diff options
author | Mark H Weaver <mhw@netris.org> | 2016-07-28 14:13:26 -0400 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2016-07-28 14:13:26 -0400 |
commit | 622c22ccb494de789588491ad94111f7a0311ddb (patch) | |
tree | 286bb111ae2488eaef62afaf3817fcfc1c2e5cc6 | |
parent | 212163f8d5d51f436490d47dc37afd5052560197 (diff) | |
parent | ae46cd0e4cfb1f06d099b2cda1f9e702e86c90e9 (diff) | |
download | guix-622c22ccb494de789588491ad94111f7a0311ddb.tar guix-622c22ccb494de789588491ad94111f7a0311ddb.tar.gz |
Merge branch 'master' into core-updates
-rw-r--r-- | doc/contributing.texi | 28 | ||||
-rw-r--r-- | gnu/local.mk | 6 | ||||
-rw-r--r-- | gnu/packages.scm | 3 | ||||
-rw-r--r-- | gnu/packages/commencement.scm | 4 | ||||
-rw-r--r-- | gnu/packages/gd.scm | 10 | ||||
-rw-r--r-- | gnu/packages/gnome.scm | 2 | ||||
-rw-r--r-- | gnu/packages/patches/gd-CVE-2016-5766.patch | 81 | ||||
-rw-r--r-- | gnu/packages/patches/gd-CVE-2016-6128.patch | 253 | ||||
-rw-r--r-- | gnu/packages/patches/gd-CVE-2016-6132.patch | 55 | ||||
-rw-r--r-- | gnu/packages/patches/gd-CVE-2016-6214.patch | 66 | ||||
-rw-r--r-- | gnu/packages/patches/gd-fix-test-on-i686.patch | 34 | ||||
-rw-r--r-- | gnu/packages/patches/gd-fix-tests-on-i686.patch | 61 | ||||
-rw-r--r-- | gnu/packages/terminals.scm | 38 | ||||
-rw-r--r-- | guix/packages.scm | 15 | ||||
-rw-r--r-- | tests/packages.scm | 18 |
15 files changed, 171 insertions, 503 deletions
diff --git a/doc/contributing.texi b/doc/contributing.texi index c0755bb895..18d891db4e 100644 --- a/doc/contributing.texi +++ b/doc/contributing.texi @@ -289,6 +289,20 @@ Make sure the package builds on your platform, using @code{guix build @var{package}}. @item +@cindex bundling +Make sure the package does not use bundled copies of software already +available as separate packages. + +Sometimes, packages include copies of the source code of their +dependencies as a convenience for users. However, as a distribution, we +want to make sure that such packages end up using the copy we already +have in the distribution, if there is one. This improves resource usage +(the dependency is built and stored only once), and allows the +distribution to make transverse changes such as applying security +updates for a given software package in a single place and have them +affect the whole system---something that bundled copies prevent. + +@item Take a look at the profile reported by @command{guix size} (@pxref{Invoking guix size}). This will allow you to notice references to other packages unwillingly retained. It may also help determine @@ -300,6 +314,13 @@ For important changes, check that dependent package (if applicable) are not affected by the change; @code{guix refresh --list-dependent @var{package}} will help you do that (@pxref{Invoking guix refresh}). +Packages with roughly 100 dependents or more usually have to be +committed to a separate branch. That branch can then be built +separately by our build farm, and later merged into @code{master} once +everything has been successfully built. This allows us to fix issues +before they hit users, and to reduce the window during which pre-built +binaries are not available. + @item @cindex determinism, of build processes @cindex reproducible builds, checking @@ -333,6 +354,13 @@ referring to people, such as @uref{https://en.wikipedia.org/wiki/Singular_they, singular ``they''@comma{} ``their''@comma{} ``them''}, and so forth. +@item +Verify that your patch contains only one set of related changes. +Bundling unrelated changes together makes reviewing harder and slower. + +Examples of unrelated changes include the addition of several packages, +or a package update along with fixes to that package. + @end enumerate When posting a patch to the mailing list, use @samp{[PATCH] @dots{}} as diff --git a/gnu/local.mk b/gnu/local.mk index 91e90706c2..27b8ae9551 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -513,11 +513,7 @@ dist_patch_DATA = \ %D%/packages/patches/gcc-cross-environment-variables.patch \ %D%/packages/patches/gcc-libvtv-runpath.patch \ %D%/packages/patches/gcc-5.0-libvtv-runpath.patch \ - %D%/packages/patches/gd-CVE-2016-5766.patch \ - %D%/packages/patches/gd-CVE-2016-6128.patch \ - %D%/packages/patches/gd-CVE-2016-6132.patch \ - %D%/packages/patches/gd-CVE-2016-6214.patch \ - %D%/packages/patches/gd-fix-test-on-i686.patch \ + %D%/packages/patches/gd-fix-tests-on-i686.patch \ %D%/packages/patches/gegl-CVE-2012-4433.patch \ %D%/packages/patches/geoclue-config.patch \ %D%/packages/patches/ghostscript-CVE-2015-3228.patch \ diff --git a/gnu/packages.scm b/gnu/packages.scm index 9496a270eb..68a9eef2ad 100644 --- a/gnu/packages.scm +++ b/gnu/packages.scm @@ -200,7 +200,8 @@ same package twice." (fold2 (lambda (module result seen) (fold2 (lambda (var result seen) (if (and (package? var) - (not (vhash-assq var seen))) + (not (vhash-assq var seen)) + (not (hidden-package? var))) (values (proc var result) (vhash-consq var #t seen)) (values result seen))) diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm index 8c82644cc6..cce831bfb6 100644 --- a/gnu/packages/commencement.scm +++ b/gnu/packages/commencement.scm @@ -693,8 +693,10 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%" ,@(alist-delete "bash" %boot3-inputs))) (define-public guile-final + ;; This package must be public because other modules refer to it. However, + ;; mark it as hidden so that 'fold-packages' ignores it. (package-with-bootstrap-guile - (package-with-explicit-inputs guile-2.0/fixed + (package-with-explicit-inputs (hidden-package guile-2.0/fixed) %boot4-inputs (current-source-location) #:guile %bootstrap-guile))) diff --git a/gnu/packages/gd.scm b/gnu/packages/gd.scm index 3313ee68f2..153e1c7f8b 100644 --- a/gnu/packages/gd.scm +++ b/gnu/packages/gd.scm @@ -40,21 +40,17 @@ ;; Note: With libgd.org now pointing to github.com, genuine old ;; tarballs are no longer available. Notably, versions 2.0.x are ;; missing. - (version "2.2.2") + (version "2.2.3") (source (origin (method url-fetch) (uri (string-append "https://github.com/libgd/libgd/releases/download/gd-" version "/libgd-" version ".tar.xz")) - (patches (search-patches "gd-fix-test-on-i686.patch" - "gd-CVE-2016-5766.patch" - "gd-CVE-2016-6128.patch" - "gd-CVE-2016-6132.patch" - "gd-CVE-2016-6214.patch")) (sha256 (base32 - "1311g5mva2xlzqv3rjqjc4jjkn5lzls4skvr395h633zw1n7b7s8")))) + "0g3xz8jpz1pl2zzmssglrpa9nxiaa7rmcmvgpbrjz8k9cyynqsvl")) + (patches (search-patches "gd-fix-tests-on-i686.patch")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index 318a04d403..b2f46959e6 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -19,6 +19,7 @@ ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org> ;;; Copyright © 2016 Roel Janssen <roel@gnu.org> ;;; Copyright © 2016 Leo Famulari <leo@famulari.name> +;;; Copyright © 2016 Alex Griffin <a@ajgrf.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -5014,6 +5015,7 @@ software that do not provide their own configuration interface.") ("eog" ,eog) ("epiphany" ,epiphany) ("evince" ,evince) + ("file-roller" ,file-roller) ("gedit" ,gedit) ("glib-networking" ,glib-networking) ("gnome-backgrounds" ,gnome-backgrounds) diff --git a/gnu/packages/patches/gd-CVE-2016-5766.patch b/gnu/packages/patches/gd-CVE-2016-5766.patch deleted file mode 100644 index 400cb0ab48..0000000000 --- a/gnu/packages/patches/gd-CVE-2016-5766.patch +++ /dev/null @@ -1,81 +0,0 @@ -Fix CVE-2016-5766 (Integer Overflow in _gd2GetHeader() resulting in heap -overflow). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5766 - -Adapted from upstream commits: -https://github.com/libgd/libgd/commit/aba3db8ba159465ecec1089027a24835a6da9cc0 -https://github.com/libgd/libgd/commit/a6a0e7feabb2a9738086a5dc96348f233c87fa79 - -Since `patch` cannot apply Git binary diffs, we omit the addition of -'tests/gd2/php_bug_72339.c' and its associated binary data. - -From aba3db8ba159465ecec1089027a24835a6da9cc0 Mon Sep 17 00:00:00 2001 -From: Pierre Joye <pierre.php@gmail.com> -Date: Tue, 28 Jun 2016 16:23:42 +0700 -Subject: [PATCH] fix php bug 72339 (CVE-2016-5766), Integer Overflow in - _gd2GetHeader() resulting in heap overflow - ---- - src/gd_gd2.c | 5 ++++- - tests/gd2/CMakeLists.txt | 1 + - tests/gd2/Makemodule.am | 6 ++++-- - tests/gd2/php_bug_72339.c | 21 +++++++++++++++++++++ - tests/gd2/php_bug_72339_exp.gd2 | Bin 0 -> 67108882 bytes - 5 files changed, 30 insertions(+), 3 deletions(-) - create mode 100644 tests/gd2/php_bug_72339.c - create mode 100644 tests/gd2/php_bug_72339_exp.gd2 - -diff --git a/src/gd_gd2.c b/src/gd_gd2.c -index fd1e0c9..bdbbecf 100644 ---- a/src/gd_gd2.c -+++ b/src/gd_gd2.c -@@ -154,8 +154,11 @@ _gd2GetHeader (gdIOCtxPtr in, int *sx, int *sy, - nc = (*ncx) * (*ncy); - GD2_DBG (printf ("Reading %d chunk index entries\n", nc)); - sidx = sizeof (t_chunk_info) * nc; -+ if (overflow2(sidx, nc)) { -+ goto fail1; -+ } - cidx = gdCalloc (sidx, 1); -- if (!cidx) { -+ if (cidx == NULL) { - goto fail1; - } - for (i = 0; i < nc; i++) { -From a6a0e7feabb2a9738086a5dc96348f233c87fa79 Mon Sep 17 00:00:00 2001 -From: Pierre Joye <pierre.php@gmail.com> -Date: Wed, 29 Jun 2016 09:36:26 +0700 -Subject: [PATCH] fix php bug 72339 (CVE-2016-5766), Integer Overflow in - _gd2GetHeader() resulting in heap overflow. Sync with php's sync - ---- - src/gd_gd2.c | 7 ++++++- - tests/gd2/php_bug_72339.c | 2 +- - 2 files changed, 7 insertions(+), 2 deletions(-) - -diff --git a/src/gd_gd2.c b/src/gd_gd2.c -index bdbbecf..2837456 100644 ---- a/src/gd_gd2.c -+++ b/src/gd_gd2.c -@@ -152,11 +152,16 @@ _gd2GetHeader (gdIOCtxPtr in, int *sx, int *sy, - - if (gd2_compressed (*fmt)) { - nc = (*ncx) * (*ncy); -+ - GD2_DBG (printf ("Reading %d chunk index entries\n", nc)); -+ if (overflow2(sizeof(t_chunk_info), nc)) { -+ goto fail1; -+ } - sidx = sizeof (t_chunk_info) * nc; -- if (overflow2(sidx, nc)) { -+ if (sidx <= 0) { - goto fail1; - } -+ - cidx = gdCalloc (sidx, 1); - if (cidx == NULL) { - goto fail1; --- -2.9.1 - diff --git a/gnu/packages/patches/gd-CVE-2016-6128.patch b/gnu/packages/patches/gd-CVE-2016-6128.patch deleted file mode 100644 index 45ee6b0cfa..0000000000 --- a/gnu/packages/patches/gd-CVE-2016-6128.patch +++ /dev/null @@ -1,253 +0,0 @@ -Fix CVE-2016-6128 (invalid color index is not properly handled leading -to denial of service). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6128 - -Copied from upstream commits: -https://github.com/libgd/libgd/compare/3fe0a7128bac5000fdcfab888bd2a75ec0c9447d...fd623025505e87bba7ec8555eeb72dae4fb0afd - -From 1ccfe21e14c4d18336f9da8515cd17db88c3de61 Mon Sep 17 00:00:00 2001 -From: Pierre Joye <pierre.php@gmail.com> -Date: Mon, 27 Jun 2016 11:17:39 +0700 -Subject: [PATCH 1/8] fix php 72494, invalid color index not handled, can lead - to crash - ---- - src/gd_crop.c | 4 ++++ - tests/CMakeLists.txt | 1 + - tests/Makefile.am | 1 + - 3 files changed, 6 insertions(+) - -diff --git a/src/gd_crop.c b/src/gd_crop.c -index 0296633..532b49b 100644 ---- a/src/gd_crop.c -+++ b/src/gd_crop.c -@@ -136,6 +136,10 @@ BGD_DECLARE(gdImagePtr) gdImageCropThreshold(gdImagePtr im, const unsigned int c - return NULL; - } - -+ if (color < 0 || (!gdImageTrueColor(im) && color >= gdImageColorsTotal(im))) { -+ return NULL; -+ } -+ - /* TODO: Add gdImageGetRowPtr and works with ptr at the row level - * for the true color and palette images - * new formats will simply work with ptr -diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt -index 6f5c786..5093d52 100644 ---- a/tests/CMakeLists.txt -+++ b/tests/CMakeLists.txt -@@ -31,6 +31,7 @@ if (BUILD_TEST) - gdimagecolortransparent - gdimagecopy - gdimagecopyrotated -+ gdimagecrop - gdimagefile - gdimagefill - gdimagefilledellipse -diff --git a/tests/Makefile.am b/tests/Makefile.am -index 4f6e756..5a0ebe8 100644 ---- a/tests/Makefile.am -+++ b/tests/Makefile.am -@@ -25,6 +25,7 @@ include gdimagecolorresolve/Makemodule.am - include gdimagecolortransparent/Makemodule.am - include gdimagecopy/Makemodule.am - include gdimagecopyrotated/Makemodule.am -+include gdimagecrop/Makemodule.am - include gdimagefile/Makemodule.am - include gdimagefill/Makemodule.am - include gdimagefilledellipse/Makemodule.am --- -2.9.1 - -From 8c9f39c7cb1f62ea00bc7a48aff64d3811c2d6d0 Mon Sep 17 00:00:00 2001 -From: Pierre Joye <pierre.php@gmail.com> -Date: Mon, 27 Jun 2016 11:20:07 +0700 -Subject: [PATCH 2/8] fix php 72494, invalid color index not handled, can lead - to crash - ---- - tests/gdimagecrop/.gitignore | 1 + - 1 file changed, 1 insertion(+) - create mode 100644 tests/gdimagecrop/.gitignore - -diff --git a/tests/gdimagecrop/.gitignore b/tests/gdimagecrop/.gitignore -new file mode 100644 -index 0000000..8e8c9c3 ---- /dev/null -+++ b/tests/gdimagecrop/.gitignore -@@ -0,0 +1 @@ -+/php_bug_72494 --- -2.9.1 - -From 8de370b7b6263a02268037a7cd13ddd991b43ea9 Mon Sep 17 00:00:00 2001 -From: Pierre Joye <pierre.php@gmail.com> -Date: Mon, 27 Jun 2016 11:24:50 +0700 -Subject: [PATCH 3/8] fix php 72494, invalid color index not handled, can lead - to crash - ---- - tests/gdimagecrop/CMakeLists.txt | 5 +++++ - 1 file changed, 5 insertions(+) - create mode 100644 tests/gdimagecrop/CMakeLists.txt - -diff --git a/tests/gdimagecrop/CMakeLists.txt b/tests/gdimagecrop/CMakeLists.txt -new file mode 100644 -index 0000000..f7e4c7e ---- /dev/null -+++ b/tests/gdimagecrop/CMakeLists.txt -@@ -0,0 +1,5 @@ -+SET(TESTS_FILES -+ php_bug_72494 -+) -+ -+ADD_GD_TESTS() --- -2.9.1 - -From bca12e4e11ecda8a0ea719472700ad5c2b36a0d6 Mon Sep 17 00:00:00 2001 -From: Pierre Joye <pierre.php@gmail.com> -Date: Mon, 27 Jun 2016 11:25:12 +0700 -Subject: [PATCH 4/8] fix php 72494, invalid color index not handled, can lead - to crash - ---- - tests/gdimagecrop/Makemodule.am | 5 +++++ - 1 file changed, 5 insertions(+) - create mode 100644 tests/gdimagecrop/Makemodule.am - -diff --git a/tests/gdimagecrop/Makemodule.am b/tests/gdimagecrop/Makemodule.am -new file mode 100644 -index 0000000..210888b ---- /dev/null -+++ b/tests/gdimagecrop/Makemodule.am -@@ -0,0 +1,5 @@ -+libgd_test_programs += \ -+ gdimagecrop/php_bug_72494 -+ -+EXTRA_DIST += \ -+ gdimagecrop/CMakeLists.txt --- -2.9.1 - -From 6ff72ae40c7c20ece939afb362d98cc37f4a1c96 Mon Sep 17 00:00:00 2001 -From: Pierre Joye <pierre.php@gmail.com> -Date: Mon, 27 Jun 2016 11:25:40 +0700 -Subject: [PATCH 5/8] fix php 72494, invalid color index not handled, can lead - to crash - ---- - tests/gdimagecrop/php_bug_72494.c | 23 +++++++++++++++++++++++ - 1 file changed, 23 insertions(+) - create mode 100644 tests/gdimagecrop/php_bug_72494.c - -diff --git a/tests/gdimagecrop/php_bug_72494.c b/tests/gdimagecrop/php_bug_72494.c -new file mode 100644 -index 0000000..adaa379 ---- /dev/null -+++ b/tests/gdimagecrop/php_bug_72494.c -@@ -0,0 +1,23 @@ -+#include <stdio.h> -+#include <stdlib.h> -+#include "gd.h" -+ -+#include "gdtest.h" -+ -+int main() -+{ -+ gdImagePtr im, exp; -+ int error = 0; -+ -+ im = gdImageCreate(50, 50); -+ -+ if (!im) { -+ gdTestErrorMsg("gdImageCreate failed.\n"); -+ return 1; -+ } -+ -+ gdImageCropThreshold(im, 1337, 0); -+ gdImageDestroy(im); -+ /* this bug tests a crash, it never reaches this point if the bug exists*/ -+ return 0; -+} --- -2.9.1 - -From a0f9f8f7bd0d3a6c6afd6d180b8e75d93aadddfa Mon Sep 17 00:00:00 2001 -From: Pierre Joye <pierre.php@gmail.com> -Date: Mon, 27 Jun 2016 11:38:07 +0700 -Subject: [PATCH 6/8] fix php 72494, CID 149753, color is unsigned int, remove - useless <0 comparison - ---- - src/gd_crop.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/gd_crop.c b/src/gd_crop.c -index 532b49b..d51ad67 100644 ---- a/src/gd_crop.c -+++ b/src/gd_crop.c -@@ -136,7 +136,7 @@ BGD_DECLARE(gdImagePtr) gdImageCropThreshold(gdImagePtr im, const unsigned int c - return NULL; - } - -- if (color < 0 || (!gdImageTrueColor(im) && color >= gdImageColorsTotal(im))) { -+ if (!gdImageTrueColor(im) && color >= gdImageColorsTotal(im)) { - return NULL; - } - --- -2.9.1 - -From 907115fbb980862934d0de91af4977a216745039 Mon Sep 17 00:00:00 2001 -From: Pierre Joye <pierre.php@gmail.com> -Date: Mon, 27 Jun 2016 11:51:40 +0700 -Subject: [PATCH 7/8] fix php 72494, CID 149753, color is unsigned int, remove - useless <0 comparison - ---- - tests/gdimagecrop/php_bug_72494.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tests/gdimagecrop/php_bug_72494.c b/tests/gdimagecrop/php_bug_72494.c -index adaa379..5cb589b 100644 ---- a/tests/gdimagecrop/php_bug_72494.c -+++ b/tests/gdimagecrop/php_bug_72494.c -@@ -6,7 +6,7 @@ - - int main() - { -- gdImagePtr im, exp; -+ gdImagePtr im; - int error = 0; - - im = gdImageCreate(50, 50); --- -2.9.1 - -From fd623025505e87bba7ec8555eeb72dae4fb0afdc Mon Sep 17 00:00:00 2001 -From: Pierre Joye <pierre.php@gmail.com> -Date: Mon, 27 Jun 2016 12:04:25 +0700 -Subject: [PATCH 8/8] fix php 72494, CID 149753, color is unsigned int, remove - useless <0 comparison - ---- - tests/gdimagecrop/php_bug_72494.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/tests/gdimagecrop/php_bug_72494.c b/tests/gdimagecrop/php_bug_72494.c -index 5cb589b..3bd19be 100644 ---- a/tests/gdimagecrop/php_bug_72494.c -+++ b/tests/gdimagecrop/php_bug_72494.c -@@ -7,7 +7,6 @@ - int main() - { - gdImagePtr im; -- int error = 0; - - im = gdImageCreate(50, 50); - --- -2.9.1 - diff --git a/gnu/packages/patches/gd-CVE-2016-6132.patch b/gnu/packages/patches/gd-CVE-2016-6132.patch deleted file mode 100644 index 4c475b71b2..0000000000 --- a/gnu/packages/patches/gd-CVE-2016-6132.patch +++ /dev/null @@ -1,55 +0,0 @@ -Fix CVE-2016-6132 (read out-of-bounds when parsing TGA files). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6132 - -Copied from upstream commit: -https://github.com/libgd/libgd/commit/ead349e99868303b37f5e6e9d9d680c9dc71ff8d - -From ead349e99868303b37f5e6e9d9d680c9dc71ff8d Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org> -Date: Tue, 12 Jul 2016 11:24:09 +0200 -Subject: [PATCH] Fix #247, A read out-of-bands was found in the parsing of TGA - files (CVE-2016-6132) - ---- - src/gd_tga.c | 13 +++++++++++-- - 1 file changed, 11 insertions(+), 2 deletions(-) - -diff --git a/src/gd_tga.c b/src/gd_tga.c -index ef20f86..20fe2d2 100644 ---- a/src/gd_tga.c -+++ b/src/gd_tga.c -@@ -237,7 +237,11 @@ int read_image_tga( gdIOCtx *ctx, oTga *tga ) - return -1; - } - -- gdGetBuf(conversion_buffer, image_block_size, ctx); -+ if (gdGetBuf(conversion_buffer, image_block_size, ctx) != image_block_size) { -+ gd_error("gd-tga: premature end of image data\n"); -+ gdFree(conversion_buffer); -+ return -1; -+ } - - while (buffer_caret < image_block_size) { - tga->bitmap[buffer_caret] = (int) conversion_buffer[buffer_caret]; -@@ -257,11 +261,16 @@ int read_image_tga( gdIOCtx *ctx, oTga *tga ) - } - conversion_buffer = (unsigned char *) gdMalloc(image_block_size * sizeof(unsigned char)); - if (conversion_buffer == NULL) { -+ gd_error("gd-tga: premature end of image data\n"); - gdFree( decompression_buffer ); - return -1; - } - -- gdGetBuf( conversion_buffer, image_block_size, ctx ); -+ if (gdGetBuf(conversion_buffer, image_block_size, ctx) != image_block_size) { -+ gdFree(conversion_buffer); -+ gdFree(decompression_buffer); -+ return -1; -+ } - - buffer_caret = 0; - --- -2.9.1 - diff --git a/gnu/packages/patches/gd-CVE-2016-6214.patch b/gnu/packages/patches/gd-CVE-2016-6214.patch deleted file mode 100644 index 7894a32bb1..0000000000 --- a/gnu/packages/patches/gd-CVE-2016-6214.patch +++ /dev/null @@ -1,66 +0,0 @@ -Fix CVE-2016-6214 (read out-of-bounds when parsing TGA files). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6214 - -Adapted from upstream commit: -https://github.com/libgd/libgd/commit/341aa68843ceceae9ba6e083431f14a07bd92308 - -Since `patch` cannot apply Git binary diffs, we omit the addition of -'tests/tga/bug00247a.c' and its associated binary data. - -From 341aa68843ceceae9ba6e083431f14a07bd92308 Mon Sep 17 00:00:00 2001 -From: "Christoph M. Becker" <cmbecker69@gmx.de> -Date: Tue, 12 Jul 2016 19:23:13 +0200 -Subject: [PATCH] Unsupported TGA bpp/alphabit combinations should error - gracefully - -Currently, only 24bpp without alphabits and 32bpp with 8 alphabits are -really supported. All other combinations will be rejected with a warning. - -(cherry picked from commit cb1a0b7e54e9aa118270c23a4a6fe560e4590dc9) ---- - src/gd_tga.c | 16 ++++++---------- - tests/tga/.gitignore | 1 + - tests/tga/CMakeLists.txt | 1 + - tests/tga/Makemodule.am | 4 +++- - tests/tga/bug00247a.c | 19 +++++++++++++++++++ - tests/tga/bug00247a.tga | Bin 0 -> 36 bytes - 6 files changed, 30 insertions(+), 11 deletions(-) - create mode 100644 tests/tga/bug00247a.c - create mode 100644 tests/tga/bug00247a.tga - -diff --git a/src/gd_tga.c b/src/gd_tga.c -index 20fe2d2..b4f8fa6 100644 ---- a/src/gd_tga.c -+++ b/src/gd_tga.c -@@ -99,7 +99,7 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromTgaCtx(gdIOCtx* ctx) - if (tga->bits == TGA_BPP_24) { - *tpix = gdTrueColor(tga->bitmap[bitmap_caret + 2], tga->bitmap[bitmap_caret + 1], tga->bitmap[bitmap_caret]); - bitmap_caret += 3; -- } else if (tga->bits == TGA_BPP_32 || tga->alphabits) { -+ } else if (tga->bits == TGA_BPP_32 && tga->alphabits) { - register int a = tga->bitmap[bitmap_caret + 3]; - - *tpix = gdTrueColorAlpha(tga->bitmap[bitmap_caret + 2], tga->bitmap[bitmap_caret + 1], tga->bitmap[bitmap_caret], gdAlphaMax - (a >> 1)); -@@ -159,16 +159,12 @@ int read_header_tga(gdIOCtx *ctx, oTga *tga) - printf("wxh: %i %i\n", tga->width, tga->height); - #endif - -- switch(tga->bits) { -- case 8: -- case 16: -- case 24: -- case 32: -- break; -- default: -- gd_error("bps %i not supported", tga->bits); -+ if (!((tga->bits == TGA_BPP_24 && tga->alphabits == 0) -+ || (tga->bits == TGA_BPP_32 && tga->alphabits == 8))) -+ { -+ gd_error_ex(GD_WARNING, "gd-tga: %u bits per pixel with %u alpha bits not supported\n", -+ tga->bits, tga->alphabits); - return -1; -- break; - } - - tga->ident = NULL; diff --git a/gnu/packages/patches/gd-fix-test-on-i686.patch b/gnu/packages/patches/gd-fix-test-on-i686.patch deleted file mode 100644 index 6dd2e0fb03..0000000000 --- a/gnu/packages/patches/gd-fix-test-on-i686.patch +++ /dev/null @@ -1,34 +0,0 @@ -Disable part of the gdimagerotate test on architectures such as i686 -where intermediate floating-point operations are done with 80-bit long -doubles, and typically later rounded to 64-bit doubles. This double -rounding causes small differences in the resulting pixel values -compared with other architectures, causing the image comparison to -fail. - -Patch by Mark H Weaver <mhw@netris.org>. - ---- libgd-2.2.2/tests/gdimagerotate/bug00067.c 1969-12-31 19:00:00.000000000 -0500 -+++ libgd-2.2.2/tests/gdimagerotate/bug00067.c 2016-07-18 12:19:19.885423132 -0400 -@@ -1,5 +1,6 @@ - #include <stdio.h> - #include <stdlib.h> -+#include <float.h> - #include "gd.h" - - #include "gdtest.h" -@@ -41,6 +42,7 @@ - return 1; - } - -+#if FLT_EVAL_METHOD != 2 - sprintf(filename, "bug00067_%03d_exp.png", angle); - path = gdTestFilePath2("gdimagerotate", filename); - if (!gdAssertImageEqualsToFile(path, exp)) { -@@ -48,6 +50,7 @@ - error += 1; - } - free(path); -+#endif - - gdImageDestroy(exp); - } diff --git a/gnu/packages/patches/gd-fix-tests-on-i686.patch b/gnu/packages/patches/gd-fix-tests-on-i686.patch new file mode 100644 index 0000000000..8db64e6aaf --- /dev/null +++ b/gnu/packages/patches/gd-fix-tests-on-i686.patch @@ -0,0 +1,61 @@ +Disable some image comparison tests on architectures such as i686 +where intermediate floating-point operations are done with 80-bit long +doubles, and typically later rounded to 64-bit doubles. This double +rounding causes small differences in the resulting pixel values +compared with other architectures, causing the image comparisons to +fail. + +Patch by Mark H Weaver <mhw@netris.org>. + +--- libgd-2.2.3/tests/gdimagerotate/bug00067.c 2016-06-18 05:42:16.000000000 -0400 ++++ libgd-2.2.3/tests/gdimagerotate/bug00067.c 2016-07-28 13:43:48.470767178 -0400 +@@ -1,5 +1,6 @@ + #include <stdio.h> + #include <stdlib.h> ++#include <float.h> + #include "gd.h" + + #include "gdtest.h" +@@ -43,7 +44,7 @@ + + sprintf(filename, "bug00067_%03d_exp.png", angle); + path = gdTestFilePath2("gdimagerotate", filename); +- if (!gdAssertImageEqualsToFile(path, exp)) { ++ if (FLT_EVAL_METHOD != 2 && !gdAssertImageEqualsToFile(path, exp)) { + gdTestErrorMsg("comparing rotated image to %s failed.\n", path); + error += 1; + } +--- libgd-2.2.3/tests/gdimagecopyresampled/bug00201.c 2016-07-21 04:06:42.000000000 -0400 ++++ libgd-2.2.3/tests/gdimagecopyresampled/bug00201.c 2016-07-28 13:56:46.021447064 -0400 +@@ -1,3 +1,4 @@ ++#include <float.h> + #include "gd.h" + #include "gdtest.h" + +@@ -65,7 +66,7 @@ + gdImageDestroy(background); + gdImageDestroy(scaled_logo); + +- gdAssertImageEqualsToFile("gdimagecopyresampled/bug00201_exp.png", img); ++ FLT_EVAL_METHOD != 2 && gdAssertImageEqualsToFile("gdimagecopyresampled/bug00201_exp.png", img); + gdImageDestroy(img); + return gdNumFailures(); + } +--- libgd-2.2.3/tests/gdimagecopyresampled/basic_alpha.c 2016-07-21 04:06:42.000000000 -0400 ++++ libgd-2.2.3/tests/gdimagecopyresampled/basic_alpha.c 2016-07-28 13:57:18.857831608 -0400 +@@ -1,5 +1,6 @@ + /* Testing basic gdImageCopyResampled() functionality with alpha channel */ + ++#include <float.h> + #include "gd.h" + #include "gdtest.h" + +@@ -33,7 +34,7 @@ + gdImageCopyResampled(copy, im, 0,0, 0,0, 200,200, 400,300); + gdImageDestroy(im); + +- gdAssertImageEqualsToFile("gdimagecopyresampled/basic_alpha_exp.png", copy); ++ FLT_EVAL_METHOD != 2 && gdAssertImageEqualsToFile("gdimagecopyresampled/basic_alpha_exp.png", copy); + + gdImageDestroy(copy); + return gdNumFailures(); diff --git a/gnu/packages/terminals.scm b/gnu/packages/terminals.scm index ee36f64354..98f0060c0d 100644 --- a/gnu/packages/terminals.scm +++ b/gnu/packages/terminals.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2015 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016 Mckinley Olsen <mck.olsen@gmail.com> +;;; Copyright © 2016 Alex Griffin <a@ajgrf.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -21,6 +22,7 @@ #:use-module ((guix licenses) #:prefix license:) #:use-module (guix build utils) #:use-module (guix build-system gnu) + #:use-module (guix build-system python) #:use-module (guix download) #:use-module (guix git-download) #:use-module (guix packages) @@ -30,6 +32,7 @@ #:use-module (gnu packages gnome) #:use-module (gnu packages gtk) #:use-module (gnu packages pkg-config) + #:use-module (gnu packages python) #:use-module (gnu packages wm) #:use-module (gnu packages ncurses) #:use-module (gnu packages gtk) @@ -121,3 +124,38 @@ insert mode and command mode where keybindings have different functions.") ;; Files under util/ are under the Expat license; the rest is LGPLv2+. (license license:lgpl2.0+))) + +(define-public asciinema + (package + (name "asciinema") + (version "1.3.0") + (source + (origin + (method url-fetch) + (uri (string-append + "https://pypi.python.org/packages/06/96/93947d9be78aebb7985014fdf" + "4d84896dd0f62514d922ee03f5bb55a21fb/asciinema-" version + ".tar.gz")) + (sha256 + (base32 + "1crdm9zfdbjflvz1gsqvy5zsbgwdfkj34z69kg6h5by70rrs1hdc")))) + (build-system python-build-system) + (arguments + `(#:phases + (modify-phases %standard-phases + (add-before 'build 'patch-exec-paths + (lambda* (#:key inputs #:allow-other-keys) + (let ((ncurses (assoc-ref inputs "ncurses"))) + (substitute* "asciinema/recorder.py" + (("'tput'") + (string-append "'" ncurses "/bin/tput'")))) + #t))))) + (inputs `(("ncurses" ,ncurses) + ("python-setuptools" ,python-setuptools))) + (home-page "https://asciinema.org") + (synopsis "Terminal session recorder") + (description + "Use asciinema to record and share your terminal sessions, the right way. +Forget screen recording apps and blurry video. Enjoy a lightweight, purely +text-based approach to terminal recording.") + (license license:gpl3))) diff --git a/guix/packages.scm b/guix/packages.scm index bfb4c557ab..3646b9ba13 100644 --- a/guix/packages.scm +++ b/guix/packages.scm @@ -81,6 +81,8 @@ package-maintainers package-properties package-location + hidden-package + hidden-package? package-field-location package-direct-sources @@ -290,6 +292,19 @@ name of its URI." package) 16))))) +(define (hidden-package p) + "Return a \"hidden\" version of P--i.e., one that 'fold-packages' and thus, +user interfaces, ignores." + (package + (inherit p) + (properties `((hidden? . #t) + ,@(package-properties p))))) + +(define (hidden-package? p) + "Return true if P is \"hidden\"--i.e., must not be visible to user +interfaces." + (assoc-ref (package-properties p) 'hidden?)) + (define (package-field-location package field) "Return the source code location of the definition of FIELD for PACKAGE, or #f if it could not be determined." diff --git a/tests/packages.scm b/tests/packages.scm index fc75e38730..e9c8690730 100644 --- a/tests/packages.scm +++ b/tests/packages.scm @@ -79,6 +79,10 @@ (write (dummy-package "foo" (location #f))))))) +(test-assert "hidden-package" + (and (hidden-package? (hidden-package (dummy-package "foo"))) + (not (hidden-package? (dummy-package "foo"))))) + (test-assert "package-field-location" (let () (define (goto port line column) @@ -745,6 +749,20 @@ r)) #f)) +(test-assert "fold-packages, hidden package" + ;; There are two public variables providing "guile@2.0" ('guile-final' in + ;; commencement.scm and 'guile-2.0/fixed' in guile.scm), but only the latter + ;; should show up. + (match (fold-packages (lambda (p r) + (if (and (string=? (package-name p) "guile") + (string-prefix? "2.0" + (package-version p))) + (cons p r) + r)) + '()) + ((one) + (eq? one guile-2.0/fixed)))) + (test-assert "find-packages-by-name" (match (find-packages-by-name "hello") (((? (cut eq? hello <>))) #t) |