aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/automake-test-gzip-warning.patch17
-rw-r--r--gnu/packages/patches/dico-idxgcide-bug.patch21
-rw-r--r--gnu/packages/patches/expat-CVE-2015-1283-refix.patch27
-rw-r--r--gnu/packages/patches/expat-CVE-2015-1283.patch89
-rw-r--r--gnu/packages/patches/glibc-CVE-2015-7547.patch559
-rw-r--r--gnu/packages/patches/glibc-hurd-extern-inline.patch35
-rw-r--r--gnu/packages/patches/glibc-locale-incompatibility.patch23
-rw-r--r--gnu/packages/patches/libarchive-CVE-2013-0211.patch21
-rw-r--r--gnu/packages/patches/libarchive-CVE-2016-1541.patch67
-rw-r--r--gnu/packages/patches/libarchive-bsdtar-test.patch74
-rw-r--r--gnu/packages/patches/libarchive-fix-lzo-test-case.patch83
-rw-r--r--gnu/packages/patches/libarchive-mtree-filename-length-fix.patch18
-rw-r--r--gnu/packages/patches/libpthread-glibc-preparation.patch146
-rw-r--r--gnu/packages/patches/libxslt-CVE-2015-7995.patch29
-rw-r--r--gnu/packages/patches/libxslt-generated-ids.patch173
-rw-r--r--gnu/packages/patches/mit-krb5-CVE-2015-8629.patch51
-rw-r--r--gnu/packages/patches/mit-krb5-CVE-2015-8630.patch81
-rw-r--r--gnu/packages/patches/mit-krb5-CVE-2015-8631.patch576
-rw-r--r--gnu/packages/patches/mit-krb5-init-context-null-spnego.patch49
-rw-r--r--gnu/packages/patches/procps-non-linux.patch40
-rw-r--r--gnu/packages/patches/tar-d_ino_in_dirent-fix.patch33
21 files changed, 263 insertions, 1949 deletions
diff --git a/gnu/packages/patches/automake-test-gzip-warning.patch b/gnu/packages/patches/automake-test-gzip-warning.patch
new file mode 100644
index 0000000000..bcc9c207ae
--- /dev/null
+++ b/gnu/packages/patches/automake-test-gzip-warning.patch
@@ -0,0 +1,17 @@
+Adjust test to ignore gzip 1.8+ warnings.
+
+--- automake-1.15/t/distcheck-no-prefix-or-srcdir-override.sh 2016-06-14 00:36:26.554218552 +0200
++++ automake-1.15/t/distcheck-no-prefix-or-srcdir-override.sh 2016-06-14 00:37:52.903157770 +0200
+@@ -49,7 +49,11 @@ grep "cannot find sources.* in foobar" s
+
+ ./configure
+ run_make -E -O distcheck
+-test ! -s stderr
++
++# Gzip 1.8+ emits warnings like "gzip: warning: GZIP environment
++# variable is deprecated"; filter them out.
++test `grep -v '^gzip: warning' stderr | wc -l` -eq 0
++
+ # Sanity check: the flags have been actually seen.
+ $PERL -e 'undef $/; $_ = <>; s/ \\\n/ /g; print;' <stdout >t
+ grep '/configure .* --srcdir am-src' t || exit 99
diff --git a/gnu/packages/patches/dico-idxgcide-bug.patch b/gnu/packages/patches/dico-idxgcide-bug.patch
new file mode 100644
index 0000000000..28cc8a6a08
--- /dev/null
+++ b/gnu/packages/patches/dico-idxgcide-bug.patch
@@ -0,0 +1,21 @@
+Reported at <http://mail.gnu.org.ua/archives/bug-dico/2016-07/msg00000.html>.
+Patch the .c file to avoid depending on Flex.
+
+commit 4599abbda3b5979367138ea098e435c919fe93fc
+Author: Sergey Poznyakoff <gray@gnu.org>
+Date: Thu Jul 28 14:09:58 2016 +0300
+
+ Bugfix
+
+ * modules/gcide/idxgcide.l (main): Initialize ipg_header.
+
+--- dico-2.2/modules/gcide/idxgcide.c 2016-07-28 14:15:07.823587004 +0200
++++ dico-2.2/modules/gcide/idxgcide.c 2016-07-28 14:15:09.435600549 +0200
+@@ -2497,6 +2497,7 @@ main(int argc, char **argv)
+ dico_log(L_ERR, 0, _("not enough memory"));
+ exit(EX_UNAVAILABLE);
+ }
++ idx_page->ipg_header.hdr.phdr_numentries = 0;
+ idx_page->ipg_header.hdr.phdr_text_offset = idx_header.ihdr_pagesize / 2;
+
+ idx_header.ihdr_maxpageref = idx_header.ihdr_pagesize / 2 /
diff --git a/gnu/packages/patches/expat-CVE-2015-1283-refix.patch b/gnu/packages/patches/expat-CVE-2015-1283-refix.patch
index af5e3bcc3e..fc8d6291f5 100644
--- a/gnu/packages/patches/expat-CVE-2015-1283-refix.patch
+++ b/gnu/packages/patches/expat-CVE-2015-1283-refix.patch
@@ -1,42 +1,39 @@
-Update previous fix for CVE-2015-1283 to not rely on undefined behavior.
+Follow-up upstream fix for CVE-2015-1283 to not rely on undefined
+behavior.
-Copied from Debian, as found in Debian package version 2.1.0-6+deb8u2.
+Adapted from a patch from Debian (found in Debian package version
+2.1.0-6+deb8u2) to apply to upstream code:
https://sources.debian.net/src/expat/2.1.0-6%2Bdeb8u2/debian/patches/CVE-2015-1283-refix.patch/
-From 29a11774d8ebbafe8418b4a5ffb4cc1160b194a1 Mon Sep 17 00:00:00 2001
-From: Pascal Cuoq <cuoq@trust-in-soft.com>
-Date: Sun, 15 May 2016 09:05:46 +0200
-Subject: [PATCH] Avoid relying on undefined behavior in CVE-2015-1283 fix.
-
---
- expat/lib/xmlparse.c | 6 ++++--
+ lib/xmlparse.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index 13e080d..cdb12ef 100644
+index 0f6f4cd..5c70c17 100644
--- a/lib/xmlparse.c
+++ b/lib/xmlparse.c
-@@ -1695,7 +1695,8 @@ XML_GetBuffer(XML_Parser parser, int len
+@@ -1727,7 +1727,8 @@ XML_GetBuffer(XML_Parser parser, int len)
}
if (len > bufferLim - bufferEnd) {
- int neededSize = len + (int)(bufferEnd - bufferPtr);
+ /* Do not invoke signed arithmetic overflow: */
+ int neededSize = (int) ((unsigned)len + (unsigned)(bufferEnd - bufferPtr));
- /* BEGIN MOZILLA CHANGE (sanity check neededSize) */
if (neededSize < 0) {
errorCode = XML_ERROR_NO_MEMORY;
-@@ -1729,7 +1730,8 @@ XML_GetBuffer(XML_Parser parser, int len
+ return NULL;
+@@ -1759,7 +1760,8 @@ XML_GetBuffer(XML_Parser parser, int len)
if (bufferSize == 0)
bufferSize = INIT_BUFFER_SIZE;
do {
- bufferSize *= 2;
+ /* Do not invoke signed arithmetic overflow: */
+ bufferSize = (int) (2U * (unsigned) bufferSize);
- /* BEGIN MOZILLA CHANGE (prevent infinite loop on overflow) */
} while (bufferSize < neededSize && bufferSize > 0);
- /* END MOZILLA CHANGE */
+ if (bufferSize <= 0) {
+ errorCode = XML_ERROR_NO_MEMORY;
--
-2.8.2
+2.8.3
diff --git a/gnu/packages/patches/expat-CVE-2015-1283.patch b/gnu/packages/patches/expat-CVE-2015-1283.patch
deleted file mode 100644
index f9065bea16..0000000000
--- a/gnu/packages/patches/expat-CVE-2015-1283.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-Copied from Debian.
-
-Description: fix multiple integer overflows in the XML_GetBuffer function
- Multiple integer overflows in the XML_GetBuffer function in Expat through
- 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products,
- allow remote attackers to cause a denial of service (heap-based buffer
- overflow) or possibly have unspecified other impact via crafted XML data,
- a related issue to CVE-2015-2716.
-Origin: Mozilla, https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c
-Author: Eric Rahm <erahm@mozilla.com>
-Forwarded: not-needed
-Last-Update: 2015-07-24
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -1673,29 +1673,40 @@ XML_ParseBuffer(XML_Parser parser, int l
- XmlUpdatePosition(encoding, positionPtr, bufferPtr, &position);
- positionPtr = bufferPtr;
- return result;
- }
-
- void * XMLCALL
- XML_GetBuffer(XML_Parser parser, int len)
- {
-+/* BEGIN MOZILLA CHANGE (sanity check len) */
-+ if (len < 0) {
-+ errorCode = XML_ERROR_NO_MEMORY;
-+ return NULL;
-+ }
-+/* END MOZILLA CHANGE */
- switch (ps_parsing) {
- case XML_SUSPENDED:
- errorCode = XML_ERROR_SUSPENDED;
- return NULL;
- case XML_FINISHED:
- errorCode = XML_ERROR_FINISHED;
- return NULL;
- default: ;
- }
-
- if (len > bufferLim - bufferEnd) {
-- /* FIXME avoid integer overflow */
- int neededSize = len + (int)(bufferEnd - bufferPtr);
-+/* BEGIN MOZILLA CHANGE (sanity check neededSize) */
-+ if (neededSize < 0) {
-+ errorCode = XML_ERROR_NO_MEMORY;
-+ return NULL;
-+ }
-+/* END MOZILLA CHANGE */
- #ifdef XML_CONTEXT_BYTES
- int keep = (int)(bufferPtr - buffer);
-
- if (keep > XML_CONTEXT_BYTES)
- keep = XML_CONTEXT_BYTES;
- neededSize += keep;
- #endif /* defined XML_CONTEXT_BYTES */
- if (neededSize <= bufferLim - buffer) {
-@@ -1714,17 +1725,25 @@ XML_GetBuffer(XML_Parser parser, int len
- }
- else {
- char *newBuf;
- int bufferSize = (int)(bufferLim - bufferPtr);
- if (bufferSize == 0)
- bufferSize = INIT_BUFFER_SIZE;
- do {
- bufferSize *= 2;
-- } while (bufferSize < neededSize);
-+/* BEGIN MOZILLA CHANGE (prevent infinite loop on overflow) */
-+ } while (bufferSize < neededSize && bufferSize > 0);
-+/* END MOZILLA CHANGE */
-+/* BEGIN MOZILLA CHANGE (sanity check bufferSize) */
-+ if (bufferSize <= 0) {
-+ errorCode = XML_ERROR_NO_MEMORY;
-+ return NULL;
-+ }
-+/* END MOZILLA CHANGE */
- newBuf = (char *)MALLOC(bufferSize);
- if (newBuf == 0) {
- errorCode = XML_ERROR_NO_MEMORY;
- return NULL;
- }
- bufferLim = newBuf + bufferSize;
- #ifdef XML_CONTEXT_BYTES
- if (bufferPtr) {
-
-
-
-
diff --git a/gnu/packages/patches/glibc-CVE-2015-7547.patch b/gnu/packages/patches/glibc-CVE-2015-7547.patch
deleted file mode 100644
index 9a0909af74..0000000000
--- a/gnu/packages/patches/glibc-CVE-2015-7547.patch
+++ /dev/null
@@ -1,559 +0,0 @@
-Copied from Fedora:
-http://pkgs.fedoraproject.org/cgit/rpms/glibc.git/tree/glibc-CVE-2015-7547.patch?h=f23&id=9f1734eb6ce3257b788d6e9203572e8204c6c584
-
-Adapted to apply cleanly to glibc-2.22.
-
-Index: b/resolv/nss_dns/dns-host.c
-===================================================================
---- a/resolv/nss_dns/dns-host.c
-+++ b/resolv/nss_dns/dns-host.c
-@@ -1031,7 +1031,10 @@ gaih_getanswer_slice (const querybuf *an
- int h_namelen = 0;
-
- if (ancount == 0)
-- return NSS_STATUS_NOTFOUND;
-+ {
-+ *h_errnop = HOST_NOT_FOUND;
-+ return NSS_STATUS_NOTFOUND;
-+ }
-
- while (ancount-- > 0 && cp < end_of_message && had_error == 0)
- {
-@@ -1208,7 +1211,14 @@ gaih_getanswer_slice (const querybuf *an
- /* Special case here: if the resolver sent a result but it only
- contains a CNAME while we are looking for a T_A or T_AAAA record,
- we fail with NOTFOUND instead of TRYAGAIN. */
-- return canon == NULL ? NSS_STATUS_TRYAGAIN : NSS_STATUS_NOTFOUND;
-+ if (canon != NULL)
-+ {
-+ *h_errnop = HOST_NOT_FOUND;
-+ return NSS_STATUS_NOTFOUND;
-+ }
-+
-+ *h_errnop = NETDB_INTERNAL;
-+ return NSS_STATUS_TRYAGAIN;
- }
-
-
-@@ -1222,11 +1232,101 @@ gaih_getanswer (const querybuf *answer1,
-
- enum nss_status status = NSS_STATUS_NOTFOUND;
-
-+ /* Combining the NSS status of two distinct queries requires some
-+ compromise and attention to symmetry (A or AAAA queries can be
-+ returned in any order). What follows is a breakdown of how this
-+ code is expected to work and why. We discuss only SUCCESS,
-+ TRYAGAIN, NOTFOUND and UNAVAIL, since they are the only returns
-+ that apply (though RETURN and MERGE exist). We make a distinction
-+ between TRYAGAIN (recoverable) and TRYAGAIN' (not-recoverable).
-+ A recoverable TRYAGAIN is almost always due to buffer size issues
-+ and returns ERANGE in errno and the caller is expected to retry
-+ with a larger buffer.
-+
-+ Lastly, you may be tempted to make significant changes to the
-+ conditions in this code to bring about symmetry between responses.
-+ Please don't change anything without due consideration for
-+ expected application behaviour. Some of the synthesized responses
-+ aren't very well thought out and sometimes appear to imply that
-+ IPv4 responses are always answer 1, and IPv6 responses are always
-+ answer 2, but that's not true (see the implemetnation of send_dg
-+ and send_vc to see response can arrive in any order, particlarly
-+ for UDP). However, we expect it holds roughly enough of the time
-+ that this code works, but certainly needs to be fixed to make this
-+ a more robust implementation.
-+
-+ ----------------------------------------------
-+ | Answer 1 Status / | Synthesized | Reason |
-+ | Answer 2 Status | Status | |
-+ |--------------------------------------------|
-+ | SUCCESS/SUCCESS | SUCCESS | [1] |
-+ | SUCCESS/TRYAGAIN | TRYAGAIN | [5] |
-+ | SUCCESS/TRYAGAIN' | SUCCESS | [1] |
-+ | SUCCESS/NOTFOUND | SUCCESS | [1] |
-+ | SUCCESS/UNAVAIL | SUCCESS | [1] |
-+ | TRYAGAIN/SUCCESS | TRYAGAIN | [2] |
-+ | TRYAGAIN/TRYAGAIN | TRYAGAIN | [2] |
-+ | TRYAGAIN/TRYAGAIN' | TRYAGAIN | [2] |
-+ | TRYAGAIN/NOTFOUND | TRYAGAIN | [2] |
-+ | TRYAGAIN/UNAVAIL | TRYAGAIN | [2] |
-+ | TRYAGAIN'/SUCCESS | SUCCESS | [3] |
-+ | TRYAGAIN'/TRYAGAIN | TRYAGAIN | [3] |
-+ | TRYAGAIN'/TRYAGAIN' | TRYAGAIN' | [3] |
-+ | TRYAGAIN'/NOTFOUND | TRYAGAIN' | [3] |
-+ | TRYAGAIN'/UNAVAIL | UNAVAIL | [3] |
-+ | NOTFOUND/SUCCESS | SUCCESS | [3] |
-+ | NOTFOUND/TRYAGAIN | TRYAGAIN | [3] |
-+ | NOTFOUND/TRYAGAIN' | TRYAGAIN' | [3] |
-+ | NOTFOUND/NOTFOUND | NOTFOUND | [3] |
-+ | NOTFOUND/UNAVAIL | UNAVAIL | [3] |
-+ | UNAVAIL/SUCCESS | UNAVAIL | [4] |
-+ | UNAVAIL/TRYAGAIN | UNAVAIL | [4] |
-+ | UNAVAIL/TRYAGAIN' | UNAVAIL | [4] |
-+ | UNAVAIL/NOTFOUND | UNAVAIL | [4] |
-+ | UNAVAIL/UNAVAIL | UNAVAIL | [4] |
-+ ----------------------------------------------
-+
-+ [1] If the first response is a success we return success.
-+ This ignores the state of the second answer and in fact
-+ incorrectly sets errno and h_errno to that of the second
-+ answer. However because the response is a success we ignore
-+ *errnop and *h_errnop (though that means you touched errno on
-+ success). We are being conservative here and returning the
-+ likely IPv4 response in the first answer as a success.
-+
-+ [2] If the first response is a recoverable TRYAGAIN we return
-+ that instead of looking at the second response. The
-+ expectation here is that we have failed to get an IPv4 response
-+ and should retry both queries.
-+
-+ [3] If the first response was not a SUCCESS and the second
-+ response is not NOTFOUND (had a SUCCESS, need to TRYAGAIN,
-+ or failed entirely e.g. TRYAGAIN' and UNAVAIL) then use the
-+ result from the second response, otherwise the first responses
-+ status is used. Again we have some odd side-effects when the
-+ second response is NOTFOUND because we overwrite *errnop and
-+ *h_errnop that means that a first answer of NOTFOUND might see
-+ its *errnop and *h_errnop values altered. Whether it matters
-+ in practice that a first response NOTFOUND has the wrong
-+ *errnop and *h_errnop is undecided.
-+
-+ [4] If the first response is UNAVAIL we return that instead of
-+ looking at the second response. The expectation here is that
-+ it will have failed similarly e.g. configuration failure.
-+
-+ [5] Testing this code is complicated by the fact that truncated
-+ second response buffers might be returned as SUCCESS if the
-+ first answer is a SUCCESS. To fix this we add symmetry to
-+ TRYAGAIN with the second response. If the second response
-+ is a recoverable error we now return TRYAGIN even if the first
-+ response was SUCCESS. */
-+
- if (anslen1 > 0)
- status = gaih_getanswer_slice(answer1, anslen1, qname,
- &pat, &buffer, &buflen,
- errnop, h_errnop, ttlp,
- &first);
-+
- if ((status == NSS_STATUS_SUCCESS || status == NSS_STATUS_NOTFOUND
- || (status == NSS_STATUS_TRYAGAIN
- /* We want to look at the second answer in case of an
-@@ -1242,8 +1342,15 @@ gaih_getanswer (const querybuf *answer1,
- &pat, &buffer, &buflen,
- errnop, h_errnop, ttlp,
- &first);
-+ /* Use the second response status in some cases. */
- if (status != NSS_STATUS_SUCCESS && status2 != NSS_STATUS_NOTFOUND)
- status = status2;
-+ /* Do not return a truncated second response (unless it was
-+ unavoidable e.g. unrecoverable TRYAGAIN). */
-+ if (status == NSS_STATUS_SUCCESS
-+ && (status2 == NSS_STATUS_TRYAGAIN
-+ && *errnop == ERANGE && *h_errnop != NO_RECOVERY))
-+ status = NSS_STATUS_TRYAGAIN;
- }
-
- return status;
-Index: b/resolv/res_query.c
-===================================================================
---- a/resolv/res_query.c
-+++ b/resolv/res_query.c
-@@ -396,6 +396,7 @@ __libc_res_nsearch(res_state statp,
- {
- free (*answerp2);
- *answerp2 = NULL;
-+ *nanswerp2 = 0;
- *answerp2_malloced = 0;
- }
- }
-@@ -447,6 +448,7 @@ __libc_res_nsearch(res_state statp,
- {
- free (*answerp2);
- *answerp2 = NULL;
-+ *nanswerp2 = 0;
- *answerp2_malloced = 0;
- }
-
-@@ -521,6 +523,7 @@ __libc_res_nsearch(res_state statp,
- {
- free (*answerp2);
- *answerp2 = NULL;
-+ *nanswerp2 = 0;
- *answerp2_malloced = 0;
- }
- if (saved_herrno != -1)
-Index: b/resolv/res_send.c
-===================================================================
---- a/resolv/res_send.c
-+++ b/resolv/res_send.c
-@@ -1,3 +1,20 @@
-+/* Copyright (C) 2016 Free Software Foundation, Inc.
-+ This file is part of the GNU C Library.
-+
-+ The GNU C Library is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU Lesser General Public
-+ License as published by the Free Software Foundation; either
-+ version 2.1 of the License, or (at your option) any later version.
-+
-+ The GNU C Library is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ Lesser General Public License for more details.
-+
-+ You should have received a copy of the GNU Lesser General Public
-+ License along with the GNU C Library; if not, see
-+ <http://www.gnu.org/licenses/>. */
-+
- /*
- * Copyright (c) 1985, 1989, 1993
- * The Regents of the University of California. All rights reserved.
-@@ -361,6 +378,8 @@ __libc_res_nsend(res_state statp, const
- #ifdef USE_HOOKS
- if (__glibc_unlikely (statp->qhook || statp->rhook)) {
- if (anssiz < MAXPACKET && ansp) {
-+ /* Always allocate MAXPACKET, callers expect
-+ this specific size. */
- u_char *buf = malloc (MAXPACKET);
- if (buf == NULL)
- return (-1);
-@@ -660,6 +679,77 @@ libresolv_hidden_def (res_nsend)
-
- /* Private */
-
-+/* The send_vc function is responsible for sending a DNS query over TCP
-+ to the nameserver numbered NS from the res_state STATP i.e.
-+ EXT(statp).nssocks[ns]. The function supports sending both IPv4 and
-+ IPv6 queries at the same serially on the same socket.
-+
-+ Please note that for TCP there is no way to disable sending both
-+ queries, unlike UDP, which honours RES_SNGLKUP and RES_SNGLKUPREOP
-+ and sends the queries serially and waits for the result after each
-+ sent query. This implemetnation should be corrected to honour these
-+ options.
-+
-+ Please also note that for TCP we send both queries over the same
-+ socket one after another. This technically violates best practice
-+ since the server is allowed to read the first query, respond, and
-+ then close the socket (to service another client). If the server
-+ does this, then the remaining second query in the socket data buffer
-+ will cause the server to send the client an RST which will arrive
-+ asynchronously and the client's OS will likely tear down the socket
-+ receive buffer resulting in a potentially short read and lost
-+ response data. This will force the client to retry the query again,
-+ and this process may repeat until all servers and connection resets
-+ are exhausted and then the query will fail. It's not known if this
-+ happens with any frequency in real DNS server implementations. This
-+ implementation should be corrected to use two sockets by default for
-+ parallel queries.
-+
-+ The query stored in BUF of BUFLEN length is sent first followed by
-+ the query stored in BUF2 of BUFLEN2 length. Queries are sent
-+ serially on the same socket.
-+
-+ Answers to the query are stored firstly in *ANSP up to a max of
-+ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP
-+ is non-NULL (to indicate that modifying the answer buffer is allowed)
-+ then malloc is used to allocate a new response buffer and ANSCP and
-+ ANSP will both point to the new buffer. If more than *ANSSIZP bytes
-+ are needed but ANSCP is NULL, then as much of the response as
-+ possible is read into the buffer, but the results will be truncated.
-+ When truncation happens because of a small answer buffer the DNS
-+ packets header feild TC will bet set to 1, indicating a truncated
-+ message and the rest of the socket data will be read and discarded.
-+
-+ Answers to the query are stored secondly in *ANSP2 up to a max of
-+ *ANSSIZP2 bytes, with the actual response length stored in
-+ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2
-+ is non-NULL (required for a second query) then malloc is used to
-+ allocate a new response buffer, *ANSSIZP2 is set to the new buffer
-+ size and *ANSP2_MALLOCED is set to 1.
-+
-+ The ANSP2_MALLOCED argument will eventually be removed as the
-+ change in buffer pointer can be used to detect the buffer has
-+ changed and that the caller should use free on the new buffer.
-+
-+ Note that the answers may arrive in any order from the server and
-+ therefore the first and second answer buffers may not correspond to
-+ the first and second queries.
-+
-+ It is not supported to call this function with a non-NULL ANSP2
-+ but a NULL ANSCP. Put another way, you can call send_vc with a
-+ single unmodifiable buffer or two modifiable buffers, but no other
-+ combination is supported.
-+
-+ It is the caller's responsibility to free the malloc allocated
-+ buffers by detecting that the pointers have changed from their
-+ original values i.e. *ANSCP or *ANSP2 has changed.
-+
-+ If errors are encountered then *TERRNO is set to an appropriate
-+ errno value and a zero result is returned for a recoverable error,
-+ and a less-than zero result is returned for a non-recoverable error.
-+
-+ If no errors are encountered then *TERRNO is left unmodified and
-+ a the length of the first response in bytes is returned. */
- static int
- send_vc(res_state statp,
- const u_char *buf, int buflen, const u_char *buf2, int buflen2,
-@@ -669,11 +759,7 @@ send_vc(res_state statp,
- {
- const HEADER *hp = (HEADER *) buf;
- const HEADER *hp2 = (HEADER *) buf2;
-- u_char *ans = *ansp;
-- int orig_anssizp = *anssizp;
-- // XXX REMOVE
-- // int anssiz = *anssizp;
-- HEADER *anhp = (HEADER *) ans;
-+ HEADER *anhp = (HEADER *) *ansp;
- struct sockaddr *nsap = get_nsaddr (statp, ns);
- int truncating, connreset, n;
- /* On some architectures compiler might emit a warning indicating
-@@ -766,6 +852,8 @@ send_vc(res_state statp,
- * Receive length & response
- */
- int recvresp1 = 0;
-+ /* Skip the second response if there is no second query.
-+ To do that we mark the second response as received. */
- int recvresp2 = buf2 == NULL;
- uint16_t rlen16;
- read_len:
-@@ -802,40 +890,14 @@ send_vc(res_state statp,
- u_char **thisansp;
- int *thisresplenp;
- if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) {
-+ /* We have not received any responses
-+ yet or we only have one response to
-+ receive. */
- thisanssizp = anssizp;
- thisansp = anscp ?: ansp;
- assert (anscp != NULL || ansp2 == NULL);
- thisresplenp = &resplen;
- } else {
-- if (*anssizp != MAXPACKET) {
-- /* No buffer allocated for the first
-- reply. We can try to use the rest
-- of the user-provided buffer. */
--#if __GNUC_PREREQ (4, 7)
-- DIAG_PUSH_NEEDS_COMMENT;
-- DIAG_IGNORE_NEEDS_COMMENT (5, "-Wmaybe-uninitialized");
--#endif
--#if _STRING_ARCH_unaligned
-- *anssizp2 = orig_anssizp - resplen;
-- *ansp2 = *ansp + resplen;
--#else
-- int aligned_resplen
-- = ((resplen + __alignof__ (HEADER) - 1)
-- & ~(__alignof__ (HEADER) - 1));
-- *anssizp2 = orig_anssizp - aligned_resplen;
-- *ansp2 = *ansp + aligned_resplen;
--#endif
--#if __GNUC_PREREQ (4, 7)
-- DIAG_POP_NEEDS_COMMENT;
--#endif
-- } else {
-- /* The first reply did not fit into the
-- user-provided buffer. Maybe the second
-- answer will. */
-- *anssizp2 = orig_anssizp;
-- *ansp2 = *ansp;
-- }
--
- thisanssizp = anssizp2;
- thisansp = ansp2;
- thisresplenp = resplen2;
-@@ -843,10 +905,14 @@ send_vc(res_state statp,
- anhp = (HEADER *) *thisansp;
-
- *thisresplenp = rlen;
-- if (rlen > *thisanssizp) {
-- /* Yes, we test ANSCP here. If we have two buffers
-- both will be allocatable. */
-- if (__glibc_likely (anscp != NULL)) {
-+ /* Is the answer buffer too small? */
-+ if (*thisanssizp < rlen) {
-+ /* If the current buffer is non-NULL and it's not
-+ pointing at the static user-supplied buffer then
-+ we can reallocate it. */
-+ if (thisansp != NULL && thisansp != ansp) {
-+ /* Always allocate MAXPACKET, callers expect
-+ this specific size. */
- u_char *newp = malloc (MAXPACKET);
- if (newp == NULL) {
- *terrno = ENOMEM;
-@@ -858,6 +924,9 @@ send_vc(res_state statp,
- if (thisansp == ansp2)
- *ansp2_malloced = 1;
- anhp = (HEADER *) newp;
-+ /* A uint16_t can't be larger than MAXPACKET
-+ thus it's safe to allocate MAXPACKET but
-+ read RLEN bytes instead. */
- len = rlen;
- } else {
- Dprint(statp->options & RES_DEBUG,
-@@ -1021,6 +1090,66 @@ reopen (res_state statp, int *terrno, in
- return 1;
- }
-
-+/* The send_dg function is responsible for sending a DNS query over UDP
-+ to the nameserver numbered NS from the res_state STATP i.e.
-+ EXT(statp).nssocks[ns]. The function supports IPv4 and IPv6 queries
-+ along with the ability to send the query in parallel for both stacks
-+ (default) or serially (RES_SINGLKUP). It also supports serial lookup
-+ with a close and reopen of the socket used to talk to the server
-+ (RES_SNGLKUPREOP) to work around broken name servers.
-+
-+ The query stored in BUF of BUFLEN length is sent first followed by
-+ the query stored in BUF2 of BUFLEN2 length. Queries are sent
-+ in parallel (default) or serially (RES_SINGLKUP or RES_SNGLKUPREOP).
-+
-+ Answers to the query are stored firstly in *ANSP up to a max of
-+ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP
-+ is non-NULL (to indicate that modifying the answer buffer is allowed)
-+ then malloc is used to allocate a new response buffer and ANSCP and
-+ ANSP will both point to the new buffer. If more than *ANSSIZP bytes
-+ are needed but ANSCP is NULL, then as much of the response as
-+ possible is read into the buffer, but the results will be truncated.
-+ When truncation happens because of a small answer buffer the DNS
-+ packets header feild TC will bet set to 1, indicating a truncated
-+ message, while the rest of the UDP packet is discarded.
-+
-+ Answers to the query are stored secondly in *ANSP2 up to a max of
-+ *ANSSIZP2 bytes, with the actual response length stored in
-+ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2
-+ is non-NULL (required for a second query) then malloc is used to
-+ allocate a new response buffer, *ANSSIZP2 is set to the new buffer
-+ size and *ANSP2_MALLOCED is set to 1.
-+
-+ The ANSP2_MALLOCED argument will eventually be removed as the
-+ change in buffer pointer can be used to detect the buffer has
-+ changed and that the caller should use free on the new buffer.
-+
-+ Note that the answers may arrive in any order from the server and
-+ therefore the first and second answer buffers may not correspond to
-+ the first and second queries.
-+
-+ It is not supported to call this function with a non-NULL ANSP2
-+ but a NULL ANSCP. Put another way, you can call send_vc with a
-+ single unmodifiable buffer or two modifiable buffers, but no other
-+ combination is supported.
-+
-+ It is the caller's responsibility to free the malloc allocated
-+ buffers by detecting that the pointers have changed from their
-+ original values i.e. *ANSCP or *ANSP2 has changed.
-+
-+ If an answer is truncated because of UDP datagram DNS limits then
-+ *V_CIRCUIT is set to 1 and the return value non-zero to indicate to
-+ the caller to retry with TCP. The value *GOTSOMEWHERE is set to 1
-+ if any progress was made reading a response from the nameserver and
-+ is used by the caller to distinguish between ECONNREFUSED and
-+ ETIMEDOUT (the latter if *GOTSOMEWHERE is 1).
-+
-+ If errors are encountered then *TERRNO is set to an appropriate
-+ errno value and a zero result is returned for a recoverable error,
-+ and a less-than zero result is returned for a non-recoverable error.
-+
-+ If no errors are encountered then *TERRNO is left unmodified and
-+ a the length of the first response in bytes is returned. */
- static int
- send_dg(res_state statp,
- const u_char *buf, int buflen, const u_char *buf2, int buflen2,
-@@ -1030,8 +1159,6 @@ send_dg(res_state statp,
- {
- const HEADER *hp = (HEADER *) buf;
- const HEADER *hp2 = (HEADER *) buf2;
-- u_char *ans = *ansp;
-- int orig_anssizp = *anssizp;
- struct timespec now, timeout, finish;
- struct pollfd pfd[1];
- int ptimeout;
-@@ -1064,6 +1191,8 @@ send_dg(res_state statp,
- int need_recompute = 0;
- int nwritten = 0;
- int recvresp1 = 0;
-+ /* Skip the second response if there is no second query.
-+ To do that we mark the second response as received. */
- int recvresp2 = buf2 == NULL;
- pfd[0].fd = EXT(statp).nssocks[ns];
- pfd[0].events = POLLOUT;
-@@ -1227,55 +1356,56 @@ send_dg(res_state statp,
- int *thisresplenp;
-
- if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) {
-+ /* We have not received any responses
-+ yet or we only have one response to
-+ receive. */
- thisanssizp = anssizp;
- thisansp = anscp ?: ansp;
- assert (anscp != NULL || ansp2 == NULL);
- thisresplenp = &resplen;
- } else {
-- if (*anssizp != MAXPACKET) {
-- /* No buffer allocated for the first
-- reply. We can try to use the rest
-- of the user-provided buffer. */
--#if _STRING_ARCH_unaligned
-- *anssizp2 = orig_anssizp - resplen;
-- *ansp2 = *ansp + resplen;
--#else
-- int aligned_resplen
-- = ((resplen + __alignof__ (HEADER) - 1)
-- & ~(__alignof__ (HEADER) - 1));
-- *anssizp2 = orig_anssizp - aligned_resplen;
-- *ansp2 = *ansp + aligned_resplen;
--#endif
-- } else {
-- /* The first reply did not fit into the
-- user-provided buffer. Maybe the second
-- answer will. */
-- *anssizp2 = orig_anssizp;
-- *ansp2 = *ansp;
-- }
--
- thisanssizp = anssizp2;
- thisansp = ansp2;
- thisresplenp = resplen2;
- }
-
- if (*thisanssizp < MAXPACKET
-- /* Yes, we test ANSCP here. If we have two buffers
-- both will be allocatable. */
-- && anscp
-+ /* If the current buffer is non-NULL and it's not
-+ pointing at the static user-supplied buffer then
-+ we can reallocate it. */
-+ && (thisansp != NULL && thisansp != ansp)
- #ifdef FIONREAD
-+ /* Is the size too small? */
- && (ioctl (pfd[0].fd, FIONREAD, thisresplenp) < 0
- || *thisanssizp < *thisresplenp)
- #endif
- ) {
-+ /* Always allocate MAXPACKET, callers expect
-+ this specific size. */
- u_char *newp = malloc (MAXPACKET);
- if (newp != NULL) {
-- *anssizp = MAXPACKET;
-- *thisansp = ans = newp;
-+ *thisanssizp = MAXPACKET;
-+ *thisansp = newp;
- if (thisansp == ansp2)
- *ansp2_malloced = 1;
- }
- }
-+ /* We could end up with truncation if anscp was NULL
-+ (not allowed to change caller's buffer) and the
-+ response buffer size is too small. This isn't a
-+ reliable way to detect truncation because the ioctl
-+ may be an inaccurate report of the UDP message size.
-+ Therefore we use this only to issue debug output.
-+ To do truncation accurately with UDP we need
-+ MSG_TRUNC which is only available on Linux. We
-+ can abstract out the Linux-specific feature in the
-+ future to detect truncation. */
-+ if (__glibc_unlikely (*thisanssizp < *thisresplenp)) {
-+ Dprint(statp->options & RES_DEBUG,
-+ (stdout, ";; response may be truncated (UDP)\n")
-+ );
-+ }
-+
- HEADER *anhp = (HEADER *) *thisansp;
- socklen_t fromlen = sizeof(struct sockaddr_in6);
- assert (sizeof(from) <= fromlen);
diff --git a/gnu/packages/patches/glibc-hurd-extern-inline.patch b/gnu/packages/patches/glibc-hurd-extern-inline.patch
deleted file mode 100644
index a609b1f54a..0000000000
--- a/gnu/packages/patches/glibc-hurd-extern-inline.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-This changes the way _EXTERN_INLINE is defined so we can
-avoid external definition errors.
-https://lists.gnu.org/archive/html/bug-hurd/2014-04/msg00002.html
-
-diff --git a/signal/sigsetops.c b/signal/sigsetops.c
-index 0317662..b92c296 100644
---- a/signal/sigsetops.c
-+++ b/signal/sigsetops.c
-@@ -3,7 +3,9 @@
-
- #include <features.h>
-
--#define _EXTERN_INLINE
-+#ifndef _EXTERN_INLINE
-+#define _EXTERN_INLINE __extern_inline
-+#endif
- #ifndef __USE_EXTERN_INLINES
- # define __USE_EXTERN_INLINES 1
- #endif
-
-Link libmachuser and libhurduser automatically with libc, since they are
-considered a standard part of the API in GNU-land.
-
---- a/Makerules
-+++ b/Makerules
-@@ -978,6 +978,9 @@
- '$(libdir)/$(patsubst %,$(libtype.oS),$(libprefix)$(libc-name))'\
- ' AS_NEEDED (' $(rtlddir)/$(rtld-installed-name) ') )' \
- ) > $@.new
-+ifeq ($(patsubst gnu%,,$(config-os)),)
-+ echo 'INPUT ( AS_NEEDED ( -lmachuser -lhurduser ) )' >> $@.new
-+endif
- mv -f $@.new $@
-
- endif \ No newline at end of file
diff --git a/gnu/packages/patches/glibc-locale-incompatibility.patch b/gnu/packages/patches/glibc-locale-incompatibility.patch
deleted file mode 100644
index baf30a79a7..0000000000
--- a/gnu/packages/patches/glibc-locale-incompatibility.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-This patch avoids an assertion failure when incompatible locale data
-is encountered:
-
- https://sourceware.org/ml/libc-alpha/2015-09/msg00575.html
-
---- glibc-2.22/locale/loadlocale.c 2015-09-22 17:16:02.321981548 +0200
-+++ glibc-2.22/locale/loadlocale.c 2015-09-22 17:17:34.814659064 +0200
-@@ -120,10 +120,11 @@
- _nl_value_type_LC_XYZ array. There are all pointers. */
- switch (category)
- {
--#define CATTEST(cat) \
-- case LC_##cat: \
-- assert (cnt < (sizeof (_nl_value_type_LC_##cat) \
-- / sizeof (_nl_value_type_LC_##cat[0]))); \
-+#define CATTEST(cat) \
-+ case LC_##cat: \
-+ if (cnt >= (sizeof (_nl_value_type_LC_##cat) \
-+ / sizeof (_nl_value_type_LC_##cat[0]))) \
-+ goto puntdata; \
- break
- CATTEST (NUMERIC);
- CATTEST (TIME);
diff --git a/gnu/packages/patches/libarchive-CVE-2013-0211.patch b/gnu/packages/patches/libarchive-CVE-2013-0211.patch
deleted file mode 100644
index b024a7d4a8..0000000000
--- a/gnu/packages/patches/libarchive-CVE-2013-0211.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-Description: Fix CVE-2013-0211: read buffer overflow on 64-bit systems
-Origin: upstream
-Bug-Debian: http://bugs.debian.org/703957
-Forwarded: not-needed
-
---- libarchive-3.0.4.orig/libarchive/archive_write.c
-+++ libarchive-3.0.4/libarchive/archive_write.c
-@@ -665,8 +665,13 @@ static ssize_t
- _archive_write_data(struct archive *_a, const void *buff, size_t s)
- {
- struct archive_write *a = (struct archive_write *)_a;
-+ const size_t max_write = INT_MAX;
-+
- archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC,
- ARCHIVE_STATE_DATA, "archive_write_data");
-+ /* In particular, this catches attempts to pass negative values. */
-+ if (s > max_write)
-+ s = max_write;
- archive_clear_error(&a->archive);
- return ((a->format_write_data)(a, buff, s));
- }
diff --git a/gnu/packages/patches/libarchive-CVE-2016-1541.patch b/gnu/packages/patches/libarchive-CVE-2016-1541.patch
deleted file mode 100644
index 6ac8773244..0000000000
--- a/gnu/packages/patches/libarchive-CVE-2016-1541.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-Fix CVE-2016-1541 (buffer overflow zip_read_mac_metadata)
-
-Taken from upstream source repository:
-https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7
-
-When reading OS X metadata entries in Zip archives that were stored
-without compression, libarchive would use the uncompressed entry size
-to allocate a buffer but would use the compressed entry size to limit
-the amount of data copied into that buffer. Since the compressed
-and uncompressed sizes are provided by data in the archive itself,
-an attacker could manipulate these values to write data beyond
-the end of the allocated buffer.
-
-This fix provides three new checks to guard against such
-manipulation and to make libarchive generally more robust when
-handling this type of entry:
- 1. If an OS X metadata entry is stored without compression,
- abort the entire archive if the compressed and uncompressed
- data sizes do not match.
- 2. When sanity-checking the size of an OS X metadata entry,
- abort this entry if either the compressed or uncompressed
- size is larger than 4MB.
- 3. When copying data into the allocated buffer, check the copy
- size against both the compressed entry size and uncompressed
- entry size.
----
- libarchive/archive_read_support_format_zip.c | 13 +++++++++++++
- 1 file changed, 13 insertions(+)
-
-diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c
-index 0f8262c..0a0be96 100644
---- a/libarchive/archive_read_support_format_zip.c
-+++ b/libarchive/archive_read_support_format_zip.c
-@@ -2778,6 +2778,11 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry,
-
- switch(rsrc->compression) {
- case 0: /* No compression. */
-+ if (rsrc->uncompressed_size != rsrc->compressed_size) {
-+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
-+ "Malformed OS X metadata entry: inconsistent size");
-+ return (ARCHIVE_FATAL);
-+ }
- #ifdef HAVE_ZLIB_H
- case 8: /* Deflate compression. */
- #endif
-@@ -2798,6 +2803,12 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry,
- (intmax_t)rsrc->uncompressed_size);
- return (ARCHIVE_WARN);
- }
-+ if (rsrc->compressed_size > (4 * 1024 * 1024)) {
-+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
-+ "Mac metadata is too large: %jd > 4M bytes",
-+ (intmax_t)rsrc->compressed_size);
-+ return (ARCHIVE_WARN);
-+ }
-
- metadata = malloc((size_t)rsrc->uncompressed_size);
- if (metadata == NULL) {
-@@ -2836,6 +2847,8 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry,
- bytes_avail = remaining_bytes;
- switch(rsrc->compression) {
- case 0: /* No compression. */
-+ if ((size_t)bytes_avail > metadata_bytes)
-+ bytes_avail = metadata_bytes;
- memcpy(mp, p, bytes_avail);
- bytes_used = (size_t)bytes_avail;
- metadata_bytes -= bytes_used;
diff --git a/gnu/packages/patches/libarchive-bsdtar-test.patch b/gnu/packages/patches/libarchive-bsdtar-test.patch
deleted file mode 100644
index 6a533a9a07..0000000000
--- a/gnu/packages/patches/libarchive-bsdtar-test.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-commit b539b2e597b566fe3c4b49cb61c9eef83e5e052d
-Author: Pavel Raiskup <praiskup@redhat.com>
-Date: Thu Jun 27 16:01:30 2013 +0200
-
- Use ustar format in the test_option_b test
-
- .. because the ustar archive does not store SELinux context. As the default
- format for bsdtar is "restricted pax" (trying to store xattrs and other
- things by default), the test failed on Fedora because our files have by
- default SELinux context set. This results in additional data in tested
- archive ~> and the test failed because the archive was unexpectedly big:
-
- tar/test/test_option_b.c:41: File archive1.tar has size 3072, expected 2048
-
- Reviewed by Konrad Kleine <konrad.wilhelm.kleine@gmail.com>
-
-diff --git a/tar/test/test_option_b.c b/tar/test/test_option_b.c
-index be2ae65..6fea474 100644
---- a/tar/test/test_option_b.c
-+++ b/tar/test/test_option_b.c
-@@ -25,8 +25,14 @@
- #include "test.h"
- __FBSDID("$FreeBSD$");
-
-+#define USTAR_OPT " --format=ustar"
-+
- DEFINE_TEST(test_option_b)
- {
-+ char *testprog_ustar = malloc(strlen(testprog) + sizeof(USTAR_OPT) + 1);
-+ strcpy(testprog_ustar, testprog);
-+ strcat(testprog_ustar, USTAR_OPT);
-+
- assertMakeFile("file1", 0644, "file1");
- if (systemf("cat file1 > test_cat.out 2> test_cat.err") != 0) {
- skipping("Platform doesn't have cat");
-@@ -36,7 +42,7 @@ DEFINE_TEST(test_option_b)
- /*
- * Bsdtar does not pad if the output is going directly to a disk file.
- */
-- assertEqualInt(0, systemf("%s -cf archive1.tar file1 >test1.out 2>test1.err", testprog));
-+ assertEqualInt(0, systemf("%s -cf archive1.tar file1 >test1.out 2>test1.err", testprog_ustar));
- failure("bsdtar does not pad archives written directly to regular files");
- assertFileSize("archive1.tar", 2048);
- assertEmptyFile("test1.out");
-@@ -46,24 +52,24 @@ DEFINE_TEST(test_option_b)
- * Bsdtar does pad to the block size if the output is going to a socket.
- */
- /* Default is -b 20 */
-- assertEqualInt(0, systemf("%s -cf - file1 2>test2.err | cat >archive2.tar ", testprog));
-+ assertEqualInt(0, systemf("%s -cf - file1 2>test2.err | cat >archive2.tar ", testprog_ustar));
- failure("bsdtar does pad archives written to pipes");
- assertFileSize("archive2.tar", 10240);
- assertEmptyFile("test2.err");
-
-- assertEqualInt(0, systemf("%s -cf - -b 20 file1 2>test3.err | cat >archive3.tar ", testprog));
-+ assertEqualInt(0, systemf("%s -cf - -b 20 file1 2>test3.err | cat >archive3.tar ", testprog_ustar));
- assertFileSize("archive3.tar", 10240);
- assertEmptyFile("test3.err");
-
-- assertEqualInt(0, systemf("%s -cf - -b 10 file1 2>test4.err | cat >archive4.tar ", testprog));
-+ assertEqualInt(0, systemf("%s -cf - -b 10 file1 2>test4.err | cat >archive4.tar ", testprog_ustar));
- assertFileSize("archive4.tar", 5120);
- assertEmptyFile("test4.err");
-
-- assertEqualInt(0, systemf("%s -cf - -b 1 file1 2>test5.err | cat >archive5.tar ", testprog));
-+ assertEqualInt(0, systemf("%s -cf - -b 1 file1 2>test5.err | cat >archive5.tar ", testprog_ustar));
- assertFileSize("archive5.tar", 2048);
- assertEmptyFile("test5.err");
-
-- assertEqualInt(0, systemf("%s -cf - -b 8192 file1 2>test6.err | cat >archive6.tar ", testprog));
-+ assertEqualInt(0, systemf("%s -cf - -b 8192 file1 2>test6.err | cat >archive6.tar ", testprog_ustar));
- assertFileSize("archive6.tar", 4194304);
- assertEmptyFile("test6.err");
-
diff --git a/gnu/packages/patches/libarchive-fix-lzo-test-case.patch b/gnu/packages/patches/libarchive-fix-lzo-test-case.patch
deleted file mode 100644
index ffdc0db922..0000000000
--- a/gnu/packages/patches/libarchive-fix-lzo-test-case.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-Description: This patch fixes test cases for LZO write support in various
- architectures, such as armhf. Writing a certain amount of files would
- cause the LZO compressor level 9 to produce a bigger archive than the
- default compressor level.
-Author: Andres Mejia <amejia@debian.org>
-
---- a/libarchive/test/test_write_filter_lzop.c
-+++ b/libarchive/test/test_write_filter_lzop.c
-@@ -39,7 +39,7 @@
- size_t buffsize, datasize;
- char path[16];
- size_t used1, used2;
-- int i, r, use_prog = 0;
-+ int i, r, use_prog = 0, filecount;
-
- assert((a = archive_write_new()) != NULL);
- r = archive_write_add_filter_lzop(a);
-@@ -58,9 +58,10 @@
-
- datasize = 10000;
- assert(NULL != (data = (char *)calloc(1, datasize)));
-+ filecount = 10;
-
- /*
-- * Write a 100 files and read them all back.
-+ * Write a filecount files and read them all back.
- */
- assert((a = archive_write_new()) != NULL);
- assertEqualIntA(a, ARCHIVE_OK, archive_write_set_format_ustar(a));
-@@ -77,7 +78,7 @@
- assert((ae = archive_entry_new()) != NULL);
- archive_entry_set_filetype(ae, AE_IFREG);
- archive_entry_set_size(ae, datasize);
-- for (i = 0; i < 100; i++) {
-+ for (i = 0; i < filecount; i++) {
- sprintf(path, "file%03d", i);
- archive_entry_copy_pathname(ae, path);
- assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae));
-@@ -97,7 +98,7 @@
- } else {
- assertEqualIntA(a, ARCHIVE_OK,
- archive_read_open_memory(a, buff, used1));
-- for (i = 0; i < 100; i++) {
-+ for (i = 0; i < filecount; i++) {
- sprintf(path, "file%03d", i);
- if (!assertEqualInt(ARCHIVE_OK,
- archive_read_next_header(a, &ae)))
-@@ -133,7 +134,7 @@
- archive_write_set_options(a, "lzop:compression-level=9"));
- assertEqualIntA(a, ARCHIVE_OK,
- archive_write_open_memory(a, buff, buffsize, &used2));
-- for (i = 0; i < 100; i++) {
-+ for (i = 0; i < filecount; i++) {
- sprintf(path, "file%03d", i);
- assert((ae = archive_entry_new()) != NULL);
- archive_entry_copy_pathname(ae, path);
-@@ -161,7 +162,7 @@
- archive_read_support_filter_all(a));
- assertEqualIntA(a, ARCHIVE_OK,
- archive_read_open_memory(a, buff, used2));
-- for (i = 0; i < 100; i++) {
-+ for (i = 0; i < filecount; i++) {
- sprintf(path, "file%03d", i);
- if (!assertEqualInt(ARCHIVE_OK,
- archive_read_next_header(a, &ae)))
-@@ -186,7 +187,7 @@
- archive_write_set_filter_option(a, NULL, "compression-level", "1"));
- assertEqualIntA(a, ARCHIVE_OK,
- archive_write_open_memory(a, buff, buffsize, &used2));
-- for (i = 0; i < 100; i++) {
-+ for (i = 0; i < filecount; i++) {
- sprintf(path, "file%03d", i);
- assert((ae = archive_entry_new()) != NULL);
- archive_entry_copy_pathname(ae, path);
-@@ -216,7 +217,7 @@
- } else {
- assertEqualIntA(a, ARCHIVE_OK,
- archive_read_open_memory(a, buff, used2));
-- for (i = 0; i < 100; i++) {
-+ for (i = 0; i < filecount; i++) {
- sprintf(path, "file%03d", i);
- if (!assertEqualInt(ARCHIVE_OK,
- archive_read_next_header(a, &ae)))
diff --git a/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch b/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch
deleted file mode 100644
index ad94592c05..0000000000
--- a/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Description: Patch to fix filename length calculation when writing mtree archives.
-Author: Dave Reisner <dreisner@archlinux.org>
-Origin: upstream
-
---- a/libarchive/archive_write_set_format_mtree.c
-+++ b/libarchive/archive_write_set_format_mtree.c
-@@ -1855,9 +1855,9 @@
- return (ret);
- }
-
-- /* Make a basename from dirname and slash */
-+ /* Make a basename from file->parentdir.s and slash */
- *slash = '\0';
-- file->parentdir.length = slash - dirname;
-+ file->parentdir.length = slash - file->parentdir.s;
- archive_strcpy(&(file->basename), slash + 1);
- return (ret);
- }
diff --git a/gnu/packages/patches/libpthread-glibc-preparation.patch b/gnu/packages/patches/libpthread-glibc-preparation.patch
deleted file mode 100644
index a43245436c..0000000000
--- a/gnu/packages/patches/libpthread-glibc-preparation.patch
+++ /dev/null
@@ -1,146 +0,0 @@
-This patch helps to integrate the Hurd's libpthread as a libc add-on.
-
-It writes the configure file, removes an rpc call not yet
-implemented on the version of gnumach we use and defines
-a missing macro.
-
-diff --git a/libpthread/configure b/libpthread/configure
-new file mode 100644
-index 0000000..2cdbc71
---- /dev/null
-+++ b/libpthread/configure
-@@ -0,0 +1,2 @@
-+libc_add_on_canonical=libpthread
-+libc_add_on_subdirs=.
---
-1.9.0
-
-We are using a version of GNU Mach that lacks 'thread_terminate_release'
-(not introduced yet). The 'thread_terminate' RPC call will be enough for
-our needs.
-See <http://lists.gnu.org/archive/html/bug-hurd/2014-05/msg00127.html>.
-
-diff --git a/libpthread/sysdeps/mach/pt-thread-terminate.c b/libpthread/sysdeps/mach/pt-thread-terminate.c
-index 6672065..129a611 100644
---- a/libpthread/sysdeps/mach/pt-thread-terminate.c
-+++ b/libpthread/sysdeps/mach/pt-thread-terminate.c
-@@ -70,9 +70,9 @@ __pthread_thread_terminate (struct __pthread *thread)
- __mach_port_destroy (__mach_task_self (), wakeup_port);
-
- /* Terminate and release all that's left. */
-- err = __thread_terminate_release (kernel_thread, mach_task_self (),
-- kernel_thread, reply_port,
-- stackaddr, stacksize);
-+ /* err = __thread_terminate_release (kernel_thread, mach_task_self (), */
-+ /* kernel_thread, reply_port, */
-+ /* stackaddr, stacksize); */
-
- /* The kernel does not support it yet. Leak but at least terminate
- correctly. */
---
-1.9.2
-
-The __PTHREAD_SPIN_LOCK_INITIALIZER definition is missing, so we
-define it to __SPIN_LOCK_INITIALIZER which already exists.
-See <http://lists.gnu.org/archive/html/commit-hurd/2009-04/msg00006.html>.
-
-diff --git a/libpthread/sysdeps/mach/bits/spin-lock.h b/libpthread/sysdeps/mach/bits/spin-lock.h
-index 537dac9..fca0e5a 100644
---- a/libpthread/sysdeps/mach/bits/spin-lock.h
-+++ b/libpthread/sysdeps/mach/bits/spin-lock.h
-@@ -30,7 +30,7 @@ typedef __spin_lock_t __pthread_spinlock_t;
-
- /* Initializer for a spin lock object. */
- #ifndef __PTHREAD_SPIN_LOCK_INITIALIZER
--#error __PTHREAD_SPIN_LOCK_INITIALIZER undefined: should be defined by <lock-intern.h>.
-+#define __PTHREAD_SPIN_LOCK_INITIALIZER __SPIN_LOCK_INITIALIZER
- #endif
-
- __END_DECLS
-
-The version of the glibc we use doesn't include the shm-directory.c file and does
-not yet support IS_IN.
-See <https://lists.gnu.org/archive/html/bug-hurd/2015-03/msg00078.html>
-
-diff --git a/libpthread/Makefile b/libpthread/Makefile
-index 2906788..b8dee58 100644
---- a/libpthread/Makefile
-+++ b/libpthread/Makefile
-@@ -149,8 +149,6 @@ libpthread-routines := pt-attr pt-attr-destroy pt-attr-getdetachstate \
- sem-post sem-timedwait sem-trywait sem-unlink \
- sem-wait \
- \
-- shm-directory \
-- \
- cthreads-compat \
- $(SYSDEPS)
-
---
-2.3.6
-
-diff --git a/libpthread/pthread/pt-create.c b/libpthread/pthread/pt-create.c
-index d88afae..84044dc 100644
---- a/libpthread/pthread/pt-create.c
-+++ b/libpthread/pthread/pt-create.c
-@@ -28,7 +28,7 @@
-
- #include <pt-internal.h>
-
--#if IS_IN (libpthread)
-+#ifdef IS_IN_libpthread
- # include <ctype.h>
- #endif
- #ifdef HAVE_USELOCALE
-@@ -50,7 +50,7 @@ entry_point (struct __pthread *self, void *(*start_routine)(void *), void *arg)
- __resp = &self->res_state;
- #endif
-
--#if IS_IN (libpthread)
-+#ifdef IS_IN_libpthread
- /* Initialize pointers to locale data. */
- __ctype_init ();
- #endif
-diff --git a/libpthread/pthread/pt-initialize.c b/libpthread/pthread/pt-initialize.c
-index 9e5404b..b9cacbd 100644
---- a/libpthread/pthread/pt-initialize.c
-+++ b/libpthread/pthread/pt-initialize.c
-@@ -28,7 +28,7 @@
-
- DEFINE_HOOK (__pthread_init, (void));
-
--#if IS_IN (libpthread)
-+#ifdef IS_IN_libpthread
- static const struct pthread_functions pthread_functions =
- {
- .ptr_pthread_attr_destroy = __pthread_attr_destroy,
-@@ -81,7 +81,7 @@ static const struct pthread_functions pthread_functions =
- void
- ___pthread_init (void)
- {
--#if IS_IN (libpthread)
-+#ifdef IS_IN_libpthread
- __libc_pthread_init(&pthread_functions);
- #endif
- RUN_HOOK (__pthread_init, ());
-diff --git a/libpthread/pthread/pt-internal.h b/libpthread/pthread/pt-internal.h
-index 18b5b4c..8cdcfce 100644
---- a/libpthread/pthread/pt-internal.h
-+++ b/libpthread/pthread/pt-internal.h
-@@ -35,7 +35,7 @@
- #include <pt-sysdep.h>
- #include <pt-machdep.h>
-
--#if IS_IN (libpthread)
-+#ifdef IS_IN_libpthread
- # include <ldsodefs.h>
- #endif
-
-@@ -60,7 +60,7 @@ enum pthread_state
- # define PTHREAD_SYSDEP_MEMBERS
- #endif
-
--#if !(IS_IN (libpthread))
-+#ifndef IS_IN_libpthread
- #ifdef ENABLE_TLS
- /* Type of the TCB. */
- typedef struct
diff --git a/gnu/packages/patches/libxslt-CVE-2015-7995.patch b/gnu/packages/patches/libxslt-CVE-2015-7995.patch
deleted file mode 100644
index f291d5b387..0000000000
--- a/gnu/packages/patches/libxslt-CVE-2015-7995.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 7ca19df892ca22d9314e95d59ce2abdeff46b617 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Thu, 29 Oct 2015 19:33:23 +0800
-Subject: [PATCH] Fix for type confusion in preprocessing attributes
-
-CVE-2015-7995 http://www.openwall.com/lists/oss-security/2015/10/27/10
-We need to check that the parent node is an element before dereferencing
-its namespace
----
- libxslt/preproc.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/libxslt/preproc.c b/libxslt/preproc.c
-index 0eb80a0..7f69325 100644
---- a/libxslt/preproc.c
-+++ b/libxslt/preproc.c
-@@ -2249,7 +2249,8 @@ xsltStylePreCompute(xsltStylesheetPtr style, xmlNodePtr inst) {
- } else if (IS_XSLT_NAME(inst, "attribute")) {
- xmlNodePtr parent = inst->parent;
-
-- if ((parent == NULL) || (parent->ns == NULL) ||
-+ if ((parent == NULL) ||
-+ (parent->type != XML_ELEMENT_NODE) || (parent->ns == NULL) ||
- ((parent->ns != inst->ns) &&
- (!xmlStrEqual(parent->ns->href, inst->ns->href))) ||
- (!xmlStrEqual(parent->name, BAD_CAST "attribute-set"))) {
---
-2.6.3
-
diff --git a/gnu/packages/patches/libxslt-generated-ids.patch b/gnu/packages/patches/libxslt-generated-ids.patch
new file mode 100644
index 0000000000..4273875c7c
--- /dev/null
+++ b/gnu/packages/patches/libxslt-generated-ids.patch
@@ -0,0 +1,173 @@
+This makes generated IDs deterministic.
+
+Written by Daniel Veillard.
+
+This should be fixed in next release (2.29).
+See https://bugzilla.gnome.org/show_bug.cgi?id=751621.
+
+diff --git a/libxslt/functions.c b/libxslt/functions.c
+index 6448bde..5b00a6d 100644
+--- a/libxslt/functions.c
++++ b/libxslt/functions.c
+@@ -651,6 +651,63 @@ xsltFormatNumberFunction(xmlXPathParserContextPtr ctxt, int nargs)
+ }
+
+ /**
++ * xsltCleanupIds:
++ * @ctxt: the transformation context
++ * @root: the root of the resulting document
++ *
++ * This clean up ids which may have been saved in Element contents
++ * by xsltGenerateIdFunction() to provide stable IDs on elements.
++ *
++ * Returns the number of items cleaned or -1 in case of error
++ */
++int
++xsltCleanupIds(xsltTransformContextPtr ctxt, xmlNodePtr root) {
++ xmlNodePtr cur;
++ int count = 0;
++
++ if ((ctxt == NULL) || (root == NULL))
++ return(-1);
++ if (root->type != XML_ELEMENT_NODE)
++ return(-1);
++
++ cur = root;
++ while (cur != NULL) {
++ if (cur->type == XML_ELEMENT_NODE) {
++ if (cur->content != NULL) {
++ cur->content = NULL;
++ count++;
++ }
++ if (cur->children != NULL) {
++ cur = cur->children;
++ continue;
++ }
++ }
++ if (cur->next != NULL) {
++ cur = cur->next;
++ continue;
++ }
++ do {
++ cur = cur->parent;
++ if (cur == NULL)
++ break;
++ if (cur == (xmlNodePtr) root) {
++ cur = NULL;
++ break;
++ }
++ if (cur->next != NULL) {
++ cur = cur->next;
++ break;
++ }
++ } while (cur != NULL);
++ }
++
++fprintf(stderr, "Attributed %d IDs for element, cleaned up %d\n",
++ ctxt->nextid, count);
++
++ return(count);
++}
++
++/**
+ * xsltGenerateIdFunction:
+ * @ctxt: the XPath Parser context
+ * @nargs: the number of arguments
+@@ -701,7 +758,39 @@ xsltGenerateIdFunction(xmlXPathParserContextPtr ctxt, int nargs){
+ if (obj)
+ xmlXPathFreeObject(obj);
+
+- val = (long)((char *)cur - (char *)&base_address);
++ /*
++ * Try to provide stable ID for generated document:
++ * - usually ID are computed to be placed on elements via attributes
++ * so using the element as the node for the ID
++ * - the cur->content should be a correct placeholder for this, we use
++ * it to hold element node numbers in xmlXPathOrderDocElems to
++ * speed up XPath too
++ * - xsltCleanupIds() clean them up before handing the XSLT output
++ * to the API client.
++ * - other nodes types use the node address method but that should
++ * not end up in resulting document ID
++ * - we can enable this by default without risk of performance issues
++ * only the one pass xsltCleanupIds() is added
++ */
++ if (cur->type == XML_ELEMENT_NODE) {
++ if (cur->content == NULL) {
++ xsltTransformContextPtr tctxt;
++
++ tctxt = xsltXPathGetTransformContext(ctxt);
++ if (tctxt == NULL) {
++ val = (long)((char *)cur - (char *)&base_address);
++ } else {
++ tctxt->nextid++;
++ val = tctxt->nextid;
++ cur->content = (void *) (val);
++ }
++ } else {
++ val = (long) cur->content;
++ }
++ } else {
++ val = (long)((char *)cur - (char *)&base_address);
++ }
++
+ if (val >= 0) {
+ sprintf((char *)str, "idp%ld", val);
+ } else {
+diff --git a/libxslt/functions.h b/libxslt/functions.h
+index e0e0bf9..4a1e163 100644
+--- a/libxslt/functions.h
++++ b/libxslt/functions.h
+@@ -64,6 +64,13 @@ XSLTPUBFUN void XSLTCALL
+ int nargs);
+
+ /*
++ * Cleanup for ID generation
++ */
++XSLTPUBFUN int XSLTCALL
++ xsltCleanupIds (xsltTransformContextPtr ctxt,
++ xmlNodePtr root);
++
++/*
+ * And the registration
+ */
+
+diff --git a/libxslt/transform.c b/libxslt/transform.c
+index 24f9eb2..2bdf6bf 100644
+--- a/libxslt/transform.c
++++ b/libxslt/transform.c
+@@ -700,6 +700,7 @@ xsltNewTransformContext(xsltStylesheetPtr style, xmlDocPtr doc) {
+ cur->traceCode = (unsigned long*) &xsltDefaultTrace;
+ cur->xinclude = xsltGetXIncludeDefault();
+ cur->keyInitLevel = 0;
++ cur->nextid = 0;
+
+ return(cur);
+
+@@ -6092,6 +6093,13 @@ xsltApplyStylesheetInternal(xsltStylesheetPtr style, xmlDocPtr doc,
+ if (root != NULL) {
+ const xmlChar *doctype = NULL;
+
++ /*
++ * cleanup ids which may have been saved in Elements content ptrs
++ */
++ if (ctxt->nextid != 0) {
++ xsltCleanupIds(ctxt, root);
++ }
++
+ if ((root->ns != NULL) && (root->ns->prefix != NULL))
+ doctype = xmlDictQLookup(ctxt->dict, root->ns->prefix, root->name);
+ if (doctype == NULL)
+diff --git a/libxslt/xsltInternals.h b/libxslt/xsltInternals.h
+index 95e8fe6..8eedae4 100644
+--- a/libxslt/xsltInternals.h
++++ b/libxslt/xsltInternals.h
+@@ -1786,6 +1786,8 @@ struct _xsltTransformContext {
+ int funcLevel; /* Needed to catch recursive functions issues */
+ int maxTemplateDepth;
+ int maxTemplateVars;
++
++ unsigned long nextid;/* for generating stable ids */
+ };
+
+ /**
diff --git a/gnu/packages/patches/mit-krb5-CVE-2015-8629.patch b/gnu/packages/patches/mit-krb5-CVE-2015-8629.patch
deleted file mode 100644
index a296d8cb1b..0000000000
--- a/gnu/packages/patches/mit-krb5-CVE-2015-8629.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-Copied from Fedora.
-http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-CVE-2015-8629.patch?h=f22
-
-From df17a1224a3406f57477bcd372c61e04c0e5a5bb Mon Sep 17 00:00:00 2001
-From: Greg Hudson <ghudson@mit.edu>
-Date: Fri, 8 Jan 2016 12:45:25 -0500
-Subject: [PATCH 1/3] Verify decoded kadmin C strings [CVE-2015-8629]
-
-In xdr_nullstring(), check that the decoded string is terminated with
-a zero byte and does not contain any internal zero bytes.
-
-CVE-2015-8629:
-
-In all versions of MIT krb5, an authenticated attacker can cause
-kadmind to read beyond the end of allocated memory by sending a string
-without a terminating zero byte. Information leakage may be possible
-for an attacker with permission to modify the database.
-
- CVSSv2 Vector: AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C
-
-ticket: 8341 (new)
-target_version: 1.14-next
-target_version: 1.13-next
-tags: pullup
----
- src/lib/kadm5/kadm_rpc_xdr.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c
-index 2bef858..ba67084 100644
---- a/src/lib/kadm5/kadm_rpc_xdr.c
-+++ b/src/lib/kadm5/kadm_rpc_xdr.c
-@@ -64,7 +64,14 @@ bool_t xdr_nullstring(XDR *xdrs, char **objp)
- return FALSE;
- }
- }
-- return (xdr_opaque(xdrs, *objp, size));
-+ if (!xdr_opaque(xdrs, *objp, size))
-+ return FALSE;
-+ /* Check that the unmarshalled bytes are a C string. */
-+ if ((*objp)[size - 1] != '\0')
-+ return FALSE;
-+ if (memchr(*objp, '\0', size - 1) != NULL)
-+ return FALSE;
-+ return TRUE;
-
- case XDR_ENCODE:
- if (size != 0)
---
-2.7.0.rc3
-
diff --git a/gnu/packages/patches/mit-krb5-CVE-2015-8630.patch b/gnu/packages/patches/mit-krb5-CVE-2015-8630.patch
deleted file mode 100644
index c21d84b1e7..0000000000
--- a/gnu/packages/patches/mit-krb5-CVE-2015-8630.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-Copied from Fedora.
-http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-CVE-2015-8630.patch?h=f22
-
-From b863de7fbf080b15e347a736fdda0a82d42f4f6b Mon Sep 17 00:00:00 2001
-From: Greg Hudson <ghudson@mit.edu>
-Date: Fri, 8 Jan 2016 12:52:28 -0500
-Subject: [PATCH 2/3] Check for null kadm5 policy name [CVE-2015-8630]
-
-In kadm5_create_principal_3() and kadm5_modify_principal(), check for
-entry->policy being null when KADM5_POLICY is included in the mask.
-
-CVE-2015-8630:
-
-In MIT krb5 1.12 and later, an authenticated attacker with permission
-to modify a principal entry can cause kadmind to dereference a null
-pointer by supplying a null policy value but including KADM5_POLICY in
-the mask.
-
- CVSSv2 Vector: AV:N/AC:H/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C
-
-ticket: 8342 (new)
-target_version: 1.14-next
-target_version: 1.13-next
-tags: pullup
----
- src/lib/kadm5/srv/svr_principal.c | 12 ++++++++----
- 1 file changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
-index 5b95fa3..1d4365c 100644
---- a/src/lib/kadm5/srv/svr_principal.c
-+++ b/src/lib/kadm5/srv/svr_principal.c
-@@ -395,6 +395,8 @@ kadm5_create_principal_3(void *server_handle,
- /*
- * Argument sanity checking, and opening up the DB
- */
-+ if (entry == NULL)
-+ return EINVAL;
- if(!(mask & KADM5_PRINCIPAL) || (mask & KADM5_MOD_NAME) ||
- (mask & KADM5_MOD_TIME) || (mask & KADM5_LAST_PWD_CHANGE) ||
- (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) ||
-@@ -403,12 +405,12 @@ kadm5_create_principal_3(void *server_handle,
- return KADM5_BAD_MASK;
- if ((mask & KADM5_KEY_DATA) && entry->n_key_data != 0)
- return KADM5_BAD_MASK;
-+ if((mask & KADM5_POLICY) && entry->policy == NULL)
-+ return KADM5_BAD_MASK;
- if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR))
- return KADM5_BAD_MASK;
- if((mask & ~ALL_PRINC_MASK))
- return KADM5_BAD_MASK;
-- if (entry == NULL)
-- return EINVAL;
-
- /*
- * Check to see if the principal exists
-@@ -643,6 +645,8 @@ kadm5_modify_principal(void *server_handle,
-
- krb5_clear_error_message(handle->context);
-
-+ if(entry == NULL)
-+ return EINVAL;
- if((mask & KADM5_PRINCIPAL) || (mask & KADM5_LAST_PWD_CHANGE) ||
- (mask & KADM5_MOD_TIME) || (mask & KADM5_MOD_NAME) ||
- (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) ||
-@@ -651,10 +655,10 @@ kadm5_modify_principal(void *server_handle,
- return KADM5_BAD_MASK;
- if((mask & ~ALL_PRINC_MASK))
- return KADM5_BAD_MASK;
-+ if((mask & KADM5_POLICY) && entry->policy == NULL)
-+ return KADM5_BAD_MASK;
- if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR))
- return KADM5_BAD_MASK;
-- if(entry == (kadm5_principal_ent_t) NULL)
-- return EINVAL;
- if (mask & KADM5_TL_DATA) {
- tl_data_orig = entry->tl_data;
- while (tl_data_orig) {
---
-2.7.0.rc3
-
diff --git a/gnu/packages/patches/mit-krb5-CVE-2015-8631.patch b/gnu/packages/patches/mit-krb5-CVE-2015-8631.patch
deleted file mode 100644
index dd1eb2945c..0000000000
--- a/gnu/packages/patches/mit-krb5-CVE-2015-8631.patch
+++ /dev/null
@@ -1,576 +0,0 @@
-Copied from Fedora.
-http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-CVE-2015-8631.patch?h=f22
-
-From 83ed75feba32e46f736fcce0d96a0445f29b96c2 Mon Sep 17 00:00:00 2001
-From: Greg Hudson <ghudson@mit.edu>
-Date: Fri, 8 Jan 2016 13:16:54 -0500
-Subject: [PATCH 3/3] Fix leaks in kadmin server stubs [CVE-2015-8631]
-
-In each kadmind server stub, initialize the client_name and
-server_name variables, and release them in the cleanup handler. Many
-of the stubs will otherwise leak the client and server name if
-krb5_unparse_name() fails. Also make sure to free the prime_arg
-variables in rename_principal_2_svc(), or we can leak the first one if
-unparsing the second one fails. Discovered by Simo Sorce.
-
-CVE-2015-8631:
-
-In all versions of MIT krb5, an authenticated attacker can cause
-kadmind to leak memory by supplying a null principal name in a request
-which uses one. Repeating these requests will eventually cause
-kadmind to exhaust all available memory.
-
- CVSSv2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C
-
-ticket: 8343 (new)
-target_version: 1.14-next
-target_version: 1.13-next
-tags: pullup
----
- src/kadmin/server/server_stubs.c | 151 ++++++++++++++++++++-------------------
- 1 file changed, 77 insertions(+), 74 deletions(-)
-
-diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c
-index 1879dc6..6ac797e 100644
---- a/src/kadmin/server/server_stubs.c
-+++ b/src/kadmin/server/server_stubs.c
-@@ -334,7 +334,8 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name, service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- restriction_t *rp;
-@@ -382,10 +383,10 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp)
- krb5_free_error_message(handle->context, errmsg);
- }
- free(prime_arg);
-- gss_release_buffer(&minor_stat, &client_name);
-- gss_release_buffer(&minor_stat, &service_name);
-
- exit_func:
-+ gss_release_buffer(&minor_stat, &client_name);
-+ gss_release_buffer(&minor_stat, &service_name);
- free_server_handle(handle);
- return &ret;
- }
-@@ -395,7 +396,8 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name, service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- restriction_t *rp;
-@@ -444,10 +446,10 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp)
- krb5_free_error_message(handle->context, errmsg);
- }
- free(prime_arg);
-- gss_release_buffer(&minor_stat, &client_name);
-- gss_release_buffer(&minor_stat, &service_name);
-
- exit_func:
-+ gss_release_buffer(&minor_stat, &client_name);
-+ gss_release_buffer(&minor_stat, &service_name);
- free_server_handle(handle);
- return &ret;
- }
-@@ -457,8 +459,8 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -501,10 +503,10 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp)
-
- }
- free(prime_arg);
-- gss_release_buffer(&minor_stat, &client_name);
-- gss_release_buffer(&minor_stat, &service_name);
-
- exit_func:
-+ gss_release_buffer(&minor_stat, &client_name);
-+ gss_release_buffer(&minor_stat, &service_name);
- free_server_handle(handle);
- return &ret;
- }
-@@ -514,8 +516,8 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- restriction_t *rp;
-@@ -559,9 +561,9 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp)
- krb5_free_error_message(handle->context, errmsg);
- }
- free(prime_arg);
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -570,10 +572,9 @@ generic_ret *
- rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
-- char *prime_arg1,
-- *prime_arg2;
-- gss_buffer_desc client_name,
-- service_name;
-+ char *prime_arg1 = NULL, *prime_arg2 = NULL;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- restriction_t *rp;
-@@ -655,11 +656,11 @@ rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp)
- krb5_free_error_message(handle->context, errmsg);
-
- }
-+exit_func:
- free(prime_arg1);
- free(prime_arg2);
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -669,8 +670,8 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
- {
- static gprinc_ret ret;
- char *prime_arg, *funcname;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -719,9 +720,9 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
- krb5_free_error_message(handle->context, errmsg);
- }
- free(prime_arg);
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -731,8 +732,8 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp)
- {
- static gprincs_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -777,9 +778,9 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp)
- krb5_free_error_message(handle->context, errmsg);
-
- }
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -789,8 +790,8 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -840,9 +841,9 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp)
- }
-
- free(prime_arg);
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -852,8 +853,8 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -909,9 +910,9 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp)
- }
-
- free(prime_arg);
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -921,8 +922,8 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -969,9 +970,9 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp)
- }
-
- free(prime_arg);
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -981,8 +982,8 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -1029,9 +1030,9 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp)
- }
-
- free(prime_arg);
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -1041,8 +1042,8 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -1092,9 +1093,9 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp)
- }
-
- free(prime_arg);
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -1106,8 +1107,8 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp)
- krb5_keyblock *k;
- int nkeys;
- char *prime_arg, *funcname;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -1164,9 +1165,9 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp)
- krb5_free_error_message(handle->context, errmsg);
- }
- free(prime_arg);
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -1178,8 +1179,8 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp)
- krb5_keyblock *k;
- int nkeys;
- char *prime_arg, *funcname;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -1241,9 +1242,9 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp)
- krb5_free_error_message(handle->context, errmsg);
- }
- free(prime_arg);
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -1253,8 +1254,8 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -1295,9 +1296,9 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp)
- if (errmsg != NULL)
- krb5_free_error_message(handle->context, errmsg);
- }
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -1307,8 +1308,8 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -1347,9 +1348,9 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp)
- if (errmsg != NULL)
- krb5_free_error_message(handle->context, errmsg);
- }
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -1359,8 +1360,8 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -1400,9 +1401,9 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp)
- if (errmsg != NULL)
- krb5_free_error_message(handle->context, errmsg);
- }
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -1413,8 +1414,8 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp)
- static gpol_ret ret;
- kadm5_ret_t ret2;
- char *prime_arg, *funcname;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_principal_ent_rec caller_ent;
- kadm5_server_handle_t handle;
-@@ -1475,9 +1476,9 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp)
- log_unauth(funcname, prime_arg,
- &client_name, &service_name, rqstp);
- }
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
-
-@@ -1488,8 +1489,8 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp)
- {
- static gpols_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -1531,9 +1532,9 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp)
- if (errmsg != NULL)
- krb5_free_error_message(handle->context, errmsg);
- }
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -1541,7 +1542,8 @@ exit_func:
- getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
- {
- static getprivs_ret ret;
-- gss_buffer_desc client_name, service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -1571,9 +1573,9 @@ getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
- if (errmsg != NULL)
- krb5_free_error_message(handle->context, errmsg);
-
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -1583,7 +1585,8 @@ purgekeys_2_svc(purgekeys_arg *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
- char *prime_arg, *funcname;
-- gss_buffer_desc client_name, service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
-
-@@ -1629,9 +1632,9 @@ purgekeys_2_svc(purgekeys_arg *arg, struct svc_req *rqstp)
- krb5_free_error_message(handle->context, errmsg);
- }
- free(prime_arg);
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -1641,8 +1644,8 @@ get_strings_2_svc(gstrings_arg *arg, struct svc_req *rqstp)
- {
- static gstrings_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -1688,9 +1691,9 @@ get_strings_2_svc(gstrings_arg *arg, struct svc_req *rqstp)
- krb5_free_error_message(handle->context, errmsg);
- }
- free(prime_arg);
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -1700,8 +1703,8 @@ set_string_2_svc(sstring_arg *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
- char *prime_arg;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- OM_uint32 minor_stat;
- kadm5_server_handle_t handle;
- const char *errmsg = NULL;
-@@ -1744,9 +1747,9 @@ set_string_2_svc(sstring_arg *arg, struct svc_req *rqstp)
- krb5_free_error_message(handle->context, errmsg);
- }
- free(prime_arg);
-+exit_func:
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
--exit_func:
- free_server_handle(handle);
- return &ret;
- }
-@@ -1754,8 +1757,8 @@ exit_func:
- generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
- {
- static generic_ret ret;
-- gss_buffer_desc client_name,
-- service_name;
-+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
-+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
- kadm5_server_handle_t handle;
- OM_uint32 minor_stat;
- const char *errmsg = NULL;
-@@ -1797,10 +1800,10 @@ generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
- rqstp->rq_cred.oa_flavor);
- if (errmsg != NULL)
- krb5_free_error_message(NULL, errmsg);
-- gss_release_buffer(&minor_stat, &client_name);
-- gss_release_buffer(&minor_stat, &service_name);
-
- exit_func:
-+ gss_release_buffer(&minor_stat, &client_name);
-+ gss_release_buffer(&minor_stat, &service_name);
- return(&ret);
- }
-
---
-2.7.0.rc3
-
diff --git a/gnu/packages/patches/mit-krb5-init-context-null-spnego.patch b/gnu/packages/patches/mit-krb5-init-context-null-spnego.patch
deleted file mode 100644
index 195db38d08..0000000000
--- a/gnu/packages/patches/mit-krb5-init-context-null-spnego.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-Copied from Fedora.
-http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-init_context_null_spnego.patch?h=f22
-
-From 3beb564cea3d219efcf71682b6576cad548c2d23 Mon Sep 17 00:00:00 2001
-From: Simo Sorce <simo@redhat.com>
-Date: Tue, 5 Jan 2016 12:11:59 -0500
-Subject: [PATCH] Check internal context on init context errors
-
-If the mechanism deletes the internal context handle on error, the
-mechglue must do the same with the union context, to avoid crashes if
-the application calls other functions with this invalid union context.
-
-[ghudson@mit.edu: edit commit message and code comment]
-
-ticket: 8337 (new)
-target_version: 1.14-next
-target_version: 1.13-next
-tags: pullup
----
- src/lib/gssapi/mechglue/g_init_sec_context.c | 11 +++++++----
- 1 file changed, 7 insertions(+), 4 deletions(-)
-
-diff --git a/src/lib/gssapi/mechglue/g_init_sec_context.c b/src/lib/gssapi/mechglue/g_init_sec_context.c
-index aaae767..9f154b8 100644
---- a/src/lib/gssapi/mechglue/g_init_sec_context.c
-+++ b/src/lib/gssapi/mechglue/g_init_sec_context.c
-@@ -224,12 +224,15 @@ OM_uint32 * time_rec;
-
- if (status != GSS_S_COMPLETE && status != GSS_S_CONTINUE_NEEDED) {
- /*
-- * the spec says (the preferred) method is to delete all
-- * context info on the first call to init, and on all
-- * subsequent calls make the caller responsible for
-- * calling gss_delete_sec_context
-+ * The spec says the preferred method is to delete all context info on
-+ * the first call to init, and on all subsequent calls make the caller
-+ * responsible for calling gss_delete_sec_context. However, if the
-+ * mechanism decided to delete the internal context, we should also
-+ * delete the union context.
- */
- map_error(minor_status, mech);
-+ if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT)
-+ *context_handle = GSS_C_NO_CONTEXT;
- if (*context_handle == GSS_C_NO_CONTEXT) {
- free(union_ctx_id->mech_type->elements);
- free(union_ctx_id->mech_type);
---
-2.6.4
-
diff --git a/gnu/packages/patches/procps-non-linux.patch b/gnu/packages/patches/procps-non-linux.patch
new file mode 100644
index 0000000000..9d369aeb2c
--- /dev/null
+++ b/gnu/packages/patches/procps-non-linux.patch
@@ -0,0 +1,40 @@
+From aa9bd38d0a6fe53aff7f78fb2d9f61e55677c7b5 Mon Sep 17 00:00:00 2001
+From: Craig Small <csmall@enc.com.au>
+Date: Sun, 17 Apr 2016 09:09:41 +1000
+Subject: [PATCH] tests: Conditionally add prctl to test process
+
+prctl was already bypassed on Cygwin systems. This extends to
+non-Linux systems such as kFreeBSD and Hurd.
+
+---
+ lib/test_process.c | 4 ++--
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/lib/test_process.c b/lib/test_process.c
+index 6e652ed..6a4776c 100644
+--- a/lib/test_process.c
++++ b/lib/test_process.c
+@@ -21,7 +21,9 @@
+ #include <stdlib.h>
+ #include <unistd.h>
+ #include <signal.h>
++#ifdef __linux__
+ #include <sys/prctl.h>
++#endif
+ #include "c.h"
+
+ #define DEFAULT_SLEEPTIME 300
+@@ -78,8 +80,10 @@
+ sigaction(SIGUSR1, &signal_action, NULL);
+ sigaction(SIGUSR2, &signal_action, NULL);
+
++#ifdef __linux__
+ /* set process name */
+ prctl(PR_SET_NAME, MY_NAME, NULL, NULL, NULL);
++#endif
+
+ while (sleep_time > 0) {
+ sleep_time = sleep(sleep_time);
+--
+2.8.2
+
diff --git a/gnu/packages/patches/tar-d_ino_in_dirent-fix.patch b/gnu/packages/patches/tar-d_ino_in_dirent-fix.patch
deleted file mode 100644
index 39d8e2b20a..0000000000
--- a/gnu/packages/patches/tar-d_ino_in_dirent-fix.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-commit e9ddc08da0982f36581ae5a8c7763453ff41cfe8
-Author: Sergey Poznyakoff <gray@gnu.org>
-Date: Thu Sep 25 00:22:16 2014 +0300
-
- Bugfixes.
-
- * doc/tar.1: Fix typo in font spec.
- * src/tar.c (sort_mode_arg, sort_mode_flag): Protect "inode"
- (SAVEDIR_SORT_INODE) with D_INO_IN_DIRENT
-
-diff --git a/src/tar.c b/src/tar.c
-index 225c624..f8102e0 100644
---- a/src/tar.c
-+++ b/src/tar.c
-@@ -1341,14 +1341,18 @@ static char filename_terminator;
- static char const *const sort_mode_arg[] = {
- "none",
- "name",
-+#if D_INO_IN_DIRENT
- "inode",
-+#endif
- NULL
- };
-
- static int sort_mode_flag[] = {
- SAVEDIR_SORT_NONE,
- SAVEDIR_SORT_NAME,
-+#if D_INO_IN_DIRENT
- SAVEDIR_SORT_INODE
-+#endif
- };
-
- ARGMATCH_VERIFY (sort_mode_arg, sort_mode_flag); \ No newline at end of file