aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2017-02-02 10:52:24 -0500
committerLeo Famulari <leo@famulari.name>2017-02-02 10:52:24 -0500
commite8c83d04e176f205b30b3d470f22ee5e1c686331 (patch)
tree30a95626ea31414a6319b93f50eea1e69b87a619 /gnu/packages/patches
parentd9b4cbc2a168ca3d248c5abf1f1d14c1808e6a20 (diff)
parentde643f0c15677665acce73db9c28c5488e623633 (diff)
downloadguix-e8c83d04e176f205b30b3d470f22ee5e1c686331.tar
guix-e8c83d04e176f205b30b3d470f22ee5e1c686331.tar.gz
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch27
-rw-r--r--gnu/packages/patches/httpd-CVE-2016-8740.patch36
-rw-r--r--gnu/packages/patches/ldc-1.1.0-disable-dmd-tests.patch35
-rw-r--r--gnu/packages/patches/ldc-1.1.0-disable-phobos-tests.patch414
-rw-r--r--gnu/packages/patches/libevent-2.0-evdns-fix-remote-stack-overread.patch42
-rw-r--r--gnu/packages/patches/libevent-2.0-evdns-fix-searching-empty-hostnames.patch40
-rw-r--r--gnu/packages/patches/libevent-2.0-evutil-fix-buffer-overflow.patch42
-rw-r--r--gnu/packages/patches/libevent-2.1-dns-tests.patch26
-rw-r--r--gnu/packages/patches/libevent-2.1-skip-failing-test.patch24
-rw-r--r--gnu/packages/patches/omake-fix-non-determinism.patch41
-rw-r--r--gnu/packages/patches/xinetd-CVE-2013-4342.patch36
-rw-r--r--gnu/packages/patches/xinetd-fix-fd-leak.patch26
12 files changed, 753 insertions, 36 deletions
diff --git a/gnu/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch b/gnu/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch
new file mode 100644
index 0000000000..40aae7a9d7
--- /dev/null
+++ b/gnu/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch
@@ -0,0 +1,27 @@
+Don’t add linker flags via ‘response files’ since ld-wrapper
+doesn’t handle them.
+See https://github.com/NixOS/nixpkgs/commit/a421e7bd4a28c69bded8b17888325e31554f61a1
+https://gcc.gnu.org/ml/gcc/2016-10/msg00151.html
+
+diff --git a/compiler/main/SysTools.hs.orig b/compiler/main/SysTools.hs
+index 1ab5b13..99270fc 100644
+--- a/compiler/main/SysTools.hs.orig
++++ b/compiler/main/SysTools.hs
+@@ -424,7 +424,7 @@ runCc dflags args = do
+ args1 = map Option (getOpts dflags opt_c)
+ args2 = args0 ++ args1 ++ args
+ mb_env <- getGccEnv args2
+- runSomethingResponseFile dflags cc_filter "C Compiler" p args2 mb_env
++ runSomethingFiltered dflags cc_filter "C Compiler" p args2 mb_env
+ where
+ -- discard some harmless warnings from gcc that we can't turn off
+ cc_filter = unlines . doFilter . lines
+@@ -945,7 +945,7 @@ runLink dflags args = do
+ args1 = map Option (getOpts dflags opt_l)
+ args2 = args0 ++ linkargs ++ args1 ++ args
+ mb_env <- getGccEnv args2
+- runSomethingResponseFile dflags ld_filter "Linker" p args2 mb_env
++ runSomethingFiltered dflags ld_filter "Linker" p args2 mb_env
+ where
+ ld_filter = case (platformOS (targetPlatform dflags)) of
+ OSSolaris2 -> sunos_ld_filter
diff --git a/gnu/packages/patches/httpd-CVE-2016-8740.patch b/gnu/packages/patches/httpd-CVE-2016-8740.patch
deleted file mode 100644
index 17ba323ccf..0000000000
--- a/gnu/packages/patches/httpd-CVE-2016-8740.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-This patch applies against httpd-2.4.23 and shouldn't be needed in later releases
-http://openwall.com/lists/oss-security/2016/12/05/17
-Index: modules/http2/h2_stream.c
-===================================================================
---- modules/http2/h2_stream.c (revision 1771866)
-+++ modules/http2/h2_stream.c (working copy)
-@@ -322,18 +322,18 @@
- HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE);
- }
- }
-- }
--
-- if (h2_stream_is_scheduled(stream)) {
-- return h2_request_add_trailer(stream->request, stream->pool,
-- name, nlen, value, vlen);
-- }
-- else {
-- if (!input_open(stream)) {
-- return APR_ECONNRESET;
-+
-+ if (h2_stream_is_scheduled(stream)) {
-+ return h2_request_add_trailer(stream->request, stream->pool,
-+ name, nlen, value, vlen);
- }
-- return h2_request_add_header(stream->request, stream->pool,
-- name, nlen, value, vlen);
-+ else {
-+ if (!input_open(stream)) {
-+ return APR_ECONNRESET;
-+ }
-+ return h2_request_add_header(stream->request, stream->pool,
-+ name, nlen, value, vlen);
-+ }
- }
- }
-
diff --git a/gnu/packages/patches/ldc-1.1.0-disable-dmd-tests.patch b/gnu/packages/patches/ldc-1.1.0-disable-dmd-tests.patch
new file mode 100644
index 0000000000..31eb44aefc
--- /dev/null
+++ b/gnu/packages/patches/ldc-1.1.0-disable-dmd-tests.patch
@@ -0,0 +1,35 @@
+This patch deactivates some tests that fail when ldc is built with the command:
+
+./pre-inst-env guix environment guix --pure -- ./pre-inst-env guix build ldc@1.1.0-beta6
+
+When the --keep-failed flag is added to the build command above, and the tests
+run in the resulting /tmp/guix-build-ldc-1.1.0-beta6.drv-* directory, the tests
+pass.
+
+by Frederick M. Muriithi <fredmanglis@gmail.com>
+
+diff --git a/d_do_test.d b/d_do_test.d
+index aa67169..8173759 100755
+--- a/d_do_test.d
++++ b/d_do_test.d
+@@ -645,8 +645,6 @@ int main(string[] args)
+ auto gdb_output = execute(fThisRun, command, true, result_path);
+ if (testArgs.gdbMatch !is null)
+ {
+- enforce(match(gdb_output, regex(testArgs.gdbMatch)),
+- "\nGDB regex: '"~testArgs.gdbMatch~"' didn't match output:\n----\n"~gdb_output~"\n----\n");
+ }
+ }
+ }
+diff --git a/runnable/gdb15729.sh b/runnable/gdb15729.sh
+index 1d390e0..906b2b6 100755
+--- a/runnable/gdb15729.sh
++++ b/runnable/gdb15729.sh
+@@ -21,7 +21,6 @@ if [ $OS == "linux" ]; then
+ echo RESULT=
+ p s.val
+ EOF
+- gdb ${dir}${SEP}gdb15729 --batch -x ${dir}${SEP}gdb15729.gdb | grep 'RESULT=.*1234' || exit 1
+ fi
+
+ rm -f ${libname} ${dir}${SEP}{gdb15729${OBJ},gdb15729${EXE},gdb15729.gdb}
diff --git a/gnu/packages/patches/ldc-1.1.0-disable-phobos-tests.patch b/gnu/packages/patches/ldc-1.1.0-disable-phobos-tests.patch
new file mode 100644
index 0000000000..70dd419455
--- /dev/null
+++ b/gnu/packages/patches/ldc-1.1.0-disable-phobos-tests.patch
@@ -0,0 +1,414 @@
+This patch deactivates failing tests that depend on network connectivity
+to pass in curl.d and socket.d
+It deactivates tests in path.d that assume /root
+
+A thread was started on the ldc forum to pursue the possibility of a
+version flag to deactivate tests conditionally. The thread is at
+https://forum.dlang.org/post/zmdbdgnzrxyvtpqafvyg@forum.dlang.org
+
+by Frederick M. Muriithi <fredmanglis@gmail.com>
+
+diff --git a/std/datetime.d b/std/datetime.d
+index 4d4afb1..2c91a44 100644
+--- a/std/datetime.d
++++ b/std/datetime.d
+@@ -27306,8 +27306,8 @@ public:
+ // leaving it commented out until I can sort it out.
+ //assert(equal(tzNames, tzNames.uniq()));
+
+- foreach(tzName; tzNames)
+- assertNotThrown!DateTimeException(testPZSuccess(tzName));
++ //foreach(tzName; tzNames)
++ //assertNotThrown!DateTimeException(testPZSuccess(tzName));
+ }
+
+
+@@ -29178,8 +29178,8 @@ public:
+
+ auto tzNames = getInstalledTZNames();
+
+- foreach(tzName; tzNames)
+- assertNotThrown!DateTimeException(testPTZSuccess(tzName));
++ //foreach(tzName; tzNames)
++ //assertNotThrown!DateTimeException(testPTZSuccess(tzName));
+
+ // No timezone directories on Android, just a single tzdata file
+ version(Android) {} else
+diff --git a/std/net/curl.d b/std/net/curl.d
+index 9c6af66..5fccb38 100644
+--- a/std/net/curl.d
++++ b/std/net/curl.d
+@@ -419,7 +419,7 @@ void download(Conn = AutoProtocol)(const(char)[] url, string saveToPath, Conn co
+
+ unittest
+ {
+- static import std.file;
++ /*static import std.file;
+ foreach (host; [testServer.addr, "http://"~testServer.addr])
+ {
+ testServer.handle((s) {
+@@ -430,7 +430,7 @@ unittest
+ scope (exit) std.file.remove(fn);
+ download(host, fn);
+ assert(std.file.readText(fn) == "Hello world");
+- }
++ }*/
+ }
+
+ /** Upload file from local files system using the HTTP or FTP protocol.
+@@ -483,7 +483,7 @@ void upload(Conn = AutoProtocol)(string loadFromPath, const(char)[] url, Conn co
+
+ unittest
+ {
+- static import std.file;
++ /*static import std.file;
+ foreach (host; [testServer.addr, "http://"~testServer.addr])
+ {
+ auto fn = std.file.deleteme;
+@@ -496,7 +496,7 @@ unittest
+ s.send(httpOK());
+ });
+ upload(fn, host ~ "/path");
+- }
++ }*/
+ }
+
+ /** HTTP/FTP get content.
+@@ -551,7 +551,7 @@ T[] get(Conn = AutoProtocol, T = char)(const(char)[] url, Conn conn = Conn())
+
+ unittest
+ {
+- foreach (host; [testServer.addr, "http://"~testServer.addr])
++ /*foreach (host; [testServer.addr, "http://"~testServer.addr])
+ {
+ testServer.handle((s) {
+ assert(s.recvReq.hdrs.canFind("GET /path"));
+@@ -559,7 +559,7 @@ unittest
+ });
+ auto res = get(host ~ "/path");
+ assert(res == "GETRESPONSE");
+- }
++ }*/
+ }
+
+
+@@ -598,7 +598,7 @@ if (is(T == char) || is(T == ubyte))
+
+ unittest
+ {
+- foreach (host; [testServer.addr, "http://"~testServer.addr])
++ /*foreach (host; [testServer.addr, "http://"~testServer.addr])
+ {
+ testServer.handle((s) {
+ auto req = s.recvReq;
+@@ -608,12 +608,12 @@ unittest
+ });
+ auto res = post(host ~ "/path", "POSTBODY");
+ assert(res == "POSTRESPONSE");
+- }
++ }*/
+ }
+
+ unittest
+ {
+- auto data = new ubyte[](256);
++ /*auto data = new ubyte[](256);
+ foreach (i, ref ub; data)
+ ub = cast(ubyte)i;
+
+@@ -624,7 +624,7 @@ unittest
+ s.send(httpOK(cast(ubyte[])[17, 27, 35, 41]));
+ });
+ auto res = post!ubyte(testServer.addr, data);
+- assert(res == cast(ubyte[])[17, 27, 35, 41]);
++ assert(res == cast(ubyte[])[17, 27, 35, 41]);*/
+ }
+
+
+@@ -680,7 +680,7 @@ T[] put(Conn = AutoProtocol, T = char, PutUnit)(const(char)[] url, const(PutUnit
+
+ unittest
+ {
+- foreach (host; [testServer.addr, "http://"~testServer.addr])
++ /*foreach (host; [testServer.addr, "http://"~testServer.addr])
+ {
+ testServer.handle((s) {
+ auto req = s.recvReq;
+@@ -690,7 +690,7 @@ unittest
+ });
+ auto res = put(host ~ "/path", "PUTBODY");
+ assert(res == "PUTRESPONSE");
+- }
++ }*/
+ }
+
+
+@@ -742,7 +742,7 @@ void del(Conn = AutoProtocol)(const(char)[] url, Conn conn = Conn())
+
+ unittest
+ {
+- foreach (host; [testServer.addr, "http://"~testServer.addr])
++ /*foreach (host; [testServer.addr, "http://"~testServer.addr])
+ {
+ testServer.handle((s) {
+ auto req = s.recvReq;
+@@ -750,7 +750,7 @@ unittest
+ s.send(httpOK());
+ });
+ del(host ~ "/path");
+- }
++ }*/
+ }
+
+
+@@ -796,13 +796,13 @@ T[] options(T = char, OptionsUnit)(const(char)[] url,
+
+ unittest
+ {
+- testServer.handle((s) {
++ /*testServer.handle((s) {
+ auto req = s.recvReq;
+ assert(req.hdrs.canFind("OPTIONS /path"));
+ s.send(httpOK("OPTIONSRESPONSE"));
+ });
+ auto res = options(testServer.addr ~ "/path");
+- assert(res == "OPTIONSRESPONSE");
++ assert(res == "OPTIONSRESPONSE");*/
+ }
+
+
+@@ -836,13 +836,13 @@ T[] trace(T = char)(const(char)[] url, HTTP conn = HTTP())
+
+ unittest
+ {
+- testServer.handle((s) {
++ /*testServer.handle((s) {
+ auto req = s.recvReq;
+ assert(req.hdrs.canFind("TRACE /path"));
+ s.send(httpOK("TRACERESPONSE"));
+ });
+ auto res = trace(testServer.addr ~ "/path");
+- assert(res == "TRACERESPONSE");
++ assert(res == "TRACERESPONSE");*/
+ }
+
+
+@@ -875,13 +875,13 @@ T[] connect(T = char)(const(char)[] url, HTTP conn = HTTP())
+
+ unittest
+ {
+- testServer.handle((s) {
++ /*testServer.handle((s) {
+ auto req = s.recvReq;
+ assert(req.hdrs.canFind("CONNECT /path"));
+ s.send(httpOK("CONNECTRESPONSE"));
+ });
+ auto res = connect(testServer.addr ~ "/path");
+- assert(res == "CONNECTRESPONSE");
++ assert(res == "CONNECTRESPONSE");*/
+ }
+
+
+@@ -919,14 +919,14 @@ T[] patch(T = char, PatchUnit)(const(char)[] url, const(PatchUnit)[] patchData,
+
+ unittest
+ {
+- testServer.handle((s) {
++ /*testServer.handle((s) {
+ auto req = s.recvReq;
+ assert(req.hdrs.canFind("PATCH /path"));
+ assert(req.bdy.canFind("PATCHBODY"));
+ s.send(httpOK("PATCHRESPONSE"));
+ });
+ auto res = patch(testServer.addr ~ "/path", "PATCHBODY");
+- assert(res == "PATCHRESPONSE");
++ assert(res == "PATCHRESPONSE");*/
+ }
+
+
+@@ -1031,19 +1031,19 @@ private auto _basicHTTP(T)(const(char)[] url, const(void)[] sendData, HTTP clien
+
+ unittest
+ {
+- testServer.handle((s) {
++ /*testServer.handle((s) {
+ auto req = s.recvReq;
+ assert(req.hdrs.canFind("GET /path"));
+ s.send(httpNotFound());
+ });
+ auto e = collectException!CurlException(get(testServer.addr ~ "/path"));
+- assert(e.msg == "HTTP request returned status code 404 (Not Found)");
++ assert(e.msg == "HTTP request returned status code 404 (Not Found)");*/
+ }
+
+ // Bugzilla 14760 - content length must be reset after post
+ unittest
+ {
+- testServer.handle((s) {
++ /*testServer.handle((s) {
+ auto req = s.recvReq;
+ assert(req.hdrs.canFind("POST /"));
+ assert(req.bdy.canFind("POSTBODY"));
+@@ -1061,7 +1061,7 @@ unittest
+ auto res = post(testServer.addr, "POSTBODY", http);
+ assert(res == "POSTRESPONSE");
+ res = trace(testServer.addr, http);
+- assert(res == "TRACERESPONSE");
++ assert(res == "TRACERESPONSE");*/
+ }
+
+ /*
+@@ -1265,14 +1265,14 @@ if (isCurlConn!Conn && isSomeChar!Char && isSomeChar!Terminator)
+
+ unittest
+ {
+- foreach (host; [testServer.addr, "http://"~testServer.addr])
++ /*foreach (host; [testServer.addr, "http://"~testServer.addr])
+ {
+ testServer.handle((s) {
+ auto req = s.recvReq;
+ s.send(httpOK("Line1\nLine2\nLine3"));
+ });
+ assert(byLine(host).equal(["Line1", "Line2", "Line3"]));
+- }
++ }*/
+ }
+
+ /** HTTP/FTP fetch content as a range of chunks.
+@@ -1337,14 +1337,14 @@ auto byChunk(Conn = AutoProtocol)
+
+ unittest
+ {
+- foreach (host; [testServer.addr, "http://"~testServer.addr])
++ /*foreach (host; [testServer.addr, "http://"~testServer.addr])
+ {
+ testServer.handle((s) {
+ auto req = s.recvReq;
+ s.send(httpOK(cast(ubyte[])[0, 1, 2, 3, 4, 5]));
+ });
+ assert(byChunk(host, 2).equal([[0, 1], [2, 3], [4, 5]]));
+- }
++ }*/
+ }
+
+ private T[] _getForRange(T,Conn)(const(char)[] url, Conn conn)
+@@ -1629,14 +1629,14 @@ auto byLineAsync(Conn = AutoProtocol, Terminator = char, Char = char)
+
+ unittest
+ {
+- foreach (host; [testServer.addr, "http://"~testServer.addr])
++ /*foreach (host; [testServer.addr, "http://"~testServer.addr])
+ {
+ testServer.handle((s) {
+ auto req = s.recvReq;
+ s.send(httpOK("Line1\nLine2\nLine3"));
+ });
+ assert(byLineAsync(host).equal(["Line1", "Line2", "Line3"]));
+- }
++ }*/
+ }
+
+
+@@ -1778,14 +1778,14 @@ auto byChunkAsync(Conn = AutoProtocol)
+
+ unittest
+ {
+- foreach (host; [testServer.addr, "http://"~testServer.addr])
++ /*foreach (host; [testServer.addr, "http://"~testServer.addr])
+ {
+ testServer.handle((s) {
+ auto req = s.recvReq;
+ s.send(httpOK(cast(ubyte[])[0, 1, 2, 3, 4, 5]));
+ });
+ assert(byChunkAsync(host, 2).equal([[0, 1], [2, 3], [4, 5]]));
+- }
++ }*/
+ }
+
+
+@@ -2041,7 +2041,7 @@ private mixin template Protocol()
+
+ unittest
+ {
+- testServer.handle((s) {
++ /*testServer.handle((s) {
+ auto req = s.recvReq;
+ assert(req.hdrs.canFind("GET /"));
+ assert(req.hdrs.canFind("Basic dXNlcjpwYXNz"));
+@@ -2051,7 +2051,7 @@ private mixin template Protocol()
+ auto http = HTTP(testServer.addr);
+ http.onReceive = (ubyte[] data) { return data.length; };
+ http.setAuthentication("user", "pass");
+- http.perform();
++ http.perform();*/
+ }
+
+ /**
+@@ -2959,7 +2959,7 @@ struct HTTP
+
+ unittest
+ {
+- testServer.handle((s) {
++ /*testServer.handle((s) {
+ auto req = s.recvReq!ubyte;
+ assert(req.hdrs.canFind("POST /path"));
+ assert(req.bdy.canFind(cast(ubyte[])[0, 1, 2, 3, 4]));
+@@ -2975,7 +2975,7 @@ struct HTTP
+ ubyte[] res;
+ http.onReceive = (data) { res ~= data; return data.length; };
+ http.perform();
+- assert(res == cast(ubyte[])[17, 27, 35, 41]);
++ assert(res == cast(ubyte[])[17, 27, 35, 41]);*/
+ }
+
+ /**
+diff --git a/std/path.d b/std/path.d
+index 60c844f..0598104 100644
+--- a/std/path.d
++++ b/std/path.d
+@@ -3953,8 +3953,10 @@ unittest
+ }
+ else
+ {
++/*
+ assert(expandTilde("~root") == "/root", expandTilde("~root"));
+ assert(expandTilde("~root/") == "/root/", expandTilde("~root/"));
++*/
+ }
+ assert(expandTilde("~Idontexist/hey") == "~Idontexist/hey");
+ }
+diff --git a/std/socket.d b/std/socket.d
+index 7f5a3c3..e68b881 100644
+--- a/std/socket.d
++++ b/std/socket.d
+@@ -481,15 +481,15 @@ unittest
+ {
+ softUnittest({
+ Protocol proto = new Protocol;
+- assert(proto.getProtocolByType(ProtocolType.TCP));
++ //assert(proto.getProtocolByType(ProtocolType.TCP));
+ //writeln("About protocol TCP:");
+ //writefln("\tName: %s", proto.name);
+ // foreach(string s; proto.aliases)
+ // {
+ // writefln("\tAlias: %s", s);
+ // }
+- assert(proto.name == "tcp");
+- assert(proto.aliases.length == 1 && proto.aliases[0] == "TCP");
++ //assert(proto.name == "tcp");
++ //assert(proto.aliases.length == 1 && proto.aliases[0] == "TCP");
+ });
+ }
+
+@@ -832,9 +832,9 @@ unittest
+ InternetHost ih = new InternetHost;
+
+ ih.getHostByAddr(0x7F_00_00_01);
+- assert(ih.addrList[0] == 0x7F_00_00_01);
++ //assert(ih.addrList[0] == 0x7F_00_00_01);
+ ih.getHostByAddr("127.0.0.1");
+- assert(ih.addrList[0] == 0x7F_00_00_01);
++ //assert(ih.addrList[0] == 0x7F_00_00_01);
+
+ softUnittest({
+ if (!ih.getHostByName("www.digitalmars.com"))
diff --git a/gnu/packages/patches/libevent-2.0-evdns-fix-remote-stack-overread.patch b/gnu/packages/patches/libevent-2.0-evdns-fix-remote-stack-overread.patch
new file mode 100644
index 0000000000..f1907d53e2
--- /dev/null
+++ b/gnu/packages/patches/libevent-2.0-evdns-fix-remote-stack-overread.patch
@@ -0,0 +1,42 @@
+Fix buffer overread in libevents DNS code.
+
+Upstream bug report:
+
+https://github.com/libevent/libevent/issues/317
+
+Patch copied from upstream source repository:
+
+https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d
+
+From 3c570970516f48da35f42fef98276531fcc0abaa Mon Sep 17 00:00:00 2001
+From: Azat Khuzhin <a3at.mail@gmail.com>
+Date: Mon, 1 Feb 2016 17:32:09 +0300
+Subject: [PATCH] evdns: name_parse(): fix remote stack overread
+
+---
+ evdns.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/evdns.c b/evdns.c
+index 60b10485..137c24ea 100644
+--- a/evdns.c
++++ b/evdns.c
+@@ -960,7 +960,6 @@ name_parse(u8 *packet, int length, int *idx, char *name_out, int name_out_len) {
+
+ for (;;) {
+ u8 label_len;
+- if (j >= length) return -1;
+ GET8(label_len);
+ if (!label_len) break;
+ if (label_len & 0xc0) {
+@@ -981,6 +980,7 @@ name_parse(u8 *packet, int length, int *idx, char *name_out, int name_out_len) {
+ *cp++ = '.';
+ }
+ if (cp + label_len >= end) return -1;
++ if (j + label_len > length) return -1;
+ memcpy(cp, packet + j, label_len);
+ cp += label_len;
+ j += label_len;
+--
+2.11.0
+
diff --git a/gnu/packages/patches/libevent-2.0-evdns-fix-searching-empty-hostnames.patch b/gnu/packages/patches/libevent-2.0-evdns-fix-searching-empty-hostnames.patch
new file mode 100644
index 0000000000..c4ad0a1a4a
--- /dev/null
+++ b/gnu/packages/patches/libevent-2.0-evdns-fix-searching-empty-hostnames.patch
@@ -0,0 +1,40 @@
+Fix OOB read on empty hostnames in evdns.
+
+Upstream bug report:
+
+https://github.com/libevent/libevent/issues/332
+
+Patch copied from upstream source repository:
+
+https://github.com/libevent/libevent/commit/ec65c42052d95d2c23d1d837136d1cf1d9ecef9e
+
+From a0305cec166a5bc89f1eb362510cc4cd25ecc0bc Mon Sep 17 00:00:00 2001
+From: Azat Khuzhin <a3at.mail@gmail.com>
+Date: Fri, 25 Mar 2016 00:33:47 +0300
+Subject: [PATCH] evdns: fix searching empty hostnames
+
+---
+ evdns.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/evdns.c b/evdns.c
+index 137c24ea..6191c677 100644
+--- a/evdns.c
++++ b/evdns.c
+@@ -3122,9 +3122,12 @@ search_set_from_hostname(struct evdns_base *base) {
+ static char *
+ search_make_new(const struct search_state *const state, int n, const char *const base_name) {
+ const size_t base_len = strlen(base_name);
+- const char need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1;
++ char need_to_append_dot;
+ struct search_domain *dom;
+
++ if (!base_len) return NULL;
++ need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1;
++
+ for (dom = state->head; dom; dom = dom->next) {
+ if (!n--) {
+ /* this is the postfix we want */
+--
+2.11.0
+
diff --git a/gnu/packages/patches/libevent-2.0-evutil-fix-buffer-overflow.patch b/gnu/packages/patches/libevent-2.0-evutil-fix-buffer-overflow.patch
new file mode 100644
index 0000000000..4d16a4b917
--- /dev/null
+++ b/gnu/packages/patches/libevent-2.0-evutil-fix-buffer-overflow.patch
@@ -0,0 +1,42 @@
+Fix buffer overflow in evutil.
+
+Upstream bug report:
+
+https://github.com/libevent/libevent/issues/318
+
+Patch copied from upstream source repository:
+
+https://github.com/libevent/libevent/commit/329acc18a0768c21ba22522f01a5c7f46cacc4d5
+
+From 28bdc2f3f62259d21ccaf7be2b60ef0a53e6f342 Mon Sep 17 00:00:00 2001
+From: Azat Khuzhin <a3at.mail@gmail.com>
+Date: Sun, 31 Jan 2016 00:57:16 +0300
+Subject: [PATCH] evutil_parse_sockaddr_port(): fix buffer overflow
+
+---
+ evutil.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/evutil.c b/evutil.c
+index 33445170..e2dfe6e4 100644
+--- a/evutil.c
++++ b/evutil.c
+@@ -1808,12 +1808,12 @@ evutil_parse_sockaddr_port(const char *ip_as_string, struct sockaddr *out, int *
+
+ cp = strchr(ip_as_string, ':');
+ if (*ip_as_string == '[') {
+- int len;
++ size_t len;
+ if (!(cp = strchr(ip_as_string, ']'))) {
+ return -1;
+ }
+- len = (int) ( cp-(ip_as_string + 1) );
+- if (len > (int)sizeof(buf)-1) {
++ len = ( cp-(ip_as_string + 1) );
++ if (len > sizeof(buf)-1) {
+ return -1;
+ }
+ memcpy(buf, ip_as_string+1, len);
+--
+2.11.0
+
diff --git a/gnu/packages/patches/libevent-2.1-dns-tests.patch b/gnu/packages/patches/libevent-2.1-dns-tests.patch
new file mode 100644
index 0000000000..091752a49d
--- /dev/null
+++ b/gnu/packages/patches/libevent-2.1-dns-tests.patch
@@ -0,0 +1,26 @@
+Disable tests that rely on usable DNS lookups, which aren't available
+in build chroots.
+
+--- libevent-2.0.21-stable/test/regress_dns.c 2013-01-20 22:32:09.000000000 +0100
++++ libevent-2.0.21-stable/test/regress_dns.c 2013-01-20 22:32:30.000000000 +0100
+@@ -2120,10 +2120,6 @@
+
+ struct testcase_t dns_testcases[] = {
+ DNS_LEGACY(server, TT_FORK|TT_NEED_BASE),
+- DNS_LEGACY(gethostbyname, TT_FORK|TT_NEED_BASE|TT_NEED_DNS|TT_OFF_BY_DEFAULT),
+- DNS_LEGACY(gethostbyname6, TT_FORK|TT_NEED_BASE|TT_NEED_DNS|TT_OFF_BY_DEFAULT),
+- DNS_LEGACY(gethostbyaddr, TT_FORK|TT_NEED_BASE|TT_NEED_DNS|TT_OFF_BY_DEFAULT),
+- { "resolve_reverse", dns_resolve_reverse, TT_FORK|TT_OFF_BY_DEFAULT, NULL, NULL },
+ { "search_empty", dns_search_empty_test, TT_FORK|TT_NEED_BASE, &basic_setup, NULL },
+ { "search", dns_search_test, TT_FORK|TT_NEED_BASE, &basic_setup, NULL },
+ { "search_lower", dns_search_lower_test, TT_FORK|TT_NEED_BASE, &basic_setup, NULL },
+@@ -2163,9 +2159,6 @@
+
+ { "client_fail_requests", dns_client_fail_requests_test,
+ TT_FORK|TT_NEED_BASE, &basic_setup, NULL },
+- { "client_fail_requests_getaddrinfo",
+- dns_client_fail_requests_getaddrinfo_test,
+- TT_FORK|TT_NEED_BASE, &basic_setup, NULL },
+
+ END_OF_TESTCASES
+ };
diff --git a/gnu/packages/patches/libevent-2.1-skip-failing-test.patch b/gnu/packages/patches/libevent-2.1-skip-failing-test.patch
new file mode 100644
index 0000000000..d9ea1d422d
--- /dev/null
+++ b/gnu/packages/patches/libevent-2.1-skip-failing-test.patch
@@ -0,0 +1,24 @@
+These fail on 32-bit due to an overflow bug in the test program.
+
+See test/regress_util.c:1448.
+
+Upstream bug URL:
+
+https://github.com/libevent/libevent/issues/452
+
+diff --git a/test/regress_util.c b/test/regress_util.c
+index ef6a1487..4de501fc 100644
+--- a/test/regress_util.c
++++ b/test/regress_util.c
+@@ -1413,9 +1413,9 @@ static struct date_rfc1123_case {
+ { 1323648000, "Mon, 12 Dec 2011 00:00:00 GMT"},
+ #ifndef _WIN32
+ /** In win32 case we have max "23:59:59 January 18, 2038, UTC" for time32 */
+- { 4294967296, "Sun, 07 Feb 2106 06:28:16 GMT"} /* 2^32 */,
++ //{ 4294967296, "Sun, 07 Feb 2106 06:28:16 GMT"} /* 2^32 */,
+ /** In win32 case we have max "23:59:59, December 31, 3000, UTC" for time64 */
+- {253402300799, "Fri, 31 Dec 9999 23:59:59 GMT"} /* long long future no one can imagine */,
++ //{253402300799, "Fri, 31 Dec 9999 23:59:59 GMT"} /* long long future no one can imagine */,
+ { 1456704000, "Mon, 29 Feb 2016 00:00:00 GMT"} /* leap year */,
+ #endif
+ { 1435708800, "Wed, 01 Jul 2015 00:00:00 GMT"} /* leap second */,
diff --git a/gnu/packages/patches/omake-fix-non-determinism.patch b/gnu/packages/patches/omake-fix-non-determinism.patch
new file mode 100644
index 0000000000..813ce3cd7d
--- /dev/null
+++ b/gnu/packages/patches/omake-fix-non-determinism.patch
@@ -0,0 +1,41 @@
+From 2e7e254160506dc00f1beabf170512a8e932934b Mon Sep 17 00:00:00 2001
+From: Julien Lepiller <julien@lepiller.eu>
+Date: Sat, 31 Dec 2016 15:43:38 +0100
+Subject: [PATCH] fix build date in binary
+
+---
+ src/magic/omake_gen_magic.ml | 12 ++----------
+ 1 file changed, 2 insertions(+), 10 deletions(-)
+
+diff --git a/src/magic/omake_gen_magic.ml b/src/magic/omake_gen_magic.ml
+index b2419ba..fad52f5 100644
+--- a/src/magic/omake_gen_magic.ml
++++ b/src/magic/omake_gen_magic.ml
+@@ -150,7 +150,7 @@ let ir_magic = "%s"
+ let obj_magic = "%s"
+ let lib_dir = "%s"
+ let version = "%s"
+-let version_message = "OMake %s:\\n\\tbuild [%s %s %d %02d:%02d:%02d %d]\\n\\ton %s"
++let version_message = "OMake %s"
+ |}
+ default_save_interval
+ digest_len
+@@ -160,15 +160,7 @@ let version_message = "OMake %s:\\n\\tbuild [%s %s %d %02d:%02d:%02d %d]\\n\\ton
+ (digest_files ".omo.magic" ".omo" omo_files)
+ (String.escaped libdir)
+ (String.escaped (shorten_version version))
+- (String.escaped version)
+- [|"Sun"; "Mon"; "Tue"; "Wed"; "Thu"; "Fri"; "Sat"|].(tm.tm_wday)
+- [|"Jan"; "Feb"; "Mar"; "Apr"; "May"; "Jun"; "Jul"; "Aug"; "Sep"; "Oct"; "Nov"; "Dec"|].(tm.tm_mon)
+- tm.tm_mday
+- tm.tm_hour
+- tm.tm_min
+- tm.tm_sec
+- (tm.tm_year + 1900)
+- (String.escaped (Unix.gethostname ()));
++ (String.escaped version);
+ List.iter
+ (fun (name,value) ->
+ Printf.fprintf buf "let %s = %S\n" name value
+--
+2.11.0
diff --git a/gnu/packages/patches/xinetd-CVE-2013-4342.patch b/gnu/packages/patches/xinetd-CVE-2013-4342.patch
new file mode 100644
index 0000000000..ad57bc7b0e
--- /dev/null
+++ b/gnu/packages/patches/xinetd-CVE-2013-4342.patch
@@ -0,0 +1,36 @@
+Fix CVE-2013-4342:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4342
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678
+
+Patch copied from upstream source repository:
+
+https://github.com/xinetd-org/xinetd/commit/91e2401a219121eae15244a6b25d2e79c1af5864
+
+From 91e2401a219121eae15244a6b25d2e79c1af5864 Mon Sep 17 00:00:00 2001
+From: Thomas Swan <thomas.swan@gmail.com>
+Date: Wed, 2 Oct 2013 23:17:17 -0500
+Subject: [PATCH] CVE-2013-4342: xinetd: ignores user and group directives for
+ TCPMUX services
+
+Originally reported to Debian in 2005 <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678> and rediscovered <https://bugzilla.redhat.com/show_bug.cgi?id=1006100>, xinetd would execute TCPMUX services without dropping privilege to match the service configuration allowing the service to run with same privilege as the xinetd process (root).
+---
+ xinetd/builtins.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/xinetd/builtins.c b/xinetd/builtins.c
+index 3b85579..34a5bac 100644
+--- a/xinetd/builtins.c
++++ b/xinetd/builtins.c
+@@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp )
+ if( SC_IS_INTERNAL( scp ) ) {
+ SC_INTERNAL(scp, nserp);
+ } else {
+- exec_server(nserp);
++ child_process(nserp);
+ }
+ }
+
+--
+2.7.4
+
diff --git a/gnu/packages/patches/xinetd-fix-fd-leak.patch b/gnu/packages/patches/xinetd-fix-fd-leak.patch
new file mode 100644
index 0000000000..77e4600185
--- /dev/null
+++ b/gnu/packages/patches/xinetd-fix-fd-leak.patch
@@ -0,0 +1,26 @@
+Fix a file descriptor leak:
+
+https://github.com/xinetd-org/xinetd/issues/23
+
+Patch copied from Debian:
+
+https://anonscm.debian.org/cgit/collab-maint/xinetd.git/tree/debian/patches/000012-fix_fd_leak
+
+Patch sent upstream at https://github.com/xinetd-org/xinetd/pull/26.
+
+diff --git a/xinetd/xgetloadavg.c b/xinetd/xgetloadavg.c
+index 5a26214..fe0f872 100644
+--- a/xinetd/xgetloadavg.c
++++ b/xinetd/xgetloadavg.c
+@@ -34,7 +34,7 @@ double xgetloadavg(void)
+
+ if( fscanf(fd, "%lf", &ret) != 1 ) {
+ perror("fscanf");
+- return -1;
++ ret = -1;
+ }
+
+ fclose(fd);
+--
+2.7.4
+