summaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/alsa-lib-mips-atomic-fix.patch42
-rw-r--r--gnu/packages/patches/coreutils-fix-cross-compilation.patch15
-rw-r--r--gnu/packages/patches/eudev-conflicting-declaration.patch31
-rw-r--r--gnu/packages/patches/flex-CVE-2016-6354.patch30
-rw-r--r--gnu/packages/patches/fontconfig-charwidth-symbol-conflict.patch82
-rw-r--r--gnu/packages/patches/fontconfig-path-max.patch124
-rw-r--r--gnu/packages/patches/gcc-5-source-date-epoch-1.patch190
-rw-r--r--gnu/packages/patches/gcc-5-source-date-epoch-2.patch353
-rw-r--r--gnu/packages/patches/gcc-libiberty-printf-decl.patch28
-rw-r--r--gnu/packages/patches/gd-CVE-2016-7568.patch44
-rw-r--r--gnu/packages/patches/gd-CVE-2016-8670.patch38
-rw-r--r--gnu/packages/patches/gd-fix-chunk-size-on-boundaries.patch102
-rw-r--r--gnu/packages/patches/gd-fix-truecolor-format-correction.patch95
-rw-r--r--gnu/packages/patches/gd-freetype-test-failure.patch59
-rw-r--r--gnu/packages/patches/gd-php-73968-Fix-109-XBM-reading.patch121
-rw-r--r--gnu/packages/patches/gdk-pixbuf-list-dir.patch35
-rw-r--r--gnu/packages/patches/glibc-bootstrap-system.patch2
-rw-r--r--gnu/packages/patches/guile-repl-server-test.patch48
-rw-r--r--gnu/packages/patches/lcms-CVE-2016-10165.patch (renamed from gnu/packages/patches/lcms-fix-out-of-bounds-read.patch)4
-rw-r--r--gnu/packages/patches/libarchive-7zip-heap-overflow.patch77
-rw-r--r--gnu/packages/patches/libarchive-fix-filesystem-attacks.patch445
-rw-r--r--gnu/packages/patches/libarchive-fix-symlink-check.patch60
-rw-r--r--gnu/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch44
-rw-r--r--gnu/packages/patches/libdrm-symbol-check.patch27
-rw-r--r--gnu/packages/patches/libepoxy-gl-null-checks.patch54
-rw-r--r--gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch (renamed from gnu/packages/patches/libevent-2.0-evdns-fix-remote-stack-overread.patch)5
-rw-r--r--gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch (renamed from gnu/packages/patches/libevent-2.0-evutil-fix-buffer-overflow.patch)5
-rw-r--r--gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch (renamed from gnu/packages/patches/libevent-2.0-evdns-fix-searching-empty-hostnames.patch)5
-rw-r--r--gnu/packages/patches/libpng-CVE-2016-10087.patch37
-rw-r--r--gnu/packages/patches/libssh2-fix-build-failure-with-gcrypt.patch33
-rw-r--r--gnu/packages/patches/libxcb-python-3.5-compat.patch64
-rw-r--r--gnu/packages/patches/pcre-CVE-2016-3191.patch151
-rw-r--r--gnu/packages/patches/python-2.7-getentropy-on-old-kernels.patch54
-rw-r--r--gnu/packages/patches/python-3.4-fix-tests.patch12
-rw-r--r--gnu/packages/patches/python-3.5-fix-tests.patch37
-rw-r--r--gnu/packages/patches/python-3.5-getentropy-on-old-kernels.patch720
-rw-r--r--gnu/packages/patches/python-fix-tests.patch17
-rw-r--r--gnu/packages/patches/sed-hurd-path-max.patch34
-rw-r--r--gnu/packages/patches/tar-CVE-2016-6321.patch51
-rw-r--r--gnu/packages/patches/tcsh-do-not-define-BSDWAIT.patch33
-rw-r--r--gnu/packages/patches/tcsh-fix-autotest.patch113
-rw-r--r--gnu/packages/patches/xcb-proto-python3-print.patch75
-rw-r--r--gnu/packages/patches/xcb-proto-python3-whitespace.patch217
-rw-r--r--gnu/packages/patches/xf86-input-wacom-xorg-abi-25.patch46
44 files changed, 2425 insertions, 1434 deletions
diff --git a/gnu/packages/patches/alsa-lib-mips-atomic-fix.patch b/gnu/packages/patches/alsa-lib-mips-atomic-fix.patch
deleted file mode 100644
index 8c37bd3ac4..0000000000
--- a/gnu/packages/patches/alsa-lib-mips-atomic-fix.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Fix the declarations of inlined atomic ops for mips.
-
-This patch was copied from Debian.
-
---- alsa-lib/include/iatomic.h.orig 2013-05-21 04:48:28.000000000 -0400
-+++ alsa-lib/include/iatomic.h 2013-10-29 13:01:37.055995968 -0400
-@@ -720,7 +720,7 @@
- * Atomically adds @i to @v. Note that the guaranteed useful range
- * of an atomic_t is only 24 bits.
- */
--extern __inline__ void atomic_add(int i, atomic_t * v)
-+static __inline__ void atomic_add(int i, atomic_t * v)
- {
- unsigned long temp;
-
-@@ -744,7 +744,7 @@
- * Atomically subtracts @i from @v. Note that the guaranteed
- * useful range of an atomic_t is only 24 bits.
- */
--extern __inline__ void atomic_sub(int i, atomic_t * v)
-+static __inline__ void atomic_sub(int i, atomic_t * v)
- {
- unsigned long temp;
-
-@@ -763,7 +763,7 @@
- /*
- * Same as above, but return the result value
- */
--extern __inline__ int atomic_add_return(int i, atomic_t * v)
-+static __inline__ int atomic_add_return(int i, atomic_t * v)
- {
- unsigned long temp, result;
-
-@@ -784,7 +784,7 @@
- return result;
- }
-
--extern __inline__ int atomic_sub_return(int i, atomic_t * v)
-+static __inline__ int atomic_sub_return(int i, atomic_t * v)
- {
- unsigned long temp, result;
-
diff --git a/gnu/packages/patches/coreutils-fix-cross-compilation.patch b/gnu/packages/patches/coreutils-fix-cross-compilation.patch
new file mode 100644
index 0000000000..3f0d35c33e
--- /dev/null
+++ b/gnu/packages/patches/coreutils-fix-cross-compilation.patch
@@ -0,0 +1,15 @@
+Coreutils fails to cross compile for other platforms because cu_install_program
+is not being evaluated properly. This patch fixes it.
+See <https://lists.gnu.org/archive/html/coreutils/2017-01/msg00039.html>
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -5023,7 +5023,7 @@ pr = progs-readme
+ @CROSS_COMPILING_FALSE@cu_install_program = src/ginstall
+
+ # Use the just-built 'ginstall', when not cross-compiling.
+-@CROSS_COMPILING_TRUE@cu_install_program = @INSTALL_PROGRAM@
++@CROSS_COMPILING_TRUE@cu_install_program := @INSTALL@
+ info_TEXINFOS = doc/coreutils.texi
+ doc_coreutils_TEXINFOS = \
+ doc/perm.texi \
+
diff --git a/gnu/packages/patches/eudev-conflicting-declaration.patch b/gnu/packages/patches/eudev-conflicting-declaration.patch
new file mode 100644
index 0000000000..f5399e20d3
--- /dev/null
+++ b/gnu/packages/patches/eudev-conflicting-declaration.patch
@@ -0,0 +1,31 @@
+Fix build failure due to conflicting declaration of
+keyboard_lookup_key() in gperf-3.1:
+
+https://bugs.gentoo.org/show_bug.cgi?id=604864
+
+Patch copied from upstream source repository:
+
+https://github.com/gentoo/eudev/commit/5bab4d8de0dcbb8e2e7d4d5125b4aea1652a0d60
+
+From 5bab4d8de0dcbb8e2e7d4d5125b4aea1652a0d60 Mon Sep 17 00:00:00 2001
+From: "Anthony G. Basile" <blueness@gentoo.org>
+Date: Thu, 5 Jan 2017 16:21:17 -0500
+Subject: [PATCH] src/udev/udev-builtin-keyboard.c: fix build with gperf 3.1
+
+Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
+---
+ src/udev/udev-builtin-keyboard.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/src/udev/udev-builtin-keyboard.c b/src/udev/udev-builtin-keyboard.c
+index 73171c3..fad3520 100644
+--- a/src/udev/udev-builtin-keyboard.c
++++ b/src/udev/udev-builtin-keyboard.c
+@@ -28,7 +28,6 @@
+
+ #include "udev.h"
+
+-static const struct key *keyboard_lookup_key(const char *str, unsigned len);
+ #include "keyboard-keys-from-name.h"
+ #include "keyboard-keys-to-name.h"
+
diff --git a/gnu/packages/patches/flex-CVE-2016-6354.patch b/gnu/packages/patches/flex-CVE-2016-6354.patch
deleted file mode 100644
index 1f3cb028d4..0000000000
--- a/gnu/packages/patches/flex-CVE-2016-6354.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-Fix CVE-2016-6354 (Buffer overflow in generated code (yy_get_next_buffer).
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6354
-https://security-tracker.debian.org/tracker/CVE-2016-6354
-
-Patch copied from upstream source repository:
-https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466
-
-From a5cbe929ac3255d371e698f62dc256afe7006466 Mon Sep 17 00:00:00 2001
-From: Will Estes <westes575@gmail.com>
-Date: Sat, 27 Feb 2016 11:56:05 -0500
-Subject: [PATCH] Fixed incorrect integer type
-
----
- src/flex.skl | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/flex.skl b/src/flex.skl
-index 36a526a..64f853d 100644
---- a/src/flex.skl
-+++ b/src/flex.skl
-@@ -1703,7 +1703,7 @@ int yyFlexLexer::yy_get_next_buffer()
-
- else
- {
-- yy_size_t num_to_read =
-+ int num_to_read =
- YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
-
- while ( num_to_read <= 0 )
diff --git a/gnu/packages/patches/fontconfig-charwidth-symbol-conflict.patch b/gnu/packages/patches/fontconfig-charwidth-symbol-conflict.patch
new file mode 100644
index 0000000000..8ebe33bc6c
--- /dev/null
+++ b/gnu/packages/patches/fontconfig-charwidth-symbol-conflict.patch
@@ -0,0 +1,82 @@
+The first patch is copied from the upstream source repository:
+
+https://cgit.freedesktop.org/fontconfig/commit/?id=1ab5258f7c2abfafcd63a760ca08bf93591912da
+
+The second patch is adapted from a message to from the OpenEmbedded mailing list:
+
+http://lists.openembedded.org/pipermail/openembedded-core/2016-December/130213.html
+
+From 1ab5258f7c2abfafcd63a760ca08bf93591912da Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 14 Dec 2016 16:11:05 -0800
+Subject: Avoid conflicts with integer width macros from TS 18661-1:2014
+
+glibc 2.25+ has now defined these macros in <limits.h>
+https://sourceware.org/git/?p=glibc.git;a=commit;h=5b17fd0da62bf923cb61d1bb7b08cf2e1f1f9c1a
+
+Create an alias for FC_CHAR_WIDTH for ABI compatibility
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+diff --git a/fontconfig/fontconfig.h b/fontconfig/fontconfig.h
+index 5c72b22..070a557 100644
+--- a/fontconfig/fontconfig.h
++++ b/fontconfig/fontconfig.h
+@@ -128,7 +128,8 @@ typedef int FcBool;
+ #define FC_USER_CACHE_FILE ".fonts.cache-" FC_CACHE_VERSION
+
+ /* Adjust outline rasterizer */
+-#define FC_CHAR_WIDTH "charwidth" /* Int */
++#define FC_CHARWIDTH "charwidth" /* Int */
++#define FC_CHAR_WIDTH FC_CHARWIDTH
+ #define FC_CHAR_HEIGHT "charheight"/* Int */
+ #define FC_MATRIX "matrix" /* FcMatrix */
+
+diff --git a/src/fcobjs.h b/src/fcobjs.h
+index 1fc4f65..d27864b 100644
+--- a/src/fcobjs.h
++++ b/src/fcobjs.h
+@@ -51,7 +51,7 @@ FC_OBJECT (DPI, FcTypeDouble, NULL)
+ FC_OBJECT (RGBA, FcTypeInteger, NULL)
+ FC_OBJECT (SCALE, FcTypeDouble, NULL)
+ FC_OBJECT (MINSPACE, FcTypeBool, NULL)
+-FC_OBJECT (CHAR_WIDTH, FcTypeInteger, NULL)
++FC_OBJECT (CHARWIDTH, FcTypeInteger, NULL)
+ FC_OBJECT (CHAR_HEIGHT, FcTypeInteger, NULL)
+ FC_OBJECT (MATRIX, FcTypeMatrix, NULL)
+ FC_OBJECT (CHARSET, FcTypeCharSet, FcCompareCharSet)
+--
+cgit v0.10.2
+
+From 20cddc824c6501c2082cac41b162c34cd5fcc530 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem at gmail.com>
+Date: Sun, 11 Dec 2016 14:32:00 -0800
+Subject: [PATCH] Avoid conflicts with integer width macros from TS
+ 18661-1:2014
+
+glibc 2.25+ has now defined these macros in <limits.h>
+https://sourceware.org/git/?p=glibc.git;a=commit;h=5b17fd0da62bf923cb61d1bb7b08cf2e1f1f9c1a
+
+Signed-off-by: Khem Raj <raj.khem at gmail.com>
+---
+Upstream-Status: Submitted
+
+ fontconfig/fontconfig.h | 2 +-
+ src/fcobjs.h | 2 +-
+ src/fcobjshash.gperf | 2 +-
+ src/fcobjshash.h | 2 +-
+ 4 files changed, 4 insertions(+), 4 deletions(-)
+
+Index: fontconfig-2.12.1/src/fcobjshash.h
+===================================================================
+--- fontconfig-2.12.1.orig/src/fcobjshash.h
++++ fontconfig-2.12.1/src/fcobjshash.h
+@@ -284,7 +284,7 @@ FcObjectTypeLookup (register const char
+ {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str43,FC_CHARSET_OBJECT},
+ {-1},
+ #line 47 "fcobjshash.gperf"
+- {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str45,FC_CHAR_WIDTH_OBJECT},
++ {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str45,FC_CHARWIDTH_OBJECT},
+ #line 48 "fcobjshash.gperf"
+ {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str46,FC_CHAR_HEIGHT_OBJECT},
+ #line 55 "fcobjshash.gperf"
diff --git a/gnu/packages/patches/fontconfig-path-max.patch b/gnu/packages/patches/fontconfig-path-max.patch
new file mode 100644
index 0000000000..e12f60ef00
--- /dev/null
+++ b/gnu/packages/patches/fontconfig-path-max.patch
@@ -0,0 +1,124 @@
+This patch fix the build on GNU/Hurd, due to PATH_MAX isn't defined.
+
+The patch was adapted from upstream source repository:
+'<https://cgit.freedesktop.org/fontconfig/commit/?id=abdb6d658e1a16410dd1c964e365a3ebd5039e7c>'
+Commit: abdb6d658e1a16410dd1c964e365a3ebd5039e7c
+
+---
+ src/fcdefault.c | 34 +++++++++++++++++++++++++++-------
+ src/fcint.h | 6 ++++++
+ src/fcstat.c | 12 +++++++++++-
+ 3 files changed, 44 insertions(+), 8 deletions(-)
+
+diff --git a/src/fcdefault.c b/src/fcdefault.c
+index 6647a8f..5afd7ec 100644
+--- a/src/fcdefault.c
++++ b/src/fcdefault.c
+@@ -148,17 +148,34 @@ retry:
+ prgname = FcStrdup ("");
+ #else
+ # if defined (HAVE_GETEXECNAME)
+- const char *p = getexecname ();
++ char *p = FcStrdup(getexecname ());
+ # elif defined (HAVE_READLINK)
+- char buf[PATH_MAX + 1];
+- int len;
++ size_t size = FC_PATH_MAX;
+ char *p = NULL;
+
+- len = readlink ("/proc/self/exe", buf, sizeof (buf) - 1);
+- if (len != -1)
++ while (1)
+ {
+- buf[len] = '\0';
+- p = buf;
++ char *buf = malloc (size);
++ ssize_t len;
++
++ if (!buf)
++ break;
++
++ len = readlink ("/proc/self/exe", buf, size - 1);
++ if (len < 0)
++ {
++ free (buf);
++ break;
++ }
++ if (len < size - 1)
++ {
++ buf[len] = 0;
++ p = buf;
++ break;
++ }
++
++ free (buf);
++ size *= 2;
+ }
+ # else
+ char *p = NULL;
+@@ -176,6 +193,9 @@ retry:
+
+ if (!prgname)
+ prgname = FcStrdup ("");
++
++ if (p)
++ free (p);
+ #endif
+
+ if (!fc_atomic_ptr_cmpexch (&default_prgname, NULL, prgname)) {
+diff --git a/src/fcint.h b/src/fcint.h
+index ac911ad..dad34c5 100644
+--- a/src/fcint.h
++++ b/src/fcint.h
+@@ -70,6 +70,12 @@ extern pfnSHGetFolderPathA pSHGetFolderPathA;
+ # define FC_DIR_SEPARATOR_S "/"
+ #endif
+
++#ifdef PATH_MAX
++#define FC_PATH_MAX PATH_MAX
++#else
++#define FC_PATH_MAX 128
++#endif
++
+ #if __GNUC__ >= 4
+ #define FC_UNUSED __attribute__((unused))
+ #else
+diff --git a/src/fcstat.c b/src/fcstat.c
+index 1734fa4..f6e1aaa 100644
+--- a/src/fcstat.c
++++ b/src/fcstat.c
+@@ -278,8 +278,13 @@ FcDirChecksum (const FcChar8 *dir, time_t *checksum)
+ {
+ #endif
+ struct stat statb;
+- char f[PATH_MAX + 1];
++ char *f = malloc (len + 1 + dlen + 1);
+
++ if (!f)
++ {
++ ret = -1;
++ goto bail;
++ }
+ memcpy (f, dir, len);
+ f[len] = FC_DIR_SEPARATOR;
+ memcpy (&f[len + 1], files[n]->d_name, dlen);
+@@ -287,11 +292,16 @@ FcDirChecksum (const FcChar8 *dir, time_t *checksum)
+ if (lstat (f, &statb) < 0)
+ {
+ ret = -1;
++ free (f);
+ goto bail;
+ }
+ if (S_ISDIR (statb.st_mode))
++ {
++ free (f);
+ goto bail;
++ }
+
++ free (f);
+ dtype = statb.st_mode;
+ #ifdef HAVE_STRUCT_DIRENT_D_TYPE
+ }
+--
+2.11.0
+
diff --git a/gnu/packages/patches/gcc-5-source-date-epoch-1.patch b/gnu/packages/patches/gcc-5-source-date-epoch-1.patch
new file mode 100644
index 0000000000..8c94a026b3
--- /dev/null
+++ b/gnu/packages/patches/gcc-5-source-date-epoch-1.patch
@@ -0,0 +1,190 @@
+Make GCC respect SOURCE_DATE_EPOCH in __DATE__ and __TIME__ macros.
+
+Patch adapted from upstream source repository:
+
+https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=e3e8c48c4a494d9da741c1c8ea6c4c0b7c4ff934
+
+From e3e8c48c4a494d9da741c1c8ea6c4c0b7c4ff934 Mon Sep 17 00:00:00 2001
+From: doko <doko@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Thu, 28 Apr 2016 09:12:05 +0000
+Subject: [PATCH] gcc/c-family/ChangeLog:
+
+diff --git a/gcc/c-family/c-common.c b/gcc/c-family/c-common.c
+index 1bf5d080034..6f0898a38d7 100644
+--- a/gcc/c-family/c-common.c
++++ b/gcc/c-family/c-common.c
+@@ -12318,4 +12318,37 @@ pointer_to_zero_sized_aggr_p (tree t)
+ return (TYPE_SIZE (t) && integer_zerop (TYPE_SIZE (t)));
+ }
+
++/* Read SOURCE_DATE_EPOCH from environment to have a deterministic
++ timestamp to replace embedded current dates to get reproducible
++ results. Returns -1 if SOURCE_DATE_EPOCH is not defined. */
++time_t
++get_source_date_epoch ()
++{
++ char *source_date_epoch;
++ long long epoch;
++ char *endptr;
++
++ source_date_epoch = getenv ("SOURCE_DATE_EPOCH");
++ if (!source_date_epoch)
++ return (time_t) -1;
++
++ errno = 0;
++ epoch = strtoll (source_date_epoch, &endptr, 10);
++ if ((errno == ERANGE && (epoch == LLONG_MAX || epoch == LLONG_MIN))
++ || (errno != 0 && epoch == 0))
++ fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
++ "strtoll: %s\n", xstrerror(errno));
++ if (endptr == source_date_epoch)
++ fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
++ "no digits were found: %s\n", endptr);
++ if (*endptr != '\0')
++ fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
++ "trailing garbage: %s\n", endptr);
++ if (epoch < 0)
++ fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
++ "value must be nonnegative: %lld \n", epoch);
++
++ return (time_t) epoch;
++}
++
+ #include "gt-c-family-c-common.h"
+diff --git a/gcc/c-family/c-common.h b/gcc/c-family/c-common.h
+index fdb227f85c3..ba0a5d7df50 100644
+--- a/gcc/c-family/c-common.h
++++ b/gcc/c-family/c-common.h
+@@ -1437,4 +1437,10 @@ extern bool contains_cilk_spawn_stmt (tree);
+ extern tree cilk_for_number_of_iterations (tree);
+ extern bool check_no_cilk (tree, const char *, const char *,
+ location_t loc = UNKNOWN_LOCATION);
++
++/* Read SOURCE_DATE_EPOCH from environment to have a deterministic
++ timestamp to replace embedded current dates to get reproducible
++ results. Returns -1 if SOURCE_DATE_EPOCH is not defined. */
++extern time_t get_source_date_epoch (void);
++
+ #endif /* ! GCC_C_COMMON_H */
+diff --git a/gcc/c-family/c-lex.c b/gcc/c-family/c-lex.c
+index bb55be8063e..e68471b9d2b 100644
+--- a/gcc/c-family/c-lex.c
++++ b/gcc/c-family/c-lex.c
+@@ -402,6 +402,9 @@ c_lex_with_flags (tree *value, location_t *loc, unsigned char *cpp_flags,
+ enum cpp_ttype type;
+ unsigned char add_flags = 0;
+ enum overflow_type overflow = OT_NONE;
++ time_t source_date_epoch = get_source_date_epoch ();
++
++ cpp_init_source_date_epoch (parse_in, source_date_epoch);
+
+ timevar_push (TV_CPP);
+ retry:
+diff --git a/gcc/doc/cppenv.texi b/gcc/doc/cppenv.texi
+index 100811dc637..3b5317beb53 100644
+--- a/gcc/doc/cppenv.texi
++++ b/gcc/doc/cppenv.texi
+@@ -79,4 +79,21 @@ main input file is omitted.
+ @ifclear cppmanual
+ @xref{Preprocessor Options}.
+ @end ifclear
++
++@item SOURCE_DATE_EPOCH
++
++If this variable is set, its value specifies a UNIX timestamp to be
++used in replacement of the current date and time in the @code{__DATE__}
++and @code{__TIME__} macros, so that the embedded timestamps become
++reproducible.
++
++The value of @env{SOURCE_DATE_EPOCH} must be a UNIX timestamp,
++defined as the number of seconds (excluding leap seconds) since
++01 Jan 1970 00:00:00 represented in ASCII, identical to the output of
++@samp{@command{date +%s}}.
++
++The value should be a known timestamp such as the last modification
++time of the source or package and it should be set by the build
++process.
++
+ @end vtable
+diff --git a/libcpp/include/cpplib.h b/libcpp/include/cpplib.h
+index 1b731d1a3ad..7a5481219be 100644
+--- a/libcpp/include/cpplib.h
++++ b/libcpp/include/cpplib.h
+@@ -775,6 +775,9 @@ extern void cpp_init_special_builtins (cpp_reader *);
+ /* Set up built-ins like __FILE__. */
+ extern void cpp_init_builtins (cpp_reader *, int);
+
++/* Initialize the source_date_epoch value. */
++extern void cpp_init_source_date_epoch (cpp_reader *, time_t);
++
+ /* This is called after options have been parsed, and partially
+ processed. */
+ extern void cpp_post_options (cpp_reader *);
+diff --git a/libcpp/init.c b/libcpp/init.c
+index 45a4d13ffa3..a8d00f4628b 100644
+--- a/libcpp/init.c
++++ b/libcpp/init.c
+@@ -530,6 +530,13 @@ cpp_init_builtins (cpp_reader *pfile, int hosted)
+ _cpp_define_builtin (pfile, "__OBJC__ 1");
+ }
+
++/* Initialize the source_date_epoch value. */
++void
++cpp_init_source_date_epoch (cpp_reader *pfile, time_t source_date_epoch)
++{
++ pfile->source_date_epoch = source_date_epoch;
++}
++
+ /* Sanity-checks are dependent on command-line options, so it is
+ called as a subroutine of cpp_read_main_file (). */
+ #if ENABLE_CHECKING
+diff --git a/libcpp/internal.h b/libcpp/internal.h
+index c2d08168945..8507eba1747 100644
+--- a/libcpp/internal.h
++++ b/libcpp/internal.h
+@@ -502,6 +502,10 @@ struct cpp_reader
+ const unsigned char *date;
+ const unsigned char *time;
+
++ /* Externally set timestamp to replace current date and time useful for
++ reproducibility. */
++ time_t source_date_epoch;
++
+ /* EOF token, and a token forcing paste avoidance. */
+ cpp_token avoid_paste;
+ cpp_token eof;
+diff --git a/libcpp/macro.c b/libcpp/macro.c
+index eb32a6f8c98..3f3b278e97d 100644
+--- a/libcpp/macro.c
++++ b/libcpp/macro.c
+@@ -350,13 +350,20 @@ _cpp_builtin_macro_text (cpp_reader *pfile, cpp_hashnode *node)
+ time_t tt;
+ struct tm *tb = NULL;
+
+- /* (time_t) -1 is a legitimate value for "number of seconds
+- since the Epoch", so we have to do a little dance to
+- distinguish that from a genuine error. */
+- errno = 0;
+- tt = time(NULL);
+- if (tt != (time_t)-1 || errno == 0)
+- tb = localtime (&tt);
++ /* Set a reproducible timestamp for __DATE__ and __TIME__ macro
++ usage if SOURCE_DATE_EPOCH is defined. */
++ if (pfile->source_date_epoch != (time_t) -1)
++ tb = gmtime (&pfile->source_date_epoch);
++ else
++ {
++ /* (time_t) -1 is a legitimate value for "number of seconds
++ since the Epoch", so we have to do a little dance to
++ distinguish that from a genuine error. */
++ errno = 0;
++ tt = time (NULL);
++ if (tt != (time_t)-1 || errno == 0)
++ tb = localtime (&tt);
++ }
+
+ if (tb)
+ {
+--
+2.11.0
+
diff --git a/gnu/packages/patches/gcc-5-source-date-epoch-2.patch b/gnu/packages/patches/gcc-5-source-date-epoch-2.patch
new file mode 100644
index 0000000000..ed2580679a
--- /dev/null
+++ b/gnu/packages/patches/gcc-5-source-date-epoch-2.patch
@@ -0,0 +1,353 @@
+Continuation of the SOURCE_DATE_EPOCH patch.
+
+Patch adapted from upstream source repository:
+
+https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=dfa5c0d3f3e23e4fdb14857a42de376d9ff8601c
+
+From dfa5c0d3f3e23e4fdb14857a42de376d9ff8601c Mon Sep 17 00:00:00 2001
+From: doko <doko@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Wed, 1 Jun 2016 16:42:41 +0000
+Subject: [PATCH] gcc/c-family/ChangeLog:
+
+diff --git a/gcc/c-family/c-common.c b/gcc/c-family/c-common.c
+index 6f0898a38d7..efbc78ef218 100644
+--- a/gcc/c-family/c-common.c
++++ b/gcc/c-family/c-common.c
+@@ -12321,8 +12321,9 @@ pointer_to_zero_sized_aggr_p (tree t)
+ /* Read SOURCE_DATE_EPOCH from environment to have a deterministic
+ timestamp to replace embedded current dates to get reproducible
+ results. Returns -1 if SOURCE_DATE_EPOCH is not defined. */
++
+ time_t
+-get_source_date_epoch ()
++cb_get_source_date_epoch (cpp_reader *pfile ATTRIBUTE_UNUSED)
+ {
+ char *source_date_epoch;
+ long long epoch;
+@@ -12334,19 +12335,14 @@ get_source_date_epoch ()
+
+ errno = 0;
+ epoch = strtoll (source_date_epoch, &endptr, 10);
+- if ((errno == ERANGE && (epoch == LLONG_MAX || epoch == LLONG_MIN))
+- || (errno != 0 && epoch == 0))
+- fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
+- "strtoll: %s\n", xstrerror(errno));
+- if (endptr == source_date_epoch)
+- fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
+- "no digits were found: %s\n", endptr);
+- if (*endptr != '\0')
+- fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
+- "trailing garbage: %s\n", endptr);
+- if (epoch < 0)
+- fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
+- "value must be nonnegative: %lld \n", epoch);
++ if (errno != 0 || endptr == source_date_epoch || *endptr != '\0'
++ || epoch < 0 || epoch > MAX_SOURCE_DATE_EPOCH)
++ {
++ error_at (input_location, "environment variable SOURCE_DATE_EPOCH must "
++ "expand to a non-negative integer less than or equal to %wd",
++ MAX_SOURCE_DATE_EPOCH);
++ return (time_t) -1;
++ }
+
+ return (time_t) epoch;
+ }
+diff --git a/gcc/c-family/c-common.h b/gcc/c-family/c-common.h
+index ba0a5d7df50..977ae9df5ea 100644
+--- a/gcc/c-family/c-common.h
++++ b/gcc/c-family/c-common.h
+@@ -1063,6 +1063,16 @@ extern vec<tree, va_gc> *make_tree_vector_copy (const vec<tree, va_gc> *);
+ c_register_builtin_type. */
+ extern GTY(()) tree registered_builtin_types;
+
++/* Read SOURCE_DATE_EPOCH from environment to have a deterministic
++ timestamp to replace embedded current dates to get reproducible
++ results. Returns -1 if SOURCE_DATE_EPOCH is not defined. */
++extern time_t cb_get_source_date_epoch (cpp_reader *pfile);
++
++/* The value (as a unix timestamp) corresponds to date
++ "Dec 31 9999 23:59:59 UTC", which is the latest date that __DATE__ and
++ __TIME__ can store. */
++#define MAX_SOURCE_DATE_EPOCH HOST_WIDE_INT_C (253402300799)
++
+ /* In c-gimplify.c */
+ extern void c_genericize (tree);
+ extern int c_gimplify_expr (tree *, gimple_seq *, gimple_seq *);
+@@ -1438,9 +1448,4 @@ extern tree cilk_for_number_of_iterations (tree);
+ extern bool check_no_cilk (tree, const char *, const char *,
+ location_t loc = UNKNOWN_LOCATION);
+
+-/* Read SOURCE_DATE_EPOCH from environment to have a deterministic
+- timestamp to replace embedded current dates to get reproducible
+- results. Returns -1 if SOURCE_DATE_EPOCH is not defined. */
+-extern time_t get_source_date_epoch (void);
+-
+ #endif /* ! GCC_C_COMMON_H */
+diff --git a/gcc/c-family/c-lex.c b/gcc/c-family/c-lex.c
+index e68471b9d2b..3f78073f640 100644
+--- a/gcc/c-family/c-lex.c
++++ b/gcc/c-family/c-lex.c
+@@ -97,6 +97,7 @@ init_c_lex (void)
+ cb->valid_pch = c_common_valid_pch;
+ cb->read_pch = c_common_read_pch;
+ cb->has_attribute = c_common_has_attribute;
++ cb->get_source_date_epoch = cb_get_source_date_epoch;
+
+ /* Set the debug callbacks if we can use them. */
+ if ((debug_info_level == DINFO_LEVEL_VERBOSE
+@@ -402,9 +403,6 @@ c_lex_with_flags (tree *value, location_t *loc, unsigned char *cpp_flags,
+ enum cpp_ttype type;
+ unsigned char add_flags = 0;
+ enum overflow_type overflow = OT_NONE;
+- time_t source_date_epoch = get_source_date_epoch ();
+-
+- cpp_init_source_date_epoch (parse_in, source_date_epoch);
+
+ timevar_push (TV_CPP);
+ retry:
+diff --git a/gcc/doc/cppenv.texi b/gcc/doc/cppenv.texi
+index 3b5317beb53..7b4cf6adc11 100644
+--- a/gcc/doc/cppenv.texi
++++ b/gcc/doc/cppenv.texi
+@@ -81,7 +81,6 @@ main input file is omitted.
+ @end ifclear
+
+ @item SOURCE_DATE_EPOCH
+-
+ If this variable is set, its value specifies a UNIX timestamp to be
+ used in replacement of the current date and time in the @code{__DATE__}
+ and @code{__TIME__} macros, so that the embedded timestamps become
+@@ -89,8 +88,9 @@ reproducible.
+
+ The value of @env{SOURCE_DATE_EPOCH} must be a UNIX timestamp,
+ defined as the number of seconds (excluding leap seconds) since
+-01 Jan 1970 00:00:00 represented in ASCII, identical to the output of
+-@samp{@command{date +%s}}.
++01 Jan 1970 00:00:00 represented in ASCII; identical to the output of
++@samp{@command{date +%s}} on GNU/Linux and other systems that support the
++@code{%s} extension in the @code{date} command.
+
+ The value should be a known timestamp such as the last modification
+ time of the source or package and it should be set by the build
+diff --git a/gcc/gcc.c b/gcc/gcc.c
+index d956c36b151..2709f295734 100644
+--- a/gcc/gcc.c
++++ b/gcc/gcc.c
+@@ -3328,6 +3328,29 @@ save_switch (const char *opt, size_t n_args, const char *const *args,
+ n_switches++;
+ }
+
++/* Set the SOURCE_DATE_EPOCH environment variable to the current time if it is
++ not set already. */
++
++static void
++set_source_date_epoch_envvar ()
++{
++ /* Array size is 21 = ceil(log_10(2^64)) + 1 to hold string representations
++ of 64 bit integers. */
++ char source_date_epoch[21];
++ time_t tt;
++
++ errno = 0;
++ tt = time (NULL);
++ if (tt < (time_t) 0 || errno != 0)
++ tt = (time_t) 0;
++
++ snprintf (source_date_epoch, 21, "%llu", (unsigned long long) tt);
++ /* Using setenv instead of xputenv because we want the variable to remain
++ after finalizing so that it's still set in the second run when using
++ -fcompare-debug. */
++ setenv ("SOURCE_DATE_EPOCH", source_date_epoch, 0);
++}
++
+ /* Handle an option DECODED that is unknown to the option-processing
+ machinery. */
+
+@@ -3628,6 +3651,7 @@ driver_handle_option (struct gcc_options *opts,
+ else
+ compare_debug_opt = arg;
+ save_switch (compare_debug_replacement_opt, 0, NULL, validated, true);
++ set_source_date_epoch_envvar ();
+ return true;
+
+ case OPT_fdiagnostics_color_:
+diff --git a/gcc/testsuite/gcc.dg/cpp/source_date_epoch-1.c b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-1.c
+new file mode 100644
+index 00000000000..f6aa1a360ff
+--- /dev/null
++++ b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-1.c
+@@ -0,0 +1,11 @@
++/* { dg-do run } */
++/* { dg-set-compiler-env-var SOURCE_DATE_EPOCH "630333296" } */
++
++int
++main(void)
++{
++ __builtin_printf ("%s %s\n", __DATE__, __TIME__);
++ return 0;
++}
++
++/* { dg-output "^Dec 22 1989 12:34:56\n$" } */
+diff --git a/gcc/testsuite/gcc.dg/cpp/source_date_epoch-2.c b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-2.c
+new file mode 100644
+index 00000000000..ae18362ae87
+--- /dev/null
++++ b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-2.c
+@@ -0,0 +1,12 @@
++/* { dg-do compile } */
++/* { dg-set-compiler-env-var SOURCE_DATE_EPOCH "AAA" } */
++
++/* Make sure that SOURCE_DATE_EPOCH is only parsed once */
++
++int
++main(void)
++{
++ __builtin_printf ("%s %s\n", __DATE__, __TIME__); /* { dg-error "SOURCE_DATE_EPOCH must expand" } */
++ __builtin_printf ("%s %s\n", __DATE__, __TIME__);
++ return 0;
++}
+diff --git a/gcc/testsuite/lib/gcc-dg.exp b/gcc/testsuite/lib/gcc-dg.exp
+index 4fa433d9954..7656b2254a1 100644
+--- a/gcc/testsuite/lib/gcc-dg.exp
++++ b/gcc/testsuite/lib/gcc-dg.exp
+@@ -324,6 +324,38 @@ proc restore-target-env-var { } {
+ }
+ }
+
++proc dg-set-compiler-env-var { args } {
++ global set_compiler_env_var
++ global saved_compiler_env_var
++ if { [llength $args] != 3 } {
++ error "dg-set-compiler-env-var: need two arguments"
++ return
++ }
++ set var [lindex $args 1]
++ set value [lindex $args 2]
++ if [info exists ::env($var)] {
++ lappend saved_compiler_env_var [list $var 1 $::env($var)]
++ } else {
++ lappend saved_compiler_env_var [list $var 0]
++ }
++ setenv $var $value
++ lappend set_compiler_env_var [list $var $value]
++}
++
++proc restore-compiler-env-var { } {
++ global saved_compiler_env_var
++ for { set env_vari [llength $saved_compiler_env_var] } {
++ [incr env_vari -1] >= 0 } {} {
++ set env_var [lindex $saved_compiler_env_var $env_vari]
++ set var [lindex $env_var 0]
++ if [lindex $env_var 1] {
++ setenv $var [lindex $env_var 2]
++ } else {
++ unsetenv $var
++ }
++ }
++}
++
+ # Utility routines.
+
+ #
+@@ -785,6 +817,11 @@ if { [info procs saved-dg-test] == [list] } {
+ if [info exists set_target_env_var] {
+ unset set_target_env_var
+ }
++ if [info exists set_compiler_env_var] {
++ restore-compiler-env-var
++ unset set_compiler_env_var
++ unset saved_compiler_env_var
++ }
+ unset_timeout_vars
+ if [info exists compiler_conditional_xfail_data] {
+ unset compiler_conditional_xfail_data
+diff --git a/libcpp/include/cpplib.h b/libcpp/include/cpplib.h
+index 7a5481219be..867aeebc39f 100644
+--- a/libcpp/include/cpplib.h
++++ b/libcpp/include/cpplib.h
+@@ -585,6 +585,9 @@ struct cpp_callbacks
+
+ /* Callback that can change a user builtin into normal macro. */
+ bool (*user_builtin_macro) (cpp_reader *, cpp_hashnode *);
++
++ /* Callback to parse SOURCE_DATE_EPOCH from environment. */
++ time_t (*get_source_date_epoch) (cpp_reader *);
+ };
+
+ #ifdef VMS
+@@ -775,9 +778,6 @@ extern void cpp_init_special_builtins (cpp_reader *);
+ /* Set up built-ins like __FILE__. */
+ extern void cpp_init_builtins (cpp_reader *, int);
+
+-/* Initialize the source_date_epoch value. */
+-extern void cpp_init_source_date_epoch (cpp_reader *, time_t);
+-
+ /* This is called after options have been parsed, and partially
+ processed. */
+ extern void cpp_post_options (cpp_reader *);
+diff --git a/libcpp/init.c b/libcpp/init.c
+index a8d00f4628b..61c9bbbf945 100644
+--- a/libcpp/init.c
++++ b/libcpp/init.c
+@@ -254,6 +254,9 @@ cpp_create_reader (enum c_lang lang, cpp_hash_table *table,
+ /* Do not force token locations by default. */
+ pfile->forced_token_location_p = NULL;
+
++ /* Initialize source_date_epoch to -2 (not yet set). */
++ pfile->source_date_epoch = (time_t) -2;
++
+ /* The expression parser stack. */
+ _cpp_expand_op_stack (pfile);
+
+@@ -530,13 +533,6 @@ cpp_init_builtins (cpp_reader *pfile, int hosted)
+ _cpp_define_builtin (pfile, "__OBJC__ 1");
+ }
+
+-/* Initialize the source_date_epoch value. */
+-void
+-cpp_init_source_date_epoch (cpp_reader *pfile, time_t source_date_epoch)
+-{
+- pfile->source_date_epoch = source_date_epoch;
+-}
+-
+ /* Sanity-checks are dependent on command-line options, so it is
+ called as a subroutine of cpp_read_main_file (). */
+ #if ENABLE_CHECKING
+diff --git a/libcpp/internal.h b/libcpp/internal.h
+index 8507eba1747..226ae328e76 100644
+--- a/libcpp/internal.h
++++ b/libcpp/internal.h
+@@ -503,7 +503,8 @@ struct cpp_reader
+ const unsigned char *time;
+
+ /* Externally set timestamp to replace current date and time useful for
+- reproducibility. */
++ reproducibility. It should be initialized to -2 (not yet set) and
++ set to -1 to disable it or to a non-negative value to enable it. */
+ time_t source_date_epoch;
+
+ /* EOF token, and a token forcing paste avoidance. */
+diff --git a/libcpp/macro.c b/libcpp/macro.c
+index 3f3b278e97d..756c7c6e0c6 100644
+--- a/libcpp/macro.c
++++ b/libcpp/macro.c
+@@ -351,9 +351,13 @@ _cpp_builtin_macro_text (cpp_reader *pfile, cpp_hashnode *node)
+ struct tm *tb = NULL;
+
+ /* Set a reproducible timestamp for __DATE__ and __TIME__ macro
+- usage if SOURCE_DATE_EPOCH is defined. */
+- if (pfile->source_date_epoch != (time_t) -1)
+- tb = gmtime (&pfile->source_date_epoch);
++ if SOURCE_DATE_EPOCH is defined. */
++ if (pfile->source_date_epoch == (time_t) -2
++ && pfile->cb.get_source_date_epoch != NULL)
++ pfile->source_date_epoch = pfile->cb.get_source_date_epoch (pfile);
++
++ if (pfile->source_date_epoch >= (time_t) 0)
++ tb = gmtime (&pfile->source_date_epoch);
+ else
+ {
+ /* (time_t) -1 is a legitimate value for "number of seconds
+--
+2.11.0
+
diff --git a/gnu/packages/patches/gcc-libiberty-printf-decl.patch b/gnu/packages/patches/gcc-libiberty-printf-decl.patch
new file mode 100644
index 0000000000..a612c9e00e
--- /dev/null
+++ b/gnu/packages/patches/gcc-libiberty-printf-decl.patch
@@ -0,0 +1,28 @@
+This patch makes the exeception specifier of libiberty's 'asprintf'
+and 'vasprintf' declarations match those of glibc to work around the
+problem described at <https://gcc.gnu.org/ml/gcc-help/2016-04/msg00039.html>.
+
+The problem in part stems from the fact that libiberty is configured
+without _GNU_SOURCE (thus, it sets HAVE_DECL_ASPRINTF to 0), whereas libcc1
+is configured and built with _GNU_SOURCE, hence the conflicting declarations.
+
+--- gcc-5.3.0/include/libiberty.h 2016-04-23 22:45:46.262709079 +0200
++++ gcc-5.3.0/include/libiberty.h 2016-04-23 22:45:37.110635439 +0200
+@@ -625,7 +625,7 @@ extern int pwait (int, int *, int);
+ /* Like sprintf but provides a pointer to malloc'd storage, which must
+ be freed by the caller. */
+
+-extern int asprintf (char **, const char *, ...) ATTRIBUTE_PRINTF_2;
++extern int asprintf (char **, const char *, ...) __THROWNL ATTRIBUTE_PRINTF_2;
+ #endif
+
+ /* Like asprintf but allocates memory without fail. This works like
+@@ -637,7 +637,7 @@ extern char *xasprintf (const char *, ..
+ /* Like vsprintf but provides a pointer to malloc'd storage, which
+ must be freed by the caller. */
+
+-extern int vasprintf (char **, const char *, va_list) ATTRIBUTE_PRINTF(2,0);
++extern int vasprintf (char **, const char *, va_list) __THROWNL ATTRIBUTE_PRINTF(2,0);
+ #endif
+
+ /* Like vasprintf but allocates memory without fail. This works like
diff --git a/gnu/packages/patches/gd-CVE-2016-7568.patch b/gnu/packages/patches/gd-CVE-2016-7568.patch
deleted file mode 100644
index 6a1a63296c..0000000000
--- a/gnu/packages/patches/gd-CVE-2016-7568.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-Fix CVE-2016-7568 (integer overflow in gdImageWebpCtx()):
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7568
-
-Patch copied from upstream source repository:
-
-https://github.com/libgd/libgd/commit/2806adfdc27a94d333199345394d7c302952b95f
-
-From 2806adfdc27a94d333199345394d7c302952b95f Mon Sep 17 00:00:00 2001
-From: trylab <trylab@users.noreply.github.com>
-Date: Tue, 6 Sep 2016 18:35:32 +0800
-Subject: [PATCH] Fix integer overflow in gdImageWebpCtx
-
-Integer overflow can be happened in expression gdImageSX(im) * 4 *
-gdImageSY(im). It could lead to heap buffer overflow in the following
-code. This issue has been reported to the PHP Bug Tracking System. The
-proof-of-concept file will be supplied some days later. This issue was
-discovered by Ke Liu of Tencent's Xuanwu LAB.
----
- src/gd_webp.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/src/gd_webp.c b/src/gd_webp.c
-index 8eb4dee..9886399 100644
---- a/src/gd_webp.c
-+++ b/src/gd_webp.c
-@@ -199,6 +199,14 @@ BGD_DECLARE(void) gdImageWebpCtx (gdImagePtr im, gdIOCtx * outfile, int quality)
- quality = 80;
- }
-
-+ if (overflow2(gdImageSX(im), 4)) {
-+ return;
-+ }
-+
-+ if (overflow2(gdImageSX(im) * 4, gdImageSY(im))) {
-+ return;
-+ }
-+
- argb = (uint8_t *)gdMalloc(gdImageSX(im) * 4 * gdImageSY(im));
- if (!argb) {
- return;
---
-2.10.0
-
diff --git a/gnu/packages/patches/gd-CVE-2016-8670.patch b/gnu/packages/patches/gd-CVE-2016-8670.patch
deleted file mode 100644
index 39ee99ac31..0000000000
--- a/gnu/packages/patches/gd-CVE-2016-8670.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-Fix CVE-2016-8670 (buffer overflow in dynamicGetbuf()):
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8670
-http://seclists.org/oss-sec/2016/q4/138
-
-Patch copied from upstream source repository:
-
-https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9
-
-From 53110871935244816bbb9d131da0bccff734bfe9 Mon Sep 17 00:00:00 2001
-From: "Christoph M. Becker" <cmbecker69@gmx.de>
-Date: Wed, 12 Oct 2016 11:15:32 +0200
-Subject: [PATCH] Avoid potentially dangerous signed to unsigned conversion
-
-We make sure to never pass a negative `rlen` as size to memcpy(). See
-also <https://bugs.php.net/bug.php?id=73280>.
-
-Patch provided by Emmanuel Law.
----
- src/gd_io_dp.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/gd_io_dp.c b/src/gd_io_dp.c
-index 135eda3..228bfa5 100644
---- a/src/gd_io_dp.c
-+++ b/src/gd_io_dp.c
-@@ -276,7 +276,7 @@ static int dynamicGetbuf(gdIOCtxPtr ctx, void *buf, int len)
- if(remain >= len) {
- rlen = len;
- } else {
-- if(remain == 0) {
-+ if(remain <= 0) {
- /* 2.0.34: EOF is incorrect. We use 0 for
- * errors and EOF, just like fileGetbuf,
- * which is a simple fread() wrapper.
---
-2.10.1
-
diff --git a/gnu/packages/patches/gd-fix-chunk-size-on-boundaries.patch b/gnu/packages/patches/gd-fix-chunk-size-on-boundaries.patch
deleted file mode 100644
index e395c66d89..0000000000
--- a/gnu/packages/patches/gd-fix-chunk-size-on-boundaries.patch
+++ /dev/null
@@ -1,102 +0,0 @@
-This fixes PHP bug #73155: https://bugs.php.net/bug.php?id=73155
-
-Patch adapted from upstream source repository:
-
-https://github.com/libgd/libgd/commit/8067a8ac336dfe0acbe96ec2eb24572209a7f279
-
-(.gitignore change removed)
-
-From 8067a8ac336dfe0acbe96ec2eb24572209a7f279 Mon Sep 17 00:00:00 2001
-From: "Christoph M. Becker" <cmbecker69@gmx.de>
-Date: Fri, 23 Sep 2016 18:29:52 +0200
-Subject: [PATCH] Fix #309: gdImageGd2() writes wrong chunk sizes on boundaries
-
-(cherry picked from commit bb1998a16e30d542ab22eba5501911a9aa066edb)
----
- src/gd_gd2.c | 4 ++--
- tests/gd2/CMakeLists.txt | 1 +
- tests/gd2/Makemodule.am | 1 +
- tests/gd2/bug00309.c | 37 +++++++++++++++++++++++++++++++++++++
- 4 files changed, 41 insertions(+), 2 deletions(-)
- create mode 100644 tests/gd2/bug00309.c
-
-diff --git a/src/gd_gd2.c b/src/gd_gd2.c
-index 75e5e1f..b9b2f93 100644
---- a/src/gd_gd2.c
-+++ b/src/gd_gd2.c
-@@ -938,8 +938,8 @@ _gdImageGd2 (gdImagePtr im, gdIOCtx * out, int cs, int fmt)
- };
-
- /* Work out number of chunks. */
-- ncx = im->sx / cs + 1;
-- ncy = im->sy / cs + 1;
-+ ncx = (im->sx + cs - 1) / cs;
-+ ncy = (im->sy + cs - 1) / cs;
-
- /* Write the standard header. */
- _gd2PutHeader (im, out, cs, fmt, ncx, ncy);
-diff --git a/tests/gd2/CMakeLists.txt b/tests/gd2/CMakeLists.txt
-index 3b650ad..247b466 100644
---- a/tests/gd2/CMakeLists.txt
-+++ b/tests/gd2/CMakeLists.txt
-@@ -1,5 +1,6 @@
- SET(TESTS_FILES
- bug_289
-+ bug00309
- gd2_empty_file
- gd2_im2im
- gd2_null
-diff --git a/tests/gd2/Makemodule.am b/tests/gd2/Makemodule.am
-index b8ee946..d69aee0 100644
---- a/tests/gd2/Makemodule.am
-+++ b/tests/gd2/Makemodule.am
-@@ -1,5 +1,6 @@
- libgd_test_programs += \
- gd2/bug_289 \
-+ gd2/bug00309 \
- gd2/gd2_empty_file \
- gd2/php_bug_72339 \
- gd2/gd2_read_corrupt
-diff --git a/tests/gd2/bug00309.c b/tests/gd2/bug00309.c
-new file mode 100644
-index 0000000..b649cdc
---- /dev/null
-+++ b/tests/gd2/bug00309.c
-@@ -0,0 +1,37 @@
-+/**
-+ * Regression test for <https://github.com/libgd/libgd/issues/309>.
-+ *
-+ * We test that an image with 64x64 pixels reports only a single chunk in the
-+ * GD2 image header when the chunk size is 64.
-+ */
-+
-+
-+#include "gd.h"
-+#include "gdtest.h"
-+
-+
-+int main()
-+{
-+ gdImagePtr im;
-+ unsigned char *buf;
-+ int size, word;
-+
-+ im = gdImageCreate(64, 64);
-+ gdImageColorAllocate(im, 0, 0, 0);
-+
-+ buf = gdImageGd2Ptr(im, 64, 1, &size);
-+
-+ gdImageDestroy(im);
-+
-+ word = buf[10] << 8 | buf[11];
-+ gdTestAssertMsg(word == 64, "chunk size is %d, but expected 64\n", word);
-+ word = buf[14] << 8 | buf[15];
-+ gdTestAssertMsg(word == 1, "x chunk count is %d, but expected 1\n", word);
-+ word = buf[16] << 8 | buf[17];
-+ gdTestAssertMsg(word == 1, "y chunk count is %d, but expected 1\n", word);
-+ gdTestAssertMsg(size == 5145, "file size is %d, but expected 5145\n", size);
-+
-+ gdFree(buf);
-+
-+ return gdNumFailures();
-+}
diff --git a/gnu/packages/patches/gd-fix-truecolor-format-correction.patch b/gnu/packages/patches/gd-fix-truecolor-format-correction.patch
deleted file mode 100644
index be3eff9327..0000000000
--- a/gnu/packages/patches/gd-fix-truecolor-format-correction.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-This fixes PHP bug #73159: https://bugs.php.net/bug.php?id=73159
-
-Patch lifted from upstream source repository:
-
-https://github.com/libgd/libgd/commit/e1f61a4141d2e0937a13b8bfb1992b9f29eb05f5
-
-From e1f61a4141d2e0937a13b8bfb1992b9f29eb05f5 Mon Sep 17 00:00:00 2001
-From: "Christoph M. Becker" <cmbecker69@gmx.de>
-Date: Mon, 15 Aug 2016 17:49:40 +0200
-Subject: [PATCH] Fix #289: Passing unrecognized formats to gdImageGd2 results
- in corrupted files
-
-We must not apply the format correction twice for truecolor images.
-
-(cherry picked from commit 09090c125658e23a4ae2a2e002646bb7278bd89e)
----
- src/gd_gd2.c | 2 +-
- tests/gd2/CMakeLists.txt | 1 +
- tests/gd2/Makemodule.am | 1 +
- tests/gd2/bug_289.c | 33 +++++++++++++++++++++++++++++++++
- 4 files changed, 36 insertions(+), 1 deletion(-)
- create mode 100644 tests/gd2/bug_289.c
-
-diff --git a/src/gd_gd2.c b/src/gd_gd2.c
-index 86c881e..75e5e1f 100644
---- a/src/gd_gd2.c
-+++ b/src/gd_gd2.c
-@@ -918,7 +918,7 @@ _gdImageGd2 (gdImagePtr im, gdIOCtx * out, int cs, int fmt)
- /* Force fmt to a valid value since we don't return anything. */
- /* */
- if ((fmt != GD2_FMT_RAW) && (fmt != GD2_FMT_COMPRESSED)) {
-- fmt = im->trueColor ? GD2_FMT_TRUECOLOR_COMPRESSED : GD2_FMT_COMPRESSED;
-+ fmt = GD2_FMT_COMPRESSED;
- };
- if (im->trueColor) {
- fmt += 2;
-diff --git a/tests/gd2/CMakeLists.txt b/tests/gd2/CMakeLists.txt
-index 8aecacc..3b650ad 100644
---- a/tests/gd2/CMakeLists.txt
-+++ b/tests/gd2/CMakeLists.txt
-@@ -1,4 +1,5 @@
- SET(TESTS_FILES
-+ bug_289
- gd2_empty_file
- gd2_im2im
- gd2_null
-diff --git a/tests/gd2/Makemodule.am b/tests/gd2/Makemodule.am
-index 754a284..b8ee946 100644
---- a/tests/gd2/Makemodule.am
-+++ b/tests/gd2/Makemodule.am
-@@ -1,4 +1,5 @@
- libgd_test_programs += \
-+ gd2/bug_289 \
- gd2/gd2_empty_file \
- gd2/php_bug_72339 \
- gd2/gd2_read_corrupt
-diff --git a/tests/gd2/bug_289.c b/tests/gd2/bug_289.c
-new file mode 100644
-index 0000000..ad311e9
---- /dev/null
-+++ b/tests/gd2/bug_289.c
-@@ -0,0 +1,33 @@
-+/**
-+ * Passing an unrecognized format to gdImageGd2() should result in
-+ * GD2_FMT_TRUECOLOR_COMPRESSED for truecolor images.
-+ *
-+ * See <https://github.com/libgd/libgd/issues/289>.
-+ */
-+
-+#include "gd.h"
-+#include "gdtest.h"
-+
-+
-+#define GD2_FMT_UNRECOGNIZED 0
-+#define GD2_FMT_TRUECOLOR_COMPRESSED 4
-+
-+#define MSG "expected %s byte to be %d, but got %d\n"
-+
-+
-+int main()
-+{
-+ gdImagePtr im;
-+ char *buffer;
-+ int size;
-+
-+ im = gdImageCreateTrueColor(10, 10);
-+ gdTestAssert(im != NULL);
-+ buffer = (char *) gdImageGd2Ptr(im, 128, GD2_FMT_UNRECOGNIZED, &size);
-+ gdTestAssert(buffer != NULL);
-+ gdImageDestroy(im);
-+ gdTestAssertMsg(buffer[12] == 0, MSG, "1st", 0, buffer[12]);
-+ gdTestAssertMsg(buffer[13] == GD2_FMT_TRUECOLOR_COMPRESSED, MSG, "2nd", GD2_FMT_TRUECOLOR_COMPRESSED, buffer[13]);
-+
-+ return gdNumFailures();
-+}
diff --git a/gnu/packages/patches/gd-freetype-test-failure.patch b/gnu/packages/patches/gd-freetype-test-failure.patch
new file mode 100644
index 0000000000..49c16ca089
--- /dev/null
+++ b/gnu/packages/patches/gd-freetype-test-failure.patch
@@ -0,0 +1,59 @@
+Fix a test failure with freetype 2.7:
+
+https://github.com/libgd/libgd/commit/a5570d3ed30ff76c2a8bdd54f4ab1825acca0143
+
+Patch copied from upstream source repository:
+
+https://github.com/libgd/libgd/commit/a5570d3ed30ff76c2a8bdd54f4ab1825acca0143
+
+From a5570d3ed30ff76c2a8bdd54f4ab1825acca0143 Mon Sep 17 00:00:00 2001
+From: "Christoph M. Becker" <cmbecker69@gmx.de>
+Date: Sun, 29 Jan 2017 17:07:50 +0100
+Subject: [PATCH] Fix #302: Test suite fails with freetype 2.7
+
+Actually, the test failures are not necessarily related to freetype
+2.7, but rather are caused by subpixel hinting which is enabled by
+default in freetype 2.7. Subpixel hinting is, however, already
+available in freetype 2.5 and in versions having the "Infinality"
+patch.
+
+To get the expected results in all environments, we have to disable
+subpixel hinting, what is easily done by setting a respective
+environment variable.
+
+See also:
+* https://www.freetype.org/freetype2/docs/subpixel-hinting.html
+* https://www.freetype.org/freetype2/docs/reference/ft2-tt_driver.html
+---
+ tests/freetype/bug00132.c | 3 +++
+ tests/gdimagestringft/gdimagestringft_bbox.c | 3 +++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/tests/freetype/bug00132.c b/tests/freetype/bug00132.c
+index 713dd2d..42ed5b1 100644
+--- a/tests/freetype/bug00132.c
++++ b/tests/freetype/bug00132.c
+@@ -11,6 +11,9 @@ int main()
+ char *path;
+ char *ret = NULL;
+
++ /* disable subpixel hinting */
++ putenv("FREETYPE_PROPERTIES=truetype:interpreter-version=35");
++
+ im = gdImageCreateTrueColor(50, 30);
+
+ if (!im) {
+diff --git a/tests/gdimagestringft/gdimagestringft_bbox.c b/tests/gdimagestringft/gdimagestringft_bbox.c
+index 0161ec8..1596a9e 100644
+--- a/tests/gdimagestringft/gdimagestringft_bbox.c
++++ b/tests/gdimagestringft/gdimagestringft_bbox.c
+@@ -38,6 +38,9 @@ int main()
+ int error = 0;
+ FILE *fp;
+
++ /* disable subpixel hinting */
++ putenv("FREETYPE_PROPERTIES=truetype:interpreter-version=35");
++
+ path = gdTestFilePath("freetype/DejaVuSans.ttf");
+ im = gdImageCreate(800, 800);
+ gdImageColorAllocate(im, 0xFF, 0xFF, 0xFF); /* allocate white for background color */
diff --git a/gnu/packages/patches/gd-php-73968-Fix-109-XBM-reading.patch b/gnu/packages/patches/gd-php-73968-Fix-109-XBM-reading.patch
new file mode 100644
index 0000000000..a926c1455c
--- /dev/null
+++ b/gnu/packages/patches/gd-php-73968-Fix-109-XBM-reading.patch
@@ -0,0 +1,121 @@
+This bug was first reported to php on https://bugs.php.net/bug.php?id=73968.
+php then reported it to gd in https://github.com/libgd/libgd/issues/109.
+
+Patch adapted from upstream source repository:
+
+https://github.com/libgd/libgd/commit/082c5444838ea0d84f9fb6441aefdb44d78d9bba
+
+Binary diffs have been removed from the patch because our patch
+procedure doesn't support them.
+
+From 082c5444838ea0d84f9fb6441aefdb44d78d9bba Mon Sep 17 00:00:00 2001
+From: "Christoph M. Becker" <cmbecker69@gmx.de>
+Date: Fri, 20 Jan 2017 22:48:20 +0100
+Subject: [PATCH] Fix #109: XBM reading fails with printed error
+
+When calculating the number of required bytes of an XBM image, we have
+to take the line padding into account.
+---
+ src/gd_xbm.c | 2 +-
+ tests/xbm/CMakeLists.txt | 1 +
+ tests/xbm/Makemodule.am | 5 ++++-
+ tests/xbm/github_bug_109.c | 35 +++++++++++++++++++++++++++++++++++
+ tests/xbm/github_bug_109.xbm | 5 +++++
+ 5 files changed, 47 insertions(+), 2 deletions(-)
+ create mode 100644 tests/xbm/github_bug_109.c
+ create mode 100644 tests/xbm/github_bug_109.xbm
+ create mode 100644 tests/xbm/github_bug_109_exp.png
+
+diff --git a/src/gd_xbm.c b/src/gd_xbm.c
+index 5f09b56..c2ba2ad 100644
+--- a/src/gd_xbm.c
++++ b/src/gd_xbm.c
+@@ -108,7 +108,7 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromXbm(FILE * fd)
+ max_bit = 32768;
+ }
+ if (max_bit) {
+- bytes = (width * height / 8) + 1;
++ bytes = (width + 7) / 8 * height;
+ if (!bytes) {
+ return 0;
+ }
+diff --git a/tests/xbm/CMakeLists.txt b/tests/xbm/CMakeLists.txt
+index 183cf5e..08576e0 100644
+--- a/tests/xbm/CMakeLists.txt
++++ b/tests/xbm/CMakeLists.txt
+@@ -1,4 +1,5 @@
+ LIST(APPEND TESTS_FILES
++ github_bug_109
+ github_bug_170
+ )
+
+diff --git a/tests/xbm/Makemodule.am b/tests/xbm/Makemodule.am
+index ba1eabd..0f5beb6 100644
+--- a/tests/xbm/Makemodule.am
++++ b/tests/xbm/Makemodule.am
+@@ -1,5 +1,8 @@
+ libgd_test_programs += \
++ xbm/github_bug_109 \
+ xbm/github_bug_170
+
+ EXTRA_DIST += \
+- xbm/CMakeLists.txt
++ xbm/CMakeLists.txt \
++ xbm/github_bug_109.xbm \
++ xbm/github_bug_109_exp.png
+diff --git a/tests/xbm/github_bug_109.c b/tests/xbm/github_bug_109.c
+new file mode 100644
+index 0000000..1a020c6
+--- /dev/null
++++ b/tests/xbm/github_bug_109.c
+@@ -0,0 +1,35 @@
++/**
++ * Test reading of XBM images with a width that is not a multiple of 8
++ *
++ * We're reading such an XBM image, and check that we got what we've expected,
++ * instead of an error message.
++ *
++ * See also <https://github.com/libgd/libgd/issues/109>.
++ */
++
++
++#include "gd.h"
++#include "gdtest.h"
++
++
++int main()
++{
++ gdImagePtr im;
++ FILE *fp;
++ char *path;
++
++ fp = gdTestFileOpen2("xbm", "github_bug_109.xbm");
++ im = gdImageCreateFromXbm(fp);
++ fclose(fp);
++ gdTestAssert(im != NULL);
++ gdTestAssert(gdImageGetTrueColorPixel(im, 0, 0) == 0);
++ gdTestAssert(gdImageGetTrueColorPixel(im, 0, 1) == 0xffffff);
++
++ path = gdTestFilePath2("xbm", "github_bug_109_exp.png");
++ gdAssertImageEqualsToFile(path, im);
++ gdFree(path);
++
++ gdImageDestroy(im);
++
++ return gdNumFailures();
++}
+diff --git a/tests/xbm/github_bug_109.xbm b/tests/xbm/github_bug_109.xbm
+new file mode 100644
+index 0000000..f427d86
+--- /dev/null
++++ b/tests/xbm/github_bug_109.xbm
+@@ -0,0 +1,5 @@
++#define test_width 10
++#define test_height 10
++static unsigned char test_bits[] = {
++ 0xFF, 0x03, 0x00, 0x00, 0xFF, 0x03, 0x00, 0x00, 0xFF, 0x03, 0x00, 0x00,
++ 0xFF, 0x03, 0x00, 0x00, 0xFF, 0x03, 0x00, 0x00};
+
+--
+2.7.4
+
diff --git a/gnu/packages/patches/gdk-pixbuf-list-dir.patch b/gnu/packages/patches/gdk-pixbuf-list-dir.patch
new file mode 100644
index 0000000000..137914a19c
--- /dev/null
+++ b/gnu/packages/patches/gdk-pixbuf-list-dir.patch
@@ -0,0 +1,35 @@
+Sort directory entries so that the output of
+‘gdk-pixbuf-query-loaders’ is deterministic.
+
+See: https://bugzilla.gnome.org/show_bug.cgi?id=777332
+--- gdk-pixbuf-2.34.0/gdk-pixbuf/queryloaders.c.orig 2017-01-11 00:17:32.865843062 +0100
++++ gdk-pixbuf-2.34.0/gdk-pixbuf/queryloaders.c 2017-01-16 16:12:03.420667874 +0100
+@@ -354,16 +354,27 @@
+
+ dir = g_dir_open (path, 0, NULL);
+ if (dir) {
++ GList *entries = NULL;
+ const char *dent;
+
+ while ((dent = g_dir_read_name (dir))) {
+ gint len = strlen (dent);
+ if (len > SOEXT_LEN &&
+ strcmp (dent + len - SOEXT_LEN, SOEXT) == 0) {
+- query_module (contents, path, dent);
++ entries = g_list_append (entries, g_strdup (dent));
+ }
+ }
+ g_dir_close (dir);
++ /* Sort directory entries so that the output of
++ ‘gdk-pixbuf-query-loaders’ is deterministic. */
++ entries = g_list_sort (entries, (GCompareFunc) strcmp);
++ GList *xentries;
++ for (xentries = entries; xentries; xentries = g_list_next (xentries)) {
++ dent = xentries->data;
++ query_module (contents, path, dent);
++ g_free (xentries->data);
++ }
++ g_list_free (entries);
+ }
+ #else
+ g_string_append_printf (contents, "# dynamic loading of modules not supported\n");
diff --git a/gnu/packages/patches/glibc-bootstrap-system.patch b/gnu/packages/patches/glibc-bootstrap-system.patch
index 7208cce3f4..2f8e7da7e1 100644
--- a/gnu/packages/patches/glibc-bootstrap-system.patch
+++ b/gnu/packages/patches/glibc-bootstrap-system.patch
@@ -26,3 +26,5 @@ instead uses the hard-coded absolute file name of `bash'.
_IO__exit (127);
}
_IO_close (child_end);
+
+
diff --git a/gnu/packages/patches/guile-repl-server-test.patch b/gnu/packages/patches/guile-repl-server-test.patch
deleted file mode 100644
index 81e724ecc4..0000000000
--- a/gnu/packages/patches/guile-repl-server-test.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-commit 8d6209ea56241bb1890c142539927c9ef3fb5a13
-Author: Ludovic Courtès <ludo@gnu.org>
-Date: Fri Nov 4 22:44:32 2016 +0100
-
- tests: Throw 'unresolved when the REPL server is too slow.
-
-commit 2fbde7f02adb8c6585e9baf6e293ee49cd23d4c4
-Author: Ludovic Courtès <ludo@gnu.org>
-Date: Fri Nov 4 22:45:51 2016 +0100
-
- tests: Avoid race condition in REPL server test.
-
-index ca389ba..4b5ec0c 100644
---- a/test-suite/tests/00-repl-server.test
-+++ b/test-suite/tests/00-repl-server.test
-@@ -61,10 +61,11 @@ socket connected to that server."
- (lambda ()
- (connect client-socket sockaddr))
- (lambda args
-- (when (and (memv (system-error-errno args)
-- (list ENOENT ECONNREFUSED))
-- (< tries 3))
-- (sleep 1)
-+ (when (memv (system-error-errno args)
-+ (list ENOENT ECONNREFUSED))
-+ (when (> tries 30)
-+ (throw 'unresolved))
-+ (usleep 100)
- (loop (+ tries 1))))))
-
- (proc client-socket))
-@@ -104,8 +105,14 @@ reached."
- "scheme@(repl-server)> $1 = 42\n"
- (with-repl-server socket
- (read-until-prompt socket %last-line-before-prompt)
-- (display "(+ 40 2)\n(quit)\n" socket)
-- (read-string socket)))
-+
-+ ;; Wait until 'repl-reader' in boot-9 has written the prompt.
-+ ;; Otherwise, if we write too quickly, 'repl-reader' checks for
-+ ;; 'char-ready?' and doesn't print the prompt.
-+ (match (select (list socket) '() (list socket) 3)
-+ (((_) () ())
-+ (display "(+ 40 2)\n(quit)\n" socket)
-+ (read-string socket)))))
-
- (pass-if "HTTP inter-protocol attack" ;CVE-2016-8606
- (with-repl-server socket
diff --git a/gnu/packages/patches/lcms-fix-out-of-bounds-read.patch b/gnu/packages/patches/lcms-CVE-2016-10165.patch
index d9f7ac6a36..fa4d75c9ee 100644
--- a/gnu/packages/patches/lcms-fix-out-of-bounds-read.patch
+++ b/gnu/packages/patches/lcms-CVE-2016-10165.patch
@@ -1,7 +1,9 @@
-Fix an out-of-bounds heap read in Type_MLU_Read():
+Fix CVE-2016-10165, an out-of-bounds heap read in Type_MLU_Read():
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10165
http://seclists.org/oss-sec/2016/q3/288
https://bugzilla.redhat.com/show_bug.cgi?id=1367357
+https://security-tracker.debian.org/tracker/CVE-2016-10165
Patch copied from upstream source repository:
diff --git a/gnu/packages/patches/libarchive-7zip-heap-overflow.patch b/gnu/packages/patches/libarchive-7zip-heap-overflow.patch
deleted file mode 100644
index bef628f0a8..0000000000
--- a/gnu/packages/patches/libarchive-7zip-heap-overflow.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-Fix buffer overflow reading 7Zip files:
-
-https://github.com/libarchive/libarchive/issues/761
-
-Patch copied from upstream repository:
-
-https://github.com/libarchive/libarchive/commit/7f17c791dcfd8c0416e2cd2485b19410e47ef126
-
-From 7f17c791dcfd8c0416e2cd2485b19410e47ef126 Mon Sep 17 00:00:00 2001
-From: Tim Kientzle <kientzle@acm.org>
-Date: Sun, 18 Sep 2016 18:14:58 -0700
-Subject: [PATCH] Issue 761: Heap overflow reading corrupted 7Zip files
-
-The sample file that demonstrated this had multiple 'EmptyStream'
-attributes. The first one ended up being used to calculate
-certain statistics, then was overwritten by the second which
-was incompatible with those statistics.
-
-The fix here is to reject any header with multiple EmptyStream
-attributes. While here, also reject headers with multiple
-EmptyFile, AntiFile, Name, or Attributes markers.
----
- libarchive/archive_read_support_format_7zip.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/libarchive/archive_read_support_format_7zip.c b/libarchive/archive_read_support_format_7zip.c
-index 1dfe52b..c0a536c 100644
---- a/libarchive/archive_read_support_format_7zip.c
-+++ b/libarchive/archive_read_support_format_7zip.c
-@@ -2431,6 +2431,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h,
-
- switch (type) {
- case kEmptyStream:
-+ if (h->emptyStreamBools != NULL)
-+ return (-1);
- h->emptyStreamBools = calloc((size_t)zip->numFiles,
- sizeof(*h->emptyStreamBools));
- if (h->emptyStreamBools == NULL)
-@@ -2451,6 +2453,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h,
- return (-1);
- break;
- }
-+ if (h->emptyFileBools != NULL)
-+ return (-1);
- h->emptyFileBools = calloc(empty_streams,
- sizeof(*h->emptyFileBools));
- if (h->emptyFileBools == NULL)
-@@ -2465,6 +2469,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h,
- return (-1);
- break;
- }
-+ if (h->antiBools != NULL)
-+ return (-1);
- h->antiBools = calloc(empty_streams,
- sizeof(*h->antiBools));
- if (h->antiBools == NULL)
-@@ -2491,6 +2497,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h,
- if ((ll & 1) || ll < zip->numFiles * 4)
- return (-1);
-
-+ if (zip->entry_names != NULL)
-+ return (-1);
- zip->entry_names = malloc(ll);
- if (zip->entry_names == NULL)
- return (-1);
-@@ -2543,6 +2551,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h,
- if ((p = header_bytes(a, 2)) == NULL)
- return (-1);
- allAreDefined = *p;
-+ if (h->attrBools != NULL)
-+ return (-1);
- h->attrBools = calloc((size_t)zip->numFiles,
- sizeof(*h->attrBools));
- if (h->attrBools == NULL)
---
-2.10.0
-
diff --git a/gnu/packages/patches/libarchive-fix-filesystem-attacks.patch b/gnu/packages/patches/libarchive-fix-filesystem-attacks.patch
deleted file mode 100644
index bce63d5e4e..0000000000
--- a/gnu/packages/patches/libarchive-fix-filesystem-attacks.patch
+++ /dev/null
@@ -1,445 +0,0 @@
-This patch fixes two bugs that allow attackers to overwrite or change
-the permissions of arbitrary files:
-
-https://github.com/libarchive/libarchive/issues/745
-https://github.com/libarchive/libarchive/issues/746
-
-Patch copied from upstream repository:
-
-https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9
-
-From dfd6b54ce33960e420fb206d8872fb759b577ad9 Mon Sep 17 00:00:00 2001
-From: Tim Kientzle <kientzle@acm.org>
-Date: Sun, 11 Sep 2016 13:21:57 -0700
-Subject: [PATCH] Fixes for Issue #745 and Issue #746 from Doran Moppert.
-
----
- libarchive/archive_write_disk_posix.c | 294 ++++++++++++++++++++++++++--------
- 1 file changed, 227 insertions(+), 67 deletions(-)
-
-diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c
-index 8f0421e..abe1a86 100644
---- a/libarchive/archive_write_disk_posix.c
-+++ b/libarchive/archive_write_disk_posix.c
-@@ -326,12 +326,14 @@ struct archive_write_disk {
-
- #define HFS_BLOCKS(s) ((s) >> 12)
-
-+static int check_symlinks_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags);
- static int check_symlinks(struct archive_write_disk *);
- static int create_filesystem_object(struct archive_write_disk *);
- static struct fixup_entry *current_fixup(struct archive_write_disk *, const char *pathname);
- #if defined(HAVE_FCHDIR) && defined(PATH_MAX)
- static void edit_deep_directories(struct archive_write_disk *ad);
- #endif
-+static int cleanup_pathname_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags);
- static int cleanup_pathname(struct archive_write_disk *);
- static int create_dir(struct archive_write_disk *, char *);
- static int create_parent_dir(struct archive_write_disk *, char *);
-@@ -2014,6 +2016,10 @@ create_filesystem_object(struct archive_write_disk *a)
- const char *linkname;
- mode_t final_mode, mode;
- int r;
-+ /* these for check_symlinks_fsobj */
-+ char *linkname_copy; /* non-const copy of linkname */
-+ struct archive_string error_string;
-+ int error_number;
-
- /* We identify hard/symlinks according to the link names. */
- /* Since link(2) and symlink(2) don't handle modes, we're done here. */
-@@ -2022,6 +2028,27 @@ create_filesystem_object(struct archive_write_disk *a)
- #if !HAVE_LINK
- return (EPERM);
- #else
-+ archive_string_init(&error_string);
-+ linkname_copy = strdup(linkname);
-+ if (linkname_copy == NULL) {
-+ return (EPERM);
-+ }
-+ /* TODO: consider using the cleaned-up path as the link target? */
-+ r = cleanup_pathname_fsobj(linkname_copy, &error_number, &error_string, a->flags);
-+ if (r != ARCHIVE_OK) {
-+ archive_set_error(&a->archive, error_number, "%s", error_string.s);
-+ free(linkname_copy);
-+ /* EPERM is more appropriate than error_number for our callers */
-+ return (EPERM);
-+ }
-+ r = check_symlinks_fsobj(linkname_copy, &error_number, &error_string, a->flags);
-+ if (r != ARCHIVE_OK) {
-+ archive_set_error(&a->archive, error_number, "%s", error_string.s);
-+ free(linkname_copy);
-+ /* EPERM is more appropriate than error_number for our callers */
-+ return (EPERM);
-+ }
-+ free(linkname_copy);
- r = link(linkname, a->name) ? errno : 0;
- /*
- * New cpio and pax formats allow hardlink entries
-@@ -2362,115 +2389,228 @@ current_fixup(struct archive_write_disk *a, const char *pathname)
- * recent paths.
- */
- /* TODO: Extend this to support symlinks on Windows Vista and later. */
-+
-+/*
-+ * Checks the given path to see if any elements along it are symlinks. Returns
-+ * ARCHIVE_OK if there are none, otherwise puts an error in errmsg.
-+ */
- static int
--check_symlinks(struct archive_write_disk *a)
-+check_symlinks_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags)
- {
- #if !defined(HAVE_LSTAT)
- /* Platform doesn't have lstat, so we can't look for symlinks. */
- (void)a; /* UNUSED */
-+ (void)path; /* UNUSED */
-+ (void)error_number; /* UNUSED */
-+ (void)error_string; /* UNUSED */
-+ (void)flags; /* UNUSED */
- return (ARCHIVE_OK);
- #else
-- char *pn;
-+ int res = ARCHIVE_OK;
-+ char *tail;
-+ char *head;
-+ int last;
- char c;
- int r;
- struct stat st;
-+ int restore_pwd;
-+
-+ /* Nothing to do here if name is empty */
-+ if(path[0] == '\0')
-+ return (ARCHIVE_OK);
-
- /*
- * Guard against symlink tricks. Reject any archive entry whose
- * destination would be altered by a symlink.
-+ *
-+ * Walk the filename in chunks separated by '/'. For each segment:
-+ * - if it doesn't exist, continue
-+ * - if it's symlink, abort or remove it
-+ * - if it's a directory and it's not the last chunk, cd into it
-+ * As we go:
-+ * head points to the current (relative) path
-+ * tail points to the temporary \0 terminating the segment we're currently examining
-+ * c holds what used to be in *tail
-+ * last is 1 if this is the last tail
- */
-- /* Whatever we checked last time doesn't need to be re-checked. */
-- pn = a->name;
-- if (archive_strlen(&(a->path_safe)) > 0) {
-- char *p = a->path_safe.s;
-- while ((*pn != '\0') && (*p == *pn))
-- ++p, ++pn;
-- }
-+ restore_pwd = open(".", O_RDONLY | O_BINARY | O_CLOEXEC);
-+ __archive_ensure_cloexec_flag(restore_pwd);
-+ if (restore_pwd < 0)
-+ return (ARCHIVE_FATAL);
-+ head = path;
-+ tail = path;
-+ last = 0;
-+ /* TODO: reintroduce a safe cache here? */
- /* Skip the root directory if the path is absolute. */
-- if(pn == a->name && pn[0] == '/')
-- ++pn;
-- c = pn[0];
-- /* Keep going until we've checked the entire name. */
-- while (pn[0] != '\0' && (pn[0] != '/' || pn[1] != '\0')) {
-+ if(tail == path && tail[0] == '/')
-+ ++tail;
-+ /* Keep going until we've checked the entire name.
-+ * head, tail, path all alias the same string, which is
-+ * temporarily zeroed at tail, so be careful restoring the
-+ * stashed (c=tail[0]) for error messages.
-+ * Exiting the loop with break is okay; continue is not.
-+ */
-+ while (!last) {
-+ /* Skip the separator we just consumed, plus any adjacent ones */
-+ while (*tail == '/')
-+ ++tail;
- /* Skip the next path element. */
-- while (*pn != '\0' && *pn != '/')
-- ++pn;
-- c = pn[0];
-- pn[0] = '\0';
-+ while (*tail != '\0' && *tail != '/')
-+ ++tail;
-+ /* is this the last path component? */
-+ last = (tail[0] == '\0') || (tail[0] == '/' && tail[1] == '\0');
-+ /* temporarily truncate the string here */
-+ c = tail[0];
-+ tail[0] = '\0';
- /* Check that we haven't hit a symlink. */
-- r = lstat(a->name, &st);
-+ r = lstat(head, &st);
- if (r != 0) {
-+ tail[0] = c;
- /* We've hit a dir that doesn't exist; stop now. */
- if (errno == ENOENT) {
- break;
- } else {
-- /* Note: This effectively disables deep directory
-+ /* Treat any other error as fatal - best to be paranoid here
-+ * Note: This effectively disables deep directory
- * support when security checks are enabled.
- * Otherwise, very long pathnames that trigger
- * an error here could evade the sandbox.
- * TODO: We could do better, but it would probably
- * require merging the symlink checks with the
- * deep-directory editing. */
-- return (ARCHIVE_FAILED);
-+ if (error_number) *error_number = errno;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Could not stat %s",
-+ path);
-+ res = ARCHIVE_FAILED;
-+ break;
-+ }
-+ } else if (S_ISDIR(st.st_mode)) {
-+ if (!last) {
-+ if (chdir(head) != 0) {
-+ tail[0] = c;
-+ if (error_number) *error_number = errno;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Could not chdir %s",
-+ path);
-+ res = (ARCHIVE_FATAL);
-+ break;
-+ }
-+ /* Our view is now from inside this dir: */
-+ head = tail + 1;
- }
- } else if (S_ISLNK(st.st_mode)) {
-- if (c == '\0') {
-+ if (last) {
- /*
- * Last element is symlink; remove it
- * so we can overwrite it with the
- * item being extracted.
- */
-- if (unlink(a->name)) {
-- archive_set_error(&a->archive, errno,
-- "Could not remove symlink %s",
-- a->name);
-- pn[0] = c;
-- return (ARCHIVE_FAILED);
-+ if (unlink(head)) {
-+ tail[0] = c;
-+ if (error_number) *error_number = errno;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Could not remove symlink %s",
-+ path);
-+ res = ARCHIVE_FAILED;
-+ break;
- }
-- a->pst = NULL;
- /*
- * Even if we did remove it, a warning
- * is in order. The warning is silly,
- * though, if we're just replacing one
- * symlink with another symlink.
- */
-- if (!S_ISLNK(a->mode)) {
-- archive_set_error(&a->archive, 0,
-- "Removing symlink %s",
-- a->name);
-+ tail[0] = c;
-+ /* FIXME: not sure how important this is to restore
-+ if (!S_ISLNK(path)) {
-+ if (error_number) *error_number = 0;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Removing symlink %s",
-+ path);
- }
-+ */
- /* Symlink gone. No more problem! */
-- pn[0] = c;
-- return (0);
-- } else if (a->flags & ARCHIVE_EXTRACT_UNLINK) {
-+ res = ARCHIVE_OK;
-+ break;
-+ } else if (flags & ARCHIVE_EXTRACT_UNLINK) {
- /* User asked us to remove problems. */
-- if (unlink(a->name) != 0) {
-- archive_set_error(&a->archive, 0,
-- "Cannot remove intervening symlink %s",
-- a->name);
-- pn[0] = c;
-- return (ARCHIVE_FAILED);
-+ if (unlink(head) != 0) {
-+ tail[0] = c;
-+ if (error_number) *error_number = 0;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Cannot remove intervening symlink %s",
-+ path);
-+ res = ARCHIVE_FAILED;
-+ break;
- }
-- a->pst = NULL;
-+ tail[0] = c;
- } else {
-- archive_set_error(&a->archive, 0,
-- "Cannot extract through symlink %s",
-- a->name);
-- pn[0] = c;
-- return (ARCHIVE_FAILED);
-+ tail[0] = c;
-+ if (error_number) *error_number = 0;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Cannot extract through symlink %s",
-+ path);
-+ res = ARCHIVE_FAILED;
-+ break;
- }
- }
-- pn[0] = c;
-- if (pn[0] != '\0')
-- pn++; /* Advance to the next segment. */
-+ /* be sure to always maintain this */
-+ tail[0] = c;
-+ if (tail[0] != '\0')
-+ tail++; /* Advance to the next segment. */
- }
-- pn[0] = c;
-- /* We've checked and/or cleaned the whole path, so remember it. */
-- archive_strcpy(&a->path_safe, a->name);
-- return (ARCHIVE_OK);
-+ /* Catches loop exits via break */
-+ tail[0] = c;
-+#ifdef HAVE_FCHDIR
-+ /* If we changed directory above, restore it here. */
-+ if (restore_pwd >= 0) {
-+ r = fchdir(restore_pwd);
-+ if (r != 0) {
-+ if(error_number) *error_number = errno;
-+ if(error_string)
-+ archive_string_sprintf(error_string,
-+ "chdir() failure");
-+ }
-+ close(restore_pwd);
-+ restore_pwd = -1;
-+ if (r != 0) {
-+ res = (ARCHIVE_FATAL);
-+ }
-+ }
-+#endif
-+ /* TODO: reintroduce a safe cache here? */
-+ return res;
- #endif
- }
-
-+/*
-+ * Check a->name for symlinks, returning ARCHIVE_OK if its clean, otherwise
-+ * calls archive_set_error and returns ARCHIVE_{FATAL,FAILED}
-+ */
-+static int
-+check_symlinks(struct archive_write_disk *a)
-+{
-+ struct archive_string error_string;
-+ int error_number;
-+ int rc;
-+ archive_string_init(&error_string);
-+ rc = check_symlinks_fsobj(a->name, &error_number, &error_string, a->flags);
-+ if (rc != ARCHIVE_OK) {
-+ archive_set_error(&a->archive, error_number, "%s", error_string.s);
-+ }
-+ archive_string_free(&error_string);
-+ a->pst = NULL; /* to be safe */
-+ return rc;
-+}
-+
-+
- #if defined(__CYGWIN__)
- /*
- * 1. Convert a path separator from '\' to '/' .
-@@ -2544,15 +2684,17 @@ cleanup_pathname_win(struct archive_write_disk *a)
- * is set) if the path is absolute.
- */
- static int
--cleanup_pathname(struct archive_write_disk *a)
-+cleanup_pathname_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags)
- {
- char *dest, *src;
- char separator = '\0';
-
-- dest = src = a->name;
-+ dest = src = path;
- if (*src == '\0') {
-- archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
-- "Invalid empty pathname");
-+ if (error_number) *error_number = ARCHIVE_ERRNO_MISC;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Invalid empty pathname");
- return (ARCHIVE_FAILED);
- }
-
-@@ -2561,9 +2703,11 @@ cleanup_pathname(struct archive_write_disk *a)
- #endif
- /* Skip leading '/'. */
- if (*src == '/') {
-- if (a->flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) {
-- archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
-- "Path is absolute");
-+ if (flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) {
-+ if (error_number) *error_number = ARCHIVE_ERRNO_MISC;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Path is absolute");
- return (ARCHIVE_FAILED);
- }
-
-@@ -2590,10 +2734,11 @@ cleanup_pathname(struct archive_write_disk *a)
- } else if (src[1] == '.') {
- if (src[2] == '/' || src[2] == '\0') {
- /* Conditionally warn about '..' */
-- if (a->flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) {
-- archive_set_error(&a->archive,
-- ARCHIVE_ERRNO_MISC,
-- "Path contains '..'");
-+ if (flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) {
-+ if (error_number) *error_number = ARCHIVE_ERRNO_MISC;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Path contains '..'");
- return (ARCHIVE_FAILED);
- }
- }
-@@ -2624,7 +2769,7 @@ cleanup_pathname(struct archive_write_disk *a)
- * We've just copied zero or more path elements, not including the
- * final '/'.
- */
-- if (dest == a->name) {
-+ if (dest == path) {
- /*
- * Nothing got copied. The path must have been something
- * like '.' or '/' or './' or '/././././/./'.
-@@ -2639,6 +2784,21 @@ cleanup_pathname(struct archive_write_disk *a)
- return (ARCHIVE_OK);
- }
-
-+static int
-+cleanup_pathname(struct archive_write_disk *a)
-+{
-+ struct archive_string error_string;
-+ int error_number;
-+ int rc;
-+ archive_string_init(&error_string);
-+ rc = cleanup_pathname_fsobj(a->name, &error_number, &error_string, a->flags);
-+ if (rc != ARCHIVE_OK) {
-+ archive_set_error(&a->archive, error_number, "%s", error_string.s);
-+ }
-+ archive_string_free(&error_string);
-+ return rc;
-+}
-+
- /*
- * Create the parent directory of the specified path, assuming path
- * is already in mutable storage.
diff --git a/gnu/packages/patches/libarchive-fix-symlink-check.patch b/gnu/packages/patches/libarchive-fix-symlink-check.patch
deleted file mode 100644
index f042c31a84..0000000000
--- a/gnu/packages/patches/libarchive-fix-symlink-check.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-Make sure to check for symlinks even if the pathname is very long:
-
-https://github.com/libarchive/libarchive/issues/744
-
-Patch copied from upstream repository:
-
-https://github.com/libarchive/libarchive/commit/1fa9c7bf90f0862036a99896b0501c381584451a
-
-From 1fa9c7bf90f0862036a99896b0501c381584451a Mon Sep 17 00:00:00 2001
-From: Tim Kientzle <kientzle@acm.org>
-Date: Sun, 21 Aug 2016 17:11:45 -0700
-Subject: [PATCH] Issue #744 (part of Issue #743): Enforce sandbox with very
- long pathnames
-
-Because check_symlinks is handled separately from the deep-directory
-support, very long pathnames cause problems. Previously, the code
-ignored most failures to lstat() a path component. In particular,
-this led to check_symlinks always passing for very long paths, which
-in turn provides a way to evade the symlink checks in the sandboxing
-code.
-
-We now fail on unrecognized lstat() failures, which plugs this
-hole at the cost of disabling deep directory support when the
-user requests sandboxing.
-
-TODO: This probably cannot be completely fixed without
-entirely reimplementing the deep directory support to
-integrate the symlink checks. I want to reimplement the
-deep directory hanlding someday anyway; openat() and
-related system calls now provide a much cleaner way to
-handle deep directories than the chdir approach used by this
-code.
----
- libarchive/archive_write_disk_posix.c | 12 +++++++++++-
- 1 file changed, 11 insertions(+), 1 deletion(-)
-
-diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c
-index 39ee3b6..8f0421e 100644
---- a/libarchive/archive_write_disk_posix.c
-+++ b/libarchive/archive_write_disk_posix.c
-@@ -2401,8 +2401,18 @@ check_symlinks(struct archive_write_disk *a)
- r = lstat(a->name, &st);
- if (r != 0) {
- /* We've hit a dir that doesn't exist; stop now. */
-- if (errno == ENOENT)
-+ if (errno == ENOENT) {
- break;
-+ } else {
-+ /* Note: This effectively disables deep directory
-+ * support when security checks are enabled.
-+ * Otherwise, very long pathnames that trigger
-+ * an error here could evade the sandbox.
-+ * TODO: We could do better, but it would probably
-+ * require merging the symlink checks with the
-+ * deep-directory editing. */
-+ return (ARCHIVE_FAILED);
-+ }
- } else if (S_ISLNK(st.st_mode)) {
- if (c == '\0') {
- /*
diff --git a/gnu/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch b/gnu/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch
deleted file mode 100644
index 0e70ac90ce..0000000000
--- a/gnu/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-Fixes this buffer overflow:
-https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a
-
-Patch copied from upstream source repository:
-https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a
-
-From e37b620fe8f14535d737e89a4dcabaed4517bf1a Mon Sep 17 00:00:00 2001
-From: Tim Kientzle <kientzle@acm.org>
-Date: Sun, 21 Aug 2016 10:51:43 -0700
-Subject: [PATCH] Issue #767: Buffer overflow printing a filename
-
-The safe_fprintf function attempts to ensure clean output for an
-arbitrary sequence of bytes by doing a trial conversion of the
-multibyte characters to wide characters -- if the resulting wide
-character is printable then we pass through the corresponding bytes
-unaltered, otherwise, we convert them to C-style ASCII escapes.
-
-The stack trace in Issue #767 suggest that the 20-byte buffer
-was getting overflowed trying to format a non-printable multibyte
-character. This should only happen if there is a valid multibyte
-character of more than 5 bytes that was unprintable. (Each byte
-would get expanded to a four-charcter octal-style escape of the form
-"\123" resulting in >20 characters for the >5 byte multibyte character.)
-
-I've not been able to reproduce this, but have expanded the conversion
-buffer to 128 bytes on the belief that no multibyte character set
-has a single character of more than 32 bytes.
----
- tar/util.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tar/util.c b/tar/util.c
-index 9ff22f2..2b4aebe 100644
---- a/tar/util.c
-+++ b/tar/util.c
-@@ -182,7 +182,7 @@ safe_fprintf(FILE *f, const char *fmt, ...)
- }
-
- /* If our output buffer is full, dump it and keep going. */
-- if (i > (sizeof(outbuff) - 20)) {
-+ if (i > (sizeof(outbuff) - 128)) {
- outbuff[i] = '\0';
- fprintf(f, "%s", outbuff);
- i = 0;
diff --git a/gnu/packages/patches/libdrm-symbol-check.patch b/gnu/packages/patches/libdrm-symbol-check.patch
index 676024beb4..69c67e778d 100644
--- a/gnu/packages/patches/libdrm-symbol-check.patch
+++ b/gnu/packages/patches/libdrm-symbol-check.patch
@@ -1,5 +1,5 @@
Augment the list of expected symbols to fix the symbol-check tests on
-mips64el-linux and armhf-linux.
+mips64el-linux, armhf-linux and aarch64-linux.
--- libdrm-2.4.65/freedreno/freedreno-symbol-check.orig 2015-09-04 11:07:40.000000000 -0400
+++ libdrm-2.4.65/freedreno/freedreno-symbol-check 2015-10-18 23:57:15.288416229 -0400
@@ -193,3 +193,28 @@ mips64el-linux and armhf-linux.
drm_tegra_bo_get_flags
drm_tegra_bo_get_handle
drm_tegra_bo_get_tiling
+
+--- libdrm-2.4.65/radeon/radeon-symbol-check.orig 2015-05-04 11:47:43.000000000 -0400
++++ libdrm-2.4.65/radeon/radeon-symbol-check 2015-10-18 23:57:00.756759698 -0400
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+
+-# The following symbols (past the first five) are taken from the public headers.
++# The following symbols (past the first 12) are taken from the public headers.
+ # A list of the latter should be available Makefile.sources/LIBDRM_RADEON_H_FILES
+
+ FUNCS=$(nm -D --format=bsd --defined-only ${1-.libs/libdrm_tegra.so} | awk '{print $3}'| while read func; do
+@@ -10,6 +10,13 @@
+ _end
+ _fini
+ _init
++_fbss
++_fdata
++_ftext
++__bss_start__
++__bss_end__
++_bss_end__
++__end__
+ radeon_bo_debug
+ radeon_bo_get_handle
+ radeon_bo_get_src_domain
diff --git a/gnu/packages/patches/libepoxy-gl-null-checks.patch b/gnu/packages/patches/libepoxy-gl-null-checks.patch
deleted file mode 100644
index bdc4b05989..0000000000
--- a/gnu/packages/patches/libepoxy-gl-null-checks.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-This patch from <https://bugzilla.redhat.com/show_bug.cgi?id=1395366> adds NULL
-checks to avoid crashes when GL support is missing, as is the case when running
-Xvfb.
-
-Upstream issue: <https://github.com/anholt/libepoxy/issues/72>.
-
-diff -ur libepoxy-1.3.1/src/dispatch_common.c libepoxy-1.3.1/src/dispatch_common.c
---- libepoxy-1.3.1/src/dispatch_common.c 2015-07-15 19:46:36.000000000 -0400
-+++ libepoxy-1.3.1/src/dispatch_common.c 2016-11-16 09:03:52.809066247 -0500
-@@ -348,6 +348,8 @@
- epoxy_extension_in_string(const char *extension_list, const char *ext)
- {
- const char *ptr = extension_list;
-+ if (! ptr) return false;
-+ if (! ext) return false;
- int len = strlen(ext);
-
- /* Make sure that don't just find an extension with our name as a prefix. */
-@@ -380,6 +382,7 @@
-
- for (i = 0; i < num_extensions; i++) {
- const char *gl_ext = (const char *)glGetStringi(GL_EXTENSIONS, i);
-+ if (! gl_ext) return false;
- if (strcmp(ext, gl_ext) == 0)
- return true;
- }
-diff -ur libepoxy-1.3.1/src/dispatch_egl.c libepoxy-1.3.1/src/dispatch_egl.c
---- libepoxy-1.3.1/src/dispatch_egl.c 2015-07-15 19:46:36.000000000 -0400
-+++ libepoxy-1.3.1/src/dispatch_egl.c 2016-11-16 08:40:34.069358709 -0500
-@@ -46,6 +46,7 @@
- int ret;
-
- version_string = eglQueryString(dpy, EGL_VERSION);
-+ if (! version_string) return 0;
- ret = sscanf(version_string, "%d.%d", &major, &minor);
- assert(ret == 2);
- return major * 10 + minor;
-diff -ur libepoxy-1.3.1/src/dispatch_glx.c libepoxy-1.3.1/src/dispatch_glx.c
---- libepoxy-1.3.1/src/dispatch_glx.c 2015-07-15 19:46:36.000000000 -0400
-+++ libepoxy-1.3.1/src/dispatch_glx.c 2016-11-16 08:41:03.065730370 -0500
-@@ -57,11 +57,13 @@
- int ret;
-
- version_string = glXQueryServerString(dpy, screen, GLX_VERSION);
-+ if (! version_string) return 0;
- ret = sscanf(version_string, "%d.%d", &server_major, &server_minor);
- assert(ret == 2);
- server = server_major * 10 + server_minor;
-
- version_string = glXGetClientString(dpy, GLX_VERSION);
-+ if (! version_string) return 0;
- ret = sscanf(version_string, "%d.%d", &client_major, &client_minor);
- assert(ret == 2);
- client = client_major * 10 + client_minor;
diff --git a/gnu/packages/patches/libevent-2.0-evdns-fix-remote-stack-overread.patch b/gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch
index f1907d53e2..bffe2c454c 100644
--- a/gnu/packages/patches/libevent-2.0-evdns-fix-remote-stack-overread.patch
+++ b/gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch
@@ -1,7 +1,6 @@
-Fix buffer overread in libevents DNS code.
-
-Upstream bug report:
+Fix CVE-2016-10195 (buffer overread in libevent's DNS code):
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10195
https://github.com/libevent/libevent/issues/317
Patch copied from upstream source repository:
diff --git a/gnu/packages/patches/libevent-2.0-evutil-fix-buffer-overflow.patch b/gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch
index 4d16a4b917..03f96e938b 100644
--- a/gnu/packages/patches/libevent-2.0-evutil-fix-buffer-overflow.patch
+++ b/gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch
@@ -1,7 +1,6 @@
-Fix buffer overflow in evutil.
-
-Upstream bug report:
+Fix CVE-2016-10196 (buffer overflow in evutil):
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10196
https://github.com/libevent/libevent/issues/318
Patch copied from upstream source repository:
diff --git a/gnu/packages/patches/libevent-2.0-evdns-fix-searching-empty-hostnames.patch b/gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch
index c4ad0a1a4a..c62a328627 100644
--- a/gnu/packages/patches/libevent-2.0-evdns-fix-searching-empty-hostnames.patch
+++ b/gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch
@@ -1,7 +1,6 @@
-Fix OOB read on empty hostnames in evdns.
-
-Upstream bug report:
+Fix CVE-2016-10197 (out of bounds read on empty hostnames in evdns):
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10197
https://github.com/libevent/libevent/issues/332
Patch copied from upstream source repository:
diff --git a/gnu/packages/patches/libpng-CVE-2016-10087.patch b/gnu/packages/patches/libpng-CVE-2016-10087.patch
deleted file mode 100644
index 8093b3e448..0000000000
--- a/gnu/packages/patches/libpng-CVE-2016-10087.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Fix CVE-2016-10087, a null pointer dereference in png_set_text_2():
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087
-http://seclists.org/oss-sec/2016/q4/777
-
-Patch adapted from upstream source repository:
-
-https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb/
-
-From 812768d7a9c973452222d454634496b25ed415eb Mon Sep 17 00:00:00 2001
-From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net>
-Date: Thu, 29 Dec 2016 07:51:33 -0600
-Subject: [PATCH] [libpng16] Fixed a potential null pointer dereference in
- png_set_text_2()
-
-(bug report and patch by Patrick Keshishian).
----
- ANNOUNCE | 2 ++
- CHANGES | 2 ++
- png.c | 1 +
- 3 files changed, 5 insertions(+)
-
-diff --git a/png.c b/png.c
-index 8afc28fc2..2e05de159 100644
---- a/png.c
-+++ b/png.c
-@@ -477,6 +477,7 @@ png_free_data(png_const_structrp png_ptr, png_inforp info_ptr, png_uint_32 mask,
- png_free(png_ptr, info_ptr->text);
- info_ptr->text = NULL;
- info_ptr->num_text = 0;
-+ info_ptr->max_text = 0;
- }
- }
- #endif
---
-2.11.0
-
diff --git a/gnu/packages/patches/libssh2-fix-build-failure-with-gcrypt.patch b/gnu/packages/patches/libssh2-fix-build-failure-with-gcrypt.patch
new file mode 100644
index 0000000000..4133be7fc9
--- /dev/null
+++ b/gnu/packages/patches/libssh2-fix-build-failure-with-gcrypt.patch
@@ -0,0 +1,33 @@
+This fixes a regression introduced in 1.8.0 where libssh2 fails to build
+with the gcrypt backend.
+
+Upstream bug URL:
+
+https://github.com/libssh2/libssh2/issues/150
+
+Patch copied from upstream source repository:
+
+https://github.com/libssh2/libssh2/commit/ced924b78a40126606797ef57a74066eb3b4b83f
+
+From ced924b78a40126606797ef57a74066eb3b4b83f Mon Sep 17 00:00:00 2001
+From: Sergei Trofimovich <siarheit@google.com>
+Date: Mon, 31 Oct 2016 09:04:33 +0000
+Subject: [PATCH] acinclude.m4: fix ./configure --with-libgcrypt
+
+diff --git a/acinclude.m4 b/acinclude.m4
+index 734ef07..c78260c 100644
+--- a/acinclude.m4
++++ b/acinclude.m4
+@@ -412,9 +412,9 @@ AC_DEFUN([LIBSSH2_CHECKFOR_GCRYPT], [
+
+ old_LDFLAGS=$LDFLAGS
+ old_CFLAGS=$CFLAGS
+- if test -n "$use_libgcrypt" && test "$use_libgcrypt" != "no"; then
+- LDFLAGS="$LDFLAGS -L$use_libgcrypt/lib"
+- CFLAGS="$CFLAGS -I$use_libgcrypt/include"
++ if test -n "$with_libgcrypt_prefix" && test "$use_libgcrypt" != "no"; then
++ LDFLAGS="$LDFLAGS -L$with_libgcrypt_prefix/lib"
++ CFLAGS="$CFLAGS -I$with_libgcrypt_prefix/include"
+ fi
+ AC_LIB_HAVE_LINKFLAGS([gcrypt], [], [
+ #include <gcrypt.h>
diff --git a/gnu/packages/patches/libxcb-python-3.5-compat.patch b/gnu/packages/patches/libxcb-python-3.5-compat.patch
new file mode 100644
index 0000000000..f652498aad
--- /dev/null
+++ b/gnu/packages/patches/libxcb-python-3.5-compat.patch
@@ -0,0 +1,64 @@
+Fix compatibility issue with Python 3.5.
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/xcb/libxcb/commit/?id=8740a288ca468433141341347aa115b9544891d3
+
+From 8740a288ca468433141341347aa115b9544891d3 Mon Sep 17 00:00:00 2001
+From: Thomas Klausner <wiz@NetBSD.org>
+Date: Thu, 19 May 2016 17:31:18 +0200
+Subject: [PATCH] Fix inconsistent use of tabs vs. space.
+
+Needed for at least python-3.5.x.
+
+Signed-off-by: Thomas Klausner <wiz@NetBSD.org>
+Signed-off-by: Uli Schlachter <psychon@znc.in>
+---
+ src/c_client.py | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/src/c_client.py b/src/c_client.py
+index 57de3fb..043338d 100644
+--- a/src/c_client.py
++++ b/src/c_client.py
+@@ -1364,7 +1364,7 @@ def _c_serialize(context, self):
+ _c(' unsigned int xcb_align_to = 0;')
+ if self.is_switch:
+ _c(' unsigned int xcb_padding_offset = %d;',
+- self.get_align_offset() )
++ self.get_align_offset() )
+ prefix = [('_aux', '->', self)]
+ aux_ptr = 'xcb_out'
+
+@@ -1390,7 +1390,7 @@ def _c_serialize(context, self):
+ _c(' unsigned int xcb_align_to = 0;')
+ if self.is_switch:
+ _c(' unsigned int xcb_padding_offset = %d;',
+- self.get_align_offset() )
++ self.get_align_offset() )
+
+ elif 'sizeof' == context:
+ param_names = [p[2] for p in params]
+@@ -1930,14 +1930,14 @@ def _c_accessors_list(self, field):
+ # from the request size and divide that by the member size
+ return '(((R->length * 4) - sizeof('+ self.c_type + '))/'+'sizeof('+field.type.member.c_wiretype+'))'
+ else:
+- # use the accessor to get the start of the list, then
+- # compute the length of it by subtracting it from
++ # use the accessor to get the start of the list, then
++ # compute the length of it by subtracting it from
+ # the adress of the first byte after the end of the
+ # request
+- after_end_of_request = '(((char*)R) + R->length * 4)'
+- start_of_list = '%s(R)' % (field.c_accessor_name)
++ after_end_of_request = '(((char*)R) + R->length * 4)'
++ start_of_list = '%s(R)' % (field.c_accessor_name)
+ bytesize_of_list = '%s - (char*)(%s)' % (after_end_of_request, start_of_list)
+- return '(%s) / sizeof(%s)' % (bytesize_of_list, field.type.member.c_wiretype)
++ return '(%s) / sizeof(%s)' % (bytesize_of_list, field.type.member.c_wiretype)
+ else:
+ raise Exception(
+ "lengthless lists with varsized members are not supported. Fieldname '%s'"
+--
+2.11.1
+
diff --git a/gnu/packages/patches/pcre-CVE-2016-3191.patch b/gnu/packages/patches/pcre-CVE-2016-3191.patch
deleted file mode 100644
index 89cce2a36f..0000000000
--- a/gnu/packages/patches/pcre-CVE-2016-3191.patch
+++ /dev/null
@@ -1,151 +0,0 @@
-Fix for CVE-2016-3191.
-See <https://bugzilla.redhat.com/show_bug.cgi?id=1311503>.
-This is svn r1631 at <svn://vcs.exim.org/pcre/code>.
-
-Index: trunk/testdata/testoutput11-16
-===================================================================
---- trunk/testdata/testoutput11-16 (revision 1630)
-+++ trunk/testdata/testoutput11-16 (revision 1631)
-@@ -765,4 +765,7 @@
- 25 End
- ------------------------------------------------------------------
-
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+Failed: regular expression is too complicated at offset 490
-+
- /-- End of testinput11 --/
-Index: trunk/testdata/testinput11
-===================================================================
---- trunk/testdata/testinput11 (revision 1630)
-+++ trunk/testdata/testinput11 (revision 1631)
-@@ -138,4 +138,6 @@
-
- /.((?2)(?R)\1)()/B
-
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+
- /-- End of testinput11 --/
-Index: trunk/testdata/testoutput11-8
-===================================================================
---- trunk/testdata/testoutput11-8 (revision 1630)
-+++ trunk/testdata/testoutput11-8 (revision 1631)
-@@ -765,4 +765,7 @@
- 38 End
- ------------------------------------------------------------------
-
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+Failed: missing ) at offset 509
-+
- /-- End of testinput11 --/
-Index: trunk/testdata/testoutput11-32
-===================================================================
---- trunk/testdata/testoutput11-32 (revision 1630)
-+++ trunk/testdata/testoutput11-32 (revision 1631)
-@@ -765,4 +765,7 @@
- 25 End
- ------------------------------------------------------------------
-
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+Failed: missing ) at offset 509
-+
- /-- End of testinput11 --/
-Index: trunk/pcre_internal.h
-===================================================================
---- trunk/pcre_internal.h (revision 1630)
-+++ trunk/pcre_internal.h (revision 1631)
-@@ -7,7 +7,7 @@
- and semantics are as close as possible to those of the Perl 5 language.
-
- Written by Philip Hazel
-- Copyright (c) 1997-2014 University of Cambridge
-+ Copyright (c) 1997-2016 University of Cambridge
-
- -----------------------------------------------------------------------------
- Redistribution and use in source and binary forms, with or without
-@@ -2289,7 +2289,7 @@
- ERR50, ERR51, ERR52, ERR53, ERR54, ERR55, ERR56, ERR57, ERR58, ERR59,
- ERR60, ERR61, ERR62, ERR63, ERR64, ERR65, ERR66, ERR67, ERR68, ERR69,
- ERR70, ERR71, ERR72, ERR73, ERR74, ERR75, ERR76, ERR77, ERR78, ERR79,
-- ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERRCOUNT };
-+ ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERR87, ERRCOUNT };
-
- /* JIT compiling modes. The function list is indexed by them. */
-
-Index: trunk/pcre_compile.c
-===================================================================
---- trunk/pcre_compile.c (revision 1630)
-+++ trunk/pcre_compile.c (revision 1631)
-@@ -6,7 +6,7 @@
- and semantics are as close as possible to those of the Perl 5 language.
-
- Written by Philip Hazel
-- Copyright (c) 1997-2014 University of Cambridge
-+ Copyright (c) 1997-2016 University of Cambridge
-
- -----------------------------------------------------------------------------
- Redistribution and use in source and binary forms, with or without
-@@ -560,6 +560,7 @@
- /* 85 */
- "parentheses are too deeply nested (stack check)\0"
- "digits missing in \\x{} or \\o{}\0"
-+ "regular expression is too complicated\0"
- ;
-
- /* Table to identify digits and hex digits. This is used when compiling
-@@ -4591,7 +4592,8 @@
- if (code > cd->start_workspace + cd->workspace_size -
- WORK_SIZE_SAFETY_MARGIN) /* Check for overrun */
- {
-- *errorcodeptr = ERR52;
-+ *errorcodeptr = (code >= cd->start_workspace + cd->workspace_size)?
-+ ERR52 : ERR87;
- goto FAILED;
- }
-
-@@ -6626,8 +6628,21 @@
- cd->had_accept = TRUE;
- for (oc = cd->open_caps; oc != NULL; oc = oc->next)
- {
-- *code++ = OP_CLOSE;
-- PUT2INC(code, 0, oc->number);
-+ if (lengthptr != NULL)
-+ {
-+#ifdef COMPILE_PCRE8
-+ *lengthptr += 1 + IMM2_SIZE;
-+#elif defined COMPILE_PCRE16
-+ *lengthptr += 2 + IMM2_SIZE;
-+#elif defined COMPILE_PCRE32
-+ *lengthptr += 4 + IMM2_SIZE;
-+#endif
-+ }
-+ else
-+ {
-+ *code++ = OP_CLOSE;
-+ PUT2INC(code, 0, oc->number);
-+ }
- }
- setverb = *code++ =
- (cd->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT;
-Index: trunk/pcreposix.c
-===================================================================
---- trunk/pcreposix.c (revision 1630)
-+++ trunk/pcreposix.c (revision 1631)
-@@ -6,7 +6,7 @@
- and semantics are as close as possible to those of the Perl 5 language.
-
- Written by Philip Hazel
-- Copyright (c) 1997-2014 University of Cambridge
-+ Copyright (c) 1997-2016 University of Cambridge
-
- -----------------------------------------------------------------------------
- Redistribution and use in source and binary forms, with or without
-@@ -173,7 +173,8 @@
- REG_BADPAT, /* group name must start with a non-digit */
- /* 85 */
- REG_BADPAT, /* parentheses too deeply nested (stack check) */
-- REG_BADPAT /* missing digits in \x{} or \o{} */
-+ REG_BADPAT, /* missing digits in \x{} or \o{} */
-+ REG_BADPAT /* pattern too complicated */
- };
-
- /* Table of texts corresponding to POSIX error codes */
diff --git a/gnu/packages/patches/python-2.7-getentropy-on-old-kernels.patch b/gnu/packages/patches/python-2.7-getentropy-on-old-kernels.patch
new file mode 100644
index 0000000000..5a09b4ac52
--- /dev/null
+++ b/gnu/packages/patches/python-2.7-getentropy-on-old-kernels.patch
@@ -0,0 +1,54 @@
+This patch resolves a compatibility issue when compiled against glibc
+2.25
+and run runder kernels < 3.17:
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1410175
+
+Upstream bug URLs:
+
+https://bugs.python.org/issue29157
+https://bugs.python.org/issue29188
+
+Patch adapted from upstream source repository:
+
+https://github.com/python/cpython/commit/01bdbad3e951014c58581635b94b22868537901c
+
+From 01bdbad3e951014c58581635b94b22868537901c Mon Sep 17 00:00:00 2001
+From: Victor Stinner <victor.stinner@gmail.com>
+Date: Mon, 9 Jan 2017 11:10:41 +0100
+Subject: [PATCH] Don't use getentropy() on Linux
+
+Issue #29188: Support glibc 2.24 on Linux: don't use getentropy() function but
+read from /dev/urandom to get random bytes, for example in os.urandom(). On
+Linux, getentropy() is implemented which getrandom() is blocking mode, whereas
+os.urandom() should not block.
+---
+ Misc/NEWS | 5 +++++
+ Python/random.c | 11 +++++++++--
+ 2 files changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/Python/random.c b/Python/random.c
+index 57c41ffcd6..000cb36938 100644
+--- a/Python/random.c
++++ b/Python/random.c
+@@ -97,8 +97,15 @@ win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise)
+ }
+
+ /* Issue #25003: Don't use getentropy() on Solaris (available since
+- * Solaris 11.3), it is blocking whereas os.urandom() should not block. */
+-#elif defined(HAVE_GETENTROPY) && !defined(sun)
++ Solaris 11.3), it is blocking whereas os.urandom() should not block.
++
++ Issue #29188: Don't use getentropy() on Linux since the glibc 2.24
++ implements it with the getrandom() syscall which can fail with ENOSYS,
++ and this error is not supported in py_getentropy() and getrandom() is called
++ with flags=0 which blocks until system urandom is initialized, which is not
++ the desired behaviour to seed the Python hash secret nor for os.urandom():
++ see the PEP 524 which was only implemented in Python 3.6. */
++#elif defined(HAVE_GETENTROPY) && !defined(sun) && !defined(linux)
+ #define PY_GETENTROPY 1
+
+ /* Fill buffer with size pseudo-random bytes generated by getentropy().
+--
+2.12.0
+
diff --git a/gnu/packages/patches/python-3.4-fix-tests.patch b/gnu/packages/patches/python-3.4-fix-tests.patch
deleted file mode 100644
index d1f8138e79..0000000000
--- a/gnu/packages/patches/python-3.4-fix-tests.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- Lib/test/test_posixpath.py 2014-03-01 05:46:56.984311000 +0100
-+++ Lib/test/test_posixpath.py 2014-03-07 00:59:20.888311000 +0100
-@@ -319,7 +319,11 @@
- del env['HOME']
- home = pwd.getpwuid(os.getuid()).pw_dir
- # $HOME can end with a trailing /, so strip it (see #17809)
-- self.assertEqual(posixpath.expanduser("~"), home.rstrip("/"))
-+ # The Guix builders have '/' as a home directory, so
-+ # home.rstrip("/") will be an empty string and the test will
-+ # fail. Let's just disable it since it does not really make
-+ # sense with such a bizarre setup.
-+ # self.assertEqual(posixpath.expanduser("~"), home.rstrip("/"))
diff --git a/gnu/packages/patches/python-3.5-fix-tests.patch b/gnu/packages/patches/python-3.5-fix-tests.patch
index 46d2a84efb..9778b88dbd 100644
--- a/gnu/packages/patches/python-3.5-fix-tests.patch
+++ b/gnu/packages/patches/python-3.5-fix-tests.patch
@@ -35,12 +35,35 @@ prior revisions of Python.
--- Lib/test/test_asyncio/test_base_events.py
+++ Lib/test/test_asyncio/test_base_events.py
-@@ -142,6 +142,8 @@ class BaseEventTests(test_utils.TestCase):
- (INET, STREAM, TCP, '', ('1.2.3.4', 1)),
- base_events._ipaddr_info('1.2.3.4', b'1', INET, STREAM, TCP))
-
+@@ -1216,6 +1216,8 @@
+ self._test_create_connection_ip_addr(m_socket, False)
+
+ @patch_socket
+ @unittest.skipUnless(support.is_resource_enabled('network'),
+ 'network is not enabled')
- def test_getaddrinfo_servname(self):
- INET = socket.AF_INET
- STREAM = socket.SOCK_STREAM
+ def test_create_connection_service_name(self, m_socket):
+ m_socket.getaddrinfo = socket.getaddrinfo
+ sock = m_socket.socket.return_value
+
+--- Lib/test/test_pdb.py.org 2017-03-12 03:09:01.991856701 +0100
++++ Lib/test/test_pdb.py 2017-03-12 03:26:17.742572869 +0100
+
+For some reason, KeyboardInterrupts do not work in the build
+environment (lack of controlling TTY?). Just change the expected
+outcome. Unfortunately, this will make it fail for users running
+`python -m test test_pdb test_pdb` interactively.
+
+@@ -928,11 +928,11 @@
+ > <doctest test.test_pdb.test_pdb_issue_20766[0]>(6)test_function()
+ -> print('pdb %d: %s' % (i, sess._previous_sigint_handler))
+ (Pdb) continue
+- pdb 1: <built-in function default_int_handler>
++ pdb 1: Handlers.SIG_IGN
+ > <doctest test.test_pdb.test_pdb_issue_20766[0]>(5)test_function()
+ -> sess.set_trace(sys._getframe())
+ (Pdb) continue
+- pdb 2: <built-in function default_int_handler>
++ pdb 2: Handlers.SIG_IGN
+ """
+
+ class PdbTestCase(unittest.TestCase):
diff --git a/gnu/packages/patches/python-3.5-getentropy-on-old-kernels.patch b/gnu/packages/patches/python-3.5-getentropy-on-old-kernels.patch
new file mode 100644
index 0000000000..8a12b5b448
--- /dev/null
+++ b/gnu/packages/patches/python-3.5-getentropy-on-old-kernels.patch
@@ -0,0 +1,720 @@
+This patch resolves a compatibility issue when compiled against glibc 2.25
+and run runder kernels < 3.17:
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1410175
+
+Upstream bug URL: https://bugs.python.org/issue29157
+
+Patch copied from upstream source repository:
+
+https://hg.python.org/cpython/rev/8125d9a8152b
+
+# HG changeset patch
+# User Victor Stinner <victor.stinner@gmail.com>
+# Date 1483957133 -3600
+# Node ID 8125d9a8152b79e712cb09c7094b9129b9bcea86
+# Parent 337461574c90281630751b6095c4e1baf380cf7d
+Issue #29157: Prefer getrandom() over getentropy()
+
+Copy and then adapt Python/random.c from default branch. Difference between 3.5
+and default branches:
+
+* Python 3.5 only uses getrandom() in non-blocking mode: flags=GRND_NONBLOCK
+* If getrandom() fails with EAGAIN: py_getrandom() immediately fails and
+ remembers that getrandom() doesn't work.
+* Python 3.5 has no _PyOS_URandomNonblock() function: _PyOS_URandom()
+ works in non-blocking mode on Python 3.5
+
+diff --git a/Python/random.c b/Python/random.c
+--- Python/random.c
++++ Python/random.c
+@@ -1,6 +1,9 @@
+ #include "Python.h"
+ #ifdef MS_WINDOWS
+ # include <windows.h>
++/* All sample MSDN wincrypt programs include the header below. It is at least
++ * required with Min GW. */
++# include <wincrypt.h>
+ #else
+ # include <fcntl.h>
+ # ifdef HAVE_SYS_STAT_H
+@@ -37,10 +40,9 @@ win32_urandom_init(int raise)
+ return 0;
+
+ error:
+- if (raise)
++ if (raise) {
+ PyErr_SetFromWindowsErr(0);
+- else
+- Py_FatalError("Failed to initialize Windows random API (CryptoGen)");
++ }
+ return -1;
+ }
+
+@@ -53,8 +55,9 @@ win32_urandom(unsigned char *buffer, Py_
+
+ if (hCryptProv == 0)
+ {
+- if (win32_urandom_init(raise) == -1)
++ if (win32_urandom_init(raise) == -1) {
+ return -1;
++ }
+ }
+
+ while (size > 0)
+@@ -63,11 +66,9 @@ win32_urandom(unsigned char *buffer, Py_
+ if (!CryptGenRandom(hCryptProv, (DWORD)chunk, buffer))
+ {
+ /* CryptGenRandom() failed */
+- if (raise)
++ if (raise) {
+ PyErr_SetFromWindowsErr(0);
+- else
+- Py_FatalError("Failed to initialized the randomized hash "
+- "secret using CryptoGen)");
++ }
+ return -1;
+ }
+ buffer += chunk;
+@@ -76,58 +77,23 @@ win32_urandom(unsigned char *buffer, Py_
+ return 0;
+ }
+
+-/* Issue #25003: Don't use getentropy() on Solaris (available since
+- * Solaris 11.3), it is blocking whereas os.urandom() should not block. */
+-#elif defined(HAVE_GETENTROPY) && !defined(sun)
+-#define PY_GETENTROPY 1
+-
+-/* Fill buffer with size pseudo-random bytes generated by getentropy().
+- Return 0 on success, or raise an exception and return -1 on error.
+-
+- If fatal is nonzero, call Py_FatalError() instead of raising an exception
+- on error. */
+-static int
+-py_getentropy(unsigned char *buffer, Py_ssize_t size, int fatal)
+-{
+- while (size > 0) {
+- Py_ssize_t len = Py_MIN(size, 256);
+- int res;
+-
+- if (!fatal) {
+- Py_BEGIN_ALLOW_THREADS
+- res = getentropy(buffer, len);
+- Py_END_ALLOW_THREADS
+-
+- if (res < 0) {
+- PyErr_SetFromErrno(PyExc_OSError);
+- return -1;
+- }
+- }
+- else {
+- res = getentropy(buffer, len);
+- if (res < 0)
+- Py_FatalError("getentropy() failed");
+- }
+-
+- buffer += len;
+- size -= len;
+- }
+- return 0;
+-}
+-
+-#else
++#else /* !MS_WINDOWS */
+
+ #if defined(HAVE_GETRANDOM) || defined(HAVE_GETRANDOM_SYSCALL)
+ #define PY_GETRANDOM 1
+
+-/* Call getrandom()
++/* Call getrandom() to get random bytes:
++
+ - Return 1 on success
+- - Return 0 if getrandom() syscall is not available (failed with ENOSYS or
+- EPERM) or if getrandom(GRND_NONBLOCK) failed with EAGAIN (system urandom
+- not initialized yet) and raise=0.
++ - Return 0 if getrandom() is not available (failed with ENOSYS or EPERM),
++ or if getrandom(GRND_NONBLOCK) failed with EAGAIN (system urandom not
++ initialized yet).
+ - Raise an exception (if raise is non-zero) and return -1 on error:
+- getrandom() failed with EINTR and the Python signal handler raised an
+- exception, or getrandom() failed with a different error. */
++ if getrandom() failed with EINTR, raise is non-zero and the Python signal
++ handler raised an exception, or if getrandom() failed with a different
++ error.
++
++ getrandom() is retried if it failed with EINTR: interrupted by a signal. */
+ static int
+ py_getrandom(void *buffer, Py_ssize_t size, int raise)
+ {
+@@ -142,16 +108,19 @@ py_getrandom(void *buffer, Py_ssize_t si
+ * see https://bugs.python.org/issue26839. To avoid this, use the
+ * GRND_NONBLOCK flag. */
+ const int flags = GRND_NONBLOCK;
++ char *dest;
+ long n;
+
+ if (!getrandom_works) {
+ return 0;
+ }
+
++ dest = buffer;
+ while (0 < size) {
+ #ifdef sun
+ /* Issue #26735: On Solaris, getrandom() is limited to returning up
+- to 1024 bytes */
++ to 1024 bytes. Call it multiple times if more bytes are
++ requested. */
+ n = Py_MIN(size, 1024);
+ #else
+ n = Py_MIN(size, LONG_MAX);
+@@ -161,34 +130,35 @@ py_getrandom(void *buffer, Py_ssize_t si
+ #ifdef HAVE_GETRANDOM
+ if (raise) {
+ Py_BEGIN_ALLOW_THREADS
+- n = getrandom(buffer, n, flags);
++ n = getrandom(dest, n, flags);
+ Py_END_ALLOW_THREADS
+ }
+ else {
+- n = getrandom(buffer, n, flags);
++ n = getrandom(dest, n, flags);
+ }
+ #else
+ /* On Linux, use the syscall() function because the GNU libc doesn't
+- * expose the Linux getrandom() syscall yet. See:
+- * https://sourceware.org/bugzilla/show_bug.cgi?id=17252 */
++ expose the Linux getrandom() syscall yet. See:
++ https://sourceware.org/bugzilla/show_bug.cgi?id=17252 */
+ if (raise) {
+ Py_BEGIN_ALLOW_THREADS
+- n = syscall(SYS_getrandom, buffer, n, flags);
++ n = syscall(SYS_getrandom, dest, n, flags);
+ Py_END_ALLOW_THREADS
+ }
+ else {
+- n = syscall(SYS_getrandom, buffer, n, flags);
++ n = syscall(SYS_getrandom, dest, n, flags);
+ }
+ #endif
+
+ if (n < 0) {
+- /* ENOSYS: getrandom() syscall not supported by the kernel (but
+- * maybe supported by the host which built Python). EPERM:
+- * getrandom() syscall blocked by SECCOMP or something else. */
++ /* ENOSYS: the syscall is not supported by the kernel.
++ EPERM: the syscall is blocked by a security policy (ex: SECCOMP)
++ or something else. */
+ if (errno == ENOSYS || errno == EPERM) {
+ getrandom_works = 0;
+ return 0;
+ }
++
+ if (errno == EAGAIN) {
+ /* getrandom(GRND_NONBLOCK) fails with EAGAIN if the system
+ urandom is not initialiazed yet. In this case, fall back on
+@@ -202,32 +172,101 @@ py_getrandom(void *buffer, Py_ssize_t si
+ }
+
+ if (errno == EINTR) {
+- if (PyErr_CheckSignals()) {
+- if (!raise) {
+- Py_FatalError("getrandom() interrupted by a signal");
++ if (raise) {
++ if (PyErr_CheckSignals()) {
++ return -1;
+ }
+- return -1;
+ }
+
+- /* retry getrandom() */
++ /* retry getrandom() if it was interrupted by a signal */
+ continue;
+ }
+
+ if (raise) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ }
+- else {
+- Py_FatalError("getrandom() failed");
++ return -1;
++ }
++
++ dest += n;
++ size -= n;
++ }
++ return 1;
++}
++
++#elif defined(HAVE_GETENTROPY)
++#define PY_GETENTROPY 1
++
++/* Fill buffer with size pseudo-random bytes generated by getentropy():
++
++ - Return 1 on success
++ - Return 0 if getentropy() syscall is not available (failed with ENOSYS or
++ EPERM).
++ - Raise an exception (if raise is non-zero) and return -1 on error:
++ if getentropy() failed with EINTR, raise is non-zero and the Python signal
++ handler raised an exception, or if getentropy() failed with a different
++ error.
++
++ getentropy() is retried if it failed with EINTR: interrupted by a signal. */
++static int
++py_getentropy(char *buffer, Py_ssize_t size, int raise)
++{
++ /* Is getentropy() supported by the running kernel? Set to 0 if
++ getentropy() failed with ENOSYS or EPERM. */
++ static int getentropy_works = 1;
++
++ if (!getentropy_works) {
++ return 0;
++ }
++
++ while (size > 0) {
++ /* getentropy() is limited to returning up to 256 bytes. Call it
++ multiple times if more bytes are requested. */
++ Py_ssize_t len = Py_MIN(size, 256);
++ int res;
++
++ if (raise) {
++ Py_BEGIN_ALLOW_THREADS
++ res = getentropy(buffer, len);
++ Py_END_ALLOW_THREADS
++ }
++ else {
++ res = getentropy(buffer, len);
++ }
++
++ if (res < 0) {
++ /* ENOSYS: the syscall is not supported by the running kernel.
++ EPERM: the syscall is blocked by a security policy (ex: SECCOMP)
++ or something else. */
++ if (errno == ENOSYS || errno == EPERM) {
++ getentropy_works = 0;
++ return 0;
++ }
++
++ if (errno == EINTR) {
++ if (raise) {
++ if (PyErr_CheckSignals()) {
++ return -1;
++ }
++ }
++
++ /* retry getentropy() if it was interrupted by a signal */
++ continue;
++ }
++
++ if (raise) {
++ PyErr_SetFromErrno(PyExc_OSError);
+ }
+ return -1;
+ }
+
+- buffer += n;
+- size -= n;
++ buffer += len;
++ size -= len;
+ }
+ return 1;
+ }
+-#endif
++#endif /* defined(HAVE_GETENTROPY) && !defined(sun) */
++
+
+ static struct {
+ int fd;
+@@ -235,136 +274,123 @@ static struct {
+ ino_t st_ino;
+ } urandom_cache = { -1 };
+
++/* Read random bytes from the /dev/urandom device:
+
+-/* Read 'size' random bytes from py_getrandom(). Fall back on reading from
+- /dev/urandom if getrandom() is not available.
++ - Return 0 on success
++ - Raise an exception (if raise is non-zero) and return -1 on error
+
+- Call Py_FatalError() on error. */
+-static void
+-dev_urandom_noraise(unsigned char *buffer, Py_ssize_t size)
++ Possible causes of errors:
++
++ - open() failed with ENOENT, ENXIO, ENODEV, EACCES: the /dev/urandom device
++ was not found. For example, it was removed manually or not exposed in a
++ chroot or container.
++ - open() failed with a different error
++ - fstat() failed
++ - read() failed or returned 0
++
++ read() is retried if it failed with EINTR: interrupted by a signal.
++
++ The file descriptor of the device is kept open between calls to avoid using
++ many file descriptors when run in parallel from multiple threads:
++ see the issue #18756.
++
++ st_dev and st_ino fields of the file descriptor (from fstat()) are cached to
++ check if the file descriptor was replaced by a different file (which is
++ likely a bug in the application): see the issue #21207.
++
++ If the file descriptor was closed or replaced, open a new file descriptor
++ but don't close the old file descriptor: it probably points to something
++ important for some third-party code. */
++static int
++dev_urandom(char *buffer, Py_ssize_t size, int raise)
+ {
+ int fd;
+ Py_ssize_t n;
+
+- assert (0 < size);
++ if (raise) {
++ struct _Py_stat_struct st;
+
+-#ifdef PY_GETRANDOM
+- if (py_getrandom(buffer, size, 0) == 1) {
+- return;
++ if (urandom_cache.fd >= 0) {
++ /* Does the fd point to the same thing as before? (issue #21207) */
++ if (_Py_fstat_noraise(urandom_cache.fd, &st)
++ || st.st_dev != urandom_cache.st_dev
++ || st.st_ino != urandom_cache.st_ino) {
++ /* Something changed: forget the cached fd (but don't close it,
++ since it probably points to something important for some
++ third-party code). */
++ urandom_cache.fd = -1;
++ }
++ }
++ if (urandom_cache.fd >= 0)
++ fd = urandom_cache.fd;
++ else {
++ fd = _Py_open("/dev/urandom", O_RDONLY);
++ if (fd < 0) {
++ if (errno == ENOENT || errno == ENXIO ||
++ errno == ENODEV || errno == EACCES) {
++ PyErr_SetString(PyExc_NotImplementedError,
++ "/dev/urandom (or equivalent) not found");
++ }
++ /* otherwise, keep the OSError exception raised by _Py_open() */
++ return -1;
++ }
++ if (urandom_cache.fd >= 0) {
++ /* urandom_fd was initialized by another thread while we were
++ not holding the GIL, keep it. */
++ close(fd);
++ fd = urandom_cache.fd;
++ }
++ else {
++ if (_Py_fstat(fd, &st)) {
++ close(fd);
++ return -1;
++ }
++ else {
++ urandom_cache.fd = fd;
++ urandom_cache.st_dev = st.st_dev;
++ urandom_cache.st_ino = st.st_ino;
++ }
++ }
++ }
++
++ do {
++ n = _Py_read(fd, buffer, (size_t)size);
++ if (n == -1)
++ return -1;
++ if (n == 0) {
++ PyErr_Format(PyExc_RuntimeError,
++ "Failed to read %zi bytes from /dev/urandom",
++ size);
++ return -1;
++ }
++
++ buffer += n;
++ size -= n;
++ } while (0 < size);
+ }
+- /* getrandom() failed with ENOSYS or EPERM,
+- fall back on reading /dev/urandom */
+-#endif
+-
+- fd = _Py_open_noraise("/dev/urandom", O_RDONLY);
+- if (fd < 0) {
+- Py_FatalError("Failed to open /dev/urandom");
+- }
+-
+- while (0 < size)
+- {
+- do {
+- n = read(fd, buffer, (size_t)size);
+- } while (n < 0 && errno == EINTR);
+-
+- if (n <= 0) {
+- /* read() failed or returned 0 bytes */
+- Py_FatalError("Failed to read bytes from /dev/urandom");
+- break;
+- }
+- buffer += n;
+- size -= n;
+- }
+- close(fd);
+-}
+-
+-/* Read 'size' random bytes from py_getrandom(). Fall back on reading from
+- /dev/urandom if getrandom() is not available.
+-
+- Return 0 on success. Raise an exception and return -1 on error. */
+-static int
+-dev_urandom_python(char *buffer, Py_ssize_t size)
+-{
+- int fd;
+- Py_ssize_t n;
+- struct _Py_stat_struct st;
+-#ifdef PY_GETRANDOM
+- int res;
+-#endif
+-
+- if (size <= 0)
+- return 0;
+-
+-#ifdef PY_GETRANDOM
+- res = py_getrandom(buffer, size, 1);
+- if (res < 0) {
+- return -1;
+- }
+- if (res == 1) {
+- return 0;
+- }
+- /* getrandom() failed with ENOSYS or EPERM,
+- fall back on reading /dev/urandom */
+-#endif
+-
+- if (urandom_cache.fd >= 0) {
+- /* Does the fd point to the same thing as before? (issue #21207) */
+- if (_Py_fstat_noraise(urandom_cache.fd, &st)
+- || st.st_dev != urandom_cache.st_dev
+- || st.st_ino != urandom_cache.st_ino) {
+- /* Something changed: forget the cached fd (but don't close it,
+- since it probably points to something important for some
+- third-party code). */
+- urandom_cache.fd = -1;
+- }
+- }
+- if (urandom_cache.fd >= 0)
+- fd = urandom_cache.fd;
+ else {
+- fd = _Py_open("/dev/urandom", O_RDONLY);
++ fd = _Py_open_noraise("/dev/urandom", O_RDONLY);
+ if (fd < 0) {
+- if (errno == ENOENT || errno == ENXIO ||
+- errno == ENODEV || errno == EACCES)
+- PyErr_SetString(PyExc_NotImplementedError,
+- "/dev/urandom (or equivalent) not found");
+- /* otherwise, keep the OSError exception raised by _Py_open() */
+ return -1;
+ }
+- if (urandom_cache.fd >= 0) {
+- /* urandom_fd was initialized by another thread while we were
+- not holding the GIL, keep it. */
+- close(fd);
+- fd = urandom_cache.fd;
+- }
+- else {
+- if (_Py_fstat(fd, &st)) {
++
++ while (0 < size)
++ {
++ do {
++ n = read(fd, buffer, (size_t)size);
++ } while (n < 0 && errno == EINTR);
++
++ if (n <= 0) {
++ /* stop on error or if read(size) returned 0 */
+ close(fd);
+ return -1;
+ }
+- else {
+- urandom_cache.fd = fd;
+- urandom_cache.st_dev = st.st_dev;
+- urandom_cache.st_ino = st.st_ino;
+- }
++
++ buffer += n;
++ size -= n;
+ }
++ close(fd);
+ }
+-
+- do {
+- n = _Py_read(fd, buffer, (size_t)size);
+- if (n == -1) {
+- return -1;
+- }
+- if (n == 0) {
+- PyErr_Format(PyExc_RuntimeError,
+- "Failed to read %zi bytes from /dev/urandom",
+- size);
+- return -1;
+- }
+-
+- buffer += n;
+- size -= n;
+- } while (0 < size);
+-
+ return 0;
+ }
+
+@@ -376,8 +402,8 @@ dev_urandom_close(void)
+ urandom_cache.fd = -1;
+ }
+ }
++#endif /* !MS_WINDOWS */
+
+-#endif
+
+ /* Fill buffer with pseudo-random bytes generated by a linear congruent
+ generator (LCG):
+@@ -400,29 +426,98 @@ lcg_urandom(unsigned int x0, unsigned ch
+ }
+ }
+
++/* Read random bytes:
++
++ - Return 0 on success
++ - Raise an exception (if raise is non-zero) and return -1 on error
++
++ Used sources of entropy ordered by preference, preferred source first:
++
++ - CryptGenRandom() on Windows
++ - getrandom() function (ex: Linux and Solaris): call py_getrandom()
++ - getentropy() function (ex: OpenBSD): call py_getentropy()
++ - /dev/urandom device
++
++ Read from the /dev/urandom device if getrandom() or getentropy() function
++ is not available or does not work.
++
++ Prefer getrandom() over getentropy() because getrandom() supports blocking
++ and non-blocking mode and Python requires non-blocking RNG at startup to
++ initialize its hash secret: see the PEP 524.
++
++ Prefer getrandom() and getentropy() over reading directly /dev/urandom
++ because these functions don't need file descriptors and so avoid ENFILE or
++ EMFILE errors (too many open files): see the issue #18756.
++
++ Only use RNG running in the kernel. They are more secure because it is
++ harder to get the internal state of a RNG running in the kernel land than a
++ RNG running in the user land. The kernel has a direct access to the hardware
++ and has access to hardware RNG, they are used as entropy sources.
++
++ Note: the OpenSSL RAND_pseudo_bytes() function does not automatically reseed
++ its RNG on fork(), two child processes (with the same pid) generate the same
++ random numbers: see issue #18747. Kernel RNGs don't have this issue,
++ they have access to good quality entropy sources.
++
++ If raise is zero:
++
++ - Don't raise an exception on error
++ - Don't call the Python signal handler (don't call PyErr_CheckSignals()) if
++ a function fails with EINTR: retry directly the interrupted function
++ - Don't release the GIL to call functions.
++*/
++static int
++pyurandom(void *buffer, Py_ssize_t size, int raise)
++{
++#if defined(PY_GETRANDOM) || defined(PY_GETENTROPY)
++ int res;
++#endif
++
++ if (size < 0) {
++ if (raise) {
++ PyErr_Format(PyExc_ValueError,
++ "negative argument not allowed");
++ }
++ return -1;
++ }
++
++ if (size == 0) {
++ return 0;
++ }
++
++#ifdef MS_WINDOWS
++ return win32_urandom((unsigned char *)buffer, size, raise);
++#else
++
++#if defined(PY_GETRANDOM) || defined(PY_GETENTROPY)
++#ifdef PY_GETRANDOM
++ res = py_getrandom(buffer, size, raise);
++#else
++ res = py_getentropy(buffer, size, raise);
++#endif
++ if (res < 0) {
++ return -1;
++ }
++ if (res == 1) {
++ return 0;
++ }
++ /* getrandom() or getentropy() function is not available: failed with
++ ENOSYS, EPERM or EAGAIN. Fall back on reading from /dev/urandom. */
++#endif
++
++ return dev_urandom(buffer, size, raise);
++#endif
++}
++
+ /* Fill buffer with size pseudo-random bytes from the operating system random
+ number generator (RNG). It is suitable for most cryptographic purposes
+ except long living private keys for asymmetric encryption.
+
+- Return 0 on success, raise an exception and return -1 on error. */
++ Return 0 on success. Raise an exception and return -1 on error. */
+ int
+ _PyOS_URandom(void *buffer, Py_ssize_t size)
+ {
+- if (size < 0) {
+- PyErr_Format(PyExc_ValueError,
+- "negative argument not allowed");
+- return -1;
+- }
+- if (size == 0)
+- return 0;
+-
+-#ifdef MS_WINDOWS
+- return win32_urandom((unsigned char *)buffer, size, 1);
+-#elif defined(PY_GETENTROPY)
+- return py_getentropy(buffer, size, 0);
+-#else
+- return dev_urandom_python((char*)buffer, size);
+-#endif
++ return pyurandom(buffer, size, 1);
+ }
+
+ void
+@@ -463,13 +558,14 @@ void
+ }
+ }
+ else {
+-#ifdef MS_WINDOWS
+- (void)win32_urandom(secret, secret_size, 0);
+-#elif defined(PY_GETENTROPY)
+- (void)py_getentropy(secret, secret_size, 1);
+-#else
+- dev_urandom_noraise(secret, secret_size);
+-#endif
++ int res;
++
++ /* _PyRandom_Init() is called very early in the Python initialization
++ and so exceptions cannot be used (use raise=0). */
++ res = pyurandom(secret, secret_size, 0);
++ if (res < 0) {
++ Py_FatalError("failed to get random numbers to initialize Python");
++ }
+ }
+ }
+
+@@ -481,8 +577,6 @@ void
+ CryptReleaseContext(hCryptProv, 0);
+ hCryptProv = 0;
+ }
+-#elif defined(PY_GETENTROPY)
+- /* nothing to clean */
+ #else
+ dev_urandom_close();
+ #endif
+
diff --git a/gnu/packages/patches/python-fix-tests.patch b/gnu/packages/patches/python-fix-tests.patch
index e093307c51..d8f69866fd 100644
--- a/gnu/packages/patches/python-fix-tests.patch
+++ b/gnu/packages/patches/python-fix-tests.patch
@@ -3,23 +3,22 @@ http://bugs.python.org/issue20868 .
--- Lib/test/test_shutil.py 2014-03-01 03:02:36.088311000 +0100
+++ Lib/test/test_shutil.py 2014-03-01 04:56:37.768311000 +0100
-@@ -1053,6 +1053,7 @@
+@@ -1127,6 +1127,7 @@
self.assertRaises(ValueError, make_archive, base_name, 'xxx')
-
- @requires_zlib
+
+ @support.requires_zlib
+ @unittest.skipIf(True, "getgrgid(0)[0] raises a KeyError on Guix")
def test_make_archive_owner_group(self):
# testing make_archive with owner and group, with various combinations
# this works even if there's not gid/uid support
-@@ -1081,6 +1082,7 @@
-
-
- @requires_zlib
+@@ -1155,6 +1156,7 @@
+
+
+ @support.requires_zlib
+ @unittest.skipIf(True, "getgrgid(0)[0] raises a KeyError on Guix")
@unittest.skipUnless(UID_GID_SUPPORT, "Requires grp and pwd support")
def test_tarfile_root_owner(self):
- tmpdir, tmpdir2, base_name = self._create_files()
-
+ root_dir, base_dir = self._create_files()
--- Lib/test/test_socket.py.orig 2014-03-02 22:14:12.264311000 +0100
+++ Lib/test/test_socket.py 2014-03-21 03:50:45.660311000 +0100
@@ -819,6 +819,8 @@
diff --git a/gnu/packages/patches/sed-hurd-path-max.patch b/gnu/packages/patches/sed-hurd-path-max.patch
deleted file mode 100644
index 5226cba4cb..0000000000
--- a/gnu/packages/patches/sed-hurd-path-max.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-7bb8d35d0330161a5af5341471d0c183a067e8c2
-Author: Jose E. Marchesi <jemarch@gnu.org>
-Date: Sun Oct 6 14:43:38 2013 +0200
-
- Set PATH_MAX to some constant in case it is not defined in system
- headers.
-
- 2013-10-06 Jose E. Marchesi <jemarch@gnu.org>
-
- * basicdefs.h (PATH_MAX): Defined to some constant in case it is
- not defined by system headers.
- * sed/utils.c: Do not include pathmax.h anymore.
- * bootstrap.conf (gnulib_modules): Do not use the gnulib module
- pathmax.
-
-diff --git a/basicdefs.h b/basicdefs.h
-index 0d28a97..09f5beb 100644
---- a/basicdefs.h
-+++ b/basicdefs.h
-@@ -40,6 +41,13 @@ typedef unsigned long countT;
- #define obstack_chunk_alloc ck_malloc
- #define obstack_chunk_free free
-
-+/* MAX_PATH is not defined in some platforms, most notably GNU/Hurd.
-+ In that case we define it here to some constant. Note however that
-+ this relies in the fact that sed does reallocation if a buffer
-+ needs to be larger than PATH_MAX. */
-+#ifndef PATH_MAX
-+# define PATH_MAX 200
-+#endif
-
- /* handle misdesigned <ctype.h> macros (snarfed from lib/regex.c) */
- /* Jim Meyering writes:
-
diff --git a/gnu/packages/patches/tar-CVE-2016-6321.patch b/gnu/packages/patches/tar-CVE-2016-6321.patch
new file mode 100644
index 0000000000..b79be9bc94
--- /dev/null
+++ b/gnu/packages/patches/tar-CVE-2016-6321.patch
@@ -0,0 +1,51 @@
+Fix CVE-2016-6321:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321
+https://security-tracker.debian.org/tracker/CVE-2016-6321
+
+Patch adapted from upstream source repository (the changes to 'NEWS'
+don't apply to the Tar 1.29 release tarball).
+
+http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d
+
+From 7340f67b9860ea0531c1450e5aa261c50f67165d Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@Penguin.CS.UCLA.EDU>
+Date: Sat, 29 Oct 2016 21:04:40 -0700
+Subject: [PATCH] When extracting, skip ".." members
+
+* NEWS: Document this.
+* src/extract.c (extract_archive): Skip members whose names
+contain "..".
+---
+ NEWS | 8 +++++++-
+ src/extract.c | 8 ++++++++
+ 2 files changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/src/extract.c b/src/extract.c
+index f982433..7904148 100644
+--- a/src/extract.c
++++ b/src/extract.c
+@@ -1629,12 +1629,20 @@ extract_archive (void)
+ {
+ char typeflag;
+ tar_extractor_t fun;
++ bool skip_dotdot_name;
+
+ fatal_exit_hook = extract_finish;
+
+ set_next_block_after (current_header);
+
++ skip_dotdot_name = (!absolute_names_option
++ && contains_dot_dot (current_stat_info.orig_file_name));
++ if (skip_dotdot_name)
++ ERROR ((0, 0, _("%s: Member name contains '..'"),
++ quotearg_colon (current_stat_info.orig_file_name)));
++
+ if (!current_stat_info.file_name[0]
++ || skip_dotdot_name
+ || (interactive_option
+ && !confirm ("extract", current_stat_info.file_name)))
+ {
+--
+2.11.0
+
diff --git a/gnu/packages/patches/tcsh-do-not-define-BSDWAIT.patch b/gnu/packages/patches/tcsh-do-not-define-BSDWAIT.patch
deleted file mode 100644
index 1426883216..0000000000
--- a/gnu/packages/patches/tcsh-do-not-define-BSDWAIT.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-Do not define BSDWAIT to avoid error "storage size of ‘w’ isn’t known".
-
-This is an adapted version of the upstream patch taken from here:
-https://github.com/tcsh-org/tcsh/commit/4689eb60a74bf13bc146ca3d76e9d7a124ab7b49.patch
-
-From 4689eb60a74bf13bc146ca3d76e9d7a124ab7b49 Mon Sep 17 00:00:00 2001
-From: christos <christos>
-Date: Fri, 23 Sep 2016 19:17:28 +0000
-Subject: [PATCH] Don't define BSDWAIT for linux anymore.
-
----
- sh.proc.c | 8 +++-----
- 1 file changed, 3 insertions(+), 5 deletions(-)
-
-diff --git a/sh.proc.c b/sh.proc.c
-index 49b199f..874d67c 100644
---- sh.proc.c
-+++ sh.proc.c
-@@ -47,11 +47,9 @@ RCSID("$tcsh$")
- # define HZ 16
- #endif /* aiws */
-
--#if defined(_BSD) || (defined(IRIS4D) && __STDC__) || defined(__lucid) || defined(__linux__) || defined(__GNU__) || defined(__GLIBC__)
--# if !defined(__ANDROID__)
--# define BSDWAIT
--# endif
--#endif /* _BSD || (IRIS4D && __STDC__) || __lucid || glibc */
-+#if defined(_BSD) || (defined(IRIS4D) && __STDC__) || defined(__lucid)
-+# define BSDWAIT
-+#endif /* _BSD || (IRIS4D && __STDC__) || __lucid */
- #ifndef WTERMSIG
- # define WTERMSIG(w) (((union wait *) &(w))->w_termsig)
- # ifndef BSDWAIT
diff --git a/gnu/packages/patches/tcsh-fix-autotest.patch b/gnu/packages/patches/tcsh-fix-autotest.patch
index a16980161c..78444a1b2a 100644
--- a/gnu/packages/patches/tcsh-fix-autotest.patch
+++ b/gnu/packages/patches/tcsh-fix-autotest.patch
@@ -1,6 +1,6 @@
---- tests/commands.at 2011-01-22 01:04:02.000000000 +0100
-+++ tests/commands.at 2013-02-04 10:57:24.000000000 +0100
-@@ -919,26 +919,27 @@
+--- tests/commands.at
++++ tests/commands.at
+@@ -921,26 +921,27 @@ AT_CLEANUP
TCSH_UNTESTED([notify])
@@ -48,27 +48,9 @@
AT_SETUP([popd])
-@@ -1203,11 +1204,12 @@
- AT_DATA([script.csh],
- [[set var=$1
- ]])
--AT_CHECK([[tcsh -f -c 'source -h script.csh foo; history' \
-- | sed 's/ [^ ]* / TIME /']], ,
--[ 1 TIME source -h script.csh foo ; history
-- 2 TIME set var=$1
--])
-+# XXX: Not sure why this fails. The output is : "1 TIME set var=$1"
-+#AT_CHECK([[tcsh -f -c 'source -h script.csh foo; history' \
-+# | sed 's/ [^ ]* / TIME /']], ,
-+#[ 1 TIME source -h script.csh foo ; history
-+# 2 TIME set var=$1
-+#])
-
- AT_CHECK([tcsh -f -c 'source -h script.csh foo; echo $var'], 1, [],
- [var: Undefined variable.
---- tests/lexical.at 2011-12-27 22:50:52.000000000 +0100
-+++ tests/lexical.at 2013-02-04 10:53:21.000000000 +0100
-@@ -33,9 +33,9 @@
+--- tests/lexical.at
++++ tests/lexical.at
+@@ -35,9 +35,9 @@ AT_CHECK([if [ ! -t 0 ]; then exit 77; fi],, [Skipping comment tests])
AT_CHECK([echo 'echo OK@%:@comment' | tcsh -f], , [OK
])
@@ -81,9 +63,33 @@
AT_DATA([comment2.csh],
[[echo testing...@%:@\
---- tests/subst.at 2011-12-27 22:50:52.000000000 +0100
-+++ tests/subst.at 2013-02-01 08:14:25.000000000 +0100
-@@ -54,7 +54,7 @@
+@@ -567,10 +567,10 @@ run=3
+# Adapt to changes in sed 4.3:
+# https://github.com/tcsh-org/tcsh/commit/2ad4fc1705893207598ed5cd21713ddf3f17bba0
+ ]])
+ AT_DATA([uniformity_test.csh],
+ [[
+-set SERVICE_NAME_LOG = `cat batchsystem.properties | grep '^jdbc_url' | sed -ne 's/^[^=]*=[^@]*@[:blank:]*\([^$]*\)$/\1/p' | perl -pe 's/\s//g' | perl -pe 's/\)/\\\)/g' | perl -pe 's/\(/\\\(/g'`
++set SERVICE_NAME_LOG = `cat batchsystem.properties | grep '^jdbc_url' | sed -ne 's/^[^=]*=[^@]*@[[:blank:]]*\([^$]*\)$/\1/p' | perl -pe 's/\s//g' | perl -pe 's/\)/\\\)/g' | perl -pe 's/\(/\\\(/g'`
+ echo -n "$SERVICE_NAME_LOG" > ./output1
+
+-cat batchsystem.properties | grep '^jdbc_url' | sed -ne 's/^[^=]*=[^@]*@[:blank:]*\([^$]*\)$/\1/p' | perl -pe 's/\s//g' | perl -pe 's/\)/\\\)/g' | perl -pe 's/\(/\\\(/g' > ./output2
++cat batchsystem.properties | grep '^jdbc_url' | sed -ne 's/^[^=]*=[^@]*@[[:blank:]]*\([^$]*\)$/\1/p' | perl -pe 's/\s//g' | perl -pe 's/\)/\\\)/g' | perl -pe 's/\(/\\\(/g' > ./output2
+
+ diff -uprN ./output1 ./output2 >& /dev/null
+
+@@ -587,7 +587,7 @@ AT_DATA([quoting_result_test.csh],
+ echo "(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP\)(HOST=db\)(PORT=1521\)\)(CONNECT_DATA=(SERVER=DEDICATED\)(SERVICE_NAME=bns03\)\)\)" > ./expected_result
+
+ set string = "jdbc_url=jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=db)(PORT=1521))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=bns03)))"
+-set SERVICE_NAME_LOG = `echo "$string" | grep '^jdbc_url' | sed -ne 's/^[^=]*=[^@]*@[:blank:]*\([^$]*\)$/\1/p' | perl -pe 's/\)/\\\)/g'`
++set SERVICE_NAME_LOG = `echo "$string" | grep '^jdbc_url' | sed -ne 's/^[^=]*=[^@]*@[[:blank:]]*\([^$]*\)$/\1/p' | perl -pe 's/\)/\\\)/g'`
+
+ echo "$SERVICE_NAME_LOG" > ./actual_result
+
+--- tests/subst.at
++++ tests/subst.at
+@@ -54,7 +54,7 @@ AT_CHECK([echo 'echo ~; echo "$HOME"' | tcsh -f | uniq | wc -l | tr -d ' \t'],
, [1
])
@@ -92,39 +98,9 @@
| wc -l | tr -d ' \t'], , [1
])
---- tests/variables.at 2011-12-27 22:50:52.000000000 +0100
-+++ tests/variables.at 2013-02-04 11:40:35.000000000 +0100
-@@ -317,17 +317,18 @@
- AT_CLEANUP
-
-
--AT_SETUP([$ edit])
--
--AT_CHECK([TERM=something tcsh -f -c 'echo $?edit'], ,
--[1
--])
--
--AT_CHECK([TERM=dumb tcsh -f -c 'echo $?edit'], ,
--[0
--])
--
--AT_CLEANUP
-+# XXX
-+#AT_SETUP([$ edit])
-+#
-+#AT_CHECK([TERM=something tcsh -f -c 'echo $?edit'], ,
-+#[1
-+#])
-+#
-+#AT_CHECK([TERM=dumb tcsh -f -c 'echo $?edit'], ,
-+#[0
-+#])
-+#
-+#AT_CLEANUP
-
-
- AT_SETUP([$ ellipsis])
-@@ -642,7 +643,8 @@
+--- tests/variables.at
++++ tests/variables.at
+@@ -666,7 +666,8 @@ set listflags=(-xA $cwd/args.sh)
ls-F -something .
]])
AT_DATA([args.sh],
@@ -134,7 +110,22 @@
]])
chmod a+x args.sh
AT_CHECK([tcsh -f listflags.csh], ,
-@@ -695,55 +697,57 @@
+@@ -704,9 +705,9 @@ AT_CHECK([tcsh -f mail.csh], ,
+# This test fails by trying to change to the build user's home
+# directory, which does not exist.
+ AT_CLEANUP
+
+
+-AT_SETUP([$ cdtohome])
+-AT_CHECK([tcsh -f -c 'cd'], 0)
+-AT_CLEANUP
++#AT_SETUP([$ cdtohome])
++#AT_CHECK([tcsh -f -c 'cd'], 0)
++#AT_CLEANUP
+ AT_SETUP([$ noimplicithome])
+ AT_CHECK([tcsh -f -c 'unset cdtohome; cd'], 1, , [cd: Too few arguments.
+ ])
+@@ -728,55 +729,57 @@ TCSH_UNTESTED([$ oid])
AT_SETUP([$ owd])
AT_DATA([owd.csh],
diff --git a/gnu/packages/patches/xcb-proto-python3-print.patch b/gnu/packages/patches/xcb-proto-python3-print.patch
new file mode 100644
index 0000000000..7d5dc9bc27
--- /dev/null
+++ b/gnu/packages/patches/xcb-proto-python3-print.patch
@@ -0,0 +1,75 @@
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/xcb/proto/commit/?id=bea5e1c85bdc0950913790364e18228f20395a3d
+
+From bea5e1c85bdc0950913790364e18228f20395a3d Mon Sep 17 00:00:00 2001
+From: Thomas Klausner <wiz@NetBSD.org>
+Date: Thu, 19 May 2016 17:30:05 +0200
+Subject: [PATCH] print() is a function and needs parentheses.
+
+Fixes build with python-3.x.
+
+Signed-off-by: Thomas Klausner <wiz@NetBSD.org>
+Signed-off-by: Uli Schlachter <psychon@znc.in>
+---
+ xcbgen/xtypes.py | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/xcbgen/xtypes.py b/xcbgen/xtypes.py
+index c3b5758..b83b119 100644
+--- a/xcbgen/xtypes.py
++++ b/xcbgen/xtypes.py
+@@ -501,7 +501,7 @@ class ComplexType(Type):
+ int(required_start_align_element.get('align', "4"), 0),
+ int(required_start_align_element.get('offset', "0"), 0))
+ if verbose_align_log:
+- print "Explicit start-align for %s: %s\n" % (self, self.required_start_align)
++ print ("Explicit start-align for %s: %s\n" % (self, self.required_start_align))
+
+ def resolve(self, module):
+ if self.resolved:
+@@ -592,7 +592,7 @@ class ComplexType(Type):
+ if verbose_align_log:
+ print ("calc_required_start_align: %s has start-align %s"
+ % (str(self), str(self.required_start_align)))
+- print "Details:\n" + str(log)
++ print ("Details:\n" + str(log))
+ if self.required_start_align.offset != 0:
+ print (("WARNING: %s\n\thas start-align with non-zero offset: %s"
+ + "\n\tsuggest to add explicit definition with:"
+@@ -619,12 +619,12 @@ class ComplexType(Type):
+ for offset in range(0,align):
+ align_candidate = Alignment(align, offset)
+ if verbose_align_log:
+- print "trying %s for %s" % (str(align_candidate), str(self))
++ print ("trying %s for %s" % (str(align_candidate), str(self)))
+ my_log = AlignmentLog()
+ if self.is_possible_start_align(align_candidate, callstack, my_log):
+ log.append(my_log)
+ if verbose_align_log:
+- print "found start-align %s for %s" % (str(align_candidate), str(self))
++ print ("found start-align %s for %s" % (str(align_candidate), str(self)))
+ return align_candidate
+ else:
+ my_ok_count = my_log.ok_count()
+@@ -641,7 +641,7 @@ class ComplexType(Type):
+ # none of the candidates applies
+ # this type has illegal internal aligns for all possible start_aligns
+ if verbose_align_log:
+- print "didn't find start-align for %s" % str(self)
++ print ("didn't find start-align for %s" % str(self))
+ log.append(best_log)
+ return None
+
+@@ -900,7 +900,7 @@ class SwitchType(ComplexType):
+ # aux function for unchecked_get_alignment_after
+ def get_align_for_selected_case_field(self, case_field, start_align, callstack, log):
+ if verbose_align_log:
+- print "get_align_for_selected_case_field: %s, case_field = %s" % (str(self), str(case_field))
++ print ("get_align_for_selected_case_field: %s, case_field = %s" % (str(self), str(case_field)))
+ total_align = start_align
+ for field in self.bitcases:
+ my_callstack = callstack[:]
+--
+2.11.1
+
diff --git a/gnu/packages/patches/xcb-proto-python3-whitespace.patch b/gnu/packages/patches/xcb-proto-python3-whitespace.patch
new file mode 100644
index 0000000000..f0509138b2
--- /dev/null
+++ b/gnu/packages/patches/xcb-proto-python3-whitespace.patch
@@ -0,0 +1,217 @@
+Fixes compatibility issue with python > 3.5.
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/xcb/proto/commit/?id=ea7a3ac6c658164690e0febb55f4467cb9e0bcac
+
+From ea7a3ac6c658164690e0febb55f4467cb9e0bcac Mon Sep 17 00:00:00 2001
+From: Thomas Klausner <wiz@NetBSD.org>
+Date: Thu, 19 May 2016 17:30:04 +0200
+Subject: [PATCH] Make whitespace use consistent.
+
+At least python-3.5.x complains about this forcefully.
+
+Signed-off-by: Thomas Klausner <wiz@NetBSD.org>
+Signed-off-by: Uli Schlachter <psychon@znc.in>
+---
+ xcbgen/align.py | 96 ++++++++++++++++++++++++++++-----------------------------
+ 1 file changed, 48 insertions(+), 48 deletions(-)
+
+diff --git a/xcbgen/align.py b/xcbgen/align.py
+index 5e31838..d4c12ee 100644
+--- a/xcbgen/align.py
++++ b/xcbgen/align.py
+@@ -16,12 +16,12 @@ class Alignment(object):
+ return self.align == other.align and self.offset == other.offset
+
+ def __str__(self):
+- return "(align=%d, offset=%d)" % (self.align, self.offset)
++ return "(align=%d, offset=%d)" % (self.align, self.offset)
+
+ @staticmethod
+ def for_primitive_type(size):
+- # compute the required start_alignment based on the size of the type
+- if size % 8 == 0:
++ # compute the required start_alignment based on the size of the type
++ if size % 8 == 0:
+ # do 8-byte primitives require 8-byte alignment in X11?
+ return Alignment(8,0)
+ elif size % 4 == 0:
+@@ -33,7 +33,7 @@ class Alignment(object):
+
+
+ def align_after_fixed_size(self, size):
+- new_offset = (self.offset + size) % self.align
++ new_offset = (self.offset + size) % self.align
+ return Alignment(self.align, new_offset)
+
+
+@@ -41,7 +41,7 @@ class Alignment(object):
+ '''
+ Assuming the given external_align, checks whether
+ self is fulfilled for all cases.
+- Returns True if yes, False otherwise.
++ Returns True if yes, False otherwise.
+ '''
+ if self.align == 1 and self.offset == 0:
+ # alignment 1 with offset 0 is always fulfilled
+@@ -55,9 +55,9 @@ class Alignment(object):
+ # the external align guarantees less alignment -> not guaranteed
+ return False
+
+- if external_align.align % self.align != 0:
++ if external_align.align % self.align != 0:
+ # the external align cannot be divided by our align
+- # -> not guaranteed
++ # -> not guaranteed
+ # (this can only happen if there are alignments that are not
+ # a power of 2, which is highly discouraged. But better be
+ # safe and check for it)
+@@ -72,7 +72,7 @@ class Alignment(object):
+
+ def combine_with(self, other):
+ # returns the alignment that is guaranteed when
+- # both, self or other, can happen
++ # both, self or other, can happen
+ new_align = gcd(self.align, other.align)
+ new_offset_candidate1 = self.offset % new_align
+ new_offset_candidate2 = other.offset % new_align
+@@ -83,8 +83,8 @@ class Alignment(object):
+ new_align = gcd(new_align, offset_diff)
+ new_offset_candidate1 = self.offset % new_align
+ new_offset_candidate2 = other.offset % new_align
+- assert new_offset_candidate1 == new_offset_candidate2
+- new_offset = new_offset_candidate1
++ assert new_offset_candidate1 == new_offset_candidate2
++ new_offset = new_offset_candidate1
+ # return the result
+ return Alignment(new_align, new_offset)
+
+@@ -92,44 +92,44 @@ class Alignment(object):
+ class AlignmentLog(object):
+
+ def __init__(self):
+- self.ok_list = []
+- self.fail_list = []
+- self.verbosity = 1
++ self.ok_list = []
++ self.fail_list = []
++ self.verbosity = 1
+
+ def __str__(self):
+- result = ""
++ result = ""
+
+- # output the OK-list
+- for (align_before, field_name, type_obj, callstack, align_after) in self.ok_list:
+- stacksize = len(callstack)
++ # output the OK-list
++ for (align_before, field_name, type_obj, callstack, align_after) in self.ok_list:
++ stacksize = len(callstack)
+ indent = ' ' * stacksize
+- if self.ok_callstack_is_relevant(callstack):
++ if self.ok_callstack_is_relevant(callstack):
+ if field_name is None or field_name == "":
+- result += (" %sok: %s:\n\t%sbefore: %s, after: %s\n"
+- % (indent, str(type_obj), indent, str(align_before), str(align_after)))
+- else:
+- result += (" %sok: field \"%s\" in %s:\n\t%sbefore: %s, after: %s\n"
+- % (indent, str(field_name), str(type_obj),
+- indent, str(align_before), str(align_after)))
++ result += (" %sok: %s:\n\t%sbefore: %s, after: %s\n"
++ % (indent, str(type_obj), indent, str(align_before), str(align_after)))
++ else:
++ result += (" %sok: field \"%s\" in %s:\n\t%sbefore: %s, after: %s\n"
++ % (indent, str(field_name), str(type_obj),
++ indent, str(align_before), str(align_after)))
+ if self.verbosity >= 1:
+- result += self.callstack_to_str(indent, callstack)
++ result += self.callstack_to_str(indent, callstack)
+
+- # output the fail-list
+- for (align_before, field_name, type_obj, callstack, reason) in self.fail_list:
+- stacksize = len(callstack)
++ # output the fail-list
++ for (align_before, field_name, type_obj, callstack, reason) in self.fail_list:
++ stacksize = len(callstack)
+ indent = ' ' * stacksize
+- if field_name is None or field_name == "":
+- result += (" %sfail: align %s is incompatible with\n\t%s%s\n\t%sReason: %s\n"
+- % (indent, str(align_before), indent, str(type_obj), indent, reason))
+- else:
+- result += (" %sfail: align %s is incompatible with\n\t%sfield \"%s\" in %s\n\t%sReason: %s\n"
+- % (indent, str(align_before), indent, str(field_name), str(type_obj), indent, reason))
++ if field_name is None or field_name == "":
++ result += (" %sfail: align %s is incompatible with\n\t%s%s\n\t%sReason: %s\n"
++ % (indent, str(align_before), indent, str(type_obj), indent, reason))
++ else:
++ result += (" %sfail: align %s is incompatible with\n\t%sfield \"%s\" in %s\n\t%sReason: %s\n"
++ % (indent, str(align_before), indent, str(field_name), str(type_obj), indent, reason))
+
+ if self.verbosity >= 1:
+- result += self.callstack_to_str(indent, callstack)
++ result += self.callstack_to_str(indent, callstack)
+
+
+- return result
++ return result
+
+
+ def callstack_to_str(self, indent, callstack):
+@@ -137,41 +137,41 @@ class AlignmentLog(object):
+ for stack_elem in callstack:
+ result += "\t %s%s\n" % (indent, str(stack_elem))
+ result += "\t%s]\n" % indent
+- return result
++ return result
+
+
+ def ok_callstack_is_relevant(self, ok_callstack):
+ # determine whether an ok callstack is relevant for logging
+- if self.verbosity >= 2:
+- return True
++ if self.verbosity >= 2:
++ return True
+
+ # empty callstacks are always relevant
+- if len(ok_callstack) == 0:
++ if len(ok_callstack) == 0:
+ return True
+
+- # check whether the ok_callstack is a subset or equal to a fail_callstack
++ # check whether the ok_callstack is a subset or equal to a fail_callstack
+ for (align_before, field_name, type_obj, fail_callstack, reason) in self.fail_list:
+ if len(ok_callstack) <= len(fail_callstack):
+ zipped = zip(ok_callstack, fail_callstack[:len(ok_callstack)])
+- is_subset = all([i == j for i, j in zipped])
+- if is_subset:
++ is_subset = all([i == j for i, j in zipped])
++ if is_subset:
+ return True
+
+ return False
+
+
+ def ok(self, align_before, field_name, type_obj, callstack, align_after):
+- self.ok_list.append((align_before, field_name, type_obj, callstack, align_after))
++ self.ok_list.append((align_before, field_name, type_obj, callstack, align_after))
+
+ def fail(self, align_before, field_name, type_obj, callstack, reason):
+- self.fail_list.append((align_before, field_name, type_obj, callstack, reason))
++ self.fail_list.append((align_before, field_name, type_obj, callstack, reason))
+
+ def append(self, other):
+- self.ok_list.extend(other.ok_list)
+- self.fail_list.extend(other.fail_list)
++ self.ok_list.extend(other.ok_list)
++ self.fail_list.extend(other.fail_list)
+
+ def ok_count(self):
+- return len(self.ok_list)
++ return len(self.ok_list)
+
+
+
+--
+2.11.1
+
diff --git a/gnu/packages/patches/xf86-input-wacom-xorg-abi-25.patch b/gnu/packages/patches/xf86-input-wacom-xorg-abi-25.patch
new file mode 100644
index 0000000000..dc594bdccb
--- /dev/null
+++ b/gnu/packages/patches/xf86-input-wacom-xorg-abi-25.patch
@@ -0,0 +1,46 @@
+Resolves a test compatibility issue with xorg >= 1.19.
+
+Upstream bug report:
+
+https://sourceforge.net/p/linuxwacom/bugs/329/
+
+Patch copied from upstream source repository:
+
+https://sourceforge.net/p/linuxwacom/xf86-input-wacom/ci/f0dedf7a610ac97bc45738492b98ce4f1e0514ec/
+
+From f0dedf7a610ac97bc45738492b98ce4f1e0514ec Mon Sep 17 00:00:00 2001
+From: Jason Gerecke <killertofu@gmail.com>
+Date: Wed, 18 Jan 2017 09:00:10 -0800
+Subject: [PATCH] tests: Fix compilation under ABI 25 and greater
+
+diff --git a/test/fake-symbols.c b/test/fake-symbols.c
+index 6f2c10a..e649fb9 100644
+--- a/test/fake-symbols.c
++++ b/test/fake-symbols.c
+@@ -493,6 +493,7 @@ void TimerFree(OsTimerPtr timer)
+ {
+ }
+
++#if GET_ABI_MAJOR(ABI_XINPUT_VERSION) < 24
+ int
+ xf86BlockSIGIO (void)
+ {
+@@ -503,6 +504,15 @@ void
+ xf86UnblockSIGIO (int wasset)
+ {
+ }
++#else
++void input_lock (void)
++{
++}
++
++void input_unlock (void)
++{
++}
++#endif
+
+ /* This is not the same as the X server one, but it'll do for the tests */
+ #if GET_ABI_MAJOR(ABI_XINPUT_VERSION) >= 14
+--
+2.11.1
+