aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2018-03-29 17:34:41 +0200
committerMarius Bakke <mbakke@fastmail.com>2018-03-29 17:34:41 +0200
commit5576cfabf3485e0cf794cc3de085a3578151ee64 (patch)
tree8ca4093d05fda6b0064d0fca429353327ec491f9 /gnu/packages/patches
parent12cb6c31df4b90d58658e88a256e36b6808e1064 (diff)
parente086d2f68b90a39bae07ae46572e5cc6b0fc4308 (diff)
downloadguix-5576cfabf3485e0cf794cc3de085a3578151ee64.tar
guix-5576cfabf3485e0cf794cc3de085a3578151ee64.tar.gz
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/classpath-aarch64-support.patch29
-rw-r--r--gnu/packages/patches/hwloc-tests-without-sysfs.patch42
-rw-r--r--gnu/packages/patches/libusb-for-axoloti.patch14
-rw-r--r--gnu/packages/patches/links-CVE-2017-11114.patch99
-rw-r--r--gnu/packages/patches/lyx-2.2.3-fix-test.patch13
-rw-r--r--gnu/packages/patches/mupdf-CVE-2018-1000051.patch88
-rw-r--r--gnu/packages/patches/mupdf-CVE-2018-6544.patch109
-rw-r--r--gnu/packages/patches/shepherd-close-fds.patch36
-rw-r--r--gnu/packages/patches/shepherd-herd-status-sorted.patch79
-rw-r--r--gnu/packages/patches/translate-shell-fix-curl-tests.patch60
10 files changed, 306 insertions, 263 deletions
diff --git a/gnu/packages/patches/classpath-aarch64-support.patch b/gnu/packages/patches/classpath-aarch64-support.patch
new file mode 100644
index 0000000000..6fdac0c4fb
--- /dev/null
+++ b/gnu/packages/patches/classpath-aarch64-support.patch
@@ -0,0 +1,29 @@
+This is modeled after the ia64 support. Aarch64 can be either big endian
+or little endian, so we add the case for both.
+
+---
+ native/fdlibm/ieeefp.h | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/native/fdlibm/ieeefp.h b/native/fdlibm/ieeefp.h
+index 1a9740f..73455c0 100644
+--- a/native/fdlibm/ieeefp.h
++++ b/native/fdlibm/ieeefp.h
+@@ -27,6 +27,14 @@
+ #endif
+ #endif
+
++#ifdef __aarch64__
++#ifdef __BIG_ENDIAN__
++#define __IEEE_BIG_ENDIAN
++#else
++#define __IEEE_LITTLE_ENDIAN
++#endif
++#endif
++
+ #ifdef __hppa__
+ #define __IEEE_BIG_ENDIAN
+ #endif
+--
+2.16.3
+
diff --git a/gnu/packages/patches/hwloc-tests-without-sysfs.patch b/gnu/packages/patches/hwloc-tests-without-sysfs.patch
deleted file mode 100644
index ea6ec41616..0000000000
--- a/gnu/packages/patches/hwloc-tests-without-sysfs.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Fix a test failure in the build environment, where /sys is missing.
-From <https://github.com/bgoglin/hwloc/commit/a2cc4f2e2bf4a8bbdd61b578a62e27e7482799cf.patch>.
-
-From a2cc4f2e2bf4a8bbdd61b578a62e27e7482799cf Mon Sep 17 00:00:00 2001
-From: Brice Goglin <Brice.Goglin@inria.fr>
-Date: Tue, 6 Feb 2018 17:13:26 +0100
-Subject: [PATCH] linux: honor the filtering cores and packages when reading
- topology from cpuinfo
-
-Caused a make check crash in lstopo --filter all:none in chroot without sysfs.
-
-Thanks to Ludovic Courtes for the report.
-
-Signed-off-by: Brice Goglin <Brice.Goglin@inria.fr>
----
- hwloc/topology-linux.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/hwloc/topology-linux.c b/hwloc/topology-linux.c
-index 290da0d72..e1bbf94e1 100644
---- a/hwloc/topology-linux.c
-+++ b/hwloc/topology-linux.c
-@@ -4101,7 +4101,8 @@ look_cpuinfo(struct hwloc_topology *topology,
- }
- /* create package objects */
- hwloc_debug("%u pkgs%s\n", numpkgs, missingpkg ? ", but some missing package" : "");
-- if (!missingpkg && numpkgs>0) {
-+ if (!missingpkg && numpkgs>0
-+ && hwloc_filter_check_keep_object_type(topology, HWLOC_OBJ_PACKAGE)) {
- for (i = 0; i < numpkgs; i++) {
- struct hwloc_obj *obj = hwloc_alloc_setup_object(topology, HWLOC_OBJ_PACKAGE, Lpkg_to_Ppkg[i]);
- int doneinfos = 0;
-@@ -4145,7 +4146,8 @@ look_cpuinfo(struct hwloc_topology *topology,
- }
- /* create Core objects */
- hwloc_debug("%u cores%s\n", numcores, missingcore ? ", but some missing core" : "");
-- if (!missingcore && numcores>0) {
-+ if (!missingcore && numcores>0
-+ && hwloc_filter_check_keep_object_type(topology, HWLOC_OBJ_CORE)) {
- for (i = 0; i < numcores; i++) {
- struct hwloc_obj *obj = hwloc_alloc_setup_object(topology, HWLOC_OBJ_CORE, Lcore_to_Pcore[i]);
- obj->cpuset = hwloc_bitmap_alloc();
diff --git a/gnu/packages/patches/libusb-for-axoloti.patch b/gnu/packages/patches/libusb-for-axoloti.patch
index 2c07d767d9..76a45e801d 100644
--- a/gnu/packages/patches/libusb-for-axoloti.patch
+++ b/gnu/packages/patches/libusb-for-axoloti.patch
@@ -1,14 +1,14 @@
-diff -rp -u4 libusb-1.0.19-orig/libusb/descriptor.c libusb-1.0.19/libusb/descriptor.c
---- libusb-1.0.19-orig/libusb/descriptor.c 2015-05-12 00:15:19 +0200
-+++ libusb-1.0.19/libusb/descriptor.c 2015-05-12 00:17:09 +0200
-@@ -1181,9 +1181,9 @@ int API_EXPORTED libusb_get_string_descr
+diff -rpu4 libusb-1.0.22.orig/libusb/descriptor.c libusb-1.0.22/libusb/descriptor.c
+--- libusb-1.0.22.orig/libusb/descriptor.c 2018-03-17 08:23:37.000000000 +0100
++++ libusb-1.0.22/libusb/descriptor.c 2018-03-29 10:36:09.968429473 +0200
+@@ -1173,9 +1173,9 @@ int API_EXPORTED libusb_get_string_descr
if (tbuf[1] != LIBUSB_DT_STRING)
return LIBUSB_ERROR_IO;
if (tbuf[0] > r)
- return LIBUSB_ERROR_IO;
-+ tbuf[0] = r;
++ tbuf[0] = r;
- for (di = 0, si = 2; si < tbuf[0]; si += 2) {
+ di = 0;
+ for (si = 2; si < tbuf[0]; si += 2) {
if (di >= (length - 1))
- break;
diff --git a/gnu/packages/patches/links-CVE-2017-11114.patch b/gnu/packages/patches/links-CVE-2017-11114.patch
deleted file mode 100644
index c5ac9884b5..0000000000
--- a/gnu/packages/patches/links-CVE-2017-11114.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-Fix CVE-2017-11114:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11114
-http://seclists.org/fulldisclosure/2017/Jul/76
-
-Patch copied from Debian:
-
-https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870299#12
-
-Origin: upstream, commit: fee5dca79a93a37024e494b985386a5fe60bc1b7
-Origin: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870299#12
-Author: Mikulas Patocka <mikulas@twibright.com>
-Date: Wed Aug 2 20:13:29 2017 +0200
-Subject: Fix read out of memory in case of corrupted UTF-8 data
-
----
- charsets.c | 37 +------------------------------------
- links.h | 9 ++++-----
- 2 files changed, 5 insertions(+), 41 deletions(-)
-
-Index: links-2.14/charsets.c
-===================================================================
---- links-2.14.orig/charsets.c
-+++ links-2.14/charsets.c
-@@ -215,41 +215,6 @@ static struct conv_table *get_translatio
- return utf_table;
- }
-
--unsigned short int utf8_2_uni_table[0x200] = {
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 128, 0, 0, 0, 192, 0,
-- 0, 0, 256, 0, 0, 0, 320, 0, 0, 0, 384, 0, 0, 0, 448, 0,
-- 0, 0, 512, 0, 0, 0, 576, 0, 0, 0, 640, 0, 0, 0, 704, 0,
-- 0, 0, 768, 0, 0, 0, 832, 0, 0, 0, 896, 0, 0, 0, 960, 0,
-- 0, 0, 1024, 0, 0, 0, 1088, 0, 0, 0, 1152, 0, 0, 0, 1216, 0,
-- 0, 0, 1280, 0, 0, 0, 1344, 0, 0, 0, 1408, 0, 0, 0, 1472, 0,
-- 0, 0, 1536, 0, 0, 0, 1600, 0, 0, 0, 1664, 0, 0, 0, 1728, 0,
-- 0, 0, 1792, 0, 0, 0, 1856, 0, 0, 0, 1920, 0, 0, 0, 1984, 0,
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
--};
--
- unsigned char utf_8_1[256] = {
- 6, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
-@@ -269,7 +234,7 @@ unsigned char utf_8_1[256] = {
- 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 6, 6,
- };
-
--static_const unsigned min_utf_8[9] = {
-+static_const unsigned min_utf_8[8] = {
- 0, 0x4000000, 0x200000, 0x10000, 0x800, 0x80, 0x100, 0x1,
- };
-
-Index: links-2.14/links.h
-===================================================================
---- links-2.14.orig/links.h
-+++ links-2.14/links.h
-@@ -3906,15 +3906,14 @@ unsigned char *cp_strchr(int charset, un
- void init_charset(void);
-
- unsigned get_utf_8(unsigned char **p);
--extern unsigned short int utf8_2_uni_table[0x200];
- #define GET_UTF_8(s, c) \
- do { \
- if ((unsigned char)(s)[0] < 0x80) \
- (c) = (s)++[0]; \
-- else if (((c) = utf8_2_uni_table[((unsigned char)(s)[0] << 2) + \
-- ((unsigned char)(s)[1] >> 6) - 0x200])) \
-- (c) += (unsigned char)(s)[1] & 0x3f, (s) += 2; \
-- else \
-+ else if ((unsigned char)(s)[0] >= 0xc2 && (unsigned char)(s)[0] < 0xe0 &&\
-+ ((unsigned char)(s)[1] & 0xc0) == 0x80) { \
-+ (c) = (unsigned char)(s)[0] * 0x40 + (unsigned char)(s)[1], (c) -= 0x3080, (s) += 2;\
-+ } else \
- (c) = get_utf_8(&(s)); \
- } while (0)
- #define FWD_UTF_8(s) \
diff --git a/gnu/packages/patches/lyx-2.2.3-fix-test.patch b/gnu/packages/patches/lyx-2.2.3-fix-test.patch
new file mode 100644
index 0000000000..10b7d2a3a9
--- /dev/null
+++ b/gnu/packages/patches/lyx-2.2.3-fix-test.patch
@@ -0,0 +1,13 @@
+See https://www.lyx.org/trac/ticket/10800#comment:17
+diff --git a/src/tex2lyx/test/test-structure.lyx.lyx b/src/tex2lyx/test/test-structure.lyx.lyx
+index feff755cd2..2c7f2ace5c 100644
+--- a/src/tex2lyx/test/test-structure.lyx.lyx
++++ b/src/tex2lyx/test/test-structure.lyx.lyx
+@@ -212,7 +212,7 @@ This causes the
+ \begin_inset Flex Flex:Strong
+ status collapsed
+
+-\begin_layout Standard
++\begin_layout Plain Layout
+ logikalmkup
+ \end_layout
diff --git a/gnu/packages/patches/mupdf-CVE-2018-1000051.patch b/gnu/packages/patches/mupdf-CVE-2018-1000051.patch
new file mode 100644
index 0000000000..bb78c46f80
--- /dev/null
+++ b/gnu/packages/patches/mupdf-CVE-2018-1000051.patch
@@ -0,0 +1,88 @@
+Fix CVE-2018-1000051:
+
+https://bugs.ghostscript.com/show_bug.cgi?id=698873
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000051
+
+Patch copied from upstream source repository:
+
+https://git.ghostscript.com/?p=mupdf.git;a=commit;h=321ba1de287016b0036bf4a56ce774ad11763384
+
+From 321ba1de287016b0036bf4a56ce774ad11763384 Mon Sep 17 00:00:00 2001
+From: Sebastian Rasmussen <sebras@gmail.com>
+Date: Tue, 19 Dec 2017 23:47:47 +0100
+Subject: [PATCH] Bug 698825: Do not drop borrowed colorspaces.
+
+Previously the borrowed colorspace was dropped when updating annotation
+appearances, leading to use after free warnings from valgrind/ASAN.
+---
+ source/pdf/pdf-appearance.c | 8 ++------
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+diff --git a/source/pdf/pdf-appearance.c b/source/pdf/pdf-appearance.c
+index 70f684f4..d7a1dddd 100644
+--- a/source/pdf/pdf-appearance.c
++++ b/source/pdf/pdf-appearance.c
+@@ -2170,7 +2170,6 @@ void pdf_update_free_text_annot_appearance(fz_context *ctx, pdf_document *doc, p
+ fz_device *dev = NULL;
+ font_info font_rec;
+ fz_text *text = NULL;
+- fz_colorspace *cs = NULL;
+ fz_matrix page_ctm;
+
+ pdf_page_transform(ctx, annot->page, NULL, &page_ctm);
+@@ -2184,11 +2183,11 @@ void pdf_update_free_text_annot_appearance(fz_context *ctx, pdf_document *doc, p
+ fz_var(dlist);
+ fz_var(dev);
+ fz_var(text);
+- fz_var(cs);
+ fz_try(ctx)
+ {
+ char *contents = pdf_to_str_buf(ctx, pdf_dict_get(ctx, obj, PDF_NAME_Contents));
+ char *da = pdf_to_str_buf(ctx, pdf_dict_get(ctx, obj, PDF_NAME_DA));
++ fz_colorspace *cs;
+ fz_point pos;
+ fz_rect rect;
+
+@@ -2223,7 +2222,6 @@ void pdf_update_free_text_annot_appearance(fz_context *ctx, pdf_document *doc, p
+ fz_drop_display_list(ctx, dlist);
+ font_info_fin(ctx, &font_rec);
+ fz_drop_text(ctx, text);
+- fz_drop_colorspace(ctx, cs);
+ }
+ fz_catch(ctx)
+ {
+@@ -2359,7 +2357,6 @@ void pdf_set_signature_appearance(fz_context *ctx, pdf_document *doc, pdf_annot
+ fz_device *dev = NULL;
+ font_info font_rec;
+ fz_text *text = NULL;
+- fz_colorspace *cs = NULL;
+ fz_path *path = NULL;
+ fz_buffer *fzbuf = NULL;
+ fz_matrix page_ctm;
+@@ -2375,7 +2372,6 @@ void pdf_set_signature_appearance(fz_context *ctx, pdf_document *doc, pdf_annot
+ fz_var(dlist);
+ fz_var(dev);
+ fz_var(text);
+- fz_var(cs);
+ fz_var(fzbuf);
+ fz_try(ctx)
+ {
+@@ -2384,6 +2380,7 @@ void pdf_set_signature_appearance(fz_context *ctx, pdf_document *doc, pdf_annot
+ fz_rect logo_bounds;
+ fz_matrix logo_tm;
+ fz_rect rect;
++ fz_colorspace *cs = fz_device_rgb(ctx); /* Borrowed reference */
+
+ pdf_to_rect(ctx, pdf_dict_get(ctx, annot->obj, PDF_NAME_Rect), &annot_rect);
+ rect = annot_rect;
+@@ -2396,7 +2393,6 @@ void pdf_set_signature_appearance(fz_context *ctx, pdf_document *doc, pdf_annot
+ fz_bound_path(ctx, path, NULL, &fz_identity, &logo_bounds);
+ center_rect_within_rect(&logo_bounds, &rect, &logo_tm);
+ fz_concat(&logo_tm, &logo_tm, &page_ctm);
+- cs = fz_device_rgb(ctx); /* Borrowed reference */
+ fz_fill_path(ctx, dev, path, 0, &logo_tm, cs, logo_color, 1.0f, NULL);
+
+ get_font_info(ctx, doc, dr, da, &font_rec);
+--
+2.16.3
+
diff --git a/gnu/packages/patches/mupdf-CVE-2018-6544.patch b/gnu/packages/patches/mupdf-CVE-2018-6544.patch
new file mode 100644
index 0000000000..b2c8f849f3
--- /dev/null
+++ b/gnu/packages/patches/mupdf-CVE-2018-6544.patch
@@ -0,0 +1,109 @@
+Fix CVE-2018-6544:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6544
+https://bugs.ghostscript.com/show_bug.cgi?id=698830
+https://bugs.ghostscript.com/show_bug.cgi?id=698965
+
+Patches copied from upstream source repository:
+
+https://git.ghostscript.com/?p=mupdf.git;h=26527eef77b3e51c2258c8e40845bfbc015e405d
+https://git.ghostscript.com/?p=mupdf.git;h=b03def134988da8c800adac1a38a41a1f09a1d89
+
+From b03def134988da8c800adac1a38a41a1f09a1d89 Mon Sep 17 00:00:00 2001
+From: Sebastian Rasmussen <sebras@gmail.com>
+Date: Thu, 1 Feb 2018 16:36:14 +0100
+Subject: [PATCH] Bug 698830: Avoid recursion when loading object streams
+ objects.
+
+If there were indirect references in the object stream dictionary and
+one of those indirect references referred to an object inside the object
+stream itself, mupdf would previously enter recursion only bounded by the
+exception stack. After this commit the object stream is checked if it is
+marked immediately after being loaded. If it is marked then we terminate
+the recursion at this point, if it is not marked then mark it and
+attempt to load the desired object within. We also take care to unmark
+the stream object when done or upon exception.
+---
+ source/pdf/pdf-xref.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c
+index 723b543c..ed09094c 100644
+--- a/source/pdf/pdf-xref.c
++++ b/source/pdf/pdf-xref.c
+@@ -1576,6 +1576,19 @@ pdf_load_obj_stm(fz_context *ctx, pdf_document *doc, int num, pdf_lexbuf *buf, i
+ {
+ objstm = pdf_load_object(ctx, doc, num);
+
++ if (pdf_obj_marked(ctx, objstm))
++ fz_throw(ctx, FZ_ERROR_GENERIC, "recursive object stream lookup");
++ }
++ fz_catch(ctx)
++ {
++ pdf_drop_obj(ctx, objstm);
++ fz_rethrow(ctx);
++ }
++
++ fz_try(ctx)
++ {
++ pdf_mark_obj(ctx, objstm);
++
+ count = pdf_to_int(ctx, pdf_dict_get(ctx, objstm, PDF_NAME_N));
+ first = pdf_to_int(ctx, pdf_dict_get(ctx, objstm, PDF_NAME_First));
+
+@@ -1655,6 +1668,7 @@ pdf_load_obj_stm(fz_context *ctx, pdf_document *doc, int num, pdf_lexbuf *buf, i
+ fz_drop_stream(ctx, stm);
+ fz_free(ctx, ofsbuf);
+ fz_free(ctx, numbuf);
++ pdf_unmark_obj(ctx, objstm);
+ pdf_drop_obj(ctx, objstm);
+ }
+ fz_catch(ctx)
+--
+2.16.3
+
+From 26527eef77b3e51c2258c8e40845bfbc015e405d Mon Sep 17 00:00:00 2001
+From: Sebastian Rasmussen <sebras@gmail.com>
+Date: Mon, 29 Jan 2018 02:00:48 +0100
+Subject: [PATCH] Bug 698830: Don't drop unkept stream if running out of error
+ stack.
+
+Under normal conditions where fz_keep_stream() is called inside
+fz_try() we may call fz_drop_stream() in fz_catch() upon exceptions.
+The issue comes when fz_keep_stream() has not yet been called but is
+dropped in fz_catch(). This happens in the PDF from the bug when
+fz_try() runs out of exception stack, and next the code in fz_catch()
+runs, dropping the caller's reference to the filter chain stream!
+
+The simplest way of fixing this it to always keep the filter chain
+stream before fz_try() is called. That way fz_catch() may drop the
+stream whether an exception has occurred or if the fz_try() ran out of
+exception stack.
+---
+ source/pdf/pdf-stream.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/source/pdf/pdf-stream.c b/source/pdf/pdf-stream.c
+index c89da5c4..c6ba7ad3 100644
+--- a/source/pdf/pdf-stream.c
++++ b/source/pdf/pdf-stream.c
+@@ -303,14 +303,13 @@ pdf_open_raw_filter(fz_context *ctx, fz_stream *chain, pdf_document *doc, pdf_ob
+ *orig_gen = 0;
+ }
+
+- fz_var(chain);
++ chain = fz_keep_stream(ctx, chain);
+
+ fz_try(ctx)
+ {
+ len = pdf_to_int(ctx, pdf_dict_get(ctx, stmobj, PDF_NAME_Length));
+
+- /* don't close chain when we close this filter */
+- chain2 = fz_keep_stream(ctx, chain);
++ chain2 = chain;
+ chain = NULL;
+ chain = fz_open_null(ctx, chain2, len, offset);
+
+--
+2.16.3
+
diff --git a/gnu/packages/patches/shepherd-close-fds.patch b/gnu/packages/patches/shepherd-close-fds.patch
deleted file mode 100644
index 2078b15265..0000000000
--- a/gnu/packages/patches/shepherd-close-fds.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-commit 3e346a2a84b099766ea8a3a4a4549f6172483062
-Author: Ludovic Courtès <ludo@gnu.org>
-Date: Sun Dec 3 22:30:03 2017 +0100
-
- service: In 'exec-command', close open ports before 'execl'.
-
- This gets rid of annoying "Bad file descriptor" warnings from shepherd.
-
- * modules/shepherd/service.scm (exec-command): In 'loop', invoke
- 'close-port' and the ports returned by (fdes->ports i).
-
-diff --git a/modules/shepherd/service.scm b/modules/shepherd/service.scm
-index b2d8bc5..0ad28a0 100644
---- a/modules/shepherd/service.scm
-+++ b/modules/shepherd/service.scm
-@@ -1,5 +1,5 @@
- ;; service.scm -- Representation of services.
--;; Copyright (C) 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
-+;; Copyright (C) 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
- ;; Copyright (C) 2002, 2003 Wolfgang Järling <wolfgang@pro-linux.de>
- ;; Copyright (C) 2014 Alex Sassmannshausen <alex.sassmannshausen@gmail.com>
- ;; Copyright (C) 2016 Alex Kost <alezost@gmail.com>
-@@ -744,6 +744,14 @@ false."
-
- (let loop ((i 3))
- (when (< i max-fd)
-+ ;; First try to close any ports associated with file descriptor I.
-+ ;; Otherwise the finalization thread might get around to closing
-+ ;; those ports eventually, which will raise an EBADF exception (on
-+ ;; 2.2), leading to messages like "error in the finalization
-+ ;; thread: Bad file descriptor".
-+ (for-each (lambda (port)
-+ (catch-system-error (close-port port)))
-+ (fdes->ports i))
- (catch-system-error (close-fdes i))
- (loop (+ i 1)))))
diff --git a/gnu/packages/patches/shepherd-herd-status-sorted.patch b/gnu/packages/patches/shepherd-herd-status-sorted.patch
deleted file mode 100644
index c6b9d870eb..0000000000
--- a/gnu/packages/patches/shepherd-herd-status-sorted.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From cc9564586729a5bb90dd5d2722b543fdde9ab821 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
-Date: Sun, 4 Feb 2018 21:56:36 +0100
-Subject: [PATCH] herd: 'herd status' now sorts the result.
-
-Partly fixes <https://bugs.gnu.org/30299>.
-Reported by Mark H Weaver <mhw@netris.org>.
-
-Previously 'tests/basic.sh' could occasionally fail on:
-
- test "`$herd status`" == "$pristine_status"
-
-because the order of stopped services were not always the same. Indeed,
-those services come from 'service-list' on the shepherd side, which uses
-'hash-fold' to traverse the service hash table, and the traversal order
-of 'hash-fold' is undefined.
-
-* modules/shepherd/scripts/herd.scm (display-status-summary)[service<?]:
-New procedure.
-[display-services]: Call 'sort' and use the above.
----
- modules/shepherd/scripts/herd.scm | 8 ++++++--
- modules/shepherd/service.scm | 5 +++--
- 2 files changed, 9 insertions(+), 4 deletions(-)
-
-diff --git a/modules/shepherd/scripts/herd.scm b/modules/shepherd/scripts/herd.scm
-index ebcd1e1..697446c 100644
---- a/modules/shepherd/scripts/herd.scm
-+++ b/modules/shepherd/scripts/herd.scm
-@@ -1,5 +1,5 @@
- ;; herd.scm -- The program to herd the Shepherd.
--;; Copyright (C) 2013, 2014, 2016 Ludovic Courtès <ludo@gnu.org>
-+;; Copyright (C) 2013, 2014, 2016, 2018 Ludovic Courtès <ludo@gnu.org>
- ;; Copyright (C) 2002, 2003 Wolfgang Jährling <wolfgang@pro-linux.de>
- ;;
- ;; This file is part of the GNU Shepherd.
-@@ -46,13 +46,17 @@ of pairs."
-
- (define (display-status-summary services)
- "Display a summary of the status of all of SERVICES."
-+ (define (service<? service1 service2)
-+ (string<? (symbol->string (service-canonical-name service1))
-+ (symbol->string (service-canonical-name service2))))
-+
- (define (display-services header bullet services)
- (unless (null? services)
- (display header)
- (for-each (lambda (service)
- (format #t " ~a ~a~%" bullet
- (service-canonical-name service)))
-- services)))
-+ (sort services service<?)))) ;get deterministic output
- (call-with-values
- (lambda ()
- (partition (match-lambda
-diff --git a/modules/shepherd/service.scm b/modules/shepherd/service.scm
-index 0ad28a0..83600e4 100644
---- a/modules/shepherd/service.scm
-+++ b/modules/shepherd/service.scm
-@@ -1,5 +1,5 @@
- ;; service.scm -- Representation of services.
--;; Copyright (C) 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
-+;; Copyright (C) 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
- ;; Copyright (C) 2002, 2003 Wolfgang Järling <wolfgang@pro-linux.de>
- ;; Copyright (C) 2014 Alex Sassmannshausen <alex.sassmannshausen@gmail.com>
- ;; Copyright (C) 2016 Alex Kost <alezost@gmail.com>
-@@ -949,7 +949,8 @@ Return #f if service is not found."
- %services))
-
- (define (service-list)
-- "Return the list of services currently defined."
-+ "Return the list of services currently defined. Note: The order of the list
-+returned in unspecified."
- (hash-fold (lambda (name services result)
- (let ((service (lookup-canonical-service name services)))
- (if service
---
-2.16.1
-
diff --git a/gnu/packages/patches/translate-shell-fix-curl-tests.patch b/gnu/packages/patches/translate-shell-fix-curl-tests.patch
new file mode 100644
index 0000000000..33731462b8
--- /dev/null
+++ b/gnu/packages/patches/translate-shell-fix-curl-tests.patch
@@ -0,0 +1,60 @@
+This patch fixes Curl related tests for 'translate-shell'.
+
+Upstream bug URL:
+
+https://github.com/soimort/translate-shell/issues/221
+
+From bb9f32d3145125ba664b6b05bf0a2fd34108e9d2 Mon Sep 17 00:00:00 2001
+From: Mort Yao <soi@mort.ninja>
+Date: Sun, 25 Mar 2018 03:14:33 +0200
+Subject: [PATCH] TestUtils: perform curl-related tests only if NETWORK_ACCESS
+ is set to yes (#221)
+
+---
+ test/TestUtils.awk | 32 +++++++++++++++++---------------
+ 1 file changed, 17 insertions(+), 15 deletions(-)
+
+diff --git a/test/TestUtils.awk b/test/TestUtils.awk
+index 08bb2e9..1c141e5 100644
+--- a/test/TestUtils.awk
++++ b/test/TestUtils.awk
+@@ -30,22 +30,24 @@ BEGIN {
+ assertTrue(newerVersion("2", "1.9.9999"))
+ }
+
+- T("curl()", 1)
+- {
+- delete tokens; delete ast
+- tokenize(tokens, curl("https://httpbin.org/get"))
+- parseJson(ast, tokens)
+- assertEqual(unparameterize(ast[0 SUBSEP "url"]),
+- "https://httpbin.org/get")
+- }
++ if (yn(ENVIRON["NETWORK_ACCESS"])) { # if network access enabled
++ T("curl()", 1)
++ {
++ delete tokens; delete ast
++ tokenize(tokens, curl("https://httpbin.org/get"))
++ parseJson(ast, tokens)
++ assertEqual(unparameterize(ast[0 SUBSEP "url"]),
++ "https://httpbin.org/get")
++ }
+
+- T("curlPost()", 1)
+- {
+- delete tokens; delete ast
+- tokenize(tokens, curlPost("https://httpbin.org/post", "fizz=buzz"))
+- parseJson(ast, tokens)
+- assertEqual(unparameterize(ast[0 SUBSEP "url"]),
+- "https://httpbin.org/post")
++ T("curlPost()", 1)
++ {
++ delete tokens; delete ast
++ tokenize(tokens, curlPost("https://httpbin.org/post", "fizz=buzz"))
++ parseJson(ast, tokens)
++ assertEqual(unparameterize(ast[0 SUBSEP "url"]),
++ "https://httpbin.org/post")
++ }
+ }
+
+ T("dump()", 3)