diff options
| author | Marius Bakke <mbakke@fastmail.com> | 2019-04-23 19:43:59 +0200 |
|---|---|---|
| committer | Marius Bakke <mbakke@fastmail.com> | 2019-04-23 19:43:59 +0200 |
| commit | 37da4fbe1562583589eeddb4be8e11bece80fd35 (patch) | |
| tree | 4d8a454b27e62f9b8d7b0fe641a9f6aa6de2402c /gnu/packages/patches | |
| parent | 73326e742d82b6706333885eca770f7518636b1f (diff) | |
| parent | e01bd1a67447c1f2a2b5b03e8ea8fbbccd2cd5bd (diff) | |
Merge branch 'master' into staging
Diffstat (limited to 'gnu/packages/patches')
| -rw-r--r-- | gnu/packages/patches/grub-efi-fat-serial-number.patch | 27 | ||||
| -rw-r--r-- | gnu/packages/patches/linkchecker-tests-require-network.patch (renamed from gnu/packages/patches/linkchecker-mark-more-tests-that-require-the-network.patch) | 0 | ||||
| -rw-r--r-- | gnu/packages/patches/mtools-mformat-uninitialized.patch | 20 | ||||
| -rw-r--r-- | gnu/packages/patches/ocaml-dose3-add-unix-dependency.patch (renamed from gnu/packages/patches/ocaml-dose3-Add-unix-as-dependency-to-dose3.common-in-META.in.patch) | 0 | ||||
| -rw-r--r-- | gnu/packages/patches/openssh-CVE-2018-20685.patch | 44 |
5 files changed, 47 insertions, 44 deletions
diff --git a/gnu/packages/patches/grub-efi-fat-serial-number.patch b/gnu/packages/patches/grub-efi-fat-serial-number.patch new file mode 100644 index 0000000000..ad92f9bc9e --- /dev/null +++ b/gnu/packages/patches/grub-efi-fat-serial-number.patch @@ -0,0 +1,27 @@ +Change 'grub-mkrescue' to honor the 'GRUB_FAT_SERIAL_NUMBER' +environment variable. That way, the caller can specify a fixed +serial number (instead of the randomly chosen one) to create EFI +images (the 'efi.img' file) that are reproducible bit-for-bit. + +Patch by Ludovic Courtès <ludo@gnu.org>. + +--- grub-2.02/util/grub-mkrescue.c 2019-04-20 19:15:26.180242812 +0200 ++++ grub-2.02/util/grub-mkrescue.c 2019-04-20 21:56:34.672370849 +0200 +@@ -788,8 +788,15 @@ main (int argc, char *argv[]) + + efiimgfat = grub_util_path_concat (2, iso9660_dir, "efi.img"); + int rv; +- rv = grub_util_exec ((const char * []) { "mformat", "-C", "-f", "2880", "-L", "16", "-i", +- efiimgfat, "::", NULL }); ++ ++ const char *fat_serial_number = getenv ("GRUB_FAT_SERIAL_NUMBER"); ++ const char *mformat_args[] = ++ { "mformat", "-C", "-f", "2880", "-L", "16", ++ fat_serial_number != NULL ? "-N" : "-C", ++ fat_serial_number != NULL ? fat_serial_number : "-C", ++ "-i", efiimgfat, "::", NULL }; ++ ++ rv = grub_util_exec (mformat_args); + if (rv != 0) + grub_util_error ("`%s` invocation failed\n", "mformat"); + rv = grub_util_exec ((const char * []) { "mcopy", "-s", "-i", efiimgfat, efidir_efi, "::/", NULL }); diff --git a/gnu/packages/patches/linkchecker-mark-more-tests-that-require-the-network.patch b/gnu/packages/patches/linkchecker-tests-require-network.patch index f3e488cec2..f3e488cec2 100644 --- a/gnu/packages/patches/linkchecker-mark-more-tests-that-require-the-network.patch +++ b/gnu/packages/patches/linkchecker-tests-require-network.patch diff --git a/gnu/packages/patches/mtools-mformat-uninitialized.patch b/gnu/packages/patches/mtools-mformat-uninitialized.patch new file mode 100644 index 0000000000..ae69d45c99 --- /dev/null +++ b/gnu/packages/patches/mtools-mformat-uninitialized.patch @@ -0,0 +1,20 @@ +Fix a bug whereby 'mformat' could end up passing uninitialized bytes +to write(2). This could be reproduced with: + + mformat -C -f 1440 -L 16 -N 77777777 -i /tmp/x :: + +where the output of /tmp/x would be non-deterministic. + +Patch by Ludovic Courtès <ludo@gnu.org>. + +--- mtools-4.0.23/mformat.c 2019-04-21 00:12:01.496116195 +0200 ++++ mtools-4.0.23/mformat.c 2019-04-21 00:12:36.675967157 +0200 +@@ -927,6 +927,7 @@ void mformat(int argc, char **argv, int + + char *endptr; + ++ memset(&boot.bytes, '\0', sizeof boot); + hs = hs_set = 0; + argtracks = 0; + argheads = 0; + diff --git a/gnu/packages/patches/ocaml-dose3-Add-unix-as-dependency-to-dose3.common-in-META.in.patch b/gnu/packages/patches/ocaml-dose3-add-unix-dependency.patch index d2cc44c784..d2cc44c784 100644 --- a/gnu/packages/patches/ocaml-dose3-Add-unix-as-dependency-to-dose3.common-in-META.in.patch +++ b/gnu/packages/patches/ocaml-dose3-add-unix-dependency.patch diff --git a/gnu/packages/patches/openssh-CVE-2018-20685.patch b/gnu/packages/patches/openssh-CVE-2018-20685.patch deleted file mode 100644 index 463c08a9d4..0000000000 --- a/gnu/packages/patches/openssh-CVE-2018-20685.patch +++ /dev/null @@ -1,44 +0,0 @@ -Fix CVE-2018-20685: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685 - -Patch copied from upstream source repository: - -https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2 - -From 6010c0303a422a9c5fa8860c061bf7105eb7f8b2 Mon Sep 17 00:00:00 2001 -From: "djm@openbsd.org" <djm@openbsd.org> -Date: Fri, 16 Nov 2018 03:03:10 +0000 -Subject: [PATCH] upstream: disallow empty incoming filename or ones that refer - to the - -current directory; based on report/patch from Harry Sintonen - -OpenBSD-Commit-ID: f27651b30eaee2df49540ab68d030865c04f6de9 ---- - scp.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/scp.c b/scp.c -index 60682c68..4f3fdcd3 100644 ---- a/scp.c -+++ b/scp.c -#@@ -1,4 +1,4 @@ -#-/* $OpenBSD: scp.c,v 1.197 2018/06/01 04:31:48 dtucker Exp $ */ -#+/* $OpenBSD: scp.c,v 1.198 2018/11/16 03:03:10 djm Exp $ */ -# /* -# * scp - secure remote copy. This is basically patched BSD rcp which -# * uses ssh to do the data transfer (instead of using rcmd). -@@ -1106,7 +1106,8 @@ sink(int argc, char **argv) - SCREWUP("size out of range"); - size = (off_t)ull; - -- if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) { -+ if (*cp == '\0' || strchr(cp, '/') != NULL || -+ strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) { - run_err("error: unexpected filename: %s", cp); - exit(1); - } --- -2.20.1 - |