summaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2016-05-04 11:43:50 -0400
committerMark H Weaver <mhw@netris.org>2016-05-04 11:43:50 -0400
commit4e9d04a80b2d8b1e07f78708dae76b13f3d421f6 (patch)
tree18a163720f4c9fdd7a45d724c6584b065e216c6d /gnu/packages/patches
parentad1b7d8bafe96241fd87a74baec0a38ed4389e4b (diff)
parent11057c4b58d766f358bc439690b9765bee735772 (diff)
Merge branch 'master' into gnome-updates
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/4store-fix-buildsystem.patch56
-rw-r--r--gnu/packages/patches/gcc-cross-environment-variables.patch51
-rw-r--r--gnu/packages/patches/ocaml-CVE-2015-8869.patch72
-rw-r--r--gnu/packages/patches/portmidi-modular-build.patch325
-rw-r--r--gnu/packages/patches/wpa-supplicant-CVE-2016-4476.patch82
-rw-r--r--gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch51
-rw-r--r--gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt2.patch82
-rw-r--r--gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt3.patch62
-rw-r--r--gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch50
9 files changed, 814 insertions, 17 deletions
diff --git a/gnu/packages/patches/4store-fix-buildsystem.patch b/gnu/packages/patches/4store-fix-buildsystem.patch
new file mode 100644
index 0000000000..383baa9461
--- /dev/null
+++ b/gnu/packages/patches/4store-fix-buildsystem.patch
@@ -0,0 +1,56 @@
+This patch sets a fixed version to avoid needing Git and the .git/ folder.
+It also removes the creation of "/var/lib/4store", which is not available
+during the install phase in GNU Guix.
+
+Patch by Roel Janssen <roel@gnu.org>
+*** a/configure.ac Wed Feb 4 19:05:24 2015
+--- b/configure.ac Wed Mar 23 11:20:38 2016
+***************
+*** 2,13 ****
+ # Process this file with autoconf to produce a configure script.
+
+ AC_PREREQ([2.50])
+! AC_INIT([4store], m4_esyscmd([./version.sh .version]), [http://4store.org/support/], [4store])
+ AC_CONFIG_SRCDIR([src/backend/backend-intl.h])
+! AM_INIT_AUTOMAKE([1.7 std-options -Wall])
+ AC_CONFIG_HEADERS(4store-config.h)
+
+ # Checks for programs.
+ AC_PROG_LIBTOOL
+ AC_PROG_AWK
+ AC_PROG_CC
+--- 2,14 ----
+ # Process this file with autoconf to produce a configure script.
+
+ AC_PREREQ([2.50])
+! AC_INIT([4store], [1.1.6], [http://4store.org/support/], [4store])
+ AC_CONFIG_SRCDIR([src/backend/backend-intl.h])
+! AM_INIT_AUTOMAKE([1.7 std-options foreign -Wall])
+ AC_CONFIG_HEADERS(4store-config.h)
+
+ # Checks for programs.
++ AM_PROG_AR
+ AC_PROG_LIBTOOL
+ AC_PROG_AWK
+ AC_PROG_CC
+
+*** a/src/utilities/Makefile.am Wed Feb 4 19:05:24 2015
+--- b/src/utilities/Makefile.am Wed Mar 23 14:05:56 2016
+***************
+*** 13,20 ****
+ noinst_PROGRAMS = lex-file-verify 4s-rid
+
+ install-data-local:
+! mkdir -p $(DESTDIR)@FS_STORE_ROOT@
+! chmod 1777 $(DESTDIR)@FS_STORE_ROOT@
+
+ 4s_backend_destroy_SOURCES = backend-destroy.c
+ 4s_backend_destroy_LDADD = ../common/lib4sintl.a
+--- 13,19 ----
+ noinst_PROGRAMS = lex-file-verify 4s-rid
+
+ install-data-local:
+! echo "Please create the following directory: " $(DESTDIR)@FS_STORE_ROOT@
+
+ 4s_backend_destroy_SOURCES = backend-destroy.c
+ 4s_backend_destroy_LDADD = ../common/lib4sintl.a
diff --git a/gnu/packages/patches/gcc-cross-environment-variables.patch b/gnu/packages/patches/gcc-cross-environment-variables.patch
index 0bd0be5984..ec4378e2d2 100644
--- a/gnu/packages/patches/gcc-cross-environment-variables.patch
+++ b/gnu/packages/patches/gcc-cross-environment-variables.patch
@@ -1,9 +1,23 @@
Search path environment variables for cross-compilers. See the discussion
at <http://gcc.gnu.org/ml/gcc/2013-02/msg00124.html>.
---- gcc-4.7.2/gcc/incpath.c 2012-01-27 00:34:58.000000000 +0100
-+++ gcc-4.7.2/gcc/incpath.c 2013-02-12 10:11:27.000000000 +0100
-@@ -452,7 +452,7 @@ register_include_chains (cpp_reader *pfi
+Note: Touch 'C_INCLUDE_PATH' et al. rather than 'CPATH', as discussed
+at <http://bugs.gnu.org/22186>.
+
+--- a/gcc/incpath.c
++++ b/gcc/incpath.c
+@@ -461,8 +461,8 @@ register_include_chains (cpp_reader *pfile, const char *sysroot,
+ int stdinc, int cxx_stdinc, int verbose)
+ {
+ static const char *const lang_env_vars[] =
+- { "C_INCLUDE_PATH", "CPLUS_INCLUDE_PATH",
+- "OBJC_INCLUDE_PATH", "OBJCPLUS_INCLUDE_PATH" };
++ { "CROSS_C_INCLUDE_PATH", "CROSS_CPLUS_INCLUDE_PATH",
++ "CROSS_OBJC_INCLUDE_PATH", "CROSS_OBJCPLUS_INCLUDE_PATH" };
+ cpp_options *cpp_opts = cpp_get_options (pfile);
+ size_t idx = (cpp_opts->objc ? 2: 0);
+
+@@ -473,7 +473,7 @@ register_include_chains (cpp_reader *pfile, const char *sysroot,
/* CPATH and language-dependent environment variables may add to the
include chain. */
@@ -12,20 +26,22 @@ at <http://gcc.gnu.org/ml/gcc/2013-02/msg00124.html>.
add_env_var_paths (lang_env_vars[idx], SYSTEM);
target_c_incpath.extra_pre_includes (sysroot, iprefix, stdinc);
-
---- gcc-4.7.2/gcc/system.h 2012-02-17 00:16:28.000000000 +0100
-+++ gcc-4.7.2/gcc/system.h 2013-02-12 10:22:17.000000000 +0100
-@@ -1023,4 +1023,6 @@ helper_const_non_const_cast (const char
- #define DEBUG_VARIABLE
- #endif
+diff --git a/gcc/system.h b/gcc/system.h
+index 42bc509..af3b9ad 100644
+--- a/gcc/system.h
++++ b/gcc/system.h
+@@ -1063,4 +1063,6 @@ helper_const_non_const_cast (const char *p)
+ /* Get definitions of HOST_WIDE_INT and HOST_WIDEST_INT. */
+ #include "hwint.h"
+#define LIBRARY_PATH_ENV "CROSS_LIBRARY_PATH"
+
#endif /* ! GCC_SYSTEM_H */
-
---- gcc-4.7.2/gcc/tlink.c 2012-02-11 09:50:23.000000000 +0100
-+++ gcc-4.7.2/gcc/tlink.c 2013-05-23 22:06:19.000000000 +0200
-@@ -461,7 +461,7 @@ recompile_files (void)
+diff --git a/gcc/tlink.c b/gcc/tlink.c
+index bc358b8..ad6242f 100644
+--- a/gcc/tlink.c
++++ b/gcc/tlink.c
+@@ -458,7 +458,7 @@ recompile_files (void)
file *f;
putenv (xstrdup ("COMPILER_PATH="));
@@ -34,10 +50,11 @@ at <http://gcc.gnu.org/ml/gcc/2013-02/msg00124.html>.
while ((f = file_pop ()) != NULL)
{
-
---- gcc-4.7.3/gcc/gcc.c 2013-03-08 08:25:09.000000000 +0100
-+++ gcc-4.7.3/gcc/gcc.c 2013-05-24 08:58:16.000000000 +0200
-@@ -3726,7 +3726,7 @@ process_command (unsigned int decoded_op
+diff --git a/gcc/gcc.c b/gcc/gcc.c
+index adbf0c4..70448c6 100644
+--- a/gcc/gcc.c
++++ b/gcc/gcc.c
+@@ -3853,7 +3853,7 @@ process_command (unsigned int decoded_options_count,
}
temp = getenv (LIBRARY_PATH_ENV);
diff --git a/gnu/packages/patches/ocaml-CVE-2015-8869.patch b/gnu/packages/patches/ocaml-CVE-2015-8869.patch
new file mode 100644
index 0000000000..0a4cb34d25
--- /dev/null
+++ b/gnu/packages/patches/ocaml-CVE-2015-8869.patch
@@ -0,0 +1,72 @@
+Adapted from upstream commit 659615c7b100a89eafe6253e7a5b9d84d0e8df74,
+this patch omits the upstream changes to 'Changes' and 'VERSION'.
+
+http://seclists.org/oss-sec/2016/q2/170
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8869
+https://github.com/ocaml/ocaml/commit/659615c7b100a89eafe6253e7a5b9d84d0e8df74
+---
+ byterun/alloc.c | 4 ++--
+ byterun/intern.c | 2 +-
+ byterun/str.c | 4 ++--
+ 3 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/byterun/alloc.c b/byterun/alloc.c
+index 96a21bf..0db9947 100644
+--- a/byterun/alloc.c
++++ b/byterun/alloc.c
+@@ -153,7 +153,7 @@ CAMLexport int caml_convert_flag_list(value list, int *flags)
+ /* [size] is a [value] representing number of words (fields) */
+ CAMLprim value caml_alloc_dummy(value size)
+ {
+- mlsize_t wosize = Int_val(size);
++ mlsize_t wosize = Long_val(size);
+
+ if (wosize == 0) return Atom(0);
+ return caml_alloc (wosize, 0);
+@@ -169,7 +169,7 @@ CAMLprim value caml_alloc_dummy_function(value size,value arity)
+ /* [size] is a [value] representing number of floats. */
+ CAMLprim value caml_alloc_dummy_float (value size)
+ {
+- mlsize_t wosize = Int_val(size) * Double_wosize;
++ mlsize_t wosize = Long_val(size) * Double_wosize;
+
+ if (wosize == 0) return Atom(0);
+ return caml_alloc (wosize, 0);
+diff --git a/byterun/intern.c b/byterun/intern.c
+index 89d13d1..7b8d049 100644
+--- a/byterun/intern.c
++++ b/byterun/intern.c
+@@ -291,7 +291,7 @@ static void intern_rec(value *dest)
+ case OFreshOID:
+ /* Refresh the object ID */
+ /* but do not do it for predefined exception slots */
+- if (Int_val(Field((value)dest, 1)) >= 0)
++ if (Long_val(Field((value)dest, 1)) >= 0)
+ caml_set_oo_id((value)dest);
+ /* Pop item and iterate */
+ sp--;
+diff --git a/byterun/str.c b/byterun/str.c
+index 5ad4e29..885772f 100644
+--- a/byterun/str.c
++++ b/byterun/str.c
+@@ -266,7 +266,7 @@ CAMLprim value caml_string_greaterequal(value s1, value s2)
+ CAMLprim value caml_blit_string(value s1, value ofs1, value s2, value ofs2,
+ value n)
+ {
+- memmove(&Byte(s2, Long_val(ofs2)), &Byte(s1, Long_val(ofs1)), Int_val(n));
++ memmove(&Byte(s2, Long_val(ofs2)), &Byte(s1, Long_val(ofs1)), Long_val(n));
+ return Val_unit;
+ }
+
+@@ -278,7 +278,7 @@ CAMLprim value caml_fill_string(value s, value offset, value len, value init)
+
+ CAMLprim value caml_bitvect_test(value bv, value n)
+ {
+- int pos = Int_val(n);
++ intnat pos = Long_val(n);
+ return Val_int(Byte_u(bv, pos >> 3) & (1 << (pos & 7)));
+ }
+
+--
+2.7.4
+
diff --git a/gnu/packages/patches/portmidi-modular-build.patch b/gnu/packages/patches/portmidi-modular-build.patch
new file mode 100644
index 0000000000..25e64ae317
--- /dev/null
+++ b/gnu/packages/patches/portmidi-modular-build.patch
@@ -0,0 +1,325 @@
+We took this patch from Gentoo to break apart the portmidi build, so that we
+can disable the Java parts and cleanly disable the tests which fail to link
+(possibly because they are linked before “-lportmidi” is available). The
+patch was downloaded from here:
+
+https://gitweb.gentoo.org/repo/gentoo.git/plain/media-libs/portmidi/files/portmidi-217-cmake.patch?id=56bd759df1d0c750a065b8c845e93d5dfa6b549d
+
+--- portmidi/CMakeLists.txt
++++ portmidi/CMakeLists.txt
+@@ -9,12 +9,11 @@
+ set(CMAKE_BUILD_TYPE Release CACHE STRING
+ "Semicolon-separate list of supported configuration types")
+ # set default directories but don't override cached values...
+- set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${CMAKE_CACHEFILE_DIR}/${CMAKE_BUILD_TYPE}
++ set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
+ CACHE STRING "libraries go here")
+- set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_CACHEFILE_DIR}/${CMAKE_BUILD_TYPE}
++ set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
+ CACHE STRING "libraries go here")
+- set(CMAKE_RUNTIME_OUTPUT_DIRECTORY
+- ${CMAKE_CACHEFILE_DIR}/${CMAKE_BUILD_TYPE}
++ set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
+ CACHE STRING "executables go here")
+
+ else(UNIX)
+@@ -68,10 +67,20 @@
+ include_directories(pm_common porttime)
+ add_subdirectory(pm_common)
+
+-add_subdirectory(pm_test)
++option(PORTMIDI_ENABLE_JAVA "Enable Java bindings support" ON)
++option(PORTMIDI_ENABLE_STATIC "Build and install static libraries" OFF)
++option(PORTMIDI_ENABLE_TEST "Build test programs" ON)
++
++if(PORTMIDI_ENABLE_TEST)
++ add_subdirectory(pm_test)
++endif(PORTMIDI_ENABLE_TEST)
+
+ add_subdirectory(pm_dylib)
+
+ # Cannot figure out how to make an xcode Java application with CMake
+-add_subdirectory(pm_java)
++if(PORTMIDI_ENABLE_JAVA)
++ set(JAR_INSTALL_DIR share/java
++ CACHE STRING "Define directory name for jar installation")
++ add_subdirectory(pm_java)
++endif(PORTMIDI_ENABLE_JAVA)
+
+--- portmidi/pm_common/CMakeLists.txt
++++ portmidi/pm_common/CMakeLists.txt
+@@ -44,9 +44,6 @@
+
+ # first include the appropriate system-dependent file:
+ if(UNIX)
+- # add the -g switch for Linux and Mac OS X (not used in Win32)
+- set (CMAKE_C_FLAGS_DEBUG "-g ${CMAKE_C_FLAGS_DEBUG}"
+- CACHE STRING "enable extra checks for debugging" FORCE)
+ if(APPLE)
+ set(MACSRC pmmacosxcm pmmac readbinaryplist finddefault)
+ prepend_path(LIBSRC ../pm_mac/ ${MACSRC})
+@@ -62,19 +59,23 @@
+ ${COREMIDI_LIB} ${CORESERVICES_LIB}
+ CACHE INTERNAL "")
+
+- set(JAVAVM_LIB "${FRAMEWORK_PATH}/JavaVM.framework")
+- set(JAVA_INCLUDE_PATHS ${JAVAVM_LIB}/Headers)
++ if(PORTMIDI_ENABLE_JAVA)
++ set(JAVAVM_LIB "${FRAMEWORK_PATH}/JavaVM.framework")
++ set(JAVA_INCLUDE_PATHS ${JAVAVM_LIB}/Headers)
++ endif(PORTMIDI_ENABLE_JAVA)
+ message(STATUS "SYSROOT: " ${CMAKE_OSX_SYSROOT})
+ else(APPLE)
+ # LINUX settings...
+- include(FindJNI)
+- message(STATUS "JAVA_JVM_LIB_PATH is " ${JAVA_JVM_LIB_PATH})
+- message(STATUS "JAVA_INCLUDE_PATH is " ${JAVA_INCLUDE_PATH})
+- message(STATUS "JAVA_INCLUDE_PATH2 is " ${JAVA_INCLUDE_PATH2})
+- message(STATUS "JAVA_JVM_LIBRARY is " ${JAVA_JVM_LIBRARY})
+- set(JAVA_INCLUDE_PATHS ${JAVA_INCLUDE_PATH} ${JAVA_INCLUDE_PATH2})
+- # libjvm.so is found relative to JAVA_INCLUDE_PATH:
+- set(JAVAVM_LIB ${JAVA_JVM_LIBRARY}/libjvm.so)
++ if(PORTMIDI_ENABLE_JAVA)
++ include(FindJNI)
++ message(STATUS "JAVA_JVM_LIB_PATH is " ${JAVA_JVM_LIB_PATH})
++ message(STATUS "JAVA_INCLUDE_PATH is " ${JAVA_INCLUDE_PATH})
++ message(STATUS "JAVA_INCLUDE_PATH2 is " ${JAVA_INCLUDE_PATH2})
++ message(STATUS "JAVA_JVM_LIBRARY is " ${JAVA_JVM_LIBRARY})
++ set(JAVA_INCLUDE_PATHS ${JAVA_INCLUDE_PATH} ${JAVA_INCLUDE_PATH2})
++ # libjvm.so is found relative to JAVA_INCLUDE_PATH:
++ set(JAVAVM_LIB ${JAVA_JVM_LIBRARY}/libjvm.so)
++ endif(PORTMIDI_ENABLE_JAVA)
+
+ set(LINUXSRC pmlinuxalsa pmlinux finddefault)
+ prepend_path(LIBSRC ../pm_linux/ ${LINUXSRC})
+@@ -88,10 +89,12 @@
+ # /MD is multithread DLL, /MT is multithread. Change to static:
+ include(../pm_win/static.cmake)
+
+- include(FindJNI)
++ if(PORTMIDI_ENABLE_JAVA)
++ include(FindJNI)
+
+- set(JAVA_INCLUDE_PATHS ${JAVA_INCLUDE_PATH} ${JAVA_INCLUDE_PATH2})
+- # message(STATUS "JAVA_INCLUDE_PATHS: " ${JAVA_INCLUDE_PATHS})
++ set(JAVA_INCLUDE_PATHS ${JAVA_INCLUDE_PATH} ${JAVA_INCLUDE_PATH2})
++ # message(STATUS "JAVA_INCLUDE_PATHS: " ${JAVA_INCLUDE_PATHS})
++ endif(PORTMIDI_ENABLE_JAVA)
+
+ set(WINSRC pmwin pmwinmm)
+ prepend_path(LIBSRC ../pm_win/ ${WINSRC})
+@@ -99,29 +102,43 @@
+ set(PM_NEEDED_LIBS winmm.lib)
+ endif(WIN32)
+ endif(UNIX)
+-set(JNI_EXTRA_LIBS ${PM_NEEDED_LIBS} ${JAVA_JVM_LIBRARY})
++
++if(PORTMIDI_ENABLE_JAVA)
++ set(JNI_EXTRA_LIBS ${PM_NEEDED_LIBS} ${JAVA_JVM_LIBRARY})
++endif(PORTMIDI_ENABLE_JAVA)
+
+ # this completes the list of library sources by adding shared code
+ list(APPEND LIBSRC pmutil portmidi)
+
+ # now add the shared files to make the complete list of library sources
+-add_library(portmidi-static ${LIBSRC})
+-set_target_properties(portmidi-static PROPERTIES OUTPUT_NAME "portmidi_s")
+-target_link_libraries(portmidi-static ${PM_NEEDED_LIBS})
+-
+-# define the jni library
+-include_directories(${JAVA_INCLUDE_PATHS})
+-
+-set(JNISRC ${LIBSRC} ../pm_java/pmjni/pmjni.c)
+-add_library(pmjni SHARED ${JNISRC})
+-target_link_libraries(pmjni ${JNI_EXTRA_LIBS})
+-set_target_properties(pmjni PROPERTIES EXECUTABLE_EXTENSION "jnilib")
++if(PORTMIDI_ENABLE_STATIC)
++ add_library(portmidi-static ${LIBSRC})
++ set_target_properties(portmidi-static PROPERTIES OUTPUT_NAME "portmidi")
++ target_link_libraries(portmidi-static ${PM_NEEDED_LIBS})
++endif(PORTMIDI_ENABLE_STATIC)
++
++if(PORTMIDI_ENABLE_JAVA)
++ # define the jni library
++ include_directories(${JAVA_INCLUDE_PATHS})
++
++ set(JNISRC ${LIBSRC} ../pm_java/pmjni/pmjni.c)
++ add_library(pmjni SHARED ${JNISRC})
++ target_link_libraries(pmjni ${JNI_EXTRA_LIBS})
++ set_target_properties(pmjni PROPERTIES EXECUTABLE_EXTENSION "jnilib")
++endif(PORTMIDI_ENABLE_JAVA)
+
+ # install the libraries (Linux and Mac OS X command line)
+ if(UNIX)
+- INSTALL(TARGETS portmidi-static pmjni
+- LIBRARY DESTINATION /usr/local/lib
+- ARCHIVE DESTINATION /usr/local/lib)
++ if(PORTMIDI_ENABLE_STATIC)
++ INSTALL(TARGETS portmidi-static
++ LIBRARY DESTINATION lib${LIB_SUFFIX}
++ ARCHIVE DESTINATION lib${LIB_SUFFIX})
++ endif(PORTMIDI_ENABLE_STATIC)
++ if(PORTMIDI_ENABLE_JAVA)
++ INSTALL(TARGETS pmjni
++ LIBRARY DESTINATION lib${LIB_SUFFIX}
++ ARCHIVE DESTINATION lib${LIB_SUFFIX})
++ endif(PORTMIDI_ENABLE_JAVA)
+ # .h files installed by pm_dylib/CMakeLists.txt, so don't need them here
+ # INSTALL(FILES portmidi.h ../porttime/porttime.h
+ # DESTINATION /usr/local/include)
+--- portmidi/pm_dylib/CMakeLists.txt
++++ portmidi/pm_dylib/CMakeLists.txt
+@@ -39,9 +39,6 @@
+
+ # first include the appropriate system-dependent file:
+ if(UNIX)
+- # add the -g switch for Linux and Mac OS X (not used in Win32)
+- set (CMAKE_C_FLAGS_DEBUG "-g ${CMAKE_C_FLAGS_DEBUG}"
+- CACHE STRING "enable extra checks for debugging" FORCE)
+ if(APPLE)
+ set(MACSRC pmmacosxcm pmmac readbinaryplist finddefault)
+ prepend_path(LIBSRC ../pm_mac/ ${MACSRC})
+@@ -63,7 +60,8 @@
+ message(STATUS "SYSROOT: " ${CMAKE_OSX_SYSROOT})
+ else(APPLE)
+ # LINUX settings...
+- include(FindJNI)
++ if(PORTMIDI_ENABLE_JAVA)
++ include(FindJNI)
+ # message(STATUS "JAVA_JVM_LIB_PATH is " ${JAVA_JVM_LIB_PATH})
+ # message(STATUS "JAVA_INCLUDE_PATH is " ${JAVA_INCLUDE_PATH})
+ # note: should use JAVA_JVM_LIB_PATH, but it is not set properly
+@@ -75,11 +73,8 @@
+ # JAVA_INCLUDE_PATH2; if no, then we need to make both JAVA_INCLUDE_PATH
+ # and JAVA_INCLUDE_PATH2 set by user (will need clear documentation
+ # because JAVA_INCLUDE_PATH2 is pretty obscure)
+- set(JAVA_INCLUDE_PATH ${JAVA_INCLUDE_PATH-UNKNOWN}
+- CACHE STRING "where to find Java SDK include directory")
+- set(JAVA_INCLUDE_PATHS ${JAVA_INCLUDE_PATH} ${JAVA_INCLUDE_PATH}/linux)
+- # libjvm.so is found relative to JAVA_INCLUDE_PATH:
+- set(JAVAVM_LIB ${JAVA_INCLUDE_PATH}/../jre/lib/i386/client/libjvm.so)
++ set(JAVAVM_LIB ${JAVA_JVM_LIBRARY})
++ endif(PORTMIDI_ENABLE_JAVA)
+
+ set(LINUXSRC pmlinuxalsa pmlinux finddefault)
+ prepend_path(LIBSRC ../pm_linux/ ${LINUXSRC})
+@@ -91,13 +86,15 @@
+ if(WIN32)
+ # /MDd is multithread debug DLL, /MTd is multithread debug
+ # /MD is multithread DLL, /MT is multithread
+-
+- include(FindJNI)
+- # note: should use JAVA_JVM_LIB_PATH, but it is not set properly
+- set(JAVAVM_LIB ${JAVA_INCLUDE_PATH}/../lib/jvm.lib)
+
+- set(JAVA_INCLUDE_PATHS ${JAVA_INCLUDE_PATH} ${JAVA_INCLUDE_PATH2})
+- # message(STATUS "JAVA_INCLUDE_PATHS: " ${JAVA_INCLUDE_PATHS})
++ if(PORTMIDI_ENABLE_JAVA)
++ include(FindJNI)
++ # note: should use JAVA_JVM_LIB_PATH, but it is not set properly
++ set(JAVAVM_LIB ${JAVA_INCLUDE_PATH}/../lib/jvm.lib)
++
++ set(JAVA_INCLUDE_PATHS ${JAVA_INCLUDE_PATH} ${JAVA_INCLUDE_PATH2})
++ # message(STATUS "JAVA_INCLUDE_PATHS: " ${JAVA_INCLUDE_PATHS})
++ endif(PORTMIDI_ENABLE_JAVA)
+
+ set(WINSRC pmwin pmwinmm)
+ prepend_path(LIBSRC ../pm_win/ ${WINSRC})
+@@ -106,7 +103,10 @@
+ # message(STATUS "JAVAVM_LIB: " ${JAVAVM_LIB})
+ endif(WIN32)
+ endif(UNIX)
++
++if(PORTMIDI_ENABLE_JAVA)
+ set(JNI_EXTRA_LIBS ${PM_NEEDED_LIBS} ${JAVAVM_LIB})
++endif(PORTMIDI_ENABLE_JAVA)
+
+ # this completes the list of library sources by adding shared code
+ set(SHARED_FILES pmutil portmidi)
+@@ -120,8 +120,8 @@
+ # install the libraries (Linux and Mac OS X command line)
+ if(UNIX)
+ INSTALL(TARGETS portmidi-dynamic
+- LIBRARY DESTINATION /usr/local/lib
+- ARCHIVE DESTINATION /usr/local/lib)
++ LIBRARY DESTINATION lib${LIB_SUFFIX}
++ ARCHIVE DESTINATION lib${LIB_SUFFIX})
+ INSTALL(FILES ../pm_common/portmidi.h ../porttime/porttime.h
+- DESTINATION /usr/local/include)
++ DESTINATION include)
+ endif(UNIX)
+--- portmidi/pm_java/CMakeLists.txt
++++ portmidi/pm_java/CMakeLists.txt
+@@ -5,43 +5,24 @@
+ # java not dealt with in CMake -- see pm_mac/pm_mac.xcodeproj
+ else(APPLE)
+ # linux
+- set(JPORTMIDICLASS JPortMidi.class JPortMidiException.class
+- JPortMidiApi.class)
+- set(PMDEFAULTSCLASS PmDefaultsFrame.class PmDefaults.class)
+- prepend_path(JPORTMIDICLASS2 jportmidi/ ${JPORTMIDICLASS})
+- prepend_path(PMDEFAULTSCLASS2 pmdefaults/ ${PMDEFAULTSCLASS})
+- set(PMDEFAULTS_ALL_CLASSES ${JPORTMIDICLASS2} ${PMDEFAULTSCLASS2})
+- # message(STATUS "PMDEFAULTS_ALL_CLASSES is " ${PMDEFAULTS_ALL_CLASSES})
+- add_custom_command(OUTPUT pmdefaults/PmDefaultsFrame.class
+- COMMAND javac -classpath . pmdefaults/PmDefaultsFrame.java
+- MAIN_DEPENDENCY pmdefaults/PmDefaultsFrame.java
+- DEPENDS pmdefaults/PmDefaults.java
+- WORKING_DIRECTORY pm_java)
+- add_custom_command(OUTPUT pmdefaults/PmDefaults.class
+- COMMAND javac -classpath . pmdefaults/PmDefaults.java
+- MAIN_DEPENDENCY pmdefaults/PmDefaults.java
+- DEPENDS pmdefaults/PmDefaultsFrame.java
+- WORKING_DIRECTORY pm_java)
+- add_custom_command(OUTPUT ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/pmdefaults.jar
+- COMMAND cp pmdefaults/portmusic_logo.png .
+- COMMAND jar cmf pmdefaults/manifest.txt pmdefaults.jar
+- pmdefaults/*.class portmusic_logo.png jportmidi/*.class
+- COMMAND chmod +x pmdefaults/pmdefaults
+- COMMAND cp pmdefaults/pmdefaults ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}
+- COMMAND mv pmdefaults.jar ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}
+- COMMAND rm portmusic_logo.png
+- MAIN_DEPENDENCY pmdefaults/PmDefaults.class
+- DEPENDS ${PMDEFAULTS_ALL_CLASSES}
+- WORKING_DIRECTORY pm_java)
+- add_custom_target(pmdefaults_target ALL
+- DEPENDS ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/pmdefaults.jar)
+- # message(STATUS "add_custom_target: pmdefaults.jar")
++ set(JAVA_CLASSES jportmidi pmdefaults)
++ add_custom_command(OUTPUT ${JAVA_CLASSES}
++ COMMAND javac -d ${CMAKE_CURRENT_BINARY_DIR} jportmidi/*.java pmdefaults/*.java
++ WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
++ add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/pmdefaults.jar
++ DEPENDS ${JAVA_CLASSES}
++ COMMAND jar cmf pmdefaults/manifest.txt ${CMAKE_CURRENT_BINARY_DIR}/pmdefaults.jar
++ -C pmdefaults portmusic_logo.png -C ${CMAKE_CURRENT_BINARY_DIR} jportmidi
++ -C ${CMAKE_CURRENT_BINARY_DIR} pmdefaults
++ WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
++ add_custom_target(pmdefaults.jar ALL
++ DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/pmdefaults.jar)
+
+ # install the libraries (Linux only)
+- INSTALL(FILES ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/pmdefaults.jar
+- DESTINATION /usr/share/java)
+- INSTALL(PROGRAMS ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/pmdefaults
+- DESTINATION /usr/local/bin)
++ INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/pmdefaults.jar
++ DESTINATION ${JAR_INSTALL_DIR})
++ INSTALL(PROGRAMS ${CMAKE_CURRENT_SOURCE_DIR}/pmdefaults/pmdefaults
++ DESTINATION bin)
+ endif(APPLE)
+ endif(UNIX)
+ # In windows, use pm_java/make.bat
+--- portmidi/pm_test/CMakeLists.txt
++++ portmidi/pm_test/CMakeLists.txt
+@@ -12,8 +12,8 @@
+
+ macro(make_a_test name)
+ add_executable(${name} ${name}.c)
+- target_link_libraries(${name} portmidi-static ${PM_NEEDED_LIBS})
+- add_dependencies(${name} portmidi-static)
++ target_link_libraries(${name} portmidi ${PM_NEEDED_LIBS})
++ add_dependencies(${name} portmidi)
+ endmacro(make_a_test)
+
+ make_a_test(test)
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2016-4476.patch b/gnu/packages/patches/wpa-supplicant-CVE-2016-4476.patch
new file mode 100644
index 0000000000..acad6be0a4
--- /dev/null
+++ b/gnu/packages/patches/wpa-supplicant-CVE-2016-4476.patch
@@ -0,0 +1,82 @@
+From ecbb0b3dc122b0d290987cf9c84010bbe53e1022 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@qca.qualcomm.com>
+Date: Fri, 4 Mar 2016 17:20:18 +0200
+Subject: [PATCH 1/5] WPS: Reject a Credential with invalid passphrase
+
+WPA/WPA2-Personal passphrase is not allowed to include control
+characters. Reject a Credential received from a WPS Registrar both as
+STA (Credential) and AP (AP Settings) if the credential is for WPAPSK or
+WPA2PSK authentication type and includes an invalid passphrase.
+
+This fixes an issue where hostapd or wpa_supplicant could have updated
+the configuration file PSK/passphrase parameter with arbitrary data from
+an external device (Registrar) that may not be fully trusted. Should
+such data include a newline character, the resulting configuration file
+could become invalid and fail to be parsed.
+
+Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
+---
+ src/utils/common.c | 12 ++++++++++++
+ src/utils/common.h | 1 +
+ src/wps/wps_attr_process.c | 10 ++++++++++
+ 3 files changed, 23 insertions(+)
+
+diff --git a/src/utils/common.c b/src/utils/common.c
+index 450e2c6..27b7c02 100644
+--- a/src/utils/common.c
++++ b/src/utils/common.c
+@@ -697,6 +697,18 @@ int is_hex(const u8 *data, size_t len)
+ }
+
+
++int has_ctrl_char(const u8 *data, size_t len)
++{
++ size_t i;
++
++ for (i = 0; i < len; i++) {
++ if (data[i] < 32 || data[i] == 127)
++ return 1;
++ }
++ return 0;
++}
++
++
+ size_t merge_byte_arrays(u8 *res, size_t res_len,
+ const u8 *src1, size_t src1_len,
+ const u8 *src2, size_t src2_len)
+diff --git a/src/utils/common.h b/src/utils/common.h
+index 701dbb2..a972240 100644
+--- a/src/utils/common.h
++++ b/src/utils/common.h
+@@ -488,6 +488,7 @@ const char * wpa_ssid_txt(const u8 *ssid, size_t ssid_len);
+
+ char * wpa_config_parse_string(const char *value, size_t *len);
+ int is_hex(const u8 *data, size_t len);
++int has_ctrl_char(const u8 *data, size_t len);
+ size_t merge_byte_arrays(u8 *res, size_t res_len,
+ const u8 *src1, size_t src1_len,
+ const u8 *src2, size_t src2_len);
+diff --git a/src/wps/wps_attr_process.c b/src/wps/wps_attr_process.c
+index eadb22f..e8c4579 100644
+--- a/src/wps/wps_attr_process.c
++++ b/src/wps/wps_attr_process.c
+@@ -229,6 +229,16 @@ static int wps_workaround_cred_key(struct wps_credential *cred)
+ cred->key_len--;
+ #endif /* CONFIG_WPS_STRICT */
+ }
++
++
++ if (cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK) &&
++ (cred->key_len < 8 || has_ctrl_char(cred->key, cred->key_len))) {
++ wpa_printf(MSG_INFO, "WPS: Reject credential with invalid WPA/WPA2-Personal passphrase");
++ wpa_hexdump_ascii_key(MSG_INFO, "WPS: Network Key",
++ cred->key, cred->key_len);
++ return -1;
++ }
++
+ return 0;
+ }
+
+--
+1.9.1
+
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch
new file mode 100644
index 0000000000..507a96e47c
--- /dev/null
+++ b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch
@@ -0,0 +1,51 @@
+From 73e4abb24a936014727924d8b0b2965edfc117dd Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@qca.qualcomm.com>
+Date: Fri, 4 Mar 2016 18:46:41 +0200
+Subject: [PATCH 2/5] Reject psk parameter set with invalid passphrase
+ character
+
+WPA/WPA2-Personal passphrase is not allowed to include control
+characters. Reject a passphrase configuration attempt if that passphrase
+includes an invalid passphrase.
+
+This fixes an issue where wpa_supplicant could have updated the
+configuration file psk parameter with arbitrary data from the control
+interface or D-Bus interface. While those interfaces are supposed to be
+accessible only for trusted users/applications, it may be possible that
+an untrusted user has access to a management software component that
+does not validate the passphrase value before passing it to
+wpa_supplicant.
+
+This could allow such an untrusted user to inject up to 63 characters of
+almost arbitrary data into the configuration file. Such configuration
+file could result in wpa_supplicant trying to load a library (e.g.,
+opensc_engine_path, pkcs11_engine_path, pkcs11_module_path,
+load_dynamic_eap) from user controlled location when starting again.
+This would allow code from that library to be executed under the
+wpa_supplicant process privileges.
+
+Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
+---
+ wpa_supplicant/config.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
+index b1c7870..fdd9643 100644
+--- a/wpa_supplicant/config.c
++++ b/wpa_supplicant/config.c
+@@ -478,6 +478,12 @@ static int wpa_config_parse_psk(const struct parse_data *data,
+ }
+ wpa_hexdump_ascii_key(MSG_MSGDUMP, "PSK (ASCII passphrase)",
+ (u8 *) value, len);
++ if (has_ctrl_char((u8 *) value, len)) {
++ wpa_printf(MSG_ERROR,
++ "Line %d: Invalid passphrase character",
++ line);
++ return -1;
++ }
+ if (ssid->passphrase && os_strlen(ssid->passphrase) == len &&
+ os_memcmp(ssid->passphrase, value, len) == 0) {
+ /* No change to the previously configured value */
+--
+1.9.1
+
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt2.patch b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt2.patch
new file mode 100644
index 0000000000..684d25de96
--- /dev/null
+++ b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt2.patch
@@ -0,0 +1,82 @@
+From 0fe5a234240a108b294a87174ad197f6b5cb38e9 Mon Sep 17 00:00:00 2001
+From: Paul Stewart <pstew@google.com>
+Date: Thu, 3 Mar 2016 15:40:19 -0800
+Subject: [PATCH 3/5] Remove newlines from wpa_supplicant config network
+ output
+
+Spurious newlines output while writing the config file can corrupt the
+wpa_supplicant configuration. Avoid writing these for the network block
+parameters. This is a generic filter that cover cases that may not have
+been explicitly addressed with a more specific commit to avoid control
+characters in the psk parameter.
+
+Signed-off-by: Paul Stewart <pstew@google.com>
+---
+ src/utils/common.c | 11 +++++++++++
+ src/utils/common.h | 1 +
+ wpa_supplicant/config.c | 15 +++++++++++++--
+ 3 files changed, 25 insertions(+), 2 deletions(-)
+
+diff --git a/src/utils/common.c b/src/utils/common.c
+index 27b7c02..9856463 100644
+--- a/src/utils/common.c
++++ b/src/utils/common.c
+@@ -709,6 +709,17 @@ int has_ctrl_char(const u8 *data, size_t len)
+ }
+
+
++int has_newline(const char *str)
++{
++ while (*str) {
++ if (*str == '\n' || *str == '\r')
++ return 1;
++ str++;
++ }
++ return 0;
++}
++
++
+ size_t merge_byte_arrays(u8 *res, size_t res_len,
+ const u8 *src1, size_t src1_len,
+ const u8 *src2, size_t src2_len)
+diff --git a/src/utils/common.h b/src/utils/common.h
+index a972240..d19927b 100644
+--- a/src/utils/common.h
++++ b/src/utils/common.h
+@@ -489,6 +489,7 @@ const char * wpa_ssid_txt(const u8 *ssid, size_t ssid_len);
+ char * wpa_config_parse_string(const char *value, size_t *len);
+ int is_hex(const u8 *data, size_t len);
+ int has_ctrl_char(const u8 *data, size_t len);
++int has_newline(const char *str);
+ size_t merge_byte_arrays(u8 *res, size_t res_len,
+ const u8 *src1, size_t src1_len,
+ const u8 *src2, size_t src2_len);
+diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
+index fdd9643..eb97cd5 100644
+--- a/wpa_supplicant/config.c
++++ b/wpa_supplicant/config.c
+@@ -2699,8 +2699,19 @@ char * wpa_config_get(struct wpa_ssid *ssid, const char *var)
+
+ for (i = 0; i < NUM_SSID_FIELDS; i++) {
+ const struct parse_data *field = &ssid_fields[i];
+- if (os_strcmp(var, field->name) == 0)
+- return field->writer(field, ssid);
++ if (os_strcmp(var, field->name) == 0) {
++ char *ret = field->writer(field, ssid);
++
++ if (ret && has_newline(ret)) {
++ wpa_printf(MSG_ERROR,
++ "Found newline in value for %s; not returning it",
++ var);
++ os_free(ret);
++ ret = NULL;
++ }
++
++ return ret;
++ }
+ }
+
+ return NULL;
+--
+1.9.1
+
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt3.patch b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt3.patch
new file mode 100644
index 0000000000..2dd38fee31
--- /dev/null
+++ b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt3.patch
@@ -0,0 +1,62 @@
+From b166cd84a77a6717be9600bf95378a0055d6f5a5 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@qca.qualcomm.com>
+Date: Tue, 5 Apr 2016 23:33:10 +0300
+Subject: [PATCH 4/5] Reject SET_CRED commands with newline characters in the
+ string values
+
+Most of the cred block parameters are written as strings without
+filtering and if there is an embedded newline character in the value,
+unexpected configuration file data might be written.
+
+This fixes an issue where wpa_supplicant could have updated the
+configuration file cred parameter with arbitrary data from the control
+interface or D-Bus interface. While those interfaces are supposed to be
+accessible only for trusted users/applications, it may be possible that
+an untrusted user has access to a management software component that
+does not validate the credential value before passing it to
+wpa_supplicant.
+
+This could allow such an untrusted user to inject almost arbitrary data
+into the configuration file. Such configuration file could result in
+wpa_supplicant trying to load a library (e.g., opensc_engine_path,
+pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user
+controlled location when starting again. This would allow code from that
+library to be executed under the wpa_supplicant process privileges.
+
+Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
+---
+ wpa_supplicant/config.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
+index eb97cd5..69152ef 100644
+--- a/wpa_supplicant/config.c
++++ b/wpa_supplicant/config.c
+@@ -2896,6 +2896,8 @@ int wpa_config_set_cred(struct wpa_cred *cred, const char *var,
+
+ if (os_strcmp(var, "password") == 0 &&
+ os_strncmp(value, "ext:", 4) == 0) {
++ if (has_newline(value))
++ return -1;
+ str_clear_free(cred->password);
+ cred->password = os_strdup(value);
+ cred->ext_password = 1;
+@@ -2946,9 +2948,14 @@ int wpa_config_set_cred(struct wpa_cred *cred, const char *var,
+ }
+
+ val = wpa_config_parse_string(value, &len);
+- if (val == NULL) {
++ if (val == NULL ||
++ (os_strcmp(var, "excluded_ssid") != 0 &&
++ os_strcmp(var, "roaming_consortium") != 0 &&
++ os_strcmp(var, "required_roaming_consortium") != 0 &&
++ has_newline(val))) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid field '%s' string "
+ "value '%s'.", line, var, value);
++ os_free(val);
+ return -1;
+ }
+
+--
+1.9.1
+
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch
new file mode 100644
index 0000000000..5f42aa9219
--- /dev/null
+++ b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch
@@ -0,0 +1,50 @@
+From 2a3f56502b52375c3bf113cf92adfa99bad6b488 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@qca.qualcomm.com>
+Date: Tue, 5 Apr 2016 23:55:48 +0300
+Subject: [PATCH 5/5] Reject SET commands with newline characters in the
+ string values
+
+Many of the global configuration parameters are written as strings
+without filtering and if there is an embedded newline character in the
+value, unexpected configuration file data might be written.
+
+This fixes an issue where wpa_supplicant could have updated the
+configuration file global parameter with arbitrary data from the control
+interface or D-Bus interface. While those interfaces are supposed to be
+accessible only for trusted users/applications, it may be possible that
+an untrusted user has access to a management software component that
+does not validate the value of a parameter before passing it to
+wpa_supplicant.
+
+This could allow such an untrusted user to inject almost arbitrary data
+into the configuration file. Such configuration file could result in
+wpa_supplicant trying to load a library (e.g., opensc_engine_path,
+pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user
+controlled location when starting again. This would allow code from that
+library to be executed under the wpa_supplicant process privileges.
+
+Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
+---
+ wpa_supplicant/config.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
+index 69152ef..d9a1603 100644
+--- a/wpa_supplicant/config.c
++++ b/wpa_supplicant/config.c
+@@ -3764,6 +3764,12 @@ static int wpa_global_config_parse_str(const struct global_parse_data *data,
+ return -1;
+ }
+
++ if (has_newline(pos)) {
++ wpa_printf(MSG_ERROR, "Line %d: invalid %s value with newline",
++ line, data->name);
++ return -1;
++ }
++
+ tmp = os_strdup(pos);
+ if (tmp == NULL)
+ return -1;
+--
+1.9.1
+
generated by cgit v1.2.3 (git 2.46.2) at 2024-11-15 07:07:17 +0000