aboutsummaryrefslogtreecommitdiff
path: root/gnu
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2017-12-21 13:58:35 -0500
committerLeo Famulari <leo@famulari.name>2017-12-21 13:58:35 -0500
commitf76fc968669721e3baa6a0662da8e9e9f5da66cf (patch)
treeae58b84d89f144fbec974b7e75b24574f99b2e33 /gnu
parent24ee3b28c6def91e4e41dd46441a029ab01b6d00 (diff)
parent5dc0e0b055ce2ab12c40066cee34511cd7a5cf03 (diff)
downloadgnu-guix-f76fc968669721e3baa6a0662da8e9e9f5da66cf.tar
gnu-guix-f76fc968669721e3baa6a0662da8e9e9f5da66cf.tar.gz
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu')
-rw-r--r--gnu/local.mk10
-rw-r--r--gnu/packages/avr.scm2
-rw-r--r--gnu/packages/backup.scm3
-rw-r--r--gnu/packages/bioinformatics.scm37
-rw-r--r--gnu/packages/compression.scm12
-rw-r--r--gnu/packages/cran.scm80
-rw-r--r--gnu/packages/games.scm48
-rw-r--r--gnu/packages/gimp.scm4
-rw-r--r--gnu/packages/gnupg.scm31
-rw-r--r--gnu/packages/imagemagick.scm4
-rw-r--r--gnu/packages/irc.scm44
-rw-r--r--gnu/packages/linux.scm36
-rw-r--r--gnu/packages/mail.scm4
-rw-r--r--gnu/packages/maths.scm4
-rw-r--r--gnu/packages/messaging.scm14
-rw-r--r--gnu/packages/mpd.scm4
-rw-r--r--gnu/packages/package-management.scm4
-rw-r--r--gnu/packages/password-utils.scm4
-rw-r--r--gnu/packages/patches/libarchive-CVE-2017-14502.patch40
-rw-r--r--gnu/packages/patches/libexif-CVE-2017-7544.patch29
-rw-r--r--gnu/packages/patches/links-CVE-2017-11114.patch99
-rw-r--r--gnu/packages/patches/mupdf-CVE-2017-14685.patch34
-rw-r--r--gnu/packages/patches/mupdf-CVE-2017-14686.patch34
-rw-r--r--gnu/packages/patches/mupdf-CVE-2017-14687.patch130
-rw-r--r--gnu/packages/patches/mupdf-CVE-2017-15587.patch25
-rw-r--r--gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch (renamed from gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch)8
-rw-r--r--gnu/packages/patches/xboing-CVE-2004-0149.patch134
-rw-r--r--gnu/packages/pdf.scm13
-rw-r--r--gnu/packages/perl-check.scm24
-rw-r--r--gnu/packages/photo.scm2
-rw-r--r--gnu/packages/python.scm27
-rw-r--r--gnu/packages/security-token.scm1
-rw-r--r--gnu/packages/statistics.scm65
-rw-r--r--gnu/packages/textutils.scm9
-rw-r--r--gnu/packages/tls.scm4
-rw-r--r--gnu/packages/web-browsers.scm1
-rw-r--r--gnu/packages/web.scm14
-rw-r--r--gnu/packages/webkit.scm4
-rw-r--r--gnu/packages/xfce.scm5
-rw-r--r--gnu/packages/xml.scm9
-rw-r--r--gnu/services/base.scm18
-rw-r--r--gnu/tests/web.scm2
42 files changed, 706 insertions, 370 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 84d6df771f..fbc5f52c9c 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -782,6 +782,7 @@ dist_patch_DATA = \
%D%/packages/patches/liba52-set-soname.patch \
%D%/packages/patches/liba52-use-mtune-not-mcpu.patch \
%D%/packages/patches/libarchive-CVE-2017-14166.patch \
+ %D%/packages/patches/libarchive-CVE-2017-14502.patch \
%D%/packages/patches/libbase-fix-includes.patch \
%D%/packages/patches/libbase-use-own-logging.patch \
%D%/packages/patches/libbonobo-activation-test-race.patch \
@@ -796,6 +797,7 @@ dist_patch_DATA = \
%D%/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch \
%D%/packages/patches/libevent-2.1-dns-tests.patch \
%D%/packages/patches/libevent-2.1-skip-failing-test.patch \
+ %D%/packages/patches/libexif-CVE-2017-7544.patch \
%D%/packages/patches/libgit2-0.25.1-mtime-0.patch \
%D%/packages/patches/libgdata-fix-tests.patch \
%D%/packages/patches/libgdata-glib-duplicate-tests.patch \
@@ -832,6 +834,7 @@ dist_patch_DATA = \
%D%/packages/patches/lierolibre-newer-libconfig.patch \
%D%/packages/patches/lierolibre-remove-arch-warning.patch \
%D%/packages/patches/lierolibre-try-building-other-arch.patch \
+ %D%/packages/patches/links-CVE-2017-11114.patch \
%D%/packages/patches/linux-pam-no-setfsuid.patch \
%D%/packages/patches/lirc-localstatedir.patch \
%D%/packages/patches/llvm-3.5-fix-clang-build-with-gcc5.patch \
@@ -873,11 +876,7 @@ dist_patch_DATA = \
%D%/packages/patches/mozjs38-tracelogger.patch \
%D%/packages/patches/mozjs38-version-detection.patch \
%D%/packages/patches/mumps-build-parallelism.patch \
- %D%/packages/patches/mupdf-build-with-openjpeg-2.1.patch \
- %D%/packages/patches/mupdf-CVE-2017-14685.patch \
- %D%/packages/patches/mupdf-CVE-2017-14686.patch \
- %D%/packages/patches/mupdf-CVE-2017-14687.patch \
- %D%/packages/patches/mupdf-CVE-2017-15587.patch \
+ %D%/packages/patches/mupdf-build-with-latest-openjpeg.patch \
%D%/packages/patches/mupen64plus-ui-console-notice.patch \
%D%/packages/patches/mutt-store-references.patch \
%D%/packages/patches/net-tools-bitrot.patch \
@@ -1119,6 +1118,7 @@ dist_patch_DATA = \
%D%/packages/patches/wpa-supplicant-fix-zeroed-keys.patch \
%D%/packages/patches/wpa-supplicant-fix-nonce-reuse.patch \
%D%/packages/patches/wpa-supplicant-krack-followups.patch \
+ %D%/packages/patches/xboing-CVE-2004-0149.patch \
%D%/packages/patches/xcb-proto-python3-print.patch \
%D%/packages/patches/xcb-proto-python3-whitespace.patch \
%D%/packages/patches/xdotool-fix-makefile.patch \
diff --git a/gnu/packages/avr.scm b/gnu/packages/avr.scm
index ecb7cd19a8..e9e93cbb9a 100644
--- a/gnu/packages/avr.scm
+++ b/gnu/packages/avr.scm
@@ -158,7 +158,7 @@ C++.")
(native-inputs
`(("unzip" ,unzip)
("xxd" ,xxd)))
- (home-page "http://microscheme.org/")
+ (home-page "https://github.com/ryansuchocki/microscheme/")
(synopsis "Scheme subset for Atmel microcontrollers")
(description
"Microscheme, or @code{(ms)} for short, is a functional programming
diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index 28d618381f..db1af031fb 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -195,7 +195,8 @@ backups (called chunks) to allow easy burning to CD/DVD.")
(method url-fetch)
(uri (string-append "http://libarchive.org/downloads/libarchive-"
version ".tar.gz"))
- (patches (search-patches "libarchive-CVE-2017-14166.patch"))
+ (patches (search-patches "libarchive-CVE-2017-14166.patch"
+ "libarchive-CVE-2017-14502.patch"))
(sha256
(base32
"1km0mzfl6in7l5vz9kl09a88ajx562rw93ng9h2jqavrailvsbgd"))))
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index 479404b4a2..f956aef5af 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -5857,14 +5857,14 @@ information as possible.")
(define-public r-vegan
(package
(name "r-vegan")
- (version "2.4-4")
+ (version "2.4-5")
(source
(origin
(method url-fetch)
(uri (cran-uri "vegan" version))
(sha256
(base32
- "1n57dzv2aid6iqd9fkqik401sidqanhzsawyak94qbiyh6dbd1x9"))))
+ "0cyyvn3xsjn24w590jn6z4xajafv7yzvj6c51vqi9q6m8v5831ya"))))
(build-system r-build-system)
(native-inputs
`(("gfortran" ,gfortran)))
@@ -6025,14 +6025,14 @@ distribution.")
(define-public r-dexseq
(package
(name "r-dexseq")
- (version "1.24.1")
+ (version "1.24.2")
(source
(origin
(method url-fetch)
(uri (bioconductor-uri "DEXSeq" version))
(sha256
(base32
- "1hwckj4ijgpdchbakvh60nmcaz4fwd5yplhn0880z3dnlsrp8ik3"))))
+ "18nh8ynxirfwkmc4sawdxgl7w1sl9ny5zpv8zbhv9vi5vgb8pxmj"))))
(properties `((upstream-name . "DEXSeq")))
(build-system r-build-system)
(propagated-inputs
@@ -6703,13 +6703,13 @@ authoring books and technical documents with R Markdown.")
(define-public r-biocstyle
(package
(name "r-biocstyle")
- (version "2.6.0")
+ (version "2.6.1")
(source (origin
(method url-fetch)
(uri (bioconductor-uri "BiocStyle" version))
(sha256
(base32
- "05f2j9fx8s5gh4f8qkl6wcz32ghz04wxhqb3xxcn1bj24qd7x1x8"))))
+ "03pp04pkcq99kdv2spzr995h2cxsza7l6w3d4gp4112m06prcybm"))))
(properties
`((upstream-name . "BiocStyle")))
(build-system r-build-system)
@@ -6973,13 +6973,13 @@ names in their natural, rather than lexicographic, order.")
(define-public r-edger
(package
(name "r-edger")
- (version "3.20.1")
+ (version "3.20.2")
(source (origin
(method url-fetch)
(uri (bioconductor-uri "edgeR" version))
(sha256
(base32
- "01qnxwr9rmz8r5ga3hvjk632365ga2aygx71mxkk7jiad2pjznsp"))))
+ "0j5s3i33qmld9l7gs1rzpv601zxyqz711x8mq35hml088c8s99w9"))))
(properties `((upstream-name . "edgeR")))
(build-system r-build-system)
(propagated-inputs
@@ -7039,13 +7039,13 @@ coding changes and predict coding outcomes.")
(define-public r-limma
(package
(name "r-limma")
- (version "3.34.2")
+ (version "3.34.4")
(source (origin
(method url-fetch)
(uri (bioconductor-uri "limma" version))
(sha256
(base32
- "1zyw01z9crm1jc86fva4pqxd9zxfsbsqwjq6ry39gag9pfb7pwcz"))))
+ "1vcxf9jg8xngxg5kb9bp8rw5sghpnkpj320iq309m2fp41ahsk3f"))))
(build-system r-build-system)
(home-page "http://bioinf.wehi.edu.au/limma")
(synopsis "Package for linear models for microarray and RNA-seq data")
@@ -7172,18 +7172,19 @@ annotation data packages using SQLite data storage.")
(define-public r-biomart
(package
(name "r-biomart")
- (version "2.34.0")
+ (version "2.34.1")
(source (origin
(method url-fetch)
(uri (bioconductor-uri "biomaRt" version))
(sha256
(base32
- "1dn3ysf0vb3mmg2b3380g0j1ajf88x4rh7fddfp990h2xlnsy2cx"))))
+ "0jzv8b86vpvavwnzi5xf7y18xmn72zkabkn2kclg1mgl847cq13k"))))
(properties
`((upstream-name . "biomaRt")))
(build-system r-build-system)
(propagated-inputs
`(("r-annotationdbi" ,r-annotationdbi)
+ ("r-httr" ,r-httr)
("r-progress" ,r-progress)
("r-rcurl" ,r-rcurl)
("r-stringr" ,r-stringr)
@@ -7393,13 +7394,13 @@ alignments.")
(define-public r-rtracklayer
(package
(name "r-rtracklayer")
- (version "1.38.0")
+ (version "1.38.2")
(source (origin
(method url-fetch)
(uri (bioconductor-uri "rtracklayer" version))
(sha256
(base32
- "12al1ygzy9p4myxa1fd817m28x2fj6f863znk9bw3hp7knbi98dh"))))
+ "1sjn3976f1sqvrq6jq2hgc60ffxgfr3jlklaxfrk3xad5cv2kr2d"))))
(build-system r-build-system)
(arguments
`(#:phases
@@ -10168,14 +10169,14 @@ defining LD blocks.")
(define-public r-gqtlstats
(package
(name "r-gqtlstats")
- (version "1.10.0")
+ (version "1.10.1")
(source
(origin
(method url-fetch)
(uri (bioconductor-uri "gQTLstats" version))
(sha256
(base32
- "1cbdqawxzgna8rrgj3siph5sw4d2pb57qc0gn6ibfkhyk45f8gdv"))))
+ "0gvq1sf2zjbkk431x40z6wql3c1rpclnnwa2f1hvykb8mmw70kmq"))))
(properties `((upstream-name . "gQTLstats")))
(build-system r-build-system)
(propagated-inputs
@@ -10222,14 +10223,14 @@ family of feature/genome hypotheses.")
(define-public r-gviz
(package
(name "r-gviz")
- (version "1.22.0")
+ (version "1.22.2")
(source
(origin
(method url-fetch)
(uri (bioconductor-uri "Gviz" version))
(sha256
(base32
- "1lrw65a8426wpxw975wjcaiacpp6fqa00nif1yxigyankbfs23c8"))))
+ "173n99mc95sij2vb8n3xd016x7mxhjs961q3l29xkg1lrnnm2sva"))))
(properties `((upstream-name . "Gviz")))
(build-system r-build-system)
(propagated-inputs
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index fc3aea31fe..37a934b5a2 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -1602,7 +1602,7 @@ or junctions, and always follows hard links.")
(define-public zstd
(package
(name "zstd")
- (version "1.3.2")
+ (version "1.3.3")
(source (origin
(method url-fetch)
(uri (string-append "https://github.com/facebook/zstd/archive/v"
@@ -1610,7 +1610,7 @@ or junctions, and always follows hard links.")
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
- "12krs9k5f408kyn0d7dwxqyc67177mgd14783ay10rafqsim8l5c"))))
+ "0yr91gwi380632w9y7p6idl72svq0mq0jajvdii05pp77qalfz57"))))
(build-system gnu-build-system)
(arguments
`(#:phases
@@ -1618,7 +1618,13 @@ or junctions, and always follows hard links.")
(delete 'configure)) ; no configure script
#:make-flags
(list "CC=gcc"
- (string-append "PREFIX=" (assoc-ref %outputs "out")))
+ (string-append "PREFIX=" (assoc-ref %outputs "out"))
+ ;; Skip auto-detection of, and creating a dependency on, the build
+ ;; environment's ‘xz’ for what amounts to a dubious feature anyway.
+ "HAVE_LZMA=0"
+ ;; Not currently detected, but be explicit & avoid surprises later.
+ "HAVE_LZ4=0"
+ "HAVE_ZLIB=0")
#:test-target "test"))
(home-page "http://zstd.net/")
(synopsis "Zstandard real-time compression algorithm")
diff --git a/gnu/packages/cran.scm b/gnu/packages/cran.scm
index e7c9c6588a..9b80b68984 100644
--- a/gnu/packages/cran.scm
+++ b/gnu/packages/cran.scm
@@ -541,14 +541,14 @@ plot networks.")
(define-public r-proxy
(package
(name "r-proxy")
- (version "0.4-19")
+ (version "0.4-20")
(source
(origin
(method url-fetch)
(uri (cran-uri "proxy" version))
(sha256
(base32
- "0ladwgi70jw2a3adgg2xadw8hz3mm6llsw428c1fcrl305sy49vb"))))
+ "15g6dacdmlbkcnimblscghl23aj732cn6qwbs583r4im9v5nvbla"))))
(build-system r-build-system)
(home-page "http://cran.r-project.org/web/packages/proxy")
(synopsis "Distance and similarity measures")
@@ -1444,22 +1444,66 @@ imputations.")
;; Any of these two versions.
(license (list license:gpl2 license:gpl3))))
+(define-public r-truncnorm
+ (package
+ (name "r-truncnorm")
+ (version "1.0-7")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (cran-uri "truncnorm" version))
+ (sha256
+ (base32
+ "1qac05z50618y4bw1d7yznsli1bv82s0g8h37iacrjrdkv87bmy7"))))
+ (build-system r-build-system)
+ (home-page "http://cran.r-project.org/web/packages/truncnorm/")
+ (synopsis "Truncated normal distribution")
+ (description "This package provides functions for the truncated normal
+distribution with mean equal to @code{mean} and standard deviation equal to
+@code{sd}. It includes density, distribution, quantile, and expected value
+functions, as well as a random generation function.")
+ (license license:gpl2)))
+
+(define-public r-rsolnp
+ (package
+ (name "r-rsolnp")
+ (version "1.16")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (cran-uri "Rsolnp" version))
+ (sha256
+ (base32
+ "0w7nkj6igr0gi7r7jg950lsx7dj6aipgxi6vbjsf5f5yc9h7fhii"))))
+ (properties `((upstream-name . "Rsolnp")))
+ (build-system r-build-system)
+ (propagated-inputs
+ `(("r-truncnorm" ,r-truncnorm)))
+ (home-page "http://cran.r-project.org/web/packages/Rsolnp/")
+ (synopsis "General non-linear optimization")
+ (description "The Rsolnp package implements a general non-linear augmented
+Lagrange multiplier method solver, a @dfn{sequential quadratic
+programming} (SQP) based solver).")
+ ;; Any version of the GPL.
+ (license license:gpl2+)))
+
(define-public r-hardyweinberg
(package
(name "r-hardyweinberg")
- (version "1.5.8")
+ (version "1.5.9")
(source
(origin
(method url-fetch)
(uri (cran-uri "HardyWeinberg" version))
(sha256
(base32
- "0xbcchmzii0jv0ygr91n72r39j1axraxd2i607b56v4yd5d8sy4k"))))
+ "0qk3lly5qczn61rj0q9xzscppspvk238yjgr4p71pkzkjhiv40jz"))))
(properties `((upstream-name . "HardyWeinberg")))
(build-system r-build-system)
(propagated-inputs
`(("r-mice" ,r-mice)
- ("r-rcpp" ,r-rcpp)))
+ ("r-rcpp" ,r-rcpp)
+ ("r-rsolnp" ,r-rsolnp)))
(home-page "https://cran.r-project.org/package=HardyWeinberg")
(synopsis "Statistical tests and graphics for Hardy-Weinberg equilibrium")
(description
@@ -1620,14 +1664,14 @@ modeling for empirical income distributions.")
(define-public r-vcd
(package
(name "r-vcd")
- (version "1.4-3")
+ (version "1.4-4")
(source
(origin
(method url-fetch)
(uri (cran-uri "vcd" version))
(sha256
(base32
- "05azric2w8mrsdk7y0484cjygcgcmbp96q2v500wvn91fj98kkhp"))))
+ "1lp99h0wvsc61l1dgcqjxdrcgpgw88ak430cdsv43kmm43qssqd5"))))
(build-system r-build-system)
(propagated-inputs
`(("r-colorspace" ,r-colorspace)
@@ -1773,3 +1817,25 @@ plots in @code{ggplot2}.")
distributions over time or space. This package enables the creation of such
plots in @code{ggplot2}.")
(license license:gpl2)))
+
+(define-public r-cli
+ (package
+ (name "r-cli")
+ (version "1.0.0")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (cran-uri "cli" version))
+ (sha256
+ (base32
+ "07as3dr7vwx02p3qgzlmxz1dlrd3x3lysrzp222ip9jcjpydp8wg"))))
+ (build-system r-build-system)
+ (propagated-inputs
+ `(("r-assertthat" ,r-assertthat)
+ ("r-crayon" ,r-crayon)))
+ (home-page "https://github.com/r-lib/cli#readme")
+ (synopsis "Helpers for developing command line interfaces")
+ (description "This package provides a suite of tools designed to build
+attractive command line interfaces (CLIs). It includes tools for drawing
+rules, boxes, trees, and Unicode symbols with ASCII alternatives.")
+ (license license:expat)))
diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm
index df9eed72e8..fb129d4393 100644
--- a/gnu/packages/games.scm
+++ b/gnu/packages/games.scm
@@ -1072,7 +1072,8 @@ Portable Game Notation.")
(uri (string-append "http://www.techrescue.org/xboing/xboing"
version ".tar.gz"))
(sha256
- (base32 "16m2si8wmshxpifk861vhpqviqxgcg8bxj6wfw8hpnm4r2w9q0b7"))))
+ (base32 "16m2si8wmshxpifk861vhpqviqxgcg8bxj6wfw8hpnm4r2w9q0b7"))
+ (patches (search-patches "xboing-CVE-2004-0149.patch"))))
(arguments
`(#:tests? #f
#:phases
@@ -2515,6 +2516,7 @@ emulation community. It provides highly accurate emulation.")
(uri (git-reference
(url "https://github.com/Aloshi/EmulationStation.git")
(commit commit))) ; no version tag
+ (file-name (string-append name "-" version "-checkout"))
(sha256
(base32
"0cm0sq2wri2l9cvab1l0g02za59q7klj0h3p028vr96n6njj4w9v"))))
@@ -5136,3 +5138,47 @@ abilities and powers. With a modern graphical and customisable interface,
intuitive mouse control, streamlined mechanics and deep, challenging combat,
Tales of Maj’Eyal offers engaging roguelike gameplay for the 21st century.")
(license license:gpl3+)))
+
+(define-public quakespasm
+ (package
+ (name "quakespasm")
+ (version "0.93.0")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "mirror://sourceforge/quakespasm/Source/quakespasm-"
+ version ".tgz"))
+ (sha256
+ (base32
+ "0b2nz7w4za32pc34r62ql270z692qcjs2pm0i3svkxkvfammhdfq"))))
+ (arguments
+ `(#:tests? #f
+ #:make-flags '("CC=gcc"
+ "MP3LIB=mpg123"
+ "USE_CODEC_FLAC=1"
+ "USE_CODEC_MIKMOD=1"
+ "USE_SDL2=1"
+ "-CQuake")
+ #:phases (modify-phases %standard-phases
+ (delete 'configure)
+ (add-after 'unpack 'fix-makefile-paths
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out")))
+ (mkdir-p (string-append out "/bin"))
+ (substitute* "Quake/Makefile"
+ (("/usr/local/games")
+ (string-append out "/bin")))
+ #t))))))
+ (build-system gnu-build-system)
+ (inputs `(("libmikmod" ,libmikmod)
+ ("libvorbis" ,libvorbis)
+ ("flac" ,flac)
+ ("mesa" ,mesa)
+ ("mpg123" ,mpg123)
+ ("sdl2" ,sdl2)))
+ (synopsis "First person shooter engine for Quake 1")
+ (description "Quakespasm is a modern engine for id software's Quake 1.
+It includes support for 64 bit CPUs, custom music playback, a new sound driver,
+some graphical niceities, and numerous bug-fixes and other improvements.")
+ (home-page "http://quakespasm.sourceforge.net/")
+ (license license:gpl2+)))
diff --git a/gnu/packages/gimp.scm b/gnu/packages/gimp.scm
index c820818687..b0797453fa 100644
--- a/gnu/packages/gimp.scm
+++ b/gnu/packages/gimp.scm
@@ -43,7 +43,7 @@
(define-public babl
(package
(name "babl")
- (version "0.1.30")
+ (version "0.1.38")
(source (origin
(method url-fetch)
(uri (list (string-append "https://download.gimp.org/pub/babl/"
@@ -54,7 +54,7 @@
version ".tar.bz2")))
(sha256
(base32
- "1k2k3phh9ybma2snw6hm8inx2dw1jq6cf7w2aqvi4rfr0rxjrha5"))))
+ "11pfbyzq20596p9sgwraxspg3djg1jzz6wvz4bapf0yyr97jiyd0"))))
(build-system gnu-build-system)
(home-page "http://gegl.org/babl/")
(synopsis "Image pixel format conversion library")
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index c8d494c401..bb01aac978 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -127,7 +127,7 @@ generation.")
(define-public libassuan
(package
(name "libassuan")
- (version "2.4.4")
+ (version "2.5.1")
(source
(origin
(method url-fetch)
@@ -135,10 +135,11 @@ generation.")
version ".tar.bz2"))
(sha256
(base32
- "18bwffjkx9pn0lawbsn6zhd90i7xhjgpf9b0nl5xw9134w1a2scy"))))
+ "0jb4nb4nrjr949gd3lw8lh4v5d6qigxaq6xwy24w5apjnhvnrya7"))))
(build-system gnu-build-system)
(propagated-inputs
- `(("libgpg-error" ,libgpg-error) ("pth" ,pth)))
+ `(("libgpg-error" ,libgpg-error)
+ ("pth" ,pth)))
(home-page "https://gnupg.org")
(synopsis
"IPC library used by GnuPG and related software")
@@ -212,14 +213,14 @@ compatible to GNU Pth.")
(define-public gnupg
(package
(name "gnupg")
- (version "2.2.3")
+ (version "2.2.4")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnupg/gnupg/gnupg-" version
".tar.bz2"))
(sha256
(base32
- "1d4482c4pbi0p1k8cc0f9c4q51k56v8navrbz5samxrrs42p3lyb"))))
+ "1v7j8v2ww1knknbrhw3svfrqkmf9ll58iq0dczbsdpqgg1j3w6j0"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)))
@@ -327,7 +328,8 @@ libskba (working with X.509 certificates and CMS data).")
;; Keep the old name around to ease transition.
(symlink "gpgv" "gpgv2")
(symlink "gpg" "gpg2")
- #t)))))))))
+ #t)))))))
+ (properties `((superseded . ,gnupg)))))
(define-public gnupg-1
(package (inherit gnupg)
@@ -371,10 +373,14 @@ libskba (working with X.509 certificates and CMS data).")
;; Needs to be propagated because gpgme.h includes gpg-error.h.
`(("libgpg-error" ,libgpg-error)))
(inputs
- `(("gnupg" ,gnupg-2.0)
+ `(("gnupg" ,gnupg)
("libassuan" ,libassuan)))
(arguments
- `(#:phases
+ `(#:configure-flags
+ (list (string-append "--enable-fixed-path="
+ (assoc-ref %build-inputs "gnupg")
+ "/bin"))
+ #:phases
(modify-phases %standard-phases
(add-after 'configure 'patch-cmake-file
(lambda _
@@ -478,9 +484,10 @@ distributed separately.")
(lambda _
(zero? (system* "make" "check")))))))
(build-system python-build-system)
+ (native-inputs
+ `(("gnupg" ,gnupg-1)))
(inputs
- `(("gnupg" ,gnupg-2.0)
- ("gpgme" ,gpgme)))
+ `(("gpgme" ,gpgme)))
(home-page "https://launchpad.net/pygpgme")
(synopsis "Python module for working with OpenPGP messages")
(description
@@ -714,14 +721,14 @@ including tools for signing keys, keyring analysis, and party preparation.
(define-public pinentry-tty
(package
(name "pinentry-tty")
- (version "1.0.0")
+ (version "1.1.0")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnupg/pinentry/pinentry-"
version ".tar.bz2"))
(sha256
(base32
- "0ni7g4plq6x78p32al7m8h2zsakvg1rhfz0qbc3kdc7yq7nw4whn"))))
+ "0w35ypl960pczg5kp6km3dyr000m1hf0vpwwlh72jjkjza36c1v8"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags '("--enable-pinentry-tty")))
diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm
index ac9fca8600..29ce574197 100644
--- a/gnu/packages/imagemagick.scm
+++ b/gnu/packages/imagemagick.scm
@@ -46,14 +46,14 @@
;; The 7 release series has an incompatible API, while the 6 series is still
;; maintained. Don't update to 7 until we've made sure that the ImageMagick
;; users are ready for the 7-series API.
- (version "6.9.9-23")
+ (version "6.9.9-27")
(source (origin
(method url-fetch)
(uri (string-append "mirror://imagemagick/ImageMagick-"
version ".tar.xz"))
(sha256
(base32
- "0cd6zcbcfvznf0i3q4xz1c4wm4cfplg4zc466lvlb1w8qbn25948"))))
+ "0z71az1bfar1r6mm3ijxbci0vb1ri66ypaals8wb17h1d85hkl17"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags '("--with-frozenpaths" "--without-gcc-arch")
diff --git a/gnu/packages/irc.scm b/gnu/packages/irc.scm
index fbcc0b6f1b..ec329ade7e 100644
--- a/gnu/packages/irc.scm
+++ b/gnu/packages/irc.scm
@@ -153,18 +153,21 @@ SILC and ICB protocols via plugins.")
(define-public weechat
(package
(name "weechat")
- (version "2.0")
+ (version "2.0.1")
(source (origin
(method url-fetch)
(uri (string-append "https://weechat.org/files/src/weechat-"
version ".tar.xz"))
(sha256
(base32
- "1ix2izrlr5jx5vl49kz9jbib7cq9mr6i7iyxkcz6xjfrryx2s5x9"))
+ "1l854dramvn9vfba7jpazkjwm4k4i5pshq58vjv6z2mxmcp5hhv9"))
(patches (search-patches "weechat-python.patch"))))
(build-system cmake-build-system)
- (native-inputs `(("gettext" ,gettext-minimal)
- ("pkg-config" ,pkg-config)))
+ (native-inputs
+ `(("gettext" ,gettext-minimal)
+ ("pkg-config" ,pkg-config)
+ ;; For tests.
+ ("cpputest" ,cpputest)))
(inputs `(("ncurses" ,ncurses)
("libgcrypt" ,libgcrypt "out")
("zlib" ,zlib)
@@ -177,15 +180,30 @@ SILC and ICB protocols via plugins.")
("perl" ,perl)
("tcl" ,tcl)))
(arguments
- `(#:tests? #f ; tests require cpputime
- #:phases (modify-phases %standard-phases
- (add-after 'install 'wrap
- (lambda* (#:key inputs outputs #:allow-other-keys)
- (let ((out (assoc-ref outputs "out"))
- (py2 (assoc-ref inputs "python")))
- (wrap-program (string-append out "/bin/weechat")
- `("PATH" ":" prefix (,(string-append py2 "/bin"))))
- #t))))))
+ `(#:configure-flags
+ (list "-DENABLE_TESTS=ON") ; ‘make test’ fails otherwise
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'disable-failing-tests
+ ;; For reasons best left to the imagination, CppUTest cannot skip
+ ;; more than one single test... Resort to manual patching instead.
+ ;; See <https://cpputest.github.io/manual.html#command_line>.
+ (λ _
+ ;; Don't test plugin support for languages we don't enable.
+ (substitute* "tests/unit/test-plugins.cpp"
+ ((".*\\$\\{plugin.name\\} == (javascript|php|ruby)" all)
+ (string-append "// SKIP" all)))
+ (substitute* "tests/scripts/test-scripts.cpp"
+ ((".*\\{ \"(jvascript|php|ruby)\", " all) ; sic
+ (string-append "// SKIP" all)))
+ #t))
+ (add-after 'install 'wrap
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out"))
+ (py2 (assoc-ref inputs "python")))
+ (wrap-program (string-append out "/bin/weechat")
+ `("PATH" ":" prefix (,(string-append py2 "/bin"))))
+ #t))))))
(synopsis "Extensible chat client")
(description "WeeChat (Wee Enhanced Environment for Chat) is an
@dfn{Internet Relay Chat} (IRC) client, which is designed to be light and fast.
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index f2336093d9..a2e8dc287e 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -370,8 +370,8 @@ It has been modified to remove all non-free binary blobs.")
(define %intel-compatible-systems '("x86_64-linux" "i686-linux"))
(define %linux-compatible-systems '("x86_64-linux" "i686-linux" "armhf-linux"))
-(define %linux-libre-version "4.14.6")
-(define %linux-libre-hash "0q6dl2shkj5dkf0wgzgfyaq0axk97w05j618xi619y9xqph4ql79")
+(define %linux-libre-version "4.14.8")
+(define %linux-libre-hash "0y8nggpdgfqfx6dy5k39vj552k5mxamwjn6mldwrhs2aqpsrbwr3")
;; linux-libre configuration for armhf-linux is derived from Debian armmp. It
;; supports qemu "virt" machine and possibly a large number of ARM boards.
@@ -384,14 +384,14 @@ It has been modified to remove all non-free binary blobs.")
#:configuration-file kernel-config))
(define-public linux-libre-4.9
- (make-linux-libre "4.9.69"
- "0xkqbh8fpx47appszjbxzljr6vr0wyk0fphlkynpcrmingk4b98j"
+ (make-linux-libre "4.9.71"
+ "0z4m77zbndlqy43bgl1xhklpjilbvrhbfbcppc55z3f61qwjf0mc"
%intel-compatible-systems
#:configuration-file kernel-config))
(define-public linux-libre-4.4
- (make-linux-libre "4.4.105"
- "177qvci7wfrc23vi11bnyayfivxf6d8hankgrzv26jr3z6j0rall"
+ (make-linux-libre "4.4.107"
+ "0pfzv15c1qj7a77n8cdmsi77yhlbzv35y7qa03j0b96ajwjsclsp"
%intel-compatible-systems
#:configuration-file kernel-config))
@@ -3397,16 +3397,30 @@ The following service daemons are also provided:
(define-public rng-tools
(package
(name "rng-tools")
- (version "5")
+ (version "6.1")
(source (origin
(method url-fetch)
- (uri (string-append
- "http://downloads.sourceforge.net/sourceforge/gkernel/"
- "rng-tools-" version ".tar.gz"))
+ (uri (string-append "https://github.com/nhorman/rng-tools/"
+ "archive/v" version ".tar.gz"))
+ (file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
- "13h7lc8wl9khhvkr0i3bl5j9bapf8anhqis1lcnwxg1vc2v058b0"))))
+ "00ywsknjpc9jd9kfmz2syk9l0xkiiwyx5qhl5zvhhc69v6682i31"))))
(build-system gnu-build-system)
+ (arguments
+ `(;; Avoid using OpenSSL, curl, and libxml2, reducing the closure by 166 MiB.
+ #:configure-flags '("--without-nistbeacon")
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'bootstrap
+ (lambda _
+ (zero? (system* "sh" "autogen.sh")))))))
+ (native-inputs
+ `(("autoconf" ,autoconf)
+ ("automake" ,automake)
+ ("pkg-config" ,pkg-config)))
+ (inputs
+ `(("libsysfs" ,sysfsutils)))
(synopsis "Random number generator daemon")
(description
"Monitor a hardware random number generator, and supply entropy
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 0423dd7c56..6aedcf7c3a 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -1049,7 +1049,7 @@ delivery.")
(define-public exim
(package
(name "exim")
- (version "4.89.1")
+ (version "4.90")
(source
(origin
(method url-fetch)
@@ -1059,7 +1059,7 @@ delivery.")
version ".tar.bz2")))
(sha256
(base32
- "133sjkcm9wlhpcxflr5v865varc1995bqa1y3vjs1w6zc34kp18w"))))
+ "1cmx2648zhpsc4pznky7qsqbjazd3wn4gpslbl30j56cv1m6rb3x"))))
(build-system gnu-build-system)
(inputs
`(("bdb" ,bdb)
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index 22d11302a5..11213bea94 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -2482,7 +2482,7 @@ point numbers.")
(define-public wxmaxima
(package
(name "wxmaxima")
- (version "17.05.1")
+ (version "17.10.1")
(source
(origin
(method url-fetch)
@@ -2491,7 +2491,7 @@ point numbers.")
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
- "0dv0cy0cf46v0cbw32izscpkdmpxg1qhwq1f4cz46kkqd8k4yfbj"))))
+ "0qlzc31cqkwpfgrb9cif9bcnkj3rq487plg4rns7jxv6pq4609v1"))))
(build-system gnu-build-system)
(native-inputs
`(("autoconf" ,autoconf)
diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm
index 1780536d05..8b3bf5cf68 100644
--- a/gnu/packages/messaging.scm
+++ b/gnu/packages/messaging.scm
@@ -493,14 +493,14 @@ simultaneously and therefore appear under the same nickname on IRC.")
(define-public python-nbxmpp
(package
(name "python-nbxmpp")
- (version "0.5.5")
+ (version "0.6.1")
(source
(origin
(method url-fetch)
(uri (pypi-uri "nbxmpp" version))
(sha256
(base32
- "1gnzrzrdl4nii1sc5x8p5iw2ya5sl70j3nn34abqsny51p2pzmv6"))))
+ "0qvkiscy42nhzhccszi049ws8cnhpxgc13g8naq1rsa5x9zy163c"))))
(build-system python-build-system)
(arguments
`(#:tests? #f)) ; no tests
@@ -518,7 +518,7 @@ was initially a fork of xmpppy, but uses non-blocking sockets.")
(define-public gajim
(package
(name "gajim")
- (version "0.16.8")
+ (version "0.16.9")
(source (origin
(method url-fetch)
(uri (string-append "https://gajim.org/downloads/"
@@ -526,7 +526,7 @@ was initially a fork of xmpppy, but uses non-blocking sockets.")
"/gajim-" version ".tar.bz2"))
(sha256
(base32
- "0ckakdjg30fsyjsgyy2573x9nmjivdg76y049l86wns5axw8im26"))))
+ "0v08zdvpqaig0wxpxn1l8rsj3wr3fqvnagn8cnvch17vfqv9gcr1"))))
(build-system gnu-build-system)
(arguments
`(#:phases
@@ -568,8 +568,8 @@ end-to-end encryption support; XML console.")
(define-public dino
;; The only release tarball is for version 0.0, but it is very old and fails
;; to build.
- (let ((commit "2a514d0969f5c25d5e2d14421125a47df6b14974")
- (revision "2"))
+ (let ((commit "f25fadde2d6c9492b9cafe2cddbcc7b966942e47")
+ (revision "3"))
(package
(name "dino")
(version (string-append "0.0-" revision "." (string-take commit 9)))
@@ -581,7 +581,7 @@ end-to-end encryption support; XML console.")
(file-name (string-append name "-" version "-checkout"))
(sha256
(base32
- "0v9fqikxvamdw7bxbwc4s01x0vf30vl77149y16krijaqnq6kzv0"))))
+ "1nhzrw3pbpybn9qclckk6z427vbgnqd0y1l63zd1rfw4zw099mzs"))))
(build-system cmake-build-system)
(arguments
`(#:tests? #f ; there are no tests
diff --git a/gnu/packages/mpd.scm b/gnu/packages/mpd.scm
index 74b53afce1..e6bc2b4e71 100644
--- a/gnu/packages/mpd.scm
+++ b/gnu/packages/mpd.scm
@@ -76,7 +76,7 @@ interfacing MPD in the C, C++ & Objective C languages.")
(define-public mpd
(package
(name "mpd")
- (version "0.20.12")
+ (version "0.20.13")
(source (origin
(method url-fetch)
(uri
@@ -85,7 +85,7 @@ interfacing MPD in the C, C++ & Objective C languages.")
"/mpd-" version ".tar.xz"))
(sha256
(base32
- "02gpfkki61c24hphaas9pb29wpvd0pbmwdqrpn8wi1gv103aqng1"))))
+ "0h7z90dnpwlyad4kfi1ja9v9vzqic0xg93iy4q0dwlhav0scbha6"))))
(build-system gnu-build-system)
(arguments
`(#:phases
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index 7aeb4967bf..633708a6f5 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -757,14 +757,14 @@ written entirely in Python.")))
(define-public gwl
(package
(name "gwl")
- (version "0.1.0")
+ (version "0.1.1")
(source (origin
(method url-fetch)
(uri (string-append "https://www.guixwl.org/releases/gwl-"
version ".tar.gz"))
(sha256
(base32
- "1x4swwp7kmhd57j3scii5c4h8swkcvab2r6mz7wxwwbx300wcqpy"))))
+ "06pm967mq1wyggx7l0nfapw5s0k5qc5r9lawk2v3db868br779a7"))))
(build-system gnu-build-system)
(native-inputs
`(("autoconf" ,autoconf)
diff --git a/gnu/packages/password-utils.scm b/gnu/packages/password-utils.scm
index d83c2449e1..07197de0d5 100644
--- a/gnu/packages/password-utils.scm
+++ b/gnu/packages/password-utils.scm
@@ -88,7 +88,7 @@ human.")
(define-public keepassxc
(package
(name "keepassxc")
- (version "2.2.2")
+ (version "2.2.4")
(source
(origin
(method url-fetch)
@@ -97,7 +97,7 @@ human.")
version "-src.tar.xz"))
(sha256
(base32
- "0wrl8kxb16wzdgfjj057yv18cfg0b8z8lxp1fl2q8fkdgr7phm9g"))))
+ "1pfkq1m5vb90kx67vyw70s1hc4ivjsvq2535vm6wdwwsncna6bz5"))))
(build-system cmake-build-system)
(inputs
`(("libgcrypt" ,libgcrypt)
diff --git a/gnu/packages/patches/libarchive-CVE-2017-14502.patch b/gnu/packages/patches/libarchive-CVE-2017-14502.patch
new file mode 100644
index 0000000000..8e0508afb5
--- /dev/null
+++ b/gnu/packages/patches/libarchive-CVE-2017-14502.patch
@@ -0,0 +1,40 @@
+Fix CVE-2017-14502:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=573
+
+Patch copied from upstream source repository:
+
+https://github.com/libarchive/libarchive/commit/5562545b5562f6d12a4ef991fae158bf4ccf92b6
+
+From 5562545b5562f6d12a4ef991fae158bf4ccf92b6 Mon Sep 17 00:00:00 2001
+From: Joerg Sonnenberger <joerg@bec.de>
+Date: Sat, 9 Sep 2017 17:47:32 +0200
+Subject: [PATCH] Avoid a read off-by-one error for UTF16 names in RAR
+ archives.
+
+Reported-By: OSS-Fuzz issue 573
+---
+ libarchive/archive_read_support_format_rar.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
+index cbb14c32..751de697 100644
+--- a/libarchive/archive_read_support_format_rar.c
++++ b/libarchive/archive_read_support_format_rar.c
+@@ -1496,7 +1496,11 @@ read_header(struct archive_read *a, struct archive_entry *entry,
+ return (ARCHIVE_FATAL);
+ }
+ filename[filename_size++] = '\0';
+- filename[filename_size++] = '\0';
++ /*
++ * Do not increment filename_size here as the computations below
++ * add the space for the terminating NUL explicitly.
++ */
++ filename[filename_size] = '\0';
+
+ /* Decoded unicode form is UTF-16BE, so we have to update a string
+ * conversion object for it. */
+--
+2.15.1
+
diff --git a/gnu/packages/patches/libexif-CVE-2017-7544.patch b/gnu/packages/patches/libexif-CVE-2017-7544.patch
new file mode 100644
index 0000000000..c4ea373dc5
--- /dev/null
+++ b/gnu/packages/patches/libexif-CVE-2017-7544.patch
@@ -0,0 +1,29 @@
+Fix CVE-2017-7544:
+
+https://sourceforge.net/p/libexif/bugs/130/
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7544
+
+Patch copied from upstream bug tracker:
+
+https://sourceforge.net/p/libexif/bugs/130/#489a
+
+Index: libexif/exif-data.c
+===================================================================
+RCS file: /cvsroot/libexif/libexif/libexif/exif-data.c,v
+retrieving revision 1.131
+diff -u -r1.131 exif-data.c
+--- a/libexif/exif-data.c 12 Jul 2012 17:28:26 -0000 1.131
++++ b/libexif/exif-data.c 25 Jul 2017 21:34:06 -0000
+@@ -255,6 +255,12 @@
+ exif_mnote_data_set_offset (data->priv->md, *ds - 6);
+ exif_mnote_data_save (data->priv->md, &e->data, &e->size);
+ e->components = e->size;
++ if (exif_format_get_size (e->format) != 1) {
++ /* e->format is taken from input code,
++ * but we need to make sure it is a 1 byte
++ * entity due to the multiplication below. */
++ e->format = EXIF_FORMAT_UNDEFINED;
++ }
+ }
+ }
+
diff --git a/gnu/packages/patches/links-CVE-2017-11114.patch b/gnu/packages/patches/links-CVE-2017-11114.patch
new file mode 100644
index 0000000000..c5ac9884b5
--- /dev/null
+++ b/gnu/packages/patches/links-CVE-2017-11114.patch
@@ -0,0 +1,99 @@
+Fix CVE-2017-11114:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11114
+http://seclists.org/fulldisclosure/2017/Jul/76
+
+Patch copied from Debian:
+
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870299#12
+
+Origin: upstream, commit: fee5dca79a93a37024e494b985386a5fe60bc1b7
+Origin: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870299#12
+Author: Mikulas Patocka <mikulas@twibright.com>
+Date: Wed Aug 2 20:13:29 2017 +0200
+Subject: Fix read out of memory in case of corrupted UTF-8 data
+
+---
+ charsets.c | 37 +------------------------------------
+ links.h | 9 ++++-----
+ 2 files changed, 5 insertions(+), 41 deletions(-)
+
+Index: links-2.14/charsets.c
+===================================================================
+--- links-2.14.orig/charsets.c
++++ links-2.14/charsets.c
+@@ -215,41 +215,6 @@ static struct conv_table *get_translatio
+ return utf_table;
+ }
+
+-unsigned short int utf8_2_uni_table[0x200] = {
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 128, 0, 0, 0, 192, 0,
+- 0, 0, 256, 0, 0, 0, 320, 0, 0, 0, 384, 0, 0, 0, 448, 0,
+- 0, 0, 512, 0, 0, 0, 576, 0, 0, 0, 640, 0, 0, 0, 704, 0,
+- 0, 0, 768, 0, 0, 0, 832, 0, 0, 0, 896, 0, 0, 0, 960, 0,
+- 0, 0, 1024, 0, 0, 0, 1088, 0, 0, 0, 1152, 0, 0, 0, 1216, 0,
+- 0, 0, 1280, 0, 0, 0, 1344, 0, 0, 0, 1408, 0, 0, 0, 1472, 0,
+- 0, 0, 1536, 0, 0, 0, 1600, 0, 0, 0, 1664, 0, 0, 0, 1728, 0,
+- 0, 0, 1792, 0, 0, 0, 1856, 0, 0, 0, 1920, 0, 0, 0, 1984, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+-};
+-
+ unsigned char utf_8_1[256] = {
+ 6, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
+ 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
+@@ -269,7 +234,7 @@ unsigned char utf_8_1[256] = {
+ 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 6, 6,
+ };
+
+-static_const unsigned min_utf_8[9] = {
++static_const unsigned min_utf_8[8] = {
+ 0, 0x4000000, 0x200000, 0x10000, 0x800, 0x80, 0x100, 0x1,
+ };
+
+Index: links-2.14/links.h
+===================================================================
+--- links-2.14.orig/links.h
++++ links-2.14/links.h
+@@ -3906,15 +3906,14 @@ unsigned char *cp_strchr(int charset, un
+ void init_charset(void);
+
+ unsigned get_utf_8(unsigned char **p);
+-extern unsigned short int utf8_2_uni_table[0x200];
+ #define GET_UTF_8(s, c) \
+ do { \
+ if ((unsigned char)(s)[0] < 0x80) \
+ (c) = (s)++[0]; \
+- else if (((c) = utf8_2_uni_table[((unsigned char)(s)[0] << 2) + \
+- ((unsigned char)(s)[1] >> 6) - 0x200])) \
+- (c) += (unsigned char)(s)[1] & 0x3f, (s) += 2; \
+- else \
++ else if ((unsigned char)(s)[0] >= 0xc2 && (unsigned char)(s)[0] < 0xe0 &&\
++ ((unsigned char)(s)[1] & 0xc0) == 0x80) { \
++ (c) = (unsigned char)(s)[0] * 0x40 + (unsigned char)(s)[1], (c) -= 0x3080, (s) += 2;\
++ } else \
+ (c) = get_utf_8(&(s)); \
+ } while (0)
+ #define FWD_UTF_8(s) \
diff --git a/gnu/packages/patches/mupdf-CVE-2017-14685.patch b/gnu/packages/patches/mupdf-CVE-2017-14685.patch
deleted file mode 100644
index 3fcce5fedf..0000000000
--- a/gnu/packages/patches/mupdf-CVE-2017-14685.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Fix CVE-2017-14685:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14685
-
-Patch copied from upstream source repository:
-
-https://git.ghostscript.com/?p=mupdf.git;h=ab1a420613dec93c686acbee2c165274e922f82a
-
-From ab1a420613dec93c686acbee2c165274e922f82a Mon Sep 17 00:00:00 2001
-From: Tor Andersson <tor.andersson@artifex.com>
-Date: Tue, 19 Sep 2017 15:23:04 +0200
-Subject: [PATCH] Fix 698539: Don't use xps font if it could not be loaded.
-
-xps_load_links_in_glyphs did not cope with font loading failures.
----
- source/xps/xps-link.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/source/xps/xps-link.c b/source/xps/xps-link.c
-index c07e0d7..c26a8d9 100644
---- a/source/xps/xps-link.c
-+++ b/source/xps/xps-link.c
-@@ -91,6 +91,8 @@ xps_load_links_in_glyphs(fz_context *ctx, xps_document *doc, const fz_matrix *ct
- bidi_level = atoi(bidi_level_att);
-
- font = xps_lookup_font(ctx, doc, base_uri, font_uri_att, style_att);
-+ if (!font)
-+ return;
- text = xps_parse_glyphs_imp(ctx, doc, &local_ctm, font, fz_atof(font_size_att),
- fz_atof(origin_x_att), fz_atof(origin_y_att),
- is_sideways, bidi_level, indices_att, unicode_att);
---
-2.9.1
-
diff --git a/gnu/packages/patches/mupdf-CVE-2017-14686.patch b/gnu/packages/patches/mupdf-CVE-2017-14686.patch
deleted file mode 100644
index e462a6ffeb..0000000000
--- a/gnu/packages/patches/mupdf-CVE-2017-14686.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Fix CVE-2017-14686:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14686
-
-Patch copied from upstream source repository:
-
-https://git.ghostscript.com/?p=mupdf.git;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1
-
-From 0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1 Mon Sep 17 00:00:00 2001
-From: Tor Andersson <tor.andersson@artifex.com>
-Date: Tue, 19 Sep 2017 16:33:38 +0200
-Subject: [PATCH] Fix 698540: Check name, comment and meta size field signs.
-
----
- source/fitz/unzip.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/source/fitz/unzip.c b/source/fitz/unzip.c
-index f2d4f32..0bcce0f 100644
---- a/source/fitz/unzip.c
-+++ b/source/fitz/unzip.c
-@@ -141,6 +141,9 @@ static void read_zip_dir_imp(fz_context *ctx, fz_zip_archive *zip, int start_off
- (void) fz_read_int32_le(ctx, file); /* ext file atts */
- offset = fz_read_int32_le(ctx, file);
-
-+ if (namesize < 0 || metasize < 0 || commentsize < 0)
-+ fz_throw(ctx, FZ_ERROR_GENERIC, "invalid size in zip entry");
-+
- name = fz_malloc(ctx, namesize + 1);
- n = fz_read(ctx, file, (unsigned char*)name, namesize);
- if (n < (size_t)namesize)
---
-2.9.1
-
diff --git a/gnu/packages/patches/mupdf-CVE-2017-14687.patch b/gnu/packages/patches/mupdf-CVE-2017-14687.patch
deleted file mode 100644
index cdc41df813..0000000000
--- a/gnu/packages/patches/mupdf-CVE-2017-14687.patch
+++ /dev/null
@@ -1,130 +0,0 @@
-Fix CVE-2017-14687:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14687
-
-Patch copied from upstream source repository:
-
-https://git.ghostscript.com/?p=mupdf.git;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28
-
-From 2b16dbd8f73269cb15ca61ece75cf8d2d196ed28 Mon Sep 17 00:00:00 2001
-From: Tor Andersson <tor.andersson@artifex.com>
-Date: Tue, 19 Sep 2017 17:17:12 +0200
-Subject: [PATCH] Fix 698558: Handle non-tags in tag name comparisons.
-
-Use fz_xml_is_tag instead of fz_xml_tag && !strcmp idiom.
----
- source/html/css-apply.c | 2 +-
- source/svg/svg-run.c | 2 +-
- source/xps/xps-common.c | 6 +++---
- source/xps/xps-glyphs.c | 2 +-
- source/xps/xps-path.c | 4 ++--
- source/xps/xps-resource.c | 2 +-
- 6 files changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/source/html/css-apply.c b/source/html/css-apply.c
-index de55490..6a91df0 100644
---- a/source/html/css-apply.c
-+++ b/source/html/css-apply.c
-@@ -328,7 +328,7 @@ match_selector(fz_css_selector *sel, fz_xml *node)
-
- if (sel->name)
- {
-- if (strcmp(sel->name, fz_xml_tag(node)))
-+ if (!fz_xml_is_tag(node, sel->name))
- return 0;
- }
-
-diff --git a/source/svg/svg-run.c b/source/svg/svg-run.c
-index f974c67..5302c64 100644
---- a/source/svg/svg-run.c
-+++ b/source/svg/svg-run.c
-@@ -1044,7 +1044,7 @@ svg_run_use(fz_context *ctx, fz_device *dev, svg_document *doc, fz_xml *root, co
- fz_xml *linked = fz_tree_lookup(ctx, doc->idmap, xlink_href_att + 1);
- if (linked)
- {
-- if (!strcmp(fz_xml_tag(linked), "symbol"))
-+ if (fz_xml_is_tag(linked, "symbol"))
- svg_run_use_symbol(ctx, dev, doc, root, linked, &local_state);
- else
- svg_run_element(ctx, dev, doc, linked, &local_state);
-diff --git a/source/xps/xps-common.c b/source/xps/xps-common.c
-index cc7fed9..f2f9b93 100644
---- a/source/xps/xps-common.c
-+++ b/source/xps/xps-common.c
-@@ -47,7 +47,7 @@ xps_parse_brush(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, const
- else if (fz_xml_is_tag(node, "RadialGradientBrush"))
- xps_parse_radial_gradient_brush(ctx, doc, ctm, area, base_uri, dict, node);
- else
-- fz_warn(ctx, "unknown brush tag: %s", fz_xml_tag(node));
-+ fz_warn(ctx, "unknown brush tag");
- }
-
- void
-@@ -85,7 +85,7 @@ xps_begin_opacity(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, cons
- if (opacity_att)
- opacity = fz_atof(opacity_att);
-
-- if (opacity_mask_tag && !strcmp(fz_xml_tag(opacity_mask_tag), "SolidColorBrush"))
-+ if (fz_xml_is_tag(opacity_mask_tag, "SolidColorBrush"))
- {
- char *scb_opacity_att = fz_xml_att(opacity_mask_tag, "Opacity");
- char *scb_color_att = fz_xml_att(opacity_mask_tag, "Color");
-@@ -129,7 +129,7 @@ xps_end_opacity(fz_context *ctx, xps_document *doc, char *base_uri, xps_resource
-
- if (opacity_mask_tag)
- {
-- if (strcmp(fz_xml_tag(opacity_mask_tag), "SolidColorBrush"))
-+ if (!fz_xml_is_tag(opacity_mask_tag, "SolidColorBrush"))
- fz_pop_clip(ctx, dev);
- }
- }
-diff --git a/source/xps/xps-glyphs.c b/source/xps/xps-glyphs.c
-index 29dc5b3..5b26d78 100644
---- a/source/xps/xps-glyphs.c
-+++ b/source/xps/xps-glyphs.c
-@@ -592,7 +592,7 @@ xps_parse_glyphs(fz_context *ctx, xps_document *doc, const fz_matrix *ctm,
-
- /* If it's a solid color brush fill/stroke do a simple fill */
-
-- if (fill_tag && !strcmp(fz_xml_tag(fill_tag), "SolidColorBrush"))
-+ if (fz_xml_is_tag(fill_tag, "SolidColorBrush"))
- {
- fill_opacity_att = fz_xml_att(fill_tag, "Opacity");
- fill_att = fz_xml_att(fill_tag, "Color");
-diff --git a/source/xps/xps-path.c b/source/xps/xps-path.c
-index 6faeb0c..021d202 100644
---- a/source/xps/xps-path.c
-+++ b/source/xps/xps-path.c
-@@ -879,14 +879,14 @@ xps_parse_path(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, char *b
- if (!data_att && !data_tag)
- return;
-
-- if (fill_tag && !strcmp(fz_xml_tag(fill_tag), "SolidColorBrush"))
-+ if (fz_xml_is_tag(fill_tag, "SolidColorBrush"))
- {
- fill_opacity_att = fz_xml_att(fill_tag, "Opacity");
- fill_att = fz_xml_att(fill_tag, "Color");
- fill_tag = NULL;
- }
-
-- if (stroke_tag && !strcmp(fz_xml_tag(stroke_tag), "SolidColorBrush"))
-+ if (fz_xml_is_tag(stroke_tag, "SolidColorBrush"))
- {
- stroke_opacity_att = fz_xml_att(stroke_tag, "Opacity");
- stroke_att = fz_xml_att(stroke_tag, "Color");
-diff --git a/source/xps/xps-resource.c b/source/xps/xps-resource.c
-index c2292e6..8e81ab8 100644
---- a/source/xps/xps-resource.c
-+++ b/source/xps/xps-resource.c
-@@ -84,7 +84,7 @@ xps_parse_remote_resource_dictionary(fz_context *ctx, xps_document *doc, char *b
- if (!xml)
- return NULL;
-
-- if (strcmp(fz_xml_tag(xml), "ResourceDictionary"))
-+ if (!fz_xml_is_tag(xml, "ResourceDictionary"))
- {
- fz_drop_xml(ctx, xml);
- fz_throw(ctx, FZ_ERROR_GENERIC, "expected ResourceDictionary element");
---
-2.9.1
-
diff --git a/gnu/packages/patches/mupdf-CVE-2017-15587.patch b/gnu/packages/patches/mupdf-CVE-2017-15587.patch
deleted file mode 100644
index 7d24666756..0000000000
--- a/gnu/packages/patches/mupdf-CVE-2017-15587.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-Fix CVE-2017-15587.
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15587
-https://nandynarwhals.org/CVE-2017-15587/
-
-This patch is these two upstream commits squashed together:
-<https://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8>
-<https://git.ghostscript.com/?p=mupdf.git;h=d18bc728e46c5a5708f14d27c2b6c44e1d0c3232>
-
-diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c
-index 66bd0ed8..89499e61 100644
---- a/source/pdf/pdf-xref.c
-+++ b/source/pdf/pdf-xref.c
-@@ -924,7 +924,7 @@ pdf_read_new_xref_section(fz_context *ctx, pdf_document *doc, fz_stream *stm, fz
- pdf_xref_entry *table;
- int i, n;
-
-- if (i0 < 0 || i1 < 0)
-+ if (i0 < 0 || i1 < 0 || i0 > INT_MAX - i1)
- fz_throw(ctx, FZ_ERROR_GENERIC, "negative xref stream entry index");
- //if (i0 + i1 > pdf_xref_len(ctx, doc))
- // fz_throw(ctx, FZ_ERROR_GENERIC, "xref stream has too many entries");
---
-2.15.0
-
diff --git a/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch b/gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch
index 0b5b735ff3..d5c9c60242 100644
--- a/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch
+++ b/gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch
@@ -1,4 +1,4 @@
-Make it possible to build MuPDF with OpenJPEG 2.1, which is the latest
+Make it possible to build MuPDF with OpenJPEG 2.3, which is the latest
release series and contains many important bug fixes.
Patch adapted from Debian:
@@ -10,16 +10,16 @@ And related to this upstream commit:
http://git.ghostscript.com/?p=mupdf.git;a=commit;h=f88bfe2e62dbadb96d4f52d7aa025f0a516078da
diff --git a/source/fitz/load-jpx.c b/source/fitz/load-jpx.c
-index 6b92e5c..72dea50 100644
+index 65699ba..ea84778 100644
--- a/source/fitz/load-jpx.c
+++ b/source/fitz/load-jpx.c
-@@ -444,11 +444,6 @@
+@@ -445,11 +445,6 @@ fz_load_jpx_info(fz_context *ctx, const unsigned char *data, size_t size, int *w
#else /* HAVE_LURATECH */
-#define OPJ_STATIC
-#define OPJ_HAVE_INTTYPES_H
--#if !defined(_WIN32) && !defined(_WIN64)
+-#if !defined(_MSC_VER) || _MSC_VER >= 1600
-#define OPJ_HAVE_STDINT_H
-#endif
#define USE_JPIP
diff --git a/gnu/packages/patches/xboing-CVE-2004-0149.patch b/gnu/packages/patches/xboing-CVE-2004-0149.patch
new file mode 100644
index 0000000000..b40146b434
--- /dev/null
+++ b/gnu/packages/patches/xboing-CVE-2004-0149.patch
@@ -0,0 +1,134 @@
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0149
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=174924
+---
+ demo.c | 2 +-
+ editor.c | 12 ++++++------
+ file.c | 2 +-
+ highscore.c | 6 +++---
+ misc.c | 2 +-
+ preview.c | 2 +-
+ 6 files changed, 13 insertions(+), 13 deletions(-)
+
+diff --git a/demo.c b/demo.c
+index 9084e70..f4fc2cd 100644
+--- a/demo.c
++++ b/demo.c
+@@ -154,7 +154,7 @@ static void DoBlocks(display, window)
+
+ /* Construct the demo level filename */
+ if ((str = getenv("XBOING_LEVELS_DIR")) != NULL)
+- sprintf(levelPath, "%s/demo.data", str);
++ snprintf(levelPath, sizeof(levelPath),"%s/demo.data", str);
+ else
+ sprintf(levelPath, "%s/demo.data", LEVEL_INSTALL_DIR);
+
+diff --git a/editor.c b/editor.c
+index f2bb9ed..66d0679 100644
+--- a/editor.c
++++ b/editor.c
+@@ -213,7 +213,7 @@ static void DoLoadLevel(display, window)
+
+ /* Construct the Edit level filename */
+ if ((str = getenv("XBOING_LEVELS_DIR")) != NULL)
+- sprintf(levelPath, "%s/editor.data", str);
++ snprintf(levelPath,sizeof(levelPath)-1, "%s/editor.data", str);
+ else
+ sprintf(levelPath, "%s/editor.data", LEVEL_INSTALL_DIR);
+
+@@ -958,8 +958,8 @@ static void LoadALevel(display)
+ if ((num > 0) && (num <= MAX_NUM_LEVELS))
+ {
+ /* Construct the Edit level filename */
+- if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL)
+- sprintf(levelPath, "%s/level%02ld.data", str2, (u_long) num);
++ if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL)
++ snprintf(levelPath, sizeof(levelPath)-1,"%s/level%02ld.data", str2, (u_long) num);
+ else
+ sprintf(levelPath, "%s/level%02ld.data",
+ LEVEL_INSTALL_DIR, (u_long) num);
+@@ -1017,9 +1017,9 @@ static void SaveALevel(display)
+ num = atoi(str);
+ if ((num > 0) && (num <= MAX_NUM_LEVELS))
+ {
+- /* Construct the Edit level filename */
+- if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL)
+- sprintf(levelPath, "%s/level%02ld.data", str2, (u_long) num);
++ /* Construct the Edit level filename */
++ if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL)
++ snprintf(levelPath, sizeof(levelPath)-1,"%s/level%02ld.data", str2, (u_long) num);
+ else
+ sprintf(levelPath, "%s/level%02ld.data",
+ LEVEL_INSTALL_DIR, (u_long) num);
+diff --git a/file.c b/file.c
+index 4c043cd..99a0854 100644
+--- a/file.c
++++ b/file.c
+@@ -139,7 +139,7 @@ void SetupStage(display, window)
+
+ /* Construct the level filename */
+ if ((str = getenv("XBOING_LEVELS_DIR")) != NULL)
+- sprintf(levelPath, "%s/level%02ld.data", str, newLevel);
++ snprintf(levelPath,sizeof(levelPath), "%s/level%02ld.data", str, newLevel);
+ else
+ sprintf(levelPath, "%s/level%02ld.data", LEVEL_INSTALL_DIR, newLevel);
+
+diff --git a/highscore.c b/highscore.c
+index f0db3e9..792273e 100644
+--- a/highscore.c
++++ b/highscore.c
+@@ -1023,7 +1023,7 @@ int ReadHighScoreTable(type)
+ {
+ /* Use the environment variable if it exists */
+ if ((str = getenv("XBOING_SCORE_FILE")) != NULL)
+- strcpy(filename, str);
++ strncpy(filename, str, sizeof(filename)-1);
+ else
+ strcpy(filename, HIGH_SCORE_FILE);
+ }
+@@ -1095,7 +1095,7 @@ int WriteHighScoreTable(type)
+ {
+ /* Use the environment variable if it exists */
+ if ((str = getenv("XBOING_SCORE_FILE")) != NULL)
+- strcpy(filename, str);
++ strncpy(filename, str, sizeof(filename)-1);
+ else
+ strcpy(filename, HIGH_SCORE_FILE);
+ }
+@@ -1218,7 +1218,7 @@ static int LockUnlock(cmd)
+
+ /* Use the environment variable if it exists */
+ if ((str = getenv("XBOING_SCORE_FILE")) != NULL)
+- strcpy(filename, str);
++ strncpy(filename, str, sizeof(filename)-1);
+ else
+ strcpy(filename, HIGH_SCORE_FILE);
+
+diff --git a/misc.c b/misc.c
+index f3ab37e..7f3ddce 100644
+--- a/misc.c
++++ b/misc.c
+@@ -427,7 +427,7 @@ char *GetHomeDir()
+ */
+
+ if ((ptr = getenv("HOME")) != NULL)
+- (void) strcpy(dest, ptr);
++ (void) strncpy(dest, ptr,sizeof(dest)-1);
+ else
+ {
+ /* HOME variable is not present so get USER var */
+diff --git a/preview.c b/preview.c
+index 41c1187..687f566 100644
+--- a/preview.c
++++ b/preview.c
+@@ -139,7 +139,7 @@ static void DoLoadLevel(display, window)
+
+ /* Construct the Preview level filename */
+ if ((str = getenv("XBOING_LEVELS_DIR")) != NULL)
+- sprintf(levelPath, "%s/level%02d.data", str, lnum);
++ snprintf(levelPath, sizeof(levelPath)-1, "%s/level%02d.data", str, lnum);
+ else
+ sprintf(levelPath, "%s/level%02d.data", LEVEL_INSTALL_DIR, lnum);
+
+--
+2.15.1
+
diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm
index 43c832c6dd..6f5df68ece 100644
--- a/gnu/packages/pdf.scm
+++ b/gnu/packages/pdf.scm
@@ -555,25 +555,22 @@ extracting content or merging files.")
(define-public mupdf
(package
(name "mupdf")
- (version "1.11")
+ (version "1.12.0")
(source
(origin
(method url-fetch)
(uri (string-append "https://mupdf.com/downloads/archive/"
- name "-" version "-source.tar.gz"))
+ name "-" version "-source.tar.xz"))
+ (patches (search-patches "mupdf-build-with-latest-openjpeg.patch"))
(sha256
(base32
- "02phamcchgsmvjnb3ir7r5sssvx9fcrscn297z73b82n1jl79510"))
- (patches (search-patches "mupdf-build-with-openjpeg-2.1.patch"
- "mupdf-CVE-2017-14685.patch"
- "mupdf-CVE-2017-14686.patch"
- "mupdf-CVE-2017-14687.patch"
- "mupdf-CVE-2017-15587.patch"))
+ "0b9j0gqbc3jhmx87r6idcsh8lnb30840c3hyx6dk2gdjqqh3hysp"))
(modules '((guix build utils)))
(snippet '(delete-file-recursively "thirdparty"))))
(build-system gnu-build-system)
(inputs
`(("curl" ,curl)
+ ("freeglut" ,freeglut)
("freetype" ,freetype)
("harfbuzz" ,harfbuzz)
("jbig2dec" ,jbig2dec)
diff --git a/gnu/packages/perl-check.scm b/gnu/packages/perl-check.scm
index b1d1f08150..5df2940bd6 100644
--- a/gnu/packages/perl-check.scm
+++ b/gnu/packages/perl-check.scm
@@ -869,6 +869,30 @@ checks for pod coverage of all appropriate files.")
If this fails, then rather than failing tests this skips all tests.")
(license perl-license)))
+(define-public perl-test-requiresinternet
+ (package
+ (name "perl-test-requiresinternet")
+ (version "0.05")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append
+ "mirror://cpan/authors/id/M/MA/MALLEN/Test-RequiresInternet-"
+ version
+ ".tar.gz"))
+ (sha256
+ (base32
+ "0gl33vpj9bb78pzyijp884b66sbw6jkh1ci0xki8rmf03hmb79xv"))))
+ (build-system perl-build-system)
+ (home-page "http://search.cpan.org/dist/Test-RequiresInternet/")
+ (synopsis "Easily test network connectivity when running tests")
+ (description
+ "This Perl module is intended to easily test network connectivity to
+non-local Internet resources before functional tests begin. If the sockets
+cannot connect to the specified hosts and ports, the exception is caught and
+reported, and the tests skipped.")
+ (license perl-license)))
+
(define-public perl-test-script
(package
(name "perl-test-script")
diff --git a/gnu/packages/photo.scm b/gnu/packages/photo.scm
index 94174cc392..8c3f34ea6b 100644
--- a/gnu/packages/photo.scm
+++ b/gnu/packages/photo.scm
@@ -28,6 +28,7 @@
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
#:use-module (guix utils)
+ #:use-module (gnu packages)
#:use-module (gnu packages algebra)
#:use-module (gnu packages autotools)
#:use-module (gnu packages base)
@@ -89,6 +90,7 @@ cameras (CRW/CR2, NEF, RAF, DNG, and others).")
(method url-fetch)
(uri (string-append "mirror://sourceforge/libexif/libexif/"
version "/libexif-" version ".tar.bz2"))
+ (patches (search-patches "libexif-CVE-2017-7544.patch"))
(sha256
(base32
"06nlsibr3ylfwp28w8f5466l6drgrnydgxrm4jmxzrmk5svaxk8n"))))
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 37aa43e2c4..b2a2d84d00 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -12045,3 +12045,30 @@ belong to tagged versions.")
"BooleanOperations provides a Python library that enables
boolean operations on paths.")
(license license:expat)))
+
+(define-public python-tempdir
+ (package
+ (name "python-tempdir")
+ (version "0.7.1")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (pypi-uri "tempdir" version))
+ (sha256
+ (base32
+ "13msyyxqbicr111a294x7fsqbkl6a31fyrqflx3q7k547gnq15k8"))))
+ (build-system python-build-system)
+ (home-page "https://pypi.org/project/tempdir/")
+ (arguments
+ ;; the package has no tests
+ '(#:tests? #f))
+ (synopsis "Python library for managing temporary directories")
+ (description
+ "This library manages temporary directories that are automatically
+deleted with all their contents when they are no longer needed. It is
+particularly convenient for use in tests.")
+ (license license:expat)))
+
+(define-public python2-tempdir
+ (package-with-python2 python-tempdir))
+
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index 7c6b957411..7ce531bb6d 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -5,6 +5,7 @@
;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
;;;
;;; This file is part of GNU Guix.
;;;
diff --git a/gnu/packages/statistics.scm b/gnu/packages/statistics.scm
index d4d9c0e786..7c6ca70314 100644
--- a/gnu/packages/statistics.scm
+++ b/gnu/packages/statistics.scm
@@ -703,13 +703,13 @@ effects of different types of color-blindness.")
(define-public r-digest
(package
(name "r-digest")
- (version "0.6.12")
+ (version "0.6.13")
(source
(origin
(method url-fetch)
(uri (cran-uri "digest" version))
(sha256
- (base32 "1awy9phxdvqnadby7rvwy2hkbrj210bqf4xvi27asdq028zlcyd4"))))
+ (base32 "1bsgl07bvf4nk6bn7n3l2ilvk4qvn3nk7yxp22miil7x405xdks6"))))
(build-system r-build-system)
;; Vignettes require r-knitr, which requires r-digest, so we have to
;; disable them and the tests.
@@ -988,13 +988,13 @@ the input of another.")
(define-public r-reshape2
(package
(name "r-reshape2")
- (version "1.4.2")
+ (version "1.4.3")
(source
(origin
(method url-fetch)
(uri (cran-uri "reshape2" version))
(sha256
- (base32 "0swvjmc9f8cvkrsz463cp6snd8bncbv6q8yrfrb4rgkr0dhq6dvd"))))
+ (base32 "03ki5ka1dj208fc0dclbm0b4xp9d769pah2j9cs34l776p4r9zwa"))))
(build-system r-build-system)
(propagated-inputs
`(("r-plyr" ,r-plyr)
@@ -1328,13 +1328,13 @@ syntax that can be converted to XHTML or other formats.")
(define-public r-yaml
(package
(name "r-yaml")
- (version "2.1.14")
+ (version "2.1.16")
(source (origin
(method url-fetch)
(uri (cran-uri "yaml" version))
(sha256
(base32
- "0x88xicrf7vwp77xgan27mnpdljhpkn0pz5kphnwqi3ddy25k9a1"))))
+ "1xlsmqal607w6c9rx86061y1fwpbyd5lqp9bad5n7cc9a0blpnkm"))))
(build-system r-build-system)
(home-page "https://cran.r-project.org/web/packages/yaml/")
(synopsis "Methods to convert R data to YAML and back")
@@ -1502,20 +1502,23 @@ R packages that praise their users.")
(define-public r-testthat
(package
(name "r-testthat")
- (version "1.0.2")
+ (version "2.0.0")
(source (origin
(method url-fetch)
(uri (cran-uri "testthat" version))
(sha256
(base32
- "0pj1r01x4ny4capr83dfa19hi5i2sjjxky99schzip8zrq5dzxqf"))))
+ "155l53kb69jga5d8c5nvdwqlvlgfmk4vzyyl4d0108j53jnlgh1v"))))
(build-system r-build-system)
(propagated-inputs
- `(("r-digest" ,r-digest)
+ `(("r-cli" ,r-cli)
("r-crayon" ,r-crayon)
+ ("r-digest" ,r-digest)
("r-magrittr" ,r-magrittr)
("r-praise" ,r-praise)
- ("r-r6" ,r-r6)))
+ ("r-r6" ,r-r6)
+ ("r-rlang" ,r-rlang)
+ ("r-withr" ,r-withr)))
(home-page "https://github.com/hadley/testthat")
(synopsis "Unit testing for R")
(description
@@ -1898,15 +1901,17 @@ chain.")
(define-public r-ade4
(package
(name "r-ade4")
- (version "1.7-8")
+ (version "1.7-10")
(source
(origin
(method url-fetch)
(uri (cran-uri "ade4" version))
(sha256
(base32
- "1a5p3wf8l9cp1bjp57b1pc5bqs39kw1v21i4waj9j18wawzlmpb6"))))
+ "0zk81x0yn30gbyc0jpzyw1nxd08ccihl6vyk0ijvj3aw3nr5flc6"))))
(build-system r-build-system)
+ (propagated-inputs
+ `(("r-mass" ,r-mass)))
(home-page "http://pbil.univ-lyon1.fr/ADE-4")
(synopsis "Multivariate data analysis and graphical display")
(description
@@ -2007,14 +2012,14 @@ limited to R.")
(define-public r-backports
(package
(name "r-backports")
- (version "1.1.1")
+ (version "1.1.2")
(source
(origin
(method url-fetch)
(uri (cran-uri "backports" version))
(sha256
(base32
- "15w8psmv203wzijrk4hvwaw3i4byh2m5s09yrkqwhfckhaj82kj9"))))
+ "0mml9h3xagi7144pyb3jj9zbh9qzns7izkhdg7df20v7bikr6nz8"))))
(build-system r-build-system)
(home-page "http://cran.r-project.org/web/packages/backports")
(synopsis "Reimplementations of functions introduced since R 3.0.0")
@@ -2278,13 +2283,13 @@ functions make it easy to control additional request components.")
(define-public r-git2r
(package
(name "r-git2r")
- (version "0.19.0")
+ (version "0.20.0")
(source (origin
(method url-fetch)
(uri (cran-uri "git2r" version))
(sha256
(base32
- "0ws6fbndmaafk2am4dwnz24qizxhld0yh54hgx0z6lzv3p1j209q"))))
+ "1pqggijvsalb5cc2pr5gwfj3s713s63f4xii1xrd0qagfgbgz846"))))
(build-system r-build-system)
;; This R package contains modified sources of libgit2. This modified
;; version of libgit2 is built as the package is built. Hence libgit2 is
@@ -2415,13 +2420,13 @@ disk (or a connection).")
(define-public r-plotrix
(package
(name "r-plotrix")
- (version "3.6-6")
+ (version "3.7")
(source (origin
(method url-fetch)
(uri (cran-uri "plotrix" version))
(sha256
(base32
- "07hywp3ym0gbpqdj3f4vhr0bhmynhby8vh6p1b9cm2hv26pzs9q4"))))
+ "0rw81n9p3d2i03b4pgcfj5blryc94f29bm9a4j9bnp5h8qjj6pry"))))
(build-system r-build-system)
(home-page "http://cran.r-project.org/web/packages/plotrix")
(synopsis "Various plotting functions")
@@ -2474,13 +2479,13 @@ well as additional utilities such as panel and axis annotation functions.")
(define-public r-rcpparmadillo
(package
(name "r-rcpparmadillo")
- (version "0.8.100.1.0")
+ (version "0.8.300.1.0")
(source (origin
(method url-fetch)
(uri (cran-uri "RcppArmadillo" version))
(sha256
(base32
- "19sghlkslz6llcrjk5pd8c6dsb338jsi4dnwrbbrjkfq6jdr5jlp"))))
+ "0p6cbnwxgzigf7n5qhqvxdr3nd3pq3c2qq6pskqz7avzf813fy83"))))
(properties `((upstream-name . "RcppArmadillo")))
(build-system r-build-system)
(native-inputs
@@ -2545,14 +2550,14 @@ encoder/decoder, round-off-error-free sum and cumsum, etc.")
(define-public r-rprojroot
(package
(name "r-rprojroot")
- (version "1.2")
+ (version "1.3-1")
(source
(origin
(method url-fetch)
(uri (cran-uri "rprojroot" version))
(sha256
(base32
- "1fgyxv1zv04sllcclzz089xl6hpdzac7xk61l0l4acb7rqsx5d18"))))
+ "1jigr2jh3hzy35h94im52yq81lyikw7nfvmbxij84a1b9c32r332"))))
(build-system r-build-system)
(propagated-inputs
`(("r-backports" ,r-backports)))
@@ -2859,14 +2864,14 @@ statements.")
(define-public r-segmented
(package
(name "r-segmented")
- (version "0.5-2.2")
+ (version "0.5-3.0")
(source
(origin
(method url-fetch)
(uri (cran-uri "segmented" version))
(sha256
(base32
- "1wdjxkgqjqw5q2nywmgkf6y21lb0alhvaqg0m0dr2xyxf1ii79rs"))))
+ "0nrik5fyq59hwiwjcpbi4p5yfavgfjq6wyrynhkrbm4k6v1g1wlq"))))
(build-system r-build-system)
(home-page "http://cran.r-project.org/web/packages/segmented")
(synopsis "Regression models with breakpoints estimation")
@@ -2923,14 +2928,14 @@ standard R subsetting and Kronecker products.")
(define-public r-iterators
(package
(name "r-iterators")
- (version "1.0.8")
+ (version "1.0.9")
(source
(origin
(method url-fetch)
(uri (cran-uri "iterators" version))
(sha256
(base32
- "1f057pabs7ss9h1n244can26qsi5n2k3salrdk0b0vkphlrs4kmf"))))
+ "16sycjq912ix52fjxjhcwiaqr0yj1v5iqmrvjljd3z857031w06y"))))
(build-system r-build-system)
(home-page "http://cran.r-project.org/web/packages/iterators")
(synopsis "Iterator construct for R")
@@ -3144,14 +3149,14 @@ options and registries, vignette, unit test and bibtex related utilities.")
(define-public r-registry
(package
(name "r-registry")
- (version "0.3")
+ (version "0.5")
(source
(origin
(method url-fetch)
(uri (cran-uri "registry" version))
(sha256
(base32
- "0c7lscfxncwwd8zp46h2xfw9gw14dypqv6m2kx85xjhjh0xw99aq"))))
+ "1yqfl1g6vsl28zn8brzc39659k8lqsmfms7900j7p64ilydyb2sx"))))
(build-system r-build-system)
(home-page "http://cran.r-project.org/web/packages/registry")
(synopsis "Infrastructure for R package registries")
@@ -4394,14 +4399,14 @@ Farebrother's algorithm or Liu et al.'s algorithm.")
(define-public r-cowplot
(package
(name "r-cowplot")
- (version "0.9.1")
+ (version "0.9.2")
(source
(origin
(method url-fetch)
(uri (cran-uri "cowplot" version))
(sha256
(base32
- "0iq0wsi7467cj8hqml06whk3xsiv89x8dvm9ynwp411pzzbdjgwm"))))
+ "13yjw7yv7imyqiawqqp304hkp6x36iv6rf6gn03dwzwkj9zwx4lb"))))
(build-system r-build-system)
(propagated-inputs
`(("r-ggplot2" ,r-ggplot2)
diff --git a/gnu/packages/textutils.scm b/gnu/packages/textutils.scm
index 674a3507d0..2fb1d1495e 100644
--- a/gnu/packages/textutils.scm
+++ b/gnu/packages/textutils.scm
@@ -388,7 +388,14 @@ regular expression object can be specified.")
(assoc-ref %outputs "out") "/share/antiword"))
#:phases
(modify-phases %standard-phases
- (delete 'configure)
+ (replace 'configure
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; Ensure that mapping files can be found in the actual package
+ ;; data directory.
+ (substitute* "antiword.h"
+ (("/usr/share/antiword")
+ (string-append (assoc-ref outputs "out") "/share/antiword")))
+ #t))
(replace 'install
(lambda* (#:key make-flags #:allow-other-keys)
(zero? (apply system* "make" `("global_install" ,@make-flags))))))))
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 64ee404417..09e65d9037 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -459,14 +459,14 @@ required structures.")
(define-public libressl
(package
(name "libressl")
- (version "2.6.3")
+ (version "2.6.4")
(source (origin
(method url-fetch)
(uri (string-append "mirror://openbsd/LibreSSL/"
name "-" version ".tar.gz"))
(sha256
(base32
- "162wgzmg4zzqj5cxrsrmkfv1623dc4g8h3fsf1lvjw9i4sc6bbdf"))))
+ "07yi37a2ghsgj2b4w30q1s4d2inqnix7ika1m21y57p9z71212k3"))))
(build-system gnu-build-system)
(arguments
;; Do as if 'getentropy' was missing since older Linux kernels lack it
diff --git a/gnu/packages/web-browsers.scm b/gnu/packages/web-browsers.scm
index 385147c379..95d2878835 100644
--- a/gnu/packages/web-browsers.scm
+++ b/gnu/packages/web-browsers.scm
@@ -83,6 +83,7 @@ older or slower computers and embedded systems.")
(method url-fetch)
(uri (string-append "http://links.twibright.com/download/"
name "-" version ".tar.bz2"))
+ (patches (search-patches "links-CVE-2017-11114.patch"))
(sha256
(base32
"1f24y83wa1vzzjq5kp857gjqdpnmf8pb29yw7fam0m8wxxw0c3gp"))))
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 8eb4b885bd..f752cffded 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -3876,22 +3876,26 @@ applications.")
(define-public r-htmltable
(package
(name "r-htmltable")
- (version "1.9")
+ (version "1.11.0")
(source
(origin
(method url-fetch)
(uri (cran-uri "htmlTable" version))
(sha256
(base32
- "0ciic1f4iczq14j81fg7kxibn65sy8z1zxkvk1yxnxxg6dzplj2v"))))
+ "0x0qrzx6igg5z8jh901d2a8g2idpm5f4frwp1m02910scifcrxwf"))))
(properties `((upstream-name . "htmlTable")))
(build-system r-build-system)
(propagated-inputs
`(("r-checkmate" ,r-checkmate)
+ ("r-dplyr" ,r-dplyr)
+ ("r-htmltools" ,r-htmltools)
("r-htmlwidgets" ,r-htmlwidgets)
("r-knitr" ,r-knitr)
("r-magrittr" ,r-magrittr)
- ("r-stringr" ,r-stringr)))
+ ("r-rstudioapi" ,r-rstudioapi)
+ ("r-stringr" ,r-stringr)
+ ("r-tidyr" ,r-tidyr)))
(home-page "http://gforge.se/packages/")
(synopsis "Advanced tables for Markdown/HTML")
(description
@@ -3907,13 +3911,13 @@ LaTeX.")
(define-public r-curl
(package
(name "r-curl")
- (version "3.0")
+ (version "3.1")
(source (origin
(method url-fetch)
(uri (cran-uri "curl" version))
(sha256
(base32
- "01m52jz2q38yc32xbnmpm48hck2xj9fyhxq262p04y67gjpf7y3v"))))
+ "15fbjya2xrf2k9hhvg3frisrram4yk5wlfz67zj1z8ahpsb2a3r7"))))
(build-system r-build-system)
(arguments
`(#:phases
diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm
index 89fe9102ed..e2d753aa3d 100644
--- a/gnu/packages/webkit.scm
+++ b/gnu/packages/webkit.scm
@@ -54,14 +54,14 @@
(define-public webkitgtk
(package
(name "webkitgtk")
- (version "2.18.3")
+ (version "2.18.4")
(source (origin
(method url-fetch)
(uri (string-append "https://www.webkitgtk.org/releases/"
name "-" version ".tar.xz"))
(sha256
(base32
- "17lgn7qwrwqxl1lgmq5icvzmna6aymx4c7al47rp0vvac7hj0m71"))))
+ "1f1j0r996l20cgkvbwpizn7d4yp58cy334b1pvn4kfb5c2dbpdl7"))))
(build-system cmake-build-system)
(arguments
'(#:tests? #f ; no tests
diff --git a/gnu/packages/xfce.scm b/gnu/packages/xfce.scm
index 7668a1d380..bbe6ab4545 100644
--- a/gnu/packages/xfce.scm
+++ b/gnu/packages/xfce.scm
@@ -492,7 +492,10 @@ your system in categories, so you can quickly find and launch them.")
(build-system gnu-build-system)
(arguments
'(#:configure-flags
- (list (string-append "--with-xsession-prefix=" %output))))
+ (list (string-append "--with-xsession-prefix=" %output))
+ ;; Disable icon cache update.
+ #:make-flags
+ '("gtk_update_icon_cache=true")))
(native-inputs
`(("pkg-config" ,pkg-config)
("intltool" ,intltool)))
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index ca5e996d6a..6fce328565 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -179,6 +179,15 @@ project (but it is usable outside of the Gnome platform).")
based on libxml for XML parsing, tree manipulation and XPath support.")
(license license:x11)))
+(define libxslt/fixed
+ (package
+ (inherit libxslt)
+ (source (origin
+ (inherit (package-source libxslt))
+ (patches (search-patches "libxslt-CVE-2016-4738.patch"
+ "libxslt-CVE-2017-5029.patch"
+ "libxslt-generated-ids.patch"))))))
+
(define-public perl-graph-readwrite
(package
(name "perl-graph-readwrite")
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 5e08927af3..a3654fd4d3 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -516,6 +516,24 @@ stopped before 'kill' is called."
(call-with-output-file "/dev/urandom"
(lambda (urandom)
(dump-port seed urandom))))))
+
+ ;; Try writing from /dev/hwrng into /dev/urandom.
+ ;; It seems that the file /dev/hwrng always exists, even
+ ;; when there is no hardware random number generator
+ ;; available. So, we handle a failed read or any other error
+ ;; reported by the operating system.
+ (let ((buf (catch 'system-error
+ (lambda ()
+ (call-with-input-file "/dev/hwrng"
+ (lambda (hwrng)
+ (get-bytevector-n hwrng 512))))
+ ;; Silence is golden...
+ (const #f))))
+ (when buf
+ (call-with-output-file "/dev/urandom"
+ (lambda (urandom)
+ (put-bytevector urandom buf)))))
+
;; Immediately refresh the seed in case the system doesn't
;; shut down cleanly.
(call-with-input-file "/dev/urandom"
diff --git a/gnu/tests/web.scm b/gnu/tests/web.scm
index f1214fb5fd..336f25b3c7 100644
--- a/gnu/tests/web.scm
+++ b/gnu/tests/web.scm
@@ -154,7 +154,7 @@ echo(\"Computed by php:\".((string)(2+3)));
(root "/srv")
(locations
(list (nginx-php-location)))
- (listen "8042")
+ (listen '("8042"))
(ssl-certificate #f)
(ssl-certificate-key #f))))