Merge branch 'master' into core-updates

This commit is contained in:
Leo Famulari 2016-10-05 19:15:25 -04:00
commit b19c7989b7
No known key found for this signature in database
GPG Key ID: 2646FA30BACA7F08
52 changed files with 2510 additions and 402 deletions

View File

@ -3,6 +3,7 @@
((nil
. ((fill-column . 78)
(tab-width . 8)
(sentence-end-double-space . t)
;; For use with 'bug-reference-prog-mode'.
(bug-reference-url-format . "http://bugs.gnu.org/%s")

View File

@ -30,9 +30,10 @@ Ludovic Courtès <ludo@gnu.org> <ludovic.courtes@inria.fr>
Mathieu Lirzin <mthl@gnu.org> <mthl@openmailbox.org>
Mathieu Lirzin <mthl@gnu.org> <mathieu.lirzin@openmailbox.org>
Nikita Karetnikov <nikita@karetnikov.org> <nikita.karetnikov@gmail.com>
ng0 <ng0@we.make.ritual.n0.is> <niasterisk@grrlz.net>
ng0 <ng0@we.make.ritual.n0.is> <ng@niasterisk.space>
ng0 <ng0@we.make.ritual.n0.is> <ng0@libertad.pw>
ng0 <ngillmann@runbox.com> <ng0@we.make.ritual.n0.is>
ng0 <ngillmann@runbox.com> <niasterisk@grrlz.net>
ng0 <ngillmann@runbox.com> <ng@niasterisk.space>
ng0 <ngillmann@runbox.com> <ng0@libertad.pw>
Pjotr Prins <pjotr.public01@thebird.nl>
Pjotr Prins <pjotr.public01@thebird.nl> <pjotr.public12@thebird.nl>
Raimon Grau <raimonster@gmail.com> <raimon@3scale.net>

View File

@ -173,8 +173,8 @@ dist_noinst_DATA = guix/tests.scm
# Linux-Libre configurations.
KCONFIGS = \
gnu/packages/linux-libre-4.7-i686.conf \
gnu/packages/linux-libre-4.7-x86_64.conf \
gnu/packages/linux-libre-4.8-i686.conf \
gnu/packages/linux-libre-4.8-x86_64.conf \
gnu/packages/linux-libre-4.4-i686.conf \
gnu/packages/linux-libre-4.4-x86_64.conf \
gnu/packages/linux-libre-4.1-i686.conf \

View File

@ -11782,10 +11782,10 @@ minute for an ``average'' package on a recent machine. Grafting is
recursive: when an indirect dependency requires grafting, then grafting
``propagates'' up to the package that the user is installing.
Currently, the graft and the package it replaces (@var{bash-fixed} and
@var{bash} in the example above) must have the exact same @code{name}
and @code{version} fields. This restriction mostly comes from the fact
that grafting works by patching files, including binary files, directly.
Currently, the length of the name and version of the graft and that of
the package it replaces (@var{bash-fixed} and @var{bash} in the example
above) must be equal. This restriction mostly comes from the fact that
grafting works by patching files, including binary files, directly.
Other restrictions may apply: for instance, when adding a graft to a
package providing a shared library, the original shared library and its
replacement must have the same @code{SONAME} and be binary-compatible.

View File

@ -478,7 +478,6 @@ dist_patch_DATA = \
%D%/packages/patches/clang-3.8-libc-search-path.patch \
%D%/packages/patches/clucene-pkgconfig.patch \
%D%/packages/patches/cmake-fix-tests.patch \
%D%/packages/patches/cpio-gets-undeclared.patch \
%D%/packages/patches/cpio-CVE-2016-2037.patch \
%D%/packages/patches/cpufrequtils-fix-aclocal.patch \
%D%/packages/patches/cracklib-CVE-2016-6318.patch \
@ -556,6 +555,7 @@ dist_patch_DATA = \
%D%/packages/patches/grub-CVE-2015-8370.patch \
%D%/packages/patches/grub-gets-undeclared.patch \
%D%/packages/patches/grub-freetype.patch \
%D%/packages/patches/gsl-test-i686.patch \
%D%/packages/patches/guile-1.8-cpp-4.5.patch \
%D%/packages/patches/guile-arm-fixes.patch \
%D%/packages/patches/guile-default-utf8.patch \
@ -668,6 +668,16 @@ dist_patch_DATA = \
%D%/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch \
%D%/packages/patches/libwmf-CVE-2015-4695.patch \
%D%/packages/patches/libwmf-CVE-2015-4696.patch \
%D%/packages/patches/libx11-CVE-2016-7942.patch \
%D%/packages/patches/libx11-CVE-2016-7943.patch \
%D%/packages/patches/libxfixes-CVE-2016-7944.patch \
%D%/packages/patches/libxi-CVE-2016-7945-CVE-2016-7946.patch \
%D%/packages/patches/libxrandr-CVE-2016-7947-CVE-2016-7948.patch \
%D%/packages/patches/libxrender-CVE-2016-7949.patch \
%D%/packages/patches/libxrender-CVE-2016-7950.patch \
%D%/packages/patches/libxtst-CVE-2016-7951-CVE-2016-7952.patch \
%D%/packages/patches/libxv-CVE-2016-5407.patch \
%D%/packages/patches/libxvmc-CVE-2016-7953.patch \
%D%/packages/patches/libxslt-generated-ids.patch \
%D%/packages/patches/linux-pam-no-setfsuid.patch \
%D%/packages/patches/lirc-localstatedir.patch \
@ -691,6 +701,7 @@ dist_patch_DATA = \
%D%/packages/patches/mcrypt-CVE-2012-4409.patch \
%D%/packages/patches/mcrypt-CVE-2012-4426.patch \
%D%/packages/patches/mcrypt-CVE-2012-4527.patch \
%D%/packages/patches/metabat-remove-compilation-date.patch \
%D%/packages/patches/mhash-keygen-test-segfault.patch \
%D%/packages/patches/mpc123-initialize-ao.patch \
%D%/packages/patches/mplayer2-theora-fix.patch \
@ -800,7 +811,6 @@ dist_patch_DATA = \
%D%/packages/patches/ruby-rack-ignore-failing-test.patch \
%D%/packages/patches/ruby-symlinkfix.patch \
%D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\
%D%/packages/patches/rush-CVE-2013-6889.patch \
%D%/packages/patches/sed-hurd-path-max.patch \
%D%/packages/patches/scheme48-tests.patch \
%D%/packages/patches/scotch-test-threading.patch \

View File

@ -210,16 +210,27 @@ application (for console or X terminals) and requires ncurses.")
(define-public pies
(package
(name "pies")
(version "1.2")
(version "1.3")
(source
(origin
(method url-fetch)
(uri (string-append "mirror://gnu/pies/pies-"
version ".tar.bz2"))
(sha256
(base32
"18w0dbg77i56cx1bwa789w0qi3l4xkkbascxcv2b6gbm0zmjg1g6"))))
(method url-fetch)
(uri (string-append "mirror://gnu/pies/pies-"
version ".tar.bz2"))
(sha256
(base32
"12r7rjjyibjdj08dvwbp0iflfpzl4s0zhn6cr6zj3hwf9gbzgl1g"))))
(build-system gnu-build-system)
(arguments
'(#:phases (modify-phases %standard-phases
(add-before 'build 'patch-/bin/sh
(lambda* (#:key inputs #:allow-other-keys)
;; Use the right shell when executing user-provided
;; shell commands.
(let ((bash (assoc-ref inputs "bash")))
(substitute* "src/progman.c"
(("\"/bin/sh\"")
(string-append "\"" bash "/bin/sh\"")))
#t))))))
(home-page "http://www.gnu.org/software/pies/")
(synopsis "Program invocation and execution supervisor")
(description
@ -1180,14 +1191,14 @@ environment variable is set and output is to tty.")
(define-public direvent
(package
(name "direvent")
(version "5.0")
(version "5.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/direvent/direvent-"
version ".tar.gz"))
(sha256
(base32
"1i14131y6m8wvirz6piw4zxz2q1kbpl0lniv5kl55rx4k372dg8z"))
"1nwvjmx7kb14ni34c0b8x9a3791pc20gvhj7xaj66d8q4h6n0qf4"))
(modules '((guix build utils)))
(snippet '(substitute* "tests/testsuite"
(("#![[:blank:]]?/bin/sh")
@ -1197,11 +1208,19 @@ environment variable is set and output is to tty.")
'(#:phases (alist-cons-before
'build 'patch-/bin/sh
(lambda* (#:key inputs #:allow-other-keys)
;; Use the right shell when executing the watcher.
;; Use the right shell when executing the watcher and
;; user-provided shell commands.
(let ((bash (assoc-ref inputs "bash")))
(substitute* "src/direvent.c"
(substitute* '("src/direvent.c" "src/progman.c")
(("\"/bin/sh\"")
(string-append "\"" bash "/bin/sh\"")))))
(string-append "\"" bash "/bin/sh\"")))
;; Adjust the 'shell.at' test accordingly.
(substitute* "tests/testsuite"
(("SHELL=/bin/sh")
(string-append "SHELL=" bash "/bin/sh")))
#t))
%standard-phases)))
(home-page "http://www.gnu.org/software/direvent/")
(synopsis "Daemon to monitor directories for events such as file removal")
@ -1846,3 +1865,60 @@ Kerberos and Heimdal and FAST is supported with recent MIT Kerberos.")
(license license:gpl1+)))
;;http://archives.eyrie.org/software/kerberos/pam-krb5-4.7.tar.xz
(define-public sunxi-tools
(package
(name "sunxi-tools")
(version "1.3")
(source
(origin
(method url-fetch)
(uri (string-append "https://github.com/linux-sunxi/"
"sunxi-tools/archive/v" version ".tar.gz"))
(sha256
(base32 "1iazm28gws1i8sls3gxwc5p108n56ags287zmh1rpvkn2k1az81a"))
(modules '((guix build utils)))
(snippet
;; Remove binaries contained in the tarball which are only for the
;; target and can be regenerated anyway.
'(delete-file-recursively "bin"))
(file-name (string-append name "-" version ".tar.gz"))))
(native-inputs
`(("pkg-config" ,pkg-config)))
(inputs
`(("libusb" ,libusb)))
(build-system gnu-build-system)
(arguments
`(#:tests? #f ; no tests exist
#:make-flags (list (string-append "PREFIX="
(assoc-ref %outputs "out"))
"TARGET_TOOLS=sunxi-pio sunxi-meminfo"
"CROSS_COMPILE=")
#:phases
(modify-phases %standard-phases
(add-after 'unpack 'fix-Makefile
(lambda _
(substitute* "Makefile"
;; Upstream adds Makefile and config.h as dependencies
;; of all their tools which means $^ would pass them to gcc.
;; gcc won't know what to do with a Makefile.
(("-o [$][@] [$]\\^") "-o $@ meminfo.c"))
#t))
(delete 'configure))))
(home-page "https://github.com/linux-sunxi/sunxi-tools")
(synopsis "Hardware management tools for Allwinner computers")
(description "This package contains tools for Allwinner devices:
@enumerate
@item @command{sunxi-fexc}, @command{bin2fex}, @command{fex2bin}: Compile
a textual description of a board (.fex) to a binary representation (.bin).
@item @command{sunxi-fel}: Puts an Allwinner device into FEL mode which
makes it register as a special USB device (rather than USB host).
You can then connect it to another computer and flash it from there.
@item @command{sunxi-nand-part}: Partitions NAND flash.
@item @command{sunxi-bootinfo}: Reads out boot0 and boot1 (Allwinner
bootloader) parameters.
@item @command{sunxi-pio}: Sets GPIO parameters and oscillates a GPIO
in order to be able to find it.
@item @command{sunxi-meminfo}: Prints memory bus settings.
@end enumerate")
(license license:gpl2+)))

View File

@ -3221,18 +3221,23 @@ form of assemblies or reads.")
license:cpl1.0)))) ; Open Bloom Filter
(define-public metabat
(package
(name "metabat")
(version "0.26.3")
(source (origin
(method url-fetch)
(uri (string-append
"https://bitbucket.org/berkeleylab/metabat/get/"
version ".tar.bz2"))
(file-name (string-append name "-" version ".tar.bz2"))
(sha256
(base32
"1vpfvgsn8wdsv1g7z73zxcncskx7dy7bw5msg1hhibk25ay11pyg"))))
;; We package from a git commit because compilation of the released version
;; fails.
(let ((commit "cbdca756993e66ae57e50a27970595dda9cbde1b"))
(package
(name "metabat")
(version (string-append "0.32.4-1." (string-take commit 8)))
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://bitbucket.org/berkeleylab/metabat.git")
(commit commit)))
(file-name (string-append name "-" version))
(sha256
(base32
"0byia8nsip6zvc4ha0qkxkxxyjf4x7jcvy48q2dvb0pzr989syzr"))
(patches (search-patches "metabat-remove-compilation-date.patch"))))
(build-system gnu-build-system)
(arguments
`(#:phases
@ -3299,7 +3304,7 @@ enables the study of individual organisms and their interactions. MetaBAT is
an automated metagenome binning software, which integrates empirical
probabilistic distances of genome abundance and tetranucleotide frequency.")
(license (license:non-copyleft "file://license.txt"
"See license.txt in the distribution."))))
"See license.txt in the distribution.")))))
(define-public minced
(package

View File

@ -92,14 +92,14 @@ highlighting your own code that seemed comprehensible when you wrote it.")
(define-public global ; a global variable
(package
(name "global")
(version "6.5.4")
(version "6.5.5")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/global/global-"
version ".tar.gz"))
(sha256
(base32
"19hxajpwld6qx0faz4rzyh1hfs25ycjmws6bas8pavx4hskf05mg"))))
"0yyg91qw8399lnxfai4bxkh9yq71qdwp9kvadgzp05cdqni44nxw"))))
(build-system gnu-build-system)
(inputs `(("ncurses" ,ncurses)
("libltdl" ,libltdl)

View File

@ -21,6 +21,7 @@
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix build-system gnu)
#:use-module (guix utils)
#:use-module (gnu packages)
#:use-module (gnu packages gnupg)
#:use-module (gnu packages popt)
@ -30,14 +31,15 @@
(define-public cryptsetup
(package
(name "cryptsetup")
(version "1.6.1")
(version "1.7.2")
(source (origin
(method url-fetch)
(uri (string-append "http://cryptsetup.googlecode.com/files/cryptsetup-"
version ".tar.bz2"))
(uri (string-append "mirror://kernel.org/linux/utils/cryptsetup/v"
(version-major+minor version)
"/" name "-" version ".tar.xz"))
(sha256
(base32
"170lalkhh2fa316d12i6r7jprm0yss3c949d91069sq37ik6xwxs"))))
"0hikwkkj692c955k29c4zixj8wp8k3z17jc6ihb4j5qcbyzmvcyv"))))
(build-system gnu-build-system)
(inputs
`(("libgcrypt" ,libgcrypt)
@ -55,4 +57,4 @@ passwords. In contrast to existing solutions, LUKS stores all setup necessary
setup information in the partition header, enabling the users to transport
or migrate their data seamlessly.")
(license license:gpl2)
(home-page "http://code.google.com/p/cryptsetup/")))
(home-page "https://gitlab.com/cryptsetup/cryptsetup")))

View File

@ -11,7 +11,7 @@
;;; Copyright © 2015, 2016 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015 David Hashe <david.hashe@dhashe.com>
;;; Copyright © 2015 Christopher Allan Webber <cwebber@dustycloud.org>
;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2015, 2016 Alex Kost <alezost@gmail.com>
;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org>
;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
@ -1185,6 +1185,7 @@ on the screen and keyboard to display letters.")
("ghc-mtl" ,ghc-mtl)
("ghc-random" ,ghc-random)
("ghc-glut" ,ghc-glut)
("freeglut" ,freeglut)
("ghc-opengl" ,ghc-opengl)
("ghc-sdl" ,ghc-sdl)
("ghc-sdl-image" ,ghc-sdl-image)
@ -2408,7 +2409,7 @@ capture it and get out alive?")
(define-public warzone2100
(package
(name "warzone2100")
(version "3.1.5")
(version "3.2.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/" name
@ -2416,16 +2417,22 @@ capture it and get out alive?")
".tar.xz"))
(sha256
(base32
"0hm49i2knvvg3wlnryv7h4m84s3qa7jfyym5yy6365sx8wzcrai1"))))
"1nd609s0g4sya3r4amhkz3f4dpdmm94vsd2ii76ap665a1nbfrhg"))))
(build-system gnu-build-system)
(arguments
`(#:phases (modify-phases %standard-phases
(add-after 'set-paths 'set-sdl-paths
(lambda* (#:key inputs #:allow-other-keys)
(setenv "CPATH"
(string-append (assoc-ref inputs "sdl-union")
"/include/SDL"))
#t)))))
`(#:phases
(modify-phases %standard-phases
(add-after 'unpack 'link-tests-with-qt
(lambda _
(substitute* "tests/Makefile.in"
(("(framework_linktest_LDADD|maptest_LDADD) = " prefix)
(string-append prefix "$(QT5_LIBS) ")))
#t))
(add-after 'unpack 'remove-reference-to-missing-file
(lambda _
(substitute* "icons/Makefile.in"
(("\\$\\(INSTALL_DATA\\) \\$\\(srcdir\\)/warzone2100.appdata.xml.*") ""))
#t)))))
(native-inputs `(("pkg-config" ,pkg-config)
("unzip" ,unzip)
("zip" ,zip)))
@ -2438,9 +2445,10 @@ capture it and get out alive?")
("libxrandr" ,libxrandr)
("openal" ,openal)
("physfs" ,physfs)
("qt", qt-4)
("qt" ,qt)
("openssl" ,openssl)
("quesoglc" ,quesoglc)
("sdl-union" ,(sdl-union))))
("sdl2" ,sdl2)))
(home-page "http://wz2100.net")
(synopsis "3D Real-time strategy and real-time tactics game")
(description
@ -2700,17 +2708,19 @@ with the \"Stamp\" tool within Tux Paint.")
(define-public supertux
(package
(name "supertux")
(version "0.4.0")
(version "0.5.0")
(source (origin
(method url-fetch)
(uri (string-append "https://github.com/SuperTux/supertux/releases/"
"download/v" version
"/supertux-" version ".tar.bz2"))
(uri (string-append "https://github.com/SuperTux/supertux/"
"releases/download/v" version "/SuperTux-v"
version "-Source.tar.gz"))
(sha256
(base32
"10ppmy6w77lxj8bdzjahc9bidgl4qgzr9rimn15rnqay84ydx3fi"))))
(arguments '(#:tests? #f
#:configure-flags '("-DINSTALL_SUBDIR_BIN=bin")))
"0fx7c7m6mfanqy7kln7yf6abb5l3r68picf32js2yls11jj0vbng"))))
(arguments
'(#:tests? #f
#:configure-flags '("-DINSTALL_SUBDIR_BIN=bin"
"-DENABLE_BOOST_STATIC_LIBS=OFF")))
(build-system cmake-build-system)
(inputs `(("sdl2" ,sdl2)
("sdl2-image" ,sdl2-image)
@ -2896,3 +2906,89 @@ extinguishing action, intense boss battles, a catchy soundtrack and lots of
throwing people around in pseudo-randomly generated buildings.")
(license (list license:zlib ; for source code
license:cc-by-sa3.0)))) ; for graphics and music assets
(define-public hyperrogue
(package
(name "hyperrogue")
(version "8.3j")
(source (origin
(method url-fetch)
(uri (string-append
"http://www.roguetemple.com/z/hyper/"
name "-83j.zip"))
(sha256
(base32
"1ag95d84m4j0rqyn9hj7655znixw2j57bpf93nk14nfy02xz1g6p"))
(modules '((guix build utils)))
;; Remove .exe and .dll files.
(snippet
'(for-each delete-file (find-files "." "\\.(exe|dll)$")))))
(build-system gnu-build-system)
(arguments
'(#:tests? #f ; no check target
#:make-flags '("-Csrc")
#:phases
(modify-phases %standard-phases
(add-after 'set-paths 'set-sdl-paths
(lambda* (#:key inputs #:allow-other-keys)
(setenv "CPATH"
(string-append (assoc-ref inputs "sdl-union")
"/include/SDL"))))
;; Fix font and music paths.
(replace 'configure
(lambda* (#:key inputs outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out"))
(dejavu-dir (string-append
(assoc-ref inputs "font-dejavu")
"/share/fonts/truetype"))
(dejavu-font "DejaVuSans-Bold.ttf")
(music-file "hyperrogue-music.txt"))
(with-directory-excursion "src"
(substitute* "graph.cpp"
((dejavu-font)
(string-append dejavu-dir "/" dejavu-font))
(((string-append "\\./" music-file))
(string-append out "/share/hyperrogue/" music-file)))
(substitute* music-file
(("\\*/")
(string-append out "/share/hyperrogue/")))))
#t))
(replace 'install
(lambda* (#:key inputs outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
(bin (string-append out "/bin"))
(share-dir (string-append out "/share/hyperrogue")))
(mkdir-p bin)
(copy-file "src/hyper" (string-append bin "/hyperrogue"))
(mkdir-p share-dir)
(copy-file "src/hyperrogue-music.txt"
(string-append share-dir "/hyperrogue-music.txt"))
(for-each (lambda (file)
(copy-file file (string-append share-dir "/" file)))
(find-files "." "\\.ogg$")))
#t)))))
(inputs
`(("font-dejavu" ,font-dejavu)
("glew" ,glew)
("libpng" ,libpng)
("sdl-union" ,(sdl-union (list sdl
sdl-gfx
sdl-mixer
sdl-ttf)))))
(home-page "http://www.roguetemple.com/z/hyper/")
(synopsis "Non-euclidean graphical rogue-like game")
(description
"HyperRogue is a game in which the player collects treasures and fights
monsters -- rogue-like but for the fact that it is played on the hyperbolic
plane and not in euclidean space.
In HyperRogue, the player can move through different parts of the world, which
are home to particular creatures and may be subject to own rules of \"physics\".
While it can use ASCII characters to display the world the classical rogue
symbols, the game needs graphics to render the non-euclidean world.")
(license (list license:bsd-3 ; src/glew.c, src/mtrand.*
license:cc-by-sa3.0 ; *.ogg
license:public-domain ; src/direntx.*
license:zlib ; src/savepng.*
license:gpl2+)))) ; remaining files

View File

@ -776,14 +776,14 @@ effective code.")
(define-public gnu-c-manual
(package
(name "gnu-c-manual")
(version "0.2.4")
(version "0.2.5")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/gnu-c-manual/gnu-c-manual-"
version ".tar.gz"))
(sha256
(base32
"0cf4503shr7hxkbrjfi9dky6q2lqk95bgbgbjmvj2s2x312kakd9"))))
"1sfsj9256w18qzylgag2h5h377aq8in8929svblfnj9svfriqcys"))))
(build-system gnu-build-system)
(native-inputs `(("texinfo" ,texinfo)))
(arguments

View File

@ -42,7 +42,7 @@
(define-public gnucash
(package
(name "gnucash")
(version "2.6.12")
(version "2.6.14")
(source
(origin
(method url-fetch)
@ -50,7 +50,7 @@
version "/gnucash-" version ".tar.bz2"))
(sha256
(base32
"0x84f07p30pwhriamv8ifljgw755cj87rc12jy1xddf47spyj7rp"))
"0xcf2nl3v6zsablmla20v283x3r0jdpixcbp37mzap82lln4y51v"))
(patches (search-patches "gnucash-price-quotes-perl.patch"))))
(build-system gnu-build-system)
(inputs

View File

@ -34,14 +34,18 @@
#:use-module (gnu packages glib)
#:use-module (gnu packages gnome)
#:use-module (gnu packages gnupg)
#:use-module (gnu packages gnuzilla)
#:use-module (gnu packages groff)
#:use-module (gnu packages gtk)
#:use-module (gnu packages guile)
#:use-module (gnu packages gstreamer)
#:use-module (gnu packages libidn)
#:use-module (gnu packages linux)
#:use-module (gnu packages image)
#:use-module (gnu packages libunistring)
#:use-module (gnu packages maths)
#:use-module (gnu packages multiprecision)
#:use-module (gnu packages ncurses)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages perl)
#:use-module (gnu packages pulseaudio)
@ -49,6 +53,7 @@
#:use-module (gnu packages databases)
#:use-module (gnu packages tls)
#:use-module (gnu packages video)
#:use-module (gnu packages web)
#:use-module (gnu packages xiph)
#:use-module (gnu packages backup)
#:use-module ((guix licenses) #:prefix license:)
@ -217,8 +222,9 @@ supports HTTP, HTTPS and GnuTLS.")
(method url-fetch)
(uri (string-append "mirror://gnu/gnunet/gnunet-" version
".tar.gz"))
(sha256 (base32
"04wxzm3wkgqbn42b8ksr4cx6m5cckyig5cls1adh0nwdczwvnp7n"))))
(sha256
(base32
"04wxzm3wkgqbn42b8ksr4cx6m5cckyig5cls1adh0nwdczwvnp7n"))))
(build-system gnu-build-system)
(inputs
`(("glpk" ,glpk)
@ -229,17 +235,24 @@ supports HTTP, HTTPS and GnuTLS.")
("libextractor" ,libextractor)
("libgcrypt" ,libgcrypt)
("libidn" ,libidn)
("libmicrohttpd" ,libmicrohttpd)
("libmicrohttpd" ,libmicrohttpd) ; hostlist, pt, contrib, and more
("libltdl" ,libltdl)
("libunistring" ,libunistring)
("openssl" ,openssl)
("opus" ,opus)
("pulseaudio" ,pulseaudio)
("sqlite" ,sqlite)
("zlib" ,zlib)))
("libunistring" ,libunistring) ; fs and more
("openssl" ,openssl) ; transport, certificate creation, contribs
("opus" ,opus) ; gnunet-conversation
("pulseaudio" ,pulseaudio) ; conversation
("sqlite" ,sqlite) ; sqlite bindings, *store
("zlib" ,zlib)
("perl" ,perl) ; doxygen and more
("jansson" ,jansson) ; identity, taler (external), gnunet-json, gns
("nss" ,nss) ; gns
("gmp" ,gmp) ; util
("bluez" ,bluez) ; gnunet-transport
("glib" ,glib)
("libogg" ,libogg) ; gnunet-conversation
("python-2" ,python-2))) ; tests, gnunet-qr
(native-inputs
`(("pkg-config" ,pkg-config)
("python" ,python-2)))
`(("pkg-config" ,pkg-config)))
(arguments
'(#:configure-flags
(list (string-append "--with-nssdir=" %output "/lib"))

View File

@ -275,10 +275,9 @@ in the Mozilla clients.")
(propagated-inputs `(("nspr" ,nspr))) ; required by nss.pc.
(native-inputs `(("perl" ,perl)))
;; The NSS test suite takes over 28 hours on Loongson 3A (MIPS), and
;; possibly longer when another build is happening concurrently on the
;; same machine.
(properties '((timeout . 144000))) ; 40 hours
;; The NSS test suite takes around 48 hours on Loongson 3A (MIPS) when
;; another build is happening concurrently on the same machine.
(properties '((timeout . 216000))) ; 60 hours
(home-page
"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS")

View File

@ -98,13 +98,23 @@
(arguments
'(;; Two warnings: suggest braces, signed/unsigned comparison.
#:configure-flags '("--disable-werror")
#:phases (modify-phases %standard-phases
(add-after
'unpack 'patch-stuff
(add-after 'unpack 'patch-stuff
(lambda* (#:key inputs #:allow-other-keys)
(substitute* "grub-core/Makefile.in"
(("/bin/sh") (which "sh")))
;; Give the absolute file name of 'mdadm', used to
;; determine the root file system when it's a RAID
;; device. Failing to do that, 'grub-probe' silently
;; fails if 'mdadm' is not in $PATH.
(substitute* "grub-core/osdep/linux/getroot.c"
(("argv\\[0\\] = \"mdadm\"")
(string-append "argv[0] = \""
(assoc-ref inputs "mdadm")
"/sbin/mdadm\"")))
;; Make the font visible.
(copy-file (assoc-ref inputs "unifont") "unifont.bdf.gz")
(system* "gunzip" "unifont.bdf.gz")
@ -119,6 +129,7 @@
(inputs
`(;; ("lvm2" ,lvm2)
("gettext" ,gettext-minimal)
("mdadm" ,mdadm)
("freetype" ,freetype)
;; ("libusb" ,libusb)
;; ("fuse" ,fuse)

View File

@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
# Linux/x86 4.7.0-gnu Kernel Configuration
# Linux/x86 4.8.0-gnu Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
@ -36,7 +36,6 @@ CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y
CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y
CONFIG_HAVE_INTEL_TXT=y
CONFIG_X86_32_SMP=y
CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-ecx -fcall-saved-edx"
CONFIG_ARCH_SUPPORTS_UPROBES=y
CONFIG_FIX_EARLYCON_MEM=y
CONFIG_DEBUG_RODATA=y
@ -231,6 +230,7 @@ CONFIG_SLUB_DEBUG=y
# CONFIG_SLAB is not set
CONFIG_SLUB=y
# CONFIG_SLOB is not set
CONFIG_SLAB_FREELIST_RANDOM=y
CONFIG_SLUB_CPU_PARTIAL=y
# CONFIG_SYSTEM_DATA_VERIFICATION is not set
CONFIG_PROFILING=y
@ -278,11 +278,15 @@ CONFIG_HAVE_CMPXCHG_DOUBLE=y
CONFIG_ARCH_WANT_IPC_PARSE_VERSION=y
CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
CONFIG_SECCOMP_FILTER=y
CONFIG_HAVE_GCC_PLUGINS=y
CONFIG_GCC_PLUGINS=y
# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set
CONFIG_HAVE_CC_STACKPROTECTOR=y
CONFIG_CC_STACKPROTECTOR=y
# CONFIG_CC_STACKPROTECTOR_NONE is not set
# CONFIG_CC_STACKPROTECTOR_REGULAR is not set
CONFIG_CC_STACKPROTECTOR_STRONG=y
CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y
CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y
CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y
CONFIG_HAVE_ARCH_HUGE_VMAP=y
@ -548,6 +552,7 @@ CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
CONFIG_TRANSPARENT_HUGEPAGE=y
CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS=y
# CONFIG_TRANSPARENT_HUGEPAGE_MADVISE is not set
CONFIG_TRANSPARENT_HUGE_PAGECACHE=y
CONFIG_CLEANCACHE=y
CONFIG_FRONTSWAP=y
CONFIG_CMA=y
@ -649,6 +654,7 @@ CONFIG_ACPI_VIDEO=m
CONFIG_ACPI_FAN=y
CONFIG_ACPI_DOCK=y
CONFIG_ACPI_CPU_FREQ_PSS=y
CONFIG_ACPI_PROCESSOR_CSTATE=y
CONFIG_ACPI_PROCESSOR_IDLE=y
CONFIG_ACPI_PROCESSOR=y
CONFIG_ACPI_IPMI=m
@ -657,6 +663,7 @@ CONFIG_ACPI_PROCESSOR_AGGREGATOR=m
CONFIG_ACPI_THERMAL=y
CONFIG_ACPI_CUSTOM_DSDT_FILE=""
# CONFIG_ACPI_CUSTOM_DSDT is not set
CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y
CONFIG_ACPI_TABLE_UPGRADE=y
# CONFIG_ACPI_DEBUG is not set
CONFIG_ACPI_PCI_SLOT=y
@ -678,8 +685,10 @@ CONFIG_ACPI_APEI_GHES=y
CONFIG_ACPI_APEI_PCIEAER=y
CONFIG_ACPI_APEI_EINJ=m
# CONFIG_ACPI_APEI_ERST_DEBUG is not set
CONFIG_DPTF_POWER=m
CONFIG_ACPI_EXTLOG=m
# CONFIG_PMIC_OPREGION is not set
CONFIG_ACPI_CONFIGFS=m
CONFIG_SFI=y
CONFIG_X86_APM_BOOT=y
CONFIG_APM=m
@ -774,7 +783,7 @@ CONFIG_PCIEASPM_DEFAULT=y
# CONFIG_PCIEASPM_POWERSAVE is not set
# CONFIG_PCIEASPM_PERFORMANCE is not set
CONFIG_PCIE_PME=y
CONFIG_PCIE_DPC=m
CONFIG_PCIE_DPC=y
CONFIG_PCI_BUS_ADDR_T_64BIT=y
CONFIG_PCI_MSI=y
CONFIG_PCI_MSI_IRQ_DOMAIN=y
@ -844,6 +853,7 @@ CONFIG_RAPIDIO_DISC_TIMEOUT=30
CONFIG_RAPIDIO_DMA_ENGINE=y
# CONFIG_RAPIDIO_DEBUG is not set
CONFIG_RAPIDIO_ENUM_BASIC=m
CONFIG_RAPIDIO_CHMAN=m
CONFIG_RAPIDIO_MPORT_CDEV=m
#
@ -853,6 +863,7 @@ CONFIG_RAPIDIO_TSI57X=m
CONFIG_RAPIDIO_CPS_XX=m
CONFIG_RAPIDIO_TSI568=m
CONFIG_RAPIDIO_CPS_GEN2=m
CONFIG_RAPIDIO_RXS_GEN3=m
# CONFIG_X86_SYSFB is not set
#
@ -935,6 +946,7 @@ CONFIG_TCP_CONG_HTCP=m
CONFIG_TCP_CONG_HSTCP=m
CONFIG_TCP_CONG_HYBLA=m
CONFIG_TCP_CONG_VEGAS=m
CONFIG_TCP_CONG_NV=m
CONFIG_TCP_CONG_SCALABLE=m
CONFIG_TCP_CONG_LP=m
CONFIG_TCP_CONG_VENO=m
@ -1451,6 +1463,7 @@ CONFIG_NET_CLS_FLOW=m
CONFIG_NET_CLS_CGROUP=m
CONFIG_NET_CLS_BPF=m
CONFIG_NET_CLS_FLOWER=m
CONFIG_NET_CLS_MATCHALL=m
CONFIG_NET_EMATCH=y
CONFIG_NET_EMATCH_STACK=32
CONFIG_NET_EMATCH_CMP=m
@ -1494,6 +1507,8 @@ CONFIG_OPENVSWITCH_VXLAN=m
CONFIG_OPENVSWITCH_GENEVE=m
CONFIG_VSOCKETS=m
CONFIG_VMWARE_VMCI_VSOCKETS=m
CONFIG_VIRTIO_VSOCKETS=m
CONFIG_VIRTIO_VSOCKETS_COMMON=m
CONFIG_NETLINK_DIAG=m
CONFIG_MPLS=y
CONFIG_NET_MPLS_GSO=m
@ -1502,6 +1517,7 @@ CONFIG_MPLS_IPTUNNEL=m
CONFIG_HSR=m
# CONFIG_NET_SWITCHDEV is not set
CONFIG_NET_L3_MASTER_DEV=y
CONFIG_NET_NCSI=y
CONFIG_RPS=y
CONFIG_RFS_ACCEL=y
CONFIG_XPS=y
@ -1966,6 +1982,7 @@ CONFIG_MTD_NAND_CS553X=m
CONFIG_MTD_NAND_NANDSIM=m
CONFIG_MTD_NAND_PLATFORM=m
CONFIG_MTD_NAND_HISI504=m
CONFIG_MTD_NAND_MTK=m
CONFIG_MTD_ONENAND=m
CONFIG_MTD_ONENAND_VERIFY_WRITE=y
CONFIG_MTD_ONENAND_GENERIC=m
@ -2043,7 +2060,6 @@ CONFIG_PARIDE_ON20=m
CONFIG_PARIDE_ON26=m
CONFIG_BLK_DEV_PCIESSD_MTIP32XX=m
CONFIG_ZRAM=m
CONFIG_ZRAM_LZ4_COMPRESS=y
CONFIG_BLK_CPQ_CISS_DA=m
CONFIG_CISS_SCSI_TAPE=y
CONFIG_BLK_DEV_DAC960=m
@ -2074,6 +2090,11 @@ CONFIG_BLK_DEV_RSXX=m
CONFIG_NVME_CORE=m
CONFIG_BLK_DEV_NVME=m
# CONFIG_BLK_DEV_NVME_SCSI is not set
CONFIG_NVME_FABRICS=m
CONFIG_NVME_RDMA=m
CONFIG_NVME_TARGET=m
CONFIG_NVME_TARGET_LOOP=m
CONFIG_NVME_TARGET_RDMA=m
#
# Misc devices
@ -2097,7 +2118,6 @@ CONFIG_APDS9802ALS=m
CONFIG_ISL29003=m
CONFIG_ISL29020=m
CONFIG_SENSORS_TSL2550=m
CONFIG_SENSORS_BH1780=m
CONFIG_SENSORS_BH1770=m
CONFIG_SENSORS_APDS990X=m
CONFIG_HMC6352=m
@ -2177,10 +2197,10 @@ CONFIG_VMWARE_VMCI=m
#
# VOP Driver
#
CONFIG_VHOST_RING=m
CONFIG_ECHO=m
# CONFIG_CXL_BASE is not set
# CONFIG_CXL_KERNEL_API is not set
# CONFIG_CXL_EEH is not set
# CONFIG_CXL_AFU_DRIVER_OPS is not set
CONFIG_HAVE_IDE=y
# CONFIG_IDE is not set
@ -2273,7 +2293,9 @@ CONFIG_SCSI_MPT3SAS_MAX_SGE=128
CONFIG_SCSI_MPT2SAS=m
CONFIG_SCSI_UFSHCD=m
CONFIG_SCSI_UFSHCD_PCI=m
# CONFIG_SCSI_UFS_DWC_TC_PCI is not set
CONFIG_SCSI_UFSHCD_PLATFORM=m
# CONFIG_SCSI_UFS_DWC_TC_PLATFORM is not set
CONFIG_SCSI_HPTIOP=m
CONFIG_SCSI_BUSLOGIC=m
CONFIG_SCSI_FLASHPOINT=y
@ -2620,11 +2642,6 @@ CONFIG_CAIF_SPI_SLAVE=m
# CONFIG_CAIF_SPI_SYNC is not set
CONFIG_CAIF_HSI=m
CONFIG_CAIF_VIRTIO=m
CONFIG_VHOST_NET=m
CONFIG_VHOST_SCSI=m
CONFIG_VHOST_RING=m
CONFIG_VHOST=m
# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set
#
# Distributed Switch Architecture drivers
@ -2674,8 +2691,6 @@ CONFIG_CNIC=m
CONFIG_TIGON3=m
CONFIG_BNX2X=m
CONFIG_BNX2X_SRIOV=y
CONFIG_BNX2X_VXLAN=y
# CONFIG_BNX2X_GENEVE is not set
CONFIG_BNXT=m
CONFIG_BNXT_SRIOV=y
CONFIG_NET_VENDOR_BROCADE=y
@ -2687,9 +2702,9 @@ CONFIG_CHELSIO_T1_1G=y
CONFIG_CHELSIO_T3=m
CONFIG_CHELSIO_T4=m
CONFIG_CHELSIO_T4_DCB=y
CONFIG_CHELSIO_T4_UWIRE=y
CONFIG_CHELSIO_T4_FCOE=y
CONFIG_CHELSIO_T4VF=m
CONFIG_CHELSIO_LIB=m
CONFIG_NET_VENDOR_CIRRUS=y
CONFIG_CS89x0=m
CONFIG_CS89x0_PLATFORM=y
@ -2717,7 +2732,6 @@ CONFIG_SUNDANCE=m
CONFIG_NET_VENDOR_EMULEX=y
CONFIG_BE2NET=m
CONFIG_BE2NET_HWMON=y
CONFIG_BE2NET_VXLAN=y
CONFIG_NET_VENDOR_EZCHIP=y
CONFIG_NET_VENDOR_EXAR=y
CONFIG_S2IO=m
@ -2737,18 +2751,14 @@ CONFIG_IGB_HWMON=y
CONFIG_IGBVF=m
CONFIG_IXGB=m
CONFIG_IXGBE=m
CONFIG_IXGBE_VXLAN=y
CONFIG_IXGBE_HWMON=y
CONFIG_IXGBE_DCB=y
CONFIG_IXGBEVF=m
CONFIG_I40E=m
CONFIG_I40E_VXLAN=y
CONFIG_I40E_GENEVE=y
CONFIG_I40E_DCB=y
CONFIG_I40E_FCOE=y
CONFIG_I40EVF=m
CONFIG_FM10K=m
CONFIG_FM10K_VXLAN=y
CONFIG_NET_VENDOR_I825XX=y
CONFIG_JME=m
CONFIG_NET_VENDOR_MARVELL=y
@ -2762,7 +2772,6 @@ CONFIG_SKY2=m
CONFIG_NET_VENDOR_MELLANOX=y
CONFIG_MLX4_EN=m
CONFIG_MLX4_EN_DCB=y
CONFIG_MLX4_EN_VXLAN=y
CONFIG_MLX4_CORE=m
CONFIG_MLX4_DEBUG=y
CONFIG_MLX5_CORE=m
@ -2809,15 +2818,12 @@ CONFIG_QLA3XXX=m
CONFIG_QLCNIC=m
CONFIG_QLCNIC_SRIOV=y
CONFIG_QLCNIC_DCB=y
CONFIG_QLCNIC_VXLAN=y
CONFIG_QLCNIC_HWMON=y
CONFIG_QLGE=m
CONFIG_NETXEN_NIC=m
CONFIG_QED=m
CONFIG_QED_SRIOV=y
CONFIG_QEDE=m
# CONFIG_QEDE_VXLAN is not set
# CONFIG_QEDE_GENEVE is not set
CONFIG_NET_VENDOR_QUALCOMM=y
CONFIG_NET_VENDOR_REALTEK=y
CONFIG_ATP=m
@ -2888,6 +2894,7 @@ CONFIG_SKFP=m
# CONFIG_HIPPI is not set
CONFIG_NET_SB1000=m
CONFIG_PHYLIB=y
CONFIG_SWPHY=y
#
# MII PHY device drivers
@ -2920,6 +2927,7 @@ CONFIG_FIXED_PHY=y
CONFIG_MDIO_BITBANG=m
CONFIG_MDIO_GPIO=m
CONFIG_MDIO_BCM_UNIMAC=m
CONFIG_INTEL_XWAY_PHY=m
CONFIG_MICREL_KS8995MA=m
CONFIG_PLIP=m
CONFIG_PPP=y
@ -3540,6 +3548,7 @@ CONFIG_TABLET_USB_AIPTEK=m
CONFIG_TABLET_USB_GTCO=m
CONFIG_TABLET_USB_HANWANG=m
CONFIG_TABLET_USB_KBTAB=m
CONFIG_TABLET_USB_PEGASUS=m
CONFIG_TABLET_SERIAL_WACOM4=m
CONFIG_INPUT_TOUCHSCREEN=y
CONFIG_TOUCHSCREEN_PROPERTIES=y
@ -3623,8 +3632,12 @@ CONFIG_TOUCHSCREEN_TSC2004=m
CONFIG_TOUCHSCREEN_TSC2005=m
CONFIG_TOUCHSCREEN_TSC2007=m
CONFIG_TOUCHSCREEN_PCAP=m
CONFIG_TOUCHSCREEN_RM_TS=m
CONFIG_TOUCHSCREEN_SILEAD=m
CONFIG_TOUCHSCREEN_SIS_I2C=m
CONFIG_TOUCHSCREEN_ST1232=m
CONFIG_TOUCHSCREEN_SUR40=m
CONFIG_TOUCHSCREEN_SURFACE3_SPI=m
CONFIG_TOUCHSCREEN_SX8654=m
CONFIG_TOUCHSCREEN_TPS6507X=m
CONFIG_TOUCHSCREEN_ZFORCE=m
@ -3823,7 +3836,6 @@ CONFIG_IPMI_HANDLER=m
# CONFIG_IPMI_PANIC_EVENT is not set
CONFIG_IPMI_DEVICE_INTERFACE=m
CONFIG_IPMI_SI=m
CONFIG_IPMI_SI_PROBE_DEFAULTS=y
CONFIG_IPMI_SSIF=m
CONFIG_IPMI_WATCHDOG=m
CONFIG_IPMI_POWEROFF=m
@ -3859,7 +3871,9 @@ CONFIG_HPET_MMAP=y
CONFIG_HPET_MMAP_DEFAULT=y
CONFIG_HANGCHECK_TIMER=m
CONFIG_TCG_TPM=y
CONFIG_TCG_TIS_CORE=y
CONFIG_TCG_TIS=y
CONFIG_TCG_TIS_SPI=m
CONFIG_TCG_TIS_I2C_ATMEL=m
CONFIG_TCG_TIS_I2C_INFINEON=m
CONFIG_TCG_TIS_I2C_NUVOTON=m
@ -3868,6 +3882,7 @@ CONFIG_TCG_ATMEL=m
CONFIG_TCG_INFINEON=m
CONFIG_TCG_XEN=m
CONFIG_TCG_CRB=m
CONFIG_TCG_VTPM_PROXY=m
CONFIG_TCG_TIS_ST33ZP24=m
CONFIG_TCG_TIS_ST33ZP24_I2C=m
CONFIG_TCG_TIS_ST33ZP24_SPI=m
@ -4058,10 +4073,10 @@ CONFIG_GENERIC_PINCONF=y
CONFIG_PINCTRL_AMD=y
CONFIG_PINCTRL_BAYTRAIL=y
CONFIG_PINCTRL_CHERRYVIEW=m
CONFIG_PINCTRL_MERRIFIELD=m
CONFIG_PINCTRL_INTEL=m
CONFIG_PINCTRL_BROXTON=m
CONFIG_PINCTRL_SUNRISEPOINT=m
CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y
CONFIG_GPIOLIB=y
CONFIG_GPIO_DEVRES=y
CONFIG_GPIO_ACPI=y
@ -4140,6 +4155,7 @@ CONFIG_GPIO_WM8994=m
#
CONFIG_GPIO_AMD8111=m
CONFIG_GPIO_INTEL_MID=y
CONFIG_GPIO_MERRIFIELD=m
CONFIG_GPIO_ML_IOH=m
CONFIG_GPIO_PCH=m
CONFIG_GPIO_RDC321X=m
@ -4154,7 +4170,6 @@ CONFIG_GPIO_PISOSR=m
#
# SPI or I2C GPIO expanders
#
CONFIG_GPIO_MCP23S08=m
#
# USB GPIO expanders
@ -4289,6 +4304,7 @@ CONFIG_SENSORS_F71882FG=m
CONFIG_SENSORS_F75375S=m
CONFIG_SENSORS_MC13783_ADC=m
CONFIG_SENSORS_FSCHMD=m
CONFIG_SENSORS_FTSTEUTATES=m
CONFIG_SENSORS_GL518SM=m
CONFIG_SENSORS_GL520SM=m
CONFIG_SENSORS_G760A=m
@ -4367,6 +4383,7 @@ CONFIG_SENSORS_UCD9200=m
CONFIG_SENSORS_ZL6100=m
CONFIG_SENSORS_SHT15=m
CONFIG_SENSORS_SHT21=m
CONFIG_SENSORS_SHT3x=m
CONFIG_SENSORS_SHTC1=m
CONFIG_SENSORS_SIS5595=m
CONFIG_SENSORS_DME1737=m
@ -4387,6 +4404,7 @@ CONFIG_SENSORS_ADS7871=m
CONFIG_SENSORS_AMC6821=m
CONFIG_SENSORS_INA209=m
CONFIG_SENSORS_INA2XX=m
CONFIG_SENSORS_INA3221=m
CONFIG_SENSORS_TC74=m
CONFIG_SENSORS_THMC50=m
CONFIG_SENSORS_TMP102=m
@ -4462,7 +4480,6 @@ CONFIG_XILINX_WATCHDOG=m
CONFIG_ZIIRAVE_WATCHDOG=m
CONFIG_CADENCE_WATCHDOG=m
CONFIG_DW_WATCHDOG=m
CONFIG_RN5T618_WATCHDOG=m
CONFIG_TWL4030_WATCHDOG=m
CONFIG_MAX63XX_WATCHDOG=m
CONFIG_RETU_WATCHDOG=m
@ -4558,6 +4575,7 @@ CONFIG_BCMA_HOST_PCI_POSSIBLE=y
CONFIG_BCMA_HOST_PCI=y
CONFIG_BCMA_HOST_SOC=y
CONFIG_BCMA_DRIVER_PCI=y
CONFIG_BCMA_SFLASH=y
CONFIG_BCMA_DRIVER_GMAC_CMN=y
CONFIG_BCMA_DRIVER_GPIO=y
# CONFIG_BCMA_DEBUG is not set
@ -4624,7 +4642,6 @@ CONFIG_MFD_RTSX_PCI=m
CONFIG_MFD_RT5033=m
CONFIG_MFD_RTSX_USB=m
CONFIG_MFD_RC5T583=y
CONFIG_MFD_RN5T618=m
CONFIG_MFD_SEC_CORE=y
CONFIG_MFD_SI476X_CORE=m
CONFIG_MFD_SM501=m
@ -4722,6 +4739,7 @@ CONFIG_REGULATOR_MC13XXX_CORE=m
CONFIG_REGULATOR_MC13783=m
CONFIG_REGULATOR_MC13892=m
CONFIG_REGULATOR_MT6311=m
CONFIG_REGULATOR_MT6323=m
CONFIG_REGULATOR_MT6397=m
CONFIG_REGULATOR_PALMAS=m
CONFIG_REGULATOR_PCAP=m
@ -4733,7 +4751,6 @@ CONFIG_REGULATOR_PV88090=m
CONFIG_REGULATOR_PWM=m
CONFIG_REGULATOR_QCOM_SPMI=m
CONFIG_REGULATOR_RC5T583=m
CONFIG_REGULATOR_RN5T618=m
CONFIG_REGULATOR_RT5033=m
CONFIG_REGULATOR_S2MPA01=m
CONFIG_REGULATOR_S2MPS11=m
@ -4768,6 +4785,7 @@ CONFIG_MEDIA_DIGITAL_TV_SUPPORT=y
CONFIG_MEDIA_RADIO_SUPPORT=y
CONFIG_MEDIA_SDR_SUPPORT=y
CONFIG_MEDIA_RC_SUPPORT=y
CONFIG_MEDIA_CEC_EDID=y
CONFIG_MEDIA_CONTROLLER=y
# CONFIG_MEDIA_CONTROLLER_DVB is not set
CONFIG_VIDEO_DEV=m
@ -4781,7 +4799,6 @@ CONFIG_V4L2_FLASH_LED_CLASS=m
CONFIG_VIDEOBUF_GEN=m
CONFIG_VIDEOBUF_DMA_SG=m
CONFIG_VIDEOBUF_VMALLOC=m
CONFIG_VIDEOBUF_DMA_CONTIG=m
CONFIG_VIDEOBUF_DVB=m
CONFIG_VIDEOBUF2_CORE=m
CONFIG_VIDEOBUF2_MEMOPS=m
@ -5185,7 +5202,6 @@ CONFIG_VIDEO_SAA6588=m
#
# Video decoders
#
CONFIG_VIDEO_ADV7180=m
CONFIG_VIDEO_ADV7604=m
CONFIG_VIDEO_ADV7842=m
CONFIG_VIDEO_BT819=m
@ -5315,6 +5331,8 @@ CONFIG_DVB_M88DS3103=m
CONFIG_DVB_DRXK=m
CONFIG_DVB_TDA18271C2DD=m
CONFIG_DVB_SI2165=m
CONFIG_DVB_MN88472=m
CONFIG_DVB_MN88473=m
#
# DVB-S (satellite) frontends
@ -5440,6 +5458,7 @@ CONFIG_DVB_M88RS2000=m
CONFIG_DVB_AF9033=m
CONFIG_DVB_HORUS3A=m
CONFIG_DVB_ASCOT2E=m
CONFIG_DVB_HELENE=m
#
# Tools to develop new frontends
@ -5476,7 +5495,6 @@ CONFIG_DRM_TTM=m
#
# I2C encoder or helper chips
#
CONFIG_DRM_I2C_ADV7511=m
CONFIG_DRM_I2C_CH7006=m
CONFIG_DRM_I2C_SIL164=m
CONFIG_DRM_I2C_NXP_TDA998X=m
@ -5502,6 +5520,7 @@ CONFIG_DRM_I810=m
CONFIG_DRM_I915=m
# CONFIG_DRM_I915_PRELIMINARY_HW_SUPPORT is not set
CONFIG_DRM_I915_USERPTR=y
# CONFIG_DRM_I915_GVT is not set
#
# drm/i915 Debugging
@ -5954,6 +5973,7 @@ CONFIG_SND_SOC_TOPOLOGY=y
CONFIG_SND_SOC_AMD_ACP=m
CONFIG_SND_ATMEL_SOC=m
CONFIG_SND_DESIGNWARE_I2S=m
CONFIG_SND_DESIGNWARE_PCM=m
#
# SoC Audio for Freescale CPUs
@ -5975,9 +5995,14 @@ CONFIG_SND_SST_IPC=m
CONFIG_SND_SST_IPC_PCI=m
CONFIG_SND_SST_IPC_ACPI=m
CONFIG_SND_SOC_INTEL_SST=m
CONFIG_SND_SOC_INTEL_SST_FIRMWARE=m
CONFIG_SND_SOC_INTEL_SST_ACPI=m
CONFIG_SND_SOC_INTEL_SST_MATCH=m
CONFIG_SND_SOC_INTEL_HASWELL=m
CONFIG_SND_SOC_INTEL_HASWELL_MACH=m
CONFIG_SND_SOC_INTEL_BXT_DA7219_MAX98357A_MACH=m
CONFIG_SND_SOC_INTEL_BXT_RT298_MACH=m
CONFIG_SND_SOC_INTEL_BROADWELL_MACH=m
CONFIG_SND_SOC_INTEL_BYTCR_RT5640_MACH=m
CONFIG_SND_SOC_INTEL_BYTCR_RT5651_MACH=m
CONFIG_SND_SOC_INTEL_CHT_BSW_RT5672_MACH=m
@ -5992,6 +6017,7 @@ CONFIG_SND_SOC_INTEL_SKL_NAU88L25_MAX98357A_MACH=m
# Allwinner SoC Audio support
#
CONFIG_SND_SUN4I_CODEC=m
CONFIG_SND_SUN4I_I2S=m
CONFIG_SND_SOC_XTFPGA_I2S=m
CONFIG_SND_SOC_I2C_AND_SPI=m
@ -6000,13 +6026,16 @@ CONFIG_SND_SOC_I2C_AND_SPI=m
#
CONFIG_SND_SOC_AC97_CODEC=m
CONFIG_SND_SOC_ADAU1701=m
CONFIG_SND_SOC_ADAU7002=m
CONFIG_SND_SOC_AK4104=m
CONFIG_SND_SOC_AK4554=m
CONFIG_SND_SOC_AK4613=m
CONFIG_SND_SOC_AK4642=m
CONFIG_SND_SOC_AK5386=m
CONFIG_SND_SOC_ALC5623=m
CONFIG_SND_SOC_BT_SCO=m
CONFIG_SND_SOC_CS35L32=m
CONFIG_SND_SOC_CS35L33=m
CONFIG_SND_SOC_CS42L51=m
CONFIG_SND_SOC_CS42L51_I2C=m
CONFIG_SND_SOC_CS42L52=m
@ -6020,6 +6049,8 @@ CONFIG_SND_SOC_CS4271_SPI=m
CONFIG_SND_SOC_CS42XX8=m
CONFIG_SND_SOC_CS42XX8_I2C=m
CONFIG_SND_SOC_CS4349=m
CONFIG_SND_SOC_CS53L30=m
CONFIG_SND_SOC_DA7219=m
CONFIG_SND_SOC_DMIC=m
CONFIG_SND_SOC_ES8328=m
CONFIG_SND_SOC_GTM601=m
@ -6027,6 +6058,8 @@ CONFIG_SND_SOC_HDAC_HDMI=m
CONFIG_SND_SOC_INNO_RK3036=m
CONFIG_SND_SOC_MAX98090=m
CONFIG_SND_SOC_MAX98357A=m
CONFIG_SND_SOC_MAX98504=m
CONFIG_SND_SOC_MAX9860=m
CONFIG_SND_SOC_PCM1681=m
CONFIG_SND_SOC_PCM179X=m
CONFIG_SND_SOC_PCM179X_I2C=m
@ -6093,8 +6126,10 @@ CONFIG_SND_SOC_WM8960=m
CONFIG_SND_SOC_WM8962=m
CONFIG_SND_SOC_WM8974=m
CONFIG_SND_SOC_WM8978=m
CONFIG_SND_SOC_WM8985=m
CONFIG_SND_SOC_NAU8825=m
CONFIG_SND_SOC_TPA6130A2=m
CONFIG_SND_SIMPLE_CARD_UTILS=m
CONFIG_SND_SIMPLE_CARD=m
# CONFIG_SOUND_PRIME is not set
CONFIG_AC97_BUS=m
@ -6147,6 +6182,7 @@ CONFIG_HID_ICADE=m
CONFIG_HID_TWINHAN=m
CONFIG_HID_KENSINGTON=m
CONFIG_HID_LCPOWER=m
CONFIG_HID_LED=m
CONFIG_HID_LENOVO=m
CONFIG_HID_LOGITECH=m
CONFIG_HID_LOGITECH_DJ=m
@ -6200,6 +6236,7 @@ CONFIG_ZEROPLUS_FF=y
CONFIG_HID_ZYDACRON=m
CONFIG_HID_SENSOR_HUB=m
CONFIG_HID_SENSOR_CUSTOM_SENSOR=m
CONFIG_HID_ALPS=m
#
# USB HID support
@ -6343,7 +6380,7 @@ CONFIG_USB_DWC2_HOST=y
#
# Gadget/Dual-role mode requires USB Gadget support to be enabled
#
CONFIG_USB_DWC2_PCI=y
CONFIG_USB_DWC2_PCI=m
# CONFIG_USB_DWC2_DEBUG is not set
# CONFIG_USB_DWC2_TRACK_MISSED_SOFS is not set
CONFIG_USB_CHIPIDEA=m
@ -6438,7 +6475,6 @@ CONFIG_USB_SEVSEG=m
CONFIG_USB_RIO500=m
CONFIG_USB_LEGOTOWER=m
CONFIG_USB_LCD=m
CONFIG_USB_LED=m
CONFIG_USB_CYPRESS_CY7C63=m
CONFIG_USB_CYTHERM=m
CONFIG_USB_IDMOUSE=m
@ -6468,7 +6504,7 @@ CONFIG_USB_XUSBATM=m
# USB Physical Layer drivers
#
CONFIG_USB_PHY=y
CONFIG_NOP_USB_XCEIV=y
CONFIG_NOP_USB_XCEIV=m
CONFIG_USB_GPIO_VBUS=m
CONFIG_TAHVO_USB=m
CONFIG_TAHVO_USB_HOST_BY_DEFAULT=y
@ -6644,6 +6680,7 @@ CONFIG_LEDS_PCA9532=m
CONFIG_LEDS_PCA9532_GPIO=y
CONFIG_LEDS_GPIO=m
CONFIG_LEDS_LP3944=m
CONFIG_LEDS_LP3952=m
CONFIG_LEDS_LP55XX_COMMON=m
CONFIG_LEDS_LP5521=m
CONFIG_LEDS_LP5523=m
@ -6685,6 +6722,7 @@ CONFIG_LEDS_BLINKM=m
CONFIG_LEDS_TRIGGERS=y
CONFIG_LEDS_TRIGGER_TIMER=m
CONFIG_LEDS_TRIGGER_ONESHOT=m
CONFIG_LEDS_TRIGGER_DISK=y
# CONFIG_LEDS_TRIGGER_MTD is not set
CONFIG_LEDS_TRIGGER_HEARTBEAT=m
CONFIG_LEDS_TRIGGER_BACKLIGHT=m
@ -6725,6 +6763,7 @@ CONFIG_INFINIBAND_SRP=m
CONFIG_INFINIBAND_SRPT=m
CONFIG_INFINIBAND_ISER=m
CONFIG_INFINIBAND_ISERT=m
CONFIG_RDMA_RXE=m
CONFIG_EDAC_ATOMIC_SCRUB=y
CONFIG_EDAC_SUPPORT=y
CONFIG_EDAC=y
@ -6751,6 +6790,7 @@ CONFIG_EDAC_I5000=m
CONFIG_EDAC_I5100=m
CONFIG_EDAC_I7300=m
CONFIG_RTC_LIB=y
CONFIG_RTC_MC146818_LIB=y
CONFIG_RTC_CLASS=y
CONFIG_RTC_HCTOSYS=y
CONFIG_RTC_HCTOSYS_DEVICE="rtc0"
@ -6822,6 +6862,7 @@ CONFIG_RTC_DRV_DS1305=m
CONFIG_RTC_DRV_DS1343=m
CONFIG_RTC_DRV_DS1347=m
CONFIG_RTC_DRV_DS1390=m
CONFIG_RTC_DRV_MAX6916=m
CONFIG_RTC_DRV_R9701=m
CONFIG_RTC_DRV_RX4581=m
CONFIG_RTC_DRV_RX6110=m
@ -7156,7 +7197,6 @@ CONFIG_ADIS16201=m
CONFIG_ADIS16203=m
CONFIG_ADIS16209=m
CONFIG_ADIS16240=m
CONFIG_LIS3L02DQ=m
CONFIG_SCA3000=m
#
@ -7253,9 +7293,8 @@ CONFIG_SPEAKUP_SYNTH_TXPRT=m
CONFIG_SPEAKUP_SYNTH_DUMMY=m
CONFIG_STAGING_MEDIA=y
CONFIG_I2C_BCM2048=m
# CONFIG_MEDIA_CEC is not set
CONFIG_DVB_CXD2099=m
CONFIG_DVB_MN88472=m
CONFIG_VIDEO_TIMBERDALE=m
CONFIG_LIRC_STAGING=y
CONFIG_LIRC_BT829=m
CONFIG_LIRC_IMON=m
@ -7336,6 +7375,7 @@ CONFIG_HDM_USB=m
CONFIG_ISDN_DRV_ICN=m
CONFIG_ISDN_DRV_PCBIT=m
CONFIG_ISDN_DRV_ACT2000=m
CONFIG_KS7010=m
CONFIG_X86_PLATFORM_DEVICES=y
CONFIG_ACER_WMI=m
CONFIG_ACERHDF=m
@ -7384,6 +7424,7 @@ CONFIG_TOSHIBA_HAPS=m
CONFIG_TOSHIBA_WMI=m
CONFIG_ACPI_CMPC=m
CONFIG_INTEL_HID_EVENT=m
CONFIG_INTEL_VBTN=m
CONFIG_INTEL_SCU_IPC=y
CONFIG_INTEL_SCU_IPC_UTIL=m
CONFIG_GPIO_INTEL_PMIC=y
@ -7428,7 +7469,7 @@ CONFIG_COMMON_CLK_PALMAS=m
CONFIG_COMMON_CLK_PWM=m
# CONFIG_COMMON_CLK_PXA is not set
# CONFIG_COMMON_CLK_PIC32 is not set
# CONFIG_COMMON_CLK_OXNAS is not set
# CONFIG_SUNXI_CCU is not set
#
# Hardware Spinlock drivers
@ -7476,6 +7517,10 @@ CONFIG_STE_MODEM_RPROC=m
#
# SOC (System On Chip) specific Drivers
#
#
# Broadcom SoC drivers
#
# CONFIG_SUNXI_SRAM is not set
CONFIG_SOC_TI=y
CONFIG_PM_DEVFREQ=y
@ -7520,6 +7565,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_CONFIGFS=m
CONFIG_IIO_TRIGGER=y
CONFIG_IIO_CONSUMERS_PER_TRIGGER=2
CONFIG_IIO_SW_DEVICE=m
CONFIG_IIO_SW_TRIGGER=m
CONFIG_IIO_TRIGGERED_EVENT=m
@ -7527,6 +7573,7 @@ CONFIG_IIO_TRIGGERED_EVENT=m
# Accelerometers
#
CONFIG_BMA180=m
CONFIG_BMA220=m
CONFIG_BMC150_ACCEL=m
CONFIG_BMC150_ACCEL_I2C=m
CONFIG_BMC150_ACCEL_SPI=m
@ -7539,6 +7586,7 @@ CONFIG_KXCJK1013=m
CONFIG_MMA7455=m
CONFIG_MMA7455_I2C=m
CONFIG_MMA7455_SPI=m
CONFIG_MMA7660=m
CONFIG_MMA8452=m
CONFIG_MMA9551_CORE=m
CONFIG_MMA9551=m
@ -7776,12 +7824,14 @@ CONFIG_HID_SENSOR_DEVICE_ROTATION=m
#
CONFIG_IIO_HRTIMER_TRIGGER=m
CONFIG_IIO_INTERRUPT_TRIGGER=m
CONFIG_IIO_TIGHTLOOP_TRIGGER=m
CONFIG_IIO_SYSFS_TRIGGER=m
#
# Digital potentiometers
#
CONFIG_DS1803=m
CONFIG_MAX5487=m
CONFIG_MCP4131=m
CONFIG_MCP4531=m
CONFIG_TPL0102=m
@ -7849,6 +7899,7 @@ CONFIG_VME_PIO2=m
CONFIG_PWM=y
CONFIG_PWM_SYSFS=y
CONFIG_PWM_CRC=y
CONFIG_PWM_CROS_EC=m
CONFIG_PWM_LP3943=m
CONFIG_PWM_LPSS=m
CONFIG_PWM_LPSS_PCI=m
@ -7861,6 +7912,7 @@ CONFIG_IPACK_BUS=m
CONFIG_BOARD_TPCI200=m
CONFIG_SERIAL_IPOCTAL=m
CONFIG_RESET_CONTROLLER=y
CONFIG_TI_SYSCON_RESET=m
CONFIG_FMC=m
CONFIG_FMC_FAKEDEV=m
CONFIG_FMC_TRIVIAL=m
@ -7924,6 +7976,7 @@ CONFIG_FPGA_MGR_ZYNQ_FPGA=m
#
# Firmware Drivers
#
# CONFIG_ARM_SCPI_PROTOCOL is not set
CONFIG_EDD=y
CONFIG_EDD_OFF=y
CONFIG_FIRMWARE_MEMMAP=y
@ -7956,14 +8009,14 @@ CONFIG_UEFI_CPER=y
# File systems
#
CONFIG_DCACHE_WORD_ACCESS=y
CONFIG_FS_IOMAP=y
# CONFIG_EXT2_FS is not set
# CONFIG_EXT3_FS is not set
CONFIG_EXT4_FS=y
CONFIG_EXT4_USE_FOR_EXT2=y
CONFIG_EXT4_FS_POSIX_ACL=y
CONFIG_EXT4_FS_SECURITY=y
CONFIG_EXT4_ENCRYPTION=m
CONFIG_EXT4_FS_ENCRYPTION=y
# CONFIG_EXT4_ENCRYPTION is not set
# CONFIG_EXT4_DEBUG is not set
CONFIG_JBD2=y
# CONFIG_JBD2_DEBUG is not set
@ -8006,12 +8059,13 @@ CONFIG_F2FS_FS_XATTR=y
CONFIG_F2FS_FS_POSIX_ACL=y
CONFIG_F2FS_FS_SECURITY=y
# CONFIG_F2FS_CHECK_FS is not set
CONFIG_F2FS_FS_ENCRYPTION=y
# CONFIG_F2FS_FS_ENCRYPTION is not set
# CONFIG_F2FS_IO_TRACE is not set
# CONFIG_F2FS_FAULT_INJECTION is not set
CONFIG_FS_DAX=y
CONFIG_FS_POSIX_ACL=y
CONFIG_EXPORTFS=y
# CONFIG_EXPORTFS_BLOCK_OPS is not set
CONFIG_FILE_LOCKING=y
CONFIG_MANDATORY_FILE_LOCKING=y
CONFIG_FS_ENCRYPTION=m
@ -8150,6 +8204,9 @@ CONFIG_ROMFS_BACKED_BY_BLOCK=y
# CONFIG_ROMFS_BACKED_BY_BOTH is not set
CONFIG_ROMFS_ON_BLOCK=y
CONFIG_PSTORE=y
CONFIG_PSTORE_ZLIB_COMPRESS=y
# CONFIG_PSTORE_LZO_COMPRESS is not set
# CONFIG_PSTORE_LZ4_COMPRESS is not set
# CONFIG_PSTORE_CONSOLE is not set
# CONFIG_PSTORE_PMSG is not set
# CONFIG_PSTORE_FTRACE is not set
@ -8188,6 +8245,7 @@ CONFIG_NFSD_V3_ACL=y
CONFIG_NFSD_V4=y
# CONFIG_NFSD_BLOCKLAYOUT is not set
# CONFIG_NFSD_SCSILAYOUT is not set
# CONFIG_NFSD_FLEXFILELAYOUT is not set
CONFIG_NFSD_V4_SECURITY_LABEL=y
# CONFIG_NFSD_FAULT_INJECTION is not set
CONFIG_GRACE_PERIOD=m
@ -8415,8 +8473,6 @@ CONFIG_PM_NOTIFIER_ERROR_INJECT=m
CONFIG_NETDEV_NOTIFIER_ERROR_INJECT=m
# CONFIG_FAULT_INJECTION is not set
# CONFIG_LATENCYTOP is not set
CONFIG_ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS=y
# CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set
CONFIG_USER_STACKTRACE_SUPPORT=y
CONFIG_NOP_TRACER=y
CONFIG_HAVE_FUNCTION_TRACER=y
@ -8561,6 +8617,10 @@ CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_PATH=y
CONFIG_INTEL_TXT=y
CONFIG_LSM_MMAP_MIN_ADDR=0
CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
CONFIG_HAVE_ARCH_HARDENED_USERCOPY=y
CONFIG_HARDENED_USERCOPY=y
# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
@ -8581,6 +8641,7 @@ CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init"
CONFIG_SECURITY_APPARMOR=y
CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
CONFIG_SECURITY_APPARMOR_HASH=y
CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
# CONFIG_SECURITY_LOADPIN is not set
CONFIG_SECURITY_YAMA=y
CONFIG_INTEGRITY=y
@ -8640,7 +8701,11 @@ CONFIG_CRYPTO_RNG2=y
CONFIG_CRYPTO_RNG_DEFAULT=m
CONFIG_CRYPTO_AKCIPHER2=y
CONFIG_CRYPTO_AKCIPHER=y
CONFIG_CRYPTO_KPP2=y
CONFIG_CRYPTO_KPP=m
CONFIG_CRYPTO_RSA=y
CONFIG_CRYPTO_DH=m
CONFIG_CRYPTO_ECDH=m
CONFIG_CRYPTO_MANAGER=y
CONFIG_CRYPTO_MANAGER2=y
CONFIG_CRYPTO_USER=m
@ -8705,7 +8770,8 @@ CONFIG_CRYPTO_RMD256=m
CONFIG_CRYPTO_RMD320=m
CONFIG_CRYPTO_SHA1=y
CONFIG_CRYPTO_SHA256=y
CONFIG_CRYPTO_SHA512=y
CONFIG_CRYPTO_SHA512=m
CONFIG_CRYPTO_SHA3=m
CONFIG_CRYPTO_TGR192=m
CONFIG_CRYPTO_WP512=m
@ -8750,12 +8816,12 @@ CONFIG_CRYPTO_LZ4HC=m
# Random Number Generation
#
CONFIG_CRYPTO_ANSI_CPRNG=m
CONFIG_CRYPTO_DRBG_MENU=m
CONFIG_CRYPTO_DRBG_MENU=y
CONFIG_CRYPTO_DRBG_HMAC=y
CONFIG_CRYPTO_DRBG_HASH=y
CONFIG_CRYPTO_DRBG_CTR=y
CONFIG_CRYPTO_DRBG=m
CONFIG_CRYPTO_JITTERENTROPY=m
CONFIG_CRYPTO_DRBG=y
CONFIG_CRYPTO_JITTERENTROPY=y
CONFIG_CRYPTO_USER_API=m
CONFIG_CRYPTO_USER_API_HASH=m
CONFIG_CRYPTO_USER_API_SKCIPHER=m
@ -8794,7 +8860,6 @@ CONFIG_HAVE_KVM_IRQCHIP=y
CONFIG_HAVE_KVM_IRQFD=y
CONFIG_HAVE_KVM_IRQ_ROUTING=y
CONFIG_HAVE_KVM_EVENTFD=y
CONFIG_KVM_APIC_ARCHITECTURE=y
CONFIG_KVM_MMIO=y
CONFIG_KVM_ASYNC_PF=y
CONFIG_HAVE_KVM_MSI=y
@ -8808,6 +8873,11 @@ CONFIG_KVM_INTEL=m
CONFIG_KVM_AMD=m
# CONFIG_KVM_MMU_AUDIT is not set
CONFIG_KVM_DEVICE_ASSIGNMENT=y
CONFIG_VHOST_NET=m
CONFIG_VHOST_SCSI=m
CONFIG_VHOST_VSOCK=m
CONFIG_VHOST=m
# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set
# CONFIG_LGUEST is not set
CONFIG_BINARY_PRINTF=y
@ -8826,7 +8896,7 @@ CONFIG_GENERIC_PCI_IOMAP=y
CONFIG_GENERIC_IOMAP=y
CONFIG_GENERIC_IO=y
CONFIG_ARCH_HAS_FAST_MULTIPLIER=y
CONFIG_CRC_CCITT=m
CONFIG_CRC_CCITT=y
CONFIG_CRC16=y
CONFIG_CRC_T10DIF=y
CONFIG_CRC_ITU_T=m

View File

@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
# Linux/x86 4.7.0-gnu Kernel Configuration
# Linux/x86 4.8.0-gnu Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
@ -39,7 +39,6 @@ CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y
CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y
CONFIG_HAVE_INTEL_TXT=y
CONFIG_X86_64_SMP=y
CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-rdi -fcall-saved-rsi -fcall-saved-rdx -fcall-saved-rcx -fcall-saved-r8 -fcall-saved-r9 -fcall-saved-r10 -fcall-saved-r11"
CONFIG_ARCH_SUPPORTS_UPROBES=y
CONFIG_FIX_EARLYCON_MEM=y
CONFIG_DEBUG_RODATA=y
@ -240,6 +239,7 @@ CONFIG_SLUB_DEBUG=y
# CONFIG_SLAB is not set
CONFIG_SLUB=y
# CONFIG_SLOB is not set
CONFIG_SLAB_FREELIST_RANDOM=y
CONFIG_SLUB_CPU_PARTIAL=y
# CONFIG_SYSTEM_DATA_VERIFICATION is not set
CONFIG_PROFILING=y
@ -288,11 +288,15 @@ CONFIG_ARCH_WANT_COMPAT_IPC_PARSE_VERSION=y
CONFIG_ARCH_WANT_OLD_COMPAT_IPC=y
CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
CONFIG_SECCOMP_FILTER=y
CONFIG_HAVE_GCC_PLUGINS=y
CONFIG_GCC_PLUGINS=y
# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set
CONFIG_HAVE_CC_STACKPROTECTOR=y
CONFIG_CC_STACKPROTECTOR=y
# CONFIG_CC_STACKPROTECTOR_NONE is not set
# CONFIG_CC_STACKPROTECTOR_REGULAR is not set
CONFIG_CC_STACKPROTECTOR_STRONG=y
CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y
CONFIG_HAVE_CONTEXT_TRACKING=y
CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y
@ -545,6 +549,7 @@ CONFIG_HWPOISON_INJECT=m
CONFIG_TRANSPARENT_HUGEPAGE=y
CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS=y
# CONFIG_TRANSPARENT_HUGEPAGE_MADVISE is not set
CONFIG_TRANSPARENT_HUGE_PAGECACHE=y
CONFIG_CLEANCACHE=y
CONFIG_FRONTSWAP=y
CONFIG_CMA=y
@ -602,6 +607,8 @@ CONFIG_RELOCATABLE=y
CONFIG_RANDOMIZE_BASE=y
CONFIG_X86_NEED_RELOCS=y
CONFIG_PHYSICAL_ALIGN=0x1000000
CONFIG_RANDOMIZE_MEMORY=y
CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0xa
CONFIG_HOTPLUG_CPU=y
# CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set
# CONFIG_DEBUG_HOTPLUG_CPU0 is not set
@ -659,6 +666,7 @@ CONFIG_ACPI_VIDEO=m
CONFIG_ACPI_FAN=y
CONFIG_ACPI_DOCK=y
CONFIG_ACPI_CPU_FREQ_PSS=y
CONFIG_ACPI_PROCESSOR_CSTATE=y
CONFIG_ACPI_PROCESSOR_IDLE=y
CONFIG_ACPI_PROCESSOR=y
CONFIG_ACPI_IPMI=m
@ -668,6 +676,7 @@ CONFIG_ACPI_THERMAL=y
CONFIG_ACPI_NUMA=y
CONFIG_ACPI_CUSTOM_DSDT_FILE=""
# CONFIG_ACPI_CUSTOM_DSDT is not set
CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y
CONFIG_ACPI_TABLE_UPGRADE=y
# CONFIG_ACPI_DEBUG is not set
CONFIG_ACPI_PCI_SLOT=y
@ -690,8 +699,10 @@ CONFIG_ACPI_APEI_PCIEAER=y
CONFIG_ACPI_APEI_MEMORY_FAILURE=y
CONFIG_ACPI_APEI_EINJ=m
# CONFIG_ACPI_APEI_ERST_DEBUG is not set
CONFIG_DPTF_POWER=m
CONFIG_ACPI_EXTLOG=m
# CONFIG_PMIC_OPREGION is not set
CONFIG_ACPI_CONFIGFS=m
CONFIG_SFI=y
#
@ -767,7 +778,7 @@ CONFIG_PCIEASPM_DEFAULT=y
# CONFIG_PCIEASPM_POWERSAVE is not set
# CONFIG_PCIEASPM_PERFORMANCE is not set
CONFIG_PCIE_PME=y
CONFIG_PCIE_DPC=m
CONFIG_PCIE_DPC=y
CONFIG_PCI_BUS_ADDR_T_64BIT=y
CONFIG_PCI_MSI=y
CONFIG_PCI_MSI_IRQ_DOMAIN=y
@ -821,6 +832,7 @@ CONFIG_RAPIDIO_DISC_TIMEOUT=30
CONFIG_RAPIDIO_DMA_ENGINE=y
# CONFIG_RAPIDIO_DEBUG is not set
CONFIG_RAPIDIO_ENUM_BASIC=m
CONFIG_RAPIDIO_CHMAN=m
CONFIG_RAPIDIO_MPORT_CDEV=m
#
@ -830,6 +842,7 @@ CONFIG_RAPIDIO_TSI57X=m
CONFIG_RAPIDIO_CPS_XX=m
CONFIG_RAPIDIO_TSI568=m
CONFIG_RAPIDIO_CPS_GEN2=m
CONFIG_RAPIDIO_RXS_GEN3=m
# CONFIG_X86_SYSFB is not set
#
@ -920,6 +933,7 @@ CONFIG_TCP_CONG_HTCP=m
CONFIG_TCP_CONG_HSTCP=m
CONFIG_TCP_CONG_HYBLA=m
CONFIG_TCP_CONG_VEGAS=m
CONFIG_TCP_CONG_NV=m
CONFIG_TCP_CONG_SCALABLE=m
CONFIG_TCP_CONG_LP=m
CONFIG_TCP_CONG_VENO=m
@ -1432,6 +1446,7 @@ CONFIG_NET_CLS_FLOW=m
CONFIG_NET_CLS_CGROUP=m
CONFIG_NET_CLS_BPF=m
CONFIG_NET_CLS_FLOWER=m
CONFIG_NET_CLS_MATCHALL=m
CONFIG_NET_EMATCH=y
CONFIG_NET_EMATCH_STACK=32
CONFIG_NET_EMATCH_CMP=m
@ -1475,6 +1490,8 @@ CONFIG_OPENVSWITCH_VXLAN=m
CONFIG_OPENVSWITCH_GENEVE=m
CONFIG_VSOCKETS=m
CONFIG_VMWARE_VMCI_VSOCKETS=m
CONFIG_VIRTIO_VSOCKETS=m
CONFIG_VIRTIO_VSOCKETS_COMMON=m
CONFIG_NETLINK_DIAG=m
CONFIG_MPLS=y
CONFIG_NET_MPLS_GSO=m
@ -1483,6 +1500,7 @@ CONFIG_MPLS_IPTUNNEL=m
CONFIG_HSR=m
# CONFIG_NET_SWITCHDEV is not set
CONFIG_NET_L3_MASTER_DEV=y
CONFIG_NET_NCSI=y
CONFIG_RPS=y
CONFIG_RFS_ACCEL=y
CONFIG_XPS=y
@ -1940,6 +1958,7 @@ CONFIG_MTD_NAND_CAFE=m
CONFIG_MTD_NAND_NANDSIM=m
CONFIG_MTD_NAND_PLATFORM=m
CONFIG_MTD_NAND_HISI504=m
CONFIG_MTD_NAND_MTK=m
CONFIG_MTD_ONENAND=m
CONFIG_MTD_ONENAND_VERIFY_WRITE=y
CONFIG_MTD_ONENAND_GENERIC=m
@ -2013,7 +2032,6 @@ CONFIG_PARIDE_ON20=m
CONFIG_PARIDE_ON26=m
CONFIG_BLK_DEV_PCIESSD_MTIP32XX=m
CONFIG_ZRAM=m
CONFIG_ZRAM_LZ4_COMPRESS=y
CONFIG_BLK_CPQ_CISS_DA=m
CONFIG_CISS_SCSI_TAPE=y
CONFIG_BLK_DEV_DAC960=m
@ -2045,6 +2063,11 @@ CONFIG_BLK_DEV_RSXX=m
CONFIG_NVME_CORE=m
CONFIG_BLK_DEV_NVME=m
# CONFIG_BLK_DEV_NVME_SCSI is not set
CONFIG_NVME_FABRICS=m
CONFIG_NVME_RDMA=m
CONFIG_NVME_TARGET=m
CONFIG_NVME_TARGET_LOOP=m
CONFIG_NVME_TARGET_RDMA=m
#
# Misc devices
@ -2066,7 +2089,6 @@ CONFIG_APDS9802ALS=m
CONFIG_ISL29003=m
CONFIG_ISL29020=m
CONFIG_SENSORS_TSL2550=m
CONFIG_SENSORS_BH1780=m
CONFIG_SENSORS_BH1770=m
CONFIG_SENSORS_APDS990X=m
CONFIG_HMC6352=m
@ -2153,12 +2175,12 @@ CONFIG_MIC_COSM=m
# VOP Driver
#
CONFIG_VOP=m
CONFIG_VHOST_RING=m
CONFIG_GENWQE=m
CONFIG_GENWQE_PLATFORM_ERROR_RECOVERY=0
CONFIG_ECHO=m
# CONFIG_CXL_BASE is not set
# CONFIG_CXL_KERNEL_API is not set
# CONFIG_CXL_EEH is not set
# CONFIG_CXL_AFU_DRIVER_OPS is not set
CONFIG_HAVE_IDE=y
# CONFIG_IDE is not set
@ -2246,7 +2268,9 @@ CONFIG_SCSI_MPT3SAS_MAX_SGE=128
CONFIG_SCSI_MPT2SAS=m
CONFIG_SCSI_UFSHCD=m
CONFIG_SCSI_UFSHCD_PCI=m
# CONFIG_SCSI_UFS_DWC_TC_PCI is not set
CONFIG_SCSI_UFSHCD_PLATFORM=m
# CONFIG_SCSI_UFS_DWC_TC_PLATFORM is not set
CONFIG_SCSI_HPTIOP=m
CONFIG_SCSI_BUSLOGIC=m
CONFIG_SCSI_FLASHPOINT=y
@ -2568,11 +2592,6 @@ CONFIG_CAIF_SPI_SLAVE=m
# CONFIG_CAIF_SPI_SYNC is not set
CONFIG_CAIF_HSI=m
CONFIG_CAIF_VIRTIO=m
CONFIG_VHOST_NET=m
CONFIG_VHOST_SCSI=m
CONFIG_VHOST_RING=m
CONFIG_VHOST=m
# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set
#
# Distributed Switch Architecture drivers
@ -2618,8 +2637,6 @@ CONFIG_CNIC=m
CONFIG_TIGON3=m
CONFIG_BNX2X=m
CONFIG_BNX2X_SRIOV=y
CONFIG_BNX2X_VXLAN=y
# CONFIG_BNX2X_GENEVE is not set
CONFIG_BNXT=m
CONFIG_BNXT_SRIOV=y
CONFIG_NET_VENDOR_BROCADE=y
@ -2635,9 +2652,9 @@ CONFIG_CHELSIO_T1_1G=y
CONFIG_CHELSIO_T3=m
CONFIG_CHELSIO_T4=m
CONFIG_CHELSIO_T4_DCB=y
CONFIG_CHELSIO_T4_UWIRE=y
CONFIG_CHELSIO_T4_FCOE=y
CONFIG_CHELSIO_T4VF=m
CONFIG_CHELSIO_LIB=m
CONFIG_NET_VENDOR_CISCO=y
CONFIG_ENIC=m
CONFIG_CX_ECAT=m
@ -2662,7 +2679,6 @@ CONFIG_SUNDANCE=m
CONFIG_NET_VENDOR_EMULEX=y
CONFIG_BE2NET=m
CONFIG_BE2NET_HWMON=y
CONFIG_BE2NET_VXLAN=y
CONFIG_NET_VENDOR_EZCHIP=y
CONFIG_NET_VENDOR_EXAR=y
CONFIG_S2IO=m
@ -2683,19 +2699,15 @@ CONFIG_IGB_DCA=y
CONFIG_IGBVF=m
CONFIG_IXGB=m
CONFIG_IXGBE=m
CONFIG_IXGBE_VXLAN=y
CONFIG_IXGBE_HWMON=y
CONFIG_IXGBE_DCA=y
CONFIG_IXGBE_DCB=y
CONFIG_IXGBEVF=m
CONFIG_I40E=m
CONFIG_I40E_VXLAN=y
CONFIG_I40E_GENEVE=y
CONFIG_I40E_DCB=y
CONFIG_I40E_FCOE=y
CONFIG_I40EVF=m
CONFIG_FM10K=m
CONFIG_FM10K_VXLAN=y
CONFIG_NET_VENDOR_I825XX=y
CONFIG_JME=m
CONFIG_NET_VENDOR_MARVELL=y
@ -2709,7 +2721,6 @@ CONFIG_SKY2=m
CONFIG_NET_VENDOR_MELLANOX=y
CONFIG_MLX4_EN=m
CONFIG_MLX4_EN_DCB=y
CONFIG_MLX4_EN_VXLAN=y
CONFIG_MLX4_CORE=m
CONFIG_MLX4_DEBUG=y
CONFIG_MLX5_CORE=m
@ -2753,15 +2764,12 @@ CONFIG_QLA3XXX=m
CONFIG_QLCNIC=m
CONFIG_QLCNIC_SRIOV=y
CONFIG_QLCNIC_DCB=y
CONFIG_QLCNIC_VXLAN=y
CONFIG_QLCNIC_HWMON=y
CONFIG_QLGE=m
CONFIG_NETXEN_NIC=m
CONFIG_QED=m
CONFIG_QED_SRIOV=y
CONFIG_QEDE=m
# CONFIG_QEDE_VXLAN is not set
# CONFIG_QEDE_GENEVE is not set
CONFIG_NET_VENDOR_QUALCOMM=y
CONFIG_NET_VENDOR_REALTEK=y
CONFIG_ATP=m
@ -2831,6 +2839,7 @@ CONFIG_SKFP=m
# CONFIG_HIPPI is not set
CONFIG_NET_SB1000=m
CONFIG_PHYLIB=y
CONFIG_SWPHY=y
#
# MII PHY device drivers
@ -2866,6 +2875,7 @@ CONFIG_MDIO_CAVIUM=m
CONFIG_MDIO_OCTEON=m
CONFIG_MDIO_THUNDER=m
CONFIG_MDIO_BCM_UNIMAC=m
CONFIG_INTEL_XWAY_PHY=m
CONFIG_MICREL_KS8995MA=m
CONFIG_PLIP=m
CONFIG_PPP=y
@ -3465,6 +3475,7 @@ CONFIG_TABLET_USB_AIPTEK=m
CONFIG_TABLET_USB_GTCO=m
CONFIG_TABLET_USB_HANWANG=m
CONFIG_TABLET_USB_KBTAB=m
CONFIG_TABLET_USB_PEGASUS=m
CONFIG_TABLET_SERIAL_WACOM4=m
CONFIG_INPUT_TOUCHSCREEN=y
CONFIG_TOUCHSCREEN_PROPERTIES=y
@ -3546,8 +3557,12 @@ CONFIG_TOUCHSCREEN_TSC2004=m
CONFIG_TOUCHSCREEN_TSC2005=m
CONFIG_TOUCHSCREEN_TSC2007=m
CONFIG_TOUCHSCREEN_PCAP=m
CONFIG_TOUCHSCREEN_RM_TS=m
CONFIG_TOUCHSCREEN_SILEAD=m
CONFIG_TOUCHSCREEN_SIS_I2C=m
CONFIG_TOUCHSCREEN_ST1232=m
CONFIG_TOUCHSCREEN_SUR40=m
CONFIG_TOUCHSCREEN_SURFACE3_SPI=m
CONFIG_TOUCHSCREEN_SX8654=m
CONFIG_TOUCHSCREEN_TPS6507X=m
CONFIG_TOUCHSCREEN_ZFORCE=m
@ -3738,7 +3753,6 @@ CONFIG_IPMI_HANDLER=m
# CONFIG_IPMI_PANIC_EVENT is not set
CONFIG_IPMI_DEVICE_INTERFACE=m
CONFIG_IPMI_SI=m
CONFIG_IPMI_SI_PROBE_DEFAULTS=y
CONFIG_IPMI_SSIF=m
CONFIG_IPMI_WATCHDOG=m
CONFIG_IPMI_POWEROFF=m
@ -3768,7 +3782,9 @@ CONFIG_HPET_MMAP=y
CONFIG_HPET_MMAP_DEFAULT=y
CONFIG_HANGCHECK_TIMER=m
CONFIG_TCG_TPM=y
CONFIG_TCG_TIS_CORE=y
CONFIG_TCG_TIS=y
CONFIG_TCG_TIS_SPI=m
CONFIG_TCG_TIS_I2C_ATMEL=m
CONFIG_TCG_TIS_I2C_INFINEON=m
CONFIG_TCG_TIS_I2C_NUVOTON=m
@ -3777,6 +3793,7 @@ CONFIG_TCG_ATMEL=m
CONFIG_TCG_INFINEON=m
CONFIG_TCG_XEN=m
CONFIG_TCG_CRB=m
CONFIG_TCG_VTPM_PROXY=m
CONFIG_TCG_TIS_ST33ZP24=m
CONFIG_TCG_TIS_ST33ZP24_I2C=m
CONFIG_TCG_TIS_ST33ZP24_SPI=m
@ -3965,7 +3982,6 @@ CONFIG_PINCTRL_CHERRYVIEW=m
CONFIG_PINCTRL_INTEL=m
CONFIG_PINCTRL_BROXTON=m
CONFIG_PINCTRL_SUNRISEPOINT=m
CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y
CONFIG_GPIOLIB=y
CONFIG_GPIO_DEVRES=y
CONFIG_GPIO_ACPI=y
@ -4036,7 +4052,6 @@ CONFIG_GPIO_WM8994=m
# PCI GPIO expanders
#
CONFIG_GPIO_AMD8111=m
CONFIG_GPIO_INTEL_MID=y
CONFIG_GPIO_ML_IOH=m
CONFIG_GPIO_RDC321X=m
@ -4050,7 +4065,6 @@ CONFIG_GPIO_PISOSR=m
#
# SPI or I2C GPIO expanders
#
CONFIG_GPIO_MCP23S08=m
#
# USB GPIO expanders
@ -4184,6 +4198,7 @@ CONFIG_SENSORS_F71882FG=m
CONFIG_SENSORS_F75375S=m
CONFIG_SENSORS_MC13783_ADC=m
CONFIG_SENSORS_FSCHMD=m
CONFIG_SENSORS_FTSTEUTATES=m
CONFIG_SENSORS_GL518SM=m
CONFIG_SENSORS_GL520SM=m
CONFIG_SENSORS_G760A=m
@ -4262,6 +4277,7 @@ CONFIG_SENSORS_UCD9200=m
CONFIG_SENSORS_ZL6100=m
CONFIG_SENSORS_SHT15=m
CONFIG_SENSORS_SHT21=m
CONFIG_SENSORS_SHT3x=m
CONFIG_SENSORS_SHTC1=m
CONFIG_SENSORS_SIS5595=m
CONFIG_SENSORS_DME1737=m
@ -4282,6 +4298,7 @@ CONFIG_SENSORS_ADS7871=m
CONFIG_SENSORS_AMC6821=m
CONFIG_SENSORS_INA209=m
CONFIG_SENSORS_INA2XX=m
CONFIG_SENSORS_INA3221=m
CONFIG_SENSORS_TC74=m
CONFIG_SENSORS_THMC50=m
CONFIG_SENSORS_TMP102=m
@ -4357,7 +4374,6 @@ CONFIG_XILINX_WATCHDOG=m
CONFIG_ZIIRAVE_WATCHDOG=m
CONFIG_CADENCE_WATCHDOG=m
CONFIG_DW_WATCHDOG=m
CONFIG_RN5T618_WATCHDOG=m
CONFIG_TWL4030_WATCHDOG=m
CONFIG_MAX63XX_WATCHDOG=m
CONFIG_RETU_WATCHDOG=m
@ -4440,6 +4456,7 @@ CONFIG_BCMA_HOST_PCI_POSSIBLE=y
CONFIG_BCMA_HOST_PCI=y
CONFIG_BCMA_HOST_SOC=y
CONFIG_BCMA_DRIVER_PCI=y
CONFIG_BCMA_SFLASH=y
CONFIG_BCMA_DRIVER_GMAC_CMN=y
CONFIG_BCMA_DRIVER_GPIO=y
# CONFIG_BCMA_DEBUG is not set
@ -4504,7 +4521,6 @@ CONFIG_MFD_RTSX_PCI=m
CONFIG_MFD_RT5033=m
CONFIG_MFD_RTSX_USB=m
CONFIG_MFD_RC5T583=y
CONFIG_MFD_RN5T618=m
CONFIG_MFD_SEC_CORE=y
CONFIG_MFD_SI476X_CORE=m
CONFIG_MFD_SM501=m
@ -4601,6 +4617,7 @@ CONFIG_REGULATOR_MC13XXX_CORE=m
CONFIG_REGULATOR_MC13783=m
CONFIG_REGULATOR_MC13892=m
CONFIG_REGULATOR_MT6311=m
CONFIG_REGULATOR_MT6323=m
CONFIG_REGULATOR_MT6397=m
CONFIG_REGULATOR_PALMAS=m
CONFIG_REGULATOR_PCAP=m
@ -4612,7 +4629,6 @@ CONFIG_REGULATOR_PV88090=m
CONFIG_REGULATOR_PWM=m
CONFIG_REGULATOR_QCOM_SPMI=m
CONFIG_REGULATOR_RC5T583=m
CONFIG_REGULATOR_RN5T618=m
CONFIG_REGULATOR_RT5033=m
CONFIG_REGULATOR_S2MPA01=m
CONFIG_REGULATOR_S2MPS11=m
@ -4647,6 +4663,7 @@ CONFIG_MEDIA_DIGITAL_TV_SUPPORT=y
CONFIG_MEDIA_RADIO_SUPPORT=y
CONFIG_MEDIA_SDR_SUPPORT=y
CONFIG_MEDIA_RC_SUPPORT=y
CONFIG_MEDIA_CEC_EDID=y
CONFIG_MEDIA_CONTROLLER=y
# CONFIG_MEDIA_CONTROLLER_DVB is not set
CONFIG_VIDEO_DEV=m
@ -5177,6 +5194,8 @@ CONFIG_DVB_M88DS3103=m
CONFIG_DVB_DRXK=m
CONFIG_DVB_TDA18271C2DD=m
CONFIG_DVB_SI2165=m
CONFIG_DVB_MN88472=m
CONFIG_DVB_MN88473=m
#
# DVB-S (satellite) frontends
@ -5302,6 +5321,7 @@ CONFIG_DVB_M88RS2000=m
CONFIG_DVB_AF9033=m
CONFIG_DVB_HORUS3A=m
CONFIG_DVB_ASCOT2E=m
CONFIG_DVB_HELENE=m
#
# Tools to develop new frontends
@ -5332,7 +5352,6 @@ CONFIG_DRM_TTM=m
#
# I2C encoder or helper chips
#
CONFIG_DRM_I2C_ADV7511=m
CONFIG_DRM_I2C_CH7006=m
CONFIG_DRM_I2C_SIL164=m
CONFIG_DRM_I2C_NXP_TDA998X=m
@ -5358,6 +5377,7 @@ CONFIG_DRM_I810=m
CONFIG_DRM_I915=m
# CONFIG_DRM_I915_PRELIMINARY_HW_SUPPORT is not set
CONFIG_DRM_I915_USERPTR=y
# CONFIG_DRM_I915_GVT is not set
#
# drm/i915 Debugging
@ -5748,6 +5768,7 @@ CONFIG_SND_SOC_TOPOLOGY=y
CONFIG_SND_SOC_AMD_ACP=m
CONFIG_SND_ATMEL_SOC=m
CONFIG_SND_DESIGNWARE_I2S=m
CONFIG_SND_DESIGNWARE_PCM=m
#
# SoC Audio for Freescale CPUs
@ -5767,9 +5788,14 @@ CONFIG_SND_SST_MFLD_PLATFORM=m
CONFIG_SND_SST_IPC=m
CONFIG_SND_SST_IPC_ACPI=m
CONFIG_SND_SOC_INTEL_SST=m
CONFIG_SND_SOC_INTEL_SST_FIRMWARE=m
CONFIG_SND_SOC_INTEL_SST_ACPI=m
CONFIG_SND_SOC_INTEL_SST_MATCH=m
CONFIG_SND_SOC_INTEL_HASWELL=m
CONFIG_SND_SOC_INTEL_HASWELL_MACH=m
CONFIG_SND_SOC_INTEL_BXT_DA7219_MAX98357A_MACH=m
CONFIG_SND_SOC_INTEL_BXT_RT298_MACH=m
CONFIG_SND_SOC_INTEL_BROADWELL_MACH=m
CONFIG_SND_SOC_INTEL_BYTCR_RT5640_MACH=m
CONFIG_SND_SOC_INTEL_BYTCR_RT5651_MACH=m
CONFIG_SND_SOC_INTEL_CHT_BSW_RT5672_MACH=m
@ -5784,6 +5810,7 @@ CONFIG_SND_SOC_INTEL_SKL_NAU88L25_MAX98357A_MACH=m
# Allwinner SoC Audio support
#
CONFIG_SND_SUN4I_CODEC=m
CONFIG_SND_SUN4I_I2S=m
CONFIG_SND_SOC_XTFPGA_I2S=m
CONFIG_SND_SOC_I2C_AND_SPI=m
@ -5792,13 +5819,16 @@ CONFIG_SND_SOC_I2C_AND_SPI=m
#
CONFIG_SND_SOC_AC97_CODEC=m
CONFIG_SND_SOC_ADAU1701=m
CONFIG_SND_SOC_ADAU7002=m
CONFIG_SND_SOC_AK4104=m
CONFIG_SND_SOC_AK4554=m
CONFIG_SND_SOC_AK4613=m
CONFIG_SND_SOC_AK4642=m
CONFIG_SND_SOC_AK5386=m
CONFIG_SND_SOC_ALC5623=m
CONFIG_SND_SOC_BT_SCO=m
CONFIG_SND_SOC_CS35L32=m
CONFIG_SND_SOC_CS35L33=m
CONFIG_SND_SOC_CS42L51=m
CONFIG_SND_SOC_CS42L51_I2C=m
CONFIG_SND_SOC_CS42L52=m
@ -5812,6 +5842,8 @@ CONFIG_SND_SOC_CS4271_SPI=m
CONFIG_SND_SOC_CS42XX8=m
CONFIG_SND_SOC_CS42XX8_I2C=m
CONFIG_SND_SOC_CS4349=m
CONFIG_SND_SOC_CS53L30=m
CONFIG_SND_SOC_DA7219=m
CONFIG_SND_SOC_DMIC=m
CONFIG_SND_SOC_ES8328=m
CONFIG_SND_SOC_GTM601=m
@ -5819,6 +5851,8 @@ CONFIG_SND_SOC_HDAC_HDMI=m
CONFIG_SND_SOC_INNO_RK3036=m
CONFIG_SND_SOC_MAX98090=m
CONFIG_SND_SOC_MAX98357A=m
CONFIG_SND_SOC_MAX98504=m
CONFIG_SND_SOC_MAX9860=m
CONFIG_SND_SOC_PCM1681=m
CONFIG_SND_SOC_PCM179X=m
CONFIG_SND_SOC_PCM179X_I2C=m
@ -5884,8 +5918,10 @@ CONFIG_SND_SOC_WM8960=m
CONFIG_SND_SOC_WM8962=m
CONFIG_SND_SOC_WM8974=m
CONFIG_SND_SOC_WM8978=m
CONFIG_SND_SOC_WM8985=m
CONFIG_SND_SOC_NAU8825=m
CONFIG_SND_SOC_TPA6130A2=m
CONFIG_SND_SIMPLE_CARD_UTILS=m
CONFIG_SND_SIMPLE_CARD=m
# CONFIG_SOUND_PRIME is not set
CONFIG_AC97_BUS=m
@ -5938,6 +5974,7 @@ CONFIG_HID_ICADE=m
CONFIG_HID_TWINHAN=m
CONFIG_HID_KENSINGTON=m
CONFIG_HID_LCPOWER=m
CONFIG_HID_LED=m
CONFIG_HID_LENOVO=m
CONFIG_HID_LOGITECH=m
CONFIG_HID_LOGITECH_DJ=m
@ -5991,6 +6028,7 @@ CONFIG_ZEROPLUS_FF=y
CONFIG_HID_ZYDACRON=m
CONFIG_HID_SENSOR_HUB=m
CONFIG_HID_SENSOR_CUSTOM_SENSOR=m
CONFIG_HID_ALPS=m
#
# USB HID support
@ -6134,7 +6172,7 @@ CONFIG_USB_DWC2_HOST=y
#
# Gadget/Dual-role mode requires USB Gadget support to be enabled
#
CONFIG_USB_DWC2_PCI=y
CONFIG_USB_DWC2_PCI=m
# CONFIG_USB_DWC2_DEBUG is not set
# CONFIG_USB_DWC2_TRACK_MISSED_SOFS is not set
CONFIG_USB_CHIPIDEA=m
@ -6229,7 +6267,6 @@ CONFIG_USB_SEVSEG=m
CONFIG_USB_RIO500=m
CONFIG_USB_LEGOTOWER=m
CONFIG_USB_LCD=m
CONFIG_USB_LED=m
CONFIG_USB_CYPRESS_CY7C63=m
CONFIG_USB_CYTHERM=m
CONFIG_USB_IDMOUSE=m
@ -6259,7 +6296,7 @@ CONFIG_USB_XUSBATM=m
# USB Physical Layer drivers
#
CONFIG_USB_PHY=y
CONFIG_NOP_USB_XCEIV=y
CONFIG_NOP_USB_XCEIV=m
CONFIG_USB_GPIO_VBUS=m
CONFIG_TAHVO_USB=m
CONFIG_TAHVO_USB_HOST_BY_DEFAULT=y
@ -6434,6 +6471,7 @@ CONFIG_LEDS_PCA9532=m
CONFIG_LEDS_PCA9532_GPIO=y
CONFIG_LEDS_GPIO=m
CONFIG_LEDS_LP3944=m
CONFIG_LEDS_LP3952=m
CONFIG_LEDS_LP55XX_COMMON=m
CONFIG_LEDS_LP5521=m
CONFIG_LEDS_LP5523=m
@ -6474,6 +6512,7 @@ CONFIG_LEDS_BLINKM=m
CONFIG_LEDS_TRIGGERS=y
CONFIG_LEDS_TRIGGER_TIMER=m
CONFIG_LEDS_TRIGGER_ONESHOT=m
CONFIG_LEDS_TRIGGER_DISK=y
# CONFIG_LEDS_TRIGGER_MTD is not set
CONFIG_LEDS_TRIGGER_HEARTBEAT=m
CONFIG_LEDS_TRIGGER_BACKLIGHT=m
@ -6517,6 +6556,7 @@ CONFIG_INFINIBAND_SRPT=m
CONFIG_INFINIBAND_ISER=m
CONFIG_INFINIBAND_ISERT=m
CONFIG_INFINIBAND_RDMAVT=m
CONFIG_RDMA_RXE=m
CONFIG_INFINIBAND_HFI1=m
# CONFIG_HFI1_DEBUG_SDMA_ORDER is not set
CONFIG_HFI1_VERBS_31BIT_PSN=y
@ -6542,7 +6582,9 @@ CONFIG_EDAC_I5000=m
CONFIG_EDAC_I5100=m
CONFIG_EDAC_I7300=m
CONFIG_EDAC_SBRIDGE=m
CONFIG_EDAC_SKX=m
CONFIG_RTC_LIB=y
CONFIG_RTC_MC146818_LIB=y
CONFIG_RTC_CLASS=y
CONFIG_RTC_HCTOSYS=y
CONFIG_RTC_HCTOSYS_DEVICE="rtc0"
@ -6614,6 +6656,7 @@ CONFIG_RTC_DRV_DS1305=m
CONFIG_RTC_DRV_DS1343=m
CONFIG_RTC_DRV_DS1347=m
CONFIG_RTC_DRV_DS1390=m
CONFIG_RTC_DRV_MAX6916=m
CONFIG_RTC_DRV_R9701=m
CONFIG_RTC_DRV_RX4581=m
CONFIG_RTC_DRV_RX6110=m
@ -6949,7 +6992,6 @@ CONFIG_ADIS16201=m
CONFIG_ADIS16203=m
CONFIG_ADIS16209=m
CONFIG_ADIS16240=m
CONFIG_LIS3L02DQ=m
CONFIG_SCA3000=m
#
@ -7042,8 +7084,8 @@ CONFIG_SPEAKUP_SYNTH_TXPRT=m
CONFIG_SPEAKUP_SYNTH_DUMMY=m
CONFIG_STAGING_MEDIA=y
CONFIG_I2C_BCM2048=m
# CONFIG_MEDIA_CEC is not set
CONFIG_DVB_CXD2099=m
CONFIG_DVB_MN88472=m
CONFIG_LIRC_STAGING=y
CONFIG_LIRC_BT829=m
CONFIG_LIRC_IMON=m
@ -7127,6 +7169,7 @@ CONFIG_HDM_USB=m
#
# Old ISDN4Linux (deprecated)
#
CONFIG_KS7010=m
CONFIG_X86_PLATFORM_DEVICES=y
CONFIG_ACER_WMI=m
CONFIG_ACERHDF=m
@ -7174,6 +7217,7 @@ CONFIG_TOSHIBA_HAPS=m
CONFIG_TOSHIBA_WMI=m
CONFIG_ACPI_CMPC=m
CONFIG_INTEL_HID_EVENT=m
CONFIG_INTEL_VBTN=m
CONFIG_INTEL_IPS=m
CONFIG_INTEL_PMC_CORE=y
CONFIG_IBM_RTL=m
@ -7214,7 +7258,7 @@ CONFIG_COMMON_CLK_PALMAS=m
CONFIG_COMMON_CLK_PWM=m
# CONFIG_COMMON_CLK_PXA is not set
# CONFIG_COMMON_CLK_PIC32 is not set
# CONFIG_COMMON_CLK_OXNAS is not set
# CONFIG_SUNXI_CCU is not set
#
# Hardware Spinlock drivers
@ -7263,6 +7307,10 @@ CONFIG_STE_MODEM_RPROC=m
#
# SOC (System On Chip) specific Drivers
#
#
# Broadcom SoC drivers
#
# CONFIG_SUNXI_SRAM is not set
CONFIG_SOC_TI=y
CONFIG_PM_DEVFREQ=y
@ -7307,6 +7355,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_CONFIGFS=m
CONFIG_IIO_TRIGGER=y
CONFIG_IIO_CONSUMERS_PER_TRIGGER=2
CONFIG_IIO_SW_DEVICE=m
CONFIG_IIO_SW_TRIGGER=m
CONFIG_IIO_TRIGGERED_EVENT=m
@ -7314,6 +7363,7 @@ CONFIG_IIO_TRIGGERED_EVENT=m
# Accelerometers
#
CONFIG_BMA180=m
CONFIG_BMA220=m
CONFIG_BMC150_ACCEL=m
CONFIG_BMC150_ACCEL_I2C=m
CONFIG_BMC150_ACCEL_SPI=m
@ -7326,6 +7376,7 @@ CONFIG_KXCJK1013=m
CONFIG_MMA7455=m
CONFIG_MMA7455_I2C=m
CONFIG_MMA7455_SPI=m
CONFIG_MMA7660=m
CONFIG_MMA8452=m
CONFIG_MMA9551_CORE=m
CONFIG_MMA9551=m
@ -7562,12 +7613,14 @@ CONFIG_HID_SENSOR_DEVICE_ROTATION=m
#
CONFIG_IIO_HRTIMER_TRIGGER=m
CONFIG_IIO_INTERRUPT_TRIGGER=m
CONFIG_IIO_TIGHTLOOP_TRIGGER=m
CONFIG_IIO_SYSFS_TRIGGER=m
#
# Digital potentiometers
#
CONFIG_DS1803=m
CONFIG_MAX5487=m
CONFIG_MCP4131=m
CONFIG_MCP4531=m
CONFIG_TPL0102=m
@ -7637,6 +7690,7 @@ CONFIG_VME_PIO2=m
CONFIG_PWM=y
CONFIG_PWM_SYSFS=y
CONFIG_PWM_CRC=y
CONFIG_PWM_CROS_EC=m
CONFIG_PWM_LP3943=m
CONFIG_PWM_LPSS=m
CONFIG_PWM_LPSS_PCI=m
@ -7649,6 +7703,7 @@ CONFIG_IPACK_BUS=m
CONFIG_BOARD_TPCI200=m
CONFIG_SERIAL_IPOCTAL=m
CONFIG_RESET_CONTROLLER=y
CONFIG_TI_SYSCON_RESET=m
CONFIG_FMC=m
CONFIG_FMC_FAKEDEV=m
CONFIG_FMC_TRIVIAL=m
@ -7716,6 +7771,7 @@ CONFIG_FPGA_MGR_ZYNQ_FPGA=m
#
# Firmware Drivers
#
# CONFIG_ARM_SCPI_PROTOCOL is not set
CONFIG_EDD=y
CONFIG_EDD_OFF=y
CONFIG_FIRMWARE_MEMMAP=y
@ -7748,14 +7804,14 @@ CONFIG_UEFI_CPER=y
# File systems
#
CONFIG_DCACHE_WORD_ACCESS=y
CONFIG_FS_IOMAP=y
# CONFIG_EXT2_FS is not set
# CONFIG_EXT3_FS is not set
CONFIG_EXT4_FS=y
CONFIG_EXT4_USE_FOR_EXT2=y
CONFIG_EXT4_FS_POSIX_ACL=y
CONFIG_EXT4_FS_SECURITY=y
CONFIG_EXT4_ENCRYPTION=m
CONFIG_EXT4_FS_ENCRYPTION=y
# CONFIG_EXT4_ENCRYPTION is not set
# CONFIG_EXT4_DEBUG is not set
CONFIG_JBD2=y
# CONFIG_JBD2_DEBUG is not set
@ -7798,12 +7854,13 @@ CONFIG_F2FS_FS_XATTR=y
CONFIG_F2FS_FS_POSIX_ACL=y
CONFIG_F2FS_FS_SECURITY=y
# CONFIG_F2FS_CHECK_FS is not set
CONFIG_F2FS_FS_ENCRYPTION=y
# CONFIG_F2FS_FS_ENCRYPTION is not set
# CONFIG_F2FS_IO_TRACE is not set
# CONFIG_F2FS_FAULT_INJECTION is not set
CONFIG_FS_DAX=y
CONFIG_FS_POSIX_ACL=y
CONFIG_EXPORTFS=y
# CONFIG_EXPORTFS_BLOCK_OPS is not set
CONFIG_FILE_LOCKING=y
CONFIG_MANDATORY_FILE_LOCKING=y
CONFIG_FS_ENCRYPTION=m
@ -7943,6 +8000,9 @@ CONFIG_ROMFS_BACKED_BY_BLOCK=y
# CONFIG_ROMFS_BACKED_BY_BOTH is not set
CONFIG_ROMFS_ON_BLOCK=y
CONFIG_PSTORE=y
CONFIG_PSTORE_ZLIB_COMPRESS=y
# CONFIG_PSTORE_LZO_COMPRESS is not set
# CONFIG_PSTORE_LZ4_COMPRESS is not set
# CONFIG_PSTORE_CONSOLE is not set
# CONFIG_PSTORE_PMSG is not set
# CONFIG_PSTORE_FTRACE is not set
@ -7981,6 +8041,7 @@ CONFIG_NFSD_V3_ACL=y
CONFIG_NFSD_V4=y
# CONFIG_NFSD_BLOCKLAYOUT is not set
# CONFIG_NFSD_SCSILAYOUT is not set
# CONFIG_NFSD_FLEXFILELAYOUT is not set
CONFIG_NFSD_V4_SECURITY_LABEL=y
# CONFIG_NFSD_FAULT_INJECTION is not set
CONFIG_GRACE_PERIOD=m
@ -8212,8 +8273,6 @@ CONFIG_PM_NOTIFIER_ERROR_INJECT=m
CONFIG_NETDEV_NOTIFIER_ERROR_INJECT=m
# CONFIG_FAULT_INJECTION is not set
# CONFIG_LATENCYTOP is not set
CONFIG_ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS=y
# CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set
CONFIG_USER_STACKTRACE_SUPPORT=y
CONFIG_NOP_TRACER=y
CONFIG_HAVE_FUNCTION_TRACER=y
@ -8360,6 +8419,10 @@ CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_PATH=y
CONFIG_INTEL_TXT=y
CONFIG_LSM_MMAP_MIN_ADDR=0
CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
CONFIG_HAVE_ARCH_HARDENED_USERCOPY=y
CONFIG_HARDENED_USERCOPY=y
# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
@ -8380,6 +8443,7 @@ CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init"
CONFIG_SECURITY_APPARMOR=y
CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
CONFIG_SECURITY_APPARMOR_HASH=y
CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
# CONFIG_SECURITY_LOADPIN is not set
CONFIG_SECURITY_YAMA=y
CONFIG_INTEGRITY=y
@ -8439,7 +8503,11 @@ CONFIG_CRYPTO_RNG2=y
CONFIG_CRYPTO_RNG_DEFAULT=m
CONFIG_CRYPTO_AKCIPHER2=y
CONFIG_CRYPTO_AKCIPHER=y
CONFIG_CRYPTO_KPP2=y
CONFIG_CRYPTO_KPP=m
CONFIG_CRYPTO_RSA=y
CONFIG_CRYPTO_DH=m
CONFIG_CRYPTO_ECDH=m
CONFIG_CRYPTO_MANAGER=y
CONFIG_CRYPTO_MANAGER2=y
CONFIG_CRYPTO_USER=m
@ -8509,8 +8577,11 @@ CONFIG_CRYPTO_SHA1_SSSE3=m
CONFIG_CRYPTO_SHA256_SSSE3=m
CONFIG_CRYPTO_SHA512_SSSE3=m
CONFIG_CRYPTO_SHA1_MB=m
CONFIG_CRYPTO_SHA256_MB=m
CONFIG_CRYPTO_SHA512_MB=m
CONFIG_CRYPTO_SHA256=y
CONFIG_CRYPTO_SHA512=y
CONFIG_CRYPTO_SHA3=m
CONFIG_CRYPTO_TGR192=m
CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m
@ -8568,12 +8639,12 @@ CONFIG_CRYPTO_LZ4HC=m
# Random Number Generation
#
CONFIG_CRYPTO_ANSI_CPRNG=m
CONFIG_CRYPTO_DRBG_MENU=m
CONFIG_CRYPTO_DRBG_MENU=y
CONFIG_CRYPTO_DRBG_HMAC=y
CONFIG_CRYPTO_DRBG_HASH=y
CONFIG_CRYPTO_DRBG_CTR=y
CONFIG_CRYPTO_DRBG=m
CONFIG_CRYPTO_JITTERENTROPY=m
CONFIG_CRYPTO_DRBG=y
CONFIG_CRYPTO_JITTERENTROPY=y
CONFIG_CRYPTO_USER_API=m
CONFIG_CRYPTO_USER_API_HASH=m
CONFIG_CRYPTO_USER_API_SKCIPHER=m
@ -8611,7 +8682,6 @@ CONFIG_HAVE_KVM_IRQCHIP=y
CONFIG_HAVE_KVM_IRQFD=y
CONFIG_HAVE_KVM_IRQ_ROUTING=y
CONFIG_HAVE_KVM_EVENTFD=y
CONFIG_KVM_APIC_ARCHITECTURE=y
CONFIG_KVM_MMIO=y
CONFIG_KVM_ASYNC_PF=y
CONFIG_HAVE_KVM_MSI=y
@ -8626,6 +8696,11 @@ CONFIG_KVM_INTEL=m
CONFIG_KVM_AMD=m
# CONFIG_KVM_MMU_AUDIT is not set
CONFIG_KVM_DEVICE_ASSIGNMENT=y
CONFIG_VHOST_NET=m
CONFIG_VHOST_SCSI=m
CONFIG_VHOST_VSOCK=m
CONFIG_VHOST=m
# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set
CONFIG_BINARY_PRINTF=y
#
@ -8644,7 +8719,7 @@ CONFIG_GENERIC_IOMAP=y
CONFIG_GENERIC_IO=y
CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y
CONFIG_ARCH_HAS_FAST_MULTIPLIER=y
CONFIG_CRC_CCITT=m
CONFIG_CRC_CCITT=y
CONFIG_CRC16=y
CONFIG_CRC_T10DIF=y
CONFIG_CRC_ITU_T=m

View File

@ -321,8 +321,8 @@ It has been modified to remove all non-free binary blobs.")
(define %intel-compatible-systems '("x86_64-linux" "i686-linux"))
(define-public linux-libre
(make-linux-libre "4.7.6"
"0716lpzq3w2pdc0nrrx06gqzdfzhkrjq7g37v4ws9wjlzak8hkvy"
(make-linux-libre "4.8"
"0fnax2qb597zg2gchab9n9fn7551vccmqfcvq5k3ckz24y50yknm"
%intel-compatible-systems
#:configuration-file kernel-config))
@ -617,7 +617,11 @@ slabtop, and skill.")
(native-inputs `(("pkg-config" ,pkg-config)
("texinfo" ,texinfo))) ;for the libext2fs Info manual
(arguments
'(;; util-linux is the preferred source for some of the libraries and
'(;; Parallel building reliably yields a failure like this:
;; "make[2]: *** No rule to make target '../lib/libss.so', needed by
;; 'debugfs'. Stop."
#:parallel-build? #f
;; util-linux is the preferred source for some of the libraries and
;; commands, so disable them (see, e.g.,
;; <http://git.buildroot.net/buildroot/commit/?id=e1ffc2f791b33633>.)
#:configure-flags '("--disable-libblkid"
@ -2595,7 +2599,7 @@ and copy/paste text in the console and in xterm.")
(define-public btrfs-progs
(package
(name "btrfs-progs")
(version "4.7.3")
(version "4.8")
(source (origin
(method url-fetch)
(uri (string-append "mirror://kernel.org/linux/kernel/"
@ -2603,7 +2607,7 @@ and copy/paste text in the console and in xterm.")
"btrfs-progs-v" version ".tar.xz"))
(sha256
(base32
"073pvx8vz6rkw2d8mm1m60b3i8743pc712pasvydbgm8wl66zkch"))))
"06v6fqr0rl1bqg87ndi5fjh3l59v7yvimlg3abr4jc3wxw8hmdg6"))))
(build-system gnu-build-system)
(outputs '("out"
"static")) ; static versions of binaries in "out" (~16MiB!)

View File

@ -443,50 +443,6 @@ interface.")
(license (list license:lgpl2.1
license:clarified-artistic)))) ;TRIVIAL-LDAP package
(define-public lispf4
(let ((commit "174d8764d2f9764e8f4794c2e3feada9f9c1f1ba"))
(package
(name "lispf4")
(version (string-append "0.0.0-1" "-"
(string-take commit 7)))
(source (origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/blakemcbride/LISPF4.git")
(commit commit)))
(file-name (string-append name "-" version "-checkout"))
(sha256
(base32
"18k8kfn30za637y4bfbm9x3vv4psa3q8f7bi9h4h0qlb8rz8m92c"))))
(build-system gnu-build-system)
;; 80 MB appended Documentation -> output:doc
(outputs '("out" "doc"))
(arguments
`(#:make-flags
'("-f" "Makefile.unx" "CC=gcc")
#:tests? #f ; No 'check phase
#:phases
(modify-phases %standard-phases
(delete 'configure)
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
(bin (string-append out "/bin"))
(doc (string-append (assoc-ref outputs "doc")
"/share/doc/lispf4")))
(install-file "lispf4" bin)
(install-file "SYSATOMS" bin)
(install-file "BASIC.IMG" bin)
(copy-recursively "Documentation" doc))
#t)))))
(synopsis "InterLisp interpreter")
(description
"LISPF4 is an InterLisp interpreter written in FORTRAN by Mats Nordstrom
in the early 80's. It was converted to C by Blake McBride and supports much of
the InterLisp Standard.")
(home-page "https://github.com/blakemcbride/LISPF4.git")
(license license:expat))))
(define-public femtolisp
(let ((commit "68c5b1225572ecf2c52baf62f928063e5a30511b")
(revision "1"))

View File

@ -134,20 +134,25 @@ classification.")
"0qbq1rqp94l530f043qzp8aw5lj7dng9wq0miffd7spd1ff638wq"))))
(build-system gnu-build-system)
(arguments
`(#:phases
`(#:imported-modules (,@%gnu-build-system-modules
(guix build python-build-system))
#:phases
(modify-phases %standard-phases
(add-after 'unpack 'enter-dir
(lambda _ (chdir "ghmm") #t))
(add-after 'enter-dir 'fix-PYTHONPATH
(lambda* (#:key outputs #:allow-other-keys)
;; The Python tests fail as the library is assumed to be stored
;; in ./build/lib.linux-i686-*. To fix this we detect the CPU
;; and use it in the path.
(substitute* "configure.in"
(("AM_INIT_AUTOMAKE" line)
(string-append line "\nAC_CANONICAL_HOST\n")))
(substitute* "ghmmwrapper/Makefile.am"
(("i686") "@host_cpu@"))
(delete 'check)
(add-after 'install 'check
(assoc-ref %standard-phases 'check))
(add-before 'check 'fix-PYTHONPATH
(lambda* (#:key inputs outputs #:allow-other-keys)
(let ((python-version ((@@ (guix build python-build-system)
get-python-version)
(assoc-ref inputs "python"))))
(setenv "PYTHONPATH"
(string-append (getenv "PYTHONPATH")
":" (assoc-ref outputs "out")
"/lib/python" python-version
"/site-packages")))
#t))
(add-after 'enter-dir 'fix-runpath
(lambda* (#:key outputs #:allow-other-keys)

View File

@ -185,15 +185,15 @@ semiconductors.")
(define-public gsl
(package
(name "gsl")
(version "2.1")
(source
(origin
(method url-fetch)
(uri (string-append "mirror://gnu/gsl/gsl-"
version ".tar.gz"))
(sha256
(base32
"0rhcia9jhr3p1f1wybwyllwqfs9bggz99i3mi5lpyqcpff1hdbar"))))
(version "2.2.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/gsl/gsl-"
version ".tar.gz"))
(sha256
(base32
"095hp01d8lkqdvv0p1k25kvbisgfdmvx1rzpyc2i8kl2n33kvlhk"))
(patches (search-patches "gsl-test-i686.patch"))))
(build-system gnu-build-system)
(arguments
`(#:parallel-tests? #f))
@ -442,7 +442,7 @@ from one map projection to another. The GCTP is the standard computer
software used by the National Mapping Division for map projection
computations.")
(home-page "https://github.com/OkoSanto/GCTP")
(license 'license:public-domain))) ; https://www2.usgs.gov/laws/info_policies.html
(license license:public-domain))) ;https://www2.usgs.gov/laws/info_policies.html
(define-public hdf5
(package
@ -2629,3 +2629,37 @@ the same amount of space as the original point representation. This is useful
when using the Gilbert curve as a space filling curve through a
high-dimensional space where not all demensions have the same cardinality.")
(license license:lgpl2.1+)))
(define-public vc
(package
(name "vc")
(version "1.2.0")
(source
(origin (method url-fetch)
(uri (string-append "https://github.com/VcDevel/Vc/releases/"
"download/" version "/Vc-" version ".tar.gz"))
(sha256
(base32
"1rh6dhqar3y07n4xqyml0sa0v48qv3ch9dc3yc2in855hlh4vnqi"))))
(build-system cmake-build-system)
(arguments
'(#:configure-flags
'("-DBUILD_TESTING=ON")))
(synopsis "SIMD vector classes for C++")
(description "Vc provides portable, zero-overhead C++ types for explicitly
data-parallel programming. It is a library designed to ease explicit
vectorization of C++ code. Its types enable explicitly stating data-parallel
operations on multiple values. The parallelism is therefore added via the type
system. Vc has an intuitive API and provides portability between different
compilers and compiler versions as well as portability between different vector
instruction sets. Thus, an application written with Vc can be compiled for:
@enumerate
@item AVX and AVX2
@item SSE2 upto SSE4.2 or SSE4a
@item Scalar
@item MIC
@item NEON (in development)
@item NVIDIA GPUs / CUDA (in development)
@end enumerate\n")
(home-page "https://github.com/VcDevel/Vc")
(license license:bsd-3)))

View File

@ -154,7 +154,7 @@
;; incompatible .go files as reported at
;; <https://lists.gnu.org/archive/html/guix-devel/2016-03/msg01261.html>.
(wrap-program (string-append out "/bin/guix")
`("GUILE_LOAD_PATH" ":" = (,path))
`("GUILE_LOAD_PATH" ":" prefix (,path))
`("GUILE_LOAD_COMPILED_PATH" ":" = (,path)))
#t))))))

View File

@ -45,7 +45,7 @@
(define-public parallel
(package
(name "parallel")
(version "20160822")
(version "20160922")
(source
(origin
(method url-fetch)
@ -53,7 +53,7 @@
version ".tar.bz2"))
(sha256
(base32
"1qdb7889w7v5amd0z4qg3v4hia0wj5vjly9qvm5lm5nlxg8bfrwq"))))
"157q17v2vkjwccx9s2pxqip46gvwhfq4v9ar0l1ghgmpxggksvyq"))))
(build-system gnu-build-system)
(arguments
`(#:phases

View File

@ -1,45 +0,0 @@
This patch is needed to allow builds with newer versions of
the GNU libc (2.16+).
The upstream fix was:
commit 66712c23388e93e5c518ebc8515140fa0c807348
Author: Eric Blake <eblake@redhat.com>
Date: Thu Mar 29 13:30:41 2012 -0600
stdio: don't assume gets any more
Gnulib intentionally does not have a gets module, and now that C11
and glibc have dropped it, we should be more proactive about warning
any user on a platform that still has a declaration of this dangerous
interface.
* m4/stdio_h.m4 (gl_STDIO_H, gl_STDIO_H_DEFAULTS): Drop gets
support.
* modules/stdio (Makefile.am): Likewise.
* lib/stdio-read.c (gets): Likewise.
* tests/test-stdio-c++.cc: Likewise.
* m4/warn-on-use.m4 (gl_WARN_ON_USE_PREPARE): Fix comment.
* lib/stdio.in.h (gets): Make warning occur in more places.
* doc/posix-functions/gets.texi (gets): Update documentation.
Reported by Christer Solskogen.
Signed-off-by: Eric Blake <eblake@redhat.com>
This patch just gets rid of the offending part.
--- cpio-2.11/gnu/stdio.in.h-orig 2012-11-25 22:17:06.000000000 +0400
+++ cpio-2.11/gnu/stdio.in.h 2012-11-25 22:18:36.000000000 +0400
@@ -135,12 +135,6 @@
"use gnulib module fflush for portable POSIX compliance");
#endif
-/* It is very rare that the developer ever has full control of stdin,
- so any use of gets warrants an unconditional warning. Assume it is
- always declared, since it is required by C89. */
-#undef gets
-_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
-
#if @GNULIB_FOPEN@
# if @REPLACE_FOPEN@
# if !(defined __cplusplus && defined GNULIB_NAMESPACE)

View File

@ -0,0 +1,17 @@
Work around a test failure due to a rounding issue on 32-bit
platforms, as reported at:
https://lists.gnu.org/archive/html/bug-gsl/2016-10/msg00000.html
--- gsl-2.2.1/linalg/test.c 2016-10-05 13:27:42.464059730 +0200
+++ gsl-2.2.1/linalg/test.c 2016-10-05 13:27:46.988095882 +0200
@@ -4843,9 +4843,6 @@ main(void)
gsl_test(test_cholesky_decomp_unit(), "Cholesky Decomposition [unit triangular]");
gsl_test(test_cholesky_solve(), "Cholesky Solve");
- gsl_test(test_cholesky_decomp(r), "Cholesky Decomposition");
- gsl_test(test_cholesky_invert(r), "Cholesky Inverse");
- gsl_test(test_pcholesky_decomp(r), "Pivoted Cholesky Decomposition");
gsl_test(test_pcholesky_solve(r), "Pivoted Cholesky Solve");
gsl_test(test_pcholesky_invert(r), "Pivoted Cholesky Inverse");
gsl_test(test_mcholesky_decomp(r), "Modified Cholesky Decomposition");

View File

@ -0,0 +1,76 @@
Fix CVE-2016-7942:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7942
Patch copied from upstream source repository:
https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8ea762f94f4c942d898fdeb590a1630c83235c17
From 8ea762f94f4c942d898fdeb590a1630c83235c17 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun, 25 Sep 2016 21:25:25 +0200
Subject: [PATCH] Validation of server responses in XGetImage()
Check if enough bytes were received for specified image type and
geometry. Otherwise GetPixel and other functions could trigger an
out of boundary read later on.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
---
src/GetImage.c | 29 ++++++++++++++++++++---------
1 file changed, 20 insertions(+), 9 deletions(-)
diff --git a/src/GetImage.c b/src/GetImage.c
index c461abc..ff32d58 100644
--- a/src/GetImage.c
+++ b/src/GetImage.c
@@ -59,6 +59,7 @@ XImage *XGetImage (
char *data;
unsigned long nbytes;
XImage *image;
+ int planes;
LockDisplay(dpy);
GetReq (GetImage, req);
/*
@@ -91,18 +92,28 @@ XImage *XGetImage (
return (XImage *) NULL;
}
_XReadPad (dpy, data, nbytes);
- if (format == XYPixmap)
- image = XCreateImage(dpy, _XVIDtoVisual(dpy, rep.visual),
- Ones (plane_mask &
- (((unsigned long)0xFFFFFFFF) >> (32 - rep.depth))),
- format, 0, data, width, height, dpy->bitmap_pad, 0);
- else /* format == ZPixmap */
- image = XCreateImage (dpy, _XVIDtoVisual(dpy, rep.visual),
- rep.depth, ZPixmap, 0, data, width, height,
- _XGetScanlinePad(dpy, (int) rep.depth), 0);
+ if (format == XYPixmap) {
+ image = XCreateImage(dpy, _XVIDtoVisual(dpy, rep.visual),
+ Ones (plane_mask &
+ (((unsigned long)0xFFFFFFFF) >> (32 - rep.depth))),
+ format, 0, data, width, height, dpy->bitmap_pad, 0);
+ planes = image->depth;
+ } else { /* format == ZPixmap */
+ image = XCreateImage (dpy, _XVIDtoVisual(dpy, rep.visual),
+ rep.depth, ZPixmap, 0, data, width, height,
+ _XGetScanlinePad(dpy, (int) rep.depth), 0);
+ planes = 1;
+ }
if (!image)
Xfree(data);
+ if (planes < 1 || image->height < 1 || image->bytes_per_line < 1 ||
+ INT_MAX / image->height <= image->bytes_per_line ||
+ INT_MAX / planes <= image->height * image->bytes_per_line ||
+ nbytes < planes * image->height * image->bytes_per_line) {
+ XDestroyImage(image);
+ image = NULL;
+ }
UnlockDisplay(dpy);
SyncHandle();
return (image);
--
2.10.1

View File

@ -0,0 +1,113 @@
Fix CVE-2016-7943:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7943.
Patch copied from upstream source repository:
https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0dd3d74173822b3c9
From 8c29f1607a31dac0911e45a0dd3d74173822b3c9 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun, 25 Sep 2016 21:22:57 +0200
Subject: [PATCH] The validation of server responses avoids out of boundary
accesses.
v2: FontNames.c return a NULL list whenever a single
length field from the server is incohent.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
---
src/FontNames.c | 23 +++++++++++++++++------
src/ListExt.c | 12 ++++++++----
src/ModMap.c | 3 ++-
3 files changed, 27 insertions(+), 11 deletions(-)
diff --git a/src/FontNames.c b/src/FontNames.c
index 21dcafe..e55f338 100644
--- a/src/FontNames.c
+++ b/src/FontNames.c
@@ -66,7 +66,7 @@ int *actualCount) /* RETURN */
if (rep.nFonts) {
flist = Xmalloc (rep.nFonts * sizeof(char *));
- if (rep.length < (INT_MAX >> 2)) {
+ if (rep.length > 0 && rep.length < (INT_MAX >> 2)) {
rlen = rep.length << 2;
ch = Xmalloc(rlen + 1);
/* +1 to leave room for last null-terminator */
@@ -93,11 +93,22 @@ int *actualCount) /* RETURN */
if (ch + length < chend) {
flist[i] = ch + 1; /* skip over length */
ch += length + 1; /* find next length ... */
- length = *(unsigned char *)ch;
- *ch = '\0'; /* and replace with null-termination */
- count++;
- } else
- flist[i] = NULL;
+ if (ch <= chend) {
+ length = *(unsigned char *)ch;
+ *ch = '\0'; /* and replace with null-termination */
+ count++;
+ } else {
+ Xfree(flist);
+ flist = NULL;
+ count = 0;
+ break;
+ }
+ } else {
+ Xfree(flist);
+ flist = NULL;
+ count = 0;
+ break;
+ }
}
}
*actualCount = count;
diff --git a/src/ListExt.c b/src/ListExt.c
index be6b989..0516e45 100644
--- a/src/ListExt.c
+++ b/src/ListExt.c
@@ -55,7 +55,7 @@ char **XListExtensions(
if (rep.nExtensions) {
list = Xmalloc (rep.nExtensions * sizeof (char *));
- if (rep.length < (INT_MAX >> 2)) {
+ if (rep.length > 0 && rep.length < (INT_MAX >> 2)) {
rlen = rep.length << 2;
ch = Xmalloc (rlen + 1);
/* +1 to leave room for last null-terminator */
@@ -80,9 +80,13 @@ char **XListExtensions(
if (ch + length < chend) {
list[i] = ch+1; /* skip over length */
ch += length + 1; /* find next length ... */
- length = *ch;
- *ch = '\0'; /* and replace with null-termination */
- count++;
+ if (ch <= chend) {
+ length = *ch;
+ *ch = '\0'; /* and replace with null-termination */
+ count++;
+ } else {
+ list[i] = NULL;
+ }
} else
list[i] = NULL;
}
diff --git a/src/ModMap.c b/src/ModMap.c
index a809aa2..49a5d08 100644
--- a/src/ModMap.c
+++ b/src/ModMap.c
@@ -42,7 +42,8 @@ XGetModifierMapping(register Display *dpy)
GetEmptyReq(GetModifierMapping, req);
(void) _XReply (dpy, (xReply *)&rep, 0, xFalse);
- if (rep.length < (INT_MAX >> 2)) {
+ if (rep.length < (INT_MAX >> 2) &&
+ (rep.length >> 1) == rep.numKeyPerModifier) {
nbytes = (unsigned long)rep.length << 2;
res = Xmalloc(sizeof (XModifierKeymap));
if (res)
--
2.10.1

View File

@ -0,0 +1,62 @@
Fix CVE-2016-7944:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7944
Patch copied from upstream source repository:
https://cgit.freedesktop.org/xorg/lib/libXfixes/commit/?id=61c1039ee23a2d1de712843bed3480654d7ef42e
From 61c1039ee23a2d1de712843bed3480654d7ef42e Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun, 25 Sep 2016 22:38:44 +0200
Subject: [PATCH] Integer overflow on illegal server response
The 32 bit field "rep.length" is not checked for validity, which allows
an integer overflow on 32 bit systems.
A malicious server could send INT_MAX as length, which gets multiplied
by the size of XRectangle. In that case the client won't read the whole
data from server, getting out of sync.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
---
src/Region.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/src/Region.c b/src/Region.c
index cb0cf6e..59bcc1a 100644
--- a/src/Region.c
+++ b/src/Region.c
@@ -23,6 +23,7 @@
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
+#include <limits.h>
#include "Xfixesint.h"
XserverRegion
@@ -333,9 +334,17 @@ XFixesFetchRegionAndBounds (Display *dpy,
bounds->y = rep.y;
bounds->width = rep.width;
bounds->height = rep.height;
- nbytes = (long) rep.length << 2;
- nrects = rep.length >> 1;
- rects = Xmalloc (nrects * sizeof (XRectangle));
+
+ if (rep.length < (INT_MAX >> 2)) {
+ nbytes = (long) rep.length << 2;
+ nrects = rep.length >> 1;
+ rects = Xmalloc (nrects * sizeof (XRectangle));
+ } else {
+ nbytes = 0;
+ nrects = 0;
+ rects = NULL;
+ }
+
if (!rects)
{
_XEatDataWords(dpy, rep.length);
--
2.10.1

View File

@ -0,0 +1,420 @@
Fix CVE-2016-7945:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7945
Patch copied from upstream source repository:
https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5
From 19a9cd607de73947fcfb104682f203ffe4e1f4e5 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun, 25 Sep 2016 22:31:34 +0200
Subject: [PATCH] Properly validate server responses.
By validating length fields from server responses, out of boundary
accesses and endless loops can be mitigated.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
---
src/XGMotion.c | 3 ++-
src/XGetBMap.c | 3 ++-
src/XGetDCtl.c | 6 ++++--
src/XGetFCtl.c | 7 ++++++-
src/XGetKMap.c | 14 +++++++++++---
src/XGetMMap.c | 11 +++++++++--
src/XIQueryDevice.c | 36 ++++++++++++++++++++++++++++++++++--
src/XListDev.c | 21 +++++++++++++++------
src/XOpenDev.c | 13 ++++++++++---
src/XQueryDv.c | 8 ++++++--
10 files changed, 99 insertions(+), 23 deletions(-)
diff --git a/src/XGMotion.c b/src/XGMotion.c
index 7785843..9433e29 100644
--- a/src/XGMotion.c
+++ b/src/XGMotion.c
@@ -114,7 +114,8 @@ XGetDeviceMotionEvents(
}
/* rep.axes is a CARD8, so assume max number of axes for bounds check */
if (rep.nEvents <
- (INT_MAX / (sizeof(XDeviceTimeCoord) + (UCHAR_MAX * sizeof(int))))) {
+ (INT_MAX / (sizeof(XDeviceTimeCoord) + (UCHAR_MAX * sizeof(int)))) &&
+ rep.nEvents * (rep.axes + 1) <= rep.length) {
size_t bsize = rep.nEvents *
(sizeof(XDeviceTimeCoord) + (rep.axes * sizeof(int)));
bufp = Xmalloc(bsize);
diff --git a/src/XGetBMap.c b/src/XGetBMap.c
index 002daba..13bb8c6 100644
--- a/src/XGetBMap.c
+++ b/src/XGetBMap.c
@@ -92,7 +92,8 @@ XGetDeviceButtonMapping(
status = _XReply(dpy, (xReply *) & rep, 0, xFalse);
if (status == 1) {
- if (rep.length <= (sizeof(mapping) >> 2)) {
+ if (rep.length <= (sizeof(mapping) >> 2) &&
+ rep.nElts <= (rep.length << 2)) {
unsigned long nbytes = rep.length << 2;
_XRead(dpy, (char *)mapping, nbytes);
diff --git a/src/XGetDCtl.c b/src/XGetDCtl.c
index c5d3b53..7f6b396 100644
--- a/src/XGetDCtl.c
+++ b/src/XGetDCtl.c
@@ -93,7 +93,8 @@ XGetDeviceControl(
if (rep.length > 0) {
unsigned long nbytes;
size_t size = 0;
- if (rep.length < (INT_MAX >> 2)) {
+ if (rep.length < (INT_MAX >> 2) &&
+ (rep.length << 2) >= sizeof(xDeviceState)) {
nbytes = (unsigned long) rep.length << 2;
d = Xmalloc(nbytes);
}
@@ -117,7 +118,8 @@ XGetDeviceControl(
size_t val_size;
r = (xDeviceResolutionState *) d;
- if (r->num_valuators >= (INT_MAX / (3 * sizeof(int))))
+ if (sizeof(xDeviceResolutionState) > nbytes ||
+ r->num_valuators >= (INT_MAX / (3 * sizeof(int))))
goto out;
val_size = 3 * sizeof(int) * r->num_valuators;
if ((sizeof(xDeviceResolutionState) + val_size) > nbytes)
diff --git a/src/XGetFCtl.c b/src/XGetFCtl.c
index 7fd6d0e..82dcc64 100644
--- a/src/XGetFCtl.c
+++ b/src/XGetFCtl.c
@@ -73,6 +73,7 @@ XGetFeedbackControl(
XFeedbackState *Sav = NULL;
xFeedbackState *f = NULL;
xFeedbackState *sav = NULL;
+ char *end = NULL;
xGetFeedbackControlReq *req;
xGetFeedbackControlReply rep;
XExtDisplayInfo *info = XInput_find_display(dpy);
@@ -105,10 +106,12 @@ XGetFeedbackControl(
goto out;
}
sav = f;
+ end = (char *)f + nbytes;
_XRead(dpy, (char *)f, nbytes);
for (i = 0; i < *num_feedbacks; i++) {
- if (f->length > nbytes)
+ if ((char *)f + sizeof(*f) > end ||
+ f->length == 0 || f->length > nbytes)
goto out;
nbytes -= f->length;
@@ -125,6 +128,8 @@ XGetFeedbackControl(
case StringFeedbackClass:
{
xStringFeedbackState *strf = (xStringFeedbackState *) f;
+ if ((char *)f + sizeof(*strf) > end)
+ goto out;
size += sizeof(XStringFeedbackState) +
(strf->num_syms_supported * sizeof(KeySym));
}
diff --git a/src/XGetKMap.c b/src/XGetKMap.c
index 0540ce4..008a72b 100644
--- a/src/XGetKMap.c
+++ b/src/XGetKMap.c
@@ -54,6 +54,7 @@ SOFTWARE.
#include <config.h>
#endif
+#include <limits.h>
#include <X11/extensions/XI.h>
#include <X11/extensions/XIproto.h>
#include <X11/Xlibint.h>
@@ -93,9 +94,16 @@ XGetDeviceKeyMapping(register Display * dpy, XDevice * dev,
return (KeySym *) NULL;
}
if (rep.length > 0) {
- *syms_per_code = rep.keySymsPerKeyCode;
- nbytes = (long)rep.length << 2;
- mapping = (KeySym *) Xmalloc((unsigned)nbytes);
+ if (rep.length < INT_MAX >> 2 &&
+ rep.length == rep.keySymsPerKeyCode * keycount) {
+ *syms_per_code = rep.keySymsPerKeyCode;
+ nbytes = (long)rep.length << 2;
+ mapping = (KeySym *) Xmalloc((unsigned)nbytes);
+ } else {
+ *syms_per_code = 0;
+ nbytes = 0;
+ mapping = NULL;
+ }
if (mapping)
_XRead(dpy, (char *)mapping, nbytes);
else
diff --git a/src/XGetMMap.c b/src/XGetMMap.c
index 246698c..33c114f 100644
--- a/src/XGetMMap.c
+++ b/src/XGetMMap.c
@@ -53,6 +53,7 @@ SOFTWARE.
#include <config.h>
#endif
+#include <limits.h>
#include <X11/extensions/XI.h>
#include <X11/extensions/XIproto.h>
#include <X11/Xlibint.h>
@@ -85,8 +86,14 @@ XGetDeviceModifierMapping(
SyncHandle();
return (XModifierKeymap *) NULL;
}
- nbytes = (unsigned long)rep.length << 2;
- res = (XModifierKeymap *) Xmalloc(sizeof(XModifierKeymap));
+ if (rep.length < (INT_MAX >> 2) &&
+ rep.numKeyPerModifier == rep.length >> 1) {
+ nbytes = (unsigned long)rep.length << 2;
+ res = (XModifierKeymap *) Xmalloc(sizeof(XModifierKeymap));
+ } else {
+ nbytes = 0;
+ res = NULL;
+ }
if (res) {
res->modifiermap = (KeyCode *) Xmalloc(nbytes);
if (res->modifiermap)
diff --git a/src/XIQueryDevice.c b/src/XIQueryDevice.c
index fb8504f..a457cd6 100644
--- a/src/XIQueryDevice.c
+++ b/src/XIQueryDevice.c
@@ -26,6 +26,7 @@
#include <config.h>
#endif
+#include <limits.h>
#include <stdint.h>
#include <X11/Xlibint.h>
#include <X11/extensions/XI2proto.h>
@@ -43,6 +44,7 @@ XIQueryDevice(Display *dpy, int deviceid, int *ndevices_return)
xXIQueryDeviceReq *req;
xXIQueryDeviceReply reply;
char *ptr;
+ char *end;
int i;
char *buf;
@@ -60,14 +62,24 @@ XIQueryDevice(Display *dpy, int deviceid, int *ndevices_return)
if (!_XReply(dpy, (xReply*) &reply, 0, xFalse))
goto error;
- *ndevices_return = reply.num_devices;
- info = Xmalloc((reply.num_devices + 1) * sizeof(XIDeviceInfo));
+ if (reply.length < INT_MAX / 4)
+ {
+ *ndevices_return = reply.num_devices;
+ info = Xmalloc((reply.num_devices + 1) * sizeof(XIDeviceInfo));
+ }
+ else
+ {
+ *ndevices_return = 0;
+ info = NULL;
+ }
+
if (!info)
goto error;
buf = Xmalloc(reply.length * 4);
_XRead(dpy, buf, reply.length * 4);
ptr = buf;
+ end = buf + reply.length * 4;
/* info is a null-terminated array */
info[reply.num_devices].name = NULL;
@@ -79,6 +91,9 @@ XIQueryDevice(Display *dpy, int deviceid, int *ndevices_return)
XIDeviceInfo *lib = &info[i];
xXIDeviceInfo *wire = (xXIDeviceInfo*)ptr;
+ if (ptr + sizeof(xXIDeviceInfo) > end)
+ goto error_loop;
+
lib->deviceid = wire->deviceid;
lib->use = wire->use;
lib->attachment = wire->attachment;
@@ -87,12 +102,23 @@ XIQueryDevice(Display *dpy, int deviceid, int *ndevices_return)
ptr += sizeof(xXIDeviceInfo);
+ if (ptr + wire->name_len > end)
+ goto error_loop;
+
lib->name = Xcalloc(wire->name_len + 1, 1);
+ if (lib->name == NULL)
+ goto error_loop;
strncpy(lib->name, ptr, wire->name_len);
+ lib->name[wire->name_len] = '\0';
ptr += ((wire->name_len + 3)/4) * 4;
sz = size_classes((xXIAnyInfo*)ptr, nclasses);
lib->classes = Xmalloc(sz);
+ if (lib->classes == NULL)
+ {
+ Xfree(lib->name);
+ goto error_loop;
+ }
ptr += copy_classes(lib, (xXIAnyInfo*)ptr, &nclasses);
/* We skip over unused classes */
lib->num_classes = nclasses;
@@ -103,6 +129,12 @@ XIQueryDevice(Display *dpy, int deviceid, int *ndevices_return)
SyncHandle();
return info;
+error_loop:
+ while (--i >= 0)
+ {
+ Xfree(info[i].name);
+ Xfree(info[i].classes);
+ }
error:
UnlockDisplay(dpy);
error_unlocked:
diff --git a/src/XListDev.c b/src/XListDev.c
index b85ff3c..f850cd0 100644
--- a/src/XListDev.c
+++ b/src/XListDev.c
@@ -74,7 +74,7 @@ static int pad_to_xid(int base_size)
}
static size_t
-SizeClassInfo(xAnyClassPtr *any, int num_classes)
+SizeClassInfo(xAnyClassPtr *any, size_t len, int num_classes)
{
int size = 0;
int j;
@@ -90,6 +90,8 @@ SizeClassInfo(xAnyClassPtr *any, int num_classes)
{
xValuatorInfoPtr v;
+ if (len < sizeof(v))
+ return 0;
v = (xValuatorInfoPtr) *any;
size += pad_to_xid(sizeof(XValuatorInfo) +
(v->num_axes * sizeof(XAxisInfo)));
@@ -98,6 +100,8 @@ SizeClassInfo(xAnyClassPtr *any, int num_classes)
default:
break;
}
+ if ((*any)->length > len)
+ return 0;
*any = (xAnyClassPtr) ((char *)(*any) + (*any)->length);
}
@@ -170,7 +174,7 @@ XListInputDevices(
register Display *dpy,
int *ndevices)
{
- size_t size;
+ size_t s, size;
xListInputDevicesReq *req;
xListInputDevicesReply rep;
xDeviceInfo *list, *slist = NULL;
@@ -178,6 +182,7 @@ XListInputDevices(
XDeviceInfo *clist = NULL;
xAnyClassPtr any, sav_any;
XAnyClassPtr Any;
+ char *end = NULL;
unsigned char *nptr, *Nptr;
int i;
unsigned long rlen;
@@ -213,16 +218,20 @@ XListInputDevices(
any = (xAnyClassPtr) ((char *)list + (*ndevices * sizeof(xDeviceInfo)));
sav_any = any;
+ end = (char *)list + rlen;
for (i = 0; i < *ndevices; i++, list++) {
- size += SizeClassInfo(&any, (int)list->num_classes);
+ s = SizeClassInfo(&any, end - (char *)any, (int)list->num_classes);
+ if (!s)
+ goto out;
+ size += s;
}
- Nptr = ((unsigned char *)list) + rlen + 1;
+ Nptr = ((unsigned char *)list) + rlen;
for (i = 0, nptr = (unsigned char *)any; i < *ndevices; i++) {
+ if (nptr >= Nptr)
+ goto out;
size += *nptr + 1;
nptr += (*nptr + 1);
- if (nptr > Nptr)
- goto out;
}
clist = (XDeviceInfoPtr) Xmalloc(size);
diff --git a/src/XOpenDev.c b/src/XOpenDev.c
index 029dec2..4b3c460 100644
--- a/src/XOpenDev.c
+++ b/src/XOpenDev.c
@@ -53,6 +53,7 @@ SOFTWARE.
#include <config.h>
#endif
+#include <limits.h>
#include <X11/extensions/XI.h>
#include <X11/extensions/XIproto.h>
#include <X11/Xlibint.h>
@@ -86,9 +87,15 @@ XOpenDevice(
return (XDevice *) NULL;
}
- rlen = rep.length << 2;
- dev = (XDevice *) Xmalloc(sizeof(XDevice) + rep.num_classes *
- sizeof(XInputClassInfo));
+ if (rep.length < INT_MAX >> 2 &&
+ (rep.length << 2) >= rep.num_classes * sizeof(xInputClassInfo)) {
+ rlen = rep.length << 2;
+ dev = (XDevice *) Xmalloc(sizeof(XDevice) + rep.num_classes *
+ sizeof(XInputClassInfo));
+ } else {
+ rlen = 0;
+ dev = NULL;
+ }
if (dev) {
int dlen; /* data length */
diff --git a/src/XQueryDv.c b/src/XQueryDv.c
index de1c0e5..7ee2272 100644
--- a/src/XQueryDv.c
+++ b/src/XQueryDv.c
@@ -73,7 +73,7 @@ XQueryDeviceState(
xQueryDeviceStateReply rep;
XDeviceState *state = NULL;
XInputClass *any, *Any;
- char *data = NULL;
+ char *data = NULL, *end = NULL;
XExtDisplayInfo *info = XInput_find_display(dpy);
LockDisplay(dpy);
@@ -92,6 +92,7 @@ XQueryDeviceState(
if (rep.length < (INT_MAX >> 2)) {
rlen = (unsigned long) rep.length << 2;
data = Xmalloc(rlen);
+ end = data + rlen;
}
if (!data) {
_XEatDataWords(dpy, rep.length);
@@ -100,7 +101,8 @@ XQueryDeviceState(
_XRead(dpy, data, rlen);
for (i = 0, any = (XInputClass *) data; i < (int)rep.num_classes; i++) {
- if (any->length > rlen)
+ if ((char *)any + sizeof(XInputClass) > end ||
+ any->length == 0 || any->length > rlen)
goto out;
rlen -= any->length;
@@ -114,6 +116,8 @@ XQueryDeviceState(
case ValuatorClass:
{
xValuatorState *v = (xValuatorState *) any;
+ if ((char *)any + sizeof(xValuatorState) > end)
+ goto out;
size += (sizeof(XValuatorState) +
(v->num_valuators * sizeof(int)));
}
--
2.10.1

View File

@ -0,0 +1,447 @@
Fix CVE-2016-7947 and CVE-2016-7948.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7947
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7948
Patch copied from upstream source repository:
https://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=a0df3e1c7728205e5c7650b2e6dce684139254a6
From a0df3e1c7728205e5c7650b2e6dce684139254a6 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun, 25 Sep 2016 22:21:40 +0200
Subject: [PATCH] Avoid out of boundary accesses on illegal responses
The responses of the connected X server have to be properly checked
to avoid out of boundary accesses that could otherwise be triggered
by a malicious server.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
---
src/XrrConfig.c | 32 +++++++++++++--------
src/XrrCrtc.c | 83 ++++++++++++++++++++++++++++++++++++++++++-------------
src/XrrMonitor.c | 18 ++++++++++++
src/XrrOutput.c | 11 ++++++++
src/XrrProvider.c | 28 ++++++++++++++++---
src/XrrScreen.c | 52 ++++++++++++++++++++++------------
6 files changed, 172 insertions(+), 52 deletions(-)
diff --git a/src/XrrConfig.c b/src/XrrConfig.c
index 2f0282b..e68c45a 100644
--- a/src/XrrConfig.c
+++ b/src/XrrConfig.c
@@ -29,6 +29,7 @@
#include <config.h>
#endif
+#include <limits.h>
#include <stdio.h>
#include <X11/Xlib.h>
/* we need to be able to manipulate the Display structure on events */
@@ -272,23 +273,30 @@ static XRRScreenConfiguration *_XRRGetScreenInfo (Display *dpy,
rep.rate = 0;
rep.nrateEnts = 0;
}
+ if (rep.length < INT_MAX >> 2) {
+ nbytes = (long) rep.length << 2;
- nbytes = (long) rep.length << 2;
+ nbytesRead = (long) (rep.nSizes * SIZEOF (xScreenSizes) +
+ ((rep.nrateEnts + 1)& ~1) * 2 /* SIZEOF(CARD16) */);
- nbytesRead = (long) (rep.nSizes * SIZEOF (xScreenSizes) +
- ((rep.nrateEnts + 1)& ~1) * 2 /* SIZEOF (CARD16) */);
+ /*
+ * first we must compute how much space to allocate for
+ * randr library's use; we'll allocate the structures in a single
+ * allocation, on cleanlyness grounds.
+ */
- /*
- * first we must compute how much space to allocate for
- * randr library's use; we'll allocate the structures in a single
- * allocation, on cleanlyness grounds.
- */
+ rbytes = sizeof (XRRScreenConfiguration) +
+ (rep.nSizes * sizeof (XRRScreenSize) +
+ rep.nrateEnts * sizeof (int));
- rbytes = sizeof (XRRScreenConfiguration) +
- (rep.nSizes * sizeof (XRRScreenSize) +
- rep.nrateEnts * sizeof (int));
+ scp = (struct _XRRScreenConfiguration *) Xmalloc(rbytes);
+ } else {
+ nbytes = 0;
+ nbytesRead = 0;
+ rbytes = 0;
+ scp = NULL;
+ }
- scp = (struct _XRRScreenConfiguration *) Xmalloc(rbytes);
if (scp == NULL) {
_XEatData (dpy, (unsigned long) nbytes);
return NULL;
diff --git a/src/XrrCrtc.c b/src/XrrCrtc.c
index 5ae35c5..6665092 100644
--- a/src/XrrCrtc.c
+++ b/src/XrrCrtc.c
@@ -24,6 +24,7 @@
#include <config.h>
#endif
+#include <limits.h>
#include <stdio.h>
#include <X11/Xlib.h>
/* we need to be able to manipulate the Display structure on events */
@@ -57,22 +58,33 @@ XRRGetCrtcInfo (Display *dpy, XRRScreenResources *resources, RRCrtc crtc)
return NULL;
}
- nbytes = (long) rep.length << 2;
+ if (rep.length < INT_MAX >> 2)
+ {
+ nbytes = (long) rep.length << 2;
- nbytesRead = (long) (rep.nOutput * 4 +
- rep.nPossibleOutput * 4);
+ nbytesRead = (long) (rep.nOutput * 4 +
+ rep.nPossibleOutput * 4);
- /*
- * first we must compute how much space to allocate for
- * randr library's use; we'll allocate the structures in a single
- * allocation, on cleanlyness grounds.
- */
+ /*
+ * first we must compute how much space to allocate for
+ * randr library's use; we'll allocate the structures in a single
+ * allocation, on cleanlyness grounds.
+ */
- rbytes = (sizeof (XRRCrtcInfo) +
- rep.nOutput * sizeof (RROutput) +
- rep.nPossibleOutput * sizeof (RROutput));
+ rbytes = (sizeof (XRRCrtcInfo) +
+ rep.nOutput * sizeof (RROutput) +
+ rep.nPossibleOutput * sizeof (RROutput));
+
+ xci = (XRRCrtcInfo *) Xmalloc(rbytes);
+ }
+ else
+ {
+ nbytes = 0;
+ nbytesRead = 0;
+ rbytes = 0;
+ xci = NULL;
+ }
- xci = (XRRCrtcInfo *) Xmalloc(rbytes);
if (xci == NULL) {
_XEatDataWords (dpy, rep.length);
UnlockDisplay (dpy);
@@ -194,12 +206,21 @@ XRRGetCrtcGamma (Display *dpy, RRCrtc crtc)
if (!_XReply (dpy, (xReply *) &rep, 0, xFalse))
goto out;
- nbytes = (long) rep.length << 2;
+ if (rep.length < INT_MAX >> 2)
+ {
+ nbytes = (long) rep.length << 2;
- /* three channels of CARD16 data */
- nbytesRead = (rep.size * 2 * 3);
+ /* three channels of CARD16 data */
+ nbytesRead = (rep.size * 2 * 3);
- crtc_gamma = XRRAllocGamma (rep.size);
+ crtc_gamma = XRRAllocGamma (rep.size);
+ }
+ else
+ {
+ nbytes = 0;
+ nbytesRead = 0;
+ crtc_gamma = NULL;
+ }
if (!crtc_gamma)
{
@@ -357,7 +378,7 @@ XRRGetCrtcTransform (Display *dpy,
xRRGetCrtcTransformReq *req;
int major_version, minor_version;
XRRCrtcTransformAttributes *attr;
- char *extra = NULL, *e;
+ char *extra = NULL, *end = NULL, *e;
int p;
*attributes = NULL;
@@ -395,9 +416,17 @@ XRRGetCrtcTransform (Display *dpy,
else
{
int extraBytes = rep.length * 4 - CrtcTransformExtra;
- extra = Xmalloc (extraBytes);
+ if (rep.length < INT_MAX / 4 &&
+ rep.length * 4 >= CrtcTransformExtra) {
+ extra = Xmalloc (extraBytes);
+ end = extra + extraBytes;
+ } else
+ extra = NULL;
if (!extra) {
- _XEatDataWords (dpy, rep.length - (CrtcTransformExtra >> 2));
+ if (rep.length > (CrtcTransformExtra >> 2))
+ _XEatDataWords (dpy, rep.length - (CrtcTransformExtra >> 2));
+ else
+ _XEatDataWords (dpy, rep.length);
UnlockDisplay (dpy);
SyncHandle ();
return False;
@@ -429,22 +458,38 @@ XRRGetCrtcTransform (Display *dpy,
e = extra;
+ if (e + rep.pendingNbytesFilter > end) {
+ XFree (extra);
+ return False;
+ }
memcpy (attr->pendingFilter, e, rep.pendingNbytesFilter);
attr->pendingFilter[rep.pendingNbytesFilter] = '\0';
e += (rep.pendingNbytesFilter + 3) & ~3;
for (p = 0; p < rep.pendingNparamsFilter; p++) {
INT32 f;
+ if (e + 4 > end) {
+ XFree (extra);
+ return False;
+ }
memcpy (&f, e, 4);
e += 4;
attr->pendingParams[p] = (XFixed) f;
}
attr->pendingNparams = rep.pendingNparamsFilter;
+ if (e + rep.currentNbytesFilter > end) {
+ XFree (extra);
+ return False;
+ }
memcpy (attr->currentFilter, e, rep.currentNbytesFilter);
attr->currentFilter[rep.currentNbytesFilter] = '\0';
e += (rep.currentNbytesFilter + 3) & ~3;
for (p = 0; p < rep.currentNparamsFilter; p++) {
INT32 f;
+ if (e + 4 > end) {
+ XFree (extra);
+ return False;
+ }
memcpy (&f, e, 4);
e += 4;
attr->currentParams[p] = (XFixed) f;
diff --git a/src/XrrMonitor.c b/src/XrrMonitor.c
index a9eaa7b..adc5330 100644
--- a/src/XrrMonitor.c
+++ b/src/XrrMonitor.c
@@ -24,6 +24,7 @@
#include <config.h>
#endif
+#include <limits.h>
#include <stdio.h>
#include <X11/Xlib.h>
/* we need to be able to manipulate the Display structure on events */
@@ -65,6 +66,15 @@ XRRGetMonitors(Display *dpy, Window window, Bool get_active, int *nmonitors)
return NULL;
}
+ if (rep.length > INT_MAX >> 2 ||
+ rep.nmonitors > INT_MAX / SIZEOF(xRRMonitorInfo) ||
+ rep.noutputs > INT_MAX / 4 ||
+ rep.nmonitors * SIZEOF(xRRMonitorInfo) > INT_MAX - rep.noutputs * 4) {
+ _XEatData (dpy, rep.length);
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return NULL;
+ }
nbytes = (long) rep.length << 2;
nmon = rep.nmonitors;
noutput = rep.noutputs;
@@ -111,6 +121,14 @@ XRRGetMonitors(Display *dpy, Window window, Bool get_active, int *nmonitors)
mon[m].outputs = output;
buf += SIZEOF (xRRMonitorInfo);
xoutput = (CARD32 *) buf;
+ if (xmon->noutput > rep.noutputs) {
+ Xfree(buf);
+ Xfree(mon);
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return NULL;
+ }
+ rep.noutputs -= xmon->noutput;
for (o = 0; o < xmon->noutput; o++)
output[o] = xoutput[o];
output += xmon->noutput;
diff --git a/src/XrrOutput.c b/src/XrrOutput.c
index 85f0b6e..30f3d40 100644
--- a/src/XrrOutput.c
+++ b/src/XrrOutput.c
@@ -25,6 +25,7 @@
#include <config.h>
#endif
+#include <limits.h>
#include <stdio.h>
#include <X11/Xlib.h>
/* we need to be able to manipulate the Display structure on events */
@@ -60,6 +61,16 @@ XRRGetOutputInfo (Display *dpy, XRRScreenResources *resources, RROutput output)
return NULL;
}
+ if (rep.length > INT_MAX >> 2 || rep.length < (OutputInfoExtra >> 2))
+ {
+ if (rep.length > (OutputInfoExtra >> 2))
+ _XEatDataWords (dpy, rep.length - (OutputInfoExtra >> 2));
+ else
+ _XEatDataWords (dpy, rep.length);
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return NULL;
+ }
nbytes = ((long) (rep.length) << 2) - OutputInfoExtra;
nbytesRead = (long) (rep.nCrtcs * 4 +
diff --git a/src/XrrProvider.c b/src/XrrProvider.c
index 9e620c7..d796cd0 100644
--- a/src/XrrProvider.c
+++ b/src/XrrProvider.c
@@ -25,6 +25,7 @@
#include <config.h>
#endif
+#include <limits.h>
#include <stdio.h>
#include <X11/Xlib.h>
/* we need to be able to manipulate the Display structure on events */
@@ -59,12 +60,20 @@ XRRGetProviderResources(Display *dpy, Window window)
return NULL;
}
- nbytes = (long) rep.length << 2;
+ if (rep.length < INT_MAX >> 2) {
+ nbytes = (long) rep.length << 2;
- nbytesRead = (long) (rep.nProviders * 4);
+ nbytesRead = (long) (rep.nProviders * 4);
- rbytes = (sizeof(XRRProviderResources) + rep.nProviders * sizeof(RRProvider));
- xrpr = (XRRProviderResources *) Xmalloc(rbytes);
+ rbytes = (sizeof(XRRProviderResources) + rep.nProviders *
+ sizeof(RRProvider));
+ xrpr = (XRRProviderResources *) Xmalloc(rbytes);
+ } else {
+ nbytes = 0;
+ nbytesRead = 0;
+ rbytes = 0;
+ xrpr = NULL;
+ }
if (xrpr == NULL) {
_XEatDataWords (dpy, rep.length);
@@ -121,6 +130,17 @@ XRRGetProviderInfo(Display *dpy, XRRScreenResources *resources, RRProvider provi
return NULL;
}
+ if (rep.length > INT_MAX >> 2 || rep.length < ProviderInfoExtra >> 2)
+ {
+ if (rep.length < ProviderInfoExtra >> 2)
+ _XEatDataWords (dpy, rep.length);
+ else
+ _XEatDataWords (dpy, rep.length - (ProviderInfoExtra >> 2));
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return NULL;
+ }
+
nbytes = ((long) rep.length << 2) - ProviderInfoExtra;
nbytesRead = (long)(rep.nCrtcs * 4 +
diff --git a/src/XrrScreen.c b/src/XrrScreen.c
index b8ce7e5..1f7ffe6 100644
--- a/src/XrrScreen.c
+++ b/src/XrrScreen.c
@@ -24,6 +24,7 @@
#include <config.h>
#endif
+#include <limits.h>
#include <stdio.h>
#include <X11/Xlib.h>
/* we need to be able to manipulate the Display structure on events */
@@ -105,27 +106,36 @@ doGetScreenResources (Display *dpy, Window window, int poll)
xrri->has_rates = _XRRHasRates (xrri->minor_version, xrri->major_version);
}
- nbytes = (long) rep.length << 2;
+ if (rep.length < INT_MAX >> 2) {
+ nbytes = (long) rep.length << 2;
- nbytesRead = (long) (rep.nCrtcs * 4 +
- rep.nOutputs * 4 +
- rep.nModes * SIZEOF (xRRModeInfo) +
- ((rep.nbytesNames + 3) & ~3));
+ nbytesRead = (long) (rep.nCrtcs * 4 +
+ rep.nOutputs * 4 +
+ rep.nModes * SIZEOF (xRRModeInfo) +
+ ((rep.nbytesNames + 3) & ~3));
- /*
- * first we must compute how much space to allocate for
- * randr library's use; we'll allocate the structures in a single
- * allocation, on cleanlyness grounds.
- */
+ /*
+ * first we must compute how much space to allocate for
+ * randr library's use; we'll allocate the structures in a single
+ * allocation, on cleanlyness grounds.
+ */
+
+ rbytes = (sizeof (XRRScreenResources) +
+ rep.nCrtcs * sizeof (RRCrtc) +
+ rep.nOutputs * sizeof (RROutput) +
+ rep.nModes * sizeof (XRRModeInfo) +
+ rep.nbytesNames + rep.nModes); /* '\0' terminate names */
- rbytes = (sizeof (XRRScreenResources) +
- rep.nCrtcs * sizeof (RRCrtc) +
- rep.nOutputs * sizeof (RROutput) +
- rep.nModes * sizeof (XRRModeInfo) +
- rep.nbytesNames + rep.nModes); /* '\0' terminate names */
+ xrsr = (XRRScreenResources *) Xmalloc(rbytes);
+ wire_names = (char *) Xmalloc (rep.nbytesNames);
+ } else {
+ nbytes = 0;
+ nbytesRead = 0;
+ rbytes = 0;
+ xrsr = NULL;
+ wire_names = NULL;
+ }
- xrsr = (XRRScreenResources *) Xmalloc(rbytes);
- wire_names = (char *) Xmalloc (rep.nbytesNames);
if (xrsr == NULL || wire_names == NULL) {
Xfree (xrsr);
Xfree (wire_names);
@@ -174,6 +184,14 @@ doGetScreenResources (Display *dpy, Window window, int poll)
wire_name = wire_names;
for (i = 0; i < rep.nModes; i++) {
xrsr->modes[i].name = names;
+ if (xrsr->modes[i].nameLength > rep.nbytesNames) {
+ Xfree (xrsr);
+ Xfree (wire_names);
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return NULL;
+ }
+ rep.nbytesNames -= xrsr->modes[i].nameLength;
memcpy (names, wire_name, xrsr->modes[i].nameLength);
names[xrsr->modes[i].nameLength] = '\0';
names += xrsr->modes[i].nameLength + 1;
--
2.10.1

View File

@ -0,0 +1,66 @@
Fix CVE-2016-7949:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7949
Patch copied from upstream source repository:
https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=9362c7ddd1af3b168953d0737877bc52d79c94f4
From 9362c7ddd1af3b168953d0737877bc52d79c94f4 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun, 25 Sep 2016 21:43:09 +0200
Subject: [PATCH] Validate lengths while parsing server data.
Individual lengths inside received server data can overflow
the previously reserved memory.
It is therefore important to validate every single length
field to not overflow the previously agreed sum of all invidual
length fields.
v2: consume remaining bytes in the reply buffer on error.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Matthieu Herrb@laas.fr
---
src/Xrender.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/src/Xrender.c b/src/Xrender.c
index 3102eb2..71cf3e6 100644
--- a/src/Xrender.c
+++ b/src/Xrender.c
@@ -533,12 +533,30 @@ XRenderQueryFormats (Display *dpy)
screen->fallback = _XRenderFindFormat (xri, xScreen->fallback);
screen->subpixel = SubPixelUnknown;
xDepth = (xPictDepth *) (xScreen + 1);
+ if (screen->ndepths > rep.numDepths) {
+ Xfree (xri);
+ Xfree (xData);
+ _XEatDataWords (dpy, rep.length);
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return 0;
+ }
+ rep.numDepths -= screen->ndepths;
for (nd = 0; nd < screen->ndepths; nd++)
{
depth->depth = xDepth->depth;
depth->nvisuals = xDepth->nPictVisuals;
depth->visuals = visual;
xVisual = (xPictVisual *) (xDepth + 1);
+ if (depth->nvisuals > rep.numVisuals) {
+ Xfree (xri);
+ Xfree (xData);
+ _XEatDataWords (dpy, rep.length);
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return 0;
+ }
+ rep.numVisuals -= depth->nvisuals;
for (nv = 0; nv < depth->nvisuals; nv++)
{
visual->visual = _XRenderFindVisual (dpy, xVisual->visual);
--
2.10.1

View File

@ -0,0 +1,73 @@
Fix CVE-2016-7950:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7950
Patch copied from upstream source repository:
https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=8fad00b0b647ee662ce4737ca15be033b7a21714
From 8fad00b0b647ee662ce4737ca15be033b7a21714 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun, 25 Sep 2016 21:42:09 +0200
Subject: [PATCH] Avoid OOB write in XRenderQueryFilters
The memory for filter names is reserved right after receiving the reply.
After that, filters are iterated and each individual filter name is
stored in that reserved memory.
The individual name lengths are not checked for validity, which means
that a malicious server can reserve less memory than it will write to
during each iteration.
v2: consume remaining bytes in reply buffer on error.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
---
src/Filter.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/src/Filter.c b/src/Filter.c
index edfa572..8d701eb 100644
--- a/src/Filter.c
+++ b/src/Filter.c
@@ -38,7 +38,7 @@ XRenderQueryFilters (Display *dpy, Drawable drawable)
char *name;
char len;
int i;
- unsigned long nbytes, nbytesAlias, nbytesName;
+ unsigned long nbytes, nbytesAlias, nbytesName, reply_left;
if (!RenderHasExtension (info))
return NULL;
@@ -114,6 +114,7 @@ XRenderQueryFilters (Display *dpy, Drawable drawable)
* Read the filter aliases
*/
_XRead16Pad (dpy, filters->alias, 2 * rep.numAliases);
+ reply_left = 8 + rep.length - 2 * rep.numAliases;;
/*
* Read the filter names
@@ -122,9 +123,19 @@ XRenderQueryFilters (Display *dpy, Drawable drawable)
{
int l;
_XRead (dpy, &len, 1);
+ reply_left--;
l = len & 0xff;
+ if ((unsigned long)l + 1 > nbytesName) {
+ _XEatDataWords(dpy, reply_left);
+ Xfree(filters);
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return NULL;
+ }
+ nbytesName -= l + 1;
filters->filter[i] = name;
_XRead (dpy, name, l);
+ reply_left -= l;
name[l] = '\0';
name += l + 1;
}
--
2.10.1

View File

@ -0,0 +1,152 @@
Fix CVE-2016-7951 and CVE-2016-7952
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7951
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7952
Patch copied from upstream source repository:
https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af3129ec4a7a4f4b54a0d59701beeae3
From 9556ad67af3129ec4a7a4f4b54a0d59701beeae3 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun, 25 Sep 2016 21:37:01 +0200
Subject: [PATCH] Out of boundary access and endless loop in libXtst
A lack of range checks in libXtst allows out of boundary accesses.
The checks have to be done in-place here, because it cannot be done
without in-depth knowledge of the read data.
If XRecordStartOfData, XRecordEndOfData, or XRecordClientDied
without a client sequence have attached data, an endless loop would
occur. The do-while-loop continues until the current index reaches
the end. But in these cases, the current index would not be
incremented, leading to an endless processing.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
---
src/XRecord.c | 43 +++++++++++++++++++++++++++++++++++++++----
1 file changed, 39 insertions(+), 4 deletions(-)
diff --git a/src/XRecord.c b/src/XRecord.c
index 50420c0..fefd842 100644
--- a/src/XRecord.c
+++ b/src/XRecord.c
@@ -749,15 +749,23 @@ parse_reply_call_callback(
switch (rep->category) {
case XRecordFromServer:
if (rep->elementHeader&XRecordFromServerTime) {
+ if (current_index + 4 > rep->length << 2)
+ return Error;
EXTRACT_CARD32(rep->clientSwapped,
reply->buf+current_index,
data->server_time);
current_index += 4;
}
+ if (current_index + 1 > rep->length << 2)
+ return Error;
switch (reply->buf[current_index]) {
case X_Reply: /* reply */
+ if (current_index + 8 > rep->length << 2)
+ return Error;
EXTRACT_CARD32(rep->clientSwapped,
reply->buf+current_index+4, datum_bytes);
+ if (datum_bytes < 0 || datum_bytes > ((INT_MAX >> 2) - 8))
+ return Error;
datum_bytes = (datum_bytes+8) << 2;
break;
default: /* error or event */
@@ -766,52 +774,73 @@ parse_reply_call_callback(
break;
case XRecordFromClient:
if (rep->elementHeader&XRecordFromClientTime) {
+ if (current_index + 4 > rep->length << 2)
+ return Error;
EXTRACT_CARD32(rep->clientSwapped,
reply->buf+current_index,
data->server_time);
current_index += 4;
}
if (rep->elementHeader&XRecordFromClientSequence) {
+ if (current_index + 4 > rep->length << 2)
+ return Error;
EXTRACT_CARD32(rep->clientSwapped,
reply->buf+current_index,
data->client_seq);
current_index += 4;
}
+ if (current_index + 4 > rep->length<<2)
+ return Error;
if (reply->buf[current_index+2] == 0
&& reply->buf[current_index+3] == 0) /* needn't swap 0 */
{ /* BIG-REQUESTS */
+ if (current_index + 8 > rep->length << 2)
+ return Error;
EXTRACT_CARD32(rep->clientSwapped,
reply->buf+current_index+4, datum_bytes);
} else {
EXTRACT_CARD16(rep->clientSwapped,
reply->buf+current_index+2, datum_bytes);
}
+ if (datum_bytes < 0 || datum_bytes > INT_MAX >> 2)
+ return Error;
datum_bytes <<= 2;
break;
case XRecordClientStarted:
+ if (current_index + 8 > rep->length << 2)
+ return Error;
EXTRACT_CARD16(rep->clientSwapped,
reply->buf+current_index+6, datum_bytes);
datum_bytes = (datum_bytes+2) << 2;
break;
case XRecordClientDied:
if (rep->elementHeader&XRecordFromClientSequence) {
+ if (current_index + 4 > rep->length << 2)
+ return Error;
EXTRACT_CARD32(rep->clientSwapped,
reply->buf+current_index,
data->client_seq);
current_index += 4;
- }
- /* fall through */
+ } else if (current_index < rep->length << 2)
+ return Error;
+ datum_bytes = 0;
+ break;
case XRecordStartOfData:
case XRecordEndOfData:
+ if (current_index < rep->length << 2)
+ return Error;
datum_bytes = 0;
+ break;
}
if (datum_bytes > 0) {
- if (current_index + datum_bytes > rep->length << 2)
+ if (INT_MAX - datum_bytes < (rep->length << 2) - current_index) {
fprintf(stderr,
"XRecord: %lu-byte reply claims %d-byte element (seq %lu)\n",
- (long)rep->length << 2, current_index + datum_bytes,
+ (unsigned long)rep->length << 2, current_index + datum_bytes,
dpy->last_request_read);
+ return Error;
+ }
/*
* This assignment (and indeed the whole buffer sharing
* scheme) assumes arbitrary 4-byte boundaries are
@@ -863,6 +892,12 @@ XRecordEnableContext(Display *dpy, XRecordContext context,
return 0;
}
+ if (rep.length > INT_MAX >> 2) {
+ UnlockDisplay(dpy);
+ SyncHandle();
+ return 0;
+ }
+
if (rep.length > 0) {
reply = alloc_reply_buffer(info, rep.length<<2);
if (!reply) {
--
2.10.1

View File

@ -0,0 +1,162 @@
Fix CVE-2016-5407:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5407
Patch copied from upstream source repository:
https://cgit.freedesktop.org/xorg/lib/libXv/commit/?id=d9da580b46a28ab497de2e94fdc7b9ff953dab17
From d9da580b46a28ab497de2e94fdc7b9ff953dab17 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun, 25 Sep 2016 21:30:03 +0200
Subject: [PATCH] Protocol handling issues in libXv - CVE-2016-5407
The Xv query functions for adaptors and encodings suffer from out of
boundary accesses if a hostile X server sends a maliciously crafted
response.
A previous fix already checks the received length against fixed values
but ignores additional length specifications which are stored inside
the received data.
These lengths are accessed in a for-loop. The easiest way to guarantee
a correct processing is by validating all lengths against the
remaining size left before accessing referenced memory.
This makes the previously applied check obsolete, therefore I removed
it.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
---
src/Xv.c | 46 +++++++++++++++++++++++++++++-----------------
1 file changed, 29 insertions(+), 17 deletions(-)
diff --git a/src/Xv.c b/src/Xv.c
index e47093a..be450c4 100644
--- a/src/Xv.c
+++ b/src/Xv.c
@@ -158,6 +158,7 @@ XvQueryAdaptors(
size_t size;
unsigned int ii, jj;
char *name;
+ char *end;
XvAdaptorInfo *pas = NULL, *pa;
XvFormat *pfs, *pf;
char *buffer = NULL;
@@ -197,17 +198,13 @@ XvQueryAdaptors(
/* GET INPUT ADAPTORS */
if (rep.num_adaptors == 0) {
- /* If there's no adaptors, there's nothing more to do. */
+ /* If there are no adaptors, there's nothing more to do. */
status = Success;
goto out;
}
- if (size < (rep.num_adaptors * sz_xvAdaptorInfo)) {
- /* If there's not enough data for the number of adaptors,
- then we have a problem. */
- status = XvBadReply;
- goto out;
- }
+ u.buffer = buffer;
+ end = buffer + size;
size = rep.num_adaptors * sizeof(XvAdaptorInfo);
if ((pas = Xmalloc(size)) == NULL) {
@@ -225,9 +222,12 @@ XvQueryAdaptors(
pa++;
}
- u.buffer = buffer;
pa = pas;
for (ii = 0; ii < rep.num_adaptors; ii++) {
+ if (u.buffer + sz_xvAdaptorInfo > end) {
+ status = XvBadReply;
+ goto out;
+ }
pa->type = u.pa->type;
pa->base_id = u.pa->base_id;
pa->num_ports = u.pa->num_ports;
@@ -239,6 +239,10 @@ XvQueryAdaptors(
size = u.pa->name_size;
u.buffer += pad_to_int32(sz_xvAdaptorInfo);
+ if (u.buffer + size > end) {
+ status = XvBadReply;
+ goto out;
+ }
if ((name = Xmalloc(size + 1)) == NULL) {
status = XvBadAlloc;
goto out;
@@ -259,6 +263,11 @@ XvQueryAdaptors(
pf = pfs;
for (jj = 0; jj < pa->num_formats; jj++) {
+ if (u.buffer + sz_xvFormat > end) {
+ Xfree(pfs);
+ status = XvBadReply;
+ goto out;
+ }
pf->depth = u.pf->depth;
pf->visual_id = u.pf->visual;
pf++;
@@ -327,6 +336,7 @@ XvQueryEncodings(
size_t size;
unsigned int jj;
char *name;
+ char *end;
XvEncodingInfo *pes = NULL, *pe;
char *buffer = NULL;
union {
@@ -364,17 +374,13 @@ XvQueryEncodings(
/* GET ENCODINGS */
if (rep.num_encodings == 0) {
- /* If there's no encodings, there's nothing more to do. */
+ /* If there are no encodings, there's nothing more to do. */
status = Success;
goto out;
}
- if (size < (rep.num_encodings * sz_xvEncodingInfo)) {
- /* If there's not enough data for the number of adaptors,
- then we have a problem. */
- status = XvBadReply;
- goto out;
- }
+ u.buffer = buffer;
+ end = buffer + size;
size = rep.num_encodings * sizeof(XvEncodingInfo);
if ((pes = Xmalloc(size)) == NULL) {
@@ -391,10 +397,12 @@ XvQueryEncodings(
pe++;
}
- u.buffer = buffer;
-
pe = pes;
for (jj = 0; jj < rep.num_encodings; jj++) {
+ if (u.buffer + sz_xvEncodingInfo > end) {
+ status = XvBadReply;
+ goto out;
+ }
pe->encoding_id = u.pe->encoding;
pe->width = u.pe->width;
pe->height = u.pe->height;
@@ -405,6 +413,10 @@ XvQueryEncodings(
size = u.pe->name_size;
u.buffer += pad_to_int32(sz_xvEncodingInfo);
+ if (u.buffer + size > end) {
+ status = XvBadReply;
+ goto out;
+ }
if ((name = Xmalloc(size + 1)) == NULL) {
status = XvBadAlloc;
goto out;
--
2.10.1

View File

@ -0,0 +1,42 @@
Fix CVE-2016-7953:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7953
Patch copied from upstream source repository:
https://cgit.freedesktop.org/xorg/lib/libXvMC/commit/?id=2cd95e7da8367cccdcdd5c9b160012d1dec5cbdb
From 2cd95e7da8367cccdcdd5c9b160012d1dec5cbdb Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun, 25 Sep 2016 22:34:27 +0200
Subject: [PATCH] Avoid buffer underflow on empty strings.
If an empty string is received from an x-server, do not underrun the
buffer by accessing "rep.nameLen - 1" unconditionally, which could end
up being -1.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
---
src/XvMC.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/XvMC.c b/src/XvMC.c
index 7336760..3ee4212 100644
--- a/src/XvMC.c
+++ b/src/XvMC.c
@@ -576,9 +576,9 @@ Status XvMCGetDRInfo(Display *dpy, XvPortID port,
if (*name && *busID && tmpBuf) {
_XRead(dpy, tmpBuf, realSize);
strncpy(*name,tmpBuf,rep.nameLen);
- (*name)[rep.nameLen - 1] = '\0';
+ (*name)[rep.nameLen == 0 ? 0 : rep.nameLen - 1] = '\0';
strncpy(*busID,tmpBuf+rep.nameLen,rep.busIDLen);
- (*busID)[rep.busIDLen - 1] = '\0';
+ (*busID)[rep.busIDLen == 0 ? 0 : rep.busIDLen - 1] = '\0';
XFree(tmpBuf);
} else {
XFree(*name);
--
2.10.1

View File

@ -0,0 +1,16 @@
Remove the reference to the compilation date so that the build is
reproducible.
diff --git a/src/metabat.cpp b/src/metabat.cpp
index 88e06de..c95cb1a 100644
--- a/src/metabat.cpp
+++ b/src/metabat.cpp
@@ -49,7 +49,7 @@ int main(int ac, char* av[]) {
po::notify(vm);
if (vm.count("help") || inFile.length() == 0 || outFile.length() == 0) {
- cerr << "\nMetaBAT: Metagenome Binning based on Abundance and Tetranucleotide frequency (version " << version << "; " << __DATE__ << " " << __TIME__ << ")" << endl;
+ cerr << "\nMetaBAT: Metagenome Binning based on Abundance and Tetranucleotide frequency (version " << version << "; unknown compilation date)" << endl;
cerr << "by Don Kang (ddkang@lbl.gov), Jeff Froula, Rob Egan, and Zhong Wang (zhongwang@lbl.gov) \n" << endl;
cerr << desc << endl << endl;

View File

@ -1,23 +0,0 @@
commit 00bdccd429517f12dbf37ab4397ddec3e51a2738
Author: Mats Erik Andersson <gnu@gisladisker.se>
Date: Mon Jan 20 13:33:52 2014 +0200
Protect against CVE-2013-6889 (tiny change).
Reset the effective user identification in testing mode.
diff --git a/src/rush.c b/src/rush.c
index 45d737a..dc6518e 100644
--- a/src/rush.c
+++ b/src/rush.c
@@ -980,6 +980,10 @@ main(int argc, char **argv)
} else if (argc > optind)
die(usage_error, NULL, _("invalid command line"));
+ /* Relinquish root privileges in test mode */
+ if (lint_option)
+ setuid(getuid());
+
if (test_user_name) {
struct passwd *pw = getpwnam(test_user_name);
if (!pw)

View File

@ -8807,11 +8807,9 @@ library.")
(base32
"17zajiw4mjbkkv6ahp3xf025qglkj0805m9s41c45zryzj6p2h39"))))
(build-system python-build-system)
(arguments
`(#:phases
(modify-phases %standard-phases
(replace 'check
(lambda _ (zero? (system* "python" "./test_pathlib.py")))))))
;; The tests depend on the internal "test" module, which does not provide
;; a stable interface.
(arguments `(#:tests? #f))
(home-page "https://pathlib.readthedocs.org/")
(synopsis "Object-oriented file system paths")
(description "Pathlib offers a set of classes to handle file system paths.

View File

@ -2608,7 +2608,7 @@ multibyte strings, internationalization, time zones, and testing.")
(ice-9 rdelim))
#:phases
(modify-phases %standard-phases
(add-before 'build 'build-gemspec
(add-after 'unpack 'build-gemspec
(lambda _
(substitute* "Rakefile"
;; Build Makefile even without a copy of gumbo-parser sources

View File

@ -26,18 +26,14 @@
(define-public rush
(package
(name "rush")
(version "1.7")
(version "1.8")
(source (origin
(method url-fetch)
(uri (string-append
"mirror://gnu/rush/rush-"
version
".tar.gz"))
(uri (string-append "mirror://gnu/rush/rush-"
version ".tar.gz"))
(sha256
(base32
"0fh0gbbp0iiq3wbkf503xb40r8ljk42vyj9bnlflbz82d6ipy1rm"))
(patches (search-patches "cpio-gets-undeclared.patch"
"rush-CVE-2013-6889.patch"))))
"1vxdb81ify4xcyygh86250pi50krb16dkj42i5ii4ns3araiwckz"))))
(build-system gnu-build-system)
(home-page "http://www.gnu.org/software/rush/")
(synopsis "Restricted user (login) shell")

View File

@ -22,6 +22,7 @@
(define-module (gnu packages shells)
#:use-module (gnu packages)
#:use-module (gnu packages algebra)
#:use-module (gnu packages autotools)
#:use-module (gnu packages base)
#:use-module (gnu packages documentation)
@ -95,11 +96,23 @@ direct descendant of NetBSD's Almquist Shell (@command{ash}).")
(native-inputs
`(("doxygen" ,doxygen)))
(inputs
`(("ncurses" ,ncurses)
`(("bc" ,bc)
("ncurses" ,ncurses)
("pcre2" ,pcre2) ;don't use the bundled PCRE2
("python" ,python-wrapper))) ;for fish_config and manpage completions
(arguments
'(#:tests? #f ; no check target
#:configure-flags '("--sysconfdir=/etc")))
#:configure-flags '("--sysconfdir=/etc")
#:phases
(modify-phases %standard-phases
;; Replace 'bc' by its absolute file name in the store.
(add-after 'unpack 'patch-bc
(lambda* (#:key inputs outputs #:allow-other-keys)
(substitute* '("share/functions/math.fish"
"share/functions/seq.fish")
(("\\| bc")
(string-append "| " (assoc-ref %build-inputs "bc")
"/bin/bc"))))))))
(synopsis "The friendly interactive shell")
(description
"Fish (friendly interactive shell) is a shell focused on interactive use,

View File

@ -355,22 +355,22 @@ required structures.")
(home-page "http://www.openssl.org/")))
(define openssl-1.0.2j
(package (inherit openssl)
(source
(let ((name "openssl")
(version "1.0.2j"))
(origin
(method url-fetch)
(uri (list (string-append "ftp://ftp.openssl.org/source/"
name "-" version ".tar.gz")
(string-append "ftp://ftp.openssl.org/source/old/"
(string-trim-right version char-set:letter)
"/" name "-" version ".tar.gz")))
(sha256
(base32
"0cf4ar97ijfc7mg35zdgpad6x8ivkdx9qii6mz35khi1ps9g5bz7"))
(patches (search-patches "openssl-runpath.patch"
"openssl-c-rehash-in.patch")))))))
(package
(inherit openssl)
(name "openssl")
(version "1.0.2j")
(source (origin
(method url-fetch)
(uri (list (string-append "ftp://ftp.openssl.org/source/"
name "-" version ".tar.gz")
(string-append "ftp://ftp.openssl.org/source/old/"
(string-trim-right version char-set:letter)
"/" name "-" version ".tar.gz")))
(sha256
(base32
"0cf4ar97ijfc7mg35zdgpad6x8ivkdx9qii6mz35khi1ps9g5bz7"))
(patches (search-patches "openssl-runpath.patch"
"openssl-c-rehash-in.patch"))))))
(define-public openssl-next
(package

View File

@ -112,14 +112,14 @@ as well as the classic centralized workflow.")
(define-public git
(package
(name "git")
(version "2.10.0")
(version "2.10.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://kernel.org/software/scm/git/git-"
version ".tar.xz"))
(sha256
(base32
"1rr9zyafb6q3wixyjar6cc7z7vdh1dqa4b5irz3gz1df02n68cy7"))))
"1ijd1b6szvfw0dmqa3dz1m5g5hbkl9xkb86a9qcjrz0w0vwjvhx9"))))
(build-system gnu-build-system)
(native-inputs
`(("native-perl" ,perl)
@ -132,7 +132,7 @@ as well as the classic centralized workflow.")
version ".tar.xz"))
(sha256
(base32
"1y92v1bxk67ilsizqnjba6hqvrsy2zvmipyd9nnz865s21yrj5ry"))))))
"049n4ashc1i0rzg19zw1h4hf1qhv1vhpjr5c3jqdcljj4yp7mzw9"))))))
(inputs
`(("curl" ,curl)
("expat" ,expat)

View File

@ -253,7 +253,7 @@ H.264 (MPEG-4 AVC) video streams.")
(define-public libass
(package
(name "libass")
(version "0.13.2")
(version "0.13.4")
(source (origin
(method url-fetch)
(uri (string-append
@ -261,7 +261,7 @@ H.264 (MPEG-4 AVC) video streams.")
version "/libass-" version ".tar.xz"))
(sha256
(base32
"1kpsw4zw95v4cjvild9wpk73dzavn1khsm3bm32kcz6amnkd166n"))))
"1dlzkjybnpl2fkvyjq0qblb7qw12cs893bs7zj3rvf8ij342yjnq"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)

View File

@ -65,6 +65,7 @@
#:use-module (gnu packages icu4c)
#:use-module (gnu packages image)
#:use-module (gnu packages lua)
#:use-module (gnu packages ncurses)
#:use-module (gnu packages base)
#:use-module (gnu packages perl)
#:use-module (gnu packages python)
@ -254,7 +255,7 @@ data.")
(define-public json-c
(package
(name "json-c")
(version "0.12")
(version "0.12.1")
(source (origin
(method url-fetch)
(uri (string-append
@ -262,7 +263,7 @@ data.")
version ".tar.gz"))
(sha256
(base32
"0gwzic3ifg2d0w32ya3agpxh8i083cgvf7kmc51cnbgqnfr02300"))
"08qibrq29a5v7g23wi5icy6l4fbfw90h9ccps6vq0bcklx8n84ra"))
(modules '((guix build utils)))
(snippet
'(begin
@ -3737,3 +3738,35 @@ standalone and does not need inetd or ucspi-tcp. It does not need any
config files---you only have to specify the www root.")
(home-page "https://unix4lyfe.org/darkhttpd/")
(license l:isc)))
(define-public goaccess
(package
(name "goaccess")
(version "1.0.2")
(source (origin
(method url-fetch)
(uri (string-append "http://tar.goaccess.io/goaccess-"
version ".tar.gz"))
(sha256
(base32
"1w84y61f3ldg2f28q6qlyr1scn3mcx0bsbq3i5xi5w193wh3xa2q"))
(modules '((guix build utils)))
(snippet
'(substitute* "src/error.h"
(("__DATE__") "\"1970-01-01\"")
(("__TIME__") "\"00:00:00\"")))))
(build-system gnu-build-system)
(inputs
;; TODO: Add dependency on geoip-tools.
`(("glib" ,glib)
("ncurses" ,ncurses)))
(native-inputs
`(("pkg-config" ,pkg-config)))
(home-page "https://goaccess.io")
(synopsis "Analyze Web server logs in real time")
(description
"GoAccess is a real-time web log analyzer and interactive viewer that
runs in a terminal or through your browser. It provides fast and valuable
HTTP statistics for system administrators that require a visual server report
on the fly.")
(license l:x11)))

View File

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
@ -51,7 +51,22 @@
;; Provide the `result' field in `Tcl_Interp'.
;; See <https://bugs.gentoo.org/show_bug.cgi?id=452034>.
"CFLAGS=-DUSE_INTERP_RESULT")
;;
;; The 'DEFAULTPATH' string literal, which
;; contains the output path, only appears as
;; the operand of one 'strcpy' call. As a
;; consequence, GCC does not store the string
;; literal as is but instead introduces "gaps"
;; for alignment reasons presumably---like
;; "/gnu/sto?????re/8jp8b??????ky105…". This
;; makes this string invisible to the GC, which
;; in turns causes problems when running a
;; grafted WordNet because that grafted WordNet
;; keeps referring to the ungrafted variant,
;; which is not protected from GC. Thus,
;; disable use of '__builtin_strcpy' to avoid
;; that.
"CFLAGS=-DUSE_INTERP_RESULT -O2 -fno-builtin-strcpy")
#:phases
(modify-phases %standard-phases
(add-after 'install 'post-install

View File

@ -4602,6 +4602,7 @@ cannot be adequately worked around on the client side of the wire.")
(define-public libxrender
(package
(name "libxrender")
(replacement libxrender/fixed)
(version "0.9.9")
(source
(origin
@ -4626,10 +4627,19 @@ cannot be adequately worked around on the client side of the wire.")
(description "Library for the Render Extension to the X11 protocol.")
(license license:x11)))
(define libxrender/fixed
(package
(inherit libxrender)
(source (origin
(inherit (package-source libxrender))
(patches (search-patches
"libxrender-CVE-2016-7949.patch"
"libxrender-CVE-2016-7950.patch"))))))
(define-public libxtst
(package
(name "libxtst")
(replacement libxtst/fixed)
(version "1.2.2")
(source
(origin
@ -4665,10 +4675,18 @@ The RECORD extension supports the recording and reporting of all core X
protocol and arbitrary X extension protocol.")
(license license:x11)))
(define libxtst/fixed
(package
(inherit libxtst)
(source (origin
(inherit (package-source libxtst))
(patches (search-patches
"libxtst-CVE-2016-7951-CVE-2016-7952.patch"))))))
(define-public libxv
(package
(name "libxv")
(replacement libxv/fixed)
(version "1.0.10")
(source
(origin
@ -4694,6 +4712,13 @@ protocol and arbitrary X extension protocol.")
(description "Library for the X Video Extension to the X11 protocol.")
(license license:x11)))
(define libxv/fixed
(package
(inherit libxv)
(source (origin
(inherit (package-source libxv))
(patches (search-patches
"libxv-CVE-2016-5407.patch"))))))
(define-public mkfontdir
(package
@ -4823,6 +4848,7 @@ an X Window System display.")
(define-public libxfixes
(package
(name "libxfixes")
(replacement libxfixes/fixed)
(version "5.0.2")
(source
(origin
@ -4847,6 +4873,13 @@ an X Window System display.")
(description "Library for the XFixes Extension to the X11 protocol.")
(license license:x11)))
(define libxfixes/fixed
(package
(inherit libxfixes)
(source (origin
(inherit (package-source libxfixes))
(patches (search-patches
"libxfixes-CVE-2016-7944.patch"))))))
(define-public libxfont
(package
@ -4888,6 +4921,7 @@ new API's in libXft, or the legacy API's in libX11.")
(define-public libxi
(package
(name "libxi")
(replacement libxi/fixed)
(version "1.7.6")
(source
(origin
@ -4914,10 +4948,18 @@ new API's in libXft, or the legacy API's in libX11.")
(description "Library for the XInput Extension to the X11 protocol.")
(license license:x11)))
(define libxi/fixed
(package
(inherit libxi)
(source (origin
(inherit (package-source libxi))
(patches (search-patches
"libxi-CVE-2016-7945-CVE-2016-7946.patch"))))))
(define-public libxrandr
(package
(name "libxrandr")
(replacement libxrandr/fixed)
(version "1.5.0")
(source
(origin
@ -4945,10 +4987,18 @@ new API's in libXft, or the legacy API's in libX11.")
"Library for the Resize and Rotate Extension to the X11 protocol.")
(license license:x11)))
(define libxrandr/fixed
(package
(inherit libxrandr)
(source (origin
(inherit (package-source libxrandr))
(patches (search-patches
"libxrandr-CVE-2016-7947-CVE-2016-7948.patch"))))))
(define-public libxvmc
(package
(name "libxvmc")
(replacement libxvmc/fixed)
(version "1.0.9")
(source
(origin
@ -4974,6 +5024,13 @@ new API's in libXft, or the legacy API's in libX11.")
(description "Xorg XvMC library.")
(license license:x11)))
(define libxvmc/fixed
(package
(inherit libxvmc)
(source (origin
(inherit (package-source libxvmc))
(patches (search-patches
"libxvmc-CVE-2016-7953.patch"))))))
(define-public libxxf86vm
(package
@ -5195,6 +5252,7 @@ draggable titlebars and borders.")
(define-public libx11
(package
(name "libx11")
(replacement libx11/fixed)
(version "1.6.3")
(source
(origin
@ -5227,6 +5285,14 @@ draggable titlebars and borders.")
(description "Xorg Core X11 protocol client library.")
(license license:x11)))
(define libx11/fixed
(package
(inherit libx11)
(source (origin
(inherit (package-source libx11))
(patches (search-patches
"libx11-CVE-2016-7942.patch"
"libx11-CVE-2016-7943.patch"))))))
;; packages of height 5 in the propagated-inputs tree

View File

@ -150,8 +150,8 @@ TARGET (e.g., \"/dev/md0\"), using 'mdadm'."
(sleep 1)
(loop (+ 1 attempts))))
(zero? (system* (string-append #$mdadm "/sbin/mdadm")
"--assemble" #$target sources))))
(zero? (apply system* (string-append #$mdadm "/sbin/mdadm")
"--assemble" #$target sources))))
(define (close-raid-device sources target)
"Return a gexp that stops the RAID device TARGET."

View File

@ -20,7 +20,6 @@
(define-module (guix build graft)
#:use-module (guix build utils)
#:use-module (rnrs bytevectors)
#:use-module (rnrs io ports)
#:use-module (ice-9 vlist)
#:use-module (ice-9 match)
#:use-module (ice-9 threads)
@ -58,7 +57,9 @@
#:optional (store (%store-directory)))
"Read data from INPUT, replacing store references according to
REPLACEMENT-TABLE, and writing the result to OUTPUT. REPLACEMENT-TABLE is a
vhash that maps strings (original hashes) to bytevectors (replacement hashes).
vhash that maps strings (original hashes) to bytevectors (replacement strings
comprising the replacement hash, a dash, and a string).
Note: We use string keys to work around the fact that guile-2.0 hashes all
bytevectors to the same value."
@ -130,16 +131,18 @@ bytevectors to the same value."
;; that have not yet been written.
(put-bytevector output buffer written
(- i hash-length written))
;; Now write the replacement hash.
;; Now write the replacement string.
(put-bytevector output replacement)
;; Since the byte at position 'i' is a dash,
;; which is not a nix-base32 char, the earliest
;; position where the next hash might start is
;; i+1, and the earliest position where the
;; following dash might start is (+ i 1
;; hash-length). Also, we have now written up to
;; position 'i' in the buffer.
(scan-from (+ i 1 hash-length) i)))
;; hash-length). Also, increase the write
;; position to account for REPLACEMENT.
(let ((len (bytevector-length replacement)))
(scan-from (+ i 1 len)
(+ i (- len hash-length))))))
;; If the byte at position 'i' is a nix-base32 char,
;; then the dash we're looking for might be as early as
;; the following byte, so we can only advance by 1.
@ -213,26 +216,32 @@ an exception is caught."
file name pairs."
(define hash-mapping
;; List of hash/replacement pairs, where the hash is a nix-base32 string
;; and the replacement is a string that includes the replacement's name,
;; like "r837zajjc1q8z9hph4b6860a9c05blyy-openssl-1.0.2j".
(let* ((prefix (string-append store "/"))
(start (string-length prefix))
(end (+ start hash-length)))
(define (valid-hash? h)
(every nix-base32-char? (string->list h)))
(define (valid-suffix? s)
(string-prefix? "-" s))
(define (hash+suffix s)
(define (hash+rest s)
(and (< end (string-length s))
(let ((hash (substring s start end))
(suffix (substring s end)))
(let ((hash (substring s start end))
(all (substring s start)))
(and (string-prefix? prefix s)
(valid-hash? hash)
(valid-suffix? suffix)
(list hash suffix)))))
(valid-hash? hash)
(eqv? #\- (string-ref s end))
(list hash all)))))
(map (match-lambda
(((= hash+suffix (origin-hash suffix))
(((= hash+rest (origin-hash origin-string))
.
(= hash+suffix (replacement-hash suffix)))
(cons origin-hash (string->utf8 replacement-hash)))
(= hash+rest (replacement-hash replacement-string)))
(unless (= (string-length origin-string)
(string-length replacement-string))
(error "replacement length differs from the original length"
origin-string replacement-string))
(cons origin-hash (string->utf8 replacement-string)))
((origin . replacement)
(error "invalid replacement" origin replacement)))
mapping)))

View File

@ -683,25 +683,25 @@ from ~s: ~a (~s)~%")
(define (check-vulnerabilities package)
"Check for known vulnerabilities for PACKAGE."
(match (package-vulnerabilities package)
(()
#t)
((vulnerabilities ...)
(let* ((package (or (package-replacement package) package))
(patches (filter-map patch-file-name
(or (and=> (package-source package)
origin-patches)
'())))
(unpatched (remove (lambda (vuln)
(find (cute string-contains
<> (vulnerability-id vuln))
patches))
vulnerabilities)))
(unless (null? unpatched)
(emit-warning package
(format #f (_ "probably vulnerable to ~a")
(string-join (map vulnerability-id unpatched)
", "))))))))
(let ((package (or (package-replacement package) package)))
(match (package-vulnerabilities package)
(()
#t)
((vulnerabilities ...)
(let* ((patches (filter-map patch-file-name
(or (and=> (package-source package)
origin-patches)
'())))
(unpatched (remove (lambda (vuln)
(find (cute string-contains
<> (vulnerability-id vuln))
patches))
vulnerabilities)))
(unless (null? unpatched)
(emit-warning package
(format #f (_ "probably vulnerable to ~a")
(string-join (map vulnerability-id unpatched)
", ")))))))))
;;;

View File

@ -80,6 +80,25 @@
(string=? (readlink (string-append grafted "/self"))
grafted))))))
(test-assert "graft-derivation, grafted item uses a different name"
(let* ((build `(begin
(mkdir %output)
(chdir %output)
(symlink %output "self")
(symlink ,%bash "sh")))
(orig (build-expression->derivation %store "grafted" build
#:inputs `(("a" ,%bash))))
(repl (add-text-to-store %store "BaSH" "fake bash"))
(grafted (graft-derivation %store orig
(list (graft
(origin %bash)
(replacement repl))))))
(and (build-derivations %store (list grafted))
(let ((grafted (derivation->output-path grafted)))
(and (string=? (readlink (string-append grafted "/sh")) repl)
(string=? (readlink (string-append grafted "/self"))
grafted))))))
;; Make sure 'derivation-file-name' always gets to see an absolute file name.
(fluid-set! %file-port-name-canonicalization 'absolute)

View File

@ -36,6 +36,7 @@
#:use-module (web server)
#:use-module (web server http)
#:use-module (web response)
#:use-module (ice-9 match)
#:use-module (ice-9 threads)
#:use-module (srfi srfi-9 gnu)
#:use-module (srfi srfi-64))
@ -613,6 +614,28 @@ string) on HTTP requests."
(patches
(list "/a/b/pi-CVE-2015-1234.patch"))))))))))
(test-assert "cve: vulnerability fixed in replacement version"
(mock ((guix scripts lint) package-vulnerabilities
(lambda (package)
(match (package-version package)
("0"
(list (make-struct (@@ (guix cve) <vulnerability>) 0
"CVE-2015-1234"
(list (cons (package-name package)
(package-version package))))))
("1"
'()))))
(and (not (string-null?
(with-warnings
(check-vulnerabilities
(dummy-package "foo" (version "0"))))))
(string-null?
(with-warnings
(check-vulnerabilities
(dummy-package
"foo" (version "0")
(replacement (dummy-package "foo" (version "1"))))))))))
(test-assert "cve: patched vulnerability in replacement"
(mock ((guix scripts lint) package-vulnerabilities
(lambda (package)