diff options
Diffstat (limited to 'gnu/packages/patches')
| -rw-r--r-- | gnu/packages/patches/elixir-disable-failing-tests.patch | 261 | ||||
| -rw-r--r-- | gnu/packages/patches/openssh-CVE-2015-8325.patch | 31 | ||||
| -rw-r--r-- | gnu/packages/patches/openssh-CVE-2016-6210-1.patch | 114 | ||||
| -rw-r--r-- | gnu/packages/patches/openssh-CVE-2016-6210-2.patch | 111 | ||||
| -rw-r--r-- | gnu/packages/patches/openssh-CVE-2016-6210-3.patch | 60 | ||||
| -rw-r--r-- | gnu/packages/patches/python-statsmodels-fix-tests.patch | 196 |
6 files changed, 457 insertions, 316 deletions
diff --git a/gnu/packages/patches/elixir-disable-failing-tests.patch b/gnu/packages/patches/elixir-disable-failing-tests.patch new file mode 100644 index 0000000000..0c67562f8d --- /dev/null +++ b/gnu/packages/patches/elixir-disable-failing-tests.patch @@ -0,0 +1,261 @@ +Most of these tests fail for unknown reasons when run in the chroot +environment of a Guix build process. + +Common failures are: + + * Mix.Shell.cmd() fails with error 130 + * The git_repo fixture cannot be found + * Communication with spawned processes fails with EPIPE + * Failure to copy files + + +diff --git a/lib/elixir/test/elixir/kernel/cli_test.exs b/lib/elixir/test/elixir/kernel/cli_test.exs +index 3ffd56c..1232d19 100644 +--- a/lib/elixir/test/elixir/kernel/cli_test.exs ++++ b/lib/elixir/test/elixir/kernel/cli_test.exs +@@ -39,6 +39,7 @@ end + defmodule Kernel.CLI.OptionParsingTest do + use ExUnit.Case, async: true + ++ @tag :skip + test "properly parses paths" do + root = fixture_path("../../..") |> to_charlist + list = elixir('-pa "#{root}/*" -pz "#{root}/lib/*" -e "IO.inspect(:code.get_path, limit: :infinity)"') +@@ -57,6 +58,7 @@ end + defmodule Kernel.CLI.AtExitTest do + use ExUnit.Case, async: true + ++ @tag :skip + test "invokes at_exit callbacks" do + assert elixir(fixture_path("at_exit.exs") |> to_charlist) == + 'goodbye cruel world with status 1\n' +@@ -66,6 +68,7 @@ end + defmodule Kernel.CLI.ErrorTest do + use ExUnit.Case, async: true + ++ @tag :skip + test "properly format errors" do + assert :string.str('** (throw) 1', elixir('-e "throw 1"')) == 0 + assert :string.str('** (ErlangError) erlang error: 1', elixir('-e "error 1"')) == 0 +@@ -86,6 +89,7 @@ defmodule Kernel.CLI.CompileTest do + {:ok, [tmp_dir_path: tmp_dir_path, beam_file_path: beam_file_path, fixture: fixture]} + end + ++ @tag :skip + test "compiles code", context do + assert elixirc('#{context[:fixture]} -o #{context[:tmp_dir_path]}') == '' + assert File.regular?(context[:beam_file_path]) +@@ -96,6 +100,7 @@ defmodule Kernel.CLI.CompileTest do + Code.delete_path context[:tmp_dir_path] + end + ++ @tag :skip + test "fails on missing patterns", context do + output = elixirc('#{context[:fixture]} non_existing.ex -o #{context[:tmp_dir_path]}') + assert :string.str(output, 'non_existing.ex') > 0, "expected non_existing.ex to be mentioned" +@@ -103,6 +108,7 @@ defmodule Kernel.CLI.CompileTest do + refute File.exists?(context[:beam_file_path]), "expected the sample to not be compiled" + end + ++ @tag :skip + test "fails on missing write access to .beam file", context do + compilation_args = '#{context[:fixture]} -o #{context[:tmp_dir_path]}' + +diff --git a/lib/elixir/test/elixir/kernel/dialyzer_test.exs b/lib/elixir/test/elixir/kernel/dialyzer_test.exs +index 801d852..40fc5bc 100644 +--- a/lib/elixir/test/elixir/kernel/dialyzer_test.exs ++++ b/lib/elixir/test/elixir/kernel/dialyzer_test.exs +@@ -60,16 +60,19 @@ defmodule Kernel.DialyzerTest do + assert_dialyze_no_warnings! context + end + ++ @tag :skip + test "no warnings on rewrites", context do + copy_beam! context, Dialyzer.Rewrite + assert_dialyze_no_warnings! context + end + ++ @tag :skip + test "no warnings on raise", context do + copy_beam! context, Dialyzer.Raise + assert_dialyze_no_warnings! context + end + ++ @tag :skip + test "no warnings on macrocallback", context do + copy_beam! context, Dialyzer.Macrocallback + copy_beam! context, Dialyzer.Macrocallback.Impl +diff --git a/lib/elixir/test/elixir/system_test.exs b/lib/elixir/test/elixir/system_test.exs +index aafa559..0f9c178 100644 +--- a/lib/elixir/test/elixir/system_test.exs ++++ b/lib/elixir/test/elixir/system_test.exs +@@ -53,7 +53,8 @@ defmodule SystemTest do + assert System.endianness in [:little, :big] + assert System.endianness == System.compiled_endianness + end +- ++ ++ @tag :skip + test "argv/0" do + list = elixir('-e "IO.inspect System.argv" -- -o opt arg1 arg2 --long-opt 10') + {args, _} = Code.eval_string list, [] +diff --git a/lib/mix/test/mix/dep_test.exs b/lib/mix/test/mix/dep_test.exs +index fff3351..d6ed1b3 100644 +--- a/lib/mix/test/mix/dep_test.exs ++++ b/lib/mix/test/mix/dep_test.exs +@@ -244,6 +244,7 @@ defmodule Mix.DepTest do + end + end + ++ @tag :skip + test "remote converger" do + deps = [{:deps_repo, "0.1.0", path: "custom/deps_repo"}, + {:git_repo, "0.2.0", git: MixTest.Case.fixture_path("git_repo")}] +@@ -301,6 +302,7 @@ defmodule Mix.DepTest do + end + end + ++ @tag :skip + test "remote converger is not invoked if deps diverge" do + deps = [{:deps_repo, "0.1.0", path: "custom/deps_repo"}, + {:git_repo, "0.2.0", git: MixTest.Case.fixture_path("git_repo"), only: :test}] +diff --git a/lib/mix/test/mix/rebar_test.exs b/lib/mix/test/mix/rebar_test.exs +index d2dd098..12cef15 100644 +--- a/lib/mix/test/mix/rebar_test.exs ++++ b/lib/mix/test/mix/rebar_test.exs +@@ -120,6 +120,7 @@ defmodule Mix.RebarTest do + assert Enum.all?(deps, &(&1.manager == :rebar3)) + end + ++ @tag :skip + test "Rebar overrides" do + Mix.Project.push(RebarOverrideAsDep) + +@@ -150,6 +151,7 @@ defmodule Mix.RebarTest do + end + end + ++ @tag :skip + test "get and compile dependencies for Rebar" do + Mix.Project.push(RebarAsDep) + +@@ -180,6 +182,7 @@ defmodule Mix.RebarTest do + end + end + ++ @tag :skip + test "get and compile dependencies for rebar3" do + Mix.Project.push(Rebar3AsDep) + +diff --git a/lib/mix/test/mix/shell/io_test.exs b/lib/mix/test/mix/shell/io_test.exs +index 9bfb6b4..d982ef3 100644 +--- a/lib/mix/test/mix/shell/io_test.exs ++++ b/lib/mix/test/mix/shell/io_test.exs +@@ -29,6 +29,7 @@ defmodule Mix.Shell.IOTest do + assert capture_io("", fn -> refute yes?("Ok?") end) + end + ++ @tag :skip + test "runs a given command" do + assert capture_io("", fn -> assert cmd("echo hello") == 0 end) == "hello\n" + +diff --git a/lib/mix/test/mix/shell/quiet_test.exs b/lib/mix/test/mix/shell/quiet_test.exs +index 626429b..99fab35 100644 +--- a/lib/mix/test/mix/shell/quiet_test.exs ++++ b/lib/mix/test/mix/shell/quiet_test.exs +@@ -29,6 +29,7 @@ defmodule Mix.Shell.QuietTest do + assert capture_io("", fn -> refute yes?("Ok?") end) + end + ++ @tag :skip + test "runs a given command" do + assert capture_io("", fn -> assert cmd("echo hello") == 0 end) == "" + +diff --git a/lib/mix/test/mix/tasks/cmd_test.exs b/lib/mix/test/mix/tasks/cmd_test.exs +index db4bf06..4d441f7 100644 +--- a/lib/mix/test/mix/tasks/cmd_test.exs ++++ b/lib/mix/test/mix/tasks/cmd_test.exs +@@ -3,6 +3,7 @@ Code.require_file "../../test_helper.exs", __DIR__ + defmodule Mix.Tasks.CmdTest do + use MixTest.Case + ++ @tag :skip + test "runs the command for each app" do + in_fixture "umbrella_dep/deps/umbrella", fn -> + Mix.Project.in_project(:umbrella, ".", fn _ -> +diff --git a/lib/mix/test/mix/tasks/deps.tree_test.exs b/lib/mix/test/mix/tasks/deps.tree_test.exs +index 4f09ff3..c371997 100644 +--- a/lib/mix/test/mix/tasks/deps.tree_test.exs ++++ b/lib/mix/test/mix/tasks/deps.tree_test.exs +@@ -29,6 +29,7 @@ defmodule Mix.Tasks.Deps.TreeTest do + end + end + ++ @tag :skip + test "shows the dependency tree", context do + Mix.Project.push ConvergedDepsApp + +@@ -109,6 +110,7 @@ defmodule Mix.Tasks.Deps.TreeTest do + end + end + ++ @tag :skip + test "shows the dependency tree in DOT graph format", context do + Mix.Project.push ConvergedDepsApp + +diff --git a/lib/mix/test/mix/tasks/deps_test.exs b/lib/mix/test/mix/tasks/deps_test.exs +index b061777..cc45cf8 100644 +--- a/lib/mix/test/mix/tasks/deps_test.exs ++++ b/lib/mix/test/mix/tasks/deps_test.exs +@@ -96,6 +96,7 @@ + end + end + ++ @tag :skip + test "prints list of dependencies and their lock status" do + Mix.Project.push DepsApp + +@@ -409,6 +409,7 @@ defmodule Mix.Tasks.DepsTest do + end + end + ++ @tag :skip + test "fails on diverged dependencies by requirement" do + Mix.Project.push ConvergedDepsApp + +@@ -440,6 +441,7 @@ defmodule Mix.Tasks.DepsTest do + end + end + ++ @tag :skip + test "fails on diverged dependencies even when optional" do + Mix.Project.push ConvergedDepsApp + +@@ -469,6 +471,7 @@ defmodule Mix.Tasks.DepsTest do + end + end + ++ @tag :skip + test "works with converged dependencies" do + Mix.Project.push ConvergedDepsApp + +@@ -491,6 +494,7 @@ defmodule Mix.Tasks.DepsTest do + purge [GitRepo, GitRepo.Mixfile] + end + ++ @tag :skip + test "works with overridden dependencies" do + Mix.Project.push OverriddenDepsApp + +diff --git a/lib/mix/test/mix/umbrella_test.exs b/lib/mix/test/mix/umbrella_test.exs +index 69f9428..406668a 100644 +--- a/lib/mix/test/mix/umbrella_test.exs ++++ b/lib/mix/test/mix/umbrella_test.exs +@@ -98,6 +98,7 @@ defmodule Mix.UmbrellaTest do + end + end + ++ @tag :skip + test "loads umbrella child dependencies in all environments" do + in_fixture "umbrella_dep/deps/umbrella", fn -> + Mix.Project.in_project :umbrella, ".", fn _ -> diff --git a/gnu/packages/patches/openssh-CVE-2015-8325.patch b/gnu/packages/patches/openssh-CVE-2015-8325.patch deleted file mode 100644 index 8063e64ea7..0000000000 --- a/gnu/packages/patches/openssh-CVE-2015-8325.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 85bdcd7c92fe7ff133bbc4e10a65c91810f88755 Mon Sep 17 00:00:00 2001 -From: Damien Miller <djm@mindrot.org> -Date: Wed, 13 Apr 2016 10:39:57 +1000 -Subject: ignore PAM environment vars when UseLogin=yes - -If PAM is configured to read user-specified environment variables -and UseLogin=yes in sshd_config, then a hostile local user may -attack /bin/login via LD_PRELOAD or similar environment variables -set via PAM. - -CVE-2015-8325, found by Shayan Sadigh, via Colin Watson ---- - session.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/session.c b/session.c -index 4859245..4653b09 100644 ---- a/session.c -+++ b/session.c -@@ -1322,7 +1322,7 @@ do_setup_env(Session *s, const char *shell) - * Pull in any environment variables that may have - * been set by PAM. - */ -- if (options.use_pam) { -+ if (options.use_pam && !options.use_login) { - char **p; - - p = fetch_pam_child_environment(); --- -cgit v0.11.2 - diff --git a/gnu/packages/patches/openssh-CVE-2016-6210-1.patch b/gnu/packages/patches/openssh-CVE-2016-6210-1.patch deleted file mode 100644 index 9b46ec12a9..0000000000 --- a/gnu/packages/patches/openssh-CVE-2016-6210-1.patch +++ /dev/null @@ -1,114 +0,0 @@ -From e5ef9d3942cebda819a6fd81647b51c8d87d23df Mon Sep 17 00:00:00 2001 -From: Darren Tucker <dtucker@zip.com.au> -Date: Fri, 15 Jul 2016 13:32:45 +1000 -Subject: Determine appropriate salt for invalid users. - -When sshd is processing a non-PAM login for a non-existent user it uses -the string from the fakepw structure as the salt for crypt(3)ing the -password supplied by the client. That string has a Blowfish prefix, so on -systems that don't understand that crypt will fail fast due to an invalid -salt, and even on those that do it may have significantly different timing -from the hash methods used for real accounts (eg sha512). This allows -user enumeration by, eg, sending large password strings. This was noted -by EddieEzra.Harari at verint.com (CVE-2016-6210). - -To mitigate, use the same hash algorithm that root uses for hashing -passwords for users that do not exist on the system. ok djm@ - -Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=9286875a73b2de7736b5e50692739d314cd8d9dc -Bug-Debian: https://bugs.debian.org/831902 -Last-Update: 2016-07-22 - -Patch-Name: CVE-2016-6210-1.patch ---- - auth-passwd.c | 12 ++++++++---- - openbsd-compat/xcrypt.c | 34 ++++++++++++++++++++++++++++++++++ - 2 files changed, 42 insertions(+), 4 deletions(-) - -diff --git a/auth-passwd.c b/auth-passwd.c -index 63ccf3c..530b5d4 100644 ---- a/auth-passwd.c -+++ b/auth-passwd.c -@@ -193,7 +193,7 @@ int - sys_auth_passwd(Authctxt *authctxt, const char *password) - { - struct passwd *pw = authctxt->pw; -- char *encrypted_password; -+ char *encrypted_password, *salt = NULL; - - /* Just use the supplied fake password if authctxt is invalid */ - char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd; -@@ -202,9 +202,13 @@ sys_auth_passwd(Authctxt *authctxt, const char *password) - if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0) - return (1); - -- /* Encrypt the candidate password using the proper salt. */ -- encrypted_password = xcrypt(password, -- (pw_password[0] && pw_password[1]) ? pw_password : "xx"); -+ /* -+ * Encrypt the candidate password using the proper salt, or pass a -+ * NULL and let xcrypt pick one. -+ */ -+ if (authctxt->valid && pw_password[0] && pw_password[1]) -+ salt = pw_password; -+ encrypted_password = xcrypt(password, salt); - - /* - * Authentication is accepted if the encrypted passwords -diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c -index 8577cbd..8913bb8 100644 ---- a/openbsd-compat/xcrypt.c -+++ b/openbsd-compat/xcrypt.c -@@ -25,6 +25,7 @@ - #include "includes.h" - - #include <sys/types.h> -+#include <string.h> - #include <unistd.h> - #include <pwd.h> - -@@ -62,11 +63,44 @@ - # define crypt DES_crypt - # endif - -+/* -+ * Pick an appropriate password encryption type and salt for the running -+ * system. -+ */ -+static const char * -+pick_salt(void) -+{ -+ struct passwd *pw; -+ char *passwd, *p; -+ size_t typelen; -+ static char salt[32]; -+ -+ if (salt[0] != '\0') -+ return salt; -+ strlcpy(salt, "xx", sizeof(salt)); -+ if ((pw = getpwuid(0)) == NULL) -+ return salt; -+ passwd = shadow_pw(pw); -+ if (passwd[0] != '$' || (p = strrchr(passwd + 1, '$')) == NULL) -+ return salt; /* no $, DES */ -+ typelen = p - passwd + 1; -+ strlcpy(salt, passwd, MIN(typelen, sizeof(salt))); -+ explicit_bzero(passwd, strlen(passwd)); -+ return salt; -+} -+ - char * - xcrypt(const char *password, const char *salt) - { - char *crypted; - -+ /* -+ * If we don't have a salt we are encrypting a fake password for -+ * for timing purposes. Pick an appropriate salt. -+ */ -+ if (salt == NULL) -+ salt = pick_salt(); -+ - # ifdef HAVE_MD5_PASSWORDS - if (is_md5_salt(salt)) - crypted = md5_crypt(password, salt); diff --git a/gnu/packages/patches/openssh-CVE-2016-6210-2.patch b/gnu/packages/patches/openssh-CVE-2016-6210-2.patch deleted file mode 100644 index 1c580f90b9..0000000000 --- a/gnu/packages/patches/openssh-CVE-2016-6210-2.patch +++ /dev/null @@ -1,111 +0,0 @@ -From dde63f7f998ac3812a26bbb2c1b2947f24fcd060 Mon Sep 17 00:00:00 2001 -From: Darren Tucker <dtucker@zip.com.au> -Date: Fri, 15 Jul 2016 13:49:44 +1000 -Subject: Mitigate timing of disallowed users PAM logins. - -When sshd decides to not allow a login (eg PermitRootLogin=no) and -it's using PAM, it sends a fake password to PAM so that the timing for -the failure is not noticeably different whether or not the password -is correct. This behaviour can be detected by sending a very long -password string which is slower to hash than the fake password. - -Mitigate by constructing an invalid password that is the same length -as the one from the client and thus takes the same time to hash. -Diff from djm@ - -Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=283b97ff33ea2c641161950849931bd578de6946 -Bug-Debian: https://bugs.debian.org/831902 -Last-Update: 2016-07-22 - -Patch-Name: CVE-2016-6210-2.patch ---- - auth-pam.c | 35 +++++++++++++++++++++++++++++++---- - 1 file changed, 31 insertions(+), 4 deletions(-) - -diff --git a/auth-pam.c b/auth-pam.c -index 8425af1..abd6a5e 100644 ---- a/auth-pam.c -+++ b/auth-pam.c -@@ -232,7 +232,6 @@ static int sshpam_account_status = -1; - static char **sshpam_env = NULL; - static Authctxt *sshpam_authctxt = NULL; - static const char *sshpam_password = NULL; --static char badpw[] = "\b\n\r\177INCORRECT"; - - /* Some PAM implementations don't implement this */ - #ifndef HAVE_PAM_GETENVLIST -@@ -810,12 +809,35 @@ sshpam_query(void *ctx, char **name, char **info, - return (-1); - } - -+/* -+ * Returns a junk password of identical length to that the user supplied. -+ * Used to mitigate timing attacks against crypt(3)/PAM stacks that -+ * vary processing time in proportion to password length. -+ */ -+static char * -+fake_password(const char *wire_password) -+{ -+ const char junk[] = "\b\n\r\177INCORRECT"; -+ char *ret = NULL; -+ size_t i, l = wire_password != NULL ? strlen(wire_password) : 0; -+ -+ if (l >= INT_MAX) -+ fatal("%s: password length too long: %zu", __func__, l); -+ -+ ret = malloc(l + 1); -+ for (i = 0; i < l; i++) -+ ret[i] = junk[i % (sizeof(junk) - 1)]; -+ ret[i] = '\0'; -+ return ret; -+} -+ - /* XXX - see also comment in auth-chall.c:verify_response */ - static int - sshpam_respond(void *ctx, u_int num, char **resp) - { - Buffer buffer; - struct pam_ctxt *ctxt = ctx; -+ char *fake; - - debug2("PAM: %s entering, %u responses", __func__, num); - switch (ctxt->pam_done) { -@@ -836,8 +858,11 @@ sshpam_respond(void *ctx, u_int num, char **resp) - (sshpam_authctxt->pw->pw_uid != 0 || - options.permit_root_login == PERMIT_YES)) - buffer_put_cstring(&buffer, *resp); -- else -- buffer_put_cstring(&buffer, badpw); -+ else { -+ fake = fake_password(*resp); -+ buffer_put_cstring(&buffer, fake); -+ free(fake); -+ } - if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer) == -1) { - buffer_free(&buffer); - return (-1); -@@ -1181,6 +1206,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password) - { - int flags = (options.permit_empty_passwd == 0 ? - PAM_DISALLOW_NULL_AUTHTOK : 0); -+ char *fake = NULL; - - if (!options.use_pam || sshpam_handle == NULL) - fatal("PAM: %s called when PAM disabled or failed to " -@@ -1196,7 +1222,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password) - */ - if (!authctxt->valid || (authctxt->pw->pw_uid == 0 && - options.permit_root_login != PERMIT_YES)) -- sshpam_password = badpw; -+ sshpam_password = fake = fake_password(password); - - sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, - (const void *)&passwd_conv); -@@ -1206,6 +1232,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password) - - sshpam_err = pam_authenticate(sshpam_handle, flags); - sshpam_password = NULL; -+ free(fake); - if (sshpam_err == PAM_SUCCESS && authctxt->valid) { - debug("PAM: password authentication accepted for %.100s", - authctxt->user); diff --git a/gnu/packages/patches/openssh-CVE-2016-6210-3.patch b/gnu/packages/patches/openssh-CVE-2016-6210-3.patch deleted file mode 100644 index 303c34ee1b..0000000000 --- a/gnu/packages/patches/openssh-CVE-2016-6210-3.patch +++ /dev/null @@ -1,60 +0,0 @@ -From abde8dda29c2db2405d6fbca2fe022430e2c1177 Mon Sep 17 00:00:00 2001 -From: Darren Tucker <dtucker@zip.com.au> -Date: Thu, 21 Jul 2016 14:17:31 +1000 -Subject: Search users for one with a valid salt. - -If the root account is locked (eg password "!!" or "*LK*") keep looking -until we find a user with a valid salt to use for crypting passwords of -invalid users. ok djm@ - -Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=dbf788b4d9d9490a5fff08a7b09888272bb10fcc -Bug-Debian: https://bugs.debian.org/831902 -Last-Update: 2016-07-22 - -Patch-Name: CVE-2016-6210-3.patch ---- - openbsd-compat/xcrypt.c | 24 +++++++++++++++--------- - 1 file changed, 15 insertions(+), 9 deletions(-) - -diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c -index 8913bb8..cf6a9b9 100644 ---- a/openbsd-compat/xcrypt.c -+++ b/openbsd-compat/xcrypt.c -@@ -65,7 +65,9 @@ - - /* - * Pick an appropriate password encryption type and salt for the running -- * system. -+ * system by searching through accounts until we find one that has a valid -+ * salt. Usually this will be root unless the root account is locked out. -+ * If we don't find one we return a traditional DES-based salt. - */ - static const char * - pick_salt(void) -@@ -78,14 +80,18 @@ pick_salt(void) - if (salt[0] != '\0') - return salt; - strlcpy(salt, "xx", sizeof(salt)); -- if ((pw = getpwuid(0)) == NULL) -- return salt; -- passwd = shadow_pw(pw); -- if (passwd[0] != '$' || (p = strrchr(passwd + 1, '$')) == NULL) -- return salt; /* no $, DES */ -- typelen = p - passwd + 1; -- strlcpy(salt, passwd, MIN(typelen, sizeof(salt))); -- explicit_bzero(passwd, strlen(passwd)); -+ setpwent(); -+ while ((pw = getpwent()) != NULL) { -+ passwd = shadow_pw(pw); -+ if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) { -+ typelen = p - passwd + 1; -+ strlcpy(salt, passwd, MIN(typelen, sizeof(salt))); -+ explicit_bzero(passwd, strlen(passwd)); -+ goto out; -+ } -+ } -+ out: -+ endpwent(); - return salt; - } - diff --git a/gnu/packages/patches/python-statsmodels-fix-tests.patch b/gnu/packages/patches/python-statsmodels-fix-tests.patch new file mode 100644 index 0000000000..3315ddbd5f --- /dev/null +++ b/gnu/packages/patches/python-statsmodels-fix-tests.patch @@ -0,0 +1,196 @@ +This patch fixes a couple of test failures introduced by changes to the pandas +package. It was extracted from this pull request: + +https://github.com/statsmodels/statsmodels/pull/2675 + + +From c9ef60a7bc4407766ab9e9f12c8a6b89013046ee Mon Sep 17 00:00:00 2001 +From: Ralf Gommers <ralf.gommers@gmail.com> +Date: Tue, 20 Oct 2015 07:34:11 +0200 +Subject: [PATCH 1/4] MAINT: fix use of old_behavior kw for numpy.correlate. + Was removed in 1.10.0 + +Numpy PR that removed it: https://github.com/numpy/numpy/pull/5991 + +Closes gh-2667. +--- + statsmodels/tsa/ar_model.py | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/statsmodels/tsa/ar_model.py b/statsmodels/tsa/ar_model.py +index 087a9e0..02984bd 100644 +--- a/statsmodels/tsa/ar_model.py ++++ b/statsmodels/tsa/ar_model.py +@@ -261,10 +261,8 @@ def _presample_varcov(self, params): + + Vpinv = np.zeros((p, p), dtype=params.dtype) + for i in range(1, p1): +- Vpinv[i-1, i-1:] = np.correlate(params0, params0[:i], +- old_behavior=False)[:-1] +- Vpinv[i-1, i-1:] -= np.correlate(params0[-i:], params0, +- old_behavior=False)[:-1] ++ Vpinv[i-1, i-1:] = np.correlate(params0, params0[:i],)[:-1] ++ Vpinv[i-1, i-1:] -= np.correlate(params0[-i:], params0,)[:-1] + + Vpinv = Vpinv + Vpinv.T - np.diag(Vpinv.diagonal()) + return Vpinv + +From f1dc8979b09bc1736149993f895943b3158ee2db Mon Sep 17 00:00:00 2001 +From: Ralf Gommers <ralf.gommers@gmail.com> +Date: Wed, 21 Oct 2015 22:05:52 +0200 +Subject: [PATCH 2/4] MAINT: fix graphics module for changes in recent pandas + versions. + +--- + statsmodels/graphics/tests/test_mosaicplot.py | 2 +- + statsmodels/graphics/tests/test_tsaplots.py | 6 +++--- + statsmodels/graphics/tsaplots.py | 2 +- + 3 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/statsmodels/graphics/tests/test_mosaicplot.py b/statsmodels/graphics/tests/test_mosaicplot.py +index cb9bbbe..e41020e 100644 +--- a/statsmodels/graphics/tests/test_mosaicplot.py ++++ b/statsmodels/graphics/tests/test_mosaicplot.py +@@ -113,7 +113,7 @@ def test_mosaic(): + # sort by the marriage quality and give meaningful name + # [rate_marriage, age, yrs_married, children, + # religious, educ, occupation, occupation_husb] +- datas = datas.sort(['rate_marriage', 'religious']) ++ datas = datas.sort_values(by=['rate_marriage', 'religious']) + num_to_desc = {1: 'awful', 2: 'bad', 3: 'intermediate', + 4: 'good', 5: 'wonderful'} + datas['rate_marriage'] = datas['rate_marriage'].map(num_to_desc) +diff --git a/statsmodels/graphics/tests/test_tsaplots.py b/statsmodels/graphics/tests/test_tsaplots.py +index 511f18f..365be82 100644 +--- a/statsmodels/graphics/tests/test_tsaplots.py ++++ b/statsmodels/graphics/tests/test_tsaplots.py +@@ -1,4 +1,4 @@ +-from statsmodels.compat.python import lmap, lzip, map ++from statsmodels.compat.python import lmap, map + import numpy as np + import pandas as pd + from numpy.testing import dec +@@ -51,8 +51,8 @@ def test_plot_month(): + dta = sm.datasets.elnino.load_pandas().data + dta['YEAR'] = dta.YEAR.astype(int).apply(str) + dta = dta.set_index('YEAR').T.unstack() +- dates = lmap(lambda x : pd.datetools.parse('1 '+' '.join(x)), +- dta.index.values) ++ dates = lmap(lambda x : pd.datetools.parse_time_string('1 '+' '.join(x))[0], ++ dta.index.values) + + # test dates argument + fig = month_plot(dta.values, dates=dates, ylabel='el nino') +diff --git a/statsmodels/graphics/tsaplots.py b/statsmodels/graphics/tsaplots.py +index 3d04692..94626c9 100644 +--- a/statsmodels/graphics/tsaplots.py ++++ b/statsmodels/graphics/tsaplots.py +@@ -200,7 +200,7 @@ def seasonal_plot(grouped_x, xticklabels, ylabel=None, ax=None): + ticks = [] + for season, df in grouped_x: + df = df.copy() # or sort balks for series. may be better way +- df.sort() ++ df.sort_values(inplace=True) + nobs = len(df) + x_plot = np.arange(start, start + nobs) + ticks.append(x_plot.mean()) + +From 4cfbef6af137629c6953f1f025d9cfc781874256 Mon Sep 17 00:00:00 2001 +From: Ralf Gommers <ralf.gommers@gmail.com> +Date: Wed, 21 Oct 2015 22:15:25 +0200 +Subject: [PATCH 3/4] MAINT: work around pandas breaking backwards compat for + pandas.version + +--- + setup.py | 5 ++++- + statsmodels/tools/testing.py | 6 ++---- + 2 files changed, 6 insertions(+), 5 deletions(-) + +diff --git a/setup.py b/setup.py +index 0002840..74aefb8 100644 +--- a/setup.py ++++ b/setup.py +@@ -134,7 +134,10 @@ def check_dependency_versions(min_versions): + (spversion, min_versions['scipy'])) + + try: +- from pandas.version import short_version as pversion ++ import pandas ++ #FIXME: this will break for pandas 1.0.0. Needs elaborate parsing now, ++ # due to pandas removing version.short_version ++ pversion = pandas.__version__[:6] + except ImportError: + install_requires.append('pandas') + else: +diff --git a/statsmodels/tools/testing.py b/statsmodels/tools/testing.py +index e207e44..643f79f 100644 +--- a/statsmodels/tools/testing.py ++++ b/statsmodels/tools/testing.py +@@ -16,10 +16,8 @@ def strip_rc(version): + + + def is_pandas_min_version(min_version): +- '''check whether pandas is at least min_version +- ''' +- from pandas.version import short_version as pversion +- return StrictVersion(strip_rc(pversion)) >= min_version ++ '''check whether pandas is at least min_version ''' ++ return StrictVersion((pandas.__version__[:6])) >= min_version + + + # local copies, all unchanged + +From c894c3f4882d570efb517950069d83afa9794db8 Mon Sep 17 00:00:00 2001 +From: Ralf Gommers <ralf.gommers@gmail.com> +Date: Mon, 26 Oct 2015 20:47:51 +0100 +Subject: [PATCH 4/4] BUG: fix use of Series.sort_values for older pandas. + +Some failing tests in the previous commits because older ``pandas`` versions +don't have ``Series.sort_values``. That method was only added in pandas 0.17, +in https://github.com/pydata/pandas/pull/10726 +--- + statsmodels/graphics/tests/test_mosaicplot.py | 6 +++++- + statsmodels/graphics/tsaplots.py | 6 +++++- + 2 files changed, 10 insertions(+), 2 deletions(-) + +diff --git a/statsmodels/graphics/tests/test_mosaicplot.py b/statsmodels/graphics/tests/test_mosaicplot.py +index e41020e..2a873e7 100644 +--- a/statsmodels/graphics/tests/test_mosaicplot.py ++++ b/statsmodels/graphics/tests/test_mosaicplot.py +@@ -113,7 +113,11 @@ def test_mosaic(): + # sort by the marriage quality and give meaningful name + # [rate_marriage, age, yrs_married, children, + # religious, educ, occupation, occupation_husb] +- datas = datas.sort_values(by=['rate_marriage', 'religious']) ++ if pandas.__version__ < '0.17.0': ++ datas = datas.sort(['rate_marriage', 'religious']) ++ else: ++ datas = datas.sort_values(by=['rate_marriage', 'religious']) ++ + num_to_desc = {1: 'awful', 2: 'bad', 3: 'intermediate', + 4: 'good', 5: 'wonderful'} + datas['rate_marriage'] = datas['rate_marriage'].map(num_to_desc) +diff --git a/statsmodels/graphics/tsaplots.py b/statsmodels/graphics/tsaplots.py +index 94626c9..217724f 100644 +--- a/statsmodels/graphics/tsaplots.py ++++ b/statsmodels/graphics/tsaplots.py +@@ -2,6 +2,7 @@ + + + import numpy as np ++import pandas + + from statsmodels.graphics import utils + from statsmodels.tsa.stattools import acf, pacf +@@ -200,7 +201,10 @@ def seasonal_plot(grouped_x, xticklabels, ylabel=None, ax=None): + ticks = [] + for season, df in grouped_x: + df = df.copy() # or sort balks for series. may be better way +- df.sort_values(inplace=True) ++ if pandas.__version__ < '0.17.0': ++ df.sort() ++ else: ++ df.sort_values(inplace=True) + nobs = len(df) + x_plot = np.arange(start, start + nobs) + ticks.append(x_plot.mean()) |