From d3e3a6adcd77abdf6c8253b5c13ac0d3a3d80fdd Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Thu, 30 May 2019 13:55:44 +0200 Subject: gnu: Remove libevent@2.0. * gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch, gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch, gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch, gnu/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch, gnu/packages/patches/libevent-dns-tests.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/libevent.scm (libevevent-2.0): Remove variable. --- gnu/local.mk | 5 ----- 1 file changed, 5 deletions(-) (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 55a8fcd361..b0992547b4 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -985,11 +985,6 @@ dist_patch_DATA = \ %D%/packages/patches/libcroco-CVE-2017-7960.patch \ %D%/packages/patches/libcroco-CVE-2017-7961.patch \ %D%/packages/patches/libdrm-symbol-check.patch \ - %D%/packages/patches/libevent-dns-tests.patch \ - %D%/packages/patches/libevent-2.0-CVE-2016-10195.patch \ - %D%/packages/patches/libevent-2.0-CVE-2016-10196.patch \ - %D%/packages/patches/libevent-2.0-CVE-2016-10197.patch \ - %D%/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch \ %D%/packages/patches/libexif-CVE-2016-6328.patch \ %D%/packages/patches/libexif-CVE-2017-7544.patch \ %D%/packages/patches/libgcrypt-make-yat2m-reproducible.patch \ -- cgit v1.2.3 From d46fc636e6797a1601cc7a7a8eaf72759c495c89 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Tue, 4 Jun 2019 17:49:14 +0200 Subject: gnu: borg: Update to 1.1.10. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/backup.scm (borg): Update to 1.1.10. [source]: Remove upstreamed patch. Remove msgpack and broken references to it. [arguments]: Add ‘use-system-msgpack’ phase. * gnu/packages/patches/borg-fix-hard-link-preloading.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/backup.scm | 19 ++- .../patches/borg-fix-hard-link-preloading.patch | 157 --------------------- 3 files changed, 14 insertions(+), 163 deletions(-) delete mode 100644 gnu/packages/patches/borg-fix-hard-link-preloading.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index b0992547b4..9680212c06 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -690,7 +690,6 @@ dist_patch_DATA = \ %D%/packages/patches/blender-2.79-newer-ffmpeg.patch \ %D%/packages/patches/blender-2.79-python-3.7-fix.patch \ %D%/packages/patches/boost-fix-icu-build.patch \ - %D%/packages/patches/borg-fix-hard-link-preloading.patch \ %D%/packages/patches/byobu-writable-status.patch \ %D%/packages/patches/calibre-no-updates-dialog.patch \ %D%/packages/patches/calibre-remove-test-bs4.patch \ diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm index 70cc06c736..0bd894f958 100644 --- a/gnu/packages/backup.scm +++ b/gnu/packages/backup.scm @@ -511,15 +511,13 @@ detection, and lossless compression.") (define-public borg (package (name "borg") - (version "1.1.9") + (version "1.1.10") (source (origin (method url-fetch) (uri (pypi-uri "borgbackup" version)) (sha256 - (base32 - "0x95nhv4h34m8cxycbwc4xdz350saaxlgh727b23bgn4ci7gh3vx")) - (patches (search-patches "borg-fix-hard-link-preloading.patch")) + (base32 "1pp70p4n5kamvcbl4d8021ggrxhyykmg9isjg4yd3wags8b19d7g")) (modules '((guix build utils))) (snippet '(begin @@ -541,7 +539,12 @@ detection, and lossless compression.") ;; Remove bundled shared libraries. (with-directory-excursion "src/borg/algorithms" (for-each delete-file-recursively - (list "blake2" "lz4" "zstd"))) + (list "blake2" "lz4" "msgpack" "zstd"))) + ;; Purge some msgpack references from setup.py or the resulting + ;; sources will be unbuildable. + (substitute* "setup.py" + ((".*Extension\\('borg\\.algorithms\\.msgpack\\..*") "") + (("msgpack_packer_source, msgpack_unpacker_source") "")) #t)))) (build-system python-build-system) (arguments @@ -565,6 +568,12 @@ detection, and lossless compression.") ;; HOME=/homeless-shelter. (setenv "HOME" "/tmp") #t))) + (add-after 'unpack 'use-system-msgpack + (lambda _ + (substitute* "src/borg/helpers.py" + (("prefer_system_msgpack = False") + "prefer_system_msgpack = True")) + #t)) ;; The tests need to be run after Borg is installed. (delete 'check) (add-after 'install 'check diff --git a/gnu/packages/patches/borg-fix-hard-link-preloading.patch b/gnu/packages/patches/borg-fix-hard-link-preloading.patch deleted file mode 100644 index 92a4e22674..0000000000 --- a/gnu/packages/patches/borg-fix-hard-link-preloading.patch +++ /dev/null @@ -1,157 +0,0 @@ -Fix a bug that would cause the test suite to hang: - -https://github.com/borgbackup/borg/issues/4350 - -Patch copied from upstream source repository: - -https://github.com/borgbackup/borg/commit/18242ab9e2f26c450b8507aa1d5eceadab8ad027 - -From 18242ab9e2f26c450b8507aa1d5eceadab8ad027 Mon Sep 17 00:00:00 2001 -From: Thomas Waldmann -Date: Thu, 2 May 2019 21:02:26 +0200 -Subject: [PATCH] preload chunks for hardlink slaves w/o preloaded master, - fixes #4350 - -also split the hardlink extraction test into 2 tests. - -(cherry picked from commit f33f318d816505161d1449a02ddfdeb97d6fe80a) ---- - src/borg/archive.py | 42 +++++++++++++++++++++++++++++----- - src/borg/archiver.py | 5 ++-- - src/borg/testsuite/archiver.py | 20 +++++++++------- - 3 files changed, 51 insertions(+), 16 deletions(-) - -diff --git a/src/borg/archive.py b/src/borg/archive.py -index adc1f42c..0793672a 100644 ---- a/src/borg/archive.py -+++ b/src/borg/archive.py -@@ -192,7 +192,7 @@ def __init__(self, repository, key): - self.repository = repository - self.key = key - -- def unpack_many(self, ids, filter=None, preload=False): -+ def unpack_many(self, ids, filter=None, partial_extract=False, preload=False, hardlink_masters=None): - """ - Return iterator of items. - -@@ -209,12 +209,40 @@ def unpack_many(self, ids, filter=None, preload=False): - for item in items: - if 'chunks' in item: - item.chunks = [ChunkListEntry(*e) for e in item.chunks] -+ -+ def preload(chunks): -+ self.repository.preload([c.id for c in chunks]) -+ - if filter: - items = [item for item in items if filter(item)] -+ - if preload: -- for item in items: -- if 'chunks' in item: -- self.repository.preload([c.id for c in item.chunks]) -+ if filter and partial_extract: -+ # if we do only a partial extraction, it gets a bit -+ # complicated with computing the preload items: if a hardlink master item is not -+ # selected (== not extracted), we will still need to preload its chunks if a -+ # corresponding hardlink slave is selected (== is extracted). -+ # due to a side effect of the filter() call, we now have hardlink_masters dict populated. -+ masters_preloaded = set() -+ for item in items: -+ if 'chunks' in item: # regular file, maybe a hardlink master -+ preload(item.chunks) -+ # if this is a hardlink master, remember that we already preloaded it: -+ if 'source' not in item and hardlinkable(item.mode) and item.get('hardlink_master', True): -+ masters_preloaded.add(item.path) -+ elif 'source' in item and hardlinkable(item.mode): # hardlink slave -+ source = item.source -+ if source not in masters_preloaded: -+ # we only need to preload *once* (for the 1st selected slave) -+ chunks, _ = hardlink_masters[source] -+ preload(chunks) -+ masters_preloaded.add(source) -+ else: -+ # easy: we do not have a filter, thus all items are selected, thus we need to preload all chunks. -+ for item in items: -+ if 'chunks' in item: -+ preload(item.chunks) -+ - for item in items: - yield item - -@@ -433,8 +461,10 @@ def item_filter(self, item, filter=None): - return False - return filter(item) if filter else True - -- def iter_items(self, filter=None, preload=False): -- for item in self.pipeline.unpack_many(self.metadata.items, preload=preload, -+ def iter_items(self, filter=None, partial_extract=False, preload=False, hardlink_masters=None): -+ assert not (filter and partial_extract and preload) or hardlink_masters is not None -+ for item in self.pipeline.unpack_many(self.metadata.items, partial_extract=partial_extract, -+ preload=preload, hardlink_masters=hardlink_masters, - filter=lambda item: self.item_filter(item, filter)): - yield item - -diff --git a/src/borg/archiver.py b/src/borg/archiver.py -index 957959d6..dcc20455 100644 ---- a/src/borg/archiver.py -+++ b/src/borg/archiver.py -@@ -755,7 +755,8 @@ def peek_and_store_hardlink_masters(item, matched): - else: - pi = None - -- for item in archive.iter_items(filter, preload=True): -+ for item in archive.iter_items(filter, partial_extract=partial_extract, -+ preload=True, hardlink_masters=hardlink_masters): - orig_path = item.path - if strip_components: - item.path = os.sep.join(orig_path.split(os.sep)[strip_components:]) -@@ -997,7 +998,7 @@ def item_to_tarinfo(item, original_path): - return None, stream - return tarinfo, stream - -- for item in archive.iter_items(filter, preload=True): -+ for item in archive.iter_items(filter, preload=True, hardlink_masters=hardlink_masters): - orig_path = item.path - if strip_components: - item.path = os.sep.join(orig_path.split(os.sep)[strip_components:]) -diff --git a/src/borg/testsuite/archiver.py b/src/borg/testsuite/archiver.py -index c35ad800..935b3d79 100644 ---- a/src/borg/testsuite/archiver.py -+++ b/src/borg/testsuite/archiver.py -@@ -823,7 +823,18 @@ def test_mount_hardlinks(self): - assert open('input/dir1/subdir/hardlink', 'rb').read() == b'123456' - - @requires_hardlinks -- def test_extract_hardlinks(self): -+ def test_extract_hardlinks1(self): -+ self._extract_hardlinks_setup() -+ with changedir('output'): -+ self.cmd('extract', self.repository_location + '::test') -+ assert os.stat('input/source').st_nlink == 4 -+ assert os.stat('input/abba').st_nlink == 4 -+ assert os.stat('input/dir1/hardlink').st_nlink == 4 -+ assert os.stat('input/dir1/subdir/hardlink').st_nlink == 4 -+ assert open('input/dir1/subdir/hardlink', 'rb').read() == b'123456' -+ -+ @requires_hardlinks -+ def test_extract_hardlinks2(self): - self._extract_hardlinks_setup() - with changedir('output'): - self.cmd('extract', self.repository_location + '::test', '--strip-components', '2') -@@ -839,13 +850,6 @@ def test_extract_hardlinks(self): - assert open('input/dir1/subdir/hardlink', 'rb').read() == b'123456' - assert os.stat('input/dir1/aaaa').st_nlink == 2 - assert os.stat('input/dir1/source2').st_nlink == 2 -- with changedir('output'): -- self.cmd('extract', self.repository_location + '::test') -- assert os.stat('input/source').st_nlink == 4 -- assert os.stat('input/abba').st_nlink == 4 -- assert os.stat('input/dir1/hardlink').st_nlink == 4 -- assert os.stat('input/dir1/subdir/hardlink').st_nlink == 4 -- assert open('input/dir1/subdir/hardlink', 'rb').read() == b'123456' - - def test_extract_include_exclude(self): - self.cmd('init', '--encryption=repokey', self.repository_location) --- -2.21.0 - -- cgit v1.2.3 From 3588419553176daadcb59644037d169574542b42 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Tue, 4 Jun 2019 18:25:58 +0200 Subject: gnu: polkit: Update to 0.116 [fixes CVE-2019-6133]. * gnu/packages/patches/polkit-CVE-2018-19788.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/polkit.scm (polkit): Update to 0.116. [source](patches): Remove. [inputs]: Change MOZJS-52 to MOZJS-60. [arguments]: Add CXXFLAGS=-std=gnu++11 to #:configure-flags. --- gnu/local.mk | 1 - gnu/packages/patches/polkit-CVE-2018-19788.patch | 197 ----------------------- gnu/packages/polkit.scm | 10 +- 3 files changed, 6 insertions(+), 202 deletions(-) delete mode 100644 gnu/packages/patches/polkit-CVE-2018-19788.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 9680212c06..6878aef44a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1163,7 +1163,6 @@ dist_patch_DATA = \ %D%/packages/patches/plink-endian-detection.patch \ %D%/packages/patches/plotutils-libpng-jmpbuf.patch \ %D%/packages/patches/podofo-cmake-3.12.patch \ - %D%/packages/patches/polkit-CVE-2018-19788.patch \ %D%/packages/patches/portaudio-audacity-compat.patch \ %D%/packages/patches/portmidi-modular-build.patch \ %D%/packages/patches/postgresql-disable-resolve_symlinks.patch \ diff --git a/gnu/packages/patches/polkit-CVE-2018-19788.patch b/gnu/packages/patches/polkit-CVE-2018-19788.patch deleted file mode 100644 index 58cde6c5dc..0000000000 --- a/gnu/packages/patches/polkit-CVE-2018-19788.patch +++ /dev/null @@ -1,197 +0,0 @@ -Fix CVE-2018-19788: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19788 -https://gitlab.freedesktop.org/polkit/polkit/issues/74 - -Patch copied from upstream source repository: - -https://gitlab.freedesktop.org/polkit/polkit/commit/2cb40c4d5feeaa09325522bd7d97910f1b59e379 - -From 2cb40c4d5feeaa09325522bd7d97910f1b59e379 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Mon, 3 Dec 2018 10:28:58 +0100 -Subject: [PATCH] Allow negative uids/gids in PolkitUnixUser and Group objects - -(uid_t) -1 is still used as placeholder to mean "unset". This is OK, since -there should be no users with such number, see -https://systemd.io/UIDS-GIDS#special-linux-uids. - -(uid_t) -1 is used as the default value in class initialization. - -When a user or group above INT32_MAX is created, the numeric uid or -gid wraps around to negative when the value is assigned to gint, and -polkit gets confused. Let's accept such gids, except for -1. - -A nicer fix would be to change the underlying type to e.g. uint32 to -not have negative values. But this cannot be done without breaking the -API, so likely new functions will have to be added (a -polkit_unix_user_new variant that takes a unsigned, and the same for -_group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will -require a bigger patch. - -Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74. ---- - src/polkit/polkitunixgroup.c | 15 +++++++++++---- - src/polkit/polkitunixprocess.c | 12 ++++++++---- - src/polkit/polkitunixuser.c | 13 ++++++++++--- - 3 files changed, 29 insertions(+), 11 deletions(-) - -diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c -index c57a1aa..309f689 100644 ---- a/src/polkit/polkitunixgroup.c -+++ b/src/polkit/polkitunixgroup.c -@@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT, - static void - polkit_unix_group_init (PolkitUnixGroup *unix_group) - { -+ unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */ - } - - static void -@@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object, - GParamSpec *pspec) - { - PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object); -+ gint val; - - switch (prop_id) - { - case PROP_GID: -- unix_group->gid = g_value_get_int (value); -+ val = g_value_get_int (value); -+ g_return_if_fail (val != -1); -+ unix_group->gid = val; - break; - - default: -@@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass) - g_param_spec_int ("gid", - "Group ID", - "The UNIX group ID", -- 0, -+ G_MININT, - G_MAXINT, -- 0, -+ -1, - G_PARAM_CONSTRUCT | - G_PARAM_READWRITE | - G_PARAM_STATIC_NAME | -@@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group) - */ - void - polkit_unix_group_set_gid (PolkitUnixGroup *group, -- gint gid) -+ gint gid) - { - g_return_if_fail (POLKIT_IS_UNIX_GROUP (group)); -+ g_return_if_fail (gid != -1); - group->gid = gid; - } - -@@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group, - PolkitIdentity * - polkit_unix_group_new (gint gid) - { -+ g_return_val_if_fail (gid != -1, NULL); -+ - return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP, - "gid", gid, - NULL)); -diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c -index 972b777..b02b258 100644 ---- a/src/polkit/polkitunixprocess.c -+++ b/src/polkit/polkitunixprocess.c -@@ -159,9 +159,14 @@ polkit_unix_process_set_property (GObject *object, - polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); - break; - -- case PROP_UID: -- polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); -+ case PROP_UID: { -+ gint val; -+ -+ val = g_value_get_int (value); -+ g_return_if_fail (val != -1); -+ polkit_unix_process_set_uid (unix_process, val); - break; -+ } - - case PROP_START_TIME: - polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); -@@ -239,7 +244,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) - g_param_spec_int ("uid", - "User ID", - "The UNIX user ID", -- -1, -+ G_MININT, - G_MAXINT, - -1, - G_PARAM_CONSTRUCT | -@@ -303,7 +308,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process, - gint uid) - { - g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); -- g_return_if_fail (uid >= -1); - process->uid = uid; - } - -diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c -index 8bfd3a1..234a697 100644 ---- a/src/polkit/polkitunixuser.c -+++ b/src/polkit/polkitunixuser.c -@@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT, - static void - polkit_unix_user_init (PolkitUnixUser *unix_user) - { -+ unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */ - unix_user->name = NULL; - } - -@@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object, - GParamSpec *pspec) - { - PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object); -+ gint val; - - switch (prop_id) - { - case PROP_UID: -- unix_user->uid = g_value_get_int (value); -+ val = g_value_get_int (value); -+ g_return_if_fail (val != -1); -+ unix_user->uid = val; - break; - - default: -@@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass) - g_param_spec_int ("uid", - "User ID", - "The UNIX user ID", -- 0, -+ G_MININT, - G_MAXINT, -- 0, -+ -1, - G_PARAM_CONSTRUCT | - G_PARAM_READWRITE | - G_PARAM_STATIC_NAME | -@@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, - gint uid) - { - g_return_if_fail (POLKIT_IS_UNIX_USER (user)); -+ g_return_if_fail (uid != -1); - user->uid = uid; - } - -@@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, - PolkitIdentity * - polkit_unix_user_new (gint uid) - { -+ g_return_val_if_fail (uid != -1, NULL); -+ - return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER, - "uid", uid, - NULL)); --- -2.18.1 - diff --git a/gnu/packages/polkit.scm b/gnu/packages/polkit.scm index ccb8ebf8f8..ac24adef43 100644 --- a/gnu/packages/polkit.scm +++ b/gnu/packages/polkit.scm @@ -43,16 +43,15 @@ (define-public polkit (package (name "polkit") - (version "0.115") + (version "0.116") (source (origin (method url-fetch) (uri (string-append "https://www.freedesktop.org/software/polkit/releases/" name "-" version ".tar.gz")) - (patches (search-patches "polkit-CVE-2018-19788.patch")) (sha256 (base32 - "0c91y61y4gy6p91cwbzg32dhavw4b7fflg370rimqhdxpzdfr1rg")) + "1c9lbpndh5zis22f154vjrhnqw65z8s85nrgl42v738yf6g0q5w8")) (modules '((guix build utils))) (snippet '(begin @@ -90,7 +89,7 @@ `(("expat" ,expat) ("linux-pam" ,linux-pam) ("elogind" ,elogind) - ("mozjs" ,mozjs-52) + ("mozjs" ,mozjs-60) ("nspr" ,nspr))) (propagated-inputs `(("glib" ,glib))) ; required by polkit-gobject-1.pc @@ -101,6 +100,9 @@ ("gobject-introspection" ,gobject-introspection))) (arguments `(#:configure-flags '("--sysconfdir=/etc" + ;; XXX: MozJS 60 requires the C++11 ABI or higher. + ;; Remove when the default compiler is >= GCC 6. + "CXXFLAGS=-std=gnu++11" "--enable-man-pages") #:phases (modify-phases %standard-phases -- cgit v1.2.3