diff options
Diffstat (limited to 'gnu/packages/patches')
12 files changed, 371 insertions, 297 deletions
diff --git a/gnu/packages/patches/busybox-1.31.1-fix-build-with-glibc-2.31.patch b/gnu/packages/patches/busybox-1.31.1-fix-build-with-glibc-2.31.patch deleted file mode 100644 index 1518df067f..0000000000 --- a/gnu/packages/patches/busybox-1.31.1-fix-build-with-glibc-2.31.patch +++ /dev/null @@ -1,68 +0,0 @@ -See: https://bugs.gentoo.org/708350 -Author: Patrick McLean <patrick.mclean@sony.com> -Date: 2020-02-06 23:06:22 +0000 -diff --git a/coreutils/date.c b/coreutils/date.c -index 3414d38ae..4ade6abb4 100644 ---- a/coreutils/date.c -+++ b/coreutils/date.c -@@ -279,6 +279,9 @@ int date_main(int argc UNUSED_PARAM, char **argv) - time(&ts.tv_sec); - #endif - } -+#if !ENABLE_FEATURE_DATE_NANO -+ ts.tv_nsec = 0; -+#endif - localtime_r(&ts.tv_sec, &tm_time); - - /* If date string is given, update tm_time, and maybe set date */ -@@ -301,9 +304,10 @@ int date_main(int argc UNUSED_PARAM, char **argv) - if (date_str[0] != '@') - tm_time.tm_isdst = -1; - ts.tv_sec = validate_tm_time(date_str, &tm_time); -+ ts.tv_nsec = 0; - - /* if setting time, set it */ -- if ((opt & OPT_SET) && stime(&ts.tv_sec) < 0) { -+ if ((opt & OPT_SET) && clock_settime(CLOCK_REALTIME, &ts) < 0) { - bb_perror_msg("can't set date"); - } - } -diff --git a/libbb/missing_syscalls.c b/libbb/missing_syscalls.c -index 87cf59b3d..dc40d9155 100644 ---- a/libbb/missing_syscalls.c -+++ b/libbb/missing_syscalls.c -@@ -15,14 +15,6 @@ pid_t getsid(pid_t pid) - return syscall(__NR_getsid, pid); - } - --int stime(const time_t *t) --{ -- struct timeval tv; -- tv.tv_sec = *t; -- tv.tv_usec = 0; -- return settimeofday(&tv, NULL); --} -- - int sethostname(const char *name, size_t len) - { - return syscall(__NR_sethostname, name, len); -diff --git a/util-linux/rdate.c b/util-linux/rdate.c -index 70f829e7f..878375d78 100644 ---- a/util-linux/rdate.c -+++ b/util-linux/rdate.c -@@ -95,9 +95,13 @@ int rdate_main(int argc UNUSED_PARAM, char **argv) - if (!(flags & 2)) { /* no -p (-s may be present) */ - if (time(NULL) == remote_time) - bb_error_msg("current time matches remote time"); -- else -- if (stime(&remote_time) < 0) -+ else { -+ struct timespec ts; -+ ts.tv_sec = remote_time; -+ ts.tv_nsec = 0; -+ if (clock_settime(CLOCK_REALTIME, &ts) < 0) - bb_perror_msg_and_die("can't set time of day"); -+ } - } - - if (flags != 1) /* not lone -s */ diff --git a/gnu/packages/patches/ghostscript-CVE-2020-15900.patch b/gnu/packages/patches/ghostscript-CVE-2020-15900.patch new file mode 100644 index 0000000000..b6658d7c7f --- /dev/null +++ b/gnu/packages/patches/ghostscript-CVE-2020-15900.patch @@ -0,0 +1,36 @@ +Fix CVE-2020-15900. + +https://cve.circl.lu/cve/CVE-2020-15900 +https://artifex.com/security-advisories/CVE-2020-15900 + +Taken from upstream: +https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b + +diff --git a/psi/zstring.c b/psi/zstring.c +--- a/psi/zstring.c ++++ b/psi/zstring.c +@@ -142,13 +142,18 @@ search_impl(i_ctx_t *i_ctx_p, bool forward) + return 0; + found: + op->tas.type_attrs = op1->tas.type_attrs; +- op->value.bytes = ptr; +- r_set_size(op, size); ++ op->value.bytes = ptr; /* match */ ++ op->tas.rsize = size; /* match */ + push(2); +- op[-1] = *op1; +- r_set_size(op - 1, ptr - op[-1].value.bytes); +- op1->value.bytes = ptr + size; +- r_set_size(op1, count + (!forward ? (size - 1) : 0)); ++ op[-1] = *op1; /* pre */ ++ op[-3].value.bytes = ptr + size; /* post */ ++ if (forward) { ++ op[-1].tas.rsize = ptr - op[-1].value.bytes; /* pre */ ++ op[-3].tas.rsize = count; /* post */ ++ } else { ++ op[-1].tas.rsize = count; /* pre */ ++ op[-3].tas.rsize -= count + size; /* post */ ++ } + make_true(op); + return 0; + } diff --git a/gnu/packages/patches/ghostscript-freetype-compat.patch b/gnu/packages/patches/ghostscript-freetype-compat.patch new file mode 100644 index 0000000000..cc225b5ad6 --- /dev/null +++ b/gnu/packages/patches/ghostscript-freetype-compat.patch @@ -0,0 +1,35 @@ +Fix build with FreeType 2.10.3 and newer. + +Taken from upstream: +https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=41ef9a0bc36b9db7115fbe9623f989bfb47bbade + +diff --git a/base/fapi_ft.c b/base/fapi_ft.c +--- a/base/fapi_ft.c ++++ b/base/fapi_ft.c +@@ -125,7 +125,7 @@ static void + delete_inc_int_info(gs_fapi_server * a_server, + FT_IncrementalRec * a_inc_int_info); + +-FT_CALLBACK_DEF(void *) ++static void * + FF_alloc(FT_Memory memory, long size) + { + gs_memory_t *mem = (gs_memory_t *) memory->user; +@@ -133,7 +133,7 @@ FF_alloc(FT_Memory memory, long size) + return (gs_malloc(mem, size, 1, "FF_alloc")); + } + +-FT_CALLBACK_DEF(void *) ++static void * + FF_realloc(FT_Memory memory, long cur_size, long new_size, void *block) + { + gs_memory_t *mem = (gs_memory_t *) memory->user; +@@ -153,7 +153,7 @@ FT_CALLBACK_DEF(void *) + return (tmp); + } + +-FT_CALLBACK_DEF(void) ++static void + FF_free(FT_Memory memory, void *block) + { + gs_memory_t *mem = (gs_memory_t *) memory->user; diff --git a/gnu/packages/patches/hplip-fix-bug-1898438.patch b/gnu/packages/patches/hplip-fix-bug-1898438.patch deleted file mode 100644 index 7c095f9b2a..0000000000 --- a/gnu/packages/patches/hplip-fix-bug-1898438.patch +++ /dev/null @@ -1,19 +0,0 @@ -From: Tobias Geerinckx-Rice <me@tobias.gr> -Date: Sun, 04 Oct 2020 13:28:49 +0200 -Subject: [PATCH] gnu: hplip: Fix non-network builds (bug #1898438) - -Reported as <https://bugs.launchpad.net/hplip/+bug/1898438>. - -diff -Naur a/scan/sane/hpaio.c b/scan/sane/hpaio.c ---- a/scan/sane/hpaio.c 1970-01-01 01:00:01.000000000 +0100 -+++ b/scan/sane/hpaio.c 2020-10-04 13:26:34.665244052 +0200 -@@ -36,7 +36,9 @@ - #include <string.h> - #include <cups/cups.h> - #include "hpmud.h" -+#ifdef HAVE_LIBNETSNMP - #include "avahiDiscovery.h" -+#endif - #include "hp_ipp.h" - #include "soap.h" - #include "soapht.h" diff --git a/gnu/packages/patches/knot-resolver-fix-map-command-on-32-bit.patch b/gnu/packages/patches/knot-resolver-fix-map-command-on-32-bit.patch deleted file mode 100644 index 02c0fbcb70..0000000000 --- a/gnu/packages/patches/knot-resolver-fix-map-command-on-32-bit.patch +++ /dev/null @@ -1,146 +0,0 @@ -commit e01979620025666633250b3e2d545fe59c629f73 -Author: Vladimír Čunát <vladimir.cunat@nic.cz> -Date: Fri Nov 13 14:16:32 2020 +0100 - - fix map() command on 32-bit platforms; regressed in 5.2.0 - - LuaJIT FFI was using opendir() (etc.) variants with 32-bit inodes - but the C parts was using them as 64-bit inode variants. - Consequently the `struct dirent` layout didn't match and we were getting - filenames shifted by eight bytes. - - Now the whole dir-listing lua function is written in C. - -diff --git a/.luacheckrc b/.luacheckrc -index 0cf0b884..67bc18f6 100644 ---- a/.luacheckrc -+++ b/.luacheckrc -@@ -20,6 +20,7 @@ new_read_globals = { - 'user', - 'verbose', - 'worker', -+ 'kluautil_list_dir', - -- Sandbox declarations - 'kB', - 'MB', -diff --git a/NEWS b/NEWS -index 2eae3082..9d8cde99 100644 ---- a/NEWS -+++ b/NEWS -@@ -1,6 +1,10 @@ - Knot Resolver X.Y.X (yyyy-mm-dd) - ================================ - -+Bugfixes -+-------- -+- fix map() command on 32-bit platforms; regressed in 5.2.0 (!1093) -+ - - Knot Resolver 5.2.0 (2020-11-11) - ================================ -diff --git a/daemon/bindings/impl.c b/daemon/bindings/impl.c -index d10f4525..d9ad0774 100644 ---- a/daemon/bindings/impl.c -+++ b/daemon/bindings/impl.c -@@ -2,6 +2,7 @@ - * SPDX-License-Identifier: GPL-3.0-or-later - */ - -+#include <dirent.h> - #include <lua.h> - #include <lauxlib.h> - #include <string.h> -@@ -29,6 +30,29 @@ const char * lua_table_checkindices(lua_State *L, const char *keys[]) - return NULL; - } - -+/** Return table listing filenames in a given directory (ls -A). */ -+static int kluautil_list_dir(lua_State *L) -+{ -+ lua_newtable(L); // empty table even on errors -+ -+ const char *path = lua_tolstring(L, 1, NULL); -+ if (!path) return 1; -+ DIR *dir = opendir(path); -+ if (!dir) return 1; -+ -+ struct dirent *entry; -+ int lua_i = 1; -+ while ((entry = readdir(dir)) != NULL) { -+ if (strcmp(entry->d_name, ".") && strcmp(entry->d_name, "..")) { -+ lua_pushstring(L, entry->d_name); -+ lua_rawseti(L, -2, lua_i++); -+ } -+ } -+ -+ closedir(dir); -+ return 1; -+} -+ - - /* Each of these just creates the correspondingly named lua table of functions. */ - int kr_bindings_cache (lua_State *L); /* ./cache.c */ -@@ -44,6 +68,9 @@ void kr_bindings_register(lua_State *L) - kr_bindings_modules(L); - kr_bindings_net(L); - kr_bindings_worker(L); -+ -+ /* Finally some lua utils *written in C*, not really a binding. */ -+ lua_register(L, "kluautil_list_dir", kluautil_list_dir); - } - - void lua_error_p(lua_State *L, const char *fmt, ...) -diff --git a/daemon/lua/kluautil.lua b/daemon/lua/kluautil.lua -index 57912e7b..e73e952c 100644 ---- a/daemon/lua/kluautil.lua -+++ b/daemon/lua/kluautil.lua -@@ -1,6 +1,5 @@ - -- SPDX-License-Identifier: GPL-3.0-or-later - --local ffi = require('ffi') - local kluautil = {} - - -- Get length of table -@@ -28,14 +27,6 @@ function kluautil.kr_table_unpack(tab) - return unpack(tab, 1, tab.n) - end - --ffi.cdef([[ -- typedef struct __dirstream DIR; -- DIR *opendir(const char *name); -- struct dirent *readdir(DIR *dirp); -- int closedir(DIR *dirp); -- char *strerror(int errnum); --]]) -- - -- Fetch over HTTPS - function kluautil.kr_https_fetch(url, out_file, ca_file) - local http_ok, http_request = pcall(require, 'http.request') -@@ -88,26 +79,6 @@ function kluautil.kr_https_fetch(url, out_file, ca_file) - return true - end - ---- List directory --function kluautil.list_dir (path) -- local results = {} -- local dir = ffi.C.opendir(path) -- if dir == nil then -- return results -- end -- -- local entry = ffi.C.readdir(dir) -- while entry ~= nil do -- local entry_name = ffi.string(ffi.C.kr_dirent_name(entry)) -- if entry_name ~= '.' and entry_name ~= '..' then -- table.insert(results, entry_name) -- end -- entry = ffi.C.readdir(dir) -- end -- -- ffi.C.closedir(dir) -- -- return results --end -+kluautil.list_dir = kluautil_list_dir - - return kluautil diff --git a/gnu/packages/patches/libssh2-CVE-2019-17498.patch b/gnu/packages/patches/libssh2-CVE-2019-17498.patch new file mode 100644 index 0000000000..6f69e562e2 --- /dev/null +++ b/gnu/packages/patches/libssh2-CVE-2019-17498.patch @@ -0,0 +1,126 @@ +https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c.patch + +From dedcbd106f8e52d5586b0205bc7677e4c9868f9c Mon Sep 17 00:00:00 2001 +From: Will Cosgrove <will@panic.com> +Date: Fri, 30 Aug 2019 09:57:38 -0700 +Subject: [PATCH] packet.c: improve message parsing (#402) + +* packet.c: improve parsing of packets + +file: packet.c + +notes: +Use _libssh2_get_string API in SSH_MSG_DEBUG/SSH_MSG_DISCONNECT. Additional uint32 bounds check in SSH_MSG_GLOBAL_REQUEST. +--- + src/packet.c | 68 ++++++++++++++++++++++------------------------------ + 1 file changed, 29 insertions(+), 39 deletions(-) + +diff --git a/src/packet.c b/src/packet.c +index 38ab62944..2e01bfc5d 100644 +--- a/src/packet.c ++++ b/src/packet.c +@@ -419,8 +419,8 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, + size_t datalen, int macstate) + { + int rc = 0; +- char *message = NULL; +- char *language = NULL; ++ unsigned char *message = NULL; ++ unsigned char *language = NULL; + size_t message_len = 0; + size_t language_len = 0; + LIBSSH2_CHANNEL *channelp = NULL; +@@ -472,33 +472,23 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, + + case SSH_MSG_DISCONNECT: + if(datalen >= 5) { +- size_t reason = _libssh2_ntohu32(data + 1); ++ uint32_t reason = 0; ++ struct string_buf buf; ++ buf.data = (unsigned char *)data; ++ buf.dataptr = buf.data; ++ buf.len = datalen; ++ buf.dataptr++; /* advance past type */ + +- if(datalen >= 9) { +- message_len = _libssh2_ntohu32(data + 5); ++ _libssh2_get_u32(&buf, &reason); ++ _libssh2_get_string(&buf, &message, &message_len); ++ _libssh2_get_string(&buf, &language, &language_len); + +- if(message_len < datalen-13) { +- /* 9 = packet_type(1) + reason(4) + message_len(4) */ +- message = (char *) data + 9; +- +- language_len = +- _libssh2_ntohu32(data + 9 + message_len); +- language = (char *) data + 9 + message_len + 4; +- +- if(language_len > (datalen-13-message_len)) { +- /* bad input, clear info */ +- language = message = NULL; +- language_len = message_len = 0; +- } +- } +- else +- /* bad size, clear it */ +- message_len = 0; +- } + if(session->ssh_msg_disconnect) { +- LIBSSH2_DISCONNECT(session, reason, message, +- message_len, language, language_len); ++ LIBSSH2_DISCONNECT(session, reason, (const char *)message, ++ message_len, (const char *)language, ++ language_len); + } ++ + _libssh2_debug(session, LIBSSH2_TRACE_TRANS, + "Disconnect(%d): %s(%s)", reason, + message, language); +@@ -539,24 +529,24 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, + int always_display = data[1]; + + if(datalen >= 6) { +- message_len = _libssh2_ntohu32(data + 2); +- +- if(message_len <= (datalen - 10)) { +- /* 6 = packet_type(1) + display(1) + message_len(4) */ +- message = (char *) data + 6; +- language_len = _libssh2_ntohu32(data + 6 + +- message_len); +- +- if(language_len <= (datalen - 10 - message_len)) +- language = (char *) data + 10 + message_len; +- } ++ struct string_buf buf; ++ buf.data = (unsigned char *)data; ++ buf.dataptr = buf.data; ++ buf.len = datalen; ++ buf.dataptr += 2; /* advance past type & always display */ ++ ++ _libssh2_get_string(&buf, &message, &message_len); ++ _libssh2_get_string(&buf, &language, &language_len); + } + + if(session->ssh_msg_debug) { +- LIBSSH2_DEBUG(session, always_display, message, +- message_len, language, language_len); ++ LIBSSH2_DEBUG(session, always_display, ++ (const char *)message, ++ message_len, (const char *)language, ++ language_len); + } + } ++ + /* + * _libssh2_debug will actually truncate this for us so + * that it's not an inordinate about of data +@@ -579,7 +569,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, + uint32_t len = 0; + unsigned char want_reply = 0; + len = _libssh2_ntohu32(data + 1); +- if(datalen >= (6 + len)) { ++ if((len <= (UINT_MAX - 6)) && (datalen >= (6 + len))) { + want_reply = data[5 + len]; + _libssh2_debug(session, + LIBSSH2_TRACE_CONN, diff --git a/gnu/packages/patches/minimap2-aarch64-support.patch b/gnu/packages/patches/minimap2-aarch64-support.patch new file mode 100644 index 0000000000..95db8579d6 --- /dev/null +++ b/gnu/packages/patches/minimap2-aarch64-support.patch @@ -0,0 +1,52 @@ +This patch should be removed with the next release. There is WIP upstream +support for proper support of more architectures, including aarch64 and powerpc64le. + +diff --git a/Makefile b/Makefile +index ed341f6..94dbd85 100644 +--- a/Makefile ++++ b/Makefile +@@ -6,20 +6,18 @@ PROG= minimap2 + PROG_EXTRA= sdust minimap2-lite + LIBS= -lm -lz -lpthread + +-ifeq ($(arm_neon),) # if arm_neon is not defined +-ifeq ($(sse2only),) # if sse2only is not defined +- OBJS+=ksw2_extz2_sse41.o ksw2_extd2_sse41.o ksw2_exts2_sse41.o ksw2_extz2_sse2.o ksw2_extd2_sse2.o ksw2_exts2_sse2.o ksw2_dispatch.o +-else # if sse2only is defined +- OBJS+=ksw2_extz2_sse.o ksw2_extd2_sse.o ksw2_exts2_sse.o +-endif +-else # if arm_neon is defined ++ifneq ($(arm_neon),) # if arm_neon is defined + OBJS+=ksw2_extz2_neon.o ksw2_extd2_neon.o ksw2_exts2_neon.o +- INCLUDES+=-Isse2neon +-ifeq ($(aarch64),) #if aarch64 is not defined + CFLAGS+=-D_FILE_OFFSET_BITS=64 -mfpu=neon -fsigned-char +-else #if aarch64 is defined ++ INCLUDES+=-Isse2neon ++else ifneq ($(aarch64),) #if aarch64 is defined ++ OBJS+=ksw2_extz2_neon.o ksw2_extd2_neon.o ksw2_exts2_neon.o + CFLAGS+=-D_FILE_OFFSET_BITS=64 -fsigned-char +-endif ++ INCLUDES+=-Isse2neon ++else ifneq ($(sse2only),) # if sse2only is defined ++ OBJS+=ksw2_extz2_sse.o ksw2_extd2_sse.o ksw2_exts2_sse.o ++else # none of the above ++ OBJS+=ksw2_extz2_sse41.o ksw2_extd2_sse41.o ksw2_exts2_sse41.o ksw2_extz2_sse2.o ksw2_extd2_sse2.o ksw2_exts2_sse2.o ksw2_dispatch.o + endif + + .PHONY:all extra clean depend +@@ -46,9 +44,12 @@ sdust:sdust.c kalloc.o kalloc.h kdq.h kvec.h kseq.h ketopt.h sdust.h + + # SSE-specific targets on x86/x86_64 + +-ifeq ($(arm_neon),) # if arm_neon is defined, compile this target with the default setting (i.e. no -msse2) ++ifneq ($(arm_neon),) # if arm_neon is defined, compile this target with the default setting (i.e. no -msse2) ++ksw2_ll_sse.o:ksw2_ll_sse.c ksw2.h kalloc.h ++else ifneq ($(aarch64),) + ksw2_ll_sse.o:ksw2_ll_sse.c ksw2.h kalloc.h +- $(CC) -c $(CFLAGS) -msse2 $(CPPFLAGS) $(INCLUDES) $< -o $@ ++else ++ $(CC) -c $(CFLAGS) -msse2 $(CPPFLAGS) $(INCLUDES) $< -o $@ + endif + + ksw2_extz2_sse41.o:ksw2_extz2_sse.c ksw2.h kalloc.h diff --git a/gnu/packages/patches/pam-mount-luks2-support.patch b/gnu/packages/patches/pam-mount-luks2-support.patch deleted file mode 100644 index b59daf5ce1..0000000000 --- a/gnu/packages/patches/pam-mount-luks2-support.patch +++ /dev/null @@ -1,51 +0,0 @@ -From d4434c05e7c0cf05d87089404cfa2deedc60811a Mon Sep 17 00:00:00 2001 -From: Ingo Franzki <ifranzki@linux.ibm.com> -Date: Mon, 29 Oct 2018 16:47:40 +0100 -Subject: [PATCH] crypto: Add support for LUKS2 - -Cryptsetup version 2.0 added support for LUKS2. -This patch adds support for mounting LUKS2 volumes with -pam_mount. - -Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> ---- - src/crypto-dmc.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/src/crypto-dmc.c b/src/crypto-dmc.c -index d0ab6ca..abd0358 100644 ---- a/src/crypto-dmc.c -+++ b/src/crypto-dmc.c -@@ -21,6 +21,12 @@ - #include "libcryptmount.h" - #include "pam_mount.h" - -+#ifndef CRYPT_LUKS -+ #define CRYPT_LUKS NULL /* Passing NULL to crypt_load will -+ default to LUKS(1) on older -+ libcryptsetup versions. */ -+#endif -+ - /** - * dmc_is_luks - check if @path points to a LUKS volume (cf. normal dm-crypt) - * @path: path to the crypto container -@@ -48,7 +54,7 @@ EXPORT_SYMBOL int ehd_is_luks(const char *path, bool blkdev) - - ret = crypt_init(&cd, device); - if (ret == 0) { -- ret = crypt_load(cd, CRYPT_LUKS1, NULL); -+ ret = crypt_load(cd, CRYPT_LUKS, NULL); - if (ret == -EINVAL) - ret = false; - else if (ret == 0) -@@ -106,7 +112,7 @@ static bool dmc_run(const struct ehd_mount_request *req, - #endif - } - -- ret = crypt_load(cd, CRYPT_LUKS1, NULL); -+ ret = crypt_load(cd, CRYPT_LUKS, NULL); - if (ret == 0) { - ret = crypt_activate_by_passphrase(cd, mt->crypto_name, - CRYPT_ANY_SLOT, req->key_data, req->key_size, flags); --- -2.21.0 diff --git a/gnu/packages/patches/pciutils-hurd-fix.patch b/gnu/packages/patches/pciutils-hurd-fix.patch new file mode 100644 index 0000000000..f1979d4352 --- /dev/null +++ b/gnu/packages/patches/pciutils-hurd-fix.patch @@ -0,0 +1,23 @@ +Fix a build error on GNU/Hurd for pciutils 3.7.0. + +commit 053cf6c8b2acafadf828912828336d90fe9b8696 +Author: Martin Mares <mj@ucw.cz> +Date: Sun May 31 11:53:28 2020 +0200 + + HURD backend should compile again + + Fixes a bug introduced by commit 82c06b47dea5a38075ce9d56f743360bc47b4c78. + +diff --git a/lib/hurd.c b/lib/hurd.c +index 7b3b2ae..ccd92f6 100644 +--- a/lib/hurd.c ++++ b/lib/hurd.c +@@ -307,7 +307,6 @@ hurd_fill_regions(struct pci_dev *d) + d->base_addr[i] |= regions[i].is_64 << 2; + d->base_addr[i] |= regions[i].is_prefetchable << 3; + +- if (flags & PCI_FILL_SIZES) +- d->size[i] = regions[i].size; ++ d->size[i] = regions[i].size; + } + } diff --git a/gnu/packages/patches/python-CVE-2020-26116.patch b/gnu/packages/patches/python-CVE-2020-26116.patch new file mode 100644 index 0000000000..dc0571e964 --- /dev/null +++ b/gnu/packages/patches/python-CVE-2020-26116.patch @@ -0,0 +1,47 @@ +Fix CVE-2020-26116: + +https://cve.circl.lu/cve/CVE-2020-26116 +https://bugs.python.org/issue39603 + +Taken from upstream (sans test and NEWS update): +https://github.com/python/cpython/commit/668d321476d974c4f51476b33aaca870272523bf + +diff --git a/Lib/http/client.py b/Lib/http/client.py +--- a/Lib/http/client.py ++++ b/Lib/http/client.py +@@ -147,6 +147,10 @@ + # _is_allowed_url_pchars_re = re.compile(r"^[/!$&'()*+,;=:@%a-zA-Z0-9._~-]+$") + # We are more lenient for assumed real world compatibility purposes. + ++# These characters are not allowed within HTTP method names ++# to prevent http header injection. ++_contains_disallowed_method_pchar_re = re.compile('[\x00-\x1f]') ++ + # We always set the Content-Length header for these methods because some + # servers will otherwise respond with a 411 + _METHODS_EXPECTING_BODY = {'PATCH', 'POST', 'PUT'} +@@ -1087,6 +1091,8 @@ def putrequest(self, method, url, skip_host=False, + else: + raise CannotSendRequest(self.__state) + ++ self._validate_method(method) ++ + # Save the method for use later in the response phase + self._method = method + +@@ -1177,6 +1183,15 @@ def _encode_request(self, request): + # ASCII also helps prevent CVE-2019-9740. + return request.encode('ascii') + ++ def _validate_method(self, method): ++ """Validate a method name for putrequest.""" ++ # prevent http header injection ++ match = _contains_disallowed_method_pchar_re.search(method) ++ if match: ++ raise ValueError( ++ f"method can't contain control characters. {method!r} " ++ f"(found at least {match.group()!r})") ++ + def _validate_path(self, url): + """Validate a url for putrequest.""" + # Prevent CVE-2019-9740. diff --git a/gnu/packages/patches/renpy-use-system-fribidi.patch b/gnu/packages/patches/renpy-use-system-fribidi.patch new file mode 100644 index 0000000000..1437274bcc --- /dev/null +++ b/gnu/packages/patches/renpy-use-system-fribidi.patch @@ -0,0 +1,52 @@ +See also [Arch] and [Gentoo] for similar patches in other distros. +[Arch] https://github.com/archlinux/svntogit-community/blob/packages/renpy/trunk/renpy-system-fribidi.patch +[Gentoo] https://gitweb.gentoo.org/repo/gentoo.git/tree/games-engines/renpy/files/renpy-7.3.5-use-system-fribidi.patch + +Index: renpy-7.3.5-source/module/renpybidicore.c +=================================================================== +--- renpy-7.3.5-source.orig/module/renpybidicore.c ++++ renpy-7.3.5-source/module/renpybidicore.c +@@ -1,5 +1,5 @@ + #include <Python.h> +-#include <fribidi-src/lib/fribidi.h> ++#include <fribidi.h> + #include <stdlib.h> + + #ifndef alloca +Index: renpy-7.3.5-source/module/setup.py +=================================================================== +--- renpy-7.3.5-source.orig/module/setup.py ++++ renpy-7.3.5-source/module/setup.py +@@ -119,30 +119,13 @@ cython( + sdl + [ png, 'z', 'm' ]) + + FRIBIDI_SOURCES = """ +-fribidi-src/lib/fribidi.c +-fribidi-src/lib/fribidi-arabic.c +-fribidi-src/lib/fribidi-bidi.c +-fribidi-src/lib/fribidi-bidi-types.c +-fribidi-src/lib/fribidi-deprecated.c +-fribidi-src/lib/fribidi-joining.c +-fribidi-src/lib/fribidi-joining-types.c +-fribidi-src/lib/fribidi-mem.c +-fribidi-src/lib/fribidi-mirroring.c +-fribidi-src/lib/fribidi-run.c +-fribidi-src/lib/fribidi-shape.c + renpybidicore.c + """.split() + cython( + "_renpybidi", + FRIBIDI_SOURCES, +- includes=[ +- BASE + "/fribidi-src/", +- BASE + "/fribidi-src/lib/", +- ], +- define_macros=[ +- ("FRIBIDI_ENTRY", ""), +- ("HAVE_CONFIG_H", "1"), +- ]) ++ includes=["/usr/include/fribidi"], ++ libs=["fribidi"]) + + + cython("_renpysteam", language="c++", compile_if=steam_sdk, libs=["steam_api"]) diff --git a/gnu/packages/patches/sbcl-geco-fix-organism-class.patch b/gnu/packages/patches/sbcl-geco-fix-organism-class.patch deleted file mode 100644 index 817596241e..0000000000 --- a/gnu/packages/patches/sbcl-geco-fix-organism-class.patch +++ /dev/null @@ -1,13 +0,0 @@ -Fix the ORGANISM class so that SBCL >= 2.0.9 can compile it without error. - ---- a/classes.lisp 2020-10-28 12:11:10.725659464 +0100 -+++ b/classes.lisp 2020-10-31 17:34:36.822752447 +0100 -@@ -148,7 +148,7 @@ - :accessor score - :initarg :score - :initform 'nil -- :type number) -+ :type (or number null)) - (NORMALIZED-SCORE - :accessor normalized-score - :initarg :normalized-score |