summaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/blast+-fix-makefile.patch15
-rw-r--r--gnu/packages/patches/dblatex-remove-multirow.patch30
-rw-r--r--gnu/packages/patches/gajim-CVE-2016-10376.patch57
-rw-r--r--gnu/packages/patches/gcr-disable-failing-tests.patch126
-rw-r--r--gnu/packages/patches/gcr-fix-collection-tests-to-work-with-gpg-21.patch31
-rw-r--r--gnu/packages/patches/gemma-intel-compat.patch44
-rw-r--r--gnu/packages/patches/guile-rsvg-pkgconfig.patch2
-rw-r--r--gnu/packages/patches/libtiff-CVE-2016-10688.patch92
-rw-r--r--gnu/packages/patches/libtiff-CVE-2017-9936.patch47
-rw-r--r--gnu/packages/patches/libtiff-tiffycbcrtorgb-integer-overflow.patch57
-rw-r--r--gnu/packages/patches/libtiff-tiffycbcrtorgbinit-integer-overflow.patch43
-rw-r--r--gnu/packages/patches/ncurses-CVE-2017-10684-10685.patch200
-rw-r--r--gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch36
-rw-r--r--gnu/packages/patches/python-pyopenssl-skip-network-test.patch43
-rw-r--r--gnu/packages/patches/xorg-server-CVE-2017-10971.patch153
-rw-r--r--gnu/packages/patches/xorg-server-CVE-2017-10972.patch35
16 files changed, 910 insertions, 101 deletions
diff --git a/gnu/packages/patches/blast+-fix-makefile.patch b/gnu/packages/patches/blast+-fix-makefile.patch
new file mode 100644
index 0000000000..bfa46a7e51
--- /dev/null
+++ b/gnu/packages/patches/blast+-fix-makefile.patch
@@ -0,0 +1,15 @@
+Without this patch, the 'make install' attempts to 'install' a directory, which causes an error.
+
+diff --git a/c++/src/build-system/Makefile.in.top b/c++/src/build-system/Makefile.in.top
+index 1abe44f..d6000b3 100644
+--- a/c++/src/build-system/Makefile.in.top
++++ b/c++/src/build-system/Makefile.in.top
+@@ -51,7 +51,7 @@ install-toolkit:
+ done
+ cd $(includedir0) && find * -name CVS -prune -o -print |\
+ cpio -pd $(pincludedir)
+- $(INSTALL) -m 644 $(incdir)/* $(pincludedir)
++ cp -R $(incdir)/* $(pincludedir)
+ ## set up appropriate build and status directories somewhere under $(libdir)?
+
+ install-gbench:
diff --git a/gnu/packages/patches/dblatex-remove-multirow.patch b/gnu/packages/patches/dblatex-remove-multirow.patch
new file mode 100644
index 0000000000..62d1c64e08
--- /dev/null
+++ b/gnu/packages/patches/dblatex-remove-multirow.patch
@@ -0,0 +1,30 @@
+This patch is needed to fix dblatex with newer versions of TeX Live.
+It was taken from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840189
+
+--- a/latex/style/dbk_table.sty Sun Oct 02 23:21:03 2016 +0200
++++ b/latex/style/dbk_table.sty Mon Oct 10 21:31:00 2016 +0200
+@@ -9,7 +9,6 @@
+ \usepackage{longtable}
+ \usepackage{lscape}
+ \usepackage{colortbl}
+-\usepackage{multirow}
+ \usepackage{calc}
+ \usepackage{hhline}
+
+@@ -21,16 +20,6 @@
+ \expandafter[\expandafter3\expandafter]\expandafter{%
+ \multicolumn{#1}{#2}{#3}}
+
+-% Make \@xmultirow long
+-\expandafter\long\expandafter\def%
+-\expandafter\@xmultirow%
+-\expandafter#\expandafter1%
+-\expandafter[\expandafter#\expandafter2\expandafter]%
+-\expandafter#\expandafter3%
+-\expandafter[\expandafter#\expandafter4\expandafter]%
+-\expandafter#\expandafter5%
+-\expandafter{\@xmultirow{#1}[#2]{#3}[#4]{#5}}
+-
+ % For the newtbl code
+ \newdimen\newtblstarfactor%
+ \newdimen\newtblsparewidth%
diff --git a/gnu/packages/patches/gajim-CVE-2016-10376.patch b/gnu/packages/patches/gajim-CVE-2016-10376.patch
deleted file mode 100644
index 591dd1af21..0000000000
--- a/gnu/packages/patches/gajim-CVE-2016-10376.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-Fix CVE-2016-10376.
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10376
-http://seclists.org/oss-sec/2017/q2/341
-https://dev.gajim.org/gajim/gajim/issues/8378
-
-Patch copied from upstream source repository:
-
-https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc
-
-(adapted for context in config.py)
-
-From cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc Mon Sep 17 00:00:00 2001
-From: Philipp Hörist <forenjunkie@chello.at>
-Date: Fri, 26 May 2017 23:10:05 +0200
-Subject: [PATCH] Add config option to activate XEP-0146 commands
-
-Some of the Commands have security implications, thats why we disable them per default
-Fixes #8378
----
- src/common/commands.py | 7 ++++---
- src/common/config.py | 1 +
- 2 files changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/src/common/commands.py b/src/common/commands.py
-index 19d8c13..0eeb57c 100644
---- a/src/common/commands.py
-+++ b/src/common/commands.py
-@@ -345,9 +345,10 @@ class ConnectionCommands:
- def __init__(self):
- # a list of all commands exposed: node -> command class
- self.__commands = {}
-- for cmdobj in (ChangeStatusCommand, ForwardMessagesCommand,
-- LeaveGroupchatsCommand, FwdMsgThenDisconnectCommand):
-- self.__commands[cmdobj.commandnode] = cmdobj
-+ if gajim.config.get('remote_commands'):
-+ for cmdobj in (ChangeStatusCommand, ForwardMessagesCommand,
-+ LeaveGroupchatsCommand, FwdMsgThenDisconnectCommand):
-+ self.__commands[cmdobj.commandnode] = cmdobj
-
- # a list of sessions; keys are tuples (jid, sessionid, node)
- self.__sessions = {}
-diff --git a/src/common/config.py b/src/common/config.py
-index cde1f81..fe25455 100644
---- a/src/common/config.py
-+++ b/src/common/config.py
-@@ -314,6 +314,7 @@ class Config:
- 'ignore_incoming_attention': [opt_bool, False, _('If True, Gajim will ignore incoming attention requestd ("wizz").')],
- 'remember_opened_chat_controls': [ opt_bool, True, _('If enabled, Gajim will reopen chat windows that were opened last time Gajim was closed.')],
- 'positive_184_ack': [ opt_bool, False, _('If enabled, Gajim will show an icon to show that sent message has been received by your contact')],
-+ 'remote_commands': [opt_bool, False, _('If True, Gajim will execute XEP-0146 Commands.')],
- }, {})
-
- __options_per_key = {
---
-libgit2 0.24.0
-
diff --git a/gnu/packages/patches/gcr-disable-failing-tests.patch b/gnu/packages/patches/gcr-disable-failing-tests.patch
new file mode 100644
index 0000000000..862c51faf0
--- /dev/null
+++ b/gnu/packages/patches/gcr-disable-failing-tests.patch
@@ -0,0 +1,126 @@
+This patch removes a group of tests that fail because /var/lib/dbus/machine-id
+is not present in the build environment.
+
+--- gcr-3.20.0.old/Makefile.in 2017-07-03 18:05:10.742595317 -0400
++++ gcr-3.20.0/Makefile.in 2017-07-03 18:08:26.379565428 -0400
+@@ -482,8 +482,7 @@
+ test-openssh$(EXEEXT) test-secure-memory$(EXEEXT) \
+ test-trust$(EXEEXT) test-parser$(EXEEXT) test-record$(EXEEXT) \
+ test-memory-icon$(EXEEXT) test-gnupg-key$(EXEEXT) \
+- test-gnupg-collection$(EXEEXT) test-gnupg-process$(EXEEXT) \
+- test-system-prompt$(EXEEXT)
++ test-gnupg-collection$(EXEEXT) test-gnupg-process$(EXEEXT)
+ @WITH_GTK_TRUE@am__EXEEXT_4 = frob-certificate$(EXEEXT) \
+ @WITH_GTK_TRUE@ frob-combo-selector$(EXEEXT) \
+ @WITH_GTK_TRUE@ frob-gnupg-selector$(EXEEXT) \
+@@ -882,14 +881,6 @@
+ am_test_symkey_OBJECTS = egg/test-symkey.$(OBJEXT)
+ test_symkey_OBJECTS = $(am_test_symkey_OBJECTS)
+ test_symkey_DEPENDENCIES = $(am__DEPENDENCIES_4)
+-am_test_system_prompt_OBJECTS = \
+- gcr/test_system_prompt-test-system-prompt.$(OBJEXT)
+-test_system_prompt_OBJECTS = $(am_test_system_prompt_OBJECTS)
+-test_system_prompt_DEPENDENCIES = $(am__DEPENDENCIES_3)
+-test_system_prompt_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+- $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+- $(test_system_prompt_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+- $(LDFLAGS) -o $@
+ am_test_trust_OBJECTS = gcr/test_trust-test-trust.$(OBJEXT)
+ test_trust_OBJECTS = $(am_test_trust_OBJECTS)
+ test_trust_DEPENDENCIES = $(am__DEPENDENCIES_3)
+@@ -974,8 +965,7 @@
+ $(test_secret_exchange_SOURCES) $(test_secure_memory_SOURCES) \
+ $(test_simple_certificate_SOURCES) \
+ $(test_subject_public_key_SOURCES) $(test_symkey_SOURCES) \
+- $(test_system_prompt_SOURCES) $(test_trust_SOURCES) \
+- $(test_util_SOURCES)
++ $(test_trust_SOURCES) $(test_util_SOURCES)
+ DIST_SOURCES = $(libegg_asn1x_la_SOURCES) $(libegg_hex_la_SOURCES) \
+ $(libegg_secmem_la_SOURCES) $(libegg_test_la_SOURCES) \
+ $(libegg_la_SOURCES) $(libgck_@GCK_MAJOR@_la_SOURCES) \
+@@ -1016,8 +1006,7 @@
+ $(test_secret_exchange_SOURCES) $(test_secure_memory_SOURCES) \
+ $(test_simple_certificate_SOURCES) \
+ $(test_subject_public_key_SOURCES) $(test_symkey_SOURCES) \
+- $(test_system_prompt_SOURCES) $(test_trust_SOURCES) \
+- $(test_util_SOURCES)
++ $(test_trust_SOURCES) $(test_util_SOURCES)
+ RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \
+ ctags-recursive dvi-recursive html-recursive info-recursive \
+ install-data-recursive install-dvi-recursive \
+@@ -2117,8 +2106,7 @@
+ test-memory-icon \
+ test-gnupg-key \
+ test-gnupg-collection \
+- test-gnupg-process \
+- test-system-prompt
++ test-gnupg-process
+
+ test_certificate_SOURCES = gcr/test-certificate.c
+ test_certificate_CFLAGS = $(gcr_CFLAGS)
+@@ -2171,9 +2159,6 @@
+ test_subject_public_key_SOURCES = gcr/test-subject-public-key.c
+ test_subject_public_key_CFLAGS = $(gcr_CFLAGS)
+ test_subject_public_key_LDADD = $(gcr_LIBS)
+-test_system_prompt_SOURCES = gcr/test-system-prompt.c
+-test_system_prompt_CFLAGS = $(gcr_CFLAGS)
+-test_system_prompt_LDADD = $(gcr_LIBS)
+ test_trust_SOURCES = gcr/test-trust.c
+ test_trust_CFLAGS = $(gcr_CFLAGS)
+ test_trust_LDADD = $(gcr_LIBS)
+@@ -3283,12 +3268,6 @@
+ test-symkey$(EXEEXT): $(test_symkey_OBJECTS) $(test_symkey_DEPENDENCIES) $(EXTRA_test_symkey_DEPENDENCIES)
+ @rm -f test-symkey$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(test_symkey_OBJECTS) $(test_symkey_LDADD) $(LIBS)
+-gcr/test_system_prompt-test-system-prompt.$(OBJEXT): \
+- gcr/$(am__dirstamp) gcr/$(DEPDIR)/$(am__dirstamp)
+-
+-test-system-prompt$(EXEEXT): $(test_system_prompt_OBJECTS) $(test_system_prompt_DEPENDENCIES) $(EXTRA_test_system_prompt_DEPENDENCIES)
+- @rm -f test-system-prompt$(EXEEXT)
+- $(AM_V_CCLD)$(test_system_prompt_LINK) $(test_system_prompt_OBJECTS) $(test_system_prompt_LDADD) $(LIBS)
+ gcr/test_trust-test-trust.$(OBJEXT): gcr/$(am__dirstamp) \
+ gcr/$(DEPDIR)/$(am__dirstamp)
+
+@@ -3446,7 +3425,6 @@
+ @AMDEP_TRUE@@am__include@ @am__quote@gcr/$(DEPDIR)/test_secure_memory-test-secure-memory.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@gcr/$(DEPDIR)/test_simple_certificate-test-simple-certificate.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@gcr/$(DEPDIR)/test_subject_public_key-test-subject-public-key.Po@am__quote@
+-@AMDEP_TRUE@@am__include@ @am__quote@gcr/$(DEPDIR)/test_system_prompt-test-system-prompt.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@gcr/$(DEPDIR)/test_trust-test-trust.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@gcr/$(DEPDIR)/test_util-test-util.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@ui/$(DEPDIR)/frob_certificate-frob-certificate.Po@am__quote@
+@@ -4968,20 +4946,6 @@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_subject_public_key_CFLAGS) $(CFLAGS) -c -o gcr/test_subject_public_key-test-subject-public-key.obj `if test -f 'gcr/test-subject-public-key.c'; then $(CYGPATH_W) 'gcr/test-subject-public-key.c'; else $(CYGPATH_W) '$(srcdir)/gcr/test-subject-public-key.c'; fi`
+
+-gcr/test_system_prompt-test-system-prompt.o: gcr/test-system-prompt.c
+-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_system_prompt_CFLAGS) $(CFLAGS) -MT gcr/test_system_prompt-test-system-prompt.o -MD -MP -MF gcr/$(DEPDIR)/test_system_prompt-test-system-prompt.Tpo -c -o gcr/test_system_prompt-test-system-prompt.o `test -f 'gcr/test-system-prompt.c' || echo '$(srcdir)/'`gcr/test-system-prompt.c
+-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) gcr/$(DEPDIR)/test_system_prompt-test-system-prompt.Tpo gcr/$(DEPDIR)/test_system_prompt-test-system-prompt.Po
+-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='gcr/test-system-prompt.c' object='gcr/test_system_prompt-test-system-prompt.o' libtool=no @AMDEPBACKSLASH@
+-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_system_prompt_CFLAGS) $(CFLAGS) -c -o gcr/test_system_prompt-test-system-prompt.o `test -f 'gcr/test-system-prompt.c' || echo '$(srcdir)/'`gcr/test-system-prompt.c
+-
+-gcr/test_system_prompt-test-system-prompt.obj: gcr/test-system-prompt.c
+-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_system_prompt_CFLAGS) $(CFLAGS) -MT gcr/test_system_prompt-test-system-prompt.obj -MD -MP -MF gcr/$(DEPDIR)/test_system_prompt-test-system-prompt.Tpo -c -o gcr/test_system_prompt-test-system-prompt.obj `if test -f 'gcr/test-system-prompt.c'; then $(CYGPATH_W) 'gcr/test-system-prompt.c'; else $(CYGPATH_W) '$(srcdir)/gcr/test-system-prompt.c'; fi`
+-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) gcr/$(DEPDIR)/test_system_prompt-test-system-prompt.Tpo gcr/$(DEPDIR)/test_system_prompt-test-system-prompt.Po
+-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='gcr/test-system-prompt.c' object='gcr/test_system_prompt-test-system-prompt.obj' libtool=no @AMDEPBACKSLASH@
+-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_system_prompt_CFLAGS) $(CFLAGS) -c -o gcr/test_system_prompt-test-system-prompt.obj `if test -f 'gcr/test-system-prompt.c'; then $(CYGPATH_W) 'gcr/test-system-prompt.c'; else $(CYGPATH_W) '$(srcdir)/gcr/test-system-prompt.c'; fi`
+-
+ gcr/test_trust-test-trust.o: gcr/test-trust.c
+ @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_trust_CFLAGS) $(CFLAGS) -MT gcr/test_trust-test-trust.o -MD -MP -MF gcr/$(DEPDIR)/test_trust-test-trust.Tpo -c -o gcr/test_trust-test-trust.o `test -f 'gcr/test-trust.c' || echo '$(srcdir)/'`gcr/test-trust.c
+ @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) gcr/$(DEPDIR)/test_trust-test-trust.Tpo gcr/$(DEPDIR)/test_trust-test-trust.Po
+@@ -5808,13 +5772,6 @@
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+- "$$tst" $(AM_TESTS_FD_REDIRECT)
+-test-system-prompt.log: test-system-prompt$(EXEEXT)
+- @p='test-system-prompt$(EXEEXT)'; \
+- b='test-system-prompt'; \
+- $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+- --log-file $$b.log --trs-file $$b.trs \
+- $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+ .test.log:
+ @p='$<'; \
diff --git a/gnu/packages/patches/gcr-fix-collection-tests-to-work-with-gpg-21.patch b/gnu/packages/patches/gcr-fix-collection-tests-to-work-with-gpg-21.patch
new file mode 100644
index 0000000000..86a8ed1691
--- /dev/null
+++ b/gnu/packages/patches/gcr-fix-collection-tests-to-work-with-gpg-21.patch
@@ -0,0 +1,31 @@
+This patch comes from Debian.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=771052
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835737
+
+--- gcr-3.20.0.old/gcr/test-gnupg-collection.c 2017-06-29 14:26:33.810838197 -0400
++++ gcr-3.20.0/gcr/test-gnupg-collection.c 2017-06-30 17:25:09.149383067 -0400
+@@ -115,6 +115,14 @@
+
+ g_object_unref (test->collection);
+
++ /* remove potential gpg 2.1 extras, ignore any errors. */
++ cmd = g_strdup_printf ("rm -rf %s/*.d", test->directory);
++ system(cmd);
++ g_free(cmd);
++ cmd = g_strdup_printf ("rm -f %s/.gpg-v21-migrated", test->directory);
++ system(cmd);
++ g_free(cmd);
++
+ cmd = g_strdup_printf ("rm -f %s/*", test->directory);
+ g_spawn_check_exit_status (system (cmd), &error);
+ g_assert_no_error (error);
+@@ -202,7 +210,7 @@
+ GcrGnupgKey *key;
+
+ _gcr_gnupg_collection_load_async (test->collection, NULL, on_async_ready, test);
+- egg_test_wait_until (500);
++ egg_test_wait_until (2500);
+ g_assert (test->result);
+ _gcr_gnupg_collection_load_finish (test->collection, test->result, &error);
+ g_assert_no_error (error);
diff --git a/gnu/packages/patches/gemma-intel-compat.patch b/gnu/packages/patches/gemma-intel-compat.patch
new file mode 100644
index 0000000000..f12ec56d9b
--- /dev/null
+++ b/gnu/packages/patches/gemma-intel-compat.patch
@@ -0,0 +1,44 @@
+From da1ed24209121f7b0f03f360b1029d7125a38e70 Mon Sep 17 00:00:00 2001
+From: Efraim Flashner <efraim@flashner.co.il>
+Date: Tue, 4 Jul 2017 12:44:53 +0300
+Subject: [PATCH] Add NO_INTEL_COMPAT flag to Makefile.
+
+see also: https://github.com/xiangzhou/GEMMA/pull/47
+
+---
+ Makefile | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 5bb8748..712b1ad 100644
+--- a/Makefile
++++ b/Makefile
+@@ -11,6 +11,7 @@
+ SYS = LNX
+ # Leave blank after "=" to disable; put "= 1" to enable
+ WITH_LAPACK = 1
++NO_INTEL_COMPAT =
+ FORCE_32BIT =
+ FORCE_DYNAMIC =
+ DIST_NAME = gemma-0.96
+@@ -64,10 +65,13 @@ endif
+ HDR += $(SRC_DIR)/lapack.h
+ endif
+
+-ifdef FORCE_32BIT
+- CPPFLAGS += -m32
+-else
+- CPPFLAGS += -m64
++ifdef NO_INTEL_COMPAT
++ else
++ ifdef FORCE_32BIT
++ CPPFLAGS += -m32
++ else
++ CPPFLAGS += -m64
++ endif
+ endif
+
+ ifdef FORCE_DYNAMIC
+--
+2.13.2
+
diff --git a/gnu/packages/patches/guile-rsvg-pkgconfig.patch b/gnu/packages/patches/guile-rsvg-pkgconfig.patch
index 2272b4e1cd..51483a3472 100644
--- a/gnu/packages/patches/guile-rsvg-pkgconfig.patch
+++ b/gnu/packages/patches/guile-rsvg-pkgconfig.patch
@@ -9,7 +9,7 @@ and LDFLAGS for Guile would not be captured.
+dnl The above macro fails to set the 'GUILE_CFLAGS' and 'GUILE_LIBS'
+dnl substitution variables, hence this line.
-+PKG_CHECK_MODULES(GUILE, guile-2.0)
++PKG_CHECK_MODULES(GUILE, guile-$GUILE_EFFECTIVE_VERSION)
+
PKG_CHECK_MODULES(GUILE_CAIRO, guile-cairo >= 1.4.0)
AC_SUBST(GUILE_CAIRO_LIBS)
diff --git a/gnu/packages/patches/libtiff-CVE-2016-10688.patch b/gnu/packages/patches/libtiff-CVE-2016-10688.patch
new file mode 100644
index 0000000000..1630274c61
--- /dev/null
+++ b/gnu/packages/patches/libtiff-CVE-2016-10688.patch
@@ -0,0 +1,92 @@
+Fix CVE-2017-10688:
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2712
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10688
+https://security-tracker.debian.org/tracker/CVE-2017-10688
+
+Patch lifted from upstream source repository (the changes to 'ChangeLog'
+don't apply to the libtiff 4.0.8 release tarball).
+
+3rd party Git reference:
+
+https://github.com/vadz/libtiff/commit/6173a57d39e04d68b139f8c1aa499a24dbe74ba1
+
+2017-06-30 Even Rouault <even.rouault at spatialys.com>
+
+ * libtiff/tif_dirwrite.c: in TIFFWriteDirectoryTagCheckedXXXX()
+ functions associated with LONG8/SLONG8 data type, replace assertion
+that
+ the file is BigTIFF, by a non-fatal error.
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2712
+ Reported by team OWL337
+
+
+
+/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
+new revision: 1.1259; previous revision: 1.1258
+/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirwrite.c,v <--
+libtiff/tif_dirwrite.c
+new revision: 1.86; previous revision: 1.85
+
+Index: libtiff/libtiff/tif_dirwrite.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirwrite.c,v
+retrieving revision 1.85
+retrieving revision 1.86
+diff -u -r1.85 -r1.86
+--- libtiff/libtiff/tif_dirwrite.c 11 Jan 2017 16:09:02 -0000 1.85
++++ libtiff/libtiff/tif_dirwrite.c 30 Jun 2017 17:29:44 -0000 1.86
+@@ -1,4 +1,4 @@
+-/* $Id: tif_dirwrite.c,v 1.85 2017-01-11 16:09:02 erouault Exp $ */
++/* $Id: tif_dirwrite.c,v 1.86 2017-06-30 17:29:44 erouault Exp $ */
+
+ /*
+ * Copyright (c) 1988-1997 Sam Leffler
+@@ -2111,7 +2111,10 @@
+ {
+ uint64 m;
+ assert(sizeof(uint64)==8);
+- assert(tif->tif_flags&TIFF_BIGTIFF);
++ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
++ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","LONG8 not allowed for ClassicTIFF");
++ return(0);
++ }
+ m=value;
+ if (tif->tif_flags&TIFF_SWAB)
+ TIFFSwabLong8(&m);
+@@ -2124,7 +2127,10 @@
+ {
+ assert(count<0x20000000);
+ assert(sizeof(uint64)==8);
+- assert(tif->tif_flags&TIFF_BIGTIFF);
++ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
++ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","LONG8 not allowed for ClassicTIFF");
++ return(0);
++ }
+ if (tif->tif_flags&TIFF_SWAB)
+ TIFFSwabArrayOfLong8(value,count);
+ return(TIFFWriteDirectoryTagData(tif,ndir,dir,tag,TIFF_LONG8,count,count*8,value));
+@@ -2136,7 +2142,10 @@
+ {
+ int64 m;
+ assert(sizeof(int64)==8);
+- assert(tif->tif_flags&TIFF_BIGTIFF);
++ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
++ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","SLONG8 not allowed for ClassicTIFF");
++ return(0);
++ }
+ m=value;
+ if (tif->tif_flags&TIFF_SWAB)
+ TIFFSwabLong8((uint64*)(&m));
+@@ -2149,7 +2158,10 @@
+ {
+ assert(count<0x20000000);
+ assert(sizeof(int64)==8);
+- assert(tif->tif_flags&TIFF_BIGTIFF);
++ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
++ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","SLONG8 not allowed for ClassicTIFF");
++ return(0);
++ }
+ if (tif->tif_flags&TIFF_SWAB)
+ TIFFSwabArrayOfLong8((uint64*)value,count);
+ return(TIFFWriteDirectoryTagData(tif,ndir,dir,tag,TIFF_SLONG8,count,count*8,value));
diff --git a/gnu/packages/patches/libtiff-CVE-2017-9936.patch b/gnu/packages/patches/libtiff-CVE-2017-9936.patch
new file mode 100644
index 0000000000..fbdbcd0f0b
--- /dev/null
+++ b/gnu/packages/patches/libtiff-CVE-2017-9936.patch
@@ -0,0 +1,47 @@
+Fix CVE-2017-9936:
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2706
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9936
+https://security-tracker.debian.org/tracker/CVE-2017-9936
+
+Patch lifted from upstream source repository (the changes to 'ChangeLog'
+don't apply to the libtiff 4.0.8 release tarball).
+
+3rd party Git reference:
+
+https://github.com/vadz/libtiff/commit/fe8d7165956b88df4837034a9161dc5fd20cf67a
+
+2017-06-26 Even Rouault <even.rouault at spatialys.com>
+
+ * libtiff/tif_jbig.c: fix memory leak in error code path of
+JBIGDecode()
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2706
+ Reported by team OWL337
+
+/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
+new revision: 1.1254; previous revision: 1.1253
+/cvs/maptools/cvsroot/libtiff/libtiff/tif_jbig.c,v <-- libtiff/tif_jbig.c
+new revision: 1.16; previous revision: 1.15
+
+Index: libtiff/libtiff/tif_jbig.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_jbig.c,v
+retrieving revision 1.15
+retrieving revision 1.16
+diff -u -r1.15 -r1.16
+--- libtiff/libtiff/tif_jbig.c 10 Mar 2010 18:56:48 -0000 1.15
++++ libtiff/libtiff/tif_jbig.c 26 Jun 2017 15:20:00 -0000 1.16
+@@ -1,4 +1,4 @@
+-/* $Id: tif_jbig.c,v 1.15 2010-03-10 18:56:48 bfriesen Exp $ */
++/* $Id: tif_jbig.c,v 1.16 2017-06-26 15:20:00 erouault Exp $ */
+
+ /*
+ * Copyright (c) 1988-1997 Sam Leffler
+@@ -94,6 +94,7 @@
+ jbg_strerror(decodeStatus)
+ #endif
+ );
++ jbg_dec_free(&decoder);
+ return 0;
+ }
+
diff --git a/gnu/packages/patches/libtiff-tiffycbcrtorgb-integer-overflow.patch b/gnu/packages/patches/libtiff-tiffycbcrtorgb-integer-overflow.patch
new file mode 100644
index 0000000000..060740d953
--- /dev/null
+++ b/gnu/packages/patches/libtiff-tiffycbcrtorgb-integer-overflow.patch
@@ -0,0 +1,57 @@
+Fix an integer overflow TIFFYCbCrtoRGB():
+
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1844
+
+3rd party Git reference:
+
+https://github.com/vadz/libtiff/commit/02669064e927074819ce1ed39aba0fccaa167717
+
+2017-05-29 Even Rouault <even.rouault at spatialys.com>
+
+ * libtiff/tif_color.c: TIFFYCbCrToRGBInit(): stricter clamping to avoid
+ int32 overflow in TIFFYCbCrtoRGB().
+ Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1844
+ Credit to OSS Fuzz
+
+
+/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
+new revision: 1.1241; previous revision: 1.1240
+/cvs/maptools/cvsroot/libtiff/libtiff/tif_color.c,v <-- libtiff/tif_color.c
+new revision: 1.24; previous revision: 1.23
+
+Index: libtiff/libtiff/tif_color.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_color.c,v
+retrieving revision 1.23
+retrieving revision 1.24
+diff -u -r1.23 -r1.24
+--- libtiff/libtiff/tif_color.c 13 May 2017 18:17:34 -0000 1.23
++++ libtiff/libtiff/tif_color.c 29 May 2017 10:12:54 -0000 1.24
+@@ -1,4 +1,4 @@
+-/* $Id: tif_color.c,v 1.23 2017-05-13 18:17:34 erouault Exp $ */
++/* $Id: tif_color.c,v 1.24 2017-05-29 10:12:54 erouault Exp $ */
+
+ /*
+ * Copyright (c) 1988-1997 Sam Leffler
+@@ -275,10 +275,10 @@
+ for (i = 0, x = -128; i < 256; i++, x++) {
+ int32 Cr = (int32)CLAMPw(Code2V(x, refBlackWhite[4] - 128.0F,
+ refBlackWhite[5] - 128.0F, 127),
+- -128.0F * 64, 128.0F * 64);
++ -128.0F * 32, 128.0F * 32);
+ int32 Cb = (int32)CLAMPw(Code2V(x, refBlackWhite[2] - 128.0F,
+ refBlackWhite[3] - 128.0F, 127),
+- -128.0F * 64, 128.0F * 64);
++ -128.0F * 32, 128.0F * 32);
+
+ ycbcr->Cr_r_tab[i] = (int32)((D1*Cr + ONE_HALF)>>SHIFT);
+ ycbcr->Cb_b_tab[i] = (int32)((D3*Cb + ONE_HALF)>>SHIFT);
+@@ -286,7 +286,7 @@
+ ycbcr->Cb_g_tab[i] = D4*Cb + ONE_HALF;
+ ycbcr->Y_tab[i] =
+ (int32)CLAMPw(Code2V(x + 128, refBlackWhite[0], refBlackWhite[1], 255),
+- -128.0F * 64, 128.0F * 64);
++ -128.0F * 32, 128.0F * 32);
+ }
+ }
+
diff --git a/gnu/packages/patches/libtiff-tiffycbcrtorgbinit-integer-overflow.patch b/gnu/packages/patches/libtiff-tiffycbcrtorgbinit-integer-overflow.patch
new file mode 100644
index 0000000000..a990641a49
--- /dev/null
+++ b/gnu/packages/patches/libtiff-tiffycbcrtorgbinit-integer-overflow.patch
@@ -0,0 +1,43 @@
+Fix an integer overflow in initYCbCrConversion():
+
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1907
+
+3rd party Git reference
+
+https://github.com/vadz/libtiff/commit/468988860e0dae62ebbf991627c74bcbb4bd256f
+
+ * libtiff/tif_getimage.c: initYCbCrConversion(): stricter validation for
+ refBlackWhite coefficients values. To avoid invalid float->int32 conversion
+ (when refBlackWhite[0] == 2147483648.f)
+ Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1907
+ Credit to OSS Fuzz
+
+
+/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
+new revision: 1.1243; previous revision: 1.1242
+/cvs/maptools/cvsroot/libtiff/libtiff/tif_getimage.c,v <-- libtiff/tif_getimage.c
+new revision: 1.107; previous revision: 1.106
+
+Index: libtiff/libtiff/tif_getimage.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_getimage.c,v
+retrieving revision 1.106
+retrieving revision 1.107
+diff -u -r1.106 -r1.107
+--- libtiff/libtiff/tif_getimage.c 20 May 2017 11:29:02 -0000 1.106
++++ libtiff/libtiff/tif_getimage.c 29 May 2017 11:29:06 -0000 1.107
+@@ -1,4 +1,4 @@
+-/* $Id: tif_getimage.c,v 1.106 2017-05-20 11:29:02 erouault Exp $ */
++/* $Id: tif_getimage.c,v 1.107 2017-05-29 11:29:06 erouault Exp $ */
+
+ /*
+ * Copyright (c) 1991-1997 Sam Leffler
+@@ -2241,7 +2241,7 @@
+
+ static int isInRefBlackWhiteRange(float f)
+ {
+- return f >= (float)(-0x7FFFFFFF + 128) && f <= (float)0x7FFFFFFF;
++ return f > (float)(-0x7FFFFFFF + 128) && f < (float)0x7FFFFFFF;
+ }
+
+ static int
diff --git a/gnu/packages/patches/ncurses-CVE-2017-10684-10685.patch b/gnu/packages/patches/ncurses-CVE-2017-10684-10685.patch
new file mode 100644
index 0000000000..1f1b26801d
--- /dev/null
+++ b/gnu/packages/patches/ncurses-CVE-2017-10684-10685.patch
@@ -0,0 +1,200 @@
+Fix CVE-2017-10684 and CVE-2017-10685:
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685
+
+Bug reports included proof of concept reproducer inputs:
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1464684
+https://bugzilla.redhat.com/show_bug.cgi?id=1464685
+https://bugzilla.redhat.com/show_bug.cgi?id=1464686
+https://bugzilla.redhat.com/show_bug.cgi?id=1464687
+https://bugzilla.redhat.com/show_bug.cgi?id=1464688
+https://bugzilla.redhat.com/show_bug.cgi?id=1464691
+https://bugzilla.redhat.com/show_bug.cgi?id=1464692
+
+Patches copied from ncurses patch release 20170701:
+
+ftp://invisible-island.net/ncurses/6.0/ncurses-6.0-20170701.patch.gz
+
+Excerpt from patch release announcement:
+
+ + add/improve checks in tic's parser to address invalid input
+ (Redhat #1464684, #1464685, #1464686, #1464691).
+ + alloc_entry.c, add a check for a null-pointer.
+ + parse_entry.c, add several checks for valid pointers as well as
+ one check to ensure that a single character on a line is not
+ treated as the 2-character termcap short-name.
+ + the fixes for Redhat #1464685 obscured a problem subsequently
+ reported in Redhat #1464687; the given test-case was no longer
+ reproducible. Testing without the fixes for the earlier reports
+ showed a problem with buffer overflow in dump_entry.c, which is
+ addressed by reducing the use of a fixed-size buffer.
+
+https://lists.gnu.org/archive/html/bug-ncurses/2017-07/msg00001.html
+
+--- ncurses-6.0-20170624+/ncurses/tinfo/alloc_entry.c 2017-04-09 23:33:51.000000000 +0000
++++ ncurses-6.0-20170701/ncurses/tinfo/alloc_entry.c 2017-06-27 23:48:55.000000000 +0000
+@@ -96,7 +96,11 @@
+ {
+ char *result = 0;
+ size_t old_next_free = next_free;
+- size_t len = strlen(string) + 1;
++ size_t len;
++
++ if (string == 0)
++ return _nc_save_str("");
++ len = strlen(string) + 1;
+
+ if (len == 1 && next_free != 0) {
+ /*
+--- ncurses-6.0-20170624+/ncurses/tinfo/parse_entry.c 2017-06-24 22:59:46.000000000 +0000
++++ ncurses-6.0-20170701/ncurses/tinfo/parse_entry.c 2017-06-28 00:53:12.000000000 +0000
+@@ -236,13 +236,14 @@
+ * implemented it. Note that the resulting terminal type was never the
+ * 2-character name, but was instead the first alias after that.
+ */
++#define ok_TC2(s) (isgraph(UChar(s)) && (s) != '|')
+ ptr = _nc_curr_token.tk_name;
+ if (_nc_syntax == SYN_TERMCAP
+ #if NCURSES_XNAMES
+ && !_nc_user_definable
+ #endif
+ ) {
+- if (ptr[2] == '|') {
++ if (ok_TC2(ptr[0]) && ok_TC2(ptr[1]) && (ptr[2] == '|')) {
+ ptr += 3;
+ _nc_curr_token.tk_name[2] = '\0';
+ }
+@@ -284,9 +285,11 @@
+ if (is_use || is_tc) {
+ entryp->uses[entryp->nuses].name = _nc_save_str(_nc_curr_token.tk_valstring);
+ entryp->uses[entryp->nuses].line = _nc_curr_line;
+- entryp->nuses++;
+- if (entryp->nuses > 1 && is_tc) {
+- BAD_TC_USAGE
++ if (VALID_STRING(entryp->uses[entryp->nuses].name)) {
++ entryp->nuses++;
++ if (entryp->nuses > 1 && is_tc) {
++ BAD_TC_USAGE
++ }
+ }
+ } else {
+ /* normal token lookup */
+@@ -588,7 +591,7 @@
+ static void
+ append_acs(string_desc * dst, int code, char *src)
+ {
+- if (src != 0 && strlen(src) == 1) {
++ if (VALID_STRING(src) && strlen(src) == 1) {
+ append_acs0(dst, code, *src);
+ }
+ }
+@@ -849,15 +852,14 @@
+ }
+
+ if (tp->Strings[to_ptr->nte_index]) {
++ const char *s = tp->Strings[from_ptr->nte_index];
++ const char *t = tp->Strings[to_ptr->nte_index];
+ /* There's no point in warning about it if it's the same
+ * string; that's just an inefficiency.
+ */
+- if (strcmp(
+- tp->Strings[from_ptr->nte_index],
+- tp->Strings[to_ptr->nte_index]) != 0)
++ if (VALID_STRING(s) && VALID_STRING(t) && strcmp(s, t) != 0)
+ _nc_warning("%s (%s) already has an explicit value %s, ignoring ko",
+- ap->to, ap->from,
+- _nc_visbuf(tp->Strings[to_ptr->nte_index]));
++ ap->to, ap->from, t);
+ continue;
+ }
+
+--- ncurses-6.0-20170624+/progs/dump_entry.c 2017-06-23 22:47:43.000000000 +0000
++++ ncurses-6.0-20170701/progs/dump_entry.c 2017-07-01 11:27:29.000000000 +0000
+@@ -841,9 +841,10 @@
+ PredIdx num_strings = 0;
+ bool outcount = 0;
+
+-#define WRAP_CONCAT \
+- wrap_concat(buffer); \
+- outcount = TRUE
++#define WRAP_CONCAT1(s) wrap_concat(s); outcount = TRUE
++#define WRAP_CONCAT2(a,b) wrap_concat(a); WRAP_CONCAT1(b)
++#define WRAP_CONCAT3(a,b,c) wrap_concat(a); WRAP_CONCAT2(b,c)
++#define WRAP_CONCAT WRAP_CONCAT1(buffer)
+
+ len = 12; /* terminfo file-header */
+
+@@ -1007,9 +1008,9 @@
+ set_attributes = save_sgr;
+
+ trimmed_sgr0 = _nc_trim_sgr0(tterm);
+- if (strcmp(capability, trimmed_sgr0))
++ if (strcmp(capability, trimmed_sgr0)) {
+ capability = trimmed_sgr0;
+- else {
++ } else {
+ if (trimmed_sgr0 != exit_attribute_mode)
+ free(trimmed_sgr0);
+ }
+@@ -1046,13 +1047,21 @@
+ _nc_SPRINTF(buffer, _nc_SLIMIT(sizeof(buffer))
+ "%s=!!! %s WILL NOT CONVERT !!!",
+ name, srccap);
++ WRAP_CONCAT;
+ } else if (suppress_untranslatable) {
+ continue;
+ } else {
+ char *s = srccap, *d = buffer;
+- _nc_SPRINTF(d, _nc_SLIMIT(sizeof(buffer)) "..%s=", name);
+- d += strlen(d);
++ WRAP_CONCAT3("..", name, "=");
+ while ((*d = *s++) != 0) {
++ if ((d - buffer - 1) >= (int) sizeof(buffer)) {
++ fprintf(stderr,
++ "%s: value for %s is too long\n",
++ _nc_progname,
++ name);
++ *d = '\0';
++ break;
++ }
+ if (*d == ':') {
+ *d++ = '\\';
+ *d = ':';
+@@ -1061,13 +1070,12 @@
+ }
+ d++;
+ }
++ WRAP_CONCAT;
+ }
+ } else {
+- _nc_SPRINTF(buffer, _nc_SLIMIT(sizeof(buffer))
+- "%s=%s", name, cv);
++ WRAP_CONCAT3(name, "=", cv);
+ }
+ len += (int) strlen(capability) + 1;
+- WRAP_CONCAT;
+ } else {
+ char *src = _nc_tic_expand(capability,
+ outform == F_TERMINFO, numbers);
+@@ -1083,8 +1091,7 @@
+ strcpy_DYN(&tmpbuf, src);
+ }
+ len += (int) strlen(capability) + 1;
+- wrap_concat(tmpbuf.text);
+- outcount = TRUE;
++ WRAP_CONCAT1(tmpbuf.text);
+ }
+ }
+ /* e.g., trimmed_sgr0 */
+@@ -1526,7 +1533,8 @@
+ }
+ if (len > critlen) {
+ (void) fprintf(stderr,
+- "warning: %s entry is %d bytes long\n",
++ "%s: %s entry is %d bytes long\n",
++ _nc_progname,
+ _nc_first_name(tterm->term_names),
+ len);
+ SHOW_WHY("# WARNING: this entry, %d bytes long, may core-dump %s libraries!\n",
diff --git a/gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch b/gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch
new file mode 100644
index 0000000000..06b2f4fe03
--- /dev/null
+++ b/gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch
@@ -0,0 +1,36 @@
+Resolves a test failure on 32-bit platforms.
+
+https://github.com/pyca/pyopenssl/issues/657
+
+Patch copied from upstream source repository:
+
+https://github.com/pyca/pyopenssl/commit/ecc0325479c0d5c5f2ca88b4550e87cdb59d6c95
+
+From ecc0325479c0d5c5f2ca88b4550e87cdb59d6c95 Mon Sep 17 00:00:00 2001
+From: Alex Gaynor <alex.gaynor@gmail.com>
+Date: Thu, 6 Jul 2017 22:14:44 -0400
+Subject: [PATCH] Fixed #657 -- handle OverflowErrors on large allocation
+ requests
+
+---
+ tests/test_rand.py | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/tests/test_rand.py b/tests/test_rand.py
+index bdd3af08..6adf72a1 100644
+--- a/tests/test_rand.py
++++ b/tests/test_rand.py
+@@ -32,10 +32,10 @@ def test_bytes_wrong_args(self, args):
+
+ def test_insufficient_memory(self):
+ """
+- `OpenSSL.rand.bytes` raises `MemoryError` if more bytes are requested
+- than will fit in memory.
++ `OpenSSL.rand.bytes` raises `MemoryError` or `OverflowError` if more
++ bytes are requested than will fit in memory.
+ """
+- with pytest.raises(MemoryError):
++ with pytest.raises((MemoryError, OverflowError)):
+ rand.bytes(sys.maxsize)
+
+ def test_bytes(self):
diff --git a/gnu/packages/patches/python-pyopenssl-skip-network-test.patch b/gnu/packages/patches/python-pyopenssl-skip-network-test.patch
deleted file mode 100644
index 1ac7324c8b..0000000000
--- a/gnu/packages/patches/python-pyopenssl-skip-network-test.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-This test tries connecting to an external server which is not supported
-in the build environment. See discussion at:
-
-https://lists.gnu.org/archive/html/guix-devel/2016-12/msg00650.html
-
-diff --git a/tests/test_ssl.py b/tests/test_ssl.py
-index ee849fd..60048b8 100644
---- a/tests/test_ssl.py
-+++ b/tests/test_ssl.py
-@@ -1113,33 +1113,6 @@ class TestContext(object):
- reason="set_default_verify_paths appears not to work on Windows. "
- "See LP#404343 and LP#404344."
- )
-- def test_set_default_verify_paths(self):
-- """
-- `Context.set_default_verify_paths` causes the platform-specific CA
-- certificate locations to be used for verification purposes.
-- """
-- # Testing this requires a server with a certificate signed by one
-- # of the CAs in the platform CA location. Getting one of those
-- # costs money. Fortunately (or unfortunately, depending on your
-- # perspective), it's easy to think of a public server on the
-- # internet which has such a certificate. Connecting to the network
-- # in a unit test is bad, but it's the only way I can think of to
-- # really test this. -exarkun
--
-- # Arg, verisign.com doesn't speak anything newer than TLS 1.0
-- context = Context(SSLv23_METHOD)
-- context.set_default_verify_paths()
-- context.set_verify(
-- VERIFY_PEER,
-- lambda conn, cert, errno, depth, preverify_ok: preverify_ok)
--
-- client = socket()
-- client.connect(("encrypted.google.com", 443))
-- clientSSL = Connection(context, client)
-- clientSSL.set_connect_state()
-- clientSSL.do_handshake()
-- clientSSL.send(b"GET / HTTP/1.0\r\n\r\n")
-- assert clientSSL.recv(1024)
-
- def test_add_extra_chain_cert_invalid_cert(self):
- """
diff --git a/gnu/packages/patches/xorg-server-CVE-2017-10971.patch b/gnu/packages/patches/xorg-server-CVE-2017-10971.patch
new file mode 100644
index 0000000000..2696033e58
--- /dev/null
+++ b/gnu/packages/patches/xorg-server-CVE-2017-10971.patch
@@ -0,0 +1,153 @@
+From 215f894965df5fb0bb45b107d84524e700d2073c Mon Sep 17 00:00:00 2001
+From: Michal Srb <msrb@suse.com>
+Date: Wed, 24 May 2017 15:54:40 +0300
+Subject: dix: Disallow GenericEvent in SendEvent request.
+
+The SendEvent request holds xEvent which is exactly 32 bytes long, no more,
+no less. Both ProcSendEvent and SProcSendEvent verify that the received data
+exactly match the request size. However nothing stops the client from passing
+in event with xEvent::type = GenericEvent and any value of
+xGenericEvent::length.
+
+In the case of ProcSendEvent, the event will be eventually passed to
+WriteEventsToClient which will see that it is Generic event and copy the
+arbitrary length from the receive buffer (and possibly past it) and send it to
+the other client. This allows clients to copy unitialized heap memory out of X
+server or to crash it.
+
+In case of SProcSendEvent, it will attempt to swap the incoming event by
+calling a swapping function from the EventSwapVector array. The swapped event
+is written to target buffer, which in this case is local xEvent variable. The
+xEvent variable is 32 bytes long, but the swapping functions for GenericEvents
+expect that the target buffer has size matching the size of the source
+GenericEvent. This allows clients to cause stack buffer overflows.
+
+Signed-off-by: Michal Srb <msrb@suse.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+
+diff --git a/dix/events.c b/dix/events.c
+index 3e3a01e..d3a33ea 100644
+--- a/dix/events.c
++++ b/dix/events.c
+@@ -5366,6 +5366,12 @@ ProcSendEvent(ClientPtr client)
+ client->errorValue = stuff->event.u.u.type;
+ return BadValue;
+ }
++ /* Generic events can have variable size, but SendEvent request holds
++ exactly 32B of event data. */
++ if (stuff->event.u.u.type == GenericEvent) {
++ client->errorValue = stuff->event.u.u.type;
++ return BadValue;
++ }
+ if (stuff->event.u.u.type == ClientMessage &&
+ stuff->event.u.u.detail != 8 &&
+ stuff->event.u.u.detail != 16 && stuff->event.u.u.detail != 32) {
+diff --git a/dix/swapreq.c b/dix/swapreq.c
+index 719e9b8..6785059 100644
+--- a/dix/swapreq.c
++++ b/dix/swapreq.c
+@@ -292,6 +292,13 @@ SProcSendEvent(ClientPtr client)
+ swapl(&stuff->destination);
+ swapl(&stuff->eventMask);
+
++ /* Generic events can have variable size, but SendEvent request holds
++ exactly 32B of event data. */
++ if (stuff->event.u.u.type == GenericEvent) {
++ client->errorValue = stuff->event.u.u.type;
++ return BadValue;
++ }
++
+ /* Swap event */
+ proc = EventSwapVector[stuff->event.u.u.type & 0177];
+ if (!proc || proc == NotImplemented) /* no swapping proc; invalid event type? */
+--
+cgit v0.10.2
+
+From 8caed4df36b1f802b4992edcfd282cbeeec35d9d Mon Sep 17 00:00:00 2001
+From: Michal Srb <msrb@suse.com>
+Date: Wed, 24 May 2017 15:54:41 +0300
+Subject: Xi: Verify all events in ProcXSendExtensionEvent.
+
+The requirement is that events have type in range
+EXTENSION_EVENT_BASE..lastEvent, but it was tested
+only for first event of all.
+
+Signed-off-by: Michal Srb <msrb@suse.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+
+diff --git a/Xi/sendexev.c b/Xi/sendexev.c
+index 1cf118a..5e63bfc 100644
+--- a/Xi/sendexev.c
++++ b/Xi/sendexev.c
+@@ -117,7 +117,7 @@ SProcXSendExtensionEvent(ClientPtr client)
+ int
+ ProcXSendExtensionEvent(ClientPtr client)
+ {
+- int ret;
++ int ret, i;
+ DeviceIntPtr dev;
+ xEvent *first;
+ XEventClass *list;
+@@ -141,10 +141,12 @@ ProcXSendExtensionEvent(ClientPtr client)
+ /* The client's event type must be one defined by an extension. */
+
+ first = ((xEvent *) &stuff[1]);
+- if (!((EXTENSION_EVENT_BASE <= first->u.u.type) &&
+- (first->u.u.type < lastEvent))) {
+- client->errorValue = first->u.u.type;
+- return BadValue;
++ for (i = 0; i < stuff->num_events; i++) {
++ if (!((EXTENSION_EVENT_BASE <= first[i].u.u.type) &&
++ (first[i].u.u.type < lastEvent))) {
++ client->errorValue = first[i].u.u.type;
++ return BadValue;
++ }
+ }
+
+ list = (XEventClass *) (first + stuff->num_events);
+--
+cgit v0.10.2
+
+From ba336b24052122b136486961c82deac76bbde455 Mon Sep 17 00:00:00 2001
+From: Michal Srb <msrb@suse.com>
+Date: Wed, 24 May 2017 15:54:42 +0300
+Subject: Xi: Do not try to swap GenericEvent.
+
+The SProcXSendExtensionEvent must not attempt to swap GenericEvent because
+it is assuming that the event has fixed size and gives the swapping function
+xEvent-sized buffer.
+
+A GenericEvent would be later rejected by ProcXSendExtensionEvent anyway.
+
+Signed-off-by: Michal Srb <msrb@suse.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+
+diff --git a/Xi/sendexev.c b/Xi/sendexev.c
+index 5e63bfc..5c2e0fc 100644
+--- a/Xi/sendexev.c
++++ b/Xi/sendexev.c
+@@ -95,9 +95,17 @@ SProcXSendExtensionEvent(ClientPtr client)
+
+ eventP = (xEvent *) &stuff[1];
+ for (i = 0; i < stuff->num_events; i++, eventP++) {
++ if (eventP->u.u.type == GenericEvent) {
++ client->errorValue = eventP->u.u.type;
++ return BadValue;
++ }
++
+ proc = EventSwapVector[eventP->u.u.type & 0177];
+- if (proc == NotImplemented) /* no swapping proc; invalid event type? */
++ /* no swapping proc; invalid event type? */
++ if (proc == NotImplemented) {
++ client->errorValue = eventP->u.u.type;
+ return BadValue;
++ }
+ (*proc) (eventP, &eventT);
+ *eventP = eventT;
+ }
+--
+cgit v0.10.2
+
diff --git a/gnu/packages/patches/xorg-server-CVE-2017-10972.patch b/gnu/packages/patches/xorg-server-CVE-2017-10972.patch
new file mode 100644
index 0000000000..f24e9c0ae6
--- /dev/null
+++ b/gnu/packages/patches/xorg-server-CVE-2017-10972.patch
@@ -0,0 +1,35 @@
+From 05442de962d3dc624f79fc1a00eca3ffc5489ced Mon Sep 17 00:00:00 2001
+From: Michal Srb <msrb@suse.com>
+Date: Wed, 24 May 2017 15:54:39 +0300
+Subject: Xi: Zero target buffer in SProcXSendExtensionEvent.
+
+Make sure that the xEvent eventT is initialized with zeros, the same way as
+in SProcSendEvent.
+
+Some event swapping functions do not overwrite all 32 bytes of xEvent
+structure, for example XSecurityAuthorizationRevoked. Two cooperating
+clients, one swapped and the other not, can send
+XSecurityAuthorizationRevoked event to each other to retrieve old stack data
+from X server. This can be potentialy misused to go around ASLR or
+stack-protector.
+
+Signed-off-by: Michal Srb <msrb@suse.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+
+diff --git a/Xi/sendexev.c b/Xi/sendexev.c
+index 11d8202..1cf118a 100644
+--- a/Xi/sendexev.c
++++ b/Xi/sendexev.c
+@@ -78,7 +78,7 @@ SProcXSendExtensionEvent(ClientPtr client)
+ {
+ CARD32 *p;
+ int i;
+- xEvent eventT;
++ xEvent eventT = { .u.u.type = 0 };
+ xEvent *eventP;
+ EventSwapPtr proc;
+
+--
+cgit v0.10.2
+