diff options
author | Leo Famulari <leo@famulari.name> | 2016-10-05 19:15:25 -0400 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2016-10-05 19:15:25 -0400 |
commit | b19c7989b770f47011cd531a13c89002374dc3e0 (patch) | |
tree | ca0dccd3a677d4ac5237de87c9f78c31dbdaf148 | |
parent | 6524c1cfcf6088c5574e6ff21f540dfb22f944bf (diff) | |
parent | 145947608905d36f31227e87bebd7ed3a922e910 (diff) | |
download | guix-b19c7989b770f47011cd531a13c89002374dc3e0.tar guix-b19c7989b770f47011cd531a13c89002374dc3e0.tar.gz |
Merge branch 'master' into core-updates
52 files changed, 2510 insertions, 402 deletions
diff --git a/.dir-locals.el b/.dir-locals.el index 572a35f828..adcc50c560 100644 --- a/.dir-locals.el +++ b/.dir-locals.el @@ -3,6 +3,7 @@ ((nil . ((fill-column . 78) (tab-width . 8) + (sentence-end-double-space . t) ;; For use with 'bug-reference-prog-mode'. (bug-reference-url-format . "http://bugs.gnu.org/%s") @@ -30,9 +30,10 @@ Ludovic Courtès <ludo@gnu.org> <ludovic.courtes@inria.fr> Mathieu Lirzin <mthl@gnu.org> <mthl@openmailbox.org> Mathieu Lirzin <mthl@gnu.org> <mathieu.lirzin@openmailbox.org> Nikita Karetnikov <nikita@karetnikov.org> <nikita.karetnikov@gmail.com> -ng0 <ng0@we.make.ritual.n0.is> <niasterisk@grrlz.net> -ng0 <ng0@we.make.ritual.n0.is> <ng@niasterisk.space> -ng0 <ng0@we.make.ritual.n0.is> <ng0@libertad.pw> +ng0 <ngillmann@runbox.com> <ng0@we.make.ritual.n0.is> +ng0 <ngillmann@runbox.com> <niasterisk@grrlz.net> +ng0 <ngillmann@runbox.com> <ng@niasterisk.space> +ng0 <ngillmann@runbox.com> <ng0@libertad.pw> Pjotr Prins <pjotr.public01@thebird.nl> Pjotr Prins <pjotr.public01@thebird.nl> <pjotr.public12@thebird.nl> Raimon Grau <raimonster@gmail.com> <raimon@3scale.net> diff --git a/Makefile.am b/Makefile.am index 43a33c80ad..1690a94de4 100644 --- a/Makefile.am +++ b/Makefile.am @@ -173,8 +173,8 @@ dist_noinst_DATA = guix/tests.scm # Linux-Libre configurations. KCONFIGS = \ - gnu/packages/linux-libre-4.7-i686.conf \ - gnu/packages/linux-libre-4.7-x86_64.conf \ + gnu/packages/linux-libre-4.8-i686.conf \ + gnu/packages/linux-libre-4.8-x86_64.conf \ gnu/packages/linux-libre-4.4-i686.conf \ gnu/packages/linux-libre-4.4-x86_64.conf \ gnu/packages/linux-libre-4.1-i686.conf \ diff --git a/doc/guix.texi b/doc/guix.texi index 73570277f6..9bd8b43582 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -11782,10 +11782,10 @@ minute for an ``average'' package on a recent machine. Grafting is recursive: when an indirect dependency requires grafting, then grafting ``propagates'' up to the package that the user is installing. -Currently, the graft and the package it replaces (@var{bash-fixed} and -@var{bash} in the example above) must have the exact same @code{name} -and @code{version} fields. This restriction mostly comes from the fact -that grafting works by patching files, including binary files, directly. +Currently, the length of the name and version of the graft and that of +the package it replaces (@var{bash-fixed} and @var{bash} in the example +above) must be equal. This restriction mostly comes from the fact that +grafting works by patching files, including binary files, directly. Other restrictions may apply: for instance, when adding a graft to a package providing a shared library, the original shared library and its replacement must have the same @code{SONAME} and be binary-compatible. diff --git a/gnu/local.mk b/gnu/local.mk index d74081b673..db3762278c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -478,7 +478,6 @@ dist_patch_DATA = \ %D%/packages/patches/clang-3.8-libc-search-path.patch \ %D%/packages/patches/clucene-pkgconfig.patch \ %D%/packages/patches/cmake-fix-tests.patch \ - %D%/packages/patches/cpio-gets-undeclared.patch \ %D%/packages/patches/cpio-CVE-2016-2037.patch \ %D%/packages/patches/cpufrequtils-fix-aclocal.patch \ %D%/packages/patches/cracklib-CVE-2016-6318.patch \ @@ -556,6 +555,7 @@ dist_patch_DATA = \ %D%/packages/patches/grub-CVE-2015-8370.patch \ %D%/packages/patches/grub-gets-undeclared.patch \ %D%/packages/patches/grub-freetype.patch \ + %D%/packages/patches/gsl-test-i686.patch \ %D%/packages/patches/guile-1.8-cpp-4.5.patch \ %D%/packages/patches/guile-arm-fixes.patch \ %D%/packages/patches/guile-default-utf8.patch \ @@ -668,6 +668,16 @@ dist_patch_DATA = \ %D%/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch \ %D%/packages/patches/libwmf-CVE-2015-4695.patch \ %D%/packages/patches/libwmf-CVE-2015-4696.patch \ + %D%/packages/patches/libx11-CVE-2016-7942.patch \ + %D%/packages/patches/libx11-CVE-2016-7943.patch \ + %D%/packages/patches/libxfixes-CVE-2016-7944.patch \ + %D%/packages/patches/libxi-CVE-2016-7945-CVE-2016-7946.patch \ + %D%/packages/patches/libxrandr-CVE-2016-7947-CVE-2016-7948.patch \ + %D%/packages/patches/libxrender-CVE-2016-7949.patch \ + %D%/packages/patches/libxrender-CVE-2016-7950.patch \ + %D%/packages/patches/libxtst-CVE-2016-7951-CVE-2016-7952.patch \ + %D%/packages/patches/libxv-CVE-2016-5407.patch \ + %D%/packages/patches/libxvmc-CVE-2016-7953.patch \ %D%/packages/patches/libxslt-generated-ids.patch \ %D%/packages/patches/linux-pam-no-setfsuid.patch \ %D%/packages/patches/lirc-localstatedir.patch \ @@ -691,6 +701,7 @@ dist_patch_DATA = \ %D%/packages/patches/mcrypt-CVE-2012-4409.patch \ %D%/packages/patches/mcrypt-CVE-2012-4426.patch \ %D%/packages/patches/mcrypt-CVE-2012-4527.patch \ + %D%/packages/patches/metabat-remove-compilation-date.patch \ %D%/packages/patches/mhash-keygen-test-segfault.patch \ %D%/packages/patches/mpc123-initialize-ao.patch \ %D%/packages/patches/mplayer2-theora-fix.patch \ @@ -800,7 +811,6 @@ dist_patch_DATA = \ %D%/packages/patches/ruby-rack-ignore-failing-test.patch \ %D%/packages/patches/ruby-symlinkfix.patch \ %D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\ - %D%/packages/patches/rush-CVE-2013-6889.patch \ %D%/packages/patches/sed-hurd-path-max.patch \ %D%/packages/patches/scheme48-tests.patch \ %D%/packages/patches/scotch-test-threading.patch \ diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index 6d298843c3..f608259382 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -210,16 +210,27 @@ application (for console or X terminals) and requires ncurses.") (define-public pies (package (name "pies") - (version "1.2") + (version "1.3") (source (origin - (method url-fetch) - (uri (string-append "mirror://gnu/pies/pies-" - version ".tar.bz2")) - (sha256 - (base32 - "18w0dbg77i56cx1bwa789w0qi3l4xkkbascxcv2b6gbm0zmjg1g6")))) + (method url-fetch) + (uri (string-append "mirror://gnu/pies/pies-" + version ".tar.bz2")) + (sha256 + (base32 + "12r7rjjyibjdj08dvwbp0iflfpzl4s0zhn6cr6zj3hwf9gbzgl1g")))) (build-system gnu-build-system) + (arguments + '(#:phases (modify-phases %standard-phases + (add-before 'build 'patch-/bin/sh + (lambda* (#:key inputs #:allow-other-keys) + ;; Use the right shell when executing user-provided + ;; shell commands. + (let ((bash (assoc-ref inputs "bash"))) + (substitute* "src/progman.c" + (("\"/bin/sh\"") + (string-append "\"" bash "/bin/sh\""))) + #t)))))) (home-page "http://www.gnu.org/software/pies/") (synopsis "Program invocation and execution supervisor") (description @@ -1180,14 +1191,14 @@ environment variable is set and output is to tty.") (define-public direvent (package (name "direvent") - (version "5.0") + (version "5.1") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/direvent/direvent-" version ".tar.gz")) (sha256 (base32 - "1i14131y6m8wvirz6piw4zxz2q1kbpl0lniv5kl55rx4k372dg8z")) + "1nwvjmx7kb14ni34c0b8x9a3791pc20gvhj7xaj66d8q4h6n0qf4")) (modules '((guix build utils))) (snippet '(substitute* "tests/testsuite" (("#![[:blank:]]?/bin/sh") @@ -1197,11 +1208,19 @@ environment variable is set and output is to tty.") '(#:phases (alist-cons-before 'build 'patch-/bin/sh (lambda* (#:key inputs #:allow-other-keys) - ;; Use the right shell when executing the watcher. + ;; Use the right shell when executing the watcher and + ;; user-provided shell commands. (let ((bash (assoc-ref inputs "bash"))) - (substitute* "src/direvent.c" + (substitute* '("src/direvent.c" "src/progman.c") (("\"/bin/sh\"") - (string-append "\"" bash "/bin/sh\""))))) + (string-append "\"" bash "/bin/sh\""))) + + ;; Adjust the 'shell.at' test accordingly. + (substitute* "tests/testsuite" + (("SHELL=/bin/sh") + (string-append "SHELL=" bash "/bin/sh"))) + + #t)) %standard-phases))) (home-page "http://www.gnu.org/software/direvent/") (synopsis "Daemon to monitor directories for events such as file removal") @@ -1846,3 +1865,60 @@ Kerberos and Heimdal and FAST is supported with recent MIT Kerberos.") (license license:gpl1+))) ;;http://archives.eyrie.org/software/kerberos/pam-krb5-4.7.tar.xz + +(define-public sunxi-tools + (package + (name "sunxi-tools") + (version "1.3") + (source + (origin + (method url-fetch) + (uri (string-append "https://github.com/linux-sunxi/" + "sunxi-tools/archive/v" version ".tar.gz")) + (sha256 + (base32 "1iazm28gws1i8sls3gxwc5p108n56ags287zmh1rpvkn2k1az81a")) + (modules '((guix build utils))) + (snippet + ;; Remove binaries contained in the tarball which are only for the + ;; target and can be regenerated anyway. + '(delete-file-recursively "bin")) + (file-name (string-append name "-" version ".tar.gz")))) + (native-inputs + `(("pkg-config" ,pkg-config))) + (inputs + `(("libusb" ,libusb))) + (build-system gnu-build-system) + (arguments + `(#:tests? #f ; no tests exist + #:make-flags (list (string-append "PREFIX=" + (assoc-ref %outputs "out")) + "TARGET_TOOLS=sunxi-pio sunxi-meminfo" + "CROSS_COMPILE=") + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'fix-Makefile + (lambda _ + (substitute* "Makefile" + ;; Upstream adds Makefile and config.h as dependencies + ;; of all their tools which means $^ would pass them to gcc. + ;; gcc won't know what to do with a Makefile. + (("-o [$][@] [$]\\^") "-o $@ meminfo.c")) + #t)) + (delete 'configure)))) + (home-page "https://github.com/linux-sunxi/sunxi-tools") + (synopsis "Hardware management tools for Allwinner computers") + (description "This package contains tools for Allwinner devices: +@enumerate +@item @command{sunxi-fexc}, @command{bin2fex}, @command{fex2bin}: Compile +a textual description of a board (.fex) to a binary representation (.bin). +@item @command{sunxi-fel}: Puts an Allwinner device into FEL mode which +makes it register as a special USB device (rather than USB host). +You can then connect it to another computer and flash it from there. +@item @command{sunxi-nand-part}: Partitions NAND flash. +@item @command{sunxi-bootinfo}: Reads out boot0 and boot1 (Allwinner +bootloader) parameters. +@item @command{sunxi-pio}: Sets GPIO parameters and oscillates a GPIO +in order to be able to find it. +@item @command{sunxi-meminfo}: Prints memory bus settings. +@end enumerate") + (license license:gpl2+))) diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm index cf20057bcd..ac46fe4bcc 100644 --- a/gnu/packages/bioinformatics.scm +++ b/gnu/packages/bioinformatics.scm @@ -3221,18 +3221,23 @@ form of assemblies or reads.") license:cpl1.0)))) ; Open Bloom Filter (define-public metabat - (package - (name "metabat") - (version "0.26.3") - (source (origin - (method url-fetch) - (uri (string-append - "https://bitbucket.org/berkeleylab/metabat/get/" - version ".tar.bz2")) - (file-name (string-append name "-" version ".tar.bz2")) - (sha256 - (base32 - "1vpfvgsn8wdsv1g7z73zxcncskx7dy7bw5msg1hhibk25ay11pyg")))) + ;; We package from a git commit because compilation of the released version + ;; fails. + (let ((commit "cbdca756993e66ae57e50a27970595dda9cbde1b")) + (package + (name "metabat") + (version (string-append "0.32.4-1." (string-take commit 8))) + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://bitbucket.org/berkeleylab/metabat.git") + (commit commit))) + (file-name (string-append name "-" version)) + (sha256 + (base32 + "0byia8nsip6zvc4ha0qkxkxxyjf4x7jcvy48q2dvb0pzr989syzr")) + (patches (search-patches "metabat-remove-compilation-date.patch")))) (build-system gnu-build-system) (arguments `(#:phases @@ -3299,7 +3304,7 @@ enables the study of individual organisms and their interactions. MetaBAT is an automated metagenome binning software, which integrates empirical probabilistic distances of genome abundance and tetranucleotide frequency.") (license (license:non-copyleft "file://license.txt" - "See license.txt in the distribution.")))) + "See license.txt in the distribution."))))) (define-public minced (package diff --git a/gnu/packages/code.scm b/gnu/packages/code.scm index 63a9280708..baa9861622 100644 --- a/gnu/packages/code.scm +++ b/gnu/packages/code.scm @@ -92,14 +92,14 @@ highlighting your own code that seemed comprehensible when you wrote it.") (define-public global ; a global variable (package (name "global") - (version "6.5.4") + (version "6.5.5") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/global/global-" version ".tar.gz")) (sha256 (base32 - "19hxajpwld6qx0faz4rzyh1hfs25ycjmws6bas8pavx4hskf05mg")))) + "0yyg91qw8399lnxfai4bxkh9yq71qdwp9kvadgzp05cdqni44nxw")))) (build-system gnu-build-system) (inputs `(("ncurses" ,ncurses) ("libltdl" ,libltdl) diff --git a/gnu/packages/cryptsetup.scm b/gnu/packages/cryptsetup.scm index 725a397837..0c8efceff0 100644 --- a/gnu/packages/cryptsetup.scm +++ b/gnu/packages/cryptsetup.scm @@ -21,6 +21,7 @@ #:use-module (guix packages) #:use-module (guix download) #:use-module (guix build-system gnu) + #:use-module (guix utils) #:use-module (gnu packages) #:use-module (gnu packages gnupg) #:use-module (gnu packages popt) @@ -30,14 +31,15 @@ (define-public cryptsetup (package (name "cryptsetup") - (version "1.6.1") + (version "1.7.2") (source (origin (method url-fetch) - (uri (string-append "http://cryptsetup.googlecode.com/files/cryptsetup-" - version ".tar.bz2")) + (uri (string-append "mirror://kernel.org/linux/utils/cryptsetup/v" + (version-major+minor version) + "/" name "-" version ".tar.xz")) (sha256 (base32 - "170lalkhh2fa316d12i6r7jprm0yss3c949d91069sq37ik6xwxs")))) + "0hikwkkj692c955k29c4zixj8wp8k3z17jc6ihb4j5qcbyzmvcyv")))) (build-system gnu-build-system) (inputs `(("libgcrypt" ,libgcrypt) @@ -55,4 +57,4 @@ passwords. In contrast to existing solutions, LUKS stores all setup necessary setup information in the partition header, enabling the users to transport or migrate their data seamlessly.") (license license:gpl2) - (home-page "http://code.google.com/p/cryptsetup/"))) + (home-page "https://gitlab.com/cryptsetup/cryptsetup"))) diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm index b0a6575aae..8c8a35b121 100644 --- a/gnu/packages/games.scm +++ b/gnu/packages/games.scm @@ -11,7 +11,7 @@ ;;; Copyright © 2015, 2016 Andreas Enge <andreas@enge.fr> ;;; Copyright © 2015 David Hashe <david.hashe@dhashe.com> ;;; Copyright © 2015 Christopher Allan Webber <cwebber@dustycloud.org> -;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net> +;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2015, 2016 Alex Kost <alezost@gmail.com> ;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org> ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com> @@ -1185,6 +1185,7 @@ on the screen and keyboard to display letters.") ("ghc-mtl" ,ghc-mtl) ("ghc-random" ,ghc-random) ("ghc-glut" ,ghc-glut) + ("freeglut" ,freeglut) ("ghc-opengl" ,ghc-opengl) ("ghc-sdl" ,ghc-sdl) ("ghc-sdl-image" ,ghc-sdl-image) @@ -2408,7 +2409,7 @@ capture it and get out alive?") (define-public warzone2100 (package (name "warzone2100") - (version "3.1.5") + (version "3.2.1") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/" name @@ -2416,16 +2417,22 @@ capture it and get out alive?") ".tar.xz")) (sha256 (base32 - "0hm49i2knvvg3wlnryv7h4m84s3qa7jfyym5yy6365sx8wzcrai1")))) + "1nd609s0g4sya3r4amhkz3f4dpdmm94vsd2ii76ap665a1nbfrhg")))) (build-system gnu-build-system) (arguments - `(#:phases (modify-phases %standard-phases - (add-after 'set-paths 'set-sdl-paths - (lambda* (#:key inputs #:allow-other-keys) - (setenv "CPATH" - (string-append (assoc-ref inputs "sdl-union") - "/include/SDL")) - #t))))) + `(#:phases + (modify-phases %standard-phases + (add-after 'unpack 'link-tests-with-qt + (lambda _ + (substitute* "tests/Makefile.in" + (("(framework_linktest_LDADD|maptest_LDADD) = " prefix) + (string-append prefix "$(QT5_LIBS) "))) + #t)) + (add-after 'unpack 'remove-reference-to-missing-file + (lambda _ + (substitute* "icons/Makefile.in" + (("\\$\\(INSTALL_DATA\\) \\$\\(srcdir\\)/warzone2100.appdata.xml.*") "")) + #t))))) (native-inputs `(("pkg-config" ,pkg-config) ("unzip" ,unzip) ("zip" ,zip))) @@ -2438,9 +2445,10 @@ capture it and get out alive?") ("libxrandr" ,libxrandr) ("openal" ,openal) ("physfs" ,physfs) - ("qt", qt-4) + ("qt" ,qt) + ("openssl" ,openssl) ("quesoglc" ,quesoglc) - ("sdl-union" ,(sdl-union)))) + ("sdl2" ,sdl2))) (home-page "http://wz2100.net") (synopsis "3D Real-time strategy and real-time tactics game") (description @@ -2700,17 +2708,19 @@ with the \"Stamp\" tool within Tux Paint.") (define-public supertux (package (name "supertux") - (version "0.4.0") + (version "0.5.0") (source (origin (method url-fetch) - (uri (string-append "https://github.com/SuperTux/supertux/releases/" - "download/v" version - "/supertux-" version ".tar.bz2")) + (uri (string-append "https://github.com/SuperTux/supertux/" + "releases/download/v" version "/SuperTux-v" + version "-Source.tar.gz")) (sha256 (base32 - "10ppmy6w77lxj8bdzjahc9bidgl4qgzr9rimn15rnqay84ydx3fi")))) - (arguments '(#:tests? #f - #:configure-flags '("-DINSTALL_SUBDIR_BIN=bin"))) + "0fx7c7m6mfanqy7kln7yf6abb5l3r68picf32js2yls11jj0vbng")))) + (arguments + '(#:tests? #f + #:configure-flags '("-DINSTALL_SUBDIR_BIN=bin" + "-DENABLE_BOOST_STATIC_LIBS=OFF"))) (build-system cmake-build-system) (inputs `(("sdl2" ,sdl2) ("sdl2-image" ,sdl2-image) @@ -2896,3 +2906,89 @@ extinguishing action, intense boss battles, a catchy soundtrack and lots of throwing people around in pseudo-randomly generated buildings.") (license (list license:zlib ; for source code license:cc-by-sa3.0)))) ; for graphics and music assets + +(define-public hyperrogue + (package + (name "hyperrogue") + (version "8.3j") + (source (origin + (method url-fetch) + (uri (string-append + "http://www.roguetemple.com/z/hyper/" + name "-83j.zip")) + (sha256 + (base32 + "1ag95d84m4j0rqyn9hj7655znixw2j57bpf93nk14nfy02xz1g6p")) + (modules '((guix build utils))) + ;; Remove .exe and .dll files. + (snippet + '(for-each delete-file (find-files "." "\\.(exe|dll)$"))))) + (build-system gnu-build-system) + (arguments + '(#:tests? #f ; no check target + #:make-flags '("-Csrc") + #:phases + (modify-phases %standard-phases + (add-after 'set-paths 'set-sdl-paths + (lambda* (#:key inputs #:allow-other-keys) + (setenv "CPATH" + (string-append (assoc-ref inputs "sdl-union") + "/include/SDL")))) + ;; Fix font and music paths. + (replace 'configure + (lambda* (#:key inputs outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out")) + (dejavu-dir (string-append + (assoc-ref inputs "font-dejavu") + "/share/fonts/truetype")) + (dejavu-font "DejaVuSans-Bold.ttf") + (music-file "hyperrogue-music.txt")) + (with-directory-excursion "src" + (substitute* "graph.cpp" + ((dejavu-font) + (string-append dejavu-dir "/" dejavu-font)) + (((string-append "\\./" music-file)) + (string-append out "/share/hyperrogue/" music-file))) + (substitute* music-file + (("\\*/") + (string-append out "/share/hyperrogue/"))))) + #t)) + (replace 'install + (lambda* (#:key inputs outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (bin (string-append out "/bin")) + (share-dir (string-append out "/share/hyperrogue"))) + (mkdir-p bin) + (copy-file "src/hyper" (string-append bin "/hyperrogue")) + (mkdir-p share-dir) + (copy-file "src/hyperrogue-music.txt" + (string-append share-dir "/hyperrogue-music.txt")) + (for-each (lambda (file) + (copy-file file (string-append share-dir "/" file))) + (find-files "." "\\.ogg$"))) + #t))))) + (inputs + `(("font-dejavu" ,font-dejavu) + ("glew" ,glew) + ("libpng" ,libpng) + ("sdl-union" ,(sdl-union (list sdl + sdl-gfx + sdl-mixer + sdl-ttf))))) + (home-page "http://www.roguetemple.com/z/hyper/") + (synopsis "Non-euclidean graphical rogue-like game") + (description + "HyperRogue is a game in which the player collects treasures and fights +monsters -- rogue-like but for the fact that it is played on the hyperbolic +plane and not in euclidean space. + +In HyperRogue, the player can move through different parts of the world, which +are home to particular creatures and may be subject to own rules of \"physics\". + +While it can use ASCII characters to display the world the classical rogue +symbols, the game needs graphics to render the non-euclidean world.") + (license (list license:bsd-3 ; src/glew.c, src/mtrand.* + license:cc-by-sa3.0 ; *.ogg + license:public-domain ; src/direntx.* + license:zlib ; src/savepng.* + license:gpl2+)))) ; remaining files diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm index da66525707..4a1a309b66 100644 --- a/gnu/packages/gcc.scm +++ b/gnu/packages/gcc.scm @@ -776,14 +776,14 @@ effective code.") (define-public gnu-c-manual (package (name "gnu-c-manual") - (version "0.2.4") + (version "0.2.5") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/gnu-c-manual/gnu-c-manual-" version ".tar.gz")) (sha256 (base32 - "0cf4503shr7hxkbrjfi9dky6q2lqk95bgbgbjmvj2s2x312kakd9")))) + "1sfsj9256w18qzylgag2h5h377aq8in8929svblfnj9svfriqcys")))) (build-system gnu-build-system) (native-inputs `(("texinfo" ,texinfo))) (arguments diff --git a/gnu/packages/gnucash.scm b/gnu/packages/gnucash.scm index bdef0b163b..97a4818be3 100644 --- a/gnu/packages/gnucash.scm +++ b/gnu/packages/gnucash.scm @@ -42,7 +42,7 @@ (define-public gnucash (package (name "gnucash") - (version "2.6.12") + (version "2.6.14") (source (origin (method url-fetch) @@ -50,7 +50,7 @@ version "/gnucash-" version ".tar.bz2")) (sha256 (base32 - "0x84f07p30pwhriamv8ifljgw755cj87rc12jy1xddf47spyj7rp")) + "0xcf2nl3v6zsablmla20v283x3r0jdpixcbp37mzap82lln4y51v")) (patches (search-patches "gnucash-price-quotes-perl.patch")))) (build-system gnu-build-system) (inputs diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm index 56a5ea3299..6d9c3c8f33 100644 --- a/gnu/packages/gnunet.scm +++ b/gnu/packages/gnunet.scm @@ -34,14 +34,18 @@ #:use-module (gnu packages glib) #:use-module (gnu packages gnome) #:use-module (gnu packages gnupg) + #:use-module (gnu packages gnuzilla) #:use-module (gnu packages groff) #:use-module (gnu packages gtk) #:use-module (gnu packages guile) #:use-module (gnu packages gstreamer) #:use-module (gnu packages libidn) + #:use-module (gnu packages linux) #:use-module (gnu packages image) #:use-module (gnu packages libunistring) #:use-module (gnu packages maths) + #:use-module (gnu packages multiprecision) + #:use-module (gnu packages ncurses) #:use-module (gnu packages pkg-config) #:use-module (gnu packages perl) #:use-module (gnu packages pulseaudio) @@ -49,6 +53,7 @@ #:use-module (gnu packages databases) #:use-module (gnu packages tls) #:use-module (gnu packages video) + #:use-module (gnu packages web) #:use-module (gnu packages xiph) #:use-module (gnu packages backup) #:use-module ((guix licenses) #:prefix license:) @@ -217,8 +222,9 @@ supports HTTP, HTTPS and GnuTLS.") (method url-fetch) (uri (string-append "mirror://gnu/gnunet/gnunet-" version ".tar.gz")) - (sha256 (base32 - "04wxzm3wkgqbn42b8ksr4cx6m5cckyig5cls1adh0nwdczwvnp7n")))) + (sha256 + (base32 + "04wxzm3wkgqbn42b8ksr4cx6m5cckyig5cls1adh0nwdczwvnp7n")))) (build-system gnu-build-system) (inputs `(("glpk" ,glpk) @@ -229,17 +235,24 @@ supports HTTP, HTTPS and GnuTLS.") ("libextractor" ,libextractor) ("libgcrypt" ,libgcrypt) ("libidn" ,libidn) - ("libmicrohttpd" ,libmicrohttpd) + ("libmicrohttpd" ,libmicrohttpd) ; hostlist, pt, contrib, and more ("libltdl" ,libltdl) - ("libunistring" ,libunistring) - ("openssl" ,openssl) - ("opus" ,opus) - ("pulseaudio" ,pulseaudio) - ("sqlite" ,sqlite) - ("zlib" ,zlib))) + ("libunistring" ,libunistring) ; fs and more + ("openssl" ,openssl) ; transport, certificate creation, contribs + ("opus" ,opus) ; gnunet-conversation + ("pulseaudio" ,pulseaudio) ; conversation + ("sqlite" ,sqlite) ; sqlite bindings, *store + ("zlib" ,zlib) + ("perl" ,perl) ; doxygen and more + ("jansson" ,jansson) ; identity, taler (external), gnunet-json, gns + ("nss" ,nss) ; gns + ("gmp" ,gmp) ; util + ("bluez" ,bluez) ; gnunet-transport + ("glib" ,glib) + ("libogg" ,libogg) ; gnunet-conversation + ("python-2" ,python-2))) ; tests, gnunet-qr (native-inputs - `(("pkg-config" ,pkg-config) - ("python" ,python-2))) + `(("pkg-config" ,pkg-config))) (arguments '(#:configure-flags (list (string-append "--with-nssdir=" %output "/lib")) diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index c2aba247b4..d114dc0ad5 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -275,10 +275,9 @@ in the Mozilla clients.") (propagated-inputs `(("nspr" ,nspr))) ; required by nss.pc. (native-inputs `(("perl" ,perl))) - ;; The NSS test suite takes over 28 hours on Loongson 3A (MIPS), and - ;; possibly longer when another build is happening concurrently on the - ;; same machine. - (properties '((timeout . 144000))) ; 40 hours + ;; The NSS test suite takes around 48 hours on Loongson 3A (MIPS) when + ;; another build is happening concurrently on the same machine. + (properties '((timeout . 216000))) ; 60 hours (home-page "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS") diff --git a/gnu/packages/grub.scm b/gnu/packages/grub.scm index bfc9d6ffab..b920be9ea2 100644 --- a/gnu/packages/grub.scm +++ b/gnu/packages/grub.scm @@ -98,13 +98,23 @@ (arguments '(;; Two warnings: suggest braces, signed/unsigned comparison. #:configure-flags '("--disable-werror") + #:phases (modify-phases %standard-phases - (add-after - 'unpack 'patch-stuff + (add-after 'unpack 'patch-stuff (lambda* (#:key inputs #:allow-other-keys) (substitute* "grub-core/Makefile.in" (("/bin/sh") (which "sh"))) + ;; Give the absolute file name of 'mdadm', used to + ;; determine the root file system when it's a RAID + ;; device. Failing to do that, 'grub-probe' silently + ;; fails if 'mdadm' is not in $PATH. + (substitute* "grub-core/osdep/linux/getroot.c" + (("argv\\[0\\] = \"mdadm\"") + (string-append "argv[0] = \"" + (assoc-ref inputs "mdadm") + "/sbin/mdadm\""))) + ;; Make the font visible. (copy-file (assoc-ref inputs "unifont") "unifont.bdf.gz") (system* "gunzip" "unifont.bdf.gz") @@ -119,6 +129,7 @@ (inputs `(;; ("lvm2" ,lvm2) ("gettext" ,gettext-minimal) + ("mdadm" ,mdadm) ("freetype" ,freetype) ;; ("libusb" ,libusb) ;; ("fuse" ,fuse) diff --git a/gnu/packages/linux-libre-4.7-i686.conf b/gnu/packages/linux-libre-4.8-i686.conf index 0e7c67432b..75c9824cb1 100644 --- a/gnu/packages/linux-libre-4.7-i686.conf +++ b/gnu/packages/linux-libre-4.8-i686.conf @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.7.0-gnu Kernel Configuration +# Linux/x86 4.8.0-gnu Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -36,7 +36,6 @@ CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y CONFIG_HAVE_INTEL_TXT=y CONFIG_X86_32_SMP=y -CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-ecx -fcall-saved-edx" CONFIG_ARCH_SUPPORTS_UPROBES=y CONFIG_FIX_EARLYCON_MEM=y CONFIG_DEBUG_RODATA=y @@ -231,6 +230,7 @@ CONFIG_SLUB_DEBUG=y # CONFIG_SLAB is not set CONFIG_SLUB=y # CONFIG_SLOB is not set +CONFIG_SLAB_FREELIST_RANDOM=y CONFIG_SLUB_CPU_PARTIAL=y # CONFIG_SYSTEM_DATA_VERIFICATION is not set CONFIG_PROFILING=y @@ -278,11 +278,15 @@ CONFIG_HAVE_CMPXCHG_DOUBLE=y CONFIG_ARCH_WANT_IPC_PARSE_VERSION=y CONFIG_HAVE_ARCH_SECCOMP_FILTER=y CONFIG_SECCOMP_FILTER=y +CONFIG_HAVE_GCC_PLUGINS=y +CONFIG_GCC_PLUGINS=y +# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set CONFIG_HAVE_CC_STACKPROTECTOR=y CONFIG_CC_STACKPROTECTOR=y # CONFIG_CC_STACKPROTECTOR_NONE is not set # CONFIG_CC_STACKPROTECTOR_REGULAR is not set CONFIG_CC_STACKPROTECTOR_STRONG=y +CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y CONFIG_HAVE_ARCH_HUGE_VMAP=y @@ -548,6 +552,7 @@ CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 CONFIG_TRANSPARENT_HUGEPAGE=y CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS=y # CONFIG_TRANSPARENT_HUGEPAGE_MADVISE is not set +CONFIG_TRANSPARENT_HUGE_PAGECACHE=y CONFIG_CLEANCACHE=y CONFIG_FRONTSWAP=y CONFIG_CMA=y @@ -649,6 +654,7 @@ CONFIG_ACPI_VIDEO=m CONFIG_ACPI_FAN=y CONFIG_ACPI_DOCK=y CONFIG_ACPI_CPU_FREQ_PSS=y +CONFIG_ACPI_PROCESSOR_CSTATE=y CONFIG_ACPI_PROCESSOR_IDLE=y CONFIG_ACPI_PROCESSOR=y CONFIG_ACPI_IPMI=m @@ -657,6 +663,7 @@ CONFIG_ACPI_PROCESSOR_AGGREGATOR=m CONFIG_ACPI_THERMAL=y CONFIG_ACPI_CUSTOM_DSDT_FILE="" # CONFIG_ACPI_CUSTOM_DSDT is not set +CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y CONFIG_ACPI_TABLE_UPGRADE=y # CONFIG_ACPI_DEBUG is not set CONFIG_ACPI_PCI_SLOT=y @@ -678,8 +685,10 @@ CONFIG_ACPI_APEI_GHES=y CONFIG_ACPI_APEI_PCIEAER=y CONFIG_ACPI_APEI_EINJ=m # CONFIG_ACPI_APEI_ERST_DEBUG is not set +CONFIG_DPTF_POWER=m CONFIG_ACPI_EXTLOG=m # CONFIG_PMIC_OPREGION is not set +CONFIG_ACPI_CONFIGFS=m CONFIG_SFI=y CONFIG_X86_APM_BOOT=y CONFIG_APM=m @@ -774,7 +783,7 @@ CONFIG_PCIEASPM_DEFAULT=y # CONFIG_PCIEASPM_POWERSAVE is not set # CONFIG_PCIEASPM_PERFORMANCE is not set CONFIG_PCIE_PME=y -CONFIG_PCIE_DPC=m +CONFIG_PCIE_DPC=y CONFIG_PCI_BUS_ADDR_T_64BIT=y CONFIG_PCI_MSI=y CONFIG_PCI_MSI_IRQ_DOMAIN=y @@ -844,6 +853,7 @@ CONFIG_RAPIDIO_DISC_TIMEOUT=30 CONFIG_RAPIDIO_DMA_ENGINE=y # CONFIG_RAPIDIO_DEBUG is not set CONFIG_RAPIDIO_ENUM_BASIC=m +CONFIG_RAPIDIO_CHMAN=m CONFIG_RAPIDIO_MPORT_CDEV=m # @@ -853,6 +863,7 @@ CONFIG_RAPIDIO_TSI57X=m CONFIG_RAPIDIO_CPS_XX=m CONFIG_RAPIDIO_TSI568=m CONFIG_RAPIDIO_CPS_GEN2=m +CONFIG_RAPIDIO_RXS_GEN3=m # CONFIG_X86_SYSFB is not set # @@ -935,6 +946,7 @@ CONFIG_TCP_CONG_HTCP=m CONFIG_TCP_CONG_HSTCP=m CONFIG_TCP_CONG_HYBLA=m CONFIG_TCP_CONG_VEGAS=m +CONFIG_TCP_CONG_NV=m CONFIG_TCP_CONG_SCALABLE=m CONFIG_TCP_CONG_LP=m CONFIG_TCP_CONG_VENO=m @@ -1451,6 +1463,7 @@ CONFIG_NET_CLS_FLOW=m CONFIG_NET_CLS_CGROUP=m CONFIG_NET_CLS_BPF=m CONFIG_NET_CLS_FLOWER=m +CONFIG_NET_CLS_MATCHALL=m CONFIG_NET_EMATCH=y CONFIG_NET_EMATCH_STACK=32 CONFIG_NET_EMATCH_CMP=m @@ -1494,6 +1507,8 @@ CONFIG_OPENVSWITCH_VXLAN=m CONFIG_OPENVSWITCH_GENEVE=m CONFIG_VSOCKETS=m CONFIG_VMWARE_VMCI_VSOCKETS=m +CONFIG_VIRTIO_VSOCKETS=m +CONFIG_VIRTIO_VSOCKETS_COMMON=m CONFIG_NETLINK_DIAG=m CONFIG_MPLS=y CONFIG_NET_MPLS_GSO=m @@ -1502,6 +1517,7 @@ CONFIG_MPLS_IPTUNNEL=m CONFIG_HSR=m # CONFIG_NET_SWITCHDEV is not set CONFIG_NET_L3_MASTER_DEV=y +CONFIG_NET_NCSI=y CONFIG_RPS=y CONFIG_RFS_ACCEL=y CONFIG_XPS=y @@ -1966,6 +1982,7 @@ CONFIG_MTD_NAND_CS553X=m CONFIG_MTD_NAND_NANDSIM=m CONFIG_MTD_NAND_PLATFORM=m CONFIG_MTD_NAND_HISI504=m +CONFIG_MTD_NAND_MTK=m CONFIG_MTD_ONENAND=m CONFIG_MTD_ONENAND_VERIFY_WRITE=y CONFIG_MTD_ONENAND_GENERIC=m @@ -2043,7 +2060,6 @@ CONFIG_PARIDE_ON20=m CONFIG_PARIDE_ON26=m CONFIG_BLK_DEV_PCIESSD_MTIP32XX=m CONFIG_ZRAM=m -CONFIG_ZRAM_LZ4_COMPRESS=y CONFIG_BLK_CPQ_CISS_DA=m CONFIG_CISS_SCSI_TAPE=y CONFIG_BLK_DEV_DAC960=m @@ -2074,6 +2090,11 @@ CONFIG_BLK_DEV_RSXX=m CONFIG_NVME_CORE=m CONFIG_BLK_DEV_NVME=m # CONFIG_BLK_DEV_NVME_SCSI is not set +CONFIG_NVME_FABRICS=m +CONFIG_NVME_RDMA=m +CONFIG_NVME_TARGET=m +CONFIG_NVME_TARGET_LOOP=m +CONFIG_NVME_TARGET_RDMA=m # # Misc devices @@ -2097,7 +2118,6 @@ CONFIG_APDS9802ALS=m CONFIG_ISL29003=m CONFIG_ISL29020=m CONFIG_SENSORS_TSL2550=m -CONFIG_SENSORS_BH1780=m CONFIG_SENSORS_BH1770=m CONFIG_SENSORS_APDS990X=m CONFIG_HMC6352=m @@ -2177,10 +2197,10 @@ CONFIG_VMWARE_VMCI=m # # VOP Driver # +CONFIG_VHOST_RING=m CONFIG_ECHO=m # CONFIG_CXL_BASE is not set -# CONFIG_CXL_KERNEL_API is not set -# CONFIG_CXL_EEH is not set +# CONFIG_CXL_AFU_DRIVER_OPS is not set CONFIG_HAVE_IDE=y # CONFIG_IDE is not set @@ -2273,7 +2293,9 @@ CONFIG_SCSI_MPT3SAS_MAX_SGE=128 CONFIG_SCSI_MPT2SAS=m CONFIG_SCSI_UFSHCD=m CONFIG_SCSI_UFSHCD_PCI=m +# CONFIG_SCSI_UFS_DWC_TC_PCI is not set CONFIG_SCSI_UFSHCD_PLATFORM=m +# CONFIG_SCSI_UFS_DWC_TC_PLATFORM is not set CONFIG_SCSI_HPTIOP=m CONFIG_SCSI_BUSLOGIC=m CONFIG_SCSI_FLASHPOINT=y @@ -2620,11 +2642,6 @@ CONFIG_CAIF_SPI_SLAVE=m # CONFIG_CAIF_SPI_SYNC is not set CONFIG_CAIF_HSI=m CONFIG_CAIF_VIRTIO=m -CONFIG_VHOST_NET=m -CONFIG_VHOST_SCSI=m -CONFIG_VHOST_RING=m -CONFIG_VHOST=m -# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set # # Distributed Switch Architecture drivers @@ -2674,8 +2691,6 @@ CONFIG_CNIC=m CONFIG_TIGON3=m CONFIG_BNX2X=m CONFIG_BNX2X_SRIOV=y -CONFIG_BNX2X_VXLAN=y -# CONFIG_BNX2X_GENEVE is not set CONFIG_BNXT=m CONFIG_BNXT_SRIOV=y CONFIG_NET_VENDOR_BROCADE=y @@ -2687,9 +2702,9 @@ CONFIG_CHELSIO_T1_1G=y CONFIG_CHELSIO_T3=m CONFIG_CHELSIO_T4=m CONFIG_CHELSIO_T4_DCB=y -CONFIG_CHELSIO_T4_UWIRE=y CONFIG_CHELSIO_T4_FCOE=y CONFIG_CHELSIO_T4VF=m +CONFIG_CHELSIO_LIB=m CONFIG_NET_VENDOR_CIRRUS=y CONFIG_CS89x0=m CONFIG_CS89x0_PLATFORM=y @@ -2717,7 +2732,6 @@ CONFIG_SUNDANCE=m CONFIG_NET_VENDOR_EMULEX=y CONFIG_BE2NET=m CONFIG_BE2NET_HWMON=y -CONFIG_BE2NET_VXLAN=y CONFIG_NET_VENDOR_EZCHIP=y CONFIG_NET_VENDOR_EXAR=y CONFIG_S2IO=m @@ -2737,18 +2751,14 @@ CONFIG_IGB_HWMON=y CONFIG_IGBVF=m CONFIG_IXGB=m CONFIG_IXGBE=m -CONFIG_IXGBE_VXLAN=y CONFIG_IXGBE_HWMON=y CONFIG_IXGBE_DCB=y CONFIG_IXGBEVF=m CONFIG_I40E=m -CONFIG_I40E_VXLAN=y -CONFIG_I40E_GENEVE=y CONFIG_I40E_DCB=y CONFIG_I40E_FCOE=y CONFIG_I40EVF=m CONFIG_FM10K=m -CONFIG_FM10K_VXLAN=y CONFIG_NET_VENDOR_I825XX=y CONFIG_JME=m CONFIG_NET_VENDOR_MARVELL=y @@ -2762,7 +2772,6 @@ CONFIG_SKY2=m CONFIG_NET_VENDOR_MELLANOX=y CONFIG_MLX4_EN=m CONFIG_MLX4_EN_DCB=y -CONFIG_MLX4_EN_VXLAN=y CONFIG_MLX4_CORE=m CONFIG_MLX4_DEBUG=y CONFIG_MLX5_CORE=m @@ -2809,15 +2818,12 @@ CONFIG_QLA3XXX=m CONFIG_QLCNIC=m CONFIG_QLCNIC_SRIOV=y CONFIG_QLCNIC_DCB=y -CONFIG_QLCNIC_VXLAN=y CONFIG_QLCNIC_HWMON=y CONFIG_QLGE=m CONFIG_NETXEN_NIC=m CONFIG_QED=m CONFIG_QED_SRIOV=y CONFIG_QEDE=m -# CONFIG_QEDE_VXLAN is not set -# CONFIG_QEDE_GENEVE is not set CONFIG_NET_VENDOR_QUALCOMM=y CONFIG_NET_VENDOR_REALTEK=y CONFIG_ATP=m @@ -2888,6 +2894,7 @@ CONFIG_SKFP=m # CONFIG_HIPPI is not set CONFIG_NET_SB1000=m CONFIG_PHYLIB=y +CONFIG_SWPHY=y # # MII PHY device drivers @@ -2920,6 +2927,7 @@ CONFIG_FIXED_PHY=y CONFIG_MDIO_BITBANG=m CONFIG_MDIO_GPIO=m CONFIG_MDIO_BCM_UNIMAC=m +CONFIG_INTEL_XWAY_PHY=m CONFIG_MICREL_KS8995MA=m CONFIG_PLIP=m CONFIG_PPP=y @@ -3540,6 +3548,7 @@ CONFIG_TABLET_USB_AIPTEK=m CONFIG_TABLET_USB_GTCO=m CONFIG_TABLET_USB_HANWANG=m CONFIG_TABLET_USB_KBTAB=m +CONFIG_TABLET_USB_PEGASUS=m CONFIG_TABLET_SERIAL_WACOM4=m CONFIG_INPUT_TOUCHSCREEN=y CONFIG_TOUCHSCREEN_PROPERTIES=y @@ -3623,8 +3632,12 @@ CONFIG_TOUCHSCREEN_TSC2004=m CONFIG_TOUCHSCREEN_TSC2005=m CONFIG_TOUCHSCREEN_TSC2007=m CONFIG_TOUCHSCREEN_PCAP=m +CONFIG_TOUCHSCREEN_RM_TS=m +CONFIG_TOUCHSCREEN_SILEAD=m +CONFIG_TOUCHSCREEN_SIS_I2C=m CONFIG_TOUCHSCREEN_ST1232=m CONFIG_TOUCHSCREEN_SUR40=m +CONFIG_TOUCHSCREEN_SURFACE3_SPI=m CONFIG_TOUCHSCREEN_SX8654=m CONFIG_TOUCHSCREEN_TPS6507X=m CONFIG_TOUCHSCREEN_ZFORCE=m @@ -3823,7 +3836,6 @@ CONFIG_IPMI_HANDLER=m # CONFIG_IPMI_PANIC_EVENT is not set CONFIG_IPMI_DEVICE_INTERFACE=m CONFIG_IPMI_SI=m -CONFIG_IPMI_SI_PROBE_DEFAULTS=y CONFIG_IPMI_SSIF=m CONFIG_IPMI_WATCHDOG=m CONFIG_IPMI_POWEROFF=m @@ -3859,7 +3871,9 @@ CONFIG_HPET_MMAP=y CONFIG_HPET_MMAP_DEFAULT=y CONFIG_HANGCHECK_TIMER=m CONFIG_TCG_TPM=y +CONFIG_TCG_TIS_CORE=y CONFIG_TCG_TIS=y +CONFIG_TCG_TIS_SPI=m CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m CONFIG_TCG_TIS_I2C_NUVOTON=m @@ -3868,6 +3882,7 @@ CONFIG_TCG_ATMEL=m CONFIG_TCG_INFINEON=m CONFIG_TCG_XEN=m CONFIG_TCG_CRB=m +CONFIG_TCG_VTPM_PROXY=m CONFIG_TCG_TIS_ST33ZP24=m CONFIG_TCG_TIS_ST33ZP24_I2C=m CONFIG_TCG_TIS_ST33ZP24_SPI=m @@ -4058,10 +4073,10 @@ CONFIG_GENERIC_PINCONF=y CONFIG_PINCTRL_AMD=y CONFIG_PINCTRL_BAYTRAIL=y CONFIG_PINCTRL_CHERRYVIEW=m +CONFIG_PINCTRL_MERRIFIELD=m CONFIG_PINCTRL_INTEL=m CONFIG_PINCTRL_BROXTON=m CONFIG_PINCTRL_SUNRISEPOINT=m -CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y CONFIG_GPIOLIB=y CONFIG_GPIO_DEVRES=y CONFIG_GPIO_ACPI=y @@ -4140,6 +4155,7 @@ CONFIG_GPIO_WM8994=m # CONFIG_GPIO_AMD8111=m CONFIG_GPIO_INTEL_MID=y +CONFIG_GPIO_MERRIFIELD=m CONFIG_GPIO_ML_IOH=m CONFIG_GPIO_PCH=m CONFIG_GPIO_RDC321X=m @@ -4154,7 +4170,6 @@ CONFIG_GPIO_PISOSR=m # # SPI or I2C GPIO expanders # -CONFIG_GPIO_MCP23S08=m # # USB GPIO expanders @@ -4289,6 +4304,7 @@ CONFIG_SENSORS_F71882FG=m CONFIG_SENSORS_F75375S=m CONFIG_SENSORS_MC13783_ADC=m CONFIG_SENSORS_FSCHMD=m +CONFIG_SENSORS_FTSTEUTATES=m CONFIG_SENSORS_GL518SM=m CONFIG_SENSORS_GL520SM=m CONFIG_SENSORS_G760A=m @@ -4367,6 +4383,7 @@ CONFIG_SENSORS_UCD9200=m CONFIG_SENSORS_ZL6100=m CONFIG_SENSORS_SHT15=m CONFIG_SENSORS_SHT21=m +CONFIG_SENSORS_SHT3x=m CONFIG_SENSORS_SHTC1=m CONFIG_SENSORS_SIS5595=m CONFIG_SENSORS_DME1737=m @@ -4387,6 +4404,7 @@ CONFIG_SENSORS_ADS7871=m CONFIG_SENSORS_AMC6821=m CONFIG_SENSORS_INA209=m CONFIG_SENSORS_INA2XX=m +CONFIG_SENSORS_INA3221=m CONFIG_SENSORS_TC74=m CONFIG_SENSORS_THMC50=m CONFIG_SENSORS_TMP102=m @@ -4462,7 +4480,6 @@ CONFIG_XILINX_WATCHDOG=m CONFIG_ZIIRAVE_WATCHDOG=m CONFIG_CADENCE_WATCHDOG=m CONFIG_DW_WATCHDOG=m -CONFIG_RN5T618_WATCHDOG=m CONFIG_TWL4030_WATCHDOG=m CONFIG_MAX63XX_WATCHDOG=m CONFIG_RETU_WATCHDOG=m @@ -4558,6 +4575,7 @@ CONFIG_BCMA_HOST_PCI_POSSIBLE=y CONFIG_BCMA_HOST_PCI=y CONFIG_BCMA_HOST_SOC=y CONFIG_BCMA_DRIVER_PCI=y +CONFIG_BCMA_SFLASH=y CONFIG_BCMA_DRIVER_GMAC_CMN=y CONFIG_BCMA_DRIVER_GPIO=y # CONFIG_BCMA_DEBUG is not set @@ -4624,7 +4642,6 @@ CONFIG_MFD_RTSX_PCI=m CONFIG_MFD_RT5033=m CONFIG_MFD_RTSX_USB=m CONFIG_MFD_RC5T583=y -CONFIG_MFD_RN5T618=m CONFIG_MFD_SEC_CORE=y CONFIG_MFD_SI476X_CORE=m CONFIG_MFD_SM501=m @@ -4722,6 +4739,7 @@ CONFIG_REGULATOR_MC13XXX_CORE=m CONFIG_REGULATOR_MC13783=m CONFIG_REGULATOR_MC13892=m CONFIG_REGULATOR_MT6311=m +CONFIG_REGULATOR_MT6323=m CONFIG_REGULATOR_MT6397=m CONFIG_REGULATOR_PALMAS=m CONFIG_REGULATOR_PCAP=m @@ -4733,7 +4751,6 @@ CONFIG_REGULATOR_PV88090=m CONFIG_REGULATOR_PWM=m CONFIG_REGULATOR_QCOM_SPMI=m CONFIG_REGULATOR_RC5T583=m -CONFIG_REGULATOR_RN5T618=m CONFIG_REGULATOR_RT5033=m CONFIG_REGULATOR_S2MPA01=m CONFIG_REGULATOR_S2MPS11=m @@ -4768,6 +4785,7 @@ CONFIG_MEDIA_DIGITAL_TV_SUPPORT=y CONFIG_MEDIA_RADIO_SUPPORT=y CONFIG_MEDIA_SDR_SUPPORT=y CONFIG_MEDIA_RC_SUPPORT=y +CONFIG_MEDIA_CEC_EDID=y CONFIG_MEDIA_CONTROLLER=y # CONFIG_MEDIA_CONTROLLER_DVB is not set CONFIG_VIDEO_DEV=m @@ -4781,7 +4799,6 @@ CONFIG_V4L2_FLASH_LED_CLASS=m CONFIG_VIDEOBUF_GEN=m CONFIG_VIDEOBUF_DMA_SG=m CONFIG_VIDEOBUF_VMALLOC=m -CONFIG_VIDEOBUF_DMA_CONTIG=m CONFIG_VIDEOBUF_DVB=m CONFIG_VIDEOBUF2_CORE=m CONFIG_VIDEOBUF2_MEMOPS=m @@ -5185,7 +5202,6 @@ CONFIG_VIDEO_SAA6588=m # # Video decoders # -CONFIG_VIDEO_ADV7180=m CONFIG_VIDEO_ADV7604=m CONFIG_VIDEO_ADV7842=m CONFIG_VIDEO_BT819=m @@ -5315,6 +5331,8 @@ CONFIG_DVB_M88DS3103=m CONFIG_DVB_DRXK=m CONFIG_DVB_TDA18271C2DD=m CONFIG_DVB_SI2165=m +CONFIG_DVB_MN88472=m +CONFIG_DVB_MN88473=m # # DVB-S (satellite) frontends @@ -5440,6 +5458,7 @@ CONFIG_DVB_M88RS2000=m CONFIG_DVB_AF9033=m CONFIG_DVB_HORUS3A=m CONFIG_DVB_ASCOT2E=m +CONFIG_DVB_HELENE=m # # Tools to develop new frontends @@ -5476,7 +5495,6 @@ CONFIG_DRM_TTM=m # # I2C encoder or helper chips # -CONFIG_DRM_I2C_ADV7511=m CONFIG_DRM_I2C_CH7006=m CONFIG_DRM_I2C_SIL164=m CONFIG_DRM_I2C_NXP_TDA998X=m @@ -5502,6 +5520,7 @@ CONFIG_DRM_I810=m CONFIG_DRM_I915=m # CONFIG_DRM_I915_PRELIMINARY_HW_SUPPORT is not set CONFIG_DRM_I915_USERPTR=y +# CONFIG_DRM_I915_GVT is not set # # drm/i915 Debugging @@ -5954,6 +5973,7 @@ CONFIG_SND_SOC_TOPOLOGY=y CONFIG_SND_SOC_AMD_ACP=m CONFIG_SND_ATMEL_SOC=m CONFIG_SND_DESIGNWARE_I2S=m +CONFIG_SND_DESIGNWARE_PCM=m # # SoC Audio for Freescale CPUs @@ -5975,9 +5995,14 @@ CONFIG_SND_SST_IPC=m CONFIG_SND_SST_IPC_PCI=m CONFIG_SND_SST_IPC_ACPI=m CONFIG_SND_SOC_INTEL_SST=m +CONFIG_SND_SOC_INTEL_SST_FIRMWARE=m CONFIG_SND_SOC_INTEL_SST_ACPI=m CONFIG_SND_SOC_INTEL_SST_MATCH=m +CONFIG_SND_SOC_INTEL_HASWELL=m +CONFIG_SND_SOC_INTEL_HASWELL_MACH=m +CONFIG_SND_SOC_INTEL_BXT_DA7219_MAX98357A_MACH=m CONFIG_SND_SOC_INTEL_BXT_RT298_MACH=m +CONFIG_SND_SOC_INTEL_BROADWELL_MACH=m CONFIG_SND_SOC_INTEL_BYTCR_RT5640_MACH=m CONFIG_SND_SOC_INTEL_BYTCR_RT5651_MACH=m CONFIG_SND_SOC_INTEL_CHT_BSW_RT5672_MACH=m @@ -5992,6 +6017,7 @@ CONFIG_SND_SOC_INTEL_SKL_NAU88L25_MAX98357A_MACH=m # Allwinner SoC Audio support # CONFIG_SND_SUN4I_CODEC=m +CONFIG_SND_SUN4I_I2S=m CONFIG_SND_SOC_XTFPGA_I2S=m CONFIG_SND_SOC_I2C_AND_SPI=m @@ -6000,13 +6026,16 @@ CONFIG_SND_SOC_I2C_AND_SPI=m # CONFIG_SND_SOC_AC97_CODEC=m CONFIG_SND_SOC_ADAU1701=m +CONFIG_SND_SOC_ADAU7002=m CONFIG_SND_SOC_AK4104=m CONFIG_SND_SOC_AK4554=m CONFIG_SND_SOC_AK4613=m CONFIG_SND_SOC_AK4642=m CONFIG_SND_SOC_AK5386=m CONFIG_SND_SOC_ALC5623=m +CONFIG_SND_SOC_BT_SCO=m CONFIG_SND_SOC_CS35L32=m +CONFIG_SND_SOC_CS35L33=m CONFIG_SND_SOC_CS42L51=m CONFIG_SND_SOC_CS42L51_I2C=m CONFIG_SND_SOC_CS42L52=m @@ -6020,6 +6049,8 @@ CONFIG_SND_SOC_CS4271_SPI=m CONFIG_SND_SOC_CS42XX8=m CONFIG_SND_SOC_CS42XX8_I2C=m CONFIG_SND_SOC_CS4349=m +CONFIG_SND_SOC_CS53L30=m +CONFIG_SND_SOC_DA7219=m CONFIG_SND_SOC_DMIC=m CONFIG_SND_SOC_ES8328=m CONFIG_SND_SOC_GTM601=m @@ -6027,6 +6058,8 @@ CONFIG_SND_SOC_HDAC_HDMI=m CONFIG_SND_SOC_INNO_RK3036=m CONFIG_SND_SOC_MAX98090=m CONFIG_SND_SOC_MAX98357A=m +CONFIG_SND_SOC_MAX98504=m +CONFIG_SND_SOC_MAX9860=m CONFIG_SND_SOC_PCM1681=m CONFIG_SND_SOC_PCM179X=m CONFIG_SND_SOC_PCM179X_I2C=m @@ -6093,8 +6126,10 @@ CONFIG_SND_SOC_WM8960=m CONFIG_SND_SOC_WM8962=m CONFIG_SND_SOC_WM8974=m CONFIG_SND_SOC_WM8978=m +CONFIG_SND_SOC_WM8985=m CONFIG_SND_SOC_NAU8825=m CONFIG_SND_SOC_TPA6130A2=m +CONFIG_SND_SIMPLE_CARD_UTILS=m CONFIG_SND_SIMPLE_CARD=m # CONFIG_SOUND_PRIME is not set CONFIG_AC97_BUS=m @@ -6147,6 +6182,7 @@ CONFIG_HID_ICADE=m CONFIG_HID_TWINHAN=m CONFIG_HID_KENSINGTON=m CONFIG_HID_LCPOWER=m +CONFIG_HID_LED=m CONFIG_HID_LENOVO=m CONFIG_HID_LOGITECH=m CONFIG_HID_LOGITECH_DJ=m @@ -6200,6 +6236,7 @@ CONFIG_ZEROPLUS_FF=y CONFIG_HID_ZYDACRON=m CONFIG_HID_SENSOR_HUB=m CONFIG_HID_SENSOR_CUSTOM_SENSOR=m +CONFIG_HID_ALPS=m # # USB HID support @@ -6343,7 +6380,7 @@ CONFIG_USB_DWC2_HOST=y # # Gadget/Dual-role mode requires USB Gadget support to be enabled # -CONFIG_USB_DWC2_PCI=y +CONFIG_USB_DWC2_PCI=m # CONFIG_USB_DWC2_DEBUG is not set # CONFIG_USB_DWC2_TRACK_MISSED_SOFS is not set CONFIG_USB_CHIPIDEA=m @@ -6438,7 +6475,6 @@ CONFIG_USB_SEVSEG=m CONFIG_USB_RIO500=m CONFIG_USB_LEGOTOWER=m CONFIG_USB_LCD=m -CONFIG_USB_LED=m CONFIG_USB_CYPRESS_CY7C63=m CONFIG_USB_CYTHERM=m CONFIG_USB_IDMOUSE=m @@ -6468,7 +6504,7 @@ CONFIG_USB_XUSBATM=m # USB Physical Layer drivers # CONFIG_USB_PHY=y -CONFIG_NOP_USB_XCEIV=y +CONFIG_NOP_USB_XCEIV=m CONFIG_USB_GPIO_VBUS=m CONFIG_TAHVO_USB=m CONFIG_TAHVO_USB_HOST_BY_DEFAULT=y @@ -6644,6 +6680,7 @@ CONFIG_LEDS_PCA9532=m CONFIG_LEDS_PCA9532_GPIO=y CONFIG_LEDS_GPIO=m CONFIG_LEDS_LP3944=m +CONFIG_LEDS_LP3952=m CONFIG_LEDS_LP55XX_COMMON=m CONFIG_LEDS_LP5521=m CONFIG_LEDS_LP5523=m @@ -6685,6 +6722,7 @@ CONFIG_LEDS_BLINKM=m CONFIG_LEDS_TRIGGERS=y CONFIG_LEDS_TRIGGER_TIMER=m CONFIG_LEDS_TRIGGER_ONESHOT=m +CONFIG_LEDS_TRIGGER_DISK=y # CONFIG_LEDS_TRIGGER_MTD is not set CONFIG_LEDS_TRIGGER_HEARTBEAT=m CONFIG_LEDS_TRIGGER_BACKLIGHT=m @@ -6725,6 +6763,7 @@ CONFIG_INFINIBAND_SRP=m CONFIG_INFINIBAND_SRPT=m CONFIG_INFINIBAND_ISER=m CONFIG_INFINIBAND_ISERT=m +CONFIG_RDMA_RXE=m CONFIG_EDAC_ATOMIC_SCRUB=y CONFIG_EDAC_SUPPORT=y CONFIG_EDAC=y @@ -6751,6 +6790,7 @@ CONFIG_EDAC_I5000=m CONFIG_EDAC_I5100=m CONFIG_EDAC_I7300=m CONFIG_RTC_LIB=y +CONFIG_RTC_MC146818_LIB=y CONFIG_RTC_CLASS=y CONFIG_RTC_HCTOSYS=y CONFIG_RTC_HCTOSYS_DEVICE="rtc0" @@ -6822,6 +6862,7 @@ CONFIG_RTC_DRV_DS1305=m CONFIG_RTC_DRV_DS1343=m CONFIG_RTC_DRV_DS1347=m CONFIG_RTC_DRV_DS1390=m +CONFIG_RTC_DRV_MAX6916=m CONFIG_RTC_DRV_R9701=m CONFIG_RTC_DRV_RX4581=m CONFIG_RTC_DRV_RX6110=m @@ -7156,7 +7197,6 @@ CONFIG_ADIS16201=m CONFIG_ADIS16203=m CONFIG_ADIS16209=m CONFIG_ADIS16240=m -CONFIG_LIS3L02DQ=m CONFIG_SCA3000=m # @@ -7253,9 +7293,8 @@ CONFIG_SPEAKUP_SYNTH_TXPRT=m CONFIG_SPEAKUP_SYNTH_DUMMY=m CONFIG_STAGING_MEDIA=y CONFIG_I2C_BCM2048=m +# CONFIG_MEDIA_CEC is not set CONFIG_DVB_CXD2099=m -CONFIG_DVB_MN88472=m -CONFIG_VIDEO_TIMBERDALE=m CONFIG_LIRC_STAGING=y CONFIG_LIRC_BT829=m CONFIG_LIRC_IMON=m @@ -7336,6 +7375,7 @@ CONFIG_HDM_USB=m CONFIG_ISDN_DRV_ICN=m CONFIG_ISDN_DRV_PCBIT=m CONFIG_ISDN_DRV_ACT2000=m +CONFIG_KS7010=m CONFIG_X86_PLATFORM_DEVICES=y CONFIG_ACER_WMI=m CONFIG_ACERHDF=m @@ -7384,6 +7424,7 @@ CONFIG_TOSHIBA_HAPS=m CONFIG_TOSHIBA_WMI=m CONFIG_ACPI_CMPC=m CONFIG_INTEL_HID_EVENT=m +CONFIG_INTEL_VBTN=m CONFIG_INTEL_SCU_IPC=y CONFIG_INTEL_SCU_IPC_UTIL=m CONFIG_GPIO_INTEL_PMIC=y @@ -7428,7 +7469,7 @@ CONFIG_COMMON_CLK_PALMAS=m CONFIG_COMMON_CLK_PWM=m # CONFIG_COMMON_CLK_PXA is not set # CONFIG_COMMON_CLK_PIC32 is not set -# CONFIG_COMMON_CLK_OXNAS is not set +# CONFIG_SUNXI_CCU is not set # # Hardware Spinlock drivers @@ -7476,6 +7517,10 @@ CONFIG_STE_MODEM_RPROC=m # # SOC (System On Chip) specific Drivers # + +# +# Broadcom SoC drivers +# # CONFIG_SUNXI_SRAM is not set CONFIG_SOC_TI=y CONFIG_PM_DEVFREQ=y @@ -7520,6 +7565,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_CONFIGFS=m CONFIG_IIO_TRIGGER=y CONFIG_IIO_CONSUMERS_PER_TRIGGER=2 +CONFIG_IIO_SW_DEVICE=m CONFIG_IIO_SW_TRIGGER=m CONFIG_IIO_TRIGGERED_EVENT=m @@ -7527,6 +7573,7 @@ CONFIG_IIO_TRIGGERED_EVENT=m # Accelerometers # CONFIG_BMA180=m +CONFIG_BMA220=m CONFIG_BMC150_ACCEL=m CONFIG_BMC150_ACCEL_I2C=m CONFIG_BMC150_ACCEL_SPI=m @@ -7539,6 +7586,7 @@ CONFIG_KXCJK1013=m CONFIG_MMA7455=m CONFIG_MMA7455_I2C=m CONFIG_MMA7455_SPI=m +CONFIG_MMA7660=m CONFIG_MMA8452=m CONFIG_MMA9551_CORE=m CONFIG_MMA9551=m @@ -7776,12 +7824,14 @@ CONFIG_HID_SENSOR_DEVICE_ROTATION=m # CONFIG_IIO_HRTIMER_TRIGGER=m CONFIG_IIO_INTERRUPT_TRIGGER=m +CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_SYSFS_TRIGGER=m # # Digital potentiometers # CONFIG_DS1803=m +CONFIG_MAX5487=m CONFIG_MCP4131=m CONFIG_MCP4531=m CONFIG_TPL0102=m @@ -7849,6 +7899,7 @@ CONFIG_VME_PIO2=m CONFIG_PWM=y CONFIG_PWM_SYSFS=y CONFIG_PWM_CRC=y +CONFIG_PWM_CROS_EC=m CONFIG_PWM_LP3943=m CONFIG_PWM_LPSS=m CONFIG_PWM_LPSS_PCI=m @@ -7861,6 +7912,7 @@ CONFIG_IPACK_BUS=m CONFIG_BOARD_TPCI200=m CONFIG_SERIAL_IPOCTAL=m CONFIG_RESET_CONTROLLER=y +CONFIG_TI_SYSCON_RESET=m CONFIG_FMC=m CONFIG_FMC_FAKEDEV=m CONFIG_FMC_TRIVIAL=m @@ -7924,6 +7976,7 @@ CONFIG_FPGA_MGR_ZYNQ_FPGA=m # # Firmware Drivers # +# CONFIG_ARM_SCPI_PROTOCOL is not set CONFIG_EDD=y CONFIG_EDD_OFF=y CONFIG_FIRMWARE_MEMMAP=y @@ -7956,14 +8009,14 @@ CONFIG_UEFI_CPER=y # File systems # CONFIG_DCACHE_WORD_ACCESS=y +CONFIG_FS_IOMAP=y # CONFIG_EXT2_FS is not set # CONFIG_EXT3_FS is not set CONFIG_EXT4_FS=y CONFIG_EXT4_USE_FOR_EXT2=y CONFIG_EXT4_FS_POSIX_ACL=y CONFIG_EXT4_FS_SECURITY=y -CONFIG_EXT4_ENCRYPTION=m -CONFIG_EXT4_FS_ENCRYPTION=y +# CONFIG_EXT4_ENCRYPTION is not set # CONFIG_EXT4_DEBUG is not set CONFIG_JBD2=y # CONFIG_JBD2_DEBUG is not set @@ -8006,12 +8059,13 @@ CONFIG_F2FS_FS_XATTR=y CONFIG_F2FS_FS_POSIX_ACL=y CONFIG_F2FS_FS_SECURITY=y # CONFIG_F2FS_CHECK_FS is not set -CONFIG_F2FS_FS_ENCRYPTION=y +# CONFIG_F2FS_FS_ENCRYPTION is not set # CONFIG_F2FS_IO_TRACE is not set # CONFIG_F2FS_FAULT_INJECTION is not set CONFIG_FS_DAX=y CONFIG_FS_POSIX_ACL=y CONFIG_EXPORTFS=y +# CONFIG_EXPORTFS_BLOCK_OPS is not set CONFIG_FILE_LOCKING=y CONFIG_MANDATORY_FILE_LOCKING=y CONFIG_FS_ENCRYPTION=m @@ -8150,6 +8204,9 @@ CONFIG_ROMFS_BACKED_BY_BLOCK=y # CONFIG_ROMFS_BACKED_BY_BOTH is not set CONFIG_ROMFS_ON_BLOCK=y CONFIG_PSTORE=y +CONFIG_PSTORE_ZLIB_COMPRESS=y +# CONFIG_PSTORE_LZO_COMPRESS is not set +# CONFIG_PSTORE_LZ4_COMPRESS is not set # CONFIG_PSTORE_CONSOLE is not set # CONFIG_PSTORE_PMSG is not set # CONFIG_PSTORE_FTRACE is not set @@ -8188,6 +8245,7 @@ CONFIG_NFSD_V3_ACL=y CONFIG_NFSD_V4=y # CONFIG_NFSD_BLOCKLAYOUT is not set # CONFIG_NFSD_SCSILAYOUT is not set +# CONFIG_NFSD_FLEXFILELAYOUT is not set CONFIG_NFSD_V4_SECURITY_LABEL=y # CONFIG_NFSD_FAULT_INJECTION is not set CONFIG_GRACE_PERIOD=m @@ -8415,8 +8473,6 @@ CONFIG_PM_NOTIFIER_ERROR_INJECT=m CONFIG_NETDEV_NOTIFIER_ERROR_INJECT=m # CONFIG_FAULT_INJECTION is not set # CONFIG_LATENCYTOP is not set -CONFIG_ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS=y -# CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set CONFIG_USER_STACKTRACE_SUPPORT=y CONFIG_NOP_TRACER=y CONFIG_HAVE_FUNCTION_TRACER=y @@ -8561,6 +8617,10 @@ CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_PATH=y CONFIG_INTEL_TXT=y CONFIG_LSM_MMAP_MIN_ADDR=0 +CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y +CONFIG_HAVE_ARCH_HARDENED_USERCOPY=y +CONFIG_HARDENED_USERCOPY=y +# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set CONFIG_SECURITY_SELINUX=y CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0 @@ -8581,6 +8641,7 @@ CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init" CONFIG_SECURITY_APPARMOR=y CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 CONFIG_SECURITY_APPARMOR_HASH=y +CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y # CONFIG_SECURITY_LOADPIN is not set CONFIG_SECURITY_YAMA=y CONFIG_INTEGRITY=y @@ -8640,7 +8701,11 @@ CONFIG_CRYPTO_RNG2=y CONFIG_CRYPTO_RNG_DEFAULT=m CONFIG_CRYPTO_AKCIPHER2=y CONFIG_CRYPTO_AKCIPHER=y +CONFIG_CRYPTO_KPP2=y +CONFIG_CRYPTO_KPP=m CONFIG_CRYPTO_RSA=y +CONFIG_CRYPTO_DH=m +CONFIG_CRYPTO_ECDH=m CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MANAGER2=y CONFIG_CRYPTO_USER=m @@ -8705,7 +8770,8 @@ CONFIG_CRYPTO_RMD256=m CONFIG_CRYPTO_RMD320=m CONFIG_CRYPTO_SHA1=y CONFIG_CRYPTO_SHA256=y -CONFIG_CRYPTO_SHA512=y +CONFIG_CRYPTO_SHA512=m +CONFIG_CRYPTO_SHA3=m CONFIG_CRYPTO_TGR192=m CONFIG_CRYPTO_WP512=m @@ -8750,12 +8816,12 @@ CONFIG_CRYPTO_LZ4HC=m # Random Number Generation # CONFIG_CRYPTO_ANSI_CPRNG=m -CONFIG_CRYPTO_DRBG_MENU=m +CONFIG_CRYPTO_DRBG_MENU=y CONFIG_CRYPTO_DRBG_HMAC=y CONFIG_CRYPTO_DRBG_HASH=y CONFIG_CRYPTO_DRBG_CTR=y -CONFIG_CRYPTO_DRBG=m -CONFIG_CRYPTO_JITTERENTROPY=m +CONFIG_CRYPTO_DRBG=y +CONFIG_CRYPTO_JITTERENTROPY=y CONFIG_CRYPTO_USER_API=m CONFIG_CRYPTO_USER_API_HASH=m CONFIG_CRYPTO_USER_API_SKCIPHER=m @@ -8794,7 +8860,6 @@ CONFIG_HAVE_KVM_IRQCHIP=y CONFIG_HAVE_KVM_IRQFD=y CONFIG_HAVE_KVM_IRQ_ROUTING=y CONFIG_HAVE_KVM_EVENTFD=y -CONFIG_KVM_APIC_ARCHITECTURE=y CONFIG_KVM_MMIO=y CONFIG_KVM_ASYNC_PF=y CONFIG_HAVE_KVM_MSI=y @@ -8808,6 +8873,11 @@ CONFIG_KVM_INTEL=m CONFIG_KVM_AMD=m # CONFIG_KVM_MMU_AUDIT is not set CONFIG_KVM_DEVICE_ASSIGNMENT=y +CONFIG_VHOST_NET=m +CONFIG_VHOST_SCSI=m +CONFIG_VHOST_VSOCK=m +CONFIG_VHOST=m +# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set # CONFIG_LGUEST is not set CONFIG_BINARY_PRINTF=y @@ -8826,7 +8896,7 @@ CONFIG_GENERIC_PCI_IOMAP=y CONFIG_GENERIC_IOMAP=y CONFIG_GENERIC_IO=y CONFIG_ARCH_HAS_FAST_MULTIPLIER=y -CONFIG_CRC_CCITT=m +CONFIG_CRC_CCITT=y CONFIG_CRC16=y CONFIG_CRC_T10DIF=y CONFIG_CRC_ITU_T=m diff --git a/gnu/packages/linux-libre-4.7-x86_64.conf b/gnu/packages/linux-libre-4.8-x86_64.conf index 3571f75f9d..bbddf58861 100644 --- a/gnu/packages/linux-libre-4.7-x86_64.conf +++ b/gnu/packages/linux-libre-4.8-x86_64.conf @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.7.0-gnu Kernel Configuration +# Linux/x86 4.8.0-gnu Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -39,7 +39,6 @@ CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y CONFIG_HAVE_INTEL_TXT=y CONFIG_X86_64_SMP=y -CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-rdi -fcall-saved-rsi -fcall-saved-rdx -fcall-saved-rcx -fcall-saved-r8 -fcall-saved-r9 -fcall-saved-r10 -fcall-saved-r11" CONFIG_ARCH_SUPPORTS_UPROBES=y CONFIG_FIX_EARLYCON_MEM=y CONFIG_DEBUG_RODATA=y @@ -240,6 +239,7 @@ CONFIG_SLUB_DEBUG=y # CONFIG_SLAB is not set CONFIG_SLUB=y # CONFIG_SLOB is not set +CONFIG_SLAB_FREELIST_RANDOM=y CONFIG_SLUB_CPU_PARTIAL=y # CONFIG_SYSTEM_DATA_VERIFICATION is not set CONFIG_PROFILING=y @@ -288,11 +288,15 @@ CONFIG_ARCH_WANT_COMPAT_IPC_PARSE_VERSION=y CONFIG_ARCH_WANT_OLD_COMPAT_IPC=y CONFIG_HAVE_ARCH_SECCOMP_FILTER=y CONFIG_SECCOMP_FILTER=y +CONFIG_HAVE_GCC_PLUGINS=y +CONFIG_GCC_PLUGINS=y +# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set CONFIG_HAVE_CC_STACKPROTECTOR=y CONFIG_CC_STACKPROTECTOR=y # CONFIG_CC_STACKPROTECTOR_NONE is not set # CONFIG_CC_STACKPROTECTOR_REGULAR is not set CONFIG_CC_STACKPROTECTOR_STRONG=y +CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y CONFIG_HAVE_CONTEXT_TRACKING=y CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y @@ -545,6 +549,7 @@ CONFIG_HWPOISON_INJECT=m CONFIG_TRANSPARENT_HUGEPAGE=y CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS=y # CONFIG_TRANSPARENT_HUGEPAGE_MADVISE is not set +CONFIG_TRANSPARENT_HUGE_PAGECACHE=y CONFIG_CLEANCACHE=y CONFIG_FRONTSWAP=y CONFIG_CMA=y @@ -602,6 +607,8 @@ CONFIG_RELOCATABLE=y CONFIG_RANDOMIZE_BASE=y CONFIG_X86_NEED_RELOCS=y CONFIG_PHYSICAL_ALIGN=0x1000000 +CONFIG_RANDOMIZE_MEMORY=y +CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0xa CONFIG_HOTPLUG_CPU=y # CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set # CONFIG_DEBUG_HOTPLUG_CPU0 is not set @@ -659,6 +666,7 @@ CONFIG_ACPI_VIDEO=m CONFIG_ACPI_FAN=y CONFIG_ACPI_DOCK=y CONFIG_ACPI_CPU_FREQ_PSS=y +CONFIG_ACPI_PROCESSOR_CSTATE=y CONFIG_ACPI_PROCESSOR_IDLE=y CONFIG_ACPI_PROCESSOR=y CONFIG_ACPI_IPMI=m @@ -668,6 +676,7 @@ CONFIG_ACPI_THERMAL=y CONFIG_ACPI_NUMA=y CONFIG_ACPI_CUSTOM_DSDT_FILE="" # CONFIG_ACPI_CUSTOM_DSDT is not set +CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y CONFIG_ACPI_TABLE_UPGRADE=y # CONFIG_ACPI_DEBUG is not set CONFIG_ACPI_PCI_SLOT=y @@ -690,8 +699,10 @@ CONFIG_ACPI_APEI_PCIEAER=y CONFIG_ACPI_APEI_MEMORY_FAILURE=y CONFIG_ACPI_APEI_EINJ=m # CONFIG_ACPI_APEI_ERST_DEBUG is not set +CONFIG_DPTF_POWER=m CONFIG_ACPI_EXTLOG=m # CONFIG_PMIC_OPREGION is not set +CONFIG_ACPI_CONFIGFS=m CONFIG_SFI=y # @@ -767,7 +778,7 @@ CONFIG_PCIEASPM_DEFAULT=y # CONFIG_PCIEASPM_POWERSAVE is not set # CONFIG_PCIEASPM_PERFORMANCE is not set CONFIG_PCIE_PME=y -CONFIG_PCIE_DPC=m +CONFIG_PCIE_DPC=y CONFIG_PCI_BUS_ADDR_T_64BIT=y CONFIG_PCI_MSI=y CONFIG_PCI_MSI_IRQ_DOMAIN=y @@ -821,6 +832,7 @@ CONFIG_RAPIDIO_DISC_TIMEOUT=30 CONFIG_RAPIDIO_DMA_ENGINE=y # CONFIG_RAPIDIO_DEBUG is not set CONFIG_RAPIDIO_ENUM_BASIC=m +CONFIG_RAPIDIO_CHMAN=m CONFIG_RAPIDIO_MPORT_CDEV=m # @@ -830,6 +842,7 @@ CONFIG_RAPIDIO_TSI57X=m CONFIG_RAPIDIO_CPS_XX=m CONFIG_RAPIDIO_TSI568=m CONFIG_RAPIDIO_CPS_GEN2=m +CONFIG_RAPIDIO_RXS_GEN3=m # CONFIG_X86_SYSFB is not set # @@ -920,6 +933,7 @@ CONFIG_TCP_CONG_HTCP=m CONFIG_TCP_CONG_HSTCP=m CONFIG_TCP_CONG_HYBLA=m CONFIG_TCP_CONG_VEGAS=m +CONFIG_TCP_CONG_NV=m CONFIG_TCP_CONG_SCALABLE=m CONFIG_TCP_CONG_LP=m CONFIG_TCP_CONG_VENO=m @@ -1432,6 +1446,7 @@ CONFIG_NET_CLS_FLOW=m CONFIG_NET_CLS_CGROUP=m CONFIG_NET_CLS_BPF=m CONFIG_NET_CLS_FLOWER=m +CONFIG_NET_CLS_MATCHALL=m CONFIG_NET_EMATCH=y CONFIG_NET_EMATCH_STACK=32 CONFIG_NET_EMATCH_CMP=m @@ -1475,6 +1490,8 @@ CONFIG_OPENVSWITCH_VXLAN=m CONFIG_OPENVSWITCH_GENEVE=m CONFIG_VSOCKETS=m CONFIG_VMWARE_VMCI_VSOCKETS=m +CONFIG_VIRTIO_VSOCKETS=m +CONFIG_VIRTIO_VSOCKETS_COMMON=m CONFIG_NETLINK_DIAG=m CONFIG_MPLS=y CONFIG_NET_MPLS_GSO=m @@ -1483,6 +1500,7 @@ CONFIG_MPLS_IPTUNNEL=m CONFIG_HSR=m # CONFIG_NET_SWITCHDEV is not set CONFIG_NET_L3_MASTER_DEV=y +CONFIG_NET_NCSI=y CONFIG_RPS=y CONFIG_RFS_ACCEL=y CONFIG_XPS=y @@ -1940,6 +1958,7 @@ CONFIG_MTD_NAND_CAFE=m CONFIG_MTD_NAND_NANDSIM=m CONFIG_MTD_NAND_PLATFORM=m CONFIG_MTD_NAND_HISI504=m +CONFIG_MTD_NAND_MTK=m CONFIG_MTD_ONENAND=m CONFIG_MTD_ONENAND_VERIFY_WRITE=y CONFIG_MTD_ONENAND_GENERIC=m @@ -2013,7 +2032,6 @@ CONFIG_PARIDE_ON20=m CONFIG_PARIDE_ON26=m CONFIG_BLK_DEV_PCIESSD_MTIP32XX=m CONFIG_ZRAM=m -CONFIG_ZRAM_LZ4_COMPRESS=y CONFIG_BLK_CPQ_CISS_DA=m CONFIG_CISS_SCSI_TAPE=y CONFIG_BLK_DEV_DAC960=m @@ -2045,6 +2063,11 @@ CONFIG_BLK_DEV_RSXX=m CONFIG_NVME_CORE=m CONFIG_BLK_DEV_NVME=m # CONFIG_BLK_DEV_NVME_SCSI is not set +CONFIG_NVME_FABRICS=m +CONFIG_NVME_RDMA=m +CONFIG_NVME_TARGET=m +CONFIG_NVME_TARGET_LOOP=m +CONFIG_NVME_TARGET_RDMA=m # # Misc devices @@ -2066,7 +2089,6 @@ CONFIG_APDS9802ALS=m CONFIG_ISL29003=m CONFIG_ISL29020=m CONFIG_SENSORS_TSL2550=m -CONFIG_SENSORS_BH1780=m CONFIG_SENSORS_BH1770=m CONFIG_SENSORS_APDS990X=m CONFIG_HMC6352=m @@ -2153,12 +2175,12 @@ CONFIG_MIC_COSM=m # VOP Driver # CONFIG_VOP=m +CONFIG_VHOST_RING=m CONFIG_GENWQE=m CONFIG_GENWQE_PLATFORM_ERROR_RECOVERY=0 CONFIG_ECHO=m # CONFIG_CXL_BASE is not set -# CONFIG_CXL_KERNEL_API is not set -# CONFIG_CXL_EEH is not set +# CONFIG_CXL_AFU_DRIVER_OPS is not set CONFIG_HAVE_IDE=y # CONFIG_IDE is not set @@ -2246,7 +2268,9 @@ CONFIG_SCSI_MPT3SAS_MAX_SGE=128 CONFIG_SCSI_MPT2SAS=m CONFIG_SCSI_UFSHCD=m CONFIG_SCSI_UFSHCD_PCI=m +# CONFIG_SCSI_UFS_DWC_TC_PCI is not set CONFIG_SCSI_UFSHCD_PLATFORM=m +# CONFIG_SCSI_UFS_DWC_TC_PLATFORM is not set CONFIG_SCSI_HPTIOP=m CONFIG_SCSI_BUSLOGIC=m CONFIG_SCSI_FLASHPOINT=y @@ -2568,11 +2592,6 @@ CONFIG_CAIF_SPI_SLAVE=m # CONFIG_CAIF_SPI_SYNC is not set CONFIG_CAIF_HSI=m CONFIG_CAIF_VIRTIO=m -CONFIG_VHOST_NET=m -CONFIG_VHOST_SCSI=m -CONFIG_VHOST_RING=m -CONFIG_VHOST=m -# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set # # Distributed Switch Architecture drivers @@ -2618,8 +2637,6 @@ CONFIG_CNIC=m CONFIG_TIGON3=m CONFIG_BNX2X=m CONFIG_BNX2X_SRIOV=y -CONFIG_BNX2X_VXLAN=y -# CONFIG_BNX2X_GENEVE is not set CONFIG_BNXT=m CONFIG_BNXT_SRIOV=y CONFIG_NET_VENDOR_BROCADE=y @@ -2635,9 +2652,9 @@ CONFIG_CHELSIO_T1_1G=y CONFIG_CHELSIO_T3=m CONFIG_CHELSIO_T4=m CONFIG_CHELSIO_T4_DCB=y -CONFIG_CHELSIO_T4_UWIRE=y CONFIG_CHELSIO_T4_FCOE=y CONFIG_CHELSIO_T4VF=m +CONFIG_CHELSIO_LIB=m CONFIG_NET_VENDOR_CISCO=y CONFIG_ENIC=m CONFIG_CX_ECAT=m @@ -2662,7 +2679,6 @@ CONFIG_SUNDANCE=m CONFIG_NET_VENDOR_EMULEX=y CONFIG_BE2NET=m CONFIG_BE2NET_HWMON=y -CONFIG_BE2NET_VXLAN=y CONFIG_NET_VENDOR_EZCHIP=y CONFIG_NET_VENDOR_EXAR=y CONFIG_S2IO=m @@ -2683,19 +2699,15 @@ CONFIG_IGB_DCA=y CONFIG_IGBVF=m CONFIG_IXGB=m CONFIG_IXGBE=m -CONFIG_IXGBE_VXLAN=y CONFIG_IXGBE_HWMON=y CONFIG_IXGBE_DCA=y CONFIG_IXGBE_DCB=y CONFIG_IXGBEVF=m CONFIG_I40E=m -CONFIG_I40E_VXLAN=y -CONFIG_I40E_GENEVE=y CONFIG_I40E_DCB=y CONFIG_I40E_FCOE=y CONFIG_I40EVF=m CONFIG_FM10K=m -CONFIG_FM10K_VXLAN=y CONFIG_NET_VENDOR_I825XX=y CONFIG_JME=m CONFIG_NET_VENDOR_MARVELL=y @@ -2709,7 +2721,6 @@ CONFIG_SKY2=m CONFIG_NET_VENDOR_MELLANOX=y CONFIG_MLX4_EN=m CONFIG_MLX4_EN_DCB=y -CONFIG_MLX4_EN_VXLAN=y CONFIG_MLX4_CORE=m CONFIG_MLX4_DEBUG=y CONFIG_MLX5_CORE=m @@ -2753,15 +2764,12 @@ CONFIG_QLA3XXX=m CONFIG_QLCNIC=m CONFIG_QLCNIC_SRIOV=y CONFIG_QLCNIC_DCB=y -CONFIG_QLCNIC_VXLAN=y CONFIG_QLCNIC_HWMON=y CONFIG_QLGE=m CONFIG_NETXEN_NIC=m CONFIG_QED=m CONFIG_QED_SRIOV=y CONFIG_QEDE=m -# CONFIG_QEDE_VXLAN is not set -# CONFIG_QEDE_GENEVE is not set CONFIG_NET_VENDOR_QUALCOMM=y CONFIG_NET_VENDOR_REALTEK=y CONFIG_ATP=m @@ -2831,6 +2839,7 @@ CONFIG_SKFP=m # CONFIG_HIPPI is not set CONFIG_NET_SB1000=m CONFIG_PHYLIB=y +CONFIG_SWPHY=y # # MII PHY device drivers @@ -2866,6 +2875,7 @@ CONFIG_MDIO_CAVIUM=m CONFIG_MDIO_OCTEON=m CONFIG_MDIO_THUNDER=m CONFIG_MDIO_BCM_UNIMAC=m +CONFIG_INTEL_XWAY_PHY=m CONFIG_MICREL_KS8995MA=m CONFIG_PLIP=m CONFIG_PPP=y @@ -3465,6 +3475,7 @@ CONFIG_TABLET_USB_AIPTEK=m CONFIG_TABLET_USB_GTCO=m CONFIG_TABLET_USB_HANWANG=m CONFIG_TABLET_USB_KBTAB=m +CONFIG_TABLET_USB_PEGASUS=m CONFIG_TABLET_SERIAL_WACOM4=m CONFIG_INPUT_TOUCHSCREEN=y CONFIG_TOUCHSCREEN_PROPERTIES=y @@ -3546,8 +3557,12 @@ CONFIG_TOUCHSCREEN_TSC2004=m CONFIG_TOUCHSCREEN_TSC2005=m CONFIG_TOUCHSCREEN_TSC2007=m CONFIG_TOUCHSCREEN_PCAP=m +CONFIG_TOUCHSCREEN_RM_TS=m +CONFIG_TOUCHSCREEN_SILEAD=m +CONFIG_TOUCHSCREEN_SIS_I2C=m CONFIG_TOUCHSCREEN_ST1232=m CONFIG_TOUCHSCREEN_SUR40=m +CONFIG_TOUCHSCREEN_SURFACE3_SPI=m CONFIG_TOUCHSCREEN_SX8654=m CONFIG_TOUCHSCREEN_TPS6507X=m CONFIG_TOUCHSCREEN_ZFORCE=m @@ -3738,7 +3753,6 @@ CONFIG_IPMI_HANDLER=m # CONFIG_IPMI_PANIC_EVENT is not set CONFIG_IPMI_DEVICE_INTERFACE=m CONFIG_IPMI_SI=m -CONFIG_IPMI_SI_PROBE_DEFAULTS=y CONFIG_IPMI_SSIF=m CONFIG_IPMI_WATCHDOG=m CONFIG_IPMI_POWEROFF=m @@ -3768,7 +3782,9 @@ CONFIG_HPET_MMAP=y CONFIG_HPET_MMAP_DEFAULT=y CONFIG_HANGCHECK_TIMER=m CONFIG_TCG_TPM=y +CONFIG_TCG_TIS_CORE=y CONFIG_TCG_TIS=y +CONFIG_TCG_TIS_SPI=m CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m CONFIG_TCG_TIS_I2C_NUVOTON=m @@ -3777,6 +3793,7 @@ CONFIG_TCG_ATMEL=m CONFIG_TCG_INFINEON=m CONFIG_TCG_XEN=m CONFIG_TCG_CRB=m +CONFIG_TCG_VTPM_PROXY=m CONFIG_TCG_TIS_ST33ZP24=m CONFIG_TCG_TIS_ST33ZP24_I2C=m CONFIG_TCG_TIS_ST33ZP24_SPI=m @@ -3965,7 +3982,6 @@ CONFIG_PINCTRL_CHERRYVIEW=m CONFIG_PINCTRL_INTEL=m CONFIG_PINCTRL_BROXTON=m CONFIG_PINCTRL_SUNRISEPOINT=m -CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y CONFIG_GPIOLIB=y CONFIG_GPIO_DEVRES=y CONFIG_GPIO_ACPI=y @@ -4036,7 +4052,6 @@ CONFIG_GPIO_WM8994=m # PCI GPIO expanders # CONFIG_GPIO_AMD8111=m -CONFIG_GPIO_INTEL_MID=y CONFIG_GPIO_ML_IOH=m CONFIG_GPIO_RDC321X=m @@ -4050,7 +4065,6 @@ CONFIG_GPIO_PISOSR=m # # SPI or I2C GPIO expanders # -CONFIG_GPIO_MCP23S08=m # # USB GPIO expanders @@ -4184,6 +4198,7 @@ CONFIG_SENSORS_F71882FG=m CONFIG_SENSORS_F75375S=m CONFIG_SENSORS_MC13783_ADC=m CONFIG_SENSORS_FSCHMD=m +CONFIG_SENSORS_FTSTEUTATES=m CONFIG_SENSORS_GL518SM=m CONFIG_SENSORS_GL520SM=m CONFIG_SENSORS_G760A=m @@ -4262,6 +4277,7 @@ CONFIG_SENSORS_UCD9200=m CONFIG_SENSORS_ZL6100=m CONFIG_SENSORS_SHT15=m CONFIG_SENSORS_SHT21=m +CONFIG_SENSORS_SHT3x=m CONFIG_SENSORS_SHTC1=m CONFIG_SENSORS_SIS5595=m CONFIG_SENSORS_DME1737=m @@ -4282,6 +4298,7 @@ CONFIG_SENSORS_ADS7871=m CONFIG_SENSORS_AMC6821=m CONFIG_SENSORS_INA209=m CONFIG_SENSORS_INA2XX=m +CONFIG_SENSORS_INA3221=m CONFIG_SENSORS_TC74=m CONFIG_SENSORS_THMC50=m CONFIG_SENSORS_TMP102=m @@ -4357,7 +4374,6 @@ CONFIG_XILINX_WATCHDOG=m CONFIG_ZIIRAVE_WATCHDOG=m CONFIG_CADENCE_WATCHDOG=m CONFIG_DW_WATCHDOG=m -CONFIG_RN5T618_WATCHDOG=m CONFIG_TWL4030_WATCHDOG=m CONFIG_MAX63XX_WATCHDOG=m CONFIG_RETU_WATCHDOG=m @@ -4440,6 +4456,7 @@ CONFIG_BCMA_HOST_PCI_POSSIBLE=y CONFIG_BCMA_HOST_PCI=y CONFIG_BCMA_HOST_SOC=y CONFIG_BCMA_DRIVER_PCI=y +CONFIG_BCMA_SFLASH=y CONFIG_BCMA_DRIVER_GMAC_CMN=y CONFIG_BCMA_DRIVER_GPIO=y # CONFIG_BCMA_DEBUG is not set @@ -4504,7 +4521,6 @@ CONFIG_MFD_RTSX_PCI=m CONFIG_MFD_RT5033=m CONFIG_MFD_RTSX_USB=m CONFIG_MFD_RC5T583=y -CONFIG_MFD_RN5T618=m CONFIG_MFD_SEC_CORE=y CONFIG_MFD_SI476X_CORE=m CONFIG_MFD_SM501=m @@ -4601,6 +4617,7 @@ CONFIG_REGULATOR_MC13XXX_CORE=m CONFIG_REGULATOR_MC13783=m CONFIG_REGULATOR_MC13892=m CONFIG_REGULATOR_MT6311=m +CONFIG_REGULATOR_MT6323=m CONFIG_REGULATOR_MT6397=m CONFIG_REGULATOR_PALMAS=m CONFIG_REGULATOR_PCAP=m @@ -4612,7 +4629,6 @@ CONFIG_REGULATOR_PV88090=m CONFIG_REGULATOR_PWM=m CONFIG_REGULATOR_QCOM_SPMI=m CONFIG_REGULATOR_RC5T583=m -CONFIG_REGULATOR_RN5T618=m CONFIG_REGULATOR_RT5033=m CONFIG_REGULATOR_S2MPA01=m CONFIG_REGULATOR_S2MPS11=m @@ -4647,6 +4663,7 @@ CONFIG_MEDIA_DIGITAL_TV_SUPPORT=y CONFIG_MEDIA_RADIO_SUPPORT=y CONFIG_MEDIA_SDR_SUPPORT=y CONFIG_MEDIA_RC_SUPPORT=y +CONFIG_MEDIA_CEC_EDID=y CONFIG_MEDIA_CONTROLLER=y # CONFIG_MEDIA_CONTROLLER_DVB is not set CONFIG_VIDEO_DEV=m @@ -5177,6 +5194,8 @@ CONFIG_DVB_M88DS3103=m CONFIG_DVB_DRXK=m CONFIG_DVB_TDA18271C2DD=m CONFIG_DVB_SI2165=m +CONFIG_DVB_MN88472=m +CONFIG_DVB_MN88473=m # # DVB-S (satellite) frontends @@ -5302,6 +5321,7 @@ CONFIG_DVB_M88RS2000=m CONFIG_DVB_AF9033=m CONFIG_DVB_HORUS3A=m CONFIG_DVB_ASCOT2E=m +CONFIG_DVB_HELENE=m # # Tools to develop new frontends @@ -5332,7 +5352,6 @@ CONFIG_DRM_TTM=m # # I2C encoder or helper chips # -CONFIG_DRM_I2C_ADV7511=m CONFIG_DRM_I2C_CH7006=m CONFIG_DRM_I2C_SIL164=m CONFIG_DRM_I2C_NXP_TDA998X=m @@ -5358,6 +5377,7 @@ CONFIG_DRM_I810=m CONFIG_DRM_I915=m # CONFIG_DRM_I915_PRELIMINARY_HW_SUPPORT is not set CONFIG_DRM_I915_USERPTR=y +# CONFIG_DRM_I915_GVT is not set # # drm/i915 Debugging @@ -5748,6 +5768,7 @@ CONFIG_SND_SOC_TOPOLOGY=y CONFIG_SND_SOC_AMD_ACP=m CONFIG_SND_ATMEL_SOC=m CONFIG_SND_DESIGNWARE_I2S=m +CONFIG_SND_DESIGNWARE_PCM=m # # SoC Audio for Freescale CPUs @@ -5767,9 +5788,14 @@ CONFIG_SND_SST_MFLD_PLATFORM=m CONFIG_SND_SST_IPC=m CONFIG_SND_SST_IPC_ACPI=m CONFIG_SND_SOC_INTEL_SST=m +CONFIG_SND_SOC_INTEL_SST_FIRMWARE=m CONFIG_SND_SOC_INTEL_SST_ACPI=m CONFIG_SND_SOC_INTEL_SST_MATCH=m +CONFIG_SND_SOC_INTEL_HASWELL=m +CONFIG_SND_SOC_INTEL_HASWELL_MACH=m +CONFIG_SND_SOC_INTEL_BXT_DA7219_MAX98357A_MACH=m CONFIG_SND_SOC_INTEL_BXT_RT298_MACH=m +CONFIG_SND_SOC_INTEL_BROADWELL_MACH=m CONFIG_SND_SOC_INTEL_BYTCR_RT5640_MACH=m CONFIG_SND_SOC_INTEL_BYTCR_RT5651_MACH=m CONFIG_SND_SOC_INTEL_CHT_BSW_RT5672_MACH=m @@ -5784,6 +5810,7 @@ CONFIG_SND_SOC_INTEL_SKL_NAU88L25_MAX98357A_MACH=m # Allwinner SoC Audio support # CONFIG_SND_SUN4I_CODEC=m +CONFIG_SND_SUN4I_I2S=m CONFIG_SND_SOC_XTFPGA_I2S=m CONFIG_SND_SOC_I2C_AND_SPI=m @@ -5792,13 +5819,16 @@ CONFIG_SND_SOC_I2C_AND_SPI=m # CONFIG_SND_SOC_AC97_CODEC=m CONFIG_SND_SOC_ADAU1701=m +CONFIG_SND_SOC_ADAU7002=m CONFIG_SND_SOC_AK4104=m CONFIG_SND_SOC_AK4554=m CONFIG_SND_SOC_AK4613=m CONFIG_SND_SOC_AK4642=m CONFIG_SND_SOC_AK5386=m CONFIG_SND_SOC_ALC5623=m +CONFIG_SND_SOC_BT_SCO=m CONFIG_SND_SOC_CS35L32=m +CONFIG_SND_SOC_CS35L33=m CONFIG_SND_SOC_CS42L51=m CONFIG_SND_SOC_CS42L51_I2C=m CONFIG_SND_SOC_CS42L52=m @@ -5812,6 +5842,8 @@ CONFIG_SND_SOC_CS4271_SPI=m CONFIG_SND_SOC_CS42XX8=m CONFIG_SND_SOC_CS42XX8_I2C=m CONFIG_SND_SOC_CS4349=m +CONFIG_SND_SOC_CS53L30=m +CONFIG_SND_SOC_DA7219=m CONFIG_SND_SOC_DMIC=m CONFIG_SND_SOC_ES8328=m CONFIG_SND_SOC_GTM601=m @@ -5819,6 +5851,8 @@ CONFIG_SND_SOC_HDAC_HDMI=m CONFIG_SND_SOC_INNO_RK3036=m CONFIG_SND_SOC_MAX98090=m CONFIG_SND_SOC_MAX98357A=m +CONFIG_SND_SOC_MAX98504=m +CONFIG_SND_SOC_MAX9860=m CONFIG_SND_SOC_PCM1681=m CONFIG_SND_SOC_PCM179X=m CONFIG_SND_SOC_PCM179X_I2C=m @@ -5884,8 +5918,10 @@ CONFIG_SND_SOC_WM8960=m CONFIG_SND_SOC_WM8962=m CONFIG_SND_SOC_WM8974=m CONFIG_SND_SOC_WM8978=m +CONFIG_SND_SOC_WM8985=m CONFIG_SND_SOC_NAU8825=m CONFIG_SND_SOC_TPA6130A2=m +CONFIG_SND_SIMPLE_CARD_UTILS=m CONFIG_SND_SIMPLE_CARD=m # CONFIG_SOUND_PRIME is not set CONFIG_AC97_BUS=m @@ -5938,6 +5974,7 @@ CONFIG_HID_ICADE=m CONFIG_HID_TWINHAN=m CONFIG_HID_KENSINGTON=m CONFIG_HID_LCPOWER=m +CONFIG_HID_LED=m CONFIG_HID_LENOVO=m CONFIG_HID_LOGITECH=m CONFIG_HID_LOGITECH_DJ=m @@ -5991,6 +6028,7 @@ CONFIG_ZEROPLUS_FF=y CONFIG_HID_ZYDACRON=m CONFIG_HID_SENSOR_HUB=m CONFIG_HID_SENSOR_CUSTOM_SENSOR=m +CONFIG_HID_ALPS=m # # USB HID support @@ -6134,7 +6172,7 @@ CONFIG_USB_DWC2_HOST=y # # Gadget/Dual-role mode requires USB Gadget support to be enabled # -CONFIG_USB_DWC2_PCI=y +CONFIG_USB_DWC2_PCI=m # CONFIG_USB_DWC2_DEBUG is not set # CONFIG_USB_DWC2_TRACK_MISSED_SOFS is not set CONFIG_USB_CHIPIDEA=m @@ -6229,7 +6267,6 @@ CONFIG_USB_SEVSEG=m CONFIG_USB_RIO500=m CONFIG_USB_LEGOTOWER=m CONFIG_USB_LCD=m -CONFIG_USB_LED=m CONFIG_USB_CYPRESS_CY7C63=m CONFIG_USB_CYTHERM=m CONFIG_USB_IDMOUSE=m @@ -6259,7 +6296,7 @@ CONFIG_USB_XUSBATM=m # USB Physical Layer drivers # CONFIG_USB_PHY=y -CONFIG_NOP_USB_XCEIV=y +CONFIG_NOP_USB_XCEIV=m CONFIG_USB_GPIO_VBUS=m CONFIG_TAHVO_USB=m CONFIG_TAHVO_USB_HOST_BY_DEFAULT=y @@ -6434,6 +6471,7 @@ CONFIG_LEDS_PCA9532=m CONFIG_LEDS_PCA9532_GPIO=y CONFIG_LEDS_GPIO=m CONFIG_LEDS_LP3944=m +CONFIG_LEDS_LP3952=m CONFIG_LEDS_LP55XX_COMMON=m CONFIG_LEDS_LP5521=m CONFIG_LEDS_LP5523=m @@ -6474,6 +6512,7 @@ CONFIG_LEDS_BLINKM=m CONFIG_LEDS_TRIGGERS=y CONFIG_LEDS_TRIGGER_TIMER=m CONFIG_LEDS_TRIGGER_ONESHOT=m +CONFIG_LEDS_TRIGGER_DISK=y # CONFIG_LEDS_TRIGGER_MTD is not set CONFIG_LEDS_TRIGGER_HEARTBEAT=m CONFIG_LEDS_TRIGGER_BACKLIGHT=m @@ -6517,6 +6556,7 @@ CONFIG_INFINIBAND_SRPT=m CONFIG_INFINIBAND_ISER=m CONFIG_INFINIBAND_ISERT=m CONFIG_INFINIBAND_RDMAVT=m +CONFIG_RDMA_RXE=m CONFIG_INFINIBAND_HFI1=m # CONFIG_HFI1_DEBUG_SDMA_ORDER is not set CONFIG_HFI1_VERBS_31BIT_PSN=y @@ -6542,7 +6582,9 @@ CONFIG_EDAC_I5000=m CONFIG_EDAC_I5100=m CONFIG_EDAC_I7300=m CONFIG_EDAC_SBRIDGE=m +CONFIG_EDAC_SKX=m CONFIG_RTC_LIB=y +CONFIG_RTC_MC146818_LIB=y CONFIG_RTC_CLASS=y CONFIG_RTC_HCTOSYS=y CONFIG_RTC_HCTOSYS_DEVICE="rtc0" @@ -6614,6 +6656,7 @@ CONFIG_RTC_DRV_DS1305=m CONFIG_RTC_DRV_DS1343=m CONFIG_RTC_DRV_DS1347=m CONFIG_RTC_DRV_DS1390=m +CONFIG_RTC_DRV_MAX6916=m CONFIG_RTC_DRV_R9701=m CONFIG_RTC_DRV_RX4581=m CONFIG_RTC_DRV_RX6110=m @@ -6949,7 +6992,6 @@ CONFIG_ADIS16201=m CONFIG_ADIS16203=m CONFIG_ADIS16209=m CONFIG_ADIS16240=m -CONFIG_LIS3L02DQ=m CONFIG_SCA3000=m # @@ -7042,8 +7084,8 @@ CONFIG_SPEAKUP_SYNTH_TXPRT=m CONFIG_SPEAKUP_SYNTH_DUMMY=m CONFIG_STAGING_MEDIA=y CONFIG_I2C_BCM2048=m +# CONFIG_MEDIA_CEC is not set CONFIG_DVB_CXD2099=m -CONFIG_DVB_MN88472=m CONFIG_LIRC_STAGING=y CONFIG_LIRC_BT829=m CONFIG_LIRC_IMON=m @@ -7127,6 +7169,7 @@ CONFIG_HDM_USB=m # # Old ISDN4Linux (deprecated) # +CONFIG_KS7010=m CONFIG_X86_PLATFORM_DEVICES=y CONFIG_ACER_WMI=m CONFIG_ACERHDF=m @@ -7174,6 +7217,7 @@ CONFIG_TOSHIBA_HAPS=m CONFIG_TOSHIBA_WMI=m CONFIG_ACPI_CMPC=m CONFIG_INTEL_HID_EVENT=m +CONFIG_INTEL_VBTN=m CONFIG_INTEL_IPS=m CONFIG_INTEL_PMC_CORE=y CONFIG_IBM_RTL=m @@ -7214,7 +7258,7 @@ CONFIG_COMMON_CLK_PALMAS=m CONFIG_COMMON_CLK_PWM=m # CONFIG_COMMON_CLK_PXA is not set # CONFIG_COMMON_CLK_PIC32 is not set -# CONFIG_COMMON_CLK_OXNAS is not set +# CONFIG_SUNXI_CCU is not set # # Hardware Spinlock drivers @@ -7263,6 +7307,10 @@ CONFIG_STE_MODEM_RPROC=m # # SOC (System On Chip) specific Drivers # + +# +# Broadcom SoC drivers +# # CONFIG_SUNXI_SRAM is not set CONFIG_SOC_TI=y CONFIG_PM_DEVFREQ=y @@ -7307,6 +7355,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_CONFIGFS=m CONFIG_IIO_TRIGGER=y CONFIG_IIO_CONSUMERS_PER_TRIGGER=2 +CONFIG_IIO_SW_DEVICE=m CONFIG_IIO_SW_TRIGGER=m CONFIG_IIO_TRIGGERED_EVENT=m @@ -7314,6 +7363,7 @@ CONFIG_IIO_TRIGGERED_EVENT=m # Accelerometers # CONFIG_BMA180=m +CONFIG_BMA220=m CONFIG_BMC150_ACCEL=m CONFIG_BMC150_ACCEL_I2C=m CONFIG_BMC150_ACCEL_SPI=m @@ -7326,6 +7376,7 @@ CONFIG_KXCJK1013=m CONFIG_MMA7455=m CONFIG_MMA7455_I2C=m CONFIG_MMA7455_SPI=m +CONFIG_MMA7660=m CONFIG_MMA8452=m CONFIG_MMA9551_CORE=m CONFIG_MMA9551=m @@ -7562,12 +7613,14 @@ CONFIG_HID_SENSOR_DEVICE_ROTATION=m # CONFIG_IIO_HRTIMER_TRIGGER=m CONFIG_IIO_INTERRUPT_TRIGGER=m +CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_SYSFS_TRIGGER=m # # Digital potentiometers # CONFIG_DS1803=m +CONFIG_MAX5487=m CONFIG_MCP4131=m CONFIG_MCP4531=m CONFIG_TPL0102=m @@ -7637,6 +7690,7 @@ CONFIG_VME_PIO2=m CONFIG_PWM=y CONFIG_PWM_SYSFS=y CONFIG_PWM_CRC=y +CONFIG_PWM_CROS_EC=m CONFIG_PWM_LP3943=m CONFIG_PWM_LPSS=m CONFIG_PWM_LPSS_PCI=m @@ -7649,6 +7703,7 @@ CONFIG_IPACK_BUS=m CONFIG_BOARD_TPCI200=m CONFIG_SERIAL_IPOCTAL=m CONFIG_RESET_CONTROLLER=y +CONFIG_TI_SYSCON_RESET=m CONFIG_FMC=m CONFIG_FMC_FAKEDEV=m CONFIG_FMC_TRIVIAL=m @@ -7716,6 +7771,7 @@ CONFIG_FPGA_MGR_ZYNQ_FPGA=m # # Firmware Drivers # +# CONFIG_ARM_SCPI_PROTOCOL is not set CONFIG_EDD=y CONFIG_EDD_OFF=y CONFIG_FIRMWARE_MEMMAP=y @@ -7748,14 +7804,14 @@ CONFIG_UEFI_CPER=y # File systems # CONFIG_DCACHE_WORD_ACCESS=y +CONFIG_FS_IOMAP=y # CONFIG_EXT2_FS is not set # CONFIG_EXT3_FS is not set CONFIG_EXT4_FS=y CONFIG_EXT4_USE_FOR_EXT2=y CONFIG_EXT4_FS_POSIX_ACL=y CONFIG_EXT4_FS_SECURITY=y -CONFIG_EXT4_ENCRYPTION=m -CONFIG_EXT4_FS_ENCRYPTION=y +# CONFIG_EXT4_ENCRYPTION is not set # CONFIG_EXT4_DEBUG is not set CONFIG_JBD2=y # CONFIG_JBD2_DEBUG is not set @@ -7798,12 +7854,13 @@ CONFIG_F2FS_FS_XATTR=y CONFIG_F2FS_FS_POSIX_ACL=y CONFIG_F2FS_FS_SECURITY=y # CONFIG_F2FS_CHECK_FS is not set -CONFIG_F2FS_FS_ENCRYPTION=y +# CONFIG_F2FS_FS_ENCRYPTION is not set # CONFIG_F2FS_IO_TRACE is not set # CONFIG_F2FS_FAULT_INJECTION is not set CONFIG_FS_DAX=y CONFIG_FS_POSIX_ACL=y CONFIG_EXPORTFS=y +# CONFIG_EXPORTFS_BLOCK_OPS is not set CONFIG_FILE_LOCKING=y CONFIG_MANDATORY_FILE_LOCKING=y CONFIG_FS_ENCRYPTION=m @@ -7943,6 +8000,9 @@ CONFIG_ROMFS_BACKED_BY_BLOCK=y # CONFIG_ROMFS_BACKED_BY_BOTH is not set CONFIG_ROMFS_ON_BLOCK=y CONFIG_PSTORE=y +CONFIG_PSTORE_ZLIB_COMPRESS=y +# CONFIG_PSTORE_LZO_COMPRESS is not set +# CONFIG_PSTORE_LZ4_COMPRESS is not set # CONFIG_PSTORE_CONSOLE is not set # CONFIG_PSTORE_PMSG is not set # CONFIG_PSTORE_FTRACE is not set @@ -7981,6 +8041,7 @@ CONFIG_NFSD_V3_ACL=y CONFIG_NFSD_V4=y # CONFIG_NFSD_BLOCKLAYOUT is not set # CONFIG_NFSD_SCSILAYOUT is not set +# CONFIG_NFSD_FLEXFILELAYOUT is not set CONFIG_NFSD_V4_SECURITY_LABEL=y # CONFIG_NFSD_FAULT_INJECTION is not set CONFIG_GRACE_PERIOD=m @@ -8212,8 +8273,6 @@ CONFIG_PM_NOTIFIER_ERROR_INJECT=m CONFIG_NETDEV_NOTIFIER_ERROR_INJECT=m # CONFIG_FAULT_INJECTION is not set # CONFIG_LATENCYTOP is not set -CONFIG_ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS=y -# CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set CONFIG_USER_STACKTRACE_SUPPORT=y CONFIG_NOP_TRACER=y CONFIG_HAVE_FUNCTION_TRACER=y @@ -8360,6 +8419,10 @@ CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_PATH=y CONFIG_INTEL_TXT=y CONFIG_LSM_MMAP_MIN_ADDR=0 +CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y +CONFIG_HAVE_ARCH_HARDENED_USERCOPY=y +CONFIG_HARDENED_USERCOPY=y +# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set CONFIG_SECURITY_SELINUX=y CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0 @@ -8380,6 +8443,7 @@ CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init" CONFIG_SECURITY_APPARMOR=y CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 CONFIG_SECURITY_APPARMOR_HASH=y +CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y # CONFIG_SECURITY_LOADPIN is not set CONFIG_SECURITY_YAMA=y CONFIG_INTEGRITY=y @@ -8439,7 +8503,11 @@ CONFIG_CRYPTO_RNG2=y CONFIG_CRYPTO_RNG_DEFAULT=m CONFIG_CRYPTO_AKCIPHER2=y CONFIG_CRYPTO_AKCIPHER=y +CONFIG_CRYPTO_KPP2=y +CONFIG_CRYPTO_KPP=m CONFIG_CRYPTO_RSA=y +CONFIG_CRYPTO_DH=m +CONFIG_CRYPTO_ECDH=m CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MANAGER2=y CONFIG_CRYPTO_USER=m @@ -8509,8 +8577,11 @@ CONFIG_CRYPTO_SHA1_SSSE3=m CONFIG_CRYPTO_SHA256_SSSE3=m CONFIG_CRYPTO_SHA512_SSSE3=m CONFIG_CRYPTO_SHA1_MB=m +CONFIG_CRYPTO_SHA256_MB=m +CONFIG_CRYPTO_SHA512_MB=m CONFIG_CRYPTO_SHA256=y CONFIG_CRYPTO_SHA512=y +CONFIG_CRYPTO_SHA3=m CONFIG_CRYPTO_TGR192=m CONFIG_CRYPTO_WP512=m CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m @@ -8568,12 +8639,12 @@ CONFIG_CRYPTO_LZ4HC=m # Random Number Generation # CONFIG_CRYPTO_ANSI_CPRNG=m -CONFIG_CRYPTO_DRBG_MENU=m +CONFIG_CRYPTO_DRBG_MENU=y CONFIG_CRYPTO_DRBG_HMAC=y CONFIG_CRYPTO_DRBG_HASH=y CONFIG_CRYPTO_DRBG_CTR=y -CONFIG_CRYPTO_DRBG=m -CONFIG_CRYPTO_JITTERENTROPY=m +CONFIG_CRYPTO_DRBG=y +CONFIG_CRYPTO_JITTERENTROPY=y CONFIG_CRYPTO_USER_API=m CONFIG_CRYPTO_USER_API_HASH=m CONFIG_CRYPTO_USER_API_SKCIPHER=m @@ -8611,7 +8682,6 @@ CONFIG_HAVE_KVM_IRQCHIP=y CONFIG_HAVE_KVM_IRQFD=y CONFIG_HAVE_KVM_IRQ_ROUTING=y CONFIG_HAVE_KVM_EVENTFD=y -CONFIG_KVM_APIC_ARCHITECTURE=y CONFIG_KVM_MMIO=y CONFIG_KVM_ASYNC_PF=y CONFIG_HAVE_KVM_MSI=y @@ -8626,6 +8696,11 @@ CONFIG_KVM_INTEL=m CONFIG_KVM_AMD=m # CONFIG_KVM_MMU_AUDIT is not set CONFIG_KVM_DEVICE_ASSIGNMENT=y +CONFIG_VHOST_NET=m +CONFIG_VHOST_SCSI=m +CONFIG_VHOST_VSOCK=m +CONFIG_VHOST=m +# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set CONFIG_BINARY_PRINTF=y # @@ -8644,7 +8719,7 @@ CONFIG_GENERIC_IOMAP=y CONFIG_GENERIC_IO=y CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y CONFIG_ARCH_HAS_FAST_MULTIPLIER=y -CONFIG_CRC_CCITT=m +CONFIG_CRC_CCITT=y CONFIG_CRC16=y CONFIG_CRC_T10DIF=y CONFIG_CRC_ITU_T=m diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index c6de8fa651..b77ca774b4 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -321,8 +321,8 @@ It has been modified to remove all non-free binary blobs.") (define %intel-compatible-systems '("x86_64-linux" "i686-linux")) (define-public linux-libre - (make-linux-libre "4.7.6" - "0716lpzq3w2pdc0nrrx06gqzdfzhkrjq7g37v4ws9wjlzak8hkvy" + (make-linux-libre "4.8" + "0fnax2qb597zg2gchab9n9fn7551vccmqfcvq5k3ckz24y50yknm" %intel-compatible-systems #:configuration-file kernel-config)) @@ -617,7 +617,11 @@ slabtop, and skill.") (native-inputs `(("pkg-config" ,pkg-config) ("texinfo" ,texinfo))) ;for the libext2fs Info manual (arguments - '(;; util-linux is the preferred source for some of the libraries and + '(;; Parallel building reliably yields a failure like this: + ;; "make[2]: *** No rule to make target '../lib/libss.so', needed by + ;; 'debugfs'. Stop." + #:parallel-build? #f + ;; util-linux is the preferred source for some of the libraries and ;; commands, so disable them (see, e.g., ;; <http://git.buildroot.net/buildroot/commit/?id=e1ffc2f791b33633>.) #:configure-flags '("--disable-libblkid" @@ -2595,7 +2599,7 @@ and copy/paste text in the console and in xterm.") (define-public btrfs-progs (package (name "btrfs-progs") - (version "4.7.3") + (version "4.8") (source (origin (method url-fetch) (uri (string-append "mirror://kernel.org/linux/kernel/" @@ -2603,7 +2607,7 @@ and copy/paste text in the console and in xterm.") "btrfs-progs-v" version ".tar.xz")) (sha256 (base32 - "073pvx8vz6rkw2d8mm1m60b3i8743pc712pasvydbgm8wl66zkch")))) + "06v6fqr0rl1bqg87ndi5fjh3l59v7yvimlg3abr4jc3wxw8hmdg6")))) (build-system gnu-build-system) (outputs '("out" "static")) ; static versions of binaries in "out" (~16MiB!) diff --git a/gnu/packages/lisp.scm b/gnu/packages/lisp.scm index 439433a22b..2e50897594 100644 --- a/gnu/packages/lisp.scm +++ b/gnu/packages/lisp.scm @@ -443,50 +443,6 @@ interface.") (license (list license:lgpl2.1 license:clarified-artistic)))) ;TRIVIAL-LDAP package -(define-public lispf4 - (let ((commit "174d8764d2f9764e8f4794c2e3feada9f9c1f1ba")) - (package - (name "lispf4") - (version (string-append "0.0.0-1" "-" - (string-take commit 7))) - (source (origin - (method git-fetch) - (uri (git-reference - (url "https://github.com/blakemcbride/LISPF4.git") - (commit commit))) - (file-name (string-append name "-" version "-checkout")) - (sha256 - (base32 - "18k8kfn30za637y4bfbm9x3vv4psa3q8f7bi9h4h0qlb8rz8m92c")))) - (build-system gnu-build-system) - ;; 80 MB appended Documentation -> output:doc - (outputs '("out" "doc")) - (arguments - `(#:make-flags - '("-f" "Makefile.unx" "CC=gcc") - #:tests? #f ; No 'check phase - #:phases - (modify-phases %standard-phases - (delete 'configure) - (replace 'install - (lambda* (#:key outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (bin (string-append out "/bin")) - (doc (string-append (assoc-ref outputs "doc") - "/share/doc/lispf4"))) - (install-file "lispf4" bin) - (install-file "SYSATOMS" bin) - (install-file "BASIC.IMG" bin) - (copy-recursively "Documentation" doc)) - #t))))) - (synopsis "InterLisp interpreter") - (description - "LISPF4 is an InterLisp interpreter written in FORTRAN by Mats Nordstrom -in the early 80's. It was converted to C by Blake McBride and supports much of -the InterLisp Standard.") - (home-page "https://github.com/blakemcbride/LISPF4.git") - (license license:expat)))) - (define-public femtolisp (let ((commit "68c5b1225572ecf2c52baf62f928063e5a30511b") (revision "1")) diff --git a/gnu/packages/machine-learning.scm b/gnu/packages/machine-learning.scm index 7fd0a26d0d..c239c4f00f 100644 --- a/gnu/packages/machine-learning.scm +++ b/gnu/packages/machine-learning.scm @@ -134,20 +134,25 @@ classification.") "0qbq1rqp94l530f043qzp8aw5lj7dng9wq0miffd7spd1ff638wq")))) (build-system gnu-build-system) (arguments - `(#:phases + `(#:imported-modules (,@%gnu-build-system-modules + (guix build python-build-system)) + #:phases (modify-phases %standard-phases (add-after 'unpack 'enter-dir (lambda _ (chdir "ghmm") #t)) - (add-after 'enter-dir 'fix-PYTHONPATH - (lambda* (#:key outputs #:allow-other-keys) - ;; The Python tests fail as the library is assumed to be stored - ;; in ./build/lib.linux-i686-*. To fix this we detect the CPU - ;; and use it in the path. - (substitute* "configure.in" - (("AM_INIT_AUTOMAKE" line) - (string-append line "\nAC_CANONICAL_HOST\n"))) - (substitute* "ghmmwrapper/Makefile.am" - (("i686") "@host_cpu@")) + (delete 'check) + (add-after 'install 'check + (assoc-ref %standard-phases 'check)) + (add-before 'check 'fix-PYTHONPATH + (lambda* (#:key inputs outputs #:allow-other-keys) + (let ((python-version ((@@ (guix build python-build-system) + get-python-version) + (assoc-ref inputs "python")))) + (setenv "PYTHONPATH" + (string-append (getenv "PYTHONPATH") + ":" (assoc-ref outputs "out") + "/lib/python" python-version + "/site-packages"))) #t)) (add-after 'enter-dir 'fix-runpath (lambda* (#:key outputs #:allow-other-keys) diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm index eafb501508..3bb2a386b0 100644 --- a/gnu/packages/maths.scm +++ b/gnu/packages/maths.scm @@ -185,15 +185,15 @@ semiconductors.") (define-public gsl (package (name "gsl") - (version "2.1") - (source - (origin - (method url-fetch) - (uri (string-append "mirror://gnu/gsl/gsl-" - version ".tar.gz")) - (sha256 - (base32 - "0rhcia9jhr3p1f1wybwyllwqfs9bggz99i3mi5lpyqcpff1hdbar")))) + (version "2.2.1") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnu/gsl/gsl-" + version ".tar.gz")) + (sha256 + (base32 + "095hp01d8lkqdvv0p1k25kvbisgfdmvx1rzpyc2i8kl2n33kvlhk")) + (patches (search-patches "gsl-test-i686.patch")))) (build-system gnu-build-system) (arguments `(#:parallel-tests? #f)) @@ -442,7 +442,7 @@ from one map projection to another. The GCTP is the standard computer software used by the National Mapping Division for map projection computations.") (home-page "https://github.com/OkoSanto/GCTP") - (license 'license:public-domain))) ; https://www2.usgs.gov/laws/info_policies.html + (license license:public-domain))) ;https://www2.usgs.gov/laws/info_policies.html (define-public hdf5 (package @@ -2629,3 +2629,37 @@ the same amount of space as the original point representation. This is useful when using the Gilbert curve as a space filling curve through a high-dimensional space where not all demensions have the same cardinality.") (license license:lgpl2.1+))) + +(define-public vc + (package + (name "vc") + (version "1.2.0") + (source + (origin (method url-fetch) + (uri (string-append "https://github.com/VcDevel/Vc/releases/" + "download/" version "/Vc-" version ".tar.gz")) + (sha256 + (base32 + "1rh6dhqar3y07n4xqyml0sa0v48qv3ch9dc3yc2in855hlh4vnqi")))) + (build-system cmake-build-system) + (arguments + '(#:configure-flags + '("-DBUILD_TESTING=ON"))) + (synopsis "SIMD vector classes for C++") + (description "Vc provides portable, zero-overhead C++ types for explicitly +data-parallel programming. It is a library designed to ease explicit +vectorization of C++ code. Its types enable explicitly stating data-parallel +operations on multiple values. The parallelism is therefore added via the type +system. Vc has an intuitive API and provides portability between different +compilers and compiler versions as well as portability between different vector +instruction sets. Thus, an application written with Vc can be compiled for: +@enumerate +@item AVX and AVX2 +@item SSE2 upto SSE4.2 or SSE4a +@item Scalar +@item MIC +@item NEON (in development) +@item NVIDIA GPUs / CUDA (in development) +@end enumerate\n") + (home-page "https://github.com/VcDevel/Vc") + (license license:bsd-3))) diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm index 058221ac02..34515f1d22 100644 --- a/gnu/packages/package-management.scm +++ b/gnu/packages/package-management.scm @@ -154,7 +154,7 @@ ;; incompatible .go files as reported at ;; <https://lists.gnu.org/archive/html/guix-devel/2016-03/msg01261.html>. (wrap-program (string-append out "/bin/guix") - `("GUILE_LOAD_PATH" ":" = (,path)) + `("GUILE_LOAD_PATH" ":" prefix (,path)) `("GUILE_LOAD_COMPILED_PATH" ":" = (,path))) #t)))))) diff --git a/gnu/packages/parallel.scm b/gnu/packages/parallel.scm index b49ec1f8c1..3a0d4aa564 100644 --- a/gnu/packages/parallel.scm +++ b/gnu/packages/parallel.scm @@ -45,7 +45,7 @@ (define-public parallel (package (name "parallel") - (version "20160822") + (version "20160922") (source (origin (method url-fetch) @@ -53,7 +53,7 @@ version ".tar.bz2")) (sha256 (base32 - "1qdb7889w7v5amd0z4qg3v4hia0wj5vjly9qvm5lm5nlxg8bfrwq")))) + "157q17v2vkjwccx9s2pxqip46gvwhfq4v9ar0l1ghgmpxggksvyq")))) (build-system gnu-build-system) (arguments `(#:phases diff --git a/gnu/packages/patches/cpio-gets-undeclared.patch b/gnu/packages/patches/cpio-gets-undeclared.patch deleted file mode 100644 index bc34de6455..0000000000 --- a/gnu/packages/patches/cpio-gets-undeclared.patch +++ /dev/null @@ -1,45 +0,0 @@ -This patch is needed to allow builds with newer versions of -the GNU libc (2.16+). - -The upstream fix was: - - commit 66712c23388e93e5c518ebc8515140fa0c807348 - Author: Eric Blake <eblake@redhat.com> - Date: Thu Mar 29 13:30:41 2012 -0600 - - stdio: don't assume gets any more - - Gnulib intentionally does not have a gets module, and now that C11 - and glibc have dropped it, we should be more proactive about warning - any user on a platform that still has a declaration of this dangerous - interface. - - * m4/stdio_h.m4 (gl_STDIO_H, gl_STDIO_H_DEFAULTS): Drop gets - support. - * modules/stdio (Makefile.am): Likewise. - * lib/stdio-read.c (gets): Likewise. - * tests/test-stdio-c++.cc: Likewise. - * m4/warn-on-use.m4 (gl_WARN_ON_USE_PREPARE): Fix comment. - * lib/stdio.in.h (gets): Make warning occur in more places. - * doc/posix-functions/gets.texi (gets): Update documentation. - Reported by Christer Solskogen. - - Signed-off-by: Eric Blake <eblake@redhat.com> - -This patch just gets rid of the offending part. - ---- cpio-2.11/gnu/stdio.in.h-orig 2012-11-25 22:17:06.000000000 +0400 -+++ cpio-2.11/gnu/stdio.in.h 2012-11-25 22:18:36.000000000 +0400 -@@ -135,12 +135,6 @@ - "use gnulib module fflush for portable POSIX compliance"); - #endif - --/* It is very rare that the developer ever has full control of stdin, -- so any use of gets warrants an unconditional warning. Assume it is -- always declared, since it is required by C89. */ --#undef gets --_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead"); -- - #if @GNULIB_FOPEN@ - # if @REPLACE_FOPEN@ - # if !(defined __cplusplus && defined GNULIB_NAMESPACE) diff --git a/gnu/packages/patches/gsl-test-i686.patch b/gnu/packages/patches/gsl-test-i686.patch new file mode 100644 index 0000000000..8828c08614 --- /dev/null +++ b/gnu/packages/patches/gsl-test-i686.patch @@ -0,0 +1,17 @@ +Work around a test failure due to a rounding issue on 32-bit +platforms, as reported at: + + https://lists.gnu.org/archive/html/bug-gsl/2016-10/msg00000.html + +--- gsl-2.2.1/linalg/test.c 2016-10-05 13:27:42.464059730 +0200 ++++ gsl-2.2.1/linalg/test.c 2016-10-05 13:27:46.988095882 +0200 +@@ -4843,9 +4843,6 @@ main(void) + gsl_test(test_cholesky_decomp_unit(), "Cholesky Decomposition [unit triangular]"); + gsl_test(test_cholesky_solve(), "Cholesky Solve"); + +- gsl_test(test_cholesky_decomp(r), "Cholesky Decomposition"); +- gsl_test(test_cholesky_invert(r), "Cholesky Inverse"); +- gsl_test(test_pcholesky_decomp(r), "Pivoted Cholesky Decomposition"); + gsl_test(test_pcholesky_solve(r), "Pivoted Cholesky Solve"); + gsl_test(test_pcholesky_invert(r), "Pivoted Cholesky Inverse"); + gsl_test(test_mcholesky_decomp(r), "Modified Cholesky Decomposition"); diff --git a/gnu/packages/patches/libx11-CVE-2016-7942.patch b/gnu/packages/patches/libx11-CVE-2016-7942.patch new file mode 100644 index 0000000000..75770235ef --- /dev/null +++ b/gnu/packages/patches/libx11-CVE-2016-7942.patch @@ -0,0 +1,76 @@ +Fix CVE-2016-7942: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7942 + +Patch copied from upstream source repository: + +https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8ea762f94f4c942d898fdeb590a1630c83235c17 + +From 8ea762f94f4c942d898fdeb590a1630c83235c17 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann <tobias@stoeckmann.org> +Date: Sun, 25 Sep 2016 21:25:25 +0200 +Subject: [PATCH] Validation of server responses in XGetImage() + +Check if enough bytes were received for specified image type and +geometry. Otherwise GetPixel and other functions could trigger an +out of boundary read later on. + +Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> +Reviewed-by: Matthieu Herrb <matthieu@herrb.eu> +--- + src/GetImage.c | 29 ++++++++++++++++++++--------- + 1 file changed, 20 insertions(+), 9 deletions(-) + +diff --git a/src/GetImage.c b/src/GetImage.c +index c461abc..ff32d58 100644 +--- a/src/GetImage.c ++++ b/src/GetImage.c +@@ -59,6 +59,7 @@ XImage *XGetImage ( + char *data; + unsigned long nbytes; + XImage *image; ++ int planes; + LockDisplay(dpy); + GetReq (GetImage, req); + /* +@@ -91,18 +92,28 @@ XImage *XGetImage ( + return (XImage *) NULL; + } + _XReadPad (dpy, data, nbytes); +- if (format == XYPixmap) +- image = XCreateImage(dpy, _XVIDtoVisual(dpy, rep.visual), +- Ones (plane_mask & +- (((unsigned long)0xFFFFFFFF) >> (32 - rep.depth))), +- format, 0, data, width, height, dpy->bitmap_pad, 0); +- else /* format == ZPixmap */ +- image = XCreateImage (dpy, _XVIDtoVisual(dpy, rep.visual), +- rep.depth, ZPixmap, 0, data, width, height, +- _XGetScanlinePad(dpy, (int) rep.depth), 0); ++ if (format == XYPixmap) { ++ image = XCreateImage(dpy, _XVIDtoVisual(dpy, rep.visual), ++ Ones (plane_mask & ++ (((unsigned long)0xFFFFFFFF) >> (32 - rep.depth))), ++ format, 0, data, width, height, dpy->bitmap_pad, 0); ++ planes = image->depth; ++ } else { /* format == ZPixmap */ ++ image = XCreateImage (dpy, _XVIDtoVisual(dpy, rep.visual), ++ rep.depth, ZPixmap, 0, data, width, height, ++ _XGetScanlinePad(dpy, (int) rep.depth), 0); ++ planes = 1; ++ } + + if (!image) + Xfree(data); ++ if (planes < 1 || image->height < 1 || image->bytes_per_line < 1 || ++ INT_MAX / image->height <= image->bytes_per_line || ++ INT_MAX / planes <= image->height * image->bytes_per_line || ++ nbytes < planes * image->height * image->bytes_per_line) { ++ XDestroyImage(image); ++ image = NULL; ++ } + UnlockDisplay(dpy); + SyncHandle(); + return (image); +-- +2.10.1 + diff --git a/gnu/packages/patches/libx11-CVE-2016-7943.patch b/gnu/packages/patches/libx11-CVE-2016-7943.patch new file mode 100644 index 0000000000..7bcbc58dd4 --- /dev/null +++ b/gnu/packages/patches/libx11-CVE-2016-7943.patch @@ -0,0 +1,113 @@ +Fix CVE-2016-7943: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7943. + +Patch copied from upstream source repository: + +https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0dd3d74173822b3c9 + +From 8c29f1607a31dac0911e45a0dd3d74173822b3c9 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann <tobias@stoeckmann.org> +Date: Sun, 25 Sep 2016 21:22:57 +0200 +Subject: [PATCH] The validation of server responses avoids out of boundary + accesses. + +v2: FontNames.c return a NULL list whenever a single +length field from the server is incohent. + +Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> +Reviewed-by: Matthieu Herrb <matthieu@herrb.eu> +--- + src/FontNames.c | 23 +++++++++++++++++------ + src/ListExt.c | 12 ++++++++---- + src/ModMap.c | 3 ++- + 3 files changed, 27 insertions(+), 11 deletions(-) + +diff --git a/src/FontNames.c b/src/FontNames.c +index 21dcafe..e55f338 100644 +--- a/src/FontNames.c ++++ b/src/FontNames.c +@@ -66,7 +66,7 @@ int *actualCount) /* RETURN */ + + if (rep.nFonts) { + flist = Xmalloc (rep.nFonts * sizeof(char *)); +- if (rep.length < (INT_MAX >> 2)) { ++ if (rep.length > 0 && rep.length < (INT_MAX >> 2)) { + rlen = rep.length << 2; + ch = Xmalloc(rlen + 1); + /* +1 to leave room for last null-terminator */ +@@ -93,11 +93,22 @@ int *actualCount) /* RETURN */ + if (ch + length < chend) { + flist[i] = ch + 1; /* skip over length */ + ch += length + 1; /* find next length ... */ +- length = *(unsigned char *)ch; +- *ch = '\0'; /* and replace with null-termination */ +- count++; +- } else +- flist[i] = NULL; ++ if (ch <= chend) { ++ length = *(unsigned char *)ch; ++ *ch = '\0'; /* and replace with null-termination */ ++ count++; ++ } else { ++ Xfree(flist); ++ flist = NULL; ++ count = 0; ++ break; ++ } ++ } else { ++ Xfree(flist); ++ flist = NULL; ++ count = 0; ++ break; ++ } + } + } + *actualCount = count; +diff --git a/src/ListExt.c b/src/ListExt.c +index be6b989..0516e45 100644 +--- a/src/ListExt.c ++++ b/src/ListExt.c +@@ -55,7 +55,7 @@ char **XListExtensions( + + if (rep.nExtensions) { + list = Xmalloc (rep.nExtensions * sizeof (char *)); +- if (rep.length < (INT_MAX >> 2)) { ++ if (rep.length > 0 && rep.length < (INT_MAX >> 2)) { + rlen = rep.length << 2; + ch = Xmalloc (rlen + 1); + /* +1 to leave room for last null-terminator */ +@@ -80,9 +80,13 @@ char **XListExtensions( + if (ch + length < chend) { + list[i] = ch+1; /* skip over length */ + ch += length + 1; /* find next length ... */ +- length = *ch; +- *ch = '\0'; /* and replace with null-termination */ +- count++; ++ if (ch <= chend) { ++ length = *ch; ++ *ch = '\0'; /* and replace with null-termination */ ++ count++; ++ } else { ++ list[i] = NULL; ++ } + } else + list[i] = NULL; + } +diff --git a/src/ModMap.c b/src/ModMap.c +index a809aa2..49a5d08 100644 +--- a/src/ModMap.c ++++ b/src/ModMap.c +@@ -42,7 +42,8 @@ XGetModifierMapping(register Display *dpy) + GetEmptyReq(GetModifierMapping, req); + (void) _XReply (dpy, (xReply *)&rep, 0, xFalse); + +- if (rep.length < (INT_MAX >> 2)) { ++ if (rep.length < (INT_MAX >> 2) && ++ (rep.length >> 1) == rep.numKeyPerModifier) { + nbytes = (unsigned long)rep.length << 2; + res = Xmalloc(sizeof (XModifierKeymap)); + if (res) +-- +2.10.1 + diff --git a/gnu/packages/patches/libxfixes-CVE-2016-7944.patch b/gnu/packages/patches/libxfixes-CVE-2016-7944.patch new file mode 100644 index 0000000000..2ce463fc46 --- /dev/null +++ b/gnu/packages/patches/libxfixes-CVE-2016-7944.patch @@ -0,0 +1,62 @@ +Fix CVE-2016-7944: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7944 + +Patch copied from upstream source repository: + +https://cgit.freedesktop.org/xorg/lib/libXfixes/commit/?id=61c1039ee23a2d1de712843bed3480654d7ef42e + +From 61c1039ee23a2d1de712843bed3480654d7ef42e Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann <tobias@stoeckmann.org> +Date: Sun, 25 Sep 2016 22:38:44 +0200 +Subject: [PATCH] Integer overflow on illegal server response + +The 32 bit field "rep.length" is not checked for validity, which allows +an integer overflow on 32 bit systems. + +A malicious server could send INT_MAX as length, which gets multiplied +by the size of XRectangle. In that case the client won't read the whole +data from server, getting out of sync. + +Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> +Reviewed-by: Matthieu Herrb <matthieu@herrb.eu> +--- + src/Region.c | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/src/Region.c b/src/Region.c +index cb0cf6e..59bcc1a 100644 +--- a/src/Region.c ++++ b/src/Region.c +@@ -23,6 +23,7 @@ + #ifdef HAVE_CONFIG_H + #include <config.h> + #endif ++#include <limits.h> + #include "Xfixesint.h" + + XserverRegion +@@ -333,9 +334,17 @@ XFixesFetchRegionAndBounds (Display *dpy, + bounds->y = rep.y; + bounds->width = rep.width; + bounds->height = rep.height; +- nbytes = (long) rep.length << 2; +- nrects = rep.length >> 1; +- rects = Xmalloc (nrects * sizeof (XRectangle)); ++ ++ if (rep.length < (INT_MAX >> 2)) { ++ nbytes = (long) rep.length << 2; ++ nrects = rep.length >> 1; ++ rects = Xmalloc (nrects * sizeof (XRectangle)); ++ } else { ++ nbytes = 0; ++ nrects = 0; ++ rects = NULL; ++ } ++ + if (!rects) + { + _XEatDataWords(dpy, rep.length); +-- +2.10.1 + diff --git a/gnu/packages/patches/libxi-CVE-2016-7945-CVE-2016-7946.patch b/gnu/packages/patches/libxi-CVE-2016-7945-CVE-2016-7946.patch new file mode 100644 index 0000000000..ca899e34c0 --- /dev/null +++ b/gnu/packages/patches/libxi-CVE-2016-7945-CVE-2016-7946.patch @@ -0,0 +1,420 @@ +Fix CVE-2016-7945: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7945 + +Patch copied from upstream source repository: + +https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5 + +From 19a9cd607de73947fcfb104682f203ffe4e1f4e5 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann <tobias@stoeckmann.org> +Date: Sun, 25 Sep 2016 22:31:34 +0200 +Subject: [PATCH] Properly validate server responses. + +By validating length fields from server responses, out of boundary +accesses and endless loops can be mitigated. + +Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> +Reviewed-by: Matthieu Herrb <matthieu@herrb.eu> +--- + src/XGMotion.c | 3 ++- + src/XGetBMap.c | 3 ++- + src/XGetDCtl.c | 6 ++++-- + src/XGetFCtl.c | 7 ++++++- + src/XGetKMap.c | 14 +++++++++++--- + src/XGetMMap.c | 11 +++++++++-- + src/XIQueryDevice.c | 36 ++++++++++++++++++++++++++++++++++-- + src/XListDev.c | 21 +++++++++++++++------ + src/XOpenDev.c | 13 ++++++++++--- + src/XQueryDv.c | 8 ++++++-- + 10 files changed, 99 insertions(+), 23 deletions(-) + +diff --git a/src/XGMotion.c b/src/XGMotion.c +index 7785843..9433e29 100644 +--- a/src/XGMotion.c ++++ b/src/XGMotion.c +@@ -114,7 +114,8 @@ XGetDeviceMotionEvents( + } + /* rep.axes is a CARD8, so assume max number of axes for bounds check */ + if (rep.nEvents < +- (INT_MAX / (sizeof(XDeviceTimeCoord) + (UCHAR_MAX * sizeof(int))))) { ++ (INT_MAX / (sizeof(XDeviceTimeCoord) + (UCHAR_MAX * sizeof(int)))) && ++ rep.nEvents * (rep.axes + 1) <= rep.length) { + size_t bsize = rep.nEvents * + (sizeof(XDeviceTimeCoord) + (rep.axes * sizeof(int))); + bufp = Xmalloc(bsize); +diff --git a/src/XGetBMap.c b/src/XGetBMap.c +index 002daba..13bb8c6 100644 +--- a/src/XGetBMap.c ++++ b/src/XGetBMap.c +@@ -92,7 +92,8 @@ XGetDeviceButtonMapping( + + status = _XReply(dpy, (xReply *) & rep, 0, xFalse); + if (status == 1) { +- if (rep.length <= (sizeof(mapping) >> 2)) { ++ if (rep.length <= (sizeof(mapping) >> 2) && ++ rep.nElts <= (rep.length << 2)) { + unsigned long nbytes = rep.length << 2; + _XRead(dpy, (char *)mapping, nbytes); + +diff --git a/src/XGetDCtl.c b/src/XGetDCtl.c +index c5d3b53..7f6b396 100644 +--- a/src/XGetDCtl.c ++++ b/src/XGetDCtl.c +@@ -93,7 +93,8 @@ XGetDeviceControl( + if (rep.length > 0) { + unsigned long nbytes; + size_t size = 0; +- if (rep.length < (INT_MAX >> 2)) { ++ if (rep.length < (INT_MAX >> 2) && ++ (rep.length << 2) >= sizeof(xDeviceState)) { + nbytes = (unsigned long) rep.length << 2; + d = Xmalloc(nbytes); + } +@@ -117,7 +118,8 @@ XGetDeviceControl( + size_t val_size; + + r = (xDeviceResolutionState *) d; +- if (r->num_valuators >= (INT_MAX / (3 * sizeof(int)))) ++ if (sizeof(xDeviceResolutionState) > nbytes || ++ r->num_valuators >= (INT_MAX / (3 * sizeof(int)))) + goto out; + val_size = 3 * sizeof(int) * r->num_valuators; + if ((sizeof(xDeviceResolutionState) + val_size) > nbytes) +diff --git a/src/XGetFCtl.c b/src/XGetFCtl.c +index 7fd6d0e..82dcc64 100644 +--- a/src/XGetFCtl.c ++++ b/src/XGetFCtl.c +@@ -73,6 +73,7 @@ XGetFeedbackControl( + XFeedbackState *Sav = NULL; + xFeedbackState *f = NULL; + xFeedbackState *sav = NULL; ++ char *end = NULL; + xGetFeedbackControlReq *req; + xGetFeedbackControlReply rep; + XExtDisplayInfo *info = XInput_find_display(dpy); +@@ -105,10 +106,12 @@ XGetFeedbackControl( + goto out; + } + sav = f; ++ end = (char *)f + nbytes; + _XRead(dpy, (char *)f, nbytes); + + for (i = 0; i < *num_feedbacks; i++) { +- if (f->length > nbytes) ++ if ((char *)f + sizeof(*f) > end || ++ f->length == 0 || f->length > nbytes) + goto out; + nbytes -= f->length; + +@@ -125,6 +128,8 @@ XGetFeedbackControl( + case StringFeedbackClass: + { + xStringFeedbackState *strf = (xStringFeedbackState *) f; ++ if ((char *)f + sizeof(*strf) > end) ++ goto out; + size += sizeof(XStringFeedbackState) + + (strf->num_syms_supported * sizeof(KeySym)); + } +diff --git a/src/XGetKMap.c b/src/XGetKMap.c +index 0540ce4..008a72b 100644 +--- a/src/XGetKMap.c ++++ b/src/XGetKMap.c +@@ -54,6 +54,7 @@ SOFTWARE. + #include <config.h> + #endif + ++#include <limits.h> + #include <X11/extensions/XI.h> + #include <X11/extensions/XIproto.h> + #include <X11/Xlibint.h> +@@ -93,9 +94,16 @@ XGetDeviceKeyMapping(register Display * dpy, XDevice * dev, + return (KeySym *) NULL; + } + if (rep.length > 0) { +- *syms_per_code = rep.keySymsPerKeyCode; +- nbytes = (long)rep.length << 2; +- mapping = (KeySym *) Xmalloc((unsigned)nbytes); ++ if (rep.length < INT_MAX >> 2 && ++ rep.length == rep.keySymsPerKeyCode * keycount) { ++ *syms_per_code = rep.keySymsPerKeyCode; ++ nbytes = (long)rep.length << 2; ++ mapping = (KeySym *) Xmalloc((unsigned)nbytes); ++ } else { ++ *syms_per_code = 0; ++ nbytes = 0; ++ mapping = NULL; ++ } + if (mapping) + _XRead(dpy, (char *)mapping, nbytes); + else +diff --git a/src/XGetMMap.c b/src/XGetMMap.c +index 246698c..33c114f 100644 +--- a/src/XGetMMap.c ++++ b/src/XGetMMap.c +@@ -53,6 +53,7 @@ SOFTWARE. + #include <config.h> + #endif + ++#include <limits.h> + #include <X11/extensions/XI.h> + #include <X11/extensions/XIproto.h> + #include <X11/Xlibint.h> +@@ -85,8 +86,14 @@ XGetDeviceModifierMapping( + SyncHandle(); + return (XModifierKeymap *) NULL; + } +- nbytes = (unsigned long)rep.length << 2; +- res = (XModifierKeymap *) Xmalloc(sizeof(XModifierKeymap)); ++ if (rep.length < (INT_MAX >> 2) && ++ rep.numKeyPerModifier == rep.length >> 1) { ++ nbytes = (unsigned long)rep.length << 2; ++ res = (XModifierKeymap *) Xmalloc(sizeof(XModifierKeymap)); ++ } else { ++ nbytes = 0; ++ res = NULL; ++ } + if (res) { + res->modifiermap = (KeyCode *) Xmalloc(nbytes); + if (res->modifiermap) +diff --git a/src/XIQueryDevice.c b/src/XIQueryDevice.c +index fb8504f..a457cd6 100644 +--- a/src/XIQueryDevice.c ++++ b/src/XIQueryDevice.c +@@ -26,6 +26,7 @@ + #include <config.h> + #endif + ++#include <limits.h> + #include <stdint.h> + #include <X11/Xlibint.h> + #include <X11/extensions/XI2proto.h> +@@ -43,6 +44,7 @@ XIQueryDevice(Display *dpy, int deviceid, int *ndevices_return) + xXIQueryDeviceReq *req; + xXIQueryDeviceReply reply; + char *ptr; ++ char *end; + int i; + char *buf; + +@@ -60,14 +62,24 @@ XIQueryDevice(Display *dpy, int deviceid, int *ndevices_return) + if (!_XReply(dpy, (xReply*) &reply, 0, xFalse)) + goto error; + +- *ndevices_return = reply.num_devices; +- info = Xmalloc((reply.num_devices + 1) * sizeof(XIDeviceInfo)); ++ if (reply.length < INT_MAX / 4) ++ { ++ *ndevices_return = reply.num_devices; ++ info = Xmalloc((reply.num_devices + 1) * sizeof(XIDeviceInfo)); ++ } ++ else ++ { ++ *ndevices_return = 0; ++ info = NULL; ++ } ++ + if (!info) + goto error; + + buf = Xmalloc(reply.length * 4); + _XRead(dpy, buf, reply.length * 4); + ptr = buf; ++ end = buf + reply.length * 4; + + /* info is a null-terminated array */ + info[reply.num_devices].name = NULL; +@@ -79,6 +91,9 @@ XIQueryDevice(Display *dpy, int deviceid, int *ndevices_return) + XIDeviceInfo *lib = &info[i]; + xXIDeviceInfo *wire = (xXIDeviceInfo*)ptr; + ++ if (ptr + sizeof(xXIDeviceInfo) > end) ++ goto error_loop; ++ + lib->deviceid = wire->deviceid; + lib->use = wire->use; + lib->attachment = wire->attachment; +@@ -87,12 +102,23 @@ XIQueryDevice(Display *dpy, int deviceid, int *ndevices_return) + + ptr += sizeof(xXIDeviceInfo); + ++ if (ptr + wire->name_len > end) ++ goto error_loop; ++ + lib->name = Xcalloc(wire->name_len + 1, 1); ++ if (lib->name == NULL) ++ goto error_loop; + strncpy(lib->name, ptr, wire->name_len); ++ lib->name[wire->name_len] = '\0'; + ptr += ((wire->name_len + 3)/4) * 4; + + sz = size_classes((xXIAnyInfo*)ptr, nclasses); + lib->classes = Xmalloc(sz); ++ if (lib->classes == NULL) ++ { ++ Xfree(lib->name); ++ goto error_loop; ++ } + ptr += copy_classes(lib, (xXIAnyInfo*)ptr, &nclasses); + /* We skip over unused classes */ + lib->num_classes = nclasses; +@@ -103,6 +129,12 @@ XIQueryDevice(Display *dpy, int deviceid, int *ndevices_return) + SyncHandle(); + return info; + ++error_loop: ++ while (--i >= 0) ++ { ++ Xfree(info[i].name); ++ Xfree(info[i].classes); ++ } + error: + UnlockDisplay(dpy); + error_unlocked: +diff --git a/src/XListDev.c b/src/XListDev.c +index b85ff3c..f850cd0 100644 +--- a/src/XListDev.c ++++ b/src/XListDev.c +@@ -74,7 +74,7 @@ static int pad_to_xid(int base_size) + } + + static size_t +-SizeClassInfo(xAnyClassPtr *any, int num_classes) ++SizeClassInfo(xAnyClassPtr *any, size_t len, int num_classes) + { + int size = 0; + int j; +@@ -90,6 +90,8 @@ SizeClassInfo(xAnyClassPtr *any, int num_classes) + { + xValuatorInfoPtr v; + ++ if (len < sizeof(v)) ++ return 0; + v = (xValuatorInfoPtr) *any; + size += pad_to_xid(sizeof(XValuatorInfo) + + (v->num_axes * sizeof(XAxisInfo))); +@@ -98,6 +100,8 @@ SizeClassInfo(xAnyClassPtr *any, int num_classes) + default: + break; + } ++ if ((*any)->length > len) ++ return 0; + *any = (xAnyClassPtr) ((char *)(*any) + (*any)->length); + } + +@@ -170,7 +174,7 @@ XListInputDevices( + register Display *dpy, + int *ndevices) + { +- size_t size; ++ size_t s, size; + xListInputDevicesReq *req; + xListInputDevicesReply rep; + xDeviceInfo *list, *slist = NULL; +@@ -178,6 +182,7 @@ XListInputDevices( + XDeviceInfo *clist = NULL; + xAnyClassPtr any, sav_any; + XAnyClassPtr Any; ++ char *end = NULL; + unsigned char *nptr, *Nptr; + int i; + unsigned long rlen; +@@ -213,16 +218,20 @@ XListInputDevices( + + any = (xAnyClassPtr) ((char *)list + (*ndevices * sizeof(xDeviceInfo))); + sav_any = any; ++ end = (char *)list + rlen; + for (i = 0; i < *ndevices; i++, list++) { +- size += SizeClassInfo(&any, (int)list->num_classes); ++ s = SizeClassInfo(&any, end - (char *)any, (int)list->num_classes); ++ if (!s) ++ goto out; ++ size += s; + } + +- Nptr = ((unsigned char *)list) + rlen + 1; ++ Nptr = ((unsigned char *)list) + rlen; + for (i = 0, nptr = (unsigned char *)any; i < *ndevices; i++) { ++ if (nptr >= Nptr) ++ goto out; + size += *nptr + 1; + nptr += (*nptr + 1); +- if (nptr > Nptr) +- goto out; + } + + clist = (XDeviceInfoPtr) Xmalloc(size); +diff --git a/src/XOpenDev.c b/src/XOpenDev.c +index 029dec2..4b3c460 100644 +--- a/src/XOpenDev.c ++++ b/src/XOpenDev.c +@@ -53,6 +53,7 @@ SOFTWARE. + #include <config.h> + #endif + ++#include <limits.h> + #include <X11/extensions/XI.h> + #include <X11/extensions/XIproto.h> + #include <X11/Xlibint.h> +@@ -86,9 +87,15 @@ XOpenDevice( + return (XDevice *) NULL; + } + +- rlen = rep.length << 2; +- dev = (XDevice *) Xmalloc(sizeof(XDevice) + rep.num_classes * +- sizeof(XInputClassInfo)); ++ if (rep.length < INT_MAX >> 2 && ++ (rep.length << 2) >= rep.num_classes * sizeof(xInputClassInfo)) { ++ rlen = rep.length << 2; ++ dev = (XDevice *) Xmalloc(sizeof(XDevice) + rep.num_classes * ++ sizeof(XInputClassInfo)); ++ } else { ++ rlen = 0; ++ dev = NULL; ++ } + if (dev) { + int dlen; /* data length */ + +diff --git a/src/XQueryDv.c b/src/XQueryDv.c +index de1c0e5..7ee2272 100644 +--- a/src/XQueryDv.c ++++ b/src/XQueryDv.c +@@ -73,7 +73,7 @@ XQueryDeviceState( + xQueryDeviceStateReply rep; + XDeviceState *state = NULL; + XInputClass *any, *Any; +- char *data = NULL; ++ char *data = NULL, *end = NULL; + XExtDisplayInfo *info = XInput_find_display(dpy); + + LockDisplay(dpy); +@@ -92,6 +92,7 @@ XQueryDeviceState( + if (rep.length < (INT_MAX >> 2)) { + rlen = (unsigned long) rep.length << 2; + data = Xmalloc(rlen); ++ end = data + rlen; + } + if (!data) { + _XEatDataWords(dpy, rep.length); +@@ -100,7 +101,8 @@ XQueryDeviceState( + _XRead(dpy, data, rlen); + + for (i = 0, any = (XInputClass *) data; i < (int)rep.num_classes; i++) { +- if (any->length > rlen) ++ if ((char *)any + sizeof(XInputClass) > end || ++ any->length == 0 || any->length > rlen) + goto out; + rlen -= any->length; + +@@ -114,6 +116,8 @@ XQueryDeviceState( + case ValuatorClass: + { + xValuatorState *v = (xValuatorState *) any; ++ if ((char *)any + sizeof(xValuatorState) > end) ++ goto out; + size += (sizeof(XValuatorState) + + (v->num_valuators * sizeof(int))); + } +-- +2.10.1 + diff --git a/gnu/packages/patches/libxrandr-CVE-2016-7947-CVE-2016-7948.patch b/gnu/packages/patches/libxrandr-CVE-2016-7947-CVE-2016-7948.patch new file mode 100644 index 0000000000..ece8b18309 --- /dev/null +++ b/gnu/packages/patches/libxrandr-CVE-2016-7947-CVE-2016-7948.patch @@ -0,0 +1,447 @@ +Fix CVE-2016-7947 and CVE-2016-7948. + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7947 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7948 + +Patch copied from upstream source repository: + +https://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=a0df3e1c7728205e5c7650b2e6dce684139254a6 + +From a0df3e1c7728205e5c7650b2e6dce684139254a6 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann <tobias@stoeckmann.org> +Date: Sun, 25 Sep 2016 22:21:40 +0200 +Subject: [PATCH] Avoid out of boundary accesses on illegal responses + +The responses of the connected X server have to be properly checked +to avoid out of boundary accesses that could otherwise be triggered +by a malicious server. + +Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> +Reviewed-by: Matthieu Herrb <matthieu@herrb.eu> +--- + src/XrrConfig.c | 32 +++++++++++++-------- + src/XrrCrtc.c | 83 ++++++++++++++++++++++++++++++++++++++++++------------- + src/XrrMonitor.c | 18 ++++++++++++ + src/XrrOutput.c | 11 ++++++++ + src/XrrProvider.c | 28 ++++++++++++++++--- + src/XrrScreen.c | 52 ++++++++++++++++++++++------------ + 6 files changed, 172 insertions(+), 52 deletions(-) + +diff --git a/src/XrrConfig.c b/src/XrrConfig.c +index 2f0282b..e68c45a 100644 +--- a/src/XrrConfig.c ++++ b/src/XrrConfig.c +@@ -29,6 +29,7 @@ + #include <config.h> + #endif + ++#include <limits.h> + #include <stdio.h> + #include <X11/Xlib.h> + /* we need to be able to manipulate the Display structure on events */ +@@ -272,23 +273,30 @@ static XRRScreenConfiguration *_XRRGetScreenInfo (Display *dpy, + rep.rate = 0; + rep.nrateEnts = 0; + } ++ if (rep.length < INT_MAX >> 2) { ++ nbytes = (long) rep.length << 2; + +- nbytes = (long) rep.length << 2; ++ nbytesRead = (long) (rep.nSizes * SIZEOF (xScreenSizes) + ++ ((rep.nrateEnts + 1)& ~1) * 2 /* SIZEOF(CARD16) */); + +- nbytesRead = (long) (rep.nSizes * SIZEOF (xScreenSizes) + +- ((rep.nrateEnts + 1)& ~1) * 2 /* SIZEOF (CARD16) */); ++ /* ++ * first we must compute how much space to allocate for ++ * randr library's use; we'll allocate the structures in a single ++ * allocation, on cleanlyness grounds. ++ */ + +- /* +- * first we must compute how much space to allocate for +- * randr library's use; we'll allocate the structures in a single +- * allocation, on cleanlyness grounds. +- */ ++ rbytes = sizeof (XRRScreenConfiguration) + ++ (rep.nSizes * sizeof (XRRScreenSize) + ++ rep.nrateEnts * sizeof (int)); + +- rbytes = sizeof (XRRScreenConfiguration) + +- (rep.nSizes * sizeof (XRRScreenSize) + +- rep.nrateEnts * sizeof (int)); ++ scp = (struct _XRRScreenConfiguration *) Xmalloc(rbytes); ++ } else { ++ nbytes = 0; ++ nbytesRead = 0; ++ rbytes = 0; ++ scp = NULL; ++ } + +- scp = (struct _XRRScreenConfiguration *) Xmalloc(rbytes); + if (scp == NULL) { + _XEatData (dpy, (unsigned long) nbytes); + return NULL; +diff --git a/src/XrrCrtc.c b/src/XrrCrtc.c +index 5ae35c5..6665092 100644 +--- a/src/XrrCrtc.c ++++ b/src/XrrCrtc.c +@@ -24,6 +24,7 @@ + #include <config.h> + #endif + ++#include <limits.h> + #include <stdio.h> + #include <X11/Xlib.h> + /* we need to be able to manipulate the Display structure on events */ +@@ -57,22 +58,33 @@ XRRGetCrtcInfo (Display *dpy, XRRScreenResources *resources, RRCrtc crtc) + return NULL; + } + +- nbytes = (long) rep.length << 2; ++ if (rep.length < INT_MAX >> 2) ++ { ++ nbytes = (long) rep.length << 2; + +- nbytesRead = (long) (rep.nOutput * 4 + +- rep.nPossibleOutput * 4); ++ nbytesRead = (long) (rep.nOutput * 4 + ++ rep.nPossibleOutput * 4); + +- /* +- * first we must compute how much space to allocate for +- * randr library's use; we'll allocate the structures in a single +- * allocation, on cleanlyness grounds. +- */ ++ /* ++ * first we must compute how much space to allocate for ++ * randr library's use; we'll allocate the structures in a single ++ * allocation, on cleanlyness grounds. ++ */ + +- rbytes = (sizeof (XRRCrtcInfo) + +- rep.nOutput * sizeof (RROutput) + +- rep.nPossibleOutput * sizeof (RROutput)); ++ rbytes = (sizeof (XRRCrtcInfo) + ++ rep.nOutput * sizeof (RROutput) + ++ rep.nPossibleOutput * sizeof (RROutput)); ++ ++ xci = (XRRCrtcInfo *) Xmalloc(rbytes); ++ } ++ else ++ { ++ nbytes = 0; ++ nbytesRead = 0; ++ rbytes = 0; ++ xci = NULL; ++ } + +- xci = (XRRCrtcInfo *) Xmalloc(rbytes); + if (xci == NULL) { + _XEatDataWords (dpy, rep.length); + UnlockDisplay (dpy); +@@ -194,12 +206,21 @@ XRRGetCrtcGamma (Display *dpy, RRCrtc crtc) + if (!_XReply (dpy, (xReply *) &rep, 0, xFalse)) + goto out; + +- nbytes = (long) rep.length << 2; ++ if (rep.length < INT_MAX >> 2) ++ { ++ nbytes = (long) rep.length << 2; + +- /* three channels of CARD16 data */ +- nbytesRead = (rep.size * 2 * 3); ++ /* three channels of CARD16 data */ ++ nbytesRead = (rep.size * 2 * 3); + +- crtc_gamma = XRRAllocGamma (rep.size); ++ crtc_gamma = XRRAllocGamma (rep.size); ++ } ++ else ++ { ++ nbytes = 0; ++ nbytesRead = 0; ++ crtc_gamma = NULL; ++ } + + if (!crtc_gamma) + { +@@ -357,7 +378,7 @@ XRRGetCrtcTransform (Display *dpy, + xRRGetCrtcTransformReq *req; + int major_version, minor_version; + XRRCrtcTransformAttributes *attr; +- char *extra = NULL, *e; ++ char *extra = NULL, *end = NULL, *e; + int p; + + *attributes = NULL; +@@ -395,9 +416,17 @@ XRRGetCrtcTransform (Display *dpy, + else + { + int extraBytes = rep.length * 4 - CrtcTransformExtra; +- extra = Xmalloc (extraBytes); ++ if (rep.length < INT_MAX / 4 && ++ rep.length * 4 >= CrtcTransformExtra) { ++ extra = Xmalloc (extraBytes); ++ end = extra + extraBytes; ++ } else ++ extra = NULL; + if (!extra) { +- _XEatDataWords (dpy, rep.length - (CrtcTransformExtra >> 2)); ++ if (rep.length > (CrtcTransformExtra >> 2)) ++ _XEatDataWords (dpy, rep.length - (CrtcTransformExtra >> 2)); ++ else ++ _XEatDataWords (dpy, rep.length); + UnlockDisplay (dpy); + SyncHandle (); + return False; +@@ -429,22 +458,38 @@ XRRGetCrtcTransform (Display *dpy, + + e = extra; + ++ if (e + rep.pendingNbytesFilter > end) { ++ XFree (extra); ++ return False; ++ } + memcpy (attr->pendingFilter, e, rep.pendingNbytesFilter); + attr->pendingFilter[rep.pendingNbytesFilter] = '\0'; + e += (rep.pendingNbytesFilter + 3) & ~3; + for (p = 0; p < rep.pendingNparamsFilter; p++) { + INT32 f; ++ if (e + 4 > end) { ++ XFree (extra); ++ return False; ++ } + memcpy (&f, e, 4); + e += 4; + attr->pendingParams[p] = (XFixed) f; + } + attr->pendingNparams = rep.pendingNparamsFilter; + ++ if (e + rep.currentNbytesFilter > end) { ++ XFree (extra); ++ return False; ++ } + memcpy (attr->currentFilter, e, rep.currentNbytesFilter); + attr->currentFilter[rep.currentNbytesFilter] = '\0'; + e += (rep.currentNbytesFilter + 3) & ~3; + for (p = 0; p < rep.currentNparamsFilter; p++) { + INT32 f; ++ if (e + 4 > end) { ++ XFree (extra); ++ return False; ++ } + memcpy (&f, e, 4); + e += 4; + attr->currentParams[p] = (XFixed) f; +diff --git a/src/XrrMonitor.c b/src/XrrMonitor.c +index a9eaa7b..adc5330 100644 +--- a/src/XrrMonitor.c ++++ b/src/XrrMonitor.c +@@ -24,6 +24,7 @@ + #include <config.h> + #endif + ++#include <limits.h> + #include <stdio.h> + #include <X11/Xlib.h> + /* we need to be able to manipulate the Display structure on events */ +@@ -65,6 +66,15 @@ XRRGetMonitors(Display *dpy, Window window, Bool get_active, int *nmonitors) + return NULL; + } + ++ if (rep.length > INT_MAX >> 2 || ++ rep.nmonitors > INT_MAX / SIZEOF(xRRMonitorInfo) || ++ rep.noutputs > INT_MAX / 4 || ++ rep.nmonitors * SIZEOF(xRRMonitorInfo) > INT_MAX - rep.noutputs * 4) { ++ _XEatData (dpy, rep.length); ++ UnlockDisplay (dpy); ++ SyncHandle (); ++ return NULL; ++ } + nbytes = (long) rep.length << 2; + nmon = rep.nmonitors; + noutput = rep.noutputs; +@@ -111,6 +121,14 @@ XRRGetMonitors(Display *dpy, Window window, Bool get_active, int *nmonitors) + mon[m].outputs = output; + buf += SIZEOF (xRRMonitorInfo); + xoutput = (CARD32 *) buf; ++ if (xmon->noutput > rep.noutputs) { ++ Xfree(buf); ++ Xfree(mon); ++ UnlockDisplay (dpy); ++ SyncHandle (); ++ return NULL; ++ } ++ rep.noutputs -= xmon->noutput; + for (o = 0; o < xmon->noutput; o++) + output[o] = xoutput[o]; + output += xmon->noutput; +diff --git a/src/XrrOutput.c b/src/XrrOutput.c +index 85f0b6e..30f3d40 100644 +--- a/src/XrrOutput.c ++++ b/src/XrrOutput.c +@@ -25,6 +25,7 @@ + #include <config.h> + #endif + ++#include <limits.h> + #include <stdio.h> + #include <X11/Xlib.h> + /* we need to be able to manipulate the Display structure on events */ +@@ -60,6 +61,16 @@ XRRGetOutputInfo (Display *dpy, XRRScreenResources *resources, RROutput output) + return NULL; + } + ++ if (rep.length > INT_MAX >> 2 || rep.length < (OutputInfoExtra >> 2)) ++ { ++ if (rep.length > (OutputInfoExtra >> 2)) ++ _XEatDataWords (dpy, rep.length - (OutputInfoExtra >> 2)); ++ else ++ _XEatDataWords (dpy, rep.length); ++ UnlockDisplay (dpy); ++ SyncHandle (); ++ return NULL; ++ } + nbytes = ((long) (rep.length) << 2) - OutputInfoExtra; + + nbytesRead = (long) (rep.nCrtcs * 4 + +diff --git a/src/XrrProvider.c b/src/XrrProvider.c +index 9e620c7..d796cd0 100644 +--- a/src/XrrProvider.c ++++ b/src/XrrProvider.c +@@ -25,6 +25,7 @@ + #include <config.h> + #endif + ++#include <limits.h> + #include <stdio.h> + #include <X11/Xlib.h> + /* we need to be able to manipulate the Display structure on events */ +@@ -59,12 +60,20 @@ XRRGetProviderResources(Display *dpy, Window window) + return NULL; + } + +- nbytes = (long) rep.length << 2; ++ if (rep.length < INT_MAX >> 2) { ++ nbytes = (long) rep.length << 2; + +- nbytesRead = (long) (rep.nProviders * 4); ++ nbytesRead = (long) (rep.nProviders * 4); + +- rbytes = (sizeof(XRRProviderResources) + rep.nProviders * sizeof(RRProvider)); +- xrpr = (XRRProviderResources *) Xmalloc(rbytes); ++ rbytes = (sizeof(XRRProviderResources) + rep.nProviders * ++ sizeof(RRProvider)); ++ xrpr = (XRRProviderResources *) Xmalloc(rbytes); ++ } else { ++ nbytes = 0; ++ nbytesRead = 0; ++ rbytes = 0; ++ xrpr = NULL; ++ } + + if (xrpr == NULL) { + _XEatDataWords (dpy, rep.length); +@@ -121,6 +130,17 @@ XRRGetProviderInfo(Display *dpy, XRRScreenResources *resources, RRProvider provi + return NULL; + } + ++ if (rep.length > INT_MAX >> 2 || rep.length < ProviderInfoExtra >> 2) ++ { ++ if (rep.length < ProviderInfoExtra >> 2) ++ _XEatDataWords (dpy, rep.length); ++ else ++ _XEatDataWords (dpy, rep.length - (ProviderInfoExtra >> 2)); ++ UnlockDisplay (dpy); ++ SyncHandle (); ++ return NULL; ++ } ++ + nbytes = ((long) rep.length << 2) - ProviderInfoExtra; + + nbytesRead = (long)(rep.nCrtcs * 4 + +diff --git a/src/XrrScreen.c b/src/XrrScreen.c +index b8ce7e5..1f7ffe6 100644 +--- a/src/XrrScreen.c ++++ b/src/XrrScreen.c +@@ -24,6 +24,7 @@ + #include <config.h> + #endif + ++#include <limits.h> + #include <stdio.h> + #include <X11/Xlib.h> + /* we need to be able to manipulate the Display structure on events */ +@@ -105,27 +106,36 @@ doGetScreenResources (Display *dpy, Window window, int poll) + xrri->has_rates = _XRRHasRates (xrri->minor_version, xrri->major_version); + } + +- nbytes = (long) rep.length << 2; ++ if (rep.length < INT_MAX >> 2) { ++ nbytes = (long) rep.length << 2; + +- nbytesRead = (long) (rep.nCrtcs * 4 + +- rep.nOutputs * 4 + +- rep.nModes * SIZEOF (xRRModeInfo) + +- ((rep.nbytesNames + 3) & ~3)); ++ nbytesRead = (long) (rep.nCrtcs * 4 + ++ rep.nOutputs * 4 + ++ rep.nModes * SIZEOF (xRRModeInfo) + ++ ((rep.nbytesNames + 3) & ~3)); + +- /* +- * first we must compute how much space to allocate for +- * randr library's use; we'll allocate the structures in a single +- * allocation, on cleanlyness grounds. +- */ ++ /* ++ * first we must compute how much space to allocate for ++ * randr library's use; we'll allocate the structures in a single ++ * allocation, on cleanlyness grounds. ++ */ ++ ++ rbytes = (sizeof (XRRScreenResources) + ++ rep.nCrtcs * sizeof (RRCrtc) + ++ rep.nOutputs * sizeof (RROutput) + ++ rep.nModes * sizeof (XRRModeInfo) + ++ rep.nbytesNames + rep.nModes); /* '\0' terminate names */ + +- rbytes = (sizeof (XRRScreenResources) + +- rep.nCrtcs * sizeof (RRCrtc) + +- rep.nOutputs * sizeof (RROutput) + +- rep.nModes * sizeof (XRRModeInfo) + +- rep.nbytesNames + rep.nModes); /* '\0' terminate names */ ++ xrsr = (XRRScreenResources *) Xmalloc(rbytes); ++ wire_names = (char *) Xmalloc (rep.nbytesNames); ++ } else { ++ nbytes = 0; ++ nbytesRead = 0; ++ rbytes = 0; ++ xrsr = NULL; ++ wire_names = NULL; ++ } + +- xrsr = (XRRScreenResources *) Xmalloc(rbytes); +- wire_names = (char *) Xmalloc (rep.nbytesNames); + if (xrsr == NULL || wire_names == NULL) { + Xfree (xrsr); + Xfree (wire_names); +@@ -174,6 +184,14 @@ doGetScreenResources (Display *dpy, Window window, int poll) + wire_name = wire_names; + for (i = 0; i < rep.nModes; i++) { + xrsr->modes[i].name = names; ++ if (xrsr->modes[i].nameLength > rep.nbytesNames) { ++ Xfree (xrsr); ++ Xfree (wire_names); ++ UnlockDisplay (dpy); ++ SyncHandle (); ++ return NULL; ++ } ++ rep.nbytesNames -= xrsr->modes[i].nameLength; + memcpy (names, wire_name, xrsr->modes[i].nameLength); + names[xrsr->modes[i].nameLength] = '\0'; + names += xrsr->modes[i].nameLength + 1; +-- +2.10.1 + diff --git a/gnu/packages/patches/libxrender-CVE-2016-7949.patch b/gnu/packages/patches/libxrender-CVE-2016-7949.patch new file mode 100644 index 0000000000..3a2be4ea8e --- /dev/null +++ b/gnu/packages/patches/libxrender-CVE-2016-7949.patch @@ -0,0 +1,66 @@ +Fix CVE-2016-7949: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7949 + +Patch copied from upstream source repository: + +https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=9362c7ddd1af3b168953d0737877bc52d79c94f4 + +From 9362c7ddd1af3b168953d0737877bc52d79c94f4 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann <tobias@stoeckmann.org> +Date: Sun, 25 Sep 2016 21:43:09 +0200 +Subject: [PATCH] Validate lengths while parsing server data. + +Individual lengths inside received server data can overflow +the previously reserved memory. + +It is therefore important to validate every single length +field to not overflow the previously agreed sum of all invidual +length fields. + +v2: consume remaining bytes in the reply buffer on error. + +Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> +Reviewed-by: Matthieu Herrb@laas.fr +--- + src/Xrender.c | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/src/Xrender.c b/src/Xrender.c +index 3102eb2..71cf3e6 100644 +--- a/src/Xrender.c ++++ b/src/Xrender.c +@@ -533,12 +533,30 @@ XRenderQueryFormats (Display *dpy) + screen->fallback = _XRenderFindFormat (xri, xScreen->fallback); + screen->subpixel = SubPixelUnknown; + xDepth = (xPictDepth *) (xScreen + 1); ++ if (screen->ndepths > rep.numDepths) { ++ Xfree (xri); ++ Xfree (xData); ++ _XEatDataWords (dpy, rep.length); ++ UnlockDisplay (dpy); ++ SyncHandle (); ++ return 0; ++ } ++ rep.numDepths -= screen->ndepths; + for (nd = 0; nd < screen->ndepths; nd++) + { + depth->depth = xDepth->depth; + depth->nvisuals = xDepth->nPictVisuals; + depth->visuals = visual; + xVisual = (xPictVisual *) (xDepth + 1); ++ if (depth->nvisuals > rep.numVisuals) { ++ Xfree (xri); ++ Xfree (xData); ++ _XEatDataWords (dpy, rep.length); ++ UnlockDisplay (dpy); ++ SyncHandle (); ++ return 0; ++ } ++ rep.numVisuals -= depth->nvisuals; + for (nv = 0; nv < depth->nvisuals; nv++) + { + visual->visual = _XRenderFindVisual (dpy, xVisual->visual); +-- +2.10.1 + diff --git a/gnu/packages/patches/libxrender-CVE-2016-7950.patch b/gnu/packages/patches/libxrender-CVE-2016-7950.patch new file mode 100644 index 0000000000..1a64b6e724 --- /dev/null +++ b/gnu/packages/patches/libxrender-CVE-2016-7950.patch @@ -0,0 +1,73 @@ +Fix CVE-2016-7950: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7950 + +Patch copied from upstream source repository: + +https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=8fad00b0b647ee662ce4737ca15be033b7a21714 + +From 8fad00b0b647ee662ce4737ca15be033b7a21714 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann <tobias@stoeckmann.org> +Date: Sun, 25 Sep 2016 21:42:09 +0200 +Subject: [PATCH] Avoid OOB write in XRenderQueryFilters + +The memory for filter names is reserved right after receiving the reply. +After that, filters are iterated and each individual filter name is +stored in that reserved memory. + +The individual name lengths are not checked for validity, which means +that a malicious server can reserve less memory than it will write to +during each iteration. + +v2: consume remaining bytes in reply buffer on error. + +Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> +Reviewed-by: Matthieu Herrb <matthieu@herrb.eu> +--- + src/Filter.c | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/src/Filter.c b/src/Filter.c +index edfa572..8d701eb 100644 +--- a/src/Filter.c ++++ b/src/Filter.c +@@ -38,7 +38,7 @@ XRenderQueryFilters (Display *dpy, Drawable drawable) + char *name; + char len; + int i; +- unsigned long nbytes, nbytesAlias, nbytesName; ++ unsigned long nbytes, nbytesAlias, nbytesName, reply_left; + + if (!RenderHasExtension (info)) + return NULL; +@@ -114,6 +114,7 @@ XRenderQueryFilters (Display *dpy, Drawable drawable) + * Read the filter aliases + */ + _XRead16Pad (dpy, filters->alias, 2 * rep.numAliases); ++ reply_left = 8 + rep.length - 2 * rep.numAliases;; + + /* + * Read the filter names +@@ -122,9 +123,19 @@ XRenderQueryFilters (Display *dpy, Drawable drawable) + { + int l; + _XRead (dpy, &len, 1); ++ reply_left--; + l = len & 0xff; ++ if ((unsigned long)l + 1 > nbytesName) { ++ _XEatDataWords(dpy, reply_left); ++ Xfree(filters); ++ UnlockDisplay (dpy); ++ SyncHandle (); ++ return NULL; ++ } ++ nbytesName -= l + 1; + filters->filter[i] = name; + _XRead (dpy, name, l); ++ reply_left -= l; + name[l] = '\0'; + name += l + 1; + } +-- +2.10.1 + diff --git a/gnu/packages/patches/libxtst-CVE-2016-7951-CVE-2016-7952.patch b/gnu/packages/patches/libxtst-CVE-2016-7951-CVE-2016-7952.patch new file mode 100644 index 0000000000..9df6cf3f4d --- /dev/null +++ b/gnu/packages/patches/libxtst-CVE-2016-7951-CVE-2016-7952.patch @@ -0,0 +1,152 @@ +Fix CVE-2016-7951 and CVE-2016-7952 + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7951 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7952 + +Patch copied from upstream source repository: + +https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af3129ec4a7a4f4b54a0d59701beeae3 + +From 9556ad67af3129ec4a7a4f4b54a0d59701beeae3 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann <tobias@stoeckmann.org> +Date: Sun, 25 Sep 2016 21:37:01 +0200 +Subject: [PATCH] Out of boundary access and endless loop in libXtst + +A lack of range checks in libXtst allows out of boundary accesses. +The checks have to be done in-place here, because it cannot be done +without in-depth knowledge of the read data. + +If XRecordStartOfData, XRecordEndOfData, or XRecordClientDied +without a client sequence have attached data, an endless loop would +occur. The do-while-loop continues until the current index reaches +the end. But in these cases, the current index would not be +incremented, leading to an endless processing. + +Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> +Reviewed-by: Matthieu Herrb <matthieu@herrb.eu> +--- + src/XRecord.c | 43 +++++++++++++++++++++++++++++++++++++++---- + 1 file changed, 39 insertions(+), 4 deletions(-) + +diff --git a/src/XRecord.c b/src/XRecord.c +index 50420c0..fefd842 100644 +--- a/src/XRecord.c ++++ b/src/XRecord.c +@@ -749,15 +749,23 @@ parse_reply_call_callback( + switch (rep->category) { + case XRecordFromServer: + if (rep->elementHeader&XRecordFromServerTime) { ++ if (current_index + 4 > rep->length << 2) ++ return Error; + EXTRACT_CARD32(rep->clientSwapped, + reply->buf+current_index, + data->server_time); + current_index += 4; + } ++ if (current_index + 1 > rep->length << 2) ++ return Error; + switch (reply->buf[current_index]) { + case X_Reply: /* reply */ ++ if (current_index + 8 > rep->length << 2) ++ return Error; + EXTRACT_CARD32(rep->clientSwapped, + reply->buf+current_index+4, datum_bytes); ++ if (datum_bytes < 0 || datum_bytes > ((INT_MAX >> 2) - 8)) ++ return Error; + datum_bytes = (datum_bytes+8) << 2; + break; + default: /* error or event */ +@@ -766,52 +774,73 @@ parse_reply_call_callback( + break; + case XRecordFromClient: + if (rep->elementHeader&XRecordFromClientTime) { ++ if (current_index + 4 > rep->length << 2) ++ return Error; + EXTRACT_CARD32(rep->clientSwapped, + reply->buf+current_index, + data->server_time); + current_index += 4; + } + if (rep->elementHeader&XRecordFromClientSequence) { ++ if (current_index + 4 > rep->length << 2) ++ return Error; + EXTRACT_CARD32(rep->clientSwapped, + reply->buf+current_index, + data->client_seq); + current_index += 4; + } ++ if (current_index + 4 > rep->length<<2) ++ return Error; + if (reply->buf[current_index+2] == 0 + && reply->buf[current_index+3] == 0) /* needn't swap 0 */ + { /* BIG-REQUESTS */ ++ if (current_index + 8 > rep->length << 2) ++ return Error; + EXTRACT_CARD32(rep->clientSwapped, + reply->buf+current_index+4, datum_bytes); + } else { + EXTRACT_CARD16(rep->clientSwapped, + reply->buf+current_index+2, datum_bytes); + } ++ if (datum_bytes < 0 || datum_bytes > INT_MAX >> 2) ++ return Error; + datum_bytes <<= 2; + break; + case XRecordClientStarted: ++ if (current_index + 8 > rep->length << 2) ++ return Error; + EXTRACT_CARD16(rep->clientSwapped, + reply->buf+current_index+6, datum_bytes); + datum_bytes = (datum_bytes+2) << 2; + break; + case XRecordClientDied: + if (rep->elementHeader&XRecordFromClientSequence) { ++ if (current_index + 4 > rep->length << 2) ++ return Error; + EXTRACT_CARD32(rep->clientSwapped, + reply->buf+current_index, + data->client_seq); + current_index += 4; +- } +- /* fall through */ ++ } else if (current_index < rep->length << 2) ++ return Error; ++ datum_bytes = 0; ++ break; + case XRecordStartOfData: + case XRecordEndOfData: ++ if (current_index < rep->length << 2) ++ return Error; + datum_bytes = 0; ++ break; + } + + if (datum_bytes > 0) { +- if (current_index + datum_bytes > rep->length << 2) ++ if (INT_MAX - datum_bytes < (rep->length << 2) - current_index) { + fprintf(stderr, + "XRecord: %lu-byte reply claims %d-byte element (seq %lu)\n", +- (long)rep->length << 2, current_index + datum_bytes, ++ (unsigned long)rep->length << 2, current_index + datum_bytes, + dpy->last_request_read); ++ return Error; ++ } + /* + * This assignment (and indeed the whole buffer sharing + * scheme) assumes arbitrary 4-byte boundaries are +@@ -863,6 +892,12 @@ XRecordEnableContext(Display *dpy, XRecordContext context, + return 0; + } + ++ if (rep.length > INT_MAX >> 2) { ++ UnlockDisplay(dpy); ++ SyncHandle(); ++ return 0; ++ } ++ + if (rep.length > 0) { + reply = alloc_reply_buffer(info, rep.length<<2); + if (!reply) { +-- +2.10.1 + diff --git a/gnu/packages/patches/libxv-CVE-2016-5407.patch b/gnu/packages/patches/libxv-CVE-2016-5407.patch new file mode 100644 index 0000000000..e6a76c9f70 --- /dev/null +++ b/gnu/packages/patches/libxv-CVE-2016-5407.patch @@ -0,0 +1,162 @@ +Fix CVE-2016-5407: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5407 + +Patch copied from upstream source repository: + +https://cgit.freedesktop.org/xorg/lib/libXv/commit/?id=d9da580b46a28ab497de2e94fdc7b9ff953dab17 + +From d9da580b46a28ab497de2e94fdc7b9ff953dab17 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann <tobias@stoeckmann.org> +Date: Sun, 25 Sep 2016 21:30:03 +0200 +Subject: [PATCH] Protocol handling issues in libXv - CVE-2016-5407 + +The Xv query functions for adaptors and encodings suffer from out of +boundary accesses if a hostile X server sends a maliciously crafted +response. + +A previous fix already checks the received length against fixed values +but ignores additional length specifications which are stored inside +the received data. + +These lengths are accessed in a for-loop. The easiest way to guarantee +a correct processing is by validating all lengths against the +remaining size left before accessing referenced memory. + +This makes the previously applied check obsolete, therefore I removed +it. + +Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> +Reviewed-by: Matthieu Herrb <matthieu@herrb.eu> +--- + src/Xv.c | 46 +++++++++++++++++++++++++++++----------------- + 1 file changed, 29 insertions(+), 17 deletions(-) + +diff --git a/src/Xv.c b/src/Xv.c +index e47093a..be450c4 100644 +--- a/src/Xv.c ++++ b/src/Xv.c +@@ -158,6 +158,7 @@ XvQueryAdaptors( + size_t size; + unsigned int ii, jj; + char *name; ++ char *end; + XvAdaptorInfo *pas = NULL, *pa; + XvFormat *pfs, *pf; + char *buffer = NULL; +@@ -197,17 +198,13 @@ XvQueryAdaptors( + /* GET INPUT ADAPTORS */ + + if (rep.num_adaptors == 0) { +- /* If there's no adaptors, there's nothing more to do. */ ++ /* If there are no adaptors, there's nothing more to do. */ + status = Success; + goto out; + } + +- if (size < (rep.num_adaptors * sz_xvAdaptorInfo)) { +- /* If there's not enough data for the number of adaptors, +- then we have a problem. */ +- status = XvBadReply; +- goto out; +- } ++ u.buffer = buffer; ++ end = buffer + size; + + size = rep.num_adaptors * sizeof(XvAdaptorInfo); + if ((pas = Xmalloc(size)) == NULL) { +@@ -225,9 +222,12 @@ XvQueryAdaptors( + pa++; + } + +- u.buffer = buffer; + pa = pas; + for (ii = 0; ii < rep.num_adaptors; ii++) { ++ if (u.buffer + sz_xvAdaptorInfo > end) { ++ status = XvBadReply; ++ goto out; ++ } + pa->type = u.pa->type; + pa->base_id = u.pa->base_id; + pa->num_ports = u.pa->num_ports; +@@ -239,6 +239,10 @@ XvQueryAdaptors( + size = u.pa->name_size; + u.buffer += pad_to_int32(sz_xvAdaptorInfo); + ++ if (u.buffer + size > end) { ++ status = XvBadReply; ++ goto out; ++ } + if ((name = Xmalloc(size + 1)) == NULL) { + status = XvBadAlloc; + goto out; +@@ -259,6 +263,11 @@ XvQueryAdaptors( + + pf = pfs; + for (jj = 0; jj < pa->num_formats; jj++) { ++ if (u.buffer + sz_xvFormat > end) { ++ Xfree(pfs); ++ status = XvBadReply; ++ goto out; ++ } + pf->depth = u.pf->depth; + pf->visual_id = u.pf->visual; + pf++; +@@ -327,6 +336,7 @@ XvQueryEncodings( + size_t size; + unsigned int jj; + char *name; ++ char *end; + XvEncodingInfo *pes = NULL, *pe; + char *buffer = NULL; + union { +@@ -364,17 +374,13 @@ XvQueryEncodings( + /* GET ENCODINGS */ + + if (rep.num_encodings == 0) { +- /* If there's no encodings, there's nothing more to do. */ ++ /* If there are no encodings, there's nothing more to do. */ + status = Success; + goto out; + } + +- if (size < (rep.num_encodings * sz_xvEncodingInfo)) { +- /* If there's not enough data for the number of adaptors, +- then we have a problem. */ +- status = XvBadReply; +- goto out; +- } ++ u.buffer = buffer; ++ end = buffer + size; + + size = rep.num_encodings * sizeof(XvEncodingInfo); + if ((pes = Xmalloc(size)) == NULL) { +@@ -391,10 +397,12 @@ XvQueryEncodings( + pe++; + } + +- u.buffer = buffer; +- + pe = pes; + for (jj = 0; jj < rep.num_encodings; jj++) { ++ if (u.buffer + sz_xvEncodingInfo > end) { ++ status = XvBadReply; ++ goto out; ++ } + pe->encoding_id = u.pe->encoding; + pe->width = u.pe->width; + pe->height = u.pe->height; +@@ -405,6 +413,10 @@ XvQueryEncodings( + size = u.pe->name_size; + u.buffer += pad_to_int32(sz_xvEncodingInfo); + ++ if (u.buffer + size > end) { ++ status = XvBadReply; ++ goto out; ++ } + if ((name = Xmalloc(size + 1)) == NULL) { + status = XvBadAlloc; + goto out; +-- +2.10.1 + diff --git a/gnu/packages/patches/libxvmc-CVE-2016-7953.patch b/gnu/packages/patches/libxvmc-CVE-2016-7953.patch new file mode 100644 index 0000000000..737abdeb9f --- /dev/null +++ b/gnu/packages/patches/libxvmc-CVE-2016-7953.patch @@ -0,0 +1,42 @@ +Fix CVE-2016-7953: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7953 + +Patch copied from upstream source repository: + +https://cgit.freedesktop.org/xorg/lib/libXvMC/commit/?id=2cd95e7da8367cccdcdd5c9b160012d1dec5cbdb + +From 2cd95e7da8367cccdcdd5c9b160012d1dec5cbdb Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann <tobias@stoeckmann.org> +Date: Sun, 25 Sep 2016 22:34:27 +0200 +Subject: [PATCH] Avoid buffer underflow on empty strings. + +If an empty string is received from an x-server, do not underrun the +buffer by accessing "rep.nameLen - 1" unconditionally, which could end +up being -1. + +Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> +Reviewed-by: Matthieu Herrb <matthieu@herrb.eu> +--- + src/XvMC.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/XvMC.c b/src/XvMC.c +index 7336760..3ee4212 100644 +--- a/src/XvMC.c ++++ b/src/XvMC.c +@@ -576,9 +576,9 @@ Status XvMCGetDRInfo(Display *dpy, XvPortID port, + if (*name && *busID && tmpBuf) { + _XRead(dpy, tmpBuf, realSize); + strncpy(*name,tmpBuf,rep.nameLen); +- (*name)[rep.nameLen - 1] = '\0'; ++ (*name)[rep.nameLen == 0 ? 0 : rep.nameLen - 1] = '\0'; + strncpy(*busID,tmpBuf+rep.nameLen,rep.busIDLen); +- (*busID)[rep.busIDLen - 1] = '\0'; ++ (*busID)[rep.busIDLen == 0 ? 0 : rep.busIDLen - 1] = '\0'; + XFree(tmpBuf); + } else { + XFree(*name); +-- +2.10.1 + diff --git a/gnu/packages/patches/metabat-remove-compilation-date.patch b/gnu/packages/patches/metabat-remove-compilation-date.patch new file mode 100644 index 0000000000..7672205b22 --- /dev/null +++ b/gnu/packages/patches/metabat-remove-compilation-date.patch @@ -0,0 +1,16 @@ +Remove the reference to the compilation date so that the build is +reproducible. + +diff --git a/src/metabat.cpp b/src/metabat.cpp +index 88e06de..c95cb1a 100644 +--- a/src/metabat.cpp ++++ b/src/metabat.cpp +@@ -49,7 +49,7 @@ int main(int ac, char* av[]) { + po::notify(vm); + + if (vm.count("help") || inFile.length() == 0 || outFile.length() == 0) { +- cerr << "\nMetaBAT: Metagenome Binning based on Abundance and Tetranucleotide frequency (version " << version << "; " << __DATE__ << " " << __TIME__ << ")" << endl; ++ cerr << "\nMetaBAT: Metagenome Binning based on Abundance and Tetranucleotide frequency (version " << version << "; unknown compilation date)" << endl; + cerr << "by Don Kang (ddkang@lbl.gov), Jeff Froula, Rob Egan, and Zhong Wang (zhongwang@lbl.gov) \n" << endl; + cerr << desc << endl << endl; + diff --git a/gnu/packages/patches/rush-CVE-2013-6889.patch b/gnu/packages/patches/rush-CVE-2013-6889.patch deleted file mode 100644 index 862528a12c..0000000000 --- a/gnu/packages/patches/rush-CVE-2013-6889.patch +++ /dev/null @@ -1,23 +0,0 @@ -commit 00bdccd429517f12dbf37ab4397ddec3e51a2738 -Author: Mats Erik Andersson <gnu@gisladisker.se> -Date: Mon Jan 20 13:33:52 2014 +0200 - - Protect against CVE-2013-6889 (tiny change). - - Reset the effective user identification in testing mode. - -diff --git a/src/rush.c b/src/rush.c -index 45d737a..dc6518e 100644 ---- a/src/rush.c -+++ b/src/rush.c -@@ -980,6 +980,10 @@ main(int argc, char **argv) - } else if (argc > optind) - die(usage_error, NULL, _("invalid command line")); - -+ /* Relinquish root privileges in test mode */ -+ if (lint_option) -+ setuid(getuid()); -+ - if (test_user_name) { - struct passwd *pw = getpwnam(test_user_name); - if (!pw) diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 190f59400d..30b0bdd22f 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -8807,11 +8807,9 @@ library.") (base32 "17zajiw4mjbkkv6ahp3xf025qglkj0805m9s41c45zryzj6p2h39")))) (build-system python-build-system) - (arguments - `(#:phases - (modify-phases %standard-phases - (replace 'check - (lambda _ (zero? (system* "python" "./test_pathlib.py"))))))) + ;; The tests depend on the internal "test" module, which does not provide + ;; a stable interface. + (arguments `(#:tests? #f)) (home-page "https://pathlib.readthedocs.org/") (synopsis "Object-oriented file system paths") (description "Pathlib offers a set of classes to handle file system paths. diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm index 2b5938b477..a80b8f7739 100644 --- a/gnu/packages/ruby.scm +++ b/gnu/packages/ruby.scm @@ -2608,7 +2608,7 @@ multibyte strings, internationalization, time zones, and testing.") (ice-9 rdelim)) #:phases (modify-phases %standard-phases - (add-before 'build 'build-gemspec + (add-after 'unpack 'build-gemspec (lambda _ (substitute* "Rakefile" ;; Build Makefile even without a copy of gumbo-parser sources diff --git a/gnu/packages/rush.scm b/gnu/packages/rush.scm index cf9e49a7e3..36a8f2069b 100644 --- a/gnu/packages/rush.scm +++ b/gnu/packages/rush.scm @@ -26,18 +26,14 @@ (define-public rush (package (name "rush") - (version "1.7") + (version "1.8") (source (origin (method url-fetch) - (uri (string-append - "mirror://gnu/rush/rush-" - version - ".tar.gz")) + (uri (string-append "mirror://gnu/rush/rush-" + version ".tar.gz")) (sha256 (base32 - "0fh0gbbp0iiq3wbkf503xb40r8ljk42vyj9bnlflbz82d6ipy1rm")) - (patches (search-patches "cpio-gets-undeclared.patch" - "rush-CVE-2013-6889.patch")))) + "1vxdb81ify4xcyygh86250pi50krb16dkj42i5ii4ns3araiwckz")))) (build-system gnu-build-system) (home-page "http://www.gnu.org/software/rush/") (synopsis "Restricted user (login) shell") diff --git a/gnu/packages/shells.scm b/gnu/packages/shells.scm index 272fff7430..6d510c2e4c 100644 --- a/gnu/packages/shells.scm +++ b/gnu/packages/shells.scm @@ -22,6 +22,7 @@ (define-module (gnu packages shells) #:use-module (gnu packages) + #:use-module (gnu packages algebra) #:use-module (gnu packages autotools) #:use-module (gnu packages base) #:use-module (gnu packages documentation) @@ -95,11 +96,23 @@ direct descendant of NetBSD's Almquist Shell (@command{ash}).") (native-inputs `(("doxygen" ,doxygen))) (inputs - `(("ncurses" ,ncurses) + `(("bc" ,bc) + ("ncurses" ,ncurses) + ("pcre2" ,pcre2) ;don't use the bundled PCRE2 ("python" ,python-wrapper))) ;for fish_config and manpage completions (arguments '(#:tests? #f ; no check target - #:configure-flags '("--sysconfdir=/etc"))) + #:configure-flags '("--sysconfdir=/etc") + #:phases + (modify-phases %standard-phases + ;; Replace 'bc' by its absolute file name in the store. + (add-after 'unpack 'patch-bc + (lambda* (#:key inputs outputs #:allow-other-keys) + (substitute* '("share/functions/math.fish" + "share/functions/seq.fish") + (("\\| bc") + (string-append "| " (assoc-ref %build-inputs "bc") + "/bin/bc")))))))) (synopsis "The friendly interactive shell") (description "Fish (friendly interactive shell) is a shell focused on interactive use, diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 5af3e57ca4..8e9c9287fa 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -355,22 +355,22 @@ required structures.") (home-page "http://www.openssl.org/"))) (define openssl-1.0.2j - (package (inherit openssl) - (source - (let ((name "openssl") - (version "1.0.2j")) - (origin - (method url-fetch) - (uri (list (string-append "ftp://ftp.openssl.org/source/" - name "-" version ".tar.gz") - (string-append "ftp://ftp.openssl.org/source/old/" - (string-trim-right version char-set:letter) - "/" name "-" version ".tar.gz"))) - (sha256 - (base32 - "0cf4ar97ijfc7mg35zdgpad6x8ivkdx9qii6mz35khi1ps9g5bz7")) - (patches (search-patches "openssl-runpath.patch" - "openssl-c-rehash-in.patch"))))))) + (package + (inherit openssl) + (name "openssl") + (version "1.0.2j") + (source (origin + (method url-fetch) + (uri (list (string-append "ftp://ftp.openssl.org/source/" + name "-" version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/old/" + (string-trim-right version char-set:letter) + "/" name "-" version ".tar.gz"))) + (sha256 + (base32 + "0cf4ar97ijfc7mg35zdgpad6x8ivkdx9qii6mz35khi1ps9g5bz7")) + (patches (search-patches "openssl-runpath.patch" + "openssl-c-rehash-in.patch")))))) (define-public openssl-next (package diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm index c0a122379c..a4db4e774a 100644 --- a/gnu/packages/version-control.scm +++ b/gnu/packages/version-control.scm @@ -112,14 +112,14 @@ as well as the classic centralized workflow.") (define-public git (package (name "git") - (version "2.10.0") + (version "2.10.1") (source (origin (method url-fetch) (uri (string-append "mirror://kernel.org/software/scm/git/git-" version ".tar.xz")) (sha256 (base32 - "1rr9zyafb6q3wixyjar6cc7z7vdh1dqa4b5irz3gz1df02n68cy7")))) + "1ijd1b6szvfw0dmqa3dz1m5g5hbkl9xkb86a9qcjrz0w0vwjvhx9")))) (build-system gnu-build-system) (native-inputs `(("native-perl" ,perl) @@ -132,7 +132,7 @@ as well as the classic centralized workflow.") version ".tar.xz")) (sha256 (base32 - "1y92v1bxk67ilsizqnjba6hqvrsy2zvmipyd9nnz865s21yrj5ry")))))) + "049n4ashc1i0rzg19zw1h4hf1qhv1vhpjr5c3jqdcljj4yp7mzw9")))))) (inputs `(("curl" ,curl) ("expat" ,expat) diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm index 064a39b829..243a8fb44e 100644 --- a/gnu/packages/video.scm +++ b/gnu/packages/video.scm @@ -253,7 +253,7 @@ H.264 (MPEG-4 AVC) video streams.") (define-public libass (package (name "libass") - (version "0.13.2") + (version "0.13.4") (source (origin (method url-fetch) (uri (string-append @@ -261,7 +261,7 @@ H.264 (MPEG-4 AVC) video streams.") version "/libass-" version ".tar.xz")) (sha256 (base32 - "1kpsw4zw95v4cjvild9wpk73dzavn1khsm3bm32kcz6amnkd166n")))) + "1dlzkjybnpl2fkvyjq0qblb7qw12cs893bs7zj3rvf8ij342yjnq")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config) diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index 923b39ee8f..4901f116e3 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -65,6 +65,7 @@ #:use-module (gnu packages icu4c) #:use-module (gnu packages image) #:use-module (gnu packages lua) + #:use-module (gnu packages ncurses) #:use-module (gnu packages base) #:use-module (gnu packages perl) #:use-module (gnu packages python) @@ -254,7 +255,7 @@ data.") (define-public json-c (package (name "json-c") - (version "0.12") + (version "0.12.1") (source (origin (method url-fetch) (uri (string-append @@ -262,7 +263,7 @@ data.") version ".tar.gz")) (sha256 (base32 - "0gwzic3ifg2d0w32ya3agpxh8i083cgvf7kmc51cnbgqnfr02300")) + "08qibrq29a5v7g23wi5icy6l4fbfw90h9ccps6vq0bcklx8n84ra")) (modules '((guix build utils))) (snippet '(begin @@ -3737,3 +3738,35 @@ standalone and does not need inetd or ucspi-tcp. It does not need any config files---you only have to specify the www root.") (home-page "https://unix4lyfe.org/darkhttpd/") (license l:isc))) + +(define-public goaccess + (package + (name "goaccess") + (version "1.0.2") + (source (origin + (method url-fetch) + (uri (string-append "http://tar.goaccess.io/goaccess-" + version ".tar.gz")) + (sha256 + (base32 + "1w84y61f3ldg2f28q6qlyr1scn3mcx0bsbq3i5xi5w193wh3xa2q")) + (modules '((guix build utils))) + (snippet + '(substitute* "src/error.h" + (("__DATE__") "\"1970-01-01\"") + (("__TIME__") "\"00:00:00\""))))) + (build-system gnu-build-system) + (inputs + ;; TODO: Add dependency on geoip-tools. + `(("glib" ,glib) + ("ncurses" ,ncurses))) + (native-inputs + `(("pkg-config" ,pkg-config))) + (home-page "https://goaccess.io") + (synopsis "Analyze Web server logs in real time") + (description + "GoAccess is a real-time web log analyzer and interactive viewer that +runs in a terminal or through your browser. It provides fast and valuable +HTTP statistics for system administrators that require a visual server report +on the fly.") + (license l:x11))) diff --git a/gnu/packages/wordnet.scm b/gnu/packages/wordnet.scm index 289ecdeffb..357c19351b 100644 --- a/gnu/packages/wordnet.scm +++ b/gnu/packages/wordnet.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2013, 2016 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> ;;; ;;; This file is part of GNU Guix. @@ -51,7 +51,22 @@ ;; Provide the `result' field in `Tcl_Interp'. ;; See <https://bugs.gentoo.org/show_bug.cgi?id=452034>. - "CFLAGS=-DUSE_INTERP_RESULT") + ;; + ;; The 'DEFAULTPATH' string literal, which + ;; contains the output path, only appears as + ;; the operand of one 'strcpy' call. As a + ;; consequence, GCC does not store the string + ;; literal as is but instead introduces "gaps" + ;; for alignment reasons presumably---like + ;; "/gnu/sto?????re/8jp8b??????ky105…". This + ;; makes this string invisible to the GC, which + ;; in turns causes problems when running a + ;; grafted WordNet because that grafted WordNet + ;; keeps referring to the ungrafted variant, + ;; which is not protected from GC. Thus, + ;; disable use of '__builtin_strcpy' to avoid + ;; that. + "CFLAGS=-DUSE_INTERP_RESULT -O2 -fno-builtin-strcpy") #:phases (modify-phases %standard-phases (add-after 'install 'post-install diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm index 00f975bf65..3dac36a4d3 100644 --- a/gnu/packages/xorg.scm +++ b/gnu/packages/xorg.scm @@ -4602,6 +4602,7 @@ cannot be adequately worked around on the client side of the wire.") (define-public libxrender (package (name "libxrender") + (replacement libxrender/fixed) (version "0.9.9") (source (origin @@ -4626,10 +4627,19 @@ cannot be adequately worked around on the client side of the wire.") (description "Library for the Render Extension to the X11 protocol.") (license license:x11))) +(define libxrender/fixed + (package + (inherit libxrender) + (source (origin + (inherit (package-source libxrender)) + (patches (search-patches + "libxrender-CVE-2016-7949.patch" + "libxrender-CVE-2016-7950.patch")))))) (define-public libxtst (package (name "libxtst") + (replacement libxtst/fixed) (version "1.2.2") (source (origin @@ -4665,10 +4675,18 @@ The RECORD extension supports the recording and reporting of all core X protocol and arbitrary X extension protocol.") (license license:x11))) +(define libxtst/fixed + (package + (inherit libxtst) + (source (origin + (inherit (package-source libxtst)) + (patches (search-patches + "libxtst-CVE-2016-7951-CVE-2016-7952.patch")))))) (define-public libxv (package (name "libxv") + (replacement libxv/fixed) (version "1.0.10") (source (origin @@ -4694,6 +4712,13 @@ protocol and arbitrary X extension protocol.") (description "Library for the X Video Extension to the X11 protocol.") (license license:x11))) +(define libxv/fixed + (package + (inherit libxv) + (source (origin + (inherit (package-source libxv)) + (patches (search-patches + "libxv-CVE-2016-5407.patch")))))) (define-public mkfontdir (package @@ -4823,6 +4848,7 @@ an X Window System display.") (define-public libxfixes (package (name "libxfixes") + (replacement libxfixes/fixed) (version "5.0.2") (source (origin @@ -4847,6 +4873,13 @@ an X Window System display.") (description "Library for the XFixes Extension to the X11 protocol.") (license license:x11))) +(define libxfixes/fixed + (package + (inherit libxfixes) + (source (origin + (inherit (package-source libxfixes)) + (patches (search-patches + "libxfixes-CVE-2016-7944.patch")))))) (define-public libxfont (package @@ -4888,6 +4921,7 @@ new API's in libXft, or the legacy API's in libX11.") (define-public libxi (package (name "libxi") + (replacement libxi/fixed) (version "1.7.6") (source (origin @@ -4914,10 +4948,18 @@ new API's in libXft, or the legacy API's in libX11.") (description "Library for the XInput Extension to the X11 protocol.") (license license:x11))) +(define libxi/fixed + (package + (inherit libxi) + (source (origin + (inherit (package-source libxi)) + (patches (search-patches + "libxi-CVE-2016-7945-CVE-2016-7946.patch")))))) (define-public libxrandr (package (name "libxrandr") + (replacement libxrandr/fixed) (version "1.5.0") (source (origin @@ -4945,10 +4987,18 @@ new API's in libXft, or the legacy API's in libX11.") "Library for the Resize and Rotate Extension to the X11 protocol.") (license license:x11))) +(define libxrandr/fixed + (package + (inherit libxrandr) + (source (origin + (inherit (package-source libxrandr)) + (patches (search-patches + "libxrandr-CVE-2016-7947-CVE-2016-7948.patch")))))) (define-public libxvmc (package (name "libxvmc") + (replacement libxvmc/fixed) (version "1.0.9") (source (origin @@ -4974,6 +5024,13 @@ new API's in libXft, or the legacy API's in libX11.") (description "Xorg XvMC library.") (license license:x11))) +(define libxvmc/fixed + (package + (inherit libxvmc) + (source (origin + (inherit (package-source libxvmc)) + (patches (search-patches + "libxvmc-CVE-2016-7953.patch")))))) (define-public libxxf86vm (package @@ -5195,6 +5252,7 @@ draggable titlebars and borders.") (define-public libx11 (package (name "libx11") + (replacement libx11/fixed) (version "1.6.3") (source (origin @@ -5227,6 +5285,14 @@ draggable titlebars and borders.") (description "Xorg Core X11 protocol client library.") (license license:x11))) +(define libx11/fixed + (package + (inherit libx11) + (source (origin + (inherit (package-source libx11)) + (patches (search-patches + "libx11-CVE-2016-7942.patch" + "libx11-CVE-2016-7943.patch")))))) ;; packages of height 5 in the propagated-inputs tree diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm index 2ce35eaa07..2487638c52 100644 --- a/gnu/system/mapped-devices.scm +++ b/gnu/system/mapped-devices.scm @@ -150,8 +150,8 @@ TARGET (e.g., \"/dev/md0\"), using 'mdadm'." (sleep 1) (loop (+ 1 attempts)))) - (zero? (system* (string-append #$mdadm "/sbin/mdadm") - "--assemble" #$target sources)))) + (zero? (apply system* (string-append #$mdadm "/sbin/mdadm") + "--assemble" #$target sources)))) (define (close-raid-device sources target) "Return a gexp that stops the RAID device TARGET." diff --git a/guix/build/graft.scm b/guix/build/graft.scm index f85d485554..b08b65b7cf 100644 --- a/guix/build/graft.scm +++ b/guix/build/graft.scm @@ -20,7 +20,6 @@ (define-module (guix build graft) #:use-module (guix build utils) #:use-module (rnrs bytevectors) - #:use-module (rnrs io ports) #:use-module (ice-9 vlist) #:use-module (ice-9 match) #:use-module (ice-9 threads) @@ -58,7 +57,9 @@ #:optional (store (%store-directory))) "Read data from INPUT, replacing store references according to REPLACEMENT-TABLE, and writing the result to OUTPUT. REPLACEMENT-TABLE is a -vhash that maps strings (original hashes) to bytevectors (replacement hashes). +vhash that maps strings (original hashes) to bytevectors (replacement strings +comprising the replacement hash, a dash, and a string). + Note: We use string keys to work around the fact that guile-2.0 hashes all bytevectors to the same value." @@ -130,16 +131,18 @@ bytevectors to the same value." ;; that have not yet been written. (put-bytevector output buffer written (- i hash-length written)) - ;; Now write the replacement hash. + ;; Now write the replacement string. (put-bytevector output replacement) ;; Since the byte at position 'i' is a dash, ;; which is not a nix-base32 char, the earliest ;; position where the next hash might start is ;; i+1, and the earliest position where the ;; following dash might start is (+ i 1 - ;; hash-length). Also, we have now written up to - ;; position 'i' in the buffer. - (scan-from (+ i 1 hash-length) i))) + ;; hash-length). Also, increase the write + ;; position to account for REPLACEMENT. + (let ((len (bytevector-length replacement))) + (scan-from (+ i 1 len) + (+ i (- len hash-length)))))) ;; If the byte at position 'i' is a nix-base32 char, ;; then the dash we're looking for might be as early as ;; the following byte, so we can only advance by 1. @@ -213,26 +216,32 @@ an exception is caught." file name pairs." (define hash-mapping + ;; List of hash/replacement pairs, where the hash is a nix-base32 string + ;; and the replacement is a string that includes the replacement's name, + ;; like "r837zajjc1q8z9hph4b6860a9c05blyy-openssl-1.0.2j". (let* ((prefix (string-append store "/")) (start (string-length prefix)) (end (+ start hash-length))) (define (valid-hash? h) (every nix-base32-char? (string->list h))) - (define (valid-suffix? s) - (string-prefix? "-" s)) - (define (hash+suffix s) + (define (hash+rest s) (and (< end (string-length s)) - (let ((hash (substring s start end)) - (suffix (substring s end))) + (let ((hash (substring s start end)) + (all (substring s start))) (and (string-prefix? prefix s) - (valid-hash? hash) - (valid-suffix? suffix) - (list hash suffix))))) + (valid-hash? hash) + (eqv? #\- (string-ref s end)) + (list hash all))))) + (map (match-lambda - (((= hash+suffix (origin-hash suffix)) + (((= hash+rest (origin-hash origin-string)) . - (= hash+suffix (replacement-hash suffix))) - (cons origin-hash (string->utf8 replacement-hash))) + (= hash+rest (replacement-hash replacement-string))) + (unless (= (string-length origin-string) + (string-length replacement-string)) + (error "replacement length differs from the original length" + origin-string replacement-string)) + (cons origin-hash (string->utf8 replacement-string))) ((origin . replacement) (error "invalid replacement" origin replacement))) mapping))) diff --git a/guix/scripts/lint.scm b/guix/scripts/lint.scm index eac3214bbf..b3ec6d628e 100644 --- a/guix/scripts/lint.scm +++ b/guix/scripts/lint.scm @@ -683,25 +683,25 @@ from ~s: ~a (~s)~%") (define (check-vulnerabilities package) "Check for known vulnerabilities for PACKAGE." - (match (package-vulnerabilities package) - (() - #t) - ((vulnerabilities ...) - (let* ((package (or (package-replacement package) package)) - (patches (filter-map patch-file-name - (or (and=> (package-source package) - origin-patches) - '()))) - (unpatched (remove (lambda (vuln) - (find (cute string-contains - <> (vulnerability-id vuln)) - patches)) - vulnerabilities))) - (unless (null? unpatched) - (emit-warning package - (format #f (_ "probably vulnerable to ~a") - (string-join (map vulnerability-id unpatched) - ", ")))))))) + (let ((package (or (package-replacement package) package))) + (match (package-vulnerabilities package) + (() + #t) + ((vulnerabilities ...) + (let* ((patches (filter-map patch-file-name + (or (and=> (package-source package) + origin-patches) + '()))) + (unpatched (remove (lambda (vuln) + (find (cute string-contains + <> (vulnerability-id vuln)) + patches)) + vulnerabilities))) + (unless (null? unpatched) + (emit-warning package + (format #f (_ "probably vulnerable to ~a") + (string-join (map vulnerability-id unpatched) + ", "))))))))) ;;; diff --git a/tests/grafts.scm b/tests/grafts.scm index 13c56750ed..f2ff839fd8 100644 --- a/tests/grafts.scm +++ b/tests/grafts.scm @@ -80,6 +80,25 @@ (string=? (readlink (string-append grafted "/self")) grafted)))))) +(test-assert "graft-derivation, grafted item uses a different name" + (let* ((build `(begin + (mkdir %output) + (chdir %output) + (symlink %output "self") + (symlink ,%bash "sh"))) + (orig (build-expression->derivation %store "grafted" build + #:inputs `(("a" ,%bash)))) + (repl (add-text-to-store %store "BaSH" "fake bash")) + (grafted (graft-derivation %store orig + (list (graft + (origin %bash) + (replacement repl)))))) + (and (build-derivations %store (list grafted)) + (let ((grafted (derivation->output-path grafted))) + (and (string=? (readlink (string-append grafted "/sh")) repl) + (string=? (readlink (string-append grafted "/self")) + grafted)))))) + ;; Make sure 'derivation-file-name' always gets to see an absolute file name. (fluid-set! %file-port-name-canonicalization 'absolute) diff --git a/tests/lint.scm b/tests/lint.scm index df69d2b4b1..d692b42f93 100644 --- a/tests/lint.scm +++ b/tests/lint.scm @@ -36,6 +36,7 @@ #:use-module (web server) #:use-module (web server http) #:use-module (web response) + #:use-module (ice-9 match) #:use-module (ice-9 threads) #:use-module (srfi srfi-9 gnu) #:use-module (srfi srfi-64)) @@ -613,6 +614,28 @@ string) on HTTP requests." (patches (list "/a/b/pi-CVE-2015-1234.patch")))))))))) +(test-assert "cve: vulnerability fixed in replacement version" + (mock ((guix scripts lint) package-vulnerabilities + (lambda (package) + (match (package-version package) + ("0" + (list (make-struct (@@ (guix cve) <vulnerability>) 0 + "CVE-2015-1234" + (list (cons (package-name package) + (package-version package)))))) + ("1" + '())))) + (and (not (string-null? + (with-warnings + (check-vulnerabilities + (dummy-package "foo" (version "0")))))) + (string-null? + (with-warnings + (check-vulnerabilities + (dummy-package + "foo" (version "0") + (replacement (dummy-package "foo" (version "1")))))))))) + (test-assert "cve: patched vulnerability in replacement" (mock ((guix scripts lint) package-vulnerabilities (lambda (package) |