aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2018-01-19 23:59:20 -0500
committerMark H Weaver <mhw@netris.org>2018-01-19 23:59:20 -0500
commite074a655dd6497daafbd62737e3b63f3d5aa7985 (patch)
tree2b198ba5c664cdd58e155f3c0113d1cebde0fc91 /gnu/packages/patches
parent6d7b26a39faf42c37f15dc64a30a77e5e194ea23 (diff)
parentccb5cac17be98aaa9c3225605d6170c675d8e8e6 (diff)
downloadguix-e074a655dd6497daafbd62737e3b63f3d5aa7985.tar
guix-e074a655dd6497daafbd62737e3b63f3d5aa7985.tar.gz
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/dtc-32-bits-check.patch134
-rw-r--r--gnu/packages/patches/dtc-format-modifier.patch38
-rw-r--r--gnu/packages/patches/emacs-json-reformat-fix-tests.patch32
-rw-r--r--gnu/packages/patches/libexif-CVE-2016-6328.patch72
-rw-r--r--gnu/packages/patches/lxterminal-CVE-2016-10369.patch37
-rw-r--r--gnu/packages/patches/ninja-zero-mtime.patch19
-rw-r--r--gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch45
-rw-r--r--gnu/packages/patches/transmission-fix-dns-rebinding-vuln.patch302
-rw-r--r--gnu/packages/patches/webkitgtk-mitigate-spectre.patch107
9 files changed, 406 insertions, 380 deletions
diff --git a/gnu/packages/patches/dtc-32-bits-check.patch b/gnu/packages/patches/dtc-32-bits-check.patch
deleted file mode 100644
index cf15be3404..0000000000
--- a/gnu/packages/patches/dtc-32-bits-check.patch
+++ /dev/null
@@ -1,134 +0,0 @@
-This fixes tests on 32 bits platforms. Patch taken from upstream.
-
-commit f8872e29ce06d78d3db71b3ab26a7465fc8a9586
-Author: David Gibson <david@gibson.dropbear.id.au>
-Date: Fri Oct 6 23:07:30 2017 +1100
-
- tests: Avoid 64-bit arithmetic in assembler
-
- For testing we (ab)use the assembler to build us a sample dtb, independent
- of the other tools (dtc and libfdt) that we're trying to test. In a few
- places this uses 64-bit arithmetic to decompose 64-bit constants into
- the individual bytes in the blob.
-
- Unfortunately, it seems that some builds of GNU as don't support >32 bit
- arithmetic, though it's not entirely clear to me which do and which don't
- (Fedora i386 does support 64-bit, Debian arm32 doesn't).
-
- Anyway, to be safe, this avoids 64-bit arithmetic in assembler at the cost
- of some extra awkwardness because we have to define the values in 32-bit
- halves.
-
- Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
-
-diff --git a/tests/testdata.h b/tests/testdata.h
-index 3588778..f6bbe1d 100644
---- a/tests/testdata.h
-+++ b/tests/testdata.h
-@@ -4,15 +4,25 @@
- #define ASM_CONST_LL(x) (x##ULL)
- #endif
-
--#define TEST_ADDR_1 ASM_CONST_LL(0xdeadbeef00000000)
--#define TEST_SIZE_1 ASM_CONST_LL(0x100000)
--#define TEST_ADDR_2 ASM_CONST_LL(123456789)
--#define TEST_SIZE_2 ASM_CONST_LL(010000)
-+#define TEST_ADDR_1H ASM_CONST_LL(0xdeadbeef)
-+#define TEST_ADDR_1L ASM_CONST_LL(0x00000000)
-+#define TEST_ADDR_1 ((TEST_ADDR_1H << 32) | TEST_ADDR_1L)
-+#define TEST_SIZE_1H ASM_CONST_LL(0x00000000)
-+#define TEST_SIZE_1L ASM_CONST_LL(0x00100000)
-+#define TEST_SIZE_1 ((TEST_SIZE_1H << 32) | TEST_SIZE_1L)
-+#define TEST_ADDR_2H ASM_CONST_LL(0)
-+#define TEST_ADDR_2L ASM_CONST_LL(123456789)
-+#define TEST_ADDR_2 ((TEST_ADDR_2H << 32) | TEST_ADDR_2L)
-+#define TEST_SIZE_2H ASM_CONST_LL(0)
-+#define TEST_SIZE_2L ASM_CONST_LL(010000)
-+#define TEST_SIZE_2 ((TEST_SIZE_2H << 32) | TEST_SIZE_2L)
-
- #define TEST_VALUE_1 0xdeadbeef
- #define TEST_VALUE_2 123456789
-
--#define TEST_VALUE64_1 ASM_CONST_LL(0xdeadbeef01abcdef)
-+#define TEST_VALUE64_1H ASM_CONST_LL(0xdeadbeef)
-+#define TEST_VALUE64_1L ASM_CONST_LL(0x01abcdef)
-+#define TEST_VALUE64_1 ((TEST_VALUE64_1H << 32) | TEST_VALUE64_1L)
-
- #define PHANDLE_1 0x2000
- #define PHANDLE_2 0x2001
-diff --git a/tests/trees.S b/tests/trees.S
-index 9854d1d..9859914 100644
---- a/tests/trees.S
-+++ b/tests/trees.S
-@@ -7,16 +7,6 @@
- .byte ((val) >> 8) & 0xff ; \
- .byte (val) & 0xff ;
-
--#define FDTQUAD(val) \
-- .byte ((val) >> 56) & 0xff ; \
-- .byte ((val) >> 48) & 0xff ; \
-- .byte ((val) >> 40) & 0xff ; \
-- .byte ((val) >> 32) & 0xff ; \
-- .byte ((val) >> 24) & 0xff ; \
-- .byte ((val) >> 16) & 0xff ; \
-- .byte ((val) >> 8) & 0xff ; \
-- .byte (val) & 0xff ;
--
- #define TREE_HDR(tree) \
- .balign 8 ; \
- .globl _##tree ; \
-@@ -33,14 +23,16 @@ tree: \
- FDTLONG(tree##_strings_end - tree##_strings) ; \
- FDTLONG(tree##_struct_end - tree##_struct) ;
-
--#define RSVMAP_ENTRY(addr, len) \
-- FDTQUAD(addr) ; \
-- FDTQUAD(len) ; \
-+#define RSVMAP_ENTRY(addrh, addrl, lenh, lenl) \
-+ FDTLONG(addrh) ; \
-+ FDTLONG(addrl) ; \
-+ FDTLONG(lenh) ; \
-+ FDTLONG(lenl)
-
- #define EMPTY_RSVMAP(tree) \
- .balign 8 ; \
- tree##_rsvmap: ; \
-- RSVMAP_ENTRY(0, 0) \
-+ RSVMAP_ENTRY(0, 0, 0, 0) \
- tree##_rsvmap_end: ;
-
- #define PROPHDR(tree, name, len) \
-@@ -52,9 +44,10 @@ tree##_rsvmap_end: ;
- PROPHDR(tree, name, 4) \
- FDTLONG(val) ;
-
--#define PROP_INT64(tree, name, val) \
-+#define PROP_INT64(tree, name, valh, vall) \
- PROPHDR(tree, name, 8) \
-- FDTQUAD(val) ;
-+ FDTLONG(valh) ; \
-+ FDTLONG(vall) ;
-
- #define PROP_STR(tree, name, str) \
- PROPHDR(tree, name, 55f - 54f) \
-@@ -81,16 +74,16 @@ tree##_##name: ; \
-
- .balign 8
- test_tree1_rsvmap:
-- RSVMAP_ENTRY(TEST_ADDR_1, TEST_SIZE_1)
-- RSVMAP_ENTRY(TEST_ADDR_2, TEST_SIZE_2)
-- RSVMAP_ENTRY(0, 0)
-+ RSVMAP_ENTRY(TEST_ADDR_1H, TEST_ADDR_1L, TEST_SIZE_1H, TEST_SIZE_1L)
-+ RSVMAP_ENTRY(TEST_ADDR_2H, TEST_ADDR_2L, TEST_SIZE_2H, TEST_SIZE_2L)
-+ RSVMAP_ENTRY(0, 0, 0, 0)
- test_tree1_rsvmap_end:
-
- test_tree1_struct:
- BEGIN_NODE("")
- PROP_STR(test_tree1, compatible, "test_tree1")
- PROP_INT(test_tree1, prop_int, TEST_VALUE_1)
-- PROP_INT64(test_tree1, prop_int64, TEST_VALUE64_1)
-+ PROP_INT64(test_tree1, prop_int64, TEST_VALUE64_1H, TEST_VALUE64_1L)
- PROP_STR(test_tree1, prop_str, TEST_STRING_1)
- PROP_INT(test_tree1, address_cells, 1)
- PROP_INT(test_tree1, size_cells, 0)
diff --git a/gnu/packages/patches/dtc-format-modifier.patch b/gnu/packages/patches/dtc-format-modifier.patch
deleted file mode 100644
index c33d16857f..0000000000
--- a/gnu/packages/patches/dtc-format-modifier.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-This fixes build on 32 bits platforms. This patch is taken from upstream.
-
-commit 497432fd2131967f349e69dc5d259072151cc4b4
-Author: Thierry Reding <treding@nvidia.com>
-Date: Wed Sep 27 15:04:09 2017 +0200
-
- checks: Use proper format modifier for size_t
-
- The size of size_t can vary between architectures, so using %ld isn't
- going to work on 32-bit builds. Use the %zu modifier to make sure it is
- always correct.
-
- Signed-off-by: Thierry Reding <treding@nvidia.com>
- Acked-by: Rob Herring <robh@kernel.org>
- Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
-
-diff --git a/checks.c b/checks.c
-index 902f2e3..08a3a29 100644
---- a/checks.c
-+++ b/checks.c
-@@ -972,7 +972,7 @@ static void check_property_phandle_args(struct check *c,
- int cell, cellsize = 0;
-
- if (prop->val.len % sizeof(cell_t)) {
-- FAIL(c, dti, "property '%s' size (%d) is invalid, expected multiple of %ld in node %s",
-+ FAIL(c, dti, "property '%s' size (%d) is invalid, expected multiple of %zu in node %s",
- prop->name, prop->val.len, sizeof(cell_t), node->fullpath);
- return;
- }
-@@ -1163,7 +1163,7 @@ static void check_interrupts_property(struct check *c,
- return;
-
- if (irq_prop->val.len % sizeof(cell_t))
-- FAIL(c, dti, "property '%s' size (%d) is invalid, expected multiple of %ld in node %s",
-+ FAIL(c, dti, "property '%s' size (%d) is invalid, expected multiple of %zu in node %s",
- irq_prop->name, irq_prop->val.len, sizeof(cell_t),
- node->fullpath);
-
diff --git a/gnu/packages/patches/emacs-json-reformat-fix-tests.patch b/gnu/packages/patches/emacs-json-reformat-fix-tests.patch
new file mode 100644
index 0000000000..977e50fc68
--- /dev/null
+++ b/gnu/packages/patches/emacs-json-reformat-fix-tests.patch
@@ -0,0 +1,32 @@
+Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com>
+
+This patch fixes tests for Emacs 25.
+
+Upstream bug URL:
+
+https://github.com/gongo/json-reformat/issues/33
+
+diff --git a/test/json-reformat-test.el b/test/json-reformat-test.el
+index 7de3be1..b4a4dde 100644
+--- a/test/json-reformat-test.el
++++ b/test/json-reformat-test.el
+@@ -58,7 +58,7 @@
+ (ert-deftest json-reformat-test:string-to-string ()
+ (should (string= "\"foobar\"" (json-reformat:string-to-string "foobar")))
+ (should (string= "\"fo\\\"o\\nbar\"" (json-reformat:string-to-string "fo\"o\nbar")))
+- (should (string= "\"\\u2661\"" (json-reformat:string-to-string "\u2661")))
++ (should (string= "\"♡\"" (json-reformat:string-to-string "\u2661")))
+
+ (should (string= "\"^(amq\\\\.gen.*|amq\\\\.default)$\"" (json-reformat:string-to-string "^(amq\\.gen.*|amq\\.default)$")))
+ )
+@@ -148,6 +148,6 @@ bar\"" (json-reformat:string-to-string "fo\"o\nbar")))
+ [{ foo : \"bar\" }, { \"foo\" : \"baz\" }]") ;; At 3 (line)
+ (json-reformat-region (point-min) (point-max)))
+ (should (string=
+- "JSON parse error [Reason] Bad string format: \"doesn't start with '\\\"'!\" [Position] In buffer, line 3 (char 6)"
++ "JSON parse error [Reason] Bad string format: \"doesn't start with \`\\\"'!\" [Position] In buffer, line 3 (char 6)"
+ message-string))
+ )))
+--
+2.15.1
+
diff --git a/gnu/packages/patches/libexif-CVE-2016-6328.patch b/gnu/packages/patches/libexif-CVE-2016-6328.patch
new file mode 100644
index 0000000000..67fee0f528
--- /dev/null
+++ b/gnu/packages/patches/libexif-CVE-2016-6328.patch
@@ -0,0 +1,72 @@
+Fix CVE-2016-6328:
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1366239
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328
+
+Patch copied from upstream source repository:
+
+https://github.com/libexif/libexif/commit/41bd04234b104312f54d25822f68738ba8d7133d
+
+From 41bd04234b104312f54d25822f68738ba8d7133d Mon Sep 17 00:00:00 2001
+From: Marcus Meissner <marcus@jet.franken.de>
+Date: Tue, 25 Jul 2017 23:44:44 +0200
+Subject: [PATCH] fixes some (not all) buffer overreads during decoding pentax
+ makernote entries.
+
+This should fix:
+https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328
+---
+ libexif/pentax/mnote-pentax-entry.c | 16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c
+index d03d159..ea0429a 100644
+--- a/libexif/pentax/mnote-pentax-entry.c
++++ b/libexif/pentax/mnote-pentax-entry.c
+@@ -425,24 +425,34 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
+ case EXIF_FORMAT_SHORT:
+ {
+ const unsigned char *data = entry->data;
+- size_t k, len = strlen(val);
++ size_t k, len = strlen(val), sizeleft;
++
++ sizeleft = entry->size;
+ for(k=0; k<entry->components; k++) {
++ if (sizeleft < 2)
++ break;
+ vs = exif_get_short (data, entry->order);
+ snprintf (val+len, maxlen-len, "%i ", vs);
+ len = strlen(val);
+ data += 2;
++ sizeleft -= 2;
+ }
+ }
+ break;
+ case EXIF_FORMAT_LONG:
+ {
+ const unsigned char *data = entry->data;
+- size_t k, len = strlen(val);
++ size_t k, len = strlen(val), sizeleft;
++
++ sizeleft = entry->size;
+ for(k=0; k<entry->components; k++) {
++ if (sizeleft < 4)
++ break;
+ vl = exif_get_long (data, entry->order);
+ snprintf (val+len, maxlen-len, "%li", (long int) vl);
+ len = strlen(val);
+ data += 4;
++ sizeleft -= 4;
+ }
+ }
+ break;
+@@ -455,5 +465,5 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
+ break;
+ }
+
+- return (val);
++ return val;
+ }
+--
+2.16.0
+
diff --git a/gnu/packages/patches/lxterminal-CVE-2016-10369.patch b/gnu/packages/patches/lxterminal-CVE-2016-10369.patch
deleted file mode 100644
index 809eef08da..0000000000
--- a/gnu/packages/patches/lxterminal-CVE-2016-10369.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Fix CVE-2016-10369:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10369
-
-Patch copied from upstream source repository:
-
-https://git.lxde.org/gitweb/?p=lxde/lxterminal.git;a=commit;h=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648
-
-From f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648 Mon Sep 17 00:00:00 2001
-From: Yao Wei <mwei@lxde.org>
-Date: Mon, 8 May 2017 00:47:55 +0800
-Subject: [PATCH] fix: use g_get_user_runtime_dir for socket directory
-
-This bug is pointed out by stackexchange user that putting socket file in
-/tmp is a potential risk. Putting the socket dir in user directory could
-mitigate the risk.
----
- src/unixsocket.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/unixsocket.c b/src/unixsocket.c
-index 4c660ac..f88284c 100644
---- a/src/unixsocket.c
-+++ b/src/unixsocket.c
-@@ -140,7 +140,8 @@ gboolean lxterminal_socket_initialize(LXTermWindow * lxtermwin, gint argc, gchar
- * This function returns TRUE if this process should keep running and FALSE if it should exit. */
-
- /* Formulate the path for the Unix domain socket. */
-- gchar * socket_path = g_strdup_printf("/tmp/.lxterminal-socket%s-%s", gdk_display_get_name(gdk_display_get_default()), g_get_user_name());
-+ gchar * socket_path = g_strdup_printf("%s/.lxterminal-socket-%s", g_get_user_runtime_dir(), gdk_display_get_name(gdk_display_get_default()));
-+ printf("%s\n", socket_path);
-
- /* Create socket. */
- int fd = socket(PF_UNIX, SOCK_STREAM, 0);
---
-2.1.4
-
diff --git a/gnu/packages/patches/ninja-zero-mtime.patch b/gnu/packages/patches/ninja-zero-mtime.patch
deleted file mode 100644
index c9b9e8d798..0000000000
--- a/gnu/packages/patches/ninja-zero-mtime.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-Work around a design defect in Ninja whereby a zero mtime is used to
-denote missing files (we happen to produce files that have a zero mtime
-and yet really do exist.)
-
---- ninja-1.5.3/src/disk_interface.cc 2014-11-24 18:37:47.000000000 +0100
-+++ ninja-1.5.3/src/disk_interface.cc 2015-07-18 23:20:38.572290139 +0200
-@@ -194,6 +194,12 @@ TimeStamp RealDiskInterface::Stat(const
- }
- return -1;
- }
-+
-+ if (st.st_mtime == 0)
-+ // All the code assumes that mtime == 0 means "file missing". Here we
-+ // know the file is not missing, so tweak the mtime.
-+ st.st_mtime = 1;
-+
- return st.st_mtime;
- #endif
- }
diff --git a/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch b/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch
deleted file mode 100644
index 4092261f75..0000000000
--- a/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 49d83e24a8e66977056fc9920812265c16806500 Mon Sep 17 00:00:00 2001
-From: carolili <carolili@iki.fi>
-Date: Thu, 9 Feb 2017 19:24:49 +0000
-Subject: [PATCH] Removing contribs
-
----
- configure.ac | 22 ----------------------
- 1 file changed, 22 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 1cf1051..5d76b44 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -435,28 +435,6 @@ dnl All slurm Makefiles:
-
- AC_CONFIG_FILES([Makefile
- auxdir/Makefile
-- contribs/Makefile
-- contribs/cray/Makefile
-- contribs/cray/csm/Makefile
-- contribs/lua/Makefile
-- contribs/mic/Makefile
-- contribs/pam/Makefile
-- contribs/pam_slurm_adopt/Makefile
-- contribs/perlapi/Makefile
-- contribs/perlapi/libslurm/Makefile
-- contribs/perlapi/libslurm/perl/Makefile.PL
-- contribs/perlapi/libslurmdb/Makefile
-- contribs/perlapi/libslurmdb/perl/Makefile.PL
-- contribs/seff/Makefile
-- contribs/torque/Makefile
-- contribs/openlava/Makefile
-- contribs/phpext/Makefile
-- contribs/phpext/slurm_php/config.m4
-- contribs/sgather/Makefile
-- contribs/sgi/Makefile
-- contribs/sjobexit/Makefile
-- contribs/slurmdb-direct/Makefile
-- contribs/pmi2/Makefile
- doc/Makefile
- doc/man/Makefile
- doc/man/man1/Makefile
---
-2.11.0
-
diff --git a/gnu/packages/patches/transmission-fix-dns-rebinding-vuln.patch b/gnu/packages/patches/transmission-fix-dns-rebinding-vuln.patch
new file mode 100644
index 0000000000..a3a0cf1608
--- /dev/null
+++ b/gnu/packages/patches/transmission-fix-dns-rebinding-vuln.patch
@@ -0,0 +1,302 @@
+Fix a weakness that allows remote code execution via the Transmission
+RPC server using DNS rebinding:
+
+https://bugs.chromium.org/p/project-zero/issues/detail?id=1447
+
+Patch adapted from Tavis Ormandy's patch on the Transmission master
+branch to the Transmission 2.92 release by Leo Famulari
+<leo@famulari.name>:
+
+https://github.com/transmission/transmission/pull/468/commits
+
+From fe2d3c6e75088f3d9b6040ce06da3d530358bc2f Mon Sep 17 00:00:00 2001
+From: Tavis Ormandy <taviso@google.com>
+Date: Thu, 11 Jan 2018 10:00:41 -0800
+Subject: [PATCH] mitigate dns rebinding attacks against daemon
+
+---
+ libtransmission/quark.c | 2 +
+ libtransmission/quark.h | 2 +
+ libtransmission/rpc-server.c | 116 +++++++++++++++++++++++++++++++++++++----
+ libtransmission/rpc-server.h | 4 ++
+ libtransmission/session.c | 2 +
+ libtransmission/transmission.h | 1 +
+ libtransmission/web.c | 3 ++
+ 7 files changed, 121 insertions(+), 9 deletions(-)
+
+diff --git a/libtransmission/quark.c b/libtransmission/quark.c
+index 30cc2bca4..b4fd7aabd 100644
+--- a/libtransmission/quark.c
++++ b/libtransmission/quark.c
+@@ -289,6 +289,8 @@ static const struct tr_key_struct my_static[] =
+ { "rpc-authentication-required", 27 },
+ { "rpc-bind-address", 16 },
+ { "rpc-enabled", 11 },
++ { "rpc-host-whitelist", 18 },
++ { "rpc-host-whitelist-enabled", 26 },
+ { "rpc-password", 12 },
+ { "rpc-port", 8 },
+ { "rpc-url", 7 },
+diff --git a/libtransmission/quark.h b/libtransmission/quark.h
+index 7f5212733..17464be8f 100644
+--- a/libtransmission/quark.h
++++ b/libtransmission/quark.h
+@@ -291,6 +291,8 @@ enum
+ TR_KEY_rpc_authentication_required,
+ TR_KEY_rpc_bind_address,
+ TR_KEY_rpc_enabled,
++ TR_KEY_rpc_host_whitelist,
++ TR_KEY_rpc_host_whitelist_enabled,
+ TR_KEY_rpc_password,
+ TR_KEY_rpc_port,
+ TR_KEY_rpc_url,
+diff --git a/libtransmission/rpc-server.c b/libtransmission/rpc-server.c
+index a3485f3fa..292cd5fce 100644
+--- a/libtransmission/rpc-server.c
++++ b/libtransmission/rpc-server.c
+@@ -52,6 +52,7 @@ struct tr_rpc_server
+ bool isEnabled;
+ bool isPasswordEnabled;
+ bool isWhitelistEnabled;
++ bool isHostWhitelistEnabled;
+ tr_port port;
+ char * url;
+ struct in_addr bindAddress;
+@@ -63,6 +64,7 @@ struct tr_rpc_server
+ char * password;
+ char * whitelistStr;
+ tr_list * whitelist;
++ tr_list * hostWhitelist;
+
+ char * sessionId;
+ time_t sessionIdExpiresAt;
+@@ -588,6 +590,49 @@ isAddressAllowed (const tr_rpc_server * server, const char * address)
+ return false;
+ }
+
++static bool isHostnameAllowed(tr_rpc_server const* server, struct evhttp_request* req)
++{
++ /* If password auth is enabled, any hostname is permitted. */
++ if (server->isPasswordEnabled)
++ {
++ return true;
++ }
++
++ char const* const host = evhttp_find_header(req->input_headers, "Host");
++
++ // If whitelist is disabled, no restrictions.
++ if (!server->isHostWhitelistEnabled)
++ return true;
++
++ /* No host header, invalid request. */
++ if (host == NULL)
++ {
++ return false;
++ }
++
++ /* Host header might include the port. */
++ char* const hostname = tr_strndup(host, strcspn(host, ":"));
++
++ /* localhost or ipaddress is always acceptable. */
++ if (strcmp(hostname, "localhost") == 0 || strcmp(hostname, "localhost.") == 0 || tr_addressIsIP(hostname))
++ {
++ tr_free(hostname);
++ return true;
++ }
++
++ /* Otherwise, hostname must be whitelisted. */
++ for (tr_list* l = server->hostWhitelist; l != NULL; l = l->next) {
++ if (tr_wildmat(hostname, l->data))
++ {
++ tr_free(hostname);
++ return true;
++ }
++ }
++
++ tr_free(hostname);
++ return false;
++}
++
+ static bool
+ test_session_id (struct tr_rpc_server * server, struct evhttp_request * req)
+ {
+@@ -663,6 +708,23 @@ handle_request (struct evhttp_request * req, void * arg)
+ handle_upload (req, server);
+ }
+ #ifdef REQUIRE_SESSION_ID
++ else if (!isHostnameAllowed(server, req))
++ {
++ char* tmp = tr_strdup_printf(
++ "<p>Transmission received your request, but the hostname was unrecognized.</p>"
++ "<p>To fix this, choose one of the following options:"
++ "<ul>"
++ "<li>Enable password authentication, then any hostname is allowed.</li>"
++ "<li>Add the hostname you want to use to the whitelist in settings.</li>"
++ "</ul></p>"
++ "<p>If you're editing settings.json, see the 'rpc-host-whitelist' and 'rpc-host-whitelist-enabled' entries.</p>"
++ "<p>This requirement has been added to help prevent "
++ "<a href=\"https://en.wikipedia.org/wiki/DNS_rebinding\">DNS Rebinding</a> "
++ "attacks.</p>");
++ send_simple_response(req, 421, tmp);
++ tr_free(tmp);
++ }
++
+ else if (!test_session_id (server, req))
+ {
+ const char * sessionId = get_current_session_id (server);
+@@ -674,7 +736,7 @@ handle_request (struct evhttp_request * req, void * arg)
+ "<li> When you get this 409 error message, resend your request with the updated header"
+ "</ol></p>"
+ "<p>This requirement has been added to help prevent "
+- "<a href=\"http://en.wikipedia.org/wiki/Cross-site_request_forgery\">CSRF</a> "
++ "<a href=\"https://en.wikipedia.org/wiki/Cross-site_request_forgery\">CSRF</a> "
+ "attacks.</p>"
+ "<p><code>%s: %s</code></p>",
+ TR_RPC_SESSION_ID_HEADER, sessionId);
+@@ -875,19 +937,14 @@ tr_rpcGetUrl (const tr_rpc_server * server)
+ return server->url ? server->url : "";
+ }
+
+-void
+-tr_rpcSetWhitelist (tr_rpc_server * server, const char * whitelistStr)
++static void
++tr_rpcSetList (char const* whitelistStr, tr_list** list)
+ {
+ void * tmp;
+ const char * walk;
+
+- /* keep the string */
+- tmp = server->whitelistStr;
+- server->whitelistStr = tr_strdup (whitelistStr);
+- tr_free (tmp);
+-
+ /* clear out the old whitelist entries */
+- while ((tmp = tr_list_pop_front (&server->whitelist)))
++ while ((tmp = tr_list_pop_front (list)) != NULL)
+ tr_free (tmp);
+
+ /* build the new whitelist entries */
+@@ -896,7 +953,7 @@ tr_rpcSetWhitelist (tr_rpc_server * server, const char * whitelistStr)
+ const char * delimiters = " ,;";
+ const size_t len = strcspn (walk, delimiters);
+ char * token = tr_strndup (walk, len);
+- tr_list_append (&server->whitelist, token);
++ tr_list_append (list, token);
+ if (strcspn (token, "+-") < len)
+ tr_logAddNamedInfo (MY_NAME, "Adding address to whitelist: %s (And it has a '+' or '-'! Are you using an old ACL by mistake?)", token);
+ else
+@@ -909,6 +966,21 @@ tr_rpcSetWhitelist (tr_rpc_server * server, const char * whitelistStr)
+ }
+ }
+
++void tr_rpcSetHostWhitelist(tr_rpc_server* server, char const* whitelistStr)
++{
++ tr_rpcSetList(whitelistStr, &server->hostWhitelist);
++}
++
++void tr_rpcSetWhitelist(tr_rpc_server* server, char const* whitelistStr)
++{
++ /* keep the string */
++ char* const tmp = server->whitelistStr;
++ server->whitelistStr = tr_strdup(whitelistStr);
++ tr_free(tmp);
++
++ tr_rpcSetList(whitelistStr, &server->whitelist);
++}
++
+ const char*
+ tr_rpcGetWhitelist (const tr_rpc_server * server)
+ {
+@@ -930,6 +1002,11 @@ tr_rpcGetWhitelistEnabled (const tr_rpc_server * server)
+ return server->isWhitelistEnabled;
+ }
+
++void tr_rpcSetHostWhitelistEnabled(tr_rpc_server* server, bool isEnabled)
++{
++ server->isHostWhitelistEnabled = isEnabled;
++}
++
+ /****
+ ***** PASSWORD
+ ****/
+@@ -1063,6 +1140,28 @@ tr_rpcInit (tr_session * session, tr_variant * settings)
+ else
+ tr_rpcSetWhitelistEnabled (s, boolVal);
+
++ key = TR_KEY_rpc_host_whitelist_enabled;
++
++ if (!tr_variantDictFindBool(settings, key, &boolVal))
++ {
++ missing_settings_key(key);
++ }
++ else
++ {
++ tr_rpcSetHostWhitelistEnabled(s, boolVal);
++ }
++
++ key = TR_KEY_rpc_host_whitelist;
++
++ if (!tr_variantDictFindStr(settings, key, &str, NULL) && str != NULL)
++ {
++ missing_settings_key(key);
++ }
++ else
++ {
++ tr_rpcSetHostWhitelist(s, str);
++ }
++
+ key = TR_KEY_rpc_authentication_required;
+ if (!tr_variantDictFindBool (settings, key, &boolVal))
+ missing_settings_key (key);
+diff --git a/libtransmission/rpc-server.h b/libtransmission/rpc-server.h
+index e0302c5ea..8c9e6b24e 100644
+--- a/libtransmission/rpc-server.h
++++ b/libtransmission/rpc-server.h
+@@ -49,6 +49,10 @@ void tr_rpcSetWhitelist (tr_rpc_server * server,
+
+ const char* tr_rpcGetWhitelist (const tr_rpc_server * server);
+
++void tr_rpcSetHostWhitelistEnabled(tr_rpc_server* server, bool isEnabled);
++
++void tr_rpcSetHostWhitelist(tr_rpc_server* server, char const* whitelist);
++
+ void tr_rpcSetPassword (tr_rpc_server * server,
+ const char * password);
+
+diff --git a/libtransmission/session.c b/libtransmission/session.c
+index 844cadba8..58b717913 100644
+--- a/libtransmission/session.c
++++ b/libtransmission/session.c
+@@ -359,6 +359,8 @@ tr_sessionGetDefaultSettings (tr_variant * d)
+ tr_variantDictAddStr (d, TR_KEY_rpc_username, "");
+ tr_variantDictAddStr (d, TR_KEY_rpc_whitelist, TR_DEFAULT_RPC_WHITELIST);
+ tr_variantDictAddBool (d, TR_KEY_rpc_whitelist_enabled, true);
++ tr_variantDictAddStr(d, TR_KEY_rpc_host_whitelist, TR_DEFAULT_RPC_HOST_WHITELIST);
++ tr_variantDictAddBool(d, TR_KEY_rpc_host_whitelist_enabled, true);
+ tr_variantDictAddInt (d, TR_KEY_rpc_port, atoi (TR_DEFAULT_RPC_PORT_STR));
+ tr_variantDictAddStr (d, TR_KEY_rpc_url, TR_DEFAULT_RPC_URL_STR);
+ tr_variantDictAddBool (d, TR_KEY_scrape_paused_torrents_enabled, true);
+diff --git a/libtransmission/transmission.h b/libtransmission/transmission.h
+index 4f76adfd6..e213a8f4e 100644
+--- a/libtransmission/transmission.h
++++ b/libtransmission/transmission.h
+@@ -123,6 +123,7 @@ const char* tr_getDefaultDownloadDir (void);
+ #define TR_DEFAULT_BIND_ADDRESS_IPV4 "0.0.0.0"
+ #define TR_DEFAULT_BIND_ADDRESS_IPV6 "::"
+ #define TR_DEFAULT_RPC_WHITELIST "127.0.0.1"
++#define TR_DEFAULT_RPC_HOST_WHITELIST ""
+ #define TR_DEFAULT_RPC_PORT_STR "9091"
+ #define TR_DEFAULT_RPC_URL_STR "/transmission/"
+ #define TR_DEFAULT_PEER_PORT_STR "51413"
+diff --git a/libtransmission/web.c b/libtransmission/web.c
+index ee495e9fc..c7f062730 100644
+--- a/libtransmission/web.c
++++ b/libtransmission/web.c
+@@ -594,6 +594,7 @@ tr_webGetResponseStr (long code)
+ case 415: return "Unsupported Media Type";
+ case 416: return "Requested Range Not Satisfiable";
+ case 417: return "Expectation Failed";
++ case 421: return "Misdirected Request";
+ case 500: return "Internal Server Error";
+ case 501: return "Not Implemented";
+ case 502: return "Bad Gateway";
diff --git a/gnu/packages/patches/webkitgtk-mitigate-spectre.patch b/gnu/packages/patches/webkitgtk-mitigate-spectre.patch
deleted file mode 100644
index 3d983ede66..0000000000
--- a/gnu/packages/patches/webkitgtk-mitigate-spectre.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-Disable SharedArrayBuffers to mitigate Spectre. Based on:
-
- https://trac.webkit.org/changeset/226386/webkit
-
-Backported to webkitgtk-2.18.4 by Mark H Weaver <mhw@netris.org>
-
-
---- webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.h.orig 2017-12-19 02:23:07.000000000 -0500
-+++ webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.h 2018-01-06 19:28:55.985066986 -0500
-@@ -338,8 +338,10 @@
- WriteBarrier<Structure> m_moduleLoaderStructure;
- WriteBarrier<JSArrayBufferPrototype> m_arrayBufferPrototype;
- WriteBarrier<Structure> m_arrayBufferStructure;
-+#if ENABLE(SHARED_ARRAY_BUFFER)
- WriteBarrier<JSArrayBufferPrototype> m_sharedArrayBufferPrototype;
- WriteBarrier<Structure> m_sharedArrayBufferStructure;
-+#endif
-
- #define DEFINE_STORAGE_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \
- WriteBarrier<capitalName ## Prototype> m_ ## lowerName ## Prototype; \
-@@ -670,8 +672,13 @@
- switch (sharingMode) {
- case ArrayBufferSharingMode::Default:
- return m_arrayBufferPrototype.get();
-+#if ENABLE(SHARED_ARRAY_BUFFER)
- case ArrayBufferSharingMode::Shared:
- return m_sharedArrayBufferPrototype.get();
-+#else
-+ default:
-+ return m_arrayBufferPrototype.get();
-+#endif
- }
- }
- Structure* arrayBufferStructure(ArrayBufferSharingMode sharingMode) const
-@@ -679,8 +686,13 @@
- switch (sharingMode) {
- case ArrayBufferSharingMode::Default:
- return m_arrayBufferStructure.get();
-+#if ENABLE(SHARED_ARRAY_BUFFER)
- case ArrayBufferSharingMode::Shared:
- return m_sharedArrayBufferStructure.get();
-+#else
-+ default:
-+ return m_arrayBufferStructure.get();
-+#endif
- }
- RELEASE_ASSERT_NOT_REACHED();
- return nullptr;
---- webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.cpp.orig 2017-12-19 02:23:07.000000000 -0500
-+++ webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.cpp 2018-01-06 19:27:16.628574304 -0500
-@@ -574,8 +574,10 @@
-
- m_arrayBufferPrototype.set(vm, this, JSArrayBufferPrototype::create(vm, this, JSArrayBufferPrototype::createStructure(vm, this, m_objectPrototype.get()), ArrayBufferSharingMode::Default));
- m_arrayBufferStructure.set(vm, this, JSArrayBuffer::createStructure(vm, this, m_arrayBufferPrototype.get()));
-+#if ENABLE(SHARED_ARRAY_BUFFER)
- m_sharedArrayBufferPrototype.set(vm, this, JSArrayBufferPrototype::create(vm, this, JSArrayBufferPrototype::createStructure(vm, this, m_objectPrototype.get()), ArrayBufferSharingMode::Shared));
- m_sharedArrayBufferStructure.set(vm, this, JSArrayBuffer::createStructure(vm, this, m_sharedArrayBufferPrototype.get()));
-+#endif
-
- m_iteratorPrototype.set(vm, this, IteratorPrototype::create(vm, this, IteratorPrototype::createStructure(vm, this, m_objectPrototype.get())));
- m_generatorPrototype.set(vm, this, GeneratorPrototype::create(vm, this, GeneratorPrototype::createStructure(vm, this, m_iteratorPrototype.get())));
-@@ -620,10 +622,11 @@
-
- JSArrayBufferConstructor* arrayBufferConstructor = JSArrayBufferConstructor::create(vm, JSArrayBufferConstructor::createStructure(vm, this, m_functionPrototype.get()), m_arrayBufferPrototype.get(), m_speciesGetterSetter.get(), ArrayBufferSharingMode::Default);
- m_arrayBufferPrototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, arrayBufferConstructor, DontEnum);
-+#if ENABLE(SHARED_ARRAY_BUFFER)
- JSArrayBufferConstructor* sharedArrayBufferConstructor = nullptr;
- sharedArrayBufferConstructor = JSArrayBufferConstructor::create(vm, JSArrayBufferConstructor::createStructure(vm, this, m_functionPrototype.get()), m_sharedArrayBufferPrototype.get(), m_speciesGetterSetter.get(), ArrayBufferSharingMode::Shared);
- m_sharedArrayBufferPrototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, sharedArrayBufferConstructor, DontEnum);
--
-+#endif
- #define CREATE_CONSTRUCTOR_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \
- capitalName ## Constructor* lowerName ## Constructor = capitalName ## Constructor::create(vm, capitalName ## Constructor::createStructure(vm, this, m_functionPrototype.get()), m_ ## lowerName ## Prototype.get(), m_speciesGetterSetter.get()); \
- m_ ## lowerName ## Prototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, lowerName ## Constructor, DontEnum); \
-@@ -686,7 +689,9 @@
- putDirectWithoutTransition(vm, vm.propertyNames->builtinNames().ArrayPrivateName(), arrayConstructor, DontEnum | DontDelete | ReadOnly);
-
- putDirectWithoutTransition(vm, vm.propertyNames->ArrayBuffer, arrayBufferConstructor, DontEnum);
-+#if ENABLE(SHARED_ARRAY_BUFFER)
- putDirectWithoutTransition(vm, vm.propertyNames->SharedArrayBuffer, sharedArrayBufferConstructor, DontEnum);
-+#endif
-
- #define PUT_CONSTRUCTOR_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \
- putDirectWithoutTransition(vm, vm.propertyNames-> jsName, lowerName ## Constructor, DontEnum); \
-@@ -1288,8 +1293,10 @@
-
- visitor.append(thisObject->m_arrayBufferPrototype);
- visitor.append(thisObject->m_arrayBufferStructure);
-+#if ENABLE(SHARED_ARRAY_BUFFER)
- visitor.append(thisObject->m_sharedArrayBufferPrototype);
- visitor.append(thisObject->m_sharedArrayBufferStructure);
-+#endif
-
- #define VISIT_SIMPLE_TYPE(CapitalName, lowerName, properName, instanceType, jsName, prototypeBase) \
- visitor.append(thisObject->m_ ## lowerName ## Prototype); \
---- webkitgtk-2.18.4/Source/WTF/wtf/Platform.h.orig 2017-10-16 08:18:56.000000000 -0400
-+++ webkitgtk-2.18.4/Source/WTF/wtf/Platform.h 2018-01-06 19:29:52.897349199 -0500
-@@ -1190,6 +1190,9 @@
- #define HAVE_NS_ACTIVITY 1
- #endif
-
-+/* Disable SharedArrayBuffers until Spectre security concerns are mitigated. */
-+#define ENABLE_SHARED_ARRAY_BUFFER 0
-+
- #if (OS(DARWIN) && USE(CG)) || (USE(FREETYPE) && !PLATFORM(GTK)) || (PLATFORM(WIN) && (USE(CG) || USE(CAIRO)))
- #undef ENABLE_OPENTYPE_MATH
- #define ENABLE_OPENTYPE_MATH 1