aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2016-08-04 08:16:38 -0400
committerMark H Weaver <mhw@netris.org>2016-08-04 08:16:38 -0400
commit0832787e5c463c713d8f24fdec0f52900ff1c2bd (patch)
tree5ce20bef711d0d85a22cd041758278d7c176b0f3
parent5b098cc4b937c05d6f685772c66e2aa04490710a (diff)
downloadguix-0832787e5c463c713d8f24fdec0f52900ff1c2bd.tar
guix-0832787e5c463c713d8f24fdec0f52900ff1c2bd.tar.gz
Revert "Merge branch 'core-updates'"
This reverts commit 455859a50f88f625d13fc2f304111f02369b366b.
-rw-r--r--Makefile.am19
-rw-r--r--NEWS86
-rw-r--r--configure.ac5
-rw-r--r--doc/guix.texi6
-rw-r--r--gnu/local.mk21
-rw-r--r--gnu/packages/autotools.scm3
-rw-r--r--gnu/packages/backup.scm23
-rw-r--r--gnu/packages/base.scm243
-rw-r--r--gnu/packages/boost.scm80
-rw-r--r--gnu/packages/bootstrap.scm2
-rw-r--r--gnu/packages/c.scm2
-rw-r--r--gnu/packages/check.scm8
-rw-r--r--gnu/packages/cmake.scm112
-rw-r--r--gnu/packages/commencement.scm42
-rw-r--r--gnu/packages/compression.scm6
-rw-r--r--gnu/packages/conky.scm10
-rw-r--r--gnu/packages/cross-base.scm37
-rw-r--r--gnu/packages/cups.scm25
-rw-r--r--gnu/packages/databases.scm37
-rw-r--r--gnu/packages/dico.scm5
-rw-r--r--gnu/packages/ed.scm16
-rw-r--r--gnu/packages/emacs.scm8
-rw-r--r--gnu/packages/engineering.scm3
-rw-r--r--gnu/packages/finance.scm4
-rw-r--r--gnu/packages/fonts.scm4
-rw-r--r--gnu/packages/fontutils.scm8
-rw-r--r--gnu/packages/games.scm9
-rw-r--r--gnu/packages/gcc.scm6
-rw-r--r--gnu/packages/gettext.scm4
-rw-r--r--gnu/packages/ghostscript.scm57
-rw-r--r--gnu/packages/gl.scm4
-rw-r--r--gnu/packages/gnupg.scm9
-rw-r--r--gnu/packages/gnuzilla.scm10
-rw-r--r--gnu/packages/graphics.scm4
-rw-r--r--gnu/packages/guile.scm3
-rw-r--r--gnu/packages/gv.scm4
-rw-r--r--gnu/packages/hurd.scm87
-rw-r--r--gnu/packages/ld-wrapper.in6
-rw-r--r--gnu/packages/linux.scm46
-rw-r--r--gnu/packages/lisp.scm2
-rw-r--r--gnu/packages/lout.scm5
-rw-r--r--gnu/packages/mail.scm9
-rw-r--r--gnu/packages/make-bootstrap.scm4
-rw-r--r--gnu/packages/maths.scm23
-rw-r--r--gnu/packages/mit-krb5.scm22
-rw-r--r--gnu/packages/multiprecision.scm4
-rw-r--r--gnu/packages/music.scm2
-rw-r--r--gnu/packages/netpbm.scm117
-rw-r--r--gnu/packages/ocaml.scm1
-rw-r--r--gnu/packages/openldap.scm28
-rw-r--r--gnu/packages/patches/automake-test-gzip-warning.patch17
-rw-r--r--gnu/packages/patches/dealii-p4est-interface.patch62
-rw-r--r--gnu/packages/patches/dico-idxgcide-bug.patch21
-rw-r--r--gnu/packages/patches/expat-CVE-2015-1283-refix.patch27
-rw-r--r--gnu/packages/patches/expat-CVE-2015-1283.patch89
-rw-r--r--gnu/packages/patches/glibc-CVE-2015-7547.patch559
-rw-r--r--gnu/packages/patches/glibc-hurd-extern-inline.patch35
-rw-r--r--gnu/packages/patches/glibc-locale-incompatibility.patch23
-rw-r--r--gnu/packages/patches/glibc-locales.patch6
-rw-r--r--gnu/packages/patches/libarchive-CVE-2013-0211.patch21
-rw-r--r--gnu/packages/patches/libarchive-CVE-2016-1541.patch67
-rw-r--r--gnu/packages/patches/libarchive-bsdtar-test.patch74
-rw-r--r--gnu/packages/patches/libarchive-fix-lzo-test-case.patch83
-rw-r--r--gnu/packages/patches/libarchive-mtree-filename-length-fix.patch18
-rw-r--r--gnu/packages/patches/libpthread-glibc-preparation.patch146
-rw-r--r--gnu/packages/patches/libxslt-CVE-2015-7995.patch29
-rw-r--r--gnu/packages/patches/libxslt-generated-ids.patch173
-rw-r--r--gnu/packages/patches/mit-krb5-CVE-2015-8629.patch51
-rw-r--r--gnu/packages/patches/mit-krb5-CVE-2015-8630.patch81
-rw-r--r--gnu/packages/patches/mit-krb5-CVE-2015-8631.patch576
-rw-r--r--gnu/packages/patches/mit-krb5-init-context-null-spnego.patch49
-rw-r--r--gnu/packages/patches/procps-non-linux.patch40
-rw-r--r--gnu/packages/patches/rapicorn-isnan.patch87
-rw-r--r--gnu/packages/patches/tar-d_ino_in_dirent-fix.patch33
-rw-r--r--gnu/packages/pcre.scm19
-rw-r--r--gnu/packages/pdf.scm46
-rw-r--r--gnu/packages/perl.scm39
-rw-r--r--gnu/packages/plotutils.scm3
-rw-r--r--gnu/packages/pulseaudio.scm7
-rw-r--r--gnu/packages/python.scm124
-rw-r--r--gnu/packages/scheme.scm164
-rw-r--r--gnu/packages/skribilo.scm3
-rw-r--r--gnu/packages/swig.scm9
-rw-r--r--gnu/packages/tex.scm22
-rw-r--r--gnu/packages/texinfo.scm20
-rw-r--r--gnu/packages/tls.scm95
-rw-r--r--gnu/packages/version-control.scm7
-rw-r--r--gnu/packages/video.scm12
-rw-r--r--gnu/packages/web.scm2
-rw-r--r--gnu/packages/wine.scm4
-rw-r--r--gnu/packages/xdisorg.scm4
-rw-r--r--gnu/packages/xml.scm65
-rw-r--r--gnu/packages/xorg.scm25
-rw-r--r--gnu/packages/zsh.scm4
-rw-r--r--gnu/system/install.scm2
-rw-r--r--gnu/system/shadow.scm23
-rw-r--r--guix/build/download.scm3
-rw-r--r--guix/build/gnu-build-system.scm2
-rw-r--r--guix/download.scm7
-rw-r--r--m4/guix.m413
-rw-r--r--tests/guix-environment-container.sh11
101 files changed, 2820 insertions, 1563 deletions
diff --git a/Makefile.am b/Makefile.am
index 8bae85e144..d18e330797 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -102,7 +102,6 @@ MODULES = \
guix/build/rpath.scm \
guix/build/cvs.scm \
guix/build/svn.scm \
- guix/build/syscalls.scm \
guix/build/gremlin.scm \
guix/build/emacs-utils.scm \
guix/build/graft.scm \
@@ -159,6 +158,13 @@ MODULES += \
endif
+if BUILD_SYSCALLS_MODULE
+
+MODULES += \
+ guix/build/syscalls.scm
+
+endif
+
if BUILD_DAEMON_OFFLOAD
MODULES += \
@@ -379,6 +385,13 @@ EXTRA_DIST += \
endif !BUILD_DAEMON_OFFLOAD
+if !BUILD_SYSCALLS_MODULE
+
+EXTRA_DIST += \
+ guix/build/syscalls.scm
+
+endif !BUILD_SYSCALLS_MODULE
+
CLEANFILES = \
$(GOBJECTS) \
@@ -389,13 +402,11 @@ CLEANFILES = \
# there that are newer than the local .scm files (for instance because the
# user ran 'make install' recently). When that happens, we end up loading
# those previously-installed .go files, which may be stale, thereby breaking
-# the whole thing. Likewise, set 'XDG_CACHE_HOME' to avoid loading possibly
-# stale files from ~/.cache/guile/ccache.
+# the whole thing.
%.go: make-go ; @:
make-go: $(MODULES) guix/config.scm guix/tests.scm
$(AM_V_at)echo "Compiling Scheme modules..." ; \
unset GUILE_LOAD_COMPILED_PATH ; \
- XDG_CACHE_HOME=/nowhere \
host=$(host) srcdir="$(top_srcdir)" \
$(top_builddir)/pre-inst-env \
$(GUILE) -L "$(top_builddir)" -L "$(top_srcdir)" \
diff --git a/NEWS b/NEWS
index 3f5efef2e7..267c197c4a 100644
--- a/NEWS
+++ b/NEWS
@@ -14,94 +14,8 @@ Please send Guix bug reports to bug-guix@gnu.org.
** Package management
-*** Substitute display adjusts to client locale and terminal width
-*** New ‘--free-space’ option for ‘guix gc’
-*** ‘guix gc’ shows the amount of disk space freed
-*** Source code downloads fall back to content-addressed mirrors
-*** ‘guix graph’ can now be passed a store file name
-*** Building the profile is faster, noticeably so on slow file systems
-*** Profiles now include XDG desktop and MIME databases
-*** ‘guix size’ can be passed more than one package
-*** ‘--check’ and ‘--rounds’ save the differing build output upon failure
*** New Emacs interface for package locations: M-x guix-locations
-See “Package Source Locations” in the manual.
-*** Emacs modes show the full profile name in buffer names
-*** Emacs “Package Info” buffer now have a “Build Log” button
-*** ‘guix environment’ sets $GUIX_ENVIRONMENT to the environment’s profile
-*** New ‘--ttl’ option for ‘guix publish’
-*** New ‘--compression’ option for ‘guix publish’
-*** ‘guix publish’ serves source files over content-address “/file” URLs
-*** New ‘hackage’ updater for ‘guix refresh’
-*** ‘guix lint -c cve’ uses a faster caching method
-*** ‘guix lint -c cve’ now reports up to 3-year-old vulnerabilities
-*** ‘guix lint -c source,home-page’ reports suspiciously small HTTP replies
-*** ‘guix lint -c inputs-should-be-native’ makes more suggestions
-
-** Distribution
-
-*** New services
-
-urandom-seed-service, dicod-service, gc-root-service-type, mcron-service,
-rngd-service, dropbear-service, pam-limits-service (See “Services” in the
-manual for details.)
-
-*** ‘mapped-device’ can refer to partitions using a LUKS UUID
-*** New ‘raid-device-type’, for RAID devices using mdadm
-*** ‘console-keymap-service’ can be given several file names
-*** Java package names are now prefixed with “java-”
-*** New modular Qt packages, to replace the monolithic ‘qt’ package
-*** The ‘gnupg’ 2.0/2.1 packages provide the ‘gpg’ command instead of ‘gpg2’
-*** More packages are bit-reproducible: vlc, libxslt, nasm
-*** XXX new packages
-*** XXX package updates
-
-** Programming interfaces
-
-*** New ‘with-imported-modules’ form provided by (guix gexp)
-
-It supersedes the #:modules parameter of ‘gexp->derivation’, ‘compute-file’,
-‘gexp->script’, ‘program-file’, etc, as well as the ‘imported-modules’ fields
-of <origin> and <shepherd-service>. See “G-Expressions” in the manual.
-
-*** New (gnu tests) and (gnu build marionette) modules for system tests
-
-See <http://savannah.gnu.org/forum/forum.php?forum_id=8605> for background.
-
-*** New (guix zlib) module
-*** New (guix hg-download) module, for Mercurial checkouts
-*** (guix download) supports HTTP basic authentication
-*** (guix svn-download) supports authentication
-*** The ‘source’ of packages can be a ‘local-file’ or any lowerable object
-*** Part of (guix utils) moved to the new (guix combinators)
-*** GNU updater honors the ‘ftp-server’ and ‘ftp-directory’ package properties
-*** CVE linter honors the ‘cpe-name’ and ‘cpe-version’ package properties
-*** ‘add-to-store’ and ‘local-file’ have a new #:select? parameter
-
-** Noteworthy bug fixes
-
-*** Perl no longer references GCC (<http://bugs.gnu.org/23077>)
-*** Grafting now fails upon I/O errors (<http://bugs.gnu.org/23581>)
-*** GuixSD random source is now properly seeded (<http://bugs.gnu.org/23605>)
-*** ‘call-with-container’ gracefully reports mount errors
- (<http://bugs.gnu.org/23306>)
-*** ‘herd start cow-store’ now bind-mounts the target /tmp
-*** ‘guix environment’ now honors ‘--system’ (<http://bugs.gnu.org/23682>)
-*** ‘guix publish’ properly encodes archive URIs (<http://bugs.gnu.org/21888>)
-*** ‘NIX_CONF_DIR’ is now ignored (<http://bugs.gnu.org/22459>)
-*** The shell of user ‘nobody’ is ‘nologin’ (<http://bugs.gnu.org/23971>)
-*** Source code location is more precise in error messages involving records
- (<http://bugs.gnu.org/23969>)
-*** ‘guix --version’ is correct in the presence of ‘guix pull’
- (<http://bugs.gnu.org/19278>)
-*** Git commits are now signed, for eventual authentication by ‘guix pull’
- (in preparation of a fix for <http://bugs.gnu.org/22883>)
-
-** Native language support
-
-*** New translation: zh_CN (Simplified Chinese)
-*** Updated translations: fr
-
* Changes in 0.10.0 (since 0.9.0)
** Community
diff --git a/configure.ac b/configure.ac
index 13a9b6e19f..17d5c4b28b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -86,6 +86,11 @@ dnl Check whether (srfi srfi-37) works, and provide our own if it doesn't.
GUIX_CHECK_SRFI_37
AM_CONDITIONAL([INSTALL_SRFI_37], [test "x$ac_cv_guix_srfi_37_broken" = xyes])
+dnl Check whether (guix build syscalls) can be built.
+GUIX_CHECK_LIBC_MOUNT
+AM_CONDITIONAL([BUILD_SYSCALLS_MODULE],
+ [test "x$guix_cv_libc_has_mount" = "xyes"])
+
dnl Decompressors, for use by the substituter and other modules.
AC_PATH_PROG([GZIP], [gzip])
AC_PATH_PROG([BZIP2], [bzip2])
diff --git a/doc/guix.texi b/doc/guix.texi
index df8b5a9241..3725f6c242 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -6401,9 +6401,8 @@ builds to @file{/gnu/store} which, initially, is an in-memory file system.
Next, you have to edit a file and
provide the declaration of the operating system to be installed. To
-that end, the installation system comes with three text editors: GNU nano
-(@pxref{Top,,, nano, GNU nano Manual}), GNU Zile (an Emacs clone), and
-nvi (a clone of the original BSD @command{vi} editor).
+that end, the installation system comes with two text editors: GNU nano
+(@pxref{Top,,, nano, GNU nano Manual}), and GNU Zile, an Emacs clone.
We strongly recommend storing that file on the target root file system, say,
as @file{/mnt/etc/config.scm}. Failing to do that, you will have lost your
configuration file once you have rebooted into the newly-installed system.
@@ -7797,6 +7796,7 @@ maximum address space that can be locked in memory. These settings are
commonly used for real-time audio systems.
@end deffn
+
@node Scheduled Job Execution
@subsubsection Scheduled Job Execution
diff --git a/gnu/local.mk b/gnu/local.mk
index 4a19e33414..6060e55fa3 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -440,7 +440,6 @@ dist_patch_DATA = \
%D%/packages/patches/audacity-fix-ffmpeg-binding.patch \
%D%/packages/patches/automake-skip-amhello-tests.patch \
%D%/packages/patches/automake-regexp-syntax.patch \
- %D%/packages/patches/automake-test-gzip-warning.patch \
%D%/packages/patches/avahi-localstatedir.patch \
%D%/packages/patches/avidemux-install-to-lib.patch \
%D%/packages/patches/awesome-reproducible-png.patch \
@@ -468,9 +467,9 @@ dist_patch_DATA = \
%D%/packages/patches/clucene-contribs-lib.patch \
%D%/packages/patches/cursynth-wave-rand.patch \
%D%/packages/patches/dbus-helper-search-path.patch \
+ %D%/packages/patches/dealii-p4est-interface.patch \
%D%/packages/patches/devil-CVE-2009-3994.patch \
%D%/packages/patches/devil-fix-libpng.patch \
- %D%/packages/patches/dico-idxgcide-bug.patch \
%D%/packages/patches/dico-libtool-deterministic.patch \
%D%/packages/patches/diffutils-gets-undeclared.patch \
%D%/packages/patches/dfu-programmer-fix-libusb.patch \
@@ -489,6 +488,7 @@ dist_patch_DATA = \
%D%/packages/patches/eudev-rules-directory.patch \
%D%/packages/patches/evilwm-lost-focus-bug.patch \
%D%/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch \
+ %D%/packages/patches/expat-CVE-2015-1283.patch \
%D%/packages/patches/expat-CVE-2015-1283-refix.patch \
%D%/packages/patches/expat-CVE-2016-0718.patch \
%D%/packages/patches/fastcap-mulGlobal.patch \
@@ -522,9 +522,12 @@ dist_patch_DATA = \
%D%/packages/patches/gimp-CVE-2016-4994.patch \
%D%/packages/patches/glib-networking-ssl-cert-file.patch \
%D%/packages/patches/glib-tests-timer.patch \
+ %D%/packages/patches/glibc-CVE-2015-7547.patch \
%D%/packages/patches/glibc-bootstrap-system.patch \
+ %D%/packages/patches/glibc-hurd-extern-inline.patch \
%D%/packages/patches/glibc-ldd-x86_64.patch \
%D%/packages/patches/glibc-locales.patch \
+ %D%/packages/patches/glibc-locale-incompatibility.patch \
%D%/packages/patches/glibc-o-largefile.patch \
%D%/packages/patches/glibc-versioned-locpath.patch \
%D%/packages/patches/gmp-arm-asm-nothumb.patch \
@@ -603,6 +606,11 @@ dist_patch_DATA = \
%D%/packages/patches/liba52-link-with-libm.patch \
%D%/packages/patches/liba52-set-soname.patch \
%D%/packages/patches/liba52-use-mtune-not-mcpu.patch \
+ %D%/packages/patches/libarchive-bsdtar-test.patch \
+ %D%/packages/patches/libarchive-CVE-2013-0211.patch \
+ %D%/packages/patches/libarchive-CVE-2016-1541.patch \
+ %D%/packages/patches/libarchive-fix-lzo-test-case.patch \
+ %D%/packages/patches/libarchive-mtree-filename-length-fix.patch \
%D%/packages/patches/libbonobo-activation-test-race.patch \
%D%/packages/patches/libcanberra-sound-theme-freedesktop.patch \
%D%/packages/patches/libcmis-fix-test-onedrive.patch \
@@ -637,8 +645,9 @@ dist_patch_DATA = \
%D%/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch \
%D%/packages/patches/libwmf-CVE-2015-4695.patch \
%D%/packages/patches/libwmf-CVE-2015-4696.patch \
- %D%/packages/patches/libxslt-generated-ids.patch \
+ %D%/packages/patches/libxslt-CVE-2015-7995.patch \
%D%/packages/patches/lirc-localstatedir.patch \
+ %D%/packages/patches/libpthread-glibc-preparation.patch \
%D%/packages/patches/lm-sensors-hwmon-attrs.patch \
%D%/packages/patches/lua-CVE-2014-5461.patch \
%D%/packages/patches/lua-pkgconfig.patch \
@@ -658,6 +667,10 @@ dist_patch_DATA = \
%D%/packages/patches/mcrypt-CVE-2012-4426.patch \
%D%/packages/patches/mcrypt-CVE-2012-4527.patch \
%D%/packages/patches/mhash-keygen-test-segfault.patch \
+ %D%/packages/patches/mit-krb5-CVE-2015-8629.patch \
+ %D%/packages/patches/mit-krb5-CVE-2015-8630.patch \
+ %D%/packages/patches/mit-krb5-CVE-2015-8631.patch \
+ %D%/packages/patches/mit-krb5-init-context-null-spnego.patch \
%D%/packages/patches/mpc123-initialize-ao.patch \
%D%/packages/patches/mplayer2-theora-fix.patch \
%D%/packages/patches/module-init-tools-moduledir.patch \
@@ -746,7 +759,6 @@ dist_patch_DATA = \
%D%/packages/patches/python-paste-remove-timing-test.patch \
%D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \
%D%/packages/patches/qt4-ldflags.patch \
- %D%/packages/patches/rapicorn-isnan.patch \
%D%/packages/patches/ratpoison-shell.patch \
%D%/packages/patches/readline-link-ncurses.patch \
%D%/packages/patches/ripperx-missing-file.patch \
@@ -773,6 +785,7 @@ dist_patch_DATA = \
%D%/packages/patches/t1lib-CVE-2010-2642.patch \
%D%/packages/patches/t1lib-CVE-2011-0764.patch \
%D%/packages/patches/t1lib-CVE-2011-1552+CVE-2011-1553+CVE-2011-1554.patch \
+ %D%/packages/patches/tar-d_ino_in_dirent-fix.patch \
%D%/packages/patches/tar-skip-unreliable-tests.patch \
%D%/packages/patches/tcl-mkindex-deterministic.patch \
%D%/packages/patches/tclxml-3.2-install.patch \
diff --git a/gnu/packages/autotools.scm b/gnu/packages/autotools.scm
index 21ed0e6179..de7f1f6d15 100644
--- a/gnu/packages/autotools.scm
+++ b/gnu/packages/autotools.scm
@@ -218,8 +218,7 @@ output is indexed in many ways to simplify browsing.")
"0dl6vfi2lzz8alnklwxzfz624b95hb1ipjvd3mk177flmddcf24r"))
(patches
(search-patches "automake-regexp-syntax.patch"
- "automake-skip-amhello-tests.patch"
- "automake-test-gzip-warning.patch"))))
+ "automake-skip-amhello-tests.patch"))))
(build-system gnu-build-system)
(native-inputs
`(("autoconf" ,(autoconf-wrapper))
diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index 0a2e9b1b90..257dabfe2c 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -135,7 +135,8 @@ backups (called chunks) to allow easy burning to CD/DVD.")
(define-public libarchive
(package
(name "libarchive")
- (version "3.2.1")
+ (replacement libarchive/fixed)
+ (version "3.1.2")
(source
(origin
(method url-fetch)
@@ -143,7 +144,12 @@ backups (called chunks) to allow easy burning to CD/DVD.")
version ".tar.gz"))
(sha256
(base32
- "1lngng84k1kkljl74q0cdqc3s82vn2kimfm02dgm4d6m7x71mvkj"))))
+ "0pixqnrcf35dnqgv0lp7qlcw7k13620qkhgxr288v7p4iz6ym1zb"))
+ (patches
+ (search-patches "libarchive-mtree-filename-length-fix.patch"
+ "libarchive-fix-lzo-test-case.patch"
+ "libarchive-CVE-2013-0211.patch"
+ "libarchive-bsdtar-test.patch"))))
(build-system gnu-build-system)
;; TODO: Add -L/path/to/nettle in libarchive.pc.
(inputs
@@ -174,10 +180,7 @@ backups (called chunks) to allow easy burning to CD/DVD.")
(zero? (system* "./libarchive_test" "^test_*_disk*"))
(zero? (system* "./bsdcpio_test" "^test_owner_parse"))
(zero? (system* "./bsdtar_test"))))
- %standard-phases))
- ;; libarchive/test/test_write_format_gnutar_filenames.c needs to be
- ;; compiled with C99 or C11 or a gnu variant.
- #:configure-flags '("CFLAGS=-O2 -g -std=c99")))
+ %standard-phases))))
(home-page "http://libarchive.org/")
(synopsis "Multi-format archive and compression library")
(description
@@ -190,6 +193,14 @@ archive. In particular, note that there is currently no built-in support for
random access nor for in-place modification.")
(license license:bsd-2)))
+(define libarchive/fixed
+ (package
+ (inherit libarchive)
+ (source (origin
+ (inherit (package-source libarchive))
+ (patches (cons (search-patch "libarchive-CVE-2016-1541.patch")
+ (origin-patches (package-source libarchive))))))))
+
(define-public rdup
(package
(name "rdup")
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index a476837102..7b33a1d517 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -44,9 +44,7 @@
#:use-module (guix download)
#:use-module (guix git-download)
#:use-module (guix build-system gnu)
- #:use-module (guix build-system trivial)
- #:use-module (ice-9 match)
- #:export (glibc))
+ #:use-module (guix build-system trivial))
;;; Commentary:
;;;
@@ -77,14 +75,14 @@ command-line arguments, multiple languages, and so on.")
(define-public grep
(package
(name "grep")
- (version "2.25")
+ (version "2.22")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/grep/grep-"
version ".tar.xz"))
(sha256
(base32
- "0c38b67cnwchwzv4wq2gpz6smkhdxrac2hhssv8f0l04qnx867p2"))
+ "1srn321x7whlhs5ks36zlcrrmj4iahll8fxwsh1vbz3v04px54fa"))
(patches (search-patches "grep-timing-sensitive-test.patch"))))
(build-system gnu-build-system)
(native-inputs `(("perl" ,perl))) ;some of the tests require it
@@ -139,34 +137,17 @@ implementation offers several extensions over the standard utility.")
(define-public tar
(package
(name "tar")
- (version "1.29")
+ (version "1.28")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/tar/tar-"
version ".tar.xz"))
(sha256
(base32
- "097hx7sbzp8qirl4m930lw84kn0wmxhmq7v1qpra3mrg0b8cyba0"))
- (patches (search-patches "tar-skip-unreliable-tests.patch"))))
+ "1wi2zwm4c9r3h3b8y4w0nm0qq897kn8kyj9k22ba0iqvxj48vvk4"))
+ (patches (search-patches "tar-d_ino_in_dirent-fix.patch"
+ "tar-skip-unreliable-tests.patch"))))
(build-system gnu-build-system)
- ;; Note: test suite requires ~1GiB of disk space.
- (arguments
- '(#:phases (modify-phases %standard-phases
- (add-before 'build 'set-shell-file-name
- (lambda* (#:key inputs #:allow-other-keys)
- ;; Do not use "/bin/sh" to run programs.
- (let ((bash (assoc-ref inputs "bash")))
- (substitute* "src/system.c"
- (("/bin/sh")
- (string-append bash "/bin/sh")))
- #t))))))
-
- ;; When cross-compiling, the 'set-shell-file-name' phase needs to be able
- ;; to refer to the target Bash.
- (inputs (if (%current-target-system)
- `(("bash" ,bash))
- '()))
-
(synopsis "Managing tar archives")
(description
"Tar provides the ability to create tar archives, as well as the
@@ -262,14 +243,23 @@ used to apply commands with arbitrarily long arguments.")
(define-public coreutils
(package
(name "coreutils")
- (version "8.25")
+ (version "8.24")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/coreutils/coreutils-"
version ".tar.xz"))
(sha256
(base32
- "11yfrnb94xzmvi4lhclkcmkqsbhww64wf234ya1aacjvg82prrii"))))
+ "0w11jw3fb5sslf0f72kxy7llxgk1ia3a6bcw0c9kmvxrlj355mx2"))
+ (patches
+ (list (origin
+ (method url-fetch)
+ (uri "http://git.savannah.gnu.org/cgit/coreutils.git/\
+patch/?id=3ba68f9e64fa2eb8af22d510437a0c6441feb5e0")
+ (sha256
+ (base32
+ "1dnlszhc8lihhg801i9sz896mlrgfsjfcz62636prb27k5hmixqz"))
+ (file-name "coreutils-tail-inotify-race.patch"))))))
(build-system gnu-build-system)
(inputs `(("acl" ,acl) ; TODO: add SELinux
("gmp" ,gmp) ;bignums in 'expr', yay!
@@ -325,14 +315,14 @@ functionality beyond that which is outlined in the POSIX standard.")
(define-public gnu-make
(package
(name "make")
- (version "4.2")
+ (version "4.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/make/make-" version
".tar.bz2"))
(sha256
(base32
- "0pv5rvz5pp4njxiz3syf786d2xp4j7gzddwjvgw5zmz55yvf6p2f"))
+ "19gwwhik3wdwn0r42b7xcihkbxvjl9r2bdal8nifc3k5i4rn3iqb"))
(patches (search-patches "make-impure-dirs.patch"))))
(build-system gnu-build-system)
(native-inputs `(("pkg-config" ,pkg-config))) ; to detect Guile
@@ -473,17 +463,17 @@ store.")
(export make-ld-wrapper)
-(define-public glibc/linux
+(define-public glibc
(package
(name "glibc")
- (version "2.23")
+ (version "2.22")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/glibc/glibc-"
version ".tar.xz"))
(sha256
(base32
- "1s8krs3y2n6pzav7ic59dz41alqalphv7vww4138ag30wh0fpvwl"))
+ "0j49682pm2nh4qbdw35bas82p1pgfnz4d2l7iwfyzvrvj0318wzb"))
(snippet
;; Disable 'ldconfig' and /etc/ld.so.cache. The latter is
;; required on LFS distros to avoid loading the distro's libc.so
@@ -492,14 +482,17 @@ store.")
(("use_ldconfig=yes")
"use_ldconfig=no")))
(modules '((guix build utils)))
- (patches (search-patches "glibc-ldd-x86_64.patch"
- "glibc-versioned-locpath.patch"
- "glibc-o-largefile.patch"))))
+ (patches
+ (search-patches "glibc-ldd-x86_64.patch"
+ "glibc-locale-incompatibility.patch"
+ "glibc-versioned-locpath.patch"
+ "glibc-o-largefile.patch"
+ "glibc-CVE-2015-7547.patch"))))
(build-system gnu-build-system)
;; Glibc's <limits.h> refers to <linux/limit.h>, for instance, so glibc
;; users should automatically pull Linux headers as well.
- (propagated-inputs `(("kernel-headers" ,linux-libre-headers)))
+ (propagated-inputs `(("linux-headers" ,linux-libre-headers)))
(outputs '("out" "debug"))
@@ -511,7 +504,7 @@ store.")
#:parallel-build? #f
;; The libraries have an empty RUNPATH, but some, such as the versioned
- ;; libraries (libdl-2.23.so, etc.) have ld.so marked as NEEDED. Since
+ ;; libraries (libdl-2.22.so, etc.) have ld.so marked as NEEDED. Since
;; these libraries are always going to be found anyway, just skip
;; RUNPATH checks.
#:validate-runpath? #f
@@ -543,7 +536,7 @@ store.")
(assoc-ref ,(if (%current-target-system)
'%build-target-inputs
'%build-inputs)
- "kernel-headers")
+ "linux-headers")
"/include")
;; This is the default for most architectures as of GNU libc 2.21,
@@ -557,7 +550,7 @@ store.")
"/bin/bash")
;; XXX: Work around "undefined reference to `__stack_chk_guard'".
- "libc_cv_ssp=no" "libc_cv_ssp_strong=no")
+ "libc_cv_ssp=no")
#:tests? #f ; XXX
#:phases (modify-phases %standard-phases
@@ -571,6 +564,10 @@ store.")
;; but cross-base uses it as a native input.
(bash (or (assoc-ref inputs "static-bash")
(assoc-ref native-inputs "static-bash"))))
+ ;; Use `pwd', not `/bin/pwd'.
+ (substitute* "configure"
+ (("/bin/pwd") "pwd"))
+
;; Install the rpc data base file under `$out/etc/rpc'.
;; FIXME: Use installFlags = [ "sysconfdir=$(out)/etc" ];
(substitute* "sunrpc/Makefile"
@@ -651,104 +648,11 @@ with the Linux kernel.")
(license lgpl2.0+)
(home-page "http://www.gnu.org/software/libc/")))
-(define-public glibc/hurd
- ;; The Hurd's libc variant.
- (package (inherit glibc/linux)
- (name "glibc-hurd")
- (version "2.19")
- (source (origin
- (method url-fetch)
- (uri (string-append "http://alpha.gnu.org/gnu/hurd/glibc-"
- version "-hurd+libpthread-20160518" ".tar.gz"))
- (sha256
- (base32
- "12zmdjviybpsdb2kq4cg98rds7909f0cc96fzdahdfrzlxx1q0px"))))
-
- ;; Libc provides <hurd.h>, which includes a bunch of Hurd and Mach headers,
- ;; so both should be propagated.
- (propagated-inputs `(("hurd-core-headers" ,hurd-core-headers)))
- (native-inputs
- `(,@(package-native-inputs glibc/linux)
- ("mig" ,mig)
- ("perl" ,perl)))
-
- (arguments
- (substitute-keyword-arguments (package-arguments glibc/linux)
- ((#:phases original-phases)
- ;; Add libmachuser.so and libhurduser.so to libc.so's search path.
- ;; See <http://lists.gnu.org/archive/html/bug-hurd/2015-07/msg00051.html>.
- `(alist-cons-after
- 'install 'augment-libc.so
- (lambda* (#:key outputs #:allow-other-keys)
- (let* ((out (assoc-ref outputs "out")))
- (substitute* (string-append out "/lib/libc.so")
- (("/[^ ]+/lib/libc.so.0.3")
- (string-append out "/lib/libc.so.0.3" " libmachuser.so" " libhurduser.so"))))
- #t)
- (alist-cons-after
- 'pre-configure 'pre-configure-set-pwd
- (lambda _
- ;; Use the right 'pwd'.
- (substitute* "configure"
- (("/bin/pwd") "pwd")))
- ,original-phases)))
- ((#:configure-flags original-configure-flags)
- `(append (list "--host=i586-pc-gnu"
-
- ;; We need this to get a working openpty() function.
- "--enable-pt_chown"
-
- ;; nscd fails to build for GNU/Hurd:
- ;; <https://lists.gnu.org/archive/html/bug-hurd/2014-07/msg00006.html>.
- ;; Disable it.
- "--disable-nscd")
- (filter (lambda (flag)
- (not (string-prefix? "--enable-kernel=" flag)))
- ,original-configure-flags)))))
- (synopsis "The GNU C Library (GNU Hurd variant)")
- (supported-systems %hurd-systems)))
-
-(define* (glibc-for-target #:optional
- (target (or (%current-target-system)
- (%current-system))))
- "Return the glibc for TARGET, GLIBC/LINUX for a Linux host or
-GLIBC/HURD for a Hurd host"
- (match target
- ((or "i586-pc-gnu" "i586-gnu") glibc/hurd)
- (_ glibc/linux)))
-
-(define-syntax glibc
- (identifier-syntax (glibc-for-target)))
-
-(define-public glibc-2.22
- ;; The old libc, which we use mostly to build locale data in the old format
- ;; (which the new libc can cope with.)
- (package
- (inherit glibc)
- (version "2.22")
- (source (origin
- (inherit (package-source glibc))
- (uri (string-append "mirror://gnu/glibc/glibc-"
- version ".tar.xz"))
- (sha256
- (base32
- "0j49682pm2nh4qbdw35bas82p1pgfnz4d2l7iwfyzvrvj0318wzb"))
- (patches (search-patches "glibc-ldd-x86_64.patch"))))
- (arguments
- (substitute-keyword-arguments (package-arguments glibc)
- ((#:phases phases)
- `(modify-phases ,phases
- (add-before 'configure 'fix-pwd
- (lambda _
- ;; Use `pwd' instead of `/bin/pwd' for glibc-2.21
- (substitute* "configure"
- (("/bin/pwd") "pwd"))))))))))
-
(define-public glibc-2.21
;; The old libc, which we use mostly to build locale data in the old format
;; (which the new libc can cope with.)
(package
- (inherit glibc-2.22)
+ (inherit glibc)
(version "2.21")
(source (origin
(inherit (package-source glibc))
@@ -787,7 +691,7 @@ the 'share/locale' sub-directory of this package.")
((#:configure-flags flags)
`(append ,flags
;; Use $(libdir)/locale/X.Y as is the case by default.
- (list (string-append "libc_cv_complocaledir="
+ (list (string-append "libc_cv_localedir="
(assoc-ref %outputs "out")
"/lib/locale/"
,(package-version glibc))))))))))
@@ -863,6 +767,73 @@ variety of options. It is an alternative to the shell \"type\" built-in
command.")
(license gpl3+))) ; some files are under GPLv2+
+(define-public glibc/hurd
+ ;; The Hurd's libc variant.
+ (package (inherit glibc)
+ (name "glibc-hurd")
+ (version "2.18")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "git://git.sv.gnu.org/hurd/glibc")
+ (commit "cc94b3cfe65523f980359e5f0e93a26196bda1d3")))
+ (sha256
+ (base32
+ "17gsh0kaz0zyvghjmx861mi2p65m9901lngi179x61zm6v2v3xc4"))
+ (file-name (string-append name "-" version))
+ (patches (search-patches "glibc-hurd-extern-inline.patch"))))
+
+ ;; Libc provides <hurd.h>, which includes a bunch of Hurd and Mach headers,
+ ;; so both should be propagated.
+ (propagated-inputs `(("gnumach-headers" ,gnumach-headers)
+ ("hurd-headers" ,hurd-headers)
+ ("hurd-minimal" ,hurd-minimal)))
+ (native-inputs
+ `(,@(package-native-inputs glibc)
+ ("patch/libpthread-patch" ,(search-patch "libpthread-glibc-preparation.patch"))
+ ("mig" ,mig)
+ ("perl" ,perl)
+ ("libpthread" ,(origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "git://git.sv.gnu.org/hurd/libpthread")
+ (commit "0ef7b75c4ba91b6660f0d3d8b51d14d25e3d5bfb")))
+ (sha256
+ (base32
+ "031py18fls15z0wprni33mf762kg6fx8xqijppimhp83yp6ky3l3"))
+ (file-name "libpthread")))))
+
+ (arguments
+ (substitute-keyword-arguments (package-arguments glibc)
+ ((#:configure-flags original-configure-flags)
+ `(append (list "--host=i686-pc-gnu"
+
+ ;; nscd fails to build for GNU/Hurd:
+ ;; <https://lists.gnu.org/archive/html/bug-hurd/2014-07/msg00006.html>.
+ ;; Disable it.
+ "--disable-nscd")
+ (filter (lambda (flag)
+ (not (or (string-prefix? "--with-headers=" flag)
+ (string-prefix? "--enable-kernel=" flag))))
+ ;; Evaluate 'original-configure-flags' in a
+ ;; lexical environment that has a dummy
+ ;; "linux-headers" input, to prevent errors.
+ (let ((%build-inputs `(("linux-headers" . "@DUMMY@")
+ ,@%build-inputs)))
+ ,original-configure-flags))))
+ ((#:phases phases)
+ `(alist-cons-after
+ 'unpack 'prepare-libpthread
+ (lambda* (#:key inputs #:allow-other-keys)
+ (copy-recursively (assoc-ref inputs "libpthread") "libpthread")
+
+ (system* "patch" "--force" "-p1" "-i"
+ (assoc-ref inputs "patch/libpthread-patch"))
+ #t)
+ ,phases))))
+ (synopsis "The GNU C Library (GNU Hurd variant)")
+ (supported-systems %hurd-systems)))
+
(define-public glibc/hurd-headers
(package (inherit glibc/hurd)
(name "glibc-hurd-headers")
@@ -874,7 +845,7 @@ command.")
;; We just pass the flags really needed to build the headers.
((#:configure-flags _)
`(list "--enable-add-ons"
- "--host=i586-pc-gnu"
+ "--host=i686-pc-gnu"
"--enable-obsolete-rpc"))
((#:phases _)
'(alist-replace
diff --git a/gnu/packages/boost.scm b/gnu/packages/boost.scm
index 8fe8c8e899..daa3dafcca 100644
--- a/gnu/packages/boost.scm
+++ b/gnu/packages/boost.scm
@@ -51,50 +51,50 @@
("python" ,python-2)
("tcsh" ,tcsh)))
(arguments
- `(#:tests? #f
- #:make-flags
- (list "threading=multi" "link=shared"
+ (let ((build-flags
+ `("threading=multi" "link=shared"
- ;; Set the RUNPATH to $libdir so that the libs find each other.
- (string-append "linkflags=-Wl,-rpath="
- (assoc-ref %outputs "out") "/lib")
+ ;; Set the RUNPATH to $libdir so that the libs find each other.
+ (string-append "linkflags=-Wl,-rpath="
+ (assoc-ref outputs "out") "/lib")
- ;; Boost's 'context' library is not yet supported on mips64, so
- ;; we disable it. The 'coroutine' library depends on 'context',
- ;; so we disable that too.
- ,@(if (string-prefix? "mips64" (or (%current-target-system)
- (%current-system)))
- '("--without-context"
- "--without-coroutine" "--without-coroutine2")
- '()))
- #:phases
- (modify-phases %standard-phases
- (replace
- 'configure
- (lambda* (#:key outputs #:allow-other-keys)
- (let ((out (assoc-ref outputs "out")))
- (substitute* '("libs/config/configure"
- "libs/spirit/classic/phoenix/test/runtest.sh"
- "tools/build/doc/bjam.qbk"
- "tools/build/src/engine/execunix.c"
- "tools/build/src/engine/Jambase"
- "tools/build/src/engine/jambase.c")
- (("/bin/sh") (which "sh")))
+ ;; Boost's 'context' library is not yet supported on mips64, so
+ ;; we disable it. The 'coroutine' library depends on 'context',
+ ;; so we disable that too.
+ ,@(if (string-prefix? "mips64" (or (%current-target-system)
+ (%current-system)))
+ '("--without-context"
+ "--without-coroutine" "--without-coroutine2")
+ '()))))
+ `(#:tests? #f
+ #:phases
+ (modify-phases %standard-phases
+ (replace
+ 'configure
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out")))
+ (substitute* '("libs/config/configure"
+ "libs/spirit/classic/phoenix/test/runtest.sh"
+ "tools/build/doc/bjam.qbk"
+ "tools/build/src/engine/execunix.c"
+ "tools/build/src/engine/Jambase"
+ "tools/build/src/engine/jambase.c")
+ (("/bin/sh") (which "sh")))
- (setenv "SHELL" (which "sh"))
- (setenv "CONFIG_SHELL" (which "sh"))
+ (setenv "SHELL" (which "sh"))
+ (setenv "CONFIG_SHELL" (which "sh"))
- (zero? (system* "./bootstrap.sh"
- (string-append "--prefix=" out)
- "--with-toolset=gcc")))))
- (replace
- 'build
- (lambda* (#:key outputs make-flags #:allow-other-keys)
- (zero? (apply system* "./b2" make-flags))))
- (replace
- 'install
- (lambda* (#:key outputs make-flags #:allow-other-keys)
- (zero? (apply system* "./b2" "install" make-flags)))))))
+ (zero? (system* "./bootstrap.sh"
+ (string-append "--prefix=" out)
+ "--with-toolset=gcc")))))
+ (replace
+ 'build
+ (lambda* (#:key outputs #:allow-other-keys)
+ (zero? (system* "./b2" ,@build-flags))))
+ (replace
+ 'install
+ (lambda* (#:key outputs #:allow-other-keys)
+ (zero? (system* "./b2" "install" ,@build-flags))))))))
(home-page "http://boost.org")
(synopsis "Peer-reviewed portable C++ source libraries")
diff --git a/gnu/packages/bootstrap.scm b/gnu/packages/bootstrap.scm
index f47a343ca6..6a4eba99ef 100644
--- a/gnu/packages/bootstrap.scm
+++ b/gnu/packages/bootstrap.scm
@@ -62,7 +62,7 @@
(define (boot fetch)
(lambda* (url hash-algo hash
#:optional name #:key system)
- (fetch url hash-algo hash name
+ (fetch url hash-algo hash
#:guile %bootstrap-guile
#:system system)))
diff --git a/gnu/packages/c.scm b/gnu/packages/c.scm
index 6e16d1365b..e8d1236eb1 100644
--- a/gnu/packages/c.scm
+++ b/gnu/packages/c.scm
@@ -52,7 +52,7 @@
(assoc-ref %build-inputs "libc")
"/include:"
(assoc-ref %build-inputs
- "kernel-headers")
+ "linux-headers")
"/include:{B}/include")
(string-append "--libpaths="
(assoc-ref %build-inputs "libc")
diff --git a/gnu/packages/check.scm b/gnu/packages/check.scm
index 95c80438e9..cecc026479 100644
--- a/gnu/packages/check.scm
+++ b/gnu/packages/check.scm
@@ -37,15 +37,15 @@
(define-public check
(package
(name "check")
- (version "0.10.0")
+ (version "0.9.14")
(source
(origin
(method url-fetch)
- (uri (string-append "https://github.com/libcheck/check/files/71408/"
- "/check-" version ".tar.gz"))
+ (uri (string-append "mirror://sourceforge/check/check/"
+ version "/check-" version ".tar.gz"))
(sha256
(base32
- "0lhhywf5nxl3dd0hdakra3aasl590756c9kmvyifb3vgm9k0gxgm"))))
+ "02l4g79d81s07hzywcv1knwj5dyrwjiq2pgxaz7kidxi8m364wn2"))))
(build-system gnu-build-system)
(home-page "https://libcheck.github.io/check/")
(synopsis "Unit test framework for C")
diff --git a/gnu/packages/cmake.scm b/gnu/packages/cmake.scm
index ac88e59ec1..1cb1e06993 100644
--- a/gnu/packages/cmake.scm
+++ b/gnu/packages/cmake.scm
@@ -4,7 +4,6 @@
;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -37,7 +36,7 @@
(define-public cmake
(package
(name "cmake")
- (version "3.5.2")
+ (version "3.3.2")
(source (origin
(method url-fetch)
(uri (string-append "https://www.cmake.org/files/v"
@@ -45,67 +44,62 @@
"/cmake-" version ".tar.gz"))
(sha256
(base32
- "0ap6nlmv6nda942db43k9k9mhnm5dm3fsapzvy0vh6wq7l6l3n4j"))
+ "08pwy9ip9cgwgynhn5vrjw8drw29gijy1rmziq22n65zds6ifnp7"))
(patches (search-patches "cmake-fix-tests.patch"))))
(build-system gnu-build-system)
(arguments
`(#:test-target "test"
- #:phases
- (modify-phases %standard-phases
- (add-before 'configure 'patch-bin-sh
- (lambda _
- ;; Replace "/bin/sh" by the right path in... a lot of
- ;; files.
- (substitute*
- '("Modules/CompilerId/Xcode-3.pbxproj.in"
- "Modules/CompilerId/Xcode-1.pbxproj.in"
- "Modules/CompilerId/Xcode-2.pbxproj.in"
- "Modules/CPack.RuntimeScript.in"
- "Source/cmakexbuild.cxx"
- "Source/cmGlobalXCodeGenerator.cxx"
- "Source/CTest/cmCTestBatchTestHandler.cxx"
- "Source/cmLocalUnixMakefileGenerator3.cxx"
- "Source/cmExecProgramCommand.cxx"
- "Utilities/cmbzip2/Makefile-libbz2_so"
- "Utilities/Release/release_cmake.cmake"
- "Utilities/cmlibarchive/libarchive/archive_write_set_format_shar.c"
- "Tests/CMakeLists.txt"
- "Tests/RunCMake/File_Generate/RunCMakeTest.cmake")
- (("/bin/sh") (which "sh")))))
- (add-before 'configure 'set-paths
- (lambda _
- ;; Help cmake's bootstrap process to find system libraries
- (begin
- (setenv "CMAKE_LIBRARY_PATH" (getenv "LIBRARY_PATH"))
- (setenv "CMAKE_INCLUDE_PATH" (getenv "C_INCLUDE_PATH"))
- ;; Get verbose output from failed tests
- (setenv "CTEST_OUTPUT_ON_FAILURE" "TRUE"))))
- (replace 'configure
- (lambda* (#:key outputs #:allow-other-keys)
- (let ((out (assoc-ref outputs "out")))
- (zero? (system*
- "./configure"
- (string-append "--prefix=" out)
- "--system-libs"
- "--no-system-jsoncpp" ; not packaged yet
- ;; By default, the man pages and other docs land
- ;; in PREFIX/man and PREFIX/doc, but we want them
- ;; in share/{man,doc}. Note that unlike
- ;; autoconf-generated configure scripts, cmake's
- ;; configure prepends "PREFIX/" to what we pass
- ;; to --mandir and --docdir.
- "--mandir=share/man"
- ,(string-append
- "--docdir=share/doc/cmake-"
- (version-major+minor version)))))))
- (add-after 'unpack 'remove-libarchive-version-test
- ; This test check has been failing consistantly over libarchive 3.2.x
- ; and cmake 3.4.x and 3.5.x so we disable it for now
- (lambda _
- (substitute*
- "Tests/CMakeOnly/AllFindModules/CMakeLists.txt"
- (("LibArchive") ""))
- #t)))))
+ #:phases (alist-cons-before
+ 'configure 'patch-bin-sh
+ (lambda _
+ ;; Replace "/bin/sh" by the right path in... a lot of
+ ;; files.
+ (substitute*
+ '("Modules/CompilerId/Xcode-3.pbxproj.in"
+ "Modules/CompilerId/Xcode-1.pbxproj.in"
+ "Modules/CompilerId/Xcode-2.pbxproj.in"
+ "Modules/CPack.RuntimeScript.in"
+ "Source/cmakexbuild.cxx"
+ "Source/cmGlobalXCodeGenerator.cxx"
+ "Source/CTest/cmCTestBatchTestHandler.cxx"
+ "Source/cmLocalUnixMakefileGenerator3.cxx"
+ "Source/cmExecProgramCommand.cxx"
+ "Utilities/cmbzip2/Makefile-libbz2_so"
+ "Utilities/Release/release_cmake.cmake"
+ "Utilities/cmlibarchive/libarchive/\
+archive_write_set_format_shar.c"
+ "Tests/CMakeLists.txt"
+ "Tests/RunCMake/File_Generate/RunCMakeTest.cmake")
+ (("/bin/sh") (which "sh"))))
+ (alist-cons-before
+ 'configure 'set-paths
+ (lambda _
+ ;; Help cmake's bootstrap process to find system libraries
+ (begin
+ (setenv "CMAKE_LIBRARY_PATH" (getenv "LIBRARY_PATH"))
+ (setenv "CMAKE_INCLUDE_PATH" (getenv "C_INCLUDE_PATH"))
+ ;; Get verbose output from failed tests
+ (setenv "CTEST_OUTPUT_ON_FAILURE" "TRUE")))
+ (alist-replace
+ 'configure
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out")))
+ (zero? (system*
+ "./configure"
+ (string-append "--prefix=" out)
+ "--system-libs"
+ "--no-system-jsoncpp" ; not packaged yet
+ ;; By default, the man pages and other docs land
+ ;; in PREFIX/man and PREFIX/doc, but we want them
+ ;; in share/{man,doc}. Note that unlike
+ ;; autoconf-generated configure scripts, cmake's
+ ;; configure prepends "PREFIX/" to what we pass
+ ;; to --mandir and --docdir.
+ "--mandir=share/man"
+ ,(string-append
+ "--docdir=share/doc/cmake-"
+ (version-major+minor version))))))
+ %standard-phases)))))
(inputs
`(("file" ,file)
("curl" ,curl)
diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm
index cce831bfb6..54b524aec7 100644
--- a/gnu/packages/commencement.scm
+++ b/gnu/packages/commencement.scm
@@ -270,24 +270,21 @@
(name "perl-boot0")
(replacement #f)
(arguments
- ;; At the very least, this must not depend on GCC & co.
- (let ((args `(#:disallowed-references
- ,(list %bootstrap-binutils))))
- (substitute-keyword-arguments (package-arguments perl)
- ((#:phases phases)
- `(modify-phases ,phases
- ;; Pthread support is missing in the bootstrap compiler
- ;; (broken spec file), so disable it.
- (add-before 'configure 'disable-pthreads
- (lambda _
- (substitute* "Configure"
- (("^libswanted=(.*)pthread" _ before)
- (string-append "libswanted=" before)))))))))))))
- (package-with-bootstrap-guile
- (package-with-explicit-inputs perl
- %boot0-inputs
- (current-source-location)
- #:guile %bootstrap-guile))))
+ (substitute-keyword-arguments (package-arguments perl)
+ ((#:phases phases)
+ `(modify-phases ,phases
+ ;; Pthread support is missing in the bootstrap compiler
+ ;; (broken spec file), so disable it.
+ (add-before 'configure 'disable-pthreads
+ (lambda _
+ (substitute* "Configure"
+ (("^libswanted=(.*)pthread" _ before)
+ (string-append "libswanted=" before))))))))))))
+ (package-with-bootstrap-guile
+ (package-with-explicit-inputs perl
+ %boot0-inputs
+ (current-source-location)
+ #:guile %bootstrap-guile))))
(define (linux-libre-headers-boot0)
"Return Linux-Libre header files for the bootstrap environment."
@@ -309,12 +306,7 @@
;; Also, use %BOOT0-INPUTS to avoid building Perl once more.
(let ((texinfo (package (inherit texinfo)
(native-inputs '())
- (inputs `(("perl" ,perl-boot0)))
-
- ;; Some of Texinfo 6.1's tests would fail with "Couldn't
- ;; set UTF-8 character type in locale" but we don't have a
- ;; UTF-8 locale at this stage, so skip them.
- (arguments '(#:tests? #f)))))
+ (inputs `(("perl" ,perl-boot0))))))
(package-with-bootstrap-guile
(package-with-explicit-inputs texinfo %boot0-inputs
(current-source-location)
@@ -363,7 +355,7 @@
"export CPATH\n"
all "\n"))))
,phases)))))
- (propagated-inputs `(("kernel-headers" ,(linux-libre-headers-boot0))))
+ (propagated-inputs `(("linux-headers" ,(linux-libre-headers-boot0))))
(native-inputs
`(("texinfo" ,texinfo-boot0)
("perl" ,perl-boot0)))
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index e63c1af048..c11afea020 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -150,14 +150,14 @@ adding and extracting files to/from a tar archive.")
(define-public gzip
(package
(name "gzip")
- (version "1.8")
+ (version "1.6")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/gzip/gzip-"
- version ".tar.xz"))
+ version ".tar.gz"))
(sha256
(base32
- "1lxv3p4iyx7833mlihkn5wfwmz4cys5nybwpz3dfawag8kn6f5zz"))))
+ "0zlgdm4v3dndrbiz7b67mbbj25dpwqbmbzjiycssvrfrcfvq7swp"))))
(build-system gnu-build-system)
(synopsis "General file (de)compression (using lzw)")
(arguments
diff --git a/gnu/packages/conky.scm b/gnu/packages/conky.scm
index 206546b53a..150d182032 100644
--- a/gnu/packages/conky.scm
+++ b/gnu/packages/conky.scm
@@ -32,7 +32,7 @@
(define-public conky
(package
(name "conky")
- (version "1.10.3")
+ (version "1.10.0")
(source
(origin
(method url-fetch)
@@ -40,15 +40,10 @@
version ".tar.gz"))
(file-name (string-append name "-" version ".tar.gz"))
(sha256
- (base32 "1m9byrmpc2sprzk44v447yaqjzsvw230a0mlw7y1ngz3m3y44qs5"))))
+ (base32 "1szq4ckfkvyabv5llf9nkdxipn7429sralsxyr7z0dyc3zwz74pk"))))
(build-system cmake-build-system)
(arguments
`(#:tests? #f ; there are no tests
- #:configure-flags
- '("-DRELEASE=true"
- ;; XXX: it checks ncurses with pkg-config.
- ;; TODO: add 'ncurses.pc' to the ncurses package.
- "-DBUILD_NCURSES=false")
#:phases
(alist-cons-after
'unpack 'add-freetype-to-search-path
@@ -72,7 +67,6 @@
("libx11" ,libx11)
("libxdamage" ,libxdamage)
("libxft" ,libxft)
- ("libxinerama" ,libxinerama)
("lua" ,lua)))
(native-inputs
`(("pkg-config" ,pkg-config)))
diff --git a/gnu/packages/cross-base.scm b/gnu/packages/cross-base.scm
index 3bd30fd78c..a9c337e6ed 100644
--- a/gnu/packages/cross-base.scm
+++ b/gnu/packages/cross-base.scm
@@ -121,14 +121,6 @@ may be either a libc package or #f.)"
"--disable-libquadmath"
"--disable-decimal-float" ;would need libc
"--disable-libcilkrts"
-
- ;; When target is any OS other than 'none' these
- ;; libraries will fail if there is no libc
- ;; present. See
- ;; <https://lists.gnu.org/archive/html/guix-devel/2016-02/msg01311.html>
- "--disable-libitm"
- "--disable-libvtv"
- "--disable-libsanitizer"
)))
,(if libc
@@ -175,25 +167,24 @@ may be either a libc package or #f.)"
`(alist-cons-before
'configure 'set-cross-path
(lambda* (#:key inputs #:allow-other-keys)
- ;; Add the cross kernel headers to CROSS_CPATH, and remove them
- ;; from CPATH.
+ ;; Add the cross Linux headers to CROSS_C_*_INCLUDE_PATH,
+ ;; and remove them from C_*INCLUDE_PATH.
(let ((libc (assoc-ref inputs "libc"))
- (kernel (assoc-ref inputs "xkernel-headers")))
+ (linux (assoc-ref inputs "xlinux-headers")))
(define (cross? x)
;; Return #t if X is a cross-libc or cross Linux.
(or (string-prefix? libc x)
- (string-prefix? kernel x)))
+ (string-prefix? linux x)))
(let ((cpath (string-append
libc "/include"
- ":" kernel "/include")))
+ ":" linux "/include")))
(for-each (cut setenv <> cpath)
'("CROSS_C_INCLUDE_PATH"
"CROSS_CPLUS_INCLUDE_PATH"
"CROSS_OBJC_INCLUDE_PATH"
"CROSS_OBJCPLUS_INCLUDE_PATH")))
(setenv "CROSS_LIBRARY_PATH"
- (string-append libc "/lib:"
- kernel "/lib")) ;for Hurd's libihash
+ (string-append libc "/lib"))
(for-each
(lambda (var)
(and=> (getenv var)
@@ -264,9 +255,9 @@ GCC that does not target a libc; otherwise, target that libc."
(alist-delete "libc" %final-inputs))))
(if libc
`(("libc" ,libc)
- ("xkernel-headers" ;the target headers
+ ("xlinux-headers" ;the target headers
,@(assoc-ref (package-propagated-inputs libc)
- "kernel-headers"))
+ "linux-headers"))
,@inputs)
inputs))))
@@ -343,10 +334,10 @@ XBINUTILS and the cross tool chain."
,flags))
((#:phases phases)
`(alist-cons-before
- 'configure 'set-cross-kernel-headers-path
+ 'configure 'set-cross-linux-headers-path
(lambda* (#:key inputs #:allow-other-keys)
- (let* ((kernel (assoc-ref inputs "kernel-headers"))
- (cpath (string-append kernel "/include")))
+ (let* ((linux (assoc-ref inputs "linux-headers"))
+ (cpath (string-append linux "/include")))
(for-each (cut setenv <> cpath)
'("CROSS_C_INCLUDE_PATH"
"CROSS_CPLUS_INCLUDE_PATH"
@@ -355,9 +346,9 @@ XBINUTILS and the cross tool chain."
#t))
,phases))))
- ;; Shadow the native "kernel-headers" because glibc's recipe expects the
- ;; "kernel-headers" input to point to the right thing.
- (propagated-inputs `(("kernel-headers" ,xlinux-headers)))
+ ;; Shadow the native "linux-headers" because glibc's recipe expects the
+ ;; "linux-headers" input to point to the right thing.
+ (propagated-inputs `(("linux-headers" ,xlinux-headers)))
;; FIXME: 'static-bash' should really be an input, not a native input, but
;; to do that will require building an intermediate cross libc.
diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm
index 09b804f39a..51c7fd1052 100644
--- a/gnu/packages/cups.scm
+++ b/gnu/packages/cups.scm
@@ -135,17 +135,20 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.")
;; cups-filters package.
#:tests? #f
#:phases
- (modify-phases %standard-phases
- (add-before 'configure 'patch-makedefs
- (lambda _
- (substitute* "Makedefs.in"
- (("INITDIR.*=.*@INITDIR@") "INITDIR = @prefix@/@INITDIR@")
- (("/bin/sh") (which "sh")))))
- (add-before 'build 'patch-tests
- (lambda _
- (substitute* "test/ippserver.c"
- (("# else /\\* HAVE_AVAHI \\*/")
- "#elif defined(HAVE_AVAHI)")))))))
+ (alist-cons-before
+ 'configure
+ 'patch-makedefs
+ (lambda _
+ (substitute* "Makedefs.in"
+ (("INITDIR.*=.*@INITDIR@") "INITDIR = @prefix@/@INITDIR@")
+ (("/bin/sh") (which "sh"))))
+ (alist-cons-before
+ 'build
+ 'patch-tests
+ (lambda _
+ (substitute* "test/ippserver.c"
+ (("# else /\\* HAVE_AVAHI \\*/") "#elif defined(HAVE_AVAHI)")))
+ %standard-phases))))
(native-inputs
`(("pkg-config" ,pkg-config)))
(inputs
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index 895045d952..e05232dccd 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -86,7 +86,6 @@
("automake" ,automake)
("gettext" ,gnu-gettext)
("libtool" ,libtool)
- ("pcre" ,pcre "bin") ;for 'pcre-config'
("pkg-config" ,pkg-config)))
(inputs
`(("glib" ,glib)
@@ -95,6 +94,7 @@
("raptor2" ,raptor2)
("readline" ,readline)
("avahi" ,avahi)
+ ("pcre" ,pcre)
("cyrus-sasl" ,cyrus-sasl)
("openssl" ,openssl)
("util-linux" ,util-linux)))
@@ -114,14 +114,14 @@ either single machines or networked clusters.")
(define-public gdbm
(package
(name "gdbm")
- (version "1.12")
+ (version "1.11")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/gdbm/gdbm-"
version ".tar.gz"))
(sha256
(base32
- "1smwz4x5qa4js0zf1w3asq6z7mh20zlgwbh2bk5dczw6xrk22yyr"))))
+ "1hz3jgh3pd4qzp6jy0l8pd8x01g9abw7csnrlnj1a2sxy122z4cd"))))
(arguments `(#:configure-flags '("--enable-libgdbm-compat")))
(build-system gnu-build-system)
(home-page "http://www.gnu.org/software/gdbm/")
@@ -136,20 +136,18 @@ and provides interfaces to the traditional file format.")
(define-public bdb
(package
(name "bdb")
- (version "6.2.23")
+ (version "5.3.21")
(source (origin
(method url-fetch)
- (uri (string-append "http://download.oracle.com/berkeley-db/db-"
- version ".tar.gz"))
- (sha256
- (base32
- "1isxx4jfmnh913jzhp8hhfngbk6dsg46f4kjpvvc56maj64jqqa7"))))
+ (uri (string-append "http://download.oracle.com/berkeley-db/db-" version
+ ".tar.gz"))
+ (sha256 (base32
+ "1f2g2612lf8djbwbwhxsvmffmf9d7693kh2l20195pqp0f9jmnfx"))))
(build-system gnu-build-system)
(outputs '("out" ; programs, libraries, headers
"doc")) ; 94 MiB of HTML docs
(arguments
'(#:tests? #f ; no check target available
- #:disallowed-references ("doc")
#:phases
(alist-replace
'configure
@@ -167,9 +165,6 @@ and provides interfaces to the traditional file format.")
(string-append "CONFIG_SHELL=" (which "bash"))
(string-append "SHELL=" (which "bash"))
- ;; Remove 7 MiB of .a files.
- "--disable-static"
-
;; The compatibility mode is needed by some packages,
;; notably iproute2.
"--enable-compat185"
@@ -188,18 +183,6 @@ SQL, Key/Value, XML/XQuery or Java Object storage for their data model.")
(home-page
"http://www.oracle.com/us/products/database/berkeley-db/overview/index.html")))
-(define-public bdb-5.3
- (package (inherit bdb)
- (name "bdb")
- (version "5.3.28")
- (source (origin
- (method url-fetch)
- (uri (string-append "http://download.oracle.com/berkeley-db/db-"
- version ".tar.gz"))
- (sha256
- (base32
- "0a1n5hbl7027fbz5lm0vp0zzfp1hmxnz14wx3zl9563h83br5ag0"))))))
-
(define-public mysql
(package
(name "mysql")
@@ -482,7 +465,7 @@ for example from a shell script.")
(define-public sqlite
(package
(name "sqlite")
- (version "3.12.2")
+ (version "3.10.0")
(source (origin
(method url-fetch)
;; TODO: Download from sqlite.org once this bug :
@@ -513,7 +496,7 @@ for example from a shell script.")
))
(sha256
(base32
- "1fwss0i2lixv39b27gkqiibdd2syym90wh3qbiaxnfgxk867f07x"))))
+ "0hhhv6si0pyf5i8bv7a71953m0b4gk6s3j2h09caf7vif0njkk23"))))
(build-system gnu-build-system)
(inputs `(("readline" ,readline)))
(arguments
diff --git a/gnu/packages/dico.scm b/gnu/packages/dico.scm
index 87062f94dc..780d8efcc7 100644
--- a/gnu/packages/dico.scm
+++ b/gnu/packages/dico.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -44,8 +44,7 @@
(base32
"04pjks075x20d19l623mj50bw64g8i41s63z4kzzqcbg9qg96x64"))
(patches (search-patches "cpio-gets-undeclared.patch"
- "dico-libtool-deterministic.patch"
- "dico-idxgcide-bug.patch"))))
+ "dico-libtool-deterministic.patch"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags (list (string-append "--with-guile-site-dir=" %output
diff --git a/gnu/packages/ed.scm b/gnu/packages/ed.scm
index 3668aac19a..7cd1fcd71d 100644
--- a/gnu/packages/ed.scm
+++ b/gnu/packages/ed.scm
@@ -1,7 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012 Nikita Karetnikov <nikita@karetnikov.org>
;;; Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -28,24 +27,23 @@
(define-public ed
(package
(name "ed")
- (version "1.13")
+ (version "1.12")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/ed/ed-"
version ".tar.lz"))
(sha256
(base32
- "1ly7i1iw02vbcd0zrx084z577ngxnarffmkm45dg6vndad5carnd"))))
+ "0bw0187a311rci58vznvncsj6pfp8bhs5phrlrqn03sa2i1mfrfj"))))
(build-system gnu-build-system)
(native-inputs `(("lzip" ,lzip)))
(arguments
'(#:configure-flags '("CC=gcc")
- #:phases
- (modify-phases %standard-phases
- (add-before 'patch-source-shebangs 'patch-test-suite
- (lambda _
- (substitute* "testsuite/check.sh"
- (("/bin/sh") (which "sh"))))))))
+ #:phases (alist-cons-before 'patch-source-shebangs 'patch-test-suite
+ (lambda _
+ (substitute* "testsuite/check.sh"
+ (("/bin/sh") (which "sh"))))
+ %standard-phases)))
(home-page "http://www.gnu.org/software/ed/")
(synopsis "Line-oriented text editor")
(description
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index 825a355d63..7bc4288c5c 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -110,6 +110,14 @@
(substitute* (find-files "." "^Makefile\\.in$")
(("/bin/pwd")
"pwd"))))
+ (add-after 'install 'remove-info.info
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; Remove 'info.info', which is provided by Texinfo <= 6.0.
+ ;; TODO: Remove this phase when we switch to Texinfo 6.1.
+ (let ((out (assoc-ref outputs "out")))
+ (delete-file
+ (string-append out "/share/info/info.info.gz"))
+ #t)))
(add-after 'install 'install-site-start
;; Copy guix-emacs.el from Guix and add it to site-start.el. This
;; way, Emacs packages provided by Guix and installed in
diff --git a/gnu/packages/engineering.scm b/gnu/packages/engineering.scm
index f6c3d5fba6..b3e4431138 100644
--- a/gnu/packages/engineering.scm
+++ b/gnu/packages/engineering.scm
@@ -233,8 +233,7 @@ optimizer; and it can produce photorealistic and design review images.")
(build-system gnu-build-system)
(native-inputs
`(("texlive" ,texlive)
- ("ghostscript" ,ghostscript)
- ("ghostscript" ,ghostscript-gs)))
+ ("ghostscript" ,ghostscript)))
(arguments
`(#:make-flags '("CC=gcc" "RM=rm" "SHELL=sh" "all")
#:parallel-build? #f
diff --git a/gnu/packages/finance.scm b/gnu/packages/finance.scm
index 179e32507c..4d6c7392fb 100644
--- a/gnu/packages/finance.scm
+++ b/gnu/packages/finance.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2015, 2016 Andreas Enge <andreas@enge.fr>
+;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
;;;
@@ -61,7 +61,7 @@
("python" ,python-2) ; for the tests
("util-linux" ,util-linux))) ; provides the hexdump command for tests
(inputs
- `(("bdb" ,bdb-5.3) ; with 6.2.23, there is an error: ambiguous overload
+ `(("bdb" ,bdb)
("boost" ,boost)
("libevent" ,libevent)
("miniupnpc" ,miniupnpc)
diff --git a/gnu/packages/fonts.scm b/gnu/packages/fonts.scm
index 9b2281ad20..4bc4134640 100644
--- a/gnu/packages/fonts.scm
+++ b/gnu/packages/fonts.scm
@@ -126,7 +126,7 @@ TrueType (TTF) files.")
(define-public font-dejavu
(package
(name "font-dejavu")
- (version "2.35")
+ (version "2.34")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/dejavu/dejavu/"
@@ -134,7 +134,7 @@ TrueType (TTF) files.")
version ".tar.bz2"))
(sha256
(base32
- "122d35y93r820zhi6d7m9xhakdib10z51v63lnlg67qhhrardmzn"))))
+ "0pgb0a3ngamidacmrvasg51ck3gp8gn93w6sf1s8snwzx4x2r9yh"))))
(build-system trivial-build-system)
(arguments
`(#:modules ((guix build utils))
diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm
index 9ddbaec2f2..845e8b36c5 100644
--- a/gnu/packages/fontutils.scm
+++ b/gnu/packages/fontutils.scm
@@ -245,10 +245,10 @@ fonts to/from the WOFF2 format.")
(assoc-ref %build-inputs "gs-fonts")
"/share/fonts")
- ;; Register fonts from user and system profiles.
- (string-append "--with-add-fonts="
- "~/.guix-profile/share/fonts,"
- "/run/current-system/profile/share/fonts")
+ ;; register fonts from user profile
+ ;; TODO: Add /run/current-system/profile/share/fonts and remove
+ ;; the skeleton that works around it from 'default-skeletons'.
+ "--with-add-fonts=~/.guix-profile/share/fonts"
;; python is not actually needed
"PYTHON=false")
diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm
index e467dbe04c..e79ab481bb 100644
--- a/gnu/packages/games.scm
+++ b/gnu/packages/games.scm
@@ -1,6 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 John Darrington <jmd@gnu.org>
-;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org>
;;; Copyright © 2014, 2015, 2016 David Thompson <dthompson2@worcester.edu>
;;; Copyright © 2014, 2015, 2016 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2014 Cyrill Schenkel <cyrill.schenkel@gmail.com>
@@ -21,7 +20,7 @@
;;; Copyright © 2016 Albin Söderqvist <albin@fripost.org>
;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il"
+;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -2371,9 +2370,9 @@ Super Game Boy, BS-X Satellaview, and Sufami Turbo.")
(perl (string-append (assoc-ref %build-inputs
"perl")
"/bin"))
- (gzip (string-append (assoc-ref %build-inputs
+ (gunzip (string-append (assoc-ref %build-inputs
"gzip")
- "/bin/gzip"))
+ "/bin/gunzip"))
(tar (string-append (assoc-ref %build-inputs
"tar")
"/bin/tar"))
@@ -2383,7 +2382,7 @@ Super Game Boy, BS-X Satellaview, and Sufami Turbo.")
(begin
(mkdir out)
(copy-file tarball "grue-hunter.tar.gz")
- (zero? (system* gzip "-d" "grue-hunter.tar.gz"))
+ (zero? (system* gunzip "grue-hunter.tar.gz"))
(zero? (system* tar "xvf" "grue-hunter.tar"))
(mkdir-p bin)
diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm
index 1ca8ca0d59..233a20bc86 100644
--- a/gnu/packages/gcc.scm
+++ b/gnu/packages/gcc.scm
@@ -153,7 +153,7 @@ where the OS part is overloaded to denote a specific ABI---into GCC
("libelf" ,libelf)
("zlib" ,zlib)))
- ;; GCC < 5 is one of the few packages that doesn't ship .info files.
+ ;; GCC is one of the few packages that doesn't ship .info files.
(native-inputs `(("texinfo" ,texinfo)))
(arguments
@@ -352,9 +352,7 @@ Go. It also includes runtime support libraries for these languages.")
(sha256
(base32
"1ny4smkp5bzs3cp8ss7pl6lk8yss0d9m4av1mvdp72r1x695akxq"))
- (patches (search-patches "gcc-5.0-libvtv-runpath.patch"))))
- ;; GCC 5 ships with .info files, so no need for Texinfo.
- (native-inputs '())))
+ (patches (search-patches "gcc-5.0-libvtv-runpath.patch"))))))
(define-public gcc-6
(package
diff --git a/gnu/packages/gettext.scm b/gnu/packages/gettext.scm
index bf38543178..34338f936b 100644
--- a/gnu/packages/gettext.scm
+++ b/gnu/packages/gettext.scm
@@ -41,14 +41,14 @@
(define-public gnu-gettext
(package
(name "gettext")
- (version "0.19.8")
+ (version "0.19.7")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/gettext/gettext-"
version ".tar.gz"))
(sha256
(base32
- "13ylc6n3hsk919c7xl0yyibc3pfddzb53avdykn4hmk8g6yzd91x"))))
+ "0gy2b2aydj8r0sapadnjw8cmb8j2rynj28d5qs1mfa800njd51jk"))))
(build-system gnu-build-system)
(outputs '("out"
"doc")) ;8 MiB of HTML
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index f013a734e5..ff5a6a04f4 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -2,7 +2,7 @@
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2013, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2015 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -33,8 +33,7 @@
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
#:use-module (guix download)
- #:use-module (guix build-system gnu)
- #:use-module (guix build-system trivial))
+ #:use-module (guix build-system gnu))
(define-public lcms
(package
@@ -157,8 +156,7 @@ printing, and psresize, for adjusting page sizes.")
("python" ,python-wrapper)
("tcl" ,tcl)))
(arguments
- `(#:disallowed-references ("doc")
- #:phases
+ `(#:phases
(modify-phases %standard-phases
(add-after 'configure 'patch-config-files
(lambda _
@@ -174,15 +172,12 @@ printing, and psresize, for adjusting page sizes.")
(substitute* "base/gscdef.c"
(("GS_DOCDIR")
"\"~/.guix-profile/share/doc/ghostscript\""))))
- (replace 'build
- (lambda _
- ;; Build 'libgs.so', but don't build the statically-linked 'gs'
- ;; binary (saves 18 MiB).
- (zero? (system* "make" "so" "-j"
- (number->string (parallel-job-count))))))
- (replace 'install
- (lambda _
- (zero? (system* "make" "soinstall")))))))
+ (add-after 'build 'build-so
+ (lambda _
+ (zero? (system* "make" "so"))))
+ (add-after 'install 'install-so
+ (lambda _
+ (zero? (system* "make" "install-so")))))))
(synopsis "PostScript and PDF interpreter")
(description
"Ghostscript is an interpreter for the PostScript language and the PDF
@@ -199,40 +194,6 @@ output file formats and printers.")
("libxt" ,libxt)
,@(package-inputs ghostscript)))))
-(define (ghostscript-wrapper name ghostscript)
- ;; Return a GHOSTSCRIPT wrapper that provides the 'gs' command.
- ;; See <https://lists.gnu.org/archive/html/guix-devel/2016-07/msg00987.html>.
- (package
- (name name)
- (version (package-version ghostscript))
- (source #f)
- (build-system trivial-build-system)
- (inputs `(("ghostscript" ,ghostscript)))
- (arguments
- `(#:modules ((guix build utils))
- #:builder (begin
- (use-modules (guix build utils))
-
- (let* ((out (assoc-ref %outputs "out"))
- (bin (string-append out "/bin"))
- (gs (assoc-ref %build-inputs "ghostscript")))
- (mkdir-p bin)
- (with-directory-excursion bin
- (symlink (string-append gs "/bin/gsc") "gs")
- #t)))))
- (synopsis "Wrapper providing Ghostscript's 'gs' command")
- (description
- "This package provides the @command{gs} command, which used to be
-provided by Ghostscript itself and no longer is.")
- (license (package-license ghostscript))
- (home-page (package-home-page ghostscript))))
-
-(define-public ghostscript-gs
- (ghostscript-wrapper "ghostscript-gs" ghostscript))
-
-(define-public ghostscript-gs/x
- (ghostscript-wrapper "ghostscript-gs-with-x" ghostscript/x))
-
(define-public ijs
(package
(name "ijs")
diff --git a/gnu/packages/gl.scm b/gnu/packages/gl.scm
index a4bffe479f..f36d15a9b9 100644
--- a/gnu/packages/gl.scm
+++ b/gnu/packages/gl.scm
@@ -443,7 +443,7 @@ OpenGL graphics API.")
(define-public libepoxy
(package
(name "libepoxy")
- (version "1.3.1")
+ (version "1.2")
(source (origin
(method url-fetch)
(uri (string-append
@@ -453,7 +453,7 @@ OpenGL graphics API.")
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
- "1d1brhwfmlzgnphmdwlvn5wbcrxsdyzf1qfcf8nb89xqzznxs037"))))
+ "1xp8g6b7xlbym2rj4vkbl6xpb7ijq7glpv656mc7k9b01x22ihs2"))))
(arguments
`(#:phases
(alist-cons-after
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index 9bc7b65108..d18a8de22c 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -6,7 +6,6 @@
;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org>
;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org>
-;;; Copyright © 2016 Nils Gillmann <ng0@libertad.pw>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -50,7 +49,7 @@
(define-public libgpg-error
(package
(name "libgpg-error")
- (version "1.22")
+ (version "1.21")
(source
(origin
(method url-fetch)
@@ -58,7 +57,7 @@
version ".tar.bz2"))
(sha256
(base32
- "0ywxwswizmkyciy480kzczxn6nhbgzf3z8my4nk43nvv67k4x87j"))))
+ "0kdq2cbnk84fr4jqcv689rlxpbyl6bda2cn6y3ll19v3mlydpnxp"))))
(build-system gnu-build-system)
(home-page "https://gnupg.org")
(synopsis "Library of error values for GnuPG components")
@@ -74,14 +73,14 @@ Daemon and possibly more in the future.")
(define-public libgcrypt
(package
(name "libgcrypt")
- (version "1.7.0")
+ (version "1.6.5")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
version ".tar.bz2"))
(sha256
(base32
- "14pspxwrqcgfklw3dgmywbxqwdzcym7fznfrqh9rk4vl8jkpxrmh"))))
+ "0959mwfzsxhallxdqlw359xg180ll2skxwyy35qawmfl89cbr7pl"))))
(build-system gnu-build-system)
(propagated-inputs
`(("libgpg-error-host" ,libgpg-error)))
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 27c8ede8e9..8e5ff4569b 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -77,10 +77,7 @@
`(("perl" ,perl)
("python" ,python-2)))
(arguments
- `(;; XXX: parallel build fails, lacking:
- ;; mkdir -p "system_wrapper_js/"
- #:parallel-build? #f
- #:phases
+ `(#:phases
(alist-cons-before
'configure 'chdir
(lambda _
@@ -120,10 +117,7 @@ in C/C++.")
'(substitute* '("js/src/config/milestone.pl")
(("defined\\(@TEMPLATE_FILE)") "@TEMPLATE_FILE")))))
(arguments
- '(;; XXX: parallel build fails, lacking:
- ;; mkdir -p "system_wrapper_js/"
- #:parallel-build? #f
- #:phases
+ '(#:phases
(modify-phases %standard-phases
(replace
'configure
diff --git a/gnu/packages/graphics.scm b/gnu/packages/graphics.scm
index d0df83072e..f6298ce394 100644
--- a/gnu/packages/graphics.scm
+++ b/gnu/packages/graphics.scm
@@ -4,7 +4,6 @@
;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016 Andreas Enge <andreas@enge.fr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -301,8 +300,7 @@ visual effects work for film.")
"rapicorn-" version ".tar.xz"))
(sha256
(base32
- "1y51yjrpsihas1jy905m9p3r8iiyhq6bwi2690c564i5dnix1f9d"))
- (patches (search-patches "rapicorn-isnan.patch"))))
+ "1y51yjrpsihas1jy905m9p3r8iiyhq6bwi2690c564i5dnix1f9d"))))
(build-system gnu-build-system)
(arguments
`(#:phases
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index f50605a7fb..acae23ecea 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -166,8 +166,7 @@ without requiring the source code to be rewritten.")
(outputs '("out" "debug"))
(arguments
- `(#:configure-flags '("--disable-static") ;saves 3MiB
- #:phases (alist-cons-before
+ `(#:phases (alist-cons-before
'configure 'pre-configure
(lambda* (#:key inputs #:allow-other-keys)
;; Tell (ice-9 popen) the file name of Bash.
diff --git a/gnu/packages/gv.scm b/gnu/packages/gv.scm
index 240e3fc96c..5f8532144b 100644
--- a/gnu/packages/gv.scm
+++ b/gnu/packages/gv.scm
@@ -1,6 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
-;;; Copyright © 2013, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -39,7 +39,7 @@
(sha256 (base32
"0q8s43z14vxm41pfa8s5h9kyyzk1fkwjhkiwbf2x70alm6rv6qi1"))))
(build-system gnu-build-system)
- (propagated-inputs `(("ghostscript" ,ghostscript-gs/x)))
+ (propagated-inputs `(("ghostscript" ,ghostscript/x)))
(inputs `(("libx11" ,libx11)
("libxaw3d" ,libxaw3d)
("libxinerama" ,libxinerama)
diff --git a/gnu/packages/hurd.scm b/gnu/packages/hurd.scm
index a4c0296b04..2b2e162107 100644
--- a/gnu/packages/hurd.scm
+++ b/gnu/packages/hurd.scm
@@ -21,12 +21,12 @@
#:use-module (guix download)
#:use-module (guix packages)
#:use-module (gnu packages)
- #:use-module (guix utils)
#:use-module (guix build-system gnu)
#:use-module (guix build-system trivial)
#:use-module (gnu packages flex)
#:use-module (gnu packages bison)
#:use-module (gnu packages perl)
+ #:use-module (gnu packages autotools)
#:use-module (gnu packages base)
#:use-module (guix git-download))
@@ -55,11 +55,7 @@
;; GNU Mach supports only IA32 currently, so cheat so that we can at
;; least install its headers.
- ,@(if (%current-target-system)
- '()
- ;; See <http://lists.gnu.org/archive/html/bug-hurd/2015-06/msg00042.html>
- ;; <http://lists.gnu.org/archive/html/guix-devel/2015-06/msg00716.html>
- '(#:configure-flags '("--build=i586-pc-gnu")))
+ #:configure-flags '("--build=i686-pc-gnu")
#:tests? #f))
(home-page "https://www.gnu.org/software/hurd/microkernel/mach/gnumach.html")
@@ -112,7 +108,11 @@ communication.")
"1pbc4aqgzxvkgivw80ghp3w755cl0fwxmg357vq7chimj64jk78d"))))
(build-system gnu-build-system)
(native-inputs
- `(("mig" ,mig)))
+ `(;; Autoconf shouldn't be necessary but there seems to be a bug in the
+ ;; build system triggering its use.
+ ("autoconf" ,autoconf)
+
+ ("mig" ,mig)))
(arguments
`(#:phases (alist-replace
'install
@@ -122,19 +122,10 @@ communication.")
#:configure-flags '(;; Pretend we're on GNU/Hurd; 'configure' wants
;; that.
- ,@(if (%current-target-system)
- '()
- '("--host=i586-pc-gnu"))
+ "--build=i686-pc-gnu"
;; Reduce set of dependencies.
- "--without-parted"
- "--disable-ncursesw"
- "--disable-test"
- "--without-libbz2"
- "--without-libz"
- ;; Skip the clnt_create check because it expects
- ;; a working glibc causing a circular dependency.
- "ac_cv_search_clnt_create=no")
+ "--without-parted")
#:tests? #f))
(home-page "http://www.gnu.org/software/hurd/hurd.html")
@@ -149,28 +140,46 @@ Library and other user programs.")
(name "hurd-minimal")
(inputs `(("glibc-hurd-headers" ,glibc/hurd-headers)))
(native-inputs
- `(("mig" ,mig)))
+ `(("autoconf" ,(autoconf-wrapper))
+ ("mig" ,mig)))
+
(arguments
- (substitute-keyword-arguments (package-arguments hurd-headers)
- ((#:phases _)
- '(alist-replace
- 'install
- (lambda* (#:key outputs #:allow-other-keys)
- (let ((out (assoc-ref outputs "out")))
- ;; We need to copy libihash.a to the output directory manually,
- ;; since there is no target for that in the makefile.
- (mkdir-p (string-append out "/include"))
- (copy-file "libihash/ihash.h"
- (string-append out "/include/ihash.h"))
- (mkdir-p (string-append out "/lib"))
- (copy-file "libihash/libihash.a"
- (string-append out "/lib/libihash.a"))
- #t))
- (alist-replace
- 'build
- (lambda _
- (zero? (system* "make" "-Clibihash" "libihash.a")))
- %standard-phases)))))
+ `(#:phases (alist-replace
+ 'install
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out")))
+ ;; We need to copy libihash.a to the output directory manually,
+ ;; since there is no target for that in the makefile.
+ (mkdir-p (string-append out "/include"))
+ (copy-file "libihash/ihash.h"
+ (string-append out "/include/ihash.h"))
+ (mkdir-p (string-append out "/lib"))
+ (copy-file "libihash/libihash.a"
+ (string-append out "/lib/libihash.a"))
+ #t))
+ (alist-replace
+ 'build
+ (lambda _
+ (zero? (system* "make" "-Clibihash" "libihash.a")))
+ (alist-cons-before
+ 'configure 'bootstrap
+ (lambda _
+ (zero? (system* "autoreconf" "-vfi")))
+ %standard-phases)))
+ #:configure-flags '(;; Pretend we're on GNU/Hurd; 'configure' wants
+ ;; that.
+ "--host=i686-pc-gnu"
+
+ ;; Reduce set of dependencies.
+ "--disable-ncursesw"
+ "--disable-test"
+ "--without-libbz2"
+ "--without-libz"
+ "--without-parted"
+ ;; Skip the clnt_create check because it expects
+ ;; a working glibc causing a circular dependency.
+ "ac_cv_search_clnt_create=no")
+ #:tests? #f))
(home-page "http://www.gnu.org/software/hurd/hurd.html")
(synopsis "GNU Hurd libraries")
(description
diff --git a/gnu/packages/ld-wrapper.in b/gnu/packages/ld-wrapper.in
index ebfd8332c4..c92ed1dcc7 100644
--- a/gnu/packages/ld-wrapper.in
+++ b/gnu/packages/ld-wrapper.in
@@ -6,16 +6,12 @@
# the shebang line in Linux.
# Use `load-compiled' because `load' (and `-l') doesn't otherwise load our
# .go file (see <http://bugs.gnu.org/12519>).
-# Unset 'GUILE_LOAD_COMPILED_PATH' to make sure we do not stumble upon
-# incompatible .go files. See
-# <https://lists.gnu.org/archive/html/guile-devel/2016-03/msg00000.html>.
-unset GUILE_LOAD_COMPILED_PATH
main="(@ (gnu build-support ld-wrapper) ld-wrapper)"
exec @GUILE@ -c "(load-compiled \"@SELF@.go\") (apply $main (cdr (command-line)))" "$@"
!#
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index f6352da486..abddd74fb5 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -106,7 +106,7 @@
version "-gnu.tar.xz")))
(define-public linux-libre-headers
- (let* ((version "4.1.18")
+ (let* ((version "3.14.37")
(build-phase
(lambda (arch)
`(lambda _
@@ -144,7 +144,7 @@
(uri (linux-libre-urls version))
(sha256
(base32
- "1bddh2rg645lavhjkk9z75vflba5y0g73z2fjwgbfrj5jb44x9i7"))))
+ "1blxr2bsvfqi9khj4cpspv434bmx252zak2wsbi2mgl60zh77gza"))))
(build-system gnu-build-system)
(native-inputs `(("perl" ,perl)))
(arguments
@@ -469,11 +469,12 @@ providing the system administrator with some help in common tasks.")
(("build_kill=yes") "build_kill=no"))
#t))))
(build-system gnu-build-system)
- (outputs '("out"
- "static")) ; >2 MiB of static .a libraries
(arguments
`(#:configure-flags (list "--disable-use-tty-group"
+ ;; Do not build .a files to save 2 MiB.
+ "--disable-static"
+
;; Install completions where our
;; bash-completion package expects them.
(string-append "--with-bashcompletiondir="
@@ -498,19 +499,6 @@ providing the system administrator with some help in common tasks.")
(substitute* "tests/ts/misc/mcookie"
(("/etc/services")
(string-append net "/etc/services")))
- #t)))
- (add-after
- 'install 'move-static-libraries
- (lambda* (#:key outputs #:allow-other-keys)
- (let ((out (assoc-ref outputs "out"))
- (static (assoc-ref outputs "static")))
- (mkdir-p (string-append static "/lib"))
- (with-directory-excursion out
- (for-each (lambda (file)
- (rename-file file
- (string-append static "/"
- file)))
- (find-files "lib" "\\.a$")))
#t))))))
(inputs `(("zlib" ,zlib)
("ncurses" ,ncurses)))
@@ -539,9 +527,7 @@ block devices, UUIDs, TTYs, and many other tools.")
"procps-ng-" version ".tar.xz"))
(sha256
(base32
- "1va4n0mpsq327ca9dqp4hnrpgs6821rp0f2m0jyc1bfjl9lk2jg9"))
- (patches
- (list (search-patch "procps-non-linux.patch")))))
+ "1va4n0mpsq327ca9dqp4hnrpgs6821rp0f2m0jyc1bfjl9lk2jg9"))))
(build-system gnu-build-system)
(arguments
'(#:modules ((guix build utils)
@@ -1576,7 +1562,7 @@ to use Linux' inotify mechanism, which allows file accesses to be monitored.")
(define-public kmod
(package
(name "kmod")
- (version "22")
+ (version "17")
(source (origin
(method url-fetch)
(uri
@@ -1584,7 +1570,7 @@ to use Linux' inotify mechanism, which allows file accesses to be monitored.")
"kmod-" version ".tar.xz"))
(sha256
(base32
- "10lzfkmnpq6a43a3gkx7x633njh216w0bjwz31rv8a1jlgg1sfxs"))
+ "1yid3a9b64a60ybj66fk2ysrq5klnl0ijl4g624cl16y8404g9rv"))
(patches (search-patches "kmod-module-directory.patch"))))
(build-system gnu-build-system)
(native-inputs
@@ -2608,26 +2594,12 @@ and copy/paste text in the console and in xterm.")
(base32
"06c9l6m3w29dndk17jrlpgr01wykl10h34zva8zc2c571z6mrlaf"))))
(build-system gnu-build-system)
- (outputs '("out"
- "static")) ; static versions of binaries in "out" (~16MiB!)
(arguments
- '(#:phases (modify-phases %standard-phases
- (add-after 'build 'build-static
- (lambda _ (zero? (system* "make" "static"))))
- (add-after 'install 'install-static
- (let ((staticbin (string-append (assoc-ref %outputs "static")
- "/bin")))
- (lambda _
- (zero? (system* "make"
- (string-append "bindir=" staticbin)
- "install-static"))))))
- #:test-target "test"
+ '(#:test-target "test"
#:parallel-tests? #f)) ; tests fail when run in parallel
(inputs `(("e2fsprogs" ,e2fsprogs)
("libblkid" ,util-linux)
- ("libblkid:static" ,util-linux "static")
("libuuid" ,util-linux)
- ("libuuid:static" ,util-linux "static")
("zlib" ,zlib)
("lzo" ,lzo)))
(native-inputs `(("pkg-config" ,pkg-config)
diff --git a/gnu/packages/lisp.scm b/gnu/packages/lisp.scm
index 8ee249d397..bfbd53f148 100644
--- a/gnu/packages/lisp.scm
+++ b/gnu/packages/lisp.scm
@@ -148,7 +148,7 @@ interface to the Tk widget system.")
`("CPATH" suffix
,(map (lambda (lib)
(input-path lib "/include"))
- `("kernel-headers" ,@libraries)))
+ `("linux-headers" ,@libraries)))
`("LIBRARY_PATH" suffix ,library-directories)
`("LD_LIBRARY_PATH" suffix ,library-directories)))))
(add-after 'wrap 'check (assoc-ref %standard-phases 'check)))))
diff --git a/gnu/packages/lout.scm b/gnu/packages/lout.scm
index 1355e0387a..f6715c88d6 100644
--- a/gnu/packages/lout.scm
+++ b/gnu/packages/lout.scm
@@ -87,9 +87,8 @@
"1gb8vb1wl7ikn269dd1c7ihqhkyrwk19jwx5kd0rdvbk6g7g25ix"))))
(build-system gnu-build-system) ; actually, just a makefile
(outputs '("out" "doc"))
- (native-inputs
- `(("ghostscript" ,ghostscript)
- ("ghostscript-gs" ,ghostscript-gs)))
+ (inputs
+ `(("ghostscript" ,ghostscript)))
(arguments `(#:modules ((guix build utils)
(guix build gnu-build-system)
(srfi srfi-1)) ; we need SRFI-1
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 28978a8ba5..534fa2af08 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
;;; Copyright © 2014 Sou Bunnbu <iyzsong@gmail.com>
@@ -743,12 +743,12 @@ delivery.")
("gzip" ,gzip)
("bzip2" ,bzip2)
("xz" ,xz)
+ ("pcre" ,pcre)
("perl" ,perl)
("libxt" ,libxt)
("libxaw" ,libxaw)))
(native-inputs
- `(("pcre" ,pcre "bin")
- ("perl" ,perl)))
+ `(("perl" ,perl)))
(arguments
'(#:phases
(alist-replace
@@ -1206,7 +1206,8 @@ deliver it in various ways.")
;; filesystem are performed during 'make install'. However, these
;; are performed before the actual build process.
(build-system gnu-build-system)
- (inputs `(("exim" ,exim)))
+ (inputs `(("glibc" ,glibc)
+ ("exim" ,exim)))
(home-page "http://www.procmail.org/")
(synopsis "Versatile mail delivery agent (MDA)")
(description "Procmail is a mail delivery agent (MDA) featuring support
diff --git a/gnu/packages/make-bootstrap.scm b/gnu/packages/make-bootstrap.scm
index def9c23b17..85dfaa6b6f 100644
--- a/gnu/packages/make-bootstrap.scm
+++ b/gnu/packages/make-bootstrap.scm
@@ -344,7 +344,7 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
(libdir (string-append out "/lib"))
(incdir (string-append out "/include"))
(libc (assoc-ref %build-inputs "libc"))
- (linux (assoc-ref %build-inputs "kernel-headers")))
+ (linux (assoc-ref %build-inputs "linux-headers")))
(mkdir-p libdir)
(for-each (lambda (file)
(let ((target (string-append libdir "/"
@@ -379,7 +379,7 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
(parameterize ((%current-target-system #f))
(cross-libc target)))
glibc)))
- ("kernel-headers" ,linux-libre-headers)))
+ ("linux-headers" ,linux-libre-headers)))
;; Only one output.
(outputs '("out")))))
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index fcea0bca0e..e81b197061 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -2192,14 +2192,7 @@ specifications.")
;; Pretend to be on a 64 bit platform to obtain a common directory
;; name for the build results on all architectures; nothing else
;; seems to depend on it.
- (("^PLATFORM=.*$") "PLATFORM=ux64\n")
-
- ;; The check for 'isnan' as it is written fails with
- ;; "non-floating-point argument in call to function
- ;; ‘__builtin_isnan’", which leads to the 'NOISNAN' cpp macro
- ;; definition, which in turn leads to bad things. Fix the feature
- ;; test.
- (("isnan\\(0\\)") "isnan(0.)")))))
+ (("^PLATFORM=.*$") "PLATFORM=ux64\n")))))
(build-system gnu-build-system)
(arguments
`(#:tests? #f ; no check target
@@ -2208,10 +2201,11 @@ specifications.")
(delete 'configure)
(replace 'build
(lambda _
- (and (with-directory-excursion "lpsolve55"
- (zero? (system* "bash" "ccc")))
- (with-directory-excursion "lp_solve"
- (zero? (system* "bash" "ccc"))))))
+ (with-directory-excursion "lpsolve55"
+ (system* "bash" "ccc"))
+ (with-directory-excursion "lp_solve"
+ (system* "bash" "ccc"))
+ #t))
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
@@ -2247,7 +2241,7 @@ revised simplex and the branch-and-bound methods.")
(define-public dealii
(package
(name "dealii")
- (version "8.4.1")
+ (version "8.2.1")
(source
(origin
(method url-fetch)
@@ -2255,7 +2249,8 @@ revised simplex and the branch-and-bound methods.")
"download/v" version "/dealii-" version ".tar.gz"))
(sha256
(base32
- "1bdksvvyp1rj37df1ndh8j3x9nzpc3sazw8nd0hzvnlw0qnyk800"))
+ "185jych0gdnpkjwxni7pd0dda149492zwq2457xdjg76bzj78mnp"))
+ (patches (search-patches "dealii-p4est-interface.patch"))
(modules '((guix build utils)))
(snippet
;; Remove bundled sources: UMFPACK, TBB, muParser, and boost
diff --git a/gnu/packages/mit-krb5.scm b/gnu/packages/mit-krb5.scm
index 2b8839c7e9..565163732e 100644
--- a/gnu/packages/mit-krb5.scm
+++ b/gnu/packages/mit-krb5.scm
@@ -30,7 +30,7 @@
(define-public mit-krb5
(package
(name "mit-krb5")
- (version "1.14.2")
+ (version "1.13.3")
(source (origin
(method url-fetch)
(uri (string-append "http://web.mit.edu/kerberos/dist/krb5/"
@@ -38,24 +38,18 @@
"/krb5-" version ".tar.gz"))
(sha256
(base32
- "09wbv969ak4fqlqr1ip5bi62fny1zlp1vwjarvj6a6cdfzkdgjkb"))))
+ "1gpscn78lv48dxccxq9ncyj53w9l2a15xmngjfa1wylvmn7g0jjx"))
+ (patches
+ (search-patches "mit-krb5-init-context-null-spnego.patch"
+ "mit-krb5-CVE-2015-8629.patch"
+ "mit-krb5-CVE-2015-8630.patch"
+ "mit-krb5-CVE-2015-8631.patch"))))
(build-system gnu-build-system)
(native-inputs
`(("bison" ,bison)
("perl" ,perl)))
(arguments
- `(;; Work around "No rule to make target '../../include/gssapi/gssapi.h',
- ;; needed by 'authgss_prot.so'."
- #:parallel-build? #f
-
- ;; Likewise with tests.
- #:parallel-tests? #f
-
- ;; XXX: On 32-bit systems, 'kdb5_util' hangs on an fcntl/F_SETLKW call
- ;; while running the tests in 'src/tests'.
- #:tests? ,(string=? (%current-system) "x86_64-linux")
-
- #:phases
+ `(#:phases
(modify-phases %standard-phases
(add-after 'unpack 'enter-source-directory
(lambda _
diff --git a/gnu/packages/multiprecision.scm b/gnu/packages/multiprecision.scm
index 46540be5c4..99243235ad 100644
--- a/gnu/packages/multiprecision.scm
+++ b/gnu/packages/multiprecision.scm
@@ -80,13 +80,13 @@ cryptography and computational algebra.")
(define-public mpfr
(package
(name "mpfr")
- (version "3.1.4")
+ (version "3.1.3")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/mpfr/mpfr-" version
".tar.xz"))
(sha256 (base32
- "1x8pcnpn1vxfzfsr0js07rwhwyq27fmdzcfjpzi5773ldnqi653n"))))
+ "05jaa5z78lvrayld09nyr0v27c1m5dm9l7kr85v2bj4jv65s0db8"))))
(build-system gnu-build-system)
(outputs '("out" "debug"))
(propagated-inputs `(("gmp" ,gmp))) ; <mpfr.h> refers to <gmp.h>
diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm
index 8dbdf2ca29..9bde1d7ac2 100644
--- a/gnu/packages/music.scm
+++ b/gnu/packages/music.scm
@@ -405,7 +405,7 @@ interface. It is implemented as a frontend to @code{klick}.")
("font-tex-gyre" ,font-tex-gyre)
("fontconfig" ,fontconfig)
("freetype" ,freetype)
- ("ghostscript" ,ghostscript-gs)
+ ("ghostscript" ,ghostscript)
("pango" ,pango)
("python" ,python-2)))
(native-inputs
diff --git a/gnu/packages/netpbm.scm b/gnu/packages/netpbm.scm
index cd0c3d950d..475635e7e1 100644
--- a/gnu/packages/netpbm.scm
+++ b/gnu/packages/netpbm.scm
@@ -1,6 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
-;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -27,7 +27,6 @@
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages python)
#:use-module (gnu packages xml)
- #:use-module (gnu packages xorg)
#:use-module (guix build-system gnu)
#:use-module ((guix licenses) #:select (gpl2))
#:use-module (guix packages)
@@ -55,8 +54,9 @@
(file-name (string-append name "-" version "-checkout"))
(modules '((guix build utils)))
(snippet
+ ;; Remove non-FSDG-compliant code.
'(begin
- ;; Remove non-FSDG-compliant code.
+ (use-modules (guix build utils))
(define-syntax drop
(syntax-rules (in)
@@ -84,22 +84,13 @@
(drop "pbmto4425" "pbmtoln03" "pbmtolps" "pbmtopk" "pktopbm"
in "converter/pbm")
(drop "spottopgm" in "converter/pgm")
- (drop "ppmtopjxl" in "converter/ppm")
-
- ;; Remove timestamps from the generated code.
- (substitute* "buildtools/stamp-date"
- (("^DATE=.*")
- "DATE=\"Thu Jan 01 00:00:00+0000 1970\"\n")
- (("^USER=.*")
- "USER=Guix\n"))))))
-
+ (drop "ppmtopjxl" in "converter/ppm")))))
(build-system gnu-build-system)
(inputs `(("ghostscript" ,ghostscript)
("libjpeg" ,libjpeg)
("libpng" ,libpng)
("libtiff" ,libtiff)
("libxml2" ,libxml2)
- ("xorg-rgb" ,xorg-rgb)
("zlib" ,zlib)))
(native-inputs
`(("flex" ,flex)
@@ -108,62 +99,50 @@
("python" ,python-wrapper)))
(arguments
`(#:phases
- (modify-phases %standard-phases
- (replace 'configure
- (lambda* (#:key inputs outputs #:allow-other-keys)
- (copy-file "config.mk.in" "config.mk")
- (chmod "config.mk" #o664)
- (let ((f (open-file "config.mk" "a")))
- (display "CC=gcc\n" f)
- (display "CFLAGS_SHLIB += -fPIC\n" f)
- (display "TIFFLIB = libtiff.so\n" f)
- (display "JPEGLIB = libjpeg.so\n" f)
- (display "ZLIB = libz.so\n" f)
- (display (string-append "LDFLAGS += -Wl,-rpath=" %output "/lib") f)
- (close-port f))
-
- (let ((rgb (string-append (assoc-ref inputs "xorg-rgb")
- "/share/X11/rgb.txt")))
- (substitute* "pm_config.in.h"
- (("/usr/share/X11/rgb.txt") rgb))
-
- ;; Our Ghostscript no longer provides the 'gs' command, only
- ;; 'gsc', so look for that instead.
- (substitute* "converter/other/pstopnm.c"
- (("\"%s/gs\"")
- "\"%s/gsc\"")))
- #t))
- (add-before 'check 'setup-check
- (lambda _
- ;; install temporarily into /tmp/netpbm
- (system* "make" "package")
- ;; remove test requiring X
- (substitute* "test/all-in-place.test" (("pamx") ""))
- ;; do not worry about non-existing file
- (substitute* "test/all-in-place.test" (("^rm ") "rm -f "))
- ;; remove four tests that fail for unknown reasons
- (substitute* "test/Test-Order"
- (("all-in-place.test") "")
- (("pnmpsnr.test") "")
- (("pnmremap1.test") "")
- (("gif-roundtrip.test") ""))
- #t))
- (replace 'install
- (lambda* (#:key outputs make-flags #:allow-other-keys)
- (let ((out (assoc-ref outputs "out")))
- (apply system* "make" "package"
- (string-append "pkgdir=" out) make-flags)
- ;; copy static library
- (copy-file (string-append out "/link/libnetpbm.a")
- (string-append out "/lib/libnetpbm.a"))
- ;; remove superfluous folders and files
- (system* "rm" "-r" (string-append out "/link"))
- (system* "rm" "-r" (string-append out "/misc"))
- (with-directory-excursion out
- (for-each delete-file
- '("config_template" "pkginfo" "README"
- "VERSION")))
- #t))))))
+ (alist-replace
+ 'configure
+ (lambda _
+ (copy-file "config.mk.in" "config.mk")
+ (chmod "config.mk" #o664)
+ (let ((f (open-file "config.mk" "a")))
+ (display "CC=gcc\n" f)
+ (display "CFLAGS_SHLIB += -fPIC\n" f)
+ (display "TIFFLIB = libtiff.so\n" f)
+ (display "JPEGLIB = libjpeg.so\n" f)
+ (display "ZLIB = libz.so\n" f)
+ (display (string-append "LDFLAGS += -Wl,-rpath=" %output "/lib") f)
+ (close-port f)))
+ (alist-cons-before
+ 'check 'setup-check
+ (lambda _
+ ;; install temporarily into /tmp/netpbm
+ (system* "make" "package")
+ ;; remove test requiring X
+ (substitute* "test/all-in-place.test" (("pamx") ""))
+ ;; do not worry about non-existing file
+ (substitute* "test/all-in-place.test" (("^rm ") "rm -f "))
+ ;; remove four tests that fail for unknown reasons
+ (substitute* "test/Test-Order"
+ (("all-in-place.test") "")
+ (("pnmpsnr.test") "")
+ (("pnmremap1.test") "")
+ (("gif-roundtrip.test") "")))
+ (alist-replace
+ 'install
+ (lambda* (#:key outputs make-flags #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out")))
+ (apply system* "make" "package"
+ (string-append "pkgdir=" out) make-flags)
+ ;; copy static library
+ (copy-file (string-append out "/link/libnetpbm.a")
+ (string-append out "/lib/libnetpbm.a"))
+ ;; remove superfluous folders and files
+ (system* "rm" "-r" (string-append out "/link"))
+ (system* "rm" "-r" (string-append out "/misc"))
+ (with-directory-excursion out
+ (for-each delete-file
+ '("config_template" "pkginfo" "README" "VERSION")))))
+ %standard-phases)))))
(synopsis "Toolkit for manipulation of images")
(description
"Netpbm is a toolkit for the manipulation of graphic images, including
diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm
index c14d83c016..bd913f6ecd 100644
--- a/gnu/packages/ocaml.scm
+++ b/gnu/packages/ocaml.scm
@@ -569,7 +569,6 @@ libpanel, librsvg and quartz.")
(native-inputs
`(("ocaml" ,ocaml)
;; For documentation
- ("ghostscript-gs" ,ghostscript-gs)
("ghostscript" ,ghostscript)
("texlive" ,texlive)
("hevea" ,hevea)
diff --git a/gnu/packages/openldap.scm b/gnu/packages/openldap.scm
index 4bbc6a6bf8..429078fc92 100644
--- a/gnu/packages/openldap.scm
+++ b/gnu/packages/openldap.scm
@@ -34,8 +34,9 @@
(define-public openldap
(package
+ (replacement openldap-2.4.44)
(name "openldap")
- (version "2.4.44")
+ (version "2.4.42")
(source (origin
(method url-fetch)
@@ -52,9 +53,9 @@
"openldap-release/openldap-" version ".tgz")))
(sha256
(base32
- "0044p20hx07fwgw2mbwj1fkx04615hhs1qyx4mawj2bhqvrnppnp"))))
+ "0qwfpb5ipp2l76v11arghq5mr0sjc6xhjfg8a0kgsaw5qpib1dzf"))))
(build-system gnu-build-system)
- (inputs `(("bdb" ,bdb-5.3)
+ (inputs `(("bdb" ,bdb)
("openssl" ,openssl)
("cyrus-sasl" ,cyrus-sasl)
("groff" ,groff)
@@ -77,3 +78,24 @@
"OpenLDAP is a free implementation of the Lightweight Directory Access Protocol.")
(license openldap2.8)
(home-page "http://www.openldap.org/")))
+
+(define openldap-2.4.44
+ (package
+ (inherit openldap)
+ (replacement #f)
+ (source
+ (let ((version "2.4.44"))
+ (origin
+ (method url-fetch)
+ (uri (list (string-append
+ "ftp://mirror.switch.ch/mirror/OpenLDAP/"
+ "openldap-release/openldap-" version ".tgz")
+ (string-append
+ "ftp://ftp.OpenLDAP.org/pub/OpenLDAP/"
+ "openldap-release/openldap-" version ".tgz")
+ (string-append
+ "ftp://ftp.dti.ad.jp/pub/net/OpenLDAP/"
+ "openldap-release/openldap-" version ".tgz")))
+ (sha256
+ (base32
+ "0044p20hx07fwgw2mbwj1fkx04615hhs1qyx4mawj2bhqvrnppnp")))))))
diff --git a/gnu/packages/patches/automake-test-gzip-warning.patch b/gnu/packages/patches/automake-test-gzip-warning.patch
deleted file mode 100644
index bcc9c207ae..0000000000
--- a/gnu/packages/patches/automake-test-gzip-warning.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-Adjust test to ignore gzip 1.8+ warnings.
-
---- automake-1.15/t/distcheck-no-prefix-or-srcdir-override.sh 2016-06-14 00:36:26.554218552 +0200
-+++ automake-1.15/t/distcheck-no-prefix-or-srcdir-override.sh 2016-06-14 00:37:52.903157770 +0200
-@@ -49,7 +49,11 @@ grep "cannot find sources.* in foobar" s
-
- ./configure
- run_make -E -O distcheck
--test ! -s stderr
-+
-+# Gzip 1.8+ emits warnings like "gzip: warning: GZIP environment
-+# variable is deprecated"; filter them out.
-+test `grep -v '^gzip: warning' stderr | wc -l` -eq 0
-+
- # Sanity check: the flags have been actually seen.
- $PERL -e 'undef $/; $_ = <>; s/ \\\n/ /g; print;' <stdout >t
- grep '/configure .* --srcdir am-src' t || exit 99
diff --git a/gnu/packages/patches/dealii-p4est-interface.patch b/gnu/packages/patches/dealii-p4est-interface.patch
new file mode 100644
index 0000000000..4c4125d16c
--- /dev/null
+++ b/gnu/packages/patches/dealii-p4est-interface.patch
@@ -0,0 +1,62 @@
+From upstream commit f764598c.
+
+The p4est_connectivity_load function used to take an unsigned long as argument,
+but this has been changed to size_t in p4est 1.0. This makes no difference on
+64 bit systems, but leads to compiler errors on 32 bit systems. Fix this.
+
+--- a/source/distributed/tria.cc
++++ b/source/distributed/tria.cc
+@@ -204,7 +204,11 @@ namespace internal
+ static
+ int (&connectivity_is_valid) (types<2>::connectivity *connectivity);
+
+-#if DEAL_II_P4EST_VERSION_GTE(0,3,4,3)
++#if DEAL_II_P4EST_VERSION_GTE(1,0,0,0)
++ static
++ types<2>::connectivity *(&connectivity_load) (const char *filename,
++ size_t *length);
++#elif DEAL_II_P4EST_VERSION_GTE(0,3,4,3)
+ static
+ types<2>::connectivity *(&connectivity_load) (const char *filename,
+ long unsigned *length);
+@@ -384,7 +388,12 @@ namespace internal
+ *connectivity)
+ = p4est_connectivity_is_valid;
+
+-#if DEAL_II_P4EST_VERSION_GTE(0,3,4,3)
++#if DEAL_II_P4EST_VERSION_GTE(1,0,0,0)
++ types<2>::connectivity *
++ (&functions<2>::connectivity_load) (const char *filename,
++ size_t *length)
++ = p4est_connectivity_load;
++#elif DEAL_II_P4EST_VERSION_GTE(0,3,4,3)
+ types<2>::connectivity *
+ (&functions<2>::connectivity_load) (const char *filename,
+ long unsigned *length)
+@@ -564,7 +573,11 @@ namespace internal
+ static
+ int (&connectivity_is_valid) (types<3>::connectivity *connectivity);
+
+-#if DEAL_II_P4EST_VERSION_GTE(0,3,4,3)
++#if DEAL_II_P4EST_VERSION_GTE(1,0,0,0)
++ static
++ types<3>::connectivity *(&connectivity_load) (const char *filename,
++ size_t *length);
++#elif DEAL_II_P4EST_VERSION_GTE(0,3,4,3)
+ static
+ types<3>::connectivity *(&connectivity_load) (const char *filename,
+ long unsigned *length);
+@@ -747,7 +760,12 @@ namespace internal
+ *connectivity)
+ = p8est_connectivity_is_valid;
+
+-#if DEAL_II_P4EST_VERSION_GTE(0,3,4,3)
++#if DEAL_II_P4EST_VERSION_GTE(1,0,0,0)
++ types<3>::connectivity *
++ (&functions<3>::connectivity_load) (const char *filename,
++ size_t *length)
++ = p8est_connectivity_load;
++#elif DEAL_II_P4EST_VERSION_GTE(0,3,4,3)
+ types<3>::connectivity *
+ (&functions<3>::connectivity_load) (const char *filename,
+ long unsigned *length)
diff --git a/gnu/packages/patches/dico-idxgcide-bug.patch b/gnu/packages/patches/dico-idxgcide-bug.patch
deleted file mode 100644
index 28cc8a6a08..0000000000
--- a/gnu/packages/patches/dico-idxgcide-bug.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-Reported at <http://mail.gnu.org.ua/archives/bug-dico/2016-07/msg00000.html>.
-Patch the .c file to avoid depending on Flex.
-
-commit 4599abbda3b5979367138ea098e435c919fe93fc
-Author: Sergey Poznyakoff <gray@gnu.org>
-Date: Thu Jul 28 14:09:58 2016 +0300
-
- Bugfix
-
- * modules/gcide/idxgcide.l (main): Initialize ipg_header.
-
---- dico-2.2/modules/gcide/idxgcide.c 2016-07-28 14:15:07.823587004 +0200
-+++ dico-2.2/modules/gcide/idxgcide.c 2016-07-28 14:15:09.435600549 +0200
-@@ -2497,6 +2497,7 @@ main(int argc, char **argv)
- dico_log(L_ERR, 0, _("not enough memory"));
- exit(EX_UNAVAILABLE);
- }
-+ idx_page->ipg_header.hdr.phdr_numentries = 0;
- idx_page->ipg_header.hdr.phdr_text_offset = idx_header.ihdr_pagesize / 2;
-
- idx_header.ihdr_maxpageref = idx_header.ihdr_pagesize / 2 /
diff --git a/gnu/packages/patches/expat-CVE-2015-1283-refix.patch b/gnu/packages/patches/expat-CVE-2015-1283-refix.patch
index fc8d6291f5..af5e3bcc3e 100644
--- a/gnu/packages/patches/expat-CVE-2015-1283-refix.patch
+++ b/gnu/packages/patches/expat-CVE-2015-1283-refix.patch
@@ -1,39 +1,42 @@
-Follow-up upstream fix for CVE-2015-1283 to not rely on undefined
-behavior.
+Update previous fix for CVE-2015-1283 to not rely on undefined behavior.
-Adapted from a patch from Debian (found in Debian package version
-2.1.0-6+deb8u2) to apply to upstream code:
+Copied from Debian, as found in Debian package version 2.1.0-6+deb8u2.
https://sources.debian.net/src/expat/2.1.0-6%2Bdeb8u2/debian/patches/CVE-2015-1283-refix.patch/
+From 29a11774d8ebbafe8418b4a5ffb4cc1160b194a1 Mon Sep 17 00:00:00 2001
+From: Pascal Cuoq <cuoq@trust-in-soft.com>
+Date: Sun, 15 May 2016 09:05:46 +0200
+Subject: [PATCH] Avoid relying on undefined behavior in CVE-2015-1283 fix.
+
---
- lib/xmlparse.c | 6 ++++--
+ expat/lib/xmlparse.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index 0f6f4cd..5c70c17 100644
+index 13e080d..cdb12ef 100644
--- a/lib/xmlparse.c
+++ b/lib/xmlparse.c
-@@ -1727,7 +1727,8 @@ XML_GetBuffer(XML_Parser parser, int len)
+@@ -1695,7 +1695,8 @@ XML_GetBuffer(XML_Parser parser, int len
}
if (len > bufferLim - bufferEnd) {
- int neededSize = len + (int)(bufferEnd - bufferPtr);
+ /* Do not invoke signed arithmetic overflow: */
+ int neededSize = (int) ((unsigned)len + (unsigned)(bufferEnd - bufferPtr));
+ /* BEGIN MOZILLA CHANGE (sanity check neededSize) */
if (neededSize < 0) {
errorCode = XML_ERROR_NO_MEMORY;
- return NULL;
-@@ -1759,7 +1760,8 @@ XML_GetBuffer(XML_Parser parser, int len)
+@@ -1729,7 +1730,8 @@ XML_GetBuffer(XML_Parser parser, int len
if (bufferSize == 0)
bufferSize = INIT_BUFFER_SIZE;
do {
- bufferSize *= 2;
+ /* Do not invoke signed arithmetic overflow: */
+ bufferSize = (int) (2U * (unsigned) bufferSize);
+ /* BEGIN MOZILLA CHANGE (prevent infinite loop on overflow) */
} while (bufferSize < neededSize && bufferSize > 0);
- if (bufferSize <= 0) {
- errorCode = XML_ERROR_NO_MEMORY;
+ /* END MOZILLA CHANGE */
--
-2.8.3
+2.8.2
diff --git a/gnu/packages/patches/expat-CVE-2015-1283.patch b/gnu/packages/patches/expat-CVE-2015-1283.patch
new file mode 100644
index 0000000000..f9065bea16
--- /dev/null
+++ b/gnu/packages/patches/expat-CVE-2015-1283.patch
@@ -0,0 +1,89 @@
+Copied from Debian.
+
+Description: fix multiple integer overflows in the XML_GetBuffer function
+ Multiple integer overflows in the XML_GetBuffer function in Expat through
+ 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products,
+ allow remote attackers to cause a denial of service (heap-based buffer
+ overflow) or possibly have unspecified other impact via crafted XML data,
+ a related issue to CVE-2015-2716.
+Origin: Mozilla, https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c
+Author: Eric Rahm <erahm@mozilla.com>
+Forwarded: not-needed
+Last-Update: 2015-07-24
+
+diff --git a/lib/xmlparse.c b/lib/xmlparse.c
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -1673,29 +1673,40 @@ XML_ParseBuffer(XML_Parser parser, int l
+ XmlUpdatePosition(encoding, positionPtr, bufferPtr, &position);
+ positionPtr = bufferPtr;
+ return result;
+ }
+
+ void * XMLCALL
+ XML_GetBuffer(XML_Parser parser, int len)
+ {
++/* BEGIN MOZILLA CHANGE (sanity check len) */
++ if (len < 0) {
++ errorCode = XML_ERROR_NO_MEMORY;
++ return NULL;
++ }
++/* END MOZILLA CHANGE */
+ switch (ps_parsing) {
+ case XML_SUSPENDED:
+ errorCode = XML_ERROR_SUSPENDED;
+ return NULL;
+ case XML_FINISHED:
+ errorCode = XML_ERROR_FINISHED;
+ return NULL;
+ default: ;
+ }
+
+ if (len > bufferLim - bufferEnd) {
+- /* FIXME avoid integer overflow */
+ int neededSize = len + (int)(bufferEnd - bufferPtr);
++/* BEGIN MOZILLA CHANGE (sanity check neededSize) */
++ if (neededSize < 0) {
++ errorCode = XML_ERROR_NO_MEMORY;
++ return NULL;
++ }
++/* END MOZILLA CHANGE */
+ #ifdef XML_CONTEXT_BYTES
+ int keep = (int)(bufferPtr - buffer);
+
+ if (keep > XML_CONTEXT_BYTES)
+ keep = XML_CONTEXT_BYTES;
+ neededSize += keep;
+ #endif /* defined XML_CONTEXT_BYTES */
+ if (neededSize <= bufferLim - buffer) {
+@@ -1714,17 +1725,25 @@ XML_GetBuffer(XML_Parser parser, int len
+ }
+ else {
+ char *newBuf;
+ int bufferSize = (int)(bufferLim - bufferPtr);
+ if (bufferSize == 0)
+ bufferSize = INIT_BUFFER_SIZE;
+ do {
+ bufferSize *= 2;
+- } while (bufferSize < neededSize);
++/* BEGIN MOZILLA CHANGE (prevent infinite loop on overflow) */
++ } while (bufferSize < neededSize && bufferSize > 0);
++/* END MOZILLA CHANGE */
++/* BEGIN MOZILLA CHANGE (sanity check bufferSize) */
++ if (bufferSize <= 0) {
++ errorCode = XML_ERROR_NO_MEMORY;
++ return NULL;
++ }
++/* END MOZILLA CHANGE */
+ newBuf = (char *)MALLOC(bufferSize);
+ if (newBuf == 0) {
+ errorCode = XML_ERROR_NO_MEMORY;
+ return NULL;
+ }
+ bufferLim = newBuf + bufferSize;
+ #ifdef XML_CONTEXT_BYTES
+ if (bufferPtr) {
+
+
+
+
diff --git a/gnu/packages/patches/glibc-CVE-2015-7547.patch b/gnu/packages/patches/glibc-CVE-2015-7547.patch
new file mode 100644
index 0000000000..9a0909af74
--- /dev/null
+++ b/gnu/packages/patches/glibc-CVE-2015-7547.patch
@@ -0,0 +1,559 @@
+Copied from Fedora:
+http://pkgs.fedoraproject.org/cgit/rpms/glibc.git/tree/glibc-CVE-2015-7547.patch?h=f23&id=9f1734eb6ce3257b788d6e9203572e8204c6c584
+
+Adapted to apply cleanly to glibc-2.22.
+
+Index: b/resolv/nss_dns/dns-host.c
+===================================================================
+--- a/resolv/nss_dns/dns-host.c
++++ b/resolv/nss_dns/dns-host.c
+@@ -1031,7 +1031,10 @@ gaih_getanswer_slice (const querybuf *an
+ int h_namelen = 0;
+
+ if (ancount == 0)
+- return NSS_STATUS_NOTFOUND;
++ {
++ *h_errnop = HOST_NOT_FOUND;
++ return NSS_STATUS_NOTFOUND;
++ }
+
+ while (ancount-- > 0 && cp < end_of_message && had_error == 0)
+ {
+@@ -1208,7 +1211,14 @@ gaih_getanswer_slice (const querybuf *an
+ /* Special case here: if the resolver sent a result but it only
+ contains a CNAME while we are looking for a T_A or T_AAAA record,
+ we fail with NOTFOUND instead of TRYAGAIN. */
+- return canon == NULL ? NSS_STATUS_TRYAGAIN : NSS_STATUS_NOTFOUND;
++ if (canon != NULL)
++ {
++ *h_errnop = HOST_NOT_FOUND;
++ return NSS_STATUS_NOTFOUND;
++ }
++
++ *h_errnop = NETDB_INTERNAL;
++ return NSS_STATUS_TRYAGAIN;
+ }
+
+
+@@ -1222,11 +1232,101 @@ gaih_getanswer (const querybuf *answer1,
+
+ enum nss_status status = NSS_STATUS_NOTFOUND;
+
++ /* Combining the NSS status of two distinct queries requires some
++ compromise and attention to symmetry (A or AAAA queries can be
++ returned in any order). What follows is a breakdown of how this
++ code is expected to work and why. We discuss only SUCCESS,
++ TRYAGAIN, NOTFOUND and UNAVAIL, since they are the only returns
++ that apply (though RETURN and MERGE exist). We make a distinction
++ between TRYAGAIN (recoverable) and TRYAGAIN' (not-recoverable).
++ A recoverable TRYAGAIN is almost always due to buffer size issues
++ and returns ERANGE in errno and the caller is expected to retry
++ with a larger buffer.
++
++ Lastly, you may be tempted to make significant changes to the
++ conditions in this code to bring about symmetry between responses.
++ Please don't change anything without due consideration for
++ expected application behaviour. Some of the synthesized responses
++ aren't very well thought out and sometimes appear to imply that
++ IPv4 responses are always answer 1, and IPv6 responses are always
++ answer 2, but that's not true (see the implemetnation of send_dg
++ and send_vc to see response can arrive in any order, particlarly
++ for UDP). However, we expect it holds roughly enough of the time
++ that this code works, but certainly needs to be fixed to make this
++ a more robust implementation.
++
++ ----------------------------------------------
++ | Answer 1 Status / | Synthesized | Reason |
++ | Answer 2 Status | Status | |
++ |--------------------------------------------|
++ | SUCCESS/SUCCESS | SUCCESS | [1] |
++ | SUCCESS/TRYAGAIN | TRYAGAIN | [5] |
++ | SUCCESS/TRYAGAIN' | SUCCESS | [1] |
++ | SUCCESS/NOTFOUND | SUCCESS | [1] |
++ | SUCCESS/UNAVAIL | SUCCESS | [1] |
++ | TRYAGAIN/SUCCESS | TRYAGAIN | [2] |
++ | TRYAGAIN/TRYAGAIN | TRYAGAIN | [2] |
++ | TRYAGAIN/TRYAGAIN' | TRYAGAIN | [2] |
++ | TRYAGAIN/NOTFOUND | TRYAGAIN | [2] |
++ | TRYAGAIN/UNAVAIL | TRYAGAIN | [2] |
++ | TRYAGAIN'/SUCCESS | SUCCESS | [3] |
++ | TRYAGAIN'/TRYAGAIN | TRYAGAIN | [3] |
++ | TRYAGAIN'/TRYAGAIN' | TRYAGAIN' | [3] |
++ | TRYAGAIN'/NOTFOUND | TRYAGAIN' | [3] |
++ | TRYAGAIN'/UNAVAIL | UNAVAIL | [3] |
++ | NOTFOUND/SUCCESS | SUCCESS | [3] |
++ | NOTFOUND/TRYAGAIN | TRYAGAIN | [3] |
++ | NOTFOUND/TRYAGAIN' | TRYAGAIN' | [3] |
++ | NOTFOUND/NOTFOUND | NOTFOUND | [3] |
++ | NOTFOUND/UNAVAIL | UNAVAIL | [3] |
++ | UNAVAIL/SUCCESS | UNAVAIL | [4] |
++ | UNAVAIL/TRYAGAIN | UNAVAIL | [4] |
++ | UNAVAIL/TRYAGAIN' | UNAVAIL | [4] |
++ | UNAVAIL/NOTFOUND | UNAVAIL | [4] |
++ | UNAVAIL/UNAVAIL | UNAVAIL | [4] |
++ ----------------------------------------------
++
++ [1] If the first response is a success we return success.
++ This ignores the state of the second answer and in fact
++ incorrectly sets errno and h_errno to that of the second
++ answer. However because the response is a success we ignore
++ *errnop and *h_errnop (though that means you touched errno on
++ success). We are being conservative here and returning the
++ likely IPv4 response in the first answer as a success.
++
++ [2] If the first response is a recoverable TRYAGAIN we return
++ that instead of looking at the second response. The
++ expectation here is that we have failed to get an IPv4 response
++ and should retry both queries.
++
++ [3] If the first response was not a SUCCESS and the second
++ response is not NOTFOUND (had a SUCCESS, need to TRYAGAIN,
++ or failed entirely e.g. TRYAGAIN' and UNAVAIL) then use the
++ result from the second response, otherwise the first responses
++ status is used. Again we have some odd side-effects when the
++ second response is NOTFOUND because we overwrite *errnop and
++ *h_errnop that means that a first answer of NOTFOUND might see
++ its *errnop and *h_errnop values altered. Whether it matters
++ in practice that a first response NOTFOUND has the wrong
++ *errnop and *h_errnop is undecided.
++
++ [4] If the first response is UNAVAIL we return that instead of
++ looking at the second response. The expectation here is that
++ it will have failed similarly e.g. configuration failure.
++
++ [5] Testing this code is complicated by the fact that truncated
++ second response buffers might be returned as SUCCESS if the
++ first answer is a SUCCESS. To fix this we add symmetry to
++ TRYAGAIN with the second response. If the second response
++ is a recoverable error we now return TRYAGIN even if the first
++ response was SUCCESS. */
++
+ if (anslen1 > 0)
+ status = gaih_getanswer_slice(answer1, anslen1, qname,
+ &pat, &buffer, &buflen,
+ errnop, h_errnop, ttlp,
+ &first);
++
+ if ((status == NSS_STATUS_SUCCESS || status == NSS_STATUS_NOTFOUND
+ || (status == NSS_STATUS_TRYAGAIN
+ /* We want to look at the second answer in case of an
+@@ -1242,8 +1342,15 @@ gaih_getanswer (const querybuf *answer1,
+ &pat, &buffer, &buflen,
+ errnop, h_errnop, ttlp,
+ &first);
++ /* Use the second response status in some cases. */
+ if (status != NSS_STATUS_SUCCESS && status2 != NSS_STATUS_NOTFOUND)
+ status = status2;
++ /* Do not return a truncated second response (unless it was
++ unavoidable e.g. unrecoverable TRYAGAIN). */
++ if (status == NSS_STATUS_SUCCESS
++ && (status2 == NSS_STATUS_TRYAGAIN
++ && *errnop == ERANGE && *h_errnop != NO_RECOVERY))
++ status = NSS_STATUS_TRYAGAIN;
+ }
+
+ return status;
+Index: b/resolv/res_query.c
+===================================================================
+--- a/resolv/res_query.c
++++ b/resolv/res_query.c
+@@ -396,6 +396,7 @@ __libc_res_nsearch(res_state statp,
+ {
+ free (*answerp2);
+ *answerp2 = NULL;
++ *nanswerp2 = 0;
+ *answerp2_malloced = 0;
+ }
+ }
+@@ -447,6 +448,7 @@ __libc_res_nsearch(res_state statp,
+ {
+ free (*answerp2);
+ *answerp2 = NULL;
++ *nanswerp2 = 0;
+ *answerp2_malloced = 0;
+ }
+
+@@ -521,6 +523,7 @@ __libc_res_nsearch(res_state statp,
+ {
+ free (*answerp2);
+ *answerp2 = NULL;
++ *nanswerp2 = 0;
+ *answerp2_malloced = 0;
+ }
+ if (saved_herrno != -1)
+Index: b/resolv/res_send.c
+===================================================================
+--- a/resolv/res_send.c
++++ b/resolv/res_send.c
+@@ -1,3 +1,20 @@
++/* Copyright (C) 2016 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
+ /*
+ * Copyright (c) 1985, 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+@@ -361,6 +378,8 @@ __libc_res_nsend(res_state statp, const
+ #ifdef USE_HOOKS
+ if (__glibc_unlikely (statp->qhook || statp->rhook)) {
+ if (anssiz < MAXPACKET && ansp) {
++ /* Always allocate MAXPACKET, callers expect
++ this specific size. */
+ u_char *buf = malloc (MAXPACKET);
+ if (buf == NULL)
+ return (-1);
+@@ -660,6 +679,77 @@ libresolv_hidden_def (res_nsend)
+
+ /* Private */
+
++/* The send_vc function is responsible for sending a DNS query over TCP
++ to the nameserver numbered NS from the res_state STATP i.e.
++ EXT(statp).nssocks[ns]. The function supports sending both IPv4 and
++ IPv6 queries at the same serially on the same socket.
++
++ Please note that for TCP there is no way to disable sending both
++ queries, unlike UDP, which honours RES_SNGLKUP and RES_SNGLKUPREOP
++ and sends the queries serially and waits for the result after each
++ sent query. This implemetnation should be corrected to honour these
++ options.
++
++ Please also note that for TCP we send both queries over the same
++ socket one after another. This technically violates best practice
++ since the server is allowed to read the first query, respond, and
++ then close the socket (to service another client). If the server
++ does this, then the remaining second query in the socket data buffer
++ will cause the server to send the client an RST which will arrive
++ asynchronously and the client's OS will likely tear down the socket
++ receive buffer resulting in a potentially short read and lost
++ response data. This will force the client to retry the query again,
++ and this process may repeat until all servers and connection resets
++ are exhausted and then the query will fail. It's not known if this
++ happens with any frequency in real DNS server implementations. This
++ implementation should be corrected to use two sockets by default for
++ parallel queries.
++
++ The query stored in BUF of BUFLEN length is sent first followed by
++ the query stored in BUF2 of BUFLEN2 length. Queries are sent
++ serially on the same socket.
++
++ Answers to the query are stored firstly in *ANSP up to a max of
++ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP
++ is non-NULL (to indicate that modifying the answer buffer is allowed)
++ then malloc is used to allocate a new response buffer and ANSCP and
++ ANSP will both point to the new buffer. If more than *ANSSIZP bytes
++ are needed but ANSCP is NULL, then as much of the response as
++ possible is read into the buffer, but the results will be truncated.
++ When truncation happens because of a small answer buffer the DNS
++ packets header feild TC will bet set to 1, indicating a truncated
++ message and the rest of the socket data will be read and discarded.
++
++ Answers to the query are stored secondly in *ANSP2 up to a max of
++ *ANSSIZP2 bytes, with the actual response length stored in
++ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2
++ is non-NULL (required for a second query) then malloc is used to
++ allocate a new response buffer, *ANSSIZP2 is set to the new buffer
++ size and *ANSP2_MALLOCED is set to 1.
++
++ The ANSP2_MALLOCED argument will eventually be removed as the
++ change in buffer pointer can be used to detect the buffer has
++ changed and that the caller should use free on the new buffer.
++
++ Note that the answers may arrive in any order from the server and
++ therefore the first and second answer buffers may not correspond to
++ the first and second queries.
++
++ It is not supported to call this function with a non-NULL ANSP2
++ but a NULL ANSCP. Put another way, you can call send_vc with a
++ single unmodifiable buffer or two modifiable buffers, but no other
++ combination is supported.
++
++ It is the caller's responsibility to free the malloc allocated
++ buffers by detecting that the pointers have changed from their
++ original values i.e. *ANSCP or *ANSP2 has changed.
++
++ If errors are encountered then *TERRNO is set to an appropriate
++ errno value and a zero result is returned for a recoverable error,
++ and a less-than zero result is returned for a non-recoverable error.
++
++ If no errors are encountered then *TERRNO is left unmodified and
++ a the length of the first response in bytes is returned. */
+ static int
+ send_vc(res_state statp,
+ const u_char *buf, int buflen, const u_char *buf2, int buflen2,
+@@ -669,11 +759,7 @@ send_vc(res_state statp,
+ {
+ const HEADER *hp = (HEADER *) buf;
+ const HEADER *hp2 = (HEADER *) buf2;
+- u_char *ans = *ansp;
+- int orig_anssizp = *anssizp;
+- // XXX REMOVE
+- // int anssiz = *anssizp;
+- HEADER *anhp = (HEADER *) ans;
++ HEADER *anhp = (HEADER *) *ansp;
+ struct sockaddr *nsap = get_nsaddr (statp, ns);
+ int truncating, connreset, n;
+ /* On some architectures compiler might emit a warning indicating
+@@ -766,6 +852,8 @@ send_vc(res_state statp,
+ * Receive length & response
+ */
+ int recvresp1 = 0;
++ /* Skip the second response if there is no second query.
++ To do that we mark the second response as received. */
+ int recvresp2 = buf2 == NULL;
+ uint16_t rlen16;
+ read_len:
+@@ -802,40 +890,14 @@ send_vc(res_state statp,
+ u_char **thisansp;
+ int *thisresplenp;
+ if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) {
++ /* We have not received any responses
++ yet or we only have one response to
++ receive. */
+ thisanssizp = anssizp;
+ thisansp = anscp ?: ansp;
+ assert (anscp != NULL || ansp2 == NULL);
+ thisresplenp = &resplen;
+ } else {
+- if (*anssizp != MAXPACKET) {
+- /* No buffer allocated for the first
+- reply. We can try to use the rest
+- of the user-provided buffer. */
+-#if __GNUC_PREREQ (4, 7)
+- DIAG_PUSH_NEEDS_COMMENT;
+- DIAG_IGNORE_NEEDS_COMMENT (5, "-Wmaybe-uninitialized");
+-#endif
+-#if _STRING_ARCH_unaligned
+- *anssizp2 = orig_anssizp - resplen;
+- *ansp2 = *ansp + resplen;
+-#else
+- int aligned_resplen
+- = ((resplen + __alignof__ (HEADER) - 1)
+- & ~(__alignof__ (HEADER) - 1));
+- *anssizp2 = orig_anssizp - aligned_resplen;
+- *ansp2 = *ansp + aligned_resplen;
+-#endif
+-#if __GNUC_PREREQ (4, 7)
+- DIAG_POP_NEEDS_COMMENT;
+-#endif
+- } else {
+- /* The first reply did not fit into the
+- user-provided buffer. Maybe the second
+- answer will. */
+- *anssizp2 = orig_anssizp;
+- *ansp2 = *ansp;
+- }
+-
+ thisanssizp = anssizp2;
+ thisansp = ansp2;
+ thisresplenp = resplen2;
+@@ -843,10 +905,14 @@ send_vc(res_state statp,
+ anhp = (HEADER *) *thisansp;
+
+ *thisresplenp = rlen;
+- if (rlen > *thisanssizp) {
+- /* Yes, we test ANSCP here. If we have two buffers
+- both will be allocatable. */
+- if (__glibc_likely (anscp != NULL)) {
++ /* Is the answer buffer too small? */
++ if (*thisanssizp < rlen) {
++ /* If the current buffer is non-NULL and it's not
++ pointing at the static user-supplied buffer then
++ we can reallocate it. */
++ if (thisansp != NULL && thisansp != ansp) {
++ /* Always allocate MAXPACKET, callers expect
++ this specific size. */
+ u_char *newp = malloc (MAXPACKET);
+ if (newp == NULL) {
+ *terrno = ENOMEM;
+@@ -858,6 +924,9 @@ send_vc(res_state statp,
+ if (thisansp == ansp2)
+ *ansp2_malloced = 1;
+ anhp = (HEADER *) newp;
++ /* A uint16_t can't be larger than MAXPACKET
++ thus it's safe to allocate MAXPACKET but
++ read RLEN bytes instead. */
+ len = rlen;
+ } else {
+ Dprint(statp->options & RES_DEBUG,
+@@ -1021,6 +1090,66 @@ reopen (res_state statp, int *terrno, in
+ return 1;
+ }
+
++/* The send_dg function is responsible for sending a DNS query over UDP
++ to the nameserver numbered NS from the res_state STATP i.e.
++ EXT(statp).nssocks[ns]. The function supports IPv4 and IPv6 queries
++ along with the ability to send the query in parallel for both stacks
++ (default) or serially (RES_SINGLKUP). It also supports serial lookup
++ with a close and reopen of the socket used to talk to the server
++ (RES_SNGLKUPREOP) to work around broken name servers.
++
++ The query stored in BUF of BUFLEN length is sent first followed by
++ the query stored in BUF2 of BUFLEN2 length. Queries are sent
++ in parallel (default) or serially (RES_SINGLKUP or RES_SNGLKUPREOP).
++
++ Answers to the query are stored firstly in *ANSP up to a max of
++ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP
++ is non-NULL (to indicate that modifying the answer buffer is allowed)
++ then malloc is used to allocate a new response buffer and ANSCP and
++ ANSP will both point to the new buffer. If more than *ANSSIZP bytes
++ are needed but ANSCP is NULL, then as much of the response as
++ possible is read into the buffer, but the results will be truncated.
++ When truncation happens because of a small answer buffer the DNS
++ packets header feild TC will bet set to 1, indicating a truncated
++ message, while the rest of the UDP packet is discarded.
++
++ Answers to the query are stored secondly in *ANSP2 up to a max of
++ *ANSSIZP2 bytes, with the actual response length stored in
++ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2
++ is non-NULL (required for a second query) then malloc is used to
++ allocate a new response buffer, *ANSSIZP2 is set to the new buffer
++ size and *ANSP2_MALLOCED is set to 1.
++
++ The ANSP2_MALLOCED argument will eventually be removed as the
++ change in buffer pointer can be used to detect the buffer has
++ changed and that the caller should use free on the new buffer.
++
++ Note that the answers may arrive in any order from the server and
++ therefore the first and second answer buffers may not correspond to
++ the first and second queries.
++
++ It is not supported to call this function with a non-NULL ANSP2
++ but a NULL ANSCP. Put another way, you can call send_vc with a
++ single unmodifiable buffer or two modifiable buffers, but no other
++ combination is supported.
++
++ It is the caller's responsibility to free the malloc allocated
++ buffers by detecting that the pointers have changed from their
++ original values i.e. *ANSCP or *ANSP2 has changed.
++
++ If an answer is truncated because of UDP datagram DNS limits then
++ *V_CIRCUIT is set to 1 and the return value non-zero to indicate to
++ the caller to retry with TCP. The value *GOTSOMEWHERE is set to 1
++ if any progress was made reading a response from the nameserver and
++ is used by the caller to distinguish between ECONNREFUSED and
++ ETIMEDOUT (the latter if *GOTSOMEWHERE is 1).
++
++ If errors are encountered then *TERRNO is set to an appropriate
++ errno value and a zero result is returned for a recoverable error,
++ and a less-than zero result is returned for a non-recoverable error.
++
++ If no errors are encountered then *TERRNO is left unmodified and
++ a the length of the first response in bytes is returned. */
+ static int
+ send_dg(res_state statp,
+ const u_char *buf, int buflen, const u_char *buf2, int buflen2,
+@@ -1030,8 +1159,6 @@ send_dg(res_state statp,
+ {
+ const HEADER *hp = (HEADER *) buf;
+ const HEADER *hp2 = (HEADER *) buf2;
+- u_char *ans = *ansp;
+- int orig_anssizp = *anssizp;
+ struct timespec now, timeout, finish;
+ struct pollfd pfd[1];
+ int ptimeout;
+@@ -1064,6 +1191,8 @@ send_dg(res_state statp,
+ int need_recompute = 0;
+ int nwritten = 0;
+ int recvresp1 = 0;
++ /* Skip the second response if there is no second query.
++ To do that we mark the second response as received. */
+ int recvresp2 = buf2 == NULL;
+ pfd[0].fd = EXT(statp).nssocks[ns];
+ pfd[0].events = POLLOUT;
+@@ -1227,55 +1356,56 @@ send_dg(res_state statp,
+ int *thisresplenp;
+
+ if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) {
++ /* We have not received any responses
++ yet or we only have one response to
++ receive. */
+ thisanssizp = anssizp;
+ thisansp = anscp ?: ansp;
+ assert (anscp != NULL || ansp2 == NULL);
+ thisresplenp = &resplen;
+ } else {
+- if (*anssizp != MAXPACKET) {
+- /* No buffer allocated for the first
+- reply. We can try to use the rest
+- of the user-provided buffer. */
+-#if _STRING_ARCH_unaligned
+- *anssizp2 = orig_anssizp - resplen;
+- *ansp2 = *ansp + resplen;
+-#else
+- int aligned_resplen
+- = ((resplen + __alignof__ (HEADER) - 1)
+- & ~(__alignof__ (HEADER) - 1));
+- *anssizp2 = orig_anssizp - aligned_resplen;
+- *ansp2 = *ansp + aligned_resplen;
+-#endif
+- } else {
+- /* The first reply did not fit into the
+- user-provided buffer. Maybe the second
+- answer will. */
+- *anssizp2 = orig_anssizp;
+- *ansp2 = *ansp;
+- }
+-
+ thisanssizp = anssizp2;
+ thisansp = ansp2;
+ thisresplenp = resplen2;
+ }
+
+ if (*thisanssizp < MAXPACKET
+- /* Yes, we test ANSCP here. If we have two buffers
+- both will be allocatable. */
+- && anscp
++ /* If the current buffer is non-NULL and it's not
++ pointing at the static user-supplied buffer then
++ we can reallocate it. */
++ && (thisansp != NULL && thisansp != ansp)
+ #ifdef FIONREAD
++ /* Is the size too small? */
+ && (ioctl (pfd[0].fd, FIONREAD, thisresplenp) < 0
+ || *thisanssizp < *thisresplenp)
+ #endif
+ ) {
++ /* Always allocate MAXPACKET, callers expect
++ this specific size. */
+ u_char *newp = malloc (MAXPACKET);
+ if (newp != NULL) {
+- *anssizp = MAXPACKET;
+- *thisansp = ans = newp;
++ *thisanssizp = MAXPACKET;
++ *thisansp = newp;
+ if (thisansp == ansp2)
+ *ansp2_malloced = 1;
+ }
+ }
++ /* We could end up with truncation if anscp was NULL
++ (not allowed to change caller's buffer) and the
++ response buffer size is too small. This isn't a
++ reliable way to detect truncation because the ioctl
++ may be an inaccurate report of the UDP message size.
++ Therefore we use this only to issue debug output.
++ To do truncation accurately with UDP we need
++ MSG_TRUNC which is only available on Linux. We
++ can abstract out the Linux-specific feature in the
++ future to detect truncation. */
++ if (__glibc_unlikely (*thisanssizp < *thisresplenp)) {
++ Dprint(statp->options & RES_DEBUG,
++ (stdout, ";; response may be truncated (UDP)\n")
++ );
++ }
++
+ HEADER *anhp = (HEADER *) *thisansp;
+ socklen_t fromlen = sizeof(struct sockaddr_in6);
+ assert (sizeof(from) <= fromlen);
diff --git a/gnu/packages/patches/glibc-hurd-extern-inline.patch b/gnu/packages/patches/glibc-hurd-extern-inline.patch
new file mode 100644
index 0000000000..a609b1f54a
--- /dev/null
+++ b/gnu/packages/patches/glibc-hurd-extern-inline.patch
@@ -0,0 +1,35 @@
+This changes the way _EXTERN_INLINE is defined so we can
+avoid external definition errors.
+https://lists.gnu.org/archive/html/bug-hurd/2014-04/msg00002.html
+
+diff --git a/signal/sigsetops.c b/signal/sigsetops.c
+index 0317662..b92c296 100644
+--- a/signal/sigsetops.c
++++ b/signal/sigsetops.c
+@@ -3,7 +3,9 @@
+
+ #include <features.h>
+
+-#define _EXTERN_INLINE
++#ifndef _EXTERN_INLINE
++#define _EXTERN_INLINE __extern_inline
++#endif
+ #ifndef __USE_EXTERN_INLINES
+ # define __USE_EXTERN_INLINES 1
+ #endif
+
+Link libmachuser and libhurduser automatically with libc, since they are
+considered a standard part of the API in GNU-land.
+
+--- a/Makerules
++++ b/Makerules
+@@ -978,6 +978,9 @@
+ '$(libdir)/$(patsubst %,$(libtype.oS),$(libprefix)$(libc-name))'\
+ ' AS_NEEDED (' $(rtlddir)/$(rtld-installed-name) ') )' \
+ ) > $@.new
++ifeq ($(patsubst gnu%,,$(config-os)),)
++ echo 'INPUT ( AS_NEEDED ( -lmachuser -lhurduser ) )' >> $@.new
++endif
+ mv -f $@.new $@
+
+ endif \ No newline at end of file
diff --git a/gnu/packages/patches/glibc-locale-incompatibility.patch b/gnu/packages/patches/glibc-locale-incompatibility.patch
new file mode 100644
index 0000000000..baf30a79a7
--- /dev/null
+++ b/gnu/packages/patches/glibc-locale-incompatibility.patch
@@ -0,0 +1,23 @@
+This patch avoids an assertion failure when incompatible locale data
+is encountered:
+
+ https://sourceware.org/ml/libc-alpha/2015-09/msg00575.html
+
+--- glibc-2.22/locale/loadlocale.c 2015-09-22 17:16:02.321981548 +0200
++++ glibc-2.22/locale/loadlocale.c 2015-09-22 17:17:34.814659064 +0200
+@@ -120,10 +120,11 @@
+ _nl_value_type_LC_XYZ array. There are all pointers. */
+ switch (category)
+ {
+-#define CATTEST(cat) \
+- case LC_##cat: \
+- assert (cnt < (sizeof (_nl_value_type_LC_##cat) \
+- / sizeof (_nl_value_type_LC_##cat[0]))); \
++#define CATTEST(cat) \
++ case LC_##cat: \
++ if (cnt >= (sizeof (_nl_value_type_LC_##cat) \
++ / sizeof (_nl_value_type_LC_##cat[0]))) \
++ goto puntdata; \
+ break
+ CATTEST (NUMERIC);
+ CATTEST (TIME);
diff --git a/gnu/packages/patches/glibc-locales.patch b/gnu/packages/patches/glibc-locales.patch
index 3a125e845e..1bcf12bf6f 100644
--- a/gnu/packages/patches/glibc-locales.patch
+++ b/gnu/packages/patches/glibc-locales.patch
@@ -5,8 +5,8 @@ in a package separate from glibc.
2. Use '--no-archive' to avoid building the big locale archive, and
because the already-built 'localedef' would want to write it
to '/run/current-system/locale', which is not possible.
- 3. Pass $(inst_complocaledir)/$$locale to install files in the right
- place, and because otherwise, 'localedef' fails with:
+ 3. Pass $(localedir)/$$locale to install files in the right place, and
+ because otherwise, 'localedef' fails with:
"cannot write output files to `(null)'".
--- glibc-2.22/localedata/Makefile 1970-01-01 01:00:00.000000000 +0100
@@ -25,7 +25,7 @@ in a package separate from glibc.
$(LOCALEDEF) --alias-file=../intl/locale.alias \
-i locales/$$input -c -f charmaps/$$charset \
- $(addprefix --prefix=,$(install_root)) $$locale \
-+ $(addprefix --prefix=,$(install_root)) $(inst_complocaledir)/$$locale \
++ $(addprefix --prefix=,$(install_root)) $(localedir)/$$locale \
&& echo ' done'; \
tst-setlocale-ENV = LC_ALL=ja_JP.EUC-JP
diff --git a/gnu/packages/patches/libarchive-CVE-2013-0211.patch b/gnu/packages/patches/libarchive-CVE-2013-0211.patch
new file mode 100644
index 0000000000..b024a7d4a8
--- /dev/null
+++ b/gnu/packages/patches/libarchive-CVE-2013-0211.patch
@@ -0,0 +1,21 @@
+Description: Fix CVE-2013-0211: read buffer overflow on 64-bit systems
+Origin: upstream
+Bug-Debian: http://bugs.debian.org/703957
+Forwarded: not-needed
+
+--- libarchive-3.0.4.orig/libarchive/archive_write.c
++++ libarchive-3.0.4/libarchive/archive_write.c
+@@ -665,8 +665,13 @@ static ssize_t
+ _archive_write_data(struct archive *_a, const void *buff, size_t s)
+ {
+ struct archive_write *a = (struct archive_write *)_a;
++ const size_t max_write = INT_MAX;
++
+ archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC,
+ ARCHIVE_STATE_DATA, "archive_write_data");
++ /* In particular, this catches attempts to pass negative values. */
++ if (s > max_write)
++ s = max_write;
+ archive_clear_error(&a->archive);
+ return ((a->format_write_data)(a, buff, s));
+ }
diff --git a/gnu/packages/patches/libarchive-CVE-2016-1541.patch b/gnu/packages/patches/libarchive-CVE-2016-1541.patch
new file mode 100644
index 0000000000..6ac8773244
--- /dev/null
+++ b/gnu/packages/patches/libarchive-CVE-2016-1541.patch
@@ -0,0 +1,67 @@
+Fix CVE-2016-1541 (buffer overflow zip_read_mac_metadata)
+
+Taken from upstream source repository:
+https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7
+
+When reading OS X metadata entries in Zip archives that were stored
+without compression, libarchive would use the uncompressed entry size
+to allocate a buffer but would use the compressed entry size to limit
+the amount of data copied into that buffer. Since the compressed
+and uncompressed sizes are provided by data in the archive itself,
+an attacker could manipulate these values to write data beyond
+the end of the allocated buffer.
+
+This fix provides three new checks to guard against such
+manipulation and to make libarchive generally more robust when
+handling this type of entry:
+ 1. If an OS X metadata entry is stored without compression,
+ abort the entire archive if the compressed and uncompressed
+ data sizes do not match.
+ 2. When sanity-checking the size of an OS X metadata entry,
+ abort this entry if either the compressed or uncompressed
+ size is larger than 4MB.
+ 3. When copying data into the allocated buffer, check the copy
+ size against both the compressed entry size and uncompressed
+ entry size.
+---
+ libarchive/archive_read_support_format_zip.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c
+index 0f8262c..0a0be96 100644
+--- a/libarchive/archive_read_support_format_zip.c
++++ b/libarchive/archive_read_support_format_zip.c
+@@ -2778,6 +2778,11 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry,
+
+ switch(rsrc->compression) {
+ case 0: /* No compression. */
++ if (rsrc->uncompressed_size != rsrc->compressed_size) {
++ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
++ "Malformed OS X metadata entry: inconsistent size");
++ return (ARCHIVE_FATAL);
++ }
+ #ifdef HAVE_ZLIB_H
+ case 8: /* Deflate compression. */
+ #endif
+@@ -2798,6 +2803,12 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry,
+ (intmax_t)rsrc->uncompressed_size);
+ return (ARCHIVE_WARN);
+ }
++ if (rsrc->compressed_size > (4 * 1024 * 1024)) {
++ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
++ "Mac metadata is too large: %jd > 4M bytes",
++ (intmax_t)rsrc->compressed_size);
++ return (ARCHIVE_WARN);
++ }
+
+ metadata = malloc((size_t)rsrc->uncompressed_size);
+ if (metadata == NULL) {
+@@ -2836,6 +2847,8 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry,
+ bytes_avail = remaining_bytes;
+ switch(rsrc->compression) {
+ case 0: /* No compression. */
++ if ((size_t)bytes_avail > metadata_bytes)
++ bytes_avail = metadata_bytes;
+ memcpy(mp, p, bytes_avail);
+ bytes_used = (size_t)bytes_avail;
+ metadata_bytes -= bytes_used;
diff --git a/gnu/packages/patches/libarchive-bsdtar-test.patch b/gnu/packages/patches/libarchive-bsdtar-test.patch
new file mode 100644
index 0000000000..6a533a9a07
--- /dev/null
+++ b/gnu/packages/patches/libarchive-bsdtar-test.patch
@@ -0,0 +1,74 @@
+commit b539b2e597b566fe3c4b49cb61c9eef83e5e052d
+Author: Pavel Raiskup <praiskup@redhat.com>
+Date: Thu Jun 27 16:01:30 2013 +0200
+
+ Use ustar format in the test_option_b test
+
+ .. because the ustar archive does not store SELinux context. As the default
+ format for bsdtar is "restricted pax" (trying to store xattrs and other
+ things by default), the test failed on Fedora because our files have by
+ default SELinux context set. This results in additional data in tested
+ archive ~> and the test failed because the archive was unexpectedly big:
+
+ tar/test/test_option_b.c:41: File archive1.tar has size 3072, expected 2048
+
+ Reviewed by Konrad Kleine <konrad.wilhelm.kleine@gmail.com>
+
+diff --git a/tar/test/test_option_b.c b/tar/test/test_option_b.c
+index be2ae65..6fea474 100644
+--- a/tar/test/test_option_b.c
++++ b/tar/test/test_option_b.c
+@@ -25,8 +25,14 @@
+ #include "test.h"
+ __FBSDID("$FreeBSD$");
+
++#define USTAR_OPT " --format=ustar"
++
+ DEFINE_TEST(test_option_b)
+ {
++ char *testprog_ustar = malloc(strlen(testprog) + sizeof(USTAR_OPT) + 1);
++ strcpy(testprog_ustar, testprog);
++ strcat(testprog_ustar, USTAR_OPT);
++
+ assertMakeFile("file1", 0644, "file1");
+ if (systemf("cat file1 > test_cat.out 2> test_cat.err") != 0) {
+ skipping("Platform doesn't have cat");
+@@ -36,7 +42,7 @@ DEFINE_TEST(test_option_b)
+ /*
+ * Bsdtar does not pad if the output is going directly to a disk file.
+ */
+- assertEqualInt(0, systemf("%s -cf archive1.tar file1 >test1.out 2>test1.err", testprog));
++ assertEqualInt(0, systemf("%s -cf archive1.tar file1 >test1.out 2>test1.err", testprog_ustar));
+ failure("bsdtar does not pad archives written directly to regular files");
+ assertFileSize("archive1.tar", 2048);
+ assertEmptyFile("test1.out");
+@@ -46,24 +52,24 @@ DEFINE_TEST(test_option_b)
+ * Bsdtar does pad to the block size if the output is going to a socket.
+ */
+ /* Default is -b 20 */
+- assertEqualInt(0, systemf("%s -cf - file1 2>test2.err | cat >archive2.tar ", testprog));
++ assertEqualInt(0, systemf("%s -cf - file1 2>test2.err | cat >archive2.tar ", testprog_ustar));
+ failure("bsdtar does pad archives written to pipes");
+ assertFileSize("archive2.tar", 10240);
+ assertEmptyFile("test2.err");
+
+- assertEqualInt(0, systemf("%s -cf - -b 20 file1 2>test3.err | cat >archive3.tar ", testprog));
++ assertEqualInt(0, systemf("%s -cf - -b 20 file1 2>test3.err | cat >archive3.tar ", testprog_ustar));
+ assertFileSize("archive3.tar", 10240);
+ assertEmptyFile("test3.err");
+
+- assertEqualInt(0, systemf("%s -cf - -b 10 file1 2>test4.err | cat >archive4.tar ", testprog));
++ assertEqualInt(0, systemf("%s -cf - -b 10 file1 2>test4.err | cat >archive4.tar ", testprog_ustar));
+ assertFileSize("archive4.tar", 5120);
+ assertEmptyFile("test4.err");
+
+- assertEqualInt(0, systemf("%s -cf - -b 1 file1 2>test5.err | cat >archive5.tar ", testprog));
++ assertEqualInt(0, systemf("%s -cf - -b 1 file1 2>test5.err | cat >archive5.tar ", testprog_ustar));
+ assertFileSize("archive5.tar", 2048);
+ assertEmptyFile("test5.err");
+
+- assertEqualInt(0, systemf("%s -cf - -b 8192 file1 2>test6.err | cat >archive6.tar ", testprog));
++ assertEqualInt(0, systemf("%s -cf - -b 8192 file1 2>test6.err | cat >archive6.tar ", testprog_ustar));
+ assertFileSize("archive6.tar", 4194304);
+ assertEmptyFile("test6.err");
+
diff --git a/gnu/packages/patches/libarchive-fix-lzo-test-case.patch b/gnu/packages/patches/libarchive-fix-lzo-test-case.patch
new file mode 100644
index 0000000000..ffdc0db922
--- /dev/null
+++ b/gnu/packages/patches/libarchive-fix-lzo-test-case.patch
@@ -0,0 +1,83 @@
+Description: This patch fixes test cases for LZO write support in various
+ architectures, such as armhf. Writing a certain amount of files would
+ cause the LZO compressor level 9 to produce a bigger archive than the
+ default compressor level.
+Author: Andres Mejia <amejia@debian.org>
+
+--- a/libarchive/test/test_write_filter_lzop.c
++++ b/libarchive/test/test_write_filter_lzop.c
+@@ -39,7 +39,7 @@
+ size_t buffsize, datasize;
+ char path[16];
+ size_t used1, used2;
+- int i, r, use_prog = 0;
++ int i, r, use_prog = 0, filecount;
+
+ assert((a = archive_write_new()) != NULL);
+ r = archive_write_add_filter_lzop(a);
+@@ -58,9 +58,10 @@
+
+ datasize = 10000;
+ assert(NULL != (data = (char *)calloc(1, datasize)));
++ filecount = 10;
+
+ /*
+- * Write a 100 files and read them all back.
++ * Write a filecount files and read them all back.
+ */
+ assert((a = archive_write_new()) != NULL);
+ assertEqualIntA(a, ARCHIVE_OK, archive_write_set_format_ustar(a));
+@@ -77,7 +78,7 @@
+ assert((ae = archive_entry_new()) != NULL);
+ archive_entry_set_filetype(ae, AE_IFREG);
+ archive_entry_set_size(ae, datasize);
+- for (i = 0; i < 100; i++) {
++ for (i = 0; i < filecount; i++) {
+ sprintf(path, "file%03d", i);
+ archive_entry_copy_pathname(ae, path);
+ assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae));
+@@ -97,7 +98,7 @@
+ } else {
+ assertEqualIntA(a, ARCHIVE_OK,
+ archive_read_open_memory(a, buff, used1));
+- for (i = 0; i < 100; i++) {
++ for (i = 0; i < filecount; i++) {
+ sprintf(path, "file%03d", i);
+ if (!assertEqualInt(ARCHIVE_OK,
+ archive_read_next_header(a, &ae)))
+@@ -133,7 +134,7 @@
+ archive_write_set_options(a, "lzop:compression-level=9"));
+ assertEqualIntA(a, ARCHIVE_OK,
+ archive_write_open_memory(a, buff, buffsize, &used2));
+- for (i = 0; i < 100; i++) {
++ for (i = 0; i < filecount; i++) {
+ sprintf(path, "file%03d", i);
+ assert((ae = archive_entry_new()) != NULL);
+ archive_entry_copy_pathname(ae, path);
+@@ -161,7 +162,7 @@
+ archive_read_support_filter_all(a));
+ assertEqualIntA(a, ARCHIVE_OK,
+ archive_read_open_memory(a, buff, used2));
+- for (i = 0; i < 100; i++) {
++ for (i = 0; i < filecount; i++) {
+ sprintf(path, "file%03d", i);
+ if (!assertEqualInt(ARCHIVE_OK,
+ archive_read_next_header(a, &ae)))
+@@ -186,7 +187,7 @@
+ archive_write_set_filter_option(a, NULL, "compression-level", "1"));
+ assertEqualIntA(a, ARCHIVE_OK,
+ archive_write_open_memory(a, buff, buffsize, &used2));
+- for (i = 0; i < 100; i++) {
++ for (i = 0; i < filecount; i++) {
+ sprintf(path, "file%03d", i);
+ assert((ae = archive_entry_new()) != NULL);
+ archive_entry_copy_pathname(ae, path);
+@@ -216,7 +217,7 @@
+ } else {
+ assertEqualIntA(a, ARCHIVE_OK,
+ archive_read_open_memory(a, buff, used2));
+- for (i = 0; i < 100; i++) {
++ for (i = 0; i < filecount; i++) {
+ sprintf(path, "file%03d", i);
+ if (!assertEqualInt(ARCHIVE_OK,
+ archive_read_next_header(a, &ae)))
diff --git a/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch b/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch
new file mode 100644
index 0000000000..ad94592c05
--- /dev/null
+++ b/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch
@@ -0,0 +1,18 @@
+Description: Patch to fix filename length calculation when writing mtree archives.
+Author: Dave Reisner <dreisner@archlinux.org>
+Origin: upstream
+
+--- a/libarchive/archive_write_set_format_mtree.c
++++ b/libarchive/archive_write_set_format_mtree.c
+@@ -1855,9 +1855,9 @@
+ return (ret);
+ }
+
+- /* Make a basename from dirname and slash */
++ /* Make a basename from file->parentdir.s and slash */
+ *slash = '\0';
+- file->parentdir.length = slash - dirname;
++ file->parentdir.length = slash - file->parentdir.s;
+ archive_strcpy(&(file->basename), slash + 1);
+ return (ret);
+ }
diff --git a/gnu/packages/patches/libpthread-glibc-preparation.patch b/gnu/packages/patches/libpthread-glibc-preparation.patch
new file mode 100644
index 0000000000..a43245436c
--- /dev/null
+++ b/gnu/packages/patches/libpthread-glibc-preparation.patch
@@ -0,0 +1,146 @@
+This patch helps to integrate the Hurd's libpthread as a libc add-on.
+
+It writes the configure file, removes an rpc call not yet
+implemented on the version of gnumach we use and defines
+a missing macro.
+
+diff --git a/libpthread/configure b/libpthread/configure
+new file mode 100644
+index 0000000..2cdbc71
+--- /dev/null
++++ b/libpthread/configure
+@@ -0,0 +1,2 @@
++libc_add_on_canonical=libpthread
++libc_add_on_subdirs=.
+--
+1.9.0
+
+We are using a version of GNU Mach that lacks 'thread_terminate_release'
+(not introduced yet). The 'thread_terminate' RPC call will be enough for
+our needs.
+See <http://lists.gnu.org/archive/html/bug-hurd/2014-05/msg00127.html>.
+
+diff --git a/libpthread/sysdeps/mach/pt-thread-terminate.c b/libpthread/sysdeps/mach/pt-thread-terminate.c
+index 6672065..129a611 100644
+--- a/libpthread/sysdeps/mach/pt-thread-terminate.c
++++ b/libpthread/sysdeps/mach/pt-thread-terminate.c
+@@ -70,9 +70,9 @@ __pthread_thread_terminate (struct __pthread *thread)
+ __mach_port_destroy (__mach_task_self (), wakeup_port);
+
+ /* Terminate and release all that's left. */
+- err = __thread_terminate_release (kernel_thread, mach_task_self (),
+- kernel_thread, reply_port,
+- stackaddr, stacksize);
++ /* err = __thread_terminate_release (kernel_thread, mach_task_self (), */
++ /* kernel_thread, reply_port, */
++ /* stackaddr, stacksize); */
+
+ /* The kernel does not support it yet. Leak but at least terminate
+ correctly. */
+--
+1.9.2
+
+The __PTHREAD_SPIN_LOCK_INITIALIZER definition is missing, so we
+define it to __SPIN_LOCK_INITIALIZER which already exists.
+See <http://lists.gnu.org/archive/html/commit-hurd/2009-04/msg00006.html>.
+
+diff --git a/libpthread/sysdeps/mach/bits/spin-lock.h b/libpthread/sysdeps/mach/bits/spin-lock.h
+index 537dac9..fca0e5a 100644
+--- a/libpthread/sysdeps/mach/bits/spin-lock.h
++++ b/libpthread/sysdeps/mach/bits/spin-lock.h
+@@ -30,7 +30,7 @@ typedef __spin_lock_t __pthread_spinlock_t;
+
+ /* Initializer for a spin lock object. */
+ #ifndef __PTHREAD_SPIN_LOCK_INITIALIZER
+-#error __PTHREAD_SPIN_LOCK_INITIALIZER undefined: should be defined by <lock-intern.h>.
++#define __PTHREAD_SPIN_LOCK_INITIALIZER __SPIN_LOCK_INITIALIZER
+ #endif
+
+ __END_DECLS
+
+The version of the glibc we use doesn't include the shm-directory.c file and does
+not yet support IS_IN.
+See <https://lists.gnu.org/archive/html/bug-hurd/2015-03/msg00078.html>
+
+diff --git a/libpthread/Makefile b/libpthread/Makefile
+index 2906788..b8dee58 100644
+--- a/libpthread/Makefile
++++ b/libpthread/Makefile
+@@ -149,8 +149,6 @@ libpthread-routines := pt-attr pt-attr-destroy pt-attr-getdetachstate \
+ sem-post sem-timedwait sem-trywait sem-unlink \
+ sem-wait \
+ \
+- shm-directory \
+- \
+ cthreads-compat \
+ $(SYSDEPS)
+
+--
+2.3.6
+
+diff --git a/libpthread/pthread/pt-create.c b/libpthread/pthread/pt-create.c
+index d88afae..84044dc 100644
+--- a/libpthread/pthread/pt-create.c
++++ b/libpthread/pthread/pt-create.c
+@@ -28,7 +28,7 @@
+
+ #include <pt-internal.h>
+
+-#if IS_IN (libpthread)
++#ifdef IS_IN_libpthread
+ # include <ctype.h>
+ #endif
+ #ifdef HAVE_USELOCALE
+@@ -50,7 +50,7 @@ entry_point (struct __pthread *self, void *(*start_routine)(void *), void *arg)
+ __resp = &self->res_state;
+ #endif
+
+-#if IS_IN (libpthread)
++#ifdef IS_IN_libpthread
+ /* Initialize pointers to locale data. */
+ __ctype_init ();
+ #endif
+diff --git a/libpthread/pthread/pt-initialize.c b/libpthread/pthread/pt-initialize.c
+index 9e5404b..b9cacbd 100644
+--- a/libpthread/pthread/pt-initialize.c
++++ b/libpthread/pthread/pt-initialize.c
+@@ -28,7 +28,7 @@
+
+ DEFINE_HOOK (__pthread_init, (void));
+
+-#if IS_IN (libpthread)
++#ifdef IS_IN_libpthread
+ static const struct pthread_functions pthread_functions =
+ {
+ .ptr_pthread_attr_destroy = __pthread_attr_destroy,
+@@ -81,7 +81,7 @@ static const struct pthread_functions pthread_functions =
+ void
+ ___pthread_init (void)
+ {
+-#if IS_IN (libpthread)
++#ifdef IS_IN_libpthread
+ __libc_pthread_init(&pthread_functions);
+ #endif
+ RUN_HOOK (__pthread_init, ());
+diff --git a/libpthread/pthread/pt-internal.h b/libpthread/pthread/pt-internal.h
+index 18b5b4c..8cdcfce 100644
+--- a/libpthread/pthread/pt-internal.h
++++ b/libpthread/pthread/pt-internal.h
+@@ -35,7 +35,7 @@
+ #include <pt-sysdep.h>
+ #include <pt-machdep.h>
+
+-#if IS_IN (libpthread)
++#ifdef IS_IN_libpthread
+ # include <ldsodefs.h>
+ #endif
+
+@@ -60,7 +60,7 @@ enum pthread_state
+ # define PTHREAD_SYSDEP_MEMBERS
+ #endif
+
+-#if !(IS_IN (libpthread))
++#ifndef IS_IN_libpthread
+ #ifdef ENABLE_TLS
+ /* Type of the TCB. */
+ typedef struct
diff --git a/gnu/packages/patches/libxslt-CVE-2015-7995.patch b/gnu/packages/patches/libxslt-CVE-2015-7995.patch
new file mode 100644
index 0000000000..f291d5b387
--- /dev/null
+++ b/gnu/packages/patches/libxslt-CVE-2015-7995.patch
@@ -0,0 +1,29 @@
+From 7ca19df892ca22d9314e95d59ce2abdeff46b617 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Thu, 29 Oct 2015 19:33:23 +0800
+Subject: [PATCH] Fix for type confusion in preprocessing attributes
+
+CVE-2015-7995 http://www.openwall.com/lists/oss-security/2015/10/27/10
+We need to check that the parent node is an element before dereferencing
+its namespace
+---
+ libxslt/preproc.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libxslt/preproc.c b/libxslt/preproc.c
+index 0eb80a0..7f69325 100644
+--- a/libxslt/preproc.c
++++ b/libxslt/preproc.c
+@@ -2249,7 +2249,8 @@ xsltStylePreCompute(xsltStylesheetPtr style, xmlNodePtr inst) {
+ } else if (IS_XSLT_NAME(inst, "attribute")) {
+ xmlNodePtr parent = inst->parent;
+
+- if ((parent == NULL) || (parent->ns == NULL) ||
++ if ((parent == NULL) ||
++ (parent->type != XML_ELEMENT_NODE) || (parent->ns == NULL) ||
+ ((parent->ns != inst->ns) &&
+ (!xmlStrEqual(parent->ns->href, inst->ns->href))) ||
+ (!xmlStrEqual(parent->name, BAD_CAST "attribute-set"))) {
+--
+2.6.3
+
diff --git a/gnu/packages/patches/libxslt-generated-ids.patch b/gnu/packages/patches/libxslt-generated-ids.patch
deleted file mode 100644
index 4273875c7c..0000000000
--- a/gnu/packages/patches/libxslt-generated-ids.patch
+++ /dev/null
@@ -1,173 +0,0 @@
-This makes generated IDs deterministic.
-
-Written by Daniel Veillard.
-
-This should be fixed in next release (2.29).
-See https://bugzilla.gnome.org/show_bug.cgi?id=751621.
-
-diff --git a/libxslt/functions.c b/libxslt/functions.c
-index 6448bde..5b00a6d 100644
---- a/libxslt/functions.c
-+++ b/libxslt/functions.c
-@@ -651,6 +651,63 @@ xsltFormatNumberFunction(xmlXPathParserContextPtr ctxt, int nargs)
- }
-
- /**
-+ * xsltCleanupIds:
-+ * @ctxt: the transformation context
-+ * @root: the root of the resulting document
-+ *
-+ * This clean up ids which may have been saved in Element contents
-+ * by xsltGenerateIdFunction() to provide stable IDs on elements.
-+ *
-+ * Returns the number of items cleaned or -1 in case of error
-+ */
-+int
-+xsltCleanupIds(xsltTransformContextPtr ctxt, xmlNodePtr root) {
-+ xmlNodePtr cur;
-+ int count = 0;
-+
-+ if ((ctxt == NULL) || (root == NULL))
-+ return(-1);
-+ if (root->type != XML_ELEMENT_NODE)
-+ return(-1);
-+
-+ cur = root;
-+ while (cur != NULL) {
-+ if (cur->type == XML_ELEMENT_NODE) {
-+ if (cur->content != NULL) {
-+ cur->content = NULL;
-+ count++;
-+ }
-+ if (cur->children != NULL) {
-+ cur = cur->children;
-+ continue;
-+ }
-+ }
-+ if (cur->next != NULL) {
-+ cur = cur->next;
-+ continue;
-+ }
-+ do {
-+ cur = cur->parent;
-+ if (cur == NULL)
-+ break;
-+ if (cur == (xmlNodePtr) root) {
-+ cur = NULL;
-+ break;
-+ }
-+ if (cur->next != NULL) {
-+ cur = cur->next;
-+ break;
-+ }
-+ } while (cur != NULL);
-+ }
-+
-+fprintf(stderr, "Attributed %d IDs for element, cleaned up %d\n",
-+ ctxt->nextid, count);
-+
-+ return(count);
-+}
-+
-+/**
- * xsltGenerateIdFunction:
- * @ctxt: the XPath Parser context
- * @nargs: the number of arguments
-@@ -701,7 +758,39 @@ xsltGenerateIdFunction(xmlXPathParserContextPtr ctxt, int nargs){
- if (obj)
- xmlXPathFreeObject(obj);
-
-- val = (long)((char *)cur - (char *)&base_address);
-+ /*
-+ * Try to provide stable ID for generated document:
-+ * - usually ID are computed to be placed on elements via attributes
-+ * so using the element as the node for the ID
-+ * - the cur->content should be a correct placeholder for this, we use
-+ * it to hold element node numbers in xmlXPathOrderDocElems to
-+ * speed up XPath too
-+ * - xsltCleanupIds() clean them up before handing the XSLT output
-+ * to the API client.
-+ * - other nodes types use the node address method but that should
-+ * not end up in resulting document ID
-+ * - we can enable this by default without risk of performance issues
-+ * only the one pass xsltCleanupIds() is added
-+ */
-+ if (cur->type == XML_ELEMENT_NODE) {
-+ if (cur->content == NULL) {
-+ xsltTransformContextPtr tctxt;
-+
-+ tctxt = xsltXPathGetTransformContext(ctxt);
-+ if (tctxt == NULL) {
-+ val = (long)((char *)cur - (char *)&base_address);
-+ } else {
-+ tctxt->nextid++;
-+ val = tctxt->nextid;
-+ cur->content = (void *) (val);
-+ }
-+ } else {
-+ val = (long) cur->content;
-+ }
-+ } else {
-+ val = (long)((char *)cur - (char *)&base_address);
-+ }
-+
- if (val >= 0) {
- sprintf((char *)str, "idp%ld", val);
- } else {
-diff --git a/libxslt/functions.h b/libxslt/functions.h
-index e0e0bf9..4a1e163 100644
---- a/libxslt/functions.h
-+++ b/libxslt/functions.h
-@@ -64,6 +64,13 @@ XSLTPUBFUN void XSLTCALL
- int nargs);
-
- /*
-+ * Cleanup for ID generation
-+ */
-+XSLTPUBFUN int XSLTCALL
-+ xsltCleanupIds (xsltTransformContextPtr ctxt,
-+ xmlNodePtr root);
-+
-+/*
- * And the registration
- */
-
-diff --git a/libxslt/transform.c b/libxslt/transform.c
-index 24f9eb2..2bdf6bf 100644
---- a/libxslt/transform.c
-+++ b/libxslt/transform.c
-@@ -700,6 +700,7 @@ xsltNewTransformContext(xsltStylesheetPtr style, xmlDocPtr doc) {
- cur->traceCode = (unsigned long*) &xsltDefaultTrace;
- cur->xinclude = xsltGetXIncludeDefault();
- cur->keyInitLevel = 0;
-+ cur->nextid = 0;
-
- return(cur);
-
-@@ -6092,6 +6093,13 @@ xsltApplyStylesheetInternal(xsltStylesheetPtr style, xmlDocPtr doc,
- if (root != NULL) {
- const xmlChar *doctype = NULL;
-
-+ /*
-+ * cleanup ids which may have been saved in Elements content ptrs
-+ */
-+ if (ctxt->nextid != 0) {
-+ xsltCleanupIds(ctxt, root);
-+ }
-+
- if ((root->ns != NULL) && (root->ns->prefix != NULL))
- doctype = xmlDictQLookup(ctxt->dict, root->ns->prefix, root->name);
- if (doctype == NULL)
-diff --git a/libxslt/xsltInternals.h b/libxslt/xsltInternals.h
-index 95e8fe6..8eedae4 100644
---- a/libxslt/xsltInternals.h
-+++ b/libxslt/xsltInternals.h
-@@ -1786,6 +1786,8 @@ struct _xsltTransformContext {
- int funcLevel; /* Needed to catch recursive functions issues */
- int maxTemplateDepth;
- int maxTemplateVars;
-+
-+ unsigned long nextid;/* for generating stable ids */
- };
-
- /**
diff --git a/gnu/packages/patches/mit-krb5-CVE-2015-8629.patch b/gnu/packages/patches/mit-krb5-CVE-2015-8629.patch
new file mode 100644
index 0000000000..a296d8cb1b
--- /dev/null
+++ b/gnu/packages/patches/mit-krb5-CVE-2015-8629.patch
@@ -0,0 +1,51 @@
+Copied from Fedora.
+http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-CVE-2015-8629.patch?h=f22
+
+From df17a1224a3406f57477bcd372c61e04c0e5a5bb Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson@mit.edu>
+Date: Fri, 8 Jan 2016 12:45:25 -0500
+Subject: [PATCH 1/3] Verify decoded kadmin C strings [CVE-2015-8629]
+
+In xdr_nullstring(), check that the decoded string is terminated with
+a zero byte and does not contain any internal zero bytes.
+
+CVE-2015-8629:
+
+In all versions of MIT krb5, an authenticated attacker can cause
+kadmind to read beyond the end of allocated memory by sending a string
+without a terminating zero byte. Information leakage may be possible
+for an attacker with permission to modify the database.
+
+ CVSSv2 Vector: AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C
+
+ticket: 8341 (new)
+target_version: 1.14-next
+target_version: 1.13-next
+tags: pullup
+---
+ src/lib/kadm5/kadm_rpc_xdr.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c
+index 2bef858..ba67084 100644
+--- a/src/lib/kadm5/kadm_rpc_xdr.c
++++ b/src/lib/kadm5/kadm_rpc_xdr.c
+@@ -64,7 +64,14 @@ bool_t xdr_nullstring(XDR *xdrs, char **objp)
+ return FALSE;
+ }
+ }
+- return (xdr_opaque(xdrs, *objp, size));
++ if (!xdr_opaque(xdrs, *objp, size))
++ return FALSE;
++ /* Check that the unmarshalled bytes are a C string. */
++ if ((*objp)[size - 1] != '\0')
++ return FALSE;
++ if (memchr(*objp, '\0', size - 1) != NULL)
++ return FALSE;
++ return TRUE;
+
+ case XDR_ENCODE:
+ if (size != 0)
+--
+2.7.0.rc3
+
diff --git a/gnu/packages/patches/mit-krb5-CVE-2015-8630.patch b/gnu/packages/patches/mit-krb5-CVE-2015-8630.patch
new file mode 100644
index 0000000000..c21d84b1e7
--- /dev/null
+++ b/gnu/packages/patches/mit-krb5-CVE-2015-8630.patch
@@ -0,0 +1,81 @@
+Copied from Fedora.
+http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-CVE-2015-8630.patch?h=f22
+
+From b863de7fbf080b15e347a736fdda0a82d42f4f6b Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson@mit.edu>
+Date: Fri, 8 Jan 2016 12:52:28 -0500
+Subject: [PATCH 2/3] Check for null kadm5 policy name [CVE-2015-8630]
+
+In kadm5_create_principal_3() and kadm5_modify_principal(), check for
+entry->policy being null when KADM5_POLICY is included in the mask.
+
+CVE-2015-8630:
+
+In MIT krb5 1.12 and later, an authenticated attacker with permission
+to modify a principal entry can cause kadmind to dereference a null
+pointer by supplying a null policy value but including KADM5_POLICY in
+the mask.
+
+ CVSSv2 Vector: AV:N/AC:H/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C
+
+ticket: 8342 (new)
+target_version: 1.14-next
+target_version: 1.13-next
+tags: pullup
+---
+ src/lib/kadm5/srv/svr_principal.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
+index 5b95fa3..1d4365c 100644
+--- a/src/lib/kadm5/srv/svr_principal.c
++++ b/src/lib/kadm5/srv/svr_principal.c
+@@ -395,6 +395,8 @@ kadm5_create_principal_3(void *server_handle,
+ /*
+ * Argument sanity checking, and opening up the DB
+ */
++ if (entry == NULL)
++ return EINVAL;
+ if(!(mask & KADM5_PRINCIPAL) || (mask & KADM5_MOD_NAME) ||
+ (mask & KADM5_MOD_TIME) || (mask & KADM5_LAST_PWD_CHANGE) ||
+ (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) ||
+@@ -403,12 +405,12 @@ kadm5_create_principal_3(void *server_handle,
+ return KADM5_BAD_MASK;
+ if ((mask & KADM5_KEY_DATA) && entry->n_key_data != 0)
+ return KADM5_BAD_MASK;
++ if((mask & KADM5_POLICY) && entry->policy == NULL)
++ return KADM5_BAD_MASK;
+ if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR))
+ return KADM5_BAD_MASK;
+ if((mask & ~ALL_PRINC_MASK))
+ return KADM5_BAD_MASK;
+- if (entry == NULL)
+- return EINVAL;
+
+ /*
+ * Check to see if the principal exists
+@@ -643,6 +645,8 @@ kadm5_modify_principal(void *server_handle,
+
+ krb5_clear_error_message(handle->context);
+
++ if(entry == NULL)
++ return EINVAL;
+ if((mask & KADM5_PRINCIPAL) || (mask & KADM5_LAST_PWD_CHANGE) ||
+ (mask & KADM5_MOD_TIME) || (mask & KADM5_MOD_NAME) ||
+ (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) ||
+@@ -651,10 +655,10 @@ kadm5_modify_principal(void *server_handle,
+ return KADM5_BAD_MASK;
+ if((mask & ~ALL_PRINC_MASK))
+ return KADM5_BAD_MASK;
++ if((mask & KADM5_POLICY) && entry->policy == NULL)
++ return KADM5_BAD_MASK;
+ if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR))
+ return KADM5_BAD_MASK;
+- if(entry == (kadm5_principal_ent_t) NULL)
+- return EINVAL;
+ if (mask & KADM5_TL_DATA) {
+ tl_data_orig = entry->tl_data;
+ while (tl_data_orig) {
+--
+2.7.0.rc3
+
diff --git a/gnu/packages/patches/mit-krb5-CVE-2015-8631.patch b/gnu/packages/patches/mit-krb5-CVE-2015-8631.patch
new file mode 100644
index 0000000000..dd1eb2945c
--- /dev/null
+++ b/gnu/packages/patches/mit-krb5-CVE-2015-8631.patch
@@ -0,0 +1,576 @@
+Copied from Fedora.
+http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-CVE-2015-8631.patch?h=f22
+
+From 83ed75feba32e46f736fcce0d96a0445f29b96c2 Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson@mit.edu>
+Date: Fri, 8 Jan 2016 13:16:54 -0500
+Subject: [PATCH 3/3] Fix leaks in kadmin server stubs [CVE-2015-8631]
+
+In each kadmind server stub, initialize the client_name and
+server_name variables, and release them in the cleanup handler. Many
+of the stubs will otherwise leak the client and server name if
+krb5_unparse_name() fails. Also make sure to free the prime_arg
+variables in rename_principal_2_svc(), or we can leak the first one if
+unparsing the second one fails. Discovered by Simo Sorce.
+
+CVE-2015-8631:
+
+In all versions of MIT krb5, an authenticated attacker can cause
+kadmind to leak memory by supplying a null principal name in a request
+which uses one. Repeating these requests will eventually cause
+kadmind to exhaust all available memory.
+
+ CVSSv2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C
+
+ticket: 8343 (new)
+target_version: 1.14-next
+target_version: 1.13-next
+tags: pullup
+---
+ src/kadmin/server/server_stubs.c | 151 ++++++++++++++++++++-------------------
+ 1 file changed, 77 insertions(+), 74 deletions(-)
+
+diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c
+index 1879dc6..6ac797e 100644
+--- a/src/kadmin/server/server_stubs.c
++++ b/src/kadmin/server/server_stubs.c
+@@ -334,7 +334,8 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp)
+ {
+ static generic_ret ret;
+ char *prime_arg;
+- gss_buffer_desc client_name, service_name;
++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
+ OM_uint32 minor_stat;
+ kadm5_server_handle_t handle;
+ restriction_t *rp;
+@@ -382,10 +383,10 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp)
+ krb5_free_error_message(handle->context, errmsg);
+ }
+ free(prime_arg);
+- gss_release_buffer(&minor_stat, &client_name);
+- gss_release_buffer(&minor_stat, &service_name);
+
+ exit_func:
++ gss_release_buffer(&minor_stat, &client_name);
++ gss_release_buffer(&minor_stat, &service_name);
+ free_server_handle(handle);
+ return &ret;
+ }
+@@ -395,7 +396,8 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp)
+ {
+ static generic_ret ret;
+ char *prime_arg;
+- gss_buffer_desc client_name, service_name;
++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
+ OM_uint32 minor_stat;
+ kadm5_server_handle_t handle;
+ restriction_t *rp;
+@@ -444,10 +446,10 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp)
+ krb5_free_error_message(handle->context, errmsg);
+ }
+ free(prime_arg);
+- gss_release_buffer(&minor_stat, &client_name);
+- gss_release_buffer(&minor_stat, &service_name);
+
+ exit_func:
++ gss_release_buffer(&minor_stat, &client_name);
++ gss_release_buffer(&minor_stat, &service_name);
+ free_server_handle(handle);
+ return &ret;
+ }
+@@ -457,8 +459,8 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp)
+ {
+ static generic_ret ret;
+ char *prime_arg;
+- gss_buffer_desc client_name,
+- service_name;
++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
+ OM_uint32 minor_stat;
+ kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
+@@ -501,10 +503,10 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp)
+
+ }
+ free(prime_arg);
+- gss_release_buffer(&minor_stat, &client_name);
+- gss_release_buffer(&minor_stat, &service_name);
+
+ exit_func:
++ gss_release_buffer(&minor_stat, &client_name);
++ gss_release_buffer(&minor_stat, &service_name);
+ free_server_handle(handle);
+ return &ret;
+ }
+@@ -514,8 +516,8 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp)
+ {
+ static generic_ret ret;
+ char *prime_arg;
+- gss_buffer_desc client_name,
+- service_name;
++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
+ OM_uint32 minor_stat;
+ kadm5_server_handle_t handle;
+ restriction_t *rp;
+@@ -559,9 +561,9 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp)
+ krb5_free_error_message(handle->context, errmsg);
+ }
+ free(prime_arg);
++exit_func:
+ gss_release_buffer(&minor_stat, &client_name);
+ gss_release_buffer(&minor_stat, &service_name);
+-exit_func:
+ free_server_handle(handle);
+ return &ret;
+ }
+@@ -570,10 +572,9 @@ generic_ret *
+ rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp)
+ {
+ static generic_ret ret;
+- char *prime_arg1,
+- *prime_arg2;
+- gss_buffer_desc client_name,
+- service_name;
++ char *prime_arg1 = NULL, *prime_arg2 = NULL;
++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
+ OM_uint32 minor_stat;
+ kadm5_server_handle_t handle;
+ restriction_t *rp;
+@@ -655,11 +656,11 @@ rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp)
+ krb5_free_error_message(handle->context, errmsg);
+
+ }
++exit_func:
+ free(prime_arg1);
+ free(prime_arg2);
+ gss_release_buffer(&minor_stat, &client_name);
+ gss_release_buffer(&minor_stat, &service_name);
+-exit_func:
+ free_server_handle(handle);
+ return &ret;
+ }
+@@ -669,8 +670,8 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
+ {
+ static gprinc_ret ret;
+ char *prime_arg, *funcname;
+- gss_buffer_desc client_name,
+- service_name;
++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
+ OM_uint32 minor_stat;
+ kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
+@@ -719,9 +720,9 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
+ krb5_free_error_message(handle->context, errmsg);
+ }
+ free(prime_arg);
++exit_func:
+ gss_release_buffer(&minor_stat, &client_name);
+ gss_release_buffer(&minor_stat, &service_name);
+-exit_func:
+ free_server_handle(handle);
+ return &ret;
+ }
+@@ -731,8 +732,8 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp)
+ {
+ static gprincs_ret ret;
+ char *prime_arg;
+- gss_buffer_desc client_name,
+- service_name;
++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
+ OM_uint32 minor_stat;
+ kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
+@@ -777,9 +778,9 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp)
+ krb5_free_error_message(handle->context, errmsg);
+
+ }
++exit_func:
+ gss_release_buffer(&minor_stat, &client_name);
+ gss_release_buffer(&minor_stat, &service_name);
+-exit_func:
+ free_server_handle(handle);
+ return &ret;
+ }
+@@ -789,8 +790,8 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp)
+ {
+ static generic_ret ret;
+ char *prime_arg;
+- gss_buffer_desc client_name,
+- service_name;
++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
+ OM_uint32 minor_stat;
+ kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
+@@ -840,9 +841,9 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp)
+ }
+
+ free(prime_arg);
++exit_func:
+ gss_release_buffer(&minor_stat, &client_name);
+ gss_release_buffer(&minor_stat, &service_name);
+-exit_func:
+ free_server_handle(handle);
+ return &ret;
+ }
+@@ -852,8 +853,8 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp)
+ {
+ static generic_ret ret;
+ char *prime_arg;
+- gss_buffer_desc client_name,
+- service_name;
++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
+ OM_uint32 minor_stat;
+ kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
+@@ -909,9 +910,9 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp)
+ }
+
+ free(prime_arg);
++exit_func:
+ gss_release_buffer(&minor_stat, &client_name);
+ gss_release_buffer(&minor_stat, &service_name);
+-exit_func:
+ free_server_handle(handle);
+ return &ret;
+ }
+@@ -921,8 +922,8 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp)
+ {
+ static generic_ret ret;
+ char *prime_arg;
+- gss_buffer_desc client_name,
+- service_name;
++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
+ OM_uint32 minor_stat;
+ kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
+@@ -969,9 +970,9 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp)
+ }
+
+ free(prime_arg);
++exit_func:
+ gss_release_buffer(&minor_stat, &client_name);
+ gss_release_buffer(&minor_stat, &service_name);
+-exit_func:
+ free_server_handle(handle);
+ return &ret;
+ }
+@@ -981,8 +982,8 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp)
+ {
+ static generic_ret ret;
+ char *prime_arg;
+- gss_buffer_desc client_name,
+- service_name;
++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
+ OM_uint32 minor_stat;
+ kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
+@@ -1029,9 +1030,9 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp)
+ }
+
+ free(prime_arg);
++exit_func:
+ gss_release_buffer(&minor_stat, &client_name);
+ gss_release_buffer(&minor_stat, &service_name);
+-exit_func:
+ free_server_handle(handle);
+ return &ret;
+ }
+@@ -1041,8 +1042,8 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp)
+ {
+ static generic_ret ret;
+ char *prime_arg;
+- gss_buffer_desc client_name,
+- service_name;
++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
+ OM_uint32 minor_stat;
+ kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
+@@ -1092,9 +1093,9 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp)
+ }
+
+ free(prime_arg);
++exit_func:
+ gss_release_buffer(&minor_stat, &client_name);
+ gss_release_buffer(&minor_stat, &service_name);
+-exit_func:
+ free_server_handle(handle);
+ return &ret;
+ }
+@@ -1106,8 +1107,8 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp)
+ krb5_keyblock *k;
+ int nkeys;
+ char *prime_arg, *funcname;
+- gss_buffer_desc client_name,
+- service_name;
++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
+ OM_uint32 minor_stat;
+ kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
+@@ -1164,9 +1165,9 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp)
+ krb5_free_error_message(handle->context, errmsg);
+ }
+ free(prime_arg);
++exit_func:
+ gss_release_buffer(&minor_stat, &client_name);
+ gss_release_buffer(&minor_stat, &service_name);
+-exit_func:
+ free_server_handle(handle);
+ return &ret;
+ }
+@@ -1178,8 +1179,8 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp)
+ krb5_keyblock *k;
+ int nkeys;
+ char *prime_arg, *funcname;
+- gss_buffer_desc client_name,
+- service_name;
++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
+ OM_uint32 minor_stat;
+ kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
+@@ -1241,9 +1242,9 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp)
+ krb5_free_error_message(handle->context, errmsg);
+ }
+ free(prime_arg);
++exit_func:
+ gss_release_buffer(&minor_stat, &client_name);
+ gss_release_buffer(&minor_stat, &service_name);
+-exit_func:
+ free_server_handle(handle);
+ return &ret;
+ }
+@@ -1253,8 +1254,8 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp)
+ {
+ static generic_ret ret;
+ char *prime_arg;
+- gss_buffer_desc client_name,
+- service_name;
++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
+ OM_uint32 minor_stat;
+ kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
+@@ -1295,9 +1296,9 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp)
+ if (errmsg != NULL)
+ krb5_free_error_message(handle->context, errmsg);
+ }
++exit_func:
+ gss_release_buffer(&minor_stat, &client_name);
+ gss_release_buffer(&minor_stat, &service_name);
+-exit_func:
+ free_server_handle(handle);
+ return &ret;
+ }
+@@ -1307,8 +1308,8 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp)
+ {
+ static generic_ret ret;
+ char *prime_arg;
+- gss_buffer_desc client_name,
+- service_name;
++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
+ OM_uint32 minor_stat;
+ kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
+@@ -1347,9 +1348,9 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp)
+ if (errmsg != NULL)
+ krb5_free_error_message(handle->context, errmsg);
+ }
++exit_func:
+ gss_release_buffer(&minor_stat, &client_name);
+ gss_release_buffer(&minor_stat, &service_name);
+-exit_func:
+ free_server_handle(handle);
+ return &ret;
+ }
+@@ -1359,8 +1360,8 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp)
+ {
+ static generic_ret ret;
+ char *prime_arg;
+- gss_buffer_desc client_name,
+- service_name;
++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
+ OM_uint32 minor_stat;
+ kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
+@@ -1400,9 +1401,9 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp)
+ if (errmsg != NULL)
+ krb5_free_error_message(handle->context, errmsg);
+ }
++exit_func:
+ gss_release_buffer(&minor_stat, &client_name);
+ gss_release_buffer(&minor_stat, &service_name);
+-exit_func:
+ free_server_handle(handle);
+ return &ret;
+ }
+@@ -1413,8 +1414,8 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp)
+ static gpol_ret ret;
+ kadm5_ret_t ret2;
+ char *prime_arg, *funcname;
+- gss_buffer_desc client_name,
+- service_name;
++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
+ OM_uint32 minor_stat;
+ kadm5_principal_ent_rec caller_ent;
+ kadm5_server_handle_t handle;
+@@ -1475,9 +1476,9 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp)
+ log_unauth(funcname, prime_arg,
+ &client_name, &service_name, rqstp);
+ }
++exit_func:
+ gss_release_buffer(&minor_stat, &client_name);
+ gss_release_buffer(&minor_stat, &service_name);
+-exit_func:
+ free_server_handle(handle);
+ return &ret;
+
+@@ -1488,8 +1489,8 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp)
+ {
+ static gpols_ret ret;
+ char *prime_arg;
+- gss_buffer_desc client_name,
+- service_name;
++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
+ OM_uint32 minor_stat;
+ kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
+@@ -1531,9 +1532,9 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp)
+ if (errmsg != NULL)
+ krb5_free_error_message(handle->context, errmsg);
+ }
++exit_func:
+ gss_release_buffer(&minor_stat, &client_name);
+ gss_release_buffer(&minor_stat, &service_name);
+-exit_func:
+ free_server_handle(handle);
+ return &ret;
+ }
+@@ -1541,7 +1542,8 @@ exit_func:
+ getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
+ {
+ static getprivs_ret ret;
+- gss_buffer_desc client_name, service_name;
++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
+ OM_uint32 minor_stat;
+ kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
+@@ -1571,9 +1573,9 @@ getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
+ if (errmsg != NULL)
+ krb5_free_error_message(handle->context, errmsg);
+
++exit_func:
+ gss_release_buffer(&minor_stat, &client_name);
+ gss_release_buffer(&minor_stat, &service_name);
+-exit_func:
+ free_server_handle(handle);
+ return &ret;
+ }
+@@ -1583,7 +1585,8 @@ purgekeys_2_svc(purgekeys_arg *arg, struct svc_req *rqstp)
+ {
+ static generic_ret ret;
+ char *prime_arg, *funcname;
+- gss_buffer_desc client_name, service_name;
++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
+ OM_uint32 minor_stat;
+ kadm5_server_handle_t handle;
+
+@@ -1629,9 +1632,9 @@ purgekeys_2_svc(purgekeys_arg *arg, struct svc_req *rqstp)
+ krb5_free_error_message(handle->context, errmsg);
+ }
+ free(prime_arg);
++exit_func:
+ gss_release_buffer(&minor_stat, &client_name);
+ gss_release_buffer(&minor_stat, &service_name);
+-exit_func:
+ free_server_handle(handle);
+ return &ret;
+ }
+@@ -1641,8 +1644,8 @@ get_strings_2_svc(gstrings_arg *arg, struct svc_req *rqstp)
+ {
+ static gstrings_ret ret;
+ char *prime_arg;
+- gss_buffer_desc client_name,
+- service_name;
++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
+ OM_uint32 minor_stat;
+ kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
+@@ -1688,9 +1691,9 @@ get_strings_2_svc(gstrings_arg *arg, struct svc_req *rqstp)
+ krb5_free_error_message(handle->context, errmsg);
+ }
+ free(prime_arg);
++exit_func:
+ gss_release_buffer(&minor_stat, &client_name);
+ gss_release_buffer(&minor_stat, &service_name);
+-exit_func:
+ free_server_handle(handle);
+ return &ret;
+ }
+@@ -1700,8 +1703,8 @@ set_string_2_svc(sstring_arg *arg, struct svc_req *rqstp)
+ {
+ static generic_ret ret;
+ char *prime_arg;
+- gss_buffer_desc client_name,
+- service_name;
++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
+ OM_uint32 minor_stat;
+ kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
+@@ -1744,9 +1747,9 @@ set_string_2_svc(sstring_arg *arg, struct svc_req *rqstp)
+ krb5_free_error_message(handle->context, errmsg);
+ }
+ free(prime_arg);
++exit_func:
+ gss_release_buffer(&minor_stat, &client_name);
+ gss_release_buffer(&minor_stat, &service_name);
+-exit_func:
+ free_server_handle(handle);
+ return &ret;
+ }
+@@ -1754,8 +1757,8 @@ exit_func:
+ generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
+ {
+ static generic_ret ret;
+- gss_buffer_desc client_name,
+- service_name;
++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
+ kadm5_server_handle_t handle;
+ OM_uint32 minor_stat;
+ const char *errmsg = NULL;
+@@ -1797,10 +1800,10 @@ generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
+ rqstp->rq_cred.oa_flavor);
+ if (errmsg != NULL)
+ krb5_free_error_message(NULL, errmsg);
+- gss_release_buffer(&minor_stat, &client_name);
+- gss_release_buffer(&minor_stat, &service_name);
+
+ exit_func:
++ gss_release_buffer(&minor_stat, &client_name);
++ gss_release_buffer(&minor_stat, &service_name);
+ return(&ret);
+ }
+
+--
+2.7.0.rc3
+
diff --git a/gnu/packages/patches/mit-krb5-init-context-null-spnego.patch b/gnu/packages/patches/mit-krb5-init-context-null-spnego.patch
new file mode 100644
index 0000000000..195db38d08
--- /dev/null
+++ b/gnu/packages/patches/mit-krb5-init-context-null-spnego.patch
@@ -0,0 +1,49 @@
+Copied from Fedora.
+http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-init_context_null_spnego.patch?h=f22
+
+From 3beb564cea3d219efcf71682b6576cad548c2d23 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Tue, 5 Jan 2016 12:11:59 -0500
+Subject: [PATCH] Check internal context on init context errors
+
+If the mechanism deletes the internal context handle on error, the
+mechglue must do the same with the union context, to avoid crashes if
+the application calls other functions with this invalid union context.
+
+[ghudson@mit.edu: edit commit message and code comment]
+
+ticket: 8337 (new)
+target_version: 1.14-next
+target_version: 1.13-next
+tags: pullup
+---
+ src/lib/gssapi/mechglue/g_init_sec_context.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/src/lib/gssapi/mechglue/g_init_sec_context.c b/src/lib/gssapi/mechglue/g_init_sec_context.c
+index aaae767..9f154b8 100644
+--- a/src/lib/gssapi/mechglue/g_init_sec_context.c
++++ b/src/lib/gssapi/mechglue/g_init_sec_context.c
+@@ -224,12 +224,15 @@ OM_uint32 * time_rec;
+
+ if (status != GSS_S_COMPLETE && status != GSS_S_CONTINUE_NEEDED) {
+ /*
+- * the spec says (the preferred) method is to delete all
+- * context info on the first call to init, and on all
+- * subsequent calls make the caller responsible for
+- * calling gss_delete_sec_context
++ * The spec says the preferred method is to delete all context info on
++ * the first call to init, and on all subsequent calls make the caller
++ * responsible for calling gss_delete_sec_context. However, if the
++ * mechanism decided to delete the internal context, we should also
++ * delete the union context.
+ */
+ map_error(minor_status, mech);
++ if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT)
++ *context_handle = GSS_C_NO_CONTEXT;
+ if (*context_handle == GSS_C_NO_CONTEXT) {
+ free(union_ctx_id->mech_type->elements);
+ free(union_ctx_id->mech_type);
+--
+2.6.4
+
diff --git a/gnu/packages/patches/procps-non-linux.patch b/gnu/packages/patches/procps-non-linux.patch
deleted file mode 100644
index 9d369aeb2c..0000000000
--- a/gnu/packages/patches/procps-non-linux.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From aa9bd38d0a6fe53aff7f78fb2d9f61e55677c7b5 Mon Sep 17 00:00:00 2001
-From: Craig Small <csmall@enc.com.au>
-Date: Sun, 17 Apr 2016 09:09:41 +1000
-Subject: [PATCH] tests: Conditionally add prctl to test process
-
-prctl was already bypassed on Cygwin systems. This extends to
-non-Linux systems such as kFreeBSD and Hurd.
-
----
- lib/test_process.c | 4 ++--
- 2 files changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/lib/test_process.c b/lib/test_process.c
-index 6e652ed..6a4776c 100644
---- a/lib/test_process.c
-+++ b/lib/test_process.c
-@@ -21,7 +21,9 @@
- #include <stdlib.h>
- #include <unistd.h>
- #include <signal.h>
-+#ifdef __linux__
- #include <sys/prctl.h>
-+#endif
- #include "c.h"
-
- #define DEFAULT_SLEEPTIME 300
-@@ -78,8 +80,10 @@
- sigaction(SIGUSR1, &signal_action, NULL);
- sigaction(SIGUSR2, &signal_action, NULL);
-
-+#ifdef __linux__
- /* set process name */
- prctl(PR_SET_NAME, MY_NAME, NULL, NULL, NULL);
-+#endif
-
- while (sleep_time > 0) {
- sleep_time = sleep(sleep_time);
---
-2.8.2
-
diff --git a/gnu/packages/patches/rapicorn-isnan.patch b/gnu/packages/patches/rapicorn-isnan.patch
deleted file mode 100644
index b0e7819e64..0000000000
--- a/gnu/packages/patches/rapicorn-isnan.patch
+++ /dev/null
@@ -1,87 +0,0 @@
-From e0c8341b3e4e13778bcde00d477e461ea8e94306 Mon Sep 17 00:00:00 2001
-From: Stefan Westerfeld <stefan@space.twc.de>
-Date: Fri, 22 Apr 2016 18:03:37 +0200
-Subject: [PATCH 031/176] RCORE: compile fixes for KUbuntu 16.04/gcc
- 5.3.1-14ubuntu2
-
-Rapicorn uses isnan(...) and isinf(...) from cmath.h, however on KUbuntu 16.04
-it should use std::isnan(...) and std::isinf(...) instead. Patch below.
-
-Acked-by: Tim Janik <timj@gnu.org>
----
- rcore/strings.cc | 10 +++++-----
- rcore/tests/benchrcore.cc | 4 ++--
- rcore/tests/strings.cc | 4 ++--
- 3 files changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/rcore/strings.cc b/rcore/strings.cc
-index d5b0216..8b3bc3f 100644
---- a/rcore/strings.cc
-+++ b/rcore/strings.cc
-@@ -437,7 +437,7 @@ static long double
- libc_strtold (const char *nptr, char **endptr)
- {
- const long double result = strtold (nptr, endptr);
-- if (isnan (result) && std::signbit (result) == 0)
-+ if (std::isnan (result) && std::signbit (result) == 0)
- {
- const char *p = nptr;
- while (isspace (*p))
-@@ -500,9 +500,9 @@ string_to_double (const char *dblstring, const char **endptr)
- String
- string_from_float (float value)
- {
-- if (isnan (value))
-+ if (std::isnan (value))
- return std::signbit (value) ? "-NaN" : "+NaN";
-- if (isinf (value))
-+ if (std::isinf (value))
- return std::signbit (value) ? "-Infinity" : "+Infinity";
- return string_format ("%.7g", value);
- }
-@@ -511,9 +511,9 @@ string_from_float (float value)
- String
- string_from_double (double value)
- {
-- if (isnan (value))
-+ if (std::isnan (value))
- return std::signbit (value) ? "-NaN" : "+NaN";
-- if (isinf (value))
-+ if (std::isinf (value))
- return std::signbit (value) ? "-Infinity" : "+Infinity";
- return string_format ("%.17g", value);
- }
-diff --git a/rcore/tests/benchrcore.cc b/rcore/tests/benchrcore.cc
-index 3899a08..12fde16 100644
---- a/rcore/tests/benchrcore.cc
-+++ b/rcore/tests/benchrcore.cc
-@@ -188,8 +188,8 @@ test_random_numbers()
- const double rf = random_frange (989617512, 9876547656);
- TASSERT (rf >= 989617512 && rf < 9876547656);
- }
-- TASSERT (isnan (random_frange (NAN, 1)));
-- TASSERT (isnan (random_frange (0, NAN)));
-+ TASSERT (std::isnan (random_frange (NAN, 1)));
-+ TASSERT (std::isnan (random_frange (0, NAN)));
- #if 0 // example penalty paid in random_int64()
- size_t i, j = 0;
- for (i = 0; i < 100; i++)
-diff --git a/rcore/tests/strings.cc b/rcore/tests/strings.cc
-index 468a6e6..dae3e3d 100644
---- a/rcore/tests/strings.cc
-+++ b/rcore/tests/strings.cc
-@@ -311,9 +311,9 @@ string_conversions (void)
- TCMP (string_to_double ("-0.5"), ==, -0.5);
- double tfloat;
- tfloat = string_to_double ("+NAN");
-- assert (isnan (tfloat) && std::signbit (tfloat) == 0);
-+ assert (std::isnan (tfloat) && std::signbit (tfloat) == 0);
- tfloat = string_to_double ("-NAN");
-- assert (isnan (tfloat) && std::signbit (tfloat) == 1);
-+ assert (std::isnan (tfloat) && std::signbit (tfloat) == 1);
- TCMP (string_capitalize ("fOO bar"), ==, "Foo Bar");
- TCMP (string_capitalize ("foo BAR BAZ", 2), ==, "Foo Bar BAZ");
- }
---
-2.9.1
-
diff --git a/gnu/packages/patches/tar-d_ino_in_dirent-fix.patch b/gnu/packages/patches/tar-d_ino_in_dirent-fix.patch
new file mode 100644
index 0000000000..39d8e2b20a
--- /dev/null
+++ b/gnu/packages/patches/tar-d_ino_in_dirent-fix.patch
@@ -0,0 +1,33 @@
+commit e9ddc08da0982f36581ae5a8c7763453ff41cfe8
+Author: Sergey Poznyakoff <gray@gnu.org>
+Date: Thu Sep 25 00:22:16 2014 +0300
+
+ Bugfixes.
+
+ * doc/tar.1: Fix typo in font spec.
+ * src/tar.c (sort_mode_arg, sort_mode_flag): Protect "inode"
+ (SAVEDIR_SORT_INODE) with D_INO_IN_DIRENT
+
+diff --git a/src/tar.c b/src/tar.c
+index 225c624..f8102e0 100644
+--- a/src/tar.c
++++ b/src/tar.c
+@@ -1341,14 +1341,18 @@ static char filename_terminator;
+ static char const *const sort_mode_arg[] = {
+ "none",
+ "name",
++#if D_INO_IN_DIRENT
+ "inode",
++#endif
+ NULL
+ };
+
+ static int sort_mode_flag[] = {
+ SAVEDIR_SORT_NONE,
+ SAVEDIR_SORT_NAME,
++#if D_INO_IN_DIRENT
+ SAVEDIR_SORT_INODE
++#endif
+ };
+
+ ARGMATCH_VERIFY (sort_mode_arg, sort_mode_flag); \ No newline at end of file
diff --git a/gnu/packages/pcre.scm b/gnu/packages/pcre.scm
index fe9157af12..e954492554 100644
--- a/gnu/packages/pcre.scm
+++ b/gnu/packages/pcre.scm
@@ -32,6 +32,7 @@
(package
(name "pcre")
(version "8.38")
+ (replacement pcre-fixed)
(source (origin
(method url-fetch)
(uri (list
@@ -42,18 +43,15 @@
version "/pcre-" version ".tar.bz2")))
(sha256
(base32
- "1pvra19ljkr5ky35y2iywjnsckrs9ch2anrf5b0dc91hw8v2vq5r"))
- (patches (list (search-patch "pcre-CVE-2016-3191.patch")))))
+ "1pvra19ljkr5ky35y2iywjnsckrs9ch2anrf5b0dc91hw8v2vq5r"))))
(build-system gnu-build-system)
- (outputs '("out" ;library & headers
- "bin" ;depends on Readline (adds 20MiB to the closure)
- "doc")) ;1.8 MiB of HTML
+ (outputs '("out"
+ "doc")) ;1.8 MiB of HTML
(inputs `(("bzip2" ,bzip2)
("readline" ,readline)
("zlib" ,zlib)))
(arguments
- '(#:disallowed-references ("doc")
- #:configure-flags '("--enable-utf"
+ `(#:configure-flags '("--enable-utf"
"--enable-pcregrep-libz"
"--enable-pcregrep-libbz2"
"--enable-pcretest-libreadline"
@@ -70,6 +68,13 @@ POSIX regular expression API.")
(license license:bsd-3)
(home-page "http://www.pcre.org/")))
+(define pcre-fixed ;for CVE-2016-3191
+ (package
+ (inherit pcre)
+ (source (origin
+ (inherit (package-source pcre))
+ (patches (search-patches "pcre-CVE-2016-3191.patch"))))))
+
(define-public pcre2
(package
(name "pcre2")
diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm
index dd7a0b0af5..c5cbe9862f 100644
--- a/gnu/packages/pdf.scm
+++ b/gnu/packages/pdf.scm
@@ -88,10 +88,7 @@
`(#:tests? #f ; no test data provided with the tarball
#:configure-flags
'("--enable-xpdf-headers" ; to install header files
- "--enable-zlib"
-
- ;; Saves 8 MiB of .a files.
- "--disable-static")
+ "--enable-zlib")
#:phases
(alist-cons-before
'configure 'setenv
@@ -512,38 +509,27 @@ and examining the file structure (pdfshow).")
(uri (string-append "mirror://sourceforge/qpdf/qpdf/" version
"/qpdf-" version ".tar.gz"))
(sha256 (base32
- "1lq1v7xghvl6p4hgrwbps3a13ad6lh4ib3myimb83hxgsgd4n5nm"))
- (modules '((guix build utils)))
- (snippet
- ;; Replace shebang with the bi-lingual shell/Perl trick to remove
- ;; dependency on Perl.
- '(substitute* "qpdf/fix-qdf"
- (("#!/usr/bin/env perl")
- "\
-eval '(exit $?0)' && eval 'exec perl -wS \"$0\" ${1+\"$@\"}'
- & eval 'exec perl -wS \"$0\" $argv:q'
- if 0;\n")))))
+ "1lq1v7xghvl6p4hgrwbps3a13ad6lh4ib3myimb83hxgsgd4n5nm"))))
(build-system gnu-build-system)
(arguments
- `(#:disallowed-references (,perl)
- #:phases (alist-cons-before
- 'configure 'patch-paths
- (lambda _
- (substitute* "make/libtool.mk"
- (("SHELL=/bin/bash")
- (string-append "SHELL=" (which "bash"))))
- (substitute* (append
- '("qtest/bin/qtest-driver")
- (find-files "." "\\.test"))
- (("/usr/bin/env") (which "env"))))
- %standard-phases)))
+ '(#:phases (alist-cons-before
+ 'configure 'patch-paths
+ (lambda _
+ (substitute* "make/libtool.mk"
+ (("SHELL=/bin/bash")
+ (string-append "SHELL=" (which "bash"))))
+ (substitute* (append
+ '("qtest/bin/qtest-driver")
+ (find-files "." "\\.test"))
+ (("/usr/bin/env") (which "env"))))
+ %standard-phases)))
(native-inputs
- `(("pkg-config" ,pkg-config)
- ("perl" ,perl)))
+ `(("pkg-config" ,pkg-config)))
(propagated-inputs
`(("pcre" ,pcre)))
(inputs
- `(("zlib" ,zlib)))
+ `(("zlib" ,zlib)
+ ("perl" ,perl)))
(synopsis "Command-line tools and library for transforming PDF files")
(description
"QPDF is a command-line program that does structural, content-preserving
diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm
index 4423c77bbd..08a16ad2af 100644
--- a/gnu/packages/perl.scm
+++ b/gnu/packages/perl.scm
@@ -90,7 +90,15 @@
"-Dinstallstyle=lib/perl5"
"-Duseshrplib"
(string-append "-Dlocincpth=" libc "/include")
- (string-append "-Dloclibpth=" libc "/lib"))))))
+ (string-append "-Dloclibpth=" libc "/lib")
+
+ ;; Force the library search path to contain only libc
+ ;; because it is recorded in Config.pm and
+ ;; Config_heavy.pl; we don't want to keep a reference
+ ;; to everything that's in $LIBRARY_PATH at build
+ ;; time (Binutils, bzip2, file, etc.)
+ (string-append "-Dlibpth=" libc "/lib")
+ (string-append "-Dplibpth=" libc "/lib"))))))
(add-before
'strip 'make-shared-objects-writable
@@ -101,34 +109,7 @@
(lib (string-append out "/lib")))
(for-each (lambda (dso)
(chmod dso #o755))
- (find-files lib "\\.so$")))))
-
- (add-after 'install 'remove-extra-references
- (lambda* (#:key inputs outputs #:allow-other-keys)
- (let* ((out (assoc-ref outputs "out"))
- (libc (assoc-ref inputs "libc"))
- (config1 (car (find-files (string-append out "/lib/perl5")
- "^Config_heavy\\.pl$")))
- (config2 (find-files (string-append out "/lib/perl5")
- "^Config\\.pm$")))
- ;; Force the library search path to contain only libc because
- ;; it is recorded in Config.pm and Config_heavy.pl; we don't
- ;; want to keep a reference to everything that's in
- ;; $LIBRARY_PATH at build time (GCC, Binutils, bzip2, file,
- ;; etc.)
- (substitute* config1
- (("^incpth=.*$")
- (string-append "incpth='" libc "/include'\n"))
- (("^(libpth|plibpth|libspath)=.*$" _ variable)
- (string-append variable "='" libc "/lib'\n")))
-
- (for-each (lambda (file)
- (substitute* config2
- (("libpth => .*$")
- (string-append "libpth => '" libc
- "/lib',\n"))))
- config2)
- #t))))))
+ (find-files lib "\\.so$"))))))))
(native-search-paths (list (search-path-specification
(variable "PERL5LIB")
(files '("lib/perl5/site_perl")))))
diff --git a/gnu/packages/plotutils.scm b/gnu/packages/plotutils.scm
index c913955975..74d209192f 100644
--- a/gnu/packages/plotutils.scm
+++ b/gnu/packages/plotutils.scm
@@ -186,8 +186,7 @@ colors, styles, options and details.")
;; "help" command in interactive mode, so adding a "doc" output is not
;; currently useful.
(native-inputs
- `(("gs" ,ghostscript-gs) ;For tests
- ("gs-2" ,ghostscript) ;For dvipdfm
+ `(("gs" ,ghostscript) ;For tests
("texinfo" ,texinfo) ;For generating documentation
("texlive" ,texlive) ;For tests and documentation
("emacs" ,emacs-minimal)
diff --git a/gnu/packages/pulseaudio.scm b/gnu/packages/pulseaudio.scm
index 1a7f2c5e8e..5d36dbefc9 100644
--- a/gnu/packages/pulseaudio.scm
+++ b/gnu/packages/pulseaudio.scm
@@ -2,7 +2,6 @@
;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -136,7 +135,6 @@ rates.")
(arguments
`(#:configure-flags (list "--localstatedir=/var" ;"--sysconfdir=/etc"
"--disable-oss-output"
- "--enable-bluez5"
(string-append "--with-udev-rules-dir="
(assoc-ref %outputs "out")
"/lib/udev/rules.d"))
@@ -152,9 +150,8 @@ rates.")
%standard-phases)))
(inputs
;; TODO: Add optional inputs (GTK+?).
- `(("alsa-lib" ,alsa-lib)
- ("bluez" ,bluez)
- ("sbc" ,sbc)
+ `(;; ("sbc" ,sbc)
+ ("alsa-lib" ,alsa-lib)
("json-c" ,json-c)
("speex" ,speex)
("libsndfile" ,libsndfile)
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 470bad84ff..51b57e3fe9 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -101,7 +101,7 @@
(define-public python-2.7
(package
(name "python")
- (version "2.7.11")
+ (version "2.7.10")
(source
(origin
(method url-fetch)
@@ -109,44 +109,56 @@
version "/Python-" version ".tar.xz"))
(sha256
(base32
- "0iiz844riiznsyhhyy962710pz228gmhv8qi3yk4w4jhmx2lqawn"))
- (patches (search-patches "python-2.7-search-paths.patch"
- "python-2-deterministic-build-info.patch"
- "python-2.7-source-date-epoch.patch"))
- (modules '((guix build utils)))
- ;; suboptimal to delete failing tests here, but if we delete them in the
- ;; arguments then we need to make sure to strip out that phase when it
- ;; gets inherited by python and python-minimal.
- (snippet
- '(begin
- (for-each delete-file
- '("Lib/test/test_compileall.py"
- "Lib/test/test_distutils.py"
- "Lib/test/test_import.py"
- "Lib/test/test_shutil.py"
- "Lib/test/test_socket.py"
- "Lib/test/test_subprocess.py"))
- #t))))
+ "1h7zbrf9pkj29hlm18b10548ch9757f75m64l47sy75rh43p7lqw"))
+ (patches (search-patches
+ "python-2.7-search-paths.patch"
+ "python-2-deterministic-build-info.patch"
+ "python-2.7-source-date-epoch.patch"))))
(outputs '("out"
"tk")) ;tkinter; adds 50 MiB to the closure
(build-system gnu-build-system)
(arguments
- `(;; 356 tests OK.
- ;; 6 tests failed:
- ;; test_compileall test_distutils test_import test_shutil test_socket
- ;; test_subprocess
- ;; 39 tests skipped:
+ `(#:tests? #f
+ ;; 268 tests OK.
+ ;; 103 tests failed:
+ ;; test_distutils test_shutil test_signal test_site test_slice
+ ;; test_smtplib test_smtpnet test_socket test_socketserver
+ ;; test_softspace test_sort test_spwd test_sqlite test_ssl
+ ;; test_startfile test_stat test_str test_strftime test_string
+ ;; test_stringprep test_strop test_strptime test_strtod test_struct
+ ;; test_structmembers test_structseq test_subprocess test_sunau
+ ;; test_sunaudiodev test_sundry test_symtable test_syntax test_sys
+ ;; test_sys_setprofile test_sys_settrace test_sysconfig test_tarfile
+ ;; test_tcl test_telnetlib test_tempfile test_textwrap test_thread
+ ;; test_threaded_import test_threadedtempfile test_threading
+ ;; test_threading_local test_threadsignals test_time test_timeit
+ ;; test_timeout test_tk test_tokenize test_tools test_trace
+ ;; test_traceback test_transformer test_ttk_guionly test_ttk_textonly
+ ;; test_tuple test_typechecks test_ucn test_unary
+ ;; test_undocumented_details test_unicode test_unicode_file
+ ;; test_unicodedata test_univnewlines test_univnewlines2k test_unpack
+ ;; test_urllib test_urllib2 test_urllib2_localnet test_urllib2net
+ ;; test_urllibnet test_urlparse test_userdict test_userlist
+ ;; test_userstring test_uu test_uuid test_wait3 test_wait4
+ ;; test_warnings test_wave test_weakref test_weakset test_whichdb
+ ;; test_winreg test_winsound test_with test_wsgiref test_xdrlib
+ ;; test_xml_etree test_xml_etree_c test_xmllib test_xmlrpc
+ ;; test_xpickle test_xrange test_zipfile test_zipfile64
+ ;; test_zipimport test_zipimport_support test_zlib
+ ;; 30 tests skipped:
;; test_aepack test_al test_applesingle test_bsddb test_bsddb185
;; test_bsddb3 test_cd test_cl test_codecmaps_cn test_codecmaps_hk
- ;; test_codecmaps_jp test_codecmaps_kr test_codecmaps_tw test_curses
- ;; test_dl test_gdb test_gl test_imageop test_imgfile test_ioctl
- ;; test_kqueue test_linuxaudiodev test_macos test_macostools
- ;; test_msilib test_ossaudiodev test_scriptpackages test_smtpnet
- ;; test_socketserver test_startfile test_sunaudiodev test_timeout
- ;; test_tk test_ttk_guionly test_urllib2net test_urllibnet
- ;; test_winreg test_winsound test_zipfile64
- ;; 4 skips unexpected on linux2:
- ;; test_bsddb test_bsddb3 test_gdb test_ioctl
+ ;; test_codecmaps_jp test_codecmaps_kr test_codecmaps_tw test_crypt
+ ;; test_curses test_dl test_gdb test_gl test_idle test_imageop
+ ;; test_imgfile test_ioctl test_kqueue test_linuxaudiodev test_macos
+ ;; test_macostools test_msilib test_nis test_ossaudiodev
+ ;; test_scriptpackages
+ ;; 6 skips unexpected on linux2:
+ ;; test_bsddb test_bsddb3 test_crypt test_gdb test_idle test_ioctl
+ ;; One of the typical errors:
+ ;; test_unicode
+ ;; test test_unicode crashed -- <type 'exceptions.OSError'>: [Errno 2] No
+ ;; such file or directory
#:test-target "test"
#:configure-flags
(list "--enable-shared" ;allow embedding
@@ -196,13 +208,6 @@
(lambda _
;; 'Lib/test/test_site.py' needs a valid $HOME
(setenv "HOME" (getcwd))
- ,@(if (string-prefix? "mips64el" (%current-system))
-
- ;; XXX: The following test fails on mips64el.
- '((false-if-exception
- (delete-file "Lib/test/test_ctypes.py")))
-
- '())
#t))
(add-after
'unpack 'set-source-file-times-to-1980
@@ -216,37 +221,6 @@
(utime file circa-1980 circa-1980)
#t))
#t)))
- (add-after 'install 'remove-tests
- ;; Remove 25 MiB of unneeded unit tests. Keep test_support.*
- ;; because these files are used by some libraries out there.
- (lambda* (#:key outputs #:allow-other-keys)
- (let ((out (assoc-ref outputs "out")))
- (match (scandir (string-append out "/lib")
- (lambda (name)
- (string-prefix? "python" name)))
- ((pythonX.Y)
- (let ((testdir (string-append out "/lib/" pythonX.Y
- "/test")))
- (with-directory-excursion testdir
- (for-each delete-file-recursively
- (scandir testdir
- (match-lambda
- ((or "." "..") #f)
- (file
- (not
- (string-prefix? "test_support."
- file))))))
- (call-with-output-file "__init__.py" (const #t))
- #t)))))))
- (add-before 'strip 'make-libraries-writable
- (lambda* (#:key outputs #:allow-other-keys)
- ;; Make .so files writable so they can be stripped.
- (let ((out (assoc-ref outputs "out")))
- (for-each (lambda (file)
- (chmod file #o755))
- (find-files (string-append out "/lib")
- "\\.so"))
- #t)))
(add-after 'install 'move-tk-inter
(lambda* (#:key outputs #:allow-other-keys)
;; When Tkinter support is built move it to a separate output so
@@ -379,8 +353,8 @@ data types.")
(lambda (old new)
(symlink (string-append python old)
(string-append bin "/" new)))
- '("python3" "pydoc3" "idle3")
- '("python" "pydoc" "idle"))))))
+ `("python3" ,"pydoc3" ,"idle3")
+ `("python" ,"pydoc" ,"idle"))))))
(synopsis "Wrapper for the Python 3 commands")
(description
"This package provides wrappers for the commands of Python@tie{}3.x such
@@ -3672,14 +3646,14 @@ simple and Pythonic domain language.")
(define-public python-alembic
(package
(name "python-alembic")
- (version "0.8.7")
+ (version "0.8.4")
(source
(origin
(method url-fetch)
(uri (pypi-uri "alembic" version))
(sha256
(base32
- "0ias6fdzwr2s220fnjspkdgm9510bd0cnap0hx5y4zy4srba9f3z"))))
+ "0jk23a852l3ybv7gfz81xzslyrnqnpjds5x15zd234y9rh9gq1w5"))))
(build-system python-build-system)
(native-inputs
`(("python-mock" ,python-mock)
diff --git a/gnu/packages/scheme.scm b/gnu/packages/scheme.scm
index 797cd153d2..e4cd72a7b6 100644
--- a/gnu/packages/scheme.scm
+++ b/gnu/packages/scheme.scm
@@ -1,7 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
-;;; Copyright © 2015, 2016 Federico Beffa <beffa@fbengineering.ch>
+;;; Copyright © 2015 Federico Beffa <beffa@fbengineering.ch>
;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
@@ -23,23 +23,17 @@
(define-module (gnu packages scheme)
#:use-module (gnu packages)
- #:use-module ((guix licenses)
- #:select (gpl2+ lgpl2.0+ lgpl2.1+ asl2.0 bsd-3
- cc-by-sa4.0))
+ #:use-module ((guix licenses) #:hide (openssl))
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix git-download)
#:use-module (guix utils)
#:use-module (guix build-system gnu)
#:use-module (guix build-system trivial)
- #:use-module (gnu packages compression)
#:use-module (gnu packages m4)
#:use-module (gnu packages multiprecision)
- #:use-module (gnu packages ncurses)
#:use-module (gnu packages databases)
#:use-module (gnu packages emacs)
- #:use-module (gnu packages ghostscript)
- #:use-module (gnu packages netpbm)
#:use-module (gnu packages texinfo)
#:use-module (gnu packages tex)
#:use-module (gnu packages base)
@@ -593,160 +587,6 @@ an isolated heap allowing multiple VMs to run simultaneously in different OS
threads.")
(license bsd-3)))
-(define nanopass
- (let ((version "1.9"))
- (origin
- (method url-fetch)
- (uri (string-append
- "https://github.com/nanopass/nanopass-framework-scheme/archive"
- "/v" version ".tar.gz"))
- (sha256 (base32 "11pwyy4jiwhcl2am3a4ciczacjbjkyvdizqzdglb3l1hj2gj6nv2"))
- (file-name (string-append "nanopass-" version ".tar.gz")))))
-
-(define stex
- (let ((version "1.2.1"))
- (origin
- (method url-fetch)
- (uri (string-append
- "https://github.com/dybvig/stex/archive"
- "/v" version ".tar.gz"))
- (sha256 (base32 "03pl3f668h24dn51vccr1sj5lsba9zq3j37bnxjvdadcdaj4qy5z"))
- (file-name (string-append "stex-" version ".tar.gz")))))
-
-(define-public chez-scheme
- (package
- (name "chez-scheme")
- (version "9.4")
- (source
- (origin
- (method url-fetch)
- (uri (string-append "https://github.com/cisco/ChezScheme/archive/"
- "v" version ".tar.gz"))
- (sha256
- (base32 "0lprmpsjg2plc6ykgkz482zyvhkzv6gd0vnar71ph21h6zknyklz"))
- (file-name (string-append "chez-scheme-" version ".tar.gz"))))
- (build-system gnu-build-system)
- (inputs
- `(("ncurses" ,ncurses)
- ("libx11" ,libx11)
- ("xorg-rgb" ,xorg-rgb)
- ("nanopass" ,nanopass)
- ("zlib" ,zlib)
- ("stex" ,stex)))
- (native-inputs
- `(("texlive" ,texlive)
- ("ghostscript" ,ghostscript-gs)
- ("netpbm" ,netpbm)))
- (outputs '("out" "doc"))
- (arguments
- `(#:modules ((guix build gnu-build-system)
- (guix build utils)
- (ice-9 match))
- #:test-target "test"
- #:phases
- (modify-phases %standard-phases
- ;; Adapt the custom 'configure' script.
- (replace 'configure
- (lambda* (#:key inputs outputs #:allow-other-keys)
- (let ((out (assoc-ref outputs "out"))
- (nanopass (assoc-ref inputs "nanopass"))
- (stex (assoc-ref inputs "stex"))
- (zlib (assoc-ref inputs "zlib"))
- (unpack (assoc-ref %standard-phases 'unpack))
- (patch-source-shebangs
- (assoc-ref %standard-phases 'patch-source-shebangs)))
- (map (match-lambda
- ((src orig-name new-name)
- (with-directory-excursion "."
- (apply unpack (list #:source src))
- (apply patch-source-shebangs (list #:source src)))
- (delete-file-recursively new-name)
- (system* "mv" orig-name new-name)))
- `((,nanopass "nanopass-framework-scheme-1.9" "nanopass")
- (,stex "stex-1.2.1" "stex")))
- ;; The Makefile wants to download and compile "zlib". We patch
- ;; it to use the one from our 'zlib' package.
- (substitute* "configure"
- (("rmdir zlib .*$") "echo \"using system zlib\"\n"))
- (substitute* (find-files "./c" "Mf-[a-zA-Z0-9.]+")
- (("\\$\\{Kernel\\}: \\$\\{kernelobj\\} \\.\\./zlib/libz\\.a")
- "${Kernel}: ${kernelobj}")
- (("ld -melf_x86_64 -r -X -o \\$\\{Kernel\\} \\$\\{kernelobj\\} \\.\\./zlib/libz\\.a")
- (string-append "ld -melf_x86_64 -r -X -o ${Kernel} ${kernelobj} "
- zlib "/lib/libz.a"))
- (("\\(cd \\.\\./zlib; CFLAGS=-m64 \\./configure --64)")
- (which "true"))
- (("(cd \\.\\./zlib; make)")
- (which "true")))
- (substitute* (find-files "mats" "Mf-.*")
- (("^[[:space:]]+(cc ) *") "\tgcc "))
- (substitute*
- (find-files "." (string-append
- "("
- "Mf-[a-zA-Z0-9.]+"
- "|Makefile[a-zA-Z0-9.]*"
- "|checkin"
- "|stex\\.stex"
- "|newrelease"
- "|workarea"
- ;;"|[a-zA-Z0-9.]+\\.ms" ; guile can't read
- ")"))
- (("/bin/rm") (which "rm"))
- (("/bin/ln") (which "ln"))
- (("/bin/cp") (which "cp")))
- (substitute* "makefiles/installsh"
- (("/bin/true") (which "true")))
- (substitute* "stex/Makefile"
- (("PREFIX=/usr") (string-append "PREFIX=" out)))
- (zero? (system* "./configure" "--threads"
- (string-append "--installprefix=" out))))))
- ;; Installation of the documentation requires a running "chez".
- (add-after 'install 'install-doc
- (lambda* (#:key inputs outputs #:allow-other-keys)
- (let ((bin (string-append (assoc-ref outputs "out") "/bin"))
- (doc (string-append (assoc-ref outputs "doc")
- "/share/doc/" ,name "-" ,version)))
- (setenv "HOME" (getcwd))
- (setenv "PATH" (string-append (getenv "PATH") ":" bin))
- (with-directory-excursion "stex"
- (system* "make" (string-append "BIN=" bin)))
- (system* "make" "docs")
- (with-directory-excursion "csug"
- (substitute* "Makefile"
- (("/tmp/csug9") doc)
- (("^m = a6le")
- "m := $(shell echo '(machine-type)' | scheme -q)"))
- (system* "make" "install")
- (install-file "csug.pdf" doc))
- (with-directory-excursion "release_notes"
- (install-file "release_notes.pdf" doc))
- #t)))
- ;; The binary file name is called "scheme" as the one from MIT/GNU
- ;; Scheme. We add a symlink to use in case both are installed.
- (add-after 'install 'install-symlink
- (lambda* (#:key outputs #:allow-other-keys)
- (let* ((out (assoc-ref outputs "out"))
- (bin (string-append out "/bin"))
- (lib (string-append out "/lib"))
- (name "chez-scheme"))
- (symlink (string-append bin "/scheme")
- (string-append bin "/" name))
- (map (lambda (file)
- (symlink file (string-append (dirname file)
- "/" name ".boot")))
- (find-files lib "scheme.boot"))
- #t))))))
- ;; According to the documentation MIPS is not supported.
- (supported-systems (delete "mips64el-linux" %supported-systems))
- (home-page "http://www.scheme.com")
- (synopsis "R6RS Scheme compiler and run-time")
- (description
- "Chez Scheme is a compiler and run-time system for the language of the
-Revised^6 Report on Scheme (R6RS), with numerous extensions. The compiler
-generates native code for each target processor, with support for x86, x86_64,
-and 32-bit PowerPC architectures.")
- (license asl2.0)))
-
(define-public scmutils
(let ()
(define (system-suffix)
diff --git a/gnu/packages/skribilo.scm b/gnu/packages/skribilo.scm
index 40bf659297..52ed1c34e3 100644
--- a/gnu/packages/skribilo.scm
+++ b/gnu/packages/skribilo.scm
@@ -63,8 +63,7 @@
#:parallel-build? #f))
- (native-inputs `(("pkg-config" ,pkg-config)
- ("ghostscript-gs" , ghostscript-gs)))
+ (native-inputs `(("pkg-config" ,pkg-config)))
(inputs `(("guile" ,guile-2.0)
("imagemagick" ,imagemagick)
diff --git a/gnu/packages/swig.scm b/gnu/packages/swig.scm
index a615796745..096cfd5f88 100644
--- a/gnu/packages/swig.scm
+++ b/gnu/packages/swig.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;;
;;; This file is part of GNU Guix.
@@ -41,9 +41,10 @@
(base32
"0g1a69vrqxgsnr1wkx851ljn73a2x3jqzxa66s2l3w0kyblbjk4z"))))
(build-system gnu-build-system)
- (native-inputs `(("boost" ,boost)
- ("pcre" ,pcre "bin"))) ;for 'pcre-config'
- (inputs `(;; Provide these to run the corresponding tests.
+ (native-inputs `(("boost" ,boost)))
+ (inputs `(("pcre" ,pcre)
+
+ ;; Provide these to run the corresponding tests.
("guile" ,guile-2.0)
("perl" ,perl)))
;; FIXME: reactivate input python as soon as the test failures
diff --git a/gnu/packages/tex.scm b/gnu/packages/tex.scm
index 9dde8a9eab..4350fefa2e 100644
--- a/gnu/packages/tex.scm
+++ b/gnu/packages/tex.scm
@@ -4,7 +4,6 @@
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016 Federico Beffa <beffa@fbengineering.ch>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -187,11 +186,6 @@ This package contains the binaries.")
`(#:modules ((guix build gnu-build-system)
(guix build utils)
(srfi srfi-26))
-
- ;; This package takes 4 GiB, which we can't afford to distribute from
- ;; our servers.
- #:substitutable? #f
-
#:phases
(modify-phases (map (cut assq <> %standard-phases)
'(set-paths unpack patch-source-shebangs))
@@ -212,10 +206,7 @@ This package contains the binaries.")
;; Register SHARE as TEXMFROOT in texmf.cnf.
(substitute* texmfcnf
(("TEXMFROOT = \\$SELFAUTOPARENT")
- (string-append "TEXMFROOT = " share))
- (("TEXMFLOCAL = \\$SELFAUTOGRANDPARENT/texmf-local")
- "TEXMFLOCAL = $SELFAUTODIR/share/texmf-local")
- (("!!\\$TEXMFLOCAL") "$TEXMFLOCAL"))
+ (string-append "TEXMFROOT = " share)))
;; Register paths in texmfcnf.lua, needed for context.
(substitute* (string-append texmfroot "/texmfcnf.lua")
(("selfautodir:") out)
@@ -251,10 +242,6 @@ This package contains the complete tree of texmf-dist data.")
(inputs `(("bash" ,bash) ; for wrap-program
("texlive-bin" ,texlive-bin)
("texlive-texmf" ,texlive-texmf)))
- (native-search-paths
- (list (search-path-specification
- (variable "TEXMFLOCAL")
- (files '("share/texmf-local")))))
(arguments
`(#:modules ((guix build utils))
#:builder
@@ -306,8 +293,7 @@ This package contains the complete TeX Live distribution.")
;; texlive-texmf-minimal is a pruned, small version of the texlive tree,
-;; in particular dropping documentation and fonts. It weighs in at 470 MiB
-;; instead of 4 GiB.
+;; in particular dropping documentation and fonts.
(define texlive-texmf-minimal
(package (inherit texlive-texmf)
(name "texlive-texmf-minimal")
@@ -367,10 +353,6 @@ This package contains a small subset of the texmf-dist data.")))
(inputs
`(("texlive-texmf" ,texlive-texmf-minimal)
,@(alist-delete "texlive-texmf" (package-inputs texlive))))
- (native-search-paths
- (list (search-path-specification
- (variable "TEXMFLOCAL")
- (files '("share/texmf-local")))))
(description
"TeX Live provides a comprehensive TeX document production system.
It includes all the major TeX-related programs, macro packages, and fonts
diff --git a/gnu/packages/texinfo.scm b/gnu/packages/texinfo.scm
index d645ef4bc1..4921b10124 100644
--- a/gnu/packages/texinfo.scm
+++ b/gnu/packages/texinfo.scm
@@ -32,14 +32,14 @@
(define-public texinfo
(package
(name "texinfo")
- (version "6.1")
+ (version "6.0")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/texinfo/texinfo-"
version ".tar.xz"))
(sha256
(base32
- "1ll3d0l8izygdxqz96wfr2631kxahifwdknpgsx2090vw963js5c"))))
+ "1r3i6jyynn6ab45fxw5bms8mflk9ry4qpj6gqyry72vfd5c47fhi"))))
(build-system gnu-build-system)
(native-inputs `(("procps" ,procps))) ;one of the tests needs pgrep
(inputs `(("ncurses" ,ncurses)
@@ -62,6 +62,18 @@ their source and the command-line Info reader. The emphasis of the language
is on expressing the content semantically, avoiding physical markup commands.")
(license gpl3+)))
+(define-public texinfo-6.1
+ (package
+ (inherit texinfo)
+ (version "6.1")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://gnu/texinfo/texinfo-"
+ version ".tar.xz"))
+ (sha256
+ (base32
+ "1ll3d0l8izygdxqz96wfr2631kxahifwdknpgsx2090vw963js5c"))))))
+
(define-public texinfo-5
(package (inherit texinfo)
(version "5.2")
@@ -93,10 +105,10 @@ is on expressing the content semantically, avoiding physical markup commands.")
;; The idea of this package is to have the standalone Info reader without
;; the dependency on Perl that 'makeinfo' drags.
(package
- (inherit texinfo)
+ (inherit texinfo-6.1)
(name "info-reader")
(arguments
- `(#:disallowed-references ,(assoc-ref (package-inputs texinfo)
+ `(#:disallowed-references ,(assoc-ref (package-inputs texinfo-6.1)
"perl")
#:modules ((ice-9 ftw) (srfi srfi-1)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 92564ba24d..73c1e42db1 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -36,7 +36,6 @@
#:use-module (gnu packages guile)
#:use-module (gnu packages libffi)
#:use-module (gnu packages libidn)
- #:use-module (gnu packages linux)
#:use-module (gnu packages ncurses)
#:use-module (gnu packages nettle)
#:use-module (gnu packages perl)
@@ -48,7 +47,7 @@
(define-public libtasn1
(package
(name "libtasn1")
- (version "4.8")
+ (version "4.7")
(source
(origin
(method url-fetch)
@@ -56,7 +55,7 @@
version ".tar.gz"))
(sha256
(base32
- "04y5m29pqmvkfdbppmsdifyx89v8xclxzklpfc7a1fkr9p4jz07s"))))
+ "1j8iixynchziw1y39lnibyl5h81m4p78w3i4f28q2vgwjgf801x4"))))
(build-system gnu-build-system)
(native-inputs `(("perl" ,perl)))
(home-page "http://www.gnu.org/software/libtasn1/")
@@ -66,8 +65,22 @@
for transmitting machine-neutral encodings of data objects in computer
networking, allowing for formal validation of data according to some
specifications.")
+ (replacement libtasn1/fixed)
(license license:lgpl2.0+)))
+(define libtasn1/fixed ;for CVE-2016-4008
+ (package
+ (inherit libtasn1)
+ (source
+ (let ((version "4.8"))
+ (origin
+ (method url-fetch)
+ (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
+ version ".tar.gz"))
+ (sha256
+ (base32
+ "04y5m29pqmvkfdbppmsdifyx89v8xclxzklpfc7a1fkr9p4jz07s")))))))
+
(define-public p11-kit
(package
(name "p11-kit")
@@ -109,7 +122,7 @@ living in the same process.")
(define-public gnutls
(package
(name "gnutls")
- (version "3.5.2")
+ (version "3.4.7")
(source (origin
(method url-fetch)
(uri
@@ -120,7 +133,7 @@ living in the same process.")
"/gnutls-" version ".tar.xz"))
(sha256
(base32
- "10l5pv7qc5c850aamih3pdkbqpc4v2a6g164dzd7c7fjpxffji9b"))))
+ "0nifi3mr5jhz608pidkp8cjs4vwfj1m2qczsjrgpnp99615rxgn1"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags
@@ -159,8 +172,7 @@ living in the same process.")
"debug"
"doc")) ;4.1 MiB of man pages
(native-inputs
- `(("net-tools" ,net-tools)
- ("pkg-config" ,pkg-config)
+ `(("pkg-config" ,pkg-config)
("which" ,which)))
(inputs
`(("guile" ,guile-2.0)
@@ -171,7 +183,7 @@ living in the same process.")
("libidn" ,libidn)
("nettle" ,nettle)
("zlib" ,zlib)))
- (home-page "https://www.gnu.org/software/gnutls/")
+ (home-page "http://www.gnu.org/software/gnutls/")
(synopsis "Transport layer security library")
(description
"GnuTLS is a secure communications library implementing the SSL, TLS
@@ -185,7 +197,8 @@ required structures.")
(define-public openssl
(package
(name "openssl")
- (version "1.0.2h")
+ (version "1.0.2g")
+ (replacement openssl/fixed)
(source (origin
(method url-fetch)
(uri (list (string-append "ftp://ftp.openssl.org/source/"
@@ -195,25 +208,15 @@ required structures.")
"/" name "-" version ".tar.gz")))
(sha256
(base32
- "06996ds1rk8xhnyb5y273a7xkcxhggp4bq1g02rab55d7bjhfh0x"))
+ "0cxajjayi859czi545ddafi24m9nwsnjsw4q82zrmqvwj2rv315p"))
(patches (search-patches "openssl-runpath.patch"
- "openssl-c-rehash-in.patch"
- "openssl-CVE-2016-2177.patch"
- "openssl-CVE-2016-2178.patch"))))
+ "openssl-c-rehash-in.patch"))))
(build-system gnu-build-system)
- (outputs '("out"
- "doc" ;1.5MiB of man3 pages
- "static")) ;6MiB of .a files
(native-inputs `(("perl" ,perl)))
(arguments
- `(#:disallowed-references (,perl)
- #:parallel-build? #f
+ `(#:parallel-build? #f
#:parallel-tests? #f
#:test-target "test"
-
- ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
- ;; so we explicitly disallow it here.
- #:disallowed-references ,(list (canonical-package perl))
#:phases
(modify-phases %standard-phases
(add-before
@@ -260,33 +263,6 @@ required structures.")
(find-files (string-append out "/lib")
"\\.so"))
#t)))
- (add-after 'install 'move-static-libraries
- (lambda* (#:key outputs #:allow-other-keys)
- ;; Move static libraries to the "static" output.
- (let* ((out (assoc-ref outputs "out"))
- (lib (string-append out "/lib"))
- (static (assoc-ref outputs "static"))
- (slib (string-append static "/lib")))
- (mkdir-p slib)
- (for-each (lambda (file)
- (install-file file slib)
- (delete-file file))
- (find-files lib "\\.a$"))
- #t)))
- (add-after 'install 'move-man3-pages
- (lambda* (#:key outputs #:allow-other-keys)
- ;; Move section 3 man pages to "doc".
- (let* ((out (assoc-ref outputs "out"))
- (man3 (string-append out "/share/man/man3"))
- (doc (assoc-ref outputs "doc"))
- (target (string-append doc "/share/man/man3")))
- (mkdir-p target)
- (for-each (lambda (file)
- (rename-file file
- (string-append target "/"
- (basename file))))
- (find-files man3))
- #t)))
(add-before
'patch-source-shebangs 'patch-tests
(lambda* (#:key inputs native-inputs #:allow-other-keys)
@@ -323,6 +299,27 @@ required structures.")
(license license:openssl)
(home-page "http://www.openssl.org/")))
+(define openssl/fixed
+ (package
+ (inherit openssl)
+ (source
+ (let ((name "openssl")
+ (version "1.0.2h"))
+ (origin
+ (method url-fetch)
+ (uri (list (string-append "ftp://ftp.openssl.org/source/"
+ name "-" version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/old/"
+ (string-trim-right version char-set:letter)
+ "/" name "-" version ".tar.gz")))
+ (sha256
+ (base32
+ "06996ds1rk8xhnyb5y273a7xkcxhggp4bq1g02rab55d7bjhfh0x"))
+ (patches (search-patches "openssl-runpath.patch"
+ "openssl-c-rehash-in.patch"
+ "openssl-CVE-2016-2177.patch"
+ "openssl-CVE-2016-2178.patch")))))))
+
(define-public libressl
(package
(name "libressl")
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 767715d1b1..dfd13cf581 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -174,12 +174,7 @@ as well as the classic centralized workflow.")
(("/bin/sh") (which "sh"))
(("/usr/bin/perl") (which "perl"))
(("/usr/bin/python") (which "python")))))
- (add-after 'configure 'add-PM.stamp
- (lambda _
- ;; Add the "PM.stamp" to avoid "no rule to make target".
- (call-with-output-file "perl/PM.stamp" (const #t))
- #t))
- (add-after 'install 'install-shell-completion
+ (add-after 'install 'install-shell-completion
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
(completions (string-append out "/etc/bash_completion.d")))
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index e3da8f1b46..7089c99665 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -330,7 +330,7 @@ SMPTE 314M.")
(define-public libva
(package
(name "libva")
- (version "1.7.0")
+ (version "1.6.1")
(source
(origin
(method url-fetch)
@@ -338,7 +338,7 @@ SMPTE 314M.")
"https://www.freedesktop.org/software/vaapi/releases/libva/libva-"
version".tar.bz2"))
(sha256
- (base32 "0py9igf4kicj7ji22bjawkpd6my013qpg0s4ir2np9l1rk5vr2d6"))))
+ (base32 "0bjfb5s8dk3lql843l91ffxzlq47isqks5sj19cxh7j3nhzw58kz"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)))
@@ -369,7 +369,7 @@ SMPTE 314M.")
#:make-flags
(list (string-append "dummy_drv_video_ladir="
(assoc-ref %outputs "out") "/lib/dri"))))
- (home-page "https://www.freedesktop.org/wiki/Software/vaapi/")
+ (home-page "http://www.freedesktop.org/wiki/Software/vaapi/")
(synopsis "Video acceleration library")
(description "The main motivation for VA-API (Video Acceleration API) is
to enable hardware accelerated video decode/encode at various
@@ -625,12 +625,6 @@ audio/video codec library.")
(arguments
`(#:configure-flags
`("--disable-a52" ; FIXME: reenable once available
-
- ;; Gross workaround for <https://trac.videolan.org/vlc/ticket/16907>.
- ;; In our case, this led to a test failure:
- ;; test_libvlc_equalizer: libvlc/equalizer.c:122: test_equalizer: Assertion `isnan(libvlc_audio_equalizer_get_amp_at_index (equalizer, u_bands))' failed.
- "ac_cv_c_fast_math=no"
-
,(string-append "LDFLAGS=-Wl,-rpath -Wl,"
(assoc-ref %build-inputs "ffmpeg")
"/lib")) ;needed for the tests
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index fa791ffbe1..c17bcc8f47 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -85,10 +85,10 @@
(base32
"0n2yx3gjlpr4kgqx845fj6amnmg25r2l6a7rzab5hxnpmar985hc"))))
(build-system gnu-build-system)
- (native-inputs `(("pcre" ,pcre "bin"))) ;for 'pcre-config'
(inputs `(("apr" ,apr)
("apr-util" ,apr-util)
("openssl" ,openssl)
+ ("pcre" ,pcre)
("perl" ,perl))) ; needed to run bin/apxs
(arguments
`(#:test-target "test"
diff --git a/gnu/packages/wine.scm b/gnu/packages/wine.scm
index 03a896b8e1..54cb65503c 100644
--- a/gnu/packages/wine.scm
+++ b/gnu/packages/wine.scm
@@ -52,7 +52,7 @@
(define-public wine
(package
(name "wine")
- (version "1.9.15")
+ (version "1.9.4")
(source (origin
(method url-fetch)
(uri (string-append "https://dl.winehq.org/wine/source/"
@@ -60,7 +60,7 @@
"/wine-" version ".tar.bz2"))
(sha256
(base32
- "1nmd65knzyh8b0yhxlqqvzai5rpnmhhm0c46n789zr5hj74jm6fg"))))
+ "1f5v1gns0xs512a6ym785cn29j8dxdbnxnvkg8v0p1w0p6vfmhbm"))))
(build-system gnu-build-system)
(native-inputs `(("pkg-config" ,pkg-config)
("gettext" ,gnu-gettext)
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index 226e5c1ca1..485bbc491a 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -264,7 +264,7 @@ rasterisation.")
(define-public libdrm
(package
(name "libdrm")
- (version "2.4.67")
+ (version "2.4.65")
(source
(origin
(method url-fetch)
@@ -274,7 +274,7 @@ rasterisation.")
".tar.bz2"))
(sha256
(base32
- "1gnf206zs8dwszvkv4z2hbvh23045z0q29kms127bqrv27hp2nzf"))
+ "1i4n7mz49l0j4kr0dg9n1j3hlc786ncqgj0v5fci1mz7pp40m5ki"))
(patches (search-patches "libdrm-symbol-check.patch"))))
(build-system gnu-build-system)
(inputs
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index e97a0b01ea..af597b801a 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -7,7 +7,6 @@
;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2015 Raimon Grau <raimonster@gmail.com>
-;;; Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
;;;
;;; This file is part of GNU Guix.
@@ -47,17 +46,16 @@
(define-public expat
(package
(name "expat")
- (version "2.1.1")
+ (replacement expat/fixed)
+ (version "2.1.0")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/expat/expat/"
- version "/expat-" version ".tar.bz2"))
- (patches (search-patches "expat-CVE-2012-6702-and-CVE-2016-5300.patch"
- "expat-CVE-2015-1283-refix.patch"
- "expat-CVE-2016-0718.patch"))
+ version "/expat-" version ".tar.gz"))
(sha256
(base32
- "0ryyjgvy7jq0qb7a9mhc1giy3bzn56aiwrs8dpydqngplbjq9xdg"))))
+ "11pblz61zyxh68s5pdcbhc30ha1b2vfjd83aiwfg4vc15x3hadw2"))
+ (patches (search-patches "expat-CVE-2015-1283.patch"))))
(build-system gnu-build-system)
(home-page "http://www.libexpat.org/")
(synopsis "Stream-oriented XML parser library written in C")
@@ -67,17 +65,28 @@ stream-oriented parser in which an application registers handlers for
things the parser might find in the XML document (like start tags).")
(license license:expat)))
+(define expat/fixed
+ (package
+ (inherit expat)
+ (source (origin
+ (inherit (package-source expat))
+ (patches (search-patches "expat-CVE-2012-6702-and-CVE-2016-5300.patch"
+ "expat-CVE-2015-1283.patch"
+ "expat-CVE-2015-1283-refix.patch"
+ "expat-CVE-2016-0718.patch"))))))
+
(define-public libxml2
(package
(name "libxml2")
- (version "2.9.4")
+ (version "2.9.3")
+ (replacement libxml2/fixed) ;multiple CVEs
(source (origin
(method url-fetch)
(uri (string-append "ftp://xmlsoft.org/libxml2/libxml2-"
version ".tar.gz"))
(sha256
(base32
- "0g336cr0bw6dax1q48bblphmchgihx9p1pjmxdnrd6sh3qci3fgz"))))
+ "0bd17g6znn2r98gzpjppsqjg33iraky4px923j3k8kdl8qgy7sad"))))
(build-system gnu-build-system)
(home-page "http://www.xmlsoft.org/")
(synopsis "C parser for XML")
@@ -97,6 +106,20 @@ things the parser might find in the XML document (like start tags).")
project (but it is usable outside of the Gnome platform).")
(license license:x11)))
+(define libxml2/fixed
+ (package
+ (inherit libxml2)
+ (source
+ (let ((name "libxml2")
+ (version "2.9.4"))
+ (origin
+ (method url-fetch)
+ (uri (string-append "ftp://xmlsoft.org/libxml2/libxml2-"
+ version ".tar.gz"))
+ (sha256
+ (base32
+ "0g336cr0bw6dax1q48bblphmchgihx9p1pjmxdnrd6sh3qci3fgz")))))))
+
(define-public python-libxml2
(package (inherit libxml2)
(name "python-libxml2")
@@ -130,15 +153,16 @@ project (but it is usable outside of the Gnome platform).")
(define-public libxslt
(package
(name "libxslt")
- (version "1.1.29")
+ (version "1.1.28")
+ (replacement libxslt/fixed) ; CVE-2016-1683 and CVE-2016-1684
(source (origin
(method url-fetch)
(uri (string-append "ftp://xmlsoft.org/libxslt/libxslt-"
version ".tar.gz"))
(sha256
(base32
- "1klh81xbm9ppzgqk339097i39b7fnpmlj8lzn8bpczl3aww6x5xm"))
- (patches (search-patches "libxslt-generated-ids.patch"))))
+ "13029baw9kkyjgr7q3jccw2mz38amq7mmpr5p3bh775qawd1bisz"))
+ (patches (search-patches "libxslt-CVE-2015-7995.patch"))))
(build-system gnu-build-system)
(home-page "http://xmlsoft.org/XSLT/index.html")
(synopsis "C library for applying XSLT stylesheets to XML documents")
@@ -151,6 +175,19 @@ project (but it is usable outside of the Gnome platform).")
based on libxml for XML parsing, tree manipulation and XPath support.")
(license license:x11)))
+(define-public libxslt/fixed
+ (package
+ (inherit libxslt)
+ (source
+ (let ((version "1.1.29"))
+ (origin
+ (method url-fetch)
+ (uri (string-append "ftp://xmlsoft.org/libxslt/libxslt-"
+ version ".tar.gz"))
+ (sha256
+ (base32
+ "1klh81xbm9ppzgqk339097i39b7fnpmlj8lzn8bpczl3aww6x5xm")))))))
+
(define-public perl-xml-parser
(package
(name "perl-xml-parser")
@@ -207,7 +244,7 @@ module.")
(define-public perl-xml-libxml
(package
(name "perl-xml-libxml")
- (version "2.0128")
+ (version "2.0125")
(source
(origin
(method url-fetch)
@@ -215,7 +252,7 @@ module.")
"XML-LibXML-" version ".tar.gz"))
(sha256
(base32
- "0awgd2gjzy7kn38bqblsigikzl81xsi561phkz9f9b9v3x2vmrr6"))))
+ "1mvbv1pwpdqni9ia9b6brg8brnnvfxr8j5x872qsngc92gipyh01"))))
(build-system perl-build-system)
(propagated-inputs
`(("perl-xml-namespacesupport" ,perl-xml-namespacesupport)
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 0b91f2d203..b0a6fd61a1 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -4404,30 +4404,7 @@ Various information is displayed depending on which options are selected.")
formatted dump file, such as produced by xwd.")
(license license:x11)))
-(define-public xorg-rgb
- (package
- (name "xorg-rgb")
- (version "1.0.6")
- (source
- (origin
- (method url-fetch)
- (uri (string-append
- "mirror://xorg/individual/app/rgb-"
- version
- ".tar.bz2"))
- (sha256
- (base32
- "1c76zcjs39ljil6f6jpx1x17c8fnvwazz7zvl3vbjfcrlmm7rjmv"))))
- (build-system gnu-build-system)
- (inputs
- `(("xproto" ,xproto)))
- (native-inputs
- `(("pkg-config" ,pkg-config)))
- (home-page "http://www.x.org/wiki/")
- (synopsis "X color name database")
- (description
- "This package provides the X color name database.")
- (license license:x11)))
+
;; packages of height 1 in the propagated-inputs tree
diff --git a/gnu/packages/zsh.scm b/gnu/packages/zsh.scm
index 64dd635755..fba7bb19b8 100644
--- a/gnu/packages/zsh.scm
+++ b/gnu/packages/zsh.scm
@@ -29,7 +29,7 @@
(define-public zsh
(package
(name "zsh")
- (version "5.2")
+ (version "5.1.1")
(source (origin
(method url-fetch)
(uri (list (string-append
@@ -40,7 +40,7 @@
".tar.gz")))
(sha256
(base32
- "0dsr450v8nydvpk8ry276fvbznlrjgddgp7zvhcw4cv69i9lr4ps"))))
+ "11shllzhq53fg8ngy3bgbmpf09fn2czifg7hsb41nxi3410mpvcl"))))
(build-system gnu-build-system)
(arguments `(#:configure-flags '("--with-tcsetpgrp" "--enable-pcre")
#:phases (alist-cons-before
diff --git a/gnu/system/install.scm b/gnu/system/install.scm
index 5acfa2c65b..734a361c37 100644
--- a/gnu/system/install.scm
+++ b/gnu/system/install.scm
@@ -35,7 +35,6 @@
#:use-module (gnu packages grub)
#:use-module (gnu packages texinfo)
#:use-module (gnu packages compression)
- #:use-module (gnu packages nvi)
#:use-module (ice-9 match)
#:use-module (srfi srfi-26)
#:export (self-contained-tarball
@@ -402,7 +401,6 @@ Use Alt-F2 for documentation.
;; space; furthermore util-linux's fdisk is already
;; available here, so we keep that.
bash-completion
- nvi ;:wq!
%base-packages))))
;; Return it here so 'guix system' can consume it directly.
diff --git a/gnu/system/shadow.scm b/gnu/system/shadow.scm
index c3948900eb..593117ef36 100644
--- a/gnu/system/shadow.scm
+++ b/gnu/system/shadow.scm
@@ -133,6 +133,12 @@
(define (default-skeletons)
"Return the default skeleton files for /etc/skel. These files are copied by
'useradd' in the home directory of newly created user accounts."
+ (define fonts.conf-content
+ ;; SXML for ~/.config/fontconfig/fonts.conf. This works around the fact
+ ;; that Fontconfig currently does not such this directory by default,
+ ;; thereby ignoring fonts installed system-wide (FIXME).
+ `(fontconfig (dir "/run/current-system/profile/share/fonts")))
+
(define copy-guile-wm
(with-imported-modules '((guix build utils))
#~(begin
@@ -176,6 +182,22 @@ source /etc/profile\n"))
(xdefaults (plain-file "Xdefaults" "\
XTerm*utf8: always
XTerm*metaSendsEscape: true\n"))
+ (fonts.conf (computed-file
+ "fonts.conf"
+ (with-imported-modules '((guix build utils))
+ #~(begin
+ (use-modules (guix build utils)
+ (sxml simple))
+
+ (define dir
+ (string-append #$output
+ "/fontconfig"))
+
+ (mkdir-p dir)
+ (call-with-output-file (string-append dir
+ "/fonts.conf")
+ (lambda (port)
+ (sxml->xml '#$fonts.conf-content port)))))))
(gdbinit (plain-file "gdbinit" "\
# Tell GDB where to look for separate debugging files.
set debug-file-directory ~/.guix-profile/lib/debug\n")))
@@ -184,6 +206,7 @@ set debug-file-directory ~/.guix-profile/lib/debug\n")))
(".zlogin" ,zlogin)
(".Xdefaults" ,xdefaults)
(".guile-wm" ,guile-wm)
+ (".config" ,fonts.conf)
(".gdbinit" ,gdbinit))))
(define (skeleton-directory skeletons)
diff --git a/guix/build/download.scm b/guix/build/download.scm
index 4259f52b7a..307258be92 100644
--- a/guix/build/download.scm
+++ b/guix/build/download.scm
@@ -737,8 +737,7 @@ or #f."
(append-map (lambda (make-url)
(filter-map (match-lambda
((hash-algo . hash)
- (let ((file (strip-store-file-name file)))
- (string->uri (make-url file hash-algo hash)))))
+ (string->uri (make-url file hash-algo hash))))
hashes))
content-addressed-mirrors))
diff --git a/guix/build/gnu-build-system.scm b/guix/build/gnu-build-system.scm
index 34edff7f40..2abaa6efdc 100644
--- a/guix/build/gnu-build-system.scm
+++ b/guix/build/gnu-build-system.scm
@@ -303,7 +303,7 @@ makefiles."
(define (list-of-files dir)
(map (cut string-append dir "/" <>)
(or (scandir dir (lambda (f)
- (let ((s (lstat (string-append dir "/" f))))
+ (let ((s (stat (string-append dir "/" f))))
(eq? 'regular (stat:type s)))))
'())))
diff --git a/guix/download.scm b/guix/download.scm
index f1422bebc0..8484c31189 100644
--- a/guix/download.scm
+++ b/guix/download.scm
@@ -282,15 +282,8 @@
;; List of content-addressed mirrors. Each mirror is represented as a
;; procedure that takes a file name, an algorithm (symbol) and a hash
;; (bytevector), and returns a URL or #f.
- ;; Note: Avoid 'https' to mitigate <http://bugs.gnu.org/22774>.
;; TODO: Add more.
'(list (lambda (file algo hash)
- ;; Files served by 'guix publish' are accessible under a single
- ;; hash algorithm.
- (string-append "http://mirror.hydra.gnu.org/file/"
- file "/" (symbol->string algo) "/"
- (bytevector->nix-base32-string hash)))
- (lambda (file algo hash)
;; 'tarballs.nixos.org' supports several algorithms.
(string-append "http://tarballs.nixos.org/"
(symbol->string algo) "/"
diff --git a/m4/guix.m4 b/m4/guix.m4
index 949ae4ca7c..a4f83f029a 100644
--- a/m4/guix.m4
+++ b/m4/guix.m4
@@ -280,6 +280,19 @@ AC_DEFUN([GUIX_ASSERT_CXX11], [
fi
])
+dnl GUIX_CHECK_LIBC_MOUNT
+dnl
+dnl Check whether libc provides 'mount'. On GNU/Hurd it doesn't (yet).
+AC_DEFUN([GUIX_CHECK_LIBC_MOUNT], [
+ AC_CACHE_CHECK([whether libc provides 'mount'], [guix_cv_libc_has_mount],
+ [GUILE_CHECK([retval], [(dynamic-func \"mount\" (dynamic-link))])
+ if test "$retval" = 0; then
+ guix_cv_libc_has_mount="yes"
+ else
+ guix_cv_libc_has_mount="no"
+ fi])
+])
+
dnl GUIX_LIBGCRYPT_LIBDIR VAR
dnl
dnl Attempt to determine libgcrypt's LIBDIR; store the result in VAR.
diff --git a/tests/guix-environment-container.sh b/tests/guix-environment-container.sh
index 12da950eba..5ea6c49263 100644
--- a/tests/guix-environment-container.sh
+++ b/tests/guix-environment-container.sh
@@ -65,15 +65,10 @@ mount_test_code="
(match (string-split line #\space)
;; Empty line.
((\"\") #f)
- ;; Ignore the root file system.
- ((_ \"/\" _ _ _ _)
+ ;; Ignore these types of file systems.
+ ((_ _ (or \"tmpfs\" \"proc\" \"sysfs\" \"devtmpfs\"
+ \"devpts\" \"cgroup\" \"mqueue\") _ _ _)
#f)
- ;; Ignore these types of file systems, except if they
- ;; correspond to a parent file system.
- ((_ mount (or \"tmpfs\" \"proc\" \"sysfs\" \"devtmpfs\"
- \"devpts\" \"cgroup\" \"mqueue\") _ _ _)
- (and (string-prefix? mount (getcwd))
- mount))
((_ mount _ _ _ _)
mount)))
(string-split (call-with-input-file \"/proc/mounts\" read-string)