pyrox.dev / nixpkgs
lol
fork atom

Remove no longer (or never) referenced patches

55 files changed, 6041 deletions. Tested with `nix-build -A tarball`.

Tobias Geerinckx-Rice 32d40f0f 5fa5eae0

-6041
-15
pkgs/applications/graphics/inkscape/configure-python-libs.patch
··· 1 - Work around Python misdetection and set `PYTHON_LIBS' to 2 - "-L/nix/store/... -lpython2.4" instead of "/nix/store/.../libpython2.4.so". 3 - Changed to 2.5. 4 - 5 - --- inkscape-0.45.1/configure 2007-03-20 14:56:43.000000000 +0100 6 - +++ inkscape-0.45.1/configure 2008-02-22 16:19:10.000000000 +0100 7 - @@ -10202,7 +10202,7 @@ if test "x$with_python" = "xyes"; then 8 - if test "$?" -gt "0"; then 9 - with_python="no" 10 - else 11 - - checkPYTHON_LIBS=`python -c "import distutils.sysconfig ; print '%s/%s %s' % (distutils.sysconfig.get_config_var('LIBPL'),distutils.sysconfig.get_config_var('LDLIBRARY'),distutils.sysconfig.get_config_var('LIBS'))" 2>/dev/null` 12 - + checkPYTHON_LIBS=`python -c "import distutils.sysconfig ; print '-L%s -lpython2.5 %s' % (distutils.sysconfig.get_config_var('LIBDIR'),distutils.sysconfig.get_config_var('LIBS'))" 2>/dev/null` 13 - if test "$?" -gt "0"; then 14 - with_python="no" 15 - else
-12
pkgs/applications/kde-apps-15.12/kdelibs/polkit-install.patch
··· 1 - diff -ru -x '*~' kdelibs-4.6.90-orig/kdecore/auth/ConfigureChecks.cmake kdelibs-4.6.90/kdecore/auth/ConfigureChecks.cmake 2 - --- kdelibs-4.6.90-orig/kdecore/auth/ConfigureChecks.cmake 2011-05-20 22:24:54.000000000 +0200 3 - +++ kdelibs-4.6.90/kdecore/auth/ConfigureChecks.cmake 2011-07-12 14:03:00.000000000 +0200 4 - @@ -139,7 +139,7 @@ 5 - ${CMAKE_INSTALL_PREFIX} _KDE4_AUTH_POLICY_FILES_INSTALL_DIR 6 - ${POLKITQT-1_POLICY_FILES_INSTALL_DIR}) 7 - 8 - - set(KDE4_AUTH_POLICY_FILES_INSTALL_DIR ${_KDE4_AUTH_POLICY_FILES_INSTALL_DIR} CACHE STRING 9 - + set(KDE4_AUTH_POLICY_FILES_INSTALL_DIR "\${CMAKE_INSTALL_PREFIX}/share/polkit-1/actions" CACHE STRING 10 - "Where policy files generated by KAuth will be installed" FORCE) 11 - elseif(KDE4_AUTH_BACKEND_NAME STREQUAL "FAKE") 12 - set (KAUTH_COMPILING_FAKE_BACKEND TRUE)
-59
pkgs/applications/misc/slic3r/fix-no-display.patch
··· 1 - diff --git a/Build.PL b/Build.PL 2 - index 8b21c15..fd3aff0 100644 3 - --- a/Build.PL 4 - +++ b/Build.PL 5 - @@ -33,9 +33,6 @@ my $sudo = grep { $_ eq '--sudo' } @ARGV; 6 - my $gui = grep { $_ eq '--gui' } @ARGV; 7 - my $xs_only = grep { $_ eq '--xs' } @ARGV; 8 - if ($gui) { 9 - - %prereqs = qw( 10 - - Wx 0.9918 11 - - ); 12 - %recommends = qw( 13 - Growl::GNTP 0.15 14 - Wx::GLCanvas 0 15 - diff --git a/lib/Slic3r/GUI.pm b/lib/Slic3r/GUI.pm 16 - index 842ff44..ea0af64 100644 17 - --- a/lib/Slic3r/GUI.pm 18 - +++ b/lib/Slic3r/GUI.pm 19 - @@ -26,7 +26,7 @@ use Slic3r::GUI::OptionsGroup::Field; 20 - use Slic3r::GUI::SimpleTab; 21 - use Slic3r::GUI::Tab; 22 - 23 - -our $have_OpenGL = eval "use Slic3r::GUI::PreviewCanvas; 1"; 24 - +our $have_OpenGL = 0; 25 - 26 - use Wx 0.9901 qw(:bitmap :dialog :icon :id :misc :systemsettings :toplevelwindow 27 - :filedialog); 28 - diff --git a/lib/Slic3r/GUI/Plater/2DToolpaths.pm b/lib/Slic3r/GUI/Plater/2DToolpaths.pm 29 - index 8e48a72..7bed973 100644 30 - --- a/lib/Slic3r/GUI/Plater/2DToolpaths.pm 31 - +++ b/lib/Slic3r/GUI/Plater/2DToolpaths.pm 32 - @@ -90,18 +90,20 @@ sub set_z { 33 - package Slic3r::GUI::Plater::2DToolpaths::Canvas; 34 - 35 - use Wx::Event qw(EVT_PAINT EVT_SIZE EVT_ERASE_BACKGROUND EVT_IDLE EVT_MOUSEWHEEL EVT_MOUSE_EVENTS); 36 - -use OpenGL qw(:glconstants :glfunctions :glufunctions); 37 - -use base qw(Wx::GLCanvas Class::Accessor); 38 - -use Wx::GLCanvas qw(:all); 39 - use List::Util qw(min first); 40 - use Slic3r::Geometry qw(scale unscale epsilon); 41 - 42 - __PACKAGE__->mk_accessors(qw(print z layers color init dirty bb)); 43 - 44 - -# make OpenGL::Array thread-safe 45 - -{ 46 - - no warnings 'redefine'; 47 - - *OpenGL::Array::CLONE_SKIP = sub { 1 }; 48 - +if ($Slic3r::GUI::have_OpenGL) { 49 - + use OpenGL qw(:glconstants :glfunctions :glufunctions); 50 - + use Wx::GLCanvas qw(:all); 51 - + use base qw(Wx::GLCanvas Class::Accessor); 52 - + # make OpenGL::Array thread-safe 53 - + { 54 - + no warnings 'redefine'; 55 - + *OpenGL::Array::CLONE_SKIP = sub { 1 }; 56 - + } 57 - } 58 - 59 - sub new {
-12
pkgs/applications/networking/browsers/mozilla-plugins/fribid/emulated-version.patch
··· 1 - --- a/common/defines.h 2012-11-14 18:02:43.000000000 +0100 2 - +++ b/common/defines.h 2013-09-20 19:17:45.669290630 +0200 3 - @@ -39,7 +39,7 @@ 4 - #define RELEASE_TIME 1352912534 5 - #define IPCVERSION "10" 6 - 7 - -#define EMULATED_VERSION "4.15.0.14" 8 - +#define EMULATED_VERSION "4.17.0.11" // Was 4.15.0.14 9 - #define DNSVERSION "2" 10 - #define STATUSDOMAIN ".status.fribid.se" 11 - 12 -
-16
pkgs/applications/networking/browsers/mozilla-plugins/mplayerplug-in/icecat3-idldir.patch
··· 1 - We have to run `xpidl', but we need to provide it with the right IDL 2 - directory. With GNU IceCat 3 (and possibly Firefox 3), this happens to be 3 - "$(pkg-config --variable=idldir libxul)/stable". 4 - 5 - --- mplayerplug-in-3.55/Makefile.in 2008-01-03 01:20:33.000000000 +0100 6 - +++ mplayerplug-in-3.55/Makefile.in 2008-09-29 22:47:20.000000000 +0200 7 - @@ -46,7 +46,7 @@ datadir=@datadir@ 8 - LOCALEDIR=$(datadir)/locale 9 - MOZILLA_HOME=@MOZILLA_HOME@ 10 - GECKO_XPIDL=@GECKO_XPIDL@ 11 - -GECKO_IDLDIR=@GECKO_IDLDIR@ 12 - +GECKO_IDLDIR=@GECKO_IDLDIR@/stable 13 - 14 - PIXMAPS=pixmaps/logo.xpm pixmaps/progress_left.xpm pixmaps/progress_right.xpm \ 15 - pixmaps/progress_fill.xpm pixmaps/progress_middle.xpm 16 -
-25
pkgs/applications/networking/instant-messengers/freetalk/01_callbacks_const_fix.diff
··· 1 - Description: Patch to fix FTBFS due to a modified const in src/callbacks.cc 2 - Forwarded: yes 3 - Origin: Ubuntu, 4 - https://bugs.launchpad.net/ubuntu/+source/freetalk/+bug/443241 5 - Bug-Debian: http://bugs.debian.org/560535 6 - Author: Jon Bernard <bernardj@gmail.com> 7 - --- 3.2-1.orig/src/callbacks.cc 2008-11-15 10:41:22.000000000 +0000 8 - +++ 3.2-1/src/callbacks.cc 2009-10-21 15:50:49.000000000 +0100 9 - @@ -116,13 +116,13 @@ ft_msg_msg_handler (LmMessageHandler *ha 10 - LmMessage *msg, gpointer user_data) 11 - { 12 - LmMessageNode *root, *body, *x; 13 - - const char *from, *msg_str, *type; 14 - - char *ts = NULL; 15 - + const char *msg_str, *type; 16 - + char *from, *ts = NULL; 17 - 18 - root = lm_message_get_node (msg); 19 - body = lm_message_node_get_child (root, "body"); 20 - 21 - - from = lm_message_node_get_attribute (msg->node, "from"); 22 - + from = (char *) lm_message_node_get_attribute (msg->node, "from"); 23 - 24 - /* since the file-transfer happens in-band with messages, we can no longer 25 - * ignore messages with no 'body' */
-28
pkgs/applications/networking/instant-messengers/silc-client/server_setup.patch
··· 1 - Add function to replace the behaviour of server_setup_find_port which was removed from irssi on revision 5125. Fixes bug #577501. 2 - --- a/apps/irssi/src/silc/core/client_ops.c 3 - +++ b/apps/irssi/src/silc/core/client_ops.c 4 - @@ -2790,6 +2790,15 @@ 5 - silc_free(a); 6 - } 7 - 8 - +/* helper function to emulate server_setup_find_port */ 9 - +static SERVER_SETUP_REC *silc_server_setup_find_port(const char *address, 10 - + int port) { 11 - + SERVER_SETUP_REC *rec; 12 - + 13 - + rec = server_setup_find(address, port, NULL); 14 - + return (rec == NULL || rec->port != port) ? NULL : rec; 15 - +} 16 - + 17 - /* Find authentication data by hostname and port. The hostname may be IP 18 - address as well.*/ 19 - 20 - @@ -2811,7 +2820,7 @@ 21 - 22 - /* Check whether we find the password for this server in our 23 - configuration. If it's set, always send it server. */ 24 - - setup = server_setup_find_port(hostname, port); 25 - + setup = silc_server_setup_find_port(hostname, port); 26 - if (setup && setup->password) { 27 - completion(SILC_AUTH_PASSWORD, setup->password, strlen(setup->password), 28 - context);
-18
pkgs/applications/networking/sync/lsyncd/configure-a2x-fix.patch
··· 1 - diff -aur lsyncd-release-2.1.5.orig/configure.ac lsyncd-release-2.1.5/configure.ac 2 - --- lsyncd-release-2.1.5.orig/configure.ac 2013-06-07 18:24:02.000000000 +0600 3 - +++ lsyncd-release-2.1.5/configure.ac 2014-03-04 13:24:15.390350812 +0600 4 - @@ -15,10 +15,10 @@ 5 - AC_PROG_INSTALL 6 - AC_PROG_MAKE_SET 7 - 8 - -#AC_PATH_PROG([A2X], [a2x], [no]) 9 - -#if test x${A2X} = xno ; then 10 - -# AC_MSG_ERROR([Program 'a2x' (package asciidoc) is required]) 11 - -#fi 12 - +AC_PATH_PROG([A2X], [a2x], [no]) 13 - +if test x${A2X} = xno ; then 14 - + AC_MSG_ERROR([Program 'a2x' (package asciidoc) is required]) 15 - +fi 16 - 17 - ### 18 - # Checks for Lua
-10
pkgs/applications/science/electronics/qucs/tr1-complex.patch
··· 1 - --- qucs-core/configure.orig 2011-07-03 07:34:09.069218113 -0500 2 - +++ qucs-core/configure 2011-07-03 07:34:46.618990497 -0500 3 - @@ -5884,7 +5884,6 @@ 4 - 5 - cat confdefs.h - <<_ACEOF >conftest.$ac_ext 6 - /* end confdefs.h. */ 7 - -#include <tr1/complex> 8 - using namespace std; 9 - using namespace std::tr1; 10 - int
-33
pkgs/applications/science/logic/isabelle/settings.patch
··· 1 - diff -Nuar Isabelle2011/etc/settings Isabelle2011-fix/etc/settings 2 - --- Isabelle2011/etc/settings 2011-01-30 13:02:18.000000000 +0100 3 - +++ Isabelle2011-fix/etc/settings 2011-05-14 22:56:04.000000000 +0200 4 - @@ -17,13 +17,7 @@ 5 - 6 - # Poly/ML 5.x (automated settings) 7 - ML_PLATFORM="$ISABELLE_PLATFORM" 8 - -ML_HOME="$(choosefrom \ 9 - - "$ISABELLE_HOME/contrib/polyml/$ML_PLATFORM" \ 10 - - "$ISABELLE_HOME/../polyml/$ML_PLATFORM" \ 11 - - "/usr/local/polyml/$ML_PLATFORM" \ 12 - - "/usr/share/polyml/$ML_PLATFORM" \ 13 - - "/opt/polyml/$ML_PLATFORM" \ 14 - - "")" 15 - +ML_HOME=@ML_HOME@ 16 - ML_SYSTEM=$("$ISABELLE_HOME/lib/scripts/polyml-version") 17 - ML_OPTIONS="-H 200" 18 - ML_SOURCES="$ML_HOME/../src" 19 - @@ -175,13 +169,7 @@ 20 - ### 21 - 22 - # Proof General home, look in a variety of places 23 - -PROOFGENERAL_HOME="$(choosefrom \ 24 - - "$ISABELLE_HOME/contrib/ProofGeneral" \ 25 - - "$ISABELLE_HOME/../ProofGeneral" \ 26 - - "/usr/local/ProofGeneral" \ 27 - - "/usr/share/ProofGeneral" \ 28 - - "/opt/ProofGeneral" \ 29 - - "")" 30 - +PROOFGENERAL_HOME=@PROOFGENERAL_HOME@ 31 - 32 - PROOFGENERAL_OPTIONS="" 33 - #PROOFGENERAL_OPTIONS="-m no_brackets -m no_type_brackets"
-36
pkgs/desktops/kde-4.14/files/kdelibs-cve-2014-5033.patch
··· 1 - --- a/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp 2 - +++ b/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp 3 - @@ -144,7 +144,7 @@ 4 - 5 - Action::AuthStatus Polkit1Backend::actionStatus(const QString &action) 6 - { 7 - - PolkitQt1::UnixProcessSubject subject(QCoreApplication::applicationPid()); 8 - + PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID())); 9 - PolkitQt1::Authority::Result r = PolkitQt1::Authority::instance()->checkAuthorizationSync(action, subject, 10 - PolkitQt1::Authority::None); 11 - switch (r) { 12 - @@ -160,21 +160,12 @@ 13 - 14 - QByteArray Polkit1Backend::callerID() const 15 - { 16 - - QByteArray a; 17 - - QDataStream s(&a, QIODevice::WriteOnly); 18 - - s << QCoreApplication::applicationPid(); 19 - - 20 - - return a; 21 - + return QDBusConnection::systemBus().baseService().toUtf8(); 22 - } 23 - 24 - bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID) 25 - { 26 - - QDataStream s(&callerID, QIODevice::ReadOnly); 27 - - qint64 pid; 28 - - 29 - - s >> pid; 30 - - 31 - - PolkitQt1::UnixProcessSubject subject(pid); 32 - + PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID)); 33 - PolkitQt1::Authority *authority = PolkitQt1::Authority::instance(); 34 - 35 - PolkitResultEventLoop e; 36 -
-12
pkgs/desktops/kde-4.14/files/polkit-install.patch
··· 1 - diff -ru -x '*~' kdelibs-4.6.90-orig/kdecore/auth/ConfigureChecks.cmake kdelibs-4.6.90/kdecore/auth/ConfigureChecks.cmake 2 - --- kdelibs-4.6.90-orig/kdecore/auth/ConfigureChecks.cmake 2011-05-20 22:24:54.000000000 +0200 3 - +++ kdelibs-4.6.90/kdecore/auth/ConfigureChecks.cmake 2011-07-12 14:03:00.000000000 +0200 4 - @@ -139,7 +139,7 @@ 5 - ${CMAKE_INSTALL_PREFIX} _KDE4_AUTH_POLICY_FILES_INSTALL_DIR 6 - ${POLKITQT-1_POLICY_FILES_INSTALL_DIR}) 7 - 8 - - set(KDE4_AUTH_POLICY_FILES_INSTALL_DIR ${_KDE4_AUTH_POLICY_FILES_INSTALL_DIR} CACHE STRING 9 - + set(KDE4_AUTH_POLICY_FILES_INSTALL_DIR "\${CMAKE_INSTALL_PREFIX}/share/polkit-1/actions" CACHE STRING 10 - "Where policy files generated by KAuth will be installed" FORCE) 11 - elseif(KDE4_AUTH_BACKEND_NAME STREQUAL "FAKE") 12 - set (KAUTH_COMPILING_FAKE_BACKEND TRUE)
-130
pkgs/desktops/plasma-5.5/libkscreen/libkscreen-backend-path.patch
··· 1 - diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt 2 - index 460022f..422a708 100644 3 - --- a/src/CMakeLists.txt 4 - +++ b/src/CMakeLists.txt 5 - @@ -1,5 +1,7 @@ 6 - include_directories(${CMAKE_SOURCE_DIR} ${CMAKE_BINARY_DIR} ${CMAKE_CURRENT_BINARY_DIR} ${QT_INCLUDES}) 7 - 8 - +configure_file(config-libkscreen.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/config-libkscreen.h) 9 - + 10 - set(libkscreen_SRCS 11 - backendloader.cpp 12 - config.cpp 13 - diff --git a/src/backendloader.cpp b/src/backendloader.cpp 14 - index b93e469..8aebc14 100644 15 - --- a/src/backendloader.cpp 16 - +++ b/src/backendloader.cpp 17 - @@ -16,6 +16,7 @@ 18 - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA * 19 - *************************************************************************************/ 20 - 21 - +#include "config-libkscreen.h" 22 - #include "backendloader.h" 23 - #include "debug_p.h" 24 - #include "backends/abstractbackend.h" 25 - @@ -40,55 +41,54 @@ bool BackendLoader::init() 26 - const QString backend = qgetenv("KSCREEN_BACKEND").constData(); 27 - const QString backendFilter = QString::fromLatin1("KSC_%1*").arg(backend); 28 - 29 - - const QStringList paths = QCoreApplication::libraryPaths(); 30 - - Q_FOREACH (const QString &path, paths) { 31 - - const QDir dir(path + QDir::separator() + QLatin1String("/kf5/kscreen/"), 32 - - backendFilter, 33 - - QDir::SortFlags(QDir::QDir::NoSort), 34 - - QDir::NoDotAndDotDot | QDir::Files); 35 - - const QFileInfoList finfos = dir.entryInfoList(); 36 - - Q_FOREACH (const QFileInfo &finfo, finfos) { 37 - - // Skip "Fake" backend unless explicitly specified via KSCREEN_BACKEND 38 - - if (backend.isEmpty() && finfo.fileName().contains(QLatin1String("KSC_Fake"))) { 39 - - continue; 40 - - } 41 - + QString path = QFile::decodeName(CMAKE_INSTALL_PREFIX "/" PLUGIN_INSTALL_DIR "/"); 42 - 43 - - // When on X11, skip the QScreen backend, instead use the XRandR backend, 44 - - // if not specified in KSCREEN_BACKEND 45 - - if (backend.isEmpty() && 46 - - finfo.fileName().contains(QLatin1String("KSC_QScreen")) && 47 - - QX11Info::isPlatformX11()) { 48 - - continue; 49 - - } 50 - + const QDir dir(path + QDir::separator() + QLatin1String("/kf5/kscreen/"), 51 - + backendFilter, 52 - + QDir::SortFlags(QDir::QDir::NoSort), 53 - + QDir::NoDotAndDotDot | QDir::Files); 54 - + const QFileInfoList finfos = dir.entryInfoList(); 55 - + Q_FOREACH (const QFileInfo &finfo, finfos) { 56 - + // Skip "Fake" backend unless explicitly specified via KSCREEN_BACKEND 57 - + if (backend.isEmpty() && finfo.fileName().contains(QLatin1String("KSC_Fake"))) { 58 - + continue; 59 - + } 60 - 61 - - // When not on X11, skip the XRandR backend, and fall back to QSCreen 62 - - // if not specified in KSCREEN_BACKEND 63 - - if (backend.isEmpty() && 64 - - finfo.fileName().contains(QLatin1String("KSC_XRandR")) && 65 - - !QX11Info::isPlatformX11()) { 66 - - continue; 67 - - } 68 - + // When on X11, skip the QScreen backend, instead use the XRandR backend, 69 - + // if not specified in KSCREEN_BACKEND 70 - + if (backend.isEmpty() && 71 - + finfo.fileName().contains(QLatin1String("KSC_QScreen")) && 72 - + QX11Info::isPlatformX11()) { 73 - + continue; 74 - + } 75 - + 76 - + // When not on X11, skip the XRandR backend, and fall back to QSCreen 77 - + // if not specified in KSCREEN_BACKEND 78 - + if (backend.isEmpty() && 79 - + finfo.fileName().contains(QLatin1String("KSC_XRandR")) && 80 - + !QX11Info::isPlatformX11()) { 81 - + continue; 82 - + } 83 - 84 - - QPluginLoader loader(finfo.filePath()); 85 - - loader.load(); 86 - - QObject *instance = loader.instance(); 87 - - if (!instance) { 88 - + QPluginLoader loader(finfo.filePath()); 89 - + loader.load(); 90 - + QObject *instance = loader.instance(); 91 - + if (!instance) { 92 - + loader.unload(); 93 - + continue; 94 - + } 95 - + 96 - + s_backend = qobject_cast< AbstractBackend* >(instance); 97 - + if (s_backend) { 98 - + if (!s_backend->isValid()) { 99 - + qCDebug(KSCREEN) << "Skipping" << s_backend->name() << "backend"; 100 - + delete s_backend; 101 - + s_backend = 0; 102 - loader.unload(); 103 - continue; 104 - } 105 - - 106 - - s_backend = qobject_cast< AbstractBackend* >(instance); 107 - - if (s_backend) { 108 - - if (!s_backend->isValid()) { 109 - - qCDebug(KSCREEN) << "Skipping" << s_backend->name() << "backend"; 110 - - delete s_backend; 111 - - s_backend = 0; 112 - - loader.unload(); 113 - - continue; 114 - - } 115 - - qCDebug(KSCREEN) << "Loading" << s_backend->name() << "backend"; 116 - - return true; 117 - - } 118 - + qCDebug(KSCREEN) << "Loading" << s_backend->name() << "backend"; 119 - + return true; 120 - } 121 - } 122 - 123 - diff --git a/src/config-libkscreen.h.cmake b/src/config-libkscreen.h.cmake 124 - new file mode 100644 125 - index 0000000..a99f3d1 126 - --- /dev/null 127 - +++ b/src/config-libkscreen.h.cmake 128 - @@ -0,0 +1,2 @@ 129 - +#define CMAKE_INSTALL_PREFIX "${CMAKE_INSTALL_PREFIX}" 130 - +#define PLUGIN_INSTALL_DIR "${PLUGIN_INSTALL_DIR}"
-39
pkgs/development/compilers/ecl/libffi-prefix.patch
··· 1 - diff --git a/src/configure.in b/src/configure.in 2 - index 434da49..642c66c 100644 3 - --- ecl-15.3.7.orig/src/configure.ac 4 - +++ ecl-15.3.7/src/configure.ac 5 - @@ -191,6 +191,11 @@ AC_ARG_WITH(dffi, 6 - [(system|included|auto|no, default=AUTO if libffi available)]), 7 - [enable_libffi=${withval}], [enable_libffi=auto]) 8 - 9 - +AC_ARG_WITH(libffi-prefix, 10 - + AS_HELP_STRING( [--with-libffi-prefix=path], 11 - + [prefix for system LIBFFI includes and libraries] ), 12 - + [LIBFFI_INCDIR="$withval/include"; LIBFFI_LIBDIR="$withval/lib"], []) 13 - + 14 - AC_ARG_WITH(fpe, 15 - AS_HELP_STRING( [--with-fpe], 16 - [detect floating point exceptions] 17 - @@ -368,6 +373,22 @@ else 18 - INFOEXT=info 19 - fi 20 - 21 - +dnl libffi 22 - + 23 - +if test "x$LIBFFI_INCDIR" != "x"; then 24 - + LIBFFI_CPPFLAGS="-I$LIBFFI_INCDIR" 25 - +fi 26 - +if test "x$LIBFFI_LIBDIR" != "x"; then 27 - + LIBFFI_LDFLAGS="-L$LIBFFI_LIBDIR" 28 - + if test "$enable_rpath" = "yes"; then 29 - + if (echo "$ECL_LDRPATH" | grep '~A') > /dev/null; then 30 - + LIBFFI_LDFLAGS=`echo $ECL_LDRPATH | sed "s,~A,$LIBFFI_LIBDIR,"`" $LIBFFI_LDFLAGS" 31 - + fi 32 - + fi 33 - +fi 34 - +CPPFLAGS="$CPPFLAGS $LIBFFI_CPPFLAGS" 35 - +LDFLAGS="$LDFLAGS $LIBFFI_LDFLAGS" 36 - + 37 - dnl ====================================================================== 38 - dnl GNU multiprecision library 39 - dnl
-60
pkgs/development/compilers/ghc/osx-dylib-resolver.patch
··· 1 - diff --git a/compiler/ghci/Linker.hs b/compiler/ghci/Linker.hs 2 - --- a/compiler/ghci/Linker.hs 3 - +++ b/compiler/ghci/Linker.hs 4 - @@ -119,9 +119,9 @@ 5 - -- that is really important 6 - pkgs_loaded :: ![PackageKey], 7 - 8 - - -- we need to remember the name of the last temporary DLL/.so 9 - - -- so we can link it 10 - - last_temp_so :: !(Maybe (FilePath, String)) } 11 - + -- we need to remember the name of previous temporary DLL/.so 12 - + -- libraries so we can link them (see #10322) 13 - + temp_sos :: ![(FilePath, String)] } 14 - 15 - 16 - emptyPLS :: DynFlags -> PersistentLinkerState 17 - @@ -131,7 +131,7 @@ 18 - pkgs_loaded = init_pkgs, 19 - bcos_loaded = [], 20 - objs_loaded = [], 21 - - last_temp_so = Nothing } 22 - + temp_sos = [] } 23 - 24 - -- Packages that don't need loading, because the compiler 25 - -- shares them with the interpreted program. 26 - @@ -841,19 +841,19 @@ 27 - dflags2 = dflags1 { 28 - -- We don't want the original ldInputs in 29 - -- (they're already linked in), but we do want 30 - - -- to link against the previous dynLoadObjs 31 - - -- library if there was one, so that the linker 32 - + -- to link against previous dynLoadObjs 33 - + -- libraries if there were any, so that the linker 34 - -- can resolve dependencies when it loads this 35 - -- library. 36 - ldInputs = 37 - - case last_temp_so pls of 38 - - Nothing -> [] 39 - - Just (lp, l) -> 40 - + concatMap 41 - + (\(lp, l) -> 42 - [ Option ("-L" ++ lp) 43 - , Option ("-Wl,-rpath") 44 - , Option ("-Wl," ++ lp) 45 - , Option ("-l" ++ l) 46 - - ], 47 - + ]) 48 - + (temp_sos pls), 49 - -- Even if we're e.g. profiling, we still want 50 - -- the vanilla dynamic libraries, so we set the 51 - -- ways / build tag to be just WayDyn. 52 - @@ -868,7 +868,7 @@ 53 - consIORef (filesToNotIntermediateClean dflags) soFile 54 - m <- loadDLL soFile 55 - case m of 56 - - Nothing -> return pls { last_temp_so = Just (libPath, libName) } 57 - + Nothing -> return pls { temp_sos = (libPath, libName) : temp_sos pls } 58 - Just err -> panic ("Loading temp shared object failed: " ++ err) 59 - 60 - rmDupLinkables :: [Linkable] -- Already loaded
-40
pkgs/development/compilers/hhvm/3918a2ccceb98230ff517601ad60aa6bee36e2c4.patch
··· 1 - From 3918a2ccceb98230ff517601ad60aa6bee36e2c4 Mon Sep 17 00:00:00 2001 2 - From: Alex Malyshev <alexanderm@fb.com> 3 - Date: Tue, 28 Oct 2014 15:55:34 -0700 4 - Subject: [PATCH] Replace use of MAX macro with std::max in ZendPack 5 - 6 - Summary: This has randomly bitten me in open source builds. I intermittently get 7 - an error saying that MAX isn't defined. 8 - 9 - Instead of trying to figure out what's going on, I'm just gonna switch 10 - it to std::max. 11 - 12 - Reviewed By: @paulbiss 13 - 14 - Differential Revision: D1636740 15 - --- 16 - hphp/runtime/base/zend-pack.cpp | 4 +++- 17 - 1 file changed, 3 insertions(+), 1 deletion(-) 18 - 19 - diff --git a/hphp/runtime/base/zend-pack.cpp b/hphp/runtime/base/zend-pack.cpp 20 - index d878ea4..c3ee14d 100644 21 - --- a/hphp/runtime/base/zend-pack.cpp 22 - +++ b/hphp/runtime/base/zend-pack.cpp 23 - @@ -21,6 +21,8 @@ 24 - #include "hphp/runtime/base/builtin-functions.h" 25 - #include "hphp/util/tiny-vector.h" 26 - 27 - +#include <algorithm> 28 - + 29 - namespace HPHP { 30 - 31 - #define INC_OUTPUTPOS(a,b) \ 32 - @@ -294,7 +296,7 @@ Variant ZendPack::pack(const String& fmt, const Array& argv) { 33 - case 'a': 34 - case 'A': 35 - case 'Z': { 36 - - int arg_cp = (code != 'Z') ? arg : MAX(0, arg - 1); 37 - + int arg_cp = (code != 'Z') ? arg : std::max(0, arg - 1); 38 - memset(&output[outputpos], (code != 'A') ? '\0' : ' ', arg); 39 - val = argv[currentarg++].toString(); 40 - s = val.c_str();
-40
pkgs/development/compilers/hhvm/8207a31c26cc42fee79363a14c4a8f4fcbfffe63.patch
··· 1 - From 8207a31c26cc42fee79363a14c4a8f4fcbfffe63 Mon Sep 17 00:00:00 2001 2 - From: Jordan DeLong <jdelong@fb.com> 3 - Date: Mon, 6 Oct 2014 18:30:28 -0700 4 - Subject: [PATCH] Remove some MIN/MAX macro uses in the emitter 5 - 6 - Summary: <algorithm> has preferable type-safe versions that don't double-eval 7 - their args. 8 - 9 - Reviewed By: @paulbiss 10 - 11 - Differential Revision: D1599803 12 - --- 13 - hphp/compiler/analysis/emitter.cpp | 6 +++--- 14 - hphp/util/compatibility.h | 4 ---- 15 - 2 files changed, 3 insertions(+), 7 deletions(-) 16 - 17 - diff --git a/hphp/compiler/analysis/emitter.cpp b/hphp/compiler/analysis/emitter.cpp 18 - index 321e637..b1d3f2d 100644 19 - --- a/hphp/compiler/analysis/emitter.cpp 20 - +++ b/hphp/compiler/analysis/emitter.cpp 21 - @@ -799,8 +799,8 @@ void SymbolicStack::push(char sym) { 22 - if (sym != StackSym::W && sym != StackSym::K && sym != StackSym::L && 23 - sym != StackSym::T && sym != StackSym::I && sym != StackSym::H) { 24 - m_actualStack.push_back(m_symStack.size()); 25 - - *m_actualStackHighWaterPtr = MAX(*m_actualStackHighWaterPtr, 26 - - (int)m_actualStack.size()); 27 - + *m_actualStackHighWaterPtr = std::max(*m_actualStackHighWaterPtr, 28 - + (int)m_actualStack.size()); 29 - } 30 - m_symStack.push_back(SymEntry(sym)); 31 - } 32 - @@ -1010,7 +1010,7 @@ int SymbolicStack::sizeActual() const { 33 - 34 - void SymbolicStack::pushFDesc() { 35 - m_fdescCount += kNumActRecCells; 36 - - *m_fdescHighWaterPtr = MAX(*m_fdescHighWaterPtr, m_fdescCount); 37 - + *m_fdescHighWaterPtr = std::max(*m_fdescHighWaterPtr, m_fdescCount); 38 - } 39 - 40 - void SymbolicStack::popFDesc() {
-24
pkgs/development/compilers/julia/0001-work-around-buggy-wcwidth.patch
··· 1 - From b9070aeab0ab672ffe321089631f9afe263b0caa Mon Sep 17 00:00:00 2001 2 - From: Thomas Tuegel <ttuegel@gmail.com> 3 - Date: Thu, 4 Jun 2015 12:03:32 -0500 4 - Subject: [PATCH] work around buggy wcwidth 5 - 6 - --- 7 - test/unicode.jl | 3 ++- 8 - 1 file changed, 2 insertions(+), 1 deletion(-) 9 - 10 - diff --git a/test/unicode.jl b/test/unicode.jl 11 - index 52c3e6a..f1ef698 100644 12 - --- a/test/unicode.jl 13 - +++ b/test/unicode.jl 14 - @@ -103,5 +103,6 @@ end 15 - 16 - # handling of embedded NUL chars (#10958) 17 - @test length("\0w") == length("\0α") == 2 18 - -@test strwidth("\0w") == strwidth("\0α") == 1 19 - +@test strwidth("\0w") == charwidth('\0') + charwidth('w') 20 - +@test strwidth("\0α") == charwidth('\0') + charwidth('α') 21 - @test normalize_string("\0W", casefold=true) == "\0w" 22 - -- 23 - 2.4.1 24 -
-12
pkgs/development/compilers/openjdk/linux-4.0.patch
··· 1 - diff -Naur openjdk-7u65-b32/hotspot/make/linux/Makefile openjdk-7u65-b32-patch/hotspot/make/linux/Makefile 2 - --- openjdk-7u65-b32/hotspot/make/linux/Makefile 2014-07-17 03:08:38.000000000 -0700 3 - +++ openjdk-7u65-b32-patch/hotspot/make/linux/Makefile 2015-04-21 05:33:12.170190385 -0700 4 - @@ -231,7 +231,7 @@ 5 - # Solaris 2.5.1, 2.6). 6 - # Disable this check by setting DISABLE_HOTSPOT_OS_VERSION_CHECK=ok. 7 - 8 - -SUPPORTED_OS_VERSION = 2.4% 2.5% 2.6% 3% 9 - +SUPPORTED_OS_VERSION = 2.4% 2.5% 2.6% 3% 4% 10 - OS_VERSION := $(shell uname -r) 11 - EMPTY_IF_NOT_SUPPORTED = $(filter $(SUPPORTED_OS_VERSION),$(OS_VERSION)) 12 -
-16
pkgs/development/coq-modules/ssreflect/threads.patch
··· 1 - --- a/Make 2015-04-20 13:37:06.000000000 +0200 2 - +++ b/Make 2015-04-25 11:32:53.885194600 +0200 3 - @@ -1,9 +1,9 @@ 4 - ### Uncomment for static linking 5 - ## 6 - -#-custom "$(COQBIN)coqmktop -coqlib `$(COQBIN)coqtop -where` -opt -o bin/ssrcoq src/ssrmatching.cmx src/ssreflect.cmx" "src/ssrmatching.cmx src/ssreflect.cmx" bin/ssrcoq 7 - -#-custom "$(COQBIN)coqmktop -coqlib `$(COQBIN)coqtop -where` -o bin/ssrcoq.byte src/ssrmatching.cmo src/ssreflect.cmo" "src/ssrmatching.cmo src/ssreflect.cmo" bin/ssrcoq.byte 8 - -#-custom "$(SSRCOQ) $(COQFLAGS) -compile $*" "%.v $(SSRCOQ)" "%.vo" 9 - -#SSRCOQ = bin/ssrcoq 10 - +-custom "$(COQBIN)coqmktop -coqlib `$(COQBIN)coqtop -where` -opt -o bin/ssrcoq -I +threads src/ssrmatching.cmx src/ssreflect.cmx" "src/ssrmatching.cmx src/ssreflect.cmx" bin/ssrcoq 11 - +-custom "$(COQBIN)coqmktop -coqlib `$(COQBIN)coqtop -where` -o bin/ssrcoq.byte -I +threads src/ssrmatching.cmo src/ssreflect.cmo" "src/ssrmatching.cmo src/ssreflect.cmo" bin/ssrcoq.byte 12 - +-custom "$(SSRCOQ) $(COQFLAGS) -compile $*" "%.v $(SSRCOQ)" "%.vo" 13 - +SSRCOQ = bin/ssrcoq 14 - ## 15 - 16 - ## What follows should be left untouched by the final user of ssreflect
-21
pkgs/development/haskell-modules/patches/regex-tdfa-text.patch
··· 1 - --- regex-tdfa-text-1.0.0.2/Text/Regex/TDFA/Text/Lazy.orig.hs 2015-08-05 20:30:01.228983428 +0100 2 - +++ regex-tdfa-text-1.0.0.2/Text/Regex/TDFA/Text/Lazy.hs 2015-08-05 20:39:25.682563005 +0100 3 - @@ -26,7 +26,7 @@ 4 - import Data.Array.IArray((!),elems,amap) 5 - import qualified Data.Text.Lazy as L(Text,empty,take,drop,uncons,unpack) 6 - 7 - -import Text.Regex.Base(MatchArray,RegexContext(..),Extract(..),RegexMaker(..),RegexLike(..)) 8 - +import Text.Regex.Base(MatchText,MatchArray,RegexContext(..),Extract(..),RegexMaker(..),RegexLike(..)) 9 - import Text.Regex.Base.Impl(polymatch,polymatchM) 10 - import Text.Regex.TDFA.ReadRegex(parseRegex) 11 - import Text.Regex.TDFA.String() -- piggyback on RegexMaker for String 12 - @@ -74,7 +74,8 @@ 13 - ,after (o+l) source)) 14 - (matchOnce regex source) 15 - matchAllText regex source = 16 - - let go i _ _ | i `seq` False = undefined 17 - + let go :: Int -> L.Text -> [MatchArray] -> [MatchText L.Text] 18 - + go i _ _ | i `seq` False = undefined 19 - go _i _t [] = [] 20 - go i t (x:xs) = 21 - let (off0,len0) = x!0
-498
pkgs/development/libraries/aterm/aterm-mingw-asm.patch
··· 1 - diff -rc aterm-2.8/aterm/gc.c aterm-2.8-new/aterm/gc.c 2 - *** aterm-2.8/aterm/gc.c 2008-11-10 13:54:22.000000000 +0100 3 - --- aterm-2.8-new/aterm/gc.c 2010-08-23 17:04:56.000000000 +0200 4 - *************** 5 - *** 260,317 **** 6 - AFun oddSym; 7 - #endif 8 - 9 - - #ifdef WIN32 10 - - 11 - - unsigned int r_eax, r_ebx, r_ecx, r_edx, \ 12 - - r_esi, r_edi, r_esp, r_ebp; 13 - - ATerm reg[8], real_term; 14 - - 15 - - __asm { 16 - - /* Get the registers into local variables to check them 17 - - for aterms later. */ 18 - - mov r_eax, eax 19 - - mov r_ebx, ebx 20 - - mov r_ecx, ecx 21 - - mov r_edx, edx 22 - - mov r_esi, esi 23 - - mov r_edi, edi 24 - - mov r_esp, esp 25 - - mov r_ebp, ebp 26 - - } 27 - - /* Put the register-values into an array */ 28 - - reg[0] = (ATerm) r_eax; 29 - - reg[1] = (ATerm) r_ebx; 30 - - reg[2] = (ATerm) r_ecx; 31 - - reg[3] = (ATerm) r_edx; 32 - - reg[4] = (ATerm) r_esi; 33 - - reg[5] = (ATerm) r_edi; 34 - - reg[6] = (ATerm) r_esp; 35 - - reg[7] = (ATerm) r_ebp; 36 - - 37 - - for(i=0; i<8; i++) { 38 - - real_term = AT_isInsideValidTerm(reg[i]); 39 - - if (real_term != NULL) { 40 - - AT_markTerm(real_term); 41 - - } 42 - - if (AT_isValidSymbol((Symbol)reg[i])) { 43 - - AT_markSymbol((Symbol)reg[i]); 44 - - } 45 - - } 46 - - 47 - - /* The register variables are on the stack aswell 48 - - I set them to zero so they won't be processed again when 49 - - the stack is traversed. The reg-array is also in the stack 50 - - but that will be adjusted later */ 51 - - r_eax = 0; 52 - - r_ebx = 0; 53 - - r_ecx = 0; 54 - - r_edx = 0; 55 - - r_esi = 0; 56 - - r_edi = 0; 57 - - r_esp = 0; 58 - - r_ebp = 0; 59 - - 60 - - #else 61 - jmp_buf env; 62 - 63 - /* Traverse possible register variables */ 64 - --- 260,265 ---- 65 - *************** 66 - *** 320,326 **** 67 - start = (ATerm *)((char *)env); 68 - stop = ((ATerm *)(((char *)env) + sizeof(jmp_buf))); 69 - mark_memory(start, stop); 70 - - #endif 71 - 72 - stackTop = stack_top(); 73 - 74 - --- 268,273 ---- 75 - *************** 76 - *** 385,442 **** 77 - AFun oddSym; 78 - #endif 79 - 80 - - #ifdef WIN32 81 - - 82 - - unsigned int r_eax, r_ebx, r_ecx, r_edx, \ 83 - - r_esi, r_edi, r_esp, r_ebp; 84 - - ATerm reg[8], real_term; 85 - - 86 - - __asm { 87 - - /* Get the registers into local variables to check them 88 - - for aterms later. */ 89 - - mov r_eax, eax 90 - - mov r_ebx, ebx 91 - - mov r_ecx, ecx 92 - - mov r_edx, edx 93 - - mov r_esi, esi 94 - - mov r_edi, edi 95 - - mov r_esp, esp 96 - - mov r_ebp, ebp 97 - - } 98 - - /* Put the register-values into an array */ 99 - - reg[0] = (ATerm) r_eax; 100 - - reg[1] = (ATerm) r_ebx; 101 - - reg[2] = (ATerm) r_ecx; 102 - - reg[3] = (ATerm) r_edx; 103 - - reg[4] = (ATerm) r_esi; 104 - - reg[5] = (ATerm) r_edi; 105 - - reg[6] = (ATerm) r_esp; 106 - - reg[7] = (ATerm) r_ebp; 107 - - 108 - - for(i=0; i<8; i++) { 109 - - real_term = AT_isInsideValidTerm(reg[i]); 110 - - if (real_term != NULL) { 111 - - AT_markTerm_young(real_term); 112 - - } 113 - - if (AT_isValidSymbol((Symbol)reg[i])) { 114 - - AT_markSymbol_young((Symbol)reg[i]); 115 - - } 116 - - } 117 - - 118 - - /* The register variables are on the stack aswell 119 - - I set them to zero so they won't be processed again when 120 - - the stack is traversed. The reg-array is also in the stack 121 - - but that will be adjusted later */ 122 - - r_eax = 0; 123 - - r_ebx = 0; 124 - - r_ecx = 0; 125 - - r_edx = 0; 126 - - r_esi = 0; 127 - - r_edi = 0; 128 - - r_esp = 0; 129 - - r_ebp = 0; 130 - - 131 - - #else 132 - jmp_buf env; 133 - 134 - /* Traverse possible register variables */ 135 - --- 332,337 ---- 136 - *************** 137 - *** 445,451 **** 138 - start = (ATerm *)((char *)env); 139 - stop = ((ATerm *)(((char *)env) + sizeof(jmp_buf))); 140 - mark_memory_young(start, stop); 141 - - #endif 142 - 143 - stackTop = stack_top(); 144 - start = MIN(stackTop, stackBot); 145 - --- 340,345 ---- 146 - Only in aterm-2.8-new/aterm: gc.c.orig 147 - diff -rc aterm-2.8/configure aterm-2.8-new/configure 148 - *** aterm-2.8/configure 2008-11-10 13:54:27.000000000 +0100 149 - --- aterm-2.8-new/configure 2010-08-23 17:08:10.000000000 +0200 150 - *************** 151 - *** 19970,20295 **** 152 - CURDATE=`date` 153 - 154 - 155 - - echo "$as_me:$LINENO: checking whether byte ordering is bigendian" >&5 156 - - echo $ECHO_N "checking whether byte ordering is bigendian... $ECHO_C" >&6 157 - - if test "${ac_cv_c_bigendian+set}" = set; then 158 - - echo $ECHO_N "(cached) $ECHO_C" >&6 159 - - else 160 - - # See if sys/param.h defines the BYTE_ORDER macro. 161 - - cat >conftest.$ac_ext <<_ACEOF 162 - - /* confdefs.h. */ 163 - - _ACEOF 164 - - cat confdefs.h >>conftest.$ac_ext 165 - - cat >>conftest.$ac_ext <<_ACEOF 166 - - /* end confdefs.h. */ 167 - - #include <sys/types.h> 168 - - #include <sys/param.h> 169 - - 170 - - int 171 - - main () 172 - - { 173 - - #if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN 174 - - bogus endian macros 175 - - #endif 176 - - 177 - - ; 178 - - return 0; 179 - - } 180 - - _ACEOF 181 - - rm -f conftest.$ac_objext 182 - - if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 183 - - (eval $ac_compile) 2>conftest.er1 184 - - ac_status=$? 185 - - grep -v '^ *+' conftest.er1 >conftest.err 186 - - rm -f conftest.er1 187 - - cat conftest.err >&5 188 - - echo "$as_me:$LINENO: \$? = $ac_status" >&5 189 - - (exit $ac_status); } && 190 - - { ac_try='test -z "$ac_c_werror_flag" 191 - - || test ! -s conftest.err' 192 - - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 193 - - (eval $ac_try) 2>&5 194 - - ac_status=$? 195 - - echo "$as_me:$LINENO: \$? = $ac_status" >&5 196 - - (exit $ac_status); }; } && 197 - - { ac_try='test -s conftest.$ac_objext' 198 - - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 199 - - (eval $ac_try) 2>&5 200 - - ac_status=$? 201 - - echo "$as_me:$LINENO: \$? = $ac_status" >&5 202 - - (exit $ac_status); }; }; then 203 - - # It does; now see whether it defined to BIG_ENDIAN or not. 204 - - cat >conftest.$ac_ext <<_ACEOF 205 - - /* confdefs.h. */ 206 - - _ACEOF 207 - - cat confdefs.h >>conftest.$ac_ext 208 - - cat >>conftest.$ac_ext <<_ACEOF 209 - - /* end confdefs.h. */ 210 - - #include <sys/types.h> 211 - - #include <sys/param.h> 212 - - 213 - - int 214 - - main () 215 - - { 216 - - #if BYTE_ORDER != BIG_ENDIAN 217 - - not big endian 218 - - #endif 219 - - 220 - - ; 221 - - return 0; 222 - - } 223 - - _ACEOF 224 - - rm -f conftest.$ac_objext 225 - - if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 226 - - (eval $ac_compile) 2>conftest.er1 227 - - ac_status=$? 228 - - grep -v '^ *+' conftest.er1 >conftest.err 229 - - rm -f conftest.er1 230 - - cat conftest.err >&5 231 - - echo "$as_me:$LINENO: \$? = $ac_status" >&5 232 - - (exit $ac_status); } && 233 - - { ac_try='test -z "$ac_c_werror_flag" 234 - - || test ! -s conftest.err' 235 - - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 236 - - (eval $ac_try) 2>&5 237 - - ac_status=$? 238 - - echo "$as_me:$LINENO: \$? = $ac_status" >&5 239 - - (exit $ac_status); }; } && 240 - - { ac_try='test -s conftest.$ac_objext' 241 - - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 242 - - (eval $ac_try) 2>&5 243 - - ac_status=$? 244 - - echo "$as_me:$LINENO: \$? = $ac_status" >&5 245 - - (exit $ac_status); }; }; then 246 - - ac_cv_c_bigendian=yes 247 - - else 248 - - echo "$as_me: failed program was:" >&5 249 - - sed 's/^/| /' conftest.$ac_ext >&5 250 - - 251 - - ac_cv_c_bigendian=no 252 - - fi 253 - - rm -f conftest.err conftest.$ac_objext conftest.$ac_ext 254 - - else 255 - - echo "$as_me: failed program was:" >&5 256 - - sed 's/^/| /' conftest.$ac_ext >&5 257 - - 258 - - # It does not; compile a test program. 259 - - if test "$cross_compiling" = yes; then 260 - - # try to guess the endianness by grepping values into an object file 261 - - ac_cv_c_bigendian=unknown 262 - - cat >conftest.$ac_ext <<_ACEOF 263 - - /* confdefs.h. */ 264 - - _ACEOF 265 - - cat confdefs.h >>conftest.$ac_ext 266 - - cat >>conftest.$ac_ext <<_ACEOF 267 - - /* end confdefs.h. */ 268 - - short ascii_mm[] = { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 }; 269 - - short ascii_ii[] = { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 }; 270 - - void _ascii () { char *s = (char *) ascii_mm; s = (char *) ascii_ii; } 271 - - short ebcdic_ii[] = { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 }; 272 - - short ebcdic_mm[] = { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 }; 273 - - void _ebcdic () { char *s = (char *) ebcdic_mm; s = (char *) ebcdic_ii; } 274 - - int 275 - - main () 276 - - { 277 - - _ascii (); _ebcdic (); 278 - - ; 279 - - return 0; 280 - - } 281 - - _ACEOF 282 - - rm -f conftest.$ac_objext 283 - - if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 284 - - (eval $ac_compile) 2>conftest.er1 285 - - ac_status=$? 286 - - grep -v '^ *+' conftest.er1 >conftest.err 287 - - rm -f conftest.er1 288 - - cat conftest.err >&5 289 - - echo "$as_me:$LINENO: \$? = $ac_status" >&5 290 - - (exit $ac_status); } && 291 - - { ac_try='test -z "$ac_c_werror_flag" 292 - - || test ! -s conftest.err' 293 - - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 294 - - (eval $ac_try) 2>&5 295 - - ac_status=$? 296 - - echo "$as_me:$LINENO: \$? = $ac_status" >&5 297 - - (exit $ac_status); }; } && 298 - - { ac_try='test -s conftest.$ac_objext' 299 - - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 300 - - (eval $ac_try) 2>&5 301 - - ac_status=$? 302 - - echo "$as_me:$LINENO: \$? = $ac_status" >&5 303 - - (exit $ac_status); }; }; then 304 - - if grep BIGenDianSyS conftest.$ac_objext >/dev/null ; then 305 - - ac_cv_c_bigendian=yes 306 - - fi 307 - - if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then 308 - - if test "$ac_cv_c_bigendian" = unknown; then 309 - - ac_cv_c_bigendian=no 310 - - else 311 - - # finding both strings is unlikely to happen, but who knows? 312 - - ac_cv_c_bigendian=unknown 313 - - fi 314 - - fi 315 - - else 316 - - echo "$as_me: failed program was:" >&5 317 - - sed 's/^/| /' conftest.$ac_ext >&5 318 - - 319 - - fi 320 - - rm -f conftest.err conftest.$ac_objext conftest.$ac_ext 321 - - else 322 - - cat >conftest.$ac_ext <<_ACEOF 323 - - /* confdefs.h. */ 324 - - _ACEOF 325 - - cat confdefs.h >>conftest.$ac_ext 326 - - cat >>conftest.$ac_ext <<_ACEOF 327 - - /* end confdefs.h. */ 328 - - int 329 - - main () 330 - - { 331 - - /* Are we little or big endian? From Harbison&Steele. */ 332 - - union 333 - - { 334 - - long l; 335 - - char c[sizeof (long)]; 336 - - } u; 337 - - u.l = 1; 338 - - exit (u.c[sizeof (long) - 1] == 1); 339 - - } 340 - - _ACEOF 341 - - rm -f conftest$ac_exeext 342 - - if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 343 - - (eval $ac_link) 2>&5 344 - - ac_status=$? 345 - - echo "$as_me:$LINENO: \$? = $ac_status" >&5 346 - - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' 347 - - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 348 - - (eval $ac_try) 2>&5 349 - - ac_status=$? 350 - - echo "$as_me:$LINENO: \$? = $ac_status" >&5 351 - - (exit $ac_status); }; }; then 352 - - ac_cv_c_bigendian=no 353 - - else 354 - - echo "$as_me: program exited with status $ac_status" >&5 355 - - echo "$as_me: failed program was:" >&5 356 - - sed 's/^/| /' conftest.$ac_ext >&5 357 - - 358 - - ( exit $ac_status ) 359 - - ac_cv_c_bigendian=yes 360 - - fi 361 - - rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext 362 - - fi 363 - - fi 364 - - rm -f conftest.err conftest.$ac_objext conftest.$ac_ext 365 - - fi 366 - - echo "$as_me:$LINENO: result: $ac_cv_c_bigendian" >&5 367 - - echo "${ECHO_T}$ac_cv_c_bigendian" >&6 368 - - case $ac_cv_c_bigendian in 369 - - yes) 370 - - 371 - - cat >>confdefs.h <<\_ACEOF 372 - - #define WORDS_BIGENDIAN 1 373 - - _ACEOF 374 - - ;; 375 - - no) 376 - - ;; 377 - - *) 378 - - { { echo "$as_me:$LINENO: error: unknown endianness 379 - - presetting ac_cv_c_bigendian=no (or yes) will help" >&5 380 - - echo "$as_me: error: unknown endianness 381 - - presetting ac_cv_c_bigendian=no (or yes) will help" >&2;} 382 - - { (exit 1); exit 1; }; } ;; 383 - - esac 384 - - 385 - - 386 - - echo "$as_me:$LINENO: checking whether float word ordering is big endian" >&5 387 - - echo $ECHO_N "checking whether float word ordering is big endian... $ECHO_C" >&6 388 - - if test "${ax_cv_c_float_word_order_big+set}" = set; then 389 - - echo $ECHO_N "(cached) $ECHO_C" >&6 390 - - else 391 - - 392 - - if test "$cross_compiling" = yes; then 393 - - { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling 394 - - See \`config.log' for more details." >&5 395 - - echo "$as_me: error: cannot run test program while cross compiling 396 - - See \`config.log' for more details." >&2;} 397 - - { (exit 1); exit 1; }; } 398 - - else 399 - - cat >conftest.$ac_ext <<_ACEOF 400 - - 401 - - /* This code returns 0 if the float word order is big endian and >= 1 if it is little endian. */ 402 - - main(){ 403 - - #ifdef WORDS_BIGENDIAN 404 - - return 0; /* If the system's encoding is big endian, so is the float word order. NOTE: If the encoding is big endian and WORDS_BIGENDIAN isn't defined, the code below will still return the correct float word order (big). */ 405 - - #else 406 - - union 407 - - { 408 - - double d; 409 - - /* IEEE754 little endian encoded floating point number structure with little endian float word order. */ 410 - - struct{ 411 - - unsigned int mantissa1:32; 412 - - unsigned int mantissa0:20; 413 - - unsigned int exponent:11; 414 - - unsigned int negative:1; 415 - - } ieee; 416 - - } u; 417 - - u.d = -1; 418 - - return (u.ieee.negative == 1); 419 - - #endif 420 - - } 421 - - 422 - - _ACEOF 423 - - rm -f conftest$ac_exeext 424 - - if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 425 - - (eval $ac_link) 2>&5 426 - - ac_status=$? 427 - - echo "$as_me:$LINENO: \$? = $ac_status" >&5 428 - - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' 429 - - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 430 - - (eval $ac_try) 2>&5 431 - - ac_status=$? 432 - - echo "$as_me:$LINENO: \$? = $ac_status" >&5 433 - - (exit $ac_status); }; }; then 434 - - ax_cv_c_float_word_order_big=yes 435 - - else 436 - - echo "$as_me: program exited with status $ac_status" >&5 437 - - echo "$as_me: failed program was:" >&5 438 - - sed 's/^/| /' conftest.$ac_ext >&5 439 - - 440 - - ( exit $ac_status ) 441 - - ax_cv_c_float_word_order_big=no 442 - - fi 443 - - rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext 444 - - fi 445 - - 446 - - 447 - - fi 448 - - echo "$as_me:$LINENO: result: $ax_cv_c_float_word_order_big" >&5 449 - - echo "${ECHO_T}$ax_cv_c_float_word_order_big" >&6 450 - - 451 - - case $ax_cv_c_float_word_order_big in 452 - - yes) 453 - - 454 - - 455 - - cat >>confdefs.h <<\_ACEOF 456 - - #define FLOAT_WORD_ORDER_BIG 1 457 - - _ACEOF 458 - - 459 - - 460 - - ;; 461 - - no) 462 - - ;; 463 - - *) 464 - - 465 - - { { echo "$as_me:$LINENO: error: Unable to determain float word ordering. You need to manually preset ax_cv_c_float_word_order_big=(yes / no). 466 - - " >&5 467 - - echo "$as_me: error: Unable to determain float word ordering. You need to manually preset ax_cv_c_float_word_order_big=(yes / no). 468 - - " >&2;} 469 - - { (exit 1); exit 1; }; } 470 - - 471 - - ;; 472 - - esac 473 - - 474 - - 475 - 476 - 477 - for ac_func in strdup 478 - --- 19970,19975 ---- 479 - diff -rc aterm-2.8/Makefile.in aterm-2.8-new/Makefile.in 480 - *** aterm-2.8/Makefile.in 2008-11-10 13:54:28.000000000 +0100 481 - --- aterm-2.8-new/Makefile.in 2010-08-23 17:05:27.000000000 +0200 482 - *************** 483 - *** 217,223 **** 484 - 485 - pkgconfig_DATA = ${PACKAGE}.pc 486 - 487 - ! SUBDIRS = aterm utils test 488 - 489 - ACLOCAL_AMFLAGS = -I . 490 - subdir = . 491 - --- 217,223 ---- 492 - 493 - pkgconfig_DATA = ${PACKAGE}.pc 494 - 495 - ! SUBDIRS = aterm utils 496 - 497 - ACLOCAL_AMFLAGS = -I . 498 - subdir = .
-90
pkgs/development/libraries/boost/boost-155-clang.patch
··· 1 - diff --git a/boost/atomic/detail/cas128strong.hpp b/boost/atomic/detail/cas128strong.hpp 2 - index 906c13e..dcb4d7d 100644 3 - --- a/boost/atomic/detail/cas128strong.hpp 4 - +++ b/boost/atomic/detail/cas128strong.hpp 5 - @@ -196,15 +196,17 @@ class base_atomic<T, void, 16, Sign> 6 - 7 - public: 8 - BOOST_DEFAULTED_FUNCTION(base_atomic(void), {}) 9 - - explicit base_atomic(value_type const& v) BOOST_NOEXCEPT : v_(0) 10 - + explicit base_atomic(value_type const& v) BOOST_NOEXCEPT 11 - { 12 - + memset(&v_, 0, sizeof(v_)); 13 - memcpy(&v_, &v, sizeof(value_type)); 14 - } 15 - 16 - void 17 - store(value_type const& value, memory_order order = memory_order_seq_cst) volatile BOOST_NOEXCEPT 18 - { 19 - - storage_type value_s = 0; 20 - + storage_type value_s; 21 - + memset(&value_s, 0, sizeof(value_s)); 22 - memcpy(&value_s, &value, sizeof(value_type)); 23 - platform_fence_before_store(order); 24 - platform_store128(value_s, &v_); 25 - @@ -247,7 +249,9 @@ class base_atomic<T, void, 16, Sign> 26 - memory_order success_order, 27 - memory_order failure_order) volatile BOOST_NOEXCEPT 28 - { 29 - - storage_type expected_s = 0, desired_s = 0; 30 - + storage_type expected_s, desired_s; 31 - + memset(&expected_s, 0, sizeof(expected_s)); 32 - + memset(&desired_s, 0, sizeof(desired_s)); 33 - memcpy(&expected_s, &expected, sizeof(value_type)); 34 - memcpy(&desired_s, &desired, sizeof(value_type)); 35 - 36 - diff --git a/boost/atomic/detail/gcc-atomic.hpp b/boost/atomic/detail/gcc-atomic.hpp 37 - index a130590..4af99a1 100644 38 - --- a/boost/atomic/detail/gcc-atomic.hpp 39 - +++ b/boost/atomic/detail/gcc-atomic.hpp 40 - @@ -958,14 +958,16 @@ class base_atomic<T, void, 16, Sign> 41 - 42 - public: 43 - BOOST_DEFAULTED_FUNCTION(base_atomic(void), {}) 44 - - explicit base_atomic(value_type const& v) BOOST_NOEXCEPT : v_(0) 45 - + explicit base_atomic(value_type const& v) BOOST_NOEXCEPT 46 - { 47 - + memset(&v_, 0, sizeof(v_)); 48 - memcpy(&v_, &v, sizeof(value_type)); 49 - } 50 - 51 - void store(value_type const& v, memory_order order = memory_order_seq_cst) volatile BOOST_NOEXCEPT 52 - { 53 - - storage_type tmp = 0; 54 - + storage_type tmp; 55 - + memset(&tmp, 0, sizeof(tmp)); 56 - memcpy(&tmp, &v, sizeof(value_type)); 57 - __atomic_store_n(&v_, tmp, atomics::detail::convert_memory_order_to_gcc(order)); 58 - } 59 - @@ -980,7 +982,8 @@ class base_atomic<T, void, 16, Sign> 60 - 61 - value_type exchange(value_type const& v, memory_order order = memory_order_seq_cst) volatile BOOST_NOEXCEPT 62 - { 63 - - storage_type tmp = 0; 64 - + storage_type tmp; 65 - + memset(&tmp, 0, sizeof(tmp)); 66 - memcpy(&tmp, &v, sizeof(value_type)); 67 - tmp = __atomic_exchange_n(&v_, tmp, atomics::detail::convert_memory_order_to_gcc(order)); 68 - value_type res; 69 - @@ -994,7 +997,9 @@ class base_atomic<T, void, 16, Sign> 70 - memory_order success_order, 71 - memory_order failure_order) volatile BOOST_NOEXCEPT 72 - { 73 - - storage_type expected_s = 0, desired_s = 0; 74 - + storage_type expected_s, desired_s; 75 - + memset(&expected_s, 0, sizeof(expected_s)); 76 - + memset(&desired_s, 0, sizeof(desired_s)); 77 - memcpy(&expected_s, &expected, sizeof(value_type)); 78 - memcpy(&desired_s, &desired, sizeof(value_type)); 79 - const bool success = __atomic_compare_exchange_n(&v_, &expected_s, desired_s, false, 80 - @@ -1010,7 +1015,9 @@ class base_atomic<T, void, 16, Sign> 81 - memory_order success_order, 82 - memory_order failure_order) volatile BOOST_NOEXCEPT 83 - { 84 - - storage_type expected_s = 0, desired_s = 0; 85 - + storage_type expected_s, desired_s; 86 - + memset(&expected_s, 0, sizeof(expected_s)); 87 - + memset(&desired_s, 0, sizeof(desired_s)); 88 - memcpy(&expected_s, &expected, sizeof(value_type)); 89 - memcpy(&desired_s, &desired, sizeof(value_type)); 90 - const bool success = __atomic_compare_exchange_n(&v_, &expected_s, desired_s, true,
-20
pkgs/development/libraries/libedit/freebsd_weak_ref.patch
··· 1 - --- libedit-20110709-3.0/src/vi.c.old 2011-07-11 18:21:16.000000000 +0000 2 - +++ libedit-20110709-3.0/src/vi.c 2011-07-11 18:24:29.000000000 +0000 3 - @@ -918,7 +918,7 @@ 4 - * NB: posix implies that we should enter insert mode, however 5 - * this is against historical precedent... 6 - */ 7 - -#ifdef __weak_reference 8 - +#if defined(__weak_reference) && defined(__NetBSD__) 9 - __weakref_visible char *my_get_alias_text(const char *) 10 - __weak_reference(get_alias_text); 11 - #endif 12 - @@ -926,7 +926,7 @@ 13 - /*ARGSUSED*/ 14 - vi_alias(EditLine *el, Int c) 15 - { 16 - -#ifdef __weak_reference 17 - +#if defined(__weak_reference) && defined(__NetBSD__) 18 - char alias_name[3]; 19 - char *alias_text; 20 -
-9
pkgs/development/r-modules/patches/BayesBridge_cblas.patch
··· 1 - diff -ru -x '*~' BayesBridge_orig/src/Makevars BayesBridge/src/Makevars 2 - --- BayesBridge_orig/src/Makevars 2014-07-19 05:08:55.000000000 +0900 3 - +++ BayesBridge/src/Makevars 2014-10-25 14:44:23.422592445 +0900 4 - @@ -9,4 +9,4 @@ 5 - # PKG_CPPFLAGS = -DUSE_R -DDISABLE_FIO -I../inst/include/ -DDISABLE_SINGLE -DNTHROW 6 - PKG_CPPFLAGS = -DUSE_R -DDISABLE_FIO -DDISABLE_SINGLE -DNTHROW 7 - # PKG_CPPFLAGS = -DUSE_R -DDISABLE_SINGLE -DNTHROW -Wall -pedantic -Wshadow -ansi -Wsequence-point 8 - -PKG_LIBS = $(BLAS_LIBS) $(FLIBS) $(LAPACK_LIBS) 9 - +PKG_LIBS = $(BLAS_LIBS) $(FLIBS) $(LAPACK_LIBS) -lcblas
-12
pkgs/development/r-modules/patches/BayesLogit_cblas.patch
··· 1 - diff -ru -x '*~' BayesLogit_orig/src/Makevars BayesLogit/src/Makevars 2 - --- BayesLogit_orig/src/Makevars 2014-04-24 23:31:13.000000000 +0900 3 - +++ BayesLogit/src/Makevars 2014-10-21 21:00:15.570699136 +0900 4 - @@ -6,7 +6,7 @@ 5 - ## W/OUT Dynamic Stuff 6 - OBJECTS = Matrix.o MatrixFrame.o RRNG.o RNG.o FSF_nmix.o LogitWrapper.o \ 7 - PolyaGamma.o PolyaGammaAlt.o PolyaGammaSP.o InvertY.o 8 - -PKG_LIBS = $(BLAS_LIBS) $(FLIBS) $(LAPACK_LIBS) 9 - +PKG_LIBS = $(BLAS_LIBS) $(FLIBS) $(LAPACK_LIBS) -lopenblas 10 - # PKG_CPPFLAGS = -DUSE_R -DNDEBUG -DDISABLE_SINGLE -DNTHROW -Wall -pedantic -Wextra 11 - PKG_CPPFLAGS = -DUSE_R -DNDEBUG -DDISABLE_SINGLE -DNTHROW 12 -
-12
pkgs/development/r-modules/patches/CARramps.patch
··· 1 - diff -ru -x '*~' CARramps_orig/src/combo1colForR1Q_d.cu CARramps/src/combo1colForR1Q_d.cu 2 - --- CARramps_orig/src/combo1colForR1Q_d.cu 2011-12-01 22:27:06.000000000 +0900 3 - +++ CARramps/src/combo1colForR1Q_d.cu 2014-10-25 14:59:06.869299163 +0900 4 - @@ -4,7 +4,7 @@ 5 - #include <cuda.h> 6 - #include <R.h> 7 - #include <Rmath.h> 8 - -#include <combo1colForR1Q_d.h> 9 - +#include "combo1colForR1Q_d.h" 10 - 11 - #define BLOCKSIZE 256 12 -
-19
pkgs/development/r-modules/patches/WideLM.patch
··· 1 - diff -ru -x '*~' WideLM_orig/src/Makefile.in WideLM/src/Makefile.in 2 - --- WideLM_orig/src/Makefile.in 2012-02-17 04:28:05.000000000 +0900 3 - +++ WideLM/src/Makefile.in 2014-10-25 18:54:49.110011921 +0900 4 - @@ -12,12 +12,12 @@ 5 - #compiler/preprocessor options 6 - R_INCS := @R_INCL@ @RCPP_INCL@ 7 - CC_ARGS := @CU_PARAMS@ -Xcompiler @R_CPIC@ 8 - -CU_INCS := -I@CUDA_HOME@/include 9 - +CU_INCS := -I@CUDA_HOME@/include 10 - CU_ARCH := -gencode arch=compute_20,code=sm_20 11 - 12 - #linker options 13 - -LD_PARAMS := -Xlinker "@RCPP_LDFLAGS@" 14 - -RCU_LIBS := @R_LIB@ -L@CU_LIBDIR@ -lcublas 15 - +LD_PARAMS := -Xlinker "--export-dynamic -fopenmp -L${R_HOME}/lib -lR" 16 - +RCU_LIBS := -Xlinker "-L@CU_LIBDIR@ -lcublas" 17 - 18 - all : WideLM.so 19 -
-29
pkgs/development/r-modules/patches/rpud.patch
··· 1 - diff -ru -x '*~' rpud_orig/configure rpud/configure 2 - --- rpud_orig/configure 2010-09-08 02:14:55.000000000 +0900 3 - +++ rpud/configure 2014-10-25 16:46:39.479098648 +0900 4 - @@ -1794,7 +1794,7 @@ 5 - fi 6 - 7 - LIBS="-L${CUDA_HOME}${CUDA_LIB_DIR} -lcublas -lcuda" 8 - -RPATHFLAG="-Wl,-rpath,${CUDA_HOME}${CUDA_LIB_DIR}" 9 - +RPATHFLAG="-Xlinker -rpath=${CUDA_HOME}${CUDA_LIB_DIR}" 10 - 11 - 12 - 13 - diff -ru -x '*~' rpud_orig/src/Makefile.in rpud/src/Makefile.in 14 - --- rpud_orig/src/Makefile.in 2010-08-31 01:53:50.000000000 +0900 15 - +++ rpud/src/Makefile.in 2014-10-25 16:45:30.248109883 +0900 16 - @@ -3,11 +3,11 @@ 17 - OBJS := rpud.o rpudist.o 18 - 19 - #compiler/preprocessor options 20 - -INCS := -I@CUDA_HOME@/include 21 - +INCS := -I@CUDA_HOME@/include 22 - PARAMS := -Xcompiler "@R_INCLUDE@ @CPICFLAGS@" 23 - 24 - #linker options 25 - -LD_PARAMS := -Xlinker "@R_LIB@ @RPATHFLAG@" 26 - +LD_PARAMS := -Xlinker "--export-dynamic -fopenmp -L${R_HOME}/lib -lR @RPATHFLAG@" 27 - LIBS := @LIBS@ 28 - 29 - TARGETS := rpud.so
-13
pkgs/development/tools/boomerang/dlopen_path.patch
··· 1 - diff --git a/loader/BinaryFileFactory.cpp b/loader/BinaryFileFactory.cpp 2 - index 889a4ed..ca86765 100644 3 - --- a/loader/BinaryFileFactory.cpp 4 - +++ b/loader/BinaryFileFactory.cpp 5 - @@ -109,7 +109,7 @@ BinaryFile* BinaryFileFactory::getInstanceFor( const char *sName ) { 6 - 7 - // Load the specific loader library 8 - #ifndef _WIN32 // Cygwin, Unix/Linux 9 - - libName = std::string("lib/lib") + libName; 10 - + libName = std::string("lib") + libName; 11 - #ifdef __CYGWIN__ 12 - libName += ".dll"; // Cygwin wants .dll, but is otherwise like Unix 13 - #else
-237
pkgs/development/tools/build-managers/cmake/2.8.11-cygwin.patch
··· 1 - --- cmake-2.8.10/Source/cmFileCommand.cxx 2012-10-31 10:32:06.000000000 -0500 2 - +++ cmake-2.8.10/Source/cmFileCommand.cxx 2013-03-16 22:55:11.306681100 -0500 3 - @@ -1002,7 +1002,7 @@ protected: 4 - MatchProperties CollectMatchProperties(const char* file) 5 - { 6 - // Match rules are case-insensitive on some platforms. 7 - -#if defined(_WIN32) || defined(__APPLE__) || defined(__CYGWIN__) 8 - +#if defined(_WIN32) || defined(__APPLE__) 9 - std::string lower = cmSystemTools::LowerCase(file); 10 - const char* file_to_match = lower.c_str(); 11 - #else 12 - --- cmake-2.8.10/Source/cmInstallCommand.cxx 2012-10-31 10:32:06.000000000 -0500 13 - +++ cmake-2.8.10/Source/cmInstallCommand.cxx 2013-03-16 22:56:21.008667800 -0500 14 - @@ -1090,7 +1090,7 @@ cmInstallCommand::HandleDirectoryMode(st 15 - { 16 - literal_args += " REGEX \""; 17 - // Match rules are case-insensitive on some platforms. 18 - -#if defined(_WIN32) || defined(__APPLE__) || defined(__CYGWIN__) 19 - +#if defined(_WIN32) || defined(__APPLE__) 20 - std::string regex = cmSystemTools::LowerCase(args[i]); 21 - #else 22 - std::string regex = args[i]; 23 - --- cmake-2.8.10/Source/kwsys/Glob.cxx 2012-10-31 10:32:06.000000000 -0500 24 - +++ cmake-2.8.10/Source/kwsys/Glob.cxx 2013-03-16 22:58:54.192429400 -0500 25 - @@ -37,7 +37,7 @@ 26 - #include <string.h> 27 - namespace KWSYS_NAMESPACE 28 - { 29 - -#if defined(_WIN32) || defined(__APPLE__) || defined(__CYGWIN__) 30 - +#if defined(_WIN32) || defined(__APPLE__) 31 - // On Windows and apple, no difference between lower and upper case 32 - # define KWSYS_GLOB_CASE_INDEPENDENT 33 - #endif 34 - --- cmake-2.8.11/Source/kwsys/SystemInformation.cxx 2013-05-15 12:38:13.000000000 -0500 35 - +++ cmake-2.8.11/Source/kwsys/SystemInformation.cxx 2013-07-08 01:57:31.216321800 -0500 36 - @@ -888,7 +888,7 @@ void SystemInformation::RunMemoryCheck() 37 - // Hide implementation details in an anonymous namespace. 38 - namespace { 39 - // ***************************************************************************** 40 - -#if defined(__linux) || defined(__APPLE__) 41 - +#if defined(__linux) || defined(__APPLE__) || defined(__CYGWIN__) 42 - int LoadLines( 43 - FILE *file, 44 - kwsys_stl::vector<kwsys_stl::string> &lines) 45 - @@ -918,7 +918,7 @@ int LoadLines( 46 - return nRead; 47 - } 48 - 49 - -# if defined(__linux) 50 - +# if defined(__linux) || defined(__CYGWIN__) 51 - // ***************************************************************************** 52 - int LoadLines( 53 - const char *fileName, 54 - @@ -957,7 +957,7 @@ int NameValue( 55 - } 56 - #endif 57 - 58 - -#if defined(__linux) 59 - +#if defined(__linux) || defined(__CYGWIN__) 60 - // **************************************************************************** 61 - template<typename T> 62 - int GetFieldsFromFile( 63 - @@ -2869,7 +2869,6 @@ bool SystemInformationImplementation::Re 64 - pos = buffer.find("processor\t",pos+1); 65 - } 66 - 67 - -#ifdef __linux 68 - // Find the largest physical id. 69 - int maxId = -1; 70 - kwsys_stl::string idc = 71 - @@ -2893,14 +2892,6 @@ bool SystemInformationImplementation::Re 72 - this->NumberOfPhysicalCPU=static_cast<unsigned int>( 73 - numberOfCoresPerCPU*(maxId+1)); 74 - 75 - -#else // __CYGWIN__ 76 - - // does not have "physical id" entries, neither "cpu cores" 77 - - // this has to be fixed for hyper-threading. 78 - - kwsys_stl::string cpucount = 79 - - this->ExtractValueFromCpuInfoFile(buffer,"cpu count"); 80 - - this->NumberOfPhysicalCPU= 81 - - this->NumberOfLogicalCPU = atoi(cpucount.c_str()); 82 - -#endif 83 - // gotta have one, and if this is 0 then we get a / by 0n 84 - // better to have a bad answer than a crash 85 - if(this->NumberOfPhysicalCPU <= 0) 86 - @@ -3086,7 +3077,7 @@ SystemInformationImplementation::GetHost 87 - GlobalMemoryStatusEx(&statex); 88 - return statex.ullTotalPhys/1024; 89 - # endif 90 - -#elif defined(__linux) 91 - +#elif defined(__linux) || defined(__CYGWIN__) 92 - SystemInformation::LongLong memTotal=0; 93 - int ierr=GetFieldFromFile("/proc/meminfo","MemTotal:",memTotal); 94 - if (ierr) 95 - @@ -3217,7 +3208,7 @@ SystemInformationImplementation::GetHost 96 - GlobalMemoryStatusEx(&statex); 97 - return (statex.ullTotalPhys - statex.ullAvailPhys)/1024; 98 - # endif 99 - -#elif defined(__linux) 100 - +#elif defined(__linux) || defined(__CYGWIN__) 101 - const char *names[3]={"MemTotal:","MemFree:",NULL}; 102 - SystemInformation::LongLong values[2]={SystemInformation::LongLong(0)}; 103 - int ierr=GetFieldsFromFile("/proc/meminfo",names,values); 104 - @@ -3276,7 +3267,7 @@ SystemInformationImplementation::GetProc 105 - return -2; 106 - } 107 - return pmc.WorkingSetSize/1024; 108 - -#elif defined(__linux) 109 - +#elif defined(__linux) || defined(__CYGWIN__) 110 - SystemInformation::LongLong memUsed=0; 111 - int ierr=GetFieldFromFile("/proc/self/status","VmRSS:",memUsed); 112 - if (ierr) 113 - @@ -3328,7 +3319,7 @@ SystemInformationImplementation::GetProc 114 - { 115 - #if defined(_WIN32) 116 - return GetCurrentProcessId(); 117 - -#elif defined(__linux) || defined(__APPLE__) 118 - +#elif defined(__linux) || defined(__APPLE__) || defined(__CYGWIN__) 119 - return getpid(); 120 - #else 121 - return -1; 122 - --- cmake-2.8.10/Source/kwsys/SystemTools.cxx 2012-10-31 10:32:06.000000000 -0500 123 - +++ cmake-2.8.10/Source/kwsys/SystemTools.cxx 2013-03-16 22:52:11.830415600 -0500 124 - @@ -75,19 +75,12 @@ 125 - // Windows API. 126 - #if defined(_WIN32) 127 - # include <windows.h> 128 - -#elif defined (__CYGWIN__) 129 - -# include <windows.h> 130 - -# undef _WIN32 131 - #endif 132 - 133 - #if !KWSYS_CXX_HAS_ENVIRON_IN_STDLIB_H 134 - extern char **environ; 135 - #endif 136 - 137 - -#ifdef __CYGWIN__ 138 - -extern "C" void cygwin_conv_to_win32_path(const char *path, char *win32_path); 139 - -#endif 140 - - 141 - // getpwnam doesn't exist on Windows and Cray Xt3/Catamount 142 - // same for TIOCGWINSZ 143 - #if defined(_WIN32) || defined (__LIBCATAMOUNT__) 144 - @@ -1068,7 +1061,7 @@ bool SystemTools::SameFile(const char* f 145 - } 146 - 147 - //---------------------------------------------------------------------------- 148 - -#if defined(_WIN32) || defined(__CYGWIN__) 149 - +#if defined(_WIN32) 150 - static bool WindowsFileExists(const char* filename) 151 - { 152 - WIN32_FILE_ATTRIBUTE_DATA fd; 153 - @@ -1083,7 +1076,7 @@ bool SystemTools::FileExists(const char* 154 - { 155 - return false; 156 - } 157 - -#if defined(__CYGWIN__) 158 - +#if 0 159 - // Convert filename to native windows path if possible. 160 - char winpath[MAX_PATH]; 161 - if(SystemTools::PathCygwinToWin32(filename, winpath)) 162 - @@ -1111,7 +1104,7 @@ bool SystemTools::FileExists(const char* 163 - } 164 - 165 - //---------------------------------------------------------------------------- 166 - -#ifdef __CYGWIN__ 167 - +#if 0 168 - bool SystemTools::PathCygwinToWin32(const char *path, char *win32_path) 169 - { 170 - SystemToolsTranslationMap::iterator i = 171 - @@ -3894,7 +3887,7 @@ bool SystemTools::LocateFileInDir(const 172 - bool SystemTools::FileIsFullPath(const char* in_name) 173 - { 174 - kwsys_stl::string name = in_name; 175 - -#if defined(_WIN32) || defined(__CYGWIN__) 176 - +#if defined(_WIN32) 177 - // On Windows, the name must be at least two characters long. 178 - if(name.length() < 2) 179 - { 180 - @@ -4712,9 +4705,6 @@ bool SystemTools::ParseURL( const kwsys_ 181 - unsigned int SystemToolsManagerCount; 182 - SystemToolsTranslationMap *SystemTools::TranslationMap; 183 - SystemToolsTranslationMap *SystemTools::LongPathMap; 184 - -#ifdef __CYGWIN__ 185 - -SystemToolsTranslationMap *SystemTools::Cyg2Win32Map; 186 - -#endif 187 - 188 - // SystemToolsManager manages the SystemTools singleton. 189 - // SystemToolsManager should be included in any translation unit 190 - @@ -4760,9 +4750,6 @@ void SystemTools::ClassInitialize() 191 - // Allocate the translation map first. 192 - SystemTools::TranslationMap = new SystemToolsTranslationMap; 193 - SystemTools::LongPathMap = new SystemToolsTranslationMap; 194 - -#ifdef __CYGWIN__ 195 - - SystemTools::Cyg2Win32Map = new SystemToolsTranslationMap; 196 - -#endif 197 - 198 - // Add some special translation paths for unix. These are not added 199 - // for windows because drive letters need to be maintained. Also, 200 - @@ -4817,9 +4804,6 @@ void SystemTools::ClassFinalize() 201 - { 202 - delete SystemTools::TranslationMap; 203 - delete SystemTools::LongPathMap; 204 - -#ifdef __CYGWIN__ 205 - - delete SystemTools::Cyg2Win32Map; 206 - -#endif 207 - } 208 - 209 - 210 - --- cmake-2.8.10/Source/kwsys/SystemTools.hxx.in 2012-10-31 10:32:06.000000000 -0500 211 - +++ cmake-2.8.10/Source/kwsys/SystemTools.hxx.in 2013-03-16 23:10:30.185237900 -0500 212 - @@ -277,15 +277,6 @@ public: 213 - static bool FileExists(const char* filename); 214 - 215 - /** 216 - - * Converts Cygwin path to Win32 path. Uses dictionary container for 217 - - * caching and calls to cygwin_conv_to_win32_path from Cygwin dll 218 - - * for actual translation. Returns true on success, else false. 219 - - */ 220 - -#ifdef __CYGWIN__ 221 - - static bool PathCygwinToWin32(const char *path, char *win32_path); 222 - -#endif 223 - - 224 - - /** 225 - * Return file length 226 - */ 227 - static unsigned long FileLength(const char *filename); 228 - @@ -887,9 +878,6 @@ private: 229 - */ 230 - static SystemToolsTranslationMap *TranslationMap; 231 - static SystemToolsTranslationMap *LongPathMap; 232 - -#ifdef __CYGWIN__ 233 - - static SystemToolsTranslationMap *Cyg2Win32Map; 234 - -#endif 235 - friend class SystemToolsManager; 236 - }; 237 -
-11
pkgs/development/tools/build-managers/cmake/cmake_find_openssl_for_openssl-1.0.1m_and_up.patch
··· 1 - --- ./Modules/FindOpenSSL.cmake 2 - +++ ./Modules/FindOpenSSL.cmake 3 - @@ -264,7 +264,7 @@ 4 - set(OPENSSL_VERSION "${_OPENSSL_VERSION}") 5 - elseif(OPENSSL_INCLUDE_DIR AND EXISTS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h") 6 - file(STRINGS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h" openssl_version_str 7 - - REGEX "^#define[\t ]+OPENSSL_VERSION_NUMBER[\t ]+0x([0-9a-fA-F])+.*") 8 - + REGEX "^# *define[\t ]+OPENSSL_VERSION_NUMBER[\t ]+0x([0-9a-fA-F])+.*") 9 - 10 - # The version number is encoded as 0xMNNFFPPS: major minor fix patch status 11 - # The status gives if this is a developer or prerelease and is ignored here.
-34
pkgs/development/tools/haskell/ihaskell/use-classy-prelude.patch
··· 1 - From fad4e38079e91b13bf1e94732b7494504071b224 Mon Sep 17 00:00:00 2001 2 - From: =?UTF-8?q?Edward=20Tj=C3=B6rnhammar?= <ed@cflags.cc> 3 - Date: Sun, 28 Sep 2014 09:27:40 +0200 4 - Subject: [PATCH] catMaybes, explicitly use ClassyPrelude 5 - 6 - --- 7 - src/IHaskell/Eval/Completion.hs | 4 ++-- 8 - 1 file changed, 2 insertions(+), 2 deletions(-) 9 - 10 - diff --git a/src/IHaskell/Eval/Completion.hs b/src/IHaskell/Eval/Completion.hs 11 - index 790c903..93d7ac1 100644 12 - --- a/src/IHaskell/Eval/Completion.hs 13 - +++ b/src/IHaskell/Eval/Completion.hs 14 - @@ -141,7 +141,7 @@ getTrueModuleName name = do 15 - onlyImportDecl _ = Nothing 16 - 17 - -- Get all imports that we use. 18 - - imports <- catMaybes <$> map onlyImportDecl <$> getContext 19 - + imports <- ClassyPrelude.catMaybes <$> map onlyImportDecl <$> getContext 20 - 21 - -- Find the ones that have a qualified name attached. 22 - -- If this name isn't one of them, it already is the true name. 23 - @@ -178,7 +178,7 @@ completionType line loc target 24 - = Empty 25 - 26 - -- When in a string, complete filenames. 27 - - | cursorInString line loc 28 - + | cursorInString line loc 29 - = FilePath (getStringTarget lineUpToCursor) (getStringTarget lineUpToCursor) 30 - 31 - -- Complete module names in imports and elsewhere. 32 - -- 33 - 2.1.0 34 -
-16
pkgs/games/hedgewars/fix-ghc-7.8-build-failure.diff
··· 1 - ## fix-ghc-7.8-build-failure.diff [diff] 2 - diff --git a/gameServer/Actions.hs b/gameServer/Actions.hs 3 - index 2cebe4f..355ee26 100644 4 - --- a/gameServer/Actions.hs 5 - +++ b/gameServer/Actions.hs 6 - @@ -562,7 +562,7 @@ processAction (AddClient cl) = do 7 - si <- gets serverInfo 8 - newClId <- io $ do 9 - ci <- addClient rnc cl 10 - - _ <- Exception.mask (forkIO . clientRecvLoop (clientSocket cl) (coreChan si) (sendChan cl) ci) 11 - + _ <- Exception.mask (\x -> forkIO $ clientRecvLoop (clientSocket cl) (coreChan si) (sendChan cl) ci x) 12 - 13 - infoM "Clients" (show ci ++ ": New client. Time: " ++ show (connectTime cl)) 14 - 15 - 16 -
-35
pkgs/os-specific/linux/kernel-headers/unifdef-getline.patch
··· 1 - This patch fixes a trivial compilation error with glibc 2.11. 2 - From http://patchwork.kernel.org/patch/11166/ . 3 - 4 - diff --git a/scripts/unifdef.c b/scripts/unifdef.c 5 - index 552025e..977e682 100644 6 - --- a/scripts/unifdef.c 7 - +++ b/scripts/unifdef.c 8 - @@ -206,7 +206,7 @@ static void done(void); 9 - static void error(const char *); 10 - static int findsym(const char *); 11 - static void flushline(bool); 12 - -static Linetype getline(void); 13 - +static Linetype parseline(void); 14 - static Linetype ifeval(const char **); 15 - static void ignoreoff(void); 16 - static void ignoreon(void); 17 - @@ -512,7 +512,7 @@ process(void) 18 - 19 - for (;;) { 20 - linenum++; 21 - - lineval = getline(); 22 - + lineval = parseline(); 23 - trans_table[ifstate[depth]][lineval](); 24 - debug("process %s -> %s depth %d", 25 - linetype_name[lineval], 26 - @@ -526,7 +526,7 @@ process(void) 27 - * help from skipcomment(). 28 - */ 29 - static Linetype 30 - -getline(void) 31 - +parseline(void) 32 - { 33 - const char *cp; 34 - int cursym; 35 -
-553
pkgs/os-specific/linux/kernel/apparmor-patches/3.2/0001-AppArmor-compatibility-patch-for-v5-network-controll.patch
··· 1 - From 125fccb600288968aa3395883c0a394c47176fcd Mon Sep 17 00:00:00 2001 2 - From: John Johansen <john.johansen@canonical.com> 3 - Date: Wed, 10 Aug 2011 22:02:39 -0700 4 - Subject: [PATCH 1/3] AppArmor: compatibility patch for v5 network controll 5 - 6 - Add compatibility for v5 network rules. 7 - 8 - Signed-off-by: John Johansen <john.johansen@canonical.com> 9 - --- 10 - include/linux/lsm_audit.h | 4 + 11 - security/apparmor/Makefile | 19 +++- 12 - security/apparmor/include/net.h | 40 +++++++++ 13 - security/apparmor/include/policy.h | 3 + 14 - security/apparmor/lsm.c | 112 ++++++++++++++++++++++++ 15 - security/apparmor/net.c | 170 ++++++++++++++++++++++++++++++++++++ 16 - security/apparmor/policy.c | 1 + 17 - security/apparmor/policy_unpack.c | 48 +++++++++- 18 - 8 files changed, 394 insertions(+), 3 deletions(-) 19 - create mode 100644 security/apparmor/include/net.h 20 - create mode 100644 security/apparmor/net.c 21 - 22 - diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h 23 - index 88e78de..c63979a 100644 24 - --- a/include/linux/lsm_audit.h 25 - +++ b/include/linux/lsm_audit.h 26 - @@ -124,6 +124,10 @@ struct common_audit_data { 27 - u32 denied; 28 - uid_t ouid; 29 - } fs; 30 - + struct { 31 - + int type, protocol; 32 - + struct sock *sk; 33 - + } net; 34 - }; 35 - } apparmor_audit_data; 36 - #endif 37 - diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile 38 - index 2dafe50..7cefef9 100644 39 - --- a/security/apparmor/Makefile 40 - +++ b/security/apparmor/Makefile 41 - @@ -4,9 +4,9 @@ obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o 42 - 43 - apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \ 44 - path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \ 45 - - resource.o sid.o file.o 46 - + resource.o sid.o file.o net.o 47 - 48 - -clean-files := capability_names.h rlim_names.h 49 - +clean-files := capability_names.h rlim_names.h af_names.h 50 - 51 - 52 - # Build a lower case string table of capability names 53 - @@ -44,9 +44,24 @@ cmd_make-rlim = echo "static const char *rlim_names[] = {" > $@ ;\ 54 - sed -r -n "s/^\# ?define[ \t]+(RLIMIT_[A-Z0-9_]+).*/\1,/p" $< >> $@ ;\ 55 - echo "};" >> $@ 56 - 57 - +# Build a lower case string table of address family names. 58 - +# Transform lines from 59 - +# #define AF_INET 2 /* Internet IP Protocol */ 60 - +# to 61 - +# [2] = "inet", 62 - +quiet_cmd_make-af = GEN $@ 63 - +cmd_make-af = echo "static const char *address_family_names[] = {" > $@ ;\ 64 - + sed $< >> $@ -r -n -e "/AF_MAX/d" -e "/AF_LOCAL/d" -e \ 65 - + 's/^\#define[ \t]+AF_([A-Z0-9_]+)[ \t]+([0-9]+).*/[\2] = "\L\1",/p';\ 66 - + echo "};" >> $@ 67 - + 68 - + 69 - $(obj)/capability.o : $(obj)/capability_names.h 70 - $(obj)/resource.o : $(obj)/rlim_names.h 71 - +$(obj)/net.o : $(obj)/af_names.h 72 - $(obj)/capability_names.h : $(srctree)/include/linux/capability.h 73 - $(call cmd,make-caps) 74 - $(obj)/rlim_names.h : $(srctree)/include/asm-generic/resource.h 75 - $(call cmd,make-rlim) 76 - +$(obj)/af_names.h : $(srctree)/include/linux/socket.h 77 - + $(call cmd,make-af) 78 - \ No newline at end of file 79 - diff --git a/security/apparmor/include/net.h b/security/apparmor/include/net.h 80 - new file mode 100644 81 - index 0000000..3c7d599 82 - --- /dev/null 83 - +++ b/security/apparmor/include/net.h 84 - @@ -0,0 +1,40 @@ 85 - +/* 86 - + * AppArmor security module 87 - + * 88 - + * This file contains AppArmor network mediation definitions. 89 - + * 90 - + * Copyright (C) 1998-2008 Novell/SUSE 91 - + * Copyright 2009-2010 Canonical Ltd. 92 - + * 93 - + * This program is free software; you can redistribute it and/or 94 - + * modify it under the terms of the GNU General Public License as 95 - + * published by the Free Software Foundation, version 2 of the 96 - + * License. 97 - + */ 98 - + 99 - +#ifndef __AA_NET_H 100 - +#define __AA_NET_H 101 - + 102 - +#include <net/sock.h> 103 - + 104 - +/* struct aa_net - network confinement data 105 - + * @allowed: basic network families permissions 106 - + * @audit_network: which network permissions to force audit 107 - + * @quiet_network: which network permissions to quiet rejects 108 - + */ 109 - +struct aa_net { 110 - + u16 allow[AF_MAX]; 111 - + u16 audit[AF_MAX]; 112 - + u16 quiet[AF_MAX]; 113 - +}; 114 - + 115 - +extern int aa_net_perm(int op, struct aa_profile *profile, u16 family, 116 - + int type, int protocol, struct sock *sk); 117 - +extern int aa_revalidate_sk(int op, struct sock *sk); 118 - + 119 - +static inline void aa_free_net_rules(struct aa_net *new) 120 - +{ 121 - + /* NOP */ 122 - +} 123 - + 124 - +#endif /* __AA_NET_H */ 125 - diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h 126 - index aeda5cf..6776929 100644 127 - --- a/security/apparmor/include/policy.h 128 - +++ b/security/apparmor/include/policy.h 129 - @@ -27,6 +27,7 @@ 130 - #include "capability.h" 131 - #include "domain.h" 132 - #include "file.h" 133 - +#include "net.h" 134 - #include "resource.h" 135 - 136 - extern const char *profile_mode_names[]; 137 - @@ -145,6 +146,7 @@ struct aa_namespace { 138 - * @size: the memory consumed by this profiles rules 139 - * @file: The set of rules governing basic file access and domain transitions 140 - * @caps: capabilities for the profile 141 - + * @net: network controls for the profile 142 - * @rlimits: rlimits for the profile 143 - * 144 - * The AppArmor profile contains the basic confinement data. Each profile 145 - @@ -181,6 +183,7 @@ struct aa_profile { 146 - 147 - struct aa_file_rules file; 148 - struct aa_caps caps; 149 - + struct aa_net net; 150 - struct aa_rlimit rlimits; 151 - }; 152 - 153 - diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c 154 - index 3783202..7459547 100644 155 - --- a/security/apparmor/lsm.c 156 - +++ b/security/apparmor/lsm.c 157 - @@ -32,6 +32,7 @@ 158 - #include "include/context.h" 159 - #include "include/file.h" 160 - #include "include/ipc.h" 161 - +#include "include/net.h" 162 - #include "include/path.h" 163 - #include "include/policy.h" 164 - #include "include/procattr.h" 165 - @@ -621,6 +622,104 @@ static int apparmor_task_setrlimit(struct task_struct *task, 166 - return error; 167 - } 168 - 169 - +static int apparmor_socket_create(int family, int type, int protocol, int kern) 170 - +{ 171 - + struct aa_profile *profile; 172 - + int error = 0; 173 - + 174 - + if (kern) 175 - + return 0; 176 - + 177 - + profile = __aa_current_profile(); 178 - + if (!unconfined(profile)) 179 - + error = aa_net_perm(OP_CREATE, profile, family, type, protocol, 180 - + NULL); 181 - + return error; 182 - +} 183 - + 184 - +static int apparmor_socket_bind(struct socket *sock, 185 - + struct sockaddr *address, int addrlen) 186 - +{ 187 - + struct sock *sk = sock->sk; 188 - + 189 - + return aa_revalidate_sk(OP_BIND, sk); 190 - +} 191 - + 192 - +static int apparmor_socket_connect(struct socket *sock, 193 - + struct sockaddr *address, int addrlen) 194 - +{ 195 - + struct sock *sk = sock->sk; 196 - + 197 - + return aa_revalidate_sk(OP_CONNECT, sk); 198 - +} 199 - + 200 - +static int apparmor_socket_listen(struct socket *sock, int backlog) 201 - +{ 202 - + struct sock *sk = sock->sk; 203 - + 204 - + return aa_revalidate_sk(OP_LISTEN, sk); 205 - +} 206 - + 207 - +static int apparmor_socket_accept(struct socket *sock, struct socket *newsock) 208 - +{ 209 - + struct sock *sk = sock->sk; 210 - + 211 - + return aa_revalidate_sk(OP_ACCEPT, sk); 212 - +} 213 - + 214 - +static int apparmor_socket_sendmsg(struct socket *sock, 215 - + struct msghdr *msg, int size) 216 - +{ 217 - + struct sock *sk = sock->sk; 218 - + 219 - + return aa_revalidate_sk(OP_SENDMSG, sk); 220 - +} 221 - + 222 - +static int apparmor_socket_recvmsg(struct socket *sock, 223 - + struct msghdr *msg, int size, int flags) 224 - +{ 225 - + struct sock *sk = sock->sk; 226 - + 227 - + return aa_revalidate_sk(OP_RECVMSG, sk); 228 - +} 229 - + 230 - +static int apparmor_socket_getsockname(struct socket *sock) 231 - +{ 232 - + struct sock *sk = sock->sk; 233 - + 234 - + return aa_revalidate_sk(OP_GETSOCKNAME, sk); 235 - +} 236 - + 237 - +static int apparmor_socket_getpeername(struct socket *sock) 238 - +{ 239 - + struct sock *sk = sock->sk; 240 - + 241 - + return aa_revalidate_sk(OP_GETPEERNAME, sk); 242 - +} 243 - + 244 - +static int apparmor_socket_getsockopt(struct socket *sock, int level, 245 - + int optname) 246 - +{ 247 - + struct sock *sk = sock->sk; 248 - + 249 - + return aa_revalidate_sk(OP_GETSOCKOPT, sk); 250 - +} 251 - + 252 - +static int apparmor_socket_setsockopt(struct socket *sock, int level, 253 - + int optname) 254 - +{ 255 - + struct sock *sk = sock->sk; 256 - + 257 - + return aa_revalidate_sk(OP_SETSOCKOPT, sk); 258 - +} 259 - + 260 - +static int apparmor_socket_shutdown(struct socket *sock, int how) 261 - +{ 262 - + struct sock *sk = sock->sk; 263 - + 264 - + return aa_revalidate_sk(OP_SOCK_SHUTDOWN, sk); 265 - +} 266 - + 267 - static struct security_operations apparmor_ops = { 268 - .name = "apparmor", 269 - 270 - @@ -652,6 +751,19 @@ static struct security_operations apparmor_ops = { 271 - .getprocattr = apparmor_getprocattr, 272 - .setprocattr = apparmor_setprocattr, 273 - 274 - + .socket_create = apparmor_socket_create, 275 - + .socket_bind = apparmor_socket_bind, 276 - + .socket_connect = apparmor_socket_connect, 277 - + .socket_listen = apparmor_socket_listen, 278 - + .socket_accept = apparmor_socket_accept, 279 - + .socket_sendmsg = apparmor_socket_sendmsg, 280 - + .socket_recvmsg = apparmor_socket_recvmsg, 281 - + .socket_getsockname = apparmor_socket_getsockname, 282 - + .socket_getpeername = apparmor_socket_getpeername, 283 - + .socket_getsockopt = apparmor_socket_getsockopt, 284 - + .socket_setsockopt = apparmor_socket_setsockopt, 285 - + .socket_shutdown = apparmor_socket_shutdown, 286 - + 287 - .cred_alloc_blank = apparmor_cred_alloc_blank, 288 - .cred_free = apparmor_cred_free, 289 - .cred_prepare = apparmor_cred_prepare, 290 - diff --git a/security/apparmor/net.c b/security/apparmor/net.c 291 - new file mode 100644 292 - index 0000000..1765901 293 - --- /dev/null 294 - +++ b/security/apparmor/net.c 295 - @@ -0,0 +1,170 @@ 296 - +/* 297 - + * AppArmor security module 298 - + * 299 - + * This file contains AppArmor network mediation 300 - + * 301 - + * Copyright (C) 1998-2008 Novell/SUSE 302 - + * Copyright 2009-2010 Canonical Ltd. 303 - + * 304 - + * This program is free software; you can redistribute it and/or 305 - + * modify it under the terms of the GNU General Public License as 306 - + * published by the Free Software Foundation, version 2 of the 307 - + * License. 308 - + */ 309 - + 310 - +#include "include/apparmor.h" 311 - +#include "include/audit.h" 312 - +#include "include/context.h" 313 - +#include "include/net.h" 314 - +#include "include/policy.h" 315 - + 316 - +#include "af_names.h" 317 - + 318 - +static const char *sock_type_names[] = { 319 - + "unknown(0)", 320 - + "stream", 321 - + "dgram", 322 - + "raw", 323 - + "rdm", 324 - + "seqpacket", 325 - + "dccp", 326 - + "unknown(7)", 327 - + "unknown(8)", 328 - + "unknown(9)", 329 - + "packet", 330 - +}; 331 - + 332 - +/* audit callback for net specific fields */ 333 - +static void audit_cb(struct audit_buffer *ab, void *va) 334 - +{ 335 - + struct common_audit_data *sa = va; 336 - + 337 - + audit_log_format(ab, " family="); 338 - + if (address_family_names[sa->u.net.family]) { 339 - + audit_log_string(ab, address_family_names[sa->u.net.family]); 340 - + } else { 341 - + audit_log_format(ab, " \"unknown(%d)\"", sa->u.net.family); 342 - + } 343 - + 344 - + audit_log_format(ab, " sock_type="); 345 - + if (sock_type_names[sa->aad.net.type]) { 346 - + audit_log_string(ab, sock_type_names[sa->aad.net.type]); 347 - + } else { 348 - + audit_log_format(ab, "\"unknown(%d)\"", sa->aad.net.type); 349 - + } 350 - + 351 - + audit_log_format(ab, " protocol=%d", sa->aad.net.protocol); 352 - +} 353 - + 354 - +/** 355 - + * audit_net - audit network access 356 - + * @profile: profile being enforced (NOT NULL) 357 - + * @op: operation being checked 358 - + * @family: network family 359 - + * @type: network type 360 - + * @protocol: network protocol 361 - + * @sk: socket auditing is being applied to 362 - + * @error: error code for failure else 0 363 - + * 364 - + * Returns: %0 or sa->error else other errorcode on failure 365 - + */ 366 - +static int audit_net(struct aa_profile *profile, int op, u16 family, int type, 367 - + int protocol, struct sock *sk, int error) 368 - +{ 369 - + int audit_type = AUDIT_APPARMOR_AUTO; 370 - + struct common_audit_data sa; 371 - + if (sk) { 372 - + COMMON_AUDIT_DATA_INIT(&sa, NET); 373 - + } else { 374 - + COMMON_AUDIT_DATA_INIT(&sa, NONE); 375 - + } 376 - + /* todo fill in socket addr info */ 377 - + 378 - + sa.aad.op = op, 379 - + sa.u.net.family = family; 380 - + sa.u.net.sk = sk; 381 - + sa.aad.net.type = type; 382 - + sa.aad.net.protocol = protocol; 383 - + sa.aad.error = error; 384 - + 385 - + if (likely(!sa.aad.error)) { 386 - + u16 audit_mask = profile->net.audit[sa.u.net.family]; 387 - + if (likely((AUDIT_MODE(profile) != AUDIT_ALL) && 388 - + !(1 << sa.aad.net.type & audit_mask))) 389 - + return 0; 390 - + audit_type = AUDIT_APPARMOR_AUDIT; 391 - + } else { 392 - + u16 quiet_mask = profile->net.quiet[sa.u.net.family]; 393 - + u16 kill_mask = 0; 394 - + u16 denied = (1 << sa.aad.net.type) & ~quiet_mask; 395 - + 396 - + if (denied & kill_mask) 397 - + audit_type = AUDIT_APPARMOR_KILL; 398 - + 399 - + if ((denied & quiet_mask) && 400 - + AUDIT_MODE(profile) != AUDIT_NOQUIET && 401 - + AUDIT_MODE(profile) != AUDIT_ALL) 402 - + return COMPLAIN_MODE(profile) ? 0 : sa.aad.error; 403 - + } 404 - + 405 - + return aa_audit(audit_type, profile, GFP_KERNEL, &sa, audit_cb); 406 - +} 407 - + 408 - +/** 409 - + * aa_net_perm - very course network access check 410 - + * @op: operation being checked 411 - + * @profile: profile being enforced (NOT NULL) 412 - + * @family: network family 413 - + * @type: network type 414 - + * @protocol: network protocol 415 - + * 416 - + * Returns: %0 else error if permission denied 417 - + */ 418 - +int aa_net_perm(int op, struct aa_profile *profile, u16 family, int type, 419 - + int protocol, struct sock *sk) 420 - +{ 421 - + u16 family_mask; 422 - + int error; 423 - + 424 - + if ((family < 0) || (family >= AF_MAX)) 425 - + return -EINVAL; 426 - + 427 - + if ((type < 0) || (type >= SOCK_MAX)) 428 - + return -EINVAL; 429 - + 430 - + /* unix domain and netlink sockets are handled by ipc */ 431 - + if (family == AF_UNIX || family == AF_NETLINK) 432 - + return 0; 433 - + 434 - + family_mask = profile->net.allow[family]; 435 - + 436 - + error = (family_mask & (1 << type)) ? 0 : -EACCES; 437 - + 438 - + return audit_net(profile, op, family, type, protocol, sk, error); 439 - +} 440 - + 441 - +/** 442 - + * aa_revalidate_sk - Revalidate access to a sock 443 - + * @op: operation being checked 444 - + * @sk: sock being revalidated (NOT NULL) 445 - + * 446 - + * Returns: %0 else error if permission denied 447 - + */ 448 - +int aa_revalidate_sk(int op, struct sock *sk) 449 - +{ 450 - + struct aa_profile *profile; 451 - + int error = 0; 452 - + 453 - + /* aa_revalidate_sk should not be called from interrupt context 454 - + * don't mediate these calls as they are not task related 455 - + */ 456 - + if (in_interrupt()) 457 - + return 0; 458 - + 459 - + profile = __aa_current_profile(); 460 - + if (!unconfined(profile)) 461 - + error = aa_net_perm(op, profile, sk->sk_family, sk->sk_type, 462 - + sk->sk_protocol, sk); 463 - + 464 - + return error; 465 - +} 466 - diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c 467 - index 4f0eade..4d5ce13 100644 468 - --- a/security/apparmor/policy.c 469 - +++ b/security/apparmor/policy.c 470 - @@ -745,6 +745,7 @@ static void free_profile(struct aa_profile *profile) 471 - 472 - aa_free_file_rules(&profile->file); 473 - aa_free_cap_rules(&profile->caps); 474 - + aa_free_net_rules(&profile->net); 475 - aa_free_rlimit_rules(&profile->rlimits); 476 - 477 - aa_free_sid(profile->sid); 478 - diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c 479 - index 741dd13..ee8043e 100644 480 - --- a/security/apparmor/policy_unpack.c 481 - +++ b/security/apparmor/policy_unpack.c 482 - @@ -190,6 +190,19 @@ fail: 483 - return 0; 484 - } 485 - 486 - +static bool unpack_u16(struct aa_ext *e, u16 *data, const char *name) 487 - +{ 488 - + if (unpack_nameX(e, AA_U16, name)) { 489 - + if (!inbounds(e, sizeof(u16))) 490 - + return 0; 491 - + if (data) 492 - + *data = le16_to_cpu(get_unaligned((u16 *) e->pos)); 493 - + e->pos += sizeof(u16); 494 - + return 1; 495 - + } 496 - + return 0; 497 - +} 498 - + 499 - static bool unpack_u32(struct aa_ext *e, u32 *data, const char *name) 500 - { 501 - if (unpack_nameX(e, AA_U32, name)) { 502 - @@ -468,7 +481,8 @@ static struct aa_profile *unpack_profile(struct aa_ext *e) 503 - { 504 - struct aa_profile *profile = NULL; 505 - const char *name = NULL; 506 - - int error = -EPROTO; 507 - + size_t size = 0; 508 - + int i, error = -EPROTO; 509 - kernel_cap_t tmpcap; 510 - u32 tmp; 511 - 512 - @@ -559,6 +573,38 @@ static struct aa_profile *unpack_profile(struct aa_ext *e) 513 - if (!unpack_rlimits(e, profile)) 514 - goto fail; 515 - 516 - + size = unpack_array(e, "net_allowed_af"); 517 - + if (size) { 518 - + 519 - + for (i = 0; i < size; i++) { 520 - + /* discard extraneous rules that this kernel will 521 - + * never request 522 - + */ 523 - + if (i >= AF_MAX) { 524 - + u16 tmp; 525 - + if (!unpack_u16(e, &tmp, NULL) || 526 - + !unpack_u16(e, &tmp, NULL) || 527 - + !unpack_u16(e, &tmp, NULL)) 528 - + goto fail; 529 - + continue; 530 - + } 531 - + if (!unpack_u16(e, &profile->net.allow[i], NULL)) 532 - + goto fail; 533 - + if (!unpack_u16(e, &profile->net.audit[i], NULL)) 534 - + goto fail; 535 - + if (!unpack_u16(e, &profile->net.quiet[i], NULL)) 536 - + goto fail; 537 - + } 538 - + if (!unpack_nameX(e, AA_ARRAYEND, NULL)) 539 - + goto fail; 540 - + /* 541 - + * allow unix domain and netlink sockets they are handled 542 - + * by IPC 543 - + */ 544 - + } 545 - + profile->net.allow[AF_UNIX] = 0xffff; 546 - + profile->net.allow[AF_NETLINK] = 0xffff; 547 - + 548 - /* get file rules */ 549 - profile->file.dfa = unpack_dfa(e); 550 - if (IS_ERR(profile->file.dfa)) { 551 - -- 552 - 1.7.9.5 553 -
-391
pkgs/os-specific/linux/kernel/apparmor-patches/3.2/0002-AppArmor-compatibility-patch-for-v5-interface.patch
··· 1 - From 004192fb5223c7b81a949e36a080a5da56132826 Mon Sep 17 00:00:00 2001 2 - From: John Johansen <john.johansen@canonical.com> 3 - Date: Wed, 10 Aug 2011 22:02:40 -0700 4 - Subject: [PATCH 2/3] AppArmor: compatibility patch for v5 interface 5 - 6 - Signed-off-by: John Johansen <john.johansen@canonical.com> 7 - --- 8 - security/apparmor/Kconfig | 9 + 9 - security/apparmor/Makefile | 1 + 10 - security/apparmor/apparmorfs-24.c | 287 ++++++++++++++++++++++++++++++++ 11 - security/apparmor/apparmorfs.c | 18 +- 12 - security/apparmor/include/apparmorfs.h | 6 + 13 - 5 files changed, 319 insertions(+), 2 deletions(-) 14 - create mode 100644 security/apparmor/apparmorfs-24.c 15 - 16 - diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig 17 - index 9b9013b..51ebf96 100644 18 - --- a/security/apparmor/Kconfig 19 - +++ b/security/apparmor/Kconfig 20 - @@ -29,3 +29,12 @@ config SECURITY_APPARMOR_BOOTPARAM_VALUE 21 - boot. 22 - 23 - If you are unsure how to answer this question, answer 1. 24 - + 25 - +config SECURITY_APPARMOR_COMPAT_24 26 - + bool "Enable AppArmor 2.4 compatability" 27 - + depends on SECURITY_APPARMOR 28 - + default y 29 - + help 30 - + This option enables compatability with AppArmor 2.4. It is 31 - + recommended if compatability with older versions of AppArmor 32 - + is desired. 33 - diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile 34 - index 7cefef9..0bb604b 100644 35 - --- a/security/apparmor/Makefile 36 - +++ b/security/apparmor/Makefile 37 - @@ -5,6 +5,7 @@ obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o 38 - apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \ 39 - path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \ 40 - resource.o sid.o file.o net.o 41 - +apparmor-$(CONFIG_SECURITY_APPARMOR_COMPAT_24) += apparmorfs-24.o 42 - 43 - clean-files := capability_names.h rlim_names.h af_names.h 44 - 45 - diff --git a/security/apparmor/apparmorfs-24.c b/security/apparmor/apparmorfs-24.c 46 - new file mode 100644 47 - index 0000000..dc8c744 48 - --- /dev/null 49 - +++ b/security/apparmor/apparmorfs-24.c 50 - @@ -0,0 +1,287 @@ 51 - +/* 52 - + * AppArmor security module 53 - + * 54 - + * This file contains AppArmor /sys/kernel/secrutiy/apparmor interface functions 55 - + * 56 - + * Copyright (C) 1998-2008 Novell/SUSE 57 - + * Copyright 2009-2010 Canonical Ltd. 58 - + * 59 - + * This program is free software; you can redistribute it and/or 60 - + * modify it under the terms of the GNU General Public License as 61 - + * published by the Free Software Foundation, version 2 of the 62 - + * License. 63 - + * 64 - + * 65 - + * This file contain functions providing an interface for <= AppArmor 2.4 66 - + * compatibility. It is dependent on CONFIG_SECURITY_APPARMOR_COMPAT_24 67 - + * being set (see Makefile). 68 - + */ 69 - + 70 - +#include <linux/security.h> 71 - +#include <linux/vmalloc.h> 72 - +#include <linux/module.h> 73 - +#include <linux/seq_file.h> 74 - +#include <linux/uaccess.h> 75 - +#include <linux/namei.h> 76 - + 77 - +#include "include/apparmor.h" 78 - +#include "include/audit.h" 79 - +#include "include/context.h" 80 - +#include "include/policy.h" 81 - + 82 - + 83 - +/* apparmor/matching */ 84 - +static ssize_t aa_matching_read(struct file *file, char __user *buf, 85 - + size_t size, loff_t *ppos) 86 - +{ 87 - + const char matching[] = "pattern=aadfa audit perms=crwxamlk/ " 88 - + "user::other"; 89 - + 90 - + return simple_read_from_buffer(buf, size, ppos, matching, 91 - + sizeof(matching) - 1); 92 - +} 93 - + 94 - +const struct file_operations aa_fs_matching_fops = { 95 - + .read = aa_matching_read, 96 - +}; 97 - + 98 - +/* apparmor/features */ 99 - +static ssize_t aa_features_read(struct file *file, char __user *buf, 100 - + size_t size, loff_t *ppos) 101 - +{ 102 - + const char features[] = "file=3.1 capability=2.0 network=1.0 " 103 - + "change_hat=1.5 change_profile=1.1 " "aanamespaces=1.1 rlimit=1.1"; 104 - + 105 - + return simple_read_from_buffer(buf, size, ppos, features, 106 - + sizeof(features) - 1); 107 - +} 108 - + 109 - +const struct file_operations aa_fs_features_fops = { 110 - + .read = aa_features_read, 111 - +}; 112 - + 113 - +/** 114 - + * __next_namespace - find the next namespace to list 115 - + * @root: root namespace to stop search at (NOT NULL) 116 - + * @ns: current ns position (NOT NULL) 117 - + * 118 - + * Find the next namespace from @ns under @root and handle all locking needed 119 - + * while switching current namespace. 120 - + * 121 - + * Returns: next namespace or NULL if at last namespace under @root 122 - + * NOTE: will not unlock root->lock 123 - + */ 124 - +static struct aa_namespace *__next_namespace(struct aa_namespace *root, 125 - + struct aa_namespace *ns) 126 - +{ 127 - + struct aa_namespace *parent; 128 - + 129 - + /* is next namespace a child */ 130 - + if (!list_empty(&ns->sub_ns)) { 131 - + struct aa_namespace *next; 132 - + next = list_first_entry(&ns->sub_ns, typeof(*ns), base.list); 133 - + read_lock(&next->lock); 134 - + return next; 135 - + } 136 - + 137 - + /* check if the next ns is a sibling, parent, gp, .. */ 138 - + parent = ns->parent; 139 - + while (parent) { 140 - + read_unlock(&ns->lock); 141 - + list_for_each_entry_continue(ns, &parent->sub_ns, base.list) { 142 - + read_lock(&ns->lock); 143 - + return ns; 144 - + } 145 - + if (parent == root) 146 - + return NULL; 147 - + ns = parent; 148 - + parent = parent->parent; 149 - + } 150 - + 151 - + return NULL; 152 - +} 153 - + 154 - +/** 155 - + * __first_profile - find the first profile in a namespace 156 - + * @root: namespace that is root of profiles being displayed (NOT NULL) 157 - + * @ns: namespace to start in (NOT NULL) 158 - + * 159 - + * Returns: unrefcounted profile or NULL if no profile 160 - + */ 161 - +static struct aa_profile *__first_profile(struct aa_namespace *root, 162 - + struct aa_namespace *ns) 163 - +{ 164 - + for ( ; ns; ns = __next_namespace(root, ns)) { 165 - + if (!list_empty(&ns->base.profiles)) 166 - + return list_first_entry(&ns->base.profiles, 167 - + struct aa_profile, base.list); 168 - + } 169 - + return NULL; 170 - +} 171 - + 172 - +/** 173 - + * __next_profile - step to the next profile in a profile tree 174 - + * @profile: current profile in tree (NOT NULL) 175 - + * 176 - + * Perform a depth first taversal on the profile tree in a namespace 177 - + * 178 - + * Returns: next profile or NULL if done 179 - + * Requires: profile->ns.lock to be held 180 - + */ 181 - +static struct aa_profile *__next_profile(struct aa_profile *p) 182 - +{ 183 - + struct aa_profile *parent; 184 - + struct aa_namespace *ns = p->ns; 185 - + 186 - + /* is next profile a child */ 187 - + if (!list_empty(&p->base.profiles)) 188 - + return list_first_entry(&p->base.profiles, typeof(*p), 189 - + base.list); 190 - + 191 - + /* is next profile a sibling, parent sibling, gp, subling, .. */ 192 - + parent = p->parent; 193 - + while (parent) { 194 - + list_for_each_entry_continue(p, &parent->base.profiles, 195 - + base.list) 196 - + return p; 197 - + p = parent; 198 - + parent = parent->parent; 199 - + } 200 - + 201 - + /* is next another profile in the namespace */ 202 - + list_for_each_entry_continue(p, &ns->base.profiles, base.list) 203 - + return p; 204 - + 205 - + return NULL; 206 - +} 207 - + 208 - +/** 209 - + * next_profile - step to the next profile in where ever it may be 210 - + * @root: root namespace (NOT NULL) 211 - + * @profile: current profile (NOT NULL) 212 - + * 213 - + * Returns: next profile or NULL if there isn't one 214 - + */ 215 - +static struct aa_profile *next_profile(struct aa_namespace *root, 216 - + struct aa_profile *profile) 217 - +{ 218 - + struct aa_profile *next = __next_profile(profile); 219 - + if (next) 220 - + return next; 221 - + 222 - + /* finished all profiles in namespace move to next namespace */ 223 - + return __first_profile(root, __next_namespace(root, profile->ns)); 224 - +} 225 - + 226 - +/** 227 - + * p_start - start a depth first traversal of profile tree 228 - + * @f: seq_file to fill 229 - + * @pos: current position 230 - + * 231 - + * Returns: first profile under current namespace or NULL if none found 232 - + * 233 - + * acquires first ns->lock 234 - + */ 235 - +static void *p_start(struct seq_file *f, loff_t *pos) 236 - + __acquires(root->lock) 237 - +{ 238 - + struct aa_profile *profile = NULL; 239 - + struct aa_namespace *root = aa_current_profile()->ns; 240 - + loff_t l = *pos; 241 - + f->private = aa_get_namespace(root); 242 - + 243 - + 244 - + /* find the first profile */ 245 - + read_lock(&root->lock); 246 - + profile = __first_profile(root, root); 247 - + 248 - + /* skip to position */ 249 - + for (; profile && l > 0; l--) 250 - + profile = next_profile(root, profile); 251 - + 252 - + return profile; 253 - +} 254 - + 255 - +/** 256 - + * p_next - read the next profile entry 257 - + * @f: seq_file to fill 258 - + * @p: profile previously returned 259 - + * @pos: current position 260 - + * 261 - + * Returns: next profile after @p or NULL if none 262 - + * 263 - + * may acquire/release locks in namespace tree as necessary 264 - + */ 265 - +static void *p_next(struct seq_file *f, void *p, loff_t *pos) 266 - +{ 267 - + struct aa_profile *profile = p; 268 - + struct aa_namespace *root = f->private; 269 - + (*pos)++; 270 - + 271 - + return next_profile(root, profile); 272 - +} 273 - + 274 - +/** 275 - + * p_stop - stop depth first traversal 276 - + * @f: seq_file we are filling 277 - + * @p: the last profile writen 278 - + * 279 - + * Release all locking done by p_start/p_next on namespace tree 280 - + */ 281 - +static void p_stop(struct seq_file *f, void *p) 282 - + __releases(root->lock) 283 - +{ 284 - + struct aa_profile *profile = p; 285 - + struct aa_namespace *root = f->private, *ns; 286 - + 287 - + if (profile) { 288 - + for (ns = profile->ns; ns && ns != root; ns = ns->parent) 289 - + read_unlock(&ns->lock); 290 - + } 291 - + read_unlock(&root->lock); 292 - + aa_put_namespace(root); 293 - +} 294 - + 295 - +/** 296 - + * seq_show_profile - show a profile entry 297 - + * @f: seq_file to file 298 - + * @p: current position (profile) (NOT NULL) 299 - + * 300 - + * Returns: error on failure 301 - + */ 302 - +static int seq_show_profile(struct seq_file *f, void *p) 303 - +{ 304 - + struct aa_profile *profile = (struct aa_profile *)p; 305 - + struct aa_namespace *root = f->private; 306 - + 307 - + if (profile->ns != root) 308 - + seq_printf(f, ":%s://", aa_ns_name(root, profile->ns)); 309 - + seq_printf(f, "%s (%s)\n", profile->base.hname, 310 - + COMPLAIN_MODE(profile) ? "complain" : "enforce"); 311 - + 312 - + return 0; 313 - +} 314 - + 315 - +static const struct seq_operations aa_fs_profiles_op = { 316 - + .start = p_start, 317 - + .next = p_next, 318 - + .stop = p_stop, 319 - + .show = seq_show_profile, 320 - +}; 321 - + 322 - +static int profiles_open(struct inode *inode, struct file *file) 323 - +{ 324 - + return seq_open(file, &aa_fs_profiles_op); 325 - +} 326 - + 327 - +static int profiles_release(struct inode *inode, struct file *file) 328 - +{ 329 - + return seq_release(inode, file); 330 - +} 331 - + 332 - +const struct file_operations aa_fs_profiles_fops = { 333 - + .open = profiles_open, 334 - + .read = seq_read, 335 - + .llseek = seq_lseek, 336 - + .release = profiles_release, 337 - +}; 338 - diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c 339 - index 69ddb47..867995c 100644 340 - --- a/security/apparmor/apparmorfs.c 341 - +++ b/security/apparmor/apparmorfs.c 342 - @@ -187,7 +187,11 @@ void __init aa_destroy_aafs(void) 343 - aafs_remove(".remove"); 344 - aafs_remove(".replace"); 345 - aafs_remove(".load"); 346 - - 347 - +#ifdef CONFIG_SECURITY_APPARMOR_COMPAT_24 348 - + aafs_remove("profiles"); 349 - + aafs_remove("matching"); 350 - + aafs_remove("features"); 351 - +#endif 352 - securityfs_remove(aa_fs_dentry); 353 - aa_fs_dentry = NULL; 354 - } 355 - @@ -218,7 +222,17 @@ static int __init aa_create_aafs(void) 356 - aa_fs_dentry = NULL; 357 - goto error; 358 - } 359 - - 360 - +#ifdef CONFIG_SECURITY_APPARMOR_COMPAT_24 361 - + error = aafs_create("matching", 0444, &aa_fs_matching_fops); 362 - + if (error) 363 - + goto error; 364 - + error = aafs_create("features", 0444, &aa_fs_features_fops); 365 - + if (error) 366 - + goto error; 367 - +#endif 368 - + error = aafs_create("profiles", 0440, &aa_fs_profiles_fops); 369 - + if (error) 370 - + goto error; 371 - error = aafs_create(".load", 0640, &aa_fs_profile_load); 372 - if (error) 373 - goto error; 374 - diff --git a/security/apparmor/include/apparmorfs.h b/security/apparmor/include/apparmorfs.h 375 - index cb1e93a..14f955c 100644 376 - --- a/security/apparmor/include/apparmorfs.h 377 - +++ b/security/apparmor/include/apparmorfs.h 378 - @@ -17,4 +17,10 @@ 379 - 380 - extern void __init aa_destroy_aafs(void); 381 - 382 - +#ifdef CONFIG_SECURITY_APPARMOR_COMPAT_24 383 - +extern const struct file_operations aa_fs_matching_fops; 384 - +extern const struct file_operations aa_fs_features_fops; 385 - +extern const struct file_operations aa_fs_profiles_fops; 386 - +#endif 387 - + 388 - #endif /* __AA_APPARMORFS_H */ 389 - -- 390 - 1.7.9.5 391 -
-69
pkgs/os-specific/linux/kernel/apparmor-patches/3.2/0003-AppArmor-Allow-dfa-backward-compatibility-with-broke.patch
··· 1 - From e5d90918aa31f948ecec2f3c088567dbab30c90b Mon Sep 17 00:00:00 2001 2 - From: John Johansen <john.johansen@canonical.com> 3 - Date: Wed, 10 Aug 2011 22:02:41 -0700 4 - Subject: [PATCH 3/3] AppArmor: Allow dfa backward compatibility with broken 5 - userspace 6 - 7 - The apparmor_parser when compiling policy could generate invalid dfas 8 - that did not have sufficient padding to avoid invalid references, when 9 - used by the kernel. The kernels check to verify the next/check table 10 - size was broken meaning invalid dfas were being created by userspace 11 - and not caught. 12 - 13 - To remain compatible with old tools that are not fixed, pad the loaded 14 - dfas next/check table. The dfa's themselves are valid except for the 15 - high padding for potentially invalid transitions (high bounds error), 16 - which have a maximimum is 256 entries. So just allocate an extra null filled 17 - 256 entries for the next/check tables. This will guarentee all bounds 18 - are good and invalid transitions go to the null (0) state. 19 - 20 - Signed-off-by: John Johansen <john.johansen@canonical.com> 21 - --- 22 - security/apparmor/match.c | 17 +++++++++++++++++ 23 - 1 file changed, 17 insertions(+) 24 - 25 - diff --git a/security/apparmor/match.c b/security/apparmor/match.c 26 - index 94de6b4..081491e 100644 27 - --- a/security/apparmor/match.c 28 - +++ b/security/apparmor/match.c 29 - @@ -57,8 +57,17 @@ static struct table_header *unpack_table(char *blob, size_t bsize) 30 - if (bsize < tsize) 31 - goto out; 32 - 33 - + /* Pad table allocation for next/check by 256 entries to remain 34 - + * backwards compatible with old (buggy) tools and remain safe without 35 - + * run time checks 36 - + */ 37 - + if (th.td_id == YYTD_ID_NXT || th.td_id == YYTD_ID_CHK) 38 - + tsize += 256 * th.td_flags; 39 - + 40 - table = kvmalloc(tsize); 41 - if (table) { 42 - + /* ensure the pad is clear, else there will be errors */ 43 - + memset(table, 0, tsize); 44 - *table = th; 45 - if (th.td_flags == YYTD_DATA8) 46 - UNPACK_ARRAY(table->td_data, blob, th.td_lolen, 47 - @@ -134,11 +143,19 @@ static int verify_dfa(struct aa_dfa *dfa, int flags) 48 - goto out; 49 - 50 - if (flags & DFA_FLAG_VERIFY_STATES) { 51 - + int warning = 0; 52 - for (i = 0; i < state_count; i++) { 53 - if (DEFAULT_TABLE(dfa)[i] >= state_count) 54 - goto out; 55 - /* TODO: do check that DEF state recursion terminates */ 56 - if (BASE_TABLE(dfa)[i] + 255 >= trans_count) { 57 - + if (warning) 58 - + continue; 59 - + printk(KERN_WARNING "AppArmor DFA next/check " 60 - + "upper bounds error fixed, upgrade " 61 - + "user space tools \n"); 62 - + warning = 1; 63 - + } else if (BASE_TABLE(dfa)[i] >= trans_count) { 64 - printk(KERN_ERR "AppArmor DFA next/check upper " 65 - "bounds error\n"); 66 - goto out; 67 - -- 68 - 1.7.9.5 69 -
-264
pkgs/os-specific/linux/kernel/apparmor-patches/3.4/0001-UBUNTU-SAUCE-AppArmor-Add-profile-introspection-file.patch
··· 1 - From 8de755e4dfdbc40bfcaca848ae6b5aeaf0ede0e8 Mon Sep 17 00:00:00 2001 2 - From: John Johansen <john.johansen@canonical.com> 3 - Date: Thu, 22 Jul 2010 02:32:02 -0700 4 - Subject: [PATCH 1/3] UBUNTU: SAUCE: AppArmor: Add profile introspection file 5 - to interface 6 - 7 - Add the dynamic profiles file to the interace, to allow load policy 8 - introspection. 9 - 10 - Signed-off-by: John Johansen <john.johansen@canonical.com> 11 - Acked-by: Kees Cook <kees@ubuntu.com> 12 - Signed-off-by: Tim Gardner <tim.gardner@canonical.com> 13 - --- 14 - security/apparmor/apparmorfs.c | 227 ++++++++++++++++++++++++++++++++++++++++ 15 - 1 file changed, 227 insertions(+) 16 - 17 - diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c 18 - index 16c15ec..89bdc62 100644 19 - --- a/security/apparmor/apparmorfs.c 20 - +++ b/security/apparmor/apparmorfs.c 21 - @@ -182,6 +182,232 @@ const struct file_operations aa_fs_seq_file_ops = { 22 - .release = single_release, 23 - }; 24 - 25 - +/** 26 - + * __next_namespace - find the next namespace to list 27 - + * @root: root namespace to stop search at (NOT NULL) 28 - + * @ns: current ns position (NOT NULL) 29 - + * 30 - + * Find the next namespace from @ns under @root and handle all locking needed 31 - + * while switching current namespace. 32 - + * 33 - + * Returns: next namespace or NULL if at last namespace under @root 34 - + * NOTE: will not unlock root->lock 35 - + */ 36 - +static struct aa_namespace *__next_namespace(struct aa_namespace *root, 37 - + struct aa_namespace *ns) 38 - +{ 39 - + struct aa_namespace *parent; 40 - + 41 - + /* is next namespace a child */ 42 - + if (!list_empty(&ns->sub_ns)) { 43 - + struct aa_namespace *next; 44 - + next = list_first_entry(&ns->sub_ns, typeof(*ns), base.list); 45 - + read_lock(&next->lock); 46 - + return next; 47 - + } 48 - + 49 - + /* check if the next ns is a sibling, parent, gp, .. */ 50 - + parent = ns->parent; 51 - + while (parent) { 52 - + read_unlock(&ns->lock); 53 - + list_for_each_entry_continue(ns, &parent->sub_ns, base.list) { 54 - + read_lock(&ns->lock); 55 - + return ns; 56 - + } 57 - + if (parent == root) 58 - + return NULL; 59 - + ns = parent; 60 - + parent = parent->parent; 61 - + } 62 - + 63 - + return NULL; 64 - +} 65 - + 66 - +/** 67 - + * __first_profile - find the first profile in a namespace 68 - + * @root: namespace that is root of profiles being displayed (NOT NULL) 69 - + * @ns: namespace to start in (NOT NULL) 70 - + * 71 - + * Returns: unrefcounted profile or NULL if no profile 72 - + */ 73 - +static struct aa_profile *__first_profile(struct aa_namespace *root, 74 - + struct aa_namespace *ns) 75 - +{ 76 - + for ( ; ns; ns = __next_namespace(root, ns)) { 77 - + if (!list_empty(&ns->base.profiles)) 78 - + return list_first_entry(&ns->base.profiles, 79 - + struct aa_profile, base.list); 80 - + } 81 - + return NULL; 82 - +} 83 - + 84 - +/** 85 - + * __next_profile - step to the next profile in a profile tree 86 - + * @profile: current profile in tree (NOT NULL) 87 - + * 88 - + * Perform a depth first taversal on the profile tree in a namespace 89 - + * 90 - + * Returns: next profile or NULL if done 91 - + * Requires: profile->ns.lock to be held 92 - + */ 93 - +static struct aa_profile *__next_profile(struct aa_profile *p) 94 - +{ 95 - + struct aa_profile *parent; 96 - + struct aa_namespace *ns = p->ns; 97 - + 98 - + /* is next profile a child */ 99 - + if (!list_empty(&p->base.profiles)) 100 - + return list_first_entry(&p->base.profiles, typeof(*p), 101 - + base.list); 102 - + 103 - + /* is next profile a sibling, parent sibling, gp, subling, .. */ 104 - + parent = p->parent; 105 - + while (parent) { 106 - + list_for_each_entry_continue(p, &parent->base.profiles, 107 - + base.list) 108 - + return p; 109 - + p = parent; 110 - + parent = parent->parent; 111 - + } 112 - + 113 - + /* is next another profile in the namespace */ 114 - + list_for_each_entry_continue(p, &ns->base.profiles, base.list) 115 - + return p; 116 - + 117 - + return NULL; 118 - +} 119 - + 120 - +/** 121 - + * next_profile - step to the next profile in where ever it may be 122 - + * @root: root namespace (NOT NULL) 123 - + * @profile: current profile (NOT NULL) 124 - + * 125 - + * Returns: next profile or NULL if there isn't one 126 - + */ 127 - +static struct aa_profile *next_profile(struct aa_namespace *root, 128 - + struct aa_profile *profile) 129 - +{ 130 - + struct aa_profile *next = __next_profile(profile); 131 - + if (next) 132 - + return next; 133 - + 134 - + /* finished all profiles in namespace move to next namespace */ 135 - + return __first_profile(root, __next_namespace(root, profile->ns)); 136 - +} 137 - + 138 - +/** 139 - + * p_start - start a depth first traversal of profile tree 140 - + * @f: seq_file to fill 141 - + * @pos: current position 142 - + * 143 - + * Returns: first profile under current namespace or NULL if none found 144 - + * 145 - + * acquires first ns->lock 146 - + */ 147 - +static void *p_start(struct seq_file *f, loff_t *pos) 148 - + __acquires(root->lock) 149 - +{ 150 - + struct aa_profile *profile = NULL; 151 - + struct aa_namespace *root = aa_current_profile()->ns; 152 - + loff_t l = *pos; 153 - + f->private = aa_get_namespace(root); 154 - + 155 - + 156 - + /* find the first profile */ 157 - + read_lock(&root->lock); 158 - + profile = __first_profile(root, root); 159 - + 160 - + /* skip to position */ 161 - + for (; profile && l > 0; l--) 162 - + profile = next_profile(root, profile); 163 - + 164 - + return profile; 165 - +} 166 - + 167 - +/** 168 - + * p_next - read the next profile entry 169 - + * @f: seq_file to fill 170 - + * @p: profile previously returned 171 - + * @pos: current position 172 - + * 173 - + * Returns: next profile after @p or NULL if none 174 - + * 175 - + * may acquire/release locks in namespace tree as necessary 176 - + */ 177 - +static void *p_next(struct seq_file *f, void *p, loff_t *pos) 178 - +{ 179 - + struct aa_profile *profile = p; 180 - + struct aa_namespace *root = f->private; 181 - + (*pos)++; 182 - + 183 - + return next_profile(root, profile); 184 - +} 185 - + 186 - +/** 187 - + * p_stop - stop depth first traversal 188 - + * @f: seq_file we are filling 189 - + * @p: the last profile writen 190 - + * 191 - + * Release all locking done by p_start/p_next on namespace tree 192 - + */ 193 - +static void p_stop(struct seq_file *f, void *p) 194 - + __releases(root->lock) 195 - +{ 196 - + struct aa_profile *profile = p; 197 - + struct aa_namespace *root = f->private, *ns; 198 - + 199 - + if (profile) { 200 - + for (ns = profile->ns; ns && ns != root; ns = ns->parent) 201 - + read_unlock(&ns->lock); 202 - + } 203 - + read_unlock(&root->lock); 204 - + aa_put_namespace(root); 205 - +} 206 - + 207 - +/** 208 - + * seq_show_profile - show a profile entry 209 - + * @f: seq_file to file 210 - + * @p: current position (profile) (NOT NULL) 211 - + * 212 - + * Returns: error on failure 213 - + */ 214 - +static int seq_show_profile(struct seq_file *f, void *p) 215 - +{ 216 - + struct aa_profile *profile = (struct aa_profile *)p; 217 - + struct aa_namespace *root = f->private; 218 - + 219 - + if (profile->ns != root) 220 - + seq_printf(f, ":%s://", aa_ns_name(root, profile->ns)); 221 - + seq_printf(f, "%s (%s)\n", profile->base.hname, 222 - + COMPLAIN_MODE(profile) ? "complain" : "enforce"); 223 - + 224 - + return 0; 225 - +} 226 - + 227 - +static const struct seq_operations aa_fs_profiles_op = { 228 - + .start = p_start, 229 - + .next = p_next, 230 - + .stop = p_stop, 231 - + .show = seq_show_profile, 232 - +}; 233 - + 234 - +static int profiles_open(struct inode *inode, struct file *file) 235 - +{ 236 - + return seq_open(file, &aa_fs_profiles_op); 237 - +} 238 - + 239 - +static int profiles_release(struct inode *inode, struct file *file) 240 - +{ 241 - + return seq_release(inode, file); 242 - +} 243 - + 244 - +const struct file_operations aa_fs_profiles_fops = { 245 - + .open = profiles_open, 246 - + .read = seq_read, 247 - + .llseek = seq_lseek, 248 - + .release = profiles_release, 249 - +}; 250 - + 251 - /** Base file system setup **/ 252 - 253 - static struct aa_fs_entry aa_fs_entry_file[] = { 254 - @@ -210,6 +436,7 @@ static struct aa_fs_entry aa_fs_entry_apparmor[] = { 255 - AA_FS_FILE_FOPS(".load", 0640, &aa_fs_profile_load), 256 - AA_FS_FILE_FOPS(".replace", 0640, &aa_fs_profile_replace), 257 - AA_FS_FILE_FOPS(".remove", 0640, &aa_fs_profile_remove), 258 - + AA_FS_FILE_FOPS("profiles", 0640, &aa_fs_profiles_fops), 259 - AA_FS_DIR("features", aa_fs_entry_features), 260 - { } 261 - }; 262 - -- 263 - 1.7.9.5 264 -
-603
pkgs/os-specific/linux/kernel/apparmor-patches/3.4/0002-UBUNTU-SAUCE-AppArmor-basic-networking-rules.patch
··· 1 - From 423e2cb454d75d6185eecd0c1b5cf6ccc2d8482d Mon Sep 17 00:00:00 2001 2 - From: John Johansen <john.johansen@canonical.com> 3 - Date: Mon, 4 Oct 2010 15:03:36 -0700 4 - Subject: [PATCH 2/3] UBUNTU: SAUCE: AppArmor: basic networking rules 5 - 6 - Base support for network mediation. 7 - 8 - Signed-off-by: John Johansen <john.johansen@canonical.com> 9 - --- 10 - security/apparmor/.gitignore | 2 +- 11 - security/apparmor/Makefile | 42 +++++++++- 12 - security/apparmor/apparmorfs.c | 1 + 13 - security/apparmor/include/audit.h | 4 + 14 - security/apparmor/include/net.h | 44 ++++++++++ 15 - security/apparmor/include/policy.h | 3 + 16 - security/apparmor/lsm.c | 112 +++++++++++++++++++++++++ 17 - security/apparmor/net.c | 162 ++++++++++++++++++++++++++++++++++++ 18 - security/apparmor/policy.c | 1 + 19 - security/apparmor/policy_unpack.c | 46 ++++++++++ 20 - 10 files changed, 414 insertions(+), 3 deletions(-) 21 - create mode 100644 security/apparmor/include/net.h 22 - create mode 100644 security/apparmor/net.c 23 - 24 - diff --git a/security/apparmor/.gitignore b/security/apparmor/.gitignore 25 - index 4d995ae..d5b291e 100644 26 - --- a/security/apparmor/.gitignore 27 - +++ b/security/apparmor/.gitignore 28 - @@ -1,6 +1,6 @@ 29 - # 30 - # Generated include files 31 - # 32 - -af_names.h 33 - +net_names.h 34 - capability_names.h 35 - rlim_names.h 36 - diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile 37 - index 806bd19..19daa85 100644 38 - --- a/security/apparmor/Makefile 39 - +++ b/security/apparmor/Makefile 40 - @@ -4,9 +4,9 @@ obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o 41 - 42 - apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \ 43 - path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \ 44 - - resource.o sid.o file.o 45 - + resource.o sid.o file.o net.o 46 - 47 - -clean-files := capability_names.h rlim_names.h 48 - +clean-files := capability_names.h rlim_names.h net_names.h 49 - 50 - 51 - # Build a lower case string table of capability names 52 - @@ -20,6 +20,38 @@ cmd_make-caps = echo "static const char *const capability_names[] = {" > $@ ;\ 53 - -e 's/^\#define[ \t]+CAP_([A-Z0-9_]+)[ \t]+([0-9]+)/[\2] = "\L\1",/p';\ 54 - echo "};" >> $@ 55 - 56 - +# Build a lower case string table of address family names 57 - +# Transform lines from 58 - +# define AF_LOCAL 1 /* POSIX name for AF_UNIX */ 59 - +# #define AF_INET 2 /* Internet IP Protocol */ 60 - +# to 61 - +# [1] = "local", 62 - +# [2] = "inet", 63 - +# 64 - +# and build the securityfs entries for the mapping. 65 - +# Transforms lines from 66 - +# #define AF_INET 2 /* Internet IP Protocol */ 67 - +# to 68 - +# #define AA_FS_AF_MASK "local inet" 69 - +quiet_cmd_make-af = GEN $@ 70 - +cmd_make-af = echo "static const char *address_family_names[] = {" > $@ ;\ 71 - + sed $< >>$@ -r -n -e "/AF_MAX/d" -e "/AF_LOCAL/d" -e \ 72 - + 's/^\#define[ \t]+AF_([A-Z0-9_]+)[ \t]+([0-9]+)(.*)/[\2] = "\L\1",/p';\ 73 - + echo "};" >> $@ ;\ 74 - + echo -n '\#define AA_FS_AF_MASK "' >> $@ ;\ 75 - + sed -r -n 's/^\#define[ \t]+AF_([A-Z0-9_]+)[ \t]+([0-9]+)(.*)/\L\1/p'\ 76 - + $< | tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@ 77 - + 78 - +# Build a lower case string table of sock type names 79 - +# Transform lines from 80 - +# SOCK_STREAM = 1, 81 - +# to 82 - +# [1] = "stream", 83 - +quiet_cmd_make-sock = GEN $@ 84 - +cmd_make-sock = echo "static const char *sock_type_names[] = {" >> $@ ;\ 85 - + sed $^ >>$@ -r -n \ 86 - + -e 's/^\tSOCK_([A-Z0-9_]+)[\t]+=[ \t]+([0-9]+)(.*)/[\2] = "\L\1",/p';\ 87 - + echo "};" >> $@ 88 - 89 - # Build a lower case string table of rlimit names. 90 - # Transforms lines from 91 - @@ -56,6 +88,7 @@ cmd_make-rlim = echo "static const char *const rlim_names[RLIM_NLIMITS] = {" \ 92 - tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@ 93 - 94 - $(obj)/capability.o : $(obj)/capability_names.h 95 - +$(obj)/net.o : $(obj)/net_names.h 96 - $(obj)/resource.o : $(obj)/rlim_names.h 97 - $(obj)/capability_names.h : $(srctree)/include/linux/capability.h \ 98 - $(src)/Makefile 99 - @@ -63,3 +96,8 @@ $(obj)/capability_names.h : $(srctree)/include/linux/capability.h \ 100 - $(obj)/rlim_names.h : $(srctree)/include/asm-generic/resource.h \ 101 - $(src)/Makefile 102 - $(call cmd,make-rlim) 103 - +$(obj)/net_names.h : $(srctree)/include/linux/socket.h \ 104 - + $(srctree)/include/linux/net.h \ 105 - + $(src)/Makefile 106 - + $(call cmd,make-af) 107 - + $(call cmd,make-sock) 108 - diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c 109 - index 89bdc62..c66315d 100644 110 - --- a/security/apparmor/apparmorfs.c 111 - +++ b/security/apparmor/apparmorfs.c 112 - @@ -427,6 +427,7 @@ static struct aa_fs_entry aa_fs_entry_domain[] = { 113 - static struct aa_fs_entry aa_fs_entry_features[] = { 114 - AA_FS_DIR("domain", aa_fs_entry_domain), 115 - AA_FS_DIR("file", aa_fs_entry_file), 116 - + AA_FS_DIR("network", aa_fs_entry_network), 117 - AA_FS_FILE_U64("capability", VFS_CAP_FLAGS_MASK), 118 - AA_FS_DIR("rlimit", aa_fs_entry_rlimit), 119 - { } 120 - diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h 121 - index 3868b1e..c1ff09c 100644 122 - --- a/security/apparmor/include/audit.h 123 - +++ b/security/apparmor/include/audit.h 124 - @@ -126,6 +126,10 @@ struct apparmor_audit_data { 125 - u32 denied; 126 - uid_t ouid; 127 - } fs; 128 - + struct { 129 - + int type, protocol; 130 - + struct sock *sk; 131 - + } net; 132 - }; 133 - }; 134 - 135 - diff --git a/security/apparmor/include/net.h b/security/apparmor/include/net.h 136 - new file mode 100644 137 - index 0000000..cb8a121 138 - --- /dev/null 139 - +++ b/security/apparmor/include/net.h 140 - @@ -0,0 +1,44 @@ 141 - +/* 142 - + * AppArmor security module 143 - + * 144 - + * This file contains AppArmor network mediation definitions. 145 - + * 146 - + * Copyright (C) 1998-2008 Novell/SUSE 147 - + * Copyright 2009-2012 Canonical Ltd. 148 - + * 149 - + * This program is free software; you can redistribute it and/or 150 - + * modify it under the terms of the GNU General Public License as 151 - + * published by the Free Software Foundation, version 2 of the 152 - + * License. 153 - + */ 154 - + 155 - +#ifndef __AA_NET_H 156 - +#define __AA_NET_H 157 - + 158 - +#include <net/sock.h> 159 - + 160 - +#include "apparmorfs.h" 161 - + 162 - +/* struct aa_net - network confinement data 163 - + * @allowed: basic network families permissions 164 - + * @audit_network: which network permissions to force audit 165 - + * @quiet_network: which network permissions to quiet rejects 166 - + */ 167 - +struct aa_net { 168 - + u16 allow[AF_MAX]; 169 - + u16 audit[AF_MAX]; 170 - + u16 quiet[AF_MAX]; 171 - +}; 172 - + 173 - +extern struct aa_fs_entry aa_fs_entry_network[]; 174 - + 175 - +extern int aa_net_perm(int op, struct aa_profile *profile, u16 family, 176 - + int type, int protocol, struct sock *sk); 177 - +extern int aa_revalidate_sk(int op, struct sock *sk); 178 - + 179 - +static inline void aa_free_net_rules(struct aa_net *new) 180 - +{ 181 - + /* NOP */ 182 - +} 183 - + 184 - +#endif /* __AA_NET_H */ 185 - diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h 186 - index bda4569..eb13a73 100644 187 - --- a/security/apparmor/include/policy.h 188 - +++ b/security/apparmor/include/policy.h 189 - @@ -27,6 +27,7 @@ 190 - #include "capability.h" 191 - #include "domain.h" 192 - #include "file.h" 193 - +#include "net.h" 194 - #include "resource.h" 195 - 196 - extern const char *const profile_mode_names[]; 197 - @@ -157,6 +158,7 @@ struct aa_policydb { 198 - * @policy: general match rules governing policy 199 - * @file: The set of rules governing basic file access and domain transitions 200 - * @caps: capabilities for the profile 201 - + * @net: network controls for the profile 202 - * @rlimits: rlimits for the profile 203 - * 204 - * The AppArmor profile contains the basic confinement data. Each profile 205 - @@ -194,6 +196,7 @@ struct aa_profile { 206 - struct aa_policydb policy; 207 - struct aa_file_rules file; 208 - struct aa_caps caps; 209 - + struct aa_net net; 210 - struct aa_rlimit rlimits; 211 - }; 212 - 213 - diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c 214 - index ad05d39..3cde194 100644 215 - --- a/security/apparmor/lsm.c 216 - +++ b/security/apparmor/lsm.c 217 - @@ -32,6 +32,7 @@ 218 - #include "include/context.h" 219 - #include "include/file.h" 220 - #include "include/ipc.h" 221 - +#include "include/net.h" 222 - #include "include/path.h" 223 - #include "include/policy.h" 224 - #include "include/procattr.h" 225 - @@ -622,6 +623,104 @@ static int apparmor_task_setrlimit(struct task_struct *task, 226 - return error; 227 - } 228 - 229 - +static int apparmor_socket_create(int family, int type, int protocol, int kern) 230 - +{ 231 - + struct aa_profile *profile; 232 - + int error = 0; 233 - + 234 - + if (kern) 235 - + return 0; 236 - + 237 - + profile = __aa_current_profile(); 238 - + if (!unconfined(profile)) 239 - + error = aa_net_perm(OP_CREATE, profile, family, type, protocol, 240 - + NULL); 241 - + return error; 242 - +} 243 - + 244 - +static int apparmor_socket_bind(struct socket *sock, 245 - + struct sockaddr *address, int addrlen) 246 - +{ 247 - + struct sock *sk = sock->sk; 248 - + 249 - + return aa_revalidate_sk(OP_BIND, sk); 250 - +} 251 - + 252 - +static int apparmor_socket_connect(struct socket *sock, 253 - + struct sockaddr *address, int addrlen) 254 - +{ 255 - + struct sock *sk = sock->sk; 256 - + 257 - + return aa_revalidate_sk(OP_CONNECT, sk); 258 - +} 259 - + 260 - +static int apparmor_socket_listen(struct socket *sock, int backlog) 261 - +{ 262 - + struct sock *sk = sock->sk; 263 - + 264 - + return aa_revalidate_sk(OP_LISTEN, sk); 265 - +} 266 - + 267 - +static int apparmor_socket_accept(struct socket *sock, struct socket *newsock) 268 - +{ 269 - + struct sock *sk = sock->sk; 270 - + 271 - + return aa_revalidate_sk(OP_ACCEPT, sk); 272 - +} 273 - + 274 - +static int apparmor_socket_sendmsg(struct socket *sock, 275 - + struct msghdr *msg, int size) 276 - +{ 277 - + struct sock *sk = sock->sk; 278 - + 279 - + return aa_revalidate_sk(OP_SENDMSG, sk); 280 - +} 281 - + 282 - +static int apparmor_socket_recvmsg(struct socket *sock, 283 - + struct msghdr *msg, int size, int flags) 284 - +{ 285 - + struct sock *sk = sock->sk; 286 - + 287 - + return aa_revalidate_sk(OP_RECVMSG, sk); 288 - +} 289 - + 290 - +static int apparmor_socket_getsockname(struct socket *sock) 291 - +{ 292 - + struct sock *sk = sock->sk; 293 - + 294 - + return aa_revalidate_sk(OP_GETSOCKNAME, sk); 295 - +} 296 - + 297 - +static int apparmor_socket_getpeername(struct socket *sock) 298 - +{ 299 - + struct sock *sk = sock->sk; 300 - + 301 - + return aa_revalidate_sk(OP_GETPEERNAME, sk); 302 - +} 303 - + 304 - +static int apparmor_socket_getsockopt(struct socket *sock, int level, 305 - + int optname) 306 - +{ 307 - + struct sock *sk = sock->sk; 308 - + 309 - + return aa_revalidate_sk(OP_GETSOCKOPT, sk); 310 - +} 311 - + 312 - +static int apparmor_socket_setsockopt(struct socket *sock, int level, 313 - + int optname) 314 - +{ 315 - + struct sock *sk = sock->sk; 316 - + 317 - + return aa_revalidate_sk(OP_SETSOCKOPT, sk); 318 - +} 319 - + 320 - +static int apparmor_socket_shutdown(struct socket *sock, int how) 321 - +{ 322 - + struct sock *sk = sock->sk; 323 - + 324 - + return aa_revalidate_sk(OP_SOCK_SHUTDOWN, sk); 325 - +} 326 - + 327 - static struct security_operations apparmor_ops = { 328 - .name = "apparmor", 329 - 330 - @@ -653,6 +752,19 @@ static struct security_operations apparmor_ops = { 331 - .getprocattr = apparmor_getprocattr, 332 - .setprocattr = apparmor_setprocattr, 333 - 334 - + .socket_create = apparmor_socket_create, 335 - + .socket_bind = apparmor_socket_bind, 336 - + .socket_connect = apparmor_socket_connect, 337 - + .socket_listen = apparmor_socket_listen, 338 - + .socket_accept = apparmor_socket_accept, 339 - + .socket_sendmsg = apparmor_socket_sendmsg, 340 - + .socket_recvmsg = apparmor_socket_recvmsg, 341 - + .socket_getsockname = apparmor_socket_getsockname, 342 - + .socket_getpeername = apparmor_socket_getpeername, 343 - + .socket_getsockopt = apparmor_socket_getsockopt, 344 - + .socket_setsockopt = apparmor_socket_setsockopt, 345 - + .socket_shutdown = apparmor_socket_shutdown, 346 - + 347 - .cred_alloc_blank = apparmor_cred_alloc_blank, 348 - .cred_free = apparmor_cred_free, 349 - .cred_prepare = apparmor_cred_prepare, 350 - diff --git a/security/apparmor/net.c b/security/apparmor/net.c 351 - new file mode 100644 352 - index 0000000..084232b 353 - --- /dev/null 354 - +++ b/security/apparmor/net.c 355 - @@ -0,0 +1,162 @@ 356 - +/* 357 - + * AppArmor security module 358 - + * 359 - + * This file contains AppArmor network mediation 360 - + * 361 - + * Copyright (C) 1998-2008 Novell/SUSE 362 - + * Copyright 2009-2012 Canonical Ltd. 363 - + * 364 - + * This program is free software; you can redistribute it and/or 365 - + * modify it under the terms of the GNU General Public License as 366 - + * published by the Free Software Foundation, version 2 of the 367 - + * License. 368 - + */ 369 - + 370 - +#include "include/apparmor.h" 371 - +#include "include/audit.h" 372 - +#include "include/context.h" 373 - +#include "include/net.h" 374 - +#include "include/policy.h" 375 - + 376 - +#include "net_names.h" 377 - + 378 - +struct aa_fs_entry aa_fs_entry_network[] = { 379 - + AA_FS_FILE_STRING("af_mask", AA_FS_AF_MASK), 380 - + { } 381 - +}; 382 - + 383 - +/* audit callback for net specific fields */ 384 - +static void audit_cb(struct audit_buffer *ab, void *va) 385 - +{ 386 - + struct common_audit_data *sa = va; 387 - + 388 - + audit_log_format(ab, " family="); 389 - + if (address_family_names[sa->u.net->family]) { 390 - + audit_log_string(ab, address_family_names[sa->u.net->family]); 391 - + } else { 392 - + audit_log_format(ab, "\"unknown(%d)\"", sa->u.net->family); 393 - + } 394 - + audit_log_format(ab, " sock_type="); 395 - + if (sock_type_names[sa->aad->net.type]) { 396 - + audit_log_string(ab, sock_type_names[sa->aad->net.type]); 397 - + } else { 398 - + audit_log_format(ab, "\"unknown(%d)\"", sa->aad->net.type); 399 - + } 400 - + audit_log_format(ab, " protocol=%d", sa->aad->net.protocol); 401 - +} 402 - + 403 - +/** 404 - + * audit_net - audit network access 405 - + * @profile: profile being enforced (NOT NULL) 406 - + * @op: operation being checked 407 - + * @family: network family 408 - + * @type: network type 409 - + * @protocol: network protocol 410 - + * @sk: socket auditing is being applied to 411 - + * @error: error code for failure else 0 412 - + * 413 - + * Returns: %0 or sa->error else other errorcode on failure 414 - + */ 415 - +static int audit_net(struct aa_profile *profile, int op, u16 family, int type, 416 - + int protocol, struct sock *sk, int error) 417 - +{ 418 - + int audit_type = AUDIT_APPARMOR_AUTO; 419 - + struct common_audit_data sa; 420 - + struct apparmor_audit_data aad = { }; 421 - + struct lsm_network_audit net = { }; 422 - + if (sk) { 423 - + COMMON_AUDIT_DATA_INIT(&sa, NET); 424 - + } else { 425 - + COMMON_AUDIT_DATA_INIT(&sa, NONE); 426 - + } 427 - + /* todo fill in socket addr info */ 428 - + sa.aad = &aad; 429 - + sa.u.net = &net; 430 - + sa.aad->op = op, 431 - + sa.u.net->family = family; 432 - + sa.u.net->sk = sk; 433 - + sa.aad->net.type = type; 434 - + sa.aad->net.protocol = protocol; 435 - + sa.aad->error = error; 436 - + 437 - + if (likely(!sa.aad->error)) { 438 - + u16 audit_mask = profile->net.audit[sa.u.net->family]; 439 - + if (likely((AUDIT_MODE(profile) != AUDIT_ALL) && 440 - + !(1 << sa.aad->net.type & audit_mask))) 441 - + return 0; 442 - + audit_type = AUDIT_APPARMOR_AUDIT; 443 - + } else { 444 - + u16 quiet_mask = profile->net.quiet[sa.u.net->family]; 445 - + u16 kill_mask = 0; 446 - + u16 denied = (1 << sa.aad->net.type) & ~quiet_mask; 447 - + 448 - + if (denied & kill_mask) 449 - + audit_type = AUDIT_APPARMOR_KILL; 450 - + 451 - + if ((denied & quiet_mask) && 452 - + AUDIT_MODE(profile) != AUDIT_NOQUIET && 453 - + AUDIT_MODE(profile) != AUDIT_ALL) 454 - + return COMPLAIN_MODE(profile) ? 0 : sa.aad->error; 455 - + } 456 - + 457 - + return aa_audit(audit_type, profile, GFP_KERNEL, &sa, audit_cb); 458 - +} 459 - + 460 - +/** 461 - + * aa_net_perm - very course network access check 462 - + * @op: operation being checked 463 - + * @profile: profile being enforced (NOT NULL) 464 - + * @family: network family 465 - + * @type: network type 466 - + * @protocol: network protocol 467 - + * 468 - + * Returns: %0 else error if permission denied 469 - + */ 470 - +int aa_net_perm(int op, struct aa_profile *profile, u16 family, int type, 471 - + int protocol, struct sock *sk) 472 - +{ 473 - + u16 family_mask; 474 - + int error; 475 - + 476 - + if ((family < 0) || (family >= AF_MAX)) 477 - + return -EINVAL; 478 - + 479 - + if ((type < 0) || (type >= SOCK_MAX)) 480 - + return -EINVAL; 481 - + 482 - + /* unix domain and netlink sockets are handled by ipc */ 483 - + if (family == AF_UNIX || family == AF_NETLINK) 484 - + return 0; 485 - + 486 - + family_mask = profile->net.allow[family]; 487 - + 488 - + error = (family_mask & (1 << type)) ? 0 : -EACCES; 489 - + 490 - + return audit_net(profile, op, family, type, protocol, sk, error); 491 - +} 492 - + 493 - +/** 494 - + * aa_revalidate_sk - Revalidate access to a sock 495 - + * @op: operation being checked 496 - + * @sk: sock being revalidated (NOT NULL) 497 - + * 498 - + * Returns: %0 else error if permission denied 499 - + */ 500 - +int aa_revalidate_sk(int op, struct sock *sk) 501 - +{ 502 - + struct aa_profile *profile; 503 - + int error = 0; 504 - + 505 - + /* aa_revalidate_sk should not be called from interrupt context 506 - + * don't mediate these calls as they are not task related 507 - + */ 508 - + if (in_interrupt()) 509 - + return 0; 510 - + 511 - + profile = __aa_current_profile(); 512 - + if (!unconfined(profile)) 513 - + error = aa_net_perm(op, profile, sk->sk_family, sk->sk_type, 514 - + sk->sk_protocol, sk); 515 - + 516 - + return error; 517 - +} 518 - diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c 519 - index f1f7506..b8100a7 100644 520 - --- a/security/apparmor/policy.c 521 - +++ b/security/apparmor/policy.c 522 - @@ -745,6 +745,7 @@ static void free_profile(struct aa_profile *profile) 523 - 524 - aa_free_file_rules(&profile->file); 525 - aa_free_cap_rules(&profile->caps); 526 - + aa_free_net_rules(&profile->net); 527 - aa_free_rlimit_rules(&profile->rlimits); 528 - 529 - aa_free_sid(profile->sid); 530 - diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c 531 - index deab7c7..8f8e9c1 100644 532 - --- a/security/apparmor/policy_unpack.c 533 - +++ b/security/apparmor/policy_unpack.c 534 - @@ -193,6 +193,19 @@ fail: 535 - return 0; 536 - } 537 - 538 - +static bool unpack_u16(struct aa_ext *e, u16 *data, const char *name) 539 - +{ 540 - + if (unpack_nameX(e, AA_U16, name)) { 541 - + if (!inbounds(e, sizeof(u16))) 542 - + return 0; 543 - + if (data) 544 - + *data = le16_to_cpu(get_unaligned((u16 *) e->pos)); 545 - + e->pos += sizeof(u16); 546 - + return 1; 547 - + } 548 - + return 0; 549 - +} 550 - + 551 - static bool unpack_u32(struct aa_ext *e, u32 *data, const char *name) 552 - { 553 - if (unpack_nameX(e, AA_U32, name)) { 554 - @@ -471,6 +484,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e) 555 - { 556 - struct aa_profile *profile = NULL; 557 - const char *name = NULL; 558 - + size_t size = 0; 559 - int i, error = -EPROTO; 560 - kernel_cap_t tmpcap; 561 - u32 tmp; 562 - @@ -564,6 +578,38 @@ static struct aa_profile *unpack_profile(struct aa_ext *e) 563 - if (!unpack_rlimits(e, profile)) 564 - goto fail; 565 - 566 - + size = unpack_array(e, "net_allowed_af"); 567 - + if (size) { 568 - + 569 - + for (i = 0; i < size; i++) { 570 - + /* discard extraneous rules that this kernel will 571 - + * never request 572 - + */ 573 - + if (i >= AF_MAX) { 574 - + u16 tmp; 575 - + if (!unpack_u16(e, &tmp, NULL) || 576 - + !unpack_u16(e, &tmp, NULL) || 577 - + !unpack_u16(e, &tmp, NULL)) 578 - + goto fail; 579 - + continue; 580 - + } 581 - + if (!unpack_u16(e, &profile->net.allow[i], NULL)) 582 - + goto fail; 583 - + if (!unpack_u16(e, &profile->net.audit[i], NULL)) 584 - + goto fail; 585 - + if (!unpack_u16(e, &profile->net.quiet[i], NULL)) 586 - + goto fail; 587 - + } 588 - + if (!unpack_nameX(e, AA_ARRAYEND, NULL)) 589 - + goto fail; 590 - + } 591 - + /* 592 - + * allow unix domain and netlink sockets they are handled 593 - + * by IPC 594 - + */ 595 - + profile->net.allow[AF_UNIX] = 0xffff; 596 - + profile->net.allow[AF_NETLINK] = 0xffff; 597 - + 598 - if (unpack_nameX(e, AA_STRUCT, "policydb")) { 599 - /* generic policy dfa - optional and may be NULL */ 600 - profile->policy.dfa = unpack_dfa(e); 601 - -- 602 - 1.7.9.5 603 -
-957
pkgs/os-specific/linux/kernel/apparmor-patches/3.4/0003-UBUNTU-SAUCE-apparmor-Add-the-ability-to-mediate-mou.patch
··· 1 - From a94d5e11c0484af59e5feebf144cc48c186892ad Mon Sep 17 00:00:00 2001 2 - From: John Johansen <john.johansen@canonical.com> 3 - Date: Wed, 16 May 2012 10:58:05 -0700 4 - Subject: [PATCH 3/3] UBUNTU: SAUCE: apparmor: Add the ability to mediate 5 - mount 6 - 7 - Add the ability for apparmor to do mediation of mount operations. Mount 8 - rules require an updated apparmor_parser (2.8 series) for policy compilation. 9 - 10 - The basic form of the rules are. 11 - 12 - [audit] [deny] mount [conds]* [device] [ -> [conds] path], 13 - [audit] [deny] remount [conds]* [path], 14 - [audit] [deny] umount [conds]* [path], 15 - [audit] [deny] pivotroot [oldroot=<value>] <path> 16 - 17 - remount is just a short cut for mount options=remount 18 - 19 - where [conds] can be 20 - fstype=<expr> 21 - options=<expr> 22 - 23 - Example mount commands 24 - mount, # allow all mounts, but not umount or pivotroot 25 - 26 - mount fstype=procfs, # allow mounting procfs anywhere 27 - 28 - mount options=(bind, ro) /foo -> /bar, # readonly bind mount 29 - 30 - mount /dev/sda -> /mnt, 31 - 32 - mount /dev/sd** -> /mnt/**, 33 - 34 - mount fstype=overlayfs options=(rw,upperdir=/tmp/upper/,lowerdir=/) -> /mnt/ 35 - 36 - umount, 37 - 38 - umount /m*, 39 - 40 - See the apparmor userspace for full documentation 41 - 42 - Signed-off-by: John Johansen <john.johansen@canonical.com> 43 - Acked-by: Kees Cook <kees@ubuntu.com> 44 - --- 45 - security/apparmor/Makefile | 2 +- 46 - security/apparmor/apparmorfs.c | 13 + 47 - security/apparmor/audit.c | 4 + 48 - security/apparmor/domain.c | 2 +- 49 - security/apparmor/include/apparmor.h | 3 +- 50 - security/apparmor/include/audit.h | 11 + 51 - security/apparmor/include/domain.h | 2 + 52 - security/apparmor/include/mount.h | 54 +++ 53 - security/apparmor/lsm.c | 59 ++++ 54 - security/apparmor/mount.c | 620 ++++++++++++++++++++++++++++++++++ 55 - 10 files changed, 767 insertions(+), 3 deletions(-) 56 - create mode 100644 security/apparmor/include/mount.h 57 - create mode 100644 security/apparmor/mount.c 58 - 59 - diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile 60 - index 19daa85..63e0a4c 100644 61 - --- a/security/apparmor/Makefile 62 - +++ b/security/apparmor/Makefile 63 - @@ -4,7 +4,7 @@ obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o 64 - 65 - apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \ 66 - path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \ 67 - - resource.o sid.o file.o net.o 68 - + resource.o sid.o file.o net.o mount.o 69 - 70 - clean-files := capability_names.h rlim_names.h net_names.h 71 - 72 - diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c 73 - index c66315d..ff19009 100644 74 - --- a/security/apparmor/apparmorfs.c 75 - +++ b/security/apparmor/apparmorfs.c 76 - @@ -424,10 +424,23 @@ static struct aa_fs_entry aa_fs_entry_domain[] = { 77 - { } 78 - }; 79 - 80 - +static struct aa_fs_entry aa_fs_entry_mount[] = { 81 - + AA_FS_FILE_STRING("mask", "mount umount"), 82 - + { } 83 - +}; 84 - + 85 - +static struct aa_fs_entry aa_fs_entry_namespaces[] = { 86 - + AA_FS_FILE_BOOLEAN("profile", 1), 87 - + AA_FS_FILE_BOOLEAN("pivot_root", 1), 88 - + { } 89 - +}; 90 - + 91 - static struct aa_fs_entry aa_fs_entry_features[] = { 92 - AA_FS_DIR("domain", aa_fs_entry_domain), 93 - AA_FS_DIR("file", aa_fs_entry_file), 94 - AA_FS_DIR("network", aa_fs_entry_network), 95 - + AA_FS_DIR("mount", aa_fs_entry_mount), 96 - + AA_FS_DIR("namespaces", aa_fs_entry_namespaces), 97 - AA_FS_FILE_U64("capability", VFS_CAP_FLAGS_MASK), 98 - AA_FS_DIR("rlimit", aa_fs_entry_rlimit), 99 - { } 100 - diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c 101 - index cc3520d..b9f5ee9 100644 102 - --- a/security/apparmor/audit.c 103 - +++ b/security/apparmor/audit.c 104 - @@ -44,6 +44,10 @@ const char *const op_table[] = { 105 - "file_mmap", 106 - "file_mprotect", 107 - 108 - + "pivotroot", 109 - + "mount", 110 - + "umount", 111 - + 112 - "create", 113 - "post_create", 114 - "bind", 115 - diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c 116 - index 6327685..dfdc47b 100644 117 - --- a/security/apparmor/domain.c 118 - +++ b/security/apparmor/domain.c 119 - @@ -242,7 +242,7 @@ static const char *next_name(int xtype, const char *name) 120 - * 121 - * Returns: refcounted profile, or NULL on failure (MAYBE NULL) 122 - */ 123 - -static struct aa_profile *x_table_lookup(struct aa_profile *profile, u32 xindex) 124 - +struct aa_profile *x_table_lookup(struct aa_profile *profile, u32 xindex) 125 - { 126 - struct aa_profile *new_profile = NULL; 127 - struct aa_namespace *ns = profile->ns; 128 - diff --git a/security/apparmor/include/apparmor.h b/security/apparmor/include/apparmor.h 129 - index 40aedd9..e243d96 100644 130 - --- a/security/apparmor/include/apparmor.h 131 - +++ b/security/apparmor/include/apparmor.h 132 - @@ -29,8 +29,9 @@ 133 - #define AA_CLASS_NET 4 134 - #define AA_CLASS_RLIMITS 5 135 - #define AA_CLASS_DOMAIN 6 136 - +#define AA_CLASS_MOUNT 7 137 - 138 - -#define AA_CLASS_LAST AA_CLASS_DOMAIN 139 - +#define AA_CLASS_LAST AA_CLASS_MOUNT 140 - 141 - /* Control parameters settable through module/boot flags */ 142 - extern enum audit_mode aa_g_audit; 143 - diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h 144 - index c1ff09c..7b90900c 100644 145 - --- a/security/apparmor/include/audit.h 146 - +++ b/security/apparmor/include/audit.h 147 - @@ -73,6 +73,10 @@ enum aa_ops { 148 - OP_FMMAP, 149 - OP_FMPROT, 150 - 151 - + OP_PIVOTROOT, 152 - + OP_MOUNT, 153 - + OP_UMOUNT, 154 - + 155 - OP_CREATE, 156 - OP_POST_CREATE, 157 - OP_BIND, 158 - @@ -121,6 +125,13 @@ struct apparmor_audit_data { 159 - unsigned long max; 160 - } rlim; 161 - struct { 162 - + const char *src_name; 163 - + const char *type; 164 - + const char *trans; 165 - + const char *data; 166 - + unsigned long flags; 167 - + } mnt; 168 - + struct { 169 - const char *target; 170 - u32 request; 171 - u32 denied; 172 - diff --git a/security/apparmor/include/domain.h b/security/apparmor/include/domain.h 173 - index de04464..a3f70c5 100644 174 - --- a/security/apparmor/include/domain.h 175 - +++ b/security/apparmor/include/domain.h 176 - @@ -23,6 +23,8 @@ struct aa_domain { 177 - char **table; 178 - }; 179 - 180 - +struct aa_profile *x_table_lookup(struct aa_profile *profile, u32 xindex); 181 - + 182 - int apparmor_bprm_set_creds(struct linux_binprm *bprm); 183 - int apparmor_bprm_secureexec(struct linux_binprm *bprm); 184 - void apparmor_bprm_committing_creds(struct linux_binprm *bprm); 185 - diff --git a/security/apparmor/include/mount.h b/security/apparmor/include/mount.h 186 - new file mode 100644 187 - index 0000000..bc17a53 188 - --- /dev/null 189 - +++ b/security/apparmor/include/mount.h 190 - @@ -0,0 +1,54 @@ 191 - +/* 192 - + * AppArmor security module 193 - + * 194 - + * This file contains AppArmor file mediation function definitions. 195 - + * 196 - + * Copyright 2012 Canonical Ltd. 197 - + * 198 - + * This program is free software; you can redistribute it and/or 199 - + * modify it under the terms of the GNU General Public License as 200 - + * published by the Free Software Foundation, version 2 of the 201 - + * License. 202 - + */ 203 - + 204 - +#ifndef __AA_MOUNT_H 205 - +#define __AA_MOUNT_H 206 - + 207 - +#include <linux/fs.h> 208 - +#include <linux/path.h> 209 - + 210 - +#include "domain.h" 211 - +#include "policy.h" 212 - + 213 - +/* mount perms */ 214 - +#define AA_MAY_PIVOTROOT 0x01 215 - +#define AA_MAY_MOUNT 0x02 216 - +#define AA_MAY_UMOUNT 0x04 217 - +#define AA_AUDIT_DATA 0x40 218 - +#define AA_CONT_MATCH 0x40 219 - + 220 - +#define AA_MS_IGNORE_MASK (MS_KERNMOUNT | MS_NOSEC | MS_ACTIVE | MS_BORN) 221 - + 222 - +int aa_remount(struct aa_profile *profile, struct path *path, 223 - + unsigned long flags, void *data); 224 - + 225 - +int aa_bind_mount(struct aa_profile *profile, struct path *path, 226 - + const char *old_name, unsigned long flags); 227 - + 228 - + 229 - +int aa_mount_change_type(struct aa_profile *profile, struct path *path, 230 - + unsigned long flags); 231 - + 232 - +int aa_move_mount(struct aa_profile *profile, struct path *path, 233 - + const char *old_name); 234 - + 235 - +int aa_new_mount(struct aa_profile *profile, const char *dev_name, 236 - + struct path *path, const char *type, unsigned long flags, 237 - + void *data); 238 - + 239 - +int aa_umount(struct aa_profile *profile, struct vfsmount *mnt, int flags); 240 - + 241 - +int aa_pivotroot(struct aa_profile *profile, struct path *old_path, 242 - + struct path *new_path); 243 - + 244 - +#endif /* __AA_MOUNT_H */ 245 - diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c 246 - index 3cde194..4512cc6 100644 247 - --- a/security/apparmor/lsm.c 248 - +++ b/security/apparmor/lsm.c 249 - @@ -36,6 +36,7 @@ 250 - #include "include/path.h" 251 - #include "include/policy.h" 252 - #include "include/procattr.h" 253 - +#include "include/mount.h" 254 - 255 - /* Flag indicating whether initialization completed */ 256 - int apparmor_initialized __initdata; 257 - @@ -512,6 +513,60 @@ static int apparmor_file_mprotect(struct vm_area_struct *vma, 258 - !(vma->vm_flags & VM_SHARED) ? MAP_PRIVATE : 0); 259 - } 260 - 261 - +static int apparmor_sb_mount(char *dev_name, struct path *path, char *type, 262 - + unsigned long flags, void *data) 263 - +{ 264 - + struct aa_profile *profile; 265 - + int error = 0; 266 - + 267 - + /* Discard magic */ 268 - + if ((flags & MS_MGC_MSK) == MS_MGC_VAL) 269 - + flags &= ~MS_MGC_MSK; 270 - + 271 - + flags &= ~AA_MS_IGNORE_MASK; 272 - + 273 - + profile = __aa_current_profile(); 274 - + if (!unconfined(profile)) { 275 - + if (flags & MS_REMOUNT) 276 - + error = aa_remount(profile, path, flags, data); 277 - + else if (flags & MS_BIND) 278 - + error = aa_bind_mount(profile, path, dev_name, flags); 279 - + else if (flags & (MS_SHARED | MS_PRIVATE | MS_SLAVE | 280 - + MS_UNBINDABLE)) 281 - + error = aa_mount_change_type(profile, path, flags); 282 - + else if (flags & MS_MOVE) 283 - + error = aa_move_mount(profile, path, dev_name); 284 - + else 285 - + error = aa_new_mount(profile, dev_name, path, type, 286 - + flags, data); 287 - + } 288 - + return error; 289 - +} 290 - + 291 - +static int apparmor_sb_umount(struct vfsmount *mnt, int flags) 292 - +{ 293 - + struct aa_profile *profile; 294 - + int error = 0; 295 - + 296 - + profile = __aa_current_profile(); 297 - + if (!unconfined(profile)) 298 - + error = aa_umount(profile, mnt, flags); 299 - + 300 - + return error; 301 - +} 302 - + 303 - +static int apparmor_sb_pivotroot(struct path *old_path, struct path *new_path) 304 - +{ 305 - + struct aa_profile *profile; 306 - + int error = 0; 307 - + 308 - + profile = __aa_current_profile(); 309 - + if (!unconfined(profile)) 310 - + error = aa_pivotroot(profile, old_path, new_path); 311 - + 312 - + return error; 313 - +} 314 - + 315 - static int apparmor_getprocattr(struct task_struct *task, char *name, 316 - char **value) 317 - { 318 - @@ -729,6 +784,10 @@ static struct security_operations apparmor_ops = { 319 - .capget = apparmor_capget, 320 - .capable = apparmor_capable, 321 - 322 - + .sb_mount = apparmor_sb_mount, 323 - + .sb_umount = apparmor_sb_umount, 324 - + .sb_pivotroot = apparmor_sb_pivotroot, 325 - + 326 - .path_link = apparmor_path_link, 327 - .path_unlink = apparmor_path_unlink, 328 - .path_symlink = apparmor_path_symlink, 329 - diff --git a/security/apparmor/mount.c b/security/apparmor/mount.c 330 - new file mode 100644 331 - index 0000000..63d8493 332 - --- /dev/null 333 - +++ b/security/apparmor/mount.c 334 - @@ -0,0 +1,620 @@ 335 - +/* 336 - + * AppArmor security module 337 - + * 338 - + * This file contains AppArmor mediation of files 339 - + * 340 - + * Copyright (C) 1998-2008 Novell/SUSE 341 - + * Copyright 2009-2012 Canonical Ltd. 342 - + * 343 - + * This program is free software; you can redistribute it and/or 344 - + * modify it under the terms of the GNU General Public License as 345 - + * published by the Free Software Foundation, version 2 of the 346 - + * License. 347 - + */ 348 - + 349 - +#include <linux/fs.h> 350 - +#include <linux/mount.h> 351 - +#include <linux/namei.h> 352 - + 353 - +#include "include/apparmor.h" 354 - +#include "include/audit.h" 355 - +#include "include/context.h" 356 - +#include "include/domain.h" 357 - +#include "include/file.h" 358 - +#include "include/match.h" 359 - +#include "include/mount.h" 360 - +#include "include/path.h" 361 - +#include "include/policy.h" 362 - + 363 - + 364 - +static void audit_mnt_flags(struct audit_buffer *ab, unsigned long flags) 365 - +{ 366 - + if (flags & MS_RDONLY) 367 - + audit_log_format(ab, "ro"); 368 - + else 369 - + audit_log_format(ab, "rw"); 370 - + if (flags & MS_NOSUID) 371 - + audit_log_format(ab, ", nosuid"); 372 - + if (flags & MS_NODEV) 373 - + audit_log_format(ab, ", nodev"); 374 - + if (flags & MS_NOEXEC) 375 - + audit_log_format(ab, ", noexec"); 376 - + if (flags & MS_SYNCHRONOUS) 377 - + audit_log_format(ab, ", sync"); 378 - + if (flags & MS_REMOUNT) 379 - + audit_log_format(ab, ", remount"); 380 - + if (flags & MS_MANDLOCK) 381 - + audit_log_format(ab, ", mand"); 382 - + if (flags & MS_DIRSYNC) 383 - + audit_log_format(ab, ", dirsync"); 384 - + if (flags & MS_NOATIME) 385 - + audit_log_format(ab, ", noatime"); 386 - + if (flags & MS_NODIRATIME) 387 - + audit_log_format(ab, ", nodiratime"); 388 - + if (flags & MS_BIND) 389 - + audit_log_format(ab, flags & MS_REC ? ", rbind" : ", bind"); 390 - + if (flags & MS_MOVE) 391 - + audit_log_format(ab, ", move"); 392 - + if (flags & MS_SILENT) 393 - + audit_log_format(ab, ", silent"); 394 - + if (flags & MS_POSIXACL) 395 - + audit_log_format(ab, ", acl"); 396 - + if (flags & MS_UNBINDABLE) 397 - + audit_log_format(ab, flags & MS_REC ? ", runbindable" : 398 - + ", unbindable"); 399 - + if (flags & MS_PRIVATE) 400 - + audit_log_format(ab, flags & MS_REC ? ", rprivate" : 401 - + ", private"); 402 - + if (flags & MS_SLAVE) 403 - + audit_log_format(ab, flags & MS_REC ? ", rslave" : 404 - + ", slave"); 405 - + if (flags & MS_SHARED) 406 - + audit_log_format(ab, flags & MS_REC ? ", rshared" : 407 - + ", shared"); 408 - + if (flags & MS_RELATIME) 409 - + audit_log_format(ab, ", relatime"); 410 - + if (flags & MS_I_VERSION) 411 - + audit_log_format(ab, ", iversion"); 412 - + if (flags & MS_STRICTATIME) 413 - + audit_log_format(ab, ", strictatime"); 414 - + if (flags & MS_NOUSER) 415 - + audit_log_format(ab, ", nouser"); 416 - +} 417 - + 418 - +/** 419 - + * audit_cb - call back for mount specific audit fields 420 - + * @ab: audit_buffer (NOT NULL) 421 - + * @va: audit struct to audit values of (NOT NULL) 422 - + */ 423 - +static void audit_cb(struct audit_buffer *ab, void *va) 424 - +{ 425 - + struct common_audit_data *sa = va; 426 - + 427 - + if (sa->aad->mnt.type) { 428 - + audit_log_format(ab, " fstype="); 429 - + audit_log_untrustedstring(ab, sa->aad->mnt.type); 430 - + } 431 - + if (sa->aad->mnt.src_name) { 432 - + audit_log_format(ab, " srcname="); 433 - + audit_log_untrustedstring(ab, sa->aad->mnt.src_name); 434 - + } 435 - + if (sa->aad->mnt.trans) { 436 - + audit_log_format(ab, " trans="); 437 - + audit_log_untrustedstring(ab, sa->aad->mnt.trans); 438 - + } 439 - + if (sa->aad->mnt.flags || sa->aad->op == OP_MOUNT) { 440 - + audit_log_format(ab, " flags=\""); 441 - + audit_mnt_flags(ab, sa->aad->mnt.flags); 442 - + audit_log_format(ab, "\""); 443 - + } 444 - + if (sa->aad->mnt.data) { 445 - + audit_log_format(ab, " options="); 446 - + audit_log_untrustedstring(ab, sa->aad->mnt.data); 447 - + } 448 - +} 449 - + 450 - +/** 451 - + * audit_mount - handle the auditing of mount operations 452 - + * @profile: the profile being enforced (NOT NULL) 453 - + * @gfp: allocation flags 454 - + * @op: operation being mediated (NOT NULL) 455 - + * @name: name of object being mediated (MAYBE NULL) 456 - + * @src_name: src_name of object being mediated (MAYBE_NULL) 457 - + * @type: type of filesystem (MAYBE_NULL) 458 - + * @trans: name of trans (MAYBE NULL) 459 - + * @flags: filesystem idependent mount flags 460 - + * @data: filesystem mount flags 461 - + * @request: permissions requested 462 - + * @perms: the permissions computed for the request (NOT NULL) 463 - + * @info: extra information message (MAYBE NULL) 464 - + * @error: 0 if operation allowed else failure error code 465 - + * 466 - + * Returns: %0 or error on failure 467 - + */ 468 - +static int audit_mount(struct aa_profile *profile, gfp_t gfp, int op, 469 - + const char *name, const char *src_name, 470 - + const char *type, const char *trans, 471 - + unsigned long flags, const void *data, u32 request, 472 - + struct file_perms *perms, const char *info, int error) 473 - +{ 474 - + int audit_type = AUDIT_APPARMOR_AUTO; 475 - + struct common_audit_data sa; 476 - + struct apparmor_audit_data aad = { }; 477 - + 478 - + if (likely(!error)) { 479 - + u32 mask = perms->audit; 480 - + 481 - + if (unlikely(AUDIT_MODE(profile) == AUDIT_ALL)) 482 - + mask = 0xffff; 483 - + 484 - + /* mask off perms that are not being force audited */ 485 - + request &= mask; 486 - + 487 - + if (likely(!request)) 488 - + return 0; 489 - + audit_type = AUDIT_APPARMOR_AUDIT; 490 - + } else { 491 - + /* only report permissions that were denied */ 492 - + request = request & ~perms->allow; 493 - + 494 - + if (request & perms->kill) 495 - + audit_type = AUDIT_APPARMOR_KILL; 496 - + 497 - + /* quiet known rejects, assumes quiet and kill do not overlap */ 498 - + if ((request & perms->quiet) && 499 - + AUDIT_MODE(profile) != AUDIT_NOQUIET && 500 - + AUDIT_MODE(profile) != AUDIT_ALL) 501 - + request &= ~perms->quiet; 502 - + 503 - + if (!request) 504 - + return COMPLAIN_MODE(profile) ? 505 - + complain_error(error) : error; 506 - + } 507 - + 508 - + COMMON_AUDIT_DATA_INIT(&sa, NONE); 509 - + sa.aad = &aad; 510 - + sa.aad->op = op; 511 - + sa.aad->name = name; 512 - + sa.aad->mnt.src_name = src_name; 513 - + sa.aad->mnt.type = type; 514 - + sa.aad->mnt.trans = trans; 515 - + sa.aad->mnt.flags = flags; 516 - + if (data && (perms->audit & AA_AUDIT_DATA)) 517 - + sa.aad->mnt.data = data; 518 - + sa.aad->info = info; 519 - + sa.aad->error = error; 520 - + 521 - + return aa_audit(audit_type, profile, gfp, &sa, audit_cb); 522 - +} 523 - + 524 - +/** 525 - + * match_mnt_flags - Do an ordered match on mount flags 526 - + * @dfa: dfa to match against 527 - + * @state: state to start in 528 - + * @flags: mount flags to match against 529 - + * 530 - + * Mount flags are encoded as an ordered match. This is done instead of 531 - + * checking against a simple bitmask, to allow for logical operations 532 - + * on the flags. 533 - + * 534 - + * Returns: next state after flags match 535 - + */ 536 - +static unsigned int match_mnt_flags(struct aa_dfa *dfa, unsigned int state, 537 - + unsigned long flags) 538 - +{ 539 - + unsigned int i; 540 - + 541 - + for (i = 0; i <= 31 ; ++i) { 542 - + if ((1 << i) & flags) 543 - + state = aa_dfa_next(dfa, state, i + 1); 544 - + } 545 - + 546 - + return state; 547 - +} 548 - + 549 - +/** 550 - + * compute_mnt_perms - compute mount permission associated with @state 551 - + * @dfa: dfa to match against (NOT NULL) 552 - + * @state: state match finished in 553 - + * 554 - + * Returns: mount permissions 555 - + */ 556 - +static struct file_perms compute_mnt_perms(struct aa_dfa *dfa, 557 - + unsigned int state) 558 - +{ 559 - + struct file_perms perms; 560 - + 561 - + perms.kill = 0; 562 - + perms.allow = dfa_user_allow(dfa, state); 563 - + perms.audit = dfa_user_audit(dfa, state); 564 - + perms.quiet = dfa_user_quiet(dfa, state); 565 - + perms.xindex = dfa_user_xindex(dfa, state); 566 - + 567 - + return perms; 568 - +} 569 - + 570 - +static const char const *mnt_info_table[] = { 571 - + "match succeeded", 572 - + "failed mntpnt match", 573 - + "failed srcname match", 574 - + "failed type match", 575 - + "failed flags match", 576 - + "failed data match" 577 - +}; 578 - + 579 - +/* 580 - + * Returns 0 on success else element that match failed in, this is the 581 - + * index into the mnt_info_table above 582 - + */ 583 - +static int do_match_mnt(struct aa_dfa *dfa, unsigned int start, 584 - + const char *mntpnt, const char *devname, 585 - + const char *type, unsigned long flags, 586 - + void *data, bool binary, struct file_perms *perms) 587 - +{ 588 - + unsigned int state; 589 - + 590 - + state = aa_dfa_match(dfa, start, mntpnt); 591 - + state = aa_dfa_null_transition(dfa, state); 592 - + if (!state) 593 - + return 1; 594 - + 595 - + if (devname) 596 - + state = aa_dfa_match(dfa, state, devname); 597 - + state = aa_dfa_null_transition(dfa, state); 598 - + if (!state) 599 - + return 2; 600 - + 601 - + if (type) 602 - + state = aa_dfa_match(dfa, state, type); 603 - + state = aa_dfa_null_transition(dfa, state); 604 - + if (!state) 605 - + return 3; 606 - + 607 - + state = match_mnt_flags(dfa, state, flags); 608 - + if (!state) 609 - + return 4; 610 - + *perms = compute_mnt_perms(dfa, state); 611 - + if (perms->allow & AA_MAY_MOUNT) 612 - + return 0; 613 - + 614 - + /* only match data if not binary and the DFA flags data is expected */ 615 - + if (data && !binary && (perms->allow & AA_CONT_MATCH)) { 616 - + state = aa_dfa_null_transition(dfa, state); 617 - + if (!state) 618 - + return 4; 619 - + 620 - + state = aa_dfa_match(dfa, state, data); 621 - + if (!state) 622 - + return 5; 623 - + *perms = compute_mnt_perms(dfa, state); 624 - + if (perms->allow & AA_MAY_MOUNT) 625 - + return 0; 626 - + } 627 - + 628 - + /* failed at end of flags match */ 629 - + return 4; 630 - +} 631 - + 632 - +/** 633 - + * match_mnt - handle path matching for mount 634 - + * @profile: the confining profile 635 - + * @mntpnt: string for the mntpnt (NOT NULL) 636 - + * @devname: string for the devname/src_name (MAYBE NULL) 637 - + * @type: string for the dev type (MAYBE NULL) 638 - + * @flags: mount flags to match 639 - + * @data: fs mount data (MAYBE NULL) 640 - + * @binary: whether @data is binary 641 - + * @perms: Returns: permission found by the match 642 - + * @info: Returns: infomation string about the match for logging 643 - + * 644 - + * Returns: 0 on success else error 645 - + */ 646 - +static int match_mnt(struct aa_profile *profile, const char *mntpnt, 647 - + const char *devname, const char *type, 648 - + unsigned long flags, void *data, bool binary, 649 - + struct file_perms *perms, const char **info) 650 - +{ 651 - + int pos; 652 - + 653 - + if (!profile->policy.dfa) 654 - + return -EACCES; 655 - + 656 - + pos = do_match_mnt(profile->policy.dfa, 657 - + profile->policy.start[AA_CLASS_MOUNT], 658 - + mntpnt, devname, type, flags, data, binary, perms); 659 - + if (pos) { 660 - + *info = mnt_info_table[pos]; 661 - + return -EACCES; 662 - + } 663 - + 664 - + return 0; 665 - +} 666 - + 667 - +static int path_flags(struct aa_profile *profile, struct path *path) 668 - +{ 669 - + return profile->path_flags | 670 - + S_ISDIR(path->dentry->d_inode->i_mode) ? PATH_IS_DIR : 0; 671 - +} 672 - + 673 - +int aa_remount(struct aa_profile *profile, struct path *path, 674 - + unsigned long flags, void *data) 675 - +{ 676 - + struct file_perms perms = { }; 677 - + const char *name, *info = NULL; 678 - + char *buffer = NULL; 679 - + int binary, error; 680 - + 681 - + binary = path->dentry->d_sb->s_type->fs_flags & FS_BINARY_MOUNTDATA; 682 - + 683 - + error = aa_path_name(path, path_flags(profile, path), &buffer, &name, 684 - + &info); 685 - + if (error) 686 - + goto audit; 687 - + 688 - + error = match_mnt(profile, name, NULL, NULL, flags, data, binary, 689 - + &perms, &info); 690 - + 691 - +audit: 692 - + error = audit_mount(profile, GFP_KERNEL, OP_MOUNT, name, NULL, NULL, 693 - + NULL, flags, data, AA_MAY_MOUNT, &perms, info, 694 - + error); 695 - + kfree(buffer); 696 - + 697 - + return error; 698 - +} 699 - + 700 - +int aa_bind_mount(struct aa_profile *profile, struct path *path, 701 - + const char *dev_name, unsigned long flags) 702 - +{ 703 - + struct file_perms perms = { }; 704 - + char *buffer = NULL, *old_buffer = NULL; 705 - + const char *name, *old_name = NULL, *info = NULL; 706 - + struct path old_path; 707 - + int error; 708 - + 709 - + if (!dev_name || !*dev_name) 710 - + return -EINVAL; 711 - + 712 - + flags &= MS_REC | MS_BIND; 713 - + 714 - + error = aa_path_name(path, path_flags(profile, path), &buffer, &name, 715 - + &info); 716 - + if (error) 717 - + goto audit; 718 - + 719 - + error = kern_path(dev_name, LOOKUP_FOLLOW|LOOKUP_AUTOMOUNT, &old_path); 720 - + if (error) 721 - + goto audit; 722 - + 723 - + error = aa_path_name(&old_path, path_flags(profile, &old_path), 724 - + &old_buffer, &old_name, &info); 725 - + path_put(&old_path); 726 - + if (error) 727 - + goto audit; 728 - + 729 - + error = match_mnt(profile, name, old_name, NULL, flags, NULL, 0, 730 - + &perms, &info); 731 - + 732 - +audit: 733 - + error = audit_mount(profile, GFP_KERNEL, OP_MOUNT, name, old_name, 734 - + NULL, NULL, flags, NULL, AA_MAY_MOUNT, &perms, 735 - + info, error); 736 - + kfree(buffer); 737 - + kfree(old_buffer); 738 - + 739 - + return error; 740 - +} 741 - + 742 - +int aa_mount_change_type(struct aa_profile *profile, struct path *path, 743 - + unsigned long flags) 744 - +{ 745 - + struct file_perms perms = { }; 746 - + char *buffer = NULL; 747 - + const char *name, *info = NULL; 748 - + int error; 749 - + 750 - + /* These are the flags allowed by do_change_type() */ 751 - + flags &= (MS_REC | MS_SILENT | MS_SHARED | MS_PRIVATE | MS_SLAVE | 752 - + MS_UNBINDABLE); 753 - + 754 - + error = aa_path_name(path, path_flags(profile, path), &buffer, &name, 755 - + &info); 756 - + if (error) 757 - + goto audit; 758 - + 759 - + error = match_mnt(profile, name, NULL, NULL, flags, NULL, 0, &perms, 760 - + &info); 761 - + 762 - +audit: 763 - + error = audit_mount(profile, GFP_KERNEL, OP_MOUNT, name, NULL, NULL, 764 - + NULL, flags, NULL, AA_MAY_MOUNT, &perms, info, 765 - + error); 766 - + kfree(buffer); 767 - + 768 - + return error; 769 - +} 770 - + 771 - +int aa_move_mount(struct aa_profile *profile, struct path *path, 772 - + const char *orig_name) 773 - +{ 774 - + struct file_perms perms = { }; 775 - + char *buffer = NULL, *old_buffer = NULL; 776 - + const char *name, *old_name = NULL, *info = NULL; 777 - + struct path old_path; 778 - + int error; 779 - + 780 - + if (!orig_name || !*orig_name) 781 - + return -EINVAL; 782 - + 783 - + error = aa_path_name(path, path_flags(profile, path), &buffer, &name, 784 - + &info); 785 - + if (error) 786 - + goto audit; 787 - + 788 - + error = kern_path(orig_name, LOOKUP_FOLLOW, &old_path); 789 - + if (error) 790 - + goto audit; 791 - + 792 - + error = aa_path_name(&old_path, path_flags(profile, &old_path), 793 - + &old_buffer, &old_name, &info); 794 - + path_put(&old_path); 795 - + if (error) 796 - + goto audit; 797 - + 798 - + error = match_mnt(profile, name, old_name, NULL, MS_MOVE, NULL, 0, 799 - + &perms, &info); 800 - + 801 - +audit: 802 - + error = audit_mount(profile, GFP_KERNEL, OP_MOUNT, name, old_name, 803 - + NULL, NULL, MS_MOVE, NULL, AA_MAY_MOUNT, &perms, 804 - + info, error); 805 - + kfree(buffer); 806 - + kfree(old_buffer); 807 - + 808 - + return error; 809 - +} 810 - + 811 - +int aa_new_mount(struct aa_profile *profile, const char *orig_dev_name, 812 - + struct path *path, const char *type, unsigned long flags, 813 - + void *data) 814 - +{ 815 - + struct file_perms perms = { }; 816 - + char *buffer = NULL, *dev_buffer = NULL; 817 - + const char *name = NULL, *dev_name = NULL, *info = NULL; 818 - + int binary = 1; 819 - + int error; 820 - + 821 - + dev_name = orig_dev_name; 822 - + if (type) { 823 - + int requires_dev; 824 - + struct file_system_type *fstype = get_fs_type(type); 825 - + if (!fstype) 826 - + return -ENODEV; 827 - + 828 - + binary = fstype->fs_flags & FS_BINARY_MOUNTDATA; 829 - + requires_dev = fstype->fs_flags & FS_REQUIRES_DEV; 830 - + put_filesystem(fstype); 831 - + 832 - + if (requires_dev) { 833 - + struct path dev_path; 834 - + 835 - + if (!dev_name || !*dev_name) { 836 - + error = -ENOENT; 837 - + goto out; 838 - + } 839 - + 840 - + error = kern_path(dev_name, LOOKUP_FOLLOW, &dev_path); 841 - + if (error) 842 - + goto audit; 843 - + 844 - + error = aa_path_name(&dev_path, 845 - + path_flags(profile, &dev_path), 846 - + &dev_buffer, &dev_name, &info); 847 - + path_put(&dev_path); 848 - + if (error) 849 - + goto audit; 850 - + } 851 - + } 852 - + 853 - + error = aa_path_name(path, path_flags(profile, path), &buffer, &name, 854 - + &info); 855 - + if (error) 856 - + goto audit; 857 - + 858 - + error = match_mnt(profile, name, dev_name, type, flags, data, binary, 859 - + &perms, &info); 860 - + 861 - +audit: 862 - + error = audit_mount(profile, GFP_KERNEL, OP_MOUNT, name, dev_name, 863 - + type, NULL, flags, data, AA_MAY_MOUNT, &perms, info, 864 - + error); 865 - + kfree(buffer); 866 - + kfree(dev_buffer); 867 - + 868 - +out: 869 - + return error; 870 - + 871 - +} 872 - + 873 - +int aa_umount(struct aa_profile *profile, struct vfsmount *mnt, int flags) 874 - +{ 875 - + struct file_perms perms = { }; 876 - + char *buffer = NULL; 877 - + const char *name, *info = NULL; 878 - + int error; 879 - + 880 - + struct path path = { mnt, mnt->mnt_root }; 881 - + error = aa_path_name(&path, path_flags(profile, &path), &buffer, &name, 882 - + &info); 883 - + if (error) 884 - + goto audit; 885 - + 886 - + if (!error && profile->policy.dfa) { 887 - + unsigned int state; 888 - + state = aa_dfa_match(profile->policy.dfa, 889 - + profile->policy.start[AA_CLASS_MOUNT], 890 - + name); 891 - + perms = compute_mnt_perms(profile->policy.dfa, state); 892 - + } 893 - + 894 - + if (AA_MAY_UMOUNT & ~perms.allow) 895 - + error = -EACCES; 896 - + 897 - +audit: 898 - + error = audit_mount(profile, GFP_KERNEL, OP_UMOUNT, name, NULL, NULL, 899 - + NULL, 0, NULL, AA_MAY_UMOUNT, &perms, info, error); 900 - + kfree(buffer); 901 - + 902 - + return error; 903 - +} 904 - + 905 - +int aa_pivotroot(struct aa_profile *profile, struct path *old_path, 906 - + struct path *new_path) 907 - +{ 908 - + struct file_perms perms = { }; 909 - + struct aa_profile *target = NULL; 910 - + char *old_buffer = NULL, *new_buffer = NULL; 911 - + const char *old_name, *new_name = NULL, *info = NULL; 912 - + int error; 913 - + 914 - + error = aa_path_name(old_path, path_flags(profile, old_path), 915 - + &old_buffer, &old_name, &info); 916 - + if (error) 917 - + goto audit; 918 - + 919 - + error = aa_path_name(new_path, path_flags(profile, new_path), 920 - + &new_buffer, &new_name, &info); 921 - + if (error) 922 - + goto audit; 923 - + 924 - + if (profile->policy.dfa) { 925 - + unsigned int state; 926 - + state = aa_dfa_match(profile->policy.dfa, 927 - + profile->policy.start[AA_CLASS_MOUNT], 928 - + new_name); 929 - + state = aa_dfa_null_transition(profile->policy.dfa, state); 930 - + state = aa_dfa_match(profile->policy.dfa, state, old_name); 931 - + perms = compute_mnt_perms(profile->policy.dfa, state); 932 - + } 933 - + 934 - + if (AA_MAY_PIVOTROOT & perms.allow) { 935 - + if ((perms.xindex & AA_X_TYPE_MASK) == AA_X_TABLE) { 936 - + target = x_table_lookup(profile, perms.xindex); 937 - + if (!target) 938 - + error = -ENOENT; 939 - + else 940 - + error = aa_replace_current_profile(target); 941 - + } 942 - + } else 943 - + error = -EACCES; 944 - + 945 - +audit: 946 - + error = audit_mount(profile, GFP_KERNEL, OP_PIVOTROOT, new_name, 947 - + old_name, NULL, target ? target->base.name : NULL, 948 - + 0, NULL, AA_MAY_PIVOTROOT, &perms, info, error); 949 - + aa_put_profile(target); 950 - + kfree(old_buffer); 951 - + kfree(new_buffer); 952 - + 953 - + return error; 954 - +} 955 - -- 956 - 1.7.9.5 957 -
-13
pkgs/os-specific/linux/libselinux/fPIC.patch
··· 1 - diff --git a/src/Makefile b/src/Makefile 2 - index ac019df..00432b9 100644 3 - --- a/src/Makefile 4 - +++ b/src/Makefile 5 - @@ -132,7 +132,7 @@ $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) 6 - $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR) 7 - 8 - %.o: %.c policy.h 9 - - $(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $< 10 - + $(CC) $(CFLAGS) $(TLSFLAGS) -fPIC -c -o $@ $< 11 - 12 - %.lo: %.c policy.h 13 - $(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $<
-82
pkgs/os-specific/linux/udisks/cve-2014-0004.patch
··· 1 - commit ebf61ed8471a45cf8bce7231de00cb1bbc140708 2 - Author: Martin Pitt <martin.pitt@ubuntu.com> 3 - Date: Wed Mar 5 14:07:44 2014 +0100 4 - 5 - Fix buffer overflow in mount path parsing 6 - 7 - In the mount monitor we parse mount points from /proc/self/mountinfo. Ensure 8 - that we don't overflow the buffers on platforms where mount paths could be 9 - longer than PATH_MAX (unknown if that can actually happen), as at least the 10 - mount paths for hotpluggable devices are somewhat user-controlled. 11 - 12 - Thanks to Florian Weimer for discovering this bug, and to David Zeuthen 13 - for his initial patch! 14 - 15 - CVE-2014-0004 16 - 17 - Index: udisks-1.0.4/src/mount-monitor.c 18 - =================================================================== 19 - --- udisks-1.0.4.orig/src/mount-monitor.c 2011-08-25 20:27:33.000000000 +0200 20 - +++ udisks-1.0.4/src/mount-monitor.c 2014-03-10 13:38:18.309406561 +0100 21 - @@ -39,6 +39,11 @@ 22 - #include "mount.h" 23 - #include "private.h" 24 - 25 - +/* build a %Ns format string macro with N == PATH_MAX */ 26 - +#define xstr(s) str(s) 27 - +#define str(s) #s 28 - +#define PATH_MAX_FMT "%" xstr(PATH_MAX) "s" 29 - + 30 - /*--------------------------------------------------------------------------------------------------------------*/ 31 - 32 - enum 33 - @@ -320,8 +325,8 @@ mount_monitor_ensure (MountMonitor *moni 34 - guint mount_id; 35 - guint parent_id; 36 - guint major, minor; 37 - - gchar encoded_root[PATH_MAX]; 38 - - gchar encoded_mount_point[PATH_MAX]; 39 - + gchar encoded_root[PATH_MAX + 1]; 40 - + gchar encoded_mount_point[PATH_MAX + 1]; 41 - gchar *mount_point; 42 - dev_t dev; 43 - 44 - @@ -329,7 +334,7 @@ mount_monitor_ensure (MountMonitor *moni 45 - continue; 46 - 47 - if (sscanf (lines[n], 48 - - "%d %d %d:%d %s %s", 49 - + "%d %d %d:%d " PATH_MAX_FMT " " PATH_MAX_FMT, 50 - &mount_id, 51 - &parent_id, 52 - &major, 53 - @@ -340,6 +345,8 @@ mount_monitor_ensure (MountMonitor *moni 54 - g_warning ("Error parsing line '%s'", lines[n]); 55 - continue; 56 - } 57 - + encoded_root[sizeof encoded_root - 1] = '\0'; 58 - + encoded_mount_point[sizeof encoded_mount_point - 1] = '\0'; 59 - 60 - /* ignore mounts where only a subtree of a filesystem is mounted */ 61 - if (g_strcmp0 (encoded_root, "/") != 0) 62 - @@ -358,15 +365,17 @@ mount_monitor_ensure (MountMonitor *moni 63 - sep = strstr (lines[n], " - "); 64 - if (sep != NULL) 65 - { 66 - - gchar fstype[PATH_MAX]; 67 - - gchar mount_source[PATH_MAX]; 68 - + gchar fstype[PATH_MAX + 1]; 69 - + gchar mount_source[PATH_MAX + 1]; 70 - struct stat statbuf; 71 - 72 - - if (sscanf (sep + 3, "%s %s", fstype, mount_source) != 2) 73 - + if (sscanf (sep + 3, PATH_MAX_FMT " " PATH_MAX_FMT, fstype, mount_source) != 2) 74 - { 75 - g_warning ("Error parsing things past - for '%s'", lines[n]); 76 - continue; 77 - } 78 - + fstype[sizeof fstype - 1] = '\0'; 79 - + mount_source[sizeof mount_source - 1] = '\0'; 80 - 81 - if (g_strcmp0 (fstype, "btrfs") != 0) 82 - continue;
-42
pkgs/os-specific/linux/wpa_supplicant/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
··· 1 - From 9ed4eee345f85e3025c33c6e20aa25696e341ccd Mon Sep 17 00:00:00 2001 2 - From: Jouni Malinen <jouni@qca.qualcomm.com> 3 - Date: Tue, 7 Apr 2015 11:32:11 +0300 4 - Subject: [PATCH] P2P: Validate SSID element length before copying it 5 - (CVE-2015-1863) 6 - 7 - This fixes a possible memcpy overflow for P2P dev->oper_ssid in 8 - p2p_add_device(). The length provided by the peer device (0..255 bytes) 9 - was used without proper bounds checking and that could have resulted in 10 - arbitrary data of up to 223 bytes being written beyond the end of the 11 - dev->oper_ssid[] array (of which about 150 bytes would be beyond the 12 - heap allocation) when processing a corrupted management frame for P2P 13 - peer discovery purposes. 14 - 15 - This could result in corrupted state in heap, unexpected program 16 - behavior due to corrupted P2P peer device information, denial of service 17 - due to process crash, exposure of memory contents during GO Negotiation, 18 - and potentially arbitrary code execution. 19 - 20 - Thanks to Google security team for reporting this issue and smart 21 - hardware research group of Alibaba security team for discovering it. 22 - 23 - Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> 24 - --- 25 - src/p2p/p2p.c | 1 + 26 - 1 file changed, 1 insertion(+) 27 - 28 - diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c 29 - index f584fae..a45fe73 100644 30 - --- a/src/p2p/p2p.c 31 - +++ b/src/p2p/p2p.c 32 - @@ -778,6 +778,7 @@ int p2p_add_device(struct p2p_data *p2p, const u8 *addr, int freq, 33 - if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0) 34 - os_memcpy(dev->interface_addr, addr, ETH_ALEN); 35 - if (msg.ssid && 36 - + msg.ssid[1] <= sizeof(dev->oper_ssid) && 37 - (msg.ssid[1] != P2P_WILDCARD_SSID_LEN || 38 - os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN) 39 - != 0)) { 40 - -- 41 - 1.9.1 42 -
-78
pkgs/servers/x11/xorg/darwin/0001-XQuartz-GLX-Use-__glXEnableExtension-to-build-extens.patch
··· 1 - From fff30cdea46616eb92f4dd9402ebd27fdb55e13b Mon Sep 17 00:00:00 2001 2 - From: Jeremy Huddleston Sequoia <jeremyhu@apple.com> 3 - Date: Sun, 1 Jun 2014 04:29:19 -0700 4 - Subject: [PATCH 1/6] XQuartz: GLX: Use __glXEnableExtension to build 5 - extensions list 6 - 7 - Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> 8 - (cherry picked from commit 3790001ea29658872aebda00a03170e392b47878) 9 - --- 10 - hw/xquartz/GL/indirect.c | 37 +++++++++++++++++++++++++++++++------ 11 - 1 file changed, 31 insertions(+), 6 deletions(-) 12 - 13 - diff --git a/hw/xquartz/GL/indirect.c b/hw/xquartz/GL/indirect.c 14 - index 19b7d86..4e6ab3d 100644 15 - --- a/hw/xquartz/GL/indirect.c 16 - +++ b/hw/xquartz/GL/indirect.c 17 - @@ -52,6 +52,7 @@ 18 - 19 - #include "visualConfigs.h" 20 - #include "dri.h" 21 - +#include "extension_string.h" 22 - 23 - #include "darwin.h" 24 - #define GLAQUA_DEBUG_MSG(msg, args ...) ASL_LOG(ASL_LEVEL_DEBUG, "GLXAqua", \ 25 - @@ -111,6 +112,10 @@ typedef struct __GLXAquaDrawable __GLXAquaDrawable; 26 - */ 27 - struct __GLXAquaScreen { 28 - __GLXscreen base; 29 - + 30 - + /* Supported GLX extensions */ 31 - + unsigned char glx_enable_bits[__GLX_EXT_BYTES]; 32 - + 33 - int index; 34 - int num_vis; 35 - }; 36 - @@ -541,13 +546,33 @@ __glXAquaScreenProbe(ScreenPtr pScreen) 37 - 38 - screen->base.GLXmajor = 1; 39 - screen->base.GLXminor = 4; 40 - - screen->base.GLXextensions = strdup("GLX_SGIX_fbconfig " 41 - - "GLX_SGIS_multisample " 42 - - "GLX_ARB_multisample " 43 - - "GLX_EXT_visual_info " 44 - - "GLX_EXT_import_context "); 45 - 46 - - /*We may be able to add more GLXextensions at a later time. */ 47 - + memset(screen->glx_enable_bits, 0, __GLX_EXT_BYTES); 48 - + 49 - + __glXEnableExtension(screen->glx_enable_bits, "GLX_EXT_visual_info"); 50 - + __glXEnableExtension(screen->glx_enable_bits, "GLX_EXT_visual_rating"); 51 - + __glXEnableExtension(screen->glx_enable_bits, "GLX_EXT_import_context"); 52 - + __glXEnableExtension(screen->glx_enable_bits, "GLX_OML_swap_method"); 53 - + __glXEnableExtension(screen->glx_enable_bits, "GLX_SGIX_fbconfig"); 54 - + 55 - + __glXEnableExtension(screen->glx_enable_bits, "GLX_SGIS_multisample"); 56 - + __glXEnableExtension(screen->glx_enable_bits, "GLX_ARB_multisample"); 57 - + 58 - + //__glXEnableExtension(screen->glx_enable_bits, "GLX_ARB_create_context"); 59 - + //__glXEnableExtension(screen->glx_enable_bits, "GLX_ARB_create_context_profile"); 60 - + 61 - + // Generate the GLX extensions string (overrides that set by __glXScreenInit()) 62 - + { 63 - + unsigned int buffer_size = 64 - + __glXGetExtensionString(screen->glx_enable_bits, NULL); 65 - + if (buffer_size > 0) { 66 - + free(screen->base.GLXextensions); 67 - + 68 - + screen->base.GLXextensions = xnfalloc(buffer_size); 69 - + __glXGetExtensionString(screen->glx_enable_bits, 70 - + screen->base.GLXextensions); 71 - + } 72 - + } 73 - 74 - return &screen->base; 75 - } 76 - -- 77 - 2.3.2 (Apple Git-55) 78 -
-165
pkgs/servers/x11/xorg/darwin/0003-Workaround-the-GC-clipping-problem-in-miPaintWindow-.patch
··· 1 - From fa5c83fe9129c9cd9cde1420a32112ca2f17566c Mon Sep 17 00:00:00 2001 2 - From: Jeremy Huddleston <jeremyhu@apple.com> 3 - Date: Fri, 30 Apr 2010 13:08:25 -0700 4 - Subject: [PATCH 3/6] Workaround the GC clipping problem in miPaintWindow and 5 - add some debugging output. 6 - 7 - Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com> 8 - --- 9 - mi/miexpose.c | 104 ++++++++++++++++++++++++++++++++++++++++++++++++++++------ 10 - 1 file changed, 94 insertions(+), 10 deletions(-) 11 - 12 - diff --git a/mi/miexpose.c b/mi/miexpose.c 13 - index fc4dbc0..5e31b83 100644 14 - --- a/mi/miexpose.c 15 - +++ b/mi/miexpose.c 16 - @@ -408,7 +408,8 @@ void RootlessSetPixmapOfAncestors(WindowPtr pWin); 17 - void RootlessStartDrawing(WindowPtr pWin); 18 - void RootlessDamageRegion(WindowPtr pWin, RegionPtr prgn); 19 - Bool IsFramedWindow(WindowPtr pWin); 20 - -#endif 21 - +#include "../fb/fb.h" 22 - +#endif 23 - 24 - void 25 - miPaintWindow(WindowPtr pWin, RegionPtr prgn, int what) 26 - @@ -437,23 +438,37 @@ miPaintWindow(WindowPtr pWin, RegionPtr prgn, int what) 27 - Bool solid = TRUE; 28 - DrawablePtr drawable = &pWin->drawable; 29 - 30 - +#ifdef XQUARTZ_CLIP_DEBUG 31 - + ErrorF("START %d BS %d (pR = %ld)\n", what, pWin->backgroundState, ParentRelative); 32 - + ErrorF(" Rgn: %d %d %d %d\n", prgn->extents.x1, prgn->extents.y1, 33 - + prgn->extents.x2 - prgn->extents.x1, 34 - + prgn->extents.y2 - prgn->extents.y1); 35 - + ErrorF(" Win: %d %d (%d %d) %d %d\n", pWin->origin.x, pWin->origin.y, 36 - + pWin->winSize.extents.x1, pWin->winSize.extents.y1, 37 - + pWin->winSize.extents.x2 - pWin->winSize.extents.x1, 38 - + pWin->winSize.extents.y2 - pWin->winSize.extents.y1); 39 - + ErrorF(" Draw: %d %d %d %d\n", pWin->drawable.x, pWin->drawable.y, 40 - + pWin->drawable.width, pWin->drawable.height); 41 - +#endif 42 - + 43 - #ifdef ROOTLESS 44 - if (!drawable || drawable->type == UNDRAWABLE_WINDOW) 45 - return; 46 - +#endif 47 - + 48 - + if (what == PW_BACKGROUND) 49 - + { 50 - +#ifdef ROOTLESS 51 - + if(IsFramedWindow(pWin)) { 52 - + RootlessStartDrawing(pWin); 53 - + RootlessDamageRegion(pWin, prgn); 54 - 55 - - if (IsFramedWindow(pWin)) { 56 - - RootlessStartDrawing(pWin); 57 - - RootlessDamageRegion(pWin, prgn); 58 - - 59 - - if (pWin->backgroundState == ParentRelative) { 60 - - if ((what == PW_BACKGROUND) || 61 - - (what == PW_BORDER && !pWin->borderIsPixel)) 62 - + if(pWin->backgroundState == ParentRelative) { 63 - RootlessSetPixmapOfAncestors(pWin); 64 - + } 65 - } 66 - - } 67 - #endif 68 - 69 - - if (what == PW_BACKGROUND) { 70 - while (pWin->backgroundState == ParentRelative) 71 - pWin = pWin->parent; 72 - 73 - @@ -478,6 +493,18 @@ miPaintWindow(WindowPtr pWin, RegionPtr prgn, int what) 74 - else { 75 - PixmapPtr pixmap; 76 - 77 - +#ifdef ROOTLESS 78 - + if(IsFramedWindow(pWin)) { 79 - + RootlessStartDrawing(pWin); 80 - + RootlessDamageRegion(pWin, prgn); 81 - + 82 - + if(!pWin->borderIsPixel && 83 - + pWin->backgroundState == ParentRelative) { 84 - + RootlessSetPixmapOfAncestors(pWin); 85 - + } 86 - + } 87 - +#endif 88 - + 89 - tile_x_off = drawable->x; 90 - tile_y_off = drawable->y; 91 - 92 - @@ -486,6 +513,12 @@ miPaintWindow(WindowPtr pWin, RegionPtr prgn, int what) 93 - return; 94 - pixmap = (*pScreen->GetWindowPixmap) ((WindowPtr) drawable); 95 - drawable = &pixmap->drawable; 96 - + 97 - +#ifdef XQUARTZ_CLIP_DEBUG 98 - + ErrorF(" Draw: %d %d %d %d\n", 99 - + drawable->x, drawable->y, drawable->width, drawable->height); 100 - +#endif 101 - + 102 - #ifdef COMPOSITE 103 - draw_x_off = pixmap->screen_x; 104 - draw_y_off = pixmap->screen_y; 105 - @@ -548,6 +581,57 @@ miPaintWindow(WindowPtr pWin, RegionPtr prgn, int what) 106 - ChangeGC(NullClient, pGC, gcmask, gcval); 107 - ValidateGC(drawable, pGC); 108 - 109 - +#ifdef XQUARTZ_CLIP_DEBUG 110 - + ErrorF(" GC: %d %d %d %d\n", 111 - + pGC->pCompositeClip->extents.x1, pGC->pCompositeClip->extents.y1, 112 - + pGC->pCompositeClip->extents.x2 - pGC->pCompositeClip->extents.x1, 113 - + pGC->pCompositeClip->extents.y2 - pGC->pCompositeClip->extents.y1); 114 - +#endif 115 - + 116 - +#ifdef XQUARTZ 117 - + /* Looks like our clipping isn't set right for some reason: 118 - + * http://xquartz.macosforge.org/trac/ticket/290 119 - + */ 120 - + if(what == PW_BORDER) { 121 - + 122 - +#if 0 123 - + if(solid) { 124 - +#if 1 125 - + fbFillRegionSolid(&pWin->drawable, 126 - + prgn, 127 - + 0, 128 - + fbReplicatePixel(fill.pixel, 129 - + pWin->drawable.bitsPerPixel)); 130 - +#else 131 - + fbFillRegionSolid(drawable, 132 - + prgn, 133 - + 0, 134 - + fbReplicatePixel(fill.pixel, 135 - + drawable->bitsPerPixel)); 136 - +#endif 137 - + return; 138 - + } 139 - +#endif 140 - + 141 - + pGC->pCompositeClip->extents.x1 += prgn->extents.x1; 142 - + pGC->pCompositeClip->extents.y1 += prgn->extents.y1; 143 - + pGC->pCompositeClip->extents.x2 += prgn->extents.x1; 144 - + pGC->pCompositeClip->extents.y2 += prgn->extents.y1; 145 - + 146 - + if(pGC->pCompositeClip->extents.x2 > drawable->pScreen->width) 147 - + pGC->pCompositeClip->extents.x2 = drawable->pScreen->width; 148 - + if(pGC->pCompositeClip->extents.y2 > drawable->pScreen->height) 149 - + pGC->pCompositeClip->extents.y2 = drawable->pScreen->height; 150 - + } 151 - +#endif 152 - + 153 - +#ifdef XQUARTZ_CLIP_DEBUG 154 - + ErrorF(" GC: %d %d %d %d\n", 155 - + pGC->pCompositeClip->extents.x1, pGC->pCompositeClip->extents.y1, 156 - + pGC->pCompositeClip->extents.x2 - pGC->pCompositeClip->extents.x1, 157 - + pGC->pCompositeClip->extents.y2 - pGC->pCompositeClip->extents.y1); 158 - +#endif 159 - + 160 - numRects = RegionNumRects(prgn); 161 - pbox = RegionRects(prgn); 162 - for (i = numRects; --i >= 0; pbox++, prect++) { 163 - -- 164 - 2.3.2 (Apple Git-55) 165 -
-316
pkgs/servers/x11/xorg/darwin/0005-fb-Revert-fb-changes-that-broke-XQuartz.patch
··· 1 - From a635e397d5830f7f60e3690a1bb36f7a725b915a Mon Sep 17 00:00:00 2001 2 - From: Jeremy Huddleston <jeremyhu@apple.com> 3 - Date: Fri, 12 Feb 2010 19:48:52 -0800 4 - Subject: [PATCH 5/6] fb: Revert fb changes that broke XQuartz 5 - 6 - http://bugs.freedesktop.org/show_bug.cgi?id=26124 7 - 8 - Revert "Fix source pictures getting random transforms after 2d6a8f668342a5190cdf43b5." 9 - Revert "fb: Adjust transform or composite coordinates for pixman operations" 10 - 11 - http://bugs.freedesktop.org/26124 12 - 13 - This reverts commit a72c65e9176c51de95db2fdbf4c5d946a4911695. 14 - This reverts commit a6bd5d2e482a5aa84acb3d4932e2a166d8670ef1. 15 - 16 - Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com> 17 - --- 18 - fb/fb.h | 3 +-- 19 - fb/fbpict.c | 82 ++++++++++++++++++------------------------------------------- 20 - fb/fbtrap.c | 43 ++++++++++++++------------------ 21 - 3 files changed, 43 insertions(+), 85 deletions(-) 22 - 23 - diff --git a/fb/fb.h b/fb/fb.h 24 - index ab110f3..59eaac3 100644 25 - --- a/fb/fb.h 26 - +++ b/fb/fb.h 27 - @@ -1326,8 +1326,7 @@ fbFillRegionSolid(DrawablePtr pDrawable, 28 - RegionPtr pRegion, FbBits and, FbBits xor); 29 - 30 - extern _X_EXPORT pixman_image_t *image_from_pict(PicturePtr pict, 31 - - Bool has_clip, 32 - - int *xoff, int *yoff); 33 - + Bool has_clip); 34 - 35 - extern _X_EXPORT void free_pixman_pict(PicturePtr, pixman_image_t *); 36 - 37 - diff --git a/fb/fbpict.c b/fb/fbpict.c 38 - index cafb027..6ee63e9 100644 39 - --- a/fb/fbpict.c 40 - +++ b/fb/fbpict.c 41 - @@ -46,23 +46,18 @@ fbComposite(CARD8 op, 42 - INT16 yMask, INT16 xDst, INT16 yDst, CARD16 width, CARD16 height) 43 - { 44 - pixman_image_t *src, *mask, *dest; 45 - - int src_xoff, src_yoff; 46 - - int msk_xoff, msk_yoff; 47 - - int dst_xoff, dst_yoff; 48 - - 49 - miCompositeSourceValidate(pSrc); 50 - if (pMask) 51 - miCompositeSourceValidate(pMask); 52 - 53 - - src = image_from_pict(pSrc, FALSE, &src_xoff, &src_yoff); 54 - - mask = image_from_pict(pMask, FALSE, &msk_xoff, &msk_yoff); 55 - - dest = image_from_pict(pDst, TRUE, &dst_xoff, &dst_yoff); 56 - + src = image_from_pict(pSrc, TRUE); 57 - + mask = image_from_pict(pMask, TRUE); 58 - + dest = image_from_pict(pDst, TRUE); 59 - 60 - if (src && dest && !(pMask && !mask)) { 61 - pixman_image_composite(op, src, mask, dest, 62 - - xSrc + src_xoff, ySrc + src_yoff, 63 - - xMask + msk_xoff, yMask + msk_yoff, 64 - - xDst + dst_xoff, yDst + dst_yoff, width, height); 65 - + xSrc, ySrc, xMask, yMask, xDst, yDst, 66 - + width, height); 67 - } 68 - 69 - free_pixman_pict(pSrc, src); 70 - @@ -289,20 +284,22 @@ create_conical_gradient_image(PictGradient * gradient) 71 - } 72 - 73 - static pixman_image_t * 74 - -create_bits_picture(PicturePtr pict, Bool has_clip, int *xoff, int *yoff) 75 - +create_bits_picture(PicturePtr pict, Bool has_clip) 76 - { 77 - - PixmapPtr pixmap; 78 - FbBits *bits; 79 - FbStride stride; 80 - - int bpp; 81 - + int bpp, xoff, yoff; 82 - pixman_image_t *image; 83 - 84 - - fbGetDrawablePixmap(pict->pDrawable, pixmap, *xoff, *yoff); 85 - - fbGetPixmapBitsData(pixmap, bits, stride, bpp); 86 - + fbGetDrawable (pict->pDrawable, bits, stride, bpp, xoff, yoff); 87 - + 88 - + bits = (FbBits*)((CARD8*)bits + 89 - + (pict->pDrawable->y + yoff) * stride * sizeof(FbBits) + 90 - + (pict->pDrawable->x + xoff) * (bpp / 8)); 91 - 92 - image = pixman_image_create_bits((pixman_format_code_t) pict->format, 93 - - pixmap->drawable.width, 94 - - pixmap->drawable.height, (uint32_t *) bits, 95 - + pict->pDrawable->width, 96 - + pict->pDrawable->height, (uint32_t *) bits, 97 - stride * sizeof(FbStride)); 98 - 99 - if (!image) 100 - @@ -321,57 +318,31 @@ create_bits_picture(PicturePtr pict, Bool has_clip, int *xoff, int *yoff) 101 - if (pict->clientClip) 102 - pixman_image_set_has_client_clip(image, TRUE); 103 - 104 - - if (*xoff || *yoff) 105 - - pixman_region_translate(pict->pCompositeClip, *xoff, *yoff); 106 - + pixman_region_translate (pict->pCompositeClip, - pict->pDrawable->x, - pict->pDrawable->y); 107 - 108 - pixman_image_set_clip_region(image, pict->pCompositeClip); 109 - 110 - - if (*xoff || *yoff) 111 - - pixman_region_translate(pict->pCompositeClip, -*xoff, -*yoff); 112 - + pixman_region_translate (pict->pCompositeClip, pict->pDrawable->x, pict->pDrawable->y); 113 - } 114 - 115 - /* Indexed table */ 116 - if (pict->pFormat->index.devPrivate) 117 - pixman_image_set_indexed(image, pict->pFormat->index.devPrivate); 118 - 119 - - /* Add in drawable origin to position within the image */ 120 - - *xoff += pict->pDrawable->x; 121 - - *yoff += pict->pDrawable->y; 122 - - 123 - return image; 124 - } 125 - 126 - static pixman_image_t *image_from_pict_internal(PicturePtr pict, Bool has_clip, 127 - - int *xoff, int *yoff, 128 - Bool is_alpha_map); 129 - 130 - static void 131 - -set_image_properties(pixman_image_t * image, PicturePtr pict, Bool has_clip, 132 - - int *xoff, int *yoff, Bool is_alpha_map) 133 - +set_image_properties(pixman_image_t * image, PicturePtr pict, Bool is_alpha_map) 134 - { 135 - pixman_repeat_t repeat; 136 - pixman_filter_t filter; 137 - 138 - if (pict->transform) { 139 - - /* For source images, adjust the transform to account 140 - - * for the drawable offset within the pixman image, 141 - - * then set the offset to 0 as it will be used 142 - - * to compute positions within the transformed image. 143 - - */ 144 - - if (!has_clip) { 145 - - struct pixman_transform adjusted; 146 - - 147 - - adjusted = *pict->transform; 148 - - pixman_transform_translate(&adjusted, 149 - - NULL, 150 - - pixman_int_to_fixed(*xoff), 151 - - pixman_int_to_fixed(*yoff)); 152 - - pixman_image_set_transform(image, &adjusted); 153 - - *xoff = 0; 154 - - *yoff = 0; 155 - - } 156 - - else 157 - - pixman_image_set_transform(image, pict->transform); 158 - + pixman_image_set_transform(image, pict->transform); 159 - } 160 - 161 - switch (pict->repeatType) { 162 - @@ -399,10 +370,8 @@ set_image_properties(pixman_image_t * image, PicturePtr pict, Bool has_clip, 163 - * as the alpha map for this operation 164 - */ 165 - if (pict->alphaMap && !is_alpha_map) { 166 - - int alpha_xoff, alpha_yoff; 167 - pixman_image_t *alpha_map = 168 - - image_from_pict_internal(pict->alphaMap, FALSE, &alpha_xoff, 169 - - &alpha_yoff, TRUE); 170 - + image_from_pict_internal(pict->alphaMap, TRUE, TRUE); 171 - 172 - pixman_image_set_alpha_map(image, alpha_map, pict->alphaOrigin.x, 173 - pict->alphaOrigin.y); 174 - @@ -436,8 +405,7 @@ set_image_properties(pixman_image_t * image, PicturePtr pict, Bool has_clip, 175 - } 176 - 177 - static pixman_image_t * 178 - -image_from_pict_internal(PicturePtr pict, Bool has_clip, int *xoff, int *yoff, 179 - - Bool is_alpha_map) 180 - +image_from_pict_internal(PicturePtr pict, Bool has_clip, Bool is_alpha_map) 181 - { 182 - pixman_image_t *image = NULL; 183 - 184 - @@ -445,7 +413,7 @@ image_from_pict_internal(PicturePtr pict, Bool has_clip, int *xoff, int *yoff, 185 - return NULL; 186 - 187 - if (pict->pDrawable) { 188 - - image = create_bits_picture(pict, has_clip, xoff, yoff); 189 - + image = create_bits_picture(pict, has_clip); 190 - } 191 - else if (pict->pSourcePict) { 192 - SourcePict *sp = pict->pSourcePict; 193 - @@ -463,19 +431,17 @@ image_from_pict_internal(PicturePtr pict, Bool has_clip, int *xoff, int *yoff, 194 - else if (sp->type == SourcePictTypeConical) 195 - image = create_conical_gradient_image(gradient); 196 - } 197 - - *xoff = *yoff = 0; 198 - } 199 - 200 - if (image) 201 - - set_image_properties(image, pict, has_clip, xoff, yoff, is_alpha_map); 202 - - 203 - + set_image_properties (image, pict, is_alpha_map); 204 - return image; 205 - } 206 - 207 - pixman_image_t * 208 - -image_from_pict(PicturePtr pict, Bool has_clip, int *xoff, int *yoff) 209 - +image_from_pict (PicturePtr pict, Bool has_clip) 210 - { 211 - - return image_from_pict_internal(pict, has_clip, xoff, yoff, FALSE); 212 - + return image_from_pict_internal (pict, has_clip, FALSE); 213 - } 214 - 215 - void 216 - diff --git a/fb/fbtrap.c b/fb/fbtrap.c 217 - index bf82f8f..0145ce9 100644 218 - --- a/fb/fbtrap.c 219 - +++ b/fb/fbtrap.c 220 - @@ -36,13 +36,12 @@ fbAddTraps(PicturePtr pPicture, 221 - INT16 x_off, INT16 y_off, int ntrap, xTrap * traps) 222 - { 223 - pixman_image_t *image; 224 - - int dst_xoff, dst_yoff; 225 - 226 - - if (!(image = image_from_pict(pPicture, FALSE, &dst_xoff, &dst_yoff))) 227 - - return; 228 - - 229 - - pixman_add_traps(image, x_off + dst_xoff, y_off + dst_yoff, 230 - - ntrap, (pixman_trap_t *) traps); 231 - + if (!(image = image_from_pict (pPicture, FALSE))) 232 - + return; 233 - + 234 - + pixman_add_traps(image, x_off, y_off, 235 - + ntrap, (pixman_trap_t *)traps); 236 - 237 - free_pixman_pict(pPicture, image); 238 - } 239 - @@ -52,13 +51,12 @@ fbRasterizeTrapezoid(PicturePtr pPicture, 240 - xTrapezoid * trap, int x_off, int y_off) 241 - { 242 - pixman_image_t *image; 243 - - int dst_xoff, dst_yoff; 244 - 245 - - if (!(image = image_from_pict(pPicture, FALSE, &dst_xoff, &dst_yoff))) 246 - + if (!(image = image_from_pict (pPicture, FALSE))) 247 - return; 248 - 249 - - pixman_rasterize_trapezoid(image, (pixman_trapezoid_t *) trap, 250 - - x_off + dst_xoff, y_off + dst_yoff); 251 - + pixman_rasterize_trapezoid(image, (pixman_trapezoid_t *)trap, 252 - + x_off, y_off); 253 - 254 - free_pixman_pict(pPicture, image); 255 - } 256 - @@ -68,14 +66,12 @@ fbAddTriangles(PicturePtr pPicture, 257 - INT16 x_off, INT16 y_off, int ntri, xTriangle * tris) 258 - { 259 - pixman_image_t *image; 260 - - int dst_xoff, dst_yoff; 261 - 262 - - if (!(image = image_from_pict(pPicture, FALSE, &dst_xoff, &dst_yoff))) 263 - + if (!(image = image_from_pict (pPicture, FALSE))) 264 - return; 265 - - 266 - - pixman_add_triangles(image, 267 - - dst_xoff + x_off, dst_yoff + y_off, 268 - - ntri, (pixman_triangle_t *) tris); 269 - + 270 - + pixman_add_triangles(image, x_off, y_off, ntri, 271 - + (pixman_triangle_t *)tris); 272 - 273 - free_pixman_pict(pPicture, image); 274 - } 275 - @@ -98,13 +94,11 @@ fbShapes(CompositeShapesFunc composite, 276 - int16_t ySrc, int nshapes, int shape_size, const uint8_t * shapes) 277 - { 278 - pixman_image_t *src, *dst; 279 - - int src_xoff, src_yoff; 280 - - int dst_xoff, dst_yoff; 281 - 282 - miCompositeSourceValidate(pSrc); 283 - 284 - - src = image_from_pict(pSrc, FALSE, &src_xoff, &src_yoff); 285 - - dst = image_from_pict(pDst, TRUE, &dst_xoff, &dst_yoff); 286 - + src = image_from_pict(pSrc, FALSE); 287 - + dst = image_from_pict(pDst, TRUE); 288 - 289 - if (src && dst) { 290 - pixman_format_code_t format; 291 - @@ -121,9 +115,8 @@ fbShapes(CompositeShapesFunc composite, 292 - 293 - for (i = 0; i < nshapes; ++i) { 294 - composite(op, src, dst, format, 295 - - xSrc + src_xoff, 296 - - ySrc + src_yoff, 297 - - dst_xoff, dst_yoff, 1, shapes + i * shape_size); 298 - + xSrc, ySrc, 0, 0, 299 - + 1, shapes + i * shape_size); 300 - } 301 - } 302 - else { 303 - @@ -143,8 +136,8 @@ fbShapes(CompositeShapesFunc composite, 304 - } 305 - 306 - composite(op, src, dst, format, 307 - - xSrc + src_xoff, 308 - - ySrc + src_yoff, dst_xoff, dst_yoff, nshapes, shapes); 309 - + xSrc, ySrc, 0, 0, 310 - + nshapes, shapes); 311 - } 312 - 313 - DamageRegionProcessPending(pDst->pDrawable); 314 - -- 315 - 2.3.2 (Apple Git-55) 316 -
-46
pkgs/servers/x11/xorg/darwin/function-pointer-test.patch
··· 1 - These are functions, not function pointers, so they always evaluate to true. 2 - 3 - diff --git a/hw/xquartz/X11Controller.m b/hw/xquartz/X11Controller.m 4 - index 5445c6f..8574bf1 100644 5 - --- a/hw/xquartz/X11Controller.m 6 - +++ b/hw/xquartz/X11Controller.m 7 - @@ -364,7 +364,6 @@ extern char *bundle_id_prefix; 8 - } 9 - 10 - #if MAC_OS_X_VERSION_MAX_ALLOWED >= 1080 11 - - if (asl_log_descriptor) { 12 - char *asl_sender; 13 - aslmsg amsg = asl_new(ASL_TYPE_MSG); 14 - assert(amsg); 15 - @@ -394,7 +393,6 @@ extern char *bundle_id_prefix; 16 - asl_log_descriptor(aslc, amsg, ASL_LEVEL_NOTICE, stderr_pipe[0], ASL_LOG_DESCRIPTOR_READ); 17 - 18 - asl_free(amsg); 19 - - } 20 - #endif 21 - 22 - /* Do the fork-twice trick to avoid having to reap zombies */ 23 - @@ -414,11 +412,9 @@ extern char *bundle_id_prefix; 24 - 25 - case 0: /* child2 */ 26 - #if MAC_OS_X_VERSION_MAX_ALLOWED >= 1080 27 - - if (asl_log_descriptor) { 28 - /* Replace our stdout/stderr */ 29 - dup2(stdout_pipe[1], STDOUT_FILENO); 30 - dup2(stderr_pipe[1], STDERR_FILENO); 31 - - } 32 - #endif 33 - 34 - /* close all open files except for standard streams */ 35 - @@ -443,11 +439,9 @@ extern char *bundle_id_prefix; 36 - } 37 - 38 - #if MAC_OS_X_VERSION_MAX_ALLOWED >= 1080 39 - - if (asl_log_descriptor) { 40 - /* Close the write ends of the pipe */ 41 - close(stdout_pipe[1]); 42 - close(stderr_pipe[1]); 43 - - } 44 - #endif 45 - } 46 -
-42
pkgs/tools/filesystems/ceph/0001-Cleanup-boost-optionals.patch
··· 1 - From 2507ab33236f0da12899fbcdd36535f7c7b68a06 Mon Sep 17 00:00:00 2001 2 - From: "William A. Kennington III" <william@wkennington.com> 3 - Date: Sat, 20 Sep 2014 22:52:31 -0700 4 - Subject: [PATCH] Cleanup boost optionals 5 - 6 - --- 7 - src/osd/ECBackend.cc | 2 +- 8 - src/osd/ReplicatedPG.cc | 5 ++++- 9 - 2 files changed, 5 insertions(+), 2 deletions(-) 10 - 11 - diff --git a/src/osd/ECBackend.cc b/src/osd/ECBackend.cc 12 - index a87b5b4..c386900 100644 13 - --- a/src/osd/ECBackend.cc 14 - +++ b/src/osd/ECBackend.cc 15 - @@ -81,7 +81,7 @@ ostream &operator<<(ostream &lhs, const ECBackend::read_result_t &rhs) 16 - lhs << "read_result_t(r=" << rhs.r 17 - << ", errors=" << rhs.errors; 18 - if (rhs.attrs) { 19 - - lhs << ", attrs=" << rhs.attrs; 20 - + lhs << ", attrs=" << rhs.attrs.get(); 21 - } else { 22 - lhs << ", noattrs"; 23 - } 24 - diff --git a/src/osd/ReplicatedPG.cc b/src/osd/ReplicatedPG.cc 25 - index 5e5510d..79e8616 100644 26 - --- a/src/osd/ReplicatedPG.cc 27 - +++ b/src/osd/ReplicatedPG.cc 28 - @@ -5259,7 +5259,10 @@ void ReplicatedPG::do_osd_op_effects(OpContext *ctx) 29 - for (list<OpContext::NotifyAck>::iterator p = ctx->notify_acks.begin(); 30 - p != ctx->notify_acks.end(); 31 - ++p) { 32 - - dout(10) << "notify_ack " << make_pair(p->watch_cookie, p->notify_id) << dendl; 33 - + if (p->watch_cookie) 34 - + dout(10) << "notify_ack " << make_pair(p->watch_cookie.get(), p->notify_id) << dendl; 35 - + else 36 - + dout(10) << "notify_ack " << make_pair("NULL", p->notify_id) << dendl; 37 - for (map<pair<uint64_t, entity_name_t>, WatchRef>::iterator i = 38 - ctx->obc->watchers.begin(); 39 - i != ctx->obc->watchers.end(); 40 - -- 41 - 2.1.0 42 -
-27
pkgs/tools/filesystems/ceph/boost-158.patch
··· 1 - From e7b196a4a091c0ea258866559ba06e7ed0cc4247 Mon Sep 17 00:00:00 2001 2 - From: Kefu Chai <kchai@redhat.com> 3 - Date: Fri, 8 May 2015 15:21:20 +0800 4 - Subject: [PATCH] mon: remove unused variable 5 - 6 - * as a side effect, this change silences 7 - http://tracker.ceph.com/issues/11576 8 - 9 - Fixes: #11576 10 - Signed-off-by: Kefu Chai <kchai@redhat.com> 11 - --- 12 - src/mon/OSDMonitor.cc | 2 -- 13 - 1 file changed, 2 deletions(-) 14 - 15 - diff --git a/src/mon/OSDMonitor.cc b/src/mon/OSDMonitor.cc 16 - index 73dcd5f..7caaa45 100644 17 - --- a/src/mon/OSDMonitor.cc 18 - +++ b/src/mon/OSDMonitor.cc 19 - @@ -3174,8 +3174,6 @@ bool OSDMonitor::preprocess_command(MMonCommand *m) 20 - } else if (prefix == "osd crush get-tunable") { 21 - string tunable; 22 - cmd_getval(g_ceph_context, cmdmap, "tunable", tunable); 23 - - int value; 24 - - cmd_getval(g_ceph_context, cmdmap, "value", value); 25 - ostringstream rss; 26 - if (f) 27 - f->open_object_section("tunable");
-17
pkgs/tools/filesystems/ceph/fix-pgrefdebugging.patch
··· 1 - diff --git a/configure.ac b/configure.ac 2 - index 38ab682..febb58e 100644 3 - --- a/configure.ac 4 - +++ b/configure.ac 5 - @@ -541,8 +541,10 @@ fi 6 - #set pg ref debugging? 7 - AC_ARG_ENABLE([pgrefdebugging], 8 - [AS_HELP_STRING([--enable-pgrefdebugging], [enable pg ref debugging])], 9 - - [AC_DEFINE([PG_DEBUG_REFS], [1], [Defined if you want pg ref debugging])], 10 - - []) 11 - + [], [enable_pgrefdebugging=no]) 12 - +AS_IF([test "x$enable_pgrefdebugging" = "xyes"], 13 - + [AC_DEFINE([PG_DEBUG_REFS], [1], [Defined if you want pg ref debugging])], 14 - + []) 15 - 16 - # 17 - # Java is painful
-190
pkgs/tools/misc/debootstrap/subst.patch
··· 1 - diff --git a/usr/sbin/debootstrap b/usr/sbin/debootstrap 2 - index a0dacf3..6331b3d 100755 3 - --- a/usr/sbin/debootstrap 4 - +++ b/usr/sbin/debootstrap 5 - @@ -14,7 +14,7 @@ if [ "$DEBOOTSTRAP_DIR" = "" ]; then 6 - fi 7 - fi 8 - 9 - -if [ -x "/usr/bin/gettext" ]; then 10 - +if [ -x "@gettext@" ]; then 11 - USE_GETTEXT_INTERACTION=yes 12 - fi 13 - 14 - @@ -334,12 +334,12 @@ fi 15 - 16 - if [ "$ARCH" != "" ]; then 17 - true 18 - -elif [ -x /usr/bin/dpkg ] && \ 19 - - /usr/bin/dpkg --print-installation-architecture >/dev/null 2>&1; then 20 - - ARCH=`/usr/bin/dpkg --print-installation-architecture` 21 - +elif [ -x @dpkg@ ] && \ 22 - + @dpkg@ --print-installation-architecture >/dev/null 2>&1; then 23 - + ARCH=`@dpkg@ --print-installation-architecture` 24 - elif type udpkg >/dev/null 2>&1 && \ 25 - udpkg --print-architecture >/dev/null 2>&1; then 26 - - ARCH=`/usr/bin/udpkg --print-architecture` 27 - + ARCH=`@udpkg@ --print-architecture` 28 - elif [ -e $DEBOOTSTRAP_DIR/arch ]; then 29 - ARCH=`cat $DEBOOTSTRAP_DIR/arch` 30 - else 31 - @@ -349,7 +349,7 @@ fi 32 - export ARCH SUITE TARGET 33 - 34 - if am_doing_phase first_stage second_stage; then 35 - - if [ -x /usr/bin/id ] && [ `id -u` -ne 0 ]; then 36 - + if [ -x @id@ ] && [ `id -u` -ne 0 ]; then 37 - error 1 NEEDROOT "debootstrap can only run as root" 38 - fi 39 - # Ensure that we can create working devices and executables on the target. 40 - diff --git a/usr/share/debootstrap/functions b/usr/share/debootstrap/functions 41 - index b9180ba..33feac3 100755 42 - --- a/usr/share/debootstrap/functions 43 - +++ b/usr/share/debootstrap/functions 44 - @@ -914,7 +914,7 @@ setup_dselect_method () { 45 - # For the debootstrap udeb, pkgdetails is provided by the bootstrap-base 46 - # udeb, so the pkgdetails API needs to be kept in sync with that. 47 - 48 - -if [ -x /usr/bin/perl ]; then 49 - +if [ -x @perl@ ]; then 50 - PKGDETAILS=pkgdetails_perl 51 - 52 - pkgdetails_field () { 53 - @@ -1264,7 +1264,7 @@ close LD_SO_CONF; 54 - 55 - unshift @ld_library_path, split(/:/, $ENV{LD_LIBRARY_PATH}); 56 - 57 - -$unamearch = `/bin/uname -m`; 58 - +$unamearch = `@uname -m`; 59 - chomp $unamearch; 60 - 61 - foreach my $file (@ARGV) { 62 - 63 - 64 - diff --git a/usr/share/debootstrap/functions b/usr/share/debootstrap/functions 65 - index 730df3a..197b2fb 100755 66 - --- a/usr/share/debootstrap/functions 67 - +++ b/usr/share/debootstrap/functions 68 - @@ -18,7 +18,7 @@ error () { 69 - for x in "$@"; do echo "EA: $x"; done 70 - echo "EF: $fmt") >&4 71 - elif [ "$USE_GETTEXT_INTERACTION" ]; then 72 - - (printf "E: `LANG=$GETTEXT_LANG gettext debootstrap "$fmt"`\n" "$@") >&4 73 - + (printf "E: `LANG=$GETTEXT_LANG @gettext@ debootstrap "$fmt"`\n" "$@") >&4 74 - else 75 - (printf "E: $fmt\n" "$@") >&4 76 - fi 77 - @@ -35,7 +35,7 @@ warning () { 78 - for x in "$@"; do echo "WA: $x"; done 79 - echo "WF: $fmt") >&4 80 - elif [ "$USE_GETTEXT_INTERACTION" ]; then 81 - - printf "W: `LANG=$GETTEXT_LANG gettext debootstrap "$fmt"`\n" "$@" >&4 82 - + printf "W: `LANG=$GETTEXT_LANG @gettext@ debootstrap "$fmt"`\n" "$@" >&4 83 - else 84 - printf "W: $fmt\n" "$@" >&4 85 - fi 86 - @@ -51,7 +51,7 @@ info () { 87 - for x in "$@"; do echo "IA: $x"; done 88 - echo "IF: $fmt") >&4 89 - elif [ "$USE_GETTEXT_INTERACTION" ]; then 90 - - printf "I: `LANG=$GETTEXT_LANG gettext debootstrap "$fmt"`\n" "$@" >&4 91 - + printf "I: `LANG=$GETTEXT_LANG @gettext@ debootstrap "$fmt"`\n" "$@" >&4 92 - else 93 - printf "I: $fmt\n" "$@" >&4 94 - fi 95 - 96 - 97 - diff --git a/usr/share/debootstrap/functions b/usr/share/debootstrap/functions 98 - index 98d2056..c1d7430 100755 99 - --- a/usr/share/debootstrap/functions 100 - +++ b/usr/share/debootstrap/functions 101 - @@ -501,9 +501,9 @@ download_release_indices () { 102 - local md= 103 - if [ "$normmd" != "" ]; then 104 - md="$normmd" 105 - - elif [ -x /bin/bunzip2 ] && [ "$bz2md" != "" ]; then 106 - + elif [ -x @bunzip2@ ] && [ "$bz2md" != "" ]; then 107 - md="$bz2md" 108 - - elif [ -x /bin/gunzip ] && [ "$gzmd" != "" ]; then 109 - + elif [ -x @gunzip@ ] && [ "$gzmd" != "" ]; then 110 - md="$gzmd" 111 - fi 112 - if [ "$md" != "" ]; then 113 - @@ -529,11 +529,11 @@ download_release_indices () { 114 - ext="$ext $normmd ." 115 - md="$normmd" 116 - fi 117 - - if [ -x /bin/bunzip2 ] && [ "$bz2md" != "" ]; then 118 - + if [ -x @bunzip2@ ] && [ "$bz2md" != "" ]; then 119 - ext="$ext $bz2md bz2" 120 - md="${md:-$bz2md}" 121 - fi 122 - - if [ -x /bin/gunzip ] && [ "$gzmd" != "" ]; then 123 - + if [ -x @gunzip@ ] && [ "$gzmd" != "" ]; then 124 - ext="$ext $gzmd gz" 125 - md="${md:-$gzmd}" 126 - fi 127 - @@ -663,7 +663,7 @@ download_main_indices () { 128 - for c in $COMPONENTS; do 129 - local path="dists/$SUITE/$c/binary-$ARCH/Packages" 130 - local pkgdest="$TARGET/$($DLDEST pkg "$SUITE" "$c" "$ARCH" "$m" "$path")" 131 - - if [ -x /bin/gunzip ] && get "$m/${path}.gz" "${pkgdest}.gz"; then 132 - + if [ -x @gunzip@ ] && get "$m/${path}.gz" "${pkgdest}.gz"; then 133 - rm -f "$pkgdest" 134 - gunzip "$pkgdest.gz" 135 - elif get "$m/$path" "$pkgdest"; then 136 - 137 - 138 - diff --git a/usr/share/debootstrap/functions b/usr/share/debootstrap/functions 139 - index 15051e8..a5de422 100755 140 - --- a/usr/share/debootstrap/functions 141 - +++ b/usr/share/debootstrap/functions 142 - @@ -70,13 +70,13 @@ wgetprogress () { 143 - [ ! "$verbose" ] && QSWITCH="-q" 144 - local ret=0 145 - if [ "$USE_DEBIANINSTALLER_INTERACTION" ] && [ "$PROGRESS_NEXT" ]; then 146 - - wget "$@" 2>&1 >/dev/null | $PKGDETAILS "WGET%" $PROGRESS_NOW $PROGRESS_NEXT $PROGRESS_END >&3 147 - + @wget@ "$@" 2>&1 >/dev/null | $PKGDETAILS "WGET%" $PROGRESS_NOW $PROGRESS_NEXT $PROGRESS_END >&3 148 - ret=$? 149 - elif [ "$USE_BOOTFLOPPIES_INTERACTION" ] && [ "$PROGRESS_NEXT" ]; then 150 - - wget "$@" 2>&1 >/dev/null | $PKGDETAILS "WGET%" $PROGRESS_NOW $PROGRESS_NEXT $PROGRESS_END "$PROGRESS_WHAT" >&3 151 - + @wget@ "$@" 2>&1 >/dev/null | $PKGDETAILS "WGET%" $PROGRESS_NOW $PROGRESS_NEXT $PROGRESS_END "$PROGRESS_WHAT" >&3 152 - ret=$? 153 - else 154 - - wget $QSWITCH "$@" 155 - + @wget@ $QSWITCH "$@" 156 - ret=$? 157 - fi 158 - return $ret 159 - 160 - diff --git a/usr/share/debootstrap/functions b/usr/share/debootstrap/functions 161 - index 8d60d8e..e238644 100755 162 - --- a/usr/share/debootstrap/functions 163 - +++ b/usr/share/debootstrap/functions 164 - @@ -921,7 +921,7 @@ if [ -x ]; then 165 - 166 - pkgdetails_field () { 167 - # uniq field mirror Packages values... 168 - - perl -le ' 169 - + @perl@ -le ' 170 - $unique = shift @ARGV; $field = lc(shift @ARGV); $mirror = shift @ARGV; 171 - $cnt = length(@ARGV); 172 - %fields = map { $_, 0 } @ARGV; 173 - @@ -959,7 +959,7 @@ for $v (keys %fields) { 174 - pkgdetails_perl () { 175 - if [ "$1" = "WGET%" ]; then 176 - shift; 177 - - perl -e ' 178 - + @perl@ -e ' 179 - $v = 0; 180 - while (read STDIN, $x, 1) { 181 - if ($x =~ m/\d/) { 182 - @@ -974,7 +974,7 @@ while (read STDIN, $x, 1) { 183 - }' "$@" 184 - elif [ "$1" = "GETDEPS" ]; then 185 - local pkgdest="$2"; shift; shift 186 - - perl -e ' 187 - + @perl@ -e ' 188 - while (<STDIN>) { 189 - chomp; 190 - $in = 1 if (/^Package: (.*)$/ && grep {$_ eq $1} @ARGV);
-114
pkgs/tools/networking/isync/isync-recursice-imap.patch
··· 1 - diff -rupN ../isync-1.0.4_original/./src/drv_imap.c ./src/drv_imap.c 2 - --- ../isync-1.0.4_original/./src/drv_imap.c 2007-09-22 01:44:12.000000000 -0700 3 - +++ ./src/drv_imap.c 2009-04-22 15:28:58.000000000 -0700 4 - @@ -1678,7 +1678,7 @@ imap_list( store_t *gctx, string_list_t 5 - int ret; 6 - 7 - imap->boxes = 0; 8 - - if ((ret = imap_exec_b( ctx, 0, "LIST \"\" \"%s%%\"", ctx->prefix )) != DRV_OK) 9 - + if ((ret = imap_exec_b( ctx, 0, "LIST \"\" \"%s*\"", ctx->prefix )) != DRV_OK) 10 - return ret; 11 - *retb = imap->boxes; 12 - return DRV_OK; 13 - diff -rupN ../isync-1.0.4_original/./src/drv_maildir.c ./src/drv_maildir.c 14 - --- ../isync-1.0.4_original/./src/drv_maildir.c 2008-02-23 01:02:21.000000000 -0800 15 - +++ ./src/drv_maildir.c 2009-04-22 15:34:05.000000000 -0700 16 - @@ -24,6 +24,7 @@ 17 - 18 - #include "isync.h" 19 - 20 - +#include <assert.h> 21 - #include <limits.h> 22 - #include <stdlib.h> 23 - #include <string.h> 24 - @@ -46,6 +47,56 @@ 25 - #include <db.h> 26 - #endif /* USE_DB */ 27 - 28 - +static void encode_maildir_box(const char* in, char* out, size_t size) 29 - +{ 30 - + const char* p; 31 - + char c; 32 - + size_t out_chars; 33 - + 34 - + for (p = in, out_chars = 0; (c = *p); ++p, ++out, ++out_chars) { 35 - + assert(out_chars < size); 36 - + if (c == '/') { 37 - + assert(out_chars < size - 1); 38 - + *(out++) = '~'; 39 - + *out = '-'; 40 - + ++out_chars; 41 - + } 42 - + else if (c == '~') { 43 - + assert(out_chars < size - 1); 44 - + *(out++) = '~'; 45 - + *out = '~'; 46 - + ++out_chars; 47 - + } 48 - + else { 49 - + *out = c; 50 - + } 51 - + } 52 - + assert(out_chars < size); 53 - + *out = 0; 54 - +} 55 - + 56 - +static void decode_maildir_box(const char* in, char* out, size_t size) 57 - +{ 58 - + const char* p; 59 - + char c; 60 - + size_t out_chars; 61 - + 62 - + for (p = in, out_chars = 0; (c = *p); ++p, ++out, ++out_chars) { 63 - + assert(out_chars < size); 64 - + if (c == '~') { 65 - + assert(out_chars < size - 1); 66 - + c = *(++p); 67 - + *out = (c == '-' ? '/' : '~'); 68 - + ++out_chars; 69 - + } 70 - + else { 71 - + *out = c; 72 - + } 73 - + } 74 - + assert(out_chars < size); 75 - + *out = 0; 76 - +} 77 - + 78 - typedef struct maildir_store_conf { 79 - store_conf_t gen; 80 - char *inbox; 81 - @@ -164,14 +215,17 @@ maildir_list( store_t *gctx, string_list 82 - const char *inbox = ((maildir_store_conf_t *)gctx->conf)->inbox; 83 - int bl; 84 - struct stat st; 85 - - char buf[PATH_MAX]; 86 - + char buf[PATH_MAX], box[PATH_MAX]; 87 - 88 - if (*de->d_name == '.') 89 - continue; 90 - bl = nfsnprintf( buf, sizeof(buf), "%s%s/cur", gctx->conf->path, de->d_name ); 91 - if (stat( buf, &st ) || !S_ISDIR(st.st_mode)) 92 - continue; 93 - - add_string_list( retb, !memcmp( buf, inbox, bl - 4 ) && !inbox[bl - 4] ? "INBOX" : de->d_name ); 94 - + 95 - + decode_maildir_box(de->d_name, box, PATH_MAX); 96 - + add_string_list( retb, 97 - + !memcmp( buf, inbox, bl - 4 ) && !inbox[bl - 4] ? "INBOX" : box ); 98 - } 99 - closedir (dir); 100 - 101 - @@ -717,8 +771,11 @@ maildir_prepare( store_t *gctx, int opts 102 - #endif /* USE_DB */ 103 - if (!strcmp( gctx->name, "INBOX" )) 104 - gctx->path = nfstrdup( ((maildir_store_conf_t *)gctx->conf)->inbox ); 105 - - else 106 - - nfasprintf( &gctx->path, "%s%s", gctx->conf->path, gctx->name ); 107 - + else { 108 - + char box[_POSIX_PATH_MAX]; 109 - + encode_maildir_box(gctx->name, box, _POSIX_PATH_MAX); 110 - + nfasprintf( &gctx->path, "%s%s", gctx->conf->path, box ); 111 - + } 112 - if (opts & OPEN_SETFLAGS) 113 - opts |= OPEN_OLD; 114 - if (opts & OPEN_EXPUNGE)
-218
pkgs/tools/networking/mtr/edd425.patch
··· 1 - diff --git a/asn.c b/asn.c 2 - index eac8d5e..33622ca 100644 3 - --- a/asn.c 4 - +++ b/asn.c 5 - @@ -16,6 +16,8 @@ 6 - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 7 - */ 8 - 9 - +#include "config.h" 10 - + 11 - #include <unistd.h> 12 - #include <stdio.h> 13 - #include <stdlib.h> 14 - @@ -35,7 +37,6 @@ 15 - #include <sys/socket.h> 16 - #include <search.h> 17 - 18 - -#include "config.h" 19 - #include "mtr.h" 20 - #include "asn.h" 21 - 22 - diff --git a/curses.c b/curses.c 23 - index eacc40d..b96daee 100644 24 - --- a/curses.c 25 - +++ b/curses.c 26 - @@ -16,7 +16,8 @@ 27 - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 28 - */ 29 - 30 - -#include <config.h> 31 - +#include "config.h" 32 - + 33 - #include <strings.h> 34 - #include <unistd.h> 35 - 36 - diff --git a/display.c b/display.c 37 - index aa369ee..3545467 100644 38 - --- a/display.c 39 - +++ b/display.c 40 - @@ -16,7 +16,8 @@ 41 - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 42 - */ 43 - 44 - -#include <config.h> 45 - +#include "config.h" 46 - + 47 - #include <stdio.h> 48 - #include <stdlib.h> 49 - #include <sys/types.h> 50 - diff --git a/dns.c b/dns.c 51 - index e89fd4b..4076b71 100644 52 - --- a/dns.c 53 - +++ b/dns.c 54 - @@ -22,7 +22,8 @@ 55 - Released under GPL, as above. 56 - */ 57 - 58 - -#include <config.h> 59 - +#include "config.h" 60 - + 61 - #include <sys/types.h> 62 - #include <sys/time.h> 63 - #include <sys/select.h> 64 - diff --git a/getopt.c b/getopt.c 65 - index 3d43e26..e2f8758 100644 66 - --- a/getopt.c 67 - +++ b/getopt.c 68 - @@ -27,7 +27,7 @@ 69 - #endif 70 - 71 - #ifdef HAVE_CONFIG_H 72 - -#include <config.h> 73 - +#include "config.h" 74 - #endif 75 - 76 - #if !defined (__STDC__) || !__STDC__ 77 - diff --git a/getopt1.c b/getopt1.c 78 - index bccf8b2..0a2d405 100644 79 - --- a/getopt1.c 80 - +++ b/getopt1.c 81 - @@ -16,7 +16,7 @@ 82 - Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. */ 83 - 84 - #ifdef HAVE_CONFIG_H 85 - -#include <config.h> 86 - +#include "config.h" 87 - #endif 88 - 89 - #include "getopt.h" 90 - diff --git a/gtk.c b/gtk.c 91 - index 38ed507..7faa132 100644 92 - --- a/gtk.c 93 - +++ b/gtk.c 94 - @@ -17,7 +17,7 @@ 95 - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 96 - */ 97 - 98 - -#include <config.h> 99 - +#include "config.h" 100 - 101 - #include <stdio.h> 102 - #include <stdlib.h> 103 - diff --git a/mtr.c b/mtr.c 104 - index 50eb464..416b744 100644 105 - --- a/mtr.c 106 - +++ b/mtr.c 107 - @@ -16,19 +16,21 @@ 108 - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 109 - */ 110 - 111 - +#include "config.h" 112 - + 113 - #include <sys/types.h> 114 - -#include <config.h> 115 - -#include <netdb.h> 116 - #include <stdio.h> 117 - #include <stdlib.h> 118 - #include <string.h> 119 - -#include <netinet/in.h> 120 - -#include <sys/socket.h> 121 - #include <unistd.h> 122 - -#include <strings.h> 123 - -#include <time.h> 124 - #include <errno.h> 125 - #include <string.h> 126 - +#include <strings.h> 127 - + 128 - +#include <netdb.h> 129 - +#include <netinet/in.h> 130 - +#include <sys/socket.h> 131 - +#include <time.h> 132 - #include <ctype.h> 133 - #include <assert.h> 134 - #include <fcntl.h> 135 - diff --git a/net.c b/net.c 136 - index 1c8d28f..d648804 100644 137 - --- a/net.c 138 - +++ b/net.c 139 - @@ -16,7 +16,7 @@ 140 - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 141 - */ 142 - 143 - -#include <config.h> 144 - +#include "config.h" 145 - 146 - #if defined(HAVE_SYS_XTI_H) 147 - #include <sys/xti.h> 148 - @@ -1562,4 +1562,4 @@ void net_harvest_fds(void) 149 - net_add_fds(&writefd, &maxfd); 150 - select(maxfd, NULL, &writefd, NULL, &tv); 151 - net_process_fds(&writefd); 152 - -} 153 - \ No newline at end of file 154 - +} 155 - diff --git a/raw.c b/raw.c 156 - index 8b0df47..0e1f4f4 100644 157 - --- a/raw.c 158 - +++ b/raw.c 159 - @@ -18,7 +18,8 @@ 160 - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 161 - */ 162 - 163 - -#include <config.h> 164 - +#include "config.h" 165 - + 166 - #include <ctype.h> 167 - #include <stdlib.h> 168 - #include <stdio.h> 169 - @@ -27,7 +28,6 @@ 170 - #include <netinet/in.h> 171 - #include <arpa/inet.h> 172 - 173 - - 174 - #include "mtr.h" 175 - #include "raw.h" 176 - #include "net.h" 177 - diff --git a/report.c b/report.c 178 - index 71040e4..39b2fb2 100644 179 - --- a/report.c 180 - +++ b/report.c 181 - @@ -16,7 +16,8 @@ 182 - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 183 - */ 184 - 185 - -#include <config.h> 186 - +#include "config.h" 187 - + 188 - #include <sys/types.h> 189 - #include <stdio.h> 190 - #include <netdb.h> 191 - diff --git a/select.c b/select.c 192 - index 31bfd5f..7553675 100644 193 - --- a/select.c 194 - +++ b/select.c 195 - @@ -16,7 +16,8 @@ 196 - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 197 - */ 198 - 199 - -#include <config.h> 200 - +#include "config.h" 201 - + 202 - #include <sys/types.h> 203 - #include <sys/time.h> 204 - #include <stdlib.h> 205 - diff --git a/split.c b/split.c 206 - index 642353e..5ead235 100644 207 - --- a/split.c 208 - +++ b/split.c 209 - @@ -20,7 +20,8 @@ 210 - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 211 - */ 212 - 213 - -#include <config.h> 214 - +#include "config.h" 215 - + 216 - #include <ctype.h> 217 - #include <stdlib.h> 218 - #include <stdio.h>
-161
pkgs/tools/networking/ntp/no-openssl.patch
··· 1 - Fix ntp-keygen build without OpenSSL 2 - 3 - http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=5497b345z5MNTuNvJWuqPSje25NQTg 4 - 5 - Index: ntp-4.2.8/Makefile.am 6 - =================================================================== 7 - --- ntp-4.2.8.orig/Makefile.am 8 - +++ ntp-4.2.8/Makefile.am 9 - @@ -2,7 +2,10 @@ ACLOCAL_AMFLAGS = -I sntp/m4 -I sntp/lib 10 - 11 - NULL = 12 - 13 - +# moved sntp first to get libtool and libevent built. 14 - + 15 - SUBDIRS = \ 16 - + sntp \ 17 - scripts \ 18 - include \ 19 - libntp \ 20 - @@ -17,7 +20,6 @@ SUBDIRS = \ 21 - clockstuff \ 22 - kernel \ 23 - util \ 24 - - sntp \ 25 - tests \ 26 - $(NULL) 27 - 28 - @@ -64,7 +66,6 @@ BUILT_SOURCES = \ 29 - .gcc-warning \ 30 - libtool \ 31 - html/.datecheck \ 32 - - sntp/built-sources-only \ 33 - $(srcdir)/COPYRIGHT \ 34 - $(srcdir)/.checkChangeLog \ 35 - $(NULL) 36 - Index: ntp-4.2.8/configure.ac 37 - =================================================================== 38 - --- ntp-4.2.8.orig/configure.ac 39 - +++ ntp-4.2.8/configure.ac 40 - @@ -102,7 +102,7 @@ esac 41 - enable_nls=no 42 - LIBOPTS_CHECK_NOBUILD([sntp/libopts]) 43 - 44 - -NTP_ENABLE_LOCAL_LIBEVENT 45 - +NTP_LIBEVENT_CHECK_NOBUILD([2], [sntp/libevent]) 46 - 47 - NTP_LIBNTP 48 - 49 - @@ -771,6 +771,10 @@ esac 50 - 51 - #### 52 - 53 - +AC_CHECK_FUNCS([arc4random_buf]) 54 - + 55 - +#### 56 - + 57 - saved_LIBS="$LIBS" 58 - LIBS="$LIBS $LDADD_LIBNTP" 59 - AC_CHECK_FUNCS([daemon]) 60 - Index: ntp-4.2.8/libntp/ntp_crypto_rnd.c 61 - =================================================================== 62 - --- ntp-4.2.8.orig/libntp/ntp_crypto_rnd.c 63 - +++ ntp-4.2.8/libntp/ntp_crypto_rnd.c 64 - @@ -24,6 +24,21 @@ 65 - int crypto_rand_init = 0; 66 - #endif 67 - 68 - +#ifndef HAVE_ARC4RANDOM_BUF 69 - +static void 70 - +arc4random_buf(void *buf, size_t nbytes); 71 - + 72 - +void 73 - +evutil_secure_rng_get_bytes(void *buf, size_t nbytes); 74 - + 75 - +static void 76 - +arc4random_buf(void *buf, size_t nbytes) 77 - +{ 78 - + evutil_secure_rng_get_bytes(buf, nbytes); 79 - + return; 80 - +} 81 - +#endif 82 - + 83 - /* 84 - * As of late 2014, here's how we plan to provide cryptographic-quality 85 - * random numbers: 86 - Index: ntp-4.2.8/sntp/configure.ac 87 - =================================================================== 88 - --- ntp-4.2.8.orig/sntp/configure.ac 89 - +++ ntp-4.2.8/sntp/configure.ac 90 - @@ -97,11 +97,14 @@ esac 91 - enable_nls=no 92 - LIBOPTS_CHECK 93 - 94 - -AM_COND_IF( 95 - - [BUILD_SNTP], 96 - - [NTP_LIBEVENT_CHECK], 97 - - [NTP_LIBEVENT_CHECK_NOBUILD] 98 - -) 99 - +# From when we only used libevent for sntp: 100 - +#AM_COND_IF( 101 - +# [BUILD_SNTP], 102 - +# [NTP_LIBEVENT_CHECK], 103 - +# [NTP_LIBEVENT_CHECK_NOBUILD] 104 - +#) 105 - + 106 - +NTP_LIBEVENT_CHECK([2]) 107 - 108 - # Checks for libraries. 109 - 110 - Index: ntp-4.2.8/sntp/m4/ntp_libevent.m4 111 - =================================================================== 112 - --- ntp-4.2.8.orig/sntp/m4/ntp_libevent.m4 113 - +++ ntp-4.2.8/sntp/m4/ntp_libevent.m4 114 - @@ -1,4 +1,25 @@ 115 - -dnl NTP_ENABLE_LOCAL_LIBEVENT -*- Autoconf -*- 116 - +# SYNOPSIS -*- Autoconf -*- 117 - +# 118 - +# NTP_ENABLE_LOCAL_LIBEVENT 119 - +# NTP_LIBEVENT_CHECK([MINVERSION [, DIR]]) 120 - +# NTP_LIBEVENT_CHECK_NOBUILD([MINVERSION [, DIR]]) 121 - +# 122 - +# DESCRIPTION 123 - +# 124 - +# AUTHOR 125 - +# 126 - +# Harlan Stenn 127 - +# 128 - +# LICENSE 129 - +# 130 - +# This file is Copyright (c) 2014 Network Time Foundation 131 - +# 132 - +# Copying and distribution of this file, with or without modification, are 133 - +# permitted in any medium without royalty provided the copyright notice, 134 - +# author attribution and this notice are preserved. This file is offered 135 - +# as-is, without any warranty. 136 - + 137 - +dnl NTP_ENABLE_LOCAL_LIBEVENT 138 - dnl 139 - dnl Provide only the --enable-local-libevent command-line option. 140 - dnl 141 - @@ -29,7 +50,7 @@ dnl If NOBUILD is provided as the 3rd ar 142 - dnl but DO NOT invoke DIR/configure if we are going to use our bundled 143 - dnl version. This may be the case for nested packages. 144 - dnl 145 - -dnl provide --enable-local-libevent . 146 - +dnl provides --enable-local-libevent . 147 - dnl 148 - dnl Examples: 149 - dnl 150 - Index: ntp-4.2.8/util/Makefile.am 151 - =================================================================== 152 - --- ntp-4.2.8.orig/util/Makefile.am 153 - +++ ntp-4.2.8/util/Makefile.am 154 - @@ -19,6 +19,7 @@ AM_LDFLAGS = $(LDFLAGS_NTP) 155 - LDADD= ../libntp/libntp.a $(LDADD_LIBNTP) $(LIBM) $(PTHREAD_LIBS) 156 - tg2_LDADD= ../libntp/libntp.a $(LDADD_LIBNTP) $(LIBM) 157 - ntp_keygen_LDADD = version.o $(LIBOPTS_LDADD) ../libntp/libntp.a 158 - +ntp_keygen_LDADD += $(LDADD_LIBEVENT) 159 - ntp_keygen_LDADD += $(LDADD_LIBNTP) $(PTHREAD_LIBS) $(LDADD_NTP) $(LIBM) 160 - ntp_keygen_SOURCES = ntp-keygen.c ntp-keygen-opts.c ntp-keygen-opts.h 161 -