diff options
| author | Marius Bakke <mbakke@fastmail.com> | 2018-08-25 16:44:07 +0200 |
|---|---|---|
| committer | Marius Bakke <mbakke@fastmail.com> | 2018-08-25 16:44:07 +0200 |
| commit | 839167ff9d74fc490b32f6a197591964f73b65e5 (patch) | |
| tree | d193bfad7c9ef5597c5cd7d2ea25fd007d01f88a /gnu/packages/patches | |
| parent | 27c1df05a866b639a61e16d48b3f2da8fa5eb767 (diff) | |
| parent | 030c912616c8ee1595218e304460041bcb4f1ceb (diff) | |
Merge branch 'staging' into core-updates
Diffstat (limited to 'gnu/packages/patches')
19 files changed, 580 insertions, 921 deletions
diff --git a/gnu/packages/patches/aegisub-icu59-include-unistr.patch b/gnu/packages/patches/aegisub-icu59-include-unistr.patch new file mode 100644 index 0000000000..78414741be --- /dev/null +++ b/gnu/packages/patches/aegisub-icu59-include-unistr.patch @@ -0,0 +1,12 @@ +This patch adds an include needed since icu59: +Source: https://git.archlinux.org/svntogit/community.git/plain/trunk/icu59.patch?h=packages/aegisub +--- aegisub-3.2.2/src/utils.cpp 2014-12-08 02:07:09.000000000 +0200 ++++ aegisub-3.2.2/src/utils.cpp 2017-04-26 11:11:15.438239182 +0300 +@@ -44,6 +44,7 @@ + #include <boost/filesystem/path.hpp> + #include <map> + #include <unicode/locid.h> ++#include <unicode/unistr.h> + #include <wx/clipbrd.h> + #include <wx/filedlg.h> + #include <wx/stdpaths.h> diff --git a/gnu/packages/patches/btrfs-progs-e-value-block.patch b/gnu/packages/patches/btrfs-progs-e-value-block.patch deleted file mode 100644 index 6365146431..0000000000 --- a/gnu/packages/patches/btrfs-progs-e-value-block.patch +++ /dev/null @@ -1,37 +0,0 @@ -From c78f59a971ce4b543f3177e383b677862b2d9fb5 Mon Sep 17 00:00:00 2001 -From: Qu Wenruo <wqu@suse.com> -Date: Wed, 14 Mar 2018 08:56:57 +0800 -Subject: [PATCH] btrfs-progs: convert/ext2: Remove check for - ext2_ext_attr_entry->e_value_block - -In latest e2fsprogs (1.44.0) definition of ext2_ext_attr_entry has -removed member e_value_block, as currently ext* doesn't support it set -anyway. - -So remove such check so that we can pass compile. - -Issue: #110 -Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199071 -Signed-off-by: Qu Wenruo <wqu@suse.com> -Signed-off-by: David Sterba <dsterba@suse.com> ---- - convert/source-ext2.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/convert/source-ext2.c b/convert/source-ext2.c -index b1492c78..070126ec 100644 ---- a/convert/source-ext2.c -+++ b/convert/source-ext2.c -@@ -422,8 +422,7 @@ static int ext2_xattr_check_entry(struct ext2_ext_attr_entry *entry, - { - size_t value_size = entry->e_value_size; - -- if (entry->e_value_block != 0 || value_size > size || -- entry->e_value_offs + value_size > size) -+ if (value_size > size || entry->e_value_offs + value_size > size) - return -EIO; - return 0; - } --- -2.16.3 - diff --git a/gnu/packages/patches/byobu-writable-status.patch b/gnu/packages/patches/byobu-writable-status.patch index 2858280273..31dc1f2fd3 100644 --- a/gnu/packages/patches/byobu-writable-status.patch +++ b/gnu/packages/patches/byobu-writable-status.patch @@ -1,13 +1,13 @@ Skeleton status files are installed read-only. When copying to the config dir upon initialization, make sure they end up writable. ---- byobu-5.98/usr/bin/byobu-janitor.in -+++ byobu-5.98/usr/bin/byobu-janitor.in +--- byobu-5.127/usr/bin/byobu-janitor.in ++++ byobu-5.127/usr/bin/byobu-janitor.in @@ -82,6 +82,7 @@ if [ ! -r "$BYOBU_CONFIG_DIR/$f" ]; then # Copy from skeleton, if possible cp -f "$BYOBU_PREFIX/share/$PKG/status/$f" "$BYOBU_CONFIG_DIR/$f" + chmod +w "$BYOBU_CONFIG_DIR/$f" - # Enable ec2_cost, if we're in ec2 and seeding a new setup - if metadata_available; then - $BYOBU_SED_INLINE -e "s/#ec2_cost/ec2_cost/g" "$($BYOBU_READLINK -f $BYOBU_CONFIG_DIR/$f)" + fi + done + diff --git a/gnu/packages/patches/clementine-fix-sqlite.patch b/gnu/packages/patches/clementine-fix-sqlite.patch new file mode 100644 index 0000000000..f9d44f9074 --- /dev/null +++ b/gnu/packages/patches/clementine-fix-sqlite.patch @@ -0,0 +1,23 @@ +Patch downloaded from https://github.com/clementine-player/Clementine/pull/5669 . + +diff -ruN clementine-1.3.1.565.gd20c2244a.orig/src/core/database.cpp clementine-1.3.1.565.gd20c2244a/src/core/database.cpp +--- clementine-1.3.1.565.gd20c2244a.orig/src/core/database.cpp 2018-07-07 23:59:24.018540126 +0200 ++++ clementine-1.3.1.565.gd20c2244a/src/core/database.cpp 2018-07-08 00:04:47.991551728 +0200 +@@ -265,6 +265,17 @@ + StaticInit(); + + { ++ ++#ifdef SQLITE_DBCONFIG_ENABLE_FTS3_TOKENIZER ++ // In case sqlite>=3.12 is compiled without -DSQLITE_ENABLE_FTS3_TOKENIZER ++ // (generally a good idea due to security reasons) the fts3 support should be enabled explicitly. ++ QVariant v = db.driver()->handle(); ++ if (v.isValid() && qstrcmp(v.typeName(), "sqlite3*") == 0) { ++ sqlite3 *handle = *static_cast<sqlite3**>(v.data()); ++ if (handle) sqlite3_db_config(handle, SQLITE_DBCONFIG_ENABLE_FTS3_TOKENIZER, 1, NULL); ++ } ++#endif ++ + QSqlQuery set_fts_tokenizer(db); + set_fts_tokenizer.prepare("SELECT fts3_tokenizer(:name, :pointer)"); + set_fts_tokenizer.bindValue(":name", "unicode"); diff --git a/gnu/packages/patches/eigen-arm-neon-fixes.patch b/gnu/packages/patches/eigen-arm-neon-fixes.patch deleted file mode 100644 index 0838f30463..0000000000 --- a/gnu/packages/patches/eigen-arm-neon-fixes.patch +++ /dev/null @@ -1,245 +0,0 @@ -# HG changeset patch -# User Gael Guennebaud <g.gael@free.fr> -# Date 1497514590 -7200 -# Node ID d781c1de98342c5ca29c2fe719d8d3c96a35dcd4 -# Parent 48cd83b2b459aa9f3f5dca135d38760fe0b02a2f -Bug 1436: fix compilation of Jacobi rotations with ARM NEON, some specializations of internal::conj_helper were missing. - -diff --git a/Eigen/Core b/Eigen/Core ---- a/Eigen/Core -+++ b/Eigen/Core -@@ -371,6 +371,7 @@ - #include "src/Core/MathFunctions.h" - #include "src/Core/GenericPacketMath.h" - #include "src/Core/MathFunctionsImpl.h" -+#include "src/Core/arch/Default/ConjHelper.h" - - #if defined EIGEN_VECTORIZE_AVX512 - #include "src/Core/arch/SSE/PacketMath.h" -diff --git a/Eigen/src/Core/arch/AVX/Complex.h b/Eigen/src/Core/arch/AVX/Complex.h ---- a/Eigen/src/Core/arch/AVX/Complex.h -+++ b/Eigen/src/Core/arch/AVX/Complex.h -@@ -204,23 +204,7 @@ - } - }; - --template<> struct conj_helper<Packet8f, Packet4cf, false,false> --{ -- EIGEN_STRONG_INLINE Packet4cf pmadd(const Packet8f& x, const Packet4cf& y, const Packet4cf& c) const -- { return padd(c, pmul(x,y)); } -- -- EIGEN_STRONG_INLINE Packet4cf pmul(const Packet8f& x, const Packet4cf& y) const -- { return Packet4cf(Eigen::internal::pmul(x, y.v)); } --}; -- --template<> struct conj_helper<Packet4cf, Packet8f, false,false> --{ -- EIGEN_STRONG_INLINE Packet4cf pmadd(const Packet4cf& x, const Packet8f& y, const Packet4cf& c) const -- { return padd(c, pmul(x,y)); } -- -- EIGEN_STRONG_INLINE Packet4cf pmul(const Packet4cf& x, const Packet8f& y) const -- { return Packet4cf(Eigen::internal::pmul(x.v, y)); } --}; -+EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet4cf,Packet8f) - - template<> EIGEN_STRONG_INLINE Packet4cf pdiv<Packet4cf>(const Packet4cf& a, const Packet4cf& b) - { -@@ -400,23 +384,7 @@ - } - }; - --template<> struct conj_helper<Packet4d, Packet2cd, false,false> --{ -- EIGEN_STRONG_INLINE Packet2cd pmadd(const Packet4d& x, const Packet2cd& y, const Packet2cd& c) const -- { return padd(c, pmul(x,y)); } -- -- EIGEN_STRONG_INLINE Packet2cd pmul(const Packet4d& x, const Packet2cd& y) const -- { return Packet2cd(Eigen::internal::pmul(x, y.v)); } --}; -- --template<> struct conj_helper<Packet2cd, Packet4d, false,false> --{ -- EIGEN_STRONG_INLINE Packet2cd pmadd(const Packet2cd& x, const Packet4d& y, const Packet2cd& c) const -- { return padd(c, pmul(x,y)); } -- -- EIGEN_STRONG_INLINE Packet2cd pmul(const Packet2cd& x, const Packet4d& y) const -- { return Packet2cd(Eigen::internal::pmul(x.v, y)); } --}; -+EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet2cd,Packet4d) - - template<> EIGEN_STRONG_INLINE Packet2cd pdiv<Packet2cd>(const Packet2cd& a, const Packet2cd& b) - { -diff --git a/Eigen/src/Core/arch/AltiVec/Complex.h b/Eigen/src/Core/arch/AltiVec/Complex.h ---- a/Eigen/src/Core/arch/AltiVec/Complex.h -+++ b/Eigen/src/Core/arch/AltiVec/Complex.h -@@ -224,23 +224,7 @@ - } - }; - --template<> struct conj_helper<Packet4f, Packet2cf, false,false> --{ -- EIGEN_STRONG_INLINE Packet2cf pmadd(const Packet4f& x, const Packet2cf& y, const Packet2cf& c) const -- { return padd(c, pmul(x,y)); } -- -- EIGEN_STRONG_INLINE Packet2cf pmul(const Packet4f& x, const Packet2cf& y) const -- { return Packet2cf(internal::pmul<Packet4f>(x, y.v)); } --}; -- --template<> struct conj_helper<Packet2cf, Packet4f, false,false> --{ -- EIGEN_STRONG_INLINE Packet2cf pmadd(const Packet2cf& x, const Packet4f& y, const Packet2cf& c) const -- { return padd(c, pmul(x,y)); } -- -- EIGEN_STRONG_INLINE Packet2cf pmul(const Packet2cf& x, const Packet4f& y) const -- { return Packet2cf(internal::pmul<Packet4f>(x.v, y)); } --}; -+EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet2cf,Packet4f) - - template<> EIGEN_STRONG_INLINE Packet2cf pdiv<Packet2cf>(const Packet2cf& a, const Packet2cf& b) - { -@@ -416,23 +400,8 @@ - return pconj(internal::pmul(a, b)); - } - }; --template<> struct conj_helper<Packet2d, Packet1cd, false,false> --{ -- EIGEN_STRONG_INLINE Packet1cd pmadd(const Packet2d& x, const Packet1cd& y, const Packet1cd& c) const -- { return padd(c, pmul(x,y)); } - -- EIGEN_STRONG_INLINE Packet1cd pmul(const Packet2d& x, const Packet1cd& y) const -- { return Packet1cd(internal::pmul<Packet2d>(x, y.v)); } --}; -- --template<> struct conj_helper<Packet1cd, Packet2d, false,false> --{ -- EIGEN_STRONG_INLINE Packet1cd pmadd(const Packet1cd& x, const Packet2d& y, const Packet1cd& c) const -- { return padd(c, pmul(x,y)); } -- -- EIGEN_STRONG_INLINE Packet1cd pmul(const Packet1cd& x, const Packet2d& y) const -- { return Packet1cd(internal::pmul<Packet2d>(x.v, y)); } --}; -+EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet1cd,Packet2d) - - template<> EIGEN_STRONG_INLINE Packet1cd pdiv<Packet1cd>(const Packet1cd& a, const Packet1cd& b) - { -diff --git a/Eigen/src/Core/arch/Default/ConjHelper.h b/Eigen/src/Core/arch/Default/ConjHelper.h -new file mode 100644 ---- /dev/null -+++ b/Eigen/src/Core/arch/Default/ConjHelper.h -@@ -0,0 +1,29 @@ -+ -+// This file is part of Eigen, a lightweight C++ template library -+// for linear algebra. -+// -+// Copyright (C) 2017 Gael Guennebaud <gael.guennebaud@inria.fr> -+// -+// This Source Code Form is subject to the terms of the Mozilla -+// Public License v. 2.0. If a copy of the MPL was not distributed -+// with this file, You can obtain one at http://mozilla.org/MPL/2.0/. -+ -+#ifndef EIGEN_ARCH_CONJ_HELPER_H -+#define EIGEN_ARCH_CONJ_HELPER_H -+ -+#define EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(PACKET_CPLX, PACKET_REAL) \ -+ template<> struct conj_helper<PACKET_REAL, PACKET_CPLX, false,false> { \ -+ EIGEN_STRONG_INLINE PACKET_CPLX pmadd(const PACKET_REAL& x, const PACKET_CPLX& y, const PACKET_CPLX& c) const \ -+ { return padd(c, pmul(x,y)); } \ -+ EIGEN_STRONG_INLINE PACKET_CPLX pmul(const PACKET_REAL& x, const PACKET_CPLX& y) const \ -+ { return PACKET_CPLX(Eigen::internal::pmul<PACKET_REAL>(x, y.v)); } \ -+ }; \ -+ \ -+ template<> struct conj_helper<PACKET_CPLX, PACKET_REAL, false,false> { \ -+ EIGEN_STRONG_INLINE PACKET_CPLX pmadd(const PACKET_CPLX& x, const PACKET_REAL& y, const PACKET_CPLX& c) const \ -+ { return padd(c, pmul(x,y)); } \ -+ EIGEN_STRONG_INLINE PACKET_CPLX pmul(const PACKET_CPLX& x, const PACKET_REAL& y) const \ -+ { return PACKET_CPLX(Eigen::internal::pmul<PACKET_REAL>(x.v, y)); } \ -+ }; -+ -+#endif // EIGEN_ARCH_CONJ_HELPER_H -diff --git a/Eigen/src/Core/arch/NEON/Complex.h b/Eigen/src/Core/arch/NEON/Complex.h ---- a/Eigen/src/Core/arch/NEON/Complex.h -+++ b/Eigen/src/Core/arch/NEON/Complex.h -@@ -265,6 +265,8 @@ - } - }; - -+EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet2cf,Packet4f) -+ - template<> EIGEN_STRONG_INLINE Packet2cf pdiv<Packet2cf>(const Packet2cf& a, const Packet2cf& b) - { - // TODO optimize it for NEON -@@ -456,6 +458,8 @@ - } - }; - -+EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet1cd,Packet2d) -+ - template<> EIGEN_STRONG_INLINE Packet1cd pdiv<Packet1cd>(const Packet1cd& a, const Packet1cd& b) - { - // TODO optimize it for NEON -diff --git a/Eigen/src/Core/arch/SSE/Complex.h b/Eigen/src/Core/arch/SSE/Complex.h ---- a/Eigen/src/Core/arch/SSE/Complex.h -+++ b/Eigen/src/Core/arch/SSE/Complex.h -@@ -229,23 +229,7 @@ - } - }; - --template<> struct conj_helper<Packet4f, Packet2cf, false,false> --{ -- EIGEN_STRONG_INLINE Packet2cf pmadd(const Packet4f& x, const Packet2cf& y, const Packet2cf& c) const -- { return padd(c, pmul(x,y)); } -- -- EIGEN_STRONG_INLINE Packet2cf pmul(const Packet4f& x, const Packet2cf& y) const -- { return Packet2cf(Eigen::internal::pmul<Packet4f>(x, y.v)); } --}; -- --template<> struct conj_helper<Packet2cf, Packet4f, false,false> --{ -- EIGEN_STRONG_INLINE Packet2cf pmadd(const Packet2cf& x, const Packet4f& y, const Packet2cf& c) const -- { return padd(c, pmul(x,y)); } -- -- EIGEN_STRONG_INLINE Packet2cf pmul(const Packet2cf& x, const Packet4f& y) const -- { return Packet2cf(Eigen::internal::pmul<Packet4f>(x.v, y)); } --}; -+EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet2cf,Packet4f) - - template<> EIGEN_STRONG_INLINE Packet2cf pdiv<Packet2cf>(const Packet2cf& a, const Packet2cf& b) - { -@@ -430,23 +414,7 @@ - } - }; - --template<> struct conj_helper<Packet2d, Packet1cd, false,false> --{ -- EIGEN_STRONG_INLINE Packet1cd pmadd(const Packet2d& x, const Packet1cd& y, const Packet1cd& c) const -- { return padd(c, pmul(x,y)); } -- -- EIGEN_STRONG_INLINE Packet1cd pmul(const Packet2d& x, const Packet1cd& y) const -- { return Packet1cd(Eigen::internal::pmul<Packet2d>(x, y.v)); } --}; -- --template<> struct conj_helper<Packet1cd, Packet2d, false,false> --{ -- EIGEN_STRONG_INLINE Packet1cd pmadd(const Packet1cd& x, const Packet2d& y, const Packet1cd& c) const -- { return padd(c, pmul(x,y)); } -- -- EIGEN_STRONG_INLINE Packet1cd pmul(const Packet1cd& x, const Packet2d& y) const -- { return Packet1cd(Eigen::internal::pmul<Packet2d>(x.v, y)); } --}; -+EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet1cd,Packet2d) - - template<> EIGEN_STRONG_INLINE Packet1cd pdiv<Packet1cd>(const Packet1cd& a, const Packet1cd& b) - { -diff --git a/Eigen/src/Core/arch/ZVector/Complex.h b/Eigen/src/Core/arch/ZVector/Complex.h ---- a/Eigen/src/Core/arch/ZVector/Complex.h -+++ b/Eigen/src/Core/arch/ZVector/Complex.h -@@ -336,6 +336,9 @@ - } - }; - -+EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet2cf,Packet4f) -+EIGEN_MAKE_CONJ_HELPER_CPLX_REAL(Packet1cd,Packet2d) -+ - template<> EIGEN_STRONG_INLINE Packet1cd pdiv<Packet1cd>(const Packet1cd& a, const Packet1cd& b) - { - // TODO optimize it for AltiVec diff --git a/gnu/packages/patches/extundelete-e2fsprogs-1.44.patch b/gnu/packages/patches/extundelete-e2fsprogs-1.44.patch new file mode 100644 index 0000000000..5a93a39b23 --- /dev/null +++ b/gnu/packages/patches/extundelete-e2fsprogs-1.44.patch @@ -0,0 +1,23 @@ +From: Tobias Geerinckx-Rice <me@tobias.gr> +Date: Thu, 16 Aug 2018 21:12:30 +0200 +Subject: extundelete: Fix build with e2fsprogs 1.44. + +The ‘inode.i_file_acl’ field was replaced with ‘inode.i_size_high’. I'm +not sure the field name is still accurate or useful, so don't print it +at all. + +Based on this[0] patch by ‘conikost’[1]. + +[0]: https://sourceforge.net/p/extundelete/tickets/5/ +[1]: https://sourceforge.net/u/conikost + +--- a/src/insertionops.cc 2012-12-30 18:23:32.000000000 +0100 ++++ b/src/insertionops.cc 2018-05-07 22:58:13.065868723 +0200 +@@ -33,7 +33,6 @@ + os << "File flags: " << inode.i_flags << std::endl; + os << "File version (for NFS): " << inode.i_generation << std::endl; + os << "File ACL: " << inode.i_file_acl << std::endl; +- os << "Directory ACL: " << inode.i_dir_acl << std::endl; + os << "Fragment address: " << inode.i_faddr << std::endl; + os << "Direct blocks: "; + for (int n = 0; n < EXT2_NDIR_BLOCKS; n++) diff --git a/gnu/packages/patches/gcc-4.8-libsanitizer-fix.patch b/gnu/packages/patches/gcc-4.8-libsanitizer-fix.patch new file mode 100644 index 0000000000..86a3ee912d --- /dev/null +++ b/gnu/packages/patches/gcc-4.8-libsanitizer-fix.patch @@ -0,0 +1,15 @@ +This is a backport of part of this patch from 6.5 to 4.8: + + https://gcc.gnu.org/git/?p=gcc.git;a=patch;h=8937b94d1a643fd9760714642296d034a45254a8 + +--- a/libsanitizer/tsan/tsan_platform_linux.cc ++++ b/libsanitizer/tsan/tsan_platform_linux.cc +@@ -351,7 +351,7 @@ bool IsGlobalVar(uptr addr) { + // closes within glibc. The code is a pure hack. + int ExtractResolvFDs(void *state, int *fds, int nfd) { + int cnt = 0; +- __res_state *statp = (__res_state*)state; ++ struct __res_state *statp = (struct __res_state*)state; + for (int i = 0; i < MAXNS && cnt < nfd; i++) { + if (statp->_u._ext.nsaddrs[i] && statp->_u._ext.nssocks[i] != -1) + fds[cnt++] = statp->_u._ext.nssocks[i]; diff --git a/gnu/packages/patches/gdm-CVE-2018-14424.patch b/gnu/packages/patches/gdm-CVE-2018-14424.patch new file mode 100644 index 0000000000..88a71f4151 --- /dev/null +++ b/gnu/packages/patches/gdm-CVE-2018-14424.patch @@ -0,0 +1,172 @@ +Fix CVE-2018-14424: + +https://gitlab.gnome.org/GNOME/gdm/issues/401 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14424 + +Patch copied from upstream source repository: + +https://gitlab.gnome.org/GNOME/gdm/commit/1ac1697b3b019f50729a6e992065959586e170da + +From 1ac1697b3b019f50729a6e992065959586e170da Mon Sep 17 00:00:00 2001 +From: Chris Coulson <chris.coulson@canonical.com> +Date: Thu, 19 Jul 2018 18:26:05 +0100 +Subject: [PATCH] display-store: Pass the display object rather than the id in + the removed signal + +By the time GdmDisplayStore emits the "display-removed" signal, the display +is no longer in the store and gdm_display_store_lookup will not work in +signal handlers. + +Change the "display-removed" parameter from the display id to the GdmDisplay +object, so that signal handers can perform any cleanup they need to do + +CVE-2018-14424 + +Closes: https://gitlab.gnome.org/GNOME/gdm/issues/401 +--- + daemon/gdm-display-store.c | 11 +++-------- + daemon/gdm-display-store.h | 2 +- + daemon/gdm-local-display-factory.c | 13 +++---------- + daemon/gdm-manager.c | 19 +++++++++---------- + daemon/gdm-manager.h | 3 ++- + 5 files changed, 18 insertions(+), 30 deletions(-) + +diff --git a/daemon/gdm-display-store.c b/daemon/gdm-display-store.c +index af76f519..fd24334e 100644 +--- a/daemon/gdm-display-store.c ++++ b/daemon/gdm-display-store.c +@@ -76,15 +76,10 @@ stored_display_new (GdmDisplayStore *store, + static void + stored_display_free (StoredDisplay *stored_display) + { +- char *id; +- +- gdm_display_get_id (stored_display->display, &id, NULL); +- + g_signal_emit (G_OBJECT (stored_display->store), + signals[DISPLAY_REMOVED], + 0, +- id); +- g_free (id); ++ stored_display->display); + + g_debug ("GdmDisplayStore: Unreffing display: %p", + stored_display->display); +@@ -281,9 +276,9 @@ gdm_display_store_class_init (GdmDisplayStoreClass *klass) + G_STRUCT_OFFSET (GdmDisplayStoreClass, display_removed), + NULL, + NULL, +- g_cclosure_marshal_VOID__STRING, ++ g_cclosure_marshal_VOID__OBJECT, + G_TYPE_NONE, +- 1, G_TYPE_STRING); ++ 1, G_TYPE_OBJECT); + + g_type_class_add_private (klass, sizeof (GdmDisplayStorePrivate)); + } +diff --git a/daemon/gdm-display-store.h b/daemon/gdm-display-store.h +index 28359933..0aff8ee2 100644 +--- a/daemon/gdm-display-store.h ++++ b/daemon/gdm-display-store.h +@@ -49,7 +49,7 @@ typedef struct + void (* display_added) (GdmDisplayStore *display_store, + const char *id); + void (* display_removed) (GdmDisplayStore *display_store, +- const char *id); ++ GdmDisplay *display); + } GdmDisplayStoreClass; + + typedef enum +diff --git a/daemon/gdm-local-display-factory.c b/daemon/gdm-local-display-factory.c +index 5f1ae89e..39f3e30a 100644 +--- a/daemon/gdm-local-display-factory.c ++++ b/daemon/gdm-local-display-factory.c +@@ -805,18 +805,11 @@ on_display_added (GdmDisplayStore *display_store, + + static void + on_display_removed (GdmDisplayStore *display_store, +- const char *id, ++ GdmDisplay *display, + GdmLocalDisplayFactory *factory) + { +- GdmDisplay *display; +- +- display = gdm_display_store_lookup (display_store, id); +- +- if (display != NULL) { +- g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), factory); +- g_object_weak_unref (G_OBJECT (display), (GWeakNotify)on_display_disposed, factory); +- +- } ++ g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), factory); ++ g_object_weak_unref (G_OBJECT (display), (GWeakNotify)on_display_disposed, factory); + } + + static gboolean +diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c +index f17bd1a5..f6684a8b 100644 +--- a/daemon/gdm-manager.c ++++ b/daemon/gdm-manager.c +@@ -1541,19 +1541,18 @@ on_display_status_changed (GdmDisplay *display, + + static void + on_display_removed (GdmDisplayStore *display_store, +- const char *id, ++ GdmDisplay *display, + GdmManager *manager) + { +- GdmDisplay *display; ++ char *id; + +- display = gdm_display_store_lookup (display_store, id); +- if (display != NULL) { +- g_dbus_object_manager_server_unexport (manager->priv->object_manager, id); ++ gdm_display_get_id (display, &id, NULL); ++ g_dbus_object_manager_server_unexport (manager->priv->object_manager, id); ++ g_free (id); + +- g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), manager); ++ g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), manager); + +- g_signal_emit (manager, signals[DISPLAY_REMOVED], 0, id); +- } ++ g_signal_emit (manager, signals[DISPLAY_REMOVED], 0, display); + } + + static void +@@ -2535,9 +2534,9 @@ gdm_manager_class_init (GdmManagerClass *klass) + G_STRUCT_OFFSET (GdmManagerClass, display_removed), + NULL, + NULL, +- g_cclosure_marshal_VOID__STRING, ++ g_cclosure_marshal_VOID__OBJECT, + G_TYPE_NONE, +- 1, G_TYPE_STRING); ++ 1, G_TYPE_OBJECT); + + g_object_class_install_property (object_class, + PROP_XDMCP_ENABLED, +diff --git a/daemon/gdm-manager.h b/daemon/gdm-manager.h +index 41c68a7a..c8fb3f22 100644 +--- a/daemon/gdm-manager.h ++++ b/daemon/gdm-manager.h +@@ -24,6 +24,7 @@ + + #include <glib-object.h> + ++#include "gdm-display.h" + #include "gdm-manager-glue.h" + + G_BEGIN_DECLS +@@ -50,7 +51,7 @@ typedef struct + void (* display_added) (GdmManager *manager, + const char *id); + void (* display_removed) (GdmManager *manager, +- const char *id); ++ GdmDisplay *display); + } GdmManagerClass; + + typedef enum +-- +2.17.1 + diff --git a/gnu/packages/patches/lxc-CVE-2018-6556.patch b/gnu/packages/patches/lxc-CVE-2018-6556.patch deleted file mode 100644 index 7eab7101f1..0000000000 --- a/gnu/packages/patches/lxc-CVE-2018-6556.patch +++ /dev/null @@ -1,116 +0,0 @@ -Fix CVE-2018-6556: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6556 -https://bugzilla.suse.com/show_bug.cgi?id=988348#c8 - -Patch copied from upstream source repository: - -https://github.com/lxc/lxc/commit/c1cf54ebf251fdbad1e971679614e81649f1c032 - -From c1cf54ebf251fdbad1e971679614e81649f1c032 Mon Sep 17 00:00:00 2001 -From: Christian Brauner <christian.brauner@ubuntu.com> -Date: Wed, 25 Jul 2018 19:56:54 +0200 -Subject: [PATCH] CVE 2018-6556: verify netns fd in lxc-user-nic - -Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> ---- - src/lxc/cmd/lxc_user_nic.c | 35 ++++++++++++++++++++++++++++++++--- - src/lxc/utils.c | 12 ++++++++++++ - src/lxc/utils.h | 5 +++++ - 3 files changed, 49 insertions(+), 3 deletions(-) - -diff --git a/src/lxc/cmd/lxc_user_nic.c b/src/lxc/cmd/lxc_user_nic.c -index ec9cd97e0..c5beb6c8d 100644 ---- a/src/lxc/cmd/lxc_user_nic.c -+++ b/src/lxc/cmd/lxc_user_nic.c -@@ -1179,12 +1179,41 @@ int main(int argc, char *argv[]) - exit(EXIT_FAILURE); - } - } else if (request == LXC_USERNIC_DELETE) { -- netns_fd = open(args.pid, O_RDONLY); -+ char opath[LXC_PROC_PID_FD_LEN]; -+ -+ /* Open the path with O_PATH which will not trigger an actual -+ * open(). Don't report an errno to the caller to not leak -+ * information whether the path exists or not. -+ * When stracing setuid is stripped so this is not a concern -+ * either. -+ */ -+ netns_fd = open(args.pid, O_PATH | O_CLOEXEC); - if (netns_fd < 0) { -- usernic_error("Could not open \"%s\": %s\n", args.pid, -- strerror(errno)); -+ usernic_error("Failed to open \"%s\"\n", args.pid); -+ exit(EXIT_FAILURE); -+ } -+ -+ if (!fhas_fs_type(netns_fd, NSFS_MAGIC)) { -+ usernic_error("Path \"%s\" does not refer to a network namespace path\n", args.pid); -+ close(netns_fd); -+ exit(EXIT_FAILURE); -+ } -+ -+ ret = snprintf(opath, sizeof(opath), "/proc/self/fd/%d", netns_fd); -+ if (ret < 0 || (size_t)ret >= sizeof(opath)) { -+ close(netns_fd); -+ exit(EXIT_FAILURE); -+ } -+ -+ /* Now get an fd that we can use in setns() calls. */ -+ ret = open(opath, O_RDONLY | O_CLOEXEC); -+ if (ret < 0) { -+ usernic_error("Failed to open \"%s\": %s\n", args.pid, strerror(errno)); -+ close(netns_fd); - exit(EXIT_FAILURE); - } -+ close(netns_fd); -+ netns_fd = ret; - } - - if (!create_db_dir(LXC_USERNIC_DB)) { -diff --git a/src/lxc/utils.c b/src/lxc/utils.c -index 530b1f81a..3b854e35b 100644 ---- a/src/lxc/utils.c -+++ b/src/lxc/utils.c -@@ -2544,6 +2544,18 @@ bool has_fs_type(const char *path, fs_type_magic magic_val) - return has_type; - } - -+bool fhas_fs_type(int fd, fs_type_magic magic_val) -+{ -+ int ret; -+ struct statfs sb; -+ -+ ret = fstatfs(fd, &sb); -+ if (ret < 0) -+ return false; -+ -+ return is_fs_type(&sb, magic_val); -+} -+ - bool lxc_nic_exists(char *nic) - { - #define __LXC_SYS_CLASS_NET_LEN 15 + IFNAMSIZ + 1 -diff --git a/src/lxc/utils.h b/src/lxc/utils.h -index 6a0bebded..0805f5d0d 100644 ---- a/src/lxc/utils.h -+++ b/src/lxc/utils.h -@@ -95,6 +95,10 @@ - #define CGROUP2_SUPER_MAGIC 0x63677270 - #endif - -+#ifndef NSFS_MAGIC -+#define NSFS_MAGIC 0x6e736673 -+#endif -+ - /* Useful macros */ - /* Maximum number for 64 bit integer is a string with 21 digits: 2^64 - 1 = 21 */ - #define LXC_NUMSTRLEN64 21 -@@ -580,6 +584,7 @@ extern void *must_realloc(void *orig, size_t sz); - /* __typeof__ should be safe to use with all compilers. */ - typedef __typeof__(((struct statfs *)NULL)->f_type) fs_type_magic; - extern bool has_fs_type(const char *path, fs_type_magic magic_val); -+extern bool fhas_fs_type(int fd, fs_type_magic magic_val); - extern bool is_fs_type(const struct statfs *fs, fs_type_magic magic_val); - extern bool lxc_nic_exists(char *nic); - extern int lxc_make_tmpfile(char *template, bool rm); diff --git a/gnu/packages/patches/openssl-1.1.0-CVE-2018-0495.patch b/gnu/packages/patches/openssl-1.1.0-CVE-2018-0495.patch deleted file mode 100644 index 15dedbcbd0..0000000000 --- a/gnu/packages/patches/openssl-1.1.0-CVE-2018-0495.patch +++ /dev/null @@ -1,152 +0,0 @@ -Fix CVE-2018-0495: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495 -https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/ - -Patch copied from upstream source repository: - -https://github.com/openssl/openssl/commit/0c27d793745c7837b13646302b6890a556b7017a - -From 0c27d793745c7837b13646302b6890a556b7017a Mon Sep 17 00:00:00 2001 -From: Matt Caswell <matt@openssl.org> -Date: Fri, 25 May 2018 12:10:13 +0100 -Subject: [PATCH] Add blinding to an ECDSA signature - -Keegan Ryan (NCC Group) has demonstrated a side channel attack on an -ECDSA signature operation. During signing the signer calculates: - -s:= k^-1 * (m + r * priv_key) mod order - -The addition operation above provides a sufficient signal for a -flush+reload attack to derive the private key given sufficient signature -operations. - -As a mitigation (based on a suggestion from Keegan) we add blinding to -the operation so that: - -s := k^-1 * blind^-1 (blind * m + blind * r * priv_key) mod order - -Since this attack is a localhost side channel only no CVE is assigned. - -Reviewed-by: Rich Salz <rsalz@openssl.org> ---- - CHANGES | 4 +++ - crypto/ec/ecdsa_ossl.c | 70 +++++++++++++++++++++++++++++++++++++----- - 2 files changed, 67 insertions(+), 7 deletions(-) - -diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c -index 72e2f0f28b..449be0e92a 100644 ---- a/crypto/ec/ecdsa_ossl.c -+++ b/crypto/ec/ecdsa_ossl.c -@@ -210,7 +210,8 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, - EC_KEY *eckey) - { - int ok = 0, i; -- BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL; -+ BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL, *blind = NULL; -+ BIGNUM *blindm = NULL; - const BIGNUM *order, *ckinv; - BN_CTX *ctx = NULL; - const EC_GROUP *group; -@@ -243,8 +244,18 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, - } - s = ret->s; - -- if ((ctx = BN_CTX_new()) == NULL || -- (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) { -+ ctx = BN_CTX_secure_new(); -+ if (ctx == NULL) { -+ ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ BN_CTX_start(ctx); -+ tmp = BN_CTX_get(ctx); -+ m = BN_CTX_get(ctx); -+ blind = BN_CTX_get(ctx); -+ blindm = BN_CTX_get(ctx); -+ if (blindm == NULL) { - ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE); - goto err; - } -@@ -284,18 +295,64 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, - } - } - -- if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) { -+ /* -+ * The normal signature calculation is: -+ * -+ * s := k^-1 * (m + r * priv_key) mod order -+ * -+ * We will blind this to protect against side channel attacks -+ * -+ * s := k^-1 * blind^-1 * (blind * m + blind * r * priv_key) mod order -+ */ -+ -+ /* Generate a blinding value */ -+ do { -+ if (!BN_rand(blind, BN_num_bits(order) - 1, BN_RAND_TOP_ANY, -+ BN_RAND_BOTTOM_ANY)) -+ goto err; -+ } while (BN_is_zero(blind)); -+ BN_set_flags(blind, BN_FLG_CONSTTIME); -+ BN_set_flags(blindm, BN_FLG_CONSTTIME); -+ BN_set_flags(tmp, BN_FLG_CONSTTIME); -+ -+ /* tmp := blind * priv_key * r mod order */ -+ if (!BN_mod_mul(tmp, blind, priv_key, order, ctx)) { - ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); - goto err; - } -- if (!BN_mod_add_quick(s, tmp, m, order)) { -+ if (!BN_mod_mul(tmp, tmp, ret->r, order, ctx)) { - ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); - goto err; - } -+ -+ /* blindm := blind * m mod order */ -+ if (!BN_mod_mul(blindm, blind, m, order, ctx)) { -+ ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* s : = (blind * priv_key * r) + (blind * m) mod order */ -+ if (!BN_mod_add_quick(s, tmp, blindm, order)) { -+ ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* s:= s * blind^-1 mod order */ -+ if (BN_mod_inverse(blind, blind, order, ctx) == NULL) { -+ ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); -+ goto err; -+ } -+ if (!BN_mod_mul(s, s, blind, order, ctx)) { -+ ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ /* s := s * k^-1 mod order */ - if (!BN_mod_mul(s, s, ckinv, order, ctx)) { - ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); - goto err; - } -+ - if (BN_is_zero(s)) { - /* - * if kinv and r have been supplied by the caller don't to -@@ -317,9 +374,8 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, - ECDSA_SIG_free(ret); - ret = NULL; - } -+ BN_CTX_end(ctx); - BN_CTX_free(ctx); -- BN_clear_free(m); -- BN_clear_free(tmp); - BN_clear_free(kinv); - return ret; - } --- -2.17.1 - diff --git a/gnu/packages/patches/openssl-1.1.0-CVE-2018-0732.patch b/gnu/packages/patches/openssl-1.1.0-CVE-2018-0732.patch deleted file mode 100644 index dfea6e7d06..0000000000 --- a/gnu/packages/patches/openssl-1.1.0-CVE-2018-0732.patch +++ /dev/null @@ -1,50 +0,0 @@ -Fix CVE-2018-0732: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732 - -Patch copied from upstream source repository: - -https://github.com/openssl/openssl/commit/ea7abeeabf92b7aca160bdd0208636d4da69f4f4 - -From ea7abeeabf92b7aca160bdd0208636d4da69f4f4 Mon Sep 17 00:00:00 2001 -From: Guido Vranken <guidovranken@gmail.com> -Date: Mon, 11 Jun 2018 19:38:54 +0200 -Subject: [PATCH] Reject excessively large primes in DH key generation. - -CVE-2018-0732 - -Signed-off-by: Guido Vranken <guidovranken@gmail.com> - -(cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe) - -Reviewed-by: Tim Hudson <tjh@openssl.org> -Reviewed-by: Matt Caswell <matt@openssl.org> -(Merged from https://github.com/openssl/openssl/pull/6457) ---- - crypto/dh/dh_key.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c -index fce9ff47f3..58003d7087 100644 ---- a/crypto/dh/dh_key.c -+++ b/crypto/dh/dh_key.c -@@ -78,10 +78,15 @@ static int generate_key(DH *dh) - int ok = 0; - int generate_new_key = 0; - unsigned l; -- BN_CTX *ctx; -+ BN_CTX *ctx = NULL; - BN_MONT_CTX *mont = NULL; - BIGNUM *pub_key = NULL, *priv_key = NULL; - -+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { -+ DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE); -+ return 0; -+ } -+ - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; --- -2.17.1 - diff --git a/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch deleted file mode 100644 index 74613cb632..0000000000 --- a/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch +++ /dev/null @@ -1,62 +0,0 @@ -Fix CVE-2017-10788: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10788 - -Patch written to match corrected documentation specifications: - -Old: http://web.archive.org/web/20161220021610/https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html -New: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html - -The patch itself is from https://github.com/perl5-dbi/DBD-mysql/issues/120#issuecomment-312420660. - -From 9ce10cfae7138c37c3a0cb2ba2a1d682482943d0 Mon Sep 17 00:00:00 2001 -From: Pali <pali@cpan.org> -Date: Sun, 25 Jun 2017 10:07:39 +0200 -Subject: [PATCH] Fix use-after-free after calling mysql_stmt_close() - -Ignore return value from mysql_stmt_close() and also its error message -because it points to freed memory after mysql_stmt_close() was called. ---- - dbdimp.c | 8 ++------ - mysql.xs | 7 ++----- - 2 files changed, 4 insertions(+), 11 deletions(-) - -diff --git a/dbdimp.c b/dbdimp.c -index c60a5f6..a6410e5 100644 ---- a/dbdimp.c -+++ b/dbdimp.c -@@ -4894,12 +4894,8 @@ void dbd_st_destroy(SV *sth, imp_sth_t *imp_sth) { - - if (imp_sth->stmt) - { -- if (mysql_stmt_close(imp_sth->stmt)) -- { -- do_error(DBIc_PARENT_H(imp_sth), mysql_stmt_errno(imp_sth->stmt), -- mysql_stmt_error(imp_sth->stmt), -- mysql_stmt_sqlstate(imp_sth->stmt)); -- } -+ mysql_stmt_close(imp_sth->stmt); -+ imp_sth->stmt= NULL; - } - #endif - -diff --git a/mysql.xs b/mysql.xs -index 55376e1..affde59 100644 ---- a/mysql.xs -+++ b/mysql.xs -@@ -434,11 +434,8 @@ do(dbh, statement, attr=Nullsv, ...) - if (bind) - Safefree(bind); - -- if(mysql_stmt_close(stmt)) -- { -- fprintf(stderr, "\n failed while closing the statement"); -- fprintf(stderr, "\n %s", mysql_stmt_error(stmt)); -- } -+ mysql_stmt_close(stmt); -+ stmt= NULL; - - if (retval == -2) /* -2 means error */ - { --- -1.7.9.5 diff --git a/gnu/packages/patches/qemu-CVE-2018-11806.patch b/gnu/packages/patches/qemu-CVE-2018-11806.patch deleted file mode 100644 index f021dfa747..0000000000 --- a/gnu/packages/patches/qemu-CVE-2018-11806.patch +++ /dev/null @@ -1,105 +0,0 @@ -Fix CVE-2018-11806: - -https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11806 - -Patch copied from upstream source repository: - -https://git.qemu.org/?p=qemu.git;a=commitdiff;h=864036e251f54c99d31df124aad7f34f01f5344c - -From 864036e251f54c99d31df124aad7f34f01f5344c Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit <pjp@fedoraproject.org> -Date: Tue, 5 Jun 2018 23:38:35 +0530 -Subject: [PATCH] slirp: correct size computation while concatenating mbuf - -While reassembling incoming fragmented datagrams, 'm_cat' routine -extends the 'mbuf' buffer, if it has insufficient room. It computes -a wrong buffer size, which leads to overwriting adjacent heap buffer -area. Correct this size computation in m_cat. - -Reported-by: ZDI Disclosures <zdi-disclosures@trendmicro.com> -Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> -Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> ---- - slirp/mbuf.c | 11 +++++------ - slirp/mbuf.h | 8 +++----- - 2 files changed, 8 insertions(+), 11 deletions(-) - -diff --git a/slirp/mbuf.c b/slirp/mbuf.c -index 5ff24559fd..18cbf759a7 100644 ---- a/slirp/mbuf.c -+++ b/slirp/mbuf.c -@@ -138,7 +138,7 @@ m_cat(struct mbuf *m, struct mbuf *n) - * If there's no room, realloc - */ - if (M_FREEROOM(m) < n->m_len) -- m_inc(m,m->m_size+MINCSIZE); -+ m_inc(m, m->m_len + n->m_len); - - memcpy(m->m_data+m->m_len, n->m_data, n->m_len); - m->m_len += n->m_len; -@@ -147,7 +147,7 @@ m_cat(struct mbuf *m, struct mbuf *n) - } - - --/* make m size bytes large */ -+/* make m 'size' bytes large from m_data */ - void - m_inc(struct mbuf *m, int size) - { -@@ -158,12 +158,12 @@ m_inc(struct mbuf *m, int size) - - if (m->m_flags & M_EXT) { - datasize = m->m_data - m->m_ext; -- m->m_ext = g_realloc(m->m_ext, size); -+ m->m_ext = g_realloc(m->m_ext, size + datasize); - m->m_data = m->m_ext + datasize; - } else { - char *dat; - datasize = m->m_data - m->m_dat; -- dat = g_malloc(size); -+ dat = g_malloc(size + datasize); - memcpy(dat, m->m_dat, m->m_size); - - m->m_ext = dat; -@@ -171,8 +171,7 @@ m_inc(struct mbuf *m, int size) - m->m_flags |= M_EXT; - } - -- m->m_size = size; -- -+ m->m_size = size + datasize; - } - - -diff --git a/slirp/mbuf.h b/slirp/mbuf.h -index 893601ff9d..33b84485d6 100644 ---- a/slirp/mbuf.h -+++ b/slirp/mbuf.h -@@ -33,8 +33,6 @@ - #ifndef MBUF_H - #define MBUF_H - --#define MINCSIZE 4096 /* Amount to increase mbuf if too small */ -- - /* - * Macros for type conversion - * mtod(m,t) - convert mbuf pointer to data pointer of correct type -@@ -72,11 +70,11 @@ struct mbuf { - struct mbuf *m_prevpkt; /* Flags aren't used in the output queue */ - int m_flags; /* Misc flags */ - -- int m_size; /* Size of data */ -+ int m_size; /* Size of mbuf, from m_dat or m_ext */ - struct socket *m_so; - -- caddr_t m_data; /* Location of data */ -- int m_len; /* Amount of data in this mbuf */ -+ caddr_t m_data; /* Current location of data */ -+ int m_len; /* Amount of data in this mbuf, from m_data */ - - Slirp *slirp; - bool resolution_requested; --- -2.17.1 - diff --git a/gnu/packages/patches/qtoctave-qt-5.11-fix.patch b/gnu/packages/patches/qtoctave-qt-5.11-fix.patch deleted file mode 100644 index 67317d1b36..0000000000 --- a/gnu/packages/patches/qtoctave-qt-5.11-fix.patch +++ /dev/null @@ -1,26 +0,0 @@ -This patch comes from upstream: -https://hg.savannah.gnu.org/hgweb/octave/rev/cdaa884568b1. - -# HG changeset patch -# User Mike Miller <mtmiller@octave.org> -# Date 1527214835 25200 -# Node ID cdaa884568b159549bd373f04386ff62417f6df9 -# Parent 9e39a53b4e007d3f79f88b711ab9fa5f2f24fbc9 -add Qt include needed to build against Qt 5.11 (bug #53978) - -* settings-dialog.cc: Add missing include for <QButtonGroup> to fix build -failure with Qt 5.11. - -diff --git a/libgui/src/settings-dialog.cc b/libgui/src/settings-dialog.cc ---- a/libgui/src/settings-dialog.cc -+++ b/libgui/src/settings-dialog.cc -@@ -34,6 +34,8 @@ - #include "workspace-model.h" - #include "settings-dialog.h" - #include "ui-settings-dialog.h" -+ -+#include <QButtonGroup> - #include <QDir> - #include <QFileInfo> - #include <QFileDialog> - diff --git a/gnu/packages/patches/racket-fix-xform-issue.patch b/gnu/packages/patches/racket-fix-xform-issue.patch deleted file mode 100644 index 0a1640ee51..0000000000 --- a/gnu/packages/patches/racket-fix-xform-issue.patch +++ /dev/null @@ -1,63 +0,0 @@ -050cdb59839896b41431791f8ee0ef2564231b8f -Author: Matthew Flatt <mflatt@racket-lang.org> -AuthorDate: Tue Mar 6 09:05:08 2018 -0700 -Commit: Matthew Flatt <mflatt@racket-lang.org> -CommitDate: Tue Mar 6 09:05:08 2018 -0700 - -Parent: efb9a919fc ffi docs: clarification on `unsafe-socket->port` -Containing: master -Follows: v5.0.1 (21612) - -xform: avoid problems with `__signbitf128` - -Closes #1962 and uses the suggested patch there, among other changes. - -2 files changed, 6 insertions(+), 3 deletions(-) -racket/collects/compiler/private/xform.rkt | 2 +- -racket/src/racket/src/number.c | 7 +++++-- - -diff --git a/racket/collects/compiler/private/xform.rkt b/racket/collects/compiler/private/xform.rkt -index 28a425c057..89ae848f9c 100644 ---- a/collects/compiler/private/xform.rkt -+++ b/collects/compiler/private/xform.rkt -@@ -904,7 +904,7 @@ - - strlen cos cosl sin sinl exp expl pow powl log logl sqrt sqrtl atan2 atan2l frexp - isnan isinf fpclass signbit _signbit _fpclass __fpclassify __fpclassifyf __fpclassifyl -- _isnan __isfinited __isnanl __isnan __signbit __signbitf __signbitd __signbitl -+ _isnan __isfinited __isnanl __isnan __signbit __signbitf __signbitd __signbitl __signbitf128 - __isinff __isinfl isnanf isinff __isinfd __isnanf __isnand __isinf __isinff128 - __inline_isnanl __inline_isnan __inline_signbit __inline_signbitf __inline_signbitd __inline_signbitl - __builtin_popcount __builtin_clz __builtin_isnan __builtin_isinf __builtin_signbit -diff --git a/racket/src/racket/src/number.c b/racket/src/racket/src/number.c -index 71f42aaf3c..3bbad3ba83 100644 ---- a/src/racket/src/number.c -+++ b/src/racket/src/number.c -@@ -1796,6 +1796,7 @@ double scheme_real_to_double(Scheme_Object *r) - } - - XFORM_NONGCING static MZ_INLINE int minus_zero_p(double d) -+ XFORM_SKIP_PROC - { - #ifdef MZ_IS_NEG_ZERO - return MZ_IS_NEG_ZERO(d); -@@ -1809,7 +1810,9 @@ int scheme_minus_zero_p(double d) - return minus_zero_p(d); - } - --static int rational_dbl_p(double f) { -+XFORM_NONGCING static int rational_dbl_p(double f) -+ XFORM_SKIP_PROC -+{ - return !(MZ_IS_NAN(f) - || MZ_IS_INFINITY(f)); - } -@@ -1955,7 +1958,7 @@ real_p(int argc, Scheme_Object *argv[]) - return (SCHEME_REALP(o) ? scheme_true : scheme_false); - } - --static int is_rational(const Scheme_Object *o) -+XFORM_NONGCING static int is_rational(const Scheme_Object *o) - { - if (SCHEME_FLOATP(o)) - return rational_dbl_p(SCHEME_FLOAT_VAL(o));
\ No newline at end of file diff --git a/gnu/packages/patches/racket-store-checksum-override.patch b/gnu/packages/patches/racket-store-checksum-override.patch new file mode 100644 index 0000000000..6c9cd5198a --- /dev/null +++ b/gnu/packages/patches/racket-store-checksum-override.patch @@ -0,0 +1,49 @@ +Racket uses checksums to test if it needs to recompile its source +files to bytecode. If Racket is updated by grafting, the source and +bytecode files get updated, but the checksum stays the same. Since +the checksum no longer matches the source file, Racket tries to +regenerate the bytecode and write it to the store, causing errors +because the store is immutable. This patch makes Racket ignore +checksums for files in the store. + +See <https://debbugs.gnu.org/30680> for details. +--- + collects/compiler/private/cm-minimal.rkt | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/collects/compiler/private/cm-minimal.rkt b/collects/compiler/private/cm-minimal.rkt +index a5a5407..15af6b8 100644 +--- a/collects/compiler/private/cm-minimal.rkt ++++ b/collects/compiler/private/cm-minimal.rkt +@@ -7,6 +7,7 @@ + racket/list + racket/path + racket/promise ++ racket/string + openssl/sha1 + setup/collects + compiler/compilation-path +@@ -543,6 +544,10 @@ + #f + (list src-hash recorded-hash))) + ++(define (store-reference? path) ++ (let ([store-prefix (or (getenv "NIX_STORE") "/gnu/store")]) ++ (string-prefix? (path->string path) store-prefix))) ++ + (define (rkt->ss p) + (if (path-has-extension? p #".rkt") + (path-replace-extension p #".ss") +@@ -595,7 +600,8 @@ + (trace-printf "newer src... ~a > ~a" path-time path-zo-time) + ;; If `sha1-only?', then `maybe-compile-zo' returns a #f or thunk: + (maybe-compile-zo sha1-only? deps path->mode roots path orig-path read-src-syntax up-to-date collection-cache new-seen)] +- [(different-source-sha1-and-dep-recorded path deps) ++ [(and (not (store-reference? path)) ++ (different-source-sha1-and-dep-recorded path deps)) + => (lambda (difference) + (trace-printf "different src hash... ~a" difference) + ;; If `sha1-only?', then `maybe-compile-zo' returns a #f or thunk: +-- +2.18.0 + diff --git a/gnu/packages/patches/soundtouch-CVE-2018-1000223.patch b/gnu/packages/patches/soundtouch-CVE-2018-1000223.patch new file mode 100644 index 0000000000..961a183565 --- /dev/null +++ b/gnu/packages/patches/soundtouch-CVE-2018-1000223.patch @@ -0,0 +1,143 @@ +Fix CVE-2018-1000223: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000223 +https://gitlab.com/soundtouch/soundtouch/issues/6 + +Patches copied from upstream source repository: + +https://gitlab.com/soundtouch/soundtouch/commit/9e02d9b04fda6c1f44336ff00bb5af1e2ffc039e +https://gitlab.com/soundtouch/soundtouch/commit/e0240689056e4182fffdc2a16aa6e3425a15e275 +https://gitlab.com/soundtouch/soundtouch/commit/46531e5b92dd80dd9a7947463d6224fc7cb21967 + +From 9e02d9b04fda6c1f44336ff00bb5af1e2ffc039e Mon Sep 17 00:00:00 2001 +From: oparviainen <oparviai@iki.fi> +Date: Sun, 12 Aug 2018 20:24:37 +0300 +Subject: [PATCH] Added minimum size check for WAV header block lengh values + +--- + source/SoundStretch/WavFile.cpp | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/source/SoundStretch/WavFile.cpp b/source/SoundStretch/WavFile.cpp +index 7e7ade2..68818c9 100644 +--- a/source/SoundStretch/WavFile.cpp ++++ b/source/SoundStretch/WavFile.cpp +@@ -530,7 +530,11 @@ int WavInFile::readHeaderBlock() + // read length of the format field
+ if (fread(&nLen, sizeof(int), 1, fptr) != 1) return -1;
+ // swap byte order if necessary
+- _swap32(nLen); // int format_len;
++ _swap32(nLen);
++
++ // verify that header length isn't smaller than expected
++ if (nLen < sizeof(header.format) - 8) return -1;
++
+ header.format.format_len = nLen;
+
+ // calculate how much length differs from expected
+@@ -572,6 +576,10 @@ int WavInFile::readHeaderBlock() + if (fread(&nLen, sizeof(int), 1, fptr) != 1) return -1;
+ // swap byte order if necessary
+ _swap32(nLen); // int fact_len;
++
++ // verify that fact length isn't smaller than expected
++ if (nLen < sizeof(header.fact) - 8) return -1;
++
+ header.fact.fact_len = nLen;
+
+ // calculate how much length differs from expected
+-- +2.18.0 + +From e0240689056e4182fffdc2a16aa6e3425a15e275 Mon Sep 17 00:00:00 2001 +From: oparviainen <oparviai@iki.fi> +Date: Mon, 13 Aug 2018 19:16:16 +0300 +Subject: [PATCH] Fixed WavFile header/fact not-too-small check + +--- + source/SoundStretch/WavFile.cpp | 22 +++++++++++----------- + 1 file changed, 11 insertions(+), 11 deletions(-) + +diff --git a/source/SoundStretch/WavFile.cpp b/source/SoundStretch/WavFile.cpp +index 4af7a4c..3421bca 100644 +--- a/source/SoundStretch/WavFile.cpp ++++ b/source/SoundStretch/WavFile.cpp +@@ -518,13 +518,13 @@ int WavInFile::readHeaderBlock() + // swap byte order if necessary
+ _swap32(nLen);
+
+- // verify that header length isn't smaller than expected
+- if (nLen < sizeof(header.format) - 8) return -1;
++ // calculate how much length differs from expected
++ nDump = nLen - ((int)sizeof(header.format) - 8);
+
+- header.format.format_len = nLen;
++ // verify that header length isn't smaller than expected structure
++ if (nDump < 0) return -1;
+
+- // calculate how much length differs from expected
+- nDump = nLen - ((int)sizeof(header.format) - 8);
++ header.format.format_len = nLen;
+
+ // if format_len is larger than expected, read only as much data as we've space for
+ if (nDump > 0)
+@@ -561,16 +561,16 @@ int WavInFile::readHeaderBlock() + // read length of the fact field
+ if (fread(&nLen, sizeof(int), 1, fptr) != 1) return -1;
+ // swap byte order if necessary
+- _swap32(nLen); // int fact_len;
+-
+- // verify that fact length isn't smaller than expected
+- if (nLen < sizeof(header.fact) - 8) return -1;
+-
+- header.fact.fact_len = nLen;
++ _swap32(nLen);
+
+ // calculate how much length differs from expected
+ nDump = nLen - ((int)sizeof(header.fact) - 8);
+
++ // verify that fact length isn't smaller than expected structure
++ if (nDump < 0) return -1;
++
++ header.fact.fact_len = nLen;
++
+ // if format_len is larger than expected, read only as much data as we've space for
+ if (nDump > 0)
+ {
+-- +2.18.0 + +From 46531e5b92dd80dd9a7947463d6224fc7cb21967 Mon Sep 17 00:00:00 2001 +From: olli <oparviai@iki.fi> +Date: Mon, 13 Aug 2018 19:42:58 +0300 +Subject: [PATCH] Improved WavFile header/fact not-too-small check + +--- + source/SoundStretch/WavFile.cpp | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/source/SoundStretch/WavFile.cpp b/source/SoundStretch/WavFile.cpp +index 3421bca..9d90b8a 100644 +--- a/source/SoundStretch/WavFile.cpp ++++ b/source/SoundStretch/WavFile.cpp +@@ -522,7 +522,7 @@ int WavInFile::readHeaderBlock() + nDump = nLen - ((int)sizeof(header.format) - 8);
+
+ // verify that header length isn't smaller than expected structure
+- if (nDump < 0) return -1;
++ if ((nLen < 0) || (nDump < 0)) return -1;
+
+ header.format.format_len = nLen;
+
+@@ -567,7 +567,7 @@ int WavInFile::readHeaderBlock() + nDump = nLen - ((int)sizeof(header.fact) - 8);
+
+ // verify that fact length isn't smaller than expected structure
+- if (nDump < 0) return -1;
++ if ((nLen < 0) || (nDump < 0)) return -1;
+
+ header.fact.fact_len = nLen;
+
+-- +2.18.0 + diff --git a/gnu/packages/patches/soundtouch-CVE-2018-14044-14045.patch b/gnu/packages/patches/soundtouch-CVE-2018-14044-14045.patch new file mode 100644 index 0000000000..cc0282fc7b --- /dev/null +++ b/gnu/packages/patches/soundtouch-CVE-2018-14044-14045.patch @@ -0,0 +1,138 @@ +Fix CVE-2018-14044 and CVE-2018-14045: + +https://gitlab.com/soundtouch/soundtouch/issues/7 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14044 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14045 + +Patch copied from upstream source repository: + +https://gitlab.com/soundtouch/soundtouch/commit/107f2c5d201a4dfea1b7f15c5957ff2ac9e5f260 + +From 107f2c5d201a4dfea1b7f15c5957ff2ac9e5f260 Mon Sep 17 00:00:00 2001 +From: oparviainen <oparviai@iki.fi> +Date: Sun, 12 Aug 2018 20:00:56 +0300 +Subject: [PATCH] Replaced illegal-number-of-channel assertions with run-time + exception + +--- + include/FIFOSamplePipe.h | 12 ++++++++++++ + include/STTypes.h | 3 +++ + source/SoundTouch/FIFOSampleBuffer.cpp | 3 ++- + source/SoundTouch/RateTransposer.cpp | 5 ++--- + source/SoundTouch/SoundTouch.cpp | 8 ++------ + source/SoundTouch/TDStretch.cpp | 5 ++--- + 6 files changed, 23 insertions(+), 13 deletions(-) + +diff --git a/include/FIFOSamplePipe.h b/include/FIFOSamplePipe.h +index 4ec9275..b08f836 100644 +--- a/include/FIFOSamplePipe.h ++++ b/include/FIFOSamplePipe.h +@@ -51,6 +51,18 @@ namespace soundtouch + /// Abstract base class for FIFO (first-in-first-out) sample processing classes.
+ class FIFOSamplePipe
+ {
++protected:
++
++ bool verifyNumberOfChannels(int nChannels) const
++ {
++ if ((nChannels > 0) && (nChannels <= SOUNDTOUCH_MAX_CHANNELS))
++ {
++ return true;
++ }
++ ST_THROW_RT_ERROR("Error: Illegal number of channels");
++ return false;
++ }
++
+ public:
+ // virtual default destructor
+ virtual ~FIFOSamplePipe() {}
+diff --git a/include/STTypes.h b/include/STTypes.h +index 03e7e07..862505e 100644 +--- a/include/STTypes.h ++++ b/include/STTypes.h +@@ -56,6 +56,9 @@ typedef unsigned long ulong; +
+ namespace soundtouch
+ {
++ /// Max allowed number of channels
++ #define SOUNDTOUCH_MAX_CHANNELS 16
++
+ /// Activate these undef's to overrule the possible sampletype
+ /// setting inherited from some other header file:
+ //#undef SOUNDTOUCH_INTEGER_SAMPLES
+diff --git a/source/SoundTouch/FIFOSampleBuffer.cpp b/source/SoundTouch/FIFOSampleBuffer.cpp +index f0d5e42..706e869 100644 +--- a/source/SoundTouch/FIFOSampleBuffer.cpp ++++ b/source/SoundTouch/FIFOSampleBuffer.cpp +@@ -73,7 +73,8 @@ void FIFOSampleBuffer::setChannels(int numChannels) + {
+ uint usedBytes;
+
+- assert(numChannels > 0);
++ if (!verifyNumberOfChannels(numChannels)) return;
++
+ usedBytes = channels * samplesInBuffer;
+ channels = (uint)numChannels;
+ samplesInBuffer = usedBytes / channels;
+diff --git a/source/SoundTouch/RateTransposer.cpp b/source/SoundTouch/RateTransposer.cpp +index 8b66be3..d115a4c 100644 +--- a/source/SoundTouch/RateTransposer.cpp ++++ b/source/SoundTouch/RateTransposer.cpp +@@ -179,11 +179,10 @@ void RateTransposer::processSamples(const SAMPLETYPE *src, uint nSamples) + // Sets the number of channels, 1 = mono, 2 = stereo
+ void RateTransposer::setChannels(int nChannels)
+ {
+- assert(nChannels > 0);
++ if (!verifyNumberOfChannels(nChannels) ||
++ (pTransposer->numChannels == nChannels)) return;
+
+- if (pTransposer->numChannels == nChannels) return;
+ pTransposer->setChannels(nChannels);
+-
+ inputBuffer.setChannels(nChannels);
+ midBuffer.setChannels(nChannels);
+ outputBuffer.setChannels(nChannels);
+diff --git a/source/SoundTouch/SoundTouch.cpp b/source/SoundTouch/SoundTouch.cpp +index 7b6756b..06bdd56 100644 +--- a/source/SoundTouch/SoundTouch.cpp ++++ b/source/SoundTouch/SoundTouch.cpp +@@ -139,18 +139,14 @@ uint SoundTouch::getVersionId() + // Sets the number of channels, 1 = mono, 2 = stereo
+ void SoundTouch::setChannels(uint numChannels)
+ {
+- /*if (numChannels != 1 && numChannels != 2)
+- {
+- //ST_THROW_RT_ERROR("Illegal number of channels");
+- return;
+- }*/
++ if (!verifyNumberOfChannels(numChannels)) return;
++
+ channels = numChannels;
+ pRateTransposer->setChannels((int)numChannels);
+ pTDStretch->setChannels((int)numChannels);
+ }
+
+
+-
+ // Sets new rate control value. Normal rate = 1.0, smaller values
+ // represent slower rate, larger faster rates.
+ void SoundTouch::setRate(double newRate)
+diff --git a/source/SoundTouch/TDStretch.cpp b/source/SoundTouch/TDStretch.cpp +index 149cdb9..be2dc88 100644 +--- a/source/SoundTouch/TDStretch.cpp ++++ b/source/SoundTouch/TDStretch.cpp +@@ -588,9 +588,8 @@ void TDStretch::setTempo(double newTempo) + // Sets the number of channels, 1 = mono, 2 = stereo
+ void TDStretch::setChannels(int numChannels)
+ {
+- assert(numChannels > 0);
+- if (channels == numChannels) return;
+-// assert(numChannels == 1 || numChannels == 2);
++ if (!verifyNumberOfChannels(numChannels) ||
++ (channels == numChannels)) return;
+
+ channels = numChannels;
+ inputBuffer.setChannels(channels);
+-- +2.18.0 + diff --git a/gnu/packages/patches/translate-shell-fix-curl-tests.patch b/gnu/packages/patches/translate-shell-fix-curl-tests.patch deleted file mode 100644 index 33731462b8..0000000000 --- a/gnu/packages/patches/translate-shell-fix-curl-tests.patch +++ /dev/null @@ -1,60 +0,0 @@ -This patch fixes Curl related tests for 'translate-shell'. - -Upstream bug URL: - -https://github.com/soimort/translate-shell/issues/221 - -From bb9f32d3145125ba664b6b05bf0a2fd34108e9d2 Mon Sep 17 00:00:00 2001 -From: Mort Yao <soi@mort.ninja> -Date: Sun, 25 Mar 2018 03:14:33 +0200 -Subject: [PATCH] TestUtils: perform curl-related tests only if NETWORK_ACCESS - is set to yes (#221) - ---- - test/TestUtils.awk | 32 +++++++++++++++++--------------- - 1 file changed, 17 insertions(+), 15 deletions(-) - -diff --git a/test/TestUtils.awk b/test/TestUtils.awk -index 08bb2e9..1c141e5 100644 ---- a/test/TestUtils.awk -+++ b/test/TestUtils.awk -@@ -30,22 +30,24 @@ BEGIN { - assertTrue(newerVersion("2", "1.9.9999")) - } - -- T("curl()", 1) -- { -- delete tokens; delete ast -- tokenize(tokens, curl("https://httpbin.org/get")) -- parseJson(ast, tokens) -- assertEqual(unparameterize(ast[0 SUBSEP "url"]), -- "https://httpbin.org/get") -- } -+ if (yn(ENVIRON["NETWORK_ACCESS"])) { # if network access enabled -+ T("curl()", 1) -+ { -+ delete tokens; delete ast -+ tokenize(tokens, curl("https://httpbin.org/get")) -+ parseJson(ast, tokens) -+ assertEqual(unparameterize(ast[0 SUBSEP "url"]), -+ "https://httpbin.org/get") -+ } - -- T("curlPost()", 1) -- { -- delete tokens; delete ast -- tokenize(tokens, curlPost("https://httpbin.org/post", "fizz=buzz")) -- parseJson(ast, tokens) -- assertEqual(unparameterize(ast[0 SUBSEP "url"]), -- "https://httpbin.org/post") -+ T("curlPost()", 1) -+ { -+ delete tokens; delete ast -+ tokenize(tokens, curlPost("https://httpbin.org/post", "fizz=buzz")) -+ parseJson(ast, tokens) -+ assertEqual(unparameterize(ast[0 SUBSEP "url"]), -+ "https://httpbin.org/post") -+ } - } - - T("dump()", 3) |