summaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/btrfs-progs-e-value-block.patch37
-rw-r--r--gnu/packages/patches/e2fsprogs-glibc-2.27.patch56
-rw-r--r--gnu/packages/patches/eigen-arm-neon-fixes.patch245
-rw-r--r--gnu/packages/patches/extundelete-e2fsprogs-1.44.patch23
-rw-r--r--gnu/packages/patches/gcc-4.8-libsanitizer-fix.patch15
-rw-r--r--gnu/packages/patches/lxc-CVE-2018-6556.patch116
-rw-r--r--gnu/packages/patches/openssh-CVE-2018-15473.patch165
-rw-r--r--gnu/packages/patches/qtoctave-qt-5.11-fix.patch26
-rw-r--r--gnu/packages/patches/racket-fix-xform-issue.patch63
-rw-r--r--gnu/packages/patches/racket-store-checksum-override.patch19
10 files changed, 216 insertions, 549 deletions
diff --git a/gnu/packages/patches/btrfs-progs-e-value-block.patch b/gnu/packages/patches/btrfs-progs-e-value-block.patch
deleted file mode 100644
index 6365146431..0000000000
--- a/gnu/packages/patches/btrfs-progs-e-value-block.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From c78f59a971ce4b543f3177e383b677862b2d9fb5 Mon Sep 17 00:00:00 2001
-From: Qu Wenruo <wqu@suse.com>
-Date: Wed, 14 Mar 2018 08:56:57 +0800
-Subject: [PATCH] btrfs-progs: convert/ext2: Remove check for
- ext2_ext_attr_entry->e_value_block
-
-In latest e2fsprogs (1.44.0) definition of ext2_ext_attr_entry has
-removed member e_value_block, as currently ext* doesn't support it set
-anyway.
-
-So remove such check so that we can pass compile.
-
-Issue: #110
-Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199071
-Signed-off-by: Qu Wenruo <wqu@suse.com>
-Signed-off-by: David Sterba <dsterba@suse.com>
----
- convert/source-ext2.c | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/convert/source-ext2.c b/convert/source-ext2.c
-index b1492c78..070126ec 100644
---- a/convert/source-ext2.c
-+++ b/convert/source-ext2.c
-@@ -422,8 +422,7 @@ static int ext2_xattr_check_entry(struct ext2_ext_attr_entry *entry,
- {
- size_t value_size = entry->e_value_size;
-
-- if (entry->e_value_block != 0 || value_size > size ||
-- entry->e_value_offs + value_size > size)
-+ if (value_size > size || entry->e_value_offs + value_size > size)
- return -EIO;
- return 0;
- }
---
-2.16.3
-
diff --git a/gnu/packages/patches/e2fsprogs-glibc-2.27.patch b/gnu/packages/patches/e2fsprogs-glibc-2.27.patch
deleted file mode 100644
index f0bc7130c0..0000000000
--- a/gnu/packages/patches/e2fsprogs-glibc-2.27.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-Copied from:
-https://github.com/openwrt/openwrt/blob/58a95f0f8ff768b43d68eed2b6a786e0f40f723b/tools/e2fsprogs/patches/005-misc-rename-copy_file_range-to-copy_file_chunk.patch
-
-From 01551bdba16ab16512a01affe02ade32c41ede8a Mon Sep 17 00:00:00 2001
-From: Palmer Dabbelt <palmer@dabbelt.com>
-Date: Fri, 29 Dec 2017 10:19:51 -0800
-Subject: [PATCH] misc: rename copy_file_range to copy_file_chunk
-
-As of 2.27, glibc will have a copy_file_range library call to wrap the
-new copy_file_range system call. This conflicts with the function in
-misc/create_inode.c, which this patch renames _copy_file_range.
-
-Signed-off-by: Palmer Dabbelt <palmer@dabbelt.com>
-Signed-off-by: Theodore Ts'o <tytso@mit.edu>
----
- misc/create_inode.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
---- a/misc/create_inode.c
-+++ b/misc/create_inode.c
-@@ -392,7 +392,7 @@ static ssize_t my_pread(int fd, void *bu
- }
- #endif /* !defined HAVE_PREAD64 && !defined HAVE_PREAD */
-
--static errcode_t copy_file_range(ext2_filsys fs, int fd, ext2_file_t e2_file,
-+static errcode_t copy_file_chunk(ext2_filsys fs, int fd, ext2_file_t e2_file,
- off_t start, off_t end, char *buf,
- char *zerobuf)
- {
-@@ -466,7 +466,7 @@ static errcode_t try_lseek_copy(ext2_fil
-
- data_blk = data & ~(fs->blocksize - 1);
- hole_blk = (hole + (fs->blocksize - 1)) & ~(fs->blocksize - 1);
-- err = copy_file_range(fs, fd, e2_file, data_blk, hole_blk, buf,
-+ err = copy_file_chunk(fs, fd, e2_file, data_blk, hole_blk, buf,
- zerobuf);
- if (err)
- return err;
-@@ -516,7 +516,7 @@ static errcode_t try_fiemap_copy(ext2_fi
- }
- for (i = 0, ext = ext_buf; i < fiemap_buf->fm_mapped_extents;
- i++, ext++) {
-- err = copy_file_range(fs, fd, e2_file, ext->fe_logical,
-+ err = copy_file_chunk(fs, fd, e2_file, ext->fe_logical,
- ext->fe_logical + ext->fe_length,
- buf, zerobuf);
- if (err)
-@@ -569,7 +569,7 @@ static errcode_t copy_file(ext2_filsys f
- goto out;
- #endif
-
-- err = copy_file_range(fs, fd, e2_file, 0, statbuf->st_size, buf,
-+ err = copy_file_chunk(fs, fd, e2_file, 0, statbuf->st_size, buf,
- zerobuf);
- out:
- ext2fs_free_mem(&zerobuf);
diff --git a/gnu/packages/patches/eigen-arm-neon-fixes.patch b/gnu/packages/patches/eigen-arm-neon-fixes.patch
deleted file mode 100644
index 0838f30463..0000000000
--- a/gnu/packages/patches/eigen-arm-neon-fixes.patch
+++ /dev/null
@@ -1,245 +0,0 @@
-# HG changeset patch
-# User Gael Guennebaud <g.gael@free.fr>
-# Date 1497514590 -7200
-# Node ID d781c1de98342c5ca29c2fe719d8d3c96a35dcd4
-# Parent 48cd83b2b459aa9f3f5dca135d38760fe0b02a2f
-Bug 1436: fix compilation of Jacobi rotations with ARM NEON, some specializations of internal::conj_helper were missing.
-
-diff --git a/Eigen/Core b/Eigen/Core
---- a/Eigen/Core
-+++ b/Eigen/Core
-@@ -371,6 +371,7 @@
- #include "src/Core/MathFunctions.h"
- #include "src/Core/GenericPacketMath.h"
- #include "src/Core/MathFunctionsImpl.h"
-+#include "src/Core/arch/Default/ConjHelper.h"
-
- #if defined EIGEN_VECTORIZE_AVX512
- #include "src/Core/arch/SSE/PacketMath.h"
-diff --git a/Eigen/src/Core/arch/AVX/Complex.h b/Eigen/src/Core/arch/AVX/Complex.h
---- a/Eigen/src/Core/arch/AVX/Complex.h
-+++ b/Eigen/src/Core/arch/AVX/Complex.h
-@@ -204,23 +204,7 @@
- }
- };
-
--template<> struct conj_helper<Packet8f, Packet4cf, false,false>
--{
-- EIGEN_STRONG_INLINE Packet4cf pmadd(const Packet8f& x, const Packet4cf& y, const Packet4cf& c) const
-- { return padd(c, pmul(x,y)); }
--
-- EIGEN_STRONG_INLINE Packet4cf pmul(const Packet8f& x, const Packet4cf& y) const
-- { return Packet4cf(Eigen::internal::pmul(x, y.v)); }
--};
--
--template<> struct conj_helper<Packet4cf, Packet8f, false,false>
--{
-- EIGEN_STRONG_INLINE Packet4cf pmadd(const Packet4cf& x, const Packet8f& y, const Packet4cf& c) const
-- { return padd(c, pmul(x,y)); }
--
-- EIGEN_STRONG_INLINE Packet4cf pmul(const Packet4cf& x, const Packet8f& y) const
-- { return Packet4cf(Eigen::internal::pmul(x.v, y)); }
--};
-+EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet4cf,Packet8f)
-
- template<> EIGEN_STRONG_INLINE Packet4cf pdiv<Packet4cf>(const Packet4cf& a, const Packet4cf& b)
- {
-@@ -400,23 +384,7 @@
- }
- };
-
--template<> struct conj_helper<Packet4d, Packet2cd, false,false>
--{
-- EIGEN_STRONG_INLINE Packet2cd pmadd(const Packet4d& x, const Packet2cd& y, const Packet2cd& c) const
-- { return padd(c, pmul(x,y)); }
--
-- EIGEN_STRONG_INLINE Packet2cd pmul(const Packet4d& x, const Packet2cd& y) const
-- { return Packet2cd(Eigen::internal::pmul(x, y.v)); }
--};
--
--template<> struct conj_helper<Packet2cd, Packet4d, false,false>
--{
-- EIGEN_STRONG_INLINE Packet2cd pmadd(const Packet2cd& x, const Packet4d& y, const Packet2cd& c) const
-- { return padd(c, pmul(x,y)); }
--
-- EIGEN_STRONG_INLINE Packet2cd pmul(const Packet2cd& x, const Packet4d& y) const
-- { return Packet2cd(Eigen::internal::pmul(x.v, y)); }
--};
-+EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet2cd,Packet4d)
-
- template<> EIGEN_STRONG_INLINE Packet2cd pdiv<Packet2cd>(const Packet2cd& a, const Packet2cd& b)
- {
-diff --git a/Eigen/src/Core/arch/AltiVec/Complex.h b/Eigen/src/Core/arch/AltiVec/Complex.h
---- a/Eigen/src/Core/arch/AltiVec/Complex.h
-+++ b/Eigen/src/Core/arch/AltiVec/Complex.h
-@@ -224,23 +224,7 @@
- }
- };
-
--template<> struct conj_helper<Packet4f, Packet2cf, false,false>
--{
-- EIGEN_STRONG_INLINE Packet2cf pmadd(const Packet4f& x, const Packet2cf& y, const Packet2cf& c) const
-- { return padd(c, pmul(x,y)); }
--
-- EIGEN_STRONG_INLINE Packet2cf pmul(const Packet4f& x, const Packet2cf& y) const
-- { return Packet2cf(internal::pmul<Packet4f>(x, y.v)); }
--};
--
--template<> struct conj_helper<Packet2cf, Packet4f, false,false>
--{
-- EIGEN_STRONG_INLINE Packet2cf pmadd(const Packet2cf& x, const Packet4f& y, const Packet2cf& c) const
-- { return padd(c, pmul(x,y)); }
--
-- EIGEN_STRONG_INLINE Packet2cf pmul(const Packet2cf& x, const Packet4f& y) const
-- { return Packet2cf(internal::pmul<Packet4f>(x.v, y)); }
--};
-+EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet2cf,Packet4f)
-
- template<> EIGEN_STRONG_INLINE Packet2cf pdiv<Packet2cf>(const Packet2cf& a, const Packet2cf& b)
- {
-@@ -416,23 +400,8 @@
- return pconj(internal::pmul(a, b));
- }
- };
--template<> struct conj_helper<Packet2d, Packet1cd, false,false>
--{
-- EIGEN_STRONG_INLINE Packet1cd pmadd(const Packet2d& x, const Packet1cd& y, const Packet1cd& c) const
-- { return padd(c, pmul(x,y)); }
-
-- EIGEN_STRONG_INLINE Packet1cd pmul(const Packet2d& x, const Packet1cd& y) const
-- { return Packet1cd(internal::pmul<Packet2d>(x, y.v)); }
--};
--
--template<> struct conj_helper<Packet1cd, Packet2d, false,false>
--{
-- EIGEN_STRONG_INLINE Packet1cd pmadd(const Packet1cd& x, const Packet2d& y, const Packet1cd& c) const
-- { return padd(c, pmul(x,y)); }
--
-- EIGEN_STRONG_INLINE Packet1cd pmul(const Packet1cd& x, const Packet2d& y) const
-- { return Packet1cd(internal::pmul<Packet2d>(x.v, y)); }
--};
-+EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet1cd,Packet2d)
-
- template<> EIGEN_STRONG_INLINE Packet1cd pdiv<Packet1cd>(const Packet1cd& a, const Packet1cd& b)
- {
-diff --git a/Eigen/src/Core/arch/Default/ConjHelper.h b/Eigen/src/Core/arch/Default/ConjHelper.h
-new file mode 100644
---- /dev/null
-+++ b/Eigen/src/Core/arch/Default/ConjHelper.h
-@@ -0,0 +1,29 @@
-+
-+// This file is part of Eigen, a lightweight C++ template library
-+// for linear algebra.
-+//
-+// Copyright (C) 2017 Gael Guennebaud <gael.guennebaud@inria.fr>
-+//
-+// This Source Code Form is subject to the terms of the Mozilla
-+// Public License v. 2.0. If a copy of the MPL was not distributed
-+// with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
-+
-+#ifndef EIGEN_ARCH_CONJ_HELPER_H
-+#define EIGEN_ARCH_CONJ_HELPER_H
-+
-+#define EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(PACKET_CPLX, PACKET_REAL) \
-+ template<> struct conj_helper<PACKET_REAL, PACKET_CPLX, false,false> { \
-+ EIGEN_STRONG_INLINE PACKET_CPLX pmadd(const PACKET_REAL& x, const PACKET_CPLX& y, const PACKET_CPLX& c) const \
-+ { return padd(c, pmul(x,y)); } \
-+ EIGEN_STRONG_INLINE PACKET_CPLX pmul(const PACKET_REAL& x, const PACKET_CPLX& y) const \
-+ { return PACKET_CPLX(Eigen::internal::pmul<PACKET_REAL>(x, y.v)); } \
-+ }; \
-+ \
-+ template<> struct conj_helper<PACKET_CPLX, PACKET_REAL, false,false> { \
-+ EIGEN_STRONG_INLINE PACKET_CPLX pmadd(const PACKET_CPLX& x, const PACKET_REAL& y, const PACKET_CPLX& c) const \
-+ { return padd(c, pmul(x,y)); } \
-+ EIGEN_STRONG_INLINE PACKET_CPLX pmul(const PACKET_CPLX& x, const PACKET_REAL& y) const \
-+ { return PACKET_CPLX(Eigen::internal::pmul<PACKET_REAL>(x.v, y)); } \
-+ };
-+
-+#endif // EIGEN_ARCH_CONJ_HELPER_H
-diff --git a/Eigen/src/Core/arch/NEON/Complex.h b/Eigen/src/Core/arch/NEON/Complex.h
---- a/Eigen/src/Core/arch/NEON/Complex.h
-+++ b/Eigen/src/Core/arch/NEON/Complex.h
-@@ -265,6 +265,8 @@
- }
- };
-
-+EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet2cf,Packet4f)
-+
- template<> EIGEN_STRONG_INLINE Packet2cf pdiv<Packet2cf>(const Packet2cf& a, const Packet2cf& b)
- {
- // TODO optimize it for NEON
-@@ -456,6 +458,8 @@
- }
- };
-
-+EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet1cd,Packet2d)
-+
- template<> EIGEN_STRONG_INLINE Packet1cd pdiv<Packet1cd>(const Packet1cd& a, const Packet1cd& b)
- {
- // TODO optimize it for NEON
-diff --git a/Eigen/src/Core/arch/SSE/Complex.h b/Eigen/src/Core/arch/SSE/Complex.h
---- a/Eigen/src/Core/arch/SSE/Complex.h
-+++ b/Eigen/src/Core/arch/SSE/Complex.h
-@@ -229,23 +229,7 @@
- }
- };
-
--template<> struct conj_helper<Packet4f, Packet2cf, false,false>
--{
-- EIGEN_STRONG_INLINE Packet2cf pmadd(const Packet4f& x, const Packet2cf& y, const Packet2cf& c) const
-- { return padd(c, pmul(x,y)); }
--
-- EIGEN_STRONG_INLINE Packet2cf pmul(const Packet4f& x, const Packet2cf& y) const
-- { return Packet2cf(Eigen::internal::pmul<Packet4f>(x, y.v)); }
--};
--
--template<> struct conj_helper<Packet2cf, Packet4f, false,false>
--{
-- EIGEN_STRONG_INLINE Packet2cf pmadd(const Packet2cf& x, const Packet4f& y, const Packet2cf& c) const
-- { return padd(c, pmul(x,y)); }
--
-- EIGEN_STRONG_INLINE Packet2cf pmul(const Packet2cf& x, const Packet4f& y) const
-- { return Packet2cf(Eigen::internal::pmul<Packet4f>(x.v, y)); }
--};
-+EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet2cf,Packet4f)
-
- template<> EIGEN_STRONG_INLINE Packet2cf pdiv<Packet2cf>(const Packet2cf& a, const Packet2cf& b)
- {
-@@ -430,23 +414,7 @@
- }
- };
-
--template<> struct conj_helper<Packet2d, Packet1cd, false,false>
--{
-- EIGEN_STRONG_INLINE Packet1cd pmadd(const Packet2d& x, const Packet1cd& y, const Packet1cd& c) const
-- { return padd(c, pmul(x,y)); }
--
-- EIGEN_STRONG_INLINE Packet1cd pmul(const Packet2d& x, const Packet1cd& y) const
-- { return Packet1cd(Eigen::internal::pmul<Packet2d>(x, y.v)); }
--};
--
--template<> struct conj_helper<Packet1cd, Packet2d, false,false>
--{
-- EIGEN_STRONG_INLINE Packet1cd pmadd(const Packet1cd& x, const Packet2d& y, const Packet1cd& c) const
-- { return padd(c, pmul(x,y)); }
--
-- EIGEN_STRONG_INLINE Packet1cd pmul(const Packet1cd& x, const Packet2d& y) const
-- { return Packet1cd(Eigen::internal::pmul<Packet2d>(x.v, y)); }
--};
-+EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet1cd,Packet2d)
-
- template<> EIGEN_STRONG_INLINE Packet1cd pdiv<Packet1cd>(const Packet1cd& a, const Packet1cd& b)
- {
-diff --git a/Eigen/src/Core/arch/ZVector/Complex.h b/Eigen/src/Core/arch/ZVector/Complex.h
---- a/Eigen/src/Core/arch/ZVector/Complex.h
-+++ b/Eigen/src/Core/arch/ZVector/Complex.h
-@@ -336,6 +336,9 @@
- }
- };
-
-+EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet2cf,Packet4f)
-+EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet1cd,Packet2d)
-+
- template<> EIGEN_STRONG_INLINE Packet1cd pdiv<Packet1cd>(const Packet1cd& a, const Packet1cd& b)
- {
- // TODO optimize it for AltiVec
diff --git a/gnu/packages/patches/extundelete-e2fsprogs-1.44.patch b/gnu/packages/patches/extundelete-e2fsprogs-1.44.patch
new file mode 100644
index 0000000000..5a93a39b23
--- /dev/null
+++ b/gnu/packages/patches/extundelete-e2fsprogs-1.44.patch
@@ -0,0 +1,23 @@
+From: Tobias Geerinckx-Rice <me@tobias.gr>
+Date: Thu, 16 Aug 2018 21:12:30 +0200
+Subject: extundelete: Fix build with e2fsprogs 1.44.
+
+The ‘inode.i_file_acl’ field was replaced with ‘inode.i_size_high’. I'm
+not sure the field name is still accurate or useful, so don't print it
+at all.
+
+Based on this[0] patch by ‘conikost’[1].
+
+[0]: https://sourceforge.net/p/extundelete/tickets/5/
+[1]: https://sourceforge.net/u/conikost
+
+--- a/src/insertionops.cc 2012-12-30 18:23:32.000000000 +0100
++++ b/src/insertionops.cc 2018-05-07 22:58:13.065868723 +0200
+@@ -33,7 +33,6 @@
+ os << "File flags: " << inode.i_flags << std::endl;
+ os << "File version (for NFS): " << inode.i_generation << std::endl;
+ os << "File ACL: " << inode.i_file_acl << std::endl;
+- os << "Directory ACL: " << inode.i_dir_acl << std::endl;
+ os << "Fragment address: " << inode.i_faddr << std::endl;
+ os << "Direct blocks: ";
+ for (int n = 0; n < EXT2_NDIR_BLOCKS; n++)
diff --git a/gnu/packages/patches/gcc-4.8-libsanitizer-fix.patch b/gnu/packages/patches/gcc-4.8-libsanitizer-fix.patch
new file mode 100644
index 0000000000..86a3ee912d
--- /dev/null
+++ b/gnu/packages/patches/gcc-4.8-libsanitizer-fix.patch
@@ -0,0 +1,15 @@
+This is a backport of part of this patch from 6.5 to 4.8:
+
+ https://gcc.gnu.org/git/?p=gcc.git;a=patch;h=8937b94d1a643fd9760714642296d034a45254a8
+
+--- a/libsanitizer/tsan/tsan_platform_linux.cc
++++ b/libsanitizer/tsan/tsan_platform_linux.cc
+@@ -351,7 +351,7 @@ bool IsGlobalVar(uptr addr) {
+ // closes within glibc. The code is a pure hack.
+ int ExtractResolvFDs(void *state, int *fds, int nfd) {
+ int cnt = 0;
+- __res_state *statp = (__res_state*)state;
++ struct __res_state *statp = (struct __res_state*)state;
+ for (int i = 0; i < MAXNS && cnt < nfd; i++) {
+ if (statp->_u._ext.nsaddrs[i] && statp->_u._ext.nssocks[i] != -1)
+ fds[cnt++] = statp->_u._ext.nssocks[i];
diff --git a/gnu/packages/patches/lxc-CVE-2018-6556.patch b/gnu/packages/patches/lxc-CVE-2018-6556.patch
deleted file mode 100644
index 7eab7101f1..0000000000
--- a/gnu/packages/patches/lxc-CVE-2018-6556.patch
+++ /dev/null
@@ -1,116 +0,0 @@
-Fix CVE-2018-6556:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6556
-https://bugzilla.suse.com/show_bug.cgi?id=988348#c8
-
-Patch copied from upstream source repository:
-
-https://github.com/lxc/lxc/commit/c1cf54ebf251fdbad1e971679614e81649f1c032
-
-From c1cf54ebf251fdbad1e971679614e81649f1c032 Mon Sep 17 00:00:00 2001
-From: Christian Brauner <christian.brauner@ubuntu.com>
-Date: Wed, 25 Jul 2018 19:56:54 +0200
-Subject: [PATCH] CVE 2018-6556: verify netns fd in lxc-user-nic
-
-Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
----
- src/lxc/cmd/lxc_user_nic.c | 35 ++++++++++++++++++++++++++++++++---
- src/lxc/utils.c | 12 ++++++++++++
- src/lxc/utils.h | 5 +++++
- 3 files changed, 49 insertions(+), 3 deletions(-)
-
-diff --git a/src/lxc/cmd/lxc_user_nic.c b/src/lxc/cmd/lxc_user_nic.c
-index ec9cd97e0..c5beb6c8d 100644
---- a/src/lxc/cmd/lxc_user_nic.c
-+++ b/src/lxc/cmd/lxc_user_nic.c
-@@ -1179,12 +1179,41 @@ int main(int argc, char *argv[])
- exit(EXIT_FAILURE);
- }
- } else if (request == LXC_USERNIC_DELETE) {
-- netns_fd = open(args.pid, O_RDONLY);
-+ char opath[LXC_PROC_PID_FD_LEN];
-+
-+ /* Open the path with O_PATH which will not trigger an actual
-+ * open(). Don't report an errno to the caller to not leak
-+ * information whether the path exists or not.
-+ * When stracing setuid is stripped so this is not a concern
-+ * either.
-+ */
-+ netns_fd = open(args.pid, O_PATH | O_CLOEXEC);
- if (netns_fd < 0) {
-- usernic_error("Could not open \"%s\": %s\n", args.pid,
-- strerror(errno));
-+ usernic_error("Failed to open \"%s\"\n", args.pid);
-+ exit(EXIT_FAILURE);
-+ }
-+
-+ if (!fhas_fs_type(netns_fd, NSFS_MAGIC)) {
-+ usernic_error("Path \"%s\" does not refer to a network namespace path\n", args.pid);
-+ close(netns_fd);
-+ exit(EXIT_FAILURE);
-+ }
-+
-+ ret = snprintf(opath, sizeof(opath), "/proc/self/fd/%d", netns_fd);
-+ if (ret < 0 || (size_t)ret >= sizeof(opath)) {
-+ close(netns_fd);
-+ exit(EXIT_FAILURE);
-+ }
-+
-+ /* Now get an fd that we can use in setns() calls. */
-+ ret = open(opath, O_RDONLY | O_CLOEXEC);
-+ if (ret < 0) {
-+ usernic_error("Failed to open \"%s\": %s\n", args.pid, strerror(errno));
-+ close(netns_fd);
- exit(EXIT_FAILURE);
- }
-+ close(netns_fd);
-+ netns_fd = ret;
- }
-
- if (!create_db_dir(LXC_USERNIC_DB)) {
-diff --git a/src/lxc/utils.c b/src/lxc/utils.c
-index 530b1f81a..3b854e35b 100644
---- a/src/lxc/utils.c
-+++ b/src/lxc/utils.c
-@@ -2544,6 +2544,18 @@ bool has_fs_type(const char *path, fs_type_magic magic_val)
- return has_type;
- }
-
-+bool fhas_fs_type(int fd, fs_type_magic magic_val)
-+{
-+ int ret;
-+ struct statfs sb;
-+
-+ ret = fstatfs(fd, &sb);
-+ if (ret < 0)
-+ return false;
-+
-+ return is_fs_type(&sb, magic_val);
-+}
-+
- bool lxc_nic_exists(char *nic)
- {
- #define __LXC_SYS_CLASS_NET_LEN 15 + IFNAMSIZ + 1
-diff --git a/src/lxc/utils.h b/src/lxc/utils.h
-index 6a0bebded..0805f5d0d 100644
---- a/src/lxc/utils.h
-+++ b/src/lxc/utils.h
-@@ -95,6 +95,10 @@
- #define CGROUP2_SUPER_MAGIC 0x63677270
- #endif
-
-+#ifndef NSFS_MAGIC
-+#define NSFS_MAGIC 0x6e736673
-+#endif
-+
- /* Useful macros */
- /* Maximum number for 64 bit integer is a string with 21 digits: 2^64 - 1 = 21 */
- #define LXC_NUMSTRLEN64 21
-@@ -580,6 +584,7 @@ extern void *must_realloc(void *orig, size_t sz);
- /* __typeof__ should be safe to use with all compilers. */
- typedef __typeof__(((struct statfs *)NULL)->f_type) fs_type_magic;
- extern bool has_fs_type(const char *path, fs_type_magic magic_val);
-+extern bool fhas_fs_type(int fd, fs_type_magic magic_val);
- extern bool is_fs_type(const struct statfs *fs, fs_type_magic magic_val);
- extern bool lxc_nic_exists(char *nic);
- extern int lxc_make_tmpfile(char *template, bool rm);
diff --git a/gnu/packages/patches/openssh-CVE-2018-15473.patch b/gnu/packages/patches/openssh-CVE-2018-15473.patch
new file mode 100644
index 0000000000..26b2dc59c3
--- /dev/null
+++ b/gnu/packages/patches/openssh-CVE-2018-15473.patch
@@ -0,0 +1,165 @@
+Fix CVE-2018-15473, a method by which remote clients can enumerate
+usernames on the server:
+
+http://seclists.org/oss-sec/2018/q3/124
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15473
+
+Patch adapted from upstream source repository:
+
+https://anongit.mindrot.org/openssh.git/commit/?id=74287f5df9966a0648b4a68417451dd18f079ab8
+
+From 74287f5df9966a0648b4a68417451dd18f079ab8 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Tue, 31 Jul 2018 03:10:27 +0000
+Subject: [PATCH] upstream: delay bailout for invalid authentic
+
+=?UTF-8?q?ating=20user=20until=20after=20the=20packet=20containing=20the?=
+=?UTF-8?q?=20request=20has=20been=20fully=20parsed.=20Reported=20by=20Dar?=
+=?UTF-8?q?iusz=20Tytko=20and=20Micha=C5=82=20Sajdak;=20ok=20deraadt?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+OpenBSD-Commit-ID: b4891882fbe413f230fe8ac8a37349b03bd0b70d
+---
+ auth2-gss.c | 11 +++++++----
+ auth2-hostbased.c | 11 ++++++-----
+ auth2-pubkey.c | 25 +++++++++++++++----------
+ 3 files changed, 28 insertions(+), 19 deletions(-)
+
+# Adapted from upstream to apply to OpenSSH 7.7p1.
+diff --git a/auth2-gss.c b/auth2-gss.c
+index 589283b7..1d7cfb39 100644
+--- a/auth2-gss.c
++++ b/auth2-gss.c
+@@ -69,9 +69,6 @@ userauth_gssapi(struct ssh *ssh)
+ u_int len;
+ u_char *doid = NULL;
+
+- if (!authctxt->valid || authctxt->user == NULL)
+- return (0);
+-
+ mechs = packet_get_int();
+ if (mechs == 0) {
+ debug("Mechanism negotiation is not supported");
+diff --git a/auth2-gss.c b/auth2-gss.c
+index 47308c5c..9351e042 100644
+--- a/auth2-gss.c
++++ b/auth2-gss.c
+@@ -106,6 +103,12 @@ userauth_gssapi(struct ssh *ssh)
+ return (0);
+ }
+
++ if (!authctxt->valid || authctxt->user == NULL) {
++ debug2("%s: disabled because of invalid user", __func__);
++ free(doid);
++ return (0);
++ }
++
+ if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) {
+ if (ctxt != NULL)
+ ssh_gssapi_delete_ctx(&ctxt);
+diff --git a/auth2-hostbased.c b/auth2-hostbased.c
+index 60159a56..35939329 100644
+--- a/auth2-hostbased.c
++++ b/auth2-hostbased.c
+@@ -67,10 +67,6 @@ userauth_hostbased(struct ssh *ssh)
+ size_t alen, blen, slen;
+ int r, pktype, authenticated = 0;
+
+- if (!authctxt->valid) {
+- debug2("%s: disabled because of invalid user", __func__);
+- return 0;
+- }
+ /* XXX use sshkey_froms() */
+ if ((r = sshpkt_get_cstring(ssh, &pkalg, &alen)) != 0 ||
+ (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0 ||
+@@ -117,6 +113,11 @@ userauth_hostbased(struct ssh *ssh)
+ goto done;
+ }
+
++ if (!authctxt->valid || authctxt->user == NULL) {
++ debug2("%s: disabled because of invalid user", __func__);
++ goto done;
++ }
++
+ if ((b = sshbuf_new()) == NULL)
+ fatal("%s: sshbuf_new failed", __func__);
+ /* reconstruct packet */
+diff --git a/auth2-pubkey.c b/auth2-pubkey.c
+index c4d0f790..e1c15040 100644
+--- a/auth2-pubkey.c
++++ b/auth2-pubkey.c
+@@ -89,19 +89,15 @@ userauth_pubkey(struct ssh *ssh)
+ {
+ Authctxt *authctxt = ssh->authctxt;
+ struct passwd *pw = authctxt->pw;
+- struct sshbuf *b;
++ struct sshbuf *b = NULL;
+ struct sshkey *key = NULL;
+- char *pkalg, *userstyle = NULL, *key_s = NULL, *ca_s = NULL;
+- u_char *pkblob, *sig, have_sig;
++ char *pkalg = NULL, *userstyle = NULL, *key_s = NULL, *ca_s = NULL;
++ u_char *pkblob = NULL, *sig = NULL, have_sig;
+ size_t blen, slen;
+ int r, pktype;
+ int authenticated = 0;
+ struct sshauthopt *authopts = NULL;
+
+- if (!authctxt->valid) {
+- debug2("%s: disabled because of invalid user", __func__);
+- return 0;
+- }
+ if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 ||
+ (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 ||
+ (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0)
+@@ -167,6 +163,11 @@ userauth_pubkey(struct ssh *ssh)
+ fatal("%s: sshbuf_put_string session id: %s",
+ __func__, ssh_err(r));
+ }
++ if (!authctxt->valid || authctxt->user == NULL) {
++ debug2("%s: disabled because of invalid user",
++ __func__);
++ goto done;
++ }
+ /* reconstruct packet */
+ xasprintf(&userstyle, "%s%s%s", authctxt->user,
+ authctxt->style ? ":" : "",
+@@ -183,7 +184,6 @@ userauth_pubkey(struct ssh *ssh)
+ #ifdef DEBUG_PK
+ sshbuf_dump(b, stderr);
+ #endif
+-
+ /* test for correct signature */
+ authenticated = 0;
+ if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) &&
+@@ -194,7 +194,6 @@ userauth_pubkey(struct ssh *ssh)
+ authenticated = 1;
+ }
+ sshbuf_free(b);
+- free(sig);
+ auth2_record_key(authctxt, authenticated, key);
+ } else {
+ debug("%s: test pkalg %s pkblob %s%s%s",
+@@ -205,6 +204,11 @@ userauth_pubkey(struct ssh *ssh)
+ if ((r = sshpkt_get_end(ssh)) != 0)
+ fatal("%s: %s", __func__, ssh_err(r));
+
++ if (!authctxt->valid || authctxt->user == NULL) {
++ debug2("%s: disabled because of invalid user",
++ __func__);
++ goto done;
++ }
+ /* XXX fake reply and always send PK_OK ? */
+ /*
+ * XXX this allows testing whether a user is allowed
+@@ -238,6 +242,7 @@ done:
+ free(pkblob);
+ free(key_s);
+ free(ca_s);
++ free(sig);
+ return authenticated;
+ }
+
+--
+2.18.0
diff --git a/gnu/packages/patches/qtoctave-qt-5.11-fix.patch b/gnu/packages/patches/qtoctave-qt-5.11-fix.patch
deleted file mode 100644
index 67317d1b36..0000000000
--- a/gnu/packages/patches/qtoctave-qt-5.11-fix.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-This patch comes from upstream:
-https://hg.savannah.gnu.org/hgweb/octave/rev/cdaa884568b1.
-
-# HG changeset patch
-# User Mike Miller <mtmiller@octave.org>
-# Date 1527214835 25200
-# Node ID cdaa884568b159549bd373f04386ff62417f6df9
-# Parent 9e39a53b4e007d3f79f88b711ab9fa5f2f24fbc9
-add Qt include needed to build against Qt 5.11 (bug #53978)
-
-* settings-dialog.cc: Add missing include for <QButtonGroup> to fix build
-failure with Qt 5.11.
-
-diff --git a/libgui/src/settings-dialog.cc b/libgui/src/settings-dialog.cc
---- a/libgui/src/settings-dialog.cc
-+++ b/libgui/src/settings-dialog.cc
-@@ -34,6 +34,8 @@
- #include "workspace-model.h"
- #include "settings-dialog.h"
- #include "ui-settings-dialog.h"
-+
-+#include <QButtonGroup>
- #include <QDir>
- #include <QFileInfo>
- #include <QFileDialog>
-
diff --git a/gnu/packages/patches/racket-fix-xform-issue.patch b/gnu/packages/patches/racket-fix-xform-issue.patch
deleted file mode 100644
index 0a1640ee51..0000000000
--- a/gnu/packages/patches/racket-fix-xform-issue.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-050cdb59839896b41431791f8ee0ef2564231b8f
-Author: Matthew Flatt <mflatt@racket-lang.org>
-AuthorDate: Tue Mar 6 09:05:08 2018 -0700
-Commit: Matthew Flatt <mflatt@racket-lang.org>
-CommitDate: Tue Mar 6 09:05:08 2018 -0700
-
-Parent: efb9a919fc ffi docs: clarification on `unsafe-socket->port`
-Containing: master
-Follows: v5.0.1 (21612)
-
-xform: avoid problems with `__signbitf128`
-
-Closes #1962 and uses the suggested patch there, among other changes.
-
-2 files changed, 6 insertions(+), 3 deletions(-)
-racket/collects/compiler/private/xform.rkt | 2 +-
-racket/src/racket/src/number.c | 7 +++++--
-
-diff --git a/racket/collects/compiler/private/xform.rkt b/racket/collects/compiler/private/xform.rkt
-index 28a425c057..89ae848f9c 100644
---- a/collects/compiler/private/xform.rkt
-+++ b/collects/compiler/private/xform.rkt
-@@ -904,7 +904,7 @@
-
- strlen cos cosl sin sinl exp expl pow powl log logl sqrt sqrtl atan2 atan2l frexp
- isnan isinf fpclass signbit _signbit _fpclass __fpclassify __fpclassifyf __fpclassifyl
-- _isnan __isfinited __isnanl __isnan __signbit __signbitf __signbitd __signbitl
-+ _isnan __isfinited __isnanl __isnan __signbit __signbitf __signbitd __signbitl __signbitf128
- __isinff __isinfl isnanf isinff __isinfd __isnanf __isnand __isinf __isinff128
- __inline_isnanl __inline_isnan __inline_signbit __inline_signbitf __inline_signbitd __inline_signbitl
- __builtin_popcount __builtin_clz __builtin_isnan __builtin_isinf __builtin_signbit
-diff --git a/racket/src/racket/src/number.c b/racket/src/racket/src/number.c
-index 71f42aaf3c..3bbad3ba83 100644
---- a/src/racket/src/number.c
-+++ b/src/racket/src/number.c
-@@ -1796,6 +1796,7 @@ double scheme_real_to_double(Scheme_Object *r)
- }
-
- XFORM_NONGCING static MZ_INLINE int minus_zero_p(double d)
-+ XFORM_SKIP_PROC
- {
- #ifdef MZ_IS_NEG_ZERO
- return MZ_IS_NEG_ZERO(d);
-@@ -1809,7 +1810,9 @@ int scheme_minus_zero_p(double d)
- return minus_zero_p(d);
- }
-
--static int rational_dbl_p(double f) {
-+XFORM_NONGCING static int rational_dbl_p(double f)
-+ XFORM_SKIP_PROC
-+{
- return !(MZ_IS_NAN(f)
- || MZ_IS_INFINITY(f));
- }
-@@ -1955,7 +1958,7 @@ real_p(int argc, Scheme_Object *argv[])
- return (SCHEME_REALP(o) ? scheme_true : scheme_false);
- }
-
--static int is_rational(const Scheme_Object *o)
-+XFORM_NONGCING static int is_rational(const Scheme_Object *o)
- {
- if (SCHEME_FLOATP(o))
- return rational_dbl_p(SCHEME_FLOAT_VAL(o)); \ No newline at end of file
diff --git a/gnu/packages/patches/racket-store-checksum-override.patch b/gnu/packages/patches/racket-store-checksum-override.patch
index b22facca0d..6c9cd5198a 100644
--- a/gnu/packages/patches/racket-store-checksum-override.patch
+++ b/gnu/packages/patches/racket-store-checksum-override.patch
@@ -7,19 +7,23 @@ because the store is immutable. This patch makes Racket ignore
checksums for files in the store.
See <https://debbugs.gnu.org/30680> for details.
+---
+ collects/compiler/private/cm-minimal.rkt | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
-diff -ruN racket-6.12/collects/compiler/cm.rkt racket-6.12-patched/collects/compiler/cm.rkt
---- racket-6.12/collects/compiler/cm.rkt 1969-12-31 19:00:00.000000000 -0500
-+++ racket-6.12-patched/collects/compiler/cm.rkt 2018-08-12 06:36:46.061142149 -0400
+diff --git a/collects/compiler/private/cm-minimal.rkt b/collects/compiler/private/cm-minimal.rkt
+index a5a5407..15af6b8 100644
+--- a/collects/compiler/private/cm-minimal.rkt
++++ b/collects/compiler/private/cm-minimal.rkt
@@ -7,6 +7,7 @@
racket/list
racket/path
racket/promise
+ racket/string
openssl/sha1
- racket/place
setup/collects
-@@ -627,6 +628,10 @@
+ compiler/compilation-path
+@@ -543,6 +544,10 @@
#f
(list src-hash recorded-hash)))
@@ -30,7 +34,7 @@ diff -ruN racket-6.12/collects/compiler/cm.rkt racket-6.12-patched/collects/comp
(define (rkt->ss p)
(if (path-has-extension? p #".rkt")
(path-replace-extension p #".ss")
-@@ -679,7 +684,8 @@
+@@ -595,7 +600,8 @@
(trace-printf "newer src... ~a > ~a" path-time path-zo-time)
;; If `sha1-only?', then `maybe-compile-zo' returns a #f or thunk:
(maybe-compile-zo sha1-only? deps path->mode roots path orig-path read-src-syntax up-to-date collection-cache new-seen)]
@@ -40,3 +44,6 @@ diff -ruN racket-6.12/collects/compiler/cm.rkt racket-6.12-patched/collects/comp
=> (lambda (difference)
(trace-printf "different src hash... ~a" difference)
;; If `sha1-only?', then `maybe-compile-zo' returns a #f or thunk:
+--
+2.18.0
+