Wed Oct 10 23:09:36 UTC 201820181010230936

a/kernel-firmware-20181008_c6b6265-noarch-1.txz:  Upgraded.
a/kernel-generic-4.14.75-x86_64-1.txz:  Upgraded.
a/kernel-huge-4.14.75-x86_64-1.txz:  Upgraded.
a/kernel-modules-4.14.75-x86_64-1.txz:  Upgraded.
d/git-2.19.1-x86_64-1.txz:  Upgraded.
  Submodules' "URL"s come from the untrusted .gitmodules file, but we
  blindly gave it to "git clone" to clone submodules when "git clone
  --recurse-submodules" was used to clone a project that has such a
  submodule. The code has been hardened to reject such malformed URLs
  (e.g. one that begins with a dash). Credit for finding and fixing this
  vulnerability goes to joernchen and Jeff King, respectively.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17456
  (* Security fix *)
d/kernel-headers-4.14.75-x86-1.txz:  Upgraded.
d/make-4.2.1-x86_64-4.txz:  Rebuilt.
  Use a non-blocking read with pselect to avoid hangs.
  Thanks to Linux.tar.gz and David Spencer.
d/subversion-1.10.3-x86_64-1.txz:  Upgraded.
k/kernel-source-4.14.75-noarch-1.txz:  Upgraded.
  Config changes since 4.14.74:
  FB_HYPERV n -> m
  Thanks to walecha.
l/librsvg-2.44.7-x86_64-1.txz:  Upgraded.
l/python-pillow-5.3.0-x86_64-1.txz:  Upgraded.
n/nghttp2-1.34.0-x86_64-1.txz:  Upgraded.
x/libSM-1.2.3-x86_64-1.txz:  Upgraded.
x/libX11-1.6.7-x86_64-1.txz:  Upgraded.
x/libdrm-2.4.95-x86_64-1.txz:  Upgraded.
x/libxcb-1.13.1-x86_64-1.txz:  Upgraded.
x/vulkan-sdk-1.1.85.0-x86_64-1.txz:  Upgraded.
  Thanks to dugan.
xap/gnuplot-5.2.5-x86_64-1.txz:  Upgraded.
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
usb-and-pxe-installers/usbboot.img:  Rebuilt.

1 files changed, 170 insertions, 0 deletions

diff --git a/source/d/make/b552b05251980f693c729e251f93f5225b400714.patch b/source/d/make/b552b05251980f693c729e251f93f5225b400714.patch
new file mode 100644
index 000000000..6f44ae3f2
--- /dev/null
+++ b/source/d/make/b552b05251980f693c729e251f93f5225b400714.patch
@@ -0,0 +1,170 @@
+From b552b05251980f693c729e251f93f5225b400714 Mon Sep 17 00:00:00 2001
+From: Paul Smith <psmith@gnu.org>
+Date: Sat, 3 Jun 2017 16:20:51 -0400
+Subject: [SV 51159] Use a non-blocking read with pselect to avoid hangs.
+
+* posixos.c (set_blocking): Set blocking on a file descriptor.
+(jobserver_setup): Set non-blocking on the jobserver read side.
+(jobserver_parse_auth): Ditto.
+(jobserver_acquire_all): Set blocking to avoid a busy-wait loop.
+(jobserver_acquire): If the non-blocking read() returns without
+taking a token then try again.
+---
+ posixos.c | 97 ++++++++++++++++++++++++++++++++++++++++++++++-----------------
+ 1 file changed, 71 insertions(+), 26 deletions(-)
+
+diff --git a/posixos.c b/posixos.c
+index e642d7f..dbafa51 100644
+--- a/posixos.c
++++ b/posixos.c
+@@ -62,6 +62,24 @@ make_job_rfd (void)
+ #endif
+ }
+ 
++static void
++set_blocking (int fd, int blocking)
++{
++  // If we're not using pselect() don't change the blocking
++#ifdef HAVE_PSELECT
++  int flags;
++  EINTRLOOP (flags, fcntl (fd, F_GETFL));
++  if (flags >= 0)
++    {
++      int r;
++      flags = blocking ? (flags & ~O_NONBLOCK) : (flags | O_NONBLOCK);
++      EINTRLOOP (r, fcntl (fd, F_SETFL, flags));
++      if (r < 0)
++        pfatal_with_name ("fcntl(O_NONBLOCK)");
++    }
++#endif
++}
++
+ unsigned int
+ jobserver_setup (int slots)
+ {
+@@ -86,6 +104,9 @@ jobserver_setup (int slots)
+         pfatal_with_name (_("init jobserver pipe"));
+     }
+ 
++  /* When using pselect() we want the read to be non-blocking.  */
++  set_blocking (job_fds[0], 0);
++
+   return 1;
+ }
+ 
+@@ -121,6 +142,9 @@ jobserver_parse_auth (const char *auth)
+       return 0;
+     }
+ 
++  /* When using pselect() we want the read to be non-blocking.  */
++  set_blocking (job_fds[0], 0);
++
+   return 1;
+ }
+ 
+@@ -169,7 +193,10 @@ jobserver_acquire_all (void)
+ {
+   unsigned int tokens = 0;
+ 
+-  /* Close the write side, so the read() won't hang.  */
++  /* Use blocking reads to wait for all outstanding jobs.  */
++  set_blocking (job_fds[0], 1);
++
++  /* Close the write side, so the read() won't hang forever.  */
+   close (job_fds[1]);
+   job_fds[1] = -1;
+ 
+@@ -236,18 +263,12 @@ jobserver_pre_acquire (void)
+ unsigned int
+ jobserver_acquire (int timeout)
+ {
+-  sigset_t empty;
+-  fd_set readfds;
+   struct timespec spec;
+   struct timespec *specp = NULL;
+-  int r;
+-  char intake;
++  sigset_t empty;
+ 
+   sigemptyset (&empty);
+ 
+-  FD_ZERO (&readfds);
+-  FD_SET (job_fds[0], &readfds);
+-
+   if (timeout)
+     {
+       /* Alarm after one second (is this too granular?)  */
+@@ -256,28 +277,52 @@ jobserver_acquire (int timeout)
+       specp = &spec;
+     }
+ 
+-  r = pselect (job_fds[0]+1, &readfds, NULL, NULL, specp, &empty);
+-
+-  if (r == -1)
++  while (1)
+     {
+-      /* Better be SIGCHLD.  */
+-      if (errno != EINTR)
+-        pfatal_with_name (_("pselect jobs pipe"));
+-      return 0;
+-    }
++      fd_set readfds;
++      int r;
++      char intake;
+ 
+-  if (r == 0)
+-    /* Timeout.  */
+-    return 0;
++      FD_ZERO (&readfds);
++      FD_SET (job_fds[0], &readfds);
+ 
+-  /* The read FD is ready: read it!  */
+-  EINTRLOOP (r, read (job_fds[0], &intake, 1));
+-  if (r < 0)
+-    pfatal_with_name (_("read jobs pipe"));
++      r = pselect (job_fds[0]+1, &readfds, NULL, NULL, specp, &empty);
++      if (r < 0)
++        switch (errno)
++          {
++          case EINTR:
++            /* SIGCHLD will show up as an EINTR.  */
++            return 0;
++
++          case EBADF:
++            /* Someone closed the jobs pipe.
++               That shouldn't happen but if it does we're done.  */
++              O (fatal, NILF, _("job server shut down"));
+ 
+-  /* What does it mean if read() returns 0?  It shouldn't happen because only
+-     the master make can reap all the tokens and close the write side...??  */
+-  return r > 0;
++          default:
++            pfatal_with_name (_("pselect jobs pipe"));
++          }
++
++      if (r == 0)
++        /* Timeout.  */
++        return 0;
++
++      /* The read FD is ready: read it!  This is non-blocking.  */
++      EINTRLOOP (r, read (job_fds[0], &intake, 1));
++
++      if (r < 0)
++        {
++          /* Someone sniped our token!  Try again.  */
++          if (errno == EAGAIN)
++            continue;
++
++          pfatal_with_name (_("read jobs pipe"));
++        }
++
++      /* read() should never return 0: only the master make can reap all the
++         tokens and close the write side...??  */
++      return r > 0;
++    }
+ }
+ 
+ #else
+-- 
+cgit v1.0-41-gc330
+