From d3e3a6adcd77abdf6c8253b5c13ac0d3a3d80fdd Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Thu, 30 May 2019 13:55:44 +0200 Subject: gnu: Remove libevent@2.0. * gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch, gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch, gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch, gnu/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch, gnu/packages/patches/libevent-dns-tests.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/libevent.scm (libevevent-2.0): Remove variable. --- .../patches/libevent-2.0-CVE-2016-10195.patch | 41 ---------------------- .../patches/libevent-2.0-CVE-2016-10196.patch | 41 ---------------------- .../patches/libevent-2.0-CVE-2016-10197.patch | 39 -------------------- ...vent-2.0-evbuffer-add-use-last-with-datap.patch | 38 -------------------- gnu/packages/patches/libevent-dns-tests.patch | 16 --------- 5 files changed, 175 deletions(-) delete mode 100644 gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch delete mode 100644 gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch delete mode 100644 gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch delete mode 100644 gnu/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch delete mode 100644 gnu/packages/patches/libevent-dns-tests.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch b/gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch deleted file mode 100644 index bffe2c454c..0000000000 --- a/gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch +++ /dev/null @@ -1,41 +0,0 @@ -Fix CVE-2016-10195 (buffer overread in libevent's DNS code): - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10195 -https://github.com/libevent/libevent/issues/317 - -Patch copied from upstream source repository: - -https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d - -From 3c570970516f48da35f42fef98276531fcc0abaa Mon Sep 17 00:00:00 2001 -From: Azat Khuzhin -Date: Mon, 1 Feb 2016 17:32:09 +0300 -Subject: [PATCH] evdns: name_parse(): fix remote stack overread - ---- - evdns.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/evdns.c b/evdns.c -index 60b10485..137c24ea 100644 ---- a/evdns.c -+++ b/evdns.c -@@ -960,7 +960,6 @@ name_parse(u8 *packet, int length, int *idx, char *name_out, int name_out_len) { - - for (;;) { - u8 label_len; -- if (j >= length) return -1; - GET8(label_len); - if (!label_len) break; - if (label_len & 0xc0) { -@@ -981,6 +980,7 @@ name_parse(u8 *packet, int length, int *idx, char *name_out, int name_out_len) { - *cp++ = '.'; - } - if (cp + label_len >= end) return -1; -+ if (j + label_len > length) return -1; - memcpy(cp, packet + j, label_len); - cp += label_len; - j += label_len; --- -2.11.0 - diff --git a/gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch b/gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch deleted file mode 100644 index 03f96e938b..0000000000 --- a/gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch +++ /dev/null @@ -1,41 +0,0 @@ -Fix CVE-2016-10196 (buffer overflow in evutil): - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10196 -https://github.com/libevent/libevent/issues/318 - -Patch copied from upstream source repository: - -https://github.com/libevent/libevent/commit/329acc18a0768c21ba22522f01a5c7f46cacc4d5 - -From 28bdc2f3f62259d21ccaf7be2b60ef0a53e6f342 Mon Sep 17 00:00:00 2001 -From: Azat Khuzhin -Date: Sun, 31 Jan 2016 00:57:16 +0300 -Subject: [PATCH] evutil_parse_sockaddr_port(): fix buffer overflow - ---- - evutil.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/evutil.c b/evutil.c -index 33445170..e2dfe6e4 100644 ---- a/evutil.c -+++ b/evutil.c -@@ -1808,12 +1808,12 @@ evutil_parse_sockaddr_port(const char *ip_as_string, struct sockaddr *out, int * - - cp = strchr(ip_as_string, ':'); - if (*ip_as_string == '[') { -- int len; -+ size_t len; - if (!(cp = strchr(ip_as_string, ']'))) { - return -1; - } -- len = (int) ( cp-(ip_as_string + 1) ); -- if (len > (int)sizeof(buf)-1) { -+ len = ( cp-(ip_as_string + 1) ); -+ if (len > sizeof(buf)-1) { - return -1; - } - memcpy(buf, ip_as_string+1, len); --- -2.11.0 - diff --git a/gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch b/gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch deleted file mode 100644 index c62a328627..0000000000 --- a/gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch +++ /dev/null @@ -1,39 +0,0 @@ -Fix CVE-2016-10197 (out of bounds read on empty hostnames in evdns): - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10197 -https://github.com/libevent/libevent/issues/332 - -Patch copied from upstream source repository: - -https://github.com/libevent/libevent/commit/ec65c42052d95d2c23d1d837136d1cf1d9ecef9e - -From a0305cec166a5bc89f1eb362510cc4cd25ecc0bc Mon Sep 17 00:00:00 2001 -From: Azat Khuzhin -Date: Fri, 25 Mar 2016 00:33:47 +0300 -Subject: [PATCH] evdns: fix searching empty hostnames - ---- - evdns.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/evdns.c b/evdns.c -index 137c24ea..6191c677 100644 ---- a/evdns.c -+++ b/evdns.c -@@ -3122,9 +3122,12 @@ search_set_from_hostname(struct evdns_base *base) { - static char * - search_make_new(const struct search_state *const state, int n, const char *const base_name) { - const size_t base_len = strlen(base_name); -- const char need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1; -+ char need_to_append_dot; - struct search_domain *dom; - -+ if (!base_len) return NULL; -+ need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1; -+ - for (dom = state->head; dom; dom = dom->next) { - if (!n--) { - /* this is the postfix we want */ --- -2.11.0 - diff --git a/gnu/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch b/gnu/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch deleted file mode 100644 index 0253700bf6..0000000000 --- a/gnu/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch +++ /dev/null @@ -1,38 +0,0 @@ -From a8769ef12d7e223e33fc47bed03fba2bfa2f3536 Mon Sep 17 00:00:00 2001 -From: Marcus Sundberg -Date: Sat, 26 Mar 2016 20:11:43 +0100 -Subject: [PATCH] evbuffer_add: Use last_with_datap if set, not last. - -evbuffer_add() would always put data in the last chain, even if there -was available space in a previous chain, and in doing so it also -failed to update last_with_datap, causing subsequent calls to other -functions that do look at last_with_datap to add data in the middle -of the evbuffer instead of at the end. - -Fixes the evbuffer_add() part of issue #335, and the evbuffer/add2 and -evbuffer/add3 tests, and also prevents wasting space available in the -chain pointed to by last_with_datap. ---- - buffer.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/buffer.c b/buffer.c -index 7cca0e8a..f378b731 100644 ---- a/buffer.c -+++ b/buffer.c -@@ -1732,7 +1732,11 @@ evbuffer_add(struct evbuffer *buf, const void *data_in, size_t datlen) - goto done; - } - -- chain = buf->last; -+ if (*buf->last_with_datap == NULL) { -+ chain = buf->last; -+ } else { -+ chain = *buf->last_with_datap; -+ } - - /* If there are no chains allocated for this buffer, allocate one - * big enough to hold all the data. */ --- -2.12.0 - diff --git a/gnu/packages/patches/libevent-dns-tests.patch b/gnu/packages/patches/libevent-dns-tests.patch deleted file mode 100644 index 6ff8aaaa7b..0000000000 --- a/gnu/packages/patches/libevent-dns-tests.patch +++ /dev/null @@ -1,16 +0,0 @@ -Disable tests that rely on usable DNS lookups, which aren't available -in build chroots. - ---- libevent-2.0.21-stable/test/regress_dns.c 2013-01-20 22:32:09.000000000 +0100 -+++ libevent-2.0.21-stable/test/regress_dns.c 2013-01-20 22:32:30.000000000 +0100 -@@ -1827,10 +1827,6 @@ end: - - struct testcase_t dns_testcases[] = { - DNS_LEGACY(server, TT_FORK|TT_NEED_BASE), -- DNS_LEGACY(gethostbyname, TT_FORK|TT_NEED_BASE|TT_NEED_DNS), -- DNS_LEGACY(gethostbyname6, TT_FORK|TT_NEED_BASE|TT_NEED_DNS), -- DNS_LEGACY(gethostbyaddr, TT_FORK|TT_NEED_BASE|TT_NEED_DNS), -- { "resolve_reverse", dns_resolve_reverse, TT_FORK, NULL, NULL }, - { "search", dns_search_test, TT_FORK|TT_NEED_BASE, &basic_setup, NULL }, - { "search_cancel", dns_search_cancel_test, - TT_FORK|TT_NEED_BASE, &basic_setup, NULL }, -- cgit v1.2.3 From 05947d92b65dd13a8b593e1bdde3dd76b11211c2 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Tue, 4 Jun 2019 04:10:04 -0400 Subject: gnu: icecat: Update to 60.7.0-guix2. This includes updates to bundled extensions from the upstream GNU IceCat 60.7.0-gnu1 release. * gnu/packages/gnuzilla.scm (%icecat-version): Update to 60.7.0-guix2. (icecat-source)[upstream-icecat-base-version]: Update to 60.7.0. [upstream-icecat-source, gnuzilla-source]: Update hashes. [origin]: Remove the substitutions that dealt with debian-specific package code in the makeicecat script, since that code has been removed upstream. (icecat)[arguments]: Adapt the 'install-desktop-entry' phase to avoid using the Debian desktop file, which is no longer included in the IceCat sources. * gnu/packages/patches/icecat-makeicecat.patch: Adapt to upstream changes. --- gnu/packages/gnuzilla.scm | 67 +++++++--------------------- gnu/packages/patches/icecat-makeicecat.patch | 56 +++-------------------- 2 files changed, 23 insertions(+), 100 deletions(-) (limited to 'gnu/packages/patches') diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index 825678bfc6..c2356f2a44 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -426,7 +426,7 @@ (define* (computed-origin-method gexp-promise hash-algo hash #:system system #:guile-for-build guile))) -(define %icecat-version "60.7.0-guix1") +(define %icecat-version "60.7.0-guix2") ;; 'icecat-source' is a "computed" origin that generates an IceCat tarball ;; from the corresponding upstream Firefox ESR tarball, using the 'makeicecat' @@ -450,7 +450,7 @@ (define icecat-source (base32 "08x0nijh0ja5jza95a8y030ibk756bn7zlw3a3c4750yilfhqpqa")))) - (upstream-icecat-base-version "60.3.0") ; maybe older than base-version + (upstream-icecat-base-version "60.7.0") ; maybe older than base-version (upstream-icecat-gnu-version "1") (upstream-icecat-version (string-append upstream-icecat-base-version "-gnu" @@ -463,7 +463,7 @@ (define icecat-source "/icecat-" upstream-icecat-version ".tar.bz2")) (sha256 (base32 - "0icnl64nxcyf7dprpdpygxhabsvyhps8c3ixysj9bcdlj9q34ib1")))) + "09xqdfd8rwbn2n6m7n059qf1psbrj5v5kfzm7gg5xng22ddxawv8")))) (gnuzilla-commit (string-append "v" upstream-icecat-base-version)) (gnuzilla-source @@ -475,7 +475,7 @@ (define icecat-source (file-name (git-file-name "gnuzilla" upstream-icecat-base-version)) (sha256 (base32 - "19wal7hkbb4wvk40hs6d7a5paal2bfday08hwssm02srcbv48fj0")))) + "1vqhb0py28hnwcynbaad304ziciz1kn5bv1qg2q4f7g13js3b1hf")))) (makeicecat-patch (local-file (search-patch "icecat-makeicecat.patch")))) @@ -545,10 +545,6 @@ (define icecat-source #$upstream-icecat-gnu-version "\n")) (("^DATA=.*") "DATA=/tmp/gnuzilla/data\n") - (("^sed .* debian/" all) - (string-append "echo warning: skipped: " all)) - (("^debian/rules " all) - (string-append "echo warning: skipped: " all)) (("^find extensions/gnu/ ") "find extensions/gnu/ | sort ") (("/bin/sed") @@ -560,21 +556,19 @@ (define icecat-source (rename-file firefox-dir icecat-dir) (with-directory-excursion icecat-dir - (for-each mkdir-p '("l10n" "debian/config")) - (call-with-output-file "debian/control" (const #t)) + (mkdir "l10n") (format #t "Running makeicecat script...~%") (force-output) (invoke "bash" "/tmp/gnuzilla/makeicecat") - (for-each delete-file-recursively '("l10n" "debian"))) + (delete-file-recursively "l10n")) - (format #t (string-append "Unpacking l10n/* and debian/* from" + (format #t (string-append "Unpacking l10n/* from" " upstream IceCat tarball...~%")) (force-output) (unless (string=? icecat-dir old-icecat-dir) (symlink icecat-dir old-icecat-dir)) (invoke "tar" "xf" #+upstream-icecat-source - (string-append old-icecat-dir "/l10n") - (string-append old-icecat-dir "/debian")) + (string-append old-icecat-dir "/l10n")) (format #t "Packing new IceCat tarball...~%") (force-output) @@ -899,43 +893,16 @@ (define-public icecat (add-before 'configure 'install-desktop-entry (lambda* (#:key outputs #:allow-other-keys) ;; Install the '.desktop' file. - (define (swallow-%%-directives input output) - ;; Interpret '%%ifdef' directives found in the '.desktop' file. - (let loop ((state 'top)) - (match (read-line input 'concat) - ((? eof-object?) - #t) - ((? string? line) - (cond ((string-prefix? "%%ifdef" line) - (loop 'ifdef)) - ((string-prefix? "%%else" line) - (loop 'else)) - ((string-prefix? "%%endif" line) - (loop 'top)) - (else - (case state - ((top else) - (display line output) - (loop state)) - (else - (loop state))))))))) - - (let* ((out (assoc-ref outputs "out")) + (let* ((desktop-file "taskcluster/docker/icecat-snap/icecat.desktop") + (out (assoc-ref outputs "out")) (applications (string-append out "/share/applications"))) - (call-with-input-file "debian/icecat.desktop.in" - (lambda (input) - (call-with-output-file "debian/icecat.desktop" - (lambda (output) - (swallow-%%-directives input output))))) - - (substitute* "debian/icecat.desktop" - (("@MOZ_DISPLAY_NAME@") - "GNU IceCat") - (("^Exec=@MOZ_APP_NAME@") - (string-append "Exec=" out "/bin/icecat")) - (("@MOZ_APP_NAME@") - "icecat")) - (install-file "debian/icecat.desktop" applications) + (substitute* desktop-file + (("^Exec=icecat") (string-append "Exec=" out "/bin/icecat")) + (("IceCat") "GNU IceCat") + (("Icon=.*") "Icon=icecat\n") + (("NewWindow") "new-window") + (("NewPrivateWindow") "new-private-window")) + (install-file desktop-file applications) #t))) (add-after 'install-desktop-entry 'install-icons (lambda* (#:key outputs #:allow-other-keys) diff --git a/gnu/packages/patches/icecat-makeicecat.patch b/gnu/packages/patches/icecat-makeicecat.patch index 2a11bf0b70..7d4f774c83 100644 --- a/gnu/packages/patches/icecat-makeicecat.patch +++ b/gnu/packages/patches/icecat-makeicecat.patch @@ -3,10 +3,10 @@ in a snippet without network access. After this patch is applied, some additional changes will be made using 'substitute*'. diff --git a/makeicecat b/makeicecat -index aa46b94..db27a86 100644 +index 5a4390b..fcfa143 100644 --- a/makeicecat +++ b/makeicecat -@@ -36,75 +36,75 @@ export DEBFULLNAME="Ruben Rodriguez" +@@ -29,55 +29,55 @@ SOURCEDIR=icecat-$FFVERSION DATA="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"/data @@ -25,6 +25,7 @@ index aa46b94..db27a86 100644 -wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz.asc -gpg --recv-keys --keyserver keyserver.ubuntu.com 24C6F355 -gpg --verify firefox-${FFVERSION}esr.source.tar.xz.asc +-echo -n 0a5f0c1d8d1e9443d85083d37fec32e5cc15c1001ea992d49745490065b4a023 firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c - - -echo Extracting Firefox tarball -tar -xf firefox-${FFVERSION}esr.source.tar.xz @@ -36,49 +37,13 @@ index aa46b94..db27a86 100644 +# wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz.asc +# gpg --recv-keys --keyserver keyserver.ubuntu.com 24C6F355 +# gpg --verify firefox-${FFVERSION}esr.source.tar.xz.asc ++# echo -n 0a5f0c1d8d1e9443d85083d37fec32e5cc15c1001ea992d49745490065b4a023 firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c - +# +# echo Extracting Firefox tarball +# tar -xf firefox-${FFVERSION}esr.source.tar.xz +# +# mv firefox-${FFVERSION} $SOURCEDIR - ############################################################################### - # Retrieve /debian from Ubuntu - ############################################################################### - --rm -rf firefox.$CODENAME --bzr branch https://code.launchpad.net/~mozillateam/firefox/firefox.$CODENAME --cd firefox.$CODENAME --bzr revert -r$REVISION --echo '3.0 (native)' > debian/source/format -- --for PATCH in ubuntu-bookmarks.patch ubuntu-ua-string-changes.patch unity-menubar.patch ubuntu-search-defaults.patch fix-make-package-tests-without-webrtc.patch revert-upstream-search-engine-changes.patch --do -- rm debian/patches/$PATCH -- sed "/$PATCH/d" -i debian/patches/series --done --sed "/test-/d" -i debian/patches/series --cd .. -- --mv firefox.$CODENAME/debian $SOURCEDIR --rm -rf firefox.$CODENAME -+# rm -rf firefox.$CODENAME -+# bzr branch https://code.launchpad.net/~mozillateam/firefox/firefox.$CODENAME -+# cd firefox.$CODENAME -+# bzr revert -r$REVISION -+# echo '3.0 (native)' > debian/source/format -+# -+# for PATCH in ubuntu-bookmarks.patch ubuntu-ua-string-changes.patch unity-menubar.patch ubuntu-search-defaults.patch fix-make-package-tests-without-webrtc.patch revert-upstream-search-engine-changes.patch -+# do -+# rm debian/patches/$PATCH -+# sed "/$PATCH/d" -i debian/patches/series -+# done -+# sed "/test-/d" -i debian/patches/series -+# cd .. -+# -+# mv firefox.$CODENAME/debian $SOURCEDIR -+# rm -rf firefox.$CODENAME - ############################################################################### # Retrieve l10n ############################################################################### @@ -133,19 +98,10 @@ index aa46b94..db27a86 100644 #for patch in $DATA/patches/*; do # echo Patching with file: $patch -@@ -720,7 +720,7 @@ debian/rules debian/control - touch -d "yesterday" debian/control - debian/rules debian/control - --echo | dch -b -D stable -v "$ICECATVERSION" "Converted into IceCat (http://www.gnu.org/software/gnuzilla/)" -+# echo | dch -b -D stable -v "$ICECATVERSION" "Converted into IceCat (http://www.gnu.org/software/gnuzilla/)" - sed "1s/firefox/icecat/" -i debian/changelog - - touch configure js/src/configure -@@ -734,6 +734,6 @@ sed 's/777/755/;' -i toolkit/crashreporter/google-breakpad/Makefile.in +@@ -590,6 +590,6 @@ sed 's/777/755/;' -i toolkit/crashreporter/google-breakpad/Makefile.in + # Fix CVE-2012-3386 /bin/sed 's/chmod a+w/chmod u+w/' -i ./js/src/ctypes/libffi/Makefile.in ./toolkit/crashreporter/google-breakpad/Makefile.in ./toolkit/crashreporter/google-breakpad/src/third_party/glog/Makefile.in || true - -cd .. -echo Packaging tarball -tar cfj icecat-$ICECATVERSION.tar.bz2 $SOURCEDIR -- cgit v1.2.3 From d46fc636e6797a1601cc7a7a8eaf72759c495c89 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Tue, 4 Jun 2019 17:49:14 +0200 Subject: gnu: borg: Update to 1.1.10. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/backup.scm (borg): Update to 1.1.10. [source]: Remove upstreamed patch. Remove msgpack and broken references to it. [arguments]: Add ‘use-system-msgpack’ phase. * gnu/packages/patches/borg-fix-hard-link-preloading.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/backup.scm | 19 ++- .../patches/borg-fix-hard-link-preloading.patch | 157 --------------------- 3 files changed, 14 insertions(+), 163 deletions(-) delete mode 100644 gnu/packages/patches/borg-fix-hard-link-preloading.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index b0992547b4..9680212c06 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -690,7 +690,6 @@ dist_patch_DATA = \ %D%/packages/patches/blender-2.79-newer-ffmpeg.patch \ %D%/packages/patches/blender-2.79-python-3.7-fix.patch \ %D%/packages/patches/boost-fix-icu-build.patch \ - %D%/packages/patches/borg-fix-hard-link-preloading.patch \ %D%/packages/patches/byobu-writable-status.patch \ %D%/packages/patches/calibre-no-updates-dialog.patch \ %D%/packages/patches/calibre-remove-test-bs4.patch \ diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm index 70cc06c736..0bd894f958 100644 --- a/gnu/packages/backup.scm +++ b/gnu/packages/backup.scm @@ -511,15 +511,13 @@ (define-public libchop (define-public borg (package (name "borg") - (version "1.1.9") + (version "1.1.10") (source (origin (method url-fetch) (uri (pypi-uri "borgbackup" version)) (sha256 - (base32 - "0x95nhv4h34m8cxycbwc4xdz350saaxlgh727b23bgn4ci7gh3vx")) - (patches (search-patches "borg-fix-hard-link-preloading.patch")) + (base32 "1pp70p4n5kamvcbl4d8021ggrxhyykmg9isjg4yd3wags8b19d7g")) (modules '((guix build utils))) (snippet '(begin @@ -541,7 +539,12 @@ (define-public borg ;; Remove bundled shared libraries. (with-directory-excursion "src/borg/algorithms" (for-each delete-file-recursively - (list "blake2" "lz4" "zstd"))) + (list "blake2" "lz4" "msgpack" "zstd"))) + ;; Purge some msgpack references from setup.py or the resulting + ;; sources will be unbuildable. + (substitute* "setup.py" + ((".*Extension\\('borg\\.algorithms\\.msgpack\\..*") "") + (("msgpack_packer_source, msgpack_unpacker_source") "")) #t)))) (build-system python-build-system) (arguments @@ -565,6 +568,12 @@ (define-public borg ;; HOME=/homeless-shelter. (setenv "HOME" "/tmp") #t))) + (add-after 'unpack 'use-system-msgpack + (lambda _ + (substitute* "src/borg/helpers.py" + (("prefer_system_msgpack = False") + "prefer_system_msgpack = True")) + #t)) ;; The tests need to be run after Borg is installed. (delete 'check) (add-after 'install 'check diff --git a/gnu/packages/patches/borg-fix-hard-link-preloading.patch b/gnu/packages/patches/borg-fix-hard-link-preloading.patch deleted file mode 100644 index 92a4e22674..0000000000 --- a/gnu/packages/patches/borg-fix-hard-link-preloading.patch +++ /dev/null @@ -1,157 +0,0 @@ -Fix a bug that would cause the test suite to hang: - -https://github.com/borgbackup/borg/issues/4350 - -Patch copied from upstream source repository: - -https://github.com/borgbackup/borg/commit/18242ab9e2f26c450b8507aa1d5eceadab8ad027 - -From 18242ab9e2f26c450b8507aa1d5eceadab8ad027 Mon Sep 17 00:00:00 2001 -From: Thomas Waldmann -Date: Thu, 2 May 2019 21:02:26 +0200 -Subject: [PATCH] preload chunks for hardlink slaves w/o preloaded master, - fixes #4350 - -also split the hardlink extraction test into 2 tests. - -(cherry picked from commit f33f318d816505161d1449a02ddfdeb97d6fe80a) ---- - src/borg/archive.py | 42 +++++++++++++++++++++++++++++----- - src/borg/archiver.py | 5 ++-- - src/borg/testsuite/archiver.py | 20 +++++++++------- - 3 files changed, 51 insertions(+), 16 deletions(-) - -diff --git a/src/borg/archive.py b/src/borg/archive.py -index adc1f42c..0793672a 100644 ---- a/src/borg/archive.py -+++ b/src/borg/archive.py -@@ -192,7 +192,7 @@ def __init__(self, repository, key): - self.repository = repository - self.key = key - -- def unpack_many(self, ids, filter=None, preload=False): -+ def unpack_many(self, ids, filter=None, partial_extract=False, preload=False, hardlink_masters=None): - """ - Return iterator of items. - -@@ -209,12 +209,40 @@ def unpack_many(self, ids, filter=None, preload=False): - for item in items: - if 'chunks' in item: - item.chunks = [ChunkListEntry(*e) for e in item.chunks] -+ -+ def preload(chunks): -+ self.repository.preload([c.id for c in chunks]) -+ - if filter: - items = [item for item in items if filter(item)] -+ - if preload: -- for item in items: -- if 'chunks' in item: -- self.repository.preload([c.id for c in item.chunks]) -+ if filter and partial_extract: -+ # if we do only a partial extraction, it gets a bit -+ # complicated with computing the preload items: if a hardlink master item is not -+ # selected (== not extracted), we will still need to preload its chunks if a -+ # corresponding hardlink slave is selected (== is extracted). -+ # due to a side effect of the filter() call, we now have hardlink_masters dict populated. -+ masters_preloaded = set() -+ for item in items: -+ if 'chunks' in item: # regular file, maybe a hardlink master -+ preload(item.chunks) -+ # if this is a hardlink master, remember that we already preloaded it: -+ if 'source' not in item and hardlinkable(item.mode) and item.get('hardlink_master', True): -+ masters_preloaded.add(item.path) -+ elif 'source' in item and hardlinkable(item.mode): # hardlink slave -+ source = item.source -+ if source not in masters_preloaded: -+ # we only need to preload *once* (for the 1st selected slave) -+ chunks, _ = hardlink_masters[source] -+ preload(chunks) -+ masters_preloaded.add(source) -+ else: -+ # easy: we do not have a filter, thus all items are selected, thus we need to preload all chunks. -+ for item in items: -+ if 'chunks' in item: -+ preload(item.chunks) -+ - for item in items: - yield item - -@@ -433,8 +461,10 @@ def item_filter(self, item, filter=None): - return False - return filter(item) if filter else True - -- def iter_items(self, filter=None, preload=False): -- for item in self.pipeline.unpack_many(self.metadata.items, preload=preload, -+ def iter_items(self, filter=None, partial_extract=False, preload=False, hardlink_masters=None): -+ assert not (filter and partial_extract and preload) or hardlink_masters is not None -+ for item in self.pipeline.unpack_many(self.metadata.items, partial_extract=partial_extract, -+ preload=preload, hardlink_masters=hardlink_masters, - filter=lambda item: self.item_filter(item, filter)): - yield item - -diff --git a/src/borg/archiver.py b/src/borg/archiver.py -index 957959d6..dcc20455 100644 ---- a/src/borg/archiver.py -+++ b/src/borg/archiver.py -@@ -755,7 +755,8 @@ def peek_and_store_hardlink_masters(item, matched): - else: - pi = None - -- for item in archive.iter_items(filter, preload=True): -+ for item in archive.iter_items(filter, partial_extract=partial_extract, -+ preload=True, hardlink_masters=hardlink_masters): - orig_path = item.path - if strip_components: - item.path = os.sep.join(orig_path.split(os.sep)[strip_components:]) -@@ -997,7 +998,7 @@ def item_to_tarinfo(item, original_path): - return None, stream - return tarinfo, stream - -- for item in archive.iter_items(filter, preload=True): -+ for item in archive.iter_items(filter, preload=True, hardlink_masters=hardlink_masters): - orig_path = item.path - if strip_components: - item.path = os.sep.join(orig_path.split(os.sep)[strip_components:]) -diff --git a/src/borg/testsuite/archiver.py b/src/borg/testsuite/archiver.py -index c35ad800..935b3d79 100644 ---- a/src/borg/testsuite/archiver.py -+++ b/src/borg/testsuite/archiver.py -@@ -823,7 +823,18 @@ def test_mount_hardlinks(self): - assert open('input/dir1/subdir/hardlink', 'rb').read() == b'123456' - - @requires_hardlinks -- def test_extract_hardlinks(self): -+ def test_extract_hardlinks1(self): -+ self._extract_hardlinks_setup() -+ with changedir('output'): -+ self.cmd('extract', self.repository_location + '::test') -+ assert os.stat('input/source').st_nlink == 4 -+ assert os.stat('input/abba').st_nlink == 4 -+ assert os.stat('input/dir1/hardlink').st_nlink == 4 -+ assert os.stat('input/dir1/subdir/hardlink').st_nlink == 4 -+ assert open('input/dir1/subdir/hardlink', 'rb').read() == b'123456' -+ -+ @requires_hardlinks -+ def test_extract_hardlinks2(self): - self._extract_hardlinks_setup() - with changedir('output'): - self.cmd('extract', self.repository_location + '::test', '--strip-components', '2') -@@ -839,13 +850,6 @@ def test_extract_hardlinks(self): - assert open('input/dir1/subdir/hardlink', 'rb').read() == b'123456' - assert os.stat('input/dir1/aaaa').st_nlink == 2 - assert os.stat('input/dir1/source2').st_nlink == 2 -- with changedir('output'): -- self.cmd('extract', self.repository_location + '::test') -- assert os.stat('input/source').st_nlink == 4 -- assert os.stat('input/abba').st_nlink == 4 -- assert os.stat('input/dir1/hardlink').st_nlink == 4 -- assert os.stat('input/dir1/subdir/hardlink').st_nlink == 4 -- assert open('input/dir1/subdir/hardlink', 'rb').read() == b'123456' - - def test_extract_include_exclude(self): - self.cmd('init', '--encryption=repokey', self.repository_location) --- -2.21.0 - -- cgit v1.2.3 From 3588419553176daadcb59644037d169574542b42 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Tue, 4 Jun 2019 18:25:58 +0200 Subject: gnu: polkit: Update to 0.116 [fixes CVE-2019-6133]. * gnu/packages/patches/polkit-CVE-2018-19788.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/polkit.scm (polkit): Update to 0.116. [source](patches): Remove. [inputs]: Change MOZJS-52 to MOZJS-60. [arguments]: Add CXXFLAGS=-std=gnu++11 to #:configure-flags. --- gnu/local.mk | 1 - gnu/packages/patches/polkit-CVE-2018-19788.patch | 197 ----------------------- gnu/packages/polkit.scm | 10 +- 3 files changed, 6 insertions(+), 202 deletions(-) delete mode 100644 gnu/packages/patches/polkit-CVE-2018-19788.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 9680212c06..6878aef44a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1163,7 +1163,6 @@ dist_patch_DATA = \ %D%/packages/patches/plink-endian-detection.patch \ %D%/packages/patches/plotutils-libpng-jmpbuf.patch \ %D%/packages/patches/podofo-cmake-3.12.patch \ - %D%/packages/patches/polkit-CVE-2018-19788.patch \ %D%/packages/patches/portaudio-audacity-compat.patch \ %D%/packages/patches/portmidi-modular-build.patch \ %D%/packages/patches/postgresql-disable-resolve_symlinks.patch \ diff --git a/gnu/packages/patches/polkit-CVE-2018-19788.patch b/gnu/packages/patches/polkit-CVE-2018-19788.patch deleted file mode 100644 index 58cde6c5dc..0000000000 --- a/gnu/packages/patches/polkit-CVE-2018-19788.patch +++ /dev/null @@ -1,197 +0,0 @@ -Fix CVE-2018-19788: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19788 -https://gitlab.freedesktop.org/polkit/polkit/issues/74 - -Patch copied from upstream source repository: - -https://gitlab.freedesktop.org/polkit/polkit/commit/2cb40c4d5feeaa09325522bd7d97910f1b59e379 - -From 2cb40c4d5feeaa09325522bd7d97910f1b59e379 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Mon, 3 Dec 2018 10:28:58 +0100 -Subject: [PATCH] Allow negative uids/gids in PolkitUnixUser and Group objects - -(uid_t) -1 is still used as placeholder to mean "unset". This is OK, since -there should be no users with such number, see -https://systemd.io/UIDS-GIDS#special-linux-uids. - -(uid_t) -1 is used as the default value in class initialization. - -When a user or group above INT32_MAX is created, the numeric uid or -gid wraps around to negative when the value is assigned to gint, and -polkit gets confused. Let's accept such gids, except for -1. - -A nicer fix would be to change the underlying type to e.g. uint32 to -not have negative values. But this cannot be done without breaking the -API, so likely new functions will have to be added (a -polkit_unix_user_new variant that takes a unsigned, and the same for -_group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will -require a bigger patch. - -Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74. ---- - src/polkit/polkitunixgroup.c | 15 +++++++++++---- - src/polkit/polkitunixprocess.c | 12 ++++++++---- - src/polkit/polkitunixuser.c | 13 ++++++++++--- - 3 files changed, 29 insertions(+), 11 deletions(-) - -diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c -index c57a1aa..309f689 100644 ---- a/src/polkit/polkitunixgroup.c -+++ b/src/polkit/polkitunixgroup.c -@@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT, - static void - polkit_unix_group_init (PolkitUnixGroup *unix_group) - { -+ unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */ - } - - static void -@@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object, - GParamSpec *pspec) - { - PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object); -+ gint val; - - switch (prop_id) - { - case PROP_GID: -- unix_group->gid = g_value_get_int (value); -+ val = g_value_get_int (value); -+ g_return_if_fail (val != -1); -+ unix_group->gid = val; - break; - - default: -@@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass) - g_param_spec_int ("gid", - "Group ID", - "The UNIX group ID", -- 0, -+ G_MININT, - G_MAXINT, -- 0, -+ -1, - G_PARAM_CONSTRUCT | - G_PARAM_READWRITE | - G_PARAM_STATIC_NAME | -@@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group) - */ - void - polkit_unix_group_set_gid (PolkitUnixGroup *group, -- gint gid) -+ gint gid) - { - g_return_if_fail (POLKIT_IS_UNIX_GROUP (group)); -+ g_return_if_fail (gid != -1); - group->gid = gid; - } - -@@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group, - PolkitIdentity * - polkit_unix_group_new (gint gid) - { -+ g_return_val_if_fail (gid != -1, NULL); -+ - return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP, - "gid", gid, - NULL)); -diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c -index 972b777..b02b258 100644 ---- a/src/polkit/polkitunixprocess.c -+++ b/src/polkit/polkitunixprocess.c -@@ -159,9 +159,14 @@ polkit_unix_process_set_property (GObject *object, - polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); - break; - -- case PROP_UID: -- polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); -+ case PROP_UID: { -+ gint val; -+ -+ val = g_value_get_int (value); -+ g_return_if_fail (val != -1); -+ polkit_unix_process_set_uid (unix_process, val); - break; -+ } - - case PROP_START_TIME: - polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); -@@ -239,7 +244,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) - g_param_spec_int ("uid", - "User ID", - "The UNIX user ID", -- -1, -+ G_MININT, - G_MAXINT, - -1, - G_PARAM_CONSTRUCT | -@@ -303,7 +308,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process, - gint uid) - { - g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); -- g_return_if_fail (uid >= -1); - process->uid = uid; - } - -diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c -index 8bfd3a1..234a697 100644 ---- a/src/polkit/polkitunixuser.c -+++ b/src/polkit/polkitunixuser.c -@@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT, - static void - polkit_unix_user_init (PolkitUnixUser *unix_user) - { -+ unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */ - unix_user->name = NULL; - } - -@@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object, - GParamSpec *pspec) - { - PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object); -+ gint val; - - switch (prop_id) - { - case PROP_UID: -- unix_user->uid = g_value_get_int (value); -+ val = g_value_get_int (value); -+ g_return_if_fail (val != -1); -+ unix_user->uid = val; - break; - - default: -@@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass) - g_param_spec_int ("uid", - "User ID", - "The UNIX user ID", -- 0, -+ G_MININT, - G_MAXINT, -- 0, -+ -1, - G_PARAM_CONSTRUCT | - G_PARAM_READWRITE | - G_PARAM_STATIC_NAME | -@@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, - gint uid) - { - g_return_if_fail (POLKIT_IS_UNIX_USER (user)); -+ g_return_if_fail (uid != -1); - user->uid = uid; - } - -@@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, - PolkitIdentity * - polkit_unix_user_new (gint uid) - { -+ g_return_val_if_fail (uid != -1, NULL); -+ - return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER, - "uid", uid, - NULL)); --- -2.18.1 - diff --git a/gnu/packages/polkit.scm b/gnu/packages/polkit.scm index ccb8ebf8f8..ac24adef43 100644 --- a/gnu/packages/polkit.scm +++ b/gnu/packages/polkit.scm @@ -43,16 +43,15 @@ (define-module (gnu packages polkit) (define-public polkit (package (name "polkit") - (version "0.115") + (version "0.116") (source (origin (method url-fetch) (uri (string-append "https://www.freedesktop.org/software/polkit/releases/" name "-" version ".tar.gz")) - (patches (search-patches "polkit-CVE-2018-19788.patch")) (sha256 (base32 - "0c91y61y4gy6p91cwbzg32dhavw4b7fflg370rimqhdxpzdfr1rg")) + "1c9lbpndh5zis22f154vjrhnqw65z8s85nrgl42v738yf6g0q5w8")) (modules '((guix build utils))) (snippet '(begin @@ -90,7 +89,7 @@ (define-public polkit `(("expat" ,expat) ("linux-pam" ,linux-pam) ("elogind" ,elogind) - ("mozjs" ,mozjs-52) + ("mozjs" ,mozjs-60) ("nspr" ,nspr))) (propagated-inputs `(("glib" ,glib))) ; required by polkit-gobject-1.pc @@ -101,6 +100,9 @@ (define-public polkit ("gobject-introspection" ,gobject-introspection))) (arguments `(#:configure-flags '("--sysconfdir=/etc" + ;; XXX: MozJS 60 requires the C++11 ABI or higher. + ;; Remove when the default compiler is >= GCC 6. + "CXXFLAGS=-std=gnu++11" "--enable-man-pages") #:phases (modify-phases %standard-phases -- cgit v1.2.3