diff --git a/pkgs/applications/graphics/inkscape/configure-python-libs.patch b/pkgs/applications/graphics/inkscape/configure-python-libs.patch deleted file mode 100644 index c79006d33201..000000000000 --- a/pkgs/applications/graphics/inkscape/configure-python-libs.patch +++ /dev/null @@ -1,15 +0,0 @@ -Work around Python misdetection and set `PYTHON_LIBS' to -"-L/nix/store/... -lpython2.4" instead of "/nix/store/.../libpython2.4.so". -Changed to 2.5. - ---- inkscape-0.45.1/configure 2007-03-20 14:56:43.000000000 +0100 -+++ inkscape-0.45.1/configure 2008-02-22 16:19:10.000000000 +0100 -@@ -10202,7 +10202,7 @@ if test "x$with_python" = "xyes"; then - if test "$?" -gt "0"; then - with_python="no" - else -- checkPYTHON_LIBS=`python -c "import distutils.sysconfig ; print '%s/%s %s' % (distutils.sysconfig.get_config_var('LIBPL'),distutils.sysconfig.get_config_var('LDLIBRARY'),distutils.sysconfig.get_config_var('LIBS'))" 2>/dev/null` -+ checkPYTHON_LIBS=`python -c "import distutils.sysconfig ; print '-L%s -lpython2.5 %s' % (distutils.sysconfig.get_config_var('LIBDIR'),distutils.sysconfig.get_config_var('LIBS'))" 2>/dev/null` - if test "$?" -gt "0"; then - with_python="no" - else diff --git a/pkgs/applications/kde-apps-15.12/kdelibs/polkit-install.patch b/pkgs/applications/kde-apps-15.12/kdelibs/polkit-install.patch deleted file mode 100644 index d2ecac663ec5..000000000000 --- a/pkgs/applications/kde-apps-15.12/kdelibs/polkit-install.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -ru -x '*~' kdelibs-4.6.90-orig/kdecore/auth/ConfigureChecks.cmake kdelibs-4.6.90/kdecore/auth/ConfigureChecks.cmake ---- kdelibs-4.6.90-orig/kdecore/auth/ConfigureChecks.cmake 2011-05-20 22:24:54.000000000 +0200 -+++ kdelibs-4.6.90/kdecore/auth/ConfigureChecks.cmake 2011-07-12 14:03:00.000000000 +0200 -@@ -139,7 +139,7 @@ - ${CMAKE_INSTALL_PREFIX} _KDE4_AUTH_POLICY_FILES_INSTALL_DIR - ${POLKITQT-1_POLICY_FILES_INSTALL_DIR}) - -- set(KDE4_AUTH_POLICY_FILES_INSTALL_DIR ${_KDE4_AUTH_POLICY_FILES_INSTALL_DIR} CACHE STRING -+ set(KDE4_AUTH_POLICY_FILES_INSTALL_DIR "\${CMAKE_INSTALL_PREFIX}/share/polkit-1/actions" CACHE STRING - "Where policy files generated by KAuth will be installed" FORCE) - elseif(KDE4_AUTH_BACKEND_NAME STREQUAL "FAKE") - set (KAUTH_COMPILING_FAKE_BACKEND TRUE) diff --git a/pkgs/applications/misc/slic3r/fix-no-display.patch b/pkgs/applications/misc/slic3r/fix-no-display.patch deleted file mode 100644 index b5aeca3a4167..000000000000 --- a/pkgs/applications/misc/slic3r/fix-no-display.patch +++ /dev/null @@ -1,59 +0,0 @@ -diff --git a/Build.PL b/Build.PL -index 8b21c15..fd3aff0 100644 ---- a/Build.PL -+++ b/Build.PL -@@ -33,9 +33,6 @@ my $sudo = grep { $_ eq '--sudo' } @ARGV; - my $gui = grep { $_ eq '--gui' } @ARGV; - my $xs_only = grep { $_ eq '--xs' } @ARGV; - if ($gui) { -- %prereqs = qw( -- Wx 0.9918 -- ); - %recommends = qw( - Growl::GNTP 0.15 - Wx::GLCanvas 0 -diff --git a/lib/Slic3r/GUI.pm b/lib/Slic3r/GUI.pm -index 842ff44..ea0af64 100644 ---- a/lib/Slic3r/GUI.pm -+++ b/lib/Slic3r/GUI.pm -@@ -26,7 +26,7 @@ use Slic3r::GUI::OptionsGroup::Field; - use Slic3r::GUI::SimpleTab; - use Slic3r::GUI::Tab; - --our $have_OpenGL = eval "use Slic3r::GUI::PreviewCanvas; 1"; -+our $have_OpenGL = 0; - - use Wx 0.9901 qw(:bitmap :dialog :icon :id :misc :systemsettings :toplevelwindow - :filedialog); -diff --git a/lib/Slic3r/GUI/Plater/2DToolpaths.pm b/lib/Slic3r/GUI/Plater/2DToolpaths.pm -index 8e48a72..7bed973 100644 ---- a/lib/Slic3r/GUI/Plater/2DToolpaths.pm -+++ b/lib/Slic3r/GUI/Plater/2DToolpaths.pm -@@ -90,18 +90,20 @@ sub set_z { - package Slic3r::GUI::Plater::2DToolpaths::Canvas; - - use Wx::Event qw(EVT_PAINT EVT_SIZE EVT_ERASE_BACKGROUND EVT_IDLE EVT_MOUSEWHEEL EVT_MOUSE_EVENTS); --use OpenGL qw(:glconstants :glfunctions :glufunctions); --use base qw(Wx::GLCanvas Class::Accessor); --use Wx::GLCanvas qw(:all); - use List::Util qw(min first); - use Slic3r::Geometry qw(scale unscale epsilon); - - __PACKAGE__->mk_accessors(qw(print z layers color init dirty bb)); - --# make OpenGL::Array thread-safe --{ -- no warnings 'redefine'; -- *OpenGL::Array::CLONE_SKIP = sub { 1 }; -+if ($Slic3r::GUI::have_OpenGL) { -+ use OpenGL qw(:glconstants :glfunctions :glufunctions); -+ use Wx::GLCanvas qw(:all); -+ use base qw(Wx::GLCanvas Class::Accessor); -+ # make OpenGL::Array thread-safe -+ { -+ no warnings 'redefine'; -+ *OpenGL::Array::CLONE_SKIP = sub { 1 }; -+ } - } - - sub new { diff --git a/pkgs/applications/networking/browsers/mozilla-plugins/fribid/emulated-version.patch b/pkgs/applications/networking/browsers/mozilla-plugins/fribid/emulated-version.patch deleted file mode 100644 index f730ad017b1d..000000000000 --- a/pkgs/applications/networking/browsers/mozilla-plugins/fribid/emulated-version.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- a/common/defines.h 2012-11-14 18:02:43.000000000 +0100 -+++ b/common/defines.h 2013-09-20 19:17:45.669290630 +0200 -@@ -39,7 +39,7 @@ - #define RELEASE_TIME 1352912534 - #define IPCVERSION "10" - --#define EMULATED_VERSION "4.15.0.14" -+#define EMULATED_VERSION "4.17.0.11" // Was 4.15.0.14 - #define DNSVERSION "2" - #define STATUSDOMAIN ".status.fribid.se" - - diff --git a/pkgs/applications/networking/browsers/mozilla-plugins/mplayerplug-in/icecat3-idldir.patch b/pkgs/applications/networking/browsers/mozilla-plugins/mplayerplug-in/icecat3-idldir.patch deleted file mode 100644 index 39dbc7a3ed05..000000000000 --- a/pkgs/applications/networking/browsers/mozilla-plugins/mplayerplug-in/icecat3-idldir.patch +++ /dev/null @@ -1,16 +0,0 @@ -We have to run `xpidl', but we need to provide it with the right IDL -directory. With GNU IceCat 3 (and possibly Firefox 3), this happens to be -"$(pkg-config --variable=idldir libxul)/stable". - ---- mplayerplug-in-3.55/Makefile.in 2008-01-03 01:20:33.000000000 +0100 -+++ mplayerplug-in-3.55/Makefile.in 2008-09-29 22:47:20.000000000 +0200 -@@ -46,7 +46,7 @@ datadir=@datadir@ - LOCALEDIR=$(datadir)/locale - MOZILLA_HOME=@MOZILLA_HOME@ - GECKO_XPIDL=@GECKO_XPIDL@ --GECKO_IDLDIR=@GECKO_IDLDIR@ -+GECKO_IDLDIR=@GECKO_IDLDIR@/stable - - PIXMAPS=pixmaps/logo.xpm pixmaps/progress_left.xpm pixmaps/progress_right.xpm \ - pixmaps/progress_fill.xpm pixmaps/progress_middle.xpm - diff --git a/pkgs/applications/networking/instant-messengers/freetalk/01_callbacks_const_fix.diff b/pkgs/applications/networking/instant-messengers/freetalk/01_callbacks_const_fix.diff deleted file mode 100644 index 5fe871601229..000000000000 --- a/pkgs/applications/networking/instant-messengers/freetalk/01_callbacks_const_fix.diff +++ /dev/null @@ -1,25 +0,0 @@ -Description: Patch to fix FTBFS due to a modified const in src/callbacks.cc -Forwarded: yes -Origin: Ubuntu, -https://bugs.launchpad.net/ubuntu/+source/freetalk/+bug/443241 -Bug-Debian: http://bugs.debian.org/560535 -Author: Jon Bernard ---- 3.2-1.orig/src/callbacks.cc 2008-11-15 10:41:22.000000000 +0000 -+++ 3.2-1/src/callbacks.cc 2009-10-21 15:50:49.000000000 +0100 -@@ -116,13 +116,13 @@ ft_msg_msg_handler (LmMessageHandler *ha - LmMessage *msg, gpointer user_data) - { - LmMessageNode *root, *body, *x; -- const char *from, *msg_str, *type; -- char *ts = NULL; -+ const char *msg_str, *type; -+ char *from, *ts = NULL; - - root = lm_message_get_node (msg); - body = lm_message_node_get_child (root, "body"); - -- from = lm_message_node_get_attribute (msg->node, "from"); -+ from = (char *) lm_message_node_get_attribute (msg->node, "from"); - - /* since the file-transfer happens in-band with messages, we can no longer - * ignore messages with no 'body' */ diff --git a/pkgs/applications/networking/instant-messengers/silc-client/server_setup.patch b/pkgs/applications/networking/instant-messengers/silc-client/server_setup.patch deleted file mode 100644 index 466194c0a8fe..000000000000 --- a/pkgs/applications/networking/instant-messengers/silc-client/server_setup.patch +++ /dev/null @@ -1,28 +0,0 @@ -Add function to replace the behaviour of server_setup_find_port which was removed from irssi on revision 5125. Fixes bug #577501. ---- a/apps/irssi/src/silc/core/client_ops.c -+++ b/apps/irssi/src/silc/core/client_ops.c -@@ -2790,6 +2790,15 @@ - silc_free(a); - } - -+/* helper function to emulate server_setup_find_port */ -+static SERVER_SETUP_REC *silc_server_setup_find_port(const char *address, -+ int port) { -+ SERVER_SETUP_REC *rec; -+ -+ rec = server_setup_find(address, port, NULL); -+ return (rec == NULL || rec->port != port) ? NULL : rec; -+} -+ - /* Find authentication data by hostname and port. The hostname may be IP - address as well.*/ - -@@ -2811,7 +2820,7 @@ - - /* Check whether we find the password for this server in our - configuration. If it's set, always send it server. */ -- setup = server_setup_find_port(hostname, port); -+ setup = silc_server_setup_find_port(hostname, port); - if (setup && setup->password) { - completion(SILC_AUTH_PASSWORD, setup->password, strlen(setup->password), - context); diff --git a/pkgs/applications/networking/sync/lsyncd/configure-a2x-fix.patch b/pkgs/applications/networking/sync/lsyncd/configure-a2x-fix.patch deleted file mode 100644 index 73b479946918..000000000000 --- a/pkgs/applications/networking/sync/lsyncd/configure-a2x-fix.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff -aur lsyncd-release-2.1.5.orig/configure.ac lsyncd-release-2.1.5/configure.ac ---- lsyncd-release-2.1.5.orig/configure.ac 2013-06-07 18:24:02.000000000 +0600 -+++ lsyncd-release-2.1.5/configure.ac 2014-03-04 13:24:15.390350812 +0600 -@@ -15,10 +15,10 @@ - AC_PROG_INSTALL - AC_PROG_MAKE_SET - --#AC_PATH_PROG([A2X], [a2x], [no]) --#if test x${A2X} = xno ; then --# AC_MSG_ERROR([Program 'a2x' (package asciidoc) is required]) --#fi -+AC_PATH_PROG([A2X], [a2x], [no]) -+if test x${A2X} = xno ; then -+ AC_MSG_ERROR([Program 'a2x' (package asciidoc) is required]) -+fi - - ### - # Checks for Lua \ No newline at end of file diff --git a/pkgs/applications/science/electronics/qucs/tr1-complex.patch b/pkgs/applications/science/electronics/qucs/tr1-complex.patch deleted file mode 100644 index 0be7ae00eb95..000000000000 --- a/pkgs/applications/science/electronics/qucs/tr1-complex.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- qucs-core/configure.orig 2011-07-03 07:34:09.069218113 -0500 -+++ qucs-core/configure 2011-07-03 07:34:46.618990497 -0500 -@@ -5884,7 +5884,6 @@ - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext - /* end confdefs.h. */ --#include - using namespace std; - using namespace std::tr1; - int diff --git a/pkgs/applications/science/logic/isabelle/settings.patch b/pkgs/applications/science/logic/isabelle/settings.patch deleted file mode 100644 index bf509a4bac46..000000000000 --- a/pkgs/applications/science/logic/isabelle/settings.patch +++ /dev/null @@ -1,33 +0,0 @@ -diff -Nuar Isabelle2011/etc/settings Isabelle2011-fix/etc/settings ---- Isabelle2011/etc/settings 2011-01-30 13:02:18.000000000 +0100 -+++ Isabelle2011-fix/etc/settings 2011-05-14 22:56:04.000000000 +0200 -@@ -17,13 +17,7 @@ - - # Poly/ML 5.x (automated settings) - ML_PLATFORM="$ISABELLE_PLATFORM" --ML_HOME="$(choosefrom \ -- "$ISABELLE_HOME/contrib/polyml/$ML_PLATFORM" \ -- "$ISABELLE_HOME/../polyml/$ML_PLATFORM" \ -- "/usr/local/polyml/$ML_PLATFORM" \ -- "/usr/share/polyml/$ML_PLATFORM" \ -- "/opt/polyml/$ML_PLATFORM" \ -- "")" -+ML_HOME=@ML_HOME@ - ML_SYSTEM=$("$ISABELLE_HOME/lib/scripts/polyml-version") - ML_OPTIONS="-H 200" - ML_SOURCES="$ML_HOME/../src" -@@ -175,13 +169,7 @@ - ### - - # Proof General home, look in a variety of places --PROOFGENERAL_HOME="$(choosefrom \ -- "$ISABELLE_HOME/contrib/ProofGeneral" \ -- "$ISABELLE_HOME/../ProofGeneral" \ -- "/usr/local/ProofGeneral" \ -- "/usr/share/ProofGeneral" \ -- "/opt/ProofGeneral" \ -- "")" -+PROOFGENERAL_HOME=@PROOFGENERAL_HOME@ - - PROOFGENERAL_OPTIONS="" - #PROOFGENERAL_OPTIONS="-m no_brackets -m no_type_brackets" diff --git a/pkgs/desktops/kde-4.14/files/kdelibs-cve-2014-5033.patch b/pkgs/desktops/kde-4.14/files/kdelibs-cve-2014-5033.patch deleted file mode 100644 index c85eccd6beb6..000000000000 --- a/pkgs/desktops/kde-4.14/files/kdelibs-cve-2014-5033.patch +++ /dev/null @@ -1,36 +0,0 @@ ---- a/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp -+++ b/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp -@@ -144,7 +144,7 @@ - - Action::AuthStatus Polkit1Backend::actionStatus(const QString &action) - { -- PolkitQt1::UnixProcessSubject subject(QCoreApplication::applicationPid()); -+ PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID())); - PolkitQt1::Authority::Result r = PolkitQt1::Authority::instance()->checkAuthorizationSync(action, subject, - PolkitQt1::Authority::None); - switch (r) { -@@ -160,21 +160,12 @@ - - QByteArray Polkit1Backend::callerID() const - { -- QByteArray a; -- QDataStream s(&a, QIODevice::WriteOnly); -- s << QCoreApplication::applicationPid(); -- -- return a; -+ return QDBusConnection::systemBus().baseService().toUtf8(); - } - - bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID) - { -- QDataStream s(&callerID, QIODevice::ReadOnly); -- qint64 pid; -- -- s >> pid; -- -- PolkitQt1::UnixProcessSubject subject(pid); -+ PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID)); - PolkitQt1::Authority *authority = PolkitQt1::Authority::instance(); - - PolkitResultEventLoop e; - diff --git a/pkgs/desktops/kde-4.14/files/polkit-install.patch b/pkgs/desktops/kde-4.14/files/polkit-install.patch deleted file mode 100644 index d2ecac663ec5..000000000000 --- a/pkgs/desktops/kde-4.14/files/polkit-install.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -ru -x '*~' kdelibs-4.6.90-orig/kdecore/auth/ConfigureChecks.cmake kdelibs-4.6.90/kdecore/auth/ConfigureChecks.cmake ---- kdelibs-4.6.90-orig/kdecore/auth/ConfigureChecks.cmake 2011-05-20 22:24:54.000000000 +0200 -+++ kdelibs-4.6.90/kdecore/auth/ConfigureChecks.cmake 2011-07-12 14:03:00.000000000 +0200 -@@ -139,7 +139,7 @@ - ${CMAKE_INSTALL_PREFIX} _KDE4_AUTH_POLICY_FILES_INSTALL_DIR - ${POLKITQT-1_POLICY_FILES_INSTALL_DIR}) - -- set(KDE4_AUTH_POLICY_FILES_INSTALL_DIR ${_KDE4_AUTH_POLICY_FILES_INSTALL_DIR} CACHE STRING -+ set(KDE4_AUTH_POLICY_FILES_INSTALL_DIR "\${CMAKE_INSTALL_PREFIX}/share/polkit-1/actions" CACHE STRING - "Where policy files generated by KAuth will be installed" FORCE) - elseif(KDE4_AUTH_BACKEND_NAME STREQUAL "FAKE") - set (KAUTH_COMPILING_FAKE_BACKEND TRUE) diff --git a/pkgs/desktops/plasma-5.5/libkscreen/libkscreen-backend-path.patch b/pkgs/desktops/plasma-5.5/libkscreen/libkscreen-backend-path.patch deleted file mode 100644 index d5797924d233..000000000000 --- a/pkgs/desktops/plasma-5.5/libkscreen/libkscreen-backend-path.patch +++ /dev/null @@ -1,130 +0,0 @@ -diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt -index 460022f..422a708 100644 ---- a/src/CMakeLists.txt -+++ b/src/CMakeLists.txt -@@ -1,5 +1,7 @@ - include_directories(${CMAKE_SOURCE_DIR} ${CMAKE_BINARY_DIR} ${CMAKE_CURRENT_BINARY_DIR} ${QT_INCLUDES}) - -+configure_file(config-libkscreen.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/config-libkscreen.h) -+ - set(libkscreen_SRCS - backendloader.cpp - config.cpp -diff --git a/src/backendloader.cpp b/src/backendloader.cpp -index b93e469..8aebc14 100644 ---- a/src/backendloader.cpp -+++ b/src/backendloader.cpp -@@ -16,6 +16,7 @@ - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA * - *************************************************************************************/ - -+#include "config-libkscreen.h" - #include "backendloader.h" - #include "debug_p.h" - #include "backends/abstractbackend.h" -@@ -40,55 +41,54 @@ bool BackendLoader::init() - const QString backend = qgetenv("KSCREEN_BACKEND").constData(); - const QString backendFilter = QString::fromLatin1("KSC_%1*").arg(backend); - -- const QStringList paths = QCoreApplication::libraryPaths(); -- Q_FOREACH (const QString &path, paths) { -- const QDir dir(path + QDir::separator() + QLatin1String("/kf5/kscreen/"), -- backendFilter, -- QDir::SortFlags(QDir::QDir::NoSort), -- QDir::NoDotAndDotDot | QDir::Files); -- const QFileInfoList finfos = dir.entryInfoList(); -- Q_FOREACH (const QFileInfo &finfo, finfos) { -- // Skip "Fake" backend unless explicitly specified via KSCREEN_BACKEND -- if (backend.isEmpty() && finfo.fileName().contains(QLatin1String("KSC_Fake"))) { -- continue; -- } -+ QString path = QFile::decodeName(CMAKE_INSTALL_PREFIX "/" PLUGIN_INSTALL_DIR "/"); - -- // When on X11, skip the QScreen backend, instead use the XRandR backend, -- // if not specified in KSCREEN_BACKEND -- if (backend.isEmpty() && -- finfo.fileName().contains(QLatin1String("KSC_QScreen")) && -- QX11Info::isPlatformX11()) { -- continue; -- } -+ const QDir dir(path + QDir::separator() + QLatin1String("/kf5/kscreen/"), -+ backendFilter, -+ QDir::SortFlags(QDir::QDir::NoSort), -+ QDir::NoDotAndDotDot | QDir::Files); -+ const QFileInfoList finfos = dir.entryInfoList(); -+ Q_FOREACH (const QFileInfo &finfo, finfos) { -+ // Skip "Fake" backend unless explicitly specified via KSCREEN_BACKEND -+ if (backend.isEmpty() && finfo.fileName().contains(QLatin1String("KSC_Fake"))) { -+ continue; -+ } - -- // When not on X11, skip the XRandR backend, and fall back to QSCreen -- // if not specified in KSCREEN_BACKEND -- if (backend.isEmpty() && -- finfo.fileName().contains(QLatin1String("KSC_XRandR")) && -- !QX11Info::isPlatformX11()) { -- continue; -- } -+ // When on X11, skip the QScreen backend, instead use the XRandR backend, -+ // if not specified in KSCREEN_BACKEND -+ if (backend.isEmpty() && -+ finfo.fileName().contains(QLatin1String("KSC_QScreen")) && -+ QX11Info::isPlatformX11()) { -+ continue; -+ } -+ -+ // When not on X11, skip the XRandR backend, and fall back to QSCreen -+ // if not specified in KSCREEN_BACKEND -+ if (backend.isEmpty() && -+ finfo.fileName().contains(QLatin1String("KSC_XRandR")) && -+ !QX11Info::isPlatformX11()) { -+ continue; -+ } - -- QPluginLoader loader(finfo.filePath()); -- loader.load(); -- QObject *instance = loader.instance(); -- if (!instance) { -+ QPluginLoader loader(finfo.filePath()); -+ loader.load(); -+ QObject *instance = loader.instance(); -+ if (!instance) { -+ loader.unload(); -+ continue; -+ } -+ -+ s_backend = qobject_cast< AbstractBackend* >(instance); -+ if (s_backend) { -+ if (!s_backend->isValid()) { -+ qCDebug(KSCREEN) << "Skipping" << s_backend->name() << "backend"; -+ delete s_backend; -+ s_backend = 0; - loader.unload(); - continue; - } -- -- s_backend = qobject_cast< AbstractBackend* >(instance); -- if (s_backend) { -- if (!s_backend->isValid()) { -- qCDebug(KSCREEN) << "Skipping" << s_backend->name() << "backend"; -- delete s_backend; -- s_backend = 0; -- loader.unload(); -- continue; -- } -- qCDebug(KSCREEN) << "Loading" << s_backend->name() << "backend"; -- return true; -- } -+ qCDebug(KSCREEN) << "Loading" << s_backend->name() << "backend"; -+ return true; - } - } - -diff --git a/src/config-libkscreen.h.cmake b/src/config-libkscreen.h.cmake -new file mode 100644 -index 0000000..a99f3d1 ---- /dev/null -+++ b/src/config-libkscreen.h.cmake -@@ -0,0 +1,2 @@ -+#define CMAKE_INSTALL_PREFIX "${CMAKE_INSTALL_PREFIX}" -+#define PLUGIN_INSTALL_DIR "${PLUGIN_INSTALL_DIR}" diff --git a/pkgs/development/compilers/ecl/libffi-prefix.patch b/pkgs/development/compilers/ecl/libffi-prefix.patch deleted file mode 100644 index d02cc214f31f..000000000000 --- a/pkgs/development/compilers/ecl/libffi-prefix.patch +++ /dev/null @@ -1,39 +0,0 @@ -diff --git a/src/configure.in b/src/configure.in -index 434da49..642c66c 100644 ---- ecl-15.3.7.orig/src/configure.ac -+++ ecl-15.3.7/src/configure.ac -@@ -191,6 +191,11 @@ AC_ARG_WITH(dffi, - [(system|included|auto|no, default=AUTO if libffi available)]), - [enable_libffi=${withval}], [enable_libffi=auto]) - -+AC_ARG_WITH(libffi-prefix, -+ AS_HELP_STRING( [--with-libffi-prefix=path], -+ [prefix for system LIBFFI includes and libraries] ), -+ [LIBFFI_INCDIR="$withval/include"; LIBFFI_LIBDIR="$withval/lib"], []) -+ - AC_ARG_WITH(fpe, - AS_HELP_STRING( [--with-fpe], - [detect floating point exceptions] -@@ -368,6 +373,22 @@ else - INFOEXT=info - fi - -+dnl libffi -+ -+if test "x$LIBFFI_INCDIR" != "x"; then -+ LIBFFI_CPPFLAGS="-I$LIBFFI_INCDIR" -+fi -+if test "x$LIBFFI_LIBDIR" != "x"; then -+ LIBFFI_LDFLAGS="-L$LIBFFI_LIBDIR" -+ if test "$enable_rpath" = "yes"; then -+ if (echo "$ECL_LDRPATH" | grep '~A') > /dev/null; then -+ LIBFFI_LDFLAGS=`echo $ECL_LDRPATH | sed "s,~A,$LIBFFI_LIBDIR,"`" $LIBFFI_LDFLAGS" -+ fi -+ fi -+fi -+CPPFLAGS="$CPPFLAGS $LIBFFI_CPPFLAGS" -+LDFLAGS="$LDFLAGS $LIBFFI_LDFLAGS" -+ - dnl ====================================================================== - dnl GNU multiprecision library - dnl diff --git a/pkgs/development/compilers/ghc/osx-dylib-resolver.patch b/pkgs/development/compilers/ghc/osx-dylib-resolver.patch deleted file mode 100644 index 50236026031e..000000000000 --- a/pkgs/development/compilers/ghc/osx-dylib-resolver.patch +++ /dev/null @@ -1,60 +0,0 @@ -diff --git a/compiler/ghci/Linker.hs b/compiler/ghci/Linker.hs ---- a/compiler/ghci/Linker.hs -+++ b/compiler/ghci/Linker.hs -@@ -119,9 +119,9 @@ - -- that is really important - pkgs_loaded :: ![PackageKey], - -- -- we need to remember the name of the last temporary DLL/.so -- -- so we can link it -- last_temp_so :: !(Maybe (FilePath, String)) } -+ -- we need to remember the name of previous temporary DLL/.so -+ -- libraries so we can link them (see #10322) -+ temp_sos :: ![(FilePath, String)] } - - - emptyPLS :: DynFlags -> PersistentLinkerState -@@ -131,7 +131,7 @@ - pkgs_loaded = init_pkgs, - bcos_loaded = [], - objs_loaded = [], -- last_temp_so = Nothing } -+ temp_sos = [] } - - -- Packages that don't need loading, because the compiler - -- shares them with the interpreted program. -@@ -841,19 +841,19 @@ - dflags2 = dflags1 { - -- We don't want the original ldInputs in - -- (they're already linked in), but we do want -- -- to link against the previous dynLoadObjs -- -- library if there was one, so that the linker -+ -- to link against previous dynLoadObjs -+ -- libraries if there were any, so that the linker - -- can resolve dependencies when it loads this - -- library. - ldInputs = -- case last_temp_so pls of -- Nothing -> [] -- Just (lp, l) -> -+ concatMap -+ (\(lp, l) -> - [ Option ("-L" ++ lp) - , Option ("-Wl,-rpath") - , Option ("-Wl," ++ lp) - , Option ("-l" ++ l) -- ], -+ ]) -+ (temp_sos pls), - -- Even if we're e.g. profiling, we still want - -- the vanilla dynamic libraries, so we set the - -- ways / build tag to be just WayDyn. -@@ -868,7 +868,7 @@ - consIORef (filesToNotIntermediateClean dflags) soFile - m <- loadDLL soFile - case m of -- Nothing -> return pls { last_temp_so = Just (libPath, libName) } -+ Nothing -> return pls { temp_sos = (libPath, libName) : temp_sos pls } - Just err -> panic ("Loading temp shared object failed: " ++ err) - - rmDupLinkables :: [Linkable] -- Already loaded diff --git a/pkgs/development/compilers/hhvm/3918a2ccceb98230ff517601ad60aa6bee36e2c4.patch b/pkgs/development/compilers/hhvm/3918a2ccceb98230ff517601ad60aa6bee36e2c4.patch deleted file mode 100644 index 8ee5b31925f8..000000000000 --- a/pkgs/development/compilers/hhvm/3918a2ccceb98230ff517601ad60aa6bee36e2c4.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 3918a2ccceb98230ff517601ad60aa6bee36e2c4 Mon Sep 17 00:00:00 2001 -From: Alex Malyshev -Date: Tue, 28 Oct 2014 15:55:34 -0700 -Subject: [PATCH] Replace use of MAX macro with std::max in ZendPack - -Summary: This has randomly bitten me in open source builds. I intermittently get -an error saying that MAX isn't defined. - -Instead of trying to figure out what's going on, I'm just gonna switch -it to std::max. - -Reviewed By: @paulbiss - -Differential Revision: D1636740 ---- - hphp/runtime/base/zend-pack.cpp | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/hphp/runtime/base/zend-pack.cpp b/hphp/runtime/base/zend-pack.cpp -index d878ea4..c3ee14d 100644 ---- a/hphp/runtime/base/zend-pack.cpp -+++ b/hphp/runtime/base/zend-pack.cpp -@@ -21,6 +21,8 @@ - #include "hphp/runtime/base/builtin-functions.h" - #include "hphp/util/tiny-vector.h" - -+#include -+ - namespace HPHP { - - #define INC_OUTPUTPOS(a,b) \ -@@ -294,7 +296,7 @@ Variant ZendPack::pack(const String& fmt, const Array& argv) { - case 'a': - case 'A': - case 'Z': { -- int arg_cp = (code != 'Z') ? arg : MAX(0, arg - 1); -+ int arg_cp = (code != 'Z') ? arg : std::max(0, arg - 1); - memset(&output[outputpos], (code != 'A') ? '\0' : ' ', arg); - val = argv[currentarg++].toString(); - s = val.c_str(); diff --git a/pkgs/development/compilers/hhvm/8207a31c26cc42fee79363a14c4a8f4fcbfffe63.patch b/pkgs/development/compilers/hhvm/8207a31c26cc42fee79363a14c4a8f4fcbfffe63.patch deleted file mode 100644 index f7cf29b739f0..000000000000 --- a/pkgs/development/compilers/hhvm/8207a31c26cc42fee79363a14c4a8f4fcbfffe63.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 8207a31c26cc42fee79363a14c4a8f4fcbfffe63 Mon Sep 17 00:00:00 2001 -From: Jordan DeLong -Date: Mon, 6 Oct 2014 18:30:28 -0700 -Subject: [PATCH] Remove some MIN/MAX macro uses in the emitter - -Summary: has preferable type-safe versions that don't double-eval -their args. - -Reviewed By: @paulbiss - -Differential Revision: D1599803 ---- - hphp/compiler/analysis/emitter.cpp | 6 +++--- - hphp/util/compatibility.h | 4 ---- - 2 files changed, 3 insertions(+), 7 deletions(-) - -diff --git a/hphp/compiler/analysis/emitter.cpp b/hphp/compiler/analysis/emitter.cpp -index 321e637..b1d3f2d 100644 ---- a/hphp/compiler/analysis/emitter.cpp -+++ b/hphp/compiler/analysis/emitter.cpp -@@ -799,8 +799,8 @@ void SymbolicStack::push(char sym) { - if (sym != StackSym::W && sym != StackSym::K && sym != StackSym::L && - sym != StackSym::T && sym != StackSym::I && sym != StackSym::H) { - m_actualStack.push_back(m_symStack.size()); -- *m_actualStackHighWaterPtr = MAX(*m_actualStackHighWaterPtr, -- (int)m_actualStack.size()); -+ *m_actualStackHighWaterPtr = std::max(*m_actualStackHighWaterPtr, -+ (int)m_actualStack.size()); - } - m_symStack.push_back(SymEntry(sym)); - } -@@ -1010,7 +1010,7 @@ int SymbolicStack::sizeActual() const { - - void SymbolicStack::pushFDesc() { - m_fdescCount += kNumActRecCells; -- *m_fdescHighWaterPtr = MAX(*m_fdescHighWaterPtr, m_fdescCount); -+ *m_fdescHighWaterPtr = std::max(*m_fdescHighWaterPtr, m_fdescCount); - } - - void SymbolicStack::popFDesc() { diff --git a/pkgs/development/compilers/julia/0001-work-around-buggy-wcwidth.patch b/pkgs/development/compilers/julia/0001-work-around-buggy-wcwidth.patch deleted file mode 100644 index 7c4870fb2a89..000000000000 --- a/pkgs/development/compilers/julia/0001-work-around-buggy-wcwidth.patch +++ /dev/null @@ -1,24 +0,0 @@ -From b9070aeab0ab672ffe321089631f9afe263b0caa Mon Sep 17 00:00:00 2001 -From: Thomas Tuegel -Date: Thu, 4 Jun 2015 12:03:32 -0500 -Subject: [PATCH] work around buggy wcwidth - ---- - test/unicode.jl | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/test/unicode.jl b/test/unicode.jl -index 52c3e6a..f1ef698 100644 ---- a/test/unicode.jl -+++ b/test/unicode.jl -@@ -103,5 +103,6 @@ end - - # handling of embedded NUL chars (#10958) - @test length("\0w") == length("\0α") == 2 --@test strwidth("\0w") == strwidth("\0α") == 1 -+@test strwidth("\0w") == charwidth('\0') + charwidth('w') -+@test strwidth("\0α") == charwidth('\0') + charwidth('α') - @test normalize_string("\0W", casefold=true) == "\0w" --- -2.4.1 - diff --git a/pkgs/development/compilers/openjdk/linux-4.0.patch b/pkgs/development/compilers/openjdk/linux-4.0.patch deleted file mode 100644 index c3d7cf8b6ca5..000000000000 --- a/pkgs/development/compilers/openjdk/linux-4.0.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Naur openjdk-7u65-b32/hotspot/make/linux/Makefile openjdk-7u65-b32-patch/hotspot/make/linux/Makefile ---- openjdk-7u65-b32/hotspot/make/linux/Makefile 2014-07-17 03:08:38.000000000 -0700 -+++ openjdk-7u65-b32-patch/hotspot/make/linux/Makefile 2015-04-21 05:33:12.170190385 -0700 -@@ -231,7 +231,7 @@ - # Solaris 2.5.1, 2.6). - # Disable this check by setting DISABLE_HOTSPOT_OS_VERSION_CHECK=ok. - --SUPPORTED_OS_VERSION = 2.4% 2.5% 2.6% 3% -+SUPPORTED_OS_VERSION = 2.4% 2.5% 2.6% 3% 4% - OS_VERSION := $(shell uname -r) - EMPTY_IF_NOT_SUPPORTED = $(filter $(SUPPORTED_OS_VERSION),$(OS_VERSION)) - diff --git a/pkgs/development/coq-modules/ssreflect/threads.patch b/pkgs/development/coq-modules/ssreflect/threads.patch deleted file mode 100644 index d60a645f6ee8..000000000000 --- a/pkgs/development/coq-modules/ssreflect/threads.patch +++ /dev/null @@ -1,16 +0,0 @@ ---- a/Make 2015-04-20 13:37:06.000000000 +0200 -+++ b/Make 2015-04-25 11:32:53.885194600 +0200 -@@ -1,9 +1,9 @@ - ### Uncomment for static linking - ## --#-custom "$(COQBIN)coqmktop -coqlib `$(COQBIN)coqtop -where` -opt -o bin/ssrcoq src/ssrmatching.cmx src/ssreflect.cmx" "src/ssrmatching.cmx src/ssreflect.cmx" bin/ssrcoq --#-custom "$(COQBIN)coqmktop -coqlib `$(COQBIN)coqtop -where` -o bin/ssrcoq.byte src/ssrmatching.cmo src/ssreflect.cmo" "src/ssrmatching.cmo src/ssreflect.cmo" bin/ssrcoq.byte --#-custom "$(SSRCOQ) $(COQFLAGS) -compile $*" "%.v $(SSRCOQ)" "%.vo" --#SSRCOQ = bin/ssrcoq -+-custom "$(COQBIN)coqmktop -coqlib `$(COQBIN)coqtop -where` -opt -o bin/ssrcoq -I +threads src/ssrmatching.cmx src/ssreflect.cmx" "src/ssrmatching.cmx src/ssreflect.cmx" bin/ssrcoq -+-custom "$(COQBIN)coqmktop -coqlib `$(COQBIN)coqtop -where` -o bin/ssrcoq.byte -I +threads src/ssrmatching.cmo src/ssreflect.cmo" "src/ssrmatching.cmo src/ssreflect.cmo" bin/ssrcoq.byte -+-custom "$(SSRCOQ) $(COQFLAGS) -compile $*" "%.v $(SSRCOQ)" "%.vo" -+SSRCOQ = bin/ssrcoq - ## - - ## What follows should be left untouched by the final user of ssreflect diff --git a/pkgs/development/haskell-modules/patches/regex-tdfa-text.patch b/pkgs/development/haskell-modules/patches/regex-tdfa-text.patch deleted file mode 100644 index ef349b1cb641..000000000000 --- a/pkgs/development/haskell-modules/patches/regex-tdfa-text.patch +++ /dev/null @@ -1,21 +0,0 @@ ---- regex-tdfa-text-1.0.0.2/Text/Regex/TDFA/Text/Lazy.orig.hs 2015-08-05 20:30:01.228983428 +0100 -+++ regex-tdfa-text-1.0.0.2/Text/Regex/TDFA/Text/Lazy.hs 2015-08-05 20:39:25.682563005 +0100 -@@ -26,7 +26,7 @@ - import Data.Array.IArray((!),elems,amap) - import qualified Data.Text.Lazy as L(Text,empty,take,drop,uncons,unpack) - --import Text.Regex.Base(MatchArray,RegexContext(..),Extract(..),RegexMaker(..),RegexLike(..)) -+import Text.Regex.Base(MatchText,MatchArray,RegexContext(..),Extract(..),RegexMaker(..),RegexLike(..)) - import Text.Regex.Base.Impl(polymatch,polymatchM) - import Text.Regex.TDFA.ReadRegex(parseRegex) - import Text.Regex.TDFA.String() -- piggyback on RegexMaker for String -@@ -74,7 +74,8 @@ - ,after (o+l) source)) - (matchOnce regex source) - matchAllText regex source = -- let go i _ _ | i `seq` False = undefined -+ let go :: Int -> L.Text -> [MatchArray] -> [MatchText L.Text] -+ go i _ _ | i `seq` False = undefined - go _i _t [] = [] - go i t (x:xs) = - let (off0,len0) = x!0 diff --git a/pkgs/development/libraries/aterm/aterm-mingw-asm.patch b/pkgs/development/libraries/aterm/aterm-mingw-asm.patch deleted file mode 100644 index ce09ead90429..000000000000 --- a/pkgs/development/libraries/aterm/aterm-mingw-asm.patch +++ /dev/null @@ -1,498 +0,0 @@ -diff -rc aterm-2.8/aterm/gc.c aterm-2.8-new/aterm/gc.c -*** aterm-2.8/aterm/gc.c 2008-11-10 13:54:22.000000000 +0100 ---- aterm-2.8-new/aterm/gc.c 2010-08-23 17:04:56.000000000 +0200 -*************** -*** 260,317 **** - AFun oddSym; - #endif - -- #ifdef WIN32 -- -- unsigned int r_eax, r_ebx, r_ecx, r_edx, \ -- r_esi, r_edi, r_esp, r_ebp; -- ATerm reg[8], real_term; -- -- __asm { -- /* Get the registers into local variables to check them -- for aterms later. */ -- mov r_eax, eax -- mov r_ebx, ebx -- mov r_ecx, ecx -- mov r_edx, edx -- mov r_esi, esi -- mov r_edi, edi -- mov r_esp, esp -- mov r_ebp, ebp -- } -- /* Put the register-values into an array */ -- reg[0] = (ATerm) r_eax; -- reg[1] = (ATerm) r_ebx; -- reg[2] = (ATerm) r_ecx; -- reg[3] = (ATerm) r_edx; -- reg[4] = (ATerm) r_esi; -- reg[5] = (ATerm) r_edi; -- reg[6] = (ATerm) r_esp; -- reg[7] = (ATerm) r_ebp; -- -- for(i=0; i<8; i++) { -- real_term = AT_isInsideValidTerm(reg[i]); -- if (real_term != NULL) { -- AT_markTerm(real_term); -- } -- if (AT_isValidSymbol((Symbol)reg[i])) { -- AT_markSymbol((Symbol)reg[i]); -- } -- } -- -- /* The register variables are on the stack aswell -- I set them to zero so they won't be processed again when -- the stack is traversed. The reg-array is also in the stack -- but that will be adjusted later */ -- r_eax = 0; -- r_ebx = 0; -- r_ecx = 0; -- r_edx = 0; -- r_esi = 0; -- r_edi = 0; -- r_esp = 0; -- r_ebp = 0; -- -- #else - jmp_buf env; - - /* Traverse possible register variables */ ---- 260,265 ---- -*************** -*** 320,326 **** - start = (ATerm *)((char *)env); - stop = ((ATerm *)(((char *)env) + sizeof(jmp_buf))); - mark_memory(start, stop); -- #endif - - stackTop = stack_top(); - ---- 268,273 ---- -*************** -*** 385,442 **** - AFun oddSym; - #endif - -- #ifdef WIN32 -- -- unsigned int r_eax, r_ebx, r_ecx, r_edx, \ -- r_esi, r_edi, r_esp, r_ebp; -- ATerm reg[8], real_term; -- -- __asm { -- /* Get the registers into local variables to check them -- for aterms later. */ -- mov r_eax, eax -- mov r_ebx, ebx -- mov r_ecx, ecx -- mov r_edx, edx -- mov r_esi, esi -- mov r_edi, edi -- mov r_esp, esp -- mov r_ebp, ebp -- } -- /* Put the register-values into an array */ -- reg[0] = (ATerm) r_eax; -- reg[1] = (ATerm) r_ebx; -- reg[2] = (ATerm) r_ecx; -- reg[3] = (ATerm) r_edx; -- reg[4] = (ATerm) r_esi; -- reg[5] = (ATerm) r_edi; -- reg[6] = (ATerm) r_esp; -- reg[7] = (ATerm) r_ebp; -- -- for(i=0; i<8; i++) { -- real_term = AT_isInsideValidTerm(reg[i]); -- if (real_term != NULL) { -- AT_markTerm_young(real_term); -- } -- if (AT_isValidSymbol((Symbol)reg[i])) { -- AT_markSymbol_young((Symbol)reg[i]); -- } -- } -- -- /* The register variables are on the stack aswell -- I set them to zero so they won't be processed again when -- the stack is traversed. The reg-array is also in the stack -- but that will be adjusted later */ -- r_eax = 0; -- r_ebx = 0; -- r_ecx = 0; -- r_edx = 0; -- r_esi = 0; -- r_edi = 0; -- r_esp = 0; -- r_ebp = 0; -- -- #else - jmp_buf env; - - /* Traverse possible register variables */ ---- 332,337 ---- -*************** -*** 445,451 **** - start = (ATerm *)((char *)env); - stop = ((ATerm *)(((char *)env) + sizeof(jmp_buf))); - mark_memory_young(start, stop); -- #endif - - stackTop = stack_top(); - start = MIN(stackTop, stackBot); ---- 340,345 ---- -Only in aterm-2.8-new/aterm: gc.c.orig -diff -rc aterm-2.8/configure aterm-2.8-new/configure -*** aterm-2.8/configure 2008-11-10 13:54:27.000000000 +0100 ---- aterm-2.8-new/configure 2010-08-23 17:08:10.000000000 +0200 -*************** -*** 19970,20295 **** - CURDATE=`date` - - -- echo "$as_me:$LINENO: checking whether byte ordering is bigendian" >&5 -- echo $ECHO_N "checking whether byte ordering is bigendian... $ECHO_C" >&6 -- if test "${ac_cv_c_bigendian+set}" = set; then -- echo $ECHO_N "(cached) $ECHO_C" >&6 -- else -- # See if sys/param.h defines the BYTE_ORDER macro. -- cat >conftest.$ac_ext <<_ACEOF -- /* confdefs.h. */ -- _ACEOF -- cat confdefs.h >>conftest.$ac_ext -- cat >>conftest.$ac_ext <<_ACEOF -- /* end confdefs.h. */ -- #include -- #include -- -- int -- main () -- { -- #if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN -- bogus endian macros -- #endif -- -- ; -- return 0; -- } -- _ACEOF -- rm -f conftest.$ac_objext -- if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 -- (eval $ac_compile) 2>conftest.er1 -- ac_status=$? -- grep -v '^ *+' conftest.er1 >conftest.err -- rm -f conftest.er1 -- cat conftest.err >&5 -- echo "$as_me:$LINENO: \$? = $ac_status" >&5 -- (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" -- || test ! -s conftest.err' -- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 -- (eval $ac_try) 2>&5 -- ac_status=$? -- echo "$as_me:$LINENO: \$? = $ac_status" >&5 -- (exit $ac_status); }; } && -- { ac_try='test -s conftest.$ac_objext' -- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 -- (eval $ac_try) 2>&5 -- ac_status=$? -- echo "$as_me:$LINENO: \$? = $ac_status" >&5 -- (exit $ac_status); }; }; then -- # It does; now see whether it defined to BIG_ENDIAN or not. -- cat >conftest.$ac_ext <<_ACEOF -- /* confdefs.h. */ -- _ACEOF -- cat confdefs.h >>conftest.$ac_ext -- cat >>conftest.$ac_ext <<_ACEOF -- /* end confdefs.h. */ -- #include -- #include -- -- int -- main () -- { -- #if BYTE_ORDER != BIG_ENDIAN -- not big endian -- #endif -- -- ; -- return 0; -- } -- _ACEOF -- rm -f conftest.$ac_objext -- if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 -- (eval $ac_compile) 2>conftest.er1 -- ac_status=$? -- grep -v '^ *+' conftest.er1 >conftest.err -- rm -f conftest.er1 -- cat conftest.err >&5 -- echo "$as_me:$LINENO: \$? = $ac_status" >&5 -- (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" -- || test ! -s conftest.err' -- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 -- (eval $ac_try) 2>&5 -- ac_status=$? -- echo "$as_me:$LINENO: \$? = $ac_status" >&5 -- (exit $ac_status); }; } && -- { ac_try='test -s conftest.$ac_objext' -- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 -- (eval $ac_try) 2>&5 -- ac_status=$? -- echo "$as_me:$LINENO: \$? = $ac_status" >&5 -- (exit $ac_status); }; }; then -- ac_cv_c_bigendian=yes -- else -- echo "$as_me: failed program was:" >&5 -- sed 's/^/| /' conftest.$ac_ext >&5 -- -- ac_cv_c_bigendian=no -- fi -- rm -f conftest.err conftest.$ac_objext conftest.$ac_ext -- else -- echo "$as_me: failed program was:" >&5 -- sed 's/^/| /' conftest.$ac_ext >&5 -- -- # It does not; compile a test program. -- if test "$cross_compiling" = yes; then -- # try to guess the endianness by grepping values into an object file -- ac_cv_c_bigendian=unknown -- cat >conftest.$ac_ext <<_ACEOF -- /* confdefs.h. */ -- _ACEOF -- cat confdefs.h >>conftest.$ac_ext -- cat >>conftest.$ac_ext <<_ACEOF -- /* end confdefs.h. */ -- short ascii_mm[] = { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 }; -- short ascii_ii[] = { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 }; -- void _ascii () { char *s = (char *) ascii_mm; s = (char *) ascii_ii; } -- short ebcdic_ii[] = { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 }; -- short ebcdic_mm[] = { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 }; -- void _ebcdic () { char *s = (char *) ebcdic_mm; s = (char *) ebcdic_ii; } -- int -- main () -- { -- _ascii (); _ebcdic (); -- ; -- return 0; -- } -- _ACEOF -- rm -f conftest.$ac_objext -- if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 -- (eval $ac_compile) 2>conftest.er1 -- ac_status=$? -- grep -v '^ *+' conftest.er1 >conftest.err -- rm -f conftest.er1 -- cat conftest.err >&5 -- echo "$as_me:$LINENO: \$? = $ac_status" >&5 -- (exit $ac_status); } && -- { ac_try='test -z "$ac_c_werror_flag" -- || test ! -s conftest.err' -- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 -- (eval $ac_try) 2>&5 -- ac_status=$? -- echo "$as_me:$LINENO: \$? = $ac_status" >&5 -- (exit $ac_status); }; } && -- { ac_try='test -s conftest.$ac_objext' -- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 -- (eval $ac_try) 2>&5 -- ac_status=$? -- echo "$as_me:$LINENO: \$? = $ac_status" >&5 -- (exit $ac_status); }; }; then -- if grep BIGenDianSyS conftest.$ac_objext >/dev/null ; then -- ac_cv_c_bigendian=yes -- fi -- if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then -- if test "$ac_cv_c_bigendian" = unknown; then -- ac_cv_c_bigendian=no -- else -- # finding both strings is unlikely to happen, but who knows? -- ac_cv_c_bigendian=unknown -- fi -- fi -- else -- echo "$as_me: failed program was:" >&5 -- sed 's/^/| /' conftest.$ac_ext >&5 -- -- fi -- rm -f conftest.err conftest.$ac_objext conftest.$ac_ext -- else -- cat >conftest.$ac_ext <<_ACEOF -- /* confdefs.h. */ -- _ACEOF -- cat confdefs.h >>conftest.$ac_ext -- cat >>conftest.$ac_ext <<_ACEOF -- /* end confdefs.h. */ -- int -- main () -- { -- /* Are we little or big endian? From Harbison&Steele. */ -- union -- { -- long l; -- char c[sizeof (long)]; -- } u; -- u.l = 1; -- exit (u.c[sizeof (long) - 1] == 1); -- } -- _ACEOF -- rm -f conftest$ac_exeext -- if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 -- (eval $ac_link) 2>&5 -- ac_status=$? -- echo "$as_me:$LINENO: \$? = $ac_status" >&5 -- (exit $ac_status); } && { ac_try='./conftest$ac_exeext' -- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 -- (eval $ac_try) 2>&5 -- ac_status=$? -- echo "$as_me:$LINENO: \$? = $ac_status" >&5 -- (exit $ac_status); }; }; then -- ac_cv_c_bigendian=no -- else -- echo "$as_me: program exited with status $ac_status" >&5 -- echo "$as_me: failed program was:" >&5 -- sed 's/^/| /' conftest.$ac_ext >&5 -- -- ( exit $ac_status ) -- ac_cv_c_bigendian=yes -- fi -- rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -- fi -- fi -- rm -f conftest.err conftest.$ac_objext conftest.$ac_ext -- fi -- echo "$as_me:$LINENO: result: $ac_cv_c_bigendian" >&5 -- echo "${ECHO_T}$ac_cv_c_bigendian" >&6 -- case $ac_cv_c_bigendian in -- yes) -- -- cat >>confdefs.h <<\_ACEOF -- #define WORDS_BIGENDIAN 1 -- _ACEOF -- ;; -- no) -- ;; -- *) -- { { echo "$as_me:$LINENO: error: unknown endianness -- presetting ac_cv_c_bigendian=no (or yes) will help" >&5 -- echo "$as_me: error: unknown endianness -- presetting ac_cv_c_bigendian=no (or yes) will help" >&2;} -- { (exit 1); exit 1; }; } ;; -- esac -- -- -- echo "$as_me:$LINENO: checking whether float word ordering is big endian" >&5 -- echo $ECHO_N "checking whether float word ordering is big endian... $ECHO_C" >&6 -- if test "${ax_cv_c_float_word_order_big+set}" = set; then -- echo $ECHO_N "(cached) $ECHO_C" >&6 -- else -- -- if test "$cross_compiling" = yes; then -- { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling -- See \`config.log' for more details." >&5 -- echo "$as_me: error: cannot run test program while cross compiling -- See \`config.log' for more details." >&2;} -- { (exit 1); exit 1; }; } -- else -- cat >conftest.$ac_ext <<_ACEOF -- -- /* This code returns 0 if the float word order is big endian and >= 1 if it is little endian. */ -- main(){ -- #ifdef WORDS_BIGENDIAN -- return 0; /* If the system's encoding is big endian, so is the float word order. NOTE: If the encoding is big endian and WORDS_BIGENDIAN isn't defined, the code below will still return the correct float word order (big). */ -- #else -- union -- { -- double d; -- /* IEEE754 little endian encoded floating point number structure with little endian float word order. */ -- struct{ -- unsigned int mantissa1:32; -- unsigned int mantissa0:20; -- unsigned int exponent:11; -- unsigned int negative:1; -- } ieee; -- } u; -- u.d = -1; -- return (u.ieee.negative == 1); -- #endif -- } -- -- _ACEOF -- rm -f conftest$ac_exeext -- if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 -- (eval $ac_link) 2>&5 -- ac_status=$? -- echo "$as_me:$LINENO: \$? = $ac_status" >&5 -- (exit $ac_status); } && { ac_try='./conftest$ac_exeext' -- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 -- (eval $ac_try) 2>&5 -- ac_status=$? -- echo "$as_me:$LINENO: \$? = $ac_status" >&5 -- (exit $ac_status); }; }; then -- ax_cv_c_float_word_order_big=yes -- else -- echo "$as_me: program exited with status $ac_status" >&5 -- echo "$as_me: failed program was:" >&5 -- sed 's/^/| /' conftest.$ac_ext >&5 -- -- ( exit $ac_status ) -- ax_cv_c_float_word_order_big=no -- fi -- rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -- fi -- -- -- fi -- echo "$as_me:$LINENO: result: $ax_cv_c_float_word_order_big" >&5 -- echo "${ECHO_T}$ax_cv_c_float_word_order_big" >&6 -- -- case $ax_cv_c_float_word_order_big in -- yes) -- -- -- cat >>confdefs.h <<\_ACEOF -- #define FLOAT_WORD_ORDER_BIG 1 -- _ACEOF -- -- -- ;; -- no) -- ;; -- *) -- -- { { echo "$as_me:$LINENO: error: Unable to determain float word ordering. You need to manually preset ax_cv_c_float_word_order_big=(yes / no). -- " >&5 -- echo "$as_me: error: Unable to determain float word ordering. You need to manually preset ax_cv_c_float_word_order_big=(yes / no). -- " >&2;} -- { (exit 1); exit 1; }; } -- -- ;; -- esac -- -- - - - for ac_func in strdup ---- 19970,19975 ---- -diff -rc aterm-2.8/Makefile.in aterm-2.8-new/Makefile.in -*** aterm-2.8/Makefile.in 2008-11-10 13:54:28.000000000 +0100 ---- aterm-2.8-new/Makefile.in 2010-08-23 17:05:27.000000000 +0200 -*************** -*** 217,223 **** - - pkgconfig_DATA = ${PACKAGE}.pc - -! SUBDIRS = aterm utils test - - ACLOCAL_AMFLAGS = -I . - subdir = . ---- 217,223 ---- - - pkgconfig_DATA = ${PACKAGE}.pc - -! SUBDIRS = aterm utils - - ACLOCAL_AMFLAGS = -I . - subdir = . diff --git a/pkgs/development/libraries/boost/boost-155-clang.patch b/pkgs/development/libraries/boost/boost-155-clang.patch deleted file mode 100644 index 9c4e3a74cd25..000000000000 --- a/pkgs/development/libraries/boost/boost-155-clang.patch +++ /dev/null @@ -1,90 +0,0 @@ -diff --git a/boost/atomic/detail/cas128strong.hpp b/boost/atomic/detail/cas128strong.hpp -index 906c13e..dcb4d7d 100644 ---- a/boost/atomic/detail/cas128strong.hpp -+++ b/boost/atomic/detail/cas128strong.hpp -@@ -196,15 +196,17 @@ class base_atomic - - public: - BOOST_DEFAULTED_FUNCTION(base_atomic(void), {}) -- explicit base_atomic(value_type const& v) BOOST_NOEXCEPT : v_(0) -+ explicit base_atomic(value_type const& v) BOOST_NOEXCEPT - { -+ memset(&v_, 0, sizeof(v_)); - memcpy(&v_, &v, sizeof(value_type)); - } - - void - store(value_type const& value, memory_order order = memory_order_seq_cst) volatile BOOST_NOEXCEPT - { -- storage_type value_s = 0; -+ storage_type value_s; -+ memset(&value_s, 0, sizeof(value_s)); - memcpy(&value_s, &value, sizeof(value_type)); - platform_fence_before_store(order); - platform_store128(value_s, &v_); -@@ -247,7 +249,9 @@ class base_atomic - memory_order success_order, - memory_order failure_order) volatile BOOST_NOEXCEPT - { -- storage_type expected_s = 0, desired_s = 0; -+ storage_type expected_s, desired_s; -+ memset(&expected_s, 0, sizeof(expected_s)); -+ memset(&desired_s, 0, sizeof(desired_s)); - memcpy(&expected_s, &expected, sizeof(value_type)); - memcpy(&desired_s, &desired, sizeof(value_type)); - -diff --git a/boost/atomic/detail/gcc-atomic.hpp b/boost/atomic/detail/gcc-atomic.hpp -index a130590..4af99a1 100644 ---- a/boost/atomic/detail/gcc-atomic.hpp -+++ b/boost/atomic/detail/gcc-atomic.hpp -@@ -958,14 +958,16 @@ class base_atomic - - public: - BOOST_DEFAULTED_FUNCTION(base_atomic(void), {}) -- explicit base_atomic(value_type const& v) BOOST_NOEXCEPT : v_(0) -+ explicit base_atomic(value_type const& v) BOOST_NOEXCEPT - { -+ memset(&v_, 0, sizeof(v_)); - memcpy(&v_, &v, sizeof(value_type)); - } - - void store(value_type const& v, memory_order order = memory_order_seq_cst) volatile BOOST_NOEXCEPT - { -- storage_type tmp = 0; -+ storage_type tmp; -+ memset(&tmp, 0, sizeof(tmp)); - memcpy(&tmp, &v, sizeof(value_type)); - __atomic_store_n(&v_, tmp, atomics::detail::convert_memory_order_to_gcc(order)); - } -@@ -980,7 +982,8 @@ class base_atomic - - value_type exchange(value_type const& v, memory_order order = memory_order_seq_cst) volatile BOOST_NOEXCEPT - { -- storage_type tmp = 0; -+ storage_type tmp; -+ memset(&tmp, 0, sizeof(tmp)); - memcpy(&tmp, &v, sizeof(value_type)); - tmp = __atomic_exchange_n(&v_, tmp, atomics::detail::convert_memory_order_to_gcc(order)); - value_type res; -@@ -994,7 +997,9 @@ class base_atomic - memory_order success_order, - memory_order failure_order) volatile BOOST_NOEXCEPT - { -- storage_type expected_s = 0, desired_s = 0; -+ storage_type expected_s, desired_s; -+ memset(&expected_s, 0, sizeof(expected_s)); -+ memset(&desired_s, 0, sizeof(desired_s)); - memcpy(&expected_s, &expected, sizeof(value_type)); - memcpy(&desired_s, &desired, sizeof(value_type)); - const bool success = __atomic_compare_exchange_n(&v_, &expected_s, desired_s, false, -@@ -1010,7 +1015,9 @@ class base_atomic - memory_order success_order, - memory_order failure_order) volatile BOOST_NOEXCEPT - { -- storage_type expected_s = 0, desired_s = 0; -+ storage_type expected_s, desired_s; -+ memset(&expected_s, 0, sizeof(expected_s)); -+ memset(&desired_s, 0, sizeof(desired_s)); - memcpy(&expected_s, &expected, sizeof(value_type)); - memcpy(&desired_s, &desired, sizeof(value_type)); - const bool success = __atomic_compare_exchange_n(&v_, &expected_s, desired_s, true, diff --git a/pkgs/development/libraries/libedit/freebsd_weak_ref.patch b/pkgs/development/libraries/libedit/freebsd_weak_ref.patch deleted file mode 100644 index a4399593d636..000000000000 --- a/pkgs/development/libraries/libedit/freebsd_weak_ref.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- libedit-20110709-3.0/src/vi.c.old 2011-07-11 18:21:16.000000000 +0000 -+++ libedit-20110709-3.0/src/vi.c 2011-07-11 18:24:29.000000000 +0000 -@@ -918,7 +918,7 @@ - * NB: posix implies that we should enter insert mode, however - * this is against historical precedent... - */ --#ifdef __weak_reference -+#if defined(__weak_reference) && defined(__NetBSD__) - __weakref_visible char *my_get_alias_text(const char *) - __weak_reference(get_alias_text); - #endif -@@ -926,7 +926,7 @@ - /*ARGSUSED*/ - vi_alias(EditLine *el, Int c) - { --#ifdef __weak_reference -+#if defined(__weak_reference) && defined(__NetBSD__) - char alias_name[3]; - char *alias_text; - diff --git a/pkgs/development/r-modules/patches/BayesBridge_cblas.patch b/pkgs/development/r-modules/patches/BayesBridge_cblas.patch deleted file mode 100644 index 418a6b95ee71..000000000000 --- a/pkgs/development/r-modules/patches/BayesBridge_cblas.patch +++ /dev/null @@ -1,9 +0,0 @@ -diff -ru -x '*~' BayesBridge_orig/src/Makevars BayesBridge/src/Makevars ---- BayesBridge_orig/src/Makevars 2014-07-19 05:08:55.000000000 +0900 -+++ BayesBridge/src/Makevars 2014-10-25 14:44:23.422592445 +0900 -@@ -9,4 +9,4 @@ - # PKG_CPPFLAGS = -DUSE_R -DDISABLE_FIO -I../inst/include/ -DDISABLE_SINGLE -DNTHROW - PKG_CPPFLAGS = -DUSE_R -DDISABLE_FIO -DDISABLE_SINGLE -DNTHROW - # PKG_CPPFLAGS = -DUSE_R -DDISABLE_SINGLE -DNTHROW -Wall -pedantic -Wshadow -ansi -Wsequence-point --PKG_LIBS = $(BLAS_LIBS) $(FLIBS) $(LAPACK_LIBS) -+PKG_LIBS = $(BLAS_LIBS) $(FLIBS) $(LAPACK_LIBS) -lcblas diff --git a/pkgs/development/r-modules/patches/BayesLogit_cblas.patch b/pkgs/development/r-modules/patches/BayesLogit_cblas.patch deleted file mode 100644 index ef776f3531da..000000000000 --- a/pkgs/development/r-modules/patches/BayesLogit_cblas.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -ru -x '*~' BayesLogit_orig/src/Makevars BayesLogit/src/Makevars ---- BayesLogit_orig/src/Makevars 2014-04-24 23:31:13.000000000 +0900 -+++ BayesLogit/src/Makevars 2014-10-21 21:00:15.570699136 +0900 -@@ -6,7 +6,7 @@ - ## W/OUT Dynamic Stuff - OBJECTS = Matrix.o MatrixFrame.o RRNG.o RNG.o FSF_nmix.o LogitWrapper.o \ - PolyaGamma.o PolyaGammaAlt.o PolyaGammaSP.o InvertY.o --PKG_LIBS = $(BLAS_LIBS) $(FLIBS) $(LAPACK_LIBS) -+PKG_LIBS = $(BLAS_LIBS) $(FLIBS) $(LAPACK_LIBS) -lopenblas - # PKG_CPPFLAGS = -DUSE_R -DNDEBUG -DDISABLE_SINGLE -DNTHROW -Wall -pedantic -Wextra - PKG_CPPFLAGS = -DUSE_R -DNDEBUG -DDISABLE_SINGLE -DNTHROW - diff --git a/pkgs/development/r-modules/patches/CARramps.patch b/pkgs/development/r-modules/patches/CARramps.patch deleted file mode 100644 index add01b28fc15..000000000000 --- a/pkgs/development/r-modules/patches/CARramps.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -ru -x '*~' CARramps_orig/src/combo1colForR1Q_d.cu CARramps/src/combo1colForR1Q_d.cu ---- CARramps_orig/src/combo1colForR1Q_d.cu 2011-12-01 22:27:06.000000000 +0900 -+++ CARramps/src/combo1colForR1Q_d.cu 2014-10-25 14:59:06.869299163 +0900 -@@ -4,7 +4,7 @@ - #include - #include - #include --#include -+#include "combo1colForR1Q_d.h" - - #define BLOCKSIZE 256 - diff --git a/pkgs/development/r-modules/patches/WideLM.patch b/pkgs/development/r-modules/patches/WideLM.patch deleted file mode 100644 index 02bbfb7e0dab..000000000000 --- a/pkgs/development/r-modules/patches/WideLM.patch +++ /dev/null @@ -1,19 +0,0 @@ -diff -ru -x '*~' WideLM_orig/src/Makefile.in WideLM/src/Makefile.in ---- WideLM_orig/src/Makefile.in 2012-02-17 04:28:05.000000000 +0900 -+++ WideLM/src/Makefile.in 2014-10-25 18:54:49.110011921 +0900 -@@ -12,12 +12,12 @@ - #compiler/preprocessor options - R_INCS := @R_INCL@ @RCPP_INCL@ - CC_ARGS := @CU_PARAMS@ -Xcompiler @R_CPIC@ --CU_INCS := -I@CUDA_HOME@/include -+CU_INCS := -I@CUDA_HOME@/include - CU_ARCH := -gencode arch=compute_20,code=sm_20 - - #linker options --LD_PARAMS := -Xlinker "@RCPP_LDFLAGS@" --RCU_LIBS := @R_LIB@ -L@CU_LIBDIR@ -lcublas -+LD_PARAMS := -Xlinker "--export-dynamic -fopenmp -L${R_HOME}/lib -lR" -+RCU_LIBS := -Xlinker "-L@CU_LIBDIR@ -lcublas" - - all : WideLM.so - diff --git a/pkgs/development/r-modules/patches/rpud.patch b/pkgs/development/r-modules/patches/rpud.patch deleted file mode 100644 index bb904b68989c..000000000000 --- a/pkgs/development/r-modules/patches/rpud.patch +++ /dev/null @@ -1,29 +0,0 @@ -diff -ru -x '*~' rpud_orig/configure rpud/configure ---- rpud_orig/configure 2010-09-08 02:14:55.000000000 +0900 -+++ rpud/configure 2014-10-25 16:46:39.479098648 +0900 -@@ -1794,7 +1794,7 @@ - fi - - LIBS="-L${CUDA_HOME}${CUDA_LIB_DIR} -lcublas -lcuda" --RPATHFLAG="-Wl,-rpath,${CUDA_HOME}${CUDA_LIB_DIR}" -+RPATHFLAG="-Xlinker -rpath=${CUDA_HOME}${CUDA_LIB_DIR}" - - - -diff -ru -x '*~' rpud_orig/src/Makefile.in rpud/src/Makefile.in ---- rpud_orig/src/Makefile.in 2010-08-31 01:53:50.000000000 +0900 -+++ rpud/src/Makefile.in 2014-10-25 16:45:30.248109883 +0900 -@@ -3,11 +3,11 @@ - OBJS := rpud.o rpudist.o - - #compiler/preprocessor options --INCS := -I@CUDA_HOME@/include -+INCS := -I@CUDA_HOME@/include - PARAMS := -Xcompiler "@R_INCLUDE@ @CPICFLAGS@" - - #linker options --LD_PARAMS := -Xlinker "@R_LIB@ @RPATHFLAG@" -+LD_PARAMS := -Xlinker "--export-dynamic -fopenmp -L${R_HOME}/lib -lR @RPATHFLAG@" - LIBS := @LIBS@ - - TARGETS := rpud.so diff --git a/pkgs/development/tools/boomerang/dlopen_path.patch b/pkgs/development/tools/boomerang/dlopen_path.patch deleted file mode 100644 index 1e4bf3c75a30..000000000000 --- a/pkgs/development/tools/boomerang/dlopen_path.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/loader/BinaryFileFactory.cpp b/loader/BinaryFileFactory.cpp -index 889a4ed..ca86765 100644 ---- a/loader/BinaryFileFactory.cpp -+++ b/loader/BinaryFileFactory.cpp -@@ -109,7 +109,7 @@ BinaryFile* BinaryFileFactory::getInstanceFor( const char *sName ) { - - // Load the specific loader library - #ifndef _WIN32 // Cygwin, Unix/Linux -- libName = std::string("lib/lib") + libName; -+ libName = std::string("lib") + libName; - #ifdef __CYGWIN__ - libName += ".dll"; // Cygwin wants .dll, but is otherwise like Unix - #else diff --git a/pkgs/development/tools/build-managers/cmake/2.8.11-cygwin.patch b/pkgs/development/tools/build-managers/cmake/2.8.11-cygwin.patch deleted file mode 100644 index e16dab32632f..000000000000 --- a/pkgs/development/tools/build-managers/cmake/2.8.11-cygwin.patch +++ /dev/null @@ -1,237 +0,0 @@ ---- cmake-2.8.10/Source/cmFileCommand.cxx 2012-10-31 10:32:06.000000000 -0500 -+++ cmake-2.8.10/Source/cmFileCommand.cxx 2013-03-16 22:55:11.306681100 -0500 -@@ -1002,7 +1002,7 @@ protected: - MatchProperties CollectMatchProperties(const char* file) - { - // Match rules are case-insensitive on some platforms. --#if defined(_WIN32) || defined(__APPLE__) || defined(__CYGWIN__) -+#if defined(_WIN32) || defined(__APPLE__) - std::string lower = cmSystemTools::LowerCase(file); - const char* file_to_match = lower.c_str(); - #else ---- cmake-2.8.10/Source/cmInstallCommand.cxx 2012-10-31 10:32:06.000000000 -0500 -+++ cmake-2.8.10/Source/cmInstallCommand.cxx 2013-03-16 22:56:21.008667800 -0500 -@@ -1090,7 +1090,7 @@ cmInstallCommand::HandleDirectoryMode(st - { - literal_args += " REGEX \""; - // Match rules are case-insensitive on some platforms. --#if defined(_WIN32) || defined(__APPLE__) || defined(__CYGWIN__) -+#if defined(_WIN32) || defined(__APPLE__) - std::string regex = cmSystemTools::LowerCase(args[i]); - #else - std::string regex = args[i]; ---- cmake-2.8.10/Source/kwsys/Glob.cxx 2012-10-31 10:32:06.000000000 -0500 -+++ cmake-2.8.10/Source/kwsys/Glob.cxx 2013-03-16 22:58:54.192429400 -0500 -@@ -37,7 +37,7 @@ - #include - namespace KWSYS_NAMESPACE - { --#if defined(_WIN32) || defined(__APPLE__) || defined(__CYGWIN__) -+#if defined(_WIN32) || defined(__APPLE__) - // On Windows and apple, no difference between lower and upper case - # define KWSYS_GLOB_CASE_INDEPENDENT - #endif ---- cmake-2.8.11/Source/kwsys/SystemInformation.cxx 2013-05-15 12:38:13.000000000 -0500 -+++ cmake-2.8.11/Source/kwsys/SystemInformation.cxx 2013-07-08 01:57:31.216321800 -0500 -@@ -888,7 +888,7 @@ void SystemInformation::RunMemoryCheck() - // Hide implementation details in an anonymous namespace. - namespace { - // ***************************************************************************** --#if defined(__linux) || defined(__APPLE__) -+#if defined(__linux) || defined(__APPLE__) || defined(__CYGWIN__) - int LoadLines( - FILE *file, - kwsys_stl::vector &lines) -@@ -918,7 +918,7 @@ int LoadLines( - return nRead; - } - --# if defined(__linux) -+# if defined(__linux) || defined(__CYGWIN__) - // ***************************************************************************** - int LoadLines( - const char *fileName, -@@ -957,7 +957,7 @@ int NameValue( - } - #endif - --#if defined(__linux) -+#if defined(__linux) || defined(__CYGWIN__) - // **************************************************************************** - template - int GetFieldsFromFile( -@@ -2869,7 +2869,6 @@ bool SystemInformationImplementation::Re - pos = buffer.find("processor\t",pos+1); - } - --#ifdef __linux - // Find the largest physical id. - int maxId = -1; - kwsys_stl::string idc = -@@ -2893,14 +2892,6 @@ bool SystemInformationImplementation::Re - this->NumberOfPhysicalCPU=static_cast( - numberOfCoresPerCPU*(maxId+1)); - --#else // __CYGWIN__ -- // does not have "physical id" entries, neither "cpu cores" -- // this has to be fixed for hyper-threading. -- kwsys_stl::string cpucount = -- this->ExtractValueFromCpuInfoFile(buffer,"cpu count"); -- this->NumberOfPhysicalCPU= -- this->NumberOfLogicalCPU = atoi(cpucount.c_str()); --#endif - // gotta have one, and if this is 0 then we get a / by 0n - // better to have a bad answer than a crash - if(this->NumberOfPhysicalCPU <= 0) -@@ -3086,7 +3077,7 @@ SystemInformationImplementation::GetHost - GlobalMemoryStatusEx(&statex); - return statex.ullTotalPhys/1024; - # endif --#elif defined(__linux) -+#elif defined(__linux) || defined(__CYGWIN__) - SystemInformation::LongLong memTotal=0; - int ierr=GetFieldFromFile("/proc/meminfo","MemTotal:",memTotal); - if (ierr) -@@ -3217,7 +3208,7 @@ SystemInformationImplementation::GetHost - GlobalMemoryStatusEx(&statex); - return (statex.ullTotalPhys - statex.ullAvailPhys)/1024; - # endif --#elif defined(__linux) -+#elif defined(__linux) || defined(__CYGWIN__) - const char *names[3]={"MemTotal:","MemFree:",NULL}; - SystemInformation::LongLong values[2]={SystemInformation::LongLong(0)}; - int ierr=GetFieldsFromFile("/proc/meminfo",names,values); -@@ -3276,7 +3267,7 @@ SystemInformationImplementation::GetProc - return -2; - } - return pmc.WorkingSetSize/1024; --#elif defined(__linux) -+#elif defined(__linux) || defined(__CYGWIN__) - SystemInformation::LongLong memUsed=0; - int ierr=GetFieldFromFile("/proc/self/status","VmRSS:",memUsed); - if (ierr) -@@ -3328,7 +3319,7 @@ SystemInformationImplementation::GetProc - { - #if defined(_WIN32) - return GetCurrentProcessId(); --#elif defined(__linux) || defined(__APPLE__) -+#elif defined(__linux) || defined(__APPLE__) || defined(__CYGWIN__) - return getpid(); - #else - return -1; ---- cmake-2.8.10/Source/kwsys/SystemTools.cxx 2012-10-31 10:32:06.000000000 -0500 -+++ cmake-2.8.10/Source/kwsys/SystemTools.cxx 2013-03-16 22:52:11.830415600 -0500 -@@ -75,19 +75,12 @@ - // Windows API. - #if defined(_WIN32) - # include --#elif defined (__CYGWIN__) --# include --# undef _WIN32 - #endif - - #if !KWSYS_CXX_HAS_ENVIRON_IN_STDLIB_H - extern char **environ; - #endif - --#ifdef __CYGWIN__ --extern "C" void cygwin_conv_to_win32_path(const char *path, char *win32_path); --#endif -- - // getpwnam doesn't exist on Windows and Cray Xt3/Catamount - // same for TIOCGWINSZ - #if defined(_WIN32) || defined (__LIBCATAMOUNT__) -@@ -1068,7 +1061,7 @@ bool SystemTools::SameFile(const char* f - } - - //---------------------------------------------------------------------------- --#if defined(_WIN32) || defined(__CYGWIN__) -+#if defined(_WIN32) - static bool WindowsFileExists(const char* filename) - { - WIN32_FILE_ATTRIBUTE_DATA fd; -@@ -1083,7 +1076,7 @@ bool SystemTools::FileExists(const char* - { - return false; - } --#if defined(__CYGWIN__) -+#if 0 - // Convert filename to native windows path if possible. - char winpath[MAX_PATH]; - if(SystemTools::PathCygwinToWin32(filename, winpath)) -@@ -1111,7 +1104,7 @@ bool SystemTools::FileExists(const char* - } - - //---------------------------------------------------------------------------- --#ifdef __CYGWIN__ -+#if 0 - bool SystemTools::PathCygwinToWin32(const char *path, char *win32_path) - { - SystemToolsTranslationMap::iterator i = -@@ -3894,7 +3887,7 @@ bool SystemTools::LocateFileInDir(const - bool SystemTools::FileIsFullPath(const char* in_name) - { - kwsys_stl::string name = in_name; --#if defined(_WIN32) || defined(__CYGWIN__) -+#if defined(_WIN32) - // On Windows, the name must be at least two characters long. - if(name.length() < 2) - { -@@ -4712,9 +4705,6 @@ bool SystemTools::ParseURL( const kwsys_ - unsigned int SystemToolsManagerCount; - SystemToolsTranslationMap *SystemTools::TranslationMap; - SystemToolsTranslationMap *SystemTools::LongPathMap; --#ifdef __CYGWIN__ --SystemToolsTranslationMap *SystemTools::Cyg2Win32Map; --#endif - - // SystemToolsManager manages the SystemTools singleton. - // SystemToolsManager should be included in any translation unit -@@ -4760,9 +4750,6 @@ void SystemTools::ClassInitialize() - // Allocate the translation map first. - SystemTools::TranslationMap = new SystemToolsTranslationMap; - SystemTools::LongPathMap = new SystemToolsTranslationMap; --#ifdef __CYGWIN__ -- SystemTools::Cyg2Win32Map = new SystemToolsTranslationMap; --#endif - - // Add some special translation paths for unix. These are not added - // for windows because drive letters need to be maintained. Also, -@@ -4817,9 +4804,6 @@ void SystemTools::ClassFinalize() - { - delete SystemTools::TranslationMap; - delete SystemTools::LongPathMap; --#ifdef __CYGWIN__ -- delete SystemTools::Cyg2Win32Map; --#endif - } - - ---- cmake-2.8.10/Source/kwsys/SystemTools.hxx.in 2012-10-31 10:32:06.000000000 -0500 -+++ cmake-2.8.10/Source/kwsys/SystemTools.hxx.in 2013-03-16 23:10:30.185237900 -0500 -@@ -277,15 +277,6 @@ public: - static bool FileExists(const char* filename); - - /** -- * Converts Cygwin path to Win32 path. Uses dictionary container for -- * caching and calls to cygwin_conv_to_win32_path from Cygwin dll -- * for actual translation. Returns true on success, else false. -- */ --#ifdef __CYGWIN__ -- static bool PathCygwinToWin32(const char *path, char *win32_path); --#endif -- -- /** - * Return file length - */ - static unsigned long FileLength(const char *filename); -@@ -887,9 +878,6 @@ private: - */ - static SystemToolsTranslationMap *TranslationMap; - static SystemToolsTranslationMap *LongPathMap; --#ifdef __CYGWIN__ -- static SystemToolsTranslationMap *Cyg2Win32Map; --#endif - friend class SystemToolsManager; - }; - diff --git a/pkgs/development/tools/build-managers/cmake/cmake_find_openssl_for_openssl-1.0.1m_and_up.patch b/pkgs/development/tools/build-managers/cmake/cmake_find_openssl_for_openssl-1.0.1m_and_up.patch deleted file mode 100644 index 25bbd2a91ba1..000000000000 --- a/pkgs/development/tools/build-managers/cmake/cmake_find_openssl_for_openssl-1.0.1m_and_up.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- ./Modules/FindOpenSSL.cmake -+++ ./Modules/FindOpenSSL.cmake -@@ -264,7 +264,7 @@ - set(OPENSSL_VERSION "${_OPENSSL_VERSION}") - elseif(OPENSSL_INCLUDE_DIR AND EXISTS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h") - file(STRINGS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h" openssl_version_str -- REGEX "^#define[\t ]+OPENSSL_VERSION_NUMBER[\t ]+0x([0-9a-fA-F])+.*") -+ REGEX "^# *define[\t ]+OPENSSL_VERSION_NUMBER[\t ]+0x([0-9a-fA-F])+.*") - - # The version number is encoded as 0xMNNFFPPS: major minor fix patch status - # The status gives if this is a developer or prerelease and is ignored here. diff --git a/pkgs/development/tools/haskell/ihaskell/use-classy-prelude.patch b/pkgs/development/tools/haskell/ihaskell/use-classy-prelude.patch deleted file mode 100644 index b2c1362b62fa..000000000000 --- a/pkgs/development/tools/haskell/ihaskell/use-classy-prelude.patch +++ /dev/null @@ -1,34 +0,0 @@ -From fad4e38079e91b13bf1e94732b7494504071b224 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Edward=20Tj=C3=B6rnhammar?= -Date: Sun, 28 Sep 2014 09:27:40 +0200 -Subject: [PATCH] catMaybes, explicitly use ClassyPrelude - ---- - src/IHaskell/Eval/Completion.hs | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/IHaskell/Eval/Completion.hs b/src/IHaskell/Eval/Completion.hs -index 790c903..93d7ac1 100644 ---- a/src/IHaskell/Eval/Completion.hs -+++ b/src/IHaskell/Eval/Completion.hs -@@ -141,7 +141,7 @@ getTrueModuleName name = do - onlyImportDecl _ = Nothing - - -- Get all imports that we use. -- imports <- catMaybes <$> map onlyImportDecl <$> getContext -+ imports <- ClassyPrelude.catMaybes <$> map onlyImportDecl <$> getContext - - -- Find the ones that have a qualified name attached. - -- If this name isn't one of them, it already is the true name. -@@ -178,7 +178,7 @@ completionType line loc target - = Empty - - -- When in a string, complete filenames. -- | cursorInString line loc -+ | cursorInString line loc - = FilePath (getStringTarget lineUpToCursor) (getStringTarget lineUpToCursor) - - -- Complete module names in imports and elsewhere. --- -2.1.0 - diff --git a/pkgs/games/hedgewars/fix-ghc-7.8-build-failure.diff b/pkgs/games/hedgewars/fix-ghc-7.8-build-failure.diff deleted file mode 100644 index 7974c6797fc5..000000000000 --- a/pkgs/games/hedgewars/fix-ghc-7.8-build-failure.diff +++ /dev/null @@ -1,16 +0,0 @@ -## fix-ghc-7.8-build-failure.diff [diff] -diff --git a/gameServer/Actions.hs b/gameServer/Actions.hs -index 2cebe4f..355ee26 100644 ---- a/gameServer/Actions.hs -+++ b/gameServer/Actions.hs -@@ -562,7 +562,7 @@ processAction (AddClient cl) = do - si <- gets serverInfo - newClId <- io $ do - ci <- addClient rnc cl -- _ <- Exception.mask (forkIO . clientRecvLoop (clientSocket cl) (coreChan si) (sendChan cl) ci) -+ _ <- Exception.mask (\x -> forkIO $ clientRecvLoop (clientSocket cl) (coreChan si) (sendChan cl) ci x) - - infoM "Clients" (show ci ++ ": New client. Time: " ++ show (connectTime cl)) - - - diff --git a/pkgs/os-specific/linux/kernel-headers/unifdef-getline.patch b/pkgs/os-specific/linux/kernel-headers/unifdef-getline.patch deleted file mode 100644 index 8caabfd3286b..000000000000 --- a/pkgs/os-specific/linux/kernel-headers/unifdef-getline.patch +++ /dev/null @@ -1,35 +0,0 @@ -This patch fixes a trivial compilation error with glibc 2.11. -From http://patchwork.kernel.org/patch/11166/ . - -diff --git a/scripts/unifdef.c b/scripts/unifdef.c -index 552025e..977e682 100644 ---- a/scripts/unifdef.c -+++ b/scripts/unifdef.c -@@ -206,7 +206,7 @@ static void done(void); - static void error(const char *); - static int findsym(const char *); - static void flushline(bool); --static Linetype getline(void); -+static Linetype parseline(void); - static Linetype ifeval(const char **); - static void ignoreoff(void); - static void ignoreon(void); -@@ -512,7 +512,7 @@ process(void) - - for (;;) { - linenum++; -- lineval = getline(); -+ lineval = parseline(); - trans_table[ifstate[depth]][lineval](); - debug("process %s -> %s depth %d", - linetype_name[lineval], -@@ -526,7 +526,7 @@ process(void) - * help from skipcomment(). - */ - static Linetype --getline(void) -+parseline(void) - { - const char *cp; - int cursym; - diff --git a/pkgs/os-specific/linux/kernel/apparmor-patches/3.2/0001-AppArmor-compatibility-patch-for-v5-network-controll.patch b/pkgs/os-specific/linux/kernel/apparmor-patches/3.2/0001-AppArmor-compatibility-patch-for-v5-network-controll.patch deleted file mode 100644 index b411f43298c9..000000000000 --- a/pkgs/os-specific/linux/kernel/apparmor-patches/3.2/0001-AppArmor-compatibility-patch-for-v5-network-controll.patch +++ /dev/null @@ -1,553 +0,0 @@ -From 125fccb600288968aa3395883c0a394c47176fcd Mon Sep 17 00:00:00 2001 -From: John Johansen -Date: Wed, 10 Aug 2011 22:02:39 -0700 -Subject: [PATCH 1/3] AppArmor: compatibility patch for v5 network controll - -Add compatibility for v5 network rules. - -Signed-off-by: John Johansen ---- - include/linux/lsm_audit.h | 4 + - security/apparmor/Makefile | 19 +++- - security/apparmor/include/net.h | 40 +++++++++ - security/apparmor/include/policy.h | 3 + - security/apparmor/lsm.c | 112 ++++++++++++++++++++++++ - security/apparmor/net.c | 170 ++++++++++++++++++++++++++++++++++++ - security/apparmor/policy.c | 1 + - security/apparmor/policy_unpack.c | 48 +++++++++- - 8 files changed, 394 insertions(+), 3 deletions(-) - create mode 100644 security/apparmor/include/net.h - create mode 100644 security/apparmor/net.c - -diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h -index 88e78de..c63979a 100644 ---- a/include/linux/lsm_audit.h -+++ b/include/linux/lsm_audit.h -@@ -124,6 +124,10 @@ struct common_audit_data { - u32 denied; - uid_t ouid; - } fs; -+ struct { -+ int type, protocol; -+ struct sock *sk; -+ } net; - }; - } apparmor_audit_data; - #endif -diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile -index 2dafe50..7cefef9 100644 ---- a/security/apparmor/Makefile -+++ b/security/apparmor/Makefile -@@ -4,9 +4,9 @@ obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o - - apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \ - path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \ -- resource.o sid.o file.o -+ resource.o sid.o file.o net.o - --clean-files := capability_names.h rlim_names.h -+clean-files := capability_names.h rlim_names.h af_names.h - - - # Build a lower case string table of capability names -@@ -44,9 +44,24 @@ cmd_make-rlim = echo "static const char *rlim_names[] = {" > $@ ;\ - sed -r -n "s/^\# ?define[ \t]+(RLIMIT_[A-Z0-9_]+).*/\1,/p" $< >> $@ ;\ - echo "};" >> $@ - -+# Build a lower case string table of address family names. -+# Transform lines from -+# #define AF_INET 2 /* Internet IP Protocol */ -+# to -+# [2] = "inet", -+quiet_cmd_make-af = GEN $@ -+cmd_make-af = echo "static const char *address_family_names[] = {" > $@ ;\ -+ sed $< >> $@ -r -n -e "/AF_MAX/d" -e "/AF_LOCAL/d" -e \ -+ 's/^\#define[ \t]+AF_([A-Z0-9_]+)[ \t]+([0-9]+).*/[\2] = "\L\1",/p';\ -+ echo "};" >> $@ -+ -+ - $(obj)/capability.o : $(obj)/capability_names.h - $(obj)/resource.o : $(obj)/rlim_names.h -+$(obj)/net.o : $(obj)/af_names.h - $(obj)/capability_names.h : $(srctree)/include/linux/capability.h - $(call cmd,make-caps) - $(obj)/rlim_names.h : $(srctree)/include/asm-generic/resource.h - $(call cmd,make-rlim) -+$(obj)/af_names.h : $(srctree)/include/linux/socket.h -+ $(call cmd,make-af) -\ No newline at end of file -diff --git a/security/apparmor/include/net.h b/security/apparmor/include/net.h -new file mode 100644 -index 0000000..3c7d599 ---- /dev/null -+++ b/security/apparmor/include/net.h -@@ -0,0 +1,40 @@ -+/* -+ * AppArmor security module -+ * -+ * This file contains AppArmor network mediation definitions. -+ * -+ * Copyright (C) 1998-2008 Novell/SUSE -+ * Copyright 2009-2010 Canonical Ltd. -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License as -+ * published by the Free Software Foundation, version 2 of the -+ * License. -+ */ -+ -+#ifndef __AA_NET_H -+#define __AA_NET_H -+ -+#include -+ -+/* struct aa_net - network confinement data -+ * @allowed: basic network families permissions -+ * @audit_network: which network permissions to force audit -+ * @quiet_network: which network permissions to quiet rejects -+ */ -+struct aa_net { -+ u16 allow[AF_MAX]; -+ u16 audit[AF_MAX]; -+ u16 quiet[AF_MAX]; -+}; -+ -+extern int aa_net_perm(int op, struct aa_profile *profile, u16 family, -+ int type, int protocol, struct sock *sk); -+extern int aa_revalidate_sk(int op, struct sock *sk); -+ -+static inline void aa_free_net_rules(struct aa_net *new) -+{ -+ /* NOP */ -+} -+ -+#endif /* __AA_NET_H */ -diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h -index aeda5cf..6776929 100644 ---- a/security/apparmor/include/policy.h -+++ b/security/apparmor/include/policy.h -@@ -27,6 +27,7 @@ - #include "capability.h" - #include "domain.h" - #include "file.h" -+#include "net.h" - #include "resource.h" - - extern const char *profile_mode_names[]; -@@ -145,6 +146,7 @@ struct aa_namespace { - * @size: the memory consumed by this profiles rules - * @file: The set of rules governing basic file access and domain transitions - * @caps: capabilities for the profile -+ * @net: network controls for the profile - * @rlimits: rlimits for the profile - * - * The AppArmor profile contains the basic confinement data. Each profile -@@ -181,6 +183,7 @@ struct aa_profile { - - struct aa_file_rules file; - struct aa_caps caps; -+ struct aa_net net; - struct aa_rlimit rlimits; - }; - -diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c -index 3783202..7459547 100644 ---- a/security/apparmor/lsm.c -+++ b/security/apparmor/lsm.c -@@ -32,6 +32,7 @@ - #include "include/context.h" - #include "include/file.h" - #include "include/ipc.h" -+#include "include/net.h" - #include "include/path.h" - #include "include/policy.h" - #include "include/procattr.h" -@@ -621,6 +622,104 @@ static int apparmor_task_setrlimit(struct task_struct *task, - return error; - } - -+static int apparmor_socket_create(int family, int type, int protocol, int kern) -+{ -+ struct aa_profile *profile; -+ int error = 0; -+ -+ if (kern) -+ return 0; -+ -+ profile = __aa_current_profile(); -+ if (!unconfined(profile)) -+ error = aa_net_perm(OP_CREATE, profile, family, type, protocol, -+ NULL); -+ return error; -+} -+ -+static int apparmor_socket_bind(struct socket *sock, -+ struct sockaddr *address, int addrlen) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_BIND, sk); -+} -+ -+static int apparmor_socket_connect(struct socket *sock, -+ struct sockaddr *address, int addrlen) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_CONNECT, sk); -+} -+ -+static int apparmor_socket_listen(struct socket *sock, int backlog) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_LISTEN, sk); -+} -+ -+static int apparmor_socket_accept(struct socket *sock, struct socket *newsock) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_ACCEPT, sk); -+} -+ -+static int apparmor_socket_sendmsg(struct socket *sock, -+ struct msghdr *msg, int size) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_SENDMSG, sk); -+} -+ -+static int apparmor_socket_recvmsg(struct socket *sock, -+ struct msghdr *msg, int size, int flags) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_RECVMSG, sk); -+} -+ -+static int apparmor_socket_getsockname(struct socket *sock) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_GETSOCKNAME, sk); -+} -+ -+static int apparmor_socket_getpeername(struct socket *sock) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_GETPEERNAME, sk); -+} -+ -+static int apparmor_socket_getsockopt(struct socket *sock, int level, -+ int optname) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_GETSOCKOPT, sk); -+} -+ -+static int apparmor_socket_setsockopt(struct socket *sock, int level, -+ int optname) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_SETSOCKOPT, sk); -+} -+ -+static int apparmor_socket_shutdown(struct socket *sock, int how) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_SOCK_SHUTDOWN, sk); -+} -+ - static struct security_operations apparmor_ops = { - .name = "apparmor", - -@@ -652,6 +751,19 @@ static struct security_operations apparmor_ops = { - .getprocattr = apparmor_getprocattr, - .setprocattr = apparmor_setprocattr, - -+ .socket_create = apparmor_socket_create, -+ .socket_bind = apparmor_socket_bind, -+ .socket_connect = apparmor_socket_connect, -+ .socket_listen = apparmor_socket_listen, -+ .socket_accept = apparmor_socket_accept, -+ .socket_sendmsg = apparmor_socket_sendmsg, -+ .socket_recvmsg = apparmor_socket_recvmsg, -+ .socket_getsockname = apparmor_socket_getsockname, -+ .socket_getpeername = apparmor_socket_getpeername, -+ .socket_getsockopt = apparmor_socket_getsockopt, -+ .socket_setsockopt = apparmor_socket_setsockopt, -+ .socket_shutdown = apparmor_socket_shutdown, -+ - .cred_alloc_blank = apparmor_cred_alloc_blank, - .cred_free = apparmor_cred_free, - .cred_prepare = apparmor_cred_prepare, -diff --git a/security/apparmor/net.c b/security/apparmor/net.c -new file mode 100644 -index 0000000..1765901 ---- /dev/null -+++ b/security/apparmor/net.c -@@ -0,0 +1,170 @@ -+/* -+ * AppArmor security module -+ * -+ * This file contains AppArmor network mediation -+ * -+ * Copyright (C) 1998-2008 Novell/SUSE -+ * Copyright 2009-2010 Canonical Ltd. -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License as -+ * published by the Free Software Foundation, version 2 of the -+ * License. -+ */ -+ -+#include "include/apparmor.h" -+#include "include/audit.h" -+#include "include/context.h" -+#include "include/net.h" -+#include "include/policy.h" -+ -+#include "af_names.h" -+ -+static const char *sock_type_names[] = { -+ "unknown(0)", -+ "stream", -+ "dgram", -+ "raw", -+ "rdm", -+ "seqpacket", -+ "dccp", -+ "unknown(7)", -+ "unknown(8)", -+ "unknown(9)", -+ "packet", -+}; -+ -+/* audit callback for net specific fields */ -+static void audit_cb(struct audit_buffer *ab, void *va) -+{ -+ struct common_audit_data *sa = va; -+ -+ audit_log_format(ab, " family="); -+ if (address_family_names[sa->u.net.family]) { -+ audit_log_string(ab, address_family_names[sa->u.net.family]); -+ } else { -+ audit_log_format(ab, " \"unknown(%d)\"", sa->u.net.family); -+ } -+ -+ audit_log_format(ab, " sock_type="); -+ if (sock_type_names[sa->aad.net.type]) { -+ audit_log_string(ab, sock_type_names[sa->aad.net.type]); -+ } else { -+ audit_log_format(ab, "\"unknown(%d)\"", sa->aad.net.type); -+ } -+ -+ audit_log_format(ab, " protocol=%d", sa->aad.net.protocol); -+} -+ -+/** -+ * audit_net - audit network access -+ * @profile: profile being enforced (NOT NULL) -+ * @op: operation being checked -+ * @family: network family -+ * @type: network type -+ * @protocol: network protocol -+ * @sk: socket auditing is being applied to -+ * @error: error code for failure else 0 -+ * -+ * Returns: %0 or sa->error else other errorcode on failure -+ */ -+static int audit_net(struct aa_profile *profile, int op, u16 family, int type, -+ int protocol, struct sock *sk, int error) -+{ -+ int audit_type = AUDIT_APPARMOR_AUTO; -+ struct common_audit_data sa; -+ if (sk) { -+ COMMON_AUDIT_DATA_INIT(&sa, NET); -+ } else { -+ COMMON_AUDIT_DATA_INIT(&sa, NONE); -+ } -+ /* todo fill in socket addr info */ -+ -+ sa.aad.op = op, -+ sa.u.net.family = family; -+ sa.u.net.sk = sk; -+ sa.aad.net.type = type; -+ sa.aad.net.protocol = protocol; -+ sa.aad.error = error; -+ -+ if (likely(!sa.aad.error)) { -+ u16 audit_mask = profile->net.audit[sa.u.net.family]; -+ if (likely((AUDIT_MODE(profile) != AUDIT_ALL) && -+ !(1 << sa.aad.net.type & audit_mask))) -+ return 0; -+ audit_type = AUDIT_APPARMOR_AUDIT; -+ } else { -+ u16 quiet_mask = profile->net.quiet[sa.u.net.family]; -+ u16 kill_mask = 0; -+ u16 denied = (1 << sa.aad.net.type) & ~quiet_mask; -+ -+ if (denied & kill_mask) -+ audit_type = AUDIT_APPARMOR_KILL; -+ -+ if ((denied & quiet_mask) && -+ AUDIT_MODE(profile) != AUDIT_NOQUIET && -+ AUDIT_MODE(profile) != AUDIT_ALL) -+ return COMPLAIN_MODE(profile) ? 0 : sa.aad.error; -+ } -+ -+ return aa_audit(audit_type, profile, GFP_KERNEL, &sa, audit_cb); -+} -+ -+/** -+ * aa_net_perm - very course network access check -+ * @op: operation being checked -+ * @profile: profile being enforced (NOT NULL) -+ * @family: network family -+ * @type: network type -+ * @protocol: network protocol -+ * -+ * Returns: %0 else error if permission denied -+ */ -+int aa_net_perm(int op, struct aa_profile *profile, u16 family, int type, -+ int protocol, struct sock *sk) -+{ -+ u16 family_mask; -+ int error; -+ -+ if ((family < 0) || (family >= AF_MAX)) -+ return -EINVAL; -+ -+ if ((type < 0) || (type >= SOCK_MAX)) -+ return -EINVAL; -+ -+ /* unix domain and netlink sockets are handled by ipc */ -+ if (family == AF_UNIX || family == AF_NETLINK) -+ return 0; -+ -+ family_mask = profile->net.allow[family]; -+ -+ error = (family_mask & (1 << type)) ? 0 : -EACCES; -+ -+ return audit_net(profile, op, family, type, protocol, sk, error); -+} -+ -+/** -+ * aa_revalidate_sk - Revalidate access to a sock -+ * @op: operation being checked -+ * @sk: sock being revalidated (NOT NULL) -+ * -+ * Returns: %0 else error if permission denied -+ */ -+int aa_revalidate_sk(int op, struct sock *sk) -+{ -+ struct aa_profile *profile; -+ int error = 0; -+ -+ /* aa_revalidate_sk should not be called from interrupt context -+ * don't mediate these calls as they are not task related -+ */ -+ if (in_interrupt()) -+ return 0; -+ -+ profile = __aa_current_profile(); -+ if (!unconfined(profile)) -+ error = aa_net_perm(op, profile, sk->sk_family, sk->sk_type, -+ sk->sk_protocol, sk); -+ -+ return error; -+} -diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c -index 4f0eade..4d5ce13 100644 ---- a/security/apparmor/policy.c -+++ b/security/apparmor/policy.c -@@ -745,6 +745,7 @@ static void free_profile(struct aa_profile *profile) - - aa_free_file_rules(&profile->file); - aa_free_cap_rules(&profile->caps); -+ aa_free_net_rules(&profile->net); - aa_free_rlimit_rules(&profile->rlimits); - - aa_free_sid(profile->sid); -diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c -index 741dd13..ee8043e 100644 ---- a/security/apparmor/policy_unpack.c -+++ b/security/apparmor/policy_unpack.c -@@ -190,6 +190,19 @@ fail: - return 0; - } - -+static bool unpack_u16(struct aa_ext *e, u16 *data, const char *name) -+{ -+ if (unpack_nameX(e, AA_U16, name)) { -+ if (!inbounds(e, sizeof(u16))) -+ return 0; -+ if (data) -+ *data = le16_to_cpu(get_unaligned((u16 *) e->pos)); -+ e->pos += sizeof(u16); -+ return 1; -+ } -+ return 0; -+} -+ - static bool unpack_u32(struct aa_ext *e, u32 *data, const char *name) - { - if (unpack_nameX(e, AA_U32, name)) { -@@ -468,7 +481,8 @@ static struct aa_profile *unpack_profile(struct aa_ext *e) - { - struct aa_profile *profile = NULL; - const char *name = NULL; -- int error = -EPROTO; -+ size_t size = 0; -+ int i, error = -EPROTO; - kernel_cap_t tmpcap; - u32 tmp; - -@@ -559,6 +573,38 @@ static struct aa_profile *unpack_profile(struct aa_ext *e) - if (!unpack_rlimits(e, profile)) - goto fail; - -+ size = unpack_array(e, "net_allowed_af"); -+ if (size) { -+ -+ for (i = 0; i < size; i++) { -+ /* discard extraneous rules that this kernel will -+ * never request -+ */ -+ if (i >= AF_MAX) { -+ u16 tmp; -+ if (!unpack_u16(e, &tmp, NULL) || -+ !unpack_u16(e, &tmp, NULL) || -+ !unpack_u16(e, &tmp, NULL)) -+ goto fail; -+ continue; -+ } -+ if (!unpack_u16(e, &profile->net.allow[i], NULL)) -+ goto fail; -+ if (!unpack_u16(e, &profile->net.audit[i], NULL)) -+ goto fail; -+ if (!unpack_u16(e, &profile->net.quiet[i], NULL)) -+ goto fail; -+ } -+ if (!unpack_nameX(e, AA_ARRAYEND, NULL)) -+ goto fail; -+ /* -+ * allow unix domain and netlink sockets they are handled -+ * by IPC -+ */ -+ } -+ profile->net.allow[AF_UNIX] = 0xffff; -+ profile->net.allow[AF_NETLINK] = 0xffff; -+ - /* get file rules */ - profile->file.dfa = unpack_dfa(e); - if (IS_ERR(profile->file.dfa)) { --- -1.7.9.5 - diff --git a/pkgs/os-specific/linux/kernel/apparmor-patches/3.2/0002-AppArmor-compatibility-patch-for-v5-interface.patch b/pkgs/os-specific/linux/kernel/apparmor-patches/3.2/0002-AppArmor-compatibility-patch-for-v5-interface.patch deleted file mode 100644 index aa4b6b1109f5..000000000000 --- a/pkgs/os-specific/linux/kernel/apparmor-patches/3.2/0002-AppArmor-compatibility-patch-for-v5-interface.patch +++ /dev/null @@ -1,391 +0,0 @@ -From 004192fb5223c7b81a949e36a080a5da56132826 Mon Sep 17 00:00:00 2001 -From: John Johansen -Date: Wed, 10 Aug 2011 22:02:40 -0700 -Subject: [PATCH 2/3] AppArmor: compatibility patch for v5 interface - -Signed-off-by: John Johansen ---- - security/apparmor/Kconfig | 9 + - security/apparmor/Makefile | 1 + - security/apparmor/apparmorfs-24.c | 287 ++++++++++++++++++++++++++++++++ - security/apparmor/apparmorfs.c | 18 +- - security/apparmor/include/apparmorfs.h | 6 + - 5 files changed, 319 insertions(+), 2 deletions(-) - create mode 100644 security/apparmor/apparmorfs-24.c - -diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig -index 9b9013b..51ebf96 100644 ---- a/security/apparmor/Kconfig -+++ b/security/apparmor/Kconfig -@@ -29,3 +29,12 @@ config SECURITY_APPARMOR_BOOTPARAM_VALUE - boot. - - If you are unsure how to answer this question, answer 1. -+ -+config SECURITY_APPARMOR_COMPAT_24 -+ bool "Enable AppArmor 2.4 compatability" -+ depends on SECURITY_APPARMOR -+ default y -+ help -+ This option enables compatability with AppArmor 2.4. It is -+ recommended if compatability with older versions of AppArmor -+ is desired. -diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile -index 7cefef9..0bb604b 100644 ---- a/security/apparmor/Makefile -+++ b/security/apparmor/Makefile -@@ -5,6 +5,7 @@ obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o - apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \ - path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \ - resource.o sid.o file.o net.o -+apparmor-$(CONFIG_SECURITY_APPARMOR_COMPAT_24) += apparmorfs-24.o - - clean-files := capability_names.h rlim_names.h af_names.h - -diff --git a/security/apparmor/apparmorfs-24.c b/security/apparmor/apparmorfs-24.c -new file mode 100644 -index 0000000..dc8c744 ---- /dev/null -+++ b/security/apparmor/apparmorfs-24.c -@@ -0,0 +1,287 @@ -+/* -+ * AppArmor security module -+ * -+ * This file contains AppArmor /sys/kernel/secrutiy/apparmor interface functions -+ * -+ * Copyright (C) 1998-2008 Novell/SUSE -+ * Copyright 2009-2010 Canonical Ltd. -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License as -+ * published by the Free Software Foundation, version 2 of the -+ * License. -+ * -+ * -+ * This file contain functions providing an interface for <= AppArmor 2.4 -+ * compatibility. It is dependent on CONFIG_SECURITY_APPARMOR_COMPAT_24 -+ * being set (see Makefile). -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include "include/apparmor.h" -+#include "include/audit.h" -+#include "include/context.h" -+#include "include/policy.h" -+ -+ -+/* apparmor/matching */ -+static ssize_t aa_matching_read(struct file *file, char __user *buf, -+ size_t size, loff_t *ppos) -+{ -+ const char matching[] = "pattern=aadfa audit perms=crwxamlk/ " -+ "user::other"; -+ -+ return simple_read_from_buffer(buf, size, ppos, matching, -+ sizeof(matching) - 1); -+} -+ -+const struct file_operations aa_fs_matching_fops = { -+ .read = aa_matching_read, -+}; -+ -+/* apparmor/features */ -+static ssize_t aa_features_read(struct file *file, char __user *buf, -+ size_t size, loff_t *ppos) -+{ -+ const char features[] = "file=3.1 capability=2.0 network=1.0 " -+ "change_hat=1.5 change_profile=1.1 " "aanamespaces=1.1 rlimit=1.1"; -+ -+ return simple_read_from_buffer(buf, size, ppos, features, -+ sizeof(features) - 1); -+} -+ -+const struct file_operations aa_fs_features_fops = { -+ .read = aa_features_read, -+}; -+ -+/** -+ * __next_namespace - find the next namespace to list -+ * @root: root namespace to stop search at (NOT NULL) -+ * @ns: current ns position (NOT NULL) -+ * -+ * Find the next namespace from @ns under @root and handle all locking needed -+ * while switching current namespace. -+ * -+ * Returns: next namespace or NULL if at last namespace under @root -+ * NOTE: will not unlock root->lock -+ */ -+static struct aa_namespace *__next_namespace(struct aa_namespace *root, -+ struct aa_namespace *ns) -+{ -+ struct aa_namespace *parent; -+ -+ /* is next namespace a child */ -+ if (!list_empty(&ns->sub_ns)) { -+ struct aa_namespace *next; -+ next = list_first_entry(&ns->sub_ns, typeof(*ns), base.list); -+ read_lock(&next->lock); -+ return next; -+ } -+ -+ /* check if the next ns is a sibling, parent, gp, .. */ -+ parent = ns->parent; -+ while (parent) { -+ read_unlock(&ns->lock); -+ list_for_each_entry_continue(ns, &parent->sub_ns, base.list) { -+ read_lock(&ns->lock); -+ return ns; -+ } -+ if (parent == root) -+ return NULL; -+ ns = parent; -+ parent = parent->parent; -+ } -+ -+ return NULL; -+} -+ -+/** -+ * __first_profile - find the first profile in a namespace -+ * @root: namespace that is root of profiles being displayed (NOT NULL) -+ * @ns: namespace to start in (NOT NULL) -+ * -+ * Returns: unrefcounted profile or NULL if no profile -+ */ -+static struct aa_profile *__first_profile(struct aa_namespace *root, -+ struct aa_namespace *ns) -+{ -+ for ( ; ns; ns = __next_namespace(root, ns)) { -+ if (!list_empty(&ns->base.profiles)) -+ return list_first_entry(&ns->base.profiles, -+ struct aa_profile, base.list); -+ } -+ return NULL; -+} -+ -+/** -+ * __next_profile - step to the next profile in a profile tree -+ * @profile: current profile in tree (NOT NULL) -+ * -+ * Perform a depth first taversal on the profile tree in a namespace -+ * -+ * Returns: next profile or NULL if done -+ * Requires: profile->ns.lock to be held -+ */ -+static struct aa_profile *__next_profile(struct aa_profile *p) -+{ -+ struct aa_profile *parent; -+ struct aa_namespace *ns = p->ns; -+ -+ /* is next profile a child */ -+ if (!list_empty(&p->base.profiles)) -+ return list_first_entry(&p->base.profiles, typeof(*p), -+ base.list); -+ -+ /* is next profile a sibling, parent sibling, gp, subling, .. */ -+ parent = p->parent; -+ while (parent) { -+ list_for_each_entry_continue(p, &parent->base.profiles, -+ base.list) -+ return p; -+ p = parent; -+ parent = parent->parent; -+ } -+ -+ /* is next another profile in the namespace */ -+ list_for_each_entry_continue(p, &ns->base.profiles, base.list) -+ return p; -+ -+ return NULL; -+} -+ -+/** -+ * next_profile - step to the next profile in where ever it may be -+ * @root: root namespace (NOT NULL) -+ * @profile: current profile (NOT NULL) -+ * -+ * Returns: next profile or NULL if there isn't one -+ */ -+static struct aa_profile *next_profile(struct aa_namespace *root, -+ struct aa_profile *profile) -+{ -+ struct aa_profile *next = __next_profile(profile); -+ if (next) -+ return next; -+ -+ /* finished all profiles in namespace move to next namespace */ -+ return __first_profile(root, __next_namespace(root, profile->ns)); -+} -+ -+/** -+ * p_start - start a depth first traversal of profile tree -+ * @f: seq_file to fill -+ * @pos: current position -+ * -+ * Returns: first profile under current namespace or NULL if none found -+ * -+ * acquires first ns->lock -+ */ -+static void *p_start(struct seq_file *f, loff_t *pos) -+ __acquires(root->lock) -+{ -+ struct aa_profile *profile = NULL; -+ struct aa_namespace *root = aa_current_profile()->ns; -+ loff_t l = *pos; -+ f->private = aa_get_namespace(root); -+ -+ -+ /* find the first profile */ -+ read_lock(&root->lock); -+ profile = __first_profile(root, root); -+ -+ /* skip to position */ -+ for (; profile && l > 0; l--) -+ profile = next_profile(root, profile); -+ -+ return profile; -+} -+ -+/** -+ * p_next - read the next profile entry -+ * @f: seq_file to fill -+ * @p: profile previously returned -+ * @pos: current position -+ * -+ * Returns: next profile after @p or NULL if none -+ * -+ * may acquire/release locks in namespace tree as necessary -+ */ -+static void *p_next(struct seq_file *f, void *p, loff_t *pos) -+{ -+ struct aa_profile *profile = p; -+ struct aa_namespace *root = f->private; -+ (*pos)++; -+ -+ return next_profile(root, profile); -+} -+ -+/** -+ * p_stop - stop depth first traversal -+ * @f: seq_file we are filling -+ * @p: the last profile writen -+ * -+ * Release all locking done by p_start/p_next on namespace tree -+ */ -+static void p_stop(struct seq_file *f, void *p) -+ __releases(root->lock) -+{ -+ struct aa_profile *profile = p; -+ struct aa_namespace *root = f->private, *ns; -+ -+ if (profile) { -+ for (ns = profile->ns; ns && ns != root; ns = ns->parent) -+ read_unlock(&ns->lock); -+ } -+ read_unlock(&root->lock); -+ aa_put_namespace(root); -+} -+ -+/** -+ * seq_show_profile - show a profile entry -+ * @f: seq_file to file -+ * @p: current position (profile) (NOT NULL) -+ * -+ * Returns: error on failure -+ */ -+static int seq_show_profile(struct seq_file *f, void *p) -+{ -+ struct aa_profile *profile = (struct aa_profile *)p; -+ struct aa_namespace *root = f->private; -+ -+ if (profile->ns != root) -+ seq_printf(f, ":%s://", aa_ns_name(root, profile->ns)); -+ seq_printf(f, "%s (%s)\n", profile->base.hname, -+ COMPLAIN_MODE(profile) ? "complain" : "enforce"); -+ -+ return 0; -+} -+ -+static const struct seq_operations aa_fs_profiles_op = { -+ .start = p_start, -+ .next = p_next, -+ .stop = p_stop, -+ .show = seq_show_profile, -+}; -+ -+static int profiles_open(struct inode *inode, struct file *file) -+{ -+ return seq_open(file, &aa_fs_profiles_op); -+} -+ -+static int profiles_release(struct inode *inode, struct file *file) -+{ -+ return seq_release(inode, file); -+} -+ -+const struct file_operations aa_fs_profiles_fops = { -+ .open = profiles_open, -+ .read = seq_read, -+ .llseek = seq_lseek, -+ .release = profiles_release, -+}; -diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c -index 69ddb47..867995c 100644 ---- a/security/apparmor/apparmorfs.c -+++ b/security/apparmor/apparmorfs.c -@@ -187,7 +187,11 @@ void __init aa_destroy_aafs(void) - aafs_remove(".remove"); - aafs_remove(".replace"); - aafs_remove(".load"); -- -+#ifdef CONFIG_SECURITY_APPARMOR_COMPAT_24 -+ aafs_remove("profiles"); -+ aafs_remove("matching"); -+ aafs_remove("features"); -+#endif - securityfs_remove(aa_fs_dentry); - aa_fs_dentry = NULL; - } -@@ -218,7 +222,17 @@ static int __init aa_create_aafs(void) - aa_fs_dentry = NULL; - goto error; - } -- -+#ifdef CONFIG_SECURITY_APPARMOR_COMPAT_24 -+ error = aafs_create("matching", 0444, &aa_fs_matching_fops); -+ if (error) -+ goto error; -+ error = aafs_create("features", 0444, &aa_fs_features_fops); -+ if (error) -+ goto error; -+#endif -+ error = aafs_create("profiles", 0440, &aa_fs_profiles_fops); -+ if (error) -+ goto error; - error = aafs_create(".load", 0640, &aa_fs_profile_load); - if (error) - goto error; -diff --git a/security/apparmor/include/apparmorfs.h b/security/apparmor/include/apparmorfs.h -index cb1e93a..14f955c 100644 ---- a/security/apparmor/include/apparmorfs.h -+++ b/security/apparmor/include/apparmorfs.h -@@ -17,4 +17,10 @@ - - extern void __init aa_destroy_aafs(void); - -+#ifdef CONFIG_SECURITY_APPARMOR_COMPAT_24 -+extern const struct file_operations aa_fs_matching_fops; -+extern const struct file_operations aa_fs_features_fops; -+extern const struct file_operations aa_fs_profiles_fops; -+#endif -+ - #endif /* __AA_APPARMORFS_H */ --- -1.7.9.5 - diff --git a/pkgs/os-specific/linux/kernel/apparmor-patches/3.2/0003-AppArmor-Allow-dfa-backward-compatibility-with-broke.patch b/pkgs/os-specific/linux/kernel/apparmor-patches/3.2/0003-AppArmor-Allow-dfa-backward-compatibility-with-broke.patch deleted file mode 100644 index 7dd55781fdaa..000000000000 --- a/pkgs/os-specific/linux/kernel/apparmor-patches/3.2/0003-AppArmor-Allow-dfa-backward-compatibility-with-broke.patch +++ /dev/null @@ -1,69 +0,0 @@ -From e5d90918aa31f948ecec2f3c088567dbab30c90b Mon Sep 17 00:00:00 2001 -From: John Johansen -Date: Wed, 10 Aug 2011 22:02:41 -0700 -Subject: [PATCH 3/3] AppArmor: Allow dfa backward compatibility with broken - userspace - -The apparmor_parser when compiling policy could generate invalid dfas -that did not have sufficient padding to avoid invalid references, when -used by the kernel. The kernels check to verify the next/check table -size was broken meaning invalid dfas were being created by userspace -and not caught. - -To remain compatible with old tools that are not fixed, pad the loaded -dfas next/check table. The dfa's themselves are valid except for the -high padding for potentially invalid transitions (high bounds error), -which have a maximimum is 256 entries. So just allocate an extra null filled -256 entries for the next/check tables. This will guarentee all bounds -are good and invalid transitions go to the null (0) state. - -Signed-off-by: John Johansen ---- - security/apparmor/match.c | 17 +++++++++++++++++ - 1 file changed, 17 insertions(+) - -diff --git a/security/apparmor/match.c b/security/apparmor/match.c -index 94de6b4..081491e 100644 ---- a/security/apparmor/match.c -+++ b/security/apparmor/match.c -@@ -57,8 +57,17 @@ static struct table_header *unpack_table(char *blob, size_t bsize) - if (bsize < tsize) - goto out; - -+ /* Pad table allocation for next/check by 256 entries to remain -+ * backwards compatible with old (buggy) tools and remain safe without -+ * run time checks -+ */ -+ if (th.td_id == YYTD_ID_NXT || th.td_id == YYTD_ID_CHK) -+ tsize += 256 * th.td_flags; -+ - table = kvmalloc(tsize); - if (table) { -+ /* ensure the pad is clear, else there will be errors */ -+ memset(table, 0, tsize); - *table = th; - if (th.td_flags == YYTD_DATA8) - UNPACK_ARRAY(table->td_data, blob, th.td_lolen, -@@ -134,11 +143,19 @@ static int verify_dfa(struct aa_dfa *dfa, int flags) - goto out; - - if (flags & DFA_FLAG_VERIFY_STATES) { -+ int warning = 0; - for (i = 0; i < state_count; i++) { - if (DEFAULT_TABLE(dfa)[i] >= state_count) - goto out; - /* TODO: do check that DEF state recursion terminates */ - if (BASE_TABLE(dfa)[i] + 255 >= trans_count) { -+ if (warning) -+ continue; -+ printk(KERN_WARNING "AppArmor DFA next/check " -+ "upper bounds error fixed, upgrade " -+ "user space tools \n"); -+ warning = 1; -+ } else if (BASE_TABLE(dfa)[i] >= trans_count) { - printk(KERN_ERR "AppArmor DFA next/check upper " - "bounds error\n"); - goto out; --- -1.7.9.5 - diff --git a/pkgs/os-specific/linux/kernel/apparmor-patches/3.4/0001-UBUNTU-SAUCE-AppArmor-Add-profile-introspection-file.patch b/pkgs/os-specific/linux/kernel/apparmor-patches/3.4/0001-UBUNTU-SAUCE-AppArmor-Add-profile-introspection-file.patch deleted file mode 100644 index 88a50ca780ae..000000000000 --- a/pkgs/os-specific/linux/kernel/apparmor-patches/3.4/0001-UBUNTU-SAUCE-AppArmor-Add-profile-introspection-file.patch +++ /dev/null @@ -1,264 +0,0 @@ -From 8de755e4dfdbc40bfcaca848ae6b5aeaf0ede0e8 Mon Sep 17 00:00:00 2001 -From: John Johansen -Date: Thu, 22 Jul 2010 02:32:02 -0700 -Subject: [PATCH 1/3] UBUNTU: SAUCE: AppArmor: Add profile introspection file - to interface - -Add the dynamic profiles file to the interace, to allow load policy -introspection. - -Signed-off-by: John Johansen -Acked-by: Kees Cook -Signed-off-by: Tim Gardner ---- - security/apparmor/apparmorfs.c | 227 ++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 227 insertions(+) - -diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c -index 16c15ec..89bdc62 100644 ---- a/security/apparmor/apparmorfs.c -+++ b/security/apparmor/apparmorfs.c -@@ -182,6 +182,232 @@ const struct file_operations aa_fs_seq_file_ops = { - .release = single_release, - }; - -+/** -+ * __next_namespace - find the next namespace to list -+ * @root: root namespace to stop search at (NOT NULL) -+ * @ns: current ns position (NOT NULL) -+ * -+ * Find the next namespace from @ns under @root and handle all locking needed -+ * while switching current namespace. -+ * -+ * Returns: next namespace or NULL if at last namespace under @root -+ * NOTE: will not unlock root->lock -+ */ -+static struct aa_namespace *__next_namespace(struct aa_namespace *root, -+ struct aa_namespace *ns) -+{ -+ struct aa_namespace *parent; -+ -+ /* is next namespace a child */ -+ if (!list_empty(&ns->sub_ns)) { -+ struct aa_namespace *next; -+ next = list_first_entry(&ns->sub_ns, typeof(*ns), base.list); -+ read_lock(&next->lock); -+ return next; -+ } -+ -+ /* check if the next ns is a sibling, parent, gp, .. */ -+ parent = ns->parent; -+ while (parent) { -+ read_unlock(&ns->lock); -+ list_for_each_entry_continue(ns, &parent->sub_ns, base.list) { -+ read_lock(&ns->lock); -+ return ns; -+ } -+ if (parent == root) -+ return NULL; -+ ns = parent; -+ parent = parent->parent; -+ } -+ -+ return NULL; -+} -+ -+/** -+ * __first_profile - find the first profile in a namespace -+ * @root: namespace that is root of profiles being displayed (NOT NULL) -+ * @ns: namespace to start in (NOT NULL) -+ * -+ * Returns: unrefcounted profile or NULL if no profile -+ */ -+static struct aa_profile *__first_profile(struct aa_namespace *root, -+ struct aa_namespace *ns) -+{ -+ for ( ; ns; ns = __next_namespace(root, ns)) { -+ if (!list_empty(&ns->base.profiles)) -+ return list_first_entry(&ns->base.profiles, -+ struct aa_profile, base.list); -+ } -+ return NULL; -+} -+ -+/** -+ * __next_profile - step to the next profile in a profile tree -+ * @profile: current profile in tree (NOT NULL) -+ * -+ * Perform a depth first taversal on the profile tree in a namespace -+ * -+ * Returns: next profile or NULL if done -+ * Requires: profile->ns.lock to be held -+ */ -+static struct aa_profile *__next_profile(struct aa_profile *p) -+{ -+ struct aa_profile *parent; -+ struct aa_namespace *ns = p->ns; -+ -+ /* is next profile a child */ -+ if (!list_empty(&p->base.profiles)) -+ return list_first_entry(&p->base.profiles, typeof(*p), -+ base.list); -+ -+ /* is next profile a sibling, parent sibling, gp, subling, .. */ -+ parent = p->parent; -+ while (parent) { -+ list_for_each_entry_continue(p, &parent->base.profiles, -+ base.list) -+ return p; -+ p = parent; -+ parent = parent->parent; -+ } -+ -+ /* is next another profile in the namespace */ -+ list_for_each_entry_continue(p, &ns->base.profiles, base.list) -+ return p; -+ -+ return NULL; -+} -+ -+/** -+ * next_profile - step to the next profile in where ever it may be -+ * @root: root namespace (NOT NULL) -+ * @profile: current profile (NOT NULL) -+ * -+ * Returns: next profile or NULL if there isn't one -+ */ -+static struct aa_profile *next_profile(struct aa_namespace *root, -+ struct aa_profile *profile) -+{ -+ struct aa_profile *next = __next_profile(profile); -+ if (next) -+ return next; -+ -+ /* finished all profiles in namespace move to next namespace */ -+ return __first_profile(root, __next_namespace(root, profile->ns)); -+} -+ -+/** -+ * p_start - start a depth first traversal of profile tree -+ * @f: seq_file to fill -+ * @pos: current position -+ * -+ * Returns: first profile under current namespace or NULL if none found -+ * -+ * acquires first ns->lock -+ */ -+static void *p_start(struct seq_file *f, loff_t *pos) -+ __acquires(root->lock) -+{ -+ struct aa_profile *profile = NULL; -+ struct aa_namespace *root = aa_current_profile()->ns; -+ loff_t l = *pos; -+ f->private = aa_get_namespace(root); -+ -+ -+ /* find the first profile */ -+ read_lock(&root->lock); -+ profile = __first_profile(root, root); -+ -+ /* skip to position */ -+ for (; profile && l > 0; l--) -+ profile = next_profile(root, profile); -+ -+ return profile; -+} -+ -+/** -+ * p_next - read the next profile entry -+ * @f: seq_file to fill -+ * @p: profile previously returned -+ * @pos: current position -+ * -+ * Returns: next profile after @p or NULL if none -+ * -+ * may acquire/release locks in namespace tree as necessary -+ */ -+static void *p_next(struct seq_file *f, void *p, loff_t *pos) -+{ -+ struct aa_profile *profile = p; -+ struct aa_namespace *root = f->private; -+ (*pos)++; -+ -+ return next_profile(root, profile); -+} -+ -+/** -+ * p_stop - stop depth first traversal -+ * @f: seq_file we are filling -+ * @p: the last profile writen -+ * -+ * Release all locking done by p_start/p_next on namespace tree -+ */ -+static void p_stop(struct seq_file *f, void *p) -+ __releases(root->lock) -+{ -+ struct aa_profile *profile = p; -+ struct aa_namespace *root = f->private, *ns; -+ -+ if (profile) { -+ for (ns = profile->ns; ns && ns != root; ns = ns->parent) -+ read_unlock(&ns->lock); -+ } -+ read_unlock(&root->lock); -+ aa_put_namespace(root); -+} -+ -+/** -+ * seq_show_profile - show a profile entry -+ * @f: seq_file to file -+ * @p: current position (profile) (NOT NULL) -+ * -+ * Returns: error on failure -+ */ -+static int seq_show_profile(struct seq_file *f, void *p) -+{ -+ struct aa_profile *profile = (struct aa_profile *)p; -+ struct aa_namespace *root = f->private; -+ -+ if (profile->ns != root) -+ seq_printf(f, ":%s://", aa_ns_name(root, profile->ns)); -+ seq_printf(f, "%s (%s)\n", profile->base.hname, -+ COMPLAIN_MODE(profile) ? "complain" : "enforce"); -+ -+ return 0; -+} -+ -+static const struct seq_operations aa_fs_profiles_op = { -+ .start = p_start, -+ .next = p_next, -+ .stop = p_stop, -+ .show = seq_show_profile, -+}; -+ -+static int profiles_open(struct inode *inode, struct file *file) -+{ -+ return seq_open(file, &aa_fs_profiles_op); -+} -+ -+static int profiles_release(struct inode *inode, struct file *file) -+{ -+ return seq_release(inode, file); -+} -+ -+const struct file_operations aa_fs_profiles_fops = { -+ .open = profiles_open, -+ .read = seq_read, -+ .llseek = seq_lseek, -+ .release = profiles_release, -+}; -+ - /** Base file system setup **/ - - static struct aa_fs_entry aa_fs_entry_file[] = { -@@ -210,6 +436,7 @@ static struct aa_fs_entry aa_fs_entry_apparmor[] = { - AA_FS_FILE_FOPS(".load", 0640, &aa_fs_profile_load), - AA_FS_FILE_FOPS(".replace", 0640, &aa_fs_profile_replace), - AA_FS_FILE_FOPS(".remove", 0640, &aa_fs_profile_remove), -+ AA_FS_FILE_FOPS("profiles", 0640, &aa_fs_profiles_fops), - AA_FS_DIR("features", aa_fs_entry_features), - { } - }; --- -1.7.9.5 - diff --git a/pkgs/os-specific/linux/kernel/apparmor-patches/3.4/0002-UBUNTU-SAUCE-AppArmor-basic-networking-rules.patch b/pkgs/os-specific/linux/kernel/apparmor-patches/3.4/0002-UBUNTU-SAUCE-AppArmor-basic-networking-rules.patch deleted file mode 100644 index 01316b9db78b..000000000000 --- a/pkgs/os-specific/linux/kernel/apparmor-patches/3.4/0002-UBUNTU-SAUCE-AppArmor-basic-networking-rules.patch +++ /dev/null @@ -1,603 +0,0 @@ -From 423e2cb454d75d6185eecd0c1b5cf6ccc2d8482d Mon Sep 17 00:00:00 2001 -From: John Johansen -Date: Mon, 4 Oct 2010 15:03:36 -0700 -Subject: [PATCH 2/3] UBUNTU: SAUCE: AppArmor: basic networking rules - -Base support for network mediation. - -Signed-off-by: John Johansen ---- - security/apparmor/.gitignore | 2 +- - security/apparmor/Makefile | 42 +++++++++- - security/apparmor/apparmorfs.c | 1 + - security/apparmor/include/audit.h | 4 + - security/apparmor/include/net.h | 44 ++++++++++ - security/apparmor/include/policy.h | 3 + - security/apparmor/lsm.c | 112 +++++++++++++++++++++++++ - security/apparmor/net.c | 162 ++++++++++++++++++++++++++++++++++++ - security/apparmor/policy.c | 1 + - security/apparmor/policy_unpack.c | 46 ++++++++++ - 10 files changed, 414 insertions(+), 3 deletions(-) - create mode 100644 security/apparmor/include/net.h - create mode 100644 security/apparmor/net.c - -diff --git a/security/apparmor/.gitignore b/security/apparmor/.gitignore -index 4d995ae..d5b291e 100644 ---- a/security/apparmor/.gitignore -+++ b/security/apparmor/.gitignore -@@ -1,6 +1,6 @@ - # - # Generated include files - # --af_names.h -+net_names.h - capability_names.h - rlim_names.h -diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile -index 806bd19..19daa85 100644 ---- a/security/apparmor/Makefile -+++ b/security/apparmor/Makefile -@@ -4,9 +4,9 @@ obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o - - apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \ - path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \ -- resource.o sid.o file.o -+ resource.o sid.o file.o net.o - --clean-files := capability_names.h rlim_names.h -+clean-files := capability_names.h rlim_names.h net_names.h - - - # Build a lower case string table of capability names -@@ -20,6 +20,38 @@ cmd_make-caps = echo "static const char *const capability_names[] = {" > $@ ;\ - -e 's/^\#define[ \t]+CAP_([A-Z0-9_]+)[ \t]+([0-9]+)/[\2] = "\L\1",/p';\ - echo "};" >> $@ - -+# Build a lower case string table of address family names -+# Transform lines from -+# define AF_LOCAL 1 /* POSIX name for AF_UNIX */ -+# #define AF_INET 2 /* Internet IP Protocol */ -+# to -+# [1] = "local", -+# [2] = "inet", -+# -+# and build the securityfs entries for the mapping. -+# Transforms lines from -+# #define AF_INET 2 /* Internet IP Protocol */ -+# to -+# #define AA_FS_AF_MASK "local inet" -+quiet_cmd_make-af = GEN $@ -+cmd_make-af = echo "static const char *address_family_names[] = {" > $@ ;\ -+ sed $< >>$@ -r -n -e "/AF_MAX/d" -e "/AF_LOCAL/d" -e \ -+ 's/^\#define[ \t]+AF_([A-Z0-9_]+)[ \t]+([0-9]+)(.*)/[\2] = "\L\1",/p';\ -+ echo "};" >> $@ ;\ -+ echo -n '\#define AA_FS_AF_MASK "' >> $@ ;\ -+ sed -r -n 's/^\#define[ \t]+AF_([A-Z0-9_]+)[ \t]+([0-9]+)(.*)/\L\1/p'\ -+ $< | tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@ -+ -+# Build a lower case string table of sock type names -+# Transform lines from -+# SOCK_STREAM = 1, -+# to -+# [1] = "stream", -+quiet_cmd_make-sock = GEN $@ -+cmd_make-sock = echo "static const char *sock_type_names[] = {" >> $@ ;\ -+ sed $^ >>$@ -r -n \ -+ -e 's/^\tSOCK_([A-Z0-9_]+)[\t]+=[ \t]+([0-9]+)(.*)/[\2] = "\L\1",/p';\ -+ echo "};" >> $@ - - # Build a lower case string table of rlimit names. - # Transforms lines from -@@ -56,6 +88,7 @@ cmd_make-rlim = echo "static const char *const rlim_names[RLIM_NLIMITS] = {" \ - tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@ - - $(obj)/capability.o : $(obj)/capability_names.h -+$(obj)/net.o : $(obj)/net_names.h - $(obj)/resource.o : $(obj)/rlim_names.h - $(obj)/capability_names.h : $(srctree)/include/linux/capability.h \ - $(src)/Makefile -@@ -63,3 +96,8 @@ $(obj)/capability_names.h : $(srctree)/include/linux/capability.h \ - $(obj)/rlim_names.h : $(srctree)/include/asm-generic/resource.h \ - $(src)/Makefile - $(call cmd,make-rlim) -+$(obj)/net_names.h : $(srctree)/include/linux/socket.h \ -+ $(srctree)/include/linux/net.h \ -+ $(src)/Makefile -+ $(call cmd,make-af) -+ $(call cmd,make-sock) -diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c -index 89bdc62..c66315d 100644 ---- a/security/apparmor/apparmorfs.c -+++ b/security/apparmor/apparmorfs.c -@@ -427,6 +427,7 @@ static struct aa_fs_entry aa_fs_entry_domain[] = { - static struct aa_fs_entry aa_fs_entry_features[] = { - AA_FS_DIR("domain", aa_fs_entry_domain), - AA_FS_DIR("file", aa_fs_entry_file), -+ AA_FS_DIR("network", aa_fs_entry_network), - AA_FS_FILE_U64("capability", VFS_CAP_FLAGS_MASK), - AA_FS_DIR("rlimit", aa_fs_entry_rlimit), - { } -diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h -index 3868b1e..c1ff09c 100644 ---- a/security/apparmor/include/audit.h -+++ b/security/apparmor/include/audit.h -@@ -126,6 +126,10 @@ struct apparmor_audit_data { - u32 denied; - uid_t ouid; - } fs; -+ struct { -+ int type, protocol; -+ struct sock *sk; -+ } net; - }; - }; - -diff --git a/security/apparmor/include/net.h b/security/apparmor/include/net.h -new file mode 100644 -index 0000000..cb8a121 ---- /dev/null -+++ b/security/apparmor/include/net.h -@@ -0,0 +1,44 @@ -+/* -+ * AppArmor security module -+ * -+ * This file contains AppArmor network mediation definitions. -+ * -+ * Copyright (C) 1998-2008 Novell/SUSE -+ * Copyright 2009-2012 Canonical Ltd. -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License as -+ * published by the Free Software Foundation, version 2 of the -+ * License. -+ */ -+ -+#ifndef __AA_NET_H -+#define __AA_NET_H -+ -+#include -+ -+#include "apparmorfs.h" -+ -+/* struct aa_net - network confinement data -+ * @allowed: basic network families permissions -+ * @audit_network: which network permissions to force audit -+ * @quiet_network: which network permissions to quiet rejects -+ */ -+struct aa_net { -+ u16 allow[AF_MAX]; -+ u16 audit[AF_MAX]; -+ u16 quiet[AF_MAX]; -+}; -+ -+extern struct aa_fs_entry aa_fs_entry_network[]; -+ -+extern int aa_net_perm(int op, struct aa_profile *profile, u16 family, -+ int type, int protocol, struct sock *sk); -+extern int aa_revalidate_sk(int op, struct sock *sk); -+ -+static inline void aa_free_net_rules(struct aa_net *new) -+{ -+ /* NOP */ -+} -+ -+#endif /* __AA_NET_H */ -diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h -index bda4569..eb13a73 100644 ---- a/security/apparmor/include/policy.h -+++ b/security/apparmor/include/policy.h -@@ -27,6 +27,7 @@ - #include "capability.h" - #include "domain.h" - #include "file.h" -+#include "net.h" - #include "resource.h" - - extern const char *const profile_mode_names[]; -@@ -157,6 +158,7 @@ struct aa_policydb { - * @policy: general match rules governing policy - * @file: The set of rules governing basic file access and domain transitions - * @caps: capabilities for the profile -+ * @net: network controls for the profile - * @rlimits: rlimits for the profile - * - * The AppArmor profile contains the basic confinement data. Each profile -@@ -194,6 +196,7 @@ struct aa_profile { - struct aa_policydb policy; - struct aa_file_rules file; - struct aa_caps caps; -+ struct aa_net net; - struct aa_rlimit rlimits; - }; - -diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c -index ad05d39..3cde194 100644 ---- a/security/apparmor/lsm.c -+++ b/security/apparmor/lsm.c -@@ -32,6 +32,7 @@ - #include "include/context.h" - #include "include/file.h" - #include "include/ipc.h" -+#include "include/net.h" - #include "include/path.h" - #include "include/policy.h" - #include "include/procattr.h" -@@ -622,6 +623,104 @@ static int apparmor_task_setrlimit(struct task_struct *task, - return error; - } - -+static int apparmor_socket_create(int family, int type, int protocol, int kern) -+{ -+ struct aa_profile *profile; -+ int error = 0; -+ -+ if (kern) -+ return 0; -+ -+ profile = __aa_current_profile(); -+ if (!unconfined(profile)) -+ error = aa_net_perm(OP_CREATE, profile, family, type, protocol, -+ NULL); -+ return error; -+} -+ -+static int apparmor_socket_bind(struct socket *sock, -+ struct sockaddr *address, int addrlen) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_BIND, sk); -+} -+ -+static int apparmor_socket_connect(struct socket *sock, -+ struct sockaddr *address, int addrlen) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_CONNECT, sk); -+} -+ -+static int apparmor_socket_listen(struct socket *sock, int backlog) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_LISTEN, sk); -+} -+ -+static int apparmor_socket_accept(struct socket *sock, struct socket *newsock) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_ACCEPT, sk); -+} -+ -+static int apparmor_socket_sendmsg(struct socket *sock, -+ struct msghdr *msg, int size) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_SENDMSG, sk); -+} -+ -+static int apparmor_socket_recvmsg(struct socket *sock, -+ struct msghdr *msg, int size, int flags) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_RECVMSG, sk); -+} -+ -+static int apparmor_socket_getsockname(struct socket *sock) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_GETSOCKNAME, sk); -+} -+ -+static int apparmor_socket_getpeername(struct socket *sock) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_GETPEERNAME, sk); -+} -+ -+static int apparmor_socket_getsockopt(struct socket *sock, int level, -+ int optname) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_GETSOCKOPT, sk); -+} -+ -+static int apparmor_socket_setsockopt(struct socket *sock, int level, -+ int optname) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_SETSOCKOPT, sk); -+} -+ -+static int apparmor_socket_shutdown(struct socket *sock, int how) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_SOCK_SHUTDOWN, sk); -+} -+ - static struct security_operations apparmor_ops = { - .name = "apparmor", - -@@ -653,6 +752,19 @@ static struct security_operations apparmor_ops = { - .getprocattr = apparmor_getprocattr, - .setprocattr = apparmor_setprocattr, - -+ .socket_create = apparmor_socket_create, -+ .socket_bind = apparmor_socket_bind, -+ .socket_connect = apparmor_socket_connect, -+ .socket_listen = apparmor_socket_listen, -+ .socket_accept = apparmor_socket_accept, -+ .socket_sendmsg = apparmor_socket_sendmsg, -+ .socket_recvmsg = apparmor_socket_recvmsg, -+ .socket_getsockname = apparmor_socket_getsockname, -+ .socket_getpeername = apparmor_socket_getpeername, -+ .socket_getsockopt = apparmor_socket_getsockopt, -+ .socket_setsockopt = apparmor_socket_setsockopt, -+ .socket_shutdown = apparmor_socket_shutdown, -+ - .cred_alloc_blank = apparmor_cred_alloc_blank, - .cred_free = apparmor_cred_free, - .cred_prepare = apparmor_cred_prepare, -diff --git a/security/apparmor/net.c b/security/apparmor/net.c -new file mode 100644 -index 0000000..084232b ---- /dev/null -+++ b/security/apparmor/net.c -@@ -0,0 +1,162 @@ -+/* -+ * AppArmor security module -+ * -+ * This file contains AppArmor network mediation -+ * -+ * Copyright (C) 1998-2008 Novell/SUSE -+ * Copyright 2009-2012 Canonical Ltd. -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License as -+ * published by the Free Software Foundation, version 2 of the -+ * License. -+ */ -+ -+#include "include/apparmor.h" -+#include "include/audit.h" -+#include "include/context.h" -+#include "include/net.h" -+#include "include/policy.h" -+ -+#include "net_names.h" -+ -+struct aa_fs_entry aa_fs_entry_network[] = { -+ AA_FS_FILE_STRING("af_mask", AA_FS_AF_MASK), -+ { } -+}; -+ -+/* audit callback for net specific fields */ -+static void audit_cb(struct audit_buffer *ab, void *va) -+{ -+ struct common_audit_data *sa = va; -+ -+ audit_log_format(ab, " family="); -+ if (address_family_names[sa->u.net->family]) { -+ audit_log_string(ab, address_family_names[sa->u.net->family]); -+ } else { -+ audit_log_format(ab, "\"unknown(%d)\"", sa->u.net->family); -+ } -+ audit_log_format(ab, " sock_type="); -+ if (sock_type_names[sa->aad->net.type]) { -+ audit_log_string(ab, sock_type_names[sa->aad->net.type]); -+ } else { -+ audit_log_format(ab, "\"unknown(%d)\"", sa->aad->net.type); -+ } -+ audit_log_format(ab, " protocol=%d", sa->aad->net.protocol); -+} -+ -+/** -+ * audit_net - audit network access -+ * @profile: profile being enforced (NOT NULL) -+ * @op: operation being checked -+ * @family: network family -+ * @type: network type -+ * @protocol: network protocol -+ * @sk: socket auditing is being applied to -+ * @error: error code for failure else 0 -+ * -+ * Returns: %0 or sa->error else other errorcode on failure -+ */ -+static int audit_net(struct aa_profile *profile, int op, u16 family, int type, -+ int protocol, struct sock *sk, int error) -+{ -+ int audit_type = AUDIT_APPARMOR_AUTO; -+ struct common_audit_data sa; -+ struct apparmor_audit_data aad = { }; -+ struct lsm_network_audit net = { }; -+ if (sk) { -+ COMMON_AUDIT_DATA_INIT(&sa, NET); -+ } else { -+ COMMON_AUDIT_DATA_INIT(&sa, NONE); -+ } -+ /* todo fill in socket addr info */ -+ sa.aad = &aad; -+ sa.u.net = &net; -+ sa.aad->op = op, -+ sa.u.net->family = family; -+ sa.u.net->sk = sk; -+ sa.aad->net.type = type; -+ sa.aad->net.protocol = protocol; -+ sa.aad->error = error; -+ -+ if (likely(!sa.aad->error)) { -+ u16 audit_mask = profile->net.audit[sa.u.net->family]; -+ if (likely((AUDIT_MODE(profile) != AUDIT_ALL) && -+ !(1 << sa.aad->net.type & audit_mask))) -+ return 0; -+ audit_type = AUDIT_APPARMOR_AUDIT; -+ } else { -+ u16 quiet_mask = profile->net.quiet[sa.u.net->family]; -+ u16 kill_mask = 0; -+ u16 denied = (1 << sa.aad->net.type) & ~quiet_mask; -+ -+ if (denied & kill_mask) -+ audit_type = AUDIT_APPARMOR_KILL; -+ -+ if ((denied & quiet_mask) && -+ AUDIT_MODE(profile) != AUDIT_NOQUIET && -+ AUDIT_MODE(profile) != AUDIT_ALL) -+ return COMPLAIN_MODE(profile) ? 0 : sa.aad->error; -+ } -+ -+ return aa_audit(audit_type, profile, GFP_KERNEL, &sa, audit_cb); -+} -+ -+/** -+ * aa_net_perm - very course network access check -+ * @op: operation being checked -+ * @profile: profile being enforced (NOT NULL) -+ * @family: network family -+ * @type: network type -+ * @protocol: network protocol -+ * -+ * Returns: %0 else error if permission denied -+ */ -+int aa_net_perm(int op, struct aa_profile *profile, u16 family, int type, -+ int protocol, struct sock *sk) -+{ -+ u16 family_mask; -+ int error; -+ -+ if ((family < 0) || (family >= AF_MAX)) -+ return -EINVAL; -+ -+ if ((type < 0) || (type >= SOCK_MAX)) -+ return -EINVAL; -+ -+ /* unix domain and netlink sockets are handled by ipc */ -+ if (family == AF_UNIX || family == AF_NETLINK) -+ return 0; -+ -+ family_mask = profile->net.allow[family]; -+ -+ error = (family_mask & (1 << type)) ? 0 : -EACCES; -+ -+ return audit_net(profile, op, family, type, protocol, sk, error); -+} -+ -+/** -+ * aa_revalidate_sk - Revalidate access to a sock -+ * @op: operation being checked -+ * @sk: sock being revalidated (NOT NULL) -+ * -+ * Returns: %0 else error if permission denied -+ */ -+int aa_revalidate_sk(int op, struct sock *sk) -+{ -+ struct aa_profile *profile; -+ int error = 0; -+ -+ /* aa_revalidate_sk should not be called from interrupt context -+ * don't mediate these calls as they are not task related -+ */ -+ if (in_interrupt()) -+ return 0; -+ -+ profile = __aa_current_profile(); -+ if (!unconfined(profile)) -+ error = aa_net_perm(op, profile, sk->sk_family, sk->sk_type, -+ sk->sk_protocol, sk); -+ -+ return error; -+} -diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c -index f1f7506..b8100a7 100644 ---- a/security/apparmor/policy.c -+++ b/security/apparmor/policy.c -@@ -745,6 +745,7 @@ static void free_profile(struct aa_profile *profile) - - aa_free_file_rules(&profile->file); - aa_free_cap_rules(&profile->caps); -+ aa_free_net_rules(&profile->net); - aa_free_rlimit_rules(&profile->rlimits); - - aa_free_sid(profile->sid); -diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c -index deab7c7..8f8e9c1 100644 ---- a/security/apparmor/policy_unpack.c -+++ b/security/apparmor/policy_unpack.c -@@ -193,6 +193,19 @@ fail: - return 0; - } - -+static bool unpack_u16(struct aa_ext *e, u16 *data, const char *name) -+{ -+ if (unpack_nameX(e, AA_U16, name)) { -+ if (!inbounds(e, sizeof(u16))) -+ return 0; -+ if (data) -+ *data = le16_to_cpu(get_unaligned((u16 *) e->pos)); -+ e->pos += sizeof(u16); -+ return 1; -+ } -+ return 0; -+} -+ - static bool unpack_u32(struct aa_ext *e, u32 *data, const char *name) - { - if (unpack_nameX(e, AA_U32, name)) { -@@ -471,6 +484,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e) - { - struct aa_profile *profile = NULL; - const char *name = NULL; -+ size_t size = 0; - int i, error = -EPROTO; - kernel_cap_t tmpcap; - u32 tmp; -@@ -564,6 +578,38 @@ static struct aa_profile *unpack_profile(struct aa_ext *e) - if (!unpack_rlimits(e, profile)) - goto fail; - -+ size = unpack_array(e, "net_allowed_af"); -+ if (size) { -+ -+ for (i = 0; i < size; i++) { -+ /* discard extraneous rules that this kernel will -+ * never request -+ */ -+ if (i >= AF_MAX) { -+ u16 tmp; -+ if (!unpack_u16(e, &tmp, NULL) || -+ !unpack_u16(e, &tmp, NULL) || -+ !unpack_u16(e, &tmp, NULL)) -+ goto fail; -+ continue; -+ } -+ if (!unpack_u16(e, &profile->net.allow[i], NULL)) -+ goto fail; -+ if (!unpack_u16(e, &profile->net.audit[i], NULL)) -+ goto fail; -+ if (!unpack_u16(e, &profile->net.quiet[i], NULL)) -+ goto fail; -+ } -+ if (!unpack_nameX(e, AA_ARRAYEND, NULL)) -+ goto fail; -+ } -+ /* -+ * allow unix domain and netlink sockets they are handled -+ * by IPC -+ */ -+ profile->net.allow[AF_UNIX] = 0xffff; -+ profile->net.allow[AF_NETLINK] = 0xffff; -+ - if (unpack_nameX(e, AA_STRUCT, "policydb")) { - /* generic policy dfa - optional and may be NULL */ - profile->policy.dfa = unpack_dfa(e); --- -1.7.9.5 - diff --git a/pkgs/os-specific/linux/kernel/apparmor-patches/3.4/0003-UBUNTU-SAUCE-apparmor-Add-the-ability-to-mediate-mou.patch b/pkgs/os-specific/linux/kernel/apparmor-patches/3.4/0003-UBUNTU-SAUCE-apparmor-Add-the-ability-to-mediate-mou.patch deleted file mode 100644 index 48b34343e0b8..000000000000 --- a/pkgs/os-specific/linux/kernel/apparmor-patches/3.4/0003-UBUNTU-SAUCE-apparmor-Add-the-ability-to-mediate-mou.patch +++ /dev/null @@ -1,957 +0,0 @@ -From a94d5e11c0484af59e5feebf144cc48c186892ad Mon Sep 17 00:00:00 2001 -From: John Johansen -Date: Wed, 16 May 2012 10:58:05 -0700 -Subject: [PATCH 3/3] UBUNTU: SAUCE: apparmor: Add the ability to mediate - mount - -Add the ability for apparmor to do mediation of mount operations. Mount -rules require an updated apparmor_parser (2.8 series) for policy compilation. - -The basic form of the rules are. - - [audit] [deny] mount [conds]* [device] [ -> [conds] path], - [audit] [deny] remount [conds]* [path], - [audit] [deny] umount [conds]* [path], - [audit] [deny] pivotroot [oldroot=] - - remount is just a short cut for mount options=remount - - where [conds] can be - fstype= - options= - -Example mount commands - mount, # allow all mounts, but not umount or pivotroot - - mount fstype=procfs, # allow mounting procfs anywhere - - mount options=(bind, ro) /foo -> /bar, # readonly bind mount - - mount /dev/sda -> /mnt, - - mount /dev/sd** -> /mnt/**, - - mount fstype=overlayfs options=(rw,upperdir=/tmp/upper/,lowerdir=/) -> /mnt/ - - umount, - - umount /m*, - -See the apparmor userspace for full documentation - -Signed-off-by: John Johansen -Acked-by: Kees Cook ---- - security/apparmor/Makefile | 2 +- - security/apparmor/apparmorfs.c | 13 + - security/apparmor/audit.c | 4 + - security/apparmor/domain.c | 2 +- - security/apparmor/include/apparmor.h | 3 +- - security/apparmor/include/audit.h | 11 + - security/apparmor/include/domain.h | 2 + - security/apparmor/include/mount.h | 54 +++ - security/apparmor/lsm.c | 59 ++++ - security/apparmor/mount.c | 620 ++++++++++++++++++++++++++++++++++ - 10 files changed, 767 insertions(+), 3 deletions(-) - create mode 100644 security/apparmor/include/mount.h - create mode 100644 security/apparmor/mount.c - -diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile -index 19daa85..63e0a4c 100644 ---- a/security/apparmor/Makefile -+++ b/security/apparmor/Makefile -@@ -4,7 +4,7 @@ obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o - - apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \ - path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \ -- resource.o sid.o file.o net.o -+ resource.o sid.o file.o net.o mount.o - - clean-files := capability_names.h rlim_names.h net_names.h - -diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c -index c66315d..ff19009 100644 ---- a/security/apparmor/apparmorfs.c -+++ b/security/apparmor/apparmorfs.c -@@ -424,10 +424,23 @@ static struct aa_fs_entry aa_fs_entry_domain[] = { - { } - }; - -+static struct aa_fs_entry aa_fs_entry_mount[] = { -+ AA_FS_FILE_STRING("mask", "mount umount"), -+ { } -+}; -+ -+static struct aa_fs_entry aa_fs_entry_namespaces[] = { -+ AA_FS_FILE_BOOLEAN("profile", 1), -+ AA_FS_FILE_BOOLEAN("pivot_root", 1), -+ { } -+}; -+ - static struct aa_fs_entry aa_fs_entry_features[] = { - AA_FS_DIR("domain", aa_fs_entry_domain), - AA_FS_DIR("file", aa_fs_entry_file), - AA_FS_DIR("network", aa_fs_entry_network), -+ AA_FS_DIR("mount", aa_fs_entry_mount), -+ AA_FS_DIR("namespaces", aa_fs_entry_namespaces), - AA_FS_FILE_U64("capability", VFS_CAP_FLAGS_MASK), - AA_FS_DIR("rlimit", aa_fs_entry_rlimit), - { } -diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c -index cc3520d..b9f5ee9 100644 ---- a/security/apparmor/audit.c -+++ b/security/apparmor/audit.c -@@ -44,6 +44,10 @@ const char *const op_table[] = { - "file_mmap", - "file_mprotect", - -+ "pivotroot", -+ "mount", -+ "umount", -+ - "create", - "post_create", - "bind", -diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c -index 6327685..dfdc47b 100644 ---- a/security/apparmor/domain.c -+++ b/security/apparmor/domain.c -@@ -242,7 +242,7 @@ static const char *next_name(int xtype, const char *name) - * - * Returns: refcounted profile, or NULL on failure (MAYBE NULL) - */ --static struct aa_profile *x_table_lookup(struct aa_profile *profile, u32 xindex) -+struct aa_profile *x_table_lookup(struct aa_profile *profile, u32 xindex) - { - struct aa_profile *new_profile = NULL; - struct aa_namespace *ns = profile->ns; -diff --git a/security/apparmor/include/apparmor.h b/security/apparmor/include/apparmor.h -index 40aedd9..e243d96 100644 ---- a/security/apparmor/include/apparmor.h -+++ b/security/apparmor/include/apparmor.h -@@ -29,8 +29,9 @@ - #define AA_CLASS_NET 4 - #define AA_CLASS_RLIMITS 5 - #define AA_CLASS_DOMAIN 6 -+#define AA_CLASS_MOUNT 7 - --#define AA_CLASS_LAST AA_CLASS_DOMAIN -+#define AA_CLASS_LAST AA_CLASS_MOUNT - - /* Control parameters settable through module/boot flags */ - extern enum audit_mode aa_g_audit; -diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h -index c1ff09c..7b90900c 100644 ---- a/security/apparmor/include/audit.h -+++ b/security/apparmor/include/audit.h -@@ -73,6 +73,10 @@ enum aa_ops { - OP_FMMAP, - OP_FMPROT, - -+ OP_PIVOTROOT, -+ OP_MOUNT, -+ OP_UMOUNT, -+ - OP_CREATE, - OP_POST_CREATE, - OP_BIND, -@@ -121,6 +125,13 @@ struct apparmor_audit_data { - unsigned long max; - } rlim; - struct { -+ const char *src_name; -+ const char *type; -+ const char *trans; -+ const char *data; -+ unsigned long flags; -+ } mnt; -+ struct { - const char *target; - u32 request; - u32 denied; -diff --git a/security/apparmor/include/domain.h b/security/apparmor/include/domain.h -index de04464..a3f70c5 100644 ---- a/security/apparmor/include/domain.h -+++ b/security/apparmor/include/domain.h -@@ -23,6 +23,8 @@ struct aa_domain { - char **table; - }; - -+struct aa_profile *x_table_lookup(struct aa_profile *profile, u32 xindex); -+ - int apparmor_bprm_set_creds(struct linux_binprm *bprm); - int apparmor_bprm_secureexec(struct linux_binprm *bprm); - void apparmor_bprm_committing_creds(struct linux_binprm *bprm); -diff --git a/security/apparmor/include/mount.h b/security/apparmor/include/mount.h -new file mode 100644 -index 0000000..bc17a53 ---- /dev/null -+++ b/security/apparmor/include/mount.h -@@ -0,0 +1,54 @@ -+/* -+ * AppArmor security module -+ * -+ * This file contains AppArmor file mediation function definitions. -+ * -+ * Copyright 2012 Canonical Ltd. -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License as -+ * published by the Free Software Foundation, version 2 of the -+ * License. -+ */ -+ -+#ifndef __AA_MOUNT_H -+#define __AA_MOUNT_H -+ -+#include -+#include -+ -+#include "domain.h" -+#include "policy.h" -+ -+/* mount perms */ -+#define AA_MAY_PIVOTROOT 0x01 -+#define AA_MAY_MOUNT 0x02 -+#define AA_MAY_UMOUNT 0x04 -+#define AA_AUDIT_DATA 0x40 -+#define AA_CONT_MATCH 0x40 -+ -+#define AA_MS_IGNORE_MASK (MS_KERNMOUNT | MS_NOSEC | MS_ACTIVE | MS_BORN) -+ -+int aa_remount(struct aa_profile *profile, struct path *path, -+ unsigned long flags, void *data); -+ -+int aa_bind_mount(struct aa_profile *profile, struct path *path, -+ const char *old_name, unsigned long flags); -+ -+ -+int aa_mount_change_type(struct aa_profile *profile, struct path *path, -+ unsigned long flags); -+ -+int aa_move_mount(struct aa_profile *profile, struct path *path, -+ const char *old_name); -+ -+int aa_new_mount(struct aa_profile *profile, const char *dev_name, -+ struct path *path, const char *type, unsigned long flags, -+ void *data); -+ -+int aa_umount(struct aa_profile *profile, struct vfsmount *mnt, int flags); -+ -+int aa_pivotroot(struct aa_profile *profile, struct path *old_path, -+ struct path *new_path); -+ -+#endif /* __AA_MOUNT_H */ -diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c -index 3cde194..4512cc6 100644 ---- a/security/apparmor/lsm.c -+++ b/security/apparmor/lsm.c -@@ -36,6 +36,7 @@ - #include "include/path.h" - #include "include/policy.h" - #include "include/procattr.h" -+#include "include/mount.h" - - /* Flag indicating whether initialization completed */ - int apparmor_initialized __initdata; -@@ -512,6 +513,60 @@ static int apparmor_file_mprotect(struct vm_area_struct *vma, - !(vma->vm_flags & VM_SHARED) ? MAP_PRIVATE : 0); - } - -+static int apparmor_sb_mount(char *dev_name, struct path *path, char *type, -+ unsigned long flags, void *data) -+{ -+ struct aa_profile *profile; -+ int error = 0; -+ -+ /* Discard magic */ -+ if ((flags & MS_MGC_MSK) == MS_MGC_VAL) -+ flags &= ~MS_MGC_MSK; -+ -+ flags &= ~AA_MS_IGNORE_MASK; -+ -+ profile = __aa_current_profile(); -+ if (!unconfined(profile)) { -+ if (flags & MS_REMOUNT) -+ error = aa_remount(profile, path, flags, data); -+ else if (flags & MS_BIND) -+ error = aa_bind_mount(profile, path, dev_name, flags); -+ else if (flags & (MS_SHARED | MS_PRIVATE | MS_SLAVE | -+ MS_UNBINDABLE)) -+ error = aa_mount_change_type(profile, path, flags); -+ else if (flags & MS_MOVE) -+ error = aa_move_mount(profile, path, dev_name); -+ else -+ error = aa_new_mount(profile, dev_name, path, type, -+ flags, data); -+ } -+ return error; -+} -+ -+static int apparmor_sb_umount(struct vfsmount *mnt, int flags) -+{ -+ struct aa_profile *profile; -+ int error = 0; -+ -+ profile = __aa_current_profile(); -+ if (!unconfined(profile)) -+ error = aa_umount(profile, mnt, flags); -+ -+ return error; -+} -+ -+static int apparmor_sb_pivotroot(struct path *old_path, struct path *new_path) -+{ -+ struct aa_profile *profile; -+ int error = 0; -+ -+ profile = __aa_current_profile(); -+ if (!unconfined(profile)) -+ error = aa_pivotroot(profile, old_path, new_path); -+ -+ return error; -+} -+ - static int apparmor_getprocattr(struct task_struct *task, char *name, - char **value) - { -@@ -729,6 +784,10 @@ static struct security_operations apparmor_ops = { - .capget = apparmor_capget, - .capable = apparmor_capable, - -+ .sb_mount = apparmor_sb_mount, -+ .sb_umount = apparmor_sb_umount, -+ .sb_pivotroot = apparmor_sb_pivotroot, -+ - .path_link = apparmor_path_link, - .path_unlink = apparmor_path_unlink, - .path_symlink = apparmor_path_symlink, -diff --git a/security/apparmor/mount.c b/security/apparmor/mount.c -new file mode 100644 -index 0000000..63d8493 ---- /dev/null -+++ b/security/apparmor/mount.c -@@ -0,0 +1,620 @@ -+/* -+ * AppArmor security module -+ * -+ * This file contains AppArmor mediation of files -+ * -+ * Copyright (C) 1998-2008 Novell/SUSE -+ * Copyright 2009-2012 Canonical Ltd. -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License as -+ * published by the Free Software Foundation, version 2 of the -+ * License. -+ */ -+ -+#include -+#include -+#include -+ -+#include "include/apparmor.h" -+#include "include/audit.h" -+#include "include/context.h" -+#include "include/domain.h" -+#include "include/file.h" -+#include "include/match.h" -+#include "include/mount.h" -+#include "include/path.h" -+#include "include/policy.h" -+ -+ -+static void audit_mnt_flags(struct audit_buffer *ab, unsigned long flags) -+{ -+ if (flags & MS_RDONLY) -+ audit_log_format(ab, "ro"); -+ else -+ audit_log_format(ab, "rw"); -+ if (flags & MS_NOSUID) -+ audit_log_format(ab, ", nosuid"); -+ if (flags & MS_NODEV) -+ audit_log_format(ab, ", nodev"); -+ if (flags & MS_NOEXEC) -+ audit_log_format(ab, ", noexec"); -+ if (flags & MS_SYNCHRONOUS) -+ audit_log_format(ab, ", sync"); -+ if (flags & MS_REMOUNT) -+ audit_log_format(ab, ", remount"); -+ if (flags & MS_MANDLOCK) -+ audit_log_format(ab, ", mand"); -+ if (flags & MS_DIRSYNC) -+ audit_log_format(ab, ", dirsync"); -+ if (flags & MS_NOATIME) -+ audit_log_format(ab, ", noatime"); -+ if (flags & MS_NODIRATIME) -+ audit_log_format(ab, ", nodiratime"); -+ if (flags & MS_BIND) -+ audit_log_format(ab, flags & MS_REC ? ", rbind" : ", bind"); -+ if (flags & MS_MOVE) -+ audit_log_format(ab, ", move"); -+ if (flags & MS_SILENT) -+ audit_log_format(ab, ", silent"); -+ if (flags & MS_POSIXACL) -+ audit_log_format(ab, ", acl"); -+ if (flags & MS_UNBINDABLE) -+ audit_log_format(ab, flags & MS_REC ? ", runbindable" : -+ ", unbindable"); -+ if (flags & MS_PRIVATE) -+ audit_log_format(ab, flags & MS_REC ? ", rprivate" : -+ ", private"); -+ if (flags & MS_SLAVE) -+ audit_log_format(ab, flags & MS_REC ? ", rslave" : -+ ", slave"); -+ if (flags & MS_SHARED) -+ audit_log_format(ab, flags & MS_REC ? ", rshared" : -+ ", shared"); -+ if (flags & MS_RELATIME) -+ audit_log_format(ab, ", relatime"); -+ if (flags & MS_I_VERSION) -+ audit_log_format(ab, ", iversion"); -+ if (flags & MS_STRICTATIME) -+ audit_log_format(ab, ", strictatime"); -+ if (flags & MS_NOUSER) -+ audit_log_format(ab, ", nouser"); -+} -+ -+/** -+ * audit_cb - call back for mount specific audit fields -+ * @ab: audit_buffer (NOT NULL) -+ * @va: audit struct to audit values of (NOT NULL) -+ */ -+static void audit_cb(struct audit_buffer *ab, void *va) -+{ -+ struct common_audit_data *sa = va; -+ -+ if (sa->aad->mnt.type) { -+ audit_log_format(ab, " fstype="); -+ audit_log_untrustedstring(ab, sa->aad->mnt.type); -+ } -+ if (sa->aad->mnt.src_name) { -+ audit_log_format(ab, " srcname="); -+ audit_log_untrustedstring(ab, sa->aad->mnt.src_name); -+ } -+ if (sa->aad->mnt.trans) { -+ audit_log_format(ab, " trans="); -+ audit_log_untrustedstring(ab, sa->aad->mnt.trans); -+ } -+ if (sa->aad->mnt.flags || sa->aad->op == OP_MOUNT) { -+ audit_log_format(ab, " flags=\""); -+ audit_mnt_flags(ab, sa->aad->mnt.flags); -+ audit_log_format(ab, "\""); -+ } -+ if (sa->aad->mnt.data) { -+ audit_log_format(ab, " options="); -+ audit_log_untrustedstring(ab, sa->aad->mnt.data); -+ } -+} -+ -+/** -+ * audit_mount - handle the auditing of mount operations -+ * @profile: the profile being enforced (NOT NULL) -+ * @gfp: allocation flags -+ * @op: operation being mediated (NOT NULL) -+ * @name: name of object being mediated (MAYBE NULL) -+ * @src_name: src_name of object being mediated (MAYBE_NULL) -+ * @type: type of filesystem (MAYBE_NULL) -+ * @trans: name of trans (MAYBE NULL) -+ * @flags: filesystem idependent mount flags -+ * @data: filesystem mount flags -+ * @request: permissions requested -+ * @perms: the permissions computed for the request (NOT NULL) -+ * @info: extra information message (MAYBE NULL) -+ * @error: 0 if operation allowed else failure error code -+ * -+ * Returns: %0 or error on failure -+ */ -+static int audit_mount(struct aa_profile *profile, gfp_t gfp, int op, -+ const char *name, const char *src_name, -+ const char *type, const char *trans, -+ unsigned long flags, const void *data, u32 request, -+ struct file_perms *perms, const char *info, int error) -+{ -+ int audit_type = AUDIT_APPARMOR_AUTO; -+ struct common_audit_data sa; -+ struct apparmor_audit_data aad = { }; -+ -+ if (likely(!error)) { -+ u32 mask = perms->audit; -+ -+ if (unlikely(AUDIT_MODE(profile) == AUDIT_ALL)) -+ mask = 0xffff; -+ -+ /* mask off perms that are not being force audited */ -+ request &= mask; -+ -+ if (likely(!request)) -+ return 0; -+ audit_type = AUDIT_APPARMOR_AUDIT; -+ } else { -+ /* only report permissions that were denied */ -+ request = request & ~perms->allow; -+ -+ if (request & perms->kill) -+ audit_type = AUDIT_APPARMOR_KILL; -+ -+ /* quiet known rejects, assumes quiet and kill do not overlap */ -+ if ((request & perms->quiet) && -+ AUDIT_MODE(profile) != AUDIT_NOQUIET && -+ AUDIT_MODE(profile) != AUDIT_ALL) -+ request &= ~perms->quiet; -+ -+ if (!request) -+ return COMPLAIN_MODE(profile) ? -+ complain_error(error) : error; -+ } -+ -+ COMMON_AUDIT_DATA_INIT(&sa, NONE); -+ sa.aad = &aad; -+ sa.aad->op = op; -+ sa.aad->name = name; -+ sa.aad->mnt.src_name = src_name; -+ sa.aad->mnt.type = type; -+ sa.aad->mnt.trans = trans; -+ sa.aad->mnt.flags = flags; -+ if (data && (perms->audit & AA_AUDIT_DATA)) -+ sa.aad->mnt.data = data; -+ sa.aad->info = info; -+ sa.aad->error = error; -+ -+ return aa_audit(audit_type, profile, gfp, &sa, audit_cb); -+} -+ -+/** -+ * match_mnt_flags - Do an ordered match on mount flags -+ * @dfa: dfa to match against -+ * @state: state to start in -+ * @flags: mount flags to match against -+ * -+ * Mount flags are encoded as an ordered match. This is done instead of -+ * checking against a simple bitmask, to allow for logical operations -+ * on the flags. -+ * -+ * Returns: next state after flags match -+ */ -+static unsigned int match_mnt_flags(struct aa_dfa *dfa, unsigned int state, -+ unsigned long flags) -+{ -+ unsigned int i; -+ -+ for (i = 0; i <= 31 ; ++i) { -+ if ((1 << i) & flags) -+ state = aa_dfa_next(dfa, state, i + 1); -+ } -+ -+ return state; -+} -+ -+/** -+ * compute_mnt_perms - compute mount permission associated with @state -+ * @dfa: dfa to match against (NOT NULL) -+ * @state: state match finished in -+ * -+ * Returns: mount permissions -+ */ -+static struct file_perms compute_mnt_perms(struct aa_dfa *dfa, -+ unsigned int state) -+{ -+ struct file_perms perms; -+ -+ perms.kill = 0; -+ perms.allow = dfa_user_allow(dfa, state); -+ perms.audit = dfa_user_audit(dfa, state); -+ perms.quiet = dfa_user_quiet(dfa, state); -+ perms.xindex = dfa_user_xindex(dfa, state); -+ -+ return perms; -+} -+ -+static const char const *mnt_info_table[] = { -+ "match succeeded", -+ "failed mntpnt match", -+ "failed srcname match", -+ "failed type match", -+ "failed flags match", -+ "failed data match" -+}; -+ -+/* -+ * Returns 0 on success else element that match failed in, this is the -+ * index into the mnt_info_table above -+ */ -+static int do_match_mnt(struct aa_dfa *dfa, unsigned int start, -+ const char *mntpnt, const char *devname, -+ const char *type, unsigned long flags, -+ void *data, bool binary, struct file_perms *perms) -+{ -+ unsigned int state; -+ -+ state = aa_dfa_match(dfa, start, mntpnt); -+ state = aa_dfa_null_transition(dfa, state); -+ if (!state) -+ return 1; -+ -+ if (devname) -+ state = aa_dfa_match(dfa, state, devname); -+ state = aa_dfa_null_transition(dfa, state); -+ if (!state) -+ return 2; -+ -+ if (type) -+ state = aa_dfa_match(dfa, state, type); -+ state = aa_dfa_null_transition(dfa, state); -+ if (!state) -+ return 3; -+ -+ state = match_mnt_flags(dfa, state, flags); -+ if (!state) -+ return 4; -+ *perms = compute_mnt_perms(dfa, state); -+ if (perms->allow & AA_MAY_MOUNT) -+ return 0; -+ -+ /* only match data if not binary and the DFA flags data is expected */ -+ if (data && !binary && (perms->allow & AA_CONT_MATCH)) { -+ state = aa_dfa_null_transition(dfa, state); -+ if (!state) -+ return 4; -+ -+ state = aa_dfa_match(dfa, state, data); -+ if (!state) -+ return 5; -+ *perms = compute_mnt_perms(dfa, state); -+ if (perms->allow & AA_MAY_MOUNT) -+ return 0; -+ } -+ -+ /* failed at end of flags match */ -+ return 4; -+} -+ -+/** -+ * match_mnt - handle path matching for mount -+ * @profile: the confining profile -+ * @mntpnt: string for the mntpnt (NOT NULL) -+ * @devname: string for the devname/src_name (MAYBE NULL) -+ * @type: string for the dev type (MAYBE NULL) -+ * @flags: mount flags to match -+ * @data: fs mount data (MAYBE NULL) -+ * @binary: whether @data is binary -+ * @perms: Returns: permission found by the match -+ * @info: Returns: infomation string about the match for logging -+ * -+ * Returns: 0 on success else error -+ */ -+static int match_mnt(struct aa_profile *profile, const char *mntpnt, -+ const char *devname, const char *type, -+ unsigned long flags, void *data, bool binary, -+ struct file_perms *perms, const char **info) -+{ -+ int pos; -+ -+ if (!profile->policy.dfa) -+ return -EACCES; -+ -+ pos = do_match_mnt(profile->policy.dfa, -+ profile->policy.start[AA_CLASS_MOUNT], -+ mntpnt, devname, type, flags, data, binary, perms); -+ if (pos) { -+ *info = mnt_info_table[pos]; -+ return -EACCES; -+ } -+ -+ return 0; -+} -+ -+static int path_flags(struct aa_profile *profile, struct path *path) -+{ -+ return profile->path_flags | -+ S_ISDIR(path->dentry->d_inode->i_mode) ? PATH_IS_DIR : 0; -+} -+ -+int aa_remount(struct aa_profile *profile, struct path *path, -+ unsigned long flags, void *data) -+{ -+ struct file_perms perms = { }; -+ const char *name, *info = NULL; -+ char *buffer = NULL; -+ int binary, error; -+ -+ binary = path->dentry->d_sb->s_type->fs_flags & FS_BINARY_MOUNTDATA; -+ -+ error = aa_path_name(path, path_flags(profile, path), &buffer, &name, -+ &info); -+ if (error) -+ goto audit; -+ -+ error = match_mnt(profile, name, NULL, NULL, flags, data, binary, -+ &perms, &info); -+ -+audit: -+ error = audit_mount(profile, GFP_KERNEL, OP_MOUNT, name, NULL, NULL, -+ NULL, flags, data, AA_MAY_MOUNT, &perms, info, -+ error); -+ kfree(buffer); -+ -+ return error; -+} -+ -+int aa_bind_mount(struct aa_profile *profile, struct path *path, -+ const char *dev_name, unsigned long flags) -+{ -+ struct file_perms perms = { }; -+ char *buffer = NULL, *old_buffer = NULL; -+ const char *name, *old_name = NULL, *info = NULL; -+ struct path old_path; -+ int error; -+ -+ if (!dev_name || !*dev_name) -+ return -EINVAL; -+ -+ flags &= MS_REC | MS_BIND; -+ -+ error = aa_path_name(path, path_flags(profile, path), &buffer, &name, -+ &info); -+ if (error) -+ goto audit; -+ -+ error = kern_path(dev_name, LOOKUP_FOLLOW|LOOKUP_AUTOMOUNT, &old_path); -+ if (error) -+ goto audit; -+ -+ error = aa_path_name(&old_path, path_flags(profile, &old_path), -+ &old_buffer, &old_name, &info); -+ path_put(&old_path); -+ if (error) -+ goto audit; -+ -+ error = match_mnt(profile, name, old_name, NULL, flags, NULL, 0, -+ &perms, &info); -+ -+audit: -+ error = audit_mount(profile, GFP_KERNEL, OP_MOUNT, name, old_name, -+ NULL, NULL, flags, NULL, AA_MAY_MOUNT, &perms, -+ info, error); -+ kfree(buffer); -+ kfree(old_buffer); -+ -+ return error; -+} -+ -+int aa_mount_change_type(struct aa_profile *profile, struct path *path, -+ unsigned long flags) -+{ -+ struct file_perms perms = { }; -+ char *buffer = NULL; -+ const char *name, *info = NULL; -+ int error; -+ -+ /* These are the flags allowed by do_change_type() */ -+ flags &= (MS_REC | MS_SILENT | MS_SHARED | MS_PRIVATE | MS_SLAVE | -+ MS_UNBINDABLE); -+ -+ error = aa_path_name(path, path_flags(profile, path), &buffer, &name, -+ &info); -+ if (error) -+ goto audit; -+ -+ error = match_mnt(profile, name, NULL, NULL, flags, NULL, 0, &perms, -+ &info); -+ -+audit: -+ error = audit_mount(profile, GFP_KERNEL, OP_MOUNT, name, NULL, NULL, -+ NULL, flags, NULL, AA_MAY_MOUNT, &perms, info, -+ error); -+ kfree(buffer); -+ -+ return error; -+} -+ -+int aa_move_mount(struct aa_profile *profile, struct path *path, -+ const char *orig_name) -+{ -+ struct file_perms perms = { }; -+ char *buffer = NULL, *old_buffer = NULL; -+ const char *name, *old_name = NULL, *info = NULL; -+ struct path old_path; -+ int error; -+ -+ if (!orig_name || !*orig_name) -+ return -EINVAL; -+ -+ error = aa_path_name(path, path_flags(profile, path), &buffer, &name, -+ &info); -+ if (error) -+ goto audit; -+ -+ error = kern_path(orig_name, LOOKUP_FOLLOW, &old_path); -+ if (error) -+ goto audit; -+ -+ error = aa_path_name(&old_path, path_flags(profile, &old_path), -+ &old_buffer, &old_name, &info); -+ path_put(&old_path); -+ if (error) -+ goto audit; -+ -+ error = match_mnt(profile, name, old_name, NULL, MS_MOVE, NULL, 0, -+ &perms, &info); -+ -+audit: -+ error = audit_mount(profile, GFP_KERNEL, OP_MOUNT, name, old_name, -+ NULL, NULL, MS_MOVE, NULL, AA_MAY_MOUNT, &perms, -+ info, error); -+ kfree(buffer); -+ kfree(old_buffer); -+ -+ return error; -+} -+ -+int aa_new_mount(struct aa_profile *profile, const char *orig_dev_name, -+ struct path *path, const char *type, unsigned long flags, -+ void *data) -+{ -+ struct file_perms perms = { }; -+ char *buffer = NULL, *dev_buffer = NULL; -+ const char *name = NULL, *dev_name = NULL, *info = NULL; -+ int binary = 1; -+ int error; -+ -+ dev_name = orig_dev_name; -+ if (type) { -+ int requires_dev; -+ struct file_system_type *fstype = get_fs_type(type); -+ if (!fstype) -+ return -ENODEV; -+ -+ binary = fstype->fs_flags & FS_BINARY_MOUNTDATA; -+ requires_dev = fstype->fs_flags & FS_REQUIRES_DEV; -+ put_filesystem(fstype); -+ -+ if (requires_dev) { -+ struct path dev_path; -+ -+ if (!dev_name || !*dev_name) { -+ error = -ENOENT; -+ goto out; -+ } -+ -+ error = kern_path(dev_name, LOOKUP_FOLLOW, &dev_path); -+ if (error) -+ goto audit; -+ -+ error = aa_path_name(&dev_path, -+ path_flags(profile, &dev_path), -+ &dev_buffer, &dev_name, &info); -+ path_put(&dev_path); -+ if (error) -+ goto audit; -+ } -+ } -+ -+ error = aa_path_name(path, path_flags(profile, path), &buffer, &name, -+ &info); -+ if (error) -+ goto audit; -+ -+ error = match_mnt(profile, name, dev_name, type, flags, data, binary, -+ &perms, &info); -+ -+audit: -+ error = audit_mount(profile, GFP_KERNEL, OP_MOUNT, name, dev_name, -+ type, NULL, flags, data, AA_MAY_MOUNT, &perms, info, -+ error); -+ kfree(buffer); -+ kfree(dev_buffer); -+ -+out: -+ return error; -+ -+} -+ -+int aa_umount(struct aa_profile *profile, struct vfsmount *mnt, int flags) -+{ -+ struct file_perms perms = { }; -+ char *buffer = NULL; -+ const char *name, *info = NULL; -+ int error; -+ -+ struct path path = { mnt, mnt->mnt_root }; -+ error = aa_path_name(&path, path_flags(profile, &path), &buffer, &name, -+ &info); -+ if (error) -+ goto audit; -+ -+ if (!error && profile->policy.dfa) { -+ unsigned int state; -+ state = aa_dfa_match(profile->policy.dfa, -+ profile->policy.start[AA_CLASS_MOUNT], -+ name); -+ perms = compute_mnt_perms(profile->policy.dfa, state); -+ } -+ -+ if (AA_MAY_UMOUNT & ~perms.allow) -+ error = -EACCES; -+ -+audit: -+ error = audit_mount(profile, GFP_KERNEL, OP_UMOUNT, name, NULL, NULL, -+ NULL, 0, NULL, AA_MAY_UMOUNT, &perms, info, error); -+ kfree(buffer); -+ -+ return error; -+} -+ -+int aa_pivotroot(struct aa_profile *profile, struct path *old_path, -+ struct path *new_path) -+{ -+ struct file_perms perms = { }; -+ struct aa_profile *target = NULL; -+ char *old_buffer = NULL, *new_buffer = NULL; -+ const char *old_name, *new_name = NULL, *info = NULL; -+ int error; -+ -+ error = aa_path_name(old_path, path_flags(profile, old_path), -+ &old_buffer, &old_name, &info); -+ if (error) -+ goto audit; -+ -+ error = aa_path_name(new_path, path_flags(profile, new_path), -+ &new_buffer, &new_name, &info); -+ if (error) -+ goto audit; -+ -+ if (profile->policy.dfa) { -+ unsigned int state; -+ state = aa_dfa_match(profile->policy.dfa, -+ profile->policy.start[AA_CLASS_MOUNT], -+ new_name); -+ state = aa_dfa_null_transition(profile->policy.dfa, state); -+ state = aa_dfa_match(profile->policy.dfa, state, old_name); -+ perms = compute_mnt_perms(profile->policy.dfa, state); -+ } -+ -+ if (AA_MAY_PIVOTROOT & perms.allow) { -+ if ((perms.xindex & AA_X_TYPE_MASK) == AA_X_TABLE) { -+ target = x_table_lookup(profile, perms.xindex); -+ if (!target) -+ error = -ENOENT; -+ else -+ error = aa_replace_current_profile(target); -+ } -+ } else -+ error = -EACCES; -+ -+audit: -+ error = audit_mount(profile, GFP_KERNEL, OP_PIVOTROOT, new_name, -+ old_name, NULL, target ? target->base.name : NULL, -+ 0, NULL, AA_MAY_PIVOTROOT, &perms, info, error); -+ aa_put_profile(target); -+ kfree(old_buffer); -+ kfree(new_buffer); -+ -+ return error; -+} --- -1.7.9.5 - diff --git a/pkgs/os-specific/linux/libselinux/fPIC.patch b/pkgs/os-specific/linux/libselinux/fPIC.patch deleted file mode 100644 index fdc1fa41a335..000000000000 --- a/pkgs/os-specific/linux/libselinux/fPIC.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/src/Makefile b/src/Makefile -index ac019df..00432b9 100644 ---- a/src/Makefile -+++ b/src/Makefile -@@ -132,7 +132,7 @@ $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) - $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR) - - %.o: %.c policy.h -- $(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $< -+ $(CC) $(CFLAGS) $(TLSFLAGS) -fPIC -c -o $@ $< - - %.lo: %.c policy.h - $(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $< diff --git a/pkgs/os-specific/linux/udisks/cve-2014-0004.patch b/pkgs/os-specific/linux/udisks/cve-2014-0004.patch deleted file mode 100644 index ce907507538f..000000000000 --- a/pkgs/os-specific/linux/udisks/cve-2014-0004.patch +++ /dev/null @@ -1,82 +0,0 @@ -commit ebf61ed8471a45cf8bce7231de00cb1bbc140708 -Author: Martin Pitt -Date: Wed Mar 5 14:07:44 2014 +0100 - - Fix buffer overflow in mount path parsing - - In the mount monitor we parse mount points from /proc/self/mountinfo. Ensure - that we don't overflow the buffers on platforms where mount paths could be - longer than PATH_MAX (unknown if that can actually happen), as at least the - mount paths for hotpluggable devices are somewhat user-controlled. - - Thanks to Florian Weimer for discovering this bug, and to David Zeuthen - for his initial patch! - - CVE-2014-0004 - -Index: udisks-1.0.4/src/mount-monitor.c -=================================================================== ---- udisks-1.0.4.orig/src/mount-monitor.c 2011-08-25 20:27:33.000000000 +0200 -+++ udisks-1.0.4/src/mount-monitor.c 2014-03-10 13:38:18.309406561 +0100 -@@ -39,6 +39,11 @@ - #include "mount.h" - #include "private.h" - -+/* build a %Ns format string macro with N == PATH_MAX */ -+#define xstr(s) str(s) -+#define str(s) #s -+#define PATH_MAX_FMT "%" xstr(PATH_MAX) "s" -+ - /*--------------------------------------------------------------------------------------------------------------*/ - - enum -@@ -320,8 +325,8 @@ mount_monitor_ensure (MountMonitor *moni - guint mount_id; - guint parent_id; - guint major, minor; -- gchar encoded_root[PATH_MAX]; -- gchar encoded_mount_point[PATH_MAX]; -+ gchar encoded_root[PATH_MAX + 1]; -+ gchar encoded_mount_point[PATH_MAX + 1]; - gchar *mount_point; - dev_t dev; - -@@ -329,7 +334,7 @@ mount_monitor_ensure (MountMonitor *moni - continue; - - if (sscanf (lines[n], -- "%d %d %d:%d %s %s", -+ "%d %d %d:%d " PATH_MAX_FMT " " PATH_MAX_FMT, - &mount_id, - &parent_id, - &major, -@@ -340,6 +345,8 @@ mount_monitor_ensure (MountMonitor *moni - g_warning ("Error parsing line '%s'", lines[n]); - continue; - } -+ encoded_root[sizeof encoded_root - 1] = '\0'; -+ encoded_mount_point[sizeof encoded_mount_point - 1] = '\0'; - - /* ignore mounts where only a subtree of a filesystem is mounted */ - if (g_strcmp0 (encoded_root, "/") != 0) -@@ -358,15 +365,17 @@ mount_monitor_ensure (MountMonitor *moni - sep = strstr (lines[n], " - "); - if (sep != NULL) - { -- gchar fstype[PATH_MAX]; -- gchar mount_source[PATH_MAX]; -+ gchar fstype[PATH_MAX + 1]; -+ gchar mount_source[PATH_MAX + 1]; - struct stat statbuf; - -- if (sscanf (sep + 3, "%s %s", fstype, mount_source) != 2) -+ if (sscanf (sep + 3, PATH_MAX_FMT " " PATH_MAX_FMT, fstype, mount_source) != 2) - { - g_warning ("Error parsing things past - for '%s'", lines[n]); - continue; - } -+ fstype[sizeof fstype - 1] = '\0'; -+ mount_source[sizeof mount_source - 1] = '\0'; - - if (g_strcmp0 (fstype, "btrfs") != 0) - continue; diff --git a/pkgs/os-specific/linux/wpa_supplicant/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch b/pkgs/os-specific/linux/wpa_supplicant/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch deleted file mode 100644 index de1964ca7697..000000000000 --- a/pkgs/os-specific/linux/wpa_supplicant/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 9ed4eee345f85e3025c33c6e20aa25696e341ccd Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Tue, 7 Apr 2015 11:32:11 +0300 -Subject: [PATCH] P2P: Validate SSID element length before copying it - (CVE-2015-1863) - -This fixes a possible memcpy overflow for P2P dev->oper_ssid in -p2p_add_device(). The length provided by the peer device (0..255 bytes) -was used without proper bounds checking and that could have resulted in -arbitrary data of up to 223 bytes being written beyond the end of the -dev->oper_ssid[] array (of which about 150 bytes would be beyond the -heap allocation) when processing a corrupted management frame for P2P -peer discovery purposes. - -This could result in corrupted state in heap, unexpected program -behavior due to corrupted P2P peer device information, denial of service -due to process crash, exposure of memory contents during GO Negotiation, -and potentially arbitrary code execution. - -Thanks to Google security team for reporting this issue and smart -hardware research group of Alibaba security team for discovering it. - -Signed-off-by: Jouni Malinen ---- - src/p2p/p2p.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c -index f584fae..a45fe73 100644 ---- a/src/p2p/p2p.c -+++ b/src/p2p/p2p.c -@@ -778,6 +778,7 @@ int p2p_add_device(struct p2p_data *p2p, const u8 *addr, int freq, - if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0) - os_memcpy(dev->interface_addr, addr, ETH_ALEN); - if (msg.ssid && -+ msg.ssid[1] <= sizeof(dev->oper_ssid) && - (msg.ssid[1] != P2P_WILDCARD_SSID_LEN || - os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN) - != 0)) { --- -1.9.1 - diff --git a/pkgs/servers/x11/xorg/darwin/0001-XQuartz-GLX-Use-__glXEnableExtension-to-build-extens.patch b/pkgs/servers/x11/xorg/darwin/0001-XQuartz-GLX-Use-__glXEnableExtension-to-build-extens.patch deleted file mode 100644 index ff297a8df96a..000000000000 --- a/pkgs/servers/x11/xorg/darwin/0001-XQuartz-GLX-Use-__glXEnableExtension-to-build-extens.patch +++ /dev/null @@ -1,78 +0,0 @@ -From fff30cdea46616eb92f4dd9402ebd27fdb55e13b Mon Sep 17 00:00:00 2001 -From: Jeremy Huddleston Sequoia -Date: Sun, 1 Jun 2014 04:29:19 -0700 -Subject: [PATCH 1/6] XQuartz: GLX: Use __glXEnableExtension to build - extensions list - -Signed-off-by: Jeremy Huddleston Sequoia -(cherry picked from commit 3790001ea29658872aebda00a03170e392b47878) ---- - hw/xquartz/GL/indirect.c | 37 +++++++++++++++++++++++++++++++------ - 1 file changed, 31 insertions(+), 6 deletions(-) - -diff --git a/hw/xquartz/GL/indirect.c b/hw/xquartz/GL/indirect.c -index 19b7d86..4e6ab3d 100644 ---- a/hw/xquartz/GL/indirect.c -+++ b/hw/xquartz/GL/indirect.c -@@ -52,6 +52,7 @@ - - #include "visualConfigs.h" - #include "dri.h" -+#include "extension_string.h" - - #include "darwin.h" - #define GLAQUA_DEBUG_MSG(msg, args ...) ASL_LOG(ASL_LEVEL_DEBUG, "GLXAqua", \ -@@ -111,6 +112,10 @@ typedef struct __GLXAquaDrawable __GLXAquaDrawable; - */ - struct __GLXAquaScreen { - __GLXscreen base; -+ -+ /* Supported GLX extensions */ -+ unsigned char glx_enable_bits[__GLX_EXT_BYTES]; -+ - int index; - int num_vis; - }; -@@ -541,13 +546,33 @@ __glXAquaScreenProbe(ScreenPtr pScreen) - - screen->base.GLXmajor = 1; - screen->base.GLXminor = 4; -- screen->base.GLXextensions = strdup("GLX_SGIX_fbconfig " -- "GLX_SGIS_multisample " -- "GLX_ARB_multisample " -- "GLX_EXT_visual_info " -- "GLX_EXT_import_context "); - -- /*We may be able to add more GLXextensions at a later time. */ -+ memset(screen->glx_enable_bits, 0, __GLX_EXT_BYTES); -+ -+ __glXEnableExtension(screen->glx_enable_bits, "GLX_EXT_visual_info"); -+ __glXEnableExtension(screen->glx_enable_bits, "GLX_EXT_visual_rating"); -+ __glXEnableExtension(screen->glx_enable_bits, "GLX_EXT_import_context"); -+ __glXEnableExtension(screen->glx_enable_bits, "GLX_OML_swap_method"); -+ __glXEnableExtension(screen->glx_enable_bits, "GLX_SGIX_fbconfig"); -+ -+ __glXEnableExtension(screen->glx_enable_bits, "GLX_SGIS_multisample"); -+ __glXEnableExtension(screen->glx_enable_bits, "GLX_ARB_multisample"); -+ -+ //__glXEnableExtension(screen->glx_enable_bits, "GLX_ARB_create_context"); -+ //__glXEnableExtension(screen->glx_enable_bits, "GLX_ARB_create_context_profile"); -+ -+ // Generate the GLX extensions string (overrides that set by __glXScreenInit()) -+ { -+ unsigned int buffer_size = -+ __glXGetExtensionString(screen->glx_enable_bits, NULL); -+ if (buffer_size > 0) { -+ free(screen->base.GLXextensions); -+ -+ screen->base.GLXextensions = xnfalloc(buffer_size); -+ __glXGetExtensionString(screen->glx_enable_bits, -+ screen->base.GLXextensions); -+ } -+ } - - return &screen->base; - } --- -2.3.2 (Apple Git-55) - diff --git a/pkgs/servers/x11/xorg/darwin/0003-Workaround-the-GC-clipping-problem-in-miPaintWindow-.patch b/pkgs/servers/x11/xorg/darwin/0003-Workaround-the-GC-clipping-problem-in-miPaintWindow-.patch deleted file mode 100644 index 395853f940fe..000000000000 --- a/pkgs/servers/x11/xorg/darwin/0003-Workaround-the-GC-clipping-problem-in-miPaintWindow-.patch +++ /dev/null @@ -1,165 +0,0 @@ -From fa5c83fe9129c9cd9cde1420a32112ca2f17566c Mon Sep 17 00:00:00 2001 -From: Jeremy Huddleston -Date: Fri, 30 Apr 2010 13:08:25 -0700 -Subject: [PATCH 3/6] Workaround the GC clipping problem in miPaintWindow and - add some debugging output. - -Signed-off-by: Jeremy Huddleston ---- - mi/miexpose.c | 104 ++++++++++++++++++++++++++++++++++++++++++++++++++++------ - 1 file changed, 94 insertions(+), 10 deletions(-) - -diff --git a/mi/miexpose.c b/mi/miexpose.c -index fc4dbc0..5e31b83 100644 ---- a/mi/miexpose.c -+++ b/mi/miexpose.c -@@ -408,7 +408,8 @@ void RootlessSetPixmapOfAncestors(WindowPtr pWin); - void RootlessStartDrawing(WindowPtr pWin); - void RootlessDamageRegion(WindowPtr pWin, RegionPtr prgn); - Bool IsFramedWindow(WindowPtr pWin); --#endif -+#include "../fb/fb.h" -+#endif - - void - miPaintWindow(WindowPtr pWin, RegionPtr prgn, int what) -@@ -437,23 +438,37 @@ miPaintWindow(WindowPtr pWin, RegionPtr prgn, int what) - Bool solid = TRUE; - DrawablePtr drawable = &pWin->drawable; - -+#ifdef XQUARTZ_CLIP_DEBUG -+ ErrorF("START %d BS %d (pR = %ld)\n", what, pWin->backgroundState, ParentRelative); -+ ErrorF(" Rgn: %d %d %d %d\n", prgn->extents.x1, prgn->extents.y1, -+ prgn->extents.x2 - prgn->extents.x1, -+ prgn->extents.y2 - prgn->extents.y1); -+ ErrorF(" Win: %d %d (%d %d) %d %d\n", pWin->origin.x, pWin->origin.y, -+ pWin->winSize.extents.x1, pWin->winSize.extents.y1, -+ pWin->winSize.extents.x2 - pWin->winSize.extents.x1, -+ pWin->winSize.extents.y2 - pWin->winSize.extents.y1); -+ ErrorF(" Draw: %d %d %d %d\n", pWin->drawable.x, pWin->drawable.y, -+ pWin->drawable.width, pWin->drawable.height); -+#endif -+ - #ifdef ROOTLESS - if (!drawable || drawable->type == UNDRAWABLE_WINDOW) - return; -+#endif -+ -+ if (what == PW_BACKGROUND) -+ { -+#ifdef ROOTLESS -+ if(IsFramedWindow(pWin)) { -+ RootlessStartDrawing(pWin); -+ RootlessDamageRegion(pWin, prgn); - -- if (IsFramedWindow(pWin)) { -- RootlessStartDrawing(pWin); -- RootlessDamageRegion(pWin, prgn); -- -- if (pWin->backgroundState == ParentRelative) { -- if ((what == PW_BACKGROUND) || -- (what == PW_BORDER && !pWin->borderIsPixel)) -+ if(pWin->backgroundState == ParentRelative) { - RootlessSetPixmapOfAncestors(pWin); -+ } - } -- } - #endif - -- if (what == PW_BACKGROUND) { - while (pWin->backgroundState == ParentRelative) - pWin = pWin->parent; - -@@ -478,6 +493,18 @@ miPaintWindow(WindowPtr pWin, RegionPtr prgn, int what) - else { - PixmapPtr pixmap; - -+#ifdef ROOTLESS -+ if(IsFramedWindow(pWin)) { -+ RootlessStartDrawing(pWin); -+ RootlessDamageRegion(pWin, prgn); -+ -+ if(!pWin->borderIsPixel && -+ pWin->backgroundState == ParentRelative) { -+ RootlessSetPixmapOfAncestors(pWin); -+ } -+ } -+#endif -+ - tile_x_off = drawable->x; - tile_y_off = drawable->y; - -@@ -486,6 +513,12 @@ miPaintWindow(WindowPtr pWin, RegionPtr prgn, int what) - return; - pixmap = (*pScreen->GetWindowPixmap) ((WindowPtr) drawable); - drawable = &pixmap->drawable; -+ -+#ifdef XQUARTZ_CLIP_DEBUG -+ ErrorF(" Draw: %d %d %d %d\n", -+ drawable->x, drawable->y, drawable->width, drawable->height); -+#endif -+ - #ifdef COMPOSITE - draw_x_off = pixmap->screen_x; - draw_y_off = pixmap->screen_y; -@@ -548,6 +581,57 @@ miPaintWindow(WindowPtr pWin, RegionPtr prgn, int what) - ChangeGC(NullClient, pGC, gcmask, gcval); - ValidateGC(drawable, pGC); - -+#ifdef XQUARTZ_CLIP_DEBUG -+ ErrorF(" GC: %d %d %d %d\n", -+ pGC->pCompositeClip->extents.x1, pGC->pCompositeClip->extents.y1, -+ pGC->pCompositeClip->extents.x2 - pGC->pCompositeClip->extents.x1, -+ pGC->pCompositeClip->extents.y2 - pGC->pCompositeClip->extents.y1); -+#endif -+ -+#ifdef XQUARTZ -+ /* Looks like our clipping isn't set right for some reason: -+ * http://xquartz.macosforge.org/trac/ticket/290 -+ */ -+ if(what == PW_BORDER) { -+ -+#if 0 -+ if(solid) { -+#if 1 -+ fbFillRegionSolid(&pWin->drawable, -+ prgn, -+ 0, -+ fbReplicatePixel(fill.pixel, -+ pWin->drawable.bitsPerPixel)); -+#else -+ fbFillRegionSolid(drawable, -+ prgn, -+ 0, -+ fbReplicatePixel(fill.pixel, -+ drawable->bitsPerPixel)); -+#endif -+ return; -+ } -+#endif -+ -+ pGC->pCompositeClip->extents.x1 += prgn->extents.x1; -+ pGC->pCompositeClip->extents.y1 += prgn->extents.y1; -+ pGC->pCompositeClip->extents.x2 += prgn->extents.x1; -+ pGC->pCompositeClip->extents.y2 += prgn->extents.y1; -+ -+ if(pGC->pCompositeClip->extents.x2 > drawable->pScreen->width) -+ pGC->pCompositeClip->extents.x2 = drawable->pScreen->width; -+ if(pGC->pCompositeClip->extents.y2 > drawable->pScreen->height) -+ pGC->pCompositeClip->extents.y2 = drawable->pScreen->height; -+ } -+#endif -+ -+#ifdef XQUARTZ_CLIP_DEBUG -+ ErrorF(" GC: %d %d %d %d\n", -+ pGC->pCompositeClip->extents.x1, pGC->pCompositeClip->extents.y1, -+ pGC->pCompositeClip->extents.x2 - pGC->pCompositeClip->extents.x1, -+ pGC->pCompositeClip->extents.y2 - pGC->pCompositeClip->extents.y1); -+#endif -+ - numRects = RegionNumRects(prgn); - pbox = RegionRects(prgn); - for (i = numRects; --i >= 0; pbox++, prect++) { --- -2.3.2 (Apple Git-55) - diff --git a/pkgs/servers/x11/xorg/darwin/0005-fb-Revert-fb-changes-that-broke-XQuartz.patch b/pkgs/servers/x11/xorg/darwin/0005-fb-Revert-fb-changes-that-broke-XQuartz.patch deleted file mode 100644 index b9d4b18cf82a..000000000000 --- a/pkgs/servers/x11/xorg/darwin/0005-fb-Revert-fb-changes-that-broke-XQuartz.patch +++ /dev/null @@ -1,316 +0,0 @@ -From a635e397d5830f7f60e3690a1bb36f7a725b915a Mon Sep 17 00:00:00 2001 -From: Jeremy Huddleston -Date: Fri, 12 Feb 2010 19:48:52 -0800 -Subject: [PATCH 5/6] fb: Revert fb changes that broke XQuartz - -http://bugs.freedesktop.org/show_bug.cgi?id=26124 - -Revert "Fix source pictures getting random transforms after 2d6a8f668342a5190cdf43b5." -Revert "fb: Adjust transform or composite coordinates for pixman operations" - -http://bugs.freedesktop.org/26124 - -This reverts commit a72c65e9176c51de95db2fdbf4c5d946a4911695. -This reverts commit a6bd5d2e482a5aa84acb3d4932e2a166d8670ef1. - -Signed-off-by: Jeremy Huddleston ---- - fb/fb.h | 3 +-- - fb/fbpict.c | 82 ++++++++++++++++++------------------------------------------- - fb/fbtrap.c | 43 ++++++++++++++------------------ - 3 files changed, 43 insertions(+), 85 deletions(-) - -diff --git a/fb/fb.h b/fb/fb.h -index ab110f3..59eaac3 100644 ---- a/fb/fb.h -+++ b/fb/fb.h -@@ -1326,8 +1326,7 @@ fbFillRegionSolid(DrawablePtr pDrawable, - RegionPtr pRegion, FbBits and, FbBits xor); - - extern _X_EXPORT pixman_image_t *image_from_pict(PicturePtr pict, -- Bool has_clip, -- int *xoff, int *yoff); -+ Bool has_clip); - - extern _X_EXPORT void free_pixman_pict(PicturePtr, pixman_image_t *); - -diff --git a/fb/fbpict.c b/fb/fbpict.c -index cafb027..6ee63e9 100644 ---- a/fb/fbpict.c -+++ b/fb/fbpict.c -@@ -46,23 +46,18 @@ fbComposite(CARD8 op, - INT16 yMask, INT16 xDst, INT16 yDst, CARD16 width, CARD16 height) - { - pixman_image_t *src, *mask, *dest; -- int src_xoff, src_yoff; -- int msk_xoff, msk_yoff; -- int dst_xoff, dst_yoff; -- - miCompositeSourceValidate(pSrc); - if (pMask) - miCompositeSourceValidate(pMask); - -- src = image_from_pict(pSrc, FALSE, &src_xoff, &src_yoff); -- mask = image_from_pict(pMask, FALSE, &msk_xoff, &msk_yoff); -- dest = image_from_pict(pDst, TRUE, &dst_xoff, &dst_yoff); -+ src = image_from_pict(pSrc, TRUE); -+ mask = image_from_pict(pMask, TRUE); -+ dest = image_from_pict(pDst, TRUE); - - if (src && dest && !(pMask && !mask)) { - pixman_image_composite(op, src, mask, dest, -- xSrc + src_xoff, ySrc + src_yoff, -- xMask + msk_xoff, yMask + msk_yoff, -- xDst + dst_xoff, yDst + dst_yoff, width, height); -+ xSrc, ySrc, xMask, yMask, xDst, yDst, -+ width, height); - } - - free_pixman_pict(pSrc, src); -@@ -289,20 +284,22 @@ create_conical_gradient_image(PictGradient * gradient) - } - - static pixman_image_t * --create_bits_picture(PicturePtr pict, Bool has_clip, int *xoff, int *yoff) -+create_bits_picture(PicturePtr pict, Bool has_clip) - { -- PixmapPtr pixmap; - FbBits *bits; - FbStride stride; -- int bpp; -+ int bpp, xoff, yoff; - pixman_image_t *image; - -- fbGetDrawablePixmap(pict->pDrawable, pixmap, *xoff, *yoff); -- fbGetPixmapBitsData(pixmap, bits, stride, bpp); -+ fbGetDrawable (pict->pDrawable, bits, stride, bpp, xoff, yoff); -+ -+ bits = (FbBits*)((CARD8*)bits + -+ (pict->pDrawable->y + yoff) * stride * sizeof(FbBits) + -+ (pict->pDrawable->x + xoff) * (bpp / 8)); - - image = pixman_image_create_bits((pixman_format_code_t) pict->format, -- pixmap->drawable.width, -- pixmap->drawable.height, (uint32_t *) bits, -+ pict->pDrawable->width, -+ pict->pDrawable->height, (uint32_t *) bits, - stride * sizeof(FbStride)); - - if (!image) -@@ -321,57 +318,31 @@ create_bits_picture(PicturePtr pict, Bool has_clip, int *xoff, int *yoff) - if (pict->clientClip) - pixman_image_set_has_client_clip(image, TRUE); - -- if (*xoff || *yoff) -- pixman_region_translate(pict->pCompositeClip, *xoff, *yoff); -+ pixman_region_translate (pict->pCompositeClip, - pict->pDrawable->x, - pict->pDrawable->y); - - pixman_image_set_clip_region(image, pict->pCompositeClip); - -- if (*xoff || *yoff) -- pixman_region_translate(pict->pCompositeClip, -*xoff, -*yoff); -+ pixman_region_translate (pict->pCompositeClip, pict->pDrawable->x, pict->pDrawable->y); - } - - /* Indexed table */ - if (pict->pFormat->index.devPrivate) - pixman_image_set_indexed(image, pict->pFormat->index.devPrivate); - -- /* Add in drawable origin to position within the image */ -- *xoff += pict->pDrawable->x; -- *yoff += pict->pDrawable->y; -- - return image; - } - - static pixman_image_t *image_from_pict_internal(PicturePtr pict, Bool has_clip, -- int *xoff, int *yoff, - Bool is_alpha_map); - - static void --set_image_properties(pixman_image_t * image, PicturePtr pict, Bool has_clip, -- int *xoff, int *yoff, Bool is_alpha_map) -+set_image_properties(pixman_image_t * image, PicturePtr pict, Bool is_alpha_map) - { - pixman_repeat_t repeat; - pixman_filter_t filter; - - if (pict->transform) { -- /* For source images, adjust the transform to account -- * for the drawable offset within the pixman image, -- * then set the offset to 0 as it will be used -- * to compute positions within the transformed image. -- */ -- if (!has_clip) { -- struct pixman_transform adjusted; -- -- adjusted = *pict->transform; -- pixman_transform_translate(&adjusted, -- NULL, -- pixman_int_to_fixed(*xoff), -- pixman_int_to_fixed(*yoff)); -- pixman_image_set_transform(image, &adjusted); -- *xoff = 0; -- *yoff = 0; -- } -- else -- pixman_image_set_transform(image, pict->transform); -+ pixman_image_set_transform(image, pict->transform); - } - - switch (pict->repeatType) { -@@ -399,10 +370,8 @@ set_image_properties(pixman_image_t * image, PicturePtr pict, Bool has_clip, - * as the alpha map for this operation - */ - if (pict->alphaMap && !is_alpha_map) { -- int alpha_xoff, alpha_yoff; - pixman_image_t *alpha_map = -- image_from_pict_internal(pict->alphaMap, FALSE, &alpha_xoff, -- &alpha_yoff, TRUE); -+ image_from_pict_internal(pict->alphaMap, TRUE, TRUE); - - pixman_image_set_alpha_map(image, alpha_map, pict->alphaOrigin.x, - pict->alphaOrigin.y); -@@ -436,8 +405,7 @@ set_image_properties(pixman_image_t * image, PicturePtr pict, Bool has_clip, - } - - static pixman_image_t * --image_from_pict_internal(PicturePtr pict, Bool has_clip, int *xoff, int *yoff, -- Bool is_alpha_map) -+image_from_pict_internal(PicturePtr pict, Bool has_clip, Bool is_alpha_map) - { - pixman_image_t *image = NULL; - -@@ -445,7 +413,7 @@ image_from_pict_internal(PicturePtr pict, Bool has_clip, int *xoff, int *yoff, - return NULL; - - if (pict->pDrawable) { -- image = create_bits_picture(pict, has_clip, xoff, yoff); -+ image = create_bits_picture(pict, has_clip); - } - else if (pict->pSourcePict) { - SourcePict *sp = pict->pSourcePict; -@@ -463,19 +431,17 @@ image_from_pict_internal(PicturePtr pict, Bool has_clip, int *xoff, int *yoff, - else if (sp->type == SourcePictTypeConical) - image = create_conical_gradient_image(gradient); - } -- *xoff = *yoff = 0; - } - - if (image) -- set_image_properties(image, pict, has_clip, xoff, yoff, is_alpha_map); -- -+ set_image_properties (image, pict, is_alpha_map); - return image; - } - - pixman_image_t * --image_from_pict(PicturePtr pict, Bool has_clip, int *xoff, int *yoff) -+image_from_pict (PicturePtr pict, Bool has_clip) - { -- return image_from_pict_internal(pict, has_clip, xoff, yoff, FALSE); -+ return image_from_pict_internal (pict, has_clip, FALSE); - } - - void -diff --git a/fb/fbtrap.c b/fb/fbtrap.c -index bf82f8f..0145ce9 100644 ---- a/fb/fbtrap.c -+++ b/fb/fbtrap.c -@@ -36,13 +36,12 @@ fbAddTraps(PicturePtr pPicture, - INT16 x_off, INT16 y_off, int ntrap, xTrap * traps) - { - pixman_image_t *image; -- int dst_xoff, dst_yoff; - -- if (!(image = image_from_pict(pPicture, FALSE, &dst_xoff, &dst_yoff))) -- return; -- -- pixman_add_traps(image, x_off + dst_xoff, y_off + dst_yoff, -- ntrap, (pixman_trap_t *) traps); -+ if (!(image = image_from_pict (pPicture, FALSE))) -+ return; -+ -+ pixman_add_traps(image, x_off, y_off, -+ ntrap, (pixman_trap_t *)traps); - - free_pixman_pict(pPicture, image); - } -@@ -52,13 +51,12 @@ fbRasterizeTrapezoid(PicturePtr pPicture, - xTrapezoid * trap, int x_off, int y_off) - { - pixman_image_t *image; -- int dst_xoff, dst_yoff; - -- if (!(image = image_from_pict(pPicture, FALSE, &dst_xoff, &dst_yoff))) -+ if (!(image = image_from_pict (pPicture, FALSE))) - return; - -- pixman_rasterize_trapezoid(image, (pixman_trapezoid_t *) trap, -- x_off + dst_xoff, y_off + dst_yoff); -+ pixman_rasterize_trapezoid(image, (pixman_trapezoid_t *)trap, -+ x_off, y_off); - - free_pixman_pict(pPicture, image); - } -@@ -68,14 +66,12 @@ fbAddTriangles(PicturePtr pPicture, - INT16 x_off, INT16 y_off, int ntri, xTriangle * tris) - { - pixman_image_t *image; -- int dst_xoff, dst_yoff; - -- if (!(image = image_from_pict(pPicture, FALSE, &dst_xoff, &dst_yoff))) -+ if (!(image = image_from_pict (pPicture, FALSE))) - return; -- -- pixman_add_triangles(image, -- dst_xoff + x_off, dst_yoff + y_off, -- ntri, (pixman_triangle_t *) tris); -+ -+ pixman_add_triangles(image, x_off, y_off, ntri, -+ (pixman_triangle_t *)tris); - - free_pixman_pict(pPicture, image); - } -@@ -98,13 +94,11 @@ fbShapes(CompositeShapesFunc composite, - int16_t ySrc, int nshapes, int shape_size, const uint8_t * shapes) - { - pixman_image_t *src, *dst; -- int src_xoff, src_yoff; -- int dst_xoff, dst_yoff; - - miCompositeSourceValidate(pSrc); - -- src = image_from_pict(pSrc, FALSE, &src_xoff, &src_yoff); -- dst = image_from_pict(pDst, TRUE, &dst_xoff, &dst_yoff); -+ src = image_from_pict(pSrc, FALSE); -+ dst = image_from_pict(pDst, TRUE); - - if (src && dst) { - pixman_format_code_t format; -@@ -121,9 +115,8 @@ fbShapes(CompositeShapesFunc composite, - - for (i = 0; i < nshapes; ++i) { - composite(op, src, dst, format, -- xSrc + src_xoff, -- ySrc + src_yoff, -- dst_xoff, dst_yoff, 1, shapes + i * shape_size); -+ xSrc, ySrc, 0, 0, -+ 1, shapes + i * shape_size); - } - } - else { -@@ -143,8 +136,8 @@ fbShapes(CompositeShapesFunc composite, - } - - composite(op, src, dst, format, -- xSrc + src_xoff, -- ySrc + src_yoff, dst_xoff, dst_yoff, nshapes, shapes); -+ xSrc, ySrc, 0, 0, -+ nshapes, shapes); - } - - DamageRegionProcessPending(pDst->pDrawable); --- -2.3.2 (Apple Git-55) - diff --git a/pkgs/servers/x11/xorg/darwin/function-pointer-test.patch b/pkgs/servers/x11/xorg/darwin/function-pointer-test.patch deleted file mode 100644 index e521a12ba800..000000000000 --- a/pkgs/servers/x11/xorg/darwin/function-pointer-test.patch +++ /dev/null @@ -1,46 +0,0 @@ -These are functions, not function pointers, so they always evaluate to true. - -diff --git a/hw/xquartz/X11Controller.m b/hw/xquartz/X11Controller.m -index 5445c6f..8574bf1 100644 ---- a/hw/xquartz/X11Controller.m -+++ b/hw/xquartz/X11Controller.m -@@ -364,7 +364,6 @@ extern char *bundle_id_prefix; - } - - #if MAC_OS_X_VERSION_MAX_ALLOWED >= 1080 -- if (asl_log_descriptor) { - char *asl_sender; - aslmsg amsg = asl_new(ASL_TYPE_MSG); - assert(amsg); -@@ -394,7 +393,6 @@ extern char *bundle_id_prefix; - asl_log_descriptor(aslc, amsg, ASL_LEVEL_NOTICE, stderr_pipe[0], ASL_LOG_DESCRIPTOR_READ); - - asl_free(amsg); -- } - #endif - - /* Do the fork-twice trick to avoid having to reap zombies */ -@@ -414,11 +412,9 @@ extern char *bundle_id_prefix; - - case 0: /* child2 */ - #if MAC_OS_X_VERSION_MAX_ALLOWED >= 1080 -- if (asl_log_descriptor) { - /* Replace our stdout/stderr */ - dup2(stdout_pipe[1], STDOUT_FILENO); - dup2(stderr_pipe[1], STDERR_FILENO); -- } - #endif - - /* close all open files except for standard streams */ -@@ -443,11 +439,9 @@ extern char *bundle_id_prefix; - } - - #if MAC_OS_X_VERSION_MAX_ALLOWED >= 1080 -- if (asl_log_descriptor) { - /* Close the write ends of the pipe */ - close(stdout_pipe[1]); - close(stderr_pipe[1]); -- } - #endif - } - diff --git a/pkgs/tools/filesystems/ceph/0001-Cleanup-boost-optionals.patch b/pkgs/tools/filesystems/ceph/0001-Cleanup-boost-optionals.patch deleted file mode 100644 index a99e16ddc266..000000000000 --- a/pkgs/tools/filesystems/ceph/0001-Cleanup-boost-optionals.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 2507ab33236f0da12899fbcdd36535f7c7b68a06 Mon Sep 17 00:00:00 2001 -From: "William A. Kennington III" -Date: Sat, 20 Sep 2014 22:52:31 -0700 -Subject: [PATCH] Cleanup boost optionals - ---- - src/osd/ECBackend.cc | 2 +- - src/osd/ReplicatedPG.cc | 5 ++++- - 2 files changed, 5 insertions(+), 2 deletions(-) - -diff --git a/src/osd/ECBackend.cc b/src/osd/ECBackend.cc -index a87b5b4..c386900 100644 ---- a/src/osd/ECBackend.cc -+++ b/src/osd/ECBackend.cc -@@ -81,7 +81,7 @@ ostream &operator<<(ostream &lhs, const ECBackend::read_result_t &rhs) - lhs << "read_result_t(r=" << rhs.r - << ", errors=" << rhs.errors; - if (rhs.attrs) { -- lhs << ", attrs=" << rhs.attrs; -+ lhs << ", attrs=" << rhs.attrs.get(); - } else { - lhs << ", noattrs"; - } -diff --git a/src/osd/ReplicatedPG.cc b/src/osd/ReplicatedPG.cc -index 5e5510d..79e8616 100644 ---- a/src/osd/ReplicatedPG.cc -+++ b/src/osd/ReplicatedPG.cc -@@ -5259,7 +5259,10 @@ void ReplicatedPG::do_osd_op_effects(OpContext *ctx) - for (list::iterator p = ctx->notify_acks.begin(); - p != ctx->notify_acks.end(); - ++p) { -- dout(10) << "notify_ack " << make_pair(p->watch_cookie, p->notify_id) << dendl; -+ if (p->watch_cookie) -+ dout(10) << "notify_ack " << make_pair(p->watch_cookie.get(), p->notify_id) << dendl; -+ else -+ dout(10) << "notify_ack " << make_pair("NULL", p->notify_id) << dendl; - for (map, WatchRef>::iterator i = - ctx->obc->watchers.begin(); - i != ctx->obc->watchers.end(); --- -2.1.0 - diff --git a/pkgs/tools/filesystems/ceph/boost-158.patch b/pkgs/tools/filesystems/ceph/boost-158.patch deleted file mode 100644 index 11a1d55c4948..000000000000 --- a/pkgs/tools/filesystems/ceph/boost-158.patch +++ /dev/null @@ -1,27 +0,0 @@ -From e7b196a4a091c0ea258866559ba06e7ed0cc4247 Mon Sep 17 00:00:00 2001 -From: Kefu Chai -Date: Fri, 8 May 2015 15:21:20 +0800 -Subject: [PATCH] mon: remove unused variable - -* as a side effect, this change silences - http://tracker.ceph.com/issues/11576 - -Fixes: #11576 -Signed-off-by: Kefu Chai ---- - src/mon/OSDMonitor.cc | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/src/mon/OSDMonitor.cc b/src/mon/OSDMonitor.cc -index 73dcd5f..7caaa45 100644 ---- a/src/mon/OSDMonitor.cc -+++ b/src/mon/OSDMonitor.cc -@@ -3174,8 +3174,6 @@ bool OSDMonitor::preprocess_command(MMonCommand *m) - } else if (prefix == "osd crush get-tunable") { - string tunable; - cmd_getval(g_ceph_context, cmdmap, "tunable", tunable); -- int value; -- cmd_getval(g_ceph_context, cmdmap, "value", value); - ostringstream rss; - if (f) - f->open_object_section("tunable"); diff --git a/pkgs/tools/filesystems/ceph/fix-pgrefdebugging.patch b/pkgs/tools/filesystems/ceph/fix-pgrefdebugging.patch deleted file mode 100644 index 4d13a0572d87..000000000000 --- a/pkgs/tools/filesystems/ceph/fix-pgrefdebugging.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index 38ab682..febb58e 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -541,8 +541,10 @@ fi - #set pg ref debugging? - AC_ARG_ENABLE([pgrefdebugging], - [AS_HELP_STRING([--enable-pgrefdebugging], [enable pg ref debugging])], -- [AC_DEFINE([PG_DEBUG_REFS], [1], [Defined if you want pg ref debugging])], -- []) -+ [], [enable_pgrefdebugging=no]) -+AS_IF([test "x$enable_pgrefdebugging" = "xyes"], -+ [AC_DEFINE([PG_DEBUG_REFS], [1], [Defined if you want pg ref debugging])], -+ []) - - # - # Java is painful diff --git a/pkgs/tools/misc/debootstrap/subst.patch b/pkgs/tools/misc/debootstrap/subst.patch deleted file mode 100644 index 6ead80d6a79f..000000000000 --- a/pkgs/tools/misc/debootstrap/subst.patch +++ /dev/null @@ -1,190 +0,0 @@ -diff --git a/usr/sbin/debootstrap b/usr/sbin/debootstrap -index a0dacf3..6331b3d 100755 ---- a/usr/sbin/debootstrap -+++ b/usr/sbin/debootstrap -@@ -14,7 +14,7 @@ if [ "$DEBOOTSTRAP_DIR" = "" ]; then - fi - fi - --if [ -x "/usr/bin/gettext" ]; then -+if [ -x "@gettext@" ]; then - USE_GETTEXT_INTERACTION=yes - fi - -@@ -334,12 +334,12 @@ fi - - if [ "$ARCH" != "" ]; then - true --elif [ -x /usr/bin/dpkg ] && \ -- /usr/bin/dpkg --print-installation-architecture >/dev/null 2>&1; then -- ARCH=`/usr/bin/dpkg --print-installation-architecture` -+elif [ -x @dpkg@ ] && \ -+ @dpkg@ --print-installation-architecture >/dev/null 2>&1; then -+ ARCH=`@dpkg@ --print-installation-architecture` - elif type udpkg >/dev/null 2>&1 && \ - udpkg --print-architecture >/dev/null 2>&1; then -- ARCH=`/usr/bin/udpkg --print-architecture` -+ ARCH=`@udpkg@ --print-architecture` - elif [ -e $DEBOOTSTRAP_DIR/arch ]; then - ARCH=`cat $DEBOOTSTRAP_DIR/arch` - else -@@ -349,7 +349,7 @@ fi - export ARCH SUITE TARGET - - if am_doing_phase first_stage second_stage; then -- if [ -x /usr/bin/id ] && [ `id -u` -ne 0 ]; then -+ if [ -x @id@ ] && [ `id -u` -ne 0 ]; then - error 1 NEEDROOT "debootstrap can only run as root" - fi - # Ensure that we can create working devices and executables on the target. -diff --git a/usr/share/debootstrap/functions b/usr/share/debootstrap/functions -index b9180ba..33feac3 100755 ---- a/usr/share/debootstrap/functions -+++ b/usr/share/debootstrap/functions -@@ -914,7 +914,7 @@ setup_dselect_method () { - # For the debootstrap udeb, pkgdetails is provided by the bootstrap-base - # udeb, so the pkgdetails API needs to be kept in sync with that. - --if [ -x /usr/bin/perl ]; then -+if [ -x @perl@ ]; then - PKGDETAILS=pkgdetails_perl - - pkgdetails_field () { -@@ -1264,7 +1264,7 @@ close LD_SO_CONF; - - unshift @ld_library_path, split(/:/, $ENV{LD_LIBRARY_PATH}); - --$unamearch = `/bin/uname -m`; -+$unamearch = `@uname -m`; - chomp $unamearch; - - foreach my $file (@ARGV) { - - -diff --git a/usr/share/debootstrap/functions b/usr/share/debootstrap/functions -index 730df3a..197b2fb 100755 ---- a/usr/share/debootstrap/functions -+++ b/usr/share/debootstrap/functions -@@ -18,7 +18,7 @@ error () { - for x in "$@"; do echo "EA: $x"; done - echo "EF: $fmt") >&4 - elif [ "$USE_GETTEXT_INTERACTION" ]; then -- (printf "E: `LANG=$GETTEXT_LANG gettext debootstrap "$fmt"`\n" "$@") >&4 -+ (printf "E: `LANG=$GETTEXT_LANG @gettext@ debootstrap "$fmt"`\n" "$@") >&4 - else - (printf "E: $fmt\n" "$@") >&4 - fi -@@ -35,7 +35,7 @@ warning () { - for x in "$@"; do echo "WA: $x"; done - echo "WF: $fmt") >&4 - elif [ "$USE_GETTEXT_INTERACTION" ]; then -- printf "W: `LANG=$GETTEXT_LANG gettext debootstrap "$fmt"`\n" "$@" >&4 -+ printf "W: `LANG=$GETTEXT_LANG @gettext@ debootstrap "$fmt"`\n" "$@" >&4 - else - printf "W: $fmt\n" "$@" >&4 - fi -@@ -51,7 +51,7 @@ info () { - for x in "$@"; do echo "IA: $x"; done - echo "IF: $fmt") >&4 - elif [ "$USE_GETTEXT_INTERACTION" ]; then -- printf "I: `LANG=$GETTEXT_LANG gettext debootstrap "$fmt"`\n" "$@" >&4 -+ printf "I: `LANG=$GETTEXT_LANG @gettext@ debootstrap "$fmt"`\n" "$@" >&4 - else - printf "I: $fmt\n" "$@" >&4 - fi - - -diff --git a/usr/share/debootstrap/functions b/usr/share/debootstrap/functions -index 98d2056..c1d7430 100755 ---- a/usr/share/debootstrap/functions -+++ b/usr/share/debootstrap/functions -@@ -501,9 +501,9 @@ download_release_indices () { - local md= - if [ "$normmd" != "" ]; then - md="$normmd" -- elif [ -x /bin/bunzip2 ] && [ "$bz2md" != "" ]; then -+ elif [ -x @bunzip2@ ] && [ "$bz2md" != "" ]; then - md="$bz2md" -- elif [ -x /bin/gunzip ] && [ "$gzmd" != "" ]; then -+ elif [ -x @gunzip@ ] && [ "$gzmd" != "" ]; then - md="$gzmd" - fi - if [ "$md" != "" ]; then -@@ -529,11 +529,11 @@ download_release_indices () { - ext="$ext $normmd ." - md="$normmd" - fi -- if [ -x /bin/bunzip2 ] && [ "$bz2md" != "" ]; then -+ if [ -x @bunzip2@ ] && [ "$bz2md" != "" ]; then - ext="$ext $bz2md bz2" - md="${md:-$bz2md}" - fi -- if [ -x /bin/gunzip ] && [ "$gzmd" != "" ]; then -+ if [ -x @gunzip@ ] && [ "$gzmd" != "" ]; then - ext="$ext $gzmd gz" - md="${md:-$gzmd}" - fi -@@ -663,7 +663,7 @@ download_main_indices () { - for c in $COMPONENTS; do - local path="dists/$SUITE/$c/binary-$ARCH/Packages" - local pkgdest="$TARGET/$($DLDEST pkg "$SUITE" "$c" "$ARCH" "$m" "$path")" -- if [ -x /bin/gunzip ] && get "$m/${path}.gz" "${pkgdest}.gz"; then -+ if [ -x @gunzip@ ] && get "$m/${path}.gz" "${pkgdest}.gz"; then - rm -f "$pkgdest" - gunzip "$pkgdest.gz" - elif get "$m/$path" "$pkgdest"; then - - -diff --git a/usr/share/debootstrap/functions b/usr/share/debootstrap/functions -index 15051e8..a5de422 100755 ---- a/usr/share/debootstrap/functions -+++ b/usr/share/debootstrap/functions -@@ -70,13 +70,13 @@ wgetprogress () { - [ ! "$verbose" ] && QSWITCH="-q" - local ret=0 - if [ "$USE_DEBIANINSTALLER_INTERACTION" ] && [ "$PROGRESS_NEXT" ]; then -- wget "$@" 2>&1 >/dev/null | $PKGDETAILS "WGET%" $PROGRESS_NOW $PROGRESS_NEXT $PROGRESS_END >&3 -+ @wget@ "$@" 2>&1 >/dev/null | $PKGDETAILS "WGET%" $PROGRESS_NOW $PROGRESS_NEXT $PROGRESS_END >&3 - ret=$? - elif [ "$USE_BOOTFLOPPIES_INTERACTION" ] && [ "$PROGRESS_NEXT" ]; then -- wget "$@" 2>&1 >/dev/null | $PKGDETAILS "WGET%" $PROGRESS_NOW $PROGRESS_NEXT $PROGRESS_END "$PROGRESS_WHAT" >&3 -+ @wget@ "$@" 2>&1 >/dev/null | $PKGDETAILS "WGET%" $PROGRESS_NOW $PROGRESS_NEXT $PROGRESS_END "$PROGRESS_WHAT" >&3 - ret=$? - else -- wget $QSWITCH "$@" -+ @wget@ $QSWITCH "$@" - ret=$? - fi - return $ret - -diff --git a/usr/share/debootstrap/functions b/usr/share/debootstrap/functions -index 8d60d8e..e238644 100755 ---- a/usr/share/debootstrap/functions -+++ b/usr/share/debootstrap/functions -@@ -921,7 +921,7 @@ if [ -x ]; then - - pkgdetails_field () { - # uniq field mirror Packages values... -- perl -le ' -+ @perl@ -le ' - $unique = shift @ARGV; $field = lc(shift @ARGV); $mirror = shift @ARGV; - $cnt = length(@ARGV); - %fields = map { $_, 0 } @ARGV; -@@ -959,7 +959,7 @@ for $v (keys %fields) { - pkgdetails_perl () { - if [ "$1" = "WGET%" ]; then - shift; -- perl -e ' -+ @perl@ -e ' - $v = 0; - while (read STDIN, $x, 1) { - if ($x =~ m/\d/) { -@@ -974,7 +974,7 @@ while (read STDIN, $x, 1) { - }' "$@" - elif [ "$1" = "GETDEPS" ]; then - local pkgdest="$2"; shift; shift -- perl -e ' -+ @perl@ -e ' - while () { - chomp; - $in = 1 if (/^Package: (.*)$/ && grep {$_ eq $1} @ARGV); diff --git a/pkgs/tools/networking/isync/isync-recursice-imap.patch b/pkgs/tools/networking/isync/isync-recursice-imap.patch deleted file mode 100644 index db12069950fd..000000000000 --- a/pkgs/tools/networking/isync/isync-recursice-imap.patch +++ /dev/null @@ -1,114 +0,0 @@ -diff -rupN ../isync-1.0.4_original/./src/drv_imap.c ./src/drv_imap.c ---- ../isync-1.0.4_original/./src/drv_imap.c 2007-09-22 01:44:12.000000000 -0700 -+++ ./src/drv_imap.c 2009-04-22 15:28:58.000000000 -0700 -@@ -1678,7 +1678,7 @@ imap_list( store_t *gctx, string_list_t - int ret; - - imap->boxes = 0; -- if ((ret = imap_exec_b( ctx, 0, "LIST \"\" \"%s%%\"", ctx->prefix )) != DRV_OK) -+ if ((ret = imap_exec_b( ctx, 0, "LIST \"\" \"%s*\"", ctx->prefix )) != DRV_OK) - return ret; - *retb = imap->boxes; - return DRV_OK; -diff -rupN ../isync-1.0.4_original/./src/drv_maildir.c ./src/drv_maildir.c ---- ../isync-1.0.4_original/./src/drv_maildir.c 2008-02-23 01:02:21.000000000 -0800 -+++ ./src/drv_maildir.c 2009-04-22 15:34:05.000000000 -0700 -@@ -24,6 +24,7 @@ - - #include "isync.h" - -+#include - #include - #include - #include -@@ -46,6 +47,56 @@ - #include - #endif /* USE_DB */ - -+static void encode_maildir_box(const char* in, char* out, size_t size) -+{ -+ const char* p; -+ char c; -+ size_t out_chars; -+ -+ for (p = in, out_chars = 0; (c = *p); ++p, ++out, ++out_chars) { -+ assert(out_chars < size); -+ if (c == '/') { -+ assert(out_chars < size - 1); -+ *(out++) = '~'; -+ *out = '-'; -+ ++out_chars; -+ } -+ else if (c == '~') { -+ assert(out_chars < size - 1); -+ *(out++) = '~'; -+ *out = '~'; -+ ++out_chars; -+ } -+ else { -+ *out = c; -+ } -+ } -+ assert(out_chars < size); -+ *out = 0; -+} -+ -+static void decode_maildir_box(const char* in, char* out, size_t size) -+{ -+ const char* p; -+ char c; -+ size_t out_chars; -+ -+ for (p = in, out_chars = 0; (c = *p); ++p, ++out, ++out_chars) { -+ assert(out_chars < size); -+ if (c == '~') { -+ assert(out_chars < size - 1); -+ c = *(++p); -+ *out = (c == '-' ? '/' : '~'); -+ ++out_chars; -+ } -+ else { -+ *out = c; -+ } -+ } -+ assert(out_chars < size); -+ *out = 0; -+} -+ - typedef struct maildir_store_conf { - store_conf_t gen; - char *inbox; -@@ -164,14 +215,17 @@ maildir_list( store_t *gctx, string_list - const char *inbox = ((maildir_store_conf_t *)gctx->conf)->inbox; - int bl; - struct stat st; -- char buf[PATH_MAX]; -+ char buf[PATH_MAX], box[PATH_MAX]; - - if (*de->d_name == '.') - continue; - bl = nfsnprintf( buf, sizeof(buf), "%s%s/cur", gctx->conf->path, de->d_name ); - if (stat( buf, &st ) || !S_ISDIR(st.st_mode)) - continue; -- add_string_list( retb, !memcmp( buf, inbox, bl - 4 ) && !inbox[bl - 4] ? "INBOX" : de->d_name ); -+ -+ decode_maildir_box(de->d_name, box, PATH_MAX); -+ add_string_list( retb, -+ !memcmp( buf, inbox, bl - 4 ) && !inbox[bl - 4] ? "INBOX" : box ); - } - closedir (dir); - -@@ -717,8 +771,11 @@ maildir_prepare( store_t *gctx, int opts - #endif /* USE_DB */ - if (!strcmp( gctx->name, "INBOX" )) - gctx->path = nfstrdup( ((maildir_store_conf_t *)gctx->conf)->inbox ); -- else -- nfasprintf( &gctx->path, "%s%s", gctx->conf->path, gctx->name ); -+ else { -+ char box[_POSIX_PATH_MAX]; -+ encode_maildir_box(gctx->name, box, _POSIX_PATH_MAX); -+ nfasprintf( &gctx->path, "%s%s", gctx->conf->path, box ); -+ } - if (opts & OPEN_SETFLAGS) - opts |= OPEN_OLD; - if (opts & OPEN_EXPUNGE) diff --git a/pkgs/tools/networking/mtr/edd425.patch b/pkgs/tools/networking/mtr/edd425.patch deleted file mode 100644 index b950cacd2e57..000000000000 --- a/pkgs/tools/networking/mtr/edd425.patch +++ /dev/null @@ -1,218 +0,0 @@ -diff --git a/asn.c b/asn.c -index eac8d5e..33622ca 100644 ---- a/asn.c -+++ b/asn.c -@@ -16,6 +16,8 @@ - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -+#include "config.h" -+ - #include - #include - #include -@@ -35,7 +37,6 @@ - #include - #include - --#include "config.h" - #include "mtr.h" - #include "asn.h" - -diff --git a/curses.c b/curses.c -index eacc40d..b96daee 100644 ---- a/curses.c -+++ b/curses.c -@@ -16,7 +16,8 @@ - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - --#include -+#include "config.h" -+ - #include - #include - -diff --git a/display.c b/display.c -index aa369ee..3545467 100644 ---- a/display.c -+++ b/display.c -@@ -16,7 +16,8 @@ - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - --#include -+#include "config.h" -+ - #include - #include - #include -diff --git a/dns.c b/dns.c -index e89fd4b..4076b71 100644 ---- a/dns.c -+++ b/dns.c -@@ -22,7 +22,8 @@ - Released under GPL, as above. - */ - --#include -+#include "config.h" -+ - #include - #include - #include -diff --git a/getopt.c b/getopt.c -index 3d43e26..e2f8758 100644 ---- a/getopt.c -+++ b/getopt.c -@@ -27,7 +27,7 @@ - #endif - - #ifdef HAVE_CONFIG_H --#include -+#include "config.h" - #endif - - #if !defined (__STDC__) || !__STDC__ -diff --git a/getopt1.c b/getopt1.c -index bccf8b2..0a2d405 100644 ---- a/getopt1.c -+++ b/getopt1.c -@@ -16,7 +16,7 @@ - Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. */ - - #ifdef HAVE_CONFIG_H --#include -+#include "config.h" - #endif - - #include "getopt.h" -diff --git a/gtk.c b/gtk.c -index 38ed507..7faa132 100644 ---- a/gtk.c -+++ b/gtk.c -@@ -17,7 +17,7 @@ - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - --#include -+#include "config.h" - - #include - #include -diff --git a/mtr.c b/mtr.c -index 50eb464..416b744 100644 ---- a/mtr.c -+++ b/mtr.c -@@ -16,19 +16,21 @@ - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -+#include "config.h" -+ - #include --#include --#include - #include - #include - #include --#include --#include - #include --#include --#include - #include - #include -+#include -+ -+#include -+#include -+#include -+#include - #include - #include - #include -diff --git a/net.c b/net.c -index 1c8d28f..d648804 100644 ---- a/net.c -+++ b/net.c -@@ -16,7 +16,7 @@ - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - --#include -+#include "config.h" - - #if defined(HAVE_SYS_XTI_H) - #include -@@ -1562,4 +1562,4 @@ void net_harvest_fds(void) - net_add_fds(&writefd, &maxfd); - select(maxfd, NULL, &writefd, NULL, &tv); - net_process_fds(&writefd); --} -\ No newline at end of file -+} -diff --git a/raw.c b/raw.c -index 8b0df47..0e1f4f4 100644 ---- a/raw.c -+++ b/raw.c -@@ -18,7 +18,8 @@ - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - --#include -+#include "config.h" -+ - #include - #include - #include -@@ -27,7 +28,6 @@ - #include - #include - -- - #include "mtr.h" - #include "raw.h" - #include "net.h" -diff --git a/report.c b/report.c -index 71040e4..39b2fb2 100644 ---- a/report.c -+++ b/report.c -@@ -16,7 +16,8 @@ - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - --#include -+#include "config.h" -+ - #include - #include - #include -diff --git a/select.c b/select.c -index 31bfd5f..7553675 100644 ---- a/select.c -+++ b/select.c -@@ -16,7 +16,8 @@ - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - --#include -+#include "config.h" -+ - #include - #include - #include -diff --git a/split.c b/split.c -index 642353e..5ead235 100644 ---- a/split.c -+++ b/split.c -@@ -20,7 +20,8 @@ - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - --#include -+#include "config.h" -+ - #include - #include - #include diff --git a/pkgs/tools/networking/ntp/no-openssl.patch b/pkgs/tools/networking/ntp/no-openssl.patch deleted file mode 100644 index 3a7784016ffa..000000000000 --- a/pkgs/tools/networking/ntp/no-openssl.patch +++ /dev/null @@ -1,161 +0,0 @@ -Fix ntp-keygen build without OpenSSL - -http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=5497b345z5MNTuNvJWuqPSje25NQTg - -Index: ntp-4.2.8/Makefile.am -=================================================================== ---- ntp-4.2.8.orig/Makefile.am -+++ ntp-4.2.8/Makefile.am -@@ -2,7 +2,10 @@ ACLOCAL_AMFLAGS = -I sntp/m4 -I sntp/lib - - NULL = - -+# moved sntp first to get libtool and libevent built. -+ - SUBDIRS = \ -+ sntp \ - scripts \ - include \ - libntp \ -@@ -17,7 +20,6 @@ SUBDIRS = \ - clockstuff \ - kernel \ - util \ -- sntp \ - tests \ - $(NULL) - -@@ -64,7 +66,6 @@ BUILT_SOURCES = \ - .gcc-warning \ - libtool \ - html/.datecheck \ -- sntp/built-sources-only \ - $(srcdir)/COPYRIGHT \ - $(srcdir)/.checkChangeLog \ - $(NULL) -Index: ntp-4.2.8/configure.ac -=================================================================== ---- ntp-4.2.8.orig/configure.ac -+++ ntp-4.2.8/configure.ac -@@ -102,7 +102,7 @@ esac - enable_nls=no - LIBOPTS_CHECK_NOBUILD([sntp/libopts]) - --NTP_ENABLE_LOCAL_LIBEVENT -+NTP_LIBEVENT_CHECK_NOBUILD([2], [sntp/libevent]) - - NTP_LIBNTP - -@@ -771,6 +771,10 @@ esac - - #### - -+AC_CHECK_FUNCS([arc4random_buf]) -+ -+#### -+ - saved_LIBS="$LIBS" - LIBS="$LIBS $LDADD_LIBNTP" - AC_CHECK_FUNCS([daemon]) -Index: ntp-4.2.8/libntp/ntp_crypto_rnd.c -=================================================================== ---- ntp-4.2.8.orig/libntp/ntp_crypto_rnd.c -+++ ntp-4.2.8/libntp/ntp_crypto_rnd.c -@@ -24,6 +24,21 @@ - int crypto_rand_init = 0; - #endif - -+#ifndef HAVE_ARC4RANDOM_BUF -+static void -+arc4random_buf(void *buf, size_t nbytes); -+ -+void -+evutil_secure_rng_get_bytes(void *buf, size_t nbytes); -+ -+static void -+arc4random_buf(void *buf, size_t nbytes) -+{ -+ evutil_secure_rng_get_bytes(buf, nbytes); -+ return; -+} -+#endif -+ - /* - * As of late 2014, here's how we plan to provide cryptographic-quality - * random numbers: -Index: ntp-4.2.8/sntp/configure.ac -=================================================================== ---- ntp-4.2.8.orig/sntp/configure.ac -+++ ntp-4.2.8/sntp/configure.ac -@@ -97,11 +97,14 @@ esac - enable_nls=no - LIBOPTS_CHECK - --AM_COND_IF( -- [BUILD_SNTP], -- [NTP_LIBEVENT_CHECK], -- [NTP_LIBEVENT_CHECK_NOBUILD] --) -+# From when we only used libevent for sntp: -+#AM_COND_IF( -+# [BUILD_SNTP], -+# [NTP_LIBEVENT_CHECK], -+# [NTP_LIBEVENT_CHECK_NOBUILD] -+#) -+ -+NTP_LIBEVENT_CHECK([2]) - - # Checks for libraries. - -Index: ntp-4.2.8/sntp/m4/ntp_libevent.m4 -=================================================================== ---- ntp-4.2.8.orig/sntp/m4/ntp_libevent.m4 -+++ ntp-4.2.8/sntp/m4/ntp_libevent.m4 -@@ -1,4 +1,25 @@ --dnl NTP_ENABLE_LOCAL_LIBEVENT -*- Autoconf -*- -+# SYNOPSIS -*- Autoconf -*- -+# -+# NTP_ENABLE_LOCAL_LIBEVENT -+# NTP_LIBEVENT_CHECK([MINVERSION [, DIR]]) -+# NTP_LIBEVENT_CHECK_NOBUILD([MINVERSION [, DIR]]) -+# -+# DESCRIPTION -+# -+# AUTHOR -+# -+# Harlan Stenn -+# -+# LICENSE -+# -+# This file is Copyright (c) 2014 Network Time Foundation -+# -+# Copying and distribution of this file, with or without modification, are -+# permitted in any medium without royalty provided the copyright notice, -+# author attribution and this notice are preserved. This file is offered -+# as-is, without any warranty. -+ -+dnl NTP_ENABLE_LOCAL_LIBEVENT - dnl - dnl Provide only the --enable-local-libevent command-line option. - dnl -@@ -29,7 +50,7 @@ dnl If NOBUILD is provided as the 3rd ar - dnl but DO NOT invoke DIR/configure if we are going to use our bundled - dnl version. This may be the case for nested packages. - dnl --dnl provide --enable-local-libevent . -+dnl provides --enable-local-libevent . - dnl - dnl Examples: - dnl -Index: ntp-4.2.8/util/Makefile.am -=================================================================== ---- ntp-4.2.8.orig/util/Makefile.am -+++ ntp-4.2.8/util/Makefile.am -@@ -19,6 +19,7 @@ AM_LDFLAGS = $(LDFLAGS_NTP) - LDADD= ../libntp/libntp.a $(LDADD_LIBNTP) $(LIBM) $(PTHREAD_LIBS) - tg2_LDADD= ../libntp/libntp.a $(LDADD_LIBNTP) $(LIBM) - ntp_keygen_LDADD = version.o $(LIBOPTS_LDADD) ../libntp/libntp.a -+ntp_keygen_LDADD += $(LDADD_LIBEVENT) - ntp_keygen_LDADD += $(LDADD_LIBNTP) $(PTHREAD_LIBS) $(LDADD_NTP) $(LIBM) - ntp_keygen_SOURCES = ntp-keygen.c ntp-keygen-opts.c ntp-keygen-opts.h -