diff options
Diffstat (limited to 'gnu/packages/patches')
28 files changed, 2715 insertions, 792 deletions
diff --git a/gnu/packages/patches/calibre-no-updates-dialog.patch b/gnu/packages/patches/calibre-no-updates-dialog.patch index 1d8d79660e..66ac913cb5 100644 --- a/gnu/packages/patches/calibre-no-updates-dialog.patch +++ b/gnu/packages/patches/calibre-no-updates-dialog.patch @@ -1,11 +1,17 @@ -Taken from debian. +From 19e8d7701c302b0eca4c638705a6db625352caa3 Mon Sep 17 00:00:00 2001 +From: Brendan Tildesley <mail@brendan.scot> +Date: Thu, 25 Feb 2021 12:17:30 +1100 +Subject: [PATCH] Don't check for updates. -# Description: Disable update check by default. -Index: calibre/src/calibre/gui2/main.py -=================================================================== ---- calibre.orig/src/calibre/gui2/main.py 2014-02-02 10:41:28.470954623 +0100 -+++ calibre/src/calibre/gui2/main.py 2014-02-02 10:41:56.546954247 +0100 -@@ -37,8 +37,8 @@ +--- + src/calibre/gui2/main.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/calibre/gui2/main.py b/src/calibre/gui2/main.py +index 776f8bebfb..4302716d7e 100644 +--- a/src/calibre/gui2/main.py ++++ b/src/calibre/gui2/main.py +@@ -59,8 +59,8 @@ def option_parser(): help=_('Start minimized to system tray.')) parser.add_option('-v', '--verbose', default=0, action='count', help=_('Ignored, do not use. Present only for legacy reasons')) @@ -16,3 +22,5 @@ Index: calibre/src/calibre/gui2/main.py parser.add_option('--ignore-plugins', default=False, action='store_true', help=_('Ignore custom plugins, useful if you installed a plugin' ' that is preventing calibre from starting')) +-- +2.30.1 diff --git a/gnu/packages/patches/calibre-remove-test-sqlite.patch b/gnu/packages/patches/calibre-remove-test-sqlite.patch index 7bdd90874d..fc2b237ef2 100644 --- a/gnu/packages/patches/calibre-remove-test-sqlite.patch +++ b/gnu/packages/patches/calibre-remove-test-sqlite.patch @@ -1,20 +1,20 @@ -From a92e26359bd07743ab105819ed0b619e27e14017 Mon Sep 17 00:00:00 2001 +From d8225e83c3b73f0e0da73874910f50ca652f48cf Mon Sep 17 00:00:00 2001 From: Brendan Tildesley <mail@brendan.scot> -Date: Sat, 27 Apr 2019 03:30:53 +1000 -Subject: [PATCH] Disable test_sqlite. +Date: Thu, 25 Feb 2021 00:48:00 +1100 +Subject: [PATCH] Remove test_sqlite --- src/calibre/test_build.py | 6 ------ 1 file changed, 6 deletions(-) diff --git a/src/calibre/test_build.py b/src/calibre/test_build.py -index 07bdffd3e5..740588c95b 100644 +index 0ab7aa0646..87fdfabd9a 100644 --- a/src/calibre/test_build.py +++ b/src/calibre/test_build.py -@@ -162,12 +162,6 @@ class BuildTest(unittest.TestCase): - au(x, 'strftime') - self.assertEqual(unicode_type(time.strftime(fmt.replace('%e', '%#d'), t)), x) - +@@ -273,12 +273,6 @@ def read_changes(): + m.close() + self.assertEqual(winutil.parse_cmdline('"c:\\test exe.exe" "some arg" 2'), ('c:\\test exe.exe', 'some arg', '2')) + - def test_sqlite(self): - import sqlite3 - conn = sqlite3.connect(':memory:') @@ -24,6 +24,5 @@ index 07bdffd3e5..740588c95b 100644 def test_apsw(self): import apsw conn = apsw.Connection(':memory:') --- -2.21.0 - +-- +2.30.1 diff --git a/gnu/packages/patches/calibre-remove-test-unrar.patch b/gnu/packages/patches/calibre-remove-test-unrar.patch index 4e5572d1a6..961cc3eba7 100644 --- a/gnu/packages/patches/calibre-remove-test-unrar.patch +++ b/gnu/packages/patches/calibre-remove-test-unrar.patch @@ -1,28 +1,26 @@ -Unrar contains security vulnerabilities and has thus been removed from Guix. -From a16f97b02bd8afd0ec05c471e156f631f2cc6eec Mon Sep 17 00:00:00 2001 +From 9edf67191cc3655480b6fd418247709ade930b1a Mon Sep 17 00:00:00 2001 From: Brendan Tildesley <mail@brendan.scot> -Date: Tue, 26 Mar 2019 22:17:03 +1100 -Subject: [PATCH] Remove test_unrar. +Date: Thu, 25 Feb 2021 00:33:10 +1100 +Subject: [PATCH] Remove test_unrar --- src/calibre/test_build.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/calibre/test_build.py b/src/calibre/test_build.py -index d67afd20a6..709132ef17 100644 +index b37fb1bcfb..0ab7aa0646 100644 --- a/src/calibre/test_build.py +++ b/src/calibre/test_build.py -@@ -220,10 +220,6 @@ class BuildTest(unittest.TestCase): +@@ -369,10 +369,6 @@ def test_file_dialog_helper(self): from calibre.gui2.win_file_dialogs import test test() - + - def test_unrar(self): - from calibre.utils.unrar import test_basic - test_basic() - - @unittest.skipUnless(iswindows, 'WPD is windows only') - def test_wpd(self): - wpd = plugins['wpd'][0] --- -2.21.0 - + def test_7z(self): + from calibre.utils.seven_zip import test_basic + test_basic() +-- +2.30.1 diff --git a/gnu/packages/patches/chez-scheme-build-util-paths-backport.patch b/gnu/packages/patches/chez-scheme-build-util-paths-backport.patch new file mode 100644 index 0000000000..aad2d99996 --- /dev/null +++ b/gnu/packages/patches/chez-scheme-build-util-paths-backport.patch @@ -0,0 +1,780 @@ +From 2447e047b750c3371778beb487f881641a582e66 Mon Sep 17 00:00:00 2001 +From: Philip McGrath <philip@philipmcgrath.com> +Date: Thu, 11 Mar 2021 18:17:47 -0500 +Subject: [PATCH] avoid hard-coded paths for utilities in build scripts + +Backported from +https://github.com/cisco/ChezScheme/commit/8f4633ce24ac6425b2ab13cc78026b1c9bb5361e + +Specific changes: + - `cc` -> `$(CC)` + - `/bin/rm` -> `rm` + - `/bin/ln` -> `ln` + - `/bin/cp` -> `cp` + - `/bin/echo` -> `echo` + - in `makefiles/installsh`, add a case to find `true` + at an unusual path or as a shell builtin + +Co-authored-by: Andy Keep <akeep@robotman.org> +--- + LOG | 12 ++++++++++++ + csug/gifs/Makefile | 8 ++++---- + csug/math/Makefile | 4 ++-- + examples/Makefile | 2 +- + makefiles/Makefile-csug.in | 6 +++--- + makefiles/Makefile-release_notes.in | 2 +- + makefiles/Mf-install.in | 4 ++-- + makefiles/installsh | 3 ++- + mats/6.ms | 2 +- + mats/Mf-a6fb | 4 ++-- + mats/Mf-a6le | 4 ++-- + mats/Mf-a6nb | 4 ++-- + mats/Mf-a6ob | 4 ++-- + mats/Mf-a6osx | 4 ++-- + mats/Mf-arm32le | 4 ++-- + mats/Mf-i3fb | 4 ++-- + mats/Mf-i3le | 4 ++-- + mats/Mf-i3nb | 4 ++-- + mats/Mf-i3ob | 4 ++-- + mats/Mf-i3osx | 4 ++-- + mats/Mf-i3qnx | 4 ++-- + mats/Mf-ppc32le | 4 ++-- + mats/Mf-ta6fb | 4 ++-- + mats/Mf-ta6le | 4 ++-- + mats/Mf-ta6nb | 4 ++-- + mats/Mf-ta6ob | 4 ++-- + mats/Mf-ta6osx | 4 ++-- + mats/Mf-ti3fb | 4 ++-- + mats/Mf-ti3le | 4 ++-- + mats/Mf-ti3nb | 4 ++-- + mats/Mf-ti3ob | 4 ++-- + mats/Mf-ti3osx | 4 ++-- + mats/Mf-tppc32le | 4 ++-- + mats/unix.ms | 4 ++-- + newrelease | 22 +++++++++++----------- + pkg/Makefile | 2 +- + release_notes/gifs/Makefile | 6 +++--- + release_notes/math/Makefile | 4 ++-- + s/Mf-base | 2 +- + workarea | 10 +++++----- + 40 files changed, 101 insertions(+), 88 deletions(-) + +diff --git a/LOG b/LOG +index e1631df..399104d 100644 +--- a/LOG ++++ b/LOG +@@ -2119,3 +2119,15 @@ + bintar/Makefile rpm/Makefile pkg/Makefile wininstall/Makefile + wininstall/a6nt.wxs wininstall/i3nt.wxs wininstall/ta6nt.wxs + wininstall/ti3nt.wxs ++9.5.5 changes: ++- avoid hard-coded paths for utilities in build scripts ++ checkin csug/gifs/Makefile csug/math/Makefile examples/Makefile ++ makefiles/Makefile-csug.in makefiles/Makefile-release_notes.in ++ makefiles/Mf-install.in makefiles/installsh mats/6.ms mats/Mf-a6fb ++ mats/Mf-a6le mats/Mf-a6nb mats/Mf-a6ob mats/Mf-a6osx mats/Mf-arm32le ++ mats/Mf-i3fb mats/Mf-i3le mats/Mf-i3nb mats/Mf-i3ob mats/Mf-i3osx ++ mats/Mf-i3qnx mats/Mf-ppc32le mats/Mf-ta6fb mats/Mf-ta6le mats/Mf-ta6nb ++ mats/Mf-ta6ob mats/Mf-ta6osx mats/Mf-ti3fb mats/Mf-ti3le mats/Mf-ti3nb ++ mats/Mf-ti3ob mats/Mf-ti3osx mats/Mf-tppc32le mats/unix.ms newrelease ++ pkg/Makefile release_notes/gifs/Makefile release_notes/math/Makefile ++ s/Mf-base workarea +diff --git a/csug/gifs/Makefile b/csug/gifs/Makefile +index 8676e4c..4253ffd 100644 +--- a/csug/gifs/Makefile ++++ b/csug/gifs/Makefile +@@ -18,7 +18,7 @@ density=-r90x90 + ${density} - |\ + pnmcrop |\ + ppmtogif -transparent white > $*.gif +- /bin/rm -f $*.dvi $*.log *.aux ++ rm -f $*.dvi $*.log *.aux + test -f $*.gif && chmod 644 $*.gif + + # translate ps file to gif w/o transparent white background +@@ -28,7 +28,7 @@ density=-r90x90 + ${density} - |\ + pnmcrop |\ + ppmtogif > $*.gif +- /bin/rm -f $*.dvi $*.log *.aux ++ rm -f $*.dvi $*.log *.aux + test -f $*.gif && chmod 644 $*.gif + + all: ${gifs} +@@ -57,7 +57,7 @@ ghostRightarrow.gif: Rightarrow.tex + giftrans -g '#000000=#ffffff' |\ + giftopnm |\ + ppmtogif -transparent white > $*.gif +- /bin/rm -f Rightarrow.dvi Rightarrow.log Rightarrow.aux ++ rm -f Rightarrow.dvi Rightarrow.log Rightarrow.aux + test -f $*.gif && chmod 644 $*.gif + +-clean: ; /bin/rm -f *.gif Make.out ++clean: ; rm -f *.gif Make.out +diff --git a/csug/math/Makefile b/csug/math/Makefile +index 3385fdb..3392ea8 100644 +--- a/csug/math/Makefile ++++ b/csug/math/Makefile +@@ -15,11 +15,11 @@ density=-r90x90 + ${density} - |\ + pnmcrop |\ + ppmtogif -transparent white > $*.gif +- /bin/rm -f $*.dvi $*.log $*.aux ++ rm -f $*.dvi $*.log $*.aux + test -f $*.gif && chmod 644 $*.gif + + all: ${gifs} + + ${gifs}: mathmacros + +-clean: ; /bin/rm -f *.gif Make.out ++clean: ; rm -f *.gif Make.out +diff --git a/examples/Makefile b/examples/Makefile +index b1b4e1d..3edfdd0 100644 +--- a/examples/Makefile ++++ b/examples/Makefile +@@ -25,4 +25,4 @@ needed: ${obj} + + all: ; echo "(time (for-each compile-file (map symbol->string '(${src}))))" | ${Scheme} + +-clean: ; /bin/rm -f $(obj) expr.md ++clean: ; rm -f $(obj) expr.md +diff --git a/makefiles/Makefile-csug.in b/makefiles/Makefile-csug.in +index df24092..6f8a8d9 100644 +--- a/makefiles/Makefile-csug.in ++++ b/makefiles/Makefile-csug.in +@@ -29,7 +29,7 @@ install: target + # thrice is not enough when starting from scratch + logcheck1: $(x).thirdrun + @if [ -n "`grep 'Warning: Label(s) may have changed' $(x).log`" ] ; then\ +- /bin/rm -f $(x).thirdrun ;\ ++ rm -f $(x).thirdrun ;\ + $(MAKE) $(x).thirdrun;\ + fi + +@@ -55,7 +55,7 @@ stexsrc = csug.stex title.stex copyright.stex contents.stex\ + texsrc = ${stexsrc:%.stex=%.tex} + + title.tex contents.tex bibliography.tex: +- /bin/rm -f $*.tex ++ rm -f $*.tex + echo "%%% DO NOT EDIT THIS FILE" > $*.tex + echo "%%% Edit the .stex version instead" >> $*.tex + echo "" >> $*.tex +@@ -147,7 +147,7 @@ code: $(stexsrc) + echo '(load "code" pretty-print)' | $(Scheme) -q + + $(x).clean: +- -/bin/rm -f $(x).rfm $(x).sfm $(x).prefirstrun $(x).presecondrun\ ++ -rm -f $(x).rfm $(x).sfm $(x).prefirstrun $(x).presecondrun\ + $(x).prethirdrun $(x).ans\ + $(x).hprefirstrun $(x).hpresecondrun $(x).hprethirdrun\ + tspl.aux tspl.haux tspl.rfm tspl.idx in.hidx\ +diff --git a/makefiles/Makefile-release_notes.in b/makefiles/Makefile-release_notes.in +index 4435b6f..64348a4 100644 +--- a/makefiles/Makefile-release_notes.in ++++ b/makefiles/Makefile-release_notes.in +@@ -38,7 +38,7 @@ install: $x.pdf $x.html + $(INSTALL) -m 2755 -d $(installdir)/gifs + $(INSTALL) -m 0644 --ifdiff gifs/*.gif $(installdir)/gifs + $(INSTALL) -m 2755 -d $(installdir)/math +- -/bin/rm -rf $(installdir)/$(mathdir) ++ -rm -rf $(installdir)/$(mathdir) + $(INSTALL) -m 2755 -d $(installdir)/$(mathdir) + if [ -e $(mathdir)/0.gif ] ; then $(INSTALL) -m 0644 $(mathdir)/*.gif $(installdir)/$(mathdir) ; fi + +diff --git a/makefiles/Mf-install.in b/makefiles/Mf-install.in +index a702c34..c09043d 100644 +--- a/makefiles/Mf-install.in ++++ b/makefiles/Mf-install.in +@@ -114,12 +114,12 @@ bininstall: ${Bin} + libbininstall: ${LibBin} + $I -m 444 ${PetiteBoot} ${LibBin}/petite.boot + if [ "${InstallPetiteName}" != "petite" ]; then\ +- /bin/rm -f ${LibBin}/${InstallPetiteName}.boot;\ ++ rm -f ${LibBin}/${InstallPetiteName}.boot;\ + ln -f ${LibBin}/petite.boot ${LibBin}/${InstallPetiteName}.boot;\ + fi + $I -m 444 ${SchemeBoot} ${LibBin}/scheme.boot;\ + if [ "${InstallSchemeName}" != "scheme" ]; then\ +- /bin/rm -f ${LibBin}/${InstallSchemeName}.boot;\ ++ rm -f ${LibBin}/${InstallSchemeName}.boot;\ + ln -f ${LibBin}/scheme.boot ${LibBin}/${InstallSchemeName}.boot;\ + fi + ln -f ${LibBin}/scheme.boot ${LibBin}/${InstallScriptName}.boot; +diff --git a/makefiles/installsh b/makefiles/installsh +index 48f1e46..95d85fb 100755 +--- a/makefiles/installsh ++++ b/makefiles/installsh +@@ -1,7 +1,8 @@ + #! /bin/sh + if [ -x /bin/true ]; then TRUE=/bin/true; + elif [ -x /usr/bin/true ]; then TRUE=/usr/bin/true; +-else echo "Can't find /bin/true or /usr/bin/true" ; exit 1; ++elif command -v true &> /dev/null; then TRUE=true; ++else echo "Can't find /bin/true or /usr/bin/true and no true command" ; exit 1; + fi + + while ${TRUE} ; do +diff --git a/mats/6.ms b/mats/6.ms +index 102f84b..e504230 100644 +--- a/mats/6.ms ++++ b/mats/6.ms +@@ -2685,7 +2685,7 @@ + (begin + (system "ln -s ../examples .") + (load "examples/fatfib.ss" compile) +- (system "/bin/rm examples") ++ (system "rm -f examples") + #t)) + (or (windows?) (embedded?) + (equal? +diff --git a/mats/Mf-a6fb b/mats/Mf-a6fb +index b16d1b6..ff9e687 100644 +--- a/mats/Mf-a6fb ++++ b/mats/Mf-a6fb +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-a6le b/mats/Mf-a6le +index d6fee09..a3bda76 100644 +--- a/mats/Mf-a6le ++++ b/mats/Mf-a6le +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -m64 -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -m64 -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-a6nb b/mats/Mf-a6nb +index 48187ef..0f7ac17 100644 +--- a/mats/Mf-a6nb ++++ b/mats/Mf-a6nb +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-a6ob b/mats/Mf-a6ob +index 12758f3..0ffcccc 100644 +--- a/mats/Mf-a6ob ++++ b/mats/Mf-a6ob +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-a6osx b/mats/Mf-a6osx +index f1dbf85..57bac22 100644 +--- a/mats/Mf-a6osx ++++ b/mats/Mf-a6osx +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -m64 -dynamiclib -undefined dynamic_lookup -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -m64 -dynamiclib -undefined dynamic_lookup -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-arm32le b/mats/Mf-arm32le +index f33a665..83896eb 100644 +--- a/mats/Mf-arm32le ++++ b/mats/Mf-arm32le +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -fPIC -fomit-frame-pointer -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -fPIC -fomit-frame-pointer -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-i3fb b/mats/Mf-i3fb +index 150cedb..1e4e8fc 100644 +--- a/mats/Mf-i3fb ++++ b/mats/Mf-i3fb +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-i3le b/mats/Mf-i3le +index 8f521c8..b248620 100644 +--- a/mats/Mf-i3le ++++ b/mats/Mf-i3le +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -m32 -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -m32 -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-i3nb b/mats/Mf-i3nb +index e81f6ff..8afeb5c 100644 +--- a/mats/Mf-i3nb ++++ b/mats/Mf-i3nb +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-i3ob b/mats/Mf-i3ob +index 4e3ee1b..fcd4dee 100644 +--- a/mats/Mf-i3ob ++++ b/mats/Mf-i3ob +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-i3osx b/mats/Mf-i3osx +index 53c7d4a..a55f6ee 100644 +--- a/mats/Mf-i3osx ++++ b/mats/Mf-i3osx +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -m32 -dynamiclib -undefined dynamic_lookup -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -m32 -dynamiclib -undefined dynamic_lookup -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-i3qnx b/mats/Mf-i3qnx +index 724f2db..3e1437a 100644 +--- a/mats/Mf-i3qnx ++++ b/mats/Mf-i3qnx +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -m32 -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -m32 -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-ppc32le b/mats/Mf-ppc32le +index 28151a8..547ca00 100644 +--- a/mats/Mf-ppc32le ++++ b/mats/Mf-ppc32le +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -m32 -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -m32 -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-ta6fb b/mats/Mf-ta6fb +index 921d609..5ed233e 100644 +--- a/mats/Mf-ta6fb ++++ b/mats/Mf-ta6fb +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-ta6le b/mats/Mf-ta6le +index cd014ec..21c686a 100644 +--- a/mats/Mf-ta6le ++++ b/mats/Mf-ta6le +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -m64 -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -m64 -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-ta6nb b/mats/Mf-ta6nb +index 6b1929d..9b9b898 100644 +--- a/mats/Mf-ta6nb ++++ b/mats/Mf-ta6nb +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-ta6ob b/mats/Mf-ta6ob +index a7aee91..8f25aed 100644 +--- a/mats/Mf-ta6ob ++++ b/mats/Mf-ta6ob +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-ta6osx b/mats/Mf-ta6osx +index 42da5d7..0dd386f 100644 +--- a/mats/Mf-ta6osx ++++ b/mats/Mf-ta6osx +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -m64 -pthread -dynamiclib -undefined dynamic_lookup -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -m64 -pthread -dynamiclib -undefined dynamic_lookup -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-ti3fb b/mats/Mf-ti3fb +index c891145..56bf7d3 100644 +--- a/mats/Mf-ti3fb ++++ b/mats/Mf-ti3fb +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-ti3le b/mats/Mf-ti3le +index 12e77b8..22b4148 100644 +--- a/mats/Mf-ti3le ++++ b/mats/Mf-ti3le +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -m32 -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -m32 -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-ti3nb b/mats/Mf-ti3nb +index 028c652..573946e 100644 +--- a/mats/Mf-ti3nb ++++ b/mats/Mf-ti3nb +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-ti3ob b/mats/Mf-ti3ob +index 8a4741c..4472b60 100644 +--- a/mats/Mf-ti3ob ++++ b/mats/Mf-ti3ob +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-ti3osx b/mats/Mf-ti3osx +index 6913c34..9273b44 100644 +--- a/mats/Mf-ti3osx ++++ b/mats/Mf-ti3osx +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -m32 -pthread -dynamiclib -undefined dynamic_lookup -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -m32 -pthread -dynamiclib -undefined dynamic_lookup -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-tppc32le b/mats/Mf-tppc32le +index a12b515..8b9d9f0 100644 +--- a/mats/Mf-tppc32le ++++ b/mats/Mf-tppc32le +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -m32 -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -m32 -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/unix.ms b/mats/unix.ms +index cfba3e7..db7f6f9 100644 +--- a/mats/unix.ms ++++ b/mats/unix.ms +@@ -72,8 +72,8 @@ + (mat system + (eqv? (with-output-to-file "testfile.ss" void '(replace)) (void)) + (begin +- (system (format "~:[~;/pkg~]/bin/rm testfile.ss" (embedded?))) +- (system (format "~:[~;/pkg~]/bin/echo hello > testfile.ss" (embedded?))) ++ (system "rm -f testfile.ss") ++ (system "echo hello > testfile.ss") + (let ([p (open-input-file "testfile.ss")]) + (and (eq? (read p) 'hello) + (begin (close-input-port p) #t)))) +diff --git a/newrelease b/newrelease +index e903956..2d06740 100755 +--- a/newrelease ++++ b/newrelease +@@ -75,13 +75,13 @@ if ($status != 0) exit 1 + + cd $W + +-/bin/rm -f BUILDING ++rm -f BUILDING + sed -e "s/Chez Scheme Version [^ ]*/Chez Scheme Version $R/" \ + -e "s/Copyright 1984-.... /Copyright 1984-`date +%Y` /" \ + ../BUILDING > BUILDING + set updatedfiles = ($updatedfiles BUILDING) + +-/bin/rm -f NOTICE ++rm -f NOTICE + sed -e "s/Chez Scheme Version [^ ]*/Chez Scheme Version $R/" \ + -e "s/Copyright 1984-.... /Copyright 1984-`date +%Y` /" \ + ../NOTICE > NOTICE +@@ -92,19 +92,19 @@ sed -e "s/csv[0-9]\.[0-9]\(\.[0-9]\)*/csv$R/" ../makefiles/Mf-install.in > makef + sed -e "s/csug[0-9]\.[0-9]/csug$MR.$mR/" -e "s/csug[0-9]_[0-9]/csug$MR""_$mR/" ../makefiles/Makefile-csug.in > makefiles/Makefile-csug.in + set updatedfiles = ($updatedfiles makefiles/Mf-install.in makefiles/Makefile-csug.in) + +-/bin/rm scheme.1.in ++rm -f scheme.1.in + sed -e "s/Chez Scheme Version [0-9]\.[0-9]\(\.[0-9]\)* .* [0-9][0-9]*/Chez Scheme Version $R `date +'%B %Y'`/" \ + -e "s/Copyright .* Cisco Systems, Inc./Copyright `date +%Y` Cisco Systems, Inc./" \ + ../scheme.1.in > scheme.1.in + set updatedfiles = ($updatedfiles scheme.1.in) + +-/bin/rm -f c/Makefile.{,t}{i3,a6}nt ++rm -f c/Makefile.{,t}{i3,a6}nt + foreach fn (c/Makefile.{,t}{a6,i3}nt) + set updatedfiles = ($updatedfiles $fn) + sed -e "s/csv[0-9][0-9][0-9]*/csv$ZR/g" ../$fn > $fn + end + +-/bin/rm -f mats/Mf-{,t}{i3,a6}nt ++rm -f mats/Mf-{,t}{i3,a6}nt + foreach fn (mats/Mf-{,t}{a6,i3}nt) + set updatedfiles = ($updatedfiles $fn) + sed -e "s/csv[0-9][0-9][0-9]*/csv$ZR/g" ../$fn > $fn +@@ -123,11 +123,11 @@ sed -e "s/FILEVERSION .*/FILEVERSION $RCVERSION/"\ + -e "s/Copyright 1984-..../Copyright 1984-`date +%Y`/g" ../c/scheme.rc > c/scheme.rc + set updatedfiles = ($updatedfiles c/scheme.rc) + +-/bin/rm -f s/7.ss ++rm -f s/7.ss + sed -e "s/nCopyright 1984-..../nCopyright 1984-`date +%Y`/g" ../s/7.ss > s/7.ss + set updatedfiles = ($updatedfiles s/7.ss) + +-/bin/rm -f s/cmacros.ss ++rm -f s/cmacros.ss + set VNUM = `printf "%04x%02x%02x" $MR $mR $bR` + sed -e "s/scheme-version #x......../scheme-version #x$VNUM/" ../s/cmacros.ss > s/cmacros.ss + set updatedfiles = ($updatedfiles s/cmacros.ss) +@@ -146,17 +146,17 @@ sed -e "s/Revised\(.*\)for Chez Scheme Version [^ ]*<br>/Revised\1for Chez Schem + ../csug/csug.stex > csug/csug.stex + set updatedfiles = ($updatedfiles csug/copyright.stex csug/csug.stex) + +-/bin/rm bintar/Makefile ++rm -f bintar/Makefile + sed -e "s/^version = .*/version = $R/" \ + -e "s/csv[0-9][0-9][0-9]*/csv$ZR/g" \ + ../bintar/Makefile > bintar/Makefile + set updatedfiles = ($updatedfiles bintar/Makefile) + +-/bin/rm rpm/Makefile ++rm -f rpm/Makefile + sed -e "s/^version = .*/version = $R/" ../rpm/Makefile > rpm/Makefile + set updatedfiles = ($updatedfiles rpm/Makefile) + +-/bin/rm pkg/Makefile ++rm -f pkg/Makefile + sed -e "s/^version = .*/version = $R/" \ + -e "s/© .* Cisco Systems/\© `date +%Y` Cisco Systems/" \ + ../pkg/Makefile > pkg/Makefile +@@ -170,7 +170,7 @@ foreach fn (wininstall/{,t}{a6,i3}nt.wxs) + sed -e "s/csv[0-9][0-9][0-9]*/csv$ZR/" ../$fn > $fn + end + +-/bin/rm LOG ++rm -f LOG + cat ../LOG > LOG + echo "" >> LOG + echo "$R changes:" >> LOG +diff --git a/pkg/Makefile b/pkg/Makefile +index e0eef67..a3fe83f 100644 +--- a/pkg/Makefile ++++ b/pkg/Makefile +@@ -39,7 +39,7 @@ $(PKG): $(BUILDROOT)/$(PKG) + --package-path $(BUILDROOT)\ + $(PKG) + sudo chown $(DOTUSER):$(DOTGROUP) $(PKG) +- sudo /bin/rm -rf $(RELEASE) $(BUILDROOT) ++ sudo rm -rf $(RELEASE) $(BUILDROOT) + + $(BUILDROOT)/$(PKG): $(PKGCONTENT) + sudo /usr/bin/pkgbuild\ +diff --git a/release_notes/gifs/Makefile b/release_notes/gifs/Makefile +index 9572965..701d53a 100644 +--- a/release_notes/gifs/Makefile ++++ b/release_notes/gifs/Makefile +@@ -15,7 +15,7 @@ density=-r90x90 + ${density} - |\ + pnmcrop |\ + ppmtogif -transparent white > $*.gif +- /bin/rm -f $*.dvi $*.log *.aux ++ rm -f $*.dvi $*.log *.aux + test -f $*.gif && chmod 644 $*.gif + + all: ${gifs} +@@ -44,7 +44,7 @@ ghostRightarrow.gif: Rightarrow.tex + giftrans -g '#000000=#ffffff' |\ + giftopnm |\ + ppmtogif -transparent white > $*.gif +- /bin/rm -f Rightarrow.dvi Rightarrow.log Rightarrow.aux ++ rm -f Rightarrow.dvi Rightarrow.log Rightarrow.aux + test -f $*.gif && chmod 644 $*.gif + +-clean: ; /bin/rm -f *.gif Make.out ++clean: ; rm -f *.gif Make.out +diff --git a/release_notes/math/Makefile b/release_notes/math/Makefile +index b3ffae3..9eca430 100644 +--- a/release_notes/math/Makefile ++++ b/release_notes/math/Makefile +@@ -16,11 +16,11 @@ density=-r90x90 + ${density} - |\ + pnmcrop |\ + ppmtogif -transparent white > $*.gif +- /bin/rm -f $*.dvi $*.log $*.aux ++ rm -f $*.dvi $*.log $*.aux + test -f $*.gif && chmod 644 $*.gif + + all: ${gifs} + + ${gifs}: mathmacros + +-clean: ; /bin/rm -f *.gif Make.out ++clean: ; rm -f *.gif Make.out +diff --git a/s/Mf-base b/s/Mf-base +index c709608..40d816c 100644 +--- a/s/Mf-base ++++ b/s/Mf-base +@@ -206,7 +206,7 @@ profiled: + $(MAKE) all loadspd=t bp=t PetiteBoot=../boot/$m/xpetite.boot SchemeBoot=../boot/$m/xscheme.boot + $(MAKE) prettyclean + $(MAKE) io.$m loadspd=t dumpbpd=t Scheme="../bin/$m/scheme -b ../boot/$m/xpetite.boot -b ../boot/$m/xscheme.boot" +- /bin/rm -f ../boot/$m/xpetite.boot ../boot/$m/xscheme.boot ++ rm -f ../boot/$m/xpetite.boot ../boot/$m/xscheme.boot + $(MAKE) prettyclean + $(MAKE) all loadspd=t loadbpd=t + +diff --git a/workarea b/workarea +index bacc712..0461919 100755 +--- a/workarea ++++ b/workarea +@@ -70,9 +70,9 @@ esac + + if [ "$OS" = "Windows_NT" ] + then +- ln="/bin/cp -R" ++ ln="cp -R" + else +- ln="/bin/ln -s" ++ ln="ln -s" + fi + + # This shell script creates a workarea for local modifications to the +@@ -102,7 +102,7 @@ workln() + forceworkln() + { + if [ ! -e $2 ] ; then +- /bin/ln -s $1 $2 2> /dev/null ++ ln -s $1 $2 2> /dev/null + fi + } + +@@ -168,13 +168,13 @@ done + # deep copy submodules where builds occur so changes don't propagate through symlinks + for dir in `echo zlib` ; do + if [ ! -e $W/$dir ] ; then +- /bin/cp -R $dir $W/$dir ++ cp -R $dir $W/$dir + fi + done + + for dir in `echo lz4` ; do + if [ ! -e $W/$dir ] ; then +- /bin/cp -R $dir $W/$dir ++ cp -R $dir $W/$dir + fi + done + +-- +2.21.1 (Apple Git-122.3) + diff --git a/gnu/packages/patches/containerd-test-with-go1.13.patch b/gnu/packages/patches/containerd-test-with-go1.13.patch deleted file mode 100644 index 964adee9e6..0000000000 --- a/gnu/packages/patches/containerd-test-with-go1.13.patch +++ /dev/null @@ -1,21 +0,0 @@ -Compatibility fix for go 1.13, flag.Parse() shouldn't be called during -package initialization. -https://golang.org/doc/go1.13#testing ---- a/client_test.go 2020-02-12 14:50:28.991245371 -0500 -+++ b/client_test.go 2020-02-12 15:12:37.383523980 -0500 -@@ -49,7 +49,6 @@ - flag.StringVar(&address, "address", defaultAddress, "The address to the containerd socket for use in the tests") - flag.BoolVar(&noDaemon, "no-daemon", false, "Do not start a dedicated daemon for the tests") - flag.BoolVar(&noCriu, "no-criu", false, "Do not run the checkpoint tests") -- flag.Parse() - } - - func testContext() (context.Context, context.CancelFunc) { -@@ -59,6 +58,7 @@ - } - - func TestMain(m *testing.M) { -+ flag.Parse() - if testing.Short() { - os.Exit(m.Run()) - } diff --git a/gnu/packages/patches/curl-7.76-use-ssl-cert-env.patch b/gnu/packages/patches/curl-7.76-use-ssl-cert-env.patch new file mode 100644 index 0000000000..24be6e31d9 --- /dev/null +++ b/gnu/packages/patches/curl-7.76-use-ssl-cert-env.patch @@ -0,0 +1,64 @@ +Make libcurl respect the SSL_CERT_{DIR,FILE} variables by default. The variables +are fetched during initialization to preserve thread-safety (curl_global_init(3) +must be called when no other threads exist). + +This fixes network functionality in rust:cargo, and probably removes the need +for other future workarounds. +=================================================================== +--- curl-7.66.0.orig/lib/easy.c 2020-01-02 15:43:11.883921171 +0100 ++++ curl-7.66.0/lib/easy.c 2020-01-02 16:18:54.691882797 +0100 +@@ -134,6 +134,9 @@ + # pragma warning(default:4232) /* MSVC extension, dllimport identity */ + #endif + ++char * Curl_ssl_cert_dir = NULL; ++char * Curl_ssl_cert_file = NULL; ++ + /** + * curl_global_init() globally initializes curl given a bitwise set of the + * different features of what to initialize. +@@ -155,6 +158,9 @@ + #endif + } + ++ Curl_ssl_cert_dir = curl_getenv("SSL_CERT_DIR"); ++ Curl_ssl_cert_file = curl_getenv("SSL_CERT_FILE"); ++ + if(!Curl_ssl_init()) { + DEBUGF(fprintf(stderr, "Error: Curl_ssl_init failed\n")); + return CURLE_FAILED_INIT; +@@ -260,6 +266,9 @@ + Curl_ssl_cleanup(); + Curl_resolver_global_cleanup(); + ++ free(Curl_ssl_cert_dir); ++ free(Curl_ssl_cert_file); ++ + #ifdef WIN32 + Curl_win32_cleanup(init_flags); + #endif +diff -ur curl-7.66.0.orig/lib/url.c curl-7.66.0/lib/url.c +--- curl-7.66.0.orig/lib/url.c 2020-01-02 15:43:11.883921171 +0100 ++++ curl-7.66.0/lib/url.c 2020-01-02 16:21:11.563880346 +0100 +@@ -524,6 +524,21 @@ + if(result) + return result; + #endif ++ extern char * Curl_ssl_cert_dir; ++ extern char * Curl_ssl_cert_file; ++ if(Curl_ssl_cert_dir) { ++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH], Curl_ssl_cert_dir)) ++ return result; ++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_PROXY], Curl_ssl_cert_dir)) ++ return result; ++ } ++ ++ if(Curl_ssl_cert_file) { ++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE], Curl_ssl_cert_file)) ++ return result; ++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_PROXY], Curl_ssl_cert_file)) ++ return result; ++ } + } + + set->wildcard_enabled = FALSE; diff --git a/gnu/packages/patches/gimp-make-gegl-introspect-optional.patch b/gnu/packages/patches/gimp-make-gegl-introspect-optional.patch new file mode 100644 index 0000000000..4dd1ab74a8 --- /dev/null +++ b/gnu/packages/patches/gimp-make-gegl-introspect-optional.patch @@ -0,0 +1,43 @@ +From 2cae9b9acf9da98c4c9990819ffbd5aabe23017e Mon Sep 17 00:00:00 2001 +From: Jehan <jehan@girinstud.io> +Date: Mon, 14 Dec 2020 19:53:38 +0100 +Subject: [PATCH] app: make "gegl:introspect" an optional operation dependency. + +Check at runtime for the operation availability and set the "Show Image +Graph" action active depending on this check. + +This goes with discussions to make this operation optional with a +runtime check for the tool `dot`. +See: https://gitlab.gnome.org/GNOME/gegl/-/merge_requests/84 +--- + app/actions/debug-actions.c | 6 ++++++ + app/sanity.c | 1 - + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/app/actions/debug-actions.c b/app/actions/debug-actions.c +index 6be4422b228..22ca38b15ea 100644 +--- a/app/actions/debug-actions.c ++++ b/app/actions/debug-actions.c +@@ -103,4 +103,10 @@ void + debug_actions_update (GimpActionGroup *group, + gpointer data) + { ++#define SET_SENSITIVE(action,condition) \ ++ gimp_action_group_set_action_sensitive (group, action, (condition) != 0) ++ ++ SET_SENSITIVE ("debug-show-image-graph", gegl_has_operation ("gegl:introspect")); ++ ++#undef SET_SENSITIVE + } +diff --git a/app/sanity.c b/app/sanity.c +index 015801a396e..6374ac1ad20 100644 +--- a/app/sanity.c ++++ b/app/sanity.c +@@ -650,7 +650,6 @@ sanity_check_gegl_ops (void) + "gegl:hue-chroma", + "gegl:illusion", + "gegl:image-gradient", +- "gegl:introspect", + "gegl:invert-gamma", + "gegl:invert-linear", + "gegl:lens-blur", diff --git a/gnu/packages/patches/imagemagick-CVE-2020-27829.patch b/gnu/packages/patches/imagemagick-CVE-2020-27829.patch new file mode 100644 index 0000000000..b15c1d0879 --- /dev/null +++ b/gnu/packages/patches/imagemagick-CVE-2020-27829.patch @@ -0,0 +1,27 @@ +We omit the ChangeLog changes below, since they do not apply cleanly. + + +From 6ee5059cd3ac8d82714a1ab1321399b88539abf0 Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warrior@imagemagick.org> +Date: Mon, 30 Nov 2020 16:26:59 +0000 +Subject: [PATCH] possible TIFF related-heap buffer overflow (alert & POC by + Hardik Shah) + +--- + ChangeLog | 6 ++++++ + coders/tiff.c | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/coders/tiff.c b/coders/tiff.c +index e98f927ab..1eecf17ae 100644 +--- a/coders/tiff.c ++++ b/coders/tiff.c +@@ -1975,7 +1975,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info, + extent+=image->columns*sizeof(uint32); + #endif + strip_pixels=(unsigned char *) AcquireQuantumMemory(extent, +- sizeof(*strip_pixels)); ++ 2*sizeof(*strip_pixels)); + if (strip_pixels == (unsigned char *) NULL) + ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed"); + (void) memset(strip_pixels,0,extent*sizeof(*strip_pixels)); diff --git a/gnu/packages/patches/imagemagick-ReadDCMImage-fix.patch b/gnu/packages/patches/imagemagick-ReadDCMImage-fix.patch new file mode 100644 index 0000000000..42ece43682 --- /dev/null +++ b/gnu/packages/patches/imagemagick-ReadDCMImage-fix.patch @@ -0,0 +1,26 @@ +From 512668dfd92b20d0d08b91d62b422d8262573281 Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra <dirk@lemstra.org> +Date: Wed, 24 Mar 2021 20:37:15 +0100 +Subject: [PATCH] Throw exception when no exception was raised but status was + false (#3432). + +--- + coders/dcm.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/coders/dcm.c b/coders/dcm.c +index 7a68ed6e8..ed17c9567 100644 +--- a/coders/dcm.c ++++ b/coders/dcm.c +@@ -3989,6 +3989,8 @@ static Image *ReadDCMImage(const ImageInfo *image_info,ExceptionInfo *exception) + if (redmap != (int *) NULL) + redmap=(int *) RelinquishMagickMemory(redmap); + image=DestroyImageList(image); ++ if ((status == MagickFalse) && (exception->severity < ErrorException)) ++ ThrowReaderException(CorruptImageError,"CorruptImage"); + return(GetFirstImageInList(images)); + } + if (info.depth != (1UL*MAGICKCORE_QUANTUM_DEPTH)) +-- +2.31.0 + diff --git a/gnu/packages/patches/imagemagick-ReadDCMPixels-fix.patch b/gnu/packages/patches/imagemagick-ReadDCMPixels-fix.patch new file mode 100644 index 0000000000..a91999186b --- /dev/null +++ b/gnu/packages/patches/imagemagick-ReadDCMPixels-fix.patch @@ -0,0 +1,35 @@ +From c8f25953ad1dd38a8b2d92738f0f742ad7e0bce7 Mon Sep 17 00:00:00 2001 +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Sun, 21 Mar 2021 21:21:15 -0400 +Subject: [PATCH] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32322 + +--- + coders/dcm.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/coders/dcm.c b/coders/dcm.c +index 29eed9618..7a68ed6e8 100644 +--- a/coders/dcm.c ++++ b/coders/dcm.c +@@ -2984,12 +2984,12 @@ static MagickBooleanType ReadDCMPixels(Image *image,DCMInfo *info, + } + else + { +- SetPixelRed(q,(Quantum) (((ssize_t) pixel.red) | +- (((ssize_t) GetPixelRed(q)) << 8))); +- SetPixelGreen(q,(Quantum) (((ssize_t) pixel.green) | +- (((ssize_t) GetPixelGreen(q)) << 8))); +- SetPixelBlue(q,(Quantum) (((ssize_t) pixel.blue) | +- (((ssize_t) GetPixelBlue(q)) << 8))); ++ SetPixelRed(q,(Quantum) (((size_t) pixel.red) | ++ (((size_t) GetPixelRed(q)) << 8))); ++ SetPixelGreen(q,(Quantum) (((size_t) pixel.green) | ++ (((size_t) GetPixelGreen(q)) << 8))); ++ SetPixelBlue(q,(Quantum) (((size_t) pixel.blue) | ++ (((size_t) GetPixelBlue(q)) << 8))); + } + q++; + } +-- +2.31.0 + diff --git a/gnu/packages/patches/imagemagick-WriteTHUMBNAILImage-fix.patch b/gnu/packages/patches/imagemagick-WriteTHUMBNAILImage-fix.patch new file mode 100644 index 0000000000..f38a45b800 --- /dev/null +++ b/gnu/packages/patches/imagemagick-WriteTHUMBNAILImage-fix.patch @@ -0,0 +1,25 @@ +From 6a5d3575487487f2703383338bd17c8c25068f19 Mon Sep 17 00:00:00 2001 +From: Cristy <mikayla-grace@urban-warrior.org> +Date: Thu, 25 Mar 2021 08:58:18 -0400 +Subject: [PATCH] eliminate compiler warning + +--- + coders/thumbnail.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/coders/thumbnail.c b/coders/thumbnail.c +index 3833341b0..1e2bfe8c2 100644 +--- a/coders/thumbnail.c ++++ b/coders/thumbnail.c +@@ -199,7 +199,7 @@ static MagickBooleanType WriteTHUMBNAILImage(const ImageInfo *image_info, + q++; + } + if ((q > (GetStringInfoDatum(profile)+GetStringInfoLength(profile))) || +- (length > (GetStringInfoDatum(profile)+GetStringInfoLength(profile)-q))) ++ ((ssize_t) length > (GetStringInfoDatum(profile)+GetStringInfoLength(profile)-q))) + ThrowWriterException(CoderError,"ImageDoesNotHaveAThumbnail"); + thumbnail_image=BlobToImage(image_info,q,length,&image->exception); + if (thumbnail_image == (Image *) NULL) +-- +2.31.0 + diff --git a/gnu/packages/patches/libvirt-add-install-prefix.patch b/gnu/packages/patches/libvirt-add-install-prefix.patch new file mode 100644 index 0000000000..1331fa9b6f --- /dev/null +++ b/gnu/packages/patches/libvirt-add-install-prefix.patch @@ -0,0 +1,329 @@ +Patch from NixOS: +https://raw.githubusercontent.com/NixOS/nixpkgs/b98031a49c66095dd1eb9185ecdaeeb5e3cd752d/pkgs/development/libraries/libvirt/0001-meson-patch-in-an-install-prefix-for-building-on-nix.patch + +From a896b0be849455edb83a9305dfec9b41447ef3e4 Mon Sep 17 00:00:00 2001 +From: Euan Kemp <euank@euank.com> +Date: Thu, 14 Jan 2021 00:32:00 -0800 +Subject: [PATCH] meson: patch in an install prefix for building on nix + +Used in the nixpkgs version of libvirt so that we can install things in +the nix store, but read them from the root filesystem. +--- + meson.build | 9 +++++++++ + meson_options.txt | 2 ++ + src/libxl/meson.build | 6 +++--- + src/locking/meson.build | 8 ++++---- + src/lxc/meson.build | 6 +++--- + src/meson.build | 18 +++++++++--------- + src/network/meson.build | 12 ++++++------ + src/nwfilter/xml/meson.build | 2 +- + src/qemu/meson.build | 14 +++++++------- + src/remote/meson.build | 6 +++--- + src/security/apparmor/meson.build | 8 ++++---- + tools/meson.build | 4 ++-- + 12 files changed, 53 insertions(+), 42 deletions(-) + +diff --git a/meson.build b/meson.build +index b5164f6..33719f1 100644 +--- a/meson.build ++++ b/meson.build +@@ -39,6 +39,8 @@ if host_machine.system() == 'windows' + conf.set('WINVER', '0x0600') # Win Vista / Server 2008 + endif + ++# patched in for nix ++install_prefix = get_option('install_prefix') + + # set various paths + +@@ -57,6 +59,13 @@ else + sysconfdir = prefix / get_option('sysconfdir') + endif + ++# nix: don't prefix the localstatedir; some things need to write to it, so it ++# can't be in the nix store, and that's what the prefix is. ++# We'll prefix things ourselves where needed ++localstatedir = get_option('localstatedir') ++# Same for sysconfidr ++sysconfdir = get_option('sysconfdir') ++ + # if --prefix is /usr, don't use /usr/var for localstatedir or /usr/etc for + # sysconfdir as this makes a lot of things break in testing situations + if prefix == '/usr' +diff --git a/meson_options.txt b/meson_options.txt +index e5d79c2..081cd32 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -1,3 +1,5 @@ ++option('install_prefix', type: 'string', value: '', description: 'prefix for nix store installation') ++ + option('no_git', type: 'boolean', value: false, description: 'Disable git submodule update') + option('packager', type: 'string', value: '', description: 'Extra packager name') + option('packager_version', type: 'string', value: '', description: 'Extra packager version') +diff --git a/src/libxl/meson.build b/src/libxl/meson.build +index 3bb6cc5..78d7be0 100644 +--- a/src/libxl/meson.build ++++ b/src/libxl/meson.build +@@ -84,8 +84,8 @@ if conf.has('WITH_LIBXL') + } + + virt_install_dirs += [ +- localstatedir / 'lib' / 'libvirt' / 'libxl', +- runstatedir / 'libvirt' / 'libxl', +- localstatedir / 'log' / 'libvirt' / 'libxl', ++ install_prefix + localstatedir / 'lib' / 'libvirt' / 'libxl', ++ install_prefix + runstatedir / 'libvirt' / 'libxl', ++ install_prefix + localstatedir / 'log' / 'libvirt' / 'libxl', + ] + endif +diff --git a/src/locking/meson.build b/src/locking/meson.build +index 8a28310..9da81cc 100644 +--- a/src/locking/meson.build ++++ b/src/locking/meson.build +@@ -243,14 +243,14 @@ if conf.has('WITH_LIBVIRTD') + } + + virt_install_dirs += [ +- localstatedir / 'lib' / 'libvirt' / 'lockd', +- localstatedir / 'lib' / 'libvirt' / 'lockd' / 'files', +- runstatedir / 'libvirt' / 'lockd', ++ install_prefix + localstatedir / 'lib' / 'libvirt' / 'lockd', ++ install_prefix + localstatedir / 'lib' / 'libvirt' / 'lockd' / 'files', ++ install_prefix + runstatedir / 'libvirt' / 'lockd', + ] + + if conf.has('WITH_SANLOCK') + virt_install_dirs += [ +- localstatedir / 'lib' / 'libvirt' / 'sanlock', ++ install_prefix + localstatedir / 'lib' / 'libvirt' / 'sanlock', + ] + endif + endif +diff --git a/src/lxc/meson.build b/src/lxc/meson.build +index f8e2a88..96d6687 100644 +--- a/src/lxc/meson.build ++++ b/src/lxc/meson.build +@@ -182,8 +182,8 @@ if conf.has('WITH_LXC') + } + + virt_install_dirs += [ +- localstatedir / 'lib' / 'libvirt' / 'lxc', +- runstatedir / 'libvirt' / 'lxc', +- localstatedir / 'log' / 'libvirt' / 'lxc', ++ install_prefix + localstatedir / 'lib' / 'libvirt' / 'lxc', ++ install_prefix + runstatedir / 'libvirt' / 'lxc', ++ install_prefix + localstatedir / 'log' / 'libvirt' / 'lxc', + ] + endif +diff --git a/src/meson.build b/src/meson.build +index 7c47821..d33d16a 100644 +--- a/src/meson.build ++++ b/src/meson.build +@@ -669,7 +669,7 @@ endforeach + + virt_conf_files += 'libvirt.conf' + +-install_data(virt_conf_files, install_dir: confdir) ++install_data(virt_conf_files, install_dir: install_prefix + confdir) + install_data(virt_aug_files, install_dir: virt_aug_dir) + + # augeas_test_data: +@@ -729,7 +729,7 @@ foreach data : virt_daemon_confs + output: '@0@.conf'.format(data['name']), + configuration: daemon_conf, + install: true, +- install_dir: confdir, ++ install_dir: install_prefix + confdir, + ) + + if data.get('with_ip', false) +@@ -853,14 +853,14 @@ if conf.has('WITH_LIBVIRTD') + + install_data( + init_file, +- install_dir: sysconfdir / 'init.d', ++ install_dir: install_prefix + sysconfdir / 'init.d', + rename: [ init['name'] ], + ) + + if init.has_key('confd') + install_data( + init['confd'], +- install_dir: sysconfdir / 'conf.d', ++ install_dir: install_prefix + sysconfdir / 'conf.d', + rename: [ init['name'] ], + ) + endif +@@ -872,7 +872,7 @@ if init_script != 'none' + foreach sysconf : sysconf_files + install_data( + sysconf['file'], +- install_dir: sysconfdir / 'sysconfig', ++ install_dir: install_prefix + sysconfdir / 'sysconfig', + rename: [ sysconf['name'] ], + ) + endforeach +@@ -897,10 +897,10 @@ endif + # Install empty directories + + virt_install_dirs += [ +- localstatedir / 'cache' / 'libvirt', +- localstatedir / 'lib' / 'libvirt' / 'images', +- localstatedir / 'lib' / 'libvirt' / 'filesystems', +- localstatedir / 'lib' / 'libvirt' / 'boot', ++ install_prefix + localstatedir / 'cache' / 'libvirt', ++ install_prefix + localstatedir / 'lib' / 'libvirt' / 'images', ++ install_prefix + localstatedir / 'lib' / 'libvirt' / 'filesystems', ++ install_prefix + localstatedir / 'lib' / 'libvirt' / 'boot', + ] + + meson.add_install_script( +diff --git a/src/network/meson.build b/src/network/meson.build +index 3ec598c..b02040b 100644 +--- a/src/network/meson.build ++++ b/src/network/meson.build +@@ -79,9 +79,9 @@ if conf.has('WITH_NETWORK') + } + + virt_install_dirs += [ +- localstatedir / 'lib' / 'libvirt' / 'network', +- localstatedir / 'lib' / 'libvirt' / 'dnsmasq', +- runstatedir / 'libvirt' / 'network', ++ install_prefix + localstatedir / 'lib' / 'libvirt' / 'network', ++ install_prefix + localstatedir / 'lib' / 'libvirt' / 'dnsmasq', ++ install_prefix + runstatedir / 'libvirt' / 'network', + ] + + configure_file( +@@ -89,12 +89,12 @@ if conf.has('WITH_NETWORK') + output: '@BASENAME@', + copy: true, + install: true, +- install_dir: confdir / 'qemu' / 'networks', ++ install_dir: install_prefix + confdir / 'qemu' / 'networks', + ) + + meson.add_install_script( + meson_python_prog.path(), python3_prog.path(), meson_install_symlink_prog.path(), +- confdir / 'qemu' / 'networks' / 'autostart', ++ install_prefix + confdir / 'qemu' / 'networks' / 'autostart', + '../default.xml', 'default.xml', + ) + +diff --git a/src/nwfilter/xml/meson.build b/src/nwfilter/xml/meson.build +index 0d96c54..66c92a1 100644 +--- a/src/nwfilter/xml/meson.build ++++ b/src/nwfilter/xml/meson.build +@@ -25,4 +25,4 @@ nwfilter_xml_files = [ + 'qemu-announce-self.xml', + ] + +-install_data(nwfilter_xml_files, install_dir: sysconfdir / 'libvirt' / 'nwfilter') ++install_data(nwfilter_xml_files, install_dir: install_prefix + sysconfdir / 'libvirt' / 'nwfilter') +diff --git a/src/qemu/meson.build b/src/qemu/meson.build +index 90640b0..8802cec 100644 +--- a/src/qemu/meson.build ++++ b/src/qemu/meson.build +@@ -171,12 +171,12 @@ if conf.has('WITH_QEMU') + } + + virt_install_dirs += [ +- localstatedir / 'lib' / 'libvirt' / 'qemu', +- runstatedir / 'libvirt' / 'qemu', +- localstatedir / 'cache' / 'libvirt' / 'qemu', +- localstatedir / 'log' / 'libvirt' / 'qemu', +- localstatedir / 'lib' / 'libvirt' / 'swtpm', +- runstatedir / 'libvirt' / 'qemu' / 'swtpm', +- localstatedir / 'log' / 'swtpm' / 'libvirt' / 'qemu', ++ install_prefix + localstatedir / 'lib' / 'libvirt' / 'qemu', ++ install_prefix + runstatedir / 'libvirt' / 'qemu', ++ install_prefix + localstatedir / 'cache' / 'libvirt' / 'qemu', ++ install_prefix + localstatedir / 'log' / 'libvirt' / 'qemu', ++ install_prefix + localstatedir / 'lib' / 'libvirt' / 'swtpm', ++ install_prefix + runstatedir / 'libvirt' / 'qemu' / 'swtpm', ++ install_prefix + localstatedir / 'log' / 'swtpm' / 'libvirt' / 'qemu', + ] + endif +diff --git a/src/remote/meson.build b/src/remote/meson.build +index 9ad2f6a..429a15b 100644 +--- a/src/remote/meson.build ++++ b/src/remote/meson.build +@@ -245,7 +245,7 @@ if conf.has('WITH_REMOTE') + } + + virt_install_dirs += [ +- localstatedir / 'log' / 'libvirt', ++ install_prefix + localstatedir / 'log' / 'libvirt', + ] + + logrotate_conf = configuration_data() +@@ -259,7 +259,7 @@ if conf.has('WITH_REMOTE') + ) + install_data( + log_file, +- install_dir: sysconfdir / 'logrotate.d', ++ install_dir: install_prefix + sysconfdir / 'logrotate.d', + rename: [ name ], + ) + endforeach +@@ -309,7 +309,7 @@ endif + if conf.has('WITH_SASL') + install_data( + 'libvirtd.sasl', +- install_dir: sysconfdir / 'sasl2', ++ install_dir: install_prefix + sysconfdir / 'sasl2', + rename: [ 'libvirt.conf' ], + ) + endif +diff --git a/src/security/apparmor/meson.build b/src/security/apparmor/meson.build +index af43780..e2d6c81 100644 +--- a/src/security/apparmor/meson.build ++++ b/src/security/apparmor/meson.build +@@ -17,22 +17,22 @@ foreach name : apparmor_gen_profiles + output: name, + configuration: apparmor_gen_profiles_conf, + install: true, +- install_dir: apparmor_dir, ++ install_dir: install_prefix + apparmor_dir, + ) + endforeach + + install_data( + [ 'libvirt-qemu', 'libvirt-lxc' ], +- install_dir: apparmor_dir / 'abstractions', ++ install_dir: install_prefix + apparmor_dir / 'abstractions', + ) + + install_data( + [ 'TEMPLATE.qemu', 'TEMPLATE.lxc' ], +- install_dir: apparmor_dir / 'libvirt', ++ install_dir: install_prefix + apparmor_dir / 'libvirt', + ) + + install_data( + 'usr.lib.libvirt.virt-aa-helper.local', +- install_dir: apparmor_dir / 'local', ++ install_dir: install_prefix + apparmor_dir / 'local', + rename: 'usr.lib.libvirt.virt-aa-helper', + ) +diff --git a/tools/meson.build b/tools/meson.build +index b8c6802..dacd0ff 100644 +--- a/tools/meson.build ++++ b/tools/meson.build +@@ -115,7 +115,7 @@ if conf.has('WITH_LOGIN_SHELL') + install_rpath: libvirt_rpath, + ) + +- install_data('virt-login-shell.conf', install_dir: sysconfdir / 'libvirt') ++ install_data('virt-login-shell.conf', install_dir: install_prefix + sysconfdir / 'libvirt') + endif + + if host_machine.system() == 'windows' +@@ -274,7 +274,7 @@ configure_file( + if init_script == 'systemd' + install_data( + 'libvirt-guests.sysconf', +- install_dir: sysconfdir / 'sysconfig', ++ install_dir: install_prefix + sysconfdir / 'sysconfig', + rename: 'libvirt-guests', + ) diff --git a/gnu/packages/patches/linphone-desktop-without-sdk.patch b/gnu/packages/patches/linphone-desktop-without-sdk.patch new file mode 100644 index 0000000000..63e9808bf4 --- /dev/null +++ b/gnu/packages/patches/linphone-desktop-without-sdk.patch @@ -0,0 +1,235 @@ +From cfdf6d1c2051d6a20d0cbb94d81fe398f70dea4d Mon Sep 17 00:00:00 2001 +From: Raghav Gururajan <rg@raghavgururajan.name> +Date: Sun, 21 Mar 2021 21:13:53 -0400 +Subject: [PATCH] [PATCH]: Fix building from git. + +--- + CMakeLists.txt | 73 +------------------ + linphone-app/CMakeLists.txt | 12 +-- + .../cmake_builder/additional_steps.cmake | 2 +- + .../linphone_package/CMakeLists.txt | 38 ---------- + linphone-app/linphoneqt_version.cmake | 1 + + linphone-app/src/config.h.cmake | 1 + + 6 files changed, 6 insertions(+), 121 deletions(-) + create mode 100644 linphone-app/linphoneqt_version.cmake + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index f7eb05f2..3e853bdd 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -48,16 +48,6 @@ project(linphoneqt) + include(GNUInstallDirs) + include(CheckCXXCompilerFlag) + +-# Prepare gobal CMAKE configuration specific to the current project +-set(SDK_BUILD_DIR "${CMAKE_BINARY_DIR}/WORK") # SDK build in WORK. Keep all in it. +-set(LINPHONE_OUTPUT_DIR "${CMAKE_BINARY_DIR}/linphone-sdk/desktop") +- +-set(APPLICATION_OUTPUT_DIR "${CMAKE_BINARY_DIR}/OUTPUT") +- +-set(CMAKE_PREFIX_PATH "${LINPHONE_OUTPUT_DIR};${APPLICATION_OUTPUT_DIR}${PREFIX_PATH}") +-string(REPLACE ";" "|" PREFIX_PATH "${CMAKE_PREFIX_PATH}") +-#set(PREFIX_PATH "${LINPHONE_OUTPUT_DIR}|${APPLICATION_OUTPUT_DIR}${PREFIX_PATH}") +- + # Avoid cmake warning if CMP0071 is not set. + if (POLICY CMP0071) + cmake_policy(SET CMP0071 NEW) +@@ -116,9 +106,6 @@ if(ENABLE_V4L) + endif() + list(APPEND APP_OPTIONS "-DENABLE_RELATIVE_PREFIX=${ENABLE_RELATIVE_PREFIX}") + +-list(APPEND APP_OPTIONS "-DLINPHONE_OUTPUT_DIR=${LINPHONE_OUTPUT_DIR}") +- +-include(ExternalProject) + set(PROJECT_BUILD_COMMAND "") + if(CMAKE_BUILD_PARALLEL_LEVEL) + list(APPEND APP_OPTIONS "-DCMAKE_BUILD_PARALLEL_LEVEL=${CMAKE_BUILD_PARALLEL_LEVEL}") +@@ -133,32 +120,10 @@ if(CMAKE_VERBOSE_MAKEFILE) + endif() + endif() + if(UNIX AND NOT APPLE) +- set(CMAKE_INSTALL_RPATH "$ORIGIN:$ORIGIN/lib64:$ORIGIN/../lib64:$ORIGIN/lib:$ORIGIN/../lib:${LINPHONE_OUTPUT_DIR}/${CMAKE_INSTALL_LIBDIR}") + list(APPEND APP_OPTIONS "-DCMAKE_INSTALL_RPATH=${CMAKE_INSTALL_RPATH}") + endif() +-ExternalProject_Add(sdk PREFIX "${CMAKE_BINARY_DIR}/sdk" +- SOURCE_DIR "${CMAKE_SOURCE_DIR}/linphone-sdk" +- INSTALL_DIR "${LINPHONE_OUTPUT_DIR}" +- STAMP_DIR "${SDK_BUILD_DIR}/stamp" +- BINARY_DIR "${SDK_BUILD_DIR}" +- STEP_TARGETS build +- BUILD_COMMAND ${CMAKE_COMMAND} --build <BINARY_DIR> --config $<CONFIG> ${PROJECT_BUILD_COMMAND} +- INSTALL_COMMAND ${CMAKE_COMMAND} -E echo "Install step is already done at build time." +- LIST_SEPARATOR | # Use the alternate list separator +- CMAKE_ARGS ${APP_OPTIONS} ${USER_ARGS} -DCMAKE_INSTALL_PREFIX:PATH=<INSTALL_DIR> -DCMAKE_PREFIX_PATH=${PREFIX_PATH} +- #BUILD_ALWAYS NO #${DO_BUILD} +-) +-ExternalProject_Add_Step(sdk force_build +- COMMENT "Forcing build for 'desktop'" +- DEPENDEES configure +- DEPENDERS build +- ALWAYS 1 +-) + include(FindPkgConfig) + +-set(APP_DEPENDS sdk) +- +- + find_package(Qt5 5.12 COMPONENTS Core REQUIRED) + + if ( NOT Qt5_FOUND ) +@@ -173,39 +138,5 @@ find_package(Mediastreamer2 CONFIG QUIET) + find_package(ortp CONFIG QUIET) + + +-if(NOT (LinphoneCxx_FOUND) OR NOT (Linphone_FOUND) OR NOT (bctoolbox_FOUND) OR NOT (belcard_FOUND) OR NOT (Mediastreamer2_FOUND) OR NOT (ortp_FOUND) OR FORCE_APP_EXTERNAL_PROJECTS) +- message("Projects are set as External projects. You can start building them by using for example : cmake --build . --target install") +- ExternalProject_Add(linphone-qt PREFIX "${CMAKE_BINARY_DIR}/linphone-app" +- SOURCE_DIR "${CMAKE_SOURCE_DIR}/linphone-app" +- INSTALL_DIR "${APPLICATION_OUTPUT_DIR}" +- BINARY_DIR "${CMAKE_BINARY_DIR}/linphone-app" +- DEPENDS ${APP_DEPENDS} +- BUILD_COMMAND ${CMAKE_COMMAND} --build <BINARY_DIR> --config $<CONFIG> ${PROJECT_BUILD_COMMAND} +- INSTALL_COMMAND ${CMAKE_COMMAND} -E echo "Install step will not be done by external project" +- LIST_SEPARATOR | # Use the alternate list separator +- CMAKE_ARGS ${APP_OPTIONS} ${USER_ARGS} -DCMAKE_INSTALL_PREFIX:PATH=<INSTALL_DIR> -DCMAKE_PREFIX_PATH=${PREFIX_PATH} +- # ${APP_OPTIONS} +- BUILD_ALWAYS ON +- ) +- install(CODE "message(STATUS Running install)") +- set(AUTO_REGENERATION auto_regeneration) +- add_custom_target(${AUTO_REGENERATION} ALL +- COMMAND ${CMAKE_COMMAND} ${CMAKE_CURRENT_SOURCE_DIR} +- DEPENDS linphone-qt) +-else() +- message("Adding Linphone Desktop in an IDE-friendly state") +- set(CMAKE_INSTALL_PREFIX "${APPLICATION_OUTPUT_DIR}") +- add_subdirectory(${CMAKE_SOURCE_DIR}/linphone-app) +- add_dependencies(app-library ${APP_DEPENDS}) +-endif() +-ExternalProject_Add(linphone-qt-only PREFIX "${CMAKE_BINARY_DIR}/linphone-app" +- SOURCE_DIR "${CMAKE_SOURCE_DIR}/linphone-app" +- INSTALL_DIR "${APPLICATION_OUTPUT_DIR}" +- BINARY_DIR "${CMAKE_BINARY_DIR}/linphone-app" +- BUILD_COMMAND ${CMAKE_COMMAND} --build <BINARY_DIR> --config $<CONFIG> ${PROJECT_BUILD_COMMAND} +-# INSTALL_COMMAND ${CMAKE_COMMAND} -E echo "Install step is already done at build time." +- LIST_SEPARATOR | # Use the alternate list separator +- CMAKE_ARGS ${APP_OPTIONS} ${USER_ARGS} -DCMAKE_INSTALL_PREFIX:PATH=<INSTALL_DIR> -DCMAKE_PREFIX_PATH=${PREFIX_PATH} +- EXCLUDE_FROM_ALL ON +- BUILD_ALWAYS ON +-) ++message("Adding Linphone Desktop in an IDE-friendly state") ++add_subdirectory(${CMAKE_SOURCE_DIR}/linphone-app) +diff --git a/linphone-app/CMakeLists.txt b/linphone-app/CMakeLists.txt +index 3bc9420a..5267cd4a 100644 +--- a/linphone-app/CMakeLists.txt ++++ b/linphone-app/CMakeLists.txt +@@ -21,17 +21,8 @@ + ################################################################################ + cmake_minimum_required(VERSION 3.1) + ++include(linphoneqt_version.cmake) + find_package(bctoolbox CONFIG) +-set(FULL_VERSION ) +-bc_compute_full_version(FULL_VERSION) +-set(version_major ) +-set(version_minor ) +-set(version_patch ) +-set(identifiers ) +-set(metadata ) +-bc_parse_full_version("${FULL_VERSION}" version_major version_minor version_patch identifiers metadata) +- +-project(linphoneqt VERSION "${version_major}.${version_minor}.${version_patch}") + + if(ENABLE_BUILD_VERBOSE) + #message("CMAKE_PREFIX_PATH ${CMAKE_PREFIX_PATH}") +@@ -49,7 +40,6 @@ if(UNIX AND NOT APPLE) + set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE) + endif() + list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/../cmake") +-list(APPEND CMAKE_MODULE_PATH "${LINPHONE_OUTPUT_DIR}/cmake") + + set(APP_LIBRARY app-library) + include(application_info.cmake) +diff --git a/linphone-app/cmake_builder/additional_steps.cmake b/linphone-app/cmake_builder/additional_steps.cmake +index 7f7fd573..48e3c716 100644 +--- a/linphone-app/cmake_builder/additional_steps.cmake ++++ b/linphone-app/cmake_builder/additional_steps.cmake +@@ -61,7 +61,7 @@ if (ENABLE_PACKAGING) + SOURCE_DIR "${CMAKE_CURRENT_LIST_DIR}/linphone_package" + DOWNLOAD_COMMAND "" + CMAKE_GENERATOR ${CMAKE_GENERATOR} +- CMAKE_ARGS ${LINPHONE_BUILDER_EP_ARGS} -DCMAKE_INSTALL_PREFIX=${LINPHONE_BUILDER_WORK_DIR}/PACKAGE -DTOOLS_DIR=${CMAKE_BINARY_DIR}/programs -DLINPHONE_OUTPUT_DIR=${CMAKE_INSTALL_PREFIX} -DLINPHONE_DESKTOP_DIR=${CMAKE_CURRENT_LIST_DIR}/.. -DLINPHONE_SOURCE_DIR=${EP_linphone_SOURCE_DIR} ${ENABLE_VARIABLES} -DLINPHONE_BUILDER_SIGNING_IDENTITY=${LINPHONE_BUILDER_SIGNING_IDENTITY} ++ CMAKE_ARGS ${LINPHONE_BUILDER_EP_ARGS} -DCMAKE_INSTALL_PREFIX=${LINPHONE_BUILDER_WORK_DIR}/PACKAGE -DTOOLS_DIR=${CMAKE_BINARY_DIR}/programs -DLINPHONE_DESKTOP_DIR=${CMAKE_CURRENT_LIST_DIR}/.. -DLINPHONE_SOURCE_DIR=${EP_linphone_SOURCE_DIR} ${ENABLE_VARIABLES} -DLINPHONE_BUILDER_SIGNING_IDENTITY=${LINPHONE_BUILDER_SIGNING_IDENTITY} + ) + endif () + endif () +diff --git a/linphone-app/cmake_builder/linphone_package/CMakeLists.txt b/linphone-app/cmake_builder/linphone_package/CMakeLists.txt +index baea03cf..d06dcb74 100644 +--- a/linphone-app/cmake_builder/linphone_package/CMakeLists.txt ++++ b/linphone-app/cmake_builder/linphone_package/CMakeLists.txt +@@ -200,44 +200,6 @@ elseif (APPLE) + endif () + # install(DIRECTORY "${CMAKE_CURRENT_BINARY_DIR}/${APPLICATION_NAME}.app" DESTINATION "." USE_SOURCE_PERMISSIONS) + else()# Not Windows and Apple +- foreach (LIBRARY ${SHARED_LIBRARIES}) +- get_filename_component(LIBRARY_FILENAME ${LIBRARY} NAME) +- message("Changing RPATH of ${LIBRARY_FILENAME} from '${LINPHONE_OUTPUT_DIR}/${CMAKE_INSTALL_LIBDIR}' to '$ORIGIN/../${CMAKE_INSTALL_LIBDIR}'") +- execute_process(COMMAND install_name_tool -rpath "${LINPHONE_OUTPUT_DIR}/${CMAKE_INSTALL_LIBDIR}" "$ORIGIN/../lib" "${LIBRARY}") +- execute_process(COMMAND install_name_tool -addrpath "$ORIGIN/../lib64" "${LIBRARY}") +- endforeach () +- install(DIRECTORY "${LINPHONE_OUTPUT_DIR}/${CMAKE_INSTALL_BINDIR}/" DESTINATION "${CMAKE_INSTALL_BINDIR}" USE_SOURCE_PERMISSIONS) +-#Just in case. This is useless because we have to use CMAKE_INSTALL_LIBDIR +- if( EXISTS "${LINPHONE_OUTPUT_DIR}/lib/") +- file(GLOB SHARED_LIBRARIES "${LINPHONE_OUTPUT_DIR}/lib/*.so*") +- if( ENABLE_OPENH264 )# Remove openH264 lib from the installation. this codec will be download by user +- foreach(item ${SHARED_LIBRARIES}) +- get_filename_component(LIBRARY_FILENAME ${item} NAME) +- if("${LIBRARY_FILENAME}" MATCHES "^libopenh264.*$") +- list(REMOVE_ITEM SHARED_LIBRARIES ${item}) +- endif() +- endforeach(item) +- endif() +- install(FILES ${SHARED_LIBRARIES} DESTINATION "lib") +- endif() +- if( EXISTS "${LINPHONE_OUTPUT_DIR}/lib64/") +- file(GLOB SHARED_LIBRARIES "${LINPHONE_OUTPUT_DIR}/lib64/*.so*") +- if( ENABLE_OPENH264 )# Remove openH264 lib from the installation. this codec will be download by user +- foreach(item ${SHARED_LIBRARIES}) +- get_filename_component(LIBRARY_FILENAME ${item} NAME) +- if("${LIBRARY_FILENAME}" MATCHES "^libopenh264.*$") +- list(REMOVE_ITEM SHARED_LIBRARIES ${item}) +- endif() +- endforeach(item) +- endif() +- install(FILES ${SHARED_LIBRARIES} DESTINATION "lib64") +- endif() +- install(DIRECTORY "${LINPHONE_OUTPUT_DIR}/${CMAKE_INSTALL_DATAROOTDIR}/" DESTINATION "${CMAKE_INSTALL_DATAROOTDIR}" USE_SOURCE_PERMISSIONS) +- if(ENABLE_BUILD_VERBOSE) +- message("INSTALLATION : ${LINPHONE_OUTPUT_DIR}/${CMAKE_INSTALL_DATAROOTDIR}/" ) +- endif() +- file(GLOB PLUGINS_FILES "${LINPHONE_OUTPUT_DIR}/${CMAKE_INSTALL_LIBDIR}/mediastreamer/plugins/*") +- install(FILES ${PLUGINS_FILES} DESTINATION "plugins/mediastreamer/" ) + # Install desktop/icon files. + configure_file("${CMAKE_CURRENT_SOURCE_DIR}/../../assets/linphone.desktop.cmake" "${CMAKE_CURRENT_BINARY_DIR}/../../${EXECUTABLE_NAME}.desktop" @ONLY) + install(FILES "${CMAKE_CURRENT_BINARY_DIR}/../../${EXECUTABLE_NAME}.desktop" DESTINATION "${CMAKE_INSTALL_DATADIR}/applications") +diff --git a/linphone-app/linphoneqt_version.cmake b/linphone-app/linphoneqt_version.cmake +new file mode 100644 +index 00000000..a85d3455 +--- /dev/null ++++ b/linphone-app/linphoneqt_version.cmake +@@ -0,0 +1 @@ ++project(linphoneqt VERSION ${GUIX-SET-VERSION}) +\ No newline at end of file +diff --git a/linphone-app/src/config.h.cmake b/linphone-app/src/config.h.cmake +index 093539e0..5a238c70 100644 +--- a/linphone-app/src/config.h.cmake ++++ b/linphone-app/src/config.h.cmake +@@ -28,3 +28,4 @@ + #cmakedefine ENABLE_UPDATE_CHECK 1 + #cmakedefine EXECUTABLE_NAME "${EXECUTABLE_NAME}" + #cmakedefine MSPLUGINS_DIR "${MSPLUGINS_DIR}" ++#define LINPHONE_QT_GIT_VERSION "${PROJECT_VERSION}" +\ No newline at end of file +-- +2.31.0 + diff --git a/gnu/packages/patches/linphoneqt-tabbutton.patch b/gnu/packages/patches/linphoneqt-tabbutton.patch deleted file mode 100644 index 6b3214026e..0000000000 --- a/gnu/packages/patches/linphoneqt-tabbutton.patch +++ /dev/null @@ -1,96 +0,0 @@ -From ecaab0f73d0b74bbfbf150286305fa6e12970037 Mon Sep 17 00:00:00 2001 -From: Ronan Abhamon <ronan.abhamon@belledonne-communications.com> -Date: Fri, 19 Jan 2018 14:42:01 +0100 -Subject: [PATCH] fix(SettingsWindow): rename icon property of TabButton to - iconName (issue with Qt 5.10 and new icon property) - ---- - ui/modules/Common/Form/Tab/TabButton.qml | 8 ++++---- - ui/views/App/Settings/SettingsWindow.qml | 14 +++++++------- - 2 files changed, 11 insertions(+), 11 deletions(-) - -diff --git a/ui/modules/Common/Form/Tab/TabButton.qml b/ui/modules/Common/Form/Tab/TabButton.qml -index ad220ab2..a47bb20b 100644 ---- a/ui/modules/Common/Form/Tab/TabButton.qml -+++ b/ui/modules/Common/Form/Tab/TabButton.qml -@@ -12,8 +12,8 @@ Controls.TabButton { - - // --------------------------------------------------------------------------- - -- property string icon - property int iconSize: TabButtonStyle.icon.size -+ property string iconName - - readonly property bool _isSelected: parent.parent.currentItem === button - -@@ -66,9 +66,9 @@ Controls.TabButton { - Layout.leftMargin: TabButtonStyle.text.leftPadding - - icon: { -- var icon = button.icon -- return icon.length -- ? (icon + '_' + (button._isSelected ? 'selected' : 'normal')) -+ var iconName = button.iconName -+ return iconName.length -+ ? (iconName + '_' + (button._isSelected ? 'selected' : 'normal')) - : '' - } - iconSize: button.iconSize -diff --git a/ui/views/App/Settings/SettingsWindow.qml b/ui/views/App/Settings/SettingsWindow.qml -index b8f5a80f..58909544 100644 ---- a/ui/views/App/Settings/SettingsWindow.qml -+++ b/ui/views/App/Settings/SettingsWindow.qml -@@ -48,43 +48,43 @@ ApplicationWindow { - id: tabBar - - TabButton { -- icon: 'settings_sip_accounts' -+ iconName: 'settings_sip_accounts' - text: qsTr('sipAccountsTab') - width: implicitWidth - } - - TabButton { -- icon: 'settings_audio' -+ iconName: 'settings_audio' - text: qsTr('audioTab') - width: implicitWidth - } - - TabButton { -- icon: 'settings_video' -+ iconName: 'settings_video' - text: qsTr('videoTab') - width: implicitWidth - } - - TabButton { -- icon: 'settings_call' -+ iconName: 'settings_call' - text: qsTr('callsAndChatTab') - width: implicitWidth - } - - TabButton { -- icon: 'settings_network' -+ iconName: 'settings_network' - text: qsTr('networkTab') - width: implicitWidth - } - - TabButton { -- icon: 'settings_advanced' -+ iconName: 'settings_advanced' - text: qsTr('uiTab') - width: implicitWidth - } - - TabButton { -- icon: 'settings_advanced' -+ iconName: 'settings_advanced' - text: qsTr('uiAdvanced') - width: implicitWidth - } --- -2.21.0 - diff --git a/gnu/packages/patches/lksctp-tools-1.0.18-fix-header-file-name.patch b/gnu/packages/patches/lksctp-tools-1.0.18-fix-header-file-name.patch new file mode 100644 index 0000000000..1ebe6c803d --- /dev/null +++ b/gnu/packages/patches/lksctp-tools-1.0.18-fix-header-file-name.patch @@ -0,0 +1,32 @@ +From 378560050a8f93786c590cc99a55461666205b61 Mon Sep 17 00:00:00 2001 +From: Xin Long <lucien.xin@gmail.com> +Date: Fri, 24 Aug 2018 01:13:32 +0800 +Subject: [PATCH] build: fix netinet/sctp.h not to be installed + +After libcnetinet_HEADERS was set to sctp.h.in, netinet/sctp.h can +no longer be installed into ${includedir}. + +Since "AC_CONFIG_HEADERS([src/include/netinet/sctp.h])" is already +added into configure.ac, there's no need to generate sctp.h by +automake. + +So we simply set libcnetinet_HEADERS back to sctp.h. + +Fixes: 9607dd85e70a ("netinet/sctp.h: dynamically build based on system setup") +Signed-off-by: Xin Long <lucien.xin@gmail.com> +Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> +--- + src/include/netinet/Makefile.am | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/include/netinet/Makefile.am b/src/include/netinet/Makefile.am +index ca0aac2..965db8c 100644 +--- a/src/include/netinet/Makefile.am ++++ b/src/include/netinet/Makefile.am +@@ -11,5 +11,4 @@ libcnetinetdir = $(includedir)/netinet + # API. + include_HEADERS = + +-libcnetinet_HEADERS = sctp.h.in +-BUILT_SOURCES = sctp.h ++libcnetinet_HEADERS = sctp.h diff --git a/gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch b/gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch new file mode 100644 index 0000000000..215c920e53 --- /dev/null +++ b/gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch @@ -0,0 +1,100 @@ +This patch comes from upstream. It corresponds to a patch applied to +the generated C source code for llhttp included in Node.js 14.16.0 +(see commit 641f786bb1a1f6eb1ff8750782ed939780f2b31a). That commit +fixes CVE-2020-8287. With this patch, the output of our +llhttp-bootstrap package matches the files included in Node.js 14.16.0 +exactly. + +commit e9b36ea64709c35ca66094d5cf3787f444029601 +Author: Fedor Indutny <fedor@indutny.com> +Date: Sat Oct 10 19:56:01 2020 -0700 + + http: unset `F_CHUNKED` on new `Transfer-Encoding` + + Duplicate `Transfer-Encoding` header should be a treated as a single, + but with original header values concatenated with a comma separator. In + the light of this, even if the past `Transfer-Encoding` ended with + `chunked`, we should be not let the `F_CHUNKED` to leak into the next + header, because mere presence of another header indicates that `chunked` + is not the last transfer-encoding token. + +diff --git a/src/llhttp/http.ts b/src/llhttp/http.ts +index f4f1a6e..0a0c365 100644 +--- a/src/llhttp/http.ts ++++ b/src/llhttp/http.ts +@@ -460,11 +460,19 @@ export class HTTP { + .match([ ' ', '\t' ], n('header_value_discard_ws')) + .otherwise(checkContentLengthEmptiness); + ++ // Multiple `Transfer-Encoding` headers should be treated as one, but with ++ // values separate by a comma. ++ // ++ // See: https://tools.ietf.org/html/rfc7230#section-3.2.2 ++ const toTransferEncoding = this.unsetFlag( ++ FLAGS.CHUNKED, ++ 'header_value_te_chunked'); ++ + n('header_value_start') + .otherwise(this.load('header_state', { + [HEADER_STATE.UPGRADE]: this.setFlag(FLAGS.UPGRADE, fallback), + [HEADER_STATE.TRANSFER_ENCODING]: this.setFlag( +- FLAGS.TRANSFER_ENCODING, 'header_value_te_chunked'), ++ FLAGS.TRANSFER_ENCODING, toTransferEncoding), + [HEADER_STATE.CONTENT_LENGTH]: n('header_value_content_length_once'), + [HEADER_STATE.CONNECTION]: n('header_value_connection'), + }, 'header_value')); +@@ -847,6 +855,11 @@ export class HTTP { + return span.start(span.end(this.node(next))); + } + ++ private unsetFlag(flag: FLAGS, next: string | Node): Node { ++ const p = this.llparse; ++ return p.invoke(p.code.and('flags', ~flag), this.node(next)); ++ } ++ + private setFlag(flag: FLAGS, next: string | Node): Node { + const p = this.llparse; + return p.invoke(p.code.or('flags', flag), this.node(next)); +diff --git a/test/request/transfer-encoding.md b/test/request/transfer-encoding.md +index a7d1681..b0891d6 100644 +--- a/test/request/transfer-encoding.md ++++ b/test/request/transfer-encoding.md +@@ -353,6 +353,38 @@ off=106 headers complete method=3 v=1/1 flags=200 content_length=0 + off=106 error code=15 reason="Request has invalid `Transfer-Encoding`" + ``` + ++## POST with `chunked` and duplicate transfer-encoding ++ ++<!-- meta={"type": "request", "noScan": true} --> ++```http ++POST /post_identity_body_world?q=search#hey HTTP/1.1 ++Accept: */* ++Transfer-Encoding: chunked ++Transfer-Encoding: deflate ++ ++World ++``` ++ ++```log ++off=0 message begin ++off=5 len=38 span[url]="/post_identity_body_world?q=search#hey" ++off=44 url complete ++off=54 len=6 span[header_field]="Accept" ++off=61 header_field complete ++off=62 len=3 span[header_value]="*/*" ++off=67 header_value complete ++off=67 len=17 span[header_field]="Transfer-Encoding" ++off=85 header_field complete ++off=86 len=7 span[header_value]="chunked" ++off=95 header_value complete ++off=95 len=17 span[header_field]="Transfer-Encoding" ++off=113 header_field complete ++off=114 len=7 span[header_value]="deflate" ++off=123 header_value complete ++off=125 headers complete method=3 v=1/1 flags=200 content_length=0 ++off=125 error code=15 reason="Request has invalid `Transfer-Encoding`" ++``` ++ + ## POST with `chunked` before other transfer-coding (lenient) + + TODO(indutny): should we allow it even in lenient mode? (Consider disabling diff --git a/gnu/packages/patches/mariadb-CVE-2021-27928.patch b/gnu/packages/patches/mariadb-CVE-2021-27928.patch new file mode 100644 index 0000000000..39a023c159 --- /dev/null +++ b/gnu/packages/patches/mariadb-CVE-2021-27928.patch @@ -0,0 +1,642 @@ +From 7580701e6279900fec40822952a3b874732289cf Mon Sep 17 00:00:00 2001 +From: Sergei Golubchik <serg@mariadb.org> +Date: Thu, 18 Feb 2021 14:20:48 +0100 +Subject: [PATCH] make @@wsrep_provider and @@wsrep_notify_cmd read-only + +this should simplify run-time cluster management +--- + mysql-test/suite/galera/disabled.def | 2 + + .../galera/include/galera_load_provider.inc | 19 -------- + .../galera/include/galera_unload_provider.inc | 3 +- + .../suite/galera/r/galera_ist_rsync.result | 2 +- + .../galera/r/galera_sst_mysqldump.result | 2 +- + .../suite/galera/r/mysql-wsrep#33.result | 2 +- + .../suite/sys_vars/r/sysvars_wsrep.result | 4 +- + .../sys_vars/r/wsrep_notify_cmd_basic.result | 47 ------------------- + .../sys_vars/r/wsrep_provider_basic.result | 40 ---------------- + .../r/wsrep_provider_options_basic.result | 46 ------------------ + .../sys_vars/t/wsrep_notify_cmd_basic.test | 43 ----------------- + .../sys_vars/t/wsrep_provider_basic.test | 39 --------------- + .../t/wsrep_provider_options_basic.test | 41 ---------------- + mysql-test/suite/wsrep/disabled.def | 2 + + mysql-test/suite/wsrep/r/variables.result | 12 ++--- + mysql-test/suite/wsrep/t/variables.test | 32 +++---------- + sql/sys_vars.cc | 8 ++-- + 17 files changed, 25 insertions(+), 319 deletions(-) + delete mode 100644 mysql-test/suite/sys_vars/r/wsrep_notify_cmd_basic.result + delete mode 100644 mysql-test/suite/sys_vars/r/wsrep_provider_basic.result + delete mode 100644 mysql-test/suite/sys_vars/r/wsrep_provider_options_basic.result + delete mode 100644 mysql-test/suite/sys_vars/t/wsrep_notify_cmd_basic.test + delete mode 100644 mysql-test/suite/sys_vars/t/wsrep_provider_basic.test + delete mode 100644 mysql-test/suite/sys_vars/t/wsrep_provider_options_basic.test + +diff --git a/mysql-test/suite/galera/disabled.def b/mysql-test/suite/galera/disabled.def +index d940c702d54..83f26e81636 100644 +--- a/mysql-test/suite/galera/disabled.def ++++ b/mysql-test/suite/galera/disabled.def +@@ -49,3 +49,5 @@ partition : MDEV-19958 Galera test failure on galera.partition + query_cache: MDEV-15805 Test failure on galera.query_cache + sql_log_bin : MDEV-21491 galera.sql_log_bin + versioning_trx_id : MDEV-18590 galera.versioning_trx_id ++galera_wsrep_provider_unset_set: wsrep_provider is read-only for security reasons ++pxc-421: wsrep_provider is read-only for security reasons +diff --git a/mysql-test/suite/galera/include/galera_load_provider.inc b/mysql-test/suite/galera/include/galera_load_provider.inc +index 0f843597d9c..28010cc5b71 100644 +--- a/mysql-test/suite/galera/include/galera_load_provider.inc ++++ b/mysql-test/suite/galera/include/galera_load_provider.inc +@@ -1,25 +1,6 @@ + --echo Loading wsrep provider ... + + --disable_query_log +---eval SET GLOBAL wsrep_provider = '$wsrep_provider_orig'; +- +-# +-# count occurences of successful node starts in error log +-# +-perl; +- use strict; +- my $test_log=$ENV{'LOG_FILE'} or die "LOG_FILE not set"; +- my $test_log_copy=$test_log . '.copy'; +- if (-e $test_log_copy) { +- unlink $test_log_copy; +- } +- +-EOF +---copy_file $LOG_FILE $LOG_FILE.copy +- +-# +-# now join to the cluster +-# + --eval SET GLOBAL wsrep_cluster_address = '$wsrep_cluster_address_orig'; + + --enable_query_log +diff --git a/mysql-test/suite/galera/include/galera_unload_provider.inc b/mysql-test/suite/galera/include/galera_unload_provider.inc +index cd841f51fbc..ed7e9bc41f0 100644 +--- a/mysql-test/suite/galera/include/galera_unload_provider.inc ++++ b/mysql-test/suite/galera/include/galera_unload_provider.inc +@@ -1,7 +1,6 @@ + --echo Unloading wsrep provider ... + + --let $wsrep_cluster_address_orig = `SELECT @@wsrep_cluster_address` +---let $wsrep_provider_orig = `SELECT @@wsrep_provider` + --let $wsrep_provider_options_orig = `SELECT @@wsrep_provider_options` + --let $wsrep_error_log_orig = `SELECT @@log_error` + if(!$wsrep_log_error_orig) +@@ -12,4 +11,4 @@ if(!$wsrep_log_error_orig) + } + --let LOG_FILE= $wsrep_log_error_orig + +-SET GLOBAL wsrep_provider = 'none'; ++SET GLOBAL wsrep_cluster_address = ''; +diff --git a/mysql-test/suite/galera/r/galera_ist_rsync.result b/mysql-test/suite/galera/r/galera_ist_rsync.result +index 13f7d898a59..70a87c73df7 100644 +--- a/mysql-test/suite/galera/r/galera_ist_rsync.result ++++ b/mysql-test/suite/galera/r/galera_ist_rsync.result +@@ -23,7 +23,7 @@ INSERT INTO t1 VALUES ('node2_committed_before'); + INSERT INTO t1 VALUES ('node2_committed_before'); + COMMIT; + Unloading wsrep provider ... +-SET GLOBAL wsrep_provider = 'none'; ++SET GLOBAL wsrep_cluster_address = ''; + connection node_1; + SET AUTOCOMMIT=OFF; + START TRANSACTION; +diff --git a/mysql-test/suite/galera/r/galera_sst_mysqldump.result b/mysql-test/suite/galera/r/galera_sst_mysqldump.result +index 4ed679ba477..145b3a94775 100644 +--- a/mysql-test/suite/galera/r/galera_sst_mysqldump.result ++++ b/mysql-test/suite/galera/r/galera_sst_mysqldump.result +@@ -30,7 +30,7 @@ INSERT INTO t1 VALUES ('node2_committed_before'); + INSERT INTO t1 VALUES ('node2_committed_before'); + COMMIT; + Unloading wsrep provider ... +-SET GLOBAL wsrep_provider = 'none'; ++SET GLOBAL wsrep_cluster_address = ''; + connection node_1; + SET AUTOCOMMIT=OFF; + START TRANSACTION; +diff --git a/mysql-test/suite/galera/r/mysql-wsrep#33.result b/mysql-test/suite/galera/r/mysql-wsrep#33.result +index fb0b593cc96..45c6a3f660a 100644 +--- a/mysql-test/suite/galera/r/mysql-wsrep#33.result ++++ b/mysql-test/suite/galera/r/mysql-wsrep#33.result +@@ -32,7 +32,7 @@ INSERT INTO t1 VALUES ('node2_committed_before'); + INSERT INTO t1 VALUES ('node2_committed_before'); + COMMIT; + Unloading wsrep provider ... +-SET GLOBAL wsrep_provider = 'none'; ++SET GLOBAL wsrep_cluster_address = ''; + connection node_1; + SET AUTOCOMMIT=OFF; + START TRANSACTION; +diff --git a/mysql-test/suite/sys_vars/r/sysvars_wsrep.result b/mysql-test/suite/sys_vars/r/sysvars_wsrep.result +index 4b6abf85434..f73bfbd13e7 100644 +--- a/mysql-test/suite/sys_vars/r/sysvars_wsrep.result ++++ b/mysql-test/suite/sys_vars/r/sysvars_wsrep.result +@@ -403,7 +403,7 @@ NUMERIC_MIN_VALUE NULL + NUMERIC_MAX_VALUE NULL + NUMERIC_BLOCK_SIZE NULL + ENUM_VALUE_LIST NULL +-READ_ONLY NO ++READ_ONLY YES + COMMAND_LINE_ARGUMENT REQUIRED + GLOBAL_VALUE_PATH NULL + VARIABLE_NAME WSREP_ON +@@ -463,7 +463,7 @@ NUMERIC_MIN_VALUE NULL + NUMERIC_MAX_VALUE NULL + NUMERIC_BLOCK_SIZE NULL + ENUM_VALUE_LIST NULL +-READ_ONLY NO ++READ_ONLY YES + COMMAND_LINE_ARGUMENT REQUIRED + GLOBAL_VALUE_PATH NULL + VARIABLE_NAME WSREP_PROVIDER_OPTIONS +diff --git a/mysql-test/suite/sys_vars/r/wsrep_notify_cmd_basic.result b/mysql-test/suite/sys_vars/r/wsrep_notify_cmd_basic.result +deleted file mode 100644 +index 056ff8c817b..00000000000 +--- a/mysql-test/suite/sys_vars/r/wsrep_notify_cmd_basic.result ++++ /dev/null +@@ -1,47 +0,0 @@ +-# +-# wsrep_notify_cmd +-# +-call mtr.add_suppression("WSREP: Failed to get provider options"); +-# save the initial value +-SET @wsrep_notify_cmd_global_saved = @@global.wsrep_notify_cmd; +-# default +-SELECT @@global.wsrep_notify_cmd; +-@@global.wsrep_notify_cmd +- +- +-# scope +-SELECT @@session.wsrep_notify_cmd; +-ERROR HY000: Variable 'wsrep_notify_cmd' is a GLOBAL variable +-SET @@global.wsrep_notify_cmd='notify_cmd'; +-SELECT @@global.wsrep_notify_cmd; +-@@global.wsrep_notify_cmd +-notify_cmd +- +-# valid values +-SET @@global.wsrep_notify_cmd='command'; +-SELECT @@global.wsrep_notify_cmd; +-@@global.wsrep_notify_cmd +-command +-SET @@global.wsrep_notify_cmd='hyphenated-command'; +-SELECT @@global.wsrep_notify_cmd; +-@@global.wsrep_notify_cmd +-hyphenated-command +-SET @@global.wsrep_notify_cmd=default; +-SELECT @@global.wsrep_notify_cmd; +-@@global.wsrep_notify_cmd +- +-SET @@global.wsrep_notify_cmd=NULL; +-SELECT @@global.wsrep_notify_cmd; +-@@global.wsrep_notify_cmd +-NULL +- +-# invalid values +-SET @@global.wsrep_notify_cmd=1; +-ERROR 42000: Incorrect argument type to variable 'wsrep_notify_cmd' +-SELECT @@global.wsrep_notify_cmd; +-@@global.wsrep_notify_cmd +-NULL +- +-# restore the initial value +-SET @@global.wsrep_notify_cmd = @wsrep_notify_cmd_global_saved; +-# End of test +diff --git a/mysql-test/suite/sys_vars/r/wsrep_provider_basic.result b/mysql-test/suite/sys_vars/r/wsrep_provider_basic.result +deleted file mode 100644 +index 3e4ac8ca883..00000000000 +--- a/mysql-test/suite/sys_vars/r/wsrep_provider_basic.result ++++ /dev/null +@@ -1,40 +0,0 @@ +-# +-# wsrep_provider +-# +-# save the initial value +-SET @wsrep_provider_global_saved = @@global.wsrep_provider; +-# default +-SELECT @@global.wsrep_provider; +-@@global.wsrep_provider +-none +- +-# scope +-SELECT @@session.wsrep_provider; +-ERROR HY000: Variable 'wsrep_provider' is a GLOBAL variable +-SELECT @@global.wsrep_provider; +-@@global.wsrep_provider +-none +- +-# valid values +-SET @@global.wsrep_provider=default; +-SELECT @@global.wsrep_provider; +-@@global.wsrep_provider +-none +- +-# invalid values +-SET @@global.wsrep_provider='/invalid/libgalera_smm.so'; +-ERROR 42000: Variable 'wsrep_provider' can't be set to the value of '/invalid/libgalera_smm.so' +-SET @@global.wsrep_provider=NULL; +-ERROR 42000: Variable 'wsrep_provider' can't be set to the value of 'NULL' +-SELECT @@global.wsrep_provider; +-@@global.wsrep_provider +-none +-SET @@global.wsrep_provider=1; +-ERROR 42000: Incorrect argument type to variable 'wsrep_provider' +-SELECT @@global.wsrep_provider; +-@@global.wsrep_provider +-none +- +-# restore the initial value +-SET @@global.wsrep_provider = @wsrep_provider_global_saved; +-# End of test +diff --git a/mysql-test/suite/sys_vars/r/wsrep_provider_options_basic.result b/mysql-test/suite/sys_vars/r/wsrep_provider_options_basic.result +deleted file mode 100644 +index 15949a14e39..00000000000 +--- a/mysql-test/suite/sys_vars/r/wsrep_provider_options_basic.result ++++ /dev/null +@@ -1,46 +0,0 @@ +-# +-# wsrep_provider_options +-# +-call mtr.add_suppression("WSREP: Failed to get provider options"); +-# default +-SELECT @@global.wsrep_provider_options; +-@@global.wsrep_provider_options +- +- +-# scope +-SELECT @@session.wsrep_provider_options; +-ERROR HY000: Variable 'wsrep_provider_options' is a GLOBAL variable +-SET @@global.wsrep_provider_options='option1'; +-SELECT @@global.wsrep_provider_options; +-@@global.wsrep_provider_options +- +- +-# valid values +-SET @@global.wsrep_provider_options='name1=value1;name2=value2'; +-ERROR HY000: WSREP (galera) not started +-SELECT @@global.wsrep_provider_options; +-@@global.wsrep_provider_options +- +-SET @@global.wsrep_provider_options='hyphenated-name:value'; +-ERROR HY000: WSREP (galera) not started +-SELECT @@global.wsrep_provider_options; +-@@global.wsrep_provider_options +- +-SET @@global.wsrep_provider_options=default; +-ERROR HY000: WSREP (galera) not started +-SELECT @@global.wsrep_provider_options; +-@@global.wsrep_provider_options +- +- +-# invalid values +-SET @@global.wsrep_provider_options=1; +-ERROR 42000: Incorrect argument type to variable 'wsrep_provider_options' +-SELECT @@global.wsrep_provider_options; +-@@global.wsrep_provider_options +- +-SET @@global.wsrep_provider_options=NULL; +-Got one of the listed errors +-SELECT @@global.wsrep_provider_options; +-@@global.wsrep_provider_options +- +-# End of test +diff --git a/mysql-test/suite/sys_vars/t/wsrep_notify_cmd_basic.test b/mysql-test/suite/sys_vars/t/wsrep_notify_cmd_basic.test +deleted file mode 100644 +index 6d1535ba148..00000000000 +--- a/mysql-test/suite/sys_vars/t/wsrep_notify_cmd_basic.test ++++ /dev/null +@@ -1,43 +0,0 @@ +---source include/have_wsrep.inc +- +---echo # +---echo # wsrep_notify_cmd +---echo # +- +-call mtr.add_suppression("WSREP: Failed to get provider options"); +- +---echo # save the initial value +-SET @wsrep_notify_cmd_global_saved = @@global.wsrep_notify_cmd; +- +---echo # default +-SELECT @@global.wsrep_notify_cmd; +- +---echo +---echo # scope +---error ER_INCORRECT_GLOBAL_LOCAL_VAR +-SELECT @@session.wsrep_notify_cmd; +-SET @@global.wsrep_notify_cmd='notify_cmd'; +-SELECT @@global.wsrep_notify_cmd; +- +---echo +---echo # valid values +-SET @@global.wsrep_notify_cmd='command'; +-SELECT @@global.wsrep_notify_cmd; +-SET @@global.wsrep_notify_cmd='hyphenated-command'; +-SELECT @@global.wsrep_notify_cmd; +-SET @@global.wsrep_notify_cmd=default; +-SELECT @@global.wsrep_notify_cmd; +-SET @@global.wsrep_notify_cmd=NULL; +-SELECT @@global.wsrep_notify_cmd; +- +---echo +---echo # invalid values +---error ER_WRONG_TYPE_FOR_VAR +-SET @@global.wsrep_notify_cmd=1; +-SELECT @@global.wsrep_notify_cmd; +- +---echo +---echo # restore the initial value +-SET @@global.wsrep_notify_cmd = @wsrep_notify_cmd_global_saved; +- +---echo # End of test +diff --git a/mysql-test/suite/sys_vars/t/wsrep_provider_basic.test b/mysql-test/suite/sys_vars/t/wsrep_provider_basic.test +deleted file mode 100644 +index 1190ab41bb0..00000000000 +--- a/mysql-test/suite/sys_vars/t/wsrep_provider_basic.test ++++ /dev/null +@@ -1,39 +0,0 @@ +---source include/have_wsrep.inc +- +---echo # +---echo # wsrep_provider +---echo # +- +---echo # save the initial value +-SET @wsrep_provider_global_saved = @@global.wsrep_provider; +- +---echo # default +-SELECT @@global.wsrep_provider; +- +---echo +---echo # scope +---error ER_INCORRECT_GLOBAL_LOCAL_VAR +-SELECT @@session.wsrep_provider; +-SELECT @@global.wsrep_provider; +- +---echo +---echo # valid values +-SET @@global.wsrep_provider=default; +-SELECT @@global.wsrep_provider; +- +---echo +---echo # invalid values +---error ER_WRONG_VALUE_FOR_VAR +-SET @@global.wsrep_provider='/invalid/libgalera_smm.so'; +---error ER_WRONG_VALUE_FOR_VAR +-SET @@global.wsrep_provider=NULL; +-SELECT @@global.wsrep_provider; +---error ER_WRONG_TYPE_FOR_VAR +-SET @@global.wsrep_provider=1; +-SELECT @@global.wsrep_provider; +- +---echo +---echo # restore the initial value +-SET @@global.wsrep_provider = @wsrep_provider_global_saved; +- +---echo # End of test +diff --git a/mysql-test/suite/sys_vars/t/wsrep_provider_options_basic.test b/mysql-test/suite/sys_vars/t/wsrep_provider_options_basic.test +deleted file mode 100644 +index 6eb3a94b6a4..00000000000 +--- a/mysql-test/suite/sys_vars/t/wsrep_provider_options_basic.test ++++ /dev/null +@@ -1,41 +0,0 @@ +---source include/have_wsrep.inc +- +---echo # +---echo # wsrep_provider_options +---echo # +- +-call mtr.add_suppression("WSREP: Failed to get provider options"); +- +---echo # default +-SELECT @@global.wsrep_provider_options; +- +---echo +---echo # scope +---error ER_INCORRECT_GLOBAL_LOCAL_VAR +-SELECT @@session.wsrep_provider_options; +---error 0,ER_WRONG_ARGUMENTS +-SET @@global.wsrep_provider_options='option1'; +-SELECT @@global.wsrep_provider_options; +- +---echo +---echo # valid values +---error ER_WRONG_ARGUMENTS +-SET @@global.wsrep_provider_options='name1=value1;name2=value2'; +-SELECT @@global.wsrep_provider_options; +---error ER_WRONG_ARGUMENTS +-SET @@global.wsrep_provider_options='hyphenated-name:value'; +-SELECT @@global.wsrep_provider_options; +---error ER_WRONG_ARGUMENTS +-SET @@global.wsrep_provider_options=default; +-SELECT @@global.wsrep_provider_options; +- +---echo +---echo # invalid values +---error ER_WRONG_TYPE_FOR_VAR +-SET @@global.wsrep_provider_options=1; +-SELECT @@global.wsrep_provider_options; +---error ER_WRONG_ARGUMENTS,ER_WRONG_ARGUMENTS +-SET @@global.wsrep_provider_options=NULL; +-SELECT @@global.wsrep_provider_options; +- +---echo # End of test +diff --git a/mysql-test/suite/wsrep/disabled.def b/mysql-test/suite/wsrep/disabled.def +index 11577bfe8b0..3d204db6945 100644 +--- a/mysql-test/suite/wsrep/disabled.def ++++ b/mysql-test/suite/wsrep/disabled.def +@@ -10,3 +10,5 @@ + # + ############################################################################## + ++ ++mdev_6832: wsrep_provider is read-only for security reasons +diff --git a/mysql-test/suite/wsrep/r/variables.result b/mysql-test/suite/wsrep/r/variables.result +index a9988fd1628..e57440125ee 100644 +--- a/mysql-test/suite/wsrep/r/variables.result ++++ b/mysql-test/suite/wsrep/r/variables.result +@@ -14,7 +14,6 @@ SET SESSION wsrep_replicate_myisam= ON; + ERROR HY000: Variable 'wsrep_replicate_myisam' is a GLOBAL variable and should be set with SET GLOBAL + SET GLOBAL wsrep_replicate_myisam= ON; + SET GLOBAL wsrep_replicate_myisam= OFF; +-SET GLOBAL wsrep_provider=none; + # + # MDEV#5790: SHOW GLOBAL STATUS LIKE does not show the correct list of + # variables when using "_" +@@ -151,7 +150,6 @@ wsrep_local_state_comment # + # Should show nothing. + SHOW STATUS LIKE 'x'; + Variable_name Value +-SET GLOBAL wsrep_provider=none; + + SHOW STATUS LIKE 'wsrep_local_state_uuid'; + Variable_name Value +@@ -160,7 +158,6 @@ wsrep_local_state_uuid # + SHOW STATUS LIKE 'wsrep_last_committed'; + Variable_name Value + wsrep_last_committed # +-SET GLOBAL wsrep_provider=none; + + # + # MDEV#6206: wsrep_slave_threads subtracts from max_connections +@@ -174,7 +171,7 @@ SELECT @@global.wsrep_slave_threads; + 1 + SELECT @@global.wsrep_cluster_address; + @@global.wsrep_cluster_address +- ++gcomm:// + SELECT @@global.wsrep_on; + @@global.wsrep_on + 1 +@@ -183,14 +180,14 @@ Variable_name Value + Threads_connected 1 + SHOW STATUS LIKE 'wsrep_thread_count'; + Variable_name Value +-wsrep_thread_count 0 ++wsrep_thread_count 2 + + SELECT @@global.wsrep_provider; + @@global.wsrep_provider + libgalera_smm.so + SELECT @@global.wsrep_cluster_address; + @@global.wsrep_cluster_address +- ++gcomm:// + SELECT @@global.wsrep_on; + @@global.wsrep_on + 1 +@@ -199,11 +196,10 @@ Variable_name Value + Threads_connected 1 + SHOW STATUS LIKE 'wsrep_thread_count'; + Variable_name Value +-wsrep_thread_count 0 ++wsrep_thread_count 2 + + # Setting wsrep_cluster_address triggers the creation of + # applier/rollbacker threads. +-SET GLOBAL wsrep_cluster_address= 'gcomm://'; + # Wait for applier thread to get created 1. + # Wait for applier thread to get created 2. + SELECT VARIABLE_VALUE AS EXPECT_1 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_applier_thread_count'; +diff --git a/mysql-test/suite/wsrep/t/variables.test b/mysql-test/suite/wsrep/t/variables.test +index f2c3a0a3b78..fd352b61a3a 100644 +--- a/mysql-test/suite/wsrep/t/variables.test ++++ b/mysql-test/suite/wsrep/t/variables.test +@@ -23,7 +23,7 @@ SET GLOBAL wsrep_replicate_myisam= ON; + + # Reset it back. + SET GLOBAL wsrep_replicate_myisam= OFF; +-SET GLOBAL wsrep_provider=none; ++#SET GLOBAL wsrep_provider=none; + + --echo # + --echo # MDEV#5790: SHOW GLOBAL STATUS LIKE does not show the correct list of +@@ -32,9 +32,6 @@ SET GLOBAL wsrep_provider=none; + + CALL mtr.add_suppression("WSREP: Could not open saved state file for reading.*"); + +---disable_query_log +-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER'; +---enable_query_log + + --replace_column 2 # + SHOW GLOBAL STATUS LIKE 'wsrep%'; +@@ -50,11 +47,9 @@ SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment'; + SHOW STATUS LIKE 'x'; + + # Reset it back. +-SET GLOBAL wsrep_provider=none; ++#SET GLOBAL wsrep_provider=none; + +---disable_query_log +-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER'; +---enable_query_log ++#evalp SET GLOBAL wsrep_provider= '$WSREP_PROVIDER'; + + # The following 2 variables are used by mariabackup + # SST. +@@ -66,7 +61,7 @@ SHOW STATUS LIKE 'wsrep_local_state_uuid'; + SHOW STATUS LIKE 'wsrep_last_committed'; + + # Reset it back. +-SET GLOBAL wsrep_provider=none; ++#SET GLOBAL wsrep_provider=none; + + --echo + --echo # +@@ -74,9 +69,7 @@ SET GLOBAL wsrep_provider=none; + --echo # + call mtr.add_suppression("WSREP: Failed to get provider options"); + +---disable_query_log +-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER'; +---enable_query_log ++#evalp SET GLOBAL wsrep_provider= '$WSREP_PROVIDER'; + + --replace_regex /.*libgalera_smm.*/libgalera_smm.so/ + SELECT @@global.wsrep_provider; +@@ -87,9 +80,7 @@ SHOW STATUS LIKE 'threads_connected'; + SHOW STATUS LIKE 'wsrep_thread_count'; + --echo + +---disable_query_log +-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER'; +---enable_query_log ++#evalp SET GLOBAL wsrep_provider= '$WSREP_PROVIDER'; + + --replace_regex /.*libgalera_smm.*/libgalera_smm.so/ + SELECT @@global.wsrep_provider; +@@ -101,7 +92,7 @@ SHOW STATUS LIKE 'wsrep_thread_count'; + + --echo # Setting wsrep_cluster_address triggers the creation of + --echo # applier/rollbacker threads. +-SET GLOBAL wsrep_cluster_address= 'gcomm://'; ++#SET GLOBAL wsrep_cluster_address= 'gcomm://'; + + --echo # Wait for applier thread to get created 1. + --let $wait_condition = SELECT VARIABLE_VALUE = 1 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_applier_thread_count'; +@@ -162,15 +153,6 @@ SET @@global.wsrep_sst_auth= NULL; + SELECT @@global.wsrep_sst_auth; + SET @@global.wsrep_sst_auth= @wsrep_sst_auth_saved; + +-# Reset (for mtr internal checks) +- +---disable_query_log +-SET GLOBAL wsrep_slave_threads= @wsrep_slave_threads_saved; +-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER'; +-SET GLOBAL wsrep_cluster_address= @wsrep_cluster_address_saved; +-SET GLOBAL wsrep_provider_options= @wsrep_provider_options_saved; +---enable_query_log +- + --source include/galera_wait_ready.inc + + --echo # End of test. +diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc +index 64040243df0..8c67a4d432a 100644 +--- a/sql/sys_vars.cc ++++ b/sql/sys_vars.cc +@@ -5669,8 +5669,8 @@ static Sys_var_tz Sys_time_zone( + + static Sys_var_charptr_fscs Sys_wsrep_provider( + "wsrep_provider", "Path to replication provider library", +- PREALLOCATED GLOBAL_VAR(wsrep_provider), CMD_LINE(REQUIRED_ARG), +- DEFAULT(WSREP_NONE), ++ PREALLOCATED READ_ONLY GLOBAL_VAR(wsrep_provider), CMD_LINE(REQUIRED_ARG), ++ DEFAULT(WSREP_NONE), + NO_MUTEX_GUARD, NOT_IN_BINLOG, + ON_CHECK(wsrep_provider_check), ON_UPDATE(wsrep_provider_update)); + +@@ -5886,8 +5886,8 @@ static Sys_var_ulong Sys_wsrep_max_ws_rows ( + + static Sys_var_charptr Sys_wsrep_notify_cmd( + "wsrep_notify_cmd", "", +- GLOBAL_VAR(wsrep_notify_cmd),CMD_LINE(REQUIRED_ARG), +- DEFAULT("")); ++ READ_ONLY GLOBAL_VAR(wsrep_notify_cmd), CMD_LINE(REQUIRED_ARG), ++ DEFAULT("")); + + static Sys_var_mybool Sys_wsrep_certify_nonPK( + "wsrep_certify_nonPK", "Certify tables with no primary key", +-- +2.31.0 + diff --git a/gnu/packages/patches/mediastreamer2-srtp2.patch b/gnu/packages/patches/mediastreamer2-srtp2.patch deleted file mode 100644 index f6d494facb..0000000000 --- a/gnu/packages/patches/mediastreamer2-srtp2.patch +++ /dev/null @@ -1,155 +0,0 @@ -From 97903498364ae2596e790cb2c2ce9ac76c04d64a Mon Sep 17 00:00:00 2001 -From: Danmei Chen <danmei.chen@belledonne-communications.com> -Date: Fri, 19 Jan 2018 10:04:07 +0100 -Subject: [PATCH] add compability with srtp2 - ---- - cmake/FindSRTP.cmake | 24 ++++++++++++++++++++---- - src/CMakeLists.txt | 1 + - src/crypto/ms_srtp.c | 10 ++-------- - src/utils/srtp_prefix.h | 41 +++++++++++++++++++++++++++++++++++++++++ - 4 files changed, 64 insertions(+), 12 deletions(-) - create mode 100644 src/utils/srtp_prefix.h - -diff --git a/cmake/FindSRTP.cmake b/cmake/FindSRTP.cmake -index 988b846a..f720ce7e 100644 ---- a/cmake/FindSRTP.cmake -+++ b/cmake/FindSRTP.cmake -@@ -31,20 +31,36 @@ set(_SRTP_ROOT_PATHS - ) - - find_path(SRTP_INCLUDE_DIRS -- NAMES srtp/srtp.h -+ NAMES srtp2/srtp.h - HINTS _SRTP_ROOT_PATHS - PATH_SUFFIXES include - ) - - if(SRTP_INCLUDE_DIRS) - set(HAVE_SRTP_SRTP_H 1) --endif() -- --find_library(SRTP_LIBRARIES -+ set(SRTP_VERSION 2) -+ find_library(SRTP_LIBRARIES -+ NAMES srtp2 -+ HINTS ${_SRTP_ROOT_PATHS} -+ PATH_SUFFIXES bin lib -+ ) -+else() -+ find_path(SRTP_INCLUDE_DIRS -+ NAMES srtp/srtp.h -+ HINTS _SRTP_ROOT_PATHS -+ PATH_SUFFIXES include -+ ) -+ if(SRTP_INCLUDE_DIRS) -+ set(HAVE_SRTP_SRTP_H 1) -+ set(SRTP_VERSION 1) -+ endif() -+ find_library(SRTP_LIBRARIES - NAMES srtp - HINTS ${_SRTP_ROOT_PATHS} - PATH_SUFFIXES bin lib - ) -+endif() -+ - - include(FindPackageHandleStandardArgs) - find_package_handle_standard_args(SRTP -diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt -index da429764..c46faa62 100644 ---- a/src/CMakeLists.txt -+++ b/src/CMakeLists.txt -@@ -183,6 +183,7 @@ set(VOIP_SOURCE_FILES_C - utils/pcap_sender.c - utils/pcap_sender.h - utils/stream_regulator.c -+ utils/srtp_prefix.h - voip/audioconference.c - voip/audiostream.c - voip/bandwidthcontroller.c -diff --git a/src/crypto/ms_srtp.c b/src/crypto/ms_srtp.c -index 5a510c99..67810316 100644 ---- a/src/crypto/ms_srtp.c -+++ b/src/crypto/ms_srtp.c -@@ -25,6 +25,7 @@ - #include "mediastreamer2/ms_srtp.h" - #include "mediastreamer2/mediastream.h" - -+ - #ifdef HAVE_SRTP - - /*srtp defines all this stuff*/ -@@ -34,13 +35,7 @@ - #undef PACKAGE_TARNAME - #undef PACKAGE_VERSION - --#if defined(MS2_WINDOWS_PHONE) --// Windows phone doesn't use make install --#include <srtp.h> --#else --#include <srtp/srtp.h> --#endif -- -+#include "srtp_prefix.h" - - #include "ortp/b64.h" - -@@ -352,7 +347,6 @@ int ms_srtp_init(void) - srtp_init_done++; - }else{ - ms_fatal("Couldn't initialize SRTP library: %d.", st); -- err_reporting_init("mediastreamer2"); - } - }else srtp_init_done++; - return (int)st; -diff --git a/src/utils/srtp_prefix.h b/src/utils/srtp_prefix.h -new file mode 100644 -index 00000000..68bde496 ---- /dev/null -+++ b/src/utils/srtp_prefix.h -@@ -0,0 +1,41 @@ -+/* -+ mediastreamer2 library - modular sound and video processing and streaming -+ Copyright (C) 2006-2014 Belledonne Communications, Grenoble -+ -+ This library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ This library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with this library; if not, write to the Free Software -+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -+*/ -+#ifndef __SRTP2_H__ -+#define __SRTP2_H__ -+ -+#if defined(MS2_WINDOWS_PHONE) -+// Windows phone doesn't use make install -+#include <srtp.h> -+#elif SRTP_VERSION==1 -+#include <srtp/srtp.h> -+#else -+#include <srtp2/srtp.h> -+#define err_status_t srtp_err_status_t -+#define err_status_ok srtp_err_status_ok -+#define crypto_policy_t srtp_crypto_policy_t -+#define crypto_policy_set_aes_cm_256_hmac_sha1_80 srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80 -+#define crypto_policy_set_aes_cm_128_hmac_sha1_32 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32 -+#define crypto_policy_set_aes_cm_128_null_auth srtp_crypto_policy_set_aes_cm_128_null_auth -+#define crypto_policy_set_null_cipher_hmac_sha1_80 srtp_crypto_policy_set_null_cipher_hmac_sha1_80 -+#define crypto_policy_set_aes_cm_128_hmac_sha1_80 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80 -+#define crypto_policy_set_aes_cm_256_hmac_sha1_32 srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32 -+#define ssrc_t srtp_ssrc_t -+#endif -+ -+#endif --- -2.21.0 - diff --git a/gnu/packages/patches/opendht-fix-jami.patch b/gnu/packages/patches/opendht-fix-jami.patch deleted file mode 100644 index 9718a84a41..0000000000 --- a/gnu/packages/patches/opendht-fix-jami.patch +++ /dev/null @@ -1,33 +0,0 @@ -From e2b39dd3a0742853e00f9c3e8c46c911da20bed7 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Adrien=20B=C3=A9raud?= <adrien.beraud@savoirfairelinux.com> -Date: Tue, 30 Jun 2020 10:42:49 -0400 -Subject: [PATCH 1/4] http/request: make terminate public - ---- - include/opendht/http.h | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/include/opendht/http.h b/include/opendht/http.h -index cc8d5f9..46b722c 100644 ---- a/include/opendht/http.h -+++ b/include/opendht/http.h -@@ -294,6 +294,7 @@ public: - * User action to cancel the Request and call the completion callbacks. - */ - void cancel(); -+ void terminate(const asio::error_code& ec); - - private: - using OnCompleteCb = std::function<void()>; -@@ -320,8 +321,6 @@ private: - - void connect(std::vector<asio::ip::tcp::endpoint>&& endpoints, HandlerCb cb = {}); - -- void terminate(const asio::error_code& ec); -- - void post(); - - void handle_request(const asio::error_code& ec); --- -2.27.0 - diff --git a/gnu/packages/patches/pidgin-vv-gst.patch b/gnu/packages/patches/pidgin-vv-gst.patch deleted file mode 100644 index e0553dd119..0000000000 --- a/gnu/packages/patches/pidgin-vv-gst.patch +++ /dev/null @@ -1,48 +0,0 @@ -Name: Gary Kramlich -Date: 2020-07-12 -Source: https://keep.imfreedom.org/pidgin/pidgin/rev/39ac50435cfb - -diff --git a/libpurple/mediamanager.c b/libpurple/mediamanager.c ---- a/libpurple/mediamanager.c -+++ b/libpurple/mediamanager.c -@@ -2231,6 +2231,7 @@ - purple_media_manager_unregister_gst_device(PurpleMediaManager *manager, - GstDevice *device) - { -+#ifdef USE_VV - GList *i; - gchar *name; - gchar *device_class; -@@ -2277,6 +2278,7 @@ - - g_free(name); - g_free(device_class); -+#endif /* USE_VV */ - } - - static gboolean -@@ -2304,7 +2306,7 @@ - static void - purple_media_manager_init_device_monitor(PurpleMediaManager *manager) - { --#if GST_CHECK_VERSION(1, 4, 0) -+#if GST_CHECK_VERSION(1, 4, 0) && defined(USE_VV) - GstBus *bus; - GList *i; - -@@ -2334,6 +2336,7 @@ - PurpleMediaElementType type) - { - GList *result = NULL; -+#ifdef USE_VV - GList *i; - - for (i = manager->priv->elements; i; i = i->next) { -@@ -2347,6 +2350,7 @@ - result = g_list_prepend(result, info); - } - } -+#endif /* USE_VV */ - - return result; - } diff --git a/gnu/packages/patches/pyqt-public-sip.patch b/gnu/packages/patches/pyqt-public-sip.patch deleted file mode 100644 index 44cdcb6371..0000000000 --- a/gnu/packages/patches/pyqt-public-sip.patch +++ /dev/null @@ -1,55 +0,0 @@ -https://sources.debian.org/data/main/p/pyqt5/5.11.3+dfsg-1/debian/patches/public_sip.diff - -From: Dmitry Shachnev <mitya57@debian.org> -Date: Tue, 3 Jul 2018 09:46:42 +0300 -Subject: Use the public version of sip module - -Per https://www.debian.org/doc/debian-policy/#convenience-copies-of-code. ---- - configure.py | 2 +- - designer/pluginloader.cpp | 2 +- - qmlscene/pluginloader.cpp | 4 ++-- - 3 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/configure.py b/configure.py -index 32d03a0..3c43a14 100644 ---- a/configure.py -+++ b/configure.py -@@ -2440,7 +2440,7 @@ def get_sip_flags(target_config): - the target configuration. - """ - -- sip_flags = ['-n', 'PyQt5.sip'] -+ sip_flags = ['-n', 'sip'] - - # If we don't check for signed interpreters, we exclude the 'VendorID' - # feature -diff --git a/designer/pluginloader.cpp b/designer/pluginloader.cpp -index f41d391..3ca8b11 100644 ---- a/designer/pluginloader.cpp -+++ b/designer/pluginloader.cpp -@@ -167,7 +167,7 @@ bool PyCustomWidgets::importPlugins(const QString &dir, const QStringList &plugi - // Make sure we have sip.unwrapinstance. - if (!sip_unwrapinstance) - { -- sip_unwrapinstance = getModuleAttr("PyQt5.sip", "unwrapinstance"); -+ sip_unwrapinstance = getModuleAttr("sip", "unwrapinstance"); - - if (!sip_unwrapinstance) - return true; -diff --git a/qmlscene/pluginloader.cpp b/qmlscene/pluginloader.cpp -index e14b946..140e80c 100644 ---- a/qmlscene/pluginloader.cpp -+++ b/qmlscene/pluginloader.cpp -@@ -412,9 +412,9 @@ PyObject *PyQt5QmlPlugin::getModuleAttr(const char *module, const char *attr) - void PyQt5QmlPlugin::getSipAPI() - { - #if defined(SIP_USE_PYCAPSULE) -- sip = (const sipAPIDef *)PyCapsule_Import("PyQt5.sip._C_API", 0); -+ sip = (const sipAPIDef *)PyCapsule_Import("sip._C_API", 0); - #else -- PyObject *c_api = getModuleAttr("PyQt5.sip", "_C_API"); -+ PyObject *c_api = getModuleAttr("sip", "_C_API"); - - if (c_api) - { diff --git a/gnu/packages/patches/qemu-build-info-manual.patch b/gnu/packages/patches/qemu-build-info-manual.patch index c837040d45..f2bee30ab0 100644 --- a/gnu/packages/patches/qemu-build-info-manual.patch +++ b/gnu/packages/patches/qemu-build-info-manual.patch @@ -90,7 +90,7 @@ index ebd85d59f9..1243839461 100644 + output: 'QEMU.info', + install: true, + install_dir: get_option('infodir'), -+ command: [makeinfo, '@INPUT0@', '--output=@OUTPUT@']) ++ command: [makeinfo, '--no-split', '@INPUT0@', '--output=@OUTPUT@']) + alias_target('texi', sphinxtexi) + alias_target('info', sphinxinfo) + endif diff --git a/gnu/packages/patches/qemu-glibc-2.30.patch b/gnu/packages/patches/qemu-glibc-2.30.patch new file mode 100644 index 0000000000..1b74dee4ac --- /dev/null +++ b/gnu/packages/patches/qemu-glibc-2.30.patch @@ -0,0 +1,57 @@ +This patch was taken from NixOS +https://raw.githubusercontent.com/Mindavi/nixpkgs/1a737743a829746e48f4869ac517ff29c23c9d09/pkgs/tools/security/afl/qemu-patches/syscall-glibc2_30.diff +It is based on an unmerged patch against american-fuzzy-lop and was +never merged upstream because the author was unable to sign Google's CLA. +Based on https://github.com/google/AFL/commit/6c917e3d63a2a0685d58c3518524f9615b001893.patch + +--- qemu-2.10.0-clean/linux-user/syscall.c 2020-03-12 18:47:47.898592169 +0100 ++++ qemu-2.10.0/linux-user/syscall.c 2020-03-13 09:13:42.461809699 +0100 +@@ -34,6 +34,7 @@ + #include <sys/resource.h> + #include <sys/swap.h> + #include <linux/capability.h> ++#include <linux/sockios.h> // https://lkml.org/lkml/2019/6/3/988 + #include <sched.h> + #include <sys/timex.h> + #ifdef __ia64__ +@@ -256,7 +257,9 @@ static type name (type1 arg1,type2 arg2, + #endif + + #ifdef __NR_gettid +-_syscall0(int, gettid) ++// taken from https://patchwork.kernel.org/patch/10862231/ ++#define __NR_sys_gettid __NR_gettid ++_syscall0(int, sys_gettid) + #else + /* This is a replacement for the host gettid() and must return a host + errno. */ +@@ -6219,7 +6222,7 @@ static void *clone_func(void *arg) + cpu = ENV_GET_CPU(env); + thread_cpu = cpu; + ts = (TaskState *)cpu->opaque; +- info->tid = gettid(); ++ info->tid = sys_gettid(); + task_settid(ts); + if (info->child_tidptr) + put_user_u32(info->tid, info->child_tidptr); +@@ -6363,9 +6366,9 @@ static int do_fork(CPUArchState *env, un + mapping. We can't repeat the spinlock hack used above because + the child process gets its own copy of the lock. */ + if (flags & CLONE_CHILD_SETTID) +- put_user_u32(gettid(), child_tidptr); ++ put_user_u32(sys_gettid(), child_tidptr); + if (flags & CLONE_PARENT_SETTID) +- put_user_u32(gettid(), parent_tidptr); ++ put_user_u32(sys_gettid(), parent_tidptr); + ts = (TaskState *)cpu->opaque; + if (flags & CLONE_SETTLS) + cpu_set_tls (env, newtls); +@@ -11402,7 +11405,7 @@ abi_long do_syscall(void *cpu_env, int n + break; + #endif + case TARGET_NR_gettid: +- ret = get_errno(gettid()); ++ ret = get_errno(sys_gettid()); + break; + #ifdef TARGET_NR_readahead + case TARGET_NR_readahead: diff --git a/gnu/packages/patches/racket-sh-via-rktio.patch b/gnu/packages/patches/racket-sh-via-rktio.patch new file mode 100644 index 0000000000..b4fefd1514 --- /dev/null +++ b/gnu/packages/patches/racket-sh-via-rktio.patch @@ -0,0 +1,87 @@ +From 3574b567c486d264d680a37586436c3b5a8cb978 Mon Sep 17 00:00:00 2001 +From: Philip McGrath <philip@philipmcgrath.com> +Date: Thu, 4 Mar 2021 04:11:50 -0500 +Subject: [PATCH] patch rktio_process for "/bin/sh" on Guix + +Racket provides the functions `system` and `process`, +which execute shell commands using `sh` (or `cmd` on Windows). +Racket assumes that `sh` can be found at "/bin/sh", +which is not necessarily true on Guix. + +This patch adds a special case for "/bin/sh" to `rktio_process`, +the C function that implements the core of `system`, `process`, +and related Racket functions. + +Guix should enable the special case by defining the C preprocessor +macro `GUIX_RKTIO_PATCH_BIN_SH` with the path to `sh` in the store. +If: + + 1. The `GUIX_RKTIO_PATCH_BIN_SH` macro is defined; and + + 2. `rktio_process` is called with the exact path "/bin/sh"; and + + 3. The path specified by `GUIX_RKTIO_PATCH_BIN_SH` does exists; + +then `rktio_process` will execute the file specified +by `GUIX_RKTIO_PATCH_BIN_SH` instead of "/bin/sh". + +Compared to previous attempts to patch the Racket sources, +making this change at the C level is both: + + - More comprehensive: it catches all attempts to execute "/bin/sh", + without having to track down the source of every occurance; and + + - Less intrusive: by guarding the special case with a C preprocessor + conditional and a runtime check that the file in the store exists, + we make it much less likely that it will "leak" out of Guix. +--- + src/rktio/rktio_process.c | 21 ++++++++++++++++++++- + 1 file changed, 20 insertions(+), 1 deletion(-) + +diff --git a/src/rktio/rktio_process.c b/src/rktio/rktio_process.c +index 89202436c0..465ebdd5c5 100644 +--- a/src/rktio/rktio_process.c ++++ b/src/rktio/rktio_process.c +@@ -1224,12 +1224,14 @@ int rktio_process_allowed_flags(rktio_t *rktio) + /*========================================================================*/ + + rktio_process_result_t *rktio_process(rktio_t *rktio, +- const char *command, int argc, rktio_const_string_t *argv, ++ /* PATCHED for Guix (next line) */ ++ const char *_guix_orig_command, int argc, rktio_const_string_t *argv, + rktio_fd_t *stdout_fd, rktio_fd_t *stdin_fd, rktio_fd_t *stderr_fd, + rktio_process_t *group_proc, + const char *current_directory, rktio_envvars_t *envvars, + int flags) + { ++ const char *command; /* PATCHED for Guix */ + rktio_process_result_t *result; + intptr_t to_subprocess[2], from_subprocess[2], err_subprocess[2]; + int pid; +@@ -1255,6 +1257,23 @@ rktio_process_result_t *rktio_process(rktio_t *rktio, + int i; + #endif + ++/* BEGIN PATCH for Guix */ ++#if defined(GUIX_RKTIO_PATCH_BIN_SH) ++# define GUIX_AS_a_STR_HELPER(x) #x ++# define GUIX_AS_a_STR(x) GUIX_AS_a_STR_HELPER(x) ++ /* A level of indirection makes `#` work as needed: */ ++ command = ++ ((0 == strcmp(_guix_orig_command, "/bin/sh")) ++ && rktio_file_exists(rktio, GUIX_AS_a_STR(GUIX_RKTIO_PATCH_BIN_SH))) ++ ? GUIX_AS_a_STR(GUIX_RKTIO_PATCH_BIN_SH) ++ : _guix_orig_command; ++# undef GUIX_AS_a_STR ++# undef GUIX_AS_a_STR_HELPER ++#else ++ command = _guix_orig_command; ++#endif ++/* END PATCH for Guix */ ++ + /* avoid compiler warnings: */ + to_subprocess[0] = -1; + to_subprocess[1] = -1; +-- +2.21.1 (Apple Git-122.3) + diff --git a/gnu/packages/patches/runc-CVE-2019-5736.patch b/gnu/packages/patches/runc-CVE-2019-5736.patch deleted file mode 100644 index f629fcbfb4..0000000000 --- a/gnu/packages/patches/runc-CVE-2019-5736.patch +++ /dev/null @@ -1,343 +0,0 @@ -Fix CVE-2019-5736: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736 -https://seclists.org/oss-sec/2019/q1/119 - -Patch copied from upstream source repository: - -https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b - -From 0a8e4117e7f715d5fbeef398405813ce8e88558b Mon Sep 17 00:00:00 2001 -From: Aleksa Sarai <asarai@suse.de> -Date: Wed, 9 Jan 2019 13:40:01 +1100 -Subject: [PATCH] nsenter: clone /proc/self/exe to avoid exposing host binary - to container - -There are quite a few circumstances where /proc/self/exe pointing to a -pretty important container binary is a _bad_ thing, so to avoid this we -have to make a copy (preferably doing self-clean-up and not being -writeable). - -We require memfd_create(2) -- though there is an O_TMPFILE fallback -- -but we can always extend this to use a scratch MNT_DETACH overlayfs or -tmpfs. The main downside to this approach is no page-cache sharing for -the runc binary (which overlayfs would give us) but this is far less -complicated. - -This is only done during nsenter so that it happens transparently to the -Go code, and any libcontainer users benefit from it. This also makes -ExtraFiles and --preserve-fds handling trivial (because we don't need to -worry about it). - -Fixes: CVE-2019-5736 -Co-developed-by: Christian Brauner <christian.brauner@ubuntu.com> -Signed-off-by: Aleksa Sarai <asarai@suse.de> ---- - libcontainer/nsenter/cloned_binary.c | 268 +++++++++++++++++++++++++++ - libcontainer/nsenter/nsexec.c | 11 ++ - 2 files changed, 279 insertions(+) - create mode 100644 libcontainer/nsenter/cloned_binary.c - -diff --git a/libcontainer/nsenter/cloned_binary.c b/libcontainer/nsenter/cloned_binary.c -new file mode 100644 -index 000000000..c8a42c23f ---- /dev/null -+++ b/libcontainer/nsenter/cloned_binary.c -@@ -0,0 +1,268 @@ -+/* -+ * Copyright (C) 2019 Aleksa Sarai <cyphar@cyphar.com> -+ * Copyright (C) 2019 SUSE LLC -+ * -+ * Licensed under the Apache License, Version 2.0 (the "License"); -+ * you may not use this file except in compliance with the License. -+ * You may obtain a copy of the License at -+ * -+ * http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * Unless required by applicable law or agreed to in writing, software -+ * distributed under the License is distributed on an "AS IS" BASIS, -+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+ * See the License for the specific language governing permissions and -+ * limitations under the License. -+ */ -+ -+#define _GNU_SOURCE -+#include <unistd.h> -+#include <stdio.h> -+#include <stdlib.h> -+#include <stdbool.h> -+#include <string.h> -+#include <limits.h> -+#include <fcntl.h> -+#include <errno.h> -+ -+#include <sys/types.h> -+#include <sys/stat.h> -+#include <sys/vfs.h> -+#include <sys/mman.h> -+#include <sys/sendfile.h> -+#include <sys/syscall.h> -+ -+/* Use our own wrapper for memfd_create. */ -+#if !defined(SYS_memfd_create) && defined(__NR_memfd_create) -+# define SYS_memfd_create __NR_memfd_create -+#endif -+#ifdef SYS_memfd_create -+# define HAVE_MEMFD_CREATE -+/* memfd_create(2) flags -- copied from <linux/memfd.h>. */ -+# ifndef MFD_CLOEXEC -+# define MFD_CLOEXEC 0x0001U -+# define MFD_ALLOW_SEALING 0x0002U -+# endif -+int memfd_create(const char *name, unsigned int flags) -+{ -+ return syscall(SYS_memfd_create, name, flags); -+} -+#endif -+ -+/* This comes directly from <linux/fcntl.h>. */ -+#ifndef F_LINUX_SPECIFIC_BASE -+# define F_LINUX_SPECIFIC_BASE 1024 -+#endif -+#ifndef F_ADD_SEALS -+# define F_ADD_SEALS (F_LINUX_SPECIFIC_BASE + 9) -+# define F_GET_SEALS (F_LINUX_SPECIFIC_BASE + 10) -+#endif -+#ifndef F_SEAL_SEAL -+# define F_SEAL_SEAL 0x0001 /* prevent further seals from being set */ -+# define F_SEAL_SHRINK 0x0002 /* prevent file from shrinking */ -+# define F_SEAL_GROW 0x0004 /* prevent file from growing */ -+# define F_SEAL_WRITE 0x0008 /* prevent writes */ -+#endif -+ -+#define RUNC_SENDFILE_MAX 0x7FFFF000 /* sendfile(2) is limited to 2GB. */ -+#ifdef HAVE_MEMFD_CREATE -+# define RUNC_MEMFD_COMMENT "runc_cloned:/proc/self/exe" -+# define RUNC_MEMFD_SEALS \ -+ (F_SEAL_SEAL | F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE) -+#endif -+ -+static void *must_realloc(void *ptr, size_t size) -+{ -+ void *old = ptr; -+ do { -+ ptr = realloc(old, size); -+ } while(!ptr); -+ return ptr; -+} -+ -+/* -+ * Verify whether we are currently in a self-cloned program (namely, is -+ * /proc/self/exe a memfd). F_GET_SEALS will only succeed for memfds (or rather -+ * for shmem files), and we want to be sure it's actually sealed. -+ */ -+static int is_self_cloned(void) -+{ -+ int fd, ret, is_cloned = 0; -+ -+ fd = open("/proc/self/exe", O_RDONLY|O_CLOEXEC); -+ if (fd < 0) -+ return -ENOTRECOVERABLE; -+ -+#ifdef HAVE_MEMFD_CREATE -+ ret = fcntl(fd, F_GET_SEALS); -+ is_cloned = (ret == RUNC_MEMFD_SEALS); -+#else -+ struct stat statbuf = {0}; -+ ret = fstat(fd, &statbuf); -+ if (ret >= 0) -+ is_cloned = (statbuf.st_nlink == 0); -+#endif -+ close(fd); -+ return is_cloned; -+} -+ -+/* -+ * Basic wrapper around mmap(2) that gives you the file length so you can -+ * safely treat it as an ordinary buffer. Only gives you read access. -+ */ -+static char *read_file(char *path, size_t *length) -+{ -+ int fd; -+ char buf[4096], *copy = NULL; -+ -+ if (!length) -+ return NULL; -+ -+ fd = open(path, O_RDONLY | O_CLOEXEC); -+ if (fd < 0) -+ return NULL; -+ -+ *length = 0; -+ for (;;) { -+ int n; -+ -+ n = read(fd, buf, sizeof(buf)); -+ if (n < 0) -+ goto error; -+ if (!n) -+ break; -+ -+ copy = must_realloc(copy, (*length + n) * sizeof(*copy)); -+ memcpy(copy + *length, buf, n); -+ *length += n; -+ } -+ close(fd); -+ return copy; -+ -+error: -+ close(fd); -+ free(copy); -+ return NULL; -+} -+ -+/* -+ * A poor-man's version of "xargs -0". Basically parses a given block of -+ * NUL-delimited data, within the given length and adds a pointer to each entry -+ * to the array of pointers. -+ */ -+static int parse_xargs(char *data, int data_length, char ***output) -+{ -+ int num = 0; -+ char *cur = data; -+ -+ if (!data || *output != NULL) -+ return -1; -+ -+ while (cur < data + data_length) { -+ num++; -+ *output = must_realloc(*output, (num + 1) * sizeof(**output)); -+ (*output)[num - 1] = cur; -+ cur += strlen(cur) + 1; -+ } -+ (*output)[num] = NULL; -+ return num; -+} -+ -+/* -+ * "Parse" out argv and envp from /proc/self/cmdline and /proc/self/environ. -+ * This is necessary because we are running in a context where we don't have a -+ * main() that we can just get the arguments from. -+ */ -+static int fetchve(char ***argv, char ***envp) -+{ -+ char *cmdline = NULL, *environ = NULL; -+ size_t cmdline_size, environ_size; -+ -+ cmdline = read_file("/proc/self/cmdline", &cmdline_size); -+ if (!cmdline) -+ goto error; -+ environ = read_file("/proc/self/environ", &environ_size); -+ if (!environ) -+ goto error; -+ -+ if (parse_xargs(cmdline, cmdline_size, argv) <= 0) -+ goto error; -+ if (parse_xargs(environ, environ_size, envp) <= 0) -+ goto error; -+ -+ return 0; -+ -+error: -+ free(environ); -+ free(cmdline); -+ return -EINVAL; -+} -+ -+static int clone_binary(void) -+{ -+ int binfd, memfd; -+ ssize_t sent = 0; -+ -+#ifdef HAVE_MEMFD_CREATE -+ memfd = memfd_create(RUNC_MEMFD_COMMENT, MFD_CLOEXEC | MFD_ALLOW_SEALING); -+#else -+ memfd = open("/tmp", O_TMPFILE | O_EXCL | O_RDWR | O_CLOEXEC, 0711); -+#endif -+ if (memfd < 0) -+ return -ENOTRECOVERABLE; -+ -+ binfd = open("/proc/self/exe", O_RDONLY | O_CLOEXEC); -+ if (binfd < 0) -+ goto error; -+ -+ sent = sendfile(memfd, binfd, NULL, RUNC_SENDFILE_MAX); -+ close(binfd); -+ if (sent < 0) -+ goto error; -+ -+#ifdef HAVE_MEMFD_CREATE -+ int err = fcntl(memfd, F_ADD_SEALS, RUNC_MEMFD_SEALS); -+ if (err < 0) -+ goto error; -+#else -+ /* Need to re-open "memfd" as read-only to avoid execve(2) giving -EXTBUSY. */ -+ int newfd; -+ char *fdpath = NULL; -+ -+ if (asprintf(&fdpath, "/proc/self/fd/%d", memfd) < 0) -+ goto error; -+ newfd = open(fdpath, O_RDONLY | O_CLOEXEC); -+ free(fdpath); -+ if (newfd < 0) -+ goto error; -+ -+ close(memfd); -+ memfd = newfd; -+#endif -+ return memfd; -+ -+error: -+ close(memfd); -+ return -EIO; -+} -+ -+int ensure_cloned_binary(void) -+{ -+ int execfd; -+ char **argv = NULL, **envp = NULL; -+ -+ /* Check that we're not self-cloned, and if we are then bail. */ -+ int cloned = is_self_cloned(); -+ if (cloned > 0 || cloned == -ENOTRECOVERABLE) -+ return cloned; -+ -+ if (fetchve(&argv, &envp) < 0) -+ return -EINVAL; -+ -+ execfd = clone_binary(); -+ if (execfd < 0) -+ return -EIO; -+ -+ fexecve(execfd, argv, envp); -+ return -ENOEXEC; -+} -diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c -index 28269dfc0..7750af35e 100644 ---- a/libcontainer/nsenter/nsexec.c -+++ b/libcontainer/nsenter/nsexec.c -@@ -534,6 +534,9 @@ void join_namespaces(char *nslist) - free(namespaces); - } - -+/* Defined in cloned_binary.c. */ -+extern int ensure_cloned_binary(void); -+ - void nsexec(void) - { - int pipenum; -@@ -549,6 +552,14 @@ void nsexec(void) - if (pipenum == -1) - return; - -+ /* -+ * We need to re-exec if we are not in a cloned binary. This is necessary -+ * to ensure that containers won't be able to access the host binary -+ * through /proc/self/exe. See CVE-2019-5736. -+ */ -+ if (ensure_cloned_binary() < 0) -+ bail("could not ensure we are a cloned binary"); -+ - /* Parse all of the netlink configuration. */ - nl_parse(pipenum, &config); - diff --git a/gnu/packages/patches/upx-CVE-2021-20285.patch b/gnu/packages/patches/upx-CVE-2021-20285.patch new file mode 100644 index 0000000000..1d47b2a8bb --- /dev/null +++ b/gnu/packages/patches/upx-CVE-2021-20285.patch @@ -0,0 +1,76 @@ +From 3781df9da23840e596d5e9e8493f22666802fe6c Mon Sep 17 00:00:00 2001 +From: John Reiser <jreiser@BitWagon.com> +Date: Fri, 11 Dec 2020 13:38:18 -0800 +Subject: [PATCH] Check DT_REL/DT_RELA, DT_RELSZ/DT_RELASZ + +https://github.com/upx/upx/issues/421 + modified: p_lx_elf.cpp +--- + src/p_lx_elf.cpp | 34 +++++++++++++++++++++++++++++----- + 1 file changed, 29 insertions(+), 5 deletions(-) + +diff --git a/src/p_lx_elf.cpp b/src/p_lx_elf.cpp +index 182db192..3a4101cf 100644 +--- a/src/p_lx_elf.cpp ++++ b/src/p_lx_elf.cpp +@@ -2222,8 +2222,20 @@ bool PackLinuxElf32::canPack() + int z_rsz = dt_table[Elf32_Dyn::DT_RELSZ]; + if (z_rel && z_rsz) { + unsigned rel_off = get_te32(&dynseg[-1+ z_rel].d_val); ++ if ((unsigned)file_size <= rel_off) { ++ char msg[70]; snprintf(msg, sizeof(msg), ++ "bad Elf32_Dynamic[DT_REL] %#x\n", ++ rel_off); ++ throwCantPack(msg); ++ } + Elf32_Rel *rp = (Elf32_Rel *)&file_image[rel_off]; + unsigned relsz = get_te32(&dynseg[-1+ z_rsz].d_val); ++ if ((unsigned)file_size <= relsz) { ++ char msg[70]; snprintf(msg, sizeof(msg), ++ "bad Elf32_Dynamic[DT_RELSZ] %#x\n", ++ relsz); ++ throwCantPack(msg); ++ } + Elf32_Rel *last = (Elf32_Rel *)(relsz + (char *)rp); + for (; rp < last; ++rp) { + unsigned r_va = get_te32(&rp->r_offset); +@@ -2562,14 +2574,26 @@ PackLinuxElf64::canPack() + int z_rel = dt_table[Elf64_Dyn::DT_RELA]; + int z_rsz = dt_table[Elf64_Dyn::DT_RELASZ]; + if (z_rel && z_rsz) { +- unsigned rel_off = get_te64(&dynseg[-1+ z_rel].d_val); ++ upx_uint64_t rel_off = get_te64(&dynseg[-1+ z_rel].d_val); ++ if ((u64_t)file_size <= rel_off) { ++ char msg[70]; snprintf(msg, sizeof(msg), ++ "bad Elf64_Dynamic[DT_RELA] %#llx\n", ++ rel_off); ++ throwCantPack(msg); ++ } + Elf64_Rela *rp = (Elf64_Rela *)&file_image[rel_off]; +- unsigned relsz = get_te64(&dynseg[-1+ z_rsz].d_val); ++ upx_uint64_t relsz = get_te64(&dynseg[-1+ z_rsz].d_val); ++ if ((u64_t)file_size <= relsz) { ++ char msg[70]; snprintf(msg, sizeof(msg), ++ "bad Elf64_Dynamic[DT_RELASZ] %#llx\n", ++ relsz); ++ throwCantPack(msg); ++ } + Elf64_Rela *last = (Elf64_Rela *)(relsz + (char *)rp); + for (; rp < last; ++rp) { +- unsigned r_va = get_te64(&rp->r_offset); ++ upx_uint64_t r_va = get_te64(&rp->r_offset); + if (r_va == user_init_ava) { // found the Elf64_Rela +- unsigned r_info = get_te64(&rp->r_info); ++ upx_uint64_t r_info = get_te64(&rp->r_info); + unsigned r_type = ELF64_R_TYPE(r_info); + if (Elf64_Ehdr::EM_AARCH64 == e_machine + && R_AARCH64_RELATIVE == r_type) { +@@ -2581,7 +2605,7 @@ PackLinuxElf64::canPack() + } + else { + char msg[50]; snprintf(msg, sizeof(msg), +- "bad relocation %#x DT_INIT_ARRAY[0]", ++ "bad relocation %#llx DT_INIT_ARRAY[0]", + r_info); + throwCantPack(msg); + } diff --git a/gnu/packages/patches/vtk-fix-freetypetools-build-failure.patch b/gnu/packages/patches/vtk-fix-freetypetools-build-failure.patch index 6988e65872..23f651b5eb 100644 --- a/gnu/packages/patches/vtk-fix-freetypetools-build-failure.patch +++ b/gnu/packages/patches/vtk-fix-freetypetools-build-failure.patch @@ -17,20 +17,16 @@ diff --git a/Rendering/FreeType/vtkFreeTypeTools.cxx b/Rendering/FreeType/vtkFre index c54289dc60..03b899c4da 100644 --- a/Rendering/FreeType/vtkFreeTypeTools.cxx +++ b/Rendering/FreeType/vtkFreeTypeTools.cxx -@@ -387,11 +387,8 @@ FTC_CMapCache* vtkFreeTypeTools::GetCMapCache() +@@ -378,8 +378,7 @@ FTC_CMapCache* vtkFreeTypeTools::GetCMapCache() } - + //---------------------------------------------------------------------------- -FT_CALLBACK_DEF(FT_Error) --vtkFreeTypeToolsFaceRequester(FTC_FaceID face_id, -- FT_Library lib, -- FT_Pointer request_data, -- FT_Face* face) +-vtkFreeTypeToolsFaceRequester( +static FT_Error vtkFreeTypeToolsFaceRequester( -+ FTC_FaceID face_id, FT_Library lib, FT_Pointer request_data, FT_Face* face) + FTC_FaceID face_id, FT_Library lib, FT_Pointer request_data, FT_Face* face) { #if VTK_FTFC_DEBUG_CD - printf("vtkFreeTypeToolsFaceRequester()\n"); --- +-- 2.30.1 diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2021-30004.patch b/gnu/packages/patches/wpa-supplicant-CVE-2021-30004.patch new file mode 100644 index 0000000000..8c8ba93355 --- /dev/null +++ b/gnu/packages/patches/wpa-supplicant-CVE-2021-30004.patch @@ -0,0 +1,115 @@ +From a0541334a6394f8237a4393b7372693cd7e96f15 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Sat, 13 Mar 2021 18:19:31 +0200 +Subject: ASN.1: Validate DigestAlgorithmIdentifier parameters + +The supported hash algorithms do not use AlgorithmIdentifier parameters. +However, there are implementations that include NULL parameters in +addition to ones that omit the parameters. Previous implementation did +not check the parameters value at all which supported both these cases, +but did not reject any other unexpected information. + +Use strict validation of digest algorithm parameters and reject any +unexpected value when validating a signature. This is needed to prevent +potential forging attacks. + +Signed-off-by: Jouni Malinen <j@w1.fi> +--- + src/tls/pkcs1.c | 21 +++++++++++++++++++++ + src/tls/x509v3.c | 20 ++++++++++++++++++++ + 2 files changed, 41 insertions(+) + +diff --git a/src/tls/pkcs1.c b/src/tls/pkcs1.c +index bbdb0d7..5761dfe 100644 +--- a/src/tls/pkcs1.c ++++ b/src/tls/pkcs1.c +@@ -244,6 +244,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk, + os_free(decrypted); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestInfo", ++ hdr.payload, hdr.length); + + pos = hdr.payload; + end = pos + hdr.length; +@@ -265,6 +267,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk, + os_free(decrypted); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestAlgorithmIdentifier", ++ hdr.payload, hdr.length); + da_end = hdr.payload + hdr.length; + + if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) { +@@ -273,6 +277,23 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk, + os_free(decrypted); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: Digest algorithm parameters", ++ next, da_end - next); ++ ++ /* ++ * RFC 5754: The correct encoding for the SHA2 algorithms would be to ++ * omit the parameters, but there are implementation that encode these ++ * as a NULL element. Allow these two cases and reject anything else. ++ */ ++ if (da_end > next && ++ (asn1_get_next(next, da_end - next, &hdr) < 0 || ++ !asn1_is_null(&hdr) || ++ hdr.payload + hdr.length != da_end)) { ++ wpa_printf(MSG_DEBUG, ++ "PKCS #1: Unexpected digest algorithm parameters"); ++ os_free(decrypted); ++ return -1; ++ } + + if (!asn1_oid_equal(&oid, hash_alg)) { + char txt[100], txt2[100]; +diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c +index a8944dd..df337ec 100644 +--- a/src/tls/x509v3.c ++++ b/src/tls/x509v3.c +@@ -1964,6 +1964,7 @@ int x509_check_signature(struct x509_certificate *issuer, + os_free(data); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "X509: DigestInfo", hdr.payload, hdr.length); + + pos = hdr.payload; + end = pos + hdr.length; +@@ -1985,6 +1986,8 @@ int x509_check_signature(struct x509_certificate *issuer, + os_free(data); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "X509: DigestAlgorithmIdentifier", ++ hdr.payload, hdr.length); + da_end = hdr.payload + hdr.length; + + if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) { +@@ -1992,6 +1995,23 @@ int x509_check_signature(struct x509_certificate *issuer, + os_free(data); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "X509: Digest algorithm parameters", ++ next, da_end - next); ++ ++ /* ++ * RFC 5754: The correct encoding for the SHA2 algorithms would be to ++ * omit the parameters, but there are implementation that encode these ++ * as a NULL element. Allow these two cases and reject anything else. ++ */ ++ if (da_end > next && ++ (asn1_get_next(next, da_end - next, &hdr) < 0 || ++ !asn1_is_null(&hdr) || ++ hdr.payload + hdr.length != da_end)) { ++ wpa_printf(MSG_DEBUG, ++ "X509: Unexpected digest algorithm parameters"); ++ os_free(data); ++ return -1; ++ } + + if (x509_sha1_oid(&oid)) { + if (signature->oid.oid[6] != 5 /* sha-1WithRSAEncryption */) { +-- +cgit v0.12 + |