From 91304b79453440a90c366cb667a19d91eb5752e2 Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Mon, 9 Dec 2019 22:27:31 +0100
Subject: gnu: mesa: Update to 19.2.7.

* gnu/packages/patches/mesa-timespec-test-32bit.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/gl.scm (mesa): Update to 19.2.7.
[source](patches): Remove obsolete.
---
 gnu/local.mk | 1 -
 1 file changed, 1 deletion(-)

(limited to 'gnu/local.mk')

diff --git a/gnu/local.mk b/gnu/local.mk
index 0faa0ba07c..a76f222abd 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1136,7 +1136,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/mcrypt-CVE-2012-4527.patch			\
   %D%/packages/patches/mes-remove-store-name.patch		\
   %D%/packages/patches/mesa-skip-disk-cache-test.patch		\
-  %D%/packages/patches/mesa-timespec-test-32bit.patch		\
   %D%/packages/patches/mescc-tools-boot.patch			\
   %D%/packages/patches/meson-for-build-rpath.patch		\
   %D%/packages/patches/metabat-fix-compilation.patch		\
-- 
cgit v1.2.3


From 99732a8f2286782f6e89280c0b398764aac5b31e Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Tue, 10 Dec 2019 16:05:49 +0100
Subject: gnu: orc: Update to 0.4.31.

* gnu/packages/patches/orc-typedef-enum.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/gstreamer.scm (orc): Update to 0.4.31.
[source](patches): Remove.
---
 gnu/local.mk                                |  1 -
 gnu/packages/gstreamer.scm                  |  5 ++---
 gnu/packages/patches/orc-typedef-enum.patch | 17 -----------------
 3 files changed, 2 insertions(+), 21 deletions(-)
 delete mode 100644 gnu/packages/patches/orc-typedef-enum.patch

(limited to 'gnu/local.mk')

diff --git a/gnu/local.mk b/gnu/local.mk
index a76f222abd..21102514a9 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1212,7 +1212,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/openssl-c-rehash-in.patch		\
   %D%/packages/patches/openssl-CVE-2019-1559.patch		\
   %D%/packages/patches/open-zwave-hidapi.patch			\
-  %D%/packages/patches/orc-typedef-enum.patch			\
   %D%/packages/patches/orpheus-cast-errors-and-includes.patch	\
   %D%/packages/patches/osip-CVE-2017-7853.patch			\
   %D%/packages/patches/ots-no-include-missing-file.patch	\
diff --git a/gnu/packages/gstreamer.scm b/gnu/packages/gstreamer.scm
index 51b9d8f11c..bed9e36ce6 100644
--- a/gnu/packages/gstreamer.scm
+++ b/gnu/packages/gstreamer.scm
@@ -69,15 +69,14 @@
 (define-public orc
   (package
     (name "orc")
-    (version "0.4.30")
+    (version "0.4.31")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://gstreamer.freedesktop.org/data/src/"
                                   "orc/orc-" version ".tar.xz"))
-              (patches (search-patches "orc-typedef-enum.patch"))
               (sha256
                (base32
-                "0wj93im7i8a6546q2r8sp39yjfbxflkc0ygb0b8iqsd58qhvjhds"))))
+                "0xb0c7q3xv1ldmz5ipybazb01gy3cijj8622dcx7rbm9lq85zax0"))))
     (build-system meson-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/patches/orc-typedef-enum.patch b/gnu/packages/patches/orc-typedef-enum.patch
deleted file mode 100644
index 207bf32ba9..0000000000
--- a/gnu/packages/patches/orc-typedef-enum.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-Orc 0.4.30 has a bug that causes duplicate symbols due to a missing typedef.
-
-Taken from upstream:
-https://gitlab.freedesktop.org/gstreamer/orc/merge_requests/32
-
-diff --git a/orc/orctarget.h b/orc/orctarget.h
---- a/orc/orctarget.h
-+++ b/orc/orctarget.h
-@@ -19,7 +19,7 @@ enum {
-   ORC_TARGET_FAST_DENORMAL = (1<<31)
- };
- 
--enum {
-+typedef enum {
-   ORC_TARGET_POWERPC_64BIT = (1<<0),
-   ORC_TARGET_POWERPC_LE = (1<<1),
-   ORC_TARGET_POWERPC_ALTIVEC = (1<<2),
-- 
cgit v1.2.3


From f8a8984c4b95538d027dd63e23d8340dfbea72e2 Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Wed, 11 Dec 2019 22:40:40 +0100
Subject: gnu: nss: Remove replacement package.

The merge preceding this commit ignored the 'replacement' added to nss in
commit 04b33ce205f38813b4dbd04b6ad3c7aa0be0b6f6, because the security fix is
already present in NSS 3.48.  This commit removes the remaining bits.

* gnu/packages/patches/nss-CVE-2019-11745.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/nss.scm (nss/fixed): Remove variable.
---
 gnu/local.mk                                  |  1 -
 gnu/packages/nss.scm                          |  8 --------
 gnu/packages/patches/nss-CVE-2019-11745.patch | 24 ------------------------
 3 files changed, 33 deletions(-)
 delete mode 100644 gnu/packages/patches/nss-CVE-2019-11745.patch

(limited to 'gnu/local.mk')

diff --git a/gnu/local.mk b/gnu/local.mk
index 4d89f17bbe..21102514a9 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1179,7 +1179,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/ngircd-handle-zombies.patch		\
   %D%/packages/patches/nm-plugin-path.patch			\
   %D%/packages/patches/nsis-env-passthru.patch			\
-  %D%/packages/patches/nss-CVE-2019-11745.patch			\
   %D%/packages/patches/nss-freebl-stubs.patch			\
   %D%/packages/patches/nss-increase-test-timeout.patch		\
   %D%/packages/patches/nss-pkgconfig.patch			\
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index e81c859a51..2e34f8e26f 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -183,11 +183,3 @@ applications.  Applications built with NSS can support SSL v2 and v3, TLS,
 PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other
 security standards.")
     (license license:mpl2.0)))
-
-(define nss/fixed
-  (package
-    (inherit nss)
-    (source (origin
-              (inherit (package-source nss))
-              (patches (append (search-patches "nss-CVE-2019-11745.patch")
-                               (origin-patches (package-source nss))))))))
diff --git a/gnu/packages/patches/nss-CVE-2019-11745.patch b/gnu/packages/patches/nss-CVE-2019-11745.patch
deleted file mode 100644
index ae0eeda3c8..0000000000
--- a/gnu/packages/patches/nss-CVE-2019-11745.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Fix CVE-2019-11745 (Out-of-bounds write when passing an output buffer smaller
-than the block size to NSC_EncryptUpdate).
-
-Copied from Debian, equivalent to upstream fix:
-<https://hg.mozilla.org/projects/nss/rev/1e22a0c93afe9f46545560c86caedef9dab6cfda>.
-
-# HG changeset patch
-# User Craig Disselkoen <cdisselk@cs.ucsd.edu>
-# Date 1574189697 25200
-# Node ID 60bca7c6dc6dc44579b9b3e0fb62ca3b82d92eec
-# Parent  64e55c9f658e2a75f0835d00a8a1cdc2f25c74d6
-Bug 1586176 - EncryptUpdate should use maxout not block size. r=franziskus
-
---- a/nss/lib/softoken/pkcs11c.c
-+++ b/nss/lib/softoken/pkcs11c.c
-@@ -1285,7 +1285,7 @@ NSC_EncryptUpdate(CK_SESSION_HANDLE hSes
-             }
-             /* encrypt the current padded data */
-             rv = (*context->update)(context->cipherInfo, pEncryptedPart,
--                                    &padoutlen, context->blockSize, context->padBuf,
-+                                    &padoutlen, maxout, context->padBuf,
-                                     context->blockSize);
-             if (rv != SECSuccess) {
-                 return sftk_MapCryptError(PORT_GetError());
-- 
cgit v1.2.3


From eccd2c14d6b42142e85ed517e8cfa81a73b6bd88 Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Wed, 11 Dec 2019 19:38:08 +0100
Subject: gnu: pcre2: Update to 10.34.

* gnu/packages/patches/pcre2-fix-jit_match-crash.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/pcre.scm (pcre2): Update to 10.34.
[source](patches): Remove.
---
 gnu/local.mk                                       |  1 -
 .../patches/pcre2-fix-jit_match-crash.patch        | 25 ----------------------
 gnu/packages/pcre.scm                              |  5 ++---
 3 files changed, 2 insertions(+), 29 deletions(-)
 delete mode 100644 gnu/packages/patches/pcre2-fix-jit_match-crash.patch

(limited to 'gnu/local.mk')

diff --git a/gnu/local.mk b/gnu/local.mk
index 21102514a9..b1b5045469 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1222,7 +1222,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/pam-mount-luks2-support.patch		\
   %D%/packages/patches/patchutils-test-perms.patch		\
   %D%/packages/patches/patch-hurd-path-max.patch		\
-  %D%/packages/patches/pcre2-fix-jit_match-crash.patch		\
   %D%/packages/patches/perl-autosplit-default-time.patch	\
   %D%/packages/patches/perl-deterministic-ordering.patch	\
   %D%/packages/patches/perl-finance-quote-unuse-mozilla-ca.patch \
diff --git a/gnu/packages/patches/pcre2-fix-jit_match-crash.patch b/gnu/packages/patches/pcre2-fix-jit_match-crash.patch
deleted file mode 100644
index 7543319ee9..0000000000
--- a/gnu/packages/patches/pcre2-fix-jit_match-crash.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From: Tobias Geerinckx-Rice <me@tobias.gr>
-Date: Thu, 01 Aug 2019 21:12:52 +0200
-Subject: [PATCH] gnu: pcre2: Fix jit_match crash.
-
-Fixes <https://bugs.exim.org/show_bug.cgi?id=2421>, reported as a ‘secrity
-problem’.
-
-Copied verbatim from upstream[0].
-
-[0]: https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_jit_compile.c?view=patch&r1=1089&r2=1092&pathrev=1092
-
---- trunk/src/pcre2_jit_compile.c	2019/05/10 13:15:20	1089
-+++ trunk/src/pcre2_jit_compile.c	2019/05/13 16:38:18	1092
-@@ -8571,7 +8571,10 @@
- PCRE2_SPTR bptr;
- uint32_t c;
- 
--GETCHARINC(c, cc);
-+/* Patch by PH */
-+/* GETCHARINC(c, cc); */
-+
-+c = *cc++;
- #if PCRE2_CODE_UNIT_WIDTH == 32
- if (c >= 0x110000)
-   return NULL;
diff --git a/gnu/packages/pcre.scm b/gnu/packages/pcre.scm
index 91c32d6e5d..560244619e 100644
--- a/gnu/packages/pcre.scm
+++ b/gnu/packages/pcre.scm
@@ -89,15 +89,14 @@ POSIX regular expression API.")
 (define-public pcre2
   (package
     (name "pcre2")
-    (version "10.33")
+    (version "10.34")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/pcre/pcre2/"
                                   version "/pcre2-" version ".tar.bz2"))
-              (patches (search-patches "pcre2-fix-jit_match-crash.patch"))
               (sha256
                (base32
-                "1anqi7vpbfzag7imccrc6di1zl5rl63ab7rfpmajpw6d1kzlsl9m"))))
+                "1jlqnzcz2yi70dm40wyfa9w8is9z2kh4dl8zjnv3vqd9mgzp7i3l"))))
    (build-system gnu-build-system)
    (inputs `(("bzip2" ,bzip2)
              ("readline" ,readline)
-- 
cgit v1.2.3