From 1b5b24c92d5176083ad749ba5d28f6ac31a3a0f7 Mon Sep 17 00:00:00 2001 From: Ben Sturmfels Date: Wed, 19 Apr 2017 02:24:57 +1000 Subject: gnu: fabric: Enable tests. * gnu/packages/patches/fabric-tests.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/admin.scm (fabric)[source]: Use it. [native-inputs]: Add PYTHON2-FUDGE, PYTHON2-JINJA2 and PYTHON2-NOSE. [arguments]<#:tests>: Remove. Signed-off-by: Marius Bakke --- gnu/packages/patches/fabric-tests.patch | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 gnu/packages/patches/fabric-tests.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/fabric-tests.patch b/gnu/packages/patches/fabric-tests.patch new file mode 100644 index 0000000000..4a0ca9f8f1 --- /dev/null +++ b/gnu/packages/patches/fabric-tests.patch @@ -0,0 +1,15 @@ +The `fab` excecutable doesn't exist during the test phase as it is created +dynamically during installation. Refer to the equivalent Python module +directly. + +--- a/tests/test_utils.py ++++ b/tests/test_utils.py +@@ -93,7 +93,7 @@ + # perform when they are allowed to bubble all the way to the top. So, we + # invoke a subprocess and look at its stderr instead. + with quiet(): +- result = local("fab -f tests/support/aborts.py kaboom", capture=True) ++ result = local("python -m fabric -f tests/support/aborts.py kaboom", capture=True) + # When error in #1318 is present, this has an extra "It burns!" at end of + # stderr string. + eq_(result.stderr, "Fatal error: It burns!\n\nAborting.") \ No newline at end of file -- cgit v1.2.3 From 5315fcfd773405506d38ec26dd85f05113611f70 Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Sat, 15 Apr 2017 18:17:27 +0200 Subject: gnu: Add adb. * gnu/packages/android.scm: New file. * gnu/packages/patches/libbase-fix-includes.patch: New file. * gnu/packages/patches/libbase-use-own-logging.patch: New file. * gnu/local.mk (GNU_SYSTEM_MODULES, dist_patch_DATA): Add them. Co-Authored-By: Marius Bakke --- gnu/local.mk | 3 + gnu/packages/android.scm | 300 +++++++++++++++++++++ gnu/packages/patches/libbase-fix-includes.patch | 71 +++++ gnu/packages/patches/libbase-use-own-logging.patch | 80 ++++++ 4 files changed, 454 insertions(+) create mode 100644 gnu/packages/android.scm create mode 100644 gnu/packages/patches/libbase-fix-includes.patch create mode 100644 gnu/packages/patches/libbase-use-own-logging.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index c719f0427e..9fd5b0f45c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -45,6 +45,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/adns.scm \ %D%/packages/algebra.scm \ %D%/packages/aidc.scm \ + %D%/packages/android.scm \ %D%/packages/animation.scm \ %D%/packages/anthy.scm \ %D%/packages/apl.scm \ @@ -689,6 +690,8 @@ dist_patch_DATA = \ %D%/packages/patches/liba52-link-with-libm.patch \ %D%/packages/patches/liba52-set-soname.patch \ %D%/packages/patches/liba52-use-mtune-not-mcpu.patch \ + %D%/packages/patches/libbase-fix-includes.patch \ + %D%/packages/patches/libbase-use-own-logging.patch \ %D%/packages/patches/libbonobo-activation-test-race.patch \ %D%/packages/patches/libcanberra-sound-theme-freedesktop.patch \ %D%/packages/patches/libdrm-symbol-check.patch \ diff --git a/gnu/packages/android.scm b/gnu/packages/android.scm new file mode 100644 index 0000000000..e23d0fd910 --- /dev/null +++ b/gnu/packages/android.scm @@ -0,0 +1,300 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2012 Stefan Handschuh +;;; Copyright © 2015 Kai-Chung Yan +;;; Copyright © 2016 Marius Bakke +;;; Copyright © 2017 Julien Lepiller +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages android) + #:use-module (guix packages) + #:use-module (guix git-download) + #:use-module (guix build-system gnu) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (gnu packages) + #:use-module (gnu packages tls)) + +;; The Makefiles that we add are largely based on the Debian +;; packages. They are licensed under GPL-2 and have copyright: +;; 2012, Stefan Handschuh +;; 2015, Kai-Chung Yan +;; Big thanks to them for laying the groundwork. + +;; The version tag is consistent between all repositories. +(define (android-platform-version) "7.1.2_r6") + +(define (android-platform-system-core version) + (origin + (method git-fetch) + (uri (git-reference + (url "https://android.googlesource.com/platform/system/core") + (commit (string-append "android-" version)))) + (file-name (string-append "android-platform-system-core-" + version "-checkout")) + (sha256 + (base32 + "0xc2n7jxrf1iw9cc278pijdfjix2fkiig5ws27f6rwp40zg5mrgg")))) + +(define liblog + (package + (name "liblog") + (version (android-platform-version)) + (source (android-platform-system-core version)) + (build-system gnu-build-system) + (arguments + `(#:tests? #f ; TODO. + #:make-flags '("CC=gcc") + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'enter-source + (lambda _ (chdir "liblog") #t)) + (add-after 'enter-source 'create-Makefile + (lambda _ + ;; No useful makefile is shipped, so we create one. + (with-output-to-file "Makefile" + (lambda _ + (display + (string-append + "NAME = liblog\n" + "SOURCES = log_event_list.c log_event_write.c" + " logger_write.c config_write.c logger_name.c" + " logger_lock.c fake_log_device.c fake_writer.c" + " event_tag_map.c\n" + + "CFLAGS += -fvisibility=hidden -fPIC\n" + "CPPFLAGS += -I../include -DFAKE_LOG_DEVICE=1" + ;; Keep these two in sync with "liblog/Android.bp". + " -DLIBLOG_LOG_TAG=1005" + " -DSNET_EVENT_LOG_TAG=1397638484\n" + "LDFLAGS += -shared -Wl,-soname,$(NAME).so.0 -lpthread\n" + + "build: $(SOURCES)\n" + " $(CC) $^ -o $(NAME).so.0 $(CFLAGS) $(CPPFLAGS) $(LDFLAGS)\n")) + #t)))) + (delete 'configure) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib"))) + (install-file "liblog.so.0" lib) + (with-directory-excursion lib + (symlink "liblog.so.0" "liblog.so")) + #t)))))) + (home-page "https://developer.android.com/") + (synopsis "Logging library from the Android platform.") + (description "@code{liblog} represents an interface to the volatile Android +Logging system for NDK (Native) applications and libraries and contain +interfaces for either writing or reading logs. The log buffers are divided up +in Main, System, Radio and Events sub-logs.") + (license license:asl2.0))) + +(define libbase + (package + (name "libbase") + (version (android-platform-version)) + (source (origin + (inherit (android-platform-system-core version)) + (patches + (search-patches "libbase-use-own-logging.patch" + "libbase-fix-includes.patch")))) + (build-system gnu-build-system) + (arguments + `(#:tests? #f ; TODO. + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'enter-source + (lambda _ (chdir "base") #t)) + (add-after 'enter-source 'create-Makefile + (lambda _ + ;; No useful makefile is shipped, so we create one. + (with-output-to-file "Makefile" + (lambda _ + (display + (string-append + "NAME = libbase\n" + "SOURCES = file.cpp logging.cpp parsenetaddress.cpp" + " stringprintf.cpp strings.cpp errors_unix.cpp\n" + + "CXXFLAGS += -std=gnu++11 -fPIC\n" + "CPPFLAGS += -Iinclude -I../include\n" + "LDFLAGS += -shared -Wl,-soname,$(NAME).so.0" + " -L.. -llog\n" + + "build: $(SOURCES)\n" + " $(CXX) $^ -o $(NAME).so.0 $(CXXFLAGS) $(CPPFLAGS)" + " $(LDFLAGS)\n")) + #t)))) + (delete 'configure) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib"))) + (install-file "libbase.so.0" lib) + (with-directory-excursion lib + (symlink "libbase.so.0" "libbase.so")) + (copy-recursively "include" out) + #t)))))) + (inputs `(("liblog" ,liblog))) + (home-page "https://developer.android.com/") + (synopsis "Android platform base library") + (description "@code{libbase} is a library in common use by the +various Android core host applications.") + (license license:asl2.0))) + +(define libcutils + (package + (name "libcutils") + (version (android-platform-version)) + (source (android-platform-system-core version)) + (build-system gnu-build-system) + (arguments + `(#:tests? #f ; TODO. + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'enter-source + (lambda _ (chdir "libcutils") #t)) + (add-after 'enter-source 'create-Makefile + (lambda _ + ;; No useful makefile is shipped, so we create one. + (with-output-to-file "Makefile" + (lambda _ + (display + (string-append + "NAME = libcutils\n" + "SOURCES = load_file.o socket_local_client_unix.o" + " socket_loopback_client_unix.o socket_network_client_unix.o" + " socket_loopback_server_unix.o socket_local_server_unix.o" + " sockets_unix.o socket_inaddr_any_server_unix.o" + " sockets.o\n" + "CC = gcc\n" + + "CFLAGS += -fPIC\n" + "CXXFLAGS += -std=gnu++11 -fPIC\n" + "CPPFLAGS += -Iinclude -I../include\n" + "LDFLAGS += -shared -Wl,-soname,$(NAME).so.0\n" + + "build: $(SOURCES)\n" + " $(CXX) $^ -o $(NAME).so.0 $(CXXFLAGS) $(CPPFLAGS)" + " $(LDFLAGS)\n")) + #t)))) + (delete 'configure) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib"))) + (install-file "libcutils.so.0" lib) + (with-directory-excursion lib + (symlink "libcutils.so.0" "libcutils.so")) + #t)))))) + (home-page "https://developer.android.com/") + (synopsis "Android platform c utils library") + (description "@code{libcutils} is a library in common use by the +various Android core host applications.") + (license license:asl2.0))) + +(define-public adb + (package + (name "adb") + (version (android-platform-version)) + (source (origin + (inherit (android-platform-system-core version)) + (patches + (search-patches "libbase-use-own-logging.patch" + "libbase-fix-includes.patch")))) + (build-system gnu-build-system) + (arguments + `(#:phases + (modify-phases %standard-phases + (add-after 'unpack 'enter-source + (lambda _ (chdir "adb") #t)) + (add-before 'build 'fix-clang + (lambda _ + ;; adb_client.h contains _Nonnull and _Nullable attributes, that + ;; are not understood by gcc. + (substitute* "adb_client.h" + (("_Nonnull") "") + (("_Nullable") "")) + #t)) + (add-before 'build 'fix-main + (lambda _ + ;; main.cpp used to be adb_main.cpp in the current directory + ;; rather than in its own subdirectory, but it was not fixed. + ;; This leads to some header files not being found anymore. + (copy-file "client/main.cpp" "adb_main.cpp") + #t)) + (add-after 'enter-source 'create-Makefile + (lambda* (#:key outputs #:allow-other-keys) + ;; No useful makefile is shipped, so we create one. + (with-output-to-file "Makefile" + (lambda _ + (display + (string-append + ;; Common for all components. + "CXXFLAGS += -std=gnu++14 -fpermissive\n" + "CPPFLAGS += -I../include -I../base/include -I. -DADB_HOST=1 " + "-DADB_REVISION='\"" ,version "\"' -fPIC\n" + "LDFLAGS += -lcrypto -lpthread -lbase -lcutils -L. -ladb\n" + + ;; Libadb specifics. + "LIBADB_SOURCES = adb.cpp adb_auth.cpp adb_io.cpp " + "adb_listeners.cpp adb_trace.cpp adb_utils.cpp fdevent.cpp " + "sockets.cpp transport.cpp transport_local.cpp transport_usb.cpp " + "get_my_path_linux.cpp sysdeps_unix.cpp usb_linux.cpp " + "adb_auth_host.cpp diagnose_usb.cpp services.cpp " + "shell_service_protocol.cpp bugreport.cpp line_printer.cpp\n" + + "LIBADB_LDFLAGS += -shared -Wl,-soname,libadb.so.0 " + "-lcrypto -lpthread -lbase\n" + + ;; Adb specifics. + "ADB_SOURCES = adb_main.cpp console.cpp commandline.cpp " + "adb_client.cpp file_sync_client.cpp\n" + "ADB_LDFLAGS += -Wl,-rpath=" (assoc-ref outputs "out") "/lib\n" + + "build: libadb $(ADB_SOURCES)\n" + " $(CXX) $(ADB_SOURCES) -o adb $(CXXFLAGS) $(CPPFLAGS) " + "$(ADB_LDFLAGS) $(LDFLAGS)\n" + + "libadb: $(LIBADB_SOURCES)\n" + " $(CXX) $^ -o libadb.so.0 $(CXXFLAGS) $(CPPFLAGS) " + "$(LIBADB_LDFLAGS)\n" + " ln -sv libadb.so.0 libadb.so\n")) + #t)))) + (delete 'configure) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib")) + (bin (string-append out "/bin"))) + (install-file "libadb.so.0" lib) + (install-file "adb" bin) + (with-directory-excursion lib + (symlink "libadb.so.0" "libadb.so")) + #t)))) + ;; Test suite must be run with attached devices + #:tests? #f)) + (inputs + `(("libbase" ,libbase) + ("libcutils" ,libcutils) + ("openssl" ,openssl))) + (home-page "https://developer.android.com/studio/command-line/adb.html") + (synopsis "Android Debug Bridge") + (description + "@command{adb} is a versatile command line tool that lets you communicate +with an emulator instance or connected Android device. It facilitates a variety +of device actions, such as installing and debugging apps, and it provides access +to a Unix shell that can run commands on the connected device or emulator.") + (license license:asl2.0))) diff --git a/gnu/packages/patches/libbase-fix-includes.patch b/gnu/packages/patches/libbase-fix-includes.patch new file mode 100644 index 0000000000..3071a0c400 --- /dev/null +++ b/gnu/packages/patches/libbase-fix-includes.patch @@ -0,0 +1,71 @@ +This patch fixes the build of adb on linux. + +Copied from archlinux repository: +https://git.archlinux.org/svntogit/community.git/tree/trunk/fix_build.patch?h=packages/android-tools + +diff --git a/adb/sysdeps.h b/adb/sysdeps.h +index 75dcc86..867f3ec 100644 +--- a/adb/sysdeps.h ++++ b/adb/sysdeps.h +@@ -25,6 +25,7 @@ + #endif + + #include ++#include + + #include + #include +@@ -831,7 +832,16 @@ static __inline__ int adb_is_absolute_host_path(const char* path) { + + static __inline__ unsigned long adb_thread_id() + { +- return (unsigned long)gettid(); ++ // TODO: this function should be merged with GetThreadId ++#if defined(__BIONIC__) ++ return gettid(); ++#elif defined(__APPLE__) ++ return syscall(SYS_thread_selfid); ++#elif defined(__linux__) ++ return syscall(__NR_gettid); ++#elif defined(_WIN32) ++ return GetCurrentThreadId(); ++#endif + } + + #endif /* !_WIN32 */ +diff --git a/base/errors_unix.cpp b/base/errors_unix.cpp +index 296995e..48269b6 100644 +--- a/base/errors_unix.cpp ++++ b/base/errors_unix.cpp +@@ -17,6 +17,7 @@ + #include "android-base/errors.h" + + #include ++#include + + namespace android { + namespace base { +diff --git a/base/file.cpp b/base/file.cpp +index da1adba..91a3901 100644 +--- a/base/file.cpp ++++ b/base/file.cpp +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include + + #include + +diff --git a/base/logging.cpp b/base/logging.cpp +index 1741871..e97c7f1 100644 +--- a/base/logging.cpp ++++ b/base/logging.cpp +@@ -21,6 +21,7 @@ + #include "android-base/logging.h" + + #include ++#include + + // For getprogname(3) or program_invocation_short_name. + #if defined(__ANDROID__) || defined(__APPLE__) diff --git a/gnu/packages/patches/libbase-use-own-logging.patch b/gnu/packages/patches/libbase-use-own-logging.patch new file mode 100644 index 0000000000..f755bf9722 --- /dev/null +++ b/gnu/packages/patches/libbase-use-own-logging.patch @@ -0,0 +1,80 @@ +Patch copied from: +https://android.googlesource.com/platform/system/core/+/e5dd71a290f664d3f3bf0dd8a4bad411dc7ad416 + +From e5dd71a290f664d3f3bf0dd8a4bad411dc7ad416 Mon Sep 17 00:00:00 2001 +From: Elliott Hughes +Date: Thu, 28 Jul 2016 15:15:28 -0700 +Subject: [PATCH] libbase should use its own logging! + +Not doing so led to us using a bogus log tag. + +Bug: http://b/30281203 +Change-Id: I3ac91758a1a043146c65f2ae0f36fcfbe372c30f +--- + base/file.cpp | 11 +++++------ + base/logging.cpp | 3 +-- + 2 files changed, 6 insertions(+), 8 deletions(-) + +diff --git a/base/file.cpp b/base/file.cpp +index da1adba19..4e7ac82d1 100644 +--- a/base/file.cpp ++++ b/base/file.cpp +@@ -24,9 +24,8 @@ + #include + + #include "android-base/macros.h" // For TEMP_FAILURE_RETRY on Darwin. ++#include "android-base/logging.h" + #include "android-base/utf8.h" +-#define LOG_TAG "base.file" +-#include "cutils/log.h" + #include "utils/Compat.h" + + namespace android { +@@ -86,22 +85,22 @@ bool WriteStringToFile(const std::string& content, const std::string& path, + int flags = O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC | O_NOFOLLOW | O_BINARY; + int fd = TEMP_FAILURE_RETRY(open(path.c_str(), flags, mode)); + if (fd == -1) { +- ALOGE("android::WriteStringToFile open failed: %s", strerror(errno)); ++ PLOG(ERROR) << "android::WriteStringToFile open failed"; + return false; + } + + // We do an explicit fchmod here because we assume that the caller really + // meant what they said and doesn't want the umask-influenced mode. + if (fchmod(fd, mode) == -1) { +- ALOGE("android::WriteStringToFile fchmod failed: %s", strerror(errno)); ++ PLOG(ERROR) << "android::WriteStringToFile fchmod failed"; + return CleanUpAfterFailedWrite(path); + } + if (fchown(fd, owner, group) == -1) { +- ALOGE("android::WriteStringToFile fchown failed: %s", strerror(errno)); ++ PLOG(ERROR) << "android::WriteStringToFile fchown failed"; + return CleanUpAfterFailedWrite(path); + } + if (!WriteStringToFd(content, fd)) { +- ALOGE("android::WriteStringToFile write failed: %s", strerror(errno)); ++ PLOG(ERROR) << "android::WriteStringToFile write failed"; + return CleanUpAfterFailedWrite(path); + } + close(fd); +diff --git a/base/logging.cpp b/base/logging.cpp +index 769c266c9..959bb8b05 100644 +--- a/base/logging.cpp ++++ b/base/logging.cpp +@@ -43,12 +43,11 @@ + + #include "android-base/macros.h" + #include "android-base/strings.h" +-#include "cutils/threads.h" + + // Headers for LogMessage::LogLine. + #ifdef __ANDROID__ + #include +-#include "cutils/log.h" ++#include "log/log.h" + #else + #include + #include +-- +2.11.0 + -- cgit v1.2.3 From 90d118cab67c1171f78dbb8b0ef0282b12695579 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Wed, 19 Apr 2017 19:10:53 -0400 Subject: gnu: Delete unused patches. * gnu/packages/patches/icu4c-CVE-2014-6585.patch, gnu/packages/patches/icu4c-CVE-2015-1270.patch, gnu/packages/patches/icu4c-CVE-2015-4760.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. --- gnu/local.mk | 3 - gnu/packages/patches/icu4c-CVE-2014-6585.patch | 21 --- gnu/packages/patches/icu4c-CVE-2015-1270.patch | 15 -- gnu/packages/patches/icu4c-CVE-2015-4760.patch | 189 ------------------------- 4 files changed, 228 deletions(-) delete mode 100644 gnu/packages/patches/icu4c-CVE-2014-6585.patch delete mode 100644 gnu/packages/patches/icu4c-CVE-2015-1270.patch delete mode 100644 gnu/packages/patches/icu4c-CVE-2015-4760.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 9fd5b0f45c..6e0c3eb42a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -657,9 +657,6 @@ dist_patch_DATA = \ %D%/packages/patches/hypre-ldflags.patch \ %D%/packages/patches/icecat-avoid-bundled-libraries.patch \ %D%/packages/patches/icecat-binutils.patch \ - %D%/packages/patches/icu4c-CVE-2014-6585.patch \ - %D%/packages/patches/icu4c-CVE-2015-1270.patch \ - %D%/packages/patches/icu4c-CVE-2015-4760.patch \ %D%/packages/patches/icu4c-reset-keyword-list-iterator.patch \ %D%/packages/patches/id3lib-CVE-2007-4460.patch \ %D%/packages/patches/ilmbase-fix-tests.patch \ diff --git a/gnu/packages/patches/icu4c-CVE-2014-6585.patch b/gnu/packages/patches/icu4c-CVE-2014-6585.patch deleted file mode 100644 index d21a0d0ba1..0000000000 --- a/gnu/packages/patches/icu4c-CVE-2014-6585.patch +++ /dev/null @@ -1,21 +0,0 @@ -Copied from Debian. - -description: out-of-bounds read -origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6585 - ---- a/source/layout/LETableReference.h -+++ b/source/layout/LETableReference.h -@@ -322,7 +322,12 @@ LE_TRACE_TR("INFO: new RTAO") - } - - const T& operator()(le_uint32 i, LEErrorCode &success) const { -- return *getAlias(i,success); -+ const T *ret = getAlias(i,success); -+ if (LE_FAILURE(success) || ret==NULL) { -+ return *(new T()); -+ } else { -+ return *ret; -+ } - } - - size_t getOffsetFor(le_uint32 i, LEErrorCode &success) const { diff --git a/gnu/packages/patches/icu4c-CVE-2015-1270.patch b/gnu/packages/patches/icu4c-CVE-2015-1270.patch deleted file mode 100644 index 2a7658d36e..0000000000 --- a/gnu/packages/patches/icu4c-CVE-2015-1270.patch +++ /dev/null @@ -1,15 +0,0 @@ -Copied from Debian. - -diff --git a/source/common/ucnv_io.cpp b/source/common/ucnv_io.cpp -index 5dd35d8..4424664 100644 ---- a/source/common/ucnv_io.cpp -+++ b/source/common/ucnv_io.cpp -@@ -744,7 +744,7 @@ ucnv_io_getConverterName(const char *alias, UBool *containsOption, UErrorCode *p - * the name begins with 'x-'. If it does, strip it off and try - * again. This behaviour is similar to how ICU4J does it. - */ -- if (aliasTmp[0] == 'x' || aliasTmp[1] == '-') { -+ if (aliasTmp[0] == 'x' && aliasTmp[1] == '-') { - aliasTmp = aliasTmp+2; - } else { - break; diff --git a/gnu/packages/patches/icu4c-CVE-2015-4760.patch b/gnu/packages/patches/icu4c-CVE-2015-4760.patch deleted file mode 100644 index 77da283b7b..0000000000 --- a/gnu/packages/patches/icu4c-CVE-2015-4760.patch +++ /dev/null @@ -1,189 +0,0 @@ -Copied from Debian. - -Description: missing boundary checks in layout engine - It was discovered that ICU Layout Engine was missing multiple boundary checks. - These could lead to buffer overflows and memory corruption. A specially - crafted file could cause an application using ICU to parse untrusted font - files to crash and, possibly, execute arbitrary code. -Author: Laszlo Boszormenyi (GCS) -Origin: upstream, http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/3f9845510b47 -Reviewed-By: srl, bae, mschoene -Forwarded: not-needed -Last-Update: 2015-07-30 - ---- - ---- icu-52.1.orig/source/layout/ContextualGlyphInsertionProc2.cpp -+++ icu-52.1/source/layout/ContextualGlyphInsertionProc2.cpp -@@ -82,6 +82,10 @@ le_uint16 ContextualGlyphInsertionProces - - le_int16 markIndex = SWAPW(entry->markedInsertionListIndex); - if (markIndex > 0) { -+ if (markGlyph < 0 || markGlyph >= glyphStorage.getGlyphCount()) { -+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR; -+ return 0; -+ } - le_int16 count = (flags & cgiMarkedInsertCountMask) >> 5; - le_bool isKashidaLike = (flags & cgiMarkedIsKashidaLike); - le_bool isBefore = (flags & cgiMarkInsertBefore); -@@ -90,6 +94,10 @@ le_uint16 ContextualGlyphInsertionProces - - le_int16 currIndex = SWAPW(entry->currentInsertionListIndex); - if (currIndex > 0) { -+ if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) { -+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR; -+ return 0; -+ } - le_int16 count = flags & cgiCurrentInsertCountMask; - le_bool isKashidaLike = (flags & cgiCurrentIsKashidaLike); - le_bool isBefore = (flags & cgiCurrentInsertBefore); ---- icu-52.1.orig/source/layout/ContextualGlyphSubstProc.cpp -+++ icu-52.1/source/layout/ContextualGlyphSubstProc.cpp -@@ -51,6 +51,10 @@ ByteOffset ContextualGlyphSubstitutionPr - WordOffset currOffset = SWAPW(entry->currOffset); - - if (markOffset != 0 && LE_SUCCESS(success)) { -+ if (markGlyph < 0 || markGlyph >= glyphStorage.getGlyphCount()) { -+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR; -+ return 0; -+ } - LEGlyphID mGlyph = glyphStorage[markGlyph]; - TTGlyphID newGlyph = SWAPW(int16Table.getObject(markOffset + LE_GET_GLYPH(mGlyph), success)); // whew. - -@@ -58,6 +62,10 @@ ByteOffset ContextualGlyphSubstitutionPr - } - - if (currOffset != 0) { -+ if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) { -+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR; -+ return 0; -+ } - LEGlyphID thisGlyph = glyphStorage[currGlyph]; - TTGlyphID newGlyph = SWAPW(int16Table.getObject(currOffset + LE_GET_GLYPH(thisGlyph), success)); // whew. - ---- icu-52.1.orig/source/layout/ContextualGlyphSubstProc2.cpp -+++ icu-52.1/source/layout/ContextualGlyphSubstProc2.cpp -@@ -45,17 +45,25 @@ le_uint16 ContextualGlyphSubstitutionPro - if(LE_FAILURE(success)) return 0; - le_uint16 newState = SWAPW(entry->newStateIndex); - le_uint16 flags = SWAPW(entry->flags); -- le_int16 markIndex = SWAPW(entry->markIndex); -- le_int16 currIndex = SWAPW(entry->currIndex); -+ le_uint16 markIndex = SWAPW(entry->markIndex); -+ le_uint16 currIndex = SWAPW(entry->currIndex); - -- if (markIndex != -1) { -+ if (markIndex != 0x0FFFF) { -+ if (markGlyph < 0 || markGlyph >= glyphStorage.getGlyphCount()) { -+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR; -+ return 0; -+ } - le_uint32 offset = SWAPL(perGlyphTable(markIndex, success)); - LEGlyphID mGlyph = glyphStorage[markGlyph]; - TTGlyphID newGlyph = lookup(offset, mGlyph, success); - glyphStorage[markGlyph] = LE_SET_GLYPH(mGlyph, newGlyph); - } - -- if (currIndex != -1) { -+ if (currIndex != 0x0FFFF) { -+ if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) { -+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR; -+ return 0; -+ } - le_uint32 offset = SWAPL(perGlyphTable(currIndex, success)); - LEGlyphID thisGlyph = glyphStorage[currGlyph]; - TTGlyphID newGlyph = lookup(offset, thisGlyph, success); ---- icu-52.1.orig/source/layout/IndicRearrangementProcessor.cpp -+++ icu-52.1/source/layout/IndicRearrangementProcessor.cpp -@@ -45,6 +45,11 @@ ByteOffset IndicRearrangementProcessor:: - ByteOffset newState = SWAPW(entry->newStateOffset); - IndicRearrangementFlags flags = (IndicRearrangementFlags) SWAPW(entry->flags); - -+ if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) { -+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR; -+ return 0; -+ } -+ - if (flags & irfMarkFirst) { - firstGlyph = currGlyph; - } ---- icu-52.1.orig/source/layout/IndicRearrangementProcessor2.cpp -+++ icu-52.1/source/layout/IndicRearrangementProcessor2.cpp -@@ -43,6 +43,11 @@ le_uint16 IndicRearrangementProcessor2:: - le_uint16 newState = SWAPW(entry->newStateIndex); // index to the new state - IndicRearrangementFlags flags = (IndicRearrangementFlags) SWAPW(entry->flags); - -+ if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) { -+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR; -+ return 0; -+ } -+ - if (flags & irfMarkFirst) { - firstGlyph = currGlyph; - } ---- icu-52.1.orig/source/layout/LigatureSubstProc.cpp -+++ icu-52.1/source/layout/LigatureSubstProc.cpp -@@ -48,7 +48,7 @@ ByteOffset LigatureSubstitutionProcessor - const LigatureSubstitutionStateEntry *entry = entryTable.getAlias(index, success); - - ByteOffset newState = SWAPW(entry->newStateOffset); -- le_int16 flags = SWAPW(entry->flags); -+ le_uint16 flags = SWAPW(entry->flags); - - if (flags & lsfSetComponent) { - if (++m >= nComponents) { ---- icu-52.1.orig/source/layout/StateTableProcessor.cpp -+++ icu-52.1/source/layout/StateTableProcessor.cpp -@@ -60,6 +60,7 @@ void StateTableProcessor::process(LEGlyp - if (currGlyph == glyphCount) { - // XXX: How do we handle EOT vs. EOL? - classCode = classCodeEOT; -+ break; - } else { - TTGlyphID glyphCode = (TTGlyphID) LE_GET_GLYPH(glyphStorage[currGlyph]); - ---- icu-52.1.orig/source/layout/StateTableProcessor2.cpp -+++ icu-52.1/source/layout/StateTableProcessor2.cpp -@@ -78,6 +78,7 @@ void StateTableProcessor2::process(LEGly - if (currGlyph == glyphCount || currGlyph == -1) { - // XXX: How do we handle EOT vs. EOL? - classCode = classCodeEOT; -+ break; - } else { - LEGlyphID gid = glyphStorage[currGlyph]; - TTGlyphID glyphCode = (TTGlyphID) LE_GET_GLYPH(gid); -@@ -109,6 +110,7 @@ void StateTableProcessor2::process(LEGly - if (currGlyph == glyphCount || currGlyph == -1) { - // XXX: How do we handle EOT vs. EOL? - classCode = classCodeEOT; -+ break; - } else { - LEGlyphID gid = glyphStorage[currGlyph]; - TTGlyphID glyphCode = (TTGlyphID) LE_GET_GLYPH(gid); -@@ -146,6 +148,7 @@ void StateTableProcessor2::process(LEGly - if (currGlyph == glyphCount || currGlyph == -1) { - // XXX: How do we handle EOT vs. EOL? - classCode = classCodeEOT; -+ break; - } else if(currGlyph > glyphCount) { - // note if > glyphCount, we've run off the end (bad font) - currGlyph = glyphCount; -@@ -186,6 +189,7 @@ void StateTableProcessor2::process(LEGly - if (currGlyph == glyphCount || currGlyph == -1) { - // XXX: How do we handle EOT vs. EOL? - classCode = classCodeEOT; -+ break; - } else { - TTGlyphID glyphCode = (TTGlyphID) LE_GET_GLYPH(glyphStorage[currGlyph]); - if (glyphCode == 0xFFFF) { ---- icu-52.1.orig/source/layout/StateTables.h -+++ icu-52.1/source/layout/StateTables.h -@@ -101,7 +101,7 @@ typedef le_uint8 EntryTableIndex; - struct StateEntry - { - ByteOffset newStateOffset; -- le_int16 flags; -+ le_uint16 flags; - }; - - typedef le_uint16 EntryTableIndex2; -- cgit v1.2.3 From e795a3d2ce482d808f94e5be148e90d81c3765e0 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Wed, 19 Apr 2017 19:22:50 -0400 Subject: gnu: icu4c: Fix CVE-2017-{7867,7868}. * gnu/packages/patches/icu4c-CVE-2017-7867-CVE-2017-7868.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/icu4c.scm (icu4c/fixed)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/icu4c.scm | 3 +- .../icu4c-CVE-2017-7867-CVE-2017-7868.patch | 164 +++++++++++++++++++++ 3 files changed, 167 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/icu4c-CVE-2017-7867-CVE-2017-7868.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 6e0c3eb42a..90268c4856 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -657,6 +657,7 @@ dist_patch_DATA = \ %D%/packages/patches/hypre-ldflags.patch \ %D%/packages/patches/icecat-avoid-bundled-libraries.patch \ %D%/packages/patches/icecat-binutils.patch \ + %D%/packages/patches/icu4c-CVE-2017-7867-CVE-2017-7868.patch \ %D%/packages/patches/icu4c-reset-keyword-list-iterator.patch \ %D%/packages/patches/id3lib-CVE-2007-4460.patch \ %D%/packages/patches/ilmbase-fix-tests.patch \ diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm index 2b51441002..9f465b1022 100644 --- a/gnu/packages/icu4c.scm +++ b/gnu/packages/icu4c.scm @@ -73,4 +73,5 @@ C/C++ part.") (source (origin (inherit (package-source icu4c)) (patches - (search-patches "icu4c-reset-keyword-list-iterator.patch")))))) + (search-patches "icu4c-CVE-2017-7867-CVE-2017-7868.patch" + "icu4c-reset-keyword-list-iterator.patch")))))) diff --git a/gnu/packages/patches/icu4c-CVE-2017-7867-CVE-2017-7868.patch b/gnu/packages/patches/icu4c-CVE-2017-7867-CVE-2017-7868.patch new file mode 100644 index 0000000000..4db8f27998 --- /dev/null +++ b/gnu/packages/patches/icu4c-CVE-2017-7867-CVE-2017-7868.patch @@ -0,0 +1,164 @@ +Fix CVE-2017-7867 and CVE-2017-7868: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7867 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7868 + +Patch copied from upstream source repository: + +http://bugs.icu-project.org/trac/changeset/39671 + +Index: icu/source/common/utext.cpp +=================================================================== +--- icu/source/common/utext.cpp (revision 39670) ++++ icu/source/common/utext.cpp (revision 39671) +@@ -848,7 +848,13 @@ + + // Chunk size. +-// Must be less than 85, because of byte mapping from UChar indexes to native indexes. +-// Worst case is three native bytes to one UChar. (Supplemenaries are 4 native bytes +-// to two UChars.) ++// Must be less than 42 (256/6), because of byte mapping from UChar indexes to native indexes. ++// Worst case there are six UTF-8 bytes per UChar. ++// obsolete 6 byte form fd + 5 trails maps to fffd ++// obsolete 5 byte form fc + 4 trails maps to fffd ++// non-shortest 4 byte forms maps to fffd ++// normal supplementaries map to a pair of utf-16, two utf8 bytes per utf-16 unit ++// mapToUChars array size must allow for the worst case, 6. ++// This could be brought down to 4, by treating fd and fc as pure illegal, ++// rather than obsolete lead bytes. But that is not compatible with the utf-8 access macros. + // + enum { UTF8_TEXT_CHUNK_SIZE=32 }; +@@ -890,5 +896,5 @@ + // one for a supplementary starting in the last normal position, + // and one for an entry for the buffer limit position. +- uint8_t mapToUChars[UTF8_TEXT_CHUNK_SIZE*3+6]; // Map native offset from bufNativeStart to ++ uint8_t mapToUChars[UTF8_TEXT_CHUNK_SIZE*6+6]; // Map native offset from bufNativeStart to + // correspoding offset in filled part of buf. + int32_t align; +@@ -1033,4 +1039,5 @@ + u8b = (UTF8Buf *)ut->p; // the current buffer + mapIndex = ix - u8b->toUCharsMapStart; ++ U_ASSERT(mapIndex < (int32_t)sizeof(UTF8Buf::mapToUChars)); + ut->chunkOffset = u8b->mapToUChars[mapIndex] - u8b->bufStartIdx; + return TRUE; +@@ -1299,4 +1306,8 @@ + // If index is at the end, there is no character there to look at. + if (ix != ut->b) { ++ // Note: this function will only move the index back if it is on a trail byte ++ // and there is a preceding lead byte and the sequence from the lead ++ // through this trail could be part of a valid UTF-8 sequence ++ // Otherwise the index remains unchanged. + U8_SET_CP_START(s8, 0, ix); + } +@@ -1312,5 +1323,8 @@ + uint8_t *mapToNative = u8b->mapToNative; + uint8_t *mapToUChars = u8b->mapToUChars; +- int32_t toUCharsMapStart = ix - (UTF8_TEXT_CHUNK_SIZE*3 + 1); ++ int32_t toUCharsMapStart = ix - sizeof(UTF8Buf::mapToUChars) + 1; ++ // Note that toUCharsMapStart can be negative. Happens when the remaining ++ // text from current position to the beginning is less than the buffer size. ++ // + 1 because mapToUChars must have a slot at the end for the bufNativeLimit entry. + int32_t destIx = UTF8_TEXT_CHUNK_SIZE+2; // Start in the overflow region + // at end of buffer to leave room +@@ -1339,4 +1353,5 @@ + // Special case ASCII range for speed. + buf[destIx] = (UChar)c; ++ U_ASSERT(toUCharsMapStart <= srcIx); + mapToUChars[srcIx - toUCharsMapStart] = (uint8_t)destIx; + mapToNative[destIx] = (uint8_t)(srcIx - toUCharsMapStart); +@@ -1368,4 +1383,5 @@ + mapToUChars[sIx-- - toUCharsMapStart] = (uint8_t)destIx; + } while (sIx >= srcIx); ++ U_ASSERT(toUCharsMapStart <= (srcIx+1)); + + // Set native indexing limit to be the current position. +@@ -1542,4 +1558,5 @@ + U_ASSERT(index<=ut->chunkNativeLimit); + int32_t mapIndex = index - u8b->toUCharsMapStart; ++ U_ASSERT(mapIndex < (int32_t)sizeof(UTF8Buf::mapToUChars)); + int32_t offset = u8b->mapToUChars[mapIndex] - u8b->bufStartIdx; + U_ASSERT(offset>=0 && offset<=ut->chunkLength); +Index: icu/source/test/intltest/utxttest.cpp +=================================================================== +--- icu/source/test/intltest/utxttest.cpp (revision 39670) ++++ icu/source/test/intltest/utxttest.cpp (revision 39671) +@@ -68,4 +68,6 @@ + case 7: name = "Ticket12130"; + if (exec) Ticket12130(); break; ++ case 8: name = "Ticket12888"; ++ if (exec) Ticket12888(); break; + default: name = ""; break; + } +@@ -1584,2 +1586,62 @@ + utext_close(&ut); + } ++ ++// Ticket 12888: bad handling of illegal utf-8 containing many instances of the archaic, now illegal, ++// six byte utf-8 forms. Original implementation had an assumption that ++// there would be at most three utf-8 bytes per UTF-16 code unit. ++// The five and six byte sequences map to a single replacement character. ++ ++void UTextTest::Ticket12888() { ++ const char *badString = ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" ++ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"; ++ ++ UErrorCode status = U_ZERO_ERROR; ++ LocalUTextPointer ut(utext_openUTF8(NULL, badString, -1, &status)); ++ TEST_SUCCESS(status); ++ for (;;) { ++ UChar32 c = utext_next32(ut.getAlias()); ++ if (c == U_SENTINEL) { ++ break; ++ } ++ } ++ int32_t endIdx = utext_getNativeIndex(ut.getAlias()); ++ if (endIdx != (int32_t)strlen(badString)) { ++ errln("%s:%d expected=%d, actual=%d", __FILE__, __LINE__, strlen(badString), endIdx); ++ return; ++ } ++ ++ for (int32_t prevIndex = endIdx; prevIndex>0;) { ++ UChar32 c = utext_previous32(ut.getAlias()); ++ int32_t currentIndex = utext_getNativeIndex(ut.getAlias()); ++ if (c != 0xfffd) { ++ errln("%s:%d (expected, actual, index) = (%d, %d, %d)\n", ++ __FILE__, __LINE__, 0xfffd, c, currentIndex); ++ break; ++ } ++ if (currentIndex != prevIndex - 6) { ++ errln("%s:%d: wrong index. Expected, actual = %d, %d", ++ __FILE__, __LINE__, prevIndex - 6, currentIndex); ++ break; ++ } ++ prevIndex = currentIndex; ++ } ++} +Index: icu/source/test/intltest/utxttest.h +=================================================================== +--- icu/source/test/intltest/utxttest.h (revision 39670) ++++ icu/source/test/intltest/utxttest.h (revision 39671) +@@ -39,4 +39,5 @@ + void Ticket10983(); + void Ticket12130(); ++ void Ticket12888(); + + private: -- cgit v1.2.3 From dfa663c963a7c0745f18cbfab4b45eb335742602 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 7 Apr 2017 09:03:28 -0400 Subject: gnu: qemu: Update to 2.9.0 [security fixes]. Fixes CVE-2017-{5857,5973,5987,6058,6505,7377,7471,7718}. * gnu/packages/qemu.scm (qemu): Update to 2.9.0. [source]: Remove obsolete patches. * gnu/packages/patches/qemu-CVE-2016-10155.patch, gnu/packages/patches/qemu-CVE-2017-5525.patch, gnu/packages/patches/qemu-CVE-2017-5526.patch, gnu/packages/patches/qemu-CVE-2017-5552.patch, gnu/packages/patches/qemu-CVE-2017-5578.patch, gnu/packages/patches/qemu-CVE-2017-5579.patch, gnu/packages/patches/qemu-CVE-2017-5856.patch, gnu/packages/patches/qemu-CVE-2017-5898.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. --- gnu/local.mk | 8 --- gnu/packages/patches/qemu-CVE-2016-10155.patch | 49 ------------------- gnu/packages/patches/qemu-CVE-2017-5525.patch | 55 --------------------- gnu/packages/patches/qemu-CVE-2017-5526.patch | 58 ---------------------- gnu/packages/patches/qemu-CVE-2017-5552.patch | 44 ----------------- gnu/packages/patches/qemu-CVE-2017-5578.patch | 39 --------------- gnu/packages/patches/qemu-CVE-2017-5579.patch | 44 ----------------- gnu/packages/patches/qemu-CVE-2017-5856.patch | 68 -------------------------- gnu/packages/patches/qemu-CVE-2017-5898.patch | 44 ----------------- gnu/packages/qemu.scm | 13 +---- 10 files changed, 2 insertions(+), 420 deletions(-) delete mode 100644 gnu/packages/patches/qemu-CVE-2016-10155.patch delete mode 100644 gnu/packages/patches/qemu-CVE-2017-5525.patch delete mode 100644 gnu/packages/patches/qemu-CVE-2017-5526.patch delete mode 100644 gnu/packages/patches/qemu-CVE-2017-5552.patch delete mode 100644 gnu/packages/patches/qemu-CVE-2017-5578.patch delete mode 100644 gnu/packages/patches/qemu-CVE-2017-5579.patch delete mode 100644 gnu/packages/patches/qemu-CVE-2017-5856.patch delete mode 100644 gnu/packages/patches/qemu-CVE-2017-5898.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 90268c4856..f38126251f 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -898,14 +898,6 @@ dist_patch_DATA = \ %D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \ %D%/packages/patches/python-pygpgme-fix-pinentry-tests.patch \ %D%/packages/patches/python2-subprocess32-disable-input-test.patch \ - %D%/packages/patches/qemu-CVE-2016-10155.patch \ - %D%/packages/patches/qemu-CVE-2017-5525.patch \ - %D%/packages/patches/qemu-CVE-2017-5526.patch \ - %D%/packages/patches/qemu-CVE-2017-5552.patch \ - %D%/packages/patches/qemu-CVE-2017-5578.patch \ - %D%/packages/patches/qemu-CVE-2017-5579.patch \ - %D%/packages/patches/qemu-CVE-2017-5856.patch \ - %D%/packages/patches/qemu-CVE-2017-5898.patch \ %D%/packages/patches/qt4-ldflags.patch \ %D%/packages/patches/quickswitch-fix-dmenu-check.patch \ %D%/packages/patches/rapicorn-isnan.patch \ diff --git a/gnu/packages/patches/qemu-CVE-2016-10155.patch b/gnu/packages/patches/qemu-CVE-2016-10155.patch deleted file mode 100644 index 825edaa815..0000000000 --- a/gnu/packages/patches/qemu-CVE-2016-10155.patch +++ /dev/null @@ -1,49 +0,0 @@ -From eb7a20a3616085d46aa6b4b4224e15587ec67e6e Mon Sep 17 00:00:00 2001 -From: Li Qiang -Date: Mon, 28 Nov 2016 17:49:04 -0800 -Subject: [PATCH] watchdog: 6300esb: add exit function - -When the Intel 6300ESB watchdog is hot unplug. The timer allocated -in realize isn't freed thus leaking memory leak. This patch avoid -this through adding the exit function. - -http://git.qemu.org/?p=qemu.git;a=patch;h=eb7a20a3616085d46aa6b4b4224e15587ec67e6e -this patch is from qemu-git. - -Signed-off-by: Li Qiang -Message-Id: <583cde9c.3223ed0a.7f0c2.886e@mx.google.com> -Signed-off-by: Paolo Bonzini ---- - hw/watchdog/wdt_i6300esb.c | 9 +++++++++ - 1 files changed, 9 insertions(+), 0 deletions(-) - -diff --git a/hw/watchdog/wdt_i6300esb.c b/hw/watchdog/wdt_i6300esb.c -index a83d951..49b3cd1 100644 ---- a/hw/watchdog/wdt_i6300esb.c -+++ b/hw/watchdog/wdt_i6300esb.c -@@ -428,6 +428,14 @@ static void i6300esb_realize(PCIDevice *dev, Error **errp) - /* qemu_register_coalesced_mmio (addr, 0x10); ? */ - } - -+static void i6300esb_exit(PCIDevice *dev) -+{ -+ I6300State *d = WATCHDOG_I6300ESB_DEVICE(dev); -+ -+ timer_del(d->timer); -+ timer_free(d->timer); -+} -+ - static WatchdogTimerModel model = { - .wdt_name = "i6300esb", - .wdt_description = "Intel 6300ESB", -@@ -441,6 +449,7 @@ static void i6300esb_class_init(ObjectClass *klass, void *data) - k->config_read = i6300esb_config_read; - k->config_write = i6300esb_config_write; - k->realize = i6300esb_realize; -+ k->exit = i6300esb_exit; - k->vendor_id = PCI_VENDOR_ID_INTEL; - k->device_id = PCI_DEVICE_ID_INTEL_ESB_9; - k->class_id = PCI_CLASS_SYSTEM_OTHER; --- -1.7.0.4 - diff --git a/gnu/packages/patches/qemu-CVE-2017-5525.patch b/gnu/packages/patches/qemu-CVE-2017-5525.patch deleted file mode 100644 index d0c0c82a4a..0000000000 --- a/gnu/packages/patches/qemu-CVE-2017-5525.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 12351a91da97b414eec8cdb09f1d9f41e535a401 Mon Sep 17 00:00:00 2001 -From: Li Qiang -Date: Wed, 14 Dec 2016 18:30:21 -0800 -Subject: [PATCH] audio: ac97: add exit function -MIME-Version: 1.0 -Content-Type: text/plain; charset=utf8 -Content-Transfer-Encoding: 8bit - -http://git.qemu.org/?p=qemu.git;a=patch;h=12351a91da97b414eec8cdb09f1d9f41e535a401 -this patch is from qemu-git - -Currently the ac97 device emulation doesn't have a exit function, -hot unplug this device will leak some memory. Add a exit function to -avoid this. - -Signed-off-by: Li Qiang -Reviewed-by: Marc-André Lureau -Message-id: 58520052.4825ed0a.27a71.6cae@mx.google.com -Signed-off-by: Gerd Hoffmann ---- - hw/audio/ac97.c | 11 +++++++++++ - 1 files changed, 11 insertions(+), 0 deletions(-) - -diff --git a/hw/audio/ac97.c b/hw/audio/ac97.c -index cbd959e..c306575 100644 ---- a/hw/audio/ac97.c -+++ b/hw/audio/ac97.c -@@ -1387,6 +1387,16 @@ static void ac97_realize(PCIDevice *dev, Error **errp) - ac97_on_reset (&s->dev.qdev); - } - -+static void ac97_exit(PCIDevice *dev) -+{ -+ AC97LinkState *s = DO_UPCAST(AC97LinkState, dev, dev); -+ -+ AUD_close_in(&s->card, s->voice_pi); -+ AUD_close_out(&s->card, s->voice_po); -+ AUD_close_in(&s->card, s->voice_mc); -+ AUD_remove_card(&s->card); -+} -+ - static int ac97_init (PCIBus *bus) - { - pci_create_simple (bus, -1, "AC97"); -@@ -1404,6 +1414,7 @@ static void ac97_class_init (ObjectClass *klass, void *data) - PCIDeviceClass *k = PCI_DEVICE_CLASS (klass); - - k->realize = ac97_realize; -+ k->exit = ac97_exit; - k->vendor_id = PCI_VENDOR_ID_INTEL; - k->device_id = PCI_DEVICE_ID_INTEL_82801AA_5; - k->revision = 0x01; --- -1.7.0.4 - diff --git a/gnu/packages/patches/qemu-CVE-2017-5526.patch b/gnu/packages/patches/qemu-CVE-2017-5526.patch deleted file mode 100644 index 5a6d796458..0000000000 --- a/gnu/packages/patches/qemu-CVE-2017-5526.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da Mon Sep 17 00:00:00 2001 -From: Li Qiang -Date: Wed, 14 Dec 2016 18:32:22 -0800 -Subject: [PATCH] audio: es1370: add exit function -MIME-Version: 1.0 -Content-Type: text/plain; charset=utf8 -Content-Transfer-Encoding: 8bit - -http://git.qemu.org/?p=qemu.git;a=patch;h=069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da -this patch is from qemu-git. - -Currently the es1370 device emulation doesn't have a exit function, -hot unplug this device will leak some memory. Add a exit function to -avoid this. - -Signed-off-by: Li Qiang -Reviewed-by: Marc-André Lureau -Message-id: 585200c9.a968ca0a.1ab80.4c98@mx.google.com -Signed-off-by: Gerd Hoffmann ---- - hw/audio/es1370.c | 14 ++++++++++++++ - 1 files changed, 14 insertions(+), 0 deletions(-) - -diff --git a/hw/audio/es1370.c b/hw/audio/es1370.c -index 8449b5f..883ec69 100644 ---- a/hw/audio/es1370.c -+++ b/hw/audio/es1370.c -@@ -1041,6 +1041,19 @@ static void es1370_realize(PCIDevice *dev, Error **errp) - es1370_reset (s); - } - -+static void es1370_exit(PCIDevice *dev) -+{ -+ ES1370State *s = ES1370(dev); -+ int i; -+ -+ for (i = 0; i < 2; ++i) { -+ AUD_close_out(&s->card, s->dac_voice[i]); -+ } -+ -+ AUD_close_in(&s->card, s->adc_voice); -+ AUD_remove_card(&s->card); -+} -+ - static int es1370_init (PCIBus *bus) - { - pci_create_simple (bus, -1, TYPE_ES1370); -@@ -1053,6 +1066,7 @@ static void es1370_class_init (ObjectClass *klass, void *data) - PCIDeviceClass *k = PCI_DEVICE_CLASS (klass); - - k->realize = es1370_realize; -+ k->exit = es1370_exit; - k->vendor_id = PCI_VENDOR_ID_ENSONIQ; - k->device_id = PCI_DEVICE_ID_ENSONIQ_ES1370; - k->class_id = PCI_CLASS_MULTIMEDIA_AUDIO; --- -1.7.0.4 - diff --git a/gnu/packages/patches/qemu-CVE-2017-5552.patch b/gnu/packages/patches/qemu-CVE-2017-5552.patch deleted file mode 100644 index 50911f4f36..0000000000 --- a/gnu/packages/patches/qemu-CVE-2017-5552.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 33243031dad02d161225ba99d782616da133f689 Mon Sep 17 00:00:00 2001 -From: Li Qiang -Date: Thu, 29 Dec 2016 03:11:26 -0500 -Subject: [PATCH] virtio-gpu-3d: fix memory leak in resource attach backing -MIME-Version: 1.0 -Content-Type: text/plain; charset=utf8 -Content-Transfer-Encoding: 8bit - -If the virgl_renderer_resource_attach_iov function fails the -'res_iovs' will be leaked. Add check of the return value to -free the 'res_iovs' when failing. - -http://git.qemu.org/?p=qemu.git;a=patch;h=33243031dad02d161225ba99d782616da133f689 -this patch is from qemu-git. - -Signed-off-by: Li Qiang -Reviewed-by: Marc-André Lureau -Message-id: 1482999086-59795-1-git-send-email-liq3ea@gmail.com -Signed-off-by: Gerd Hoffmann ---- - hw/display/virtio-gpu-3d.c | 7 +++++-- - 1 files changed, 5 insertions(+), 2 deletions(-) - -diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c -index e29f099..b13ced3 100644 ---- a/hw/display/virtio-gpu-3d.c -+++ b/hw/display/virtio-gpu-3d.c -@@ -291,8 +291,11 @@ static void virgl_resource_attach_backing(VirtIOGPU *g, - return; - } - -- virgl_renderer_resource_attach_iov(att_rb.resource_id, -- res_iovs, att_rb.nr_entries); -+ ret = virgl_renderer_resource_attach_iov(att_rb.resource_id, -+ res_iovs, att_rb.nr_entries); -+ -+ if (ret != 0) -+ virtio_gpu_cleanup_mapping_iov(res_iovs, att_rb.nr_entries); - } - - static void virgl_resource_detach_backing(VirtIOGPU *g, --- -1.7.0.4 - diff --git a/gnu/packages/patches/qemu-CVE-2017-5578.patch b/gnu/packages/patches/qemu-CVE-2017-5578.patch deleted file mode 100644 index 05655bcd98..0000000000 --- a/gnu/packages/patches/qemu-CVE-2017-5578.patch +++ /dev/null @@ -1,39 +0,0 @@ -http://git.qemu.org/?p=qemu.git;a=patch;h=204f01b30975923c64006f8067f0937b91eea68b -this patch is from qemu-git. - - -From 204f01b30975923c64006f8067f0937b91eea68b Mon Sep 17 00:00:00 2001 -From: Li Qiang -Date: Thu, 29 Dec 2016 04:28:41 -0500 -Subject: [PATCH] virtio-gpu: fix memory leak in resource attach backing - -In the resource attach backing function, everytime it will -allocate 'res->iov' thus can leading a memory leak. This -patch avoid this. - -Signed-off-by: Li Qiang -Message-id: 1483003721-65360-1-git-send-email-liq3ea@gmail.com -Signed-off-by: Gerd Hoffmann ---- - hw/display/virtio-gpu.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c -index 6a26258cac..ca88cf478d 100644 ---- a/hw/display/virtio-gpu.c -+++ b/hw/display/virtio-gpu.c -@@ -714,6 +714,11 @@ virtio_gpu_resource_attach_backing(VirtIOGPU *g, - return; - } - -+ if (res->iov) { -+ cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; -+ return; -+ } -+ - ret = virtio_gpu_create_mapping_iov(&ab, cmd, &res->addrs, &res->iov); - if (ret != 0) { - cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; --- -2.11.0 - diff --git a/gnu/packages/patches/qemu-CVE-2017-5579.patch b/gnu/packages/patches/qemu-CVE-2017-5579.patch deleted file mode 100644 index 7630012d54..0000000000 --- a/gnu/packages/patches/qemu-CVE-2017-5579.patch +++ /dev/null @@ -1,44 +0,0 @@ -http://git.qemu.org/?p=qemu.git;a=patch;h=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b -this patch is from qemu-git. - - -From 8409dc884a201bf74b30a9d232b6bbdd00cb7e2b Mon Sep 17 00:00:00 2001 -From: Li Qiang -Date: Wed, 4 Jan 2017 00:43:16 -0800 -Subject: [PATCH] serial: fix memory leak in serial exit - -The serial_exit_core function doesn't free some resources. -This can lead memory leak when hotplug and unplug. This -patch avoid this. - -Signed-off-by: Li Qiang -Message-Id: <586cb5ab.f31d9d0a.38ac3.acf2@mx.google.com> -Signed-off-by: Paolo Bonzini ---- - hw/char/serial.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/hw/char/serial.c b/hw/char/serial.c -index ffbacd8227..67b18eda12 100644 ---- a/hw/char/serial.c -+++ b/hw/char/serial.c -@@ -906,6 +906,16 @@ void serial_realize_core(SerialState *s, Error **errp) - void serial_exit_core(SerialState *s) - { - qemu_chr_fe_deinit(&s->chr); -+ -+ timer_del(s->modem_status_poll); -+ timer_free(s->modem_status_poll); -+ -+ timer_del(s->fifo_timeout_timer); -+ timer_free(s->fifo_timeout_timer); -+ -+ fifo8_destroy(&s->recv_fifo); -+ fifo8_destroy(&s->xmit_fifo); -+ - qemu_unregister_reset(serial_reset, s); - } - --- -2.11.0 - diff --git a/gnu/packages/patches/qemu-CVE-2017-5856.patch b/gnu/packages/patches/qemu-CVE-2017-5856.patch deleted file mode 100644 index bee0824c0a..0000000000 --- a/gnu/packages/patches/qemu-CVE-2017-5856.patch +++ /dev/null @@ -1,68 +0,0 @@ -http://git.qemu.org/?p=qemu.git;a=patch;h=765a707000e838c30b18d712fe6cb3dd8e0435f3 -this patch is from qemu-git. - - -From 765a707000e838c30b18d712fe6cb3dd8e0435f3 Mon Sep 17 00:00:00 2001 -From: Paolo Bonzini -Date: Mon, 2 Jan 2017 11:03:33 +0100 -Subject: [PATCH] megasas: fix guest-triggered memory leak - -If the guest sets the sglist size to a value >=2GB, megasas_handle_dcmd -will return MFI_STAT_MEMORY_NOT_AVAILABLE without freeing the memory. -Avoid this by returning only the status from map_dcmd, and loading -cmd->iov_size in the caller. - -Reported-by: Li Qiang -Signed-off-by: Paolo Bonzini ---- - hw/scsi/megasas.c | 11 ++++++----- - 1 files changed, 6 insertions(+), 5 deletions(-) - -diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c -index 67fc1e7..6233865 100644 ---- a/hw/scsi/megasas.c -+++ b/hw/scsi/megasas.c -@@ -683,14 +683,14 @@ static int megasas_map_dcmd(MegasasState *s, MegasasCmd *cmd) - trace_megasas_dcmd_invalid_sge(cmd->index, - cmd->frame->header.sge_count); - cmd->iov_size = 0; -- return -1; -+ return -EINVAL; - } - iov_pa = megasas_sgl_get_addr(cmd, &cmd->frame->dcmd.sgl); - iov_size = megasas_sgl_get_len(cmd, &cmd->frame->dcmd.sgl); - pci_dma_sglist_init(&cmd->qsg, PCI_DEVICE(s), 1); - qemu_sglist_add(&cmd->qsg, iov_pa, iov_size); - cmd->iov_size = iov_size; -- return cmd->iov_size; -+ return 0; - } - - static void megasas_finish_dcmd(MegasasCmd *cmd, uint32_t iov_size) -@@ -1559,19 +1559,20 @@ static const struct dcmd_cmd_tbl_t { - - static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd) - { -- int opcode, len; -+ int opcode; - int retval = 0; -+ size_t len; - const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl; - - opcode = le32_to_cpu(cmd->frame->dcmd.opcode); - trace_megasas_handle_dcmd(cmd->index, opcode); -- len = megasas_map_dcmd(s, cmd); -- if (len < 0) { -+ if (megasas_map_dcmd(s, cmd) < 0) { - return MFI_STAT_MEMORY_NOT_AVAILABLE; - } - while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) { - cmdptr++; - } -+ len = cmd->iov_size; - if (cmdptr->opcode == -1) { - trace_megasas_dcmd_unhandled(cmd->index, opcode, len); - retval = megasas_dcmd_dummy(s, cmd); --- -1.7.0.4 - diff --git a/gnu/packages/patches/qemu-CVE-2017-5898.patch b/gnu/packages/patches/qemu-CVE-2017-5898.patch deleted file mode 100644 index 5a94bb1ae4..0000000000 --- a/gnu/packages/patches/qemu-CVE-2017-5898.patch +++ /dev/null @@ -1,44 +0,0 @@ -Fix CVE-2017-5898 (integer overflow in emulated_apdu_from_guest): - -http://seclists.org/oss-sec/2017/q1/328 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5898 - -Patch copied from upstream source repository: - -http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=c7dfbf322595ded4e70b626bf83158a9f3807c6a - -From c7dfbf322595ded4e70b626bf83158a9f3807c6a Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit -Date: Fri, 3 Feb 2017 00:52:28 +0530 -Subject: [PATCH] usb: ccid: check ccid apdu length - -CCID device emulator uses Application Protocol Data Units(APDU) -to exchange command and responses to and from the host. -The length in these units couldn't be greater than 65536. Add -check to ensure the same. It'd also avoid potential integer -overflow in emulated_apdu_from_guest. - -Reported-by: Li Qiang -Signed-off-by: Prasad J Pandit -Message-id: 20170202192228.10847-1-ppandit@redhat.com -Signed-off-by: Gerd Hoffmann ---- - hw/usb/dev-smartcard-reader.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c -index 89e11b68c4..1325ea1659 100644 ---- a/hw/usb/dev-smartcard-reader.c -+++ b/hw/usb/dev-smartcard-reader.c -@@ -967,7 +967,7 @@ static void ccid_on_apdu_from_guest(USBCCIDState *s, CCID_XferBlock *recv) - DPRINTF(s, 1, "%s: seq %d, len %d\n", __func__, - recv->hdr.bSeq, len); - ccid_add_pending_answer(s, (CCID_Header *)recv); -- if (s->card) { -+ if (s->card && len <= BULK_OUT_DATA_SIZE) { - ccid_card_apdu_from_guest(s->card, recv->abData, len); - } else { - DPRINTF(s, D_WARN, "warning: discarded apdu\n"); --- -2.11.1 - diff --git a/gnu/packages/qemu.scm b/gnu/packages/qemu.scm index e0b4695f3a..82367269ff 100644 --- a/gnu/packages/qemu.scm +++ b/gnu/packages/qemu.scm @@ -69,23 +69,14 @@ (define-public qemu (package (name "qemu") - (version "2.8.1") + (version "2.9.0") (source (origin (method url-fetch) (uri (string-append "http://wiki.qemu-project.org/download/qemu-" version ".tar.xz")) (sha256 (base32 - "0h342v4n44kh89yyfas4iazvhhsy5m5qk94vsjqpz5zpq1i2ykad")) - (patches (search-patches "qemu-CVE-2016-10155.patch" - "qemu-CVE-2017-5525.patch" - "qemu-CVE-2017-5526.patch" - "qemu-CVE-2017-5552.patch" - "qemu-CVE-2017-5578.patch" - "qemu-CVE-2017-5579.patch" - "qemu-CVE-2017-5856.patch" - "qemu-CVE-2017-5898.patch" - )))) + "08mhfs0ndbkyqgw7fjaa9vjxf4dinrly656f6hjzvmaz7hzc677h")))) (build-system gnu-build-system) (arguments '(;; Running tests in parallel can occasionally lead to failures, like: -- cgit v1.2.3 From 358b10b22b300e2d5c00e9f1413b778cdc4cb213 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Thu, 20 Apr 2017 18:57:16 +0200 Subject: gnu: ceph: Disable SSE3 instructions. Some early 64-bit AMD processors do not support this instruction set. * gnu/packages/patches/ceph-disable-cpu-optimizations.patch: Disable SSE3. --- .../patches/ceph-disable-cpu-optimizations.patch | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/ceph-disable-cpu-optimizations.patch b/gnu/packages/patches/ceph-disable-cpu-optimizations.patch index 6d20fe3da4..56a1654f29 100644 --- a/gnu/packages/patches/ceph-disable-cpu-optimizations.patch +++ b/gnu/packages/patches/ceph-disable-cpu-optimizations.patch @@ -1,12 +1,13 @@ -Disable CPU optimizations not supported by the vast majority of -x86_64 systems. Also don't add anything for i686. +Disable CPU optimizations not supported by all x86_64 systems. Also +don't add anything for i686. --- a/cmake/modules/SIMDExt.cmake 2017-03-23 22:22:58.254071694 +0100 +++ b/cmake/modules/SIMDExt.cmake 2017-03-23 22:23:22.446848845 +0100 -@@ -6,10 +6,6 @@ +@@ -5,11 +5,6 @@ + # HAVE_ARM_NEON # HAVE_INTEL_SSE # HAVE_INTEL_SSE2 - # HAVE_INTEL_SSE3 +-# HAVE_INTEL_SSE3 -# HAVE_INTEL_SSSE3 -# HAVE_INTEL_PCLMUL -# HAVE_INTEL_SSE4_1 @@ -14,7 +15,7 @@ x86_64 systems. Also don't add anything for i686. # # SIMD_COMPILE_FLAGS # -@@ -56,7 +53,7 @@ +@@ -56,7 +51,7 @@ if(HAVE_ARM_NEON) set(SIMD_COMPILE_FLAGS "${SIMD_COMPILE_FLAGS} -mfpu=neon") endif() @@ -23,10 +24,14 @@ x86_64 systems. Also don't add anything for i686. set(HAVE_INTEL 1) CHECK_C_COMPILER_FLAG(-msse HAVE_INTEL_SSE) if(HAVE_INTEL_SSE) -@@ -70,20 +67,4 @@ - if(HAVE_INTEL_SSE3) - set(SIMD_COMPILE_FLAGS "${SIMD_COMPILE_FLAGS} -msse3") +@@ -66,24 +61,4 @@ + if(HAVE_INTEL_SSE2) + set(SIMD_COMPILE_FLAGS "${SIMD_COMPILE_FLAGS} -msse2") endif() +- CHECK_C_COMPILER_FLAG(-msse3 HAVE_INTEL_SSE3) +- if(HAVE_INTEL_SSE3) +- set(SIMD_COMPILE_FLAGS "${SIMD_COMPILE_FLAGS} -msse3") +- endif() - CHECK_C_COMPILER_FLAG(-mssse3 HAVE_INTEL_SSSE3) - if(HAVE_INTEL_SSSE3) - set(SIMD_COMPILE_FLAGS "${SIMD_COMPILE_FLAGS} -mssse3") -- cgit v1.2.3 From f920e79426f51f1320dd4ffc164fc473df2158c3 Mon Sep 17 00:00:00 2001 From: Eric Bavier Date: Thu, 20 Apr 2017 22:06:00 -0500 Subject: gnu: hypre: Delete unused patches. * gnu/packages/patches/hypre-doc-tables.patch, gnu/packages/patches/hypre-ldflags.patch: Delete. * gnu/local.mk (dist_patch_DATA): Remove them. --- gnu/local.mk | 2 -- gnu/packages/patches/hypre-doc-tables.patch | 25 ------------------------- gnu/packages/patches/hypre-ldflags.patch | 9 --------- 3 files changed, 36 deletions(-) delete mode 100644 gnu/packages/patches/hypre-doc-tables.patch delete mode 100644 gnu/packages/patches/hypre-ldflags.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index f38126251f..d7dadf8296 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -653,8 +653,6 @@ dist_patch_DATA = \ %D%/packages/patches/hop-linker-flags.patch \ %D%/packages/patches/hubbub-sort-entities.patch \ %D%/packages/patches/hydra-disable-darcs-test.patch \ - %D%/packages/patches/hypre-doc-tables.patch \ - %D%/packages/patches/hypre-ldflags.patch \ %D%/packages/patches/icecat-avoid-bundled-libraries.patch \ %D%/packages/patches/icecat-binutils.patch \ %D%/packages/patches/icu4c-CVE-2017-7867-CVE-2017-7868.patch \ diff --git a/gnu/packages/patches/hypre-doc-tables.patch b/gnu/packages/patches/hypre-doc-tables.patch deleted file mode 100644 index 6a852ee78e..0000000000 --- a/gnu/packages/patches/hypre-doc-tables.patch +++ /dev/null @@ -1,25 +0,0 @@ -Fixes doc++'s treatment of tabular within a parameter block. - -From commit 883925f8a at http://github.com/LLNL/hypre - ---- hypre-2.10.1/src/parcsr_ls/HYPRE_parcsr_ls.h 2015-12-04 22:12:19.000000000 -0600 -+++ hypre-2.10.1/src/parcsr_ls/HYPRE_parcsr_ls.h 2016-03-16 09:02:58.547501336 -0500 -@@ -1154,8 +1154,6 @@ - * Set the symmetry parameter for the - * ParaSails preconditioner. - * -- * @param solver [IN] Preconditioner object for which to set symmetry parameter. -- * @param sym [IN] Value of the symmetry parameter: - * \begin{tabular}{|c|l|} \hline - * value & meaning \\ \hline - * 0 & nonsymmetric and/or indefinite problem, and nonsymmetric preconditioner\\ -@@ -1163,6 +1161,9 @@ - * 2 & nonsymmetric, definite problem, and SPD (factored) preconditioner \\ - * \hline - * \end{tabular} -+ * -+ * @param solver [IN] Preconditioner object for which to set symmetry parameter. -+ * @param sym [IN] Value of the symmetry parameter: - **/ - HYPRE_Int HYPRE_ParaSailsSetSym(HYPRE_Solver solver, - HYPRE_Int sym); diff --git a/gnu/packages/patches/hypre-ldflags.patch b/gnu/packages/patches/hypre-ldflags.patch deleted file mode 100644 index a94fafa463..0000000000 --- a/gnu/packages/patches/hypre-ldflags.patch +++ /dev/null @@ -1,9 +0,0 @@ ---- hypre-2.10.1/src/lib/Makefile.orig 2016-03-11 16:04:03.740259228 -0600 -+++ hypre-2.10.1/src/lib/Makefile 2016-03-11 16:04:57.296260190 -0600 -@@ -107,5 +107,5 @@ - - libHYPRE.so: ${FILES_HYPRE} - @echo "Building $@ ... " -- ${BUILD_CC_SHARED} -o ${SONAME} ${FILES_HYPRE} ${SOLIBS} ${SHARED_SET_SONAME}${SONAME} ${SHARED_OPTIONS} -+ ${BUILD_CC_SHARED} ${LDFLAGS} -o ${SONAME} ${FILES_HYPRE} ${SOLIBS} ${SHARED_SET_SONAME}${SONAME} ${SHARED_OPTIONS} - ln -s ${SONAME} $@ -- cgit v1.2.3 From bab9a8ba0f285a811b7b36291bdc3db33b6c2b60 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Thu, 20 Apr 2017 15:10:54 -0400 Subject: gnu: graphite2: Add fixes for CVE-2017-5436 and other bugs. * gnu/packages/fontutils.scm (graphite2)[replacement]: New field. (graphite2/fixed): New variable. * gnu/packages/patches/graphite2-CVE-2017-5436.patch, gnu/packages/patches/graphite2-check-code-point-limit.patch, gnu/packages/patches/graphite2-fix-32-bit-wrap-arounds.patch, gnu/packages/patches/graphite2-non-linear-classes-even-number.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. --- gnu/local.mk | 4 + gnu/packages/fontutils.scm | 22 +++++ gnu/packages/patches/graphite2-CVE-2017-5436.patch | 25 ++++++ .../patches/graphite2-check-code-point-limit.patch | 50 ++++++++++++ .../graphite2-fix-32-bit-wrap-arounds.patch | 93 ++++++++++++++++++++++ .../graphite2-non-linear-classes-even-number.patch | 26 ++++++ 6 files changed, 220 insertions(+) create mode 100644 gnu/packages/patches/graphite2-CVE-2017-5436.patch create mode 100644 gnu/packages/patches/graphite2-check-code-point-limit.patch create mode 100644 gnu/packages/patches/graphite2-fix-32-bit-wrap-arounds.patch create mode 100644 gnu/packages/patches/graphite2-non-linear-classes-even-number.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index d7dadf8296..7681321ea3 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -618,7 +618,11 @@ dist_patch_DATA = \ %D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \ %D%/packages/patches/gobject-introspection-cc.patch \ %D%/packages/patches/gobject-introspection-girepository.patch \ + %D%/packages/patches/graphite2-CVE-2017-5436.patch \ + %D%/packages/patches/graphite2-check-code-point-limit.patch \ %D%/packages/patches/graphite2-ffloat-store.patch \ + %D%/packages/patches/graphite2-fix-32-bit-wrap-arounds.patch \ + %D%/packages/patches/graphite2-non-linear-classes-even-number.patch \ %D%/packages/patches/grep-timing-sensitive-test.patch \ %D%/packages/patches/grub-CVE-2015-8370.patch \ %D%/packages/patches/grub-gets-undeclared.patch \ diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm index 7e7234960d..cc6d1df597 100644 --- a/gnu/packages/fontutils.scm +++ b/gnu/packages/fontutils.scm @@ -376,6 +376,7 @@ applications should be.") (package (name "graphite2") (version "1.3.9") + (replacement graphite2/fixed) (source (origin (method url-fetch) @@ -400,6 +401,27 @@ and returns a sequence of positioned glyphids from the font.") (license license:lgpl2.1+) (home-page "https://github.com/silnrsi/graphite"))) +(define graphite2/fixed + (package + (inherit graphite2) + (name "graphite2") + (version "1.3.9") + (replacement #f) + (source + (origin + (method url-fetch) + (uri (string-append "https://github.com/silnrsi/graphite/releases/" + "download/" version "/" name "-" version ".tgz")) + (patches (search-patches + "graphite2-ffloat-store.patch" + "graphite2-check-code-point-limit.patch" + "graphite2-CVE-2017-5436.patch" + "graphite2-fix-32-bit-wrap-arounds.patch" + "graphite2-non-linear-classes-even-number.patch")) + (sha256 + (base32 + "0rs5h7m340z75kygx8d72cps0q6yvvqa9i788vym7585cfv8a0gc")))))) + (define-public potrace (package (name "potrace") diff --git a/gnu/packages/patches/graphite2-CVE-2017-5436.patch b/gnu/packages/patches/graphite2-CVE-2017-5436.patch new file mode 100644 index 0000000000..d7383ec8de --- /dev/null +++ b/gnu/packages/patches/graphite2-CVE-2017-5436.patch @@ -0,0 +1,25 @@ +From 1ce331d5548b98ed8b818532b2556d6f2c7a3b83 Mon Sep 17 00:00:00 2001 +From: Martin Hosken +Date: Thu, 9 Mar 2017 22:04:04 +0000 +Subject: [PATCH] Ensure features have enough space. Fix from Mozilla + +--- + src/FeatureMap.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/FeatureMap.cpp b/src/FeatureMap.cpp +index b8c8405..83bd5f6 100644 +--- a/src/FeatureMap.cpp ++++ b/src/FeatureMap.cpp +@@ -275,7 +275,7 @@ bool FeatureRef::applyValToFeature(uint32 val, Features & pDest) const + else + if (pDest.m_pMap!=&m_pFace->theSill().theFeatureMap()) + return false; //incompatible +- pDest.reserve(m_index); ++ pDest.reserve(m_index+1); + pDest[m_index] &= ~m_mask; + pDest[m_index] |= (uint32(val) << m_bits); + return true; +-- +2.12.2 + diff --git a/gnu/packages/patches/graphite2-check-code-point-limit.patch b/gnu/packages/patches/graphite2-check-code-point-limit.patch new file mode 100644 index 0000000000..a9b6caf53f --- /dev/null +++ b/gnu/packages/patches/graphite2-check-code-point-limit.patch @@ -0,0 +1,50 @@ +From 348c11e4571b534efdbd58a575bbea979c880b2f Mon Sep 17 00:00:00 2001 +From: Tim Eves +Date: Wed, 1 Mar 2017 14:23:46 +0700 +Subject: [PATCH] Fix decoding of USV greater than U+110000 + +Add test cases too +--- + src/inc/UtfCodec.h | 4 ++-- + tests/utftest/utftest.cpp | 3 +++ + 2 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/inc/UtfCodec.h b/src/inc/UtfCodec.h +index 3417bac..9dc760f 100644 +--- a/src/inc/UtfCodec.h ++++ b/src/inc/UtfCodec.h +@@ -124,7 +124,7 @@ struct _utf_codec<8> + private: + static const int8 sz_lut[16]; + static const byte mask_lut[5]; +- ++ static const uchar_t limit = 0x110000; + + public: + typedef uint8 codeunit_t; +@@ -157,7 +157,7 @@ public: + case 0: l = -1; return 0xFFFD; + } + +- if (l != seq_sz || toolong) ++ if (l != seq_sz || toolong || u >= limit) + { + l = -l; + return 0xFFFD; +diff --git a/tests/utftest/utftest.cpp b/tests/utftest/utftest.cpp +index 21cb188..a23553a 100644 +--- a/tests/utftest/utftest.cpp ++++ b/tests/utftest/utftest.cpp +@@ -8,6 +8,9 @@ struct test8 + unsigned char str[12]; + }; + struct test8 tests8[] = { ++ { 0, 0, {0xF4, 0x90, 0x80, 0x80, 0, 0, 0, 0, 0, 0, 0, 0} }, // bad(4) [U+110000] ++ { 0, 0, {0xC0, 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} }, // bad(4) [U+110000] ++ { 0, 0, {0xA0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} }, // bad(4) [U+110000] + { 4, -1, {0x7F, 0xDF, 0xBF, 0xEF, 0xBF, 0xBF, 0xF4, 0x8F, 0xBF, 0xBF, 0, 0} }, // U+7F, U+7FF, U+FFFF, U+10FFF + { 2, 3, {0x7F, 0xDF, 0xBF, 0xF0, 0x8F, 0xBF, 0xBF, 0xF4, 0x8F, 0xBF, 0xBF, 0} }, // U+7F, U+7FF, long(U+FFFF), U+10FFF + { 1, 1, {0x7F, 0xE0, 0x9F, 0xBF, 0xEF, 0xBF, 0xBF, 0xF4, 0x8F, 0xBF, 0xBF, 0} }, // U+7F, long(U+7FF), U+FFFF, U+10FFF +-- +2.12.2 + diff --git a/gnu/packages/patches/graphite2-fix-32-bit-wrap-arounds.patch b/gnu/packages/patches/graphite2-fix-32-bit-wrap-arounds.patch new file mode 100644 index 0000000000..57d4ce2c6e --- /dev/null +++ b/gnu/packages/patches/graphite2-fix-32-bit-wrap-arounds.patch @@ -0,0 +1,93 @@ +This patch incorporates the following 6 consecutive commits from the upstream +graphite2 repository: + +75b83cd..: Martin Hosken 2017-03-28 Fix 32-bit wrap arounds +1f97e36..: Martin Hosken 2017-03-28 balance comparisons in decompressor +9493785..: Martin Hosken 2017-03-29 Speculative rounding fix +09af043..: Tim Eves 2017-03-31 Move a MINMATCH to rhs of a comparisio +28cc60d..: Tim Eves 2017-03-31 Deal with similar wrap around in literal_len +8afc7d0..: Martin Hosken 2017-04-03 Fix 32-bit rollover in decompressor, again + +This diff was generated by the following command: + + git diff 1ce331d5548b98ed..8afc7d0081959866 + + +diff --git a/src/Decompressor.cpp b/src/Decompressor.cpp +index 084570f..56d531f 100644 +--- a/src/Decompressor.cpp ++++ b/src/Decompressor.cpp +@@ -51,7 +51,7 @@ bool read_sequence(u8 const * &src, u8 const * const end, u8 const * &literal, u + literal = src; + src += literal_len; + +- if (src > end - 2) ++ if (src > end - 2 || src < literal) + return false; + + match_dist = *src++; +@@ -85,7 +85,7 @@ int lz4::decompress(void const *in, size_t in_size, void *out, size_t out_size) + { + // Copy in literal. At this point the last full sequence must be at + // least MINMATCH + 5 from the end of the output buffer. +- if (dst + align(literal_len) > dst_end - (MINMATCH+5)) ++ if (align(literal_len) > unsigned(dst_end - dst - (MINMATCH+5)) || dst_end - dst < MINMATCH + 5) + return -1; + dst = overrun_copy(dst, literal, literal_len); + } +@@ -94,7 +94,8 @@ int lz4::decompress(void const *in, size_t in_size, void *out, size_t out_size) + // decoded output. + u8 const * const pcpy = dst - match_dist; + if (pcpy < static_cast(out) +- || dst + match_len + MINMATCH > dst_end - 5) ++ || match_len > unsigned(dst_end - dst - (MINMATCH+5)) ++ || dst_end - dst < MINMATCH + 5) + return -1; + if (dst > pcpy+sizeof(unsigned long) + && dst + align(match_len + MINMATCH) <= dst_end) +@@ -103,8 +104,8 @@ int lz4::decompress(void const *in, size_t in_size, void *out, size_t out_size) + dst = safe_copy(dst, pcpy, match_len + MINMATCH); + } + +- if (literal + literal_len > src_end +- || dst + literal_len > dst_end) ++ if (literal_len > src_end - literal ++ || literal_len > dst_end - dst) + return -1; + dst = fast_copy(dst, literal, literal_len); + +diff --git a/src/Pass.cpp b/src/Pass.cpp +index a4bac2e..683143c 100644 +--- a/src/Pass.cpp ++++ b/src/Pass.cpp +@@ -171,7 +171,7 @@ bool Pass::readPass(const byte * const pass_start, size_t pass_length, size_t su + const uint16 * const o_actions = reinterpret_cast(p); + be::skip(p, m_numRules + 1); + const byte * const states = p; +- if (e.test(p + 2u*m_numTransition*m_numColumns >= pass_end, E_BADPASSLENGTH)) return face.error(e); ++ if (e.test(2u*m_numTransition*m_numColumns >= (unsigned)(pass_end - p), E_BADPASSLENGTH)) return face.error(e); + be::skip(p, m_numTransition*m_numColumns); + be::skip(p); + if (e.test(p != pcCode, E_BADPASSCCODEPTR)) return face.error(e); +@@ -192,7 +192,7 @@ bool Pass::readPass(const byte * const pass_start, size_t pass_length, size_t su + m_cPConstraint = vm::Machine::Code(true, pcCode, pcCode + pass_constraint_len, + precontext[0], be::peek(sort_keys), *m_silf, face, PASS_TYPE_UNKNOWN); + if (e.test(!m_cPConstraint, E_OUTOFMEM) +- || e.test(!m_cPConstraint, m_cPConstraint.status() + E_CODEFAILURE)) ++ || e.test(m_cPConstraint.status() != Code::loaded, m_cPConstraint.status() + E_CODEFAILURE)) + return face.error(e); + face.error_context(face.error_context() - 1); + } +diff --git a/src/Silf.cpp b/src/Silf.cpp +index 72a22cd..d661992 100644 +--- a/src/Silf.cpp ++++ b/src/Silf.cpp +@@ -191,7 +191,7 @@ bool Silf::readGraphite(const byte * const silf_start, size_t lSilf, Face& face, + + const size_t clen = readClassMap(p, passes_start - p, version, e); + m_passes = new Pass[m_numPasses]; +- if (e || e.test(p + clen > passes_start, E_BADPASSESSTART) ++ if (e || e.test(clen > unsigned(passes_start - p), E_BADPASSESSTART) + || e.test(!m_passes, E_OUTOFMEM)) + { releaseBuffers(); return face.error(e); } + diff --git a/gnu/packages/patches/graphite2-non-linear-classes-even-number.patch b/gnu/packages/patches/graphite2-non-linear-classes-even-number.patch new file mode 100644 index 0000000000..2bb1c9f94e --- /dev/null +++ b/gnu/packages/patches/graphite2-non-linear-classes-even-number.patch @@ -0,0 +1,26 @@ +From 0646e4ee471183994f78a759269f0505617711f3 Mon Sep 17 00:00:00 2001 +From: Martin Hosken +Date: Tue, 18 Apr 2017 13:17:14 +0100 +Subject: [PATCH] Ensure non linear classes have even number of elements + +--- + src/Silf.cpp | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/Silf.cpp b/src/Silf.cpp +index d661992..9f2f954 100644 +--- a/src/Silf.cpp ++++ b/src/Silf.cpp +@@ -293,7 +293,8 @@ size_t Silf::readClassMap(const byte *p, size_t data_len, uint32 version, Error + if (e.test(*o + 4 > max_off, E_HIGHCLASSOFFSET) // LookupClass doesn't stretch over max_off + || e.test(lookup[0] == 0 // A LookupClass with no looks is a suspicious thing ... + || lookup[0] * 2 + *o + 4 > max_off // numIDs lookup pairs fits within (start of LookupClass' lookups array, max_off] +- || lookup[3] + lookup[1] != lookup[0], E_BADCLASSLOOKUPINFO)) // rangeShift: numIDs - searchRange ++ || lookup[3] + lookup[1] != lookup[0], E_BADCLASSLOOKUPINFO) // rangeShift: numIDs - searchRange ++ || e.test(((o[1] - *o) & 1) != 0, ERROROFFSET)) // glyphs are in pairs so difference must be even. + return ERROROFFSET; + } + +-- +2.12.2 + -- cgit v1.2.3 From 6be43d95b5844c119869f29451b78dd9f71511e1 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Thu, 20 Apr 2017 17:42:52 -0400 Subject: gnu: nss: Disable long b64 tests. Suggested by Marius Bakke in . * gnu/packages/patches/nss-disable-long-b64-tests.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/gnuzilla.scm (nss)[source]: Add patch. --- gnu/local.mk | 1 + gnu/packages/gnuzilla.scm | 1 + .../patches/nss-disable-long-b64-tests.patch | 34 ++++++++++++++++++++++ 3 files changed, 36 insertions(+) create mode 100644 gnu/packages/patches/nss-disable-long-b64-tests.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 7681321ea3..34a5f1e12f 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -805,6 +805,7 @@ dist_patch_DATA = \ %D%/packages/patches/ngircd-handle-zombies.patch \ %D%/packages/patches/ninja-zero-mtime.patch \ %D%/packages/patches/node-9077.patch \ + %D%/packages/patches/nss-disable-long-b64-tests.patch \ %D%/packages/patches/nss-increase-test-timeout.patch \ %D%/packages/patches/nss-pkgconfig.patch \ %D%/packages/patches/ntfs-3g-CVE-2017-0358.patch \ diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index 59f790a6e3..fd058d0224 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -208,6 +208,7 @@ in the Mozilla clients.") "096frzvyp3z257x84rxknscfgsbavzh2a0gyibx7kvmw4vzpfjhd")) ;; Create nss.pc and nss-config. (patches (search-patches "nss-pkgconfig.patch" + "nss-disable-long-b64-tests.patch" "nss-increase-test-timeout.patch")))) (build-system gnu-build-system) (outputs '("out" "bin")) diff --git a/gnu/packages/patches/nss-disable-long-b64-tests.patch b/gnu/packages/patches/nss-disable-long-b64-tests.patch new file mode 100644 index 0000000000..612d94128d --- /dev/null +++ b/gnu/packages/patches/nss-disable-long-b64-tests.patch @@ -0,0 +1,34 @@ +Disable long b64 tests, which consistently fail on armhf. +This is based on an excerpt of the following upstream patch: + + https://hg.mozilla.org/projects/nss/rev/00b2cc2b33c7 + +(we exclude the part of the upstream patch that reverts +an earlier failed attempt, and adapt the file names) + +diff --git a/gtests/util_gtest/util_b64_unittest.cc b/gtests/util_gtest/util_b64_unittest.cc +--- a/nss/gtests/util_gtest/util_b64_unittest.cc ++++ b/nss/gtests/util_gtest/util_b64_unittest.cc +@@ -63,17 +63,19 @@ TEST_F(B64EncodeDecodeTest, EncDecTest) + + TEST_F(B64EncodeDecodeTest, FakeDecTest) { EXPECT_TRUE(TestFakeDecode(100)); } + + TEST_F(B64EncodeDecodeTest, FakeEncDecTest) { + EXPECT_TRUE(TestFakeEncode(100)); + } + + // These takes a while ... +-TEST_F(B64EncodeDecodeTest, LongFakeDecTest1) { ++TEST_F(B64EncodeDecodeTest, DISABLED_LongFakeDecTest1) { + EXPECT_TRUE(TestFakeDecode(0x66666666)); + } +-TEST_F(B64EncodeDecodeTest, LongFakeEncDecTest1) { TestFakeEncode(0x3fffffff); } +-TEST_F(B64EncodeDecodeTest, LongFakeEncDecTest2) { ++TEST_F(B64EncodeDecodeTest, DISABLED_LongFakeEncDecTest1) { ++ TestFakeEncode(0x3fffffff); ++} ++TEST_F(B64EncodeDecodeTest, DISABLED_LongFakeEncDecTest2) { + EXPECT_FALSE(TestFakeEncode(0x40000000)); + } + + } // namespace nss_test -- cgit v1.2.3 From 002c3e6dd6709ba47823214111aa56aa6e0670c6 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Thu, 20 Apr 2017 00:41:32 -0400 Subject: gnu: icecat: Update to 52.0.2-gnu1; add fixes from ESR 52.1. * gnu/packages/gnuzilla.scm (icecat): Update to 52.0.2-gnu1. [source]: Remove all patches except "icecat-avoid-bundled-libraries.patch". Add selected fixes from the upstream mozilla-esr52 repository, up to 52.1. Remove "dom/devicestorage" in the snippet. [inputs]: Remove gstreamer and gst-plugins-base. Add ffmpeg and gtk+3. Move yasm to native-inputs. [native-inputs]: Add autoconf-2.13 and yasm. [arguments]: In configure-flags, remove the following switches which are no longer accepted: --enable-{pango,svg,canvas,mathml,gstreamer=1.0} and "--disable-gnomevfs". Use "--enable-default-toolkit=cairo-gtk3" to switch to Gtk+3. Remove the 'remove-h264parse-from-blacklist' phase. Adapt the 'arrange-to-link-libxul-with-libraries-it-might-dlopen' phase as needed. In the 'configure' phase, set the AUTOCONF environment variable. (mozilla-patch): Update the URL pattern to fetch from the mozilla-esr52 repository. * gnu/packages/patches/icecat-avoid-bundled-libraries.patch: Adapt to mozilla-esr52. * gnu/packages/patches/icecat-binutils.patch: Remove file. * gnu/packages/patches/icecat-bug-1299500-pt10.patch: New file. * gnu/local.mk (dist_patch_DATA): Remove "icecat-binutils.patch". Add "icecat-bug-1299500-pt10.patch". --- gnu/local.mk | 2 +- gnu/packages/gnuzilla.scm | 265 ++-- .../patches/icecat-avoid-bundled-libraries.patch | 37 +- gnu/packages/patches/icecat-binutils.patch | 40 - gnu/packages/patches/icecat-bug-1299500-pt10.patch | 1639 ++++++++++++++++++++ 5 files changed, 1820 insertions(+), 163 deletions(-) delete mode 100644 gnu/packages/patches/icecat-binutils.patch create mode 100644 gnu/packages/patches/icecat-bug-1299500-pt10.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 34a5f1e12f..1fe46bfb5e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -658,7 +658,7 @@ dist_patch_DATA = \ %D%/packages/patches/hubbub-sort-entities.patch \ %D%/packages/patches/hydra-disable-darcs-test.patch \ %D%/packages/patches/icecat-avoid-bundled-libraries.patch \ - %D%/packages/patches/icecat-binutils.patch \ + %D%/packages/patches/icecat-bug-1299500-pt10.patch \ %D%/packages/patches/icu4c-CVE-2017-7867-CVE-2017-7868.patch \ %D%/packages/patches/icu4c-reset-keyword-list-iterator.patch \ %D%/packages/patches/id3lib-CVE-2007-4460.patch \ diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index fd058d0224..91bb0a6a74 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -31,10 +31,10 @@ #:use-module (guix download) #:use-module (guix utils) #:use-module (guix build-system gnu) + #:use-module (gnu packages autotools) #:use-module (gnu packages base) #:use-module (gnu packages databases) #:use-module (gnu packages glib) - #:use-module (gnu packages gstreamer) #:use-module (gnu packages gtk) #:use-module (gnu packages gnome) #:use-module (gnu packages libcanberra) @@ -302,10 +302,10 @@ standards.") (license license:mpl2.0))) (define (mozilla-patch file-name changeset hash) - "Return an origin for CHANGESET from the mozilla-esr45 repository." + "Return an origin for CHANGESET from the mozilla-esr52 repository." (origin (method url-fetch) - (uri (string-append "https://hg.mozilla.org/releases/mozilla-esr45/raw-rev/" + (uri (string-append "https://hg.mozilla.org/releases/mozilla-esr52/raw-rev/" changeset)) (sha256 (base32 hash)) (file-name file-name))) @@ -313,7 +313,7 @@ standards.") (define-public icecat (package (name "icecat") - (version "45.7.0-gnu1") + (version "52.0.2-gnu1") (source (origin (method url-fetch) @@ -322,77 +322,162 @@ standards.") "/" name "-" version ".tar.bz2")) (sha256 (base32 - "1mn73liylqzxk441f28wk326yglqs8zcwqs4zz51s8i2id2jsnv3")) + "0asaba04y6rwc7nx898p89jdxkbnsb3dxjvpdi8xb1rbgyms80c9")) (patches (list (search-patch "icecat-avoid-bundled-libraries.patch") - (search-patch "icecat-binutils.patch") - (mozilla-patch "icecat-CVE-2017-5398-pt01.patch" "1a39a54b5fea" "0k3sbf2w2yng2rpv6wl9zrm5cbsgq3pslr19xwrk8sk753as79fp") - (mozilla-patch "icecat-CVE-2017-5402.patch" "9828c3bb7b73" "0zgks0v9sqhwwkmry4daswvjwk6aqln6abx0iac1vwqqpg6swff6") - (mozilla-patch "icecat-CVE-2017-5398-pt02.patch" "fa3268a1147e" "1jyd1hvp42pz5l15agmb1jhw74b38x8xnj9ih5v4pskv41bgmyg5") - (mozilla-patch "icecat-CVE-2017-5400.patch" "347c10e4d6d1" "1w6yrm97l477q4ripbj0nimc87p4jscabvihpncxqbq9xzc4km7p") - (mozilla-patch "icecat-CVE-2017-5410.patch" "fe4a2cda54ad" "0spcs93hpz13d8670jgvww80f0ynrbhwbh62fkv27lpr6wmqwqh1") - (mozilla-patch "icecat-CVE-2017-5401.patch" "c38f8546be5f" "1sa22w9kzgynsn4c6zh4d66byskk5kffzbvlzrhyzvqjddypf9p8") - (mozilla-patch "icecat-CVE-2017-5398-pt03.patch" "41c80ecafa99" "0r33arr5wcgl00zgncasiyl65bmm6jy45clxnbb75nzjmsd1zx1s") - (mozilla-patch "icecat-CVE-2017-5405.patch" "381552c888b4" "1sjhh390cx1jqx74lxk6qd8f8ccppqgagqfhc9pnbm2m67hxvkj9") - (mozilla-patch "icecat-CVE-2017-5407.patch" "4ba337cdb998" "0vyknizid2z9nvl31m08c7fknizhv8dh8m54apm39k8lx77vf70p") - (mozilla-patch "icecat-CVE-2017-5398-pt04.patch" "886650fac531" "18fsr5dmav96ja0dah7mj34n8mjpckp0bbc32zjyaj5qx0m4h5cw") - (mozilla-patch "icecat-CVE-2017-5409.patch" "0a22becb23cd" "19fshrq4qkj5s0mjrads6by84gy7rsq3k57gha6sw6rvx8chjaz6") - (mozilla-patch "icecat-CVE-2017-5398-pt05.patch" "a0ead6ef09eb" "1hpsq81hhhq2a2dcq2dfndiwx93vvp5rfq0cgv6kwk2bsrq77wqq") - (mozilla-patch "icecat-CVE-2017-5398-pt06.patch" "d3fede027d06" "1aw02p367cm0ayijdiiawlb7qhab6jwqwkakj317yd1cjnmkalwr") - (mozilla-patch "icecat-CVE-2017-5398-pt07.patch" "ffca0f060bb4" "0qwisfp7idjj5nc1vp1afrf5lj66l2gp7rllkjmrqpz6cyfc708v") - (mozilla-patch "icecat-CVE-2017-5398-pt08.patch" "4aa65b44dcb9" "07j6dz2b7hp1bkfvkxwgpn2wc3hqrgjgwpaz96fcpz8yadg2fssw") - (mozilla-patch "icecat-bug-1318914.patch" "30e2382d800f" "0w8zky5i7zc5q943x37rdvi4wbcing0q7w9fcgvnnh5li2sbrsy8") - (mozilla-patch "icecat-CVE-2017-5408.patch" "403d2300adc2" "06r4j48rc1fd9gvmvqy68mlqah5xfxpkvwmxk0gnqc364kpq9slk") - (mozilla-patch "icecat-CVE-2017-5398-pt09.patch" "546ab5e99568" "05rdb9bm3n4lj0zq5a95xnwsb0vzirb9mbc2wf9xbi4xlamsgvvw") - (mozilla-patch "icecat-bug-1311380.patch" "ef6eeb7f8846" "1w19is5blbrwf3wlmy6wzgabih8sxp2kmkffqcj2g4jypfwyqn73") - (mozilla-patch "icecat-CVE-2017-5398-pt10.patch" "eec69810d80e" "1r20abhw7b38igsrdpkhcfwx9i9gmcxikv4y3sjr4wkbp684f7av") - (mozilla-patch "icecat-CVE-2017-5398-pt11.patch" "fec35ce6e68b" "1imdfrs8dxz44rhsmvydh29w5j64cij6g5ggrmhvz3386xvlil2v") - (mozilla-patch "icecat-CVE-2017-5398-pt12.patch" "725e2a217722" "06gfhi2ich279rjnxi15fb4igimsxnv5w6bx4g91js8wbvp2r3v0") - (mozilla-patch "icecat-CVE-2017-5398-pt13.patch" "d905a2e3a4d9" "1ibxi2s0czj47b739zmmjzbln8lpn27hdg4b17w58vhbhzkq31cx") - (mozilla-patch "icecat-CVE-2017-5398-pt14.patch" "0032560ae945" "0md3p5cix6nzbj5m199awc9gk52pygy5s9lx3a38vh3xvd92lsbj") - (mozilla-patch "icecat-CVE-2017-5398-pt15.patch" "91dda1e79ad8" "0b5h8fhagczfqkdgby982w6qgkw9y11zxxpdbn89rwmjpyp9nghx") - (mozilla-patch "icecat-CVE-2017-5404.patch" "556dd9e4a9e3" "0mbdx4xn1xs67n47ys9m42lc5ny96rz21ala848yajpdlxsz680g") - (mozilla-patch "icecat-bug-1341137-pt1.patch" "e86e0423dad1" "0dk1v7lcs61nx76qxcibha3ygqri15ldcvwwsrsayff9fq6k0v4y") - (mozilla-patch "icecat-bug-1341137-pt2.patch" "9aebee8b8cb9" "0m7p5iprhhwdv89aqqg7fla5szw6v7x2sll4ns0zg60pk4vm6izq") - (mozilla-patch "icecat-bug-1341137-pt3.patch" "69f3d44bdb48" "1ad7rw6nmg3c49ylqxlqqkb6cm2f0ygfzrigs6b60a2zkjqhbl0h") - (mozilla-patch "icecat-bug-1341137-pt4.patch" "22546e2cee64" "0gbwxa3p7qkq53hwnvxcqhx8h34qmnjdxy0h3ajik4mw76vrna9s") - (mozilla-patch "icecat-bug-1341137-pt5.patch" "e5083d8a855a" "1247vbpqzf007nigbxxqd6nwgr1dxd4p8cd0dr45afqh19vhlapj") - (mozilla-patch "icecat-bug-1339122.patch" "b0d156c7445e" "026jp5bb565yvhkmmicgygcn1lmak85p0466yl1vnjlx1rc8n724") - (mozilla-patch "icecat-bug-1319087.patch" "9cd44507fd65" "0mcfvby53r2150libazgrgaqrdyvl0g6cr1f01dsya3cgmc9mkcn") - (mozilla-patch "icecat-bug-1342661.patch" "d449995ef7d9" "1kz8k2jxvhqpjgrsj7r0kqq79036lrkfnx5pvdnsl59np9128j81") ; CVE-2017-5443 - (mozilla-patch "icecat-bug-1343261.patch" "9b5374019b58" "0v5w50r5ys4jjy1lpks280cq8paw7wdy9mrk7szzq7nlcxz90is7") ; CVE-2017-5429 (pt1) - (mozilla-patch "icecat-bug-1343552-pt1.patch" "08bc7a3330e4" "1hsvffscqc4zflni866ilylgi3a13wz0n882z85xplbhwhc9lcfj") ; CVE-2017-5447 (pt1) - (mozilla-patch "icecat-bug-1343552-pt2.patch" "8c61ebe37f1b" "1fjsr6bzfyd1zqzz2pglwh2ckys95h21wy3j4rlwkz66057z53qq") ; CVE-2017-5447 (pt2) - (mozilla-patch "icecat-bug-1340718.patch" "bfa75fc20c2b" "08gksd06lwbb5ykdrk9gh2cb9bximwxhbxl3rprz64jj2bnmd3dq") - (mozilla-patch "icecat-bug-1345461.patch" "bcd5e51251dd" "1ms2ad8j04lz761cvdwi9rj5qv3qbjmg0zwyp3fykcf01a323ygd") ; CVE-2017-5436 - (mozilla-patch "icecat-bug-1343505.patch" "290f10412f92" "1dsj22fkz60zfa6isnxj54clg32dwzapwh5f1vz6jsin9r67ik2p") ; CVE-2017-5446 - (mozilla-patch "icecat-bug-1346648.patch" "9369ede30cc1" "1wrdn2aixbzifz7wyqnfi65gaiva8i746pi53z6w62lmn1hwd3ji") ; CVE-2017-5448 - (mozilla-patch "icecat-bug-1347979.patch" "4ae2261bfab0" "1yi3jicwjy7w8f0sv5di4rx05bfpkhcwj3r6dhl5315yz4ifqy30") ; CVE-2017-5442 - (mozilla-patch "icecat-bug-1343795.patch" "dcf468969700" "0syfq35s2r86ajmnqsxlfanvxd9ax57qkfmxpkvmk447s3mxsk08") ; CVE-2017-5441 - (mozilla-patch "icecat-bug-1347168.patch" "5a6390274b64" "1lg5px4sncalh82y61ni9rlg50d83jmmrrvn0944x4zfrzlfaz8x") ; CVE-2017-5433 - (mozilla-patch "icecat-bug-1341096.patch" "64158495e5ae" "1lyh8m159hhzrxj5hr0yib2sb8rkd20qxpykrf398v18s3yc08cx") ; CVE-2017-5429 (pt2) - (mozilla-patch "icecat-bug-1346654.patch" "f359ec604627" "0j6rzbnzlz8x9sj2r79d1zr4p89c5zq7y49xa4kn6am5ay3ws0ri") ; CVE-2017-5432 - (mozilla-patch "icecat-bug-1344461.patch" "6f14d2ef7981" "0n24hqvjj7vxqdvxhk38swnmvcv7h7vvn5invbidhv22m0qqzs2c") ; CVE-2017-5444 - (mozilla-patch "icecat-bug-1292534.patch" "c709d4b36145" "18cdck3fr4a1ygszb6qk07g6fi3kv6i697pjfcipvqrk358qb0hq") ; CVE-2017-5469 - (mozilla-patch "icecat-bug-1336830.patch" "18e355831dd5" "042487xhq9zkky3pxiqy1rpy69z0j20w0jnl7kwg2j1bzfbnniip") ; CVE-2017-5439 - (mozilla-patch "icecat-bug-1336832.patch" "ebeb0b45a84b" "17ch2aqsrnkiwbnkf6x7a1cpi8jgfjhwr6wp0bsa89s8v1dax6w4") ; CVE-2017-5440 - (mozilla-patch "icecat-bug-1349946.patch" "ccbecbe17a45" "19vwmhvqarpzai8mcq6i7szkrp1h9m8v5lyimkmmdlmagrivjw7f") ; CVE-2017-5434 - (mozilla-patch "icecat-bug-1350683.patch" "00ed655efad1" "0nfk9345lshim8xl29qka5man73jgxcppv3pzfrgjhk97z7h6ifq") ; CVE-2017-5435 - (mozilla-patch "icecat-bug-1342823.patch" "609145968cfe" "1y5kw8khzxnx5cbrv4zmdd1nzha85r3cmxn3inami9fx8vikxjq8") ; CVE-2017-5429 (pt3) - (mozilla-patch "icecat-bug-1336828.patch" "982cfe33c513" "0amj3qx5399mrdcqakvfn5pabp562i1s87a8zd65jyqs4mwgcjap") ; CVE-2017-5438 - (mozilla-patch "icecat-bug-1348894.patch" "eed8086d0af7" "18p567nhj7nvh740fhh3l0mqx0b7370b45005j43ll08rf2nhygl") ; CVE-2017-5429 (pt4) - (mozilla-patch "icecat-bug-1344467.patch" "38664f88d8f5" "0zdkmiqjr6h1bfs4qw74p5bnw74kcx9fxr4mcnshpavv2gvc6dn4") ; CVE-2017-5445 - (mozilla-patch "icecat-bug-1350844.patch" "c071fab59d05" "16hf5c4appca8vwxl5yvl5ig5bw8cb8hl8apvknsn5rdsjwjlrpr") ; CVE-2017-5429 (pt5) - (mozilla-patch "icecat-bug-1352926.patch" "8fade3eebca2" "165v18545g4br1j6nbbhq2h9098iqvqpbd54zmgwwk9c973qhp3c") ; CVE-2017-5429 (pt6) - (mozilla-patch "icecat-bug-1343642.patch" "6172686bf59c" "0iwihvx11am28cbmgg68llf3mr4ghrclimr51vms1nq9ji767wdb") ; CVE-2017-5460 - (mozilla-patch "icecat-bug-1349340.patch" "260b50fb6d39" "0lq08bkj1ihhwmf0yhxcnvngzym222q3n66ql9fbda4n7prlfhzl") ; CVE-2017-5429 (pt7) - (mozilla-patch "icecat-bug-1353088.patch" "44a90ca714b9" "1rb27bnrm9a5nnwrsxx7z36yhhz8x6lv0df98jv1128zvd373blp") ; CVE-2017-5429 (pt8) - (mozilla-patch "icecat-bug-1347617.patch" "e40b00161221" "0nm6jqbkb6rdahzd39gnhmy1gwawa5jbd7i80c7g1igj3x8ab50y") ; CVE-2017-5465 - (mozilla-patch "icecat-bug-1278157.patch" "a7803c36d797" "10l8jbqlmfkvi4jj0vhkl0a9vdsh3niy5rjr26br3633nyyr4747") - (mozilla-patch "icecat-bug-1348941.patch" "4fe9b979b84d" "069rzn60vn90gcck2wakr6m83q0cy32x5r54ccia9nc26a01p6p5") ; CVE-2017-5429 (pt9) - (mozilla-patch "icecat-bug-1347075.patch" "a017569d3535" "1j7q02q2ybpfx9cr6dn9x27jva1d6dzs4pdxx2a1xmk5va03lrmq") ; CVE-2017-5464 - (mozilla-patch "icecat-bug-1333858.patch" "413dc18f25c8" "0g1q1y22m5gds8p07nq5c8f84jc152x4sac40b17gawj1005n5v9"))) ; CVE-2017-5459 + (mozilla-patch "icecat-CVE-2017-5443.patch" "6daaaff9f1f6" "0jvb6y5fiwr13fyx58k49n81kv6h03vcch502g57y6nsx2wsqng6") + (mozilla-patch "icecat-bug-1319087.patch" "82297fcc6f19" "02qcbg2r2smswgnwj7fs5bcrr3rlqbpsh2nmcbsjyblp5fk1ag36") + (mozilla-patch "icecat-CVE-2017-5429-pt01.patch" "dd526ebe7e58" "1rj0pz6iql59zrynz48njcfg8i0v55bjdndplss9wl37lfydl7ca") + (mozilla-patch "icecat-CVE-2017-5447-pt1.patch" "3bc981f85a17" "0am9k3mii2r05lp6xpizxp356mb8xrbqs9kmx0wx5wyy08wjzmks") + (mozilla-patch "icecat-CVE-2017-5447-pt2.patch" "4f752b0e5920" "183s5dwzd57b299grvyvn139fsp9am0smd3yb4shw8g0iwzz61nf") + (mozilla-patch "icecat-CVE-2017-5449.patch" "1714eda3de9b" "0ncngdpzvffvpw4c1mi0dda5l02lwyil4rnq3i6salnwlrq9x32z") + (mozilla-patch "icecat-CVE-2017-5455.patch" "b10922304d81" "0rglbavb8rx7hl53ksgypazz27263b1yn97gznpdsq89zhirfw3m") + (mozilla-patch "icecat-CVE-2017-5446.patch" "d98de46f8f27" "040agykr4w4wsbi0xm3rrrjxk48iwz8l1hn11vfv45nzsx2f1hzq") + ;; The next patch is for CVE-2017-5436 in the bundled graphite2. + ;; TODO: apply additional fixes from our system graphite2 to the + ;; bundled copy, or upgrade it in place. + (mozilla-patch "icecat-CVE-2017-5436.patch" "e6132f638311" "07w9pijx42psgmkj2i6i87lf30gl0yyb5caz6wz7fm8phi8wwy9p") + (mozilla-patch "icecat-bug-1342395.patch" "0e0e8abe2153" "1xlnq2fd50kf0rz9dibz5vlaa9zj2pifjvky2fdykcan62xz75hy") + (mozilla-patch "icecat-bug-1342841.patch" "623afac083f8" "1pv86j0dxdmi7g3rx4zqplz4gxq5lfyzpdssq83naypcxic6zafb") + (mozilla-patch "icecat-bug-1344644.patch" "cac0735c228f" "0695f0hvxnzgcirgxx3axn5nhkywqxjcvnrlhg7jwfann4mnbsfn") + (mozilla-patch "icecat-bug-1322660.patch" "9d6d60e64255" "0ds74ilhyc9qkkjgkm0xk7ay3926971rzwfh2avhhkfargn7idib") + (mozilla-patch "icecat-bug-1343330.patch" "6f23bd449bc7" "1igz6yhx803hygf7cii8bchx7bfw1niq8s0nc5l9i5rb8ml2b7f0") + (mozilla-patch "icecat-bug-1346961.patch" "3a2dc54cf986" "0dfp3s7d43zx3svajbkhvi73b71hhr7vrc9yz0iz37pykg40c4hn") + (mozilla-patch "icecat-bug-1318070.patch" "a68d6d9b87d0" "1yqgkgv7i0xy5dm0pgg1cbav4qglsdk8brzcjcpfz65bmn1pqrhh") + (mozilla-patch "icecat-CVE-2017-5448.patch" "6684a3c7f834" "0agyynvcjk28d7l2l4cqz67ddg9xw7ymiirb0npabd1si9zj27xb") + (mozilla-patch "icecat-bug-1336345.patch" "590416f46ec8" "1q2svqjd735rickr9i3kdkd0la6ikdphhmzr19h1r84nrl6a87ia") + (mozilla-patch "icecat-bug-1336356.patch" "00ba83ac39be" "1h6qsfv4r9mlc2ihjm9kmzi76aijdnnyx1g2r30ia87xha106pnk") + (mozilla-patch "icecat-bug-1342363.patch" "10285b4a6b71" "0l2ww19y6qbarcp9brjgbpf4vi3k38r6ak8is5736vqz0c17dim0") + (mozilla-patch "icecat-bug-1343787.patch" "28287b7f0938" "1w85s9rqh0dyfx6qn5plypbypz9casig03b6yiy9bpiq7ckrxz56") + (mozilla-patch "icecat-bug-1292803.patch" "adbf7b59a405" "1l1p0b5rc05czk6kr3k3k99m1fkwphj2jrd092gdbib8q4m4cvzv") + (mozilla-patch "icecat-bug-1313869.patch" "eba25396310b" "1ws0dr0kwclzbc2m0sihd3aqvbbg57ycia0fg6y294k6qipcxv38") + (mozilla-patch "icecat-bug-1141756-pt1.patch" "f7c262517722" "0r1zzbxf47q5w8vcy402yin105ngam3csb2q7h7n8axm97307ykp") + (mozilla-patch "icecat-bug-1141756-pt2.patch" "420396d5e26d" "0yv1pmpydzkirfwrxrgbw98dm4a9a4s0izha0wabrp4lb3655jv5") + (mozilla-patch "icecat-bug-1343210.patch" "ed9521749d6f" "1j2zzi00qyqjgh15ingvl6f88zlk4imp31m5jmf7w5f9jqi5ly3k") + (mozilla-patch "icecat-bug-1342442.patch" "775b6f85ef81" "00h9dgds7jv9n4cznj5qhh8liaf1b3wvnlqc2z7a3kj07ijllwzb") + (mozilla-patch "icecat-bug-1344527.patch" "d4612b14c907" "1n3a0mp351a7xgvshm6688gh89hg0xci3y621zs2pyqsfm114366") + (mozilla-patch "icecat-CVE-2017-5442.patch" "5f1aa2336998" "1y2marhrglc66vchd6z0jdmhg0pmkxp1cwim63bp9l6pj7lxyjma") + (mozilla-patch "icecat-CVE-2017-5430-pt01.patch" "512604631b23" "171nzxr4av4818d0fyg9hcsdxkai61sghl45xnsr2al34l28wsw3") + (mozilla-patch "icecat-CVE-2017-5430-pt02.patch" "16772200ad6f" "087j16rcbs5kgvpa096kd6jarwwwfrhwph54wzjn671wr1vnsvvd") + (mozilla-patch "icecat-CVE-2017-5441.patch" "c744e9d57250" "0m70157lczf17hxb2pabsl3grhcjqallbdfpsd58q8q6fk99k6x3") + (mozilla-patch "icecat-CVE-2017-5433.patch" "b4fc7a4cb5e0" "12q6mr5prpgqg5xnrww09qjm3jx2amb8zig62cd46ba8n9z2j9ab") + (mozilla-patch "icecat-CVE-2017-5429-pt02.patch" "21eac0b4fd2f" "1a6v0hwcc26gnlxygplc11dfzc8bykhh44j4gsz88kl5c5jqhlk9") + (mozilla-patch "icecat-CVE-2017-5432.patch" "62df7046e959" "1qvxbpkf87g4vnl8hxqvwb1ydrpkqq3rbkivr8q4029rvgalf4rf") + (mozilla-patch "icecat-bug-1350599.patch" "f6a978b2fcec" "0rkbbmw52mxgrmn1xny4jkn3slwb5jsqs4yr07ffhz7r801jy9iz") + (mozilla-patch "icecat-bug-1332839.patch" "2ad0f87f5dba" "04458jidri521hgf3r63pl736zz4gmgv6b8spa32anfb7gryj8fy") + (mozilla-patch "icecat-bug-1337548.patch" "29a1ad09a6ec" "0pld81bpc34w6g2ara54sx30msas55kwzr537pvxxc002lpvzs57") + (mozilla-patch "icecat-CVE-2017-5430-pt03.patch" "5dec7534760f" "1xh0y7srl7nznb6szpfiykd6r1ibyxrdvasc36w0chqjdmq7xr32") + (mozilla-patch "icecat-bug-1343851.patch" "e104d53316d7" "1yhv3qvzzi3kr881ji1dnm8ydnr3snh2vzl3c4vdzmvrjx8q5rcb") + (mozilla-patch "icecat-bug-1345222.patch" "864644fadcb0" "0qpplxyfn87bigzdkwlrhj9isd5gfafhjgqfckb239a09wwrblf3") + (mozilla-patch "icecat-bug-1348584.patch" "7cee9ad555af" "0856bpa3n71a3y5m4gilcdb9ghb60p545xkv9zbr245r20mj32ds") + (mozilla-patch "icecat-bug-1346720.patch" "6a597a9cd494" "091a5sanw3w3gl0jcmf8d60m59vwbh5v36vnar20m0hl7xrv4v7p") + (mozilla-patch "icecat-CVE-2017-5430-pt04.patch" "09693629803f" "18fhmsghq0232mhh8j10cy0a4979nmkbh43jlcyrg3l63l7795k4") + (mozilla-patch "icecat-CVE-2017-5430-pt05.patch" "2b8268ea97a9" "0l0f54krxdmqbgldikwjncxvn6irihcljldd3z039himrvplisjg") + (mozilla-patch "icecat-bug-1347700-pt1.patch" "ee706896916c" "0m85x80y98c154hyis08kcy81kbw3v34na1v862vxzs939d3mc0n") + (mozilla-patch "icecat-bug-1347700-pt2.patch" "08ecc2d92f81" "1s6411ccifw9l22hhmf32nhm8r5hbclnhy7jm2n228sqfr4h971g") + (mozilla-patch "icecat-bug-1337682.patch" "15af6a323161" "1nxbwd0574gscnkxfyhzv3yqvxiccb2d0rmba9vi6i62646l2pd5") + (mozilla-patch "icecat-CVE-2017-5451.patch" "d91260f0069a" "15w4rzz51hps2fr8djf5z1rzdwxshclk936mxv5anx1skkwms0y8") + (mozilla-patch "icecat-CVE-2017-5444.patch" "7740cf7e121b" "1706mx4zmnib336p2wmfp9ncyl66lk2da82f28xvcw262mg1c8lw") + (mozilla-patch "icecat-bug-1347164-pt1.patch" "b35a6d6dcdca" "077r0pns58fw3xd3qnbhib4q21vvw0aynpa8iyn1pycg8mppmd0f") + (mozilla-patch "icecat-bug-1347164-pt2.patch" "a42fc05969b9" "1ijq8ccsk5k56h77sv5kqv48w7csj3vbakzq98awgbvypzfdyhss") + (mozilla-patch "icecat-bug-1347164-pt3.patch" "f78ac1ac0a37" "0kj6jq482cqwyngy1kmb69zpq35xah8h33kml8i4l7andiyaq3zm") + (mozilla-patch "icecat-bug-1347164-pt4.patch" "795a3d48a775" "18lw99hmrr93k95hk6v6bx5rcf22aa902x2yf5p6wxdqg56nc0zp") + (mozilla-patch "icecat-bug-1338699.patch" "94ce63191069" "0rdivablincah3gbgl4wzjmqlraazivmr8bhqxdpy8dk0a6fvv4s") + (mozilla-patch "icecat-bug-1342301.patch" "e640e758a7cd" "17f36vvf82n6shlaip7ji8qsy9861f9a5r79h000p3wb3bb7lbfs") + (mozilla-patch "icecat-bug-1342170.patch" "df7ed78b7c0a" "1kq256i66hcm2k9d37i5ws354ksv3bbglmscdjv2v5f7wg3y967v") + (mozilla-patch "icecat-bug-1342634.patch" "d72e56823bbb" "0c186d77lyyg0hjxw15d44rybw6yr5aw8g9m3311xfdn5wiygijb") + (mozilla-patch "icecat-bug-1348796-pt1.patch" "cef01720769e" "0h57372lxanjs5zw9b3vwr2x36yz9gj73swyg50aqp13j4rcbpmy") + (mozilla-patch "icecat-bug-1348796-pt2.patch" "7d3584b75f20" "1a4hvpsvn39832g54hsxhqs24cq8v4nd69jqskkgc1ybs09ncmr3") + (mozilla-patch "icecat-bug-1192800.patch" "e56b0938ea0f" "1hlbxhjzj65s6p2v6f66zdfb3gw5yx77msgq5idsv9jip2w88mpq") + (mozilla-patch "icecat-bug-1309438.patch" "1f30d97563c8" "0rvq729fg9j959ha9qvw5wv7r6vw70qvpy7ynifgqhgrpa749n70") + (mozilla-patch "icecat-bug-1315332.patch" "66495c8d9459" "0vzlx8i0cidpymm6ar07h3yk63fxf64f0b2vb0pihd72h0jzd5s9") + (mozilla-patch "icecat-bug-1346439.patch" "a9fcc2dc324a" "13991jijwa84yczkmc212s23w269r8b1a4yiygqgwaily29l1dc5") + (mozilla-patch "icecat-CVE-2017-5469.patch" "3dcc5f5c2df4" "0b36m6rgxc05h39l6wkzi6dlmq9brcigk7xjrifs4786f0z564hz") + (mozilla-patch "icecat-CVE-2017-5430-pt06.patch" "ac0ca89b5a6b" "1646y9y2wmq8pxb081x3076dq9ana7hh5fxwbsnn17v5wqhi8gfb") + (mozilla-patch "icecat-CVE-2017-5467.patch" "6ed26e6c1a09" "0r1n1dwb4l8xwlns0aifyka6mldb6cy2crhh2qkap64cpj3bzl9s") + (mozilla-patch "icecat-CVE-2017-5439.patch" "2fde528ca7b6" "0iv0sjhnh7br0z3pcpk346wbj162ynacfk3p9309hg6kr1cd92fp") + (mozilla-patch "icecat-CVE-2017-5440.patch" "d88bd03d1234" "1pls63djh4w5023ag3fwjk79cpx816ilgajl5l1qlqyacl8c0v4p") + (mozilla-patch "icecat-bug-1349987.patch" "3282e8f6a121" "1dyc84h7v0l9gndmbiwfqk33f703zr3fv96mwbn58msdf20ma9l2") + (mozilla-patch "icecat-CVE-2017-5434.patch" "ee0a7b55e470" "01vs4p56p0ii0fvmg0kn7gaz6gwf2kwmv6v4pa6v68hwxx1phaag") + (mozilla-patch "icecat-CVE-2017-5430-pt07.patch" "a4e1e04c88ee" "0q07qwzxf2iisrhknjbn1zksv2rr6qzzh6w8ibzlj1sqbdg3h852") + (mozilla-patch "icecat-bug-1335043.patch" "a49419f75b9c" "0pkh5yimnj3p1sd2g9vndgcn11zdx6yhpa88s8vk7fqbs8gf1fz3") + (mozilla-patch "icecat-bug-1299500-pt01.patch" "5fdd36b4400a" "1gdrsbf03wf9v90f1bd2sp9ac38a9lzpzfrv8l8f7gvy70acjxmb") + (mozilla-patch "icecat-bug-1299500-pt02.patch" "34776df5ce44" "15mlf59ii0rk97j8mlf3wz1q0w28ma5mll47dvci6cv3dziai9f1") + (mozilla-patch "icecat-bug-1299500-pt03.patch" "26189af0f504" "1wh1s2xd1w03zi5jdaagk6j5i8v9xsm9360xmv446wdraygkqbci") + (mozilla-patch "icecat-bug-1299500-pt04.patch" "798a8fe17e7b" "0vlalanffq3paa7zab003v1d377x5pvcsy8nc8fr5pdlvi622jll") + (mozilla-patch "icecat-bug-1299500-pt05.patch" "daf2e4f2bd5c" "1rxbjbyr1a6dxjb0qj6900g3kqjphir40pis4qcfl8q811y18jwk") + (mozilla-patch "icecat-bug-1299500-pt06.patch" "1187091c3134" "0r8zz4zbglxg6sl0ybz9lyq1c5w2nqp0xcn2d3rz9bvyj8byqc7m") + (mozilla-patch "icecat-bug-1299500-pt07.patch" "a908f2c2fe30" "1fvwy3fxfrdi9y8hmf4f9aa72i0g6s55s8cp0w22gllsl1f6gvyf") + (mozilla-patch "icecat-bug-1299500-pt08.patch" "e95a26cf7a42" "0pd0kcn7dqd1gy1si85as5zzc96v7vq0v8n3g3gjzms5rdnk085l") + (mozilla-patch "icecat-bug-1299500-pt09.patch" "d63f3b14e571" "0cqd7dal6prsrj7bn2d699idbq4fzjry9vqlbmm9dkyn5683sdy1") + (search-patch "icecat-bug-1299500-pt10.patch") ; Adapted for GNU IceCat, based on: + ;"08f2bc167ae8" "07d1i23ffvi74a5558bb0645vbrap6qlrpcwfyb7dm3llbfnfycy") + (mozilla-patch "icecat-bug-1299500-pt11.patch" "263f27805689" "0nczkvyvlpdjif3xfvj7g2mfz6j06w99x2sblqfmqq6mwrlavpq0") + (mozilla-patch "icecat-CVE-2017-5456.patch" "538e0b382cc2" "0wq2ywn4a7i4ypcx03hl23a4xx3lavz7y505m9kw43fx15r4070r") + (mozilla-patch "icecat-bug-1280079.patch" "6fbcb6a4b91e" "0qcwz9js1bwlnwyv3vhkm0hvahd043lm2bijqsmm0jy20dbslga4") + (mozilla-patch "icecat-CVE-2017-5435.patch" "a362e1205ba4" "127i4ybfb4dk5axp4dxcl7ag7zyx7b517myvs6q4yd8981d1jjd3") + (mozilla-patch "icecat-bug-1341960.patch" "b24ce30e8cfa" "0a521wn8hbaliawmxs21b8wc1gkha8iih62j4zyrfg5rm7ff6p6s") + (mozilla-patch "icecat-CVE-2017-5454.patch" "ac40d4a4e414" "0dnzz95vpq32bsh6hajk4hrcrxwd4w6m7kayl2iziryny86jgak2") + (mozilla-patch "icecat-CVE-2017-5429-pt03.patch" "e469af8e9ccc" "0yn8zqakr9yw0jvysxyc8if09kqf4fr5rq4p9qdkb1p81p4dpmp5") + (mozilla-patch "icecat-bug-1351094.patch" "4c1383e76adc" "0wdldx88qabyhrwnnii44pggmfgqylzxy6ckwzgq86r2yipi4rsq") + (mozilla-patch "icecat-bug-1336527.patch" "b9f53baeabb3" "0y1l641ffbr4i85p0wc1ir6bcsy6h94bchbfc7ppxfijva4fjgvd") + (mozilla-patch "icecat-bug-1345716.patch" "2569af645a98" "1d6lx85ij90j6q6ixwp0h3w7y424yvkz0njsi0my727akbli5rsn") + (mozilla-patch "icecat-bug-1208957.patch" "2b68880d8f6b" "1pl0vkv7clyjchi9kg4995z82sr8xv7cbz1kvsg1v66md6pmp4s4") + (mozilla-patch "icecat-bug-1208957.patch" "bc646835442b" "0f29r5yvlb5w84nvvn6j9r9dq5314jgygjmsna3grzigpkb88gyj") + (mozilla-patch "icecat-bug-1347944.patch" "47cb652ddc25" "0n7871958zwndwz53xvzwjv41v5ar1vxaam8kzr5dkbqmprddimx") + (mozilla-patch "icecat-bug-1347632.patch" "7d8f7a52a108" "0gkbkzkz989j7pk3ia1rfvyjg3si8hnnadwkb2rw13qjxdzhx2zn") + (mozilla-patch "icecat-CVE-2017-5438.patch" "154c93b9435b" "00f8lr5s8h68392bb45zi0xfgqrgfkdxbzwdypp10d89784fvjvd") + (mozilla-patch "icecat-bug-1347486.patch" "15dbaf157058" "1mwgfnx1zsvhp0pgmc8577yw6lnf7g3ikdfj0r21fgffrn76bp69") + (mozilla-patch "icecat-bug-1218437.patch" "e13692bfd5f5" "10jrbs26m8l1vchw6svssrb5h8p82acrcmkx92ybvv4qbaq2bcl0") + (mozilla-patch "icecat-bug-1345853.patch" "5fa27dc4c4a3" "1sqqa4hir2bsnnwnlr34has62kpncmw6l9mylwprd09fxmzzgrd7") + (mozilla-patch "icecat-CVE-2017-5429-pt04.patch" "00c051cd38c7" "1d4aa4nqyjc01mg3jvdjjp7z05c2qhdjj85dhdrd9c18gfiyv4fi") + (mozilla-patch "icecat-bug-1349921.patch" "c6897adc4037" "0acvcdy8awdmpz84243jzf82agrm73wqa198fjbns1p1v3s425z2") + (mozilla-patch "icecat-bug-1338623.patch" "edcafd42dd52" "1xqgjy7a62jsyz1b5mibrcnd7zpb4gdaas0a6z5dwfvz52j4xa16") + (mozilla-patch "icecat-bug-1294799.patch" "0617b074ec3d" "19h7dj44shvdzzj87svpv5q97cikxyxhiwfzf9rnqj1b7fw0xrdh") + (mozilla-patch "icecat-bug-1345049.patch" "88466b911357" "16pgd13mw9a0snyhq6vxmjc7kr9mikvhazkgbc6vpykwi0i0z85b") + (mozilla-patch "icecat-bug-1339999.patch" "b7cb8f8b0877" "0zv1kxcva699ahb9s36l4d9mlrkm0b7hmh6g1422j6iijn136vxb") + (mozilla-patch "icecat-bug-1350868.patch" "ddd6c44790c0" "182ii4wsz2vdd1q4dszd5hka8i2n0ghmqk7l39bd02d3zfibhhvc") + (mozilla-patch "icecat-bug-1342360.patch" "416681a239ef" "0ngs8xgmdhz9ag4dlrqhr0vmanqxr9q2vf16jpm3cimyc06zjxz4") + (mozilla-patch "icecat-CVE-2017-5429-pt05.patch" "a76e626ae6db" "0zn2j8fmhp7502kx1jhrvh85vsys5x6x6gw3v4gl0h8px354v6yw") + (mozilla-patch "icecat-CVE-2017-5429-pt06.patch" "0ce4196ab86e" "0isczy8261qz2zsdxax4j51gypz0gi39q7nfwxg88sl81kc5vym8") + (mozilla-patch "icecat-CVE-2017-5429-pt07.patch" "39da731d80ed" "0vswnv1hqa7r8iz6y5ja7i6w3cyq5xrcd66c1q29ac6n4gn7x338") + (mozilla-patch "icecat-CVE-2017-5430-pt08.patch" "1b148cf9c545" "0ilrib0c2c7mfycpz2hq3vrfdf6sf8lcdbfjk6r4xyxv54vh3lwk") + (mozilla-patch "icecat-bug-1325841.patch" "74e9f13c554f" "0glzcgjsy71y78zaccn33w8djs96i6dd3gafyzkihnkpfddd5cij") + (mozilla-patch "icecat-CVE-2017-5445.patch" "d7d87adfe186" "02p705si2j69ya8n5a916x58nycs07ja0sfpxrwl16f4n2plc91h") + (mozilla-patch "icecat-bug-1346424.patch" "5ede402f494f" "0kbx8yn8ppv7099ic6nhw32f7h42pnwk6dpvb179ilw90ah902q7") + (mozilla-patch "icecat-CVE-2017-5430-pt09.patch" "da44c5cfab2e" "16i4dz5sfkhh3a0khrcf8zn5w20rkf4aqwygjj3cp4qhdh7wnr75") + (mozilla-patch "icecat-CVE-2017-5430-pt10.patch" "0f966927bd55" "07pkhc6l6ylwrzgfm7i1galrvjawqqrhvhk6jcw4b30sfhi0bxq1") + (mozilla-patch "icecat-CVE-2017-5429-pt08.patch" "f0f591f82cc0" "18p091503vpfpp4l3d7hkqj78zavv6qj1lynhlfx67zdp3xqcf8r") + (mozilla-patch "icecat-CVE-2017-5464.patch" "1852dc0beba4" "1zdnkrsqjfv1q2jhj4829ypiwyg78n4jv54yn3b74vwcf5zvzx8m") + (mozilla-patch "icecat-bug-1083140.patch" "6913f0537208" "0vaf61ryp0bzkz6l1w73alhglibbgm0jcgccxvvm43ni67pcxqbq") + ;; The patch commented out below updates the bundled tzdata, + ;; but we can't use it because it contains a GIT binary patch. + ;; TODO: Consider updating the bundled tzdata, or unbundling it. + ;; (mozilla-patch "icecat-bug-1343493.patch" "35496444b380" "1wa79az7121xw078cgpczxavrqy0fsp4ib2nb69giha6acxcaqas") + (mozilla-patch "icecat-CVE-2017-5430-pt11.patch" "64495dfa29db" "0m7vklnwnaf7sw97m87bm4lb9pjmlh1vvrbaf1931db8nhd6m737") + (mozilla-patch "icecat-bug-1350783.patch" "26cd34db3c14" "15vq3lrilg3n9j80cdjmk7xib2iq5gcx9ypq8xs7f5ya9ibasqlx") + (mozilla-patch "icecat-CVE-2017-5429-pt09.patch" "6cd77a0d7ac0" "0kxlbl5m3gffxqrv7ky3swsbyg1ykj0wjhlfl9amsb4g8gra3zkj") + (mozilla-patch "icecat-CVE-2017-5460-pt1.patch" "a803be74843c" "1ywwakzjkfr714i9pfn152n86c6rp427chzdys8phdkcvp5d5p45") + (mozilla-patch "icecat-CVE-2017-5460-pt2.patch" "73762c1392ae" "18jy9ccqvn6l6hznvq5xsqm1pc7i81svc2grgv21wfwg9sd6zwwh") + (mozilla-patch "icecat-bug-1337392-pt1.patch" "4ab6d5c43036" "07pygzngssra9wnmqqrs24d6gc5kfh20fkzvpcasxh4f2hi21z9b") + (mozilla-patch "icecat-bug-1337392-pt2.patch" "13f2d85da9a7" "1iwfz7dp5i93bhjspy4kyz0vqrl8x8ndg5kxdyzwb1b339xim9qy") + (mozilla-patch "icecat-CVE-2017-5429-pt10.patch" "7a30cddfcd54" "1773pijh6gi086l930cn1a0k7kvy7f3cnirfblw98sq7h9qfyy33") + (mozilla-patch "icecat-bug-1345873-pt1.patch" "75cea353ad78" "14cig2y7d3p033hx3096gxzlqwgddq8d0ig0g3l8p1b0xwvvyryl") + (mozilla-patch "icecat-bug-1345873-pt2.patch" "b08ef5a82f89" "0afz01jv850x09df85d7ycqkcdlafi4w2xi5k155lk2b92w8lhpj") + (mozilla-patch "icecat-bug-1340163.patch" "f3f2a995a239" "1ydsj4ja475jscalkw6ggdxgbsp5l2mam5109k0y7c98abzqraxk") + (mozilla-patch "icecat-bug-1348174-pt1.patch" "330904d6f0dc" "19wnp4d8481w86xkk78n7c7wrr99rq6cq3v09hd8am4n0mzwzaja") + (mozilla-patch "icecat-bug-1348174-pt2.patch" "c61b99483c4b" "0mjsahi8ly24415ri2sylas6g0kb8wawi095idqiq019c3r7q9cq") + (mozilla-patch "icecat-bug-1348601.patch" "1848bd238064" "1f5kadhn6w1rs26sdrcc3mq0zzlmmsm6ymqhshkzn57nrj6akm7b") + (mozilla-patch "icecat-bug-1345991.patch" "2008a4b89d9a" "07fkg9r2rxbk362ckv2h8inhd2dadvzigshm6zsjfjs2fyzp95hp") + (mozilla-patch "icecat-bug-1344498-pt1.patch" "9acd0103d67f" "1f0j667g05h9ydmc924cs8mzif1n7s56wixsgnyqc3s231dswhml") + (mozilla-patch "icecat-bug-1344498-pt2.patch" "49aadb25b1ec" "0s618m802b1x5pyqh5mj1azaxch7ggxq9503b7mwhg90vz8qw7ki") + (mozilla-patch "icecat-bug-1344205.patch" "34b453085dc0" "02h1bh24f9i5sm3my07m2q58cpzqfhagwwv11l9fidxcm9dmzmrd") + (mozilla-patch "icecat-bug-1349862.patch" "864ff0c36b6b" "1i3wmigv982x9hzkfg25jhyvkynmar69x6cj6r4g9zkk5f5ypdh5") + (mozilla-patch "icecat-CVE-2017-5459.patch" "5ec6fbedb420" "07flhha4rkjbry5590yr5by36ypb1k33qm3rzkbmw0vk5gyak8dp") + (mozilla-patch "icecat-CVE-2017-5465.patch" "2b95de78a92c" "0vvq1fz84yyw7za929x6ki25paivlwd4ng1ddkcb2bw6da6yp12k") + (mozilla-patch "icecat-CVE-2017-5466.patch" "a5ec5e70abf1" "1jjviyk6db8iccd7997mwmgs188fsyrzivap3ffjf8m6j4mf9cra") + (mozilla-patch "icecat-bug-1347646.patch" "1b50711a46ce" "1i3505zzgf0mvg2405y2gzq36xc8ic2ga8w6d3n9kqryxj0mc7bh"))) (modules '((guix build utils))) (snippet '(begin @@ -424,6 +509,7 @@ standards.") ;; ;; TODO: Use system graphite2. ;; + "dom/devicestorage" ; Removed in ESR 52.1, awkward to patch out "modules/freetype2" "modules/zlib" "modules/libbz2" @@ -450,9 +536,8 @@ standards.") ("dbus-glib" ,dbus-glib) ("gdk-pixbuf" ,gdk-pixbuf) ("glib" ,glib) - ("gstreamer" ,gstreamer) - ("gst-plugins-base" ,gst-plugins-base) - ("gtk+" ,gtk+-2) + ("gtk+" ,gtk+) + ("gtk+-2" ,gtk+-2) ("pango" ,pango) ("freetype" ,freetype) ("hunspell" ,hunspell) @@ -466,6 +551,7 @@ standards.") ("libxcomposite" ,libxcomposite) ("libxt" ,libxt) ("libffi" ,libffi) + ("ffmpeg" ,ffmpeg) ("libvpx" ,libvpx) ("icu4c" ,icu4c) ("pixman" ,pixman) @@ -477,14 +563,15 @@ standards.") ("sqlite" ,sqlite) ("startup-notification" ,startup-notification) ("unzip" ,unzip) - ("yasm" ,yasm) ("zip" ,zip) ("zlib" ,zlib))) (native-inputs `(("perl" ,perl) ("python" ,python-2) ; Python 3 not supported ("python2-pysqlite" ,python2-pysqlite) + ("yasm" ,yasm) ("pkg-config" ,pkg-config) + ("autoconf" ,autoconf-2.13) ("which" ,which))) (arguments `(#:tests? #f ; no check target @@ -496,17 +583,11 @@ standards.") ;; practice somehow. See . #:validate-runpath? #f - #:configure-flags '("--enable-default-toolkit=cairo-gtk2" - "--enable-pango" + #:configure-flags '("--enable-default-toolkit=cairo-gtk3" "--enable-gio" - "--enable-svg" - "--enable-canvas" - "--enable-mathml" "--enable-startup-notification" "--enable-pulseaudio" - "--enable-gstreamer=1.0" - "--disable-gnomevfs" "--disable-gconf" "--disable-gnomeui" @@ -563,16 +644,6 @@ standards.") (utime file early-1980 early-1980)) #t)) #t))) - (add-after - 'unpack 'remove-h264parse-from-blacklist - (lambda _ - ;; Remove h264parse from gstreamer format helper blacklist. It - ;; was put there to work around a bug in a pre-1.0 version of - ;; gstreamer. See: - ;; https://www.mozilla.org/en-US/security/advisories/mfsa2015-47/ - (substitute* "dom/media/gstreamer/GStreamerFormatHelper.cpp" - (("^ \"h264parse\",\n") "")) - #t)) (add-after 'unpack 'use-skia-by-default (lambda _ @@ -596,10 +667,11 @@ standards.") ;; calls to dlopen or PR_LoadLibrary, but that didn't seem to ;; work. More investigation is needed. (substitute* "toolkit/library/moz.build" - (("^# This needs to be last") - "OS_LIBS += [ + (("^# This library needs to be last" all) + (string-append "OS_LIBS += [ 'GL', 'gnome-2', 'canberra', 'Xss', 'cups', 'gssapi_krb5', - 'gstreamer-1.0', 'gstapp-1.0', 'gstvideo-1.0' ]\n\n")) + 'avcodec', 'avutil', 'pulse' ]\n\n" + all))) #t)) (replace 'configure @@ -616,6 +688,7 @@ standards.") ,@configure-flags))) (setenv "SHELL" bash) (setenv "CONFIG_SHELL" bash) + (setenv "AUTOCONF" (which "autoconf")) ; must be autoconf-2.13 (mkdir "../build") (chdir "../build") (format #t "build directory: ~s~%" (getcwd)) diff --git a/gnu/packages/patches/icecat-avoid-bundled-libraries.patch b/gnu/packages/patches/icecat-avoid-bundled-libraries.patch index 267f7b8aac..114631517a 100644 --- a/gnu/packages/patches/icecat-avoid-bundled-libraries.patch +++ b/gnu/packages/patches/icecat-avoid-bundled-libraries.patch @@ -1,8 +1,8 @@ Fixes needed when avoiding bundled libraries. ---- icecat-45.3.0/xpcom/build/moz.build.orig -+++ icecat-45.3.0/xpcom/build/moz.build -@@ -92,10 +92,5 @@ +--- icecat-52.0.2/xpcom/build/moz.build.orig ++++ icecat-52.0.2/xpcom/build/moz.build +@@ -93,10 +93,5 @@ '/docshell/base', ] @@ -13,38 +13,23 @@ Fixes needed when avoiding bundled libraries. - if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'cocoa': CXXFLAGS += CONFIG['TK_CFLAGS'] ---- icecat-45.3.0/storage/moz.build.orig -+++ icecat-45.3.0/storage/moz.build -@@ -108,7 +108,6 @@ - DEFINES['SQLITE_MAX_LIKE_PATTERN_LENGTH'] = 50000 +--- icecat-52.0.2/storage/moz.build.orig ++++ icecat-52.0.2/storage/moz.build +@@ -114,7 +114,6 @@ + DEFINES['MOZ_MEMORY_TEMP_STORE_PRAGMA'] = True LOCAL_INCLUDES += [ - '/db/sqlite3/src', '/dom/base', ] ---- icecat-45.3.0/dom/indexedDB/moz.build.orig -+++ icecat-45.3.0/dom/indexedDB/moz.build -@@ -96,7 +96,6 @@ - SOURCES['Key.cpp'].flags += ['-Wno-error=type-limits'] +--- icecat-52.0.2/dom/indexedDB/moz.build.orig ++++ icecat-52.0.2/dom/indexedDB/moz.build +@@ -101,7 +101,6 @@ + CXXFLAGS += ['-Wno-error=shadow'] LOCAL_INCLUDES += [ - '/db/sqlite3/src', '/dom/base', '/dom/storage', '/dom/workers', ---- icecat-45.3.0/modules/libmar/tests/Makefile.in.orig -+++ icecat-45.3.0/modules/libmar/tests/Makefile.in -@@ -10,12 +10,5 @@ - ifndef MOZ_PROFILE_GENERATE - libs:: - $(INSTALL) ../tool/signmar$(BIN_SUFFIX) $(TESTROOT)/unit -- $(INSTALL) $(DEPTH)/dist/bin/$(DLL_PREFIX)nss3$(DLL_SUFFIX) $(TESTROOT)/unit --ifndef MOZ_FOLD_LIBS -- $(INSTALL) $(DEPTH)/dist/bin/$(DLL_PREFIX)nssutil3$(DLL_SUFFIX) $(TESTROOT)/unit -- $(INSTALL) $(DEPTH)/dist/bin/$(DLL_PREFIX)plc4$(DLL_SUFFIX) $(TESTROOT)/unit -- $(INSTALL) $(DEPTH)/dist/bin/$(DLL_PREFIX)nspr4$(DLL_SUFFIX) $(TESTROOT)/unit -- $(INSTALL) $(DEPTH)/dist/bin/$(DLL_PREFIX)plds4$(DLL_SUFFIX) $(TESTROOT)/unit --endif - endif - endif # Not Android diff --git a/gnu/packages/patches/icecat-binutils.patch b/gnu/packages/patches/icecat-binutils.patch deleted file mode 100644 index 53a3ed9bb0..0000000000 --- a/gnu/packages/patches/icecat-binutils.patch +++ /dev/null @@ -1,40 +0,0 @@ - -# HG changeset patch -# User J. Brown -# Date 1476951900 14400 -# Node ID cca249d09ef600650e6127c18be438a37e9d4587 -# Parent d8bbf1a3957fd25ff24bfee51331c150b154cc39 -Bug 1242901 - Fix linking libxul.so with binutils/GNU ld >= 2.26. r=glandium - -The build fails with: - - /usr/bin/ld: ../../xpcom/components/nsComponentManager.o: relocation R_386_GOTOFF against protected data `start_kPStaticModules_NSModule' can not be used when making a shared object - /usr/bin/ld: final link failed: Bad value - collect2: error: ld returned 1 exit status - -This is a patch from 2016/04/27 16:36:50 ryoon found on -http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/www/firefox45/patches/#dirlist. - -diff --git a/xpcom/components/Module.h b/xpcom/components/Module.h ---- a/xpcom/components/Module.h -+++ b/xpcom/components/Module.h -@@ -133,17 +133,17 @@ struct Module - #if defined(MOZILLA_INTERNAL_API) - # define NSMODULE_NAME(_name) _name##_NSModule - # if defined(_MSC_VER) - # pragma section(".kPStaticModules$M", read) - # pragma comment(linker, "/merge:.kPStaticModules=.rdata") - # define NSMODULE_SECTION __declspec(allocate(".kPStaticModules$M"), dllexport) - # elif defined(__GNUC__) - # if defined(__ELF__) --# define NSMODULE_SECTION __attribute__((section(".kPStaticModules"), visibility("protected"))) -+# define NSMODULE_SECTION __attribute__((section(".kPStaticModules"), visibility("default"))) - # elif defined(__MACH__) - # define NSMODULE_SECTION __attribute__((section("__DATA, .kPStaticModules"), visibility("default"))) - # elif defined (_WIN32) - # define NSMODULE_SECTION __attribute__((section(".kPStaticModules"), dllexport)) - # endif - # endif - # if !defined(NSMODULE_SECTION) - # error Do not know how to define sections. - diff --git a/gnu/packages/patches/icecat-bug-1299500-pt10.patch b/gnu/packages/patches/icecat-bug-1299500-pt10.patch new file mode 100644 index 0000000000..406738b8a5 --- /dev/null +++ b/gnu/packages/patches/icecat-bug-1299500-pt10.patch @@ -0,0 +1,1639 @@ +Based on the following HG changeset, but adapted to GNU IceCat and +also assumes that the dom/devicestorage subtree is deleted by our +snippet. Note that the other parts of this patchset are downloaded +directly from the upstream mozilla-esr52 mercurial repository. + +# HG changeset patch +# User Andrea Marchesini +# Date 1489000545 -3600 +# Node ID 08f2bc167ae82a6f86e427283d8b972ba794b846 +# Parent d63f3b14e5718b62c0adad2eab81b785250f3d4a +Bug 1299500 - Get rid of DeviceStorage API - part 10 - DeviceStorage, r=ehsan, r=billm, a=jcristau + +diff --git a/dom/bindings/Bindings.conf b/dom/bindings/Bindings.conf +--- a/dom/bindings/Bindings.conf ++++ b/dom/bindings/Bindings.conf +@@ -228,21 +228,16 @@ DOMInterfaces = { + 'DeviceAcceleration': { + 'headerFile': 'mozilla/dom/DeviceMotionEvent.h', + }, + + 'DeviceRotationRate': { + 'headerFile': 'mozilla/dom/DeviceMotionEvent.h', + }, + +-'DeviceStorage': { +- 'nativeType': 'nsDOMDeviceStorage', +- 'headerFile': 'DeviceStorage.h', +-}, +- + 'Document': { + 'nativeType': 'nsIDocument', + 'binaryNames': { + 'documentURI': 'documentURIFromJS', + 'URL': 'documentURIFromJS' + } + }, + +diff --git a/dom/filesystem/DeviceStorageFileSystem.cpp b/dom/filesystem/DeviceStorageFileSystem.cpp +--- a/dom/filesystem/DeviceStorageFileSystem.cpp ++++ b/dom/filesystem/DeviceStorageFileSystem.cpp +@@ -1,26 +1,24 @@ + /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ + /* vim: set ts=8 sts=2 et sw=2 tw=80: */ + /* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + + #include "mozilla/dom/DeviceStorageFileSystem.h" + +-#include "DeviceStorage.h" + #include "mozilla/Preferences.h" + #include "mozilla/dom/Directory.h" + #include "mozilla/dom/File.h" + #include "mozilla/dom/FileSystemUtils.h" + #include "mozilla/ipc/BackgroundParent.h" + #include "mozilla/Unused.h" + #include "nsCOMPtr.h" + #include "nsDebug.h" +-#include "nsDeviceStorage.h" + #include "nsIFile.h" + #include "nsPIDOMWindow.h" + #include "nsGlobalWindow.h" + + using namespace mozilla::ipc; + + namespace mozilla { + namespace dom { +@@ -37,44 +35,16 @@ DeviceStorageFileSystem::DeviceStorageFi + if (mozilla::Preferences::GetBool("device.storage.prompt.testing", false)) { + mPermissionCheckType = ePermissionCheckNotRequired; + } else { + mPermissionCheckType = ePermissionCheckRequired; + } + } else { + AssertIsOnBackgroundThread(); + } +- +- // Get the permission name required to access the file system. +- DebugOnly rv = +- DeviceStorageTypeChecker::GetPermissionForType(mStorageType, mPermission); +- NS_WARNING_ASSERTION(NS_SUCCEEDED(rv), "GetPermissionForType failed"); +- +- // Get the local path of the file system root. +- nsCOMPtr rootFile; +- DeviceStorageFile::GetRootDirectoryForType(aStorageType, +- aStorageName, +- getter_AddRefs(rootFile)); +- +- Unused << +- NS_WARN_IF(!rootFile || +- NS_FAILED(rootFile->GetPath(mLocalOrDeviceStorageRootPath))); +- +- if (!XRE_IsParentProcess()) { +- return; +- } +- +- // DeviceStorageTypeChecker is a singleton object and must be initialized on +- // the main thread. We initialize it here so that we can use it on the worker +- // thread. +- if (NS_IsMainThread()) { +- DebugOnly typeChecker = +- DeviceStorageTypeChecker::CreateOrGet(); +- MOZ_ASSERT(typeChecker); +- } + } + + DeviceStorageFileSystem::~DeviceStorageFileSystem() + { + AssertIsOnOwningThread(); + } + + already_AddRefed +diff --git a/dom/ipc/ContentChild.cpp b/dom/ipc/ContentChild.cpp +--- a/dom/ipc/ContentChild.cpp ++++ b/dom/ipc/ContentChild.cpp +@@ -168,44 +168,41 @@ + #include "mozilla/X11Util.h" + #endif + + #ifdef ACCESSIBILITY + #include "nsAccessibilityService.h" + #endif + + #include "mozilla/dom/File.h" +-#include "mozilla/dom/devicestorage/DeviceStorageRequestChild.h" + #include "mozilla/dom/PPresentationChild.h" + #include "mozilla/dom/PresentationIPCService.h" + #include "mozilla/ipc/InputStreamUtils.h" + + #ifdef MOZ_WEBSPEECH + #include "mozilla/dom/PSpeechSynthesisChild.h" + #endif + + #include "ProcessUtils.h" + #include "URIUtils.h" + #include "nsContentUtils.h" + #include "nsIPrincipal.h" +-#include "nsDeviceStorage.h" + #include "DomainPolicy.h" + #include "mozilla/dom/ipc/StructuredCloneData.h" + #include "mozilla/dom/time/DateCacheCleaner.h" + #include "mozilla/net/NeckoMessageUtils.h" + #include "mozilla/widget/PuppetBidiKeyboard.h" + #include "mozilla/RemoteSpellCheckEngineChild.h" + #include "GMPServiceChild.h" + #include "gfxPlatform.h" + #include "nscore.h" // for NS_FREE_PERMANENT_DATA + #include "VRManagerChild.h" + + using namespace mozilla; + using namespace mozilla::docshell; +-using namespace mozilla::dom::devicestorage; + using namespace mozilla::dom::ipc; + using namespace mozilla::dom::workers; + using namespace mozilla::media; + using namespace mozilla::embedding; + using namespace mozilla::gmp; + using namespace mozilla::hal_sandbox; + using namespace mozilla::ipc; + using namespace mozilla::layers; +@@ -1806,29 +1803,16 @@ ContentChild::GetCPOWManager() + } + + bool + ContentChild::RecvPTestShellConstructor(PTestShellChild* actor) + { + return true; + } + +-PDeviceStorageRequestChild* +-ContentChild::AllocPDeviceStorageRequestChild(const DeviceStorageParams& aParams) +-{ +- return new DeviceStorageRequestChild(); +-} +- +-bool +-ContentChild::DeallocPDeviceStorageRequestChild(PDeviceStorageRequestChild* aDeviceStorage) +-{ +- delete aDeviceStorage; +- return true; +-} +- + PNeckoChild* + ContentChild::AllocPNeckoChild() + { + return new NeckoChild(); + } + + bool + ContentChild::DeallocPNeckoChild(PNeckoChild* necko) +@@ -2531,38 +2515,16 @@ ContentChild::RecvVolumes(nsTArrayRecvVolumesFromParent(aVolumes); + } + #endif + return true; + } + + bool +-ContentChild::RecvFilePathUpdate(const nsString& aStorageType, +- const nsString& aStorageName, +- const nsString& aPath, +- const nsCString& aReason) +-{ +- if (nsDOMDeviceStorage::InstanceCount() == 0) { +- // No device storage instances in this process. Don't try and +- // and create a DeviceStorageFile since it will fail. +- +- return true; +- } +- +- RefPtr dsf = new DeviceStorageFile(aStorageType, aStorageName, aPath); +- +- nsString reason; +- CopyASCIItoUTF16(aReason, reason); +- nsCOMPtr obs = mozilla::services::GetObserverService(); +- obs->NotifyObservers(dsf, "file-watcher-update", reason.get()); +- return true; +-} +- +-bool + ContentChild::RecvFileSystemUpdate(const nsString& aFsName, + const nsString& aVolumeName, + const int32_t& aState, + const int32_t& aMountGeneration, + const bool& aIsMediaPresent, + const bool& aIsSharing, + const bool& aIsFormatting, + const bool& aIsFake, +diff --git a/dom/ipc/ContentChild.h b/dom/ipc/ContentChild.h +--- a/dom/ipc/ContentChild.h ++++ b/dom/ipc/ContentChild.h +@@ -193,22 +193,16 @@ public: + const IPCTabContext& aContext, + const uint32_t& aChromeFlags, + const ContentParentId& aCpID, + const bool& aIsForApp, + const bool& aIsForBrowser) override; + + virtual bool DeallocPBrowserChild(PBrowserChild*) override; + +- virtual PDeviceStorageRequestChild* +- AllocPDeviceStorageRequestChild(const DeviceStorageParams&) override; +- +- virtual bool +- DeallocPDeviceStorageRequestChild(PDeviceStorageRequestChild*) override; +- + virtual PBlobChild* + AllocPBlobChild(const BlobConstructorParams& aParams) override; + + virtual bool DeallocPBlobChild(PBlobChild* aActor) override; + + virtual PCrashReporterChild* + AllocPCrashReporterChild(const mozilla::dom::NativeThreadId& id, + const uint32_t& processType) override; +@@ -436,21 +430,16 @@ public: + + virtual bool + RecvInitBlobURLs(nsTArray&& aRegistations) override; + + virtual bool RecvLastPrivateDocShellDestroyed() override; + + virtual bool RecvVolumes(InfallibleTArray&& aVolumes) override; + +- virtual bool RecvFilePathUpdate(const nsString& aStorageType, +- const nsString& aStorageName, +- const nsString& aPath, +- const nsCString& aReason) override; +- + virtual bool RecvFileSystemUpdate(const nsString& aFsName, + const nsString& aVolumeName, + const int32_t& aState, + const int32_t& aMountGeneration, + const bool& aIsMediaPresent, + const bool& aIsSharing, + const bool& aIsFormatting, + const bool& aIsFake, +diff --git a/dom/ipc/ContentParent.cpp b/dom/ipc/ContentParent.cpp +--- a/dom/ipc/ContentParent.cpp ++++ b/dom/ipc/ContentParent.cpp +@@ -23,17 +23,16 @@ + + #include "chrome/common/process_watcher.h" + + #include "mozilla/a11y/PDocAccessible.h" + #include "AppProcessChecker.h" + #include "AudioChannelService.h" + #include "BlobParent.h" + #include "CrashReporterParent.h" +-#include "DeviceStorageStatics.h" + #include "GMPServiceParent.h" + #include "HandlerServiceParent.h" + #include "IHistory.h" + #include "imgIContainer.h" + #include "mozIApplication.h" + #if defined(XP_WIN) && defined(ACCESSIBILITY) + #include "mozilla/a11y/AccessibleWrap.h" + #endif +@@ -50,17 +49,16 @@ + #include "mozilla/dom/GetFilesHelper.h" + #include "mozilla/dom/GeolocationBinding.h" + #include "mozilla/dom/Notification.h" + #include "mozilla/dom/PContentBridgeParent.h" + #include "mozilla/dom/PContentPermissionRequestParent.h" + #include "mozilla/dom/PCycleCollectWithLogsParent.h" + #include "mozilla/dom/PMemoryReportRequestParent.h" + #include "mozilla/dom/ServiceWorkerRegistrar.h" +-#include "mozilla/dom/devicestorage/DeviceStorageRequestParent.h" + #include "mozilla/dom/power/PowerManagerService.h" + #include "mozilla/dom/Permissions.h" + #include "mozilla/dom/PresentationParent.h" + #include "mozilla/dom/PPresentationParent.h" + #include "mozilla/dom/PushNotifier.h" + #include "mozilla/dom/FlyWebPublishedServerIPC.h" + #include "mozilla/dom/quota/QuotaManagerService.h" + #include "mozilla/dom/time/DateCacheCleaner.h" +@@ -272,17 +270,16 @@ using base::ChildPrivileges; + using base::KillProcess; + #ifdef MOZ_ENABLE_PROFILER_SPS + using mozilla::ProfileGatherer; + #endif + + #ifdef MOZ_CRASHREPORTER + using namespace CrashReporter; + #endif +-using namespace mozilla::dom::devicestorage; + using namespace mozilla::dom::power; + using namespace mozilla::media; + using namespace mozilla::embedding; + using namespace mozilla::gfx; + using namespace mozilla::gmp; + using namespace mozilla::hal; + using namespace mozilla::ipc; + using namespace mozilla::layers; +@@ -2775,22 +2772,16 @@ ContentParent::Observe(nsISupports* aSub + Unused << SendCycleCollect(); + } + else if (!strcmp(aTopic, "child-mmu-request")){ + Unused << SendMinimizeMemoryUsage(); + } + else if (!strcmp(aTopic, "last-pb-context-exited")) { + Unused << SendLastPrivateDocShellDestroyed(); + } +- else if (!strcmp(aTopic, "file-watcher-update")) { +- nsCString creason; +- CopyUTF16toUTF8(aData, creason); +- DeviceStorageFile* file = static_cast(aSubject); +- Unused << SendFilePathUpdate(file->mStorageType, file->mStorageName, file->mPath, creason); +- } + #ifdef MOZ_WIDGET_GONK + else if(!strcmp(aTopic, NS_VOLUME_STATE_CHANGED)) { + nsCOMPtr vol = do_QueryInterface(aSubject); + if (!vol) { + return NS_ERROR_NOT_AVAILABLE; + } + + nsString volName; +@@ -3021,35 +3012,16 @@ ContentParent::AllocPBrowserParent(const + } + + bool + ContentParent::DeallocPBrowserParent(PBrowserParent* frame) + { + return nsIContentParent::DeallocPBrowserParent(frame); + } + +-PDeviceStorageRequestParent* +-ContentParent::AllocPDeviceStorageRequestParent(const DeviceStorageParams& aParams) +-{ +- RefPtr result = new DeviceStorageRequestParent(aParams); +- if (!result->EnsureRequiredPermissions(this)) { +- return nullptr; +- } +- result->Dispatch(); +- return result.forget().take(); +-} +- +-bool +-ContentParent::DeallocPDeviceStorageRequestParent(PDeviceStorageRequestParent* doomed) +-{ +- DeviceStorageRequestParent *parent = static_cast(doomed); +- NS_RELEASE(parent); +- return true; +-} +- + PBlobParent* + ContentParent::AllocPBlobParent(const BlobConstructorParams& aParams) + { + return nsIContentParent::AllocPBlobParent(aParams); + } + + bool + ContentParent::DeallocPBlobParent(PBlobParent* aActor) +@@ -3871,35 +3843,16 @@ ContentParent::RecvAsyncMessage(const ns + InfallibleTArray&& aCpows, + const IPC::Principal& aPrincipal, + const ClonedMessageData& aData) + { + return nsIContentParent::RecvAsyncMessage(aMsg, Move(aCpows), aPrincipal, + aData); + } + +-bool +-ContentParent::RecvFilePathUpdateNotify(const nsString& aType, +- const nsString& aStorageName, +- const nsString& aFilePath, +- const nsCString& aReason) +-{ +- RefPtr dsf = new DeviceStorageFile(aType, +- aStorageName, +- aFilePath); +- +- nsCOMPtr obs = mozilla::services::GetObserverService(); +- if (!obs) { +- return false; +- } +- obs->NotifyObservers(dsf, "file-watcher-update", +- NS_ConvertASCIItoUTF16(aReason).get()); +- return true; +-} +- + static int32_t + AddGeolocationListener(nsIDOMGeoPositionCallback* watcher, + nsIDOMGeoPositionErrorCallback* errorCallBack, + bool highAccuracy) + { + nsCOMPtr geo = do_GetService("@mozilla.org/geolocation;1"); + if (!geo) { + return -1; +@@ -4943,35 +4896,16 @@ ContentParent::RecvBeginDriverCrashGuard + bool + ContentParent::RecvEndDriverCrashGuard(const uint32_t& aGuardType) + { + mDriverCrashGuard = nullptr; + return true; + } + + bool +-ContentParent::RecvGetDeviceStorageLocation(const nsString& aType, +- nsString* aPath) +-{ +-#ifdef MOZ_WIDGET_ANDROID +- mozilla::AndroidBridge::GetExternalPublicDirectory(aType, *aPath); +- return true; +-#else +- return false; +-#endif +-} +- +-bool +-ContentParent::RecvGetDeviceStorageLocations(DeviceStorageLocationInfo* info) +-{ +- DeviceStorageStatics::GetDeviceStorageLocationsForIPC(info); +- return true; +-} +- +-bool + ContentParent::RecvGetAndroidSystemInfo(AndroidSystemInfo* aInfo) + { + #ifdef MOZ_WIDGET_ANDROID + nsSystemInfo::GetAndroidSystemInfo(aInfo); + return true; + #else + MOZ_CRASH("wrong platform!"); + return false; +diff --git a/dom/ipc/ContentParent.h b/dom/ipc/ContentParent.h +--- a/dom/ipc/ContentParent.h ++++ b/dom/ipc/ContentParent.h +@@ -726,22 +726,16 @@ private: + const IPCTabContext& aContext, + const uint32_t& aChromeFlags, + const ContentParentId& aCpId, + const bool& aIsForApp, + const bool& aIsForBrowser) override; + + virtual bool DeallocPBrowserParent(PBrowserParent* frame) override; + +- virtual PDeviceStorageRequestParent* +- AllocPDeviceStorageRequestParent(const DeviceStorageParams&) override; +- +- virtual bool +- DeallocPDeviceStorageRequestParent(PDeviceStorageRequestParent*) override; +- + virtual PBlobParent* + AllocPBlobParent(const BlobConstructorParams& aParams) override; + + virtual bool DeallocPBlobParent(PBlobParent* aActor) override; + + virtual bool + RecvPBlobConstructor(PBlobParent* aActor, + const BlobConstructorParams& params) override; +@@ -927,21 +921,16 @@ private: + const IPC::Principal& aPrincipal, + nsTArray* aRetvals) override; + + virtual bool RecvAsyncMessage(const nsString& aMsg, + InfallibleTArray&& aCpows, + const IPC::Principal& aPrincipal, + const ClonedMessageData& aData) override; + +- virtual bool RecvFilePathUpdateNotify(const nsString& aType, +- const nsString& aStorageName, +- const nsString& aFilePath, +- const nsCString& aReason) override; +- + virtual bool RecvAddGeolocationListener(const IPC::Principal& aPrincipal, + const bool& aHighAccuracy) override; + virtual bool RecvRemoveGeolocationListener() override; + + virtual bool RecvSetGeolocationHigherAccuracy(const bool& aEnable) override; + + virtual bool RecvConsoleMessage(const nsString& aMessage) override; + +@@ -1047,21 +1036,16 @@ private: + const uint32_t& aDropEffect) override; + + virtual bool RecvProfile(const nsCString& aProfile) override; + + virtual bool RecvGetGraphicsDeviceInitData(ContentDeviceData* aOut) override; + + void StartProfiler(nsIProfilerStartParams* aParams); + +- virtual bool RecvGetDeviceStorageLocation(const nsString& aType, +- nsString* aPath) override; +- +- virtual bool RecvGetDeviceStorageLocations(DeviceStorageLocationInfo* info) override; +- + virtual bool RecvGetAndroidSystemInfo(AndroidSystemInfo* aInfo) override; + + virtual bool RecvNotifyBenchmarkResult(const nsString& aCodecName, + const uint32_t& aDecodeFPS) override; + + virtual bool RecvNotifyPushObservers(const nsCString& aScope, + const IPC::Principal& aPrincipal, + const nsString& aMessageId) override; +diff --git a/dom/ipc/PContent.ipdl b/dom/ipc/PContent.ipdl +--- a/dom/ipc/PContent.ipdl ++++ b/dom/ipc/PContent.ipdl +@@ -10,17 +10,16 @@ include protocol PBrowser; + include protocol PCompositorBridge; + include protocol PContentBridge; + include protocol PContentPermissionRequest; + include protocol PCycleCollectWithLogs; + include protocol PCrashReporter; + include protocol PPSMContentDownloader; + include protocol PExternalHelperApp; + include protocol PHandlerService; +-include protocol PDeviceStorageRequest; + include protocol PFileDescriptorSet; + include protocol PHal; + include protocol PHeapSnapshotTempFileHelper; + include protocol PProcessHangMonitor; + include protocol PImageBridge; + include protocol PMedia; + include protocol PMemoryReportRequest; + include protocol PNecko; +@@ -111,130 +110,16 @@ struct FontListEntry { + nsCString filepath; + uint16_t weight; + int16_t stretch; + uint8_t italic; + uint8_t index; + bool isHidden; + }; + +-struct DeviceStorageFreeSpaceParams +-{ +- nsString type; +- nsString storageName; +-}; +- +-struct DeviceStorageUsedSpaceParams +-{ +- nsString type; +- nsString storageName; +-}; +- +-struct DeviceStorageAvailableParams +-{ +- nsString type; +- nsString storageName; +-}; +- +-struct DeviceStorageStatusParams +-{ +- nsString type; +- nsString storageName; +-}; +- +-struct DeviceStorageFormatParams +-{ +- nsString type; +- nsString storageName; +-}; +- +-struct DeviceStorageMountParams +-{ +- nsString type; +- nsString storageName; +-}; +- +-struct DeviceStorageUnmountParams +-{ +- nsString type; +- nsString storageName; +-}; +- +-struct DeviceStorageAddParams +-{ +- nsString type; +- nsString storageName; +- nsString relpath; +- PBlob blob; +-}; +- +-struct DeviceStorageAppendParams +-{ +- nsString type; +- nsString storageName; +- nsString relpath; +- PBlob blob; +-}; +- +-struct DeviceStorageCreateFdParams +-{ +- nsString type; +- nsString storageName; +- nsString relpath; +-}; +- +-struct DeviceStorageGetParams +-{ +- nsString type; +- nsString storageName; +- nsString rootDir; +- nsString relpath; +-}; +- +-struct DeviceStorageDeleteParams +-{ +- nsString type; +- nsString storageName; +- nsString relpath; +-}; +- +-struct DeviceStorageEnumerationParams +-{ +- nsString type; +- nsString storageName; +- nsString rootdir; +- uint64_t since; +-}; +- +-union DeviceStorageParams +-{ +- DeviceStorageAddParams; +- DeviceStorageAppendParams; +- DeviceStorageCreateFdParams; +- DeviceStorageGetParams; +- DeviceStorageDeleteParams; +- DeviceStorageEnumerationParams; +- DeviceStorageFreeSpaceParams; +- DeviceStorageUsedSpaceParams; +- DeviceStorageAvailableParams; +- DeviceStorageStatusParams; +- DeviceStorageFormatParams; +- DeviceStorageMountParams; +- DeviceStorageUnmountParams; +-}; +- +-struct DeviceStorageLocationInfo { +- nsString music; +- nsString pictures; +- nsString videos; +- nsString sdcard; +- nsString apps; +- nsString crashes; +-}; +- + union PrefValue { + nsCString; + int32_t; + bool; + }; + + union MaybePrefValue { + PrefValue; +@@ -355,17 +240,16 @@ nested(upto inside_cpow) sync protocol P + parent opens PGMPService; + child opens PBackground; + + manages PBlob; + manages PBrowser; + manages PContentPermissionRequest; + manages PCrashReporter; + manages PCycleCollectWithLogs; +- manages PDeviceStorageRequest; + manages PPSMContentDownloader; + manages PExternalHelperApp; + manages PFileDescriptorSet; + manages PHal; + manages PHandlerService; + manages PHeapSnapshotTempFileHelper; + manages PMedia; + manages PMemoryReportRequest; +@@ -538,19 +422,16 @@ child: + /** + * Send BlobURLRegistrationData to child process. + */ + async InitBlobURLs(BlobURLRegistrationData[] registrations); + + // Notify child that last-pb-context-exited notification was observed + async LastPrivateDocShellDestroyed(); + +- async FilePathUpdate(nsString storageType, nsString storageName, nsString filepath, +- nsCString reasons); +- + // Note: Any changes to this structure should also be changed in + // VolumeInfo above. + async FileSystemUpdate(nsString fsName, nsString mountPoint, int32_t fsState, + int32_t mountGeneration, bool isMediaPresent, + bool isSharing, bool isFormatting, bool isFake, + bool isUnmounting, bool isRemovable, bool isHotSwappable); + + // Notify volume is removed. +@@ -738,17 +619,16 @@ parent: + * process. |newPluginEpoch| is the current epoch in the chrome process. If + * |pluginEpoch == newPluginEpoch|, then |plugins| will be left empty. + */ + sync FindPlugins(uint32_t pluginEpoch) returns (nsresult aResult, PluginTag[] plugins, uint32_t newPluginEpoch); + + async PJavaScript(); + + async PRemoteSpellcheckEngine(); +- async PDeviceStorageRequest(DeviceStorageParams params); + + sync PCrashReporter(NativeThreadId tid, uint32_t processType); + + /** + * Is this token compatible with the provided version? + * + * |version| The offered version to test + * Returns |True| if the offered version is compatible +@@ -921,21 +801,16 @@ parent: + async FirstIdle(); + + async AudioChannelServiceStatus(bool aActiveTelephonyChannel, + bool aContentOrNormalChannel, + bool aAnyActiveChannel); + + async AudioChannelChangeDefVolChannel(int32_t aChannel, bool aHidden); + +- async FilePathUpdateNotify(nsString aType, +- nsString aStorageName, +- nsString aFilepath, +- nsCString aReason); +- + // called by the child (test code only) to propagate volume changes to the parent + async CreateFakeVolume(nsString fsName, nsString mountPoint); + async SetFakeVolumeState(nsString fsName, int32_t fsState); + async RemoveFakeVolume(nsString fsName); + + sync KeywordToURI(nsCString keyword) + returns (nsString providerName, OptionalInputStreamParams postData, OptionalURIParams uri); + +@@ -1108,22 +983,16 @@ parent: + float aFullZoom) + returns (nsresult rv, + bool windowOpened, + FrameScriptInfo[] frameScripts, + nsCString urlToLoad, + TextureFactoryIdentifier textureFactoryIdentifier, + uint64_t layersId); + +- sync GetDeviceStorageLocation(nsString type) +- returns (nsString path); +- +- sync GetDeviceStorageLocations() +- returns (DeviceStorageLocationInfo info); +- + sync GetAndroidSystemInfo() + returns (AndroidSystemInfo info); + + /** + * Tells the parent to ungrab the pointer on the default display. + * + * This is for GTK platforms where we have to ensure the pointer ungrab happens in the + * chrome process as that's the process that receives the pointer event. +diff --git a/dom/ipc/moz.build b/dom/ipc/moz.build +--- a/dom/ipc/moz.build ++++ b/dom/ipc/moz.build +@@ -120,17 +120,16 @@ if CONFIG['MOZ_CONTENT_SANDBOX'] and CON + 'mozsandbox', + ] + + LOCAL_INCLUDES += [ + '/caps', + '/chrome', + '/docshell/base', + '/dom/base', +- '/dom/devicestorage', + '/dom/events', + '/dom/filesystem', + '/dom/geolocation', + '/dom/media/webspeech/synth/ipc', + '/dom/security', + '/dom/storage', + '/dom/workers', + '/embedding/components/printingui/ipc', +diff --git a/dom/moz.build b/dom/moz.build +--- a/dom/moz.build ++++ b/dom/moz.build +@@ -42,17 +42,16 @@ DIRS += [ + 'base', + 'archivereader', + 'bindings', + 'battery', + 'browser-element', + 'cache', + 'canvas', + 'crypto', +- 'devicestorage', + 'encoding', + 'events', + 'fetch', + 'filehandle', + 'filesystem', + 'flyweb', + 'gamepad', + 'geolocation', +diff --git a/dom/webidl/DeviceStorage.webidl b/dom/webidl/DeviceStorage.webidl +deleted file mode 100644 +--- a/dom/webidl/DeviceStorage.webidl ++++ /dev/null +@@ -1,95 +0,0 @@ +-/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +-/* This Source Code Form is subject to the terms of the Mozilla Public +- * License, v. 2.0. If a copy of the MPL was not distributed with this +- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +- +-dictionary DeviceStorageEnumerationParameters { +- Date since; +-}; +- +-[Pref="device.storage.enabled"] +-interface DeviceStorage : EventTarget { +- attribute EventHandler onchange; +- +- [Throws] +- DOMRequest? add(Blob? aBlob); +- [Throws] +- DOMRequest? addNamed(Blob? aBlob, DOMString aName); +- +- /** +- * Append data to a given file. +- * If the file doesn't exist, a "NotFoundError" event will be dispatched. +- * In the same time, it is a request.onerror case. +- * If the file exists, it will be opened with the following permission: +- * "PR_WRONLY|PR_CREATE_FILE|PR_APPEND". +- * The function will return null when blob file is null and other unexpected situations. +- * @parameter aBlob: A Blob object representing the data to append +- * @parameter aName: A string representing the full name (path + file name) of the file +- * to append data to. +- */ +- [Throws] +- DOMRequest? appendNamed(Blob? aBlob, DOMString aName); +- +- [Throws] +- DOMRequest get(DOMString aName); +- [Throws] +- DOMRequest getEditable(DOMString aName); +- [Throws] +- DOMRequest delete(DOMString aName); +- +- [Throws] +- DOMCursor enumerate(optional DeviceStorageEnumerationParameters options); +- [Throws] +- DOMCursor enumerate(DOMString path, +- optional DeviceStorageEnumerationParameters options); +- [Throws] +- DOMCursor enumerateEditable(optional DeviceStorageEnumerationParameters options); +- [Throws] +- DOMCursor enumerateEditable(DOMString path, +- optional DeviceStorageEnumerationParameters options); +- +- [Throws] +- DOMRequest freeSpace(); +- [Throws] +- DOMRequest usedSpace(); +- [Throws] +- DOMRequest available(); +- [Throws] +- DOMRequest storageStatus(); +- [Throws] +- DOMRequest format(); +- [Throws] +- DOMRequest mount(); +- [Throws] +- DOMRequest unmount(); +- +- // Note that the storageName is just a name (like sdcard), and doesn't +- // include any path information. +- readonly attribute DOMString storageName; +- +- // Indicates if the storage area denoted by storageName is capable of +- // being mounted and unmounted. +- readonly attribute boolean canBeMounted; +- +- // Indicates if the storage area denoted by storageName is capable of +- // being shared and unshared. +- readonly attribute boolean canBeShared; +- +- // Indicates if the storage area denoted by storageName is capable of +- // being formatted. +- readonly attribute boolean canBeFormatted; +- +- // Determines if this storage area is the one which will be used by default +- // for storing new files. +- readonly attribute boolean default; +- +- // Indicates if the storage area denoted by storageName is removable +- readonly attribute boolean isRemovable; +- +- // True if the storage area is close to being full +- readonly attribute boolean lowDiskSpace; +- +- [NewObject] +- // XXXbz what type does this really return? +- Promise getRoot(); +-}; +diff --git a/dom/webidl/moz.build b/dom/webidl/moz.build +--- a/dom/webidl/moz.build ++++ b/dom/webidl/moz.build +@@ -104,17 +104,16 @@ WEBIDL_FILES = [ + 'DataTransfer.webidl', + 'DataTransferItem.webidl', + 'DataTransferItemList.webidl', + 'DecoderDoctorNotification.webidl', + 'DedicatedWorkerGlobalScope.webidl', + 'DelayNode.webidl', + 'DesktopNotification.webidl', + 'DeviceMotionEvent.webidl', +- 'DeviceStorage.webidl', + 'Directory.webidl', + 'Document.webidl', + 'DocumentFragment.webidl', + 'DocumentTimeline.webidl', + 'DocumentType.webidl', + 'DOMCursor.webidl', + 'DOMError.webidl', + 'DOMException.webidl', +diff --git a/layout/build/nsLayoutStatics.cpp b/layout/build/nsLayoutStatics.cpp +--- a/layout/build/nsLayoutStatics.cpp ++++ b/layout/build/nsLayoutStatics.cpp +@@ -122,17 +122,16 @@ using namespace mozilla::system; + #include "mozilla/dom/CustomElementRegistry.h" + #include "mozilla/dom/time/DateCacheCleaner.h" + #include "mozilla/EventDispatcher.h" + #include "mozilla/IMEStateManager.h" + #include "mozilla/dom/HTMLVideoElement.h" + #include "TouchManager.h" + #include "MediaDecoder.h" + #include "MediaPrefs.h" +-#include "mozilla/dom/devicestorage/DeviceStorageStatics.h" + #include "mozilla/ServoBindings.h" + #include "mozilla/StaticPresData.h" + #include "mozilla/dom/WebIDLGlobalNameHash.h" + + using namespace mozilla; + using namespace mozilla::net; + using namespace mozilla::dom; + using namespace mozilla::dom::ipc; +@@ -303,18 +302,16 @@ nsLayoutStatics::Initialize() + nsStyleContext::Initialize(); + mozilla::LayerAnimationInfo::Initialize(); + #endif + + MediaDecoder::InitStatics(); + + PromiseDebugging::Init(); + +- mozilla::dom::devicestorage::DeviceStorageStatics::Initialize(); +- + mozilla::dom::WebCryptoThreadPool::Initialize(); + + // NB: We initialize servo in nsAppRunner.cpp, because we need to do it after + // creating the hidden DOM window to support some current stylo hacks. We + // should move initialization back here once those go away. + + #ifndef MOZ_WIDGET_ANDROID + // On Android, we instantiate it when constructing AndroidBridge. +diff --git a/mobile/android/components/ContentPermissionPrompt.js b/mobile/android/components/ContentPermissionPrompt.js +--- a/mobile/android/components/ContentPermissionPrompt.js ++++ b/mobile/android/components/ContentPermissionPrompt.js +@@ -8,20 +8,16 @@ const Cu = Components.utils; + const Cc = Components.classes; + + Cu.import("resource://gre/modules/XPCOMUtils.jsm"); + Cu.import("resource://gre/modules/Services.jsm"); + + const kEntities = { + "contacts": "contacts", + "desktop-notification": "desktopNotification2", +- "device-storage:music": "deviceStorageMusic", +- "device-storage:pictures": "deviceStoragePictures", +- "device-storage:sdcard": "deviceStorageSdcard", +- "device-storage:videos": "deviceStorageVideos", + "geolocation": "geolocation", + "flyweb-publish-server": "flyWebPublishServer", + }; + + // For these types, prompt for permission if action is unknown. + const PROMPT_FOR_UNKNOWN = [ + "desktop-notification", + "geolocation", +diff --git a/mobile/android/geckoview/src/main/java/org/mozilla/gecko/GeckoAppShell.java b/mobile/android/geckoview/src/main/java/org/mozilla/gecko/GeckoAppShell.java +--- a/mobile/android/geckoview/src/main/java/org/mozilla/gecko/GeckoAppShell.java ++++ b/mobile/android/geckoview/src/main/java/org/mozilla/gecko/GeckoAppShell.java +@@ -2198,54 +2198,16 @@ public class GeckoAppShell + return null; + } + + @WrapForJNI + private static String connectionGetMimeType(URLConnection connection) { + return connection.getContentType(); + } + +- /** +- * Retrieve the absolute path of an external storage directory. +- * +- * @param type The type of directory to return +- * @return Absolute path of the specified directory or null on failure +- */ +- @WrapForJNI(calledFrom = "gecko") +- private static String getExternalPublicDirectory(final String type) { +- final String state = Environment.getExternalStorageState(); +- if (!Environment.MEDIA_MOUNTED.equals(state) && +- !Environment.MEDIA_MOUNTED_READ_ONLY.equals(state)) { +- // External storage is not available. +- return null; +- } +- +- if ("sdcard".equals(type)) { +- // SD card has a separate path. +- return Environment.getExternalStorageDirectory().getAbsolutePath(); +- } +- +- final String systemType; +- if ("downloads".equals(type)) { +- systemType = Environment.DIRECTORY_DOWNLOADS; +- } else if ("pictures".equals(type)) { +- systemType = Environment.DIRECTORY_PICTURES; +- } else if ("videos".equals(type)) { +- systemType = Environment.DIRECTORY_MOVIES; +- } else if ("music".equals(type)) { +- systemType = Environment.DIRECTORY_MUSIC; +- } else if ("apps".equals(type)) { +- File appInternalStorageDirectory = getApplicationContext().getFilesDir(); +- return new File(appInternalStorageDirectory, "mozilla").getAbsolutePath(); +- } else { +- return null; +- } +- return Environment.getExternalStoragePublicDirectory(systemType).getAbsolutePath(); +- } +- + @WrapForJNI(calledFrom = "gecko") + private static int getMaxTouchPoints() { + PackageManager pm = getApplicationContext().getPackageManager(); + if (pm.hasSystemFeature(PackageManager.FEATURE_TOUCHSCREEN_MULTITOUCH_JAZZHAND)) { + // at least, 5+ fingers. + return 5; + } else if (pm.hasSystemFeature(PackageManager.FEATURE_TOUCHSCREEN_MULTITOUCH_DISTINCT)) { + // at least, 2+ fingers. +diff --git a/netwerk/test/mochitests/signed_web_packaged_app.sjs b/netwerk/test/mochitests/signed_web_packaged_app.sjs +--- a/netwerk/test/mochitests/signed_web_packaged_app.sjs ++++ b/netwerk/test/mochitests/signed_web_packaged_app.sjs +@@ -35,19 +35,16 @@ Content-Type: application/x-web-app-mani + "src": "scripts/library.js", + "integrity": "TN2ByXZiaBiBCvS4MeZ02UyNi44vED+KjdjLInUl4o8=" + } + ], + "moz-permissions": [ + { + "systemXHR": { + "description": "Needed to download stuff" +- }, +- "devicestorage:pictures": { +- "description": "Need to load pictures" + } + } + ], + "package-identifier": "09bc9714-7ab6-4320-9d20-fde4c237522c", + "description": "A great app!" + }\r + --NKWXJUAFXB\r + Content-Location: page2.html\r +diff --git a/toolkit/components/jsdownloads/src/DownloadIntegration.jsm b/toolkit/components/jsdownloads/src/DownloadIntegration.jsm +--- a/toolkit/components/jsdownloads/src/DownloadIntegration.jsm ++++ b/toolkit/components/jsdownloads/src/DownloadIntegration.jsm +@@ -268,53 +268,16 @@ this.DownloadIntegration = { + // Add the view used for detecting changes to downloads to be persisted. + // We must do this after the list of persistent downloads has been loaded, + // even if the load operation failed. We wait for a complete initialization + // so other callers cannot modify the list without being detected. The + // DownloadAutoSaveView is kept alive by the underlying DownloadList. + yield new DownloadAutoSaveView(list, this._store).initialize(); + }), + +-#ifdef MOZ_WIDGET_GONK +- /** +- * Finds the default download directory which can be either in the +- * internal storage or on the sdcard. +- * +- * @return {Promise} +- * @resolves The downloads directory string path. +- */ +- _getDefaultDownloadDirectory: Task.async(function* () { +- let directoryPath; +- let win = Services.wm.getMostRecentWindow("navigator:browser"); +- let storages = win.navigator.getDeviceStorages("sdcard"); +- let preferredStorageName; +- // Use the first one or the default storage. +- storages.forEach((aStorage) => { +- if (aStorage.default || !preferredStorageName) { +- preferredStorageName = aStorage.storageName; +- } +- }); +- +- // Now get the path for this storage area. +- if (preferredStorageName) { +- let volume = volumeService.getVolumeByName(preferredStorageName); +- if (volume && volume.state === Ci.nsIVolume.STATE_MOUNTED){ +- directoryPath = OS.Path.join(volume.mountPoint, "downloads"); +- yield OS.File.makeDir(directoryPath, { ignoreExisting: true }); +- } +- } +- if (directoryPath) { +- return directoryPath; +- } else { +- throw new Components.Exception("No suitable storage for downloads.", +- Cr.NS_ERROR_FILE_UNRECOGNIZED_PATH); +- } +- }), +-#endif +- + /** + * Determines if a Download object from the list of persistent downloads + * should be saved into a file, so that it can be restored across sessions. + * + * This function allows filtering out downloads that the host application is + * not interested in persisting across sessions, for example downloads that + * finished successfully. + * +@@ -377,18 +340,16 @@ this.DownloadIntegration = { + #ifdef MOZ_WIDGET_ANDROID + // Android doesn't have a $HOME directory, and by default we only have + // write access to /data/data/org.mozilla.{$APP} and /sdcard + directoryPath = gEnvironment.get("DOWNLOADS_DIRECTORY"); + if (!directoryPath) { + throw new Components.Exception("DOWNLOADS_DIRECTORY is not set.", + Cr.NS_ERROR_FILE_UNRECOGNIZED_PATH); + } +-#elifdef MOZ_WIDGET_GONK +- directoryPath = this._getDefaultDownloadDirectory(); + #else + // For Linux, use XDG download dir, with a fallback to Home/Downloads + // if the XDG user dirs are disabled. + try { + directoryPath = this._getDirectory("DfltDwnld"); + } catch(e) { + directoryPath = yield this._createDownloadsDirectory("Home"); + } +@@ -405,19 +366,16 @@ this.DownloadIntegration = { + /** + * Returns the user downloads directory asynchronously. + * + * @return {Promise} + * @resolves The downloads directory string path. + */ + getPreferredDownloadsDirectory: Task.async(function* () { + let directoryPath = null; +-#ifdef MOZ_WIDGET_GONK +- directoryPath = this._getDefaultDownloadDirectory(); +-#else + let prefValue = 1; + + try { + prefValue = Services.prefs.getIntPref("browser.download.folderList"); + } catch(e) {} + + switch(prefValue) { + case 0: // Desktop +@@ -435,17 +393,16 @@ this.DownloadIntegration = { + } catch(ex) { + // Either the preference isn't set or the directory cannot be created. + directoryPath = yield this.getSystemDownloadsDirectory(); + } + break; + default: + directoryPath = yield this.getSystemDownloadsDirectory(); + } +-#endif + return directoryPath; + }), + + /** + * Returns the temporary downloads directory asynchronously. + * + * @return {Promise} + * @resolves The downloads directory string path. +diff --git a/toolkit/components/jsdownloads/src/DownloadPlatform.cpp b/toolkit/components/jsdownloads/src/DownloadPlatform.cpp +--- a/toolkit/components/jsdownloads/src/DownloadPlatform.cpp ++++ b/toolkit/components/jsdownloads/src/DownloadPlatform.cpp +@@ -185,28 +185,16 @@ nsresult DownloadPlatform::DownloadDone( + if (sourceCFURL) { + ::CFRelease(sourceCFURL); + } + if (referrerCFURL) { + ::CFRelease(referrerCFURL); + } + } + #endif +- if (mozilla::Preferences::GetBool("device.storage.enabled", true)) { +- // Tell DeviceStorage that a new file may have been added. +- nsCOMPtr obs = mozilla::services::GetObserverService(); +- nsCOMPtr pathString +- = do_CreateInstance(NS_SUPPORTS_STRING_CONTRACTID); +- if (obs && pathString) { +- if (NS_SUCCEEDED(pathString->SetData(path))) { +- (void)obs->NotifyObservers(pathString, "download-watcher-notify", +- u"modified"); +- } +- } +- } + } + + #endif + + return NS_OK; + } + + nsresult DownloadPlatform::MapUrlToZone(const nsAString& aURL, +diff --git a/toolkit/components/jsdownloads/test/unit/common_test_Download.js b/toolkit/components/jsdownloads/test/unit/common_test_Download.js +--- a/toolkit/components/jsdownloads/test/unit/common_test_Download.js ++++ b/toolkit/components/jsdownloads/test/unit/common_test_Download.js +@@ -2315,103 +2315,16 @@ add_task(function* test_toSerializable_s + let download2 = yield Downloads.createDownload(reserialized); + + do_check_eq(download1.startTime.constructor.name, "Date"); + do_check_eq(download2.startTime.constructor.name, "Date"); + do_check_eq(download1.startTime.toJSON(), download2.startTime.toJSON()); + }); + + /** +- * This test will call the platform specific operations within +- * DownloadPlatform::DownloadDone. While there is no test to verify the +- * specific behaviours, this at least ensures that there is no error or crash. +- */ +-add_task(function* test_platform_integration() +-{ +- let downloadFiles = []; +- let oldDeviceStorageEnabled = false; +- try { +- oldDeviceStorageEnabled = Services.prefs.getBoolPref("device.storage.enabled"); +- } catch (e) { +- // This happens if the pref doesn't exist. +- } +- let downloadWatcherNotified = false; +- let observer = { +- observe: function(subject, topic, data) { +- do_check_eq(topic, "download-watcher-notify"); +- do_check_eq(data, "modified"); +- downloadWatcherNotified = true; +- } +- } +- Services.obs.addObserver(observer, "download-watcher-notify", false); +- Services.prefs.setBoolPref("device.storage.enabled", true); +- let downloadDoneCalled = false; +- let monitorFn = base => ({ +- __proto__: base, +- downloadDone() { +- return super.downloadDone(...arguments).then(() => { +- downloadDoneCalled = true; +- }); +- }, +- }); +- Integration.downloads.register(monitorFn); +- DownloadIntegration.allowDirectories = true; +- function cleanup() { +- for (let file of downloadFiles) { +- file.remove(true); +- } +- Services.obs.removeObserver(observer, "download-watcher-notify"); +- Services.prefs.setBoolPref("device.storage.enabled", oldDeviceStorageEnabled); +- Integration.downloads.unregister(monitorFn); +- DownloadIntegration.allowDirectories = false; +- } +- +- for (let isPrivate of [false, true]) { +- downloadDoneCalled = false; +- +- // Some platform specific operations only operate on files outside the +- // temporary directory or in the Downloads directory (such as setting +- // the Windows searchable attribute, and the Mac Downloads icon bouncing), +- // so use the system Downloads directory for the target file. +- let targetFilePath = yield DownloadIntegration.getSystemDownloadsDirectory(); +- targetFilePath = OS.Path.join(targetFilePath, +- "test" + (Math.floor(Math.random() * 1000000))); +- let targetFile = new FileUtils.File(targetFilePath); +- downloadFiles.push(targetFile); +- +- let download; +- if (gUseLegacySaver) { +- download = yield promiseStartLegacyDownload(httpUrl("source.txt"), +- { isPrivate, targetFile }); +- } +- else { +- download = yield Downloads.createDownload({ +- source: { url: httpUrl("source.txt"), isPrivate }, +- target: targetFile, +- }); +- download.start().catch(() => {}); +- } +- +- // Wait for the whenSucceeded promise to be resolved first. +- // downloadDone should be called before the whenSucceeded promise is resolved. +- yield download.whenSucceeded().then(function () { +- do_check_true(downloadDoneCalled); +- do_check_true(downloadWatcherNotified); +- }); +- +- // Then, wait for the promise returned by "start" to be resolved. +- yield promiseDownloadStopped(download); +- +- yield promiseVerifyTarget(download.target, TEST_DATA_SHORT); +- } +- +- cleanup(); +-}); +- +-/** + * Checks that downloads are added to browsing history when they start. + */ + add_task(function* test_history() + { + mustInterruptResponses(); + + // We will wait for the visit to be notified during the download. + yield PlacesTestUtils.clearHistory(); +diff --git a/toolkit/content/devicestorage.properties b/toolkit/content/devicestorage.properties +deleted file mode 100644 +--- a/toolkit/content/devicestorage.properties ++++ /dev/null +@@ -1,4 +0,0 @@ +-# Extensions we recognize for DeviceStorage storage areas +-pictures=*.jpe; *.jpg; *.jpeg; *.gif; *.png; *.bmp; +-music=*.mp3; *.oga; *.ogg; *.m4a; *.m4b; *.m4p; *.m4r; *.3gp; *.3gpp; *.mp4; *.m3u; *.pls; *.opus; *.amr; *.wav; *.lcka; *.mka; *.flac; +-videos=*.mp4; *.mpeg; *.mpg; *.ogv; *.ogx; *.webm; *.3gp; *.3gpp; *.3g2; *.ogg; *.m4v; *.ts; *.m2ts; *.avi; *.divx; *.mkv; +diff --git a/toolkit/content/jar.mn b/toolkit/content/jar.mn +--- a/toolkit/content/jar.mn ++++ b/toolkit/content/jar.mn +@@ -40,17 +40,16 @@ toolkit.jar: + content/global/browser-content.js + * content/global/buildconfig.html + content/global/contentAreaUtils.js + #ifndef MOZ_ICECATMOBILE + content/global/customizeToolbar.css + content/global/customizeToolbar.js + content/global/customizeToolbar.xul + #endif +- content/global/devicestorage.properties + #ifndef MOZ_ICECATMOBILE + content/global/editMenuOverlay.js + * content/global/editMenuOverlay.xul + content/global/finddialog.js + * content/global/finddialog.xul + content/global/findUtils.js + #endif + content/global/filepicker.properties +@@ -113,9 +112,9 @@ toolkit.jar: + content/global/bindings/videocontrols.css (widgets/videocontrols.css) + * content/global/bindings/wizard.xml (widgets/wizard.xml) + #ifdef XP_MACOSX + content/global/macWindowMenu.js + #endif + content/global/svg/svgBindings.xml (/layout/svg/resources/content/svgBindings.xml) + content/global/gmp-sources/eme-adobe.json (gmp-sources/eme-adobe.json) + content/global/gmp-sources/openh264.json (gmp-sources/openh264.json) +- content/global/gmp-sources/widevinecdm.json (gmp-sources/widevinecdm.json) +\ No newline at end of file ++ content/global/gmp-sources/widevinecdm.json (gmp-sources/widevinecdm.json) +diff --git a/uriloader/exthandler/nsExternalHelperAppService.cpp b/uriloader/exthandler/nsExternalHelperAppService.cpp +--- a/uriloader/exthandler/nsExternalHelperAppService.cpp ++++ b/uriloader/exthandler/nsExternalHelperAppService.cpp +@@ -101,20 +101,16 @@ + + #ifdef MOZ_WIDGET_ANDROID + #include "IceCatMobileJNIWrappers.h" + #endif + + #include "mozilla/Preferences.h" + #include "mozilla/ipc/URIUtils.h" + +-#ifdef MOZ_WIDGET_GONK +-#include "nsDeviceStorage.h" +-#endif +- + using namespace mozilla; + using namespace mozilla::ipc; + + // Download Folder location constants + #define NS_PREF_DOWNLOAD_DIR "browser.download.dir" + #define NS_PREF_DOWNLOAD_FOLDERLIST "browser.download.folderList" + enum { + NS_FOLDER_VALUE_DESKTOP = 0 +@@ -321,65 +317,16 @@ static nsresult GetDownloadDirectory(nsI + } + + if (!dir) { + // If not, we default to the OS X default download location. + nsresult rv = NS_GetSpecialDirectory(NS_OSX_DEFAULT_DOWNLOAD_DIR, + getter_AddRefs(dir)); + NS_ENSURE_SUCCESS(rv, rv); + } +-#elif defined(MOZ_WIDGET_GONK) +- // On Gonk, store the files on the sdcard in the downloads directory. +- // We need to check with the volume manager which storage point is +- // available. +- +- // Pick the default storage in case multiple (internal and external) ones +- // are available. +- nsString storageName; +- nsDOMDeviceStorage::GetDefaultStorageName(NS_LITERAL_STRING("sdcard"), +- storageName); +- +- RefPtr dsf( +- new DeviceStorageFile(NS_LITERAL_STRING("sdcard"), +- storageName, +- NS_LITERAL_STRING("downloads"))); +- NS_ENSURE_TRUE(dsf->mFile, NS_ERROR_FILE_ACCESS_DENIED); +- +- // If we're not checking for availability we're done. +- if (aSkipChecks) { +- dsf->mFile.forget(_directory); +- return NS_OK; +- } +- +- // Check device storage status before continuing. +- nsString storageStatus; +- dsf->GetStatus(storageStatus); +- +- // If we get an "unavailable" status, it means the sd card is not present. +- // We'll also catch internal errors by looking for an empty string and assume +- // the SD card isn't present when this occurs. +- if (storageStatus.EqualsLiteral("unavailable") || +- storageStatus.IsEmpty()) { +- return NS_ERROR_FILE_NOT_FOUND; +- } +- +- // If we get a status other than 'available' here it means the card is busy +- // because it's mounted via USB or it is being formatted. +- if (!storageStatus.EqualsLiteral("available")) { +- return NS_ERROR_FILE_ACCESS_DENIED; +- } +- +- bool alreadyThere; +- nsresult rv = dsf->mFile->Exists(&alreadyThere); +- NS_ENSURE_SUCCESS(rv, rv); +- if (!alreadyThere) { +- rv = dsf->mFile->Create(nsIFile::DIRECTORY_TYPE, 0770); +- NS_ENSURE_SUCCESS(rv, rv); +- } +- dir = dsf->mFile; + #elif defined(ANDROID) + // We ask Java for the temporary download directory. The directory will be + // different depending on whether we have the permission to write to the + // public download directory or not. + // In the case where we do not have the permission we will start the + // download to the app cache directory and later move it to the final + // destination after prompting for the permission. + jni::String::LocalRef downloadDir; +diff --git a/widget/android/AndroidBridge.cpp b/widget/android/AndroidBridge.cpp +--- a/widget/android/AndroidBridge.cpp ++++ b/widget/android/AndroidBridge.cpp +@@ -1119,42 +1119,8 @@ nsresult AndroidBridge::InputStreamRead( + + if (read <= 0) { + *aRead = 0; + return NS_OK; + } + *aRead = read; + return NS_OK; + } +- +-nsresult AndroidBridge::GetExternalPublicDirectory(const nsAString& aType, nsAString& aPath) { +- if (XRE_IsContentProcess()) { +- nsString key(aType); +- nsAutoString path; +- if (AndroidBridge::sStoragePaths.Get(key, &path)) { +- aPath = path; +- return NS_OK; +- } +- +- // Lazily get the value from the parent. +- dom::ContentChild* child = dom::ContentChild::GetSingleton(); +- if (child) { +- nsAutoString type(aType); +- child->SendGetDeviceStorageLocation(type, &path); +- if (!path.IsEmpty()) { +- AndroidBridge::sStoragePaths.Put(key, path); +- aPath = path; +- return NS_OK; +- } +- } +- +- ALOG_BRIDGE("AndroidBridge::GetExternalPublicDirectory no cache for %s", +- NS_ConvertUTF16toUTF8(aType).get()); +- return NS_ERROR_NOT_AVAILABLE; +- } +- +- auto path = GeckoAppShell::GetExternalPublicDirectory(aType); +- if (!path) { +- return NS_ERROR_NOT_AVAILABLE; +- } +- aPath = path->ToString(); +- return NS_OK; +-} +diff --git a/widget/android/AndroidBridge.h b/widget/android/AndroidBridge.h +--- a/widget/android/AndroidBridge.h ++++ b/widget/android/AndroidBridge.h +@@ -197,18 +197,16 @@ public: + static jmethodID GetStaticMethodID(JNIEnv* env, jclass jClass, const char* methodName, const char* methodType); + + static jni::Object::LocalRef ChannelCreate(jni::Object::Param); + + static void InputStreamClose(jni::Object::Param obj); + static uint32_t InputStreamAvailable(jni::Object::Param obj); + static nsresult InputStreamRead(jni::Object::Param obj, char *aBuf, uint32_t aCount, uint32_t *aRead); + +- static nsresult GetExternalPublicDirectory(const nsAString& aType, nsAString& aPath); +- + protected: + static nsDataHashtable sStoragePaths; + + static AndroidBridge* sBridge; + + AndroidBridge(); + ~AndroidBridge(); + +diff --git a/widget/android/GeneratedJNIWrappers.cpp b/widget/android/GeneratedJNIWrappers.cpp +--- a/widget/android/GeneratedJNIWrappers.cpp ++++ b/widget/android/GeneratedJNIWrappers.cpp +@@ -274,24 +274,16 @@ auto GeckoAppShell::GetExceptionStackTra + constexpr char GeckoAppShell::GetExtensionFromMimeType_t::name[]; + constexpr char GeckoAppShell::GetExtensionFromMimeType_t::signature[]; + + auto GeckoAppShell::GetExtensionFromMimeType(mozilla::jni::String::Param a0) -> mozilla::jni::String::LocalRef + { + return mozilla::jni::Method::Call(GeckoAppShell::Context(), nullptr, a0); + } + +-constexpr char GeckoAppShell::GetExternalPublicDirectory_t::name[]; +-constexpr char GeckoAppShell::GetExternalPublicDirectory_t::signature[]; +- +-auto GeckoAppShell::GetExternalPublicDirectory(mozilla::jni::String::Param a0) -> mozilla::jni::String::LocalRef +-{ +- return mozilla::jni::Method::Call(GeckoAppShell::Context(), nullptr, a0); +-} +- + constexpr char GeckoAppShell::GetHWDecoderCapability_t::name[]; + constexpr char GeckoAppShell::GetHWDecoderCapability_t::signature[]; + + auto GeckoAppShell::GetHWDecoderCapability() -> bool + { + return mozilla::jni::Method::Call(GeckoAppShell::Context(), nullptr); + } + +diff --git a/widget/android/GeneratedJNIWrappers.h b/widget/android/GeneratedJNIWrappers.h +--- a/widget/android/GeneratedJNIWrappers.h ++++ b/widget/android/GeneratedJNIWrappers.h +@@ -724,36 +724,16 @@ public: + static const mozilla::jni::CallingThread callingThread = + mozilla::jni::CallingThread::GECKO; + static const mozilla::jni::DispatchTarget dispatchTarget = + mozilla::jni::DispatchTarget::CURRENT; + }; + + static auto GetExtensionFromMimeType(mozilla::jni::String::Param) -> mozilla::jni::String::LocalRef; + +- struct GetExternalPublicDirectory_t { +- typedef GeckoAppShell Owner; +- typedef mozilla::jni::String::LocalRef ReturnType; +- typedef mozilla::jni::String::Param SetterType; +- typedef mozilla::jni::Args< +- mozilla::jni::String::Param> Args; +- static constexpr char name[] = "getExternalPublicDirectory"; +- static constexpr char signature[] = +- "(Ljava/lang/String;)Ljava/lang/String;"; +- static const bool isStatic = true; +- static const mozilla::jni::ExceptionMode exceptionMode = +- mozilla::jni::ExceptionMode::ABORT; +- static const mozilla::jni::CallingThread callingThread = +- mozilla::jni::CallingThread::GECKO; +- static const mozilla::jni::DispatchTarget dispatchTarget = +- mozilla::jni::DispatchTarget::CURRENT; +- }; +- +- static auto GetExternalPublicDirectory(mozilla::jni::String::Param) -> mozilla::jni::String::LocalRef; +- + struct GetHWDecoderCapability_t { + typedef GeckoAppShell Owner; + typedef bool ReturnType; + typedef bool SetterType; + typedef mozilla::jni::Args<> Args; + static constexpr char name[] = "getHWDecoderCapability"; + static constexpr char signature[] = + "()Z"; +diff --git a/xpcom/reflect/xptinfo/ShimInterfaceInfo.cpp b/xpcom/reflect/xptinfo/ShimInterfaceInfo.cpp +--- a/xpcom/reflect/xptinfo/ShimInterfaceInfo.cpp ++++ b/xpcom/reflect/xptinfo/ShimInterfaceInfo.cpp +@@ -155,17 +155,16 @@ + #include "mozilla/dom/CSSValueBinding.h" + #include "mozilla/dom/CSSValueListBinding.h" + #include "mozilla/dom/CustomEventBinding.h" + #ifdef MOZ_WEBRTC + #include "mozilla/dom/DataChannelBinding.h" + #endif + #include "mozilla/dom/DataContainerEventBinding.h" + #include "mozilla/dom/DataTransferBinding.h" +-#include "mozilla/dom/DeviceStorageBinding.h" + #include "mozilla/dom/DOMCursorBinding.h" + #include "mozilla/dom/DOMExceptionBinding.h" + #include "mozilla/dom/DOMParserBinding.h" + #include "mozilla/dom/DOMRequestBinding.h" + #include "mozilla/dom/DocumentBinding.h" + #include "mozilla/dom/DocumentFragmentBinding.h" + #include "mozilla/dom/DocumentTypeBinding.h" + #include "mozilla/dom/DocumentBinding.h" + -- cgit v1.2.3 From 833df99d625af91a52bcfc39d2f135f03dd51b37 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Fri, 21 Apr 2017 14:25:05 +0200 Subject: gnu: python-pyopenssl: Update to 17.0.0. * gnu/packages/python.scm (python-pyopenssl, python2-pyopenssl): Update to 17.0.0. [native-inputs]: Change PYTHON-PYTEST to PYTHON-PYTEST-3.0. * gnu/packages/patches/python-pyopenssl-skip-network-test.patch: Adjust. --- .../python-pyopenssl-skip-network-test.patch | 25 ++++++++-------------- gnu/packages/python.scm | 6 +++--- 2 files changed, 12 insertions(+), 19 deletions(-) (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/python-pyopenssl-skip-network-test.patch b/gnu/packages/patches/python-pyopenssl-skip-network-test.patch index a24eaf69a0..1ac7324c8b 100644 --- a/gnu/packages/patches/python-pyopenssl-skip-network-test.patch +++ b/gnu/packages/patches/python-pyopenssl-skip-network-test.patch @@ -7,20 +7,14 @@ diff --git a/tests/test_ssl.py b/tests/test_ssl.py index ee849fd..60048b8 100644 --- a/tests/test_ssl.py +++ b/tests/test_ssl.py -@@ -1180,40 +1180,6 @@ class ContextTests(TestCase, _LoopbackMixin): - TypeError, context.load_verify_locations, None, None, None - ) - -- @pytest.mark.skipif( -- platform == "win32", -- reason="set_default_verify_paths appears not to work on Windows. " -- "See LP#404343 and LP#404344." -- ) +@@ -1113,33 +1113,6 @@ class TestContext(object): + reason="set_default_verify_paths appears not to work on Windows. " + "See LP#404343 and LP#404344." + ) - def test_set_default_verify_paths(self): - """ -- :py:obj:`Context.set_default_verify_paths` causes the -- platform-specific CA certificate locations to be used for -- verification purposes. +- `Context.set_default_verify_paths` causes the platform-specific CA +- certificate locations to be used for verification purposes. - """ - # Testing this requires a server with a certificate signed by one - # of the CAs in the platform CA location. Getting one of those @@ -43,8 +37,7 @@ index ee849fd..60048b8 100644 - clientSSL.set_connect_state() - clientSSL.do_handshake() - clientSSL.send(b"GET / HTTP/1.0\r\n\r\n") -- self.assertTrue(clientSSL.recv(1024)) -- - def test_set_default_verify_paths_signature(self): +- assert clientSSL.recv(1024) + + def test_add_extra_chain_cert_invalid_cert(self): """ - :py:obj:`Context.set_default_verify_paths` takes no arguments and diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index aa014db364..e51405bd9c 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -7323,14 +7323,14 @@ message digests and key derivation functions.") (define-public python-pyopenssl (package (name "python-pyopenssl") - (version "16.2.0") + (version "17.0.0") (source (origin (method url-fetch) (uri (pypi-uri "pyOpenSSL" version)) (sha256 (base32 - "0vji4yrfshs15xpczbhzhasnjrwcarsqg87n98ixnyafnyxs6ybp")) + "1pdg1gpmkzj8yasg6cmkhcivxcdp4c12nif88y4qvsxq5ffzxas8")) (patches (search-patches "python-pyopenssl-skip-network-test.patch")))) (build-system python-build-system) @@ -7348,7 +7348,7 @@ message digests and key derivation functions.") (inputs `(("openssl" ,openssl))) (native-inputs - `(("python-pytest" ,python-pytest))) + `(("python-pytest" ,python-pytest-3.0))) (home-page "https://github.com/pyca/pyopenssl") (synopsis "Python wrapper module around the OpenSSL library") (description -- cgit v1.2.3 From 80420acb5e0243c5355d069d09756a8bc06ff451 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Fri, 21 Apr 2017 14:44:07 +0200 Subject: gnu: portaudio: Update to 190600.20161030. * gnu/packages/audio.scm (portaudio): Update to 190600.20161030. * gnu/packages/patches/portaudio-audacity-compat.patch: Adjust line endings. --- gnu/packages/audio.scm | 4 +- .../patches/portaudio-audacity-compat.patch | 60 +++++++++++----------- 2 files changed, 32 insertions(+), 32 deletions(-) (limited to 'gnu/packages/patches') diff --git a/gnu/packages/audio.scm b/gnu/packages/audio.scm index 4eebbdb615..5b2d971953 100644 --- a/gnu/packages/audio.scm +++ b/gnu/packages/audio.scm @@ -2433,7 +2433,7 @@ portions of LAME.") (define-public portaudio (package (name "portaudio") - (version "19.20140130") + (version "190600.20161030") (source (origin (method url-fetch) @@ -2442,7 +2442,7 @@ portions of LAME.") (string-map (lambda (c) (if (char=? c #\.) #\_ c)) version) ".tgz")) (sha256 - (base32 "0mwddk4qzybaf85wqfhxqlf0c5im9il8z03rd4n127k8y2jj9q4g")) + (base32 "04qmin6nj144b8qb9kkd9a52xfvm0qdgm8bg8jbl7s3frmyiv8pm")) (patches (search-patches "portaudio-audacity-compat.patch")))) (build-system gnu-build-system) (inputs diff --git a/gnu/packages/patches/portaudio-audacity-compat.patch b/gnu/packages/patches/portaudio-audacity-compat.patch index 9f239ada35..513d08bcea 100644 --- a/gnu/packages/patches/portaudio-audacity-compat.patch +++ b/gnu/packages/patches/portaudio-audacity-compat.patch @@ -7,27 +7,27 @@ See . --- a/include/pa_win_ds.h +++ b/include/pa_win_ds.h @@ -89,6 +89,21 @@ - - }PaWinDirectSoundStreamInfo; - -+/** Retrieve the GUID of the input device. -+ -+ @param stream The stream to query. -+ -+ @return A pointer to the GUID, or NULL if none. -+*/ -+LPGUID PaWinDS_GetStreamInputGUID( PaStream* s ); -+ -+/** Retrieve the GUID of the output device. -+ -+ @param stream The stream to query. -+ -+ @return A pointer to the GUID, or NULL if none. -+*/ -+LPGUID PaWinDS_GetStreamOutputGUID( PaStream* s ); - - - #ifdef __cplusplus + + }PaWinDirectSoundStreamInfo; + ++/** Retrieve the GUID of the input device. ++ ++ @param stream The stream to query. ++ ++ @return A pointer to the GUID, or NULL if none. ++*/ ++LPGUID PaWinDS_GetStreamInputGUID( PaStream* s ); ++ ++/** Retrieve the GUID of the output device. ++ ++ @param stream The stream to query. ++ ++ @return A pointer to the GUID, or NULL if none. ++*/ ++LPGUID PaWinDS_GetStreamOutputGUID( PaStream* s ); + + + #ifdef __cplusplus --- a/include/portaudio.h +++ b/include/portaudio.h @@ -1146,6 +1146,15 @@ @@ -224,15 +224,15 @@ See . --- a/src/hostapi/coreaudio/pa_mac_core_blocking.c +++ b/src/hostapi/coreaudio/pa_mac_core_blocking.c @@ -66,6 +66,9 @@ - #ifdef MOSX_USE_NON_ATOMIC_FLAG_BITS - # define OSAtomicOr32( a, b ) ( (*(b)) |= (a) ) - # define OSAtomicAnd32( a, b ) ( (*(b)) &= (a) ) -+#elif MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_3 -+# define OSAtomicOr32( a, b ) BitOrAtomic( a, (UInt32 *) b ) -+# define OSAtomicAnd32( a, b ) BitAndAtomic( a, (UInt32 *) b ) - #else - # include - #endif + #ifdef MOSX_USE_NON_ATOMIC_FLAG_BITS + # define OSAtomicOr32( a, b ) ( (*(b)) |= (a) ) + # define OSAtomicAnd32( a, b ) ( (*(b)) &= (a) ) ++#elif MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_3 ++# define OSAtomicOr32( a, b ) BitOrAtomic( a, (UInt32 *) b ) ++# define OSAtomicAnd32( a, b ) BitAndAtomic( a, (UInt32 *) b ) + #else + # include + #endif --- a/src/hostapi/alsa/pa_linux_alsa.c +++ b/src/hostapi/alsa/pa_linux_alsa.c @@ -611,6 +611,7 @@ -- cgit v1.2.3 From 04b906799168008c41f62402eee74bd47c1c2681 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 21 Apr 2017 18:00:04 -0400 Subject: gnu: Remove unused patches. * gnu/packages/patches/gcc-libiberty-printf-decl.patch, gnu/packages/patches/grub-CVE-2015-8370.patch, gnu/packages/patches/grub-freetype.patch, gnu/packages/patches/grub-gets-undeclared.patch, gnu/packages/patches/guile-arm-fixes.patch, gnu/packages/patches/mplayer2-theora-fix.patch, gnu/packages/patches/soprano-find-clucene.patch, gnu/packages/patches/util-linux-CVE-2017-2616.patch, gnu/packages/patches/xf86-video-intel-compat-api.patch, gnu/packages/patches/xf86-video-intel-glibc-2.20.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. --- gnu/local.mk | 10 - .../patches/gcc-libiberty-printf-decl.patch | 28 -- gnu/packages/patches/grub-CVE-2015-8370.patch | 45 ---- gnu/packages/patches/grub-freetype.patch | 24 -- gnu/packages/patches/grub-gets-undeclared.patch | 42 --- gnu/packages/patches/guile-arm-fixes.patch | 203 --------------- gnu/packages/patches/mplayer2-theora-fix.patch | 286 --------------------- gnu/packages/patches/soprano-find-clucene.patch | 15 -- .../patches/util-linux-CVE-2017-2616.patch | 65 ----- .../patches/xf86-video-intel-compat-api.patch | 13 - .../patches/xf86-video-intel-glibc-2.20.patch | 15 -- 11 files changed, 746 deletions(-) delete mode 100644 gnu/packages/patches/gcc-libiberty-printf-decl.patch delete mode 100644 gnu/packages/patches/grub-CVE-2015-8370.patch delete mode 100644 gnu/packages/patches/grub-freetype.patch delete mode 100644 gnu/packages/patches/grub-gets-undeclared.patch delete mode 100644 gnu/packages/patches/guile-arm-fixes.patch delete mode 100644 gnu/packages/patches/mplayer2-theora-fix.patch delete mode 100644 gnu/packages/patches/soprano-find-clucene.patch delete mode 100644 gnu/packages/patches/util-linux-CVE-2017-2616.patch delete mode 100644 gnu/packages/patches/xf86-video-intel-compat-api.patch delete mode 100644 gnu/packages/patches/xf86-video-intel-glibc-2.20.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 1fe46bfb5e..af9a590e09 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -578,7 +578,6 @@ dist_patch_DATA = \ %D%/packages/patches/gcc-arm-bug-71399.patch \ %D%/packages/patches/gcc-arm-link-spec-fix.patch \ %D%/packages/patches/gcc-cross-environment-variables.patch \ - %D%/packages/patches/gcc-libiberty-printf-decl.patch \ %D%/packages/patches/gcc-libvtv-runpath.patch \ %D%/packages/patches/gcc-strmov-store-file-names.patch \ %D%/packages/patches/gcc-4.9.3-mingw-gthr-default.patch \ @@ -624,12 +623,8 @@ dist_patch_DATA = \ %D%/packages/patches/graphite2-fix-32-bit-wrap-arounds.patch \ %D%/packages/patches/graphite2-non-linear-classes-even-number.patch \ %D%/packages/patches/grep-timing-sensitive-test.patch \ - %D%/packages/patches/grub-CVE-2015-8370.patch \ - %D%/packages/patches/grub-gets-undeclared.patch \ - %D%/packages/patches/grub-freetype.patch \ %D%/packages/patches/gsl-test-i686.patch \ %D%/packages/patches/guile-1.8-cpp-4.5.patch \ - %D%/packages/patches/guile-arm-fixes.patch \ %D%/packages/patches/guile-default-utf8.patch \ %D%/packages/patches/guile-linux-syscalls.patch \ %D%/packages/patches/guile-present-coding.patch \ @@ -784,7 +779,6 @@ dist_patch_DATA = \ %D%/packages/patches/mhash-keygen-test-segfault.patch \ %D%/packages/patches/mingw-w64-5.0rc2-gcc-4.9.3.patch \ %D%/packages/patches/mpc123-initialize-ao.patch \ - %D%/packages/patches/mplayer2-theora-fix.patch \ %D%/packages/patches/module-init-tools-moduledir.patch \ %D%/packages/patches/mozjs17-aarch64-support.patch \ %D%/packages/patches/mozjs24-aarch64-support.patch \ @@ -932,7 +926,6 @@ dist_patch_DATA = \ %D%/packages/patches/slim-reset.patch \ %D%/packages/patches/slim-login.patch \ %D%/packages/patches/slurm-configure-remove-nonfree-contribs.patch \ - %D%/packages/patches/soprano-find-clucene.patch \ %D%/packages/patches/spice-CVE-2016-9577.patch \ %D%/packages/patches/spice-CVE-2016-9578-1.patch \ %D%/packages/patches/spice-CVE-2016-9578-2.patch \ @@ -981,7 +974,6 @@ dist_patch_DATA = \ %D%/packages/patches/unzip-remove-build-date.patch \ %D%/packages/patches/ustr-fix-build-with-gcc-5.patch \ %D%/packages/patches/util-linux-tests.patch \ - %D%/packages/patches/util-linux-CVE-2017-2616.patch \ %D%/packages/patches/upower-builddir.patch \ %D%/packages/patches/valgrind-enable-arm.patch \ %D%/packages/patches/virglrenderer-CVE-2017-6386.patch \ @@ -1012,8 +1004,6 @@ dist_patch_DATA = \ %D%/packages/patches/xf86-video-ast-remove-mibstore.patch \ %D%/packages/patches/xf86-video-geode-glibc-2.20.patch \ %D%/packages/patches/xf86-video-i128-remove-mibstore.patch \ - %D%/packages/patches/xf86-video-intel-compat-api.patch \ - %D%/packages/patches/xf86-video-intel-glibc-2.20.patch \ %D%/packages/patches/xf86-video-mach64-glibc-2.20.patch \ %D%/packages/patches/xf86-video-tga-remove-mibstore.patch \ %D%/packages/patches/xfce4-panel-plugins.patch \ diff --git a/gnu/packages/patches/gcc-libiberty-printf-decl.patch b/gnu/packages/patches/gcc-libiberty-printf-decl.patch deleted file mode 100644 index a612c9e00e..0000000000 --- a/gnu/packages/patches/gcc-libiberty-printf-decl.patch +++ /dev/null @@ -1,28 +0,0 @@ -This patch makes the exeception specifier of libiberty's 'asprintf' -and 'vasprintf' declarations match those of glibc to work around the -problem described at . - -The problem in part stems from the fact that libiberty is configured -without _GNU_SOURCE (thus, it sets HAVE_DECL_ASPRINTF to 0), whereas libcc1 -is configured and built with _GNU_SOURCE, hence the conflicting declarations. - ---- gcc-5.3.0/include/libiberty.h 2016-04-23 22:45:46.262709079 +0200 -+++ gcc-5.3.0/include/libiberty.h 2016-04-23 22:45:37.110635439 +0200 -@@ -625,7 +625,7 @@ extern int pwait (int, int *, int); - /* Like sprintf but provides a pointer to malloc'd storage, which must - be freed by the caller. */ - --extern int asprintf (char **, const char *, ...) ATTRIBUTE_PRINTF_2; -+extern int asprintf (char **, const char *, ...) __THROWNL ATTRIBUTE_PRINTF_2; - #endif - - /* Like asprintf but allocates memory without fail. This works like -@@ -637,7 +637,7 @@ extern char *xasprintf (const char *, .. - /* Like vsprintf but provides a pointer to malloc'd storage, which - must be freed by the caller. */ - --extern int vasprintf (char **, const char *, va_list) ATTRIBUTE_PRINTF(2,0); -+extern int vasprintf (char **, const char *, va_list) __THROWNL ATTRIBUTE_PRINTF(2,0); - #endif - - /* Like vasprintf but allocates memory without fail. This works like diff --git a/gnu/packages/patches/grub-CVE-2015-8370.patch b/gnu/packages/patches/grub-CVE-2015-8370.patch deleted file mode 100644 index 5701b54759..0000000000 --- a/gnu/packages/patches/grub-CVE-2015-8370.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 88c9657960a6c5d3673a25c266781e876c181add Mon Sep 17 00:00:00 2001 -From: Hector Marco-Gisbert -Date: Fri, 13 Nov 2015 16:21:09 +0100 -Subject: [PATCH] Fix security issue when reading username and password - - This patch fixes two integer underflows at: - * grub-core/lib/crypto.c - * grub-core/normal/auth.c - -Signed-off-by: Hector Marco-Gisbert -Signed-off-by: Ismael Ripoll-Ripoll ---- - grub-core/lib/crypto.c | 2 +- - grub-core/normal/auth.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c -index 010e550..524a3d8 100644 ---- a/grub-core/lib/crypto.c -+++ b/grub-core/lib/crypto.c -@@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned buf_size) - break; - } - -- if (key == '\b') -+ if (key == '\b' && cur_len) - { - cur_len--; - continue; -diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c -index c6bd96e..5782ec5 100644 ---- a/grub-core/normal/auth.c -+++ b/grub-core/normal/auth.c -@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned buf_size) - break; - } - -- if (key == '\b') -+ if (key == '\b' && cur_len) - { - cur_len--; - grub_printf ("\b"); --- -1.9.1 - diff --git a/gnu/packages/patches/grub-freetype.patch b/gnu/packages/patches/grub-freetype.patch deleted file mode 100644 index 286830ccf8..0000000000 --- a/gnu/packages/patches/grub-freetype.patch +++ /dev/null @@ -1,24 +0,0 @@ -commit fd0df6d098b1e6a4f60275c48a3ec88d15ba1fbb -Author: Colin Watson -Date: Fri Nov 29 12:19:36 2013 +0000 - - Fix build with FreeType 2.5.1 - - * util/grub-gen-asciih.c: Include FT_SYNTHESIS_H rather than - , fixing build with FreeType 2.5.1. - * util/grub-gen-widthspec.c: Likewise. - * util/grub-mkfont.c: Likewise. - -diff --git a/util/grub-mkfont.c b/util/grub-mkfont.c -index 0d8eb78..242dd01 100644 ---- a/util/grub-mkfont.c -+++ b/util/grub-mkfont.c -@@ -43,7 +43,7 @@ - #include FT_FREETYPE_H - #include FT_TRUETYPE_TAGS_H - #include FT_TRUETYPE_TABLES_H --#include -+#include FT_SYNTHESIS_H - - #undef __FTERRORS_H__ - #define FT_ERROR_START_LIST const char *ft_errmsgs[] = { diff --git a/gnu/packages/patches/grub-gets-undeclared.patch b/gnu/packages/patches/grub-gets-undeclared.patch deleted file mode 100644 index 41dddbd9d0..0000000000 --- a/gnu/packages/patches/grub-gets-undeclared.patch +++ /dev/null @@ -1,42 +0,0 @@ -This patch is needed to allow builds with newer versions of -the GNU libc (2.16+). - - -commit 66712c23388e93e5c518ebc8515140fa0c807348 -Author: Eric Blake -Date: Thu Mar 29 13:30:41 2012 -0600 - - stdio: don't assume gets any more - - Gnulib intentionally does not have a gets module, and now that C11 - and glibc have dropped it, we should be more proactive about warning - any user on a platform that still has a declaration of this dangerous - interface. - - * m4/stdio_h.m4 (gl_STDIO_H, gl_STDIO_H_DEFAULTS): Drop gets - support. - * modules/stdio (Makefile.am): Likewise. - * lib/stdio-read.c (gets): Likewise. - * tests/test-stdio-c++.cc: Likewise. - * m4/warn-on-use.m4 (gl_WARN_ON_USE_PREPARE): Fix comment. - * lib/stdio.in.h (gets): Make warning occur in more places. - * doc/posix-functions/gets.texi (gets): Update documentation. - Reported by Christer Solskogen. - - Signed-off-by: Eric Blake - ---- grub-2.00/grub-core/gnulib/stdio.in.h 2013-02-10 16:17:09.000000000 +0100 -+++ grub-2.00/grub-core/gnulib/stdio.in.h 2013-02-10 16:17:11.000000000 +0100 -@@ -137,12 +137,6 @@ _GL_WARN_ON_USE (fflush, "fflush is not - "use gnulib module fflush for portable POSIX compliance"); - #endif - --/* It is very rare that the developer ever has full control of stdin, -- so any use of gets warrants an unconditional warning. Assume it is -- always declared, since it is required by C89. */ --#undef gets --_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead"); -- - #if @GNULIB_FOPEN@ - # if @REPLACE_FOPEN@ - # if !(defined __cplusplus && defined GNULIB_NAMESPACE) diff --git a/gnu/packages/patches/guile-arm-fixes.patch b/gnu/packages/patches/guile-arm-fixes.patch deleted file mode 100644 index 62bcf0fa7b..0000000000 --- a/gnu/packages/patches/guile-arm-fixes.patch +++ /dev/null @@ -1,203 +0,0 @@ -Apply fixes for ARM to Guile. - -From df8c52e93dfa3965e4714275f4b8cea2c8e0170b Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= -Date: Fri, 4 Jul 2014 15:35:06 +0200 -Subject: [PATCH] Recognize arm-* target triplets. - -Reported by Sylvain Beucler . - -* module/system/base/target.scm (cpu-endianness): Add case where CPU is - "arm". -* test-suite/tests/asm-to-bytecode.test ("cross-compilation")["arm-unknown-linux-androideabi"]: - New test. ---- - module/system/base/target.scm | 4 +++- - test-suite/tests/asm-to-bytecode.test | 5 ++++- - 2 files changed, 7 insertions(+), 2 deletions(-) - -diff --git a/module/system/base/target.scm b/module/system/base/target.scm -index c74ae67..cefa951 100644 ---- a/module/system/base/target.scm -+++ b/module/system/base/target.scm -@@ -1,6 +1,6 @@ - ;;; Compilation targets - --;; Copyright (C) 2011, 2012, 2013 Free Software Foundation, Inc. -+;; Copyright (C) 2011, 2012, 2013, 2014 Free Software Foundation, Inc. - - ;; This library is free software; you can redistribute it and/or - ;; modify it under the terms of the GNU Lesser General Public -@@ -72,6 +72,8 @@ - (endianness big)) - ((string-match "^arm.*el" cpu) - (endianness little)) -+ ((string=? "arm" cpu) ;ARMs are LE by default -+ (endianness little)) - (else - (error "unknown CPU endianness" cpu))))) - -diff --git a/test-suite/tests/asm-to-bytecode.test b/test-suite/tests/asm-to-bytecode.test -index 6d2f20e..62ea0ed 100644 ---- a/test-suite/tests/asm-to-bytecode.test -+++ b/test-suite/tests/asm-to-bytecode.test -@@ -1,6 +1,6 @@ - ;;;; Assembly to bytecode compilation -*- mode: scheme; coding: utf-8; -*- - ;;;; --;;;; Copyright (C) 2010, 2011, 2012, 2013 Free Software Foundation, Inc. -+;;;; Copyright (C) 2010, 2011, 2012, 2013, 2014 Free Software Foundation, Inc. - ;;;; - ;;;; This library is free software; you can redistribute it and/or - ;;;; modify it under the terms of the GNU Lesser General Public -@@ -205,6 +205,9 @@ - (test-target "x86_64-unknown-linux-gnux32" ; x32 ABI (Debian tuplet) - (endianness little) 4) - -+ (test-target "arm-unknown-linux-androideabi" -+ (endianness little) 4) -+ - (pass-if-exception "unknown target" - exception:miscellaneous-error - (call-with-values (lambda () --- -2.1.2 - -From ffd3e55cfd12a3559621e3130d613d319243512d Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= -Date: Fri, 4 Jul 2014 17:26:41 +0200 -Subject: [PATCH] Recognize more ARM targets. - -Suggested by Dale P. Smith. - -* module/system/base/target.scm (cpu-endianness): Add cases for - "arm.*eb", "^aarch64.*be", and "aarch64". Change "arm" case to - "arm.*". - (triplet-pointer-size): Allow underscore as in 'aarch64_be'. -* test-suite/tests/asm-to-bytecode.test ("cross-compilation")["armeb-unknown-linux-gnu", - "aarch64-linux-gnu", "aarch64_be-linux-gnu"]: New tests. ---- - module/system/base/target.scm | 10 ++++++++-- - test-suite/tests/asm-to-bytecode.test | 6 ++++++ - 2 files changed, 14 insertions(+), 2 deletions(-) - -diff --git a/module/system/base/target.scm b/module/system/base/target.scm -index cefa951..31e3fea 100644 ---- a/module/system/base/target.scm -+++ b/module/system/base/target.scm -@@ -72,7 +72,13 @@ - (endianness big)) - ((string-match "^arm.*el" cpu) - (endianness little)) -- ((string=? "arm" cpu) ;ARMs are LE by default -+ ((string-match "^arm.*eb" cpu) -+ (endianness big)) -+ ((string-prefix? "arm" cpu) ;ARMs are LE by default -+ (endianness little)) -+ ((string-match "^aarch64.*be" cpu) -+ (endianness big)) -+ ((string=? "aarch64" cpu) - (endianness little)) - (else - (error "unknown CPU endianness" cpu))))) -@@ -97,7 +103,7 @@ - ((string-match "^x86_64-.*-gnux32" triplet) 4) ; x32 - - ((string-match "64$" cpu) 8) -- ((string-match "64[lbe][lbe]$" cpu) 8) -+ ((string-match "64_?[lbe][lbe]$" cpu) 8) - ((member cpu '("sparc" "powerpc" "mips" "mipsel")) 4) - ((string-match "^arm.*" cpu) 4) - (else (error "unknown CPU word size" cpu))))) -diff --git a/test-suite/tests/asm-to-bytecode.test b/test-suite/tests/asm-to-bytecode.test -index 62ea0ed..8aeba84 100644 ---- a/test-suite/tests/asm-to-bytecode.test -+++ b/test-suite/tests/asm-to-bytecode.test -@@ -207,6 +207,12 @@ - - (test-target "arm-unknown-linux-androideabi" - (endianness little) 4) -+ (test-target "armeb-unknown-linux-gnu" -+ (endianness big) 4) -+ (test-target "aarch64-linux-gnu" -+ (endianness little) 8) -+ (test-target "aarch64_be-linux-gnu" -+ (endianness big) 8) - - (pass-if-exception "unknown target" - exception:miscellaneous-error --- -2.1.2 - -From a85c78ea1393985fdb6e6678dea19135c553d341 Mon Sep 17 00:00:00 2001 -From: Mark H Weaver -Date: Fri, 19 Sep 2014 21:18:09 -0400 -Subject: [PATCH] VM: ASM_MUL for ARM: Add earlyclobber constraint to the SMULL - outputs. - -Reported by Rob Browning . - -* libguile/vm-i-scheme.c (ASM_MUL)[ARM]: Add earlyclobber (&) constraint - to the SMULL output registers. ---- - libguile/vm-i-scheme.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/libguile/vm-i-scheme.c b/libguile/vm-i-scheme.c -index 587aa95..162efab 100644 ---- a/libguile/vm-i-scheme.c -+++ b/libguile/vm-i-scheme.c -@@ -1,5 +1,4 @@ --/* Copyright (C) 2001, 2009, 2010, 2011, 2012, 2013, -- * 2014 Free Software Foundation, Inc. -+/* Copyright (C) 2001, 2009-2014 Free Software Foundation, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License -@@ -363,7 +362,7 @@ VM_DEFINE_FUNCTION (149, ge, "ge?", 2) - { \ - scm_t_signed_bits rlo, rhi; \ - asm ("smull %0, %1, %2, %3\n" \ -- : "=r" (rlo), "=r" (rhi) \ -+ : "=&r" (rlo), "=&r" (rhi) \ - : "r" (SCM_UNPACK (x) - scm_tc2_int), \ - "r" (SCM_I_INUM (y))); \ - if (SCM_LIKELY (SCM_SRS (rlo, 31) == rhi)) \ --- -2.1.2 - -From bed025bd2569b1c033f24d7d9e660e39ebf65cac Mon Sep 17 00:00:00 2001 -From: Mark H Weaver -Date: Sat, 20 Sep 2014 03:59:51 -0400 -Subject: [PATCH] VM: Allow the C compiler to choose FP_REG on ARM. - -Reported by Rob Browning . - -* libguile/vm-engine.h (IP_REG)[__arm__]: Remove explicit register - choice ("r7") for FP_REG, which was reported to cause compilation - failures on ARM. ---- - libguile/vm-engine.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/libguile/vm-engine.h b/libguile/vm-engine.h -index 46d4cff..e618be7 100644 ---- a/libguile/vm-engine.h -+++ b/libguile/vm-engine.h -@@ -1,4 +1,4 @@ --/* Copyright (C) 2001, 2009, 2010, 2011, 2012 Free Software Foundation, Inc. -+/* Copyright (C) 2001, 2009-2012, 2014 Free Software Foundation, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License -@@ -81,7 +81,7 @@ - #ifdef __arm__ - #define IP_REG asm("r9") - #define SP_REG asm("r8") --#define FP_REG asm("r7") -+#define FP_REG - #endif - #endif - --- -2.1.2 - diff --git a/gnu/packages/patches/mplayer2-theora-fix.patch b/gnu/packages/patches/mplayer2-theora-fix.patch deleted file mode 100644 index 982db5f57c..0000000000 --- a/gnu/packages/patches/mplayer2-theora-fix.patch +++ /dev/null @@ -1,286 +0,0 @@ -Fix libtheora linking issue with modern theora versions. - -Adapted from: -http://git.buildroot.net/buildroot/commit/?id=46b71cb0be27c0e6b7c93afb49fc80779bf310e3 - ---- a/libmpcodecs/vd_theora.c -+++ b/libmpcodecs/vd_theora.c -@@ -39,22 +39,23 @@ - - LIBVD_EXTERN(theora) - --#include -+#include - - #define THEORA_NUM_HEADER_PACKETS 3 - - typedef struct theora_struct_st { -- theora_state st; -- theora_comment cc; -- theora_info inf; -+ th_setup_info *tsi; -+ th_dec_ctx *tctx; -+ th_comment tc; -+ th_info ti; - } theora_struct_t; - - /** Convert Theora pixelformat to the corresponding IMGFMT_ */ --static uint32_t theora_pixelformat2imgfmt(theora_pixelformat fmt){ -+static uint32_t theora_pixelformat2imgfmt(th_pixel_fmt fmt){ - switch(fmt) { -- case OC_PF_420: return IMGFMT_YV12; -- case OC_PF_422: return IMGFMT_422P; -- case OC_PF_444: return IMGFMT_444P; -+ case TH_PF_420: return IMGFMT_YV12; -+ case TH_PF_422: return IMGFMT_422P; -+ case TH_PF_444: return IMGFMT_444P; - } - return 0; - } -@@ -64,7 +65,7 @@ - theora_struct_t *context = sh->context; - switch(cmd) { - case VDCTRL_QUERY_FORMAT: -- if (*(int*)arg == theora_pixelformat2imgfmt(context->inf.pixelformat)) -+ if (*(int*)arg == theora_pixelformat2imgfmt(context->ti.pixel_fmt)) - return CONTROL_TRUE; - return CONTROL_FALSE; - } -@@ -88,8 +89,9 @@ - if (!context) - goto err_out; - -- theora_info_init(&context->inf); -- theora_comment_init(&context->cc); -+ th_info_init(&context->ti); -+ th_comment_init(&context->tc); -+ context->tsi = NULL; - - /* Read all header packets, pass them to theora_decode_header. */ - for (i = 0; i < THEORA_NUM_HEADER_PACKETS; i++) -@@ -109,7 +111,7 @@ - op.b_o_s = 1; - } - -- if ( (errorCode = theora_decode_header (&context->inf, &context->cc, &op)) ) -+ if ( (errorCode = th_decode_headerin (&context->ti, &context->tc, &context->tsi, &op)) < 0) - { - mp_msg(MSGT_DECVIDEO, MSGL_ERR, "Broken Theora header; errorCode=%i!\n", errorCode); - goto err_out; -@@ -117,23 +119,25 @@ - } - - /* now init codec */ -- errorCode = theora_decode_init (&context->st, &context->inf); -- if (errorCode) -+ context->tctx = th_decode_alloc (&context->ti, context->tsi); -+ if (!context->tctx) - { -- mp_msg(MSGT_DECVIDEO,MSGL_ERR,"Theora decode init failed: %i \n", errorCode); -+ mp_msg(MSGT_DECVIDEO,MSGL_ERR,"Theora decode init failed\n"); - goto err_out; - } -+ /* free memory used for decoder setup information */ -+ th_setup_free(context->tsi); - -- if(sh->aspect==0.0 && context->inf.aspect_denominator!=0) -+ if(sh->aspect==0.0 && context->ti.aspect_denominator!=0) - { -- sh->aspect = ((double)context->inf.aspect_numerator * context->inf.width)/ -- ((double)context->inf.aspect_denominator * context->inf.height); -+ sh->aspect = ((double)context->ti.aspect_numerator * context->ti.frame_width)/ -+ ((double)context->ti.aspect_denominator * context->ti.frame_height); - } - - mp_msg(MSGT_DECVIDEO,MSGL_V,"INFO: Theora video init ok!\n"); -- mp_msg(MSGT_DECVIDEO,MSGL_INFO,"Frame: %dx%d, Picture %dx%d, Offset [%d,%d]\n", context->inf.width, context->inf.height, context->inf.frame_width, context->inf.frame_height, context->inf.offset_x, context->inf.offset_y); -+ mp_msg(MSGT_DECVIDEO,MSGL_INFO,"Frame: %dx%d, Picture %dx%d, Offset [%d,%d]\n", context->ti.frame_width, context->ti.frame_height, context->ti.pic_width, context->ti.pic_height, context->ti.pic_x, context->ti.pic_y); - -- return mpcodecs_config_vo (sh,context->inf.width,context->inf.height,theora_pixelformat2imgfmt(context->inf.pixelformat)); -+ return mpcodecs_config_vo (sh,context->ti.frame_width,context->ti.frame_height,theora_pixelformat2imgfmt(context->ti.pixel_fmt)); - - err_out: - free(context); -@@ -150,9 +154,9 @@ - - if (context) - { -- theora_info_clear(&context->inf); -- theora_comment_clear(&context->cc); -- theora_clear (&context->st); -+ th_info_clear(&context->ti); -+ th_comment_clear(&context->tc); -+ th_decode_free (context->tctx); - free (context); - } - } -@@ -165,7 +169,7 @@ - theora_struct_t *context = sh->context; - int errorCode = 0; - ogg_packet op; -- yuv_buffer yuv; -+ th_ycbcr_buffer ycbcrbuf; - mp_image_t* mpi; - - // no delayed frames -@@ -177,31 +181,31 @@ - op.packet = data; - op.granulepos = -1; - -- errorCode = theora_decode_packetin (&context->st, &op); -- if (errorCode) -+ errorCode = th_decode_packetin (context->tctx, &op, NULL); -+ if (errorCode < 0) - { - mp_msg(MSGT_DECVIDEO,MSGL_ERR,"Theora decode packetin failed: %i \n", - errorCode); - return NULL; - } - -- errorCode = theora_decode_YUVout (&context->st, &yuv); -- if (errorCode) -+ errorCode = th_decode_ycbcr_out (context->tctx, ycbcrbuf); -+ if (errorCode < 0) - { - mp_msg(MSGT_DECVIDEO,MSGL_ERR,"Theora decode YUVout failed: %i \n", - errorCode); - return NULL; - } - -- mpi = mpcodecs_get_image(sh, MP_IMGTYPE_EXPORT, 0, yuv.y_width, yuv.y_height); -+ mpi = mpcodecs_get_image(sh, MP_IMGTYPE_EXPORT, 0, ycbcrbuf[0].width, ycbcrbuf[0].height); - if(!mpi) return NULL; - -- mpi->planes[0]=yuv.y; -- mpi->stride[0]=yuv.y_stride; -- mpi->planes[1]=yuv.u; -- mpi->stride[1]=yuv.uv_stride; -- mpi->planes[2]=yuv.v; -- mpi->stride[2]=yuv.uv_stride; -+ mpi->planes[0]=ycbcrbuf[0].data; -+ mpi->stride[0]=ycbcrbuf[0].stride; -+ mpi->planes[1]=ycbcrbuf[1].data; -+ mpi->stride[1]=ycbcrbuf[1].stride; -+ mpi->planes[2]=ycbcrbuf[2].data; -+ mpi->stride[2]=ycbcrbuf[2].stride; - - return mpi; - } ---- a/libmpdemux/demux_ogg.c -+++ b/libmpdemux/demux_ogg.c -@@ -49,21 +49,21 @@ - #endif - - #ifdef CONFIG_OGGTHEORA --#include --int _ilog (unsigned int); /* defined in many places in theora/lib/ */ -+#include - #endif - - #define BLOCK_SIZE 4096 - - /* Theora decoder context : we won't be able to interpret granule positions -- * without using theora_granule_time with the theora_state of the stream. -+ * without using th_granule_time with the th_dec_ctx of the stream. - * This is duplicated in `vd_theora.c'; put this in a common header? - */ - #ifdef CONFIG_OGGTHEORA - typedef struct theora_struct_st { -- theora_state st; -- theora_comment cc; -- theora_info inf; -+ th_setup_info *tsi; -+ th_dec_ctx *tctx; -+ th_comment tc; -+ th_info ti; - } theora_struct_t; - #endif - -@@ -116,7 +116,7 @@ - float samplerate; /// granulpos 2 time - int64_t lastpos; - int32_t lastsize; -- int keyframe_frequency_force; -+ int keyframe_granule_shift; - - // Logical stream state - ogg_stream_state stream; -@@ -299,11 +299,10 @@ - have theora_state st, until all header packets were passed to the - decoder. */ - if (!pack->bytes || !(*data&0x80)) { -- int keyframe_granule_shift = _ilog(os->keyframe_frequency_force - 1); -- int64_t iframemask = (1 << keyframe_granule_shift) - 1; -+ int64_t iframemask = (1 << os->keyframe_granule_shift) - 1; - - if (pack->granulepos >= 0) { -- os->lastpos = pack->granulepos >> keyframe_granule_shift; -+ os->lastpos = pack->granulepos >> os->keyframe_granule_shift; - os->lastpos += pack->granulepos & iframemask; - *flags = (pack->granulepos & iframemask) == 0; - } else { -@@ -892,14 +891,15 @@ - #ifdef CONFIG_OGGTHEORA - } else if (pack.bytes >= 7 && !strncmp (&pack.packet[1], "theora", 6)) { - int errorCode = 0; -- theora_info inf; -- theora_comment cc; -+ th_info ti; -+ th_comment tc; -+ th_setup_info *tsi = NULL; - -- theora_info_init (&inf); -- theora_comment_init (&cc); -+ th_info_init (&ti); -+ th_comment_init (&tc); - -- errorCode = theora_decode_header (&inf, &cc, &pack); -- if (errorCode) { -+ errorCode = th_decode_headerin(&ti, &tc, &tsi, &pack); -+ if (errorCode < 0) { - mp_msg(MSGT_DEMUX, MSGL_ERR, - "Theora header parsing failed: %i \n", errorCode); - } else { -@@ -908,30 +908,32 @@ - sh_v->bih = calloc(1, sizeof(*sh_v->bih)); - sh_v->bih->biSize = sizeof(*sh_v->bih); - sh_v->bih->biCompression = sh_v->format = FOURCC_THEORA; -- sh_v->fps = ((double)inf.fps_numerator) / (double)inf.fps_denominator; -- sh_v->frametime = ((double)inf.fps_denominator) / (double)inf.fps_numerator; -- sh_v->disp_w = sh_v->bih->biWidth = inf.frame_width; -- sh_v->disp_h = sh_v->bih->biHeight = inf.frame_height; -+ sh_v->fps = ((double)ti.fps_numerator) / (double)ti.fps_denominator; -+ sh_v->frametime = ((double)ti.fps_denominator) / (double)ti.fps_numerator; -+ sh_v->i_bps = ti.target_bitrate / 8; -+ sh_v->disp_w = sh_v->bih->biWidth = ti.frame_width; -+ sh_v->disp_h = sh_v->bih->biHeight = ti.frame_height; - sh_v->bih->biBitCount = 24; - sh_v->bih->biPlanes = 3; - sh_v->bih->biSizeImage = ((sh_v->bih->biBitCount / 8) * sh_v->bih->biWidth * sh_v->bih->biHeight); - ogg_d->subs[ogg_d->num_sub].samplerate = sh_v->fps; - ogg_d->subs[ogg_d->num_sub].theora = 1; -- ogg_d->subs[ogg_d->num_sub].keyframe_frequency_force = inf.keyframe_frequency_force; -+ ogg_d->subs[ogg_d->num_sub].keyframe_granule_shift = ti.keyframe_granule_shift; - ogg_d->subs[ogg_d->num_sub].id = n_video; - n_video++; - mp_msg(MSGT_DEMUX, MSGL_INFO, - "[Ogg] stream %d: video (Theora v%d.%d.%d), -vid %d\n", - ogg_d->num_sub, -- (int)inf.version_major, -- (int)inf.version_minor, -- (int)inf.version_subminor, -+ (int)ti.version_major, -+ (int)ti.version_minor, -+ (int)ti.version_subminor, - n_video - 1); - if (mp_msg_test(MSGT_HEADER, MSGL_V)) - print_video_header(sh_v->bih, MSGL_V); - } -- theora_comment_clear(&cc); -- theora_info_clear(&inf); -+ th_comment_clear(&tc); -+ th_info_clear(&ti); -+ th_setup_free(tsi); - #endif /* CONFIG_OGGTHEORA */ - } else if (pack.bytes >= 4 && !strncmp (&pack.packet[0], "fLaC", 4)) { - sh_a = new_sh_audio_aid(demuxer, ogg_d->num_sub, n_audio, NULL); diff --git a/gnu/packages/patches/soprano-find-clucene.patch b/gnu/packages/patches/soprano-find-clucene.patch deleted file mode 100644 index cc2707853a..0000000000 --- a/gnu/packages/patches/soprano-find-clucene.patch +++ /dev/null @@ -1,15 +0,0 @@ -Search for clucene include file in the clucene include directory. - -diff -u -r soprano-2.9.4.orig/cmake/modules/FindCLucene.cmake soprano-2.9.4/cmake/modules/FindCLucene.cmake ---- soprano-2.9.4.orig/cmake/modules/FindCLucene.cmake 2013-10-09 19:22:28.000000000 +0200 -+++ soprano-2.9.4/cmake/modules/FindCLucene.cmake 2014-04-28 20:08:11.000000000 +0200 -@@ -77,7 +77,8 @@ - - get_filename_component(TRIAL_LIBRARY_DIR ${CLUCENE_LIBRARY} PATH) - find_path(CLUCENE_LIBRARY_DIR -- NAMES CLucene/clucene-config.h PATHS ${TRIAL_LIBRARY_DIR} ${TRIAL_LIBRARY_PATHS} ${TRIAL_INCLUDE_PATHS} NO_DEFAULT_PATH) -+ NAMES CLucene/clucene-config.h PATHS ${TRIAL_LIBRARY_DIR} ${TRIAL_LIBRARY_PATHS} ${TRIAL_INCLUDE_PATHS} ${CLUCENE_INCLUDE_DIR} NO_DEFAULT_PATH) -+message (STATUS "XXX ${CLUCENE_LIBRARY_DIR}") - if(CLUCENE_LIBRARY_DIR) - message(STATUS "Found CLucene library dir: ${CLUCENE_LIBRARY_DIR}") - file(READ ${CLUCENE_LIBRARY_DIR}/CLucene/clucene-config.h CLCONTENT) diff --git a/gnu/packages/patches/util-linux-CVE-2017-2616.patch b/gnu/packages/patches/util-linux-CVE-2017-2616.patch deleted file mode 100644 index 2c82fb06d2..0000000000 --- a/gnu/packages/patches/util-linux-CVE-2017-2616.patch +++ /dev/null @@ -1,65 +0,0 @@ -Fix CVE-2017-2616: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616 -http://seclists.org/oss-sec/2017/q1/474 - -Patch copied from upstream source repository: - -https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=dffab154d29a288aa171ff50263ecc8f2e14a891 - -From b018571132cb8c9fece3d75ed240cc74cdb5f0f7 Mon Sep 17 00:00:00 2001 -From: Karel Zak -Date: Wed, 1 Feb 2017 11:58:09 +0100 -Subject: [PATCH] su: properly clear child PID -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Reported-by: Tobias Stöckmann -Signed-off-by: Karel Zak ---- - login-utils/su-common.c | 14 ++++++++++---- - 1 file changed, 10 insertions(+), 4 deletions(-) - -diff --git a/login-utils/su-common.c b/login-utils/su-common.c -index 0ea4e40bd..b1720f037 100644 ---- a/login-utils/su-common.c -+++ b/login-utils/su-common.c -@@ -376,6 +376,9 @@ create_watching_parent (void) - } - else - status = WEXITSTATUS (status); -+ -+ /* child is gone, don't use the PID anymore */ -+ child = (pid_t) -1; - } - else if (caught_signal) - status = caught_signal + 128; -@@ -385,7 +388,7 @@ create_watching_parent (void) - else - status = 1; - -- if (caught_signal) -+ if (caught_signal && child != (pid_t)-1) - { - fprintf (stderr, _("\nSession terminated, killing shell...")); - kill (child, SIGTERM); -@@ -395,9 +398,12 @@ create_watching_parent (void) - - if (caught_signal) - { -- sleep (2); -- kill (child, SIGKILL); -- fprintf (stderr, _(" ...killed.\n")); -+ if (child != (pid_t)-1) -+ { -+ sleep (2); -+ kill (child, SIGKILL); -+ fprintf (stderr, _(" ...killed.\n")); -+ } - - /* Let's terminate itself with the received signal. - * --- -2.11.1 - diff --git a/gnu/packages/patches/xf86-video-intel-compat-api.patch b/gnu/packages/patches/xf86-video-intel-compat-api.patch deleted file mode 100644 index 786de5c45d..0000000000 --- a/gnu/packages/patches/xf86-video-intel-compat-api.patch +++ /dev/null @@ -1,13 +0,0 @@ -This patch was copied from Debian. - ---- xserver-xorg-video-intel-2.21.15.orig/src/compat-api.h -+++ xserver-xorg-video-intel-2.21.15/src/compat-api.h -@@ -158,4 +158,8 @@ - if ((d)->pScreen->SourceValidate) (d)->pScreen->SourceValidate(d, x, y, w, h) - #endif - -+#if XORG_VERSION_CURRENT >= XORG_VERSION_NUMERIC(1,14,99,2,0) -+#define DamageUnregister(d, dd) DamageUnregister(dd) -+#endif -+ - #endif diff --git a/gnu/packages/patches/xf86-video-intel-glibc-2.20.patch b/gnu/packages/patches/xf86-video-intel-glibc-2.20.patch deleted file mode 100644 index aeebfacdcd..0000000000 --- a/gnu/packages/patches/xf86-video-intel-glibc-2.20.patch +++ /dev/null @@ -1,15 +0,0 @@ -Allow builds with glibc 2.20. -Based on a patch by Peter Hutterer . -See . - ---- xf86-video-intel-2.21.15/src/intel_device.c.~1~ 2013-08-09 16:58:48.000000000 -0400 -+++ xf86-video-intel-2.21.15/src/intel_device.c 2014-12-18 00:03:54.700759577 -0500 -@@ -33,6 +33,8 @@ - - #include - -+#include -+ - #include - #include - #include -- cgit v1.2.3 From 6ef94ecbaa5112a1692b3c80423105b465f030a6 Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Fri, 14 Apr 2017 13:52:22 +0200 Subject: gnu: Add policycoreutils. * gnu/packages/selinux.scm (policycoreutils): New variable. --- gnu/local.mk | 1 + ...policycoreutils-make-sepolicy-use-python3.patch | 335 +++++++++++++++++++++ gnu/packages/selinux.scm | 137 +++++++++ 3 files changed, 473 insertions(+) create mode 100644 gnu/packages/patches/policycoreutils-make-sepolicy-use-python3.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 2e38168a0b..ee18517e22 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -855,6 +855,7 @@ dist_patch_DATA = \ %D%/packages/patches/plink-endian-detection.patch \ %D%/packages/patches/plotutils-libpng-jmpbuf.patch \ %D%/packages/patches/polkit-drop-test.patch \ + %D%/packages/patches/policycoreutils-make-sepolicy-use-python3.patch \ %D%/packages/patches/portaudio-audacity-compat.patch \ %D%/packages/patches/portmidi-modular-build.patch \ %D%/packages/patches/procmail-ambiguous-getline-debian.patch \ diff --git a/gnu/packages/patches/policycoreutils-make-sepolicy-use-python3.patch b/gnu/packages/patches/policycoreutils-make-sepolicy-use-python3.patch new file mode 100644 index 0000000000..befe9fbb2a --- /dev/null +++ b/gnu/packages/patches/policycoreutils-make-sepolicy-use-python3.patch @@ -0,0 +1,335 @@ +Downloaded from https://anonscm.debian.org/cgit/selinux/policycoreutils.git/plain/debian/patches/policycoreutils-Make-sepolicy-work-with-python3.patch + +From 2d7ca0b862a35196d562f59bd098df011fd7f0e6 Mon Sep 17 00:00:00 2001 +From: Laurent Bigonville +Date: Mon, 7 Nov 2016 10:51:08 +0100 +Subject: [PATCH] policycoreutils: Make sepolicy work with python3 + +Add python3 support for sepolicy + +Signed-off-by: Laurent Bigonville +--- + policycoreutils/sepolicy/selinux_client.py | 6 ++-- + policycoreutils/sepolicy/sepolicy.py | 38 ++++++++++++------------ + policycoreutils/sepolicy/sepolicy/__init__.py | 16 ++++++---- + policycoreutils/sepolicy/sepolicy/communicate.py | 4 +-- + policycoreutils/sepolicy/sepolicy/generate.py | 30 +++++++++---------- + policycoreutils/sepolicy/sepolicy/interface.py | 14 ++++++--- + policycoreutils/sepolicy/sepolicy/manpage.py | 7 +++-- + 7 files changed, 65 insertions(+), 50 deletions(-) + +diff --git a/policycoreutils/sepolicy/selinux_client.py b/policycoreutils/sepolicy/selinux_client.py +index 7f4a91c..dc29f28 100644 +--- a/sepolicy/selinux_client.py ++++ b/sepolicy/selinux_client.py +@@ -39,6 +39,6 @@ if __name__ == "__main__": + try: + dbus_proxy = SELinuxDBus() + resp = dbus_proxy.customized() +- print convert_customization(resp) +- except dbus.DBusException, e: +- print e ++ print(convert_customization(resp)) ++ except dbus.DBusException as e: ++ print(e) +diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py +index 3e502a7..5bf9b52 100755 +--- a/sepolicy/sepolicy.py ++++ b/sepolicy/sepolicy.py +@@ -262,7 +262,7 @@ def _print_net(src, protocol, perm): + if len(portdict) > 0: + bold_start = "\033[1m" + bold_end = "\033[0;0m" +- print "\n" + bold_start + "%s: %s %s" % (src, protocol, perm) + bold_end ++ print("\n" + bold_start + "%s: %s %s" % (src, protocol, perm) + bold_end) + port_strings = [] + boolean_text = "" + for p in portdict: +@@ -275,7 +275,7 @@ def _print_net(src, protocol, perm): + port_strings.append("%s (%s)" % (", ".join(recs), t)) + port_strings.sort(numcmp) + for p in port_strings: +- print "\t" + p ++ print("\t" + p) + + + def network(args): +@@ -286,7 +286,7 @@ def network(args): + if i[0] not in all_ports: + all_ports.append(i[0]) + all_ports.sort() +- print "\n".join(all_ports) ++ print("\n".join(all_ports)) + + for port in args.port: + found = False +@@ -297,18 +297,18 @@ def network(args): + else: + range = "%s-%s" % (i[0], i[1]) + found = True +- print "%d: %s %s %s" % (port, i[2], portrecsbynum[i][0], range) ++ print("%d: %s %s %s" % (port, i[2], portrecsbynum[i][0], range)) + if not found: + if port < 500: +- print "Undefined reserved port type" ++ print("Undefined reserved port type") + else: +- print "Undefined port type" ++ print("Undefined port type") + + for t in args.type: + if (t, 'tcp') in portrecs.keys(): +- print "%s: tcp: %s" % (t, ",".join(portrecs[t, 'tcp'])) ++ print("%s: tcp: %s" % (t, ",".join(portrecs[t, 'tcp']))) + if (t, 'udp') in portrecs.keys(): +- print "%s: udp: %s" % (t, ",".join(portrecs[t, 'udp'])) ++ print( "%s: udp: %s" % (t, ",".join(portrecs[t, 'udp']))) + + for a in args.applications: + d = sepolicy.get_init_transtype(a) +@@ -357,7 +357,7 @@ def manpage(args): + + for domain in test_domains: + m = ManPage(domain, path, args.root, args.source_files, args.web) +- print m.get_man_page_path() ++ print(m.get_man_page_path()) + + if args.web: + HTMLManPages(manpage_roles, manpage_domains, path, args.os) +@@ -418,7 +418,7 @@ def communicate(args): + out = list(set(writable) & set(readable)) + + for t in out: +- print t ++ print(t) + + + def gen_communicate_args(parser): +@@ -445,7 +445,7 @@ def booleans(args): + args.booleans.sort() + + for b in args.booleans: +- print "%s=_(\"%s\")" % (b, boolean_desc(b)) ++ print("%s=_(\"%s\")" % (b, boolean_desc(b))) + + + def gen_booleans_args(parser): +@@ -484,16 +484,16 @@ def print_interfaces(interfaces, args, append=""): + for i in interfaces: + if args.verbose: + try: +- print get_interface_format_text(i + append) ++ print(get_interface_format_text(i + append)) + except KeyError: +- print i ++ print(i) + if args.compile: + try: + interface_compile_test(i) + except KeyError: +- print i ++ print(i) + else: +- print i ++ print(i) + + + def interface(args): +@@ -565,7 +565,7 @@ def generate(args): + if args.policytype in APPLICATIONS: + mypolicy.gen_writeable() + mypolicy.gen_symbols() +- print mypolicy.generate(args.path) ++ print(mypolicy.generate(args.path)) + + + def gen_interface_args(parser): +@@ -698,12 +698,12 @@ if __name__ == '__main__': + args = parser.parse_args(args=parser_args) + args.func(args) + sys.exit(0) +- except ValueError, e: ++ except ValueError as e: + sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e))) + sys.exit(1) +- except IOError, e: ++ except IOError as e: + sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e))) + sys.exit(1) + except KeyboardInterrupt: +- print "Out" ++ print("Out") + sys.exit(0) +diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py +index 8fbd5b4..fee6438 100644 +--- a/sepolicy/sepolicy/__init__.py ++++ b/sepolicy/sepolicy/__init__.py +@@ -695,7 +695,7 @@ def get_methods(): + # List of per_role_template interfaces + ifs = interfaces.InterfaceSet() + ifs.from_file(fd) +- methods = ifs.interfaces.keys() ++ methods = list(ifs.interfaces.keys()) + fd.close() + except: + sys.stderr.write("could not open interface info [%s]\n" % fn) +@@ -752,7 +752,10 @@ def get_all_entrypoint_domains(): + + + def gen_interfaces(): +- import commands ++ try: ++ from commands import getstatusoutput ++ except ImportError: ++ from subprocess import getstatusoutput + ifile = defaults.interface_info() + headers = defaults.headers() + try: +@@ -763,7 +766,7 @@ def gen_interfaces(): + + if os.getuid() != 0: + raise ValueError(_("You must regenerate interface info by running /usr/bin/sepolgen-ifgen")) +- print(commands.getstatusoutput("/usr/bin/sepolgen-ifgen")[1]) ++ print(getstatusoutput("/usr/bin/sepolgen-ifgen")[1]) + + + def gen_port_dict(): +@@ -1085,8 +1088,11 @@ def get_os_version(): + os_version = "" + pkg_name = "selinux-policy" + try: +- import commands +- rc, output = commands.getstatusoutput("rpm -q '%s'" % pkg_name) ++ try: ++ from commands import getstatusoutput ++ except ImportError: ++ from subprocess import getstatusoutput ++ rc, output = getstatusoutput("rpm -q '%s'" % pkg_name) + if rc == 0: + os_version = output.split(".")[-2] + except: +diff --git a/policycoreutils/sepolicy/sepolicy/communicate.py b/policycoreutils/sepolicy/sepolicy/communicate.py +index b96c4b9..299316e 100755 +--- a/sepolicy/sepolicy/communicate.py ++++ b/sepolicy/sepolicy/communicate.py +@@ -34,8 +34,8 @@ def usage(parser, msg): + + def expand_attribute(attribute): + try: +- return sepolicy.info(sepolicy.ATTRIBUTE, attribute)[0]["types"] +- except RuntimeError: ++ return list(next(sepolicy.info(sepolicy.ATTRIBUTE, attribute))["types"]) ++ except StopIteration: + return [attribute] + + +diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py +index 65b33b6..5696110 100644 +--- a/sepolicy/sepolicy/generate.py ++++ b/sepolicy/sepolicy/generate.py +@@ -31,21 +31,21 @@ import time + import types + import platform + +-from templates import executable +-from templates import boolean +-from templates import etc_rw +-from templates import unit_file +-from templates import var_cache +-from templates import var_spool +-from templates import var_lib +-from templates import var_log +-from templates import var_run +-from templates import tmp +-from templates import rw +-from templates import network +-from templates import script +-from templates import spec +-from templates import user ++from .templates import executable ++from .templates import boolean ++from .templates import etc_rw ++from .templates import unit_file ++from .templates import var_cache ++from .templates import var_spool ++from .templates import var_lib ++from .templates import var_log ++from .templates import var_run ++from .templates import tmp ++from .templates import rw ++from .templates import network ++from .templates import script ++from .templates import spec ++from .templates import user + import sepolgen.interfaces as interfaces + import sepolgen.defaults as defaults + +diff --git a/policycoreutils/sepolicy/sepolicy/interface.py b/policycoreutils/sepolicy/sepolicy/interface.py +index c2cb971..8956f39 100644 +--- a/sepolicy/sepolicy/interface.py ++++ b/sepolicy/sepolicy/interface.py +@@ -192,10 +192,13 @@ def generate_compile_te(interface, idict, name="compiletest"): + def get_xml_file(if_file): + """ Returns xml format of interfaces for given .if policy file""" + import os +- import commands ++ try: ++ from commands import getstatusoutput ++ except ImportError: ++ from subprocess import getstatusoutput + basedir = os.path.dirname(if_file) + "/" + filename = os.path.basename(if_file).split(".")[0] +- rc, output = commands.getstatusoutput("python /usr/share/selinux/devel/include/support/segenxml.py -w -m %s" % basedir + filename) ++ rc, output = getstatusoutput("python /usr/share/selinux/devel/include/support/segenxml.py -w -m %s" % basedir + filename) + if rc != 0: + sys.stderr.write("\n Could not proceed selected interface file.\n") + sys.stderr.write("\n%s" % output) +@@ -208,7 +211,10 @@ def interface_compile_test(interface, path="/usr/share/selinux/devel/policy.xml" + exclude_interfaces = ["userdom", "kernel", "corenet", "files", "dev"] + exclude_interface_type = ["template"] + +- import commands ++ try: ++ from commands import getstatusoutput ++ except ImportError: ++ from subprocess import getstatusoutput + import os + policy_files = {'pp': "compiletest.pp", 'te': "compiletest.te", 'fc': "compiletest.fc", 'if': "compiletest.if"} + idict = get_interface_dict(path) +@@ -219,7 +225,7 @@ def interface_compile_test(interface, path="/usr/share/selinux/devel/policy.xml" + fd = open(policy_files['te'], "w") + fd.write(generate_compile_te(interface, idict)) + fd.close() +- rc, output = commands.getstatusoutput("make -f /usr/share/selinux/devel/Makefile %s" % policy_files['pp']) ++ rc, output = getstatusoutput("make -f /usr/share/selinux/devel/Makefile %s" % policy_files['pp']) + if rc != 0: + sys.stderr.write(output) + sys.stderr.write(_("\nCompile test for %s failed.\n") % interface) +diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py +index 7365f93..773a9ab 100755 +--- a/sepolicy/sepolicy/manpage.py ++++ b/sepolicy/sepolicy/manpage.py +@@ -27,7 +27,6 @@ __all__ = ['ManPage', 'HTMLManPages', 'manpage_domains', 'manpage_roles', 'gen_d + import string + import selinux + import sepolicy +-import commands + import os + import time + +@@ -162,7 +161,11 @@ def get_alphabet_manpages(manpage_list): + + + def convert_manpage_to_html(html_manpage, manpage): +- rc, output = commands.getstatusoutput("/usr/bin/groff -man -Thtml %s 2>/dev/null" % manpage) ++ try: ++ from commands import getstatusoutput ++ except ImportError: ++ from subprocess import getstatusoutput ++ rc, output = getstatusoutput("/usr/bin/groff -man -Thtml %s 2>/dev/null" % manpage) + if rc == 0: + print(html_manpage, "has been created") + fd = open(html_manpage, 'w') +-- +2.10.2 + diff --git a/gnu/packages/selinux.scm b/gnu/packages/selinux.scm index ee894c3126..81c899f841 100644 --- a/gnu/packages/selinux.scm +++ b/gnu/packages/selinux.scm @@ -28,6 +28,10 @@ #:use-module (gnu packages bison) #:use-module (gnu packages docbook) #:use-module (gnu packages flex) + #:use-module (gnu packages gettext) + #:use-module (gnu packages glib) + #:use-module (gnu packages linux) + #:use-module (gnu packages networking) #:use-module (gnu packages pcre) #:use-module (gnu packages pkg-config) #:use-module (gnu packages python) @@ -342,3 +346,136 @@ tools, and libraries designed to facilitate SELinux policy analysis.") ;; Some programs are under GPL, all libraries under LGPL. (license (list license:lgpl2.1+ license:gpl2+)))) + +(define-public policycoreutils + (package (inherit libsepol) + (name "policycoreutils") + (source + (origin (inherit (package-source libsepol)) + (patches (search-patches "policycoreutils-make-sepolicy-use-python3.patch")) + (patch-flags '("-p1" "-d" "policycoreutils")))) + (arguments + `(#:test-target "test" + #:make-flags + (let ((out (assoc-ref %outputs "out"))) + (list "CC=gcc" + (string-append "PREFIX=" out) + (string-append "LOCALEDIR=" out "/share/locale") + (string-append "BASHCOMPLETIONDIR=" out + "/share/bash-completion/completions") + "INSTALL=install -c -p" + "INSTALL_DIR=install -d" + ;; These ones are needed because some Makefiles define the + ;; directories relative to DESTDIR, not relative to PREFIX. + (string-append "SBINDIR=" out "/sbin") + (string-append "ETCDIR=" out "/etc") + (string-append "SYSCONFDIR=" out "/etc/sysconfig") + (string-append "MAN5DIR=" out "/share/man/man5") + (string-append "INSTALL_NLS_DIR=" out "/share/locale") + (string-append "AUTOSTARTDIR=" out "/etc/xdg/autostart") + (string-append "DBUSSERVICEDIR=" out "/share/dbus-1/services") + (string-append "SYSTEMDDIR=" out "/lib/systemd") + (string-append "INITDIR=" out "/etc/rc.d/init.d") + (string-append "SELINUXDIR=" out "/etc/selinux"))) + #:phases + (modify-phases %standard-phases + (delete 'configure) + (add-after 'unpack 'enter-dir + (lambda _ (chdir ,name) #t)) + (add-after 'enter-dir 'ignore-/usr-tests + (lambda* (#:key inputs #:allow-other-keys) + ;; The Makefile decides to build restorecond only if it finds the + ;; inotify header somewhere under /usr. + (substitute* "Makefile" + (("ifeq.*") "") + (("endif.*") "")) + ;; Rewrite lookup paths for header files. + (substitute* '("newrole/Makefile" + "setfiles/Makefile" + "run_init/Makefile") + (("/usr(/include/security/pam_appl.h)" _ file) + (string-append (assoc-ref inputs "pam") file)) + (("/usr(/include/libaudit.h)" _ file) + (string-append (assoc-ref inputs "audit") file))) + #t)) + (add-after 'enter-dir 'fix-glib-cflags + (lambda* (#:key inputs #:allow-other-keys) + (substitute* "restorecond/Makefile" + (("/usr(/include/glib-2.0|/lib/glib-2.0/include)" _ path) + (string-append (assoc-ref inputs "glib") path)) + (("/usr(/include/dbus-1.0|/lib/dbus-1.0/include)" _ path) + (string-append (assoc-ref inputs "dbus") path + " -I" + (assoc-ref inputs "dbus-glib") path))) + #t)) + (add-after 'enter-dir 'fix-linkage-with-libsepol + (lambda* (#:key inputs #:allow-other-keys) + (substitute* '("semodule_deps/Makefile" + "sepolgen-ifgen/Makefile") + (("\\$\\(LIBDIR\\)") + (string-append (assoc-ref inputs "libsepol") "/lib/"))))) + (add-after 'enter-dir 'fix-target-paths + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (substitute* "audit2allow/sepolgen-ifgen" + (("ATTR_HELPER = \"/usr/bin/sepolgen-ifgen-attr-helper\"") + (string-append "ATTR_HELPER = \"" out + "/bin/sepolgen-ifgen-attr-helper\""))) + (substitute* "sepolicy/sepolicy/__init__.py" + (("/usr/bin/sepolgen-ifgen") + (string-append out "/bin/sepolgen-ifgen"))) + (substitute* "sepolicy/Makefile" + ;; By default all Python files would be installed to + ;; $out/gnu/store/...-python-.../. + (("setup.py install.*$") + (string-append "setup.py install --prefix=" out "\n")) + (("\\$\\(DESTDIR\\)/etc") + (string-append out "/etc")) + (("\\$\\(DESTDIR\\)/usr") out))) + #t)) + (add-after 'install 'wrap-python-tools + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (var (string-append out "/lib/python" + ,(version-major+minor (package-version python)) + "/site-packages:" + (getenv "PYTHONPATH")))) + ;; The scripts' shebangs tell Python to ignore the PYTHONPATH, + ;; so we need to patch them before wrapping. + (for-each (lambda (file) + (let ((path (string-append out "/" file))) + (substitute* path + (("bin/python -Es") "bin/python -s")) + (wrap-program path + `("PYTHONPATH" ":" prefix (,var))))) + '("bin/audit2allow" + "bin/chcat" + "bin/sandbox" + "bin/sepolgen-ifgen" + "bin/sepolicy" + "sbin/semanage"))) + #t))))) + (inputs + `(("python" ,python-wrapper) + ("audit" ,audit) + ("pam" ,linux-pam) + ("libsepol" ,libsepol) + ("libselinux" ,libselinux) + ("libsemanage" ,libsemanage) + ("python-sepolgen" ,python-sepolgen) + ("python-setools" ,python-setools) + ("python-ipy" ,python-ipy) + ("libcap-ng" ,libcap-ng) + ("pcre" ,pcre) + ("dbus" ,dbus) + ("dbus-glib" ,dbus-glib) + ("glib" ,glib))) + (native-inputs + `(("gettext" ,gettext-minimal))) + (synopsis "SELinux core utilities") + (description "The policycoreutils package contains the core utilities that +are required for the basic operation of an SELinux-enabled GNU system and its +policies. These utilities include @code{load_policy} to load policies, +@code{setfiles} to label file systems, @code{newrole} to switch roles, and +@code{run_init} to run service scripts in their proper context.") + (license license:gpl2+))) -- cgit v1.2.3 From cc4faa35f8fa8a64e39c62e77128ad880d0173fd Mon Sep 17 00:00:00 2001 From: Manolis Ragkousis Date: Sat, 8 Apr 2017 16:58:04 +0300 Subject: gnu: Add the Hurd. * gnu/packages/hurd.scm (hurd): New variable. * gnu/packages/patches/hurd-fix-eth-multiplexer-dependency.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/hurd.scm | 41 ++++++++++++++++++++++ .../hurd-fix-eth-multiplexer-dependency.patch | 26 ++++++++++++++ 3 files changed, 68 insertions(+) create mode 100644 gnu/packages/patches/hurd-fix-eth-multiplexer-dependency.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index ee18517e22..29f6d3516c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -652,6 +652,7 @@ dist_patch_DATA = \ %D%/packages/patches/higan-remove-march-native-flag.patch \ %D%/packages/patches/hop-linker-flags.patch \ %D%/packages/patches/hubbub-sort-entities.patch \ + %D%/packages/patches/hurd-fix-eth-multiplexer-dependency.patch \ %D%/packages/patches/hydra-disable-darcs-test.patch \ %D%/packages/patches/icecat-avoid-bundled-libraries.patch \ %D%/packages/patches/icecat-bug-1299500-pt10.patch \ diff --git a/gnu/packages/hurd.scm b/gnu/packages/hurd.scm index 12fce5453d..bd1eb4b085 100644 --- a/gnu/packages/hurd.scm +++ b/gnu/packages/hurd.scm @@ -245,3 +245,44 @@ Hurd-minimal package which are needed for both glibc and GCC.") (description "GNU Mach is the microkernel upon which a GNU Hurd system is based.") (license gpl2+))) + +(define-public hurd + (package + (name "hurd") + (version "0.9") + (source (origin + (method url-fetch) + (uri (hurd-source-url version)) + (sha256 + (base32 + "1nw9gly0n7pyv3cpfm4mmxy4yccrx4g0lyrvd3vk2vil26jpbggw")) + (patches (search-patches "hurd-fix-eth-multiplexer-dependency.patch")))) + (arguments + `(#:phases + (modify-phases %standard-phases + (add-before 'build 'pre-build + (lambda _ + ;; Don't change the ownership of any file at this time. + (substitute* '("daemons/Makefile" "utils/Makefile") + (("-o root -m 4755") "")) + #t))) + #:configure-flags (list (string-append "LDFLAGS=-Wl,-rpath=" + %output "/lib") + "--disable-ncursesw" + "--without-libbz2" + "--without-libz" + "--without-parted"))) + (build-system gnu-build-system) + (inputs `(("glibc-hurd-headers" ,glibc/hurd-headers))) + (native-inputs + `(("mig" ,mig) + ("perl" ,perl))) + (supported-systems %hurd-systems) + (home-page "https://www.gnu.org/software/hurd/hurd.html") + (synopsis "The kernel servers for the GNU operating system") + (description + "The Hurd is the kernel for the GNU system, a replacement and +augmentation of standard Unix kernels. It is a collection of protocols for +system interaction (file systems, networks, authentication), and servers +implementing them.") + (license gpl2+))) diff --git a/gnu/packages/patches/hurd-fix-eth-multiplexer-dependency.patch b/gnu/packages/patches/hurd-fix-eth-multiplexer-dependency.patch new file mode 100644 index 0000000000..5f0da3eab3 --- /dev/null +++ b/gnu/packages/patches/hurd-fix-eth-multiplexer-dependency.patch @@ -0,0 +1,26 @@ +From ef0399bad41e60cb30d5073129abeb206076394a Mon Sep 17 00:00:00 2001 +From: Manolis Ragkousis +Date: Sat, 8 Apr 2017 16:44:52 +0300 +Subject: [PATCH] eth-multiplexer: Fix iohelp missing dependency. + +* eth-multiplexer/Makefile (HURDLIBS): Add iohelp. +--- + eth-multiplexer/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/eth-multiplexer/Makefile b/eth-multiplexer/Makefile +index 07f909e7..cefa0abd 100644 +--- a/eth-multiplexer/Makefile ++++ b/eth-multiplexer/Makefile +@@ -26,7 +26,7 @@ MIGSFLAGS = -imacros $(srcdir)/mig-mutate.h + device-MIGSFLAGS="-DMACH_PAYLOAD_TO_PORT=ports_payload_get_name" + OBJS = $(SRCS:.c=.o) $(MIGSTUBS) + LCLHDRS = ethernet.h util.h vdev.h netfs_impl.h +-HURDLIBS = ports ihash fshelp shouldbeinlibc netfs bpf ++HURDLIBS = ports ihash iohelp fshelp shouldbeinlibc netfs bpf + LDLIBS = -lpthread + + CFLAGS += -I$(top_srcdir)/libbpf +-- +2.12.2 + -- cgit v1.2.3