aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2019-10-23 20:48:55 +0200
committerMarius Bakke <mbakke@fastmail.com>2019-10-23 20:48:55 +0200
commit4c1918db34e09f0da793c607acc161bdf9ec5535 (patch)
treee84431dc161ed3c04c9b94abe8224ec7f759df5f /gnu/packages/patches
parente8062974d5cc598134da4d57ff45970ac431611b (diff)
parent4163b6d855a4e655852029625762fccb077a196d (diff)
downloadguix-4c1918db34e09f0da793c607acc161bdf9ec5535.tar
guix-4c1918db34e09f0da793c607acc161bdf9ec5535.tar.gz
Merge branch 'master' into staging
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/avahi-CVE-2018-1000845.patch42
-rw-r--r--gnu/packages/patches/sbcl-graph-asdf-definitions.patch70
-rw-r--r--gnu/packages/patches/seahorse-gkr-use-0-on-empty-flags.patch32
-rw-r--r--gnu/packages/patches/weasyprint-library-paths.patch38
4 files changed, 182 insertions, 0 deletions
diff --git a/gnu/packages/patches/avahi-CVE-2018-1000845.patch b/gnu/packages/patches/avahi-CVE-2018-1000845.patch
new file mode 100644
index 0000000000..e5b13e0bee
--- /dev/null
+++ b/gnu/packages/patches/avahi-CVE-2018-1000845.patch
@@ -0,0 +1,42 @@
+From e111def44a7df4624a4aa3f85fe98054bffb6b4f Mon Sep 17 00:00:00 2001
+From: Trent Lloyd <trent@lloyd.id.au>
+Date: Sat, 22 Dec 2018 09:06:07 +0800
+Subject: [PATCH] Drop legacy unicast queries from address not on local link
+
+When handling legacy unicast queries, ensure that the source IP is
+inside a subnet on the local link, otherwise drop the packet.
+
+Fixes #145
+Fixes #203
+CVE-2017-6519
+CVE-2018-100084
+---
+ avahi-core/server.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/avahi-core/server.c b/avahi-core/server.c
+index a2cb19a8..a2580e38 100644
+--- a/avahi-core/server.c
++++ b/avahi-core/server.c
+@@ -930,6 +930,7 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
+
+ if (avahi_dns_packet_is_query(p)) {
+ int legacy_unicast = 0;
++ char t[AVAHI_ADDRESS_STR_MAX];
+
+ /* For queries EDNS0 might allow ARCOUNT != 0. We ignore the
+ * AR section completely here, so far. Until the day we add
+@@ -947,6 +948,13 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
+ legacy_unicast = 1;
+ }
+
++ if (!is_mdns_mcast_address(dst_address) &&
++ !avahi_interface_address_on_link(i, src_address)) {
++
++ avahi_log_debug("Received non-local unicast query from host %s on interface '%s.%i'.", avahi_address_snprint(t, sizeof(t), src_address), i->hardware->name, i->protocol);
++ return;
++ }
++
+ if (legacy_unicast)
+ reflect_legacy_unicast_query_packet(s, p, i, src_address, port);
+
diff --git a/gnu/packages/patches/sbcl-graph-asdf-definitions.patch b/gnu/packages/patches/sbcl-graph-asdf-definitions.patch
new file mode 100644
index 0000000000..a528ccfcc6
--- /dev/null
+++ b/gnu/packages/patches/sbcl-graph-asdf-definitions.patch
@@ -0,0 +1,70 @@
+commit 52ebece1243ae6900e414b6248b5145a28348eef
+Author: Guillaume Le Vaillant <glv@posteo.net>
+Date: Fri Oct 18 15:41:23 2019 +0200
+
+ Use basic ASDF system definitions instead of package-inferred-system
+
+diff --git a/graph.asd b/graph.asd
+index 193b6e3..56afc8f 100644
+--- a/graph.asd
++++ b/graph.asd
+@@ -3,12 +3,10 @@
+ :version "0.0.0"
+ :author ("Eric Schulte <schulte.eric@gmail.com>" "Thomas Dye")
+ :licence "GPL V3"
+- :class :package-inferred-system
+- :defsystem-depends-on (:asdf-package-system)
++ :in-order-to ((test-op (test-op graph-test)))
+ :depends-on (alexandria
+ metabang-bind
+ named-readtables
+ curry-compose-reader-macros
+- graph/graph))
+-
+-(register-system-packages "femlisp-matlisp" '(:fl.matlisp))
++ cl-heap)
++ :components ((:file "graph")))
+diff --git a/graph.dot.asd b/graph.dot.asd
+new file mode 100644
+index 0000000..12aec7e
+--- /dev/null
++++ b/graph.dot.asd
+@@ -0,0 +1,8 @@
++(defsystem :graph-dot
++ :depends-on (alexandria
++ metabang-bind
++ named-readtables
++ curry-compose-reader-macros
++ cl-ppcre
++ graph)
++ :components ((:file "dot")))
+diff --git a/graph.json.asd b/graph.json.asd
+new file mode 100644
+index 0000000..e7d091f
+--- /dev/null
++++ b/graph.json.asd
+@@ -0,0 +1,8 @@
++(defsystem :graph-json
++ :depends-on (alexandria
++ metabang-bind
++ named-readtables
++ curry-compose-reader-macros
++ yason
++ graph)
++ :components ((:file "json")))
+diff --git a/graph.test.asd b/graph.test.asd
+new file mode 100644
+index 0000000..1e811e1
+--- /dev/null
++++ b/graph.test.asd
+@@ -0,0 +1,10 @@
++(defsystem :graph-test
++ :depends-on (alexandria
++ metabang-bind
++ named-readtables
++ curry-compose-reader-macros
++ graph
++ stefil)
++ :perform (test-op (o s)
++ (uiop:symbol-call :graph/test 'test))
++ :components ((:file "test")))
diff --git a/gnu/packages/patches/seahorse-gkr-use-0-on-empty-flags.patch b/gnu/packages/patches/seahorse-gkr-use-0-on-empty-flags.patch
new file mode 100644
index 0000000000..55866d2973
--- /dev/null
+++ b/gnu/packages/patches/seahorse-gkr-use-0-on-empty-flags.patch
@@ -0,0 +1,32 @@
+Patch from <https://gitlab.gnome.org/GNOME/seahorse/commit/d9db29db567012b7c72e85e1be1fbf55fcc9b667>.
+
+From d9db29db567012b7c72e85e1be1fbf55fcc9b667 Mon Sep 17 00:00:00 2001
+From: Niels De Graef <nielsdegraef@gmail.com>
+Date: Sat, 11 May 2019 09:02:34 +0200
+Subject: [PATCH] gkr: Use 0 on empty flags
+
+A Flags-type variable without any flag set can be replaced with 0, so
+this is a safe thing to do. It also prevents us from having to deal with
+the accidental API break in libsecret (see
+https://gitlab.gnome.org/GNOME/libsecret/merge_requests/19)
+---
+ gkr/gkr-keyring-add.vala | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/gkr/gkr-keyring-add.vala b/gkr/gkr-keyring-add.vala
+index 4e92a520..f60c9a22 100644
+--- a/gkr/gkr-keyring-add.vala
++++ b/gkr/gkr-keyring-add.vala
+@@ -41,8 +41,7 @@ public class Seahorse.Gkr.KeyringAdd : Gtk.Dialog {
+
+ var cancellable = Dialog.begin_request(this);
+ var service = Backend.instance().service;
+- Secret.Collection.create.begin(service, this.name_entry.text, null,
+- Secret.CollectionCreateFlags.COLLECTION_CREATE_NONE,
++ Secret.Collection.create.begin(service, this.name_entry.text, null, 0,
+ cancellable, (obj, res) => {
+ /* Clear the operation without cancelling it since it is complete */
+ Dialog.complete_request(this, false);
+--
+2.23.0
+
diff --git a/gnu/packages/patches/weasyprint-library-paths.patch b/gnu/packages/patches/weasyprint-library-paths.patch
new file mode 100644
index 0000000000..eabbdbdcd6
--- /dev/null
+++ b/gnu/packages/patches/weasyprint-library-paths.patch
@@ -0,0 +1,38 @@
+diff --git a/weasyprint/fonts.py b/weasyprint/fonts.py
+index 377716c1..2016e01c 100644
+--- a/weasyprint/fonts.py
++++ b/weasyprint/fonts.py
+@@ -48,11 +48,8 @@ else:
+ # with OSError: dlopen() failed to load a library: cairo / cairo-2
+ # So let's hope we find the same file as cairo already did ;)
+ # Same applies to pangocairo requiring pangoft2
+- fontconfig = dlopen(ffi, 'fontconfig', 'libfontconfig',
+- 'libfontconfig-1.dll',
+- 'libfontconfig.so.1', 'libfontconfig-1.dylib')
+- pangoft2 = dlopen(ffi, 'pangoft2-1.0', 'libpangoft2-1.0-0',
+- 'libpangoft2-1.0.so', 'libpangoft2-1.0.dylib')
++ fontconfig = dlopen(ffi, '@fontconfig@')
++ pangoft2 = dlopen(ffi, '@pangoft2@')
+
+ ffi.cdef('''
+ // FontConfig
+diff --git a/weasyprint/text.py b/weasyprint/text.py
+index 035074e9..08e40395 100644
+--- a/weasyprint/text.py
++++ b/weasyprint/text.py
+@@ -243,12 +243,9 @@ def dlopen(ffi, *names):
+ return ffi.dlopen(names[0]) # pragma: no cover
+
+
+-gobject = dlopen(ffi, 'gobject-2.0', 'libgobject-2.0-0', 'libgobject-2.0.so',
+- 'libgobject-2.0.dylib')
+-pango = dlopen(ffi, 'pango-1.0', 'libpango-1.0-0', 'libpango-1.0.so',
+- 'libpango-1.0.dylib')
+-pangocairo = dlopen(ffi, 'pangocairo-1.0', 'libpangocairo-1.0-0',
+- 'libpangocairo-1.0.so', 'libpangocairo-1.0.dylib')
++gobject = dlopen(ffi, '@gobject@')
++pango = dlopen(ffi, '@pango@')
++pangocairo = dlopen(ffi, '@pangocairo@')
+
+ gobject.g_type_init()
+