aboutsummaryrefslogtreecommitdiff
path: root/gnu
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2014-12-26 23:31:04 +0100
committerLudovic Courtès <ludo@gnu.org>2014-12-26 23:31:04 +0100
commit763a401ed185d39119289c670c1eb250ace13ed9 (patch)
tree20c989b7c6d571e388e1707af275a946b7757ecb /gnu
parent94264407815da63c5f07a519cd41838e35ab464e (diff)
parentbf7688fe4d8624ed9bddc8f7f3887df5f1fc3957 (diff)
downloadguix-763a401ed185d39119289c670c1eb250ace13ed9.tar
guix-763a401ed185d39119289c670c1eb250ace13ed9.tar.gz
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu')
-rw-r--r--gnu/packages.scm41
-rw-r--r--gnu/packages/bioinformatics.scm116
-rw-r--r--gnu/packages/compression.scm20
-rw-r--r--gnu/packages/game-development.scm48
-rw-r--r--gnu/packages/ghostscript.scm11
-rw-r--r--gnu/packages/gnome.scm89
-rw-r--r--gnu/packages/gnuzilla.scm15
-rw-r--r--gnu/packages/groff.scm12
-rw-r--r--gnu/packages/linux.scm4
-rw-r--r--gnu/packages/ntp.scm34
-rw-r--r--gnu/packages/patches/icecat-CVE-2014-1587-bug-1042567.patch30
-rw-r--r--gnu/packages/patches/icecat-CVE-2014-1587-bug-1072847.patch19
-rw-r--r--gnu/packages/patches/icecat-CVE-2014-1587-bug-1079729.patch191
-rw-r--r--gnu/packages/patches/icecat-CVE-2014-1587-bug-1080312.patch308
-rw-r--r--gnu/packages/patches/icecat-CVE-2014-1587-bug-1089207.patch119
-rw-r--r--gnu/packages/patches/icecat-CVE-2014-1590.patch33
-rw-r--r--gnu/packages/patches/icecat-CVE-2014-1592.patch400
-rw-r--r--gnu/packages/patches/icecat-CVE-2014-1593.patch154
-rw-r--r--gnu/packages/patches/icecat-CVE-2014-1594.patch34
-rw-r--r--gnu/packages/patches/xfce4-panel-plugins.patch115
-rw-r--r--gnu/packages/perl.scm109
-rw-r--r--gnu/packages/python.scm266
-rw-r--r--gnu/packages/qemu.scm4
-rw-r--r--gnu/packages/tmux.scm4
-rw-r--r--gnu/packages/video.scm4
-rw-r--r--gnu/packages/xdisorg.scm42
-rw-r--r--gnu/packages/xfce.scm68
-rw-r--r--gnu/services/base.scm121
-rw-r--r--gnu/services/networking.scm72
-rw-r--r--gnu/services/xorg.scm71
-rw-r--r--gnu/system/install.scm13
31 files changed, 2410 insertions, 157 deletions
diff --git a/gnu/packages.scm b/gnu/packages.scm
index c9efd0d691..6109d1f896 100644
--- a/gnu/packages.scm
+++ b/gnu/packages.scm
@@ -105,24 +105,29 @@
(append environment `((,%distro-root-directory . "gnu/packages"))))))
(define* (scheme-files directory)
- "Return the list of Scheme files found under DIRECTORY."
- (file-system-fold (const #t) ; enter?
- (lambda (path stat result) ; leaf
- (if (string-suffix? ".scm" path)
- (cons path result)
- result))
- (lambda (path stat result) ; down
- result)
- (lambda (path stat result) ; up
- result)
- (const #f) ; skip
- (lambda (path stat errno result)
- (warning (_ "cannot access `~a': ~a~%")
- path (strerror errno))
- result)
- '()
- directory
- stat))
+ "Return the list of Scheme files found under DIRECTORY, recursively. The
+returned list is sorted in alphabetical order."
+
+ ;; Sort entries so that 'fold-packages' works in a deterministic fashion
+ ;; regardless of details of the underlying file system.
+ (sort (file-system-fold (const #t) ; enter?
+ (lambda (path stat result) ; leaf
+ (if (string-suffix? ".scm" path)
+ (cons path result)
+ result))
+ (lambda (path stat result) ; down
+ result)
+ (lambda (path stat result) ; up
+ result)
+ (const #f) ; skip
+ (lambda (path stat errno result)
+ (warning (_ "cannot access `~a': ~a~%")
+ path (strerror errno))
+ result)
+ '()
+ directory
+ stat)
+ string<?))
(define file-name->module-name
(let ((not-slash (char-set-complement (char-set #\/))))
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index 6f6178a3ff..ff6c3379af 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -28,6 +28,113 @@
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages python))
+(define-public bedtools
+ (package
+ (name "bedtools")
+ (version "2.22.0")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/arq5x/bedtools2/archive/v"
+ version ".tar.gz"))
+ (sha256
+ (base32
+ "16aq0w3dmbd0853j32xk9jin4vb6v6fgakfyvrsmsjizzbn3fpfl"))))
+ (build-system gnu-build-system)
+ (native-inputs `(("python" ,python-2)))
+ (inputs `(("samtools" ,samtools)
+ ("zlib" ,zlib)))
+ (arguments
+ '(#:test-target "test"
+ #:phases
+ (alist-cons-after
+ 'unpack 'patch-makefile-SHELL-definition
+ (lambda _
+ ;; patch-makefile-SHELL cannot be used here as it does not
+ ;; yet patch definitions with `:='. Since changes to
+ ;; patch-makefile-SHELL result in a full rebuild, features
+ ;; of patch-makefile-SHELL are reimplemented here.
+ (substitute* "Makefile"
+ (("^SHELL := .*$") (string-append "SHELL := " (which "bash") " -e \n"))))
+ (alist-delete
+ 'configure
+ (alist-replace
+ 'install
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((bin (string-append (assoc-ref outputs "out") "/bin/")))
+ (mkdir-p bin)
+ (for-each (lambda (file)
+ (copy-file file (string-append bin (basename file))))
+ (find-files "bin" ".*"))))
+ %standard-phases)))))
+ (home-page "https://github.com/arq5x/bedtools2")
+ (synopsis "Tools for genome analysis and arithmetic")
+ (description
+ "Collectively, the bedtools utilities are a swiss-army knife of tools for
+a wide-range of genomics analysis tasks. The most widely-used tools enable
+genome arithmetic: that is, set theory on the genome. For example, bedtools
+allows one to intersect, merge, count, complement, and shuffle genomic
+intervals from multiple files in widely-used genomic file formats such as BAM,
+BED, GFF/GTF, VCF.")
+ (license license:gpl2)))
+
+(define-public bowtie
+ (package
+ (name "bowtie")
+ (version "2.2.4")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/BenLangmead/bowtie2/archive/v"
+ version ".tar.gz"))
+ (sha256
+ (base32
+ "15dnbqippwvhyh9zqjhaxkabk7lm1xbh1nvar1x4b5kwm117zijn"))
+ (modules '((guix build utils)))
+ (snippet
+ '(substitute* "Makefile"
+ (("^CC = .*$") "CC = gcc")
+ (("^CPP = .*$") "CPP = g++")
+ ;; replace BUILD_HOST and BUILD_TIME for deterministic build
+ (("-DBUILD_HOST=.*") "-DBUILD_HOST=\"\\\"guix\\\"\"")
+ (("-DBUILD_TIME=.*") "-DBUILD_TIME=\"\\\"0\\\"\"")))))
+ (build-system gnu-build-system)
+ (inputs `(("perl" ,perl)
+ ("perl-clone" ,perl-clone)
+ ("perl-test-deep" ,perl-test-deep)
+ ("perl-test-simple" ,perl-test-simple)
+ ("python" ,python-2)))
+ (arguments
+ '(#:make-flags '("allall")
+ #:phases
+ (alist-delete
+ 'configure
+ (alist-replace
+ 'install
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((bin (string-append (assoc-ref outputs "out") "/bin/")))
+ (mkdir-p bin)
+ (for-each (lambda (file)
+ (copy-file file (string-append bin file)))
+ (find-files "." "bowtie2.*"))))
+ (alist-replace
+ 'check
+ (lambda* (#:key outputs #:allow-other-keys)
+ (system* "perl"
+ "scripts/test/simple_tests.pl"
+ "--bowtie2=./bowtie2"
+ "--bowtie2-build=./bowtie2-build"))
+ %standard-phases)))))
+ (home-page "http://bowtie-bio.sourceforge.net/bowtie2/index.shtml")
+ (synopsis "Fast and sensitive nucleotide sequence read aligner")
+ (description
+ "Bowtie 2 is a fast and memory-efficient tool for aligning sequencing
+reads to long reference sequences. It is particularly good at aligning reads
+of about 50 up to 100s or 1,000s of characters, and particularly good at
+aligning to relatively long (e.g. mammalian) genomes. Bowtie 2 indexes the
+genome with an FM Index to keep its memory footprint small: for the human
+genome, its memory footprint is typically around 3.2 GB. Bowtie 2 supports
+gapped, local, and paired-end alignment modes.")
+ (license license:gpl3+)))
+
(define-public samtools
(package
(name "samtools")
@@ -43,7 +150,14 @@
"1y5p2hs4gif891b4ik20275a8xf3qrr1zh9wpysp4g8m0g1jckf2"))))
(build-system gnu-build-system)
(arguments
- '(#:make-flags (list (string-append "prefix=" (assoc-ref %outputs "out")))
+ `(;; There are 87 test failures when building on non-64-bit architectures
+ ;; due to invalid test data. This has since been fixed upstream (see
+ ;; <https://github.com/samtools/samtools/pull/307>), but as there has
+ ;; not been a new release we disable the tests for all non-64-bit
+ ;; systems.
+ #:tests? ,(string=? (or (%current-system) (%current-target-system))
+ "x86_64-linux")
+ #:make-flags (list (string-append "prefix=" (assoc-ref %outputs "out")))
#:phases
(alist-cons-after
'unpack
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 7c22300dd1..f2736b9eb3 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -70,6 +70,26 @@ independent of the input data and can be reduced, if necessary, at some cost
in compression.")
(license license:zlib)))
+(define-public fastjar
+ (package
+ (name "fastjar")
+ (version "0.98")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://savannah/fastjar/fastjar-"
+ version ".tar.gz"))
+ (sha256
+ (base32
+ "0iginbz2m15hcsa3x4y7v3mhk54gr1r7m3ghx0pg4n46vv2snmpi"))))
+ (build-system gnu-build-system)
+ (inputs `(("zlib" ,zlib)))
+ (home-page "http://savannah.nongnu.org/projects/fastjar")
+ (synopsis "Replacement for Sun's 'jar' utility")
+ (description
+ "FastJar is an attempt to create a much faster replacement for Sun's 'jar'
+utility. Instead of being written in Java, FastJar is written in C.")
+ (license license:gpl2+)))
+
(define-public gzip
(package
(name "gzip")
diff --git a/gnu/packages/game-development.scm b/gnu/packages/game-development.scm
new file mode 100644
index 0000000000..056b3681a7
--- /dev/null
+++ b/gnu/packages/game-development.scm
@@ -0,0 +1,48 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2014 Tomáš Čech <sleep_walker@suse.cz>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages game-development)
+ #:use-module (guix licenses)
+ #:use-module (guix packages)
+ #:use-module (guix download)
+ #:use-module (guix build-system cmake)
+ #:use-module (gnu packages))
+
+(define-public bullet
+ (package
+ (name "bullet")
+ (version "2.82-r2704")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://bullet.googlecode.com/files/bullet-"
+ version ".tgz"))
+ (sha256
+ (base32
+ "1lnfksxa9b1slyfcxys313ymsllvbsnxh9np06azkbgpfvmwkr37"))))
+ (build-system cmake-build-system)
+ (arguments '(#:tests? #f ; no 'test' target
+ #:configure-flags (list
+ (string-append
+ "-DCMAKE_CXX_FLAGS=-fPIC "
+ (or (getenv "CXXFLAGS") "")))))
+ (home-page "http://bulletphysics.org/")
+ (synopsis "3D physics engine library")
+ (description
+ "Bullet is a physics engine library usable for collision detection. It
+is used in some video games and movies.")
+ (license zlib)))
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index f21eeadf45..405b4e744e 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
+;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -33,14 +34,14 @@
(define-public lcms
(package
(name "lcms")
- (version "2.4")
+ (version "2.6")
(source (origin
(method url-fetch)
(uri (string-append
"http://downloads.sourceforge.net/project/lcms/lcms/"
version "/lcms2-" version ".tar.gz"))
(sha256 (base32
- "1s1ppvqaydf2yqc72mw6zfviwxccb311a6hrbi802sgjxw84sl9a"))))
+ "1c8lgq8gfs3nyplvbx9k8wzfj6r2bqi3f611vb1m8z3476454wji"))))
(build-system gnu-build-system)
(inputs `(("libjpeg-8" ,libjpeg-8)
("libtiff" ,libtiff)
@@ -118,13 +119,13 @@ printing, and psresize, for adjusting page sizes.")
(define-public ghostscript
(package
(name "ghostscript")
- (version "9.06.0")
+ (version "9.14.0")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/ghostscript/gnu-ghostscript-"
version ".tar.xz"))
(sha256 (base32
- "0bcg2203p7cm0f53f3s883xhj2c91xnaxakj2cy7kcdknfxplvs4"))))
+ "0q4jj41p0qbr4mgcc9q78f5zs8cm1g57wgryhsm2yq4lfslm3ib1"))))
(build-system gnu-build-system)
(inputs `(("freetype" ,freetype)
("lcms" ,lcms)
@@ -160,7 +161,7 @@ printing, and psresize, for adjusting page sizes.")
file format. It also includes a C library that implements the graphics
capabilities of the PostScript language. It supports a wide variety of
output file formats and printers.")
- (license license:gpl3+)
+ (license license:agpl3+)
(home-page "http://www.gnu.org/software/ghostscript/")))
(define-public gs-fonts
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 1d3ce25421..d9a22b41bb 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -47,7 +47,8 @@
#:use-module (gnu packages gl)
#:use-module (gnu packages compression)
#:use-module (gnu packages xorg)
- #:use-module (gnu packages xdisorg))
+ #:use-module (gnu packages xdisorg)
+ #:use-module (gnu packages ncurses))
(define-public brasero
(package
@@ -1292,3 +1293,89 @@ engineering.")
(description
"The default GNOME 3 themes (Adwaita and some accessibility themes).")
(license license:lgpl2.1+)))
+
+(define-public vala
+ (package
+ (name "vala")
+ (version "0.26.1")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://gnome/sources/" name "/"
+ (version-major+minor version) "/"
+ name "-" version ".tar.xz"))
+ (sha256
+ (base32
+ "0swyym2papln0f62ah05dpvq3vv6fssap26jq2zqp9dkkaqsn1w4"))))
+ (build-system gnu-build-system)
+ (arguments '(#:make-flags '("CC=gcc")))
+ (native-inputs
+ `(("pkg-config" ,pkg-config)
+ ("flex" ,flex)
+ ("bison" ,bison)
+ ("xsltproc" ,libxslt)
+ ("dbus" ,dbus) ; for dbus tests
+ ("gobject-introspection" ,gobject-introspection))) ; for gir tests
+ (propagated-inputs
+ `(("glib" ,glib))) ; required by libvala-0.26.pc
+ (home-page "http://live.gnome.org/Vala/")
+ (synopsis "Compiler for the GObject type system")
+ (description
+ "Vala is a programming language that aims to bring modern programming
+language features to GNOME developers without imposing any additional runtime
+requirements and without using a different ABI compared to applications and
+libraries written in C.")
+ (license license:lgpl2.1+)))
+
+(define-public vte
+ (package
+ (name "vte")
+ (version "0.38.2")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://gnome/sources/" name "/"
+ (version-major+minor version) "/"
+ name "-" version ".tar.xz"))
+ (sha256
+ (base32
+ "1rbxrigff9yszbgdw0gw4c2saz4d1hbbpz21phzxx14w49wvmnmj"))))
+ (build-system gnu-build-system)
+ (native-inputs
+ `(("pkg-config" ,pkg-config)
+ ("intltool" ,intltool)
+ ("vala" ,vala)
+ ("gobject-introspection" ,gobject-introspection)
+ ("glib" ,glib "bin") ; for glib-genmarshal, etc.
+ ("xmllint" ,libxml2)))
+ (propagated-inputs
+ `(("gtk+" ,gtk+))) ; required by libvte-2.91.pc
+ (home-page "http://www.gnome.org/")
+ (synopsis "Virtual Terminal Emulator")
+ (description
+ "VTE is a library (libvte) implementing a terminal emulator widget for
+GTK+, and a minimal sample application (vte) using that. Vte is mainly used in
+gnome-terminal, but can also be used to embed a console/terminal in games,
+editors, IDEs, etc.")
+ (license license:lgpl2.1+)))
+
+;; stable version for gtk2, required by xfce4-terminal.
+(define-public vte/gtk+-2
+ (package (inherit vte)
+ (name "vte")
+ (version "0.28.2")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://gnome/sources/" name "/"
+ (version-major+minor version) "/"
+ name "-" version ".tar.xz"))
+ (sha256
+ (base32
+ "1bmhahkf8wdsra9whd3k5l5z4rv7r58ksr8mshzajgq2ma0hpkw6"))))
+ (arguments
+ '(#:configure-flags '("--disable-python")))
+ (native-inputs
+ `(("pkg-config" ,pkg-config)
+ ("intltool" ,intltool)
+ ("glib" ,glib "bin"))) ; for glib-genmarshal, etc.
+ (propagated-inputs
+ `(("gtk+" ,gtk+-2) ; required by libvte.pc
+ ("ncurses" ,ncurses))))) ; required by libvte.la
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 2781447685..3ebc20dffa 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -1,6 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
-;;; Copyright © 2013 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
;;;
;;; This file is part of GNU Guix.
@@ -53,7 +53,17 @@
version "/" name "-" version ".tar.xz"))
(sha256
(base32
- "02r9klfc0z26w270inq652249hq0wfzvwhzvwmk0n8v8nzkk5idh"))))
+ "02r9klfc0z26w270inq652249hq0wfzvwhzvwmk0n8v8nzkk5idh"))
+ (patches (map search-patch
+ '("icecat-CVE-2014-1587-bug-1042567.patch"
+ "icecat-CVE-2014-1587-bug-1072847.patch"
+ "icecat-CVE-2014-1587-bug-1079729.patch"
+ "icecat-CVE-2014-1587-bug-1080312.patch"
+ "icecat-CVE-2014-1587-bug-1089207.patch"
+ "icecat-CVE-2014-1590.patch"
+ "icecat-CVE-2014-1592.patch"
+ "icecat-CVE-2014-1593.patch"
+ "icecat-CVE-2014-1594.patch")))))
(build-system gnu-build-system)
(inputs
`(("alsa-lib" ,alsa-lib)
@@ -90,6 +100,7 @@
"--disable-debug"
"--disable-debug-symbols"
+ "--enable-pulseaudio"
"--disable-webrtc" ; webrtc fails to build
"--with-system-zlib"
diff --git a/gnu/packages/groff.scm b/gnu/packages/groff.scm
index ad7cff32e1..e7a0026d9e 100644
--- a/gnu/packages/groff.scm
+++ b/gnu/packages/groff.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
+;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -31,20 +32,21 @@
(define-public groff
(package
(name "groff")
- (version "1.22.2")
+ (version "1.22.3")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/groff/groff-" version
".tar.gz"))
(sha256 (base32
- "0xi07nhj5vdgax37rj25mwxzdmsz1ifx50hjgc6hqbkpqkd6821q"))))
+ "1998v2kcs288d3y7kfxpvl369nqi06zbbvjzafyvyl3pr7bajj1s"))))
(build-system gnu-build-system)
(inputs `(("ghostscript" ,ghostscript)
("netpbm" ,netpbm)))
(native-inputs `(("bison" ,bison)
- ("perl" ,perl)
- ("psutils" ,psutils)
- ("texinfo" ,texinfo)))
+ ("perl" ,perl)
+ ("psutils" ,psutils)
+ ("texinfo" ,texinfo)))
+ (arguments '(#:parallel-build? #f)) ; parallel build fails
(synopsis "Typesetting from plain text mixed with formatting commands")
(description
"Groff is a typesetting package that reads plain text and produces
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 3f83711f32..a2708a290f 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -192,7 +192,7 @@ for SYSTEM, or #f if there is no configuration for SYSTEM."
#f)))
(define-public linux-libre
- (let* ((version "3.18")
+ (let* ((version "3.18.1")
(build-phase
'(lambda* (#:key system inputs #:allow-other-keys #:rest args)
;; Apply the neat patch.
@@ -265,7 +265,7 @@ for SYSTEM, or #f if there is no configuration for SYSTEM."
(uri (linux-libre-urls version))
(sha256
(base32
- "1kv03bhls9rya4sg3qixyjirc79pn2g5bcwldcj7hs4apa77sd0g"))))
+ "0yj6sz9cvsbhrc9jksr4wgg63crzmqh65903l7bq9k0gz1f3x1s8"))))
(build-system gnu-build-system)
(native-inputs `(("perl" ,perl)
("bc" ,bc)
diff --git a/gnu/packages/ntp.scm b/gnu/packages/ntp.scm
index 8e6ed4fd3c..b2c520605a 100644
--- a/gnu/packages/ntp.scm
+++ b/gnu/packages/ntp.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright 2014 John Darrington <jmd@gnu.org>
+;;; Copyright © 2014 John Darrington <jmd@gnu.org>
+;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -20,8 +21,11 @@
#:use-module (gnu packages)
#:use-module (gnu packages which)
#:use-module (gnu packages linux)
- #:use-module (guix licenses)
+ #:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages openssl)
+ #:use-module ((guix licenses) #:prefix l:)
#:use-module (guix packages)
+ #:use-module (guix utils)
#:use-module (guix download)
#:use-module (guix build-system gnu)
#:use-module (srfi srfi-1))
@@ -29,29 +33,31 @@
(define-public ntp
(package
(name "ntp")
- (version "4.2.6p5")
+ (version "4.2.8")
(source (origin
(method url-fetch)
(uri (string-append
- "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-"
- (string-join (take (string-split version #\.) 2) ".")
+ "http://archive.ntp.org/ntp4/ntp-"
+ (version-major+minor version)
"/ntp-" version ".tar.gz"))
(sha256
(base32
- "077r69a41hasl8zf5c44km7cqgfhrkaj6a4jnr75j7nkz5qq7ayn"))))
- (native-inputs `(("which" ,which)))
+ "1vnqa1542d01xmlkw8f3rq57y360b2j7yxkkg9b11955nvw0v4if"))))
+ (native-inputs `(("which" ,which)
+ ("pkg-config" ,pkg-config)))
(inputs
- ;; Build with POSIX capabilities support on GNU/Linux. This allows 'ntpd'
- ;; to run as non-root (when invoked with '-u'.)
- (if (string-suffix? "-linux"
- (or (%current-target-system) (%current-system)))
- `(("libcap" ,libcap))
- '()))
+ `(("openssl" ,openssl)
+ ;; Build with POSIX capabilities support on GNU/Linux. This allows 'ntpd'
+ ;; to run as non-root (when invoked with '-u'.)
+ ,@(if (string-suffix? "-linux"
+ (or (%current-target-system) (%current-system)))
+ `(("libcap" ,libcap))
+ '())))
(build-system gnu-build-system)
(synopsis "Real time clock synchonization system")
(description "NTP is a system designed to synchronize the clocks of
computers over a network.")
- (license (x11-style
+ (license (l:x11-style
"http://www.eecis.udel.edu/~mills/ntp/html/copyright.html"
"A non-copyleft free licence from the University of Delaware"))
(home-page "http://www.ntp.org")))
diff --git a/gnu/packages/patches/icecat-CVE-2014-1587-bug-1042567.patch b/gnu/packages/patches/icecat-CVE-2014-1587-bug-1042567.patch
new file mode 100644
index 0000000000..4e45e3062f
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2014-1587-bug-1042567.patch
@@ -0,0 +1,30 @@
+commit 60529fc02cf10482d8fecd699eea271ddc22bcb9
+Author: Jason Orendorff <jorendorff@mozilla.com>
+Date: Thu Aug 28 15:43:57 2014 -0500
+
+ Bug 1042567 - Reflect JSPropertyOp properties more consistently as data properties. r=efaust, a=lmandel
+
+ Modified js/src/jsobj.cpp
+diff --git a/js/src/jsobj.cpp b/js/src/jsobj.cpp
+index 2745509..ad336f3 100644
+--- a/js/src/jsobj.cpp
++++ b/js/src/jsobj.cpp
+@@ -235,11 +235,18 @@ js::GetOwnPropertyDescriptor(JSContext *cx, HandleObject obj, HandleId id,
+ if (pobj->isNative()) {
+ desc.setAttributes(GetShapeAttributes(pobj, shape));
+ if (desc.hasGetterOrSetterObject()) {
++ MOZ_ASSERT(desc.isShared());
+ doGet = false;
+ if (desc.hasGetterObject())
+ desc.setGetterObject(shape->getterObject());
+ if (desc.hasSetterObject())
+ desc.setSetterObject(shape->setterObject());
++ } else {
++ // This is either a straight-up data property or (rarely) a
++ // property with a JSPropertyOp getter/setter. The latter must be
++ // reported to the caller as a plain data property, so don't
++ // populate desc.getter/setter, and mask away the SHARED bit.
++ desc.attributesRef() &= ~JSPROP_SHARED;
+ }
+ } else {
+ if (!JSObject::getGenericAttributes(cx, pobj, id, &desc.attributesRef()))
diff --git a/gnu/packages/patches/icecat-CVE-2014-1587-bug-1072847.patch b/gnu/packages/patches/icecat-CVE-2014-1587-bug-1072847.patch
new file mode 100644
index 0000000000..448b096b81
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2014-1587-bug-1072847.patch
@@ -0,0 +1,19 @@
+commit 5d91f3b10f999e852e0392470198bd6aefc87e1e
+Author: Jeff Muizelaar <jmuizelaar@mozilla.com>
+Date: Tue Oct 28 10:08:25 2014 -0400
+
+ Bug 1072847 - Initialize mSurface. r=BenWa, a=bkerensa
+
+ Modified gfx/2d/DrawTargetCairo.cpp
+diff --git a/gfx/2d/DrawTargetCairo.cpp b/gfx/2d/DrawTargetCairo.cpp
+index 48c2c73..78d9e4f 100644
+--- a/gfx/2d/DrawTargetCairo.cpp
++++ b/gfx/2d/DrawTargetCairo.cpp
+@@ -353,6 +353,7 @@ NeedIntermediateSurface(const Pattern& aPattern, const DrawOptions& aOptions)
+
+ DrawTargetCairo::DrawTargetCairo()
+ : mContext(nullptr)
++ , mSurface(nullptr)
+ , mLockedBits(nullptr)
+ {
+ }
diff --git a/gnu/packages/patches/icecat-CVE-2014-1587-bug-1079729.patch b/gnu/packages/patches/icecat-CVE-2014-1587-bug-1079729.patch
new file mode 100644
index 0000000000..3ef60baaad
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2014-1587-bug-1079729.patch
@@ -0,0 +1,191 @@
+commit 5de6730cc26744b9efcf4d4adb4a4c45023ef8a0
+Author: Randell Jesup <rjesup@jesup.org>
+Date: Tue Oct 28 11:06:00 2014 -0400
+
+ Bug 1079729: Fix handling of increasing number of SCTP channels used by DataChannels r=tuexen a=lsblakk
+
+ Modified media/webrtc/signaling/src/sipcc/core/gsm/h/fsm.h
+diff --git a/media/webrtc/signaling/src/sipcc/core/gsm/h/fsm.h b/media/webrtc/signaling/src/sipcc/core/gsm/h/fsm.h
+index ba8e1ff..8d964f1 100755
+--- a/media/webrtc/signaling/src/sipcc/core/gsm/h/fsm.h
++++ b/media/webrtc/signaling/src/sipcc/core/gsm/h/fsm.h
+@@ -225,7 +225,7 @@ typedef struct fsmdef_media_t_ {
+ /*
+ * Data Channel properties
+ */
+-#define WEBRTC_DATACHANNEL_STREAMS_DEFAULT 16
++#define WEBRTC_DATACHANNEL_STREAMS_DEFAULT 256
+ uint32 datachannel_streams;
+ char datachannel_protocol[SDP_MAX_STRING_LEN + 1];
+
+ Modified netwerk/sctp/datachannel/DataChannel.cpp
+diff --git a/netwerk/sctp/datachannel/DataChannel.cpp b/netwerk/sctp/datachannel/DataChannel.cpp
+index 414e3db..a00d938 100644
+--- a/netwerk/sctp/datachannel/DataChannel.cpp
++++ b/netwerk/sctp/datachannel/DataChannel.cpp
+@@ -910,10 +910,12 @@ DataChannelConnection::RequestMoreStreams(int32_t aNeeded)
+ uint32_t outStreamsNeeded;
+ socklen_t len;
+
+- if (aNeeded + mStreams.Length() > MAX_NUM_STREAMS)
++ if (aNeeded + mStreams.Length() > MAX_NUM_STREAMS) {
+ aNeeded = MAX_NUM_STREAMS - mStreams.Length();
+- if (aNeeded <= 0)
++ }
++ if (aNeeded <= 0) {
+ return false;
++ }
+
+ len = (socklen_t)sizeof(struct sctp_status);
+ if (usrsctp_getsockopt(mMasterSocket, IPPROTO_SCTP, SCTP_STATUS, &status, &len) < 0) {
+@@ -922,19 +924,25 @@ DataChannelConnection::RequestMoreStreams(int32_t aNeeded)
+ }
+ outStreamsNeeded = aNeeded; // number to add
+
+- memset(&sas, 0, sizeof(struct sctp_add_streams));
++ // Note: if multiple channel opens happen when we don't have enough space,
++ // we'll call RequestMoreStreams() multiple times
++ memset(&sas, 0, sizeof(sas));
+ sas.sas_instrms = 0;
+ sas.sas_outstrms = (uint16_t)outStreamsNeeded; /* XXX error handling */
+ // Doesn't block, we get an event when it succeeds or fails
+ if (usrsctp_setsockopt(mMasterSocket, IPPROTO_SCTP, SCTP_ADD_STREAMS, &sas,
+ (socklen_t) sizeof(struct sctp_add_streams)) < 0) {
+- if (errno == EALREADY)
++ if (errno == EALREADY) {
++ LOG(("Already have %u output streams", outStreamsNeeded));
+ return true;
++ }
+
+ LOG(("***failed: setsockopt ADD errno=%d", errno));
+ return false;
+ }
+ LOG(("Requested %u more streams", outStreamsNeeded));
++ // We add to mStreams when we get a SCTP_STREAM_CHANGE_EVENT and the
++ // values are larger than mStreams.Length()
+ return true;
+ }
+
+@@ -1050,6 +1058,13 @@ DataChannelConnection::SendDeferredMessages()
+ channel->mFlags & DATA_CHANNEL_FLAGS_OUT_OF_ORDER_ALLOWED,
+ channel->mPrPolicy, channel->mPrValue)) {
+ channel->mFlags &= ~DATA_CHANNEL_FLAGS_SEND_REQ;
++
++ channel->mState = OPEN;
++ channel->mReady = true;
++ LOG(("%s: sending ON_CHANNEL_OPEN for %p", __FUNCTION__, channel.get()));
++ NS_DispatchToMainThread(new DataChannelOnMessageAvailable(
++ DataChannelOnMessageAvailable::ON_CHANNEL_OPEN, this,
++ channel));
+ sent = true;
+ } else {
+ if (errno == EAGAIN || errno == EWOULDBLOCK) {
+@@ -1177,6 +1192,7 @@ DataChannelConnection::HandleOpenRequestMessage(const struct rtcweb_datachannel_
+ prPolicy = SCTP_PR_SCTP_TTL;
+ break;
+ default:
++ LOG(("Unknown channel type", req->channel_type));
+ /* XXX error handling */
+ return;
+ }
+@@ -1203,6 +1219,10 @@ DataChannelConnection::HandleOpenRequestMessage(const struct rtcweb_datachannel_
+ }
+ return;
+ }
++ if (stream >= mStreams.Length()) {
++ LOG(("%s: stream %u out of bounds (%u)", __FUNCTION__, stream, mStreams.Length()));
++ return;
++ }
+
+ nsCString label(nsDependentCSubstring(&req->label[0], ntohs(req->label_length)));
+ nsCString protocol(nsDependentCSubstring(&req->label[ntohs(req->label_length)],
+@@ -1220,8 +1240,8 @@ DataChannelConnection::HandleOpenRequestMessage(const struct rtcweb_datachannel_
+
+ channel->mState = DataChannel::WAITING_TO_OPEN;
+
+- LOG(("%s: sending ON_CHANNEL_CREATED for %s/%s: %u", __FUNCTION__,
+- channel->mLabel.get(), channel->mProtocol.get(), stream));
++ LOG(("%s: sending ON_CHANNEL_CREATED for %s/%s: %u (state %u)", __FUNCTION__,
++ channel->mLabel.get(), channel->mProtocol.get(), stream, channel->mState));
+ NS_DispatchToMainThread(new DataChannelOnMessageAvailable(
+ DataChannelOnMessageAvailable::ON_CHANNEL_CREATED,
+ this, channel));
+@@ -1739,13 +1759,14 @@ DataChannelConnection::HandleStreamResetEvent(const struct sctp_stream_reset_eve
+ // 2. We sent our own reset (CLOSING); either they crossed on the
+ // wire, or this is a response to our Reset.
+ // Go to CLOSED
+- // 3. We've sent a open but haven't gotten a response yet (OPENING)
++ // 3. We've sent a open but haven't gotten a response yet (CONNECTING)
+ // I believe this is impossible, as we don't have an input stream yet.
+
+ LOG(("Incoming: Channel %u closed, state %d",
+ channel->mStream, channel->mState));
+ ASSERT_WEBRTC(channel->mState == DataChannel::OPEN ||
+ channel->mState == DataChannel::CLOSING ||
++ channel->mState == DataChannel::CONNECTING ||
+ channel->mState == DataChannel::WAITING_TO_OPEN);
+ if (channel->mState == DataChannel::OPEN ||
+ channel->mState == DataChannel::WAITING_TO_OPEN) {
+@@ -1791,20 +1812,21 @@ DataChannelConnection::HandleStreamChangeEvent(const struct sctp_stream_change_e
+ return;
+ } else {
+ if (strchg->strchange_instrms > mStreams.Length()) {
+- LOG(("Other side increased streamds from %u to %u",
++ LOG(("Other side increased streams from %u to %u",
+ mStreams.Length(), strchg->strchange_instrms));
+ }
+- if (strchg->strchange_outstrms > mStreams.Length()) {
++ if (strchg->strchange_outstrms > mStreams.Length() ||
++ strchg->strchange_instrms > mStreams.Length()) {
+ uint16_t old_len = mStreams.Length();
++ uint16_t new_len = std::max(strchg->strchange_outstrms,
++ strchg->strchange_instrms);
+ LOG(("Increasing number of streams from %u to %u - adding %u (in: %u)",
+- old_len,
+- strchg->strchange_outstrms,
+- strchg->strchange_outstrms - old_len,
++ old_len, new_len, new_len - old_len,
+ strchg->strchange_instrms));
+ // make sure both are the same length
+- mStreams.AppendElements(strchg->strchange_outstrms - old_len);
++ mStreams.AppendElements(new_len - old_len);
+ LOG(("New length = %d (was %d)", mStreams.Length(), old_len));
+- for (uint32_t i = old_len; i < mStreams.Length(); ++i) {
++ for (size_t i = old_len; i < mStreams.Length(); ++i) {
+ mStreams[i] = nullptr;
+ }
+ // Re-process any channels waiting for streams.
+@@ -1815,13 +1837,17 @@ DataChannelConnection::HandleStreamChangeEvent(const struct sctp_stream_change_e
+ // Could make a more complex API for OpenXxxFinish() and avoid this loop
+ int32_t num_needed = mPending.GetSize();
+ LOG(("%d of %d new streams already needed", num_needed,
+- strchg->strchange_outstrms - old_len));
+- num_needed -= (strchg->strchange_outstrms - old_len); // number we added
++ new_len - old_len));
++ num_needed -= (new_len - old_len); // number we added
+ if (num_needed > 0) {
+ if (num_needed < 16)
+ num_needed = 16;
+ LOG(("Not enough new streams, asking for %d more", num_needed));
+ RequestMoreStreams(num_needed);
++ } else if (strchg->strchange_outstrms < strchg->strchange_instrms) {
++ LOG(("Requesting %d output streams to match partner",
++ strchg->strchange_instrms - strchg->strchange_outstrms));
++ RequestMoreStreams(strchg->strchange_instrms - strchg->strchange_outstrms);
+ }
+
+ ProcessQueuedOpens();
+ Modified netwerk/sctp/datachannel/DataChannelProtocol.h
+diff --git a/netwerk/sctp/datachannel/DataChannelProtocol.h b/netwerk/sctp/datachannel/DataChannelProtocol.h
+index 549f74b..74fbe58 100644
+--- a/netwerk/sctp/datachannel/DataChannelProtocol.h
++++ b/netwerk/sctp/datachannel/DataChannelProtocol.h
+@@ -17,7 +17,7 @@
+ #endif
+
+ // Duplicated in fsm.def
+-#define WEBRTC_DATACHANNEL_STREAMS_DEFAULT 16
++#define WEBRTC_DATACHANNEL_STREAMS_DEFAULT 256
+
+ #define DATA_CHANNEL_PPID_CONTROL 50
+ #define DATA_CHANNEL_PPID_BINARY 52
diff --git a/gnu/packages/patches/icecat-CVE-2014-1587-bug-1080312.patch b/gnu/packages/patches/icecat-CVE-2014-1587-bug-1080312.patch
new file mode 100644
index 0000000000..5efac49e12
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2014-1587-bug-1080312.patch
@@ -0,0 +1,308 @@
+commit d74bdb4589ad714e2a45e282974db075de2be673
+Author: Randell Jesup <rjesup@jesup.org>
+Date: Wed Nov 12 22:59:53 2014 -0500
+
+ Bug 1080312 - Update iteration code from upstream. r=jesup, a=abillings
+
+ Modified netwerk/sctp/src/moz.build
+diff --git a/netwerk/sctp/src/moz.build b/netwerk/sctp/src/moz.build
+index 1901a41..82103b9 100644
+--- a/netwerk/sctp/src/moz.build
++++ b/netwerk/sctp/src/moz.build
+@@ -31,7 +31,6 @@ SOURCES += [
+ 'user_environment.c',
+ 'user_mbuf.c',
+ 'user_recv_thread.c',
+- 'user_sctp_timer_iterate.c',
+ 'user_socket.c',
+ ]
+
+ Modified netwerk/sctp/src/netinet/sctp_callout.c
+diff --git a/netwerk/sctp/src/netinet/sctp_callout.c b/netwerk/sctp/src/netinet/sctp_callout.c
+index 67b7566..e8ac77f 100755
+--- a/netwerk/sctp/src/netinet/sctp_callout.c
++++ b/netwerk/sctp/src/netinet/sctp_callout.c
+@@ -30,9 +30,27 @@
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
++#if defined(__Userspace__)
++#include <sys/types.h>
++#if !defined (__Userspace_os_Windows)
++#include <sys/wait.h>
++#include <unistd.h>
++#include <pthread.h>
++#endif
++#if defined(__Userspace_os_NaCl)
++#include <sys/select.h>
++#endif
++#include <stdlib.h>
++#include <string.h>
++#include <stdio.h>
++#include <errno.h>
++#include <netinet/sctp_sysctl.h>
++#include <netinet/sctp_pcb.h>
++#else
+ #include <netinet/sctp_os.h>
+ #include <netinet/sctp_callout.h>
+ #include <netinet/sctp_pcb.h>
++#endif
+
+ /*
+ * Callout/Timer routines for OS that doesn't have them
+@@ -117,24 +135,16 @@ sctp_os_timer_stop(sctp_os_timer_t *c)
+ return (1);
+ }
+
+-#if defined(__APPLE__)
+-/*
+- * For __APPLE__, use a single main timer at a faster resolution than
+- * fastim. The timer just calls this existing callout infrastructure.
+- */
+-#endif
+-void
+-sctp_timeout(void *arg SCTP_UNUSED)
++static void
++sctp_handle_tick(int delta)
+ {
+ sctp_os_timer_t *c;
+ void (*c_func)(void *);
+ void *c_arg;
+
+ SCTP_TIMERQ_LOCK();
+-#if defined(__APPLE__)
+ /* update our tick count */
+- ticks += SCTP_BASE_VAR(sctp_main_timer_ticks);
+-#endif
++ ticks += delta;
+ c = TAILQ_FIRST(&SCTP_BASE_INFO(callqueue));
+ while (c) {
+ if (c->c_time <= ticks) {
+@@ -155,9 +165,60 @@ sctp_timeout(void *arg SCTP_UNUSED)
+ }
+ sctp_os_timer_next = NULL;
+ SCTP_TIMERQ_UNLOCK();
++}
+
+ #if defined(__APPLE__)
+- /* restart the main timer */
++void
++sctp_timeout(void *arg SCTP_UNUSED)
++{
++ sctp_handle_tick(SCTP_BASE_VAR(sctp_main_timer_ticks));
+ sctp_start_main_timer();
++}
+ #endif
++
++#if defined(__Userspace__)
++#define TIMEOUT_INTERVAL 10
++
++void *
++user_sctp_timer_iterate(void *arg)
++{
++ for (;;) {
++#if defined (__Userspace_os_Windows)
++ Sleep(TIMEOUT_INTERVAL);
++#else
++ struct timeval timeout;
++
++ timeout.tv_sec = 0;
++ timeout.tv_usec = 1000 * TIMEOUT_INTERVAL;
++ select(0, NULL, NULL, NULL, &timeout);
++#endif
++ if (SCTP_BASE_VAR(timer_thread_should_exit)) {
++ break;
++ }
++ sctp_handle_tick(MSEC_TO_TICKS(TIMEOUT_INTERVAL));
++ }
++ return (NULL);
+ }
++
++void
++sctp_start_timer(void)
++{
++ /*
++ * No need to do SCTP_TIMERQ_LOCK_INIT();
++ * here, it is being done in sctp_pcb_init()
++ */
++#if defined (__Userspace_os_Windows)
++ if ((SCTP_BASE_VAR(timer_thread) = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)user_sctp_timer_iterate, NULL, 0, NULL)) == NULL) {
++ SCTP_PRINTF("ERROR; Creating ithread failed\n");
++ }
++#else
++ int rc;
++
++ rc = pthread_create(&SCTP_BASE_VAR(timer_thread), NULL, user_sctp_timer_iterate, NULL);
++ if (rc) {
++ SCTP_PRINTF("ERROR; return code from pthread_create() is %d\n", rc);
++ }
++#endif
++}
++
++#endif
+ Modified netwerk/sctp/src/netinet/sctp_callout.h
+diff --git a/netwerk/sctp/src/netinet/sctp_callout.h b/netwerk/sctp/src/netinet/sctp_callout.h
+index 2782945..c53c5a4 100755
+--- a/netwerk/sctp/src/netinet/sctp_callout.h
++++ b/netwerk/sctp/src/netinet/sctp_callout.h
+@@ -64,7 +64,6 @@ __FBSDID("$FreeBSD$");
+ #endif
+
+ extern int ticks;
+-extern void sctp_start_timer();
+ #endif
+
+ TAILQ_HEAD(calloutlist, sctp_callout);
+@@ -94,6 +93,11 @@ int sctp_os_timer_stop(sctp_os_timer_t *);
+ #define SCTP_OS_TIMER_ACTIVE(tmr) ((tmr)->c_flags & SCTP_CALLOUT_ACTIVE)
+ #define SCTP_OS_TIMER_DEACTIVATE(tmr) ((tmr)->c_flags &= ~SCTP_CALLOUT_ACTIVE)
+
++#if defined(__Userspace__)
++void sctp_start_timer(void);
++#endif
++#if defined(__APPLE__)
+ void sctp_timeout(void *);
++#endif
+
+ #endif
+ Modified netwerk/sctp/src/netinet/sctp_usrreq.c
+diff --git a/netwerk/sctp/src/netinet/sctp_usrreq.c b/netwerk/sctp/src/netinet/sctp_usrreq.c
+index d4115ad..c17ea04 100755
+--- a/netwerk/sctp/src/netinet/sctp_usrreq.c
++++ b/netwerk/sctp/src/netinet/sctp_usrreq.c
+@@ -56,6 +56,9 @@ __FBSDID("$FreeBSD: head/sys/netinet/sctp_usrreq.c 259943 2013-12-27 13:07:00Z t
+ #include <netinet/sctp_timer.h>
+ #include <netinet/sctp_auth.h>
+ #include <netinet/sctp_bsd_addr.h>
++#if defined(__Userspace__)
++#include <netinet/sctp_callout.h>
++#endif
+ #if !defined(__Userspace_os_Windows)
+ #include <netinet/udp.h>
+ #endif
+ Deleted netwerk/sctp/src/user_sctp_timer_iterate.c
+diff --git a/netwerk/sctp/src/user_sctp_timer_iterate.c b/netwerk/sctp/src/user_sctp_timer_iterate.c
+deleted file mode 100755
+index 0a9dbce..0000000
+--- a/netwerk/sctp/src/user_sctp_timer_iterate.c
++++ /dev/null
+@@ -1,119 +0,0 @@
+-/*-
+- * Copyright (c) 2012 Michael Tuexen
+- * All rights reserved.
+- *
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the above copyright
+- * notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- * notice, this list of conditions and the following disclaimer in the
+- * documentation and/or other materials provided with the distribution.
+- *
+- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- *
+- */
+-
+-#include <sys/types.h>
+-#if !defined (__Userspace_os_Windows)
+-#include <sys/wait.h>
+-#include <unistd.h>
+-#include <pthread.h>
+-#endif
+-#include <stdlib.h>
+-#include <string.h>
+-#include <stdio.h>
+-#include <errno.h>
+-#include <netinet/sctp_pcb.h>
+-#include <netinet/sctp_sysctl.h>
+-#include "netinet/sctp_callout.h"
+-
+-/* This is the polling time of callqueue in milliseconds
+- * 10ms seems to work well. 1ms was giving erratic behavior
+- */
+-#define TIMEOUT_INTERVAL 10
+-
+-extern int ticks;
+-
+-void *
+-user_sctp_timer_iterate(void *arg)
+-{
+- sctp_os_timer_t *c;
+- void (*c_func)(void *);
+- void *c_arg;
+- sctp_os_timer_t *sctp_os_timer_next;
+- /*
+- * The MSEC_TO_TICKS conversion depends on hz. The to_ticks in
+- * sctp_os_timer_start also depends on hz. E.g. if hz=1000 then
+- * for multiple INIT the to_ticks is 2000, 4000, 8000, 16000, 32000, 60000
+- * and further to_ticks level off at 60000 i.e. 60 seconds.
+- * If hz=100 then for multiple INIT the to_ticks are 200, 400, 800 and so-on.
+- */
+- for (;;) {
+-#if defined (__Userspace_os_Windows)
+- Sleep(TIMEOUT_INTERVAL);
+-#else
+- struct timeval timeout;
+-
+- timeout.tv_sec = 0;
+- timeout.tv_usec = 1000 * TIMEOUT_INTERVAL;
+- select(0, NULL, NULL, NULL, &timeout);
+-#endif
+- if (SCTP_BASE_VAR(timer_thread_should_exit)) {
+- break;
+- }
+- SCTP_TIMERQ_LOCK();
+- /* update our tick count */
+- ticks += MSEC_TO_TICKS(TIMEOUT_INTERVAL);
+- c = TAILQ_FIRST(&SCTP_BASE_INFO(callqueue));
+- while (c) {
+- if (c->c_time <= ticks) {
+- sctp_os_timer_next = TAILQ_NEXT(c, tqe);
+- TAILQ_REMOVE(&SCTP_BASE_INFO(callqueue), c, tqe);
+- c_func = c->c_func;
+- c_arg = c->c_arg;
+- c->c_flags &= ~SCTP_CALLOUT_PENDING;
+- SCTP_TIMERQ_UNLOCK();
+- c_func(c_arg);
+- SCTP_TIMERQ_LOCK();
+- c = sctp_os_timer_next;
+- } else {
+- c = TAILQ_NEXT(c, tqe);
+- }
+- }
+- SCTP_TIMERQ_UNLOCK();
+- }
+- return (NULL);
+-}
+-
+-void
+-sctp_start_timer(void)
+-{
+- /*
+- * No need to do SCTP_TIMERQ_LOCK_INIT();
+- * here, it is being done in sctp_pcb_init()
+- */
+-#if defined (__Userspace_os_Windows)
+- if ((SCTP_BASE_VAR(timer_thread) = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)user_sctp_timer_iterate, NULL, 0, NULL)) == NULL) {
+- SCTP_PRINTF("ERROR; Creating ithread failed\n");
+- }
+-#else
+- int rc;
+-
+- rc = pthread_create(&SCTP_BASE_VAR(timer_thread), NULL, user_sctp_timer_iterate, NULL);
+- if (rc) {
+- SCTP_PRINTF("ERROR; return code from pthread_create() is %d\n", rc);
+- }
+-#endif
+-}
diff --git a/gnu/packages/patches/icecat-CVE-2014-1587-bug-1089207.patch b/gnu/packages/patches/icecat-CVE-2014-1587-bug-1089207.patch
new file mode 100644
index 0000000000..cd5602c86b
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2014-1587-bug-1089207.patch
@@ -0,0 +1,119 @@
+commit 9df10fea93b483af6646ef2f7aab35598fbaab2f
+Author: Nils Ohlmeier [:drno] <drno@ohlmeier.org>
+Date: Thu Nov 6 12:21:57 2014 -0500
+
+ Bug 1089207: fix parsing of invalid fmtp att r=drno,jesup a=lmandel
+
+ Modified media/webrtc/signaling/src/sipcc/core/sdp/sdp_attr.c
+diff --git a/media/webrtc/signaling/src/sipcc/core/sdp/sdp_attr.c b/media/webrtc/signaling/src/sipcc/core/sdp/sdp_attr.c
+index fa5ca2e..33d26c0 100644
+--- a/media/webrtc/signaling/src/sipcc/core/sdp/sdp_attr.c
++++ b/media/webrtc/signaling/src/sipcc/core/sdp/sdp_attr.c
+@@ -458,7 +458,6 @@ sdp_result_e sdp_parse_attr_fmtp (sdp_t *sdp_p, sdp_attr_t *attr_p,
+ char tmp[SDP_MAX_STRING_LEN];
+ char *src_ptr;
+ char *temp_ptr = NULL;
+- tinybool flag=FALSE;
+ char *tok=NULL;
+ char *temp=NULL;
+ u16 custom_x=0;
+@@ -495,29 +494,11 @@ sdp_result_e sdp_parse_attr_fmtp (sdp_t *sdp_p, sdp_attr_t *attr_p,
+ fmtp_p->packetization_mode = 0;
+ fmtp_p->level_asymmetry_allowed = SDP_DEFAULT_LEVEL_ASYMMETRY_ALLOWED_VALUE;
+
+- /* BEGIN - a typical macro fn to replace '/' with ';' from fmtp line*/
+- /* This ugly replacement of '/' with ';' is only done because
+- * econf/MS client sends in this wierd /illegal format.
+- * fmtp parameters MUST be separated by ';'
+- */
+ temp_ptr = cpr_strdup(ptr);
+ if (temp_ptr == NULL) {
+ return (SDP_FAILURE);
+ }
+ fmtp_ptr = src_ptr = temp_ptr;
+- while (flag == FALSE) {
+- if (*src_ptr == '\n') {
+- flag = TRUE;
+- break;
+- }
+- if (*src_ptr == '/') {
+- *src_ptr =';' ;
+- }
+- src_ptr++;
+- }
+- /* END */
+- /* Once we move to RFC compliant video codec implementations, the above
+- * patch should be removed */
+
+ src_ptr = temp_ptr;
+ while (!done) {
+ Modified media/webrtc/signaling/src/sipcc/core/sdp/sdp_main.c
+diff --git a/media/webrtc/signaling/src/sipcc/core/sdp/sdp_main.c b/media/webrtc/signaling/src/sipcc/core/sdp/sdp_main.c
+index 0be02aa..9760d4e 100644
+--- a/media/webrtc/signaling/src/sipcc/core/sdp/sdp_main.c
++++ b/media/webrtc/signaling/src/sipcc/core/sdp/sdp_main.c
+@@ -1002,7 +1002,12 @@ sdp_result_e sdp_parse (sdp_t *sdp_p, char **bufp, u16 len)
+ */
+ ptr = next_ptr;
+ line_end = sdp_findchar(ptr, "\n");
+- if (line_end >= (*bufp + len)) {
++ if ((line_end >= (*bufp + len)) ||
++ (*line_end == '\0')) {
++ /* As this does not update the result value the SDP up to this point
++ * is still accept as valid. So encountering this is not treated as
++ * an error.
++ */
+ sdp_parse_error(sdp_p->peerconnection,
+ "%s End of line beyond end of buffer.",
+ sdp_p->debug_str);
+ Modified media/webrtc/signaling/test/sdp_unittests.cpp
+diff --git a/media/webrtc/signaling/test/sdp_unittests.cpp b/media/webrtc/signaling/test/sdp_unittests.cpp
+index 51df09b..9f98eed 100644
+--- a/media/webrtc/signaling/test/sdp_unittests.cpp
++++ b/media/webrtc/signaling/test/sdp_unittests.cpp
+@@ -755,13 +755,13 @@ TEST_F(SdpTest, parseFmtpMaxFs) {
+ u32 val = 0;
+ ParseSdp(kVideoSdp + "a=fmtp:120 max-fs=300;max-fr=30\r\n");
+ ASSERT_EQ(sdp_attr_get_fmtp_max_fs(sdp_ptr_, 1, 0, 1, &val), SDP_SUCCESS);
+- ASSERT_EQ(val, 300);
++ ASSERT_EQ(val, 300U);
+ }
+ TEST_F(SdpTest, parseFmtpMaxFr) {
+ u32 val = 0;
+ ParseSdp(kVideoSdp + "a=fmtp:120 max-fs=300;max-fr=30\r\n");
+ ASSERT_EQ(sdp_attr_get_fmtp_max_fr(sdp_ptr_, 1, 0, 1, &val), SDP_SUCCESS);
+- ASSERT_EQ(val, 30);
++ ASSERT_EQ(val, 30U);
+ }
+
+ TEST_F(SdpTest, addFmtpMaxFs) {
+@@ -789,6 +789,29 @@ TEST_F(SdpTest, addFmtpMaxFsFr) {
+ std::string::npos);
+ }
+
++static const std::string kBrokenFmtp =
++ "v=0\r\n"
++ "o=- 137331303 2 IN IP4 127.0.0.1\r\n"
++ "s=SIP Call\r\n"
++ "t=0 0\r\n"
++ "m=video 56436 RTP/SAVPF 120\r\n"
++ "c=IN IP4 198.51.100.7\r\n"
++ "a=rtpmap:120 VP8/90000\r\n"
++ /* Note: the \0 in this string triggered bz://1089207
++ */
++ "a=fmtp:120 max-fs=300;max\0fr=30";
++
++TEST_F(SdpTest, parseBrokenFmtp) {
++ u32 val = 0;
++ char *buf = const_cast<char *>(kBrokenFmtp.data());
++ ResetSdp();
++ /* We need to manually invoke the parser here to be able to specify the length
++ * of the string beyond the \0 in last line of the string.
++ */
++ ASSERT_EQ(sdp_parse(sdp_ptr_, &buf, 165), SDP_SUCCESS);
++ ASSERT_EQ(sdp_attr_get_fmtp_max_fs(sdp_ptr_, 1, 0, 1, &val), SDP_INVALID_PARAMETER);
++}
++
+ } // End namespace test.
+
+ int main(int argc, char **argv) {
diff --git a/gnu/packages/patches/icecat-CVE-2014-1590.patch b/gnu/packages/patches/icecat-CVE-2014-1590.patch
new file mode 100644
index 0000000000..f8513980ad
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2014-1590.patch
@@ -0,0 +1,33 @@
+commit 50c5ca4bacf7cda77c3a7ab1b8d82ded18fb3355
+Author: Olli Pettay <Olli.Pettay@helsinki.fi>
+Date: Sun Nov 2 22:01:55 2014 +0200
+
+ Bug 1087633 - Filter out XPConnect wrapped input streams. r=bz, a=lmandel
+
+ Modified content/base/src/nsXMLHttpRequest.h
+diff --git a/content/base/src/nsXMLHttpRequest.h b/content/base/src/nsXMLHttpRequest.h
+index b1fc4e3..4ab4f29 100644
+--- a/content/base/src/nsXMLHttpRequest.h
++++ b/content/base/src/nsXMLHttpRequest.h
+@@ -28,7 +28,8 @@
+ #include "nsIPrincipal.h"
+ #include "nsIScriptObjectPrincipal.h"
+ #include "nsISizeOfEventTarget.h"
+-
++#include "nsIXPConnect.h"
++#include "nsIInputStream.h"
+ #include "mozilla/Assertions.h"
+ #include "mozilla/DOMEventTargetHelper.h"
+ #include "mozilla/MemoryReporting.h"
+@@ -446,6 +447,11 @@ public:
+ void Send(nsIInputStream* aStream, ErrorResult& aRv)
+ {
+ NS_ASSERTION(aStream, "Null should go to string version");
++ nsCOMPtr<nsIXPConnectWrappedJS> wjs = do_QueryInterface(aStream);
++ if (wjs) {
++ aRv.Throw(NS_ERROR_DOM_TYPE_ERR);
++ return;
++ }
+ aRv = Send(RequestBody(aStream));
+ }
+ void SendAsBinary(const nsAString& aBody, ErrorResult& aRv);
diff --git a/gnu/packages/patches/icecat-CVE-2014-1592.patch b/gnu/packages/patches/icecat-CVE-2014-1592.patch
new file mode 100644
index 0000000000..6de1b6fe4a
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2014-1592.patch
@@ -0,0 +1,400 @@
+commit 7efadbb03cdffa11ebfc2da3113377d2f33b893b
+Author: Henri Sivonen <hsivonen@hsivonen.fi>
+Date: Mon Nov 3 15:23:26 2014 +0200
+
+ Bug 1088635. r=smaug, a=bkerensa
+
+ Modified content/base/src/nsDocument.cpp
+diff --git a/content/base/src/nsDocument.cpp b/content/base/src/nsDocument.cpp
+index cbed38d..3493bce 100644
+--- a/content/base/src/nsDocument.cpp
++++ b/content/base/src/nsDocument.cpp
+@@ -3916,7 +3916,7 @@ nsDocument::InsertChildAt(nsIContent* aKid, uint32_t aIndex,
+ bool aNotify)
+ {
+ if (aKid->IsElement() && GetRootElement()) {
+- NS_ERROR("Inserting element child when we already have one");
++ NS_WARNING("Inserting root element when we already have one");
+ return NS_ERROR_DOM_HIERARCHY_REQUEST_ERR;
+ }
+
+ Modified parser/html/nsHtml5Parser.cpp
+diff --git a/parser/html/nsHtml5Parser.cpp b/parser/html/nsHtml5Parser.cpp
+index a485be4..f28adb4 100644
+--- a/parser/html/nsHtml5Parser.cpp
++++ b/parser/html/nsHtml5Parser.cpp
+@@ -237,7 +237,8 @@ nsHtml5Parser::Parse(const nsAString& aSourceBuffer,
+ * WillBuildModel to be called before the document has had its
+ * script global object set.
+ */
+- mExecutor->WillBuildModel(eDTDMode_unknown);
++ rv = mExecutor->WillBuildModel(eDTDMode_unknown);
++ NS_ENSURE_SUCCESS(rv, rv);
+ }
+
+ // Return early if the parser has processed EOF
+@@ -255,7 +256,7 @@ nsHtml5Parser::Parse(const nsAString& aSourceBuffer,
+ }
+ mDocumentClosed = true;
+ if (!mBlocked && !mInDocumentWrite) {
+- ParseUntilBlocked();
++ return ParseUntilBlocked();
+ }
+ return NS_OK;
+ }
+@@ -378,7 +379,8 @@ nsHtml5Parser::Parse(const nsAString& aSourceBuffer,
+
+ if (mTreeBuilder->HasScript()) {
+ mTreeBuilder->Flush(); // Move ops to the executor
+- mExecutor->FlushDocumentWrite(); // run the ops
++ rv = mExecutor->FlushDocumentWrite(); // run the ops
++ NS_ENSURE_SUCCESS(rv, rv);
+ // Flushing tree ops can cause all sorts of things.
+ // Return early if the parser got terminated.
+ if (mExecutor->IsComplete()) {
+@@ -437,7 +439,8 @@ nsHtml5Parser::Parse(const nsAString& aSourceBuffer,
+ "Buffer wasn't tokenized to completion?");
+ // Scripting semantics require a forced tree builder flush here
+ mTreeBuilder->Flush(); // Move ops to the executor
+- mExecutor->FlushDocumentWrite(); // run the ops
++ rv = mExecutor->FlushDocumentWrite(); // run the ops
++ NS_ENSURE_SUCCESS(rv, rv);
+ } else if (stackBuffer.hasMore()) {
+ // The buffer wasn't tokenized to completion. Tokenize the untokenized
+ // content in order to preload stuff. This content will be retokenized
+@@ -594,11 +597,13 @@ nsHtml5Parser::IsScriptCreated()
+ /* End nsIParser */
+
+ // not from interface
+-void
++nsresult
+ nsHtml5Parser::ParseUntilBlocked()
+ {
+- if (mBlocked || mExecutor->IsComplete() || NS_FAILED(mExecutor->IsBroken())) {
+- return;
++ nsresult rv = mExecutor->IsBroken();
++ NS_ENSURE_SUCCESS(rv, rv);
++ if (mBlocked || mExecutor->IsComplete()) {
++ return NS_OK;
+ }
+ NS_ASSERTION(mExecutor->HasStarted(), "Bad life cycle.");
+ NS_ASSERTION(!mInDocumentWrite,
+@@ -611,7 +616,7 @@ nsHtml5Parser::ParseUntilBlocked()
+ if (mFirstBuffer == mLastBuffer) {
+ if (mExecutor->IsComplete()) {
+ // something like cache manisfests stopped the parse in mid-flight
+- return;
++ return NS_OK;
+ }
+ if (mDocumentClosed) {
+ NS_ASSERTION(!GetStreamParser(),
+@@ -620,8 +625,10 @@ nsHtml5Parser::ParseUntilBlocked()
+ mTreeBuilder->StreamEnded();
+ mTreeBuilder->Flush();
+ mExecutor->FlushDocumentWrite();
++ // The below call does memory cleanup, so call it even if the
++ // parser has been marked as broken.
+ mTokenizer->end();
+- return;
++ return NS_OK;
+ }
+ // never release the last buffer.
+ NS_ASSERTION(!mLastBuffer->getStart() && !mLastBuffer->getEnd(),
+@@ -643,14 +650,14 @@ nsHtml5Parser::ParseUntilBlocked()
+ NS_ASSERTION(mExecutor->IsInFlushLoop(),
+ "How did we come here without being in the flush loop?");
+ }
+- return; // no more data for now but expecting more
++ return NS_OK; // no more data for now but expecting more
+ }
+ mFirstBuffer = mFirstBuffer->next;
+ continue;
+ }
+
+ if (mBlocked || mExecutor->IsComplete()) {
+- return;
++ return NS_OK;
+ }
+
+ // now we have a non-empty buffer
+@@ -667,10 +674,11 @@ nsHtml5Parser::ParseUntilBlocked()
+ }
+ if (mTreeBuilder->HasScript()) {
+ mTreeBuilder->Flush();
+- mExecutor->FlushDocumentWrite();
++ nsresult rv = mExecutor->FlushDocumentWrite();
++ NS_ENSURE_SUCCESS(rv, rv);
+ }
+ if (mBlocked) {
+- return;
++ return NS_OK;
+ }
+ }
+ continue;
+ Modified parser/html/nsHtml5Parser.h
+diff --git a/parser/html/nsHtml5Parser.h b/parser/html/nsHtml5Parser.h
+index aff79c7..e2ef2f8 100644
+--- a/parser/html/nsHtml5Parser.h
++++ b/parser/html/nsHtml5Parser.h
+@@ -262,7 +262,7 @@ class nsHtml5Parser : public nsIParser,
+ /**
+ * Parse until pending data is exhausted or a script blocks the parser
+ */
+- void ParseUntilBlocked();
++ nsresult ParseUntilBlocked();
+
+ private:
+
+ Modified parser/html/nsHtml5StreamParser.cpp
+diff --git a/parser/html/nsHtml5StreamParser.cpp b/parser/html/nsHtml5StreamParser.cpp
+index 4790568..7e3917b 100644
+--- a/parser/html/nsHtml5StreamParser.cpp
++++ b/parser/html/nsHtml5StreamParser.cpp
+@@ -796,7 +796,7 @@ nsHtml5StreamParser::WriteStreamBytes(const uint8_t* aFromSegment,
+ // NS_HTML5_STREAM_PARSER_READ_BUFFER_SIZE.
+ if (!mLastBuffer) {
+ NS_WARNING("mLastBuffer should not be null!");
+- MarkAsBroken();
++ MarkAsBroken(NS_ERROR_NULL_POINTER);
+ return NS_ERROR_NULL_POINTER;
+ }
+ if (mLastBuffer->getEnd() == NS_HTML5_STREAM_PARSER_READ_BUFFER_SIZE) {
+@@ -902,7 +902,8 @@ nsHtml5StreamParser::OnStartRequest(nsIRequest* aRequest, nsISupports* aContext)
+ * WillBuildModel to be called before the document has had its
+ * script global object set.
+ */
+- mExecutor->WillBuildModel(eDTDMode_unknown);
++ rv = mExecutor->WillBuildModel(eDTDMode_unknown);
++ NS_ENSURE_SUCCESS(rv, rv);
+
+ nsRefPtr<nsHtml5OwningUTF16Buffer> newBuf =
+ nsHtml5OwningUTF16Buffer::FalliblyCreate(
+@@ -1003,8 +1004,9 @@ nsHtml5StreamParser::DoStopRequest()
+
+ if (!mUnicodeDecoder) {
+ uint32_t writeCount;
+- if (NS_FAILED(FinalizeSniffing(nullptr, 0, &writeCount, 0))) {
+- MarkAsBroken();
++ nsresult rv;
++ if (NS_FAILED(rv = FinalizeSniffing(nullptr, 0, &writeCount, 0))) {
++ MarkAsBroken(rv);
+ return;
+ }
+ } else if (mFeedChardet) {
+@@ -1076,7 +1078,7 @@ nsHtml5StreamParser::DoDataAvailable(const uint8_t* aBuffer, uint32_t aLength)
+ rv = SniffStreamBytes(aBuffer, aLength, &writeCount);
+ }
+ if (NS_FAILED(rv)) {
+- MarkAsBroken();
++ MarkAsBroken(rv);
+ return;
+ }
+ NS_ASSERTION(writeCount == aLength, "Wrong number of stream bytes written/sniffed.");
+@@ -1662,13 +1664,13 @@ nsHtml5StreamParser::TimerFlush()
+ }
+
+ void
+-nsHtml5StreamParser::MarkAsBroken()
++nsHtml5StreamParser::MarkAsBroken(nsresult aRv)
+ {
+ NS_ASSERTION(IsParserThread(), "Wrong thread!");
+ mTokenizerMutex.AssertCurrentThreadOwns();
+
+ Terminate();
+- mTreeBuilder->MarkAsBroken();
++ mTreeBuilder->MarkAsBroken(aRv);
+ mozilla::DebugOnly<bool> hadOps = mTreeBuilder->Flush(false);
+ NS_ASSERTION(hadOps, "Should have had the markAsBroken op!");
+ if (NS_FAILED(NS_DispatchToMainThread(mExecutorFlusher))) {
+ Modified parser/html/nsHtml5StreamParser.h
+diff --git a/parser/html/nsHtml5StreamParser.h b/parser/html/nsHtml5StreamParser.h
+index c7dcbbe..476ef16 100644
+--- a/parser/html/nsHtml5StreamParser.h
++++ b/parser/html/nsHtml5StreamParser.h
+@@ -218,7 +218,7 @@ class nsHtml5StreamParser : public nsICharsetDetectionObserver {
+ }
+ #endif
+
+- void MarkAsBroken();
++ void MarkAsBroken(nsresult aRv);
+
+ /**
+ * Marks the stream parser as interrupted. If you ever add calls to this
+ Modified parser/html/nsHtml5TreeBuilderCppSupplement.h
+diff --git a/parser/html/nsHtml5TreeBuilderCppSupplement.h b/parser/html/nsHtml5TreeBuilderCppSupplement.h
+index 4cd5c7c..1e65394 100644
+--- a/parser/html/nsHtml5TreeBuilderCppSupplement.h
++++ b/parser/html/nsHtml5TreeBuilderCppSupplement.h
+@@ -949,14 +949,14 @@ nsHtml5TreeBuilder::DropHandles()
+ }
+
+ void
+-nsHtml5TreeBuilder::MarkAsBroken()
++nsHtml5TreeBuilder::MarkAsBroken(nsresult aRv)
+ {
+ if (MOZ_UNLIKELY(mBuilder)) {
+ MOZ_ASSUME_UNREACHABLE("Must not call this with builder.");
+ return;
+ }
+ mOpQueue.Clear(); // Previous ops don't matter anymore
+- mOpQueue.AppendElement()->Init(eTreeOpMarkAsBroken);
++ mOpQueue.AppendElement()->Init(aRv);
+ }
+
+ void
+ Modified parser/html/nsHtml5TreeBuilderHSupplement.h
+diff --git a/parser/html/nsHtml5TreeBuilderHSupplement.h b/parser/html/nsHtml5TreeBuilderHSupplement.h
+index a321e80..8d380eb 100644
+--- a/parser/html/nsHtml5TreeBuilderHSupplement.h
++++ b/parser/html/nsHtml5TreeBuilderHSupplement.h
+@@ -223,4 +223,4 @@
+
+ void errEndWithUnclosedElements(nsIAtom* aName);
+
+- void MarkAsBroken();
++ void MarkAsBroken(nsresult aRv);
+ Modified parser/html/nsHtml5TreeOpExecutor.cpp
+diff --git a/parser/html/nsHtml5TreeOpExecutor.cpp b/parser/html/nsHtml5TreeOpExecutor.cpp
+index ebcafca..6c52e5f 100644
+--- a/parser/html/nsHtml5TreeOpExecutor.cpp
++++ b/parser/html/nsHtml5TreeOpExecutor.cpp
+@@ -411,7 +411,11 @@ nsHtml5TreeOpExecutor::RunFlushLoop()
+ GetParser()->GetStreamParser();
+ // Now parse content left in the document.write() buffer queue if any.
+ // This may generate tree ops on its own or dequeue a speculation.
+- GetParser()->ParseUntilBlocked();
++ nsresult rv = GetParser()->ParseUntilBlocked();
++ if (NS_FAILED(rv)) {
++ MarkAsBroken(rv);
++ return;
++ }
+ }
+
+ if (mOpQueue.IsEmpty()) {
+@@ -496,21 +500,24 @@ nsHtml5TreeOpExecutor::RunFlushLoop()
+ }
+ }
+
+-void
++nsresult
+ nsHtml5TreeOpExecutor::FlushDocumentWrite()
+ {
++ nsresult rv = IsBroken();
++ NS_ENSURE_SUCCESS(rv, rv);
++
+ FlushSpeculativeLoads(); // Make sure speculative loads never start after the
+ // corresponding normal loads for the same URLs.
+
+ if (MOZ_UNLIKELY(!mParser)) {
+ // The parse has ended.
+ mOpQueue.Clear(); // clear in order to be able to assert in destructor
+- return;
++ return rv;
+ }
+
+ if (mFlushState != eNotFlushing) {
+ // XXX Can this happen? In case it can, let's avoid crashing.
+- return;
++ return rv;
+ }
+
+ mFlushState = eInFlush;
+@@ -545,7 +552,7 @@ nsHtml5TreeOpExecutor::FlushDocumentWrite()
+ }
+ NS_ASSERTION(mFlushState == eInDocUpdate,
+ "Tried to perform tree op outside update batch.");
+- nsresult rv = iter->Perform(this, &scriptElement);
++ rv = iter->Perform(this, &scriptElement);
+ if (NS_FAILED(rv)) {
+ MarkAsBroken(rv);
+ break;
+@@ -560,13 +567,14 @@ nsHtml5TreeOpExecutor::FlushDocumentWrite()
+
+ if (MOZ_UNLIKELY(!mParser)) {
+ // Ending the doc update caused a call to nsIParser::Terminate().
+- return;
++ return rv;
+ }
+
+ if (scriptElement) {
+ // must be tail call when mFlushState is eNotFlushing
+ RunScript(scriptElement);
+ }
++ return rv;
+ }
+
+ // copied from HTML content sink
+ Modified parser/html/nsHtml5TreeOpExecutor.h
+diff --git a/parser/html/nsHtml5TreeOpExecutor.h b/parser/html/nsHtml5TreeOpExecutor.h
+index 9617dcb..1f81448 100644
+--- a/parser/html/nsHtml5TreeOpExecutor.h
++++ b/parser/html/nsHtml5TreeOpExecutor.h
+@@ -173,7 +173,7 @@ class nsHtml5TreeOpExecutor : public nsHtml5DocumentBuilder,
+
+ void RunFlushLoop();
+
+- void FlushDocumentWrite();
++ nsresult FlushDocumentWrite();
+
+ void MaybeSuspend();
+
+ Modified parser/html/nsHtml5TreeOperation.cpp
+diff --git a/parser/html/nsHtml5TreeOperation.cpp b/parser/html/nsHtml5TreeOperation.cpp
+index 48b71dc..7ad65247 100644
+--- a/parser/html/nsHtml5TreeOperation.cpp
++++ b/parser/html/nsHtml5TreeOperation.cpp
+@@ -214,6 +214,9 @@ nsHtml5TreeOperation::AppendToDocument(nsIContent* aNode,
+ nsIDocument* doc = aBuilder->GetDocument();
+ uint32_t childCount = doc->GetChildCount();
+ rv = doc->AppendChildTo(aNode, false);
++ if (rv == NS_ERROR_DOM_HIERARCHY_REQUEST_ERR) {
++ return NS_OK;
++ }
+ NS_ENSURE_SUCCESS(rv, rv);
+ nsNodeUtils::ContentInserted(doc, aNode, childCount);
+
+@@ -739,8 +742,7 @@ nsHtml5TreeOperation::Perform(nsHtml5TreeOpExecutor* aBuilder,
+ return NS_OK;
+ }
+ case eTreeOpMarkAsBroken: {
+- aBuilder->MarkAsBroken(NS_ERROR_OUT_OF_MEMORY);
+- return NS_OK;
++ return mOne.result;
+ }
+ case eTreeOpRunScript: {
+ nsIContent* node = *(mOne.node);
+ Modified parser/html/nsHtml5TreeOperation.h
+diff --git a/parser/html/nsHtml5TreeOperation.h b/parser/html/nsHtml5TreeOperation.h
+index 2727733..06d0274 100644
+--- a/parser/html/nsHtml5TreeOperation.h
++++ b/parser/html/nsHtml5TreeOperation.h
+@@ -435,6 +435,15 @@ class nsHtml5TreeOperation {
+ mFour.integer = aInt;
+ }
+
++ inline void Init(nsresult aRv)
++ {
++ NS_PRECONDITION(mOpCode == eTreeOpUninitialized,
++ "Op code must be uninitialized when initializing.");
++ NS_PRECONDITION(NS_FAILED(aRv), "Initialized tree op with non-failure.");
++ mOpCode = eTreeOpMarkAsBroken;
++ mOne.result = aRv;
++ }
++
+ inline void InitAddClass(nsIContentHandle* aNode, const char16_t* aClass)
+ {
+ NS_PRECONDITION(mOpCode == eTreeOpUninitialized,
+@@ -487,11 +496,12 @@ class nsHtml5TreeOperation {
+ nsIAtom* atom;
+ nsHtml5HtmlAttributes* attributes;
+ nsHtml5DocumentMode mode;
+- char16_t* unicharPtr;
++ char16_t* unicharPtr;
+ char* charPtr;
+ nsHtml5TreeOperationStringPair* stringPair;
+ nsAHtml5TreeBuilderState* state;
+ int32_t integer;
++ nsresult result;
+ } mOne, mTwo, mThree, mFour;
+ };
+
diff --git a/gnu/packages/patches/icecat-CVE-2014-1593.patch b/gnu/packages/patches/icecat-CVE-2014-1593.patch
new file mode 100644
index 0000000000..446920a95f
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2014-1593.patch
@@ -0,0 +1,154 @@
+commit a58cea744ac5b93b99a66554e1029b2c7aa3255d
+Author: Matthew Gregan <kinetik@flim.org>
+Date: Tue Nov 11 08:58:52 2014 +1300
+
+ Bug 1085175. r=roc, a=dveditz
+
+ Modified content/media/MediaCache.cpp
+diff --git a/content/media/MediaCache.cpp b/content/media/MediaCache.cpp
+index 598d905..c99f724 100644
+--- a/content/media/MediaCache.cpp
++++ b/content/media/MediaCache.cpp
+@@ -1174,6 +1174,7 @@ MediaCache::Update()
+ // Figure out where we should be reading from. It's the first
+ // uncached byte after the current mStreamOffset.
+ int64_t dataOffset = stream->GetCachedDataEndInternal(stream->mStreamOffset);
++ MOZ_ASSERT(dataOffset >= 0);
+
+ // Compute where we'd actually seek to to read at readOffset
+ int64_t desiredOffset = dataOffset;
+@@ -1702,6 +1703,7 @@ MediaCacheStream::NotifyDataStarted(int64_t aOffset)
+ ReentrantMonitorAutoEnter mon(gMediaCache->GetReentrantMonitor());
+ NS_WARN_IF_FALSE(aOffset == mChannelOffset,
+ "Server is giving us unexpected offset");
++ MOZ_ASSERT(aOffset >= 0);
+ mChannelOffset = aOffset;
+ if (mStreamLength >= 0) {
+ // If we started reading at a certain offset, then for sure
+@@ -2118,23 +2120,28 @@ MediaCacheStream::Seek(int32_t aWhence, int64_t aOffset)
+ return NS_ERROR_FAILURE;
+
+ int64_t oldOffset = mStreamOffset;
++ int64_t newOffset = mStreamOffset;
+ switch (aWhence) {
+ case PR_SEEK_END:
+ if (mStreamLength < 0)
+ return NS_ERROR_FAILURE;
+- mStreamOffset = mStreamLength + aOffset;
++ newOffset = mStreamLength + aOffset;
+ break;
+ case PR_SEEK_CUR:
+- mStreamOffset += aOffset;
++ newOffset += aOffset;
+ break;
+ case PR_SEEK_SET:
+- mStreamOffset = aOffset;
++ newOffset = aOffset;
+ break;
+ default:
+ NS_ERROR("Unknown whence");
+ return NS_ERROR_FAILURE;
+ }
+
++ if (newOffset < 0)
++ return NS_ERROR_FAILURE;
++ mStreamOffset = newOffset;
++
+ CACHE_LOG(PR_LOG_DEBUG, ("Stream %p Seek to %lld", this, (long long)mStreamOffset));
+ gMediaCache->NoteSeek(this, oldOffset);
+
+@@ -2176,11 +2183,10 @@ MediaCacheStream::Read(char* aBuffer, uint32_t aCount, uint32_t* aBytes)
+ break;
+ }
+ size = std::min(size, bytesRemaining);
+- // Clamp size until 64-bit file size issues (bug 500784) are fixed.
++ // Clamp size until 64-bit file size issues are fixed.
+ size = std::min(size, int64_t(INT32_MAX));
+ }
+
+- int32_t bytes;
+ int32_t cacheBlock = streamBlock < mBlocks.Length() ? mBlocks[streamBlock] : -1;
+ if (cacheBlock < 0) {
+ // We don't have a complete cached block here.
+@@ -2208,7 +2214,10 @@ MediaCacheStream::Read(char* aBuffer, uint32_t aCount, uint32_t* aBytes)
+ // We can just use the data in mPartialBlockBuffer. In fact we should
+ // use it rather than waiting for the block to fill and land in
+ // the cache.
+- bytes = std::min<int64_t>(size, streamWithPartialBlock->mChannelOffset - mStreamOffset);
++ int64_t bytes = std::min<int64_t>(size, streamWithPartialBlock->mChannelOffset - mStreamOffset);
++ // Clamp bytes until 64-bit file size issues are fixed.
++ bytes = std::min(bytes, int64_t(INT32_MAX));
++ NS_ABORT_IF_FALSE(bytes >= 0 && bytes <= aCount, "Bytes out of range.");
+ memcpy(aBuffer,
+ reinterpret_cast<char*>(streamWithPartialBlock->mPartialBlockBuffer.get()) + offsetInStreamBlock, bytes);
+ if (mCurrentMode == MODE_METADATA) {
+@@ -2232,6 +2241,7 @@ MediaCacheStream::Read(char* aBuffer, uint32_t aCount, uint32_t* aBytes)
+ gMediaCache->NoteBlockUsage(this, cacheBlock, mCurrentMode, TimeStamp::Now());
+
+ int64_t offset = cacheBlock*BLOCK_SIZE + offsetInStreamBlock;
++ int32_t bytes;
+ NS_ABORT_IF_FALSE(size >= 0 && size <= INT32_MAX, "Size out of range.");
+ nsresult rv = gMediaCache->ReadCacheFile(offset, aBuffer + count, int32_t(size), &bytes);
+ if (NS_FAILED(rv)) {
+@@ -2268,9 +2278,7 @@ MediaCacheStream::ReadAt(int64_t aOffset, char* aBuffer,
+ }
+
+ nsresult
+-MediaCacheStream::ReadFromCache(char* aBuffer,
+- int64_t aOffset,
+- int64_t aCount)
++MediaCacheStream::ReadFromCache(char* aBuffer, int64_t aOffset, int64_t aCount)
+ {
+ ReentrantMonitorAutoEnter mon(gMediaCache->GetReentrantMonitor());
+ if (mClosed)
+@@ -2292,7 +2300,7 @@ MediaCacheStream::ReadFromCache(char* aBuffer,
+ return NS_ERROR_FAILURE;
+ }
+ size = std::min(size, bytesRemaining);
+- // Clamp size until 64-bit file size issues (bug 500784) are fixed.
++ // Clamp size until 64-bit file size issues are fixed.
+ size = std::min(size, int64_t(INT32_MAX));
+ }
+
+@@ -2303,7 +2311,10 @@ MediaCacheStream::ReadFromCache(char* aBuffer,
+ // We can just use the data in mPartialBlockBuffer. In fact we should
+ // use it rather than waiting for the block to fill and land in
+ // the cache.
+- bytes = std::min<int64_t>(size, mChannelOffset - streamOffset);
++ // Clamp bytes until 64-bit file size issues are fixed.
++ int64_t toCopy = std::min<int64_t>(size, mChannelOffset - streamOffset);
++ bytes = std::min(toCopy, int64_t(INT32_MAX));
++ NS_ABORT_IF_FALSE(bytes >= 0 && bytes <= toCopy, "Bytes out of range.");
+ memcpy(aBuffer + count,
+ reinterpret_cast<char*>(mPartialBlockBuffer.get()) + offsetInStreamBlock, bytes);
+ } else {
+ Modified media/libnestegg/include/nestegg-stdint.h
+diff --git a/media/libnestegg/include/nestegg-stdint.h b/media/libnestegg/include/nestegg-stdint.h
+index 599a7a5..c315991 100644
+--- a/media/libnestegg/include/nestegg-stdint.h
++++ b/media/libnestegg/include/nestegg-stdint.h
+@@ -1,6 +1,9 @@
+ #ifdef _WIN32
+ typedef __int64 int64_t;
+ typedef unsigned __int64 uint64_t;
++#if !defined(INT64_MAX)
++#define INT64_MAX 9223372036854775807LL
++#endif
+ #else
+ #include <stdint.h>
+ #endif
+ Modified media/libnestegg/src/nestegg.c
+diff --git a/media/libnestegg/src/nestegg.c b/media/libnestegg/src/nestegg.c
+index 8813cf2..56884d7 100644
+--- a/media/libnestegg/src/nestegg.c
++++ b/media/libnestegg/src/nestegg.c
+@@ -1950,6 +1950,9 @@ nestegg_offset_seek(nestegg * ctx, uint64_t offset)
+ {
+ int r;
+
++ if (offset > INT64_MAX)
++ return -1;
++
+ /* Seek and set up parser state for segment-level element (Cluster). */
+ r = ne_io_seek(ctx->io, offset, NESTEGG_SEEK_SET);
+ if (r != 0)
diff --git a/gnu/packages/patches/icecat-CVE-2014-1594.patch b/gnu/packages/patches/icecat-CVE-2014-1594.patch
new file mode 100644
index 0000000000..e5ce7b069b
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2014-1594.patch
@@ -0,0 +1,34 @@
+commit 7a8497c0df722b1ed145b99a82c71ed1f7b1d6ce
+Author: Markus Stange <mstange@themasta.com>
+Date: Thu Oct 9 21:26:27 2014 -0400
+
+ Bug 1074280 - Use AsContainerLayer() in order to avoid a bad cast. r=roc, a=bkerensa
+
+ Modified gfx/layers/basic/BasicLayerManager.cpp
+diff --git a/gfx/layers/basic/BasicLayerManager.cpp b/gfx/layers/basic/BasicLayerManager.cpp
+index 5a3a1f6..ff42bc0 100644
+--- a/gfx/layers/basic/BasicLayerManager.cpp
++++ b/gfx/layers/basic/BasicLayerManager.cpp
+@@ -901,18 +901,17 @@ BasicLayerManager::PaintLayer(gfxContext* aTarget,
+ RenderTraceScope trace("BasicLayerManager::PaintLayer", "707070");
+
+ const nsIntRect* clipRect = aLayer->GetEffectiveClipRect();
+- // aLayer might not be a container layer, but if so we take care not to use
+- // the container variable
+- BasicContainerLayer* container = static_cast<BasicContainerLayer*>(aLayer);
+- bool needsGroup = aLayer->GetFirstChild() &&
++ BasicContainerLayer* container =
++ static_cast<BasicContainerLayer*>(aLayer->AsContainerLayer());
++ bool needsGroup = container &&
+ container->UseIntermediateSurface();
+ BasicImplData* data = ToData(aLayer);
+ bool needsClipToVisibleRegion =
+ data->GetClipToVisibleRegion() && !aLayer->AsThebesLayer();
+- NS_ASSERTION(needsGroup || !aLayer->GetFirstChild() ||
++ NS_ASSERTION(needsGroup || !container ||
+ container->GetOperator() == CompositionOp::OP_OVER,
+ "non-OVER operator should have forced UseIntermediateSurface");
+- NS_ASSERTION(!aLayer->GetFirstChild() || !aLayer->GetMaskLayer() ||
++ NS_ASSERTION(!container || !aLayer->GetMaskLayer() ||
+ container->UseIntermediateSurface(),
+ "ContainerLayer with mask layer should force UseIntermediateSurface");
diff --git a/gnu/packages/patches/xfce4-panel-plugins.patch b/gnu/packages/patches/xfce4-panel-plugins.patch
new file mode 100644
index 0000000000..df5a0a914d
--- /dev/null
+++ b/gnu/packages/patches/xfce4-panel-plugins.patch
@@ -0,0 +1,115 @@
+Search for xfce4 panel plugins in the directories specified
+in XDG_DATA_DIRS and X_XFCE4_LIB_DIRS. For discussion of the
+relevant issues, see:
+
+ https://bugzilla.xfce.org/show_bug.cgi?id=5455
+
+Patch by Mark H Weaver <mhw@netris.org>
+
+--- xfce4-panel-4.10.0/panel/panel-module.c.orig 2012-04-28 16:31:35.000000000 -0400
++++ xfce4-panel-4.10.0/panel/panel-module.c 2014-12-14 01:31:55.728107386 -0500
+@@ -35,8 +35,14 @@
+ #include <panel/panel-plugin-external-wrapper.h>
+ #include <panel/panel-plugin-external-46.h>
+
+-#define PANEL_PLUGINS_LIB_DIR (LIBDIR G_DIR_SEPARATOR_S "panel" G_DIR_SEPARATOR_S "plugins")
+-#define PANEL_PLUGINS_LIB_DIR_OLD (LIBDIR G_DIR_SEPARATOR_S "panel-plugins")
++#define PANEL_PLUGINS_LIB_DIR_TAIL (G_DIR_SEPARATOR_S "panel" G_DIR_SEPARATOR_S "plugins")
++#define PANEL_PLUGINS_LIB_DIR_TAIL_OLD (G_DIR_SEPARATOR_S "panel-plugins")
++
++static const gchar *plugins_lib_dir_tails[] =
++{
++ PANEL_PLUGINS_LIB_DIR_TAIL,
++ PANEL_PLUGINS_LIB_DIR_TAIL_OLD
++};
+
+
+ typedef enum _PanelModuleRunMode PanelModuleRunMode;
+@@ -335,21 +341,39 @@
+ /* show a messsage if the old module path key still exists */
+ g_message ("Plugin %s: The \"X-XFCE-Module-Path\" key is "
+ "ignored in \"%s\", the panel will look for the "
+- "module in %s. See bug #5455 why this decision was made",
+- name, filename, PANEL_PLUGINS_LIB_DIR);
++ "module in DIR%s for each DIR in $X_XFCE4_LIB_DIRS "
++ "(%s by default). See bug #5455 for discussion.",
++ name, filename, PANEL_PLUGINS_LIB_DIR_TAIL, LIBDIR);
+ }
+ #endif
+
+- path = g_module_build_path (PANEL_PLUGINS_LIB_DIR, module_name);
+- found = g_file_test (path, G_FILE_TEST_EXISTS);
++ /* search for module */
++ {
++ gchar *dirs_string;
++ gchar **dirs;
++ int i, j;
++
++ dirs_string = (gchar *) g_getenv ("X_XFCE4_LIB_DIRS");
++ if (!dirs_string)
++ dirs_string = LIBDIR;
++ dirs = g_strsplit (dirs_string, G_SEARCHPATH_SEPARATOR_S, 0);
++
++ found = FALSE;
++ path = NULL;
++
++ for (i = 0; !found && dirs[i] != NULL; i++)
++ for (j = 0; !found && j < G_N_ELEMENTS (plugins_lib_dir_tails); j++)
++ {
++ gchar *dir = g_strconcat (dirs[i], plugins_lib_dir_tails[j], NULL);
++
++ g_free (path);
++ path = g_module_build_path (dir, module_name);
++ found = g_file_test (path, G_FILE_TEST_EXISTS);
++ g_free (dir);
++ }
+
+- if (!found)
+- {
+- /* deprecated location for module plugin directories */
+- g_free (path);
+- path = g_module_build_path (PANEL_PLUGINS_LIB_DIR_OLD, module_name);
+- found = g_file_test (path, G_FILE_TEST_EXISTS);
+- }
++ g_strfreev (dirs);
++ }
+
+ if (G_LIKELY (found))
+ {
+--- xfce4-panel-4.10.0/panel/panel-module-factory.c.orig 2012-04-28 16:31:35.000000000 -0400
++++ xfce4-panel-4.10.0/panel/panel-module-factory.c 2014-12-13 23:55:27.439404812 -0500
+@@ -42,6 +42,11 @@
+ #define PANEL_PLUGINS_DATA_DIR (DATADIR G_DIR_SEPARATOR_S "panel" G_DIR_SEPARATOR_S "plugins")
+ #define PANEL_PLUGINS_DATA_DIR_OLD (DATADIR G_DIR_SEPARATOR_S "panel-plugins")
+
++static const gchar *plugins_data_dir_tails[] =
++{
++ (G_DIR_SEPARATOR_S "xfce4" G_DIR_SEPARATOR_S "panel" G_DIR_SEPARATOR_S "plugins"),
++ (G_DIR_SEPARATOR_S "xfce4" G_DIR_SEPARATOR_S "panel-plugins")
++};
+
+
+ static void panel_module_factory_finalize (GObject *object);
+@@ -223,8 +228,22 @@
+ panel_module_factory_load_modules (PanelModuleFactory *factory,
+ gboolean warn_if_known)
+ {
++ const gchar * const * system_data_dirs;
++ int i, j;
++
+ panel_return_if_fail (PANEL_IS_MODULE_FACTORY (factory));
+
++ system_data_dirs = g_get_system_data_dirs ();
++ for (i = 0; system_data_dirs[i] != NULL; i++)
++ for (j = 0; j < G_N_ELEMENTS (plugins_data_dir_tails); j++)
++ {
++ gchar *dir;
++
++ dir = g_strconcat (system_data_dirs[i], plugins_data_dir_tails[j], NULL);
++ panel_module_factory_load_modules_dir (factory, dir, warn_if_known);
++ g_free (dir);
++ }
++
+ /* load from the new and old location */
+ panel_module_factory_load_modules_dir (factory, PANEL_PLUGINS_DATA_DIR, warn_if_known);
+ panel_module_factory_load_modules_dir (factory, PANEL_PLUGINS_DATA_DIR_OLD, warn_if_known);
diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm
index a724a1b21f..03cad3e25f 100644
--- a/gnu/packages/perl.scm
+++ b/gnu/packages/perl.scm
@@ -74,6 +74,27 @@
(home-page "http://www.perl.org/")
(license gpl1+))) ; or "Artistic"
+(define-public perl-clone
+ (package
+ (name "perl-clone")
+ (version "0.37")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://cpan/authors/id/G/GA/GARU/"
+ "Clone-" version ".tar.gz"))
+ (sha256
+ (base32
+ "17fdhxpzrq2nwim3zkcrz4m9gjixp0i886yz54ysrshxy3k53wnr"))))
+ (build-system perl-build-system)
+ (synopsis "Recursively copy Perl datatypes")
+ (description
+ "This module provides a clone() method which makes recursive copies of
+nested hash, array, scalar and reference types, including tied variables and
+objects.")
+ (home-page (string-append "http://search.cpan.org/~garu/"
+ "Clone-" version))
+ (license (package-license perl))))
+
(define-public perl-file-list
(package
(name "perl-file-list")
@@ -253,6 +274,54 @@ Perlish API and none of the bloat and rarely used features of IPC::Run.")
;; licenses, any version."
(license (list bsd-3 gpl3+))))
+(define-public perl-test-deep
+ (package
+ (name "perl-test-deep")
+ (version "0.114")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://cpan/authors/id/R/RJ/RJBS/"
+ "Test-Deep-" version ".tar.gz"))
+ (sha256
+ (base32
+ "09yr47vw7vj27sdik312x08938higcij8ybyq8k67mlccx8cpqf0"))))
+ (build-system perl-build-system)
+ (inputs `(("perl-test-tester" ,perl-test-tester)
+ ("perl-test-nowarnings" ,perl-test-nowarnings)))
+ (synopsis "Flexible deep comparison for the Test::Builder framework")
+ (description
+ "Test::Deep compares two structures by going through each level, ensuring
+that the values match, that arrays and hashes have the same elements and that
+references are blessed into the correct class. It also handles circular data
+structures without getting caught in an infinite loop.")
+ (home-page (string-append "http://search.cpan.org/~rjbs/"
+ "Test-Deep-" version))
+ (license gpl1+))) ; or "Artistic License"
+
+(define-public perl-test-nowarnings
+ (package
+ (name "perl-test-nowarnings")
+ (version "1.04")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://cpan/authors/id/A/AD/ADAMK/"
+ "Test-NoWarnings-" version ".tar.gz"))
+ (sha256
+ (base32
+ "0v385ch0hzz9naqwdw2az3zdqi15gka76pmiwlgsy6diiijmg2k3"))))
+ (build-system perl-build-system)
+ (inputs `(("perl-test-tester" ,perl-test-tester)))
+ (synopsis "Ensure no warnings are produced while testing")
+ (description
+ "This modules causes any warnings during testing to be captured and
+stored. It automatically adds an extra test that will run when your script
+ends to check that there were no warnings. If there were any warings, the
+test will fail and output diagnostics of where, when and what the warning was,
+including a stack trace of what was going on when it occurred.")
+ (home-page (string-append "http://search.cpan.org/~adamk/"
+ "Test-NoWarnings-" version))
+ (license lgpl2.1)))
+
(define-public perl-test-script
(package
(name "perl-test-script")
@@ -277,6 +346,46 @@ bin as is also commonly used) paths of your Perl distribution.")
"Test-Script-" version))
(license (package-license perl))))
+(define-public perl-test-simple
+ (package
+ (name "perl-test-simple")
+ (version "1.001009")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://cpan/authors/id/E/EX/EXODIST/"
+ "Test-Simple-" version ".tar.gz"))
+ (sha256
+ (base32
+ "1klxpy658aj1pmrw63j1hc16gilwh5rzhp9rb2d1iydi3hcm8xb5"))))
+ (build-system perl-build-system)
+ (synopsis "Basic utilities for writing tests")
+ (description
+ "Test::Simple contains basic utilities for writing tests.")
+ (home-page (string-append "http://search.cpan.org/~exodist/"
+ "Test-Simple-" version))
+ (license (package-license perl))))
+
+(define-public perl-test-tester
+ (package
+ (name "perl-test-tester")
+ (version "0.109")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://cpan/authors/id/F/FD/FDALY/"
+ "Test-Tester-" version ".tar.gz"))
+ (sha256
+ (base32
+ "0m9n28z09kq455r5nydj1bnr85lvmbfpcbjdkjfbpmfb5xgciiyk"))))
+ (build-system perl-build-system)
+ (synopsis "Simplify running Test::Builder tests")
+ (description
+ "Test::Tester allows testing of test modules based on Test::Builder with
+a minimum of effort.")
+ (home-page (string-append "http://search.cpan.org/~fdaly/"
+ "Test-Tester-" version))
+ ;; "Under the same license as Perl itself"
+ (license (package-license perl))))
+
(define-public perl-file-which
(package
(name "perl-file-which")
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index dc7def5507..adb84fc5b7 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -37,6 +37,7 @@
#:use-module (gnu packages openssl)
#:use-module (gnu packages elf)
#:use-module (gnu packages maths)
+ #:use-module (gnu packages ncurses)
#:use-module (gnu packages gcc)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages databases)
@@ -50,6 +51,9 @@
#:use-module (gnu packages fontutils)
#:use-module (gnu packages which)
#:use-module (gnu packages perl)
+ #:use-module (gnu packages xorg)
+ #:use-module (gnu packages glib)
+ #:use-module (gnu packages gtk)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix git-download)
@@ -614,6 +618,43 @@ get the local timezone information, unless you know the zoneinfo name, and
under several distributions that's hard or impossible to figure out.")
(license cc0)))
+(define-public python-pysam
+ (package
+ (name "python-pysam")
+ (version "0.8.1")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://pypi.python.org/packages/source/p/pysam/pysam-"
+ version ".tar.gz"))
+ (sha256
+ (base32
+ "1fb6i6hbpzxaxb62kyyp5alaidwhj40f7c6gwbhr6njzlqd5l459"))))
+ (build-system python-build-system)
+ (arguments
+ `(#:tests? #f ; tests are excluded in the manifest
+ #:phases
+ (alist-cons-before
+ 'build 'set-flags
+ (lambda _
+ (setenv "LDFLAGS" "-lncurses")
+ (setenv "CFLAGS" "-D_CURSES_LIB=1"))
+ %standard-phases)))
+ (inputs
+ `(("python-cython" ,python-cython)
+ ("python-setuptools" ,python-setuptools)
+ ("ncurses" ,ncurses)
+ ("zlib" ,zlib)))
+ (home-page "https://github.com/pysam-developers/pysam")
+ (synopsis "Python bindings to the SAMtools C API")
+ (description
+ "Pysam is a Python module for reading and manipulating files in the
+SAM/BAM format. Pysam is a lightweight wrapper of the SAMtools C API. It
+also includes an interface for tabix.")
+ (license expat)))
+
+(define-public python2-pysam
+ (package-with-python2 python-pysam))
(define-public python2-pysqlite
(package
@@ -2117,10 +2158,35 @@ that client code uses to construct the grammar directly in Python code.")
"0m6v9nwdldlwk22gcd339zg6mny5m301fxgks7z8sb8m9wawg8qp"))))
(build-system python-build-system)
(outputs '("out" "doc"))
+ (propagated-inputs ; the following packages are all needed at run time
+ `(("python-pyparsing" ,python-pyparsing)
+ ("python-pygobject" ,python-pygobject)
+ ("gobject-introspection" ,gobject-introspection)
+ ;; The 'gtk+' package (and 'gdk-pixbuf', 'atk' and 'pango' propagated
+ ;; from 'gtk+') provides the required 'typelib' files used by
+ ;; 'gobject-introspection'. The location of these files is set with the
+ ;; help of the environment variable GI_TYPELIB_PATH. At build time this
+ ;; is done automatically by a 'native-search-path' procedure. However,
+ ;; at run-time the user must set this variable as follows:
+ ;;
+ ;; export GI_TYPELIB_PATH=~/.guix-profile/lib/girepository-1.0
+ ;;
+ ;; 'typelib' files include references to dynamic libraries. Currently
+ ;; the references do not include the full path to the libraries. For
+ ;; this reason the user must set the LD_LIBRARY_PATH to the location of
+ ;; 'libgtk-3.so.0', 'libgdk-3.so.0' and 'libatk-1.0.so.0':
+ ;;
+ ;; export LD_LIBRARY_PATH=~/.guix-profile/lib
+ ("gtk+" ,gtk+)
+ ;; From version 1.4.0 'matplotlib' makes use of 'cairocffi' instead of
+ ;; 'pycairo'. However, 'pygobject' makes use of a 'pycairo' 'context'
+ ;; object. For this reason we need to import both libraries.
+ ;; https://pythonhosted.org/cairocffi/cffi_api.html#converting-pycairo
+ ("python-pycairo" ,python-pycairo)
+ ("python-cairocffi" ,python-cairocffi)))
(inputs
`(("python-setuptools" ,python-setuptools)
("python-dateutil" ,python-dateutil-2)
- ("python-pyparsing" ,python-pyparsing)
("python-six" ,python-six)
("python-pytz" ,python-pytz)
("python-numpy" ,python-numpy-bootstrap)
@@ -2131,10 +2197,10 @@ that client code uses to construct the grammar directly in Python code.")
("libpng" ,libpng)
("imagemagick" ,imagemagick)
("freetype" ,freetype)
+ ("cairo" ,cairo)
+ ("glib" ,glib)
+ ("python-pillow" ,python-pillow)
;; FIXME: Add backends when available.
- ;("python-pygtk" ,python-pygtk)
- ;("python-pycairo" ,python-pycairo)
- ;("python-pygobject" ,python-pygobject)
;("python-wxpython" ,python-wxpython)
;("python-pyqt" ,python-pyqt)
))
@@ -2144,40 +2210,51 @@ that client code uses to construct the grammar directly in Python code.")
("texinfo" ,texinfo)))
(arguments
`(#:phases
- (alist-cons-after
- 'install 'install-doc
- (lambda* (#:key outputs #:allow-other-keys)
- (let* ((data (string-append (assoc-ref outputs "doc") "/share"))
- (doc (string-append data "/doc/" ,name "-" ,version))
- (info (string-append data "/info"))
- (html (string-append doc "/html")))
- (with-directory-excursion "doc"
- ;; Without setting this variable we get an encoding error.
- (setenv "LANG" "en_US.UTF-8")
- ;; Produce pdf in 'A4' format.
- (substitute* (find-files "." "conf\\.py")
- (("latex_paper_size = 'letter'")
- "latex_paper_size = 'a4'"))
- (mkdir-p html)
- (mkdir-p info)
- ;; The doc recommends to run the 'html' target twice.
- (system* "python" "make.py" "html")
- (system* "python" "make.py" "html")
- (system* "python" "make.py" "latex")
- (system* "python" "make.py" "texinfo")
- (copy-file "build/texinfo/matplotlib.info"
- (string-append info "/matplotlib.info"))
- (copy-file "build/latex/Matplotlib.pdf"
- (string-append doc "/Matplotlib.pdf"))
- (with-directory-excursion "build/html"
- (map (lambda (file)
- (let* ((dir (dirname file))
- (tgt-dir (string-append html "/" dir)))
- (unless (equal? "." dir)
- (mkdir-p tgt-dir))
- (copy-file file (string-append html "/" file))))
- (find-files "." ".*"))))))
- %standard-phases)))
+ (alist-cons-before
+ 'build 'configure-environment
+ (lambda* (#:key outputs inputs #:allow-other-keys)
+ (let ((cairo (assoc-ref inputs "cairo"))
+ (gtk+ (assoc-ref inputs "gtk+")))
+ ;; Setting these directories in the 'basedirlist' of 'setup.cfg'
+ ;; has not effect.
+ ;;
+ ;; FIXME: setting LD_LIBRARY_PATH should be removed once we patch
+ ;; gobject-introspection to include the full path of shared
+ ;; libraries in 'typelib' files.
+ (setenv "LD_LIBRARY_PATH"
+ (string-append cairo "/lib:" gtk+ "/lib"))
+ (setenv "HOME" (getcwd))
+ (call-with-output-file "setup.cfg"
+ (lambda (port)
+ (format port "[rc_options]~%
+backend = GTK3Agg~%")))))
+ (alist-cons-after
+ 'install 'install-doc
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((data (string-append (assoc-ref outputs "doc") "/share"))
+ (doc (string-append data "/doc/" ,name "-" ,version))
+ (info (string-append data "/info"))
+ (html (string-append doc "/html")))
+ (with-directory-excursion "doc"
+ ;; Without setting this variable we get an encoding error.
+ (setenv "LANG" "en_US.UTF-8")
+ ;; Produce pdf in 'A4' format.
+ (substitute* (find-files "." "conf\\.py")
+ (("latex_paper_size = 'letter'")
+ "latex_paper_size = 'a4'"))
+ (mkdir-p html)
+ (mkdir-p info)
+ ;; The doc recommends to run the 'html' target twice.
+ (system* "python" "make.py" "html")
+ (system* "python" "make.py" "html")
+ (system* "python" "make.py" "latex")
+ (system* "python" "make.py" "texinfo")
+ (copy-file "build/texinfo/matplotlib.info"
+ (string-append info "/matplotlib.info"))
+ (copy-file "build/latex/Matplotlib.pdf"
+ (string-append doc "/Matplotlib.pdf"))
+ (copy-recursively "build/html" html))))
+ %standard-phases))))
(home-page "http://matplotlib.org")
(synopsis "2D plotting library for Python")
(description
@@ -2193,9 +2270,17 @@ toolkits.")
(package (inherit matplotlib)
;; Make sure we use exactly PYTHON2-NUMPYDOC, which is
;; customized for Python 2.
- (inputs `(("python2-numpydoc" ,python2-numpydoc)
- ,@(alist-delete "python-numpydoc"
- (package-inputs matplotlib)))))))
+ (propagated-inputs
+ `(("python2-py2cairo" ,python2-py2cairo)
+ ("python2-pygobject-2" ,python2-pygobject-2)
+ ,@(alist-delete "python-pycairo"
+ (alist-delete "python-pygobject"
+ (package-propagated-inputs
+ matplotlib)))))
+ (inputs
+ `(("python2-numpydoc" ,python2-numpydoc)
+ ,@(alist-delete "python-numpydoc"
+ (package-inputs matplotlib)))))))
;; Scipy 0.14.0 with Numpy 0.19.X fails several tests. This is known and
;; planned to be fixed in 0.14.1. It is claimed that the failures can safely
@@ -2542,3 +2627,102 @@ a front-end for C compilers or analysis tools.")
(define-public python2-cffi
(package-with-python2 python-cffi))
+
+(define-public python-xcffib
+ (package
+ (name "python-xcffib")
+ (version "0.1.9")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://pypi.python.org/packages/source/x/"
+ "xcffib/xcffib-" version ".tar.gz"))
+ (sha256
+ (base32
+ "0655hzxv57h1a9ja9kwp0ichbkhf3djw32k33d66xp0q37dq2y81"))))
+ (build-system python-build-system)
+ (inputs
+ `(("libxcb" ,libxcb)
+ ("python-six" ,python-six)))
+ (native-inputs
+ `(("python-setuptools" ,python-setuptools)))
+ (propagated-inputs
+ `(("python-cffi" ,python-cffi))) ; used at run time
+ (arguments
+ `(#:phases
+ (alist-cons-after
+ 'install 'install-doc
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((doc (string-append (assoc-ref outputs "out") "/share"
+ "/doc/" ,name "-" ,version)))
+ (mkdir-p doc)
+ (copy-file "README.md"
+ (string-append doc "/README.md"))))
+ %standard-phases)))
+ (home-page "https://github.com/tych0/xcffib")
+ (synopsis "XCB Python bindings")
+ (description
+ "Xcffib is a replacement for xpyb, an XCB Python bindings. It adds
+support for Python 3 and PyPy. It is based on cffi.")
+ (license expat)))
+
+(define-public python2-xcffib
+ (package-with-python2 python-xcffib))
+
+(define-public python-cairocffi
+ (package
+ (name "python-cairocffi")
+ (version "0.6")
+ (source
+ (origin
+ (method url-fetch)
+ ;; The archive on pypi is missing the 'utils' directory!
+ (uri (string-append "https://github.com/SimonSapin/cairocffi/archive/v"
+ version ".tar.gz"))
+ (sha256
+ (base32
+ "03w5p62sp3nqiccx864sbq0jvh7946277jqx3rcc3dch5xwfvv51"))))
+ (build-system python-build-system)
+ (outputs '("out" "doc"))
+ (inputs
+ `(("gdk-pixbuf" ,gdk-pixbuf)
+ ("cairo" ,cairo)))
+ (native-inputs
+ `(("pkg-config" ,pkg-config)
+ ("python-sphinx" ,python-sphinx)
+ ("python-docutils" ,python-docutils)
+ ("python-setuptools" ,python-setuptools)))
+ (propagated-inputs
+ `(("python-xcffib" ,python-xcffib))) ; used at run time
+ (arguments
+ `(#:phases
+ (alist-cons-after
+ 'install 'install-doc
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ (let* ((data (string-append (assoc-ref outputs "doc") "/share"))
+ (doc (string-append data "/doc/" ,name "-" ,version))
+ (html (string-append doc "/html")))
+ (setenv "LD_LIBRARY_PATH"
+ (string-append (assoc-ref inputs "cairo") "/lib" ":"
+ (assoc-ref inputs "gdk-pixbuf") "/lib"))
+ (setenv "LANG" "en_US.UTF-8")
+ (mkdir-p html)
+ (for-each (lambda (file)
+ (copy-file (string-append "." file)
+ (string-append doc file)))
+ '("/README.rst" "/CHANGES" "/LICENSE"))
+ (system* "python" "setup.py" "build_sphinx")
+ (copy-recursively "docs/_build/html" html)))
+ %standard-phases)))
+ (home-page "https://github.com/SimonSapin/cairocffi")
+ (synopsis "Python bindings and object-oriented API for Cairo")
+ (description
+ "Cairocffi is a CFFI-based drop-in replacement for Pycairo, a set of
+Python bindings and object-oriented API for cairo. Cairo is a 2D vector
+graphics library with support for multiple backends including image buffers,
+PNG, PostScript, PDF, and SVG file output.")
+ (license bsd-3)))
+
+(define-public python2-cairocffi
+ (package-with-python2 python-cairocffi))
+
diff --git a/gnu/packages/qemu.scm b/gnu/packages/qemu.scm
index 0a37a246bd..77aeecf40c 100644
--- a/gnu/packages/qemu.scm
+++ b/gnu/packages/qemu.scm
@@ -42,14 +42,14 @@
;; This is QEMU without GUI support.
(package
(name "qemu-headless")
- (version "2.0.0")
+ (version "2.2.0")
(source (origin
(method url-fetch)
(uri (string-append "http://wiki.qemu-project.org/download/qemu-"
version ".tar.bz2"))
(sha256
(base32
- "0frsahiw56jr4cqr9m6s383lyj4ar9hfs2wp3y4yr76krah1mk30"))))
+ "1703c3scl5n07gmpilg7g2xzyxnr7jczxgx6nn4m8kv9gin9p35n"))))
(build-system gnu-build-system)
(arguments
'(#:phases (alist-replace
diff --git a/gnu/packages/tmux.scm b/gnu/packages/tmux.scm
index 636b56e0db..9cb35bb4b2 100644
--- a/gnu/packages/tmux.scm
+++ b/gnu/packages/tmux.scm
@@ -28,7 +28,7 @@
(define-public tmux
(package
(name "tmux")
- (version "1.7")
+ (version "1.9a")
(source (origin
(method url-fetch)
(uri (string-append
@@ -36,7 +36,7 @@
version "/tmux-" version ".tar.gz"))
(sha256
(base32
- "0ywy1x2g905hmhkdz418ik42lcvnhnwr8fv63rcqczfg27d6nd38"))))
+ "1x9k4wfd4l5jg6fh7xkr3yyilizha6ka8m5b1nr0kw8wj0mv5qy5"))))
(build-system gnu-build-system)
(inputs
`(("libevent" ,libevent)
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index 063f1dae43..984ba7e1f4 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -395,7 +395,7 @@ SVCD, DVD, 3ivx, DivX 3/4/5, WMV and H.264 movies.")
(define-public youtube-dl
(package
(name "youtube-dl")
- (version "2014.11.21.1")
+ (version "2014.12.15")
(source (origin
(method url-fetch)
(uri (string-append "http://youtube-dl.org/downloads/"
@@ -403,7 +403,7 @@ SVCD, DVD, 3ivx, DivX 3/4/5, WMV and H.264 movies.")
version ".tar.gz"))
(sha256
(base32
- "0rxpx8j4qhhsws6czlfji1x9igsinkbbwvld10qdylll7g9q1v7j"))))
+ "09z7v6jxs4a36kyy681mcypcqsxipplnbdy9s3rva1rpp5f74h2z"))))
(build-system python-build-system)
(inputs `(("setuptools" ,python-setuptools)))
(home-page "http://youtube-dl.org")
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index 6820d018e3..6a84a45376 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -29,6 +29,7 @@
#:use-module (gnu packages image)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages glib)
+ #:use-module (gnu packages perl)
#:use-module (gnu packages xorg))
;; packages outside the x.org system proper
@@ -57,6 +58,47 @@ can also be used for copying files, as an alternative to sftp/scp, thus
avoiding password prompts when X11 forwarding has already been setup.")
(license license:gpl2+)))
+(define-public xdotool
+ (package
+ (name "xdotool")
+ (version "2.20110530.1")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append
+ "http://semicomplete.googlecode.com/files/" name "-"
+ version ".tar.gz"))
+ (sha256
+ (base32
+ "0rxggg1cy7nnkwidx8x2w3c5f3pk6dh2b6q0q7hp069r3n5jrd77"))))
+ (build-system gnu-build-system)
+ (arguments
+ '(#:tests? #f ; Test suite requires a lot of black magic
+ #:phases
+ (alist-replace 'configure
+ (lambda* (#:key outputs #:allow-other-keys #:rest args)
+ (setenv "PREFIX" (assoc-ref outputs "out"))
+ (setenv "LDFLAGS" (string-append "-Wl,-rpath="
+ (assoc-ref
+ %outputs "out") "/lib"))
+ (setenv "CC" "gcc"))
+ %standard-phases)))
+ (native-inputs `(("perl" ,perl))) ; for pod2man
+ (inputs `(("libx11" ,libx11)
+ ("libxext" ,libxext)
+ ("libxi" ,libxi)
+ ("libxinerama" ,libxinerama)
+ ("libxtst" ,libxtst)))
+ (home-page "http://www.semicomplete.com/projects/xdotool")
+ (synopsis "Fake keyboard/mouse input, window management, and more")
+ (description "Xdotool lets you simulate keyboard input and mouse activity,
+move and resize windows, etc. It does this using X11's XTEST extension and
+other Xlib functions. Additionally, you can search for windows and move,
+resize, hide, and modify window properties like the title. If your window
+manager supports it, you can use xdotool to switch desktops, move windows
+between desktops, and change the number of desktops.")
+ (license license:bsd-3)))
+
(define-public xeyes
(package
(name "xeyes")
diff --git a/gnu/packages/xfce.scm b/gnu/packages/xfce.scm
index 69776fc582..2b15c3e35c 100644
--- a/gnu/packages/xfce.scm
+++ b/gnu/packages/xfce.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014 Sou Bunnbu <iyzsong@gmail.com>
+;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -22,6 +23,7 @@
#:use-module (guix download)
#:use-module (guix utils)
#:use-module (guix build-system gnu)
+ #:use-module (gnu packages)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages glib)
#:use-module (gnu packages gtk)
@@ -249,7 +251,8 @@ management D-Bus specification.")
"/src/" name "-" version ".tar.bz2"))
(sha256
(base32
- "1f8903nx6ivzircl8d8s9zna4vjgfy0qhjk5d2x19g9bmycgj89k"))))
+ "1f8903nx6ivzircl8d8s9zna4vjgfy0qhjk5d2x19g9bmycgj89k"))
+ (patches (list (search-patch "xfce4-panel-plugins.patch")))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)
@@ -261,6 +264,10 @@ management D-Bus specification.")
("garcon", garcon)
("libwnck" ,libwnck-1)
("libxfce4ui" ,libxfce4ui)))
+ (native-search-paths
+ (list (search-path-specification
+ (variable "X_XFCE4_LIB_DIRS")
+ (directories '("lib/xfce4")))))
(home-page "http://www.xfce.org/")
(synopsis "Xfce desktop panel")
(description
@@ -269,6 +276,35 @@ applications menu, workspace switcher and more.")
;; Libraries are under LGPLv2.1+, and programs under GPLv2+.
(license (list gpl2+ lgpl2.1+))))
+(define-public xfce4-battery-plugin
+ (package
+ (name "xfce4-battery-plugin")
+ (version "1.0.5")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "http://archive.xfce.org/src/panel-plugins/"
+ name "/" (version-major+minor version) "/"
+ name "-" version ".tar.bz2"))
+ (sha256
+ (base32
+ "04gbplcj8z4vg5xbks8cc2jjf62mmf9sdymg90scjwmb82pv2ngn"))))
+ (build-system gnu-build-system)
+ (native-inputs `(("pkg-config" ,pkg-config)
+ ("intltool" ,intltool)))
+ (inputs `(("glib" ,glib)
+ ("gtk+" ,gtk+-2)
+ ("libxfce4util" ,libxfce4util)
+ ("libxfce4ui" ,libxfce4ui)
+ ("xfce4-panel" ,xfce4-panel)))
+ (home-page
+ "http://goodies.xfce.org/projects/panel-plugins/xfce4-battery-plugin")
+ (synopsis "Battery monitor panel plugin for Xfce4")
+ (description
+ "A battery monitor panel plugin for Xfce4, compatible with APM and ACPI.")
+ ;; The main plugin code is covered by gpl2+, but the files containing code
+ ;; to read the battery state via ACPI or APM are covered by lgpl2.0+.
+ (license (list gpl2+ lgpl2.0+))))
+
(define-public xfce4-appfinder
(package
(name "xfce4-appfinder")
@@ -476,3 +512,33 @@ on the screen.")
optional application menu or icons for minimized applications or launchers,
devices and folders.")
(license gpl2+)))
+
+(define-public xfce4-terminal
+ (package
+ (name "xfce4-terminal")
+ (version "0.6.3")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "http://archive.xfce.org/src/apps/" name "/"
+ (version-major+minor version) "/"
+ name "-" version ".tar.bz2"))
+ (sha256
+ (base32
+ "023y0lkfijifh05yz8grimxadqpi98mrivr00sl18nirq8b4fbwi"))))
+ (build-system gnu-build-system)
+ (native-inputs
+ `(("pkg-config" ,pkg-config)
+ ("intltool" ,intltool)))
+ (inputs
+ `(("libxfce4ui" ,libxfce4ui)
+ ("vte" ,vte/gtk+-2)))
+ (home-page "http://www.xfce.org/")
+ (synopsis "Xfce terminal emulator")
+ (description
+ "A lightweight and easy to use terminal emulator for Xfce. Features
+include a simple configuration interface, the ability to use multiple tabs
+with terminals within a single window, the possibility to have a
+pseudo-transparent terminal background, and a compact mode (where both the
+menubar and the window decorations are hidden) that helps you to save space
+on your desktop.")
+ (license gpl2+)))
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 712222bdde..95edba6e7c 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -33,8 +33,10 @@
#:select (mount-flags->bit-mask))
#:use-module (guix gexp)
#:use-module (guix monads)
+ #:use-module (guix records)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-26)
+ #:use-module (ice-9 match)
#:use-module (ice-9 format)
#:export (root-file-system-service
file-system-service
@@ -46,6 +48,16 @@
console-font-service
udev-service
mingetty-service
+
+ %nscd-default-caches
+ %nscd-default-configuration
+
+ nscd-configuration
+ nscd-configuration?
+
+ nscd-cache
+ nscd-cache?
+
nscd-service
syslog-service
guix-service
@@ -374,9 +386,110 @@ the ``message of the day''."
#:allow-empty-passwords? allow-empty-passwords?
#:motd motd)))))))
-(define* (nscd-service #:key (glibc (canonical-package glibc)))
- "Return a service that runs libc's name service cache daemon (nscd)."
- (with-monad %store-monad
+(define-record-type* <nscd-configuration> nscd-configuration
+ make-nscd-configuration
+ nscd-configuration?
+ (log-file nscd-configuration-log-file ;string
+ (default "/var/log/nscd.log"))
+ (debug-level nscd-debug-level ;integer
+ (default 0))
+ ;; TODO: See nscd.conf in glibc for other options to add.
+ (caches nscd-configuration-caches ;list of <nscd-cache>
+ (default %nscd-default-caches)))
+
+(define-record-type* <nscd-cache> nscd-cache make-nscd-cache
+ nscd-cache?
+ (database nscd-cache-database) ;symbol
+ (positive-time-to-live nscd-cache-positive-time-to-live) ;integer
+ (negative-time-to-live nscd-cache-negative-time-to-live
+ (default 20)) ;integer
+ (suggested-size nscd-cache-suggested-size ;integer ("default module
+ ;of hash table")
+ (default 211))
+ (check-files? nscd-cache-check-files? ;Boolean
+ (default #t))
+ (persistent? nscd-cache-persistent? ;Boolean
+ (default #t))
+ (shared? nscd-cache-shared? ;Boolean
+ (default #t))
+ (max-database-size nscd-cache-max-database-size ;integer
+ (default (* 32 (expt 2 20))))
+ (auto-propagate? nscd-cache-auto-propagate? ;Boolean
+ (default #t)))
+
+(define %nscd-default-caches
+ ;; Caches that we want to enable by default. Note that when providing an
+ ;; empty nscd.conf, all caches are disabled.
+ (list (nscd-cache (database 'hosts)
+
+ ;; Aggressively cache the host name cache to improve
+ ;; privacy and resilience.
+ (positive-time-to-live (* 3600 12))
+ (negative-time-to-live 20)
+ (persistent? #t))
+
+ (nscd-cache (database 'services)
+
+ ;; Services are unlikely to change, so we can be even more
+ ;; aggressive.
+ (positive-time-to-live (* 3600 24))
+ (negative-time-to-live 3600)
+ (check-files? #t) ;check /etc/services changes
+ (persistent? #t))))
+
+(define %nscd-default-configuration
+ ;; Default nscd configuration.
+ (nscd-configuration))
+
+(define (nscd.conf-file config)
+ "Return the @file{nscd.conf} configuration file for @var{config}, an
+@code{<nscd-configuration>} object."
+ (define cache->config
+ (match-lambda
+ (($ <nscd-cache> (= symbol->string database)
+ positive-ttl negative-ttl size check-files?
+ persistent? shared? max-size propagate?)
+ (string-append "\nenable-cache\t" database "\tyes\n"
+
+ "positive-time-to-live\t" database "\t"
+ (number->string positive-ttl) "\n"
+ "negative-time-to-live\t" database "\t"
+ (number->string negative-ttl) "\n"
+ "suggested-size\t" database "\t"
+ (number->string size) "\n"
+ "check-files\t" database "\t"
+ (if check-files? "yes\n" "no\n")
+ "persistent\t" database "\t"
+ (if persistent? "yes\n" "no\n")
+ "shared\t" database "\t"
+ (if shared? "yes\n" "no\n")
+ "max-db-size\t" database "\t"
+ (number->string max-size) "\n"
+ "auto-propagate\t" database "\t"
+ (if propagate? "yes\n" "no\n")))))
+
+ (match config
+ (($ <nscd-configuration> log-file debug-level caches)
+ (text-file "nscd.conf"
+ (string-append "\
+# Configuration of libc's name service cache daemon (nscd).\n\n"
+ (if log-file
+ (string-append "logfile\t" log-file)
+ "")
+ "\n"
+ (if debug-level
+ (string-append "debug-level\t"
+ (number->string debug-level))
+ "")
+ "\n"
+ (string-concatenate
+ (map cache->config caches)))))))
+
+(define* (nscd-service #:optional (config %nscd-default-configuration)
+ #:key (glibc (canonical-package glibc)))
+ "Return a service that runs libc's name service cache daemon (nscd) with the
+given @var{config}---an @code{<nscd-configuration>} object."
+ (mlet %store-monad ((nscd.conf (nscd.conf-file config)))
(return (service
(documentation "Run libc's name service cache daemon (nscd).")
(provision '(nscd))
@@ -388,7 +501,7 @@ the ``message of the day''."
(start #~(make-forkexec-constructor
(list (string-append #$glibc "/sbin/nscd")
- "-f" "/dev/null" "--foreground")))
+ "-f" #$nscd.conf "--foreground")))
(stop #~(make-kill-destructor))
(respawn? #f)))))
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 1cb501bb7a..db9be8cfbd 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -80,60 +80,62 @@ fe80::1%lo0 apps.facebook.com\n")
gateway
(provision '(networking))
(name-servers '())
- (inetutils inetutils)
(net-tools net-tools))
"Return a service that starts @var{interface} with address @var{ip}. If
@var{gateway} is true, it must be a string specifying the default network
gateway."
+ (define loopback?
+ (memq 'loopback provision))
- ;; TODO: Eventually we should do this using Guile's networking procedures,
- ;; like 'configure-qemu-networking' does, but the patch that does this is
- ;; not yet in stock Guile.
+ ;; TODO: Eventually replace 'route' with bindings for the appropriate
+ ;; ioctls.
(with-monad %store-monad
(return
(service
;; Unless we're providing the loopback interface, wait for udev to be up
;; and running so that INTERFACE is actually usable.
- (requirement (if (memq 'loopback provision)
- '()
- '(udev)))
+ (requirement (if loopback? '() '(udev)))
(documentation
"Bring up the networking interface using a static IP address.")
(provision provision)
(start #~(lambda _
;; Return #t if successfully started.
- (and (zero? (system* (string-append #$inetutils
- "/bin/ifconfig")
- "-i" #$interface "-A" #$ip
- "-i" #$interface "--up"))
- #$(if gateway
- #~(zero? (system* (string-append #$net-tools
- "/sbin/route")
- "add" "-net" "default"
- "gw" #$gateway))
- #t)
- #$(if (pair? name-servers)
- #~(call-with-output-file "/etc/resolv.conf"
- (lambda (port)
- (display
- "# Generated by 'static-networking-service'.\n"
- port)
- (for-each (lambda (server)
- (format port "nameserver ~a~%"
- server))
- '#$name-servers)))
- #t))))
+ (let* ((addr (inet-pton AF_INET #$ip))
+ (sockaddr (make-socket-address AF_INET addr 0)))
+ (configure-network-interface #$interface sockaddr
+ (logior IFF_UP
+ #$(if loopback?
+ #~IFF_LOOPBACK
+ 0))))
+ #$(if gateway
+ #~(zero? (system* (string-append #$net-tools
+ "/sbin/route")
+ "add" "-net" "default"
+ "gw" #$gateway))
+ #t)
+ #$(if (pair? name-servers)
+ #~(call-with-output-file "/etc/resolv.conf"
+ (lambda (port)
+ (display
+ "# Generated by 'static-networking-service'.\n"
+ port)
+ (for-each (lambda (server)
+ (format port "nameserver ~a~%"
+ server))
+ '#$name-servers)))
+ #t)))
(stop #~(lambda _
;; Return #f is successfully stopped.
- (not (and (system* (string-append #$inetutils "/bin/ifconfig")
- #$interface "down")
- #$(if gateway
- #~(system* (string-append #$net-tools
- "/sbin/route")
- "del" "-net" "default")
- #t)))))
+ (let ((sock (socket AF_INET SOCK_STREAM 0)))
+ (set-network-interface-flags sock #$interface 0)
+ (close-port sock))
+ (not #$(if gateway
+ #~(system* (string-append #$net-tools
+ "/sbin/route")
+ "del" "-net" "default")
+ #t))))
(respawn? #f)))))
(define* (dhcp-client-service #:key (dhcp isc-dhcp))
diff --git a/gnu/services/xorg.scm b/gnu/services/xorg.scm
index fbf96c799b..27a72e8019 100644
--- a/gnu/services/xorg.scm
+++ b/gnu/services/xorg.scm
@@ -36,7 +36,7 @@
#:use-module (srfi srfi-26)
#:use-module (ice-9 match)
#:export (xorg-start-command
-
+ %default-xsessions
%default-slim-theme
%default-slim-theme-name
slim-service))
@@ -136,9 +136,10 @@ EndSection
(define* (xinitrc #:key
(guile (canonical-package guile-2.0))
- (ratpoison ratpoison)
- (windowmaker windowmaker))
- "Return a system-wide xinitrc script that starts the specified X session."
+ fallback-session)
+ "Return a system-wide xinitrc script that starts the specified X session,
+which should be passed to this script as the first argument. If not, the
+@var{fallback-session} will be used."
(define builder
#~(begin
(use-modules (ice-9 match))
@@ -155,20 +156,14 @@ EndSection
(execl shell shell "--login" "-c"
(string-join (cons command args))))))
- ;; First, try to run ~/.xsession.
- (let* ((home (getenv "HOME"))
- (xsession (string-append home "/.xsession")))
- (exec-from-login-shell xsession))
-
- ;; Then try a pre-configured session type.
- (let ((ratpoison (string-append #$ratpoison "/bin/ratpoison"))
- (wmaker (string-append #$windowmaker "/bin/wmaker")))
- (match (command-line)
- ((_ "ratpoison")
- (exec-from-login-shell ratpoison))
- (_
- (exec-from-login-shell wmaker))))))
-
+ (let ((home (getenv "HOME"))
+ (session (match (command-line)
+ ((_ x) x)
+ (_ #$fallback-session))))
+ ;; First, try to run ~/.xsession.
+ (exec-from-login-shell (string-append home "/.xsession"))
+ ;; Then try to start the specified session.
+ (exec-from-login-shell session))))
(gexp->script "xinitrc" builder))
@@ -176,6 +171,35 @@ EndSection
;;; SLiM log-in manager.
;;;
+(define %default-xsessions
+ ;; Default xsessions available for log-in manager, representing as a list of
+ ;; monadic desktop entries.
+ (list (text-file* "wmaker.desktop" "
+[Desktop Entry]
+Name=Window Maker
+Exec=" windowmaker "/bin/wmaker
+Type=Application
+")
+ (text-file* "ratpoison.desktop" "
+[Desktop Entry]
+Name=Ratpoison
+Exec=" ratpoison "/bin/ratpoison
+Type=Application
+")))
+
+(define (xsessions-directory sessions)
+ "Return a directory containing SESSIONS, which should be a list of monadic
+desktop entries."
+ (mlet %store-monad ((sessions (sequence %store-monad sessions)))
+ (define builder
+ #~(begin
+ (mkdir #$output)
+ (for-each (lambda (session)
+ (symlink session (string-append #$output "/"
+ (basename session))))
+ '#$sessions)))
+ (gexp->derivation "xsessions-dir" builder)))
+
(define %default-slim-theme
;; Theme based on work by Felipe López.
#~(string-append #$%artwork-repository "/slim"))
@@ -191,6 +215,9 @@ EndSection
(theme %default-slim-theme)
(theme-name %default-slim-theme-name)
(xauth xauth) (dmd dmd) (bash bash)
+ (sessions %default-xsessions)
+ (auto-login-session #~(string-append #$windowmaker
+ "/bin/wmaker"))
startx)
"Return a service that spawns the SLiM graphical login manager, which in
turn starts the X display server with @var{startx}, a command as returned by
@@ -198,7 +225,7 @@ turn starts the X display server with @var{startx}, a command as returned by
When @var{allow-empty-passwords?} is true, allow logins with an empty
password. When @var{auto-login?} is true, log in automatically as
-@var{default-user}.
+@var{default-user} with @var{auto-login-session}.
If @var{theme} is @code{#f}, the use the default log-in theme; otherwise
@var{theme} must be a gexp denoting the name of a directory containing the
@@ -207,7 +234,9 @@ theme."
(define (slim.cfg)
(mlet %store-monad ((startx (or startx (xorg-start-command)))
- (xinitrc (xinitrc)))
+ (xinitrc (xinitrc #:fallback-session
+ auto-login-session))
+ (sessiondir (xsessions-directory sessions)))
(text-file* "slim.cfg" "
default_path /run/current-system/profile/bin
default_xserver " startx "
@@ -218,7 +247,7 @@ authfile /var/run/slim.auth
# The login command. '%session' is replaced by the chosen session name, one
# of the names specified in the 'sessions' setting: 'wmaker', 'xfce', etc.
login_cmd exec " xinitrc " %session
-sessions wmaker,ratpoison
+sessiondir " sessiondir "
halt_cmd " dmd "/sbin/halt
reboot_cmd " dmd "/sbin/reboot
diff --git a/gnu/system/install.scm b/gnu/system/install.scm
index 01e79480b1..ab3fe42ae1 100644
--- a/gnu/system/install.scm
+++ b/gnu/system/install.scm
@@ -145,6 +145,14 @@ configuration template file in the installation system."
#~(unless (file-exists? #$local-template)
(copy-file #$template #$local-template)))))))
+(define %nscd-minimal-caches
+ ;; Minimal in-memory caching policy for nscd.
+ (list (nscd-cache (database 'hosts)
+ (positive-time-to-live (* 3600 12))
+ (negative-time-to-live 20)
+ (persistent? #f)
+ (max-database-size (* 5 (expt 2 20)))))) ;5 MiB
+
(define (installation-services)
"Return the list services for the installation image."
(let ((motd (text-file "motd" "
@@ -206,7 +214,10 @@ You have been warned. Thanks for being so brave.
(console-font-service "tty5")
(console-font-service "tty6")
- (nscd-service))))
+ ;; Since this is running on a USB stick with a unionfs as the root
+ ;; file system, use an appropriate cache configuration.
+ (nscd-service (nscd-configuration
+ (caches %nscd-minimal-caches))))))
(define %issue
;; Greeting.