aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/akonadi-paths.patch53
-rw-r--r--gnu/packages/patches/bluez-CVE-2020-0556.patch180
-rw-r--r--gnu/packages/patches/calibre-msgpack-compat.patch18
-rw-r--r--gnu/packages/patches/calibre-remove-test-bs4.patch34
-rw-r--r--gnu/packages/patches/kdepim-runtime-Fix-missing-link-libraries.patch42
-rw-r--r--gnu/packages/patches/kinit-kdeinit-extra_libs.patch10
-rw-r--r--gnu/packages/patches/libdrm-realpath-virtio.patch42
-rw-r--r--gnu/packages/patches/libdrm-symbol-check.patch215
-rw-r--r--gnu/packages/patches/nss-CVE-2020-12399.patch138
-rw-r--r--gnu/packages/patches/pyqt-unbundled-qt.patch19
-rw-r--r--gnu/packages/patches/qtbase-QTBUG-81715.patch40
-rw-r--r--gnu/packages/patches/qtbase-use-TZDIR.patch4
12 files changed, 75 insertions, 720 deletions
diff --git a/gnu/packages/patches/akonadi-paths.patch b/gnu/packages/patches/akonadi-paths.patch
index da250ee9e8..ac08ec5448 100644
--- a/gnu/packages/patches/akonadi-paths.patch
+++ b/gnu/packages/patches/akonadi-paths.patch
@@ -1,31 +1,31 @@
This is based on the respectve patch from NixPkgs, but with the parts pinning
mysql and postgresql executables removed. The our package definition on why.
-
-Index: akonadi-19.08.0/src/akonadicontrol/agentmanager.cpp
-===================================================================
---- akonadi-19.08.0.orig/src/akonadicontrol/agentmanager.cpp
-+++ akonadi-19.08.0/src/akonadicontrol/agentmanager.cpp
-@@ -78,12 +78,12 @@ AgentManager::AgentManager(bool verbose,
- mStorageController = new Akonadi::ProcessControl;
- mStorageController->setShutdownTimeout(15 * 1000); // the server needs more time for shutdown if we are using an internal mysqld
- connect(mStorageController, &Akonadi::ProcessControl::unableToStart, this, &AgentManager::serverFailure);
-- mStorageController->start(QStringLiteral("akonadiserver"), serviceArgs, Akonadi::ProcessControl::RestartOnCrash);
-+ mStorageController->start(QLatin1String(NIX_OUT "/bin/akonadiserver"), serviceArgs, Akonadi::ProcessControl::RestartOnCrash);
+diff --git a/src/akonadicontrol/agentmanager.cpp b/src/akonadicontrol/agentmanager.cpp
+--- a/src/akonadicontrol/agentmanager.cpp
++++ b/src/akonadicontrol/agentmanager.cpp
+@@ -61,7 +61,7 @@ public:
+ []() {
+ QCoreApplication::instance()->exit(255);
+ });
+- start(QStringLiteral("akonadiserver"), args, RestartOnCrash);
++ start(QLatin1String(NIX_OUT "/bin/akonadiserver"), args, RestartOnCrash);
+ }
- if (mAgentServerEnabled) {
- mAgentServer = new Akonadi::ProcessControl;
- connect(mAgentServer, &Akonadi::ProcessControl::unableToStart, this, &AgentManager::agentServerFailure);
-- mAgentServer->start(QStringLiteral("akonadi_agent_server"), serviceArgs, Akonadi::ProcessControl::RestartOnCrash);
-+ mAgentServer->start(QLatin1String(NIX_OUT "/bin/akonadi_agent_server"), serviceArgs, Akonadi::ProcessControl::RestartOnCrash);
+ ~StorageProcessControl() override
+@@ -84,7 +84,7 @@ public:
+ []() {
+ qCCritical(AKONADICONTROL_LOG) << "Failed to start AgentServer!";
+ });
+- start(QStringLiteral("akonadi_agent_server"), args, RestartOnCrash);
++ start(QLatin1String(NIX_OUT "/bin/akonadi_agent_server"), args, RestartOnCrash);
}
- }
-Index: akonadi-19.08.0/src/akonadicontrol/agentprocessinstance.cpp
-===================================================================
---- akonadi-19.08.0.orig/src/akonadicontrol/agentprocessinstance.cpp
-+++ akonadi-19.08.0/src/akonadicontrol/agentprocessinstance.cpp
-@@ -62,7 +62,7 @@ bool AgentProcessInstance::start(const A
+ ~AgentServerProcessControl() override
+diff --git a/src/akonadicontrol/agentprocessinstance.cpp b/src/akonadicontrol/agentprocessinstance.cpp
+--- a/src/akonadicontrol/agentprocessinstance.cpp
++++ b/src/akonadicontrol/agentprocessinstance.cpp
+@@ -62,7 +62,7 @@ bool AgentProcessInstance::start(const AgentType &agentInfo)
} else {
Q_ASSERT(agentInfo.launchMethod == AgentType::Launcher);
const QStringList arguments = QStringList() << executable << identifier();
@@ -34,11 +34,10 @@ Index: akonadi-19.08.0/src/akonadicontrol/agentprocessinstance.cpp
mController->start(agentLauncherExec, arguments);
}
return true;
-Index: akonadi-19.08.0/src/server/storage/dbconfigmysql.cpp
-===================================================================
---- akonadi-19.08.0.orig/src/server/storage/dbconfigmysql.cpp
-+++ akonadi-19.08.0/src/server/storage/dbconfigmysql.cpp
-@@ -209,7 +193,7 @@ bool DbConfigMysql::startInternalServer(
+diff --git a/src/server/storage/dbconfigmysql.cpp b/src/server/storage/dbconfigmysql.cpp
+--- a/src/server/storage/dbconfigmysql.cpp
++++ b/src/server/storage/dbconfigmysql.cpp
+@@ -209,7 +209,7 @@ bool DbConfigMysql::startInternalServer()
#endif
// generate config file
diff --git a/gnu/packages/patches/bluez-CVE-2020-0556.patch b/gnu/packages/patches/bluez-CVE-2020-0556.patch
deleted file mode 100644
index 7c34459a3a..0000000000
--- a/gnu/packages/patches/bluez-CVE-2020-0556.patch
+++ /dev/null
@@ -1,180 +0,0 @@
-Fix CVE-2020-0556:
-
-https://lore.kernel.org/linux-bluetooth/20200310023516.209146-1-alainm@chromium.org/
-https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html
-http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0556
-
-Patches copied from upstream source repository:
-
-https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3cccdbab2324086588df4ccf5f892fb3ce1f1787
-https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1
-
-From 3cccdbab2324086588df4ccf5f892fb3ce1f1787 Mon Sep 17 00:00:00 2001
-From: Alain Michaud <alainm@chromium.org>
-Date: Tue, 10 Mar 2020 02:35:18 +0000
-Subject: [PATCH] HID accepts bonded device connections only.
-
-This change adds a configuration for platforms to choose a more secure
-posture for the HID profile. While some older mice are known to not
-support pairing or encryption, some platform may choose a more secure
-posture by requiring the device to be bonded and require the
-connection to be encrypted when bonding is required.
-
-Reference:
-https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html
----
- profiles/input/device.c | 23 ++++++++++++++++++++++-
- profiles/input/device.h | 1 +
- profiles/input/input.conf | 8 ++++++++
- profiles/input/manager.c | 13 ++++++++++++-
- 4 files changed, 43 insertions(+), 2 deletions(-)
-
-diff --git a/profiles/input/device.c b/profiles/input/device.c
-index 2cb3811c8..d89da2d7c 100644
---- a/profiles/input/device.c
-+++ b/profiles/input/device.c
-@@ -92,6 +92,7 @@ struct input_device {
-
- static int idle_timeout = 0;
- static bool uhid_enabled = false;
-+static bool classic_bonded_only = false;
-
- void input_set_idle_timeout(int timeout)
- {
-@@ -103,6 +104,11 @@ void input_enable_userspace_hid(bool state)
- uhid_enabled = state;
- }
-
-+void input_set_classic_bonded_only(bool state)
-+{
-+ classic_bonded_only = state;
-+}
-+
- static void input_device_enter_reconnect_mode(struct input_device *idev);
- static int connection_disconnect(struct input_device *idev, uint32_t flags);
-
-@@ -970,8 +976,18 @@ static int hidp_add_connection(struct input_device *idev)
- if (device_name_known(idev->device))
- device_get_name(idev->device, req->name, sizeof(req->name));
-
-+ /* Make sure the device is bonded if required */
-+ if (classic_bonded_only && !device_is_bonded(idev->device,
-+ btd_device_get_bdaddr_type(idev->device))) {
-+ error("Rejected connection from !bonded device %s", dst_addr);
-+ goto cleanup;
-+ }
-+
- /* Encryption is mandatory for keyboards */
-- if (req->subclass & 0x40) {
-+ /* Some platforms may choose to require encryption for all devices */
-+ /* Note that this only matters for pre 2.1 devices as otherwise the */
-+ /* device is encrypted by default by the lower layers */
-+ if (classic_bonded_only || req->subclass & 0x40) {
- if (!bt_io_set(idev->intr_io, &gerr,
- BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_MEDIUM,
- BT_IO_OPT_INVALID)) {
-@@ -1203,6 +1219,11 @@ static void input_device_enter_reconnect_mode(struct input_device *idev)
- DBG("path=%s reconnect_mode=%s", idev->path,
- reconnect_mode_to_string(idev->reconnect_mode));
-
-+ /* Make sure the device is bonded if required */
-+ if (classic_bonded_only && !device_is_bonded(idev->device,
-+ btd_device_get_bdaddr_type(idev->device)))
-+ return;
-+
- /* Only attempt an auto-reconnect when the device is required to
- * accept reconnections from the host.
- */
-diff --git a/profiles/input/device.h b/profiles/input/device.h
-index 51a9aee18..3044db673 100644
---- a/profiles/input/device.h
-+++ b/profiles/input/device.h
-@@ -29,6 +29,7 @@ struct input_conn;
-
- void input_set_idle_timeout(int timeout);
- void input_enable_userspace_hid(bool state);
-+void input_set_classic_bonded_only(bool state);
-
- int input_device_register(struct btd_service *service);
- void input_device_unregister(struct btd_service *service);
-diff --git a/profiles/input/input.conf b/profiles/input/input.conf
-index 3e1d65aae..166aff4a4 100644
---- a/profiles/input/input.conf
-+++ b/profiles/input/input.conf
-@@ -11,3 +11,11 @@
- # Enable HID protocol handling in userspace input profile
- # Defaults to false (HIDP handled in HIDP kernel module)
- #UserspaceHID=true
-+
-+# Limit HID connections to bonded devices
-+# The HID Profile does not specify that devices must be bonded, however some
-+# platforms may want to make sure that input connections only come from bonded
-+# device connections. Several older mice have been known for not supporting
-+# pairing/encryption.
-+# Defaults to false to maximize device compatibility.
-+#ClassicBondedOnly=true
-diff --git a/profiles/input/manager.c b/profiles/input/manager.c
-index 1d31b0652..5cd27b839 100644
---- a/profiles/input/manager.c
-+++ b/profiles/input/manager.c
-@@ -96,7 +96,7 @@ static int input_init(void)
- config = load_config_file(CONFIGDIR "/input.conf");
- if (config) {
- int idle_timeout;
-- gboolean uhid_enabled;
-+ gboolean uhid_enabled, classic_bonded_only;
-
- idle_timeout = g_key_file_get_integer(config, "General",
- "IdleTimeout", &err);
-@@ -114,6 +114,17 @@ static int input_init(void)
- input_enable_userspace_hid(uhid_enabled);
- } else
- g_clear_error(&err);
-+
-+ classic_bonded_only = g_key_file_get_boolean(config, "General",
-+ "ClassicBondedOnly", &err);
-+
-+ if (!err) {
-+ DBG("input.conf: ClassicBondedOnly=%s",
-+ classic_bonded_only ? "true" : "false");
-+ input_set_classic_bonded_only(classic_bonded_only);
-+ } else
-+ g_clear_error(&err);
-+
- }
-
- btd_profile_register(&input_profile);
---
-2.25.1
-
-From 8cdbd3b09f29da29374e2f83369df24228da0ad1 Mon Sep 17 00:00:00 2001
-From: Alain Michaud <alainm@chromium.org>
-Date: Tue, 10 Mar 2020 02:35:16 +0000
-Subject: [PATCH] HOGP must only accept data from bonded devices.
-
-HOGP 1.0 Section 6.1 establishes that the HOGP must require bonding.
-
-Reference:
-https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.htm
----
- profiles/input/hog.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/profiles/input/hog.c b/profiles/input/hog.c
-index 83c017dcb..dfac68921 100644
---- a/profiles/input/hog.c
-+++ b/profiles/input/hog.c
-@@ -186,6 +186,10 @@ static int hog_accept(struct btd_service *service)
- return -EINVAL;
- }
-
-+ /* HOGP 1.0 Section 6.1 requires bonding */
-+ if (!device_is_bonded(device, btd_device_get_bdaddr_type(device)))
-+ return -ECONNREFUSED;
-+
- /* TODO: Replace GAttrib with bt_gatt_client */
- bt_hog_attach(dev->hog, attrib);
-
---
-2.25.1
-
diff --git a/gnu/packages/patches/calibre-msgpack-compat.patch b/gnu/packages/patches/calibre-msgpack-compat.patch
deleted file mode 100644
index 9920103bea..0000000000
--- a/gnu/packages/patches/calibre-msgpack-compat.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Fix deserialization with msgpack 1.0.
-
-Patch copied from upstream source repository:
-https://github.com/kovidgoyal/calibre/commit/0ff41ac64994ec11b7859fc004c94d08769e3af3
-
-diff --git a/src/calibre/utils/serialize.py b/src/calibre/utils/serialize.py
-index f5d560c468..c35ae53849 100644
---- a/src/calibre/utils/serialize.py
-+++ b/src/calibre/utils/serialize.py
-@@ -110,7 +110,7 @@ def msgpack_decoder(code, data):
- def msgpack_loads(dump, use_list=True):
- # use_list controls whether msgpack arrays are unpacked as lists or tuples
- import msgpack
-- return msgpack.unpackb(dump, ext_hook=msgpack_decoder, raw=False, use_list=use_list)
-+ return msgpack.unpackb(dump, ext_hook=msgpack_decoder, raw=False, use_list=use_list, strict_map_key=False)
-
-
- def json_loads(data):
diff --git a/gnu/packages/patches/calibre-remove-test-bs4.patch b/gnu/packages/patches/calibre-remove-test-bs4.patch
deleted file mode 100644
index 77dd45d329..0000000000
--- a/gnu/packages/patches/calibre-remove-test-bs4.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-In my efforts to fix all Calibre tests, this test would always complain about
-backports.functools_lru_cache not existing even after I packaged and added
-python2-soupsieve as an input and confirmed it was in the
-PYTHONPATH. Currently Calibre does not actually use it for anything other than
-testing it's there, so I assume they will start using it in future Calibre
-versions.
-
-From 2738dd42caebe55326c76922a12ba8740bdb22e7 Mon Sep 17 00:00:00 2001
-From: Brendan Tildesley <mail@brendan.scot>
-Date: Sat, 27 Apr 2019 00:42:39 +1000
-Subject: [PATCH] Remove test_bs4
-
----
- src/calibre/test_build.py | 4 ----
- 1 file changed, 4 deletions(-)
-
-diff --git a/src/calibre/test_build.py b/src/calibre/test_build.py
-index 73f1172e8c..07bdffd3e5 100644
---- a/src/calibre/test_build.py
-+++ b/src/calibre/test_build.py
-@@ -73,10 +73,6 @@ class BuildTest(unittest.TestCase):
- from html5_parser import parse
- parse('<p>xxx')
-
-- def test_bs4(self):
-- import soupsieve, bs4
-- del soupsieve, bs4
--
- def test_zeroconf(self):
- if ispy3:
- import zeroconf as z, ifaddr
---
-2.21.0
-
diff --git a/gnu/packages/patches/kdepim-runtime-Fix-missing-link-libraries.patch b/gnu/packages/patches/kdepim-runtime-Fix-missing-link-libraries.patch
deleted file mode 100644
index 13345c0038..0000000000
--- a/gnu/packages/patches/kdepim-runtime-Fix-missing-link-libraries.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From b84c4ba97cecf7304e99cafdd8a9c5866ce27050 Mon Sep 17 00:00:00 2001
-From: Hartmut Goebel <h.goebel@crazy-compilers.com>
-Date: Tue, 21 Jan 2020 23:33:50 +0100
-Subject: [PATCH] Fix missing link libraries.
-
-See <https://phabricator.kde.org/D26819>
-
-These are only actually missing if the libraries reside in different
-prefixes, as it is the case in Guix or Nix.
----
- resources/ews/test/CMakeLists.txt | 1 +
- resources/facebook/CMakeLists.txt | 2 ++
- 2 files changed, 3 insertions(+)
-
-diff --git a/resources/ews/test/CMakeLists.txt b/resources/ews/test/CMakeLists.txt
-index b20eddcb8..6355eb994 100644
---- a/resources/ews/test/CMakeLists.txt
-+++ b/resources/ews/test/CMakeLists.txt
-@@ -35,6 +35,7 @@ qt5_add_resources(isolatestestcommon_RSRCS isolatedtestcommon.qrc)
- add_library(isolatedtestcommon STATIC ${isolatestestcommon_SRCS})
- target_link_libraries(isolatedtestcommon
- KF5::AkonadiCore
-+ KF5::AkonadiMime
- Qt5::Core
- Qt5::Network
- Qt5::Test
-diff --git a/resources/facebook/CMakeLists.txt b/resources/facebook/CMakeLists.txt
-index bdd5eeaa7..27a9c83c1 100644
---- a/resources/facebook/CMakeLists.txt
-+++ b/resources/facebook/CMakeLists.txt
-@@ -21,7 +21,8 @@ add_library(facebookresourcelib STATIC ${fbresource_SRCS})
-
- target_link_libraries(facebookresourcelib
- KF5::KIOWidgets
-+ KF5::AkonadiCore
- KF5::IconThemes
- KF5::I18n
- KF5::ConfigGui
- KF5::CalendarCore
---
-2.21.1
-
diff --git a/gnu/packages/patches/kinit-kdeinit-extra_libs.patch b/gnu/packages/patches/kinit-kdeinit-extra_libs.patch
index c3c4ce1161..1271f3df7d 100644
--- a/gnu/packages/patches/kinit-kdeinit-extra_libs.patch
+++ b/gnu/packages/patches/kinit-kdeinit-extra_libs.patch
@@ -42,12 +42,12 @@ pkgs/development/libraries/kde-frameworks/kinit/kdeinit-extra_libs.patch
extern "C" {
static void secondary_child_handler(int)
-@@ -1689,7 +1693,7 @@
+@@ -1673,7 +1673,7 @@
+ #if defined(Q_OS_UNIX) && !defined(Q_OS_OSX)
if (!d.suicide && qEnvironmentVariableIsEmpty("KDE_IS_PRELINKED")) {
- const int extrasCount = sizeof(extra_libs) / sizeof(extra_libs[0]);
- for (int i = 0; i < extrasCount; i++) {
-- const QString extra = findSharedLib(QString::fromLatin1(extra_libs[i]));
-+ const QString extra = QString::fromLatin1(extra_libs[i]);
+ for (const char *extra_lib : extra_libs) {
+- const QString extra = findSharedLib(QString::fromLatin1(extra_lib));
++ const QString extra = QString::fromLatin1(extra_lib);
if (!extra.isEmpty()) {
QLibrary l(extra);
l.setLoadHints(QLibrary::ExportExternalSymbolsHint);
diff --git a/gnu/packages/patches/libdrm-realpath-virtio.patch b/gnu/packages/patches/libdrm-realpath-virtio.patch
new file mode 100644
index 0000000000..b7d85160b4
--- /dev/null
+++ b/gnu/packages/patches/libdrm-realpath-virtio.patch
@@ -0,0 +1,42 @@
+Only check for for relative path on virtio devices. Otherwise it could
+break driver loading in some circumstances, notably the IceCat sandbox.
+
+https://gitlab.freedesktop.org/mesa/drm/-/issues/39
+
+Taken from upstream:
+https://gitlab.freedesktop.org/mesa/drm/-/commit/57df07572ce45a1b60bae6fb89770388d3abd6dd
+
+diff --git a/xf86drm.c b/xf86drm.c
+--- a/xf86drm.c
++++ b/xf86drm.c
+@@ -3103,15 +3103,18 @@ static int drmParseSubsystemType(int maj, int min)
+ int subsystem_type;
+
+ snprintf(path, sizeof(path), "/sys/dev/char/%d:%d/device", maj, min);
+- if (!realpath(path, real_path))
+- return -errno;
+- snprintf(path, sizeof(path), "%s", real_path);
+
+ subsystem_type = get_subsystem_type(path);
++ /* Try to get the parent (underlying) device type */
+ if (subsystem_type == DRM_BUS_VIRTIO) {
++ /* Assume virtio-pci on error */
++ if (!realpath(path, real_path))
++ return DRM_BUS_VIRTIO;
+ strncat(path, "/..", PATH_MAX);
+ subsystem_type = get_subsystem_type(path);
+- }
++ if (subsystem_type < 0)
++ return DRM_BUS_VIRTIO;
++ }
+ return subsystem_type;
+ #elif defined(__OpenBSD__) || defined(__DragonFly__) || defined(__FreeBSD__)
+ return DRM_BUS_PCI;
+@@ -3920,6 +3923,7 @@ process_device(drmDevicePtr *device, const char *d_name,
+
+ switch (subsystem_type) {
+ case DRM_BUS_PCI:
++ case DRM_BUS_VIRTIO:
+ return drmProcessPciDevice(device, node, node_type, maj, min,
+ fetch_deviceinfo, flags);
+ case DRM_BUS_USB:
diff --git a/gnu/packages/patches/libdrm-symbol-check.patch b/gnu/packages/patches/libdrm-symbol-check.patch
deleted file mode 100644
index 0a77763a4f..0000000000
--- a/gnu/packages/patches/libdrm-symbol-check.patch
+++ /dev/null
@@ -1,215 +0,0 @@
-Augment the list of expected symbols to fix the symbol-check tests on
-mips64el-linux, armhf-linux and aarch64-linux.
-
---- libdrm-2.4.65/freedreno/freedreno-symbol-check.orig 2015-09-04 11:07:40.000000000 -0400
-+++ libdrm-2.4.65/freedreno/freedreno-symbol-check 2015-10-18 23:57:15.288416229 -0400
-@@ -1,6 +1,6 @@
- #!/bin/bash
-
--# The following symbols (past the first five) are taken from the public headers.
-+# The following symbols (past the first 12) are taken from the public headers.
- # A list of the latter should be available Makefile.sources/LIBDRM_FREEDRENO_H_FILES
-
- FUNCS=$(nm -D --format=bsd --defined-only ${1-.libs/libdrm_freedreno.so} | awk '{print $3}'| while read func; do
-@@ -10,6 +10,13 @@
- _end
- _fini
- _init
-+_fbss
-+_fdata
-+_ftext
-+__bss_start__
-+__bss_end__
-+_bss_end__
-+__end__
- fd_bo_cpu_fini
- fd_bo_cpu_prep
- fd_bo_del
---- libdrm-2.4.65/nouveau/nouveau-symbol-check.orig 2015-05-04 11:47:43.000000000 -0400
-+++ libdrm-2.4.65/nouveau/nouveau-symbol-check 2015-10-18 23:55:26.078327118 -0400
-@@ -1,6 +1,6 @@
- #!/bin/bash
-
--# The following symbols (past the first five) are taken from the public headers.
-+# The following symbols (past the first 12) are taken from the public headers.
- # A list of the latter should be available Makefile.sources/LIBDRM_NOUVEAU_H_FILES
-
- FUNCS=$(nm -D --format=bsd --defined-only ${1-.libs/libdrm_nouveau.so} | awk '{print $3}'| while read func; do
-@@ -10,6 +10,13 @@
- _end
- _fini
- _init
-+_fbss
-+_fdata
-+_ftext
-+__bss_start__
-+__bss_end__
-+_bss_end__
-+__end__
- nouveau_bo_map
- nouveau_bo_name_get
- nouveau_bo_name_ref
---- libdrm-2.4.65/libkms/kms-symbol-check.orig 2015-05-04 11:47:43.000000000 -0400
-+++ libdrm-2.4.65/libkms/kms-symbol-check 2015-10-18 23:46:10.683869471 -0400
-@@ -1,6 +1,6 @@
- #!/bin/bash
-
--# The following symbols (past the first five) are taken from the public headers.
-+# The following symbols (past the first 12) are taken from the public headers.
- # A list of the latter should be available Makefile.sources/LIBKMS_H_FILES
-
- FUNCS=$(nm -D --format=bsd --defined-only ${1-.libs/libkms.so} | awk '{print $3}'| while read func; do
-@@ -10,6 +10,13 @@
- _end
- _fini
- _init
-+_fbss
-+_fdata
-+_ftext
-+__bss_start__
-+__bss_end__
-+_bss_end__
-+__end__
- kms_bo_create
- kms_bo_destroy
- kms_bo_get_prop
---- libdrm-2.4.65/intel/intel-symbol-check.orig 2015-05-04 11:47:43.000000000 -0400
-+++ libdrm-2.4.65/intel/intel-symbol-check 2015-10-18 23:55:53.309558508 -0400
-@@ -1,6 +1,6 @@
- #!/bin/bash
-
--# The following symbols (past the first five) are taken from the public headers.
-+# The following symbols (past the first 12) are taken from the public headers.
- # A list of the latter should be available Makefile.sources/LIBDRM_INTEL_H_FILES
-
- FUNCS=$(nm -D --format=bsd --defined-only ${1-.libs/libdrm_intel.so} | awk '{print $3}' | while read func; do
-@@ -10,6 +10,13 @@
- _end
- _fini
- _init
-+_fbss
-+_fdata
-+_ftext
-+__bss_start__
-+__bss_end__
-+_bss_end__
-+__end__
- drm_intel_bo_alloc
- drm_intel_bo_alloc_for_render
- drm_intel_bo_alloc_tiled
---- libdrm-2.4.65/amdgpu/amdgpu-symbol-check.orig 2015-08-17 10:08:11.000000000 -0400
-+++ libdrm-2.4.65/amdgpu/amdgpu-symbol-check 2015-10-18 23:56:10.606917723 -0400
-@@ -1,6 +1,6 @@
- #!/bin/bash
-
--# The following symbols (past the first five) are taken from the public headers.
-+# The following symbols (past the first 12) are taken from the public headers.
- # A list of the latter should be available Makefile.am/libdrm_amdgpuinclude_HEADERS
-
- FUNCS=$(nm -D --format=bsd --defined-only ${1-.libs/libdrm_amdgpu.so} | awk '{print $3}' | while read func; do
-@@ -10,6 +10,13 @@
- _end
- _fini
- _init
-+_fbss
-+_fdata
-+_ftext
-+__bss_start__
-+__bss_end__
-+_bss_end__
-+__end__
- amdgpu_bo_alloc
- amdgpu_bo_cpu_map
- amdgpu_bo_cpu_unmap
---- libdrm-2.4.65/exynos/exynos-symbol-check.orig 2015-05-04 11:47:43.000000000 -0400
-+++ libdrm-2.4.65/exynos/exynos-symbol-check 2015-10-18 23:56:32.025486153 -0400
-@@ -1,6 +1,6 @@
- #!/bin/bash
-
--# The following symbols (past the first five) are taken from the public headers.
-+# The following symbols (past the first 12) are taken from the public headers.
- # A list of the latter should be available Makefile.am/libdrm_exynos*_HEADERS
-
- FUNCS=$(nm -D --format=bsd --defined-only ${1-.libs/libdrm_exynos.so} | awk '{print $3}'| while read func; do
-@@ -10,6 +10,13 @@
- _end
- _fini
- _init
-+_fbss
-+_fdata
-+_ftext
-+__bss_start__
-+__bss_end__
-+_bss_end__
-+__end__
- exynos_bo_create
- exynos_bo_destroy
- exynos_bo_from_name
---- libdrm-2.4.65/omap/omap-symbol-check.orig 2015-05-04 11:47:43.000000000 -0400
-+++ libdrm-2.4.65/omap/omap-symbol-check 2015-10-18 23:56:44.834438626 -0400
-@@ -1,6 +1,6 @@
- #!/bin/bash
-
--# The following symbols (past the first five) are taken from the public headers.
-+# The following symbols (past the first 12) are taken from the public headers.
- # A list of the latter should be available Makefile.am/libdrm_omap*HEADERS
-
- FUNCS=$(nm -D --format=bsd --defined-only ${1-.libs/libdrm_omap.so} | awk '{print $3}'| while read func; do
-@@ -10,6 +10,13 @@
- _end
- _fini
- _init
-+_fbss
-+_fdata
-+_ftext
-+__bss_start__
-+__bss_end__
-+_bss_end__
-+__end__
- omap_bo_cpu_fini
- omap_bo_cpu_prep
- omap_bo_del
---- libdrm-2.4.65/tegra/tegra-symbol-check.orig 2015-05-04 11:47:43.000000000 -0400
-+++ libdrm-2.4.65/tegra/tegra-symbol-check 2015-10-18 23:57:00.756759698 -0400
-@@ -1,6 +1,6 @@
- #!/bin/bash
-
--# The following symbols (past the first nine) are taken from tegra.h.
-+# The following symbols (past the first 12) are taken from tegra.h.
-
- FUNCS=$(nm -D --format=bsd --defined-only ${1-.libs/libdrm_tegra.so} | awk '{print $3}'| while read func; do
- ( grep -q "^$func$" || echo $func ) <<EOF
-@@ -9,6 +9,9 @@
- __bss_start
- __end__
- _bss_end__
-+_fbss
-+_fdata
-+_ftext
- _edata
- _end
- _fini
---- libdrm-2.4.65/radeon/radeon-symbol-check.orig 2015-05-04 11:47:43.000000000 -0400
-+++ libdrm-2.4.65/radeon/radeon-symbol-check 2015-10-18 23:57:00.756759698 -0400
-@@ -1,6 +1,6 @@
- #!/bin/bash
-
--# The following symbols (past the first five) are taken from the public headers.
-+# The following symbols (past the first 12) are taken from the public headers.
- # A list of the latter should be available Makefile.sources/LIBDRM_RADEON_H_FILES
-
- FUNCS=$(nm -D --format=bsd --defined-only ${1-.libs/libdrm_tegra.so} | awk '{print $3}'| while read func; do
-@@ -10,6 +10,13 @@
- _end
- _fini
- _init
-+_fbss
-+_fdata
-+_ftext
-+__bss_start__
-+__bss_end__
-+_bss_end__
-+__end__
- radeon_bo_debug
- radeon_bo_get_handle
- radeon_bo_get_src_domain
diff --git a/gnu/packages/patches/nss-CVE-2020-12399.patch b/gnu/packages/patches/nss-CVE-2020-12399.patch
deleted file mode 100644
index 0d91b655e2..0000000000
--- a/gnu/packages/patches/nss-CVE-2020-12399.patch
+++ /dev/null
@@ -1,138 +0,0 @@
-Fix CVE-2020-12399 (Timing attack on DSA signature generation: NSS has
-shown timing differences when performing DSA signatures, which was
-exploitable and could eventually leak private keys.)
-
-Copied from upstream:
-<https://hg.mozilla.org/projects/nss/rev/daa823a4a29bcef0fec33a379ec83857429aea2e>
-but with "nss/" inserted into the file name to patch.
-
-# HG changeset patch
-# User Robert Relyea <rrelyea@redhat.com>
-# Date 1589907685 0
-# Node ID daa823a4a29bcef0fec33a379ec83857429aea2e
-# Parent d2cfb4ccdf167e5ea06d2bb5bc39c50f789929c8
-Bug 1631576 - Force a fixed length for DSA exponentiation r=pereida,bbrumley
-
-Differential Revision: https://phabricator.services.mozilla.com/D72011
-
-diff --git a/nss/lib/freebl/dsa.c b/nss/lib/freebl/dsa.c
---- a/nss/lib/freebl/dsa.c
-+++ b/nss/lib/freebl/dsa.c
-@@ -308,23 +308,24 @@ DSA_NewKeyFromSeed(const PQGParams *para
- SECItem seedItem;
- seedItem.data = (unsigned char *)seed;
- seedItem.len = PQG_GetLength(&params->subPrime);
- return dsa_NewKeyExtended(params, &seedItem, privKey);
- }
-
- static SECStatus
- dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest,
-- const unsigned char *kb)
-+ const unsigned char *kbytes)
- {
- mp_int p, q, g; /* PQG parameters */
- mp_int x, k; /* private key & pseudo-random integer */
- mp_int r, s; /* tuple (r, s) is signature) */
- mp_int t; /* holding tmp values */
- mp_int ar; /* holding blinding values */
-+ mp_digit fuzz; /* blinding multiplier for q */
- mp_err err = MP_OKAY;
- SECStatus rv = SECSuccess;
- unsigned int dsa_subprime_len, dsa_signature_len, offset;
- SECItem localDigest;
- unsigned char localDigestData[DSA_MAX_SUBPRIME_LEN];
- SECItem t2 = { siBuffer, NULL, 0 };
-
- /* FIPS-compliance dictates that digest is a SHA hash. */
-@@ -368,31 +369,46 @@ dsa_SignDigest(DSAPrivateKey *key, SECIt
- CHECK_MPI_OK(mp_init(&q));
- CHECK_MPI_OK(mp_init(&g));
- CHECK_MPI_OK(mp_init(&x));
- CHECK_MPI_OK(mp_init(&k));
- CHECK_MPI_OK(mp_init(&r));
- CHECK_MPI_OK(mp_init(&s));
- CHECK_MPI_OK(mp_init(&t));
- CHECK_MPI_OK(mp_init(&ar));
-+
- /*
- ** Convert stored PQG and private key into MPI integers.
- */
- SECITEM_TO_MPINT(key->params.prime, &p);
- SECITEM_TO_MPINT(key->params.subPrime, &q);
- SECITEM_TO_MPINT(key->params.base, &g);
- SECITEM_TO_MPINT(key->privateValue, &x);
-- OCTETS_TO_MPINT(kb, &k, dsa_subprime_len);
-+ OCTETS_TO_MPINT(kbytes, &k, dsa_subprime_len);
-+
-+ /* k blinding create a single value that has the high bit set in
-+ * the mp_digit*/
-+ if (RNG_GenerateGlobalRandomBytes(&fuzz, sizeof(mp_digit)) != SECSuccess) {
-+ PORT_SetError(SEC_ERROR_NEED_RANDOM);
-+ rv = SECFailure;
-+ goto cleanup;
-+ }
-+ fuzz |= 1ULL << ((sizeof(mp_digit) * PR_BITS_PER_BYTE - 1));
- /*
- ** FIPS 186-1, Section 5, Step 1
- **
- ** r = (g**k mod p) mod q
- */
-- CHECK_MPI_OK(mp_exptmod(&g, &k, &p, &r)); /* r = g**k mod p */
-- CHECK_MPI_OK(mp_mod(&r, &q, &r)); /* r = r mod q */
-+ CHECK_MPI_OK(mp_mul_d(&q, fuzz, &t)); /* t = q*fuzz */
-+ CHECK_MPI_OK(mp_add(&k, &t, &t)); /* t = k+q*fuzz */
-+ /* length of t is now fixed, bits in k have been blinded */
-+ CHECK_MPI_OK(mp_exptmod(&g, &t, &p, &r)); /* r = g**t mod p */
-+ /* r is now g**(k+q*fuzz) == g**k mod p */
-+ CHECK_MPI_OK(mp_mod(&r, &q, &r)); /* r = r mod q */
-+
- /*
- ** FIPS 186-1, Section 5, Step 2
- **
- ** s = (k**-1 * (HASH(M) + x*r)) mod q
- */
- if (DSA_NewRandom(NULL, &key->params.subPrime, &t2) != SECSuccess) {
- PORT_SetError(SEC_ERROR_NEED_RANDOM);
- rv = SECFailure;
-@@ -406,25 +422,34 @@ dsa_SignDigest(DSAPrivateKey *key, SECIt
- goto cleanup;
- }
- SECITEM_TO_MPINT(t2, &ar); /* ar <-$ Zq */
- SECITEM_FreeItem(&t2, PR_FALSE);
-
- /* Using mp_invmod on k directly would leak bits from k. */
- CHECK_MPI_OK(mp_mul(&k, &ar, &k)); /* k = k * ar */
- CHECK_MPI_OK(mp_mulmod(&k, &t, &q, &k)); /* k = k * t mod q */
-- CHECK_MPI_OK(mp_invmod(&k, &q, &k)); /* k = k**-1 mod q */
-+ /* k is now k*t*ar */
-+ CHECK_MPI_OK(mp_invmod(&k, &q, &k)); /* k = k**-1 mod q */
-+ /* k is now (k*t*ar)**-1 */
- CHECK_MPI_OK(mp_mulmod(&k, &t, &q, &k)); /* k = k * t mod q */
-- SECITEM_TO_MPINT(localDigest, &s); /* s = HASH(M) */
-+ /* k is now (k*ar)**-1 */
-+ SECITEM_TO_MPINT(localDigest, &s); /* s = HASH(M) */
- /* To avoid leaking secret bits here the addition is blinded. */
-- CHECK_MPI_OK(mp_mul(&x, &ar, &x)); /* x = x * ar */
-- CHECK_MPI_OK(mp_mulmod(&x, &r, &q, &x)); /* x = x * r mod q */
-+ CHECK_MPI_OK(mp_mul(&x, &ar, &x)); /* x = x * ar */
-+ /* x is now x*ar */
-+ CHECK_MPI_OK(mp_mulmod(&x, &r, &q, &x)); /* x = x * r mod q */
-+ /* x is now x*r*ar */
- CHECK_MPI_OK(mp_mulmod(&s, &ar, &q, &t)); /* t = s * ar mod q */
-- CHECK_MPI_OK(mp_add(&t, &x, &s)); /* s = t + x */
-- CHECK_MPI_OK(mp_mulmod(&s, &k, &q, &s)); /* s = s * k mod q */
-+ /* t is now hash(M)*ar */
-+ CHECK_MPI_OK(mp_add(&t, &x, &s)); /* s = t + x */
-+ /* s is now (HASH(M)+x*r)*ar */
-+ CHECK_MPI_OK(mp_mulmod(&s, &k, &q, &s)); /* s = s * k mod q */
-+ /* s is now (HASH(M)+x*r)*ar*(k*ar)**-1 = (k**-1)*(HASH(M)+x*r) */
-+
- /*
- ** verify r != 0 and s != 0
- ** mentioned as optional in FIPS 186-1.
- */
- if (mp_cmp_z(&r) == 0 || mp_cmp_z(&s) == 0) {
- PORT_SetError(SEC_ERROR_NEED_RANDOM);
- rv = SECFailure;
- goto cleanup;
-
diff --git a/gnu/packages/patches/pyqt-unbundled-qt.patch b/gnu/packages/patches/pyqt-unbundled-qt.patch
deleted file mode 100644
index 5c91ed031c..0000000000
--- a/gnu/packages/patches/pyqt-unbundled-qt.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-Remove test for bundled Qt which breaks dependent applications. This has
-been fixed in 5.13.
-
-Taken from Arch Linux:
-https://git.archlinux.org/svntogit/packages.git/tree/trunk/python2-pyqt5-crash-fix.patch?h=packages/pyqt5&id=3e56e11d1fd7b1eac8242ce64c58db2bd9acba20
-
-diff -ur PyQt5_gpl-5.12.3/qpy/QtCore/qpycore_post_init.cpp.in PyQt5_gpl-5.12.3b/qpy/QtCore/qpycore_post_init.cpp.in
---- PyQt5_gpl-5.12.3/qpy/QtCore/qpycore_post_init.cpp.in 2019-06-25 14:41:02.000000000 +0200
-+++ PyQt5_gpl-5.12.3b/qpy/QtCore/qpycore_post_init.cpp.in 2019-07-01 17:06:34.882644535 +0200
-@@ -151,8 +151,4 @@
- // initialised first (at least for Windows) and this is the only way to
- // guarantee things are done in the right order.
- PyQtSlotProxy::mutex = new QMutex(QMutex::Recursive);
--
-- // Load the embedded qt.conf file if there is a bundled copy of Qt.
-- if (!qpycore_qt_conf())
-- Py_FatalError("PyQt5.QtCore: Unable to embed qt.conf");
- }
-
diff --git a/gnu/packages/patches/qtbase-QTBUG-81715.patch b/gnu/packages/patches/qtbase-QTBUG-81715.patch
deleted file mode 100644
index 70b83b97d2..0000000000
--- a/gnu/packages/patches/qtbase-QTBUG-81715.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 8a3fde00bf53d99e9e4853e8ab97b0e1bcf74915 Mon Sep 17 00:00:00 2001
-From: Joerg Bornemann <joerg.bornemann@qt.io>
-Date: Wed, 29 Jan 2020 11:06:35 +0100
-Subject: [PATCH] Fix qt5_make_output_file macro for paths containing dots
-
-Commit 89bd5a7e broke CMake projects that use dots in their build
-paths, because the used regular expression matches the directory part
-of the path as well.
-
-The regex wants to achieve the same as get_filename_component(...
-NAME_WLE) which is available since CMake 3.14. Re-implement the
-NAME_WLE functionality for older CMake versions by using multiple
-get_filename_component calls.
-
-Fixes: QTBUG-81715
-Task-number: QTBUG-80295
-Change-Id: I2ef053300948f6e1b2c0c5eafac35105f193d4e6
-Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
----
-
-diff --git a/src/corelib/Qt5CoreMacros.cmake b/src/corelib/Qt5CoreMacros.cmake
-index 7735e51..b3da640 100644
---- a/src/corelib/Qt5CoreMacros.cmake
-+++ b/src/corelib/Qt5CoreMacros.cmake
-@@ -59,7 +59,14 @@
- set(_outfile "${CMAKE_CURRENT_BINARY_DIR}/${rel}")
- string(REPLACE ".." "__" _outfile ${_outfile})
- get_filename_component(outpath ${_outfile} PATH)
-- string(REGEX REPLACE "\\.[^.]*$" "" _outfile ${_outfile})
-+ if(CMAKE_VERSION VERSION_LESS "3.14")
-+ get_filename_component(_outfile_ext ${_outfile} EXT)
-+ get_filename_component(_outfile_ext ${_outfile_ext} NAME_WE)
-+ get_filename_component(_outfile ${_outfile} NAME_WE)
-+ string(APPEND _outfile ${_outfile_ext})
-+ else()
-+ get_filename_component(_outfile ${_outfile} NAME_WLE)
-+ endif()
- file(MAKE_DIRECTORY ${outpath})
- set(${outfile} ${outpath}/${prefix}${_outfile}.${ext})
- endmacro()
diff --git a/gnu/packages/patches/qtbase-use-TZDIR.patch b/gnu/packages/patches/qtbase-use-TZDIR.patch
index 11c737d844..b6c377b133 100644
--- a/gnu/packages/patches/qtbase-use-TZDIR.patch
+++ b/gnu/packages/patches/qtbase-use-TZDIR.patch
@@ -4,8 +4,8 @@ important to be able to update it fast.
Based on a patch fron NixOS.
===================================================================
---- qtbase-opensource-src-5.9.4.orig/src/corelib/tools/qtimezoneprivate_tz.cpp
-+++ qtbase-opensource-src-5.9.4/src/corelib/tools/qtimezoneprivate_tz.cpp
+--- qtbase-opensource-src-5.14.2.orig/src/corelib/time/qtimezoneprivate_tz.cpp
++++ qtbase-opensource-src-5.15.2/src/corelib/time/qtimezoneprivate_tz.cpp
@@ -70,7 +70,11 @@
// Parse zone.tab table, assume lists all installed zones, if not will need to read directories
static QTzTimeZoneHash loadTzTimeZones()