diff options
Diffstat (limited to 'gnu/packages/patches')
44 files changed, 2425 insertions, 1434 deletions
diff --git a/gnu/packages/patches/alsa-lib-mips-atomic-fix.patch b/gnu/packages/patches/alsa-lib-mips-atomic-fix.patch deleted file mode 100644 index 8c37bd3ac4..0000000000 --- a/gnu/packages/patches/alsa-lib-mips-atomic-fix.patch +++ /dev/null @@ -1,42 +0,0 @@ -Fix the declarations of inlined atomic ops for mips. - -This patch was copied from Debian. - ---- alsa-lib/include/iatomic.h.orig 2013-05-21 04:48:28.000000000 -0400 -+++ alsa-lib/include/iatomic.h 2013-10-29 13:01:37.055995968 -0400 -@@ -720,7 +720,7 @@ - * Atomically adds @i to @v. Note that the guaranteed useful range - * of an atomic_t is only 24 bits. - */ --extern __inline__ void atomic_add(int i, atomic_t * v) -+static __inline__ void atomic_add(int i, atomic_t * v) - { - unsigned long temp; - -@@ -744,7 +744,7 @@ - * Atomically subtracts @i from @v. Note that the guaranteed - * useful range of an atomic_t is only 24 bits. - */ --extern __inline__ void atomic_sub(int i, atomic_t * v) -+static __inline__ void atomic_sub(int i, atomic_t * v) - { - unsigned long temp; - -@@ -763,7 +763,7 @@ - /* - * Same as above, but return the result value - */ --extern __inline__ int atomic_add_return(int i, atomic_t * v) -+static __inline__ int atomic_add_return(int i, atomic_t * v) - { - unsigned long temp, result; - -@@ -784,7 +784,7 @@ - return result; - } - --extern __inline__ int atomic_sub_return(int i, atomic_t * v) -+static __inline__ int atomic_sub_return(int i, atomic_t * v) - { - unsigned long temp, result; - diff --git a/gnu/packages/patches/coreutils-fix-cross-compilation.patch b/gnu/packages/patches/coreutils-fix-cross-compilation.patch new file mode 100644 index 0000000000..3f0d35c33e --- /dev/null +++ b/gnu/packages/patches/coreutils-fix-cross-compilation.patch @@ -0,0 +1,15 @@ +Coreutils fails to cross compile for other platforms because cu_install_program +is not being evaluated properly. This patch fixes it. +See <https://lists.gnu.org/archive/html/coreutils/2017-01/msg00039.html> +--- a/Makefile.in ++++ b/Makefile.in +@@ -5023,7 +5023,7 @@ pr = progs-readme + @CROSS_COMPILING_FALSE@cu_install_program = src/ginstall + + # Use the just-built 'ginstall', when not cross-compiling. +-@CROSS_COMPILING_TRUE@cu_install_program = @INSTALL_PROGRAM@ ++@CROSS_COMPILING_TRUE@cu_install_program := @INSTALL@ + info_TEXINFOS = doc/coreutils.texi + doc_coreutils_TEXINFOS = \ + doc/perm.texi \ + diff --git a/gnu/packages/patches/eudev-conflicting-declaration.patch b/gnu/packages/patches/eudev-conflicting-declaration.patch new file mode 100644 index 0000000000..f5399e20d3 --- /dev/null +++ b/gnu/packages/patches/eudev-conflicting-declaration.patch @@ -0,0 +1,31 @@ +Fix build failure due to conflicting declaration of +keyboard_lookup_key() in gperf-3.1: + +https://bugs.gentoo.org/show_bug.cgi?id=604864 + +Patch copied from upstream source repository: + +https://github.com/gentoo/eudev/commit/5bab4d8de0dcbb8e2e7d4d5125b4aea1652a0d60 + +From 5bab4d8de0dcbb8e2e7d4d5125b4aea1652a0d60 Mon Sep 17 00:00:00 2001 +From: "Anthony G. Basile" <blueness@gentoo.org> +Date: Thu, 5 Jan 2017 16:21:17 -0500 +Subject: [PATCH] src/udev/udev-builtin-keyboard.c: fix build with gperf 3.1 + +Signed-off-by: Anthony G. Basile <blueness@gentoo.org> +--- + src/udev/udev-builtin-keyboard.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/udev/udev-builtin-keyboard.c b/src/udev/udev-builtin-keyboard.c +index 73171c3..fad3520 100644 +--- a/src/udev/udev-builtin-keyboard.c ++++ b/src/udev/udev-builtin-keyboard.c +@@ -28,7 +28,6 @@ + + #include "udev.h" + +-static const struct key *keyboard_lookup_key(const char *str, unsigned len); + #include "keyboard-keys-from-name.h" + #include "keyboard-keys-to-name.h" + diff --git a/gnu/packages/patches/flex-CVE-2016-6354.patch b/gnu/packages/patches/flex-CVE-2016-6354.patch deleted file mode 100644 index 1f3cb028d4..0000000000 --- a/gnu/packages/patches/flex-CVE-2016-6354.patch +++ /dev/null @@ -1,30 +0,0 @@ -Fix CVE-2016-6354 (Buffer overflow in generated code (yy_get_next_buffer). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6354 -https://security-tracker.debian.org/tracker/CVE-2016-6354 - -Patch copied from upstream source repository: -https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466 - -From a5cbe929ac3255d371e698f62dc256afe7006466 Mon Sep 17 00:00:00 2001 -From: Will Estes <westes575@gmail.com> -Date: Sat, 27 Feb 2016 11:56:05 -0500 -Subject: [PATCH] Fixed incorrect integer type - ---- - src/flex.skl | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/flex.skl b/src/flex.skl -index 36a526a..64f853d 100644 ---- a/src/flex.skl -+++ b/src/flex.skl -@@ -1703,7 +1703,7 @@ int yyFlexLexer::yy_get_next_buffer() - - else - { -- yy_size_t num_to_read = -+ int num_to_read = - YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; - - while ( num_to_read <= 0 ) diff --git a/gnu/packages/patches/fontconfig-charwidth-symbol-conflict.patch b/gnu/packages/patches/fontconfig-charwidth-symbol-conflict.patch new file mode 100644 index 0000000000..8ebe33bc6c --- /dev/null +++ b/gnu/packages/patches/fontconfig-charwidth-symbol-conflict.patch @@ -0,0 +1,82 @@ +The first patch is copied from the upstream source repository: + +https://cgit.freedesktop.org/fontconfig/commit/?id=1ab5258f7c2abfafcd63a760ca08bf93591912da + +The second patch is adapted from a message to from the OpenEmbedded mailing list: + +http://lists.openembedded.org/pipermail/openembedded-core/2016-December/130213.html + +From 1ab5258f7c2abfafcd63a760ca08bf93591912da Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Wed, 14 Dec 2016 16:11:05 -0800 +Subject: Avoid conflicts with integer width macros from TS 18661-1:2014 + +glibc 2.25+ has now defined these macros in <limits.h> +https://sourceware.org/git/?p=glibc.git;a=commit;h=5b17fd0da62bf923cb61d1bb7b08cf2e1f1f9c1a + +Create an alias for FC_CHAR_WIDTH for ABI compatibility + +Signed-off-by: Khem Raj <raj.khem@gmail.com> + +diff --git a/fontconfig/fontconfig.h b/fontconfig/fontconfig.h +index 5c72b22..070a557 100644 +--- a/fontconfig/fontconfig.h ++++ b/fontconfig/fontconfig.h +@@ -128,7 +128,8 @@ typedef int FcBool; + #define FC_USER_CACHE_FILE ".fonts.cache-" FC_CACHE_VERSION + + /* Adjust outline rasterizer */ +-#define FC_CHAR_WIDTH "charwidth" /* Int */ ++#define FC_CHARWIDTH "charwidth" /* Int */ ++#define FC_CHAR_WIDTH FC_CHARWIDTH + #define FC_CHAR_HEIGHT "charheight"/* Int */ + #define FC_MATRIX "matrix" /* FcMatrix */ + +diff --git a/src/fcobjs.h b/src/fcobjs.h +index 1fc4f65..d27864b 100644 +--- a/src/fcobjs.h ++++ b/src/fcobjs.h +@@ -51,7 +51,7 @@ FC_OBJECT (DPI, FcTypeDouble, NULL) + FC_OBJECT (RGBA, FcTypeInteger, NULL) + FC_OBJECT (SCALE, FcTypeDouble, NULL) + FC_OBJECT (MINSPACE, FcTypeBool, NULL) +-FC_OBJECT (CHAR_WIDTH, FcTypeInteger, NULL) ++FC_OBJECT (CHARWIDTH, FcTypeInteger, NULL) + FC_OBJECT (CHAR_HEIGHT, FcTypeInteger, NULL) + FC_OBJECT (MATRIX, FcTypeMatrix, NULL) + FC_OBJECT (CHARSET, FcTypeCharSet, FcCompareCharSet) +-- +cgit v0.10.2 + +From 20cddc824c6501c2082cac41b162c34cd5fcc530 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem at gmail.com> +Date: Sun, 11 Dec 2016 14:32:00 -0800 +Subject: [PATCH] Avoid conflicts with integer width macros from TS + 18661-1:2014 + +glibc 2.25+ has now defined these macros in <limits.h> +https://sourceware.org/git/?p=glibc.git;a=commit;h=5b17fd0da62bf923cb61d1bb7b08cf2e1f1f9c1a + +Signed-off-by: Khem Raj <raj.khem at gmail.com> +--- +Upstream-Status: Submitted + + fontconfig/fontconfig.h | 2 +- + src/fcobjs.h | 2 +- + src/fcobjshash.gperf | 2 +- + src/fcobjshash.h | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +Index: fontconfig-2.12.1/src/fcobjshash.h +=================================================================== +--- fontconfig-2.12.1.orig/src/fcobjshash.h ++++ fontconfig-2.12.1/src/fcobjshash.h +@@ -284,7 +284,7 @@ FcObjectTypeLookup (register const char + {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str43,FC_CHARSET_OBJECT}, + {-1}, + #line 47 "fcobjshash.gperf" +- {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str45,FC_CHAR_WIDTH_OBJECT}, ++ {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str45,FC_CHARWIDTH_OBJECT}, + #line 48 "fcobjshash.gperf" + {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str46,FC_CHAR_HEIGHT_OBJECT}, + #line 55 "fcobjshash.gperf" diff --git a/gnu/packages/patches/fontconfig-path-max.patch b/gnu/packages/patches/fontconfig-path-max.patch new file mode 100644 index 0000000000..e12f60ef00 --- /dev/null +++ b/gnu/packages/patches/fontconfig-path-max.patch @@ -0,0 +1,124 @@ +This patch fix the build on GNU/Hurd, due to PATH_MAX isn't defined. + +The patch was adapted from upstream source repository: +'<https://cgit.freedesktop.org/fontconfig/commit/?id=abdb6d658e1a16410dd1c964e365a3ebd5039e7c>' +Commit: abdb6d658e1a16410dd1c964e365a3ebd5039e7c + +--- + src/fcdefault.c | 34 +++++++++++++++++++++++++++------- + src/fcint.h | 6 ++++++ + src/fcstat.c | 12 +++++++++++- + 3 files changed, 44 insertions(+), 8 deletions(-) + +diff --git a/src/fcdefault.c b/src/fcdefault.c +index 6647a8f..5afd7ec 100644 +--- a/src/fcdefault.c ++++ b/src/fcdefault.c +@@ -148,17 +148,34 @@ retry: + prgname = FcStrdup (""); + #else + # if defined (HAVE_GETEXECNAME) +- const char *p = getexecname (); ++ char *p = FcStrdup(getexecname ()); + # elif defined (HAVE_READLINK) +- char buf[PATH_MAX + 1]; +- int len; ++ size_t size = FC_PATH_MAX; + char *p = NULL; + +- len = readlink ("/proc/self/exe", buf, sizeof (buf) - 1); +- if (len != -1) ++ while (1) + { +- buf[len] = '\0'; +- p = buf; ++ char *buf = malloc (size); ++ ssize_t len; ++ ++ if (!buf) ++ break; ++ ++ len = readlink ("/proc/self/exe", buf, size - 1); ++ if (len < 0) ++ { ++ free (buf); ++ break; ++ } ++ if (len < size - 1) ++ { ++ buf[len] = 0; ++ p = buf; ++ break; ++ } ++ ++ free (buf); ++ size *= 2; + } + # else + char *p = NULL; +@@ -176,6 +193,9 @@ retry: + + if (!prgname) + prgname = FcStrdup (""); ++ ++ if (p) ++ free (p); + #endif + + if (!fc_atomic_ptr_cmpexch (&default_prgname, NULL, prgname)) { +diff --git a/src/fcint.h b/src/fcint.h +index ac911ad..dad34c5 100644 +--- a/src/fcint.h ++++ b/src/fcint.h +@@ -70,6 +70,12 @@ extern pfnSHGetFolderPathA pSHGetFolderPathA; + # define FC_DIR_SEPARATOR_S "/" + #endif + ++#ifdef PATH_MAX ++#define FC_PATH_MAX PATH_MAX ++#else ++#define FC_PATH_MAX 128 ++#endif ++ + #if __GNUC__ >= 4 + #define FC_UNUSED __attribute__((unused)) + #else +diff --git a/src/fcstat.c b/src/fcstat.c +index 1734fa4..f6e1aaa 100644 +--- a/src/fcstat.c ++++ b/src/fcstat.c +@@ -278,8 +278,13 @@ FcDirChecksum (const FcChar8 *dir, time_t *checksum) + { + #endif + struct stat statb; +- char f[PATH_MAX + 1]; ++ char *f = malloc (len + 1 + dlen + 1); + ++ if (!f) ++ { ++ ret = -1; ++ goto bail; ++ } + memcpy (f, dir, len); + f[len] = FC_DIR_SEPARATOR; + memcpy (&f[len + 1], files[n]->d_name, dlen); +@@ -287,11 +292,16 @@ FcDirChecksum (const FcChar8 *dir, time_t *checksum) + if (lstat (f, &statb) < 0) + { + ret = -1; ++ free (f); + goto bail; + } + if (S_ISDIR (statb.st_mode)) ++ { ++ free (f); + goto bail; ++ } + ++ free (f); + dtype = statb.st_mode; + #ifdef HAVE_STRUCT_DIRENT_D_TYPE + } +-- +2.11.0 + diff --git a/gnu/packages/patches/gcc-5-source-date-epoch-1.patch b/gnu/packages/patches/gcc-5-source-date-epoch-1.patch new file mode 100644 index 0000000000..8c94a026b3 --- /dev/null +++ b/gnu/packages/patches/gcc-5-source-date-epoch-1.patch @@ -0,0 +1,190 @@ +Make GCC respect SOURCE_DATE_EPOCH in __DATE__ and __TIME__ macros. + +Patch adapted from upstream source repository: + +https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=e3e8c48c4a494d9da741c1c8ea6c4c0b7c4ff934 + +From e3e8c48c4a494d9da741c1c8ea6c4c0b7c4ff934 Mon Sep 17 00:00:00 2001 +From: doko <doko@138bc75d-0d04-0410-961f-82ee72b054a4> +Date: Thu, 28 Apr 2016 09:12:05 +0000 +Subject: [PATCH] gcc/c-family/ChangeLog: + +diff --git a/gcc/c-family/c-common.c b/gcc/c-family/c-common.c +index 1bf5d080034..6f0898a38d7 100644 +--- a/gcc/c-family/c-common.c ++++ b/gcc/c-family/c-common.c +@@ -12318,4 +12318,37 @@ pointer_to_zero_sized_aggr_p (tree t) + return (TYPE_SIZE (t) && integer_zerop (TYPE_SIZE (t))); + } + ++/* Read SOURCE_DATE_EPOCH from environment to have a deterministic ++ timestamp to replace embedded current dates to get reproducible ++ results. Returns -1 if SOURCE_DATE_EPOCH is not defined. */ ++time_t ++get_source_date_epoch () ++{ ++ char *source_date_epoch; ++ long long epoch; ++ char *endptr; ++ ++ source_date_epoch = getenv ("SOURCE_DATE_EPOCH"); ++ if (!source_date_epoch) ++ return (time_t) -1; ++ ++ errno = 0; ++ epoch = strtoll (source_date_epoch, &endptr, 10); ++ if ((errno == ERANGE && (epoch == LLONG_MAX || epoch == LLONG_MIN)) ++ || (errno != 0 && epoch == 0)) ++ fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: " ++ "strtoll: %s\n", xstrerror(errno)); ++ if (endptr == source_date_epoch) ++ fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: " ++ "no digits were found: %s\n", endptr); ++ if (*endptr != '\0') ++ fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: " ++ "trailing garbage: %s\n", endptr); ++ if (epoch < 0) ++ fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: " ++ "value must be nonnegative: %lld \n", epoch); ++ ++ return (time_t) epoch; ++} ++ + #include "gt-c-family-c-common.h" +diff --git a/gcc/c-family/c-common.h b/gcc/c-family/c-common.h +index fdb227f85c3..ba0a5d7df50 100644 +--- a/gcc/c-family/c-common.h ++++ b/gcc/c-family/c-common.h +@@ -1437,4 +1437,10 @@ extern bool contains_cilk_spawn_stmt (tree); + extern tree cilk_for_number_of_iterations (tree); + extern bool check_no_cilk (tree, const char *, const char *, + location_t loc = UNKNOWN_LOCATION); ++ ++/* Read SOURCE_DATE_EPOCH from environment to have a deterministic ++ timestamp to replace embedded current dates to get reproducible ++ results. Returns -1 if SOURCE_DATE_EPOCH is not defined. */ ++extern time_t get_source_date_epoch (void); ++ + #endif /* ! GCC_C_COMMON_H */ +diff --git a/gcc/c-family/c-lex.c b/gcc/c-family/c-lex.c +index bb55be8063e..e68471b9d2b 100644 +--- a/gcc/c-family/c-lex.c ++++ b/gcc/c-family/c-lex.c +@@ -402,6 +402,9 @@ c_lex_with_flags (tree *value, location_t *loc, unsigned char *cpp_flags, + enum cpp_ttype type; + unsigned char add_flags = 0; + enum overflow_type overflow = OT_NONE; ++ time_t source_date_epoch = get_source_date_epoch (); ++ ++ cpp_init_source_date_epoch (parse_in, source_date_epoch); + + timevar_push (TV_CPP); + retry: +diff --git a/gcc/doc/cppenv.texi b/gcc/doc/cppenv.texi +index 100811dc637..3b5317beb53 100644 +--- a/gcc/doc/cppenv.texi ++++ b/gcc/doc/cppenv.texi +@@ -79,4 +79,21 @@ main input file is omitted. + @ifclear cppmanual + @xref{Preprocessor Options}. + @end ifclear ++ ++@item SOURCE_DATE_EPOCH ++ ++If this variable is set, its value specifies a UNIX timestamp to be ++used in replacement of the current date and time in the @code{__DATE__} ++and @code{__TIME__} macros, so that the embedded timestamps become ++reproducible. ++ ++The value of @env{SOURCE_DATE_EPOCH} must be a UNIX timestamp, ++defined as the number of seconds (excluding leap seconds) since ++01 Jan 1970 00:00:00 represented in ASCII, identical to the output of ++@samp{@command{date +%s}}. ++ ++The value should be a known timestamp such as the last modification ++time of the source or package and it should be set by the build ++process. ++ + @end vtable +diff --git a/libcpp/include/cpplib.h b/libcpp/include/cpplib.h +index 1b731d1a3ad..7a5481219be 100644 +--- a/libcpp/include/cpplib.h ++++ b/libcpp/include/cpplib.h +@@ -775,6 +775,9 @@ extern void cpp_init_special_builtins (cpp_reader *); + /* Set up built-ins like __FILE__. */ + extern void cpp_init_builtins (cpp_reader *, int); + ++/* Initialize the source_date_epoch value. */ ++extern void cpp_init_source_date_epoch (cpp_reader *, time_t); ++ + /* This is called after options have been parsed, and partially + processed. */ + extern void cpp_post_options (cpp_reader *); +diff --git a/libcpp/init.c b/libcpp/init.c +index 45a4d13ffa3..a8d00f4628b 100644 +--- a/libcpp/init.c ++++ b/libcpp/init.c +@@ -530,6 +530,13 @@ cpp_init_builtins (cpp_reader *pfile, int hosted) + _cpp_define_builtin (pfile, "__OBJC__ 1"); + } + ++/* Initialize the source_date_epoch value. */ ++void ++cpp_init_source_date_epoch (cpp_reader *pfile, time_t source_date_epoch) ++{ ++ pfile->source_date_epoch = source_date_epoch; ++} ++ + /* Sanity-checks are dependent on command-line options, so it is + called as a subroutine of cpp_read_main_file (). */ + #if ENABLE_CHECKING +diff --git a/libcpp/internal.h b/libcpp/internal.h +index c2d08168945..8507eba1747 100644 +--- a/libcpp/internal.h ++++ b/libcpp/internal.h +@@ -502,6 +502,10 @@ struct cpp_reader + const unsigned char *date; + const unsigned char *time; + ++ /* Externally set timestamp to replace current date and time useful for ++ reproducibility. */ ++ time_t source_date_epoch; ++ + /* EOF token, and a token forcing paste avoidance. */ + cpp_token avoid_paste; + cpp_token eof; +diff --git a/libcpp/macro.c b/libcpp/macro.c +index eb32a6f8c98..3f3b278e97d 100644 +--- a/libcpp/macro.c ++++ b/libcpp/macro.c +@@ -350,13 +350,20 @@ _cpp_builtin_macro_text (cpp_reader *pfile, cpp_hashnode *node) + time_t tt; + struct tm *tb = NULL; + +- /* (time_t) -1 is a legitimate value for "number of seconds +- since the Epoch", so we have to do a little dance to +- distinguish that from a genuine error. */ +- errno = 0; +- tt = time(NULL); +- if (tt != (time_t)-1 || errno == 0) +- tb = localtime (&tt); ++ /* Set a reproducible timestamp for __DATE__ and __TIME__ macro ++ usage if SOURCE_DATE_EPOCH is defined. */ ++ if (pfile->source_date_epoch != (time_t) -1) ++ tb = gmtime (&pfile->source_date_epoch); ++ else ++ { ++ /* (time_t) -1 is a legitimate value for "number of seconds ++ since the Epoch", so we have to do a little dance to ++ distinguish that from a genuine error. */ ++ errno = 0; ++ tt = time (NULL); ++ if (tt != (time_t)-1 || errno == 0) ++ tb = localtime (&tt); ++ } + + if (tb) + { +-- +2.11.0 + diff --git a/gnu/packages/patches/gcc-5-source-date-epoch-2.patch b/gnu/packages/patches/gcc-5-source-date-epoch-2.patch new file mode 100644 index 0000000000..ed2580679a --- /dev/null +++ b/gnu/packages/patches/gcc-5-source-date-epoch-2.patch @@ -0,0 +1,353 @@ +Continuation of the SOURCE_DATE_EPOCH patch. + +Patch adapted from upstream source repository: + +https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=dfa5c0d3f3e23e4fdb14857a42de376d9ff8601c + +From dfa5c0d3f3e23e4fdb14857a42de376d9ff8601c Mon Sep 17 00:00:00 2001 +From: doko <doko@138bc75d-0d04-0410-961f-82ee72b054a4> +Date: Wed, 1 Jun 2016 16:42:41 +0000 +Subject: [PATCH] gcc/c-family/ChangeLog: + +diff --git a/gcc/c-family/c-common.c b/gcc/c-family/c-common.c +index 6f0898a38d7..efbc78ef218 100644 +--- a/gcc/c-family/c-common.c ++++ b/gcc/c-family/c-common.c +@@ -12321,8 +12321,9 @@ pointer_to_zero_sized_aggr_p (tree t) + /* Read SOURCE_DATE_EPOCH from environment to have a deterministic + timestamp to replace embedded current dates to get reproducible + results. Returns -1 if SOURCE_DATE_EPOCH is not defined. */ ++ + time_t +-get_source_date_epoch () ++cb_get_source_date_epoch (cpp_reader *pfile ATTRIBUTE_UNUSED) + { + char *source_date_epoch; + long long epoch; +@@ -12334,19 +12335,14 @@ get_source_date_epoch () + + errno = 0; + epoch = strtoll (source_date_epoch, &endptr, 10); +- if ((errno == ERANGE && (epoch == LLONG_MAX || epoch == LLONG_MIN)) +- || (errno != 0 && epoch == 0)) +- fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: " +- "strtoll: %s\n", xstrerror(errno)); +- if (endptr == source_date_epoch) +- fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: " +- "no digits were found: %s\n", endptr); +- if (*endptr != '\0') +- fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: " +- "trailing garbage: %s\n", endptr); +- if (epoch < 0) +- fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: " +- "value must be nonnegative: %lld \n", epoch); ++ if (errno != 0 || endptr == source_date_epoch || *endptr != '\0' ++ || epoch < 0 || epoch > MAX_SOURCE_DATE_EPOCH) ++ { ++ error_at (input_location, "environment variable SOURCE_DATE_EPOCH must " ++ "expand to a non-negative integer less than or equal to %wd", ++ MAX_SOURCE_DATE_EPOCH); ++ return (time_t) -1; ++ } + + return (time_t) epoch; + } +diff --git a/gcc/c-family/c-common.h b/gcc/c-family/c-common.h +index ba0a5d7df50..977ae9df5ea 100644 +--- a/gcc/c-family/c-common.h ++++ b/gcc/c-family/c-common.h +@@ -1063,6 +1063,16 @@ extern vec<tree, va_gc> *make_tree_vector_copy (const vec<tree, va_gc> *); + c_register_builtin_type. */ + extern GTY(()) tree registered_builtin_types; + ++/* Read SOURCE_DATE_EPOCH from environment to have a deterministic ++ timestamp to replace embedded current dates to get reproducible ++ results. Returns -1 if SOURCE_DATE_EPOCH is not defined. */ ++extern time_t cb_get_source_date_epoch (cpp_reader *pfile); ++ ++/* The value (as a unix timestamp) corresponds to date ++ "Dec 31 9999 23:59:59 UTC", which is the latest date that __DATE__ and ++ __TIME__ can store. */ ++#define MAX_SOURCE_DATE_EPOCH HOST_WIDE_INT_C (253402300799) ++ + /* In c-gimplify.c */ + extern void c_genericize (tree); + extern int c_gimplify_expr (tree *, gimple_seq *, gimple_seq *); +@@ -1438,9 +1448,4 @@ extern tree cilk_for_number_of_iterations (tree); + extern bool check_no_cilk (tree, const char *, const char *, + location_t loc = UNKNOWN_LOCATION); + +-/* Read SOURCE_DATE_EPOCH from environment to have a deterministic +- timestamp to replace embedded current dates to get reproducible +- results. Returns -1 if SOURCE_DATE_EPOCH is not defined. */ +-extern time_t get_source_date_epoch (void); +- + #endif /* ! GCC_C_COMMON_H */ +diff --git a/gcc/c-family/c-lex.c b/gcc/c-family/c-lex.c +index e68471b9d2b..3f78073f640 100644 +--- a/gcc/c-family/c-lex.c ++++ b/gcc/c-family/c-lex.c +@@ -97,6 +97,7 @@ init_c_lex (void) + cb->valid_pch = c_common_valid_pch; + cb->read_pch = c_common_read_pch; + cb->has_attribute = c_common_has_attribute; ++ cb->get_source_date_epoch = cb_get_source_date_epoch; + + /* Set the debug callbacks if we can use them. */ + if ((debug_info_level == DINFO_LEVEL_VERBOSE +@@ -402,9 +403,6 @@ c_lex_with_flags (tree *value, location_t *loc, unsigned char *cpp_flags, + enum cpp_ttype type; + unsigned char add_flags = 0; + enum overflow_type overflow = OT_NONE; +- time_t source_date_epoch = get_source_date_epoch (); +- +- cpp_init_source_date_epoch (parse_in, source_date_epoch); + + timevar_push (TV_CPP); + retry: +diff --git a/gcc/doc/cppenv.texi b/gcc/doc/cppenv.texi +index 3b5317beb53..7b4cf6adc11 100644 +--- a/gcc/doc/cppenv.texi ++++ b/gcc/doc/cppenv.texi +@@ -81,7 +81,6 @@ main input file is omitted. + @end ifclear + + @item SOURCE_DATE_EPOCH +- + If this variable is set, its value specifies a UNIX timestamp to be + used in replacement of the current date and time in the @code{__DATE__} + and @code{__TIME__} macros, so that the embedded timestamps become +@@ -89,8 +88,9 @@ reproducible. + + The value of @env{SOURCE_DATE_EPOCH} must be a UNIX timestamp, + defined as the number of seconds (excluding leap seconds) since +-01 Jan 1970 00:00:00 represented in ASCII, identical to the output of +-@samp{@command{date +%s}}. ++01 Jan 1970 00:00:00 represented in ASCII; identical to the output of ++@samp{@command{date +%s}} on GNU/Linux and other systems that support the ++@code{%s} extension in the @code{date} command. + + The value should be a known timestamp such as the last modification + time of the source or package and it should be set by the build +diff --git a/gcc/gcc.c b/gcc/gcc.c +index d956c36b151..2709f295734 100644 +--- a/gcc/gcc.c ++++ b/gcc/gcc.c +@@ -3328,6 +3328,29 @@ save_switch (const char *opt, size_t n_args, const char *const *args, + n_switches++; + } + ++/* Set the SOURCE_DATE_EPOCH environment variable to the current time if it is ++ not set already. */ ++ ++static void ++set_source_date_epoch_envvar () ++{ ++ /* Array size is 21 = ceil(log_10(2^64)) + 1 to hold string representations ++ of 64 bit integers. */ ++ char source_date_epoch[21]; ++ time_t tt; ++ ++ errno = 0; ++ tt = time (NULL); ++ if (tt < (time_t) 0 || errno != 0) ++ tt = (time_t) 0; ++ ++ snprintf (source_date_epoch, 21, "%llu", (unsigned long long) tt); ++ /* Using setenv instead of xputenv because we want the variable to remain ++ after finalizing so that it's still set in the second run when using ++ -fcompare-debug. */ ++ setenv ("SOURCE_DATE_EPOCH", source_date_epoch, 0); ++} ++ + /* Handle an option DECODED that is unknown to the option-processing + machinery. */ + +@@ -3628,6 +3651,7 @@ driver_handle_option (struct gcc_options *opts, + else + compare_debug_opt = arg; + save_switch (compare_debug_replacement_opt, 0, NULL, validated, true); ++ set_source_date_epoch_envvar (); + return true; + + case OPT_fdiagnostics_color_: +diff --git a/gcc/testsuite/gcc.dg/cpp/source_date_epoch-1.c b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-1.c +new file mode 100644 +index 00000000000..f6aa1a360ff +--- /dev/null ++++ b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-1.c +@@ -0,0 +1,11 @@ ++/* { dg-do run } */ ++/* { dg-set-compiler-env-var SOURCE_DATE_EPOCH "630333296" } */ ++ ++int ++main(void) ++{ ++ __builtin_printf ("%s %s\n", __DATE__, __TIME__); ++ return 0; ++} ++ ++/* { dg-output "^Dec 22 1989 12:34:56\n$" } */ +diff --git a/gcc/testsuite/gcc.dg/cpp/source_date_epoch-2.c b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-2.c +new file mode 100644 +index 00000000000..ae18362ae87 +--- /dev/null ++++ b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-2.c +@@ -0,0 +1,12 @@ ++/* { dg-do compile } */ ++/* { dg-set-compiler-env-var SOURCE_DATE_EPOCH "AAA" } */ ++ ++/* Make sure that SOURCE_DATE_EPOCH is only parsed once */ ++ ++int ++main(void) ++{ ++ __builtin_printf ("%s %s\n", __DATE__, __TIME__); /* { dg-error "SOURCE_DATE_EPOCH must expand" } */ ++ __builtin_printf ("%s %s\n", __DATE__, __TIME__); ++ return 0; ++} +diff --git a/gcc/testsuite/lib/gcc-dg.exp b/gcc/testsuite/lib/gcc-dg.exp +index 4fa433d9954..7656b2254a1 100644 +--- a/gcc/testsuite/lib/gcc-dg.exp ++++ b/gcc/testsuite/lib/gcc-dg.exp +@@ -324,6 +324,38 @@ proc restore-target-env-var { } { + } + } + ++proc dg-set-compiler-env-var { args } { ++ global set_compiler_env_var ++ global saved_compiler_env_var ++ if { [llength $args] != 3 } { ++ error "dg-set-compiler-env-var: need two arguments" ++ return ++ } ++ set var [lindex $args 1] ++ set value [lindex $args 2] ++ if [info exists ::env($var)] { ++ lappend saved_compiler_env_var [list $var 1 $::env($var)] ++ } else { ++ lappend saved_compiler_env_var [list $var 0] ++ } ++ setenv $var $value ++ lappend set_compiler_env_var [list $var $value] ++} ++ ++proc restore-compiler-env-var { } { ++ global saved_compiler_env_var ++ for { set env_vari [llength $saved_compiler_env_var] } { ++ [incr env_vari -1] >= 0 } {} { ++ set env_var [lindex $saved_compiler_env_var $env_vari] ++ set var [lindex $env_var 0] ++ if [lindex $env_var 1] { ++ setenv $var [lindex $env_var 2] ++ } else { ++ unsetenv $var ++ } ++ } ++} ++ + # Utility routines. + + # +@@ -785,6 +817,11 @@ if { [info procs saved-dg-test] == [list] } { + if [info exists set_target_env_var] { + unset set_target_env_var + } ++ if [info exists set_compiler_env_var] { ++ restore-compiler-env-var ++ unset set_compiler_env_var ++ unset saved_compiler_env_var ++ } + unset_timeout_vars + if [info exists compiler_conditional_xfail_data] { + unset compiler_conditional_xfail_data +diff --git a/libcpp/include/cpplib.h b/libcpp/include/cpplib.h +index 7a5481219be..867aeebc39f 100644 +--- a/libcpp/include/cpplib.h ++++ b/libcpp/include/cpplib.h +@@ -585,6 +585,9 @@ struct cpp_callbacks + + /* Callback that can change a user builtin into normal macro. */ + bool (*user_builtin_macro) (cpp_reader *, cpp_hashnode *); ++ ++ /* Callback to parse SOURCE_DATE_EPOCH from environment. */ ++ time_t (*get_source_date_epoch) (cpp_reader *); + }; + + #ifdef VMS +@@ -775,9 +778,6 @@ extern void cpp_init_special_builtins (cpp_reader *); + /* Set up built-ins like __FILE__. */ + extern void cpp_init_builtins (cpp_reader *, int); + +-/* Initialize the source_date_epoch value. */ +-extern void cpp_init_source_date_epoch (cpp_reader *, time_t); +- + /* This is called after options have been parsed, and partially + processed. */ + extern void cpp_post_options (cpp_reader *); +diff --git a/libcpp/init.c b/libcpp/init.c +index a8d00f4628b..61c9bbbf945 100644 +--- a/libcpp/init.c ++++ b/libcpp/init.c +@@ -254,6 +254,9 @@ cpp_create_reader (enum c_lang lang, cpp_hash_table *table, + /* Do not force token locations by default. */ + pfile->forced_token_location_p = NULL; + ++ /* Initialize source_date_epoch to -2 (not yet set). */ ++ pfile->source_date_epoch = (time_t) -2; ++ + /* The expression parser stack. */ + _cpp_expand_op_stack (pfile); + +@@ -530,13 +533,6 @@ cpp_init_builtins (cpp_reader *pfile, int hosted) + _cpp_define_builtin (pfile, "__OBJC__ 1"); + } + +-/* Initialize the source_date_epoch value. */ +-void +-cpp_init_source_date_epoch (cpp_reader *pfile, time_t source_date_epoch) +-{ +- pfile->source_date_epoch = source_date_epoch; +-} +- + /* Sanity-checks are dependent on command-line options, so it is + called as a subroutine of cpp_read_main_file (). */ + #if ENABLE_CHECKING +diff --git a/libcpp/internal.h b/libcpp/internal.h +index 8507eba1747..226ae328e76 100644 +--- a/libcpp/internal.h ++++ b/libcpp/internal.h +@@ -503,7 +503,8 @@ struct cpp_reader + const unsigned char *time; + + /* Externally set timestamp to replace current date and time useful for +- reproducibility. */ ++ reproducibility. It should be initialized to -2 (not yet set) and ++ set to -1 to disable it or to a non-negative value to enable it. */ + time_t source_date_epoch; + + /* EOF token, and a token forcing paste avoidance. */ +diff --git a/libcpp/macro.c b/libcpp/macro.c +index 3f3b278e97d..756c7c6e0c6 100644 +--- a/libcpp/macro.c ++++ b/libcpp/macro.c +@@ -351,9 +351,13 @@ _cpp_builtin_macro_text (cpp_reader *pfile, cpp_hashnode *node) + struct tm *tb = NULL; + + /* Set a reproducible timestamp for __DATE__ and __TIME__ macro +- usage if SOURCE_DATE_EPOCH is defined. */ +- if (pfile->source_date_epoch != (time_t) -1) +- tb = gmtime (&pfile->source_date_epoch); ++ if SOURCE_DATE_EPOCH is defined. */ ++ if (pfile->source_date_epoch == (time_t) -2 ++ && pfile->cb.get_source_date_epoch != NULL) ++ pfile->source_date_epoch = pfile->cb.get_source_date_epoch (pfile); ++ ++ if (pfile->source_date_epoch >= (time_t) 0) ++ tb = gmtime (&pfile->source_date_epoch); + else + { + /* (time_t) -1 is a legitimate value for "number of seconds +-- +2.11.0 + diff --git a/gnu/packages/patches/gcc-libiberty-printf-decl.patch b/gnu/packages/patches/gcc-libiberty-printf-decl.patch new file mode 100644 index 0000000000..a612c9e00e --- /dev/null +++ b/gnu/packages/patches/gcc-libiberty-printf-decl.patch @@ -0,0 +1,28 @@ +This patch makes the exeception specifier of libiberty's 'asprintf' +and 'vasprintf' declarations match those of glibc to work around the +problem described at <https://gcc.gnu.org/ml/gcc-help/2016-04/msg00039.html>. + +The problem in part stems from the fact that libiberty is configured +without _GNU_SOURCE (thus, it sets HAVE_DECL_ASPRINTF to 0), whereas libcc1 +is configured and built with _GNU_SOURCE, hence the conflicting declarations. + +--- gcc-5.3.0/include/libiberty.h 2016-04-23 22:45:46.262709079 +0200 ++++ gcc-5.3.0/include/libiberty.h 2016-04-23 22:45:37.110635439 +0200 +@@ -625,7 +625,7 @@ extern int pwait (int, int *, int); + /* Like sprintf but provides a pointer to malloc'd storage, which must + be freed by the caller. */ + +-extern int asprintf (char **, const char *, ...) ATTRIBUTE_PRINTF_2; ++extern int asprintf (char **, const char *, ...) __THROWNL ATTRIBUTE_PRINTF_2; + #endif + + /* Like asprintf but allocates memory without fail. This works like +@@ -637,7 +637,7 @@ extern char *xasprintf (const char *, .. + /* Like vsprintf but provides a pointer to malloc'd storage, which + must be freed by the caller. */ + +-extern int vasprintf (char **, const char *, va_list) ATTRIBUTE_PRINTF(2,0); ++extern int vasprintf (char **, const char *, va_list) __THROWNL ATTRIBUTE_PRINTF(2,0); + #endif + + /* Like vasprintf but allocates memory without fail. This works like diff --git a/gnu/packages/patches/gd-CVE-2016-7568.patch b/gnu/packages/patches/gd-CVE-2016-7568.patch deleted file mode 100644 index 6a1a63296c..0000000000 --- a/gnu/packages/patches/gd-CVE-2016-7568.patch +++ /dev/null @@ -1,44 +0,0 @@ -Fix CVE-2016-7568 (integer overflow in gdImageWebpCtx()): - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7568 - -Patch copied from upstream source repository: - -https://github.com/libgd/libgd/commit/2806adfdc27a94d333199345394d7c302952b95f - -From 2806adfdc27a94d333199345394d7c302952b95f Mon Sep 17 00:00:00 2001 -From: trylab <trylab@users.noreply.github.com> -Date: Tue, 6 Sep 2016 18:35:32 +0800 -Subject: [PATCH] Fix integer overflow in gdImageWebpCtx - -Integer overflow can be happened in expression gdImageSX(im) * 4 * -gdImageSY(im). It could lead to heap buffer overflow in the following -code. This issue has been reported to the PHP Bug Tracking System. The -proof-of-concept file will be supplied some days later. This issue was -discovered by Ke Liu of Tencent's Xuanwu LAB. ---- - src/gd_webp.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/src/gd_webp.c b/src/gd_webp.c -index 8eb4dee..9886399 100644 ---- a/src/gd_webp.c -+++ b/src/gd_webp.c -@@ -199,6 +199,14 @@ BGD_DECLARE(void) gdImageWebpCtx (gdImagePtr im, gdIOCtx * outfile, int quality) - quality = 80; - } - -+ if (overflow2(gdImageSX(im), 4)) { -+ return; -+ } -+ -+ if (overflow2(gdImageSX(im) * 4, gdImageSY(im))) { -+ return; -+ } -+ - argb = (uint8_t *)gdMalloc(gdImageSX(im) * 4 * gdImageSY(im)); - if (!argb) { - return; --- -2.10.0 - diff --git a/gnu/packages/patches/gd-CVE-2016-8670.patch b/gnu/packages/patches/gd-CVE-2016-8670.patch deleted file mode 100644 index 39ee99ac31..0000000000 --- a/gnu/packages/patches/gd-CVE-2016-8670.patch +++ /dev/null @@ -1,38 +0,0 @@ -Fix CVE-2016-8670 (buffer overflow in dynamicGetbuf()): - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8670 -http://seclists.org/oss-sec/2016/q4/138 - -Patch copied from upstream source repository: - -https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9 - -From 53110871935244816bbb9d131da0bccff734bfe9 Mon Sep 17 00:00:00 2001 -From: "Christoph M. Becker" <cmbecker69@gmx.de> -Date: Wed, 12 Oct 2016 11:15:32 +0200 -Subject: [PATCH] Avoid potentially dangerous signed to unsigned conversion - -We make sure to never pass a negative `rlen` as size to memcpy(). See -also <https://bugs.php.net/bug.php?id=73280>. - -Patch provided by Emmanuel Law. ---- - src/gd_io_dp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/gd_io_dp.c b/src/gd_io_dp.c -index 135eda3..228bfa5 100644 ---- a/src/gd_io_dp.c -+++ b/src/gd_io_dp.c -@@ -276,7 +276,7 @@ static int dynamicGetbuf(gdIOCtxPtr ctx, void *buf, int len) - if(remain >= len) { - rlen = len; - } else { -- if(remain == 0) { -+ if(remain <= 0) { - /* 2.0.34: EOF is incorrect. We use 0 for - * errors and EOF, just like fileGetbuf, - * which is a simple fread() wrapper. --- -2.10.1 - diff --git a/gnu/packages/patches/gd-fix-chunk-size-on-boundaries.patch b/gnu/packages/patches/gd-fix-chunk-size-on-boundaries.patch deleted file mode 100644 index e395c66d89..0000000000 --- a/gnu/packages/patches/gd-fix-chunk-size-on-boundaries.patch +++ /dev/null @@ -1,102 +0,0 @@ -This fixes PHP bug #73155: https://bugs.php.net/bug.php?id=73155 - -Patch adapted from upstream source repository: - -https://github.com/libgd/libgd/commit/8067a8ac336dfe0acbe96ec2eb24572209a7f279 - -(.gitignore change removed) - -From 8067a8ac336dfe0acbe96ec2eb24572209a7f279 Mon Sep 17 00:00:00 2001 -From: "Christoph M. Becker" <cmbecker69@gmx.de> -Date: Fri, 23 Sep 2016 18:29:52 +0200 -Subject: [PATCH] Fix #309: gdImageGd2() writes wrong chunk sizes on boundaries - -(cherry picked from commit bb1998a16e30d542ab22eba5501911a9aa066edb) ---- - src/gd_gd2.c | 4 ++-- - tests/gd2/CMakeLists.txt | 1 + - tests/gd2/Makemodule.am | 1 + - tests/gd2/bug00309.c | 37 +++++++++++++++++++++++++++++++++++++ - 4 files changed, 41 insertions(+), 2 deletions(-) - create mode 100644 tests/gd2/bug00309.c - -diff --git a/src/gd_gd2.c b/src/gd_gd2.c -index 75e5e1f..b9b2f93 100644 ---- a/src/gd_gd2.c -+++ b/src/gd_gd2.c -@@ -938,8 +938,8 @@ _gdImageGd2 (gdImagePtr im, gdIOCtx * out, int cs, int fmt) - }; - - /* Work out number of chunks. */ -- ncx = im->sx / cs + 1; -- ncy = im->sy / cs + 1; -+ ncx = (im->sx + cs - 1) / cs; -+ ncy = (im->sy + cs - 1) / cs; - - /* Write the standard header. */ - _gd2PutHeader (im, out, cs, fmt, ncx, ncy); -diff --git a/tests/gd2/CMakeLists.txt b/tests/gd2/CMakeLists.txt -index 3b650ad..247b466 100644 ---- a/tests/gd2/CMakeLists.txt -+++ b/tests/gd2/CMakeLists.txt -@@ -1,5 +1,6 @@ - SET(TESTS_FILES - bug_289 -+ bug00309 - gd2_empty_file - gd2_im2im - gd2_null -diff --git a/tests/gd2/Makemodule.am b/tests/gd2/Makemodule.am -index b8ee946..d69aee0 100644 ---- a/tests/gd2/Makemodule.am -+++ b/tests/gd2/Makemodule.am -@@ -1,5 +1,6 @@ - libgd_test_programs += \ - gd2/bug_289 \ -+ gd2/bug00309 \ - gd2/gd2_empty_file \ - gd2/php_bug_72339 \ - gd2/gd2_read_corrupt -diff --git a/tests/gd2/bug00309.c b/tests/gd2/bug00309.c -new file mode 100644 -index 0000000..b649cdc ---- /dev/null -+++ b/tests/gd2/bug00309.c -@@ -0,0 +1,37 @@ -+/** -+ * Regression test for <https://github.com/libgd/libgd/issues/309>. -+ * -+ * We test that an image with 64x64 pixels reports only a single chunk in the -+ * GD2 image header when the chunk size is 64. -+ */ -+ -+ -+#include "gd.h" -+#include "gdtest.h" -+ -+ -+int main() -+{ -+ gdImagePtr im; -+ unsigned char *buf; -+ int size, word; -+ -+ im = gdImageCreate(64, 64); -+ gdImageColorAllocate(im, 0, 0, 0); -+ -+ buf = gdImageGd2Ptr(im, 64, 1, &size); -+ -+ gdImageDestroy(im); -+ -+ word = buf[10] << 8 | buf[11]; -+ gdTestAssertMsg(word == 64, "chunk size is %d, but expected 64\n", word); -+ word = buf[14] << 8 | buf[15]; -+ gdTestAssertMsg(word == 1, "x chunk count is %d, but expected 1\n", word); -+ word = buf[16] << 8 | buf[17]; -+ gdTestAssertMsg(word == 1, "y chunk count is %d, but expected 1\n", word); -+ gdTestAssertMsg(size == 5145, "file size is %d, but expected 5145\n", size); -+ -+ gdFree(buf); -+ -+ return gdNumFailures(); -+} diff --git a/gnu/packages/patches/gd-fix-truecolor-format-correction.patch b/gnu/packages/patches/gd-fix-truecolor-format-correction.patch deleted file mode 100644 index be3eff9327..0000000000 --- a/gnu/packages/patches/gd-fix-truecolor-format-correction.patch +++ /dev/null @@ -1,95 +0,0 @@ -This fixes PHP bug #73159: https://bugs.php.net/bug.php?id=73159 - -Patch lifted from upstream source repository: - -https://github.com/libgd/libgd/commit/e1f61a4141d2e0937a13b8bfb1992b9f29eb05f5 - -From e1f61a4141d2e0937a13b8bfb1992b9f29eb05f5 Mon Sep 17 00:00:00 2001 -From: "Christoph M. Becker" <cmbecker69@gmx.de> -Date: Mon, 15 Aug 2016 17:49:40 +0200 -Subject: [PATCH] Fix #289: Passing unrecognized formats to gdImageGd2 results - in corrupted files - -We must not apply the format correction twice for truecolor images. - -(cherry picked from commit 09090c125658e23a4ae2a2e002646bb7278bd89e) ---- - src/gd_gd2.c | 2 +- - tests/gd2/CMakeLists.txt | 1 + - tests/gd2/Makemodule.am | 1 + - tests/gd2/bug_289.c | 33 +++++++++++++++++++++++++++++++++ - 4 files changed, 36 insertions(+), 1 deletion(-) - create mode 100644 tests/gd2/bug_289.c - -diff --git a/src/gd_gd2.c b/src/gd_gd2.c -index 86c881e..75e5e1f 100644 ---- a/src/gd_gd2.c -+++ b/src/gd_gd2.c -@@ -918,7 +918,7 @@ _gdImageGd2 (gdImagePtr im, gdIOCtx * out, int cs, int fmt) - /* Force fmt to a valid value since we don't return anything. */ - /* */ - if ((fmt != GD2_FMT_RAW) && (fmt != GD2_FMT_COMPRESSED)) { -- fmt = im->trueColor ? GD2_FMT_TRUECOLOR_COMPRESSED : GD2_FMT_COMPRESSED; -+ fmt = GD2_FMT_COMPRESSED; - }; - if (im->trueColor) { - fmt += 2; -diff --git a/tests/gd2/CMakeLists.txt b/tests/gd2/CMakeLists.txt -index 8aecacc..3b650ad 100644 ---- a/tests/gd2/CMakeLists.txt -+++ b/tests/gd2/CMakeLists.txt -@@ -1,4 +1,5 @@ - SET(TESTS_FILES -+ bug_289 - gd2_empty_file - gd2_im2im - gd2_null -diff --git a/tests/gd2/Makemodule.am b/tests/gd2/Makemodule.am -index 754a284..b8ee946 100644 ---- a/tests/gd2/Makemodule.am -+++ b/tests/gd2/Makemodule.am -@@ -1,4 +1,5 @@ - libgd_test_programs += \ -+ gd2/bug_289 \ - gd2/gd2_empty_file \ - gd2/php_bug_72339 \ - gd2/gd2_read_corrupt -diff --git a/tests/gd2/bug_289.c b/tests/gd2/bug_289.c -new file mode 100644 -index 0000000..ad311e9 ---- /dev/null -+++ b/tests/gd2/bug_289.c -@@ -0,0 +1,33 @@ -+/** -+ * Passing an unrecognized format to gdImageGd2() should result in -+ * GD2_FMT_TRUECOLOR_COMPRESSED for truecolor images. -+ * -+ * See <https://github.com/libgd/libgd/issues/289>. -+ */ -+ -+#include "gd.h" -+#include "gdtest.h" -+ -+ -+#define GD2_FMT_UNRECOGNIZED 0 -+#define GD2_FMT_TRUECOLOR_COMPRESSED 4 -+ -+#define MSG "expected %s byte to be %d, but got %d\n" -+ -+ -+int main() -+{ -+ gdImagePtr im; -+ char *buffer; -+ int size; -+ -+ im = gdImageCreateTrueColor(10, 10); -+ gdTestAssert(im != NULL); -+ buffer = (char *) gdImageGd2Ptr(im, 128, GD2_FMT_UNRECOGNIZED, &size); -+ gdTestAssert(buffer != NULL); -+ gdImageDestroy(im); -+ gdTestAssertMsg(buffer[12] == 0, MSG, "1st", 0, buffer[12]); -+ gdTestAssertMsg(buffer[13] == GD2_FMT_TRUECOLOR_COMPRESSED, MSG, "2nd", GD2_FMT_TRUECOLOR_COMPRESSED, buffer[13]); -+ -+ return gdNumFailures(); -+} diff --git a/gnu/packages/patches/gd-freetype-test-failure.patch b/gnu/packages/patches/gd-freetype-test-failure.patch new file mode 100644 index 0000000000..49c16ca089 --- /dev/null +++ b/gnu/packages/patches/gd-freetype-test-failure.patch @@ -0,0 +1,59 @@ +Fix a test failure with freetype 2.7: + +https://github.com/libgd/libgd/commit/a5570d3ed30ff76c2a8bdd54f4ab1825acca0143 + +Patch copied from upstream source repository: + +https://github.com/libgd/libgd/commit/a5570d3ed30ff76c2a8bdd54f4ab1825acca0143 + +From a5570d3ed30ff76c2a8bdd54f4ab1825acca0143 Mon Sep 17 00:00:00 2001 +From: "Christoph M. Becker" <cmbecker69@gmx.de> +Date: Sun, 29 Jan 2017 17:07:50 +0100 +Subject: [PATCH] Fix #302: Test suite fails with freetype 2.7 + +Actually, the test failures are not necessarily related to freetype +2.7, but rather are caused by subpixel hinting which is enabled by +default in freetype 2.7. Subpixel hinting is, however, already +available in freetype 2.5 and in versions having the "Infinality" +patch. + +To get the expected results in all environments, we have to disable +subpixel hinting, what is easily done by setting a respective +environment variable. + +See also: +* https://www.freetype.org/freetype2/docs/subpixel-hinting.html +* https://www.freetype.org/freetype2/docs/reference/ft2-tt_driver.html +--- + tests/freetype/bug00132.c | 3 +++ + tests/gdimagestringft/gdimagestringft_bbox.c | 3 +++ + 2 files changed, 6 insertions(+) + +diff --git a/tests/freetype/bug00132.c b/tests/freetype/bug00132.c +index 713dd2d..42ed5b1 100644 +--- a/tests/freetype/bug00132.c ++++ b/tests/freetype/bug00132.c +@@ -11,6 +11,9 @@ int main() + char *path; + char *ret = NULL; + ++ /* disable subpixel hinting */ ++ putenv("FREETYPE_PROPERTIES=truetype:interpreter-version=35"); ++ + im = gdImageCreateTrueColor(50, 30); + + if (!im) { +diff --git a/tests/gdimagestringft/gdimagestringft_bbox.c b/tests/gdimagestringft/gdimagestringft_bbox.c +index 0161ec8..1596a9e 100644 +--- a/tests/gdimagestringft/gdimagestringft_bbox.c ++++ b/tests/gdimagestringft/gdimagestringft_bbox.c +@@ -38,6 +38,9 @@ int main() + int error = 0; + FILE *fp; + ++ /* disable subpixel hinting */ ++ putenv("FREETYPE_PROPERTIES=truetype:interpreter-version=35"); ++ + path = gdTestFilePath("freetype/DejaVuSans.ttf"); + im = gdImageCreate(800, 800); + gdImageColorAllocate(im, 0xFF, 0xFF, 0xFF); /* allocate white for background color */ diff --git a/gnu/packages/patches/gd-php-73968-Fix-109-XBM-reading.patch b/gnu/packages/patches/gd-php-73968-Fix-109-XBM-reading.patch new file mode 100644 index 0000000000..a926c1455c --- /dev/null +++ b/gnu/packages/patches/gd-php-73968-Fix-109-XBM-reading.patch @@ -0,0 +1,121 @@ +This bug was first reported to php on https://bugs.php.net/bug.php?id=73968. +php then reported it to gd in https://github.com/libgd/libgd/issues/109. + +Patch adapted from upstream source repository: + +https://github.com/libgd/libgd/commit/082c5444838ea0d84f9fb6441aefdb44d78d9bba + +Binary diffs have been removed from the patch because our patch +procedure doesn't support them. + +From 082c5444838ea0d84f9fb6441aefdb44d78d9bba Mon Sep 17 00:00:00 2001 +From: "Christoph M. Becker" <cmbecker69@gmx.de> +Date: Fri, 20 Jan 2017 22:48:20 +0100 +Subject: [PATCH] Fix #109: XBM reading fails with printed error + +When calculating the number of required bytes of an XBM image, we have +to take the line padding into account. +--- + src/gd_xbm.c | 2 +- + tests/xbm/CMakeLists.txt | 1 + + tests/xbm/Makemodule.am | 5 ++++- + tests/xbm/github_bug_109.c | 35 +++++++++++++++++++++++++++++++++++ + tests/xbm/github_bug_109.xbm | 5 +++++ + 5 files changed, 47 insertions(+), 2 deletions(-) + create mode 100644 tests/xbm/github_bug_109.c + create mode 100644 tests/xbm/github_bug_109.xbm + create mode 100644 tests/xbm/github_bug_109_exp.png + +diff --git a/src/gd_xbm.c b/src/gd_xbm.c +index 5f09b56..c2ba2ad 100644 +--- a/src/gd_xbm.c ++++ b/src/gd_xbm.c +@@ -108,7 +108,7 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromXbm(FILE * fd) + max_bit = 32768; + } + if (max_bit) { +- bytes = (width * height / 8) + 1; ++ bytes = (width + 7) / 8 * height; + if (!bytes) { + return 0; + } +diff --git a/tests/xbm/CMakeLists.txt b/tests/xbm/CMakeLists.txt +index 183cf5e..08576e0 100644 +--- a/tests/xbm/CMakeLists.txt ++++ b/tests/xbm/CMakeLists.txt +@@ -1,4 +1,5 @@ + LIST(APPEND TESTS_FILES ++ github_bug_109 + github_bug_170 + ) + +diff --git a/tests/xbm/Makemodule.am b/tests/xbm/Makemodule.am +index ba1eabd..0f5beb6 100644 +--- a/tests/xbm/Makemodule.am ++++ b/tests/xbm/Makemodule.am +@@ -1,5 +1,8 @@ + libgd_test_programs += \ ++ xbm/github_bug_109 \ + xbm/github_bug_170 + + EXTRA_DIST += \ +- xbm/CMakeLists.txt ++ xbm/CMakeLists.txt \ ++ xbm/github_bug_109.xbm \ ++ xbm/github_bug_109_exp.png +diff --git a/tests/xbm/github_bug_109.c b/tests/xbm/github_bug_109.c +new file mode 100644 +index 0000000..1a020c6 +--- /dev/null ++++ b/tests/xbm/github_bug_109.c +@@ -0,0 +1,35 @@ ++/** ++ * Test reading of XBM images with a width that is not a multiple of 8 ++ * ++ * We're reading such an XBM image, and check that we got what we've expected, ++ * instead of an error message. ++ * ++ * See also <https://github.com/libgd/libgd/issues/109>. ++ */ ++ ++ ++#include "gd.h" ++#include "gdtest.h" ++ ++ ++int main() ++{ ++ gdImagePtr im; ++ FILE *fp; ++ char *path; ++ ++ fp = gdTestFileOpen2("xbm", "github_bug_109.xbm"); ++ im = gdImageCreateFromXbm(fp); ++ fclose(fp); ++ gdTestAssert(im != NULL); ++ gdTestAssert(gdImageGetTrueColorPixel(im, 0, 0) == 0); ++ gdTestAssert(gdImageGetTrueColorPixel(im, 0, 1) == 0xffffff); ++ ++ path = gdTestFilePath2("xbm", "github_bug_109_exp.png"); ++ gdAssertImageEqualsToFile(path, im); ++ gdFree(path); ++ ++ gdImageDestroy(im); ++ ++ return gdNumFailures(); ++} +diff --git a/tests/xbm/github_bug_109.xbm b/tests/xbm/github_bug_109.xbm +new file mode 100644 +index 0000000..f427d86 +--- /dev/null ++++ b/tests/xbm/github_bug_109.xbm +@@ -0,0 +1,5 @@ ++#define test_width 10 ++#define test_height 10 ++static unsigned char test_bits[] = { ++ 0xFF, 0x03, 0x00, 0x00, 0xFF, 0x03, 0x00, 0x00, 0xFF, 0x03, 0x00, 0x00, ++ 0xFF, 0x03, 0x00, 0x00, 0xFF, 0x03, 0x00, 0x00}; + +-- +2.7.4 + diff --git a/gnu/packages/patches/gdk-pixbuf-list-dir.patch b/gnu/packages/patches/gdk-pixbuf-list-dir.patch new file mode 100644 index 0000000000..137914a19c --- /dev/null +++ b/gnu/packages/patches/gdk-pixbuf-list-dir.patch @@ -0,0 +1,35 @@ +Sort directory entries so that the output of +‘gdk-pixbuf-query-loaders’ is deterministic. + +See: https://bugzilla.gnome.org/show_bug.cgi?id=777332 +--- gdk-pixbuf-2.34.0/gdk-pixbuf/queryloaders.c.orig 2017-01-11 00:17:32.865843062 +0100 ++++ gdk-pixbuf-2.34.0/gdk-pixbuf/queryloaders.c 2017-01-16 16:12:03.420667874 +0100 +@@ -354,16 +354,27 @@ + + dir = g_dir_open (path, 0, NULL); + if (dir) { ++ GList *entries = NULL; + const char *dent; + + while ((dent = g_dir_read_name (dir))) { + gint len = strlen (dent); + if (len > SOEXT_LEN && + strcmp (dent + len - SOEXT_LEN, SOEXT) == 0) { +- query_module (contents, path, dent); ++ entries = g_list_append (entries, g_strdup (dent)); + } + } + g_dir_close (dir); ++ /* Sort directory entries so that the output of ++ ‘gdk-pixbuf-query-loaders’ is deterministic. */ ++ entries = g_list_sort (entries, (GCompareFunc) strcmp); ++ GList *xentries; ++ for (xentries = entries; xentries; xentries = g_list_next (xentries)) { ++ dent = xentries->data; ++ query_module (contents, path, dent); ++ g_free (xentries->data); ++ } ++ g_list_free (entries); + } + #else + g_string_append_printf (contents, "# dynamic loading of modules not supported\n"); diff --git a/gnu/packages/patches/glibc-bootstrap-system.patch b/gnu/packages/patches/glibc-bootstrap-system.patch index 7208cce3f4..2f8e7da7e1 100644 --- a/gnu/packages/patches/glibc-bootstrap-system.patch +++ b/gnu/packages/patches/glibc-bootstrap-system.patch @@ -26,3 +26,5 @@ instead uses the hard-coded absolute file name of `bash'. _IO__exit (127); } _IO_close (child_end); + + diff --git a/gnu/packages/patches/guile-repl-server-test.patch b/gnu/packages/patches/guile-repl-server-test.patch deleted file mode 100644 index 81e724ecc4..0000000000 --- a/gnu/packages/patches/guile-repl-server-test.patch +++ /dev/null @@ -1,48 +0,0 @@ -commit 8d6209ea56241bb1890c142539927c9ef3fb5a13 -Author: Ludovic Courtès <ludo@gnu.org> -Date: Fri Nov 4 22:44:32 2016 +0100 - - tests: Throw 'unresolved when the REPL server is too slow. - -commit 2fbde7f02adb8c6585e9baf6e293ee49cd23d4c4 -Author: Ludovic Courtès <ludo@gnu.org> -Date: Fri Nov 4 22:45:51 2016 +0100 - - tests: Avoid race condition in REPL server test. - -index ca389ba..4b5ec0c 100644 ---- a/test-suite/tests/00-repl-server.test -+++ b/test-suite/tests/00-repl-server.test -@@ -61,10 +61,11 @@ socket connected to that server." - (lambda () - (connect client-socket sockaddr)) - (lambda args -- (when (and (memv (system-error-errno args) -- (list ENOENT ECONNREFUSED)) -- (< tries 3)) -- (sleep 1) -+ (when (memv (system-error-errno args) -+ (list ENOENT ECONNREFUSED)) -+ (when (> tries 30) -+ (throw 'unresolved)) -+ (usleep 100) - (loop (+ tries 1)))))) - - (proc client-socket)) -@@ -104,8 +105,14 @@ reached." - "scheme@(repl-server)> $1 = 42\n" - (with-repl-server socket - (read-until-prompt socket %last-line-before-prompt) -- (display "(+ 40 2)\n(quit)\n" socket) -- (read-string socket))) -+ -+ ;; Wait until 'repl-reader' in boot-9 has written the prompt. -+ ;; Otherwise, if we write too quickly, 'repl-reader' checks for -+ ;; 'char-ready?' and doesn't print the prompt. -+ (match (select (list socket) '() (list socket) 3) -+ (((_) () ()) -+ (display "(+ 40 2)\n(quit)\n" socket) -+ (read-string socket))))) - - (pass-if "HTTP inter-protocol attack" ;CVE-2016-8606 - (with-repl-server socket diff --git a/gnu/packages/patches/lcms-fix-out-of-bounds-read.patch b/gnu/packages/patches/lcms-CVE-2016-10165.patch index d9f7ac6a36..fa4d75c9ee 100644 --- a/gnu/packages/patches/lcms-fix-out-of-bounds-read.patch +++ b/gnu/packages/patches/lcms-CVE-2016-10165.patch @@ -1,7 +1,9 @@ -Fix an out-of-bounds heap read in Type_MLU_Read(): +Fix CVE-2016-10165, an out-of-bounds heap read in Type_MLU_Read(): +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10165 http://seclists.org/oss-sec/2016/q3/288 https://bugzilla.redhat.com/show_bug.cgi?id=1367357 +https://security-tracker.debian.org/tracker/CVE-2016-10165 Patch copied from upstream source repository: diff --git a/gnu/packages/patches/libarchive-7zip-heap-overflow.patch b/gnu/packages/patches/libarchive-7zip-heap-overflow.patch deleted file mode 100644 index bef628f0a8..0000000000 --- a/gnu/packages/patches/libarchive-7zip-heap-overflow.patch +++ /dev/null @@ -1,77 +0,0 @@ -Fix buffer overflow reading 7Zip files: - -https://github.com/libarchive/libarchive/issues/761 - -Patch copied from upstream repository: - -https://github.com/libarchive/libarchive/commit/7f17c791dcfd8c0416e2cd2485b19410e47ef126 - -From 7f17c791dcfd8c0416e2cd2485b19410e47ef126 Mon Sep 17 00:00:00 2001 -From: Tim Kientzle <kientzle@acm.org> -Date: Sun, 18 Sep 2016 18:14:58 -0700 -Subject: [PATCH] Issue 761: Heap overflow reading corrupted 7Zip files - -The sample file that demonstrated this had multiple 'EmptyStream' -attributes. The first one ended up being used to calculate -certain statistics, then was overwritten by the second which -was incompatible with those statistics. - -The fix here is to reject any header with multiple EmptyStream -attributes. While here, also reject headers with multiple -EmptyFile, AntiFile, Name, or Attributes markers. ---- - libarchive/archive_read_support_format_7zip.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/libarchive/archive_read_support_format_7zip.c b/libarchive/archive_read_support_format_7zip.c -index 1dfe52b..c0a536c 100644 ---- a/libarchive/archive_read_support_format_7zip.c -+++ b/libarchive/archive_read_support_format_7zip.c -@@ -2431,6 +2431,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h, - - switch (type) { - case kEmptyStream: -+ if (h->emptyStreamBools != NULL) -+ return (-1); - h->emptyStreamBools = calloc((size_t)zip->numFiles, - sizeof(*h->emptyStreamBools)); - if (h->emptyStreamBools == NULL) -@@ -2451,6 +2453,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h, - return (-1); - break; - } -+ if (h->emptyFileBools != NULL) -+ return (-1); - h->emptyFileBools = calloc(empty_streams, - sizeof(*h->emptyFileBools)); - if (h->emptyFileBools == NULL) -@@ -2465,6 +2469,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h, - return (-1); - break; - } -+ if (h->antiBools != NULL) -+ return (-1); - h->antiBools = calloc(empty_streams, - sizeof(*h->antiBools)); - if (h->antiBools == NULL) -@@ -2491,6 +2497,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h, - if ((ll & 1) || ll < zip->numFiles * 4) - return (-1); - -+ if (zip->entry_names != NULL) -+ return (-1); - zip->entry_names = malloc(ll); - if (zip->entry_names == NULL) - return (-1); -@@ -2543,6 +2551,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h, - if ((p = header_bytes(a, 2)) == NULL) - return (-1); - allAreDefined = *p; -+ if (h->attrBools != NULL) -+ return (-1); - h->attrBools = calloc((size_t)zip->numFiles, - sizeof(*h->attrBools)); - if (h->attrBools == NULL) --- -2.10.0 - diff --git a/gnu/packages/patches/libarchive-fix-filesystem-attacks.patch b/gnu/packages/patches/libarchive-fix-filesystem-attacks.patch deleted file mode 100644 index bce63d5e4e..0000000000 --- a/gnu/packages/patches/libarchive-fix-filesystem-attacks.patch +++ /dev/null @@ -1,445 +0,0 @@ -This patch fixes two bugs that allow attackers to overwrite or change -the permissions of arbitrary files: - -https://github.com/libarchive/libarchive/issues/745 -https://github.com/libarchive/libarchive/issues/746 - -Patch copied from upstream repository: - -https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9 - -From dfd6b54ce33960e420fb206d8872fb759b577ad9 Mon Sep 17 00:00:00 2001 -From: Tim Kientzle <kientzle@acm.org> -Date: Sun, 11 Sep 2016 13:21:57 -0700 -Subject: [PATCH] Fixes for Issue #745 and Issue #746 from Doran Moppert. - ---- - libarchive/archive_write_disk_posix.c | 294 ++++++++++++++++++++++++++-------- - 1 file changed, 227 insertions(+), 67 deletions(-) - -diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c -index 8f0421e..abe1a86 100644 ---- a/libarchive/archive_write_disk_posix.c -+++ b/libarchive/archive_write_disk_posix.c -@@ -326,12 +326,14 @@ struct archive_write_disk { - - #define HFS_BLOCKS(s) ((s) >> 12) - -+static int check_symlinks_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags); - static int check_symlinks(struct archive_write_disk *); - static int create_filesystem_object(struct archive_write_disk *); - static struct fixup_entry *current_fixup(struct archive_write_disk *, const char *pathname); - #if defined(HAVE_FCHDIR) && defined(PATH_MAX) - static void edit_deep_directories(struct archive_write_disk *ad); - #endif -+static int cleanup_pathname_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags); - static int cleanup_pathname(struct archive_write_disk *); - static int create_dir(struct archive_write_disk *, char *); - static int create_parent_dir(struct archive_write_disk *, char *); -@@ -2014,6 +2016,10 @@ create_filesystem_object(struct archive_write_disk *a) - const char *linkname; - mode_t final_mode, mode; - int r; -+ /* these for check_symlinks_fsobj */ -+ char *linkname_copy; /* non-const copy of linkname */ -+ struct archive_string error_string; -+ int error_number; - - /* We identify hard/symlinks according to the link names. */ - /* Since link(2) and symlink(2) don't handle modes, we're done here. */ -@@ -2022,6 +2028,27 @@ create_filesystem_object(struct archive_write_disk *a) - #if !HAVE_LINK - return (EPERM); - #else -+ archive_string_init(&error_string); -+ linkname_copy = strdup(linkname); -+ if (linkname_copy == NULL) { -+ return (EPERM); -+ } -+ /* TODO: consider using the cleaned-up path as the link target? */ -+ r = cleanup_pathname_fsobj(linkname_copy, &error_number, &error_string, a->flags); -+ if (r != ARCHIVE_OK) { -+ archive_set_error(&a->archive, error_number, "%s", error_string.s); -+ free(linkname_copy); -+ /* EPERM is more appropriate than error_number for our callers */ -+ return (EPERM); -+ } -+ r = check_symlinks_fsobj(linkname_copy, &error_number, &error_string, a->flags); -+ if (r != ARCHIVE_OK) { -+ archive_set_error(&a->archive, error_number, "%s", error_string.s); -+ free(linkname_copy); -+ /* EPERM is more appropriate than error_number for our callers */ -+ return (EPERM); -+ } -+ free(linkname_copy); - r = link(linkname, a->name) ? errno : 0; - /* - * New cpio and pax formats allow hardlink entries -@@ -2362,115 +2389,228 @@ current_fixup(struct archive_write_disk *a, const char *pathname) - * recent paths. - */ - /* TODO: Extend this to support symlinks on Windows Vista and later. */ -+ -+/* -+ * Checks the given path to see if any elements along it are symlinks. Returns -+ * ARCHIVE_OK if there are none, otherwise puts an error in errmsg. -+ */ - static int --check_symlinks(struct archive_write_disk *a) -+check_symlinks_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags) - { - #if !defined(HAVE_LSTAT) - /* Platform doesn't have lstat, so we can't look for symlinks. */ - (void)a; /* UNUSED */ -+ (void)path; /* UNUSED */ -+ (void)error_number; /* UNUSED */ -+ (void)error_string; /* UNUSED */ -+ (void)flags; /* UNUSED */ - return (ARCHIVE_OK); - #else -- char *pn; -+ int res = ARCHIVE_OK; -+ char *tail; -+ char *head; -+ int last; - char c; - int r; - struct stat st; -+ int restore_pwd; -+ -+ /* Nothing to do here if name is empty */ -+ if(path[0] == '\0') -+ return (ARCHIVE_OK); - - /* - * Guard against symlink tricks. Reject any archive entry whose - * destination would be altered by a symlink. -+ * -+ * Walk the filename in chunks separated by '/'. For each segment: -+ * - if it doesn't exist, continue -+ * - if it's symlink, abort or remove it -+ * - if it's a directory and it's not the last chunk, cd into it -+ * As we go: -+ * head points to the current (relative) path -+ * tail points to the temporary \0 terminating the segment we're currently examining -+ * c holds what used to be in *tail -+ * last is 1 if this is the last tail - */ -- /* Whatever we checked last time doesn't need to be re-checked. */ -- pn = a->name; -- if (archive_strlen(&(a->path_safe)) > 0) { -- char *p = a->path_safe.s; -- while ((*pn != '\0') && (*p == *pn)) -- ++p, ++pn; -- } -+ restore_pwd = open(".", O_RDONLY | O_BINARY | O_CLOEXEC); -+ __archive_ensure_cloexec_flag(restore_pwd); -+ if (restore_pwd < 0) -+ return (ARCHIVE_FATAL); -+ head = path; -+ tail = path; -+ last = 0; -+ /* TODO: reintroduce a safe cache here? */ - /* Skip the root directory if the path is absolute. */ -- if(pn == a->name && pn[0] == '/') -- ++pn; -- c = pn[0]; -- /* Keep going until we've checked the entire name. */ -- while (pn[0] != '\0' && (pn[0] != '/' || pn[1] != '\0')) { -+ if(tail == path && tail[0] == '/') -+ ++tail; -+ /* Keep going until we've checked the entire name. -+ * head, tail, path all alias the same string, which is -+ * temporarily zeroed at tail, so be careful restoring the -+ * stashed (c=tail[0]) for error messages. -+ * Exiting the loop with break is okay; continue is not. -+ */ -+ while (!last) { -+ /* Skip the separator we just consumed, plus any adjacent ones */ -+ while (*tail == '/') -+ ++tail; - /* Skip the next path element. */ -- while (*pn != '\0' && *pn != '/') -- ++pn; -- c = pn[0]; -- pn[0] = '\0'; -+ while (*tail != '\0' && *tail != '/') -+ ++tail; -+ /* is this the last path component? */ -+ last = (tail[0] == '\0') || (tail[0] == '/' && tail[1] == '\0'); -+ /* temporarily truncate the string here */ -+ c = tail[0]; -+ tail[0] = '\0'; - /* Check that we haven't hit a symlink. */ -- r = lstat(a->name, &st); -+ r = lstat(head, &st); - if (r != 0) { -+ tail[0] = c; - /* We've hit a dir that doesn't exist; stop now. */ - if (errno == ENOENT) { - break; - } else { -- /* Note: This effectively disables deep directory -+ /* Treat any other error as fatal - best to be paranoid here -+ * Note: This effectively disables deep directory - * support when security checks are enabled. - * Otherwise, very long pathnames that trigger - * an error here could evade the sandbox. - * TODO: We could do better, but it would probably - * require merging the symlink checks with the - * deep-directory editing. */ -- return (ARCHIVE_FAILED); -+ if (error_number) *error_number = errno; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Could not stat %s", -+ path); -+ res = ARCHIVE_FAILED; -+ break; -+ } -+ } else if (S_ISDIR(st.st_mode)) { -+ if (!last) { -+ if (chdir(head) != 0) { -+ tail[0] = c; -+ if (error_number) *error_number = errno; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Could not chdir %s", -+ path); -+ res = (ARCHIVE_FATAL); -+ break; -+ } -+ /* Our view is now from inside this dir: */ -+ head = tail + 1; - } - } else if (S_ISLNK(st.st_mode)) { -- if (c == '\0') { -+ if (last) { - /* - * Last element is symlink; remove it - * so we can overwrite it with the - * item being extracted. - */ -- if (unlink(a->name)) { -- archive_set_error(&a->archive, errno, -- "Could not remove symlink %s", -- a->name); -- pn[0] = c; -- return (ARCHIVE_FAILED); -+ if (unlink(head)) { -+ tail[0] = c; -+ if (error_number) *error_number = errno; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Could not remove symlink %s", -+ path); -+ res = ARCHIVE_FAILED; -+ break; - } -- a->pst = NULL; - /* - * Even if we did remove it, a warning - * is in order. The warning is silly, - * though, if we're just replacing one - * symlink with another symlink. - */ -- if (!S_ISLNK(a->mode)) { -- archive_set_error(&a->archive, 0, -- "Removing symlink %s", -- a->name); -+ tail[0] = c; -+ /* FIXME: not sure how important this is to restore -+ if (!S_ISLNK(path)) { -+ if (error_number) *error_number = 0; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Removing symlink %s", -+ path); - } -+ */ - /* Symlink gone. No more problem! */ -- pn[0] = c; -- return (0); -- } else if (a->flags & ARCHIVE_EXTRACT_UNLINK) { -+ res = ARCHIVE_OK; -+ break; -+ } else if (flags & ARCHIVE_EXTRACT_UNLINK) { - /* User asked us to remove problems. */ -- if (unlink(a->name) != 0) { -- archive_set_error(&a->archive, 0, -- "Cannot remove intervening symlink %s", -- a->name); -- pn[0] = c; -- return (ARCHIVE_FAILED); -+ if (unlink(head) != 0) { -+ tail[0] = c; -+ if (error_number) *error_number = 0; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Cannot remove intervening symlink %s", -+ path); -+ res = ARCHIVE_FAILED; -+ break; - } -- a->pst = NULL; -+ tail[0] = c; - } else { -- archive_set_error(&a->archive, 0, -- "Cannot extract through symlink %s", -- a->name); -- pn[0] = c; -- return (ARCHIVE_FAILED); -+ tail[0] = c; -+ if (error_number) *error_number = 0; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Cannot extract through symlink %s", -+ path); -+ res = ARCHIVE_FAILED; -+ break; - } - } -- pn[0] = c; -- if (pn[0] != '\0') -- pn++; /* Advance to the next segment. */ -+ /* be sure to always maintain this */ -+ tail[0] = c; -+ if (tail[0] != '\0') -+ tail++; /* Advance to the next segment. */ - } -- pn[0] = c; -- /* We've checked and/or cleaned the whole path, so remember it. */ -- archive_strcpy(&a->path_safe, a->name); -- return (ARCHIVE_OK); -+ /* Catches loop exits via break */ -+ tail[0] = c; -+#ifdef HAVE_FCHDIR -+ /* If we changed directory above, restore it here. */ -+ if (restore_pwd >= 0) { -+ r = fchdir(restore_pwd); -+ if (r != 0) { -+ if(error_number) *error_number = errno; -+ if(error_string) -+ archive_string_sprintf(error_string, -+ "chdir() failure"); -+ } -+ close(restore_pwd); -+ restore_pwd = -1; -+ if (r != 0) { -+ res = (ARCHIVE_FATAL); -+ } -+ } -+#endif -+ /* TODO: reintroduce a safe cache here? */ -+ return res; - #endif - } - -+/* -+ * Check a->name for symlinks, returning ARCHIVE_OK if its clean, otherwise -+ * calls archive_set_error and returns ARCHIVE_{FATAL,FAILED} -+ */ -+static int -+check_symlinks(struct archive_write_disk *a) -+{ -+ struct archive_string error_string; -+ int error_number; -+ int rc; -+ archive_string_init(&error_string); -+ rc = check_symlinks_fsobj(a->name, &error_number, &error_string, a->flags); -+ if (rc != ARCHIVE_OK) { -+ archive_set_error(&a->archive, error_number, "%s", error_string.s); -+ } -+ archive_string_free(&error_string); -+ a->pst = NULL; /* to be safe */ -+ return rc; -+} -+ -+ - #if defined(__CYGWIN__) - /* - * 1. Convert a path separator from '\' to '/' . -@@ -2544,15 +2684,17 @@ cleanup_pathname_win(struct archive_write_disk *a) - * is set) if the path is absolute. - */ - static int --cleanup_pathname(struct archive_write_disk *a) -+cleanup_pathname_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags) - { - char *dest, *src; - char separator = '\0'; - -- dest = src = a->name; -+ dest = src = path; - if (*src == '\0') { -- archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, -- "Invalid empty pathname"); -+ if (error_number) *error_number = ARCHIVE_ERRNO_MISC; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Invalid empty pathname"); - return (ARCHIVE_FAILED); - } - -@@ -2561,9 +2703,11 @@ cleanup_pathname(struct archive_write_disk *a) - #endif - /* Skip leading '/'. */ - if (*src == '/') { -- if (a->flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) { -- archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, -- "Path is absolute"); -+ if (flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) { -+ if (error_number) *error_number = ARCHIVE_ERRNO_MISC; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Path is absolute"); - return (ARCHIVE_FAILED); - } - -@@ -2590,10 +2734,11 @@ cleanup_pathname(struct archive_write_disk *a) - } else if (src[1] == '.') { - if (src[2] == '/' || src[2] == '\0') { - /* Conditionally warn about '..' */ -- if (a->flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) { -- archive_set_error(&a->archive, -- ARCHIVE_ERRNO_MISC, -- "Path contains '..'"); -+ if (flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) { -+ if (error_number) *error_number = ARCHIVE_ERRNO_MISC; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Path contains '..'"); - return (ARCHIVE_FAILED); - } - } -@@ -2624,7 +2769,7 @@ cleanup_pathname(struct archive_write_disk *a) - * We've just copied zero or more path elements, not including the - * final '/'. - */ -- if (dest == a->name) { -+ if (dest == path) { - /* - * Nothing got copied. The path must have been something - * like '.' or '/' or './' or '/././././/./'. -@@ -2639,6 +2784,21 @@ cleanup_pathname(struct archive_write_disk *a) - return (ARCHIVE_OK); - } - -+static int -+cleanup_pathname(struct archive_write_disk *a) -+{ -+ struct archive_string error_string; -+ int error_number; -+ int rc; -+ archive_string_init(&error_string); -+ rc = cleanup_pathname_fsobj(a->name, &error_number, &error_string, a->flags); -+ if (rc != ARCHIVE_OK) { -+ archive_set_error(&a->archive, error_number, "%s", error_string.s); -+ } -+ archive_string_free(&error_string); -+ return rc; -+} -+ - /* - * Create the parent directory of the specified path, assuming path - * is already in mutable storage. diff --git a/gnu/packages/patches/libarchive-fix-symlink-check.patch b/gnu/packages/patches/libarchive-fix-symlink-check.patch deleted file mode 100644 index f042c31a84..0000000000 --- a/gnu/packages/patches/libarchive-fix-symlink-check.patch +++ /dev/null @@ -1,60 +0,0 @@ -Make sure to check for symlinks even if the pathname is very long: - -https://github.com/libarchive/libarchive/issues/744 - -Patch copied from upstream repository: - -https://github.com/libarchive/libarchive/commit/1fa9c7bf90f0862036a99896b0501c381584451a - -From 1fa9c7bf90f0862036a99896b0501c381584451a Mon Sep 17 00:00:00 2001 -From: Tim Kientzle <kientzle@acm.org> -Date: Sun, 21 Aug 2016 17:11:45 -0700 -Subject: [PATCH] Issue #744 (part of Issue #743): Enforce sandbox with very - long pathnames - -Because check_symlinks is handled separately from the deep-directory -support, very long pathnames cause problems. Previously, the code -ignored most failures to lstat() a path component. In particular, -this led to check_symlinks always passing for very long paths, which -in turn provides a way to evade the symlink checks in the sandboxing -code. - -We now fail on unrecognized lstat() failures, which plugs this -hole at the cost of disabling deep directory support when the -user requests sandboxing. - -TODO: This probably cannot be completely fixed without -entirely reimplementing the deep directory support to -integrate the symlink checks. I want to reimplement the -deep directory hanlding someday anyway; openat() and -related system calls now provide a much cleaner way to -handle deep directories than the chdir approach used by this -code. ---- - libarchive/archive_write_disk_posix.c | 12 +++++++++++- - 1 file changed, 11 insertions(+), 1 deletion(-) - -diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c -index 39ee3b6..8f0421e 100644 ---- a/libarchive/archive_write_disk_posix.c -+++ b/libarchive/archive_write_disk_posix.c -@@ -2401,8 +2401,18 @@ check_symlinks(struct archive_write_disk *a) - r = lstat(a->name, &st); - if (r != 0) { - /* We've hit a dir that doesn't exist; stop now. */ -- if (errno == ENOENT) -+ if (errno == ENOENT) { - break; -+ } else { -+ /* Note: This effectively disables deep directory -+ * support when security checks are enabled. -+ * Otherwise, very long pathnames that trigger -+ * an error here could evade the sandbox. -+ * TODO: We could do better, but it would probably -+ * require merging the symlink checks with the -+ * deep-directory editing. */ -+ return (ARCHIVE_FAILED); -+ } - } else if (S_ISLNK(st.st_mode)) { - if (c == '\0') { - /* diff --git a/gnu/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch b/gnu/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch deleted file mode 100644 index 0e70ac90ce..0000000000 --- a/gnu/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch +++ /dev/null @@ -1,44 +0,0 @@ -Fixes this buffer overflow: -https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a - -Patch copied from upstream source repository: -https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a - -From e37b620fe8f14535d737e89a4dcabaed4517bf1a Mon Sep 17 00:00:00 2001 -From: Tim Kientzle <kientzle@acm.org> -Date: Sun, 21 Aug 2016 10:51:43 -0700 -Subject: [PATCH] Issue #767: Buffer overflow printing a filename - -The safe_fprintf function attempts to ensure clean output for an -arbitrary sequence of bytes by doing a trial conversion of the -multibyte characters to wide characters -- if the resulting wide -character is printable then we pass through the corresponding bytes -unaltered, otherwise, we convert them to C-style ASCII escapes. - -The stack trace in Issue #767 suggest that the 20-byte buffer -was getting overflowed trying to format a non-printable multibyte -character. This should only happen if there is a valid multibyte -character of more than 5 bytes that was unprintable. (Each byte -would get expanded to a four-charcter octal-style escape of the form -"\123" resulting in >20 characters for the >5 byte multibyte character.) - -I've not been able to reproduce this, but have expanded the conversion -buffer to 128 bytes on the belief that no multibyte character set -has a single character of more than 32 bytes. ---- - tar/util.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tar/util.c b/tar/util.c -index 9ff22f2..2b4aebe 100644 ---- a/tar/util.c -+++ b/tar/util.c -@@ -182,7 +182,7 @@ safe_fprintf(FILE *f, const char *fmt, ...) - } - - /* If our output buffer is full, dump it and keep going. */ -- if (i > (sizeof(outbuff) - 20)) { -+ if (i > (sizeof(outbuff) - 128)) { - outbuff[i] = '\0'; - fprintf(f, "%s", outbuff); - i = 0; diff --git a/gnu/packages/patches/libdrm-symbol-check.patch b/gnu/packages/patches/libdrm-symbol-check.patch index 676024beb4..69c67e778d 100644 --- a/gnu/packages/patches/libdrm-symbol-check.patch +++ b/gnu/packages/patches/libdrm-symbol-check.patch @@ -1,5 +1,5 @@ Augment the list of expected symbols to fix the symbol-check tests on -mips64el-linux and armhf-linux. +mips64el-linux, armhf-linux and aarch64-linux. --- libdrm-2.4.65/freedreno/freedreno-symbol-check.orig 2015-09-04 11:07:40.000000000 -0400 +++ libdrm-2.4.65/freedreno/freedreno-symbol-check 2015-10-18 23:57:15.288416229 -0400 @@ -193,3 +193,28 @@ mips64el-linux and armhf-linux. drm_tegra_bo_get_flags drm_tegra_bo_get_handle drm_tegra_bo_get_tiling + +--- libdrm-2.4.65/radeon/radeon-symbol-check.orig 2015-05-04 11:47:43.000000000 -0400 ++++ libdrm-2.4.65/radeon/radeon-symbol-check 2015-10-18 23:57:00.756759698 -0400 +@@ -1,6 +1,6 @@ + #!/bin/bash + +-# The following symbols (past the first five) are taken from the public headers. ++# The following symbols (past the first 12) are taken from the public headers. + # A list of the latter should be available Makefile.sources/LIBDRM_RADEON_H_FILES + + FUNCS=$(nm -D --format=bsd --defined-only ${1-.libs/libdrm_tegra.so} | awk '{print $3}'| while read func; do +@@ -10,6 +10,13 @@ + _end + _fini + _init ++_fbss ++_fdata ++_ftext ++__bss_start__ ++__bss_end__ ++_bss_end__ ++__end__ + radeon_bo_debug + radeon_bo_get_handle + radeon_bo_get_src_domain diff --git a/gnu/packages/patches/libepoxy-gl-null-checks.patch b/gnu/packages/patches/libepoxy-gl-null-checks.patch deleted file mode 100644 index bdc4b05989..0000000000 --- a/gnu/packages/patches/libepoxy-gl-null-checks.patch +++ /dev/null @@ -1,54 +0,0 @@ -This patch from <https://bugzilla.redhat.com/show_bug.cgi?id=1395366> adds NULL -checks to avoid crashes when GL support is missing, as is the case when running -Xvfb. - -Upstream issue: <https://github.com/anholt/libepoxy/issues/72>. - -diff -ur libepoxy-1.3.1/src/dispatch_common.c libepoxy-1.3.1/src/dispatch_common.c ---- libepoxy-1.3.1/src/dispatch_common.c 2015-07-15 19:46:36.000000000 -0400 -+++ libepoxy-1.3.1/src/dispatch_common.c 2016-11-16 09:03:52.809066247 -0500 -@@ -348,6 +348,8 @@ - epoxy_extension_in_string(const char *extension_list, const char *ext) - { - const char *ptr = extension_list; -+ if (! ptr) return false; -+ if (! ext) return false; - int len = strlen(ext); - - /* Make sure that don't just find an extension with our name as a prefix. */ -@@ -380,6 +382,7 @@ - - for (i = 0; i < num_extensions; i++) { - const char *gl_ext = (const char *)glGetStringi(GL_EXTENSIONS, i); -+ if (! gl_ext) return false; - if (strcmp(ext, gl_ext) == 0) - return true; - } -diff -ur libepoxy-1.3.1/src/dispatch_egl.c libepoxy-1.3.1/src/dispatch_egl.c ---- libepoxy-1.3.1/src/dispatch_egl.c 2015-07-15 19:46:36.000000000 -0400 -+++ libepoxy-1.3.1/src/dispatch_egl.c 2016-11-16 08:40:34.069358709 -0500 -@@ -46,6 +46,7 @@ - int ret; - - version_string = eglQueryString(dpy, EGL_VERSION); -+ if (! version_string) return 0; - ret = sscanf(version_string, "%d.%d", &major, &minor); - assert(ret == 2); - return major * 10 + minor; -diff -ur libepoxy-1.3.1/src/dispatch_glx.c libepoxy-1.3.1/src/dispatch_glx.c ---- libepoxy-1.3.1/src/dispatch_glx.c 2015-07-15 19:46:36.000000000 -0400 -+++ libepoxy-1.3.1/src/dispatch_glx.c 2016-11-16 08:41:03.065730370 -0500 -@@ -57,11 +57,13 @@ - int ret; - - version_string = glXQueryServerString(dpy, screen, GLX_VERSION); -+ if (! version_string) return 0; - ret = sscanf(version_string, "%d.%d", &server_major, &server_minor); - assert(ret == 2); - server = server_major * 10 + server_minor; - - version_string = glXGetClientString(dpy, GLX_VERSION); -+ if (! version_string) return 0; - ret = sscanf(version_string, "%d.%d", &client_major, &client_minor); - assert(ret == 2); - client = client_major * 10 + client_minor; diff --git a/gnu/packages/patches/libevent-2.0-evdns-fix-remote-stack-overread.patch b/gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch index f1907d53e2..bffe2c454c 100644 --- a/gnu/packages/patches/libevent-2.0-evdns-fix-remote-stack-overread.patch +++ b/gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch @@ -1,7 +1,6 @@ -Fix buffer overread in libevents DNS code. - -Upstream bug report: +Fix CVE-2016-10195 (buffer overread in libevent's DNS code): +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10195 https://github.com/libevent/libevent/issues/317 Patch copied from upstream source repository: diff --git a/gnu/packages/patches/libevent-2.0-evutil-fix-buffer-overflow.patch b/gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch index 4d16a4b917..03f96e938b 100644 --- a/gnu/packages/patches/libevent-2.0-evutil-fix-buffer-overflow.patch +++ b/gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch @@ -1,7 +1,6 @@ -Fix buffer overflow in evutil. - -Upstream bug report: +Fix CVE-2016-10196 (buffer overflow in evutil): +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10196 https://github.com/libevent/libevent/issues/318 Patch copied from upstream source repository: diff --git a/gnu/packages/patches/libevent-2.0-evdns-fix-searching-empty-hostnames.patch b/gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch index c4ad0a1a4a..c62a328627 100644 --- a/gnu/packages/patches/libevent-2.0-evdns-fix-searching-empty-hostnames.patch +++ b/gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch @@ -1,7 +1,6 @@ -Fix OOB read on empty hostnames in evdns. - -Upstream bug report: +Fix CVE-2016-10197 (out of bounds read on empty hostnames in evdns): +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10197 https://github.com/libevent/libevent/issues/332 Patch copied from upstream source repository: diff --git a/gnu/packages/patches/libpng-CVE-2016-10087.patch b/gnu/packages/patches/libpng-CVE-2016-10087.patch deleted file mode 100644 index 8093b3e448..0000000000 --- a/gnu/packages/patches/libpng-CVE-2016-10087.patch +++ /dev/null @@ -1,37 +0,0 @@ -Fix CVE-2016-10087, a null pointer dereference in png_set_text_2(): - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087 -http://seclists.org/oss-sec/2016/q4/777 - -Patch adapted from upstream source repository: - -https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb/ - -From 812768d7a9c973452222d454634496b25ed415eb Mon Sep 17 00:00:00 2001 -From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net> -Date: Thu, 29 Dec 2016 07:51:33 -0600 -Subject: [PATCH] [libpng16] Fixed a potential null pointer dereference in - png_set_text_2() - -(bug report and patch by Patrick Keshishian). ---- - ANNOUNCE | 2 ++ - CHANGES | 2 ++ - png.c | 1 + - 3 files changed, 5 insertions(+) - -diff --git a/png.c b/png.c -index 8afc28fc2..2e05de159 100644 ---- a/png.c -+++ b/png.c -@@ -477,6 +477,7 @@ png_free_data(png_const_structrp png_ptr, png_inforp info_ptr, png_uint_32 mask, - png_free(png_ptr, info_ptr->text); - info_ptr->text = NULL; - info_ptr->num_text = 0; -+ info_ptr->max_text = 0; - } - } - #endif --- -2.11.0 - diff --git a/gnu/packages/patches/libssh2-fix-build-failure-with-gcrypt.patch b/gnu/packages/patches/libssh2-fix-build-failure-with-gcrypt.patch new file mode 100644 index 0000000000..4133be7fc9 --- /dev/null +++ b/gnu/packages/patches/libssh2-fix-build-failure-with-gcrypt.patch @@ -0,0 +1,33 @@ +This fixes a regression introduced in 1.8.0 where libssh2 fails to build +with the gcrypt backend. + +Upstream bug URL: + +https://github.com/libssh2/libssh2/issues/150 + +Patch copied from upstream source repository: + +https://github.com/libssh2/libssh2/commit/ced924b78a40126606797ef57a74066eb3b4b83f + +From ced924b78a40126606797ef57a74066eb3b4b83f Mon Sep 17 00:00:00 2001 +From: Sergei Trofimovich <siarheit@google.com> +Date: Mon, 31 Oct 2016 09:04:33 +0000 +Subject: [PATCH] acinclude.m4: fix ./configure --with-libgcrypt + +diff --git a/acinclude.m4 b/acinclude.m4 +index 734ef07..c78260c 100644 +--- a/acinclude.m4 ++++ b/acinclude.m4 +@@ -412,9 +412,9 @@ AC_DEFUN([LIBSSH2_CHECKFOR_GCRYPT], [ + + old_LDFLAGS=$LDFLAGS + old_CFLAGS=$CFLAGS +- if test -n "$use_libgcrypt" && test "$use_libgcrypt" != "no"; then +- LDFLAGS="$LDFLAGS -L$use_libgcrypt/lib" +- CFLAGS="$CFLAGS -I$use_libgcrypt/include" ++ if test -n "$with_libgcrypt_prefix" && test "$use_libgcrypt" != "no"; then ++ LDFLAGS="$LDFLAGS -L$with_libgcrypt_prefix/lib" ++ CFLAGS="$CFLAGS -I$with_libgcrypt_prefix/include" + fi + AC_LIB_HAVE_LINKFLAGS([gcrypt], [], [ + #include <gcrypt.h> diff --git a/gnu/packages/patches/libxcb-python-3.5-compat.patch b/gnu/packages/patches/libxcb-python-3.5-compat.patch new file mode 100644 index 0000000000..f652498aad --- /dev/null +++ b/gnu/packages/patches/libxcb-python-3.5-compat.patch @@ -0,0 +1,64 @@ +Fix compatibility issue with Python 3.5. + +Patch copied from upstream source repository: + +https://cgit.freedesktop.org/xcb/libxcb/commit/?id=8740a288ca468433141341347aa115b9544891d3 + +From 8740a288ca468433141341347aa115b9544891d3 Mon Sep 17 00:00:00 2001 +From: Thomas Klausner <wiz@NetBSD.org> +Date: Thu, 19 May 2016 17:31:18 +0200 +Subject: [PATCH] Fix inconsistent use of tabs vs. space. + +Needed for at least python-3.5.x. + +Signed-off-by: Thomas Klausner <wiz@NetBSD.org> +Signed-off-by: Uli Schlachter <psychon@znc.in> +--- + src/c_client.py | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/src/c_client.py b/src/c_client.py +index 57de3fb..043338d 100644 +--- a/src/c_client.py ++++ b/src/c_client.py +@@ -1364,7 +1364,7 @@ def _c_serialize(context, self): + _c(' unsigned int xcb_align_to = 0;') + if self.is_switch: + _c(' unsigned int xcb_padding_offset = %d;', +- self.get_align_offset() ) ++ self.get_align_offset() ) + prefix = [('_aux', '->', self)] + aux_ptr = 'xcb_out' + +@@ -1390,7 +1390,7 @@ def _c_serialize(context, self): + _c(' unsigned int xcb_align_to = 0;') + if self.is_switch: + _c(' unsigned int xcb_padding_offset = %d;', +- self.get_align_offset() ) ++ self.get_align_offset() ) + + elif 'sizeof' == context: + param_names = [p[2] for p in params] +@@ -1930,14 +1930,14 @@ def _c_accessors_list(self, field): + # from the request size and divide that by the member size + return '(((R->length * 4) - sizeof('+ self.c_type + '))/'+'sizeof('+field.type.member.c_wiretype+'))' + else: +- # use the accessor to get the start of the list, then +- # compute the length of it by subtracting it from ++ # use the accessor to get the start of the list, then ++ # compute the length of it by subtracting it from + # the adress of the first byte after the end of the + # request +- after_end_of_request = '(((char*)R) + R->length * 4)' +- start_of_list = '%s(R)' % (field.c_accessor_name) ++ after_end_of_request = '(((char*)R) + R->length * 4)' ++ start_of_list = '%s(R)' % (field.c_accessor_name) + bytesize_of_list = '%s - (char*)(%s)' % (after_end_of_request, start_of_list) +- return '(%s) / sizeof(%s)' % (bytesize_of_list, field.type.member.c_wiretype) ++ return '(%s) / sizeof(%s)' % (bytesize_of_list, field.type.member.c_wiretype) + else: + raise Exception( + "lengthless lists with varsized members are not supported. Fieldname '%s'" +-- +2.11.1 + diff --git a/gnu/packages/patches/pcre-CVE-2016-3191.patch b/gnu/packages/patches/pcre-CVE-2016-3191.patch deleted file mode 100644 index 89cce2a36f..0000000000 --- a/gnu/packages/patches/pcre-CVE-2016-3191.patch +++ /dev/null @@ -1,151 +0,0 @@ -Fix for CVE-2016-3191. -See <https://bugzilla.redhat.com/show_bug.cgi?id=1311503>. -This is svn r1631 at <svn://vcs.exim.org/pcre/code>. - -Index: trunk/testdata/testoutput11-16 -=================================================================== ---- trunk/testdata/testoutput11-16 (revision 1630) -+++ trunk/testdata/testoutput11-16 (revision 1631) -@@ -765,4 +765,7 @@ - 25 End - ------------------------------------------------------------------ - -+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/ -+Failed: regular expression is too complicated at offset 490 -+ - /-- End of testinput11 --/ -Index: trunk/testdata/testinput11 -=================================================================== ---- trunk/testdata/testinput11 (revision 1630) -+++ trunk/testdata/testinput11 (revision 1631) -@@ -138,4 +138,6 @@ - - /.((?2)(?R)\1)()/B - -+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/ -+ - /-- End of testinput11 --/ -Index: trunk/testdata/testoutput11-8 -=================================================================== ---- trunk/testdata/testoutput11-8 (revision 1630) -+++ trunk/testdata/testoutput11-8 (revision 1631) -@@ -765,4 +765,7 @@ - 38 End - ------------------------------------------------------------------ - -+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/ -+Failed: missing ) at offset 509 -+ - /-- End of testinput11 --/ -Index: trunk/testdata/testoutput11-32 -=================================================================== ---- trunk/testdata/testoutput11-32 (revision 1630) -+++ trunk/testdata/testoutput11-32 (revision 1631) -@@ -765,4 +765,7 @@ - 25 End - ------------------------------------------------------------------ - -+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/ -+Failed: missing ) at offset 509 -+ - /-- End of testinput11 --/ -Index: trunk/pcre_internal.h -=================================================================== ---- trunk/pcre_internal.h (revision 1630) -+++ trunk/pcre_internal.h (revision 1631) -@@ -7,7 +7,7 @@ - and semantics are as close as possible to those of the Perl 5 language. - - Written by Philip Hazel -- Copyright (c) 1997-2014 University of Cambridge -+ Copyright (c) 1997-2016 University of Cambridge - - ----------------------------------------------------------------------------- - Redistribution and use in source and binary forms, with or without -@@ -2289,7 +2289,7 @@ - ERR50, ERR51, ERR52, ERR53, ERR54, ERR55, ERR56, ERR57, ERR58, ERR59, - ERR60, ERR61, ERR62, ERR63, ERR64, ERR65, ERR66, ERR67, ERR68, ERR69, - ERR70, ERR71, ERR72, ERR73, ERR74, ERR75, ERR76, ERR77, ERR78, ERR79, -- ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERRCOUNT }; -+ ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERR87, ERRCOUNT }; - - /* JIT compiling modes. The function list is indexed by them. */ - -Index: trunk/pcre_compile.c -=================================================================== ---- trunk/pcre_compile.c (revision 1630) -+++ trunk/pcre_compile.c (revision 1631) -@@ -6,7 +6,7 @@ - and semantics are as close as possible to those of the Perl 5 language. - - Written by Philip Hazel -- Copyright (c) 1997-2014 University of Cambridge -+ Copyright (c) 1997-2016 University of Cambridge - - ----------------------------------------------------------------------------- - Redistribution and use in source and binary forms, with or without -@@ -560,6 +560,7 @@ - /* 85 */ - "parentheses are too deeply nested (stack check)\0" - "digits missing in \\x{} or \\o{}\0" -+ "regular expression is too complicated\0" - ; - - /* Table to identify digits and hex digits. This is used when compiling -@@ -4591,7 +4592,8 @@ - if (code > cd->start_workspace + cd->workspace_size - - WORK_SIZE_SAFETY_MARGIN) /* Check for overrun */ - { -- *errorcodeptr = ERR52; -+ *errorcodeptr = (code >= cd->start_workspace + cd->workspace_size)? -+ ERR52 : ERR87; - goto FAILED; - } - -@@ -6626,8 +6628,21 @@ - cd->had_accept = TRUE; - for (oc = cd->open_caps; oc != NULL; oc = oc->next) - { -- *code++ = OP_CLOSE; -- PUT2INC(code, 0, oc->number); -+ if (lengthptr != NULL) -+ { -+#ifdef COMPILE_PCRE8 -+ *lengthptr += 1 + IMM2_SIZE; -+#elif defined COMPILE_PCRE16 -+ *lengthptr += 2 + IMM2_SIZE; -+#elif defined COMPILE_PCRE32 -+ *lengthptr += 4 + IMM2_SIZE; -+#endif -+ } -+ else -+ { -+ *code++ = OP_CLOSE; -+ PUT2INC(code, 0, oc->number); -+ } - } - setverb = *code++ = - (cd->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT; -Index: trunk/pcreposix.c -=================================================================== ---- trunk/pcreposix.c (revision 1630) -+++ trunk/pcreposix.c (revision 1631) -@@ -6,7 +6,7 @@ - and semantics are as close as possible to those of the Perl 5 language. - - Written by Philip Hazel -- Copyright (c) 1997-2014 University of Cambridge -+ Copyright (c) 1997-2016 University of Cambridge - - ----------------------------------------------------------------------------- - Redistribution and use in source and binary forms, with or without -@@ -173,7 +173,8 @@ - REG_BADPAT, /* group name must start with a non-digit */ - /* 85 */ - REG_BADPAT, /* parentheses too deeply nested (stack check) */ -- REG_BADPAT /* missing digits in \x{} or \o{} */ -+ REG_BADPAT, /* missing digits in \x{} or \o{} */ -+ REG_BADPAT /* pattern too complicated */ - }; - - /* Table of texts corresponding to POSIX error codes */ diff --git a/gnu/packages/patches/python-2.7-getentropy-on-old-kernels.patch b/gnu/packages/patches/python-2.7-getentropy-on-old-kernels.patch new file mode 100644 index 0000000000..5a09b4ac52 --- /dev/null +++ b/gnu/packages/patches/python-2.7-getentropy-on-old-kernels.patch @@ -0,0 +1,54 @@ +This patch resolves a compatibility issue when compiled against glibc +2.25 +and run runder kernels < 3.17: + +https://bugzilla.redhat.com/show_bug.cgi?id=1410175 + +Upstream bug URLs: + +https://bugs.python.org/issue29157 +https://bugs.python.org/issue29188 + +Patch adapted from upstream source repository: + +https://github.com/python/cpython/commit/01bdbad3e951014c58581635b94b22868537901c + +From 01bdbad3e951014c58581635b94b22868537901c Mon Sep 17 00:00:00 2001 +From: Victor Stinner <victor.stinner@gmail.com> +Date: Mon, 9 Jan 2017 11:10:41 +0100 +Subject: [PATCH] Don't use getentropy() on Linux + +Issue #29188: Support glibc 2.24 on Linux: don't use getentropy() function but +read from /dev/urandom to get random bytes, for example in os.urandom(). On +Linux, getentropy() is implemented which getrandom() is blocking mode, whereas +os.urandom() should not block. +--- + Misc/NEWS | 5 +++++ + Python/random.c | 11 +++++++++-- + 2 files changed, 14 insertions(+), 2 deletions(-) + +diff --git a/Python/random.c b/Python/random.c +index 57c41ffcd6..000cb36938 100644 +--- a/Python/random.c ++++ b/Python/random.c +@@ -97,8 +97,15 @@ win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise) + } + + /* Issue #25003: Don't use getentropy() on Solaris (available since +- * Solaris 11.3), it is blocking whereas os.urandom() should not block. */ +-#elif defined(HAVE_GETENTROPY) && !defined(sun) ++ Solaris 11.3), it is blocking whereas os.urandom() should not block. ++ ++ Issue #29188: Don't use getentropy() on Linux since the glibc 2.24 ++ implements it with the getrandom() syscall which can fail with ENOSYS, ++ and this error is not supported in py_getentropy() and getrandom() is called ++ with flags=0 which blocks until system urandom is initialized, which is not ++ the desired behaviour to seed the Python hash secret nor for os.urandom(): ++ see the PEP 524 which was only implemented in Python 3.6. */ ++#elif defined(HAVE_GETENTROPY) && !defined(sun) && !defined(linux) + #define PY_GETENTROPY 1 + + /* Fill buffer with size pseudo-random bytes generated by getentropy(). +-- +2.12.0 + diff --git a/gnu/packages/patches/python-3.4-fix-tests.patch b/gnu/packages/patches/python-3.4-fix-tests.patch deleted file mode 100644 index d1f8138e79..0000000000 --- a/gnu/packages/patches/python-3.4-fix-tests.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- Lib/test/test_posixpath.py 2014-03-01 05:46:56.984311000 +0100 -+++ Lib/test/test_posixpath.py 2014-03-07 00:59:20.888311000 +0100 -@@ -319,7 +319,11 @@ - del env['HOME'] - home = pwd.getpwuid(os.getuid()).pw_dir - # $HOME can end with a trailing /, so strip it (see #17809) -- self.assertEqual(posixpath.expanduser("~"), home.rstrip("/")) -+ # The Guix builders have '/' as a home directory, so -+ # home.rstrip("/") will be an empty string and the test will -+ # fail. Let's just disable it since it does not really make -+ # sense with such a bizarre setup. -+ # self.assertEqual(posixpath.expanduser("~"), home.rstrip("/")) diff --git a/gnu/packages/patches/python-3.5-fix-tests.patch b/gnu/packages/patches/python-3.5-fix-tests.patch index 46d2a84efb..9778b88dbd 100644 --- a/gnu/packages/patches/python-3.5-fix-tests.patch +++ b/gnu/packages/patches/python-3.5-fix-tests.patch @@ -35,12 +35,35 @@ prior revisions of Python. --- Lib/test/test_asyncio/test_base_events.py +++ Lib/test/test_asyncio/test_base_events.py -@@ -142,6 +142,8 @@ class BaseEventTests(test_utils.TestCase): - (INET, STREAM, TCP, '', ('1.2.3.4', 1)), - base_events._ipaddr_info('1.2.3.4', b'1', INET, STREAM, TCP)) - +@@ -1216,6 +1216,8 @@ + self._test_create_connection_ip_addr(m_socket, False) + + @patch_socket + @unittest.skipUnless(support.is_resource_enabled('network'), + 'network is not enabled') - def test_getaddrinfo_servname(self): - INET = socket.AF_INET - STREAM = socket.SOCK_STREAM + def test_create_connection_service_name(self, m_socket): + m_socket.getaddrinfo = socket.getaddrinfo + sock = m_socket.socket.return_value + +--- Lib/test/test_pdb.py.org 2017-03-12 03:09:01.991856701 +0100 ++++ Lib/test/test_pdb.py 2017-03-12 03:26:17.742572869 +0100 + +For some reason, KeyboardInterrupts do not work in the build +environment (lack of controlling TTY?). Just change the expected +outcome. Unfortunately, this will make it fail for users running +`python -m test test_pdb test_pdb` interactively. + +@@ -928,11 +928,11 @@ + > <doctest test.test_pdb.test_pdb_issue_20766[0]>(6)test_function() + -> print('pdb %d: %s' % (i, sess._previous_sigint_handler)) + (Pdb) continue +- pdb 1: <built-in function default_int_handler> ++ pdb 1: Handlers.SIG_IGN + > <doctest test.test_pdb.test_pdb_issue_20766[0]>(5)test_function() + -> sess.set_trace(sys._getframe()) + (Pdb) continue +- pdb 2: <built-in function default_int_handler> ++ pdb 2: Handlers.SIG_IGN + """ + + class PdbTestCase(unittest.TestCase): diff --git a/gnu/packages/patches/python-3.5-getentropy-on-old-kernels.patch b/gnu/packages/patches/python-3.5-getentropy-on-old-kernels.patch new file mode 100644 index 0000000000..8a12b5b448 --- /dev/null +++ b/gnu/packages/patches/python-3.5-getentropy-on-old-kernels.patch @@ -0,0 +1,720 @@ +This patch resolves a compatibility issue when compiled against glibc 2.25 +and run runder kernels < 3.17: + +https://bugzilla.redhat.com/show_bug.cgi?id=1410175 + +Upstream bug URL: https://bugs.python.org/issue29157 + +Patch copied from upstream source repository: + +https://hg.python.org/cpython/rev/8125d9a8152b + +# HG changeset patch +# User Victor Stinner <victor.stinner@gmail.com> +# Date 1483957133 -3600 +# Node ID 8125d9a8152b79e712cb09c7094b9129b9bcea86 +# Parent 337461574c90281630751b6095c4e1baf380cf7d +Issue #29157: Prefer getrandom() over getentropy() + +Copy and then adapt Python/random.c from default branch. Difference between 3.5 +and default branches: + +* Python 3.5 only uses getrandom() in non-blocking mode: flags=GRND_NONBLOCK +* If getrandom() fails with EAGAIN: py_getrandom() immediately fails and + remembers that getrandom() doesn't work. +* Python 3.5 has no _PyOS_URandomNonblock() function: _PyOS_URandom() + works in non-blocking mode on Python 3.5 + +diff --git a/Python/random.c b/Python/random.c +--- Python/random.c ++++ Python/random.c +@@ -1,6 +1,9 @@ + #include "Python.h" + #ifdef MS_WINDOWS + # include <windows.h> ++/* All sample MSDN wincrypt programs include the header below. It is at least ++ * required with Min GW. */ ++# include <wincrypt.h> + #else + # include <fcntl.h> + # ifdef HAVE_SYS_STAT_H +@@ -37,10 +40,9 @@ win32_urandom_init(int raise) + return 0; + + error: +- if (raise) ++ if (raise) { + PyErr_SetFromWindowsErr(0); +- else +- Py_FatalError("Failed to initialize Windows random API (CryptoGen)"); ++ } + return -1; + } + +@@ -53,8 +55,9 @@ win32_urandom(unsigned char *buffer, Py_ + + if (hCryptProv == 0) + { +- if (win32_urandom_init(raise) == -1) ++ if (win32_urandom_init(raise) == -1) { + return -1; ++ } + } + + while (size > 0) +@@ -63,11 +66,9 @@ win32_urandom(unsigned char *buffer, Py_ + if (!CryptGenRandom(hCryptProv, (DWORD)chunk, buffer)) + { + /* CryptGenRandom() failed */ +- if (raise) ++ if (raise) { + PyErr_SetFromWindowsErr(0); +- else +- Py_FatalError("Failed to initialized the randomized hash " +- "secret using CryptoGen)"); ++ } + return -1; + } + buffer += chunk; +@@ -76,58 +77,23 @@ win32_urandom(unsigned char *buffer, Py_ + return 0; + } + +-/* Issue #25003: Don't use getentropy() on Solaris (available since +- * Solaris 11.3), it is blocking whereas os.urandom() should not block. */ +-#elif defined(HAVE_GETENTROPY) && !defined(sun) +-#define PY_GETENTROPY 1 +- +-/* Fill buffer with size pseudo-random bytes generated by getentropy(). +- Return 0 on success, or raise an exception and return -1 on error. +- +- If fatal is nonzero, call Py_FatalError() instead of raising an exception +- on error. */ +-static int +-py_getentropy(unsigned char *buffer, Py_ssize_t size, int fatal) +-{ +- while (size > 0) { +- Py_ssize_t len = Py_MIN(size, 256); +- int res; +- +- if (!fatal) { +- Py_BEGIN_ALLOW_THREADS +- res = getentropy(buffer, len); +- Py_END_ALLOW_THREADS +- +- if (res < 0) { +- PyErr_SetFromErrno(PyExc_OSError); +- return -1; +- } +- } +- else { +- res = getentropy(buffer, len); +- if (res < 0) +- Py_FatalError("getentropy() failed"); +- } +- +- buffer += len; +- size -= len; +- } +- return 0; +-} +- +-#else ++#else /* !MS_WINDOWS */ + + #if defined(HAVE_GETRANDOM) || defined(HAVE_GETRANDOM_SYSCALL) + #define PY_GETRANDOM 1 + +-/* Call getrandom() ++/* Call getrandom() to get random bytes: ++ + - Return 1 on success +- - Return 0 if getrandom() syscall is not available (failed with ENOSYS or +- EPERM) or if getrandom(GRND_NONBLOCK) failed with EAGAIN (system urandom +- not initialized yet) and raise=0. ++ - Return 0 if getrandom() is not available (failed with ENOSYS or EPERM), ++ or if getrandom(GRND_NONBLOCK) failed with EAGAIN (system urandom not ++ initialized yet). + - Raise an exception (if raise is non-zero) and return -1 on error: +- getrandom() failed with EINTR and the Python signal handler raised an +- exception, or getrandom() failed with a different error. */ ++ if getrandom() failed with EINTR, raise is non-zero and the Python signal ++ handler raised an exception, or if getrandom() failed with a different ++ error. ++ ++ getrandom() is retried if it failed with EINTR: interrupted by a signal. */ + static int + py_getrandom(void *buffer, Py_ssize_t size, int raise) + { +@@ -142,16 +108,19 @@ py_getrandom(void *buffer, Py_ssize_t si + * see https://bugs.python.org/issue26839. To avoid this, use the + * GRND_NONBLOCK flag. */ + const int flags = GRND_NONBLOCK; ++ char *dest; + long n; + + if (!getrandom_works) { + return 0; + } + ++ dest = buffer; + while (0 < size) { + #ifdef sun + /* Issue #26735: On Solaris, getrandom() is limited to returning up +- to 1024 bytes */ ++ to 1024 bytes. Call it multiple times if more bytes are ++ requested. */ + n = Py_MIN(size, 1024); + #else + n = Py_MIN(size, LONG_MAX); +@@ -161,34 +130,35 @@ py_getrandom(void *buffer, Py_ssize_t si + #ifdef HAVE_GETRANDOM + if (raise) { + Py_BEGIN_ALLOW_THREADS +- n = getrandom(buffer, n, flags); ++ n = getrandom(dest, n, flags); + Py_END_ALLOW_THREADS + } + else { +- n = getrandom(buffer, n, flags); ++ n = getrandom(dest, n, flags); + } + #else + /* On Linux, use the syscall() function because the GNU libc doesn't +- * expose the Linux getrandom() syscall yet. See: +- * https://sourceware.org/bugzilla/show_bug.cgi?id=17252 */ ++ expose the Linux getrandom() syscall yet. See: ++ https://sourceware.org/bugzilla/show_bug.cgi?id=17252 */ + if (raise) { + Py_BEGIN_ALLOW_THREADS +- n = syscall(SYS_getrandom, buffer, n, flags); ++ n = syscall(SYS_getrandom, dest, n, flags); + Py_END_ALLOW_THREADS + } + else { +- n = syscall(SYS_getrandom, buffer, n, flags); ++ n = syscall(SYS_getrandom, dest, n, flags); + } + #endif + + if (n < 0) { +- /* ENOSYS: getrandom() syscall not supported by the kernel (but +- * maybe supported by the host which built Python). EPERM: +- * getrandom() syscall blocked by SECCOMP or something else. */ ++ /* ENOSYS: the syscall is not supported by the kernel. ++ EPERM: the syscall is blocked by a security policy (ex: SECCOMP) ++ or something else. */ + if (errno == ENOSYS || errno == EPERM) { + getrandom_works = 0; + return 0; + } ++ + if (errno == EAGAIN) { + /* getrandom(GRND_NONBLOCK) fails with EAGAIN if the system + urandom is not initialiazed yet. In this case, fall back on +@@ -202,32 +172,101 @@ py_getrandom(void *buffer, Py_ssize_t si + } + + if (errno == EINTR) { +- if (PyErr_CheckSignals()) { +- if (!raise) { +- Py_FatalError("getrandom() interrupted by a signal"); ++ if (raise) { ++ if (PyErr_CheckSignals()) { ++ return -1; + } +- return -1; + } + +- /* retry getrandom() */ ++ /* retry getrandom() if it was interrupted by a signal */ + continue; + } + + if (raise) { + PyErr_SetFromErrno(PyExc_OSError); + } +- else { +- Py_FatalError("getrandom() failed"); ++ return -1; ++ } ++ ++ dest += n; ++ size -= n; ++ } ++ return 1; ++} ++ ++#elif defined(HAVE_GETENTROPY) ++#define PY_GETENTROPY 1 ++ ++/* Fill buffer with size pseudo-random bytes generated by getentropy(): ++ ++ - Return 1 on success ++ - Return 0 if getentropy() syscall is not available (failed with ENOSYS or ++ EPERM). ++ - Raise an exception (if raise is non-zero) and return -1 on error: ++ if getentropy() failed with EINTR, raise is non-zero and the Python signal ++ handler raised an exception, or if getentropy() failed with a different ++ error. ++ ++ getentropy() is retried if it failed with EINTR: interrupted by a signal. */ ++static int ++py_getentropy(char *buffer, Py_ssize_t size, int raise) ++{ ++ /* Is getentropy() supported by the running kernel? Set to 0 if ++ getentropy() failed with ENOSYS or EPERM. */ ++ static int getentropy_works = 1; ++ ++ if (!getentropy_works) { ++ return 0; ++ } ++ ++ while (size > 0) { ++ /* getentropy() is limited to returning up to 256 bytes. Call it ++ multiple times if more bytes are requested. */ ++ Py_ssize_t len = Py_MIN(size, 256); ++ int res; ++ ++ if (raise) { ++ Py_BEGIN_ALLOW_THREADS ++ res = getentropy(buffer, len); ++ Py_END_ALLOW_THREADS ++ } ++ else { ++ res = getentropy(buffer, len); ++ } ++ ++ if (res < 0) { ++ /* ENOSYS: the syscall is not supported by the running kernel. ++ EPERM: the syscall is blocked by a security policy (ex: SECCOMP) ++ or something else. */ ++ if (errno == ENOSYS || errno == EPERM) { ++ getentropy_works = 0; ++ return 0; ++ } ++ ++ if (errno == EINTR) { ++ if (raise) { ++ if (PyErr_CheckSignals()) { ++ return -1; ++ } ++ } ++ ++ /* retry getentropy() if it was interrupted by a signal */ ++ continue; ++ } ++ ++ if (raise) { ++ PyErr_SetFromErrno(PyExc_OSError); + } + return -1; + } + +- buffer += n; +- size -= n; ++ buffer += len; ++ size -= len; + } + return 1; + } +-#endif ++#endif /* defined(HAVE_GETENTROPY) && !defined(sun) */ ++ + + static struct { + int fd; +@@ -235,136 +274,123 @@ static struct { + ino_t st_ino; + } urandom_cache = { -1 }; + ++/* Read random bytes from the /dev/urandom device: + +-/* Read 'size' random bytes from py_getrandom(). Fall back on reading from +- /dev/urandom if getrandom() is not available. ++ - Return 0 on success ++ - Raise an exception (if raise is non-zero) and return -1 on error + +- Call Py_FatalError() on error. */ +-static void +-dev_urandom_noraise(unsigned char *buffer, Py_ssize_t size) ++ Possible causes of errors: ++ ++ - open() failed with ENOENT, ENXIO, ENODEV, EACCES: the /dev/urandom device ++ was not found. For example, it was removed manually or not exposed in a ++ chroot or container. ++ - open() failed with a different error ++ - fstat() failed ++ - read() failed or returned 0 ++ ++ read() is retried if it failed with EINTR: interrupted by a signal. ++ ++ The file descriptor of the device is kept open between calls to avoid using ++ many file descriptors when run in parallel from multiple threads: ++ see the issue #18756. ++ ++ st_dev and st_ino fields of the file descriptor (from fstat()) are cached to ++ check if the file descriptor was replaced by a different file (which is ++ likely a bug in the application): see the issue #21207. ++ ++ If the file descriptor was closed or replaced, open a new file descriptor ++ but don't close the old file descriptor: it probably points to something ++ important for some third-party code. */ ++static int ++dev_urandom(char *buffer, Py_ssize_t size, int raise) + { + int fd; + Py_ssize_t n; + +- assert (0 < size); ++ if (raise) { ++ struct _Py_stat_struct st; + +-#ifdef PY_GETRANDOM +- if (py_getrandom(buffer, size, 0) == 1) { +- return; ++ if (urandom_cache.fd >= 0) { ++ /* Does the fd point to the same thing as before? (issue #21207) */ ++ if (_Py_fstat_noraise(urandom_cache.fd, &st) ++ || st.st_dev != urandom_cache.st_dev ++ || st.st_ino != urandom_cache.st_ino) { ++ /* Something changed: forget the cached fd (but don't close it, ++ since it probably points to something important for some ++ third-party code). */ ++ urandom_cache.fd = -1; ++ } ++ } ++ if (urandom_cache.fd >= 0) ++ fd = urandom_cache.fd; ++ else { ++ fd = _Py_open("/dev/urandom", O_RDONLY); ++ if (fd < 0) { ++ if (errno == ENOENT || errno == ENXIO || ++ errno == ENODEV || errno == EACCES) { ++ PyErr_SetString(PyExc_NotImplementedError, ++ "/dev/urandom (or equivalent) not found"); ++ } ++ /* otherwise, keep the OSError exception raised by _Py_open() */ ++ return -1; ++ } ++ if (urandom_cache.fd >= 0) { ++ /* urandom_fd was initialized by another thread while we were ++ not holding the GIL, keep it. */ ++ close(fd); ++ fd = urandom_cache.fd; ++ } ++ else { ++ if (_Py_fstat(fd, &st)) { ++ close(fd); ++ return -1; ++ } ++ else { ++ urandom_cache.fd = fd; ++ urandom_cache.st_dev = st.st_dev; ++ urandom_cache.st_ino = st.st_ino; ++ } ++ } ++ } ++ ++ do { ++ n = _Py_read(fd, buffer, (size_t)size); ++ if (n == -1) ++ return -1; ++ if (n == 0) { ++ PyErr_Format(PyExc_RuntimeError, ++ "Failed to read %zi bytes from /dev/urandom", ++ size); ++ return -1; ++ } ++ ++ buffer += n; ++ size -= n; ++ } while (0 < size); + } +- /* getrandom() failed with ENOSYS or EPERM, +- fall back on reading /dev/urandom */ +-#endif +- +- fd = _Py_open_noraise("/dev/urandom", O_RDONLY); +- if (fd < 0) { +- Py_FatalError("Failed to open /dev/urandom"); +- } +- +- while (0 < size) +- { +- do { +- n = read(fd, buffer, (size_t)size); +- } while (n < 0 && errno == EINTR); +- +- if (n <= 0) { +- /* read() failed or returned 0 bytes */ +- Py_FatalError("Failed to read bytes from /dev/urandom"); +- break; +- } +- buffer += n; +- size -= n; +- } +- close(fd); +-} +- +-/* Read 'size' random bytes from py_getrandom(). Fall back on reading from +- /dev/urandom if getrandom() is not available. +- +- Return 0 on success. Raise an exception and return -1 on error. */ +-static int +-dev_urandom_python(char *buffer, Py_ssize_t size) +-{ +- int fd; +- Py_ssize_t n; +- struct _Py_stat_struct st; +-#ifdef PY_GETRANDOM +- int res; +-#endif +- +- if (size <= 0) +- return 0; +- +-#ifdef PY_GETRANDOM +- res = py_getrandom(buffer, size, 1); +- if (res < 0) { +- return -1; +- } +- if (res == 1) { +- return 0; +- } +- /* getrandom() failed with ENOSYS or EPERM, +- fall back on reading /dev/urandom */ +-#endif +- +- if (urandom_cache.fd >= 0) { +- /* Does the fd point to the same thing as before? (issue #21207) */ +- if (_Py_fstat_noraise(urandom_cache.fd, &st) +- || st.st_dev != urandom_cache.st_dev +- || st.st_ino != urandom_cache.st_ino) { +- /* Something changed: forget the cached fd (but don't close it, +- since it probably points to something important for some +- third-party code). */ +- urandom_cache.fd = -1; +- } +- } +- if (urandom_cache.fd >= 0) +- fd = urandom_cache.fd; + else { +- fd = _Py_open("/dev/urandom", O_RDONLY); ++ fd = _Py_open_noraise("/dev/urandom", O_RDONLY); + if (fd < 0) { +- if (errno == ENOENT || errno == ENXIO || +- errno == ENODEV || errno == EACCES) +- PyErr_SetString(PyExc_NotImplementedError, +- "/dev/urandom (or equivalent) not found"); +- /* otherwise, keep the OSError exception raised by _Py_open() */ + return -1; + } +- if (urandom_cache.fd >= 0) { +- /* urandom_fd was initialized by another thread while we were +- not holding the GIL, keep it. */ +- close(fd); +- fd = urandom_cache.fd; +- } +- else { +- if (_Py_fstat(fd, &st)) { ++ ++ while (0 < size) ++ { ++ do { ++ n = read(fd, buffer, (size_t)size); ++ } while (n < 0 && errno == EINTR); ++ ++ if (n <= 0) { ++ /* stop on error or if read(size) returned 0 */ + close(fd); + return -1; + } +- else { +- urandom_cache.fd = fd; +- urandom_cache.st_dev = st.st_dev; +- urandom_cache.st_ino = st.st_ino; +- } ++ ++ buffer += n; ++ size -= n; + } ++ close(fd); + } +- +- do { +- n = _Py_read(fd, buffer, (size_t)size); +- if (n == -1) { +- return -1; +- } +- if (n == 0) { +- PyErr_Format(PyExc_RuntimeError, +- "Failed to read %zi bytes from /dev/urandom", +- size); +- return -1; +- } +- +- buffer += n; +- size -= n; +- } while (0 < size); +- + return 0; + } + +@@ -376,8 +402,8 @@ dev_urandom_close(void) + urandom_cache.fd = -1; + } + } ++#endif /* !MS_WINDOWS */ + +-#endif + + /* Fill buffer with pseudo-random bytes generated by a linear congruent + generator (LCG): +@@ -400,29 +426,98 @@ lcg_urandom(unsigned int x0, unsigned ch + } + } + ++/* Read random bytes: ++ ++ - Return 0 on success ++ - Raise an exception (if raise is non-zero) and return -1 on error ++ ++ Used sources of entropy ordered by preference, preferred source first: ++ ++ - CryptGenRandom() on Windows ++ - getrandom() function (ex: Linux and Solaris): call py_getrandom() ++ - getentropy() function (ex: OpenBSD): call py_getentropy() ++ - /dev/urandom device ++ ++ Read from the /dev/urandom device if getrandom() or getentropy() function ++ is not available or does not work. ++ ++ Prefer getrandom() over getentropy() because getrandom() supports blocking ++ and non-blocking mode and Python requires non-blocking RNG at startup to ++ initialize its hash secret: see the PEP 524. ++ ++ Prefer getrandom() and getentropy() over reading directly /dev/urandom ++ because these functions don't need file descriptors and so avoid ENFILE or ++ EMFILE errors (too many open files): see the issue #18756. ++ ++ Only use RNG running in the kernel. They are more secure because it is ++ harder to get the internal state of a RNG running in the kernel land than a ++ RNG running in the user land. The kernel has a direct access to the hardware ++ and has access to hardware RNG, they are used as entropy sources. ++ ++ Note: the OpenSSL RAND_pseudo_bytes() function does not automatically reseed ++ its RNG on fork(), two child processes (with the same pid) generate the same ++ random numbers: see issue #18747. Kernel RNGs don't have this issue, ++ they have access to good quality entropy sources. ++ ++ If raise is zero: ++ ++ - Don't raise an exception on error ++ - Don't call the Python signal handler (don't call PyErr_CheckSignals()) if ++ a function fails with EINTR: retry directly the interrupted function ++ - Don't release the GIL to call functions. ++*/ ++static int ++pyurandom(void *buffer, Py_ssize_t size, int raise) ++{ ++#if defined(PY_GETRANDOM) || defined(PY_GETENTROPY) ++ int res; ++#endif ++ ++ if (size < 0) { ++ if (raise) { ++ PyErr_Format(PyExc_ValueError, ++ "negative argument not allowed"); ++ } ++ return -1; ++ } ++ ++ if (size == 0) { ++ return 0; ++ } ++ ++#ifdef MS_WINDOWS ++ return win32_urandom((unsigned char *)buffer, size, raise); ++#else ++ ++#if defined(PY_GETRANDOM) || defined(PY_GETENTROPY) ++#ifdef PY_GETRANDOM ++ res = py_getrandom(buffer, size, raise); ++#else ++ res = py_getentropy(buffer, size, raise); ++#endif ++ if (res < 0) { ++ return -1; ++ } ++ if (res == 1) { ++ return 0; ++ } ++ /* getrandom() or getentropy() function is not available: failed with ++ ENOSYS, EPERM or EAGAIN. Fall back on reading from /dev/urandom. */ ++#endif ++ ++ return dev_urandom(buffer, size, raise); ++#endif ++} ++ + /* Fill buffer with size pseudo-random bytes from the operating system random + number generator (RNG). It is suitable for most cryptographic purposes + except long living private keys for asymmetric encryption. + +- Return 0 on success, raise an exception and return -1 on error. */ ++ Return 0 on success. Raise an exception and return -1 on error. */ + int + _PyOS_URandom(void *buffer, Py_ssize_t size) + { +- if (size < 0) { +- PyErr_Format(PyExc_ValueError, +- "negative argument not allowed"); +- return -1; +- } +- if (size == 0) +- return 0; +- +-#ifdef MS_WINDOWS +- return win32_urandom((unsigned char *)buffer, size, 1); +-#elif defined(PY_GETENTROPY) +- return py_getentropy(buffer, size, 0); +-#else +- return dev_urandom_python((char*)buffer, size); +-#endif ++ return pyurandom(buffer, size, 1); + } + + void +@@ -463,13 +558,14 @@ void + } + } + else { +-#ifdef MS_WINDOWS +- (void)win32_urandom(secret, secret_size, 0); +-#elif defined(PY_GETENTROPY) +- (void)py_getentropy(secret, secret_size, 1); +-#else +- dev_urandom_noraise(secret, secret_size); +-#endif ++ int res; ++ ++ /* _PyRandom_Init() is called very early in the Python initialization ++ and so exceptions cannot be used (use raise=0). */ ++ res = pyurandom(secret, secret_size, 0); ++ if (res < 0) { ++ Py_FatalError("failed to get random numbers to initialize Python"); ++ } + } + } + +@@ -481,8 +577,6 @@ void + CryptReleaseContext(hCryptProv, 0); + hCryptProv = 0; + } +-#elif defined(PY_GETENTROPY) +- /* nothing to clean */ + #else + dev_urandom_close(); + #endif + diff --git a/gnu/packages/patches/python-fix-tests.patch b/gnu/packages/patches/python-fix-tests.patch index e093307c51..d8f69866fd 100644 --- a/gnu/packages/patches/python-fix-tests.patch +++ b/gnu/packages/patches/python-fix-tests.patch @@ -3,23 +3,22 @@ http://bugs.python.org/issue20868 . --- Lib/test/test_shutil.py 2014-03-01 03:02:36.088311000 +0100 +++ Lib/test/test_shutil.py 2014-03-01 04:56:37.768311000 +0100 -@@ -1053,6 +1053,7 @@ +@@ -1127,6 +1127,7 @@ self.assertRaises(ValueError, make_archive, base_name, 'xxx') - - @requires_zlib + + @support.requires_zlib + @unittest.skipIf(True, "getgrgid(0)[0] raises a KeyError on Guix") def test_make_archive_owner_group(self): # testing make_archive with owner and group, with various combinations # this works even if there's not gid/uid support -@@ -1081,6 +1082,7 @@ - - - @requires_zlib +@@ -1155,6 +1156,7 @@ + + + @support.requires_zlib + @unittest.skipIf(True, "getgrgid(0)[0] raises a KeyError on Guix") @unittest.skipUnless(UID_GID_SUPPORT, "Requires grp and pwd support") def test_tarfile_root_owner(self): - tmpdir, tmpdir2, base_name = self._create_files() - + root_dir, base_dir = self._create_files() --- Lib/test/test_socket.py.orig 2014-03-02 22:14:12.264311000 +0100 +++ Lib/test/test_socket.py 2014-03-21 03:50:45.660311000 +0100 @@ -819,6 +819,8 @@ diff --git a/gnu/packages/patches/sed-hurd-path-max.patch b/gnu/packages/patches/sed-hurd-path-max.patch deleted file mode 100644 index 5226cba4cb..0000000000 --- a/gnu/packages/patches/sed-hurd-path-max.patch +++ /dev/null @@ -1,34 +0,0 @@ -7bb8d35d0330161a5af5341471d0c183a067e8c2 -Author: Jose E. Marchesi <jemarch@gnu.org> -Date: Sun Oct 6 14:43:38 2013 +0200 - - Set PATH_MAX to some constant in case it is not defined in system - headers. - - 2013-10-06 Jose E. Marchesi <jemarch@gnu.org> - - * basicdefs.h (PATH_MAX): Defined to some constant in case it is - not defined by system headers. - * sed/utils.c: Do not include pathmax.h anymore. - * bootstrap.conf (gnulib_modules): Do not use the gnulib module - pathmax. - -diff --git a/basicdefs.h b/basicdefs.h -index 0d28a97..09f5beb 100644 ---- a/basicdefs.h -+++ b/basicdefs.h -@@ -40,6 +41,13 @@ typedef unsigned long countT; - #define obstack_chunk_alloc ck_malloc - #define obstack_chunk_free free - -+/* MAX_PATH is not defined in some platforms, most notably GNU/Hurd. -+ In that case we define it here to some constant. Note however that -+ this relies in the fact that sed does reallocation if a buffer -+ needs to be larger than PATH_MAX. */ -+#ifndef PATH_MAX -+# define PATH_MAX 200 -+#endif - - /* handle misdesigned <ctype.h> macros (snarfed from lib/regex.c) */ - /* Jim Meyering writes: - diff --git a/gnu/packages/patches/tar-CVE-2016-6321.patch b/gnu/packages/patches/tar-CVE-2016-6321.patch new file mode 100644 index 0000000000..b79be9bc94 --- /dev/null +++ b/gnu/packages/patches/tar-CVE-2016-6321.patch @@ -0,0 +1,51 @@ +Fix CVE-2016-6321: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321 +https://security-tracker.debian.org/tracker/CVE-2016-6321 + +Patch adapted from upstream source repository (the changes to 'NEWS' +don't apply to the Tar 1.29 release tarball). + +http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d + +From 7340f67b9860ea0531c1450e5aa261c50f67165d Mon Sep 17 00:00:00 2001 +From: Paul Eggert <eggert@Penguin.CS.UCLA.EDU> +Date: Sat, 29 Oct 2016 21:04:40 -0700 +Subject: [PATCH] When extracting, skip ".." members + +* NEWS: Document this. +* src/extract.c (extract_archive): Skip members whose names +contain "..". +--- + NEWS | 8 +++++++- + src/extract.c | 8 ++++++++ + 2 files changed, 15 insertions(+), 1 deletion(-) + +diff --git a/src/extract.c b/src/extract.c +index f982433..7904148 100644 +--- a/src/extract.c ++++ b/src/extract.c +@@ -1629,12 +1629,20 @@ extract_archive (void) + { + char typeflag; + tar_extractor_t fun; ++ bool skip_dotdot_name; + + fatal_exit_hook = extract_finish; + + set_next_block_after (current_header); + ++ skip_dotdot_name = (!absolute_names_option ++ && contains_dot_dot (current_stat_info.orig_file_name)); ++ if (skip_dotdot_name) ++ ERROR ((0, 0, _("%s: Member name contains '..'"), ++ quotearg_colon (current_stat_info.orig_file_name))); ++ + if (!current_stat_info.file_name[0] ++ || skip_dotdot_name + || (interactive_option + && !confirm ("extract", current_stat_info.file_name))) + { +-- +2.11.0 + diff --git a/gnu/packages/patches/tcsh-do-not-define-BSDWAIT.patch b/gnu/packages/patches/tcsh-do-not-define-BSDWAIT.patch deleted file mode 100644 index 1426883216..0000000000 --- a/gnu/packages/patches/tcsh-do-not-define-BSDWAIT.patch +++ /dev/null @@ -1,33 +0,0 @@ -Do not define BSDWAIT to avoid error "storage size of ‘w’ isn’t known". - -This is an adapted version of the upstream patch taken from here: -https://github.com/tcsh-org/tcsh/commit/4689eb60a74bf13bc146ca3d76e9d7a124ab7b49.patch - -From 4689eb60a74bf13bc146ca3d76e9d7a124ab7b49 Mon Sep 17 00:00:00 2001 -From: christos <christos> -Date: Fri, 23 Sep 2016 19:17:28 +0000 -Subject: [PATCH] Don't define BSDWAIT for linux anymore. - ---- - sh.proc.c | 8 +++----- - 1 file changed, 3 insertions(+), 5 deletions(-) - -diff --git a/sh.proc.c b/sh.proc.c -index 49b199f..874d67c 100644 ---- sh.proc.c -+++ sh.proc.c -@@ -47,11 +47,9 @@ RCSID("$tcsh$") - # define HZ 16 - #endif /* aiws */ - --#if defined(_BSD) || (defined(IRIS4D) && __STDC__) || defined(__lucid) || defined(__linux__) || defined(__GNU__) || defined(__GLIBC__) --# if !defined(__ANDROID__) --# define BSDWAIT --# endif --#endif /* _BSD || (IRIS4D && __STDC__) || __lucid || glibc */ -+#if defined(_BSD) || (defined(IRIS4D) && __STDC__) || defined(__lucid) -+# define BSDWAIT -+#endif /* _BSD || (IRIS4D && __STDC__) || __lucid */ - #ifndef WTERMSIG - # define WTERMSIG(w) (((union wait *) &(w))->w_termsig) - # ifndef BSDWAIT diff --git a/gnu/packages/patches/tcsh-fix-autotest.patch b/gnu/packages/patches/tcsh-fix-autotest.patch index a16980161c..78444a1b2a 100644 --- a/gnu/packages/patches/tcsh-fix-autotest.patch +++ b/gnu/packages/patches/tcsh-fix-autotest.patch @@ -1,6 +1,6 @@ ---- tests/commands.at 2011-01-22 01:04:02.000000000 +0100 -+++ tests/commands.at 2013-02-04 10:57:24.000000000 +0100 -@@ -919,26 +919,27 @@ +--- tests/commands.at ++++ tests/commands.at +@@ -921,26 +921,27 @@ AT_CLEANUP TCSH_UNTESTED([notify]) @@ -48,27 +48,9 @@ AT_SETUP([popd]) -@@ -1203,11 +1204,12 @@ - AT_DATA([script.csh], - [[set var=$1 - ]]) --AT_CHECK([[tcsh -f -c 'source -h script.csh foo; history' \ -- | sed 's/ [^ ]* / TIME /']], , --[ 1 TIME source -h script.csh foo ; history -- 2 TIME set var=$1 --]) -+# XXX: Not sure why this fails. The output is : "1 TIME set var=$1" -+#AT_CHECK([[tcsh -f -c 'source -h script.csh foo; history' \ -+# | sed 's/ [^ ]* / TIME /']], , -+#[ 1 TIME source -h script.csh foo ; history -+# 2 TIME set var=$1 -+#]) - - AT_CHECK([tcsh -f -c 'source -h script.csh foo; echo $var'], 1, [], - [var: Undefined variable. ---- tests/lexical.at 2011-12-27 22:50:52.000000000 +0100 -+++ tests/lexical.at 2013-02-04 10:53:21.000000000 +0100 -@@ -33,9 +33,9 @@ +--- tests/lexical.at ++++ tests/lexical.at +@@ -35,9 +35,9 @@ AT_CHECK([if [ ! -t 0 ]; then exit 77; fi],, [Skipping comment tests]) AT_CHECK([echo 'echo OK@%:@comment' | tcsh -f], , [OK ]) @@ -81,9 +63,33 @@ AT_DATA([comment2.csh], [[echo testing...@%:@\ ---- tests/subst.at 2011-12-27 22:50:52.000000000 +0100 -+++ tests/subst.at 2013-02-01 08:14:25.000000000 +0100 -@@ -54,7 +54,7 @@ +@@ -567,10 +567,10 @@ run=3 +# Adapt to changes in sed 4.3: +# https://github.com/tcsh-org/tcsh/commit/2ad4fc1705893207598ed5cd21713ddf3f17bba0 + ]]) + AT_DATA([uniformity_test.csh], + [[ +-set SERVICE_NAME_LOG = `cat batchsystem.properties | grep '^jdbc_url' | sed -ne 's/^[^=]*=[^@]*@[:blank:]*\([^$]*\)$/\1/p' | perl -pe 's/\s//g' | perl -pe 's/\)/\\\)/g' | perl -pe 's/\(/\\\(/g'` ++set SERVICE_NAME_LOG = `cat batchsystem.properties | grep '^jdbc_url' | sed -ne 's/^[^=]*=[^@]*@[[:blank:]]*\([^$]*\)$/\1/p' | perl -pe 's/\s//g' | perl -pe 's/\)/\\\)/g' | perl -pe 's/\(/\\\(/g'` + echo -n "$SERVICE_NAME_LOG" > ./output1 + +-cat batchsystem.properties | grep '^jdbc_url' | sed -ne 's/^[^=]*=[^@]*@[:blank:]*\([^$]*\)$/\1/p' | perl -pe 's/\s//g' | perl -pe 's/\)/\\\)/g' | perl -pe 's/\(/\\\(/g' > ./output2 ++cat batchsystem.properties | grep '^jdbc_url' | sed -ne 's/^[^=]*=[^@]*@[[:blank:]]*\([^$]*\)$/\1/p' | perl -pe 's/\s//g' | perl -pe 's/\)/\\\)/g' | perl -pe 's/\(/\\\(/g' > ./output2 + + diff -uprN ./output1 ./output2 >& /dev/null + +@@ -587,7 +587,7 @@ AT_DATA([quoting_result_test.csh], + echo "(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP\)(HOST=db\)(PORT=1521\)\)(CONNECT_DATA=(SERVER=DEDICATED\)(SERVICE_NAME=bns03\)\)\)" > ./expected_result + + set string = "jdbc_url=jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=db)(PORT=1521))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=bns03)))" +-set SERVICE_NAME_LOG = `echo "$string" | grep '^jdbc_url' | sed -ne 's/^[^=]*=[^@]*@[:blank:]*\([^$]*\)$/\1/p' | perl -pe 's/\)/\\\)/g'` ++set SERVICE_NAME_LOG = `echo "$string" | grep '^jdbc_url' | sed -ne 's/^[^=]*=[^@]*@[[:blank:]]*\([^$]*\)$/\1/p' | perl -pe 's/\)/\\\)/g'` + + echo "$SERVICE_NAME_LOG" > ./actual_result + +--- tests/subst.at ++++ tests/subst.at +@@ -54,7 +54,7 @@ AT_CHECK([echo 'echo ~; echo "$HOME"' | tcsh -f | uniq | wc -l | tr -d ' \t'], , [1 ]) @@ -92,39 +98,9 @@ | wc -l | tr -d ' \t'], , [1 ]) ---- tests/variables.at 2011-12-27 22:50:52.000000000 +0100 -+++ tests/variables.at 2013-02-04 11:40:35.000000000 +0100 -@@ -317,17 +317,18 @@ - AT_CLEANUP - - --AT_SETUP([$ edit]) -- --AT_CHECK([TERM=something tcsh -f -c 'echo $?edit'], , --[1 --]) -- --AT_CHECK([TERM=dumb tcsh -f -c 'echo $?edit'], , --[0 --]) -- --AT_CLEANUP -+# XXX -+#AT_SETUP([$ edit]) -+# -+#AT_CHECK([TERM=something tcsh -f -c 'echo $?edit'], , -+#[1 -+#]) -+# -+#AT_CHECK([TERM=dumb tcsh -f -c 'echo $?edit'], , -+#[0 -+#]) -+# -+#AT_CLEANUP - - - AT_SETUP([$ ellipsis]) -@@ -642,7 +643,8 @@ +--- tests/variables.at ++++ tests/variables.at +@@ -666,7 +666,8 @@ set listflags=(-xA $cwd/args.sh) ls-F -something . ]]) AT_DATA([args.sh], @@ -134,7 +110,22 @@ ]]) chmod a+x args.sh AT_CHECK([tcsh -f listflags.csh], , -@@ -695,55 +697,57 @@ +@@ -704,9 +705,9 @@ AT_CHECK([tcsh -f mail.csh], , +# This test fails by trying to change to the build user's home +# directory, which does not exist. + AT_CLEANUP + + +-AT_SETUP([$ cdtohome]) +-AT_CHECK([tcsh -f -c 'cd'], 0) +-AT_CLEANUP ++#AT_SETUP([$ cdtohome]) ++#AT_CHECK([tcsh -f -c 'cd'], 0) ++#AT_CLEANUP + AT_SETUP([$ noimplicithome]) + AT_CHECK([tcsh -f -c 'unset cdtohome; cd'], 1, , [cd: Too few arguments. + ]) +@@ -728,55 +729,57 @@ TCSH_UNTESTED([$ oid]) AT_SETUP([$ owd]) AT_DATA([owd.csh], diff --git a/gnu/packages/patches/xcb-proto-python3-print.patch b/gnu/packages/patches/xcb-proto-python3-print.patch new file mode 100644 index 0000000000..7d5dc9bc27 --- /dev/null +++ b/gnu/packages/patches/xcb-proto-python3-print.patch @@ -0,0 +1,75 @@ +Patch copied from upstream source repository: + +https://cgit.freedesktop.org/xcb/proto/commit/?id=bea5e1c85bdc0950913790364e18228f20395a3d + +From bea5e1c85bdc0950913790364e18228f20395a3d Mon Sep 17 00:00:00 2001 +From: Thomas Klausner <wiz@NetBSD.org> +Date: Thu, 19 May 2016 17:30:05 +0200 +Subject: [PATCH] print() is a function and needs parentheses. + +Fixes build with python-3.x. + +Signed-off-by: Thomas Klausner <wiz@NetBSD.org> +Signed-off-by: Uli Schlachter <psychon@znc.in> +--- + xcbgen/xtypes.py | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/xcbgen/xtypes.py b/xcbgen/xtypes.py +index c3b5758..b83b119 100644 +--- a/xcbgen/xtypes.py ++++ b/xcbgen/xtypes.py +@@ -501,7 +501,7 @@ class ComplexType(Type): + int(required_start_align_element.get('align', "4"), 0), + int(required_start_align_element.get('offset', "0"), 0)) + if verbose_align_log: +- print "Explicit start-align for %s: %s\n" % (self, self.required_start_align) ++ print ("Explicit start-align for %s: %s\n" % (self, self.required_start_align)) + + def resolve(self, module): + if self.resolved: +@@ -592,7 +592,7 @@ class ComplexType(Type): + if verbose_align_log: + print ("calc_required_start_align: %s has start-align %s" + % (str(self), str(self.required_start_align))) +- print "Details:\n" + str(log) ++ print ("Details:\n" + str(log)) + if self.required_start_align.offset != 0: + print (("WARNING: %s\n\thas start-align with non-zero offset: %s" + + "\n\tsuggest to add explicit definition with:" +@@ -619,12 +619,12 @@ class ComplexType(Type): + for offset in range(0,align): + align_candidate = Alignment(align, offset) + if verbose_align_log: +- print "trying %s for %s" % (str(align_candidate), str(self)) ++ print ("trying %s for %s" % (str(align_candidate), str(self))) + my_log = AlignmentLog() + if self.is_possible_start_align(align_candidate, callstack, my_log): + log.append(my_log) + if verbose_align_log: +- print "found start-align %s for %s" % (str(align_candidate), str(self)) ++ print ("found start-align %s for %s" % (str(align_candidate), str(self))) + return align_candidate + else: + my_ok_count = my_log.ok_count() +@@ -641,7 +641,7 @@ class ComplexType(Type): + # none of the candidates applies + # this type has illegal internal aligns for all possible start_aligns + if verbose_align_log: +- print "didn't find start-align for %s" % str(self) ++ print ("didn't find start-align for %s" % str(self)) + log.append(best_log) + return None + +@@ -900,7 +900,7 @@ class SwitchType(ComplexType): + # aux function for unchecked_get_alignment_after + def get_align_for_selected_case_field(self, case_field, start_align, callstack, log): + if verbose_align_log: +- print "get_align_for_selected_case_field: %s, case_field = %s" % (str(self), str(case_field)) ++ print ("get_align_for_selected_case_field: %s, case_field = %s" % (str(self), str(case_field))) + total_align = start_align + for field in self.bitcases: + my_callstack = callstack[:] +-- +2.11.1 + diff --git a/gnu/packages/patches/xcb-proto-python3-whitespace.patch b/gnu/packages/patches/xcb-proto-python3-whitespace.patch new file mode 100644 index 0000000000..f0509138b2 --- /dev/null +++ b/gnu/packages/patches/xcb-proto-python3-whitespace.patch @@ -0,0 +1,217 @@ +Fixes compatibility issue with python > 3.5. + +Patch copied from upstream source repository: + +https://cgit.freedesktop.org/xcb/proto/commit/?id=ea7a3ac6c658164690e0febb55f4467cb9e0bcac + +From ea7a3ac6c658164690e0febb55f4467cb9e0bcac Mon Sep 17 00:00:00 2001 +From: Thomas Klausner <wiz@NetBSD.org> +Date: Thu, 19 May 2016 17:30:04 +0200 +Subject: [PATCH] Make whitespace use consistent. + +At least python-3.5.x complains about this forcefully. + +Signed-off-by: Thomas Klausner <wiz@NetBSD.org> +Signed-off-by: Uli Schlachter <psychon@znc.in> +--- + xcbgen/align.py | 96 ++++++++++++++++++++++++++++----------------------------- + 1 file changed, 48 insertions(+), 48 deletions(-) + +diff --git a/xcbgen/align.py b/xcbgen/align.py +index 5e31838..d4c12ee 100644 +--- a/xcbgen/align.py ++++ b/xcbgen/align.py +@@ -16,12 +16,12 @@ class Alignment(object): + return self.align == other.align and self.offset == other.offset + + def __str__(self): +- return "(align=%d, offset=%d)" % (self.align, self.offset) ++ return "(align=%d, offset=%d)" % (self.align, self.offset) + + @staticmethod + def for_primitive_type(size): +- # compute the required start_alignment based on the size of the type +- if size % 8 == 0: ++ # compute the required start_alignment based on the size of the type ++ if size % 8 == 0: + # do 8-byte primitives require 8-byte alignment in X11? + return Alignment(8,0) + elif size % 4 == 0: +@@ -33,7 +33,7 @@ class Alignment(object): + + + def align_after_fixed_size(self, size): +- new_offset = (self.offset + size) % self.align ++ new_offset = (self.offset + size) % self.align + return Alignment(self.align, new_offset) + + +@@ -41,7 +41,7 @@ class Alignment(object): + ''' + Assuming the given external_align, checks whether + self is fulfilled for all cases. +- Returns True if yes, False otherwise. ++ Returns True if yes, False otherwise. + ''' + if self.align == 1 and self.offset == 0: + # alignment 1 with offset 0 is always fulfilled +@@ -55,9 +55,9 @@ class Alignment(object): + # the external align guarantees less alignment -> not guaranteed + return False + +- if external_align.align % self.align != 0: ++ if external_align.align % self.align != 0: + # the external align cannot be divided by our align +- # -> not guaranteed ++ # -> not guaranteed + # (this can only happen if there are alignments that are not + # a power of 2, which is highly discouraged. But better be + # safe and check for it) +@@ -72,7 +72,7 @@ class Alignment(object): + + def combine_with(self, other): + # returns the alignment that is guaranteed when +- # both, self or other, can happen ++ # both, self or other, can happen + new_align = gcd(self.align, other.align) + new_offset_candidate1 = self.offset % new_align + new_offset_candidate2 = other.offset % new_align +@@ -83,8 +83,8 @@ class Alignment(object): + new_align = gcd(new_align, offset_diff) + new_offset_candidate1 = self.offset % new_align + new_offset_candidate2 = other.offset % new_align +- assert new_offset_candidate1 == new_offset_candidate2 +- new_offset = new_offset_candidate1 ++ assert new_offset_candidate1 == new_offset_candidate2 ++ new_offset = new_offset_candidate1 + # return the result + return Alignment(new_align, new_offset) + +@@ -92,44 +92,44 @@ class Alignment(object): + class AlignmentLog(object): + + def __init__(self): +- self.ok_list = [] +- self.fail_list = [] +- self.verbosity = 1 ++ self.ok_list = [] ++ self.fail_list = [] ++ self.verbosity = 1 + + def __str__(self): +- result = "" ++ result = "" + +- # output the OK-list +- for (align_before, field_name, type_obj, callstack, align_after) in self.ok_list: +- stacksize = len(callstack) ++ # output the OK-list ++ for (align_before, field_name, type_obj, callstack, align_after) in self.ok_list: ++ stacksize = len(callstack) + indent = ' ' * stacksize +- if self.ok_callstack_is_relevant(callstack): ++ if self.ok_callstack_is_relevant(callstack): + if field_name is None or field_name == "": +- result += (" %sok: %s:\n\t%sbefore: %s, after: %s\n" +- % (indent, str(type_obj), indent, str(align_before), str(align_after))) +- else: +- result += (" %sok: field \"%s\" in %s:\n\t%sbefore: %s, after: %s\n" +- % (indent, str(field_name), str(type_obj), +- indent, str(align_before), str(align_after))) ++ result += (" %sok: %s:\n\t%sbefore: %s, after: %s\n" ++ % (indent, str(type_obj), indent, str(align_before), str(align_after))) ++ else: ++ result += (" %sok: field \"%s\" in %s:\n\t%sbefore: %s, after: %s\n" ++ % (indent, str(field_name), str(type_obj), ++ indent, str(align_before), str(align_after))) + if self.verbosity >= 1: +- result += self.callstack_to_str(indent, callstack) ++ result += self.callstack_to_str(indent, callstack) + +- # output the fail-list +- for (align_before, field_name, type_obj, callstack, reason) in self.fail_list: +- stacksize = len(callstack) ++ # output the fail-list ++ for (align_before, field_name, type_obj, callstack, reason) in self.fail_list: ++ stacksize = len(callstack) + indent = ' ' * stacksize +- if field_name is None or field_name == "": +- result += (" %sfail: align %s is incompatible with\n\t%s%s\n\t%sReason: %s\n" +- % (indent, str(align_before), indent, str(type_obj), indent, reason)) +- else: +- result += (" %sfail: align %s is incompatible with\n\t%sfield \"%s\" in %s\n\t%sReason: %s\n" +- % (indent, str(align_before), indent, str(field_name), str(type_obj), indent, reason)) ++ if field_name is None or field_name == "": ++ result += (" %sfail: align %s is incompatible with\n\t%s%s\n\t%sReason: %s\n" ++ % (indent, str(align_before), indent, str(type_obj), indent, reason)) ++ else: ++ result += (" %sfail: align %s is incompatible with\n\t%sfield \"%s\" in %s\n\t%sReason: %s\n" ++ % (indent, str(align_before), indent, str(field_name), str(type_obj), indent, reason)) + + if self.verbosity >= 1: +- result += self.callstack_to_str(indent, callstack) ++ result += self.callstack_to_str(indent, callstack) + + +- return result ++ return result + + + def callstack_to_str(self, indent, callstack): +@@ -137,41 +137,41 @@ class AlignmentLog(object): + for stack_elem in callstack: + result += "\t %s%s\n" % (indent, str(stack_elem)) + result += "\t%s]\n" % indent +- return result ++ return result + + + def ok_callstack_is_relevant(self, ok_callstack): + # determine whether an ok callstack is relevant for logging +- if self.verbosity >= 2: +- return True ++ if self.verbosity >= 2: ++ return True + + # empty callstacks are always relevant +- if len(ok_callstack) == 0: ++ if len(ok_callstack) == 0: + return True + +- # check whether the ok_callstack is a subset or equal to a fail_callstack ++ # check whether the ok_callstack is a subset or equal to a fail_callstack + for (align_before, field_name, type_obj, fail_callstack, reason) in self.fail_list: + if len(ok_callstack) <= len(fail_callstack): + zipped = zip(ok_callstack, fail_callstack[:len(ok_callstack)]) +- is_subset = all([i == j for i, j in zipped]) +- if is_subset: ++ is_subset = all([i == j for i, j in zipped]) ++ if is_subset: + return True + + return False + + + def ok(self, align_before, field_name, type_obj, callstack, align_after): +- self.ok_list.append((align_before, field_name, type_obj, callstack, align_after)) ++ self.ok_list.append((align_before, field_name, type_obj, callstack, align_after)) + + def fail(self, align_before, field_name, type_obj, callstack, reason): +- self.fail_list.append((align_before, field_name, type_obj, callstack, reason)) ++ self.fail_list.append((align_before, field_name, type_obj, callstack, reason)) + + def append(self, other): +- self.ok_list.extend(other.ok_list) +- self.fail_list.extend(other.fail_list) ++ self.ok_list.extend(other.ok_list) ++ self.fail_list.extend(other.fail_list) + + def ok_count(self): +- return len(self.ok_list) ++ return len(self.ok_list) + + + +-- +2.11.1 + diff --git a/gnu/packages/patches/xf86-input-wacom-xorg-abi-25.patch b/gnu/packages/patches/xf86-input-wacom-xorg-abi-25.patch new file mode 100644 index 0000000000..dc594bdccb --- /dev/null +++ b/gnu/packages/patches/xf86-input-wacom-xorg-abi-25.patch @@ -0,0 +1,46 @@ +Resolves a test compatibility issue with xorg >= 1.19. + +Upstream bug report: + +https://sourceforge.net/p/linuxwacom/bugs/329/ + +Patch copied from upstream source repository: + +https://sourceforge.net/p/linuxwacom/xf86-input-wacom/ci/f0dedf7a610ac97bc45738492b98ce4f1e0514ec/ + +From f0dedf7a610ac97bc45738492b98ce4f1e0514ec Mon Sep 17 00:00:00 2001 +From: Jason Gerecke <killertofu@gmail.com> +Date: Wed, 18 Jan 2017 09:00:10 -0800 +Subject: [PATCH] tests: Fix compilation under ABI 25 and greater + +diff --git a/test/fake-symbols.c b/test/fake-symbols.c +index 6f2c10a..e649fb9 100644 +--- a/test/fake-symbols.c ++++ b/test/fake-symbols.c +@@ -493,6 +493,7 @@ void TimerFree(OsTimerPtr timer) + { + } + ++#if GET_ABI_MAJOR(ABI_XINPUT_VERSION) < 24 + int + xf86BlockSIGIO (void) + { +@@ -503,6 +504,15 @@ void + xf86UnblockSIGIO (int wasset) + { + } ++#else ++void input_lock (void) ++{ ++} ++ ++void input_unlock (void) ++{ ++} ++#endif + + /* This is not the same as the X server one, but it'll do for the tests */ + #if GET_ABI_MAJOR(ABI_XINPUT_VERSION) >= 14 +-- +2.11.1 + |