aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2018-02-24 21:49:30 +0100
committerMarius Bakke <mbakke@fastmail.com>2018-02-24 21:49:30 +0100
commite58bf025df9ea1450e94fb63e87afc1fa5afd182 (patch)
tree358c2dc04c675fc58088cdfcf42ab1a7755f71ea /gnu/packages/patches
parent9102ce124c807a6a3d9e8f492adafd830cf833f3 (diff)
parente8ee100e8eb46224d5549dffc707cfeb96ad0e21 (diff)
downloadguix-e58bf025df9ea1450e94fb63e87afc1fa5afd182.tar
guix-e58bf025df9ea1450e94fb63e87afc1fa5afd182.tar.gz
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/freetype-CVE-2018-6942.patch31
-rw-r--r--gnu/packages/patches/htop-fix-process-tree.patch99
-rw-r--r--gnu/packages/patches/ldc-1.1.0-disable-dmd-tests.patch35
-rw-r--r--gnu/packages/patches/ldc-1.1.0-disable-phobos-tests.patch414
-rw-r--r--gnu/packages/patches/ldc-1.7.0-disable-phobos-tests.patch88
-rw-r--r--gnu/packages/patches/ldc-bootstrap-disable-tests.patch (renamed from gnu/packages/patches/ldc-disable-tests.patch)18
-rw-r--r--gnu/packages/patches/optipng-CVE-2017-1000229.patch22
-rw-r--r--gnu/packages/patches/password-store-gnupg-compat.patch28
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-15038.patch51
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-15289.patch66
-rw-r--r--gnu/packages/patches/wavpack-CVE-2018-7253.patch29
-rw-r--r--gnu/packages/patches/wavpack-CVE-2018-7254.patch62
12 files changed, 345 insertions, 598 deletions
diff --git a/gnu/packages/patches/freetype-CVE-2018-6942.patch b/gnu/packages/patches/freetype-CVE-2018-6942.patch
new file mode 100644
index 0000000000..680f357765
--- /dev/null
+++ b/gnu/packages/patches/freetype-CVE-2018-6942.patch
@@ -0,0 +1,31 @@
+Fix CVE-2018-6942:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6942
+https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6942.html
+
+Copied from upstream (ChangeLog section removed):
+https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef
+
+diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c
+index d855aaa..551f14a 100644
+--- a/src/truetype/ttinterp.c
++++ b/src/truetype/ttinterp.c
+@@ -7532,8 +7532,16 @@
+ return;
+ }
+
+- for ( i = 0; i < num_axes; i++ )
+- args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */
++ if ( coords )
++ {
++ for ( i = 0; i < num_axes; i++ )
++ args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */
++ }
++ else
++ {
++ for ( i = 0; i < num_axes; i++ )
++ args[i] = 0;
++ }
+ }
+
+
diff --git a/gnu/packages/patches/htop-fix-process-tree.patch b/gnu/packages/patches/htop-fix-process-tree.patch
new file mode 100644
index 0000000000..d8e5e2ccac
--- /dev/null
+++ b/gnu/packages/patches/htop-fix-process-tree.patch
@@ -0,0 +1,99 @@
+From 2971a187551e062ffefdab965f55377b36cd94eb Mon Sep 17 00:00:00 2001
+From: Tobias Geerinckx-Rice <me@tobias.gr>
+Date: Wed, 21 Feb 2018 06:00:50 +0100
+Subject: [PATCH] Fix process tree
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This manually reverts:
+
+ commit 584a9bceab948590dabd189d234a86e6bf4ec3f4
+ Author: wangqr <wangqr@wangqr.tk>
+ Date: Fri Sep 1 21:27:24 2017 +0800
+
+ Find roots when constructing process tree, fix #587
+
+which breaks the process tree (‘t’) view in at least some cases.
+I will investigate further...
+---
+ ProcessList.c | 63 +++++++++++++++++------------------------------------------
+ 1 file changed, 18 insertions(+), 45 deletions(-)
+
+diff --git a/ProcessList.c b/ProcessList.c
+index 48b2d95..225253d 100644
+--- a/ProcessList.c
++++ b/ProcessList.c
+@@ -213,51 +213,24 @@ void ProcessList_sort(ProcessList* this) {
+ // Restore settings
+ this->settings->sortKey = sortKey;
+ this->settings->direction = direction;
+- int vsize = Vector_size(this->processes);
+- // Find all processes whose parent is not visible
+- int size;
+- while ((size = Vector_size(this->processes))) {
+- int i;
+- for (i = 0; i < size; i++) {
+- Process* process = (Process*)(Vector_get(this->processes, i));
+- // Immediately consume not shown processes
+- if (!process->show) {
+- process = (Process*)(Vector_take(this->processes, i));
+- process->indent = 0;
+- Vector_add(this->processes2, process);
+- ProcessList_buildTree(this, process->pid, 0, 0, direction, false);
+- break;
+- }
+- pid_t ppid = process->tgid == process->pid ? process->ppid : process->tgid;
+- // Bisect the process vector to find parent
+- int l = 0, r = size;
+- // If PID corresponds with PPID (e.g. "kernel_task" (PID:0, PPID:0)
+- // on Mac OS X 10.11.6) cancel bisecting and regard this process as
+- // root.
+- if (process->pid == ppid)
+- r = 0;
+- while (l < r) {
+- int c = (l + r) / 2;
+- pid_t pid = ((Process*)(Vector_get(this->processes, c)))->pid;
+- if (ppid == pid) {
+- break;
+- } else if (ppid < pid) {
+- r = c;
+- } else {
+- l = c + 1;
+- }
+- }
+- // If parent not found, then construct the tree with this root
+- if (l >= r) {
+- process = (Process*)(Vector_take(this->processes, i));
+- process->indent = 0;
+- Vector_add(this->processes2, process);
+- ProcessList_buildTree(this, process->pid, 0, 0, direction, process->showChildren);
+- break;
+- }
+- }
+- // There should be no loop in the process tree
+- assert(i < size);
++
++ // Take PID 1 as root and add to the new listing
++ int vsize = Vector_size(this->processes);
++ Process* init = (Process*) (Vector_take(this->processes, 0));
++ if (!init) return;
++ // This assertion crashes on hardened kernels.
++ // I wonder how well tree view works on those systems.
++ // assert(init->pid == 1);
++ init->indent = 0;
++ Vector_add(this->processes2, init);
++ // Recursively empty list
++ ProcessList_buildTree(this, init->pid, 0, 0, direction, true);
++ // Add leftovers
++ while (Vector_size(this->processes)) {
++ Process* p = (Process*) (Vector_take(this->processes, 0));
++ p->indent = 0;
++ Vector_add(this->processes2, p);
++ ProcessList_buildTree(this, p->pid, 0, 0, direction, p->showChildren);
+ }
+ assert(Vector_size(this->processes2) == vsize); (void)vsize;
+ assert(Vector_size(this->processes) == 0);
+--
+2.16.2
+
diff --git a/gnu/packages/patches/ldc-1.1.0-disable-dmd-tests.patch b/gnu/packages/patches/ldc-1.1.0-disable-dmd-tests.patch
deleted file mode 100644
index 31eb44aefc..0000000000
--- a/gnu/packages/patches/ldc-1.1.0-disable-dmd-tests.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-This patch deactivates some tests that fail when ldc is built with the command:
-
-./pre-inst-env guix environment guix --pure -- ./pre-inst-env guix build ldc@1.1.0-beta6
-
-When the --keep-failed flag is added to the build command above, and the tests
-run in the resulting /tmp/guix-build-ldc-1.1.0-beta6.drv-* directory, the tests
-pass.
-
-by Frederick M. Muriithi <fredmanglis@gmail.com>
-
-diff --git a/d_do_test.d b/d_do_test.d
-index aa67169..8173759 100755
---- a/d_do_test.d
-+++ b/d_do_test.d
-@@ -645,8 +645,6 @@ int main(string[] args)
- auto gdb_output = execute(fThisRun, command, true, result_path);
- if (testArgs.gdbMatch !is null)
- {
-- enforce(match(gdb_output, regex(testArgs.gdbMatch)),
-- "\nGDB regex: '"~testArgs.gdbMatch~"' didn't match output:\n----\n"~gdb_output~"\n----\n");
- }
- }
- }
-diff --git a/runnable/gdb15729.sh b/runnable/gdb15729.sh
-index 1d390e0..906b2b6 100755
---- a/runnable/gdb15729.sh
-+++ b/runnable/gdb15729.sh
-@@ -21,7 +21,6 @@ if [ $OS == "linux" ]; then
- echo RESULT=
- p s.val
- EOF
-- gdb ${dir}${SEP}gdb15729 --batch -x ${dir}${SEP}gdb15729.gdb | grep 'RESULT=.*1234' || exit 1
- fi
-
- rm -f ${libname} ${dir}${SEP}{gdb15729${OBJ},gdb15729${EXE},gdb15729.gdb}
diff --git a/gnu/packages/patches/ldc-1.1.0-disable-phobos-tests.patch b/gnu/packages/patches/ldc-1.1.0-disable-phobos-tests.patch
deleted file mode 100644
index 70dd419455..0000000000
--- a/gnu/packages/patches/ldc-1.1.0-disable-phobos-tests.patch
+++ /dev/null
@@ -1,414 +0,0 @@
-This patch deactivates failing tests that depend on network connectivity
-to pass in curl.d and socket.d
-It deactivates tests in path.d that assume /root
-
-A thread was started on the ldc forum to pursue the possibility of a
-version flag to deactivate tests conditionally. The thread is at
-https://forum.dlang.org/post/zmdbdgnzrxyvtpqafvyg@forum.dlang.org
-
-by Frederick M. Muriithi <fredmanglis@gmail.com>
-
-diff --git a/std/datetime.d b/std/datetime.d
-index 4d4afb1..2c91a44 100644
---- a/std/datetime.d
-+++ b/std/datetime.d
-@@ -27306,8 +27306,8 @@ public:
- // leaving it commented out until I can sort it out.
- //assert(equal(tzNames, tzNames.uniq()));
-
-- foreach(tzName; tzNames)
-- assertNotThrown!DateTimeException(testPZSuccess(tzName));
-+ //foreach(tzName; tzNames)
-+ //assertNotThrown!DateTimeException(testPZSuccess(tzName));
- }
-
-
-@@ -29178,8 +29178,8 @@ public:
-
- auto tzNames = getInstalledTZNames();
-
-- foreach(tzName; tzNames)
-- assertNotThrown!DateTimeException(testPTZSuccess(tzName));
-+ //foreach(tzName; tzNames)
-+ //assertNotThrown!DateTimeException(testPTZSuccess(tzName));
-
- // No timezone directories on Android, just a single tzdata file
- version(Android) {} else
-diff --git a/std/net/curl.d b/std/net/curl.d
-index 9c6af66..5fccb38 100644
---- a/std/net/curl.d
-+++ b/std/net/curl.d
-@@ -419,7 +419,7 @@ void download(Conn = AutoProtocol)(const(char)[] url, string saveToPath, Conn co
-
- unittest
- {
-- static import std.file;
-+ /*static import std.file;
- foreach (host; [testServer.addr, "http://"~testServer.addr])
- {
- testServer.handle((s) {
-@@ -430,7 +430,7 @@ unittest
- scope (exit) std.file.remove(fn);
- download(host, fn);
- assert(std.file.readText(fn) == "Hello world");
-- }
-+ }*/
- }
-
- /** Upload file from local files system using the HTTP or FTP protocol.
-@@ -483,7 +483,7 @@ void upload(Conn = AutoProtocol)(string loadFromPath, const(char)[] url, Conn co
-
- unittest
- {
-- static import std.file;
-+ /*static import std.file;
- foreach (host; [testServer.addr, "http://"~testServer.addr])
- {
- auto fn = std.file.deleteme;
-@@ -496,7 +496,7 @@ unittest
- s.send(httpOK());
- });
- upload(fn, host ~ "/path");
-- }
-+ }*/
- }
-
- /** HTTP/FTP get content.
-@@ -551,7 +551,7 @@ T[] get(Conn = AutoProtocol, T = char)(const(char)[] url, Conn conn = Conn())
-
- unittest
- {
-- foreach (host; [testServer.addr, "http://"~testServer.addr])
-+ /*foreach (host; [testServer.addr, "http://"~testServer.addr])
- {
- testServer.handle((s) {
- assert(s.recvReq.hdrs.canFind("GET /path"));
-@@ -559,7 +559,7 @@ unittest
- });
- auto res = get(host ~ "/path");
- assert(res == "GETRESPONSE");
-- }
-+ }*/
- }
-
-
-@@ -598,7 +598,7 @@ if (is(T == char) || is(T == ubyte))
-
- unittest
- {
-- foreach (host; [testServer.addr, "http://"~testServer.addr])
-+ /*foreach (host; [testServer.addr, "http://"~testServer.addr])
- {
- testServer.handle((s) {
- auto req = s.recvReq;
-@@ -608,12 +608,12 @@ unittest
- });
- auto res = post(host ~ "/path", "POSTBODY");
- assert(res == "POSTRESPONSE");
-- }
-+ }*/
- }
-
- unittest
- {
-- auto data = new ubyte[](256);
-+ /*auto data = new ubyte[](256);
- foreach (i, ref ub; data)
- ub = cast(ubyte)i;
-
-@@ -624,7 +624,7 @@ unittest
- s.send(httpOK(cast(ubyte[])[17, 27, 35, 41]));
- });
- auto res = post!ubyte(testServer.addr, data);
-- assert(res == cast(ubyte[])[17, 27, 35, 41]);
-+ assert(res == cast(ubyte[])[17, 27, 35, 41]);*/
- }
-
-
-@@ -680,7 +680,7 @@ T[] put(Conn = AutoProtocol, T = char, PutUnit)(const(char)[] url, const(PutUnit
-
- unittest
- {
-- foreach (host; [testServer.addr, "http://"~testServer.addr])
-+ /*foreach (host; [testServer.addr, "http://"~testServer.addr])
- {
- testServer.handle((s) {
- auto req = s.recvReq;
-@@ -690,7 +690,7 @@ unittest
- });
- auto res = put(host ~ "/path", "PUTBODY");
- assert(res == "PUTRESPONSE");
-- }
-+ }*/
- }
-
-
-@@ -742,7 +742,7 @@ void del(Conn = AutoProtocol)(const(char)[] url, Conn conn = Conn())
-
- unittest
- {
-- foreach (host; [testServer.addr, "http://"~testServer.addr])
-+ /*foreach (host; [testServer.addr, "http://"~testServer.addr])
- {
- testServer.handle((s) {
- auto req = s.recvReq;
-@@ -750,7 +750,7 @@ unittest
- s.send(httpOK());
- });
- del(host ~ "/path");
-- }
-+ }*/
- }
-
-
-@@ -796,13 +796,13 @@ T[] options(T = char, OptionsUnit)(const(char)[] url,
-
- unittest
- {
-- testServer.handle((s) {
-+ /*testServer.handle((s) {
- auto req = s.recvReq;
- assert(req.hdrs.canFind("OPTIONS /path"));
- s.send(httpOK("OPTIONSRESPONSE"));
- });
- auto res = options(testServer.addr ~ "/path");
-- assert(res == "OPTIONSRESPONSE");
-+ assert(res == "OPTIONSRESPONSE");*/
- }
-
-
-@@ -836,13 +836,13 @@ T[] trace(T = char)(const(char)[] url, HTTP conn = HTTP())
-
- unittest
- {
-- testServer.handle((s) {
-+ /*testServer.handle((s) {
- auto req = s.recvReq;
- assert(req.hdrs.canFind("TRACE /path"));
- s.send(httpOK("TRACERESPONSE"));
- });
- auto res = trace(testServer.addr ~ "/path");
-- assert(res == "TRACERESPONSE");
-+ assert(res == "TRACERESPONSE");*/
- }
-
-
-@@ -875,13 +875,13 @@ T[] connect(T = char)(const(char)[] url, HTTP conn = HTTP())
-
- unittest
- {
-- testServer.handle((s) {
-+ /*testServer.handle((s) {
- auto req = s.recvReq;
- assert(req.hdrs.canFind("CONNECT /path"));
- s.send(httpOK("CONNECTRESPONSE"));
- });
- auto res = connect(testServer.addr ~ "/path");
-- assert(res == "CONNECTRESPONSE");
-+ assert(res == "CONNECTRESPONSE");*/
- }
-
-
-@@ -919,14 +919,14 @@ T[] patch(T = char, PatchUnit)(const(char)[] url, const(PatchUnit)[] patchData,
-
- unittest
- {
-- testServer.handle((s) {
-+ /*testServer.handle((s) {
- auto req = s.recvReq;
- assert(req.hdrs.canFind("PATCH /path"));
- assert(req.bdy.canFind("PATCHBODY"));
- s.send(httpOK("PATCHRESPONSE"));
- });
- auto res = patch(testServer.addr ~ "/path", "PATCHBODY");
-- assert(res == "PATCHRESPONSE");
-+ assert(res == "PATCHRESPONSE");*/
- }
-
-
-@@ -1031,19 +1031,19 @@ private auto _basicHTTP(T)(const(char)[] url, const(void)[] sendData, HTTP clien
-
- unittest
- {
-- testServer.handle((s) {
-+ /*testServer.handle((s) {
- auto req = s.recvReq;
- assert(req.hdrs.canFind("GET /path"));
- s.send(httpNotFound());
- });
- auto e = collectException!CurlException(get(testServer.addr ~ "/path"));
-- assert(e.msg == "HTTP request returned status code 404 (Not Found)");
-+ assert(e.msg == "HTTP request returned status code 404 (Not Found)");*/
- }
-
- // Bugzilla 14760 - content length must be reset after post
- unittest
- {
-- testServer.handle((s) {
-+ /*testServer.handle((s) {
- auto req = s.recvReq;
- assert(req.hdrs.canFind("POST /"));
- assert(req.bdy.canFind("POSTBODY"));
-@@ -1061,7 +1061,7 @@ unittest
- auto res = post(testServer.addr, "POSTBODY", http);
- assert(res == "POSTRESPONSE");
- res = trace(testServer.addr, http);
-- assert(res == "TRACERESPONSE");
-+ assert(res == "TRACERESPONSE");*/
- }
-
- /*
-@@ -1265,14 +1265,14 @@ if (isCurlConn!Conn && isSomeChar!Char && isSomeChar!Terminator)
-
- unittest
- {
-- foreach (host; [testServer.addr, "http://"~testServer.addr])
-+ /*foreach (host; [testServer.addr, "http://"~testServer.addr])
- {
- testServer.handle((s) {
- auto req = s.recvReq;
- s.send(httpOK("Line1\nLine2\nLine3"));
- });
- assert(byLine(host).equal(["Line1", "Line2", "Line3"]));
-- }
-+ }*/
- }
-
- /** HTTP/FTP fetch content as a range of chunks.
-@@ -1337,14 +1337,14 @@ auto byChunk(Conn = AutoProtocol)
-
- unittest
- {
-- foreach (host; [testServer.addr, "http://"~testServer.addr])
-+ /*foreach (host; [testServer.addr, "http://"~testServer.addr])
- {
- testServer.handle((s) {
- auto req = s.recvReq;
- s.send(httpOK(cast(ubyte[])[0, 1, 2, 3, 4, 5]));
- });
- assert(byChunk(host, 2).equal([[0, 1], [2, 3], [4, 5]]));
-- }
-+ }*/
- }
-
- private T[] _getForRange(T,Conn)(const(char)[] url, Conn conn)
-@@ -1629,14 +1629,14 @@ auto byLineAsync(Conn = AutoProtocol, Terminator = char, Char = char)
-
- unittest
- {
-- foreach (host; [testServer.addr, "http://"~testServer.addr])
-+ /*foreach (host; [testServer.addr, "http://"~testServer.addr])
- {
- testServer.handle((s) {
- auto req = s.recvReq;
- s.send(httpOK("Line1\nLine2\nLine3"));
- });
- assert(byLineAsync(host).equal(["Line1", "Line2", "Line3"]));
-- }
-+ }*/
- }
-
-
-@@ -1778,14 +1778,14 @@ auto byChunkAsync(Conn = AutoProtocol)
-
- unittest
- {
-- foreach (host; [testServer.addr, "http://"~testServer.addr])
-+ /*foreach (host; [testServer.addr, "http://"~testServer.addr])
- {
- testServer.handle((s) {
- auto req = s.recvReq;
- s.send(httpOK(cast(ubyte[])[0, 1, 2, 3, 4, 5]));
- });
- assert(byChunkAsync(host, 2).equal([[0, 1], [2, 3], [4, 5]]));
-- }
-+ }*/
- }
-
-
-@@ -2041,7 +2041,7 @@ private mixin template Protocol()
-
- unittest
- {
-- testServer.handle((s) {
-+ /*testServer.handle((s) {
- auto req = s.recvReq;
- assert(req.hdrs.canFind("GET /"));
- assert(req.hdrs.canFind("Basic dXNlcjpwYXNz"));
-@@ -2051,7 +2051,7 @@ private mixin template Protocol()
- auto http = HTTP(testServer.addr);
- http.onReceive = (ubyte[] data) { return data.length; };
- http.setAuthentication("user", "pass");
-- http.perform();
-+ http.perform();*/
- }
-
- /**
-@@ -2959,7 +2959,7 @@ struct HTTP
-
- unittest
- {
-- testServer.handle((s) {
-+ /*testServer.handle((s) {
- auto req = s.recvReq!ubyte;
- assert(req.hdrs.canFind("POST /path"));
- assert(req.bdy.canFind(cast(ubyte[])[0, 1, 2, 3, 4]));
-@@ -2975,7 +2975,7 @@ struct HTTP
- ubyte[] res;
- http.onReceive = (data) { res ~= data; return data.length; };
- http.perform();
-- assert(res == cast(ubyte[])[17, 27, 35, 41]);
-+ assert(res == cast(ubyte[])[17, 27, 35, 41]);*/
- }
-
- /**
-diff --git a/std/path.d b/std/path.d
-index 60c844f..0598104 100644
---- a/std/path.d
-+++ b/std/path.d
-@@ -3953,8 +3953,10 @@ unittest
- }
- else
- {
-+/*
- assert(expandTilde("~root") == "/root", expandTilde("~root"));
- assert(expandTilde("~root/") == "/root/", expandTilde("~root/"));
-+*/
- }
- assert(expandTilde("~Idontexist/hey") == "~Idontexist/hey");
- }
-diff --git a/std/socket.d b/std/socket.d
-index 7f5a3c3..e68b881 100644
---- a/std/socket.d
-+++ b/std/socket.d
-@@ -481,15 +481,15 @@ unittest
- {
- softUnittest({
- Protocol proto = new Protocol;
-- assert(proto.getProtocolByType(ProtocolType.TCP));
-+ //assert(proto.getProtocolByType(ProtocolType.TCP));
- //writeln("About protocol TCP:");
- //writefln("\tName: %s", proto.name);
- // foreach(string s; proto.aliases)
- // {
- // writefln("\tAlias: %s", s);
- // }
-- assert(proto.name == "tcp");
-- assert(proto.aliases.length == 1 && proto.aliases[0] == "TCP");
-+ //assert(proto.name == "tcp");
-+ //assert(proto.aliases.length == 1 && proto.aliases[0] == "TCP");
- });
- }
-
-@@ -832,9 +832,9 @@ unittest
- InternetHost ih = new InternetHost;
-
- ih.getHostByAddr(0x7F_00_00_01);
-- assert(ih.addrList[0] == 0x7F_00_00_01);
-+ //assert(ih.addrList[0] == 0x7F_00_00_01);
- ih.getHostByAddr("127.0.0.1");
-- assert(ih.addrList[0] == 0x7F_00_00_01);
-+ //assert(ih.addrList[0] == 0x7F_00_00_01);
-
- softUnittest({
- if (!ih.getHostByName("www.digitalmars.com"))
diff --git a/gnu/packages/patches/ldc-1.7.0-disable-phobos-tests.patch b/gnu/packages/patches/ldc-1.7.0-disable-phobos-tests.patch
new file mode 100644
index 0000000000..ccc136cc76
--- /dev/null
+++ b/gnu/packages/patches/ldc-1.7.0-disable-phobos-tests.patch
@@ -0,0 +1,88 @@
+diff --git a/std/path.d b/std/path.d
+index a9f0bd8..f47d103 100644
+--- a/std/path.d
++++ b/std/path.d
+@@ -4041,7 +4041,7 @@ version(unittest) import std.process : environment;
+ else version (Android)
+ {
+ }
+- else
++ else version (HasRoot)
+ {
+ assert(expandTilde("~root") == "/root", expandTilde("~root"));
+ assert(expandTilde("~root/") == "/root/", expandTilde("~root/"));
+
+diff --git a/std/process.d b/std/process.d
+index df83296..d921cdb 100644
+--- a/std/process.d
++++ b/std/process.d
+@@ -1171,7 +1171,7 @@ version (Posix) @system unittest
+ assert(exists(buildPath(directory, "bar")));
+ }
+
+-@system unittest // Specifying a bad working directory.
++@system version(skipunittest) unittest // Specifying a bad working directory.
+ {
+ import std.exception : assertThrown;
+ TestScript prog = "/bin/echo";
+diff --git a/std/socket.d b/std/socket.d
+index 8a261d5..c1b87b6 100644
+--- a/std/socket.d
++++ b/std/socket.d
+@@ -484,7 +484,7 @@ class Protocol
+ // Skip this test on Android because getprotobyname/number are
+ // unimplemented in bionic.
+ version(CRuntime_Bionic) {} else
+-@safe unittest
++@safe version(hasNetwork) unittest
+ {
+ softUnittest({
+ Protocol proto = new Protocol;
+@@ -804,7 +804,7 @@ class InternetHost
+ }
+
+ ///
+-@safe unittest
++@safe version(hasNetwork) unittest
+ {
+ InternetHost ih = new InternetHost;
+
+@@ -959,7 +959,7 @@ AddressInfo[] getAddressInfo(T...)(in char[] node, T options)
+ return () @trusted { return getAddressInfoImpl(node, service, &hints); }();
+ }
+
+-@system unittest
++@system version(hasNetwork) unittest
+ {
+ struct Oops
+ {
+@@ -1010,7 +1010,7 @@ private AddressInfo[] getAddressInfoImpl(in char[] node, in char[] service, addr
+ }
+
+
+-@safe unittest
++@safe version(hasNetwork) unittest
+ {
+ softUnittest({
+ if (getaddrinfoPointer)
+diff --git a/std/stdio.d b/std/stdio.d
+index 10106a5..4b0590e 100644
+--- a/std/stdio.d
++++ b/std/stdio.d
+@@ -1426,8 +1426,7 @@ Removes the lock over the specified file segment.
+ g.unlock();
+ }
+
+- version(Posix)
+- @system unittest
++ @system version(skip) unittest
+ {
+ static import std.file;
+ auto deleteme = testFilename();
+@@ -1483,7 +1482,6 @@ Removes the lock over the specified file segment.
+ f.unlock();
+ }
+
+-
+ /**
+ Writes its arguments in text format to the file.
diff --git a/gnu/packages/patches/ldc-disable-tests.patch b/gnu/packages/patches/ldc-bootstrap-disable-tests.patch
index bdd6e5b76c..d2e40b8016 100644
--- a/gnu/packages/patches/ldc-disable-tests.patch
+++ b/gnu/packages/patches/ldc-bootstrap-disable-tests.patch
@@ -4,17 +4,17 @@ two others use networking. Not bad out of almost 700 tests!
by Pjotr Prins <pjotr.guix@thebird.nl>
---- a/std/datetime.d.orig 2016-11-24 01:13:52.584495545 +0100
-+++ b/std/datetime.d 2016-11-24 01:17:09.655306728 +0100
+--- a/std/datetime.d.orig 2016-11-24 01:13:52.584495545 +0100
++++ b/std/datetime.d 2016-11-24 01:17:09.655306728 +0100
@@ -28081,22 +28081,24 @@
import std.range : retro;
import std.format : format;
-
+
- name = strip(name);
-
enforce(tzDatabaseDir.exists(), new DateTimeException(format("Directory %s does not exist.", tzDatabaseDir)));
enforce(tzDatabaseDir.isDir, new DateTimeException(format("%s is not a directory.", tzDatabaseDir)));
-
+
version(Android)
{
+ name = strip(name);
@@ -29,11 +29,11 @@ by Pjotr Prins <pjotr.guix@thebird.nl>
+ auto filename = "./" ~ strip(name); // make sure the prefix is not stripped
+ immutable file = buildNormalizedPath(tzDatabaseDir, filename);
+ }
-
+
- enforce(file.exists(), new DateTimeException(format("File %s does not exist.", file)));
+ enforce(file.exists(), new DateTimeException(format("File %s does not exist in %s.", file, tzDatabaseDir)));
enforce(file.isFile, new DateTimeException(format("%s is not a file.", file)));
-
+
auto tzFile = File(file);
diff --git a/std/path.d b/std/path.d
index 254d8f0..b0fc04d 100644
@@ -56,13 +56,13 @@ index b85d1c9..7fbf346 100644
--- a/std/socket.d
+++ b/std/socket.d
@@ -859,6 +862,8 @@ class InternetHost
-
+
unittest
{
+ pragma(msg, "test disabled on GNU Guix");
+ /*
InternetHost ih = new InternetHost;
-
+
ih.getHostByAddr(0x7F_00_00_01);
@@ -889,6 +894,7 @@ unittest
// writefln("aliases[%d] = %s", i, s);
@@ -70,5 +70,3 @@ index b85d1c9..7fbf346 100644
});
+ */
}
-
-
diff --git a/gnu/packages/patches/optipng-CVE-2017-1000229.patch b/gnu/packages/patches/optipng-CVE-2017-1000229.patch
deleted file mode 100644
index 2cb3b2f21c..0000000000
--- a/gnu/packages/patches/optipng-CVE-2017-1000229.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-Fix CVE-2017-1000229:
-
-https://security-tracker.debian.org/tracker/CVE-2017-1000229
-https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000229.html
-https://nvd.nist.gov/vuln/detail/CVE-2017-1000229
-
-Patch copied from upstream bug tracker:
-https://sourceforge.net/p/optipng/bugs/65/
-
-diff --git a/src/minitiff/tiffread.c b/src/minitiff/tiffread.c
-index b4910ec..5f9b376 100644
---- a/src/minitiff/tiffread.c
-+++ b/src/minitiff/tiffread.c
-@@ -350,6 +350,8 @@ minitiff_read_info(struct minitiff_info *tiff_ptr, FILE *fp)
- count = tiff_ptr->strip_offsets_count;
- if (count == 0 || count > tiff_ptr->height)
- goto err_invalid;
-+ if (count > (size_t)-1 / sizeof(long))
-+ goto err_memory;
- tiff_ptr->strip_offsets = (long *)malloc(count * sizeof(long));
- if (tiff_ptr->strip_offsets == NULL)
- goto err_memory;
diff --git a/gnu/packages/patches/password-store-gnupg-compat.patch b/gnu/packages/patches/password-store-gnupg-compat.patch
new file mode 100644
index 0000000000..75c6362021
--- /dev/null
+++ b/gnu/packages/patches/password-store-gnupg-compat.patch
@@ -0,0 +1,28 @@
+Copied from upstream mailing list:
+https://lists.zx2c4.com/pipermail/password-store/2018-February/003216.html.
+
+From 9b0c86159d754cc88dd3642564eed527153dfb7f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Cl=C3=A9ment=20Lassieur?= <clement@lassieur.org>
+Date: Sat, 24 Feb 2018 12:05:46 +0100
+Subject: [PATCH] tests: fix compatibility with GnuPG 2.2.5
+
+---
+ tests/t0300-reencryption.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/t0300-reencryption.sh b/tests/t0300-reencryption.sh
+index 6d5811d..6d15364 100755
+--- a/tests/t0300-reencryption.sh
++++ b/tests/t0300-reencryption.sh
+@@ -10,7 +10,7 @@ canonicalize_gpg_keys() {
+ $GPG --list-keys --with-colons "$@" | sed -n 's/sub:[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u
+ }
+ gpg_keys_from_encrypted_file() {
+- $GPG -v --no-secmem-warning --no-permission-warning --decrypt --list-only --keyid-format long "$1" 2>&1 | cut -d ' ' -f 5 | LC_ALL=C sort -u
++ $GPG -v --no-secmem-warning --no-permission-warning --decrypt --list-only --keyid-format long "$1" 2>&1 | grep "public key is" | cut -d ' ' -f 5 | LC_ALL=C sort -u
+ }
+ gpg_keys_from_group() {
+ local output="$($GPG --list-config --with-colons | sed -n "s/^cfg:group:$1:\\(.*\\)/\\1/p" | head -n 1)"
+--
+2.16.2
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-15038.patch b/gnu/packages/patches/qemu-CVE-2017-15038.patch
deleted file mode 100644
index 4791a186bf..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-15038.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-Fix CVE-2017-15038:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15038
-
-Patch copied from upstream source repository:
-
-https://git.qemu.org/?p=qemu.git;a=commitdiff;h=7bd92756303f2158a68d5166264dc30139b813b6
-
-From 7bd92756303f2158a68d5166264dc30139b813b6 Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Mon, 16 Oct 2017 14:21:59 +0200
-Subject: [PATCH] 9pfs: use g_malloc0 to allocate space for xattr
-
-9p back-end first queries the size of an extended attribute,
-allocates space for it via g_malloc() and then retrieves its
-value into allocated buffer. Race between querying attribute
-size and retrieving its could lead to memory bytes disclosure.
-Use g_malloc0() to avoid it.
-
-Reported-by: Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Signed-off-by: Greg Kurz <groug@kaod.org>
----
- hw/9pfs/9p.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
-index 23ac7bb532..f8bbac251d 100644
---- a/hw/9pfs/9p.c
-+++ b/hw/9pfs/9p.c
-@@ -3234,7 +3234,7 @@ static void coroutine_fn v9fs_xattrwalk(void *opaque)
- xattr_fidp->fid_type = P9_FID_XATTR;
- xattr_fidp->fs.xattr.xattrwalk_fid = true;
- if (size) {
-- xattr_fidp->fs.xattr.value = g_malloc(size);
-+ xattr_fidp->fs.xattr.value = g_malloc0(size);
- err = v9fs_co_llistxattr(pdu, &xattr_fidp->path,
- xattr_fidp->fs.xattr.value,
- xattr_fidp->fs.xattr.len);
-@@ -3267,7 +3267,7 @@ static void coroutine_fn v9fs_xattrwalk(void *opaque)
- xattr_fidp->fid_type = P9_FID_XATTR;
- xattr_fidp->fs.xattr.xattrwalk_fid = true;
- if (size) {
-- xattr_fidp->fs.xattr.value = g_malloc(size);
-+ xattr_fidp->fs.xattr.value = g_malloc0(size);
- err = v9fs_co_lgetxattr(pdu, &xattr_fidp->path,
- &name, xattr_fidp->fs.xattr.value,
- xattr_fidp->fs.xattr.len);
---
-2.15.0
-
diff --git a/gnu/packages/patches/qemu-CVE-2017-15289.patch b/gnu/packages/patches/qemu-CVE-2017-15289.patch
deleted file mode 100644
index d4b536a405..0000000000
--- a/gnu/packages/patches/qemu-CVE-2017-15289.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-Fix CVE-2017-15289:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15289
-
-Patch copied from upstream source repository:
-
-https://git.qemu.org/?p=qemu.git;a=commitdiff;h=eb38e1bc3740725ca29a535351de94107ec58d51
-
-From eb38e1bc3740725ca29a535351de94107ec58d51 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Wed, 11 Oct 2017 10:43:14 +0200
-Subject: [PATCH] cirrus: fix oob access in mode4and5 write functions
-
-Move dst calculation into the loop, so we apply the mask on each
-interation and will not overflow vga memory.
-
-Cc: Prasad J Pandit <pjp@fedoraproject.org>
-Reported-by: Niu Guoxiang <niuguoxiang@huawei.com>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Message-id: 20171011084314.21752-1-kraxel@redhat.com
----
- hw/display/cirrus_vga.c | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
-index b4d579857a..bc32bf1e39 100644
---- a/hw/display/cirrus_vga.c
-+++ b/hw/display/cirrus_vga.c
-@@ -2038,15 +2038,14 @@ static void cirrus_mem_writeb_mode4and5_8bpp(CirrusVGAState * s,
- unsigned val = mem_value;
- uint8_t *dst;
-
-- dst = s->vga.vram_ptr + (offset &= s->cirrus_addr_mask);
- for (x = 0; x < 8; x++) {
-+ dst = s->vga.vram_ptr + ((offset + x) & s->cirrus_addr_mask);
- if (val & 0x80) {
- *dst = s->cirrus_shadow_gr1;
- } else if (mode == 5) {
- *dst = s->cirrus_shadow_gr0;
- }
- val <<= 1;
-- dst++;
- }
- memory_region_set_dirty(&s->vga.vram, offset, 8);
- }
-@@ -2060,8 +2059,8 @@ static void cirrus_mem_writeb_mode4and5_16bpp(CirrusVGAState * s,
- unsigned val = mem_value;
- uint8_t *dst;
-
-- dst = s->vga.vram_ptr + (offset &= s->cirrus_addr_mask);
- for (x = 0; x < 8; x++) {
-+ dst = s->vga.vram_ptr + ((offset + 2 * x) & s->cirrus_addr_mask & ~1);
- if (val & 0x80) {
- *dst = s->cirrus_shadow_gr1;
- *(dst + 1) = s->vga.gr[0x11];
-@@ -2070,7 +2069,6 @@ static void cirrus_mem_writeb_mode4and5_16bpp(CirrusVGAState * s,
- *(dst + 1) = s->vga.gr[0x10];
- }
- val <<= 1;
-- dst += 2;
- }
- memory_region_set_dirty(&s->vga.vram, offset, 16);
- }
---
-2.15.0
-
diff --git a/gnu/packages/patches/wavpack-CVE-2018-7253.patch b/gnu/packages/patches/wavpack-CVE-2018-7253.patch
new file mode 100644
index 0000000000..651755afd0
--- /dev/null
+++ b/gnu/packages/patches/wavpack-CVE-2018-7253.patch
@@ -0,0 +1,29 @@
+Fix CVE-2018-7253:
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7253
+
+Copied from upstream:
+https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec
+
+diff --git a/cli/dsdiff.c b/cli/dsdiff.c
+index 410dc1c..c016df9 100644
+--- a/cli/dsdiff.c
++++ b/cli/dsdiff.c
+@@ -153,7 +153,17 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
+ error_line ("dsdiff file version = 0x%08x", version);
+ }
+ else if (!strncmp (dff_chunk_header.ckID, "PROP", 4)) {
+- char *prop_chunk = malloc ((size_t) dff_chunk_header.ckDataSize);
++ char *prop_chunk;
++
++ if (dff_chunk_header.ckDataSize < 4 || dff_chunk_header.ckDataSize > 1024) {
++ error_line ("%s is not a valid .DFF file!", infilename);
++ return WAVPACK_SOFT_ERROR;
++ }
++
++ if (debug_logging_mode)
++ error_line ("got PROP chunk of %d bytes total", (int) dff_chunk_header.ckDataSize);
++
++ prop_chunk = malloc ((size_t) dff_chunk_header.ckDataSize);
+
+ if (!DoReadFile (infile, prop_chunk, (uint32_t) dff_chunk_header.ckDataSize, &bcount) ||
+ bcount != dff_chunk_header.ckDataSize) {
diff --git a/gnu/packages/patches/wavpack-CVE-2018-7254.patch b/gnu/packages/patches/wavpack-CVE-2018-7254.patch
new file mode 100644
index 0000000000..61db296ec8
--- /dev/null
+++ b/gnu/packages/patches/wavpack-CVE-2018-7254.patch
@@ -0,0 +1,62 @@
+Fix CVE-2018-7254:
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7254
+
+Copied from upstream:
+https://github.com/dbry/WavPack/commit/8e3fe45a7bac31d9a3b558ae0079e2d92a04799e
+
+diff --git a/cli/caff.c b/cli/caff.c
+index ae57c4b..6248a71 100644
+--- a/cli/caff.c
++++ b/cli/caff.c
+@@ -89,8 +89,8 @@ typedef struct
+
+ #define CAFChannelDescriptionFormat "LLLLL"
+
+-static const char TMH_full [] = { 1,2,3,13,9,10,5,6,12,14,15,16,17,9,4,18,7,8,19,20,21 };
+-static const char TMH_std [] = { 1,2,3,11,8,9,5,6,10,12,13,14,15,7,4,16 };
++static const char TMH_full [] = { 1,2,3,13,9,10,5,6,12,14,15,16,17,9,4,18,7,8,19,20,21,0 };
++static const char TMH_std [] = { 1,2,3,11,8,9,5,6,10,12,13,14,15,7,4,16,0 };
+
+ static struct {
+ uint32_t mChannelLayoutTag; // Core Audio layout, 100 - 146 in high word, num channels in low word
+@@ -274,10 +274,19 @@ int ParseCaffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpack
+ }
+ }
+ else if (!strncmp (caf_chunk_header.mChunkType, "chan", 4)) {
+- CAFChannelLayout *caf_channel_layout = malloc ((size_t) caf_chunk_header.mChunkSize);
++ CAFChannelLayout *caf_channel_layout;
+
+- if (caf_chunk_header.mChunkSize < sizeof (CAFChannelLayout) ||
+- !DoReadFile (infile, caf_channel_layout, (uint32_t) caf_chunk_header.mChunkSize, &bcount) ||
++ if (caf_chunk_header.mChunkSize < sizeof (CAFChannelLayout) || caf_chunk_header.mChunkSize > 1024) {
++ error_line ("this .CAF file has an invalid 'chan' chunk!");
++ return WAVPACK_SOFT_ERROR;
++ }
++
++ if (debug_logging_mode)
++ error_line ("'chan' chunk is %d bytes", (int) caf_chunk_header.mChunkSize);
++
++ caf_channel_layout = malloc ((size_t) caf_chunk_header.mChunkSize);
++
++ if (!DoReadFile (infile, caf_channel_layout, (uint32_t) caf_chunk_header.mChunkSize, &bcount) ||
+ bcount != caf_chunk_header.mChunkSize) {
+ error_line ("%s is not a valid .CAF file!", infilename);
+ free (caf_channel_layout);
+@@ -495,8 +504,15 @@ int ParseCaffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpack
+ }
+ else { // just copy unknown chunks to output file
+
+- int bytes_to_copy = (uint32_t) caf_chunk_header.mChunkSize;
+- char *buff = malloc (bytes_to_copy);
++ uint32_t bytes_to_copy = (uint32_t) caf_chunk_header.mChunkSize;
++ char *buff;
++
++ if (caf_chunk_header.mChunkSize < 0 || caf_chunk_header.mChunkSize > 1048576) {
++ error_line ("%s is not a valid .CAF file!", infilename);
++ return WAVPACK_SOFT_ERROR;
++ }
++
++ buff = malloc (bytes_to_copy);
+
+ if (debug_logging_mode)
+ error_line ("extra unknown chunk \"%c%c%c%c\" of %d bytes",