGLKUP or RES_SNGLKUPREOP). -+ -+ Answers to the query are stored firstly in *ANSP up to a max of -+ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP -+ is non-NULL (to indicate that modifying the answer buffer is allowed) -+ then malloc is used to allocate a new response buffer and ANSCP and -+ ANSP will both point to the new buffer. If more than *ANSSIZP bytes -+ are needed but ANSCP is NULL, then as much of the response as -+ possible is read into the buffer, but the results will be truncated. -+ When truncation happens because of a small answer buffer the DNS -+ packets header feild TC will bet set to 1, indicating a truncated -+ message, while the rest of the UDP packet is discarded. -+ -+ Answers to the query are stored secondly in *ANSP2 up to a max of -+ *ANSSIZP2 bytes, with the actual response length stored in -+ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2 -+ is non-NULL (required for a second query) then malloc is used to -+ allocate a new response buffer, *ANSSIZP2 is set to the new buffer -+ size and *ANSP2_MALLOCED is set to 1. -+ -+ The ANSP2_MALLOCED argument will eventually be removed as the -+ change in buffer pointer can be used to detect the buffer has -+ changed and that the caller should use free on the new buffer. -+ -+ Note that the answers may arrive in any order from the server and -+ therefore the first and second answer buffers may not correspond to -+ the first and second queries. -+ -+ It is not supported to call this function with a non-NULL ANSP2 -+ but a NULL ANSCP. Put another way, you can call send_vc with a -+ single unmodifiable buffer or two modifiable buffers, but no other -+ combination is supported. -+ -+ It is the caller's responsibility to free the malloc allocated -+ buffers by detecting that the pointers have changed from their -+ original values i.e. *ANSCP or *ANSP2 has changed. -+ -+ If an answer is truncated because of UDP datagram DNS limits then -+ *V_CIRCUIT is set to 1 and the return value non-zero to indicate to -+ the caller to retry with TCP. The value *GOTSOMEWHERE is set to 1 -+ if any progress was made reading a response from the nameserver and -+ is used by the caller to distinguish between ECONNREFUSED and -+ ETIMEDOUT (the latter if *GOTSOMEWHERE is 1). -+ -+ If errors are encountered then *TERRNO is set to an appropriate -+ errno value and a zero result is returned for a recoverable error, -+ and a less-than zero result is returned for a non-recoverable error. -+ -+ If no errors are encountered then *TERRNO is left unmodified and -+ a the length of the first response in bytes is returned. */ - static int - send_dg(res_state statp, - const u_char *buf, int buflen, const u_char *buf2, int buflen2, -@@ -1030,8 +1159,6 @@ send_dg(res_state statp, - { - const HEADER *hp = (HEADER *) buf; - const HEADER *hp2 = (HEADER *) buf2; -- u_char *ans = *ansp; -- int orig_anssizp = *anssizp; - struct timespec now, timeout, finish; - struct pollfd pfd[1]; - int ptimeout; -@@ -1064,6 +1191,8 @@ send_dg(res_state statp, - int need_recompute = 0; - int nwritten = 0; - int recvresp1 = 0; -+ /* Skip the second response if there is no second query. -+ To do that we mark the second response as received. */ - int recvresp2 = buf2 == NULL; - pfd[0].fd = EXT(statp).nssocks[ns]; - pfd[0].events = POLLOUT; -@@ -1227,55 +1356,56 @@ send_dg(res_state statp, - int *thisresplenp; - - if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) { -+ /* We have not received any responses -+ yet or we only have one response to -+ receive. */ - thisanssizp = anssizp; - thisansp = anscp ?: ansp; - assert (anscp != NULL || ansp2 == NULL); - thisresplenp = &resplen; - } else { -- if (*anssizp != MAXPACKET) { -- /* No buffer allocated for the first -- reply. We can try to use the rest -- of the user-provided buffer. */ --#if _STRING_ARCH_unaligned -- *anssizp2 = orig_anssizp - resplen; -- *ansp2 = *ansp + resplen; --#else -- int aligned_resplen -- = ((resplen + __alignof__ (HEADER) - 1) -- & ~(__alignof__ (HEADER) - 1)); -- *anssizp2 = orig_anssizp - aligned_resplen; -- *ansp2 = *ansp + aligned_resplen; --#endif -- } else { -- /* The first reply did not fit into the -- user-provided buffer. Maybe the second -- answer will. */ -- *anssizp2 = orig_anssizp; -- *ansp2 = *ansp; -- } -- - thisanssizp = anssizp2; - thisansp = ansp2; - thisresplenp = resplen2; - } - - if (*thisanssizp < MAXPACKET -- /* Yes, we test ANSCP here. If we have two buffers -- both will be allocatable. */ -- && anscp -+ /* If the current buffer is non-NULL and it's not -+ pointing at the static user-supplied buffer then -+ we can reallocate it. */ -+ && (thisansp != NULL && thisansp != ansp) - #ifdef FIONREAD -+ /* Is the size too small? */ - && (ioctl (pfd[0].fd, FIONREAD, thisresplenp) < 0 - || *thisanssizp < *thisresplenp) - #endif - ) { -+ /* Always allocate MAXPACKET, callers expect -+ this specific size. */ - u_char *newp = malloc (MAXPACKET); - if (newp != NULL) { -- *anssizp = MAXPACKET; -- *thisansp = ans = newp; -+ *thisanssizp = MAXPACKET; -+ *thisansp = newp; - if (thisansp == ansp2) - *ansp2_malloced = 1; - } - } -+ /* We could end up with truncation if anscp was NULL -+ (not allowed to change caller's buffer) and the -+ response buffer size is too small. This isn't a -+ reliable way to detect truncation because the ioctl -+ may be an inaccurate report of the UDP message size. -+ Therefore we use this only to issue debug output. -+ To do truncation accurately with UDP we need -+ MSG_TRUNC which is only available on Linux. We -+ can abstract out the Linux-specific feature in the -+ future to detect truncation. */ -+ if (__glibc_unlikely (*thisanssizp < *thisresplenp)) { -+ Dprint(statp->options & RES_DEBUG, -+ (stdout, ";; response may be truncated (UDP)\n") -+ ); -+ } -+ - HEADER *anhp = (HEADER *) *thisansp; - socklen_t fromlen = sizeof(struct sockaddr_in6); - assert (sizeof(from) <= fromlen); diff --git a/gnu/packages/patches/glibc-hurd-extern-inline.patch b/gnu/packages/patches/glibc-hurd-extern-inline.patch deleted file mode 100644 index a609b1f54a..0000000000 --- a/gnu/packages/patches/glibc-hurd-extern-inline.patch +++ /dev/null @@ -1,35 +0,0 @@ -This changes the way _EXTERN_INLINE is defined so we can -avoid external definition errors. -https://lists.gnu.org/archive/html/bug-hurd/2014-04/msg00002.html - -diff --git a/signal/sigsetops.c b/signal/sigsetops.c -index 0317662..b92c296 100644 ---- a/signal/sigsetops.c -+++ b/signal/sigsetops.c -@@ -3,7 +3,9 @@ - - #include - --#define _EXTERN_INLINE -+#ifndef _EXTERN_INLINE -+#define _EXTERN_INLINE __extern_inline -+#endif - #ifndef __USE_EXTERN_INLINES - # define __USE_EXTERN_INLINES 1 - #endif - -Link libmachuser and libhurduser automatically with libc, since they are -considered a standard part of the API in GNU-land. - ---- a/Makerules -+++ b/Makerules -@@ -978,6 +978,9 @@ - '$(libdir)/$(patsubst %,$(libtype.oS),$(libprefix)$(libc-name))'\ - ' AS_NEEDED (' $(rtlddir)/$(rtld-installed-name) ') )' \ - ) > $@.new -+ifeq ($(patsubst gnu%,,$(config-os)),) -+ echo 'INPUT ( AS_NEEDED ( -lmachuser -lhurduser ) )' >> $@.new -+endif - mv -f $@.new $@ - - endif \ No newline at end of file diff --git a/gnu/packages/patches/glibc-locale-incompatibility.patch b/gnu/packages/patches/glibc-locale-incompatibility.patch deleted file mode 100644 index baf30a79a7..0000000000 --- a/gnu/packages/patches/glibc-locale-incompatibility.patch +++ /dev/null @@ -1,23 +0,0 @@ -This patch avoids an assertion failure when incompatible locale data -is encountered: - - https://sourceware.org/ml/libc-alpha/2015-09/msg00575.html - ---- glibc-2.22/locale/loadlocale.c 2015-09-22 17:16:02.321981548 +0200 -+++ glibc-2.22/locale/loadlocale.c 2015-09-22 17:17:34.814659064 +0200 -@@ -120,10 +120,11 @@ - _nl_value_type_LC_XYZ array. There are all pointers. */ - switch (category) - { --#define CATTEST(cat) \ -- case LC_##cat: \ -- assert (cnt < (sizeof (_nl_value_type_LC_##cat) \ -- / sizeof (_nl_value_type_LC_##cat[0]))); \ -+#define CATTEST(cat) \ -+ case LC_##cat: \ -+ if (cnt >= (sizeof (_nl_value_type_LC_##cat) \ -+ / sizeof (_nl_value_type_LC_##cat[0]))) \ -+ goto puntdata; \ - break - CATTEST (NUMERIC); - CATTEST (TIME); diff --git a/gnu/packages/patches/glibc-locales.patch b/gnu/packages/patches/glibc-locales.patch index 1bcf12bf6f..3a125e845e 100644 --- a/gnu/packages/patches/glibc-locales.patch +++ b/gnu/packages/patches/glibc-locales.patch @@ -5,8 +5,8 @@ in a package separate from glibc. 2. Use '--no-archive' to avoid building the big locale archive, and because the already-built 'localedef' would want to write it to '/run/current-system/locale', which is not possible. - 3. Pass $(localedir)/$$locale to install files in the right place, and - because otherwise, 'localedef' fails with: + 3. Pass $(inst_complocaledir)/$$locale to install files in the right + place, and because otherwise, 'localedef' fails with: "cannot write output files to `(null)'". --- glibc-2.22/localedata/Makefile 1970-01-01 01:00:00.000000000 +0100 @@ -25,7 +25,7 @@ in a package separate from glibc. $(LOCALEDEF) --alias-file=../intl/locale.alias \ -i locales/$$input -c -f charmaps/$$charset \ - $(addprefix --prefix=,$(install_root)) $$locale \ -+ $(addprefix --prefix=,$(install_root)) $(localedir)/$$locale \ ++ $(addprefix --prefix=,$(install_root)) $(inst_complocaledir)/$$locale \ && echo ' done'; \ tst-setlocale-ENV = LC_ALL=ja_JP.EUC-JP diff --git a/gnu/packages/patches/libarchive-CVE-2013-0211.patch b/gnu/packages/patches/libarchive-CVE-2013-0211.patch deleted file mode 100644 index b024a7d4a8..0000000000 --- a/gnu/packages/patches/libarchive-CVE-2013-0211.patch +++ /dev/null @@ -1,21 +0,0 @@ -Description: Fix CVE-2013-0211: read buffer overflow on 64-bit systems -Origin: upstream -Bug-Debian: http://bugs.debian.org/703957 -Forwarded: not-needed - ---- libarchive-3.0.4.orig/libarchive/archive_write.c -+++ libarchive-3.0.4/libarchive/archive_write.c -@@ -665,8 +665,13 @@ static ssize_t - _archive_write_data(struct archive *_a, const void *buff, size_t s) - { - struct archive_write *a = (struct archive_write *)_a; -+ const size_t max_write = INT_MAX; -+ - archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC, - ARCHIVE_STATE_DATA, "archive_write_data"); -+ /* In particular, this catches attempts to pass negative values. */ -+ if (s > max_write) -+ s = max_write; - archive_clear_error(&a->archive); - return ((a->format_write_data)(a, buff, s)); - } diff --git a/gnu/packages/patches/libarchive-CVE-2016-1541.patch b/gnu/packages/patches/libarchive-CVE-2016-1541.patch deleted file mode 100644 index 6ac8773244..0000000000 --- a/gnu/packages/patches/libarchive-CVE-2016-1541.patch +++ /dev/null @@ -1,67 +0,0 @@ -Fix CVE-2016-1541 (buffer overflow zip_read_mac_metadata) - -Taken from upstream source repository: -https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7 - -When reading OS X metadata entries in Zip archives that were stored -without compression, libarchive would use the uncompressed entry size -to allocate a buffer but would use the compressed entry size to limit -the amount of data copied into that buffer. Since the compressed -and uncompressed sizes are provided by data in the archive itself, -an attacker could manipulate these values to write data beyond -the end of the allocated buffer. - -This fix provides three new checks to guard against such -manipulation and to make libarchive generally more robust when -handling this type of entry: - 1. If an OS X metadata entry is stored without compression, - abort the entire archive if the compressed and uncompressed - data sizes do not match. - 2. When sanity-checking the size of an OS X metadata entry, - abort this entry if either the compressed or uncompressed - size is larger than 4MB. - 3. When copying data into the allocated buffer, check the copy - size against both the compressed entry size and uncompressed - entry size. ---- - libarchive/archive_read_support_format_zip.c | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - -diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c -index 0f8262c..0a0be96 100644 ---- a/libarchive/archive_read_support_format_zip.c -+++ b/libarchive/archive_read_support_format_zip.c -@@ -2778,6 +2778,11 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry, - - switch(rsrc->compression) { - case 0: /* No compression. */ -+ if (rsrc->uncompressed_size != rsrc->compressed_size) { -+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, -+ "Malformed OS X metadata entry: inconsistent size"); -+ return (ARCHIVE_FATAL); -+ } - #ifdef HAVE_ZLIB_H - case 8: /* Deflate compression. */ - #endif -@@ -2798,6 +2803,12 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry, - (intmax_t)rsrc->uncompressed_size); - return (ARCHIVE_WARN); - } -+ if (rsrc->compressed_size > (4 * 1024 * 1024)) { -+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, -+ "Mac metadata is too large: %jd > 4M bytes", -+ (intmax_t)rsrc->compressed_size); -+ return (ARCHIVE_WARN); -+ } - - metadata = malloc((size_t)rsrc->uncompressed_size); - if (metadata == NULL) { -@@ -2836,6 +2847,8 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry, - bytes_avail = remaining_bytes; - switch(rsrc->compression) { - case 0: /* No compression. */ -+ if ((size_t)bytes_avail > metadata_bytes) -+ bytes_avail = metadata_bytes; - memcpy(mp, p, bytes_avail); - bytes_used = (size_t)bytes_avail; - metadata_bytes -= bytes_used; diff --git a/gnu/packages/patches/libarchive-bsdtar-test.patch b/gnu/packages/patches/libarchive-bsdtar-test.patch deleted file mode 100644 index 6a533a9a07..0000000000 --- a/gnu/packages/patches/libarchive-bsdtar-test.patch +++ /dev/null @@ -1,74 +0,0 @@ -commit b539b2e597b566fe3c4b49cb61c9eef83e5e052d -Author: Pavel Raiskup -Date: Thu Jun 27 16:01:30 2013 +0200 - - Use ustar format in the test_option_b test - - .. because the ustar archive does not store SELinux context. As the default - format for bsdtar is "restricted pax" (trying to store xattrs and other - things by default), the test failed on Fedora because our files have by - default SELinux context set. This results in additional data in tested - archive ~> and the test failed because the archive was unexpectedly big: - - tar/test/test_option_b.c:41: File archive1.tar has size 3072, expected 2048 - - Reviewed by Konrad Kleine - -diff --git a/tar/test/test_option_b.c b/tar/test/test_option_b.c -index be2ae65..6fea474 100644 ---- a/tar/test/test_option_b.c -+++ b/tar/test/test_option_b.c -@@ -25,8 +25,14 @@ - #include "test.h" - __FBSDID("$FreeBSD$"); - -+#define USTAR_OPT " --format=ustar" -+ - DEFINE_TEST(test_option_b) - { -+ char *testprog_ustar = malloc(strlen(testprog) + sizeof(USTAR_OPT) + 1); -+ strcpy(testprog_ustar, testprog); -+ strcat(testprog_ustar, USTAR_OPT); -+ - assertMakeFile("file1", 0644, "file1"); - if (systemf("cat file1 > test_cat.out 2> test_cat.err") != 0) { - skipping("Platform doesn't have cat"); -@@ -36,7 +42,7 @@ DEFINE_TEST(test_option_b) - /* - * Bsdtar does not pad if the output is going directly to a disk file. - */ -- assertEqualInt(0, systemf("%s -cf archive1.tar file1 >test1.out 2>test1.err", testprog)); -+ assertEqualInt(0, systemf("%s -cf archive1.tar file1 >test1.out 2>test1.err", testprog_ustar)); - failure("bsdtar does not pad archives written directly to regular files"); - assertFileSize("archive1.tar", 2048); - assertEmptyFile("test1.out"); -@@ -46,24 +52,24 @@ DEFINE_TEST(test_option_b) - * Bsdtar does pad to the block size if the output is going to a socket. - */ - /* Default is -b 20 */ -- assertEqualInt(0, systemf("%s -cf - file1 2>test2.err | cat >archive2.tar ", testprog)); -+ assertEqualInt(0, systemf("%s -cf - file1 2>test2.err | cat >archive2.tar ", testprog_ustar)); - failure("bsdtar does pad archives written to pipes"); - assertFileSize("archive2.tar", 10240); - assertEmptyFile("test2.err"); - -- assertEqualInt(0, systemf("%s -cf - -b 20 file1 2>test3.err | cat >archive3.tar ", testprog)); -+ assertEqualInt(0, systemf("%s -cf - -b 20 file1 2>test3.err | cat >archive3.tar ", testprog_ustar)); - assertFileSize("archive3.tar", 10240); - assertEmptyFile("test3.err"); - -- assertEqualInt(0, systemf("%s -cf - -b 10 file1 2>test4.err | cat >archive4.tar ", testprog)); -+ assertEqualInt(0, systemf("%s -cf - -b 10 file1 2>test4.err | cat >archive4.tar ", testprog_ustar)); - assertFileSize("archive4.tar", 5120); - assertEmptyFile("test4.err"); - -- assertEqualInt(0, systemf("%s -cf - -b 1 file1 2>test5.err | cat >archive5.tar ", testprog)); -+ assertEqualInt(0, systemf("%s -cf - -b 1 file1 2>test5.err | cat >archive5.tar ", testprog_ustar)); - assertFileSize("archive5.tar", 2048); - assertEmptyFile("test5.err"); - -- assertEqualInt(0, systemf("%s -cf - -b 8192 file1 2>test6.err | cat >archive6.tar ", testprog)); -+ assertEqualInt(0, systemf("%s -cf - -b 8192 file1 2>test6.err | cat >archive6.tar ", testprog_ustar)); - assertFileSize("archive6.tar", 4194304); - assertEmptyFile("test6.err"); - diff --git a/gnu/packages/patches/libarchive-fix-lzo-test-case.patch b/gnu/packages/patches/libarchive-fix-lzo-test-case.patch deleted file mode 100644 index ffdc0db922..0000000000 --- a/gnu/packages/patches/libarchive-fix-lzo-test-case.patch +++ /dev/null @@ -1,83 +0,0 @@ -Description: This patch fixes test cases for LZO write support in various - architectures, such as armhf. Writing a certain amount of files would - cause the LZO compressor level 9 to produce a bigger archive than the - default compressor level. -Author: Andres Mejia - ---- a/libarchive/test/test_write_filter_lzop.c -+++ b/libarchive/test/test_write_filter_lzop.c -@@ -39,7 +39,7 @@ - size_t buffsize, datasize; - char path[16]; - size_t used1, used2; -- int i, r, use_prog = 0; -+ int i, r, use_prog = 0, filecount; - - assert((a = archive_write_new()) != NULL); - r = archive_write_add_filter_lzop(a); -@@ -58,9 +58,10 @@ - - datasize = 10000; - assert(NULL != (data = (char *)calloc(1, datasize))); -+ filecount = 10; - - /* -- * Write a 100 files and read them all back. -+ * Write a filecount files and read them all back. - */ - assert((a = archive_write_new()) != NULL); - assertEqualIntA(a, ARCHIVE_OK, archive_write_set_format_ustar(a)); -@@ -77,7 +78,7 @@ - assert((ae = archive_entry_new()) != NULL); - archive_entry_set_filetype(ae, AE_IFREG); - archive_entry_set_size(ae, datasize); -- for (i = 0; i < 100; i++) { -+ for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); - archive_entry_copy_pathname(ae, path); - assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae)); -@@ -97,7 +98,7 @@ - } else { - assertEqualIntA(a, ARCHIVE_OK, - archive_read_open_memory(a, buff, used1)); -- for (i = 0; i < 100; i++) { -+ for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); - if (!assertEqualInt(ARCHIVE_OK, - archive_read_next_header(a, &ae))) -@@ -133,7 +134,7 @@ - archive_write_set_options(a, "lzop:compression-level=9")); - assertEqualIntA(a, ARCHIVE_OK, - archive_write_open_memory(a, buff, buffsize, &used2)); -- for (i = 0; i < 100; i++) { -+ for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); - assert((ae = archive_entry_new()) != NULL); - archive_entry_copy_pathname(ae, path); -@@ -161,7 +162,7 @@ - archive_read_support_filter_all(a)); - assertEqualIntA(a, ARCHIVE_OK, - archive_read_open_memory(a, buff, used2)); -- for (i = 0; i < 100; i++) { -+ for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); - if (!assertEqualInt(ARCHIVE_OK, - archive_read_next_header(a, &ae))) -@@ -186,7 +187,7 @@ - archive_write_set_filter_option(a, NULL, "compression-level", "1")); - assertEqualIntA(a, ARCHIVE_OK, - archive_write_open_memory(a, buff, buffsize, &used2)); -- for (i = 0; i < 100; i++) { -+ for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); - assert((ae = archive_entry_new()) != NULL); - archive_entry_copy_pathname(ae, path); -@@ -216,7 +217,7 @@ - } else { - assertEqualIntA(a, ARCHIVE_OK, - archive_read_open_memory(a, buff, used2)); -- for (i = 0; i < 100; i++) { -+ for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); - if (!assertEqualInt(ARCHIVE_OK, - archive_read_next_header(a, &ae))) diff --git a/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch b/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch deleted file mode 100644 index ad94592c05..0000000000 --- a/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch +++ /dev/null @@ -1,18 +0,0 @@ -Description: Patch to fix filename length calculation when writing mtree archives. -Author: Dave Reisner -Origin: upstream - ---- a/libarchive/archive_write_set_format_mtree.c -+++ b/libarchive/archive_write_set_format_mtree.c -@@ -1855,9 +1855,9 @@ - return (ret); - } - -- /* Make a basename from dirname and slash */ -+ /* Make a basename from file->parentdir.s and slash */ - *slash = '\0'; -- file->parentdir.length = slash - dirname; -+ file->parentdir.length = slash - file->parentdir.s; - archive_strcpy(&(file->basename), slash + 1); - return (ret); - } diff --git a/gnu/packages/patches/libpthread-glibc-preparation.patch b/gnu/packages/patches/libpthread-glibc-preparation.patch deleted file mode 100644 index a43245436c..0000000000 --- a/gnu/packages/patches/libpthread-glibc-preparation.patch +++ /dev/null @@ -1,146 +0,0 @@ -This patch helps to integrate the Hurd's libpthread as a libc add-on. - -It writes the configure file, removes an rpc call not yet -implemented on the version of gnumach we use and defines -a missing macro. - -diff --git a/libpthread/configure b/libpthread/configure -new file mode 100644 -index 0000000..2cdbc71 ---- /dev/null -+++ b/libpthread/configure -@@ -0,0 +1,2 @@ -+libc_add_on_canonical=libpthread -+libc_add_on_subdirs=. --- -1.9.0 - -We are using a version of GNU Mach that lacks 'thread_terminate_release' -(not introduced yet). The 'thread_terminate' RPC call will be enough for -our needs. -See . - -diff --git a/libpthread/sysdeps/mach/pt-thread-terminate.c b/libpthread/sysdeps/mach/pt-thread-terminate.c -index 6672065..129a611 100644 ---- a/libpthread/sysdeps/mach/pt-thread-terminate.c -+++ b/libpthread/sysdeps/mach/pt-thread-terminate.c -@@ -70,9 +70,9 @@ __pthread_thread_terminate (struct __pthread *thread) - __mach_port_destroy (__mach_task_self (), wakeup_port); - - /* Terminate and release all that's left. */ -- err = __thread_terminate_release (kernel_thread, mach_task_self (), -- kernel_thread, reply_port, -- stackaddr, stacksize); -+ /* err = __thread_terminate_release (kernel_thread, mach_task_self (), */ -+ /* kernel_thread, reply_port, */ -+ /* stackaddr, stacksize); */ - - /* The kernel does not support it yet. Leak but at least terminate - correctly. */ --- -1.9.2 - -The __PTHREAD_SPIN_LOCK_INITIALIZER definition is missing, so we -define it to __SPIN_LOCK_INITIALIZER which already exists. -See . - -diff --git a/libpthread/sysdeps/mach/bits/spin-lock.h b/libpthread/sysdeps/mach/bits/spin-lock.h -index 537dac9..fca0e5a 100644 ---- a/libpthread/sysdeps/mach/bits/spin-lock.h -+++ b/libpthread/sysdeps/mach/bits/spin-lock.h -@@ -30,7 +30,7 @@ typedef __spin_lock_t __pthread_spinlock_t; - - /* Initializer for a spin lock object. */ - #ifndef __PTHREAD_SPIN_LOCK_INITIALIZER --#error __PTHREAD_SPIN_LOCK_INITIALIZER undefined: should be defined by . -+#define __PTHREAD_SPIN_LOCK_INITIALIZER __SPIN_LOCK_INITIALIZER - #endif - - __END_DECLS - -The version of the glibc we use doesn't include the shm-directory.c file and does -not yet support IS_IN. -See - -diff --git a/libpthread/Makefile b/libpthread/Makefile -index 2906788..b8dee58 100644 ---- a/libpthread/Makefile -+++ b/libpthread/Makefile -@@ -149,8 +149,6 @@ libpthread-routines := pt-attr pt-attr-destroy pt-attr-getdetachstate \ - sem-post sem-timedwait sem-trywait sem-unlink \ - sem-wait \ - \ -- shm-directory \ -- \ - cthreads-compat \ - $(SYSDEPS) - --- -2.3.6 - -diff --git a/libpthread/pthread/pt-create.c b/libpthread/pthread/pt-create.c -index d88afae..84044dc 100644 ---- a/libpthread/pthread/pt-create.c -+++ b/libpthread/pthread/pt-create.c -@@ -28,7 +28,7 @@ - - #include - --#if IS_IN (libpthread) -+#ifdef IS_IN_libpthread - # include - #endif - #ifdef HAVE_USELOCALE -@@ -50,7 +50,7 @@ entry_point (struct __pthread *self, void *(*start_routine)(void *), void *arg) - __resp = &self->res_state; - #endif - --#if IS_IN (libpthread) -+#ifdef IS_IN_libpthread - /* Initialize pointers to locale data. */ - __ctype_init (); - #endif -diff --git a/libpthread/pthread/pt-initialize.c b/libpthread/pthread/pt-initialize.c -index 9e5404b..b9cacbd 100644 ---- a/libpthread/pthread/pt-initialize.c -+++ b/libpthread/pthread/pt-initialize.c -@@ -28,7 +28,7 @@ - - DEFINE_HOOK (__pthread_init, (void)); - --#if IS_IN (libpthread) -+#ifdef IS_IN_libpthread - static const struct pthread_functions pthread_functions = - { - .ptr_pthread_attr_destroy = __pthread_attr_destroy, -@@ -81,7 +81,7 @@ static const struct pthread_functions pthread_functions = - void - ___pthread_init (void) - { --#if IS_IN (libpthread) -+#ifdef IS_IN_libpthread - __libc_pthread_init(&pthread_functions); - #endif - RUN_HOOK (__pthread_init, ()); -diff --git a/libpthread/pthread/pt-internal.h b/libpthread/pthread/pt-internal.h -index 18b5b4c..8cdcfce 100644 ---- a/libpthread/pthread/pt-internal.h -+++ b/libpthread/pthread/pt-internal.h -@@ -35,7 +35,7 @@ - #include - #include - --#if IS_IN (libpthread) -+#ifdef IS_IN_libpthread - # include - #endif - -@@ -60,7 +60,7 @@ enum pthread_state - # define PTHREAD_SYSDEP_MEMBERS - #endif - --#if !(IS_IN (libpthread)) -+#ifndef IS_IN_libpthread - #ifdef ENABLE_TLS - /* Type of the TCB. */ - typedef struct diff --git a/gnu/packages/patches/libxslt-CVE-2015-7995.patch b/gnu/packages/patches/libxslt-CVE-2015-7995.patch deleted file mode 100644 index f291d5b387..0000000000 --- a/gnu/packages/patches/libxslt-CVE-2015-7995.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 7ca19df892ca22d9314e95d59ce2abdeff46b617 Mon Sep 17 00:00:00 2001 -From: Daniel Veillard -Date: Thu, 29 Oct 2015 19:33:23 +0800 -Subject: [PATCH] Fix for type confusion in preprocessing attributes - -CVE-2015-7995 http://www.openwall.com/lists/oss-security/2015/10/27/10 -We need to check that the parent node is an element before dereferencing -its namespace ---- - libxslt/preproc.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/libxslt/preproc.c b/libxslt/preproc.c -index 0eb80a0..7f69325 100644 ---- a/libxslt/preproc.c -+++ b/libxslt/preproc.c -@@ -2249,7 +2249,8 @@ xsltStylePreCompute(xsltStylesheetPtr style, xmlNodePtr inst) { - } else if (IS_XSLT_NAME(inst, "attribute")) { - xmlNodePtr parent = inst->parent; - -- if ((parent == NULL) || (parent->ns == NULL) || -+ if ((parent == NULL) || -+ (parent->type != XML_ELEMENT_NODE) || (parent->ns == NULL) || - ((parent->ns != inst->ns) && - (!xmlStrEqual(parent->ns->href, inst->ns->href))) || - (!xmlStrEqual(parent->name, BAD_CAST "attribute-set"))) { --- -2.6.3 - diff --git a/gnu/packages/patches/libxslt-generated-ids.patch b/gnu/packages/patches/libxslt-generated-ids.patch new file mode 100644 index 0000000000..4273875c7c --- /dev/null +++ b/gnu/packages/patches/libxslt-generated-ids.patch @@ -0,0 +1,173 @@ +This makes generated IDs deterministic. + +Written by Daniel Veillard. + +This should be fixed in next release (2.29). +See https://bugzilla.gnome.org/show_bug.cgi?id=751621. + +diff --git a/libxslt/functions.c b/libxslt/functions.c +index 6448bde..5b00a6d 100644 +--- a/libxslt/functions.c ++++ b/libxslt/functions.c +@@ -651,6 +651,63 @@ xsltFormatNumberFunction(xmlXPathParserContextPtr ctxt, int nargs) + } + + /** ++ * xsltCleanupIds: ++ * @ctxt: the transformation context ++ * @root: the root of the resulting document ++ * ++ * This clean up ids which may have been saved in Element contents ++ * by xsltGenerateIdFunction() to provide stable IDs on elements. ++ * ++ * Returns the number of items cleaned or -1 in case of error ++ */ ++int ++xsltCleanupIds(xsltTransformContextPtr ctxt, xmlNodePtr root) { ++ xmlNodePtr cur; ++ int count = 0; ++ ++ if ((ctxt == NULL) || (root == NULL)) ++ return(-1); ++ if (root->type != XML_ELEMENT_NODE) ++ return(-1); ++ ++ cur = root; ++ while (cur != NULL) { ++ if (cur->type == XML_ELEMENT_NODE) { ++ if (cur->content != NULL) { ++ cur->content = NULL; ++ count++; ++ } ++ if (cur->children != NULL) { ++ cur = cur->children; ++ continue; ++ } ++ } ++ if (cur->next != NULL) { ++ cur = cur->next; ++ continue; ++ } ++ do { ++ cur = cur->parent; ++ if (cur == NULL) ++ break; ++ if (cur == (xmlNodePtr) root) { ++ cur = NULL; ++ break; ++ } ++ if (cur->next != NULL) { ++ cur = cur->next; ++ break; ++ } ++ } while (cur != NULL); ++ } ++ ++fprintf(stderr, "Attributed %d IDs for element, cleaned up %d\n", ++ ctxt->nextid, count); ++ ++ return(count); ++} ++ ++/** + * xsltGenerateIdFunction: + * @ctxt: the XPath Parser context + * @nargs: the number of arguments +@@ -701,7 +758,39 @@ xsltGenerateIdFunction(xmlXPathParserContextPtr ctxt, int nargs){ + if (obj) + xmlXPathFreeObject(obj); + +- val = (long)((char *)cur - (char *)&base_address); ++ /* ++ * Try to provide stable ID for generated document: ++ * - usually ID are computed to be placed on elements via attributes ++ * so using the element as the node for the ID ++ * - the cur->content should be a correct placeholder for this, we use ++ * it to hold element node numbers in xmlXPathOrderDocElems to ++ * speed up XPath too ++ * - xsltCleanupIds() clean them up before handing the XSLT output ++ * to the API client. ++ * - other nodes types use the node address method but that should ++ * not end up in resulting document ID ++ * - we can enable this by default without risk of performance issues ++ * only the one pass xsltCleanupIds() is added ++ */ ++ if (cur->type == XML_ELEMENT_NODE) { ++ if (cur->content == NULL) { ++ xsltTransformContextPtr tctxt; ++ ++ tctxt = xsltXPathGetTransformContext(ctxt); ++ if (tctxt == NULL) { ++ val = (long)((char *)cur - (char *)&base_address); ++ } else { ++ tctxt->nextid++; ++ val = tctxt->nextid; ++ cur->content = (void *) (val); ++ } ++ } else { ++ val = (long) cur->content; ++ } ++ } else { ++ val = (long)((char *)cur - (char *)&base_address); ++ } ++ + if (val >= 0) { + sprintf((char *)str, "idp%ld", val); + } else { +diff --git a/libxslt/functions.h b/libxslt/functions.h +index e0e0bf9..4a1e163 100644 +--- a/libxslt/functions.h ++++ b/libxslt/functions.h +@@ -64,6 +64,13 @@ XSLTPUBFUN void XSLTCALL + int nargs); + + /* ++ * Cleanup for ID generation ++ */ ++XSLTPUBFUN int XSLTCALL ++ xsltCleanupIds (xsltTransformContextPtr ctxt, ++ xmlNodePtr root); ++ ++/* + * And the registration + */ + +diff --git a/libxslt/transform.c b/libxslt/transform.c +index 24f9eb2..2bdf6bf 100644 +--- a/libxslt/transform.c ++++ b/libxslt/transform.c +@@ -700,6 +700,7 @@ xsltNewTransformContext(xsltStylesheetPtr style, xmlDocPtr doc) { + cur->traceCode = (unsigned long*) &xsltDefaultTrace; + cur->xinclude = xsltGetXIncludeDefault(); + cur->keyInitLevel = 0; ++ cur->nextid = 0; + + return(cur); + +@@ -6092,6 +6093,13 @@ xsltApplyStylesheetInternal(xsltStylesheetPtr style, xmlDocPtr doc, + if (root != NULL) { + const xmlChar *doctype = NULL; + ++ /* ++ * cleanup ids which may have been saved in Elements content ptrs ++ */ ++ if (ctxt->nextid != 0) { ++ xsltCleanupIds(ctxt, root); ++ } ++ + if ((root->ns != NULL) && (root->ns->prefix != NULL)) + doctype = xmlDictQLookup(ctxt->dict, root->ns->prefix, root->name); + if (doctype == NULL) +diff --git a/libxslt/xsltInternals.h b/libxslt/xsltInternals.h +index 95e8fe6..8eedae4 100644 +--- a/libxslt/xsltInternals.h ++++ b/libxslt/xsltInternals.h +@@ -1786,6 +1786,8 @@ struct _xsltTransformContext { + int funcLevel; /* Needed to catch recursive functions issues */ + int maxTemplateDepth; + int maxTemplateVars; ++ ++ unsigned long nextid;/* for generating stable ids */ + }; + + /** diff --git a/gnu/packages/patches/mit-krb5-CVE-2015-8629.patch b/gnu/packages/patches/mit-krb5-CVE-2015-8629.patch deleted file mode 100644 index a296d8cb1b..0000000000 --- a/gnu/packages/patches/mit-krb5-CVE-2015-8629.patch +++ /dev/null @@ -1,51 +0,0 @@ -Copied from Fedora. -http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-CVE-2015-8629.patch?h=f22 - -From df17a1224a3406f57477bcd372c61e04c0e5a5bb Mon Sep 17 00:00:00 2001 -From: Greg Hudson -Date: Fri, 8 Jan 2016 12:45:25 -0500 -Subject: [PATCH 1/3] Verify decoded kadmin C strings [CVE-2015-8629] - -In xdr_nullstring(), check that the decoded string is terminated with -a zero byte and does not contain any internal zero bytes. - -CVE-2015-8629: - -In all versions of MIT krb5, an authenticated attacker can cause -kadmind to read beyond the end of allocated memory by sending a string -without a terminating zero byte. Information leakage may be possible -for an attacker with permission to modify the database. - - CVSSv2 Vector: AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C - -ticket: 8341 (new) -target_version: 1.14-next -target_version: 1.13-next -tags: pullup ---- - src/lib/kadm5/kadm_rpc_xdr.c | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c -index 2bef858..ba67084 100644 ---- a/src/lib/kadm5/kadm_rpc_xdr.c -+++ b/src/lib/kadm5/kadm_rpc_xdr.c -@@ -64,7 +64,14 @@ bool_t xdr_nullstring(XDR *xdrs, char **objp) - return FALSE; - } - } -- return (xdr_opaque(xdrs, *objp, size)); -+ if (!xdr_opaque(xdrs, *objp, size)) -+ return FALSE; -+ /* Check that the unmarshalled bytes are a C string. */ -+ if ((*objp)[size - 1] != '\0') -+ return FALSE; -+ if (memchr(*objp, '\0', size - 1) != NULL) -+ return FALSE; -+ return TRUE; - - case XDR_ENCODE: - if (size != 0) --- -2.7.0.rc3 - diff --git a/gnu/packages/patches/mit-krb5-CVE-2015-8630.patch b/gnu/packages/patches/mit-krb5-CVE-2015-8630.patch deleted file mode 100644 index c21d84b1e7..0000000000 --- a/gnu/packages/patches/mit-krb5-CVE-2015-8630.patch +++ /dev/null @@ -1,81 +0,0 @@ -Copied from Fedora. -http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-CVE-2015-8630.patch?h=f22 - -From b863de7fbf080b15e347a736fdda0a82d42f4f6b Mon Sep 17 00:00:00 2001 -From: Greg Hudson -Date: Fri, 8 Jan 2016 12:52:28 -0500 -Subject: [PATCH 2/3] Check for null kadm5 policy name [CVE-2015-8630] - -In kadm5_create_principal_3() and kadm5_modify_principal(), check for -entry->policy being null when KADM5_POLICY is included in the mask. - -CVE-2015-8630: - -In MIT krb5 1.12 and later, an authenticated attacker with permission -to modify a principal entry can cause kadmind to dereference a null -pointer by supplying a null policy value but including KADM5_POLICY in -the mask. - - CVSSv2 Vector: AV:N/AC:H/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C - -ticket: 8342 (new) -target_version: 1.14-next -target_version: 1.13-next -tags: pullup ---- - src/lib/kadm5/srv/svr_principal.c | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c -index 5b95fa3..1d4365c 100644 ---- a/src/lib/kadm5/srv/svr_principal.c -+++ b/src/lib/kadm5/srv/svr_principal.c -@@ -395,6 +395,8 @@ kadm5_create_principal_3(void *server_handle, - /* - * Argument sanity checking, and opening up the DB - */ -+ if (entry == NULL) -+ return EINVAL; - if(!(mask & KADM5_PRINCIPAL) || (mask & KADM5_MOD_NAME) || - (mask & KADM5_MOD_TIME) || (mask & KADM5_LAST_PWD_CHANGE) || - (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) || -@@ -403,12 +405,12 @@ kadm5_create_principal_3(void *server_handle, - return KADM5_BAD_MASK; - if ((mask & KADM5_KEY_DATA) && entry->n_key_data != 0) - return KADM5_BAD_MASK; -+ if((mask & KADM5_POLICY) && entry->policy == NULL) -+ return KADM5_BAD_MASK; - if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR)) - return KADM5_BAD_MASK; - if((mask & ~ALL_PRINC_MASK)) - return KADM5_BAD_MASK; -- if (entry == NULL) -- return EINVAL; - - /* - * Check to see if the principal exists -@@ -643,6 +645,8 @@ kadm5_modify_principal(void *server_handle, - - krb5_clear_error_message(handle->context); - -+ if(entry == NULL) -+ return EINVAL; - if((mask & KADM5_PRINCIPAL) || (mask & KADM5_LAST_PWD_CHANGE) || - (mask & KADM5_MOD_TIME) || (mask & KADM5_MOD_NAME) || - (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) || -@@ -651,10 +655,10 @@ kadm5_modify_principal(void *server_handle, - return KADM5_BAD_MASK; - if((mask & ~ALL_PRINC_MASK)) - return KADM5_BAD_MASK; -+ if((mask & KADM5_POLICY) && entry->policy == NULL) -+ return KADM5_BAD_MASK; - if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR)) - return KADM5_BAD_MASK; -- if(entry == (kadm5_principal_ent_t) NULL) -- return EINVAL; - if (mask & KADM5_TL_DATA) { - tl_data_orig = entry->tl_data; - while (tl_data_orig) { --- -2.7.0.rc3 - diff --git a/gnu/packages/patches/mit-krb5-CVE-2015-8631.patch b/gnu/packages/patches/mit-krb5-CVE-2015-8631.patch deleted file mode 100644 index dd1eb2945c..0000000000 --- a/gnu/packages/patches/mit-krb5-CVE-2015-8631.patch +++ /dev/null @@ -1,576 +0,0 @@ -Copied from Fedora. -http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-CVE-2015-8631.patch?h=f22 - -From 83ed75feba32e46f736fcce0d96a0445f29b96c2 Mon Sep 17 00:00:00 2001 -From: Greg Hudson -Date: Fri, 8 Jan 2016 13:16:54 -0500 -Subject: [PATCH 3/3] Fix leaks in kadmin server stubs [CVE-2015-8631] - -In each kadmind server stub, initialize the client_name and -server_name variables, and release them in the cleanup handler. Many -of the stubs will otherwise leak the client and server name if -krb5_unparse_name() fails. Also make sure to free the prime_arg -variables in rename_principal_2_svc(), or we can leak the first one if -unparsing the second one fails. Discovered by Simo Sorce. - -CVE-2015-8631: - -In all versions of MIT krb5, an authenticated attacker can cause -kadmind to leak memory by supplying a null principal name in a request -which uses one. Repeating these requests will eventually cause -kadmind to exhaust all available memory. - - CVSSv2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C - -ticket: 8343 (new) -target_version: 1.14-next -target_version: 1.13-next -tags: pullup ---- - src/kadmin/server/server_stubs.c | 151 ++++++++++++++++++++------------------- - 1 file changed, 77 insertions(+), 74 deletions(-) - -diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c -index 1879dc6..6ac797e 100644 ---- a/src/kadmin/server/server_stubs.c -+++ b/src/kadmin/server/server_stubs.c -@@ -334,7 +334,8 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp) - { - static generic_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - restriction_t *rp; -@@ -382,10 +383,10 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp) - krb5_free_error_message(handle->context, errmsg); - } - free(prime_arg); -- gss_release_buffer(&minor_stat, &client_name); -- gss_release_buffer(&minor_stat, &service_name); - - exit_func: -+ gss_release_buffer(&minor_stat, &client_name); -+ gss_release_buffer(&minor_stat, &service_name); - free_server_handle(handle); - return &ret; - } -@@ -395,7 +396,8 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp) - { - static generic_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - restriction_t *rp; -@@ -444,10 +446,10 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp) - krb5_free_error_message(handle->context, errmsg); - } - free(prime_arg); -- gss_release_buffer(&minor_stat, &client_name); -- gss_release_buffer(&minor_stat, &service_name); - - exit_func: -+ gss_release_buffer(&minor_stat, &client_name); -+ gss_release_buffer(&minor_stat, &service_name); - free_server_handle(handle); - return &ret; - } -@@ -457,8 +459,8 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp) - { - static generic_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -501,10 +503,10 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp) - - } - free(prime_arg); -- gss_release_buffer(&minor_stat, &client_name); -- gss_release_buffer(&minor_stat, &service_name); - - exit_func: -+ gss_release_buffer(&minor_stat, &client_name); -+ gss_release_buffer(&minor_stat, &service_name); - free_server_handle(handle); - return &ret; - } -@@ -514,8 +516,8 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp) - { - static generic_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - restriction_t *rp; -@@ -559,9 +561,9 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp) - krb5_free_error_message(handle->context, errmsg); - } - free(prime_arg); -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -570,10 +572,9 @@ generic_ret * - rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp) - { - static generic_ret ret; -- char *prime_arg1, -- *prime_arg2; -- gss_buffer_desc client_name, -- service_name; -+ char *prime_arg1 = NULL, *prime_arg2 = NULL; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - restriction_t *rp; -@@ -655,11 +656,11 @@ rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp) - krb5_free_error_message(handle->context, errmsg); - - } -+exit_func: - free(prime_arg1); - free(prime_arg2); - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -669,8 +670,8 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp) - { - static gprinc_ret ret; - char *prime_arg, *funcname; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -719,9 +720,9 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp) - krb5_free_error_message(handle->context, errmsg); - } - free(prime_arg); -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -731,8 +732,8 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp) - { - static gprincs_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -777,9 +778,9 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp) - krb5_free_error_message(handle->context, errmsg); - - } -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -789,8 +790,8 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp) - { - static generic_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -840,9 +841,9 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp) - } - - free(prime_arg); -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -852,8 +853,8 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp) - { - static generic_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -909,9 +910,9 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp) - } - - free(prime_arg); -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -921,8 +922,8 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp) - { - static generic_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -969,9 +970,9 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp) - } - - free(prime_arg); -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -981,8 +982,8 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp) - { - static generic_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -1029,9 +1030,9 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp) - } - - free(prime_arg); -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -1041,8 +1042,8 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp) - { - static generic_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -1092,9 +1093,9 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp) - } - - free(prime_arg); -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -1106,8 +1107,8 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp) - krb5_keyblock *k; - int nkeys; - char *prime_arg, *funcname; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -1164,9 +1165,9 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp) - krb5_free_error_message(handle->context, errmsg); - } - free(prime_arg); -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -1178,8 +1179,8 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp) - krb5_keyblock *k; - int nkeys; - char *prime_arg, *funcname; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -1241,9 +1242,9 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp) - krb5_free_error_message(handle->context, errmsg); - } - free(prime_arg); -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -1253,8 +1254,8 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp) - { - static generic_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -1295,9 +1296,9 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp) - if (errmsg != NULL) - krb5_free_error_message(handle->context, errmsg); - } -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -1307,8 +1308,8 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp) - { - static generic_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -1347,9 +1348,9 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp) - if (errmsg != NULL) - krb5_free_error_message(handle->context, errmsg); - } -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -1359,8 +1360,8 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp) - { - static generic_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -1400,9 +1401,9 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp) - if (errmsg != NULL) - krb5_free_error_message(handle->context, errmsg); - } -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -1413,8 +1414,8 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp) - static gpol_ret ret; - kadm5_ret_t ret2; - char *prime_arg, *funcname; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_principal_ent_rec caller_ent; - kadm5_server_handle_t handle; -@@ -1475,9 +1476,9 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp) - log_unauth(funcname, prime_arg, - &client_name, &service_name, rqstp); - } -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - -@@ -1488,8 +1489,8 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp) - { - static gpols_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -1531,9 +1532,9 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp) - if (errmsg != NULL) - krb5_free_error_message(handle->context, errmsg); - } -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -1541,7 +1542,8 @@ exit_func: - getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) - { - static getprivs_ret ret; -- gss_buffer_desc client_name, service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -1571,9 +1573,9 @@ getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) - if (errmsg != NULL) - krb5_free_error_message(handle->context, errmsg); - -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -1583,7 +1585,8 @@ purgekeys_2_svc(purgekeys_arg *arg, struct svc_req *rqstp) - { - static generic_ret ret; - char *prime_arg, *funcname; -- gss_buffer_desc client_name, service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - -@@ -1629,9 +1632,9 @@ purgekeys_2_svc(purgekeys_arg *arg, struct svc_req *rqstp) - krb5_free_error_message(handle->context, errmsg); - } - free(prime_arg); -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -1641,8 +1644,8 @@ get_strings_2_svc(gstrings_arg *arg, struct svc_req *rqstp) - { - static gstrings_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -1688,9 +1691,9 @@ get_strings_2_svc(gstrings_arg *arg, struct svc_req *rqstp) - krb5_free_error_message(handle->context, errmsg); - } - free(prime_arg); -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -1700,8 +1703,8 @@ set_string_2_svc(sstring_arg *arg, struct svc_req *rqstp) - { - static generic_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -1744,9 +1747,9 @@ set_string_2_svc(sstring_arg *arg, struct svc_req *rqstp) - krb5_free_error_message(handle->context, errmsg); - } - free(prime_arg); -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -1754,8 +1757,8 @@ exit_func: - generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) - { - static generic_ret ret; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - kadm5_server_handle_t handle; - OM_uint32 minor_stat; - const char *errmsg = NULL; -@@ -1797,10 +1800,10 @@ generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) - rqstp->rq_cred.oa_flavor); - if (errmsg != NULL) - krb5_free_error_message(NULL, errmsg); -- gss_release_buffer(&minor_stat, &client_name); -- gss_release_buffer(&minor_stat, &service_name); - - exit_func: -+ gss_release_buffer(&minor_stat, &client_name); -+ gss_release_buffer(&minor_stat, &service_name); - return(&ret); - } - --- -2.7.0.rc3 - diff --git a/gnu/packages/patches/mit-krb5-init-context-null-spnego.patch b/gnu/packages/patches/mit-krb5-init-context-null-spnego.patch deleted file mode 100644 index 195db38d08..0000000000 --- a/gnu/packages/patches/mit-krb5-init-context-null-spnego.patch +++ /dev/null @@ -1,49 +0,0 @@ -Copied from Fedora. -http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-init_context_null_spnego.patch?h=f22 - -From 3beb564cea3d219efcf71682b6576cad548c2d23 Mon Sep 17 00:00:00 2001 -From: Simo Sorce -Date: Tue, 5 Jan 2016 12:11:59 -0500 -Subject: [PATCH] Check internal context on init context errors - -If the mechanism deletes the internal context handle on error, the -mechglue must do the same with the union context, to avoid crashes if -the application calls other functions with this invalid union context. - -[ghudson@mit.edu: edit commit message and code comment] - -ticket: 8337 (new) -target_version: 1.14-next -target_version: 1.13-next -tags: pullup ---- - src/lib/gssapi/mechglue/g_init_sec_context.c | 11 +++++++---- - 1 file changed, 7 insertions(+), 4 deletions(-) - -diff --git a/src/lib/gssapi/mechglue/g_init_sec_context.c b/src/lib/gssapi/mechglue/g_init_sec_context.c -index aaae767..9f154b8 100644 ---- a/src/lib/gssapi/mechglue/g_init_sec_context.c -+++ b/src/lib/gssapi/mechglue/g_init_sec_context.c -@@ -224,12 +224,15 @@ OM_uint32 * time_rec; - - if (status != GSS_S_COMPLETE && status != GSS_S_CONTINUE_NEEDED) { - /* -- * the spec says (the preferred) method is to delete all -- * context info on the first call to init, and on all -- * subsequent calls make the caller responsible for -- * calling gss_delete_sec_context -+ * The spec says the preferred method is to delete all context info on -+ * the first call to init, and on all subsequent calls make the caller -+ * responsible for calling gss_delete_sec_context. However, if the -+ * mechanism decided to delete the internal context, we should also -+ * delete the union context. - */ - map_error(minor_status, mech); -+ if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT) -+ *context_handle = GSS_C_NO_CONTEXT; - if (*context_handle == GSS_C_NO_CONTEXT) { - free(union_ctx_id->mech_type->elements); - free(union_ctx_id->mech_type); --- -2.6.4 - diff --git a/gnu/packages/patches/procps-non-linux.patch b/gnu/packages/patches/procps-non-linux.patch new file mode 100644 index 0000000000..9d369aeb2c --- /dev/null +++ b/gnu/packages/patches/procps-non-linux.patch @@ -0,0 +1,40 @@ +From aa9bd38d0a6fe53aff7f78fb2d9f61e55677c7b5 Mon Sep 17 00:00:00 2001 +From: Craig Small +Date: Sun, 17 Apr 2016 09:09:41 +1000 +Subject: [PATCH] tests: Conditionally add prctl to test process + +prctl was already bypassed on Cygwin systems. This extends to +non-Linux systems such as kFreeBSD and Hurd. + +--- + lib/test_process.c | 4 ++-- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/lib/test_process.c b/lib/test_process.c +index 6e652ed..6a4776c 100644 +--- a/lib/test_process.c ++++ b/lib/test_process.c +@@ -21,7 +21,9 @@ + #include + #include + #include ++#ifdef __linux__ + #include ++#endif + #include "c.h" + + #define DEFAULT_SLEEPTIME 300 +@@ -78,8 +80,10 @@ + sigaction(SIGUSR1, &signal_action, NULL); + sigaction(SIGUSR2, &signal_action, NULL); + ++#ifdef __linux__ + /* set process name */ + prctl(PR_SET_NAME, MY_NAME, NULL, NULL, NULL); ++#endif + + while (sleep_time > 0) { + sleep_time = sleep(sleep_time); +-- +2.8.2 + diff --git a/gnu/packages/patches/rapicorn-isnan.patch b/gnu/packages/patches/rapicorn-isnan.patch new file mode 100644 index 0000000000..b0e7819e64 --- /dev/null +++ b/gnu/packages/patches/rapicorn-isnan.patch @@ -0,0 +1,87 @@ +From e0c8341b3e4e13778bcde00d477e461ea8e94306 Mon Sep 17 00:00:00 2001 +From: Stefan Westerfeld +Date: Fri, 22 Apr 2016 18:03:37 +0200 +Subject: [PATCH 031/176] RCORE: compile fixes for KUbuntu 16.04/gcc + 5.3.1-14ubuntu2 + +Rapicorn uses isnan(...) and isinf(...) from cmath.h, however on KUbuntu 16.04 +it should use std::isnan(...) and std::isinf(...) instead. Patch below. + +Acked-by: Tim Janik +--- + rcore/strings.cc | 10 +++++----- + rcore/tests/benchrcore.cc | 4 ++-- + rcore/tests/strings.cc | 4 ++-- + 3 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/rcore/strings.cc b/rcore/strings.cc +index d5b0216..8b3bc3f 100644 +--- a/rcore/strings.cc ++++ b/rcore/strings.cc +@@ -437,7 +437,7 @@ static long double + libc_strtold (const char *nptr, char **endptr) + { + const long double result = strtold (nptr, endptr); +- if (isnan (result) && std::signbit (result) == 0) ++ if (std::isnan (result) && std::signbit (result) == 0) + { + const char *p = nptr; + while (isspace (*p)) +@@ -500,9 +500,9 @@ string_to_double (const char *dblstring, const char **endptr) + String + string_from_float (float value) + { +- if (isnan (value)) ++ if (std::isnan (value)) + return std::signbit (value) ? "-NaN" : "+NaN"; +- if (isinf (value)) ++ if (std::isinf (value)) + return std::signbit (value) ? "-Infinity" : "+Infinity"; + return string_format ("%.7g", value); + } +@@ -511,9 +511,9 @@ string_from_float (float value) + String + string_from_double (double value) + { +- if (isnan (value)) ++ if (std::isnan (value)) + return std::signbit (value) ? "-NaN" : "+NaN"; +- if (isinf (value)) ++ if (std::isinf (value)) + return std::signbit (value) ? "-Infinity" : "+Infinity"; + return string_format ("%.17g", value); + } +diff --git a/rcore/tests/benchrcore.cc b/rcore/tests/benchrcore.cc +index 3899a08..12fde16 100644 +--- a/rcore/tests/benchrcore.cc ++++ b/rcore/tests/benchrcore.cc +@@ -188,8 +188,8 @@ test_random_numbers() + const double rf = random_frange (989617512, 9876547656); + TASSERT (rf >= 989617512 && rf < 9876547656); + } +- TASSERT (isnan (random_frange (NAN, 1))); +- TASSERT (isnan (random_frange (0, NAN))); ++ TASSERT (std::isnan (random_frange (NAN, 1))); ++ TASSERT (std::isnan (random_frange (0, NAN))); + #if 0 // example penalty paid in random_int64() + size_t i, j = 0; + for (i = 0; i < 100; i++) +diff --git a/rcore/tests/strings.cc b/rcore/tests/strings.cc +index 468a6e6..dae3e3d 100644 +--- a/rcore/tests/strings.cc ++++ b/rcore/tests/strings.cc +@@ -311,9 +311,9 @@ string_conversions (void) + TCMP (string_to_double ("-0.5"), ==, -0.5); + double tfloat; + tfloat = string_to_double ("+NAN"); +- assert (isnan (tfloat) && std::signbit (tfloat) == 0); ++ assert (std::isnan (tfloat) && std::signbit (tfloat) == 0); + tfloat = string_to_double ("-NAN"); +- assert (isnan (tfloat) && std::signbit (tfloat) == 1); ++ assert (std::isnan (tfloat) && std::signbit (tfloat) == 1); + TCMP (string_capitalize ("fOO bar"), ==, "Foo Bar"); + TCMP (string_capitalize ("foo BAR BAZ", 2), ==, "Foo Bar BAZ"); + } +-- +2.9.1 + diff --git a/gnu/packages/patches/tar-d_ino_in_dirent-fix.patch b/gnu/packages/patches/tar-d_ino_in_dirent-fix.patch deleted file mode 100644 index 39d8e2b20a..0000000000 --- a/gnu/packages/patches/tar-d_ino_in_dirent-fix.patch +++ /dev/null @@ -1,33 +0,0 @@ -commit e9ddc08da0982f36581ae5a8c7763453ff41cfe8 -Author: Sergey Poznyakoff -Date: Thu Sep 25 00:22:16 2014 +0300 - - Bugfixes. - - * doc/tar.1: Fix typo in font spec. - * src/tar.c (sort_mode_arg, sort_mode_flag): Protect "inode" - (SAVEDIR_SORT_INODE) with D_INO_IN_DIRENT - -diff --git a/src/tar.c b/src/tar.c -index 225c624..f8102e0 100644 ---- a/src/tar.c -+++ b/src/tar.c -@@ -1341,14 +1341,18 @@ static char filename_terminator; - static char const *const sort_mode_arg[] = { - "none", - "name", -+#if D_INO_IN_DIRENT - "inode", -+#endif - NULL - }; - - static int sort_mode_flag[] = { - SAVEDIR_SORT_NONE, - SAVEDIR_SORT_NAME, -+#if D_INO_IN_DIRENT - SAVEDIR_SORT_INODE -+#endif - }; - - ARGMATCH_VERIFY (sort_mode_arg, sort_mode_flag); \ No newline at end of file -- cgit 1.4.1