b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Remove no longer (or never) referenced patches

Browse source 
55 files changed, 6041 deletions. Tested with `nix-build -A tarball`.
This commit is contained in:
Tobias Geerinckx-Rice 2016-01-24 02:02:21 +01:00
parent 5fa5eae086
commit 32d40f0f98
55 changed files with 0 additions and 6041 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
pkgs/applications/graphics/inkscape/configure-python-libs.patch
View file

@ -1,15 +0,0 @@
Work around Python misdetection and set `PYTHON_LIBS' to
"-L/nix/store/... -lpython2.4" instead of "/nix/store/.../libpython2.4.so".
Changed to 2.5.
--- inkscape-0.45.1/configure 2007-03-20 14:56:43.000000000 +0100
+++ inkscape-0.45.1/configure 2008-02-22 16:19:10.000000000 +0100
@@ -10202,7 +10202,7 @@ if test "x$with_python" = "xyes"; then
if test "$?" -gt "0"; then
with_python="no"
else
- checkPYTHON_LIBS=`python -c "import distutils.sysconfig ; print '%s/%s %s' % (distutils.sysconfig.get_config_var('LIBPL'),distutils.sysconfig.get_config_var('LDLIBRARY'),distutils.sysconfig.get_config_var('LIBS'))" 2>/dev/null`
+ checkPYTHON_LIBS=`python -c "import distutils.sysconfig ; print '-L%s -lpython2.5 %s' % (distutils.sysconfig.get_config_var('LIBDIR'),distutils.sysconfig.get_config_var('LIBS'))" 2>/dev/null`
if test "$?" -gt "0"; then
with_python="no"
else

12
pkgs/applications/kde-apps-15.12/kdelibs/polkit-install.patch
View file

@ -1,12 +0,0 @@
diff -ru -x '*~' kdelibs-4.6.90-orig/kdecore/auth/ConfigureChecks.cmake kdelibs-4.6.90/kdecore/auth/ConfigureChecks.cmake
--- kdelibs-4.6.90-orig/kdecore/auth/ConfigureChecks.cmake 2011-05-20 22:24:54.000000000 +0200
+++ kdelibs-4.6.90/kdecore/auth/ConfigureChecks.cmake 2011-07-12 14:03:00.000000000 +0200
@@ -139,7 +139,7 @@
${CMAKE_INSTALL_PREFIX} _KDE4_AUTH_POLICY_FILES_INSTALL_DIR
${POLKITQT-1_POLICY_FILES_INSTALL_DIR})
- set(KDE4_AUTH_POLICY_FILES_INSTALL_DIR ${_KDE4_AUTH_POLICY_FILES_INSTALL_DIR} CACHE STRING
+ set(KDE4_AUTH_POLICY_FILES_INSTALL_DIR "\${CMAKE_INSTALL_PREFIX}/share/polkit-1/actions" CACHE STRING
"Where policy files generated by KAuth will be installed" FORCE)
elseif(KDE4_AUTH_BACKEND_NAME STREQUAL "FAKE")
set (KAUTH_COMPILING_FAKE_BACKEND TRUE)

59
pkgs/applications/misc/slic3r/fix-no-display.patch
View file

@ -1,59 +0,0 @@
diff --git a/Build.PL b/Build.PL
index 8b21c15..fd3aff0 100644
--- a/Build.PL
+++ b/Build.PL
@@ -33,9 +33,6 @@ my $sudo = grep { $_ eq '--sudo' } @ARGV;
my $gui = grep { $_ eq '--gui' } @ARGV;
my $xs_only = grep { $_ eq '--xs' } @ARGV;
if ($gui) {
- %prereqs = qw(
- Wx 0.9918
- );
%recommends = qw(
Growl::GNTP 0.15
Wx::GLCanvas 0
diff --git a/lib/Slic3r/GUI.pm b/lib/Slic3r/GUI.pm
index 842ff44..ea0af64 100644
--- a/lib/Slic3r/GUI.pm
+++ b/lib/Slic3r/GUI.pm
@@ -26,7 +26,7 @@ use Slic3r::GUI::OptionsGroup::Field;
use Slic3r::GUI::SimpleTab;
use Slic3r::GUI::Tab;
-our $have_OpenGL = eval "use Slic3r::GUI::PreviewCanvas; 1";
+our $have_OpenGL = 0;
use Wx 0.9901 qw(:bitmap :dialog :icon :id :misc :systemsettings :toplevelwindow
:filedialog);
diff --git a/lib/Slic3r/GUI/Plater/2DToolpaths.pm b/lib/Slic3r/GUI/Plater/2DToolpaths.pm
index 8e48a72..7bed973 100644
--- a/lib/Slic3r/GUI/Plater/2DToolpaths.pm
+++ b/lib/Slic3r/GUI/Plater/2DToolpaths.pm
@@ -90,18 +90,20 @@ sub set_z {
package Slic3r::GUI::Plater::2DToolpaths::Canvas;
use Wx::Event qw(EVT_PAINT EVT_SIZE EVT_ERASE_BACKGROUND EVT_IDLE EVT_MOUSEWHEEL EVT_MOUSE_EVENTS);
-use OpenGL qw(:glconstants :glfunctions :glufunctions);
-use base qw(Wx::GLCanvas Class::Accessor);
-use Wx::GLCanvas qw(:all);
use List::Util qw(min first);
use Slic3r::Geometry qw(scale unscale epsilon);
__PACKAGE__->mk_accessors(qw(print z layers color init dirty bb));
-# make OpenGL::Array thread-safe
-{
- no warnings 'redefine';
- *OpenGL::Array::CLONE_SKIP = sub { 1 };
+if ($Slic3r::GUI::have_OpenGL) {
+ use OpenGL qw(:glconstants :glfunctions :glufunctions);
+ use Wx::GLCanvas qw(:all);
+ use base qw(Wx::GLCanvas Class::Accessor);
+ # make OpenGL::Array thread-safe
+ {
+ no warnings 'redefine';
+ *OpenGL::Array::CLONE_SKIP = sub { 1 };
+ }
}
sub new {

12
pkgs/applications/networking/browsers/mozilla-plugins/fribid/emulated-version.patch
View file

@ -1,12 +0,0 @@
--- a/common/defines.h 2012-11-14 18:02:43.000000000 +0100
+++ b/common/defines.h 2013-09-20 19:17:45.669290630 +0200
@@ -39,7 +39,7 @@
#define RELEASE_TIME 1352912534
#define IPCVERSION "10"
-#define EMULATED_VERSION "4.15.0.14"
+#define EMULATED_VERSION "4.17.0.11" // Was 4.15.0.14
#define DNSVERSION "2"
#define STATUSDOMAIN ".status.fribid.se"

16
pkgs/applications/networking/browsers/mozilla-plugins/mplayerplug-in/icecat3-idldir.patch
View file

@ -1,16 +0,0 @@
We have to run `xpidl', but we need to provide it with the right IDL
directory. With GNU IceCat 3 (and possibly Firefox 3), this happens to be
"$(pkg-config --variable=idldir libxul)/stable".
--- mplayerplug-in-3.55/Makefile.in 2008-01-03 01:20:33.000000000 +0100
+++ mplayerplug-in-3.55/Makefile.in 2008-09-29 22:47:20.000000000 +0200
@@ -46,7 +46,7 @@ datadir=@datadir@
LOCALEDIR=$(datadir)/locale
MOZILLA_HOME=@MOZILLA_HOME@
GECKO_XPIDL=@GECKO_XPIDL@
-GECKO_IDLDIR=@GECKO_IDLDIR@
+GECKO_IDLDIR=@GECKO_IDLDIR@/stable
PIXMAPS=pixmaps/logo.xpm pixmaps/progress_left.xpm pixmaps/progress_right.xpm \
pixmaps/progress_fill.xpm pixmaps/progress_middle.xpm

25
pkgs/applications/networking/instant-messengers/freetalk/01_callbacks_const_fix.diff
View file

@ -1,25 +0,0 @@
Description: Patch to fix FTBFS due to a modified const in src/callbacks.cc
Forwarded: yes
Origin: Ubuntu,
https://bugs.launchpad.net/ubuntu/+source/freetalk/+bug/443241
Bug-Debian: http://bugs.debian.org/560535
Author: Jon Bernard <bernardj@gmail.com>
--- 3.2-1.orig/src/callbacks.cc 2008-11-15 10:41:22.000000000 +0000
+++ 3.2-1/src/callbacks.cc 2009-10-21 15:50:49.000000000 +0100
@@ -116,13 +116,13 @@ ft_msg_msg_handler (LmMessageHandler *ha
LmMessage *msg, gpointer user_data)
{
LmMessageNode *root, *body, *x;
- const char *from, *msg_str, *type;
- char *ts = NULL;
+ const char *msg_str, *type;
+ char *from, *ts = NULL;
root = lm_message_get_node (msg);
body = lm_message_node_get_child (root, "body");
- from = lm_message_node_get_attribute (msg->node, "from");
+ from = (char *) lm_message_node_get_attribute (msg->node, "from");
/* since the file-transfer happens in-band with messages, we can no longer
* ignore messages with no 'body' */

28
pkgs/applications/networking/instant-messengers/silc-client/server_setup.patch
View file

@ -1,28 +0,0 @@
Add function to replace the behaviour of server_setup_find_port which was removed from irssi on revision 5125. Fixes bug #577501.
--- a/apps/irssi/src/silc/core/client_ops.c
+++ b/apps/irssi/src/silc/core/client_ops.c
@@ -2790,6 +2790,15 @@
silc_free(a);
}
+/* helper function to emulate server_setup_find_port */
+static SERVER_SETUP_REC *silc_server_setup_find_port(const char *address,
+ int port) {
+ SERVER_SETUP_REC *rec;
+
+ rec = server_setup_find(address, port, NULL);
+ return (rec == NULL || rec->port != port) ? NULL : rec;
+}
+
/* Find authentication data by hostname and port. The hostname may be IP
address as well.*/
@@ -2811,7 +2820,7 @@
/* Check whether we find the password for this server in our
configuration. If it's set, always send it server. */
- setup = server_setup_find_port(hostname, port);
+ setup = silc_server_setup_find_port(hostname, port);
if (setup && setup->password) {
completion(SILC_AUTH_PASSWORD, setup->password, strlen(setup->password),
context);

18
pkgs/applications/networking/sync/lsyncd/configure-a2x-fix.patch
View file

@ -1,18 +0,0 @@
diff -aur lsyncd-release-2.1.5.orig/configure.ac lsyncd-release-2.1.5/configure.ac
--- lsyncd-release-2.1.5.orig/configure.ac 2013-06-07 18:24:02.000000000 +0600
+++ lsyncd-release-2.1.5/configure.ac 2014-03-04 13:24:15.390350812 +0600
@@ -15,10 +15,10 @@
AC_PROG_INSTALL
AC_PROG_MAKE_SET
-#AC_PATH_PROG([A2X], [a2x], [no])
-#if test x${A2X} = xno ; then
-# AC_MSG_ERROR([Program 'a2x' (package asciidoc) is required])
-#fi
+AC_PATH_PROG([A2X], [a2x], [no])
+if test x${A2X} = xno ; then
+ AC_MSG_ERROR([Program 'a2x' (package asciidoc) is required])
+fi
###
# Checks for Lua

10
pkgs/applications/science/electronics/qucs/tr1-complex.patch
View file

@ -1,10 +0,0 @@
--- qucs-core/configure.orig 2011-07-03 07:34:09.069218113 -0500
+++ qucs-core/configure 2011-07-03 07:34:46.618990497 -0500
@@ -5884,7 +5884,6 @@
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-#include <tr1/complex>
using namespace std;
using namespace std::tr1;
int

33
pkgs/applications/science/logic/isabelle/settings.patch
View file

@ -1,33 +0,0 @@
diff -Nuar Isabelle2011/etc/settings Isabelle2011-fix/etc/settings
--- Isabelle2011/etc/settings 2011-01-30 13:02:18.000000000 +0100
+++ Isabelle2011-fix/etc/settings 2011-05-14 22:56:04.000000000 +0200
@@ -17,13 +17,7 @@
# Poly/ML 5.x (automated settings)
ML_PLATFORM="$ISABELLE_PLATFORM"
-ML_HOME="$(choosefrom \
- "$ISABELLE_HOME/contrib/polyml/$ML_PLATFORM" \
- "$ISABELLE_HOME/../polyml/$ML_PLATFORM" \
- "/usr/local/polyml/$ML_PLATFORM" \
- "/usr/share/polyml/$ML_PLATFORM" \
- "/opt/polyml/$ML_PLATFORM" \
- "")"
+ML_HOME=@ML_HOME@
ML_SYSTEM=$("$ISABELLE_HOME/lib/scripts/polyml-version")
ML_OPTIONS="-H 200"
ML_SOURCES="$ML_HOME/../src"
@@ -175,13 +169,7 @@
###
# Proof General home, look in a variety of places
-PROOFGENERAL_HOME="$(choosefrom \
- "$ISABELLE_HOME/contrib/ProofGeneral" \
- "$ISABELLE_HOME/../ProofGeneral" \
- "/usr/local/ProofGeneral" \
- "/usr/share/ProofGeneral" \
- "/opt/ProofGeneral" \
- "")"
+PROOFGENERAL_HOME=@PROOFGENERAL_HOME@
PROOFGENERAL_OPTIONS=""
#PROOFGENERAL_OPTIONS="-m no_brackets -m no_type_brackets"

36
pkgs/desktops/kde-4.14/files/kdelibs-cve-2014-5033.patch
View file

@ -1,36 +0,0 @@
--- a/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp
+++ b/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp
@@ -144,7 +144,7 @@
Action::AuthStatus Polkit1Backend::actionStatus(const QString &action)
{
- PolkitQt1::UnixProcessSubject subject(QCoreApplication::applicationPid());
+ PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID()));
PolkitQt1::Authority::Result r = PolkitQt1::Authority::instance()->checkAuthorizationSync(action, subject,
PolkitQt1::Authority::None);
switch (r) {
@@ -160,21 +160,12 @@
QByteArray Polkit1Backend::callerID() const
{
- QByteArray a;
- QDataStream s(&a, QIODevice::WriteOnly);
- s << QCoreApplication::applicationPid();
-
- return a;
+ return QDBusConnection::systemBus().baseService().toUtf8();
}
bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID)
{
- QDataStream s(&callerID, QIODevice::ReadOnly);
- qint64 pid;
-
- s >> pid;
-
- PolkitQt1::UnixProcessSubject subject(pid);
+ PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID));
PolkitQt1::Authority *authority = PolkitQt1::Authority::instance();
PolkitResultEventLoop e;

12
pkgs/desktops/kde-4.14/files/polkit-install.patch
View file

@ -1,12 +0,0 @@
diff -ru -x '*~' kdelibs-4.6.90-orig/kdecore/auth/ConfigureChecks.cmake kdelibs-4.6.90/kdecore/auth/ConfigureChecks.cmake
--- kdelibs-4.6.90-orig/kdecore/auth/ConfigureChecks.cmake 2011-05-20 22:24:54.000000000 +0200
+++ kdelibs-4.6.90/kdecore/auth/ConfigureChecks.cmake 2011-07-12 14:03:00.000000000 +0200
@@ -139,7 +139,7 @@
${CMAKE_INSTALL_PREFIX} _KDE4_AUTH_POLICY_FILES_INSTALL_DIR
${POLKITQT-1_POLICY_FILES_INSTALL_DIR})
- set(KDE4_AUTH_POLICY_FILES_INSTALL_DIR ${_KDE4_AUTH_POLICY_FILES_INSTALL_DIR} CACHE STRING
+ set(KDE4_AUTH_POLICY_FILES_INSTALL_DIR "\${CMAKE_INSTALL_PREFIX}/share/polkit-1/actions" CACHE STRING
"Where policy files generated by KAuth will be installed" FORCE)
elseif(KDE4_AUTH_BACKEND_NAME STREQUAL "FAKE")
set (KAUTH_COMPILING_FAKE_BACKEND TRUE)

130
pkgs/desktops/plasma-5.5/libkscreen/libkscreen-backend-path.patch
View file

@ -1,130 +0,0 @@
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 460022f..422a708 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -1,5 +1,7 @@
include_directories(${CMAKE_SOURCE_DIR} ${CMAKE_BINARY_DIR} ${CMAKE_CURRENT_BINARY_DIR} ${QT_INCLUDES})
+configure_file(config-libkscreen.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/config-libkscreen.h)
+
set(libkscreen_SRCS
backendloader.cpp
config.cpp
diff --git a/src/backendloader.cpp b/src/backendloader.cpp
index b93e469..8aebc14 100644
--- a/src/backendloader.cpp
+++ b/src/backendloader.cpp
@@ -16,6 +16,7 @@
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA *
*************************************************************************************/
+#include "config-libkscreen.h"
#include "backendloader.h"
#include "debug_p.h"
#include "backends/abstractbackend.h"
@@ -40,55 +41,54 @@ bool BackendLoader::init()
const QString backend = qgetenv("KSCREEN_BACKEND").constData();
const QString backendFilter = QString::fromLatin1("KSC_%1*").arg(backend);
- const QStringList paths = QCoreApplication::libraryPaths();
- Q_FOREACH (const QString &path, paths) {
- const QDir dir(path + QDir::separator() + QLatin1String("/kf5/kscreen/"),
- backendFilter,
- QDir::SortFlags(QDir::QDir::NoSort),
- QDir::NoDotAndDotDot | QDir::Files);
- const QFileInfoList finfos = dir.entryInfoList();
- Q_FOREACH (const QFileInfo &finfo, finfos) {
- // Skip "Fake" backend unless explicitly specified via KSCREEN_BACKEND
- if (backend.isEmpty() && finfo.fileName().contains(QLatin1String("KSC_Fake"))) {
- continue;
- }
+ QString path = QFile::decodeName(CMAKE_INSTALL_PREFIX "/" PLUGIN_INSTALL_DIR "/");
- // When on X11, skip the QScreen backend, instead use the XRandR backend,
- // if not specified in KSCREEN_BACKEND
- if (backend.isEmpty() &&
- finfo.fileName().contains(QLatin1String("KSC_QScreen")) &&
- QX11Info::isPlatformX11()) {
- continue;
- }
+ const QDir dir(path + QDir::separator() + QLatin1String("/kf5/kscreen/"),
+ backendFilter,
+ QDir::SortFlags(QDir::QDir::NoSort),
+ QDir::NoDotAndDotDot | QDir::Files);
+ const QFileInfoList finfos = dir.entryInfoList();
+ Q_FOREACH (const QFileInfo &finfo, finfos) {
+ // Skip "Fake" backend unless explicitly specified via KSCREEN_BACKEND
+ if (backend.isEmpty() && finfo.fileName().contains(QLatin1String("KSC_Fake"))) {
+ continue;
+ }
- // When not on X11, skip the XRandR backend, and fall back to QSCreen
- // if not specified in KSCREEN_BACKEND
- if (backend.isEmpty() &&
- finfo.fileName().contains(QLatin1String("KSC_XRandR")) &&
- !QX11Info::isPlatformX11()) {
- continue;
- }
+ // When on X11, skip the QScreen backend, instead use the XRandR backend,
+ // if not specified in KSCREEN_BACKEND
+ if (backend.isEmpty() &&
+ finfo.fileName().contains(QLatin1String("KSC_QScreen")) &&
+ QX11Info::isPlatformX11()) {
+ continue;
+ }
+
+ // When not on X11, skip the XRandR backend, and fall back to QSCreen
+ // if not specified in KSCREEN_BACKEND
+ if (backend.isEmpty() &&
+ finfo.fileName().contains(QLatin1String("KSC_XRandR")) &&
+ !QX11Info::isPlatformX11()) {
+ continue;
+ }
- QPluginLoader loader(finfo.filePath());
- loader.load();
- QObject *instance = loader.instance();
- if (!instance) {
+ QPluginLoader loader(finfo.filePath());
+ loader.load();
+ QObject *instance = loader.instance();
+ if (!instance) {
+ loader.unload();
+ continue;
+ }
+
+ s_backend = qobject_cast< AbstractBackend* >(instance);
+ if (s_backend) {
+ if (!s_backend->isValid()) {
+ qCDebug(KSCREEN) << "Skipping" << s_backend->name() << "backend";
+ delete s_backend;
+ s_backend = 0;
loader.unload();
continue;
}
-
- s_backend = qobject_cast< AbstractBackend* >(instance);
- if (s_backend) {
- if (!s_backend->isValid()) {
- qCDebug(KSCREEN) << "Skipping" << s_backend->name() << "backend";
- delete s_backend;
- s_backend = 0;
- loader.unload();
- continue;
- }
- qCDebug(KSCREEN) << "Loading" << s_backend->name() << "backend";
- return true;
- }
+ qCDebug(KSCREEN) << "Loading" << s_backend->name() << "backend";
+ return true;
}
}
diff --git a/src/config-libkscreen.h.cmake b/src/config-libkscreen.h.cmake
new file mode 100644
index 0000000..a99f3d1
--- /dev/null
+++ b/src/config-libkscreen.h.cmake
@@ -0,0 +1,2 @@
+#define CMAKE_INSTALL_PREFIX "${CMAKE_INSTALL_PREFIX}"
+#define PLUGIN_INSTALL_DIR "${PLUGIN_INSTALL_DIR}"

39
pkgs/development/compilers/ecl/libffi-prefix.patch
View file

@ -1,39 +0,0 @@
diff --git a/src/configure.in b/src/configure.in
index 434da49..642c66c 100644
--- ecl-15.3.7.orig/src/configure.ac
+++ ecl-15.3.7/src/configure.ac
@@ -191,6 +191,11 @@ AC_ARG_WITH(dffi,
[(system|included|auto|no, default=AUTO if libffi available)]),
[enable_libffi=${withval}], [enable_libffi=auto])
+AC_ARG_WITH(libffi-prefix,
+ AS_HELP_STRING( [--with-libffi-prefix=path],
+ [prefix for system LIBFFI includes and libraries] ),
+ [LIBFFI_INCDIR="$withval/include"; LIBFFI_LIBDIR="$withval/lib"], [])
+
AC_ARG_WITH(fpe,
AS_HELP_STRING( [--with-fpe],
[detect floating point exceptions]
@@ -368,6 +373,22 @@ else
INFOEXT=info
fi
+dnl libffi
+
+if test "x$LIBFFI_INCDIR" != "x"; then
+ LIBFFI_CPPFLAGS="-I$LIBFFI_INCDIR"
+fi
+if test "x$LIBFFI_LIBDIR" != "x"; then
+ LIBFFI_LDFLAGS="-L$LIBFFI_LIBDIR"
+ if test "$enable_rpath" = "yes"; then
+ if (echo "$ECL_LDRPATH" | grep '~A') > /dev/null; then
+ LIBFFI_LDFLAGS=`echo $ECL_LDRPATH | sed "s,~A,$LIBFFI_LIBDIR,"`" $LIBFFI_LDFLAGS"
+ fi
+ fi
+fi
+CPPFLAGS="$CPPFLAGS $LIBFFI_CPPFLAGS"
+LDFLAGS="$LDFLAGS $LIBFFI_LDFLAGS"
+
dnl ======================================================================
dnl GNU multiprecision library
dnl

60
pkgs/development/compilers/ghc/osx-dylib-resolver.patch
View file

@ -1,60 +0,0 @@
diff --git a/compiler/ghci/Linker.hs b/compiler/ghci/Linker.hs
--- a/compiler/ghci/Linker.hs
+++ b/compiler/ghci/Linker.hs
@@ -119,9 +119,9 @@
-- that is really important
pkgs_loaded :: ![PackageKey],
- -- we need to remember the name of the last temporary DLL/.so
- -- so we can link it
- last_temp_so :: !(Maybe (FilePath, String)) }
+ -- we need to remember the name of previous temporary DLL/.so
+ -- libraries so we can link them (see #10322)
+ temp_sos :: ![(FilePath, String)] }
emptyPLS :: DynFlags -> PersistentLinkerState
@@ -131,7 +131,7 @@
pkgs_loaded = init_pkgs,
bcos_loaded = [],
objs_loaded = [],
- last_temp_so = Nothing }
+ temp_sos = [] }
-- Packages that don't need loading, because the compiler
-- shares them with the interpreted program.
@@ -841,19 +841,19 @@
dflags2 = dflags1 {
-- We don't want the original ldInputs in
-- (they're already linked in), but we do want
- -- to link against the previous dynLoadObjs
- -- library if there was one, so that the linker
+ -- to link against previous dynLoadObjs
+ -- libraries if there were any, so that the linker
-- can resolve dependencies when it loads this
-- library.
ldInputs =
- case last_temp_so pls of
- Nothing -> []
- Just (lp, l) ->
+ concatMap
+ (\(lp, l) ->
[ Option ("-L" ++ lp)
, Option ("-Wl,-rpath")
, Option ("-Wl," ++ lp)
, Option ("-l" ++ l)
- ],
+ ])
+ (temp_sos pls),
-- Even if we're e.g. profiling, we still want
-- the vanilla dynamic libraries, so we set the
-- ways / build tag to be just WayDyn.
@@ -868,7 +868,7 @@
consIORef (filesToNotIntermediateClean dflags) soFile
m <- loadDLL soFile
case m of
- Nothing -> return pls { last_temp_so = Just (libPath, libName) }
+ Nothing -> return pls { temp_sos = (libPath, libName) : temp_sos pls }
Just err -> panic ("Loading temp shared object failed: " ++ err)
rmDupLinkables :: [Linkable] -- Already loaded

40
pkgs/development/compilers/hhvm/3918a2ccceb98230ff517601ad60aa6bee36e2c4.patch
View file

@ -1,40 +0,0 @@
From 3918a2ccceb98230ff517601ad60aa6bee36e2c4 Mon Sep 17 00:00:00 2001
From: Alex Malyshev <alexanderm@fb.com>
Date: Tue, 28 Oct 2014 15:55:34 -0700
Subject: [PATCH] Replace use of MAX macro with std::max in ZendPack
Summary: This has randomly bitten me in open source builds. I intermittently get
an error saying that MAX isn't defined.
Instead of trying to figure out what's going on, I'm just gonna switch
it to std::max.
Reviewed By: @paulbiss
Differential Revision: D1636740
---
hphp/runtime/base/zend-pack.cpp | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/hphp/runtime/base/zend-pack.cpp b/hphp/runtime/base/zend-pack.cpp
index d878ea4..c3ee14d 100644
--- a/hphp/runtime/base/zend-pack.cpp
+++ b/hphp/runtime/base/zend-pack.cpp
@@ -21,6 +21,8 @@
#include "hphp/runtime/base/builtin-functions.h"
#include "hphp/util/tiny-vector.h"
+#include <algorithm>
+
namespace HPHP {
#define INC_OUTPUTPOS(a,b) \
@@ -294,7 +296,7 @@ Variant ZendPack::pack(const String& fmt, const Array& argv) {
case 'a':
case 'A':
case 'Z': {
- int arg_cp = (code != 'Z') ? arg : MAX(0, arg - 1);
+ int arg_cp = (code != 'Z') ? arg : std::max(0, arg - 1);
memset(&output[outputpos], (code != 'A') ? '\0' : ' ', arg);
val = argv[currentarg++].toString();
s = val.c_str();

40
pkgs/development/compilers/hhvm/8207a31c26cc42fee79363a14c4a8f4fcbfffe63.patch
View file

@ -1,40 +0,0 @@
From 8207a31c26cc42fee79363a14c4a8f4fcbfffe63 Mon Sep 17 00:00:00 2001
From: Jordan DeLong <jdelong@fb.com>
Date: Mon, 6 Oct 2014 18:30:28 -0700
Subject: [PATCH] Remove some MIN/MAX macro uses in the emitter
Summary: <algorithm> has preferable type-safe versions that don't double-eval
their args.
Reviewed By: @paulbiss
Differential Revision: D1599803
---
hphp/compiler/analysis/emitter.cpp | 6 +++---
hphp/util/compatibility.h | 4 ----
2 files changed, 3 insertions(+), 7 deletions(-)
diff --git a/hphp/compiler/analysis/emitter.cpp b/hphp/compiler/analysis/emitter.cpp
index 321e637..b1d3f2d 100644
--- a/hphp/compiler/analysis/emitter.cpp
+++ b/hphp/compiler/analysis/emitter.cpp
@@ -799,8 +799,8 @@ void SymbolicStack::push(char sym) {
if (sym != StackSym::W && sym != StackSym::K && sym != StackSym::L &&
sym != StackSym::T && sym != StackSym::I && sym != StackSym::H) {
m_actualStack.push_back(m_symStack.size());
- *m_actualStackHighWaterPtr = MAX(*m_actualStackHighWaterPtr,
- (int)m_actualStack.size());
+ *m_actualStackHighWaterPtr = std::max(*m_actualStackHighWaterPtr,
+ (int)m_actualStack.size());
}
m_symStack.push_back(SymEntry(sym));
}
@@ -1010,7 +1010,7 @@ int SymbolicStack::sizeActual() const {
void SymbolicStack::pushFDesc() {
m_fdescCount += kNumActRecCells;
- *m_fdescHighWaterPtr = MAX(*m_fdescHighWaterPtr, m_fdescCount);
+ *m_fdescHighWaterPtr = std::max(*m_fdescHighWaterPtr, m_fdescCount);
}
void SymbolicStack::popFDesc() {

24
pkgs/development/compilers/julia/0001-work-around-buggy-wcwidth.patch
View file

@ -1,24 +0,0 @@
From b9070aeab0ab672ffe321089631f9afe263b0caa Mon Sep 17 00:00:00 2001
From: Thomas Tuegel <ttuegel@gmail.com>
Date: Thu, 4 Jun 2015 12:03:32 -0500
Subject: [PATCH] work around buggy wcwidth
---
test/unicode.jl | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/test/unicode.jl b/test/unicode.jl
index 52c3e6a..f1ef698 100644
--- a/test/unicode.jl
+++ b/test/unicode.jl
@@ -103,5 +103,6 @@ end
# handling of embedded NUL chars (#10958)
@test length("\0w") == length("\0α") == 2
-@test strwidth("\0w") == strwidth("\0α") == 1
+@test strwidth("\0w") == charwidth('\0') + charwidth('w')
+@test strwidth("\0α") == charwidth('\0') + charwidth('α')
@test normalize_string("\0W", casefold=true) == "\0w"
--
2.4.1

12
pkgs/development/compilers/openjdk/linux-4.0.patch
View file

@ -1,12 +0,0 @@
diff -Naur openjdk-7u65-b32/hotspot/make/linux/Makefile openjdk-7u65-b32-patch/hotspot/make/linux/Makefile
--- openjdk-7u65-b32/hotspot/make/linux/Makefile 2014-07-17 03:08:38.000000000 -0700
+++ openjdk-7u65-b32-patch/hotspot/make/linux/Makefile 2015-04-21 05:33:12.170190385 -0700
@@ -231,7 +231,7 @@
# Solaris 2.5.1, 2.6).
# Disable this check by setting DISABLE_HOTSPOT_OS_VERSION_CHECK=ok.
-SUPPORTED_OS_VERSION = 2.4% 2.5% 2.6% 3%
+SUPPORTED_OS_VERSION = 2.4% 2.5% 2.6% 3% 4%
OS_VERSION := $(shell uname -r)
EMPTY_IF_NOT_SUPPORTED = $(filter $(SUPPORTED_OS_VERSION),$(OS_VERSION))

16
pkgs/development/coq-modules/ssreflect/threads.patch
View file

@ -1,16 +0,0 @@
--- a/Make 2015-04-20 13:37:06.000000000 +0200
+++ b/Make 2015-04-25 11:32:53.885194600 +0200
@@ -1,9 +1,9 @@
### Uncomment for static linking
##
-#-custom "$(COQBIN)coqmktop -coqlib `$(COQBIN)coqtop -where` -opt -o bin/ssrcoq src/ssrmatching.cmx src/ssreflect.cmx" "src/ssrmatching.cmx src/ssreflect.cmx" bin/ssrcoq
-#-custom "$(COQBIN)coqmktop -coqlib `$(COQBIN)coqtop -where` -o bin/ssrcoq.byte src/ssrmatching.cmo src/ssreflect.cmo" "src/ssrmatching.cmo src/ssreflect.cmo" bin/ssrcoq.byte
-#-custom "$(SSRCOQ) $(COQFLAGS) -compile $*" "%.v $(SSRCOQ)" "%.vo"
-#SSRCOQ = bin/ssrcoq
+-custom "$(COQBIN)coqmktop -coqlib `$(COQBIN)coqtop -where` -opt -o bin/ssrcoq -I +threads src/ssrmatching.cmx src/ssreflect.cmx" "src/ssrmatching.cmx src/ssreflect.cmx" bin/ssrcoq
+-custom "$(COQBIN)coqmktop -coqlib `$(COQBIN)coqtop -where` -o bin/ssrcoq.byte -I +threads src/ssrmatching.cmo src/ssreflect.cmo" "src/ssrmatching.cmo src/ssreflect.cmo" bin/ssrcoq.byte
+-custom "$(SSRCOQ) $(COQFLAGS) -compile $*" "%.v $(SSRCOQ)" "%.vo"
+SSRCOQ = bin/ssrcoq
##
## What follows should be left untouched by the final user of ssreflect

21
pkgs/development/haskell-modules/patches/regex-tdfa-text.patch
View file

@ -1,21 +0,0 @@
--- regex-tdfa-text-1.0.0.2/Text/Regex/TDFA/Text/Lazy.orig.hs 2015-08-05 20:30:01.228983428 +0100
+++ regex-tdfa-text-1.0.0.2/Text/Regex/TDFA/Text/Lazy.hs 2015-08-05 20:39:25.682563005 +0100
@@ -26,7 +26,7 @@
import Data.Array.IArray((!),elems,amap)
import qualified Data.Text.Lazy as L(Text,empty,take,drop,uncons,unpack)
-import Text.Regex.Base(MatchArray,RegexContext(..),Extract(..),RegexMaker(..),RegexLike(..))
+import Text.Regex.Base(MatchText,MatchArray,RegexContext(..),Extract(..),RegexMaker(..),RegexLike(..))
import Text.Regex.Base.Impl(polymatch,polymatchM)
import Text.Regex.TDFA.ReadRegex(parseRegex)
import Text.Regex.TDFA.String() -- piggyback on RegexMaker for String
@@ -74,7 +74,8 @@
,after (o+l) source))
(matchOnce regex source)
matchAllText regex source =
- let go i _ _ | i `seq` False = undefined
+ let go :: Int -> L.Text -> [MatchArray] -> [MatchText L.Text]
+ go i _ _ | i `seq` False = undefined
go _i _t [] = []
go i t (x:xs) =
let (off0,len0) = x!0

498
pkgs/development/libraries/aterm/aterm-mingw-asm.patch
View file

@ -1,498 +0,0 @@
diff -rc aterm-2.8/aterm/gc.c aterm-2.8-new/aterm/gc.c
*** aterm-2.8/aterm/gc.c 2008-11-10 13:54:22.000000000 +0100
--- aterm-2.8-new/aterm/gc.c 2010-08-23 17:04:56.000000000 +0200
***************
*** 260,317 ****
AFun oddSym;
#endif
- #ifdef WIN32
-
- unsigned int r_eax, r_ebx, r_ecx, r_edx, \
- r_esi, r_edi, r_esp, r_ebp;
- ATerm reg[8], real_term;
-
- __asm {
- /* Get the registers into local variables to check them
- for aterms later. */
- mov r_eax, eax
- mov r_ebx, ebx
- mov r_ecx, ecx
- mov r_edx, edx
- mov r_esi, esi
- mov r_edi, edi
- mov r_esp, esp
- mov r_ebp, ebp
- }
- /* Put the register-values into an array */
- reg[0] = (ATerm) r_eax;
- reg[1] = (ATerm) r_ebx;
- reg[2] = (ATerm) r_ecx;
- reg[3] = (ATerm) r_edx;
- reg[4] = (ATerm) r_esi;
- reg[5] = (ATerm) r_edi;
- reg[6] = (ATerm) r_esp;
- reg[7] = (ATerm) r_ebp;
-
- for(i=0; i<8; i++) {
- real_term = AT_isInsideValidTerm(reg[i]);
- if (real_term != NULL) {
- AT_markTerm(real_term);
- }
- if (AT_isValidSymbol((Symbol)reg[i])) {
- AT_markSymbol((Symbol)reg[i]);
- }
- }
-
- /* The register variables are on the stack aswell
- I set them to zero so they won't be processed again when
- the stack is traversed. The reg-array is also in the stack
- but that will be adjusted later */
- r_eax = 0;
- r_ebx = 0;
- r_ecx = 0;
- r_edx = 0;
- r_esi = 0;
- r_edi = 0;
- r_esp = 0;
- r_ebp = 0;
-
- #else
jmp_buf env;
/* Traverse possible register variables */
--- 260,265 ----
***************
*** 320,326 ****
start = (ATerm *)((char *)env);
stop = ((ATerm *)(((char *)env) + sizeof(jmp_buf)));
mark_memory(start, stop);
- #endif
stackTop = stack_top();
--- 268,273 ----
***************
*** 385,442 ****
AFun oddSym;
#endif
- #ifdef WIN32
-
- unsigned int r_eax, r_ebx, r_ecx, r_edx, \
- r_esi, r_edi, r_esp, r_ebp;
- ATerm reg[8], real_term;
-
- __asm {
- /* Get the registers into local variables to check them
- for aterms later. */
- mov r_eax, eax
- mov r_ebx, ebx
- mov r_ecx, ecx
- mov r_edx, edx
- mov r_esi, esi
- mov r_edi, edi
- mov r_esp, esp
- mov r_ebp, ebp
- }
- /* Put the register-values into an array */
- reg[0] = (ATerm) r_eax;
- reg[1] = (ATerm) r_ebx;
- reg[2] = (ATerm) r_ecx;
- reg[3] = (ATerm) r_edx;
- reg[4] = (ATerm) r_esi;
- reg[5] = (ATerm) r_edi;
- reg[6] = (ATerm) r_esp;
- reg[7] = (ATerm) r_ebp;
-
- for(i=0; i<8; i++) {
- real_term = AT_isInsideValidTerm(reg[i]);
- if (real_term != NULL) {
- AT_markTerm_young(real_term);
- }
- if (AT_isValidSymbol((Symbol)reg[i])) {
- AT_markSymbol_young((Symbol)reg[i]);
- }
- }
-
- /* The register variables are on the stack aswell
- I set them to zero so they won't be processed again when
- the stack is traversed. The reg-array is also in the stack
- but that will be adjusted later */
- r_eax = 0;
- r_ebx = 0;
- r_ecx = 0;
- r_edx = 0;
- r_esi = 0;
- r_edi = 0;
- r_esp = 0;
- r_ebp = 0;
-
- #else
jmp_buf env;
/* Traverse possible register variables */
--- 332,337 ----
***************
*** 445,451 ****
start = (ATerm *)((char *)env);
stop = ((ATerm *)(((char *)env) + sizeof(jmp_buf)));
mark_memory_young(start, stop);
- #endif
stackTop = stack_top();
start = MIN(stackTop, stackBot);
--- 340,345 ----
Only in aterm-2.8-new/aterm: gc.c.orig
diff -rc aterm-2.8/configure aterm-2.8-new/configure
*** aterm-2.8/configure 2008-11-10 13:54:27.000000000 +0100
--- aterm-2.8-new/configure 2010-08-23 17:08:10.000000000 +0200
***************
*** 19970,20295 ****
CURDATE=`date`
- echo "$as_me:$LINENO: checking whether byte ordering is bigendian" >&5
- echo $ECHO_N "checking whether byte ordering is bigendian... $ECHO_C" >&6
- if test "${ac_cv_c_bigendian+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
- else
- # See if sys/param.h defines the BYTE_ORDER macro.
- cat >conftest.$ac_ext <<_ACEOF
- /* confdefs.h. */
- _ACEOF
- cat confdefs.h >>conftest.$ac_ext
- cat >>conftest.$ac_ext <<_ACEOF
- /* end confdefs.h. */
- #include <sys/types.h>
- #include <sys/param.h>
-
- int
- main ()
- {
- #if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN
- bogus endian macros
- #endif
-
- ;
- return 0;
- }
- _ACEOF
- rm -f conftest.$ac_objext
- if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- # It does; now see whether it defined to BIG_ENDIAN or not.
- cat >conftest.$ac_ext <<_ACEOF
- /* confdefs.h. */
- _ACEOF
- cat confdefs.h >>conftest.$ac_ext
- cat >>conftest.$ac_ext <<_ACEOF
- /* end confdefs.h. */
- #include <sys/types.h>
- #include <sys/param.h>
-
- int
- main ()
- {
- #if BYTE_ORDER != BIG_ENDIAN
- not big endian
- #endif
-
- ;
- return 0;
- }
- _ACEOF
- rm -f conftest.$ac_objext
- if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_c_bigendian=yes
- else
- echo "$as_me: failed program was:" >&5
- sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_c_bigendian=no
- fi
- rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
- else
- echo "$as_me: failed program was:" >&5
- sed 's/^/| /' conftest.$ac_ext >&5
-
- # It does not; compile a test program.
- if test "$cross_compiling" = yes; then
- # try to guess the endianness by grepping values into an object file
- ac_cv_c_bigendian=unknown
- cat >conftest.$ac_ext <<_ACEOF
- /* confdefs.h. */
- _ACEOF
- cat confdefs.h >>conftest.$ac_ext
- cat >>conftest.$ac_ext <<_ACEOF
- /* end confdefs.h. */
- short ascii_mm[] = { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 };
- short ascii_ii[] = { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 };
- void _ascii () { char *s = (char *) ascii_mm; s = (char *) ascii_ii; }
- short ebcdic_ii[] = { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 };
- short ebcdic_mm[] = { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 };
- void _ebcdic () { char *s = (char *) ebcdic_mm; s = (char *) ebcdic_ii; }
- int
- main ()
- {
- _ascii (); _ebcdic ();
- ;
- return 0;
- }
- _ACEOF
- rm -f conftest.$ac_objext
- if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- if grep BIGenDianSyS conftest.$ac_objext >/dev/null ; then
- ac_cv_c_bigendian=yes
- fi
- if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then
- if test "$ac_cv_c_bigendian" = unknown; then
- ac_cv_c_bigendian=no
- else
- # finding both strings is unlikely to happen, but who knows?
- ac_cv_c_bigendian=unknown
- fi
- fi
- else
- echo "$as_me: failed program was:" >&5
- sed 's/^/| /' conftest.$ac_ext >&5
-
- fi
- rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
- else
- cat >conftest.$ac_ext <<_ACEOF
- /* confdefs.h. */
- _ACEOF
- cat confdefs.h >>conftest.$ac_ext
- cat >>conftest.$ac_ext <<_ACEOF
- /* end confdefs.h. */
- int
- main ()
- {
- /* Are we little or big endian? From Harbison&Steele. */
- union
- {
- long l;
- char c[sizeof (long)];
- } u;
- u.l = 1;
- exit (u.c[sizeof (long) - 1] == 1);
- }
- _ACEOF
- rm -f conftest$ac_exeext
- if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_c_bigendian=no
- else
- echo "$as_me: program exited with status $ac_status" >&5
- echo "$as_me: failed program was:" >&5
- sed 's/^/| /' conftest.$ac_ext >&5
-
- ( exit $ac_status )
- ac_cv_c_bigendian=yes
- fi
- rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
- fi
- fi
- rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
- fi
- echo "$as_me:$LINENO: result: $ac_cv_c_bigendian" >&5
- echo "${ECHO_T}$ac_cv_c_bigendian" >&6
- case $ac_cv_c_bigendian in
- yes)
-
- cat >>confdefs.h <<\_ACEOF
- #define WORDS_BIGENDIAN 1
- _ACEOF
- ;;
- no)
- ;;
- *)
- { { echo "$as_me:$LINENO: error: unknown endianness
- presetting ac_cv_c_bigendian=no (or yes) will help" >&5
- echo "$as_me: error: unknown endianness
- presetting ac_cv_c_bigendian=no (or yes) will help" >&2;}
- { (exit 1); exit 1; }; } ;;
- esac
-
-
- echo "$as_me:$LINENO: checking whether float word ordering is big endian" >&5
- echo $ECHO_N "checking whether float word ordering is big endian... $ECHO_C" >&6
- if test "${ax_cv_c_float_word_order_big+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
- else
-
- if test "$cross_compiling" = yes; then
- { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
- See \`config.log' for more details." >&5
- echo "$as_me: error: cannot run test program while cross compiling
- See \`config.log' for more details." >&2;}
- { (exit 1); exit 1; }; }
- else
- cat >conftest.$ac_ext <<_ACEOF
-
- /* This code returns 0 if the float word order is big endian and >= 1 if it is little endian. */
- main(){
- #ifdef WORDS_BIGENDIAN
- return 0; /* If the system's encoding is big endian, so is the float word order. NOTE: If the encoding is big endian and WORDS_BIGENDIAN isn't defined, the code below will still return the correct float word order (big). */
- #else
- union
- {
- double d;
- /* IEEE754 little endian encoded floating point number structure with little endian float word order. */
- struct{
- unsigned int mantissa1:32;
- unsigned int mantissa0:20;
- unsigned int exponent:11;
- unsigned int negative:1;
- } ieee;
- } u;
- u.d = -1;
- return (u.ieee.negative == 1);
- #endif
- }
-
- _ACEOF
- rm -f conftest$ac_exeext
- if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ax_cv_c_float_word_order_big=yes
- else
- echo "$as_me: program exited with status $ac_status" >&5
- echo "$as_me: failed program was:" >&5
- sed 's/^/| /' conftest.$ac_ext >&5
-
- ( exit $ac_status )
- ax_cv_c_float_word_order_big=no
- fi
- rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
- fi
-
-
- fi
- echo "$as_me:$LINENO: result: $ax_cv_c_float_word_order_big" >&5
- echo "${ECHO_T}$ax_cv_c_float_word_order_big" >&6
-
- case $ax_cv_c_float_word_order_big in
- yes)
-
-
- cat >>confdefs.h <<\_ACEOF
- #define FLOAT_WORD_ORDER_BIG 1
- _ACEOF
-
-
- ;;
- no)
- ;;
- *)
-
- { { echo "$as_me:$LINENO: error: Unable to determain float word ordering. You need to manually preset ax_cv_c_float_word_order_big=(yes / no).
- " >&5
- echo "$as_me: error: Unable to determain float word ordering. You need to manually preset ax_cv_c_float_word_order_big=(yes / no).
- " >&2;}
- { (exit 1); exit 1; }; }
-
- ;;
- esac
-
-
for ac_func in strdup
--- 19970,19975 ----
diff -rc aterm-2.8/Makefile.in aterm-2.8-new/Makefile.in
*** aterm-2.8/Makefile.in 2008-11-10 13:54:28.000000000 +0100
--- aterm-2.8-new/Makefile.in 2010-08-23 17:05:27.000000000 +0200
***************
*** 217,223 ****
pkgconfig_DATA = ${PACKAGE}.pc
! SUBDIRS = aterm utils test
ACLOCAL_AMFLAGS = -I .
subdir = .
--- 217,223 ----
pkgconfig_DATA = ${PACKAGE}.pc
! SUBDIRS = aterm utils
ACLOCAL_AMFLAGS = -I .
subdir = .

90
pkgs/development/libraries/boost/boost-155-clang.patch
View file

@ -1,90 +0,0 @@
diff --git a/boost/atomic/detail/cas128strong.hpp b/boost/atomic/detail/cas128strong.hpp
index 906c13e..dcb4d7d 100644
--- a/boost/atomic/detail/cas128strong.hpp
+++ b/boost/atomic/detail/cas128strong.hpp
@@ -196,15 +196,17 @@ class base_atomic<T, void, 16, Sign>
public:
BOOST_DEFAULTED_FUNCTION(base_atomic(void), {})
- explicit base_atomic(value_type const& v) BOOST_NOEXCEPT : v_(0)
+ explicit base_atomic(value_type const& v) BOOST_NOEXCEPT
{
+ memset(&v_, 0, sizeof(v_));
memcpy(&v_, &v, sizeof(value_type));
}
void
store(value_type const& value, memory_order order = memory_order_seq_cst) volatile BOOST_NOEXCEPT
{
- storage_type value_s = 0;
+ storage_type value_s;
+ memset(&value_s, 0, sizeof(value_s));
memcpy(&value_s, &value, sizeof(value_type));
platform_fence_before_store(order);
platform_store128(value_s, &v_);
@@ -247,7 +249,9 @@ class base_atomic<T, void, 16, Sign>
memory_order success_order,
memory_order failure_order) volatile BOOST_NOEXCEPT
{
- storage_type expected_s = 0, desired_s = 0;
+ storage_type expected_s, desired_s;
+ memset(&expected_s, 0, sizeof(expected_s));
+ memset(&desired_s, 0, sizeof(desired_s));
memcpy(&expected_s, &expected, sizeof(value_type));
memcpy(&desired_s, &desired, sizeof(value_type));
diff --git a/boost/atomic/detail/gcc-atomic.hpp b/boost/atomic/detail/gcc-atomic.hpp
index a130590..4af99a1 100644
--- a/boost/atomic/detail/gcc-atomic.hpp
+++ b/boost/atomic/detail/gcc-atomic.hpp
@@ -958,14 +958,16 @@ class base_atomic<T, void, 16, Sign>
public:
BOOST_DEFAULTED_FUNCTION(base_atomic(void), {})
- explicit base_atomic(value_type const& v) BOOST_NOEXCEPT : v_(0)
+ explicit base_atomic(value_type const& v) BOOST_NOEXCEPT
{
+ memset(&v_, 0, sizeof(v_));
memcpy(&v_, &v, sizeof(value_type));
}
void store(value_type const& v, memory_order order = memory_order_seq_cst) volatile BOOST_NOEXCEPT
{
- storage_type tmp = 0;
+ storage_type tmp;
+ memset(&tmp, 0, sizeof(tmp));
memcpy(&tmp, &v, sizeof(value_type));
__atomic_store_n(&v_, tmp, atomics::detail::convert_memory_order_to_gcc(order));
}
@@ -980,7 +982,8 @@ class base_atomic<T, void, 16, Sign>
value_type exchange(value_type const& v, memory_order order = memory_order_seq_cst) volatile BOOST_NOEXCEPT
{
- storage_type tmp = 0;
+ storage_type tmp;
+ memset(&tmp, 0, sizeof(tmp));
memcpy(&tmp, &v, sizeof(value_type));
tmp = __atomic_exchange_n(&v_, tmp, atomics::detail::convert_memory_order_to_gcc(order));
value_type res;
@@ -994,7 +997,9 @@ class base_atomic<T, void, 16, Sign>
memory_order success_order,
memory_order failure_order) volatile BOOST_NOEXCEPT
{
- storage_type expected_s = 0, desired_s = 0;
+ storage_type expected_s, desired_s;
+ memset(&expected_s, 0, sizeof(expected_s));
+ memset(&desired_s, 0, sizeof(desired_s));
memcpy(&expected_s, &expected, sizeof(value_type));
memcpy(&desired_s, &desired, sizeof(value_type));
const bool success = __atomic_compare_exchange_n(&v_, &expected_s, desired_s, false,
@@ -1010,7 +1015,9 @@ class base_atomic<T, void, 16, Sign>
memory_order success_order,
memory_order failure_order) volatile BOOST_NOEXCEPT
{
- storage_type expected_s = 0, desired_s = 0;
+ storage_type expected_s, desired_s;
+ memset(&expected_s, 0, sizeof(expected_s));
+ memset(&desired_s, 0, sizeof(desired_s));
memcpy(&expected_s, &expected, sizeof(value_type));
memcpy(&desired_s, &desired, sizeof(value_type));
const bool success = __atomic_compare_exchange_n(&v_, &expected_s, desired_s, true,

20
pkgs/development/libraries/libedit/freebsd_weak_ref.patch
View file

@ -1,20 +0,0 @@
--- libedit-20110709-3.0/src/vi.c.old 2011-07-11 18:21:16.000000000 +0000
+++ libedit-20110709-3.0/src/vi.c 2011-07-11 18:24:29.000000000 +0000
@@ -918,7 +918,7 @@
* NB: posix implies that we should enter insert mode, however
* this is against historical precedent...
*/
-#ifdef __weak_reference
+#if defined(__weak_reference) && defined(__NetBSD__)
__weakref_visible char *my_get_alias_text(const char *)
__weak_reference(get_alias_text);
#endif
@@ -926,7 +926,7 @@
/*ARGSUSED*/
vi_alias(EditLine *el, Int c)
{
-#ifdef __weak_reference
+#if defined(__weak_reference) && defined(__NetBSD__)
char alias_name[3];
char *alias_text;

9
pkgs/development/r-modules/patches/BayesBridge_cblas.patch
View file

@ -1,9 +0,0 @@
diff -ru -x '*~' BayesBridge_orig/src/Makevars BayesBridge/src/Makevars
--- BayesBridge_orig/src/Makevars 2014-07-19 05:08:55.000000000 +0900
+++ BayesBridge/src/Makevars 2014-10-25 14:44:23.422592445 +0900
@@ -9,4 +9,4 @@
# PKG_CPPFLAGS = -DUSE_R -DDISABLE_FIO -I../inst/include/ -DDISABLE_SINGLE -DNTHROW
PKG_CPPFLAGS = -DUSE_R -DDISABLE_FIO -DDISABLE_SINGLE -DNTHROW
# PKG_CPPFLAGS = -DUSE_R -DDISABLE_SINGLE -DNTHROW -Wall -pedantic -Wshadow -ansi -Wsequence-point
-PKG_LIBS = $(BLAS_LIBS) $(FLIBS) $(LAPACK_LIBS)
+PKG_LIBS = $(BLAS_LIBS) $(FLIBS) $(LAPACK_LIBS) -lcblas

12
pkgs/development/r-modules/patches/BayesLogit_cblas.patch
View file

@ -1,12 +0,0 @@
diff -ru -x '*~' BayesLogit_orig/src/Makevars BayesLogit/src/Makevars
--- BayesLogit_orig/src/Makevars 2014-04-24 23:31:13.000000000 +0900
+++ BayesLogit/src/Makevars 2014-10-21 21:00:15.570699136 +0900
@@ -6,7 +6,7 @@
## W/OUT Dynamic Stuff
OBJECTS = Matrix.o MatrixFrame.o RRNG.o RNG.o FSF_nmix.o LogitWrapper.o \
PolyaGamma.o PolyaGammaAlt.o PolyaGammaSP.o InvertY.o
-PKG_LIBS = $(BLAS_LIBS) $(FLIBS) $(LAPACK_LIBS)
+PKG_LIBS = $(BLAS_LIBS) $(FLIBS) $(LAPACK_LIBS) -lopenblas
# PKG_CPPFLAGS = -DUSE_R -DNDEBUG -DDISABLE_SINGLE -DNTHROW -Wall -pedantic -Wextra
PKG_CPPFLAGS = -DUSE_R -DNDEBUG -DDISABLE_SINGLE -DNTHROW

12
pkgs/development/r-modules/patches/CARramps.patch
View file

@ -1,12 +0,0 @@
diff -ru -x '*~' CARramps_orig/src/combo1colForR1Q_d.cu CARramps/src/combo1colForR1Q_d.cu
--- CARramps_orig/src/combo1colForR1Q_d.cu 2011-12-01 22:27:06.000000000 +0900
+++ CARramps/src/combo1colForR1Q_d.cu 2014-10-25 14:59:06.869299163 +0900
@@ -4,7 +4,7 @@
#include <cuda.h>
#include <R.h>
#include <Rmath.h>
-#include <combo1colForR1Q_d.h>
+#include "combo1colForR1Q_d.h"
#define BLOCKSIZE 256

19
pkgs/development/r-modules/patches/WideLM.patch
View file

@ -1,19 +0,0 @@
diff -ru -x '*~' WideLM_orig/src/Makefile.in WideLM/src/Makefile.in
--- WideLM_orig/src/Makefile.in 2012-02-17 04:28:05.000000000 +0900
+++ WideLM/src/Makefile.in 2014-10-25 18:54:49.110011921 +0900
@@ -12,12 +12,12 @@
#compiler/preprocessor options
R_INCS := @R_INCL@ @RCPP_INCL@
CC_ARGS := @CU_PARAMS@ -Xcompiler @R_CPIC@
-CU_INCS := -I@CUDA_HOME@/include
+CU_INCS := -I@CUDA_HOME@/include
CU_ARCH := -gencode arch=compute_20,code=sm_20
#linker options
-LD_PARAMS := -Xlinker "@RCPP_LDFLAGS@"
-RCU_LIBS := @R_LIB@ -L@CU_LIBDIR@ -lcublas
+LD_PARAMS := -Xlinker "--export-dynamic -fopenmp -L${R_HOME}/lib -lR"
+RCU_LIBS := -Xlinker "-L@CU_LIBDIR@ -lcublas"
all : WideLM.so

29
pkgs/development/r-modules/patches/rpud.patch
View file

@ -1,29 +0,0 @@
diff -ru -x '*~' rpud_orig/configure rpud/configure
--- rpud_orig/configure 2010-09-08 02:14:55.000000000 +0900
+++ rpud/configure 2014-10-25 16:46:39.479098648 +0900
@@ -1794,7 +1794,7 @@
fi
LIBS="-L${CUDA_HOME}${CUDA_LIB_DIR} -lcublas -lcuda"
-RPATHFLAG="-Wl,-rpath,${CUDA_HOME}${CUDA_LIB_DIR}"
+RPATHFLAG="-Xlinker -rpath=${CUDA_HOME}${CUDA_LIB_DIR}"
diff -ru -x '*~' rpud_orig/src/Makefile.in rpud/src/Makefile.in
--- rpud_orig/src/Makefile.in 2010-08-31 01:53:50.000000000 +0900
+++ rpud/src/Makefile.in 2014-10-25 16:45:30.248109883 +0900
@@ -3,11 +3,11 @@
OBJS := rpud.o rpudist.o
#compiler/preprocessor options
-INCS := -I@CUDA_HOME@/include
+INCS := -I@CUDA_HOME@/include
PARAMS := -Xcompiler "@R_INCLUDE@ @CPICFLAGS@"
#linker options
-LD_PARAMS := -Xlinker "@R_LIB@ @RPATHFLAG@"
+LD_PARAMS := -Xlinker "--export-dynamic -fopenmp -L${R_HOME}/lib -lR @RPATHFLAG@"
LIBS := @LIBS@
TARGETS := rpud.so

13
pkgs/development/tools/boomerang/dlopen_path.patch
View file

@ -1,13 +0,0 @@
diff --git a/loader/BinaryFileFactory.cpp b/loader/BinaryFileFactory.cpp
index 889a4ed..ca86765 100644
--- a/loader/BinaryFileFactory.cpp
+++ b/loader/BinaryFileFactory.cpp
@@ -109,7 +109,7 @@ BinaryFile* BinaryFileFactory::getInstanceFor( const char *sName ) {
// Load the specific loader library
#ifndef _WIN32 // Cygwin, Unix/Linux
- libName = std::string("lib/lib") + libName;
+ libName = std::string("lib") + libName;
#ifdef __CYGWIN__
libName += ".dll"; // Cygwin wants .dll, but is otherwise like Unix
#else

237
pkgs/development/tools/build-managers/cmake/2.8.11-cygwin.patch
View file

@ -1,237 +0,0 @@
--- cmake-2.8.10/Source/cmFileCommand.cxx 2012-10-31 10:32:06.000000000 -0500
+++ cmake-2.8.10/Source/cmFileCommand.cxx 2013-03-16 22:55:11.306681100 -0500
@@ -1002,7 +1002,7 @@ protected:
MatchProperties CollectMatchProperties(const char* file)
{
// Match rules are case-insensitive on some platforms.
-#if defined(_WIN32) || defined(__APPLE__) || defined(__CYGWIN__)
+#if defined(_WIN32) || defined(__APPLE__)
std::string lower = cmSystemTools::LowerCase(file);
const char* file_to_match = lower.c_str();
#else
--- cmake-2.8.10/Source/cmInstallCommand.cxx 2012-10-31 10:32:06.000000000 -0500
+++ cmake-2.8.10/Source/cmInstallCommand.cxx 2013-03-16 22:56:21.008667800 -0500
@@ -1090,7 +1090,7 @@ cmInstallCommand::HandleDirectoryMode(st
{
literal_args += " REGEX \"";
// Match rules are case-insensitive on some platforms.
-#if defined(_WIN32) || defined(__APPLE__) || defined(__CYGWIN__)
+#if defined(_WIN32) || defined(__APPLE__)
std::string regex = cmSystemTools::LowerCase(args[i]);
#else
std::string regex = args[i];
--- cmake-2.8.10/Source/kwsys/Glob.cxx 2012-10-31 10:32:06.000000000 -0500
+++ cmake-2.8.10/Source/kwsys/Glob.cxx 2013-03-16 22:58:54.192429400 -0500
@@ -37,7 +37,7 @@
#include <string.h>
namespace KWSYS_NAMESPACE
{
-#if defined(_WIN32) || defined(__APPLE__) || defined(__CYGWIN__)
+#if defined(_WIN32) || defined(__APPLE__)
// On Windows and apple, no difference between lower and upper case
# define KWSYS_GLOB_CASE_INDEPENDENT
#endif
--- cmake-2.8.11/Source/kwsys/SystemInformation.cxx 2013-05-15 12:38:13.000000000 -0500
+++ cmake-2.8.11/Source/kwsys/SystemInformation.cxx 2013-07-08 01:57:31.216321800 -0500
@@ -888,7 +888,7 @@ void SystemInformation::RunMemoryCheck()
// Hide implementation details in an anonymous namespace.
namespace {
// *****************************************************************************
-#if defined(__linux) || defined(__APPLE__)
+#if defined(__linux) || defined(__APPLE__) || defined(__CYGWIN__)
int LoadLines(
FILE *file,
kwsys_stl::vector<kwsys_stl::string> &lines)
@@ -918,7 +918,7 @@ int LoadLines(
return nRead;
}
-# if defined(__linux)
+# if defined(__linux) || defined(__CYGWIN__)
// *****************************************************************************
int LoadLines(
const char *fileName,
@@ -957,7 +957,7 @@ int NameValue(
}
#endif
-#if defined(__linux)
+#if defined(__linux) || defined(__CYGWIN__)
// ****************************************************************************
template<typename T>
int GetFieldsFromFile(
@@ -2869,7 +2869,6 @@ bool SystemInformationImplementation::Re
pos = buffer.find("processor\t",pos+1);
}
-#ifdef __linux
// Find the largest physical id.
int maxId = -1;
kwsys_stl::string idc =
@@ -2893,14 +2892,6 @@ bool SystemInformationImplementation::Re
this->NumberOfPhysicalCPU=static_cast<unsigned int>(
numberOfCoresPerCPU*(maxId+1));
-#else // __CYGWIN__
- // does not have "physical id" entries, neither "cpu cores"
- // this has to be fixed for hyper-threading.
- kwsys_stl::string cpucount =
- this->ExtractValueFromCpuInfoFile(buffer,"cpu count");
- this->NumberOfPhysicalCPU=
- this->NumberOfLogicalCPU = atoi(cpucount.c_str());
-#endif
// gotta have one, and if this is 0 then we get a / by 0n
// better to have a bad answer than a crash
if(this->NumberOfPhysicalCPU <= 0)
@@ -3086,7 +3077,7 @@ SystemInformationImplementation::GetHost
GlobalMemoryStatusEx(&statex);
return statex.ullTotalPhys/1024;
# endif
-#elif defined(__linux)
+#elif defined(__linux) || defined(__CYGWIN__)
SystemInformation::LongLong memTotal=0;
int ierr=GetFieldFromFile("/proc/meminfo","MemTotal:",memTotal);
if (ierr)
@@ -3217,7 +3208,7 @@ SystemInformationImplementation::GetHost
GlobalMemoryStatusEx(&statex);
return (statex.ullTotalPhys - statex.ullAvailPhys)/1024;
# endif
-#elif defined(__linux)
+#elif defined(__linux) || defined(__CYGWIN__)
const char *names[3]={"MemTotal:","MemFree:",NULL};
SystemInformation::LongLong values[2]={SystemInformation::LongLong(0)};
int ierr=GetFieldsFromFile("/proc/meminfo",names,values);
@@ -3276,7 +3267,7 @@ SystemInformationImplementation::GetProc
return -2;
}
return pmc.WorkingSetSize/1024;
-#elif defined(__linux)
+#elif defined(__linux) || defined(__CYGWIN__)
SystemInformation::LongLong memUsed=0;
int ierr=GetFieldFromFile("/proc/self/status","VmRSS:",memUsed);
if (ierr)
@@ -3328,7 +3319,7 @@ SystemInformationImplementation::GetProc
{
#if defined(_WIN32)
return GetCurrentProcessId();
-#elif defined(__linux) || defined(__APPLE__)
+#elif defined(__linux) || defined(__APPLE__) || defined(__CYGWIN__)
return getpid();
#else
return -1;
--- cmake-2.8.10/Source/kwsys/SystemTools.cxx 2012-10-31 10:32:06.000000000 -0500
+++ cmake-2.8.10/Source/kwsys/SystemTools.cxx 2013-03-16 22:52:11.830415600 -0500
@@ -75,19 +75,12 @@
// Windows API.
#if defined(_WIN32)
# include <windows.h>
-#elif defined (__CYGWIN__)
-# include <windows.h>
-# undef _WIN32
#endif
#if !KWSYS_CXX_HAS_ENVIRON_IN_STDLIB_H
extern char **environ;
#endif
-#ifdef __CYGWIN__
-extern "C" void cygwin_conv_to_win32_path(const char *path, char *win32_path);
-#endif
-
// getpwnam doesn't exist on Windows and Cray Xt3/Catamount
// same for TIOCGWINSZ
#if defined(_WIN32) || defined (__LIBCATAMOUNT__)
@@ -1068,7 +1061,7 @@ bool SystemTools::SameFile(const char* f
}
//----------------------------------------------------------------------------
-#if defined(_WIN32) || defined(__CYGWIN__)
+#if defined(_WIN32)
static bool WindowsFileExists(const char* filename)
{
WIN32_FILE_ATTRIBUTE_DATA fd;
@@ -1083,7 +1076,7 @@ bool SystemTools::FileExists(const char*
{
return false;
}
-#if defined(__CYGWIN__)
+#if 0
// Convert filename to native windows path if possible.
char winpath[MAX_PATH];
if(SystemTools::PathCygwinToWin32(filename, winpath))
@@ -1111,7 +1104,7 @@ bool SystemTools::FileExists(const char*
}
//----------------------------------------------------------------------------
-#ifdef __CYGWIN__
+#if 0
bool SystemTools::PathCygwinToWin32(const char *path, char *win32_path)
{
SystemToolsTranslationMap::iterator i =
@@ -3894,7 +3887,7 @@ bool SystemTools::LocateFileInDir(const
bool SystemTools::FileIsFullPath(const char* in_name)
{
kwsys_stl::string name = in_name;
-#if defined(_WIN32) || defined(__CYGWIN__)
+#if defined(_WIN32)
// On Windows, the name must be at least two characters long.
if(name.length() < 2)
{
@@ -4712,9 +4705,6 @@ bool SystemTools::ParseURL( const kwsys_
unsigned int SystemToolsManagerCount;
SystemToolsTranslationMap *SystemTools::TranslationMap;
SystemToolsTranslationMap *SystemTools::LongPathMap;
-#ifdef __CYGWIN__
-SystemToolsTranslationMap *SystemTools::Cyg2Win32Map;
-#endif
// SystemToolsManager manages the SystemTools singleton.
// SystemToolsManager should be included in any translation unit
@@ -4760,9 +4750,6 @@ void SystemTools::ClassInitialize()
// Allocate the translation map first.
SystemTools::TranslationMap = new SystemToolsTranslationMap;
SystemTools::LongPathMap = new SystemToolsTranslationMap;
-#ifdef __CYGWIN__
- SystemTools::Cyg2Win32Map = new SystemToolsTranslationMap;
-#endif
// Add some special translation paths for unix. These are not added
// for windows because drive letters need to be maintained. Also,
@@ -4817,9 +4804,6 @@ void SystemTools::ClassFinalize()
{
delete SystemTools::TranslationMap;
delete SystemTools::LongPathMap;
-#ifdef __CYGWIN__
- delete SystemTools::Cyg2Win32Map;
-#endif
}
--- cmake-2.8.10/Source/kwsys/SystemTools.hxx.in 2012-10-31 10:32:06.000000000 -0500
+++ cmake-2.8.10/Source/kwsys/SystemTools.hxx.in 2013-03-16 23:10:30.185237900 -0500
@@ -277,15 +277,6 @@ public:
static bool FileExists(const char* filename);
/**
- * Converts Cygwin path to Win32 path. Uses dictionary container for
- * caching and calls to cygwin_conv_to_win32_path from Cygwin dll
- * for actual translation. Returns true on success, else false.
- */
-#ifdef __CYGWIN__
- static bool PathCygwinToWin32(const char *path, char *win32_path);
-#endif
-
- /**
* Return file length
*/
static unsigned long FileLength(const char *filename);
@@ -887,9 +878,6 @@ private:
*/
static SystemToolsTranslationMap *TranslationMap;
static SystemToolsTranslationMap *LongPathMap;
-#ifdef __CYGWIN__
- static SystemToolsTranslationMap *Cyg2Win32Map;
-#endif
friend class SystemToolsManager;
};

11
pkgs/development/tools/build-managers/cmake/cmake_find_openssl_for_openssl-1.0.1m_and_up.patch
View file

@ -1,11 +0,0 @@
--- ./Modules/FindOpenSSL.cmake
+++ ./Modules/FindOpenSSL.cmake
@@ -264,7 +264,7 @@
set(OPENSSL_VERSION "${_OPENSSL_VERSION}")
elseif(OPENSSL_INCLUDE_DIR AND EXISTS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h")
file(STRINGS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h" openssl_version_str
- REGEX "^#define[\t ]+OPENSSL_VERSION_NUMBER[\t ]+0x([0-9a-fA-F])+.*")
+ REGEX "^# *define[\t ]+OPENSSL_VERSION_NUMBER[\t ]+0x([0-9a-fA-F])+.*")
# The version number is encoded as 0xMNNFFPPS: major minor fix patch status
# The status gives if this is a developer or prerelease and is ignored here.

34
pkgs/development/tools/haskell/ihaskell/use-classy-prelude.patch
View file

@ -1,34 +0,0 @@
From fad4e38079e91b13bf1e94732b7494504071b224 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Edward=20Tj=C3=B6rnhammar?= <ed@cflags.cc>
Date: Sun, 28 Sep 2014 09:27:40 +0200
Subject: [PATCH] catMaybes, explicitly use ClassyPrelude
---
src/IHaskell/Eval/Completion.hs | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/IHaskell/Eval/Completion.hs b/src/IHaskell/Eval/Completion.hs
index 790c903..93d7ac1 100644
--- a/src/IHaskell/Eval/Completion.hs
+++ b/src/IHaskell/Eval/Completion.hs
@@ -141,7 +141,7 @@ getTrueModuleName name = do
onlyImportDecl _ = Nothing
-- Get all imports that we use.
- imports <- catMaybes <$> map onlyImportDecl <$> getContext
+ imports <- ClassyPrelude.catMaybes <$> map onlyImportDecl <$> getContext
-- Find the ones that have a qualified name attached.
-- If this name isn't one of them, it already is the true name.
@@ -178,7 +178,7 @@ completionType line loc target
= Empty
-- When in a string, complete filenames.
- | cursorInString line loc
+ | cursorInString line loc
= FilePath (getStringTarget lineUpToCursor) (getStringTarget lineUpToCursor)
-- Complete module names in imports and elsewhere.
--
2.1.0

16
pkgs/games/hedgewars/fix-ghc-7.8-build-failure.diff
View file

@ -1,16 +0,0 @@
## fix-ghc-7.8-build-failure.diff [diff]
diff --git a/gameServer/Actions.hs b/gameServer/Actions.hs
index 2cebe4f..355ee26 100644
--- a/gameServer/Actions.hs
+++ b/gameServer/Actions.hs
@@ -562,7 +562,7 @@ processAction (AddClient cl) = do
si <- gets serverInfo
newClId <- io $ do
ci <- addClient rnc cl
- _ <- Exception.mask (forkIO . clientRecvLoop (clientSocket cl) (coreChan si) (sendChan cl) ci)
+ _ <- Exception.mask (\x -> forkIO $ clientRecvLoop (clientSocket cl) (coreChan si) (sendChan cl) ci x)
infoM "Clients" (show ci ++ ": New client. Time: " ++ show (connectTime cl))

35
pkgs/os-specific/linux/kernel-headers/unifdef-getline.patch
View file

@ -1,35 +0,0 @@
This patch fixes a trivial compilation error with glibc 2.11.
From http://patchwork.kernel.org/patch/11166/ .
diff --git a/scripts/unifdef.c b/scripts/unifdef.c
index 552025e..977e682 100644
--- a/scripts/unifdef.c
+++ b/scripts/unifdef.c
@@ -206,7 +206,7 @@ static void done(void);
static void error(const char *);
static int findsym(const char *);
static void flushline(bool);
-static Linetype getline(void);
+static Linetype parseline(void);
static Linetype ifeval(const char **);
static void ignoreoff(void);
static void ignoreon(void);
@@ -512,7 +512,7 @@ process(void)
for (;;) {
linenum++;
- lineval = getline();
+ lineval = parseline();
trans_table[ifstate[depth]][lineval]();
debug("process %s -> %s depth %d",
linetype_name[lineval],
@@ -526,7 +526,7 @@ process(void)
* help from skipcomment().
*/
static Linetype
-getline(void)
+parseline(void)
{
const char *cp;
int cursym;

553
pkgs/os-specific/linux/kernel/apparmor-patches/3.2/0001-AppArmor-compatibility-patch-for-v5-network-controll.patch
View file

@ -1,553 +0,0 @@
From 125fccb600288968aa3395883c0a394c47176fcd Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Wed, 10 Aug 2011 22:02:39 -0700
Subject: [PATCH 1/3] AppArmor: compatibility patch for v5 network controll
Add compatibility for v5 network rules.
Signed-off-by: John Johansen <john.johansen@canonical.com>
---
include/linux/lsm_audit.h | 4 +
security/apparmor/Makefile | 19 +++-
security/apparmor/include/net.h | 40 +++++++++
security/apparmor/include/policy.h | 3 +
security/apparmor/lsm.c | 112 ++++++++++++++++++++++++
security/apparmor/net.c | 170 ++++++++++++++++++++++++++++++++++++
security/apparmor/policy.c | 1 +
security/apparmor/policy_unpack.c | 48 +++++++++-
8 files changed, 394 insertions(+), 3 deletions(-)
create mode 100644 security/apparmor/include/net.h
create mode 100644 security/apparmor/net.c
diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h
index 88e78de..c63979a 100644
--- a/include/linux/lsm_audit.h
+++ b/include/linux/lsm_audit.h
@@ -124,6 +124,10 @@ struct common_audit_data {
u32 denied;
uid_t ouid;
} fs;
+ struct {
+ int type, protocol;
+ struct sock *sk;
+ } net;
};
} apparmor_audit_data;
#endif
diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile
index 2dafe50..7cefef9 100644
--- a/security/apparmor/Makefile
+++ b/security/apparmor/Makefile
@@ -4,9 +4,9 @@ obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o
apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \
path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \
- resource.o sid.o file.o
+ resource.o sid.o file.o net.o
-clean-files := capability_names.h rlim_names.h
+clean-files := capability_names.h rlim_names.h af_names.h
# Build a lower case string table of capability names
@@ -44,9 +44,24 @@ cmd_make-rlim = echo "static const char *rlim_names[] = {" > $@ ;\
sed -r -n "s/^\# ?define[ \t]+(RLIMIT_[A-Z0-9_]+).*/\1,/p" $< >> $@ ;\
echo "};" >> $@
+# Build a lower case string table of address family names.
+# Transform lines from
+# #define AF_INET 2 /* Internet IP Protocol */
+# to
+# [2] = "inet",
+quiet_cmd_make-af = GEN $@
+cmd_make-af = echo "static const char *address_family_names[] = {" > $@ ;\
+ sed $< >> $@ -r -n -e "/AF_MAX/d" -e "/AF_LOCAL/d" -e \
+ 's/^\#define[ \t]+AF_([A-Z0-9_]+)[ \t]+([0-9]+).*/[\2] = "\L\1",/p';\
+ echo "};" >> $@
+
+
$(obj)/capability.o : $(obj)/capability_names.h
$(obj)/resource.o : $(obj)/rlim_names.h
+$(obj)/net.o : $(obj)/af_names.h
$(obj)/capability_names.h : $(srctree)/include/linux/capability.h
$(call cmd,make-caps)
$(obj)/rlim_names.h : $(srctree)/include/asm-generic/resource.h
$(call cmd,make-rlim)
+$(obj)/af_names.h : $(srctree)/include/linux/socket.h
+ $(call cmd,make-af)
\ No newline at end of file
diff --git a/security/apparmor/include/net.h b/security/apparmor/include/net.h
new file mode 100644
index 0000000..3c7d599
--- /dev/null
+++ b/security/apparmor/include/net.h
@@ -0,0 +1,40 @@
+/*
+ * AppArmor security module
+ *
+ * This file contains AppArmor network mediation definitions.
+ *
+ * Copyright (C) 1998-2008 Novell/SUSE
+ * Copyright 2009-2010 Canonical Ltd.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ */
+
+#ifndef __AA_NET_H
+#define __AA_NET_H
+
+#include <net/sock.h>
+
+/* struct aa_net - network confinement data
+ * @allowed: basic network families permissions
+ * @audit_network: which network permissions to force audit
+ * @quiet_network: which network permissions to quiet rejects
+ */
+struct aa_net {
+ u16 allow[AF_MAX];
+ u16 audit[AF_MAX];
+ u16 quiet[AF_MAX];
+};
+
+extern int aa_net_perm(int op, struct aa_profile *profile, u16 family,
+ int type, int protocol, struct sock *sk);
+extern int aa_revalidate_sk(int op, struct sock *sk);
+
+static inline void aa_free_net_rules(struct aa_net *new)
+{
+ /* NOP */
+}
+
+#endif /* __AA_NET_H */
diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
index aeda5cf..6776929 100644
--- a/security/apparmor/include/policy.h
+++ b/security/apparmor/include/policy.h
@@ -27,6 +27,7 @@
#include "capability.h"
#include "domain.h"
#include "file.h"
+#include "net.h"
#include "resource.h"
extern const char *profile_mode_names[];
@@ -145,6 +146,7 @@ struct aa_namespace {
* @size: the memory consumed by this profiles rules
* @file: The set of rules governing basic file access and domain transitions
* @caps: capabilities for the profile
+ * @net: network controls for the profile
* @rlimits: rlimits for the profile
*
* The AppArmor profile contains the basic confinement data. Each profile
@@ -181,6 +183,7 @@ struct aa_profile {
struct aa_file_rules file;
struct aa_caps caps;
+ struct aa_net net;
struct aa_rlimit rlimits;
};
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 3783202..7459547 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -32,6 +32,7 @@
#include "include/context.h"
#include "include/file.h"
#include "include/ipc.h"
+#include "include/net.h"
#include "include/path.h"
#include "include/policy.h"
#include "include/procattr.h"
@@ -621,6 +622,104 @@ static int apparmor_task_setrlimit(struct task_struct *task,
return error;
}
+static int apparmor_socket_create(int family, int type, int protocol, int kern)
+{
+ struct aa_profile *profile;
+ int error = 0;
+
+ if (kern)
+ return 0;
+
+ profile = __aa_current_profile();
+ if (!unconfined(profile))
+ error = aa_net_perm(OP_CREATE, profile, family, type, protocol,
+ NULL);
+ return error;
+}
+
+static int apparmor_socket_bind(struct socket *sock,
+ struct sockaddr *address, int addrlen)
+{
+ struct sock *sk = sock->sk;
+
+ return aa_revalidate_sk(OP_BIND, sk);
+}
+
+static int apparmor_socket_connect(struct socket *sock,
+ struct sockaddr *address, int addrlen)
+{
+ struct sock *sk = sock->sk;
+
+ return aa_revalidate_sk(OP_CONNECT, sk);
+}
+
+static int apparmor_socket_listen(struct socket *sock, int backlog)
+{
+ struct sock *sk = sock->sk;
+
+ return aa_revalidate_sk(OP_LISTEN, sk);
+}
+
+static int apparmor_socket_accept(struct socket *sock, struct socket *newsock)
+{
+ struct sock *sk = sock->sk;
+
+ return aa_revalidate_sk(OP_ACCEPT, sk);
+}
+
+static int apparmor_socket_sendmsg(struct socket *sock,
+ struct msghdr *msg, int size)
+{
+ struct sock *sk = sock->sk;
+
+ return aa_revalidate_sk(OP_SENDMSG, sk);
+}
+
+static int apparmor_socket_recvmsg(struct socket *sock,
+ struct msghdr *msg, int size, int flags)
+{
+ struct sock *sk = sock->sk;
+
+ return aa_revalidate_sk(OP_RECVMSG, sk);
+}
+
+static int apparmor_socket_getsockname(struct socket *sock)
+{
+ struct sock *sk = sock->sk;
+
+ return aa_revalidate_sk(OP_GETSOCKNAME, sk);
+}
+
+static int apparmor_socket_getpeername(struct socket *sock)
+{
+ struct sock *sk = sock->sk;
+
+ return aa_revalidate_sk(OP_GETPEERNAME, sk);
+}
+
+static int apparmor_socket_getsockopt(struct socket *sock, int level,
+ int optname)
+{
+ struct sock *sk = sock->sk;
+
+ return aa_revalidate_sk(OP_GETSOCKOPT, sk);
+}
+
+static int apparmor_socket_setsockopt(struct socket *sock, int level,
+ int optname)
+{
+ struct sock *sk = sock->sk;
+
+ return aa_revalidate_sk(OP_SETSOCKOPT, sk);
+}
+
+static int apparmor_socket_shutdown(struct socket *sock, int how)
+{
+ struct sock *sk = sock->sk;
+
+ return aa_revalidate_sk(OP_SOCK_SHUTDOWN, sk);
+}
+
static struct security_operations apparmor_ops = {
.name = "apparmor",
@@ -652,6 +751,19 @@ static struct security_operations apparmor_ops = {
.getprocattr = apparmor_getprocattr,
.setprocattr = apparmor_setprocattr,
+ .socket_create = apparmor_socket_create,
+ .socket_bind = apparmor_socket_bind,
+ .socket_connect = apparmor_socket_connect,
+ .socket_listen = apparmor_socket_listen,
+ .socket_accept = apparmor_socket_accept,
+ .socket_sendmsg = apparmor_socket_sendmsg,
+ .socket_recvmsg = apparmor_socket_recvmsg,
+ .socket_getsockname = apparmor_socket_getsockname,
+ .socket_getpeername = apparmor_socket_getpeername,
+ .socket_getsockopt = apparmor_socket_getsockopt,
+ .socket_setsockopt = apparmor_socket_setsockopt,
+ .socket_shutdown = apparmor_socket_shutdown,
+
.cred_alloc_blank = apparmor_cred_alloc_blank,
.cred_free = apparmor_cred_free,
.cred_prepare = apparmor_cred_prepare,
diff --git a/security/apparmor/net.c b/security/apparmor/net.c
new file mode 100644
index 0000000..1765901
--- /dev/null
+++ b/security/apparmor/net.c
@@ -0,0 +1,170 @@
+/*
+ * AppArmor security module
+ *
+ * This file contains AppArmor network mediation
+ *
+ * Copyright (C) 1998-2008 Novell/SUSE
+ * Copyright 2009-2010 Canonical Ltd.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ */
+
+#include "include/apparmor.h"
+#include "include/audit.h"
+#include "include/context.h"
+#include "include/net.h"
+#include "include/policy.h"
+
+#include "af_names.h"
+
+static const char *sock_type_names[] = {
+ "unknown(0)",
+ "stream",
+ "dgram",
+ "raw",
+ "rdm",
+ "seqpacket",
+ "dccp",
+ "unknown(7)",
+ "unknown(8)",
+ "unknown(9)",
+ "packet",
+};
+
+/* audit callback for net specific fields */
+static void audit_cb(struct audit_buffer *ab, void *va)
+{
+ struct common_audit_data *sa = va;
+
+ audit_log_format(ab, " family=");
+ if (address_family_names[sa->u.net.family]) {
+ audit_log_string(ab, address_family_names[sa->u.net.family]);
+ } else {
+ audit_log_format(ab, " \"unknown(%d)\"", sa->u.net.family);
+ }
+
+ audit_log_format(ab, " sock_type=");
+ if (sock_type_names[sa->aad.net.type]) {
+ audit_log_string(ab, sock_type_names[sa->aad.net.type]);
+ } else {
+ audit_log_format(ab, "\"unknown(%d)\"", sa->aad.net.type);
+ }
+
+ audit_log_format(ab, " protocol=%d", sa->aad.net.protocol);
+}
+
+/**
+ * audit_net - audit network access
+ * @profile: profile being enforced (NOT NULL)
+ * @op: operation being checked
+ * @family: network family
+ * @type: network type
+ * @protocol: network protocol
+ * @sk: socket auditing is being applied to
+ * @error: error code for failure else 0
+ *
+ * Returns: %0 or sa->error else other errorcode on failure
+ */
+static int audit_net(struct aa_profile *profile, int op, u16 family, int type,
+ int protocol, struct sock *sk, int error)
+{
+ int audit_type = AUDIT_APPARMOR_AUTO;
+ struct common_audit_data sa;
+ if (sk) {
+ COMMON_AUDIT_DATA_INIT(&sa, NET);
+ } else {
+ COMMON_AUDIT_DATA_INIT(&sa, NONE);
+ }
+ /* todo fill in socket addr info */
+
+ sa.aad.op = op,
+ sa.u.net.family = family;
+ sa.u.net.sk = sk;
+ sa.aad.net.type = type;
+ sa.aad.net.protocol = protocol;
+ sa.aad.error = error;
+
+ if (likely(!sa.aad.error)) {
+ u16 audit_mask = profile->net.audit[sa.u.net.family];
+ if (likely((AUDIT_MODE(profile) != AUDIT_ALL) &&
+ !(1 << sa.aad.net.type & audit_mask)))
+ return 0;
+ audit_type = AUDIT_APPARMOR_AUDIT;
+ } else {
+ u16 quiet_mask = profile->net.quiet[sa.u.net.family];
+ u16 kill_mask = 0;
+ u16 denied = (1 << sa.aad.net.type) & ~quiet_mask;
+
+ if (denied & kill_mask)
+ audit_type = AUDIT_APPARMOR_KILL;
+
+ if ((denied & quiet_mask) &&
+ AUDIT_MODE(profile) != AUDIT_NOQUIET &&
+ AUDIT_MODE(profile) != AUDIT_ALL)
+ return COMPLAIN_MODE(profile) ? 0 : sa.aad.error;
+ }
+
+ return aa_audit(audit_type, profile, GFP_KERNEL, &sa, audit_cb);
+}
+
+/**
+ * aa_net_perm - very course network access check
+ * @op: operation being checked
+ * @profile: profile being enforced (NOT NULL)
+ * @family: network family
+ * @type: network type
+ * @protocol: network protocol
+ *
+ * Returns: %0 else error if permission denied
+ */
+int aa_net_perm(int op, struct aa_profile *profile, u16 family, int type,
+ int protocol, struct sock *sk)
+{
+ u16 family_mask;
+ int error;
+
+ if ((family < 0) || (family >= AF_MAX))
+ return -EINVAL;
+
+ if ((type < 0) || (type >= SOCK_MAX))
+ return -EINVAL;
+
+ /* unix domain and netlink sockets are handled by ipc */
+ if (family == AF_UNIX || family == AF_NETLINK)
+ return 0;
+
+ family_mask = profile->net.allow[family];
+
+ error = (family_mask & (1 << type)) ? 0 : -EACCES;
+
+ return audit_net(profile, op, family, type, protocol, sk, error);
+}
+
+/**
+ * aa_revalidate_sk - Revalidate access to a sock
+ * @op: operation being checked
+ * @sk: sock being revalidated (NOT NULL)
+ *
+ * Returns: %0 else error if permission denied
+ */
+int aa_revalidate_sk(int op, struct sock *sk)
+{
+ struct aa_profile *profile;
+ int error = 0;
+
+ /* aa_revalidate_sk should not be called from interrupt context
+ * don't mediate these calls as they are not task related
+ */
+ if (in_interrupt())
+ return 0;
+
+ profile = __aa_current_profile();
+ if (!unconfined(profile))
+ error = aa_net_perm(op, profile, sk->sk_family, sk->sk_type,
+ sk->sk_protocol, sk);
+
+ return error;
+}
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index 4f0eade..4d5ce13 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -745,6 +745,7 @@ static void free_profile(struct aa_profile *profile)
aa_free_file_rules(&profile->file);
aa_free_cap_rules(&profile->caps);
+ aa_free_net_rules(&profile->net);
aa_free_rlimit_rules(&profile->rlimits);
aa_free_sid(profile->sid);
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 741dd13..ee8043e 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -190,6 +190,19 @@ fail:
return 0;
}
+static bool unpack_u16(struct aa_ext *e, u16 *data, const char *name)
+{
+ if (unpack_nameX(e, AA_U16, name)) {
+ if (!inbounds(e, sizeof(u16)))
+ return 0;
+ if (data)
+ *data = le16_to_cpu(get_unaligned((u16 *) e->pos));
+ e->pos += sizeof(u16);
+ return 1;
+ }
+ return 0;
+}
+
static bool unpack_u32(struct aa_ext *e, u32 *data, const char *name)
{
if (unpack_nameX(e, AA_U32, name)) {
@@ -468,7 +481,8 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
{
struct aa_profile *profile = NULL;
const char *name = NULL;
- int error = -EPROTO;
+ size_t size = 0;
+ int i, error = -EPROTO;
kernel_cap_t tmpcap;
u32 tmp;
@@ -559,6 +573,38 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
if (!unpack_rlimits(e, profile))
goto fail;
+ size = unpack_array(e, "net_allowed_af");
+ if (size) {
+
+ for (i = 0; i < size; i++) {
+ /* discard extraneous rules that this kernel will
+ * never request
+ */
+ if (i >= AF_MAX) {
+ u16 tmp;
+ if (!unpack_u16(e, &tmp, NULL) ||
+ !unpack_u16(e, &tmp, NULL) ||
+ !unpack_u16(e, &tmp, NULL))
+ goto fail;
+ continue;
+ }
+ if (!unpack_u16(e, &profile->net.allow[i], NULL))
+ goto fail;
+ if (!unpack_u16(e, &profile->net.audit[i], NULL))
+ goto fail;
+ if (!unpack_u16(e, &profile->net.quiet[i], NULL))
+ goto fail;
+ }
+ if (!unpack_nameX(e, AA_ARRAYEND, NULL))
+ goto fail;
+ /*
+ * allow unix domain and netlink sockets they are handled
+ * by IPC
+ */
+ }
+ profile->net.allow[AF_UNIX] = 0xffff;
+ profile->net.allow[AF_NETLINK] = 0xffff;
+
/* get file rules */
profile->file.dfa = unpack_dfa(e);
if (IS_ERR(profile->file.dfa)) {
--
1.7.9.5

391
pkgs/os-specific/linux/kernel/apparmor-patches/3.2/0002-AppArmor-compatibility-patch-for-v5-interface.patch
View file

@ -1,391 +0,0 @@
From 004192fb5223c7b81a949e36a080a5da56132826 Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Wed, 10 Aug 2011 22:02:40 -0700
Subject: [PATCH 2/3] AppArmor: compatibility patch for v5 interface
Signed-off-by: John Johansen <john.johansen@canonical.com>
---
security/apparmor/Kconfig | 9 +
security/apparmor/Makefile | 1 +
security/apparmor/apparmorfs-24.c | 287 ++++++++++++++++++++++++++++++++
security/apparmor/apparmorfs.c | 18 +-
security/apparmor/include/apparmorfs.h | 6 +
5 files changed, 319 insertions(+), 2 deletions(-)
create mode 100644 security/apparmor/apparmorfs-24.c
diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig
index 9b9013b..51ebf96 100644
--- a/security/apparmor/Kconfig
+++ b/security/apparmor/Kconfig
@@ -29,3 +29,12 @@ config SECURITY_APPARMOR_BOOTPARAM_VALUE
boot.
If you are unsure how to answer this question, answer 1.
+
+config SECURITY_APPARMOR_COMPAT_24
+ bool "Enable AppArmor 2.4 compatability"
+ depends on SECURITY_APPARMOR
+ default y
+ help
+ This option enables compatability with AppArmor 2.4. It is
+ recommended if compatability with older versions of AppArmor
+ is desired.
diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile
index 7cefef9..0bb604b 100644
--- a/security/apparmor/Makefile
+++ b/security/apparmor/Makefile
@@ -5,6 +5,7 @@ obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o
apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \
path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \
resource.o sid.o file.o net.o
+apparmor-$(CONFIG_SECURITY_APPARMOR_COMPAT_24) += apparmorfs-24.o
clean-files := capability_names.h rlim_names.h af_names.h
diff --git a/security/apparmor/apparmorfs-24.c b/security/apparmor/apparmorfs-24.c
new file mode 100644
index 0000000..dc8c744
--- /dev/null
+++ b/security/apparmor/apparmorfs-24.c
@@ -0,0 +1,287 @@
+/*
+ * AppArmor security module
+ *
+ * This file contains AppArmor /sys/kernel/secrutiy/apparmor interface functions
+ *
+ * Copyright (C) 1998-2008 Novell/SUSE
+ * Copyright 2009-2010 Canonical Ltd.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ *
+ *
+ * This file contain functions providing an interface for <= AppArmor 2.4
+ * compatibility. It is dependent on CONFIG_SECURITY_APPARMOR_COMPAT_24
+ * being set (see Makefile).
+ */
+
+#include <linux/security.h>
+#include <linux/vmalloc.h>
+#include <linux/module.h>
+#include <linux/seq_file.h>
+#include <linux/uaccess.h>
+#include <linux/namei.h>
+
+#include "include/apparmor.h"
+#include "include/audit.h"
+#include "include/context.h"
+#include "include/policy.h"
+
+
+/* apparmor/matching */
+static ssize_t aa_matching_read(struct file *file, char __user *buf,
+ size_t size, loff_t *ppos)
+{
+ const char matching[] = "pattern=aadfa audit perms=crwxamlk/ "
+ "user::other";
+
+ return simple_read_from_buffer(buf, size, ppos, matching,
+ sizeof(matching) - 1);
+}
+
+const struct file_operations aa_fs_matching_fops = {
+ .read = aa_matching_read,
+};
+
+/* apparmor/features */
+static ssize_t aa_features_read(struct file *file, char __user *buf,
+ size_t size, loff_t *ppos)
+{
+ const char features[] = "file=3.1 capability=2.0 network=1.0 "
+ "change_hat=1.5 change_profile=1.1 " "aanamespaces=1.1 rlimit=1.1";
+
+ return simple_read_from_buffer(buf, size, ppos, features,
+ sizeof(features) - 1);
+}
+
+const struct file_operations aa_fs_features_fops = {
+ .read = aa_features_read,
+};
+
+/**
+ * __next_namespace - find the next namespace to list
+ * @root: root namespace to stop search at (NOT NULL)
+ * @ns: current ns position (NOT NULL)
+ *
+ * Find the next namespace from @ns under @root and handle all locking needed
+ * while switching current namespace.
+ *
+ * Returns: next namespace or NULL if at last namespace under @root
+ * NOTE: will not unlock root->lock
+ */
+static struct aa_namespace *__next_namespace(struct aa_namespace *root,
+ struct aa_namespace *ns)
+{
+ struct aa_namespace *parent;
+
+ /* is next namespace a child */
+ if (!list_empty(&ns->sub_ns)) {
+ struct aa_namespace *next;
+ next = list_first_entry(&ns->sub_ns, typeof(*ns), base.list);
+ read_lock(&next->lock);
+ return next;
+ }
+
+ /* check if the next ns is a sibling, parent, gp, .. */
+ parent = ns->parent;
+ while (parent) {
+ read_unlock(&ns->lock);
+ list_for_each_entry_continue(ns, &parent->sub_ns, base.list) {
+ read_lock(&ns->lock);
+ return ns;
+ }
+ if (parent == root)
+ return NULL;
+ ns = parent;
+ parent = parent->parent;
+ }
+
+ return NULL;
+}
+
+/**
+ * __first_profile - find the first profile in a namespace
+ * @root: namespace that is root of profiles being displayed (NOT NULL)
+ * @ns: namespace to start in (NOT NULL)
+ *
+ * Returns: unrefcounted profile or NULL if no profile
+ */
+static struct aa_profile *__first_profile(struct aa_namespace *root,
+ struct aa_namespace *ns)
+{
+ for ( ; ns; ns = __next_namespace(root, ns)) {
+ if (!list_empty(&ns->base.profiles))
+ return list_first_entry(&ns->base.profiles,
+ struct aa_profile, base.list);
+ }
+ return NULL;
+}
+
+/**
+ * __next_profile - step to the next profile in a profile tree
+ * @profile: current profile in tree (NOT NULL)
+ *
+ * Perform a depth first taversal on the profile tree in a namespace
+ *
+ * Returns: next profile or NULL if done
+ * Requires: profile->ns.lock to be held
+ */
+static struct aa_profile *__next_profile(struct aa_profile *p)
+{
+ struct aa_profile *parent;
+ struct aa_namespace *ns = p->ns;
+
+ /* is next profile a child */
+ if (!list_empty(&p->base.profiles))
+ return list_first_entry(&p->base.profiles, typeof(*p),
+ base.list);
+
+ /* is next profile a sibling, parent sibling, gp, subling, .. */
+ parent = p->parent;
+ while (parent) {
+ list_for_each_entry_continue(p, &parent->base.profiles,
+ base.list)
+ return p;
+ p = parent;
+ parent = parent->parent;
+ }
+
+ /* is next another profile in the namespace */
+ list_for_each_entry_continue(p, &ns->base.profiles, base.list)
+ return p;
+
+ return NULL;
+}
+
+/**
+ * next_profile - step to the next profile in where ever it may be
+ * @root: root namespace (NOT NULL)
+ * @profile: current profile (NOT NULL)
+ *
+ * Returns: next profile or NULL if there isn't one
+ */
+static struct aa_profile *next_profile(struct aa_namespace *root,
+ struct aa_profile *profile)
+{
+ struct aa_profile *next = __next_profile(profile);
+ if (next)
+ return next;
+
+ /* finished all profiles in namespace move to next namespace */
+ return __first_profile(root, __next_namespace(root, profile->ns));
+}
+
+/**
+ * p_start - start a depth first traversal of profile tree
+ * @f: seq_file to fill
+ * @pos: current position
+ *
+ * Returns: first profile under current namespace or NULL if none found
+ *
+ * acquires first ns->lock
+ */
+static void *p_start(struct seq_file *f, loff_t *pos)
+ __acquires(root->lock)
+{
+ struct aa_profile *profile = NULL;
+ struct aa_namespace *root = aa_current_profile()->ns;
+ loff_t l = *pos;
+ f->private = aa_get_namespace(root);
+
+
+ /* find the first profile */
+ read_lock(&root->lock);
+ profile = __first_profile(root, root);
+
+ /* skip to position */
+ for (; profile && l > 0; l--)
+ profile = next_profile(root, profile);
+
+ return profile;
+}
+
+/**
+ * p_next - read the next profile entry
+ * @f: seq_file to fill
+ * @p: profile previously returned
+ * @pos: current position
+ *
+ * Returns: next profile after @p or NULL if none
+ *
+ * may acquire/release locks in namespace tree as necessary
+ */
+static void *p_next(struct seq_file *f, void *p, loff_t *pos)
+{
+ struct aa_profile *profile = p;
+ struct aa_namespace *root = f->private;
+ (*pos)++;
+
+ return next_profile(root, profile);
+}
+
+/**
+ * p_stop - stop depth first traversal
+ * @f: seq_file we are filling
+ * @p: the last profile writen
+ *
+ * Release all locking done by p_start/p_next on namespace tree
+ */
+static void p_stop(struct seq_file *f, void *p)
+ __releases(root->lock)
+{
+ struct aa_profile *profile = p;
+ struct aa_namespace *root = f->private, *ns;
+
+ if (profile) {
+ for (ns = profile->ns; ns && ns != root; ns = ns->parent)
+ read_unlock(&ns->lock);
+ }
+ read_unlock(&root->lock);
+ aa_put_namespace(root);
+}
+
+/**
+ * seq_show_profile - show a profile entry
+ * @f: seq_file to file
+ * @p: current position (profile) (NOT NULL)
+ *
+ * Returns: error on failure
+ */
+static int seq_show_profile(struct seq_file *f, void *p)
+{
+ struct aa_profile *profile = (struct aa_profile *)p;
+ struct aa_namespace *root = f->private;
+
+ if (profile->ns != root)
+ seq_printf(f, ":%s://", aa_ns_name(root, profile->ns));
+ seq_printf(f, "%s (%s)\n", profile->base.hname,
+ COMPLAIN_MODE(profile) ? "complain" : "enforce");
+
+ return 0;
+}
+
+static const struct seq_operations aa_fs_profiles_op = {
+ .start = p_start,
+ .next = p_next,
+ .stop = p_stop,
+ .show = seq_show_profile,
+};
+
+static int profiles_open(struct inode *inode, struct file *file)
+{
+ return seq_open(file, &aa_fs_profiles_op);
+}
+
+static int profiles_release(struct inode *inode, struct file *file)
+{
+ return seq_release(inode, file);
+}
+
+const struct file_operations aa_fs_profiles_fops = {
+ .open = profiles_open,
+ .read = seq_read,
+ .llseek = seq_lseek,
+ .release = profiles_release,
+};
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 69ddb47..867995c 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -187,7 +187,11 @@ void __init aa_destroy_aafs(void)
aafs_remove(".remove");
aafs_remove(".replace");
aafs_remove(".load");
-
+#ifdef CONFIG_SECURITY_APPARMOR_COMPAT_24
+ aafs_remove("profiles");
+ aafs_remove("matching");
+ aafs_remove("features");
+#endif
securityfs_remove(aa_fs_dentry);
aa_fs_dentry = NULL;
}
@@ -218,7 +222,17 @@ static int __init aa_create_aafs(void)
aa_fs_dentry = NULL;
goto error;
}
-
+#ifdef CONFIG_SECURITY_APPARMOR_COMPAT_24
+ error = aafs_create("matching", 0444, &aa_fs_matching_fops);
+ if (error)
+ goto error;
+ error = aafs_create("features", 0444, &aa_fs_features_fops);
+ if (error)
+ goto error;
+#endif
+ error = aafs_create("profiles", 0440, &aa_fs_profiles_fops);
+ if (error)
+ goto error;
error = aafs_create(".load", 0640, &aa_fs_profile_load);
if (error)
goto error;
diff --git a/security/apparmor/include/apparmorfs.h b/security/apparmor/include/apparmorfs.h
index cb1e93a..14f955c 100644
--- a/security/apparmor/include/apparmorfs.h
+++ b/security/apparmor/include/apparmorfs.h
@@ -17,4 +17,10 @@
extern void __init aa_destroy_aafs(void);
+#ifdef CONFIG_SECURITY_APPARMOR_COMPAT_24
+extern const struct file_operations aa_fs_matching_fops;
+extern const struct file_operations aa_fs_features_fops;
+extern const struct file_operations aa_fs_profiles_fops;
+#endif
+
#endif /* __AA_APPARMORFS_H */
--
1.7.9.5

69
pkgs/os-specific/linux/kernel/apparmor-patches/3.2/0003-AppArmor-Allow-dfa-backward-compatibility-with-broke.patch
View file

@ -1,69 +0,0 @@
From e5d90918aa31f948ecec2f3c088567dbab30c90b Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Wed, 10 Aug 2011 22:02:41 -0700
Subject: [PATCH 3/3] AppArmor: Allow dfa backward compatibility with broken
userspace
The apparmor_parser when compiling policy could generate invalid dfas
that did not have sufficient padding to avoid invalid references, when
used by the kernel. The kernels check to verify the next/check table
size was broken meaning invalid dfas were being created by userspace
and not caught.
To remain compatible with old tools that are not fixed, pad the loaded
dfas next/check table. The dfa's themselves are valid except for the
high padding for potentially invalid transitions (high bounds error),
which have a maximimum is 256 entries. So just allocate an extra null filled
256 entries for the next/check tables. This will guarentee all bounds
are good and invalid transitions go to the null (0) state.
Signed-off-by: John Johansen <john.johansen@canonical.com>
---
security/apparmor/match.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/security/apparmor/match.c b/security/apparmor/match.c
index 94de6b4..081491e 100644
--- a/security/apparmor/match.c
+++ b/security/apparmor/match.c
@@ -57,8 +57,17 @@ static struct table_header *unpack_table(char *blob, size_t bsize)
if (bsize < tsize)
goto out;
+ /* Pad table allocation for next/check by 256 entries to remain
+ * backwards compatible with old (buggy) tools and remain safe without
+ * run time checks
+ */
+ if (th.td_id == YYTD_ID_NXT || th.td_id == YYTD_ID_CHK)
+ tsize += 256 * th.td_flags;
+
table = kvmalloc(tsize);
if (table) {
+ /* ensure the pad is clear, else there will be errors */
+ memset(table, 0, tsize);
*table = th;
if (th.td_flags == YYTD_DATA8)
UNPACK_ARRAY(table->td_data, blob, th.td_lolen,
@@ -134,11 +143,19 @@ static int verify_dfa(struct aa_dfa *dfa, int flags)
goto out;
if (flags & DFA_FLAG_VERIFY_STATES) {
+ int warning = 0;
for (i = 0; i < state_count; i++) {
if (DEFAULT_TABLE(dfa)[i] >= state_count)
goto out;
/* TODO: do check that DEF state recursion terminates */
if (BASE_TABLE(dfa)[i] + 255 >= trans_count) {
+ if (warning)
+ continue;
+ printk(KERN_WARNING "AppArmor DFA next/check "
+ "upper bounds error fixed, upgrade "
+ "user space tools \n");
+ warning = 1;
+ } else if (BASE_TABLE(dfa)[i] >= trans_count) {
printk(KERN_ERR "AppArmor DFA next/check upper "
"bounds error\n");
goto out;
--
1.7.9.5

264
pkgs/os-specific/linux/kernel/apparmor-patches/3.4/0001-UBUNTU-SAUCE-AppArmor-Add-profile-introspection-file.patch
View file

@ -1,264 +0,0 @@
From 8de755e4dfdbc40bfcaca848ae6b5aeaf0ede0e8 Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Thu, 22 Jul 2010 02:32:02 -0700
Subject: [PATCH 1/3] UBUNTU: SAUCE: AppArmor: Add profile introspection file
to interface
Add the dynamic profiles file to the interace, to allow load policy
introspection.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
---
security/apparmor/apparmorfs.c | 227 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 227 insertions(+)
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 16c15ec..89bdc62 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -182,6 +182,232 @@ const struct file_operations aa_fs_seq_file_ops = {
.release = single_release,
};
+/**
+ * __next_namespace - find the next namespace to list
+ * @root: root namespace to stop search at (NOT NULL)
+ * @ns: current ns position (NOT NULL)
+ *
+ * Find the next namespace from @ns under @root and handle all locking needed
+ * while switching current namespace.
+ *
+ * Returns: next namespace or NULL if at last namespace under @root
+ * NOTE: will not unlock root->lock
+ */
+static struct aa_namespace *__next_namespace(struct aa_namespace *root,
+ struct aa_namespace *ns)
+{
+ struct aa_namespace *parent;
+
+ /* is next namespace a child */
+ if (!list_empty(&ns->sub_ns)) {
+ struct aa_namespace *next;
+ next = list_first_entry(&ns->sub_ns, typeof(*ns), base.list);
+ read_lock(&next->lock);
+ return next;
+ }
+
+ /* check if the next ns is a sibling, parent, gp, .. */
+ parent = ns->parent;
+ while (parent) {
+ read_unlock(&ns->lock);
+ list_for_each_entry_continue(ns, &parent->sub_ns, base.list) {
+ read_lock(&ns->lock);
+ return ns;
+ }
+ if (parent == root)
+ return NULL;
+ ns = parent;
+ parent = parent->parent;
+ }
+
+ return NULL;
+}
+
+/**
+ * __first_profile - find the first profile in a namespace
+ * @root: namespace that is root of profiles being displayed (NOT NULL)
+ * @ns: namespace to start in (NOT NULL)
+ *
+ * Returns: unrefcounted profile or NULL if no profile
+ */
+static struct aa_profile *__first_profile(struct aa_namespace *root,
+ struct aa_namespace *ns)
+{
+ for ( ; ns; ns = __next_namespace(root, ns)) {
+ if (!list_empty(&ns->base.profiles))
+ return list_first_entry(&ns->base.profiles,
+ struct aa_profile, base.list);
+ }
+ return NULL;
+}
+
+/**
+ * __next_profile - step to the next profile in a profile tree
+ * @profile: current profile in tree (NOT NULL)
+ *
+ * Perform a depth first taversal on the profile tree in a namespace
+ *
+ * Returns: next profile or NULL if done
+ * Requires: profile->ns.lock to be held
+ */
+static struct aa_profile *__next_profile(struct aa_profile *p)
+{
+ struct aa_profile *parent;
+ struct aa_namespace *ns = p->ns;
+
+ /* is next profile a child */
+ if (!list_empty(&p->base.profiles))
+ return list_first_entry(&p->base.profiles, typeof(*p),
+ base.list);
+
+ /* is next profile a sibling, parent sibling, gp, subling, .. */
+ parent = p->parent;
+ while (parent) {
+ list_for_each_entry_continue(p, &parent->base.profiles,
+ base.list)
+ return p;
+ p = parent;
+ parent = parent->parent;
+ }
+
+ /* is next another profile in the namespace */
+ list_for_each_entry_continue(p, &ns->base.profiles, base.list)
+ return p;
+
+ return NULL;
+}
+
+/**
+ * next_profile - step to the next profile in where ever it may be
+ * @root: root namespace (NOT NULL)
+ * @profile: current profile (NOT NULL)
+ *
+ * Returns: next profile or NULL if there isn't one
+ */
+static struct aa_profile *next_profile(struct aa_namespace *root,
+ struct aa_profile *profile)
+{
+ struct aa_profile *next = __next_profile(profile);
+ if (next)
+ return next;
+
+ /* finished all profiles in namespace move to next namespace */
+ return __first_profile(root, __next_namespace(root, profile->ns));
+}
+
+/**
+ * p_start - start a depth first traversal of profile tree
+ * @f: seq_file to fill
+ * @pos: current position
+ *
+ * Returns: first profile under current namespace or NULL if none found
+ *
+ * acquires first ns->lock
+ */
+static void *p_start(struct seq_file *f, loff_t *pos)
+ __acquires(root->lock)
+{
+ struct aa_profile *profile = NULL;
+ struct aa_namespace *root = aa_current_profile()->ns;
+ loff_t l = *pos;
+ f->private = aa_get_namespace(root);
+
+
+ /* find the first profile */
+ read_lock(&root->lock);
+ profile = __first_profile(root, root);
+
+ /* skip to position */
+ for (; profile && l > 0; l--)
+ profile = next_profile(root, profile);
+
+ return profile;
+}
+
+/**
+ * p_next - read the next profile entry
+ * @f: seq_file to fill
+ * @p: profile previously returned
+ * @pos: current position
+ *
+ * Returns: next profile after @p or NULL if none
+ *
+ * may acquire/release locks in namespace tree as necessary
+ */
+static void *p_next(struct seq_file *f, void *p, loff_t *pos)
+{
+ struct aa_profile *profile = p;
+ struct aa_namespace *root = f->private;
+ (*pos)++;
+
+ return next_profile(root, profile);
+}
+
+/**
+ * p_stop - stop depth first traversal
+ * @f: seq_file we are filling
+ * @p: the last profile writen
+ *
+ * Release all locking done by p_start/p_next on namespace tree
+ */
+static void p_stop(struct seq_file *f, void *p)
+ __releases(root->lock)
+{
+ struct aa_profile *profile = p;
+ struct aa_namespace *root = f->private, *ns;
+
+ if (profile) {
+ for (ns = profile->ns; ns && ns != root; ns = ns->parent)
+ read_unlock(&ns->lock);
+ }
+ read_unlock(&root->lock);
+ aa_put_namespace(root);
+}
+
+/**
+ * seq_show_profile - show a profile entry
+ * @f: seq_file to file
+ * @p: current position (profile) (NOT NULL)
+ *
+ * Returns: error on failure
+ */
+static int seq_show_profile(struct seq_file *f, void *p)
+{
+ struct aa_profile *profile = (struct aa_profile *)p;
+ struct aa_namespace *root = f->private;
+
+ if (profile->ns != root)
+ seq_printf(f, ":%s://", aa_ns_name(root, profile->ns));
+ seq_printf(f, "%s (%s)\n", profile->base.hname,
+ COMPLAIN_MODE(profile) ? "complain" : "enforce");
+
+ return 0;
+}
+
+static const struct seq_operations aa_fs_profiles_op = {
+ .start = p_start,
+ .next = p_next,
+ .stop = p_stop,
+ .show = seq_show_profile,
+};
+
+static int profiles_open(struct inode *inode, struct file *file)
+{
+ return seq_open(file, &aa_fs_profiles_op);
+}
+
+static int profiles_release(struct inode *inode, struct file *file)
+{
+ return seq_release(inode, file);
+}
+
+const struct file_operations aa_fs_profiles_fops = {
+ .open = profiles_open,
+ .read = seq_read,
+ .llseek = seq_lseek,
+ .release = profiles_release,
+};
+
/** Base file system setup **/
static struct aa_fs_entry aa_fs_entry_file[] = {
@@ -210,6 +436,7 @@ static struct aa_fs_entry aa_fs_entry_apparmor[] = {
AA_FS_FILE_FOPS(".load", 0640, &aa_fs_profile_load),
AA_FS_FILE_FOPS(".replace", 0640, &aa_fs_profile_replace),
AA_FS_FILE_FOPS(".remove", 0640, &aa_fs_profile_remove),
+ AA_FS_FILE_FOPS("profiles", 0640, &aa_fs_profiles_fops),
AA_FS_DIR("features", aa_fs_entry_features),
{ }
};
--
1.7.9.5

603
pkgs/os-specific/linux/kernel/apparmor-patches/3.4/0002-UBUNTU-SAUCE-AppArmor-basic-networking-rules.patch
View file

@ -1,603 +0,0 @@
From 423e2cb454d75d6185eecd0c1b5cf6ccc2d8482d Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Mon, 4 Oct 2010 15:03:36 -0700
Subject: [PATCH 2/3] UBUNTU: SAUCE: AppArmor: basic networking rules
Base support for network mediation.
Signed-off-by: John Johansen <john.johansen@canonical.com>
---
security/apparmor/.gitignore | 2 +-
security/apparmor/Makefile | 42 +++++++++-
security/apparmor/apparmorfs.c | 1 +
security/apparmor/include/audit.h | 4 +
security/apparmor/include/net.h | 44 ++++++++++
security/apparmor/include/policy.h | 3 +
security/apparmor/lsm.c | 112 +++++++++++++++++++++++++
security/apparmor/net.c | 162 ++++++++++++++++++++++++++++++++++++
security/apparmor/policy.c | 1 +
security/apparmor/policy_unpack.c | 46 ++++++++++
10 files changed, 414 insertions(+), 3 deletions(-)
create mode 100644 security/apparmor/include/net.h
create mode 100644 security/apparmor/net.c
diff --git a/security/apparmor/.gitignore b/security/apparmor/.gitignore
index 4d995ae..d5b291e 100644
--- a/security/apparmor/.gitignore
+++ b/security/apparmor/.gitignore
@@ -1,6 +1,6 @@
#
# Generated include files
#
-af_names.h
+net_names.h
capability_names.h
rlim_names.h
diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile
index 806bd19..19daa85 100644
--- a/security/apparmor/Makefile
+++ b/security/apparmor/Makefile
@@ -4,9 +4,9 @@ obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o
apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \
path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \
- resource.o sid.o file.o
+ resource.o sid.o file.o net.o
-clean-files := capability_names.h rlim_names.h
+clean-files := capability_names.h rlim_names.h net_names.h
# Build a lower case string table of capability names
@@ -20,6 +20,38 @@ cmd_make-caps = echo "static const char *const capability_names[] = {" > $@ ;\
-e 's/^\#define[ \t]+CAP_([A-Z0-9_]+)[ \t]+([0-9]+)/[\2] = "\L\1",/p';\
echo "};" >> $@
+# Build a lower case string table of address family names
+# Transform lines from
+# define AF_LOCAL 1 /* POSIX name for AF_UNIX */
+# #define AF_INET 2 /* Internet IP Protocol */
+# to
+# [1] = "local",
+# [2] = "inet",
+#
+# and build the securityfs entries for the mapping.
+# Transforms lines from
+# #define AF_INET 2 /* Internet IP Protocol */
+# to
+# #define AA_FS_AF_MASK "local inet"
+quiet_cmd_make-af = GEN $@
+cmd_make-af = echo "static const char *address_family_names[] = {" > $@ ;\
+ sed $< >>$@ -r -n -e "/AF_MAX/d" -e "/AF_LOCAL/d" -e \
+ 's/^\#define[ \t]+AF_([A-Z0-9_]+)[ \t]+([0-9]+)(.*)/[\2] = "\L\1",/p';\
+ echo "};" >> $@ ;\
+ echo -n '\#define AA_FS_AF_MASK "' >> $@ ;\
+ sed -r -n 's/^\#define[ \t]+AF_([A-Z0-9_]+)[ \t]+([0-9]+)(.*)/\L\1/p'\
+ $< | tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@
+
+# Build a lower case string table of sock type names
+# Transform lines from
+# SOCK_STREAM = 1,
+# to
+# [1] = "stream",
+quiet_cmd_make-sock = GEN $@
+cmd_make-sock = echo "static const char *sock_type_names[] = {" >> $@ ;\
+ sed $^ >>$@ -r -n \
+ -e 's/^\tSOCK_([A-Z0-9_]+)[\t]+=[ \t]+([0-9]+)(.*)/[\2] = "\L\1",/p';\
+ echo "};" >> $@
# Build a lower case string table of rlimit names.
# Transforms lines from
@@ -56,6 +88,7 @@ cmd_make-rlim = echo "static const char *const rlim_names[RLIM_NLIMITS] = {" \
tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@
$(obj)/capability.o : $(obj)/capability_names.h
+$(obj)/net.o : $(obj)/net_names.h
$(obj)/resource.o : $(obj)/rlim_names.h
$(obj)/capability_names.h : $(srctree)/include/linux/capability.h \
$(src)/Makefile
@@ -63,3 +96,8 @@ $(obj)/capability_names.h : $(srctree)/include/linux/capability.h \
$(obj)/rlim_names.h : $(srctree)/include/asm-generic/resource.h \
$(src)/Makefile
$(call cmd,make-rlim)
+$(obj)/net_names.h : $(srctree)/include/linux/socket.h \
+ $(srctree)/include/linux/net.h \
+ $(src)/Makefile
+ $(call cmd,make-af)
+ $(call cmd,make-sock)
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 89bdc62..c66315d 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -427,6 +427,7 @@ static struct aa_fs_entry aa_fs_entry_domain[] = {
static struct aa_fs_entry aa_fs_entry_features[] = {
AA_FS_DIR("domain", aa_fs_entry_domain),
AA_FS_DIR("file", aa_fs_entry_file),
+ AA_FS_DIR("network", aa_fs_entry_network),
AA_FS_FILE_U64("capability", VFS_CAP_FLAGS_MASK),
AA_FS_DIR("rlimit", aa_fs_entry_rlimit),
{ }
diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h
index 3868b1e..c1ff09c 100644
--- a/security/apparmor/include/audit.h
+++ b/security/apparmor/include/audit.h
@@ -126,6 +126,10 @@ struct apparmor_audit_data {
u32 denied;
uid_t ouid;
} fs;
+ struct {
+ int type, protocol;
+ struct sock *sk;
+ } net;
};
};
diff --git a/security/apparmor/include/net.h b/security/apparmor/include/net.h
new file mode 100644
index 0000000..cb8a121
--- /dev/null
+++ b/security/apparmor/include/net.h
@@ -0,0 +1,44 @@
+/*
+ * AppArmor security module
+ *
+ * This file contains AppArmor network mediation definitions.
+ *
+ * Copyright (C) 1998-2008 Novell/SUSE
+ * Copyright 2009-2012 Canonical Ltd.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ */
+
+#ifndef __AA_NET_H
+#define __AA_NET_H
+
+#include <net/sock.h>
+
+#include "apparmorfs.h"
+
+/* struct aa_net - network confinement data
+ * @allowed: basic network families permissions
+ * @audit_network: which network permissions to force audit
+ * @quiet_network: which network permissions to quiet rejects
+ */
+struct aa_net {
+ u16 allow[AF_MAX];
+ u16 audit[AF_MAX];
+ u16 quiet[AF_MAX];
+};
+
+extern struct aa_fs_entry aa_fs_entry_network[];
+
+extern int aa_net_perm(int op, struct aa_profile *profile, u16 family,
+ int type, int protocol, struct sock *sk);
+extern int aa_revalidate_sk(int op, struct sock *sk);
+
+static inline void aa_free_net_rules(struct aa_net *new)
+{
+ /* NOP */
+}
+
+#endif /* __AA_NET_H */
diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
index bda4569..eb13a73 100644
--- a/security/apparmor/include/policy.h
+++ b/security/apparmor/include/policy.h
@@ -27,6 +27,7 @@
#include "capability.h"
#include "domain.h"
#include "file.h"
+#include "net.h"
#include "resource.h"
extern const char *const profile_mode_names[];
@@ -157,6 +158,7 @@ struct aa_policydb {
* @policy: general match rules governing policy
* @file: The set of rules governing basic file access and domain transitions
* @caps: capabilities for the profile
+ * @net: network controls for the profile
* @rlimits: rlimits for the profile
*
* The AppArmor profile contains the basic confinement data. Each profile
@@ -194,6 +196,7 @@ struct aa_profile {
struct aa_policydb policy;
struct aa_file_rules file;
struct aa_caps caps;
+ struct aa_net net;
struct aa_rlimit rlimits;
};
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index ad05d39..3cde194 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -32,6 +32,7 @@
#include "include/context.h"
#include "include/file.h"
#include "include/ipc.h"
+#include "include/net.h"
#include "include/path.h"
#include "include/policy.h"
#include "include/procattr.h"
@@ -622,6 +623,104 @@ static int apparmor_task_setrlimit(struct task_struct *task,
return error;
}
+static int apparmor_socket_create(int family, int type, int protocol, int kern)
+{
+ struct aa_profile *profile;
+ int error = 0;
+
+ if (kern)
+ return 0;
+
+ profile = __aa_current_profile();
+ if (!unconfined(profile))
+ error = aa_net_perm(OP_CREATE, profile, family, type, protocol,
+ NULL);
+ return error;
+}
+
+static int apparmor_socket_bind(struct socket *sock,
+ struct sockaddr *address, int addrlen)
+{
+ struct sock *sk = sock->sk;
+
+ return aa_revalidate_sk(OP_BIND, sk);
+}
+
+static int apparmor_socket_connect(struct socket *sock,
+ struct sockaddr *address, int addrlen)
+{
+ struct sock *sk = sock->sk;
+
+ return aa_revalidate_sk(OP_CONNECT, sk);
+}
+
+static int apparmor_socket_listen(struct socket *sock, int backlog)
+{
+ struct sock *sk = sock->sk;
+
+ return aa_revalidate_sk(OP_LISTEN, sk);
+}
+
+static int apparmor_socket_accept(struct socket *sock, struct socket *newsock)
+{
+ struct sock *sk = sock->sk;
+
+ return aa_revalidate_sk(OP_ACCEPT, sk);
+}
+
+static int apparmor_socket_sendmsg(struct socket *sock,
+ struct msghdr *msg, int size)
+{
+ struct sock *sk = sock->sk;
+
+ return aa_revalidate_sk(OP_SENDMSG, sk);
+}
+
+static int apparmor_socket_recvmsg(struct socket *sock,
+ struct msghdr *msg, int size, int flags)
+{
+ struct sock *sk = sock->sk;
+
+ return aa_revalidate_sk(OP_RECVMSG, sk);
+}
+
+static int apparmor_socket_getsockname(struct socket *sock)
+{
+ struct sock *sk = sock->sk;
+
+ return aa_revalidate_sk(OP_GETSOCKNAME, sk);
+}
+
+static int apparmor_socket_getpeername(struct socket *sock)
+{
+ struct sock *sk = sock->sk;
+
+ return aa_revalidate_sk(OP_GETPEERNAME, sk);
+}
+
+static int apparmor_socket_getsockopt(struct socket *sock, int level,
+ int optname)
+{
+ struct sock *sk = sock->sk;
+
+ return aa_revalidate_sk(OP_GETSOCKOPT, sk);
+}
+
+static int apparmor_socket_setsockopt(struct socket *sock, int level,
+ int optname)
+{
+ struct sock *sk = sock->sk;
+
+ return aa_revalidate_sk(OP_SETSOCKOPT, sk);
+}
+
+static int apparmor_socket_shutdown(struct socket *sock, int how)
+{
+ struct sock *sk = sock->sk;
+
+ return aa_revalidate_sk(OP_SOCK_SHUTDOWN, sk);
+}
+
static struct security_operations apparmor_ops = {
.name = "apparmor",
@@ -653,6 +752,19 @@ static struct security_operations apparmor_ops = {
.getprocattr = apparmor_getprocattr,
.setprocattr = apparmor_setprocattr,
+ .socket_create = apparmor_socket_create,
+ .socket_bind = apparmor_socket_bind,
+ .socket_connect = apparmor_socket_connect,
+ .socket_listen = apparmor_socket_listen,
+ .socket_accept = apparmor_socket_accept,
+ .socket_sendmsg = apparmor_socket_sendmsg,
+ .socket_recvmsg = apparmor_socket_recvmsg,
+ .socket_getsockname = apparmor_socket_getsockname,
+ .socket_getpeername = apparmor_socket_getpeername,
+ .socket_getsockopt = apparmor_socket_getsockopt,
+ .socket_setsockopt = apparmor_socket_setsockopt,
+ .socket_shutdown = apparmor_socket_shutdown,
+
.cred_alloc_blank = apparmor_cred_alloc_blank,
.cred_free = apparmor_cred_free,
.cred_prepare = apparmor_cred_prepare,
diff --git a/security/apparmor/net.c b/security/apparmor/net.c
new file mode 100644
index 0000000..084232b
--- /dev/null
+++ b/security/apparmor/net.c
@@ -0,0 +1,162 @@
+/*
+ * AppArmor security module
+ *
+ * This file contains AppArmor network mediation
+ *
+ * Copyright (C) 1998-2008 Novell/SUSE
+ * Copyright 2009-2012 Canonical Ltd.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ */
+
+#include "include/apparmor.h"
+#include "include/audit.h"
+#include "include/context.h"
+#include "include/net.h"
+#include "include/policy.h"
+
+#include "net_names.h"
+
+struct aa_fs_entry aa_fs_entry_network[] = {
+ AA_FS_FILE_STRING("af_mask", AA_FS_AF_MASK),
+ { }
+};
+
+/* audit callback for net specific fields */
+static void audit_cb(struct audit_buffer *ab, void *va)
+{
+ struct common_audit_data *sa = va;
+
+ audit_log_format(ab, " family=");
+ if (address_family_names[sa->u.net->family]) {
+ audit_log_string(ab, address_family_names[sa->u.net->family]);
+ } else {
+ audit_log_format(ab, "\"unknown(%d)\"", sa->u.net->family);
+ }
+ audit_log_format(ab, " sock_type=");
+ if (sock_type_names[sa->aad->net.type]) {
+ audit_log_string(ab, sock_type_names[sa->aad->net.type]);
+ } else {
+ audit_log_format(ab, "\"unknown(%d)\"", sa->aad->net.type);
+ }
+ audit_log_format(ab, " protocol=%d", sa->aad->net.protocol);
+}
+
+/**
+ * audit_net - audit network access
+ * @profile: profile being enforced (NOT NULL)
+ * @op: operation being checked
+ * @family: network family
+ * @type: network type
+ * @protocol: network protocol
+ * @sk: socket auditing is being applied to
+ * @error: error code for failure else 0
+ *
+ * Returns: %0 or sa->error else other errorcode on failure
+ */
+static int audit_net(struct aa_profile *profile, int op, u16 family, int type,
+ int protocol, struct sock *sk, int error)
+{
+ int audit_type = AUDIT_APPARMOR_AUTO;
+ struct common_audit_data sa;
+ struct apparmor_audit_data aad = { };
+ struct lsm_network_audit net = { };
+ if (sk) {
+ COMMON_AUDIT_DATA_INIT(&sa, NET);
+ } else {
+ COMMON_AUDIT_DATA_INIT(&sa, NONE);
+ }
+ /* todo fill in socket addr info */
+ sa.aad = &aad;
+ sa.u.net = &net;
+ sa.aad->op = op,
+ sa.u.net->family = family;
+ sa.u.net->sk = sk;
+ sa.aad->net.type = type;
+ sa.aad->net.protocol = protocol;
+ sa.aad->error = error;
+
+ if (likely(!sa.aad->error)) {
+ u16 audit_mask = profile->net.audit[sa.u.net->family];
+ if (likely((AUDIT_MODE(profile) != AUDIT_ALL) &&
+ !(1 << sa.aad->net.type & audit_mask)))
+ return 0;
+ audit_type = AUDIT_APPARMOR_AUDIT;
+ } else {
+ u16 quiet_mask = profile->net.quiet[sa.u.net->family];
+ u16 kill_mask = 0;
+ u16 denied = (1 << sa.aad->net.type) & ~quiet_mask;
+
+ if (denied & kill_mask)
+ audit_type = AUDIT_APPARMOR_KILL;
+
+ if ((denied & quiet_mask) &&
+ AUDIT_MODE(profile) != AUDIT_NOQUIET &&
+ AUDIT_MODE(profile) != AUDIT_ALL)
+ return COMPLAIN_MODE(profile) ? 0 : sa.aad->error;
+ }
+
+ return aa_audit(audit_type, profile, GFP_KERNEL, &sa, audit_cb);
+}
+
+/**
+ * aa_net_perm - very course network access check
+ * @op: operation being checked
+ * @profile: profile being enforced (NOT NULL)
+ * @family: network family
+ * @type: network type
+ * @protocol: network protocol
+ *
+ * Returns: %0 else error if permission denied
+ */
+int aa_net_perm(int op, struct aa_profile *profile, u16 family, int type,
+ int protocol, struct sock *sk)
+{
+ u16 family_mask;
+ int error;
+
+ if ((family < 0) || (family >= AF_MAX))
+ return -EINVAL;
+
+ if ((type < 0) || (type >= SOCK_MAX))
+ return -EINVAL;
+
+ /* unix domain and netlink sockets are handled by ipc */
+ if (family == AF_UNIX || family == AF_NETLINK)
+ return 0;
+
+ family_mask = profile->net.allow[family];
+
+ error = (family_mask & (1 << type)) ? 0 : -EACCES;
+
+ return audit_net(profile, op, family, type, protocol, sk, error);
+}
+
+/**
+ * aa_revalidate_sk - Revalidate access to a sock
+ * @op: operation being checked
+ * @sk: sock being revalidated (NOT NULL)
+ *
+ * Returns: %0 else error if permission denied
+ */
+int aa_revalidate_sk(int op, struct sock *sk)
+{
+ struct aa_profile *profile;
+ int error = 0;
+
+ /* aa_revalidate_sk should not be called from interrupt context
+ * don't mediate these calls as they are not task related
+ */
+ if (in_interrupt())
+ return 0;
+
+ profile = __aa_current_profile();
+ if (!unconfined(profile))
+ error = aa_net_perm(op, profile, sk->sk_family, sk->sk_type,
+ sk->sk_protocol, sk);
+
+ return error;
+}
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index f1f7506..b8100a7 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -745,6 +745,7 @@ static void free_profile(struct aa_profile *profile)
aa_free_file_rules(&profile->file);
aa_free_cap_rules(&profile->caps);
+ aa_free_net_rules(&profile->net);
aa_free_rlimit_rules(&profile->rlimits);
aa_free_sid(profile->sid);
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index deab7c7..8f8e9c1 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -193,6 +193,19 @@ fail:
return 0;
}
+static bool unpack_u16(struct aa_ext *e, u16 *data, const char *name)
+{
+ if (unpack_nameX(e, AA_U16, name)) {
+ if (!inbounds(e, sizeof(u16)))
+ return 0;
+ if (data)
+ *data = le16_to_cpu(get_unaligned((u16 *) e->pos));
+ e->pos += sizeof(u16);
+ return 1;
+ }
+ return 0;
+}
+
static bool unpack_u32(struct aa_ext *e, u32 *data, const char *name)
{
if (unpack_nameX(e, AA_U32, name)) {
@@ -471,6 +484,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
{
struct aa_profile *profile = NULL;
const char *name = NULL;
+ size_t size = 0;
int i, error = -EPROTO;
kernel_cap_t tmpcap;
u32 tmp;
@@ -564,6 +578,38 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
if (!unpack_rlimits(e, profile))
goto fail;
+ size = unpack_array(e, "net_allowed_af");
+ if (size) {
+
+ for (i = 0; i < size; i++) {
+ /* discard extraneous rules that this kernel will
+ * never request
+ */
+ if (i >= AF_MAX) {
+ u16 tmp;
+ if (!unpack_u16(e, &tmp, NULL) ||
+ !unpack_u16(e, &tmp, NULL) ||
+ !unpack_u16(e, &tmp, NULL))
+ goto fail;
+ continue;
+ }
+ if (!unpack_u16(e, &profile->net.allow[i], NULL))
+ goto fail;
+ if (!unpack_u16(e, &profile->net.audit[i], NULL))
+ goto fail;
+ if (!unpack_u16(e, &profile->net.quiet[i], NULL))
+ goto fail;
+ }
+ if (!unpack_nameX(e, AA_ARRAYEND, NULL))
+ goto fail;
+ }
+ /*
+ * allow unix domain and netlink sockets they are handled
+ * by IPC
+ */
+ profile->net.allow[AF_UNIX] = 0xffff;
+ profile->net.allow[AF_NETLINK] = 0xffff;
+
if (unpack_nameX(e, AA_STRUCT, "policydb")) {
/* generic policy dfa - optional and may be NULL */
profile->policy.dfa = unpack_dfa(e);
--
1.7.9.5

957
pkgs/os-specific/linux/kernel/apparmor-patches/3.4/0003-UBUNTU-SAUCE-apparmor-Add-the-ability-to-mediate-mou.patch
View file

@ -1,957 +0,0 @@
From a94d5e11c0484af59e5feebf144cc48c186892ad Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Wed, 16 May 2012 10:58:05 -0700
Subject: [PATCH 3/3] UBUNTU: SAUCE: apparmor: Add the ability to mediate
mount
Add the ability for apparmor to do mediation of mount operations. Mount
rules require an updated apparmor_parser (2.8 series) for policy compilation.
The basic form of the rules are.
[audit] [deny] mount [conds]* [device] [ -> [conds] path],
[audit] [deny] remount [conds]* [path],
[audit] [deny] umount [conds]* [path],
[audit] [deny] pivotroot [oldroot=<value>] <path>
remount is just a short cut for mount options=remount
where [conds] can be
fstype=<expr>
options=<expr>
Example mount commands
mount, # allow all mounts, but not umount or pivotroot
mount fstype=procfs, # allow mounting procfs anywhere
mount options=(bind, ro) /foo -> /bar, # readonly bind mount
mount /dev/sda -> /mnt,
mount /dev/sd** -> /mnt/**,
mount fstype=overlayfs options=(rw,upperdir=/tmp/upper/,lowerdir=/) -> /mnt/
umount,
umount /m*,
See the apparmor userspace for full documentation
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
---
security/apparmor/Makefile | 2 +-
security/apparmor/apparmorfs.c | 13 +
security/apparmor/audit.c | 4 +
security/apparmor/domain.c | 2 +-
security/apparmor/include/apparmor.h | 3 +-
security/apparmor/include/audit.h | 11 +
security/apparmor/include/domain.h | 2 +
security/apparmor/include/mount.h | 54 +++
security/apparmor/lsm.c | 59 ++++
security/apparmor/mount.c | 620 ++++++++++++++++++++++++++++++++++
10 files changed, 767 insertions(+), 3 deletions(-)
create mode 100644 security/apparmor/include/mount.h
create mode 100644 security/apparmor/mount.c
diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile
index 19daa85..63e0a4c 100644
--- a/security/apparmor/Makefile
+++ b/security/apparmor/Makefile
@@ -4,7 +4,7 @@ obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o
apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \
path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \
- resource.o sid.o file.o net.o
+ resource.o sid.o file.o net.o mount.o
clean-files := capability_names.h rlim_names.h net_names.h
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index c66315d..ff19009 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -424,10 +424,23 @@ static struct aa_fs_entry aa_fs_entry_domain[] = {
{ }
};
+static struct aa_fs_entry aa_fs_entry_mount[] = {
+ AA_FS_FILE_STRING("mask", "mount umount"),
+ { }
+};
+
+static struct aa_fs_entry aa_fs_entry_namespaces[] = {
+ AA_FS_FILE_BOOLEAN("profile", 1),
+ AA_FS_FILE_BOOLEAN("pivot_root", 1),
+ { }
+};
+
static struct aa_fs_entry aa_fs_entry_features[] = {
AA_FS_DIR("domain", aa_fs_entry_domain),
AA_FS_DIR("file", aa_fs_entry_file),
AA_FS_DIR("network", aa_fs_entry_network),
+ AA_FS_DIR("mount", aa_fs_entry_mount),
+ AA_FS_DIR("namespaces", aa_fs_entry_namespaces),
AA_FS_FILE_U64("capability", VFS_CAP_FLAGS_MASK),
AA_FS_DIR("rlimit", aa_fs_entry_rlimit),
{ }
diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
index cc3520d..b9f5ee9 100644
--- a/security/apparmor/audit.c
+++ b/security/apparmor/audit.c
@@ -44,6 +44,10 @@ const char *const op_table[] = {
"file_mmap",
"file_mprotect",
+ "pivotroot",
+ "mount",
+ "umount",
+
"create",
"post_create",
"bind",
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 6327685..dfdc47b 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -242,7 +242,7 @@ static const char *next_name(int xtype, const char *name)
*
* Returns: refcounted profile, or NULL on failure (MAYBE NULL)
*/
-static struct aa_profile *x_table_lookup(struct aa_profile *profile, u32 xindex)
+struct aa_profile *x_table_lookup(struct aa_profile *profile, u32 xindex)
{
struct aa_profile *new_profile = NULL;
struct aa_namespace *ns = profile->ns;
diff --git a/security/apparmor/include/apparmor.h b/security/apparmor/include/apparmor.h
index 40aedd9..e243d96 100644
--- a/security/apparmor/include/apparmor.h
+++ b/security/apparmor/include/apparmor.h
@@ -29,8 +29,9 @@
#define AA_CLASS_NET 4
#define AA_CLASS_RLIMITS 5
#define AA_CLASS_DOMAIN 6
+#define AA_CLASS_MOUNT 7
-#define AA_CLASS_LAST AA_CLASS_DOMAIN
+#define AA_CLASS_LAST AA_CLASS_MOUNT
/* Control parameters settable through module/boot flags */
extern enum audit_mode aa_g_audit;
diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h
index c1ff09c..7b90900c 100644
--- a/security/apparmor/include/audit.h
+++ b/security/apparmor/include/audit.h
@@ -73,6 +73,10 @@ enum aa_ops {
OP_FMMAP,
OP_FMPROT,
+ OP_PIVOTROOT,
+ OP_MOUNT,
+ OP_UMOUNT,
+
OP_CREATE,
OP_POST_CREATE,
OP_BIND,
@@ -121,6 +125,13 @@ struct apparmor_audit_data {
unsigned long max;
} rlim;
struct {
+ const char *src_name;
+ const char *type;
+ const char *trans;
+ const char *data;
+ unsigned long flags;
+ } mnt;
+ struct {
const char *target;
u32 request;
u32 denied;
diff --git a/security/apparmor/include/domain.h b/security/apparmor/include/domain.h
index de04464..a3f70c5 100644
--- a/security/apparmor/include/domain.h
+++ b/security/apparmor/include/domain.h
@@ -23,6 +23,8 @@ struct aa_domain {
char **table;
};
+struct aa_profile *x_table_lookup(struct aa_profile *profile, u32 xindex);
+
int apparmor_bprm_set_creds(struct linux_binprm *bprm);
int apparmor_bprm_secureexec(struct linux_binprm *bprm);
void apparmor_bprm_committing_creds(struct linux_binprm *bprm);
diff --git a/security/apparmor/include/mount.h b/security/apparmor/include/mount.h
new file mode 100644
index 0000000..bc17a53
--- /dev/null
+++ b/security/apparmor/include/mount.h
@@ -0,0 +1,54 @@
+/*
+ * AppArmor security module
+ *
+ * This file contains AppArmor file mediation function definitions.
+ *
+ * Copyright 2012 Canonical Ltd.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ */
+
+#ifndef __AA_MOUNT_H
+#define __AA_MOUNT_H
+
+#include <linux/fs.h>
+#include <linux/path.h>
+
+#include "domain.h"
+#include "policy.h"
+
+/* mount perms */
+#define AA_MAY_PIVOTROOT 0x01
+#define AA_MAY_MOUNT 0x02
+#define AA_MAY_UMOUNT 0x04
+#define AA_AUDIT_DATA 0x40
+#define AA_CONT_MATCH 0x40
+
+#define AA_MS_IGNORE_MASK (MS_KERNMOUNT | MS_NOSEC | MS_ACTIVE | MS_BORN)
+
+int aa_remount(struct aa_profile *profile, struct path *path,
+ unsigned long flags, void *data);
+
+int aa_bind_mount(struct aa_profile *profile, struct path *path,
+ const char *old_name, unsigned long flags);
+
+
+int aa_mount_change_type(struct aa_profile *profile, struct path *path,
+ unsigned long flags);
+
+int aa_move_mount(struct aa_profile *profile, struct path *path,
+ const char *old_name);
+
+int aa_new_mount(struct aa_profile *profile, const char *dev_name,
+ struct path *path, const char *type, unsigned long flags,
+ void *data);
+
+int aa_umount(struct aa_profile *profile, struct vfsmount *mnt, int flags);
+
+int aa_pivotroot(struct aa_profile *profile, struct path *old_path,
+ struct path *new_path);
+
+#endif /* __AA_MOUNT_H */
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 3cde194..4512cc6 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -36,6 +36,7 @@
#include "include/path.h"
#include "include/policy.h"
#include "include/procattr.h"
+#include "include/mount.h"
/* Flag indicating whether initialization completed */
int apparmor_initialized __initdata;
@@ -512,6 +513,60 @@ static int apparmor_file_mprotect(struct vm_area_struct *vma,
!(vma->vm_flags & VM_SHARED) ? MAP_PRIVATE : 0);
}
+static int apparmor_sb_mount(char *dev_name, struct path *path, char *type,
+ unsigned long flags, void *data)
+{
+ struct aa_profile *profile;
+ int error = 0;
+
+ /* Discard magic */
+ if ((flags & MS_MGC_MSK) == MS_MGC_VAL)
+ flags &= ~MS_MGC_MSK;
+
+ flags &= ~AA_MS_IGNORE_MASK;
+
+ profile = __aa_current_profile();
+ if (!unconfined(profile)) {
+ if (flags & MS_REMOUNT)
+ error = aa_remount(profile, path, flags, data);
+ else if (flags & MS_BIND)
+ error = aa_bind_mount(profile, path, dev_name, flags);
+ else if (flags & (MS_SHARED | MS_PRIVATE | MS_SLAVE |
+ MS_UNBINDABLE))
+ error = aa_mount_change_type(profile, path, flags);
+ else if (flags & MS_MOVE)
+ error = aa_move_mount(profile, path, dev_name);
+ else
+ error = aa_new_mount(profile, dev_name, path, type,
+ flags, data);
+ }
+ return error;
+}
+
+static int apparmor_sb_umount(struct vfsmount *mnt, int flags)
+{
+ struct aa_profile *profile;
+ int error = 0;
+
+ profile = __aa_current_profile();
+ if (!unconfined(profile))
+ error = aa_umount(profile, mnt, flags);
+
+ return error;
+}
+
+static int apparmor_sb_pivotroot(struct path *old_path, struct path *new_path)
+{
+ struct aa_profile *profile;
+ int error = 0;
+
+ profile = __aa_current_profile();
+ if (!unconfined(profile))
+ error = aa_pivotroot(profile, old_path, new_path);
+
+ return error;
+}
+
static int apparmor_getprocattr(struct task_struct *task, char *name,
char **value)
{
@@ -729,6 +784,10 @@ static struct security_operations apparmor_ops = {
.capget = apparmor_capget,
.capable = apparmor_capable,
+ .sb_mount = apparmor_sb_mount,
+ .sb_umount = apparmor_sb_umount,
+ .sb_pivotroot = apparmor_sb_pivotroot,
+
.path_link = apparmor_path_link,
.path_unlink = apparmor_path_unlink,
.path_symlink = apparmor_path_symlink,
diff --git a/security/apparmor/mount.c b/security/apparmor/mount.c
new file mode 100644
index 0000000..63d8493
--- /dev/null
+++ b/security/apparmor/mount.c
@@ -0,0 +1,620 @@
+/*
+ * AppArmor security module
+ *
+ * This file contains AppArmor mediation of files
+ *
+ * Copyright (C) 1998-2008 Novell/SUSE
+ * Copyright 2009-2012 Canonical Ltd.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ */
+
+#include <linux/fs.h>
+#include <linux/mount.h>
+#include <linux/namei.h>
+
+#include "include/apparmor.h"
+#include "include/audit.h"
+#include "include/context.h"
+#include "include/domain.h"
+#include "include/file.h"
+#include "include/match.h"
+#include "include/mount.h"
+#include "include/path.h"
+#include "include/policy.h"
+
+
+static void audit_mnt_flags(struct audit_buffer *ab, unsigned long flags)
+{
+ if (flags & MS_RDONLY)
+ audit_log_format(ab, "ro");
+ else
+ audit_log_format(ab, "rw");
+ if (flags & MS_NOSUID)
+ audit_log_format(ab, ", nosuid");
+ if (flags & MS_NODEV)
+ audit_log_format(ab, ", nodev");
+ if (flags & MS_NOEXEC)
+ audit_log_format(ab, ", noexec");
+ if (flags & MS_SYNCHRONOUS)
+ audit_log_format(ab, ", sync");
+ if (flags & MS_REMOUNT)
+ audit_log_format(ab, ", remount");
+ if (flags & MS_MANDLOCK)
+ audit_log_format(ab, ", mand");
+ if (flags & MS_DIRSYNC)
+ audit_log_format(ab, ", dirsync");
+ if (flags & MS_NOATIME)
+ audit_log_format(ab, ", noatime");
+ if (flags & MS_NODIRATIME)
+ audit_log_format(ab, ", nodiratime");
+ if (flags & MS_BIND)
+ audit_log_format(ab, flags & MS_REC ? ", rbind" : ", bind");
+ if (flags & MS_MOVE)
+ audit_log_format(ab, ", move");
+ if (flags & MS_SILENT)
+ audit_log_format(ab, ", silent");
+ if (flags & MS_POSIXACL)
+ audit_log_format(ab, ", acl");
+ if (flags & MS_UNBINDABLE)
+ audit_log_format(ab, flags & MS_REC ? ", runbindable" :
+ ", unbindable");
+ if (flags & MS_PRIVATE)
+ audit_log_format(ab, flags & MS_REC ? ", rprivate" :
+ ", private");
+ if (flags & MS_SLAVE)
+ audit_log_format(ab, flags & MS_REC ? ", rslave" :
+ ", slave");
+ if (flags & MS_SHARED)
+ audit_log_format(ab, flags & MS_REC ? ", rshared" :
+ ", shared");
+ if (flags & MS_RELATIME)
+ audit_log_format(ab, ", relatime");
+ if (flags & MS_I_VERSION)
+ audit_log_format(ab, ", iversion");
+ if (flags & MS_STRICTATIME)
+ audit_log_format(ab, ", strictatime");
+ if (flags & MS_NOUSER)
+ audit_log_format(ab, ", nouser");
+}
+
+/**
+ * audit_cb - call back for mount specific audit fields
+ * @ab: audit_buffer (NOT NULL)
+ * @va: audit struct to audit values of (NOT NULL)
+ */
+static void audit_cb(struct audit_buffer *ab, void *va)
+{
+ struct common_audit_data *sa = va;
+
+ if (sa->aad->mnt.type) {
+ audit_log_format(ab, " fstype=");
+ audit_log_untrustedstring(ab, sa->aad->mnt.type);
+ }
+ if (sa->aad->mnt.src_name) {
+ audit_log_format(ab, " srcname=");
+ audit_log_untrustedstring(ab, sa->aad->mnt.src_name);
+ }
+ if (sa->aad->mnt.trans) {
+ audit_log_format(ab, " trans=");
+ audit_log_untrustedstring(ab, sa->aad->mnt.trans);
+ }
+ if (sa->aad->mnt.flags || sa->aad->op == OP_MOUNT) {
+ audit_log_format(ab, " flags=\"");
+ audit_mnt_flags(ab, sa->aad->mnt.flags);
+ audit_log_format(ab, "\"");
+ }
+ if (sa->aad->mnt.data) {
+ audit_log_format(ab, " options=");
+ audit_log_untrustedstring(ab, sa->aad->mnt.data);
+ }
+}
+
+/**
+ * audit_mount - handle the auditing of mount operations
+ * @profile: the profile being enforced (NOT NULL)
+ * @gfp: allocation flags
+ * @op: operation being mediated (NOT NULL)
+ * @name: name of object being mediated (MAYBE NULL)
+ * @src_name: src_name of object being mediated (MAYBE_NULL)
+ * @type: type of filesystem (MAYBE_NULL)
+ * @trans: name of trans (MAYBE NULL)
+ * @flags: filesystem idependent mount flags
+ * @data: filesystem mount flags
+ * @request: permissions requested
+ * @perms: the permissions computed for the request (NOT NULL)
+ * @info: extra information message (MAYBE NULL)
+ * @error: 0 if operation allowed else failure error code
+ *
+ * Returns: %0 or error on failure
+ */
+static int audit_mount(struct aa_profile *profile, gfp_t gfp, int op,
+ const char *name, const char *src_name,
+ const char *type, const char *trans,
+ unsigned long flags, const void *data, u32 request,
+ struct file_perms *perms, const char *info, int error)
+{
+ int audit_type = AUDIT_APPARMOR_AUTO;
+ struct common_audit_data sa;
+ struct apparmor_audit_data aad = { };
+
+ if (likely(!error)) {
+ u32 mask = perms->audit;
+
+ if (unlikely(AUDIT_MODE(profile) == AUDIT_ALL))
+ mask = 0xffff;
+
+ /* mask off perms that are not being force audited */
+ request &= mask;
+
+ if (likely(!request))
+ return 0;
+ audit_type = AUDIT_APPARMOR_AUDIT;
+ } else {
+ /* only report permissions that were denied */
+ request = request & ~perms->allow;
+
+ if (request & perms->kill)
+ audit_type = AUDIT_APPARMOR_KILL;
+
+ /* quiet known rejects, assumes quiet and kill do not overlap */
+ if ((request & perms->quiet) &&
+ AUDIT_MODE(profile) != AUDIT_NOQUIET &&
+ AUDIT_MODE(profile) != AUDIT_ALL)
+ request &= ~perms->quiet;
+
+ if (!request)
+ return COMPLAIN_MODE(profile) ?
+ complain_error(error) : error;
+ }
+
+ COMMON_AUDIT_DATA_INIT(&sa, NONE);
+ sa.aad = &aad;
+ sa.aad->op = op;
+ sa.aad->name = name;
+ sa.aad->mnt.src_name = src_name;
+ sa.aad->mnt.type = type;
+ sa.aad->mnt.trans = trans;
+ sa.aad->mnt.flags = flags;
+ if (data && (perms->audit & AA_AUDIT_DATA))
+ sa.aad->mnt.data = data;
+ sa.aad->info = info;
+ sa.aad->error = error;
+
+ return aa_audit(audit_type, profile, gfp, &sa, audit_cb);
+}
+
+/**
+ * match_mnt_flags - Do an ordered match on mount flags
+ * @dfa: dfa to match against
+ * @state: state to start in
+ * @flags: mount flags to match against
+ *
+ * Mount flags are encoded as an ordered match. This is done instead of
+ * checking against a simple bitmask, to allow for logical operations
+ * on the flags.
+ *
+ * Returns: next state after flags match
+ */
+static unsigned int match_mnt_flags(struct aa_dfa *dfa, unsigned int state,
+ unsigned long flags)
+{
+ unsigned int i;
+
+ for (i = 0; i <= 31 ; ++i) {
+ if ((1 << i) & flags)
+ state = aa_dfa_next(dfa, state, i + 1);
+ }
+
+ return state;
+}
+
+/**
+ * compute_mnt_perms - compute mount permission associated with @state
+ * @dfa: dfa to match against (NOT NULL)
+ * @state: state match finished in
+ *
+ * Returns: mount permissions
+ */
+static struct file_perms compute_mnt_perms(struct aa_dfa *dfa,
+ unsigned int state)
+{
+ struct file_perms perms;
+
+ perms.kill = 0;
+ perms.allow = dfa_user_allow(dfa, state);
+ perms.audit = dfa_user_audit(dfa, state);
+ perms.quiet = dfa_user_quiet(dfa, state);
+ perms.xindex = dfa_user_xindex(dfa, state);
+
+ return perms;
+}
+
+static const char const *mnt_info_table[] = {
+ "match succeeded",
+ "failed mntpnt match",
+ "failed srcname match",
+ "failed type match",
+ "failed flags match",
+ "failed data match"
+};
+
+/*
+ * Returns 0 on success else element that match failed in, this is the
+ * index into the mnt_info_table above
+ */
+static int do_match_mnt(struct aa_dfa *dfa, unsigned int start,
+ const char *mntpnt, const char *devname,
+ const char *type, unsigned long flags,
+ void *data, bool binary, struct file_perms *perms)
+{
+ unsigned int state;
+
+ state = aa_dfa_match(dfa, start, mntpnt);
+ state = aa_dfa_null_transition(dfa, state);
+ if (!state)
+ return 1;
+
+ if (devname)
+ state = aa_dfa_match(dfa, state, devname);
+ state = aa_dfa_null_transition(dfa, state);
+ if (!state)
+ return 2;
+
+ if (type)
+ state = aa_dfa_match(dfa, state, type);
+ state = aa_dfa_null_transition(dfa, state);
+ if (!state)
+ return 3;
+
+ state = match_mnt_flags(dfa, state, flags);
+ if (!state)
+ return 4;
+ *perms = compute_mnt_perms(dfa, state);
+ if (perms->allow & AA_MAY_MOUNT)
+ return 0;
+
+ /* only match data if not binary and the DFA flags data is expected */
+ if (data && !binary && (perms->allow & AA_CONT_MATCH)) {
+ state = aa_dfa_null_transition(dfa, state);
+ if (!state)
+ return 4;
+
+ state = aa_dfa_match(dfa, state, data);
+ if (!state)
+ return 5;
+ *perms = compute_mnt_perms(dfa, state);
+ if (perms->allow & AA_MAY_MOUNT)
+ return 0;
+ }
+
+ /* failed at end of flags match */
+ return 4;
+}
+
+/**
+ * match_mnt - handle path matching for mount
+ * @profile: the confining profile
+ * @mntpnt: string for the mntpnt (NOT NULL)
+ * @devname: string for the devname/src_name (MAYBE NULL)
+ * @type: string for the dev type (MAYBE NULL)
+ * @flags: mount flags to match
+ * @data: fs mount data (MAYBE NULL)
+ * @binary: whether @data is binary
+ * @perms: Returns: permission found by the match
+ * @info: Returns: infomation string about the match for logging
+ *
+ * Returns: 0 on success else error
+ */
+static int match_mnt(struct aa_profile *profile, const char *mntpnt,
+ const char *devname, const char *type,
+ unsigned long flags, void *data, bool binary,
+ struct file_perms *perms, const char **info)
+{
+ int pos;
+
+ if (!profile->policy.dfa)
+ return -EACCES;
+
+ pos = do_match_mnt(profile->policy.dfa,
+ profile->policy.start[AA_CLASS_MOUNT],
+ mntpnt, devname, type, flags, data, binary, perms);
+ if (pos) {
+ *info = mnt_info_table[pos];
+ return -EACCES;
+ }
+
+ return 0;
+}
+
+static int path_flags(struct aa_profile *profile, struct path *path)
+{
+ return profile->path_flags |
+ S_ISDIR(path->dentry->d_inode->i_mode) ? PATH_IS_DIR : 0;
+}
+
+int aa_remount(struct aa_profile *profile, struct path *path,
+ unsigned long flags, void *data)
+{
+ struct file_perms perms = { };
+ const char *name, *info = NULL;
+ char *buffer = NULL;
+ int binary, error;
+
+ binary = path->dentry->d_sb->s_type->fs_flags & FS_BINARY_MOUNTDATA;
+
+ error = aa_path_name(path, path_flags(profile, path), &buffer, &name,
+ &info);
+ if (error)
+ goto audit;
+
+ error = match_mnt(profile, name, NULL, NULL, flags, data, binary,
+ &perms, &info);
+
+audit:
+ error = audit_mount(profile, GFP_KERNEL, OP_MOUNT, name, NULL, NULL,
+ NULL, flags, data, AA_MAY_MOUNT, &perms, info,
+ error);
+ kfree(buffer);
+
+ return error;
+}
+
+int aa_bind_mount(struct aa_profile *profile, struct path *path,
+ const char *dev_name, unsigned long flags)
+{
+ struct file_perms perms = { };
+ char *buffer = NULL, *old_buffer = NULL;
+ const char *name, *old_name = NULL, *info = NULL;
+ struct path old_path;
+ int error;
+
+ if (!dev_name || !*dev_name)
+ return -EINVAL;
+
+ flags &= MS_REC | MS_BIND;
+
+ error = aa_path_name(path, path_flags(profile, path), &buffer, &name,
+ &info);
+ if (error)
+ goto audit;
+
+ error = kern_path(dev_name, LOOKUP_FOLLOW|LOOKUP_AUTOMOUNT, &old_path);
+ if (error)
+ goto audit;
+
+ error = aa_path_name(&old_path, path_flags(profile, &old_path),
+ &old_buffer, &old_name, &info);
+ path_put(&old_path);
+ if (error)
+ goto audit;
+
+ error = match_mnt(profile, name, old_name, NULL, flags, NULL, 0,
+ &perms, &info);
+
+audit:
+ error = audit_mount(profile, GFP_KERNEL, OP_MOUNT, name, old_name,
+ NULL, NULL, flags, NULL, AA_MAY_MOUNT, &perms,
+ info, error);
+ kfree(buffer);
+ kfree(old_buffer);
+
+ return error;
+}
+
+int aa_mount_change_type(struct aa_profile *profile, struct path *path,
+ unsigned long flags)
+{
+ struct file_perms perms = { };
+ char *buffer = NULL;
+ const char *name, *info = NULL;
+ int error;
+
+ /* These are the flags allowed by do_change_type() */
+ flags &= (MS_REC | MS_SILENT | MS_SHARED | MS_PRIVATE | MS_SLAVE |
+ MS_UNBINDABLE);
+
+ error = aa_path_name(path, path_flags(profile, path), &buffer, &name,
+ &info);
+ if (error)
+ goto audit;
+
+ error = match_mnt(profile, name, NULL, NULL, flags, NULL, 0, &perms,
+ &info);
+
+audit:
+ error = audit_mount(profile, GFP_KERNEL, OP_MOUNT, name, NULL, NULL,
+ NULL, flags, NULL, AA_MAY_MOUNT, &perms, info,
+ error);
+ kfree(buffer);
+
+ return error;
+}
+
+int aa_move_mount(struct aa_profile *profile, struct path *path,
+ const char *orig_name)
+{
+ struct file_perms perms = { };
+ char *buffer = NULL, *old_buffer = NULL;
+ const char *name, *old_name = NULL, *info = NULL;
+ struct path old_path;
+ int error;
+
+ if (!orig_name || !*orig_name)
+ return -EINVAL;
+
+ error = aa_path_name(path, path_flags(profile, path), &buffer, &name,
+ &info);
+ if (error)
+ goto audit;
+
+ error = kern_path(orig_name, LOOKUP_FOLLOW, &old_path);
+ if (error)
+ goto audit;
+
+ error = aa_path_name(&old_path, path_flags(profile, &old_path),
+ &old_buffer, &old_name, &info);
+ path_put(&old_path);
+ if (error)
+ goto audit;
+
+ error = match_mnt(profile, name, old_name, NULL, MS_MOVE, NULL, 0,
+ &perms, &info);
+
+audit:
+ error = audit_mount(profile, GFP_KERNEL, OP_MOUNT, name, old_name,
+ NULL, NULL, MS_MOVE, NULL, AA_MAY_MOUNT, &perms,
+ info, error);
+ kfree(buffer);
+ kfree(old_buffer);
+
+ return error;
+}
+
+int aa_new_mount(struct aa_profile *profile, const char *orig_dev_name,
+ struct path *path, const char *type, unsigned long flags,
+ void *data)
+{
+ struct file_perms perms = { };
+ char *buffer = NULL, *dev_buffer = NULL;
+ const char *name = NULL, *dev_name = NULL, *info = NULL;
+ int binary = 1;
+ int error;
+
+ dev_name = orig_dev_name;
+ if (type) {
+ int requires_dev;
+ struct file_system_type *fstype = get_fs_type(type);
+ if (!fstype)
+ return -ENODEV;
+
+ binary = fstype->fs_flags & FS_BINARY_MOUNTDATA;
+ requires_dev = fstype->fs_flags & FS_REQUIRES_DEV;
+ put_filesystem(fstype);
+
+ if (requires_dev) {
+ struct path dev_path;
+
+ if (!dev_name || !*dev_name) {
+ error = -ENOENT;
+ goto out;
+ }
+
+ error = kern_path(dev_name, LOOKUP_FOLLOW, &dev_path);
+ if (error)
+ goto audit;
+
+ error = aa_path_name(&dev_path,
+ path_flags(profile, &dev_path),
+ &dev_buffer, &dev_name, &info);
+ path_put(&dev_path);
+ if (error)
+ goto audit;
+ }
+ }
+
+ error = aa_path_name(path, path_flags(profile, path), &buffer, &name,
+ &info);
+ if (error)
+ goto audit;
+
+ error = match_mnt(profile, name, dev_name, type, flags, data, binary,
+ &perms, &info);
+
+audit:
+ error = audit_mount(profile, GFP_KERNEL, OP_MOUNT, name, dev_name,
+ type, NULL, flags, data, AA_MAY_MOUNT, &perms, info,
+ error);
+ kfree(buffer);
+ kfree(dev_buffer);
+
+out:
+ return error;
+
+}
+
+int aa_umount(struct aa_profile *profile, struct vfsmount *mnt, int flags)
+{
+ struct file_perms perms = { };
+ char *buffer = NULL;
+ const char *name, *info = NULL;
+ int error;
+
+ struct path path = { mnt, mnt->mnt_root };
+ error = aa_path_name(&path, path_flags(profile, &path), &buffer, &name,
+ &info);
+ if (error)
+ goto audit;
+
+ if (!error && profile->policy.dfa) {
+ unsigned int state;
+ state = aa_dfa_match(profile->policy.dfa,
+ profile->policy.start[AA_CLASS_MOUNT],
+ name);
+ perms = compute_mnt_perms(profile->policy.dfa, state);
+ }
+
+ if (AA_MAY_UMOUNT & ~perms.allow)
+ error = -EACCES;
+
+audit:
+ error = audit_mount(profile, GFP_KERNEL, OP_UMOUNT, name, NULL, NULL,
+ NULL, 0, NULL, AA_MAY_UMOUNT, &perms, info, error);
+ kfree(buffer);
+
+ return error;
+}
+
+int aa_pivotroot(struct aa_profile *profile, struct path *old_path,
+ struct path *new_path)
+{
+ struct file_perms perms = { };
+ struct aa_profile *target = NULL;
+ char *old_buffer = NULL, *new_buffer = NULL;
+ const char *old_name, *new_name = NULL, *info = NULL;
+ int error;
+
+ error = aa_path_name(old_path, path_flags(profile, old_path),
+ &old_buffer, &old_name, &info);
+ if (error)
+ goto audit;
+
+ error = aa_path_name(new_path, path_flags(profile, new_path),
+ &new_buffer, &new_name, &info);
+ if (error)
+ goto audit;
+
+ if (profile->policy.dfa) {
+ unsigned int state;
+ state = aa_dfa_match(profile->policy.dfa,
+ profile->policy.start[AA_CLASS_MOUNT],
+ new_name);
+ state = aa_dfa_null_transition(profile->policy.dfa, state);
+ state = aa_dfa_match(profile->policy.dfa, state, old_name);
+ perms = compute_mnt_perms(profile->policy.dfa, state);
+ }
+
+ if (AA_MAY_PIVOTROOT & perms.allow) {
+ if ((perms.xindex & AA_X_TYPE_MASK) == AA_X_TABLE) {
+ target = x_table_lookup(profile, perms.xindex);
+ if (!target)
+ error = -ENOENT;
+ else
+ error = aa_replace_current_profile(target);
+ }
+ } else
+ error = -EACCES;
+
+audit:
+ error = audit_mount(profile, GFP_KERNEL, OP_PIVOTROOT, new_name,
+ old_name, NULL, target ? target->base.name : NULL,
+ 0, NULL, AA_MAY_PIVOTROOT, &perms, info, error);
+ aa_put_profile(target);
+ kfree(old_buffer);
+ kfree(new_buffer);
+
+ return error;
+}
--
1.7.9.5

13
pkgs/os-specific/linux/libselinux/fPIC.patch
View file

@ -1,13 +0,0 @@
diff --git a/src/Makefile b/src/Makefile
index ac019df..00432b9 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -132,7 +132,7 @@ $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ)
$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
%.o: %.c policy.h
- $(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
+ $(CC) $(CFLAGS) $(TLSFLAGS) -fPIC -c -o $@ $<
%.lo: %.c policy.h
$(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $<

82
pkgs/os-specific/linux/udisks/cve-2014-0004.patch
View file

@ -1,82 +0,0 @@
commit ebf61ed8471a45cf8bce7231de00cb1bbc140708
Author: Martin Pitt <martin.pitt@ubuntu.com>
Date: Wed Mar 5 14:07:44 2014 +0100
Fix buffer overflow in mount path parsing
In the mount monitor we parse mount points from /proc/self/mountinfo. Ensure
that we don't overflow the buffers on platforms where mount paths could be
longer than PATH_MAX (unknown if that can actually happen), as at least the
mount paths for hotpluggable devices are somewhat user-controlled.
Thanks to Florian Weimer for discovering this bug, and to David Zeuthen
for his initial patch!
CVE-2014-0004
Index: udisks-1.0.4/src/mount-monitor.c
===================================================================
--- udisks-1.0.4.orig/src/mount-monitor.c 2011-08-25 20:27:33.000000000 +0200
+++ udisks-1.0.4/src/mount-monitor.c 2014-03-10 13:38:18.309406561 +0100
@@ -39,6 +39,11 @@
#include "mount.h"
#include "private.h"
+/* build a %Ns format string macro with N == PATH_MAX */
+#define xstr(s) str(s)
+#define str(s) #s
+#define PATH_MAX_FMT "%" xstr(PATH_MAX) "s"
+
/*--------------------------------------------------------------------------------------------------------------*/
enum
@@ -320,8 +325,8 @@ mount_monitor_ensure (MountMonitor *moni
guint mount_id;
guint parent_id;
guint major, minor;
- gchar encoded_root[PATH_MAX];
- gchar encoded_mount_point[PATH_MAX];
+ gchar encoded_root[PATH_MAX + 1];
+ gchar encoded_mount_point[PATH_MAX + 1];
gchar *mount_point;
dev_t dev;
@@ -329,7 +334,7 @@ mount_monitor_ensure (MountMonitor *moni
continue;
if (sscanf (lines[n],
- "%d %d %d:%d %s %s",
+ "%d %d %d:%d " PATH_MAX_FMT " " PATH_MAX_FMT,
&mount_id,
&parent_id,
&major,
@@ -340,6 +345,8 @@ mount_monitor_ensure (MountMonitor *moni
g_warning ("Error parsing line '%s'", lines[n]);
continue;
}
+ encoded_root[sizeof encoded_root - 1] = '\0';
+ encoded_mount_point[sizeof encoded_mount_point - 1] = '\0';
/* ignore mounts where only a subtree of a filesystem is mounted */
if (g_strcmp0 (encoded_root, "/") != 0)
@@ -358,15 +365,17 @@ mount_monitor_ensure (MountMonitor *moni
sep = strstr (lines[n], " - ");
if (sep != NULL)
{
- gchar fstype[PATH_MAX];
- gchar mount_source[PATH_MAX];
+ gchar fstype[PATH_MAX + 1];
+ gchar mount_source[PATH_MAX + 1];
struct stat statbuf;
- if (sscanf (sep + 3, "%s %s", fstype, mount_source) != 2)
+ if (sscanf (sep + 3, PATH_MAX_FMT " " PATH_MAX_FMT, fstype, mount_source) != 2)
{
g_warning ("Error parsing things past - for '%s'", lines[n]);
continue;
}
+ fstype[sizeof fstype - 1] = '\0';
+ mount_source[sizeof mount_source - 1] = '\0';
if (g_strcmp0 (fstype, "btrfs") != 0)
continue;

42
pkgs/os-specific/linux/wpa_supplicant/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
View file

@ -1,42 +0,0 @@
From 9ed4eee345f85e3025c33c6e20aa25696e341ccd Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Tue, 7 Apr 2015 11:32:11 +0300
Subject: [PATCH] P2P: Validate SSID element length before copying it
(CVE-2015-1863)
This fixes a possible memcpy overflow for P2P dev->oper_ssid in
p2p_add_device(). The length provided by the peer device (0..255 bytes)
was used without proper bounds checking and that could have resulted in
arbitrary data of up to 223 bytes being written beyond the end of the
dev->oper_ssid[] array (of which about 150 bytes would be beyond the
heap allocation) when processing a corrupted management frame for P2P
peer discovery purposes.
This could result in corrupted state in heap, unexpected program
behavior due to corrupted P2P peer device information, denial of service
due to process crash, exposure of memory contents during GO Negotiation,
and potentially arbitrary code execution.
Thanks to Google security team for reporting this issue and smart
hardware research group of Alibaba security team for discovering it.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---
src/p2p/p2p.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
index f584fae..a45fe73 100644
--- a/src/p2p/p2p.c
+++ b/src/p2p/p2p.c
@@ -778,6 +778,7 @@ int p2p_add_device(struct p2p_data *p2p, const u8 *addr, int freq,
if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0)
os_memcpy(dev->interface_addr, addr, ETH_ALEN);
if (msg.ssid &&
+ msg.ssid[1] <= sizeof(dev->oper_ssid) &&
(msg.ssid[1] != P2P_WILDCARD_SSID_LEN ||
os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN)
!= 0)) {
--
1.9.1

78
pkgs/servers/x11/xorg/darwin/0001-XQuartz-GLX-Use-__glXEnableExtension-to-build-extens.patch
View file

@ -1,78 +0,0 @@
From fff30cdea46616eb92f4dd9402ebd27fdb55e13b Mon Sep 17 00:00:00 2001
From: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Date: Sun, 1 Jun 2014 04:29:19 -0700
Subject: [PATCH 1/6] XQuartz: GLX: Use __glXEnableExtension to build
extensions list
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit 3790001ea29658872aebda00a03170e392b47878)
---
hw/xquartz/GL/indirect.c | 37 +++++++++++++++++++++++++++++++------
1 file changed, 31 insertions(+), 6 deletions(-)
diff --git a/hw/xquartz/GL/indirect.c b/hw/xquartz/GL/indirect.c
index 19b7d86..4e6ab3d 100644
--- a/hw/xquartz/GL/indirect.c
+++ b/hw/xquartz/GL/indirect.c
@@ -52,6 +52,7 @@
#include "visualConfigs.h"
#include "dri.h"
+#include "extension_string.h"
#include "darwin.h"
#define GLAQUA_DEBUG_MSG(msg, args ...) ASL_LOG(ASL_LEVEL_DEBUG, "GLXAqua", \
@@ -111,6 +112,10 @@ typedef struct __GLXAquaDrawable __GLXAquaDrawable;
*/
struct __GLXAquaScreen {
__GLXscreen base;
+
+ /* Supported GLX extensions */
+ unsigned char glx_enable_bits[__GLX_EXT_BYTES];
+
int index;
int num_vis;
};
@@ -541,13 +546,33 @@ __glXAquaScreenProbe(ScreenPtr pScreen)
screen->base.GLXmajor = 1;
screen->base.GLXminor = 4;
- screen->base.GLXextensions = strdup("GLX_SGIX_fbconfig "
- "GLX_SGIS_multisample "
- "GLX_ARB_multisample "
- "GLX_EXT_visual_info "
- "GLX_EXT_import_context ");
- /*We may be able to add more GLXextensions at a later time. */
+ memset(screen->glx_enable_bits, 0, __GLX_EXT_BYTES);
+
+ __glXEnableExtension(screen->glx_enable_bits, "GLX_EXT_visual_info");
+ __glXEnableExtension(screen->glx_enable_bits, "GLX_EXT_visual_rating");
+ __glXEnableExtension(screen->glx_enable_bits, "GLX_EXT_import_context");
+ __glXEnableExtension(screen->glx_enable_bits, "GLX_OML_swap_method");
+ __glXEnableExtension(screen->glx_enable_bits, "GLX_SGIX_fbconfig");
+
+ __glXEnableExtension(screen->glx_enable_bits, "GLX_SGIS_multisample");
+ __glXEnableExtension(screen->glx_enable_bits, "GLX_ARB_multisample");
+
+ //__glXEnableExtension(screen->glx_enable_bits, "GLX_ARB_create_context");
+ //__glXEnableExtension(screen->glx_enable_bits, "GLX_ARB_create_context_profile");
+
+ // Generate the GLX extensions string (overrides that set by __glXScreenInit())
+ {
+ unsigned int buffer_size =
+ __glXGetExtensionString(screen->glx_enable_bits, NULL);
+ if (buffer_size > 0) {
+ free(screen->base.GLXextensions);
+
+ screen->base.GLXextensions = xnfalloc(buffer_size);
+ __glXGetExtensionString(screen->glx_enable_bits,
+ screen->base.GLXextensions);
+ }
+ }
return &screen->base;
}
--
2.3.2 (Apple Git-55)

165
pkgs/servers/x11/xorg/darwin/0003-Workaround-the-GC-clipping-problem-in-miPaintWindow-.patch
View file

@ -1,165 +0,0 @@
From fa5c83fe9129c9cd9cde1420a32112ca2f17566c Mon Sep 17 00:00:00 2001
From: Jeremy Huddleston <jeremyhu@apple.com>
Date: Fri, 30 Apr 2010 13:08:25 -0700
Subject: [PATCH 3/6] Workaround the GC clipping problem in miPaintWindow and
add some debugging output.
Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>
---
mi/miexpose.c | 104 ++++++++++++++++++++++++++++++++++++++++++++++++++++------
1 file changed, 94 insertions(+), 10 deletions(-)
diff --git a/mi/miexpose.c b/mi/miexpose.c
index fc4dbc0..5e31b83 100644
--- a/mi/miexpose.c
+++ b/mi/miexpose.c
@@ -408,7 +408,8 @@ void RootlessSetPixmapOfAncestors(WindowPtr pWin);
void RootlessStartDrawing(WindowPtr pWin);
void RootlessDamageRegion(WindowPtr pWin, RegionPtr prgn);
Bool IsFramedWindow(WindowPtr pWin);
-#endif
+#include "../fb/fb.h"
+#endif
void
miPaintWindow(WindowPtr pWin, RegionPtr prgn, int what)
@@ -437,23 +438,37 @@ miPaintWindow(WindowPtr pWin, RegionPtr prgn, int what)
Bool solid = TRUE;
DrawablePtr drawable = &pWin->drawable;
+#ifdef XQUARTZ_CLIP_DEBUG
+ ErrorF("START %d BS %d (pR = %ld)\n", what, pWin->backgroundState, ParentRelative);
+ ErrorF(" Rgn: %d %d %d %d\n", prgn->extents.x1, prgn->extents.y1,
+ prgn->extents.x2 - prgn->extents.x1,
+ prgn->extents.y2 - prgn->extents.y1);
+ ErrorF(" Win: %d %d (%d %d) %d %d\n", pWin->origin.x, pWin->origin.y,
+ pWin->winSize.extents.x1, pWin->winSize.extents.y1,
+ pWin->winSize.extents.x2 - pWin->winSize.extents.x1,
+ pWin->winSize.extents.y2 - pWin->winSize.extents.y1);
+ ErrorF(" Draw: %d %d %d %d\n", pWin->drawable.x, pWin->drawable.y,
+ pWin->drawable.width, pWin->drawable.height);
+#endif
+
#ifdef ROOTLESS
if (!drawable || drawable->type == UNDRAWABLE_WINDOW)
return;
+#endif
+
+ if (what == PW_BACKGROUND)
+ {
+#ifdef ROOTLESS
+ if(IsFramedWindow(pWin)) {
+ RootlessStartDrawing(pWin);
+ RootlessDamageRegion(pWin, prgn);
- if (IsFramedWindow(pWin)) {
- RootlessStartDrawing(pWin);
- RootlessDamageRegion(pWin, prgn);
-
- if (pWin->backgroundState == ParentRelative) {
- if ((what == PW_BACKGROUND) ||
- (what == PW_BORDER && !pWin->borderIsPixel))
+ if(pWin->backgroundState == ParentRelative) {
RootlessSetPixmapOfAncestors(pWin);
+ }
}
- }
#endif
- if (what == PW_BACKGROUND) {
while (pWin->backgroundState == ParentRelative)
pWin = pWin->parent;
@@ -478,6 +493,18 @@ miPaintWindow(WindowPtr pWin, RegionPtr prgn, int what)
else {
PixmapPtr pixmap;
+#ifdef ROOTLESS
+ if(IsFramedWindow(pWin)) {
+ RootlessStartDrawing(pWin);
+ RootlessDamageRegion(pWin, prgn);
+
+ if(!pWin->borderIsPixel &&
+ pWin->backgroundState == ParentRelative) {
+ RootlessSetPixmapOfAncestors(pWin);
+ }
+ }
+#endif
+
tile_x_off = drawable->x;
tile_y_off = drawable->y;
@@ -486,6 +513,12 @@ miPaintWindow(WindowPtr pWin, RegionPtr prgn, int what)
return;
pixmap = (*pScreen->GetWindowPixmap) ((WindowPtr) drawable);
drawable = &pixmap->drawable;
+
+#ifdef XQUARTZ_CLIP_DEBUG
+ ErrorF(" Draw: %d %d %d %d\n",
+ drawable->x, drawable->y, drawable->width, drawable->height);
+#endif
+
#ifdef COMPOSITE
draw_x_off = pixmap->screen_x;
draw_y_off = pixmap->screen_y;
@@ -548,6 +581,57 @@ miPaintWindow(WindowPtr pWin, RegionPtr prgn, int what)
ChangeGC(NullClient, pGC, gcmask, gcval);
ValidateGC(drawable, pGC);
+#ifdef XQUARTZ_CLIP_DEBUG
+ ErrorF(" GC: %d %d %d %d\n",
+ pGC->pCompositeClip->extents.x1, pGC->pCompositeClip->extents.y1,
+ pGC->pCompositeClip->extents.x2 - pGC->pCompositeClip->extents.x1,
+ pGC->pCompositeClip->extents.y2 - pGC->pCompositeClip->extents.y1);
+#endif
+
+#ifdef XQUARTZ
+ /* Looks like our clipping isn't set right for some reason:
+ * http://xquartz.macosforge.org/trac/ticket/290
+ */
+ if(what == PW_BORDER) {
+
+#if 0
+ if(solid) {
+#if 1
+ fbFillRegionSolid(&pWin->drawable,
+ prgn,
+ 0,
+ fbReplicatePixel(fill.pixel,
+ pWin->drawable.bitsPerPixel));
+#else
+ fbFillRegionSolid(drawable,
+ prgn,
+ 0,
+ fbReplicatePixel(fill.pixel,
+ drawable->bitsPerPixel));
+#endif
+ return;
+ }
+#endif
+
+ pGC->pCompositeClip->extents.x1 += prgn->extents.x1;
+ pGC->pCompositeClip->extents.y1 += prgn->extents.y1;
+ pGC->pCompositeClip->extents.x2 += prgn->extents.x1;
+ pGC->pCompositeClip->extents.y2 += prgn->extents.y1;
+
+ if(pGC->pCompositeClip->extents.x2 > drawable->pScreen->width)
+ pGC->pCompositeClip->extents.x2 = drawable->pScreen->width;
+ if(pGC->pCompositeClip->extents.y2 > drawable->pScreen->height)
+ pGC->pCompositeClip->extents.y2 = drawable->pScreen->height;
+ }
+#endif
+
+#ifdef XQUARTZ_CLIP_DEBUG
+ ErrorF(" GC: %d %d %d %d\n",
+ pGC->pCompositeClip->extents.x1, pGC->pCompositeClip->extents.y1,
+ pGC->pCompositeClip->extents.x2 - pGC->pCompositeClip->extents.x1,
+ pGC->pCompositeClip->extents.y2 - pGC->pCompositeClip->extents.y1);
+#endif
+
numRects = RegionNumRects(prgn);
pbox = RegionRects(prgn);
for (i = numRects; --i >= 0; pbox++, prect++) {
--
2.3.2 (Apple Git-55)

316
pkgs/servers/x11/xorg/darwin/0005-fb-Revert-fb-changes-that-broke-XQuartz.patch
View file

@ -1,316 +0,0 @@
From a635e397d5830f7f60e3690a1bb36f7a725b915a Mon Sep 17 00:00:00 2001
From: Jeremy Huddleston <jeremyhu@apple.com>
Date: Fri, 12 Feb 2010 19:48:52 -0800
Subject: [PATCH 5/6] fb: Revert fb changes that broke XQuartz
http://bugs.freedesktop.org/show_bug.cgi?id=26124
Revert "Fix source pictures getting random transforms after 2d6a8f668342a5190cdf43b5."
Revert "fb: Adjust transform or composite coordinates for pixman operations"
http://bugs.freedesktop.org/26124
This reverts commit a72c65e9176c51de95db2fdbf4c5d946a4911695.
This reverts commit a6bd5d2e482a5aa84acb3d4932e2a166d8670ef1.
Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>
---
fb/fb.h | 3 +--
fb/fbpict.c | 82 ++++++++++++++++++-------------------------------------------
fb/fbtrap.c | 43 ++++++++++++++------------------
3 files changed, 43 insertions(+), 85 deletions(-)
diff --git a/fb/fb.h b/fb/fb.h
index ab110f3..59eaac3 100644
--- a/fb/fb.h
+++ b/fb/fb.h
@@ -1326,8 +1326,7 @@ fbFillRegionSolid(DrawablePtr pDrawable,
RegionPtr pRegion, FbBits and, FbBits xor);
extern _X_EXPORT pixman_image_t *image_from_pict(PicturePtr pict,
- Bool has_clip,
- int *xoff, int *yoff);
+ Bool has_clip);
extern _X_EXPORT void free_pixman_pict(PicturePtr, pixman_image_t *);
diff --git a/fb/fbpict.c b/fb/fbpict.c
index cafb027..6ee63e9 100644
--- a/fb/fbpict.c
+++ b/fb/fbpict.c
@@ -46,23 +46,18 @@ fbComposite(CARD8 op,
INT16 yMask, INT16 xDst, INT16 yDst, CARD16 width, CARD16 height)
{
pixman_image_t *src, *mask, *dest;
- int src_xoff, src_yoff;
- int msk_xoff, msk_yoff;
- int dst_xoff, dst_yoff;
-
miCompositeSourceValidate(pSrc);
if (pMask)
miCompositeSourceValidate(pMask);
- src = image_from_pict(pSrc, FALSE, &src_xoff, &src_yoff);
- mask = image_from_pict(pMask, FALSE, &msk_xoff, &msk_yoff);
- dest = image_from_pict(pDst, TRUE, &dst_xoff, &dst_yoff);
+ src = image_from_pict(pSrc, TRUE);
+ mask = image_from_pict(pMask, TRUE);
+ dest = image_from_pict(pDst, TRUE);
if (src && dest && !(pMask && !mask)) {
pixman_image_composite(op, src, mask, dest,
- xSrc + src_xoff, ySrc + src_yoff,
- xMask + msk_xoff, yMask + msk_yoff,
- xDst + dst_xoff, yDst + dst_yoff, width, height);
+ xSrc, ySrc, xMask, yMask, xDst, yDst,
+ width, height);
}
free_pixman_pict(pSrc, src);
@@ -289,20 +284,22 @@ create_conical_gradient_image(PictGradient * gradient)
}
static pixman_image_t *
-create_bits_picture(PicturePtr pict, Bool has_clip, int *xoff, int *yoff)
+create_bits_picture(PicturePtr pict, Bool has_clip)
{
- PixmapPtr pixmap;
FbBits *bits;
FbStride stride;
- int bpp;
+ int bpp, xoff, yoff;
pixman_image_t *image;
- fbGetDrawablePixmap(pict->pDrawable, pixmap, *xoff, *yoff);
- fbGetPixmapBitsData(pixmap, bits, stride, bpp);
+ fbGetDrawable (pict->pDrawable, bits, stride, bpp, xoff, yoff);
+
+ bits = (FbBits*)((CARD8*)bits +
+ (pict->pDrawable->y + yoff) * stride * sizeof(FbBits) +
+ (pict->pDrawable->x + xoff) * (bpp / 8));
image = pixman_image_create_bits((pixman_format_code_t) pict->format,
- pixmap->drawable.width,
- pixmap->drawable.height, (uint32_t *) bits,
+ pict->pDrawable->width,
+ pict->pDrawable->height, (uint32_t *) bits,
stride * sizeof(FbStride));
if (!image)
@@ -321,57 +318,31 @@ create_bits_picture(PicturePtr pict, Bool has_clip, int *xoff, int *yoff)
if (pict->clientClip)
pixman_image_set_has_client_clip(image, TRUE);
- if (*xoff || *yoff)
- pixman_region_translate(pict->pCompositeClip, *xoff, *yoff);
+ pixman_region_translate (pict->pCompositeClip, - pict->pDrawable->x, - pict->pDrawable->y);
pixman_image_set_clip_region(image, pict->pCompositeClip);
- if (*xoff || *yoff)
- pixman_region_translate(pict->pCompositeClip, -*xoff, -*yoff);
+ pixman_region_translate (pict->pCompositeClip, pict->pDrawable->x, pict->pDrawable->y);
}
/* Indexed table */
if (pict->pFormat->index.devPrivate)
pixman_image_set_indexed(image, pict->pFormat->index.devPrivate);
- /* Add in drawable origin to position within the image */
- *xoff += pict->pDrawable->x;
- *yoff += pict->pDrawable->y;
-
return image;
}
static pixman_image_t *image_from_pict_internal(PicturePtr pict, Bool has_clip,
- int *xoff, int *yoff,
Bool is_alpha_map);
static void
-set_image_properties(pixman_image_t * image, PicturePtr pict, Bool has_clip,
- int *xoff, int *yoff, Bool is_alpha_map)
+set_image_properties(pixman_image_t * image, PicturePtr pict, Bool is_alpha_map)
{
pixman_repeat_t repeat;
pixman_filter_t filter;
if (pict->transform) {
- /* For source images, adjust the transform to account
- * for the drawable offset within the pixman image,
- * then set the offset to 0 as it will be used
- * to compute positions within the transformed image.
- */
- if (!has_clip) {
- struct pixman_transform adjusted;
-
- adjusted = *pict->transform;
- pixman_transform_translate(&adjusted,
- NULL,
- pixman_int_to_fixed(*xoff),
- pixman_int_to_fixed(*yoff));
- pixman_image_set_transform(image, &adjusted);
- *xoff = 0;
- *yoff = 0;
- }
- else
- pixman_image_set_transform(image, pict->transform);
+ pixman_image_set_transform(image, pict->transform);
}
switch (pict->repeatType) {
@@ -399,10 +370,8 @@ set_image_properties(pixman_image_t * image, PicturePtr pict, Bool has_clip,
* as the alpha map for this operation
*/
if (pict->alphaMap && !is_alpha_map) {
- int alpha_xoff, alpha_yoff;
pixman_image_t *alpha_map =
- image_from_pict_internal(pict->alphaMap, FALSE, &alpha_xoff,
- &alpha_yoff, TRUE);
+ image_from_pict_internal(pict->alphaMap, TRUE, TRUE);
pixman_image_set_alpha_map(image, alpha_map, pict->alphaOrigin.x,
pict->alphaOrigin.y);
@@ -436,8 +405,7 @@ set_image_properties(pixman_image_t * image, PicturePtr pict, Bool has_clip,
}
static pixman_image_t *
-image_from_pict_internal(PicturePtr pict, Bool has_clip, int *xoff, int *yoff,
- Bool is_alpha_map)
+image_from_pict_internal(PicturePtr pict, Bool has_clip, Bool is_alpha_map)
{
pixman_image_t *image = NULL;
@@ -445,7 +413,7 @@ image_from_pict_internal(PicturePtr pict, Bool has_clip, int *xoff, int *yoff,
return NULL;
if (pict->pDrawable) {
- image = create_bits_picture(pict, has_clip, xoff, yoff);
+ image = create_bits_picture(pict, has_clip);
}
else if (pict->pSourcePict) {
SourcePict *sp = pict->pSourcePict;
@@ -463,19 +431,17 @@ image_from_pict_internal(PicturePtr pict, Bool has_clip, int *xoff, int *yoff,
else if (sp->type == SourcePictTypeConical)
image = create_conical_gradient_image(gradient);
}
- *xoff = *yoff = 0;
}
if (image)
- set_image_properties(image, pict, has_clip, xoff, yoff, is_alpha_map);
-
+ set_image_properties (image, pict, is_alpha_map);
return image;
}
pixman_image_t *
-image_from_pict(PicturePtr pict, Bool has_clip, int *xoff, int *yoff)
+image_from_pict (PicturePtr pict, Bool has_clip)
{
- return image_from_pict_internal(pict, has_clip, xoff, yoff, FALSE);
+ return image_from_pict_internal (pict, has_clip, FALSE);
}
void
diff --git a/fb/fbtrap.c b/fb/fbtrap.c
index bf82f8f..0145ce9 100644
--- a/fb/fbtrap.c
+++ b/fb/fbtrap.c
@@ -36,13 +36,12 @@ fbAddTraps(PicturePtr pPicture,
INT16 x_off, INT16 y_off, int ntrap, xTrap * traps)
{
pixman_image_t *image;
- int dst_xoff, dst_yoff;
- if (!(image = image_from_pict(pPicture, FALSE, &dst_xoff, &dst_yoff)))
- return;
-
- pixman_add_traps(image, x_off + dst_xoff, y_off + dst_yoff,
- ntrap, (pixman_trap_t *) traps);
+ if (!(image = image_from_pict (pPicture, FALSE)))
+ return;
+
+ pixman_add_traps(image, x_off, y_off,
+ ntrap, (pixman_trap_t *)traps);
free_pixman_pict(pPicture, image);
}
@@ -52,13 +51,12 @@ fbRasterizeTrapezoid(PicturePtr pPicture,
xTrapezoid * trap, int x_off, int y_off)
{
pixman_image_t *image;
- int dst_xoff, dst_yoff;
- if (!(image = image_from_pict(pPicture, FALSE, &dst_xoff, &dst_yoff)))
+ if (!(image = image_from_pict (pPicture, FALSE)))
return;
- pixman_rasterize_trapezoid(image, (pixman_trapezoid_t *) trap,
- x_off + dst_xoff, y_off + dst_yoff);
+ pixman_rasterize_trapezoid(image, (pixman_trapezoid_t *)trap,
+ x_off, y_off);
free_pixman_pict(pPicture, image);
}
@@ -68,14 +66,12 @@ fbAddTriangles(PicturePtr pPicture,
INT16 x_off, INT16 y_off, int ntri, xTriangle * tris)
{
pixman_image_t *image;
- int dst_xoff, dst_yoff;
- if (!(image = image_from_pict(pPicture, FALSE, &dst_xoff, &dst_yoff)))
+ if (!(image = image_from_pict (pPicture, FALSE)))
return;
-
- pixman_add_triangles(image,
- dst_xoff + x_off, dst_yoff + y_off,
- ntri, (pixman_triangle_t *) tris);
+
+ pixman_add_triangles(image, x_off, y_off, ntri,
+ (pixman_triangle_t *)tris);
free_pixman_pict(pPicture, image);
}
@@ -98,13 +94,11 @@ fbShapes(CompositeShapesFunc composite,
int16_t ySrc, int nshapes, int shape_size, const uint8_t * shapes)
{
pixman_image_t *src, *dst;
- int src_xoff, src_yoff;
- int dst_xoff, dst_yoff;
miCompositeSourceValidate(pSrc);
- src = image_from_pict(pSrc, FALSE, &src_xoff, &src_yoff);
- dst = image_from_pict(pDst, TRUE, &dst_xoff, &dst_yoff);
+ src = image_from_pict(pSrc, FALSE);
+ dst = image_from_pict(pDst, TRUE);
if (src && dst) {
pixman_format_code_t format;
@@ -121,9 +115,8 @@ fbShapes(CompositeShapesFunc composite,
for (i = 0; i < nshapes; ++i) {
composite(op, src, dst, format,
- xSrc + src_xoff,
- ySrc + src_yoff,
- dst_xoff, dst_yoff, 1, shapes + i * shape_size);
+ xSrc, ySrc, 0, 0,
+ 1, shapes + i * shape_size);
}
}
else {
@@ -143,8 +136,8 @@ fbShapes(CompositeShapesFunc composite,
}
composite(op, src, dst, format,
- xSrc + src_xoff,
- ySrc + src_yoff, dst_xoff, dst_yoff, nshapes, shapes);
+ xSrc, ySrc, 0, 0,
+ nshapes, shapes);
}
DamageRegionProcessPending(pDst->pDrawable);
--
2.3.2 (Apple Git-55)

46
pkgs/servers/x11/xorg/darwin/function-pointer-test.patch
View file

@ -1,46 +0,0 @@
These are functions, not function pointers, so they always evaluate to true.
diff --git a/hw/xquartz/X11Controller.m b/hw/xquartz/X11Controller.m
index 5445c6f..8574bf1 100644
--- a/hw/xquartz/X11Controller.m
+++ b/hw/xquartz/X11Controller.m
@@ -364,7 +364,6 @@ extern char *bundle_id_prefix;
}
#if MAC_OS_X_VERSION_MAX_ALLOWED >= 1080
- if (asl_log_descriptor) {
char *asl_sender;
aslmsg amsg = asl_new(ASL_TYPE_MSG);
assert(amsg);
@@ -394,7 +393,6 @@ extern char *bundle_id_prefix;
asl_log_descriptor(aslc, amsg, ASL_LEVEL_NOTICE, stderr_pipe[0], ASL_LOG_DESCRIPTOR_READ);
asl_free(amsg);
- }
#endif
/* Do the fork-twice trick to avoid having to reap zombies */
@@ -414,11 +412,9 @@ extern char *bundle_id_prefix;
case 0: /* child2 */
#if MAC_OS_X_VERSION_MAX_ALLOWED >= 1080
- if (asl_log_descriptor) {
/* Replace our stdout/stderr */
dup2(stdout_pipe[1], STDOUT_FILENO);
dup2(stderr_pipe[1], STDERR_FILENO);
- }
#endif
/* close all open files except for standard streams */
@@ -443,11 +439,9 @@ extern char *bundle_id_prefix;
}
#if MAC_OS_X_VERSION_MAX_ALLOWED >= 1080
- if (asl_log_descriptor) {
/* Close the write ends of the pipe */
close(stdout_pipe[1]);
close(stderr_pipe[1]);
- }
#endif
}

42
pkgs/tools/filesystems/ceph/0001-Cleanup-boost-optionals.patch
View file

@ -1,42 +0,0 @@
From 2507ab33236f0da12899fbcdd36535f7c7b68a06 Mon Sep 17 00:00:00 2001
From: "William A. Kennington III" <william@wkennington.com>
Date: Sat, 20 Sep 2014 22:52:31 -0700
Subject: [PATCH] Cleanup boost optionals
---
src/osd/ECBackend.cc | 2 +-
src/osd/ReplicatedPG.cc | 5 ++++-
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/osd/ECBackend.cc b/src/osd/ECBackend.cc
index a87b5b4..c386900 100644
--- a/src/osd/ECBackend.cc
+++ b/src/osd/ECBackend.cc
@@ -81,7 +81,7 @@ ostream &operator<<(ostream &lhs, const ECBackend::read_result_t &rhs)
lhs << "read_result_t(r=" << rhs.r
<< ", errors=" << rhs.errors;
if (rhs.attrs) {
- lhs << ", attrs=" << rhs.attrs;
+ lhs << ", attrs=" << rhs.attrs.get();
} else {
lhs << ", noattrs";
}
diff --git a/src/osd/ReplicatedPG.cc b/src/osd/ReplicatedPG.cc
index 5e5510d..79e8616 100644
--- a/src/osd/ReplicatedPG.cc
+++ b/src/osd/ReplicatedPG.cc
@@ -5259,7 +5259,10 @@ void ReplicatedPG::do_osd_op_effects(OpContext *ctx)
for (list<OpContext::NotifyAck>::iterator p = ctx->notify_acks.begin();
p != ctx->notify_acks.end();
++p) {
- dout(10) << "notify_ack " << make_pair(p->watch_cookie, p->notify_id) << dendl;
+ if (p->watch_cookie)
+ dout(10) << "notify_ack " << make_pair(p->watch_cookie.get(), p->notify_id) << dendl;
+ else
+ dout(10) << "notify_ack " << make_pair("NULL", p->notify_id) << dendl;
for (map<pair<uint64_t, entity_name_t>, WatchRef>::iterator i =
ctx->obc->watchers.begin();
i != ctx->obc->watchers.end();
--
2.1.0

27
pkgs/tools/filesystems/ceph/boost-158.patch
View file

@ -1,27 +0,0 @@
From e7b196a4a091c0ea258866559ba06e7ed0cc4247 Mon Sep 17 00:00:00 2001
From: Kefu Chai <kchai@redhat.com>
Date: Fri, 8 May 2015 15:21:20 +0800
Subject: [PATCH] mon: remove unused variable
* as a side effect, this change silences
http://tracker.ceph.com/issues/11576
Fixes: #11576
Signed-off-by: Kefu Chai <kchai@redhat.com>
---
src/mon/OSDMonitor.cc | 2 --
1 file changed, 2 deletions(-)
diff --git a/src/mon/OSDMonitor.cc b/src/mon/OSDMonitor.cc
index 73dcd5f..7caaa45 100644
--- a/src/mon/OSDMonitor.cc
+++ b/src/mon/OSDMonitor.cc
@@ -3174,8 +3174,6 @@ bool OSDMonitor::preprocess_command(MMonCommand *m)
} else if (prefix == "osd crush get-tunable") {
string tunable;
cmd_getval(g_ceph_context, cmdmap, "tunable", tunable);
- int value;
- cmd_getval(g_ceph_context, cmdmap, "value", value);
ostringstream rss;
if (f)
f->open_object_section("tunable");

17
pkgs/tools/filesystems/ceph/fix-pgrefdebugging.patch
View file

@ -1,17 +0,0 @@
diff --git a/configure.ac b/configure.ac
index 38ab682..febb58e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -541,8 +541,10 @@ fi
#set pg ref debugging?
AC_ARG_ENABLE([pgrefdebugging],
[AS_HELP_STRING([--enable-pgrefdebugging], [enable pg ref debugging])],
- [AC_DEFINE([PG_DEBUG_REFS], [1], [Defined if you want pg ref debugging])],
- [])
+ [], [enable_pgrefdebugging=no])
+AS_IF([test "x$enable_pgrefdebugging" = "xyes"],
+ [AC_DEFINE([PG_DEBUG_REFS], [1], [Defined if you want pg ref debugging])],
+ [])
#
# Java is painful

190
pkgs/tools/misc/debootstrap/subst.patch
View file

@ -1,190 +0,0 @@
diff --git a/usr/sbin/debootstrap b/usr/sbin/debootstrap
index a0dacf3..6331b3d 100755
--- a/usr/sbin/debootstrap
+++ b/usr/sbin/debootstrap
@@ -14,7 +14,7 @@ if [ "$DEBOOTSTRAP_DIR" = "" ]; then
fi
fi
-if [ -x "/usr/bin/gettext" ]; then
+if [ -x "@gettext@" ]; then
USE_GETTEXT_INTERACTION=yes
fi
@@ -334,12 +334,12 @@ fi
if [ "$ARCH" != "" ]; then
true
-elif [ -x /usr/bin/dpkg ] && \
- /usr/bin/dpkg --print-installation-architecture >/dev/null 2>&1; then
- ARCH=`/usr/bin/dpkg --print-installation-architecture`
+elif [ -x @dpkg@ ] && \
+ @dpkg@ --print-installation-architecture >/dev/null 2>&1; then
+ ARCH=`@dpkg@ --print-installation-architecture`
elif type udpkg >/dev/null 2>&1 && \
udpkg --print-architecture >/dev/null 2>&1; then
- ARCH=`/usr/bin/udpkg --print-architecture`
+ ARCH=`@udpkg@ --print-architecture`
elif [ -e $DEBOOTSTRAP_DIR/arch ]; then
ARCH=`cat $DEBOOTSTRAP_DIR/arch`
else
@@ -349,7 +349,7 @@ fi
export ARCH SUITE TARGET
if am_doing_phase first_stage second_stage; then
- if [ -x /usr/bin/id ] && [ `id -u` -ne 0 ]; then
+ if [ -x @id@ ] && [ `id -u` -ne 0 ]; then
error 1 NEEDROOT "debootstrap can only run as root"
fi
# Ensure that we can create working devices and executables on the target.
diff --git a/usr/share/debootstrap/functions b/usr/share/debootstrap/functions
index b9180ba..33feac3 100755
--- a/usr/share/debootstrap/functions
+++ b/usr/share/debootstrap/functions
@@ -914,7 +914,7 @@ setup_dselect_method () {
# For the debootstrap udeb, pkgdetails is provided by the bootstrap-base
# udeb, so the pkgdetails API needs to be kept in sync with that.
-if [ -x /usr/bin/perl ]; then
+if [ -x @perl@ ]; then
PKGDETAILS=pkgdetails_perl
pkgdetails_field () {
@@ -1264,7 +1264,7 @@ close LD_SO_CONF;
unshift @ld_library_path, split(/:/, $ENV{LD_LIBRARY_PATH});
-$unamearch = `/bin/uname -m`;
+$unamearch = `@uname -m`;
chomp $unamearch;
foreach my $file (@ARGV) {
diff --git a/usr/share/debootstrap/functions b/usr/share/debootstrap/functions
index 730df3a..197b2fb 100755
--- a/usr/share/debootstrap/functions
+++ b/usr/share/debootstrap/functions
@@ -18,7 +18,7 @@ error () {
for x in "$@"; do echo "EA: $x"; done
echo "EF: $fmt") >&4
elif [ "$USE_GETTEXT_INTERACTION" ]; then
- (printf "E: `LANG=$GETTEXT_LANG gettext debootstrap "$fmt"`\n" "$@") >&4
+ (printf "E: `LANG=$GETTEXT_LANG @gettext@ debootstrap "$fmt"`\n" "$@") >&4
else
(printf "E: $fmt\n" "$@") >&4
fi
@@ -35,7 +35,7 @@ warning () {
for x in "$@"; do echo "WA: $x"; done
echo "WF: $fmt") >&4
elif [ "$USE_GETTEXT_INTERACTION" ]; then
- printf "W: `LANG=$GETTEXT_LANG gettext debootstrap "$fmt"`\n" "$@" >&4
+ printf "W: `LANG=$GETTEXT_LANG @gettext@ debootstrap "$fmt"`\n" "$@" >&4
else
printf "W: $fmt\n" "$@" >&4
fi
@@ -51,7 +51,7 @@ info () {
for x in "$@"; do echo "IA: $x"; done
echo "IF: $fmt") >&4
elif [ "$USE_GETTEXT_INTERACTION" ]; then
- printf "I: `LANG=$GETTEXT_LANG gettext debootstrap "$fmt"`\n" "$@" >&4
+ printf "I: `LANG=$GETTEXT_LANG @gettext@ debootstrap "$fmt"`\n" "$@" >&4
else
printf "I: $fmt\n" "$@" >&4
fi
diff --git a/usr/share/debootstrap/functions b/usr/share/debootstrap/functions
index 98d2056..c1d7430 100755
--- a/usr/share/debootstrap/functions
+++ b/usr/share/debootstrap/functions
@@ -501,9 +501,9 @@ download_release_indices () {
local md=
if [ "$normmd" != "" ]; then
md="$normmd"
- elif [ -x /bin/bunzip2 ] && [ "$bz2md" != "" ]; then
+ elif [ -x @bunzip2@ ] && [ "$bz2md" != "" ]; then
md="$bz2md"
- elif [ -x /bin/gunzip ] && [ "$gzmd" != "" ]; then
+ elif [ -x @gunzip@ ] && [ "$gzmd" != "" ]; then
md="$gzmd"
fi
if [ "$md" != "" ]; then
@@ -529,11 +529,11 @@ download_release_indices () {
ext="$ext $normmd ."
md="$normmd"
fi
- if [ -x /bin/bunzip2 ] && [ "$bz2md" != "" ]; then
+ if [ -x @bunzip2@ ] && [ "$bz2md" != "" ]; then
ext="$ext $bz2md bz2"
md="${md:-$bz2md}"
fi
- if [ -x /bin/gunzip ] && [ "$gzmd" != "" ]; then
+ if [ -x @gunzip@ ] && [ "$gzmd" != "" ]; then
ext="$ext $gzmd gz"
md="${md:-$gzmd}"
fi
@@ -663,7 +663,7 @@ download_main_indices () {
for c in $COMPONENTS; do
local path="dists/$SUITE/$c/binary-$ARCH/Packages"
local pkgdest="$TARGET/$($DLDEST pkg "$SUITE" "$c" "$ARCH" "$m" "$path")"
- if [ -x /bin/gunzip ] && get "$m/${path}.gz" "${pkgdest}.gz"; then
+ if [ -x @gunzip@ ] && get "$m/${path}.gz" "${pkgdest}.gz"; then
rm -f "$pkgdest"
gunzip "$pkgdest.gz"
elif get "$m/$path" "$pkgdest"; then
diff --git a/usr/share/debootstrap/functions b/usr/share/debootstrap/functions
index 15051e8..a5de422 100755
--- a/usr/share/debootstrap/functions
+++ b/usr/share/debootstrap/functions
@@ -70,13 +70,13 @@ wgetprogress () {
[ ! "$verbose" ] && QSWITCH="-q"
local ret=0
if [ "$USE_DEBIANINSTALLER_INTERACTION" ] && [ "$PROGRESS_NEXT" ]; then
- wget "$@" 2>&1 >/dev/null | $PKGDETAILS "WGET%" $PROGRESS_NOW $PROGRESS_NEXT $PROGRESS_END >&3
+ @wget@ "$@" 2>&1 >/dev/null | $PKGDETAILS "WGET%" $PROGRESS_NOW $PROGRESS_NEXT $PROGRESS_END >&3
ret=$?
elif [ "$USE_BOOTFLOPPIES_INTERACTION" ] && [ "$PROGRESS_NEXT" ]; then
- wget "$@" 2>&1 >/dev/null | $PKGDETAILS "WGET%" $PROGRESS_NOW $PROGRESS_NEXT $PROGRESS_END "$PROGRESS_WHAT" >&3
+ @wget@ "$@" 2>&1 >/dev/null | $PKGDETAILS "WGET%" $PROGRESS_NOW $PROGRESS_NEXT $PROGRESS_END "$PROGRESS_WHAT" >&3
ret=$?
else
- wget $QSWITCH "$@"
+ @wget@ $QSWITCH "$@"
ret=$?
fi
return $ret
diff --git a/usr/share/debootstrap/functions b/usr/share/debootstrap/functions
index 8d60d8e..e238644 100755
--- a/usr/share/debootstrap/functions
+++ b/usr/share/debootstrap/functions
@@ -921,7 +921,7 @@ if [ -x ]; then
pkgdetails_field () {
# uniq field mirror Packages values...
- perl -le '
+ @perl@ -le '
$unique = shift @ARGV; $field = lc(shift @ARGV); $mirror = shift @ARGV;
$cnt = length(@ARGV);
%fields = map { $_, 0 } @ARGV;
@@ -959,7 +959,7 @@ for $v (keys %fields) {
pkgdetails_perl () {
if [ "$1" = "WGET%" ]; then
shift;
- perl -e '
+ @perl@ -e '
$v = 0;
while (read STDIN, $x, 1) {
if ($x =~ m/\d/) {
@@ -974,7 +974,7 @@ while (read STDIN, $x, 1) {
}' "$@"
elif [ "$1" = "GETDEPS" ]; then
local pkgdest="$2"; shift; shift
- perl -e '
+ @perl@ -e '
while (<STDIN>) {
chomp;
$in = 1 if (/^Package: (.*)$/ && grep {$_ eq $1} @ARGV);

114
pkgs/tools/networking/isync/isync-recursice-imap.patch
View file

@ -1,114 +0,0 @@
diff -rupN ../isync-1.0.4_original/./src/drv_imap.c ./src/drv_imap.c
--- ../isync-1.0.4_original/./src/drv_imap.c 2007-09-22 01:44:12.000000000 -0700
+++ ./src/drv_imap.c 2009-04-22 15:28:58.000000000 -0700
@@ -1678,7 +1678,7 @@ imap_list( store_t *gctx, string_list_t
int ret;
imap->boxes = 0;
- if ((ret = imap_exec_b( ctx, 0, "LIST \"\" \"%s%%\"", ctx->prefix )) != DRV_OK)
+ if ((ret = imap_exec_b( ctx, 0, "LIST \"\" \"%s*\"", ctx->prefix )) != DRV_OK)
return ret;
*retb = imap->boxes;
return DRV_OK;
diff -rupN ../isync-1.0.4_original/./src/drv_maildir.c ./src/drv_maildir.c
--- ../isync-1.0.4_original/./src/drv_maildir.c 2008-02-23 01:02:21.000000000 -0800
+++ ./src/drv_maildir.c 2009-04-22 15:34:05.000000000 -0700
@@ -24,6 +24,7 @@
#include "isync.h"
+#include <assert.h>
#include <limits.h>
#include <stdlib.h>
#include <string.h>
@@ -46,6 +47,56 @@
#include <db.h>
#endif /* USE_DB */
+static void encode_maildir_box(const char* in, char* out, size_t size)
+{
+ const char* p;
+ char c;
+ size_t out_chars;
+
+ for (p = in, out_chars = 0; (c = *p); ++p, ++out, ++out_chars) {
+ assert(out_chars < size);
+ if (c == '/') {
+ assert(out_chars < size - 1);
+ *(out++) = '~';
+ *out = '-';
+ ++out_chars;
+ }
+ else if (c == '~') {
+ assert(out_chars < size - 1);
+ *(out++) = '~';
+ *out = '~';
+ ++out_chars;
+ }
+ else {
+ *out = c;
+ }
+ }
+ assert(out_chars < size);
+ *out = 0;
+}
+
+static void decode_maildir_box(const char* in, char* out, size_t size)
+{
+ const char* p;
+ char c;
+ size_t out_chars;
+
+ for (p = in, out_chars = 0; (c = *p); ++p, ++out, ++out_chars) {
+ assert(out_chars < size);
+ if (c == '~') {
+ assert(out_chars < size - 1);
+ c = *(++p);
+ *out = (c == '-' ? '/' : '~');
+ ++out_chars;
+ }
+ else {
+ *out = c;
+ }
+ }
+ assert(out_chars < size);
+ *out = 0;
+}
+
typedef struct maildir_store_conf {
store_conf_t gen;
char *inbox;
@@ -164,14 +215,17 @@ maildir_list( store_t *gctx, string_list
const char *inbox = ((maildir_store_conf_t *)gctx->conf)->inbox;
int bl;
struct stat st;
- char buf[PATH_MAX];
+ char buf[PATH_MAX], box[PATH_MAX];
if (*de->d_name == '.')
continue;
bl = nfsnprintf( buf, sizeof(buf), "%s%s/cur", gctx->conf->path, de->d_name );
if (stat( buf, &st ) || !S_ISDIR(st.st_mode))
continue;
- add_string_list( retb, !memcmp( buf, inbox, bl - 4 ) && !inbox[bl - 4] ? "INBOX" : de->d_name );
+
+ decode_maildir_box(de->d_name, box, PATH_MAX);
+ add_string_list( retb,
+ !memcmp( buf, inbox, bl - 4 ) && !inbox[bl - 4] ? "INBOX" : box );
}
closedir (dir);
@@ -717,8 +771,11 @@ maildir_prepare( store_t *gctx, int opts
#endif /* USE_DB */
if (!strcmp( gctx->name, "INBOX" ))
gctx->path = nfstrdup( ((maildir_store_conf_t *)gctx->conf)->inbox );
- else
- nfasprintf( &gctx->path, "%s%s", gctx->conf->path, gctx->name );
+ else {
+ char box[_POSIX_PATH_MAX];
+ encode_maildir_box(gctx->name, box, _POSIX_PATH_MAX);
+ nfasprintf( &gctx->path, "%s%s", gctx->conf->path, box );
+ }
if (opts & OPEN_SETFLAGS)
opts |= OPEN_OLD;
if (opts & OPEN_EXPUNGE)

218
pkgs/tools/networking/mtr/edd425.patch
View file

@ -1,218 +0,0 @@
diff --git a/asn.c b/asn.c
index eac8d5e..33622ca 100644
--- a/asn.c
+++ b/asn.c
@@ -16,6 +16,8 @@
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
+#include "config.h"
+
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
@@ -35,7 +37,6 @@
#include <sys/socket.h>
#include <search.h>
-#include "config.h"
#include "mtr.h"
#include "asn.h"
diff --git a/curses.c b/curses.c
index eacc40d..b96daee 100644
--- a/curses.c
+++ b/curses.c
@@ -16,7 +16,8 @@
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
-#include <config.h>
+#include "config.h"
+
#include <strings.h>
#include <unistd.h>
diff --git a/display.c b/display.c
index aa369ee..3545467 100644
--- a/display.c
+++ b/display.c
@@ -16,7 +16,8 @@
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
-#include <config.h>
+#include "config.h"
+
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
diff --git a/dns.c b/dns.c
index e89fd4b..4076b71 100644
--- a/dns.c
+++ b/dns.c
@@ -22,7 +22,8 @@
Released under GPL, as above.
*/
-#include <config.h>
+#include "config.h"
+
#include <sys/types.h>
#include <sys/time.h>
#include <sys/select.h>
diff --git a/getopt.c b/getopt.c
index 3d43e26..e2f8758 100644
--- a/getopt.c
+++ b/getopt.c
@@ -27,7 +27,7 @@
#endif
#ifdef HAVE_CONFIG_H
-#include <config.h>
+#include "config.h"
#endif
#if !defined (__STDC__) || !__STDC__
diff --git a/getopt1.c b/getopt1.c
index bccf8b2..0a2d405 100644
--- a/getopt1.c
+++ b/getopt1.c
@@ -16,7 +16,7 @@
Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. */
#ifdef HAVE_CONFIG_H
-#include <config.h>
+#include "config.h"
#endif
#include "getopt.h"
diff --git a/gtk.c b/gtk.c
index 38ed507..7faa132 100644
--- a/gtk.c
+++ b/gtk.c
@@ -17,7 +17,7 @@
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
-#include <config.h>
+#include "config.h"
#include <stdio.h>
#include <stdlib.h>
diff --git a/mtr.c b/mtr.c
index 50eb464..416b744 100644
--- a/mtr.c
+++ b/mtr.c
@@ -16,19 +16,21 @@
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
+#include "config.h"
+
#include <sys/types.h>
-#include <config.h>
-#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <netinet/in.h>
-#include <sys/socket.h>
#include <unistd.h>
-#include <strings.h>
-#include <time.h>
#include <errno.h>
#include <string.h>
+#include <strings.h>
+
+#include <netdb.h>
+#include <netinet/in.h>
+#include <sys/socket.h>
+#include <time.h>
#include <ctype.h>
#include <assert.h>
#include <fcntl.h>
diff --git a/net.c b/net.c
index 1c8d28f..d648804 100644
--- a/net.c
+++ b/net.c
@@ -16,7 +16,7 @@
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
-#include <config.h>
+#include "config.h"
#if defined(HAVE_SYS_XTI_H)
#include <sys/xti.h>
@@ -1562,4 +1562,4 @@ void net_harvest_fds(void)
net_add_fds(&writefd, &maxfd);
select(maxfd, NULL, &writefd, NULL, &tv);
net_process_fds(&writefd);
-}
\ No newline at end of file
+}
diff --git a/raw.c b/raw.c
index 8b0df47..0e1f4f4 100644
--- a/raw.c
+++ b/raw.c
@@ -18,7 +18,8 @@
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
-#include <config.h>
+#include "config.h"
+
#include <ctype.h>
#include <stdlib.h>
#include <stdio.h>
@@ -27,7 +28,6 @@
#include <netinet/in.h>
#include <arpa/inet.h>
-
#include "mtr.h"
#include "raw.h"
#include "net.h"
diff --git a/report.c b/report.c
index 71040e4..39b2fb2 100644
--- a/report.c
+++ b/report.c
@@ -16,7 +16,8 @@
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
-#include <config.h>
+#include "config.h"
+
#include <sys/types.h>
#include <stdio.h>
#include <netdb.h>
diff --git a/select.c b/select.c
index 31bfd5f..7553675 100644
--- a/select.c
+++ b/select.c
@@ -16,7 +16,8 @@
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
-#include <config.h>
+#include "config.h"
+
#include <sys/types.h>
#include <sys/time.h>
#include <stdlib.h>
diff --git a/split.c b/split.c
index 642353e..5ead235 100644
--- a/split.c
+++ b/split.c
@@ -20,7 +20,8 @@
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
-#include <config.h>
+#include "config.h"
+
#include <ctype.h>
#include <stdlib.h>
#include <stdio.h>

161
pkgs/tools/networking/ntp/no-openssl.patch
View file

@ -1,161 +0,0 @@
Fix ntp-keygen build without OpenSSL
http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=5497b345z5MNTuNvJWuqPSje25NQTg
Index: ntp-4.2.8/Makefile.am
===================================================================
--- ntp-4.2.8.orig/Makefile.am
+++ ntp-4.2.8/Makefile.am
@@ -2,7 +2,10 @@ ACLOCAL_AMFLAGS = -I sntp/m4 -I sntp/lib
NULL =
+# moved sntp first to get libtool and libevent built.
+
SUBDIRS = \
+ sntp \
scripts \
include \
libntp \
@@ -17,7 +20,6 @@ SUBDIRS = \
clockstuff \
kernel \
util \
- sntp \
tests \
$(NULL)
@@ -64,7 +66,6 @@ BUILT_SOURCES = \
.gcc-warning \
libtool \
html/.datecheck \
- sntp/built-sources-only \
$(srcdir)/COPYRIGHT \
$(srcdir)/.checkChangeLog \
$(NULL)
Index: ntp-4.2.8/configure.ac
===================================================================
--- ntp-4.2.8.orig/configure.ac
+++ ntp-4.2.8/configure.ac
@@ -102,7 +102,7 @@ esac
enable_nls=no
LIBOPTS_CHECK_NOBUILD([sntp/libopts])
-NTP_ENABLE_LOCAL_LIBEVENT
+NTP_LIBEVENT_CHECK_NOBUILD([2], [sntp/libevent])
NTP_LIBNTP
@@ -771,6 +771,10 @@ esac
####
+AC_CHECK_FUNCS([arc4random_buf])
+
+####
+
saved_LIBS="$LIBS"
LIBS="$LIBS $LDADD_LIBNTP"
AC_CHECK_FUNCS([daemon])
Index: ntp-4.2.8/libntp/ntp_crypto_rnd.c
===================================================================
--- ntp-4.2.8.orig/libntp/ntp_crypto_rnd.c
+++ ntp-4.2.8/libntp/ntp_crypto_rnd.c
@@ -24,6 +24,21 @@
int crypto_rand_init = 0;
#endif
+#ifndef HAVE_ARC4RANDOM_BUF
+static void
+arc4random_buf(void *buf, size_t nbytes);
+
+void
+evutil_secure_rng_get_bytes(void *buf, size_t nbytes);
+
+static void
+arc4random_buf(void *buf, size_t nbytes)
+{
+ evutil_secure_rng_get_bytes(buf, nbytes);
+ return;
+}
+#endif
+
/*
* As of late 2014, here's how we plan to provide cryptographic-quality
* random numbers:
Index: ntp-4.2.8/sntp/configure.ac
===================================================================
--- ntp-4.2.8.orig/sntp/configure.ac
+++ ntp-4.2.8/sntp/configure.ac
@@ -97,11 +97,14 @@ esac
enable_nls=no
LIBOPTS_CHECK
-AM_COND_IF(
- [BUILD_SNTP],
- [NTP_LIBEVENT_CHECK],
- [NTP_LIBEVENT_CHECK_NOBUILD]
-)
+# From when we only used libevent for sntp:
+#AM_COND_IF(
+# [BUILD_SNTP],
+# [NTP_LIBEVENT_CHECK],
+# [NTP_LIBEVENT_CHECK_NOBUILD]
+#)
+
+NTP_LIBEVENT_CHECK([2])
# Checks for libraries.
Index: ntp-4.2.8/sntp/m4/ntp_libevent.m4
===================================================================
--- ntp-4.2.8.orig/sntp/m4/ntp_libevent.m4
+++ ntp-4.2.8/sntp/m4/ntp_libevent.m4
@@ -1,4 +1,25 @@
-dnl NTP_ENABLE_LOCAL_LIBEVENT -*- Autoconf -*-
+# SYNOPSIS -*- Autoconf -*-
+#
+# NTP_ENABLE_LOCAL_LIBEVENT
+# NTP_LIBEVENT_CHECK([MINVERSION [, DIR]])
+# NTP_LIBEVENT_CHECK_NOBUILD([MINVERSION [, DIR]])
+#
+# DESCRIPTION
+#
+# AUTHOR
+#
+# Harlan Stenn
+#
+# LICENSE
+#
+# This file is Copyright (c) 2014 Network Time Foundation
+#
+# Copying and distribution of this file, with or without modification, are
+# permitted in any medium without royalty provided the copyright notice,
+# author attribution and this notice are preserved. This file is offered
+# as-is, without any warranty.
+
+dnl NTP_ENABLE_LOCAL_LIBEVENT
dnl
dnl Provide only the --enable-local-libevent command-line option.
dnl
@@ -29,7 +50,7 @@ dnl If NOBUILD is provided as the 3rd ar
dnl but DO NOT invoke DIR/configure if we are going to use our bundled
dnl version. This may be the case for nested packages.
dnl
-dnl provide --enable-local-libevent .
+dnl provides --enable-local-libevent .
dnl
dnl Examples:
dnl
Index: ntp-4.2.8/util/Makefile.am
===================================================================
--- ntp-4.2.8.orig/util/Makefile.am
+++ ntp-4.2.8/util/Makefile.am
@@ -19,6 +19,7 @@ AM_LDFLAGS = $(LDFLAGS_NTP)
LDADD= ../libntp/libntp.a $(LDADD_LIBNTP) $(LIBM) $(PTHREAD_LIBS)
tg2_LDADD= ../libntp/libntp.a $(LDADD_LIBNTP) $(LIBM)
ntp_keygen_LDADD = version.o $(LIBOPTS_LDADD) ../libntp/libntp.a
+ntp_keygen_LDADD += $(LDADD_LIBEVENT)
ntp_keygen_LDADD += $(LDADD_LIBNTP) $(PTHREAD_LIBS) $(LDADD_NTP) $(LIBM)
ntp_keygen_SOURCES = ntp-keygen.c ntp-keygen-opts.c ntp-keygen-opts.h