diff options
Diffstat (limited to 'gnu/packages/patches')
33 files changed, 269 insertions, 3481 deletions
diff --git a/gnu/packages/patches/acl-fix-perl-regex.patch b/gnu/packages/patches/acl-fix-perl-regex.patch new file mode 100644 index 0000000000..f682abc058 --- /dev/null +++ b/gnu/packages/patches/acl-fix-perl-regex.patch @@ -0,0 +1,22 @@ +This can be removed with the next acl release + +--- + test/run | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/run b/test/run +index 2cf52e8..4627cd2 100755 +--- a/test/run ++++ b/test/run +@@ -70,7 +70,7 @@ for (;;) { + if (defined $line) { + # Substitute %VAR and %{VAR} with environment variables. + $line =~ s[%(\w+)][$ENV{$1}]eg; +- $line =~ s[%{(\w+)}][$ENV{$1}]eg; ++ $line =~ s[%\{(\w+)\}][$ENV{$1}]eg; + } + if (defined $line) { + if ($line =~ s/^\s*< ?//) { +-- +2.15.0 + diff --git a/gnu/packages/patches/automake-regexp-syntax.patch b/gnu/packages/patches/automake-regexp-syntax.patch deleted file mode 100644 index 2e965c8c50..0000000000 --- a/gnu/packages/patches/automake-regexp-syntax.patch +++ /dev/null @@ -1,34 +0,0 @@ -From <https://lists.gnu.org/archive/html/automake-patches/2015-07/msg00000.html>. -See also <http://bugs.gnu.org/22372>. - -From 34163794a58b5bd91c5d6bd9adf5437571c7a479 Mon Sep 17 00:00:00 2001 -From: Pavel Raiskup <praiskup@redhat.com> -Date: Tue, 7 Jul 2015 10:54:24 +0200 -Subject: [PATCH] bin/automake: escape '{' in regexp pattern - -Based on perlre(1) documentation: -.. in Perl v5.26, literal uses of a curly bracket will be required -to be escaped, say by preceding them with a backslash ("\{" ) or -enclosing them within square brackets ("[{]") .. - -References: -https://bugzilla.redhat.com/1239379 - -* bin/automake.in (substitute_ac_subst_variables): Escape the -occurrence of '{' character. ---- - bin/automake.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/bin/automake.in b/bin/automake.in -index 0c29184..c294ced 100644 ---- a/bin/automake.in -+++ b/bin/automake.in -@@ -3898,7 +3898,7 @@ sub substitute_ac_subst_variables_worker - sub substitute_ac_subst_variables - { - my ($text) = @_; -- $text =~ s/\${([^ \t=:+{}]+)}/substitute_ac_subst_variables_worker ($1)/ge; -+ $text =~ s/\$\{([^ \t=:+{}]+)}/substitute_ac_subst_variables_worker ($1)/ge; - return $text; - } diff --git a/gnu/packages/patches/automake-test-gzip-warning.patch b/gnu/packages/patches/automake-test-gzip-warning.patch deleted file mode 100644 index bcc9c207ae..0000000000 --- a/gnu/packages/patches/automake-test-gzip-warning.patch +++ /dev/null @@ -1,17 +0,0 @@ -Adjust test to ignore gzip 1.8+ warnings. - ---- automake-1.15/t/distcheck-no-prefix-or-srcdir-override.sh 2016-06-14 00:36:26.554218552 +0200 -+++ automake-1.15/t/distcheck-no-prefix-or-srcdir-override.sh 2016-06-14 00:37:52.903157770 +0200 -@@ -49,7 +49,11 @@ grep "cannot find sources.* in foobar" s - - ./configure - run_make -E -O distcheck --test ! -s stderr -+ -+# Gzip 1.8+ emits warnings like "gzip: warning: GZIP environment -+# variable is deprecated"; filter them out. -+test `grep -v '^gzip: warning' stderr | wc -l` -eq 0 -+ - # Sanity check: the flags have been actually seen. - $PERL -e 'undef $/; $_ = <>; s/ \\\n/ /g; print;' <stdout >t - grep '/configure .* --srcdir am-src' t || exit 99 diff --git a/gnu/packages/patches/avahi-localstatedir.patch b/gnu/packages/patches/avahi-localstatedir.patch index 76377d1057..a531e99b67 100644 --- a/gnu/packages/patches/avahi-localstatedir.patch +++ b/gnu/packages/patches/avahi-localstatedir.patch @@ -2,11 +2,11 @@ Don't "mkdir $(localstatedir)" since we can't do it (/var). --- avahi-0.6.27/avahi-daemon/Makefile.in 2010-07-13 05:06:35.000000000 +0200 +++ avahi-0.6.27/avahi-daemon/Makefile.in 2010-07-13 18:03:45.000000000 +0200 -@@ -1554,7 +1554,6 @@ xmllint: +@@ -1625,7 +1625,6 @@ done install-data-local: -- test -z "$(localstatedir)/run" || $(mkdir_p) "$(DESTDIR)$(localstatedir)/run" +- test -z "$(avahi_runtime_dir)" || $(MKDIR_P) "$(DESTDIR)$(avahi_runtime_dir)" update-systemd: curl http://cgit.freedesktop.org/systemd/plain/src/sd-daemon.c > sd-daemon.c diff --git a/gnu/packages/patches/coreutils-cut-huge-range-test.patch b/gnu/packages/patches/coreutils-cut-huge-range-test.patch deleted file mode 100644 index e3a0ef28eb..0000000000 --- a/gnu/packages/patches/coreutils-cut-huge-range-test.patch +++ /dev/null @@ -1,33 +0,0 @@ -This patch fixes 100% reproducible test failures on arm-linux-gnueabihf in our -the build environment chroot, as reported at <https://bugs.gnu.org/26253>, -and now on x86_64-linux-gnu as well. It is a variant of this upstream patch: - - commit f5422009389678680dba9ff4ecb7d33632ee3383 - Author: Ludovic Courtès <ludo@gnu.org> - Date: Mon Mar 27 20:34:39 2017 -0700 - - tests: avoid false ulimit failure on some systems - - * tests/misc/cut-huge-range.sh: On some systems returns_ may - use more memory, so incorporate that in the determination - of the ulimit value to use. Noticed on ARMv7 with bash-4.4.12, - and x86_64 with bash-4.2.37. - Fixes http://bugs.gnu.org/26253 - -... which appeared to be insufficient. - -diff --git a/tests/misc/cut-huge-range.sh b/tests/misc/cut-huge-range.sh -index 6b3c5b6ed..55b7b640e 100755 ---- a/tests/misc/cut-huge-range.sh -+++ b/tests/misc/cut-huge-range.sh -@@ -20,9 +20,9 @@ - print_ver_ cut - getlimits_ - --vm=$(get_min_ulimit_v_ cut -b1 /dev/null) \ -+vm=$(get_min_ulimit_v_ sh -c 'cut -b1 /dev/null') \ - || skip_ "this shell lacks ulimit support" - vm=$(($vm + 1000)) # avoid spurious failures - - # sed script to subtract one from the input. - # Each input line should consist of a positive decimal number. diff --git a/gnu/packages/patches/findutils-gnulib-multi-core.patch b/gnu/packages/patches/findutils-gnulib-multi-core.patch deleted file mode 100644 index 5a37f4f1f9..0000000000 --- a/gnu/packages/patches/findutils-gnulib-multi-core.patch +++ /dev/null @@ -1,294 +0,0 @@ -This patch fixes performance problems on multi-core machines -as reported at <https://bugs.gnu.org/26441>. - -See commit 480d374e596a0ee3fed168ab42cd84c313ad3c89 in Gnulib -by Bruno Haible <bruno@clisp.org>. - -diff --git a/tests/test-lock.c b/tests/test-lock.c -index a992f64..fb18dee 100644 ---- a/tests/test-lock.c -+++ b/tests/test-lock.c -@@ -1,5 +1,5 @@ - /* Test of locking in multithreaded situations. -- Copyright (C) 2005, 2008-2015 Free Software Foundation, Inc. -+ Copyright (C) 2005, 2008-2017 Free Software Foundation, Inc. - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by -@@ -50,6 +50,28 @@ - Uncomment this to see if the operating system has a fair scheduler. */ - #define EXPLICIT_YIELD 1 - -+/* Whether to use 'volatile' on some variables that communicate information -+ between threads. If set to 0, a semaphore or a lock is used to protect -+ these variables. If set to 1, 'volatile' is used; this is theoretically -+ equivalent but can lead to much slower execution (e.g. 30x slower total -+ run time on a 40-core machine), because 'volatile' does not imply any -+ synchronization/communication between different CPUs. */ -+#define USE_VOLATILE 0 -+ -+#if USE_POSIX_THREADS && HAVE_SEMAPHORE_H -+/* Whether to use a semaphore to communicate information between threads. -+ If set to 0, a lock is used. If set to 1, a semaphore is used. -+ Uncomment this to reduce the dependencies of this test. */ -+# define USE_SEMAPHORE 1 -+/* Mac OS X provides only named semaphores (sem_open); its facility for -+ unnamed semaphores (sem_init) does not work. */ -+# if defined __APPLE__ && defined __MACH__ -+# define USE_NAMED_SEMAPHORE 1 -+# else -+# define USE_UNNAMED_SEMAPHORE 1 -+# endif -+#endif -+ - /* Whether to print debugging messages. */ - #define ENABLE_DEBUGGING 0 - -@@ -90,6 +112,12 @@ - - #include "glthread/thread.h" - #include "glthread/yield.h" -+#if USE_SEMAPHORE -+# include <errno.h> -+# include <fcntl.h> -+# include <semaphore.h> -+# include <unistd.h> -+#endif - - #if ENABLE_DEBUGGING - # define dbgprintf printf -@@ -103,6 +131,132 @@ - # define yield() - #endif - -+#if USE_VOLATILE -+struct atomic_int { -+ volatile int value; -+}; -+static void -+init_atomic_int (struct atomic_int *ai) -+{ -+} -+static int -+get_atomic_int_value (struct atomic_int *ai) -+{ -+ return ai->value; -+} -+static void -+set_atomic_int_value (struct atomic_int *ai, int new_value) -+{ -+ ai->value = new_value; -+} -+#elif USE_SEMAPHORE -+/* This atomic_int implementation can only support the values 0 and 1. -+ It is initially 0 and can be set to 1 only once. */ -+# if USE_UNNAMED_SEMAPHORE -+struct atomic_int { -+ sem_t semaphore; -+}; -+#define atomic_int_semaphore(ai) (&(ai)->semaphore) -+static void -+init_atomic_int (struct atomic_int *ai) -+{ -+ sem_init (&ai->semaphore, 0, 0); -+} -+# endif -+# if USE_NAMED_SEMAPHORE -+struct atomic_int { -+ sem_t *semaphore; -+}; -+#define atomic_int_semaphore(ai) ((ai)->semaphore) -+static void -+init_atomic_int (struct atomic_int *ai) -+{ -+ sem_t *s; -+ unsigned int count; -+ for (count = 0; ; count++) -+ { -+ char name[80]; -+ /* Use getpid() in the name, so that different processes running at the -+ same time will not interfere. Use ai in the name, so that different -+ atomic_int in the same process will not interfere. Use a count in -+ the name, so that even in the (unlikely) case that a semaphore with -+ the specified name already exists, we can try a different name. */ -+ sprintf (name, "test-lock-%lu-%p-%u", -+ (unsigned long) getpid (), ai, count); -+ s = sem_open (name, O_CREAT | O_EXCL, 0600, 0); -+ if (s == SEM_FAILED) -+ { -+ if (errno == EEXIST) -+ /* Retry with a different name. */ -+ continue; -+ else -+ { -+ perror ("sem_open failed"); -+ abort (); -+ } -+ } -+ else -+ { -+ /* Try not to leave a semaphore hanging around on the file system -+ eternally, if we can avoid it. */ -+ sem_unlink (name); -+ break; -+ } -+ } -+ ai->semaphore = s; -+} -+# endif -+static int -+get_atomic_int_value (struct atomic_int *ai) -+{ -+ if (sem_trywait (atomic_int_semaphore (ai)) == 0) -+ { -+ if (sem_post (atomic_int_semaphore (ai))) -+ abort (); -+ return 1; -+ } -+ else if (errno == EAGAIN) -+ return 0; -+ else -+ abort (); -+} -+static void -+set_atomic_int_value (struct atomic_int *ai, int new_value) -+{ -+ if (new_value == 0) -+ /* It's already initialized with 0. */ -+ return; -+ /* To set the value 1: */ -+ if (sem_post (atomic_int_semaphore (ai))) -+ abort (); -+} -+#else -+struct atomic_int { -+ gl_lock_define (, lock) -+ int value; -+}; -+static void -+init_atomic_int (struct atomic_int *ai) -+{ -+ gl_lock_init (ai->lock); -+} -+static int -+get_atomic_int_value (struct atomic_int *ai) -+{ -+ gl_lock_lock (ai->lock); -+ int ret = ai->value; -+ gl_lock_unlock (ai->lock); -+ return ret; -+} -+static void -+set_atomic_int_value (struct atomic_int *ai, int new_value) -+{ -+ gl_lock_lock (ai->lock); -+ ai->value = new_value; -+ gl_lock_unlock (ai->lock); -+} -+#endif -+ - #define ACCOUNT_COUNT 4 - - static int account[ACCOUNT_COUNT]; -@@ -170,12 +324,12 @@ lock_mutator_thread (void *arg) - return NULL; - } - --static volatile int lock_checker_done; -+static struct atomic_int lock_checker_done; - - static void * - lock_checker_thread (void *arg) - { -- while (!lock_checker_done) -+ while (get_atomic_int_value (&lock_checker_done) == 0) - { - dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); - gl_lock_lock (my_lock); -@@ -200,7 +354,8 @@ test_lock (void) - /* Initialization. */ - for (i = 0; i < ACCOUNT_COUNT; i++) - account[i] = 1000; -- lock_checker_done = 0; -+ init_atomic_int (&lock_checker_done); -+ set_atomic_int_value (&lock_checker_done, 0); - - /* Spawn the threads. */ - checkerthread = gl_thread_create (lock_checker_thread, NULL); -@@ -210,7 +365,7 @@ test_lock (void) - /* Wait for the threads to terminate. */ - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (threads[i], NULL); -- lock_checker_done = 1; -+ set_atomic_int_value (&lock_checker_done, 1); - gl_thread_join (checkerthread, NULL); - check_accounts (); - } -@@ -254,12 +409,12 @@ rwlock_mutator_thread (void *arg) - return NULL; - } - --static volatile int rwlock_checker_done; -+static struct atomic_int rwlock_checker_done; - - static void * - rwlock_checker_thread (void *arg) - { -- while (!rwlock_checker_done) -+ while (get_atomic_int_value (&rwlock_checker_done) == 0) - { - dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ()); - gl_rwlock_rdlock (my_rwlock); -@@ -284,7 +439,8 @@ test_rwlock (void) - /* Initialization. */ - for (i = 0; i < ACCOUNT_COUNT; i++) - account[i] = 1000; -- rwlock_checker_done = 0; -+ init_atomic_int (&rwlock_checker_done); -+ set_atomic_int_value (&rwlock_checker_done, 0); - - /* Spawn the threads. */ - for (i = 0; i < THREAD_COUNT; i++) -@@ -295,7 +451,7 @@ test_rwlock (void) - /* Wait for the threads to terminate. */ - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (threads[i], NULL); -- rwlock_checker_done = 1; -+ set_atomic_int_value (&rwlock_checker_done, 1); - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (checkerthreads[i], NULL); - check_accounts (); -@@ -356,12 +512,12 @@ reclock_mutator_thread (void *arg) - return NULL; - } - --static volatile int reclock_checker_done; -+static struct atomic_int reclock_checker_done; - - static void * - reclock_checker_thread (void *arg) - { -- while (!reclock_checker_done) -+ while (get_atomic_int_value (&reclock_checker_done) == 0) - { - dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); - gl_recursive_lock_lock (my_reclock); -@@ -386,7 +542,8 @@ test_recursive_lock (void) - /* Initialization. */ - for (i = 0; i < ACCOUNT_COUNT; i++) - account[i] = 1000; -- reclock_checker_done = 0; -+ init_atomic_int (&reclock_checker_done); -+ set_atomic_int_value (&reclock_checker_done, 0); - - /* Spawn the threads. */ - checkerthread = gl_thread_create (reclock_checker_thread, NULL); -@@ -396,7 +553,7 @@ test_recursive_lock (void) - /* Wait for the threads to terminate. */ - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (threads[i], NULL); -- reclock_checker_done = 1; -+ set_atomic_int_value (&reclock_checker_done, 1); - gl_thread_join (checkerthread, NULL); - check_accounts (); - } diff --git a/gnu/packages/patches/gcc-asan-powerpc-missing-include.patch b/gnu/packages/patches/gcc-asan-powerpc-missing-include.patch deleted file mode 100644 index 74b10c4a44..0000000000 --- a/gnu/packages/patches/gcc-asan-powerpc-missing-include.patch +++ /dev/null @@ -1,20 +0,0 @@ -Add missing include that triggers a build failure on PowerPC: - - ../../../../gcc-5.4.0/libsanitizer/asan/asan_linux.cc: In function ‘bool __asan::AsanInterceptsSignal(int)’: - ../../../../gcc-5.4.0/libsanitizer/asan/asan_linux.cc:222:20: error: ‘SIGSEGV’ was not declared in this scope - return signum == SIGSEGV && common_flags()->handle_segv; - ^ -From <https://patchwork.ozlabs.org/patch/725596/>. - -diff --git a/libsanitizer/asan/asan_linux.cc b/libsanitizer/asan/asan_linux.cc -index c504168..59087b9 100644 ---- a/libsanitizer/asan/asan_linux.cc -+++ b/libsanitizer/asan/asan_linux.cc -@@ -29,6 +29,7 @@ - #include <dlfcn.h> - #include <fcntl.h> - #include <pthread.h> -+#include <signal.h> - #include <stdio.h> - #include <unistd.h> - #include <unwind.h> diff --git a/gnu/packages/patches/gcc-fix-texi2pod.patch b/gnu/packages/patches/gcc-fix-texi2pod.patch new file mode 100644 index 0000000000..28bd56a382 --- /dev/null +++ b/gnu/packages/patches/gcc-fix-texi2pod.patch @@ -0,0 +1,19 @@ +This patch was taken from the official GCC git repository. +X-Git-Url: https://gcc.gnu.org/git/?p=gcc.git;a=blobdiff_plain;f=contrib%2Ftexi2pod.pl;h=91bdbb5cea933d0381f2924ab94490fca31d5800;hp=eba1bcaa3cffa78b46030b219d04fe7d68367658;hb=67b56c905078d49d3e4028085e5cb1e1fb87a8aa;hpb=2f508a78310caab123e9794d3dcfe41f2769449b + +It fixes a defect in the contrib/texi2pod.pl script that prevented generating +manual pages. It was corrected in the GCC 6.X series. + +diff --git a/contrib/texi2pod.pl b/contrib/texi2pod.pl +index eba1bca..91bdbb5 100755 +--- a/contrib/texi2pod.pl ++++ b/contrib/texi2pod.pl +@@ -316,7 +316,7 @@ while(<$inf>) { + @columns = (); + for $column (split (/\s*\@tab\s*/, $1)) { + # @strong{...} is used a @headitem work-alike +- $column =~ s/^\@strong{(.*)}$/$1/; ++ $column =~ s/^\@strong\{(.*)\}$/$1/; + push @columns, $column; + } + $_ = "\n=item ".join (" : ", @columns)."\n"; diff --git a/gnu/packages/patches/gettext-gnulib-multi-core.patch b/gnu/packages/patches/gettext-gnulib-multi-core.patch deleted file mode 100644 index 5ccdbe4ca1..0000000000 --- a/gnu/packages/patches/gettext-gnulib-multi-core.patch +++ /dev/null @@ -1,178 +0,0 @@ -This patch fixes performance problems on multi-core machines -as reported at <https://bugs.gnu.org/26441>. - -See commit 480d374e596a0ee3fed168ab42cd84c313ad3c89 in Gnulib -by Bruno Haible <bruno@clisp.org>. - -diff --git a/gettext-tools/gnulib-tests/test-lock.c b/gettext-tools/gnulib-tests/test-lock.c -index cb734b4e6..aa6de2739 100644 ---- a/gettext-tools/gnulib-tests/test-lock.c -+++ b/gettext-tools/gnulib-tests/test-lock.c -@@ -50,6 +50,13 @@ - Uncomment this to see if the operating system has a fair scheduler. */ - #define EXPLICIT_YIELD 1 - -+/* Whether to use 'volatile' on some variables that communicate information -+ between threads. If set to 0, a lock is used to protect these variables. -+ If set to 1, 'volatile' is used; this is theoretically equivalent but can -+ lead to much slower execution (e.g. 30x slower total run time on a 40-core -+ machine. */ -+#define USE_VOLATILE 0 -+ - /* Whether to print debugging messages. */ - #define ENABLE_DEBUGGING 0 - -@@ -103,6 +110,51 @@ - # define yield() - #endif - -+#if USE_VOLATILE -+struct atomic_int { -+ volatile int value; -+}; -+static void -+init_atomic_int (struct atomic_int *ai) -+{ -+} -+static int -+get_atomic_int_value (struct atomic_int *ai) -+{ -+ return ai->value; -+} -+static void -+set_atomic_int_value (struct atomic_int *ai, int new_value) -+{ -+ ai->value = new_value; -+} -+#else -+struct atomic_int { -+ gl_lock_define (, lock) -+ int value; -+}; -+static void -+init_atomic_int (struct atomic_int *ai) -+{ -+ gl_lock_init (ai->lock); -+} -+static int -+get_atomic_int_value (struct atomic_int *ai) -+{ -+ gl_lock_lock (ai->lock); -+ int ret = ai->value; -+ gl_lock_unlock (ai->lock); -+ return ret; -+} -+static void -+set_atomic_int_value (struct atomic_int *ai, int new_value) -+{ -+ gl_lock_lock (ai->lock); -+ ai->value = new_value; -+ gl_lock_unlock (ai->lock); -+} -+#endif -+ - #define ACCOUNT_COUNT 4 - - static int account[ACCOUNT_COUNT]; -@@ -170,12 +222,12 @@ lock_mutator_thread (void *arg) - return NULL; - } - --static volatile int lock_checker_done; -+static struct atomic_int lock_checker_done; - - static void * - lock_checker_thread (void *arg) - { -- while (!lock_checker_done) -+ while (get_atomic_int_value (&lock_checker_done) == 0) - { - dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); - gl_lock_lock (my_lock); -@@ -200,7 +252,8 @@ test_lock (void) - /* Initialization. */ - for (i = 0; i < ACCOUNT_COUNT; i++) - account[i] = 1000; -- lock_checker_done = 0; -+ init_atomic_int (&lock_checker_done); -+ set_atomic_int_value (&lock_checker_done, 0); - - /* Spawn the threads. */ - checkerthread = gl_thread_create (lock_checker_thread, NULL); -@@ -210,7 +263,7 @@ test_lock (void) - /* Wait for the threads to terminate. */ - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (threads[i], NULL); -- lock_checker_done = 1; -+ set_atomic_int_value (&lock_checker_done, 1); - gl_thread_join (checkerthread, NULL); - check_accounts (); - } -@@ -254,12 +307,12 @@ rwlock_mutator_thread (void *arg) - return NULL; - } - --static volatile int rwlock_checker_done; -+static struct atomic_int rwlock_checker_done; - - static void * - rwlock_checker_thread (void *arg) - { -- while (!rwlock_checker_done) -+ while (get_atomic_int_value (&rwlock_checker_done) == 0) - { - dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ()); - gl_rwlock_rdlock (my_rwlock); -@@ -284,7 +337,8 @@ test_rwlock (void) - /* Initialization. */ - for (i = 0; i < ACCOUNT_COUNT; i++) - account[i] = 1000; -- rwlock_checker_done = 0; -+ init_atomic_int (&rwlock_checker_done); -+ set_atomic_int_value (&rwlock_checker_done, 0); - - /* Spawn the threads. */ - for (i = 0; i < THREAD_COUNT; i++) -@@ -295,7 +349,7 @@ test_rwlock (void) - /* Wait for the threads to terminate. */ - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (threads[i], NULL); -- rwlock_checker_done = 1; -+ set_atomic_int_value (&rwlock_checker_done, 1); - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (checkerthreads[i], NULL); - check_accounts (); -@@ -356,12 +410,12 @@ reclock_mutator_thread (void *arg) - return NULL; - } - --static volatile int reclock_checker_done; -+static struct atomic_int reclock_checker_done; - - static void * - reclock_checker_thread (void *arg) - { -- while (!reclock_checker_done) -+ while (get_atomic_int_value (&reclock_checker_done) == 0) - { - dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); - gl_recursive_lock_lock (my_reclock); -@@ -386,7 +440,8 @@ test_recursive_lock (void) - /* Initialization. */ - for (i = 0; i < ACCOUNT_COUNT; i++) - account[i] = 1000; -- reclock_checker_done = 0; -+ init_atomic_int (&reclock_checker_done); -+ set_atomic_int_value (&reclock_checker_done, 0); - - /* Spawn the threads. */ - checkerthread = gl_thread_create (reclock_checker_thread, NULL); -@@ -396,7 +451,7 @@ test_recursive_lock (void) - /* Wait for the threads to terminate. */ - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (threads[i], NULL); -- reclock_checker_done = 1; -+ set_atomic_int_value (&reclock_checker_done, 1); - gl_thread_join (checkerthread, NULL); - check_accounts (); - } diff --git a/gnu/packages/patches/gettext-multi-core.patch b/gnu/packages/patches/gettext-multi-core.patch deleted file mode 100644 index 31a378cfd0..0000000000 --- a/gnu/packages/patches/gettext-multi-core.patch +++ /dev/null @@ -1,185 +0,0 @@ -This patch fixes performance problems on multi-core machines -as reported at <https://bugs.gnu.org/26441>. - -See commit 1afbcb06fded2a427b761dd1615b1e48e1e853cc in Gettext -by Bruno Haible <bruno@clisp.org>. - -diff --git a/gettext-runtime/tests/test-lock.c b/gettext-runtime/tests/test-lock.c -index d279d1d60..51cec3d6b 100644 ---- a/gettext-runtime/tests/test-lock.c -+++ b/gettext-runtime/tests/test-lock.c -@@ -1,5 +1,5 @@ - /* Test of locking in multithreaded situations. -- Copyright (C) 2005, 2008-2016 Free Software Foundation, Inc. -+ Copyright (C) 2005, 2008-2017 Free Software Foundation, Inc. - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU Lesser General Public License as published by -@@ -50,6 +50,13 @@ - Uncomment this to see if the operating system has a fair scheduler. */ - #define EXPLICIT_YIELD 1 - -+/* Whether to use 'volatile' on some variables that communicate information -+ between threads. If set to 0, a lock is used to protect these variables. -+ If set to 1, 'volatile' is used; this is theoretically equivalent but can -+ lead to much slower execution (e.g. 30x slower total run time on a 40-core -+ machine. */ -+#define USE_VOLATILE 0 -+ - /* Whether to print debugging messages. */ - #define ENABLE_DEBUGGING 0 - -@@ -214,6 +221,51 @@ static inline void * gl_thread_self_pointer (void) - # define yield() - #endif - -+#if USE_VOLATILE -+struct atomic_int { -+ volatile int value; -+}; -+static void -+init_atomic_int (struct atomic_int *ai) -+{ -+} -+static int -+get_atomic_int_value (struct atomic_int *ai) -+{ -+ return ai->value; -+} -+static void -+set_atomic_int_value (struct atomic_int *ai, int new_value) -+{ -+ ai->value = new_value; -+} -+#else -+struct atomic_int { -+ gl_lock_define (, lock) -+ int value; -+}; -+static void -+init_atomic_int (struct atomic_int *ai) -+{ -+ gl_lock_init (ai->lock); -+} -+static int -+get_atomic_int_value (struct atomic_int *ai) -+{ -+ gl_lock_lock (ai->lock); -+ int ret = ai->value; -+ gl_lock_unlock (ai->lock); -+ return ret; -+} -+static void -+set_atomic_int_value (struct atomic_int *ai, int new_value) -+{ -+ gl_lock_lock (ai->lock); -+ ai->value = new_value; -+ gl_lock_unlock (ai->lock); -+} -+#endif -+ - #define ACCOUNT_COUNT 4 - - static int account[ACCOUNT_COUNT]; -@@ -281,12 +333,12 @@ lock_mutator_thread (void *arg) - return NULL; - } - --static volatile int lock_checker_done; -+static struct atomic_int lock_checker_done; - - static void * - lock_checker_thread (void *arg) - { -- while (!lock_checker_done) -+ while (get_atomic_int_value (&lock_checker_done) == 0) - { - dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); - gl_lock_lock (my_lock); -@@ -311,7 +363,8 @@ test_lock (void) - /* Initialization. */ - for (i = 0; i < ACCOUNT_COUNT; i++) - account[i] = 1000; -- lock_checker_done = 0; -+ init_atomic_int (&lock_checker_done); -+ set_atomic_int_value (&lock_checker_done, 0); - - /* Spawn the threads. */ - checkerthread = gl_thread_create (lock_checker_thread, NULL); -@@ -321,7 +374,7 @@ test_lock (void) - /* Wait for the threads to terminate. */ - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (threads[i], NULL); -- lock_checker_done = 1; -+ set_atomic_int_value (&lock_checker_done, 1); - gl_thread_join (checkerthread, NULL); - check_accounts (); - } -@@ -365,12 +418,12 @@ rwlock_mutator_thread (void *arg) - return NULL; - } - --static volatile int rwlock_checker_done; -+static struct atomic_int rwlock_checker_done; - - static void * - rwlock_checker_thread (void *arg) - { -- while (!rwlock_checker_done) -+ while (get_atomic_int_value (&rwlock_checker_done) == 0) - { - dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ()); - gl_rwlock_rdlock (my_rwlock); -@@ -395,7 +448,8 @@ test_rwlock (void) - /* Initialization. */ - for (i = 0; i < ACCOUNT_COUNT; i++) - account[i] = 1000; -- rwlock_checker_done = 0; -+ init_atomic_int (&rwlock_checker_done); -+ set_atomic_int_value (&rwlock_checker_done, 0); - - /* Spawn the threads. */ - for (i = 0; i < THREAD_COUNT; i++) -@@ -406,7 +460,7 @@ test_rwlock (void) - /* Wait for the threads to terminate. */ - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (threads[i], NULL); -- rwlock_checker_done = 1; -+ set_atomic_int_value (&rwlock_checker_done, 1); - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (checkerthreads[i], NULL); - check_accounts (); -@@ -467,12 +521,12 @@ reclock_mutator_thread (void *arg) - return NULL; - } - --static volatile int reclock_checker_done; -+static struct atomic_int reclock_checker_done; - - static void * - reclock_checker_thread (void *arg) - { -- while (!reclock_checker_done) -+ while (get_atomic_int_value (&reclock_checker_done) == 0) - { - dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); - gl_recursive_lock_lock (my_reclock); -@@ -497,7 +551,8 @@ test_recursive_lock (void) - /* Initialization. */ - for (i = 0; i < ACCOUNT_COUNT; i++) - account[i] = 1000; -- reclock_checker_done = 0; -+ init_atomic_int (&reclock_checker_done); -+ set_atomic_int_value (&reclock_checker_done, 0); - - /* Spawn the threads. */ - checkerthread = gl_thread_create (reclock_checker_thread, NULL); -@@ -507,7 +562,7 @@ test_recursive_lock (void) - /* Wait for the threads to terminate. */ - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (threads[i], NULL); -- reclock_checker_done = 1; -+ set_atomic_int_value (&reclock_checker_done, 1); - gl_thread_join (checkerthread, NULL); - check_accounts (); - } diff --git a/gnu/packages/patches/ghostscript-CVE-2017-8291.patch b/gnu/packages/patches/ghostscript-CVE-2017-8291.patch deleted file mode 100644 index d38bd593c0..0000000000 --- a/gnu/packages/patches/ghostscript-CVE-2017-8291.patch +++ /dev/null @@ -1,195 +0,0 @@ -Fix CVE-2017-8291: - -https://bugs.ghostscript.com/show_bug.cgi?id=697799 -https://bugs.ghostscript.com/show_bug.cgi?id=697808 (duplicate) -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8291 - -Patches copied from upstream source repository: - -https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3 -https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce174eed24edec7ad5b920eb93db4d47d -https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=57f20719e1cfaea77b67cb26e26de7fe4d7f9b2e -https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad - -From 4f83478c88c2e05d6e8d79ca4557eb039354d2f3 Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Thu, 27 Apr 2017 13:03:33 +0100 -Subject: [PATCH] Bug 697799: have .eqproc check its parameters - -The Ghostscript custom operator .eqproc was not check the number or type of -the parameters it was given. ---- - psi/zmisc3.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/psi/zmisc3.c b/psi/zmisc3.c -index 54b304246..37293ff4b 100644 ---- a/psi/zmisc3.c -+++ b/psi/zmisc3.c -@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p) - ref2_t stack[MAX_DEPTH + 1]; - ref2_t *top = stack; - -+ if (ref_stack_count(&o_stack) < 2) -+ return_error(gs_error_stackunderflow); -+ if (!r_is_array(op - 1) || !r_is_array(op)) { -+ return_error(gs_error_typecheck); -+ } -+ - make_array(&stack[0].proc1, 0, 1, op - 1); - make_array(&stack[0].proc2, 0, 1, op); - for (;;) { --- -2.13.0 - -From 04b37bbce174eed24edec7ad5b920eb93db4d47d Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Thu, 27 Apr 2017 13:21:31 +0100 -Subject: [PATCH] Bug 697799: have .rsdparams check its parameters - -The Ghostscript internal operator .rsdparams wasn't checking the number or -type of the operands it was being passed. Do so. ---- - psi/zfrsd.c | 22 +++++++++++++++------- - 1 file changed, 15 insertions(+), 7 deletions(-) - -diff --git a/psi/zfrsd.c b/psi/zfrsd.c -index 191107d8a..950588d69 100644 ---- a/psi/zfrsd.c -+++ b/psi/zfrsd.c -@@ -49,13 +49,20 @@ zrsdparams(i_ctx_t *i_ctx_p) - ref *pFilter; - ref *pDecodeParms; - int Intent = 0; -- bool AsyncRead; -+ bool AsyncRead = false; - ref empty_array, filter1_array, parms1_array; - uint i; -- int code; -+ int code = 0; -+ -+ if (ref_stack_count(&o_stack) < 1) -+ return_error(gs_error_stackunderflow); -+ if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) { -+ return_error(gs_error_typecheck); -+ } - - make_empty_array(&empty_array, a_readonly); -- if (dict_find_string(op, "Filter", &pFilter) > 0) { -+ if (r_has_type(op, t_dictionary) -+ && dict_find_string(op, "Filter", &pFilter) > 0) { - if (!r_is_array(pFilter)) { - if (!r_has_type(pFilter, t_name)) - return_error(gs_error_typecheck); -@@ -94,12 +101,13 @@ zrsdparams(i_ctx_t *i_ctx_p) - return_error(gs_error_typecheck); - } - } -- code = dict_int_param(op, "Intent", 0, 3, 0, &Intent); -+ if (r_has_type(op, t_dictionary)) -+ code = dict_int_param(op, "Intent", 0, 3, 0, &Intent); - if (code < 0 && code != gs_error_rangecheck) /* out-of-range int is ok, use 0 */ - return code; -- if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0 -- ) -- return code; -+ if (r_has_type(op, t_dictionary)) -+ if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0) -+ return code; - push(1); - op[-1] = *pFilter; - if (pDecodeParms) --- -2.13.0 - -From 57f20719e1cfaea77b67cb26e26de7fe4d7f9b2e Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Wed, 3 May 2017 12:05:45 +0100 -Subject: [PATCH] Bug 697846: revision to commit 4f83478c88 (.eqproc) - -When using the "DELAYBIND" feature, it turns out that .eqproc can be called with -parameters that are not both procedures. In this case, it turns out, the -expectation is for the operator to return 'false', rather than throw an error. ---- - psi/zmisc3.c | 15 +++++++++++++-- - 1 file changed, 13 insertions(+), 2 deletions(-) - -diff --git a/psi/zmisc3.c b/psi/zmisc3.c -index 37293ff4b..3f01d39a3 100644 ---- a/psi/zmisc3.c -+++ b/psi/zmisc3.c -@@ -38,6 +38,15 @@ zcliprestore(i_ctx_t *i_ctx_p) - return gs_cliprestore(igs); - } - -+static inline bool -+eqproc_check_type(ref *r) -+{ -+ return r_has_type(r, t_array) -+ || r_has_type(r, t_mixedarray) -+ || r_has_type(r, t_shortarray) -+ || r_has_type(r, t_oparray); -+} -+ - /* <proc1> <proc2> .eqproc <bool> */ - /* - * Test whether two procedures are equal to depth 10. -@@ -58,8 +67,10 @@ zeqproc(i_ctx_t *i_ctx_p) - - if (ref_stack_count(&o_stack) < 2) - return_error(gs_error_stackunderflow); -- if (!r_is_array(op - 1) || !r_is_array(op)) { -- return_error(gs_error_typecheck); -+ if (!eqproc_check_type(op -1) || !eqproc_check_type(op)) { -+ make_false(op - 1); -+ pop(1); -+ return 0; - } - - make_array(&stack[0].proc1, 0, 1, op - 1); --- -2.13.0 - -From ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Thu, 11 May 2017 14:07:48 +0100 -Subject: [PATCH] Bug 697892: fix check for op stack underflow. - -In the original fix, I used the wrong method to check for stack underflow, this -is using the correct method. ---- - psi/zfrsd.c | 3 +-- - psi/zmisc3.c | 3 +-- - 2 files changed, 2 insertions(+), 4 deletions(-) - -diff --git a/psi/zfrsd.c b/psi/zfrsd.c -index 950588d69..9c035b96d 100644 ---- a/psi/zfrsd.c -+++ b/psi/zfrsd.c -@@ -54,8 +54,7 @@ zrsdparams(i_ctx_t *i_ctx_p) - uint i; - int code = 0; - -- if (ref_stack_count(&o_stack) < 1) -- return_error(gs_error_stackunderflow); -+ check_op(1); - if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) { - return_error(gs_error_typecheck); - } -diff --git a/psi/zmisc3.c b/psi/zmisc3.c -index 3f01d39a3..43803b55b 100644 ---- a/psi/zmisc3.c -+++ b/psi/zmisc3.c -@@ -65,8 +65,7 @@ zeqproc(i_ctx_t *i_ctx_p) - ref2_t stack[MAX_DEPTH + 1]; - ref2_t *top = stack; - -- if (ref_stack_count(&o_stack) < 2) -- return_error(gs_error_stackunderflow); -+ check_op(2); - if (!eqproc_check_type(op -1) || !eqproc_check_type(op)) { - make_false(op - 1); - pop(1); --- -2.13.0 - diff --git a/gnu/packages/patches/glib-respect-datadir.patch b/gnu/packages/patches/glib-respect-datadir.patch new file mode 100644 index 0000000000..309ce9fc0b --- /dev/null +++ b/gnu/packages/patches/glib-respect-datadir.patch @@ -0,0 +1,21 @@ +On Guix, Python modules are in a different output from the executables, +so searching "../share/glib-2.0" will not work. + +This patch restores behaviour prior to this commit: +<https://git.gnome.org/browse/glib/commit/?id=fe2a9887a8ccb14f2386e01b14834e97a33bc2d7> + +--- a/gio/gdbus-2.0/codegen/gdbus-codegen.in ++++ b/gio/gdbus-2.0/codegen/gdbus-codegen.in +@@ -25,9 +25,12 @@ + + srcdir = os.getenv('UNINSTALLED_GLIB_SRCDIR', None) + filedir = os.path.dirname(__file__) ++datadir = os.path.join('@datadir@', 'glib-2.0') + + if srcdir is not None: + path = os.path.join(srcdir, 'gio', 'gdbus-2.0') ++elif os.path.exists(os.path.join(datadir, 'codegen')): ++ path = datadir + elif os.path.basename(filedir) == 'bin': + # Make the prefix containing gdbus-codegen 'relocatable' at runtime by + # adding /some/prefix/bin/../share/glib-2.0 to the python path diff --git a/gnu/packages/patches/grep-gnulib-lock.patch b/gnu/packages/patches/grep-gnulib-lock.patch deleted file mode 100644 index 68c33f1031..0000000000 --- a/gnu/packages/patches/grep-gnulib-lock.patch +++ /dev/null @@ -1,32 +0,0 @@ -This patch fix error on 'gnulib' library required to build -'grep' package on GNU/Hurd. -The patch was adapted from upstream source repository: -'<http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commit;h=4084b3a1094372b960ce4a97634e08f4538c8bdd>' - -Commit: 4084b3a1094372b960ce4a97634e08f4538c8bdd - -diff --git a/lib/glthread/lock.c b/lib/glthread/lock.c -index 061562b..afc86f4 100644 ---- a/lib/glthread/lock.c -+++ b/lib/glthread/lock.c -@@ -30,7 +30,7 @@ - - /* ------------------------- gl_rwlock_t datatype ------------------------- */ - --# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (__GNU_LIBRARY__ > 1)) -+# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (defined PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP && (__GNU_LIBRARY__ > 1))) - - # ifdef PTHREAD_RWLOCK_INITIALIZER - -diff --git a/lib/glthread/lock.h b/lib/glthread/lock.h -index ec16d39..67932aa 100644 ---- a/lib/glthread/lock.h -+++ b/lib/glthread/lock.h -@@ -179,7 +179,7 @@ typedef pthread_mutex_t gl_lock_t; - - /* ------------------------- gl_rwlock_t datatype ------------------------- */ - --# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (__GNU_LIBRARY__ > 1)) -+# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (defined PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP && (__GNU_LIBRARY__ > 1))) - - # ifdef PTHREAD_RWLOCK_INITIALIZER diff --git a/gnu/packages/patches/icu4c-CVE-2017-14952.patch b/gnu/packages/patches/icu4c-CVE-2017-14952.patch deleted file mode 100644 index 564f69d01d..0000000000 --- a/gnu/packages/patches/icu4c-CVE-2017-14952.patch +++ /dev/null @@ -1,18 +0,0 @@ -Fix CVE-2017-14952: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14952 - -Patch copied from upstream source repository: - -http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp#file0 - -Index: trunk/icu4c/source/i18n/zonemeta.cpp -=================================================================== ---- icu/source/i18n/zonemeta.cpp (revision 40283) -+++ icu/source/i18n/zonemeta.cpp (revision 40324) -@@ -691,5 +691,4 @@ - if (U_FAILURE(status)) { - delete mzMappings; -- deleteOlsonToMetaMappingEntry(entry); - uprv_free(entry); - break; diff --git a/gnu/packages/patches/icu4c-CVE-2017-7867-CVE-2017-7868.patch b/gnu/packages/patches/icu4c-CVE-2017-7867-CVE-2017-7868.patch deleted file mode 100644 index 4db8f27998..0000000000 --- a/gnu/packages/patches/icu4c-CVE-2017-7867-CVE-2017-7868.patch +++ /dev/null @@ -1,164 +0,0 @@ -Fix CVE-2017-7867 and CVE-2017-7868: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7867 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7868 - -Patch copied from upstream source repository: - -http://bugs.icu-project.org/trac/changeset/39671 - -Index: icu/source/common/utext.cpp -=================================================================== ---- icu/source/common/utext.cpp (revision 39670) -+++ icu/source/common/utext.cpp (revision 39671) -@@ -848,7 +848,13 @@ - - // Chunk size. --// Must be less than 85, because of byte mapping from UChar indexes to native indexes. --// Worst case is three native bytes to one UChar. (Supplemenaries are 4 native bytes --// to two UChars.) -+// Must be less than 42 (256/6), because of byte mapping from UChar indexes to native indexes. -+// Worst case there are six UTF-8 bytes per UChar. -+// obsolete 6 byte form fd + 5 trails maps to fffd -+// obsolete 5 byte form fc + 4 trails maps to fffd -+// non-shortest 4 byte forms maps to fffd -+// normal supplementaries map to a pair of utf-16, two utf8 bytes per utf-16 unit -+// mapToUChars array size must allow for the worst case, 6. -+// This could be brought down to 4, by treating fd and fc as pure illegal, -+// rather than obsolete lead bytes. But that is not compatible with the utf-8 access macros. - // - enum { UTF8_TEXT_CHUNK_SIZE=32 }; -@@ -890,5 +896,5 @@ - // one for a supplementary starting in the last normal position, - // and one for an entry for the buffer limit position. -- uint8_t mapToUChars[UTF8_TEXT_CHUNK_SIZE*3+6]; // Map native offset from bufNativeStart to -+ uint8_t mapToUChars[UTF8_TEXT_CHUNK_SIZE*6+6]; // Map native offset from bufNativeStart to - // correspoding offset in filled part of buf. - int32_t align; -@@ -1033,4 +1039,5 @@ - u8b = (UTF8Buf *)ut->p; // the current buffer - mapIndex = ix - u8b->toUCharsMapStart; -+ U_ASSERT(mapIndex < (int32_t)sizeof(UTF8Buf::mapToUChars)); - ut->chunkOffset = u8b->mapToUChars[mapIndex] - u8b->bufStartIdx; - return TRUE; -@@ -1299,4 +1306,8 @@ - // If index is at the end, there is no character there to look at. - if (ix != ut->b) { -+ // Note: this function will only move the index back if it is on a trail byte -+ // and there is a preceding lead byte and the sequence from the lead -+ // through this trail could be part of a valid UTF-8 sequence -+ // Otherwise the index remains unchanged. - U8_SET_CP_START(s8, 0, ix); - } -@@ -1312,5 +1323,8 @@ - uint8_t *mapToNative = u8b->mapToNative; - uint8_t *mapToUChars = u8b->mapToUChars; -- int32_t toUCharsMapStart = ix - (UTF8_TEXT_CHUNK_SIZE*3 + 1); -+ int32_t toUCharsMapStart = ix - sizeof(UTF8Buf::mapToUChars) + 1; -+ // Note that toUCharsMapStart can be negative. Happens when the remaining -+ // text from current position to the beginning is less than the buffer size. -+ // + 1 because mapToUChars must have a slot at the end for the bufNativeLimit entry. - int32_t destIx = UTF8_TEXT_CHUNK_SIZE+2; // Start in the overflow region - // at end of buffer to leave room -@@ -1339,4 +1353,5 @@ - // Special case ASCII range for speed. - buf[destIx] = (UChar)c; -+ U_ASSERT(toUCharsMapStart <= srcIx); - mapToUChars[srcIx - toUCharsMapStart] = (uint8_t)destIx; - mapToNative[destIx] = (uint8_t)(srcIx - toUCharsMapStart); -@@ -1368,4 +1383,5 @@ - mapToUChars[sIx-- - toUCharsMapStart] = (uint8_t)destIx; - } while (sIx >= srcIx); -+ U_ASSERT(toUCharsMapStart <= (srcIx+1)); - - // Set native indexing limit to be the current position. -@@ -1542,4 +1558,5 @@ - U_ASSERT(index<=ut->chunkNativeLimit); - int32_t mapIndex = index - u8b->toUCharsMapStart; -+ U_ASSERT(mapIndex < (int32_t)sizeof(UTF8Buf::mapToUChars)); - int32_t offset = u8b->mapToUChars[mapIndex] - u8b->bufStartIdx; - U_ASSERT(offset>=0 && offset<=ut->chunkLength); -Index: icu/source/test/intltest/utxttest.cpp -=================================================================== ---- icu/source/test/intltest/utxttest.cpp (revision 39670) -+++ icu/source/test/intltest/utxttest.cpp (revision 39671) -@@ -68,4 +68,6 @@ - case 7: name = "Ticket12130"; - if (exec) Ticket12130(); break; -+ case 8: name = "Ticket12888"; -+ if (exec) Ticket12888(); break; - default: name = ""; break; - } -@@ -1584,2 +1586,62 @@ - utext_close(&ut); - } -+ -+// Ticket 12888: bad handling of illegal utf-8 containing many instances of the archaic, now illegal, -+// six byte utf-8 forms. Original implementation had an assumption that -+// there would be at most three utf-8 bytes per UTF-16 code unit. -+// The five and six byte sequences map to a single replacement character. -+ -+void UTextTest::Ticket12888() { -+ const char *badString = -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"; -+ -+ UErrorCode status = U_ZERO_ERROR; -+ LocalUTextPointer ut(utext_openUTF8(NULL, badString, -1, &status)); -+ TEST_SUCCESS(status); -+ for (;;) { -+ UChar32 c = utext_next32(ut.getAlias()); -+ if (c == U_SENTINEL) { -+ break; -+ } -+ } -+ int32_t endIdx = utext_getNativeIndex(ut.getAlias()); -+ if (endIdx != (int32_t)strlen(badString)) { -+ errln("%s:%d expected=%d, actual=%d", __FILE__, __LINE__, strlen(badString), endIdx); -+ return; -+ } -+ -+ for (int32_t prevIndex = endIdx; prevIndex>0;) { -+ UChar32 c = utext_previous32(ut.getAlias()); -+ int32_t currentIndex = utext_getNativeIndex(ut.getAlias()); -+ if (c != 0xfffd) { -+ errln("%s:%d (expected, actual, index) = (%d, %d, %d)\n", -+ __FILE__, __LINE__, 0xfffd, c, currentIndex); -+ break; -+ } -+ if (currentIndex != prevIndex - 6) { -+ errln("%s:%d: wrong index. Expected, actual = %d, %d", -+ __FILE__, __LINE__, prevIndex - 6, currentIndex); -+ break; -+ } -+ prevIndex = currentIndex; -+ } -+} -Index: icu/source/test/intltest/utxttest.h -=================================================================== ---- icu/source/test/intltest/utxttest.h (revision 39670) -+++ icu/source/test/intltest/utxttest.h (revision 39671) -@@ -39,4 +39,5 @@ - void Ticket10983(); - void Ticket12130(); -+ void Ticket12888(); - - private: diff --git a/gnu/packages/patches/icu4c-reset-keyword-list-iterator.patch b/gnu/packages/patches/icu4c-reset-keyword-list-iterator.patch deleted file mode 100644 index 17970aa4a8..0000000000 --- a/gnu/packages/patches/icu4c-reset-keyword-list-iterator.patch +++ /dev/null @@ -1,130 +0,0 @@ -Copied from upstream: http://bugs.icu-project.org/trac/changeset/39484/. - -Fixes <http://bugs.gnu.org/26462> (crashes). - -Paths and line endings have been adapted. - -Index: icu/source/common/ulist.c -=================================================================== ---- icu/source/common/ulist.c (revision 39483) -+++ icu/source/common/ulist.c (revision 39484) -@@ -30,5 +30,4 @@ - - int32_t size; -- int32_t currentIndex; - }; - -@@ -52,5 +51,4 @@ - newList->tail = NULL; - newList->size = 0; -- newList->currentIndex = -1; - - return newList; -@@ -81,6 +79,7 @@ - p->next->previous = p->previous; - } -- list->curr = NULL; -- list->currentIndex = 0; -+ if (p == list->curr) { -+ list->curr = p->next; -+ } - --list->size; - if (p->forceDelete) { -@@ -151,5 +150,4 @@ - list->head->previous = newItem; - list->head = newItem; -- list->currentIndex++; - } - -@@ -194,5 +192,4 @@ - curr = list->curr; - list->curr = curr->next; -- list->currentIndex++; - - return curr->data; -@@ -210,5 +207,4 @@ - if (list != NULL) { - list->curr = list->head; -- list->currentIndex = 0; - } - } -@@ -273,3 +269,2 @@ - return (UList *)(en->context); - } -- -Index: icu/source/i18n/ucol_res.cpp -=================================================================== ---- icu/source/i18n/ucol_res.cpp (revision 39483) -+++ icu/source/i18n/ucol_res.cpp (revision 39484) -@@ -681,4 +681,5 @@ - } - memcpy(en, &defaultKeywordValues, sizeof(UEnumeration)); -+ ulist_resetList(sink.values); // Initialize the iterator. - en->context = sink.values; - sink.values = NULL; // Avoid deletion in the sink destructor. -Index: icu/source/test/intltest/apicoll.cpp -=================================================================== ---- icu/source/test/intltest/apicoll.cpp (revision 39483) -+++ icu/source/test/intltest/apicoll.cpp (revision 39484) -@@ -82,14 +82,7 @@ - col = Collator::createInstance(Locale::getEnglish(), success); - if (U_FAILURE(success)){ -- errcheckln(success, "Default Collator creation failed. - %s", u_errorName(success)); -- return; -- } -- -- StringEnumeration* kwEnum = col->getKeywordValuesForLocale("", Locale::getEnglish(),true,success); -- if (U_FAILURE(success)){ -- errcheckln(success, "Get Keyword Values for Locale failed. - %s", u_errorName(success)); -- return; -- } -- delete kwEnum; -+ errcheckln(success, "English Collator creation failed. - %s", u_errorName(success)); -+ return; -+ } - - col->getVersion(versionArray); -@@ -230,4 +223,27 @@ - delete aFrCol; - delete junk; -+} -+ -+void CollationAPITest::TestKeywordValues() { -+ IcuTestErrorCode errorCode(*this, "TestKeywordValues"); -+ LocalPointer<Collator> col(Collator::createInstance(Locale::getEnglish(), errorCode)); -+ if (errorCode.logIfFailureAndReset("English Collator creation failed")) { -+ return; -+ } -+ -+ LocalPointer<StringEnumeration> kwEnum( -+ col->getKeywordValuesForLocale("collation", Locale::getEnglish(), TRUE, errorCode)); -+ if (errorCode.logIfFailureAndReset("Get Keyword Values for English Collator failed")) { -+ return; -+ } -+ assertTrue("expect at least one collation tailoring for English", kwEnum->count(errorCode) > 0); -+ const char *kw; -+ UBool hasStandard = FALSE; -+ while ((kw = kwEnum->next(NULL, errorCode)) != NULL) { -+ if (strcmp(kw, "standard") == 0) { -+ hasStandard = TRUE; -+ } -+ } -+ assertTrue("expect at least the 'standard' collation tailoring for English", hasStandard); - } - -@@ -2467,4 +2483,5 @@ - TESTCASE_AUTO_BEGIN; - TESTCASE_AUTO(TestProperty); -+ TESTCASE_AUTO(TestKeywordValues); - TESTCASE_AUTO(TestOperators); - TESTCASE_AUTO(TestDuplicate); -Index: icu/source/test/intltest/apicoll.h -=================================================================== ---- icu/source/test/intltest/apicoll.h (revision 39483) -+++ icu/source/test/intltest/apicoll.h (revision 39484) -@@ -36,4 +36,5 @@ - */ - void TestProperty(/* char* par */); -+ void TestKeywordValues(); - - /** diff --git a/gnu/packages/patches/libunistring-gnulib-multi-core.patch b/gnu/packages/patches/libunistring-gnulib-multi-core.patch deleted file mode 100644 index 709b20c6d2..0000000000 --- a/gnu/packages/patches/libunistring-gnulib-multi-core.patch +++ /dev/null @@ -1,178 +0,0 @@ -This patch fixes performance problems on multi-core machines -as reported at <https://bugs.gnu.org/26441>. - -See commit 480d374e596a0ee3fed168ab42cd84c313ad3c89 in Gnulib -by Bruno Haible <bruno@clisp.org>. - -diff --git a/tests/test-lock.c b/tests/test-lock.c -index cb734b4e6..aa6de2739 100644 ---- a/tests/test-lock.c -+++ b/tests/test-lock.c -@@ -50,6 +50,13 @@ - Uncomment this to see if the operating system has a fair scheduler. */ - #define EXPLICIT_YIELD 1 - -+/* Whether to use 'volatile' on some variables that communicate information -+ between threads. If set to 0, a lock is used to protect these variables. -+ If set to 1, 'volatile' is used; this is theoretically equivalent but can -+ lead to much slower execution (e.g. 30x slower total run time on a 40-core -+ machine. */ -+#define USE_VOLATILE 0 -+ - /* Whether to print debugging messages. */ - #define ENABLE_DEBUGGING 0 - -@@ -103,6 +110,51 @@ - # define yield() - #endif - -+#if USE_VOLATILE -+struct atomic_int { -+ volatile int value; -+}; -+static void -+init_atomic_int (struct atomic_int *ai) -+{ -+} -+static int -+get_atomic_int_value (struct atomic_int *ai) -+{ -+ return ai->value; -+} -+static void -+set_atomic_int_value (struct atomic_int *ai, int new_value) -+{ -+ ai->value = new_value; -+} -+#else -+struct atomic_int { -+ gl_lock_define (, lock) -+ int value; -+}; -+static void -+init_atomic_int (struct atomic_int *ai) -+{ -+ gl_lock_init (ai->lock); -+} -+static int -+get_atomic_int_value (struct atomic_int *ai) -+{ -+ gl_lock_lock (ai->lock); -+ int ret = ai->value; -+ gl_lock_unlock (ai->lock); -+ return ret; -+} -+static void -+set_atomic_int_value (struct atomic_int *ai, int new_value) -+{ -+ gl_lock_lock (ai->lock); -+ ai->value = new_value; -+ gl_lock_unlock (ai->lock); -+} -+#endif -+ - #define ACCOUNT_COUNT 4 - - static int account[ACCOUNT_COUNT]; -@@ -170,12 +222,12 @@ lock_mutator_thread (void *arg) - return NULL; - } - --static volatile int lock_checker_done; -+static struct atomic_int lock_checker_done; - - static void * - lock_checker_thread (void *arg) - { -- while (!lock_checker_done) -+ while (get_atomic_int_value (&lock_checker_done) == 0) - { - dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); - gl_lock_lock (my_lock); -@@ -200,7 +252,8 @@ test_lock (void) - /* Initialization. */ - for (i = 0; i < ACCOUNT_COUNT; i++) - account[i] = 1000; -- lock_checker_done = 0; -+ init_atomic_int (&lock_checker_done); -+ set_atomic_int_value (&lock_checker_done, 0); - - /* Spawn the threads. */ - checkerthread = gl_thread_create (lock_checker_thread, NULL); -@@ -210,7 +263,7 @@ test_lock (void) - /* Wait for the threads to terminate. */ - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (threads[i], NULL); -- lock_checker_done = 1; -+ set_atomic_int_value (&lock_checker_done, 1); - gl_thread_join (checkerthread, NULL); - check_accounts (); - } -@@ -254,12 +307,12 @@ rwlock_mutator_thread (void *arg) - return NULL; - } - --static volatile int rwlock_checker_done; -+static struct atomic_int rwlock_checker_done; - - static void * - rwlock_checker_thread (void *arg) - { -- while (!rwlock_checker_done) -+ while (get_atomic_int_value (&rwlock_checker_done) == 0) - { - dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ()); - gl_rwlock_rdlock (my_rwlock); -@@ -284,7 +337,8 @@ test_rwlock (void) - /* Initialization. */ - for (i = 0; i < ACCOUNT_COUNT; i++) - account[i] = 1000; -- rwlock_checker_done = 0; -+ init_atomic_int (&rwlock_checker_done); -+ set_atomic_int_value (&rwlock_checker_done, 0); - - /* Spawn the threads. */ - for (i = 0; i < THREAD_COUNT; i++) -@@ -295,7 +349,7 @@ test_rwlock (void) - /* Wait for the threads to terminate. */ - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (threads[i], NULL); -- rwlock_checker_done = 1; -+ set_atomic_int_value (&rwlock_checker_done, 1); - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (checkerthreads[i], NULL); - check_accounts (); -@@ -356,12 +410,12 @@ reclock_mutator_thread (void *arg) - return NULL; - } - --static volatile int reclock_checker_done; -+static struct atomic_int reclock_checker_done; - - static void * - reclock_checker_thread (void *arg) - { -- while (!reclock_checker_done) -+ while (get_atomic_int_value (&reclock_checker_done) == 0) - { - dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); - gl_recursive_lock_lock (my_reclock); -@@ -386,7 +440,8 @@ test_recursive_lock (void) - /* Initialization. */ - for (i = 0; i < ACCOUNT_COUNT; i++) - account[i] = 1000; -- reclock_checker_done = 0; -+ init_atomic_int (&reclock_checker_done); -+ set_atomic_int_value (&reclock_checker_done, 0); - - /* Spawn the threads. */ - checkerthread = gl_thread_create (reclock_checker_thread, NULL); -@@ -396,7 +451,7 @@ test_recursive_lock (void) - /* Wait for the threads to terminate. */ - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (threads[i], NULL); -- reclock_checker_done = 1; -+ set_atomic_int_value (&reclock_checker_done, 1); - gl_thread_join (checkerthread, NULL); - check_accounts (); - } diff --git a/gnu/packages/patches/libxml2-CVE-2016-4658.patch b/gnu/packages/patches/libxml2-CVE-2016-4658.patch deleted file mode 100644 index a4e1f31fae..0000000000 --- a/gnu/packages/patches/libxml2-CVE-2016-4658.patch +++ /dev/null @@ -1,257 +0,0 @@ -Fix CVE-2016-4658: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658 - -Patch copied from upstream source repository: - -https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b - -From c1d1f7121194036608bf555f08d3062a36fd344b Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Tue, 28 Jun 2016 18:34:52 +0200 -Subject: [PATCH] Disallow namespace nodes in XPointer ranges - -Namespace nodes must be copied to avoid use-after-free errors. -But they don't necessarily have a physical representation in a -document, so simply disallow them in XPointer ranges. - -Found with afl-fuzz. - -Fixes CVE-2016-4658. ---- - xpointer.c | 149 +++++++++++++++++++++++-------------------------------------- - 1 file changed, 56 insertions(+), 93 deletions(-) - -diff --git a/xpointer.c b/xpointer.c -index a7b03fbd..694d120e 100644 ---- a/xpointer.c -+++ b/xpointer.c -@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) { - } - - /** -+ * xmlXPtrNewRangeInternal: -+ * @start: the starting node -+ * @startindex: the start index -+ * @end: the ending point -+ * @endindex: the ending index -+ * -+ * Internal function to create a new xmlXPathObjectPtr of type range -+ * -+ * Returns the newly created object. -+ */ -+static xmlXPathObjectPtr -+xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex, -+ xmlNodePtr end, int endindex) { -+ xmlXPathObjectPtr ret; -+ -+ /* -+ * Namespace nodes must be copied (see xmlXPathNodeSetDupNs). -+ * Disallow them for now. -+ */ -+ if ((start != NULL) && (start->type == XML_NAMESPACE_DECL)) -+ return(NULL); -+ if ((end != NULL) && (end->type == XML_NAMESPACE_DECL)) -+ return(NULL); -+ -+ ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -+ if (ret == NULL) { -+ xmlXPtrErrMemory("allocating range"); -+ return(NULL); -+ } -+ memset(ret, 0, sizeof(xmlXPathObject)); -+ ret->type = XPATH_RANGE; -+ ret->user = start; -+ ret->index = startindex; -+ ret->user2 = end; -+ ret->index2 = endindex; -+ return(ret); -+} -+ -+/** - * xmlXPtrNewRange: - * @start: the starting node - * @startindex: the start index -@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex, - if (endindex < 0) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = startindex; -- ret->user2 = end; -- ret->index2 = endindex; -+ ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) { - if (end->type != XPATH_POINT) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start->user; -- ret->index = start->index; -- ret->user2 = end->user; -- ret->index2 = end->index; -+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user, -+ end->index); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) { - if (start->type != XPATH_POINT) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start->user; -- ret->index = start->index; -- ret->user2 = end; -- ret->index2 = -1; -+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) { - if (end->type != XPATH_POINT) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = -1; -- ret->user2 = end->user; -- ret->index2 = end->index; -+ ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) { - if (end == NULL) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = -1; -- ret->user2 = end; -- ret->index2 = -1; -+ ret = xmlXPtrNewRangeInternal(start, -1, end, -1); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) { - if (start == NULL) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = -1; -- ret->user2 = NULL; -- ret->index2 = -1; -+ ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1); - return(ret); - } - -@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) { - */ - xmlXPathObjectPtr - xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { -+ xmlNodePtr endNode; -+ int endIndex; - xmlXPathObjectPtr ret; - - if (start == NULL) -@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { - return(NULL); - switch (end->type) { - case XPATH_POINT: -+ endNode = end->user; -+ endIndex = end->index; -+ break; - case XPATH_RANGE: -+ endNode = end->user2; -+ endIndex = end->index2; - break; - case XPATH_NODESET: - /* -@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { - */ - if (end->nodesetval->nodeNr <= 0) - return(NULL); -+ endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1]; -+ endIndex = -1; - break; - default: - /* TODO */ - return(NULL); - } - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = -1; -- switch (end->type) { -- case XPATH_POINT: -- ret->user2 = end->user; -- ret->index2 = end->index; -- break; -- case XPATH_RANGE: -- ret->user2 = end->user2; -- ret->index2 = end->index2; -- break; -- case XPATH_NODESET: { -- ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1]; -- ret->index2 = -1; -- break; -- } -- default: -- STRANGE -- return(NULL); -- } -+ ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } --- -2.11.0 - diff --git a/gnu/packages/patches/libxml2-CVE-2016-5131.patch b/gnu/packages/patches/libxml2-CVE-2016-5131.patch deleted file mode 100644 index 38938c8e3e..0000000000 --- a/gnu/packages/patches/libxml2-CVE-2016-5131.patch +++ /dev/null @@ -1,218 +0,0 @@ -Fix CVE-2016-5131: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131 - -Patches copied from upstream source repository (the test suite fails -without the 2nd patch): - -https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e -https://git.gnome.org/browse/libxml2/commit/?id=a005199330b86dada19d162cae15ef9bdcb6baa8 - -From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Tue, 28 Jun 2016 14:22:23 +0200 -Subject: [PATCH] Fix XPointer paths beginning with range-to - -The old code would invoke the broken xmlXPtrRangeToFunction. range-to -isn't really a function but a special kind of location step. Remove -this function and always handle range-to in the XPath code. - -The old xmlXPtrRangeToFunction could also be abused to trigger a -use-after-free error with the potential for remote code execution. - -Found with afl-fuzz. - -Fixes CVE-2016-5131. ---- - result/XPath/xptr/vidbase | 13 ++++++++ - test/XPath/xptr/vidbase | 1 + - xpath.c | 7 ++++- - xpointer.c | 76 ++++------------------------------------------- - 4 files changed, 26 insertions(+), 71 deletions(-) - -diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase -index 8b9e92d6..f19193e7 100644 ---- a/result/XPath/xptr/vidbase -+++ b/result/XPath/xptr/vidbase -@@ -17,3 +17,16 @@ Object is a Location Set: - To node - ELEMENT p - -+ -+======================== -+Expression: xpointer(range-to(id('chapter2'))) -+Object is a Location Set: -+1 : Object is a range : -+ From node -+ / -+ To node -+ ELEMENT chapter -+ ATTRIBUTE id -+ TEXT -+ content=chapter2 -+ -diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase -index b1463830..884b1065 100644 ---- a/test/XPath/xptr/vidbase -+++ b/test/XPath/xptr/vidbase -@@ -1,2 +1,3 @@ - xpointer(id('chapter1')/p) - xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2])) -+xpointer(range-to(id('chapter2'))) -diff --git a/xpath.c b/xpath.c -index d992841e..5a01b1b3 100644 ---- a/xpath.c -+++ b/xpath.c -@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) { - lc = 1; - break; - } else if ((NXT(len) == '(')) { -- /* Note Type or Function */ -+ /* Node Type or Function */ - if (xmlXPathIsNodeType(name)) { - #ifdef DEBUG_STEP - xmlGenericError(xmlGenericErrorContext, - "PathExpr: Type search\n"); - #endif - lc = 1; -+#ifdef LIBXML_XPTR_ENABLED -+ } else if (ctxt->xptr && -+ xmlStrEqual(name, BAD_CAST "range-to")) { -+ lc = 1; -+#endif - } else { - #ifdef DEBUG_STEP - xmlGenericError(xmlGenericErrorContext, -diff --git a/xpointer.c b/xpointer.c -index 676c5105..d74174a3 100644 ---- a/xpointer.c -+++ b/xpointer.c -@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) { - ret->here = here; - ret->origin = origin; - -- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to", -- xmlXPtrRangeToFunction); - xmlXPathRegisterFunc(ret, (xmlChar *)"range", - xmlXPtrRangeFunction); - xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside", -@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) { - * @nargs: the number of args - * - * Implement the range-to() XPointer function -+ * -+ * Obsolete. range-to is not a real function but a special type of location -+ * step which is handled in xpath.c. - */ - void --xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) { -- xmlXPathObjectPtr range; -- const xmlChar *cur; -- xmlXPathObjectPtr res, obj; -- xmlXPathObjectPtr tmp; -- xmlLocationSetPtr newset = NULL; -- xmlNodeSetPtr oldset; -- int i; -- -- if (ctxt == NULL) return; -- CHECK_ARITY(1); -- /* -- * Save the expression pointer since we will have to evaluate -- * it multiple times. Initialize the new set. -- */ -- CHECK_TYPE(XPATH_NODESET); -- obj = valuePop(ctxt); -- oldset = obj->nodesetval; -- ctxt->context->node = NULL; -- -- cur = ctxt->cur; -- newset = xmlXPtrLocationSetCreate(NULL); -- -- for (i = 0; i < oldset->nodeNr; i++) { -- ctxt->cur = cur; -- -- /* -- * Run the evaluation with a node list made of a single item -- * in the nodeset. -- */ -- ctxt->context->node = oldset->nodeTab[i]; -- tmp = xmlXPathNewNodeSet(ctxt->context->node); -- valuePush(ctxt, tmp); -- -- xmlXPathEvalExpr(ctxt); -- CHECK_ERROR; -- -- /* -- * The result of the evaluation need to be tested to -- * decided whether the filter succeeded or not -- */ -- res = valuePop(ctxt); -- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res); -- if (range != NULL) { -- xmlXPtrLocationSetAdd(newset, range); -- } -- -- /* -- * Cleanup -- */ -- if (res != NULL) -- xmlXPathFreeObject(res); -- if (ctxt->value == tmp) { -- res = valuePop(ctxt); -- xmlXPathFreeObject(res); -- } -- -- ctxt->context->node = NULL; -- } -- -- /* -- * The result is used as the new evaluation set. -- */ -- xmlXPathFreeObject(obj); -- ctxt->context->node = NULL; -- ctxt->context->contextSize = -1; -- ctxt->context->proximityPosition = -1; -- valuePush(ctxt, xmlXPtrWrapLocationSet(newset)); -+xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, -+ int nargs ATTRIBUTE_UNUSED) { -+ XP_ERROR(XPATH_EXPR_ERROR); - } - - /** --- -2.11.0 - -From a005199330b86dada19d162cae15ef9bdcb6baa8 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Tue, 28 Jun 2016 14:19:58 +0200 -Subject: [PATCH] Fix comparison with root node in xmlXPathCmpNodes - -This change has already been made in xmlXPathCmpNodesExt but not in -xmlXPathCmpNodes. ---- - xpath.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/xpath.c b/xpath.c -index 751665b8..d992841e 100644 ---- a/xpath.c -+++ b/xpath.c -@@ -3342,13 +3342,13 @@ xmlXPathCmpNodes(xmlNodePtr node1, xmlNodePtr node2) { - * compute depth to root - */ - for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) { -- if (cur == node1) -+ if (cur->parent == node1) - return(1); - depth2++; - } - root = cur; - for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) { -- if (cur == node2) -+ if (cur->parent == node2) - return(-1); - depth1++; - } --- -2.11.0 - diff --git a/gnu/packages/patches/libxml2-CVE-2017-0663.patch b/gnu/packages/patches/libxml2-CVE-2017-0663.patch deleted file mode 100644 index b0277a2d23..0000000000 --- a/gnu/packages/patches/libxml2-CVE-2017-0663.patch +++ /dev/null @@ -1,53 +0,0 @@ -Fix CVE-2017-0663: - -https://bugzilla.gnome.org/show_bug.cgi?id=780228 (not yet public) -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663 -https://security-tracker.debian.org/tracker/CVE-2017-0663 - -Patch copied from upstream source repository: - -https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66 - -From 92b9e8c8b3787068565a1820ba575d042f9eec66 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Tue, 6 Jun 2017 12:56:28 +0200 -Subject: [PATCH] Fix type confusion in xmlValidateOneNamespace - -Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types on -namespace declarations make no practical sense anyway. - -Fixes bug 780228. - -Found with libFuzzer and ASan. ---- - valid.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/valid.c b/valid.c -index 8075d3a0..c51ea290 100644 ---- a/valid.c -+++ b/valid.c -@@ -4627,6 +4627,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) { - } - } - -+ /* -+ * Casting ns to xmlAttrPtr is wrong. We'd need separate functions -+ * xmlAddID and xmlAddRef for namespace declarations, but it makes -+ * no practical sense to use ID types anyway. -+ */ -+#if 0 - /* Validity Constraint: ID uniqueness */ - if (attrDecl->atype == XML_ATTRIBUTE_ID) { - if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) -@@ -4638,6 +4644,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) { - if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) - ret = 0; - } -+#endif - - /* Validity Constraint: Notation Attributes */ - if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) { --- -2.14.1 - diff --git a/gnu/packages/patches/libxml2-CVE-2017-7375.patch b/gnu/packages/patches/libxml2-CVE-2017-7375.patch deleted file mode 100644 index 32af1ff6ba..0000000000 --- a/gnu/packages/patches/libxml2-CVE-2017-7375.patch +++ /dev/null @@ -1,45 +0,0 @@ -Fix CVE-2017-7375: - -https://bugzilla.gnome.org/show_bug.cgi?id=780691 (not yet public) -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375 -https://security-tracker.debian.org/tracker/CVE-2017-7375 - -Patch copied from upstream source repository: - -https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e - -From 90ccb58242866b0ba3edbef8fe44214a101c2b3e Mon Sep 17 00:00:00 2001 -From: Neel Mehta <nmehta@google.com> -Date: Fri, 7 Apr 2017 17:43:02 +0200 -Subject: [PATCH] Prevent unwanted external entity reference - -For https://bugzilla.gnome.org/show_bug.cgi?id=780691 - -* parser.c: add a specific check to avoid PE reference ---- - parser.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/parser.c b/parser.c -index 609a2703..c2c812de 100644 ---- a/parser.c -+++ b/parser.c -@@ -8123,6 +8123,15 @@ xmlParsePEReference(xmlParserCtxtPtr ctxt) - if (xmlPushInput(ctxt, input) < 0) - return; - } else { -+ if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) && -+ ((ctxt->options & XML_PARSE_NOENT) == 0) && -+ ((ctxt->options & XML_PARSE_DTDVALID) == 0) && -+ ((ctxt->options & XML_PARSE_DTDLOAD) == 0) && -+ ((ctxt->options & XML_PARSE_DTDATTR) == 0) && -+ (ctxt->replaceEntities == 0) && -+ (ctxt->validate == 0)) -+ return; -+ - /* - * TODO !!! - * handle the extra spaces added before and after --- -2.14.1 - diff --git a/gnu/packages/patches/libxml2-CVE-2017-7376.patch b/gnu/packages/patches/libxml2-CVE-2017-7376.patch deleted file mode 100644 index 5b9e45bd83..0000000000 --- a/gnu/packages/patches/libxml2-CVE-2017-7376.patch +++ /dev/null @@ -1,41 +0,0 @@ -Fix CVE-2017-7376: - -https://bugzilla.gnome.org/show_bug.cgi?id=780690 (not yet public) -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376 -https://security-tracker.debian.org/tracker/CVE-2017-7376 - -Patch copied from upstream source repository: - -https://git.gnome.org/browse/libxml2/commit/?id=5dca9eea1bd4263bfa4d037ab2443de1cd730f7e - -From 5dca9eea1bd4263bfa4d037ab2443de1cd730f7e Mon Sep 17 00:00:00 2001 -From: Daniel Veillard <veillard@redhat.com> -Date: Fri, 7 Apr 2017 17:13:28 +0200 -Subject: [PATCH] Increase buffer space for port in HTTP redirect support - -For https://bugzilla.gnome.org/show_bug.cgi?id=780690 - -nanohttp.c: the code wrongly assumed a short int port value. ---- - nanohttp.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/nanohttp.c b/nanohttp.c -index e109ad75..373425de 100644 ---- a/nanohttp.c -+++ b/nanohttp.c -@@ -1423,9 +1423,9 @@ retry: - if (ctxt->port != 80) { - /* reserve space for ':xxxxx', incl. potential proxy */ - if (proxy) -- blen += 12; -+ blen += 17; - else -- blen += 6; -+ blen += 11; - } - bp = (char*)xmlMallocAtomic(blen); - if ( bp == NULL ) { --- -2.14.1 - diff --git a/gnu/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch b/gnu/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch deleted file mode 100644 index 0a0e6d34cf..0000000000 --- a/gnu/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch +++ /dev/null @@ -1,130 +0,0 @@ -Fix CVE-2017-{9047,9048}: - -https://bugzilla.gnome.org/show_bug.cgi?id=781333 (not yet public) -https://bugzilla.gnome.org/show_bug.cgi?id=781701 (not yet public) -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048 -http://www.openwall.com/lists/oss-security/2017/05/15/1 -https://security-tracker.debian.org/tracker/CVE-2017-9047 -https://security-tracker.debian.org/tracker/CVE-2017-9048 - -Patch copied from upstream source repository: - -https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74 - -From 932cc9896ab41475d4aa429c27d9afd175959d74 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Sat, 3 Jun 2017 02:01:29 +0200 -Subject: [PATCH] Fix buffer size checks in xmlSnprintfElementContent -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -xmlSnprintfElementContent failed to correctly check the available -buffer space in two locations. - -Fixes bug 781333 (CVE-2017-9047) and bug 781701 (CVE-2017-9048). - -Thanks to Marcel Böhme and Thuan Pham for the report. ---- - result/valid/781333.xml | 5 +++++ - result/valid/781333.xml.err | 3 +++ - result/valid/781333.xml.err.rdr | 6 ++++++ - test/valid/781333.xml | 4 ++++ - valid.c | 20 +++++++++++--------- - 5 files changed, 29 insertions(+), 9 deletions(-) - create mode 100644 result/valid/781333.xml - create mode 100644 result/valid/781333.xml.err - create mode 100644 result/valid/781333.xml.err.rdr - create mode 100644 test/valid/781333.xml - -diff --git a/result/valid/781333.xml b/result/valid/781333.xml -new file mode 100644 -index 00000000..45dc451d ---- /dev/null -+++ b/result/valid/781333.xml -@@ -0,0 +1,5 @@ -+<?xml version="1.0"?> -+<!DOCTYPE a [ -+<!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll)> -+]> -+<a/> -diff --git a/result/valid/781333.xml.err b/result/valid/781333.xml.err -new file mode 100644 -index 00000000..b401b49a ---- /dev/null -+++ b/result/valid/781333.xml.err -@@ -0,0 +1,3 @@ -+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got -+<a/> -+ ^ -diff --git a/result/valid/781333.xml.err.rdr b/result/valid/781333.xml.err.rdr -new file mode 100644 -index 00000000..5ff56992 ---- /dev/null -+++ b/result/valid/781333.xml.err.rdr -@@ -0,0 +1,6 @@ -+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got -+<a/> -+ ^ -+./test/valid/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child -+ -+^ -diff --git a/test/valid/781333.xml b/test/valid/781333.xml -new file mode 100644 -index 00000000..b29e5a68 ---- /dev/null -+++ b/test/valid/781333.xml -@@ -0,0 +1,4 @@ -+<!DOCTYPE a [ -+ <!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll)> -+]> -+<a/> -diff --git a/valid.c b/valid.c -index 19f84b82..9b2df56a 100644 ---- a/valid.c -+++ b/valid.c -@@ -1262,22 +1262,23 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int - case XML_ELEMENT_CONTENT_PCDATA: - strcat(buf, "#PCDATA"); - break; -- case XML_ELEMENT_CONTENT_ELEMENT: -+ case XML_ELEMENT_CONTENT_ELEMENT: { -+ int qnameLen = xmlStrlen(content->name); -+ -+ if (content->prefix != NULL) -+ qnameLen += xmlStrlen(content->prefix) + 1; -+ if (size - len < qnameLen + 10) { -+ strcat(buf, " ..."); -+ return; -+ } - if (content->prefix != NULL) { -- if (size - len < xmlStrlen(content->prefix) + 10) { -- strcat(buf, " ..."); -- return; -- } - strcat(buf, (char *) content->prefix); - strcat(buf, ":"); - } -- if (size - len < xmlStrlen(content->name) + 10) { -- strcat(buf, " ..."); -- return; -- } - if (content->name != NULL) - strcat(buf, (char *) content->name); - break; -+ } - case XML_ELEMENT_CONTENT_SEQ: - if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || - (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) -@@ -1319,6 +1320,7 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int - xmlSnprintfElementContent(buf, size, content->c2, 0); - break; - } -+ if (size - strlen(buf) <= 2) return; - if (englob) - strcat(buf, ")"); - switch (content->ocur) { --- -2.14.1 - diff --git a/gnu/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch b/gnu/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch deleted file mode 100644 index 890e9c2284..0000000000 --- a/gnu/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch +++ /dev/null @@ -1,319 +0,0 @@ -Fix CVE-2017-{9049,9050}: - -https://bugzilla.gnome.org/show_bug.cgi?id=781205 (not yet public) -https://bugzilla.gnome.org/show_bug.cgi?id=781361 (not yet public) -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050 -http://www.openwall.com/lists/oss-security/2017/05/15/1 -https://security-tracker.debian.org/tracker/CVE-2017-9049 -https://security-tracker.debian.org/tracker/CVE-2017-9050 - -Patch copied from upstream source repository: - -https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3 - -Changes to 'runtest.c' are removed since they introduce test failure -when applying to libxml2 2.9.4 release tarball. - -From e26630548e7d138d2c560844c43820b6767251e3 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Mon, 5 Jun 2017 15:37:17 +0200 -Subject: [PATCH] Fix handling of parameter-entity references -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -There were two bugs where parameter-entity references could lead to an -unexpected change of the input buffer in xmlParseNameComplex and -xmlDictLookup being called with an invalid pointer. - -Percent sign in DTD Names -========================= - -The NEXTL macro used to call xmlParserHandlePEReference. When parsing -"complex" names inside the DTD, this could result in entity expansion -which created a new input buffer. The fix is to simply remove the call -to xmlParserHandlePEReference from the NEXTL macro. This is safe because -no users of the macro require expansion of parameter entities. - -- xmlParseNameComplex -- xmlParseNCNameComplex -- xmlParseNmtoken - -The percent sign is not allowed in names, which are grammatical tokens. - -- xmlParseEntityValue - -Parameter-entity references in entity values are expanded but this -happens in a separate step in this function. - -- xmlParseSystemLiteral - -Parameter-entity references are ignored in the system literal. - -- xmlParseAttValueComplex -- xmlParseCharDataComplex -- xmlParseCommentComplex -- xmlParsePI -- xmlParseCDSect - -Parameter-entity references are ignored outside the DTD. - -- xmlLoadEntityContent - -This function is only called from xmlStringLenDecodeEntities and -entities are replaced in a separate step immediately after the function -call. - -This bug could also be triggered with an internal subset and double -entity expansion. - -This fixes bug 766956 initially reported by Wei Lei and independently by -Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone -involved. - -xmlParseNameComplex with XML_PARSE_OLD10 -======================================== - -When parsing Names inside an expanded parameter entity with the -XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the -GROW macro if the input buffer was exhausted. At the end of the -parameter entity's replacement text, this function would then call -xmlPopInput which invalidated the input buffer. - -There should be no need to invoke GROW in this situation because the -buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and, -at least for UTF-8, in xmlCurrentChar. This also matches the code path -executed when XML_PARSE_OLD10 is not set. - -This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050). -Thanks to Marcel Böhme and Thuan Pham for the report. - -Additional hardening -==================== - -A separate check was added in xmlParseNameComplex to validate the -buffer size. ---- - Makefile.am | 18 ++++++++++++++++++ - parser.c | 18 ++++++++++-------- - result/errors10/781205.xml | 0 - result/errors10/781205.xml.err | 21 +++++++++++++++++++++ - result/errors10/781361.xml | 0 - result/errors10/781361.xml.err | 13 +++++++++++++ - result/valid/766956.xml | 0 - result/valid/766956.xml.err | 9 +++++++++ - result/valid/766956.xml.err.rdr | 10 ++++++++++ - runtest.c | 3 +++ - test/errors10/781205.xml | 3 +++ - test/errors10/781361.xml | 3 +++ - test/valid/766956.xml | 2 ++ - test/valid/dtds/766956.dtd | 2 ++ - 14 files changed, 94 insertions(+), 8 deletions(-) - create mode 100644 result/errors10/781205.xml - create mode 100644 result/errors10/781205.xml.err - create mode 100644 result/errors10/781361.xml - create mode 100644 result/errors10/781361.xml.err - create mode 100644 result/valid/766956.xml - create mode 100644 result/valid/766956.xml.err - create mode 100644 result/valid/766956.xml.err.rdr - create mode 100644 test/errors10/781205.xml - create mode 100644 test/errors10/781361.xml - create mode 100644 test/valid/766956.xml - create mode 100644 test/valid/dtds/766956.dtd - -diff --git a/Makefile.am b/Makefile.am -index 6fc8ffa9..10e716a5 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -427,6 +427,24 @@ Errtests : xmllint$(EXEEXT) - if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \ - rm result.$$name error.$$name ; \ - fi ; fi ; done) -+ @echo "## Error cases regression tests (old 1.0)" -+ -@(for i in $(srcdir)/test/errors10/*.xml ; do \ -+ name=`basename $$i`; \ -+ if [ ! -d $$i ] ; then \ -+ if [ ! -f $(srcdir)/result/errors10/$$name ] ; then \ -+ echo New test file $$name ; \ -+ $(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i \ -+ 2> $(srcdir)/result/errors10/$$name.err \ -+ > $(srcdir)/result/errors10/$$name ; \ -+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \ -+ else \ -+ log=`$(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i 2> error.$$name > result.$$name ; \ -+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \ -+ diff $(srcdir)/result/errors10/$$name result.$$name ; \ -+ diff $(srcdir)/result/errors10/$$name.err error.$$name` ; \ -+ if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \ -+ rm result.$$name error.$$name ; \ -+ fi ; fi ; done) - @echo "## Error cases stream regression tests" - -@(for i in $(srcdir)/test/errors/*.xml ; do \ - name=`basename $$i`; \ -diff --git a/parser.c b/parser.c -index df2efa55..a175ac4e 100644 ---- a/parser.c -+++ b/parser.c -@@ -2121,7 +2121,6 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) { - ctxt->input->line++; ctxt->input->col = 1; \ - } else ctxt->input->col++; \ - ctxt->input->cur += l; \ -- if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt); \ - } while (0) - - #define CUR_CHAR(l) xmlCurrentChar(ctxt, &l) -@@ -3412,13 +3411,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { - len += l; - NEXTL(l); - c = CUR_CHAR(l); -- if (c == 0) { -- count = 0; -- GROW; -- if (ctxt->instate == XML_PARSER_EOF) -- return(NULL); -- c = CUR_CHAR(l); -- } - } - } - if ((len > XML_MAX_NAME_LENGTH) && -@@ -3426,6 +3418,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { - xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name"); - return(NULL); - } -+ if (ctxt->input->cur - ctxt->input->base < len) { -+ /* -+ * There were a couple of bugs where PERefs lead to to a change -+ * of the buffer. Check the buffer size to avoid passing an invalid -+ * pointer to xmlDictLookup. -+ */ -+ xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR, -+ "unexpected change of input buffer"); -+ return (NULL); -+ } - if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r')) - return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len)); - return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len)); -diff --git a/result/errors10/781205.xml b/result/errors10/781205.xml -new file mode 100644 -index 00000000..e69de29b -diff --git a/result/errors10/781205.xml.err b/result/errors10/781205.xml.err -new file mode 100644 -index 00000000..da15c3f7 ---- /dev/null -+++ b/result/errors10/781205.xml.err -@@ -0,0 +1,21 @@ -+Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration -+ -+ %a; -+ ^ -+Entity: line 1: -+<:0000 -+^ -+Entity: line 1: parser error : DOCTYPE improperly terminated -+ %a; -+ ^ -+Entity: line 1: -+<:0000 -+^ -+namespace error : Failed to parse QName ':0000' -+ %a; -+ ^ -+<:0000 -+ ^ -+./test/errors10/781205.xml:4: parser error : Couldn't find end of Start Tag :0000 line 1 -+ -+^ -diff --git a/result/errors10/781361.xml b/result/errors10/781361.xml -new file mode 100644 -index 00000000..e69de29b -diff --git a/result/errors10/781361.xml.err b/result/errors10/781361.xml.err -new file mode 100644 -index 00000000..655f41a2 ---- /dev/null -+++ b/result/errors10/781361.xml.err -@@ -0,0 +1,13 @@ -+./test/errors10/781361.xml:4: parser error : xmlParseElementDecl: 'EMPTY', 'ANY' or '(' expected -+ -+^ -+./test/errors10/781361.xml:4: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration -+ -+ -+^ -+./test/errors10/781361.xml:4: parser error : DOCTYPE improperly terminated -+ -+^ -+./test/errors10/781361.xml:4: parser error : Start tag expected, '<' not found -+ -+^ -diff --git a/result/valid/766956.xml b/result/valid/766956.xml -new file mode 100644 -index 00000000..e69de29b -diff --git a/result/valid/766956.xml.err b/result/valid/766956.xml.err -new file mode 100644 -index 00000000..34b1dae6 ---- /dev/null -+++ b/result/valid/766956.xml.err -@@ -0,0 +1,9 @@ -+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';' -+%ä%ent; -+ ^ -+Entity: line 1: parser error : Content error in the external subset -+ %ent; -+ ^ -+Entity: line 1: -+value -+^ -diff --git a/result/valid/766956.xml.err.rdr b/result/valid/766956.xml.err.rdr -new file mode 100644 -index 00000000..77603462 ---- /dev/null -+++ b/result/valid/766956.xml.err.rdr -@@ -0,0 +1,10 @@ -+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';' -+%ä%ent; -+ ^ -+Entity: line 1: parser error : Content error in the external subset -+ %ent; -+ ^ -+Entity: line 1: -+value -+^ -+./test/valid/766956.xml : failed to parse -diff --git a/test/errors10/781205.xml b/test/errors10/781205.xml -new file mode 100644 -index 00000000..d9e9e839 ---- /dev/null -+++ b/test/errors10/781205.xml -@@ -0,0 +1,3 @@ -+<!DOCTYPE D [ -+ <!ENTITY % a "<:0000"> -+ %a; -diff --git a/test/errors10/781361.xml b/test/errors10/781361.xml -new file mode 100644 -index 00000000..67476bcb ---- /dev/null -+++ b/test/errors10/781361.xml -@@ -0,0 +1,3 @@ -+<!DOCTYPE doc [ -+ <!ENTITY % elem "<!ELEMENT e0000000000"> -+ %elem; -diff --git a/test/valid/766956.xml b/test/valid/766956.xml -new file mode 100644 -index 00000000..19a95a0e ---- /dev/null -+++ b/test/valid/766956.xml -@@ -0,0 +1,2 @@ -+<!DOCTYPE test SYSTEM "dtds/766956.dtd"> -+<test/> -diff --git a/test/valid/dtds/766956.dtd b/test/valid/dtds/766956.dtd -new file mode 100644 -index 00000000..dddde68b ---- /dev/null -+++ b/test/valid/dtds/766956.dtd -@@ -0,0 +1,2 @@ -+<!ENTITY % ent "value"> -+%ä%ent; --- -2.14.1 - diff --git a/gnu/packages/patches/libxslt-CVE-2016-4738.patch b/gnu/packages/patches/libxslt-CVE-2016-4738.patch deleted file mode 100644 index a7537c66ca..0000000000 --- a/gnu/packages/patches/libxslt-CVE-2016-4738.patch +++ /dev/null @@ -1,39 +0,0 @@ -Fix CVE-2016-4738: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4738 -https://bugs.chromium.org/p/chromium/issues/detail?id=619006 - -Patch copied from upstream source repository: -https://git.gnome.org/browse/libxslt/commit/?id=eb1030de31165b68487f288308f9d1810fed6880 - -From eb1030de31165b68487f288308f9d1810fed6880 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Fri, 10 Jun 2016 14:23:58 +0200 -Subject: [PATCH] Fix heap overread in xsltFormatNumberConversion - -An empty decimal-separator could cause a heap overread. This can be -exploited to leak a couple of bytes after the buffer that holds the -pattern string. - -Found with afl-fuzz and ASan. ---- - libxslt/numbers.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/libxslt/numbers.c b/libxslt/numbers.c -index d1549b4..e78c46b 100644 ---- a/libxslt/numbers.c -+++ b/libxslt/numbers.c -@@ -1090,7 +1090,8 @@ xsltFormatNumberConversion(xsltDecimalFormatPtr self, - } - - /* We have finished the integer part, now work on fraction */ -- if (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) { -+ if ( (*the_format != 0) && -+ (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) ) { - format_info.add_decimal = TRUE; - the_format += xsltUTF8Size(the_format); /* Skip over the decimal */ - } --- -2.10.2 - diff --git a/gnu/packages/patches/pcre-CVE-2017-7186.patch b/gnu/packages/patches/pcre-CVE-2017-7186.patch deleted file mode 100644 index d23aa10374..0000000000 --- a/gnu/packages/patches/pcre-CVE-2017-7186.patch +++ /dev/null @@ -1,56 +0,0 @@ -Patch for <https://nvd.nist.gov/vuln/detail?vulnId=CVE-2017-7186> -from <https://vcs.pcre.org/pcre?view=revision&revision=1688>. - ---- trunk/pcre_internal.h 2016/05/21 13:34:44 1649 -+++ trunk/pcre_internal.h 2017/02/24 17:30:30 1688 -@@ -2772,6 +2772,9 @@ - extern const pcre_uint16 PRIV(ucd_stage2)[]; - extern const pcre_uint32 PRIV(ucp_gentype)[]; - extern const pcre_uint32 PRIV(ucp_gbtable)[]; -+#ifdef COMPILE_PCRE32 -+extern const ucd_record PRIV(dummy_ucd_record)[]; -+#endif - #ifdef SUPPORT_JIT - extern const int PRIV(ucp_typerange)[]; - #endif -@@ -2780,9 +2783,15 @@ - /* UCD access macros */ - - #define UCD_BLOCK_SIZE 128 --#define GET_UCD(ch) (PRIV(ucd_records) + \ -+#define REAL_GET_UCD(ch) (PRIV(ucd_records) + \ - PRIV(ucd_stage2)[PRIV(ucd_stage1)[(int)(ch) / UCD_BLOCK_SIZE] * \ - UCD_BLOCK_SIZE + (int)(ch) % UCD_BLOCK_SIZE]) -+ -+#ifdef COMPILE_PCRE32 -+#define GET_UCD(ch) ((ch > 0x10ffff)? PRIV(dummy_ucd_record) : REAL_GET_UCD(ch)) -+#else -+#define GET_UCD(ch) REAL_GET_UCD(ch) -+#endif - - #define UCD_CHARTYPE(ch) GET_UCD(ch)->chartype - #define UCD_SCRIPT(ch) GET_UCD(ch)->script - ---- trunk/pcre_ucd.c 2014/06/19 07:51:39 1490 -+++ trunk/pcre_ucd.c 2017/02/24 17:30:30 1688 -@@ -38,6 +38,20 @@ - const pcre_uint32 PRIV(ucd_caseless_sets)[] = {0}; - #else - -+/* If the 32-bit library is run in non-32-bit mode, character values -+greater than 0x10ffff may be encountered. For these we set up a -+special record. */ -+ -+#ifdef COMPILE_PCRE32 -+const ucd_record PRIV(dummy_ucd_record)[] = {{ -+ ucp_Common, /* script */ -+ ucp_Cn, /* type unassigned */ -+ ucp_gbOther, /* grapheme break property */ -+ 0, /* case set */ -+ 0, /* other case */ -+ }}; -+#endif -+ - /* When recompiling tables with a new Unicode version, please check the - types in this structure definition from pcre_internal.h (the actual - field names will be different): diff --git a/gnu/packages/patches/python-2.7-adjust-tests.patch b/gnu/packages/patches/python-2.7-adjust-tests.patch new file mode 100644 index 0000000000..12fe6e2e1e --- /dev/null +++ b/gnu/packages/patches/python-2.7-adjust-tests.patch @@ -0,0 +1,22 @@ +SIGINT is ignored in the Guix build environment. + +--- a/Lib/test/test_regrtest.py ++++ b/Lib/test/test_regrtest.py +@@ -399,6 +399,8 @@ + output = self.run_tests('--fromfile', filename) + self.check_executed_tests(output, tests) + ++ @unittest.skipIf(True, ++ "KeyboardInterrupts do not work in the build environment") + def test_interrupted(self): + code = TEST_INTERRUPTED + test = self.create_test('sigint', code=code) +@@ -416,6 +418,8 @@ + % (self.TESTNAME_REGEX, len(tests))) + self.check_line(output, regex) + ++ @unittest.skipIf(True, ++ "KeyboardInterrupts do not work in the build environment") + def test_slow_interrupted(self): + # Issue #25373: test --slowest with an interrupted test + code = TEST_INTERRUPTED diff --git a/gnu/packages/patches/python-2.7-getentropy-on-old-kernels.patch b/gnu/packages/patches/python-2.7-getentropy-on-old-kernels.patch deleted file mode 100644 index 5a09b4ac52..0000000000 --- a/gnu/packages/patches/python-2.7-getentropy-on-old-kernels.patch +++ /dev/null @@ -1,54 +0,0 @@ -This patch resolves a compatibility issue when compiled against glibc -2.25 -and run runder kernels < 3.17: - -https://bugzilla.redhat.com/show_bug.cgi?id=1410175 - -Upstream bug URLs: - -https://bugs.python.org/issue29157 -https://bugs.python.org/issue29188 - -Patch adapted from upstream source repository: - -https://github.com/python/cpython/commit/01bdbad3e951014c58581635b94b22868537901c - -From 01bdbad3e951014c58581635b94b22868537901c Mon Sep 17 00:00:00 2001 -From: Victor Stinner <victor.stinner@gmail.com> -Date: Mon, 9 Jan 2017 11:10:41 +0100 -Subject: [PATCH] Don't use getentropy() on Linux - -Issue #29188: Support glibc 2.24 on Linux: don't use getentropy() function but -read from /dev/urandom to get random bytes, for example in os.urandom(). On -Linux, getentropy() is implemented which getrandom() is blocking mode, whereas -os.urandom() should not block. ---- - Misc/NEWS | 5 +++++ - Python/random.c | 11 +++++++++-- - 2 files changed, 14 insertions(+), 2 deletions(-) - -diff --git a/Python/random.c b/Python/random.c -index 57c41ffcd6..000cb36938 100644 ---- a/Python/random.c -+++ b/Python/random.c -@@ -97,8 +97,15 @@ win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise) - } - - /* Issue #25003: Don't use getentropy() on Solaris (available since -- * Solaris 11.3), it is blocking whereas os.urandom() should not block. */ --#elif defined(HAVE_GETENTROPY) && !defined(sun) -+ Solaris 11.3), it is blocking whereas os.urandom() should not block. -+ -+ Issue #29188: Don't use getentropy() on Linux since the glibc 2.24 -+ implements it with the getrandom() syscall which can fail with ENOSYS, -+ and this error is not supported in py_getentropy() and getrandom() is called -+ with flags=0 which blocks until system urandom is initialized, which is not -+ the desired behaviour to seed the Python hash secret nor for os.urandom(): -+ see the PEP 524 which was only implemented in Python 3.6. */ -+#elif defined(HAVE_GETENTROPY) && !defined(sun) && !defined(linux) - #define PY_GETENTROPY 1 - - /* Fill buffer with size pseudo-random bytes generated by getentropy(). --- -2.12.0 - diff --git a/gnu/packages/patches/python-3-fix-tests.patch b/gnu/packages/patches/python-3-fix-tests.patch new file mode 100644 index 0000000000..ab713c54dd --- /dev/null +++ b/gnu/packages/patches/python-3-fix-tests.patch @@ -0,0 +1,149 @@ +Additional test fixes which affect Python 3.5 (and presumably later) but not +prior revisions of Python. + +--- Lib/test/test_pathlib.py 2014-03-01 03:02:36.088311000 +0100 ++++ Lib/test/test_pathlib.py 2014-03-01 04:56:37.768311000 +0100 +@@ -2132,8 +2132,7 @@ + self.assertEqual(given, expect) + self.assertEqual(set(p.rglob("FILEd*")), set()) + +- @unittest.skipUnless(hasattr(pwd, 'getpwall'), +- 'pwd module does not expose getpwall()') ++ @unittest.skipIf(True, "Guix builder home is '/' which causes trouble for these tests") + def test_expanduser(self): + P = self.cls + support.import_module('pwd') +--- Lib/test/test_tarfile.py 2016-02-24 19:22:52.597208055 +0000 ++++ Lib/test/test_tarfile.py 2016-02-24 20:50:48.941950135 +0000 +@@ -2305,11 +2305,14 @@ + try: + import pwd, grp + except ImportError: + return False +- if pwd.getpwuid(0)[0] != 'root': +- return False +- if grp.getgrgid(0)[0] != 'root': ++ try: ++ if pwd.getpwuid(0)[0] != 'root': ++ return False ++ if grp.getgrgid(0)[0] != 'root': ++ return False ++ except KeyError: + return False + return True + + +--- Lib/test/test_asyncio/test_base_events.py ++++ Lib/test/test_asyncio/test_base_events.py +@@ -1216,6 +1216,8 @@ + self._test_create_connection_ip_addr(m_socket, False) + + @patch_socket ++ @unittest.skipUnless(support.is_resource_enabled('network'), ++ 'network is not enabled') + def test_create_connection_service_name(self, m_socket): + m_socket.getaddrinfo = socket.getaddrinfo + sock = m_socket.socket.return_value + +--- Lib/test/test_pdb.py.org 2017-03-12 03:09:01.991856701 +0100 ++++ Lib/test/test_pdb.py 2017-03-12 03:26:17.742572869 +0100 + +For some reason, KeyboardInterrupts do not work in the build +environment (lack of controlling TTY?). Just change the expected +outcome. Unfortunately, this will make it fail for users running +`python -m test test_pdb test_pdb` interactively. + +@@ -928,11 +928,11 @@ + > <doctest test.test_pdb.test_pdb_issue_20766[0]>(6)test_function() + -> print('pdb %d: %s' % (i, sess._previous_sigint_handler)) + (Pdb) continue +- pdb 1: <built-in function default_int_handler> ++ pdb 1: Handlers.SIG_IGN + > <doctest test.test_pdb.test_pdb_issue_20766[0]>(5)test_function() + -> sess.set_trace(sys._getframe()) + (Pdb) continue +- pdb 2: <built-in function default_int_handler> ++ pdb 2: Handlers.SIG_IGN + """ + + class PdbTestCase(unittest.TestCase): +--- Lib/test/test_socket.py ++++ Lib/test/test_socket.py +@@ -802,6 +802,8 @@ + if not fqhn in all_host_names: + self.fail("Error testing host resolution mechanisms. (fqdn: %s, all: %s)" % (fqhn, repr(all_host_names))) + ++ @unittest.skipUnless(support.is_resource_enabled('network'), ++ 'network is not enabled') + def test_host_resolution(self): + for addr in [support.HOST, '10.0.0.1', '255.255.255.255']: + self.assertEqual(socket.gethostbyname(addr), addr) +--- Lib/test/test_spwd.py ++++ Lib/test/test_spwd.py +@@ -5,8 +5,7 @@ + spwd = support.import_module('spwd') + + +-@unittest.skipUnless(hasattr(os, 'geteuid') and os.geteuid() == 0, +- 'root privileges required') ++@unittest.skipUnless(os.path.exists("/etc/shadow"), 'spwd tests require /etc/shadow') + class TestSpwdRoot(unittest.TestCase): + + def test_getspall(self): +@@ -56,8 +55,7 @@ + self.assertRaises(TypeError, spwd.getspnam, bytes_name) + + +-@unittest.skipUnless(hasattr(os, 'geteuid') and os.geteuid() != 0, +- 'non-root user required') ++@unittest.skipUnless(os.path.exists("/etc/shadow"), 'spwd tests require /etc/shadow') + class TestSpwdNonRoot(unittest.TestCase): + + def test_getspnam_exception(self): +--- Lib/test/test_regrtest.py ++++ Lib/test/test_regrtest.py +@@ -700,6 +700,7 @@ + output = self.run_tests('--fromfile', filename) + self.check_executed_tests(output, tests) + ++ @unittest.skipIf(True, 'Keyboard interrupts do not work in the Guix build environment.') + def test_interrupted(self): + code = TEST_INTERRUPTED + test = self.create_test('sigint', code=code) +@@ -717,6 +718,7 @@ + % (self.TESTNAME_REGEX, len(tests))) + self.check_line(output, regex) + ++ @unittest.skipIf(True, 'Keyboard interrupts do not work in the Guix build environment.') + def test_slow_interrupted(self): + # Issue #25373: test --slowest with an interrupted test + code = TEST_INTERRUPTED +--- Lib/test/test_generators.py ++++ Lib/test/test_generators.py +@@ -29,6 +29,7 @@ + else: + return "FAILED" + ++ @unittest.skipIf(True, 'Keyboard interrupts do not work in the Guix build environment') + def test_raise_and_yield_from(self): + gen = self.generator1() + gen.send(None) +--- Lib/test/test_normalization.py ++++ Lib/test/test_normalization.py +@@ -2,6 +2,7 @@ + import unittest + + from http.client import HTTPException ++from urllib.error import URLError + import sys + from unicodedata import normalize, unidata_version + +@@ -43,6 +44,8 @@ + except PermissionError: + self.skipTest(f"Permission error when downloading {TESTDATAURL} " + f"into the test data directory") ++ except URLError: ++ self.skipTest("DNS lookups are not enabled.") + except (OSError, HTTPException): + self.fail(f"Could not retrieve {TESTDATAURL}") + diff --git a/gnu/packages/patches/python-3.5-fix-tests.patch b/gnu/packages/patches/python-3.5-fix-tests.patch deleted file mode 100644 index 9778b88dbd..0000000000 --- a/gnu/packages/patches/python-3.5-fix-tests.patch +++ /dev/null @@ -1,69 +0,0 @@ -Additional test fixes which affect Python 3.5 (and presumably later) but not -prior revisions of Python. - ---- Lib/test/test_pathlib.py 2014-03-01 03:02:36.088311000 +0100 -+++ Lib/test/test_pathlib.py 2014-03-01 04:56:37.768311000 +0100 -@@ -1986,8 +1986,9 @@ - expect = set() if not support.fs_is_case_insensitive(BASE) else given - self.assertEqual(given, expect) - self.assertEqual(set(p.rglob("FILEd*")), set()) - -+ @unittest.skipIf(True, "Guix builder home is '/' which causes trouble for these tests") - def test_expanduser(self): - P = self.cls - support.import_module('pwd') - import pwd ---- Lib/test/test_tarfile.py 2016-02-24 19:22:52.597208055 +0000 -+++ Lib/test/test_tarfile.py 2016-02-24 20:50:48.941950135 +0000 -@@ -2305,11 +2305,14 @@ - try: - import pwd, grp - except ImportError: - return False -- if pwd.getpwuid(0)[0] != 'root': -- return False -- if grp.getgrgid(0)[0] != 'root': -+ try: -+ if pwd.getpwuid(0)[0] != 'root': -+ return False -+ if grp.getgrgid(0)[0] != 'root': -+ return False -+ except KeyError: - return False - return True - - ---- Lib/test/test_asyncio/test_base_events.py -+++ Lib/test/test_asyncio/test_base_events.py -@@ -1216,6 +1216,8 @@ - self._test_create_connection_ip_addr(m_socket, False) - - @patch_socket -+ @unittest.skipUnless(support.is_resource_enabled('network'), -+ 'network is not enabled') - def test_create_connection_service_name(self, m_socket): - m_socket.getaddrinfo = socket.getaddrinfo - sock = m_socket.socket.return_value - ---- Lib/test/test_pdb.py.org 2017-03-12 03:09:01.991856701 +0100 -+++ Lib/test/test_pdb.py 2017-03-12 03:26:17.742572869 +0100 - -For some reason, KeyboardInterrupts do not work in the build -environment (lack of controlling TTY?). Just change the expected -outcome. Unfortunately, this will make it fail for users running -`python -m test test_pdb test_pdb` interactively. - -@@ -928,11 +928,11 @@ - > <doctest test.test_pdb.test_pdb_issue_20766[0]>(6)test_function() - -> print('pdb %d: %s' % (i, sess._previous_sigint_handler)) - (Pdb) continue -- pdb 1: <built-in function default_int_handler> -+ pdb 1: Handlers.SIG_IGN - > <doctest test.test_pdb.test_pdb_issue_20766[0]>(5)test_function() - -> sess.set_trace(sys._getframe()) - (Pdb) continue -- pdb 2: <built-in function default_int_handler> -+ pdb 2: Handlers.SIG_IGN - """ - - class PdbTestCase(unittest.TestCase): diff --git a/gnu/packages/patches/python-3.5-getentropy-on-old-kernels.patch b/gnu/packages/patches/python-3.5-getentropy-on-old-kernels.patch deleted file mode 100644 index 8a12b5b448..0000000000 --- a/gnu/packages/patches/python-3.5-getentropy-on-old-kernels.patch +++ /dev/null @@ -1,720 +0,0 @@ -This patch resolves a compatibility issue when compiled against glibc 2.25 -and run runder kernels < 3.17: - -https://bugzilla.redhat.com/show_bug.cgi?id=1410175 - -Upstream bug URL: https://bugs.python.org/issue29157 - -Patch copied from upstream source repository: - -https://hg.python.org/cpython/rev/8125d9a8152b - -# HG changeset patch -# User Victor Stinner <victor.stinner@gmail.com> -# Date 1483957133 -3600 -# Node ID 8125d9a8152b79e712cb09c7094b9129b9bcea86 -# Parent 337461574c90281630751b6095c4e1baf380cf7d -Issue #29157: Prefer getrandom() over getentropy() - -Copy and then adapt Python/random.c from default branch. Difference between 3.5 -and default branches: - -* Python 3.5 only uses getrandom() in non-blocking mode: flags=GRND_NONBLOCK -* If getrandom() fails with EAGAIN: py_getrandom() immediately fails and - remembers that getrandom() doesn't work. -* Python 3.5 has no _PyOS_URandomNonblock() function: _PyOS_URandom() - works in non-blocking mode on Python 3.5 - -diff --git a/Python/random.c b/Python/random.c ---- Python/random.c -+++ Python/random.c -@@ -1,6 +1,9 @@ - #include "Python.h" - #ifdef MS_WINDOWS - # include <windows.h> -+/* All sample MSDN wincrypt programs include the header below. It is at least -+ * required with Min GW. */ -+# include <wincrypt.h> - #else - # include <fcntl.h> - # ifdef HAVE_SYS_STAT_H -@@ -37,10 +40,9 @@ win32_urandom_init(int raise) - return 0; - - error: -- if (raise) -+ if (raise) { - PyErr_SetFromWindowsErr(0); -- else -- Py_FatalError("Failed to initialize Windows random API (CryptoGen)"); -+ } - return -1; - } - -@@ -53,8 +55,9 @@ win32_urandom(unsigned char *buffer, Py_ - - if (hCryptProv == 0) - { -- if (win32_urandom_init(raise) == -1) -+ if (win32_urandom_init(raise) == -1) { - return -1; -+ } - } - - while (size > 0) -@@ -63,11 +66,9 @@ win32_urandom(unsigned char *buffer, Py_ - if (!CryptGenRandom(hCryptProv, (DWORD)chunk, buffer)) - { - /* CryptGenRandom() failed */ -- if (raise) -+ if (raise) { - PyErr_SetFromWindowsErr(0); -- else -- Py_FatalError("Failed to initialized the randomized hash " -- "secret using CryptoGen)"); -+ } - return -1; - } - buffer += chunk; -@@ -76,58 +77,23 @@ win32_urandom(unsigned char *buffer, Py_ - return 0; - } - --/* Issue #25003: Don't use getentropy() on Solaris (available since -- * Solaris 11.3), it is blocking whereas os.urandom() should not block. */ --#elif defined(HAVE_GETENTROPY) && !defined(sun) --#define PY_GETENTROPY 1 -- --/* Fill buffer with size pseudo-random bytes generated by getentropy(). -- Return 0 on success, or raise an exception and return -1 on error. -- -- If fatal is nonzero, call Py_FatalError() instead of raising an exception -- on error. */ --static int --py_getentropy(unsigned char *buffer, Py_ssize_t size, int fatal) --{ -- while (size > 0) { -- Py_ssize_t len = Py_MIN(size, 256); -- int res; -- -- if (!fatal) { -- Py_BEGIN_ALLOW_THREADS -- res = getentropy(buffer, len); -- Py_END_ALLOW_THREADS -- -- if (res < 0) { -- PyErr_SetFromErrno(PyExc_OSError); -- return -1; -- } -- } -- else { -- res = getentropy(buffer, len); -- if (res < 0) -- Py_FatalError("getentropy() failed"); -- } -- -- buffer += len; -- size -= len; -- } -- return 0; --} -- --#else -+#else /* !MS_WINDOWS */ - - #if defined(HAVE_GETRANDOM) || defined(HAVE_GETRANDOM_SYSCALL) - #define PY_GETRANDOM 1 - --/* Call getrandom() -+/* Call getrandom() to get random bytes: -+ - - Return 1 on success -- - Return 0 if getrandom() syscall is not available (failed with ENOSYS or -- EPERM) or if getrandom(GRND_NONBLOCK) failed with EAGAIN (system urandom -- not initialized yet) and raise=0. -+ - Return 0 if getrandom() is not available (failed with ENOSYS or EPERM), -+ or if getrandom(GRND_NONBLOCK) failed with EAGAIN (system urandom not -+ initialized yet). - - Raise an exception (if raise is non-zero) and return -1 on error: -- getrandom() failed with EINTR and the Python signal handler raised an -- exception, or getrandom() failed with a different error. */ -+ if getrandom() failed with EINTR, raise is non-zero and the Python signal -+ handler raised an exception, or if getrandom() failed with a different -+ error. -+ -+ getrandom() is retried if it failed with EINTR: interrupted by a signal. */ - static int - py_getrandom(void *buffer, Py_ssize_t size, int raise) - { -@@ -142,16 +108,19 @@ py_getrandom(void *buffer, Py_ssize_t si - * see https://bugs.python.org/issue26839. To avoid this, use the - * GRND_NONBLOCK flag. */ - const int flags = GRND_NONBLOCK; -+ char *dest; - long n; - - if (!getrandom_works) { - return 0; - } - -+ dest = buffer; - while (0 < size) { - #ifdef sun - /* Issue #26735: On Solaris, getrandom() is limited to returning up -- to 1024 bytes */ -+ to 1024 bytes. Call it multiple times if more bytes are -+ requested. */ - n = Py_MIN(size, 1024); - #else - n = Py_MIN(size, LONG_MAX); -@@ -161,34 +130,35 @@ py_getrandom(void *buffer, Py_ssize_t si - #ifdef HAVE_GETRANDOM - if (raise) { - Py_BEGIN_ALLOW_THREADS -- n = getrandom(buffer, n, flags); -+ n = getrandom(dest, n, flags); - Py_END_ALLOW_THREADS - } - else { -- n = getrandom(buffer, n, flags); -+ n = getrandom(dest, n, flags); - } - #else - /* On Linux, use the syscall() function because the GNU libc doesn't -- * expose the Linux getrandom() syscall yet. See: -- * https://sourceware.org/bugzilla/show_bug.cgi?id=17252 */ -+ expose the Linux getrandom() syscall yet. See: -+ https://sourceware.org/bugzilla/show_bug.cgi?id=17252 */ - if (raise) { - Py_BEGIN_ALLOW_THREADS -- n = syscall(SYS_getrandom, buffer, n, flags); -+ n = syscall(SYS_getrandom, dest, n, flags); - Py_END_ALLOW_THREADS - } - else { -- n = syscall(SYS_getrandom, buffer, n, flags); -+ n = syscall(SYS_getrandom, dest, n, flags); - } - #endif - - if (n < 0) { -- /* ENOSYS: getrandom() syscall not supported by the kernel (but -- * maybe supported by the host which built Python). EPERM: -- * getrandom() syscall blocked by SECCOMP or something else. */ -+ /* ENOSYS: the syscall is not supported by the kernel. -+ EPERM: the syscall is blocked by a security policy (ex: SECCOMP) -+ or something else. */ - if (errno == ENOSYS || errno == EPERM) { - getrandom_works = 0; - return 0; - } -+ - if (errno == EAGAIN) { - /* getrandom(GRND_NONBLOCK) fails with EAGAIN if the system - urandom is not initialiazed yet. In this case, fall back on -@@ -202,32 +172,101 @@ py_getrandom(void *buffer, Py_ssize_t si - } - - if (errno == EINTR) { -- if (PyErr_CheckSignals()) { -- if (!raise) { -- Py_FatalError("getrandom() interrupted by a signal"); -+ if (raise) { -+ if (PyErr_CheckSignals()) { -+ return -1; - } -- return -1; - } - -- /* retry getrandom() */ -+ /* retry getrandom() if it was interrupted by a signal */ - continue; - } - - if (raise) { - PyErr_SetFromErrno(PyExc_OSError); - } -- else { -- Py_FatalError("getrandom() failed"); -+ return -1; -+ } -+ -+ dest += n; -+ size -= n; -+ } -+ return 1; -+} -+ -+#elif defined(HAVE_GETENTROPY) -+#define PY_GETENTROPY 1 -+ -+/* Fill buffer with size pseudo-random bytes generated by getentropy(): -+ -+ - Return 1 on success -+ - Return 0 if getentropy() syscall is not available (failed with ENOSYS or -+ EPERM). -+ - Raise an exception (if raise is non-zero) and return -1 on error: -+ if getentropy() failed with EINTR, raise is non-zero and the Python signal -+ handler raised an exception, or if getentropy() failed with a different -+ error. -+ -+ getentropy() is retried if it failed with EINTR: interrupted by a signal. */ -+static int -+py_getentropy(char *buffer, Py_ssize_t size, int raise) -+{ -+ /* Is getentropy() supported by the running kernel? Set to 0 if -+ getentropy() failed with ENOSYS or EPERM. */ -+ static int getentropy_works = 1; -+ -+ if (!getentropy_works) { -+ return 0; -+ } -+ -+ while (size > 0) { -+ /* getentropy() is limited to returning up to 256 bytes. Call it -+ multiple times if more bytes are requested. */ -+ Py_ssize_t len = Py_MIN(size, 256); -+ int res; -+ -+ if (raise) { -+ Py_BEGIN_ALLOW_THREADS -+ res = getentropy(buffer, len); -+ Py_END_ALLOW_THREADS -+ } -+ else { -+ res = getentropy(buffer, len); -+ } -+ -+ if (res < 0) { -+ /* ENOSYS: the syscall is not supported by the running kernel. -+ EPERM: the syscall is blocked by a security policy (ex: SECCOMP) -+ or something else. */ -+ if (errno == ENOSYS || errno == EPERM) { -+ getentropy_works = 0; -+ return 0; -+ } -+ -+ if (errno == EINTR) { -+ if (raise) { -+ if (PyErr_CheckSignals()) { -+ return -1; -+ } -+ } -+ -+ /* retry getentropy() if it was interrupted by a signal */ -+ continue; -+ } -+ -+ if (raise) { -+ PyErr_SetFromErrno(PyExc_OSError); - } - return -1; - } - -- buffer += n; -- size -= n; -+ buffer += len; -+ size -= len; - } - return 1; - } --#endif -+#endif /* defined(HAVE_GETENTROPY) && !defined(sun) */ -+ - - static struct { - int fd; -@@ -235,136 +274,123 @@ static struct { - ino_t st_ino; - } urandom_cache = { -1 }; - -+/* Read random bytes from the /dev/urandom device: - --/* Read 'size' random bytes from py_getrandom(). Fall back on reading from -- /dev/urandom if getrandom() is not available. -+ - Return 0 on success -+ - Raise an exception (if raise is non-zero) and return -1 on error - -- Call Py_FatalError() on error. */ --static void --dev_urandom_noraise(unsigned char *buffer, Py_ssize_t size) -+ Possible causes of errors: -+ -+ - open() failed with ENOENT, ENXIO, ENODEV, EACCES: the /dev/urandom device -+ was not found. For example, it was removed manually or not exposed in a -+ chroot or container. -+ - open() failed with a different error -+ - fstat() failed -+ - read() failed or returned 0 -+ -+ read() is retried if it failed with EINTR: interrupted by a signal. -+ -+ The file descriptor of the device is kept open between calls to avoid using -+ many file descriptors when run in parallel from multiple threads: -+ see the issue #18756. -+ -+ st_dev and st_ino fields of the file descriptor (from fstat()) are cached to -+ check if the file descriptor was replaced by a different file (which is -+ likely a bug in the application): see the issue #21207. -+ -+ If the file descriptor was closed or replaced, open a new file descriptor -+ but don't close the old file descriptor: it probably points to something -+ important for some third-party code. */ -+static int -+dev_urandom(char *buffer, Py_ssize_t size, int raise) - { - int fd; - Py_ssize_t n; - -- assert (0 < size); -+ if (raise) { -+ struct _Py_stat_struct st; - --#ifdef PY_GETRANDOM -- if (py_getrandom(buffer, size, 0) == 1) { -- return; -+ if (urandom_cache.fd >= 0) { -+ /* Does the fd point to the same thing as before? (issue #21207) */ -+ if (_Py_fstat_noraise(urandom_cache.fd, &st) -+ || st.st_dev != urandom_cache.st_dev -+ || st.st_ino != urandom_cache.st_ino) { -+ /* Something changed: forget the cached fd (but don't close it, -+ since it probably points to something important for some -+ third-party code). */ -+ urandom_cache.fd = -1; -+ } -+ } -+ if (urandom_cache.fd >= 0) -+ fd = urandom_cache.fd; -+ else { -+ fd = _Py_open("/dev/urandom", O_RDONLY); -+ if (fd < 0) { -+ if (errno == ENOENT || errno == ENXIO || -+ errno == ENODEV || errno == EACCES) { -+ PyErr_SetString(PyExc_NotImplementedError, -+ "/dev/urandom (or equivalent) not found"); -+ } -+ /* otherwise, keep the OSError exception raised by _Py_open() */ -+ return -1; -+ } -+ if (urandom_cache.fd >= 0) { -+ /* urandom_fd was initialized by another thread while we were -+ not holding the GIL, keep it. */ -+ close(fd); -+ fd = urandom_cache.fd; -+ } -+ else { -+ if (_Py_fstat(fd, &st)) { -+ close(fd); -+ return -1; -+ } -+ else { -+ urandom_cache.fd = fd; -+ urandom_cache.st_dev = st.st_dev; -+ urandom_cache.st_ino = st.st_ino; -+ } -+ } -+ } -+ -+ do { -+ n = _Py_read(fd, buffer, (size_t)size); -+ if (n == -1) -+ return -1; -+ if (n == 0) { -+ PyErr_Format(PyExc_RuntimeError, -+ "Failed to read %zi bytes from /dev/urandom", -+ size); -+ return -1; -+ } -+ -+ buffer += n; -+ size -= n; -+ } while (0 < size); - } -- /* getrandom() failed with ENOSYS or EPERM, -- fall back on reading /dev/urandom */ --#endif -- -- fd = _Py_open_noraise("/dev/urandom", O_RDONLY); -- if (fd < 0) { -- Py_FatalError("Failed to open /dev/urandom"); -- } -- -- while (0 < size) -- { -- do { -- n = read(fd, buffer, (size_t)size); -- } while (n < 0 && errno == EINTR); -- -- if (n <= 0) { -- /* read() failed or returned 0 bytes */ -- Py_FatalError("Failed to read bytes from /dev/urandom"); -- break; -- } -- buffer += n; -- size -= n; -- } -- close(fd); --} -- --/* Read 'size' random bytes from py_getrandom(). Fall back on reading from -- /dev/urandom if getrandom() is not available. -- -- Return 0 on success. Raise an exception and return -1 on error. */ --static int --dev_urandom_python(char *buffer, Py_ssize_t size) --{ -- int fd; -- Py_ssize_t n; -- struct _Py_stat_struct st; --#ifdef PY_GETRANDOM -- int res; --#endif -- -- if (size <= 0) -- return 0; -- --#ifdef PY_GETRANDOM -- res = py_getrandom(buffer, size, 1); -- if (res < 0) { -- return -1; -- } -- if (res == 1) { -- return 0; -- } -- /* getrandom() failed with ENOSYS or EPERM, -- fall back on reading /dev/urandom */ --#endif -- -- if (urandom_cache.fd >= 0) { -- /* Does the fd point to the same thing as before? (issue #21207) */ -- if (_Py_fstat_noraise(urandom_cache.fd, &st) -- || st.st_dev != urandom_cache.st_dev -- || st.st_ino != urandom_cache.st_ino) { -- /* Something changed: forget the cached fd (but don't close it, -- since it probably points to something important for some -- third-party code). */ -- urandom_cache.fd = -1; -- } -- } -- if (urandom_cache.fd >= 0) -- fd = urandom_cache.fd; - else { -- fd = _Py_open("/dev/urandom", O_RDONLY); -+ fd = _Py_open_noraise("/dev/urandom", O_RDONLY); - if (fd < 0) { -- if (errno == ENOENT || errno == ENXIO || -- errno == ENODEV || errno == EACCES) -- PyErr_SetString(PyExc_NotImplementedError, -- "/dev/urandom (or equivalent) not found"); -- /* otherwise, keep the OSError exception raised by _Py_open() */ - return -1; - } -- if (urandom_cache.fd >= 0) { -- /* urandom_fd was initialized by another thread while we were -- not holding the GIL, keep it. */ -- close(fd); -- fd = urandom_cache.fd; -- } -- else { -- if (_Py_fstat(fd, &st)) { -+ -+ while (0 < size) -+ { -+ do { -+ n = read(fd, buffer, (size_t)size); -+ } while (n < 0 && errno == EINTR); -+ -+ if (n <= 0) { -+ /* stop on error or if read(size) returned 0 */ - close(fd); - return -1; - } -- else { -- urandom_cache.fd = fd; -- urandom_cache.st_dev = st.st_dev; -- urandom_cache.st_ino = st.st_ino; -- } -+ -+ buffer += n; -+ size -= n; - } -+ close(fd); - } -- -- do { -- n = _Py_read(fd, buffer, (size_t)size); -- if (n == -1) { -- return -1; -- } -- if (n == 0) { -- PyErr_Format(PyExc_RuntimeError, -- "Failed to read %zi bytes from /dev/urandom", -- size); -- return -1; -- } -- -- buffer += n; -- size -= n; -- } while (0 < size); -- - return 0; - } - -@@ -376,8 +402,8 @@ dev_urandom_close(void) - urandom_cache.fd = -1; - } - } -+#endif /* !MS_WINDOWS */ - --#endif - - /* Fill buffer with pseudo-random bytes generated by a linear congruent - generator (LCG): -@@ -400,29 +426,98 @@ lcg_urandom(unsigned int x0, unsigned ch - } - } - -+/* Read random bytes: -+ -+ - Return 0 on success -+ - Raise an exception (if raise is non-zero) and return -1 on error -+ -+ Used sources of entropy ordered by preference, preferred source first: -+ -+ - CryptGenRandom() on Windows -+ - getrandom() function (ex: Linux and Solaris): call py_getrandom() -+ - getentropy() function (ex: OpenBSD): call py_getentropy() -+ - /dev/urandom device -+ -+ Read from the /dev/urandom device if getrandom() or getentropy() function -+ is not available or does not work. -+ -+ Prefer getrandom() over getentropy() because getrandom() supports blocking -+ and non-blocking mode and Python requires non-blocking RNG at startup to -+ initialize its hash secret: see the PEP 524. -+ -+ Prefer getrandom() and getentropy() over reading directly /dev/urandom -+ because these functions don't need file descriptors and so avoid ENFILE or -+ EMFILE errors (too many open files): see the issue #18756. -+ -+ Only use RNG running in the kernel. They are more secure because it is -+ harder to get the internal state of a RNG running in the kernel land than a -+ RNG running in the user land. The kernel has a direct access to the hardware -+ and has access to hardware RNG, they are used as entropy sources. -+ -+ Note: the OpenSSL RAND_pseudo_bytes() function does not automatically reseed -+ its RNG on fork(), two child processes (with the same pid) generate the same -+ random numbers: see issue #18747. Kernel RNGs don't have this issue, -+ they have access to good quality entropy sources. -+ -+ If raise is zero: -+ -+ - Don't raise an exception on error -+ - Don't call the Python signal handler (don't call PyErr_CheckSignals()) if -+ a function fails with EINTR: retry directly the interrupted function -+ - Don't release the GIL to call functions. -+*/ -+static int -+pyurandom(void *buffer, Py_ssize_t size, int raise) -+{ -+#if defined(PY_GETRANDOM) || defined(PY_GETENTROPY) -+ int res; -+#endif -+ -+ if (size < 0) { -+ if (raise) { -+ PyErr_Format(PyExc_ValueError, -+ "negative argument not allowed"); -+ } -+ return -1; -+ } -+ -+ if (size == 0) { -+ return 0; -+ } -+ -+#ifdef MS_WINDOWS -+ return win32_urandom((unsigned char *)buffer, size, raise); -+#else -+ -+#if defined(PY_GETRANDOM) || defined(PY_GETENTROPY) -+#ifdef PY_GETRANDOM -+ res = py_getrandom(buffer, size, raise); -+#else -+ res = py_getentropy(buffer, size, raise); -+#endif -+ if (res < 0) { -+ return -1; -+ } -+ if (res == 1) { -+ return 0; -+ } -+ /* getrandom() or getentropy() function is not available: failed with -+ ENOSYS, EPERM or EAGAIN. Fall back on reading from /dev/urandom. */ -+#endif -+ -+ return dev_urandom(buffer, size, raise); -+#endif -+} -+ - /* Fill buffer with size pseudo-random bytes from the operating system random - number generator (RNG). It is suitable for most cryptographic purposes - except long living private keys for asymmetric encryption. - -- Return 0 on success, raise an exception and return -1 on error. */ -+ Return 0 on success. Raise an exception and return -1 on error. */ - int - _PyOS_URandom(void *buffer, Py_ssize_t size) - { -- if (size < 0) { -- PyErr_Format(PyExc_ValueError, -- "negative argument not allowed"); -- return -1; -- } -- if (size == 0) -- return 0; -- --#ifdef MS_WINDOWS -- return win32_urandom((unsigned char *)buffer, size, 1); --#elif defined(PY_GETENTROPY) -- return py_getentropy(buffer, size, 0); --#else -- return dev_urandom_python((char*)buffer, size); --#endif -+ return pyurandom(buffer, size, 1); - } - - void -@@ -463,13 +558,14 @@ void - } - } - else { --#ifdef MS_WINDOWS -- (void)win32_urandom(secret, secret_size, 0); --#elif defined(PY_GETENTROPY) -- (void)py_getentropy(secret, secret_size, 1); --#else -- dev_urandom_noraise(secret, secret_size); --#endif -+ int res; -+ -+ /* _PyRandom_Init() is called very early in the Python initialization -+ and so exceptions cannot be used (use raise=0). */ -+ res = pyurandom(secret, secret_size, 0); -+ if (res < 0) { -+ Py_FatalError("failed to get random numbers to initialize Python"); -+ } - } - } - -@@ -481,8 +577,6 @@ void - CryptReleaseContext(hCryptProv, 0); - hCryptProv = 0; - } --#elif defined(PY_GETENTROPY) -- /* nothing to clean */ - #else - dev_urandom_close(); - #endif - diff --git a/gnu/packages/patches/python-unittest2-python3-compat.patch b/gnu/packages/patches/python-unittest2-python3-compat.patch new file mode 100644 index 0000000000..fe0afe559a --- /dev/null +++ b/gnu/packages/patches/python-unittest2-python3-compat.patch @@ -0,0 +1,34 @@ +Skip tests that fail with newer versions of Python. + +Patch copied from Gentoo: + +https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-python/unittest2/files/unittest2-1.1.0-python3.5-test.patch + +diff --git a/unittest2/test/test_loader.py b/unittest2/test/test_loader.py +index 683f662..347eea5 100644 +--- a/unittest2/test/test_loader.py ++++ b/unittest2/test/test_loader.py +@@ -509,6 +509,7 @@ class Test_TestLoader(unittest2.TestCase): + # + # What happens when an impossible name is given, relative to the provided + # `module`? ++ @unittest.skipIf(sys.version_info[:2] >= (3, 5), "python 3.5 has problems here") + def test_loadTestsFromName__relative_malformed_name(self): + loader = unittest.TestLoader() + +@@ -811,6 +812,7 @@ class Test_TestLoader(unittest2.TestCase): + # TestCase or TestSuite instance." + # + # What happens when presented with an impossible module name? ++ @unittest.skipIf(sys.version_info[:2] >= (3, 5), "python 3.5 has problems here") + def test_loadTestsFromNames__malformed_name(self): + loader = unittest2.TestLoader() + +@@ -918,6 +920,7 @@ class Test_TestLoader(unittest2.TestCase): + # "The method optionally resolves name relative to the given module" + # + # What happens when presented with an impossible attribute name? ++ @unittest.skipIf(sys.version_info[:2] >= (3, 5), "python 3.5 has problems here") + def test_loadTestsFromNames__relative_malformed_name(self): + loader = unittest.TestLoader() + diff --git a/gnu/packages/patches/python2-unittest2-remove-argparse.patch b/gnu/packages/patches/python-unittest2-remove-argparse.patch index c96738757e..c96738757e 100644 --- a/gnu/packages/patches/python2-unittest2-remove-argparse.patch +++ b/gnu/packages/patches/python-unittest2-remove-argparse.patch |