aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2018-08-16 20:56:38 +0200
committerMarius Bakke <mbakke@fastmail.com>2018-08-16 20:56:38 +0200
commitdf570bf271536399993b39e7ea2ea0452bb6cde4 (patch)
tree32cde458f90c599691831fc33cfbd4efcca9e9eb /gnu/packages/patches
parent37d203985e2817b0962129384e8b993a1bb92de9 (diff)
parent5f9a9945b5747e5ec284f8b116b2e8cc1b9064d7 (diff)
downloadgnu-guix-df570bf271536399993b39e7ea2ea0452bb6cde4.tar
gnu-guix-df570bf271536399993b39e7ea2ea0452bb6cde4.tar.gz
Merge branch 'master' into staging
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/aegisub-icu59-include-unistr.patch12
-rw-r--r--gnu/packages/patches/clementine-fix-sqlite.patch23
-rw-r--r--gnu/packages/patches/gdm-CVE-2018-14424.patch172
-rw-r--r--gnu/packages/patches/openssl-1.1.0-CVE-2018-0495.patch152
-rw-r--r--gnu/packages/patches/openssl-1.1.0-CVE-2018-0732.patch50
-rw-r--r--gnu/packages/patches/qemu-CVE-2018-11806.patch105
-rw-r--r--gnu/packages/patches/racket-store-checksum-override.patch42
-rw-r--r--gnu/packages/patches/translate-shell-fix-curl-tests.patch60
8 files changed, 249 insertions, 367 deletions
diff --git a/gnu/packages/patches/aegisub-icu59-include-unistr.patch b/gnu/packages/patches/aegisub-icu59-include-unistr.patch
new file mode 100644
index 0000000000..78414741be
--- /dev/null
+++ b/gnu/packages/patches/aegisub-icu59-include-unistr.patch
@@ -0,0 +1,12 @@
+This patch adds an include needed since icu59:
+Source: https://git.archlinux.org/svntogit/community.git/plain/trunk/icu59.patch?h=packages/aegisub
+--- aegisub-3.2.2/src/utils.cpp 2014-12-08 02:07:09.000000000 +0200
++++ aegisub-3.2.2/src/utils.cpp 2017-04-26 11:11:15.438239182 +0300
+@@ -44,6 +44,7 @@
+ #include <boost/filesystem/path.hpp>
+ #include <map>
+ #include <unicode/locid.h>
++#include <unicode/unistr.h>
+ #include <wx/clipbrd.h>
+ #include <wx/filedlg.h>
+ #include <wx/stdpaths.h>
diff --git a/gnu/packages/patches/clementine-fix-sqlite.patch b/gnu/packages/patches/clementine-fix-sqlite.patch
new file mode 100644
index 0000000000..f9d44f9074
--- /dev/null
+++ b/gnu/packages/patches/clementine-fix-sqlite.patch
@@ -0,0 +1,23 @@
+Patch downloaded from https://github.com/clementine-player/Clementine/pull/5669 .
+
+diff -ruN clementine-1.3.1.565.gd20c2244a.orig/src/core/database.cpp clementine-1.3.1.565.gd20c2244a/src/core/database.cpp
+--- clementine-1.3.1.565.gd20c2244a.orig/src/core/database.cpp 2018-07-07 23:59:24.018540126 +0200
++++ clementine-1.3.1.565.gd20c2244a/src/core/database.cpp 2018-07-08 00:04:47.991551728 +0200
+@@ -265,6 +265,17 @@
+ StaticInit();
+
+ {
++
++#ifdef SQLITE_DBCONFIG_ENABLE_FTS3_TOKENIZER
++ // In case sqlite>=3.12 is compiled without -DSQLITE_ENABLE_FTS3_TOKENIZER
++ // (generally a good idea due to security reasons) the fts3 support should be enabled explicitly.
++ QVariant v = db.driver()->handle();
++ if (v.isValid() && qstrcmp(v.typeName(), "sqlite3*") == 0) {
++ sqlite3 *handle = *static_cast<sqlite3**>(v.data());
++ if (handle) sqlite3_db_config(handle, SQLITE_DBCONFIG_ENABLE_FTS3_TOKENIZER, 1, NULL);
++ }
++#endif
++
+ QSqlQuery set_fts_tokenizer(db);
+ set_fts_tokenizer.prepare("SELECT fts3_tokenizer(:name, :pointer)");
+ set_fts_tokenizer.bindValue(":name", "unicode");
diff --git a/gnu/packages/patches/gdm-CVE-2018-14424.patch b/gnu/packages/patches/gdm-CVE-2018-14424.patch
new file mode 100644
index 0000000000..88a71f4151
--- /dev/null
+++ b/gnu/packages/patches/gdm-CVE-2018-14424.patch
@@ -0,0 +1,172 @@
+Fix CVE-2018-14424:
+
+https://gitlab.gnome.org/GNOME/gdm/issues/401
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14424
+
+Patch copied from upstream source repository:
+
+https://gitlab.gnome.org/GNOME/gdm/commit/1ac1697b3b019f50729a6e992065959586e170da
+
+From 1ac1697b3b019f50729a6e992065959586e170da Mon Sep 17 00:00:00 2001
+From: Chris Coulson <chris.coulson@canonical.com>
+Date: Thu, 19 Jul 2018 18:26:05 +0100
+Subject: [PATCH] display-store: Pass the display object rather than the id in
+ the removed signal
+
+By the time GdmDisplayStore emits the "display-removed" signal, the display
+is no longer in the store and gdm_display_store_lookup will not work in
+signal handlers.
+
+Change the "display-removed" parameter from the display id to the GdmDisplay
+object, so that signal handers can perform any cleanup they need to do
+
+CVE-2018-14424
+
+Closes: https://gitlab.gnome.org/GNOME/gdm/issues/401
+---
+ daemon/gdm-display-store.c | 11 +++--------
+ daemon/gdm-display-store.h | 2 +-
+ daemon/gdm-local-display-factory.c | 13 +++----------
+ daemon/gdm-manager.c | 19 +++++++++----------
+ daemon/gdm-manager.h | 3 ++-
+ 5 files changed, 18 insertions(+), 30 deletions(-)
+
+diff --git a/daemon/gdm-display-store.c b/daemon/gdm-display-store.c
+index af76f519..fd24334e 100644
+--- a/daemon/gdm-display-store.c
++++ b/daemon/gdm-display-store.c
+@@ -76,15 +76,10 @@ stored_display_new (GdmDisplayStore *store,
+ static void
+ stored_display_free (StoredDisplay *stored_display)
+ {
+- char *id;
+-
+- gdm_display_get_id (stored_display->display, &id, NULL);
+-
+ g_signal_emit (G_OBJECT (stored_display->store),
+ signals[DISPLAY_REMOVED],
+ 0,
+- id);
+- g_free (id);
++ stored_display->display);
+
+ g_debug ("GdmDisplayStore: Unreffing display: %p",
+ stored_display->display);
+@@ -281,9 +276,9 @@ gdm_display_store_class_init (GdmDisplayStoreClass *klass)
+ G_STRUCT_OFFSET (GdmDisplayStoreClass, display_removed),
+ NULL,
+ NULL,
+- g_cclosure_marshal_VOID__STRING,
++ g_cclosure_marshal_VOID__OBJECT,
+ G_TYPE_NONE,
+- 1, G_TYPE_STRING);
++ 1, G_TYPE_OBJECT);
+
+ g_type_class_add_private (klass, sizeof (GdmDisplayStorePrivate));
+ }
+diff --git a/daemon/gdm-display-store.h b/daemon/gdm-display-store.h
+index 28359933..0aff8ee2 100644
+--- a/daemon/gdm-display-store.h
++++ b/daemon/gdm-display-store.h
+@@ -49,7 +49,7 @@ typedef struct
+ void (* display_added) (GdmDisplayStore *display_store,
+ const char *id);
+ void (* display_removed) (GdmDisplayStore *display_store,
+- const char *id);
++ GdmDisplay *display);
+ } GdmDisplayStoreClass;
+
+ typedef enum
+diff --git a/daemon/gdm-local-display-factory.c b/daemon/gdm-local-display-factory.c
+index 5f1ae89e..39f3e30a 100644
+--- a/daemon/gdm-local-display-factory.c
++++ b/daemon/gdm-local-display-factory.c
+@@ -805,18 +805,11 @@ on_display_added (GdmDisplayStore *display_store,
+
+ static void
+ on_display_removed (GdmDisplayStore *display_store,
+- const char *id,
++ GdmDisplay *display,
+ GdmLocalDisplayFactory *factory)
+ {
+- GdmDisplay *display;
+-
+- display = gdm_display_store_lookup (display_store, id);
+-
+- if (display != NULL) {
+- g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), factory);
+- g_object_weak_unref (G_OBJECT (display), (GWeakNotify)on_display_disposed, factory);
+-
+- }
++ g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), factory);
++ g_object_weak_unref (G_OBJECT (display), (GWeakNotify)on_display_disposed, factory);
+ }
+
+ static gboolean
+diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c
+index f17bd1a5..f6684a8b 100644
+--- a/daemon/gdm-manager.c
++++ b/daemon/gdm-manager.c
+@@ -1541,19 +1541,18 @@ on_display_status_changed (GdmDisplay *display,
+
+ static void
+ on_display_removed (GdmDisplayStore *display_store,
+- const char *id,
++ GdmDisplay *display,
+ GdmManager *manager)
+ {
+- GdmDisplay *display;
++ char *id;
+
+- display = gdm_display_store_lookup (display_store, id);
+- if (display != NULL) {
+- g_dbus_object_manager_server_unexport (manager->priv->object_manager, id);
++ gdm_display_get_id (display, &id, NULL);
++ g_dbus_object_manager_server_unexport (manager->priv->object_manager, id);
++ g_free (id);
+
+- g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), manager);
++ g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), manager);
+
+- g_signal_emit (manager, signals[DISPLAY_REMOVED], 0, id);
+- }
++ g_signal_emit (manager, signals[DISPLAY_REMOVED], 0, display);
+ }
+
+ static void
+@@ -2535,9 +2534,9 @@ gdm_manager_class_init (GdmManagerClass *klass)
+ G_STRUCT_OFFSET (GdmManagerClass, display_removed),
+ NULL,
+ NULL,
+- g_cclosure_marshal_VOID__STRING,
++ g_cclosure_marshal_VOID__OBJECT,
+ G_TYPE_NONE,
+- 1, G_TYPE_STRING);
++ 1, G_TYPE_OBJECT);
+
+ g_object_class_install_property (object_class,
+ PROP_XDMCP_ENABLED,
+diff --git a/daemon/gdm-manager.h b/daemon/gdm-manager.h
+index 41c68a7a..c8fb3f22 100644
+--- a/daemon/gdm-manager.h
++++ b/daemon/gdm-manager.h
+@@ -24,6 +24,7 @@
+
+ #include <glib-object.h>
+
++#include "gdm-display.h"
+ #include "gdm-manager-glue.h"
+
+ G_BEGIN_DECLS
+@@ -50,7 +51,7 @@ typedef struct
+ void (* display_added) (GdmManager *manager,
+ const char *id);
+ void (* display_removed) (GdmManager *manager,
+- const char *id);
++ GdmDisplay *display);
+ } GdmManagerClass;
+
+ typedef enum
+--
+2.17.1
+
diff --git a/gnu/packages/patches/openssl-1.1.0-CVE-2018-0495.patch b/gnu/packages/patches/openssl-1.1.0-CVE-2018-0495.patch
deleted file mode 100644
index 15dedbcbd0..0000000000
--- a/gnu/packages/patches/openssl-1.1.0-CVE-2018-0495.patch
+++ /dev/null
@@ -1,152 +0,0 @@
-Fix CVE-2018-0495:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495
-https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/
-
-Patch copied from upstream source repository:
-
-https://github.com/openssl/openssl/commit/0c27d793745c7837b13646302b6890a556b7017a
-
-From 0c27d793745c7837b13646302b6890a556b7017a Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Fri, 25 May 2018 12:10:13 +0100
-Subject: [PATCH] Add blinding to an ECDSA signature
-
-Keegan Ryan (NCC Group) has demonstrated a side channel attack on an
-ECDSA signature operation. During signing the signer calculates:
-
-s:= k^-1 * (m + r * priv_key) mod order
-
-The addition operation above provides a sufficient signal for a
-flush+reload attack to derive the private key given sufficient signature
-operations.
-
-As a mitigation (based on a suggestion from Keegan) we add blinding to
-the operation so that:
-
-s := k^-1 * blind^-1 (blind * m + blind * r * priv_key) mod order
-
-Since this attack is a localhost side channel only no CVE is assigned.
-
-Reviewed-by: Rich Salz <rsalz@openssl.org>
----
- CHANGES | 4 +++
- crypto/ec/ecdsa_ossl.c | 70 +++++++++++++++++++++++++++++++++++++-----
- 2 files changed, 67 insertions(+), 7 deletions(-)
-
-diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c
-index 72e2f0f28b..449be0e92a 100644
---- a/crypto/ec/ecdsa_ossl.c
-+++ b/crypto/ec/ecdsa_ossl.c
-@@ -210,7 +210,8 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
- EC_KEY *eckey)
- {
- int ok = 0, i;
-- BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL;
-+ BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL, *blind = NULL;
-+ BIGNUM *blindm = NULL;
- const BIGNUM *order, *ckinv;
- BN_CTX *ctx = NULL;
- const EC_GROUP *group;
-@@ -243,8 +244,18 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
- }
- s = ret->s;
-
-- if ((ctx = BN_CTX_new()) == NULL ||
-- (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) {
-+ ctx = BN_CTX_secure_new();
-+ if (ctx == NULL) {
-+ ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
-+ goto err;
-+ }
-+
-+ BN_CTX_start(ctx);
-+ tmp = BN_CTX_get(ctx);
-+ m = BN_CTX_get(ctx);
-+ blind = BN_CTX_get(ctx);
-+ blindm = BN_CTX_get(ctx);
-+ if (blindm == NULL) {
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-@@ -284,18 +295,64 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
- }
- }
-
-- if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) {
-+ /*
-+ * The normal signature calculation is:
-+ *
-+ * s := k^-1 * (m + r * priv_key) mod order
-+ *
-+ * We will blind this to protect against side channel attacks
-+ *
-+ * s := k^-1 * blind^-1 * (blind * m + blind * r * priv_key) mod order
-+ */
-+
-+ /* Generate a blinding value */
-+ do {
-+ if (!BN_rand(blind, BN_num_bits(order) - 1, BN_RAND_TOP_ANY,
-+ BN_RAND_BOTTOM_ANY))
-+ goto err;
-+ } while (BN_is_zero(blind));
-+ BN_set_flags(blind, BN_FLG_CONSTTIME);
-+ BN_set_flags(blindm, BN_FLG_CONSTTIME);
-+ BN_set_flags(tmp, BN_FLG_CONSTTIME);
-+
-+ /* tmp := blind * priv_key * r mod order */
-+ if (!BN_mod_mul(tmp, blind, priv_key, order, ctx)) {
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
- goto err;
- }
-- if (!BN_mod_add_quick(s, tmp, m, order)) {
-+ if (!BN_mod_mul(tmp, tmp, ret->r, order, ctx)) {
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
- goto err;
- }
-+
-+ /* blindm := blind * m mod order */
-+ if (!BN_mod_mul(blindm, blind, m, order, ctx)) {
-+ ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* s : = (blind * priv_key * r) + (blind * m) mod order */
-+ if (!BN_mod_add_quick(s, tmp, blindm, order)) {
-+ ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* s:= s * blind^-1 mod order */
-+ if (BN_mod_inverse(blind, blind, order, ctx) == NULL) {
-+ ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+ if (!BN_mod_mul(s, s, blind, order, ctx)) {
-+ ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
-+ goto err;
-+ }
-+
-+ /* s := s * k^-1 mod order */
- if (!BN_mod_mul(s, s, ckinv, order, ctx)) {
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
- goto err;
- }
-+
- if (BN_is_zero(s)) {
- /*
- * if kinv and r have been supplied by the caller don't to
-@@ -317,9 +374,8 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
- ECDSA_SIG_free(ret);
- ret = NULL;
- }
-+ BN_CTX_end(ctx);
- BN_CTX_free(ctx);
-- BN_clear_free(m);
-- BN_clear_free(tmp);
- BN_clear_free(kinv);
- return ret;
- }
---
-2.17.1
-
diff --git a/gnu/packages/patches/openssl-1.1.0-CVE-2018-0732.patch b/gnu/packages/patches/openssl-1.1.0-CVE-2018-0732.patch
deleted file mode 100644
index dfea6e7d06..0000000000
--- a/gnu/packages/patches/openssl-1.1.0-CVE-2018-0732.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-Fix CVE-2018-0732:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732
-
-Patch copied from upstream source repository:
-
-https://github.com/openssl/openssl/commit/ea7abeeabf92b7aca160bdd0208636d4da69f4f4
-
-From ea7abeeabf92b7aca160bdd0208636d4da69f4f4 Mon Sep 17 00:00:00 2001
-From: Guido Vranken <guidovranken@gmail.com>
-Date: Mon, 11 Jun 2018 19:38:54 +0200
-Subject: [PATCH] Reject excessively large primes in DH key generation.
-
-CVE-2018-0732
-
-Signed-off-by: Guido Vranken <guidovranken@gmail.com>
-
-(cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe)
-
-Reviewed-by: Tim Hudson <tjh@openssl.org>
-Reviewed-by: Matt Caswell <matt@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/6457)
----
- crypto/dh/dh_key.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
-index fce9ff47f3..58003d7087 100644
---- a/crypto/dh/dh_key.c
-+++ b/crypto/dh/dh_key.c
-@@ -78,10 +78,15 @@ static int generate_key(DH *dh)
- int ok = 0;
- int generate_new_key = 0;
- unsigned l;
-- BN_CTX *ctx;
-+ BN_CTX *ctx = NULL;
- BN_MONT_CTX *mont = NULL;
- BIGNUM *pub_key = NULL, *priv_key = NULL;
-
-+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
-+ DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
-+ return 0;
-+ }
-+
- ctx = BN_CTX_new();
- if (ctx == NULL)
- goto err;
---
-2.17.1
-
diff --git a/gnu/packages/patches/qemu-CVE-2018-11806.patch b/gnu/packages/patches/qemu-CVE-2018-11806.patch
deleted file mode 100644
index f021dfa747..0000000000
--- a/gnu/packages/patches/qemu-CVE-2018-11806.patch
+++ /dev/null
@@ -1,105 +0,0 @@
-Fix CVE-2018-11806:
-
-https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11806
-
-Patch copied from upstream source repository:
-
-https://git.qemu.org/?p=qemu.git;a=commitdiff;h=864036e251f54c99d31df124aad7f34f01f5344c
-
-From 864036e251f54c99d31df124aad7f34f01f5344c Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Tue, 5 Jun 2018 23:38:35 +0530
-Subject: [PATCH] slirp: correct size computation while concatenating mbuf
-
-While reassembling incoming fragmented datagrams, 'm_cat' routine
-extends the 'mbuf' buffer, if it has insufficient room. It computes
-a wrong buffer size, which leads to overwriting adjacent heap buffer
-area. Correct this size computation in m_cat.
-
-Reported-by: ZDI Disclosures <zdi-disclosures@trendmicro.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
----
- slirp/mbuf.c | 11 +++++------
- slirp/mbuf.h | 8 +++-----
- 2 files changed, 8 insertions(+), 11 deletions(-)
-
-diff --git a/slirp/mbuf.c b/slirp/mbuf.c
-index 5ff24559fd..18cbf759a7 100644
---- a/slirp/mbuf.c
-+++ b/slirp/mbuf.c
-@@ -138,7 +138,7 @@ m_cat(struct mbuf *m, struct mbuf *n)
- * If there's no room, realloc
- */
- if (M_FREEROOM(m) < n->m_len)
-- m_inc(m,m->m_size+MINCSIZE);
-+ m_inc(m, m->m_len + n->m_len);
-
- memcpy(m->m_data+m->m_len, n->m_data, n->m_len);
- m->m_len += n->m_len;
-@@ -147,7 +147,7 @@ m_cat(struct mbuf *m, struct mbuf *n)
- }
-
-
--/* make m size bytes large */
-+/* make m 'size' bytes large from m_data */
- void
- m_inc(struct mbuf *m, int size)
- {
-@@ -158,12 +158,12 @@ m_inc(struct mbuf *m, int size)
-
- if (m->m_flags & M_EXT) {
- datasize = m->m_data - m->m_ext;
-- m->m_ext = g_realloc(m->m_ext, size);
-+ m->m_ext = g_realloc(m->m_ext, size + datasize);
- m->m_data = m->m_ext + datasize;
- } else {
- char *dat;
- datasize = m->m_data - m->m_dat;
-- dat = g_malloc(size);
-+ dat = g_malloc(size + datasize);
- memcpy(dat, m->m_dat, m->m_size);
-
- m->m_ext = dat;
-@@ -171,8 +171,7 @@ m_inc(struct mbuf *m, int size)
- m->m_flags |= M_EXT;
- }
-
-- m->m_size = size;
--
-+ m->m_size = size + datasize;
- }
-
-
-diff --git a/slirp/mbuf.h b/slirp/mbuf.h
-index 893601ff9d..33b84485d6 100644
---- a/slirp/mbuf.h
-+++ b/slirp/mbuf.h
-@@ -33,8 +33,6 @@
- #ifndef MBUF_H
- #define MBUF_H
-
--#define MINCSIZE 4096 /* Amount to increase mbuf if too small */
--
- /*
- * Macros for type conversion
- * mtod(m,t) - convert mbuf pointer to data pointer of correct type
-@@ -72,11 +70,11 @@ struct mbuf {
- struct mbuf *m_prevpkt; /* Flags aren't used in the output queue */
- int m_flags; /* Misc flags */
-
-- int m_size; /* Size of data */
-+ int m_size; /* Size of mbuf, from m_dat or m_ext */
- struct socket *m_so;
-
-- caddr_t m_data; /* Location of data */
-- int m_len; /* Amount of data in this mbuf */
-+ caddr_t m_data; /* Current location of data */
-+ int m_len; /* Amount of data in this mbuf, from m_data */
-
- Slirp *slirp;
- bool resolution_requested;
---
-2.17.1
-
diff --git a/gnu/packages/patches/racket-store-checksum-override.patch b/gnu/packages/patches/racket-store-checksum-override.patch
new file mode 100644
index 0000000000..b22facca0d
--- /dev/null
+++ b/gnu/packages/patches/racket-store-checksum-override.patch
@@ -0,0 +1,42 @@
+Racket uses checksums to test if it needs to recompile its source
+files to bytecode. If Racket is updated by grafting, the source and
+bytecode files get updated, but the checksum stays the same. Since
+the checksum no longer matches the source file, Racket tries to
+regenerate the bytecode and write it to the store, causing errors
+because the store is immutable. This patch makes Racket ignore
+checksums for files in the store.
+
+See <https://debbugs.gnu.org/30680> for details.
+
+diff -ruN racket-6.12/collects/compiler/cm.rkt racket-6.12-patched/collects/compiler/cm.rkt
+--- racket-6.12/collects/compiler/cm.rkt 1969-12-31 19:00:00.000000000 -0500
++++ racket-6.12-patched/collects/compiler/cm.rkt 2018-08-12 06:36:46.061142149 -0400
+@@ -7,6 +7,7 @@
+ racket/list
+ racket/path
+ racket/promise
++ racket/string
+ openssl/sha1
+ racket/place
+ setup/collects
+@@ -627,6 +628,10 @@
+ #f
+ (list src-hash recorded-hash)))
+
++(define (store-reference? path)
++ (let ([store-prefix (or (getenv "NIX_STORE") "/gnu/store")])
++ (string-prefix? (path->string path) store-prefix)))
++
+ (define (rkt->ss p)
+ (if (path-has-extension? p #".rkt")
+ (path-replace-extension p #".ss")
+@@ -679,7 +684,8 @@
+ (trace-printf "newer src... ~a > ~a" path-time path-zo-time)
+ ;; If `sha1-only?', then `maybe-compile-zo' returns a #f or thunk:
+ (maybe-compile-zo sha1-only? deps path->mode roots path orig-path read-src-syntax up-to-date collection-cache new-seen)]
+- [(different-source-sha1-and-dep-recorded path deps)
++ [(and (not (store-reference? path))
++ (different-source-sha1-and-dep-recorded path deps))
+ => (lambda (difference)
+ (trace-printf "different src hash... ~a" difference)
+ ;; If `sha1-only?', then `maybe-compile-zo' returns a #f or thunk:
diff --git a/gnu/packages/patches/translate-shell-fix-curl-tests.patch b/gnu/packages/patches/translate-shell-fix-curl-tests.patch
deleted file mode 100644
index 33731462b8..0000000000
--- a/gnu/packages/patches/translate-shell-fix-curl-tests.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-This patch fixes Curl related tests for 'translate-shell'.
-
-Upstream bug URL:
-
-https://github.com/soimort/translate-shell/issues/221
-
-From bb9f32d3145125ba664b6b05bf0a2fd34108e9d2 Mon Sep 17 00:00:00 2001
-From: Mort Yao <soi@mort.ninja>
-Date: Sun, 25 Mar 2018 03:14:33 +0200
-Subject: [PATCH] TestUtils: perform curl-related tests only if NETWORK_ACCESS
- is set to yes (#221)
-
----
- test/TestUtils.awk | 32 +++++++++++++++++---------------
- 1 file changed, 17 insertions(+), 15 deletions(-)
-
-diff --git a/test/TestUtils.awk b/test/TestUtils.awk
-index 08bb2e9..1c141e5 100644
---- a/test/TestUtils.awk
-+++ b/test/TestUtils.awk
-@@ -30,22 +30,24 @@ BEGIN {
- assertTrue(newerVersion("2", "1.9.9999"))
- }
-
-- T("curl()", 1)
-- {
-- delete tokens; delete ast
-- tokenize(tokens, curl("https://httpbin.org/get"))
-- parseJson(ast, tokens)
-- assertEqual(unparameterize(ast[0 SUBSEP "url"]),
-- "https://httpbin.org/get")
-- }
-+ if (yn(ENVIRON["NETWORK_ACCESS"])) { # if network access enabled
-+ T("curl()", 1)
-+ {
-+ delete tokens; delete ast
-+ tokenize(tokens, curl("https://httpbin.org/get"))
-+ parseJson(ast, tokens)
-+ assertEqual(unparameterize(ast[0 SUBSEP "url"]),
-+ "https://httpbin.org/get")
-+ }
-
-- T("curlPost()", 1)
-- {
-- delete tokens; delete ast
-- tokenize(tokens, curlPost("https://httpbin.org/post", "fizz=buzz"))
-- parseJson(ast, tokens)
-- assertEqual(unparameterize(ast[0 SUBSEP "url"]),
-- "https://httpbin.org/post")
-+ T("curlPost()", 1)
-+ {
-+ delete tokens; delete ast
-+ tokenize(tokens, curlPost("https://httpbin.org/post", "fizz=buzz"))
-+ parseJson(ast, tokens)
-+ assertEqual(unparameterize(ast[0 SUBSEP "url"]),
-+ "https://httpbin.org/post")
-+ }
- }
-
- T("dump()", 3)