diff options
42 files changed, 341 insertions, 956 deletions
diff --git a/build-aux/hydra/gnu-system.scm b/build-aux/hydra/gnu-system.scm index e406ed94c5..f5a37a2ca4 100644 --- a/build-aux/hydra/gnu-system.scm +++ b/build-aux/hydra/gnu-system.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -123,7 +123,8 @@ SYSTEM." '("mips64el-linux-gnu" "mips64el-linux-gnuabi64" "arm-linux-gnueabihf" - "i686-w64-mingw32")) + "i686-w64-mingw32" + "powerpc-linux-gnu")) (define %guixsd-supported-systems '("x86_64-linux" "i686-linux")) diff --git a/gnu/local.mk b/gnu/local.mk index 1889a0ecd6..6dcd174bc3 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -546,7 +546,6 @@ dist_patch_DATA = \ %D%/packages/patches/fcgi-2.4.0-poll.patch \ %D%/packages/patches/findutils-localstatedir.patch \ %D%/packages/patches/findutils-test-xargs.patch \ - %D%/packages/patches/flex-CVE-2016-6354.patch \ %D%/packages/patches/flint-ldconfig.patch \ %D%/packages/patches/fltk-shared-lib-defines.patch \ %D%/packages/patches/fltk-xfont-on-demand.patch \ @@ -557,6 +556,7 @@ dist_patch_DATA = \ %D%/packages/patches/gcc-arm-bug-71399.patch \ %D%/packages/patches/gcc-arm-link-spec-fix.patch \ %D%/packages/patches/gcc-cross-environment-variables.patch \ + %D%/packages/patches/gcc-libiberty-printf-decl.patch \ %D%/packages/patches/gcc-libvtv-runpath.patch \ %D%/packages/patches/gcc-strmov-store-file-names.patch \ %D%/packages/patches/gcc-4.9.3-mingw-gthr-default.patch \ @@ -657,10 +657,6 @@ dist_patch_DATA = \ %D%/packages/patches/liba52-link-with-libm.patch \ %D%/packages/patches/liba52-set-soname.patch \ %D%/packages/patches/liba52-use-mtune-not-mcpu.patch \ - %D%/packages/patches/libarchive-7zip-heap-overflow.patch \ - %D%/packages/patches/libarchive-fix-symlink-check.patch \ - %D%/packages/patches/libarchive-fix-filesystem-attacks.patch \ - %D%/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch \ %D%/packages/patches/libbonobo-activation-test-race.patch \ %D%/packages/patches/libcanberra-sound-theme-freedesktop.patch \ %D%/packages/patches/libcmis-fix-test-onedrive.patch \ @@ -844,7 +840,6 @@ dist_patch_DATA = \ %D%/packages/patches/ruby-rack-ignore-failing-test.patch \ %D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\ %D%/packages/patches/ruby-yard-fix-skip-of-markdown-tests.patch \ - %D%/packages/patches/sed-hurd-path-max.patch \ %D%/packages/patches/scheme48-tests.patch \ %D%/packages/patches/scotch-test-threading.patch \ %D%/packages/patches/sdl-libx11-1.6.patch \ @@ -866,6 +861,7 @@ dist_patch_DATA = \ %D%/packages/patches/t1lib-CVE-2010-2642.patch \ %D%/packages/patches/t1lib-CVE-2011-0764.patch \ %D%/packages/patches/t1lib-CVE-2011-1552+CVE-2011-1553+CVE-2011-1554.patch \ + %D%/packages/patches/tar-CVE-2016-6321.patch \ %D%/packages/patches/tar-skip-unreliable-tests.patch \ %D%/packages/patches/tcl-mkindex-deterministic.patch \ %D%/packages/patches/tclxml-3.2-install.patch \ diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index 8a7dc6af89..9e912a9543 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -112,20 +112,23 @@ usual file attributes can be checked for inconsistencies.") (define-public progress (package (name "progress") - (version "0.13") + (version "0.13.1") (source (origin (method url-fetch) (uri (string-append "https://github.com/Xfennec/" name "/archive/v" version ".tar.gz")) (sha256 - (base32 "133iar4vq5vlklydb4cyazjy6slmpbndrws474mg738bd8avc30n")) + (base32 "199rk6608q9m6l0fbjm0xl2w1c5krf8245dqnksdp4rqp7l9ak06")) (file-name (string-append name "-" version ".tar.gz")))) (build-system gnu-build-system) + (native-inputs + `(("pkg-config" ,pkg-config) + ("which" ,which))) (inputs `(("ncurses" ,ncurses))) (arguments `(#:tests? #f ; There is no test suite. - #:make-flags (list "CC=gcc" "LDFLAGS+=-lncurses" + #:make-flags (list "CC=gcc" (string-append "PREFIX=" (assoc-ref %outputs "out"))) #:phases (modify-phases %standard-phases diff --git a/gnu/packages/autotools.scm b/gnu/packages/autotools.scm index 72492e70eb..442c87c1f1 100644 --- a/gnu/packages/autotools.scm +++ b/gnu/packages/autotools.scm @@ -5,6 +5,7 @@ ;;; Copyright © 2014 Manolis Fragkiskos Ragkousis <manolis837@gmail.com> ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2016 David Thompson <davet@gnu.org> +;;; Copyright © 2017 ng0 <ng0@libertad.pw> ;;; ;;; This file is part of GNU Guix. ;;; @@ -26,6 +27,7 @@ #:use-module (gnu packages) #:use-module (gnu packages perl) #:use-module (gnu packages m4) + #:use-module (gnu packages man) #:use-module (gnu packages bash) #:use-module (guix utils) #:use-module (guix packages) @@ -300,6 +302,7 @@ Makefile, simplifying the entire process for the developer.") (propagated-inputs `(("m4" ,m4))) (native-inputs `(("m4" ,m4) ("perl" ,perl) + ("help2man" ,help2man) ;because we modify ltmain.sh ("automake" ,automake) ;some tests rely on 'aclocal' ("autoconf" ,(autoconf-wrapper)))) ;others on 'autom4te' @@ -313,21 +316,27 @@ Makefile, simplifying the entire process for the developer.") (or (%current-target-system) (%current-system)))) - #:phases (alist-cons-before - 'check 'pre-check - (lambda* (#:key inputs #:allow-other-keys) - ;; Run the test suite in parallel, if possible. - (setenv "TESTSUITEFLAGS" - (string-append - "-j" - (number->string (parallel-job-count)))) + #:phases + (modify-phases %standard-phases + (add-before 'check 'pre-check + (lambda* (#:key inputs #:allow-other-keys) + ;; Run the test suite in parallel, if possible. + (setenv "TESTSUITEFLAGS" + (string-append + "-j" + (number->string (parallel-job-count)))) + ;; Patch references to /bin/sh. + (let ((bash (assoc-ref inputs "bash"))) + (substitute* "tests/testsuite" + (("/bin/sh") + (string-append bash "/bin/sh"))) + #t))) + (add-after 'patch-source-shebangs 'restore-ltmain-shebang + (lambda* (#:key inputs #:allow-other-keys) + (substitute* "build-aux/ltmain.in" + (("^#!.*/bin/sh$") "#!/bin/sh")) + #t))))) - ;; Path references to /bin/sh. - (let ((bash (assoc-ref inputs "bash"))) - (substitute* "tests/testsuite" - (("/bin/sh") - (string-append bash "/bin/bash"))))) - %standard-phases))) (synopsis "Generic shared library support tools") (description "GNU Libtool helps in the creation and use of shared libraries, by diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm index 8cfe470ec6..8308616a1f 100644 --- a/gnu/packages/backup.scm +++ b/gnu/packages/backup.scm @@ -173,20 +173,15 @@ backups (called chunks) to allow easy burning to CD/DVD.") (define-public libarchive (package (name "libarchive") - (version "3.2.1") + (version "3.2.2") (source (origin (method url-fetch) (uri (string-append "http://libarchive.org/downloads/libarchive-" version ".tar.gz")) - (patches (search-patches - "libarchive-7zip-heap-overflow.patch" - "libarchive-fix-symlink-check.patch" - "libarchive-fix-filesystem-attacks.patch" - "libarchive-safe_fprintf-buffer-overflow.patch")) (sha256 (base32 - "1lngng84k1kkljl74q0cdqc3s82vn2kimfm02dgm4d6m7x71mvkj")))) + "03q6y428rg723c9fj1vidzjw46w1vf8z0h95lkvz1l9jw571j739")))) (build-system gnu-build-system) ;; TODO: Add -L/path/to/nettle in libarchive.pc. (inputs diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index c75e038289..93b598f808 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -78,14 +78,14 @@ command-line arguments, multiple languages, and so on.") (define-public grep (package (name "grep") - (version "2.25") + (version "2.27") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/grep/grep-" version ".tar.xz")) (sha256 (base32 - "0c38b67cnwchwzv4wq2gpz6smkhdxrac2hhssv8f0l04qnx867p2")) + "1syadppgpxpfhpwhhqcsibrn131azypzps5aicx1qjh74d6w8k5d")) (patches (search-patches "grep-timing-sensitive-test.patch")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) ;some of the tests require it @@ -118,30 +118,32 @@ including, for example, recursive directory searching.") (define-public sed (package (name "sed") - (version "4.2.2") + (version "4.3") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/sed/sed-" version - ".tar.bz2")) + ".tar.xz")) (sha256 (base32 - "1myvrmh99jsvk7v3d7crm0gcrq51hmmm1r2kjyyci152in1x2j7h")) - (patches (search-patches "sed-hurd-path-max.patch")))) + "1anhdgah8h423hlmn9hwzxzr7hjbqjm6hxq3z1p7p7nf8640vhj7")))) (build-system gnu-build-system) (synopsis "Stream editor") (arguments (if (%current-target-system) '() - `(#:phases (alist-cons-before - 'patch-source-shebangs 'patch-test-suite - (lambda* (#:key inputs #:allow-other-keys) - (let ((bash (assoc-ref inputs "bash"))) - (patch-makefile-SHELL "testsuite/Makefile.tests") - (substitute* '("testsuite/bsd.sh" - "testsuite/bug-regex9.c") - (("/bin/sh") - (string-append bash "/bin/bash"))))) - %standard-phases)))) + `(#:phases + (modify-phases %standard-phases + (add-before 'patch-source-shebangs 'patch-test-suite + (lambda* (#:key inputs #:allow-other-keys) + (let ((bash (assoc-ref inputs "bash"))) + (patch-makefile-SHELL "testsuite/Makefile.tests") + (substitute* '("testsuite/bsd.sh" + "testsuite/bug-regex9.c") + (("/bin/sh") + (string-append bash "/bin/sh"))) + #t))))))) + (native-inputs + `(("perl" ,perl))) ; for build-aux/help2man (description "Sed is a non-interactive, text stream editor. It receives a text input from a file or from standard input and it then applies a series of text @@ -149,7 +151,7 @@ editing commands to the stream and prints its output to standard output. It is often used for substituting text patterns in a stream. The GNU implementation offers several extensions over the standard utility.") (license gpl3+) - (home-page "http://www.gnu.org/software/sed/"))) + (home-page "https://www.gnu.org/software/sed/"))) (define-public tar (package @@ -162,7 +164,8 @@ implementation offers several extensions over the standard utility.") (sha256 (base32 "097hx7sbzp8qirl4m930lw84kn0wmxhmq7v1qpra3mrg0b8cyba0")) - (patches (search-patches "tar-skip-unreliable-tests.patch")))) + (patches (search-patches "tar-CVE-2016-6321.patch" + "tar-skip-unreliable-tests.patch")))) (build-system gnu-build-system) ;; Note: test suite requires ~1GiB of disk space. (arguments @@ -277,14 +280,14 @@ used to apply commands with arbitrarily long arguments.") (define-public coreutils (package (name "coreutils") - (version "8.25") + (version "8.26") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/coreutils/coreutils-" version ".tar.xz")) (sha256 (base32 - "11yfrnb94xzmvi4lhclkcmkqsbhww64wf234ya1aacjvg82prrii")))) + "13lspazc7xkviy93qz7ks9jv4sldvgmwpq36ghrbrqpq93br8phm")))) (build-system gnu-build-system) (inputs `(("acl" ,acl) ; TODO: add SELinux ("gmp" ,gmp) ;bignums in 'expr', yay! @@ -715,7 +718,21 @@ with the Linux kernel.") ;; Use the right 'pwd'. (substitute* "configure" (("/bin/pwd") "pwd"))) - ,original-phases))) + (alist-replace + 'build + (lambda _ + ;; Force mach/hurd/libpthread subdirs to build first in order to avoid + ;; linking errors. + ;; See <https://lists.gnu.org/archive/html/bug-hurd/2016-11/msg00045.html> + (let ((-j (list "-j" (number->string (parallel-job-count))))) + (let-syntax ((make (syntax-rules () + ((_ target) + (zero? (apply system* "make" target -j)))))) + (and (make "mach/subdir_lib") + (make "hurd/subdir_lib") + (make "libpthread/subdir_lib") + (zero? (apply system* "make" -j)))))) + ,original-phases)))) ((#:configure-flags original-configure-flags) `(append (list "--host=i586-pc-gnu" diff --git a/gnu/packages/bash.scm b/gnu/packages/bash.scm index d328d711d1..90b6c3f17e 100644 --- a/gnu/packages/bash.scm +++ b/gnu/packages/bash.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2015 Leo Famulari <leo@famulari.name> +;;; Copyright © 2016 Efraim Flashenr <efraim@flashner.co.il> ;;; ;;; This file is part of GNU Guix. ;;; @@ -38,7 +39,7 @@ (define (patch-url seqno) "Return the URL of Bash patch number SEQNO." - (format #f "mirror://gnu/bash/bash-4.3-patches/bash43-~3,'0d" seqno)) + (format #f "mirror://gnu/bash/bash-4.4-patches/bash44-~3,'0d" seqno)) (define (bash-patch seqno sha256) "Return the origin of Bash patch SEQNO, with expected hash SHA256" @@ -54,7 +55,12 @@ (define %patch-series-4.4 ;; This is the current patches series for 4.4, generated using ;; 'download-patches' below. - (patch-series)) + (patch-series + (1 "03vzy7qwjdd5qvl3ydg99naazas2qmyd0yhnrflgjbbm64axja1y") + (2 "0lrwq6vyqism3yqv9s7kzaf3dsl4q5w9r5svcqz279qp7qca083h") + (3 "1chqww2rj6g42b8s60q5zlzy0jzp684jkpsbrbfy1vzxja8mmpsi") + (4 "1cy8abf96hkrjhw921ndr0shlcnc52bg45rn6xri4v5clhq0l25d") + (5 "0a8515kyk4zsgmvlqvlganjfr7pq0j6kzpr4d6xx02kpbdr4n7i2"))) (define (download-patches store count) "Download COUNT Bash patches into store. Return a list of diff --git a/gnu/packages/bdw-gc.scm b/gnu/packages/bdw-gc.scm index 992a11bac0..b9732374d7 100644 --- a/gnu/packages/bdw-gc.scm +++ b/gnu/packages/bdw-gc.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2012, 2013, 2014, 2016 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org> +;;; Copyright © 2016 Leo Famulari <leo@famulari.name> ;;; ;;; This file is part of GNU Guix. ;;; @@ -24,24 +25,23 @@ #:use-module (guix build-system gnu) #:use-module (gnu packages pkg-config)) -(define-public libgc-7.2 +(define-public libgc (package (name "libgc") - (version "7.2f") + (version "7.6.0") (source (origin (method url-fetch) (uri (string-append "http://www.hboehm.info/gc/gc_source/gc-" version ".tar.gz")) (sha256 (base32 - "119x7p1cqw40mpwj80xfq879l9m1dkc7vbc1f3bz3kvkf8bf6p16")))) + "143x7g0d0k6250ai6m2x3l4y352mzizi4wbgrmahxscv2aqjhjm1")))) (build-system gnu-build-system) (arguments - ;; Make it so that we don't rely on /proc. This is especially useful in - ;; an initrd run before /proc is mounted. - '(#:configure-flags '("CPPFLAGS=-DUSE_LIBC_PRIVATES" - ;; Install gc_cpp.h et al. + '(#:configure-flags '(;; Install gc_cpp.h et al. "--enable-cplusplus"))) + (native-inputs `(("pkg-config" ,pkg-config))) + (inputs `(("libatomic-ops" ,libatomic-ops))) (outputs '("out" "debug")) (synopsis "The Boehm-Demers-Weiser conservative garbage collector for C and C++") @@ -67,7 +67,7 @@ C or C++ programs, though that is not its primary goal.") (define-public libatomic-ops (package (name "libatomic-ops") - (version "7.4.2") + (version "7.4.4") (source (origin (method url-fetch) (uri (string-append @@ -75,7 +75,7 @@ C or C++ programs, though that is not its primary goal.") version ".tar.gz")) (sha256 (base32 - "1pdm0h1y7bgkczr8byg20r6bq15m5072cqm5pny4f9crc9gn3yh4")))) + "13vg5fqwil17zpf4hj4h8rh3blzmym693lkdjgvwpgni1mh0l8dz")))) (build-system gnu-build-system) (outputs '("out" "debug")) (synopsis "Accessing hardware atomic memory update operations") @@ -88,21 +88,3 @@ lock-free code, experiment with thread programming paradigms, etc.") ;; Some source files are X11-style, others are GPLv2+. (license gpl2+))) - -(define-public libgc - (package (inherit libgc-7.2) - (version "7.4.2") - (source (origin - (method url-fetch) - (uri (string-append "http://www.hboehm.info/gc/gc_source/gc-" - version ".tar.gz")) - (sha256 - (base32 - "18mg28rr6kwr5clc65k4l4hkyy4kd16amx831sjf8q2lqkbhlck3")))) - - ;; New dependencies. - (native-inputs `(("pkg-config" ,pkg-config))) - (inputs `(("libatomic-ops" ,libatomic-ops))) - - ;; 'USE_LIBC_PRIVATES' is now the default. - (arguments '(#:configure-flags '("--enable-cplusplus"))))) diff --git a/gnu/packages/bootstrap.scm b/gnu/packages/bootstrap.scm index dd922c3ae4..c4a3fc3e7c 100644 --- a/gnu/packages/bootstrap.scm +++ b/gnu/packages/bootstrap.scm @@ -168,6 +168,7 @@ successful, or false to signal an error." ((string=? system "i586-gnu") "/lib/ld.so.1") ((string=? system "i686-gnu") "/lib/ld.so.1") ((string=? system "aarch64-linux") "/lib/ld-linux-aarch64.so.1") + ((string=? system "powerpc-linux") "/lib/ld.so.1") ;; XXX: This one is used bare-bones, without a libc, so add a case ;; here just so we can keep going. diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm index 7df1d3fca9..273e3ca808 100644 --- a/gnu/packages/commencement.scm +++ b/gnu/packages/commencement.scm @@ -172,6 +172,26 @@ ,cf))))) (inputs %boot0-inputs)))) +(define libstdc++-boot0 + ;; GCC's libcc1 is always built as a shared library (the top-level + ;; 'Makefile.def' forcefully adds --enable-shared) and thus needs to refer + ;; to libstdc++.so. We cannot build libstdc++-5.3 because it relies on + ;; C++14 features missing in our bootstrap compiler. + (let ((lib (package-with-bootstrap-guile (make-libstdc++ gcc-4.9)))) + (package + (inherit lib) + (name "libstdc++-boot0") + (arguments + `(#:guile ,%bootstrap-guile + #:implicit-inputs? #f + + ;; XXX: libstdc++.so NEEDs ld.so for some reason. + #:validate-runpath? #f + + ,@(package-arguments lib))) + (inputs %boot0-inputs) + (native-inputs '())))) + (define gcc-boot0 (package-with-bootstrap-guile (package (inherit gcc) @@ -257,6 +277,9 @@ ("mpc-source" ,(package-source mpc)) ("binutils-cross" ,binutils-boot0) + ;; The libstdc++ that libcc1 links against. + ("libstdc++" ,libstdc++-boot0) + ;; Call it differently so that the builder can check whether ;; the "libc" input is #f. ("libc-native" ,@(assoc-ref %boot0-inputs "libc")) @@ -987,10 +1010,10 @@ and binaries, plus debugging symbols in the 'debug' output), and Binutils.") (gcc-toolchain gcc-4.8)) (define-public gcc-toolchain-4.9 - (gcc-toolchain gcc-final)) + (gcc-toolchain gcc-4.9)) (define-public gcc-toolchain-5 - (gcc-toolchain gcc-5)) + (gcc-toolchain gcc-final)) (define-public gcc-toolchain-6 (gcc-toolchain gcc-6)) diff --git a/gnu/packages/cross-base.scm b/gnu/packages/cross-base.scm index a3dfb8f477..47e0958193 100644 --- a/gnu/packages/cross-base.scm +++ b/gnu/packages/cross-base.scm @@ -281,7 +281,7 @@ GCC that does not target a libc; otherwise, target that libc." (setenv "ARCH" ,(system->linux-architecture target)) (format #t "`ARCH' set to `~a' (cross compiling)~%" (getenv "ARCH")) - (and (zero? (system* "make" "defconfig")) + (and (zero? (system* "make" ,(system->defconfig target))) (zero? (system* "make" "mrproper" "headers_check")))) ,phases)))) (native-inputs `(("cross-gcc" ,xgcc) diff --git a/gnu/packages/cyrus-sasl.scm b/gnu/packages/cyrus-sasl.scm index 89a4a49797..3c6a87828a 100644 --- a/gnu/packages/cyrus-sasl.scm +++ b/gnu/packages/cyrus-sasl.scm @@ -31,7 +31,6 @@ (define-public cyrus-sasl (package (name "cyrus-sasl") - (replacement cyrus-sasl/fixed) (version "2.1.26") (source (origin (method url-fetch) @@ -41,6 +40,7 @@ (string-append "ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-" version ".tar.gz"))) + (patches (search-patches "cyrus-sasl-CVE-2013-4122.patch")) (sha256 (base32 "1hvvbcsg21nlncbgs0cgn3iwlnb3vannzwsp6rwvnn9ba4v53g4g")))) (build-system gnu-build-system) @@ -66,10 +66,3 @@ server writers.") (license (license:non-copyleft "file://COPYING" "See COPYING in the distribution.")) (home-page "http://cyrusimap.web.cmu.edu"))) - -(define cyrus-sasl/fixed - (package - (inherit cyrus-sasl) - (source (origin - (inherit (package-source cyrus-sasl)) - (patches (search-patches "cyrus-sasl-CVE-2013-4122.patch")))))) diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm index e05a337e47..c5e8599028 100644 --- a/gnu/packages/databases.scm +++ b/gnu/packages/databases.scm @@ -507,12 +507,9 @@ for example from a shell script.") (define-public sqlite (package (name "sqlite") - (version "3.14.1") + (version "3.15.2") (source (origin (method url-fetch) - ;; TODO: Download from sqlite.org once this bug : - ;; http://lists.gnu.org/archive/html/bug-guile/2013-01/msg00027.html - ;; has been fixed. (uri (let ((numeric-version (match (string-split version #\.) ((first-digit other-digits ...) @@ -522,23 +519,11 @@ for example from a shell script.") (map (cut string-pad <> 2 #\0) other-digits)) 6 #\0)))))) - (list - (string-append - "https://fossies.org/linux/misc/sqlite-autoconf-" - numeric-version ".tar.gz") - (string-append - "http://distfiles.gentoo.org/distfiles/" - "/sqlite-autoconf-" numeric-version ".tar.gz")) - - ;; XXX: As of 2015-09-08, SourceForge is squatting the URL - ;; below, returning 200 and showing an advertising page. - ;; (string-append - ;; "mirror://sourceforge/sqlite.mirror/SQLite%20" version - ;; "/sqlite-autoconf-" numeric-version ".tar.gz") - )) + (string-append "https://sqlite.org/2016/sqlite-autoconf-" + numeric-version ".tar.gz"))) (sha256 (base32 - "19j73j44akqgc6m82wm98yvnmm3mfzmfqr8mp3n7n080d53q4wdw")))) + "0j9i1zrwxc7dfd6xr3xagal3incrlalsrk96havnas1qp5im1cq7")))) (build-system gnu-build-system) (inputs `(("readline" ,readline))) (arguments @@ -549,7 +534,7 @@ for example from a shell script.") (list (string-append "CFLAGS=-O2 -DSQLITE_SECURE_DELETE " "-DSQLITE_ENABLE_UNLOCK_NOTIFY " "-DSQLITE_ENABLE_DBSTAT_VTAB")))) - (home-page "http://www.sqlite.org/") + (home-page "https://www.sqlite.org/") (synopsis "The SQLite database management system") (description "SQLite is a software library that implements a self-contained, serverless, @@ -558,26 +543,6 @@ widely deployed SQL database engine in the world. The source code for SQLite is in the public domain.") (license public-domain))) -(define-public sqlite-3.15.1 - (package (inherit sqlite) - (version "3.15.1") - (source (origin - (method url-fetch) - (uri (let ((numeric-version - (match (string-split version #\.) - ((first-digit other-digits ...) - (string-append first-digit - (string-pad-right - (string-concatenate - (map (cut string-pad <> 2 #\0) - other-digits)) - 6 #\0)))))) - (string-append "https://sqlite.org/2016/sqlite-autoconf-" - numeric-version ".tar.gz"))) - (sha256 - (base32 - "1ig2d9jzzixiifmgqsl6kjcvy17jwxby3s24gfnc5qvyd6vqkyjx")))))) - (define-public tdb (package (name "tdb") diff --git a/gnu/packages/flex.scm b/gnu/packages/flex.scm index c1f74d65ad..d9abbfa4e2 100644 --- a/gnu/packages/flex.scm +++ b/gnu/packages/flex.scm @@ -24,6 +24,7 @@ #:use-module (guix build-system gnu) #:use-module (gnu packages) #:use-module (gnu packages m4) + #:use-module (gnu packages man) #:use-module (gnu packages bison) #:use-module (gnu packages indent) #:use-module (srfi srfi-1)) @@ -31,29 +32,32 @@ (define-public flex (package (name "flex") - (version "2.6.0") + (version "2.6.2") (source (origin - (method url-fetch) - (uri (string-append "mirror://sourceforge/flex/flex-" - version ".tar.bz2")) - (patches (search-patches "flex-CVE-2016-6354.patch")) - (sha256 - (base32 - "1sdqx63yadindzafrq1w31ajblf9gl1c301g068s20s7bbpi3ri4")))) + (method url-fetch) + (uri (string-append + "https://github.com/westes/flex" + "/releases/download/v" version "/" + "flex-" version ".tar.gz")) + (sha256 + (base32 + "1jdjghh1qjq3z7snphshcak6p07gch2n4215vjvrkism25x460cs")))) (build-system gnu-build-system) (inputs (let ((bison-for-tests ;; Work around an incompatibility with Bison 3.0: ;; <http://lists.gnu.org/archive/html/bug-bison/2013-09/msg00014.html>. - (package (inherit bison) + (package + (inherit bison) (version "2.7.1") (source (origin - (method url-fetch) - (uri (string-append "mirror://gnu/bison/bison-" - version ".tar.xz")) - (sha256 - (base32 - "1yx7isx67sdmyijvihgyra1f59fwdz7sqriginvavfj5yb5ss2dl")))) + (method url-fetch) + (uri (string-append + "mirror://gnu/bison/" + "bison-" version ".tar.xz")) + (sha256 + (base32 + "1yx7isx67sdmyijvihgyra1f59fwdz7sqriginvavfj5yb5ss2dl")))) ;; Unlike Bison 3.0, this version did not need Flex for its ;; tests, so it allows us to break the cycle. @@ -61,9 +65,11 @@ `(("bison" ,bison-for-tests) ("indent" ,indent)))) ;; m4 is not present in PATH when cross-building - (native-inputs `(("m4" ,m4))) + (native-inputs + `(("help2man" ,help2man) + ("m4" ,m4))) (propagated-inputs `(("m4" ,m4))) - (home-page "http://flex.sourceforge.net/") + (home-page "https://github.com/westes/flex") (synopsis "Fast lexical analyser generator") (description "Flex is a tool for generating scanners. A scanner, sometimes @@ -78,23 +84,4 @@ is run, it analyzes its input for occurrences of text matching the regular expressions for each rule. Whenever it finds a match, it executes the corresponding C code.") (license (non-copyleft "file://COPYING" - "See COPYING in the distribution.")))) - -(define-public flex-2.6.1 - ;; The kservice and solid packages use flex. extra-cmake-modules - ;; forces C89 for all C files for compatibility with windows. - ;; Flex 2.6.0 generates a lexer containing a single line comment. Single - ;; line comments are part of the C99 standard, so the lexer won't compile - ;; if C89 is used. - (package - (inherit flex) - (version "2.6.1") - (source (origin - (method url-fetch) - (uri (string-append - "https://github.com/westes/flex" - "/releases/download/v" version "/" - "flex-" version ".tar.gz")) - (sha256 - (base32 - "0fy14c35yz2m1n1m4f02by3501fn0cca37zn7jp8lpp4b3kgjhrw")))))) + "See COPYING in the distribution.")))) diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm index 60cff2e330..1ffb427529 100644 --- a/gnu/packages/fontutils.scm +++ b/gnu/packages/fontutils.scm @@ -46,13 +46,13 @@ (define-public freetype (package (name "freetype") - (version "2.6.3") + (version "2.7") (source (origin (method url-fetch) (uri (string-append "mirror://savannah/freetype/freetype-" version ".tar.bz2")) (sha256 (base32 - "18k3b026762lmyrxfil5xv8qwnvj7hc12gz9bjqzbb12lmx707ip")))) + "0j3xgzn6pchgg1nm294vhx7cdicb7x3x8kwnlcm7v1alnzsm396n")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) @@ -69,7 +69,7 @@ It supports both bitmap and scalable formats, including TrueType, OpenType, Type1, CID, CFF, Windows FON/FNT, X11 PCF, and others. It supports high-speed anti-aliased glyph bitmap generation with 256 gray levels.") (license license:freetype) ; some files have other licenses - (home-page "http://www.freetype.org/"))) + (home-page "https://www.freetype.org/"))) (define-public ttfautohint (package diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm index cfd33f85ab..206c67ed99 100644 --- a/gnu/packages/gcc.scm +++ b/gnu/packages/gcc.scm @@ -4,6 +4,7 @@ ;;; Copyright © 2014, 2015, 2016 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr> ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il> +;;; Copyright © 2016 Carlos Sánchez de La Lama <csanchezdll@gmail.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -211,7 +212,7 @@ where the OS part is overloaded to denote a specific ABI---into GCC ;; Fix the dynamic linker's file name. (substitute* (find-files "gcc/config" - "^(linux|gnu)(64|-elf|-eabi)?\\.h$") + "^(linux|gnu|sysv4)(64|-elf|-eabi)?\\.h$") (("#define GLIBC_DYNAMIC_LINKER([^ ]*).*$" _ suffix) (format #f "#define GLIBC_DYNAMIC_LINKER~a \"~a\"~%" suffix @@ -240,7 +241,21 @@ where the OS part is overloaded to denote a specific ABI---into GCC (format #f "#define STANDARD_STARTFILE_PREFIX_1 \"~a/lib\" #define STANDARD_STARTFILE_PREFIX_2 \"\" ~a" - libc line)))) + libc line))) + + ;; The rs6000 (a.k.a. powerpc) config in GCC does not use + ;; GNU_USER_* defines. Do the above for this case. + (substitute* + "gcc/config/rs6000/sysv4.h" + (("#define LIB_LINUX_SPEC (.*)$" _ suffix) + (format #f "#define LIB_LINUX_SPEC \ +\"-L~a/lib %{!static:-rpath=~a/lib %{!static-libgcc:-rpath=~a/lib -lgcc_s}} \" ~a" + libc libc libdir suffix)) + (("#define STARTFILE_LINUX_SPEC.*$" line) + (format #f "#define STANDARD_STARTFILE_PREFIX_1 \"~a/lib\" +#define STANDARD_STARTFILE_PREFIX_2 \"\" +~a" + libc line)))) ;; Don't retain a dependency on the build-time sed. (substitute* "fixincludes/fixincl.x" @@ -358,7 +373,8 @@ Go. It also includes runtime support libraries for these languages.") (sha256 (base32 "0fihlcy5hnksdxk0sn6bvgnyq8gfrgs8m794b1jxwd1dxinzg3b0")) - (patches (search-patches "gcc-strmov-store-file-names.patch" + (patches (search-patches "gcc-arm-bug-71399.patch" + "gcc-strmov-store-file-names.patch" "gcc-5.0-libvtv-runpath.patch")))))) (define-public gcc-6 @@ -377,7 +393,7 @@ Go. It also includes runtime support libraries for these languages.") ;; Note: When changing the default gcc version, update ;; the gcc-toolchain-* definitions accordingly. -(define-public gcc gcc-4.9) +(define-public gcc gcc-5) (define-public (make-libstdc++ gcc) "Return a libstdc++ package based on GCC. The primary use case is when diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index 56fba45e3a..151952663b 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -58,7 +58,7 @@ (define-public libgpg-error (package (name "libgpg-error") - (version "1.24") + (version "1.25") (source (origin (method url-fetch) @@ -66,7 +66,7 @@ version ".tar.bz2")) (sha256 (base32 - "0h75sf1ngr750c3fjfn4583q7wz40qm63jhg8vjfdrbx936f2s4j")))) + "031jc5196fdcxn2g61i1pdabvdbxxcdi4j7jbaq3hfs38dcgfa7n")))) (build-system gnu-build-system) (home-page "https://gnupg.org") (synopsis "Library of error values for GnuPG components") @@ -82,14 +82,14 @@ Daemon and possibly more in the future.") (define-public libgcrypt (package (name "libgcrypt") - (version "1.7.3") + (version "1.7.5") (source (origin (method url-fetch) (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-" version ".tar.bz2")) (sha256 (base32 - "0wbh6fq5zi9wg2xcfvfpwh7dv52jihivx1vm4h91c2kx0w8n3b6x")))) + "0078pbzm6nlgvnwlylshsg707ifcmfpnpbvhlhqbpwpfic9a9zni")))) (build-system gnu-build-system) (propagated-inputs `(("libgpg-error-host" ,libgpg-error))) diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm index 9458ab714f..a408f8f9aa 100644 --- a/gnu/packages/guile.scm +++ b/gnu/packages/guile.scm @@ -133,15 +133,15 @@ without requiring the source code to be rewritten.") (define-public guile-2.0 (package (name "guile") - (version "2.0.12") - (replacement guile-2.0.13) ;CVE-2016-8606 and CVE-2016-8605 + (version "2.0.13") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/guile/guile-" version ".tar.xz")) (sha256 (base32 - "1sdpjq0jf1h65w29q0zprj4x6kdp5jskkvbnlwphy9lvdxrqg0fy")))) + "12yqkr974y91ylgw6jnmci2v90i90s7h9vxa4zk0sai8vjnz4i1p")) + (patches (search-patches "guile-repl-server-test.patch")))) (build-system gnu-build-system) (native-inputs `(("pkgconfig" ,pkg-config))) (inputs `(("libffi" ,libffi) @@ -214,19 +214,6 @@ without requiring the source code to be rewritten.") (properties '((hidden? . #t))) ;people should install 'guile-2.0' (replacement #f))) -(define guile-2.0.13 - (package - (inherit guile-2.0) - (version "2.0.13") - (source (origin - (method url-fetch) - (uri (string-append "mirror://gnu/guile/guile-" version - ".tar.xz")) - (sha256 - (base32 - "12yqkr974y91ylgw6jnmci2v90i90s7h9vxa4zk0sai8vjnz4i1p")) - (patches (search-patches "guile-repl-server-test.patch")))))) - (define-public guile-next (package (inherit guile-2.0) (name "guile-next") diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm index 13723bf585..d842f03b4e 100644 --- a/gnu/packages/icu4c.scm +++ b/gnu/packages/icu4c.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr> ;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org> +;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> ;;; ;;; This file is part of GNU Guix. ;;; @@ -28,20 +29,17 @@ (define-public icu4c (package (name "icu4c") - (version "55.1") + (version "58.2") (source (origin (method url-fetch) (uri (string-append - "mirror://sourceforge/icu/ICU4C/" + "http://download.icu-project.org/files/icu4c/" version "/icu4c-" (string-map (lambda (x) (if (char=? x #\.) #\_ x)) version) "-src.tgz")) (sha256 - (base32 "0ys5f5spizg45qlaa31j2lhgry0jka2gfha527n4ndfxxz5j4sz1")) - (patches (search-patches "icu4c-CVE-2014-6585.patch" - "icu4c-CVE-2015-1270.patch" - "icu4c-CVE-2015-4760.patch")))) + (base32 "036shcb3f8bm1lynhlsb4kpjm9s9c2vdiir01vg216rs2l8482ib")))) (build-system gnu-build-system) (inputs `(("perl" ,perl))) @@ -55,18 +53,9 @@ '("--with-data-packaging=archive") '())) #:phases - (alist-cons-after - 'unpack 'chdir-to-source - (lambda _ (chdir "source")) - (alist-cons-before - 'configure 'patch-configure - (lambda _ - ;; patch out two occurrences of /bin/sh from configure script - ;; that might have disappeared in a release later than 54.1 - (substitute* "configure" - (("`/bin/sh") - (string-append "`" (which "bash"))))) - %standard-phases)))) + (modify-phases %standard-phases + (add-after 'unpack 'chdir-to-source + (lambda _ (chdir "source") #t))))) (synopsis "International Components for Unicode") (description "ICU is a set of C/C++ and Java libraries providing Unicode and diff --git a/gnu/packages/kde-frameworks.scm b/gnu/packages/kde-frameworks.scm index 94145fb95d..a7f2cabbc4 100644 --- a/gnu/packages/kde-frameworks.scm +++ b/gnu/packages/kde-frameworks.scm @@ -1117,11 +1117,7 @@ which are used in DBus communication.") (native-inputs `(("bison" ,bison) ("extra-cmake-modules" ,extra-cmake-modules) - ;; extra-cmake-modules forces C89 for all C files for compatibility with - ;; Windows. Flex 2.6.0 generates a lexer containing a single line - ;; comment. Single line comments are part of the C99 standard, so the - ;; lexer won't compile if C89 is used. - ("flex" ,flex-2.6.1) + ("flex" ,flex) ("qttools" ,qttools))) (inputs `(("qtbase" ,qtbase) @@ -2535,11 +2531,7 @@ typed.") (native-inputs `(("bison" ,bison) ("extra-cmake-modules" ,extra-cmake-modules) - ;; extra-cmake-modules forces C89 for all C files for compatibility with - ;; Windows. Flex 2.6.0 generates a lexer containing a single line - ;; comment. Single line comments are part of the C99 standard, so the - ;; lexer won't compile if C89 is used. - ("flex" ,flex-2.6.1))) + ("flex" ,flex))) (inputs `(("kcrash" ,kcrash) ("kdbusaddons" ,kdbusaddons) diff --git a/gnu/packages/libunistring.scm b/gnu/packages/libunistring.scm index a9779d4ffd..212bec4b49 100644 --- a/gnu/packages/libunistring.scm +++ b/gnu/packages/libunistring.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2012, 2013, 2014 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org> +;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org> ;;; ;;; This file is part of GNU Guix. @@ -28,15 +29,15 @@ (define-public libunistring (package (name "libunistring") - (version "0.9.6") + (version "0.9.7") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/libunistring/libunistring-" - version ".tar.gz")) + version ".tar.xz")) (sha256 (base32 - "0ixxmgpgh2v8ifm6hbwsjxl023myk3dfnj7wnvmqjivza31fw9cn")))) + "15z76qrmrvkc3c6hfq2lzzqysgd21s682f2smycfab5g598n8drf")))) (propagated-inputs (libiconv-if-needed)) (build-system gnu-build-system) (arguments @@ -49,5 +50,5 @@ "GNU libunistring is a library providing functions to manipulate Unicode strings and for manipulating C strings according to the Unicode standard.") - (home-page "http://www.gnu.org/software/libunistring/") - (license lgpl3+))) + (home-page "https://www.gnu.org/software/libunistring/") + (license (list lgpl3+ gpl2)))) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 0c191629ce..5e450a72a7 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -17,6 +17,7 @@ ;;; Copyright © 2016 John Darrington <jmd@gnu.org> ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2016 Rene Saavedra <rennes@openmailbox.org> +;;; Copyright © 2016 Carlos Sánchez de La Lama <csanchezdll@gmail.com> ;;; Copyright © 2016 ng0 <ng0@libertad.pw> ;;; ;;; This file is part of GNU Guix. @@ -101,6 +102,13 @@ ((string-prefix? "aarch64" arch) "arm64") (else arch)))) +(define-public (system->defconfig system) + "Some systems (notably powerpc-linux) require a special target for kernel +defconfig. Return the appropiate make target if applicable, otherwise return +\"defconfig\"." + (cond ((string-prefix? "powerpc-" system) "pmac32_defconfig") + (else "defconfig"))) + (define (linux-libre-urls version) "Return a list of URLs for Linux-Libre VERSION." (list (string-append @@ -140,11 +148,13 @@ (lambda _ (let ((arch ,(system->linux-architecture (or (%current-target-system) - (%current-system))))) + (%current-system)))) + (defconfig ,(system->defconfig + (or (%current-target-system) + (%current-system))))) (setenv "ARCH" arch) (format #t "`ARCH' set to `~a'~%" (getenv "ARCH")) - - (and (zero? (system* "make" "defconfig")) + (and (zero? (system* "make" defconfig)) (zero? (system* "make" "mrproper" "headers_check")))))) (replace 'install (lambda* (#:key outputs #:allow-other-keys) @@ -453,7 +463,7 @@ providing the system administrator with some help in common tasks.") (define-public util-linux (package (name "util-linux") - (version "2.28.1") + (version "2.28.2") (source (origin (method url-fetch) (uri (string-append "mirror://kernel.org/linux/utils/" @@ -461,7 +471,7 @@ providing the system administrator with some help in common tasks.") name "-" version ".tar.xz")) (sha256 (base32 - "03xnaw3c7pavxvvh1vnimcr44hlhhf25whawiyv8dxsflfj4xkiy")) + "1kgh16j3ywzf5gdz4vq6v3dyc5qsi377p11clj9xxgi0dwa3g7dq")) (patches (search-patches "util-linux-tests.patch")) (modules '((guix build utils))) (snippet @@ -477,7 +487,7 @@ providing the system administrator with some help in common tasks.") "static")) ; >2 MiB of static .a libraries (arguments `(#:configure-flags (list "--disable-use-tty-group" - + "--enable-fs-paths-default=/run/current-system/profile/sbin" ;; Install completions where our ;; bash-completion package expects them. (string-append "--with-bashcompletiondir=" @@ -1156,7 +1166,7 @@ advanced aspects of IP configuration (iptunnel, ipmaddr).") (define-public libcap (package (name "libcap") - (version "2.24") + (version "2.25") (source (origin (method url-fetch) (uri (string-append @@ -1164,7 +1174,7 @@ advanced aspects of IP configuration (iptunnel, ipmaddr).") "libcap2/libcap-" version ".tar.xz")) (sha256 (base32 - "0rbc9qbqs5bp9am9s9g83wxj5k4ixps2agy9dxr1v1fwg27mdr6f")))) + "0qjiqc5pknaal57453nxcbz3mn1r4hkyywam41wfcglq3v2qlg39")))) (build-system gnu-build-system) (arguments '(#:phases (modify-phases %standard-phases diff --git a/gnu/packages/m4.scm b/gnu/packages/m4.scm index d1ba928768..6ad00f8a58 100644 --- a/gnu/packages/m4.scm +++ b/gnu/packages/m4.scm @@ -26,14 +26,14 @@ (define-public m4 (package (name "m4") - (version "1.4.17") + (version "1.4.18") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/m4/m4-" - version ".tar.bz2")) + version ".tar.xz")) (sha256 (base32 - "0w0da1chh12mczxa5lnwzjk9czi3dq6gnnndbpa6w4rj76b1yklf")))) + "01sfjd5a4waqw83bibvmn522g69qfqvwig9i2qlgy154l1nfihgj")))) (build-system gnu-build-system) (arguments `(;; Explicitly disable tests when cross-compiling, otherwise 'make check' diff --git a/gnu/packages/make-bootstrap.scm b/gnu/packages/make-bootstrap.scm index e5c614cee7..d2a559c084 100644 --- a/gnu/packages/make-bootstrap.scm +++ b/gnu/packages/make-bootstrap.scm @@ -416,8 +416,9 @@ for `sh' in $PATH, and without nscd, and with static NSS modules." ;; the 'pre-configure phase of our main gcc package, because ;; that shared library is not present in this static gcc. See ;; <https://lists.gnu.org/archive/html/guix-devel/2015-01/msg00008.html>. - (substitute* (find-files "gcc/config" - "^gnu-user.*\\.h$") + (substitute* (cons "gcc/config/rs6000/sysv4.h" + (find-files "gcc/config" + "^gnu-user.*\\.h$")) ((" -lgcc_s}}") "}}"))) ,phases))))) (native-inputs diff --git a/gnu/packages/mit-krb5.scm b/gnu/packages/mit-krb5.scm index 3299c7b5c4..87fe57dc4b 100644 --- a/gnu/packages/mit-krb5.scm +++ b/gnu/packages/mit-krb5.scm @@ -32,7 +32,7 @@ (define-public mit-krb5 (package (name "mit-krb5") - (version "1.14.3") + (version "1.14.4") (source (origin (method url-fetch) (uri (string-append "http://web.mit.edu/kerberos/dist/krb5/" @@ -40,7 +40,7 @@ "/krb5-" version ".tar.gz")) (sha256 (base32 - "1jgjiyh1sp72lkxvk437lz5hzcibvw99jc4ihzfz03fg43aj0ind")))) + "158bgq9xcg5ljgzia1880ak7m9g6vf2r009rzdqif5n9h111m9h3")))) (build-system gnu-build-system) (native-inputs `(("bison" ,bison) diff --git a/gnu/packages/multiprecision.scm b/gnu/packages/multiprecision.scm index 36e35ca00c..b6d2d7f4af 100644 --- a/gnu/packages/multiprecision.scm +++ b/gnu/packages/multiprecision.scm @@ -32,7 +32,7 @@ (define-public gmp (package (name "gmp") - (version "6.1.1") + (version "6.1.2") (source (origin (method url-fetch) (uri @@ -40,7 +40,7 @@ version ".tar.xz")) (sha256 (base32 - "0cg84n482gcvl0s4xq4wgwsk4r0x0m8dnzpizwqdd2j8vw2rqvnk")) + "04hrwahdxyqdik559604r7wrj9ffklwvipgfxgj4ys4skbl6bdc7")) (patches (search-patches "gmp-faulty-test.patch")))) (build-system gnu-build-system) (native-inputs `(("m4" ,m4))) @@ -87,13 +87,13 @@ cryptography and computational algebra.") (define-public mpfr (package (name "mpfr") - (version "3.1.4") + (version "3.1.5") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/mpfr/mpfr-" version ".tar.xz")) (sha256 (base32 - "1x8pcnpn1vxfzfsr0js07rwhwyq27fmdzcfjpzi5773ldnqi653n")))) + "1g32l2fg8f62lcyzzh88y3fsh6rk539qc6ahhdgvx7wpnf1dwpq1")))) (build-system gnu-build-system) (outputs '("out" "debug")) (propagated-inputs `(("gmp" ,gmp))) ; <mpfr.h> refers to <gmp.h> diff --git a/gnu/packages/ncurses.scm b/gnu/packages/ncurses.scm index 6949e1e03f..d725a71c0d 100644 --- a/gnu/packages/ncurses.scm +++ b/gnu/packages/ncurses.scm @@ -30,6 +30,7 @@ #:use-module (guix build-system perl) #:use-module (gnu packages) #:use-module (gnu packages perl) + #:use-module (gnu packages pkg-config) #:use-module (gnu packages swig) #:use-module (guix utils)) @@ -87,7 +88,7 @@ (let ((out (assoc-ref outputs "out"))) ;; When building a wide-character (Unicode) build, create backward ;; compatibility links from the the "normal" libraries to the - ;; wide-character libraries (e.g. libncurses.so to libncursesw.so). + ;; wide-character ones (e.g. libncurses.so to libncursesw.so). ,@(if (target-mingw?) '( ;; TODO: create .la files to link to the .dll? (with-directory-excursion (string-append out "/bin") @@ -116,7 +117,11 @@ (define lib.so.x (string-append "lib" lib ".so.6")) (define lib.so - (string-append "lib" lib ".so"))) + (string-append "lib" lib ".so")) + (define packagew.pc + (string-append lib "w.pc")) + (define package.pc + (string-append lib ".pc"))) '()) (when (file-exists? libw.a) @@ -127,7 +132,12 @@ (false-if-exception (delete-file lib.so)) (call-with-output-file lib.so (lambda (p) - (format p "INPUT (-l~aw)~%" lib)))) + (format p "INPUT (-l~aw)~%" lib))) + (with-directory-excursion "pkgconfig" + (format #t "creating symlink for `~a'~%" + package.pc) + (when (file-exists? packagew.pc) + (symlink packagew.pc package.pc)))) '()))) '("curses" "ncurses" "form" "panel" "menu"))))))) `(#:configure-flags @@ -135,6 +145,11 @@ 'quasiquote `(("--with-shared" "--without-debug" "--enable-widec" + "--enable-pc-files" + ,(list 'unquote '(string-append "--with-pkg-config-libdir=" + (assoc-ref %outputs "out") + "/lib/pkgconfig")) + ;; By default headers land in an `ncursesw' subdir, which is not ;; what users expect. ,(list 'unquote '(string-append "--includedir=" (assoc-ref %outputs "out") @@ -157,6 +172,8 @@ (add-after 'unpack 'remove-unneeded-shebang ,remove-shebang-phase))))) (self-native-input? #t) ; for `tic' + (native-inputs + `(("pkg-config" ,pkg-config))) (native-search-paths (list (search-path-specification (variable "TERMINFO_DIRS") diff --git a/gnu/packages/nettle.scm b/gnu/packages/nettle.scm index d1203dfe75..e4e0eedc05 100644 --- a/gnu/packages/nettle.scm +++ b/gnu/packages/nettle.scm @@ -47,7 +47,7 @@ (outputs '("out" "debug")) (native-inputs `(("m4" ,m4))) (propagated-inputs `(("gmp" ,gmp))) - (home-page "http://www.lysator.liu.se/~nisse/nettle/") + (home-page "https://www.lysator.liu.se/~nisse/nettle/") (synopsis "C library for low-level cryptographic functionality") (description "GNU Nettle is a low-level cryptographic library. It is designed to @@ -60,14 +60,14 @@ themselves.") ;; This version is not API-compatible with version 2. In particular, lsh ;; cannot use it yet. So keep it separate. (package (inherit nettle-2) - (version "3.2") + (version "3.3") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/nettle/nettle-" version ".tar.gz")) (sha256 (base32 - "15wxhk52yc62rx0pddmry66hqm6z5brrrkx4npd3wh9nybg86hpa")))) + "07mif3af077763vc35s1x8vzhzlgqcgxh67c1xr13jnhslkjd526")))) (arguments (substitute-keyword-arguments (package-arguments nettle-2) ((#:configure-flags flags) diff --git a/gnu/packages/patches/flex-CVE-2016-6354.patch b/gnu/packages/patches/flex-CVE-2016-6354.patch deleted file mode 100644 index 1f3cb028d4..0000000000 --- a/gnu/packages/patches/flex-CVE-2016-6354.patch +++ /dev/null @@ -1,30 +0,0 @@ -Fix CVE-2016-6354 (Buffer overflow in generated code (yy_get_next_buffer). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6354 -https://security-tracker.debian.org/tracker/CVE-2016-6354 - -Patch copied from upstream source repository: -https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466 - -From a5cbe929ac3255d371e698f62dc256afe7006466 Mon Sep 17 00:00:00 2001 -From: Will Estes <westes575@gmail.com> -Date: Sat, 27 Feb 2016 11:56:05 -0500 -Subject: [PATCH] Fixed incorrect integer type - ---- - src/flex.skl | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/flex.skl b/src/flex.skl -index 36a526a..64f853d 100644 ---- a/src/flex.skl -+++ b/src/flex.skl -@@ -1703,7 +1703,7 @@ int yyFlexLexer::yy_get_next_buffer() - - else - { -- yy_size_t num_to_read = -+ int num_to_read = - YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; - - while ( num_to_read <= 0 ) diff --git a/gnu/packages/patches/gcc-libiberty-printf-decl.patch b/gnu/packages/patches/gcc-libiberty-printf-decl.patch new file mode 100644 index 0000000000..a612c9e00e --- /dev/null +++ b/gnu/packages/patches/gcc-libiberty-printf-decl.patch @@ -0,0 +1,28 @@ +This patch makes the exeception specifier of libiberty's 'asprintf' +and 'vasprintf' declarations match those of glibc to work around the +problem described at <https://gcc.gnu.org/ml/gcc-help/2016-04/msg00039.html>. + +The problem in part stems from the fact that libiberty is configured +without _GNU_SOURCE (thus, it sets HAVE_DECL_ASPRINTF to 0), whereas libcc1 +is configured and built with _GNU_SOURCE, hence the conflicting declarations. + +--- gcc-5.3.0/include/libiberty.h 2016-04-23 22:45:46.262709079 +0200 ++++ gcc-5.3.0/include/libiberty.h 2016-04-23 22:45:37.110635439 +0200 +@@ -625,7 +625,7 @@ extern int pwait (int, int *, int); + /* Like sprintf but provides a pointer to malloc'd storage, which must + be freed by the caller. */ + +-extern int asprintf (char **, const char *, ...) ATTRIBUTE_PRINTF_2; ++extern int asprintf (char **, const char *, ...) __THROWNL ATTRIBUTE_PRINTF_2; + #endif + + /* Like asprintf but allocates memory without fail. This works like +@@ -637,7 +637,7 @@ extern char *xasprintf (const char *, .. + /* Like vsprintf but provides a pointer to malloc'd storage, which + must be freed by the caller. */ + +-extern int vasprintf (char **, const char *, va_list) ATTRIBUTE_PRINTF(2,0); ++extern int vasprintf (char **, const char *, va_list) __THROWNL ATTRIBUTE_PRINTF(2,0); + #endif + + /* Like vasprintf but allocates memory without fail. This works like diff --git a/gnu/packages/patches/libarchive-7zip-heap-overflow.patch b/gnu/packages/patches/libarchive-7zip-heap-overflow.patch deleted file mode 100644 index bef628f0a8..0000000000 --- a/gnu/packages/patches/libarchive-7zip-heap-overflow.patch +++ /dev/null @@ -1,77 +0,0 @@ -Fix buffer overflow reading 7Zip files: - -https://github.com/libarchive/libarchive/issues/761 - -Patch copied from upstream repository: - -https://github.com/libarchive/libarchive/commit/7f17c791dcfd8c0416e2cd2485b19410e47ef126 - -From 7f17c791dcfd8c0416e2cd2485b19410e47ef126 Mon Sep 17 00:00:00 2001 -From: Tim Kientzle <kientzle@acm.org> -Date: Sun, 18 Sep 2016 18:14:58 -0700 -Subject: [PATCH] Issue 761: Heap overflow reading corrupted 7Zip files - -The sample file that demonstrated this had multiple 'EmptyStream' -attributes. The first one ended up being used to calculate -certain statistics, then was overwritten by the second which -was incompatible with those statistics. - -The fix here is to reject any header with multiple EmptyStream -attributes. While here, also reject headers with multiple -EmptyFile, AntiFile, Name, or Attributes markers. ---- - libarchive/archive_read_support_format_7zip.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/libarchive/archive_read_support_format_7zip.c b/libarchive/archive_read_support_format_7zip.c -index 1dfe52b..c0a536c 100644 ---- a/libarchive/archive_read_support_format_7zip.c -+++ b/libarchive/archive_read_support_format_7zip.c -@@ -2431,6 +2431,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h, - - switch (type) { - case kEmptyStream: -+ if (h->emptyStreamBools != NULL) -+ return (-1); - h->emptyStreamBools = calloc((size_t)zip->numFiles, - sizeof(*h->emptyStreamBools)); - if (h->emptyStreamBools == NULL) -@@ -2451,6 +2453,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h, - return (-1); - break; - } -+ if (h->emptyFileBools != NULL) -+ return (-1); - h->emptyFileBools = calloc(empty_streams, - sizeof(*h->emptyFileBools)); - if (h->emptyFileBools == NULL) -@@ -2465,6 +2469,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h, - return (-1); - break; - } -+ if (h->antiBools != NULL) -+ return (-1); - h->antiBools = calloc(empty_streams, - sizeof(*h->antiBools)); - if (h->antiBools == NULL) -@@ -2491,6 +2497,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h, - if ((ll & 1) || ll < zip->numFiles * 4) - return (-1); - -+ if (zip->entry_names != NULL) -+ return (-1); - zip->entry_names = malloc(ll); - if (zip->entry_names == NULL) - return (-1); -@@ -2543,6 +2551,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h, - if ((p = header_bytes(a, 2)) == NULL) - return (-1); - allAreDefined = *p; -+ if (h->attrBools != NULL) -+ return (-1); - h->attrBools = calloc((size_t)zip->numFiles, - sizeof(*h->attrBools)); - if (h->attrBools == NULL) --- -2.10.0 - diff --git a/gnu/packages/patches/libarchive-fix-filesystem-attacks.patch b/gnu/packages/patches/libarchive-fix-filesystem-attacks.patch deleted file mode 100644 index bce63d5e4e..0000000000 --- a/gnu/packages/patches/libarchive-fix-filesystem-attacks.patch +++ /dev/null @@ -1,445 +0,0 @@ -This patch fixes two bugs that allow attackers to overwrite or change -the permissions of arbitrary files: - -https://github.com/libarchive/libarchive/issues/745 -https://github.com/libarchive/libarchive/issues/746 - -Patch copied from upstream repository: - -https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9 - -From dfd6b54ce33960e420fb206d8872fb759b577ad9 Mon Sep 17 00:00:00 2001 -From: Tim Kientzle <kientzle@acm.org> -Date: Sun, 11 Sep 2016 13:21:57 -0700 -Subject: [PATCH] Fixes for Issue #745 and Issue #746 from Doran Moppert. - ---- - libarchive/archive_write_disk_posix.c | 294 ++++++++++++++++++++++++++-------- - 1 file changed, 227 insertions(+), 67 deletions(-) - -diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c -index 8f0421e..abe1a86 100644 ---- a/libarchive/archive_write_disk_posix.c -+++ b/libarchive/archive_write_disk_posix.c -@@ -326,12 +326,14 @@ struct archive_write_disk { - - #define HFS_BLOCKS(s) ((s) >> 12) - -+static int check_symlinks_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags); - static int check_symlinks(struct archive_write_disk *); - static int create_filesystem_object(struct archive_write_disk *); - static struct fixup_entry *current_fixup(struct archive_write_disk *, const char *pathname); - #if defined(HAVE_FCHDIR) && defined(PATH_MAX) - static void edit_deep_directories(struct archive_write_disk *ad); - #endif -+static int cleanup_pathname_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags); - static int cleanup_pathname(struct archive_write_disk *); - static int create_dir(struct archive_write_disk *, char *); - static int create_parent_dir(struct archive_write_disk *, char *); -@@ -2014,6 +2016,10 @@ create_filesystem_object(struct archive_write_disk *a) - const char *linkname; - mode_t final_mode, mode; - int r; -+ /* these for check_symlinks_fsobj */ -+ char *linkname_copy; /* non-const copy of linkname */ -+ struct archive_string error_string; -+ int error_number; - - /* We identify hard/symlinks according to the link names. */ - /* Since link(2) and symlink(2) don't handle modes, we're done here. */ -@@ -2022,6 +2028,27 @@ create_filesystem_object(struct archive_write_disk *a) - #if !HAVE_LINK - return (EPERM); - #else -+ archive_string_init(&error_string); -+ linkname_copy = strdup(linkname); -+ if (linkname_copy == NULL) { -+ return (EPERM); -+ } -+ /* TODO: consider using the cleaned-up path as the link target? */ -+ r = cleanup_pathname_fsobj(linkname_copy, &error_number, &error_string, a->flags); -+ if (r != ARCHIVE_OK) { -+ archive_set_error(&a->archive, error_number, "%s", error_string.s); -+ free(linkname_copy); -+ /* EPERM is more appropriate than error_number for our callers */ -+ return (EPERM); -+ } -+ r = check_symlinks_fsobj(linkname_copy, &error_number, &error_string, a->flags); -+ if (r != ARCHIVE_OK) { -+ archive_set_error(&a->archive, error_number, "%s", error_string.s); -+ free(linkname_copy); -+ /* EPERM is more appropriate than error_number for our callers */ -+ return (EPERM); -+ } -+ free(linkname_copy); - r = link(linkname, a->name) ? errno : 0; - /* - * New cpio and pax formats allow hardlink entries -@@ -2362,115 +2389,228 @@ current_fixup(struct archive_write_disk *a, const char *pathname) - * recent paths. - */ - /* TODO: Extend this to support symlinks on Windows Vista and later. */ -+ -+/* -+ * Checks the given path to see if any elements along it are symlinks. Returns -+ * ARCHIVE_OK if there are none, otherwise puts an error in errmsg. -+ */ - static int --check_symlinks(struct archive_write_disk *a) -+check_symlinks_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags) - { - #if !defined(HAVE_LSTAT) - /* Platform doesn't have lstat, so we can't look for symlinks. */ - (void)a; /* UNUSED */ -+ (void)path; /* UNUSED */ -+ (void)error_number; /* UNUSED */ -+ (void)error_string; /* UNUSED */ -+ (void)flags; /* UNUSED */ - return (ARCHIVE_OK); - #else -- char *pn; -+ int res = ARCHIVE_OK; -+ char *tail; -+ char *head; -+ int last; - char c; - int r; - struct stat st; -+ int restore_pwd; -+ -+ /* Nothing to do here if name is empty */ -+ if(path[0] == '\0') -+ return (ARCHIVE_OK); - - /* - * Guard against symlink tricks. Reject any archive entry whose - * destination would be altered by a symlink. -+ * -+ * Walk the filename in chunks separated by '/'. For each segment: -+ * - if it doesn't exist, continue -+ * - if it's symlink, abort or remove it -+ * - if it's a directory and it's not the last chunk, cd into it -+ * As we go: -+ * head points to the current (relative) path -+ * tail points to the temporary \0 terminating the segment we're currently examining -+ * c holds what used to be in *tail -+ * last is 1 if this is the last tail - */ -- /* Whatever we checked last time doesn't need to be re-checked. */ -- pn = a->name; -- if (archive_strlen(&(a->path_safe)) > 0) { -- char *p = a->path_safe.s; -- while ((*pn != '\0') && (*p == *pn)) -- ++p, ++pn; -- } -+ restore_pwd = open(".", O_RDONLY | O_BINARY | O_CLOEXEC); -+ __archive_ensure_cloexec_flag(restore_pwd); -+ if (restore_pwd < 0) -+ return (ARCHIVE_FATAL); -+ head = path; -+ tail = path; -+ last = 0; -+ /* TODO: reintroduce a safe cache here? */ - /* Skip the root directory if the path is absolute. */ -- if(pn == a->name && pn[0] == '/') -- ++pn; -- c = pn[0]; -- /* Keep going until we've checked the entire name. */ -- while (pn[0] != '\0' && (pn[0] != '/' || pn[1] != '\0')) { -+ if(tail == path && tail[0] == '/') -+ ++tail; -+ /* Keep going until we've checked the entire name. -+ * head, tail, path all alias the same string, which is -+ * temporarily zeroed at tail, so be careful restoring the -+ * stashed (c=tail[0]) for error messages. -+ * Exiting the loop with break is okay; continue is not. -+ */ -+ while (!last) { -+ /* Skip the separator we just consumed, plus any adjacent ones */ -+ while (*tail == '/') -+ ++tail; - /* Skip the next path element. */ -- while (*pn != '\0' && *pn != '/') -- ++pn; -- c = pn[0]; -- pn[0] = '\0'; -+ while (*tail != '\0' && *tail != '/') -+ ++tail; -+ /* is this the last path component? */ -+ last = (tail[0] == '\0') || (tail[0] == '/' && tail[1] == '\0'); -+ /* temporarily truncate the string here */ -+ c = tail[0]; -+ tail[0] = '\0'; - /* Check that we haven't hit a symlink. */ -- r = lstat(a->name, &st); -+ r = lstat(head, &st); - if (r != 0) { -+ tail[0] = c; - /* We've hit a dir that doesn't exist; stop now. */ - if (errno == ENOENT) { - break; - } else { -- /* Note: This effectively disables deep directory -+ /* Treat any other error as fatal - best to be paranoid here -+ * Note: This effectively disables deep directory - * support when security checks are enabled. - * Otherwise, very long pathnames that trigger - * an error here could evade the sandbox. - * TODO: We could do better, but it would probably - * require merging the symlink checks with the - * deep-directory editing. */ -- return (ARCHIVE_FAILED); -+ if (error_number) *error_number = errno; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Could not stat %s", -+ path); -+ res = ARCHIVE_FAILED; -+ break; -+ } -+ } else if (S_ISDIR(st.st_mode)) { -+ if (!last) { -+ if (chdir(head) != 0) { -+ tail[0] = c; -+ if (error_number) *error_number = errno; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Could not chdir %s", -+ path); -+ res = (ARCHIVE_FATAL); -+ break; -+ } -+ /* Our view is now from inside this dir: */ -+ head = tail + 1; - } - } else if (S_ISLNK(st.st_mode)) { -- if (c == '\0') { -+ if (last) { - /* - * Last element is symlink; remove it - * so we can overwrite it with the - * item being extracted. - */ -- if (unlink(a->name)) { -- archive_set_error(&a->archive, errno, -- "Could not remove symlink %s", -- a->name); -- pn[0] = c; -- return (ARCHIVE_FAILED); -+ if (unlink(head)) { -+ tail[0] = c; -+ if (error_number) *error_number = errno; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Could not remove symlink %s", -+ path); -+ res = ARCHIVE_FAILED; -+ break; - } -- a->pst = NULL; - /* - * Even if we did remove it, a warning - * is in order. The warning is silly, - * though, if we're just replacing one - * symlink with another symlink. - */ -- if (!S_ISLNK(a->mode)) { -- archive_set_error(&a->archive, 0, -- "Removing symlink %s", -- a->name); -+ tail[0] = c; -+ /* FIXME: not sure how important this is to restore -+ if (!S_ISLNK(path)) { -+ if (error_number) *error_number = 0; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Removing symlink %s", -+ path); - } -+ */ - /* Symlink gone. No more problem! */ -- pn[0] = c; -- return (0); -- } else if (a->flags & ARCHIVE_EXTRACT_UNLINK) { -+ res = ARCHIVE_OK; -+ break; -+ } else if (flags & ARCHIVE_EXTRACT_UNLINK) { - /* User asked us to remove problems. */ -- if (unlink(a->name) != 0) { -- archive_set_error(&a->archive, 0, -- "Cannot remove intervening symlink %s", -- a->name); -- pn[0] = c; -- return (ARCHIVE_FAILED); -+ if (unlink(head) != 0) { -+ tail[0] = c; -+ if (error_number) *error_number = 0; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Cannot remove intervening symlink %s", -+ path); -+ res = ARCHIVE_FAILED; -+ break; - } -- a->pst = NULL; -+ tail[0] = c; - } else { -- archive_set_error(&a->archive, 0, -- "Cannot extract through symlink %s", -- a->name); -- pn[0] = c; -- return (ARCHIVE_FAILED); -+ tail[0] = c; -+ if (error_number) *error_number = 0; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Cannot extract through symlink %s", -+ path); -+ res = ARCHIVE_FAILED; -+ break; - } - } -- pn[0] = c; -- if (pn[0] != '\0') -- pn++; /* Advance to the next segment. */ -+ /* be sure to always maintain this */ -+ tail[0] = c; -+ if (tail[0] != '\0') -+ tail++; /* Advance to the next segment. */ - } -- pn[0] = c; -- /* We've checked and/or cleaned the whole path, so remember it. */ -- archive_strcpy(&a->path_safe, a->name); -- return (ARCHIVE_OK); -+ /* Catches loop exits via break */ -+ tail[0] = c; -+#ifdef HAVE_FCHDIR -+ /* If we changed directory above, restore it here. */ -+ if (restore_pwd >= 0) { -+ r = fchdir(restore_pwd); -+ if (r != 0) { -+ if(error_number) *error_number = errno; -+ if(error_string) -+ archive_string_sprintf(error_string, -+ "chdir() failure"); -+ } -+ close(restore_pwd); -+ restore_pwd = -1; -+ if (r != 0) { -+ res = (ARCHIVE_FATAL); -+ } -+ } -+#endif -+ /* TODO: reintroduce a safe cache here? */ -+ return res; - #endif - } - -+/* -+ * Check a->name for symlinks, returning ARCHIVE_OK if its clean, otherwise -+ * calls archive_set_error and returns ARCHIVE_{FATAL,FAILED} -+ */ -+static int -+check_symlinks(struct archive_write_disk *a) -+{ -+ struct archive_string error_string; -+ int error_number; -+ int rc; -+ archive_string_init(&error_string); -+ rc = check_symlinks_fsobj(a->name, &error_number, &error_string, a->flags); -+ if (rc != ARCHIVE_OK) { -+ archive_set_error(&a->archive, error_number, "%s", error_string.s); -+ } -+ archive_string_free(&error_string); -+ a->pst = NULL; /* to be safe */ -+ return rc; -+} -+ -+ - #if defined(__CYGWIN__) - /* - * 1. Convert a path separator from '\' to '/' . -@@ -2544,15 +2684,17 @@ cleanup_pathname_win(struct archive_write_disk *a) - * is set) if the path is absolute. - */ - static int --cleanup_pathname(struct archive_write_disk *a) -+cleanup_pathname_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags) - { - char *dest, *src; - char separator = '\0'; - -- dest = src = a->name; -+ dest = src = path; - if (*src == '\0') { -- archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, -- "Invalid empty pathname"); -+ if (error_number) *error_number = ARCHIVE_ERRNO_MISC; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Invalid empty pathname"); - return (ARCHIVE_FAILED); - } - -@@ -2561,9 +2703,11 @@ cleanup_pathname(struct archive_write_disk *a) - #endif - /* Skip leading '/'. */ - if (*src == '/') { -- if (a->flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) { -- archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, -- "Path is absolute"); -+ if (flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) { -+ if (error_number) *error_number = ARCHIVE_ERRNO_MISC; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Path is absolute"); - return (ARCHIVE_FAILED); - } - -@@ -2590,10 +2734,11 @@ cleanup_pathname(struct archive_write_disk *a) - } else if (src[1] == '.') { - if (src[2] == '/' || src[2] == '\0') { - /* Conditionally warn about '..' */ -- if (a->flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) { -- archive_set_error(&a->archive, -- ARCHIVE_ERRNO_MISC, -- "Path contains '..'"); -+ if (flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) { -+ if (error_number) *error_number = ARCHIVE_ERRNO_MISC; -+ if (error_string) -+ archive_string_sprintf(error_string, -+ "Path contains '..'"); - return (ARCHIVE_FAILED); - } - } -@@ -2624,7 +2769,7 @@ cleanup_pathname(struct archive_write_disk *a) - * We've just copied zero or more path elements, not including the - * final '/'. - */ -- if (dest == a->name) { -+ if (dest == path) { - /* - * Nothing got copied. The path must have been something - * like '.' or '/' or './' or '/././././/./'. -@@ -2639,6 +2784,21 @@ cleanup_pathname(struct archive_write_disk *a) - return (ARCHIVE_OK); - } - -+static int -+cleanup_pathname(struct archive_write_disk *a) -+{ -+ struct archive_string error_string; -+ int error_number; -+ int rc; -+ archive_string_init(&error_string); -+ rc = cleanup_pathname_fsobj(a->name, &error_number, &error_string, a->flags); -+ if (rc != ARCHIVE_OK) { -+ archive_set_error(&a->archive, error_number, "%s", error_string.s); -+ } -+ archive_string_free(&error_string); -+ return rc; -+} -+ - /* - * Create the parent directory of the specified path, assuming path - * is already in mutable storage. diff --git a/gnu/packages/patches/libarchive-fix-symlink-check.patch b/gnu/packages/patches/libarchive-fix-symlink-check.patch deleted file mode 100644 index f042c31a84..0000000000 --- a/gnu/packages/patches/libarchive-fix-symlink-check.patch +++ /dev/null @@ -1,60 +0,0 @@ -Make sure to check for symlinks even if the pathname is very long: - -https://github.com/libarchive/libarchive/issues/744 - -Patch copied from upstream repository: - -https://github.com/libarchive/libarchive/commit/1fa9c7bf90f0862036a99896b0501c381584451a - -From 1fa9c7bf90f0862036a99896b0501c381584451a Mon Sep 17 00:00:00 2001 -From: Tim Kientzle <kientzle@acm.org> -Date: Sun, 21 Aug 2016 17:11:45 -0700 -Subject: [PATCH] Issue #744 (part of Issue #743): Enforce sandbox with very - long pathnames - -Because check_symlinks is handled separately from the deep-directory -support, very long pathnames cause problems. Previously, the code -ignored most failures to lstat() a path component. In particular, -this led to check_symlinks always passing for very long paths, which -in turn provides a way to evade the symlink checks in the sandboxing -code. - -We now fail on unrecognized lstat() failures, which plugs this -hole at the cost of disabling deep directory support when the -user requests sandboxing. - -TODO: This probably cannot be completely fixed without -entirely reimplementing the deep directory support to -integrate the symlink checks. I want to reimplement the -deep directory hanlding someday anyway; openat() and -related system calls now provide a much cleaner way to -handle deep directories than the chdir approach used by this -code. ---- - libarchive/archive_write_disk_posix.c | 12 +++++++++++- - 1 file changed, 11 insertions(+), 1 deletion(-) - -diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c -index 39ee3b6..8f0421e 100644 ---- a/libarchive/archive_write_disk_posix.c -+++ b/libarchive/archive_write_disk_posix.c -@@ -2401,8 +2401,18 @@ check_symlinks(struct archive_write_disk *a) - r = lstat(a->name, &st); - if (r != 0) { - /* We've hit a dir that doesn't exist; stop now. */ -- if (errno == ENOENT) -+ if (errno == ENOENT) { - break; -+ } else { -+ /* Note: This effectively disables deep directory -+ * support when security checks are enabled. -+ * Otherwise, very long pathnames that trigger -+ * an error here could evade the sandbox. -+ * TODO: We could do better, but it would probably -+ * require merging the symlink checks with the -+ * deep-directory editing. */ -+ return (ARCHIVE_FAILED); -+ } - } else if (S_ISLNK(st.st_mode)) { - if (c == '\0') { - /* diff --git a/gnu/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch b/gnu/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch deleted file mode 100644 index 0e70ac90ce..0000000000 --- a/gnu/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch +++ /dev/null @@ -1,44 +0,0 @@ -Fixes this buffer overflow: -https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a - -Patch copied from upstream source repository: -https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a - -From e37b620fe8f14535d737e89a4dcabaed4517bf1a Mon Sep 17 00:00:00 2001 -From: Tim Kientzle <kientzle@acm.org> -Date: Sun, 21 Aug 2016 10:51:43 -0700 -Subject: [PATCH] Issue #767: Buffer overflow printing a filename - -The safe_fprintf function attempts to ensure clean output for an -arbitrary sequence of bytes by doing a trial conversion of the -multibyte characters to wide characters -- if the resulting wide -character is printable then we pass through the corresponding bytes -unaltered, otherwise, we convert them to C-style ASCII escapes. - -The stack trace in Issue #767 suggest that the 20-byte buffer -was getting overflowed trying to format a non-printable multibyte -character. This should only happen if there is a valid multibyte -character of more than 5 bytes that was unprintable. (Each byte -would get expanded to a four-charcter octal-style escape of the form -"\123" resulting in >20 characters for the >5 byte multibyte character.) - -I've not been able to reproduce this, but have expanded the conversion -buffer to 128 bytes on the belief that no multibyte character set -has a single character of more than 32 bytes. ---- - tar/util.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tar/util.c b/tar/util.c -index 9ff22f2..2b4aebe 100644 ---- a/tar/util.c -+++ b/tar/util.c -@@ -182,7 +182,7 @@ safe_fprintf(FILE *f, const char *fmt, ...) - } - - /* If our output buffer is full, dump it and keep going. */ -- if (i > (sizeof(outbuff) - 20)) { -+ if (i > (sizeof(outbuff) - 128)) { - outbuff[i] = '\0'; - fprintf(f, "%s", outbuff); - i = 0; diff --git a/gnu/packages/patches/sed-hurd-path-max.patch b/gnu/packages/patches/sed-hurd-path-max.patch deleted file mode 100644 index 5226cba4cb..0000000000 --- a/gnu/packages/patches/sed-hurd-path-max.patch +++ /dev/null @@ -1,34 +0,0 @@ -7bb8d35d0330161a5af5341471d0c183a067e8c2 -Author: Jose E. Marchesi <jemarch@gnu.org> -Date: Sun Oct 6 14:43:38 2013 +0200 - - Set PATH_MAX to some constant in case it is not defined in system - headers. - - 2013-10-06 Jose E. Marchesi <jemarch@gnu.org> - - * basicdefs.h (PATH_MAX): Defined to some constant in case it is - not defined by system headers. - * sed/utils.c: Do not include pathmax.h anymore. - * bootstrap.conf (gnulib_modules): Do not use the gnulib module - pathmax. - -diff --git a/basicdefs.h b/basicdefs.h -index 0d28a97..09f5beb 100644 ---- a/basicdefs.h -+++ b/basicdefs.h -@@ -40,6 +41,13 @@ typedef unsigned long countT; - #define obstack_chunk_alloc ck_malloc - #define obstack_chunk_free free - -+/* MAX_PATH is not defined in some platforms, most notably GNU/Hurd. -+ In that case we define it here to some constant. Note however that -+ this relies in the fact that sed does reallocation if a buffer -+ needs to be larger than PATH_MAX. */ -+#ifndef PATH_MAX -+# define PATH_MAX 200 -+#endif - - /* handle misdesigned <ctype.h> macros (snarfed from lib/regex.c) */ - /* Jim Meyering writes: - diff --git a/gnu/packages/patches/tar-CVE-2016-6321.patch b/gnu/packages/patches/tar-CVE-2016-6321.patch new file mode 100644 index 0000000000..b79be9bc94 --- /dev/null +++ b/gnu/packages/patches/tar-CVE-2016-6321.patch @@ -0,0 +1,51 @@ +Fix CVE-2016-6321: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321 +https://security-tracker.debian.org/tracker/CVE-2016-6321 + +Patch adapted from upstream source repository (the changes to 'NEWS' +don't apply to the Tar 1.29 release tarball). + +http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d + +From 7340f67b9860ea0531c1450e5aa261c50f67165d Mon Sep 17 00:00:00 2001 +From: Paul Eggert <eggert@Penguin.CS.UCLA.EDU> +Date: Sat, 29 Oct 2016 21:04:40 -0700 +Subject: [PATCH] When extracting, skip ".." members + +* NEWS: Document this. +* src/extract.c (extract_archive): Skip members whose names +contain "..". +--- + NEWS | 8 +++++++- + src/extract.c | 8 ++++++++ + 2 files changed, 15 insertions(+), 1 deletion(-) + +diff --git a/src/extract.c b/src/extract.c +index f982433..7904148 100644 +--- a/src/extract.c ++++ b/src/extract.c +@@ -1629,12 +1629,20 @@ extract_archive (void) + { + char typeflag; + tar_extractor_t fun; ++ bool skip_dotdot_name; + + fatal_exit_hook = extract_finish; + + set_next_block_after (current_header); + ++ skip_dotdot_name = (!absolute_names_option ++ && contains_dot_dot (current_stat_info.orig_file_name)); ++ if (skip_dotdot_name) ++ ERROR ((0, 0, _("%s: Member name contains '..'"), ++ quotearg_colon (current_stat_info.orig_file_name))); ++ + if (!current_stat_info.file_name[0] ++ || skip_dotdot_name + || (interactive_option + && !confirm ("extract", current_stat_info.file_name))) + { +-- +2.11.0 + diff --git a/gnu/packages/php.scm b/gnu/packages/php.scm index a84ff43d77..16b098517a 100644 --- a/gnu/packages/php.scm +++ b/gnu/packages/php.scm @@ -309,7 +309,7 @@ ("pcre" ,pcre) ("postgresql" ,postgresql) ("readline" ,readline) - ("sqlite" ,sqlite-3.15.1) + ("sqlite" ,sqlite) ("tidy" ,tidy) ("zip" ,zip) ("zlib" ,zlib))) diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm index 0fe6598bb2..5b6800346c 100644 --- a/gnu/packages/ssh.scm +++ b/gnu/packages/ssh.scm @@ -85,7 +85,7 @@ remote applications.") (define-public libssh2 (package (name "libssh2") - (version "1.7.0") + (version "1.8.0") (source (origin (method url-fetch) (uri (string-append @@ -93,7 +93,7 @@ remote applications.") version ".tar.gz")) (sha256 (base32 - "116mh112w48vv9k3f15ggp5kxw5sj4b88dzb5j69llsh7ba1ymp4")))) + "1m3n8spv79qhjq4yi0wgly5s5rc8783jb1pyra9bkx1md0plxwrr")))) (build-system gnu-build-system) ;; The installed libssh2.pc file does not include paths to libgcrypt and ;; zlib libraries, so we need to propagate the inputs. diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index e577421fac..111942ab1f 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -138,7 +138,7 @@ living in the same process.") (define-public gnutls (package (name "gnutls") - (version "3.5.4") + (version "3.5.7") (source (origin (method url-fetch) (uri @@ -149,7 +149,7 @@ living in the same process.") "/gnutls-" version ".tar.xz")) (sha256 (base32 - "1sx8p7v452s9m854r2c5pvcd1k15a3caiv5h35fhrxz0691h2f2f")))) + "06l6sza1wk7cr910i70jbc68labklkd229kiiniwys32kq8zrjv0")))) (build-system gnu-build-system) (arguments '(#:configure-flags @@ -294,7 +294,6 @@ required structures.") (lib (string-append out "/lib")) (static (assoc-ref outputs "static")) (slib (string-append static "/lib"))) - (mkdir-p slib) (for-each (lambda (file) (install-file file slib) (delete-file file)) diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm index 3930d21617..1267d3106d 100644 --- a/gnu/packages/xorg.scm +++ b/gnu/packages/xorg.scm @@ -3830,7 +3830,7 @@ extension to the X11 protocol. It includes: (define-public xkeyboard-config (package (name "xkeyboard-config") - (version "2.18") + (version "2.19") (source (origin (method url-fetch) @@ -3840,7 +3840,7 @@ extension to the X11 protocol. It includes: ".tar.bz2")) (sha256 (base32 - "1l6x2w357ja8vm94ns79s7yj9a5dlr01r9dxrjvzwncadiyr27f4")))) + "09sqyi430bbg13pp8j0j60p9p9xn2lpqx38xw1lyv77bp63d3pw3")))) (build-system gnu-build-system) (inputs `(("gettext" ,gettext-minimal) @@ -4774,7 +4774,7 @@ script around the mkfontscale program.") (define-public xproto (package (name "xproto") - (version "7.0.29") + (version "7.0.31") (source (origin (method url-fetch) @@ -4784,7 +4784,7 @@ script around the mkfontscale program.") ".tar.bz2")) (sha256 (base32 - "12lzpa9mrzkyrhrphzpi1014np3328qg7mdq08wj6wyaj9q4f6kc")))) + "0ivpxz0rx2a7nahkpkhfgymz7j0pwzaqvyqpdgw9afmxl1yp9yf6")))) (build-system gnu-build-system) (propagated-inputs `(("util-macros" ,util-macros))) ; to get util-macros in (almost?) all package inputs diff --git a/guix/build/gnu-build-system.scm b/guix/build/gnu-build-system.scm index 1dfd85450c..59394c2cac 100644 --- a/guix/build/gnu-build-system.scm +++ b/guix/build/gnu-build-system.scm @@ -393,6 +393,8 @@ makefiles." (or (elf-file? file) (ar-file? file)) (or (not debug-output) (make-debug-file file)) + ;; Ensure libraries are writable. + (chmod file #o755) (zero? (apply system* strip-command (append strip-flags (list file)))) (or (not debug-output) diff --git a/guix/build/perl-build-system.scm b/guix/build/perl-build-system.scm index 8f480eae16..b2024e4406 100644 --- a/guix/build/perl-build-system.scm +++ b/guix/build/perl-build-system.scm @@ -42,7 +42,11 @@ "--installdirs=site" ,@module-build-flags)) ((file-exists? "Makefile.PL") `("Makefile.PL" ,(string-append "PREFIX=" out) - "INSTALLDIRS=site" ,@make-maker-flags)) + ;; Prevent installation of 'perllocal.pod' files for + ;; determinism. These are typically used to build a + ;; catalogue of installed packages, but does not provide + ;; any useful information when installed with a module. + "INSTALLDIRS=site" "NO_PERLLOCAL=1" ,@make-maker-flags)) (else (error "no Build.PL or Makefile.PL found"))))) (format #t "running `perl' with arguments ~s~%" args) (zero? (apply system* "perl" args)))) |