aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/hubbub-sort-entities.patch13
-rw-r--r--gnu/packages/patches/netsurf-about.patch26
-rw-r--r--gnu/packages/patches/netsurf-longer-test-timeout.patch20
-rw-r--r--gnu/packages/patches/netsurf-system-utf8proc.patch64
-rw-r--r--gnu/packages/patches/netsurf-y2038-tests.patch25
-rw-r--r--gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch33
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5667.patch46
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5898.patch44
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5931.patch55
-rw-r--r--gnu/packages/patches/screen-CVE-2017-5618.patch40
-rw-r--r--gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch31
-rw-r--r--gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch22
-rw-r--r--gnu/packages/patches/spice-CVE-2016-9577.patch33
-rw-r--r--gnu/packages/patches/spice-CVE-2016-9578-1.patch33
-rw-r--r--gnu/packages/patches/spice-CVE-2016-9578-2.patch38
-rw-r--r--gnu/packages/patches/vdirsyncer-test-suite-slow-machines.patch42
-rw-r--r--gnu/packages/patches/vim-CVE-2017-5953.patch24
17 files changed, 537 insertions, 52 deletions
diff --git a/gnu/packages/patches/hubbub-sort-entities.patch b/gnu/packages/patches/hubbub-sort-entities.patch
new file mode 100644
index 0000000000..012e3c3022
--- /dev/null
+++ b/gnu/packages/patches/hubbub-sort-entities.patch
@@ -0,0 +1,13 @@
+Traverse the entities hash's keys in sorted order to ensure reproducibility.
+
+--- libhubbub-0.3.3/build/make-entities.pl
++++ libhubbub-0.3.3/build/make-entities.pl
+@@ -86,7 +86,7 @@
+
+ my $trie;
+
+-foreach my $key (keys %entities) {
++foreach my $key (sort keys %entities) {
+ $trie = insert_node($trie, $key, $entities{$key});
+ }
+
diff --git a/gnu/packages/patches/netsurf-about.patch b/gnu/packages/patches/netsurf-about.patch
deleted file mode 100644
index 1fb8eae824..0000000000
--- a/gnu/packages/patches/netsurf-about.patch
+++ /dev/null
@@ -1,26 +0,0 @@
---- netsurf-all-3.5/netsurf/gtk/about.c
-+++ netsurf-all-3.5/netsurf/gtk/about.c
-@@ -79,11 +79,11 @@
- switch (response_id) {
-
- case ABOUT_RESPONSE_ID_LICENCE:
-- about_open("about:credits");
-+ about_open("about:licence");
- break;
-
- case ABOUT_RESPONSE_ID_CREDITS:
-- about_open("about:licence");
-+ about_open("about:credits");
- break;
- }
-
---- netsurf-all-3.5/netsurf/desktop/version.c
-+++ netsurf-all-3.5/netsurf/desktop/version.c
-@@ -20,6 +20,6 @@
-
- #include "desktop/version.h"
-
--const char * const netsurf_version = "3.5 (6th April 1016)";
-+const char * const netsurf_version = "3.5 (6th April 2016)";
- const int netsurf_version_major = 3;
- const int netsurf_version_minor = 5;
diff --git a/gnu/packages/patches/netsurf-longer-test-timeout.patch b/gnu/packages/patches/netsurf-longer-test-timeout.patch
new file mode 100644
index 0000000000..4dd5a8539f
--- /dev/null
+++ b/gnu/packages/patches/netsurf-longer-test-timeout.patch
@@ -0,0 +1,20 @@
+Increase the timeout on dictionary tests to accommodate slower machines.
+
+--- netsurf-3.6/test/hashtable.c
++++ netsurf-3.6/test/hashtable.c
+@@ -286,6 +286,7 @@
+ tcase_add_checked_fixture(tc_dict_s,
+ dicts_hashtable_create,
+ dict_hashtable_teardown);
++ tcase_set_timeout(tc_dict_s, 30);
+
+ tcase_add_test(tc_dict_s, hashtable_dict_test);
+
+@@ -297,6 +298,7 @@
+ tcase_add_checked_fixture(tc_dict_l,
+ dictl_hashtable_create,
+ dict_hashtable_teardown);
++ tcase_set_timeout(tc_dict_l, 30);
+
+ tcase_add_test(tc_dict_l, hashtable_dict_test);
+
diff --git a/gnu/packages/patches/netsurf-system-utf8proc.patch b/gnu/packages/patches/netsurf-system-utf8proc.patch
new file mode 100644
index 0000000000..254bf52c93
--- /dev/null
+++ b/gnu/packages/patches/netsurf-system-utf8proc.patch
@@ -0,0 +1,64 @@
+Use upstream utf8proc package, as suggested in
+http://source.netsurf-browser.org/libutf8proc.git/commit/?id=770e329cceaf0620c7b482589a9b17ed1d19c16d
+
+Work around upstream's lack of a pkg-config file and update API.
+
+--- netsurf-3.6/Makefile
++++ netsurf-3.6/Makefile
+@@ -527,10 +527,9 @@
+ $(eval $(call pkg_config_find_and_add,libcss,CSS))
+ $(eval $(call pkg_config_find_and_add,libdom,DOM))
+ $(eval $(call pkg_config_find_and_add,libnsutils,nsutils))
+-$(eval $(call pkg_config_find_and_add,libutf8proc,utf8proc))
+
+ # Common libraries without pkg-config support
+-LDFLAGS += -lz
++LDFLAGS += -lz -lutf8proc
+
+ # Optional libraries with pkgconfig
+
+--- netsurf-3.6/utils/idna.c
++++ netsurf-3.6/utils/idna.c
+@@ -26,7 +26,7 @@
+ #include <stdint.h>
+ #include <stdlib.h>
+ #include <string.h>
+-#include <libutf8proc/utf8proc.h>
++#include <utf8proc.h>
+
+ #include "utils/errors.h"
+ #include "utils/idna.h"
+@@ -250,7 +250,7 @@
+ return NSERROR_NOMEM;
+ }
+
+- nfc_size = utf8proc_normalise(nfc_label, nfc_size,
++ nfc_size = utf8proc_normalize_utf32(nfc_label, nfc_size,
+ UTF8PROC_STABLE | UTF8PROC_COMPOSE);
+ if (nfc_size < 0) {
+ return NSERROR_NOMEM;
+@@ -565,7 +565,7 @@
+ }
+
+ /* Perform NFC normalisation */
+- ucs4_len = utf8proc_normalise(ucs4, u_ucs4_len,
++ ucs4_len = utf8proc_normalize_utf32(ucs4, u_ucs4_len,
+ UTF8PROC_STABLE | UTF8PROC_COMPOSE);
+ if (ucs4_len < 0) {
+ free(ucs4);
+--- netsurf-3.6/test/Makefile
++++ netsurf-3.6/test/Makefile
+@@ -112,11 +112,11 @@
+ -D_XOPEN_SOURCE=600 \
+ -Itest -Iinclude -Icontent/handlers -Ifrontends -I. -I.. \
+ -Dnsgtk \
+- $(shell pkg-config --cflags libcurl libparserutils libwapcaplet libdom libnsutils libutf8proc libidn) \
++ $(shell pkg-config --cflags libcurl libparserutils libwapcaplet libdom libnsutils libidn) \
+ $(LIB_CFLAGS) \
+ $(COV_CFLAGS)
+
+-TESTLDFLAGS := $(shell pkg-config --libs libcurl libparserutils libwapcaplet libdom libnsutils libutf8proc libidn) -lz \
++TESTLDFLAGS := $(shell pkg-config --libs libcurl libparserutils libwapcaplet libdom libnsutils libidn) -lz -lutf8proc \
+ $(LIB_LDFLAGS)\
+ $(COV_LDFLAGS)
+
diff --git a/gnu/packages/patches/netsurf-y2038-tests.patch b/gnu/packages/patches/netsurf-y2038-tests.patch
new file mode 100644
index 0000000000..407a5277c8
--- /dev/null
+++ b/gnu/packages/patches/netsurf-y2038-tests.patch
@@ -0,0 +1,25 @@
+These two test cases fail for us on i686.
+
+See https://en.wikipedia.org/wiki/Year_2038_problem
+
+--- netsurf-3.6/test/time.c
++++ netsurf-3.6/test/time.c
+@@ -77,18 +77,10 @@
+ .expected = "Tue, 12 Jun 2001 12:12:12 GMT"
+ },
+ {
+- .test = "Thu, 16 Jul 2207 12:45:12 GMT",
+- .expected = "Thu, 16 Jul 2207 12:45:12 GMT"
+- },
+- {
+ .test = "Thu, 16 Aug 2007 19:45:12 GMT",
+ .expected = "Thu, 16 Aug 2007 19:45:12 GMT"
+ },
+ {
+- .test = "Tue, 16 Sep 3456 00:45:12 GMT",
+- .expected = "Tue, 16 Sep 3456 00:45:12 GMT"
+- },
+- {
+ .test = "Sun, 16 Oct 1988 19:45:59 GMT",
+ .expected = "Sun, 16 Oct 1988 19:45:59 GMT"
+ },
diff --git a/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch b/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch
index 6edd676e38..83c9dbb3d4 100644
--- a/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch
+++ b/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch
@@ -2,25 +2,26 @@ Fix CVE-2017-0358:
http://seclists.org/oss-sec/2017/q1/259
This patch was copied from the above URL.
-diff -ur ntfs-3g.old/src/lowntfs-3g.c ntfs-3g/src/lowntfs-3g.c
---- ntfs-3g.old/src/lowntfs-3g.c 2017-02-09 15:01:04.074331542 -0500
-+++ ntfs-3g/src/lowntfs-3g.c 2017-02-09 15:06:35.757580937 -0500
-@@ -3827,13 +3827,14 @@
- struct stat st;
- pid_t pid;
- const char *cmd = "/sbin/modprobe";
+diff --git a/src/lowntfs-3g.c b/src/lowntfs-3g.c
+index 0bb38f9..c6d1dad 100644
+--- a/src/lowntfs-3g.c
++++ b/src/lowntfs-3g.c
+@@ -3827,13 +3827,14 @@ static fuse_fstype load_fuse_module(void)
+ struct stat st;
+ pid_t pid;
+ const char *cmd = "/sbin/modprobe";
+ char *env = (char*)NULL;
- struct timespec req = { 0, 100000000 }; /* 100 msec */
- fuse_fstype fstype;
-
- if (!stat(cmd, &st) && !geteuid()) {
- pid = fork();
- if (!pid) {
+ struct timespec req = { 0, 100000000 }; /* 100 msec */
+ fuse_fstype fstype;
+
+ if (!stat(cmd, &st) && !geteuid()) {
+ pid = fork();
+ if (!pid) {
- execl(cmd, cmd, "fuse", NULL);
+ execle(cmd, cmd, "fuse", NULL, &env);
- _exit(1);
- } else if (pid != -1)
- waitpid(pid, NULL, 0);
+ _exit(1);
+ } else if (pid != -1)
+ waitpid(pid, NULL, 0);
diff -ur ntfs-3g.old/src/ntfs-3g.c ntfs-3g/src/ntfs-3g.c
--- ntfs-3g.old/src/ntfs-3g.c 2017-02-09 15:01:04.074331542 -0500
+++ ntfs-3g/src/ntfs-3g.c 2017-02-09 15:06:26.077252571 -0500
diff --git a/gnu/packages/patches/qemu-CVE-2017-5667.patch b/gnu/packages/patches/qemu-CVE-2017-5667.patch
new file mode 100644
index 0000000000..5adea0d278
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5667.patch
@@ -0,0 +1,46 @@
+Fix CVE-2017-5667 (sdhci OOB access during multi block SDMA transfer):
+
+http://seclists.org/oss-sec/2017/q1/243
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5667
+
+Patch copied from upstream source repository:
+
+http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=42922105beb14c2fc58185ea022b9f72fb5465e9
+
+From 42922105beb14c2fc58185ea022b9f72fb5465e9 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Tue, 7 Feb 2017 18:29:59 +0000
+Subject: [PATCH] sd: sdhci: check data length during dma_memory_read
+
+While doing multi block SDMA transfer in routine
+'sdhci_sdma_transfer_multi_blocks', the 's->fifo_buffer' starting
+index 'begin' and data length 's->data_count' could end up to be same.
+This could lead to an OOB access issue. Correct transfer data length
+to avoid it.
+
+Cc: qemu-stable@nongnu.org
+Reported-by: Jiang Xin <jiangxin1@huawei.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Message-id: 20170130064736.9236-1-ppandit@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ hw/sd/sdhci.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
+index 01fbf228be..5bd5ab6319 100644
+--- a/hw/sd/sdhci.c
++++ b/hw/sd/sdhci.c
+@@ -536,7 +536,7 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
+ boundary_count -= block_size - begin;
+ }
+ dma_memory_read(&address_space_memory, s->sdmasysad,
+- &s->fifo_buffer[begin], s->data_count);
++ &s->fifo_buffer[begin], s->data_count - begin);
+ s->sdmasysad += s->data_count - begin;
+ if (s->data_count == block_size) {
+ for (n = 0; n < block_size; n++) {
+--
+2.11.1
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5898.patch b/gnu/packages/patches/qemu-CVE-2017-5898.patch
new file mode 100644
index 0000000000..5a94bb1ae4
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5898.patch
@@ -0,0 +1,44 @@
+Fix CVE-2017-5898 (integer overflow in emulated_apdu_from_guest):
+
+http://seclists.org/oss-sec/2017/q1/328
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5898
+
+Patch copied from upstream source repository:
+
+http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=c7dfbf322595ded4e70b626bf83158a9f3807c6a
+
+From c7dfbf322595ded4e70b626bf83158a9f3807c6a Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Fri, 3 Feb 2017 00:52:28 +0530
+Subject: [PATCH] usb: ccid: check ccid apdu length
+
+CCID device emulator uses Application Protocol Data Units(APDU)
+to exchange command and responses to and from the host.
+The length in these units couldn't be greater than 65536. Add
+check to ensure the same. It'd also avoid potential integer
+overflow in emulated_apdu_from_guest.
+
+Reported-by: Li Qiang <liqiang6-s@360.cn>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-id: 20170202192228.10847-1-ppandit@redhat.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/usb/dev-smartcard-reader.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c
+index 89e11b68c4..1325ea1659 100644
+--- a/hw/usb/dev-smartcard-reader.c
++++ b/hw/usb/dev-smartcard-reader.c
+@@ -967,7 +967,7 @@ static void ccid_on_apdu_from_guest(USBCCIDState *s, CCID_XferBlock *recv)
+ DPRINTF(s, 1, "%s: seq %d, len %d\n", __func__,
+ recv->hdr.bSeq, len);
+ ccid_add_pending_answer(s, (CCID_Header *)recv);
+- if (s->card) {
++ if (s->card && len <= BULK_OUT_DATA_SIZE) {
+ ccid_card_apdu_from_guest(s->card, recv->abData, len);
+ } else {
+ DPRINTF(s, D_WARN, "warning: discarded apdu\n");
+--
+2.11.1
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5931.patch b/gnu/packages/patches/qemu-CVE-2017-5931.patch
new file mode 100644
index 0000000000..08910e5fac
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5931.patch
@@ -0,0 +1,55 @@
+Fix CVE-2017-5931 (integer overflow in handling virtio-crypto requests):
+
+http://seclists.org/oss-sec/2017/q1/337
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5931
+
+Patch copied from upstream source repository:
+
+http://git.qemu-project.org/?p=qemu.git;a=commit;h=a08aaff811fb194950f79711d2afe5a892ae03a4
+
+From a08aaff811fb194950f79711d2afe5a892ae03a4 Mon Sep 17 00:00:00 2001
+From: Gonglei <arei.gonglei@huawei.com>
+Date: Tue, 3 Jan 2017 14:50:03 +0800
+Subject: [PATCH] virtio-crypto: fix possible integer and heap overflow
+
+Because the 'size_t' type is 4 bytes in 32-bit platform, which
+is the same with 'int'. It's easy to make 'max_len' to zero when
+integer overflow and then cause heap overflow if 'max_len' is zero.
+
+Using uint_64 instead of size_t to avoid the integer overflow.
+
+Cc: qemu-stable@nongnu.org
+Reported-by: Li Qiang <liqiang6-s@360.cn>
+Signed-off-by: Gonglei <arei.gonglei@huawei.com>
+Tested-by: Li Qiang <liqiang6-s@360.cn>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+---
+ hw/virtio/virtio-crypto.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
+index 2f2467e859..c23e1ad458 100644
+--- a/hw/virtio/virtio-crypto.c
++++ b/hw/virtio/virtio-crypto.c
+@@ -416,7 +416,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
+ uint32_t hash_start_src_offset = 0, len_to_hash = 0;
+ uint32_t cipher_start_src_offset = 0, len_to_cipher = 0;
+
+- size_t max_len, curr_size = 0;
++ uint64_t max_len, curr_size = 0;
+ size_t s;
+
+ /* Plain cipher */
+@@ -441,7 +441,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
+ return NULL;
+ }
+
+- max_len = iv_len + aad_len + src_len + dst_len + hash_result_len;
++ max_len = (uint64_t)iv_len + aad_len + src_len + dst_len + hash_result_len;
+ if (unlikely(max_len > vcrypto->conf.max_size)) {
+ virtio_error(vdev, "virtio-crypto too big length");
+ return NULL;
+--
+2.11.1
+
diff --git a/gnu/packages/patches/screen-CVE-2017-5618.patch b/gnu/packages/patches/screen-CVE-2017-5618.patch
new file mode 100644
index 0000000000..1b95e428c8
--- /dev/null
+++ b/gnu/packages/patches/screen-CVE-2017-5618.patch
@@ -0,0 +1,40 @@
+Fixes CVE-2017-5618 (privilege escalation via opening the logfile when
+screen is installed setuid root):
+
+https://savannah.gnu.org/bugs/?50142
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5618
+
+This patch reverts the upstream commit that introduced the bug:
+
+https://git.savannah.gnu.org/cgit/screen.git/commit/?id=5460f5d28c01a9a58e021eb1dffef2965e629d58
+
+From f55b0cc29a0ac2a1c54e8a5e886b7393edd4a76c Mon Sep 17 00:00:00 2001
+From: Leo Famulari <leo@famulari.name>
+Date: Sat, 11 Feb 2017 22:40:24 -0500
+Subject: [PATCH] Revert "adding permissions check for the logfile name"
+
+This reverts commit 5460f5d28c01a9a58e021eb1dffef2965e629d58.
+---
+ src/screen.c | 6 ------
+ 1 file changed, 6 deletions(-)
+
+diff --git a/src/screen.c b/src/screen.c
+index 64650e9..283c305 100644
+--- a/src/screen.c
++++ b/src/screen.c
+@@ -673,12 +673,6 @@ int main(int ac, char** av)
+ Panic(0, "-L: logfile name can not start with \"-\" symbol");
+ if (strlen(screenlogfile) > PATH_MAX)
+ Panic(0, "-L: logfile name too long. (max. %d char)", PATH_MAX);
+-
+- FILE *w_check;
+- if ((w_check = fopen(screenlogfile, "w")) == NULL)
+- Panic(0, "-L: logfile name access problem");
+- else
+- fclose(w_check);
+ }
+ nwin_options.Lflag = 1;
+ break;
+--
+2.11.1
+
diff --git a/gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch b/gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch
new file mode 100644
index 0000000000..3f357c4924
--- /dev/null
+++ b/gnu/packages/patches/shadow-4.4-su-snprintf-fix.patch
@@ -0,0 +1,31 @@
+Patch copied from upstream source repository:
+
+https://github.com/shadow-maint/shadow/commit/67d2bb6e0a5ac124ce1f026dd5723217b1493194
+
+From 67d2bb6e0a5ac124ce1f026dd5723217b1493194 Mon Sep 17 00:00:00 2001
+From: Serge Hallyn <serge@hallyn.com>
+Date: Sun, 18 Sep 2016 21:31:18 -0500
+Subject: [PATCH] su.c: fix missing length argument to snprintf
+
+---
+ src/su.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/su.c b/src/su.c
+index 0c50a9456afd..93ffd2fbe2b4 100644
+--- a/src/su.c
++++ b/src/su.c
+@@ -373,8 +373,8 @@ static void prepare_pam_close_session (void)
+ stderr);
+ (void) kill (-pid_child, caught);
+
+- snprintf (kill_msg, _(" ...killed.\n"));
+- snprintf (wait_msg, _(" ...waiting for child to terminate.\n"));
++ snprintf (kill_msg, 256, _(" ...killed.\n"));
++ snprintf (wait_msg, 256, _(" ...waiting for child to terminate.\n"));
+
+ (void) signal (SIGALRM, kill_child);
+ (void) alarm (2);
+--
+2.11.0.rc2
+
diff --git a/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch b/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch
index b63d5bb018..4092261f75 100644
--- a/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch
+++ b/gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch
@@ -1,19 +1,19 @@
-From 53eda9102b969a4be2882cea4befee03591a7436 Mon Sep 17 00:00:00 2001
-From: Pjotr Prins <pjotr.public01@thebird.nl>
-Date: Fri, 12 Feb 2016 12:43:33 +0100
-Subject: [PATCH] Remove contribs
+From 49d83e24a8e66977056fc9920812265c16806500 Mon Sep 17 00:00:00 2001
+From: carolili <carolili@iki.fi>
+Date: Thu, 9 Feb 2017 19:24:49 +0000
+Subject: [PATCH] Removing contribs
---
- configure.ac | 20 --------------------
- 1 file changed, 20 deletions(-)
+ configure.ac | 22 ----------------------
+ 1 file changed, 22 deletions(-)
diff --git a/configure.ac b/configure.ac
-index fedf354..e010732 100644
+index 1cf1051..5d76b44 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -438,26 +438,6 @@ dnl All slurm Makefiles:
+@@ -435,28 +435,6 @@ dnl All slurm Makefiles:
+
AC_CONFIG_FILES([Makefile
- config.xml
auxdir/Makefile
- contribs/Makefile
- contribs/cray/Makefile
@@ -27,7 +27,9 @@ index fedf354..e010732 100644
- contribs/perlapi/libslurm/perl/Makefile.PL
- contribs/perlapi/libslurmdb/Makefile
- contribs/perlapi/libslurmdb/perl/Makefile.PL
+- contribs/seff/Makefile
- contribs/torque/Makefile
+- contribs/openlava/Makefile
- contribs/phpext/Makefile
- contribs/phpext/slurm_php/config.m4
- contribs/sgather/Makefile
@@ -39,5 +41,5 @@ index fedf354..e010732 100644
doc/man/Makefile
doc/man/man1/Makefile
--
-2.1.4
+2.11.0
diff --git a/gnu/packages/patches/spice-CVE-2016-9577.patch b/gnu/packages/patches/spice-CVE-2016-9577.patch
new file mode 100644
index 0000000000..a2cb558cd3
--- /dev/null
+++ b/gnu/packages/patches/spice-CVE-2016-9577.patch
@@ -0,0 +1,33 @@
+Prevent buffer overflow when reading large messages.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1401603
+https://access.redhat.com/security/cve/CVE-2016-9577
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9577
+https://security-tracker.debian.org/tracker/CVE-2016-9577
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=5f96b596353d73bdf4bb3cd2de61e48a7fd5b4c3
+
+From 5f96b596353d73bdf4bb3cd2de61e48a7fd5b4c3 Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <fziglio@redhat.com>
+Date: Tue, 29 Nov 2016 16:46:56 +0000
+Subject: main-channel: Prevent overflow reading messages from client
+
+diff --git a/server/main_channel.c b/server/main_channel.c
+index 0ecc9df..1fc3915 100644
+--- a/server/main_channel.c
++++ b/server/main_channel.c
+@@ -1026,6 +1026,9 @@ static uint8_t *main_channel_alloc_msg_rcv_buf(RedChannelClient *rcc,
+
+ if (type == SPICE_MSGC_MAIN_AGENT_DATA) {
+ return reds_get_agent_data_buffer(mcc, size);
++ } else if (size > sizeof(main_chan->recv_buf)) {
++ /* message too large, caller will log a message and close the connection */
++ return NULL;
+ } else {
+ return main_chan->recv_buf;
+ }
+--
+cgit v0.10.2
+
diff --git a/gnu/packages/patches/spice-CVE-2016-9578-1.patch b/gnu/packages/patches/spice-CVE-2016-9578-1.patch
new file mode 100644
index 0000000000..f86cdb4eb1
--- /dev/null
+++ b/gnu/packages/patches/spice-CVE-2016-9578-1.patch
@@ -0,0 +1,33 @@
+Prevent possible DoS during protocol handshake.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1399566
+https://access.redhat.com/security/cve/CVE-2016-9578
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9578
+https://security-tracker.debian.org/tracker/CVE-2016-9578
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=f66dc643635518e53dfbe5262f814a64eec54e4a
+
+From 1c6517973095a67c8cb57f3550fc1298404ab556 Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <fziglio@redhat.com>
+Date: Tue, 13 Dec 2016 14:39:48 +0000
+Subject: Prevent possible DoS attempts during protocol handshake
+
+diff --git a/server/reds.c b/server/reds.c
+index f40b65c..86a33d5 100644
+--- a/server/reds.c
++++ b/server/reds.c
+@@ -2202,7 +2202,8 @@ static void reds_handle_read_header_done(void *opaque)
+
+ reds->peer_minor_version = header->minor_version;
+
+- if (header->size < sizeof(SpiceLinkMess)) {
++ /* the check for 4096 is to avoid clients to cause arbitrary big memory allocations */
++ if (header->size < sizeof(SpiceLinkMess) || header->size > 4096) {
+ reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA);
+ spice_warning("bad size %u", header->size);
+ reds_link_free(link);
+--
+cgit v0.10.2
+
diff --git a/gnu/packages/patches/spice-CVE-2016-9578-2.patch b/gnu/packages/patches/spice-CVE-2016-9578-2.patch
new file mode 100644
index 0000000000..76f7ec7ffb
--- /dev/null
+++ b/gnu/packages/patches/spice-CVE-2016-9578-2.patch
@@ -0,0 +1,38 @@
+Fixes a potential buffer overflow in the protocol handling.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1399566
+https://access.redhat.com/security/cve/CVE-2016-9578
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9578
+https://security-tracker.debian.org/tracker/CVE-2016-9578
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=f66dc643635518e53dfbe5262f814a64eec54e4a
+
+From f66dc643635518e53dfbe5262f814a64eec54e4a Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <fziglio@redhat.com>
+Date: Tue, 13 Dec 2016 14:40:10 +0000
+Subject: Prevent integer overflows in capability checks
+
+diff --git a/server/reds.c b/server/reds.c
+index 86a33d5..9150454 100644
+--- a/server/reds.c
++++ b/server/reds.c
+@@ -2110,6 +2110,14 @@ static void reds_handle_read_link_done(void *opaque)
+ link_mess->num_channel_caps = GUINT32_FROM_LE(link_mess->num_channel_caps);
+ link_mess->num_common_caps = GUINT32_FROM_LE(link_mess->num_common_caps);
+
++ /* Prevent DoS. Currently we defined only 13 capabilities,
++ * I expect 1024 to be valid for quite a lot time */
++ if (link_mess->num_channel_caps > 1024 || link_mess->num_common_caps > 1024) {
++ reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA);
++ reds_link_free(link);
++ return;
++ }
++
+ num_caps = link_mess->num_common_caps + link_mess->num_channel_caps;
+ caps = (uint32_t *)((uint8_t *)link_mess + link_mess->caps_offset);
+
+--
+cgit v0.10.2
+
diff --git a/gnu/packages/patches/vdirsyncer-test-suite-slow-machines.patch b/gnu/packages/patches/vdirsyncer-test-suite-slow-machines.patch
new file mode 100644
index 0000000000..03093e8330
--- /dev/null
+++ b/gnu/packages/patches/vdirsyncer-test-suite-slow-machines.patch
@@ -0,0 +1,42 @@
+Fix test failures caused by some build machines running more slowly than
+expected, which manifest like this:
+
+------
+> raise FailedHealthCheck(message)
+E hypothesis.errors.FailedHealthCheck: Data generation is extremely slow: Only produced 4 valid examples in 1.08 seconds (1 invalid ones and 0 exceeded maximum size). Try decreasing size of the data you're generating (with e.g.average_size or max_leaves parameters).
+E See http://hypothesis.readthedocs.org/en/latest/healthchecks.html for more information about this. If you want to disable just this health check, add HealthCheck.too_slowto the suppress_health_check settings for this test.
+
+/gnu/store/b8d1r8bilvm3jkncgrpvmg3dni9cgcr1-python-hypothesis-3.1.0/lib/python3.5/site-packages/hypothesis/core.py:296: FailedHealthCheck
+------
+
+Patch copied from upstream source repository:
+
+https://github.com/pimutils/vdirsyncer/commit/10490a12f13f03495e0945eb9d45d7aed9ab0a6c
+
+From 10490a12f13f03495e0945eb9d45d7aed9ab0a6c Mon Sep 17 00:00:00 2001
+From: Markus Unterwaditzer <markus@unterwaditzer.net>
+Date: Sat, 18 Feb 2017 15:45:06 +0100
+Subject: [PATCH] Unconditionally disable HealthCheck.too_slow
+
+---
+ tests/conftest.py | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/tests/conftest.py b/tests/conftest.py
+index e0a07d5..3afd7cd 100644
+--- a/tests/conftest.py
++++ b/tests/conftest.py
+@@ -26,10 +26,12 @@ def benchmark():
+ else:
+ del pytest_benchmark
+
++
++settings.suppress_health_check = [HealthCheck.too_slow]
++
+ settings.register_profile("ci", settings(
+ max_examples=1000,
+ verbosity=Verbosity.verbose,
+- suppress_health_check=[HealthCheck.too_slow]
+ ))
+ settings.register_profile("deterministic", settings(
+ derandomize=True,
diff --git a/gnu/packages/patches/vim-CVE-2017-5953.patch b/gnu/packages/patches/vim-CVE-2017-5953.patch
new file mode 100644
index 0000000000..7b66f1bf16
--- /dev/null
+++ b/gnu/packages/patches/vim-CVE-2017-5953.patch
@@ -0,0 +1,24 @@
+Fix CVE-2017-5953:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5953
+https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY
+
+Patch adapted from upstream commit, correcting the transcription error
+in the bounds check:
+
+https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d
+
+diff --git a/src/spellfile.c b/src/spellfile.c
+index c7d87c6..8b1a3a6 100644
+--- a/src/spellfile.c
++++ b/src/spellfile.c
+@@ -1595,6 +1595,9 @@ spell_read_tree(
+ len = get4c(fd);
+ if (len < 0)
+ return SP_TRUNCERROR;
++ if (len >= 0x3fffffff)
++ /* Invalid length, multiply with sizeof(int) would overflow. */
++ return SP_FORMERROR;
+ if (len > 0)
+ {
+ /* Allocate the byte array. */