diff options
author | Marius Bakke <mbakke@fastmail.com> | 2018-02-24 21:49:30 +0100 |
---|---|---|
committer | Marius Bakke <mbakke@fastmail.com> | 2018-02-24 21:49:30 +0100 |
commit | e58bf025df9ea1450e94fb63e87afc1fa5afd182 (patch) | |
tree | 358c2dc04c675fc58088cdfcf42ab1a7755f71ea /gnu/packages/patches | |
parent | 9102ce124c807a6a3d9e8f492adafd830cf833f3 (diff) | |
parent | e8ee100e8eb46224d5549dffc707cfeb96ad0e21 (diff) | |
download | guix-e58bf025df9ea1450e94fb63e87afc1fa5afd182.tar guix-e58bf025df9ea1450e94fb63e87afc1fa5afd182.tar.gz |
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/freetype-CVE-2018-6942.patch | 31 | ||||
-rw-r--r-- | gnu/packages/patches/htop-fix-process-tree.patch | 99 | ||||
-rw-r--r-- | gnu/packages/patches/ldc-1.1.0-disable-dmd-tests.patch | 35 | ||||
-rw-r--r-- | gnu/packages/patches/ldc-1.1.0-disable-phobos-tests.patch | 414 | ||||
-rw-r--r-- | gnu/packages/patches/ldc-1.7.0-disable-phobos-tests.patch | 88 | ||||
-rw-r--r-- | gnu/packages/patches/ldc-bootstrap-disable-tests.patch (renamed from gnu/packages/patches/ldc-disable-tests.patch) | 18 | ||||
-rw-r--r-- | gnu/packages/patches/optipng-CVE-2017-1000229.patch | 22 | ||||
-rw-r--r-- | gnu/packages/patches/password-store-gnupg-compat.patch | 28 | ||||
-rw-r--r-- | gnu/packages/patches/qemu-CVE-2017-15038.patch | 51 | ||||
-rw-r--r-- | gnu/packages/patches/qemu-CVE-2017-15289.patch | 66 | ||||
-rw-r--r-- | gnu/packages/patches/wavpack-CVE-2018-7253.patch | 29 | ||||
-rw-r--r-- | gnu/packages/patches/wavpack-CVE-2018-7254.patch | 62 |
12 files changed, 345 insertions, 598 deletions
diff --git a/gnu/packages/patches/freetype-CVE-2018-6942.patch b/gnu/packages/patches/freetype-CVE-2018-6942.patch new file mode 100644 index 0000000000..680f357765 --- /dev/null +++ b/gnu/packages/patches/freetype-CVE-2018-6942.patch @@ -0,0 +1,31 @@ +Fix CVE-2018-6942: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6942 +https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6942.html + +Copied from upstream (ChangeLog section removed): +https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef + +diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c +index d855aaa..551f14a 100644 +--- a/src/truetype/ttinterp.c ++++ b/src/truetype/ttinterp.c +@@ -7532,8 +7532,16 @@ + return; + } + +- for ( i = 0; i < num_axes; i++ ) +- args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */ ++ if ( coords ) ++ { ++ for ( i = 0; i < num_axes; i++ ) ++ args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */ ++ } ++ else ++ { ++ for ( i = 0; i < num_axes; i++ ) ++ args[i] = 0; ++ } + } + + diff --git a/gnu/packages/patches/htop-fix-process-tree.patch b/gnu/packages/patches/htop-fix-process-tree.patch new file mode 100644 index 0000000000..d8e5e2ccac --- /dev/null +++ b/gnu/packages/patches/htop-fix-process-tree.patch @@ -0,0 +1,99 @@ +From 2971a187551e062ffefdab965f55377b36cd94eb Mon Sep 17 00:00:00 2001 +From: Tobias Geerinckx-Rice <me@tobias.gr> +Date: Wed, 21 Feb 2018 06:00:50 +0100 +Subject: [PATCH] Fix process tree +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This manually reverts: + + commit 584a9bceab948590dabd189d234a86e6bf4ec3f4 + Author: wangqr <wangqr@wangqr.tk> + Date: Fri Sep 1 21:27:24 2017 +0800 + + Find roots when constructing process tree, fix #587 + +which breaks the process tree (âtâ) view in at least some cases. +I will investigate further... +--- + ProcessList.c | 63 +++++++++++++++++------------------------------------------ + 1 file changed, 18 insertions(+), 45 deletions(-) + +diff --git a/ProcessList.c b/ProcessList.c +index 48b2d95..225253d 100644 +--- a/ProcessList.c ++++ b/ProcessList.c +@@ -213,51 +213,24 @@ void ProcessList_sort(ProcessList* this) { + // Restore settings + this->settings->sortKey = sortKey; + this->settings->direction = direction; +- int vsize = Vector_size(this->processes); +- // Find all processes whose parent is not visible +- int size; +- while ((size = Vector_size(this->processes))) { +- int i; +- for (i = 0; i < size; i++) { +- Process* process = (Process*)(Vector_get(this->processes, i)); +- // Immediately consume not shown processes +- if (!process->show) { +- process = (Process*)(Vector_take(this->processes, i)); +- process->indent = 0; +- Vector_add(this->processes2, process); +- ProcessList_buildTree(this, process->pid, 0, 0, direction, false); +- break; +- } +- pid_t ppid = process->tgid == process->pid ? process->ppid : process->tgid; +- // Bisect the process vector to find parent +- int l = 0, r = size; +- // If PID corresponds with PPID (e.g. "kernel_task" (PID:0, PPID:0) +- // on Mac OS X 10.11.6) cancel bisecting and regard this process as +- // root. +- if (process->pid == ppid) +- r = 0; +- while (l < r) { +- int c = (l + r) / 2; +- pid_t pid = ((Process*)(Vector_get(this->processes, c)))->pid; +- if (ppid == pid) { +- break; +- } else if (ppid < pid) { +- r = c; +- } else { +- l = c + 1; +- } +- } +- // If parent not found, then construct the tree with this root +- if (l >= r) { +- process = (Process*)(Vector_take(this->processes, i)); +- process->indent = 0; +- Vector_add(this->processes2, process); +- ProcessList_buildTree(this, process->pid, 0, 0, direction, process->showChildren); +- break; +- } +- } +- // There should be no loop in the process tree +- assert(i < size); ++ ++ // Take PID 1 as root and add to the new listing ++ int vsize = Vector_size(this->processes); ++ Process* init = (Process*) (Vector_take(this->processes, 0)); ++ if (!init) return; ++ // This assertion crashes on hardened kernels. ++ // I wonder how well tree view works on those systems. ++ // assert(init->pid == 1); ++ init->indent = 0; ++ Vector_add(this->processes2, init); ++ // Recursively empty list ++ ProcessList_buildTree(this, init->pid, 0, 0, direction, true); ++ // Add leftovers ++ while (Vector_size(this->processes)) { ++ Process* p = (Process*) (Vector_take(this->processes, 0)); ++ p->indent = 0; ++ Vector_add(this->processes2, p); ++ ProcessList_buildTree(this, p->pid, 0, 0, direction, p->showChildren); + } + assert(Vector_size(this->processes2) == vsize); (void)vsize; + assert(Vector_size(this->processes) == 0); +-- +2.16.2 + diff --git a/gnu/packages/patches/ldc-1.1.0-disable-dmd-tests.patch b/gnu/packages/patches/ldc-1.1.0-disable-dmd-tests.patch deleted file mode 100644 index 31eb44aefc..0000000000 --- a/gnu/packages/patches/ldc-1.1.0-disable-dmd-tests.patch +++ /dev/null @@ -1,35 +0,0 @@ -This patch deactivates some tests that fail when ldc is built with the command: - -./pre-inst-env guix environment guix --pure -- ./pre-inst-env guix build ldc@1.1.0-beta6 - -When the --keep-failed flag is added to the build command above, and the tests -run in the resulting /tmp/guix-build-ldc-1.1.0-beta6.drv-* directory, the tests -pass. - -by Frederick M. Muriithi <fredmanglis@gmail.com> - -diff --git a/d_do_test.d b/d_do_test.d -index aa67169..8173759 100755 ---- a/d_do_test.d -+++ b/d_do_test.d -@@ -645,8 +645,6 @@ int main(string[] args) - auto gdb_output = execute(fThisRun, command, true, result_path); - if (testArgs.gdbMatch !is null) - { -- enforce(match(gdb_output, regex(testArgs.gdbMatch)), -- "\nGDB regex: '"~testArgs.gdbMatch~"' didn't match output:\n----\n"~gdb_output~"\n----\n"); - } - } - } -diff --git a/runnable/gdb15729.sh b/runnable/gdb15729.sh -index 1d390e0..906b2b6 100755 ---- a/runnable/gdb15729.sh -+++ b/runnable/gdb15729.sh -@@ -21,7 +21,6 @@ if [ $OS == "linux" ]; then - echo RESULT= - p s.val - EOF -- gdb ${dir}${SEP}gdb15729 --batch -x ${dir}${SEP}gdb15729.gdb | grep 'RESULT=.*1234' || exit 1 - fi - - rm -f ${libname} ${dir}${SEP}{gdb15729${OBJ},gdb15729${EXE},gdb15729.gdb} diff --git a/gnu/packages/patches/ldc-1.1.0-disable-phobos-tests.patch b/gnu/packages/patches/ldc-1.1.0-disable-phobos-tests.patch deleted file mode 100644 index 70dd419455..0000000000 --- a/gnu/packages/patches/ldc-1.1.0-disable-phobos-tests.patch +++ /dev/null @@ -1,414 +0,0 @@ -This patch deactivates failing tests that depend on network connectivity -to pass in curl.d and socket.d -It deactivates tests in path.d that assume /root - -A thread was started on the ldc forum to pursue the possibility of a -version flag to deactivate tests conditionally. The thread is at -https://forum.dlang.org/post/zmdbdgnzrxyvtpqafvyg@forum.dlang.org - -by Frederick M. Muriithi <fredmanglis@gmail.com> - -diff --git a/std/datetime.d b/std/datetime.d -index 4d4afb1..2c91a44 100644 ---- a/std/datetime.d -+++ b/std/datetime.d -@@ -27306,8 +27306,8 @@ public: - // leaving it commented out until I can sort it out. - //assert(equal(tzNames, tzNames.uniq())); - -- foreach(tzName; tzNames) -- assertNotThrown!DateTimeException(testPZSuccess(tzName)); -+ //foreach(tzName; tzNames) -+ //assertNotThrown!DateTimeException(testPZSuccess(tzName)); - } - - -@@ -29178,8 +29178,8 @@ public: - - auto tzNames = getInstalledTZNames(); - -- foreach(tzName; tzNames) -- assertNotThrown!DateTimeException(testPTZSuccess(tzName)); -+ //foreach(tzName; tzNames) -+ //assertNotThrown!DateTimeException(testPTZSuccess(tzName)); - - // No timezone directories on Android, just a single tzdata file - version(Android) {} else -diff --git a/std/net/curl.d b/std/net/curl.d -index 9c6af66..5fccb38 100644 ---- a/std/net/curl.d -+++ b/std/net/curl.d -@@ -419,7 +419,7 @@ void download(Conn = AutoProtocol)(const(char)[] url, string saveToPath, Conn co - - unittest - { -- static import std.file; -+ /*static import std.file; - foreach (host; [testServer.addr, "http://"~testServer.addr]) - { - testServer.handle((s) { -@@ -430,7 +430,7 @@ unittest - scope (exit) std.file.remove(fn); - download(host, fn); - assert(std.file.readText(fn) == "Hello world"); -- } -+ }*/ - } - - /** Upload file from local files system using the HTTP or FTP protocol. -@@ -483,7 +483,7 @@ void upload(Conn = AutoProtocol)(string loadFromPath, const(char)[] url, Conn co - - unittest - { -- static import std.file; -+ /*static import std.file; - foreach (host; [testServer.addr, "http://"~testServer.addr]) - { - auto fn = std.file.deleteme; -@@ -496,7 +496,7 @@ unittest - s.send(httpOK()); - }); - upload(fn, host ~ "/path"); -- } -+ }*/ - } - - /** HTTP/FTP get content. -@@ -551,7 +551,7 @@ T[] get(Conn = AutoProtocol, T = char)(const(char)[] url, Conn conn = Conn()) - - unittest - { -- foreach (host; [testServer.addr, "http://"~testServer.addr]) -+ /*foreach (host; [testServer.addr, "http://"~testServer.addr]) - { - testServer.handle((s) { - assert(s.recvReq.hdrs.canFind("GET /path")); -@@ -559,7 +559,7 @@ unittest - }); - auto res = get(host ~ "/path"); - assert(res == "GETRESPONSE"); -- } -+ }*/ - } - - -@@ -598,7 +598,7 @@ if (is(T == char) || is(T == ubyte)) - - unittest - { -- foreach (host; [testServer.addr, "http://"~testServer.addr]) -+ /*foreach (host; [testServer.addr, "http://"~testServer.addr]) - { - testServer.handle((s) { - auto req = s.recvReq; -@@ -608,12 +608,12 @@ unittest - }); - auto res = post(host ~ "/path", "POSTBODY"); - assert(res == "POSTRESPONSE"); -- } -+ }*/ - } - - unittest - { -- auto data = new ubyte[](256); -+ /*auto data = new ubyte[](256); - foreach (i, ref ub; data) - ub = cast(ubyte)i; - -@@ -624,7 +624,7 @@ unittest - s.send(httpOK(cast(ubyte[])[17, 27, 35, 41])); - }); - auto res = post!ubyte(testServer.addr, data); -- assert(res == cast(ubyte[])[17, 27, 35, 41]); -+ assert(res == cast(ubyte[])[17, 27, 35, 41]);*/ - } - - -@@ -680,7 +680,7 @@ T[] put(Conn = AutoProtocol, T = char, PutUnit)(const(char)[] url, const(PutUnit - - unittest - { -- foreach (host; [testServer.addr, "http://"~testServer.addr]) -+ /*foreach (host; [testServer.addr, "http://"~testServer.addr]) - { - testServer.handle((s) { - auto req = s.recvReq; -@@ -690,7 +690,7 @@ unittest - }); - auto res = put(host ~ "/path", "PUTBODY"); - assert(res == "PUTRESPONSE"); -- } -+ }*/ - } - - -@@ -742,7 +742,7 @@ void del(Conn = AutoProtocol)(const(char)[] url, Conn conn = Conn()) - - unittest - { -- foreach (host; [testServer.addr, "http://"~testServer.addr]) -+ /*foreach (host; [testServer.addr, "http://"~testServer.addr]) - { - testServer.handle((s) { - auto req = s.recvReq; -@@ -750,7 +750,7 @@ unittest - s.send(httpOK()); - }); - del(host ~ "/path"); -- } -+ }*/ - } - - -@@ -796,13 +796,13 @@ T[] options(T = char, OptionsUnit)(const(char)[] url, - - unittest - { -- testServer.handle((s) { -+ /*testServer.handle((s) { - auto req = s.recvReq; - assert(req.hdrs.canFind("OPTIONS /path")); - s.send(httpOK("OPTIONSRESPONSE")); - }); - auto res = options(testServer.addr ~ "/path"); -- assert(res == "OPTIONSRESPONSE"); -+ assert(res == "OPTIONSRESPONSE");*/ - } - - -@@ -836,13 +836,13 @@ T[] trace(T = char)(const(char)[] url, HTTP conn = HTTP()) - - unittest - { -- testServer.handle((s) { -+ /*testServer.handle((s) { - auto req = s.recvReq; - assert(req.hdrs.canFind("TRACE /path")); - s.send(httpOK("TRACERESPONSE")); - }); - auto res = trace(testServer.addr ~ "/path"); -- assert(res == "TRACERESPONSE"); -+ assert(res == "TRACERESPONSE");*/ - } - - -@@ -875,13 +875,13 @@ T[] connect(T = char)(const(char)[] url, HTTP conn = HTTP()) - - unittest - { -- testServer.handle((s) { -+ /*testServer.handle((s) { - auto req = s.recvReq; - assert(req.hdrs.canFind("CONNECT /path")); - s.send(httpOK("CONNECTRESPONSE")); - }); - auto res = connect(testServer.addr ~ "/path"); -- assert(res == "CONNECTRESPONSE"); -+ assert(res == "CONNECTRESPONSE");*/ - } - - -@@ -919,14 +919,14 @@ T[] patch(T = char, PatchUnit)(const(char)[] url, const(PatchUnit)[] patchData, - - unittest - { -- testServer.handle((s) { -+ /*testServer.handle((s) { - auto req = s.recvReq; - assert(req.hdrs.canFind("PATCH /path")); - assert(req.bdy.canFind("PATCHBODY")); - s.send(httpOK("PATCHRESPONSE")); - }); - auto res = patch(testServer.addr ~ "/path", "PATCHBODY"); -- assert(res == "PATCHRESPONSE"); -+ assert(res == "PATCHRESPONSE");*/ - } - - -@@ -1031,19 +1031,19 @@ private auto _basicHTTP(T)(const(char)[] url, const(void)[] sendData, HTTP clien - - unittest - { -- testServer.handle((s) { -+ /*testServer.handle((s) { - auto req = s.recvReq; - assert(req.hdrs.canFind("GET /path")); - s.send(httpNotFound()); - }); - auto e = collectException!CurlException(get(testServer.addr ~ "/path")); -- assert(e.msg == "HTTP request returned status code 404 (Not Found)"); -+ assert(e.msg == "HTTP request returned status code 404 (Not Found)");*/ - } - - // Bugzilla 14760 - content length must be reset after post - unittest - { -- testServer.handle((s) { -+ /*testServer.handle((s) { - auto req = s.recvReq; - assert(req.hdrs.canFind("POST /")); - assert(req.bdy.canFind("POSTBODY")); -@@ -1061,7 +1061,7 @@ unittest - auto res = post(testServer.addr, "POSTBODY", http); - assert(res == "POSTRESPONSE"); - res = trace(testServer.addr, http); -- assert(res == "TRACERESPONSE"); -+ assert(res == "TRACERESPONSE");*/ - } - - /* -@@ -1265,14 +1265,14 @@ if (isCurlConn!Conn && isSomeChar!Char && isSomeChar!Terminator) - - unittest - { -- foreach (host; [testServer.addr, "http://"~testServer.addr]) -+ /*foreach (host; [testServer.addr, "http://"~testServer.addr]) - { - testServer.handle((s) { - auto req = s.recvReq; - s.send(httpOK("Line1\nLine2\nLine3")); - }); - assert(byLine(host).equal(["Line1", "Line2", "Line3"])); -- } -+ }*/ - } - - /** HTTP/FTP fetch content as a range of chunks. -@@ -1337,14 +1337,14 @@ auto byChunk(Conn = AutoProtocol) - - unittest - { -- foreach (host; [testServer.addr, "http://"~testServer.addr]) -+ /*foreach (host; [testServer.addr, "http://"~testServer.addr]) - { - testServer.handle((s) { - auto req = s.recvReq; - s.send(httpOK(cast(ubyte[])[0, 1, 2, 3, 4, 5])); - }); - assert(byChunk(host, 2).equal([[0, 1], [2, 3], [4, 5]])); -- } -+ }*/ - } - - private T[] _getForRange(T,Conn)(const(char)[] url, Conn conn) -@@ -1629,14 +1629,14 @@ auto byLineAsync(Conn = AutoProtocol, Terminator = char, Char = char) - - unittest - { -- foreach (host; [testServer.addr, "http://"~testServer.addr]) -+ /*foreach (host; [testServer.addr, "http://"~testServer.addr]) - { - testServer.handle((s) { - auto req = s.recvReq; - s.send(httpOK("Line1\nLine2\nLine3")); - }); - assert(byLineAsync(host).equal(["Line1", "Line2", "Line3"])); -- } -+ }*/ - } - - -@@ -1778,14 +1778,14 @@ auto byChunkAsync(Conn = AutoProtocol) - - unittest - { -- foreach (host; [testServer.addr, "http://"~testServer.addr]) -+ /*foreach (host; [testServer.addr, "http://"~testServer.addr]) - { - testServer.handle((s) { - auto req = s.recvReq; - s.send(httpOK(cast(ubyte[])[0, 1, 2, 3, 4, 5])); - }); - assert(byChunkAsync(host, 2).equal([[0, 1], [2, 3], [4, 5]])); -- } -+ }*/ - } - - -@@ -2041,7 +2041,7 @@ private mixin template Protocol() - - unittest - { -- testServer.handle((s) { -+ /*testServer.handle((s) { - auto req = s.recvReq; - assert(req.hdrs.canFind("GET /")); - assert(req.hdrs.canFind("Basic dXNlcjpwYXNz")); -@@ -2051,7 +2051,7 @@ private mixin template Protocol() - auto http = HTTP(testServer.addr); - http.onReceive = (ubyte[] data) { return data.length; }; - http.setAuthentication("user", "pass"); -- http.perform(); -+ http.perform();*/ - } - - /** -@@ -2959,7 +2959,7 @@ struct HTTP - - unittest - { -- testServer.handle((s) { -+ /*testServer.handle((s) { - auto req = s.recvReq!ubyte; - assert(req.hdrs.canFind("POST /path")); - assert(req.bdy.canFind(cast(ubyte[])[0, 1, 2, 3, 4])); -@@ -2975,7 +2975,7 @@ struct HTTP - ubyte[] res; - http.onReceive = (data) { res ~= data; return data.length; }; - http.perform(); -- assert(res == cast(ubyte[])[17, 27, 35, 41]); -+ assert(res == cast(ubyte[])[17, 27, 35, 41]);*/ - } - - /** -diff --git a/std/path.d b/std/path.d -index 60c844f..0598104 100644 ---- a/std/path.d -+++ b/std/path.d -@@ -3953,8 +3953,10 @@ unittest - } - else - { -+/* - assert(expandTilde("~root") == "/root", expandTilde("~root")); - assert(expandTilde("~root/") == "/root/", expandTilde("~root/")); -+*/ - } - assert(expandTilde("~Idontexist/hey") == "~Idontexist/hey"); - } -diff --git a/std/socket.d b/std/socket.d -index 7f5a3c3..e68b881 100644 ---- a/std/socket.d -+++ b/std/socket.d -@@ -481,15 +481,15 @@ unittest - { - softUnittest({ - Protocol proto = new Protocol; -- assert(proto.getProtocolByType(ProtocolType.TCP)); -+ //assert(proto.getProtocolByType(ProtocolType.TCP)); - //writeln("About protocol TCP:"); - //writefln("\tName: %s", proto.name); - // foreach(string s; proto.aliases) - // { - // writefln("\tAlias: %s", s); - // } -- assert(proto.name == "tcp"); -- assert(proto.aliases.length == 1 && proto.aliases[0] == "TCP"); -+ //assert(proto.name == "tcp"); -+ //assert(proto.aliases.length == 1 && proto.aliases[0] == "TCP"); - }); - } - -@@ -832,9 +832,9 @@ unittest - InternetHost ih = new InternetHost; - - ih.getHostByAddr(0x7F_00_00_01); -- assert(ih.addrList[0] == 0x7F_00_00_01); -+ //assert(ih.addrList[0] == 0x7F_00_00_01); - ih.getHostByAddr("127.0.0.1"); -- assert(ih.addrList[0] == 0x7F_00_00_01); -+ //assert(ih.addrList[0] == 0x7F_00_00_01); - - softUnittest({ - if (!ih.getHostByName("www.digitalmars.com")) diff --git a/gnu/packages/patches/ldc-1.7.0-disable-phobos-tests.patch b/gnu/packages/patches/ldc-1.7.0-disable-phobos-tests.patch new file mode 100644 index 0000000000..ccc136cc76 --- /dev/null +++ b/gnu/packages/patches/ldc-1.7.0-disable-phobos-tests.patch @@ -0,0 +1,88 @@ +diff --git a/std/path.d b/std/path.d +index a9f0bd8..f47d103 100644 +--- a/std/path.d ++++ b/std/path.d +@@ -4041,7 +4041,7 @@ version(unittest) import std.process : environment; + else version (Android) + { + } +- else ++ else version (HasRoot) + { + assert(expandTilde("~root") == "/root", expandTilde("~root")); + assert(expandTilde("~root/") == "/root/", expandTilde("~root/")); + +diff --git a/std/process.d b/std/process.d +index df83296..d921cdb 100644 +--- a/std/process.d ++++ b/std/process.d +@@ -1171,7 +1171,7 @@ version (Posix) @system unittest + assert(exists(buildPath(directory, "bar"))); + } + +-@system unittest // Specifying a bad working directory. ++@system version(skipunittest) unittest // Specifying a bad working directory. + { + import std.exception : assertThrown; + TestScript prog = "/bin/echo"; +diff --git a/std/socket.d b/std/socket.d +index 8a261d5..c1b87b6 100644 +--- a/std/socket.d ++++ b/std/socket.d +@@ -484,7 +484,7 @@ class Protocol + // Skip this test on Android because getprotobyname/number are + // unimplemented in bionic. + version(CRuntime_Bionic) {} else +-@safe unittest ++@safe version(hasNetwork) unittest + { + softUnittest({ + Protocol proto = new Protocol; +@@ -804,7 +804,7 @@ class InternetHost + } + + /// +-@safe unittest ++@safe version(hasNetwork) unittest + { + InternetHost ih = new InternetHost; + +@@ -959,7 +959,7 @@ AddressInfo[] getAddressInfo(T...)(in char[] node, T options) + return () @trusted { return getAddressInfoImpl(node, service, &hints); }(); + } + +-@system unittest ++@system version(hasNetwork) unittest + { + struct Oops + { +@@ -1010,7 +1010,7 @@ private AddressInfo[] getAddressInfoImpl(in char[] node, in char[] service, addr + } + + +-@safe unittest ++@safe version(hasNetwork) unittest + { + softUnittest({ + if (getaddrinfoPointer) +diff --git a/std/stdio.d b/std/stdio.d +index 10106a5..4b0590e 100644 +--- a/std/stdio.d ++++ b/std/stdio.d +@@ -1426,8 +1426,7 @@ Removes the lock over the specified file segment. + g.unlock(); + } + +- version(Posix) +- @system unittest ++ @system version(skip) unittest + { + static import std.file; + auto deleteme = testFilename(); +@@ -1483,7 +1482,6 @@ Removes the lock over the specified file segment. + f.unlock(); + } + +- + /** + Writes its arguments in text format to the file. diff --git a/gnu/packages/patches/ldc-disable-tests.patch b/gnu/packages/patches/ldc-bootstrap-disable-tests.patch index bdd6e5b76c..d2e40b8016 100644 --- a/gnu/packages/patches/ldc-disable-tests.patch +++ b/gnu/packages/patches/ldc-bootstrap-disable-tests.patch @@ -4,17 +4,17 @@ two others use networking. Not bad out of almost 700 tests! by Pjotr Prins <pjotr.guix@thebird.nl> ---- a/std/datetime.d.orig 2016-11-24 01:13:52.584495545 +0100 -+++ b/std/datetime.d 2016-11-24 01:17:09.655306728 +0100 +--- a/std/datetime.d.orig 2016-11-24 01:13:52.584495545 +0100 ++++ b/std/datetime.d 2016-11-24 01:17:09.655306728 +0100 @@ -28081,22 +28081,24 @@ import std.range : retro; import std.format : format; - + - name = strip(name); - enforce(tzDatabaseDir.exists(), new DateTimeException(format("Directory %s does not exist.", tzDatabaseDir))); enforce(tzDatabaseDir.isDir, new DateTimeException(format("%s is not a directory.", tzDatabaseDir))); - + version(Android) { + name = strip(name); @@ -29,11 +29,11 @@ by Pjotr Prins <pjotr.guix@thebird.nl> + auto filename = "./" ~ strip(name); // make sure the prefix is not stripped + immutable file = buildNormalizedPath(tzDatabaseDir, filename); + } - + - enforce(file.exists(), new DateTimeException(format("File %s does not exist.", file))); + enforce(file.exists(), new DateTimeException(format("File %s does not exist in %s.", file, tzDatabaseDir))); enforce(file.isFile, new DateTimeException(format("%s is not a file.", file))); - + auto tzFile = File(file); diff --git a/std/path.d b/std/path.d index 254d8f0..b0fc04d 100644 @@ -56,13 +56,13 @@ index b85d1c9..7fbf346 100644 --- a/std/socket.d +++ b/std/socket.d @@ -859,6 +862,8 @@ class InternetHost - + unittest { + pragma(msg, "test disabled on GNU Guix"); + /* InternetHost ih = new InternetHost; - + ih.getHostByAddr(0x7F_00_00_01); @@ -889,6 +894,7 @@ unittest // writefln("aliases[%d] = %s", i, s); @@ -70,5 +70,3 @@ index b85d1c9..7fbf346 100644 }); + */ } - - diff --git a/gnu/packages/patches/optipng-CVE-2017-1000229.patch b/gnu/packages/patches/optipng-CVE-2017-1000229.patch deleted file mode 100644 index 2cb3b2f21c..0000000000 --- a/gnu/packages/patches/optipng-CVE-2017-1000229.patch +++ /dev/null @@ -1,22 +0,0 @@ -Fix CVE-2017-1000229: - -https://security-tracker.debian.org/tracker/CVE-2017-1000229 -https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000229.html -https://nvd.nist.gov/vuln/detail/CVE-2017-1000229 - -Patch copied from upstream bug tracker: -https://sourceforge.net/p/optipng/bugs/65/ - -diff --git a/src/minitiff/tiffread.c b/src/minitiff/tiffread.c -index b4910ec..5f9b376 100644 ---- a/src/minitiff/tiffread.c -+++ b/src/minitiff/tiffread.c -@@ -350,6 +350,8 @@ minitiff_read_info(struct minitiff_info *tiff_ptr, FILE *fp) - count = tiff_ptr->strip_offsets_count; - if (count == 0 || count > tiff_ptr->height) - goto err_invalid; -+ if (count > (size_t)-1 / sizeof(long)) -+ goto err_memory; - tiff_ptr->strip_offsets = (long *)malloc(count * sizeof(long)); - if (tiff_ptr->strip_offsets == NULL) - goto err_memory; diff --git a/gnu/packages/patches/password-store-gnupg-compat.patch b/gnu/packages/patches/password-store-gnupg-compat.patch new file mode 100644 index 0000000000..75c6362021 --- /dev/null +++ b/gnu/packages/patches/password-store-gnupg-compat.patch @@ -0,0 +1,28 @@ +Copied from upstream mailing list: +https://lists.zx2c4.com/pipermail/password-store/2018-February/003216.html. + +From 9b0c86159d754cc88dd3642564eed527153dfb7f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Cl=C3=A9ment=20Lassieur?= <clement@lassieur.org> +Date: Sat, 24 Feb 2018 12:05:46 +0100 +Subject: [PATCH] tests: fix compatibility with GnuPG 2.2.5 + +--- + tests/t0300-reencryption.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/t0300-reencryption.sh b/tests/t0300-reencryption.sh +index 6d5811d..6d15364 100755 +--- a/tests/t0300-reencryption.sh ++++ b/tests/t0300-reencryption.sh +@@ -10,7 +10,7 @@ canonicalize_gpg_keys() { + $GPG --list-keys --with-colons "$@" | sed -n 's/sub:[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u + } + gpg_keys_from_encrypted_file() { +- $GPG -v --no-secmem-warning --no-permission-warning --decrypt --list-only --keyid-format long "$1" 2>&1 | cut -d ' ' -f 5 | LC_ALL=C sort -u ++ $GPG -v --no-secmem-warning --no-permission-warning --decrypt --list-only --keyid-format long "$1" 2>&1 | grep "public key is" | cut -d ' ' -f 5 | LC_ALL=C sort -u + } + gpg_keys_from_group() { + local output="$($GPG --list-config --with-colons | sed -n "s/^cfg:group:$1:\\(.*\\)/\\1/p" | head -n 1)" +-- +2.16.2 + diff --git a/gnu/packages/patches/qemu-CVE-2017-15038.patch b/gnu/packages/patches/qemu-CVE-2017-15038.patch deleted file mode 100644 index 4791a186bf..0000000000 --- a/gnu/packages/patches/qemu-CVE-2017-15038.patch +++ /dev/null @@ -1,51 +0,0 @@ -Fix CVE-2017-15038: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15038 - -Patch copied from upstream source repository: - -https://git.qemu.org/?p=qemu.git;a=commitdiff;h=7bd92756303f2158a68d5166264dc30139b813b6 - -From 7bd92756303f2158a68d5166264dc30139b813b6 Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit <pjp@fedoraproject.org> -Date: Mon, 16 Oct 2017 14:21:59 +0200 -Subject: [PATCH] 9pfs: use g_malloc0 to allocate space for xattr - -9p back-end first queries the size of an extended attribute, -allocates space for it via g_malloc() and then retrieves its -value into allocated buffer. Race between querying attribute -size and retrieving its could lead to memory bytes disclosure. -Use g_malloc0() to avoid it. - -Reported-by: Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi> -Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> -Signed-off-by: Greg Kurz <groug@kaod.org> ---- - hw/9pfs/9p.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c -index 23ac7bb532..f8bbac251d 100644 ---- a/hw/9pfs/9p.c -+++ b/hw/9pfs/9p.c -@@ -3234,7 +3234,7 @@ static void coroutine_fn v9fs_xattrwalk(void *opaque) - xattr_fidp->fid_type = P9_FID_XATTR; - xattr_fidp->fs.xattr.xattrwalk_fid = true; - if (size) { -- xattr_fidp->fs.xattr.value = g_malloc(size); -+ xattr_fidp->fs.xattr.value = g_malloc0(size); - err = v9fs_co_llistxattr(pdu, &xattr_fidp->path, - xattr_fidp->fs.xattr.value, - xattr_fidp->fs.xattr.len); -@@ -3267,7 +3267,7 @@ static void coroutine_fn v9fs_xattrwalk(void *opaque) - xattr_fidp->fid_type = P9_FID_XATTR; - xattr_fidp->fs.xattr.xattrwalk_fid = true; - if (size) { -- xattr_fidp->fs.xattr.value = g_malloc(size); -+ xattr_fidp->fs.xattr.value = g_malloc0(size); - err = v9fs_co_lgetxattr(pdu, &xattr_fidp->path, - &name, xattr_fidp->fs.xattr.value, - xattr_fidp->fs.xattr.len); --- -2.15.0 - diff --git a/gnu/packages/patches/qemu-CVE-2017-15289.patch b/gnu/packages/patches/qemu-CVE-2017-15289.patch deleted file mode 100644 index d4b536a405..0000000000 --- a/gnu/packages/patches/qemu-CVE-2017-15289.patch +++ /dev/null @@ -1,66 +0,0 @@ -Fix CVE-2017-15289: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15289 - -Patch copied from upstream source repository: - -https://git.qemu.org/?p=qemu.git;a=commitdiff;h=eb38e1bc3740725ca29a535351de94107ec58d51 - -From eb38e1bc3740725ca29a535351de94107ec58d51 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann <kraxel@redhat.com> -Date: Wed, 11 Oct 2017 10:43:14 +0200 -Subject: [PATCH] cirrus: fix oob access in mode4and5 write functions - -Move dst calculation into the loop, so we apply the mask on each -interation and will not overflow vga memory. - -Cc: Prasad J Pandit <pjp@fedoraproject.org> -Reported-by: Niu Guoxiang <niuguoxiang@huawei.com> -Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> -Message-id: 20171011084314.21752-1-kraxel@redhat.com ---- - hw/display/cirrus_vga.c | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - -diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c -index b4d579857a..bc32bf1e39 100644 ---- a/hw/display/cirrus_vga.c -+++ b/hw/display/cirrus_vga.c -@@ -2038,15 +2038,14 @@ static void cirrus_mem_writeb_mode4and5_8bpp(CirrusVGAState * s, - unsigned val = mem_value; - uint8_t *dst; - -- dst = s->vga.vram_ptr + (offset &= s->cirrus_addr_mask); - for (x = 0; x < 8; x++) { -+ dst = s->vga.vram_ptr + ((offset + x) & s->cirrus_addr_mask); - if (val & 0x80) { - *dst = s->cirrus_shadow_gr1; - } else if (mode == 5) { - *dst = s->cirrus_shadow_gr0; - } - val <<= 1; -- dst++; - } - memory_region_set_dirty(&s->vga.vram, offset, 8); - } -@@ -2060,8 +2059,8 @@ static void cirrus_mem_writeb_mode4and5_16bpp(CirrusVGAState * s, - unsigned val = mem_value; - uint8_t *dst; - -- dst = s->vga.vram_ptr + (offset &= s->cirrus_addr_mask); - for (x = 0; x < 8; x++) { -+ dst = s->vga.vram_ptr + ((offset + 2 * x) & s->cirrus_addr_mask & ~1); - if (val & 0x80) { - *dst = s->cirrus_shadow_gr1; - *(dst + 1) = s->vga.gr[0x11]; -@@ -2070,7 +2069,6 @@ static void cirrus_mem_writeb_mode4and5_16bpp(CirrusVGAState * s, - *(dst + 1) = s->vga.gr[0x10]; - } - val <<= 1; -- dst += 2; - } - memory_region_set_dirty(&s->vga.vram, offset, 16); - } --- -2.15.0 - diff --git a/gnu/packages/patches/wavpack-CVE-2018-7253.patch b/gnu/packages/patches/wavpack-CVE-2018-7253.patch new file mode 100644 index 0000000000..651755afd0 --- /dev/null +++ b/gnu/packages/patches/wavpack-CVE-2018-7253.patch @@ -0,0 +1,29 @@ +Fix CVE-2018-7253: +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7253 + +Copied from upstream: +https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec + +diff --git a/cli/dsdiff.c b/cli/dsdiff.c +index 410dc1c..c016df9 100644 +--- a/cli/dsdiff.c ++++ b/cli/dsdiff.c +@@ -153,7 +153,17 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa + error_line ("dsdiff file version = 0x%08x", version); + } + else if (!strncmp (dff_chunk_header.ckID, "PROP", 4)) { +- char *prop_chunk = malloc ((size_t) dff_chunk_header.ckDataSize); ++ char *prop_chunk; ++ ++ if (dff_chunk_header.ckDataSize < 4 || dff_chunk_header.ckDataSize > 1024) { ++ error_line ("%s is not a valid .DFF file!", infilename); ++ return WAVPACK_SOFT_ERROR; ++ } ++ ++ if (debug_logging_mode) ++ error_line ("got PROP chunk of %d bytes total", (int) dff_chunk_header.ckDataSize); ++ ++ prop_chunk = malloc ((size_t) dff_chunk_header.ckDataSize); + + if (!DoReadFile (infile, prop_chunk, (uint32_t) dff_chunk_header.ckDataSize, &bcount) || + bcount != dff_chunk_header.ckDataSize) { diff --git a/gnu/packages/patches/wavpack-CVE-2018-7254.patch b/gnu/packages/patches/wavpack-CVE-2018-7254.patch new file mode 100644 index 0000000000..61db296ec8 --- /dev/null +++ b/gnu/packages/patches/wavpack-CVE-2018-7254.patch @@ -0,0 +1,62 @@ +Fix CVE-2018-7254: +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7254 + +Copied from upstream: +https://github.com/dbry/WavPack/commit/8e3fe45a7bac31d9a3b558ae0079e2d92a04799e + +diff --git a/cli/caff.c b/cli/caff.c +index ae57c4b..6248a71 100644 +--- a/cli/caff.c ++++ b/cli/caff.c +@@ -89,8 +89,8 @@ typedef struct + + #define CAFChannelDescriptionFormat "LLLLL" + +-static const char TMH_full [] = { 1,2,3,13,9,10,5,6,12,14,15,16,17,9,4,18,7,8,19,20,21 }; +-static const char TMH_std [] = { 1,2,3,11,8,9,5,6,10,12,13,14,15,7,4,16 }; ++static const char TMH_full [] = { 1,2,3,13,9,10,5,6,12,14,15,16,17,9,4,18,7,8,19,20,21,0 }; ++static const char TMH_std [] = { 1,2,3,11,8,9,5,6,10,12,13,14,15,7,4,16,0 }; + + static struct { + uint32_t mChannelLayoutTag; // Core Audio layout, 100 - 146 in high word, num channels in low word +@@ -274,10 +274,19 @@ int ParseCaffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpack + } + } + else if (!strncmp (caf_chunk_header.mChunkType, "chan", 4)) { +- CAFChannelLayout *caf_channel_layout = malloc ((size_t) caf_chunk_header.mChunkSize); ++ CAFChannelLayout *caf_channel_layout; + +- if (caf_chunk_header.mChunkSize < sizeof (CAFChannelLayout) || +- !DoReadFile (infile, caf_channel_layout, (uint32_t) caf_chunk_header.mChunkSize, &bcount) || ++ if (caf_chunk_header.mChunkSize < sizeof (CAFChannelLayout) || caf_chunk_header.mChunkSize > 1024) { ++ error_line ("this .CAF file has an invalid 'chan' chunk!"); ++ return WAVPACK_SOFT_ERROR; ++ } ++ ++ if (debug_logging_mode) ++ error_line ("'chan' chunk is %d bytes", (int) caf_chunk_header.mChunkSize); ++ ++ caf_channel_layout = malloc ((size_t) caf_chunk_header.mChunkSize); ++ ++ if (!DoReadFile (infile, caf_channel_layout, (uint32_t) caf_chunk_header.mChunkSize, &bcount) || + bcount != caf_chunk_header.mChunkSize) { + error_line ("%s is not a valid .CAF file!", infilename); + free (caf_channel_layout); +@@ -495,8 +504,15 @@ int ParseCaffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpack + } + else { // just copy unknown chunks to output file + +- int bytes_to_copy = (uint32_t) caf_chunk_header.mChunkSize; +- char *buff = malloc (bytes_to_copy); ++ uint32_t bytes_to_copy = (uint32_t) caf_chunk_header.mChunkSize; ++ char *buff; ++ ++ if (caf_chunk_header.mChunkSize < 0 || caf_chunk_header.mChunkSize > 1048576) { ++ error_line ("%s is not a valid .CAF file!", infilename); ++ return WAVPACK_SOFT_ERROR; ++ } ++ ++ buff = malloc (bytes_to_copy); + + if (debug_logging_mode) + error_line ("extra unknown chunk \"%c%c%c%c\" of %d bytes", |