diff options
author | Ludovic Courtès <ludo@gnu.org> | 2016-01-13 17:50:17 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2016-01-13 18:18:48 +0100 |
commit | 8c986ab12034d67db836a881f57c69754d8073ae (patch) | |
tree | bf5183011119695ac549d4cfff4dc2175e659397 /gnu/packages/patches | |
parent | 203795aceaabec0e0e5818e1650ad407d825d1b3 (diff) | |
parent | 7a2eed3aac1ecd0bdf293e33a234fad58f2e5f9e (diff) | |
download | guix-8c986ab12034d67db836a881f57c69754d8073ae.tar guix-8c986ab12034d67db836a881f57c69754d8073ae.tar.gz |
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches')
17 files changed, 794 insertions, 228 deletions
diff --git a/gnu/packages/patches/asymptote-gsl2.patch b/gnu/packages/patches/asymptote-gsl2.patch new file mode 100644 index 0000000000..4f73d16d7f --- /dev/null +++ b/gnu/packages/patches/asymptote-gsl2.patch @@ -0,0 +1,33 @@ +From 71ff9e769ba5d9995b367201f0d41b7a8dedab9d Mon Sep 17 00:00:00 2001 +From: John Bowman <bowman@ualberta.ca> +Date: Sat, 14 Nov 2015 01:25:56 -0700 +Subject: [PATCH] Support GSL 2.0. + +--- + gsl.cc | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/gsl.cc b/gsl.cc +index b500557..0f81dc6 100644 +--- a/gsl.cc ++++ b/gsl.cc +@@ -27,6 +27,7 @@ + #include <gsl/gsl_rng.h> + #include <gsl/gsl_randist.h> + #include <gsl/gsl_cdf.h> ++#include <gsl/gsl_version.h> + + #include "opsymbols.h" + +@@ -1088,7 +1089,11 @@ void gen_rungsl_venv(venv &ve) + addGSLDOUBLE2Func<gsl_sf_ellint_F>(SYM(F)); + addGSLDOUBLE2Func<gsl_sf_ellint_E>(SYM(E)); + addGSLDOUBLE3Func<gsl_sf_ellint_P>(SYM(P),SYM(phi),SYM(k),SYM(n)); ++#if GSL_MAJOR_VERSION >= 2 ++ addGSLDOUBLE2Func<gsl_sf_ellint_D>(SYM(D),SYM(phi),SYM(k)); ++#else + addGSLDOUBLE3Func<gsl_sf_ellint_D>(SYM(D),SYM(phi),SYM(k),SYM(n)); ++#endif + addGSLDOUBLE2Func<gsl_sf_ellint_RC>(SYM(RC),SYM(x),SYM(y)); + addGSLDOUBLE3Func<gsl_sf_ellint_RD>(SYM(RD),SYM(x),SYM(y),SYM(z)); + addGSLDOUBLE3Func<gsl_sf_ellint_RF>(SYM(RF),SYM(x),SYM(y),SYM(z)); diff --git a/gnu/packages/patches/bedtools-32bit-compilation.patch b/gnu/packages/patches/bedtools-32bit-compilation.patch deleted file mode 100644 index bc567f3f6b..0000000000 --- a/gnu/packages/patches/bedtools-32bit-compilation.patch +++ /dev/null @@ -1,171 +0,0 @@ -Fixed in upstream, see -https://github.com/arq5x/bedtools2/issues/271 - -From b47dbefcb57f8e6c4fe397f64346338620740b71 Mon Sep 17 00:00:00 2001 -From: arq5x <arq5x@virginia.edu> -Date: Wed, 15 Jul 2015 15:15:23 -0600 -Subject: [PATCH] settle on uint32_t signature for QuickString. Resolves #267 - and #271? - ---- - src/coverageFile/coverageFile.cpp | 24 ++++++++++++------------ - src/utils/general/QuickString.cpp | 27 ++++++++++++++------------- - src/utils/general/QuickString.h | 6 +++--- - 3 files changed, 29 insertions(+), 28 deletions(-) - -diff --git a/src/coverageFile/coverageFile.cpp b/src/coverageFile/coverageFile.cpp -index 859cfdc..0fb544b 100644 ---- a/src/coverageFile/coverageFile.cpp -+++ b/src/coverageFile/coverageFile.cpp -@@ -83,11 +83,11 @@ void CoverageFile::giveFinalReport(RecordOutputMgr *outputMgr) { - float depthPct = (float)basesAtDepth / (float)_totalQueryLen; - - _finalOutput = "all\t"; -- _finalOutput.append(depth); -+ _finalOutput.append(static_cast<uint32_t>(depth)); - _finalOutput.append("\t"); -- _finalOutput.append(basesAtDepth); -+ _finalOutput.append(static_cast<uint32_t>(basesAtDepth)); - _finalOutput.append("\t"); -- _finalOutput.append(_totalQueryLen); -+ _finalOutput.append(static_cast<uint32_t>(_totalQueryLen)); - _finalOutput.append("\t"); - format(depthPct); - -@@ -138,7 +138,7 @@ size_t CoverageFile::countBasesAtDepth(size_t depth) { - - void CoverageFile::doCounts(RecordOutputMgr *outputMgr, RecordKeyVector &hits) - { -- _finalOutput = hits.size(); -+ _finalOutput = static_cast<uint32_t>(hits.size()); - outputMgr->printRecord(hits.getKey(), _finalOutput); - } - -@@ -147,9 +147,9 @@ void CoverageFile::doPerBase(RecordOutputMgr *outputMgr, RecordKeyVector &hits) - //loop through all bases in query, printing full record and metrics for each - const Record * queryRec = hits.getKey(); - for (size_t i= 0; i < _queryLen; i++) { -- _finalOutput = i +1; -+ _finalOutput = static_cast<uint32_t>(i+1); - _finalOutput.append("\t"); -- _finalOutput.append(_depthArray[i]); -+ _finalOutput.append(static_cast<uint32_t>(_depthArray[i])); - - outputMgr->printRecord(queryRec, _finalOutput); - } -@@ -181,11 +181,11 @@ void CoverageFile::doHist(RecordOutputMgr *outputMgr, RecordKeyVector &hits) - size_t numBasesAtDepth = iter->second; - float coveredBases = (float)numBasesAtDepth / (float)_queryLen; - -- _finalOutput = depth; -+ _finalOutput = static_cast<uint32_t>(depth); - _finalOutput.append("\t"); -- _finalOutput.append(numBasesAtDepth); -+ _finalOutput.append(static_cast<uint32_t>(numBasesAtDepth)); - _finalOutput.append("\t"); -- _finalOutput.append(_queryLen); -+ _finalOutput.append(static_cast<uint32_t>(_queryLen)); - _finalOutput.append("\t"); - format(coveredBases); - -@@ -199,11 +199,11 @@ void CoverageFile::doDefault(RecordOutputMgr *outputMgr, RecordKeyVector &hits) - size_t nonZeroBases = _queryLen - countBasesAtDepth(0); - float coveredBases = (float)nonZeroBases / (float)_queryLen; - -- _finalOutput = hits.size(); -+ _finalOutput = static_cast<uint32_t>(hits.size()); - _finalOutput.append("\t"); -- _finalOutput.append(nonZeroBases); -+ _finalOutput.append(static_cast<uint32_t>(nonZeroBases)); - _finalOutput.append("\t"); -- _finalOutput.append(_queryLen); -+ _finalOutput.append(static_cast<uint32_t>(_queryLen)); - _finalOutput.append("\t"); - format(coveredBases); - -diff --git a/src/utils/general/QuickString.cpp b/src/utils/general/QuickString.cpp -index 0757009..a83263e 100644 ---- a/src/utils/general/QuickString.cpp -+++ b/src/utils/general/QuickString.cpp -@@ -105,11 +105,11 @@ QuickString &QuickString::operator = (uint32_t val) { - return *this; - } - --QuickString &QuickString::operator = (size_t val) { -- clear(); -- append(val); -- return *this; --} -+// QuickString &QuickString::operator = (size_t val) { -+// clear(); -+// append(val); -+// return *this; -+// } - - QuickString &QuickString::operator = (float val) { - clear(); -@@ -158,10 +158,11 @@ QuickString &QuickString::operator += (uint32_t num) { - return *this; - } - --QuickString &QuickString::operator += (size_t num) { -- append(num); -- return *this; --} -+// QuickString &QuickString::operator += (size_t num) { -+// append(num); -+// return *this; -+// } -+ - QuickString &QuickString::operator += (float num) { - append(num); - return *this; -@@ -273,12 +274,12 @@ void QuickString::append(int num) { - } - - void QuickString::append(uint32_t num) { -- int2str((int)num, *this, true); -+ int2str((int)num, *this, true); - } - --void QuickString::append(size_t num) { -- int2str((int)num, *this, true); --} -+// void QuickString::append(size_t num) { -+// int2str((int)num, *this, true); -+// } - - void QuickString::append(float num) { - append(ToString(num)); -diff --git a/src/utils/general/QuickString.h b/src/utils/general/QuickString.h -index b43fdfc..6e6fa94 100644 ---- a/src/utils/general/QuickString.h -+++ b/src/utils/general/QuickString.h -@@ -38,7 +38,7 @@ class QuickString { - QuickString &operator = (char); - QuickString &operator = (int); - QuickString &operator = (uint32_t); -- QuickString &operator = (size_t); -+ //QuickString &operator = (size_t); - QuickString &operator = (float); - QuickString &operator = (double); - QuickString &operator += (const QuickString &); -@@ -47,7 +47,7 @@ class QuickString { - QuickString &operator += (char); - QuickString &operator += (int); - QuickString &operator += (uint32_t); -- QuickString &operator += (size_t); -+ //QuickString &operator += (size_t); - QuickString &operator += (float); - QuickString &operator += (double); - -@@ -74,7 +74,7 @@ class QuickString { - //for better performance. - void append(int num); - void append(uint32_t num); -- void append(size_t num); -+ //void append(size_t num); - void append(float num); - void append(double num); - - diff --git a/gnu/packages/patches/boost-mips-avoid-m32.patch b/gnu/packages/patches/boost-mips-avoid-m32.patch deleted file mode 100644 index 811c9fb3aa..0000000000 --- a/gnu/packages/patches/boost-mips-avoid-m32.patch +++ /dev/null @@ -1,15 +0,0 @@ -The following patch prevents the use of the -m32 flag on mips, where it -is not understood by gcc, as well as other non-x86 architectures. - -diff -u -r boost_1_58_0.orig/tools/build/src/tools/gcc.jam boost_1_58_0/tools/build/src/tools/gcc.jam ---- boost_1_58_0.orig/tools/build/src/tools/gcc.jam 2015-04-04 19:25:07.000000000 +0200 -+++ boost_1_58_0/tools/build/src/tools/gcc.jam 2015-07-10 01:08:19.822733823 +0200 -@@ -451,7 +451,7 @@ - else - { - local arch = [ feature.get-values architecture : $(properties) ] ; -- if $(arch) != arm -+ if $(arch) = x86 - { - if $(model) = 32 - { diff --git a/gnu/packages/patches/csound-header-ordering.patch b/gnu/packages/patches/csound-header-ordering.patch new file mode 100644 index 0000000000..3640d123dd --- /dev/null +++ b/gnu/packages/patches/csound-header-ordering.patch @@ -0,0 +1,20 @@ +Prevent compilation issues with boost-1.60.0. + +Reported upstream at https://github.com/csound/csound/issues/570 + +--- Csound6.05/Opcodes/chua/ChuaOscillator.cpp 2015-04-25 14:06:22.995646234 -0500 ++++ Csound6.05/Opcodes/chua/ChuaOscillator.cpp 2015-12-21 10:31:58.182362640 -0600 +@@ -117,11 +117,12 @@ + // d = sys_variables(12); + // gnor = a*(x.^3) + b*(x.^2) + c*x + d; + +-#include <OpcodeBase.hpp> + #include <boost/numeric/ublas/vector.hpp> + using namespace boost::numeric; + #include <cmath> + ++#include <OpcodeBase.hpp> ++ + #undef CS_KSMPS + #define CS_KSMPS (opds.insdshead->ksmps) + diff --git a/gnu/packages/patches/gtk2-respect-GUIX_GTK2_PATH.patch b/gnu/packages/patches/gtk2-respect-GUIX_GTK2_PATH.patch new file mode 100644 index 0000000000..93a8ddc242 --- /dev/null +++ b/gnu/packages/patches/gtk2-respect-GUIX_GTK2_PATH.patch @@ -0,0 +1,46 @@ +This patch makes GTK+ look for additional modules in a list of directories +specified by the environment variable "GUIX_GTK2_PATH". This can be used +instead of "GTK_PATH" to make GTK+ find modules that are incompatible with +other major versions of GTK+. + +--- a/gtk/gtkmodules.c 2014-09-29 22:02:17.000000000 +0200 ++++ b/gtk/gtkmodules.c 2015-12-02 18:41:53.306396938 +0100 +@@ -55,6 +55,7 @@ + get_module_path (void) + { + const gchar *module_path_env; ++ const gchar *module_guix_gtk2_path_env; + const gchar *exe_prefix; + const gchar *home_dir; + gchar *home_gtk_dir = NULL; +@@ -70,6 +71,7 @@ + home_gtk_dir = g_build_filename (home_dir, ".gtk-2.0", NULL); + + module_path_env = g_getenv ("GTK_PATH"); ++ module_guix_gtk2_path_env = g_getenv ("GUIX_GTK2_PATH"); + exe_prefix = g_getenv ("GTK_EXE_PREFIX"); + + if (exe_prefix) +@@ -77,9 +79,21 @@ + else + default_dir = g_build_filename (GTK_LIBDIR, "gtk-2.0", NULL); + +- if (module_path_env && home_gtk_dir) ++ if (module_guix_gtk2_path_env && module_path_env && home_gtk_dir) ++ module_path = g_build_path (G_SEARCHPATH_SEPARATOR_S, ++ module_guix_gtk2_path_env, module_path_env, home_gtk_dir, default_dir, NULL); ++ else if (module_guix_gtk2_path_env && home_gtk_dir) ++ module_path = g_build_path (G_SEARCHPATH_SEPARATOR_S, ++ module_guix_gtk2_path_env, home_gtk_dir, default_dir, NULL); ++ else if (module_guix_gtk2_path_env && module_path_env) ++ module_path = g_build_path (G_SEARCHPATH_SEPARATOR_S, ++ module_guix_gtk2_path_env, module_path_env, default_dir, NULL); ++ else if (module_path_env && home_gtk_dir) + module_path = g_build_path (G_SEARCHPATH_SEPARATOR_S, + module_path_env, home_gtk_dir, default_dir, NULL); ++ else if (module_guix_gtk2_path_env) ++ module_path = g_build_path (G_SEARCHPATH_SEPARATOR_S, ++ module_guix_gtk2_path_env, default_dir, NULL); + else if (module_path_env) + module_path = g_build_path (G_SEARCHPATH_SEPARATOR_S, + module_path_env, default_dir, NULL); diff --git a/gnu/packages/patches/gtk3-respect-GUIX_GTK3_PATH.patch b/gnu/packages/patches/gtk3-respect-GUIX_GTK3_PATH.patch new file mode 100644 index 0000000000..66fd2fd1c4 --- /dev/null +++ b/gnu/packages/patches/gtk3-respect-GUIX_GTK3_PATH.patch @@ -0,0 +1,38 @@ +This patch makes GTK+ look for additional modules in a list of directories +specified by the environment variable "GUIX_GTK3_PATH". This can be used +instead of "GTK_PATH" to make GTK+ find modules that are incompatible with +other major versions of GTK+. + +--- a/gtk/gtkmodules.c 2015-09-20 20:09:05.060590217 +0200 ++++ b/gtk/gtkmodules.c 2015-09-20 20:10:33.423124833 +0200 +@@ -52,6 +52,7 @@ + get_module_path (void) + { + const gchar *module_path_env; ++ const gchar *module_guix_gtk3_path_env; + const gchar *exe_prefix; + gchar *module_path; + gchar *default_dir; +@@ -61,6 +62,7 @@ + return result; + + module_path_env = g_getenv ("GTK_PATH"); ++ module_guix_gtk3_path_env = g_getenv ("GUIX_GTK3_PATH"); + exe_prefix = g_getenv ("GTK_EXE_PREFIX"); + + if (exe_prefix) +@@ -68,7 +70,13 @@ + else + default_dir = g_build_filename (_gtk_get_libdir (), "gtk-3.0", NULL); + +- if (module_path_env) ++ if (module_guix_gtk3_path_env && module_path_env) ++ module_path = g_build_path (G_SEARCHPATH_SEPARATOR_S, ++ module_guix_gtk3_path_env, module_path_env, default_dir, NULL); ++ else if (module_guix_gtk3_path_env) ++ module_path = g_build_path (G_SEARCHPATH_SEPARATOR_S, ++ module_guix_gtk3_path_env, default_dir, NULL); ++ else if (module_path_env) + module_path = g_build_path (G_SEARCHPATH_SEPARATOR_S, + module_path_env, default_dir, NULL); + else diff --git a/gnu/packages/patches/julia-0.3.10-fix-empty-array.patch b/gnu/packages/patches/julia-0.3.10-fix-empty-array.patch deleted file mode 100644 index b00f6549e3..0000000000 --- a/gnu/packages/patches/julia-0.3.10-fix-empty-array.patch +++ /dev/null @@ -1,13 +0,0 @@ -See https://github.com/JuliaLang/julia/issues/11817 - ---- a/src/codegen.cpp 2015-06-24 12:44:31.218674066 +0200 -+++ b/src/codegen.cpp 2015-04-23 11:19:50.000000000 +0200 -@@ -4551,7 +4551,7 @@ - #ifdef V128_BUG - "-avx", - #endif -- }; -+ ""}; - SmallVector<std::string, 4> MAttrs(mattr, mattr+sizeof(mattr)/sizeof(mattr[0])); - EngineBuilder eb = EngineBuilder(engine_module) - .setEngineKind(EngineKind::JIT) diff --git a/gnu/packages/patches/ldc-disable-tests.patch b/gnu/packages/patches/ldc-disable-tests.patch new file mode 100644 index 0000000000..3f5e6c29a1 --- /dev/null +++ b/gnu/packages/patches/ldc-disable-tests.patch @@ -0,0 +1,90 @@ +This patch fixes a failing unit test by feeding buildNormalizedPath to the +tzdata properly. Three other tests are disabled, one assumes /root and the +two others use networking. Not bad out of almost 700 tests! + +by Pjotr Prins <pjotr.guix@thebird.nl> + +diff --git a/std/datetime.d b/std/datetime.d +index 8e4ed3b..6c15bc5 100644 +--- a/std/datetime.d ++++ b/std/datetime.d +@@ -28018,6 +28018,7 @@ public: + The default directory where the TZ Database files are. It's empty + for Windows, since Windows doesn't have them. + +/ ++ + enum defaultTZDatabaseDir = "/usr/share/zoneinfo/"; + } + else version(Windows) +@@ -28069,14 +28070,13 @@ assert(tz.dstName == "PDT"); + import std.range : retro; + import std.format : format; + +- name = strip(name); +- + enforce(tzDatabaseDir.exists(), new DateTimeException(format("Directory %s does not exist.", tzDatabaseDir))); + enforce(tzDatabaseDir.isDir, new DateTimeException(format("%s is not a directory.", tzDatabaseDir))); + +- immutable file = buildNormalizedPath(tzDatabaseDir, name); ++ auto filename = "./" ~ strip(name); // make sure the prefix is not stripped ++ immutable file = buildNormalizedPath(tzDatabaseDir, filename); + +- enforce(file.exists(), new DateTimeException(format("File %s does not exist.", file))); ++ enforce(file.exists(), new DateTimeException(format("File %s does not exist in %s.", file, tzDatabaseDir))); + enforce(file.isFile, new DateTimeException(format("%s is not a file.", file))); + + auto tzFile = File(file); +diff --git a/std/path.d b/std/path.d +index 254d8f0..b0fc04d 100644 +--- a/std/path.d ++++ b/std/path.d +@@ -3080,8 +3080,11 @@ unittest + } + else + { ++ pragma(msg, "test disabled on GNU Guix"); ++/* + assert(expandTilde("~root") == "/root", expandTilde("~root")); + assert(expandTilde("~root/") == "/root/", expandTilde("~root/")); ++*/ + } + assert(expandTilde("~Idontexist/hey") == "~Idontexist/hey"); + } +diff --git a/std/socket.d b/std/socket.d +index b85d1c9..7fbf346 100644 +--- a/std/socket.d ++++ b/std/socket.d +@@ -517,6 +517,8 @@ class Protocol + + unittest + { ++ pragma(msg, "test disabled on GNU Guix"); ++/* + // getprotobyname,number are unimplemented on Android + softUnittest({ + Protocol proto = new Protocol; +@@ -530,6 +532,7 @@ unittest + assert(proto.name == "tcp"); + assert(proto.aliases.length == 1 && proto.aliases[0] == "TCP"); + }); ++*/ + } + + +@@ -859,6 +862,8 @@ class InternetHost + + unittest + { ++ pragma(msg, "test disabled on GNU Guix"); ++ /* + InternetHost ih = new InternetHost; + + ih.getHostByAddr(0x7F_00_00_01); +@@ -889,6 +894,7 @@ unittest + // writefln("aliases[%d] = %s", i, s); + // } + }); ++ */ + } + + diff --git a/gnu/packages/patches/libcmis-fix-test-onedrive.patch b/gnu/packages/patches/libcmis-fix-test-onedrive.patch new file mode 100644 index 0000000000..adf2e0b8e5 --- /dev/null +++ b/gnu/packages/patches/libcmis-fix-test-onedrive.patch @@ -0,0 +1,35 @@ +Patch from resolution of http://sourceforge.net/p/libcmis/tickets/13/ + +From 814c7845d53688b35a747cf193c2ff99e40a8652 Mon Sep 17 00:00:00 2001 +From: Jonathan Wakely <jwakely@redhat.com> +Date: Wed, 2 Sep 2015 16:35:45 +0100 +Subject: [PATCH 5/5] Remove invalid comments from test JSON file. + +--- + qa/libcmis/data/onedrive/search-result.json | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/qa/libcmis/data/onedrive/search-result.json b/qa/libcmis/data/onedrive/search-result.json +index 61d250a..2482429 100644 +--- a/qa/libcmis/data/onedrive/search-result.json ++++ b/qa/libcmis/data/onedrive/search-result.json +@@ -8,7 +8,7 @@ + }, + "name":"OneDriveFile", + "description":"", +- "parent_id":"folderA", // path: /A/Wrong File ++ "parent_id":"folderA", + "size":18047, + "upload_location":"https://apis.live.net/v5.0/wrongFileId/content/", + "comments_count":0, +@@ -32,7 +32,7 @@ + }, + "name":"OneDriveFile", + "description":"", +- "parent_id":"folderC", // path: /A/B/C/Right File ++ "parent_id":"folderC", + "size":4, + "upload_location":"https://apis.live.net/v5.0/rightFileId/content/", + "comments_count":0, +-- +2.4.3
\ No newline at end of file diff --git a/gnu/packages/patches/nss-pkgconfig.patch b/gnu/packages/patches/nss-pkgconfig.patch index 80c0c5b009..e611f69bea 100644 --- a/gnu/packages/patches/nss-pkgconfig.patch +++ b/gnu/packages/patches/nss-pkgconfig.patch @@ -7,8 +7,10 @@ Modifications: Remove optional patching in nss/Makefile. Include -L$libdir in output from "nss-config --libs". ---- nss-3.17.1/nss/config/Makefile -+++ nss-3.17.1/nss/config/Makefile +Later adapted to apply cleanly to nss-3.21. + +--- nss-3.21/nss/config/Makefile ++++ nss-3.21/nss/config/Makefile @@ -0,0 +1,40 @@ +CORE_DEPTH = .. +DEPTH = .. @@ -50,8 +52,8 @@ Modifications: + +dummy: all export libs + ---- nss-3.17.1/nss/config/nss-config.in -+++ nss-3.17.1/nss/config/nss-config.in +--- nss-3.21/nss/config/nss-config.in ++++ nss-3.21/nss/config/nss-config.in @@ -0,0 +1,145 @@ +#!/bin/sh + @@ -198,8 +200,8 @@ Modifications: + echo $libdirs +fi + ---- nss-3.17.1/nss/config/nss.pc.in -+++ nss-3.17.1/nss/config/nss.pc.in +--- nss-3.21/nss/config/nss.pc.in ++++ nss-3.21/nss/config/nss.pc.in @@ -0,0 +1,12 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ @@ -213,14 +215,11 @@ Modifications: +Libs: -L${libdir} -lssl3 -lsmime3 -lnss3 -lnssutil3 +Cflags: -I${includedir} + ---- nss-3.17.1/nss/manifest.mn -+++ nss-3.17.1/nss/manifest.mn -@@ -10,7 +10,7 @@ +--- nss-3.21/nss/manifest.mn ++++ nss-3.21/nss/manifest.mn +@@ -10,4 +10,4 @@ RELEASE = nss --DIRS = coreconf lib cmd -+DIRS = coreconf lib cmd config - - ifdef NSS_BUILD_GTESTS - DIRS += external_tests +-DIRS = coreconf lib cmd external_tests ++DIRS = coreconf lib cmd external_tests config diff --git a/gnu/packages/patches/openimageio-boost-1.60.patch b/gnu/packages/patches/openimageio-boost-1.60.patch new file mode 100644 index 0000000000..92fc3237bb --- /dev/null +++ b/gnu/packages/patches/openimageio-boost-1.60.patch @@ -0,0 +1,47 @@ +From 875fbbd92695397bfc83d1cd5fdd4094e1d50199 Mon Sep 17 00:00:00 2001 +From: Larry Gritz <lg@larrygritz.com> +Date: Mon, 28 Dec 2015 11:46:07 -0800 +Subject: [PATCH] Python ImageCache binding fixes -- disable broken calls + +Some of these calls (thankfully undocumented and presumably unused) +are horribly broken. They compiled before, but with new Boost 1.60 +they don't even compile properly. So just comment them out on this +obsolete branch. They are fully fixed in RB-1.6 and beyond. + +--- a/src/python/py_imagecache.cpp ++++ b/src/python/py_imagecache.cpp +@@ -199,23 +199,24 @@ void declare_imagecache() + .def("destroy", &ImageCacheWrap::destroy) + .staticmethod("destroy") + .def("clear", &ImageCacheWrap::clear) +- .def("attribute", &ImageCacheWrap::attribute) ++ // .def("attribute", &ImageCacheWrap::attribute) + .def("attribute", &ImageCacheWrap::attribute_int) + .def("attribute", &ImageCacheWrap::attribute_float) +- .def("attribute", &ImageCacheWrap::attribute_double) +- .def("attribute", &ImageCacheWrap::attribute_char) ++ // .def("attribute", &ImageCacheWrap::attribute_double) ++ // .def("attribute", &ImageCacheWrap::attribute_char) + .def("attribute", &ImageCacheWrap::attribute_string) +- .def("getattribute", &ImageCacheWrap::attribute) ++ // .def("getattribute", &ImageCacheWrap::attribute) + .def("getattribute", &ImageCacheWrap::getattribute_int) + .def("getattribute", &ImageCacheWrap::getattribute_float) +- .def("getattribute", &ImageCacheWrap::getattribute_double) +- .def("getattribute", &ImageCacheWrap::getattribute_char) ++ // .def("getattribute", &ImageCacheWrap::getattribute_double) ++ // .def("getattribute", &ImageCacheWrap::getattribute_char) + .def("getattribute", &ImageCacheWrap::getattribute_string) +- .def("resolve_filename", &ImageCacheWrap::resolve_filename) +- .def("get_image_info", &ImageCacheWrap::get_image_info) +- .def("get_image_info", &ImageCacheWrap::get_image_info_old) ++ // .def("get_image_info", &ImageCacheWrap::get_image_info) ++ // .def("get_image_info", &ImageCacheWrap::get_image_info_old) + .def("get_imagespec", &ImageCacheWrap::get_imagespec) +- .def("get_pixels", &ImageCacheWrap::get_pixels) ++ // .def("get_pixels", &ImageCacheWrap::get_pixels) ++ .def("resolve_filename", &ImageCacheWrap::resolve_filename) ++ + // .def("get_tile", &ImageCacheWrap::get_tile) + // .def("release_tile", &ImageCacheWrap::release_tile) + // .def("tile_pixels", &ImageCacheWrap::tile_pixels) diff --git a/gnu/packages/patches/sudo-CVE-2015-5602.patch b/gnu/packages/patches/sudo-CVE-2015-5602.patch new file mode 100644 index 0000000000..36c90fbee7 --- /dev/null +++ b/gnu/packages/patches/sudo-CVE-2015-5602.patch @@ -0,0 +1,372 @@ +Based on the patch from https://www.sudo.ws/repos/sudo/raw-rev/c2e36a80a279 +Backported to 1.8.15 by Mark H Weaver <mhw@netris.org> + +# HG changeset patch +# User Todd C. Miller <Todd.Miller@courtesan.com> +# Date 1452475889 25200 +# Node ID c2e36a80a27927c32cba55afae78b8dc830cddc3 +# Parent 94ffd6b18431fa4b9ed0a0c3f0b7b9582a4f6bde +Rewritten sudoedit_checkdir support that checks all the dirs in the +path and refuses to follow symlinks in writable directories. +This is a better fix for CVE-2015-5602. +Adapted from a diff by Ben Hutchings. Bug #707 + +diff -r 94ffd6b18431 -r c2e36a80a279 doc/CONTRIBUTORS +--- a/doc/CONTRIBUTORS Mon Jan 04 10:47:11 2016 -0700 ++++ b/doc/CONTRIBUTORS Sun Jan 10 18:31:29 2016 -0700 +@@ -58,6 +58,7 @@ + Holloway, Nick + Hoover, Adam + Hunter, Michael T. ++ Hutchings, Ben + Irrgang, Eric + Jackson, Brian + Jackson, John R. +diff -r 94ffd6b18431 -r c2e36a80a279 doc/UPGRADE +--- a/doc/UPGRADE Mon Jan 04 10:47:11 2016 -0700 ++++ b/doc/UPGRADE Sun Jan 10 18:31:29 2016 -0700 +@@ -1,6 +1,15 @@ + Notes on upgrading from an older release + ======================================== + ++o Upgrading from a version prior to the post-1.8.15 fix for CVE-2015-5602. ++ ++ The meaning of the sudoedit_checkdir sudoers option has changed. ++ Previously, it would only check the parent directory ++ of the file to be edited. After the CVE fix, all directories ++ in the path to be edited are checked and sudoedit will refuse ++ to follow a symbolic link in a directory that is writable by ++ the invoking user. ++ + o Upgrading from a version prior to 1.8.15: + + Prior to version 1.8.15, when env_reset was enabled (the default) +diff -r 94ffd6b18431 -r c2e36a80a279 doc/sudoers.cat +--- a/doc/sudoers.cat Mon Jan 04 10:47:11 2016 -0700 ++++ b/doc/sudoers.cat Sun Jan 10 18:31:29 2016 -0700 +@@ -1275,12 +1275,15 @@ + system call. This flag is _o_f_f by default. + + sudoedit_checkdir +- If set, ssuuddooeeddiitt will refuse to edit files located in a +- directory that is writable by the invoking user unless +- it is run by root. On many systems, this option +- requires that the parent directory of the file to be +- edited be readable by the target user. This flag is +- _o_f_f by default. ++ If set, ssuuddooeeddiitt will check directories in the path to ++ be edited for writability by the invoking user. ++ Symbolic links will not be followed in writable ++ directories and ssuuddooeeddiitt will also refuse to edit a ++ file located in a writable directory. Theses ++ restrictions are not enforced when ssuuddooeeddiitt is invoked ++ as root. On many systems, this option requires that ++ all directories in the path to be edited be readable by ++ the target user. This flag is _o_f_f by default. + + sudoedit_follow By default, ssuuddooeeddiitt will not follow symbolic links + when opening files. The _s_u_d_o_e_d_i_t___f_o_l_l_o_w option can be +diff -r 94ffd6b18431 -r c2e36a80a279 doc/sudoers.man.in +--- a/doc/sudoers.man.in Mon Jan 04 10:47:11 2016 -0700 ++++ b/doc/sudoers.man.in Sun Jan 10 18:31:29 2016 -0700 +@@ -2715,10 +2715,16 @@ + .br + If set, + \fBsudoedit\fR +-will refuse to edit files located in a directory that is writable +-by the invoking user unless it is run by root. +-On many systems, this option requires that the parent directory +-of the file to be edited be readable by the target user. ++will check directories in the path to be edited for writability ++by the invoking user. ++Symbolic links will not be followed in writable directories and ++\fBsudoedit\fR ++will also refuse to edit a file located in a writable directory. ++Theses restrictions are not enforced when ++\fBsudoedit\fR ++is invoked as root. ++On many systems, this option requires that all directories ++in the path to be edited be readable by the target user. + This flag is + \fIoff\fR + by default. +diff -r 94ffd6b18431 -r c2e36a80a279 doc/sudoers.mdoc.in +--- a/doc/sudoers.mdoc.in Mon Jan 04 10:47:11 2016 -0700 ++++ b/doc/sudoers.mdoc.in Sun Jan 10 18:31:29 2016 -0700 +@@ -2549,10 +2549,16 @@ + .It sudoedit_checkdir + If set, + .Nm sudoedit +-will refuse to edit files located in a directory that is writable +-by the invoking user unless it is run by root. +-On many systems, this option requires that the parent directory +-of the file to be edited be readable by the target user. ++will check directories in the path to be edited for writability ++by the invoking user. ++Symbolic links will not be followed in writable directories and ++.Nm sudoedit ++will also refuse to edit a file located in a writable directory. ++Theses restrictions are not enforced when ++.Nm sudoedit ++is invoked as root. ++On many systems, this option requires that all directories ++in the path to be edited be readable by the target user. + This flag is + .Em off + by default. +diff -r 94ffd6b18431 -r c2e36a80a279 include/sudo_compat.h +--- a/include/sudo_compat.h Mon Jan 04 10:47:11 2016 -0700 ++++ b/include/sudo_compat.h Sun Jan 10 18:31:29 2016 -0700 +@@ -182,6 +182,8 @@ + # ifndef UTIME_NOW + # define UTIME_NOW -2L + # endif ++#endif ++#if !defined(HAVE_OPENAT) || (!defined(HAVE_FUTIMENS) && !defined(HAVE_UTIMENSAT)) + # ifndef AT_FDCWD + # define AT_FDCWD -100 + # endif +diff -r 94ffd6b18431 -r c2e36a80a279 src/sudo_edit.c +--- a/src/sudo_edit.c Mon Jan 04 10:47:11 2016 -0700 ++++ b/src/sudo_edit.c Sun Jan 10 18:31:29 2016 -0700 +@@ -179,13 +179,15 @@ + } + + #ifndef HAVE_OPENAT +-/* This does not support AT_FDCWD... */ + static int + sudo_openat(int dfd, const char *path, int flags, mode_t mode) + { + int fd, odfd; + debug_decl(sudo_openat, SUDO_DEBUG_EDIT) + ++ if (dfd == AT_FDCWD) ++ debug_return_int(open(path, flags, mode)); ++ + /* Save cwd */ + if ((odfd = open(".", O_RDONLY)) == -1) + debug_return_int(-1); +@@ -207,6 +209,64 @@ + #define openat sudo_openat + #endif /* HAVE_OPENAT */ + ++#ifdef O_NOFOLLOW ++static int ++sudo_edit_openat_nofollow(int dfd, char *path, int oflags, mode_t mode) ++{ ++ debug_decl(sudo_edit_open_nofollow, SUDO_DEBUG_EDIT) ++ ++ debug_return_int(openat(dfd, path, oflags|O_NOFOLLOW, mode)); ++} ++#else ++/* ++ * Returns true if fd and path don't match or path is a symlink. ++ * Used on older systems without O_NOFOLLOW. ++ */ ++static bool ++sudo_edit_is_symlink(int fd, char *path) ++{ ++ struct stat sb1, sb2; ++ debug_decl(sudo_edit_is_symlink, SUDO_DEBUG_EDIT) ++ ++ /* ++ * Treat [fl]stat() failure like there was a symlink. ++ */ ++ if (fstat(fd, &sb1) == -1 || lstat(path, &sb2) == -1) ++ debug_return_bool(true); ++ ++ /* ++ * Make sure we did not open a link and that what we opened ++ * matches what is currently on the file system. ++ */ ++ if (S_ISLNK(sb2.st_mode) || ++ sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino) { ++ debug_return_bool(true); ++ } ++ ++ debug_return_bool(false); ++} ++ ++static int ++sudo_edit_openat_nofollow(char *path, int oflags, mode_t mode) ++{ ++ struct stat sb1, sb2; ++ int fd; ++ debug_decl(sudo_edit_openat_nofollow, SUDO_DEBUG_EDIT) ++ ++ fd = openat(dfd, path, oflags, mode); ++ if (fd == -1) ++ debug_return_int(-1); ++ ++ if (sudo_edit_is_symlink(fd, path)) { ++ close(fd); ++ fd = -1; ++ errno = ELOOP; ++ } ++ ++ debug_return_int(fd); ++} ++#endif /* O_NOFOLLOW */ ++ + /* + * Returns true if the directory described by sb is writable + * by the user. We treat directories with the sticky bit as +@@ -245,49 +305,94 @@ + debug_return_bool(false); + } + ++/* ++ * Directory open flags for use with openat(2) and fstat(2). ++ * Use O_PATH and O_DIRECTORY where possible. ++ */ ++#if defined(O_PATH) && defined(O_DIRECTORY) ++# define DIR_OPEN_FLAGS (O_PATH|O_DIRECTORY) ++#elif defined(O_PATH) && !defined(O_DIRECTORY) ++# define DIR_OPEN_FLAGS O_PATH ++#elif !defined(O_PATH) && defined(O_DIRECTORY) ++# define DIR_OPEN_FLAGS (O_RDONLY|O_DIRECTORY) ++#else ++# define DIR_OPEN_FLAGS (O_RDONLY|O_NONBLOCK) ++#endif ++ + static int + sudo_edit_open_nonwritable(char *path, int oflags, mode_t mode) + { +- char *base, *dir; ++ int dfd, fd, dflags = DIR_OPEN_FLAGS; ++#if defined(__linux__) && defined(O_PATH) ++ char *opath = path; ++#endif ++ bool is_writable; + struct stat sb; +- int dfd, fd; + debug_decl(sudo_edit_open_nonwritable, SUDO_DEBUG_EDIT) + +- base = strrchr(path, '/'); +- if (base != NULL) { +- *base++ = '\0'; +- dir = path; ++#if defined(__linux__) && defined(O_PATH) ++restart: ++#endif ++ if (path[0] == '/') { ++ dfd = open("/", dflags); ++ path++; + } else { +- base = path; +- dir = "."; ++ dfd = open(".", dflags); ++ if (path[0] == '.' && path[1] == '/') ++ path += 2; + } +-#ifdef O_PATH +- if ((dfd = open(dir, O_PATH)) != -1) { +- /* Linux kernels < 3.6 can't do fstat on O_PATH fds. */ +- if (fstat(dfd, &sb) == -1) { +- close(dfd); +- dfd = open(dir, O_RDONLY); +- if (fstat(dfd, &sb) == -1) { +- close(dfd); +- dfd = -1; +- } +- } +- } +-#else +- if ((dfd = open(dir, O_RDONLY)) != -1) { +- if (fstat(dfd, &sb) == -1) { +- close(dfd); +- dfd = -1; +- } +- } +-#endif +- if (base != path) +- base[-1] = '/'; /* restore path */ + if (dfd == -1) + debug_return_int(-1); + +- if (dir_is_writable(&sb, user_details.uid, user_details.gid, +- user_details.ngroups, user_details.groups)) { ++ for (;;) { ++ char *slash; ++ int subdfd; ++ ++ /* ++ * Look up one component at a time, avoiding symbolic links in ++ * writable directories. ++ */ ++ if (fstat(dfd, &sb) == -1) { ++ close(dfd); ++#if defined(__linux__) && defined(O_PATH) ++ /* Linux prior to 3.6 can't fstat an O_PATH fd */ ++ if (ISSET(dflags, O_PATH)) { ++ CLR(dflags, O_PATH); ++ path = opath; ++ goto restart; ++ } ++#endif ++ debug_return_int(-1); ++ } ++#ifndef O_DIRECTORY ++ if (!S_ISDIR(sb.st_mode)) { ++ close(dfd); ++ errno = ENOTDIR; ++ debug_return_int(-1); ++ } ++#endif ++ is_writable = dir_is_writable(&sb, user_details.uid, user_details.gid, ++ user_details.ngroups, user_details.groups); ++ ++ while (path[0] == '/') ++ path++; ++ slash = strchr(path, '/'); ++ if (slash == NULL) ++ break; ++ *slash = '\0'; ++ if (is_writable) ++ subdfd = sudo_edit_openat_nofollow(dfd, path, dflags, 0); ++ else ++ subdfd = openat(dfd, path, dflags, 0); ++ *slash = '/'; /* restore path */ ++ close(dfd); ++ if (subdfd == -1) ++ debug_return_int(-1); ++ path = slash + 1; ++ dfd = subdfd; ++ } ++ ++ if (is_writable) { + close(dfd); + errno = EISDIR; + debug_return_int(-1); +@@ -332,27 +437,10 @@ + if (!ISSET(oflags, O_NONBLOCK)) + (void) fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); + +- /* +- * Treat [fl]stat() failure like an open() failure. +- */ +- if (fstat(fd, &sb1) == -1 || lstat(path, &sb2) == -1) { +- const int serrno = errno; ++ if (!ISSET(sflags, CD_SUDOEDIT_FOLLOW) && sudo_edit_is_symlink(fd, path)) { + close(fd); +- errno = serrno; +- debug_return_int(-1); +- } +- +- /* +- * Make sure we did not open a link and that what we opened +- * matches what is currently on the file system. +- */ +- if (!ISSET(sflags, CD_SUDOEDIT_FOLLOW)) { +- if (S_ISLNK(sb2.st_mode) || +- sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino) { +- close(fd); +- errno = ELOOP; +- debug_return_int(-1); +- } ++ fd = -1; ++ errno = ELOOP; + } + + debug_return_int(fd); + diff --git a/gnu/packages/patches/w3m-disable-sslv2-and-sslv3.patch b/gnu/packages/patches/w3m-disable-sslv2-and-sslv3.patch new file mode 100644 index 0000000000..5b78f2d909 --- /dev/null +++ b/gnu/packages/patches/w3m-disable-sslv2-and-sslv3.patch @@ -0,0 +1,24 @@ +Subject: Disable SSLv2 and SSLv3. + +The only remaining methods are TLSv1.* (the code never distinguishes +between TLSv1.0, TLSv1.1, and TLSv1.2). +--- + fm.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fm.h b/fm.h +index 320906c..ddcd4fc 100644 +--- a/fm.h ++++ b/fm.h +@@ -1144,7 +1144,7 @@ global int ssl_path_modified init(FALSE); + #endif /* defined(USE_SSL) && + * defined(USE_SSL_VERIFY) */ + #ifdef USE_SSL +-global char *ssl_forbid_method init(NULL); ++global char *ssl_forbid_method init("2, 3"); + #endif + + global int is_redisplay init(FALSE); +-- +2.6.4 + diff --git a/gnu/packages/patches/w3m-disable-weak-ciphers.patch b/gnu/packages/patches/w3m-disable-weak-ciphers.patch new file mode 100644 index 0000000000..4780d54cb6 --- /dev/null +++ b/gnu/packages/patches/w3m-disable-weak-ciphers.patch @@ -0,0 +1,24 @@ +Subject: Disable weak ciphers + +Disable RC4, "export ciphers", and all keys < 128 bits. + +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/w3m/+bug/1325674 +--- + url.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/url.c b/url.c +index ed6062e..e86b1f3 100644 +--- a/url.c ++++ b/url.c +@@ -326,6 +326,7 @@ openSSLHandle(int sock, char *hostname, char **p_cert) + SSL_load_error_strings(); + if (!(ssl_ctx = SSL_CTX_new(SSLv23_client_method()))) + goto eend; ++ SSL_CTX_set_cipher_list(ssl_ctx, "DEFAULT:!LOW:!RC4:!EXP"); + option = SSL_OP_ALL; + if (ssl_forbid_method) { + if (strchr(ssl_forbid_method, '2')) +-- +2.6.4 + diff --git a/gnu/packages/patches/w3m-fix-compile.patch b/gnu/packages/patches/w3m-fix-compile.patch deleted file mode 100644 index 5604052f67..0000000000 --- a/gnu/packages/patches/w3m-fix-compile.patch +++ /dev/null @@ -1,15 +0,0 @@ -https://bugs.archlinux.org/task/33397 - -diff -aur old/main.c new/main.c ---- main.c 2013-01-14 18:16:14.216210053 -0600 -+++ main.c 2013-01-14 18:17:28.816220559 -0600 -@@ -833,7 +833,8 @@ - mySignal(SIGPIPE, SigPipe); - #endif - -- orig_GC_warn_proc = GC_set_warn_proc(wrap_GC_warn_proc); -+ orig_GC_warn_proc = GC_get_warn_proc(); -+ GC_set_warn_proc(wrap_GC_warn_proc); - err_msg = Strnew(); - if (load_argc == 0) { - /* no URL specified */ diff --git a/gnu/packages/patches/w3m-force-ssl_verify_server-on.patch b/gnu/packages/patches/w3m-force-ssl_verify_server-on.patch new file mode 100644 index 0000000000..dc9f117f9d --- /dev/null +++ b/gnu/packages/patches/w3m-force-ssl_verify_server-on.patch @@ -0,0 +1,24 @@ +Subject: Force ssl_verify_server on. + +By default, SSL/TLS certificates are not verified. This enables the +verification. +--- + fm.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fm.h b/fm.h +index 8378939..320906c 100644 +--- a/fm.h ++++ b/fm.h +@@ -1135,7 +1135,7 @@ global int view_unseenobject init(TRUE); + #endif + + #if defined(USE_SSL) && defined(USE_SSL_VERIFY) +-global int ssl_verify_server init(FALSE); ++global int ssl_verify_server init(TRUE); + global char *ssl_cert_file init(NULL); + global char *ssl_key_file init(NULL); + global char *ssl_ca_path init(NULL); +-- +2.6.4 + diff --git a/gnu/packages/patches/w3m-libgc.patch b/gnu/packages/patches/w3m-libgc.patch new file mode 100644 index 0000000000..0dc6a4027c --- /dev/null +++ b/gnu/packages/patches/w3m-libgc.patch @@ -0,0 +1,28 @@ +This patch fixes w3m compilation with libgc > 7.2. + +Reported: +https://bugs.archlinux.org/task/33397 + +Patch with explanation: +http://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=770eec8304bdbe458 +--- + main.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/main.c b/main.c +index b421943..249eb1a 100644 +--- a/main.c ++++ b/main.c +@@ -833,7 +833,8 @@ main(int argc, char **argv, char **envp) + mySignal(SIGPIPE, SigPipe); + #endif + +- orig_GC_warn_proc = GC_set_warn_proc(wrap_GC_warn_proc); ++ orig_GC_warn_proc = GC_get_warn_proc(); ++ GC_set_warn_proc(wrap_GC_warn_proc); + err_msg = Strnew(); + if (load_argc == 0) { + /* no URL specified */ +-- +2.6.4 + |