diff options
author | Mark H Weaver <mhw@netris.org> | 2016-01-24 21:04:54 -0500 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2016-01-24 21:04:54 -0500 |
commit | 412bee5e2931a53066ae593808935608d54a4345 (patch) | |
tree | 28b297694296115f056ead6de81d24bbd98d75f5 /gnu/packages/patches | |
parent | 68716289995d106c7adc779548eebc5df324e6cf (diff) | |
parent | 880d647d0f1a0ea0aea2af84fa2e99e3286b65a1 (diff) | |
download | guix-412bee5e2931a53066ae593808935608d54a4345.tar.gz guix-412bee5e2931a53066ae593808935608d54a4345.zip |
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/arb-ldconfig.patch | 22 | ||||
-rw-r--r-- | gnu/packages/patches/linux-libre-CVE-2016-0728.patch | 84 | ||||
-rw-r--r-- | gnu/packages/patches/tophat-build-with-later-seqan.patch | 24 |
3 files changed, 130 insertions, 0 deletions
diff --git a/gnu/packages/patches/arb-ldconfig.patch b/gnu/packages/patches/arb-ldconfig.patch new file mode 100644 index 0000000000..478ec5a6f0 --- /dev/null +++ b/gnu/packages/patches/arb-ldconfig.patch @@ -0,0 +1,22 @@ +diff -u -r arb-2.8.1.orig/configure arb-2.8.1/configure +--- arb-2.8.1.orig/configure 2015-12-31 17:30:01.000000000 +0100 ++++ arb-2.8.1/configure 2016-01-20 16:41:41.336726596 +0100 +@@ -647,6 +647,7 @@ + echo "ARB_SHARED=$SHARED" >> Makefile + echo "ARB_LIB=$ARB_LIB" >> Makefile + echo "ARB_LIBNAME=$ARB_LIBNAME" >> Makefile ++echo "ARB_MAJOR=$ARB_MAJOR" >> Makefile + echo "ARB_SOLIB=$ARB_SOLIB" >> Makefile + echo "EXEEXT=$EXEEXT" >> Makefile + echo "PREFIX=$PREFIX" >> Makefile +diff -u -r arb-2.8.1.orig/Makefile.in arb-2.8.1/Makefile.in +--- arb-2.8.1.orig/Makefile.in 2015-12-31 17:30:01.000000000 +0100 ++++ arb-2.8.1/Makefile.in 2016-01-20 16:30:32.575298517 +0100 +@@ -101,6 +101,7 @@ + $(LDCONFIG) -n "$(CURDIR)"; \ + fi + ln -sf "$(ARB_LIB)" "$(ARB_LIBNAME)"; \ ++ ln -sf "$(ARB_LIB)" "$(ARB_LIBNAME).$(ARB_MAJOR)"; \ + + libarb.a: $(OBJS) $(LIB_SOURCES) $(EXT_SOURCES) $(HEADERS) $(EXT_HEADERS) | build build/interfaces + $(AT)$(foreach ext, $(EXTENSIONS), $(foreach dir, $(patsubst $(ext)/%.h, %, $(wildcard $(ext)/*.h)), mkdir -p build/$(dir); BUILD_DIR=$(CURDIR)/build/$(dir); export BUILD_DIR; MOD_DIR=$(dir); export MOD_DIR; $(MAKE) -f $(CURDIR)/Makefile.subdirs -C $(ext)/$(dir) static || exit $$?;)) diff --git a/gnu/packages/patches/linux-libre-CVE-2016-0728.patch b/gnu/packages/patches/linux-libre-CVE-2016-0728.patch new file mode 100644 index 0000000000..254d6c1aea --- /dev/null +++ b/gnu/packages/patches/linux-libre-CVE-2016-0728.patch @@ -0,0 +1,84 @@ +Copied from +https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=23567fd052a9abb6d67fe8e7a9ccdd9800a540f2 + +From 23567fd052a9abb6d67fe8e7a9ccdd9800a540f2 Mon Sep 17 00:00:00 2001 +From: Yevgeny Pats <yevgeny@perception-point.io> +Date: Tue, 19 Jan 2016 22:09:04 +0000 +Subject: KEYS: Fix keyring ref leak in join_session_keyring() + +This fixes CVE-2016-0728. + +If a thread is asked to join as a session keyring the keyring that's already +set as its session, we leak a keyring reference. + +This can be tested with the following program: + + #include <stddef.h> + #include <stdio.h> + #include <sys/types.h> + #include <keyutils.h> + + int main(int argc, const char *argv[]) + { + int i = 0; + key_serial_t serial; + + serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, + "leaked-keyring"); + if (serial < 0) { + perror("keyctl"); + return -1; + } + + if (keyctl(KEYCTL_SETPERM, serial, + KEY_POS_ALL | KEY_USR_ALL) < 0) { + perror("keyctl"); + return -1; + } + + for (i = 0; i < 100; i++) { + serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, + "leaked-keyring"); + if (serial < 0) { + perror("keyctl"); + return -1; + } + } + + return 0; + } + +If, after the program has run, there something like the following line in +/proc/keys: + +3f3d898f I--Q--- 100 perm 3f3f0000 0 0 keyring leaked-keyring: empty + +with a usage count of 100 * the number of times the program has been run, +then the kernel is malfunctioning. If leaked-keyring has zero usages or +has been garbage collected, then the problem is fixed. + +Reported-by: Yevgeny Pats <yevgeny@perception-point.io> +Signed-off-by: David Howells <dhowells@redhat.com> +Acked-by: Don Zickus <dzickus@redhat.com> +Acked-by: Prarit Bhargava <prarit@redhat.com> +Acked-by: Jarod Wilson <jarod@redhat.com> +Signed-off-by: James Morris <james.l.morris@oracle.com> +--- + security/keys/process_keys.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c +index a3f85d2..e6d50172 100644 +--- a/security/keys/process_keys.c ++++ b/security/keys/process_keys.c +@@ -794,6 +794,7 @@ long join_session_keyring(const char *name) + ret = PTR_ERR(keyring); + goto error2; + } else if (keyring == new->session_keyring) { ++ key_put(keyring); + ret = 0; + goto error2; + } +-- +cgit v0.12 + diff --git a/gnu/packages/patches/tophat-build-with-later-seqan.patch b/gnu/packages/patches/tophat-build-with-later-seqan.patch new file mode 100644 index 0000000000..fc742e2a7d --- /dev/null +++ b/gnu/packages/patches/tophat-build-with-later-seqan.patch @@ -0,0 +1,24 @@ +This patch resolves a build failure when building TopHat 2.1.0 with SeqAn 1.4. +This is the relevant part of a patch originally posted here: +https://lists.fu-berlin.de/pipermail/seqan-dev/2014-July/msg00001.html + +--- a/src/segment_juncs.cpp ++++ b/src/segment_juncs.cpp +@@ -2050,10 +2050,13 @@ void juncs_from_ref_segs(RefSequenceTabl + typedef map<uint32_t, IntronMotifs> MotifMap; + + MotifMap ims; +- +- seqan::DnaStringReverseComplement rev_donor_dinuc(donor_dinuc); +- seqan::DnaStringReverseComplement rev_acceptor_dinuc(acceptor_dinuc); +- ++ ++ typedef seqan::ModifiedString< ++ seqan::ModifiedString<seqan::DnaString const, seqan::ModView<seqan::FunctorComplement<seqan::Dna> > >, ++ seqan::ModReverse> ConstDnaStringReverseComplement; ++ ConstDnaStringReverseComplement rev_donor_dinuc(donor_dinuc); ++ ConstDnaStringReverseComplement rev_acceptor_dinuc(acceptor_dinuc); ++ + if (talkative) + fprintf(stderr, "Collecting potential splice sites in islands\n"); + |